diff options
35 files changed, 518 insertions, 444 deletions
diff --git a/configurations/manwe/mailserver.nix b/configurations/manwe/mailserver.nix index 83713f9..966c21c 100644 --- a/configurations/manwe/mailserver.nix +++ b/configurations/manwe/mailserver.nix @@ -7,90 +7,90 @@ with lib; { imports = [inputs.simple-nixos-mailserver.nixosModule]; - config = { - secrets = { - dkim-key-azahi-cc = { - file = "${inputs.self}/secrets/dkim-key-azahi-cc"; - path = "/var/dkim/${my.domain.azahi}.${config.mailserver.dkimSelector}.key"; - owner = "opendkim"; - group = "opendkim"; - }; - dkim-key-rohan-net = { - file = "${inputs.self}/secrets/dkim-key-rohan-net"; - path = "/var/dkim/${my.domain.rohan}.${config.mailserver.dkimSelector}.key"; - owner = "opendkim"; - group = "opendkim"; - }; - dkim-key-gondor-net = { - file = "${inputs.self}/secrets/dkim-key-gondor-net"; - path = "/var/dkim/${my.domain.gondor}.${config.mailserver.dkimSelector}.key"; - owner = "opendkim"; - group = "opendkim"; - }; - dkim-key-shire-me = { - file = "${inputs.self}/secrets/dkim-key-shire-me"; - path = "/var/dkim/${my.domain.shire}.${config.mailserver.dkimSelector}.key"; - owner = "opendkim"; - group = "opendkim"; - }; + secrets = { + dkim-key-azahi-cc = { + file = "${inputs.self}/secrets/dkim-key-azahi-cc"; + path = "/var/dkim/${my.domain.azahi}.${config.mailserver.dkimSelector}.key"; + owner = "opendkim"; + group = "opendkim"; + }; + dkim-key-rohan-net = { + file = "${inputs.self}/secrets/dkim-key-rohan-net"; + path = "/var/dkim/${my.domain.rohan}.${config.mailserver.dkimSelector}.key"; + owner = "opendkim"; + group = "opendkim"; + }; + dkim-key-gondor-net = { + file = "${inputs.self}/secrets/dkim-key-gondor-net"; + path = "/var/dkim/${my.domain.gondor}.${config.mailserver.dkimSelector}.key"; + owner = "opendkim"; + group = "opendkim"; + }; + dkim-key-shire-me = { + file = "${inputs.self}/secrets/dkim-key-shire-me"; + path = "/var/dkim/${my.domain.shire}.${config.mailserver.dkimSelector}.key"; + owner = "opendkim"; + group = "opendkim"; }; + }; - nixfiles.modules.acme.enable = true; + nixfiles.modules.acme.enable = true; - mailserver = let - cert = config.certs.${my.domain.shire}; - in { - enable = true; + mailserver = let + cert = config.certs.${my.domain.shire}; + in { + enable = true; - fqdn = config.networking.domain; - domains = with my.domain; [azahi gondor rohan shire]; + fqdn = config.networking.domain; + domains = with my.domain; [azahi gondor rohan shire]; - localDnsResolver = false; + localDnsResolver = false; - certificateScheme = 1; - certificateFile = "${cert.directory}/fullchain.pem"; - keyFile = "${cert.directory}/key.pem"; + certificateScheme = 1; + certificateFile = "${cert.directory}/fullchain.pem"; + keyFile = "${cert.directory}/key.pem"; - lmtpSaveToDetailMailbox = "no"; + lmtpSaveToDetailMailbox = "no"; - loginAccounts = with my.domain; { - "azahi@${shire}" = { - hashedPassword = "@HASHED_PASSWORD@"; - aliases = [ - "@${azahi}" - "@${rohan}" - "@${gondor}" - "abuse@${shire}" - "admin@${shire}" - "ceo@${shire}" - "postmaster@${shire}" - ]; - }; - "samwise@${shire}" = { - hashedPassword = "@HASHED_PASSWORD@"; - aliases = ["chad@${shire}"]; - quota = "1G"; - }; - "pippin@${shire}" = { - hashedPassword = "@HASHED_PASSWORD@"; - quota = "1G"; - }; - "meriadoc@${shire}" = { - hashedPassword = "@HASHED_PASSWORD@"; - quota = "1G"; - }; + loginAccounts = with my.domain; { + "azahi@${shire}" = { + hashedPassword = "@HASHED_PASSWORD@"; + aliases = [ + "@${azahi}" + "@${rohan}" + "@${gondor}" + "abuse@${shire}" + "admin@${shire}" + "ceo@${shire}" + "postmaster@${shire}" + ]; + }; + "samwise@${shire}" = { + hashedPassword = "@HASHED_PASSWORD@"; + aliases = ["chad@${shire}"]; + quota = "1G"; + }; + "pippin@${shire}" = { + hashedPassword = "@HASHED_PASSWORD@"; + quota = "1G"; + }; + "meriadoc@${shire}" = { + hashedPassword = "@HASHED_PASSWORD@"; + quota = "1G"; }; }; + }; - services.fail2ban.jails = { - dovecot = '' - enabled = true - mode = aggressive - ''; - postfix = '' - enabled = true - mode = aggressive - ''; - }; + services.fail2ban.jails = { + dovecot = '' + enabled = true + mode = aggressive + ''; + postfix = '' + enabled = true + mode = aggressive + ''; }; + + system.extraDependencies = [inputs.simple-nixos-mailserver]; } diff --git a/configurations/manwe/webserver.nix b/configurations/manwe/webserver.nix index dde3e63..e1ee425 100644 --- a/configurations/manwe/webserver.nix +++ b/configurations/manwe/webserver.nix @@ -4,7 +4,7 @@ ... }: with lib; { - config.nixfiles.modules.nginx.virtualHosts = with my.domain; + nixfiles.modules.nginx.virtualHosts = with my.domain; { ${shire}.locations."/".return = "301 https://www.youtube.com/watch?v=dQw4w9WgXcQ"; "git.${shire}".locations."/".return = "301 https://git.${azahi}"; @@ -20,4 +20,6 @@ with lib; { ${gondor}.locations."/".return = concatStrings [frodo gondor]; ${rohan}.locations."/".return = concatStrings [frodo rohan]; }); + + system.extraDependencies = [inputs.azahi-cc]; } diff --git a/configurations/melian/default.nix b/configurations/melian/default.nix index 3ef0e46..bfdc42e 100644 --- a/configurations/melian/default.nix +++ b/configurations/melian/default.nix @@ -1,4 +1,5 @@ { + config, lib, pkgs, ... @@ -14,6 +15,7 @@ with lib; { syncthing.enable = true; + android.enable = true; beets.enable = true; bluetooth.enable = true; libvirtd.enable = true; @@ -29,6 +31,68 @@ with lib; { wlan0.useDHCP = true; }; + networkmanager = { + enable = true; + wifi.backend = "iwd"; + + # Spent three days trying to make this work but still getting "No SSO + # handler" even on the HEAD version that 100% has SSO support baked in. + # It's all so tiresome[1]... aaand KDE is not supported[2]. + # + # I fucking hate AnyConnect, truly an example of how shit is is non-free + # software. SAML also sucks balls. I also hate my company for using this + # shit, guess I have no other choice but to use the absolute dogshit + # Ubuntu laptop they gave me. + # + # [1]: https://gitlab.gnome.org/GNOME/NetworkManager-openconnect + # [1]: https://gitlab.com/openconnect/openconnect/-/issues/424 + # [2]: https://groups.google.com/g/linux.debian.bugs.dist/c/lK8u-LMY7n4 + # [2]: https://bugs.kde.org/show_bug.cgi?id=448153 + # + # plugins = with pkgs; [ + # ((networkmanager-openconnect.override { + # withGnome = false; + # openconnect = openconnect.overrideAttrs (_: super: { + # version = "unstable-2022-10-23"; + # src = fetchFromGitLab { + # owner = "openconnect"; + # repo = "openconnect"; + # rev = "acdfc753f7885b2a539f99036ac41ba1b78cc7ae"; + # hash = "sha256-ub+Z4WFD77h5YMQTb+TLc7EyY2KjBWglF1QVTirCHJM="; + # }; + # }); + # }).overrideAttrs (_: super: { + # version = "unstable-2022-09-10"; + # src = fetchFromGitLab { + # domain = "gitlab.gnome.org"; + # owner = "GNOME"; + # repo = "NetworkManager-openconnect"; + # rev = "3c1590786518e9acca33c250660ad21cae565acd"; + # hash = "sha256-YTUN46QHsHkXPAhImPG/MMLMqjlSRknapVO8u43nnWk="; + # }; + # buildInputs = super.buildInputs ++ [ + # (webkitgtk_4_1.override { + # libsoup = gnome.libsoup; + # }) + # ]; + # nativeBuildInputs = super.nativeBuildInputs ++ [ + # autoreconfHook + # ]; + # postPatch = '' + # substituteInPlace configure.ac \ + # --replace "PKG_CHECK_MODULES(LIBSECRET, libsecret-1 >= 0.18)" "" + # ''; + # preAutoreconf = '' + # autoupdate + # ''; + # preConfigure = '' + # NOCONFIGURE=x ./autogen.sh + # touch gtk4/nm-openconnect-dialog.ui + # ''; + # })) + # ]; + }; + wireless = { enable = false; iwd.enable = true; @@ -59,23 +123,27 @@ with lib; { powerUpCommands = "${modprobe} xhci_pci"; }; - services.thinkfan = { - enable = true; - - settings = { - sensors = [ - { - hwmon = "/sys/class/hwmon"; - name = "coretemp"; - indices = [1]; - } - ]; - fans = [{tpacpi = "/proc/acpi/ibm/fan";}]; - levels = [ - ["level auto" 0 50] - ["level disengaged" 50 32767] - ]; + services = { + thinkfan = { + enable = true; + + settings = { + sensors = [ + { + hwmon = "/sys/class/hwmon"; + name = "coretemp"; + indices = [1]; + } + ]; + fans = [{tpacpi = "/proc/acpi/ibm/fan";}]; + levels = [ + ["level auto" 0 50] + ["level disengaged" 50 32767] + ]; + }; }; + + fwupd.enable = true; }; boot = { @@ -280,11 +280,11 @@ "azahi-cc": { "flake": false, "locked": { - "lastModified": 1663794131, - "narHash": "sha256-HPgP6ay74LsG0nEERVmbl3l2kBTVqTtzvUyJYQIzJMI=", + "lastModified": 1667813970, + "narHash": "sha256-gQG7yukKNbc1OIdi/Uh+/EyKtFfB0AMqCaqmWFJnqkc=", "ref": "master", - "rev": "8179ba2c314bca033e40c117e0fa2d3736be9508", - "revCount": 13, + "rev": "3ee6367deea23cc59c73bc031367be0267b9d7c2", + "revCount": 14, "type": "git", "url": "https://git.azahi.cc/azahi-cc" }, @@ -337,17 +337,17 @@ "doom-emacs": { "flake": false, "locked": { - "lastModified": 1660901074, - "narHash": "sha256-3apl0eQlfBj3y0gDdoPp2M6PXYnhxs0QWOHp8B8A9sc=", + "lastModified": 1662497747, + "narHash": "sha256-4n7E1fqda7cn5/F2jTkOnKw1juG6XMS/FI9gqODL3aU=", "owner": "doomemacs", "repo": "doomemacs", - "rev": "c44bc81a05f3758ceaa28921dd9c830b9c571e61", + "rev": "3853dff5e11655e858d0bfae64b70cb12ef685ac", "type": "github" }, "original": { "owner": "doomemacs", - "ref": "master", "repo": "doomemacs", + "rev": "3853dff5e11655e858d0bfae64b70cb12ef685ac", "type": "github" } }, @@ -377,11 +377,11 @@ ] }, "locked": { - "lastModified": 1666641778, - "narHash": "sha256-C5EHT/gi7FtEiPnKDUT2GK0/v46xXMIY8FgNsOHHCS0=", + "lastModified": 1667882772, + "narHash": "sha256-hoVW9/xcfZTsKn++nGYwEMgBLfh+iq7i8+eEcAhOxy0=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "58d63216b84f9399db23048c537ee7c5d1842524", + "rev": "f04cb6f6724ba4568a7f6dae0863e507477667b7", "type": "github" }, "original": { @@ -499,7 +499,6 @@ }, "original": { "owner": "edolstra", - "ref": "master", "repo": "flake-compat", "type": "github" } @@ -523,11 +522,11 @@ }, "flake-utils": { "locked": { - "lastModified": 1659877975, - "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", "owner": "numtide", "repo": "flake-utils", - "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", "type": "github" }, "original": { @@ -537,27 +536,6 @@ "type": "github" } }, - "flake-utils-plus": { - "inputs": { - "flake-utils": [ - "flake-utils" - ] - }, - "locked": { - "lastModified": 1657226504, - "narHash": "sha256-GIYNjuq4mJlFgqKsZ+YrgzWm0IpA4axA3MCrdKYj7gs=", - "owner": "gytis-ivaskevicius", - "repo": "flake-utils-plus", - "rev": "2bf0f91643c2e5ae38c1b26893ac2927ac9bd82a", - "type": "github" - }, - "original": { - "owner": "gytis-ivaskevicius", - "ref": "master", - "repo": "flake-utils-plus", - "type": "github" - } - }, "format-all": { "flake": false, "locked": { @@ -585,11 +563,11 @@ ] }, "locked": { - "lastModified": 1666558342, - "narHash": "sha256-qiH0Zgig28yaSyebehrrYiX1y53Y/xFcQW+EFMRSVI0=", + "lastModified": 1667898954, + "narHash": "sha256-VqHVeoxcOl9M6yQ+LV3yTWMb0h5Rl5yixn9PCY/MJJo=", "owner": "nix-community", "repo": "home-manager", - "rev": "186d9399f9eb64fb06ea4385732c1cf1624ae2b6", + "rev": "d20e3d070c78271356a2d5d73c01f1de94586087", "type": "github" }, "original": { @@ -599,22 +577,6 @@ "type": "github" } }, - "libnbtplusplus": { - "flake": false, - "locked": { - "lastModified": 1650031308, - "narHash": "sha256-TvVOjkUobYJD9itQYueELJX3wmecvEdCbJ0FinW2mL4=", - "owner": "PolyMC", - "repo": "libnbtplusplus", - "rev": "2203af7eeb48c45398139b583615134efd8d407f", - "type": "github" - }, - "original": { - "owner": "PolyMC", - "repo": "libnbtplusplus", - "type": "github" - } - }, "master": { "flake": false, "locked": { @@ -644,9 +606,7 @@ "evil-org-mode": "evil-org-mode", "evil-quick-diff": "evil-quick-diff", "explain-pause-mode": "explain-pause-mode", - "flake-compat": [ - "flake-compat" - ], + "flake-compat": "flake-compat", "flake-utils": [ "flake-utils" ], @@ -668,11 +628,11 @@ "ws-butler": "ws-butler" }, "locked": { - "lastModified": 1666606461, - "narHash": "sha256-YNbI/dDtrzkSqJ2hi7UFbwmBRasHVE28n8IOgwhh4FA=", + "lastModified": 1667731647, + "narHash": "sha256-E/Y5yxX8u0RlLt07PJoQ+QAYMbbL19WayLU/SJDtnMw=", "owner": "nix-community", "repo": "nix-doom-emacs", - "rev": "4ae03d1dc2d8bf6daeda4f28be793ed2b82147bd", + "rev": "c38ccd08345f58001cac2c2578e71d3f29b59bc0", "type": "github" }, "original": { @@ -682,38 +642,14 @@ "type": "github" } }, - "nix-minecraft-servers": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ], - "utils": [ - "flake-utils-plus" - ] - }, - "locked": { - "lastModified": 1666577326, - "narHash": "sha256-wvHTJ+0UBEysXE+TiQOG6oaZEcwC9IQeBwW/8aGS7OE=", - "owner": "jyooru", - "repo": "nix-minecraft-servers", - "rev": "12013698438fc2a68cc5b15a67b778b3a7c7d393", - "type": "github" - }, - "original": { - "owner": "jyooru", - "ref": "main", - "repo": "nix-minecraft-servers", - "type": "github" - } - }, "nix-straight": { "flake": false, "locked": { - "lastModified": 1656684255, - "narHash": "sha256-ZefQiv4Ipu2VkLjs1oyelTLU7kBVJgkcQd+yBpJU0yo=", + "lastModified": 1666982610, + "narHash": "sha256-xjgIrmUsekVTE+MpZb5DMU8DQf9DJ/ZiR0o30L9/XCc=", "owner": "nix-community", "repo": "nix-straight.el", - "rev": "fb8dd5c44cde70abd13380766e40af7a63888942", + "rev": "ad10364d64f472c904115fd38d194efe1c3f1226", "type": "github" }, "original": { @@ -724,11 +660,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1665987993, - "narHash": "sha256-MvlaIYTRiqefG4dzI5p6vVCfl+9V8A1cPniUjcn6Ngc=", + "lastModified": 1667768008, + "narHash": "sha256-PGbX0s2hhXGnZDFVE6UIhPSOf5YegpWs5dUXpT/14F0=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "0e6593630071440eb89cd97a52921497482b22c6", + "rev": "f6483e0def85efb9c1e884efbaff45a5e7aabb34", "type": "github" }, "original": { @@ -740,11 +676,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1666603677, - "narHash": "sha256-apAEIj+z1iwMaMJ4tB21r/VTetfGDLDzuhXRHJknIAU=", + "lastModified": 1667758139, + "narHash": "sha256-CbDAP6wttlaVs9s4DPZlJ5Wf6Ozz9lX7SdJVtFA8cAo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "074da18a72269cc5a6cf444dce42daea5649b2fe", + "rev": "8993cc730d11148ef59e84a8f15f94f688e1bfd1", "type": "github" }, "original": { @@ -756,11 +692,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1666646783, - "narHash": "sha256-ywmovc9Fr3S0Ka+ljaKTkSN+8NXvblOG/UDkZbkD/cc=", + "lastModified": 1667897130, + "narHash": "sha256-s8gf6ysK3q6GigxUgaLp1NPH12Tz74ycAb8arlDFNVE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f6f42f3fcf4af3706461b902177b9caeb6aabfca", + "rev": "12ac168cc776030ada752deb43da8cc751074748", "type": "github" }, "original": { @@ -772,11 +708,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1666610816, - "narHash": "sha256-q4F2VNe5bpxXOvp16DyLwE1SgNZMbNO29ZQJPIomedg=", + "lastModified": 1667896688, + "narHash": "sha256-gB30K2usfzeWZ9VsP92NmAGr/mEZ1IJ0Hkpq587ZzCY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6107f97012a0c134c5848125b5aa1b149b76d2c9", + "rev": "67bcb74195474ebdd667c7844fcfe649e8a1ff32", "type": "github" }, "original": { @@ -806,11 +742,11 @@ "nmap-vulscan": { "flake": false, "locked": { - "lastModified": 1646989909, - "narHash": "sha256-hV9gCEQwoA2l7eg2pKFmZeUdPkzeF9tnWTswgw0P4A8=", + "lastModified": 1667425422, + "narHash": "sha256-NqRDzajxQilkvqfgRCjtplpSu4Q0fun0W3+IaK1aYWc=", "owner": "scipag", "repo": "vulscan", - "rev": "64bd0049894431d81517801c42b8585f9064a043", + "rev": "a89e5b1372dfb2c07b37907537ac10a576532adf", "type": "github" }, "original": { @@ -838,11 +774,11 @@ }, "nur": { "locked": { - "lastModified": 1666640642, - "narHash": "sha256-jMqV8vRro+F2Y6ge2caf3h6ZitKH/IiYLH3Wzd6rm6Q=", + "lastModified": 1667890820, + "narHash": "sha256-pGp7GQdMM2xGR/v72v6+d3PeZ5UxnIxsZL9lXfHCJhY=", "owner": "nix-community", "repo": "NUR", - "rev": "17e3882babed0b965175b5c1f144bc3e052b8404", + "rev": "744f97297a0eb816aa5c272c4bc795eb4a4f3523", "type": "github" }, "original": { @@ -871,11 +807,11 @@ "org": { "flake": false, "locked": { - "lastModified": 1666258795, - "narHash": "sha256-k2FbWk4OJKZbih3pTvJYxkaXuauWsuaXXthV54UFqCM=", + "lastModified": 1666586252, + "narHash": "sha256-cwYEMnsv8kreTPKslM2yz59I4zm331w4WU4OHGzcslc=", "owner": "emacs-straight", "repo": "org-mode", - "rev": "98cae03b7d9a612334d5ea461e73ac0b37b0285d", + "rev": "48b237d9e21a4edf528d4bd1ed99d1f3757e4931", "type": "github" }, "original": { @@ -932,31 +868,6 @@ "type": "github" } }, - "pollymc": { - "inputs": { - "flake-compat": [ - "flake-compat" - ], - "libnbtplusplus": "libnbtplusplus", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1662670318, - "narHash": "sha256-SZdKI85G+Aa9Oz3FgZydpKfAjyG3ZcF4ZE0jv2pG6wE=", - "owner": "fn2006", - "repo": "PollyMC", - "rev": "d2a9dd88db564cf31b600ef2828d7636bffdcb52", - "type": "github" - }, - "original": { - "owner": "fn2006", - "ref": "1.4.2", - "repo": "PollyMC", - "type": "github" - } - }, "pre-commit-hooks": { "inputs": { "flake-utils": [ @@ -967,11 +878,11 @@ ] }, "locked": { - "lastModified": 1666604592, - "narHash": "sha256-Bxy7xeVAwC0yxFaeYZM7N9Us/ebxpMC9TCceKEFeay4=", + "lastModified": 1667760143, + "narHash": "sha256-+X5CyeNEKp41bY/I1AJgW/fn69q5cLJ1bgiaMMCKB3M=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "1b436f36e2812c589e6d830e3223059ea9661100", + "rev": "06f48d63d473516ce5b8abe70d15be96a0147fcd", "type": "github" }, "original": { @@ -1004,13 +915,10 @@ "azahi-cc": "azahi-cc", "dns-nix": "dns-nix", "emacs-overlay": "emacs-overlay", - "flake-compat": "flake-compat", "flake-registry": "flake-registry", "flake-utils": "flake-utils", - "flake-utils-plus": "flake-utils-plus", "home-manager": "home-manager", "nix-doom-emacs": "nix-doom-emacs", - "nix-minecraft-servers": "nix-minecraft-servers", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", "nixpkgs-master": "nixpkgs-master", @@ -1018,7 +926,6 @@ "nmap-vulners": "nmap-vulners", "nmap-vulscan": "nmap-vulscan", "nur": "nur", - "pollymc": "pollymc", "pre-commit-hooks": "pre-commit-hooks", "simple-nixos-mailserver": "simple-nixos-mailserver", "xmonad-ng": "xmonad-ng" @@ -84,33 +84,43 @@ ref = "master"; inputs = { emacs-overlay.follows = "emacs-overlay"; - flake-compat.follows = "flake-compat"; flake-utils.follows = "flake-utils"; nixpkgs.follows = "nixpkgs"; }; }; - nix-minecraft-servers = { - type = "github"; - owner = "jyooru"; - repo = "nix-minecraft-servers"; - ref = "main"; - inputs = { - nixpkgs.follows = "nixpkgs"; - utils.follows = "flake-utils-plus"; - }; - }; + # nil = { + # type = "github"; + # owner = "oxalica"; + # repo = "nil"; + # ref = "main"; + # inputs = { + # flake-utils.follows = "flake-utils"; + # nixpkgs.follows = "nixpkgs"; + # }; + # }; - pollymc = { - type = "github"; - owner = "fn2006"; - repo = "PollyMC"; - ref = "1.4.2"; - inputs = { - flake-compat.follows = "flake-compat"; - nixpkgs.follows = "nixpkgs"; - }; - }; + # nix-minecraft-servers = { + # type = "github"; + # owner = "jyooru"; + # repo = "nix-minecraft-servers"; + # ref = "main"; + # inputs = { + # nixpkgs.follows = "nixpkgs"; + # utils.inputs.flake-utils.follows = "flake-utils"; + # }; + # }; + + # pollymc = { + # type = "github"; + # owner = "fn2006"; + # repo = "PollyMC"; + # ref = "5.1"; + # inputs = { + # flake-compat.follows = "flake-compat"; + # nixpkgs.follows = "nixpkgs"; + # }; + # }; dns-nix = { type = "github"; @@ -210,25 +220,25 @@ flake = false; }; - # NOTE These inputs are used indirectly by other inputs. These are declared - # explicitly because nested follows are broken[1]. + # NOTE These inputs are used indirectly. They are declared explicitly here + # because nested follows is not yet release in a stable version of nix[1]. # # [1]: https://github.com/NixOS/nix/issues/5790 # [1]: https://github.com/NixOS/nix/pull/6621 - flake-utils-plus = { - type = "github"; - owner = "gytis-ivaskevicius"; - repo = "flake-utils-plus"; - ref = "master"; - inputs.flake-utils.follows = "flake-utils"; - }; - flake-compat = { - type = "github"; - owner = "edolstra"; - repo = "flake-compat"; - ref = "master"; - flake = false; - }; + # flake-utils-plus = { + # type = "github"; + # owner = "gytis-ivaskevicius"; + # repo = "flake-utils-plus"; + # ref = "master"; + # inputs.flake-utils.follows = "flake-utils"; + # }; + # flake-compat = { + # type = "github"; + # owner = "edolstra"; + # repo = "flake-compat"; + # ref = "master"; + # flake = false; + # }; }; outputs = inputs: diff --git a/modules/nixfiles/alertmanager.nix b/modules/nixfiles/alertmanager.nix index e6564fb..871b0c4 100644 --- a/modules/nixfiles/alertmanager.nix +++ b/modules/nixfiles/alertmanager.nix @@ -26,8 +26,8 @@ in { nixfiles.modules.nginx = with cfg; { enable = true; upstreams.alertmanager.servers."127.0.0.1:${toString cfg.port}" = {}; - virtualHosts.${cfg.domain}.locations."/" = { - proxyPass = "http://alertmanager"; + virtualHosts.${cfg.domain} = { + locations."/".proxyPass = "http://alertmanager"; extraConfig = nginxInternalOnly; }; }; diff --git a/modules/nixfiles/aria2.nix b/modules/nixfiles/aria2.nix index a9b5d42..9e72176 100644 --- a/modules/nixfiles/aria2.nix +++ b/modules/nixfiles/aria2.nix @@ -11,37 +11,26 @@ in { mkEnableOption "aria2"; config = mkIf cfg.enable { - hm = { - programs.aria2 = { - enable = true; + hm.programs.aria2 = { + enable = true; - settings = { - bt-max-peers = 128; - bt-save-metadata = true; - continue = true; - enable-dht = true; - enable-peer-exchange = true; - enable-rpc = false; - follow-torrent = true; - log-level = "info"; - max-connection-per-server = 16; - max-overall-upload-limit = "1K"; - max-tries = 5; - max-upload-limit = "1K"; - seed-ratio = 0.1; - seed-time = 0.1; - stream-piece-selector = "default"; - timeout = 60; - }; - }; - - xdg.desktopEntries.aria2c = { - name = "aria2"; - genericName = "Download Manager"; - exec = "${pkgs.aria2}/bin/aria2c"; - terminal = true; - categories = ["Application" "Network"]; - mimeType = ["application/x-bittorrent" "x-scheme-handler/magnet"]; + settings = { + bt-max-peers = 128; + bt-save-metadata = true; + continue = true; + enable-dht = true; + enable-peer-exchange = true; + enable-rpc = false; + follow-torrent = true; + log-level = "info"; + max-connection-per-server = 16; + max-overall-upload-limit = "1K"; + max-tries = 5; + max-upload-limit = "1K"; + seed-ratio = 0.1; + seed-time = 0.1; + stream-piece-selector = "default"; + timeout = 60; }; }; }; diff --git a/modules/nixfiles/beets.nix b/modules/nixfiles/beets.nix index 6b1e227..83cbff1 100644 --- a/modules/nixfiles/beets.nix +++ b/modules/nixfiles/beets.nix @@ -11,7 +11,7 @@ in { config = mkIf cfg.enable { hm = let - beetsdir = "${config.hm.xdg.dataHome}/beets"; + beetsdir = "${config.dirs.data}/beets"; in { home.sessionVariables.BEETSDIR = beetsdir; diff --git a/modules/nixfiles/common/networking.nix b/modules/nixfiles/common/networking.nix index 3085797..8512d78 100644 --- a/modules/nixfiles/common/networking.nix +++ b/modules/nixfiles/common/networking.nix @@ -13,56 +13,66 @@ with lib; { ''; # TODO Support multiple interfaces and IP addresses. - networking = let - interface = "eth0"; # This assumes `usePredictableInterfaceNames` is false. - in { - domain = my.domain.shire; + networking = mkMerge [ + { + domain = my.domain.shire; - hostName = this.hostname; - hostId = substring 0 8 (builtins.hashString "md5" this.hostname); + hostName = this.hostname; + hostId = substring 0 8 (builtins.hashString "md5" this.hostname); - nameservers = mkDefault dns.const.quad9.default; + # Remove default hostname mappings. This is required at least by the current + # implementation of the montoring module. + hosts = { + "127.0.0.2" = mkForce []; + "::1" = mkForce []; + }; - useDHCP = false; + nameservers = mkDefault dns.const.quad9.default; - # This could potentially break something. - usePredictableInterfaceNames = false; - interfaces.