diff options
Diffstat (limited to 'modules')
-rw-r--r-- | modules/darwin/common/default.nix | 10 | ||||
-rw-r--r-- | modules/darwin/common/home-manager.nix | 3 | ||||
-rw-r--r-- | modules/darwin/common/locale.nix | 7 | ||||
-rw-r--r-- | modules/darwin/common/networking.nix | 10 | ||||
-rw-r--r-- | modules/darwin/common/nix.nix | 21 | ||||
-rw-r--r-- | modules/darwin/common/shell.nix | 3 | ||||
-rw-r--r-- | modules/darwin/common/users.nix | 11 | ||||
-rw-r--r-- | modules/darwin/default.nix | 10 | ||||
-rw-r--r-- | modules/darwin/emacs.nix | 15 | ||||
-rw-r--r-- | modules/darwin/fonts.nix | 12 | ||||
-rw-r--r-- | modules/darwin/gnupg.nix | 15 | ||||
-rw-r--r-- | modules/darwin/homebrew.nix | 23 | ||||
-rw-r--r-- | modules/darwin/profiles/default.nix | 93 | ||||
-rw-r--r-- | modules/darwin/profiles/headful.nix | 19 | ||||
-rw-r--r-- | modules/nixfiles/alacritty.nix | 5 | ||||
-rw-r--r-- | modules/nixfiles/bat.nix | 3 | ||||
-rw-r--r-- | modules/nixfiles/chromium.nix | 2 | ||||
-rw-r--r-- | modules/nixfiles/common/default.nix | 7 | ||||
-rw-r--r-- | modules/nixfiles/common/documentation.nix | 19 | ||||
-rw-r--r-- | modules/nixfiles/common/home-manager.nix | 10 | ||||
-rw-r--r-- | modules/nixfiles/common/locale.nix | 29 | ||||
-rw-r--r-- | modules/nixfiles/common/networking.nix | 101 | ||||
-rw-r--r-- | modules/nixfiles/common/nix/default.nix | 44 | ||||
-rw-r--r-- | modules/nixfiles/common/services.nix | 9 | ||||
-rw-r--r-- | modules/nixfiles/common/shell/default.nix | 152 | ||||
-rw-r--r-- | modules/nixfiles/common/users.nix | 25 | ||||
-rw-r--r-- | modules/nixfiles/default.nix | 49 | ||||
-rw-r--r-- | modules/nixfiles/discord.nix | 22 | ||||
-rw-r--r-- | modules/nixfiles/emacs/default.nix | 26 | ||||
-rw-r--r-- | modules/nixfiles/emacs/doom/init.el | 8 | ||||
-rw-r--r-- | modules/nixfiles/endlessh.nix | 45 | ||||
-rw-r--r-- | modules/nixfiles/firefox/default.nix | 26 | ||||
-rw-r--r-- | modules/nixfiles/firefox/userChrome.css | 5 | ||||
-rw-r--r-- | modules/nixfiles/fonts.nix | 55 | ||||
-rw-r--r-- | modules/nixfiles/git.nix | 287 | ||||
-rw-r--r-- | modules/nixfiles/gnupg.nix | 120 | ||||
-rw-r--r-- | modules/nixfiles/nmap.nix | 5 | ||||
-rw-r--r-- | modules/nixfiles/openssh.nix | 122 | ||||
-rw-r--r-- | modules/nixfiles/password-store.nix | 5 | ||||
-rw-r--r-- | modules/nixfiles/profiles/default.nix | 20 | ||||
-rw-r--r-- | modules/nixfiles/profiles/dev/containers.nix | 12 | ||||
-rw-r--r-- | modules/nixfiles/profiles/dev/default.nix | 19 | ||||
-rw-r--r-- | modules/nixfiles/profiles/dev/sql.nix | 6 | ||||
-rw-r--r-- | modules/nixfiles/profiles/headful.nix | 80 | ||||
-rw-r--r-- | modules/nixfiles/profiles/headless.nix | 30 | ||||
-rw-r--r-- | modules/nixfiles/qutebrowser.nix | 2 | ||||
-rw-r--r-- | modules/nixfiles/vscode.nix | 27 | ||||
-rw-r--r-- | modules/nixfiles/wget.nix | 2 | ||||
-rw-r--r-- | modules/nixos/acme.nix (renamed from modules/nixfiles/acme.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/alertmanager.nix (renamed from modules/nixfiles/alertmanager.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/android.nix (renamed from modules/nixfiles/android.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/bluetooth.nix (renamed from modules/nixfiles/bluetooth.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/common/console.nix (renamed from modules/nixfiles/common/console.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/common/default.nix | 19 | ||||
-rw-r--r-- | modules/nixos/common/documentation.nix | 31 | ||||
-rw-r--r-- | modules/nixos/common/home-manager.nix | 3 | ||||
-rw-r--r-- | modules/nixos/common/kernel.nix (renamed from modules/nixfiles/common/kernel.nix) | 8 | ||||
-rw-r--r-- | modules/nixos/common/locale.nix | 24 | ||||
-rw-r--r-- | modules/nixos/common/networking.nix | 108 | ||||
-rw-r--r-- | modules/nixos/common/nix.nix | 39 | ||||
-rw-r--r-- | modules/nixos/common/secrets.nix (renamed from modules/nixfiles/common/secrets.nix) | 2 | ||||
-rw-r--r-- | modules/nixos/common/security.nix (renamed from modules/nixfiles/common/security.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/common/services.nix | 10 | ||||
-rw-r--r-- | modules/nixos/common/shell.nix | 3 | ||||
-rw-r--r-- | modules/nixos/common/systemd.nix (renamed from modules/nixfiles/common/systemd.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/common/tmp.nix (renamed from modules/nixfiles/common/tmp.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/common/users.nix | 19 | ||||
-rw-r--r-- | modules/nixos/common/xdg.nix (renamed from modules/nixfiles/common/xdg.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/default.nix | 59 | ||||
-rw-r--r-- | modules/nixos/discord.nix | 22 | ||||
-rw-r--r-- | modules/nixos/docker.nix (renamed from modules/nixfiles/docker.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/dwm.nix (renamed from modules/nixfiles/dwm.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/emacs.nix | 30 | ||||
-rw-r--r-- | modules/nixos/endlessh-go.nix (renamed from modules/nixfiles/endlessh-go.nix) | 2 | ||||
-rw-r--r-- | modules/nixos/endlessh.nix | 24 | ||||
-rw-r--r-- | modules/nixos/fail2ban.nix (renamed from modules/nixfiles/fail2ban.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/fonts.nix | 45 | ||||
-rw-r--r-- | modules/nixos/games/default.nix (renamed from modules/nixfiles/games/default.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/games/gamemode.nix (renamed from modules/nixfiles/games/gamemode.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/games/gog.nix (renamed from modules/nixfiles/games/gog.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/games/lutris.nix (renamed from modules/nixfiles/games/lutris.nix) | 7 | ||||
-rw-r--r-- | modules/nixos/games/mangohud.nix (renamed from modules/nixfiles/games/mangohud.nix) | 6 | ||||
-rw-r--r-- | modules/nixos/games/minecraft.nix (renamed from modules/nixfiles/games/minecraft.nix) | 4 | ||||
-rw-r--r-- | modules/nixos/games/steam-run.nix (renamed from modules/nixfiles/games/steam-run.nix) | 26 | ||||
-rw-r--r-- | modules/nixos/games/steam.nix (renamed from modules/nixfiles/games/steam.nix) | 17 | ||||
-rw-r--r-- | modules/nixos/git.nix | 117 | ||||
-rw-r--r-- | modules/nixos/gnupg.nix | 38 | ||||
-rw-r--r-- | modules/nixos/gotify.nix (renamed from modules/nixfiles/gotify.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/grafana.nix (renamed from modules/nixfiles/grafana.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/hydra.nix (renamed from modules/nixfiles/hydra.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/ipfs.nix (renamed from modules/nixfiles/ipfs.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/kde.nix (renamed from modules/nixfiles/kde.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/libvirtd.nix (renamed from modules/nixfiles/libvirtd.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/lidarr.nix (renamed from modules/nixfiles/lidarr.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/loki.nix (renamed from modules/nixfiles/loki.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/lxc.nix (renamed from modules/nixfiles/lxc.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/matrix/default.nix (renamed from modules/nixfiles/matrix/default.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/matrix/dendrite.nix (renamed from modules/nixfiles/matrix/dendrite.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/matrix/element.nix (renamed from modules/nixfiles/matrix/element.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/matrix/synapse.nix (renamed from modules/nixfiles/matrix/synapse.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/monitoring/dashboards/endlessh.json (renamed from modules/nixfiles/monitoring/dashboards/endlessh.json) | 0 | ||||
-rw-r--r-- | modules/nixos/monitoring/dashboards/nginx.json (renamed from modules/nixfiles/monitoring/dashboards/nginx.json) | 0 | ||||
-rw-r--r-- | modules/nixos/monitoring/dashboards/postgresql.json (renamed from modules/nixfiles/monitoring/dashboards/postgresql.json) | 0 | ||||
-rw-r--r-- | modules/nixos/monitoring/dashboards/unbound.json (renamed from modules/nixfiles/monitoring/dashboards/unbound.json) | 0 | ||||
-rw-r--r-- | modules/nixos/monitoring/default.nix (renamed from modules/nixfiles/monitoring/default.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/nextcloud.nix (renamed from modules/nixfiles/nextcloud.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/nginx.nix (renamed from modules/nixfiles/nginx.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/node-exporter.nix (renamed from modules/nixfiles/node-exporter.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/nsd.nix (renamed from modules/nixfiles/nsd.nix) | 2 | ||||
-rw-r--r-- | modules/nixos/openssh.nix | 34 | ||||
-rw-r--r-- | modules/nixos/podman.nix (renamed from modules/nixfiles/podman.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/postgresql.nix (renamed from modules/nixfiles/postgresql.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/profiles/default.nix | 33 | ||||
-rw-r--r-- | modules/nixos/profiles/dev/containers.nix | 27 | ||||
-rw-r--r-- | modules/nixos/profiles/dev/default.nix | 19 | ||||
-rw-r--r-- | modules/nixos/profiles/headful.nix | 88 | ||||
-rw-r--r-- | modules/nixos/profiles/headless.nix | 42 | ||||
-rw-r--r-- | modules/nixos/prometheus.nix (renamed from modules/nixfiles/prometheus.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/promtail.nix (renamed from modules/nixfiles/promtail.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/psd.nix (renamed from modules/nixfiles/psd.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/radarr.nix (renamed from modules/nixfiles/radarr.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/radicale.nix (renamed from modules/nixfiles/radicale.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/rss-bridge.nix (renamed from modules/nixfiles/rss-bridge.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/rtorrent.nix (renamed from modules/nixfiles/rtorrent.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/searx.nix (renamed from modules/nixfiles/searx.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/shadowsocks.nix (renamed from modules/nixfiles/shadowsocks.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/soju.nix (renamed from modules/nixfiles/soju.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/solaar.nix (renamed from modules/nixfiles/solaar.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/sonarr.nix (renamed from modules/nixfiles/sonarr.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/sound.nix (renamed from modules/nixfiles/sound.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/syncthing.nix (renamed from modules/nixfiles/syncthing.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/throttled.nix (renamed from modules/nixfiles/throttled.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/unbound.nix (renamed from modules/nixfiles/unbound.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/vaultwarden.nix (renamed from modules/nixfiles/vaultwarden.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/wireguard.nix (renamed from modules/nixfiles/wireguard.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/x11.nix (renamed from modules/nixfiles/x11.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/xmonad.nix (renamed from modules/nixfiles/xmonad.nix) | 2 |
