diff options
Diffstat (limited to '')
73 files changed, 1936 insertions, 1094 deletions
diff --git a/configurations/default.nix b/configurations/default.nix index cc160e9..312ca9f 100644 --- a/configurations/default.nix +++ b/configurations/default.nix @@ -90,6 +90,15 @@ mapAttrs' mkConfiguration ( srvos.nixosModules.server ]; + tulkas.modules = with inputs; [ + "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix" + disko.nixosModules.disko + nixos-hardware.nixosModules.common-cpu-amd + nixos-hardware.nixosModules.common-pc-ssd + nixpkgs.nixosModules.notDetected + srvos.nixosModules.server + ]; + yavanna.modules = with inputs; [ "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix" nixos-hardware.nixosModules.common-cpu-intel diff --git a/configurations/eonwe/default.nix b/configurations/eonwe/default.nix index c33c21d..f718135 100644 --- a/configurations/eonwe/default.nix +++ b/configurations/eonwe/default.nix @@ -12,6 +12,7 @@ with lib; ark.enable = true; wireguard.client.enable = true; + wireguard-ng.client.enable = false; syncthing.enable = true; @@ -23,10 +24,11 @@ with lib; android.enable = true; beets.enable = true; bluetooth.enable = true; - incus.enable = true; libvirtd.enable = true; mpd.enable = true; qutebrowser.enable = true; + + hyprland.enable = true; }; hm = { @@ -37,6 +39,7 @@ with lib; paper-plane qolibri radeontop + rocmPackages.rocm-smi vial wacomtablet ]; @@ -50,8 +53,8 @@ with lib; mapShaders = map (args: toString (pkgs.fetchurl args)); cfl-prediction = mapShaders [ { - url = "https://raw.githubusercontent.com/Artoriuz/glsl-chroma-from-luma-prediction/471c65dd3915d39e7ef69957ab63e006125fbb88/CfL_Prediction.glsl"; - sha256 = "sha256-Mgb1KqF1EPPzR3SCVr9S4XzVmZkYEEFIHSp59RZ9wq8="; + url = "https://raw.githubusercontent.com/Artoriuz/glsl-chroma-from-luma-prediction/9fdd0bc68cd8ae42a8072a7d5d098f118daa4293/CfL_Prediction.glsl"; + sha256 = "sha256-RK3baWkL0mZwcx+utsHfiiX1mY1jxEOg7/kNsNJvEPc="; } ]; ravu-lite-ar-r4 = mapShaders [ @@ -62,8 +65,8 @@ with lib; ]; ssimdownscaler = mapShaders [ { - url = "https://gist.githubusercontent.com/igv/36508af3ffc84410fe39761d6969be10/raw/575d13567bbe3caa778310bd3b2a4c516c445039/SSimDownscaler.glsl"; - sha256 = "sha256-AEq2wv/Nxo9g6Y5e4I9aIin0plTcMqBG43FuOxbnR1w="; + url = "https://gist.githubusercontent.com/igv/36508af3ffc84410fe39761d6969be10/raw/38992bce7f9ff844f800820df0908692b65bb74a/SSimDownscaler.glsl"; + sha256 = "sha256-9G9HEKFi0XBYudgu2GEFiLDATXvgfO9r8qjEB3go+AQ="; } ]; in @@ -149,7 +152,17 @@ with lib; }; }; + programs.corectrl.enable = true; + services = { + displayManager = { + sddm.enable = lib.mkForce false; + ly = { + enable = true; + settings.animation = "matrix"; + }; + }; + languagetool = { enable = true; port = 8081; @@ -293,11 +306,30 @@ with lib; "/home/${my.username}".neededForBoot = true; }; + systemd.mounts = [ + { + type = "tmpfs"; + what = "tmpfs"; + where = "/var/tmp"; + mountConfig.Options = [ + "huge=within_size" + "mode=1777" + "noatime" + "nodev" + "nosuid" + "rw" + "size=25%" + ]; + } + ]; + zramSwap = { enable = true; memoryPercent = 25; }; + my.extraGroups = [ "corectrl" ]; + users = { users.builder = { isSystemUser = true; diff --git a/configurations/eonwe/ollama.nix b/configurations/eonwe/ollama.nix new file mode 100644 index 0000000..806885b --- /dev/null +++ b/configurations/eonwe/ollama.nix @@ -0,0 +1,97 @@ +{ + config, + lib, + ... +}: +{ + ark.directories = [ + config.services.ollama.home + ]; + + hm.programs.firefox.profiles.default.bookmarks = [ + { + name = "Bookmarks Toolbar"; + toolbar = true; + bookmarks = [ + { + name = "Ollama"; + url = "http://eonwe.shire.net:11435"; + } + { + name = "Open WebUI"; + url = "http://eonwe.shire.net:11436"; + } + ]; + } + ]; + + services = { + ollama = { + enable = true; + + host = "0.0.0.0"; + port = 11434; + + user = "ollama"; + group = "ollama"; + + acceleration = "rocm"; + rocmOverrideGfx = "11.0.0"; + + environmentVariables.OLLAMA_ORIGINS = lib.concatStringsSep "," [ + "http://eonwe.shire.net:11434" + "http://eonwe.shire.net:11435" + "http://eonwe.shire.net:11436" + ]; + + openFirewall = true; + }; + + nextjs-ollama-llm-ui = { + enable = true; + + hostname = "0.0.0.0"; + port = 11435; + + ollamaUrl = "http://eonwe.shire.net:11434"; + }; + + open-webui = { + enable = true; + + host = "0.0.0.0"; + port = 11436; + + environment = { + ANONYMIZED_TELEMETRY = "False"; + DO_NOT_TRACK = "True"; + ENABLE_SIGNUP = "False"; + OLLAMA_BASE_URL = "http://eonwe.shire.net:11434"; + SCARF_NO_ANALYTICS = "True"; + WEBUI_AUTH = "False"; + WEBUI_URL = "http://eonwe.shire.net:11436"; + }; + + openFirewall = true; + }; + }; + + systemd.services.ollama.serviceConfig = { + StateDirectory = lib.mkForce config.services.ollama.home; + DynamicUser = lib.mkForce false; + User = config.services.ollama.user; + Group = config.services.ollama.group; + }; + + users = { + users.ollama = { + isSystemUser = true; + group = "ollama"; + inherit (config.services.ollama) home; + uid = 241; # Reuses a removed ID from Nixpkgs. + }; + groups.ollama.gid = 241; + }; + + my.extraGroups = [ "ollama" ]; +} diff --git a/configurations/eonwe/vidya.nix b/configurations/eonwe/vidya.nix index 7e10175..a40daa9 100644 --- a/configurations/eonwe/vidya.nix +++ b/configurations/eonwe/vidya.nix @@ -3,7 +3,7 @@ nixfiles.modules = { common.nix.allowedUnfreePackages = [ "cla-theme" # source-available - "dwarf-fortress" + "dwarf-fortress" # proprietary "fallout-ce" # source-available "fallout2-ce" # source-available ]; @@ -12,7 +12,11 @@ lutris.enable = true; steam.enable = true; - steam-run.quirks.blackIsleStudios = true; + steam-run.quirks = { + blackIsleStudios = true; + cryptOfTheNecrodancer = true; + mountAndBladeWarband = false; + }; minecraft.client.enable = true; }; @@ -29,7 +33,6 @@ fallout-ce fallout2-ce gzdoom - nethack openmw openttd qzdl diff --git a/configurations/ilmare/default.nix b/configurations/ilmare/default.nix index a1b5007..bb89699 100644 --- a/configurations/ilmare/default.nix +++ b/configurations/ilmare/default.nix @@ -1,4 +1,7 @@ -_: { +{ lib, ... }: +{ + imports = lib.attrValues (lib.modulesIn ./.); + nixfiles.modules = { wireguard.client.enable = true; diff --git a/configurations/manwe/default.nix b/configurations/manwe/default.nix index 609d2a8..f9cb2be 100644 --- a/configurations/manwe/default.nix +++ b/configurations/manwe/default.nix @@ -1,17 +1,21 @@ -{ config, lib, ... }: +{ + config, + lib, + ... +}: with lib; { imports = attrValues (modulesIn ./.); nixfiles.modules = { + wireguard.server.enable = true; + nsd = { enable = true; fqdn = "ns1.${config.networking.domain}"; }; unbound.enable = true; - wireguard.server.enable = true; - acme.enable = true; monitoring.enable = true; @@ -38,6 +42,8 @@ with lib; vaultwarden.enable = true; ntfy.enable = true; plausible.enable = true; + uptime-kuma.enable = true; + thelounge.enable = true; }; boot = { diff --git a/configurations/manwe/webserver.nix b/configurations/manwe/webserver.nix index 95a0b0b..051ddba 100644 --- a/configurations/manwe/webserver.nix +++ b/configurations/manwe/webserver.nix @@ -12,70 +12,6 @@ with lib; virtualHosts = with my.domain; { - # TODO Start using this. - # "start.local" = { - # root = pkgs.hiccup; - # locations = { - # "/".tryFiles = "$uri $uri/ /index.html"; - # "~* ^.+config.json$".extraConfig = let - # config = pkgs.writeText "config.json" (generators.toJSON {} { - # version = "2.0"; - # id = "default"; - # title = "Demo Config"; - # url = "./configs/config.json"; - # featured = [ - # { - # name = "GitHub"; - # background = "/assets/card.png"; - # link = "https://github.com/ashwin-pc/hiccup"; - # } - # ]; - # categories = [ - # { - # title = "Category 1"; - # links = [ - # { - # name = "Link 1"; - # link = "https://example.com"; - # } - # ]; - # } - # { - # title = "Category 2"; - # links = [ - # { - # name = "Link 1"; - # link = "https://example.com"; - # } - # ]; - # } - # { - # title = "Category 3"; - # links = [ - # { - # name = "Link 1"; - # link = "https://example.com"; - # } - # ]; - # } - # { - # title = "Category 4"; - # links = [ - # { - # name = "Link 1"; - # link = "https://example.com"; - # } - # ]; - # } - # ]; - # }); - # in '' - # alias ${config}; - # ''; - # }; - # enableACME = false; - # forceSSL = false; - # }; ${shire}.locations."/".return = "301 https://www.youtube.com/watch?v=dQw4w9WgXcQ"; "git.${shire}".locations."/".return = "301 https://git.${azahi}"; "bitwarden.${shire}".locations."/".return = "301 https://vaultwarden.${shire}"; diff --git a/configurations/tulkas/default.nix b/configurations/tulkas/default.nix new file mode 100644 index 0000000..5946ea8 --- /dev/null +++ b/configurations/tulkas/default.nix @@ -0,0 +1,66 @@ +{ lib, this, ... }: +with lib; +{ + imports = attrValues (modulesIn ./.); + + nixfiles.modules = { + wireguard.client.enable = true; + wireguard-ng.server.enable = true; + + unbound-ng.enable = true; + unbound-ng.domain = "shire.local"; + }; + + services.qemuGuest.enable = true; + + systemd.network.networks."40-eth0" = { + addresses = [ + { + Address = this.ipv4.address; + Broadcast = true; + } + ]; + routes = [ + { + Gateway = this.ipv4.gatewayAddress; + GatewayOnLink = true; + } + ]; + }; + + boot.loader.systemd-boot.enable = true; + + disko.devices.disk.vda = { + device = "/dev/vda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + esp = { + name = "ESP"; + type = "EF00"; + size = "512M"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "xfs"; + mountpoint = "/"; + mountOptions = [ "noatime" ]; + }; + }; + }; + }; + }; + + zramSwap = { + enable = true; + memoryPercent = 50; + }; +} diff --git a/configurations/varda/default.nix b/configurations/varda/default.nix index 908a3ec..c12c811 100644 --- a/configurations/varda/default.nix +++ b/configurations/varda/default.nix @@ -7,6 +7,8 @@ with lib; wireguard.client.enable = true; sing-box.enable = true; + + games.minecraft.server.enable = false; }; boot = { diff --git a/flake.lock b/flake.lock index 8e8b256..c4ee276 100644 --- a/flake.lock +++ b/flake.lock @@ -83,11 +83,11 @@ "azahi-cc": { "flake": false, "locked": { - "lastModified": 1688374221, - "narHash": "sha256-FK8wJXsOQHzLH3QJ932xJXan8NmWjJbenjL9OAZzw7w=", + "lastModified": 1731443312, + "narHash": "sha256-+w/EjWb1OTHD4htRNTjKNshHMhzG2W3yhabsPloyKAw=", "ref": "master", - "rev": "e5faa2c2cb107c77ce2f4268c6b5d3d01be078cb", - "revCount": 17, + "rev": "9ba3c3d09c6db4449722607d899ccef2730ac886", + "revCount": 18, "type": "git", "url": "https://git.azahi.cc/azahi-cc" }, @@ -102,11 +102,11 @@ "fromYaml": "fromYaml" }, "locked": { - "lastModified": 1708890466, - "narHash": "sha256-LlrC09LoPi8OPYOGPXegD72v+//VapgAqhbOFS3i8sc=", + "lastModified": 1732200724, + "narHash": "sha256-+R1BH5wHhfnycySb7Sy5KbYEaTJZWm1h+LW1OtyhiTs=", "owner": "SenchoPens", "repo": "base16.nix", - "rev": "665b3c6748534eb766c777298721cece9453fdae", + "rev": "153d52373b0fb2d343592871009a286ec8837aec", "type": "github" }, "original": { @@ -150,11 +150,11 @@ "base16-vim": { "flake": false, "locked": { - "lastModified": 1716150083, - "narHash": "sha256-ZMhnNmw34ogE5rJZrjRv5MtG3WaqKd60ds2VXvT6hEc=", + "lastModified": 1731949548, + "narHash": "sha256-XIDexXM66sSh5j/x70e054BnUsviibUShW7XhbDGhYo=", "owner": "tinted-theming", "repo": "base16-vim", - "rev": "6e955d704d046b0dc3e5c2d68a2a6eeffd2b5d3d", + "rev": "61165b1632409bd55e530f3dbdd4477f011cadc6", "type": "github" }, "original": { @@ -203,18 +203,17 @@ }, "devshell": { "inputs": { - "flake-utils": "flake-utils_2", "nixpkgs": [ "nix-topology", "nixpkgs" ] }, "locked": { - "lastModified": 1713532798, - "narHash": "sha256-wtBhsdMJA3Wa32Wtm1eeo84GejtI43pMrFrmwLXrsEc=", + "lastModified": 1728330715, + "narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=", "owner": "numtide", "repo": "devshell", - "rev": "12e914740a25ea1891ec619bb53cf5e6ca922e40", + "rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef", "type": "github" }, "original": { @@ -230,11 +229,11 @@ ] }, "locked": { - "lastModified": 1730045523, - "narHash": "sha256-W5Avk1THhZALXITHGazKfZbIZ5+Bc4nSYvAYHUn96EU=", + "lastModified": 1734343412, + "narHash": "sha256-b7G8oFp0Nj01BYUJ6ENC9Qf/HsYAIZvN9k/p0Kg/PFU=", "owner": "nix-community", "repo": "disko", - "rev": "89e458a3bb3693e769bfb2b2447c3fe72092d498", + "rev": "a08bfe06b39e94eec98dd089a2c1b18af01fef19", "type": "github" }, "original": { @@ -253,11 +252,11 @@ ] }, "locked": { - "lastModified": 1726867691, - "narHash": "sha256-IK3r16N9pizf53AipOmrcrcyjVsPJwC4PI5hIqEyKwQ=", + "lastModified": 1733919067, + "narHash": "sha256-ZsL5pKwEDhcZhVJh+3IwgHus7kSW/N8qOlBscwB6BCI=", "owner": "nix-community", "repo": "dns.nix", - "rev": "a3196708a56dee76186a9415c187473b94e6cbae", + "rev": "a23f43f9762aa96d3e35c8eeefa7610bd0cdf456", "type": "github" }, "original": { @@ -268,11 +267,11 @@ }, "flake-compat": { "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", "owner": "edolstra", "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", "type": "github" }, "original": { @@ -286,11 +285,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1727826117, - "narHash": "sha256-K5ZLCyfO/Zj9mPFldf3iwS6oZStJcU4tSpiXTMYaaL0=", + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "3d04084d54bedc3d6b8b736c70ef449225c361b1", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", "type": "github" }, "original": { @@ -304,11 +303,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1726560853, - "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { @@ -319,35 +318,17 @@ }, "flake-utils_2": { "inputs": { - "systems": "systems_3" - }, - "locked": { - "lastModified": 1701680307, - "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_3": { - "inputs": { "systems": [ "stylix", "systems" ] }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { @@ -359,11 +340,11 @@ "fromYaml": { "flake": false, "locked": { - "lastModified": 1689549921, - "narHash": "sha256-iX0pk/uB019TdBGlaJEWvBCfydT6sRq+eDcGPifVsCM=", + "lastModified": 1731966426, + "narHash": "sha256-lq95WydhbUTWig/JpqiB7oViTcHFP8Lv41IGtayokA8=", "owner": "SenchoPens", "repo": "fromYaml", - "rev": "11fbbbfb32e3289d3c631e0134a23854e7865c84", + "rev": "106af9e2f715e2d828df706c386a685698f3223b", "type": "github" }, "original": { @@ -386,11 +367,11 @@ ] }, "locked": { - "lastModified": 1729104314, - "narHash": "sha256-pZRZsq5oCdJt3upZIU4aslS9XwFJ+/nVtALHIciX/BI=", + "lastModified": 1734379367, + "narHash": "sha256-Keu8z5VgT5gnCF4pmB+g7XZFftHpfl4qOn7nqBcywdE=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "3c3e88f0f544d6bb54329832616af7eb971b6be6", + "rev": "0bb4be58f21ff38fc3cdbd6c778eb67db97f0b99", "type": "github" }, "original": { @@ -423,16 +404,16 @@ "gnome-shell": { "flake": false, "locked": { - "lastModified": 1713702291, - "narHash": "sha256-zYP1ehjtcV8fo+c+JFfkAqktZ384Y+y779fzmR9lQAU=", + "lastModified": 1732369855, + "narHash": "sha256-JhUWbcYPjHO3Xs3x9/Z9RuqXbcp5yhPluGjwsdE2GMg=", "owner": "GNOME", "repo": "gnome-shell", - "rev": "0d0aadf013f78a7f7f1dc984d0d812971864b934", + "rev": "dadd58f630eeea41d645ee225a63f719390829dc", "type": "github" }, "original": { "owner": "GNOME", - "ref": "46.1", + "ref": "47.2", "repo": "gnome-shell", "type": "github" } @@ -444,11 +425,11 @@ ] }, "locked": { - "lastModified": 