diff options
132 files changed, 1735 insertions, 2329 deletions
diff --git a/configurations/default.nix b/configurations/default.nix index 312ca9f..4d60b8e 100644 --- a/configurations/default.nix +++ b/configurations/default.nix @@ -1,26 +1,27 @@ { inputs, lib, ... }: -with lib; let mkConfiguration = name: { modules ? [ ], configuration ? ./${name}, - this ? my.configurations.${name}, + this ? lib.my.configurations.${name}, }: - nameValuePair name (nixosSystem { - inherit (this) system; - modules = - modules - ++ attrValues inputs.self.nixosModules - ++ attrValues inputs.nix-topology.nixosModules - ++ optional (configuration != null) (import configuration); - specialArgs = { - inherit inputs lib this; - }; - }); + lib.nameValuePair name ( + lib.nixosSystem { + inherit (this) system; + modules = + modules + ++ lib.attrValues inputs.self.nixosModules + ++ lib.attrValues inputs.nix-topology.nixosModules + ++ lib.optional (configuration != null) (import configuration); + specialArgs = { + inherit inputs lib this; + }; + } + ); in -mapAttrs' mkConfiguration ( +lib.mapAttrs' mkConfiguration ( let mkTest = this: { modules = with inputs; [ diff --git a/configurations/eonwe/default.nix b/configurations/eonwe/default.nix index d9ae2bc..d6bc46c 100644 --- a/configurations/eonwe/default.nix +++ b/configurations/eonwe/default.nix @@ -4,15 +4,14 @@ pkgs, ... }: -with lib; { - imports = attrValues (modulesIn ./.); + imports = lib.modulesIn ./. |> lib.attrValues; nixfiles.modules = { ark.enable = true; wireguard.client.enable = true; - wireguard-ng.client.enable = false; + # wireguard-ng.client.enable = false; syncthing.enable = true; @@ -42,12 +41,12 @@ with lib; ]; programs = { - beets.settings.directory = mkForce "/mnt/udata/music"; + beets.settings.directory = lib.mkForce "/mnt/udata/music"; mpv = { profiles = let - mapShaders = map (args: toString (pkgs.fetchurl args)); + mapShaders = map (x: x |> pkgs.fetchurl |> toString); cfl-prediction = mapShaders [ { url = "https://raw.githubusercontent.com/Artoriuz/glsl-chroma-from-luma-prediction/9fdd0bc68cd8ae42a8072a7d5d098f118daa4293/CfL_Prediction.glsl"; @@ -105,7 +104,7 @@ with lib; vf = "format=colorlevels=full:colormatrix=auto"; video-output-levels = "full"; - glsl-shaders-append = map (text: toString (pkgs.writeText "shader.hook" text)) [ + glsl-shaders-append = map (x: x |> pkgs.writeText "shader.hook" |> toString) [ '' //!HOOK LUMA //!BIND HOOKED @@ -143,7 +142,7 @@ with lib; }; services = { - mpd.musicDirectory = mkForce "/mnt/udata/music"; + mpd.musicDirectory = lib.mkForce "/mnt/udata/music"; xsettingsd.settings."Xft/DPI" = "93"; }; @@ -154,27 +153,24 @@ with lib; services = { displayManager = { sddm.enable = lib.mkForce false; - ly = { - enable = true; - settings.animation = "matrix"; - }; + ly.enable = true; }; smartd = { enable = true; notifications.mail = { enable = true; - sender = "admin+smartd@${my.domain.shire}"; - recipient = "admin+smartd@${my.domain.shire}"; + sender = "root@${lib.my.domain.shire}"; + recipient = "root@${lib.my.domain.shire}"; }; }; openssh.settings = { - KbdInteractiveAuthentication = mkForce true; - PasswordAuthentication = mkForce true; + KbdInteractiveAuthentication = lib.mkForce true; + PasswordAuthentication = lib.mkForce true; }; - udev.packages = with pkgs; [ vial ]; + udev.packages = [ pkgs.vial ]; xserver.wacom.enable = true; }; @@ -267,7 +263,7 @@ with lib; # [1]: https://github.com/ryantm/agenix/issues/45#issuecomment-847852593 # [1]: https://github.com/nix-community/impermanence/issues/22 # [1]: https://github.com/NixOS/nixpkgs/pull/86967#pullrequestreview-667929259 - "/home/${my.username}".neededForBoot = true; + "/home/${lib.my.username}".neededForBoot = true; "/mnt/ydata/music" = { device = "yavanna.shire.net:/export/music"; diff --git a/configurations/ilmare/default.nix b/configurations/ilmare/default.nix index bb89699..e9dbf7c 100644 --- a/configurations/ilmare/default.nix +++ b/configurations/ilmare/default.nix @@ -1,6 +1,6 @@ { lib, ... }: { - imports = lib.attrValues (lib.modulesIn ./.); + imports = lib.modulesIn ./. |> lib.attrValues; nixfiles.modules = { wireguard.client.enable = true; @@ -11,6 +11,19 @@ bluetooth.enable = true; }; + hm.programs.plasma = { + input.mice = [ + { + name = "TPPS\\/2 Elan TrackPoint"; + vendorId = "2"; + productId = "a"; + acceleration = 0.250; + accelerationProfile = "none"; + } + ]; + configFile.kwinrc."Xwayland"."Scale" = 1.2; + }; + hardware.trackpoint = { enable = true; speed = 500; @@ -18,6 +31,11 @@ }; services = { + displayManager = { + sddm.enable = lib.mkForce false; + ly.enable = true; + }; + thinkfan = { enable = true; settings = { diff --git a/configurations/iso/default.nix b/configurations/iso/default.nix index 7277e88..b23157d 100644 --- a/configurations/iso/default.nix +++ b/configurations/iso/default.nix @@ -1,7 +1,6 @@ { lib, ... }: -with lib; { - secrets = mkForce { }; + secrets = lib.mkForce { }; nixfiles.modules = { common.networking.onlyDefault = true; @@ -16,11 +15,11 @@ with lib; }; }; - hm.programs.git.signing.signByDefault = mkForce false; + hm.programs.git.signing.signByDefault = lib.mkForce false; programs.mtr.enable = true; - services.getty.autologinUser = mkForce my.username; + services.getty.autologinUser = lib.mkForce lib.my.username; nixpkgs.config.allowBroken = true; } diff --git a/configurations/manwe/default.nix b/configurations/manwe/default.nix index 89b111a..326cfa6 100644 --- a/configurations/manwe/default.nix +++ b/configurations/manwe/default.nix @@ -3,9 +3,8 @@ lib, ... }: -with lib; { - imports = attrValues (modulesIn ./.); + imports = lib.modulesIn ./. |> lib.attrValues; # Something is broken there. Not sure why it affects me tho. disabledModules = [ "services/networking/wireguard-networkd.nix" ]; @@ -28,11 +27,11 @@ with lib; git.server = { enable = true; - domain = "git.${my.domain.azahi}"; + domain = "git.${lib.my.domain.azahi}"; }; matrix.dendrite = { enable = true; - domain = my.domain.azahi; + domain = lib.my.domain.azahi; }; murmur.enable = true; radicale.enable = true; @@ -40,7 +39,7 @@ with lib; shadowsocks.enable = true; soju = { enable = true; - domain = my.domain.azahi; + domain = lib.my.domain.azahi; }; vaultwarden.enable = true; ntfy.enable = true; diff --git a/configurations/manwe/mailserver/default.nix b/configurations/manwe/mailserver/default.nix index cc8b41d..5160604 100644 --- a/configurations/manwe/mailserver/default.nix +++ b/configurations/manwe/mailserver/default.nix @@ -4,9 +4,8 @@ lib, ... }: -with lib; { - imports = [ inputs.mailserver.nixosModule ] ++ attrValues (modulesIn ./.); + imports = [ inputs.mailserver.nixosModule ] ++ (lib.modulesIn ./. |> lib.attrValues); ark.directories = with config.mailserver; [ "/var/lib/dovecot" @@ -20,25 +19,25 @@ with lib; secrets = with config.mailserver; { dkim-key-azahi-cc = { file = "${inputs.self}/secrets/dkim-key-azahi-cc"; - path = "${dkimKeyDirectory}/${my.domain.azahi}.${dkimSelector}.key"; + path = "${dkimKeyDirectory}/${lib.my.domain.azahi}.${dkimSelector}.key"; owner = config.services.opendkim.user; inherit (config.services.opendkim) group; }; dkim-key-rohan-net = { file = "${inputs.self}/secrets/dkim-key-rohan-net"; - path = "${dkimKeyDirectory}/${my.domain.rohan}.${dkimSelector}.key"; + path = "${dkimKeyDirectory}/${lib.my.domain.rohan}.${dkimSelector}.key"; owner = config.services.opendkim.user; inherit (config.services.opendkim) group; }; dkim-key-gondor-net = { file = "${inputs.self}/secrets/dkim-key-gondor-net"; - path = "${dkimKeyDirectory}/${my.domain.gondor}.${dkimSelector}.key"; + path = "${dkimKeyDirectory}/${lib.my.domain.gondor}.${dkimSelector}.key"; owner = config.services.opendkim.user; inherit (config.services.opendkim) group; }; dkim-key-shire-net = { file = "${inputs.self}/secrets/dkim-key-shire-net"; - path = "${dkimKeyDirectory}/${my.domain.shire}.${dkimSelector}.key"; + path = "${dkimKeyDirectory}/${lib.my.domain.shire}.${dkimSelector}.key"; owner = config.services.opendkim.user; inherit (config.services.opendkim) group; }; @@ -51,7 +50,7 @@ with lib; mailserver = let - cert = config.certs.${my.domain.shire}; + cert = config.certs.${lib.my.domain.shire}; in { enable = true; @@ -65,7 +64,7 @@ with lib; enableSubmission = false; fqdn = config.networking.domain; - domains = with my.domain; [ + domains = with lib.my.domain; [ azahi gondor rohan @@ -103,11 +102,11 @@ with lib; dovecot2.sieve.extensions = [ "fileinto" ]; # https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/issues/241 - redis.servers.rspamd.enable = mkForce false; + redis.servers.rspamd.enable = lib.mkForce false; }; systemd.services.rspamd = { - requires = mkForce [ "redis-default.service" ]; - after = mkForce [ "redis-default.service" ]; + requires = lib.mkForce [ "redis-default.service" ]; + after = lib.mkForce [ "redis-default.service" ]; }; } diff --git a/configurations/manwe/webserver.nix b/configurations/manwe/webserver.nix index 051ddba..6f6061e 100644 --- a/configurations/manwe/webserver.nix +++ b/configurations/manwe/webserver.nix @@ -5,12 +5,11 @@ libPlausible, ... }: -with lib; { nixfiles.modules.nginx = { enable = true; virtualHosts = - with my.domain; + with lib.my.domain; { ${shire}.locations."/".return = "301 https://www.youtube.com/watch?v=dQw4w9WgXcQ"; "git.${shire}".locations."/".return = "301 https://git.${azahi}"; @@ -31,11 +30,11 @@ with lib; frodo = "301 https://frodo."; in { - ${gondor}.locations."/".return = concatStrings [ + ${gondor}.locations."/".return = lib.concatStrings [ frodo gondor ]; - ${rohan}.locations."/".return = concatStrings [ + ${rohan}.locations."/".return = lib.concatStrings [ frodo rohan ]; diff --git a/configurations/test-headful/default.nix b/configurations/test-headful/default.nix index 79a1536..ce8aba5 100644 --- a/configurations/test-headful/default.nix +++ b/configurations/test-headful/default.nix @@ -1,5 +1,4 @@ { lib, ... }: -with lib; { nixfiles.modules = { dwm.enable = false; @@ -10,10 +9,10 @@ with lib; fileSystems."/".device = "/dev/null"; documentation = { - enable = mkForce false; + enable = lib.mkForce false; man = { - enable = mkForce false; - man-db.enable = mkForce false; + enable = lib.mkForce false; + man-db.enable = lib.mkForce false; }; }; } diff --git a/configurations/test-headless/default.nix b/configurations/test-headless/default.nix index ef3d223..622cf0e 100644 --- a/configurations/test-headless/default.nix +++ b/configurations/test-headless/default.nix @@ -1,14 +1,13 @@ { lib, ... }: -with lib; { nixfiles.modules = { - endlessh-go.enable = mkForce false; - node-exporter.enable = mkForce false; - promtail.enable = mkForce false; + endlessh-go.enable = lib.mkForce false; + node-exporter.enable = lib.mkForce false; + promtail.enable = lib.mkForce false; }; boot.loader.systemd-boot.enable = true; fileSystems."/".device = "/dev/null"; - documentation.enable = mkForce false; + documentation.enable = lib.mkForce false; } diff --git a/configurations/tulkas/default.nix b/configurations/tulkas/default.nix index 5946ea8..0ca1279 100644 --- a/configurations/tulkas/default.nix +++ b/configurations/tulkas/default.nix @@ -1,14 +1,13 @@ { lib, this, ... }: -with lib; { - imports = attrValues (modulesIn ./.); + imports = lib.modulesIn ./. |> lib.attrValues; nixfiles.modules = { wireguard.client.enable = true; - wireguard-ng.server.enable = true; + # wireguard-ng.server.enable = true; - unbound-ng.enable = true; - unbound-ng.domain = "shire.local"; + # unbound-ng.enable = true; + # unbound-ng.domain = "shire.local"; }; services.qemuGuest.enable = true; diff --git a/configurations/varda/default.nix b/configurations/varda/default.nix index c12c811..8b511d3 100644 --- a/configurations/varda/default.nix +++ b/configurations/varda/default.nix @@ -1,7 +1,6 @@ { lib, ... }: -with lib; { - imports = attrValues (modulesIn ./.); + imports = lib.modulesIn ./. |> lib.attrValues; nixfiles.modules = { wireguard.client.enable = true; diff --git a/flake.lock b/flake.lock index 1c6cbe6..d4bfff9 100644 --- a/flake.lock +++ b/flake.lock @@ -56,9 +56,6 @@ "flake-compat": [ "flake-compat" ], - "flake-utils": [ - "flake-utils" - ], "nixpkgs": [ "nixpkgs" ], @@ -67,11 +64,11 @@ ] }, "locked": { - "lastModified": 1725263787, - "narHash": "sha256-OSNjus8VSkLCSikN6Qeq+II1bwqTRJEwl6NJvFoQHoE=", + "lastModified": 1739094253, + "narHash": "sha256-yDTgmfSuL5Ax7LRuxhdoMJrBi4X9Q3fyyI7TerTXVBA=", "owner": "dwarfmaster", "repo": "arkenfox-nixos", - "rev": "72addd96455cce49c0c8524c53aecd02cf20adec", + "rev": "27e0c3094e778bd73f93bea799f627ef317e7f22", "type": "github" }, "original": { @@ -230,11 +227,11 @@ ] }, "locked": { - "lastModified": 1738148035, - "narHash": "sha256-KYOATYEwaKysL3HdHdS5kbQMXvzS4iPJzJrML+3TKAo=", + "lastModified": 1739634831, + "narHash": "sha256-xFnU+uUl48Icas2wPQ+ZzlL2O3n8f6J2LrzNK9f2nng=", "owner": "nix-community", "repo": "disko", - "rev": "18d0a984cc2bc82cf61df19523a34ad463aa7f54", + "rev": "fa5746ecea1772cf59b3f34c5816ab3531478142", "type": "github" }, "original": { @@ -302,11 +299,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1736143030, - "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=", + "lastModified": 1738453229, + "narHash": "sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm+zmZ7vxbJdo=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de", + "rev": "32ea77a06711b758da0ad9bd6a844c5740a87abd", "type": "github" }, "original": { @@ -487,11 +484,11 @@ ] }, "locked": { - "lastModified": 1738275749, - "narHash": "sha256-PM+cGduJ05EZ+YXulqAwUFjvfKpPmW080mcuN6R1POw=", + "lastModified": 1739676861, + "narHash": "sha256-X86ptHMNVuu1Z9leL0YV2E/oxD2IgPYrYANPcvFYpNo=", "owner": "nix-community", "repo": "home-manager", - "rev": "a8159195bfaef3c64df75d3b1e6a68d49d392be9", + "rev": "eb44c1601ed99896525e983bc9b15eb8b4d5879e", "type": "github" }, "original": { @@ -503,11 +500,11 @@ "homelab-svg-assets": { "flake": false, "locked": { - "lastModified": 1738350188, - "narHash": "sha256-q1zqxnkYLsTH6y+957yH0zaHOxSms/TB68kZYLbw5sQ=", + "lastModified": 1739552743, + "narHash": "sha256-s+VBMa95Xot+ZLUCVZwNTgnZKHqsMgZI42LlNBkci/M=", "owner": "loganmarchione", "repo": "homelab-svg-assets", - "rev": "c378f0a492cacfa327b9cc7b4b97fa6605f72de8", + "rev": "4492270e43dd33ef382d93806c3a52bcabb38652", "type": "github" }, "original": { @@ -534,11 +531,11 @@ "infuse": { "flake": false, "locked": { - "lastModified": 1735727689, - "narHash": "sha256-/aTuYtM+ZJovkhJMNYl0sGpYxTBiFfm/hMKo8Nst+jM=", + "lastModified": 1738726976, + "narHash": "sha256-N+u3vnK3zyXLUuDj/vr62r9tM7uarhKVCaLHWxjo/YY=", "ref": "refs/heads/trunk", - "rev": "9773c94d65779efb420ed613ba9a7769c978bddd", - "revCount": 46, + "rev": "c8fb7397039215e1444c835e36a0da7dc3c743f8", + "revCount": 48, "type": "git", "url": "https://codeberg.org/amjoseph/infuse.nix" }, @@ -559,11 +556,11 @@ "nixpkgs-24_11": "nixpkgs-24_11" }, "locked": { - "lastModified": 1737736848, - "narHash": "sha256-VrUfCXBXYV+YmQ2OvVTeML9EnmaPRtH+POrNIcJp6yo=", + "lastModified": 1739121270, + "narHash": "sha256-EmJhpy9U8sVlepl2QPjG019VfG67HcucsQNItTqW6cA=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "6b425d13f5a9d73cb63973d3609acacef4d1e261", + "rev": "8c1c4640b878c692dd3d8055e8cdea0a2bbd8cf3", "type": "gitlab" }, "original": { @@ -585,11 +582,11 @@ ] }, "locked": { - "lastModified": 1738287839, - "narHash": "sha256-Vh060kC/aTX+e8Ru195wo+QySd0z91wJ++JZNSDJxy8=", + "lastModified": 1739670787, + "narHash": "sha256-tK5MqP5u04bhRBKPhu4BWk+0WQt3b0vwcRoeTU2Y+XM=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "58f1ae4ac2620cbcef912e32b17f9a64fcb372ad", + "rev": "61beefce2628c4bb3105a4750bf8df96d9a6034b", "type": "github" }, "original": { @@ -605,11 +602,11 @@ ] }, "locked": { - "lastModified": 1737861961, - "narHash": "sha256-LIRtMvAwLGb8pBoamzgEF67oKlNPz4LuXiRPVZf+TpE=", + "lastModified": 1739676768, + "narHash": "sha256-U1HQ7nzhJyVVXUgjU028UCkbLQLEIkg42+G7iIiBmlU=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "79b7b8eae3243fc5aa9aad34ba6b9bbb2266f523", + "rev": "ae15068e79e22b76c344f0d7f8aed1bb1c5b0b63", "type": "github" }, "original": { @@ -647,11 +644,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1737751639, - "narHash": "sha256-ZEbOJ9iT72iwqXsiEMbEa8wWjyFvRA9Ugx8utmYbpz4=", + "lastModified": 1738816619, + "narHash": "sha256-5yRlg48XmpcX5b5HesdGMOte+YuCy9rzQkJz+imcu6I=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "dfad538f751a5aa5d4436d9781ab27a6128ec9d4", + "rev": "2eccff41bab80839b1d25b303b53d339fbb07087", "type": "github" }, "original": { @@ -662,11 +659,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1738370331, - "narHash": "sha256-AGpeTVt2yBf/uN2dMCnu7pXqkN3AipnoVo5R1Ar5wXU=", + "lastModified": 1739702692, + "narHash": "sha256-LKWw5Eilf+EIVlGhxqcAAZMJyJyR9MrZJ78ke39lPnQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9d52b7a88651b112d024ba445d176cad032eafe4", + "rev": "aa5c4e6328b77f4aa0cfe37a5ea8a1543806277e", "type": "github" }, "original": { @@ -692,15 +689,15 @@ }, "nixpkgs-amneziawg": { "locked": { - "lastModified": 1737908040, - "narHash": "sha256-e/fcvUz3W4/3Odo5KvH+KKSzCpft+YS259xrbtpLb2o=", - "owner": "azahi", + "lastModified": 1739014111, + "narHash": "sha256-k2dEJgj/oQcqfITenpge/j8c0SnitDUYpkf/rYVfpDI=", + "owner": "averyanalex", "repo": "nixpkgs", - "rev": "5b2dc95baba1980f1729fa523f9ad45e4e57d919", + "rev": "3896639b27d81da3c5cb0a6fff5bfc8a42649bc5", "type": "github" }, "original": { - "owner": "azahi", + "owner": "averyanalex", "ref": "add-amneziawg-to-wg-quick", "repo": "nixpkgs", "type": "github" @@ -708,23 +705,23 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1735774519, - "narHash": "sha256-CewEm1o2eVAnoqb6Ml+Qi9Gg/EfNAxbRx1lANGVyoLI=", + "lastModified": 1738452942, + "narHash": "sha256-vJzFZGaCpnmo7I6i416HaBLpC+hvcURh/BQwROcGIp8=", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz" }, "original": { "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz" } }, "nixpkgs-master": { "locked": { - "lastModified": 1738370331, - "narHash": "sha256-AGpeTVt2yBf/uN2dMCnu7pXqkN3AipnoVo5R1Ar5wXU=", + "lastModified": 1739702692, + "narHash": "sha256-LKWw5Eilf+EIVlGhxqcAAZMJyJyR9MrZJ78ke39lPnQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9d52b7a88651b112d024ba445d176cad032eafe4", + "rev": "aa5c4e6328b77f4aa0cfe37a5ea8a1543806277e", "type": "github" }, "original": { @@ -782,6 +779,29 @@ "type": "github" } }, + "plasma-manager": { + "inputs": { + "home-manager": [ + "home-manager" + ], + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1739557722, + "narHash": "sha256-XikzLpPUDYiNyJ4w2SfRShdbSkIgE3btYdxCGInmtc4=", + "owner": "nix-community", + "repo": "plasma-manager", + "rev": "1f3e1f38dedbbb8aad77e184fb54ec518e2d9522", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "plasma-manager", + "type": "github" + } + }, "root": { "inputs": { "agenix": "agenix", @@ -809,6 +829,7 @@ "nixpkgs-stable": "nixpkgs-stable", "nmap-vulners": "nmap-vulners", "nmap-vulscan": "nmap-vulscan", + "plasma-manager": "plasma-manager", "srvos": "srvos", "stylix": "stylix", "vscode-extensions": "vscode-extensions" @@ -821,11 +842,11 @@ ] }, "locked": { - "lastModified": 1738198321, - "narHash": "sha256-lhnHBXO9Y8xEn92JqxjancdL8Gh16ONuxZp60iZfmX4=", + "lastModified": 1739438633, + "narHash": "sha256-7nTfMqYkc7WQwmB6m2zo2m2DEmNqrfyE+Pdisr7cTTI=", "owner": "nix-community", "repo": "srvos", - "rev": "7d5a4aaadac9ff63f9ed4347df95175aceee5079", + "rev": "54aae80b7526d234658632d251e9bf278b58b7ef", "type": "github" }, "original": { @@ -856,15 +877,16 @@ "systems": "systems_3", "tinted-foot": "tinted-foot", "tinted-kitty": "tinted-kitty", + "tinted-schemes": "tinted-schemes", "tinted-tmux": "tinted-tmux", "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1738278499, - "narHash": "sha256-q1SUyXSQ9znHTME53/vPLe+Ga3V1wW3X3gWfa8JsBUM=", + "lastModified": 1739375014, + "narHash": "sha256-0fNbvZ1Dod4rDIfwGnC7CzJ3wRFSF1v5AvNCmNkVgXo=", "owner": "danth", "repo": "stylix", - "rev": "b00c9f46ae6c27074d24d2db390f0ac5ebcc329f", + "rev": "e86de61bb8f5f2b6459d0be3e3291ad16db4b777", "type": "github" }, "original": { @@ -952,6 +974,22 @@ "type": "github" } }, + "tinted-schemes": { + "flake": false, + "locked": { + "lastModified": 1737565458, + "narHash": "sha256-y+9cvOA6BLKT0WfebDsyUpUa/YxKow9hTjBp6HpQv68=", + "owner": "tinted-theming", + "repo": "schemes", + "rev": "ae31625ba47aeaa4bf6a98cf11a8d4886f9463d9", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "schemes", + "type": "github" + } + }, "tinted-tmux": { "flake": false, "locked": { @@ -997,11 +1035,11 @@ ] }, "locked": { - "lastModified": 1738287944, - "narHash": "sha256-q8pOnhaA95ZZf+CJ4ahScSzt5pbnL7lShFuMwTwiw7I=", + "lastModified": 1739670916, + "narHash": "sha256-Tdzu06QlI8DsYdXNe96c9eu0clj9Wkd1cKo6em/0xPU=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "529e0a84346f34db86ea24203c0b2e975fefb4f2", + "rev": "370af219cf4ad7660e3ad4577849fb0478edb33c", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 3092c23..2a7613d 100644 --- a/flake.nix +++ b/flake.nix @@ -13,7 +13,7 @@ flake-parts.url = "github:hercules-ci/flake-parts"; # TODO https://github.com/NixOS/nixpkgs/pull/360866 - nixpkgs-amneziawg.url = "github:azahi/nixpkgs/add-amneziawg-to-wg-quick"; + nixpkgs-amneziawg.url = "github:averyanalex/nixpkgs/add-amneziawg-to-wg-quick"; nixos-hardware.url = "github:NixOS/nixos-hardware"; @@ -22,6 +22,14 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + plasma-manager = { + url = "github:nix-community/plasma-manager"; + inputs = { + nixpkgs.follows = "nixpkgs"; + home-manager.follows = "home-manager"; + }; + }; + disko = { url = "github:nix-community/disko"; inputs.nixpkgs.follows = "nixpkgs"; @@ -94,7 +102,6 @@ url = "github:dwarfmaster/arkenfox-nixos"; inputs = { flake-compat.follows = "flake-compat"; - flake-utils.follows = "flake-utils"; nixpkgs.follows = "nixpkgs"; pre-commit.follows = "git-hooks"; }; @@ -154,13 +161,13 @@ }; outputs = - inputs@{ self, nixpkgs, ... }: + inputs@{ self, ... }: let - lib = nixpkgs.lib.extend (lib: _: import ./lib { inherit inputs lib system; }); + lib = inputs.nixpkgs.lib.extend (lib: _: import ./lib { inherit inputs lib system; }); system = "x86_64-linux"; - pkgs = import nixpkgs { + pkgs = import inputs.nixpkgs { inherit system; overlays = [ self.overlays.default @@ -168,13 +175,12 @@ ]; }; in - with lib; { inherit lib; apps.${system}.default = { type = "app"; - program = getExe self.packages.${system}.nixfiles; + program = lib.getExe self.packages.${system}.nixfiles; }; packages.${system} = { @@ -202,7 +208,7 @@ checks.