137 files changed, 1500 insertions, 1041 deletions
diff --git a/modules/darwin/common/default.nix b/modules/darwin/common/default.nix new file mode 100644 index 0000000..149b2d6 --- /dev/null +++ b/modules/darwin/common/default.nix @@ -0,0 +1,10 @@ +_: { + imports = [ + ./home-manager.nix + ./locale.nix + ./networking.nix + ./nix.nix + ./shell.nix + ./users.nix + ]; +} diff --git a/modules/darwin/common/home-manager.nix b/modules/darwin/common/home-manager.nix new file mode 100644 index 0000000..4fc6cbe --- /dev/null +++ b/modules/darwin/common/home-manager.nix @@ -0,0 +1,3 @@ +{inputs, ...}: { + imports = [inputs.home-manager.darwinModule]; +} diff --git a/modules/darwin/common/locale.nix b/modules/darwin/common/locale.nix new file mode 100644 index 0000000..1ecf6fe --- /dev/null +++ b/modules/darwin/common/locale.nix @@ -0,0 +1,7 @@ +{lib, ...}: +with lib; { + environment.variables.LANG = "en_GB.UTF-8"; + + # TODO https://daiderd.com/nix-darwin/manual/index.html#opt-system.keyboard.enableKeyMapping + system.keyboard = {}; +} diff --git a/modules/darwin/common/networking.nix b/modules/darwin/common/networking.nix new file mode 100644 index 0000000..6c503bc --- /dev/null +++ b/modules/darwin/common/networking.nix @@ -0,0 +1,10 @@ +{ + this, + localHostname ? this.hostname, + ... +}: { + networking = { + computerName = localHostname; + hostName = localHostname; + }; +} diff --git a/modules/darwin/common/nix.nix b/modules/darwin/common/nix.nix new file mode 100644 index 0000000..a522cb0 --- /dev/null +++ b/modules/darwin/common/nix.nix @@ -0,0 +1,21 @@ +{ + lib, + this, + ... +}: +with lib; { + nix = { + daemonIOLowPriority = false; + daemonProcessType = "Standard"; + + extraOptions = optionalString (this.system == "aarch64-darwin") '' + extra-platforms = x86_64-darwin aarch64-darwin + ''; + + settings.trusted-users = ["@admin"]; + }; + + services.nix-daemon.enable = true; + + system.stateVersion = 4; +} diff --git a/modules/darwin/common/shell.nix b/modules/darwin/common/shell.nix new file mode 100644 index 0000000..5985f50 --- /dev/null +++ b/modules/darwin/common/shell.nix @@ -0,0 +1,3 @@ +{pkgs, ...}: { + environment.shells = with pkgs; [bashInteractive]; +} diff --git a/modules/darwin/common/users.nix b/modules/darwin/common/users.nix new file mode 100644 index 0000000..957e50c --- /dev/null +++ b/modules/darwin/common/users.nix @@ -0,0 +1,11 @@ +{ + lib, + localUsername ? lib.my.username, + ... +}: +with lib; { + # The only MacOS machine I'm currently using has a pre-configured domain user + # account that I have to login as. I may accidentally break something if I + # change options here so this section is left practically untouched. + users.users.${localUsername}.home = "/Users/${localUsername}"; +} diff --git a/modules/darwin/default.nix b/modules/darwin/default.nix new file mode 100644 index 0000000..153c857 --- /dev/null +++ b/modules/darwin/default.nix @@ -0,0 +1,10 @@ +_: { + imports = [ + ./common + ./emacs.nix + ./fonts.nix + ./gnupg.nix + ./homebrew.nix + ./profiles + ]; +} diff --git a/modules/darwin/emacs.nix b/modules/darwin/emacs.nix new file mode 100644 index 0000000..02bfb83 --- /dev/null +++ b/modules/darwin/emacs.nix @@ -0,0 +1,15 @@ +{ + config, + lib, + ... +}: +with lib; let + cfg = config.nixfiles.modules.emacs; +in { + config = mkIf cfg.enable { + # services.emacs = { + # enable = true; + # package = config.hm.programs.doom-emacs.package; + # }; + }; +} diff --git a/modules/darwin/fonts.nix b/modules/darwin/fonts.nix new file mode 100644 index 0000000..741fdc8 --- /dev/null +++ b/modules/darwin/fonts.nix @@ -0,0 +1,12 @@ +{ + config, + lib, + ... +}: +with lib; let + cfg = config.nixfiles.modules.fonts; +in { + config = mkIf cfg.enable { + fonts.fontDir.enable = true; + }; +} diff --git a/modules/darwin/gnupg.nix b/modules/darwin/gnupg.nix new file mode 100644 index 0000000..073d3b1 --- /dev/null +++ b/modules/darwin/gnupg.nix @@ -0,0 +1,15 @@ +{ + config, + lib, + ... +}: +with lib; let + cfg = config.nixfiles.modules.gnupg; +in { + config = mkIf cfg.enable { + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + }; +} diff --git a/modules/darwin/homebrew.nix b/modules/darwin/homebrew.nix new file mode 100644 index 0000000..35e8e77 --- /dev/null +++ b/modules/darwin/homebrew.nix @@ -0,0 +1,23 @@ +{ + config, + inputs, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.nixfiles.modules.homebrew; +in { + options.nixfiles.modules.homebrew.enable = mkEnableOption "Homebrew"; + + config = mkIf cfg.enable { + # This option requires an installed Homebrew[1]. + # + # [1]: https://daiderd.com/nix-darwin/manual/index.html#opt-homebrew.enable + # [1]: https://brew.sh + homebrew = { + enable = true; + taps = []; + }; + }; +} diff --git a/modules/darwin/profiles/default.nix b/modules/darwin/profiles/default.nix new file mode 100644 index 0000000..f42647a --- /dev/null +++ b/modules/darwin/profiles/default.nix @@ -0,0 +1,93 @@ +{ + config, + lib, + pkgs, + this, + ... +}: +with lib; let + cfg = config.nixfiles.modules.profiles.default; +in { + imports = [ + ./headful.nix + ]; + + config = mkIf cfg.enable { + hm.home.packages = with pkgs; [m-cli]; + + system = { + defaults = { + CustomUserPreferences = {}; + + ActivityMonitor = {}; + + NSGlobalDomain = { + AppleEnableMouseSwipeNavigateWithScrolls = true; + AppleEnableSwipeNavigateWithScrolls = true; + + AppleInterfaceStyle = "Dark"; + + AppleShowAllExtensions = true; + AppleShowAllFiles = true; + + InitialKeyRepeat = 15; + KeyRepeat = 2; + + NSAutomaticCapitalizationEnabled = false; + NSAutomaticDashSubstitutionEnabled = false; + NSAutomaticPeriodSubstitutionEnabled = false; + NSAutomaticQuoteSubstitutionEnabled = false; + NSAutomaticSpellingCorrectionEnabled = false; + + # Make function keys to work as they should. + "com.apple.keyboard.fnState" = true; + + # Disable the absolutely retarded "natural" scrolling. + "com.apple.swipescrolldirection" = false; + }; + + dock = { + orientation = "bottom"; + tilesize = 18; + + show-recents = false; + static-only = false; + + # Disable hot corners. + wvous-bl-corner = 1; + wvous-br-corner = 1; + wvous-tl-corner = 1; + wvous-tr-corner = 1; + }; + + finder = { + AppleShowAllExtensions = true; + AppleShowAllFiles = true; + + CreateDesktop = true; + + FXDefaultSearchScope = "SCcf"; + FXEnableExtensionChangeWarning = false; + FXPreferredViewStyle = "clmv"; + + ShowStatusBar = false; + ShowPathbar = true; + _FXShowPosixPathInTitle = true; + }; + + trackpad = { + Clicking = true; + Dragging = false; + }; + }; + + keyboard = { + enableKeyMapping = true; + nonUS.remapTilde = true; + remapCapsLockToControl = false; + remapCapsLockToEscape = true; + swapLeftCommandAndLeftAlt = false; + }; + }; + }; +} diff --git a/modules/darwin/profiles/headful.nix b/modules/darwin/profiles/headful.nix new file mode 100644 index 0000000..44695f6 --- /dev/null +++ b/modules/darwin/profiles/headful.nix @@ -0,0 +1,19 @@ +{ + config, + lib, + pkgs, + this, + ... +}: +with lib; let + cfg = config.nixfiles.modules.profiles.headful; +in { + config = mkIf cfg.enable { + nixfiles.modules.homebrew.enable = true; + + homebrew.casks = [ + {name = "firefox";} + {name = "telegram-desktop";} + ]; + }; +} diff --git a/modules/nixfiles/alacritty.nix b/modules/nixfiles/alacritty.nix index 5f8833a..142f6c5 100644 --- a/modules/nixfiles/alacritty.nix +++ b/modules/nixfiles/alacritty.nix @@ -19,10 +19,7 @@ in { y = size; }; dynamic_padding = false; - decorations = - if kde.enable - then "full" - else "none"; + decorations = "full"; }; font = with config.fontScheme.monospaceFont; { normal = { diff --git a/modules/nixfiles/bat.nix b/modules/nixfiles/bat.nix index 4a98f99..2b31d16 100644 --- a/modules/nixfiles/bat.nix +++ b/modules/nixfiles/bat.nix @@ -7,7 +7,8 @@ with lib; let cfg = config.nixfiles.modules.bat; in { - options.nixfiles.modules.bat.enable = mkEnableOption "bat, an alternative to cat"; + options.nixfiles.modules.bat.enable = + mkEnableOption "bat, an alternative to cat"; config = mkIf cfg.enable { hm.programs = { diff --git a/modules/nixfiles/chromium.nix b/modules/nixfiles/chromium.nix index 6a7c771..4f0ae12 100644 --- a/modules/nixfiles/chromium.nix +++ b/modules/nixfiles/chromium.nix @@ -23,7 +23,5 @@ in { ]; }; }; - - services.psd.enable = true; }; } diff --git a/modules/nixfiles/common/default.nix b/modules/nixfiles/common/default.nix index 4f7a6c1..2bfe7e8 100644 --- a/modules/nixfiles/common/default.nix +++ b/modules/nixfiles/common/default.nix @@ -2,17 +2,10 @@ _: { imports = [ ./documentation.nix ./home-manager.nix - ./kernel.nix ./locale.nix ./networking.nix ./nix - ./secrets.nix - ./security.nix - ./services.nix ./shell - ./systemd.nix - ./tmp.nix ./users.nix - ./xdg.nix ]; } diff --git a/modules/nixfiles/common/documentation.nix b/modules/nixfiles/common/documentation.nix index 46ec9a5..55f6138 100644 --- a/modules/nixfiles/common/documentation.nix +++ b/modules/nixfiles/common/documentation.nix @@ -16,27 +16,8 @@ with lib; { documentation = { enable = true; - - dev.enable = true; doc.enable = false; info.enable = false; - nixos.enable = true; - - man.man-db.manualPages = - (pkgs.buildEnv { - name = "man-paths"; - paths = with config; - environment.systemPackages ++ hm.home.packages; - pathsToLink = ["/share/man"]; - extraOutputsToInstall = ["man"]; - ignoreCollisions = true; - }) - .overrideAttrs (_: _: {__contentAddressed = true;}); - }; - - environment.sessionVariables = { - MANOPT = "--no-hyphenation"; - MANPAGER = "${pkgs.less}/bin/less -+F"; }; }) (mkIf this.isHeadless { diff --git a/modules/nixfiles/common/home-manager.nix b/modules/nixfiles/common/home-manager.nix index 7ce872b..b28260a 100644 --- a/modules/nixfiles/common/home-manager.nix +++ b/modules/nixfiles/common/home-manager.nix @@ -1,18 +1,18 @@ { - config, inputs, lib, + localUsername ? lib.my.username, ... }: with lib; { imports = [ - inputs.home-manager.nixosModules.home-manager - (mkAliasOptionModule ["hm"] ["home-manager" "users" my.username]) + (mkAliasOptionModule ["hm"] ["home-manager" "users" localUsername]) ]; hm = { news.display = "silent"; - home = {inherit (config.system) stateVersion;}; + home.stateVersion = with builtins; + head (split "\n" (readFile "${inputs.nixpkgs}/.version")); }; home-manager = { @@ -21,6 +21,4 @@ with lib; { useGlobalPkgs = true; verbose = true; }; - - system.extraDependencies = [inputs.home-manager]; } diff --git a/modules/nixfiles/common/locale.nix b/modules/nixfiles/common/locale.nix index 5f0d5ae..bcb577a 100644 --- a/modules/nixfiles/common/locale.nix +++ b/modules/nixfiles/common/locale.nix @@ -1,27 +1,6 @@ -{lib, ...