diff options
| author | Azat Bahawi <azat@bahawi.net> | 2023-05-21 23:10:32 +0300 |
|---|---|---|
| committer | Azat Bahawi <azat@bahawi.net> | 2023-05-21 23:10:32 +0300 |
| commit | b07e10139c88d6060e57ca52b2dc12b17b53ac82 (patch) | |
| tree | 5b5cddc2f47bddb8e8914aa66ae18d52cd519965 /modules | |
| parent | 8f7371998f813857f25afef4160075665f924ab7 (diff) | |
2023-05-21
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/common/default.nix | 1 | ||||
| -rw-r--r-- | modules/common/emacs/doom/config.el | 8 | ||||
| -rw-r--r-- | modules/common/emacs/doom/init.el | 2 | ||||
| -rw-r--r-- | modules/common/emacs/doom/packages.el | 8 | ||||
| -rw-r--r-- | modules/common/mpv.nix | 2 | ||||
| -rw-r--r-- | modules/common/profiles/headful.nix | 1 | ||||
| -rw-r--r-- | modules/nixos/chromium.nix (renamed from modules/common/chromium.nix) | 0 | ||||
| -rw-r--r-- | modules/nixos/common/locale.nix | 12 | ||||
| -rw-r--r-- | modules/nixos/common/systemd.nix | 2 | ||||
| -rw-r--r-- | modules/nixos/default.nix | 1 | ||||
| -rw-r--r-- | modules/nixos/matrix/dendrite.nix | 20 | ||||
| -rw-r--r-- | modules/nixos/monitoring/default.nix | 18 | ||||
| -rw-r--r-- | modules/nixos/profiles/headful.nix | 7 | ||||
| -rw-r--r-- | modules/nixos/promtail.nix | 41 | ||||
| -rw-r--r-- | modules/nixos/syncthing.nix | 117 | ||||
| -rw-r--r-- | modules/nixos/unbound.nix | 17 |
16 files changed, 156 insertions, 101 deletions
diff --git a/modules/common/default.nix b/modules/common/default.nix index b722cae..a159a87 100644 --- a/modules/common/default.nix +++ b/modules/common/default.nix @@ -3,7 +3,6 @@ _: { ./alacritty.nix ./aria2.nix ./bat.nix - ./chromium.nix ./common ./curl.nix ./direnv.nix diff --git a/modules/common/emacs/doom/config.el b/modules/common/emacs/doom/config.el index 589b993..d726406 100644 --- a/modules/common/emacs/doom/config.el +++ b/modules/common/emacs/doom/config.el @@ -122,10 +122,10 @@ (setq-hook! 'mu4e-main-mode-hook mu4e-update-interval 60) (setq-hook! 'mu4e-compose-mode-hook sendmail-program (executable-find "msmtp") - send-mail-function #'sendmail-send-it - message-send-mail-function #'message-send-mail-with-sendmail - message-sendmail-extra-arguments '("--read-envelope-from") - message-sendmail-f-is-evil t) + send-mail-function #'sendmail-send-it + message-send-mail-function #'message-send-mail-with-sendmail + message-sendmail-extra-arguments '("--read-envelope-from") + message-sendmail-f-is-evil t) ;; ;;; Circe diff --git a/modules/common/emacs/doom/init.el b/modules/common/emacs/doom/init.el index 764c25e..b0a7f4a 100644 --- a/modules/common/emacs/doom/init.el +++ b/modules/common/emacs/doom/init.el @@ -90,7 +90,7 @@ (kotlin +lsp +tree-sitter) (latex +lsp +tree-sittter) (markdown +lsp +tree-sitter) - (nix +lsp) + (nix +lsp +tree-sitter) (org +pandoc +roam2) plantuml (python +lsp +tree-sitter) diff --git a/modules/common/emacs/doom/packages.el b/modules/common/emacs/doom/packages.el index 5df21b6..a8e52eb 100644 --- a/modules/common/emacs/doom/packages.el +++ b/modules/common/emacs/doom/packages.el @@ -1,6 +1,5 @@ (disable-packages! writegood-mode) -(unpin! org-roam) (package! org-roam :recipe (:host github :repo "org-roam/org-roam" @@ -10,7 +9,12 @@ :repo "org-roam/org-roam-ui" :branch "main")) -;; (package! hledger-mode) +(package! tree-sitter + :recipe (:host github + :repo "azahi/elisp-tree-sitter" + :branch "master")) + +(package! hledger-mode) (package! kubernetes) (package! kubernetes-evil) diff --git a/modules/common/mpv.nix b/modules/common/mpv.nix index afab1dd..0421d62 100644 --- a/modules/common/mpv.nix +++ b/modules/common/mpv.nix @@ -46,7 +46,7 @@ in { }; config = let - lang = comcat [ + lang = concatStringsSep "," [ "Japanese" "japanese" "jp" diff --git a/modules/common/profiles/headful.nix b/modules/common/profiles/headful.nix index e5490b5..f51ecc8 100644 --- a/modules/common/profiles/headful.nix +++ b/modules/common/profiles/headful.nix @@ -36,6 +36,7 @@ in { ripgrep ripgrep-all sd + tldr ]; }; }; diff --git a/modules/common/chromium.nix b/modules/nixos/chromium.nix index 4f0ae12..4f0ae12 100644 --- a/modules/common/chromium.nix +++ b/modules/nixos/chromium.nix diff --git a/modules/nixos/common/locale.nix b/modules/nixos/common/locale.nix index 62d19f4..7529996 100644 --- a/modules/nixos/common/locale.nix +++ b/modules/nixos/common/locale.nix @@ -12,9 +12,15 @@ with lib; { }; services.xserver = { - layout = comcat ["us" "ru"]; - xkbVariant = comcat ["" "phonetic"]; - xkbOptions = comcat [ + layout = concatStringsSep "," [ + "us" + "ru" + ]; + xkbVariant = concatStringsSep "," [ + "" + "phonetic" + ]; + xkbOptions = concatStringsSep "," [ "terminate:ctrl_alt_bksp" "caps:escape" "compose:menu" diff --git a/modules/nixos/common/systemd.nix b/modules/nixos/common/systemd.nix index 29020a0..4e9eb26 100644 --- a/modules/nixos/common/systemd.nix +++ b/modules/nixos/common/systemd.nix @@ -4,6 +4,8 @@ directories = ["/var/lib/systemd/coredump"]; }; + my.extraGroups = ["systemd-journal"]; + hm.systemd.user.startServices = "sd-switch"; services.journald.extraConfig = '' diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index 3c6e61b..f8347cf 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -5,6 +5,7 @@ _: { ./android.nix ./beets.nix ./bluetooth.nix + ./chromium.nix ./common ./discord.nix ./docker.nix diff --git a/modules/nixos/matrix/dendrite.nix b/modules/nixos/matrix/dendrite.nix index d9c4914..d7c7b18 100644 --- a/modules/nixos/matrix/dendrite.nix +++ b/modules/nixos/matrix/dendrite.nix @@ -67,6 +67,7 @@ in { }; }; }; + postgresql = { enable = true; extraPostStart = [ @@ -75,6 +76,25 @@ in { '' ]; }; + + # Silence annoying errors when connecting to poorly configured federated + # homeservers. + promtail.filters = [ + { + match = { + selector = ''{syslog_identifier="dendrite"} |~ ".*Failed to fetch key for server.*"''; + action = "drop"; + drop_counter_reason = "noisy_error"; + }; + } + { + match = { + selector = ''{syslog_identifier="dendrite"} |~ ".*could not download key for.*"''; + action = "drop"; + drop_counter_reason = "noisy_error"; + }; + } + ]; }; services.postgresql = { diff --git a/modules/nixos/monitoring/default.nix b/modules/nixos/monitoring/default.nix index 37e34d9..7f62874 100644 --- a/modules/nixos/monitoring/default.nix +++ b/modules/nixos/monitoring/default.nix @@ -122,8 +122,6 @@ in { loki.configuration.ruler.alertmanager_url = "https://${config.nixfiles.modules.alertmanager.domain}"; prometheus = { - # It would be nice if these could be generated dynamically. That would - # require a complete