${interface} = { - ipv4.addresses = with this.ipv4; - optional (isString address && isInt prefixLength) { - inherit address prefixLength; - }; + useDHCP = false; - ipv6.addresses = with this.ipv6; - optional (isString address && isInt prefixLength) { - inherit address prefixLength; - }; - }; - defaultGateway = with this.ipv4; - mkIf (isString gatewayAddress) { - inherit interface; - address = gatewayAddress; - }; - defaultGateway6 = with this.ipv6; - mkIf (isString gatewayAddress) { - inherit interface; - address = gatewayAddress; - }; + firewall = { + enable = true; - firewall = { - enable = true; + rejectPackets = false; - rejectPackets = false; + allowPing = true; + pingLimit = "--limit 1/minute --limit-burst 5"; - allowPing = true; - pingLimit = "--limit 1/minute --limit-burst 5"; + logRefusedConnections = false; + logRefusedPackets = false; + logRefusedUnicastsOnly = false; + logReversePathDrops = false; + }; + } + (let + interface = "eth0"; # This assumes `usePredictableInterfaceNames` is false. + in + mkIf (hasAttr "ipv4" this && hasAttr "ipv6" this) { + usePredictableInterfaceNames = false; # NOTE This can break something! + interfaces.${interface} = { + ipv4.addresses = with this.ipv4; + optional (isString address && isInt prefixLength) { + inherit address prefixLength; + }; - logRefusedConnections = false; - logRefusedPackets = false; - logRefusedUnicastsOnly = false; - logReversePathDrops = false; - }; - }; + ipv6.addresses = with this.ipv6; + optional (isString address && isInt prefixLength) { + inherit address prefixLength; + }; + }; + defaultGateway = with this.ipv4; + mkIf (isString gatewayAddress) { + inherit interface; + address = gatewayAddress; + }; + defaultGateway6 = with this.ipv6; + mkIf (isString gatewayAddress) { + inherit interface; + address = gatewayAddress; + }; + }) + ]; environment = { systemPackages = with pkgs; [myip]; diff --git a/modules/nixfiles/common/nix/default.nix b/modules/nixfiles/common/nix/default.nix index 47cd5c1..f6c75ba 100644 --- a/modules/nixfiles/common/nix/default.nix +++ b/modules/nixfiles/common/nix/default.nix @@ -98,14 +98,6 @@ with lib; { alejandra = super.alejandra.overrideAttrs (_: _: { patches = [./patches/alejandra-no-ads.patch]; }); - - # https://github.com/NixOS/nixpkgs/pull/192671 - # inherit - # (pkgsPR - # "192671" - # "sha256-BdmWzoR+l7f7aV2oTmA8kfm63Y9UZFHABni8xRgkK/M=") - # please - # ; } // (with super; let np = nodePackages; @@ -114,6 +106,7 @@ with lib; { css-language-server = np.vscode-css-languageserver-bin; dockerfile-language-server = np.dockerfile-language-server-nodejs; editorconfig = editorconfig-core-c; + go-language-server = gopls; html-language-server = np.vscode-html-languageserver-bin; inherit (np) bash-language-server; inherit (np) vim-language-server; @@ -127,13 +120,24 @@ with lib; { })) agenix.overlay emacs-overlay.overlay - nix-minecraft-servers.overlays.default + # nil.overlays.default + # nix-minecraft-servers.overlays.default nur.overlay - pollymc.overlay + # pollymc.overlay xmonad-ng.overlays.default ]; - system.stateVersion = builtins.readFile "${inputs.nixpkgs}/.version"; + system = { + stateVersion = builtins.readFile "${inputs.nixpkgs}/.version"; + + extraDependencies = with inputs; [ + nixos-hardware + nixpkgs + nixpkgs-master + nixpkgs-stable + nur + ]; + }; environment = { sessionVariables.NIX_SHELL_PRESERVE_PROMPT = "1"; diff --git a/modules/nixfiles/common/shell/default.nix b/modules/nixfiles/common/shell/default.nix index 4e0572f..8ed2e99 100644 --- a/modules/nixfiles/common/shell/default.nix +++ b/modules/nixfiles/common/shell/default.nix @@ -70,7 +70,7 @@ with lib; { super.patches ++ [ (fetchpatch { - url = "https://raw.githubusercontent.com/jarun/advcpmv/master/advcpmv-0.9-9.1.patch"; + url = "https://raw.githubusercontent.com/jarun/advcpmv/ea268d870b475edd5960dcd55d5378abc9705958/advcpmv-0.9-9.1.patch"; hash = "sha256-d+SRT/R4xmfHLAdOr7m4R3WFiW64P5ZH6iqDvErYCyg="; }) ]; diff --git a/modules/nixfiles/emacs/default.nix b/modules/nixfiles/emacs/default.nix index ff0238d..fa72549 100644 --- a/modules/nixfiles/emacs/default.nix +++ b/modules/nixfiles/emacs/default.nix @@ -30,13 +30,13 @@ in { programs.doom-emacs = { enable = true; doomPrivateDir = ./doom; - emacsPackage = pkgs.emacs28; # Package is pinned to avoid surprises. + emacsPackage = pkgs.emacs28; # The package is pinned to avoid surprises. extraPackages = with pkgs; [ mu # :email mu4e ]; extraConfig = let - # NOTE gopls will require a Go executable, which must be provided by - # the project's flake. + # NOTE gopls will require the "go" executable which must be provided + # by the project's flake/shell. extraBins = with pkgs; [ (aspellWithDicts (p: with p; [en ru])) # :checkers (spell +aspell) (python3.withPackages (p: @@ -59,8 +59,8 @@ in { gdb # :tools debugger gnuplot # :lang (org +gnuplot) gnutls # doom! + go-language-server # :lang (go +lsp) gomodifytags # :lang go - gopls # :lang (go +lsp) gore # :lang go gotests # :lang go graphviz # :lang (org +roam2) :lang plantuml @@ -92,6 +92,7 @@ in { shellcheck # :lang sh shfmt # :lang sh :editor format sqlite # :lang (org +roam2) :tools lookup + texlab # lang (tex +lsp) texlive.combined.scheme-full # :lang org tex unzip # :tools debugger wordnet # :tools (lookup +dictionary +offline) @@ -104,7 +105,7 @@ in { zstd # :emacs undo ]; in '' - ;; This will