}: -with lib; { - i18n = { - defaultLocale = mkDefault "en_GB.UTF-8"; - supportedLocales = [ - "C.UTF-8/UTF-8" - "en_GB.UTF-8/UTF-8" - "en_US.UTF-8/UTF-8" - "ja_JP.UTF-8/UTF-8" - "ru_RU.UTF-8/UTF-8" - ]; - }; - - time.timeZone = mkDefault "Europe/Moscow"; - - # TODO Fcitx or UIM as a Japanese IME. - services.xserver = { - layout = comcat ["us" "ru"]; - xkbVariant = comcat ["" "phonetic"]; - xkbOptions = comcat [ - "terminate:ctrl_alt_bksp" - "caps:escape" - "compose:menu" - "grp:win_space_toggle" - ]; +_: { + hm.home.language = { + collate = "C"; + messages = "C"; }; } diff --git a/modules/nixfiles/common/networking.nix b/modules/nixfiles/common/networking.nix index 8512d78..e5d27d8 100644 --- a/modules/nixfiles/common/networking.nix +++ b/modules/nixfiles/common/networking.nix @@ -1,100 +1,3 @@ -{ - config, - lib, - pkgs, - this, - ... -}: -with lib; { - hm.home.file.".digrc".text = '' - +answer - +multiline - +recurse - ''; - - # TODO Support multiple interfaces and IP addresses. - networking = mkMerge [ - { - domain = my.domain.shire; - - hostName = this.hostname; - hostId = substring 0 8 (builtins.hashString "md5" this.hostname); - - # Remove default hostname mappings. This is required at least by the current - # implementation of the montoring module. - hosts = { - "127.0.0.2" = mkForce []; - "::1" = mkForce []; - }; - - nameservers = mkDefault dns.const.quad9.default; - - useDHCP = false; - - firewall = { - enable = true; - - rejectPackets = false; - - allowPing = true; - pingLimit = "--limit 1/minute --limit-burst 5"; - - logRefusedConnections = false; - logRefusedPackets = false; - logRefusedUnicastsOnly = false; - logReversePathDrops = false; - }; - } - (let - interface = "eth0"; # This assumes `usePredictableInterfaceNames` is false. - in - mkIf (hasAttr "ipv4" this && hasAttr "ipv6" this) { - usePredictableInterfaceNames = false; # NOTE This can break something! - interfaces.${interface} = { - ipv4.addresses = with this.ipv4; - optional (isString address && isInt prefixLength) { - inherit address prefixLength; - }; - - ipv6.addresses = with this.ipv6; - optional (isString address && isInt prefixLength) { - inherit address prefixLength; - }; - }; - defaultGateway = with this.ipv4; - mkIf (isString gatewayAddress) { - inherit interface; - address = gatewayAddress; - }; - defaultGateway6 = with this.ipv6; - mkIf (isString gatewayAddress) { - inherit interface; - address = gatewayAddress; - }; - }) - ]; - - environment = { - systemPackages = with pkgs; [myip]; - - shellAliases = listToAttrs (map - ({ - name, - value, - }: - nameValuePair name "${pkgs.iproute2}/bin/${value}") [ - { - name = "bridge"; - value = "bridge -color=always"; - } - { - name = "ip"; - value = "ip -color=always"; - } - { - name = "tc"; - value = "tc -color=always"; - } - ]); - }; +{pkgs, ...}: { + environment.systemPackages = with pkgs; [myip]; } diff --git a/modules/nixfiles/common/nix/default.nix b/modules/nixfiles/common/nix/default.nix index c9d3b04..aeb25bd 100644 --- a/modules/nixfiles/common/nix/default.nix +++ b/modules/nixfiles/common/nix/default.nix @@ -2,12 +2,8 @@ config, inputs, lib, + localUsername ? lib.my.username, pkgs, - pkgsLocal, - pkgsMaster, - pkgsPR, - pkgsRev, - pkgsStabe, this, ... }: @@ -62,10 +58,11 @@ with lib; { // {nixfiles.flake = inputs.self;}; settings = { - trusted-users = ["root" "@wheel"]; + trusted-users = ["root" localUsername]; substituters = [ "https://azahi.cachix.org" + "https://cache.iog.io" "https://cachix.cachix.org" "https://nix-community.cachix.org" "https://pre-commit-hooks.cachix.org" @@ -73,6 +70,7 @@ with lib; { trusted-public-keys = [ "azahi.cachix.org-1:2bayb+iWYMAVw3ZdEpVg+NPOHCXncw7WMQ0ElX1GO3s=" "cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM=" + "hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "pre-commit-hooks.cachix.org-1:Pkk3Panw5AW24TOv6kz3PvLhlH8puAsJTBbOPmBo7Rc=" ]; @@ -114,45 +112,25 @@ with lib; { inherit (np) yaml-language-server; json-language-server = np.vscode-json-languageserver-bin; k3d = kube3d; + kubelogin = kubelogin-oidc; lua-language-server = sumneko-lua-language-server; nix-language-server = rnix-lsp; omnisharp = omnisharp-roslyn; + telepresence = telepresence2; tor-browser = tor-browser-bundle-bin; })) - agenix.overlay emacs-overlay.overlay # nil.overlays.default - # nix-minecraft-servers.overlays.default nur.overlay # pollymc.overlay - xmonad-ng.overlays.default ]; - system = { - stateVersion = builtins.readFile "${inputs.nixpkgs}/.version"; - - extraDependencies = with inputs; [ - nixos-hardware - nixpkgs - nixpkgs-master - nixpkgs-stable - nur + environment.systemPackages = with pkgs; + optionals this.isHeadful [ + nix-du + nix-top + nix-tree ]; - }; - - environment = { - sessionVariables.NIX_SHELL_PRESERVE_PROMPT = "1"; - - localBinInPath = true; - - defaultPackages = []; - systemPackages = with pkgs; - optionals this.isHeadful [ - nix-du - nix-top - nix-tree - ]; - }; hm.home = { packages = with pkgs; [nix-index]; diff --git a/modules/nixfiles/common/services.nix b/modules/nixfiles/common/services.nix deleted file mode 100644 index 376c87d..0000000 --- a/modules/nixfiles/common/services.nix +++ /dev/null @@ -1,9 +0,0 @@ -_: { - services = { - earlyoom.enable = true; - haveged.enable = true; - irqbalance.enable = true; - }; - - hardware.ksm.enable = true; -} diff --git a/modules/nixfiles/common/shell/default.nix b/modules/nixfiles/common/shell/default.nix index 8ed2e99..9425578 100644 --- a/modules/nixfiles/common/shell/default.nix +++ b/modules/nixfiles/common/shell/default.nix @@ -40,6 +40,72 @@ with lib; { fi ''; + shellAliases = + listToAttrs + (map + ({ + name, + value, + }: + nameValuePair name (with pkgs; let + pkg = + if this.isHeadful + then + (coreutils.overrideAttrs (_: super: { + patches = + super.patches + ++ [ + (fetchpatch { + url = "https://raw.githubusercontent.com/jarun/advcpmv/ea268d870b475edd5960dcd55d5378abc9705958/advcpmv-0.9-9.1.patch"; + hash = "sha256-d+SRT/R4xmfHLAdOr7m4R3WFiW64P5ZH6iqDvErYCyg="; + }) + ]; + })) + else coreutils; + in "${pkg}/bin/coreutils --coreutils-prog=${value}")) + ( + let + mkAlias = { + name ? head command, + command, + }: { + inherit name; + value = concatStringsSep " " command; + }; + + progressBar = optionalString this.isHeadful "--progress-bar"; + in [ + (mkAlias { + command = ["cp" "--interactive" "--recursive" progressBar]; + }) + (mkAlias {command = ["mv" "--interactive" progressBar];}) + (mkAlias {command = ["rm" "--interactive=once"];}) + (mkAlias {command = ["ln" "--interactive"];}) + (mkAlias {command = ["mkdir" "--parents"];}) + (mkAlias {command = ["rmdir" "--parents"];}) + (mkAlias { + name = "lower"; + command = ["tr" "'[:upper:]'" "'[:lower:]'"]; + }) + (mkAlias { + name = "upper"; + command = ["tr" "'[:lower:]'" "'[:upper:]'"]; + }) + (mkAlias { + name = "disk"; + command = [ + "df" + "--human-readable" + "--exclude-type=tmpfs" + "--exclude-type=devtmpfs" + "2>/dev/null" + ]; + }) + ] + )) + // genAttrs ["grep" "egrep" "fgrep"] + (name: "${pkgs.gnugrep}/bin/${name} --color=always"); + historyControl = ["ignoredups" "ignorespace"]; }; @@ -51,82 +117,12 @@ with lib; { home.packages = with pkgs; [grc]; }; - programs.command-not-found.enable = false; - - environment = { - shellAliases = - listToAttrs - (map - ({ - name, - value, - }: - nameValuePair name (with pkgs; let - pkg = - if this.isHeadful - then - (coreutils.overrideAttrs (_: super: { - patches = - super.patches - ++ [ - (fetchpatch { - url = "https://raw.githubusercontent.com/jarun/advcpmv/ea268d870b475edd5960dcd55d5378abc9705958/advcpmv-0.9-9.1.patch"; - hash = "sha256-d+SRT/R4xmfHLAdOr7m4R3WFiW64P5ZH6iqDvErYCyg="; - }) - ]; - })) - else coreutils; - in "${pkg}/bin/coreutils --coreutils-prog=${value}")) - ( - let - mkAlias = { - name ? head command, - command, - }: { - inherit name; - value = concatStringsSep " " command; - }; - - progressBar = optionalString this.isHeadful "--progress-bar"; - in [ - (mkAlias { - command = ["cp" "--interactive" "--recursive" progressBar]; - }) - (mkAlias {command = ["mv" "--interactive" progressBar];}) - (mkAlias {command = ["rm" "--interactive=once"];}) - (mkAlias {command = ["ln" "--interactive"];}) - (mkAlias {command = ["mkdir" "--parents"];}) - (mkAlias {command = ["rmdir" "--parents"];}) - (mkAlias { - name = "lower"; - command = ["tr" "'[:upper:]'" "'[:lower:]'"]; - }) - (mkAlias { - name = "upper"; - command = ["tr" "'[:lower:]'" "'[:upper:]'"]; - }) - (mkAlias { - name = "disk"; - command = [ - "df" - "--human-readable" - "--exclude-type=tmpfs" - "--exclude-type=devtmpfs" - "2>/dev/null" - ]; - }) - ] - )) - // genAttrs ["grep" "egrep" "fgrep"] - (name: "${pkgs.gnugrep}/bin/${name} --color=always"); - - systemPackages = with pkgs; [ - bash-completion - bc - gawk - hr - moreutils - pv - ]; - }; + environment.systemPackages = with pkgs; [ + bash-completion + bc + gawk + hr + moreutils + pv + ]; } diff --git a/modules/nixfiles/common/users.nix b/modules/nixfiles/common/users.nix index fb85c1b..aee0e38 100644 --- a/modules/nixfiles/common/users.nix +++ b/modules/nixfiles/common/users.nix @@ -1,21 +1,8 @@ -{lib, ...