1730016908, - "narHash": "sha256-bFCxJco7d8IgmjfNExNz9knP8wvwbXU4s/d53KOK6U0=", + "lastModified": 1734344598, + "narHash": "sha256-wNX3hsScqDdqKWOO87wETUEi7a/QlPVgpC/Lh5rFOuA=", "owner": "nix-community", "repo": "home-manager", - "rev": "e83414058edd339148dc142a8437edb9450574c8", + "rev": "83ecd50915a09dca928971139d3a102377a8d242", "type": "github" }, "original": { @@ -460,11 +441,11 @@ "homelab-svg-assets": { "flake": false, "locked": { - "lastModified": 1729175365, - "narHash": "sha256-r43u2HqdhRezqGwo/nbbZhHx5WUmkvAsfoLt8taFKyw=", + "lastModified": 1733409874, + "narHash": "sha256-Q9QMq9dXIjvJB7YSE3DU5W2eOAPQxjBRKYmNvk+ZnFo=", "owner": "loganmarchione", "repo": "homelab-svg-assets", - "rev": "745e5d9249f2c847d58de5f1fd7ba4de2f63918e", + "rev": "f084a7da8dc72f44edcd8c21dd8650b5f781734c", "type": "github" }, "original": { @@ -475,11 +456,11 @@ }, "impermanence": { "locked": { - "lastModified": 1729068498, - "narHash": "sha256-C2sGRJl1EmBq0nO98TNd4cbUy20ABSgnHWXLIJQWRFA=", + "lastModified": 1734200366, + "narHash": "sha256-0NursoP4BUdnc+wy+Mq3icHkXu/RgP1Sjo0MJxV2+Dw=", "owner": "nix-community", "repo": "impermanence", - "rev": "e337457502571b23e449bf42153d7faa10c0a562", + "rev": "c6323585fa0035d780e3d8906eb1b24b65d19a48", "type": "github" }, "original": { @@ -491,11 +472,11 @@ "infuse": { "flake": false, "locked": { - "lastModified": 1729644337, - "narHash": "sha256-4XPDTUvV8dfuf9GzKg2/r7j7lMELRAwKKFx3ecQObeg=", + "lastModified": 1732860261, + "narHash": "sha256-xGOVrmZgsi5qAEFrPelsC7DE1Kd9+EJ2oY/gCKD4Diw=", "ref": "refs/heads/trunk", - "rev": "786657a2cf262c3cdce08f64dd4857655f18f166", - "revCount": 40, + "rev": "0005869a31b879b57cfc9b216c8cf7f3c710579c", + "revCount": 41, "type": "git", "url": "https://codeberg.org/amjoseph/infuse.nix" }, @@ -516,11 +497,11 @@ "nixpkgs-24_05": "nixpkgs-24_05" }, "locked": { - "lastModified": 1722877200, - "narHash": "sha256-qgKDNJXs+od+1UbRy62uk7dYal3h98I4WojfIqMoGcg=", + "lastModified": 1734370678, + "narHash": "sha256-a8zkti1QM5Oxkdfnzr/NjrFlyqI36/kYV/X8G1jOmB4=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "af7d3bf5daeba3fc28089b015c0dd43f06b176f2", + "rev": "c43d8c4a3ce84a7bebd110b06e69365484db6208", "type": "gitlab" }, "original": { @@ -542,11 +523,11 @@ ] }, "locked": { - "lastModified": 1729993975, - "narHash": "sha256-Z5DQ48PdCo3IyfKbngL62Q/HuA/fsn22bMyPbTQGSKQ=", + "lastModified": 1734314370, + "narHash": "sha256-9PhjDAAuXP4tuJg+kM1AozKwBFyHHJ8ZqhQD+peqGtg=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "4753ea1f1285e944839cb2ab0b4373eb4e00c12a", + "rev": "616634de04e87b621bc3d495af114c4e9c6ccd36", "type": "github" }, "original": { @@ -562,11 +543,11 @@ ] }, "locked": { - "lastModified": 1729999765, - "narHash": "sha256-LYsavZXitFjjyETZoij8usXjTa7fa9AIF3Sk3MJSX+Y=", + "lastModified": 1734234111, + "narHash": "sha256-icEMqBt4HtGH52PU5FHidgBrNJvOfXH6VQKNtnD1aw8=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "0e3a8778c2ee218eff8de6aacf3d2fa6c33b2d4f", + "rev": "311d6cf3ad3f56cb051ffab1f480b2909b3f754d", "type": "github" }, "original": { @@ -589,11 +570,11 @@ ] }, "locked": { - "lastModified": 1725483443, - "narHash": "sha256-WzOlGMKV/51Fccn/OMHcm5yrqgbOJZrJIy1ya4pW0u8=", + "lastModified": 1734266385, + "narHash": "sha256-k9P9Sa6jw/Xre8UDp7Ukk75h4Tcq8ZrK+nz6A2MC1IM=", "owner": "oddlama", "repo": "nix-topology", - "rev": "8738d94670265beb166954c4e3a26e432f79f68c", + "rev": "ba6f61e594a85eabebf1c8f373923b59b3b07448", "type": "github" }, "original": { @@ -604,11 +585,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1729742320, - "narHash": "sha256-u3Of8xRkN//me8PU+RucKA59/6RNy4B2jcGAF36P4jI=", + "lastModified": 1734352517, + "narHash": "sha256-mfv+J/vO4nqmIOlq8Y1rRW8hVsGH3M+I2ESMjhuebDs=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "e8a2f6d5513fe7b7d15701b2d05404ffdc3b6dda", + "rev": "b12e314726a4226298fe82776b4baeaa7bcf3dcd", "type": "github" }, "original": { @@ -619,11 +600,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1729980323, - "narHash": "sha256-eWPRZAlhf446bKSmzw6x7RWEE4IuZgAp8NW3eXZwRAY=", + "lastModified": 1734126203, + "narHash": "sha256-0XovF7BYP50rTD2v4r55tR5MuBLet7q4xIz6Rgh3BBU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "86e78d3d2084ff87688da662cf78c2af085d8e73", + "rev": "71a6392e367b08525ee710a93af2e80083b5b3e2", "type": "github" }, "original": { @@ -635,11 +616,11 @@ }, "nixpkgs-24_05": { "locked": { - "lastModified": 1717144377, - "narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=", + "lastModified": 1731797254, + "narHash": "sha256-df3dJApLPhd11AlueuoN0Q4fHo/hagP75LlM5K1sz9g=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "805a384895c696f802a9bf5bf4720f37385df547", + "rev": "e8c38b73aeb218e27163376a2d617e61a2ad9b59", "type": "github" }, "original": { @@ -650,11 +631,11 @@ }, "nixpkgs-amneziawg": { "locked": { - "lastModified": 1729516182, - "narHash": "sha256-u+HH+gyGSUERSnhYVFX/jMykfpDrQJvGUNsBmN31GsM=", + "lastModified": 1733085004, + "narHash": "sha256-pskW7udXL6KssMYlBR7cxSLPzqLMrZWgel98dKEgKPs=", "owner": "azahi", "repo": "nixpkgs", - "rev": "cebf00faa0dab35517b368b5d14dc42018bf3ee0", + "rev": "ba3f8e26212ff64cc96a4c1932d91bd18eb87757", "type": "github" }, "original": { @@ -666,23 +647,23 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1727825735, - "narHash": "sha256-0xHYkMkeLVQAMa7gvkddbPqpxph+hDzdu1XdGPJR+Os=", + "lastModified": 1733096140, + "narHash": "sha256-1qRH7uAUsyQI7R1Uwl4T+XvdNv778H0Nb5njNrqvylY=", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/fb192fec7cc7a4c26d51779e9bab07ce6fa5597a.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz" }, "original": { "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/fb192fec7cc7a4c26d51779e9bab07ce6fa5597a.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz" } }, "nixpkgs-master": { "locked": { - "lastModified": 1730047773, - "narHash": "sha256-oNzx2k7lmdRO9WAY176pTo76kN1PtT02QyTz1N/tpWE=", + "lastModified": 1734389326, + "narHash": "sha256-YPjF7N9G9tGjnm630FVaLojjpl+OnWao+UqhprZ29dQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2ba15d4f55c092002f792a8e7af585bbf3277e63", + "rev": "6ea67fde4864ca2ab720f946e4af74ab2b73e5b9", "type": "github" }, "original": { @@ -694,11 +675,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1730039714, - "narHash": "sha256-T/UCiOaxNBvqeQMOkQq89Ni7W0XTvDxCe+7TFpQ2QE0=", + "lastModified": 1734284970, + "narHash": "sha256-iPXIDT8Rth+fJ9VpeZMu9wgdEEhrUrn77uYNcmtw3s0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5e34aff468a6cfd6c2b02cbb4a8d2d8643feaade", + "rev": "6903830d1075f13346be0ea9611ae6ef50a472d6", "type": "github" }, "original": { @@ -779,11 +760,11 @@ ] }, "locked": { - "lastModified": 1729731316, - "narHash": "sha256-InsUCPq86xyvJ9U+pVijYNBCep/dYACyJblG6fgkkWA=", + "lastModified": 1734311023, + "narHash": "sha256-NpiSmBZ4usbCuucwLWKX8TypbP+KfKZB5GOJevdp2rM=", "owner": "nix-community", "repo": "srvos", - "rev": "0e447b6d3f16d6a305ca99ac89686d51042f516a", + "rev": "528f3ec754231bd6dc0113cd3010f66513e957f4", "type": "github" }, "original": { @@ -801,7 +782,7 @@ "flake-compat": [ "flake-compat" ], - "flake-utils": "flake-utils_3", + "flake-utils": "flake-utils_2", "gnome-shell": "gnome-shell", "home-manager": [ "home-manager" @@ -809,17 +790,17 @@ "nixpkgs": [ "nixpkgs" ], - "systems": "systems_4", + "systems": "systems_3", "tinted-foot": "tinted-foot", "tinted-kitty": "tinted-kitty", "tinted-tmux": "tinted-tmux" }, "locked": { - "lastModified": 1729963473, - "narHash": "sha256-uGjTjvvlGQfQ0yypVP+at0NizI2nrb6kz4wGAqzRGbY=", + "lastModified": 1734110168, + "narHash": "sha256-Q0eeLYn45ErXlqGQyXmLLHGe1mqnUiK0Y9wZRa1SNFI=", "owner": "danth", "repo": "stylix", - "rev": "04afcfc0684d9bbb24bb1dc77afda7c1843ec93b", + "rev": "a9e3779949925ef22f5a215c5f49cf520dea30b1", "type": "github" }, "original": { @@ -873,34 +854,20 @@ "type": "github" } }, - "systems_4": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "tinted-foot": { "flake": false, "locked": { - "lastModified": 1696725948, - "narHash": "sha256-65bz2bUL/yzZ1c8/GQASnoiGwaF8DczlxJtzik1c0AU=", + "lastModified": 1726913040, + "narHash": "sha256-+eDZPkw7efMNUf3/Pv0EmsidqdwNJ1TaOum6k7lngDQ=", "owner": "tinted-theming", "repo": "tinted-foot", - "rev": "eedbcfa30de0a4baa03e99f5e3ceb5535c2755ce", + "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", "type": "github" }, "original": { "owner": "tinted-theming", "repo": "tinted-foot", + "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", "type": "github" } }, @@ -924,11 +891,11 @@ "tinted-tmux": { "flake": false, "locked": { - "lastModified": 1696725902, - "narHash": "sha256-wDPg5elZPcQpu7Df0lI5O8Jv4A3T6jUQIVg63KDU+3Q=", + "lastModified": 1729501581, + "narHash": "sha256-1ohEFMC23elnl39kxWnjzH1l2DFWWx4DhFNNYDTYt54=", "owner": "tinted-theming", "repo": "tinted-tmux", - "rev": "c02050bebb60dbb20cb433cd4d8ce668ecc11ba7", + "rev": "f0e7f7974a6441033eb0a172a0342e96722b4f14", "type": "github" }, "original": { @@ -950,11 +917,11 @@ ] }, "locked": { - "lastModified": 1729994042, - "narHash": "sha256-raAG3cW29BRYmu3Pxej65QgnNi88bGUqlqMkuaJRF8s=", + "lastModified": 1734314392, + "narHash": "sha256-EydUadS7omV3SO/4TLeMkLT2JUugvPEtvBoAF43ggWU=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "88bf73817636e232513bff1f3a071b3ae2bcfd14", + "rev": "4ef033412f0732794077fcc25af4f79f097ad1e1", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index c621f04..67180ca 100644 --- a/flake.nix +++ b/flake.nix @@ -12,7 +12,7 @@ flake-parts.url = "github:hercules-ci/flake-parts"; - # TODO Upstream this? + # TODO https://github.com/NixOS/nixpkgs/pull/360866 nixpkgs-amneziawg.url = "github:azahi/nixpkgs/amneziawg"; nixos-hardware.url = "github:NixOS/nixos-hardware"; @@ -193,6 +193,7 @@ topology = self.topology.config.output; iso = self.nixosConfigurations.iso.config.system.build.isoImage; + test-headless = self.nixosConfigurations.test-headless.config.system.build.vm; test-headful = self.nixosConfigurations.test-headful.config.system.build.vm; }; diff --git a/lib/default.nix b/lib/default.nix index 3a67063..e06b7ec 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -11,9 +11,7 @@ rec { packages = import ./packages.nix { inherit lib inputs system; }; - infuse = import inputs.infuse { - inherit lib; - }; + inherit ((import inputs.infuse { inherit lib; }).v1) infuse; isEven = number: diff --git a/lib/my.nix b/lib/my.nix index f959de2..3a8058e 100644 --- a/lib/my.nix +++ b/lib/my.nix @@ -51,78 +51,6 @@ with lib; isHeadless = mkConfigurationTypeOption "headless"; isHeadful = mkConfigurationTypeOption "headful"; isOther = mkConfigurationTypeOption "other"; - - ipv4 = { - address = mkOption { - description = "The machine's public IPv4 address."; - type = nullOr str; - default = null; - }; - prefixLength = mkOption { - description = "The machine's public IPv4 prefix length."; - type = nullOr int; - default = null; - }; - gatewayAddress = mkOption { - description = "The machine's public IPv4 gateway address."; - type = nullOr str; - default = null; - }; - }; - ipv6 = { - address = mkOption { - description = "The machine's public IPv6 address."; - type = nullOr str; - default = null; - }; - prefixLength = mkOption { - description = "The machine's public IPv6 prefix length."; - type = nullOr int; - default = null; - }; - gatewayAddress = mkOption { - description = "The machine's public IPv6 gateway address."; - type = nullOr str; - default = null; - }; - }; - - wireguard = { - ipv4.address = mkOption { - description = "The machine's internal IPv4 addresses."; - type = nullOr str; - default = null; - }; - ipv6.address = mkOption { - description = "The machine's internal IPv6 addresses."; - type = nullOr str; - default = null; - }; - publicKey = mkOption { - description = "The machine's public key."; - type = nullOr str; - default = null; - }; - }; - - # TODO Automate filling of this from the NSD service module. - # Right now I need to copy domain definitions from there to here - # manually. - # - # Something like taking `config.services.nsd.zones[$domain]` and - # filtering for actual subdomains. We can remove this option - # altogether then. - domains = mkOption { - description = "External domains that resolve to this address."; - type = listOf str; - default = [ ]; - }; - - syncthing.id = mkOption { - description = "Syncthing ID."; - type = nullOr str; - default = null; - }; }; } ) @@ -185,6 +113,7 @@ with lib; "git.${azahi}" "git.${shire}" "grafana.${shire}" + "irc.${shire}" "loki.${shire}" "ntfy.${shire}" "plausible.${shire}" @@ -192,6 +121,7 @@ with lib; "radicale.${shire}" "rss-bridge.${shire}" "start.local" + "uptime.${shire}" "vaultwarden.${shire}" azahi rohan @@ -250,6 +180,41 @@ with lib; "lidarr.${shire}" ]; syncthing.id = "@SYNCTHING_ID@"; + + wireguard-ng = { + ipv4.address = "10.70.1.2"; + ipv6.address = "fd70::1:2"; + publicKey = "@PUBLIC_KEY@"; + }; + }; + + # VPS in Russia. + tulkas = { + stateVersion = "24.05"; + deviceIcon = "devices.cloud-server"; + system = "x86_64-linux"; + isHeadless = true; + ipv4 = { + gatewayAddress = "@IPV4_ADDRESS@"; + address = "@IPV4_ADDRESS@"; + prefixLength = 32; + }; + ipv6 = { + gatewayAddress = "@IPV6_ADDRESS@"; + address = "@IPV6_ADDRESS@"; + prefixLength = 64; + }; + wireguard = { + ipv4.address = "10.69.0.4"; + ipv6.address = "fd69::0:4"; + publicKey = "@PUBLIC_KEY@"; + }; + + wireguard-ng = { + ipv4.address = "10.70.0.1"; + ipv6.address = "fd70::0:1"; + publicKey = "@PUBLIC_KEY@"; + }; }; # A beefy desktop: 7950x/rx6750xt/128GB. @@ -264,6 +229,12 @@ with lib; publicKey = "@PUBLIC_KEY@"; }; syncthing.id = "@SYNCTHING_ID@"; + + wireguard-ng = { + ipv4.address = "10.70.3.1"; + ipv6.address = "fd70::3:1"; + publicKey = "@PUBLIC_KEY@"; + }; }; # ThinkPad X1 Nano Gen 3. @@ -278,6 +249,12 @@ with lib; publicKey = "@PUBLIC_KEY@"; }; syncthing.id = "@SYNCTHING_ID@"; + + wgireguard-ng = { + ipv4.address = "10.70.4.1"; + ipv6.address = "fd70::4:1"; + publicKey = "@PUBLIC_KEY@"; + }; }; # Google Pixel 7a w/ GrapheneOS. @@ -289,6 +266,12 @@ with lib; publicKey = "@PUBLIC_KEY@"; }; syncthing.id = "@SYNCTHING_ID@"; + + wireguard-ng = { + ipv4.address = "10.70.5.1"; + ipv6.address = "fd70::5:1"; + publicKey = "@PUBLIC_KEY@"; + }; }; }; }; diff --git a/modules/acme.nix b/modules/acme.nix index 6a75818..9a2f3f1 100644 --- a/modules/acme.nix +++ b/modules/acme.nix @@ -5,11 +5,14 @@ let in { imports = [ - (mkAliasOptionModule [ "certs" ] [ - "security" - "acme" - "certs" - ]) + (mkAliasOptionModule + [ "certs" ] + [ + "security" + "acme" + "certs" + ] + ) ]; options.nixfiles.modules.acme = { diff --git a/modules/android.nix b/modules/android.nix index 363bd6c..65710ca 100644 --- a/modules/android.nix +++ b/modules/android.nix @@ -1,12 +1,11 @@ { config, lib, ... }: -with lib; let cfg = config.nixfiles.modules.android; in { - options.nixfiles.modules.android.enable = mkEnableOption "support for Android devices"; + options.nixfiles.modules.android.enable = lib.mkEnableOption "support for Android devices"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { programs.adb.enable = true; my.extraGroups = [ "adbusers" ]; diff --git a/modules/chromium.nix b/modules/chromium.nix index c7842d5..bc34ecd 100644 --- a/modules/chromium.nix +++ b/modules/chromium.nix @@ -18,10 +18,11 @@ in programs.chromium = { enable = true; - package = pkgs.ungoogled-chromium; + # package = pkgs.ungoogled-chromium; extensions = [ { id = "cjpalhdlnbpafiamejdnhcphjbkeiagm"; } # uBlock Origin + { id = "nkbihfbeogaeaoehlefnkodbefgpgknn"; } # MetaMask ]; }; }; diff --git a/modules/common/ark.nix b/modules/common/ark.nix index 1e43ef8..007e209 100644 --- a/modules/common/ark.nix +++ b/modules/common/ark.nix @@ -4,32 +4,34 @@ lib, ... }: -with lib; let cfg = config.nixfiles.modules.ark; in { imports = [ inputs.impermanence.nixosModules.impermanence - (mkAliasOptionModule [ "ark" ] [ - "nixfiles" - "modules" - "ark" - ]) + (lib.mkAliasOptionModule + [ "ark" ] + [ + "nixfiles" + "modules" + "ark" + ] + ) ]; options.nixfiles.modules.ark = let - mkListOfAnythingOption = mkOption { - type = with types; listOf anything; # Assumed to be matching with the upstream type. + mkListOfAnythingOption = lib.mkOption { + type = with lib.types; listOf anything; # Assumed to be matching with the upstream type. default = [ ]; }; in { - enable = mkEnableOption "persistent storage support via impermanence"; + enable = lib.mkEnableOption "persistent storage support via impermanence"; - path = mkOption { - type = types.str; + path = lib.mkOption { + type = lib.types.str; default = "/ark"; }; @@ -41,7 +43,7 @@ in # }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { environment.persistence.