integrate packages, which are required by various modules + ;; This will integrate packages which are required by various modules ;; without polluting the user's profile. (setq exec-path (append exec-path '(${ concatMapStringsSep " " (x: ''"${x}/bin"'') extraBins @@ -145,5 +146,10 @@ in { client.enable = true; }; }; + + system.extraDependencies = with inputs; [ + emacs-overlay + nix-doom-emacs + ]; }; } diff --git a/modules/nixfiles/emacs/doom/config.el b/modules/nixfiles/emacs/doom/config.el index fedd98d..4f2d835 100644 --- a/modules/nixfiles/emacs/doom/config.el +++ b/modules/nixfiles/emacs/doom/config.el @@ -170,6 +170,12 @@ :user "azahi/oftc" :pass nixfiles/irc-bouncer-password-f)) +;; (set-irc-server! "hackint" +;; `(:host "shire.me" +;; :port 6667 +;; :user "azahi/hackint" +;; :pass nixfiles/irc-bouncer-password-f)) + (set-irc-server! "rizon" `(:host "shire.me" :port 6667 diff --git a/modules/nixfiles/firefox/default.nix b/modules/nixfiles/firefox/default.nix index 8642b6f..6f4d327 100644 --- a/modules/nixfiles/firefox/default.nix +++ b/modules/nixfiles/firefox/default.nix @@ -207,7 +207,20 @@ in { }; }; }; - "2000".enable = true; + "2000" = { + enable = true; + "2022" = { + enable = true; + "media.eme.enabled" = { + enable = true; + value = false; + }; + "browser.eme.ui.enabled" = { + enable = true; + value = false; + }; + }; + }; "2400".enable = false; "2600" = { enable = true; @@ -276,5 +289,7 @@ in { }; services.psd.enable = true; + + system.extraDependencies = [inputs.arkenfox-nixos]; }; } diff --git a/modules/nixfiles/firefox/userContent.css b/modules/nixfiles/firefox/userContent.css index 1440c1a..9b2dd4e 100644 --- a/modules/nixfiles/firefox/userContent.css +++ b/modules/nixfiles/firefox/userContent.css @@ -16,22 +16,33 @@ } } -@-moz-document regexp("https?:\/\/(.*.)?gitlab(\..*)?\.(com|org).*") { +@-moz-document regexp("https?://(www)?yandex\.(com|ru)/search/.*") +{ + #search-result-aside, + .RelatedAbove { + display: none !important; + } +} + +@-moz-document regexp("https?://(.*.)?gitlab(\..*)?\.(com|org).*") +{ code { font-family: var(--monospace-font-family) !important; font-size: var(--monospace-font-size) !important; } } -@-moz-document regexp("https?:\/\/(.*\.)?github.com.*") { +@-moz-document regexp("https?://(.*\.)?github.com.*") +{ #org-repo-pin-select-menu, #sponsor-button, - .btn.ml-2.d-none.d-md-block, /* Go to file button */ + .btn.ml-2.d-none.d-md-block, /* "Go to file" button. */ .dropdown-divider, .footer, .octicon.octicon-info, .pt-3.mt-3.d-none.d-md-block, /* Profile achievements. */ .starring-container, + .user-following-container, .user-profile-link, .user-status-circle-badge-container, .user-status-container, @@ -60,13 +71,15 @@ } } -@-moz-document regexp("https?:\/\/github.com/?") { +@-moz-document regexp("https?://github.com/?") +{ .application-main { display: none !important; } } -@-moz-document regexp("https?:\/\/.*(stack(exchange|overflow)|askubuntu|superuser|serverfault)\.com\/questions\/.*") { +@-moz-document regexp("https?://.*(stack(exchange|overflow)|askubuntu|superuser|serverfault)\.com/questions/.*") +{ html, body { --ff-mono: var(--monospace-font-family) !important; @@ -109,7 +122,8 @@ } } -@-moz-document regexp("https?:\/\/kubernetes\.io\/docs\/.*") { +@-moz-document regexp("https?://kubernetes\.io/docs/.*") +{ .announcement, .announcement-main, .d-none { @@ -117,19 +131,22 @@ } } -@-moz-document regexp("https?:\/\/min\.io\/docs\/.*") { +@-moz-document regexp("https?://min\.io/docs/.*") +{ #cookie { display: none !important; } } -@-moz-document regexp("https?:\/\/werf\.io\/documentation\/.*") { +@-moz-document regexp("https?://werf\.io/documentation/.*") +{ .guides-banner { display: none !important; } } -@-moz-document regexp("https?:\/\/habr\.com\/(ru|en)\/(article|company\/.*\/blog|post)\/.*") { +@-moz-document regexp("https?://habr\.com/(ru|en)/(article|company/.*/blog|post)/.*") +{ .Vue-Toastification__container, .tm-article-presenter__footer, .tm-article-presenter__meta, @@ -188,26 +205,30 @@ } } -@-moz-document regexp("https?:\/\/jisho\.org.*") { +@-moz-document regexp("https?://jisho\.org.*") +{ header, footer { display: none !important; } } -@-moz-document regexp("https?:\/\/gog.com.*") { - .galaxy-section-wrapper { +@-moz-document regexp("https?:\/\/gog\.com.*") { + .galaxy-section-wrapper, + footer { display: none !important; } } -@-moz-document regexp("https?:\/\/steamdb\.info.*") { +@-moz-document regexp("https?://steamdb\.info.*") +{ #steamdb-extension-protip { display: none !important; } } -@-moz-document regexp("https?:\/\/\.*\.hh\.ru.*") { +@-moz-document regexp("https?://(.*\.)?hh\.ru.*") +{ .HH-Supernova-Footer, .index-dashboard-applicant__banners, .notification-manager, @@ -217,7 +238,8 @@ } } -@-moz-document regexp("https?:\/\/www\.songsterr\.com.*") { +@-moz-document regexp("https?://www\.songsterr\.com.*") +{ #favorite, #fullscreen, #logo, @@ -229,14 +251,18 @@ #promo, #revisions, #showroom, + #showroom_sidebar, #text-showroom, footer { display: none !important; } } -@-moz-document regexp("https?:\/\/developer\.mozilla\.org.*") { - .main-document-header-container.top-navigation { +@-moz-document regexp("https?://developer\.mozilla\.org.*") +{ + #nav-footer, + .main-document-header-container.top-navigation, + .mdn-cta-container { display: none !important; } @@ -245,7 +271,8 @@ } } -@-moz-document regexp("https?:\/\/(.*\.)?wikipedia\.org\/wiki\/.*") { +@-moz-document regexp("https?://(.*\.)?wikipedia\.org/wiki/.*") +{ #footer, #mp-topbanner, #siteNotice { @@ -253,7 +280,8 @@ } } -@-moz-document regexp("https?:\/\/wikiless\.org\/wiki\/.*") { +@-moz-document regexp("https?://wikiless\.org/wiki/.