diff options
Diffstat (limited to '')
-rw-r--r-- | darwinConfigurations/default.nix | 35 | ||||
-rw-r--r-- | darwinConfigurations/mairon/default.nix | 22 | ||||
-rw-r--r-- | flake.lock | 198 | ||||
-rw-r--r-- | flake.nix | 50 | ||||
-rw-r--r-- | lib/default.nix | 2 | ||||
-rw-r--r-- | lib/dns.nix | 2 | ||||
-rw-r--r-- | lib/my.nix | 49 | ||||
-rw-r--r-- | modules/darwin/common/default.nix | 10 | ||||
-rw-r--r-- | modules/darwin/common/home-manager.nix | 3 | ||||
-rw-r--r-- | modules/darwin/common/locale.nix | 7 | ||||
-rw-r--r-- | modules/darwin/common/networking.nix | 10 | ||||
-rw-r--r-- | modules/darwin/common/nix.nix | 21 | ||||
-rw-r--r-- | modules/darwin/common/shell.nix | 3 | ||||
-rw-r--r-- | modules/darwin/common/users.nix | 11 | ||||
-rw-r--r-- | modules/darwin/default.nix | 10 | ||||
-rw-r--r-- | modules/darwin/emacs.nix | 15 | ||||
-rw-r--r-- | modules/darwin/fonts.nix | 12 | ||||
-rw-r--r-- | modules/darwin/gnupg.nix | 15 | ||||
-rw-r--r-- | modules/darwin/homebrew.nix | 23 | ||||
-rw-r--r-- | modules/darwin/profiles/default.nix | 93 | ||||
-rw-r--r-- | modules/darwin/profiles/headful.nix | 19 | ||||
-rw-r--r-- | modules/nixfiles/alacritty.nix | 5 | ||||
-rw-r--r-- | modules/nixfiles/bat.nix | 3 | ||||
-rw-r--r-- | modules/nixfiles/chromium.nix | 2 | ||||
-rw-r--r-- | modules/nixfiles/common/default.nix | 7 | ||||
-rw-r--r-- | modules/nixfiles/common/documentation.nix | 19 | ||||
-rw-r--r-- | modules/nixfiles/common/home-manager.nix | 10 | ||||
-rw-r--r-- | modules/nixfiles/common/locale.nix | 29 | ||||
-rw-r--r-- | modules/nixfiles/common/networking.nix | 101 | ||||
-rw-r--r-- | modules/nixfiles/common/nix/default.nix | 44 | ||||
-rw-r--r-- | modules/nixfiles/common/services.nix | 9 | ||||
-rw-r--r-- | modules/nixfiles/common/shell/default.nix | 152 | ||||
-rw-r--r-- | modules/nixfiles/common/users.nix | 25 | ||||
-rw-r--r-- | modules/nixfiles/default.nix | 49 | ||||
-rw-r--r-- | modules/nixfiles/discord.nix | 22 | ||||
-rw-r--r-- | modules/nixfiles/emacs/default.nix | 26 | ||||
-rw-r--r-- | modules/nixfiles/emacs/doom/init.el | 8 | ||||
-rw-r--r-- | modules/nixfiles/endlessh.nix | 45 | ||||
-rw-r--r-- | modules/nixfiles/firefox/default.nix | 26 | ||||
-rw-r--r-- | modules/nixfiles/firefox/userChrome.css | 5 | ||||
-rw-r--r-- | modules/nixfiles/fonts.nix | 55 | ||||
-rw-r--r-- | modules/nixfiles/git.nix | 287 | ||||
-rw-r--r-- | modules/nixfiles/gnupg.nix | 120 | ||||
-rw-r--r-- | modules/nixfiles/nmap.nix | 5 | ||||
-rw-r--r-- | modules/nixfiles/openssh.nix | 122 | ||||
-rw-r--r-- | modules/nixfiles/password-store.nix | 5 | ||||
-rw-r--r-- | modules/nixfiles/profiles/default.nix | 20 | ||||
-rw-r--r-- | modules/nixfiles/profiles/dev/containers.nix | 12 | ||||
-rw-r--r-- | modules/nixfiles/profiles/dev/default.nix | 19 | ||||
-rw-r--r-- | modules/nixfiles/profiles/dev/sql.nix | 6 | ||||
-rw-r--r-- | modules/nixfiles/profiles/headful.nix | 80 | ||||
-rw-r--r-- | modules/nixfiles/profiles/headless.nix | 30 | ||||
-rw-r--r-- | modules/nixfiles/qutebrowser.nix | 2 | ||||
-rw-r--r-- | modules/nixfiles/vscode.nix | 27 | ||||
-rw-r--r-- | modules/nixfiles/wget.nix | 2 | ||||
-rw-r--r-- | modules/nixos/acme.nix (renamed from modules/nixfiles/acme.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/alertmanager.nix (renamed from modules/nixfiles/alertmanager.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/android.nix (renamed from modules/nixfiles/android.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/bluetooth.nix (renamed from modules/nixfiles/bluetooth.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/common/console.nix (renamed from modules/nixfiles/common/console.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/common/default.nix | 19 | ||||
-rw-r--r-- | modules/nixos/common/documentation.nix | 31 | ||||
-rw-r--r-- | modules/nixos/common/home-manager.nix | 3 | ||||
-rw-r--r-- | modules/nixos/common/kernel.nix (renamed from modules/nixfiles/common/kernel.nix) | 8 | ||||
-rw-r--r-- | modules/nixos/common/locale.nix | 24 | ||||
-rw-r--r-- | modules/nixos/common/networking.nix | 108 | ||||
-rw-r--r-- | modules/nixos/common/nix.nix | 39 | ||||
-rw-r--r-- | modules/nixos/common/secrets.nix (renamed from modules/nixfiles/common/secrets.nix) | 2 | ||||
-rw-r--r-- | modules/nixos/common/security.nix (renamed from modules/nixfiles/common/security.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/common/services.nix | 10 | ||||
-rw-r--r-- | modules/nixos/common/shell.nix | 3 | ||||
-rw-r--r-- | modules/nixos/common/systemd.nix (renamed from modules/nixfiles/common/systemd.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/common/tmp.nix (renamed from modules/nixfiles/common/tmp.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/common/users.nix | 19 | ||||
-rw-r--r-- | modules/nixos/common/xdg.nix (renamed from modules/nixfiles/common/xdg.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/default.nix | 59 | ||||
-rw-r--r-- | modules/nixos/discord.nix | 22 | ||||
-rw-r--r-- | modules/nixos/docker.nix (renamed from modules/nixfiles/docker.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/dwm.nix (renamed from modules/nixfiles/dwm.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/emacs.nix | 30 | ||||
-rw-r--r-- | modules/nixos/endlessh-go.nix (renamed from modules/nixfiles/endlessh-go.nix) | 2 | ||||
-rw-r--r-- | modules/nixos/endlessh.nix | 24 | ||||
-rw-r--r-- | modules/nixos/fail2ban.nix (renamed from modules/nixfiles/fail2ban.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/fonts.nix | 45 | ||||
-rw-r--r-- | modules/nixos/games/default.nix (renamed from modules/nixfiles/games/default.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/games/gamemode.nix (renamed from modules/nixfiles/games/gamemode.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/games/gog.nix (renamed from modules/nixfiles/games/gog.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/games/lutris.nix (renamed from modules/nixfiles/games/lutris.nix) | 7 | ||||
-rw-r--r-- | modules/nixos/games/mangohud.nix (renamed from modules/nixfiles/games/mangohud.nix) | 6 | ||||
-rw-r--r-- | modules/nixos/games/minecraft.nix (renamed from modules/nixfiles/games/minecraft.nix) | 4 | ||||
-rw-r--r-- | modules/nixos/games/steam-run.nix (renamed from modules/nixfiles/games/steam-run.nix) | 26 | ||||
-rw-r--r-- | modules/nixos/games/steam.nix (renamed from modules/nixfiles/games/steam.nix) | 17 | ||||
-rw-r--r-- | modules/nixos/git.nix | 117 | ||||
-rw-r--r-- | modules/nixos/gnupg.nix | 38 | ||||
-rw-r--r-- | modules/nixos/gotify.nix (renamed from modules/nixfiles/gotify.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/grafana.nix (renamed from modules/nixfiles/grafana.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/hydra.nix (renamed from modules/nixfiles/hydra.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/ipfs.nix (renamed from modules/nixfiles/ipfs.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/kde.nix (renamed from modules/nixfiles/kde.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/libvirtd.nix (renamed from modules/nixfiles/libvirtd.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/lidarr.nix (renamed from modules/nixfiles/lidarr.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/loki.nix (renamed from modules/nixfiles/loki.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/lxc.nix (renamed from modules/nixfiles/lxc.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/matrix/default.nix (renamed from modules/nixfiles/matrix/default.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/matrix/dendrite.nix (renamed from modules/nixfiles/matrix/dendrite.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/matrix/element.nix (renamed from modules/nixfiles/matrix/element.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/matrix/synapse.nix (renamed from modules/nixfiles/matrix/synapse.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/monitoring/dashboards/endlessh.json (renamed from modules/nixfiles/monitoring/dashboards/endlessh.json) | 0 | ||||
-rw-r--r-- | modules/nixos/monitoring/dashboards/nginx.json (renamed from modules/nixfiles/monitoring/dashboards/nginx.json) | 0 | ||||
-rw-r--r-- | modules/nixos/monitoring/dashboards/postgresql.json (renamed from modules/nixfiles/monitoring/dashboards/postgresql.json) | 0 | ||||
-rw-r--r-- | modules/nixos/monitoring/dashboards/unbound.json (renamed from modules/nixfiles/monitoring/dashboards/unbound.json) | 0 | ||||
-rw-r--r-- | modules/nixos/monitoring/default.nix (renamed from modules/nixfiles/monitoring/default.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/nextcloud.nix (renamed from modules/nixfiles/nextcloud.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/nginx.nix (renamed from modules/nixfiles/nginx.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/node-exporter.nix (renamed from modules/nixfiles/node-exporter.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/nsd.nix (renamed from modules/nixfiles/nsd.nix) | 2 | ||||
-rw-r--r-- | modules/nixos/openssh.nix | 34 | ||||
-rw-r--r-- | modules/nixos/podman.nix (renamed from modules/nixfiles/podman.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/postgresql.nix (renamed from modules/nixfiles/postgresql.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/profiles/default.nix | 33 | ||||
-rw-r--r-- | modules/nixos/profiles/dev/containers.nix | 27 | ||||
-rw-r--r-- | modules/nixos/profiles/dev/default.nix | 19 | ||||
-rw-r--r-- | modules/nixos/profiles/headful.nix | 88 | ||||
-rw-r--r-- | modules/nixos/profiles/headless.nix | 42 | ||||
-rw-r--r-- | modules/nixos/prometheus.nix (renamed from modules/nixfiles/prometheus.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/promtail.nix (renamed from modules/nixfiles/promtail.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/psd.nix (renamed from modules/nixfiles/psd.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/radarr.nix (renamed from modules/nixfiles/radarr.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/radicale.nix (renamed from modules/nixfiles/radicale.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/rss-bridge.nix (renamed from modules/nixfiles/rss-bridge.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/rtorrent.nix (renamed from modules/nixfiles/rtorrent.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/searx.nix (renamed from modules/nixfiles/searx.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/shadowsocks.nix (renamed from modules/nixfiles/shadowsocks.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/soju.nix (renamed from modules/nixfiles/soju.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/solaar.nix (renamed from modules/nixfiles/solaar.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/sonarr.nix (renamed from modules/nixfiles/sonarr.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/sound.nix (renamed from modules/nixfiles/sound.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/syncthing.nix (renamed from modules/nixfiles/syncthing.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/throttled.nix (renamed from modules/nixfiles/throttled.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/unbound.nix (renamed from modules/nixfiles/unbound.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/vaultwarden.nix (renamed from modules/nixfiles/vaultwarden.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/wireguard.nix (renamed from modules/nixfiles/wireguard.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/x11.nix (renamed from modules/nixfiles/x11.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/xmonad.nix (renamed from modules/nixfiles/xmonad.nix) | 2 | ||||
-rw-r--r-- | nixosConfigurations/default.nix (renamed from configurations/default.nix) | 17 | ||||
-rw-r--r-- | nixosConfigurations/eonwe/default.nix (renamed from configurations/eonwe/default.nix) | 54 | ||||
-rw-r--r-- | nixosConfigurations/manwe/default.nix (renamed from configurations/manwe/default.nix) | 0 | ||||
-rw-r--r-- | nixosConfigurations/manwe/mailserver.nix (renamed from configurations/manwe/mailserver.nix) | 2 | ||||
-rw-r--r-- | nixosConfigurations/manwe/webserver.nix (renamed from configurations/manwe/webserver.nix) | 2 | ||||
-rw-r--r-- | nixosConfigurations/melian/default.nix (renamed from configurations/melian/default.nix) | 46 | ||||
-rw-r--r-- | nixosConfigurations/test-headful/default.nix (renamed from configurations/test-headful/default.nix) | 0 | ||||
-rw-r--r-- | nixosConfigurations/test-headless/default.nix (renamed from configurations/test-headless/default.nix) | 0 | ||||
-rw-r--r-- | nixosConfigurations/varda/default.nix (renamed from configurations/varda/default.nix) | 0 | ||||
-rw-r--r-- | nixosConfigurations/yavanna/default.nix (renamed from configurations/yavanna/default.nix) | 0 |
154 files changed, 1812 insertions, 1208 deletions
diff --git a/darwinConfigurations/default.nix b/darwinConfigurations/default.nix new file mode 100644 index 0000000..612c8b0 --- /dev/null +++ b/darwinConfigurations/default.nix @@ -0,0 +1,35 @@ +{ + inputs, + lib, +}: +with lib; let + mkConfiguration = name: { + modules ? [], + configuration ? ./${name}, + this ? my.configurations.${name}, + extraSpecialArgs ? { + localUsername = my.username; + localHostname = this.hostname; + }, + }: + nameValuePair name (inputs.darwin.lib.darwinSystem { + inherit (this) system; + modules = + modules + ++ attrValues inputs.self.modules + ++ attrValues inputs.self.darwinModules + ++ optional (configuration != null) (import configuration); + specialArgs = + { + inherit inputs lib this; + } + // extraSpecialArgs; + }); +in + mapAttrs' mkConfiguration { + mairon.extraSpecialArgs = { + # These values are managed by my employer. + localUsername = "username"; + localHostname = "hostname"; + }; + } diff --git a/darwinConfigurations/mairon/default.nix b/darwinConfigurations/mairon/default.nix new file mode 100644 index 0000000..d574a08 --- /dev/null +++ b/darwinConfigurations/mairon/default.nix @@ -0,0 +1,22 @@ +{ + config, + lib, + this, + ... +}: +with lib; { + nixfiles.modules.vscode.enable = true; + + # TODO Make this per-directory/per-remote. + hm.programs.git = { + userName = mkForce "Firstname Lastname"; + userEmail = mkForce "username@work.com"; + signing.key = mkForce "@PGP_KEY@"; + extraConfig."url \"git@gitlab.services.work.com:\"".insteadOf = "work:"; + }; + + networking = { + computerName = mkForce this.hostname; + hostName = mkForce null; + }; +} diff --git a/flake.lock b/flake.lock index 085d35e..6d8862f 100644 --- a/flake.lock +++ b/flake.lock @@ -88,16 +88,50 @@ "105.0": { "flake": false, "locked": { - "lastModified": 1664804773, - "narHash": "sha256-cktQJuMbGINAAfSrpln8OxisuyN/o8sPxon0lZ4vM7c=", + "lastModified": 1664904885, + "narHash": "sha256-XUjX+Tno3EU/3IXR/WCn4M5gVR+sKjCzpKcV31dqzWA=", "owner": "arkenfox", "repo": "user.js", - "rev": "11e3c1b8f6676b45b2b35c0b624d15746c70c593", + "rev": "db04bc44f2982ae8e39f10d056bc7cfe7804d4fd", "type": "github" }, "original": { "owner": "arkenfox", - "ref": "refs/pull/1541/head", + "ref": "105.0", + "repo": "user.js", + "type": "github" + } + }, + "106.0": { + "flake": false, + "locked": { + "lastModified": 1667741320, + "narHash": "sha256-WB9w/UoFqp/WyRhe87dNqwbMAXa8lmsK/QCeTzRWmj8=", + "owner": "arkenfox", + "repo": "user.js", + "rev": "8a65c5a7bad0ec764d968b0941ebdf01bdcd2408", + "type": "github" + }, + "original": { + "owner": "arkenfox", + "ref": "106.0", + "repo": "user.js", + "type": "github" + } + }, + "107.0": { + "flake": false, + "locked": { + "lastModified": 