${system} = import ./checks.nix { inherit inputs pkgs system; }; - nixosModules.default = _: { imports = attrValues (modulesIn ./modules); }; + nixosModules.default = _: { imports = lib.modulesIn ./modules |> lib.attrValues; }; nixosConfigurations = import ./configurations { inherit inputs lib pkgs; }; diff --git a/lib/default.nix b/lib/default.nix index e06b7ec..c498c38 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -4,7 +4,7 @@ system, ... }: -rec { +{ my = import ./my.nix { inherit lib inputs system; }; dns = import ./dns.nix { inherit lib inputs system; }; @@ -15,34 +15,35 @@ rec { isEven = number: - assert (builtins.isInt number) || (builtins.isFloat number); + assert builtins.isInt number || builtins.isFloat number; builtins.div number 2 == 0; - isOdd = number: !isEven number; + isOdd = number: !lib.isEven number; pow = base: exponent: - assert (builtins.isInt base) && (builtins.isInt exponent); + assert builtins.isInt base && builtins.isInt exponent; assert exponent > 0; - builtins.foldl' (x: _: x * base) 1 (builtins.genList (_: _) exponent); + exponent |> builtins.genList (_: _) |> builtins.foldl' (x: _: x * base) 1; mkTcpMem = min: ini: max: assert min <= ini && ini <= max; - lib.concatMapStrings (x: toString x + " ") ( - map (pow 2) [ - min - ini - max - ] - ); + [ + min + ini + max + ] + |> map (lib.pow 2) + |> map toString + |> lib.concatStringsSep " "; # Load all files from directory (partially recursively). # # Usage: Assuming other Nix files are present in a directory: # ``` # { ... }: { - # imports = attrValue (modulesIn ./.); + # imports = modulesIn ./. |> attrValues; # # services.foobar.enable = true; # } @@ -50,23 +51,22 @@ rec { # modulesIn = dir: - lib.pipe dir [ - builtins.readDir - (lib.mapAttrsToList ( - name: type: - let - modulePath = dir + "/${name}"; - in - if type == "regular" && lib.hasSuffix ".nix" name && name != "default.nix" then - [ (lib.nameValuePair (lib.removeSuffix ".nix" name) modulePath) ] - else if type == "directory" && lib.pathExists (modulePath + "/default.nix") then - [ (lib.nameValuePair name modulePath) ] - else - [ ] - )) - lib.concatLists - lib.listToAttrs - ]; + dir + |> builtins.readDir + |> lib.mapAttrsToList ( + name: type: + let + modulePath = dir + "/${name}"; + in + if type == "regular" && lib.hasSuffix ".nix" name && name != "default.nix" then + [ (lib.nameValuePair (lib.removeSuffix ".nix" name) modulePath) ] + else if type == "directory" && lib.pathExists (modulePath + "/default.nix") then + [ (lib.nameValuePair name modulePath) ] + else + [ ] + ) + |> lib.concatLists + |> lib.listToAttrs; # Override a module using another Nixpkgs source tree. # diff --git a/lib/dns.nix b/lib/dns.nix index c0e4641..66c3e51 100644 --- a/lib/dns.nix +++ b/lib/dns.nix @@ -1,6 +1,5 @@ { lib, inputs, ... }: -with lib; -recursiveUpdate inputs.dns.lib { +lib.recursiveUpdate inputs.dns.lib { mkDoT = { ips, tls }: map (ip: "${ip}#${tls}") ips; const = { diff --git a/lib/my.nix b/lib/my.nix index 20f01be..e900519 100644 --- a/lib/my.nix +++ b/lib/my.nix @@ -1,66 +1,63 @@ { lib, ... }: -with lib; -(evalModules { +(lib.evalModules { modules = [ { - options.configurations = mkOption { + options.configurations = lib.mkOption { description = "My configurations."; - type = - with types; - attrsOf ( - submodule ( - { name, ... }: - { - freeformType = attrs; - options = - let - mkConfigurationTypeOption = - type: - mkOption { - description = "Whether the machine's functional type is a ${type} one."; - type = bool; - default = false; - }; - in - { - hostname = mkOption { - description = "The machine's hostname."; - type = str; - default = name; - readOnly = true; - }; - - stateVersion = mkOption { - description = "Machine's Nixpkgs state version."; - type = str; - default = trivial.release; + type = lib.types.attrsOf ( + lib.types.submodule ( + { name, ... }: + { + freeformType = lib.types.attrs; + options = + let + mkConfigurationTypeOption = + type: + lib.mkOption { + description = "Whether the machine's functional type is a ${type} one."; + type = lib.types.bool; + default = false; }; + in + { + hostname = lib.mkOption { + description = "The machine's hostname."; + type = lib.types.str; + default = name; + readOnly = true; + }; - deviceIcon = mkOption { - description = "Device icon to be used with nix-topology."; - type = nullOr (either path str); - default = null; - }; + stateVersion = lib.mkOption { + description = "Machine's Nixpkgs state version."; + type = lib.types.str; + default = lib.trivial.release; + }; - system = mkOption { - description = "The machine's system."; - type = nullOr (enum platforms.all); - default = null; - }; + deviceIcon = lib.mkOption { + description = "Device icon to be used with nix-topology."; + type = with lib.types; nullOr (either path str); + default = null; + }; - isHeadless = mkConfigurationTypeOption "headless"; - isHeadful = mkConfigurationTypeOption "headful"; - isOther = mkConfigurationTypeOption "other"; + system = lib.mkOption { + description = "The machine's system."; + type = with lib.types; nullOr (enum lib.platforms.all); + default = null; }; - } - ) - ); + + isHeadless = mkConfigurationTypeOption "headless"; + isHeadful = mkConfigurationTypeOption "headful"; + isOther = mkConfigurationTypeOption "other"; + }; + } + ) + ); default = { }; }; config = { - _module.freeformType = types.attrs; + _module.freeformType = lib.types.attrs; fullname = "Firstname Lastname"; username = "azahi"; @@ -70,7 +67,7 @@ with lib; gondor = "gondor.net"; shire = "shire.net"; }; - email = "frodo@${my.domain.gondor}"; + email = "frodo@${lib.my.domain.gondor}"; pgp = { key = "@PGP_KEY@"; fingerprint = "@PGP_FINGERPRINT@"; @@ -78,7 +75,7 @@ with lib; }; ssh = rec { type = "ed25519"; - id = my.email; + id = lib.my.email; key = "ssh-${type} @PUBLIC_KEY@ ${id}"; }; hashedPassword = "@HASHED_PASSWORD@"; @@ -105,7 +102,7 @@ with lib; ipv6.address = "fd69::0:1"; publicKey = "@PUBLIC_KEY@"; }; - domains = with my.domain; [ + domains = with lib.my.domain; [ "alertmanager.${shire}" "frodo.${rohan}" "frodo.${gondor}" @@ -174,7 +171,7 @@ with lib; ipv6.address = "fd69::1:2"; publicKey = "@PUBLIC_KEY@"; }; - domains = with my.domain; [ + domains = with lib.my.domain; [ "flood.${shire}" "jackett.${shire}" "lidarr.${shire}" diff --git a/modules/acme.nix b/modules/acme.nix index 9a2f3f1..e675d1d 100644 --- a/modules/acme.nix +++ b/modules/acme.nix @@ -1,11 +1,10 @@ { config, lib, ... }: -with lib; let cfg = config.nixfiles.modules.acme; in { imports = [ - (mkAliasOptionModule + (lib.mkAliasOptionModule [ "certs" ] [ "security" @@ -16,24 +15,21 @@ in ]; options.nixfiles.modules.acme = { - enable = mkEnableOption "ACME"; + enable = lib.mkEnableOption "ACME"; - email = mkOption { + email = lib.mkOption { description = "Email for notifications."; - type = with types; str; - default = "admin+acme@${my.domain.shire}"; + type = lib.types.str; + default = "hostmaster@${lib.my.domain.shire}"; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { ark.directories = [ "/var/lib/acme" ]; security.acme = { acceptTerms = true; - defaults = { - inherit (cfg) email; - validMinDays = 60; - }; + defaults = { inherit (cfg) email; }; }; }; } diff --git a/modules/alacritty.nix b/modules/alacritty.nix index 704ce79..1ba11ac 100644 --- a/modules/alacritty.nix +++ b/modules/alacritty.nix @@ -1,12 +1,11 @@ { config, lib, ... }: -with lib; let cfg = config.nixfiles.modules.alacritty; in { - options.nixfiles.modules.alacritty.enable = mkEnableOption "Alacritty terminal emulator"; + options.nixfiles.modules.alacritty.enable = lib.mkEnableOption "Alacritty terminal emulator"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { hm.programs.alacritty = { enable = true; settings = { diff --git a/modules/alertmanager.nix b/modules/alertmanager.nix index e5366e5..94c21b0 100644 --- a/modules/alertmanager.nix +++ b/modules/alertmanager.nix @@ -6,7 +6,6 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.alertmanager; in @@ -14,22 +13,22 @@ in imports = [ inputs.alertmanager-ntfy.nixosModules.default ]; options.nixfiles.modules.alertmanager = { - enable = mkEnableOption "Alertmanager"; + enable = lib.mkEnableOption "Alertmanager"; - port = mkOption { + port = lib.mkOption { description = "Port."; - type = with types; port; + type = lib.types.port; default = 30112; }; - domain = mkOption { + domain = lib.mkOption { description = "Domain name sans protocol scheme."; - type = with types; nullOr str; + type = with lib.types; nullOr str; default = "alertmanager.${config.networking.domain}"; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { nixfiles.modules = { ntfy.enable = true; nginx = { @@ -56,18 +55,18 @@ in configuration = { global = { - smtp_from = "alertmanager@${my.domain.shire}"; - smtp_smarthost = "${my.domain.shire}:584"; + smtp_from = "alertmanager@${lib.my.domain.shire}"; + smtp_smarthost = "${lib.my.domain.shire}:584"; }; route = { - receiver = my.username; + receiver = lib.my.username; group_by = [ "alertname" ]; }; receivers = [ { - name = my.username; + name = lib.my.username; webhook_configs = [ { url = with config.services.alertmanager-ntfy; "http://${httpAddress}:${httpPort}"; } ]; @@ -86,13 +85,11 @@ in envFile = "/dev/null"; }; - topology = with cfg; { - nodes.${this.hostname}.services.alertmanager = { - name = "Alertmanager"; - icon = "${inputs.homelab-svg-assets}/assets/prometheus.svg"; - info = domain; - details.listen.text = "127.0.0.1:${toString port}"; - }; + topology.nodes.${this.hostname}.services.alertmanager = { + name = "Alertmanager"; + icon = "${inputs.homelab-svg-assets}/assets/prometheus.svg"; + info = cfg.domain; + details.listen.text = "127.0.0.1:${toString cfg.port}"; }; }; } diff --git a/modules/aria2.nix b/modules/aria2.nix index cdf1c4f..0c41732 100644 --- a/modules/aria2.nix +++ b/modules/aria2.nix @@ -1,12 +1,11 @@ { config, lib, ... }: -with lib; let cfg = config.nixfiles.modules.aria2; in { - options.nixfiles.modules.aria2.enable = mkEnableOption "aria2"; + options.nixfiles.modules.aria2.enable = lib.mkEnableOption "aria2"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { hm.programs.aria2 = { enable = true; diff --git a/modules/bat.nix b/modules/bat.nix index a95d67d..a97064d 100644 --- a/modules/bat.nix +++ b/modules/bat.nix @@ -1,12 +1,11 @@ { config, lib, ... }: -with lib; let cfg = config.nixfiles.modules.bat; in { - options.nixfiles.modules.bat.enable = mkEnableOption "bat, an alternative to cat"; + options.nixfiles.modules.bat.enable = lib.mkEnableOption "bat, an alternative to cat"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { nixfiles.modules.common.shell.aliases = { baj = "bat --language=json --tabs 2"; bay = "bat --language=yaml --tabs 2"; diff --git a/modules/beets.nix b/modules/beets.nix index 3141e4d..092b384 100644 --- a/modules/beets.nix +++ b/modules/beets.nix @@ -4,14 +4,13 @@ pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.beets; in { - options.nixfiles.modules.beets.enable = mkEnableOption "beets"; + options.nixfiles.modules.beets.enable = lib.mkEnableOption "beets"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { hm = let beetsdir = "${config.dirs.data}/beets"; @@ -36,7 +35,7 @@ in settings = { library = "${beetsdir}/library.db"; directory = config.userDirs.music; - plugins = concatStringsSep " " [ + plugins = lib.concatStringsSep " " [ "badfiles" "edit" "fetchart" @@ -61,6 +60,23 @@ in quiet = false; bell = true; }; + musicbrainz = { + extra_tags = [ + "year" + "catalognum" + "country" + "media" + "label" + ]; + external_ids = { + bandcamp = true; + beatport = false; + deezer = false; + discogs = true; + spotify = false; + tidal = false; + }; + }; match = { preferred = { countries = [ @@ -77,8 +93,6 @@ in "CA" "AU" "NZ" - "US" - "XW" ]; original_year = true; }; diff --git a/modules/bluetooth.nix b/modules/bluetooth.nix index 117aff7..963e484 100644 --- a/modules/bluetooth.nix +++ b/modules/bluetooth.nix @@ -1,12 +1,11 @@ { config, lib, ... }: -with lib; let cfg = config.nixfiles.modules.bluetooth; in { - options.nixfiles.modules.bluetooth.enable = mkEnableOption "Bluetooth support"; + options.nixfiles.modules.bluetooth.enable = lib.mkEnableOption "Bluetooth support"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { ark.directories = [ "/var/lib/bluetooth" ]; hardware.bluetooth = { diff --git a/modules/chromium.nix b/modules/chromium.nix index bc34ecd..7e9e086 100644 --- a/modules/chromium.nix +++ b/modules/chromium.nix @@ -4,25 +4,23 @@ pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.chromium; in { - options.nixfiles.modules.chromium.enable = mkEnableOption "Chromium"; + options.nixfiles.modules.chromium.enable = lib.mkEnableOption "Chromium"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { hm = { - home.packages = with pkgs; [ profile-cleaner ]; + home.packages = [ pkgs.profile-cleaner ]; programs.chromium = { enable = true; - # package = pkgs.ungoogled-chromium; + package = pkgs.ungoogled-chromium; extensions = [ { id = "cjpalhdlnbpafiamejdnhcphjbkeiagm"; } # uBlock Origin - { id = "nkbihfbeogaeaoehlefnkodbefgpgknn"; } # MetaMask ]; }; }; diff --git a/modules/clickhouse.nix b/modules/clickhouse.nix index 6bb53bb..f08678d 100644 --- a/modules/clickhouse.nix +++ b/modules/clickhouse.nix @@ -5,19 +5,16 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.clickhouse; in { options.nixfiles.modules.clickhouse = { - enable = mkEnableOption "Clickhouse"; + enable = lib.mkEnableOption "Clickhouse"; }; - config = mkIf cfg.enable { - services.clickhouse = { - enable = true; - }; + config = lib.mkIf cfg.enable { + services.clickhouse.enable = true; topology = { nodes.${this.hostname}.services.clickhouse = { diff --git a/modules/common/default.nix b/modules/common/default.nix index 38094e7..781e50f 100644 --- a/modules/common/default.nix +++ b/modules/common/default.nix @@ -1,4 +1,4 @@ { lib, ... }: { - imports = lib.attrValues (lib.modulesIn ./.); + imports = lib.modulesIn ./. |> lib.attrValues; } diff --git a/modules/common/home-manager.nix b/modules/common/home-manager.nix index 118fc0e..31a11f6 100644 --- a/modules/common/home-manager.nix +++ b/modules/common/home-manager.nix @@ -28,7 +28,7 @@ home-manager = { backupFileExtension = "bak"; useUserPackages = true; - useGlobalPkgs = true; + useGlobalPkgs = false; verbose = true; }; } diff --git a/modules/common/locale.nix b/modules/common/locale.nix index acd1ecd..82df387 100644 --- a/modules/common/locale.nix +++ b/modules/common/locale.nix @@ -4,7 +4,6 @@ pkgs, ... }: -with lib; { hm.home.language = { collate = "C"; @@ -16,7 +15,7 @@ with lib; }; i18n = { - defaultLocale = mkDefault "en_GB.UTF-8"; + defaultLocale = lib.mkDefault "en_GB.UTF-8"; supportedLocales = [ "C.UTF-8/UTF-8" "en_GB.UTF-8/UTF-8" @@ -47,7 +46,7 @@ with lib; services.xserver.xkb = { layout = "us,ru"; variant = ",phonetic"; - options = concatStringsSep "," [ + options = lib.concatStringsSep "," [ "caps:escape" "compose:menu" "grp:win_space_toggle" diff --git a/modules/common/nix.nix b/modules/common/nix.nix index 0ce2ae4..6cb3787 100644 --- a/modules/common/nix.nix +++ b/modules/common/nix.nix @@ -6,7 +6,6 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.common.nix; in @@ -16,24 +15,24 @@ in mixins-trusted-nix-caches ]; - options.nixfiles.modules.common.nix.allowedUnfreePackages = mkOption { + options.nixfiles.modules.common.nix.allowedUnfreePackages = lib.mkOption { description = "A list of allowed unfree packages."; - type = with types; listOf str; + type = with lib.types; listOf str; default = [ ]; }; config = { _module.args = { - pkgsLocal = packages.useNixpkgs "${config.my.home}/src/nixpkgs"; # Impure! + pkgsLocal = lib.packages.useNixpkgs "${config.my.home}/src/nixpkgs"; # Impure! }; hm = { # Used primarily in conjunction with the "nixfiles" script. home.file.".nix-defexpr/default.nix".text = let - hostname = strings.escapeNixIdentifier this.hostname; + hostname = lib.strings.escapeNixIdentifier this.hostname; in - optionalString this.isHeadful '' + lib.optionalString this.isHeadful '' let self = builtins.getFlake "nixfiles"; configurations = self.nixosConfigurations; @@ -54,16 +53,16 @@ in nix = let - notSelfInputs = filterAttrs (n: _: n != "self") inputs; + notSelfInputs = lib.filterAttrs (n: _: n != "self") inputs; in { - package = mkForce pkgs.nix; # Only use stable Nix. + package = lib.mkForce pkgs.nix; # Only use stable Nix. - nixPath = mapAttrsToList (n: v: "${n}=${v}") notSelfInputs ++ [ + nixPath = lib.mapAttrsToList (n: v: "${n}=${v}") notSelfInputs ++ [ "nixfiles=${config.my.home}/src/nixfiles" ]; - registry = mapAttrs (_: flake: { inherit flake; }) notSelfInputs // { + registry = lib.mapAttrs (_: flake: { inherit flake; }) notSelfInputs // { nixfiles.flake = inputs.self; }; @@ -77,7 +76,7 @@ in "pipe-operators" ]; - trusted-users = [ my.username ]; + trusted-users = [ lib.my.username ]; substituters = [ "https://nix-community.cachix.org" @@ -95,7 +94,7 @@ in }; nixpkgs = { - config.allowUnfreePredicate = p: elem (getName p) cfg.allowedUnfreePackages; + config.allowUnfreePredicate = p: lib.elem (lib.getName p) cfg.allowedUnfreePackages; overlays = [ inputs.self.overlays.default ]; }; @@ -106,16 +105,16 @@ in defaultPackages = [ ]; systemPackages = with pkgs; - optionals this.isHeadful [ + lib.optionals this.isHeadful [ nix-tree nixfiles ]; variables = { - NIXFILES = optionalString this.isHeadful "${config.my.home}/src/nixfiles"; + NIXFILES = lib.optionalString this.isHeadful "${config.my.home}/src/nixfiles"; NIX_SHELL_PRESERVE_PROMPT = "1"; }; }; - system.stateVersion = this.stateVersion or trivial.release; + system.stateVersion = this.stateVersion or lib.trivial.release; }; } diff --git a/modules/common/secrets.nix b/modules/common/secrets.nix index 77dee44..2b8082e 100644 --- a/modules/common/secrets.nix +++ b/modules/common/secrets.nix @@ -6,11 +6,10 @@ this, ... }: -with lib; { imports = [ inputs.agenix.nixosModules.default - (mkAliasOptionModule + (lib.mkAliasOptionModule [ "secrets" ] [ "age" @@ -22,9 +21,11 @@ with lib; config = { age.identityPaths = if this.isHeadful then - [ "${config.my.home}/.ssh/id_${my.ssh.type}" ] + [ "${config.my.home}/.ssh/id_${lib.my.ssh.type}" ] else - map (attr: attr.path) (filter (attr: attr.type == my.ssh.type) config.services.openssh.hostKeys); + config.services.openssh.hostKeys + |> lib.filter (attr: attr.type == lib.my.ssh.type) + |> map (attr: attr.path); environment.systemPackages = with pkgs; [ age diff --git a/modules/common/shell/default.nix b/modules/common/shell/default.nix index 6c0b78f..7c6c835 100644 --- a/modules/common/shell/default.nix +++ b/modules/common/shell/default.nix @@ -182,7 +182,7 @@ in command-not-found.enable = false; }; - home.packages = with pkgs; [ grc ]; + home.packages = [ pkgs.grc ]; }; programs.command-not-found.enable = false; diff --git a/modules/common/stylix.nix b/modules/common/stylix.nix index f17cb4c..22c21c1 100644 --- a/modules/common/stylix.nix +++ b/modules/common/stylix.nix @@ -6,11 +6,10 @@ this, ... }: -with lib; { imports = [ inputs.stylix.nixosModules.stylix - (mkAliasOptionModule + (lib.mkAliasOptionModule [ "colors" ] [ "lib" @@ -20,7 +19,7 @@ with lib; ) ]; - options.nixfiles.modules.common.stylix.fonts.extraPackages = mkOption { + options.nixfiles.modules.common.stylix.fonts.extraPackages = lib.mkOption { description = "Font packages."; default = with pkgs; [ font-awesome @@ -40,7 +39,6 @@ with lib; config = { stylix = { enable = this.isHeadful; - autoEnable = this.isHeadful; image = pkgs.fetchurl { url = "https://upload.wikimedia.org/wikipedia/commons/a/a5/Bonaparte_ante_la_Esfinge%2C_por_Jean-Léon_Gérôme.jpg"; @@ -85,31 +83,31 @@ with lib; }; fonts = { - packages = mkAfter config.nixfiles.modules.common.stylix.fonts.extraPackages; + packages = lib.mkAfter config.nixfiles.modules.common.stylix.fonts.extraPackages; fontconfig = { enable = this.isHeadful; defaultFonts = with config.stylix.fonts; { - serif = mkForce [ + serif = lib.mkForce [ serif.name "Sarasa Gothic" "Source Han Serif" "Noto Serif" ]; - sansSerif = mkForce [ + sansSerif = lib.mkForce [ sansSerif.name "Sarasa Gothic" "Source Han Sans" "Noto Sans" ]; - monospace = mkForce [ + monospace = lib.mkForce [ monospace.name "Sarasa Mono" "Source Han Mono" "Noto Sans Mono" ]; - emoji = mkForce [ + emoji = lib.mkForce [ emoji.name "Noto Color Emoji" ]; diff --git a/modules/common/users.nix b/modules/common/users.nix index e0811b7..ffe6234 100644 --- a/modules/common/users.nix +++ b/modules/common/users.nix @@ -1,16 +1,15 @@ { lib, ... }: -with lib; let - home = "/home/${my.username}"; + home = "/home/${lib.my.username}"; in { imports = [ - (mkAliasOptionModule + (lib.mkAliasOptionModule [ "my" ] [ "users" "users" - my.username + lib.my.username ] ) ]; @@ -26,13 +25,13 @@ in password = null; }; - ${my.username} = { + ${lib.my.username} = { isNormalUser = true; uid = 1000; - description = my.fullname; + description = lib.my.fullname; inherit home; - inherit (my) hashedPassword; - openssh.authorizedKeys.keys = [ my.ssh.key ]; + inherit (lib.my) hashedPassword; + openssh.authorizedKeys.keys = [ lib.my.ssh.key ]; extraGroups = [ "wheel" ]; }; }; diff --git a/modules/common/xdg.nix b/modules/common/xdg.nix index e91d2c5..805afe1 100644 --- a/modules/common/xdg.nix +++ b/modules/common/xdg.nix @@ -93,21 +93,24 @@ in }; hm.xdg = lib.mkMerge [ - (with cfg; { + { enable = true; - inherit cacheHome; - inherit configHome; - inherit dataHome; - inherit stateHome; - inherit userDirs; - }) + inherit (cfg) + cacheHome + configHome + dataHome + stateHome + userDirs + ; + } (lib.mkIf this.isHeadful { mimeApps = { enable = true; - defaultApplications = lib.mkMerge ( - lib.mapAttrsToList (n: v: lib.genAttrs v (_: [ "${n}.desktop" ])) cfg.defaultApplications - ); + defaultApplications = + cfg.defaultApplications + |> lib.mapAttrsToList (n: v: lib.genAttrs v (_: [ "${n}.desktop" ])) + |> lib.mkMerge; }; }) ]; diff --git a/modules/curl.nix b/modules/curl.nix index 3c318fc..aa6ff27 100644 --- a/modules/curl.nix +++ b/modules/curl.nix @@ -4,14 +4,13 @@ pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.curl; in { - options.nixfiles.modules.curl.enable = mkEnableOption "cURL"; + options.nixfiles.modules.curl.enable = lib.mkEnableOption "cURL"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { hm.xdg.configFile.".curlrc".text = '' connect-timeout = 60 progress-bar @@ -31,7 +30,7 @@ in form="$form-" fi - ${getExe curl} --form "$form" "$url" + ${lib.getExe curl} --form "$form" "$url" '') ]; }; diff --git a/modules/direnv.nix b/modules/direnv.nix index 2ab0b3f..716181f 100644 --- a/modules/direnv.nix +++ b/modules/direnv.nix @@ -1,12 +1,11 @@ { config, lib, ... }: -with lib; let cfg = config.nixfiles.modules.direnv; in { - options.nixfiles.modules.direnv.enable = mkEnableOption "direnv"; + options.nixfiles.modules.direnv.enable = lib.mkEnableOption "direnv"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { hm.programs.direnv = { enable = true; config.global = { diff --git a/modules/docker.nix b/modules/docker.nix index 330d417..ce8182a 100644 --- a/modules/docker.nix +++ b/modules/docker.nix @@ -32,7 +32,7 @@ in virtualisation.docker.enable = true; - environment.systemPackages = with pkgs; [ docker-compose ]; + environment.systemPackages = [ pkgs.docker-compose ]; my.extraGroups = [ "docker" ]; }; diff --git a/modules/dwm.nix b/modules/dwm.nix index 912be0c..9b38900 100644 --- a/modules/dwm.nix +++ b/modules/dwm.nix @@ -4,14 +4,13 @@ pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.dwm; in { - options.nixfiles.modules.dwm.enable = mkEnableOption "dwm"; + options.nixfiles.modules.dwm.enable = lib.mkEnableOption "dwm"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { nixfiles.modules.x11.enable = true; hm.xsession = { @@ -93,7 +92,7 @@ in NULL, }; static const char *termcmd[] = { - "${getExe pkgs.alacritty}", + "${lib.getExe pkgs.alacritty}", NULL, }; @@ -148,7 +147,7 @@ in ''; }; in - getExe' pkg "dwm"; + lib.getExe' pkg "dwm"; }; hm.services.dwm-status = { diff --git a/modules/editorconfig.nix b/modules/editorconfig.nix index e7f55ff..56cb20c 100644 --- a/modules/editorconfig.nix +++ b/modules/editorconfig.nix @@ -1,12 +1,11 @@ { config, lib, ... }: -with lib; let cfg = config.nixfiles.modules.editorconfig; in { - options.nixfiles.modules.editorconfig.enable = mkEnableOption "Editorconfig"; + options.nixfiles.modules.editorconfig.enable = lib.mkEnableOption "Editorconfig"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { hm.editorconfig = { enable = true; settings = { diff --git a/modules/emacs/default.nix b/modules/emacs/default.nix index 71bc24c..e546ddd 100644 --- a/modules/emacs/default.nix +++ b/modules/emacs/default.nix @@ -5,17 +5,16 @@ pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.emacs; in { - options.nixfiles.modules.emacs.enable = mkEnableOption "GNU Emacs"; + options.nixfiles.modules.emacs.enable = lib.mkEnableOption "GNU Emacs"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { secrets.authinfo = { file = "${inputs.self}/secrets/authinfo"; - owner = my.username; + owner = lib.my.username; }; nixfiles.modules = { @@ -40,7 +39,7 @@ in stylix.targets.emacs.enable = false; xdg.configFile = - mapAttrs + lib.mapAttrs ( _: value: value @@ -50,7 +49,7 @@ in export DOOMDIR="''${XDG_CONFIG_HOME:-$HOME/.config}/doom" if [[ ! -d "$EMACSDIR/.git" ]]; then - ${getExe git.package} clone --depth=1 --branch=master \ + ${lib.getExe git.package} clone --depth=1 --branch=master \ "https://github.com/doomemacs/doomemacs" "$EMACSDIR" fi @@ -74,7 +73,7 @@ in "doom/init.el".source = ./doom/init.el; "doom/packages.el".source = ./doom/packages.el; "doom/config.el" = { - text = concatLines [ + text = lib.concatLines [ ( let extraBins = with pkgs; [ @@ -85,6 +84,9 @@ in ] )) # :checkers (spell +aspell) asmfmt # :editor format + shirepyright # :lang (python +lsp) + bash-language-server # :lang (sh +lsp) + cabal-install # :lang haskell cargo # :lang rust clang-tools # :lang (cc +lsp) :editor format cmake-format # :lang cc :editor format @@ -95,6 +97,7 @@ in dockerfile-language-server-nodejs # :tools (docker +lsp) dockfmt # :tools