}: +{ + lib, + localUsername ? lib.my.username, + ... +}: with lib; { - imports = [(mkAliasOptionModule ["my"] ["users" "users" my.username])]; - - users = { - mutableUsers = false; - - users = { - root.hashedPassword = "@HASHED_PASSWORD@"; - - ${my.username} = { - isNormalUser = true; - uid = 1000; - description = my.fullname; - inherit (my) hashedPassword; - openssh.authorizedKeys.keys = [my.ssh.key]; - extraGroups = ["wheel"]; - }; - }; - }; + imports = [(mkAliasOptionModule ["my"] ["users" "users" localUsername])]; } diff --git a/modules/nixfiles/default.nix b/modules/nixfiles/default.nix index 82ccc27..d4e5e26 100644 --- a/modules/nixfiles/default.nix +++ b/modules/nixfiles/default.nix @@ -1,78 +1,31 @@ -{...}: { +_: { imports = [ - ./acme.nix ./alacritty.nix - ./alertmanager.nix - ./android.nix ./aria2.nix ./bat.nix ./beets.nix - ./bluetooth.nix ./chromium.nix ./common ./curl.nix ./direnv.nix - ./docker.nix - ./dwm.nix ./emacs - ./endlessh-go.nix - ./endlessh.nix - ./fail2ban.nix ./firefox ./fonts.nix - ./games ./git.nix ./gnupg.nix - ./gotify.nix - ./grafana.nix ./htop.nix - ./hydra.nix - ./ipfs.nix - ./kde.nix - ./libvirtd.nix - ./lidarr.nix - ./loki.nix - ./lxc.nix - ./matrix - ./monitoring ./mpd.nix ./mpv.nix - ./nextcloud.nix - ./nginx.nix ./nmap.nix - ./node-exporter.nix - ./nsd.nix ./openssh.nix ./password-store.nix - ./podman.nix - ./postgresql.nix ./profiles - ./prometheus.nix - ./promtail.nix - ./psd.nix ./qutebrowser.nix - ./radarr.nix - ./radicale.nix - ./rss-bridge.nix - ./rtorrent.nix - ./searx.nix - ./shadowsocks.nix - ./soju.nix - ./solaar.nix - ./sonarr.nix - ./sound.nix ./subversion.nix - ./syncthing.nix - ./throttled.nix ./tmux.nix - ./unbound.nix - ./vaultwarden.nix ./vim ./vscode.nix ./wget.nix - ./wireguard.nix - ./x11.nix - ./xmonad.nix ./zathura.nix ]; } diff --git a/modules/nixfiles/discord.nix b/modules/nixfiles/discord.nix new file mode 100644 index 0000000..190b5fc --- /dev/null +++ b/modules/nixfiles/discord.nix @@ -0,0 +1,22 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.nixfiles.modules.discord; +in { + options.nixfiles.modules.discord.enable = + mkEnableOption "Steam runtime"; + + config = mkIf cfg.enable { + nixfiles.modules.common.nix.allowedUnfreePackages = ["discord"]; + + hm.home.packages = with pkgs; [ + (discord.override { + withOpenASAR = true; + }) + ]; + }; +} diff --git a/modules/nixfiles/emacs/default.nix b/modules/nixfiles/emacs/default.nix index 0ae2bf9..933a32e 100644 --- a/modules/nixfiles/emacs/default.nix +++ b/modules/nixfiles/emacs/default.nix @@ -11,17 +11,10 @@ in { options.nixfiles.modules.emacs.enable = mkEnableOption "GNU Emacs"; config = mkIf cfg.enable { - secrets.authinfo = { - file = "${inputs.self}/secrets/authinfo"; - owner = my.username; - inherit (config.my) group; - }; - nixfiles.modules = { fonts.enable = true; git.client.enable = true; gnupg.enable = true; - x11.enable = true; }; hm = { @@ -65,7 +58,6 @@ in { gore # :lang go gotests # :lang go graphviz # :lang (org +roam2) :lang plantuml - grip # :lang (markdown +grip) haskell-language-server # :lang (haskell +lsp) haskellPackages.brittany # :lang haskell :editor format haskellPackages.cabal-fmt # :lang haskell :editor format @@ -97,10 +89,6 @@ in { texlive.combined.scheme-full # :lang org tex unzip # :tools debugger wordnet # :tools (lookup +dictionary +offline) - xclip # :app everywhere - xdotool # :app everywhere - xorg.xprop # :app everywhere - xorg.xwininfo # :app everywhere yaml-language-server # :lang (yaml +lsp) zls # :lang (zig +lsp) zstd # :emacs undo @@ -117,13 +105,11 @@ in { (setq custom-file (file-name-concat doom-emacs-dir "custom.el")) - ;; Font must be set to n+2 because otherwise it looks too small. + Font must be set to n+2 because otherwise it looks too small. (setq doom-font (font-spec :family "${config.fontScheme.monospaceFont.family}" :size ${toString (config.fontScheme.monospaceFont.size + 2)}) doom-unicode-font doom-font) - (appendq! auth-sources '("${config.secrets.authinfo.path}")) - (setq user-full-name "${my.fullname}" user-mail-address "${my.email}") @@ -142,16 +128,6 @@ in { (setq skk-large-jisyo "${pkgs.skk-dicts}/share/skk/SKK-JISYO.L") ''; }; - - services.emacs = { - enable = true; - client.enable = true; - }; }; - - system.extraDependencies = with inputs; [ - emacs-overlay - nix-doom-emacs - ]; }; } diff --git a/modules/nixfiles/emacs/doom/init.el b/modules/nixfiles/emacs/doom/init.el index ef663a0..efb831e 100644 --- a/modules/nixfiles/emacs/doom/init.el +++ b/modules/nixfiles/emacs/doom/init.el @@ -20,7 +20,7 @@ ophints (popup +defaults) ;; tabs - (treemacs +lsp) + ;; (treemacs +lsp) ;; unicode (vc-gutter +diff-hl +pretty) window-select @@ -91,7 +91,7 @@ (javascript +lsp +tree-sitter) json (latex +lsp +tree-sittter) - (lua +lsp +tree-sitter) + ;; (lua +lsp +tree-sitter) (markdown +lsp +tree-sitter) (nix +lsp) (org +pandoc +roam2) @@ -99,7 +99,7 @@ (python +lsp +tree-sitter) ;; (racket +lsp +tree-sitter) ;; rst - (rust +lsp +tree-sitter) + ;; (rust +lsp +tree-sitter) ;; (scheme +lsp +tree-sitter +racket) (sh +lsp +tree-sitter) web @@ -112,7 +112,7 @@ :app calendar ;; emms - everywhere + ;; everywhere irc (rss +org) diff --git a/modules/nixfiles/endlessh.nix b/modules/nixfiles/endlessh.nix deleted file mode 100644 index c66d8b3..0000000 --- a/modules/nixfiles/endlessh.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; let - cfg = config.nixfiles.modules.endlessh; -in { - options.nixfiles.modules.endlessh.enable = - mkEnableOption "endlessh"; - - config = let - port = 22; - in - mkIf cfg.enable { - assertions = [ - { - assertion = !(any (x: x == port) config.services.openssh.ports); - message = "Port ${toString port} is already occupied by OpenSSH"; - } - ]; - - systemd.services.endlessh = { - description = "Endlessh SSH Tarpit"; - requires = ["network-online.target"]; - serviceConfig = { - Restart = "always"; - ExecStart = concatStringsSep " " [ - "${pkgs.endlessh}/bin/endlessh" - "-v" - "-4" - "-p ${toString port}" - ]; - KillSignal = "SIGTERM"; - AmbientCapabilities = "CAP_NET_BIND_SERVICE"; - DynamicUser = true; - StateDirectory = "endlessh"; - }; - wantedBy = ["multi-user.target"]; - }; - - networking.firewall.allowedTCPPorts = [port]; - }; -} diff --git a/modules/nixfiles/firefox/default.nix b/modules/nixfiles/firefox/default.nix index 8557d64..cd651a6 100644 --- a/modules/nixfiles/firefox/default.nix +++ b/modules/nixfiles/firefox/default.nix @@ -276,23 +276,17 @@ in { }; }; - extensions = with pkgs.nur.repos.rycee.firefox-addons; - [ - bitwarden - consent-o-matic - darkreader - localcdn - noscript - privacy-redirect - ublock-origin - violentmonkey - ] - ++ optional config.nixfiles.modules.ipfs.enable ipfs-companion; + extensions = with pkgs.nur.repos.rycee.firefox-addons; [ + bitwarden + consent-o-matic + darkreader + localcdn + noscript + privacy-redirect + ublock-origin + violentmonkey + ]; }; }; - - services.psd.enable = true; - - system.extraDependencies = [inputs.arkenfox-nixos]; }; } diff --git a/modules/nixfiles/firefox/userChrome.css b/modules/nixfiles/firefox/userChrome.css index 23fc336..5300d17 100644 --- a/modules/nixfiles/firefox/userChrome.css +++ b/modules/nixfiles/firefox/userChrome.css @@ -94,8 +94,8 @@ min-width: 1.6em; } - #back-button, #forward-button, + #back-button, #context-bookmarklink, #context-inspect-a11y, #context-navigation, @@ -117,7 +117,8 @@ #context_moveTabOptions, #context_reopenInContainer, #context_selectAllTabs, - #context_sendTabToDevice { + #context_sendTabToDevice, + #webrtcIndicator { display: none !important; } } diff --git a/modules/nixfiles/fonts.nix b/modules/nixfiles/fonts.nix index dbae282..483de0d 100644 --- a/modules/nixfiles/fonts.nix +++ b/modules/nixfiles/fonts.nix @@ -80,51 +80,12 @@ in { }; }; - config = mkMerge [ - (mkIf cfg.enable { - hm.fonts.fontconfig.enable = true; - - fonts = { - fonts = with pkgs; [ - iosevka-bin - (iosevka-bin.override {variant = "aile";}) - (iosevka-bin.override {variant = "etoile";}) - sarasa-gothic - ]; - - fontconfig = { - enable = true; - - defaultFonts = { - monospace = [ - "Iosevka" - "Sarasa Mono K" - "Sarasa Mono J" - "Sarasa Mono SC" - "Sarasa Mono CL" - ]; - sansSerif = [ - "Iosevka Aile" - "Sarasa Gothic K" - "Sarasa Gothic J" - "Sarasa Gothic SC" - "Sarasa Gothic CL" - ]; - serif = [ - "Iosevka Etoile" - "Sarasa Gothic K" - "Sarasa Gothic J" - "Sarasa Gothic SC" - "Sarasa Gothic CL" - ]; - }; - }; - }; - }) - (mkIf (!cfg.enable) { - # Disable fonts for headless profiles. - hm.fonts.fontconfig.enable = mkForce false; - fonts.fontconfig.enable = mkForce false; - }) - ]; + config = mkIf cfg.enable { + fonts.fonts = with pkgs; [ + iosevka-bin + (iosevka-bin.override {variant = "aile";}) + (iosevka-bin.override {variant = "etoile";}) + sarasa-gothic + ]; + }; } diff --git a/modules/nixfiles/git.nix b/modules/nixfiles/git.nix index facff2f..2c1dd1f 100644 --- a/modules/nixfiles/git.nix +++ b/modules/nixfiles/git.nix @@ -1,224 +1,117 @@ { config, lib, - inputs, pkgs, ... }: with lib; let cfg = config.nixfiles.modules.git; in { - options.nixfiles.modules.git = { - client.enable = mkEnableOption "Git client"; - server = { - enable = mkEnableOption "Git server"; + options.nixfiles.modules.git.client.enable = + mkEnableOption "Git client"; - domain = mkOption { - description = "Domain name sans protocol scheme."; - type = with types; nullOr str; - default = "git.