${cfg.path} = { hideMounts = true; enableDebugging = false; diff --git a/modules/common/default.nix b/modules/common/default.nix index ef9fb18..38094e7 100644 --- a/modules/common/default.nix +++ b/modules/common/default.nix @@ -1 +1,4 @@ -{ lib, ... }: with lib; { imports = attrValues (modulesIn ./.); } +{ lib, ... }: +{ + imports = lib.attrValues (lib.modulesIn ./.); +} diff --git a/modules/common/documentation.nix b/modules/common/documentation.nix index 33e767c..f9e0fcb 100644 --- a/modules/common/documentation.nix +++ b/modules/common/documentation.nix @@ -5,7 +5,6 @@ this, ... }: -with lib; { config = { hm.manual = { @@ -34,7 +33,7 @@ with lib; environment.variables = { MANOPT = "--no-hyphenation"; - MANPAGER = "${getExe pkgs.less} -+F"; + MANPAGER = "${lib.getExe pkgs.less} -+F"; }; }; } diff --git a/modules/common/home-manager.nix b/modules/common/home-manager.nix index f2fc8a8..118fc0e 100644 --- a/modules/common/home-manager.nix +++ b/modules/common/home-manager.nix @@ -4,15 +4,17 @@ lib, ... }: -with lib; { imports = [ inputs.home-manager.nixosModule - (mkAliasOptionModule [ "hm" ] [ - "home-manager" - "users" - my.username - ]) + (lib.mkAliasOptionModule + [ "hm" ] + [ + "home-manager" + "users" + lib.my.username + ] + ) ]; hm = { diff --git a/modules/common/kernel.nix b/modules/common/kernel.nix index ddc4f62..f7e520a 100644 --- a/modules/common/kernel.nix +++ b/modules/common/kernel.nix @@ -1,29 +1,28 @@ { lib, ... }: -with lib; { boot.kernel.sysctl = { - "fs.file-max" = pow 2 17; - "fs.inotify.max_user_watches" = pow 2 19; + "fs.file-max" = lib.pow 2 17; + "fs.inotify.max_user_watches" = lib.pow 2 19; "fs.suid_dumpable" = 0; "kernel.core_uses_pid" = 1; "kernel.exec-shield" = 1; "kernel.kptr_restrict" = 1; "kernel.maps_protect" = 1; - "kernel.msgmax" = pow 2 16; - "kernel.msgmnb" = pow 2 16; - "kernel.pid_max" = pow 2 16; + "kernel.msgmax" = lib.pow 2 16; + "kernel.msgmnb" = lib.pow 2 16; + "kernel.pid_max" = lib.pow 2 16; "kernel.randomize_va_space" = 2; - "kernel.shmall" = pow 2 28; - "kernel.shmmax" = pow 2 28; + "kernel.shmall" = lib.pow 2 28; + "kernel.shmmax" = lib.pow 2 28; "kernel.sysrq" = 0; - "vm.dirty_background_bytes" = pow 2 22; + "vm.dirty_background_bytes" = lib.pow 2 22; "vm.dirty_background_ratio" = 5; - "vm.dirty_bytes" = pow 2 22; + "vm.dirty_bytes" = lib.pow 2 22; "vm.dirty_ratio" = 30; - "vm.min_free_kbytes" = pow 2 16; - "vm.mmap_min_addr" = pow 2 12; - "vm.overcommit_memory" = mkDefault 0; - "vm.overcommit_ratio" = mkDefault 50; + "vm.min_free_kbytes" = lib.pow 2 16; + "vm.mmap_min_addr" = lib.pow 2 12; + "vm.overcommit_memory" = lib.mkDefault 0; + "vm.overcommit_ratio" = lib.mkDefault 50; "vm.vfs_cache_pressure" = 50; }; diff --git a/modules/common/locale.nix b/modules/common/locale.nix index 372b69b..acd1ecd 100644 --- a/modules/common/locale.nix +++ b/modules/common/locale.nix @@ -51,7 +51,6 @@ with lib; "caps:escape" "compose:menu" "grp:win_space_toggle" - "terminate:ctrl_alt_bksp" ]; }; } diff --git a/modules/common/networking.nix b/modules/common/networking.nix index f681deb..2e9c218 100644 --- a/modules/common/networking.nix +++ b/modules/common/networking.nix @@ -5,47 +5,35 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.common.networking; + + interface = "eth0"; # This assumes `usePredictableInterfaceNames` is false. in { - options.nixfiles.modules.common.networking.onlyDefault = mkEnableOption "custom networking settings"; + options.nixfiles.modules.common.networking.onlyDefault = + lib.mkEnableOption "custom networking settings"; - config = mkIf (!cfg.onlyDefault) { + config = lib.mkIf (!cfg.onlyDefault) { ark.directories = with config.networking; - optional networkmanager.enable "/etc/NetworkManager/system-connections" - ++ optional wireless.iwd.enable "/var/lib/iwd"; + lib.optional networkmanager.enable "/etc/NetworkManager/system-connections" + ++ lib.optional wireless.iwd.enable "/var/lib/iwd"; - networking = mkMerge [ + networking = lib.mkMerge [ { - domain = my.domain.shire; + domain = lib.my.domain.shire; hostName = this.hostname; - hostId = substring 0 8 (builtins.hashString "md5" this.hostname); + hostId = lib.substring 0 8 (builtins.hashString "md5" this.hostname); # Remove default hostname mappings. This is required at least by the # current implementation of the monitoring module. hosts = { - "127.0.0.2" = mkForce [ ]; - "::1" = mkForce [ ]; + "127.0.0.2" = lib.mkForce [ ]; + "::1" = lib.mkForce [ ]; }; - # There's no way[1] to configure DNS server priority in - # systemd-resolved. The only solution for dealing with a broken VPN - # connection is to delete /etc/systemd/resolved.conf and restart the - # systemd-resolved service. Otherwise I'll just end up with a random - # server from the list most of the time because systemd-resolved - # "conveniently" will manage server priority for me... - # - # [1]: https://askubuntu.com/questions/1116732/how-do-i-list-dns-server-order-in-systemd-resolve - # [2]: https://github.com/systemd/systemd/issues/6076 - nameservers = with my.configurations.manwe.wireguard; [ - ipv6.address - ipv4.address - ]; - useDHCP = false; nftables.enable = true; @@ -63,70 +51,101 @@ in logRefusedUnicastsOnly = false; logReversePathDrops = false; }; + + usePredictableInterfaceNames = false; } - ( - let - interface = "eth0"; # This assumes `usePredictableInterfaceNames` is false. - in - mkIf (hasAttr "ipv4" this && hasAttr "ipv6" this) { - usePredictableInterfaceNames = false; # NOTE This can break something! - interfaces.${interface} = { - ipv4.addresses = - with this.ipv4; - optional (isString address && isInt prefixLength) { inherit address prefixLength; }; - - ipv6.addresses = - with this.ipv6; - optional (isString address && isInt prefixLength) { inherit address prefixLength; }; + (lib.mkIf (lib.hasAttr "ipv4" this) { + interfaces.${interface}.ipv4.addresses = + with this.ipv4; + lib.optional (lib.isString address && lib.isInt prefixLength) { + inherit address prefixLength; }; - defaultGateway = - with this.ipv4; - mkIf (isString gatewayAddress) { - inherit interface; - address = gatewayAddress; - }; - defaultGateway6 = - with this.ipv6; - mkIf (isString gatewayAddress) { - inherit interface; - address = gatewayAddress; - }; - } - ) - (mkIf this.isHeadful { - interfaces.eth0.useDHCP = mkDefault true; - + defaultGateway = + with this.ipv4; + lib.mkIf (lib.isString gatewayAddress) { + inherit interface; + address = gatewayAddress; + }; + }) + (lib.mkIf (lib.hasAttr "ipv6" this) { + interfaces.${interface}.ipv6.addresses = + with this.ipv6; + lib.optional (lib.isString address && lib.isInt prefixLength) { + inherit address prefixLength; + }; + defaultGateway6 = + with this.ipv6; + lib.mkIf (lib.isString gatewayAddress) { + inherit interface; + address = gatewayAddress; + }; + }) + (lib.mkIf this.isHeadless { + nameservers = with lib.my.configurations.manwe.wireguard; [ + ipv6.address + ipv4.address + ]; + }) + (lib.mkIf this.isHeadful { networkmanager = { - enable = mkDefault true; - unmanaged = [ - "bridge" - "ethernet" - "loopback" - "wireguard" - ]; - plugins = mkForce [ ]; + enable = true; wifi.backend = "iwd"; + dns = "none"; }; wireless = { enable = false; - iwd.enable = mkDefault true; + iwd.enable = lib.mkDefault true; userControlled.enable = true; allowAuxiliaryImperativeNetworks = true; }; + + resolvconf.extraConfig = '' + append_nameservers='127.0.0.1' + ''; }) ]; - services.resolved = { - llmnr = "false"; - dnsovertls = "opportunistic"; - dnssec = "allow-downgrade"; - fallbackDns = dns.mkDoT dns.const.quad9.ecs; - }; + services = lib.mkMerge [ + (lib.mkIf this.isHeadless { + resolved = { + enable = true; + llmnr = "false"; + dnsovertls = "opportunistic"; + dnssec = "allow-downgrade"; + fallbackDns = lib.dns.mkDoT lib.dns.const.quad9.ecs; + }; + }) + (lib.mkIf this.isHeadful { + resolved.enable = false; + + dnscrypt-proxy2 = { + enable = true; + settings = { + ipv4_servers = true; + ipv6_servers = false; + dnscrypt_servers = true; + doh_servers = true; + odoh_servers = false; + require_dnssec = true; + require_nolog = true; + require_nofilter = true; + + disabled_server_names = [ + "cloudflare" + "cloudflare-ipv6" + ]; + + cache = true; + cache_size = lib.pow 2 13; + }; + }; + }) + ]; environment = { - shellAliases = listToAttrs ( - map ({ name, value }: nameValuePair name "${pkgs.iproute2}/bin/${value}") [ + shellAliases = lib.listToAttrs ( + map ({ name, value }: lib.nameValuePair name "${pkgs.iproute2}/bin/${value}") [ { name = "bridge"; value = "bridge -color=always"; diff --git a/modules/common/nix.nix b/modules/common/nix.nix index 58d572f..2054185 100644 --- a/modules/common/nix.nix +++ b/modules/common/nix.nix @@ -72,6 +72,11 @@ in keep-going = true; + experimental-features = [ + "fetch-tree" + "pipe-operators" + ]; + trusted-users = [ my.username ]; substituters = [ @@ -80,12 +85,12 @@ in "https://nix-community.cachix.org" "https://numtide.cachix.org" ]; - trusted-substituters = [ - "https://cache.tvl.su" - ]; trusted-public-keys = [ "cache.tvl.su:kjc6KOMupXc1vHVufJUoDUYeLzbwSr9abcAKdn/U1Jk=" ]; + + # https://github.com/NixOS/nix/issues/6901 + fallback = true; }; }; @@ -95,6 +100,8 @@ in overlays = [ inputs.self.overlays.default ]; }; + programs.nh.enable = this.isHeadful; + environment = { defaultPackages = [ ]; systemPackages = diff --git a/modules/common/secrets.nix b/modules/common/secrets.nix index 03a2eeb..77dee44 100644 --- a/modules/common/secrets.nix +++ b/modules/common/secrets.nix @@ -10,10 +10,13 @@ with lib; { imports = [ inputs.agenix.nixosModules.default - (mkAliasOptionModule [ "secrets" ] [ - "age" - "secrets" - ]) + (mkAliasOptionModule + [ "secrets" ] + [ + "age" + "secrets" + ] + ) ]; config = { @@ -23,7 +26,10 @@ with lib; else map (attr: attr.path) (filter (attr: attr.type == my.ssh.type) config.services.openssh.hostKeys); - environment.systemPackages = with pkgs; [ agenix ]; + environment.systemPackages = with pkgs; [ + age + agenix + ]; nixpkgs.overlays = [ inputs.agenix.overlays.default ]; }; diff --git a/modules/common/shell/default.nix b/modules/common/shell/default.nix index 4ae41d8..cacb411 100644 --- a/modules/common/shell/default.nix +++ b/modules/common/shell/default.nix @@ -5,14 +5,13 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.common.shell; in { - options.nixfiles.modules.common.shell.aliases = mkOption { + options.nixfiles.modules.common.shell.aliases = lib.mkOption { description = "An attribute set of shell aliases."; - type = with types; attrsOf str; + type = with lib.types; attrsOf str; default = { }; }; @@ -24,8 +23,8 @@ in initExtra = let - aliasCompletions = concatStringsSep "\n" ( - mapAttrsToList (name: _: "complete -F _complete_alias ${name}") cfg.aliases + aliasCompletions = lib.concatStringsSep "\n" ( + lib.mapAttrsToList (name: _: "complete -F _complete_alias ${name}") cfg.aliases ); in '' @@ -45,7 +44,7 @@ in source "${./functions.bash}" - source "${getExe' pkgs.complete-alias "complete_alias"}" + source "${lib.getExe' pkgs.complete-alias "complete_alias"}" ${aliasCompletions} # https://github.com/garabik/grc?tab=readme-ov-file#bash @@ -73,19 +72,18 @@ in ]; shellAliases = - listToAttrs ( + lib.listToAttrs ( map ( { name, value }: - nameValuePair name ( - with pkgs; + lib.nameValuePair name ( let pkg = if this.isHeadful then (pkgs.coreutils.overrideAttrs ( _: super: { patches = (super.patches or [ ]) ++ [ - (fetchpatch { + (pkgs.fetchpatch { url = "https://raw.githubusercontent.com/jarun/advcpmv/1e2b1c6b74fa0974896bf94604279a3f74b37a63/advcpmv-0.9-9.5.patch"; hash = "sha256-LRfb4heZlAUKiXl/hC/HgoqeGMxCt8ruBYZUrbzSH+Y="; }) @@ -93,24 +91,24 @@ in } )) else - coreutils; + pkgs.coreutils; in - "${getExe' pkg "coreutils"} --coreutils-prog=${value}" + "${lib.getExe' pkg "coreutils"} --coreutils-prog=${value}" ) ) ( let mkAlias = { - name ? head command, + name ? lib.head command, command, }: { inherit name; - value = concatStringsSep " " command; + value = lib.concatStringsSep " " command; }; - progressBar = optionalString this.isHeadful "--progress-bar"; + progressBar = lib.optionalString this.isHeadful "--progress-bar"; in [ (mkAlias { @@ -171,7 +169,7 @@ in ] ) ) - // (genAttrs [ + // (lib.genAttrs [ "grep" "egrep" "fgrep" diff --git a/modules/common/stylix.nix b/modules/common/stylix.nix index f1e0417..f17cb4c 100644 --- a/modules/common/stylix.nix +++ b/modules/common/stylix.nix @@ -10,11 +10,14 @@ with lib; { imports = [ inputs.stylix.nixosModules.stylix - (mkAliasOptionModule [ "colors" ] [ - "lib" - "stylix" - "colors" - ]) + (mkAliasOptionModule + [ "colors" ] + [ + "lib" + "stylix" + "colors" + ] + ) ]; options.nixfiles.modules.common.stylix.fonts.extraPackages = mkOption { diff --git a/modules/common/systemd.nix b/modules/common/systemd.nix index f832518..996096e 100644 --- a/modules/common/systemd.nix +++ b/modules/common/systemd.nix @@ -1,5 +1,6 @@ { config, + lib, ... }: { @@ -35,8 +36,16 @@ user = { inherit extraConfig; }; + + suppressedSystemUnits = lib.optionals config.nixfiles.modules.ark.enable [ + "systemd-machine-id-commit.service" + ]; }; + boot.initrd.systemd.suppressedUnits = lib.optionals config.nixfiles.modules.ark.enable [ + "systemd-machine-id-commit.service" + ]; + environment.variables = { SYSTEMD_PAGERSECURE = "1"; SYSTEMD_PAGER = "less"; diff --git a/modules/common/users.nix b/modules/common/users.nix index b8aca28..e0811b7 100644 --- a/modules/common/users.nix +++ b/modules/common/users.nix @@ -5,11 +5,14 @@ let in { imports = [ - (mkAliasOptionModule [ "my" ] [ - "users" - "users" - my.username - ]) + (mkAliasOptionModule + [ "my" ] + [ + "users" + "users" + my.username + ] + ) ]; ark.directories = [ home ]; diff --git a/modules/common/xdg.nix b/modules/common/xdg.nix index 0b807b7..df7d624 100644 --- a/modules/common/xdg.nix +++ b/modules/common/xdg.nix @@ -4,7 +4,6 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.common.xdg; in @@ -20,44 +19,44 @@ in ]; in [ - (mkAliasOptionModule [ + (lib.mkAliasOptionModule [ "dirs" "cache" ] (withBase "cacheHome")) - (mkAliasOptionModule [ + (lib.mkAliasOptionModule [ "dirs" "config" ] (withBase "configHome")) - (mkAliasOptionModule [ + (lib.mkAliasOptionModule [ "dirs" "data" ] (withBase "dataHome")) - (mkAliasOptionModule [ + (lib.mkAliasOptionModule [ "dirs" "state" ] (withBase "stateHome")) - (mkAliasOptionModule [ "userDirs" ] (withBase "userDirs")) + (lib.mkAliasOptionModule [ "userDirs" ] (withBase "userDirs")) ]; options.nixfiles.modules.common.xdg = { - cacheHome = mkOption { - type = types.str; + cacheHome = lib.mkOption { + type = lib.types.str; default = "${config.hm.home.homeDirectory}/.cache"; }; - configHome = mkOption { - type = types.str; + configHome = lib.mkOption { + type = lib.types.str; default = "${config.hm.home.homeDirectory}/.config"; }; - dataHome = mkOption { - type = types.str; + dataHome = lib.mkOption { + type = lib.types.str; default = "${config.hm.home.homeDirectory}/.local/share"; }; - stateHome = mkOption { - type = types.str; + stateHome = lib.mkOption { + type = lib.types.str; default = "${config.hm.home.homeDirectory}/.local/state"; }; - userDirs = mkOption { - type = types.attrs; + userDirs = lib.mkOption { + type = lib.types.attrs; default = let inherit (config.my) home; @@ -76,9 +75,9 @@ in videos = tmp; }; }; - defaultApplications = mkOption { + defaultApplications = lib.mkOption { description = "Default applications."; - type = with types; attrsOf (listOf str); + type = with lib.types; attrsOf (listOf str); default = { }; }; }; @@ -89,7 +88,7 @@ in sounds.enable = this.isHeadful; }; - hm.xdg = mkMerge [ + hm.xdg = lib.mkMerge [ (with cfg; { enable = true; @@ -99,11 +98,11 @@ in inherit stateHome; inherit userDirs; }) - (mkIf this.isHeadful { + (lib.mkIf this.isHeadful { mimeApps = { enable = true; - defaultApplications = mkMerge ( - mapAttrsToList (n: v: genAttrs v (_: [ "${n}.desktop" ])) cfg.defaultApplications + defaultApplications = lib.mkMerge ( + lib.mapAttrsToList (n: v: lib.genAttrs v (_: [ "${n}.desktop" ])) cfg.defaultApplications ); }; }) diff --git a/modules/curl.nix b/modules/curl.nix index 6895262..3c318fc 100644 --- a/modules/curl.nix +++ b/modules/curl.nix @@ -20,7 +20,7 @@ in ''; environment.systemPackages = with pkgs; [ - curl + curlHTTP3 (writeShellScriptBin "0x0" '' url="https://0x0.st" form="file=@" diff --git a/modules/docker.nix b/modules/docker.nix index 62dc095..330d417 100644 --- a/modules/docker.nix +++ b/modules/docker.nix @@ -5,14 +5,13 @@ pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.docker; in { - options.nixfiles.modules.docker.enable = mkEnableOption "Docker"; + options.nixfiles.modules.docker.enable = lib.mkEnableOption "Docker"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { assertions = [ { assertion = cfg.enable -> !config.nixfiles.modules.podman.enable; @@ -20,12 +19,14 @@ in } ]; + ark.directories = [ "/var/lib/docker" ]; + nixfiles.modules.common.shell.aliases.d = "docker"; secrets.containers-auth = { file = "${inputs.self}/secrets/containers-auth"; path = "${config.my.home}/.docker/config.json"; - owner = my.username; + owner = lib.my.username; inherit (config.my) group; }; diff --git a/modules/emacs/default.nix b/modules/emacs/default.nix index 455f710..71bc24c 100644 --- a/modules/emacs/default.nix +++ b/modules/emacs/default.nix @@ -231,9 +231,8 @@ in (mu4e-drafts-folder . "/${name}/${folders.drafts}") (mu4e-trash-folder . "/${name}/${folders.trash}") (mu4e-refile-folder . "/${name}/Archive") - ${ - optionalString (signature.showSignature != "none") - ''(mu4e-compose-signature . "${replaceStrings [ "\n" ] [ "\\n" ] signature.text}")'' + ${optionalString (signature.showSignature != "none") + ''(mu4e-compose-signature . "${replaceStrings [ "\n" ] [ "\\n" ] signature.text}")'' } (+mu4e-personal-addresses . (${personalAddresses}))) t) diff --git a/modules/emacs/doom/config.el b/modules/emacs/doom/config.el index 85fe4a9..a212e17 100644 --- a/modules/emacs/doom/config.el +++ b/modules/emacs/doom/config.el @@ -260,3 +260,118 @@ (setq-local company-idle-delay 0.1)))) :init (setq! hledger-input-buffer-height 20)) + +;; +;;; LLM +;; + +(use-package! gptel + :config + (setq! gptel-model 'codegemma:7b + gptel-backend (gptel-make-ollama "ollama" + :host "eonwe.shire.net:11434" + :stream t + :models '(dagbs/qwen2.5-coder-7b-instruct-abliterated:latest + qwen2.5-coder:7b + deepseek-coder-v2:16b + codegemma:7b + codellama:7b + llama3.2:3b + mistral:7b)))) + +(use-package! ellama + :init + (setq! ellama-naming-scheme 'ellama-generate-name-by-time) + :config + (require 'llm-ollama) + (setq! ellama-provider (make-llm-ollama + :scheme "http" + :host "eonwe.shire.net" + :port 11434 + :chat-model "llama3.2:3b" + :embedding-model "nomic-embed-text:latest") + ellama-providers '(("llama" . (make-llm-ollama + :scheme "http" + :host "eonwe.shire.net" + :port 11434 + :chat-model "llama3.2:3b" + :embedding-model "nomic-embed-text:latest")) + ("codellama" . (make-llm-ollama + :scheme "http" + :host "eonwe.shire.net" + :port 11434 + :chat-model "codellama:7b" + :embedding-model "nomic-embed-text:latest")) + ("qwen" . (make-llm-ollama + :scheme "http" + :host "eonwe.shire.net" + :port 11434 + :chat-model "qwen2.5:7b" + :embedding-model "nomic-embed-text:latest")) + ("qwen-coder" . (make-llm-ollama + :scheme "http" + :host "eonwe.shire.net" + :port 11434 + :chat-model "qwen2.5-coder:7b" + :embedding-model "nomic-embed-text:latest")) + ("qwen-coder-instruct" . (make-llm-ollama + :scheme "http" + :host "eonwe.shire.net" + :port 11434 + :chat-model "dagbs/qwen2.5-coder-7b-instruct-abliterated:latest" + :embedding-model "nomic-embed-text:latest")) + ("gemma" . (make-llm-ollama + :scheme "http" + :host "eonwe.shire.net" + :port 11434 + :chat-model "gemma2:9b" + :embedding-model "nomic-embed-text:latest")) + ("codegemma" . (make-llm-ollama + :scheme "http" + :host "eonwe.shire.net" + :port 11434 + :chat-model "codegemma:7b" + :embedding-model "nomic-embed-text:latest")) + ("mistral" . (make-llm-ollama + :scheme "http" + :host "eonwe.shire.net" + :port 11434 + :chat-model "mistral:7b" + :embedding-model "nomic-embed-text:latest")) + ("hermes" . (make-llm-ollama + :scheme "http" + :host "eonwe.shire.net" + :port 11434 + :chat-model "hermes3:8b" + :embedding-model "nomic-embed-text:latest")) + ("deepseek" . (make-llm-ollama + :scheme "http" + :host "eonwe.shire.net" + :port 11434 + :chat-model "deepseek-coder-v2:16b" + :embedding-model "nomic-embed-text:latest"))) + ellama-translation-provider (make-llm-ollama + :scheme "http" + :host "eonwe.shire.net" + :port 11434 + :chat-model "qwen2.5:7b" + :embedding-model "nomic-embed-text:latest") + ellama-summarization-provider (make-llm-ollama + :scheme "http" + :host "eonwe.shire.net" + :port 11434 + :chat-model "mistral:7b" + :embedding-model "nomic-embed-text:latest"))) + +(use-package! magit-gptcommit + :after magit + :config + (require 'llm-ollama) + (setq! magit-gptcommit-llm-provider (make-llm-ollama + :scheme "http" + :host "eonwe.shire.net" + :port 11434 + :chat-model "dagbs/qwen2.5-coder-7b-instruct-abliterated:latest" + :embedding-model "nomic-embed-text:latest")) + + (magit-gptcommit-status-buffer-setup)) diff --git a/modules/emacs/doom/init.el b/modules/emacs/doom/init.el index 8575c3f..3845fd6 100644 --- a/modules/emacs/doom/init.el +++ b/modules/emacs/doom/init.el @@ -48,7 +48,7 @@ :checkers syntax - (spell +everywhere +icons) + (spell +flyspell +everywhere +icons) grammar :tools diff --git a/modules/emacs/doom/packages.el b/modules/emacs/doom/packages.el index fb521bc..a7085da 100644 --- a/modules/emacs/doom/packages.el +++ b/modules/emacs/doom/packages.el @@ -8,18 +8,23 @@ (package! org-roam-ui) +;; https://github.com/doomemacs/doomemacs/issues/8166 +;; https://github.com/org-roam/org-roam/issues/2485 +(unpin! emacsql) +(package! emacsql + :recipe (:host github :repo "magit/emacsql") + :pin "491105a01f58bf0b346cbc0254766c6800b229a2") + (package! nickel-mode) (package! hledger-mode) (package! sops - :recipe (:host github - :repo "djgoku/sops")) + :recipe (:host github :repo "djgoku/sops")) -(unpin! ansible) -(package! ansible - :recipe (:host gitlab - :repo "emacs-ansible/emacs-ansible")) +(package! gptel) +(package! ellama) +(package! magit-gptcommit) ;; (package! tvl ;; :recipe (:host nil diff --git a/modules/firefox/addons.json b/modules/firefox/addons.json index 5c6a090..c194368 100644 --- a/modules/firefox/addons.json +++ b/modules/firefox/addons.json @@ -7,9 +7,6 @@ "slug": "consent-o-matic" }, { - "slug": "darkreader" - }, - { "slug": "furiganaize" }, { @@ -19,9 +16,16 @@ "slug": "languagetool" }, { + "pname": "metamask", + "slug": "ether-metamask" + }, + { "slug": "no-pdf-download" }, { + "slug": "plasma-integration" + }, + { "pname": "rikaichamp", "slug": "10ten-ja-reader" }, @@ -32,6 +36,9 @@ "slug": "skip-redirect" }, { + "slug": "switchyomega" + }, + { "slug": "ublock-origin" }, { @@ -40,8 +47,5 @@ }, { "slug": "violentmonkey" - }, - { - "slug": "switchyomega" } ] diff --git a/modules/firefox/addons.nix b/modules/firefox/addons.nix index e416a3f..5a08549 100644 --- a/modules/firefox/addons.nix +++ b/modules/firefox/addons.nix @@ -5,10 +5,10 @@ { "bitwarden" = buildFirefoxXpiAddon { pname = "bitwarden"; - version = "2024.10.0"; + version = "2024.10.1"; addonId = "{446900e4-71c2-419f-a6a7-df9c091e268b}"; - url = "https://addons.mozilla.org/firefox/downloads/file/4363548/bitwarden_password_manager-2024.10.0.xpi"; - sha256 = "9ea9428444870a74ae1999d77eb12d97a45275c85e83d6afdcbc4597fa3eccfb"; + url = "https://addons.mozilla.org/firefox/downloads/file/4371752/bitwarden_password_manager-2024.10.1.xpi"; + sha256 = "7b7357ddce2756dc536b86b5c14139ec09731c1c114ac82807c60fba3ced12a5"; meta = with lib; { homepage = "https://bitwarden.com"; description = "At home, at work, or on the go, Bitwarden easily secures all your passwords, passkeys, and sensitive information."; @@ -52,27 +52,6 @@ platforms = platforms.all; }; }; - "darkreader" = buildFirefoxXpiAddon { - pname = "darkreader"; - version = "4.9.94"; - addonId = "addon@darkreader.org"; - url = "https://addons.mozilla.org/firefox/downloads/file/4359254/darkreader-4.9.94.xpi"; - sha256 = "251c4e7d0a30c0cab006803600e59ab92dcc0c606429740d42677846d4c9ccd6"; - meta = with lib; { - homepage = "https://darkreader.org/"; - description = "Dark mode for every website. Take care of your eyes, use dark theme for night and daily browsing."; - license = licenses.mit; - mozPermissions = [ - "alarms" - "contextMenus" - "storage" - "tabs" - "theme" - "<all_urls>" - ]; - platforms = platforms.all; - }; - }; "furiganaize" = buildFirefoxXpiAddon { pname = "furiganaize"; version = "0.7.2"; @@ -144,6 +123,36 @@ platforms = platforms.all; }; }; + "metamask" = buildFirefoxXpiAddon { + pname = "metamask"; + version = "12.0.6"; + addonId = "webextension@metamask.io"; + url = "https://addons.mozilla.org/firefox/downloads/file/4342782/ether_metamask-12.0.6.xpi"; + sha256 = "a66e20bbe5ded1b9408420e4c2ffc82369cc3bfd27350afe25f2c0ef6b26ff3b"; + meta = with lib; { + description = "Ethereum Browser Extension"; + mozPermissions = [ + "storage" + "unlimitedStorage" + "clipboardWrite" + "http://localhost:8545/" + "https://*.infura.io/" + "https://*.codefi.network/" + "https://*.cx.metamask.io/" + "https://chainid.network/chains.json" + "https://lattice.gridplus.io/*" + "activeTab" + "webRequest" + "*://*.eth/" + "notifications" + "file://*/*" + "http://*/*" + "https://*/*" + "*://connect.trezor.io/*/popup.html" + ]; + platforms = platforms.all; + }; + }; "no-pdf-download" = buildFirefoxXpiAddon { pname = "no-pdf-download"; version = "1.0.6"; @@ -162,6 +171,29 @@ platforms = platforms.all; }; }; + "plasma-integration" = buildFirefoxXpiAddon { + pname = "plasma-integration"; + version = "1.9.1"; + addonId = "plasma-browser-integration@kde.org"; + url = "https://addons.mozilla.org/firefox/downloads/file/4298512/plasma_integration-1.9.1.xpi"; + sha256 = "394a3525185679dd5430d05f980ab6be19d96557560fe86208c21a8807669b33"; + meta = with lib; { + homepage = "http://kde.org"; + description = "Multitask efficiently by controlling browser functions from the Plasma desktop."; + license = licenses.gpl3; + mozPermissions = [ + "nativeMessaging" + "notifications" + "storage" + "downloads" + "tabs" + "<all_urls>" + "contextMenus" + "*://*/*" + ]; + platforms = platforms.all; + }; + }; "redirector" = buildFirefoxXpiAddon { pname = "redirector"; version = "3.5.3"; @@ -187,10 +219,10 @@ }; "rikaichamp" = buildFirefoxXpiAddon { pname = "rikaichamp"; - version = "1.21.1"; + version = "1.22.0"; addonId = "{59812185-ea92-4cca-8ab7-cfcacee81281}"; - url = "https://addons.mozilla.org/firefox/downloads/file/4355635/10ten_ja_reader-1.21.1.xpi"; - sha256 = "81d85cfdc03cb0c921cac84547e7a7a539af11ff9a81dd901b3f3bfa67ba45f1"; + url = "https://addons.mozilla.org/firefox/downloads/file/4371439/10ten_ja_reader-1.22.0.xpi"; + sha256 = "d6f3197b7e3383f2723b9376d93e03fe515e5c610f9c0723d9618b10d3cc4bf1"; meta = with lib; { homepage = "https://github.com/birchill/10ten-ja-reader/"; description = "Quickly translate Japanese by hovering over words. Formerly released as Rikaichamp."; @@ -258,10 +290,10 @@ }; "ublock-origin" = buildFirefoxXpiAddon { pname = "ublock-origin"; - version = "1.60.0"; + version = "1.61.0"; addonId = "uBlock0@raymondhill.net"; - url = "https://addons.mozilla.org/firefox/downloads/file/4359936/ublock_origin-1.60.0.xpi"; - sha256 = "e2cda9b2a1b0a7f6e5ef0da9f87f28df52f8560587ba2e51a3003121cfb81600"; + url = "https://addons.mozilla.org/firefox/downloads/file/4382536/ublock_origin-1.61.0.xpi"; + sha256 = "e6fd55b799a568c66c10892a8f22428e6773fe16d7466ce9dee2952f224b203d"; meta = with lib; { homepage = "https://github.com/gorhill/uBlock#ublock-origin"; description = "Finally, an efficient wide-spectrum content blocker. Easy on CPU and memory."; @@ -318,10 +350,10 @@ }; "violentmonkey" = buildFirefoxXpiAddon { pname = "violentmonkey"; - version = "2.26.0"; + version = "2.28.0"; addonId = "{aecec67f-0d10-4fa7-b7c7-609a2db280cf}"; - url = "https://addons.mozilla.org/firefox/downloads/file/4362578/violentmonkey-2.26.0.xpi"; - sha256 = "47b61fd463602a38bf67591ab94c60d3f1a02ad4f81b9a8a3de97d5461b2e12e"; + url = "https://addons.mozilla.org/firefox/downloads/file/4379821/violentmonkey-2.28.0.xpi"; + sha256 = "30bc3db14194a5197e4721d419123f3a02b9c6f3e94646724aa991137121bcba"; meta = with lib; { homepage = "https://violentmonkey.github.io/"; description = "Userscript support for browsers, open source."; diff --git a/modules/firefox/default.nix b/modules/firefox/default.nix index b7e47b6..ee45434 100644 --- a/modules/firefox/default.nix +++ b/modules/firefox/default.nix @@ -41,28 +41,6 @@ in mkCssWithRoot = css: mkMerge [ - # https://github.com/tinted-theming/base24/blob/master/styling.md - (with config.colors.withHashtag; '' - :root { - --black: ${base01}; - --red: ${base08}; - --green: ${base0B}; - --yellow: ${base09}; - --blue: ${base0D}; - --magenta: ${base0E}; - --cyan: ${base0C}; - --white: ${base06}; - --bright-black: ${base02}; - --bright-red: ${base12}; - --bright-green: ${base14}; - --bright-yellow: ${base13}; - --bright-blue: ${base16}; - --bright-magenta: ${base17}; - --bright-cyan: ${base15}; - --bright-white: ${base07}; - --background: ${base00}; - --foreground: ${base05}; - '') ( let mapFonts = concatMapStringsSep ", " (font: ''"${font}"''); @@ -70,6 +48,7 @@ in in with config.fonts.fontconfig.defaultFonts; '' + :root { --serif-font-family: ${mapFonts serif}, serif; --serif-font-size: ${size}; --sans-serif-font-family: ${mapFonts sansSerif}, sans-serif; @@ -124,9 +103,9 @@ in with addons; [ consent-o-matic - darkreader furiganaize languagetool + metamask no-pdf-download redirector rikaichamp @@ -136,6 +115,7 @@ in user-agent-switcher violentmonkey ] + ++ optional config.nixfiles.modules.kde.enable plasma-integration ++ optional config.nixfiles.modules.ipfs.enable ipfs-companion; search = { @@ -222,7 +202,7 @@ in "GitHub" = { urls = [ { template = "https://github.com/search?q={searchTerms}"; } ]; - icon = getIcon "https://github.githubassets.com/favicons/favicon-dark.svg" "sha256-qu/d9ftvsntplFuxw9RFL8BpI9b2g5b6xfeGw6Ekh6w="; + icon = getIcon "https://github.githubassets.com/favicons/favicon.svg" "sha256-apV3zU9/prdb3hAlr4W5ROndE4g3O1XMum6fgKwurmA="; definedAliases = [ "@github" "@gh" @@ -373,7 +353,7 @@ in "SourceHut" = { urls = [ { template = "https://sr.ht/projects?search={searchTerms}"; } ]; - icon = getIcon "https://sr.ht/static/logo.png" "sha256-NBzKZhqE9//zVJlOwYiwyW/jRFh8+nS2YvC3zMCQ1fU="; + icon = getIcon "https://sourcehut.org/logo.svg" "sha256-tX7ppdGitgaVFCI1aGc41n6er7srHi+GMv5+lpFvYBc="; definedAliases = [ "@sourcehut" "@srht" @@ -421,6 +401,10 @@ in name = "Bookmarks Toolbar"; toolbar = true; bookmarks = with config.nixfiles.modules; [ + { + name = "XUL"; + url = "chrome://browser/content/browser.xhtml"; + } (mkIf syncthing.enable { name = "Syncthing"; url = "http://${config.services.syncthing.guiAddress}"; @@ -529,6 +513,7 @@ in "browser.tabs.warnOnClose" = false; "browser.tabs.warnOnCloseOtherTabs" = false; "browser.tabs.warnOnOpen" = false; + "browser.theme.dark-private-windows" = false; "browser.toolbars.bookmarks.visibility" = "newtab"; "browser.translations.enable" = false; "browser.urlbar.decodeURLsOnCopy" = true; @@ -551,6 +536,7 @@ in "media.autoplay.blocking_policy" = 2; "media.autoplay.default" = 5; "media.hardwaremediakeys.enabled" = false; + "media.videocontrols.picture-in-picture.video-toggle.enabled" = false; "reader.parse-on-load.enabled" = false; "toolkit.legacyUserProfileCustomizations.stylesheets" = true; }; diff --git a/modules/firefox/userChrome.css b/modules/firefox/userChrome.css index 80d1f7a..aeb1c8f 100644 --- a/modules/firefox/userChrome.css +++ b/modules/firefox/userChrome.css @@ -1,23 +1,9 @@ @-moz-document url(chrome://browser/content/browser.xhtml) { - /* - *** - * Tabbar - *** - */ - - /* - * Apply colours and fonts. - */ - .tabbrowser-tab { - color: var(--background-alt) !important; + #urlbar { font-family: var(--sans-serif-font-family) !important; font-size: var(--sans-serif-font-size) !important; } - .tabbrowser-tab[visuallyselected="true"] { - background: var(--background) !important; - color: var(--foreground) !important; - } /* * Not sure why is this shit even exists... @@ -34,32 +20,6 @@ } /* - * Disable borders and margins. - */ - #tabbrowser-tabs { - border-inline-start: 0 !important; - /* padding-inline-start: 0 !important; */ - margin-inline-start: 0 !important; - } - #tabbrowser-tabs[haspinnedtabs]:not([positionpinnedtabs]) - > #tabbrowser-arrowscrollbox - > .tabbrowser-tab[first-visible-unpinned-tab] { - margin-inline-start: none !important; - } - .tabbrowser-tab::after, - .tabbrowser-tab::before { - border: none !important; - } - - /* - * Make tabs backgroundless. - */ - /* .tab-background, */ - /* .tab-line { */ - /* display: none !important; */ - /* } */ - - /* * Stretch tabs to the max by default. */ .tabbrowser-tab[fadein]:not([pinned="true"]) { @@ -67,14 +27,6 @@ } /* - * Fix favicon location. - */ - .tab-icon-image { - margin-inline-end: 10px !important; - margin-top: 0px !important; - } - - /* * "C-t" exists. */ #tabs-newtab-button, @@ -90,64 +42,13 @@ } /* - *** - * Navbar & urlbar. - *** - */ - - /* - * Remove padding between urlbar and side elements. + * Remove padding between URL bar and side elements. */ #customizableui-special-spring1, #customizableui-special-spring2 { display: none !important; } - #urlbar { - background: var(--background) !important; - color: var(--foreground) !important; - font-family: var(--sans-serif-font-family) !important; - font-size: var(--sans-serif-font-size) !important; - border-color: transparent !important; - } - - /* #urlbar:not(:-moz-lwtheme):not([focused="true"]) > #urlbar-background, */ - /* #searchbar:not(:-moz-lwtheme):not(:focus-within) { */ - /* border: none !important; */ - /* } */ - - /* #urlbar *|*.textbox-input::-moz-placeholder { */ - /* color: transparent !important; */ - /* } */ - - /* .urlbar-icon:hover:not([disabled]), */ - /* .urlbar-icon-wrapper:hover:not([disabled]) { */ - /* background-color: var(--background-alt) !important; */ - /* } */ - - /* #urlbar-background { */ - /* background: transparent !important; */ - /* } */ - - /* .urlbarView-tags, */ - /* .urlbarView-url, */ - /* .urlbarView-title:not(:empty) ~ .urlbarView-action { */ - /* font-size: var(--sans-serif-font-size) !important; */ - /* } */ - - .urlbarView-row[label="Firefox Suggest"] { - margin-block-start: 0 !important; - } - .urlbarView-row[label="Firefox Suggest"]::before { - display: none !important; - } - - /* - *** - * Misc. - *** - */ - /* * Call indicator that some "designer" decided to make floating and impossible * to hide. @@ -157,16 +58,41 @@ } /* - * Disable some context menu entries. - */ - #context-navigation { + * Context menu. Both for tabs and page. + */ + #context-bookmarklink, + #context-inspect-a11y, + #context-navigation, + #context-pocket, + #context-print-selection, + #context-searchselect, + #context-selectall, + #context-sendimage, + #context-sendlinktodevice, + #context-sendpagetodevice, + #context-viewsource, + #context_bookmarkTab, + #context_moveTabOptions, + #context_selectAllTabs, + #context_sendTabToDevice, + menuseparator { display: none !important; } /* - * Remove dumb websites that Mozilla is forced to include. + * Unify margins for tab browser. */ - .search-one-offs { - display: none !important; + #tabbrowser-tabs { + margin-inline-start: 0 !important; + border-inline-start: 0 !important; + padding-inline-start: calc( + var(--tab-overflow-pinned-tabs-width) + 2px + ) !important; + margin-inline-start: 0 !important; + } + #tabbrowser-tabs[haspinnedtabs]:not([positionpinnedtabs])[orient="horizontal"] + > #tabbrowser-arrowscrollbox + > .tabbrowser-tab:nth-child(1 of :not([pinned], [hidden])) { + margin-inline-start: 0 !important; } } diff --git a/modules/firefox/userContent.css b/modules/firefox/userContent.css index 96bb529..a009ad8 100644 --- a/modules/firefox/userContent.css +++ b/modules/firefox/userContent.css @@ -1,16 +1,11 @@ @-moz-document media-document(all) { body { background-image: none !important; - background-color: var(--background) !important; + background-color: var(--background-color-box) !important; } } @-moz-document regexp("about:(blank|home|newtab|privatebrowsing|welcome)") { - html, - body { - background: var(--background) !important; - } - body { display: none !important; } @@ -265,7 +260,8 @@ #highlight__main-container, .global-footer, .global-navigation, - .global-registration-buttons { + .global-registration-buttons, + .notifications-placeholder { display: none !important; } diff --git a/modules/games/gamemode.nix b/modules/games/gamemode.nix index eb485f8..4e57a8b 100644 --- a/modules/games/gamemode.nix +++ b/modules/games/gamemode.nix @@ -1,13 +1,12 @@ { config, lib, ... }: -with lib; let cfg = config.nixfiles.modules.games.gamemode; in { - options.nixfiles.modules.games.gamemode.enable = mkEnableOption "Feral GameMode"; + options.nixfiles.modules.games.gamemode.enable = lib.mkEnableOption "Feral GameMode"; - config = mkIf cfg.enable { - hm.xdg.configFile."gamemode.ini".text = generators.toINI { } { general.softrealtime = "auto"; }; + config = lib.mkIf cfg.enable { + hm.xdg.configFile."gamemode.ini".text = lib.generators.toINI { } { general.softrealtime = "auto"; }; programs.gamemode.enable = true; }; diff --git a/modules/games/lutris.nix b/modules/games/lutris.nix index 62fe521..d926971 100644 --- a/modules/games/lutris.nix +++ b/modules/games/lutris.nix @@ -22,10 +22,12 @@ in (lutris.override { extraPkgs = _: [ vkBasalt - wine + wine-staging winetricks ]; }) + wine-staging + winetricks ]; }; } diff --git a/modules/games/minecraft.nix b/modules/games/minecraft.nix index f93a139..f849360 100644 --- a/modules/games/minecraft.nix +++ b/modules/games/minecraft.nix @@ -5,7 +5,6 @@ pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.games.minecraft; in @@ -13,28 +12,30 @@ in imports = [ inputs.minecraft.nixosModules.minecraft-servers ]; options.nixfiles.modules.games.minecraft = { - client.enable = mkEnableOption "Minecraft client"; + client.enable = lib.mkEnableOption "Minecraft client"; server = { - enable = mkEnableOption "Minecraft server"; + enable = lib.mkEnableOption "Minecraft server"; - port = mkOption { + port = lib.mkOption { description = "Server port."; - type = types.port; + type = lib.types.port; default = 25565; }; - memory = mkOption { + memory = lib.mkOption { description = "Amount of RAM to allocate."; - type = types.str; + type = lib.types.str; default = "2G"; }; }; }; - config = mkMerge [ - (mkIf cfg.client.enable { hm.home.packages = [ pkgs.prismlauncher ]; }) - (mkIf cfg.server.enable { - nixfiles.modules.common.nix.allowedUnfreePackages = [ "minecraft-server" ]; + config = lib.mkMerge [ + (lib.mkIf cfg.client.enable { hm.home.packages = [ pkgs.prismlauncher ]; }) + (lib.mkIf cfg.server.enable { + nixfiles.modules.common.nix.allowedUnfreePackages = [ + "minecraft-server" # proprietary + ]; ark.directories = [ config.services.minecraft-servers.dataDir ]; @@ -50,7 +51,7 @@ in # https://api.papermc.io/v2/projects/paper # https://github.com/Infinidoge/nix-minecraft/blob/master/pkgs/paper-servers/lock.json - package = pkgs.paperServers.paper-1_21_47; + package = pkgs.minecraftServers.paper-1_21_3; serverProperties = { # motd = ""; @@ -71,7 +72,7 @@ in }; jvmOpts = - (concatStringsSep " " [ + (lib.concatStringsSep " " [ "-Xms${cfg.server.memory}" "-Xmx${cfg.server.memory}" "--add-modules=jdk.incubator.vector" # Required by some plugins. diff --git a/modules/games/steam-run.nix b/modules/games/steam-run.nix index be06c78..9e3c962 100644 --- a/modules/games/steam-run.nix +++ b/modules/games/steam-run.nix @@ -2,72 +2,49 @@ config, lib, pkgs, - pkgsRev, ... }: -with lib; let cfg = config.nixfiles.modules.games.steam-run; in { options.nixfiles.modules.games.steam-run = { - enable = mkEnableOption "native Steam runtime"; + enable = lib.mkEnableOption "native Steam runtime"; quirks = { - blackIsleStudios = mkEnableOption "fixes for games from Black Isle Studios"; - cryptOfTheNecrodancer = mkEnableOption ''fixes for "Crypt of the NecroDancer" issues''; - mountAndBladeWarband = mkEnableOption ''fixes for "Mount & Blade: Warband" issues''; + blackIsleStudios = lib.mkEnableOption "fixes for games from Black Isle Studios"; + cryptOfTheNecrodancer = lib.mkEnableOption ''fixes for "Crypt of the NecroDancer" issues''; + mountAndBladeWarband = lib.mkEnableOption ''fixes for "Mount & Blade: Warband" issues''; }; }; - config = mkIf cfg.enable { - nixfiles.modules.games.steam.enable = true; + config = lib.mkIf cfg.enable { + nixfiles.modules = { + games.steam.enable = true; - hm.home.packages = with pkgs; [ - (steam.override { + common.nix.allowedUnfreePackages = lib.optionals cfg.quirks.mountAndBladeWarband [ + "fmod" # proprietary + ]; + }; + + hm.home.packages = [ + (pkgs.steam.override { + extraEnv.MANGOHUD = 1; extraLibraries = _: - with cfg.quirks; - optional blackIsleStudios openssl_1_0_0 - ++ optional cryptOfTheNecrodancer (pkgsRev "d1c3fea7ecbed758168787fe4e4a3157e52bc808" "sha256-3muuhz3fjtF1bz32UXOYCho51E8JSeEwo2iDZFQJdXo=") - .flac - ++ optionals mountAndBladeWarband [ - (glew.overrideAttrs ( - _: super: - let - opname = super.pname; - in - rec { - pname = "${opname}-steam-run-fix"; - inherit (super) version; - src = fetchurl { - url = "mirror://sourceforge/${opname}/${opname}-${version}.tgz"; - hash = "sha256-BN6R5+Z2MDm8EZQAlc2cf4gLq6ghlqd2X3J6wFqZPJU="; - }; - } - )) - (fmodex.overrideAttrs ( - _: super: - let - opname = super.pname; - in - rec { - pname = "${opname}-steam-run-fix"; - inherit (super) version; - installPhase = - let - libPath = makeLibraryPath [ - alsa-lib - libpulseaudio - stdenv.cc.cc - ]; - in - '' - install -Dm755 api/lib/libfmodex64-${version}.so $out/lib/libfmodex64.so - patchelf --set-rpath ${libPath} $out/lib/libfmodex64.so - ''; - } - )) + lib.optionals cfg.quirks.blackIsleStudios [ + pkgs.openssl_1_0_0 + ] + ++ lib.optionals cfg.quirks.cryptOfTheNecrodancer [ + (lib.packages.fromRev "d1c3fea7ecbed758168787fe4e4a3157e52bc808" "sha256-3muuhz3fjtF1bz32UXOYCho51E8JSeEwo2iDZFQJdXo=") + .flac + ] + ++ lib.optionals cfg.quirks.mountAndBladeWarband [ + (pkgs.fmodex.overrideAttrs (oldAttrs: { + postInstall = '' + ln -s $out/lib/libfmodex64.so $out/lib/libfmodex-${oldAttrs.version}.so + ''; + })) ]; }).run ]; diff --git a/modules/git/default.nix b/modules/git/default.nix index b618a57..f370ae6 100644 --- a/modules/git/default.nix +++ b/modules/git/default.nix @@ -8,38 +8,37 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.git; in { options.nixfiles.modules.git = { - client.enable = mkEnableOption "Git client"; + client.enable = lib.mkEnableOption "Git client"; server = { - enable = mkEnableOption "Git server"; + enable = lib.mkEnableOption "Git server"; - domain = mkOption { + domain = lib.mkOption { description = "Domain name sans protocol scheme."; - type = with types; nullOr str; + type = with lib.types; nullOr str; default = "git.