docker :editor format editorconfig-core-c # :tools editorconfig + eslint # :lang (json +lsp) fd # doom! gcc # :lang cc gdb # :tools debugger @@ -111,11 +114,9 @@ in gotools # :lang go graphviz # :lang (org +roam2) :lang plantuml gzip # :tools tree-sitter + haskell-language-server # :lang (haskell +lsp) haskellPackages.cabal-fmt # :lang haskell :editor format - haskellPackages.cabal-install # :lang haskell - haskellPackages.haskell-language-server # :lang (haskell +lsp) haskellPackages.hoogle # :lang haskell - haskellPackages.ormolu # :lang haskell :editor format html-tidy # :lang web :editor format jdk # :lang java :lang plantuml :checkers grammar languagetool # :checkers grammar @@ -124,24 +125,14 @@ in nixd # :lang (nix +lsp) nixfmt # :lang nix :editor format nls # :lang (nickel +lsp) - nodePackages.bash-language-server # :lang (sh +lsp) - # nodePackages.eslint # :lang (json +lsp) nodePackages.js-beautify # :lang web nodePackages.prettier # :editor format - nodePackages.stylelint # :lang web nodejs # :tools debugger + ormolu # :lang haskell :editor format pandoc # :lang org markdown latex pinentry-emacs # doom! - pipenv # :lang python - poetry # :lang python pre-commit # :tools magit - pyright # :lang python :editor format python3 # :lang python - python3Packages.black # :lang python :editor format - python3Packages.isort # :lang python :editor format - python3Packages.nose2 # :lang python - python3Packages.pyflakes # :lang python :editor format - python3Packages.pytest # :lang python ripgrep # doom! rust-analyzer # :lang (rust +lsp) rustc # :lang rust @@ -150,10 +141,14 @@ in shfmt # :lang sh :editor format sops sqlite # :lang (org +roam2) :tools lookup + stylelint # :lang web terraform-ls # :tools (terraform +lsp) texlab # lang (tex +lsp) texlive.combined.scheme-full # :lang org tex + tinymist + typst unzip # :tools debugger + uv # :lang python vscode-langservers-extracted # :lang (json +lsp) (web +lsp) wordnet # :tools (lookup +dictionary +offline) yaml-language-server # :lang (yaml +lsp) @@ -163,14 +158,14 @@ in '' ;; Integrate packages which are required by various modules ;; without polluting the user's profile. - (setq exec-path (append exec-path '(${concatMapStringsSep " " (x: ''"${x}/bin"'') extraBins}))) - (setenv "PATH" (concat (getenv "PATH") ":${concatMapStringsSep ":" (x: "${x}/bin") extraBins}")) + (setq exec-path (append exec-path '(${lib.concatMapStringsSep " " (x: ''"${x}/bin"'') extraBins}))) + (setenv "PATH" (concat (getenv "PATH") ":${lib.concatMapStringsSep ":" (x: "${x}/bin") extraBins}")) (appendq! auth-sources '(("${config.secrets.authinfo.path}"))) - ;; HACK Explicitly load specific Emacs packages from Nixpkgs. - ;; For some reason providing them as "extraPackages" doesn't - ;; work. + ;; HACK Explicitly load specific Emacs packages from + ;; Nixpkgs. For some reason providing them as + ;; "extraPackages" doesn't work. (add-to-list 'load-path "${pkgs.mu.mu4e}/share/emacs/site-lisp/mu4e") (add-to-list 'load-path "${pkgs.emacsPackages.vterm}/share/emacs/site-lisp/elpa/vterm-${pkgs.emacsPackages.vterm.version}") (load "${ @@ -189,17 +184,17 @@ in (setq parinfer-rust-library "${pkgs.parinfer-rust-emacs}/lib/libparinfer_rust.so") ;; :lang (org +roam2) :email mu4e - (setq emacsql-sqlite-executable "${getExe pkgs.emacsql-sqlite}") + (setq emacsql-sqlite-executable "${lib.getExe pkgs.emacsql-sqlite}") ;; :lang plantuml (setq plantuml-jar-path "${pkgs.plantuml}/lib/plantuml.jar" - plantuml-executable-path "${getExe' pkgs.plantuml "plantuml"}" + plantuml-executable-path "${lib.getExe' pkgs.plantuml "plantuml"}" org-plantuml-jar-path plantuml-jar-path org-plantuml-executable-path plantuml-executable-path) ;; :app irc - (setq circe-default-nick "${my.username}" - circe-default-realname "${my.email}" + (setq circe-default-nick "${lib.my.username}" + circe-default-realname "${lib.my.email}" circe-default-user circe-default-nick) '' ) @@ -210,37 +205,29 @@ in doom-emoji-font "${emoji.name}-${toString sizes.terminal}") '') ( - with config.hm.accounts.email; let mu4eAccounts = - let - muAccounts = filter (a: a.mu.enable) (attrValues accounts); - in - concatMapStringsSep "\n" ( - a: - with a; - let - personalAddresses = concatMapStringsSep " " (v: ''"${v}"'') aliases; - in - '' - (set-email-account! "${name}" - '((user-full-name . "${realName}") - (user-mail-address . "${address}") - (mu4e-inbox-folder . "/${name}/${folders.inbox}") - (mu4e-sent-folder . "/${name}/${folders.sent}") - (mu4e-drafts-folder . "/${name}/${folders.drafts}") - (mu4e-trash-folder . "/${name}/${folders.trash}") - (mu4e-refile-folder . "/${name}/Archive") - ${optionalString (signature.showSignature != "none") - ''(mu4e-compose-signature . "${replaceStrings [ "\n" ] [ "\\n" ] signature.text}")'' - } - (+mu4e-personal-addresses . (${personalAddresses}))) - t) - '' - ) muAccounts; + config.hm.accounts.email.accounts + |> lib.attrValues + |> lib.filter (x: x.mu.enable) + |> lib.concatMapStringsSep "\n" (a: '' + (set-email-account! "${a.name}" + '((user-full-name . "${a.realName}") + (user-mail-address . "${a.address}") + (mu4e-inbox-folder . "/${a.name}/${a.folders.inbox}") + (mu4e-sent-folder . "/${a.name}/${a.folders.sent}") + (mu4e-drafts-folder . "/${a.name}/${a.folders.drafts}") + (mu4e-trash-folder . "/${a.name}/${a.folders.trash}") + (mu4e-refile-folder . "/${a.name}/Archive") + ${lib.optionalString (a.signature.showSignature != "none") + ''(mu4e-compose-signature . "${lib.replaceStrings [ "\n" ] [ "\\n" ] a.signature.text}")'' + } + (+mu4e-personal-addresses . (${lib.concatMapStringsSep " " (x: ''"${x}"'') a.aliases}))) + t) + ''); in '' - (setq mu4e-root-maildir "${maildirBasePath}") + (setq mu4e-root-maildir "${config.hm.accounts.email.maildirBasePath}") ${mu4eAccounts} '' @@ -256,12 +243,12 @@ in package = pkgs.emacs29-pgtk; }; - bash.initExtra = mkAfter '' + bash.initExtra = lib.mkAfter '' export PATH="$PATH:$XDG_CONFIG_HOME/emacs/bin" - # https://github.com/akermu/emacs-libvterm + # https://github.com/akermu/emacs-libvterm?tab=readme-ov-file#shell-side-configuration if [[ "$INSIDE_EMACS" = vterm ]] && [[ -n "$EMACS_VTERM_PATH" ]] && [[ -f "$EMACS_VTERM_PATH/etc/emacs-vterm-bash.sh" ]]; then - source "$EMACS_VTERM_PATH/etc/emacs-vterm-bash.sh" + source "$EMACS_VTERM_PATH/etc/emacs-vterm-bash.sh" fi # Not sourced from inside Emacs for some reason. Maybe it's not diff --git a/modules/emacs/doom/config.el b/modules/emacs/doom/config.el index be481d4..d7ab80e 100644 --- a/modules/emacs/doom/config.el +++ b/modules/emacs/doom/config.el @@ -52,8 +52,21 @@ ;;; LSP ;; -(setq! lsp-enable-suggest-server-download nil - lsp-modeline-code-actions-enable nil) +(after! lsp-mode + (setq! lsp-enable-server-download nil + lsp-enable-suggest-server-download nil + lsp-modeline-code-action-fallback-icon "~")) + +;; +;;; Tree-Sitter +;; + +(use-package! treesit-auto + :disabled + :custom (treesit-auto-install 'prompt) + :config + (treesit-auto-add-to-auto-mode-alist 'all) + (global-treesit-auto-mode)) ;; ;;; Nix @@ -81,52 +94,60 @@ ;;; Org ;; -(setq! org-directory "~/doc/org/") +(setq! org-directory "~/doc/org/" + org-roam-directory "~/doc/roam/" + org-roam-db-location (concat org-roam-directory ".db")) -;; For some reason only using `after!' work here. `setq-hook!' and etc doesn't -;; produce expected results. (after! org - (setq! org-todo-keywords '((sequence - "TODO(t)" - "LOOP(r)" - "STRT(s@)" - "WAIT(w@/!)" - "HOLD(h@/!)" - "IDEA(i)" - "PROJ(p)" - "|" - "DONE(d@/!)" - "KILL(k@/!)")) - org-todo-keyword-faces '(("STRT" . +org-todo-active) - ("WAIT" . +org-todo-onhold) - ("HOLD" . +org-todo-onhold) - ("PROJ" . +org-todo-project) - ("KILL" . +org-todo-cancel)) - org-capture-templates '(("t" "Todo" entry - (file+headline +org-capture-todo-file "Inbox") - "* TODO %?\n%i\n%a" :prepend t) - ("n" "Note" entry - (file+headline +org-capture-notes-file "Inbox") - "* %u %?\n%i\n%a" :prepend t) - ("j" "Journal" entry - (file+olp+datetree +org-capture-journal-file) - "* %U %?\n%i\n%a" :prepend t)))) + (setq! org-todo-keywords + '((sequence + "TODO(t)" + "LOOP(r)" + "STRT(s@)" + "WAIT(w@/!)" + "HOLD(h@/!)" + "IDEA(i)" + "PROJ(p)" + "|" + "DONE(d@/!)" + "KILL(k@/!)")) + org-todo-keyword-faces + '(("STRT" . +org-todo-active) + ("WAIT" . +org-todo-onhold) + ("HOLD" . +org-todo-onhold) + ("PROJ" . +org-todo-project) + ("KILL" . +org-todo-cancel)) + org-capture-templates + '(("t" "Todo" entry + (file+headline +org-capture-todo-file "Inbox") + "* TODO %?\n%i\n%a" :prepend t) + ("n" "Note" entry + (file+headline +org-capture-notes-file "Inbox") + "* %u %?\n%i\n%a" :prepend t) + ("j" "Journal" entry + (file+olp+datetree +org-capture-journal-file) + "* %U %?\n%i\n%a" :prepend t)))) (add-hook! 'org-mode-hook 'auto-fill-mode) (setq-hook! 'org-mode-hook fill-column 80) -(setq! org-roam-directory "~/doc/roam/" - org-roam-db-location (concat org-roam-directory ".db")) - (use-package! org-roam-ui :requires websocket :after org-roam :config - (setq org-roam-ui-sync-theme t - org-roam-ui-follow t - org-roam-ui-update-on-save t - org-roam-ui-open-on-start t)) + (setq! org-roam-ui-sync-theme t + org-roam-ui-follow t + org-roam-ui-update-on-save t + org-roam-ui-open-on-start t)) + +(use-package! org-roam-timestamps + :after org-roam + :custom (org-roam-timestamps-parent-file t)) + +(custom-set-faces! '(org-headline-done :strike-through t)) + +(add-hook 'org-capture-mode-hook 'evil-insert-state) ;; ;;; LaTeX @@ -136,6 +157,29 @@ :i "TAB" #'cdlatex-tab) ;; +;;; Typst +;; + +(use-package! typst-ts-mode + :custom (typst-ts-watch-options "--open") + :config + (add-to-list 'lsp-language-id-configuration '(typst-ts-mode . "typst")) + (lsp-register-client (make-lsp-client + :new-connection (lsp-stdio-connection "tinymist") + :server-id 'tinymist + :major-modes '(typst-ts-mode))) + (add-hook 'typst-ts-mode-hook 'lsp-deferred) + + (when (boundp 'treesit-auto-recipe-list) + (add-to-list 'treesit-auto-recipe-list + (make-treesit-auto-recipe + :lang 'typst + :ts-mode 'typst-ts-mode + :url "https://github.com/uben0/tree-sitter-typst" + :revision "master" + :source-dir "src")))) + +;; ;;; PlantUML ;; @@ -165,9 +209,8 @@ (add-to-list 'lsp-language-id-configuration '(nickel-mode . "nickel")) (lsp-register-client (make-lsp-client :new-connection (lsp-stdio-connection "nls") - :activation-fn (lsp-activate-on "nickel") :server-id 'nls - :major-modes 'nickel-mode)) + :major-modes '(nickel-mode))) (add-hook 'nickel-mode-hook 'lsp-deferred))) ;; @@ -205,7 +248,11 @@ send-mail-function #'smtpmail-send-it message-sendmail-f-is-evil t message-sendmail-extra-arguments '("--read-envelope-from") - message-send-mail-function #'message-send-mail-with-sendmail)) + message-send-mail-function #'message-send-mail-with-sendmail + shr-use-colors nil)) + +(use-package! mu4e-patch + :hook (mu4e-view-mode . mu4e-patch-highlight)) (setq-hook! 'mu4e-main-mode-hook mu4e-update-interval 30) @@ -281,80 +328,91 @@ mistral:7b-instruct-fp16)))) (use-package! ellama - :init - (setq! ellama-naming-scheme 'ellama-generate-name-by-time) + :custom (ellama-naming-scheme 'ellama-generate-name-by-time) :config (require 'llm-ollama) - (setq! ellama-provider (make-llm-ollama - :scheme "http" - :host "eonwe.shire.net" - :port 11434 - :chat-model "llama3.2:3b-instruct-fp16" - :embedding-model "nomic-embed-text:latest") - ellama-providers '(("llama" . (make-llm-ollama - :scheme "http" - :host "eonwe.shire.net" - :port 11434 - :chat-model "llama3.2:3b-instruct-fp16" - :embedding-model "nomic-embed-text:latest")) - ("qwen" . (make-llm-ollama - :scheme "http" - :host "eonwe.shire.net" - :port 11434 - :chat-model "qwen2:7b-instruct-fp16" - :embedding-model "nomic-embed-text:latest")) - ("qwen-coder" . (make-llm-ollama - :scheme "http" - :host "eonwe.shire.net" - :port 11434 - :chat-model "qwen2.5-coder:14b-instruct-q8_0" - :embedding-model "nomic-embed-text:latest")) - ("gemma" . (make-llm-ollama - :scheme "http" - :host "eonwe.shire.net" - :port 11434 - :chat-model "gemma:7b-instruct-q8_0" - :embedding-model "nomic-embed-text:latest")) - ("mistral" . (make-llm-ollama - :scheme "http" - :host "eonwe.shire.net" - :port 11434 - :chat-model "mistral:7b-instruct-fp16" - :embedding-model "nomic-embed-text:latest")) - ("opencoder" . (make-llm-ollama - :scheme "http" - :host "eonwe.shire.net" - :port 11434 - :chat-model "opencoder:8b-instruct-fp16" - :embedding-model "nomic-embed-text:latest")) - ("granite" . (make-llm-ollama - :scheme "http" - :host "eonwe.shire.net" - :port 11434 - :chat-model "granite3.1-moe:3b-instruct-fp16" - :embedding-model "granite-embedding:278m-fp16"))) - ellama-translation-provider (make-llm-ollama - :scheme "http" - :host "eonwe.shire.net" - :port 11434 - :chat-model "mistral:7b-instruct-fp16" - :embedding-model "nomic-embed-text:latest") - ellama-summarization-provider (make-llm-ollama - :scheme "http" - :host "eonwe.shire.net" - :port 11434 - :chat-model "mistral:7b-instruct-fp16" - :embedding-model "nomic-embed-text:latest"))) + (setq! ellama-providers + '(("llama" . + (make-llm-ollama + :scheme "http" + :host "eonwe.shire.net" + :port 11434 + :chat-model "llama3.2:3b-instruct-fp16" + :embedding-model "nomic-embed-text:latest")) + ("qwen" . + (make-llm-ollama + :scheme "http" + :host "eonwe.shire.net" + :port 11434 + :chat-model "qwen2:7b-instruct-fp16" + :embedding-model "nomic-embed-text:latest")) + ("qwen-coder" . + (make-llm-ollama + :scheme "http" + :host "eonwe.shire.net" + :port 11434 + :chat-model "qwen2.5-coder:14b-instruct-q8_0" + :embedding-model "nomic-embed-text:latest")) + ("gemma" . + (make-llm-ollama + :scheme "http" + :host "eonwe.shire.net" + :port 11434 + :chat-model "gemma:7b-instruct-q8_0" + :embedding-model "nomic-embed-text:latest")) + ("mistral" . + (make-llm-ollama + :scheme "http" + :host "eonwe.shire.net" + :port 11434 + :chat-model "mistral:7b-instruct-fp16" + :embedding-model "nomic-embed-text:latest")) + ("opencoder" . + (make-llm-ollama + :scheme "http" + :host "eonwe.shire.net" + :port 11434 + :chat-model "opencoder:8b-instruct-fp16" + :embedding-model "nomic-embed-text:latest")) + ("granite" . + (make-llm-ollama + :scheme "http" + :host "eonwe.shire.net" + :port 11434 + :chat-model "granite3.1-moe:3b-instruct-fp16" + :embedding-model "granite-embedding:278m-fp16"))) + ellama-provider + (make-llm-ollama + :scheme "http" + :host "eonwe.shire.net" + :port 11434 + :chat-model "llama3.2:3b-instruct-fp16" + :embedding-model "nomic-embed-text:latest") + ellama-translation-provider + (make-llm-ollama + :scheme "http" + :host "eonwe.shire.net" + :port 11434 + :chat-model "mistral:7b-instruct-fp16" + :embedding-model "nomic-embed-text:latest") + ellama-summarization-provider + (make-llm-ollama + :scheme "http" + :host "eonwe.shire.net" + :port 11434 + :chat-model "mistral:7b-instruct-fp16" + :embedding-model "nomic-embed-text:latest"))) (use-package! magit-gptcommit :after magit :config (require 'llm-ollama) - (setq! magit-gptcommit-llm-provider (make-llm-ollama - :scheme "http" - :host "eonwe.shire.net" - :port 11434 - :chat-model "qwen2.5-coder:32b-instruct-q3_K_M" - :embedding-model "nomic-embed-text:latest")) + (setq! magit-gptcommit-llm-provider + (make-llm-ollama + :scheme "http" + :host "eonwe.shire.net" + :port 11434 + :chat-model "qwen2.5-coder:32b-instruct-q3_K_M" + :embedding-model "nomic-embed-text:latest")) (magit-gptcommit-status-buffer-setup)) diff --git a/modules/emacs/doom/init.el b/modules/emacs/doom/init.el index 51d4291..eddaf28 100644 --- a/modules/emacs/doom/init.el +++ b/modules/emacs/doom/init.el @@ -87,7 +87,7 @@ (org +pandoc +roam2) plantuml graphviz - (python +poetry +pyright +lsp +tree-sitter) + (python +lsp +tree-sitter +pyright) ;; (racket +lsp +tree-sitter +xp +hash-lang) rest (rust +lsp +tree-sitter) diff --git a/modules/emacs/doom/packages.el b/modules/emacs/doom/packages.el index a7085da..f818377 100644 --- a/modules/emacs/doom/packages.el +++ b/modules/emacs/doom/packages.el @@ -4,16 +4,12 @@ (unpin! evil-collection) +(package! treesit-auto) + (package! xclip) (package! org-roam-ui) - -;; https://github.com/doomemacs/doomemacs/issues/8166 -;; https://github.com/org-roam/org-roam/issues/2485 -(unpin! emacsql) -(package! emacsql - :recipe (:host github :repo "magit/emacsql") - :pin "491105a01f58bf0b346cbc0254766c6800b229a2") +(package! org-roam-timestamps) (package! nickel-mode) @@ -26,6 +22,11 @@ (package! ellama) (package! magit-gptcommit) +(unpin! (:tools tree-sitter)) + +(package! typst-ts-mode + :recipe (:host codeberg :repo "meow_king/typst-ts-mode")) + ;; (package! tvl ;; :recipe (:host nil ;; :repo "https://code.tvl.fyi/depot.git:/tools/emacs-pkgs/tvl.git" diff --git a/modules/endlessh-go.nix b/modules/endlessh-go.nix index 2919534..5d3ddfe 100644 --- a/modules/endlessh-go.nix +++ b/modules/endlessh-go.nix @@ -4,18 +4,17 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.endlessh-go; in { - options.nixfiles.modules.endlessh-go.enable = mkEnableOption "endlessh-go"; + options.nixfiles.modules.endlessh-go.enable = lib.mkEnableOption "endlessh-go"; config = let port = 22; in - mkIf cfg.enable { + lib.mkIf cfg.enable { services.endlessh-go = { enable = true; listenAddress = "0.0.0.0"; diff --git a/modules/endlessh.nix b/modules/endlessh.nix index e607935..6a071b8 100644 --- a/modules/endlessh.nix +++ b/modules/endlessh.nix @@ -1,16 +1,15 @@ { config, lib, ... }: -with lib; let cfg = config.nixfiles.modules.endlessh; in { - options.nixfiles.modules.endlessh.enable = mkEnableOption "endlessh"; + options.nixfiles.modules.endlessh.enable = lib.mkEnableOption "endlessh"; config = let port = 22; in - mkIf cfg.enable { + lib.mkIf cfg.enable { services.endlessh = { enable = true; inherit port; diff --git a/modules/eza.nix b/modules/eza.nix index 96b7d4c..a0163dc 100644 --- a/modules/eza.nix +++ b/modules/eza.nix @@ -4,14 +4,13 @@ pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.eza; in { - options.nixfiles.modules.eza.enable = mkEnableOption "eza, an alternative to ls"; + options.nixfiles.modules.eza.enable = lib.mkEnableOption "eza, an alternative to ls"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { nixfiles.modules.common.shell.aliases = rec { ls = "eza --smart-group --dereference"; ll = "${ls} --long --grid"; diff --git a/modules/fail2ban.nix b/modules/fail2ban.nix index a0cc2b4..3659b15 100644 --- a/modules/fail2ban.nix +++ b/modules/fail2ban.nix @@ -4,14 +4,13 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.fail2ban; in { - options.nixfiles.modules.fail2ban.enable = mkEnableOption "fail2ban"; + options.nixfiles.modules.fail2ban.enable = lib.mkEnableOption "fail2ban"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { ark.directories = [ "/var/lib/fail2ban" ]; services.fail2ban = { @@ -23,7 +22,7 @@ in rndtime = "8m"; }; - ignoreIP = optionals (hasAttr "wireguard" this) ( + ignoreIP = lib.optionals (lib.hasAttr "wireguard" this) ( with config.nixfiles.modules.wireguard; [ ipv4.subnet diff --git a/modules/firefox/default.nix b/modules/firefox/default.nix index bad56ff..0d1fe36 100644 --- a/modules/firefox/default.nix +++ b/modules/firefox/default.nix @@ -5,14 +5,13 @@ pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.firefox; in { - options.nixfiles.modules.firefox.enable = mkEnableOption "Firefox"; + options.nixfiles.modules.firefox.enable = lib.mkEnableOption "Firefox"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { nixfiles.modules.common.xdg.defaultApplications.firefox = [ "text/html" "x-scheme-handler/http" @@ -22,7 +21,7 @@ in hm = { imports = [ inputs.arkenfox.hmModules.arkenfox ]; - home.packages = with pkgs; [ profile-cleaner ]; + home.packages = [ pkgs.profile-cleaner ]; stylix.targets.firefox = { enable = true; @@ -40,10 +39,10 @@ in let mkCssWithRoot = css: - mkMerge [ + [ ( let - mapFonts = concatMapStringsSep ", " (font: ''"${font}"''); + mapFonts = lib.concatMapStringsSep ", " (font: ''"${font}"''); size = toString config.stylix.fonts.sizes.applications; in with config.fonts.fontconfig.defaultFonts; @@ -59,7 +58,8 @@ in '' ) (builtins.readFile css) - ]; + ] + |> lib.concatLines; in { id = 0; @@ -76,7 +76,7 @@ in # goes to Robert Helgesson. # # [1]: https://sr.ht/~rycee/mozilla-addons-to-nix/ - buildFirefoxXpiAddon = makeOverridable ( + buildFirefoxXpiAddon = lib.makeOverridable ( { stdenv ? pkgs.stdenv, fetchurl ? pkgs.fetchurl, @@ -102,6 +102,7 @@ in in with addons; [ + bitwarden consent-o-matic furiganaize indie-wiki-buddy @@ -115,8 +116,8 @@ in user-agent-switcher violentmonkey ] - ++ optional config.nixfiles.modules.kde.enable plasma-integration - ++ optional config.nixfiles.modules.ipfs.enable ipfs-companion; + ++ lib.optional config.nixfiles.modules.kde.enable plasma-integration + ++ lib.optional config.nixfiles.modules.ipfs.enable ipfs-companion; search = { force = true; @@ -405,11 +406,11 @@ in name = "XUL"; url = "chrome://browser/content/browser.xhtml"; } - (mkIf syncthing.enable { + (lib.mkIf syncthing.enable { name = "Syncthing"; url = "http://${config.services.syncthing.guiAddress}"; }) - (mkIf ipfs.enable { + (lib.mkIf ipfs.enable { name = "IPFS"; url = "http://127.0.0.1:${toString ipfs.apiPort}/webui"; }) @@ -501,8 +502,8 @@ in "browser.protections_panel.infoMessage.seen" = true; "browser.region.update.region" = "US"; "browser.search.region" = "US"; - "browser.search.separatePrivateDefault" = mkForce false; - "browser.search.separatePrivateDefault.ui.enabled" = mkForce false; + "browser.search.separatePrivateDefault" = lib.mkForce false; + "browser.search.separatePrivateDefault.ui.enabled" = lib.mkForce false; "browser.search.update" = false; "browser.shell.checkDefaultBrowser" = false; "browser.tabs.closeWindowWithLastTab" = true; @@ -516,6 +517,7 @@ in "browser.theme.dark-private-windows" = false; "browser.toolbars.bookmarks.visibility" = "newtab"; "browser.translations.enable" = false; + "browser.uidensity" = 0; "browser.urlbar.decodeURLsOnCopy" = true; "browser.urlbar.suggest.addons" = false; "browser.urlbar.suggest.bookmark" = true; @@ -538,7 +540,9 @@ in "media.hardwaremediakeys.enabled" = false; "media.videocontrols.picture-in-picture.video-toggle.enabled" = false; "reader.parse-on-load.enabled" = false; + "svg.context-properties.content.enabled" = true; "toolkit.legacyUserProfileCustomizations.stylesheets" = true; + "widget.gtk.rounded-bottom-corners.enabled" = true; }; }; }; diff --git a/modules/foot.nix b/modules/foot.nix index 502e143..c449864 100644 --- a/modules/foot.nix +++ b/modules/foot.nix @@ -4,16 +4,15 @@ pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.foot; in { - options.nixfiles.modules.foot.enable = mkEnableOption "Foot terminal emulator"; + options.nixfiles.modules.foot.enable = lib.mkEnableOption "Foot terminal emulator"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { hm = { - home.packages = with pkgs; [ libsixel ]; + home.packages = [ pkgs.libsixel ]; programs.foot = { enable = true; @@ -26,7 +25,7 @@ in in "${n}x${n}"; }; - scrollback.lines = pow 2 14; + scrollback.lines = lib.pow 2 14; }; }; }; diff --git a/modules/games/default.nix b/modules/games/default.nix index b70b94b..17090bb 100644 --- a/modules/games/default.nix +++ b/modules/games/default.nix @@ -1,16 +1,15 @@ { config, lib, ... }: -with lib; let cfg = config.nixfiles.modules.games; in { - imports = attrValues (modulesIn ./.); + imports = lib.modulesIn ./. |> lib.attrValues; - options.nixfiles.modules.games.enable32BitSupport = mkEnableOption "support for games"; + options.nixfiles.modules.games.enable32BitSupport = lib.mkEnableOption "support for games"; - config = mkMerge [ + config = lib.mkMerge [ { hardware.graphics.enable = true; } - (mkIf cfg.enable32BitSupport { + (lib.mkIf cfg.enable32BitSupport { services = { jack.alsa.support32Bit = config.services.jack.alsa.enable; pipewire.alsa.support32Bit = config.services.pipewire.alsa.enable; diff --git a/modules/games/lutris.nix b/modules/games/lutris.nix index d926971..c2b352e 100644 --- a/modules/games/lutris.nix +++ b/modules/games/lutris.nix @@ -4,14 +4,13 @@ pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.games.lutris; in { - options.nixfiles.modules.games.lutris.enable = mkEnableOption "Lutris"; + options.nixfiles.modules.games.lutris.enable = lib.mkEnableOption "Lutris"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { nixfiles.modules.games = { gamemode.enable = true; mangohud.enable = true; diff --git a/modules/games/mangohud.nix b/modules/games/mangohud.nix index 955f50c..0571073 100644 --- a/modules/games/mangohud.nix +++ b/modules/games/mangohud.nix @@ -1,12 +1,11 @@ { config, lib, ... }: -with lib; let cfg = config.nixfiles.modules.games.mangohud; in { - options.nixfiles.modules.games.mangohud.enable = mkEnableOption "MangoHud"; + options.nixfiles.modules.games.mangohud.enable = lib.mkEnableOption "MangoHud"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { hm = { stylix.targets.mangohud.enable = false; diff --git a/modules/games/steam.nix b/modules/games/steam.nix index d8c6964..9d41b8f 100644 --- a/modules/games/steam.nix +++ b/modules/games/steam.nix @@ -4,14 +4,13 @@ pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.games.steam; in { - options.nixfiles.modules.games.steam.enable = mkEnableOption "Steam runtime"; + options.nixfiles.modules.games.steam.enable = lib.mkEnableOption "Steam runtime"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { nixfiles.modules = { common = { nix.allowedUnfreePackages = [ diff --git a/modules/gnupg.nix b/modules/gnupg.nix index 69a10e3..53e72a7 100644 --- a/modules/gnupg.nix +++ b/modules/gnupg.nix @@ -4,21 +4,20 @@ pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.gnupg; in { options.nixfiles.modules.gnupg = { - enable = mkEnableOption "GnuPG"; - pinentry = mkOption { + enable = lib.mkEnableOption "GnuPG"; + pinentry = lib.mkOption { description = "Name of a pinentry implementation."; - type = types.package; + type = lib.types.package; default = pkgs.pinentry-curses; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { hm = { programs.gpg = { enable = true; @@ -66,7 +65,7 @@ in "Uncompressed" ]; - cs = concatStringsSep " "; + cs = lib.concatStringsSep " "; in { default-preference-list = cs (cipherAlgos ++ digestAlgos ++ compressionAlgos); @@ -75,11 +74,11 @@ in personal-digest-preferences = cs digestAlgos; personal-compress-preferences = cs compressionAlgos; - s2k-cipher-algo = head cipherAlgos; - s2k-digest-algo = head digestAlgos; + s2k-cipher-algo = lib.head cipherAlgos; + s2k-digest-algo = lib.head digestAlgos; - digest-algo = head digestAlgos; - cert-digest-algo = head digestAlgos; + digest-algo = lib.head digestAlgos; + cert-digest-algo = lib.head digestAlgos; } ); }; @@ -97,7 +96,7 @@ in grabKeyboardAndMouse = true; - sshKeys = [ my.pgp.grip ]; + sshKeys = [ lib.my.pgp.grip ]; pinentryPackage = cfg.pinentry; }; diff --git a/modules/gotify.nix b/modules/gotify.nix index ad9b277..2a5dd55 100644 --- a/modules/gotify.nix +++ b/modules/gotify.nix @@ -4,17 +4,16 @@ libNginx, ... }: -with lib; let cfg = config.nixfiles.modules.gotify; in { options.nixfiles.modules.gotify = { - enable = mkEnableOption "Gotify"; + enable = lib.mkEnableOption "Gotify"; - domain = mkOption { + domain = lib.mkOption { description = "Domain name sans protocol scheme."; - type = with types; str; + type = lib.types.str; default = "gotify.