${config.networking.domain}"; - }; - - package = mkOption { - description = "Package."; - type = types.package; - default = pkgs.cgit-pink; - }; - }; - }; - - config = mkMerge [ - (mkIf cfg.client.enable { - secrets = { - glab-cli-config = { - file = "${inputs.self}/secrets/glab-cli-config"; - path = "${config.dirs.config}/glab-cli/config.yml"; - owner = my.username; - inherit (config.my) group; - }; - gh-hosts = { - file = "${inputs.self}/secrets/gh-hosts"; - path = "${config.dirs.config}/gh/hosts.yml"; - owner = my.username; - inherit (config.my) group; - }; - hut = { - file = "${inputs.self}/secrets/hut"; - path = "${config.dirs.config}/hut/config"; - owner = my.username; - inherit (config.my) group; - }; - }; - - hm = { - home.packages = with pkgs; [glab hut]; - - programs = { - git = { - enable = true; - - package = pkgs.git.override { - doInstallCheck = false; - pythonSupport = false; - sendEmailSupport = true; - withLibsecret = false; - withSsh = true; - }; - - userName = my.fullname; - userEmail = my.email; - signing = { - inherit (my.pgp) key; - signByDefault = true; - }; - - extraConfig = - { - advice.detachedHead = false; - color.ui = true; - core.whitespace = "trailing-space"; - diff = { - mnemonicPrefix = true; - renames = "copies"; - submodule = "log"; - }; - init.defaultBranch = "master"; - status.submoduleSummary = true; - github.user = my.username; - gitlab.user = my.username; - } - // mapAttrs' - (n: v: nameValuePair ''url "git@${v}:"'' {insteadOf = "${n}:";}) { - "alpine" = "gitlab.alpinelinux.org"; - "bitbucket" = "bitbucket.com"; - "codeberg" = "codeberg.org"; - "freedesktop" = "gitlab.freedesktop.org"; - "github" = "github.com"; - "gitlab" = "gitlab.com"; - "gnome" = "gitlab.gnome.org"; - "haskell" = "gitlab.haskell.org"; - "kde" = "invent.kde.org"; - "notabug" = "notabug.org"; - "opencode" = "opencode.net"; - "sourcehut" = "git.sr.ht"; - "videolan" = "code.videolan.org"; - }; + config = mkIf cfg.client.enable { + hm = { + home.packages = with pkgs; [glab hut]; - aliases = let - git = "${config.hm.programs.git.package}/bin/git"; - curl = "${pkgs.curl}/bin/curl"; - in { - fuck = "!${git} reset --hard && ${git} clean -fdx"; - gud = ''commit -m "git gud"''; - wtc = "!${curl} -sq whatthecommit.com/index.txt | ${git} commit -F -"; - }; + programs = { + git = { + enable = true; - # All helper tools/editor generated files should go here. This must - # be kept relatively clean and void of any project-specific residual - # files. - ignores = [ - "*~" - ".cache/clangd/" - ".ccls-cache/" - ".dir-locals.el" - ".gdb_history" - ".netrwhist" - ".projectile" - "[._]*.s[a-v][a-z]" - "[._]*.sw[a-p]" - "[._]s[a-rt-v][a-z]" - "[._]ss[a-gi-z]" - "[._]sw[a-p]" - "\#*\#" - "compile_commands*.json" - "cscope.*" - "vgcore.*" - ]; + package = pkgs.git.override { + doInstallCheck = false; + pythonSupport = false; + sendEmailSupport = true; + withLibsecret = false; + withSsh = true; }; - gh = { - enable = true; - settings.git_protocol = "ssh"; + userName = my.fullname; + userEmail = my.email; + signing = { + inherit (my.pgp) key; + signByDefault = true; }; - bash = { - shellAliases = { - gl = "${pkgs.glab}/bin/glab"; - ht = "${pkgs.hut}/bin/hut"; + extraConfig = + { + advice.detachedHead = false; + color.ui = true; + core.whitespace = "trailing-space"; + diff = { + mnemonicPrefix = true; + renames = "copies"; + submodule = "log"; + }; + init.defaultBranch = "master"; + status.submoduleSummary = true; + } + // mapAttrs' + (n: v: nameValuePair ''url "git@${v}:"'' {insteadOf = "${n}:";}) { + "alpine" = "gitlab.alpinelinux.org"; + "bitbucket" = "bitbucket.com"; + "codeberg" = "codeberg.org"; + "freedesktop" = "gitlab.freedesktop.org"; + "github" = "github.com"; + "gitlab" = "gitlab.com"; + "gnome" = "gitlab.gnome.org"; + "haskell" = "gitlab.haskell.org"; + "kde" = "invent.kde.org"; + "notabug" = "notabug.org"; + "opencode" = "opencode.net"; + "sourcehut" = "git.sr.ht"; + "videolan" = "code.videolan.org"; }; - initExtra = mkAfter '' - _complete_alias gl __start_glab glab - _complete_alias ht __start_hut hut - ''; - }; - }; - }; - }) - (mkIf cfg.server.enable { - nixfiles.modules.nginx = { - enable = true; - virtualHosts.${cfg.server.domain} = { - locations = { - "/".extraConfig = let - cgitrc = pkgs.writeText "cgitrc" '' - root-title=azahi’s git stuff - root-desc=鯛も一人はうまからず - - about-filter=${cfg.server.package}/lib/cgit/filters/about-formatting.sh - source-filter=${cfg.server.package}/lib/cgit/filters/syntax-highlighting.py - commit-filter=${cfg.server.package}/lib/cgit/filters/commit-links.sh - - enable-git-config=1 - enable-gitweb-owner=1 - remove-suffix=1 - snapshots=tar.gz tar.bz2 zip - - readme=:README - readme=:README.md - readme=:README.org - readme=:README.txt - readme=:readme - readme=:readme.md - readme=:readme.org - readme=:readme.txt - - scan-path=${config.services.gitolite.dataDir}/repositories - ''; - in '' - include ${config.services.nginx.package}/conf/fastcgi_params; - fastcgi_split_path_info ^(/?)(.+)$; - fastcgi_pass unix:${config.services.fcgiwrap.socketAddress}; - fastcgi_param SCRIPT_FILENAME ${cfg.server.package}/cgit/cgit.cgi; - fastcgi_param CGIT_CONFIG ${cgitrc}; - fastcgi_param PATH_INFO $uri; - fastcgi_param QUERY_STRING $args; - fastcgi_param HTTP_HOST $server_name; - ''; - # FIXME This breaks sources previewing for these files. - "~* ^/(.+.(ico|css|png))$".extraConfig = '' - alias ${cfg.server.package}/cgit/$1; - ''; + aliases = let + git = "${config.hm.programs.git.package}/bin/git"; + curl = "${pkgs.curl}/bin/curl"; + in { + fuck = "!${git} reset --hard && ${git} clean -fdx"; + gud = ''commit -m "git gud"''; + wtc = "!${curl} -sq whatthecommit.com/index.txt | ${git} commit -F -"; }; + + # All helper tools/editor generated files should go here. This must + # be kept relatively clean and void of any project-specific residual + # files. + ignores = [ + "*~" + ".DS_Store" + ".cache/clangd/" + ".ccls-cache/" + ".dir-locals.el" + ".gdb_history" + ".netrwhist" + ".projectile" + "[._]*.s[a-v][a-z]" + "[._]*.sw[a-p]" + "[._]s[a-rt-v][a-z]" + "[._]ss[a-gi-z]" + "[._]sw[a-p]" + "\#*\#" + "compile_commands*.json" + "cscope.*" + "vgcore.*" + ]; }; - }; - services = let - user = "git"; - group = "git"; - in { - gitolite = { - # TODO Make the configuration purely declarative. + gh = { enable = true; - inherit user group; - adminPubkey = my.ssh.key; + settings.git_protocol = "ssh"; }; - fcgiwrap = { - enable = true; - inherit user group; + bash = { + shellAliases = { + gl = "${pkgs.glab}/bin/glab"; + ht = "${pkgs.hut}/bin/hut"; + }; + initExtra = mkAfter '' + _complete_alias gl __start_glab glab + _complete_alias ht __start_hut hut + ''; }; }; - }) - ]; + }; + }; } diff --git a/modules/nixfiles/gnupg.nix b/modules/nixfiles/gnupg.nix index c1419e4..c0f10f9 100644 --- a/modules/nixfiles/gnupg.nix +++ b/modules/nixfiles/gnupg.nix @@ -6,83 +6,53 @@ with lib; let cfg = config.nixfiles.modules.gnupg; in { - options.nixfiles.modules.gnupg = { - enable = mkEnableOption "GnuPG"; - - pinentry = mkOption { - description = "Name of a pinentry implementation."; - type = types.str; - default = "curses"; - }; - }; + options.nixfiles.modules.gnupg.enable = mkEnableOption "GnuPG"; config = mkIf cfg.enable { - hm = { - programs.gpg = { - enable = true; - - homedir = "${config.dirs.data}/gnupg"; - - settings = - { - display-charset = "utf-8"; - enable-progress-filter = true; - fixed-list-mode = true; - keyid-format = "0xlong"; - no-comments = true; - no-emit-version = true; - no-greeting = true; - with-fingerprint = true; - throw-keyids = false; - - use-agent = true; - - armor = true; - - no-random-seed-file = true; - - list-options = "show-uid-validity"; - verify-options = "show-uid-validity"; - } - // (let - cipherAlgos = ["AES256" "AES192" "AES"]; - compressionAlgos = ["ZLIB" "BZIP2" "ZIP" "Uncompressed"]; - digestAlgos = ["SHA512" "SHA384" "SHA256" "SHA224"]; - - cs = concatStringsSep " "; - in { - default-preference-list = - cs (digestAlgos ++ cipherAlgos ++ compressionAlgos); - - personal-cipher-preferences = cs cipherAlgos; - personal-compress-preferences = cs compressionAlgos; - personal-digest-preferences = cs digestAlgos; - - s2k-cipher-algo = head cipherAlgos; - s2k-digest-algo = head digestAlgos; - - digest-algo = head digestAlgos; - cert-digest-algo = head digestAlgos; - }); - }; - - services.gpg-agent = { - enable = true; - - enableSshSupport = true; - enableScDaemon = false; - - defaultCacheTtl = 999999; - defaultCacheTtlSsh = 999999; - maxCacheTtl = 999999; - maxCacheTtlSsh = 999999; - - grabKeyboardAndMouse = true; - - sshKeys = [my.pgp.grip]; - - pinentryFlavor = cfg.pinentry; - }; + hm.programs.gpg = { + enable = true; + + settings = + { + display-charset = "utf-8"; + enable-progress-filter = true; + fixed-list-mode = true; + keyid-format = "0xlong"; + no-comments = true; + no-emit-version = true; + no-greeting = true; + with-fingerprint = true; + throw-keyids = false; + + use-agent = true; + + armor = true; + + no-random-seed-file = true; + + list-options = "show-uid-validity"; + verify-options = "show-uid-validity"; + } + // (let + cipherAlgos = ["AES256" "AES192" "AES"]; + digestAlgos = ["SHA512" "SHA384" "SHA256" "SHA224"]; + compressionAlgos = ["ZLIB" "BZIP2" "ZIP" "Uncompressed"]; + + cs = concatStringsSep " "; + in { + default-preference-list = + cs (cipherAlgos ++ digestAlgos ++ compressionAlgos); + + personal-cipher-preferences = cs cipherAlgos; + personal-digest-preferences = cs digestAlgos; + personal-compress-preferences = cs compressionAlgos; + + s2k-cipher-algo = head cipherAlgos; + s2k-digest-algo = head digestAlgos; + + digest-algo = head digestAlgos; + cert-digest-algo = head digestAlgos; + }); }; }; } diff --git a/modules/nixfiles/nmap.nix b/modules/nixfiles/nmap.nix index 14ad007..65877be 100644 --- a/modules/nixfiles/nmap.nix +++ b/modules/nixfiles/nmap.nix @@ -55,10 +55,5 @@ in { ''; }; }; - - system.extraDependencies = with inputs; [ - nmap-vulners - nmap-vulscan - ]; }; } diff --git a/modules/nixfiles/openssh.nix b/modules/nixfiles/openssh.nix index bf470ca..4b80809 100644 --- a/modules/nixfiles/openssh.nix +++ b/modules/nixfiles/openssh.nix @@ -7,80 +7,52 @@ with lib; let cfg = config.nixfiles.modules.openssh; in { - options.nixfiles.modules.openssh = { - client.enable = mkEnableOption "OpenSSH client"; - server.enable = mkEnableOption "OpenSSH server"; + options.nixfiles.modules.openssh.client.enable = + mkEnableOption "OpenSSH client"; + + config = mkIf cfg.client.enable { + hm = { + home.packages = with pkgs; [mosh sshfs]; + + programs.ssh = { + enable = true; + + hashKnownHosts = true; + + controlMaster = "auto"; + controlPersist = "24H"; + + serverAliveCountMax = 30; + serverAliveInterval = 60; + + matchBlocks = let + mkBlock = name: { + hostname ? name, + port ? 22022, # NOTE This is not the default OpenSSH port. + user ? my.username, + identityFile ? "${config.my.home}/.ssh/${my.username}_${my.ssh.type}", + extraAttrs ? {}, + }: + nameValuePair name ({inherit hostname port user identityFile;} + // extraAttrs); + + internalServers = + mapAttrs' mkBlock + (mapAttrs (name: _: { + hostname = "${name}.${my.domain.shire}"; + }) (filterAttrs (_: attr: + hasAttr "wireguard" attr + && attr.isHeadless) + my.configurations)); + in + internalServers + // (mapAttrs' mkBlock { + gitolite = { + user = "git"; + hostname = "git.