${config.networking.domain}"; }; - package = mkOption { + package = lib.mkOption { description = "Package."; - type = types.package; + type = lib.types.package; default = pkgs.cgit; }; }; }; - config = mkMerge [ - (mkIf cfg.client.enable { + config = lib.mkMerge [ + (lib.mkIf cfg.client.enable { secrets = { glab-cli-config = { file = "${inputs.self}/secrets/glab-cli-config"; path = "${config.dirs.config}/glab-cli/config.yml"; - owner = my.username; + owner = lib.my.username; }; # NOTE SSO requires relogin every day, so keeping persistent auth tokens # doesn't work. @@ -51,7 +50,7 @@ in hut = { file = "${inputs.self}/secrets/hut"; path = "${config.dirs.config}/hut/config"; - owner = my.username; + owner = lib.my.username; }; }; @@ -73,10 +72,10 @@ in package = if this.isHeadful then pkgs.gitFull else pkgs.gitMinimal; - userName = my.username; - userEmail = my.email; + userName = lib.my.username; + userEmail = lib.my.email; signing = { - inherit (my.pgp) key; + inherit (lib.my.pgp) key; signByDefault = true; }; @@ -102,48 +101,46 @@ in }; submodule.recurse = true; sendemail = rec { - smtpServer = my.domain.shire; - smtpUser = "${my.username}@${smtpServer}"; + smtpServer = lib.my.domain.shire; + smtpUser = "${lib.my.username}@${smtpServer}"; smtpEncryption = "ssl"; smtpServerPort = 465; annotate = true; confirm = "always"; }; column.ui = "auto"; - github.user = my.username; - gitlab.user = my.username; + github.user = lib.my.username; + gitlab.user = lib.my.username; } - // mapAttrs' (name: value: nameValuePair ''url "git@${value}:"'' { insteadOf = "${name}:"; }) { + // lib.mapAttrs' (n: v: lib.nameValuePair ''url "git@${v}:"'' { insteadOf = "${n}:"; }) { "bitbucket" = "bitbucket.com"; "codeberg" = "codeberg.org"; "github" = "github.com"; "gitlab" = "gitlab.com"; "sourcehut" = "git.sr.ht"; } - // - mapAttrs' (name: values: nameValuePair ''url "https://${values}/"'' { insteadOf = "${name}:"; }) - { - "alpine" = "gitlab.alpinelinux.org"; - "clan" = "git.clan.lol"; - "debian" = "salsa.debian.org"; - "freedesktop" = "gitlab.freedesktop.org"; - "gnome" = "gitlab.gnome.org"; - "haskell" = "gitlab.haskell.org"; - "homotopic" = "gitlab.homotopic.tech"; - "horizon" = "gitlab.horizon-haskell.net"; - "kde" = "invent.kde.org"; - "nixca" = "gitlab.nixca.dev"; - "notabug" = "notabug.org"; - "opencode" = "opencode.net"; - "syndicate" = "git.syndicate-lang.org"; - "torproject" = "gitlab.torproject.org"; - "videolan" = "code.videolan.org"; - }; + // lib.mapAttrs' (n: v: lib.nameValuePair ''url "https://${v}/"'' { insteadOf = "${n}:"; }) { + "alpine" = "gitlab.alpinelinux.org"; + "clan" = "git.clan.lol"; + "debian" = "salsa.debian.org"; + "freedesktop" = "gitlab.freedesktop.org"; + "gnome" = "gitlab.gnome.org"; + "haskell" = "gitlab.haskell.org"; + "homotopic" = "gitlab.homotopic.tech"; + "horizon" = "gitlab.horizon-haskell.net"; + "kde" = "invent.kde.org"; + "nixca" = "gitlab.nixca.dev"; + "notabug" = "notabug.org"; + "opencode" = "opencode.net"; + "syndicate" = "git.syndicate-lang.org"; + "torproject" = "gitlab.torproject.org"; + "videolan" = "code.videolan.org"; + }; aliases = let - git = getExe config.hm.programs.git.package; - curl = getExe pkgs.curl; + git = lib.getExe config.hm.programs.git.package; + curl = lib.getExe pkgs.curl; in { amend = "commit --amend"; @@ -189,181 +186,178 @@ in }; }; }) - (mkIf cfg.server.enable ( - with cfg.server; - { - ark.directories = [ config.services.gitolite.dataDir ]; + (lib.mkIf cfg.server.enable { + ark.directories = [ config.services.gitolite.dataDir ]; - nixfiles.modules.nginx = { - enable = true; - virtualHosts.${domain}.locations = { }; - }; + nixfiles.modules.nginx = { + enable = true; + virtualHosts.${cfg.server.domain}.locations = { }; + }; - services = { - cgit.${domain} = { - enable = true; + services = { + cgit.${cfg.server.domain} = { + enable = true; - package = pkgs.cgit-pink; + package = pkgs.cgit-pink; - # We make gitolite repos readable by the common group. - user = "git"; - group = "git"; + # We make gitolite repos readable by the common group. + user = "git"; + group = "git"; - scanPath = "${config.services.gitolite.dataDir}/repositories"; + scanPath = "${config.services.gitolite.dataDir}/repositories"; - settings = { - root-title = "git.azahi.cc"; - root-desc = "British scientists have discovered that using GitHub frequently is harmful to one's mental health, especially GitHub Actions..."; + settings = { + root-title = "git.azahi.cc"; + root-desc = "British scientists have discovered that using GitHub frequently is harmful to one's mental health, especially GitHub Actions..."; - footer = "${pkgs.writeText "cgit-footer" '' - <p style="text-align: center;">Consider giving <a href="https://nixos.org">Nix/NixOS</a> a try! <3</p> - ''}"; + footer = "${pkgs.writeText "cgit-footer" '' + <p style="text-align: center;">Consider giving <a href="https://nixos.org">Nix/NixOS</a> a try! <3</p> + ''}"; - about-filter = "${pkgs.writeScript "cgit-about-filter.sh" '' - #!${pkgs.bash}/bin/sh - filename=$1 - case "$filename" in - *.md) - exec ${pkgs.pandoc}/bin/pandoc -f markdown -t html - ;; - *.org) - exec ${pkgs.pandoc}/bin/pandoc -f org -t html - ;; - *) - echo "<pre>" - ${pkgs.coreutils}/bin/cat - echo "</pre>" - ;; - esac - ''}"; - source-filter = "${package}/lib/cgit/filters/syntax-highlighting.py"; - commit-filter = "${package}/lib/cgit/filters/commit-links.sh"; + about-filter = "${pkgs.writeScript "cgit-about-filter.sh" '' + #!${pkgs.bash}/bin/sh + filename=$1 + case "$filename" in + *.md) + exec ${pkgs.pandoc}/bin/pandoc -f markdown -t html + ;; + *.org) + exec ${pkgs.pandoc}/bin/pandoc -f org -t html + ;; + *) + echo "<pre>" + ${pkgs.coreutils}/bin/cat + echo "</pre>" + ;; + esac + ''}"; + source-filter = "${cfg.server.package}/lib/cgit/filters/syntax-highlighting.py"; + commit-filter = "${cfg.server.package}/lib/cgit/filters/commit-links.sh"; - readme = [ - ":README" - ":readme.md" - ":readme.org" - ]; + readme = [ + ":README" + ":readme.md" + ":readme.org" + ]; - clone-url = "https://$HTTP_HOST/$CGIT_REPO_URL"; + clone-url = "https://$HTTP_HOST/$CGIT_REPO_URL"; - enable-blame = true; - enable-commit-graph = true; - enable-follow-links = true; - enable-git-config = true; - enable-gitweb-owner = true; - enable-html-serving = true; - enable-http-clone = true; - enable-index-links = false; - enable-index-owner = false; - enable-log-filecount = true; - enable-log-linecount = true; - enable-subject-links = true; - enable-tree-linenumbers = true; + enable-blame = true; + enable-commit-graph = true; + enable-follow-links = true; + enable-git-config = true; + enable-gitweb-owner = true; + enable-html-serving = true; + enable-http-clone = true; + enable-index-links = false; + enable-index-owner = false; + enable-log-filecount = true; + enable-log-linecount = true; + enable-subject-links = true; + enable-tree-linenumbers = true; - branch-sort = "age"; - repository-sort = "age"; + branch-sort = "age"; + repository-sort = "age"; - remove-suffix = true; + remove-suffix = true; - logo = "/logo.gif"; - logo-link = "https://www.youtube.com/watch?v=dQw4w9WgXcQ"; - }; + logo = "/logo.gif"; + logo-link = "https://www.youtube.com/watch?v=dQw4w9WgXcQ"; }; + }; - gitolite = { - enable = true; - user = "git"; - group = "git"; - adminPubkey = my.ssh.key; - extraGitoliteRc = '' - # This allows cgit to scan repositories while running under a - # different user. - $RC{UMASK} = 0027; + gitolite = { + enable = true; + user = "git"; + group = "git"; + adminPubkey = lib.my.ssh.key; + extraGitoliteRc = '' + # This allows cgit to scan repositories while running under a + # different user. + $RC{UMASK} = 0027; - # This allows hiding repositories via "cgit.ignore"[1]. - # - # [1]: https://www.omarpolo.com/post/cgit-gitolite.html - $RC{GIT_CONFIG_KEYS} = '.*'; - ''; - }; + # This allows hiding repositories via "cgit.ignore"[1]. + # + # [1]: https://www.omarpolo.com/post/cgit-gitolite.html + $RC{GIT_CONFIG_KEYS} = '.*'; + ''; + }; - nginx.virtualHosts.${domain}.locations = - let - extraHead = '' - ${libNginx.config.appendHead [ - ''<meta name="go-import" content="$host$uri git https://$host$uri">'' - (libPlausible.htmlPlausibleScript { inherit (cfg.server) domain; }) - ]} + nginx.virtualHosts.${cfg.server.domain}.locations = + let + extraHead = '' + ${libNginx.config.appendHead [ + ''<meta name="go-import" content="$host$uri git https://$host$uri">'' + (libPlausible.htmlPlausibleScript { inherit (cfg.server) domain; }) + ]} + ''; + in + { + "/" = { + extraConfig = lib.mkBefore extraHead; + fastcgiParams.HTTP_ACCEPT_ENCODING = ""; + }; + "~ /.+/(info/refs|git-upload-pack)" = { + extraConfig = lib.mkBefore extraHead; + fastcgiParams.HTTP_ACCEPT_ENCODING = ""; + }; + "= /logo.gif".alias = "${./logo.gif}"; + "= /favicon.ico" = { + alias = "${./favicon.ico}"; + extraConfig = lib.mkForce ""; + }; + "= /cgit.css" = { + alias = pkgs.writeText "cgit.css" '' + ${builtins.readFile "${cfg.server.package}/cgit/cgit.css"} + * { + line-height: 1.25em; + } + div#cgit { + font-family: ${ + lib.concatMapStringsSep ", " (f: ''"${f}"'') config.fonts.fontconfig.defaultFonts.monospace + }, monospace; + -moz-tab-size: 2; + tab-size: 2; + max-width: 117ch; + margin: auto; + } + div#cgit table#header td.sub { + border-top: none; + } + div#cgit table#header td.sub.right { + padding-right: 1em; + } + div#cgit table.tabs { + border-bottom: none; + } + div#cgit div.content { + border-bottom: none; + } + div#cgit table.list th a { + color: inherit; + } + div#cgit table.list tr:nth-child(even) { + background: inherit; + } + div#cgit table.list tr:hover { + background: inherit; + } + div#cgit table.list tr.nohover-highlight:hover:nth-child(even) { + background: inherit; + } + div#cgit table.blob td.linenumbers a:target { + color: goldenrod; + text-decoration: underline; + outline: none; + } + div#cgit div#summary { + max-width: 80ch; + } ''; - in - { - "/" = { - extraConfig = mkBefore extraHead; - fastcgiParams.HTTP_ACCEPT_ENCODING = ""; - }; - "~ /.+/(info/refs|git-upload-pack)" = { - extraConfig = mkBefore extraHead; - fastcgiParams.HTTP_ACCEPT_ENCODING = ""; - }; - "= /logo.gif".alias = "${./logo.gif}"; - "= /favicon.ico" = { - alias = "${./favicon.ico}"; - extraConfig = mkForce ""; - }; - "= /cgit.css" = { - alias = pkgs.writeText "cgit.css" '' - ${readFile "${package}/cgit/cgit.css"} - * { - line-height: 1.25em; - } - div#cgit { - font-family: ${ - concatMapStringsSep ", " (f: ''"${f}"'') config.fonts.fontconfig.defaultFonts.monospace - }, monospace; - -moz-tab-size: 2; - tab-size: 2; - max-width: 117ch; - margin: auto; - } - div#cgit table#header td.sub { - border-top: none; - } - div#cgit table#header td.sub.right { - padding-right: 1em; - } - div#cgit table.tabs { - border-bottom: none; - } - div#cgit div.content { - border-bottom: none; - } - div#cgit table.list th a { - color: inherit; - } - div#cgit table.list tr:nth-child(even) { - background: inherit; - } - div#cgit table.list tr:hover { - background: inherit; - } - div#cgit table.list tr.nohover-highlight:hover:nth-child(even) { - background: inherit; - } - div#cgit table.blob td.linenumbers a:target { - color: goldenrod; - text-decoration: underline; - outline: none; - } - div#cgit div#summary { - max-width: 80ch; - } - ''; - extraConfig = mkForce ""; - }; + extraConfig = lib.mkForce ""; }; - }; - } - )) + }; + }; + }) ]; } diff --git a/modules/hyprland.nix b/modules/hyprland.nix new file mode 100644 index 0000000..c7f574a --- /dev/null +++ b/modules/hyprland.nix @@ -0,0 +1,131 @@ +{ + config, + lib, + ... +}: +let + cfg = config.nixfiles.modules.hyprland; +in +{ + options.nixfiles.modules.hyprland.enable = lib.mkEnableOption "Hyprland"; + + config = lib.mkIf cfg.enable { + nixfiles.modules.wayland.enable = true; + + hm = { + stylix.targets.hyprland.enable = false; + + wayland.windowManager.hyprland = { + enable = true; + + systemd = { + enable = true; + variables = [ "--all" ]; + }; + + settings = { + misc = { + disable_hyprland_logo = true; + disable_splash_rendering = true; + }; + + general = { + gaps_in = 0; + gaps_out = 0; + }; + + decoration = { + blur.enabled = false; + }; + + animations.enabled = false; + + debug.disable_logs = false; + + input = with config.services.xserver.xkb; { + kb_layout = layout; + kb_variant = variant; + kb_options = options; + + repeat_delay = config.services.xserver.autoRepeatDelay; + repeat_rate = config.services.xserver.autoRepeatInterval; + }; + + bindm = [ + "SUPER, mouse:272, movewindow" + "SUPER, mouse:273, resizewindow" + "SUPER ALT, mouse:272, resizewindow" + ]; + + bind = + [ + "SUPER SHIFT, E, exec, pkill Hyprland" + + "SUPER, D, killactive," + "SUPER, F, fullscreen," + + "SUPER, G, togglegroup," + "SUPER SHIFT, N, changegroupactive, f" + "SUPER SHIFT, P, changegroupactive, b" + + "SUPER, R, togglesplit," + "SUPER, T, togglefloating," + "SUPER, P, pseudo," + "SUPER ALT, ,resizeactive," + + "SUPER, Return, exec, foot" + "SUPER, L, exec, pgrep hyprlock || hyprlock" + + "SUPER, H, movefocus, l" + "SUPER, J, movefocus, d" + "SUPER, K, movefocus, u" + "SUPER, L, movefocus, r" + + "SUPER SHIFT, H, movewindow, l" + "SUPER SHIFT, J, movewindow, d" + "SUPER SHIFT, K, movewindow, u" + "SUPER SHIFT, L, movewindow, r" + + "SUPER ALT, H, resizeactive, 10 0" + "SUPER ALT, J, resizeactive, 0 10" + "SUPER ALT, K, resizeactive, 0 -10" + "SUPER ALT, L, resizeactive, -10 0" + + ", XF86AudioPlay, exec, mpc play" + ", XF86AudioPrev, exec, mpc prev" + ", XF86AudioNext, exec, mpc next" + + ", XF86AudioRaiseVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ .1+" + ", XF86AudioLowerVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ .1-" + + ", XF86AudioMute, exec, wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle" + ", XF86AudioMicMute, exec, wpctl set-mute @DEFAULT_AUDIO_SOURCE@ toggle" + + ", XF86MonBrightnessUp, exec, brightnessctl set +5%" + ", XF86MonBrightnessDown, exec, brightnessctl set 5%-" + ] + ++ (builtins.concatLists ( + builtins.genList ( + x: + let + ws = + let + c = (x + 1) / 10; + in + toString (x + 1 - (c * 10)); + in + [ + "SUPER, ${ws}, workspace, ${toString (x + 1)}" + "SUPER SHIFT, ${ws}, movetoworkspace, ${toString (x + 1)}" + ] + ) 10 + )); + }; + }; + + programs.hyprlock.enable = true; + }; + + programs.hyprland.enable = true; + }; +} diff --git a/modules/ipfs.nix b/modules/ipfs.nix index 25f7fce..80a43b6 100644 --- a/modules/ipfs.nix +++ b/modules/ipfs.nix @@ -175,7 +175,8 @@ in "api.${cfg.domain}" = { locations = { "/".proxyPass = "http://kubo_api"; - "~ ^/$".return = "301 http${optionalString config.nixfiles.modules.acme.enable "s"}://api.${cfg.domain}/webui"; + "~ ^/$".return = + "301 http${optionalString config.nixfiles.modules.acme.enable "s"}://api.${cfg.domain}/webui"; }; extraConfig = libNginx.config.internalOnly; }; diff --git a/modules/jackett.nix b/modules/jackett.nix index 07a5b16..5b0b2c0 100644 --- a/modules/jackett.nix +++ b/modules/jackett.nix @@ -6,22 +6,21 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.jackett; in { options.nixfiles.modules.jackett = { - enable = mkEnableOption "Jackett"; + enable = lib.mkEnableOption "Jackett"; - domain = mkOption { + domain = lib.mkOption { description = "Domain name sans protocol scheme."; - type = with types; str; + type = lib.types.str; default = "jackett.