${config.networking.domain}"; }; }; @@ -23,7 +22,7 @@ in let db = "gotify"; in - mkIf cfg.enable { + lib.mkIf cfg.enable { nixfiles.modules = { nginx = { enable = true; @@ -70,7 +69,7 @@ in ]; environment = { GOTIFY_DATABASE_DIALECT = "postgres"; - GOTIFY_DATABASE_CONNECTION = concatStringsSep " " [ + GOTIFY_DATABASE_CONNECTION = lib.concatStringsSep " " [ "host=/run/postgresql" "user=${db}" "dbname=${db}" diff --git a/modules/grafana.nix b/modules/grafana.nix index b57577d..b1745e5 100644 --- a/modules/grafana.nix +++ b/modules/grafana.nix @@ -6,23 +6,22 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.grafana; in { options.nixfiles.modules.grafana = { - enable = mkEnableOption "Grafana"; + enable = lib.mkEnableOption "Grafana"; - port = mkOption { + port = lib.mkOption { description = "Port."; - type = with types; port; + type = lib.types.port; default = 30101; }; - domain = mkOption { + domain = lib.mkOption { description = "Domain name sans protocol scheme."; - type = with types; nullOr str; + type = with lib.types; nullOr str; default = "grafana.${config.networking.domain}"; }; }; @@ -31,7 +30,7 @@ in let db = "grafana"; in - mkIf cfg.enable { + lib.mkIf cfg.enable { ark.directories = [ config.services.grafana.dataDir ]; secrets = { @@ -79,11 +78,11 @@ in enable = true; settings = { - server = with cfg; { + server = { protocol = "http"; http_addr = "127.0.0.1"; - http_port = port; - inherit domain; + http_port = cfg.port; + inherit (cfg) domain; enable_gzip = true; }; database = { @@ -95,7 +94,7 @@ in smtp = { enable = true; user = "azahi@shire.net"; - host = my.domain.shire; + host = lib.my.domain.shire; password = "$__file{${config.secrets.grafana-smtp-password.path}}"; }; user = { @@ -123,6 +122,6 @@ in }; }; - topology.nodes.${this.hostname}.services.grafana.info = mkForce cfg.domain; + topology.nodes.${this.hostname}.services.grafana.info = lib.mkForce cfg.domain; }; } diff --git a/modules/htop.nix b/modules/htop.nix index 647abf7..779dc0a 100644 --- a/modules/htop.nix +++ b/modules/htop.nix @@ -1,12 +1,11 @@ { config, lib, ... }: -with lib; let cfg = config.nixfiles.modules.htop; in { - options.nixfiles.modules.htop.enable = mkEnableOption "htop"; + options.nixfiles.modules.htop.enable = lib.mkEnableOption "htop"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { hm.programs.htop = { enable = true; diff --git a/modules/hydra.nix b/modules/hydra.nix index 85b89ab..785e3e9 100644 --- a/modules/hydra.nix +++ b/modules/hydra.nix @@ -1,26 +1,25 @@ { config, lib, ... }: -with lib; let cfg = config.nixfiles.modules.hydra; in { options.nixfiles.modules.hydra = { - enable = mkEnableOption "Hydra"; + enable = lib.mkEnableOption "Hydra"; - domain = mkOption { + domain = lib.mkOption { description = "Domain name sans protocol scheme."; - type = with types; str; + type = lib.types.str; default = "hydra.${config.networking.domain}"; }; - port = mkOption { + port = lib.mkOption { description = "Port."; - type = with types; port; + type = lib.types.port; default = 7754; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { nixfiles.modules = { nginx = { enable = true; diff --git a/modules/hyprland.nix b/modules/hyprland.nix index a2776dc..3b2c273 100644 --- a/modules/hyprland.nix +++ b/modules/hyprland.nix @@ -104,8 +104,9 @@ in ", XF86MonBrightnessUp, exec, brightnessctl set +5%" ", XF86MonBrightnessDown, exec, brightnessctl set 5%-" ] - ++ (builtins.concatLists ( - builtins.genList ( + ++ ( + 10 + |> lib.genList ( x: let ws = @@ -118,8 +119,9 @@ in "SUPER, ${ws}, workspace, ${x + 1 |> toString}" "SUPER SHIFT, ${ws}, movetoworkspace, ${x + 1 |> toString}" ] - ) 10 - )); + ) + |> lib.concatLists + ); }; }; diff --git a/modules/incus.nix b/modules/incus.nix index b4e04e2..272b276 100644 --- a/modules/incus.nix +++ b/modules/incus.nix @@ -1,18 +1,17 @@ { config, lib, ... }: -with lib; let cfg = config.nixfiles.modules.incus; in { - options.nixfiles.modules.incus.enable = mkEnableOption "Incus"; + options.nixfiles.modules.incus.enable = lib.mkEnableOption "Incus"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { ark.directories = [ "/var/lib/incus" ]; virtualisation.incus = { enable = true; - preseed = mkDefault { + preseed = lib.mkDefault { networks = [ { name = "incusbr0"; diff --git a/modules/ipfs.nix b/modules/ipfs.nix index 80a43b6..c789c18 100644 --- a/modules/ipfs.nix +++ b/modules/ipfs.nix @@ -6,7 +6,6 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.ipfs; @@ -16,174 +15,176 @@ let in { options.nixfiles.modules.ipfs = { - enable = mkEnableOption "IPFS daemon"; + enable = lib.mkEnableOption "IPFS daemon"; - domain = mkOption { + domain = lib.mkOption { description = "Domain name sans protocol scheme."; - type = with types; str; + type = lib.types.str; default = "ipfs.${config.networking.fqdn}"; }; - gatewayBind = mkOption { + gatewayBind = lib.mkOption { description = "Gateway bind."; - type = with types; str; + type = lib.types.str; default = "127.0.0.1"; }; - gatewayPort = mkOption { + gatewayPort = lib.mkOption { description = "Gateway port."; - type = with types; port; + type = lib.types.port; default = if this.isHeadless then gatewayDefaultPort + 990 else gatewayDefaultPort; }; - apiBind = mkOption { + apiBind = lib.mkOption { description = "API bind."; - type = with types; str; + type = lib.types.str; default = "127.0.0.1"; }; - apiPort = mkOption { + apiPort = lib.mkOption { description = "API port."; - type = with types; port; + type = lib.types.port; default = if this.isHeadless then apiDefaultPort + 990 else apiDefaultPort; }; - swarmPort = mkOption { + swarmPort = lib.mkOption { description = "Swarm port."; - type = with types; port; + type = lib.types.port; default = swarmDefaultPort; }; }; - config = mkIf cfg.enable (mkMerge [ - { - services.kubo = { - enable = true; - - user = my.username; - inherit (config.my) group; - - dataDir = "${config.dirs.data}/ipfs"; - - autoMigrate = true; - autoMount = true; - emptyRepo = true; - enableGC = true; - - # https://github.com/ipfs/kubo/blob/master/docs/config.md - settings = mkMerge [ - ( - let - filterAddresses = - [ - "/ip4/100.64.0.0/ipcidr/10" - "/ip4/169.254.0.0/ipcidr/16" - "/ip4/172.16.0.0/ipcidr/12" - "/ip4/192.0.0.0/ipcidr/24" - "/ip4/192.0.2.0/ipcidr/24" - "/ip4/192.168.0.0/ipcidr/16" - "/ip4/198.18.0.0/ipcidr/15" - "/ip4/198.51.100.0/ipcidr/24" - "/ip4/203.0.113.0/ipcidr/24" - "/ip4/240.0.0.0/ipcidr/4" - "/ip6/100::/ipcidr/64" - "/ip6/2001:2::/ipcidr/48" - "/ip6/2001:db8::/ipcidr/32" - "/ip6/fe80::/ipcidr/10" - ] - ++ optionals (!hasAttr "wireguard" this) [ - "/ip4/10.0.0.0/ipcidr/8" - "/ip6/fc00::/ipcidr/7" - ]; - in - { - Addresses = { - API = "/ip4/${cfg.apiBind}/tcp/${toString cfg.apiPort}"; - Gateway = "/ip4/${cfg.gatewayBind}/tcp/${toString cfg.gatewayPort}"; - Swarm = - let - port = toString cfg.swarmPort; - in + config = lib.mkIf cfg.enable ( + lib.mkMerge [ + { + services.kubo = { + enable = true; + + user = lib.my.username; + inherit (config.my) group; + + dataDir = "${config.dirs.data}/ipfs"; + + autoMigrate = true; + autoMount = true; + emptyRepo = true; + enableGC = true; + + # https://github.com/ipfs/kubo/blob/master/docs/config.md + settings = lib.mkMerge [ + ( + let + filterAddresses = [ - "/ip4/0.0.0.0/tcp/${port}" - "/ip6/::/tcp/${port}" - "/ip4/0.0.0.0/udp/${port}/quic" - "/ip4/0.0.0.0/udp/${port}/quic-v1" - "/ip4/0.0.0.0/udp/${port}/quic-v1/webtransport" - "/ip6/::/udp/${port}/quic" - "/ip6/::/udp/${port}/quic-v1" - "/ip6/::/udp/${port}/quic-v1/webtransport" + "/ip4/100.64.0.0/ipcidr/10" + "/ip4/169.254.0.0/ipcidr/16" + "/ip4/172.16.0.0/ipcidr/12" + "/ip4/192.0.0.0/ipcidr/24" + "/ip4/192.0.2.0/ipcidr/24" + "/ip4/192.168.0.0/ipcidr/16" + "/ip4/198.18.0.0/ipcidr/15" + "/ip4/198.51.100.0/ipcidr/24" + "/ip4/203.0.113.0/ipcidr/24" + "/ip4/240.0.0.0/ipcidr/4" + "/ip6/100::/ipcidr/64" + "/ip6/2001:2::/ipcidr/48" + "/ip6/2001:db8::/ipcidr/32" + "/ip6/fe80::/ipcidr/10" + ] + ++ lib.optionals (!lib.hasAttr "wireguard" this) [ + "/ip4/10.0.0.0/ipcidr/8" + "/ip6/fc00::/ipcidr/7" ]; + in + { + Addresses = { + API = "/ip4/${cfg.apiBind}/tcp/${toString cfg.apiPort}"; + Gateway = "/ip4/${cfg.gatewayBind}/tcp/${toString cfg.gatewayPort}"; + Swarm = + let + port = toString cfg.swarmPort; + in + [ + "/ip4/0.0.0.0/tcp/${port}" + "/ip6/::/tcp/${port}" + "/ip4/0.0.0.0/udp/${port}/quic" + "/ip4/0.0.0.0/udp/${port}/quic-v1" + "/ip4/0.0.0.0/udp/${port}/quic-v1/webtransport" + "/ip6/::/udp/${port}/quic" + "/ip6/::/udp/${port}/quic-v1" + "/ip6/::/udp/${port}/quic-v1/webtransport" + ]; + + NoAnnounce = filterAddresses; + }; + + Swarm.AddrFilters = filterAddresses; + + API.HTTPHeaders = { + Access-Control-Allow-Origin = [ + "http://127.0.0.1:5001" + "http://webui.ipfs.io.ipns.localhost:6001" + ]; + Access-Control-Allow-Methods = [ + "PUT" + "POST" + ]; + }; - NoAnnounce = filterAddresses; - }; + Experimental.FilestoreEnabled = true; + } + ) + ]; - Swarm.AddrFilters = filterAddresses; - - API.HTTPHeaders = { - Access-Control-Allow-Origin = [ - "http://127.0.0.1:5001" - "http://webui.ipfs.io.ipns.localhost:6001" - ]; - Access-Control-Allow-Methods = [ - "PUT" - "POST" - ]; - }; + localDiscovery = true; - Experimental.FilestoreEnabled = true; - } - ) - ]; - - localDiscovery = true; - - startWhenNeeded = true; - }; - - networking.firewall = rec { - allowedTCPPorts = [ swarmDefaultPort ]; - allowedUDPPorts = allowedTCPPorts; - }; - - boot.kernel.sysctl = { - "net.core.rmem_max" = 7500000; - "net.core.wmem_max" = 7500000; - }; - - topology = with cfg; { - nodes.${this.hostname}.services.ipfs-kubo = { - name = "IPFS Kubo"; - icon = "${inputs.homelab-svg-assets}/assets/ipfs.svg"; - details.listen.text = '' - ${gatewayBind}:${toString gatewayPort} - ${apiBind}:${toString apiPort} - ''; + startWhenNeeded = true; }; - }; - } - (mkIf this.isHeadless { - nixfiles.modules.nginx = { - enable = true; - upstreams = with cfg; { - kubo_gateway.servers."${gatewayBind}:${toString gatewayPort}" = { }; - kubo_api.servers."${apiBind}:${toString apiPort}" = { }; + + networking.firewall = rec { + allowedTCPPorts = [ swarmDefaultPort ]; + allowedUDPPorts = allowedTCPPorts; + }; + + boot.kernel.sysctl = { + "net.core.rmem_max" = 7500000; + "net.core.wmem_max" = 7500000; + }; + + topology = { + nodes.${this.hostname}.services.ipfs-kubo = { + name = "IPFS Kubo"; + icon = "${inputs.homelab-svg-assets}/assets/ipfs.svg"; + details.listen.text = '' + ${cfg.gatewayBind}:${toString cfg.gatewayPort} + ${cfg.apiBind}:${toString cfg.apiPort} + ''; + }; }; - virtualHosts = { - ${cfg.domain} = { - locations."/".proxyPass = "http://kubo_gateway"; - extraConfig = libNginx.config.internalOnly; + } + (lib.mkIf this.isHeadless { + nixfiles.modules.nginx = { + enable = true; + upstreams = { + kubo_gateway.servers."${cfg.gatewayBind}:${toString cfg.gatewayPort}" = { }; + kubo_api.servers."${cfg.apiBind}:${toString cfg.apiPort}" = { }; }; - "api.${cfg.domain}" = { - locations = { - "/".proxyPass = "http://kubo_api"; - "~ ^/$".return = - "301 http${optionalString config.nixfiles.modules.acme.enable "s"}://api.${cfg.domain}/webui"; + virtualHosts = { + ${cfg.domain} = { + locations."/".proxyPass = "http://kubo_gateway"; + extraConfig = libNginx.config.internalOnly; + }; + "api.${cfg.domain}" = { + locations = { + "/".proxyPass = "http://kubo_api"; + "~ ^/$".return = + "301 http${lib.optionalString config.nixfiles.modules.acme.enable "s"}://api.${cfg.domain}/webui"; + }; + extraConfig = libNginx.config.internalOnly; }; - extraConfig = libNginx.config.internalOnly; }; }; - }; - topology.nodes.${this.hostname}.services.ipfs-kubo.info = cfg.domain; - }) - ]); + topology.nodes.${this.hostname}.services.ipfs-kubo.info = cfg.domain; + }) + ] + ); } diff --git a/modules/k3s.nix b/modules/k3s.nix index 9c8f512..103dadc 100644 --- a/modules/k3s.nix +++ b/modules/k3s.nix @@ -6,16 +6,15 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.k3s; in { options.nixfiles.modules.k3s = { - enable = mkEnableOption "K3s"; + enable = lib.mkEnableOption "K3s"; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { assertions = [ { assertion = cfg.enable -> !config.services.nginx.enable; @@ -24,10 +23,10 @@ in ]; nixfiles.modules.common.shell.aliases = { - h = mkDefault "helm"; - k = mkDefault "kubectl"; - kns = mkDefault "kubens"; - ktx = mkDefault "kubectx"; + h = lib.mkDefault "helm"; + k = lib.mkDefault "kubectl"; + kns = lib.mkDefault "kubens"; + ktx = lib.mkDefault "kubectx"; }; ark.directories = [ diff --git a/modules/kde.nix b/modules/kde.nix index c227620..a23eaa4 100644 --- a/modules/kde.nix +++ b/modules/kde.nix @@ -1,17 +1,17 @@ { config, + inputs, lib, pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.kde; in { - options.nixfiles.modules.kde.enable = mkEnableOption "KDE Plasma"; + options.nixfiles.modules.kde.enable = lib.mkEnableOption "KDE Plasma"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { nixfiles.modules = { common.xdg.defaultApplications."org.kde.dolphin" = [ "inode/directory" ]; @@ -19,29 +19,96 @@ in sound.enable = true; }; + stylix.targets.qt.enable = false; + hm = { - stylix.targets.kde.enable = true; + imports = [ inputs.plasma-manager.homeManagerModules.plasma-manager ]; - programs.firefox.profiles.default.settings = { - "widget.use-xdg-desktop-portal.file-picker" = 1; - "widget.use-xdg-desktop-portal.mime-handler" = 1; - }; + stylix.targets.qt.enable = false; + + home.sessionVariables.GTK_THEME = config.hm.gtk.theme.name; - gtk.theme = { - package = mkForce pkgs.breeze-gtk; - name = mkForce "Breeze"; + gtk.theme = lib.mkForce { + package = pkgs.kdePackages.breeze-gtk; + name = "Breeze"; }; - xdg.configFile = { - "fontconfig/conf.d/10-hm-fonts.conf".force = mkForce true; - "mimeapps.list".force = mkForce true; - "kcminputrc".text = generators.toINI { } { - Keyboard = with config.services.xserver; { - RepeatDelay = autoRepeatDelay; - RepeatRate = autoRepeatInterval; + programs = { + plasma = { + enable = true; + + immutableByDefault = false; + + fonts = { + windowTitle = with config.stylix.fonts; { + family = sansSerif.name; + pointSize = sizes.desktop; + }; + }; + + desktop = { + icons = { + alignment = "left"; + arrangement = "topToBottom"; + sorting = { + mode = "name"; + descending = true; + foldersFirst = true; + }; + }; + }; + + session = { + general.askForConfirmationOnLogout = true; + sessionRestore = { + excludeApplications = [ ]; + restoreOpenApplicationsOnLogin = "whenSessionWasManuallySaved"; + }; + }; + + spectacle = { + shortcuts = { + launch = "Meta+S"; + launchWithoutCapturing = "Meta+Alt+S"; + + captureActiveWindow = "Meta+Print"; + captureCurrentMonitor = "Print"; + captureEntireDesktop = "Shift+Print"; + captureRectangularRegion = "Meta+Shift+S"; + captureWindowUnderCursor = "Meta+Ctrl+Print"; + + recordRegion = "Meta+Shift+R"; + recordScreen = "Meta+Alt+R"; + recordWindow = "Meta+Ctrl+R"; + }; + }; + + input.keyboard = with config.services.xserver; { + repeatDelay = autoRepeatDelay; + repeatRate = autoRepeatInterval; + numlockOnStartup = "off"; + }; + + configFile = { + baloofilerc."Basic Settings"."Indexing-Enabled" = false; + kwalletrc."Wallet"."Enabled" = false; + kwinrc."Xwayland"."XwaylandEavesdrop" = "None"; + spectaclerc = { + "ImageSave"."imageSaveLocation" = "file://${config.userDirs.pictures}"; + "VideoSave"."videoSaveLocation" = "file://${config.userDirs.videos}"; + }; }; }; - "baloofilerc".text = generators.toINI { } { "Basic Settings"."Indexing-Enabled" = false; }; + + firefox.profiles.default.settings = { + "widget.use-xdg-desktop-portal.file-picker" = 1; + "widget.use-xdg-desktop-portal.mime-handler" = 1; + }; + }; + + xdg.configFile = { + "fontconfig/conf.d/10-hm-fonts.conf".force = lib.mkForce true; + "mimeapps.list".force = lib.mkForce true; }; }; @@ -67,6 +134,7 @@ in print-manager ]; systemPackages = with pkgs.kdePackages; [ + krdc plasma-disks ]; }; diff --git a/modules/libvirtd.nix b/modules/libvirtd.nix index 4846364..4024d42 100644 --- a/modules/libvirtd.nix +++ b/modules/libvirtd.nix @@ -4,14 +4,13 @@ pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.libvirtd; in { - options.nixfiles.modules.libvirtd.enable = mkEnableOption "libvirtd"; + options.nixfiles.modules.libvirtd.enable = lib.mkEnableOption "libvirtd"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { ark.directories = [ "/var/lib/libvirt" ]; hm.home.packages = with pkgs; [ diff --git a/modules/loki.nix b/modules/loki.nix index 75e534b..a9ebb28 100644 --- a/modules/loki.nix +++ b/modules/loki.nix @@ -5,34 +5,33 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.loki; in { options.nixfiles.modules.loki = { - enable = mkEnableOption "Loki"; + enable = lib.mkEnableOption "Loki"; - port = mkOption { + port = lib.mkOption { description = "Port."; - type = with types; port; + type = lib.types.port; default = 30171; }; - domain = mkOption { + domain = lib.mkOption { description = "Domain name sans protocol scheme."; - type = with types; str; + type = lib.types.str; default = "loki.${config.networking.domain}"; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { ark.directories = [ config.services.loki.configuration.common.path_prefix ]; - nixfiles.modules.nginx = with cfg; { + nixfiles.modules.nginx = { enable = true; upstreams.loki.servers."127.0.0.1:${toString cfg.port}" = { }; - virtualHosts.${domain} = { + virtualHosts.${cfg.domain} = { locations."/".proxyPass = "http://loki"; extraConfig = libNginx.config.internalOnly; }; @@ -122,10 +121,6 @@ in "d ${storage.filesystem.rules_directory} 0700 loki loki - -" ]; - topology = with cfg; { - nodes.${this.hostname}.services.loki = { - info = domain; - }; - }; + topology.nodes.${this.hostname}.services.loki.info = cfg.domain; }; } diff --git a/modules/matrix/default.nix b/modules/matrix/default.nix index ef9fb18..781e50f 100644 --- a/modules/matrix/default.nix +++ b/modules/matrix/default.nix @@ -1 +1,4 @@ -{ lib, ... }: with lib; { imports = attrValues (modulesIn ./.); } +{ lib, ... }: +{ + imports = lib.modulesIn ./. |> lib.attrValues; +} diff --git a/modules/matrix/dendrite.nix b/modules/matrix/dendrite.nix index c391ba0..960096c 100644 --- a/modules/matrix/dendrite.nix +++ b/modules/matrix/dendrite.nix @@ -6,22 +6,21 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.matrix.dendrite; in { options.nixfiles.modules.matrix.dendrite = { - enable = mkEnableOption "Dendrite Matrix server"; + enable = lib.mkEnableOption "Dendrite Matrix server"; - port = mkOption { + port = lib.mkOption { description = "Port."; - type = with types; port; + type = lib.types.port; default = 8008; }; - domain = mkOption { - type = types.str; + domain = lib.mkOption { + type = lib.types.str; default = config.networking.domain; description = "Domain name sans protocol scheme."; }; @@ -31,7 +30,7 @@ in let db = "dendrite"; in - mkIf cfg.enable { + lib.mkIf cfg.enable { ark.directories = [ "/var/lib/dendrite" "/var/lib/private/dendrite" @@ -58,14 +57,16 @@ in add_header Content-Type application/json; add_header Access-Control-Allow-Origin *; ''; - return = "200 '${generators.toJSON { } { "m.server" = "${cfg.domain}:443"; }}'"; + return = "200 '${lib.generators.toJSON { } { "m.server" = "${cfg.domain}:443"; }}'"; }; "= /.well-known/matrix/client" = { extraConfig = '' add_header Content-Type application/json; add_header Access-Control-Allow-Origin *; ''; - return = "200 '${generators.toJSON { } { "m.homeserver".base_url = "https://${cfg.domain}"; }}'"; + return = "200 '${ + lib.generators.toJSON { } { "m.homeserver".base_url = "https://${cfg.domain}"; } + }'"; }; }; }; @@ -119,7 +120,7 @@ in serviceConfig = let needsPrivileges = cfg.port < 1024; - capabilities = [ "" ] ++ optionals needsPrivileges [ "CAP_NET_BIND_SERVICE" ]; + capabilities = [ "" ] ++ lib.optionals needsPrivileges [ "CAP_NET_BIND_SERVICE" ]; in { Restart = "on-failure"; @@ -185,13 +186,13 @@ in ]; }; in - concatStringsSep " " [ - (getExe pkgs.envsubst) + lib.concatStringsSep " " [ + (lib.getExe pkgs.envsubst) "-i ${(pkgs.formats.yaml { }).generate "dendrite.yaml" settings}" "-o /run/dendrite/dendrite.yaml" ]; - ExecStart = concatStringsSep " " [ - (getExe' pkgs.dendrite "dendrite") + ExecStart = lib.concatStringsSep " " [ + (lib.getExe' pkgs.dendrite "dendrite") "--config /run/dendrite/dendrite.yaml" "--http-bind-address 127.0.0.1:${toString cfg.port}" ]; @@ -237,13 +238,11 @@ in }; }; - topology = with cfg; { - nodes.${this.hostname}.services.dendrite = { - name = "Dendrite"; - icon = "${inputs.homelab-svg-assets}/assets/matrix-white.svg"; - info = domain; - details.listen.text = "127.0.0.1:${toString port}"; - }; + topology.nodes.${this.hostname}.services.dendrite = { + name = "Dendrite"; + icon = "${inputs.homelab-svg-assets}/assets/matrix-white.svg"; + info = cfg.domain; + details.listen.text = "127.0.0.1:${toString cfg.port}"; }; }; } diff --git a/modules/matrix/element.nix b/modules/matrix/element.nix index 01b991e..6fc336e 100644 --- a/modules/matrix/element.nix +++ b/modules/matrix/element.nix @@ -4,28 +4,27 @@ pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.matrix.element; in { options.nixfiles.modules.matrix.element = { - enable = mkEnableOption "Element, a Matrix web interface"; + enable = lib.mkEnableOption "Element, a Matrix web interface"; - domain = mkOption { + domain = lib.mkOption { description = "Domain name sans protocol scheme."; - type = with types; nullOr str; + type = with lib.types; nullOr str; default = "element.