${my.domain.shire}"; + }; + }); + }; + }; }; - - config = let - port = 22022; # Port 22 should be occupied by endlessh. - in - mkMerge [ - (mkIf cfg.client.enable { - hm = { - home.packages = with pkgs; [mosh sshfs]; - - programs.ssh = { - enable = true; - - hashKnownHosts = true; - - controlMaster = "auto"; - controlPersist = "24H"; - - serverAliveCountMax = 30; - serverAliveInterval = 60; - - matchBlocks = let - mkBlock = name: { - hostname ? name, - port ? 22, - user ? my.username, - identityFile ? "${config.my.home}/.ssh/id_ed25519", - extraAttrs ? {}, - }: - nameValuePair name ({inherit hostname port user identityFile;} - // extraAttrs); - - internalServers = - mapAttrs' mkBlock - (mapAttrs (name: _: { - hostname = "${name}.${my.domain.shire}"; - inherit port; - }) (filterAttrs (_: attr: - hasAttr "wireguard" attr - && attr.isHeadless) - my.configurations)); - in - internalServers - // (mapAttrs' mkBlock { - gitolite = { - user = "git"; - hostname = "git.${my.domain.shire}"; - inherit port; - }; - }); - }; - }; - }) - (mkIf cfg.server.enable { - programs.mosh.enable = true; - - services = { - openssh = { - enable = true; - ports = [port]; - logLevel = "VERBOSE"; # Required by fail2ban. - permitRootLogin = "no"; - passwordAuthentication = false; - }; - - fail2ban.jails.sshd = '' - enabled = true - mode = aggressive - port = ${toString port} - ''; - }; - }) - ]; } diff --git a/modules/nixfiles/password-store.nix b/modules/nixfiles/password-store.nix index 7eac85e..1de8a55 100644 --- a/modules/nixfiles/password-store.nix +++ b/modules/nixfiles/password-store.nix @@ -7,7 +7,8 @@ with lib; let cfg = config.nixfiles.modules.password-store; in { - options.nixfiles.modules.password-store.enable = mkEnableOption "Unix pass"; + options.nixfiles.modules.password-store.enable = + mkEnableOption "the standard UNIX password manager"; config = mkIf cfg.enable { hm.programs = { @@ -16,7 +17,7 @@ in { package = pkgs.pass.withExtensions (p: with p; [pass-otp]); - settings.PASSWORD_STORE_DIR = "${config.dirs.data}/password-store"; + settings.PASSWORD_STORE_DIR = "${config.my.home}/.password-store"; }; # https://github.com/NixOS/nixpkgs/issues/183604 diff --git a/modules/nixfiles/profiles/default.nix b/modules/nixfiles/profiles/default.nix index 356413a..7d5ee8e 100644 --- a/modules/nixfiles/profiles/default.nix +++ b/modules/nixfiles/profiles/default.nix @@ -77,32 +77,14 @@ in { vim.enable = true; }; - # home-manager.users.root.home.file.".bash_history".source = - # config.hm.lib.file.mkOutOfStoreSymlink "/dev/null"; - - hm.home.language = { - collate = "C"; - messages = "C"; - }; - - programs.less = { - enable = true; - envVariables.LESSHISTFILE = "-"; - }; + time.timeZone = mkDefault "Europe/Moscow"; environment.systemPackages = with pkgs; [ - cryptsetup ddrescue file git gnupg - lshw - lsof - pciutils - psmisc tree - usbutils - util-linux ]; }; } diff --git a/modules/nixfiles/profiles/dev/containers.nix b/modules/nixfiles/profiles/dev/containers.nix index da7aa27..7ec6768 100644 --- a/modules/nixfiles/profiles/dev/containers.nix +++ b/modules/nixfiles/profiles/dev/containers.nix @@ -14,12 +14,9 @@ in { }; config = mkIf cfg.enable { - nixfiles.modules.podman.enable = true; - hm = { home = { sessionVariables = { - MINIKUBE_HOME = "${config.dirs.config}/minikube"; MINIKUBE_IN_STYLE = "false"; WERF_DEV = "true"; WERF_INSECURE_REGISTRY = "true"; @@ -31,15 +28,16 @@ in { }; packages = with pkgs; [ - buildah chart-testing cmctl datree helm kubectl kubectx + kubelogin kubescape kubespy + lima minikube skaffold skopeo @@ -49,12 +47,6 @@ in { ]; }; - xdg.dataFile."minikube/config/config.json".text = generators.toJSON {} { - config.Rootless = true; - driver = "podman"; - container-runtime = "cri-o"; - }; - programs.bash = { shellAliases = with pkgs; { b = "${buildah}/bin/buildah"; diff --git a/modules/nixfiles/profiles/dev/default.nix b/modules/nixfiles/profiles/dev/default.nix index 4656ade..b05aeac 100644 --- a/modules/nixfiles/profiles/dev/default.nix +++ b/modules/nixfiles/profiles/dev/default.nix @@ -2,6 +2,7 @@ config, lib, pkgs, + this, ... }: with lib; let @@ -34,7 +35,7 @@ in { ".ghc/ghci.conf".source = ./ghci.conf; - "${config.dirs.data}/stack/config.yaml".text = generators.toYAML {} { + ".stack/config.yaml".text = generators.toYAML {} { templates.params = rec { author-name = my.fullname; author-email = my.email; @@ -43,16 +44,14 @@ in { }; }; - "${config.dirs.data}/stack/global-project/stack.yaml".text = generators.toYAML {} { + ".stack/global-project/stack.yaml".text = generators.toYAML {} { packages = []; - resolver = "lts-19.28"; + resolver = "lts-20.3"; }; }; sessionVariables = with config.dirs; rec { - ANDROID_HOME = "${data}/android"; - - CABAL_DIR = "${data}/cabal"; + CABAL_DIR = "${config.my.home}/.cabal"; CABAL_CONFIG = pkgs.writeText "cabal-config" '' repository hackage.haskell.org url: https://hackage.haskell.org/ @@ -71,11 +70,11 @@ in { extra-prog-path: ${CABAL_DIR}/bin ''; - STACK_ROOT = "${data}/stack"; + STACK_ROOT = "${config.my.home}/.stack"; - CARGO_HOME = "${data}/cargo"; + CARGO_HOME = "${config.my.home}/.cargo"; - GOPATH = "${data}/go"; + GOPATH = "${config.my.home}/.go"; PYTHONSTARTUP = ./pystartup.py; }; @@ -86,7 +85,5 @@ in { yq ]; }; - - my.extraGroups = ["kvm"]; }; } diff --git a/modules/nixfiles/profiles/dev/sql.nix b/modules/nixfiles/profiles/dev/sql.nix index d6bcba8..7a2a09c 100644 --- a/modules/nixfiles/profiles/dev/sql.nix +++ b/modules/nixfiles/profiles/dev/sql.nix @@ -15,7 +15,11 @@ in { config = mkIf cfg.enable { hm = { - home.packages = with pkgs; [pgcli litecli]; + home.packages = with pkgs; [ + dbeaver + pgcli + litecli + ]; xdg = let mainSection = { diff --git a/modules/nixfiles/profiles/headful.nix b/modules/nixfiles/profiles/headful.nix index f3355b6..1c1f43b 100644 --- a/modules/nixfiles/profiles/headful.nix +++ b/modules/nixfiles/profiles/headful.nix @@ -17,44 +17,27 @@ in { alacritty.enable = true; aria2.enable = true; - chromium.enable = true; emacs.enable = true; - firefox.enable = true; mpv.enable = true; openssh.client.enable = true; password-store.enable = true; - sound.enable = true; - x11.enable = true; - - dwm.enable = mkDefault false; - kde.enable = mkDefault true; - xmonad.enable = mkDefault false; }; hm = { - home.packages = with pkgs; [ - # (openconnect.overrideAttrs (_: super: { - # version = "unstable-2022-10-23"; - # src = pkgs.fetchFromGitLab { - # owner = "openconnect"; - # repo = "openconnect"; - # rev = "acdfc753f7885b2a539f99036ac41ba1b78cc7ae"; - # hash = "sha256-ub+Z4WFD77h5YMQTb+TLc7EyY2KjBWglF1QVTirCHJM="; - # }; - # configureFlags = super.configureFlags ++ [ - # "--with-external-browser=${config.hm.programs.firefox.package}/bin/firefox" - # ]; - # })) - calibre - fd - imv - neochat - ripgrep - ripgrep-all - sd - tdesktop - tor-browser - ]; + home = { + file.".digrc".text = '' + +answer + +multiline + +recurse + ''; + + packages = with pkgs; [ + fd + ripgrep + ripgrep-all + sd + ]; + }; accounts.email = { maildirBasePath = "${config.my.home}/mail"; @@ -105,54 +88,19 @@ in { }; programs = { - bash.shellAliases.open = "${pkgs.xdg-utils}/bin/xdg-open"; mbsync.enable = true; msmtp.enable = true; mu.enable = true; }; }; - boot = { - kernelPackages = mkForce pkgs.linuxPackages_xanmod_latest; - - # There are (arguably) not a lot of reasons to keep mitigations enabled - # for on machine that is not web-facing. First of all, to completely - # mitigate any possible Spectre holes one would need to disable - # Hyperthreading altogether which will essentially put one's computer into - # the stone age by not being able to to effectively utilise multi-core its - # multicore capabilities. Secondly, by enabling mitigations, we introduce - # a plethora of performace overheads[1], which, albeit small, but still - # contribute to the overall speed of things. This is however still poses a - # security risk, which I am willing to take. - # - # [1]: https://www.phoronix.com/scan.php?page=article&item=spectre-meltdown-2&num=11 - kernelParams = ["mitigations=off"]; - }; - - hardware.opengl = { - enable = true; - driSupport = true; - }; - - programs = { - iftop.enable = true; - mtr.enable = true; - traceroute.enable = true; - }; - - services.upower.enable = true; - environment.systemPackages = with pkgs; [ arping dnsutils - ethtool inetutils ldns - nethogs socat tcpdump ]; - - my.extraGroups = ["audio" "video" "input"]; }; } diff --git a/modules/nixfiles/profiles/headless.nix b/modules/nixfiles/profiles/headless.nix index 520b97f..cc7c326 100644 --- a/modules/nixfiles/profiles/headless.nix +++ b/modules/nixfiles/profiles/headless.nix @@ -12,42 +12,12 @@ in { mkEnableOption "headless profile" // {default = this.isHeadless;}; config = mkIf cfg.enable { - nixfiles.modules = { - openssh.server.enable = true; - endlessh-go.enable = true; - - fail2ban.enable = true; - - node-exporter.enable = true; - promtail.enable = true; - }; - hm.home.file = { ".hushlogin".text = ""; ".bash_history".source = config.hm.lib.file.mkOutOfStoreSymlink "/dev/null"; }; - # Pin version to prevent any surprises. - boot.kernelPackages = pkgs.linuxPackages_5_15_hardened; - - nix = { - gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 30d"; - }; - - optimise = { - automatic = true; - dates = ["daily"]; - }; - }; - - services.udisks2.enable = false; - - xdg.sounds.enable = false; - environment.systemPackages = with pkgs; [alacritty.terminfo]; }; } diff --git a/modules/nixfiles/qutebrowser.nix b/modules/nixfiles/qutebrowser.nix index 76f9f98..68a41a5 100644 --- a/modules/nixfiles/qutebrowser.nix +++ b/modules/nixfiles/qutebrowser.nix @@ -532,7 +532,5 @@ in { in concatStringsSep "\n" final + "\n"); }; - - services.psd.enable = true; }; } diff --git a/modules/nixfiles/vscode.nix b/modules/nixfiles/vscode.nix index 7175b36..6671973 100644 --- a/modules/nixfiles/vscode.nix +++ b/modules/nixfiles/vscode.nix @@ -34,16 +34,16 @@ in { extensions = with pkgs; with vscode-extensions; - [editorconfig.editorconfig file-icons.file-icons redhat.vscode-yaml] - ++ optional cfg.vim.enable vscodevim.vim - ++ vscode-utils.extensionsFromVscodeMarketplace [ - { - name = "vscode-xml"; - publisher = "redhat"; - version = "0.20.0"; - hash = "sha256-GKBrf9s8n7Wv14RSfwyDma1dM0fGMvRkU/7v2DAcB9A="; - } - ]; + [ + editorconfig.editorconfig + file-icons.file-icons + gitlab.gitlab-workflow + ms-kubernetes-tools.vscode-kubernetes-tools + redhat.vscode-xml + redhat.vscode-yaml + streetsidesoftware.code-spell-checker + ] + ++ optional cfg.vim.enable vscodevim.vim; userSettings = let font = config.fontScheme.monospaceFont; @@ -61,7 +61,7 @@ in { renderWhitespace = "trailing"; rulers = [80 120]; smoothScrolling = false; - tabCompletion = true; + tabCompletion = "on"; } // (let surround = 10; @@ -160,11 +160,6 @@ in { leader = " "; useSystemClipboard = true; - - autoSwitchInputMethod = let - inputMethod = config.i18n.inputMethod.enabled; - in - mkIf (inputMethod != null) applyInputMethod.