rework of how configurations are defined, though. scrapeConfigs = with my.configurations; mapAttrsToList ( @@ -144,13 +142,15 @@ in { hosts; } ]; - relabel_configs = [ - { - source_labels = ["__address__"]; - regex = "([^:]+):\\d+"; - target_label = "instance"; - } - ]; + relabel_configs = + [ + { + source_labels = ["__address__"]; + regex = "([^:]+):\\d+"; + target_label = "instance"; + } + ] + ++ optionals (hasAttr "relabel" value) value.relabel; } ) { diff --git a/modules/nixos/profiles/headful.nix b/modules/nixos/profiles/headful.nix index 3bdf8fd..9e2b7a3 100644 --- a/modules/nixos/profiles/headful.nix +++ b/modules/nixos/profiles/headful.nix @@ -109,6 +109,11 @@ in { environment.systemPackages = with pkgs; [lm_sensors]; - my.extraGroups = ["audio" "video" "input"]; + my.extraGroups = [ + "audio" + "input" + "render" + "video" + ]; }; } diff --git a/modules/nixos/promtail.nix b/modules/nixos/promtail.nix index d52384a..157eb72 100644 --- a/modules/nixos/promtail.nix +++ b/modules/nixos/promtail.nix @@ -21,6 +21,12 @@ in { type = with types; str; default = "https://${config.nixfiles.modules.loki.domain}"; }; + + filters = mkOption { + description = ''Filters to use with "scrape_config.pipeline_stages".''; + type = with types; listOf attrs; + default = []; + }; }; config = mkIf cfg.enable { @@ -56,7 +62,7 @@ in { scrape_configs = [ { job_name = "journal"; - journal.max_age = "12h"; + journal.max_age = "24h"; relabel_configs = map (n: let label = toLower n; @@ -74,12 +80,12 @@ in { "MESSAGE" # "MESSAGE_ID" - # "PRIORITY" + "PRIORITY" # "CODE_FILE" # "CODE_LINE" # "CODE_FUNC" # "ERRNO" - # "SYSLOG_FACILITY" + "SYSLOG_FACILITY" "SYSLOG_IDENTIFIER" # "SYSLOG_PID" # "_PID" @@ -93,8 +99,8 @@ in { # "_AUDIT_LOGINUID" # "_SYSTEMD_CGROUP" # "_SYSTEMD_SESSION" - "_SYSTEMD_UNIT" - "_SYSTEMD_USER_UNIT" + # "_SYSTEMD_UNIT" + # "_SYSTEMD_USER_UNIT" # "_SYSTEMD_OWNER_UID" # "_SYSTEMD_SLICE" # "_SELINUX_CONTEXT" @@ -106,23 +112,16 @@ in { # "__CURSOR" # "__REALTIME_TIMESTAMP" # "__MONOTONIC_TIMESTAMP" + ] + ++ [ + { + # This is weird. I can't find where is this defined in the + # source code but apparently it exists. + source_labels = ["__journal_priority_keyword"]; + target_label = "level"; + } ]; - pipeline_stages = [ - { - match = { - selector = ''{systemd_unit="dendrite.service"} |~ ".*Failed to fetch key for server.*"''; - action = "drop"; - drop_counter_reason = "noisy_error"; - }; - } - { - match = { - selector = ''{systemd_unit="dendrite.service"} |~ ".*could not download key for.*"''; - action = "drop"; - drop_counter_reason = "noisy_error"; - }; - } - ]; + pipeline_stages = cfg.filters; } ]; }; diff --git a/modules/nixos/syncthing.nix b/modules/nixos/syncthing.nix index b0d98bc..faf6723 100644 --- a/modules/nixos/syncthing.nix +++ b/modules/nixos/syncthing.nix @@ -48,74 +48,77 @@ in { key = config.secrets."syncthing-key-${this.hostname}".path; overrideDevices = true; - devices = mapAttrs (name: attr: - mkIf (attr.syncthing.id != null && hasAttr "wireguard" attr) { - inherit (attr.syncthing) id; - addresses = ["tcp://${name}.