${config.networking.domain}"; }; - homeserver = mkOption { + homeserver = lib.mkOption { description = "Default Matrix homeserver."; - type = with types; str; - default = my.domain.azahi; + type = lib.types.str; + default = lib.my.domain.azahi; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { assertions = [ { assertion = @@ -35,19 +34,19 @@ in } ]; - nixfiles.modules.nginx = with cfg; { + nixfiles.modules.nginx = { enable = true; - virtualHosts.${domain}.locations."/".root = pkgs.element-web.override { + virtualHosts.${cfg.domain}.locations."/".root = pkgs.element-web.override { conf = { default_server_config."m.homeserver" = { - base_url = "https://${homeserver}"; - server_name = homeserver; + base_url = "https://${cfg.homeserver}"; + server_name = cfg.homeserver; }; disable_custom_urls = true; disable_guests = true; disable_login_language_selector = true; disable_3pid_login = true; - brand = homeserver; + brand = cfg.homeserver; branding.authFooterLinks = [ { text = "NixOS"; diff --git a/modules/monitoring/default.nix b/modules/monitoring/default.nix index 164ac5d..04fcccc 100644 --- a/modules/monitoring/default.nix +++ b/modules/monitoring/default.nix @@ -4,16 +4,15 @@ pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.monitoring; in { - options.nixfiles.modules.monitoring.enable = mkEnableOption '' + options.nixfiles.modules.monitoring.enable = lib.mkEnableOption '' a glue to provision a monitoring stack ''; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { nixfiles.modules = { alertmanager.enable = true; grafana.enable = true; @@ -34,27 +33,27 @@ in # https://grafana.com/docs/grafana/latest/administration/provisioning/#data-sources datasources.settings.datasources = with config.nixfiles.modules; [ - (mkIf alertmanager.enable { + (lib.mkIf alertmanager.enable { name = "Alertmanager"; type = "alertmanager"; access = "proxy"; url = "https://${alertmanager.domain}"; jsonData.implementation = "prometheus"; }) - (mkIf loki.enable { + (lib.mkIf loki.enable { name = "Loki"; type = "loki"; access = "proxy"; url = "https://${loki.domain}"; isDefault = true; }) - (mkIf prometheus.enable { + (lib.mkIf prometheus.enable { name = "Prometheus"; type = "prometheus"; access = "proxy"; url = "https://${prometheus.domain}"; }) - (mkIf redis.enable { + (lib.mkIf redis.enable { name = "Redis"; type = "redis-datasource"; access = "proxy"; @@ -63,19 +62,19 @@ in }) ]; datasources.settings.deleteDatasources = with config.nixfiles.modules; [ - (mkIf (!alertmanager.enable) { + (lib.mkIf (!alertmanager.enable) { name = "Alertmanager"; orgId = 1; }) - (mkIf (!loki.enable) { + (lib.mkIf (!loki.enable) { name = "Loki"; orgId = 1; }) - (mkIf (!prometheus.enable) { + (lib.mkIf (!prometheus.enable) { name = "Prometheus"; orgId = 1; }) - (mkIf (!redis.enable) { + (lib.mkIf (!redis.enable) { name = "Redis"; orgId = 1; }) @@ -137,21 +136,18 @@ in prometheus = { scrapeConfigs = - with my.configurations; - mapAttrsToList + lib.mapAttrsToList (name: value: { job_name = name; static_configs = [ { - targets = - with value; - map ( - host: - concatStringsSep ":" [ - (if isAttrs host then host.hostname else host) - (toString port) - ] - ) hosts; + targets = map ( + host: + lib.concatStringsSep ":" [ + (if lib.isAttrs host then host.hostname else host) + (toString value.port) + ] + ) value.hosts; } ]; relabel_configs = [ @@ -160,76 +156,79 @@ in regex = "([^:]+):\\d+"; target_label = "instance"; } - ] ++ optionals (hasAttr "relabel" value) value.relabel; + ] ++ lib.optionals (lib.hasAttr "relabel" value) value.relabel; }) - { - promtail = { - hosts = [ - manwe - tulkas - varda - yavanna - ]; - inherit (config.nixfiles.modules.promtail) port; - }; - ntfy = { - hosts = [ manwe ]; - inherit (config.nixfiles.modules.ntfy.prometheus) port; - }; - soju = { - hosts = [ "127.0.0.1" ]; - inherit (config.nixfiles.modules.soju.prometheus) port; - }; - endlessh-go = { - hosts = [ - manwe - tulkas - varda - yavanna - ]; - inherit (config.services.endlessh-go.prometheus) port; - }; - exportarr-prowlarr = { - hosts = [ yavanna ]; - inherit (config.services.prometheus.exporters.exportarr-prowlarr) port; - }; - exportarr-lidarr = { - hosts = [ yavanna ]; - inherit (config.services.prometheus.exporters.exportarr-lidarr) port; - }; - nginx = { - hosts = [ - manwe - yavanna - ]; - inherit (config.services.prometheus.exporters.nginx) port; - }; - node = { - hosts = [ - manwe - tulkas - varda - yavanna - ]; - inherit (config.services.prometheus.exporters.node) port; - }; - postgres = { - hosts = [ manwe ]; - inherit (config.services.prometheus.exporters.postgres) port; - }; - redis = { - hosts = [ manwe ]; - inherit (config.services.prometheus.exporters.redis) port; - }; - unbound = { - hosts = [ manwe ]; - inherit (config.services.prometheus.exporters.unbound) port; - }; - wireguard = { - hosts = [ manwe ]; - inherit (config.services.prometheus.exporters.wireguard) port; - }; - }; + ( + with lib.my.configurations; + { + promtail = { + hosts = [ + manwe + tulkas + varda + yavanna + ]; + inherit (config.nixfiles.modules.promtail) port; + }; + ntfy = { + hosts = [ manwe ]; + inherit (config.nixfiles.modules.ntfy.prometheus) port; + }; + soju = { + hosts = [ "127.0.0.1" ]; + inherit (config.nixfiles.modules.soju.prometheus) port; + }; + endlessh-go = { + hosts = [ + manwe + tulkas + varda + yavanna + ]; + inherit (config.services.endlessh-go.prometheus) port; + }; + exportarr-prowlarr = { + hosts = [ yavanna ]; + inherit (config.services.prometheus.exporters.exportarr-prowlarr) port; + }; + exportarr-lidarr = { + hosts = [ yavanna ]; + inherit (config.services.prometheus.exporters.exportarr-lidarr) port; + }; + nginx = { + hosts = [ + manwe + yavanna + ]; + inherit (config.services.prometheus.exporters.nginx) port; + }; + node = { + hosts = [ + manwe + tulkas + varda + yavanna + ]; + inherit (config.services.prometheus.exporters.node) port; + }; + postgres = { + hosts = [ manwe ]; + inherit (config.services.prometheus.exporters.postgres) port; + }; + redis = { + hosts = [ manwe ]; + inherit (config.services.prometheus.exporters.redis) port; + }; + unbound = { + hosts = [ manwe ]; + inherit (config.services.prometheus.exporters.unbound) port; + }; + wireguard = { + hosts = [ manwe ]; + inherit (config.services.prometheus.exporters.wireguard) port; + }; + } + ); ruleFiles = [ ./rules/nginx.yaml diff --git a/modules/mpd.nix b/modules/mpd.nix index 7c3c821..1742939 100644 --- a/modules/mpd.nix +++ b/modules/mpd.nix @@ -4,18 +4,17 @@ pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.mpd; in { - options.nixfiles.modules.mpd.enable = mkEnableOption "MPD and its clients."; + options.nixfiles.modules.mpd.enable = lib.mkEnableOption "MPD and its clients."; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { nixfiles.modules.sound.enable = true; hm = { - home.packages = with pkgs; [ mpc_cli ]; + home.packages = [ pkgs.mpc_cli ]; services.mpd = { enable = true; @@ -140,7 +139,7 @@ in mouse_support = false; - external_editor = getExe' config.programs.vim.package "vim"; + external_editor = lib.getExe' config.programs.vim.package "vim"; use_console_editor = true; colors_enabled = true; diff --git a/modules/mpv.nix b/modules/mpv.nix index 90d46d9..f8278e1 100644 --- a/modules/mpv.nix +++ b/modules/mpv.nix @@ -4,14 +4,13 @@ pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.mpv; in { - options.nixfiles.modules.mpv.enable = mkEnableOption "mpv"; + options.nixfiles.modules.mpv.enable = lib.mkEnableOption "mpv"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { nixfiles.modules.common = { shell.aliases.cam = "mpv av://v4l2:/dev/video0"; @@ -149,7 +148,7 @@ in config = let - lang = concatStringsSep "," [ + lang = lib.concatStringsSep "," [ "Japanese" "japanese" "jp" diff --git a/modules/murmur.nix b/modules/murmur.nix index d334015..a71cf9a 100644 --- a/modules/murmur.nix +++ b/modules/murmur.nix @@ -4,14 +4,13 @@ lib, ... }: -with lib; let cfg = config.nixfiles.modules.murmur; in { - options.nixfiles.modules.murmur.enable = mkEnableOption "Murmur"; + options.nixfiles.modules.murmur.enable = lib.mkEnableOption "Murmur"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { ark.directories = [ "/var/lib/murmur" ]; secrets.murmur-environment = { @@ -27,8 +26,8 @@ in logDays = -1; - registerName = mkDefault my.domain.shire; - registerHostname = mkDefault my.domain.shire; + registerName = lib.mkDefault lib.my.domain.shire; + registerHostname = lib.mkDefault lib.my.domain.shire; bandwidth = 256000; diff --git a/modules/nextcloud.nix b/modules/nextcloud.nix deleted file mode 100644 index 4053c38..0000000 --- a/modules/nextcloud.nix +++ /dev/null @@ -1,143 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; -let - cfg = config.nixfiles.modules.nextcloud; -in -{ - options.nixfiles.modules.nextcloud = { - enable = mkEnableOption "Nextcloud"; - - domain = mkOption { - description = "Domain name sans protocol scheme."; - type = with types; str; - default = "nextcloud.${config.networking.domain}"; - }; - }; - - config = mkIf cfg.enable { - nixfiles.modules = { - nginx = { - enable = true; - virtualHosts.${cfg.domain} = { }; - }; - postgresql.enable = true; - }; - - services = - let - db = "nextcloud"; - in - { - nextcloud = mkMerge [ - { - enable = true; - package = pkgs.nextcloud23; - - hostName = cfg.domain; - - appstoreEnable = false; - - config = { - adminpassFile = null; # This needs to be set as secret. - - dbtype = "pgsql"; - dbhost = "/run/postgresql"; - dbuser = db; - dbname = db; - - defaultPhoneRegion = "RU"; - }; - - extraApps = - let - mkNextcloudApp = - { - name, - version, - hash, - }: - pkgs.fetchNextcloudApp { - inherit name version hash; - url = "https://github.com/nextcloud/${name}/archive/refs/tags/v${version}.tar.gz"; - }; - in - { - contacts = mkNextcloudApp { - name = "contacts"; - version = "4.0.1"; - sha256 = "sha256-dXKsG8KmlUojeY5dUn/XsMD3KaSh4QcZFOGDdcqlSvE="; - }; - calendar = mkNextcloudApp { - name = "calendar"; - version = "3.0.5"; - sha256 = "sha256-aKUKm7fWJQxOWwma56Tv+GGIo+p0n30Nhoyt4XoxsjI="; - }; - files_rightclick = mkNextcloudApp { - name = "files_rightclick"; - version = "23.0.1"; - sha256 = "sha256-VYODzkvvGrtpyRoug/8UPKhAgfCx1ltP1JdGPiB/lts="; - }; - unsplash = mkNextcloudApp { - name = "unsplash"; - version = "1.2.4"; - sha256 = "sha256-KGSkBOrNu0nK0YvAPYaxEL/kZNoJQD1oBV2aUBxh6cI="; - }; - previewgenerator = mkNextcloudApp { - name = "previewgenerator"; - version = "3.4.1"; - sha256 = "sha256-IUdj0xWt5zHxQoiMv1bYyYTzekuOFrsRIe530QOwC/w="; - }; - bruteforcesettings = mkNextcloudApp { - name = "bruteforcesettings"; - version = "2.3.0"; - sha256 = "sha256-J7ujmiPaw8GI7vDfVPXEum2XAMWvahciP8C6iXgckdE="; - }; - }; - } - (mkIf config.nixfiles.modules.acme.enable { - https = true; - config.overwriteProtocol = "https"; - }) - ]; - - postgresql = { - ensureDatabases = [ db ]; - ensureUsers = [ - { - name = db; - ensureDBOwnership = true; - } - ]; - }; - }; - - systemd = { - services = { - nextcloud-setup.after = [ - "network-online.target" - "postgresql.service" - ]; - - nextcloud-preview-generate-cron.serviceConfig = { - Type = "oneshot"; - User = "nextcloud"; - ExecStart = "${config.services.nextcloud.occ}/bin/nextcloud-occ preview:pre-generate"; - }; - }; - - timers.nextcloud-preview-generate = { - wantedBy = [ "timers.target" ]; - timerConfig = { - OnBootSec = "15m"; - OnUnitActiveSec = "15m"; - Unit = "nextcloud-preview-generate-cron.service"; - }; - }; - }; - }; -} diff --git a/modules/nginx.nix b/modules/nginx.nix index 6cb47b4..dee08e4 100644 --- a/modules/nginx.nix +++ b/modules/nginx.nix @@ -5,28 +5,27 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.nginx; in { options.nixfiles.modules.nginx = { - enable = mkEnableOption "Nginx"; + enable = lib.mkEnableOption "Nginx"; - upstreams = mkOption { + upstreams = lib.mkOption { description = "Defines a group of servers to use as proxy target."; - type = with types; anything; + type = lib.types.anything; default = null; }; - virtualHosts = mkOption { + virtualHosts = lib.mkOption { description = "Attrset of virtual hosts."; - type = with types; anything; + type = lib.types.anything; default = null; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { _module.args.libNginx.config = { internalOnly = '' add_header X-Robots-Tag "noindex, nofollow, noarchive, nosnippet"; @@ -56,15 +55,15 @@ in package = pkgs.nginxMainline; - statusPage = mkDefault true; + statusPage = lib.mkDefault true; - recommendedOptimisation = mkDefault true; - recommendedProxySettings = mkDefault true; - recommendedTlsSettings = mkDefault true; + recommendedOptimisation = lib.mkDefault true; + recommendedProxySettings = lib.mkDefault true; + recommendedTlsSettings = lib.mkDefault true; - recommendedBrotliSettings = mkDefault true; - recommendedGzipSettings = mkDefault true; - recommendedZstdSettings = mkDefault true; + recommendedBrotliSettings = lib.mkDefault true; + recommendedGzipSettings = lib.mkDefault true; + recommendedZstdSettings = lib.mkDefault true; resolver.addresses = let @@ -74,15 +73,15 @@ in if config.networking.nameservers != [ ] then config.networking.nameservers else - dns.const.quad9.default; + lib.dns.const.quad9.default; in map escapeIPv6 resolvers; - commonHttpConfig = concatStrings [ + commonHttpConfig = lib.concatStrings [ '' access_log syslog:server=unix:/dev/log; '' - (optionalString (hasAttr "wireguard" this) ( + (lib.optionalString (lib.hasAttr "wireguard" this) ( with config.nixfiles.modules.wireguard; '' geo $internal { @@ -106,14 +105,14 @@ in locations."/".return = "444"; }; } - // (mkIf (cfg.virtualHosts != null) ( - mapAttrs ( + // (lib.mkIf (cfg.virtualHosts != null) ( + lib.mapAttrs ( _: attr: - mkMerge [ + lib.mkMerge [ attr - (mkIf config.nixfiles.modules.acme.enable { - enableACME = mkDefault true; - forceSSL = mkDefault true; + (lib.mkIf config.nixfiles.modules.acme.enable { + enableACME = lib.mkDefault true; + forceSSL = lib.mkDefault true; }) ] ) cfg.virtualHosts @@ -129,8 +128,8 @@ in prometheus.exporters.nginx = { enable = true; - listenAddress = mkDefault this.wireguard.ipv4.address; - port = mkDefault 9113; + listenAddress = lib.mkDefault this.wireguard.ipv4.address; + port = lib.mkDefault 9113; }; }; diff --git a/modules/nmap.nix b/modules/nmap.nix index c358e71..894dcb4 100644 --- a/modules/nmap.nix +++ b/modules/nmap.nix @@ -5,14 +5,13 @@ inputs, ... }: -with lib; let cfg = config.nixfiles.modules.nmap; in { - options.nixfiles.modules.nmap.enable = mkEnableOption "Nmap"; + options.nixfiles.modules.nmap.enable = lib.mkEnableOption "Nmap"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { nixfiles.modules.common.shell.aliases = { nmap-vulners = "nmap -sV --script=vulners/vulners.nse"; nmap-vulscan = "nmap -sV --script=vulscan/vulscan.nse"; @@ -30,15 +29,15 @@ in nmap-formatter ]; - activation.regenerateNmapScripts = with pkgs; '' - ${getExe' nmap "nmap"} --script-updatedb + activation.regenerateNmapScripts = '' + ${lib.getExe' pkgs.nmap "nmap"} --script-updatedb ''; }; systemd.user = { services.update-nmap-vulscan-lists = { Service = { - ExecStart = getExe ( + ExecStart = lib.getExe ( pkgs.writeShellApplication { name = "update-nmap-vulscan-lists"; runtimeInputs = [ pkgs.curl ]; diff --git a/modules/node-exporter.nix b/modules/node-exporter.nix index 8e76903..5e0b9a1 100644 --- a/modules/node-exporter.nix +++ b/modules/node-exporter.nix @@ -4,17 +4,16 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.node-exporter; in { - options.nixfiles.modules.node-exporter.enable = mkEnableOption "Prometheus Node Exporter"; + options.nixfiles.modules.node-exporter.enable = lib.mkEnableOption "Prometheus Node Exporter"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { services.prometheus.exporters.node = { enable = true; - listenAddress = mkDefault this.wireguard.ipv4.address; + listenAddress = lib.mkDefault this.wireguard.ipv4.address; port = 9100; enabledCollectors = [ "buddyinfo" diff --git a/modules/nsd.nix b/modules/nsd.nix index 13cebe9..82dc16a 100644 --- a/modules/nsd.nix +++ b/modules/nsd.nix @@ -5,37 +5,36 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.nsd; in { options.nixfiles.modules.nsd = { - enable = mkEnableOption "NSD"; + enable = lib.mkEnableOption "NSD"; - fqdn = mkOption { + fqdn = lib.mkOption { description = "FQDN of this nameserver."; - type = with types; str; + type = lib.types.str; default = "ns.${config.networking.domain}"; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { nixfiles.modules.nginx = let - domain = my.domain.shire; + domain = lib.my.domain.shire; in { enable = true; - virtualHosts = mapAttrs' ( + virtualHosts = lib.mapAttrs' ( _: v: - nameValuePair "mta-sts.${v}" { + lib.nameValuePair "mta-sts.${v}" { locations."= /.well-known/mta-sts.txt" = { extraConfig = '' add_header default_type text/plain; ''; return = "200 '${ - concatStringsSep "\\r\\n" [ + lib.concatStringsSep "\\r\\n" [ "version: STSv1" "mode: enforce" "max_age: 2419200" @@ -44,7 +43,7 @@ in }'"; }; } - ) my.domain; + ) lib.my.domain; }; services = { @@ -58,31 +57,31 @@ in ratelimit.enable = true; zones = - with dns.combinators; + with lib.dns.combinators; let ips = - hostname: with my.configurations.${hostname}; { + hostname: with lib.my.configurations.${hostname}; { A = [ (a ipv4.address) ]; AAAA = [ (aaaa ipv6.address) ]; }; mkEmailEntries = { - domain ? my.domain.shire, + domain ? lib.my.domain.shire, dkimKey ? null, }: { - MX = [ (mx.mx 10 "${my.domain.shire}.") ]; + MX = [ (mx.mx 10 "${lib.my.domain.shire}.") ]; TXT = [ (spf.soft [ "a" ]) ]; DMARC = [ { p = "quarantine"; sp = "quarantine"; - rua = [ "mailto:admin+rua@${domain}" ]; - ruf = [ "mailto:admin+ruf@${domain}" ]; + rua = [ "mailto:postmaster@${domain}" ]; + ruf = [ "mailto:postmaster@${domain}" ]; } ]; - DKIM = optional (dkimKey != null) { + DKIM = lib.optional (dkimKey != null) { selector = "mail"; p = dkimKey; }; @@ -96,36 +95,38 @@ in extra ? { }, }: { - ${domain}.data = dns.toString domain (mkMerge [ - { - TTL = 60 * 60; - - SOA = { - nameServer = "${cfg.fqdn}."; - adminEmail = "admin+dns@${my.domain.shire}"; - serial = 2024010301; # Don't forget to bump the revision! - }; - - NS = with my.domain; [ - "ns1.${shire}" - # "ns2.${shire}" - ]; - - CAA = letsEncrypt "admin+caa@${my.domain.shire}"; - } - sldIps - extra - ]); + ${domain}.data = lib.dns.toString domain ( + lib.mkMerge [ + { + TTL = 60 * 60; + + SOA = { + nameServer = "${cfg.fqdn}."; + adminEmail = "hostmaster@${lib.my.domain.shire}"; + serial = 2025020201; # Don't forget to bump the revision! + }; + + NS = with lib.my.domain; [ + "ns1.${shire}" + # "ns2.${shire}" + ]; + + CAA = letsEncrypt "hostmaster@${lib.my.domain.shire}"; + } + sldIps + extra + ] + ); }; # https://ariadne.id/ # https://docs.keyoxide.org/service-providers/dns/ - ariadneIdProof.TXT = [ "openpgp4fpr:${my.pgp.fingerprint}" ]; + ariadneIdProof.TXT = [ "openpgp4fpr:${lib.my.pgp.fingerprint}" ]; in - mkMerge [ + lib.mkMerge [ (mkZone rec { - domain = my.domain.shire; - extra = mkMerge [ + domain = lib.my.domain.shire; + extra = lib.mkMerge [ (mkEmailEntries { inherit domain; dkimKey = "@DKIM_KEY@"; @@ -169,8 +170,8 @@ in ]; }) (mkZone rec { - domain = my.domain.azahi; - extra = mkMerge [ + domain = lib.my.domain.azahi; + extra = lib.mkMerge [ (mkEmailEntries { inherit domain; dkimKey = "@DKIM_KEY@"; @@ -186,8 +187,8 @@ in ]; }) (mkZone rec { - domain = my.domain.gondor; - extra = mkMerge [ + domain = lib.my.domain.gondor; + extra = lib.mkMerge [ (mkEmailEntries { inherit domain; dkimKey = "@DKIM_KEY@"; @@ -202,8 +203,8 @@ in ]; }) (mkZone rec { - domain = my.domain.rohan; - extra = mkMerge [ + domain = lib.my.domain.rohan; + extra = lib.mkMerge [ (mkEmailEntries { inherit domain; dkimKey = "@DKIM_KEY@"; @@ -228,12 +229,12 @@ in allowedUDPPorts = allowedTCPPorts; }; - topology = with cfg; { + topology = { nodes.${this.hostname}.services.nsd = { name = "NSD"; icon = "${inputs.homelab-svg-assets}/assets/unbound.svg"; - details.listen.text = concatMapStringsSep "\n" (i: "${i}:53") ( - filter (i: i != "127.0.0.1" && i != "::1") config.services.nsd.interfaces + details.listen.text = lib.concatMapStringsSep "\n" (i: "${i}:53") ( + lib.filter (i: i != "127.0.0.1" && i != "::1") config.services.nsd.interfaces ); }; }; diff --git a/modules/ntfy.nix b/modules/ntfy.nix index e3de72e..422df2e 100644 --- a/modules/ntfy.nix +++ b/modules/ntfy.nix @@ -6,46 +6,45 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.ntfy; in { options.nixfiles.modules.ntfy = { - enable = mkEnableOption "ntfy"; + enable = lib.mkEnableOption "ntfy"; - port = mkOption { + port = lib.mkOption { description = "Port."; - type = types.port; + type = lib.types.port; default = 2586; }; - domain = mkOption { + domain = lib.mkOption { description = "Domain name sans protocol scheme."; - type = with types; str; + type = lib.types.str; default = "ntfy.${config.networking.domain}"; }; prometheus = { - enable = mkEnableOption "Prometheus exporter." // { + enable = lib.mkEnableOption "Prometheus exporter." // { default = true; }; - address = mkOption { + address = lib.mkOption { description = "Address."; - type = with types; str; + type = lib.types.str; default = this.wireguard.ipv4.address; }; - port = mkOption { + port = lib.mkOption { description = "Port."; - type = with types; port; + type = lib.types.port; default = 9289; }; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { ark.files = [ config.services.ntfy-sh.settings.auth-file ]; nixfiles.modules.nginx = { @@ -72,19 +71,15 @@ in base-url = "https://${cfg.domain}"; behind-proxy = true; enable-metrics = cfg.prometheus.enable; - metrics-listen-http = - with cfg.prometheus; - optionalString cfg.prometheus.enable "${address}:${toString port}"; + metrics-listen-http = with cfg.prometheus; lib.optionalString enable "${address}:${toString port}"; }; }; - topology = with cfg; { - nodes.${this.hostname}.services.ntfy = { - name = "ntfy"; - icon = "${inputs.homelab-svg-assets}/assets/ntfy.svg"; - info = domain; - details.listen.text = config.services.ntfy-sh.settings.listen-http; - }; + topology.nodes.${this.hostname}.services.ntfy = { + name = "ntfy"; + icon = "${inputs.homelab-svg-assets}/assets/ntfy.svg"; + info = cfg.domain; + details.listen.text = config.services.ntfy-sh.settings.listen-http; }; }; } diff --git a/modules/nullmailer.nix b/modules/nullmailer.nix index 9f7b4ac..41fecef 100644 --- a/modules/nullmailer.nix +++ b/modules/nullmailer.nix @@ -4,14 +4,13 @@ lib, ... }: -with lib; let cfg = config.nixfiles.modules.nullmailer; in { - options.nixfiles.modules.nullmailer.enable = mkEnableOption "Nullmailer"; + options.nixfiles.modules.nullmailer.enable = lib.mkEnableOption "Nullmailer"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { # No use in enabling it other than having a retry queue. # ark.directories = ["/var/spool/nullmailer"]; diff --git a/modules/openssh.nix b/modules/openssh.nix index a41f0d6..d850322 100644 --- a/modules/openssh.nix +++ b/modules/openssh.nix @@ -37,6 +37,7 @@ in controlMaster = "auto"; controlPersist = "24H"; + controlPath = "~/.ssh/control/%r@%n:%p"; # The directory must exist. serverAliveCountMax = 30; serverAliveInterval = 60; diff --git a/modules/password-store.nix b/modules/password-store.nix index 886afb6..d6358a7 100644 --- a/modules/password-store.nix +++ b/modules/password-store.nix @@ -4,15 +4,14 @@ pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.password-store; in { options.nixfiles.modules.password-store.enable = - mkEnableOption "the standard UNIX password manager"; + lib.mkEnableOption "the standard UNIX password manager"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { hm.programs = { password-store = { enable = true; @@ -27,7 +26,7 @@ in let completions = "${config.hm.programs.password-store.package}/share/bash-completion/completions"; in - mkAfter '' + lib.mkAfter '' source ${completions}/pass-otp source ${completions}/pass ''; diff --git a/modules/piracy/default.nix b/modules/piracy/default.nix index 3554a02..1410827 100644 --- a/modules/piracy/default.nix +++ b/modules/piracy/default.nix @@ -9,7 +9,7 @@ let cfg = config.nixfiles.modules.piracy; in { - imports = lib.attrValues (lib.modulesIn ./.); + imports = lib.modulesIn ./. |> lib.attrValues; options.nixfiles.modules.piracy = { enable = lib.mkEnableOption "tools for working with the BitTorrent protocol"; diff --git a/modules/piracy/jackett.nix b/modules/piracy/jackett.nix index 7ef9311..c26216e 100644 --- a/modules/piracy/jackett.nix +++ b/modules/piracy/jackett.nix @@ -34,13 +34,11 @@ in services.jackett.enable = true; - topology = with cfg; { - nodes.