${inputMethod}; }; }; }; diff --git a/modules/nixfiles/wget.nix b/modules/nixfiles/wget.nix index 6d7b1b2..9a16fcc 100644 --- a/modules/nixfiles/wget.nix +++ b/modules/nixfiles/wget.nix @@ -11,7 +11,7 @@ in { config = mkIf cfg.enable { hm = { - programs.bash.shellAliases.wget = "${pkgs.wget}/bin/wget --hsts-file=${config.dirs.data}/wget-hsts"; + programs.bash.shellAliases.wget = "${pkgs.wget}/bin/wget --hsts-file=/tmp/wget-hsts"; home.sessionVariables.WGETRC = pkgs.writeText "wgetrc" '' adjust_extension = on diff --git a/modules/nixfiles/acme.nix b/modules/nixos/acme.nix index d3ad661..d3ad661 100644 --- a/modules/nixfiles/acme.nix +++ b/modules/nixos/acme.nix diff --git a/modules/nixfiles/alertmanager.nix b/modules/nixos/alertmanager.nix index 871b0c4..871b0c4 100644 --- a/modules/nixfiles/alertmanager.nix +++ b/modules/nixos/alertmanager.nix diff --git a/modules/nixfiles/android.nix b/modules/nixos/android.nix index 307490a..307490a 100644 --- a/modules/nixfiles/android.nix +++ b/modules/nixos/android.nix diff --git a/modules/nixfiles/bluetooth.nix b/modules/nixos/bluetooth.nix index 8347361..8347361 100644 --- a/modules/nixfiles/bluetooth.nix +++ b/modules/nixos/bluetooth.nix diff --git a/modules/nixfiles/common/console.nix b/modules/nixos/common/console.nix index 3c73695..3c73695 100644 --- a/modules/nixfiles/common/console.nix +++ b/modules/nixos/common/console.nix diff --git a/modules/nixos/common/default.nix b/modules/nixos/common/default.nix new file mode 100644 index 0000000..8724c8b --- /dev/null +++ b/modules/nixos/common/default.nix @@ -0,0 +1,19 @@ +_: { + imports = [ + ./console.nix + ./documentation.nix + ./home-manager.nix + ./kernel.nix + ./locale.nix + ./networking.nix + ./nix.nix + ./secrets.nix + ./security.nix + ./services.nix + ./shell.nix + ./systemd.nix + ./tmp.nix + ./users.nix + ./xdg.nix + ]; +} diff --git a/modules/nixos/common/documentation.nix b/modules/nixos/common/documentation.nix new file mode 100644 index 0000000..f909108 --- /dev/null +++ b/modules/nixos/common/documentation.nix @@ -0,0 +1,31 @@ +{ + config, + lib, + pkgs, + this, + ... +}: +with lib; { + config = mkIf this.isHeadful { + documentation = { + dev.enable = true; + nixos.enable = true; + + man.man-db.manualPages = + (pkgs.buildEnv { + name = "man-paths"; + paths = with config; + environment.systemPackages ++ hm.home.packages; + pathsToLink = ["/share/man"]; + extraOutputsToInstall = ["man"]; + ignoreCollisions = true; + }) + .overrideAttrs (_: _: {__contentAddressed = true;}); + }; + + environment.sessionVariables = { + MANOPT = "--no-hyphenation"; + MANPAGER = "${pkgs.less}/bin/less -+F"; + }; + }; +} diff --git a/modules/nixos/common/home-manager.nix b/modules/nixos/common/home-manager.nix new file mode 100644 index 0000000..52f2fd3 --- /dev/null +++ b/modules/nixos/common/home-manager.nix @@ -0,0 +1,3 @@ +{inputs, ...}: { + imports = [inputs.home-manager.nixosModule]; +} diff --git a/modules/nixfiles/common/kernel.nix b/modules/nixos/common/kernel.nix index 2fdfeeb..2fc40f9 100644 --- a/modules/nixfiles/common/kernel.nix +++ b/modules/nixos/common/kernel.nix @@ -1,7 +1,10 @@ {lib, ...}: with lib; { boot = { - # I don't use it even on laptops. + # I don't use it even on laptops. It's also /required/ to disable it for + # ZFS[1]. + # [1]: https://github.com/openzfs/zfs/issues/260 + # [1]: https://github.com/openzfs/zfs/issues/12842 kernelParams = ["hibernate=no"]; kernel.sysctl = { @@ -30,4 +33,7 @@ with lib; { "vm.vfs_cache_pressure" = 50; }; }; + + # https://docs.kernel.org/admin-guide/mm/ksm.html + hardware.ksm.enable = true; } diff --git a/modules/nixos/common/locale.nix b/modules/nixos/common/locale.nix new file mode 100644 index 0000000..62d19f4 --- /dev/null +++ b/modules/nixos/common/locale.nix @@ -0,0 +1,24 @@ +{lib, ...}: +with lib; { + i18n = { + defaultLocale = mkDefault "en_GB.UTF-8"; + supportedLocales = [ + "C.UTF-8/UTF-8" + "en_GB.UTF-8/UTF-8" + "en_US.UTF-8/UTF-8" + "ja_JP.UTF-8/UTF-8" + "ru_RU.UTF-8/UTF-8" + ]; + }; + + services.xserver = { + layout = comcat ["us" "ru"]; + xkbVariant = comcat ["" "phonetic"]; + xkbOptions = comcat [ + "terminate:ctrl_alt_bksp" + "caps:escape" + "compose:menu" + "grp:win_space_toggle" + ]; + }; +} diff --git a/modules/nixos/common/networking.nix b/modules/nixos/common/networking.nix new file mode 100644 index 0000000..6109933 --- /dev/null +++ b/modules/nixos/common/networking.nix @@ -0,0 +1,108 @@ +{ + config, + lib, + pkgs, + this, + ... +}: +with lib; { + # TODO Support multiple interfaces and IP addresses. + networking = mkMerge [ + { + domain = my.domain.shire; + + hostName = this.hostname; + hostId = substring 0 8 (builtins.hashString "md5" this.hostname); + + # Remove default hostname mappings. This is required at least by the current + # implementation of the montoring module. + hosts = { + "127.0.0.2" = mkForce []; + "::1" = mkForce []; + }; + + nameservers = mkDefault dns.const.quad9.default; + + useDHCP = false; + + firewall = { + enable = true; + + rejectPackets = false; + + allowPing = true; + pingLimit = "--limit 1/minute --limit-burst 5"; + + logRefusedConnections = false; + logRefusedPackets = false; + logRefusedUnicastsOnly = false; + logReversePathDrops = false; + }; + } + (let + interface = "eth0"; # This assumes `usePredictableInterfaceNames` is false. + in + mkIf (hasAttr "ipv4" this && hasAttr "ipv6" this) { + usePredictableInterfaceNames = false; # NOTE This can break something! + interfaces.${interface} = { + ipv4.addresses = with this.ipv4; + optional (isString address && isInt prefixLength) { + inherit address prefixLength; + }; + + ipv6.addresses = with this.ipv6; + optional (isString address && isInt prefixLength) { + inherit address prefixLength; + }; + }; + defaultGateway = with this.ipv4; + mkIf (isString gatewayAddress) { + inherit interface; + address = gatewayAddress; + }; + defaultGateway6 = with this.ipv6; + mkIf (isString gatewayAddress) { + inherit interface; + address = gatewayAddress; + }; + }) + (mkIf this.isHeadful { + interfaces = { + eth0.useDHCP = mkDefault true; + wlan0.useDHCP = mkDefault true; + }; + + networkmanager = { + enable = mkDefault true; + wifi.backend = "iwd"; + }; + + wireless = { + enable = false; + iwd.enable = mkDefault true; + userControlled.enable = true; + allowAuxiliaryImperativeNetworks = true; + }; + }) + ]; + + environment.shellAliases = listToAttrs (map + ({ + name, + value, + }: + nameValuePair name "${pkgs.iproute2}/bin/${value}") [ + { + name = "bridge"; + value = "bridge -color=always"; + } + { + name = "ip"; + value = "ip -color=always"; + } + { + name = "tc"; + value = "tc -color=always"; + } + ]); +} diff --git a/modules/nixos/common/nix.nix b/modules/nixos/common/nix.nix new file mode 100644 index 0000000..07136a0 --- /dev/null +++ b/modules/nixos/common/nix.nix @@ -0,0 +1,39 @@ +{ + config, + inputs, + lib, + this, + ... +}: +with lib; let + cfg = config.nixfiles.modules.common.nix; +in { + options.nixfiles.modules.common.nix.allowedUnfreePackages = mkOption { + description = "A list of allowed unfree packages."; + type = with types; listOf str; + default = []; + }; + + config = { + nix.settings.trusted-users = ["@wheel"]; + + nixpkgs = { + config.allowUnfreePredicate = p: elem (getName p) cfg.allowedUnfreePackages; + + overlays = with inputs; [ + agenix.overlay + # nix-minecraft-servers.overlays.default + xmonad-ng.overlays.default + ]; + }; + + system.stateVersion = with builtins; + head (split "\n" (readFile "${inputs.nixpkgs}/.version")); + + environment = { + sessionVariables.NIX_SHELL_PRESERVE_PROMPT = "1"; + localBinInPath = true; + defaultPackages = []; + }; + }; +} diff --git a/modules/nixfiles/common/secrets.nix b/modules/nixos/common/secrets.nix index 9e59716..4fcdc61 100644 --- a/modules/nixfiles/common/secrets.nix +++ b/modules/nixos/common/secrets.nix @@ -41,7 +41,5 @@ with lib; { }; environment.systemPackages = with pkgs; [agenix]; - - system.extraDependencies = [inputs.agenix]; }; } diff --git a/modules/nixfiles/common/security.nix b/modules/nixos/common/security.nix index 09c5da1..09c5da1 100644 --- a/modules/nixfiles/common/security.nix +++ b/modules/nixos/common/security.nix diff --git a/modules/nixos/common/services.nix b/modules/nixos/common/services.nix new file mode 100644 index 0000000..725502a --- /dev/null +++ b/modules/nixos/common/services.nix @@ -0,0 +1,10 @@ +_: { + services = { + # https://github.com/Irqbalance/irqbalance/issues/54#issuecomment-319245584 + # https://unix.stackexchange.com/questions/710603/should-the-irqbalance-daemon-be-used-on-a-modern-desktop-x86-system + irqbalance.enable = true; + + # https://github.com/NixOS/nixpkgs/issues/135888 + nscd.enableNsncd = true; + }; +} diff --git a/modules/nixos/common/shell.nix b/modules/nixos/common/shell.nix new file mode 100644 index 0000000..5fbc441 --- /dev/null +++ b/modules/nixos/common/shell.nix @@ -0,0 +1,3 @@ +_: { + programs.command-not-found.enable = false; +} diff --git a/modules/nixfiles/common/systemd.nix b/modules/nixos/common/systemd.nix index 5c7282d..5c7282d 100644 --- a/modules/nixfiles/common/systemd.nix +++ b/modules/nixos/common/systemd.nix diff --git a/modules/nixfiles/common/tmp.nix b/modules/nixos/common/tmp.nix index d56e2b6..d56e2b6 100644 --- a/modules/nixfiles/common/tmp.nix +++ b/modules/nixos/common/tmp.nix diff --git a/modules/nixos/common/users.nix b/modules/nixos/common/users.nix new file mode 100644 index 0000000..22e8023 --- /dev/null +++ b/modules/nixos/common/users.nix @@ -0,0 +1,19 @@ +{lib, ...