${config.networking.domain}"; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { ark.directories = [ "/var/lib/jackett" ]; nixfiles.modules.nginx = { diff --git a/modules/kde.nix b/modules/kde.nix index e017e11..9490b71 100644 --- a/modules/kde.nix +++ b/modules/kde.nix @@ -50,9 +50,14 @@ in services = { desktopManager.plasma6.enable = true; + displayManager.sddm = { enable = true; - wayland.enable = true; + + wayland = { + enable = false; + compositor = "kwin"; + }; }; }; @@ -64,7 +69,9 @@ in khelpcenter print-manager ]; - systemPackages = with pkgs.kdePackages; [ plasma-disks ]; + systemPackages = with pkgs.kdePackages; [ + plasma-disks + ]; }; }; } diff --git a/modules/monitoring/default.nix b/modules/monitoring/default.nix index 6e5b782..a3e57d3 100644 --- a/modules/monitoring/default.nix +++ b/modules/monitoring/default.nix @@ -166,6 +166,7 @@ in promtail = { hosts = [ manwe + tulkas varda yavanna ]; @@ -182,6 +183,7 @@ in endlessh-go = { hosts = [ manwe + tulkas varda yavanna ]; @@ -197,6 +199,7 @@ in node = { hosts = [ manwe + tulkas varda yavanna ]; diff --git a/modules/nsd.nix b/modules/nsd.nix index 322d88a..acf7e27 100644 --- a/modules/nsd.nix +++ b/modules/nsd.nix @@ -134,6 +134,8 @@ in subdomains = rec { manwe = ips "manwe"; "*.manwe" = manwe; + tulkas = ips "tulkas"; + "*.tulkas" = tulkas; varda = ips "varda"; "*.varda" = varda; yavanna = ips "yavanna"; @@ -148,12 +150,14 @@ in bitwarden = manwe; git = manwe; grafana = manwe; + irc = manwe; loki = manwe; ntfy = manwe; plausible = manwe; prometheus = manwe; radicale = manwe; rss-bridge = manwe; + uptime = manwe; vaultwarden = manwe; flood = yavanna; diff --git a/modules/openssh.nix b/modules/openssh.nix index 470b6c9..a41f0d6 100644 --- a/modules/openssh.nix +++ b/modules/openssh.nix @@ -4,26 +4,25 @@ pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.openssh; in { options.nixfiles.modules.openssh = { - client.enable = mkEnableOption "OpenSSH client"; + client.enable = lib.mkEnableOption "OpenSSH client"; server = { - enable = mkEnableOption "OpenSSH server"; + enable = lib.mkEnableOption "OpenSSH server"; - port = mkOption { + port = lib.mkOption { description = "OpenSSH server port."; - type = types.port; + type = lib.types.port; default = 22022; # Port 22 should be occupied by a tarpit. }; }; }; - config = mkMerge [ - (mkIf cfg.client.enable { + config = lib.mkMerge [ + (lib.mkIf cfg.client.enable { hm = { home.packages = with pkgs; [ mosh @@ -49,11 +48,11 @@ in { hostname ? name, port ? 22022, # NOTE This is not the default OpenSSH port. - user ? my.username, - identityFile ? "${config.my.home}/.ssh/${my.username}_${my.ssh.type}", + user ? lib.my.username, + identityFile ? "${config.my.home}/.ssh/${lib.my.username}_${lib.my.ssh.type}", extraAttrs ? { }, }: - nameValuePair name ( + lib.nameValuePair name ( { inherit hostname @@ -65,23 +64,23 @@ in // extraAttrs ); - internalServers = mapAttrs' mkBlock ( - mapAttrs (name: _: { hostname = "${name}.${my.domain.shire}"; }) ( - filterAttrs (_: attr: hasAttr "wireguard" attr && attr.isHeadless) my.configurations + internalServers = lib.mapAttrs' mkBlock ( + lib.mapAttrs (name: _: { hostname = "${name}.${lib.my.domain.shire}"; }) ( + lib.filterAttrs (_: attr: lib.hasAttr "wireguard" attr && attr.isHeadless) lib.my.configurations ) ); in internalServers - // (mapAttrs' mkBlock { + // (lib.mapAttrs' mkBlock { gitolite = { user = "git"; - hostname = "git.${my.domain.shire}"; + hostname = "git.${lib.my.domain.shire}"; }; }); }; }; }) - (mkIf cfg.server.enable { + (lib.mkIf cfg.server.enable { ark.files = [ "/etc/ssh/ssh_host_ed25519_key" "/etc/ssh/ssh_host_ed25519_key.pub" @@ -101,7 +100,7 @@ in KbdInteractiveAuthentication = false; MaxAuthTries = 3; PasswordAuthentication = false; - PermitRootLogin = mkForce "no"; + PermitRootLogin = lib.mkForce "no"; }; }; diff --git a/modules/password-store.nix b/modules/password-store.nix index e5cd756..886afb6 100644 --- a/modules/password-store.nix +++ b/modules/password-store.nix @@ -9,7 +9,8 @@ let cfg = config.nixfiles.modules.password-store; in { - options.nixfiles.modules.password-store.enable = mkEnableOption "the standard UNIX password manager"; + options.nixfiles.modules.password-store.enable = + mkEnableOption "the standard UNIX password manager"; config = mkIf cfg.enable { hm.programs = { diff --git a/modules/plausible.nix b/modules/plausible.nix index c5b66c3..89729fd 100644 --- a/modules/plausible.nix +++ b/modules/plausible.nix @@ -80,12 +80,12 @@ in services.plausible = { enable = true; - adminUser = { - name = "admin"; - email = "admin@${my.domain.shire}"; - passwordFile = config.secrets.plausible-admin-password.path; - activate = false; - }; + # adminUser = { + # name = "admin"; + # email = "admin@${my.domain.shire}"; + # passwordFile = config.secrets.plausible-admin-password.path; + # activate = false; + # }; mail = { email = "admin+plausible@${my.domain.shire}"; diff --git a/modules/podman.nix b/modules/podman.nix index bdef5be..6c4b20a 100644 --- a/modules/podman.nix +++ b/modules/podman.nix @@ -5,14 +5,13 @@ pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.podman; in { - options.nixfiles.modules.podman.enable = mkEnableOption "Podman"; + options.nixfiles.modules.podman.enable = lib.mkEnableOption "Podman"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { assertions = [ { assertion = cfg.enable -> !config.nixfiles.modules.docker.enable; @@ -20,33 +19,31 @@ in } ]; + ark.directories = [ "/var/lib/containers" ]; + nixfiles.modules.common.shell.aliases.p = "podman"; secrets.containers-auth = { file = "${inputs.self}/secrets/containers-auth"; path = "${config.dirs.config}/containers/auth.json"; - owner = my.username; + owner = lib.my.username; inherit (config.my) group; }; virtualisation.podman = { enable = true; - dockerCompat = true; - dockerSocket.enable = true; + dockerCompat = false; + dockerSocket.enable = false; }; - environment.systemPackages = with pkgs; [ podman-compose ]; + environment.systemPackages = [ pkgs.podman-compose ]; my.extraGroups = [ "podman" ]; - hm.xdg.configFile = { - "containers/registries.conf".source = pkgs.writers.writeTOML "containers-registries.toml" { - registries.search.registries = [ "docker.io" ]; - }; - - "containers/storage.conf".source = pkgs.writers.writeTOML "containers-storage.toml" { - storage.driver = "overlay"; - }; - }; + hm.xdg.configFile."containers/registries.conf".source = + pkgs.writers.writeTOML "containers-registries.toml" + { + registries.search.registries = [ "docker.io" ]; + }; }; } diff --git a/modules/profiles/default.nix b/modules/profiles/default.nix index 8824dfd..ae03bcc 100644 --- a/modules/profiles/default.nix +++ b/modules/profiles/default.nix @@ -54,6 +54,7 @@ in dnsutils file inetutils + iotop ldns lshw lsof diff --git a/modules/profiles/dev/default.nix b/modules/profiles/dev/default.nix index 61de848..af151a1 100644 --- a/modules/profiles/dev/default.nix +++ b/modules/profiles/dev/default.nix @@ -11,7 +11,8 @@ in { imports = attrValues (modulesIn ./.); - options.nixfiles.modules.profiles.dev.enable = mkEnableOption "Catch-all profile for stuff related to software development and etc."; + options.nixfiles.modules.profiles.dev.enable = + mkEnableOption "Catch-all profile for stuff related to software development and etc."; config = mkIf cfg.enable { nixfiles.modules = { @@ -22,6 +23,7 @@ in git.client.enable = true; nmap.enable = true; wget.enable = true; + podman.enable = true; }; hm = { @@ -58,6 +60,8 @@ in packages = with pkgs; [ age + dbeaver-bin + distrobox google-cloud-sdk htmlq httpie @@ -69,6 +73,8 @@ in nixpkgs-review scaleway-cli sops + sqlitebrowser + toolbox vultr-cli yq ]; diff --git a/modules/profiles/headful.nix b/modules/profiles/headful.nix index 256ec25..e2ed1df 100644 --- a/modules/profiles/headful.nix +++ b/modules/profiles/headful.nix @@ -123,15 +123,16 @@ in services = { fwupd.enable = true; libinput.enable = true; - psd.enable = true; upower.enable = true; }; time.timeZone = "Europe/Moscow"; environment.systemPackages = with pkgs; [ + brightnessctl lm_sensors usbutils + wirelesstools ]; my.extraGroups = [ diff --git a/modules/profiles/headless.nix b/modules/profiles/headless.nix index 5d42df0..bf0d23a 100644 --- a/modules/profiles/headless.nix +++ b/modules/profiles/headless.nix @@ -5,16 +5,15 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.profiles.headless; in { - options.nixfiles.modules.profiles.headless.enable = mkEnableOption "headless profile" // { + options.nixfiles.modules.profiles.headless.enable = lib.mkEnableOption "headless profile" // { default = this.isHeadless; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { nixfiles.modules = { openssh.server.enable = true; endlessh-go.enable = true; diff --git a/modules/psd.nix b/modules/psd.nix index f974af2..5bb9dc3 100644 --- a/modules/psd.nix +++ b/modules/psd.nix @@ -17,6 +17,7 @@ in xdg.configFile."psd/psd.conf".text = '' USE_OVERLAYFS="yes" + USE_BACKUPS="no" ''; }; diff --git a/modules/searx.nix b/modules/searx.nix index de51a20..ab186af 100644 --- a/modules/searx.nix +++ b/modules/searx.nix @@ -5,28 +5,27 @@ libNginx, ... }: -with lib; let cfg = config.nixfiles.modules.searx; in { options.nixfiles.modules.searx = { - enable = mkEnableOption "SearX"; + enable = lib.mkEnableOption "SearX"; - port = mkOption { + port = lib.mkOption { description = "Port."; - type = with types; port; + type = with lib.types; port; default = 61001; }; - domain = mkOption { + domain = lib.mkOption { description = "Domain name sans protocol scheme."; - type = with types; nullOr str; + type = with lib.types; nullOr str; default = "searx.${config.networking.domain}"; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { secrets.searx-environment = { file = "${inputs.self}/secrets/searx-environment"; owner = "searx"; diff --git a/modules/syncthing.nix b/modules/syncthing.nix index e261a12..d239aa4 100644 --- a/modules/syncthing.nix +++ b/modules/syncthing.nix @@ -79,7 +79,7 @@ in devices = mapAttrs ( name: attr: - mkIf (attr.syncthing.id != null && hasAttr "wireguard" attr) { + mkIf (hasAttr "syncthing" attr && hasAttr "wireguard" attr) { inherit (attr.syncthing) id; compression = "always"; introducer = false; @@ -98,7 +98,7 @@ in f: attrNames ( filterAttrs ( - _: attr: (attr.hostname != this.hostname) && (attr.syncthing.id != null) && f attr + _: attr: attr.hostname != this.hostname && hasAttr "syncthing" attr && f attr ) my.configurations ); all = filterDevices (_: true); @@ -111,7 +111,7 @@ in }; trashcan = { type = "trashcan"; - params.cleanoutDays = "7"; + params.cleanouctDays = "7"; }; in with config.hm.xdg.userDirs; @@ -121,11 +121,6 @@ in devices = notHeadless; versioning = trashcan; }; - pass = { - path = config.hm.programs.password-store.settings.PASSWORD_STORE_DIR; - devices = notOther; - versioning = trashcan; - }; org = { path = "${documents}/org"; devices = all; diff --git a/modules/thelounge.nix b/modules/thelounge.nix new file mode 100644 index 0000000..ae4b4ff --- /dev/null +++ b/modules/thelounge.nix @@ -0,0 +1,49 @@ +{ + config, + lib, + libNginx, + ... +}: +let + cfg = config.nixfiles.modules.thelounge; +in +{ + options.nixfiles.modules.thelounge = { + enable = lib.mkEnableOption "The Lounge"; + + port = lib.mkOption { + description = "Port."; + type = lib.types.port; + default = 11887; + }; + + domain = lib.mkOption { + description = "Domain name sans protocol scheme."; + type = lib.types.str; + default = "irc.${config.networking.domain}"; + }; + }; + + config = lib.mkIf cfg.enable { + ark.directories = [ "/var/lib/thelounge" ]; + + nixfiles.modules.nginx = { + upstreams.thelounge.servers."127.0.0.1:${toString cfg.port}" = { }; + virtualHosts.${cfg.domain} = { + locations."/".proxyPass = "http://thelounge"; + extraConfig = libNginx.config.internalOnly; + }; + }; + + services.thelounge = { + enable = true; + extraConfig = { + public = false; + host = "127.0.0.1"; + inherit (cfg) port; + reverseProxy = true; + defaults = { }; + }; + }; + }; +} diff --git a/modules/unbound-ng.nix b/modules/unbound-ng.nix new file mode 100644 index 0000000..3d3c6da --- /dev/null +++ b/modules/unbound-ng.nix @@ -0,0 +1,185 @@ +{ + config, + inputs, + lib, + pkgs, + this, + ... +}: +with lib; +let + cfg = config.nixfiles.modules.unbound-ng; +in +{ + options.nixfiles.modules.unbound-ng = { + enable = mkEnableOption "Unbound"; + + domain = mkOption { + description = "Domain name sans protocol scheme."; + type = with types; str; + default = config.networking.domain; + }; + }; + + config = mkIf cfg.enable { + ark.directories = [ config.services.unbound.stateDir ]; + + nixfiles.modules.redis.enable = true; + + services = { + unbound = { + enable = true; + + package = pkgs.unbound-with-systemd.override { + withRedis = true; + withTFO = true; + }; + + checkconf = true; + settings = { + server = { + module-config = ''"respip validator iterator"''; + + interface = with this.wireguard-ng; [ + "127.0.0.1" + "::1" + ipv4.address + ipv6.address + ]; + + local-zone = concatLists ( + mapAttrsToList (h: _: [ "\"${h}.${cfg.domain}\" redirect" ]) my.configurations + ); + local-data = concatLists ( + mapAttrsToList ( + hostname: + let + domain = "${hostname}.${cfg.domain}"; + in + attr: + (optionals (hasAttr "wireguard-ng" attr) ( + with attr.wireguard-ng; + [ + "\"${domain} 604800 IN A ${ipv4.address}\"" + "\"${domain} 604800 IN AAAA ${ipv6.address}\"" + "\"${domain}. A ${ipv4.address}\"" + "\"${domain}. AAAA ${ipv6.address}\"" + ] + ++ (optionals (hasAttr "domains" attr) ( + concatMap (domain: [ + "\"${domain}. A ${ipv4.address}\"" + "\"${domain}. AAAA ${ipv6.address}\"" + ]) attr.domains + )) + )) + ) my.configurations + ); + local-data-ptr = concatLists ( + mapAttrsToList ( + hostname: + let + domain = "${hostname}.${cfg.domain}"; + in + attr: + (optionals (hasAttr "wireguard-ng" attr) ( + with attr.wireguard-ng; + [ + "\"${ipv4.address} ${domain}\"" + "\"${ipv6.address} ${domain}\"" + ] + ++ (optionals (hasAttr "domains" attr) ( + concatMap (domain: [ + "\"${ipv4.address} ${domain}\"" + "\"${ipv6.address} ${domain}\"" + ]) attr.domains + )) + )) + ) my.configurations + ); + + private-domain = map (domain: "${domain}.") [ + cfg.domain + "local" + ]; + private-address = with config.nixfiles.modules.wireguard-ng; [ + ipv4.subnet + ipv6.subnet + ]; + + access-control = with config.nixfiles.modules.wireguard-ng; [ + "0.0.0.0/0 refuse" + "::/0 refuse" + "127.0.0.0/8 allow" + "::1/128 allow" + "${ipv4.subnet} allow" + "${ipv6.subnet} allow" + ]; + + cache-min-ttl = 0; + + serve-expired = true; + serve-expired-reply-ttl = 0; + + prefetch = true; + prefetch-key = true; + + hide-identity = true; + hide-version = true; + + extended-statistics = true; + + log-replies = false; + log-tag-queryreply = false; + log-local-actions = false; + + verbosity = 0; + }; + + forward-zone = [ + { + name = "."; + forward-tls-upstream = true; + forward-addr = dns.mkDoT dns.const.quad9.ecs; + } + ]; + + cachedb = with config.services.redis.servers.default; { + backend = "redis"; + redis-server-host = bind; + redis-server-port = port; + }; + + rpz = { + name = "hagezi.pro"; + zonefile = "hagezi.pro"; + url = "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/rpz/pro.txt"; + }; + }; + + enableRootTrustAnchor = true; + + localControlSocketPath = "/run/unbound/unbound.socket"; + }; + + prometheus.exporters.unbound = { + enable = true; + listenAddress = mkDefault this.wireguard-ng.ipv4.address; + port = 9167; + inherit (config.services.unbound) group user; + unbound.host = "unix://${config.services.unbound.localControlSocketPath}"; + }; + }; + + boot.kernel.sysctl."net.ipv4.tcp_fastopen" = mkOverride 200 3; + + topology = with cfg; { + nodes.