*") +{ #footer, #mw-navigation, #mw-page-base { diff --git a/modules/nixfiles/games/minecraft.nix b/modules/nixfiles/games/minecraft.nix index e53f9eb..47279f8 100644 --- a/modules/nixfiles/games/minecraft.nix +++ b/modules/nixfiles/games/minecraft.nix @@ -23,6 +23,8 @@ in { config = mkMerge [ (mkIf cfg.client.enable { hm.home.packages = with pkgs; [pollymc]; + + system.extraDependencies = [inputs.pollymc]; }) (mkIf cfg.server.enable { # Configurations, opslist, whitelist and plugins are managed imperatively. @@ -45,6 +47,8 @@ in { # Defined in /var/lib/minecraft/server.properties. networking.firewall.allowedTCPPorts = [55565]; + + system.extraDependencies = [inputs.nix-minecraft-servers]; }) ]; } diff --git a/modules/nixfiles/gotify.nix b/modules/nixfiles/gotify.nix index f21a98d..db47bb4 100644 --- a/modules/nixfiles/gotify.nix +++ b/modules/nixfiles/gotify.nix @@ -24,9 +24,11 @@ in { nginx = { enable = true; upstreams.gotify.servers."127.0.0.1:${toString config.services.gotify.port}" = {}; - virtualHosts.${cfg.domain}.locations."/" = { - proxyPass = "http://gotify"; - proxyWebsockets = true; + virtualHosts.${cfg.domain} = { + locations."/" = { + proxyPass = "http://gotify"; + proxyWebsockets = true; + }; extraConfig = nginxInternalOnly; }; }; diff --git a/modules/nixfiles/grafana.nix b/modules/nixfiles/grafana.nix index b98be13..a614502 100644 --- a/modules/nixfiles/grafana.nix +++ b/modules/nixfiles/grafana.nix @@ -49,9 +49,11 @@ in { nginx = { enable = true; upstreams.grafana.servers."127.0.0.1:${toString cfg.port}" = {}; - virtualHosts.${cfg.domain}.locations."/" = { - proxyPass = "http://grafana"; - proxyWebsockets = true; + virtualHosts.${cfg.domain} = { + locations."/" = { + proxyPass = "http://grafana"; + proxyWebsockets = true; + }; extraConfig = nginxInternalOnly; }; }; diff --git a/modules/nixfiles/ipfs.nix b/modules/nixfiles/ipfs.nix index f998d6d..0ec64e5 100644 --- a/modules/nixfiles/ipfs.nix +++ b/modules/nixfiles/ipfs.nix @@ -157,10 +157,8 @@ in { }; "api.${cfg.domain}" = { # TODO Redirect "/" to "/webui" but keep other endpoints. - locations."/" = { - proxyPass = "http://ipfs_api"; - extraConfig = nginxInternalOnly; - }; + locations."/".proxyPass = "http://ipfs_api"; + extraConfig = nginxInternalOnly; }; }; }; diff --git a/modules/nixfiles/kde.nix b/modules/nixfiles/kde.nix index e22663c..6b20569 100644 --- a/modules/nixfiles/kde.nix +++ b/modules/nixfiles/kde.nix @@ -27,7 +27,12 @@ in { print-manager ]; }; - displayManager.sddm.enable = true; + displayManager = { + sddm.enable = true; + + # NOTE https://github.com/NixOS/nixpkgs/pull/199881 + setupCommands = lib.mkForce ""; + }; }; environment.systemPackages = with pkgs; [pinentry-qt]; diff --git a/modules/nixfiles/loki.nix b/modules/nixfiles/loki.nix index 4d9aab7..1582164 100644 --- a/modules/nixfiles/loki.nix +++ b/modules/nixfiles/loki.nix @@ -27,8 +27,8 @@ in { nixfiles.modules.nginx = with cfg; { enable = true; upstreams.loki.servers."127.0.0.1:${toString cfg.port}" = {}; - virtualHosts.${domain}.locations."/" = { - proxyPass = "http://loki"; + virtualHosts.${domain} = { + locations."/".proxyPass = "http://loki"; extraConfig = nginxInternalOnly; }; }; diff --git a/modules/nixfiles/mpd.nix b/modules/nixfiles/mpd.nix index cc542fe..4b49213 100644 --- a/modules/nixfiles/mpd.nix +++ b/modules/nixfiles/mpd.nix @@ -41,7 +41,7 @@ in { enable = true; settings = rec { - ncmpcpp_directory = "${config.hm.xdg.dataHome}/ncmpcpp"; + ncmpcpp_directory = "${config.dirs.data}/ncmpcpp"; lyrics_directory = "${ncmpcpp_directory}/lyrics"; playlist_disable_highlight_delay = 1; diff --git a/modules/nixfiles/nginx.nix b/modules/nixfiles/nginx.nix index 38fc613..b8ab24d 100644 --- a/modules/nixfiles/nginx.nix +++ b/modules/nixfiles/nginx.nix @@ -43,13 +43,14 @@ in { commonHttpConfig = concatStrings [ '' - add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive"; + add_header X-Robots-Tag "noindex, nofollow, noarchive, nosnippet"; '' (optionalString (hasAttr "wireguard" this) (with config.nixfiles.modules.wireguard; '' geo $internal { default 0; 127.0.0.1/32 1; + ::1/128 1; ${ipv4.subnet} 1; ${ipv6.subnet} 1; } diff --git a/modules/nixfiles/nmap.nix b/modules/nixfiles/nmap.nix index 27a36bb..14ad007 100644 --- a/modules/nixfiles/nmap.nix +++ b/modules/nixfiles/nmap.nix @@ -46,14 +46,19 @@ in { shellAliases = let base = "${pkgs.nmap}/bin/nmap -sV"; in { - nmap-vulscan = "${base} --script=vulscan/vulscan.nse"; nmap-vulners = "${base} --script=vulners/vulners.nse"; + nmap-vulscan = "${base} --script=vulscan/vulscan.nse"; }; initExtra = mkAfter '' - _complete_alias nmap-vulscan _nmap nmap _complete_alias nmap-vulners _nmap nmap + _complete_alias nmap-vulscan _nmap nmap ''; }; }; + + system.extraDependencies = with inputs; [ + nmap-vulners + nmap-vulscan + ]; }; } diff --git a/modules/nixfiles/nsd.nix b/modules/nixfiles/nsd.nix index 0dade8f..f5a7d84 100644 --- a/modules/nixfiles/nsd.nix +++ b/modules/nixfiles/nsd.nix @@ -170,5 +170,7 @@ in { allowedTCPPorts = [53]; allowedUDPPorts = allowedTCPPorts; }; + + system.extraDependencies = [inputs.dns-nix]; }; } diff --git a/modules/nixfiles/profiles/dev/containers.nix b/modules/nixfiles/profiles/dev/containers.nix index c9e82d7..ef41229 100644 --- a/modules/nixfiles/profiles/dev/containers.nix +++ b/modules/nixfiles/profiles/dev/containers.nix @@ -16,26 +16,18 @@ in { config = mkIf cfg.enable { nixfiles.modules.podman.enable = true; - hm = let - minikubeHome = "${config.dirs.data}/minikube"; - in { + hm = { home = { sessionVariables = { - MINIKUBE_HOME = minikubeHome; - MINIKUBE_IN_STYLE = false; - WERF_DEV = true; - WERF_INSECURE_REGISTRY = true; - WERF_LOG_DEBUG = true; - WERF_LOG_PRETTY = false; - WERF_LOG_VERBOSE = true; + MINIKUBE_HOME = "${config.dirs.config}/minikube"; + MINIKUBE_IN_STYLE = "false"; + WERF_DEV = "true"; + WERF_INSECURE_REGISTRY = "true"; + WERF_LOG_DEBUG = "true"; + WERF_LOG_PRETTY = "false"; + WERF_LOG_VERBOSE = "true"; WERF_SYNCHRONIZATION = ":local"; - WERF_TELEMETRY = false; - }; - - file."