1668912908, + "narHash": "sha256-LeSJvxkTU4491rmkznbIm3l/ZiC+876OsLfej2Aj4Ro=", + "owner": "arkenfox", + "repo": "user.js", + "rev": "e8ea7f3f23b9a7f257b61ad7553b4b64b3965ddc", + "type": "github" + }, + "original": { + "owner": "arkenfox", + "ref": "refs/pull/1579/head", "repo": "user.js", "type": "github" } @@ -250,6 +284,8 @@ "103.0": "103.0", "104.0": "104.0", "105.0": "105.0", + "106.0": "106.0", + "107.0": "107.0", "93.0": "93.0", "94.0": "94.0", "95.0": "95.0", @@ -263,11 +299,11 @@ ] }, "locked": { - "lastModified": 1665906177, - "narHash": "sha256-fAPdYYF8AJtczGXFFTwMD8UxECRxPrR+VtHrUZgvxns=", + "lastModified": 1671049694, + "narHash": "sha256-APJajoa7Q4i8LFOHoiyU3G5nJ3Xv2IiI2qY9i0pJnlw=", "owner": "dwarfmaster", "repo": "arkenfox-nixos", - "rev": "83776435c05002a13c9b9f0536cc2041158798a8", + "rev": "99028aef3e9dfa3dc44e51e0d7296cf93d910af8", "type": "github" }, "original": { @@ -310,6 +346,27 @@ "type": "gitlab" } }, + "darwin": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1671196037, + "narHash": "sha256-2+J98SeczFWonbqFLMEAQC7vZEe6I2gM17XYvEmG52I=", + "owner": "LnL7", + "repo": "nix-darwin", + "rev": "adb8ac0453c8b2c40f5bffb578453dbaee838952", + "type": "github" + }, + "original": { + "owner": "LnL7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, "dns-nix": { "inputs": { "flake-utils": [ @@ -377,11 +434,11 @@ ] }, "locked": { - "lastModified": 1668836187, - "narHash": "sha256-f38CYfIwYoSUgX2klCm+6v4ViZiVY6DdwdO/rk7GGwg=", + "lastModified": 1671268121, + "narHash": "sha256-LIOLFw5m2mYDjMo7eBB/cxYjhEqBnvQ8dpZvTjR6+Lo=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "faf39a31bc76f1cd4eb642d79eeab1d25b038e72", + "rev": "249d14bdd55995eea2e0c9cfed8a230525faebde", "type": "github" }, "original": { @@ -499,6 +556,7 @@ }, "original": { "owner": "edolstra", + "ref": "master", "repo": "flake-compat", "type": "github" } @@ -553,6 +611,27 @@ "type": "github" } }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1660459072, + "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -563,11 +642,11 @@ ] }, "locked": { - "lastModified": 1668788863, - "narHash": "sha256-FsdUG+YkRX7JZKZm6T44J2h+0pXB1sWA9AobyiozFK0=", + "lastModified": 1671209729, + "narHash": "sha256-zxn1eA/rMi2DOx43V7q87bGaDzvL7CMVY/Ti7lJ92DQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "948d1f8a5cef55a281d4f5d17f3b79df6c82fce1", + "rev": "7d55a72d4c1df694e87a41a7e6c9a7b6e9a40ca3", "type": "github" }, "original": { @@ -580,11 +659,11 @@ "master": { "flake": false, "locked": { - "lastModified": 1665257885, - "narHash": "sha256-4PNnCRLomAd5OdN4UEbsVSm8eNuteZHKaUqRVvIBvN8=", + "lastModified": 1670682948, + "narHash": "sha256-yFg8U4D+qD9UQXhpAXrl9Ksj16zrCLOgahMtT9QS2Y8=", "owner": "arkenfox", "repo": "user.js", - "rev": "f4187632faef76df4de0cbb0cdc7199f22fadd76", + "rev": "7135907b2fe13fa55eb8ebf162603037f83e353c", "type": "github" }, "original": { @@ -606,7 +685,9 @@ "evil-org-mode": "evil-org-mode", "evil-quick-diff": "evil-quick-diff", "explain-pause-mode": "explain-pause-mode", - "flake-compat": "flake-compat", + "flake-compat": [ + "flake-compat" + ], "flake-utils": [ "flake-utils" ], @@ -628,11 +709,11 @@ "ws-butler": "ws-butler" }, "locked": { - "lastModified": 1668736610, - "narHash": "sha256-qqQ/YspdN7c8o24CZQfvtuCC8I0AzCAwTpDRCdWdgJo=", + "lastModified": 1671154105, + "narHash": "sha256-OI6M2/Kcd1bJuodxV6rV5KtDJMUeewsqKy1B2PLNVys=", "owner": "nix-community", "repo": "nix-doom-emacs", - "rev": "6a37d61c1d8c8586b1140f53b83c164dd2fd7d2d", + "rev": "2150fd40b2110bbd11dcb62fa5f307ec345b0fb0", "type": "github" }, "original": { @@ -660,11 +741,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1668334946, - "narHash": "sha256-omMbUj4r5DVBWh7KxkoO/Z/1V1shVR6Ls4jXNB4mr3U=", + "lastModified": 1671228065, + "narHash": "sha256-Az/ig9LVL5xdqtyl4/CVKJIH1G7sP/9Ott2XnNyie0E=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "e0452b33ab0ef16ffe075e980644ed92a6a200bb", + "rev": "e462a4baf75eeac639b4942481759de08a3bc94e", "type": "github" }, "original": { @@ -676,11 +757,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1668820343, - "narHash": "sha256-CmV7D8XFVhd47FIQx0RvjYP620hWsaG+71Rmmq8Bn/E=", + "lastModified": 1671249438, + "narHash": "sha256-5e+CcnbZA3/i2BRXbnzRS52Ly67MUNdZR+Zpbb2C65k=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "75f569b1a573c9736501981b1bd1808d30b37d3d", + "rev": "067bfc6c90a301572cec7da48f09c447a9a8eae0", "type": "github" }, "original": { @@ -692,11 +773,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1668852341, - "narHash": "sha256-p2NNuwH3dkv8ze+ZPqZFWGmr2ULm/1lEnKVY4ojEewo=", + "lastModified": 1671282610, + "narHash": "sha256-B8qHrJjsu2rv2BPlj7EkM0H+ZJvVucaiCOIp5191+xc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "edff760d6125ddf35ea1dcbf03846addc6f900ce", + "rev": "b43f29bdc27e3f14ba0416a2a8492a3f35e6cd58", "type": "github" }, "original": { @@ -708,16 +789,16 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1668766498, - "narHash": "sha256-UjZlIrbHGlL3H3HZNPTxPSwJfr49jIfbPWCYxk0EQm4=", + "lastModified": 1671282711, + "narHash": "sha256-DJknmGMZPIMlJnLqP99A+dZiWOirRVeCZrQK8kn1nug=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f42a45c015f28ac3beeb0df360e50cdbf495d44b", + "rev": "8ac4d14fc64c39707e98421e84ed6a7160c06ecd", "type": "github" }, "original": { "owner": "NixOS", - "ref": "release-22.05", + "ref": "release-22.11", "repo": "nixpkgs", "type": "github" } @@ -725,11 +806,11 @@ "nmap-vulners": { "flake": false, "locked": { - "lastModified": 1632035522, - "narHash": "sha256-Y3THM8cNVZdl4GVLI0d4c/EgAyBZeNLSlDsUMHD9UYk=", + "lastModified": 1671189750, + "narHash": "sha256-WUAAWmwiW0uSTGdBE1rxrbSSWBRhzAMrtcyP4mmwkQ8=", "owner": "vulnersCom", "repo": "nmap-vulners", - "rev": "bbf53dd085f8d810921ee00ccf85bdb329d59514", + "rev": "4899a73532f2d166ba229f6c1e8a4046023623da", "type": "github" }, "original": { @@ -774,11 +855,11 @@ }, "nur": { "locked": { - "lastModified": 1668851908, - "narHash": "sha256-Br1NBRNqZtUYKSP7qhzyUlKDOuWOpl2sVsbxgamL4uM=", + "lastModified": 1671251299, + "narHash": "sha256-QFslNMb6xQdgEoHmbZ+YjyXysCPsiU2dOPpjWp68dYg=", "owner": "nix-community", "repo": "NUR", - "rev": "06c146dad321018b42c92fea1e0b100c989d9b8f", + "rev": "ca8e5a3c87bd533b1c0b0b4195b1191ad23c1c66", "type": "github" }, "original": { @@ -807,11 +888,11 @@ "org": { "flake": false, "locked": { - "lastModified": 1668143941, - "narHash": "sha256-f7nwVd1usk2Zhn9szqdhtU7/czXRl9w2NTQtGpIlugc=", + "lastModified": 1670680538, + "narHash": "sha256-afmN2tOY6Par235bVsqhtFHOSVyw4NBgTxI5Eo6Yk5A=", "owner": "emacs-straight", "repo": "org-mode", - "rev": "f83e45526b5ec4627d601673be3680e2dece1b33", + "rev": "42153ea2fec66f90c1623be25d6774d96ecf8062", "type": "github" }, "original": { @@ -870,19 +951,26 @@ }, "pre-commit-hooks": { "inputs": { + "flake-compat": [ + "flake-compat" + ], "flake-utils": [ "flake-utils" ], + "gitignore": "gitignore", "nixpkgs": [ "nixpkgs" + ], + "nixpkgs-stable": [ + "nixpkgs-stable" ] }, "locked": { - "lastModified": 1667992213, - "narHash": "sha256-8Ens8ozllvlaFMCZBxg6S7oUyynYx2v7yleC5M0jJsE=", + "lastModified": 1671180323, + "narHash": "sha256-qAE390OdYvzSMe58HLpoMZ7llPlp+zIy84pXPnuXqCo=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "ebcbfe09d2bd6d15f68de3a0ebb1e4dcb5cd324b", + "rev": "a49fc91a606dbbb7a916c56bc09776fc67b5c121", "type": "github" }, "original": { @@ -895,11 +983,11 @@ "revealjs": { "flake": false, "locked": { - "lastModified": 1668674340, - "narHash": "sha256-JEXPS67bgKnnRdA37mC18PyGm4EWVQ/BrWeBZLVKPvU=", + "lastModified": 1670408834, + "narHash": "sha256-2LG8/AwMC+caNK9DKDyVGw+EPT2W6ys177xQj7mdKng=", "owner": "hakimel", "repo": "reveal.js", - "rev": "9f1f7789bfbf689d9c1615e523d5c6262771e90f", + "rev": "4fe3946cb43de57f79aaa7b646aee7e78f4bcc75", "type": "github" }, "original": { @@ -913,8 +1001,10 @@ "agenix": "agenix", "arkenfox-nixos": "arkenfox-nixos", "azahi-cc": "azahi-cc", + "darwin": "darwin", "dns-nix": "dns-nix", "emacs-overlay": "emacs-overlay", + "flake-compat": "flake-compat", "flake-registry": "flake-registry", "flake-utils": "flake-utils", "home-manager": "home-manager", @@ -961,11 +1051,11 @@ ] }, "locked": { - "lastModified": 1658267644, - "narHash": "sha256-NJRe1rnlF112eZwxNASlRL8/ghwD8g+lpHIYRkWQxC8=", + "lastModified": 1669807829, + "narHash": "sha256-rgQ8MYV1UD4Ynw0wzfl9hatgsV5GV7X6eM6ioSPKzls=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "004c229ca44c069d93c92abf67ff1619fb508c6a", + "rev": "694e7d34f60028f4877517e1c7c73c9527fad400", "type": "gitlab" }, "original": { @@ -994,11 +1084,11 @@ "ts-fold": { "flake": false, "locked": { - "lastModified": 1663136308, - "narHash": "sha256-FI25RLoHqhcjA2qel75LVmQH4rTkKiAUR2w9QODT1XM=", + "lastModified": 1670681486, + "narHash": "sha256-Ss1FWOq51+0FQpQWXPiSWHmNYU6NurUvI2wAjOGV/kA=", "owner": "jcs-elpa", "repo": "ts-fold", - "rev": "c3da5520b988720f7f6e9e5e11b60746598112e0", + "rev": "85db0117ead108213cc2a4210f72746d8ad8d20a", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 7fcd818..46d1252 100644 --- a/flake.nix +++ b/flake.nix @@ -24,7 +24,7 @@ type = "github"; owner = "NixOS"; repo = "nixpkgs"; - ref = "release-22.05"; + ref = "release-22.11"; }; # For testing PRs and stuff. @@ -47,6 +47,14 @@ ref = "master"; }; + darwin = { + type = "github"; + owner = "LnL7"; + repo = "nix-darwin"; + ref = "master"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + home-manager = { type = "github"; owner = "nix-community"; @@ -83,6 +91,7 @@ repo = "nix-doom-emacs"; ref = "master"; inputs = { + flake-compat.follows = "flake-compat"; emacs-overlay.follows = "emacs-overlay"; flake-utils.follows = "flake-utils"; nixpkgs.follows = "nixpkgs"; @@ -184,8 +193,10 @@ repo = "pre-commit-hooks.nix"; ref = "master"; inputs = { + flake-compat.follows = "flake-compat"; flake-utils.follows = "flake-utils"; nixpkgs.follows = "nixpkgs"; + nixpkgs-stable.follows = "nixpkgs-stable"; }; }; @@ -220,32 +231,20 @@ flake = false; }; - # NOTE These inputs are used indirectly. They are declared explicitly here - # because nested follows is not yet release in a stable version of nix[1]. - # - # [1]: https://github.com/NixOS/nix/issues/5790 - # [1]: https://github.com/NixOS/nix/pull/6621 - # flake-utils-plus = { - # type = "github"; - # owner = "gytis-ivaskevicius"; - # repo = "flake-utils-plus"; - # ref = "master"; - # inputs.flake-utils.follows = "flake-utils"; - # }; - # flake-compat = { - # type = "github"; - # owner = "edolstra"; - # repo = "flake-compat"; - # ref = "master"; - # flake = false; - # }; + flake-compat = { + type = "github"; + owner = "edolstra"; + repo = "flake-compat"; + ref = "master"; + flake = false; + }; }; outputs = inputs: with inputs; let lib = nixpkgs.lib.extend (import ./lib); in - flake-utils.lib.eachSystem ["x86_64-linux" "aarch64-linux"] + flake-utils.lib.eachDefaultSystem (system: let pkgs = import nixpkgs { inherit system; @@ -290,10 +289,15 @@ // { inherit lib; - nixosModules.nixfiles = import ./modules/nixfiles; + modules.nixfiles = import ./modules/nixfiles; + nixosModules.nixfiles = import ./modules/nixos; nixosConfigurations = - import ./configurations {inherit inputs lib;}; + import ./nixosConfigurations {inherit inputs lib;}; + + darwinModules.nixfiles = import ./modules/darwin; + darwinConfigurations = + import ./darwinConfigurations {inherit inputs lib;}; # TODO Make it so that self.packages also can use this. overlays.default = final: _: { diff --git a/lib/default.nix b/lib/default.nix index d121f5e..da4b4d2 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -1,7 +1,7 @@ lib: _: rec { my = import ./my.nix lib; - dns = import ./dns.nix lib; + dns = import ./dns.nix; isEven = number: assert (builtins.isInt number) || (builtins.isFloat number); diff --git a/lib/dns.nix b/lib/dns.nix index e486f1c..5e1d767 100644 --- a/lib/dns.nix +++ b/lib/dns.nix @@ -1,4 +1,4 @@ -_: { +{ const = { quad9 = { default = ["9.9.9.9" "149.112.112.112" "2620:fe::fe" "2620:fe::9"]; diff --git a/lib/my.nix b/lib/my.nix index f9c6a35..9b999a5 100644 --- a/lib/my.nix +++ b/lib/my.nix @@ -9,23 +9,36 @@ with lib; attrsOf (submodule ({name, ...}: { freeformType = attrs; options = let + mkConfigurationArchOption = type: + mkOption { + description = "Whether the machine's architecture is a ${type} one."; + type = bool; + default = false; + }; + mkConfigurationTypeOption = type: mkOption { - description = "Whether the machine is a ${type} one."; + description = "Whether the machine's functional type is a ${type} one."; type = bool; default = false; }; in { hostname = mkOption { - description = "The machine's hostname"; + description = "The machine's hostname."; type = str; default = name; readOnly = true; }; + system = mkOption { - description = "The machine's system"; - type = enum ["x86_64-linux" "aarch64-linux"]; - default = "x86_64-linux"; + description = "The machine's system."; + type = nullOr (enum [ + "aarch64-darwin" + "aarch64-linux" + "x86_64-darwin" + "x86_64-linux" + ]); + default = null; }; isHeadless = mkConfigurationTypeOption "headless"; @@ -39,12 +52,12 @@ with lib; default = null; }; prefixLength = mkOption { - description = "The machine's IPv4 prefix length."; + description = "The machine's public IPv4 prefix length."; type = nullOr int; default = null; }; gatewayAddress = mkOption { - description = "The machine's IPv4 gateway address."; + description = "The machine's public IPv4 gateway address."; type = nullOr str; default = null; }; @@ -56,12 +69,12 @@ with lib; default = null; }; prefixLength = mkOption { - description = "The machine's IPv6 prefix length."; + description = "The machine's public IPv6 prefix length."; type = nullOr int; default = null; }; gatewayAddress = mkOption { - description = "The machine's IPv6 gateway address."; + description = "The machine's public IPv6 gateway address."; type = nullOr str; default = null; }; @@ -74,7 +87,7 @@ with lib; default = null; }; ipv6.address = mkOption { - description = "The machine's internal IPv4 addresses."; + description = "The machine's internal IPv6 addresses."; type = nullOr str; default = null; }; @@ -93,7 +106,7 @@ with lib; # filtering for actual subdomains. We can remove this option # altogether then. domains = mkOption { - description = "External domains that resovle to this address."; + description = "External domains that resolve to this address."; type = listOf str; default = []; }; @@ -171,7 +184,9 @@ with lib; shire ]; }; + varda = { + system = "x86_64-linux"; isHeadless = true; ipv4 = { gatewayAddress = "@IPV4_ADDRESS@"; @@ -189,7 +204,9 @@ with lib; publicKey = "@PUBLIC_KEY@"; }; }; + yavanna = { + system = "x86_64-linux"; isHeadless = true; ipv4 = { gatewayAddress = "@IPV4_ADDRESS@"; @@ -209,7 +226,9 @@ with lib; domains = with my.domain; ["flood.${shire}"]; syncthing.id = "@SYNCTHING_ID@"; }; + eonwe = { + system = "x86_64-linux"; isHeadful = true; wireguard = { ipv4.address = "10.69.3.1"; @@ -218,7 +237,9 @@ with lib; }; syncthing.id = "@SYNCTHING_ID@"; }; + melian = { + system = "x86_64-linux"; isHeadful = true; wireguard = { ipv4.address = "10.69.4.1"; @@ -227,6 +248,12 @@ with lib; }; syncthing.id = "@SYNCTHING_ID@"; }; + + mairon = { + system = "aarch64-darwin"; + isHeadful = true; + }; + gothmog = { isOther = true; wireguard = { diff --git a/modules/darwin/common/default.nix b/modules/darwin/common/default.nix new file mode 100644 index 0000000..149b2d6 --- /dev/null +++ b/modules/darwin/common/default.nix @@ -0,0 +1,10 @@ +_: { + imports = [ + ./home-manager.nix + ./locale.nix + ./networking.nix + ./nix.nix + ./shell.nix + ./users.nix + ]; +} diff --git a/modules/darwin/common/home-manager.nix b/modules/darwin/common/home-manager.nix new file mode 100644 index 0000000..4fc6cbe --- /dev/null +++ b/modules/darwin/common/home-manager.nix @@ -0,0 +1,3 @@ +{inputs, ...