${this.hostname}.services.jackett = { - name = "Jackett"; - icon = "${inputs.homelab-svg-assets}/assets/jackett.svg"; - info = domain; - details.listen.text = "127.0.0.1:9117"; - }; + topology.nodes.${this.hostname}.services.jackett = { + name = "Jackett"; + icon = "${inputs.homelab-svg-assets}/assets/jackett.svg"; + info = cfg.domain; + details.listen.text = "127.0.0.1:9117"; }; }; } diff --git a/modules/piracy/lidarr.nix b/modules/piracy/lidarr.nix index a905d8e..400ba9f 100644 --- a/modules/piracy/lidarr.nix +++ b/modules/piracy/lidarr.nix @@ -6,7 +6,6 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.piracy.lidarr; @@ -14,16 +13,16 @@ let in { options.nixfiles.modules.piracy.lidarr = { - enable = mkEnableOption "Lidarr"; + enable = lib.mkEnableOption "Lidarr"; - domain = mkOption { + domain = lib.mkOption { description = "Domain name sans protocol scheme."; - type = with types; str; + type = lib.types.str; default = "lidarr.${config.networking.domain}"; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { secrets.lidarr-api-key.file = "${inputs.self}/secrets/lidarr-api-key"; ark.directories = [ "/var/lib/lidarr" ]; @@ -74,11 +73,9 @@ in ]; }; - topology = with cfg; { - nodes.${this.hostname}.services.lidarr = { - info = domain; - details.listen.text = "127.0.0.1:${toString port}"; - }; + topology.nodes.${this.hostname}.services.lidarr = { + info = cfg.domain; + details.listen.text = "127.0.0.1:${toString port}"; }; }; } diff --git a/modules/prowlarr.nix b/modules/piracy/prowlarr.nix index c5bf5c0..ebcba7f 100644 --- a/modules/prowlarr.nix +++ b/modules/piracy/prowlarr.nix @@ -6,24 +6,23 @@ this, ... }: -with lib; let - cfg = config.nixfiles.modules.prowlarr; + cfg = config.nixfiles.modules.piracy.prowlarr; port = 9696; in { - options.nixfiles.modules.prowlarr = { - enable = mkEnableOption "Prowlarr"; + options.nixfiles.modules.piracy.prowlarr = { + enable = lib.mkEnableOption "Prowlarr"; - domain = mkOption { + domain = lib.mkOption { description = "Domain name sans protocol scheme."; - type = with types; str; + type = lib.types.str; default = "prowlarr.${config.networking.domain}"; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { # secrets.prowlarr-api-key.file = "${inputs.self}/secrets/prowlarr-api-key"; ark.directories = [ "/var/lib/private/prowlarr" ]; @@ -53,13 +52,11 @@ in }; }; - topology = with cfg; { - nodes.${this.hostname}.services.prowlarr = { - name = "Prowlarr"; - icon = "${inputs.homelab-svg-assets}/assets/prowlarr.svg"; - info = domain; - details.listen.text = "127.0.0.1:${toString port}"; - }; + topology.nodes.${this.hostname}.services.prowlarr = { + name = "Prowlarr"; + icon = "${inputs.homelab-svg-assets}/assets/prowlarr.svg"; + info = cfg.domain; + details.listen.text = "127.0.0.1:${toString port}"; }; }; } diff --git a/modules/piracy/radarr.nix b/modules/piracy/radarr.nix index ac2fe7f..12f8d95 100644 --- a/modules/piracy/radarr.nix +++ b/modules/piracy/radarr.nix @@ -6,7 +6,6 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.piracy.radarr; @@ -14,16 +13,16 @@ let in { options.nixfiles.modules.piracy.radarr = { - enable = mkEnableOption "Radarr"; + enable = lib.mkEnableOption "Radarr"; - domain = mkOption { + domain = lib.mkOption { description = "Domain name sans protocol scheme."; - type = with types; str; + type = lib.types.str; default = "radarr.${config.networking.domain}"; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { secrets.radarr-api-key.file = "${inputs.self}/secrets/radarr-api-key"; ark.directories = [ "/var/lib/radarr" ]; @@ -74,11 +73,9 @@ in ]; }; - topology = with cfg; { - nodes.${this.hostname}.services.radarr = { - info = domain; - details.listen.text = "127.0.0.1:${toString port}"; - }; + topology.nodes.${this.hostname}.services.radarr = { + info = cfg.domain; + details.listen.text = "127.0.0.1:${toString port}"; }; }; } diff --git a/modules/piracy/sonarr.nix b/modules/piracy/sonarr.nix index 8715a12..0761a3d 100644 --- a/modules/piracy/sonarr.nix +++ b/modules/piracy/sonarr.nix @@ -6,7 +6,6 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.piracy.sonarr; @@ -14,16 +13,16 @@ let in { options.nixfiles.modules.piracy.sonarr = { - enable = mkEnableOption "Sonarr"; + enable = lib.mkEnableOption "Sonarr"; - domain = mkOption { + domain = lib.mkOption { description = "Domain name sans protocol scheme."; - type = with types; str; + type = lib.types.str; default = "sonarr.${config.networking.domain}"; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { secrets.sonarr-api-key.file = "${inputs.self}/secrets/sonarr-api-key"; ark.directories = [ "/var/lib/sonarr" ]; @@ -74,11 +73,9 @@ in ]; }; - topology = with cfg; { - nodes.${this.hostname}.services.sonarr = { - info = domain; - details.listen.text = "127.0.0.1:${toString port}"; - }; + topology.nodes.${this.hostname}.services.sonarr = { + info = cfg.domain; + details.listen.text = "127.0.0.1:${toString port}"; }; }; } diff --git a/modules/plausible.nix b/modules/plausible.nix index 89729fd..94e0d9d 100644 --- a/modules/plausible.nix +++ b/modules/plausible.nix @@ -5,23 +5,22 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.plausible; in { options.nixfiles.modules.plausible = { - enable = mkEnableOption "Plausible Analytics"; + enable = lib.mkEnableOption "Plausible Analytics"; - port = mkOption { + port = lib.mkOption { description = "Port."; - type = with types; port; + type = lib.types.port; default = 8000; }; - domain = mkOption { + domain = lib.mkOption { description = "Domain name sans protocol scheme."; - type = with types; nullOr str; + type = with lib.types; nullOr str; default = "plausible.${config.networking.domain}"; }; }; @@ -30,7 +29,7 @@ in let db = "plausible"; in - mkIf cfg.enable { + lib.mkIf cfg.enable { _module.args.libPlausible = { htmlPlausibleScript = { @@ -88,12 +87,12 @@ in # }; mail = { - email = "admin+plausible@${my.domain.shire}"; + email = "webmaster@${lib.my.domain.shire}"; smtp = { - hostAddr = my.domain.shire; + hostAddr = lib.my.domain.shire; hostPort = 465; enableSSL = true; - user = "azahi@${my.domain.shire}"; + user = "azahi@${lib.my.domain.shire}"; passwordFile = config.secrets.plausible-smtp-password.path; }; }; @@ -127,13 +126,14 @@ in requires = after; }; - topology = with cfg; { - nodes.${this.hostname}.services.plausible = { - name = "Plausible"; - icon = "${inputs.homelab-svg-assets}/assets/plausible.svg"; - info = domain; - details.listen.text = "${config.services.plausible.server.listenAddress}:${toString port}"; - }; + topology.nodes.${this.hostname}.services.plausible = { + name = "Plausible"; + icon = "${inputs.homelab-svg-assets}/assets/plausible.svg"; + info = cfg.domain; + details.listen.text = lib.concatStringsSep ":" [ + config.services.plausible.server.listenAddress + (toString cfg.port) + ]; }; }; } diff --git a/modules/postgresql.nix b/modules/postgresql.nix index f88831b..d5b712c 100644 --- a/modules/postgresql.nix +++ b/modules/postgresql.nix @@ -6,22 +6,21 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.postgresql; in { options.nixfiles.modules.postgresql = { - enable = mkEnableOption "PostgreSQL"; + enable = lib.mkEnableOption "PostgreSQL"; - package = mkOption { - type = types.package; + package = lib.mkOption { + type = lib.types.package; default = pkgs.postgresql_15; description = "PostgreSQL package to use."; }; - extraPostStart = mkOption { - type = with types; listOf str; + extraPostStart = lib.mkOption { + type = with lib.types; listOf str; default = [ ]; description = '' Additional post-startup commands. @@ -32,10 +31,10 @@ in }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { assertions = [ { - assertion = any (x: x == "en_GB.UTF-8/UTF-8") config.i18n.supportedLocales; + assertion = lib.any (x: x == "en_GB.UTF-8/UTF-8") config.i18n.supportedLocales; message = "The locale must be available"; } ]; @@ -70,14 +69,14 @@ in prometheus.exporters.postgres = { enable = true; - listenAddress = mkDefault this.wireguard.ipv4.address; - port = mkDefault 9187; + listenAddress = lib.mkDefault this.wireguard.ipv4.address; + port = lib.mkDefault 9187; }; }; - systemd.services.postgresql.postStart = optionalString ( + systemd.services.postgresql.postStart = lib.optionalString ( cfg.extraPostStart != [ ] - ) concatLines cfg.extraPostStart; + ) lib.concatLines cfg.extraPostStart; environment.variables.PSQLRC = toString ( pkgs.writeText "psqlrc" '' diff --git a/modules/profiles/default.nix b/modules/profiles/default.nix index 34093d0..cbfb665 100644 --- a/modules/profiles/default.nix +++ b/modules/profiles/default.nix @@ -5,20 +5,19 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.profiles.default; in { - imports = attrValues (modulesIn ./.); + imports = lib.modulesIn ./. |> lib.attrValues; options.nixfiles.modules.profiles.default.enable = - mkEnableOption "The most default profile of them all." + lib.mkEnableOption "The most default profile of them all." // { default = true; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { assertions = [ { assertion = !(with this; isHeadless && isHeadful); diff --git a/modules/profiles/dev/containers.nix b/modules/profiles/dev/containers.nix index 598289c..ce686b5 100644 --- a/modules/profiles/dev/containers.nix +++ b/modules/profiles/dev/containers.nix @@ -4,18 +4,17 @@ pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.profiles.dev.containers; in { options.nixfiles.modules.profiles.dev.containers.enable = - mkEnableOption "Tools for working with containers and container orchestration" + lib.mkEnableOption "Tools for working with containers and container orchestration" // { default = config.nixfiles.modules.profiles.dev.enable; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { nixfiles.modules = { common.shell.aliases = { h = "helm"; @@ -63,7 +62,7 @@ in ]; }; - xdg.dataFile."minikube/config/config.json".text = generators.toJSON { } { + xdg.dataFile."minikube/config/config.json".text = lib.generators.toJSON { } { config.Rootless = true; driver = "podman"; container-runtime = "cri-o"; diff --git a/modules/profiles/dev/default.nix b/modules/profiles/dev/default.nix index bb7cfc9..89ed7a3 100644 --- a/modules/profiles/dev/default.nix +++ b/modules/profiles/dev/default.nix @@ -4,17 +4,16 @@ pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.profiles.dev; in { - imports = attrValues (modulesIn ./.); + imports = lib.modulesIn ./. |> lib.attrValues; options.nixfiles.modules.profiles.dev.enable = - mkEnableOption "Catch-all profile for stuff related to software development and etc."; + lib.mkEnableOption "Catch-all profile for stuff related to software development and etc."; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { nixfiles.modules = { common.nix.allowedUnfreePackages = [ "terraform" # source-available @@ -80,6 +79,7 @@ in nixpkgs-review opentofu scaleway-cli + scanmem sops sqlitebrowser terraform diff --git a/modules/profiles/dev/sql.nix b/modules/profiles/dev/sql.nix index c2d4894..cbab14a 100644 --- a/modules/profiles/dev/sql.nix +++ b/modules/profiles/dev/sql.nix @@ -4,18 +4,17 @@ pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.profiles.dev.sql; in { options.nixfiles.modules.profiles.dev.sql.enable = - mkEnableOption "SQL stuff and database management tools" + lib.mkEnableOption "SQL stuff and database management tools" // { default = config.nixfiles.modules.profiles.dev.enable; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { hm = { home.packages = with pkgs; [ pgcli @@ -63,15 +62,15 @@ in { name, custom }: { "${name}/config" = { - text = generators.toINI { } { + text = lib.generators.toINI { } { main = mainSection // custom; - colors = mapAttrs (_: v: "'${v}'") colorsSection; + colors = lib.mapAttrs (_: v: "'${v}'") colorsSection; }; }; }; in { - configFile = mkMerge ( + configFile = lib.mkMerge ( map mkCliConfig [ { name = "pgcli"; diff --git a/modules/profiles/email.nix b/modules/profiles/email.nix index 4c8d6eb..5f142dc 100644 --- a/modules/profiles/email.nix +++ b/modules/profiles/email.nix @@ -5,16 +5,15 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.profiles.email; in { - options.nixfiles.modules.profiles.email.enable = mkEnableOption "Local Email management" // { + options.nixfiles.modules.profiles.email.enable = lib.mkEnableOption "Local Email management" // { default = this.isHeadful; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { nixfiles.modules.gnupg.enable = true; hm = { @@ -25,7 +24,7 @@ in let mkAccount = attrs: - mkMerge [ + lib.mkMerge [ { mbsync = { enable = true; @@ -52,15 +51,15 @@ in line ? 0, }: assert (builtins.isInt line); - concatStringsSep " " ( + lib.concatStringsSep " " ( [ - (getExe config.hm.programs.password-store.package) + (lib.getExe config.hm.programs.password-store.package) "show" path ] - ++ optionals (line > 0) [ + ++ lib.optionals (line > 0) [ "|" - (getExe pkgs.gnused) + (lib.getExe pkgs.gnused) "-e" "'${toString line}!d'" ] @@ -68,22 +67,23 @@ in in { shire = mkAccount rec { - address = my.email; + address = lib.my.email; aliases = [ address "frodo@rohan.net" "azahi@shire.net" ]; - realName = my.fullname; + realName = lib.my.fullname; signature = { showSignature = "append"; text = '' - Please consider using plain text when replying! - ~ https://useplaintext.email/#etiquette ~ + Firstname Lastname | Азат Багавиев + frodo@gondor.net | frodo@rohan.net + https://azahi.cc/ ''; }; gpg = { - inherit (my.pgp) key; + inherit (lib.my.pgp) key; signByDefault = false; encryptByDefault = false; }; diff --git a/modules/profiles/headful.nix b/modules/profiles/headful.nix index e328691..62a036c 100644 --- a/modules/profiles/headful.nix +++ b/modules/profiles/headful.nix @@ -6,31 +6,29 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.profiles.headful; in { - options.nixfiles.modules.profiles.headful.enable = mkEnableOption "headful profile" // { + options.nixfiles.modules.profiles.headful.enable = lib.mkEnableOption "headful profile" // { default = this.isHeadful; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { nixfiles.modules = { common.xdg.defaultApplications."org.telegram.desktop" = [ "x-scheme-handler/tg" ]; profiles.dev.enable = true; - alacritty.enable = mkDefault true; + alacritty.enable = true; aria2.enable = true; bat.enable = true; chromium.enable = true; - dwm.enable = mkDefault false; emacs.enable = true; eza.enable = true; firefox.enable = true; - foot.enable = mkDefault true; - kde.enable = mkDefault true; + foot.enable = true; + kde.enable = true; mpv.enable = true; nullmailer.enable = true; openssh.client.enable = true; @@ -38,8 +36,8 @@ in sound.enable = true; thunderbird.enable = true; vscode.enable = true; - wayland.enable = mkDefault true; - x11.enable = mkDefault true; + wayland.enable = true; + x11.enable = true; zathura.enable = true; }; @@ -57,6 +55,8 @@ in anki audacity ayugram-desktop + bitwarden-cli + bitwarden-desktop byedpi eaglemode easyeffects @@ -87,7 +87,7 @@ in }; boot = { - kernelPackages = mkDefault ( + kernelPackages = lib.mkDefault ( if config.boot.zfs.enabled then pkgs.linuxKernel.packages |> lib.filterAttrs ( @@ -175,8 +175,8 @@ in system.extraDependencies = let collectFlakeInputs = - input: [ input ] ++ concatMap collectFlakeInputs (attrValues (input.inputs or { })); + input: [ input ] ++ (lib.attrValues (input.inputs or { }) |> lib.concatMap collectFlakeInputs); in - concatMap collectFlakeInputs (attrValues inputs); + lib.concatMap collectFlakeInputs (lib.attrValues inputs); }; } diff --git a/modules/prometheus.nix b/modules/prometheus.nix index 673f288..031b0b2 100644 --- a/modules/prometheus.nix +++ b/modules/prometheus.nix @@ -6,59 +6,56 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.prometheus; in { options.nixfiles.modules.prometheus = { - enable = mkEnableOption "Prometheus"; + enable = lib.mkEnableOption "Prometheus"; - port = mkOption { + port = lib.mkOption { description = "Port."; - type = with types; port; + type = lib.types.port; default = 30111; }; - domain = mkOption { + domain = lib.mkOption { description = "Domain name sans protocol scheme."; - type = with types; str; + type = lib.types.str; default = "prometheus.${config.networking.domain}"; }; }; - config = mkIf cfg.enable { - nixfiles.modules.nginx = with cfg; { + config = lib.mkIf cfg.enable { + nixfiles.modules.nginx = { enable = true; upstreams.prometheus.servers."127.0.0.1:${toString cfg.port}" = { }; - virtualHosts.${domain} = { + virtualHosts.${cfg.domain} = { locations."/".proxyPass = "http://prometheus"; extraConfig = libNginx.config.internalOnly; }; }; - services.prometheus = with cfg; { + services.prometheus = { enable = true; enableReload = true; listenAddress = "127.0.0.1"; - inherit port; + inherit (cfg) port; extraFlags = [ - "--web.external-url=https://${domain}" + "--web.external-url=https://${cfg.domain}" "--storage.tsdb.retention.size=50GB" "--storage.tsdb.retention.time=1y" "--storage.tsdb.wal-compression" ]; }; - topology = with cfg; { - nodes.${this.hostname}.services.prometheus = { - name = "Prometheus"; - icon = "${inputs.homelab-svg-assets}/assets/prometheus.svg"; - info = domain; - details.listen.text = "127.0.0.1:${toString port}"; - }; + topology.nodes.${this.hostname}.services.prometheus = { + name = "Prometheus"; + icon = "${inputs.homelab-svg-assets}/assets/prometheus.svg"; + info = cfg.domain; + details.listen.text = "127.0.0.1:${toString cfg.port}"; }; }; } diff --git a/modules/promtail.nix b/modules/promtail.nix index 65d88d4..cf4eb3b 100644 --- a/modules/promtail.nix +++ b/modules/promtail.nix @@ -4,34 +4,33 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.promtail; in { options.nixfiles.modules.promtail = { - enable = mkEnableOption "Promtail"; + enable = lib.mkEnableOption "Promtail"; - port = mkOption { + port = lib.mkOption { description = "Port."; - type = with types; port; + type = lib.types.port; default = 30181; }; - loki.url = mkOption { + loki.url = lib.mkOption { description = "Address of a listening Loki service."; - type = with types; str; + type = lib.types.str; default = "https://${config.nixfiles.modules.loki.domain}"; }; - filters = mkOption { + filters = lib.mkOption { description = ''Filters to use with "scrape_config.pipeline_stages".''; - type = with types; listOf attrs; + type = with lib.types; listOf attrs; default = [ ]; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { services.promtail = { enable = true; @@ -70,11 +69,12 @@ in ( n: let - label = toLower n; + label = lib.toLower n; in { source_labels = [ "__journal_${label}" ]; - target_label = if hasPrefix "_" label then substring 1 (stringLength label - 1) label else label; + target_label = + if lib.hasPrefix "_" label then lib.substring 1 (lib.stringLength label - 1) label else label; } ) [ diff --git a/modules/psd.nix b/modules/psd.nix index 5bb9dc3..17fa04e 100644 --- a/modules/psd.nix +++ b/modules/psd.nix @@ -4,16 +4,15 @@ pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.psd; in { - options.nixfiles.modules.psd.enable = mkEnableOption "Profile Sync Daemon"; + options.nixfiles.modules.psd.enable = lib.mkEnableOption "Profile Sync Daemon"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { hm = { - home.packages = with pkgs; [ profile-sync-daemon ]; + home.packages = [ pkgs.profile-sync-daemon ]; xdg.configFile."psd/psd.conf".text = '' USE_OVERLAYFS="yes" @@ -24,7 +23,7 @@ in systemd.user = { services = let - exe = getExe' pkgs.profile-sync-daemon "profile-sync-daemon"; + exe = lib.getExe' pkgs.profile-sync-daemon "profile-sync-daemon"; in { psd = { diff --git a/modules/qutebrowser.nix b/modules/qutebrowser.nix index 6ba7c07..7ebc006 100644 --- a/modules/qutebrowser.nix +++ b/modules/qutebrowser.nix @@ -4,24 +4,23 @@ pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.qutebrowser; in { - options.nixfiles.modules.qutebrowser.enable = mkEnableOption "Qutebrowser"; + options.nixfiles.modules.qutebrowser.enable = lib.mkEnableOption "Qutebrowser"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { nixfiles.modules.mpv.enable = true; hm = { - programs.qutebrowser = with config.nixfiles.modules; { + programs.qutebrowser = { enable = true; - keyBindings.normal = mkIf mpv.enable { + keyBindings.normal = lib.mkIf config.nixfiles.modules.mpv.enable { "z" = let - mpv = getExe config.hm.programs.mpv.package; + mpv = lib.getExe config.hm.programs.mpv.package; in "hint links spawn --detach ${mpv} {hint-url}"; }; @@ -169,9 +168,14 @@ in }; editor.command = [ - (if alacritty.enable then getExe pkgs.alacritty else getExe pkgs.xterm) + ( + if config.nixfiles.modules.alacritty.enable then + lib.getExe pkgs.alacritty + else + lib.getExe pkgs.xterm + ) "-e" - (getExe' config.programs.vim.package "vim") + (lib.getExe' config.programs.vim.package "vim") "-f" "{}" ]; @@ -245,11 +249,6 @@ in hide_decoration = false; title_format = "{perc}{current_title}{title_sep}qutebrowser"; }; - - qt = mkIf kde.enable { - force_platform = null; - force_platformtheme = "KDE"; - }; }; extraConfig = @@ -296,7 +295,7 @@ in } ]; in - concatLines final + "\n" + lib.concatLines final + "\n" ) + ( let @@ -306,7 +305,7 @@ in (allowSetting "desktop_capture" url) (allowSetting "media.audio_video_capture" url) ]; - allowedMediaCapture = flatten ( + allowedMediaCapture = lib.flatten ( map allowMediaCaptureSetting [ "https://discord.com" "https://web.telegram.org" @@ -321,7 +320,7 @@ in final = allowedMediaCapture ++ allowedNotifications; in - concatLines final + "\n" + lib.concatLines final + "\n" ); }; diff --git a/modules/radicale.nix b/modules/radicale.nix index 59fb4a2..0f83c7f 100644 --- a/modules/radicale.nix +++ b/modules/radicale.nix @@ -5,17 +5,16 @@ libNginx, ... }: -with lib; let cfg = config.nixfiles.modules.radicale; in { options.nixfiles.modules.radicale = { - enable = mkEnableOption "Radicale"; + enable = lib.mkEnableOption "Radicale"; - domain = mkOption { + domain = lib.mkOption { description = "Domain name sans protocol scheme."; - type = with types; str; + type = lib.types.str; default = "radicale.${config.networking.domain}"; }; }; @@ -24,7 +23,7 @@ in let port = 5232; in - mkIf cfg.enable { + lib.mkIf cfg.enable { ark.directories = [ "/var/lib/radicale" ]; secrets.radicale-htpasswd = { diff --git a/modules/redis.nix b/modules/redis.nix index e2151c7..2b68529 100644 --- a/modules/redis.nix +++ b/modules/redis.nix @@ -4,14 +4,13 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.redis; in { - options.nixfiles.modules.redis.enable = mkEnableOption "Redis"; + options.nixfiles.modules.redis.enable = lib.mkEnableOption "Redis"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { ark.directories = [ "/var/lib/redis-default" ]; services = { @@ -27,8 +26,8 @@ in prometheus.exporters = { redis = { enable = true; - listenAddress = mkDefault this.wireguard.ipv4.address; - port = mkDefault 9121; + listenAddress = lib.mkDefault this.wireguard.ipv4.address; + port = lib.mkDefault 9121; extraFlags = with config.services.redis.servers.default; [ "--redis.addr=redis://${bind}:${toString port}" "--redis.user=${user}" diff --git a/modules/rss-bridge.nix b/modules/rss-bridge.nix index c890872..11b0970 100644 --- a/modules/rss-bridge.nix +++ b/modules/rss-bridge.nix @@ -4,22 +4,21 @@ libNginx, ... }: -with lib; let cfg = config.nixfiles.modules.rss-bridge; in { options.nixfiles.modules.rss-bridge = { - enable = mkEnableOption "RSS-Bridge"; + enable = lib.mkEnableOption "RSS-Bridge"; - domain = mkOption { + domain = lib.mkOption { description = "Domain name sans protocol scheme."; - type = with types; str; + type = lib.types.str; default = "rss-bridge.