${minikubeHome}/config/config.json".text = generators.toJSON {} { - config.Rootless = true; - driver = "podman"; - container-runtime = "cri-o"; + WERF_TELEMETRY = "false"; }; packages = with pkgs; [ @@ -56,6 +48,12 @@ in { ]; }; + xdg.dataFile."minikube/config/config.json".text = generators.toJSON {} { + config.Rootless = true; + driver = "podman"; + container-runtime = "cri-o"; + }; + programs.bash = { shellAliases = with pkgs; { b = "${buildah}/bin/buildah"; diff --git a/modules/nixfiles/profiles/headful.nix b/modules/nixfiles/profiles/headful.nix index 0563640..f3355b6 100644 --- a/modules/nixfiles/profiles/headful.nix +++ b/modules/nixfiles/profiles/headful.nix @@ -33,6 +33,18 @@ in { hm = { home.packages = with pkgs; [ + # (openconnect.overrideAttrs (_: super: { + # version = "unstable-2022-10-23"; + # src = pkgs.fetchFromGitLab { + # owner = "openconnect"; + # repo = "openconnect"; + # rev = "acdfc753f7885b2a539f99036ac41ba1b78cc7ae"; + # hash = "sha256-ub+Z4WFD77h5YMQTb+TLc7EyY2KjBWglF1QVTirCHJM="; + # }; + # configureFlags = super.configureFlags ++ [ + # "--with-external-browser=${config.hm.programs.firefox.package}/bin/firefox" + # ]; + # })) calibre fd imv diff --git a/modules/nixfiles/prometheus.nix b/modules/nixfiles/prometheus.nix index 0b0c096..a75c151 100644 --- a/modules/nixfiles/prometheus.nix +++ b/modules/nixfiles/prometheus.nix @@ -26,8 +26,8 @@ in { nixfiles.modules.nginx = with cfg; { enable = true; upstreams.prometheus.servers."127.0.0.1:${toString cfg.port}" = {}; - virtualHosts.${domain}.locations."/" = { - proxyPass = "http://prometheus"; + virtualHosts.${domain} = { + locations."/".proxyPass = "http://prometheus"; extraConfig = nginxInternalOnly; }; }; diff --git a/modules/nixfiles/psd.nix b/modules/nixfiles/psd.nix index e497bcf..77d3c66 100644 --- a/modules/nixfiles/psd.nix +++ b/modules/nixfiles/psd.nix @@ -11,12 +11,12 @@ in { mkEnableOption "Profile Sync Daemon"; config = mkIf cfg.enable { - hm.home = { - file."${config.hm.xdg.configHome}/psd/psd.conf".text = '' + hm = { + home.packages = with pkgs; [profile-sync-daemon]; + + xdg.configFile."psd/psd.conf".text = '' USE_OVERLAYFS="yes" ''; - - packages = with pkgs; [profile-sync-daemon]; }; systemd.user = { diff --git a/modules/nixfiles/radicale.nix b/modules/nixfiles/radicale.nix index 76f6b49..c903d39 100644 --- a/modules/nixfiles/radicale.nix +++ b/modules/nixfiles/radicale.nix @@ -30,8 +30,8 @@ in { nixfiles.modules.nginx = { enable = true; upstreams.radicale.servers."127.0.0.1:${toString port}" = {}; - virtualHosts.${cfg.domain}.locations."/" = { - proxyPass = "http://radicale"; + virtualHosts.${cfg.domain} = { + locations."/".proxyPass = "http://radicale"; extraConfig = nginxInternalOnly; }; }; diff --git a/modules/nixfiles/rss-bridge.nix b/modules/nixfiles/rss-bridge.nix index 42bb7d0..fef1070 100644 --- a/modules/nixfiles/rss-bridge.nix +++ b/modules/nixfiles/rss-bridge.nix @@ -17,14 +17,15 @@ in { }; config = mkIf cfg.enable { - nixfiles.modules.nginx.enable = true; + nixfiles.modules.nginx = { + enable = true; + virtualHosts.${cfg.domain}.extraConfig = nginxInternalOnly; + }; - services = { - rss-bridge = { - enable = true; - virtualHost = cfg.domain; - whitelist = ["LWNprev" "Phoronix"]; - }; + services.rss-bridge = { + enable = true; + virtualHost = cfg.domain; + whitelist = ["*"]; }; }; } diff --git a/modules/nixfiles/rtorrent.nix b/modules/nixfiles/rtorrent.nix index 834e36d..4014a3b 100644 --- a/modules/nixfiles/rtorrent.nix +++ b/modules/nixfiles/rtorrent.nix @@ -220,20 +220,16 @@ in { virtualHosts.${cfg.flood.domain} = { root = "${pkg}/lib/node_modules/flood/dist/assets"; locations = { - "/" = { - tryFiles = "$uri /index.html"; - extraConfig = nginxInternalOnly; - }; + "/".tryFiles = "$uri /index.html"; "/api" = { proxyPass = "http://flood"; - extraConfig = - nginxInternalOnly - + '' - proxy_buffering off; - proxy_cache off; - ''; + extraConfig = '' + proxy_buffering off; + proxy_cache off; + ''; }; }; + extraConfig = nginxInternalOnly; }; }; diff --git a/modules/nixfiles/searx.nix b/modules/nixfiles/searx.nix index 24482cc..9462d5d 100644 --- a/modules/nixfiles/searx.nix +++ b/modules/nixfiles/searx.nix @@ -33,8 +33,8 @@ in { nixfiles.modules.nginx = { enable = true; upstreams.searx.servers."127.0.0.1:${toString cfg.port}" = {}; - virtualHosts.${cfg.domain}.locations."/" = { - proxyPass = "http://searx"; + virtualHosts.${cfg.domain} = { + locations."/".proxyPass = "http://searx"; extraConfig = nginxInternalOnly; }; }; diff --git a/modules/nixfiles/syncthing.nix b/modules/nixfiles/syncthing.nix index ed51e73..b690ab4 100644 --- a/modules/nixfiles/syncthing.nix +++ b/modules/nixfiles/syncthing.nix @@ -119,7 +119,7 @@ in { options = { autoUpgradeIntervalH = 0; crashReportingEnabled = false; - globalAnnounceEnabled = false; # We don't need that with Wireguard. + globalAnnounceEnabled = false; relaysEnabled = false; setLowPriority = this.isHeadless; stunKeepaliveMinS = 0; @@ -135,8 +135,8 @@ in { nixfiles.modules.nginx = { enable = true; upstreams.syncthing.servers.${config.services.syncthing.guiAddress} = {}; - virtualHosts.${cfg.domain}.locations."/" = { - proxyPass = "http://syncthing"; + virtualHosts.${cfg.domain} = { + locations."/".proxyPass = "http://syncthing"; extraConfig = nginxInternalOnly; }; }; diff --git a/modules/nixfiles/xmonad.nix b/modules/nixfiles/xmonad.nix index da005b2..847110e 100644 --- a/modules/nixfiles/xmonad.nix +++ b/modules/nixfiles/xmonad.nix @@ -1,5 +1,6 @@ { config, + inputs, lib, pkgs, ... @@ -23,5 +24,7 @@ in { }; services.xserver.displayManager.startx.enable = true; + + system.extraDependencies = [inputs.xmonad-ng]; }; } |