}: { + imports = [inputs.home-manager.darwinModule]; +} diff --git a/modules/darwin/common/locale.nix b/modules/darwin/common/locale.nix new file mode 100644 index 0000000..1ecf6fe --- /dev/null +++ b/modules/darwin/common/locale.nix @@ -0,0 +1,7 @@ +{lib, ...}: +with lib; { + environment.variables.LANG = "en_GB.UTF-8"; + + # TODO https://daiderd.com/nix-darwin/manual/index.html#opt-system.keyboard.enableKeyMapping + system.keyboard = {}; +} diff --git a/modules/darwin/common/networking.nix b/modules/darwin/common/networking.nix new file mode 100644 index 0000000..6c503bc --- /dev/null +++ b/modules/darwin/common/networking.nix @@ -0,0 +1,10 @@ +{ + this, + localHostname ? this.hostname, + ... +}: { + networking = { + computerName = localHostname; + hostName = localHostname; + }; +} diff --git a/modules/darwin/common/nix.nix b/modules/darwin/common/nix.nix new file mode 100644 index 0000000..a522cb0 --- /dev/null +++ b/modules/darwin/common/nix.nix @@ -0,0 +1,21 @@ +{ + lib, + this, + ... +}: +with lib; { + nix = { + daemonIOLowPriority = false; + daemonProcessType = "Standard"; + + extraOptions = optionalString (this.system == "aarch64-darwin") '' + extra-platforms = x86_64-darwin aarch64-darwin + ''; + + settings.trusted-users = ["@admin"]; + }; + + services.nix-daemon.enable = true; + + system.stateVersion = 4; +} diff --git a/modules/darwin/common/shell.nix b/modules/darwin/common/shell.nix new file mode 100644 index 0000000..5985f50 --- /dev/null +++ b/modules/darwin/common/shell.nix @@ -0,0 +1,3 @@ +{pkgs, ...}: { + environment.shells = with pkgs; [bashInteractive]; +} diff --git a/modules/darwin/common/users.nix b/modules/darwin/common/users.nix new file mode 100644 index 0000000..957e50c --- /dev/null +++ b/modules/darwin/common/users.nix @@ -0,0 +1,11 @@ +{ + lib, + localUsername ? lib.my.username, + ... +}: +with lib; { + # The only MacOS machine I'm currently using has a pre-configured domain user + # account that I have to login as. I may accidentally break something if I + # change options here so this section is left practically untouched. + users.users.${localUsername}.home = "/Users/${localUsername}"; +} diff --git a/modules/darwin/default.nix b/modules/darwin/default.nix new file mode 100644 index 0000000..153c857 --- /dev/null +++ b/modules/darwin/default.nix @@ -0,0 +1,10 @@ +_: { + imports = [ + ./common + ./emacs.nix + ./fonts.nix + ./gnupg.nix + ./homebrew.nix + ./profiles + ]; +} diff --git a/modules/darwin/emacs.nix b/modules/darwin/emacs.nix new file mode 100644 index 0000000..02bfb83 --- /dev/null +++ b/modules/darwin/emacs.nix @@ -0,0 +1,15 @@ +{ + config, + lib, + ... +}: +with lib; let + cfg = config.nixfiles.modules.emacs; +in { + config = mkIf cfg.enable { + # services.emacs = { + # enable = true; + # package = config.hm.programs.doom-emacs.package; + # }; + }; +} diff --git a/modules/darwin/fonts.nix b/modules/darwin/fonts.nix new file mode 100644 index 0000000..741fdc8 --- /dev/null +++ b/modules/darwin/fonts.nix @@ -0,0 +1,12 @@ +{ + config, + lib, + ... +}: +with lib; let + cfg = config.nixfiles.modules.fonts; +in { + config = mkIf cfg.enable { + fonts.fontDir.enable = true; + }; +} diff --git a/modules/darwin/gnupg.nix b/modules/darwin/gnupg.nix new file mode 100644 index 0000000..073d3b1 --- /dev/null +++ b/modules/darwin/gnupg.nix @@ -0,0 +1,15 @@ +{ + config, + lib, + ... +}: +with lib; let + cfg = config.nixfiles.modules.gnupg; +in { + config = mkIf cfg.enable { + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + }; +} diff --git a/modules/darwin/homebrew.nix b/modules/darwin/homebrew.nix new file mode 100644 index 0000000..35e8e77 --- /dev/null +++ b/modules/darwin/homebrew.nix @@ -0,0 +1,23 @@ +{ + config, + inputs, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.nixfiles.modules.homebrew; +in { + options.nixfiles.modules.homebrew.enable = mkEnableOption "Homebrew"; + + config = mkIf cfg.enable { + # This option requires an installed Homebrew[1]. + # + # [1]: https://daiderd.com/nix-darwin/manual/index.html#opt-homebrew.enable + # [1]: https://brew.sh + homebrew = { + enable = true; + taps = []; + }; + }; +} diff --git a/modules/darwin/profiles/default.nix b/modules/darwin/profiles/default.nix new file mode 100644 index 0000000..f42647a --- /dev/null +++ b/modules/darwin/profiles/default.nix @@ -0,0 +1,93 @@ +{ + config, + lib, + pkgs, + this, + ... +}: +with lib; let + cfg = config.nixfiles.modules.profiles.default; +in { + imports = [ + ./headful.nix + ]; + + config = mkIf cfg.enable { + hm.home.packages = with pkgs; [m-cli]; + + system = { + defaults = { + CustomUserPreferences = {}; + + ActivityMonitor = {}; + + NSGlobalDomain = { + AppleEnableMouseSwipeNavigateWithScrolls = true; + AppleEnableSwipeNavigateWithScrolls = true; + + AppleInterfaceStyle = "Dark"; + + AppleShowAllExtensions = true; + AppleShowAllFiles = true; + + InitialKeyRepeat = 15; + KeyRepeat = 2; + + NSAutomaticCapitalizationEnabled = false; + NSAutomaticDashSubstitutionEnabled = false; + NSAutomaticPeriodSubstitutionEnabled = false; + NSAutomaticQuoteSubstitutionEnabled = false; + NSAutomaticSpellingCorrectionEnabled = false; + + # Make function keys to work as they should. + "com.apple.keyboard.fnState" = true; + + # Disable the absolutely retarded "natural" scrolling. + "com.apple.swipescrolldirection" = false; + }; + + dock = { + orientation = "bottom"; + tilesize = 18; + + show-recents = false; + static-only = false; + + # Disable hot corners. + wvous-bl-corner = 1; + wvous-br-corner = 1; + wvous-tl-corner = 1; + wvous-tr-corner = 1; + }; + + finder = { + AppleShowAllExtensions = true; + AppleShowAllFiles = true; + + CreateDesktop = true; + + FXDefaultSearchScope = "SCcf"; + FXEnableExtensionChangeWarning = false; + FXPreferredViewStyle = "clmv"; + + ShowStatusBar = false; + ShowPathbar = true; + _FXShowPosixPathInTitle = true; + }; + + trackpad = { + Clicking = true; + Dragging = false; + }; + }; + + keyboard = { + enableKeyMapping = true; + nonUS.remapTilde = true; + remapCapsLockToControl = false; + remapCapsLockToEscape = true; + swapLeftCommandAndLeftAlt = false; + }; + }; + }; +} diff --git a/modules/darwin/profiles/headful.nix b/modules/darwin/profiles/headful.nix new file mode 100644 index 0000000..44695f6 --- /dev/null +++ b/modules/darwin/profiles/headful.nix @@ -0,0 +1,19 @@ +{ + config, + lib, + pkgs, + this, + ... +}: +with lib; let + cfg = config.nixfiles.modules.profiles.headful; +in { + config = mkIf cfg.enable { + nixfiles.modules.homebrew.enable = true; + + homebrew.casks = [ + {name = "firefox";} + {name = "telegram-desktop";} + ]; + }; +} diff --git a/modules/nixfiles/alacritty.nix b/modules/nixfiles/alacritty.nix index 5f8833a..142f6c5 100644 --- a/modules/nixfiles/alacritty.nix +++ b/modules/nixfiles/alacritty.nix @@ -19,10 +19,7 @@ in { y = size; }; dynamic_padding = false; - decorations = - if kde.enable - then "full" - else "none"; + decorations = "full"; }; font = with config.fontScheme.monospaceFont; { normal = { diff --git a/modules/nixfiles/bat.nix b/modules/nixfiles/bat.nix index 4a98f99..2b31d16 100644 --- a/modules/nixfiles/bat.nix +++ b/modules/nixfiles/bat.nix @@ -7,7 +7,8 @@ with lib; let cfg = config.nixfiles.modules.bat; in { - options.nixfiles.modules.bat.enable = mkEnableOption "bat, an alternative to cat"; + options.nixfiles.modules.bat.enable = + mkEnableOption "bat, an alternative to cat"; config = mkIf cfg.enable { hm.programs = { diff --git a/modules/nixfiles/chromium.nix b/modules/nixfiles/chromium.nix index 6a7c771..4f0ae12 100644 --- a/modules/nixfiles/chromium.nix +++ b/modules/nixfiles/chromium.nix @@ -23,7 +23,5 @@ in { ]; }; }; - - services.psd.enable = true; }; } diff --git a/modules/nixfiles/common/default.nix b/modules/nixfiles/common/default.nix index 4f7a6c1..2bfe7e8 100644 --- a/modules/nixfiles/common/default.nix +++ b/modules/nixfiles/common/default.nix @@ -2,17 +2,10 @@ _: { imports = [ ./documentation.nix ./home-manager.nix - ./kernel.nix ./locale.nix ./networking.nix ./nix - ./secrets.nix - ./security.nix - ./services.nix ./shell - ./systemd.nix - ./tmp.nix ./users.nix - ./xdg.nix ]; } diff --git a/modules/nixfiles/common/documentation.nix b/modules/nixfiles/common/documentation.nix index 46ec9a5..55f6138 100644 --- a/modules/nixfiles/common/documentation.nix +++ b/modules/nixfiles/common/documentation.nix @@ -16,27 +16,8 @@ with lib; { documentation = { enable = true; - - dev.enable = true; doc.enable = false; info.enable = false; - nixos.enable = true; - - man.man-db.manualPages = - (pkgs.buildEnv { - name = "man-paths"; - paths = with config; - environment.systemPackages ++ hm.home.packages; - pathsToLink = ["/share/man"]; - extraOutputsToInstall = ["man"]; - ignoreCollisions = true; - }) - .overrideAttrs (_: _: {__contentAddressed = true;}); - }; - - environment.sessionVariables = { - MANOPT = "--no-hyphenation"; - MANPAGER = "${pkgs.less}/bin/less -+F"; }; }) (mkIf this.isHeadless { diff --git a/modules/nixfiles/common/home-manager.nix b/modules/nixfiles/common/home-manager.nix index 7ce872b..b28260a 100644 --- a/modules/nixfiles/common/home-manager.nix +++ b/modules/nixfiles/common/home-manager.nix @@ -1,18 +1,18 @@ { - config, inputs, lib, + localUsername ? lib.my.username, ... }: with lib; { imports = [ - inputs.home-manager.nixosModules.home-manager - (mkAliasOptionModule ["hm"] ["home-manager" "users" my.username]) + (mkAliasOptionModule ["hm"] ["home-manager" "users" localUsername]) ]; hm = { news.display = "silent"; - home = {inherit (config.system) stateVersion;}; + home.stateVersion = with builtins; + head (split "\n" (readFile "${inputs.nixpkgs}/.version")); }; home-manager = { @@ -21,6 +21,4 @@ with lib; { useGlobalPkgs = true; verbose = true; }; - - system.extraDependencies = [inputs.home-manager]; } diff --git a/modules/nixfiles/common/locale.nix b/modules/nixfiles/common/locale.nix index 5f0d5ae..bcb577a 100644 --- a/modules/nixfiles/common/locale.nix +++ b/modules/nixfiles/common/locale.nix @@ -1,27 +1,6 @@ -{lib, ...}: -with lib; { - i18n = { - defaultLocale = mkDefault "en_GB.UTF-8"; - supportedLocales = [ - "C.UTF-8/UTF-8" - "en_GB.UTF-8/UTF-8" - "en_US.UTF-8/UTF-8" - "ja_JP.UTF-8/UTF-8" - "ru_RU.UTF-8/UTF-8" - ]; - }; - - time.timeZone = mkDefault "Europe/Moscow"; - - # TODO Fcitx or UIM as a Japanese IME. - services.xserver = { - layout = comcat ["us" "ru"]; - xkbVariant = comcat ["" "phonetic"]; - xkbOptions = comcat [ - "terminate:ctrl_alt_bksp" - "caps:escape" - "compose:menu" - "grp:win_space_toggle" - ]; +_: { + hm.home.language = { + collate = "C"; + messages = "C"; }; } diff --git a/modules/nixfiles/common/networking.nix b/modules/nixfiles/common/networking.nix index 8512d78..e5d27d8 100644 --- a/modules/nixfiles/common/networking.nix +++ b/modules/nixfiles/common/networking.nix @@ -1,100 +1,3 @@ -{ - config, - lib, - pkgs, - this, - ... -}: -with lib; { - hm.home.file.".digrc".text = '' - +answer - +multiline - +recurse - ''; - - # TODO Support multiple interfaces and IP addresses. - networking = mkMerge [ - { - domain = my.domain.shire; - - hostName = this.hostname; - hostId = substring 0 8 (builtins.hashString "md5" this.hostname); - - # Remove default hostname mappings. This is required at least by the current - # implementation of the montoring module. - hosts = { - "127.0.0.2" = mkForce []; - "::1" = mkForce []; - }; - - nameservers = mkDefault dns.const.quad9.default; - - useDHCP = false; - - firewall = { - enable = true; - - rejectPackets = false; - - allowPing = true; - pingLimit = "--limit 1/minute --limit-burst 5"; - - logRefusedConnections = false; - logRefusedPackets = false; - logRefusedUnicastsOnly = false; - logReversePathDrops = false; - }; - } - (let - interface = "eth0"; # This assumes `usePredictableInterfaceNames` is false. - in - mkIf (hasAttr "ipv4" this && hasAttr "ipv6" this) { - usePredictableInterfaceNames = false; # NOTE This can break something! - interfaces.${interface} = { - ipv4.addresses = with this.ipv4; - optional (isString address && isInt prefixLength) { - inherit address prefixLength; - }; - - ipv6.addresses = with this.ipv6; - optional (isString address && isInt prefixLength) { - inherit address prefixLength; - }; - }; - defaultGateway = with this.ipv4; - mkIf (isString gatewayAddress) { - inherit interface; - address = gatewayAddress; - }; - defaultGateway6 = with this.ipv6; - mkIf (isString gatewayAddress) { - inherit interface; - address = gatewayAddress; - }; - }) - ]; - - environment = { - systemPackages = with pkgs; [myip]; - - shellAliases = listToAttrs (map - ({ - name, - value, - }: - nameValuePair name "${pkgs.iproute2}/bin/${value}") [ - { - name = "bridge"; - value = "bridge -color=always"; - } - { - name = "ip"; - value = "ip -color=always"; - } - { - name = "tc"; - value = "tc -color=always"; - } - ]); - }; +{pkgs, ...}: { + environment.systemPackages = with pkgs; [myip]; } diff --git a/modules/nixfiles/common/nix/default.nix b/modules/nixfiles/common/nix/default.nix index c9d3b04..aeb25bd 100644 --- a/modules/nixfiles/common/nix/default.nix +++ b/modules/nixfiles/common/nix/default.nix @@ -2,12 +2,8 @@ config, inputs, lib, + localUsername ? lib.my.username, pkgs, - pkgsLocal, - pkgsMaster, - pkgsPR, - pkgsRev, - pkgsStabe, this, ... }: @@ -62,10 +58,11 @@ with lib; { // {nixfiles.flake = inputs.self;}; settings = { - trusted-users = ["root" "@wheel"]; + trusted-users = ["root" localUsername]; substituters = [ "https://azahi.cachix.org" + "https://cache.iog.io" "https://cachix.cachix.org" "https://nix-community.cachix.org" "https://pre-commit-hooks.cachix.org" @@ -73,6 +70,7 @@ with lib; { trusted-public-keys = [ "azahi.cachix.org-1:2bayb+iWYMAVw3ZdEpVg+NPOHCXncw7WMQ0ElX1GO3s=" "cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM=" + "hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "pre-commit-hooks.cachix.org-1:Pkk3Panw5AW24TOv6kz3PvLhlH8puAsJTBbOPmBo7Rc=" ]; @@ -114,45 +112,25 @@ with lib; { inherit (np) yaml-language-server; json-language-server = np.vscode-json-languageserver-bin; k3d = kube3d; + kubelogin = kubelogin-oidc; lua-language-server = sumneko-lua-language-server; nix-language-server = rnix-lsp; omnisharp = omnisharp-roslyn; + telepresence = telepresence2; tor-browser = tor-browser-bundle-bin; })) - agenix.overlay emacs-overlay.overlay # nil.overlays.default - # nix-minecraft-servers.overlays.default nur.overlay # pollymc.overlay - xmonad-ng.overlays.default ]; - system = { - stateVersion = builtins.readFile "${inputs.nixpkgs}/.version"; - - extraDependencies = with inputs; [ - nixos-hardware - nixpkgs - nixpkgs-master - nixpkgs-stable - nur + environment.systemPackages = with pkgs; + optionals this.isHeadful [ + nix-du + nix-top + nix-tree ]; - }; - - environment = { - sessionVariables.NIX_SHELL_PRESERVE_PROMPT = "1"; - - localBinInPath = true; - - defaultPackages = []; - systemPackages = with pkgs; - optionals this.isHeadful [ - nix-du - nix-top - nix-tree - ]; - }; hm.home = { packages = with pkgs; [nix-index]; diff --git a/modules/nixfiles/common/services.nix b/modules/nixfiles/common/services.nix deleted file mode 100644 index 376c87d..0000000 --- a/modules/nixfiles/common/services.nix +++ /dev/null @@ -1,9 +0,0 @@ -_: { - services = { - earlyoom.enable = true; - haveged.enable = true; - irqbalance.enable = true; - }; - - hardware.ksm.enable = true; -} diff --git a/modules/nixfiles/common/shell/default.nix b/modules/nixfiles/common/shell/default.nix index 8ed2e99..9425578 100644 --- a/modules/nixfiles/common/shell/default.nix +++ b/modules/nixfiles/common/shell/default.nix @@ -40,6 +40,72 @@ with lib; { fi ''; + shellAliases = + listToAttrs + (map + ({ + name, + value, + }: + nameValuePair name (with pkgs; let + pkg = + if this.isHeadful + then + (coreutils.overrideAttrs (_: super: { + patches = + super.patches + ++ [ + (fetchpatch { + url = "https://raw.githubusercontent.com/jarun/advcpmv/ea268d870b475edd5960dcd55d5378abc9705958/advcpmv-0.9-9.1.patch"; + hash = "sha256-d+SRT/R4xmfHLAdOr7m4R3WFiW64P5ZH6iqDvErYCyg="; + }) + ]; + })) + else coreutils; + in "${pkg}/bin/coreutils --coreutils-prog=${value}")) + ( + let + mkAlias = { + name ? head command, + command, + }: { + inherit name; + value = concatStringsSep " " command; + }; + + progressBar = optionalString this.isHeadful "--progress-bar"; + in [ + (mkAlias { + command = ["cp" "--interactive" "--recursive" progressBar]; + }) + (mkAlias {command = ["mv" "--interactive" progressBar];}) + (mkAlias {command = ["rm" "--interactive=once"];}) + (mkAlias {command = ["ln" "--interactive"];}) + (mkAlias {command = ["mkdir" "--parents"];}) + (mkAlias {command = ["rmdir" "--parents"];}) + (mkAlias { + name = "lower"; + command = ["tr" "'[:upper:]'" "'[:lower:]'"]; + }) + (mkAlias { + name = "upper"; + command = ["tr" "'[:lower:]'" "'[:upper:]'"]; + }) + (mkAlias { + name = "disk"; + command = [ + "df" + "--human-readable" + "--exclude-type=tmpfs" + "--exclude-type=devtmpfs" + "2>/dev/null" + ]; + }) + ] + )) + // genAttrs ["grep" "egrep" "fgrep"] + (name: "${pkgs.gnugrep}/bin/${name} --color=always"); + historyControl = ["ignoredups" "ignorespace"]; }; @@ -51,82 +117,12 @@ with lib; { home.packages = with pkgs; [grc]; }; - programs.command-not-found.enable = false; - - environment = { - shellAliases = - listToAttrs - (map - ({ - name, - value, - }: - nameValuePair name (with pkgs; let - pkg = - if this.isHeadful - then - (coreutils.overrideAttrs (_: super: { - patches = - super.patches - ++ [ - (fetchpatch { - url = "https://raw.githubusercontent.com/jarun/advcpmv/ea268d870b475edd5960dcd55d5378abc9705958/advcpmv-0.9-9.1.patch"; - hash = "sha256-d+SRT/R4xmfHLAdOr7m4R3WFiW64P5ZH6iqDvErYCyg="; - }) - ]; - })) - else coreutils; - in "${pkg}/bin/coreutils --coreutils-prog=${value}")) - ( - let - mkAlias = { - name ? head command, - command, - }: { - inherit name; - value = concatStringsSep " " command; - }; - - progressBar = optionalString this.isHeadful "--progress-bar"; - in [ - (mkAlias { - command = ["cp" "--interactive" "--recursive" progressBar]; - }) - (mkAlias {command = ["mv" "--interactive" progressBar];}) - (mkAlias {command = ["rm" "--interactive=once"];}) - (mkAlias {command = ["ln" "--interactive"];}) - (mkAlias {command = ["mkdir" "--parents"];}) - (mkAlias {command = ["rmdir" "--parents"];}) - (mkAlias { - name = "lower"; - command = ["tr" "'[:upper:]'" "'[:lower:]'"]; - }) - (mkAlias { - name = "upper"; - command = ["tr" "'[:lower:]'" "'[:upper:]'"]; - }) - (mkAlias { - name = "disk"; - command = [ - "df" - "--human-readable" - "--exclude-type=tmpfs" - "--exclude-type=devtmpfs" - "2>/dev/null" - ]; - }) - ] - )) - // genAttrs ["grep" "egrep" "fgrep"] - (name: "${pkgs.gnugrep}/bin/${name} --color=always"); - - systemPackages = with pkgs; [ - bash-completion - bc - gawk - hr - moreutils - pv - ]; - }; + environment.systemPackages = with pkgs; [ + bash-completion + bc + gawk + hr + moreutils + pv + ]; } diff --git a/modules/nixfiles/common/users.nix b/modules/nixfiles/common/users.nix index fb85c1b..aee0e38 100644 --- a/modules/nixfiles/common/users.nix +++ b/modules/nixfiles/common/users.nix @@ -1,21 +1,8 @@ -{lib, ...}: +{ + lib, + localUsername ? lib.my.username, + ... +}: with lib; { - imports = [(mkAliasOptionModule ["my"] ["users" "users" my.username])]; - - users = { - mutableUsers = false; - - users = { - root.hashedPassword = "@HASHED_PASSWORD@"; - - ${my.username} = { - isNormalUser = true; - uid = 1000; - description = my.fullname; - inherit (my) hashedPassword; - openssh.authorizedKeys.keys = [my.ssh.key]; - extraGroups = ["wheel"]; - }; - }; - }; + imports = [(mkAliasOptionModule ["my"] ["users" "users" localUsername])]; } diff --git a/modules/nixfiles/default.nix b/modules/nixfiles/default.nix index 82ccc27..d4e5e26 100644 --- a/modules/nixfiles/default.nix +++ b/modules/nixfiles/default.nix @@ -1,78 +1,31 @@ -{...}: { +_: { imports = [ - ./acme.nix ./alacritty.nix - ./alertmanager.nix - ./android.nix ./aria2.nix ./bat.nix ./beets.nix - ./bluetooth.nix ./chromium.nix ./common ./curl.nix ./direnv.nix - ./docker.nix - ./dwm.nix ./emacs - ./endlessh-go.nix - ./endlessh.nix - ./fail2ban.nix ./firefox ./fonts.nix - ./games ./git.nix ./gnupg.nix - ./gotify.nix - ./grafana.nix ./htop.nix - ./hydra.nix - ./ipfs.nix - ./kde.nix - ./libvirtd.nix - ./lidarr.nix - ./loki.nix - ./lxc.nix - ./matrix - ./monitoring ./mpd.nix ./mpv.nix - ./nextcloud.nix - ./nginx.nix ./nmap.nix - ./node-exporter.nix - ./nsd.nix ./openssh.nix ./password-store.nix - ./podman.nix - ./postgresql.nix ./profiles - ./prometheus.nix - ./promtail.nix - ./psd.nix ./qutebrowser.nix - ./radarr.nix - ./radicale.nix - ./rss-bridge.nix - ./rtorrent.nix - ./searx.nix - ./shadowsocks.nix - ./soju.nix - ./solaar.nix - ./sonarr.nix - ./sound.nix ./subversion.nix - ./syncthing.nix - ./throttled.nix ./tmux.nix - ./unbound.nix - ./vaultwarden.nix ./vim ./vscode.nix ./wget.nix - ./wireguard.nix - ./x11.nix - ./xmonad.nix ./zathura.nix ]; } diff --git a/modules/nixfiles/discord.nix b/modules/nixfiles/discord.nix new file mode 100644 index 0000000..190b5fc --- /dev/null +++ b/modules/nixfiles/discord.nix @@ -0,0 +1,22 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.nixfiles.modules.discord; +in { + options.nixfiles.modules.discord.enable = + mkEnableOption "Steam runtime"; + + config = mkIf cfg.enable { + nixfiles.modules.common.nix.allowedUnfreePackages = ["discord"]; + + hm.home.packages = with pkgs; [ + (discord.override { + withOpenASAR = true; + }) + ]; + }; +} diff --git a/modules/nixfiles/emacs/default.nix b/modules/nixfiles/emacs/default.nix index 0ae2bf9..933a32e 100644 --- a/modules/nixfiles/emacs/default.nix +++ b/modules/nixfiles/emacs/default.nix @@ -11,17 +11,10 @@ in { options.nixfiles.modules.emacs.enable = mkEnableOption "GNU Emacs"; config = mkIf cfg.enable { - secrets.authinfo = { - file = "${inputs.self}/secrets/authinfo"; - owner = my.username; - inherit (config.my) group; - }; - nixfiles.modules = { fonts.enable = true; git.client.enable = true; gnupg.enable = true; - x11.enable = true; }; hm = { @@ -65,7 +58,6 @@ in { gore # :lang go gotests # :lang go graphviz # :lang (org +roam2) :lang plantuml - grip # :lang (markdown +grip) haskell-language-server # :lang (haskell +lsp) haskellPackages.brittany # :lang haskell :editor format haskellPackages.cabal-fmt # :lang haskell :editor format @@ -97,10 +89,6 @@ in { texlive.combined.scheme-full # :lang org tex unzip # :tools debugger wordnet # :tools (lookup +dictionary +offline) - xclip # :app everywhere - xdotool # :app everywhere - xorg.xprop # :app everywhere - xorg.xwininfo # :app everywhere yaml-language-server # :lang (yaml +lsp) zls # :lang (zig +lsp) zstd # :emacs undo @@ -117,13 +105,11 @@ in { (setq custom-file (file-name-concat doom-emacs-dir "custom.el")) - ;; Font must be set to n+2 because otherwise it looks too small. + Font must be set to n+2 because otherwise it looks too small. (setq doom-font (font-spec :family "${config.fontScheme.monospaceFont.family}" :size ${toString (config.fontScheme.monospaceFont.size + 2)}) doom-unicode-font doom-font) - (appendq! auth-sources '("${config.secrets.authinfo.path}")) - (setq user-full-name "${my.fullname}" user-mail-address "${my.email}") @@ -142,16 +128,6 @@ in { (setq skk-large-jisyo "${pkgs.skk-dicts}/share/skk/SKK-JISYO.L") ''; }; - - services.emacs = { - enable = true; - client.enable = true; - }; }; - - system.extraDependencies = with inputs; [ - emacs-overlay - nix-doom-emacs - ]; }; } diff --git a/modules/nixfiles/emacs/doom/init.el b/modules/nixfiles/emacs/doom/init.el index ef663a0..efb831e 100644 --- a/modules/nixfiles/emacs/doom/init.el +++ b/modules/nixfiles/emacs/doom/init.el @@ -20,7 +20,7 @@ ophints (popup +defaults) ;; tabs - (treemacs +lsp) + ;; (treemacs +lsp) ;; unicode (vc-gutter +diff-hl +pretty) window-select @@ -91,7 +91,7 @@ (javascript +lsp +tree-sitter) json (latex +lsp +tree-sittter) - (lua +lsp +tree-sitter) + ;; (lua +lsp +tree-sitter) (markdown +lsp +tree-sitter) (nix +lsp) (org +pandoc +roam2) @@ -99,7 +99,7 @@ (python +lsp +tree-sitter) ;; (racket +lsp +tree-sitter) ;; rst - (rust +lsp +tree-sitter) + ;; (rust +lsp +tree-sitter) ;; (scheme +lsp +tree-sitter +racket) (sh +lsp +tree-sitter) web @@ -112,7 +112,7 @@ :app calendar ;; emms - everywhere + ;; everywhere irc (rss +org) diff --git a/modules/nixfiles/endlessh.nix b/modules/nixfiles/endlessh.nix deleted file mode 100644 index c66d8b3..0000000 --- a/modules/nixfiles/endlessh.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; let - cfg = config.nixfiles.modules.endlessh; -in { - options.nixfiles.modules.endlessh.enable = - mkEnableOption "endlessh"; - - config = let - port = 22; - in - mkIf cfg.enable { - assertions = [ - { - assertion = !(any (x: x == port) config.services.openssh.ports); - message = "Port ${toString port} is already occupied by OpenSSH"; - } - ]; - - systemd.services.endlessh = { - description = "Endlessh SSH Tarpit"; - requires = ["network-online.target"]; - serviceConfig = { - Restart = "always"; - ExecStart = concatStringsSep " " [ - "${pkgs.endlessh}/bin/endlessh" - "-v" - "-4" - "-p ${toString port}" - ]; - KillSignal = "SIGTERM"; - AmbientCapabilities = "CAP_NET_BIND_SERVICE"; - DynamicUser = true; - StateDirectory = "endlessh"; - }; - wantedBy = ["multi-user.target"]; - }; - - networking.firewall.allowedTCPPorts = [port]; - }; -} diff --git a/modules/nixfiles/firefox/default.nix b/modules/nixfiles/firefox/default.nix index 8557d64..cd651a6 100644 --- a/modules/nixfiles/firefox/default.nix +++ b/modules/nixfiles/firefox/default.nix @@ -276,23 +276,17 @@ in { }; }; - extensions = with pkgs.nur.repos.rycee.firefox-addons; - [ - bitwarden - consent-o-matic - darkreader - localcdn - noscript - privacy-redirect - ublock-origin - violentmonkey - ] - ++ optional config.nixfiles.modules.ipfs.enable ipfs-companion; + extensions = with pkgs.nur.repos.rycee.firefox-addons; [ + bitwarden + consent-o-matic + darkreader + localcdn + noscript + privacy-redirect + ublock-origin + violentmonkey + ]; }; }; - - services.psd.enable = true; - - system.extraDependencies = [inputs.arkenfox-nixos]; }; } diff --git a/modules/nixfiles/firefox/userChrome.css b/modules/nixfiles/firefox/userChrome.css index 23fc336..5300d17 100644 --- a/modules/nixfiles/firefox/userChrome.css +++ b/modules/nixfiles/firefox/userChrome.css @@ -94,8 +94,8 @@ min-width: 1.6em; } - #back-button, #forward-button, + #back-button, #context-bookmarklink, #context-inspect-a11y, #context-navigation, @@ -117,7 +117,8 @@ #context_moveTabOptions, #context_reopenInContainer, #context_selectAllTabs, - #context_sendTabToDevice { + #context_sendTabToDevice, + #webrtcIndicator { display: none !important; } } diff --git a/modules/nixfiles/fonts.nix b/modules/nixfiles/fonts.nix index dbae282..483de0d 100644 --- a/modules/nixfiles/fonts.nix +++ b/modules/nixfiles/fonts.nix @@ -80,51 +80,12 @@ in { }; }; - config = mkMerge [ - (mkIf cfg.enable { - hm.fonts.fontconfig.enable = true; - - fonts = { - fonts = with pkgs; [ - iosevka-bin - (iosevka-bin.override {variant = "aile";}) - (iosevka-bin.override {variant = "etoile";}) - sarasa-gothic - ]; - - fontconfig = { - enable = true; - - defaultFonts = { - monospace = [ - "Iosevka" - "Sarasa Mono K" - "Sarasa Mono J" - "Sarasa Mono SC" - "Sarasa Mono CL" - ]; - sansSerif = [ - "Iosevka Aile" - "Sarasa Gothic K" - "Sarasa Gothic J" - "Sarasa Gothic SC" - "Sarasa Gothic CL" - ]; - serif = [ - "Iosevka Etoile" - "Sarasa Gothic K" - "Sarasa Gothic J" - "Sarasa Gothic SC" - "Sarasa Gothic CL" - ]; - }; - }; - }; - }) - (mkIf (!cfg.enable) { - # Disable fonts for headless profiles. - hm.fonts.fontconfig.enable = mkForce false; - fonts.fontconfig.enable = mkForce false; - }) - ]; + config = mkIf cfg.enable { + fonts.fonts = with pkgs; [ + iosevka-bin + (iosevka-bin.override {variant = "aile";}) + (iosevka-bin.override {variant = "etoile";}) + sarasa-gothic + ]; + }; } diff --git a/modules/nixfiles/git.nix b/modules/nixfiles/git.nix index facff2f..2c1dd1f 100644 --- a/modules/nixfiles/git.nix +++ b/modules/nixfiles/git.nix @@ -1,224 +1,117 @@ { config, lib, - inputs, pkgs, ... }: with lib; let cfg = config.nixfiles.modules.git; in { - options.nixfiles.modules.git = { - client.enable = mkEnableOption "Git client"; - server = { - enable = mkEnableOption "Git server"; + options.nixfiles.modules.git.client.enable = + mkEnableOption "Git client"; - domain = mkOption { - description = "Domain name sans protocol scheme."; - type = with types; nullOr str; - default = "git.${config.networking.domain}"; - }; - - package = mkOption { - description = "Package."; - type = types.package; - default = pkgs.cgit-pink; - }; - }; - }; - - config = mkMerge [ - (mkIf cfg.client.enable { - secrets = { - glab-cli-config = { - file = "${inputs.self}/secrets/glab-cli-config"; - path = "${config.dirs.config}/glab-cli/config.yml"; - owner = my.username; - inherit (config.my) group; - }; - gh-hosts = { - file = "${inputs.self}/secrets/gh-hosts"; - path = "${config.dirs.config}/gh/hosts.yml"; - owner = my.username; - inherit (config.my) group; - }; - hut = { - file = "${inputs.self}/secrets/hut"; - path = "${config.dirs.config}/hut/config"; - owner = my.username; - inherit (config.my) group; - }; - }; - - hm = { - home.packages = with pkgs; [glab hut]; - - programs = { - git = { - enable = true; - - package = pkgs.git.override { - doInstallCheck = false; - pythonSupport = false; - sendEmailSupport = true; - withLibsecret = false; - withSsh = true; - }; - - userName = my.fullname; - userEmail = my.email; - signing = { - inherit (my.pgp) key; - signByDefault = true; - }; - - extraConfig = - { - advice.detachedHead = false; - color.ui = true; - core.whitespace = "trailing-space"; - diff = { - mnemonicPrefix = true; - renames = "copies"; - submodule = "log"; - }; - init.defaultBranch = "master"; - status.submoduleSummary = true; - github.user = my.username; - gitlab.user = my.username; - } - // mapAttrs' - (n: v: nameValuePair ''url "git@${v}:"'' {insteadOf = "${n}:";}) { - "alpine" = "gitlab.alpinelinux.org"; - "bitbucket" = "bitbucket.com"; - "codeberg" = "codeberg.org"; - "freedesktop" = "gitlab.freedesktop.org"; - "github" = "github.com"; - "gitlab" = "gitlab.com"; - "gnome" = "gitlab.gnome.org"; - "haskell" = "gitlab.haskell.org"; - "kde" = "invent.kde.org"; - "notabug" = "notabug.org"; - "opencode" = "opencode.net"; - "sourcehut" = "git.sr.ht"; - "videolan" = "code.videolan.org"; - }; + config = mkIf cfg.client.enable { + hm = { + home.packages = with pkgs; [glab hut]; - aliases = let - git = "${config.hm.programs.git.package}/bin/git"; - curl = "${pkgs.curl}/bin/curl"; - in { - fuck = "!${git} reset --hard && ${git} clean -fdx"; - gud = ''commit -m "git gud"''; - wtc = "!${curl} -sq whatthecommit.com/index.txt | ${git} commit -F -"; - }; + programs = { + git = { + enable = true; - # All helper tools/editor generated files should go here. This must - # be kept relatively clean and void of any project-specific residual - # files. - ignores = [ - "*~" - ".cache/clangd/" - ".ccls-cache/" - ".dir-locals.el" - ".gdb_history" - ".netrwhist" - ".projectile" - "[._]*.s[a-v][a-z]" - "[._]*.sw[a-p]" - "[._]s[a-rt-v][a-z]" - "[._]ss[a-gi-z]" - "[._]sw[a-p]" - "\#*\#" - "compile_commands*.json" - "cscope.