${config.networking.domain}:22000"]; - introducer = this.isHeadless; - }) - my.configurations; - overrideFolders = true; - folders = let - filterDevices = f: - attrNames (filterAttrs (_: attr: - (attr.hostname != this.hostname) - && (attr.syncthing.id != null) - && f attr) - my.configurations); - all = filterDevices (_: true); - notHeadless = filterDevices (attr: !attr.isHeadless); - notOther = filterDevices (attr: !attr.isOther); - simple = { - type = "simple"; - params.keep = "5"; - }; - trashcan = { - type = "trashcan"; - params.cleanoutDays = "7"; - }; - in - with config.hm.xdg.userDirs; { - share = { - path = publicShare; - devices = notHeadless; - versioning = trashcan; - }; - pass = { - path = config.hm.programs.password-store.settings.PASSWORD_STORE_DIR; - devices = notOther; - versioning = trashcan; - }; - org = { - path = "${documents}/org"; - devices = all; - versioning = simple; - }; - roam = { - path = "${documents}/roam"; - devices = notOther; - versioning = simple; + settings = { + devices = mapAttrs (name: attr: + mkIf (attr.syncthing.id != null && hasAttr "wireguard" attr) { + inherit (attr.syncthing) id; + addresses = ["tcp://${name}.${config.networking.domain}:22000"]; + introducer = this.isHeadless; + }) + my.configurations; + + folders = let + filterDevices = f: + attrNames (filterAttrs (_: attr: + (attr.hostname != this.hostname) + && (attr.syncthing.id != null) + && f attr) + my.configurations); + all = filterDevices (_: true); + notHeadless = filterDevices (attr: !attr.isHeadless); + notOther = filterDevices (attr: !attr.isOther); + + simple = { + type = "simple"; + params.keep = "5"; }; - elfeed = { - path = "${config.my.home}/.elfeed"; - devices = notOther; - versioning = trashcan; + trashcan = { + type = "trashcan"; + params.cleanoutDays = "7"; }; - books = { - path = "${documents}/books"; - devices = notOther; - versioning = trashcan; + in + with config.hm.xdg.userDirs; { + share = { + path = publicShare; + devices = notHeadless; + versioning = trashcan; + }; + pass = { + path = config.hm.programs.password-store.settings.PASSWORD_STORE_DIR; + devices = notOther; + versioning = trashcan; + }; + org = { + path = "${documents}/org"; + devices = all; + versioning = simple; + }; + roam = { + path = "${documents}/roam"; + devices = notOther; + versioning = simple; + }; + elfeed = { + path = "${config.my.home}/.elfeed"; + devices = notOther; + versioning = trashcan; + }; + books = { + path = "${documents}/books"; + devices = notOther; + versioning = trashcan; + }; }; - }; - extraOptions = { gui = { insecureAdminAccess = true; insecureSkipHostcheck = this.isHeadless; }; + options = { + testOption = false; autoUpgradeIntervalH = 0; crashReportingEnabled = false; globalAnnounceEnabled = false; diff --git a/modules/nixos/unbound.nix b/modules/nixos/unbound.nix index 7805b02..c9d45f2 100644 --- a/modules/nixos/unbound.nix +++ b/modules/nixos/unbound.nix @@ -24,7 +24,22 @@ in { mkIf cfg.enable { ark.directories = [config.services.unbound.stateDir]; - nixfiles.modules.redis.enable = true; + nixfiles.modules = { + redis.enable = true; + + promtail.filters = [ + { + match = { + # Should be fixed[1] in the next release. + # + # [1]: https://github.com/NLnetLabs/unbound/commit/d7e776114114c16816570e48ab3a27eedc401a0e + selector = ''{syslog_identifier="unbound"} |~ ".*could not SSL_read crypto.*"''; + action = "drop"; + drop_counter_reason = "noisy_error"; + }; + } + ]; + }; services = { unbound = { |