${config.networking.domain}"; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { ark.directories = [ config.services.rss-bridge.dataDir ]; nixfiles.modules.nginx = { diff --git a/modules/searx.nix b/modules/searx.nix index ab186af..d4e7e30 100644 --- a/modules/searx.nix +++ b/modules/searx.nix @@ -14,7 +14,7 @@ in port = lib.mkOption { description = "Port."; - type = with lib.types; port; + type = lib.types.port; default = 61001; }; @@ -48,7 +48,7 @@ in settings = { general = { instance_name = cfg.domain; - contact_url = "mailto:admin+searx@${config.networking.domain}"; + contact_url = "mailto:webmaster@${config.networking.domain}"; git_url = false; git_branch = false; docs_url = false; diff --git a/modules/shadowsocks.nix b/modules/shadowsocks.nix index 5f847be..a6f5948 100644 --- a/modules/shadowsocks.nix +++ b/modules/shadowsocks.nix @@ -6,22 +6,21 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.shadowsocks; in { options.nixfiles.modules.shadowsocks = { - enable = mkEnableOption "Shadowsocks"; + enable = lib.mkEnableOption "Shadowsocks"; - port = mkOption { - type = with types; port; + port = lib.mkOption { + type = lib.types.port; default = 8388; description = "Port."; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { secrets.shadowsocks-json.file = "${inputs.self}/secrets/shadowsocks-json"; services.fail2ban.jails.shadowsocks = { @@ -45,7 +44,7 @@ in mergeJson = let configFile = pkgs.writeText "config.json" ( - generators.toJSON { } { + lib.generators.toJSON { } { server = "::"; server_port = cfg.port; # Can't really use AEAD-2022[1] just yet because it's not @@ -86,7 +85,7 @@ in ); in pkgs.writeShellScript "meregeJson" '' - ${getExe pkgs.jq} \ + ${lib.getExe pkgs.jq} \ -s '.[0] * .[1]' \ ${configFile} \ $CREDENTIALS_DIRECTORY/secret.json \ @@ -98,7 +97,7 @@ in }; }; - environment.etc = mkIf config.nixfiles.modules.fail2ban.enable { + environment.etc = lib.mkIf config.nixfiles.modules.fail2ban.enable { "fail2ban/filter.d/shadowsocks.conf".text = '' [Definition] failregex = ^.*tcp handshake failed.*\[::ffff:<ADDR>\].*$ @@ -111,34 +110,32 @@ in # https://github.com/shadowsocks/shadowsocks/wiki/Optimizing-Shadowsocks boot.kernel.sysctl = { - "net.core.rmem_max" = mkOverride 100 (pow 2 26); - "net.core.wmem_max" = mkOverride 100 (pow 2 26); - "net.core.netdev_max_backlog" = pow 2 18; - "net.core.somaxconn" = pow 2 12; + "net.core.rmem_max" = lib.pow 2 26 |> lib.mkOverride 100; + "net.core.wmem_max" = lib.pow 2 26 |> lib.mkOverride 100; + "net.core.netdev_max_backlog" = lib.pow 2 18; + "net.core.somaxconn" = lib.pow 2 12; "net.ipv4.tcp_syncookies" = 1; - "net.ipv4.tcp_tw_reuse" = mkOverride 100 1; - "net.ipv4.tcp_tw_recycle" = mkOverride 100 0; - "net.ipv4.tcp_fin_timeout" = mkOverride 100 30; + "net.ipv4.tcp_tw_reuse" = lib.mkOverride 100 1; + "net.ipv4.tcp_tw_recycle" = lib.mkOverride 100 0; + "net.ipv4.tcp_fin_timeout" = lib.mkOverride 100 30; "net.ipv4.tcp_keepalive_time" = 60 * 20; "net.ipv4.ip_local_port_range" = "10000 65000"; - "net.ipv4.tcp_max_syn_backlog" = pow 2 13; - "net.ipv4.tcp_max_tw_buckets" = pow 2 12; - "net.ipv4.tcp_fastopen" = mkOverride 100 3; - "net.ipv4.tcp_mem" = mkOverride 100 (mkTcpMem 15 16 17); - "net.ipv4.tcp_rmem" = mkOverride 100 (mkTcpMem 12 16 26); - "net.ipv4.tcp_wmem" = mkOverride 100 (mkTcpMem 12 16 26); - "net.ipv4.tcp_mtu_probing" = mkOverride 100 1; + "net.ipv4.tcp_max_syn_backlog" = lib.pow 2 13; + "net.ipv4.tcp_max_tw_buckets" = lib.pow 2 12; + "net.ipv4.tcp_fastopen" = lib.mkOverride 100 3; + "net.ipv4.tcp_mem" = lib.mkTcpMem 15 16 17 |> lib.mkOverride 100; + "net.ipv4.tcp_rmem" = lib.mkTcpMem 12 16 26 |> lib.mkOverride 100; + "net.ipv4.tcp_wmem" = lib.mkTcpMem 12 16 26 |> lib.mkOverride 100; + "net.ipv4.tcp_mtu_probing" = lib.mkOverride 100 1; }; - topology = with cfg; { - nodes.${this.hostname}.services.shadowsocks = { - name = "Shadowsocks"; - icon = pkgs.fetchurl { - url = "https://upload.wikimedia.org/wikipedia/commons/f/f5/Shadowsocks-Logo.svg"; - hash = "sha256-NzGt0WQA4NQpMPsOTWgBrghuewxQeDoSe46oTm0f+BY="; - }; - details.listen.text = ":::${toString port}"; + topology.nodes.${this.hostname}.services.shadowsocks = { + name = "Shadowsocks"; + icon = pkgs.fetchurl { + url = "https://upload.wikimedia.org/wikipedia/commons/f/f5/Shadowsocks-Logo.svg"; + hash = "sha256-NzGt0WQA4NQpMPsOTWgBrghuewxQeDoSe46oTm0f+BY="; }; + details.listen.text = ":::${toString cfg.port}"; }; }; } diff --git a/modules/sing-box.nix b/modules/sing-box.nix index 9fc86eb..74c86af 100644 --- a/modules/sing-box.nix +++ b/modules/sing-box.nix @@ -4,16 +4,15 @@ lib, ... }: -with lib; let cfg = config.nixfiles.modules.sing-box; in { options.nixfiles.modules.sing-box = { - enable = mkEnableOption ""; + enable = lib.mkEnableOption ""; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { assertions = [ { assertion = cfg.enable -> !config.nixfiles.modules.nginx.enable; diff --git a/modules/soju.nix b/modules/soju.nix index dbf069d..f84d9c0 100644 --- a/modules/soju.nix +++ b/modules/soju.nix @@ -4,46 +4,45 @@ pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.soju; in { options.nixfiles.modules.soju = { - enable = mkEnableOption "soju"; + enable = lib.mkEnableOption "soju"; - port = mkOption { + port = lib.mkOption { description = "Port."; - type = with types; port; + type = lib.types.port; default = 6697; }; - httpPort = mkOption { + httpPort = lib.mkOption { description = "HTTP Port."; - type = with types; port; + type = lib.types.port; default = 9981; }; - domain = mkOption { + domain = lib.mkOption { description = "Domain."; - type = with types; str; + type = lib.types.str; default = config.networking.fqdn; }; - uploadsDir = mkOption { + uploadsDir = lib.mkOption { description = "Uploads directory."; - type = with types; str; + type = lib.types.str; default = "/srv/soju/uploads"; }; prometheus = { - enable = mkEnableOption "Prometheus exporter" // { + enable = lib.mkEnableOption "Prometheus exporter" // { default = true; }; - port = mkOption { + port = lib.mkOption { description = "Port."; - type = with types; port; + type = lib.types.port; default = 9259; }; }; @@ -53,7 +52,7 @@ in let db = "soju"; in - mkIf cfg.enable { + lib.mkIf cfg.enable { nixfiles.modules = { acme.enable = true; nginx = { @@ -118,9 +117,9 @@ in listen ircs://:${toString cfg.port} listen http://localhost:${toString cfg.httpPort} tls ${with config.certs.${cfg.domain}; "${directory}/fullchain.pem ${directory}/key.pem"} - ${with cfg.prometheus; optionalString enable "listen http+prometheus://localhost:${toString port}"} + ${lib.optionalString cfg.prometheus.enable "listen http+prometheus://localhost:${toString cfg.prometheus.port}"} db postgres "${ - concatStringsSep " " [ + lib.concatStringsSep " " [ "host=/run/postgresql" "user=${db}" "dbname=${db}" diff --git a/modules/solaar.nix b/modules/solaar.nix deleted file mode 100644 index 17a04de..0000000 --- a/modules/solaar.nix +++ /dev/null @@ -1,62 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; -let - cfg = config.nixfiles.modules.solaar; -in -{ - options.nixfiles.modules.solaar = { - enable = mkEnableOption "Solaar"; - }; - - config = mkIf cfg.enable { - hm = { - home.packages = with pkgs; [ solaar ]; - - systemd.user.services.solaar = { - Unit = { - Description = "Device manager for Logitech devices"; - After = [ "graphical-session-pre.target" ]; - PartOf = [ "graphical-session.target" ]; - }; - Service = { - # The dirtiest hack I've ever implemented... I should be ashamed of - # it. Regardless, that shit still doesn't work because each reconnect, - # /dev/hidraw* is recreated and has default permissions which breaks - # Solaar. Fuck this shit. - ExecStartPre = getExe ( - pkgs.writeShellApplication { - name = "solaar-pre"; - text = '' - for i in /dev/hidraw*; do - if [ -c "$i" ]; then - sudo chown root:input "$i" - sudo chmod 0660 "$i" - fi - done - ''; - } - ); - ExecStart = "${getExe pkgs.solaar "solaar"} --window=hide"; - }; - Install.WantedBy = [ "graphical-session.target" ]; - }; - }; - - boot.kernelModules = [ - "hid_logitech_dj" - "hid_logitech_hidpp" - ]; - - hardware.uinput.enable = true; - - my.extraGroups = [ - "uinput" - "input" - ]; - }; -} diff --git a/modules/sound.nix b/modules/sound.nix index 49ca5bc..db15686 100644 --- a/modules/sound.nix +++ b/modules/sound.nix @@ -4,15 +4,14 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.sound; in { - options.nixfiles.modules.sound.enable = mkEnableOption "sound support"; + options.nixfiles.modules.sound.enable = lib.mkEnableOption "sound support"; config = - mkIf cfg.enable { + lib.mkIf cfg.enable { services.pipewire = { enable = true; diff --git a/modules/subversion.nix b/modules/subversion.nix deleted file mode 100644 index 64ddcf3..0000000 --- a/modules/subversion.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; -let - cfg = config.nixfiles.modules.subversion; -in -{ - options.nixfiles.modules.subversion.enable = mkEnableOption "Subversion"; - - config = mkIf cfg.enable { - nixfiles.modules.gnupg.enable = true; - - hm.home = { - file = { - ".subversion/config".text = generators.toINI { } { - auth = { - password-stores = "gpg-agent"; - ssl-client-cert-file-prompt = "no"; - store-passwords = "yes"; - store-auth-creds = "yes"; - }; - helpers = { - editor-cmd = getExe' config.programs.vim.package "vim"; - diff-cmd = getExe pkgs.colordiff; - }; - miscellany = { - global-ignores = - with config.hm.programs.git; - optionalString (ignores != [ ]) (concatStringsSep " " ignores); - diff-ignore-content-type = "no"; - }; - working-copy = { - exclusive-locking-clients = "svn"; - exclusive-locking = true; - busy-timeout = 10000; - }; - }; - - ".subversion/servers".text = generators.toINI { } { - global = { - store-auth-creds = "yes"; - store-passwords = "yes"; - store-plaintext-passwords = "yes"; - }; - }; - }; - - packages = [ (pkgs.subversionClient.override { saslSupport = true; }) ]; - }; - }; -} diff --git a/modules/syncthing.nix b/modules/syncthing.nix index d239aa4..af5754b 100644 --- a/modules/syncthing.nix +++ b/modules/syncthing.nix @@ -6,156 +6,157 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.syncthing; in { options.nixfiles.modules.syncthing = { - enable = mkEnableOption "Syncthing"; + enable = lib.mkEnableOption "Syncthing"; - port = mkOption { + port = lib.mkOption { description = "Port."; - type = with types; port; + type = lib.types.port; default = 8384; }; - domain = mkOption { + domain = lib.mkOption { description = "Domain name sans protocol scheme."; - type = with types; str; + type = lib.types.str; default = "syncthing.${config.networking.fqdn}"; }; }; - config = mkIf cfg.enable (mkMerge [ - { - secrets = { - "syncthing-cert-${this.hostname}" = with config.services.syncthing; { - file = "${inputs.self}/secrets/syncthing-cert-${this.hostname}"; - owner = user; - inherit group; - }; + config = lib.mkIf cfg.enable ( + lib.mkMerge [ + { + secrets = { + "syncthing-cert-${this.hostname}" = with config.services.syncthing; { + file = "${inputs.self}/secrets/syncthing-cert-${this.hostname}"; + owner = user; + inherit group; + }; - "syncthing-key-${this.hostname}" = with config.services.syncthing; { - file = "${inputs.self}/secrets/syncthing-key-${this.hostname}"; - owner = user; - inherit group; + "syncthing-key-${this.hostname}" = with config.services.syncthing; { + file = "${inputs.self}/secrets/syncthing-key-${this.hostname}"; + owner = user; + inherit group; + }; }; - }; - services.syncthing = { - enable = true; + services.syncthing = { + enable = true; - user = my.username; - inherit (config.my) group; + user = lib.my.username; + inherit (config.my) group; - dataDir = "${config.dirs.config}/syncthing"; - configDir = config.services.syncthing.dataDir; + dataDir = "${config.dirs.config}/syncthing"; + configDir = config.services.syncthing.dataDir; - guiAddress = "127.0.0.1:${toString cfg.port}"; + guiAddress = "127.0.0.1:${toString cfg.port}"; - cert = config.secrets."syncthing-cert-${this.hostname}".path; - key = config.secrets."syncthing-key-${this.hostname}".path; + cert = config.secrets."syncthing-cert-${this.hostname}".path; + key = config.secrets."syncthing-key-${this.hostname}".path; - overrideDevices = false; - overrideFolders = false; + overrideDevices = false; + overrideFolders = false; - settings = { - options = { - announceLANAddresses = false; - autoUpgradeIntervalH = 0; - crashReportingEnabled = false; - globalAnnounceEnabled = false; - relaysEnabled = false; - setLowPriority = this.isHeadful; - stunKeepaliveStartS = 0; - urAccepted = -1; - }; + settings = { + options = { + announceLANAddresses = false; + autoUpgradeIntervalH = 0; + crashReportingEnabled = false; + globalAnnounceEnabled = false; + relaysEnabled = false; + setLowPriority = this.isHeadful; + stunKeepaliveStartS = 0; + urAccepted = -1; + }; - gui = { - insecureAdminAccess = this.isHeadless; - insecureSkipHostcheck = this.isHeadless; - }; + gui = { + insecureAdminAccess = this.isHeadless; + insecureSkipHostcheck = this.isHeadless; + }; - devices = mapAttrs ( - name: attr: - mkIf (hasAttr "syncthing" attr && hasAttr "wireguard" attr) { - inherit (attr.syncthing) id; - compression = "always"; - introducer = false; - addresses = [ - "quic://${name}.${config.networking.domain}:22000" - "tcp://${name}.${config.networking.domain}:22000" - ]; - autoAcceptFolders = true; - untrusted = false; - } - ) my.configurations; - - folders = - let - filterDevices = - f: - attrNames ( - filterAttrs ( - _: attr: attr.hostname != this.hostname && hasAttr "syncthing" attr && f attr - ) my.configurations - ); - all = filterDevices (_: true); - notHeadless = filterDevices (attr: !attr.isHeadless); - notOther = filterDevices (attr: !attr.isOther); - - simple = { - type = "simple"; - params.keep = "5"; - }; - trashcan = { - type = "trashcan"; - params.cleanouctDays = "7"; - }; - in - with config.hm.xdg.userDirs; - { - share = { - path = publicShare; - devices = notHeadless; - versioning = trashcan; + devices = lib.mapAttrs ( + name: attr: + lib.mkIf (lib.hasAttr "syncthing" attr && lib.hasAttr "wireguard" attr) { + inherit (attr.syncthing) id; + compression = "always"; + introducer = false; + addresses = [ + "quic://${name}.${config.networking.domain}:22000" + "tcp://${name}.${config.networking.domain}:22000" + ]; + autoAcceptFolders = true; + untrusted = false; + } + ) lib.my.configurations; + + folders = + let + filterDevices = + f: + lib.attrNames ( + lib.filterAttrs ( + _: attr: attr.hostname != this.hostname && lib.hasAttr "syncthing" attr && f attr + ) lib.my.configurations + ); + all = filterDevices (_: true); + notHeadless = filterDevices (attr: !attr.isHeadless); + notOther = filterDevices (attr: !attr.isOther); + + simple = { + type = "simple"; + params.keep = "5"; + }; + trashcan = { + type = "trashcan"; + params.cleanouctDays = "7"; + }; + in + with config.hm.xdg.userDirs; + { + share = { + path = publicShare; + devices = notHeadless; + versioning = trashcan; + }; + org = { + path = "${documents}/org"; + devices = all; + versioning = simple; + }; + roam = { + path = "${documents}/roam"; + devices = notOther; + versioning = simple; + }; + elfeed = { + path = "${config.my.home}/.elfeed"; + devices = notOther; + versioning = trashcan; + }; + books = { + path = "${documents}/books"; + devices = notOther; + versioning = trashcan; + }; }; - org = { - path = "${documents}/org"; - devices = all; - versioning = simple; - }; - roam = { - path = "${documents}/roam"; - devices = notOther; - versioning = simple; - }; - elfeed = { - path = "${config.my.home}/.elfeed"; - devices = notOther; - versioning = trashcan; - }; - books = { - path = "${documents}/books"; - devices = notOther; - versioning = trashcan; - }; - }; + }; }; - }; - - systemd.services.syncthing.environment.STNODEFAULTFOLDER = "yes"; - } - (mkIf this.isHeadless { - nixfiles.modules.nginx = { - enable = true; - upstreams.syncthing.servers.${config.services.syncthing.guiAddress} = { }; - virtualHosts.${cfg.domain} = { - locations."/".proxyPass = "http://syncthing"; - extraConfig = libNginx.config.internalOnly; + + systemd.services.syncthing.environment.STNODEFAULTFOLDER = "yes"; + } + (lib.mkIf this.isHeadless { + nixfiles.modules.nginx = { + enable = true; + upstreams.syncthing.servers.${config.services.syncthing.guiAddress} = { }; + virtualHosts.${cfg.domain} = { + locations."/".proxyPass = "http://syncthing"; + extraConfig = libNginx.config.internalOnly; + }; }; - }; - }) - ]); + }) + ] + ); } diff --git a/modules/thunderbird.nix b/modules/thunderbird.nix index 74af3b5..18bb1ed 100644 --- a/modules/thunderbird.nix +++ b/modules/thunderbird.nix @@ -1,12 +1,11 @@ { config, lib, ... }: -with lib; let cfg = config.nixfiles.modules.thunderbird; in { - options.nixfiles.modules.thunderbird.enable = mkEnableOption "Thunderbird"; + options.nixfiles.modules.thunderbird.enable = lib.mkEnableOption "Thunderbird"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { nixfiles.modules.common.xdg.defaultApplications.thunderbird = [ "message/rfc822" "x-scheme-handler/mailto" diff --git a/modules/tmux.nix b/modules/tmux.nix index a754222..4818035 100644 --- a/modules/tmux.nix +++ b/modules/tmux.nix @@ -1,12 +1,11 @@ { config, lib, ... }: -with lib; let cfg = config.nixfiles.modules.tmux; in { - options.nixfiles.modules.tmux.enable = mkEnableOption "tmux"; + options.nixfiles.modules.tmux.enable = lib.mkEnableOption "tmux"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { hm.programs.tmux = { enable = true; diff --git a/modules/unbound-ng.nix b/modules/unbound-ng.nix deleted file mode 100644 index 3d3c6da..0000000 --- a/modules/unbound-ng.nix +++ /dev/null @@ -1,185 +0,0 @@ -{ - config, - inputs, - lib, - pkgs, - this, - ... -}: -with lib; -let - cfg = config.nixfiles.modules.unbound-ng; -in -{ - options.nixfiles.modules.unbound-ng = { - enable = mkEnableOption "Unbound"; - - domain = mkOption { - description = "Domain name sans protocol scheme."; - type = with types; str; - default = config.networking.domain; - }; - }; - - config = mkIf cfg.enable { - ark.directories = [ config.services.unbound.stateDir ]; - - nixfiles.modules.redis.enable = true; - - services = { - unbound = { - enable = true; - - package = pkgs.unbound-with-systemd.override { - withRedis = true; - withTFO = true; - }; - - checkconf = true; - settings = { - server = { - module-config = ''"respip validator iterator"''; - - interface = with this.wireguard-ng; [ - "127.0.0.1" - "::1" - ipv4.address - ipv6.address - ]; - - local-zone = concatLists ( - mapAttrsToList (h: _: [ "\"${h}.${cfg.domain}\" redirect" ]) my.configurations - ); - local-data = concatLists ( - mapAttrsToList ( - hostname: - let - domain = "${hostname}.${cfg.domain}"; - in - attr: - (optionals (hasAttr "wireguard-ng" attr) ( - with attr.wireguard-ng; - [ - "\"${domain} 604800 IN A ${ipv4.address}\"" - "\"${domain} 604800 IN AAAA ${ipv6.address}\"" - "\"${domain}. A ${ipv4.address}\"" - "\"${domain}. AAAA ${ipv6.address}\"" - ] - ++ (optionals (hasAttr "domains" attr) ( - concatMap (domain: [ - "\"${domain}. A ${ipv4.address}\"" - "\"${domain}. AAAA ${ipv6.address}\"" - ]) attr.domains - )) - )) - ) my.configurations - ); - local-data-ptr = concatLists ( - mapAttrsToList ( - hostname: - let - domain = "${hostname}.${cfg.domain}"; - in - attr: - (optionals (hasAttr "wireguard-ng" attr) ( - with attr.wireguard-ng; - [ - "\"${ipv4.address} ${domain}\"" - "\"${ipv6.address} ${domain}\"" - ] - ++ (optionals (hasAttr "domains" attr) ( - concatMap (domain: [ - "\"${ipv4.address} ${domain}\"" - "\"${ipv6.address} ${domain}\"" - ]) attr.domains - )) - )) - ) my.configurations - ); - - private-domain = map (domain: "${domain}.") [ - cfg.domain - "local" - ]; - private-address = with config.nixfiles.modules.wireguard-ng; [ - ipv4.subnet - ipv6.subnet - ]; - - access-control = with config.nixfiles.modules.wireguard-ng; [ - "0.0.0.0/0 refuse" - "::/0 refuse" - "127.0.0.0/8 allow" - "::1/128 allow" - "${ipv4.subnet} allow" - "${ipv6.subnet} allow" - ]; - - cache-min-ttl = 0; - - serve-expired = true; - serve-expired-reply-ttl = 0; - - prefetch = true; - prefetch-key = true; - - hide-identity = true; - hide-version = true; - - extended-statistics = true; - - log-replies = false; - log-tag-queryreply = false; - log-local-actions = false; - - verbosity = 0; - }; - - forward-zone = [ - { - name = "."; - forward-tls-upstream = true; - forward-addr = dns.mkDoT dns.const.quad9.ecs; - } - ]; - - cachedb = with config.services.redis.servers.default; { - backend = "redis"; - redis-server-host = bind; - redis-server-port = port; - }; - - rpz = { - name = "hagezi.pro"; - zonefile = "hagezi.pro"; - url = "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/rpz/pro.txt"; - }; - }; - - enableRootTrustAnchor = true; - - localControlSocketPath = "/run/unbound/unbound.socket"; - }; - - prometheus.exporters.unbound = { - enable = true; - listenAddress = mkDefault this.wireguard-ng.ipv4.address; - port = 9167; - inherit (config.services.unbound) group user; - unbound.host = "unix://${config.services.unbound.localControlSocketPath}"; - }; - }; - - boot.kernel.sysctl."net.ipv4.tcp_fastopen" = mkOverride 200 3; - - topology = with cfg; { - nodes.${this.hostname}.services.unbound = { - name = "Unbound"; - icon = "${inputs.homelab-svg-assets}/assets/unbound.svg"; - details.listen.text = concatMapStringsSep "\n" (i: "${i}:53") ( - filter (i: i != "127.0.0.1" && i != "::1") config.services.unbound.settings.server.interface - ); - }; - }; - }; -} diff --git a/modules/unbound.nix b/modules/unbound.nix index b8de321..c38c25b 100644 --- a/modules/unbound.nix +++ b/modules/unbound.nix @@ -6,22 +6,21 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.unbound; in { options.nixfiles.modules.unbound = { - enable = mkEnableOption "Unbound"; + enable = lib.mkEnableOption "Unbound"; - domain = mkOption { + domain = lib.mkOption { description = "Domain name sans protocol scheme."; - type = with types; str; + type = lib.types.str; default = config.networking.domain; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { ark.directories = [ config.services.unbound.stateDir ]; nixfiles.modules.redis.enable = true; @@ -31,6 +30,7 @@ in enable = true; package = pkgs.unbound-with-systemd.override { + withDNSTAP = true; withRedis = true; withTFO = true; }; @@ -47,17 +47,18 @@ in ipv6.address ]; - local-zone = concatLists ( - mapAttrsToList (h: _: [ "\"${h}.${cfg.domain}\" redirect" ]) my.configurations - ); - local-data = concatLists ( - mapAttrsToList ( + local-zone = + lib.my.configurations + |> lib.mapAttrsToList (x: _: [ ''"${x}.${cfg.domain}" redirect'' ]) + |> lib.concatLists; + local-data = lib.concatLists ( + lib.mapAttrsToList ( hostname: let domain = "${hostname}.${cfg.domain}"; in attr: - (optionals (hasAttr "wireguard" attr) ( + (lib.optionals (lib.hasAttr "wireguard" attr) ( with attr.wireguard; [ "\"${domain} 604800 IN A ${ipv4.address}\"" @@ -65,36 +66,36 @@ in "\"${domain}. A ${ipv4.address}\"" "\"${domain}. AAAA ${ipv6.address}\"" ] - ++ (optionals (hasAttr "domains" attr) ( - concatMap (domain: [ + ++ (lib.optionals (lib.hasAttr "domains" attr) ( + lib.concatMap (domain: [ "\"${domain}. A ${ipv4.address}\"" "\"${domain}. AAAA ${ipv6.address}\"" ]) attr.domains )) )) - ) my.configurations + ) lib.my.configurations ); - local-data-ptr = concatLists ( - mapAttrsToList ( + local-data-ptr = lib.concatLists ( + lib.mapAttrsToList ( hostname: let domain = "${hostname}.