*" - "vgcore.*" - ]; + package = pkgs.git.override { + doInstallCheck = false; + pythonSupport = false; + sendEmailSupport = true; + withLibsecret = false; + withSsh = true; }; - gh = { - enable = true; - settings.git_protocol = "ssh"; + userName = my.fullname; + userEmail = my.email; + signing = { + inherit (my.pgp) key; + signByDefault = true; }; - bash = { - shellAliases = { - gl = "${pkgs.glab}/bin/glab"; - ht = "${pkgs.hut}/bin/hut"; + extraConfig = + { + advice.detachedHead = false; + color.ui = true; + core.whitespace = "trailing-space"; + diff = { + mnemonicPrefix = true; + renames = "copies"; + submodule = "log"; + }; + init.defaultBranch = "master"; + status.submoduleSummary = true; + } + // mapAttrs' + (n: v: nameValuePair ''url "git@${v}:"'' {insteadOf = "${n}:";}) { + "alpine" = "gitlab.alpinelinux.org"; + "bitbucket" = "bitbucket.com"; + "codeberg" = "codeberg.org"; + "freedesktop" = "gitlab.freedesktop.org"; + "github" = "github.com"; + "gitlab" = "gitlab.com"; + "gnome" = "gitlab.gnome.org"; + "haskell" = "gitlab.haskell.org"; + "kde" = "invent.kde.org"; + "notabug" = "notabug.org"; + "opencode" = "opencode.net"; + "sourcehut" = "git.sr.ht"; + "videolan" = "code.videolan.org"; }; - initExtra = mkAfter '' - _complete_alias gl __start_glab glab - _complete_alias ht __start_hut hut - ''; - }; - }; - }; - }) - (mkIf cfg.server.enable { - nixfiles.modules.nginx = { - enable = true; - virtualHosts.${cfg.server.domain} = { - locations = { - "/".extraConfig = let - cgitrc = pkgs.writeText "cgitrc" '' - root-title=azahi’s git stuff - root-desc=鯛も一人はうまからず - - about-filter=${cfg.server.package}/lib/cgit/filters/about-formatting.sh - source-filter=${cfg.server.package}/lib/cgit/filters/syntax-highlighting.py - commit-filter=${cfg.server.package}/lib/cgit/filters/commit-links.sh - - enable-git-config=1 - enable-gitweb-owner=1 - remove-suffix=1 - snapshots=tar.gz tar.bz2 zip - - readme=:README - readme=:README.md - readme=:README.org - readme=:README.txt - readme=:readme - readme=:readme.md - readme=:readme.org - readme=:readme.txt - - scan-path=${config.services.gitolite.dataDir}/repositories - ''; - in '' - include ${config.services.nginx.package}/conf/fastcgi_params; - fastcgi_split_path_info ^(/?)(.+)$; - fastcgi_pass unix:${config.services.fcgiwrap.socketAddress}; - fastcgi_param SCRIPT_FILENAME ${cfg.server.package}/cgit/cgit.cgi; - fastcgi_param CGIT_CONFIG ${cgitrc}; - fastcgi_param PATH_INFO $uri; - fastcgi_param QUERY_STRING $args; - fastcgi_param HTTP_HOST $server_name; - ''; - # FIXME This breaks sources previewing for these files. - "~* ^/(.+.(ico|css|png))$".extraConfig = '' - alias ${cfg.server.package}/cgit/$1; - ''; + aliases = let + git = "${config.hm.programs.git.package}/bin/git"; + curl = "${pkgs.curl}/bin/curl"; + in { + fuck = "!${git} reset --hard && ${git} clean -fdx"; + gud = ''commit -m "git gud"''; + wtc = "!${curl} -sq whatthecommit.com/index.txt | ${git} commit -F -"; }; + + # All helper tools/editor generated files should go here. This must + # be kept relatively clean and void of any project-specific residual + # files. + ignores = [ + "*~" + ".DS_Store" + ".cache/clangd/" + ".ccls-cache/" + ".dir-locals.el" + ".gdb_history" + ".netrwhist" + ".projectile" + "[._]*.s[a-v][a-z]" + "[._]*.sw[a-p]" + "[._]s[a-rt-v][a-z]" + "[._]ss[a-gi-z]" + "[._]sw[a-p]" + "\#*\#" + "compile_commands*.json" + "cscope.*" + "vgcore.*" + ]; }; - }; - services = let - user = "git"; - group = "git"; - in { - gitolite = { - # TODO Make the configuration purely declarative. + gh = { enable = true; - inherit user group; - adminPubkey = my.ssh.key; + settings.git_protocol = "ssh"; }; - fcgiwrap = { - enable = true; - inherit user group; + bash = { + shellAliases = { + gl = "${pkgs.glab}/bin/glab"; + ht = "${pkgs.hut}/bin/hut"; + }; + initExtra = mkAfter '' + _complete_alias gl __start_glab glab + _complete_alias ht __start_hut hut + ''; }; }; - }) - ]; + }; + }; } diff --git a/modules/nixfiles/gnupg.nix b/modules/nixfiles/gnupg.nix index c1419e4..c0f10f9 100644 --- a/modules/nixfiles/gnupg.nix +++ b/modules/nixfiles/gnupg.nix @@ -6,83 +6,53 @@ with lib; let cfg = config.nixfiles.modules.gnupg; in { - options.nixfiles.modules.gnupg = { - enable = mkEnableOption "GnuPG"; - - pinentry = mkOption { - description = "Name of a pinentry implementation."; - type = types.str; - default = "curses"; - }; - }; + options.nixfiles.modules.gnupg.enable = mkEnableOption "GnuPG"; config = mkIf cfg.enable { - hm = { - programs.gpg = { - enable = true; - - homedir = "${config.dirs.data}/gnupg"; - - settings = - { - display-charset = "utf-8"; - enable-progress-filter = true; - fixed-list-mode = true; - keyid-format = "0xlong"; - no-comments = true; - no-emit-version = true; - no-greeting = true; - with-fingerprint = true; - throw-keyids = false; - - use-agent = true; - - armor = true; - - no-random-seed-file = true; - - list-options = "show-uid-validity"; - verify-options = "show-uid-validity"; - } - // (let - cipherAlgos = ["AES256" "AES192" "AES"]; - compressionAlgos = ["ZLIB" "BZIP2" "ZIP" "Uncompressed"]; - digestAlgos = ["SHA512" "SHA384" "SHA256" "SHA224"]; - - cs = concatStringsSep " "; - in { - default-preference-list = - cs (digestAlgos ++ cipherAlgos ++ compressionAlgos); - - personal-cipher-preferences = cs cipherAlgos; - personal-compress-preferences = cs compressionAlgos; - personal-digest-preferences = cs digestAlgos; - - s2k-cipher-algo = head cipherAlgos; - s2k-digest-algo = head digestAlgos; - - digest-algo = head digestAlgos; - cert-digest-algo = head digestAlgos; - }); - }; - - services.gpg-agent = { - enable = true; - - enableSshSupport = true; - enableScDaemon = false; - - defaultCacheTtl = 999999; - defaultCacheTtlSsh = 999999; - maxCacheTtl = 999999; - maxCacheTtlSsh = 999999; - - grabKeyboardAndMouse = true; - - sshKeys = [my.pgp.grip]; - - pinentryFlavor = cfg.pinentry; - }; + hm.programs.gpg = { + enable = true; + + settings = + { + display-charset = "utf-8"; + enable-progress-filter = true; + fixed-list-mode = true; + keyid-format = "0xlong"; + no-comments = true; + no-emit-version = true; + no-greeting = true; + with-fingerprint = true; + throw-keyids = false; + + use-agent = true; + + armor = true; + + no-random-seed-file = true; + + list-options = "show-uid-validity"; + verify-options = "show-uid-validity"; + } + // (let + cipherAlgos = ["AES256" "AES192" "AES"]; + digestAlgos = ["SHA512" "SHA384" "SHA256" "SHA224"]; + compressionAlgos = ["ZLIB" "BZIP2" "ZIP" "Uncompressed"]; + + cs = concatStringsSep " "; + in { + default-preference-list = + cs (cipherAlgos ++ digestAlgos ++ compressionAlgos); + + personal-cipher-preferences = cs cipherAlgos; + personal-digest-preferences = cs digestAlgos; + personal-compress-preferences = cs compressionAlgos; + + s2k-cipher-algo = head cipherAlgos; + s2k-digest-algo = head digestAlgos; + + digest-algo = head digestAlgos; + cert-digest-algo = head digestAlgos; + }); }; }; } diff --git a/modules/nixfiles/nmap.nix b/modules/nixfiles/nmap.nix index 14ad007..65877be 100644 --- a/modules/nixfiles/nmap.nix +++ b/modules/nixfiles/nmap.nix @@ -55,10 +55,5 @@ in { ''; }; }; - - system.extraDependencies = with inputs; [ - nmap-vulners - nmap-vulscan - ]; }; } diff --git a/modules/nixfiles/openssh.nix b/modules/nixfiles/openssh.nix index bf470ca..4b80809 100644 --- a/modules/nixfiles/openssh.nix +++ b/modules/nixfiles/openssh.nix @@ -7,80 +7,52 @@ with lib; let cfg = config.nixfiles.modules.openssh; in { - options.nixfiles.modules.openssh = { - client.enable = mkEnableOption "OpenSSH client"; - server.enable = mkEnableOption "OpenSSH server"; + options.nixfiles.modules.openssh.client.enable = + mkEnableOption "OpenSSH client"; + + config = mkIf cfg.client.enable { + hm = { + home.packages = with pkgs; [mosh sshfs]; + + programs.ssh = { + enable = true; + + hashKnownHosts = true; + + controlMaster = "auto"; + controlPersist = "24H"; + + serverAliveCountMax = 30; + serverAliveInterval = 60; + + matchBlocks = let + mkBlock = name: { + hostname ? name, + port ? 22022, # NOTE This is not the default OpenSSH port. + user ? my.username, + identityFile ? "${config.my.home}/.ssh/${my.username}_${my.ssh.type}", + extraAttrs ? {}, + }: + nameValuePair name ({inherit hostname port user identityFile;} + // extraAttrs); + + internalServers = + mapAttrs' mkBlock + (mapAttrs (name: _: { + hostname = "${name}.${my.domain.shire}"; + }) (filterAttrs (_: attr: + hasAttr "wireguard" attr + && attr.isHeadless) + my.configurations)); + in + internalServers + // (mapAttrs' mkBlock { + gitolite = { + user = "git"; + hostname = "git.${my.domain.shire}"; + }; + }); + }; + }; }; - - config = let - port = 22022; # Port 22 should be occupied by endlessh. - in - mkMerge [ - (mkIf cfg.client.enable { - hm = { - home.packages = with pkgs; [mosh sshfs]; - - programs.ssh = { - enable = true; - - hashKnownHosts = true; - - controlMaster = "auto"; - controlPersist = "24H"; - - serverAliveCountMax = 30; - serverAliveInterval = 60; - - matchBlocks = let - mkBlock = name: { - hostname ? name, - port ? 22, - user ? my.username, - identityFile ? "${config.my.home}/.ssh/id_ed25519", - extraAttrs ? {}, - }: - nameValuePair name ({inherit hostname port user identityFile;} - // extraAttrs); - - internalServers = - mapAttrs' mkBlock - (mapAttrs (name: _: { - hostname = "${name}.${my.domain.shire}"; - inherit port; - }) (filterAttrs (_: attr: - hasAttr "wireguard" attr - && attr.isHeadless) - my.configurations)); - in - internalServers - // (mapAttrs' mkBlock { - gitolite = { - user = "git"; - hostname = "git.${my.domain.shire}"; - inherit port; - }; - }); - }; - }; - }) - (mkIf cfg.server.enable { - programs.mosh.enable = true; - - services = { - openssh = { - enable = true; - ports = [port]; - logLevel = "VERBOSE"; # Required by fail2ban. - permitRootLogin = "no"; - passwordAuthentication = false; - }; - - fail2ban.jails.sshd = '' - enabled = true - mode = aggressive - port = ${toString port} - ''; - }; - }) - ]; } diff --git a/modules/nixfiles/password-store.nix b/modules/nixfiles/password-store.nix index 7eac85e..1de8a55 100644 --- a/modules/nixfiles/password-store.nix +++ b/modules/nixfiles/password-store.nix @@ -7,7 +7,8 @@ with lib; let cfg = config.nixfiles.modules.password-store; in { - options.nixfiles.modules.password-store.enable = mkEnableOption "Unix pass"; + options.nixfiles.modules.password-store.enable = + mkEnableOption "the standard UNIX password manager"; config = mkIf cfg.enable { hm.programs = { @@ -16,7 +17,7 @@ in { package = pkgs.pass.withExtensions (p: with p; [pass-otp]); - settings.PASSWORD_STORE_DIR = "${config.dirs.data}/password-store"; + settings.PASSWORD_STORE_DIR = "${config.my.home}/.password-store"; }; # https://github.com/NixOS/nixpkgs/issues/183604 diff --git a/modules/nixfiles/profiles/default.nix b/modules/nixfiles/profiles/default.nix index 356413a..7d5ee8e 100644 --- a/modules/nixfiles/profiles/default.nix +++ b/modules/nixfiles/profiles/default.nix @@ -77,32 +77,14 @@ in { vim.enable = true; }; - # home-manager.users.root.home.file.".bash_history".source = - # config.hm.lib.file.mkOutOfStoreSymlink "/dev/null"; - - hm.home.language = { - collate = "C"; - messages = "C"; - }; - - programs.less = { - enable = true; - envVariables.LESSHISTFILE = "-"; - }; + time.timeZone = mkDefault "Europe/Moscow"; environment.systemPackages = with pkgs; [ - cryptsetup ddrescue file git gnupg - lshw - lsof - pciutils - psmisc tree - usbutils - util-linux ]; }; } diff --git a/modules/nixfiles/profiles/dev/containers.nix b/modules/nixfiles/profiles/dev/containers.nix index da7aa27..7ec6768 100644 --- a/modules/nixfiles/profiles/dev/containers.nix +++ b/modules/nixfiles/profiles/dev/containers.nix @@ -14,12 +14,9 @@ in { }; config = mkIf cfg.enable { - nixfiles.modules.podman.enable = true; - hm = { home = { sessionVariables = { - MINIKUBE_HOME = "${config.dirs.config}/minikube"; MINIKUBE_IN_STYLE = "false"; WERF_DEV = "true"; WERF_INSECURE_REGISTRY = "true"; @@ -31,15 +28,16 @@ in { }; packages = with pkgs; [ - buildah chart-testing cmctl datree helm kubectl kubectx + kubelogin kubescape kubespy + lima minikube skaffold skopeo @@ -49,12 +47,6 @@ in { ]; }; - xdg.dataFile."minikube/config/config.json".text = generators.toJSON {} { - config.Rootless = true; - driver = "podman"; - container-runtime = "cri-o"; - }; - programs.bash = { shellAliases = with pkgs; { b = "${buildah}/bin/buildah"; diff --git a/modules/nixfiles/profiles/dev/default.nix b/modules/nixfiles/profiles/dev/default.nix index 4656ade..b05aeac 100644 --- a/modules/nixfiles/profiles/dev/default.nix +++ b/modules/nixfiles/profiles/dev/default.nix @@ -2,6 +2,7 @@ config, lib, pkgs, + this, ... }: with lib; let @@ -34,7 +35,7 @@ in { ".ghc/ghci.conf".source = ./ghci.conf; - "${config.dirs.data}/stack/config.yaml".text = generators.toYAML {} { + ".stack/config.yaml".text = generators.toYAML {} { templates.params = rec { author-name = my.fullname; author-email = my.email; @@ -43,16 +44,14 @@ in { }; }; - "${config.dirs.data}/stack/global-project/stack.yaml".text = generators.toYAML {} { + ".stack/global-project/stack.yaml".text = generators.toYAML {} { packages = []; - resolver = "lts-19.28"; + resolver = "lts-20.3"; }; }; sessionVariables = with config.dirs; rec { - ANDROID_HOME = "${data}/android"; - - CABAL_DIR = "${data}/cabal"; + CABAL_DIR = "${config.my.home}/.cabal"; CABAL_CONFIG = pkgs.writeText "cabal-config" '' repository hackage.haskell.org url: https://hackage.haskell.org/ @@ -71,11 +70,11 @@ in { extra-prog-path: ${CABAL_DIR}/bin ''; - STACK_ROOT = "${data}/stack"; + STACK_ROOT = "${config.my.home}/.stack"; - CARGO_HOME = "${data}/cargo"; + CARGO_HOME = "${config.my.home}/.cargo"; - GOPATH = "${data}/go"; + GOPATH = "${config.my.home}/.go"; PYTHONSTARTUP = ./pystartup.py; }; @@ -86,7 +85,5 @@ in { yq ]; }; - - my.extraGroups = ["kvm"]; }; } diff --git a/modules/nixfiles/profiles/dev/sql.nix b/modules/nixfiles/profiles/dev/sql.nix index d6bcba8..7a2a09c 100644 --- a/modules/nixfiles/profiles/dev/sql.nix +++ b/modules/nixfiles/profiles/dev/sql.nix @@ -15,7 +15,11 @@ in { config = mkIf cfg.enable { hm = { - home.packages = with pkgs; [pgcli litecli]; + home.packages = with pkgs; [ + dbeaver + pgcli + litecli + ]; xdg = let mainSection = { diff --git a/modules/nixfiles/profiles/headful.nix b/modules/nixfiles/profiles/headful.nix index f3355b6..1c1f43b 100644 --- a/modules/nixfiles/profiles/headful.nix +++ b/modules/nixfiles/profiles/headful.nix @@ -17,44 +17,27 @@ in { alacritty.enable = true; aria2.enable = true; - chromium.enable = true; emacs.enable = true; - firefox.enable = true; mpv.enable = true; openssh.client.enable = true; password-store.enable = true; - sound.enable = true; - x11.enable = true; - - dwm.enable = mkDefault false; - kde.enable = mkDefault true; - xmonad.enable = mkDefault false; }; hm = { - home.packages = with pkgs; [ - # (openconnect.overrideAttrs (_: super: { - # version = "unstable-2022-10-23"; - # src = pkgs.fetchFromGitLab { - # owner = "openconnect"; - # repo = "openconnect"; - # rev = "acdfc753f7885b2a539f99036ac41ba1b78cc7ae"; - # hash = "sha256-ub+Z4WFD77h5YMQTb+TLc7EyY2KjBWglF1QVTirCHJM="; - # }; - # configureFlags = super.configureFlags ++ [ - # "--with-external-browser=${config.hm.programs.firefox.package}/bin/firefox" - # ]; - # })) - calibre - fd - imv - neochat - ripgrep - ripgrep-all - sd - tdesktop - tor-browser - ]; + home = { + file.".digrc".text = '' + +answer + +multiline + +recurse + ''; + + packages = with pkgs; [ + fd + ripgrep + ripgrep-all + sd + ]; + }; accounts.email = { maildirBasePath = "${config.my.home}/mail"; @@ -105,54 +88,19 @@ in { }; programs = { - bash.shellAliases.open = "${pkgs.xdg-utils}/bin/xdg-open"; mbsync.enable = true; msmtp.enable = true; mu.enable = true; }; }; - boot = { - kernelPackages = mkForce pkgs.linuxPackages_xanmod_latest; - - # There are (arguably) not a lot of reasons to keep mitigations enabled - # for on machine that is not web-facing. First of all, to completely - # mitigate any possible Spectre holes one would need to disable - # Hyperthreading altogether which will essentially put one's computer into - # the stone age by not being able to to effectively utilise multi-core its - # multicore capabilities. Secondly, by enabling mitigations, we introduce - # a plethora of performace overheads[1], which, albeit small, but still - # contribute to the overall speed of things. This is however still poses a - # security risk, which I am willing to take. - # - # [1]: https://www.phoronix.com/scan.php?page=article&item=spectre-meltdown-2&num=11 - kernelParams = ["mitigations=off"]; - }; - - hardware.opengl = { - enable = true; - driSupport = true; - }; - - programs = { - iftop.enable = true; - mtr.enable = true; - traceroute.enable = true; - }; - - services.upower.enable = true; - environment.systemPackages = with pkgs; [ arping dnsutils - ethtool inetutils ldns - nethogs socat tcpdump ]; - - my.extraGroups = ["audio" "video" "input"]; }; } diff --git a/modules/nixfiles/profiles/headless.nix b/modules/nixfiles/profiles/headless.nix index 520b97f..cc7c326 100644 --- a/modules/nixfiles/profiles/headless.nix +++ b/modules/nixfiles/profiles/headless.nix @@ -12,42 +12,12 @@ in { mkEnableOption "headless profile" // {default = this.isHeadless;}; config = mkIf cfg.enable { - nixfiles.modules = { - openssh.server.enable = true; - endlessh-go.enable = true; - - fail2ban.enable = true; - - node-exporter.enable = true; - promtail.enable = true; - }; - hm.home.file = { ".hushlogin".text = ""; ".bash_history".source = config.hm.lib.file.mkOutOfStoreSymlink "/dev/null"; }; - # Pin version to prevent any surprises. - boot.kernelPackages = pkgs.linuxPackages_5_15_hardened; - - nix = { - gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 30d"; - }; - - optimise = { - automatic = true; - dates = ["daily"]; - }; - }; - - services.udisks2.enable = false; - - xdg.sounds.enable = false; - environment.systemPackages = with pkgs; [alacritty.terminfo]; }; } diff --git a/modules/nixfiles/qutebrowser.nix b/modules/nixfiles/qutebrowser.nix index 76f9f98..68a41a5 100644 --- a/modules/nixfiles/qutebrowser.nix +++ b/modules/nixfiles/qutebrowser.nix @@ -532,7 +532,5 @@ in { in concatStringsSep "\n" final + "\n"); }; - - services.psd.enable = true; }; } diff --git a/modules/nixfiles/vscode.nix b/modules/nixfiles/vscode.nix index 7175b36..6671973 100644 --- a/modules/nixfiles/vscode.nix +++ b/modules/nixfiles/vscode.nix @@ -34,16 +34,16 @@ in { extensions = with pkgs; with vscode-extensions; - [editorconfig.editorconfig file-icons.file-icons redhat.vscode-yaml] - ++ optional cfg.vim.enable vscodevim.vim - ++ vscode-utils.extensionsFromVscodeMarketplace [ - { - name = "vscode-xml"; - publisher = "redhat"; - version = "0.20.0"; - hash = "sha256-GKBrf9s8n7Wv14RSfwyDma1dM0fGMvRkU/7v2DAcB9A="; - } - ]; + [ + editorconfig.editorconfig + file-icons.file-icons + gitlab.gitlab-workflow + ms-kubernetes-tools.vscode-kubernetes-tools + redhat.vscode-xml + redhat.vscode-yaml + streetsidesoftware.code-spell-checker + ] + ++ optional cfg.vim.enable vscodevim.vim; userSettings = let font = config.fontScheme.monospaceFont; @@ -61,7 +61,7 @@ in { renderWhitespace = "trailing"; rulers = [80 120]; smoothScrolling = false; - tabCompletion = true; + tabCompletion = "on"; } // (let surround = 10; @@ -160,11 +160,6 @@ in { leader = " "; useSystemClipboard = true; - - autoSwitchInputMethod = let - inputMethod = config.i18n.inputMethod.enabled; - in - mkIf (inputMethod != null) applyInputMethod.${inputMethod}; }; }; }; diff --git a/modules/nixfiles/wget.nix b/modules/nixfiles/wget.nix index 6d7b1b2..9a16fcc 100644 --- a/modules/nixfiles/wget.nix +++ b/modules/nixfiles/wget.nix @@ -11,7 +11,7 @@ in { config = mkIf cfg.enable { hm = { - programs.bash.shellAliases.wget = "${pkgs.wget}/bin/wget --hsts-file=${config.dirs.data}/wget-hsts"; + programs.bash.shellAliases.wget = "${pkgs.wget}/bin/wget --hsts-file=/tmp/wget-hsts"; home.sessionVariables.WGETRC = pkgs.writeText "wgetrc" '' adjust_extension = on diff --git a/modules/nixfiles/acme.nix b/modules/nixos/acme.nix index d3ad661..d3ad661 100644 --- a/modules/nixfiles/acme.nix +++ b/modules/nixos/acme.nix diff --git a/modules/nixfiles/alertmanager.nix b/modules/nixos/alertmanager.nix index 871b0c4..871b0c4 100644 --- a/modules/nixfiles/alertmanager.nix +++ b/modules/nixos/alertmanager.nix diff --git a/modules/nixfiles/android.nix b/modules/nixos/android.nix index 307490a..307490a 100644 --- a/modules/nixfiles/android.nix +++ b/modules/nixos/android.nix diff --git a/modules/nixfiles/bluetooth.nix b/modules/nixos/bluetooth.nix index 8347361..8347361 100644 --- a/modules/nixfiles/bluetooth.nix +++ b/modules/nixos/bluetooth.nix diff --git a/modules/nixfiles/common/console.nix b/modules/nixos/common/console.nix index 3c73695..3c73695 100644 --- a/modules/nixfiles/common/console.nix +++ b/modules/nixos/common/console.nix diff --git a/modules/nixos/common/default.nix b/modules/nixos/common/default.nix new file mode 100644 index 0000000..8724c8b --- /dev/null +++ b/modules/nixos/common/default.nix @@ -0,0 +1,19 @@ +_: { + imports = [ + ./console.nix + ./documentation.nix + ./home-manager.nix + ./kernel.nix + ./locale.nix + ./networking.nix + ./nix.nix + ./secrets.nix + ./security.nix + ./services.nix + ./shell.nix + ./systemd.nix + ./tmp.nix + ./users.nix + ./xdg.nix + ]; +} diff --git a/modules/nixos/common/documentation.nix b/modules/nixos/common/documentation.nix new file mode 100644 index 0000000..f909108 --- /dev/null +++ b/modules/nixos/common/documentation.nix @@ -0,0 +1,31 @@ +{ + config, + lib, + pkgs, + this, + ... +}: +with lib; { + config = mkIf this.isHeadful { + documentation = { + dev.enable = true; + nixos.enable = true; + + man.man-db.manualPages = + (pkgs.buildEnv { + name = "man-paths"; + paths = with config; + environment.systemPackages ++ hm.home.packages; + pathsToLink = ["/share/man"]; + extraOutputsToInstall = ["man"]; + ignoreCollisions = true; + }) + .overrideAttrs (_: _: {__contentAddressed = true;}); + }; + + environment.sessionVariables = { + MANOPT = "--no-hyphenation"; + MANPAGER = "${pkgs.less}/bin/less -+F"; + }; + }; +} diff --git a/modules/nixos/common/home-manager.nix b/modules/nixos/common/home-manager.nix new file mode 100644 index 0000000..52f2fd3 --- /dev/null +++ b/modules/nixos/common/home-manager.nix @@ -0,0 +1,3 @@ +{inputs, ...}: { + imports = [inputs.home-manager.nixosModule]; +} diff --git a/modules/nixfiles/common/kernel.nix b/modules/nixos/common/kernel.nix index 2fdfeeb..2fc40f9 100644 --- a/modules/nixfiles/common/kernel.nix +++ b/modules/nixos/common/kernel.nix @@ -1,7 +1,10 @@ {lib, ...}: with lib; { boot = { - # I don't use it even on laptops. + # I don't use it even on laptops. It's also /required/ to disable it for + # ZFS[1]. + # [1]: https://github.com/openzfs/zfs/issues/260 + # [1]: https://github.com/openzfs/zfs/issues/12842 kernelParams = ["hibernate=no"]; kernel.sysctl = { @@ -30,4 +33,7 @@ with lib; { "vm.vfs_cache_pressure" = 50; }; }; + + # https://docs.kernel.org/admin-guide/mm/ksm.html + hardware.ksm.enable = true; } diff --git a/modules/nixos/common/locale.nix b/modules/nixos/common/locale.nix new file mode 100644 index 0000000..62d19f4 --- /dev/null +++ b/modules/nixos/common/locale.nix @@ -0,0 +1,24 @@ +{lib, ...}: +with lib; { + i18n = { + defaultLocale = mkDefault "en_GB.UTF-8"; + supportedLocales = [ + "C.UTF-8/UTF-8" + "en_GB.UTF-8/UTF-8" + "en_US.UTF-8/UTF-8" + "ja_JP.UTF-8/UTF-8" + "ru_RU.UTF-8/UTF-8" + ]; + }; + + services.xserver = { + layout = comcat ["us" "ru"]; + xkbVariant = comcat ["" "phonetic"]; + xkbOptions = comcat [ + "terminate:ctrl_alt_bksp" + "caps:escape" + "compose:menu" + "grp:win_space_toggle" + ]; + }; +} diff --git a/modules/nixos/common/networking.nix b/modules/nixos/common/networking.nix new file mode 100644 index 0000000..6109933 --- /dev/null +++ b/modules/nixos/common/networking.nix @@ -0,0 +1,108 @@ +{ + config, + lib, + pkgs, + this, + ... +}: +with lib; { + # TODO Support multiple interfaces and IP addresses. + networking = mkMerge [ + { + domain = my.domain.shire; + + hostName = this.hostname; + hostId = substring 0 8 (builtins.hashString "md5" this.hostname); + + # Remove default hostname mappings. This is required at least by the current + # implementation of the montoring module. + hosts = { + "127.0.0.2" = mkForce []; + "::1" = mkForce []; + }; + + nameservers = mkDefault dns.const.quad9.default; + + useDHCP = false; + + firewall = { + enable = true; + + rejectPackets = false; + + allowPing = true; + pingLimit = "--limit 1/minute --limit-burst 5"; + + logRefusedConnections = false; + logRefusedPackets = false; + logRefusedUnicastsOnly = false; + logReversePathDrops = false; + }; + } + (let + interface = "eth0"; # This assumes `usePredictableInterfaceNames` is false. + in + mkIf (hasAttr "ipv4" this && hasAttr "ipv6" this) { + usePredictableInterfaceNames = false; # NOTE This can break something! + interfaces.${interface} = { + ipv4.addresses = with this.ipv4; + optional (isString address && isInt prefixLength) { + inherit address prefixLength; + }; + + ipv6.addresses = with this.ipv6; + optional (isString address && isInt prefixLength) { + inherit address prefixLength; + }; + }; + defaultGateway = with this.ipv4; + mkIf (isString gatewayAddress) { + inherit interface; + address = gatewayAddress; + }; + defaultGateway6 = with this.ipv6; + mkIf (isString gatewayAddress) { + inherit interface; + address = gatewayAddress; + }; + }) + (mkIf this.isHeadful { + interfaces = { + eth0.useDHCP = mkDefault true; + wlan0.useDHCP = mkDefault true; + }; + + networkmanager = { + enable = mkDefault true; + wifi.backend = "iwd"; + }; + + wireless = { + enable = false; + iwd.enable = mkDefault true; + userControlled.enable = true; + allowAuxiliaryImperativeNetworks = true; + }; + }) + ]; + + environment.shellAliases = listToAttrs (map + ({ + name, + value, + }: + nameValuePair name "${pkgs.iproute2}/bin/${value}") [ + { + name = "bridge"; + value = "bridge -color=always"; + } + { + name = "ip"; + value = "ip -color=always"; + } + { + name = "tc"; + value = "tc -color=always"; + } + ]); +} diff --git a/modules/nixos/common/nix.nix b/modules/nixos/common/nix.nix new file mode 100644 index 0000000..07136a0 --- /dev/null +++ b/modules/nixos/common/nix.nix @@ -0,0 +1,39 @@ +{ + config, + inputs, + lib, + this, + ... +}: +with lib; let + cfg = config.nixfiles.modules.common.nix; +in { + options.nixfiles.modules.common.nix.allowedUnfreePackages = mkOption { + description = "A list of allowed unfree packages."; + type = with types; listOf str; + default = []; + }; + + config = { + nix.settings.trusted-users = ["@wheel"]; + + nixpkgs = { + config.allowUnfreePredicate = p: elem (getName p) cfg.allowedUnfreePackages; + + overlays = with inputs; [ + agenix.overlay + # nix-minecraft-servers.overlays.default + xmonad-ng.overlays.default + ]; + }; + + system.stateVersion = with builtins; + head (split "\n" (readFile "${inputs.nixpkgs}/.version")); + + environment = { + sessionVariables.NIX_SHELL_PRESERVE_PROMPT = "1"; + localBinInPath = true; + defaultPackages = []; + }; + }; +} diff --git a/modules/nixfiles/common/secrets.nix b/modules/nixos/common/secrets.nix index 9e59716..4fcdc61 100644 --- a/modules/nixfiles/common/secrets.nix +++ b/modules/nixos/common/secrets.nix @@ -41,7 +41,5 @@ with lib; { }; environment.systemPackages = with pkgs; [agenix]; - - system.extraDependencies = [inputs.agenix]; }; } diff --git a/modules/nixfiles/common/security.nix b/modules/nixos/common/security.nix index 09c5da1..09c5da1 100644 --- a/modules/nixfiles/common/security.nix +++ b/modules/nixos/common/security.nix diff --git a/modules/nixos/common/services.nix b/modules/nixos/common/services.nix new file mode 100644 index 0000000..725502a --- /dev/null +++ b/modules/nixos/common/services.nix @@ -0,0 +1,10 @@ +_: { + services = { + # https://github.com/Irqbalance/irqbalance/issues/54#issuecomment-319245584 + # https://unix.stackexchange.com/questions/710603/should-the-irqbalance-daemon-be-used-on-a-modern-desktop-x86-system + irqbalance.enable = true; + + # https://github.com/NixOS/nixpkgs/issues/135888 + nscd.enableNsncd = true; + }; +} diff --git a/modules/nixos/common/shell.nix b/modules/nixos/common/shell.nix new file mode 100644 index 0000000..5fbc441 --- /dev/null +++ b/modules/nixos/common/shell.nix @@ -0,0 +1,3 @@ +_: { + programs.command-not-found.enable = false; +} diff --git a/modules/nixfiles/common/systemd.nix b/modules/nixos/common/systemd.nix index 5c7282d..5c7282d 100644 --- a/modules/nixfiles/common/systemd.nix +++ b/modules/nixos/common/systemd.nix diff --git a/modules/nixfiles/common/tmp.nix b/modules/nixos/common/tmp.nix index d56e2b6..d56e2b6 100644 --- a/modules/nixfiles/common/tmp.nix +++ b/modules/nixos/common/tmp.nix diff --git a/modules/nixos/common/users.nix b/modules/nixos/common/users.nix new file mode 100644 index 0000000..22e8023 --- /dev/null +++ b/modules/nixos/common/users.nix @@ -0,0 +1,19 @@ +{lib, ...