${this.hostname}.services.unbound = { + name = "Unbound"; + icon = "${inputs.homelab-svg-assets}/assets/unbound.svg"; + details.listen.text = concatMapStringsSep "\n" (i: "${i}:53") ( + filter (i: i != "127.0.0.1" && i != "::1") config.services.unbound.settings.server.interface + ); + }; + }; + }; +} diff --git a/modules/unbound.nix b/modules/unbound.nix index e837f89..b8de321 100644 --- a/modules/unbound.nix +++ b/modules/unbound.nix @@ -65,10 +65,12 @@ in "\"${domain}. A ${ipv4.address}\"" "\"${domain}. AAAA ${ipv6.address}\"" ] - ++ concatMap (domain: [ - "\"${domain}. A ${ipv4.address}\"" - "\"${domain}. AAAA ${ipv6.address}\"" - ]) attr.domains + ++ (optionals (hasAttr "domains" attr) ( + concatMap (domain: [ + "\"${domain}. A ${ipv4.address}\"" + "\"${domain}. AAAA ${ipv6.address}\"" + ]) attr.domains + )) )) ) my.configurations ); @@ -85,10 +87,12 @@ in "\"${ipv4.address} ${domain}\"" "\"${ipv6.address} ${domain}\"" ] - ++ concatMap (domain: [ - "\"${ipv4.address} ${domain}\"" - "\"${ipv6.address} ${domain}\"" - ]) attr.domains + ++ (optionals (hasAttr "domains" attr) ( + concatMap (domain: [ + "\"${ipv4.address} ${domain}\"" + "\"${ipv6.address} ${domain}\"" + ]) attr.domains + )) )) ) my.configurations ); diff --git a/modules/uptime-kuma.nix b/modules/uptime-kuma.nix new file mode 100644 index 0000000..5f48d0d --- /dev/null +++ b/modules/uptime-kuma.nix @@ -0,0 +1,49 @@ +{ + config, + lib, + libNginx, + ... +}: +let + cfg = config.nixfiles.modules.uptime-kuma; +in +{ + options.nixfiles.modules.uptime-kuma = { + enable = lib.mkEnableOption "Uptime Kuma"; + + port = lib.mkOption { + description = "Port."; + type = lib.types.port; + default = 9988; + }; + + domain = lib.mkOption { + description = "Domain name sans protocol scheme."; + type = lib.types.str; + default = "uptime.${config.networking.domain}"; + }; + }; + + config = lib.mkIf cfg.enable { + ark.directories = [ + "/var/lib/private/uptime-kuma" + "/var/lib/uptime-kuma" + ]; + + nixfiles.modules.nginx = { + upstreams.uptime-kuma.servers."127.0.0.1:${toString cfg.port}" = { }; + virtualHosts.${cfg.domain} = { + locations."/".proxyPass = "http://uptime-kuma"; + extraConfig = libNginx.config.internalOnly; + }; + }; + + services.uptime-kuma = { + enable = true; + settings = { + UPTIME_KUMA_HOST = "127.0.0.1"; + UPTIME_KUMA_PORT = toString cfg.port; + }; + }; + }; +} diff --git a/modules/vaultwarden.nix b/modules/vaultwarden.nix index edce8e5..124ff78 100644 --- a/modules/vaultwarden.nix +++ b/modules/vaultwarden.nix @@ -5,17 +5,16 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.vaultwarden; in { options.nixfiles.modules.vaultwarden = { - enable = mkEnableOption "Vaultwarden"; + enable = lib.mkEnableOption "Vaultwarden"; - domain = mkOption { + domain = lib.mkOption { description = "Domain name sans protocol scheme."; - type = with types; str; + type = lib.types.str; default = "vaultwarden.${config.networking.domain}"; }; }; @@ -24,7 +23,7 @@ in let db = "vaultwarden"; in - mkIf cfg.enable { + lib.mkIf cfg.enable { ark.directories = [ "/var/lib/bitwarden_rs" ]; secrets.vaultwarden-environment = { @@ -73,7 +72,7 @@ in WEB_VAULT_ENABLED = true; - DOMAIN = optionalString (cfg.domain != null) "http://${cfg.domain}"; + DOMAIN = lib.optionalString (cfg.domain != null) "http://${cfg.domain}"; SIGNUPS_ALLOWED = false; INVITATIONS_ALLOWED = false; @@ -127,14 +126,14 @@ in }; environment.etc = { - "fail2ban/filter.d/vaultwarden.conf".text = generators.toINI { } { + "fail2ban/filter.d/vaultwarden.conf".text = lib.generators.toINI { } { Definition = { failregex = "^.*Username or password is incorrect\. Try again\. IP: <ADDR>\. Username:.*$"; ignoreregex = ""; journalmatch = "_SYSTEMD_UNIT=vaultwarden.service"; }; }; - "fail2ban/filter.d/vaultwarden-admin.conf".text = generators.toINI { } { + "fail2ban/filter.d/vaultwarden-admin.conf".text = lib.generators.toINI { } { Definition = { failregex = "^.*Invalid admin token\. IP: <ADDR>.*$"; ignoreregex = ""; @@ -143,9 +142,9 @@ in }; }; - topology = with cfg; { + topology = { nodes.${this.hostname}.services.vaultwarden = { - info = mkForce domain; + info = lib.mkForce cfg.domain; }; }; }; diff --git a/modules/wayland.nix b/modules/wayland.nix index 7a9820d..f15f66e 100644 --- a/modules/wayland.nix +++ b/modules/wayland.nix @@ -15,7 +15,12 @@ in nixfiles.modules.foot.enable = true; hm.home = { - packages = with pkgs; [ wl-clipboard ]; + packages = with pkgs; [ + grim + slurp + wl-clipboard + wlr-randr + ]; sessionVariables.NIXOS_OZONE_WL = 1; }; diff --git a/modules/wireguard-ng.nix b/modules/wireguard-ng.nix new file mode 100644 index 0000000..5374a71 --- /dev/null +++ b/modules/wireguard-ng.nix @@ -0,0 +1,255 @@ +{ + config, + inputs, + lib, + pkgs, + this, + ... +}: +with lib; +let + cfg = config.nixfiles.modules.wireguard-ng; + + DNSSetup = optionalString config.services.resolved.enable ( + let + resolvectl = "${config.systemd.package}/bin/resolvectl"; + in + '' + ${resolvectl} dns ${cfg.interface} ${cfg.server.ipv6.address} ${cfg.server.ipv4.address} + ${resolvectl} domain ${cfg.interface} local ${my.domain.shire} + ${resolvectl} dnssec ${cfg.interface} no + ${resolvectl} dnsovertls ${cfg.interface} no + '' + ); +in +{ + options.nixfiles.modules.wireguard-ng = { + client = { + enable = mkEnableOption "WireGuard client"; + + enableTrafficRouting = mkOption { + description = "Whether to enable traffic routing through the sever."; + type = with types; bool; + # default = !this.isHeadless; + default = false; + }; + }; + + server = { + enable = mkEnableOption "WireGuard server"; + + ipv4.address = mkOption { + description = "IPv4 address to bind to."; + type = with types; str; + default = my.configurations.tulkas.wireguard-ng.ipv4.address; + }; + + ipv6.address = mkOption { + description = "IPv4 address to bind to."; + type = with types; str; + default = my.configurations.tulkas.wireguard-ng.ipv6.address; + }; + + address = mkOption { + description = "Endpoint address to use"; + type = with types; str; + default = my.configurations.tulkas.ipv4.address; + }; + + port = mkOption { + description = "Endpoint port to use."; + type = with types; int; + default = 7070; + }; + + publicKey = mkOption { + description = "Server's public key."; + type = with types; str; + default = my.configurations.tulkas.wireguard.publicKey; + }; + + peers = mkOption { + description = "List of peers."; + type = with types; listOf attrs; + default = + mapAttrsToList + ( + _: attr: with attr; { + inherit (wireguard-ng) publicKey; + allowedIPs = with wireguard-ng; [ + "${ipv6.address}/128" + "${ipv4.address}/32" + ]; + } + ) + ( + filterAttrs ( + _: attr: attr.hostname != this.hostname && hasAttr "wireguard-ng" attr + ) my.configurations + ); + }; + }; + + interface = mkOption { + description = "Name of the interface to use WireGuard with."; + type = with types; str; + default = "wg70"; + }; + + ipv4.subnet = mkOption { + description = "CIDR notation for the IPv4 subnet to use over WireGuard."; + type = with types; str; + default = "10.70.0.0/16"; + }; + + ipv6.subnet = mkOption { + description = "CIDR notation for the IPv6 subnet to use over WireGuard."; + type = with types; str; + default = "fd70::/16"; + }; + }; + + config = + { + assertions = [ + { + assertion = config.security.sudo.enable; + message = "Sudo is not enabled."; + } + { + assertion = any (x: x == "wheel") config.my.extraGroups; + message = ''User is not in the "wheel" group.''; + } + ]; + } + // mkMerge [ + (mkIf (cfg.client.enable || cfg.server.enable) { + secrets."wireguard-private-key-${this.hostname}".file = + "${inputs.self}/secrets/wireguard-private-key-${this.hostname}"; + + networking.firewall.trustedInterfaces = [ cfg.interface ]; + + topology = with cfg; { + nodes.${this.hostname}.interfaces.${interface} = { + network = interface; + icon = "interfaces.wireguard"; + }; + }; + }) + (mkIf cfg.client.enable { + networking.wg-quick.interfaces.${cfg.interface} = mkMerge [ + (with this.wireguard-ng; { + privateKeyFile = config.secrets."wireguard-private-key-${this.hostname}".path; + address = [ + "${ipv4.address}/16" + "${ipv6.address}/16" + ]; + }) + (with cfg.server; { + peers = [ + { + inherit publicKey; + endpoint = "${address}:${toString port}"; + allowedIPs = + if cfg.client.enableTrafficRouting then + [ + "::/0" + "0.0.0.0/0" + ] + else + [ + cfg.ipv6.subnet + cfg.ipv4.subnet + ]; + } + ]; + dns = [ + ipv6.address + ipv4.address + ]; + postUp = DNSSetup; + }) + ]; + + environment.systemPackages = with pkgs; [ + (writeShellApplication { + name = "wg-toggle-ng"; + runtimeInputs = [ + iproute2 + jq + ]; + text = '' + ip46() { + sudo ip -4 "$@" + sudo ip -6 "$@" + } + + fwmark=$(sudo awg show ${cfg.interface} fwmark) || exit + if ip -j rule list lookup "$fwmark" | jq -e 'length > 0' >/dev/null; then + ip46 rule del lookup main suppress_prefixlength 0 + ip46 rule del lookup "$fwmark" + else + ip46 rule add not fwmark "$fwmark" lookup "$fwmark" + ip46 rule add lookup main suppress_prefixlength 0 + fi + ''; + }) + ]; + }) + (mkIf cfg.server.enable { + networking = { + wireguard = { + enable = true; + interfaces.${cfg.interface} = with cfg.server; { + privateKeyFile = config.secrets."wireguard-private-key-${this.hostname}".path; + ips = [ + "${ipv6.address}/16" + "${ipv4.address}/16" + ]; + listenPort = port; + inherit peers; + postSetup = DNSSetup; + allowedIPsAsRoutes = false; + }; + }; + + nat = { + enable = true; + enableIPv6 = true; + + externalInterface = mkDefault "eth0"; + + internalInterfaces = [ cfg.interface ]; + internalIPs = [ cfg.ipv4.subnet ]; + internalIPv6s = [ cfg.ipv6.subnet ]; + }; + + firewall.allowedUDPPorts = [ cfg.server.port ]; + }; + + services.prometheus.exporters.wireguard = { + enable = true; + listenAddress = mkDefault this.wireguard-ng.ipv4.address; + withRemoteIp = true; + port = 9586; + }; + + topology = with cfg; { + networks = { + ${interface} = { + name = interface; + cidrv4 = ipv4.subnet; + cidrv6 = ipv6.subnet; + icon = "interfaces.wireguard"; + }; + }; + + nodes.${this.hostname}.interfaces.${interface}.physicalConnections = + mapAttrsToList (name: _: config.lib.topology.mkConnection name interface) + ( + filterAttrs (n: v: !v.isOther && n != this.hostname && hasAttr "wireguard-ng" v) my.configurations + ); + }; + }) + ]; +} diff --git a/modules/wireguard.nix b/modules/wireguard.nix index 3589e12..633ec5b 100644 --- a/modules/wireguard.nix +++ b/modules/wireguard.nix @@ -10,16 +10,29 @@ with lib; let cfg = config.nixfiles.modules.wireguard; - DNSSetup = + DNSSetup = optionalString config.services.resolved.enable ( let resolvectl = "${config.systemd.package}/bin/resolvectl"; in '' ${resolvectl} dns ${cfg.interface} ${cfg.server.ipv6.address} ${cfg.server.ipv4.address} - ${resolvectl} domain ${cfg.interface} ${my.domain.shire} + ${resolvectl} domain ${cfg.interface} local ${my.domain.shire} ${resolvectl} dnssec ${cfg.interface} no ${resolvectl} dnsovertls ${cfg.interface} no - ''; + '' + ); + + extraOptions = { + jc = 23; + jmin = 58; + jmax = 1021; + s1 = 49; + s2 = 87; + h1 = 1264154357; + h2 = 462401493; + h3 = 737329836; + h4 = 1039929807; + }; in { disabledModules = [ @@ -129,7 +142,8 @@ in } // mkMerge [ (mkIf (cfg.client.enable || cfg.server.enable) { - secrets."wireguard-private-key-${this.hostname}".file = "${inputs.self}/secrets/wireguard-private-key-${this.hostname}"; + secrets."wireguard-private-key-${this.hostname}".file = + "${inputs.self}/secrets/wireguard-private-key-${this.hostname}"; networking.firewall.trustedInterfaces = [ cfg.interface ]; @@ -149,13 +163,7 @@ in "${ipv4.address}/16" "${ipv6.address}/16" ]; - extraInterfaceConfig = '' - jc = 228 - jmin = 42 - jmax = 420 - s1 = 69 - s2 = 96 - ''; + inherit extraOptions; }) (with cfg.server; { peers = [ @@ -221,17 +229,8 @@ in "${ipv4.address}/16" ]; listenPort = port; - inherit peers; - postSetup = - DNSSetup - + '' - awg set ${cfg.interface} \ - jc 228 \ - jmin 42 \ - jmax 420 \ - s1 69 \ - s2 96 - ''; + inherit peers extraOptions; + postSetup = DNSSetup; allowedIPsAsRoutes = false; }; }; diff --git a/overlays.nix b/overlays.nix index 18fe174..71735cc 100644 --- a/overlays.nix +++ b/overlays.nix @@ -1,12 +1,11 @@ { - inputs, lib, ... }: { default = final: prev: - lib.infuse.v1.infuse prev { + lib.infuse prev { bruh = _: prev.callPackage ./packages/bruh.nix { }; emacsql-sqlite = _: prev.callPackage ./packages/emacsql-sqlite.nix { }; @@ -63,27 +62,27 @@ openssl_1_0_0 = _: prev.callPackage ./packages/openssl_1_0_0.nix { }; - telegram-desktop = { - __input.stdenv = stdenv: final.useMoldLinker stdenv; - __output.patches.__append = - let - patches = "https://raw.githubusercontent.com/msva/mva-overlay/4c89938831bcce03fae22081809e53a47bdee31b/net-im/telegram-desktop/files/patches/0/conditional"; - in - [ - (prev.fetchpatch { - url = "${patches}/tdesktop_patches_hide-sponsored-messages/0000-data_data_sponsored_messages.cpp.patch"; - hash = "sha256-vVucKG0YNY41MVdqibhKfxL/2/nNPPtYw+otwat971U="; - }) - (prev.fetchpatch { - url = "${patches}/tdesktop_patches_allow-disable-stories/option-to-disable-stories.patch"; - hash = "sha256-ctL9wIn3cLtqgCcQFNnx7WQuBw+9IjDlMJUicmVt8no="; - }) - (prev.fetchpatch { - url = "${patches}/tdesktop_patches_hide-banned/0000_hide-messages-from-blocked-users.patch"; - hash = "sha256-61U3wQsUdLvB4ymHPjVecw9WvhW8W/V0Jf1cnvYUkHk="; - }) - ]; - }; + # telegram-desktop = { + # __input.stdenv = stdenv: final.useMoldLinker stdenv; + # __output.patches.__append = + # let + # patches = "https://raw.githubusercontent.com/msva/mva-overlay/4c89938831bcce03fae22081809e53a47bdee31b/net-im/telegram-desktop/files/patches/0/conditional"; + # in + # [ + # (prev.fetchpatch { + # url = "${patches}/tdesktop_patches_hide-sponsored-messages/0000-data_data_sponsored_messages.cpp.patch"; + # hash = "sha256-vVucKG0YNY41MVdqibhKfxL/2/nNPPtYw+otwat971U="; + # }) + # (prev.fetchpatch { + # url = "${patches}/tdesktop_patches_allow-disable-stories/option-to-disable-stories.patch"; + # hash = "sha256-ctL9wIn3cLtqgCcQFNnx7WQuBw+9IjDlMJUicmVt8no="; + # }) + # (prev.fetchpatch { + # url = "${patches}/tdesktop_patches_hide-banned/0000_hide-messages-from-blocked-users.patch"; + # hash = "sha256-61U3wQsUdLvB4ymHPjVecw9WvhW8W/V0Jf1cnvYUkHk="; + # }) + # ]; + # }; vesktop = { __input = { @@ -102,42 +101,5 @@ ''; }; }; - - # TODO Can this be infused? - linuxPackages_latest = - _: - prev.linuxPackages_latest.extend ( - self: _: { - amneziawg = - inputs.nixpkgs-amneziawg.legacyPackages.${final.system}.linuxPackages_latest.amneziawg.override - { - inherit (self) kernel; - }; - } - ); - linuxPackages_hardened = - _: - prev.linuxPackages_hardened.extend ( - self: _: { - amneziawg = - inputs.nixpkgs-amneziawg.legacyPackages.${final.system}.linuxPackages_hardened.amneziawg.override - { - inherit (self) kernel; - }; - } - ); - linuxPackages_xanmod_latest = - _: - prev.linuxPackages_xanmod_latest.extend ( - self: _: { - amneziawg = - inputs.nixpkgs-amneziawg.legacyPackages.${final.system}.linuxPackages_xanmod_latest.amneziawg.override - { - inherit (self) kernel; - }; - } - ); - amneziawg-go = _: inputs.nixpkgs-amneziawg.legacyPackages.${final.system}.amneziawg-go; - amneziawg-tools = _: inputs.nixpkgs-amneziawg.legacyPackages.${final.system}.amneziawg-tools; }; } diff --git a/packages/hiccup.nix b/packages/hiccup.nix index b0dc64d..f74de74 100644 --- a/packages/hiccup.nix +++ b/packages/hiccup.nix @@ -5,16 +5,16 @@ }: buildNpmPackage rec { pname = "hiccup"; - version = "0.4.3"; + version = "0.5.0"; src = fetchFromGitHub { owner = "ashwin-pc"; repo = pname; rev = "v${version}"; - hash = "sha256-JLuXQ4jZHI9wF1fgnnBPH/TaTHJL/zGCSuKc9hy4e28="; + hash = "sha256-krtV//cVBt3EFzVZy9e55LJokDBSsr1xdNTKNOFFxbM="; }; - npmDepsHash = "sha256-YPj7tzMUh56rJfxOVhye4cK6VS0azA/LiE9DMweGLuw="; + npmDepsHash = "sha256-zxpimQtX03/+0/DgeQEDia82LAd14R4HcGFgASLevHE="; CYPRESS_INSTALL_BINARY = "0"; |