${cfg.domain}"; in attr: - (optionals (hasAttr "wireguard" attr) ( + (lib.optionals (lib.hasAttr "wireguard" attr) ( with attr.wireguard; [ "\"${ipv4.address} ${domain}\"" "\"${ipv6.address} ${domain}\"" ] - ++ (optionals (hasAttr "domains" attr) ( - concatMap (domain: [ + ++ (lib.optionals (lib.hasAttr "domains" attr) ( + lib.concatMap (domain: [ "\"${ipv4.address} ${domain}\"" "\"${ipv6.address} ${domain}\"" ]) attr.domains )) )) - ) my.configurations + ) lib.my.configurations ); private-domain = map (domain: "${domain}.") [ @@ -116,6 +117,7 @@ in ]; cache-min-ttl = 0; + cache-max-ttl = 60 * 60 * 24; serve-expired = true; serve-expired-reply-ttl = 0; @@ -123,8 +125,8 @@ in prefetch = true; prefetch-key = true; - hide-identity = true; - hide-version = true; + hide-identity = false; + hide-version = false; extended-statistics = true; @@ -132,14 +134,14 @@ in log-tag-queryreply = false; log-local-actions = false; - verbosity = 0; + verbosity = 1; }; forward-zone = [ { name = "."; forward-tls-upstream = true; - forward-addr = dns.mkDoT dns.const.quad9.ecs; + forward-addr = lib.dns.mkDoT lib.dns.const.quad9.ecs; } ]; @@ -149,37 +151,84 @@ in redis-server-port = port; }; - rpz = { - name = "hagezi.pro"; - zonefile = "hagezi.pro"; - url = "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/rpz/pro.txt"; + dnstap = { + dnstap-enable = true; + dnstap-socket-path = "/run/dnstap-unbound/read.sock"; + dnstap-send-identity = true; + dnstap-send-version = true; + dnstap-log-resolver-query-messages = true; + dnstap-log-resolver-response-messages = true; + dnstap-log-client-query-messages = true; + dnstap-log-client-response-messages = true; + dnstap-log-forwarder-query-messages = true; + dnstap-log-forwarder-response-messages = true; }; + + rpz = [ + { + name = "hagezi-ultimate"; + zonefile = "hagezi-ultimate"; + url = "https://raw.githubusercontent.com/hagezi/dns-blocklists/main/rpz/ultimate.txt"; + } + { + name = "big-osid"; + zonefile = "big-osid"; + url = "https://big.oisd.nl/rpz"; + } + { + name = "nsfw-osid"; + zonefile = "nsfw-osid"; + url = "https://nsfw.oisd.nl/rpz"; + } + ]; }; enableRootTrustAnchor = true; - localControlSocketPath = "/run/unbound/unbound.socket"; + localControlSocketPath = "/run/unbound/control.sock"; }; prometheus.exporters.unbound = { enable = true; - listenAddress = mkDefault this.wireguard.ipv4.address; + listenAddress = lib.mkDefault this.wireguard.ipv4.address; port = 9167; inherit (config.services.unbound) group user; unbound.host = "unix://${config.services.unbound.localControlSocketPath}"; }; }; - boot.kernel.sysctl."net.ipv4.tcp_fastopen" = mkOverride 200 3; + systemd = + let + in + { + services = { + unbound = { + after = [ "dnstap-unbound.service" ]; + requires = [ "dnstap-unbound.service" ]; + }; - topology = with cfg; { - nodes.${this.hostname}.services.unbound = { - name = "Unbound"; - icon = "${inputs.homelab-svg-assets}/assets/unbound.svg"; - details.listen.text = concatMapStringsSep "\n" (i: "${i}:53") ( - filter (i: i != "127.0.0.1" && i != "::1") config.services.unbound.settings.server.interface - ); + dnstap-unbound = { + serviceConfig = { + ExecStart = "${lib.getExe pkgs.dnstap} -u ${config.services.unbound.settings.dnstap.dnstap-socket-path}"; + User = config.services.unbound.user; + Group = config.services.unbound.group; + RuntimeDirectory = "dnstap-unbound"; + }; + wantedBy = [ "multi-user.target" ]; + }; + }; }; + + boot.kernel.sysctl."net.ipv4.tcp_fastopen" = lib.mkOverride 200 3; + + topology.nodes.${this.hostname}.services.unbound = { + name = "Unbound"; + icon = "${inputs.homelab-svg-assets}/assets/unbound.svg"; + details.listen.text = + config.services.unbound.settings.server.interface + |> lib.filter (x: x != "127.0.0.1" && x != "::1") + |> map (x: "${x}:53") + |> lib.concatLines; }; }; } diff --git a/modules/victoriametrics.nix b/modules/victoriametrics.nix deleted file mode 100644 index ac4ac58..0000000 --- a/modules/victoriametrics.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ - config, - lib, - libNginx, - ... -}: -with lib; -let - cfg = config.nixfiles.modules.victoriametrics; -in -{ - options.nixfiles.modules.victoriametrics = { - enable = mkEnableOption "VictoriaMetrics"; - - port = mkOption { - description = "Port."; - type = with types; port; - default = 30113; - }; - - domain = mkOption { - description = "Domain name sans protocol scheme."; - type = with types; str; - default = "victoriametrics.${config.networking.domain}"; - }; - }; - - config = mkIf cfg.enable { - nixfiles.modules.nginx = with cfg; { - enable = true; - upstreams.victoriametrics.servers."127.0.0.1:${toString cfg.port}" = { }; - virtualHosts.${domain} = { - locations."/".proxyPass = "http://victoriametrics"; - extraConfig = libNginx.config.internalOnly; - }; - }; - - services.victoriametrics = { - enable = true; - - listenAddress = "127.0.0.1:${toString cfg.port}"; - - extraOptions = [ - "-loggerLevel=WARN" - # TODO scrape_config - ]; - }; - }; -} diff --git a/modules/vim.nix b/modules/vim.nix index f1dba85..6273957 100644 --- a/modules/vim.nix +++ b/modules/vim.nix @@ -5,23 +5,22 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.vim; in { - options.nixfiles.modules.vim.enable = mkEnableOption "Vim"; + options.nixfiles.modules.vim.enable = lib.mkEnableOption "Vim"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { hm.stylix.targets.vim.enable = false; programs.vim = { enable = true; defaultEditor = true; - package = mkIf this.isHeadful ( + package = lib.mkIf this.isHeadful ( pkgs.vim-full.customize { name = "vim"; - vimrcConfig = with cfg; { + vimrcConfig = { customRC = '' let $VIMFILES = expand('<sfile>:p:h') @@ -193,6 +192,7 @@ in command WS w !sudo tee "%" >/dev/null ''; + packages.myVimPackage.start = with pkgs.vimPlugins; [ editorconfig-vim vim-eunuch diff --git a/modules/vscode.nix b/modules/vscode.nix index 3b0c3e1..0eebdda 100644 --- a/modules/vscode.nix +++ b/modules/vscode.nix @@ -5,34 +5,34 @@ pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.vscode; in { options.nixfiles.modules.vscode = { - enable = mkEnableOption "VSCode"; + enable = lib.mkEnableOption "VSCode"; - package = - with pkgs; - mkOption { - type = types.enum [ + package = lib.mkOption { + type = lib.types.enum ( + with pkgs; + [ vscodium vscode vscode-fhs - ]; - default = vscodium; - description = "Which package to use as a VSCode implementation."; - }; + ] + ); + default = pkgs.vscodium; + description = "Which package to use as a VSCode implementation."; + }; - vim.enable = mkOption { - type = types.bool; + vim.enable = lib.mkOption { + type = lib.types.bool; default = true; description = "Whether to enable Vim emulation."; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { hm = { stylix.targets.vscode.enable = false; @@ -77,7 +77,7 @@ in task.vscode-task vscode-org-mode.org-mode ] - ++ optional cfg.vim.enable vscodevim.vim; + ++ lib.optional cfg.vim.enable vscodevim.vim; userSettings = { # Something tries to write this every startup. I can't be arsed to @@ -153,20 +153,18 @@ in useFullyQualifiedCollectionNames = true; reuseTerminal = true; }; - validation.lint.path = getExe' pkgs.ansible-lint "ansible-lint"; + validation.lint.path = lib.getExe' pkgs.ansible-lint "ansible-lint"; }; - bashIde.shellcheckPath = getExe' pkgs.shellcheck "shellcheck"; + bashIde.shellcheckPath = lib.getExe' pkgs.shellcheck "shellcheck"; cSpell.language = "en-GB,en,ru"; - direnv = { - restart.automatic = true; - }; + direnv.restart.automatic = true; magit = { forge-enabled = true; - git-path = getExe config.hm.programs.git.package; + git-path = lib.getExe config.hm.programs.git.package; }; git.openRepositoryInParentFolders = "always"; @@ -176,55 +174,55 @@ in gitProtocol = "ssh"; }; - terraform = { - languageServer.path = getExe' pkgs.terraform-ls "terraform-ls"; - languageServer.terraform.path = getExe pkgs.opentofu; - }; + # terraform = { + # languageServer.path = lib.getExe' pkgs.terraform-ls "terraform-ls"; + # languageServer.terraform.path = lib.getExe pkgs.opentofu; + # }; - haskell = { - formattingProvider = "ormolu"; - serverExecutablePath = getExe' pkgs.haskell-language-server "haskell-language-server"; - }; + # haskell = { + # formattingProvider = "ormolu"; + # serverExecutablePath = lib.getExe' pkgs.haskell-language-server "haskell-language-server"; + # }; nix = { - formatterPath = getExe pkgs.nixfmt; + formatterPath = lib.getExe pkgs.nixfmt; enableLanguageServer = true; - serverPath = getExe pkgs.nixd; - serverSettings.nixd.formatting.command = getExe pkgs.nixfmt; - }; - - python = with pkgs.python311Packages; { - experiments.optOutFrom = [ "All" ]; - pipenvPath = getExe' pkgs.pipenv "pipenv"; - poetryPath = getExe' pkgs.poetry "poetry"; - formatting = { - provider = "black"; - autopep8Path = getExe' autopep8 "autopep8"; - blackPath = getExe' black "black"; - yapfPath = getExe' yapf "yapf"; - }; - linting = { - enabled = true; - banditPath = getExe' bandit "bandit"; - flake8Path = getExe' flake8 "flake8"; - mypyPath = getExe' mypy "mypy"; - pycodestylePath = getExe' pycodestyle "pycodestyle"; - pydocstylePath = getExe' pydocstyle "pydocstyle"; - pylamaPath = getExe' pylama "pylama"; - pylintPath = getExe' pylint "pylint"; - }; - testing = { - pytestPath = getExe' pytest "pytest"; - }; - }; - - rust-client = { - disableRustup = true; - rustupPath = getExe' pkgs.rustup "rustup"; - rustfmt_path = getExe pkgs.rustfmt; - }; - - vim = mkIf cfg.vim.enable { + serverPath = lib.getExe pkgs.nixd; + serverSettings.nixd.formatting.command = lib.getExe pkgs.nixfmt; + }; + + # python = with pkgs.python311Packages; { + # experiments.optOutFrom = [ "All" ]; + # pipenvPath = lib.getExe' pkgs.pipenv "pipenv"; + # poetryPath = lib.getExe' pkgs.poetry "poetry"; + # formatting = { + # provider = "black"; + # autopep8Path = lib.getExe' autopep8 "autopep8"; + # blackPath = lib.getExe' black "black"; + # yapfPath = lib.getExe' yapf "yapf"; + # }; + # linting = { + # enabled = true; + # banditPath = lib.getExe' bandit "bandit"; + # flake8Path = lib.getExe' flake8 "flake8"; + # mypyPath = lib.getExe' mypy "mypy"; + # pycodestylePath = lib.getExe' pycodestyle "pycodestyle"; + # pydocstylePath = lib.getExe' pydocstyle "pydocstyle"; + # pylamaPath = lib.getExe' pylama "pylama"; + # pylintPath = lib.getExe' pylint "pylint"; + # }; + # testing = { + # pytestPath = lib.getExe' pytest "pytest"; + # }; + # }; + + # rust-client = { + # disableRustup = true; + # rustupPath = lib.getExe' pkgs.rustup "rustup"; + # rustfmt_path = lib.getExe pkgs.rustfmt; + # }; + + vim = lib.mkIf cfg.vim.enable { easymotion = true; leader = " "; diff --git a/modules/wayland.nix b/modules/wayland.nix index f15f66e..8dcbfc8 100644 --- a/modules/wayland.nix +++ b/modules/wayland.nix @@ -4,14 +4,13 @@ pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.wayland; in { - options.nixfiles.modules.wayland.enable = mkEnableOption "Wayland"; + options.nixfiles.modules.wayland.enable = lib.mkEnableOption "Wayland"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { nixfiles.modules.foot.enable = true; hm.home = { diff --git a/modules/wget.nix b/modules/wget.nix index 0e8ee64..b1f28c2 100644 --- a/modules/wget.nix +++ b/modules/wget.nix @@ -4,14 +4,13 @@ pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.wget; in { - options.nixfiles.modules.wget.enable = mkEnableOption "wget"; + options.nixfiles.modules.wget.enable = lib.mkEnableOption "wget"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { hm = { programs.bash.shellAliases.wget = "wget --hsts-file=/tmp/wget-hsts"; @@ -32,6 +31,6 @@ in ''; }; - environment.systemPackages = with pkgs; [ wget ]; + environment.systemPackages = [ pkgs.wget ]; }; } diff --git a/modules/wireguard-ng.nix b/modules/wireguard-ng.nix deleted file mode 100644 index 1d291c9..0000000 --- a/modules/wireguard-ng.nix +++ /dev/null @@ -1,231 +0,0 @@ -{ - config, - inputs, - lib, - pkgs, - this, - ... -}: -with lib; -let - cfg = config.nixfiles.modules.wireguard-ng; - - DNSSetup = optionalString config.services.resolved.enable ( - let - resolvectl = "${config.systemd.package}/bin/resolvectl"; - in - '' - ${resolvectl} dns ${cfg.interface} ${cfg.server.ipv6.address} ${cfg.server.ipv4.address} - ${resolvectl} domain ${cfg.interface} local ${my.domain.shire} - ${resolvectl} dnssec ${cfg.interface} no - ${resolvectl} dnsovertls ${cfg.interface} no - '' - ); -in -{ - options.nixfiles.modules.wireguard-ng = { - client = { - enable = mkEnableOption "WireGuard client"; - - enableTrafficRouting = mkOption { - description = "Whether to enable traffic routing through the sever."; - type = with types; bool; - # default = !this.isHeadless; - default = false; - }; - }; - - server = { - enable = mkEnableOption "WireGuard server"; - - ipv4.address = mkOption { - description = "IPv4 address to bind to."; - type = with types; str; - default = my.configurations.tulkas.wireguard-ng.ipv4.address; - }; - - ipv6.address = mkOption { - description = "IPv4 address to bind to."; - type = with types; str; - default = my.configurations.tulkas.wireguard-ng.ipv6.address; - }; - - address = mkOption { - description = "Endpoint address to use"; - type = with types; str; - default = my.configurations.tulkas.ipv4.address; - }; - - port = mkOption { - description = "Endpoint port to use."; - type = with types; int; - default = 7070; - }; - - publicKey = mkOption { - description = "Server's public key."; - type = with types; str; - default = my.configurations.tulkas.wireguard.publicKey; - }; - - peers = mkOption { - description = "List of peers."; - type = with types; listOf attrs; - default = - mapAttrsToList - ( - _: attr: with attr; { - inherit (wireguard-ng) publicKey; - allowedIPs = with wireguard-ng; [ - "${ipv6.address}/128" - "${ipv4.address}/32" - ]; - } - ) - ( - filterAttrs ( - _: attr: attr.hostname != this.hostname && hasAttr "wireguard-ng" attr - ) my.configurations - ); - }; - }; - - interface = mkOption { - description = "Name of the interface to use WireGuard with."; - type = with types; str; - default = "wg70"; - }; - - ipv4.subnet = mkOption { - description = "CIDR notation for the IPv4 subnet to use over WireGuard."; - type = with types; str; - default = "10.70.0.0/16"; - }; - - ipv6.subnet = mkOption { - description = "CIDR notation for the IPv6 subnet to use over WireGuard."; - type = with types; str; - default = "fd70::/16"; - }; - }; - - config = - { - assertions = [ - { - assertion = config.security.sudo.enable; - message = "Sudo is not enabled."; - } - { - assertion = any (x: x == "wheel") config.my.extraGroups; - message = ''User is not in the "wheel" group.''; - } - ]; - } - // mkMerge [ - (mkIf (cfg.client.enable || cfg.server.enable) { - secrets."wireguard-private-key-${this.hostname}".file = - "${inputs.self}/secrets/wireguard-private-key-${this.hostname}"; - - networking.firewall.trustedInterfaces = [ cfg.interface ]; - }) - (mkIf cfg.client.enable { - networking.wg-quick.interfaces.${cfg.interface} = mkMerge [ - (with this.wireguard-ng; { - privateKeyFile = config.secrets."wireguard-private-key-${this.hostname}".path; - address = [ - "${ipv4.address}/16" - "${ipv6.address}/16" - ]; - }) - (with cfg.server; { - peers = [ - { - inherit publicKey; - endpoint = "${address}:${toString port}"; - allowedIPs = - if cfg.client.enableTrafficRouting then - [ - "::/0" - "0.0.0.0/0" - ] - else - [ - cfg.ipv6.subnet - cfg.ipv4.subnet - ]; - } - ]; - dns = [ - ipv6.address - ipv4.address - ]; - postUp = DNSSetup; - }) - ]; - - environment.systemPackages = with pkgs; [ - (writeShellApplication { - name = "wg-toggle-ng"; - runtimeInputs = [ - iproute2 - jq - ]; - text = '' - ip46() { - sudo ip -4 "$@" - sudo ip -6 "$@" - } - - fwmark=$(sudo awg show ${cfg.interface} fwmark) || exit - if ip -j rule list lookup "$fwmark" | jq -e 'length > 0' >/dev/null; then - ip46 rule del lookup main suppress_prefixlength 0 - ip46 rule del lookup "$fwmark" - else - ip46 rule add not fwmark "$fwmark" lookup "$fwmark" - ip46 rule add lookup main suppress_prefixlength 0 - fi - ''; - }) - ]; - }) - (mkIf cfg.server.enable { - networking = { - wireguard = { - enable = true; - interfaces.${cfg.interface} = with cfg.server; { - privateKeyFile = config.secrets."wireguard-private-key-${this.hostname}".path; - ips = [ - "${ipv6.address}/16" - "${ipv4.address}/16" - ]; - listenPort = port; - inherit peers; - postSetup = DNSSetup; - allowedIPsAsRoutes = false; - }; - }; - - nat = { - enable = true; - enableIPv6 = true; - - externalInterface = mkDefault "eth0"; - - internalInterfaces = [ cfg.interface ]; - internalIPs = [ cfg.ipv4.subnet ]; - internalIPv6s = [ cfg.ipv6.subnet ]; - }; - - firewall.allowedUDPPorts = [ cfg.server.port ]; - }; - - services.prometheus.exporters.wireguard = { - enable = true; - listenAddress = mkDefault this.wireguard-ng.ipv4.address; - withRemoteIp = true; - port = 9586; - }; - }) - ]; -} diff --git a/modules/wireguard.nix b/modules/wireguard.nix index c9d9937..98addc8 100644 --- a/modules/wireguard.nix +++ b/modules/wireguard.nix @@ -155,20 +155,20 @@ in }) (lib.mkIf cfg.client.enable { networking.wg-quick.interfaces.${cfg.interface} = lib.mkMerge [ - (with this.wireguard; { + { type = "amneziawg"; privateKeyFile = config.secrets."wireguard-private-key-${this.hostname}".path; - address = [ + address = with this.wireguard; [ "${ipv4.address}/16" "${ipv6.address}/16" ]; inherit extraOptions; - }) + } (with cfg.server; { peers = [ { inherit publicKey; - endpoint = "${address}:${port |> toString}"; + endpoint = "${address}:${toString port}"; allowedIPs = if cfg.client.enableTrafficRouting then [ @@ -262,7 +262,6 @@ in cidrv4 = cfg.ipv4.subnet; cidrv6 = cfg.ipv6.subnet; icon = "interfaces.wireguard"; - style.pattern = "dotted"; }; nodes.${this.hostname}.interfaces.${cfg.interface} = { diff --git a/modules/x11.nix b/modules/x11.nix index 4edab6b..32cc781 100644 --- a/modules/x11.nix +++ b/modules/x11.nix @@ -4,14 +4,13 @@ pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.x11; in { - options.nixfiles.modules.x11.enable = mkEnableOption "X11"; + options.nixfiles.modules.x11.enable = lib.mkEnableOption "X11"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { hm = { home = { sessionVariables = { @@ -21,16 +20,16 @@ in XCOMPOSECACHE = "${config.dirs.cache}/libx11/compose"; }; - packages = with pkgs; [ xclip ]; + packages = [ pkgs.xclip ]; }; xresources.properties = { - "Xft.antialias" = mkDefault 1; - "Xft.autohint" = mkDefault 0; - "Xft.hinting" = mkDefault 1; - "Xft.hintstyle" = mkDefault "hintslight"; - "Xft.lcdfilter" = mkDefault "lcddefault"; - "Xft.rgba" = mkDefault "rgb"; + "Xft.antialias" = lib.mkDefault 1; + "Xft.autohint" = lib.mkDefault 0; + "Xft.hinting" = lib.mkDefault 1; + "Xft.hintstyle" = lib.mkDefault "hintslight"; + "Xft.lcdfilter" = lib.mkDefault "lcddefault"; + "Xft.rgba" = lib.mkDefault "rgb"; }; services.xsettingsd = { @@ -59,7 +58,7 @@ in services.xserver = { enable = true; - tty = mkDefault 1; + tty = lib.mkDefault 1; autoRepeatDelay = 200; autoRepeatInterval = 50; diff --git a/modules/zathura.nix b/modules/zathura.nix index cef841c..8d0dc96 100644 --- a/modules/zathura.nix +++ b/modules/zathura.nix @@ -1,12 +1,11 @@ { config, lib, ... }: -with lib; let cfg = config.nixfiles.modules.zathura; in { - options.nixfiles.modules.zathura.enable = mkEnableOption "Zathura PDF reader"; + options.nixfiles.modules.zathura.enable = lib.mkEnableOption "Zathura PDF reader"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { nixfiles.modules.common.xdg.defaultApplications."org.pwmt.zathura" = [ "application/pdf" "application/epub+zip" diff --git a/overlays.nix b/overlays.nix index 3c64def..951ae9f 100644 --- a/overlays.nix +++ b/overlays.nix @@ -84,9 +84,6 @@ }; }; - dendrite = - _: (lib.packages.fromPR 366129 "sha256-oI9Afm3azJyEz4SJJIwuzeyuH7IaiGNTSA442vFlfv4=").dendrite; - soju.__output = { version.__assign = "nixfiles"; src.__assign = final.fetchFromGitea { diff --git a/packages/bruh.nix b/packages/bruh.nix index 597dc04..68aefd2 100644 --- a/packages/bruh.nix +++ b/packages/bruh.nix @@ -8,14 +8,12 @@ stdenv.mkDerivation (finalAttrs: { pname = "bruh"; version = "2.1"; - src = - with finalAttrs; - fetchFromGitHub { - owner = "kejpies"; - repo = pname; - rev = version; - hash = "sha256-Uw6Qes0IZkkfBchFnvnX9l1ZG5T5pyExmV7yUJLPOJ0="; - }; + src = fetchFromGitHub { + owner = "kejpies"; + repo = finalAttrs.pname; + rev = finalAttrs.version; + hash = "sha256-Uw6Qes0IZkkfBchFnvnX9l1ZG5T5pyExmV7yUJLPOJ0="; + }; postPatch = '' substituteInPlace bruh.c \ @@ -24,12 +22,12 @@ stdenv.mkDerivation (finalAttrs: { makeFlags = [ "PREFIX=$(out)" ]; - meta = with lib; { + meta = { description = "Bruh sound, but as a program"; inherit (finalAttrs.src.meta) homepage; - license = licenses.gpl3Only; - platforms = platforms.linux; - maintainers = with maintainers; [ azahi ]; + license = lib.licenses.gpl3Only; + platforms = lib.platforms.linux; + maintainers = [ lib.maintainers.azahi ]; mainProgram = "bruh"; }; }) diff --git a/packages/emacsql-sqlite.nix b/packages/emacsql-sqlite.nix index ad948bc..6199459 100644 --- a/packages/emacsql-sqlite.nix +++ b/packages/emacsql-sqlite.nix @@ -24,12 +24,12 @@ stdenv.mkDerivation (finalAttrs: { runHook postInstall ''; - meta = with lib; { + meta = { description = "SQLite interop binary for emacsql-sqlite"; inherit (finalAttrs.src.meta) homepage; - license = licenses.unlicense; - platforms = platforms.unix; - maintainers = with maintainers; [ azahi ]; + license = lib.licenses.unlicense; + platforms = lib.platforms.unix; + maintainers = [ lib.maintainers.azahi ]; mainProgram = "emacsql-sqlite"; }; }) diff --git a/packages/hiccup.nix b/packages/hiccup.nix index f74de74..4a748a0 100644 --- a/packages/hiccup.nix +++ b/packages/hiccup.nix @@ -26,10 +26,9 @@ buildNpmPackage rec { runHook postInstall ''; - meta = with lib; { + meta = { description = "A static start page to get to your most important links"; - inherit (finalAttrs.src.meta) homepage; - license = licenses.mit; - maintainers = with maintainers; [ azahi ]; + license = lib.licenses.mit; + maintainers = [ lib.maintainers.azahi ]; }; } diff --git a/packages/lampray.nix b/packages/lampray.nix index e9caa13..527c4b5 100644 --- a/packages/lampray.nix +++ b/packages/lampray.nix @@ -53,10 +53,10 @@ stdenv.mkDerivation { runHook postInstall ''; - meta = with lib; { + meta = { description = "Mod manager for gaming on Linux"; homepage = "https://github.com/CHollingworth/Lampray"; - license = with licenses; [ + license = with lib.licenses; [ unlicense mpl20 # bit7z mit # json & pugixml @@ -64,8 +64,8 @@ stdenv.mkDerivation { gpl2Only # l4z ]; platforms = [ "x86_64-linux" ]; - maintainers = with maintainers; [ azahi ]; - sourceProvenance = with sourceTypes; [ binaryNativeCode ]; + maintainers = [ lib.maintainers.azahi ]; + sourceProvenance = [ lib.sourceTypes.binaryNativeCode ]; mainProgram = "lampray"; }; } diff --git a/packages/myip.nix b/packages/myip.nix index d40e1fd..4aaa10f 100644 --- a/packages/myip.nix +++ b/packages/myip.nix @@ -13,12 +13,12 @@ writeShellApplication { dig -6 +short @resolver1.opendns.com myip.opendns.com AAAA ''; - meta = with lib; { + meta = { description = "A dumb tool to get host's current public IP"; homepage = "https://git.azahi.cc/nixfiles"; - license = licenses.wtfpl; - platforms = platforms.unix; - maintainers = with maintainers; [ azahi ]; + license = lib.licenses.wtfpl; + platforms = lib.platforms.unix; + maintainers = [ lib.maintainers.azahi ]; mainProgram = "myip"; }; } diff --git a/packages/nixfiles.nix b/packages/nixfiles.nix index 8fdd419..7287afb 100644 --- a/packages/nixfiles.nix +++ b/packages/nixfiles.nix @@ -173,12 +173,12 @@ symlinkJoin { bashCompletion ]; - meta = with lib; { + meta = { description = "A helper utility to manage NixOS configurations with Nix flakes"; homepage = "https://git.azahi.cc/nixfiles"; - license = licenses.wtfpl; - platforms = platforms.unix; - maintainers = with maintainers; [ azahi ]; + license = lib.licenses.wtfpl; + platforms = lib.platforms.unix; + maintainers = [ lib.maintainers.azahi ]; mainProgram = "nixfiles"; }; } diff --git a/packages/openssl_1_0_0.nix b/packages/openssl_1_0_0.nix index 8db3b39..c8b4b06 100644 --- a/packages/openssl_1_0_0.nix +++ b/packages/openssl_1_0_0.nix @@ -29,12 +29,12 @@ stdenvNoCC.mkDerivation (finalAttrs: { runHook postInstall ''; - meta = with lib; { + meta = { description = "Ancient OpenSSL version that some GOG games require"; homepage = "https://downloads.dotslashplay.it/resources/openssl"; - license = licenses.asl20; + license = lib.licenses.asl20; platforms = [ "x86_64-linux" ]; - sourceProvenance = with lib.sourceTypes; [ binaryBytecode ]; - maintainers = with maintainers; [ azahi ]; + sourceProvenance = [ lib.sourceTypes.binaryBytecode ]; + maintainers = [ lib.maintainers.azahi ]; }; }) diff --git a/topology.nix b/topology.nix index a9d1501..d039d38 100644 --- a/topology.nix +++ b/topology.nix @@ -4,19 +4,19 @@ pkgs, ... }: -with lib; import inputs.nix-topology { inherit pkgs; modules = [ { - nixosConfigurations = filterAttrs ( - n: _: !(hasPrefix "test" n) && !(hasPrefix "iso" n) - ) inputs.self.nixosConfigurations; + nixosConfigurations = + inputs.self.nixosConfigurations + |> lib.filterAttrs (n: _: !(lib.hasPrefix "test" n) && !(lib.hasPrefix "iso" n)); } (_: { - nodes = mapAttrs (_: v: { inherit (v) deviceIcon; }) ( - filterAttrs (_: v: !v.isOther) my.configurations - ); + nodes = + lib.my.configurations + |> lib.filterAttrs (_: v: !v.isOther) + |> lib.mapAttrs (_: v: { inherit (v) deviceIcon; }); }) ]; } |