}: +with lib; { + users = { + mutableUsers = false; + + users = { + root.hashedPassword = "@HASHED_PASSWORD@"; + + ${my.username} = { + isNormalUser = true; + uid = 1000; + description = my.fullname; + inherit (my) hashedPassword; + openssh.authorizedKeys.keys = [my.ssh.key]; + extraGroups = ["wheel"]; + }; + }; + }; +} diff --git a/modules/nixfiles/common/xdg.nix b/modules/nixos/common/xdg.nix index 8ddf1ac..8ddf1ac 100644 --- a/modules/nixfiles/common/xdg.nix +++ b/modules/nixos/common/xdg.nix diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix new file mode 100644 index 0000000..b35e461 --- /dev/null +++ b/modules/nixos/default.nix @@ -0,0 +1,59 @@ +_: { + imports = [ + ./acme.nix + ./alertmanager.nix + ./android.nix + ./bluetooth.nix + ./common + ./discord.nix + ./docker.nix + ./dwm.nix + ./emacs.nix + ./endlessh-go.nix + ./endlessh.nix + ./fail2ban.nix + ./fonts.nix + ./games + ./git.nix + ./gnupg.nix + ./gotify.nix + ./grafana.nix + ./hydra.nix + ./ipfs.nix + ./kde.nix + ./libvirtd.nix + ./lidarr.nix + ./loki.nix + ./lxc.nix + ./matrix + ./monitoring + ./nextcloud.nix + ./nginx.nix + ./node-exporter.nix + ./nsd.nix + ./openssh.nix + ./podman.nix + ./postgresql.nix + ./profiles + ./prometheus.nix + ./promtail.nix + ./psd.nix + ./radarr.nix + ./radicale.nix + ./rss-bridge.nix + ./rtorrent.nix + ./searx.nix + ./shadowsocks.nix + ./soju.nix + ./solaar.nix + ./sonarr.nix + ./sound.nix + ./syncthing.nix + ./throttled.nix + ./unbound.nix + ./vaultwarden.nix + ./wireguard.nix + ./x11.nix + ./xmonad.nix + ]; +} diff --git a/modules/nixos/discord.nix b/modules/nixos/discord.nix new file mode 100644 index 0000000..190b5fc --- /dev/null +++ b/modules/nixos/discord.nix @@ -0,0 +1,22 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.nixfiles.modules.discord; +in { + options.nixfiles.modules.discord.enable = + mkEnableOption "Steam runtime"; + + config = mkIf cfg.enable { + nixfiles.modules.common.nix.allowedUnfreePackages = ["discord"]; + + hm.home.packages = with pkgs; [ + (discord.override { + withOpenASAR = true; + }) + ]; + }; +} diff --git a/modules/nixfiles/docker.nix b/modules/nixos/docker.nix index e642030..e642030 100644 --- a/modules/nixfiles/docker.nix +++ b/modules/nixos/docker.nix diff --git a/modules/nixfiles/dwm.nix b/modules/nixos/dwm.nix index 618d8ed..618d8ed 100644 --- a/modules/nixfiles/dwm.nix +++ b/modules/nixos/dwm.nix diff --git a/modules/nixos/emacs.nix b/modules/nixos/emacs.nix new file mode 100644 index 0000000..800d411 --- /dev/null +++ b/modules/nixos/emacs.nix @@ -0,0 +1,30 @@ +{ + config, + inputs, + lib, + ... +}: +with lib; let + cfg = config.nixfiles.modules.emacs; +in { + config = mkIf cfg.enable { + secrets.authinfo = { + file = "${inputs.self}/secrets/authinfo"; + owner = my.username; + inherit (config.my) group; + }; + + nixfiles.modules.x11.enable = true; + + hm = { + programs.doom-emacs.extraConfig = '' + (appendq! auth-sources '("${config.secrets.authinfo.path}")) + ''; + + services.emacs = { + enable = true; + client.enable = true; + }; + }; + }; +} diff --git a/modules/nixfiles/endlessh-go.nix b/modules/nixos/endlessh-go.nix index 9ceb4e4..435305d 100644 --- a/modules/nixfiles/endlessh-go.nix +++ b/modules/nixos/endlessh-go.nix @@ -1,8 +1,6 @@ { config, - inputs, lib, - pkgs, this, ... }: diff --git a/modules/nixos/endlessh.nix b/modules/nixos/endlessh.nix new file mode 100644 index 0000000..67789fd --- /dev/null +++ b/modules/nixos/endlessh.nix @@ -0,0 +1,24 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.nixfiles.modules.endlessh; +in { + options.nixfiles.modules.endlessh.enable = mkEnableOption "endlessh"; + + config = let + port = 22; + in + mkIf cfg.enable { + services.endlessh = { + enable = true; + inherit port; + extraOptions = ["-v" "-4"]; + }; + + networking.firewall.allowedTCPPorts = [port]; + }; +} diff --git a/modules/nixfiles/fail2ban.nix b/modules/nixos/fail2ban.nix index 5ac3c9c..5ac3c9c 100644 --- a/modules/nixfiles/fail2ban.nix +++ b/modules/nixos/fail2ban.nix diff --git a/modules/nixos/fonts.nix b/modules/nixos/fonts.nix new file mode 100644 index 0000000..d4a7330 --- /dev/null +++ b/modules/nixos/fonts.nix @@ -0,0 +1,45 @@ +{ + config, + lib, + ... +}: +with lib; let + cfg = config.nixfiles.modules.fonts; +in { + config = mkMerge [ + (mkIf cfg.enable { + hm.fonts.fontconfig.enable = true; + fonts.fontconfig = { + enable = true; + + defaultFonts = { + monospace = [ + "Iosevka" + "Sarasa Mono K" + "Sarasa Mono J" + "Sarasa Mono SC" + "Sarasa Mono CL" + ]; + sansSerif = [ + "Iosevka Aile" + "Sarasa Gothic K" + "Sarasa Gothic J" + "Sarasa Gothic SC" + "Sarasa Gothic CL" + ]; + serif = [ + "Iosevka Etoile" + "Sarasa Gothic K" + "Sarasa Gothic J" + "Sarasa Gothic SC" + "Sarasa Gothic CL" + ]; + }; + }; + }) + (mkIf (!cfg.enable) { + hm.fonts.fontconfig.enable = false; + fonts.fontconfig.enable = false; + }) + ]; +} diff --git a/modules/nixfiles/games/default.nix b/modules/nixos/games/default.nix index 1c5766b..1c5766b 100644 --- a/modules/nixfiles/games/default.nix +++ b/modules/nixos/games/default.nix diff --git a/modules/nixfiles/games/gamemode.nix b/modules/nixos/games/gamemode.nix index 051d12e..051d12e 100644 --- a/modules/nixfiles/games/gamemode.nix +++ b/modules/nixos/games/gamemode.nix diff --git a/modules/nixfiles/games/gog.nix b/modules/nixos/games/gog.nix index 86039f1..86039f1 100644 --- a/modules/nixfiles/games/gog.nix +++ b/modules/nixos/games/gog.nix diff --git a/modules/nixfiles/games/lutris.nix b/modules/nixos/games/lutris.nix index e7faef3..72179fc 100644 --- a/modules/nixfiles/games/lutris.nix +++ b/modules/nixos/games/lutris.nix @@ -16,20 +16,17 @@ in { steam-run.enable = true; }; - # This removes the annoying warning. - boot.kernel.sysctl."dev.i915.perf_stream_paranoid" = 0; - hm.home.packages = with pkgs; [ (lutris.override { lutris-unwrapped = lutris-unwrapped.override { wine = buildFHSUserEnv { - # We don't really need Wine because Lutris downloads the required + # We don't really need Wine because Lutris downloads a required # runtime for us. name = "empty"; }; }; - steamSupport = false; }) + vkBasalt ]; }; } diff --git a/modules/nixfiles/games/mangohud.nix b/modules/nixos/games/mangohud.nix index b521687..d693c82 100644 --- a/modules/nixfiles/games/mangohud.nix +++ b/modules/nixos/games/mangohud.nix @@ -13,13 +13,13 @@ in { enable = true; settings = { fps = true; + frame_timing = true; gpu_stats = true; gpu_temp = true; cpu_stats = true; cpu_temp = true; - }; - settingsPerApplication = { - mpv.no_display = true; + ram = true; + vram = true; }; }; }; diff --git a/modules/nixfiles/games/minecraft.nix b/modules/nixos/games/minecraft.nix index 47279f8..e53f9eb 100644 --- a/modules/nixfiles/games/minecraft.nix +++ b/modules/nixos/games/minecraft.nix @@ -23,8 +23,6 @@ in { config = mkMerge [ (mkIf cfg.client.enable { hm.home.packages = with pkgs; [pollymc]; - - system.extraDependencies = [inputs.pollymc]; }) (mkIf cfg.server.enable { # Configurations, opslist, whitelist and plugins are managed imperatively. @@ -47,8 +45,6 @@ in { # Defined in /var/lib/minecraft/server.properties. networking.firewall.allowedTCPPorts = [55565]; - - system.extraDependencies = [inputs.nix-minecraft-servers]; }) ]; } diff --git a/modules/nixfiles/games/steam-run.nix b/modules/nixos/games/steam-run.nix index 4731fd6..1a1e61f 100644 --- a/modules/nixfiles/games/steam-run.nix +++ b/modules/nixos/games/steam-run.nix @@ -11,12 +11,15 @@ in { enable = mkEnableOption "native Steam runtime"; quirks = { - mountandblade = mkEnableOption ''fixes for "Mount & Blade: Warband" issues''; + mountAndBladeWarband = mkEnableOption ''fixes for "Mount & Blade: Warband" issues''; + cryptOfTheNecrodancer = mkEnableOption ''fixes for "Crypt of the NecroDancer" issues''; }; }; config = mkIf cfg.enable { nixfiles.modules = { + common.nix.allowedUnfreePackages = ["steam" "steam-run"]; + games = { enable32BitSupport = true; gamemode.enable = true; @@ -27,11 +30,12 @@ in { (steam.override { extraLibraries = _: with cfg.quirks; - optionals mountandblade [ + [] + ++ optionals mountAndBladeWarband [ (glew.overrideAttrs (_: super: let opname = super.pname; in rec { - pname = "${opname}-mbw"; + pname = "${opname}-runfix"; inherit (super) version; src = fetchurl { url = "mirror://sourceforge/${opname}/${opname}-${version}.tgz"; @@ -41,7 +45,7 @@ in { (fmodex.overrideAttrs (_: super: let opname = super.pname; in rec { - pname = "${opname}-mbw"; + pname = "${opname}-runfix"; inherit (super) version; installPhase = let libPath = makeLibraryPath [ @@ -54,16 +58,16 @@ in { patchelf --set-rpath ${libPath} $out/lib/libfmodex64.so ''; })) + ] + ++ optionals cryptOfTheNecrodancer [ + (import (builtins.fetchTarball { + url = "https://github.com/NixOS/nixpkgs/archive/d1c3fea7ecbed758168787fe4e4a3157e52bc808.tar.gz"; + sha256 = "0ykm15a690v8lcqf2j899za3j6hak1rm3xixdxsx33nz7n3swsyy"; + }) {inherit (config.nixpkgs) config localSystem;}) + .flac ]; }) .run ]; - - nixpkgs.config.allowUnfreePredicate = p: - elem (getName p) [ - "steam" - "steam-original" - "steam-run" - ]; }; } diff --git a/modules/nixfiles/games/steam.nix b/modules/nixos/games/steam.nix index bbd01f6..8dfa72c 100644 --- a/modules/nixfiles/games/steam.nix +++ b/modules/nixos/games/steam.nix @@ -11,18 +11,15 @@ in { mkEnableOption "Steam runtime"; config = mkIf cfg.enable { - nixfiles.modules.games = { - enable32BitSupport = true; - gamemode.enable = true; + nixfiles.modules = { + common.nix.allowedUnfreePackages = ["steam" "steam-original"]; + + games = { + enable32BitSupport = true; + gamemode.enable = true; + }; }; hm.home.packages = with pkgs; [steam]; - - nixpkgs.config.allowUnfreePredicate = p: - elem (getName p) [ - "steam" - "steam-original" - "steam-run" - ]; }; } diff --git a/modules/nixos/git.nix b/modules/nixos/git.nix new file mode 100644 index 0000000..f754588 --- /dev/null +++ b/modules/nixos/git.nix @@ -0,0 +1,117 @@ +{ + config, + lib, + inputs, + pkgs, + ... +}: +with lib; let + cfg = config.nixfiles.modules.git; +in { + options.nixfiles.modules.git.server = { + enable = mkEnableOption "Git server"; + + domain = mkOption { + description = "Domain name sans protocol scheme."; + type = with types; nullOr str; + default = "git.${config.networking.domain}"; + }; + + package = mkOption { + description = "Package."; + type = types.package; + default = pkgs.cgit-pink; + }; + }; + + config = mkMerge [ + (mkIf cfg.client.enable { + secrets = { + glab-cli-config = { + file = "${inputs.self}/secrets/glab-cli-config"; + path = "${config.dirs.config}/glab-cli/config.yml"; + owner = my.username; + inherit (config.my) group; + }; + gh-hosts = { + file = "${inputs.self}/secrets/gh-hosts"; + path = "${config.dirs.config}/gh/hosts.yml"; + owner = my.username; + inherit (config.my) group; + }; + hut = { + file = "${inputs.self}/secrets/hut"; + path = "${config.dirs.config}/hut/config"; + owner = my.username; + inherit (config.my) group; + }; + }; + }) + (mkIf cfg.server.enable { + nixfiles.modules.nginx = { + enable = true; + virtualHosts.${cfg.server.domain} = { + locations = { + "/".extraConfig = let + cgitrc = pkgs.writeText "cgitrc" '' + root-title=azahi’s git stuff + root-desc=鯛も一人はうまからず + + about-filter=${cfg.server.package}/lib/cgit/filters/about-formatting.sh + source-filter=${cfg.server.package}/lib/cgit/filters/syntax-highlighting.py + commit-filter=${cfg.server.package}/lib/cgit/filters/commit-links.sh + + enable-git-config=1 + enable-gitweb-owner=1 + remove-suffix=1 + + snapshots=tar.gz tar.bz2 zip + + readme=:README + readme=:README.md + readme=:README.org + readme=:README.txt + readme=:readme + readme=:readme.md + readme=:readme.org + readme=:readme.txt + + scan-path=${config.services.gitolite.dataDir}/repositories + ''; + in '' + include ${config.services.nginx.package}/conf/fastcgi_params; + fastcgi_split_path_info ^(/?)(.+)$; + fastcgi_pass unix:${config.services.fcgiwrap.socketAddress}; + fastcgi_param SCRIPT_FILENAME ${cfg.server.package}/cgit/cgit.cgi; + fastcgi_param CGIT_CONFIG ${cgitrc}; + fastcgi_param PATH_INFO $uri; + fastcgi_param QUERY_STRING $args; + fastcgi_param HTTP_HOST $server_name; + ''; + # FIXME This breaks sources previewing for these files. + "~* ^/(.+.(ico|css|png))$".extraConfig = '' + alias ${cfg.server.package}/cgit/$1; + ''; + }; + }; + }; + + services = let + user = "git"; + group = "git"; + in { + gitolite = { + # TODO Make the configuration purely declarative. + enable = true; + inherit user group; + adminPubkey = my.ssh.key; + }; + + fcgiwrap = { + enable = true; + inherit user group; + }; + }; + }) + ]; +} diff --git a/modules/nixos/gnupg.nix b/modules/nixos/gnupg.nix new file mode 100644 index 0000000..b86be9b --- /dev/null +++ b/modules/nixos/gnupg.nix @@ -0,0 +1,38 @@ +{ + config, + lib, + ... +}: +with lib; let + cfg = config.nixfiles.modules.gnupg; +in { + options.nixfiles.modules.gnupg.pinentry = mkOption { + description = "Name of a pinentry implementation."; + type = types.str; + default = "curses"; + }; + + config = mkIf cfg.enable { + hm = { + programs.gpg.homedir = "${config.dirs.data}/gnupg"; + + services.gpg-agent = { + enable = true; + + enableSshSupport = true; + enableScDaemon = false; + + defaultCacheTtl = 999999; + defaultCacheTtlSsh = 999999; + maxCacheTtl = 999999; + maxCacheTtlSsh = 999999; + + grabKeyboardAndMouse = true; + + sshKeys = [my.pgp.grip]; + + pinentryFlavor = cfg.pinentry; + }; + }; + }; +} diff --git a/modules/nixfiles/gotify.nix b/modules/nixos/gotify.nix index db47bb4..db47bb4 100644 --- a/modules/nixfiles/gotify.nix +++ b/modules/nixos/gotify.nix diff --git a/modules/nixfiles/grafana.nix b/modules/nixos/grafana.nix index a614502..a614502 100644 --- a/modules/nixfiles/grafana.nix +++ b/modules/nixos/grafana.nix diff --git a/modules/nixfiles/hydra.nix b/modules/nixos/hydra.nix index 590fecb..590fecb 100644 --- a/modules/nixfiles/hydra.nix +++ b/modules/nixos/hydra.nix diff --git a/modules/nixfiles/ipfs.nix b/modules/nixos/ipfs.nix index 0ec64e5..0ec64e5 100644 --- a/modules/nixfiles/ipfs.nix +++ b/modules/nixos/ipfs.nix diff --git a/modules/nixfiles/kde.nix b/modules/nixos/kde.nix index a430294..a430294 100644 --- a/modules/nixfiles/kde.nix +++ b/modules/nixos/kde.nix diff --git a/modules/nixfiles/libvirtd.nix b/modules/nixos/libvirtd.nix index ae8b336..ae8b336 100644 --- a/modules/nixfiles/libvirtd.nix +++ b/modules/nixos/libvirtd.nix diff --git a/modules/nixfiles/lidarr.nix b/modules/nixos/lidarr.nix index f73f917..f73f917 100644 --- a/modules/nixfiles/lidarr.nix +++ b/modules/nixos/lidarr.nix diff --git a/modules/nixfiles/loki.nix b/modules/nixos/loki.nix index 1582164..1582164 100644 --- a/modules/nixfiles/loki.nix +++ b/modules/nixos/loki.nix diff --git a/modules/nixfiles/lxc.nix b/modules/nixos/lxc.nix index 4f7805f..4f7805f 100644 --- a/modules/nixfiles/lxc.nix +++ b/modules/nixos/lxc.nix diff --git a/modules/nixfiles/matrix/default.nix b/modules/nixos/matrix/default.nix index bd221c4..bd221c4 100644 --- a/modules/nixfiles/matrix/default.nix +++ b/modules/nixos/matrix/default.nix diff --git a/modules/nixfiles/matrix/dendrite.nix b/modules/nixos/matrix/dendrite.nix index 0fad5f2..0fad5f2 100644 --- a/modules/nixfiles/matrix/dendrite.nix +++ b/modules/nixos/matrix/dendrite.nix diff --git a/modules/nixfiles/matrix/element.nix b/modules/nixos/matrix/element.nix index 3d47800..3d47800 100644 --- a/modules/nixfiles/matrix/element.nix +++ b/modules/nixos/matrix/element.nix diff --git a/modules/nixfiles/matrix/synapse.nix b/modules/nixos/matrix/synapse.nix index 6ff5e0d..6ff5e0d 100644 --- a/modules/nixfiles/matrix/synapse.nix +++ b/modules/nixos/matrix/synapse.nix diff --git a/modules/nixfiles/monitoring/dashboards/endlessh.json b/modules/nixos/monitoring/dashboards/endlessh.json index 0b47ee2..0b47ee2 100644 --- a/modules/nixfiles/monitoring/dashboards/endlessh.json +++ b/modules/nixos/monitoring/dashboards/endlessh.json diff --git a/modules/nixfiles/monitoring/dashboards/nginx.json b/modules/nixos/monitoring/dashboards/nginx.json index b2cc499..b2cc499 100644 --- a/modules/nixfiles/monitoring/dashboards/nginx.json +++ b/modules/nixos/monitoring/dashboards/nginx.json diff --git a/modules/nixfiles/monitoring/dashboards/postgresql.json b/modules/nixos/monitoring/dashboards/postgresql.json index 4e533f7..4e533f7 100644 --- a/modules/nixfiles/monitoring/dashboards/postgresql.json +++ b/modules/nixos/monitoring/dashboards/postgresql.json diff --git a/modules/nixfiles/monitoring/dashboards/unbound.json b/modules/nixos/monitoring/dashboards/unbound.json index 8a0d503..8a0d503 100644 --- a/modules/nixfiles/monitoring/dashboards/unbound.json +++ b/modules/nixos/monitoring/dashboards/unbound.json diff --git a/modules/nixfiles/monitoring/default.nix b/modules/nixos/monitoring/default.nix index 4ff4c50..4ff4c50 100644 --- a/modules/nixfiles/monitoring/default.nix +++ b/modules/nixos/monitoring/default.nix diff --git a/modules/nixfiles/nextcloud.nix b/modules/nixos/nextcloud.nix index 69bea8a..69bea8a 100644 --- a/modules/nixfiles/nextcloud.nix +++ b/modules/nixos/nextcloud.nix diff --git a/modules/nixfiles/nginx.nix b/modules/nixos/nginx.nix index b8ab24d..b8ab24d 100644 --- a/modules/nixfiles/nginx.nix +++ b/modules/nixos/nginx.nix diff --git a/modules/nixfiles/node-exporter.nix b/modules/nixos/node-exporter.nix index 43f48f6..43f48f6 100644 --- a/modules/nixfiles/node-exporter.nix +++ b/modules/nixos/node-exporter.nix diff --git a/modules/nixfiles/nsd.nix b/modules/nixos/nsd.nix index f5a7d84..0dade8f 100644 --- a/modules/nixfiles/nsd.nix +++ b/modules/nixos/nsd.nix @@ -170,7 +170,5 @@ in { allowedTCPPorts = [53]; allowedUDPPorts = allowedTCPPorts; }; - - system.extraDependencies = [inputs.dns-nix]; }; } diff --git a/modules/nixos/openssh.nix b/modules/nixos/openssh.nix new file mode 100644 index 0000000..00d2852 --- /dev/null +++ b/modules/nixos/openssh.nix @@ -0,0 +1,34 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.nixfiles.modules.openssh; +in { + options.nixfiles.modules.openssh.server.enable = + mkEnableOption "OpenSSH server"; + + config = mkIf cfg.server.enable { + programs.mosh.enable = true; + + services = let + port = 22022; # Port 22 should be occupied by a tarpit. + in { + openssh = { + enable = true; + ports = [port]; + logLevel = "VERBOSE"; # Required by fail2ban. + permitRootLogin = "no"; + passwordAuthentication = false; + }; + + fail2ban.jails.sshd = '' + enabled = true + mode = aggressive + port = ${toString port} + ''; + }; + }; +} diff --git a/modules/nixfiles/podman.nix b/modules/nixos/podman.nix index 1c5378b..1c5378b 100644 --- a/modules/nixfiles/podman.nix +++ b/modules/nixos/podman.nix diff --git a/modules/nixfiles/postgresql.nix b/modules/nixos/postgresql.nix index df05e7e..df05e7e 100644 --- a/modules/nixfiles/postgresql.nix +++ b/modules/nixos/postgresql.nix diff --git a/modules/nixos/profiles/default.nix b/modules/nixos/profiles/default.nix new file mode 100644 index 0000000..d5ab838 --- /dev/null +++ b/modules/nixos/profiles/default.nix @@ -0,0 +1,33 @@ +{ + config, + lib, + pkgs, + this, + ... +}: +with lib; let + cfg = config.nixfiles.modules.profiles.default; +in { + imports = [ + ./dev + ./headful.nix + ./headless.nix + ]; + + config = mkIf cfg.enable { + programs.less = { + enable = true; + envVariables.LESSHISTFILE = "-"; + }; + + environment.systemPackages = with pkgs; [ + cryptsetup + lshw + lsof + pciutils + psmisc + usbutils + util-linux + ]; + }; +} diff --git a/modules/nixos/profiles/dev/containers.nix b/modules/nixos/profiles/dev/containers.nix new file mode 100644 index 0000000..195b892 --- /dev/null +++ b/modules/nixos/profiles/dev/containers.nix @@ -0,0 +1,27 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.nixfiles.modules.profiles.dev.containers; +in { + config = mkIf cfg.enable { + nixfiles.modules.podman.enable = true; + + hm = { + home = { + sessionVariables.MINIKUBE_HOME = "${config.dirs.config}/minikube"; + + packages = with pkgs; [buildah]; + }; + + xdg.dataFile."minikube/config/config.json".text = generators.toJSON {} { + config.Rootless = true; + driver = "podman"; + container-runtime = "cri-o"; + }; + }; + }; +} diff --git a/modules/nixos/profiles/dev/default.nix b/modules/nixos/profiles/dev/default.nix new file mode 100644 index 0000000..83d41c0 --- /dev/null +++ b/modules/nixos/profiles/dev/default.nix @@ -0,0 +1,19 @@ +{ + config, + lib, + pkgs, + this, + ... +}: +with lib; let + cfg = config.nixfiles.modules.profiles.dev.default; +in { + config = mkIf cfg.enable { + hm.home.language = { + collate = "C"; + messages = "C"; + }; + + my.extraGroups = ["kvm"]; + }; +} diff --git a/modules/nixos/profiles/headful.nix b/modules/nixos/profiles/headful.nix new file mode 100644 index 0000000..01c442e --- /dev/null +++ b/modules/nixos/profiles/headful.nix @@ -0,0 +1,88 @@ +{ + config, + lib, + pkgs, + this, + ... +}: +with lib; let + cfg = config.nixfiles.modules.profiles.headful; +in { + config = mkIf cfg.enable { + nixfiles.modules = { + chromium.enable = true; + firefox.enable = true; + sound.enable = true; + x11.enable = true; + + dwm.enable = mkDefault false; + kde.enable = mkDefault true; + xmonad.enable = mkDefault false; + }; + + hm = { + home.packages = with pkgs; [ + calibre + imv + neochat + tdesktop + tor-browser + ]; + + programs.bash.shellAliases.open = "${pkgs.xdg-utils}/bin/xdg-open"; + }; + + boot = { + # Pretty much placebo but has some nice patches for `-march=native` + # optimisations, P-State Zen4 support and Fsync for Wine. + kernelPackages = mkDefault pkgs.linuxPackages_xanmod_latest; + + # There are (arguably) not a lot of reasons to keep mitigations enabled + # for on machine that is not web-facing. First of all, to completely + # mitigate any possible Spectre holes one would need to disable + # Hyperthreading altogether which will essentially put one's computer into + # the stone age by not being able to to effectively utilise multi-core its + # multicore capabilities. Secondly, by enabling mitigations, we introduce + # a plethora of performace overheads[1], which, albeit small, but still + # contribute to the overall speed of things. This is however still poses a + # security risk, which I am willing to take. + # + # [1]: https://www.phoronix.com/scan.php?page=article&item=spectre-meltdown-2&num=11 + kernelParams = ["mitigations=off"]; + + loader = { + efi.canTouchEfiVariables = true; + + systemd-boot = { + enable = true; + configurationLimit = 10; + }; + }; + }; + + hardware.opengl = { + enable = true; + driSupport = true; + }; + + programs = { + iftop.enable = true; + mtr.enable = true; + traceroute.enable = true; + }; + + services = { + # https://github.com/NixOS/nixpkgs/issues/135888 + upower.enable = true; + + psd.enable = true; + }; + + environment.systemPackages = with pkgs; [ + ethtool + nethogs + ]; + + my.extraGroups = ["audio" "video" "input"]; + }; +} diff --git a/modules/nixos/profiles/headless.nix b/modules/nixos/profiles/headless.nix new file mode 100644 index 0000000..9faf531 --- /dev/null +++ b/modules/nixos/profiles/headless.nix @@ -0,0 +1,42 @@ +{ + config, + lib, + pkgs, + this, + ... +}: +with lib; let + cfg = config.nixfiles.modules.profiles.headless; +in { + config = mkIf cfg.enable { + nixfiles.modules = { + openssh.server.enable = true; + endlessh-go.enable = true; + + fail2ban.enable = true; + + node-exporter.enable = true; + promtail.enable = true; + }; + + # Pin version to prevent any surprises. + boot.kernelPackages = pkgs.linuxPackages_5_15_hardened; + + nix = { + gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 30d"; + }; + + optimise = { + automatic = true; + dates = ["daily"]; + }; + }; + + services.udisks2.enable = false; + + xdg.sounds.enable = false; + }; +} diff --git a/modules/nixfiles/prometheus.nix b/modules/nixos/prometheus.nix index a75c151..a75c151 100644 --- a/modules/nixfiles/prometheus.nix +++ b/modules/nixos/prometheus.nix diff --git a/modules/nixfiles/promtail.nix b/modules/nixos/promtail.nix index 552df82..552df82 100644 --- a/modules/nixfiles/promtail.nix +++ b/modules/nixos/promtail.nix diff --git a/modules/nixfiles/psd.nix b/modules/nixos/psd.nix index 77d3c66..77d3c66 100644 --- a/modules/nixfiles/psd.nix +++ b/modules/nixos/psd.nix diff --git a/modules/nixfiles/radarr.nix b/modules/nixos/radarr.nix index 0abfdf2..0abfdf2 100644 --- a/modules/nixfiles/radarr.nix +++ b/modules/nixos/radarr.nix diff --git a/modules/nixfiles/radicale.nix b/modules/nixos/radicale.nix index c903d39..c903d39 100644 --- a/modules/nixfiles/radicale.nix +++ b/modules/nixos/radicale.nix diff --git a/modules/nixfiles/rss-bridge.nix b/modules/nixos/rss-bridge.nix index fef1070..fef1070 100644 --- a/modules/nixfiles/rss-bridge.nix +++ b/modules/nixos/rss-bridge.nix diff --git a/modules/nixfiles/rtorrent.nix b/modules/nixos/rtorrent.nix index 4014a3b..4014a3b 100644 --- a/modules/nixfiles/rtorrent.nix +++ b/modules/nixos/rtorrent.nix diff --git a/modules/nixfiles/searx.nix b/modules/nixos/searx.nix index 9462d5d..9462d5d 100644 --- a/modules/nixfiles/searx.nix +++ b/modules/nixos/searx.nix diff --git a/modules/nixfiles/shadowsocks.nix b/modules/nixos/shadowsocks.nix index b59359c..b59359c 100644 --- a/modules/nixfiles/shadowsocks.nix +++ b/modules/nixos/shadowsocks.nix diff --git a/modules/nixfiles/soju.nix b/modules/nixos/soju.nix index 14faf00..14faf00 100644 --- a/modules/nixfiles/soju.nix +++ b/modules/nixos/soju.nix diff --git a/modules/nixfiles/solaar.nix b/modules/nixos/solaar.nix index ceff23d..ceff23d 100644 --- a/modules/nixfiles/solaar.nix +++ b/modules/nixos/solaar.nix diff --git a/modules/nixfiles/sonarr.nix b/modules/nixos/sonarr.nix index 8c79175..8c79175 100644 --- a/modules/nixfiles/sonarr.nix +++ b/modules/nixos/sonarr.nix diff --git a/modules/nixfiles/sound.nix b/modules/nixos/sound.nix index ae35e44..ae35e44 100644 --- a/modules/nixfiles/sound.nix +++ b/modules/nixos/sound.nix diff --git a/modules/nixfiles/syncthing.nix b/modules/nixos/syncthing.nix index b690ab4..b690ab4 100644 --- a/modules/nixfiles/syncthing.nix +++ b/modules/nixos/syncthing.nix diff --git a/modules/nixfiles/throttled.nix b/modules/nixos/throttled.nix index f182ee1..f182ee1 100644 --- a/modules/nixfiles/throttled.nix +++ b/modules/nixos/throttled.nix diff --git a/modules/nixfiles/unbound.nix b/modules/nixos/unbound.nix index 8c40291..8c40291 100644 --- a/modules/nixfiles/unbound.nix +++ b/modules/nixos/unbound.nix diff --git a/modules/nixfiles/vaultwarden.nix b/modules/nixos/vaultwarden.nix index 7d51667..7d51667 100644 --- a/modules/nixfiles/vaultwarden.nix +++ b/modules/nixos/vaultwarden.nix diff --git a/modules/nixfiles/wireguard.nix b/modules/nixos/wireguard.nix index d05c6ae..d05c6ae 100644 --- a/modules/nixfiles/wireguard.nix +++ b/modules/nixos/wireguard.nix diff --git a/modules/nixfiles/x11.nix b/modules/nixos/x11.nix index cd8dfbe..cd8dfbe 100644 --- a/modules/nixfiles/x11.nix +++ b/modules/nixos/x11.nix diff --git a/modules/nixfiles/xmonad.nix b/modules/nixos/xmonad.nix index 847110e..2cc7ad6 100644 --- a/modules/nixfiles/xmonad.nix +++ b/modules/nixos/xmonad.nix @@ -24,7 +24,5 @@ in { }; services.xserver.displayManager.startx.enable = true; - - system.extraDependencies = [inputs.xmonad-ng]; }; } diff --git a/configurations/default.nix b/nixosConfigurations/default.nix index a488cf1..8ebeda4 100644 --- a/configurations/default.nix +++ b/nixosConfigurations/default.nix @@ -7,14 +7,23 @@ with lib; let modules ? [], configuration ? ./${name}, this ? my.configurations.${name}, + extraSpecialArgs ? { + localUsername = my.username; + localHostname = this.hostname; + }, }: nameValuePair name (nixosSystem { inherit (this) system; modules = - attrValues inputs.self.nixosModules - ++ modules + modules + ++ attrValues inputs.self.modules + ++ attrValues inputs.self.nixosModules ++ optional (configuration != null) (import configuration); - specialArgs = {inherit inputs lib this;}; + specialArgs = + { + inherit inputs lib this; + } + // extraSpecialArgs; }); in mapAttrs' mkConfiguration { @@ -46,7 +55,7 @@ in }; }; - # A beefy desktop PC: 7950x/rx6750xt/128GB. + # A beefy desktop: 7950x/rx6750xt/128GB. eonwe.modules = with inputs; [ nixos-hardware.nixosModules.common-cpu-amd nixos-hardware.nixosModules.common-gpu-amd diff --git a/configurations/eonwe/default.nix b/nixosConfigurations/eonwe/default.nix index c9af8e5..a867837 100644 --- a/configurations/eonwe/default.nix +++ b/nixosConfigurations/eonwe/default.nix @@ -2,6 +2,7 @@ config, lib, pkgs, + this, ... }: with lib; { @@ -18,6 +19,7 @@ with lib; { }; android.enable = true; bluetooth.enable = true; + discord.enable = true; libvirtd.enable = true; qutebrowser.enable = true; }; @@ -27,41 +29,28 @@ with lib; { mpv.config = { hwdec = "vdpau"; - vo = "vdpau"; + vo = "gpu"; profile = "gpu-hq"; }; }; - networking = { - interfaces = { - eth0.useDHCP = true; - wlan0.useDHCP = true; - }; - - networkmanager = { - enable = true; - wifi.backend = "iwd"; - }; - - wireless = { - enable = false; - iwd.enable = true; - userControlled.enable = true; - allowAuxiliaryImperativeNetworks = true; - }; - }; - boot = { - initrd.availableKernelModules = ["ahci" "nvme" "sd_mod" "usb_storage" "usbhid" "xhci_pci"]; - - loader = { - efi.canTouchEfiVariables = true; + # Silence benign MCE errors: + # ``` + # mce: [Hardware Error]: CPU 1: Machine Check: 0 Bank 29: ffffffffffffffff + # mce: [Hardware Error]: TSC 0 MISC ff1fffffffffffff SYND ffffffffffffffff IPID ffffffffffffffff + # mce: [Hardware Error]: PROCESSOR 2:a60f12 TIME 1669988017 SOCKET 0 APIC 2 microcode a601201 + # ``` + kernelParams = ["mce=nobootlog"]; - systemd-boot = { - enable = true; - configurationLimit = 10; - }; - }; + initrd.availableKernelModules = [ + "ahci" + "nvme" + "sd_mod" + "usb_storage" + "usbhid" + "xhci_pci" + ]; }; fileSystems = { @@ -77,8 +66,7 @@ with lib; { }; }; - zramSwap = { - enable = true; - memoryPercent = 25; - }; + # No swap space is declared here because the system already has 128Gb of RAM. + # I didn't manage to even hit 100Gb mark even when running large + # computations/compiling something big. } diff --git a/configurations/manwe/default.nix b/nixosConfigurations/manwe/default.nix index b8dd324..b8dd324 100644 --- a/configurations/manwe/default.nix +++ b/nixosConfigurations/manwe/default.nix diff --git a/configurations/manwe/mailserver.nix b/nixosConfigurations/manwe/mailserver.nix index 966c21c..a4b552a 100644 --- a/configurations/manwe/mailserver.nix +++ b/nixosConfigurations/manwe/mailserver.nix @@ -91,6 +91,4 @@ with lib; { mode = aggressive ''; }; - - system.extraDependencies = [inputs.simple-nixos-mailserver]; } diff --git a/configurations/manwe/webserver.nix b/nixosConfigurations/manwe/webserver.nix index e1ee425..4dded7e 100644 --- a/configurations/manwe/webserver.nix +++ b/nixosConfigurations/manwe/webserver.nix @@ -20,6 +20,4 @@ with lib; { ${gondor}.locations."/".return = concatStrings [frodo gondor]; ${rohan}.locations."/".return = concatStrings [frodo rohan]; }); - - system.extraDependencies = [inputs.azahi-cc]; } diff --git a/configurations/melian/default.nix b/nixosConfigurations/melian/default.nix index f296546..3ba854c 100644 --- a/configurations/melian/default.nix +++ b/nixosConfigurations/melian/default.nix @@ -15,25 +15,6 @@ with lib; { throttled.enable = true; }; - networking = { - interfaces = { - eth0.useDHCP = true; - wlan0.useDHCP = true; - }; - - networkmanager = { - enable = true; - wifi.backend = "iwd"; - }; - - wireless = { - enable = false; - iwd.enable = true; - userControlled.enable = true; - allowAuxiliaryImperativeNetworks = true; - }; - }; - hardware.trackpoint = { enable = true; speed = 500; @@ -80,13 +61,15 @@ with lib; { }; boot = { - # Speeding up Wi-Fi a bit. - extraModprobeConfig = '' - options iwlwifi 11n_disable=1 - ''; - initrd = { - availableKernelModules = ["ahci" "nvme" "sd_mod" "usb_storage" "usbhid" "xhci_pci"]; + availableKernelModules = [ + "ahci" + "nvme" + "sd_mod" + "usb_storage" + "usbhid" + "xhci_pci" + ]; luks.devices."root" = { device = "/dev/disk/by-uuid/c1b46f24-eec0-47d2-a142-75ddfd7bb218"; @@ -94,15 +77,6 @@ with lib; { bypassWorkqueues = true; }; }; - - loader = { - efi.canTouchEfiVariables = true; - - systemd-boot = { - enable = true; - configurationLimit = 10; - }; - }; }; fileSystems = { @@ -118,8 +92,8 @@ with lib; { }; }; - # NOTE This will make hibernation extremely hard if on an encrypted partition. - # This also could not work on ZFS or Btrfs. + # NOTE This makes hibernation pretty much impossible because the partition is + # encrypted. swapDevices = [ { device = "/swapfile"; diff --git a/configurations/test-headful/default.nix b/nixosConfigurations/test-headful/default.nix index 25db8c7..25db8c7 100644 --- a/configurations/test-headful/default.nix +++ b/nixosConfigurations/test-headful/default.nix diff --git a/configurations/test-headless/default.nix b/nixosConfigurations/test-headless/default.nix index 919a436..919a436 100644 --- a/configurations/test-headless/default.nix +++ b/nixosConfigurations/test-headless/default.nix diff --git a/configurations/varda/default.nix b/nixosConfigurations/varda/default.nix index 5e0914e..5e0914e 100644 --- a/configurations/varda/default.nix +++ b/nixosConfigurations/varda/default.nix diff --git a/configurations/yavanna/default.nix b/nixosConfigurations/yavanna/default.nix index e3172a6..e3172a6 100644 --- a/configurations/yavanna/default.nix +++ b/nixosConfigurations/yavanna/default.nix |