}: +with lib; { + users = { + mutableUsers = false; + + users = { + root.hashedPassword = "@HASHED_PASSWORD@"; + + ${my.username} = { + isNormalUser = true; + uid = 1000; + description = my.fullname; + inherit (my) hashedPassword; + openssh.authorizedKeys.keys = [my.ssh.key]; + extraGroups = ["wheel"]; + }; + }; + }; +} diff --git a/modules/nixfiles/common/xdg.nix b/modules/nixos/common/xdg.nix index 8ddf1ac..8ddf1ac 100644 --- a/modules/nixfiles/common/xdg.nix +++ b/modules/nixos/common/xdg.nix diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix new file mode 100644 index 0000000..b35e461 --- /dev/null +++ b/modules/nixos/default.nix @@ -0,0 +1,59 @@ +_: { + imports = [ + ./acme.nix + ./alertmanager.nix + ./android.nix + ./bluetooth.nix + ./common + ./discord.nix + ./docker.nix + ./dwm.nix + ./emacs.nix + ./endlessh-go.nix + ./endlessh.nix + ./fail2ban.nix + ./fonts.nix + ./games + ./git.nix + ./gnupg.nix + ./gotify.nix + ./grafana.nix + ./hydra.nix + ./ipfs.nix + ./kde.nix + ./libvirtd.nix + ./lidarr.nix + ./loki.nix + ./lxc.nix + ./matrix + ./monitoring + ./nextcloud.nix + ./nginx.nix + ./node-exporter.nix + ./nsd.nix + ./openssh.nix + ./podman.nix + ./postgresql.nix + ./profiles + ./prometheus.nix + ./promtail.nix + ./psd.nix + ./radarr.nix + ./radicale.nix + ./rss-bridge.nix + ./rtorrent.nix + ./searx.nix + ./shadowsocks.nix + ./soju.nix + ./solaar.nix + ./sonarr.nix + ./sound.nix + ./syncthing.nix + ./throttled.nix + ./unbound.nix + ./vaultwarden.nix + ./wireguard.nix + ./x11.nix + ./xmonad.nix + ]; +} diff --git a/modules/nixos/discord.nix b/modules/nixos/discord.nix new file mode 100644 index 0000000..190b5fc --- /dev/null +++ b/modules/nixos/discord.nix @@ -0,0 +1,22 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.nixfiles.modules.discord; +in { + options.nixfiles.modules.discord.enable = + mkEnableOption "Steam runtime"; + + config = mkIf cfg.enable { + nixfiles.modules.common.nix.allowedUnfreePackages = ["discord"]; + + hm.home.packages = with pkgs; [ + (discord.override { + withOpenASAR = true; + }) + ]; + }; +} diff --git a/modules/nixfiles/docker.nix b/modules/nixos/docker.nix index e642030..e642030 100644 --- a/modules/nixfiles/docker.nix +++ b/modules/nixos/docker.nix diff --git a/modules/nixfiles/dwm.nix b/modules/nixos/dwm.nix index 618d8ed..618d8ed 100644 --- a/modules/nixfiles/dwm.nix +++ b/modules/nixos/dwm.nix diff --git a/modules/nixos/emacs.nix b/modules/nixos/emacs.nix new file mode 100644 index 0000000..800d411 --- /dev/null +++ b/modules/nixos/emacs.nix @@ -0,0 +1,30 @@ +{ + config, + inputs, + lib, + ... +}: +with lib; let + cfg = config.nixfiles.modules.emacs; +in { + config = mkIf cfg.enable { + secrets.authinfo = { + file = "${inputs.self}/secrets/authinfo"; + owner = my.username; + inherit (config.my) group; + }; + + nixfiles.modules.x11.enable = true; + + hm = { + programs.doom-emacs.extraConfig = '' + (appendq! auth-sources '("${config.secrets.authinfo.path}")) + ''; + + services.emacs = { + enable = true; + client.enable = true; + }; + }; + }; +} diff --git a/modules/nixfiles/endlessh-go.nix b/modules/nixos/endlessh-go.nix index 9ceb4e4..435305d 100644 --- a/modules/nixfiles/endlessh-go.nix +++ b/modules/nixos/endlessh-go.nix @@ -1,8 +1,6 @@ { config, - inputs, lib, - pkgs, this, ... }: diff --git a/modules/nixos/endlessh.nix b/modules/nixos/endlessh.nix new file mode 100644 index 0000000..67789fd --- /dev/null +++ b/modules/nixos/endlessh.nix @@ -0,0 +1,24 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.nixfiles.modules.endlessh; +in { + options.nixfiles.modules.endlessh.enable = mkEnableOption "endlessh"; + + config = let + port = 22; + in + mkIf cfg.enable { + services.endlessh = { + enable = true; + inherit port; + extraOptions = ["-v" "-4"]; + }; + + networking.firewall.allowedTCPPorts = [port]; + }; +} diff --git a/modules/nixfiles/fail2ban.nix b/modules/nixos/fail2ban.nix index 5ac3c9c..5ac3c9c 100644 --- a/modules/nixfiles/fail2ban.nix +++ b/modules/nixos/fail2ban.nix diff --git a/modules/nixos/fonts.nix b/modules/nixos/fonts.nix new file mode 100644 index 0000000..d4a7330 --- /dev/null +++ b/modules/nixos/fonts.nix @@ -0,0 +1,45 @@ +{ + config, + lib, + ... +}: +with lib; let + cfg = config.nixfiles.modules.fonts; +in { + config = mkMerge [ + (mkIf cfg.enable { + hm.fonts.fontconfig.enable = true; + fonts.fontconfig = { + enable = true; + + defaultFonts = { + monospace = [ + "Iosevka" + "Sarasa Mono K" + "Sarasa Mono J" + "Sarasa Mono SC" + "Sarasa Mono CL" + ]; + sansSerif = [ + "Iosevka Aile" + "Sarasa Gothic K" + "Sarasa Gothic J" + "Sarasa Gothic SC" + "Sarasa Gothic CL" + ]; + serif = [ + "Iosevka Etoile" + "Sarasa Gothic K" + "Sarasa Gothic J" + "Sarasa Gothic SC" + "Sarasa Gothic CL" + ]; + }; + }; + }) + (mkIf (!cfg.enable) { + hm.fonts.fontconfig.enable = false; + fonts.fontconfig.enable = false; + }) + ]; +} diff --git a/modules/nixfiles/games/default.nix b/modules/nixos/games/default.nix index 1c5766b..1c5766b 100644 --- a/modules/nixfiles/games/default.nix +++ b/modules/nixos/games/default.nix diff --git a/modules/nixfiles/games/gamemode.nix b/modules/nixos/games/gamemode.nix index 051d12e..051d12e 100644 --- a/modules/nixfiles/games/gamemode.nix +++ b/modules/nixos/games/gamemode.nix diff --git a/modules/nixfiles/games/gog.nix b/modules/nixos/games/gog.nix index 86039f1..86039f1 100644 --- a/modules/nixfiles/games/gog.nix +++ b/modules/nixos/games/gog.nix diff --git a/modules/nixfiles/games/lutris.nix b/modules/nixos/games/lutris.nix index e7faef3..72179fc 100644 --- a/modules/nixfiles/games/lutris.nix +++ b/modules/nixos/games/lutris.nix @@ -16,20 +16,17 @@ in { steam-run.enable = true; }; - # This removes the annoying warning. - boot.kernel.sysctl."dev.i915.perf_stream_paranoid" = 0; - hm.home.packages = with pkgs; [ (lutris.override { lutris-unwrapped = lutris-unwrapped.override { wine = buildFHSUserEnv { - # We don't really need Wine because Lutris downloads the required + # We don't really need Wine because Lutris downloads a required # runtime for us. name = "empty"; }; }; - steamSupport = false; }) + vkBasalt ]; }; } diff --git a/modules/nixfiles/games/mangohud.nix b/modules/nixos/games/mangohud.nix index b521687..d693c82 100644 --- a/modules/nixfiles/games/mangohud.nix +++ b/modules/nixos/games/mangohud.nix @@ -13,13 +13,13 @@ in { enable = true; settings = { fps = true; + frame_timing = true; gpu_stats = true; gpu_temp = true; cpu_stats = true; cpu_temp = true; - }; - settingsPerApplication = { - mpv.no_display = true; + ram = true; + vram = true; }; }; }; diff --git a/modules/nixfiles/games/minecraft.nix b/modules/nixos/games/minecraft.nix index 47279f8..e53f9eb 100644 --- a/modules/nixfiles/games/minecraft.nix +++ b/modules/nixos/games/minecraft.nix @@ -23,8 +23,6 @@ in { config = mkMerge [ (mkIf cfg.client.enable { hm.home.packages = with pkgs; [pollymc]; - - system.extraDependencies = [inputs.pollymc]; }) (mkIf cfg.server.enable { # Configurations, opslist, whitelist and plugins are managed imperatively. @@ -47,8 +45,6 @@ in { # Defined in /var/lib/minecraft/server.properties. networking.firewall.allowedTCPPorts = [55565]; - - system.extraDependencies = [inputs.nix-minecraft-servers]; }) ]; } diff --git a/modules/nixfiles/games/steam-run.nix b/modules/nixos/games/steam-run.nix index 4731fd6..1a1e61f 100644 --- a/modules/nixfiles/games/steam-run.nix +++ b/modules/nixos/games/steam-run.nix @@ -11,12 +11,15 @@ in { enable = mkEnableOption "native Steam runtime"; quirks = { - mountandblade = mkEnableOption ''fixes for "Mount & Blade: Warband" issues''; + mountAndBladeWarband = mkEnableOption ''fixes for "Mount & Blade: Warband" issues''; + cryptOfTheNecrodancer = mkEnableOption ''fixes for "Crypt of the NecroDancer" issues''; }; }; config = mkIf cfg.enable { nixfiles.modules = { + common.nix.allowedUnfreePackages = ["steam" "steam-run"]; + games = { enable32BitSupport = true; gamemode.enable = true; @@ -27,11 +30,12 @@ in { (steam.override { extraLibraries = _: with cfg.quirks; - optionals mountandblade [ + [] + ++ optionals mountAndBladeWarband [ (glew.overrideAttrs (_: super: let opname = super.pname; in rec { - pname = "${opname}-mbw"; + pname = "${opname}-runfix"; inherit (super) version; src = fetchurl { url = "mirror://sourceforge/${opname}/${opname}-${version}.tgz"; @@ -41,7 +45,7 @@ in { (fmodex.overrideAttrs (_: super: let opname = super.pname; in rec { - pname = "${opname}-mbw"; + pname = "${opname}-runfix"; inherit (super) version; installPhase = let libPath = makeLibraryPath [ @@ -54,16 +58,16 @@ in { patchelf --set-rpath ${libPath} $out/lib/libfmodex64.so ''; })) + ] + ++ optionals cryptOfTheNecrodancer [ + (import (builtins.fetchTarball { + url = "https://github.com/NixOS/nixpkgs/archive/d1c3fea7ecbed758168787fe4e4a3157e52bc808.tar.gz"; + sha256 = "0ykm15a690v8lcqf2j899za3j6hak1rm3xixdxsx33nz7n3swsyy"; + }) {inherit (config.nixpkgs) config localSystem;}) + .flac ]; }) .run ]; - - nixpkgs.config.allowUnfreePredicate = p: - elem (getName p) [ - "steam" - "steam-original" - "steam-run" - ]; }; } diff --git a/modules/nixfiles/games/steam.nix b/modules/nixos/games/steam.nix index bbd01f6..8dfa72c 100644 --- a/modules/nixfiles/games/steam.nix +++ b/modules/nixos/games/steam.nix @@ -11,18 +11,15 @@ in { mkEnableOption "Steam runtime"; config = mkIf cfg.enable { - nixfiles.modules.games = { - enable32BitSupport = true; - gamemode.enable = true; + nixfiles.modules = { + common.nix.allowedUnfreePackages = ["steam" "steam-original"]; + + games = { + enable32BitSupport = true; + gamemode.enable = true; + }; }; hm.home.packages = with pkgs; [steam]; - - nixpkgs.config.allowUnfreePredicate = p: - elem (getName p) [ - "steam" - "steam-original" - "steam-run" - ]; }; } diff --git a/modules/nixos/git.nix b/modules/nixos/git.nix new file mode 100644 index 0000000..f754588 --- /dev/null +++ b/modules/nixos/git.nix @@ -0,0 +1,117 @@ +{ + config, + lib, + inputs, + pkgs, + ... +}: +with lib; let + cfg = config.nixfiles.modules.git; +in { + options.nixfiles.modules.git.server = { + enable = mkEnableOption "Git server"; + + domain = mkOption { + description = "Domain name sans protocol scheme."; + type = with types; nullOr str; + default = "git.${config.networking.domain}"; + }; + + package = mkOption { + description = "Package."; + type = types.package; + default = pkgs.cgit-pink; + }; + }; + + config = mkMerge [ + (mkIf cfg.client.enable { + secrets = { + glab-cli-config = { + file = "${inputs.self}/secrets/glab-cli-config"; + path = "${config.dirs.config}/glab-cli/config.yml"; + owner = my.username; + inherit (config.my) group; + }; + gh-hosts = { + file = "${inputs.self}/secrets/gh-hosts"; + path = "${config.dirs.config}/gh/hosts.yml"; + owner = my.username; + inherit (config.my) group; + }; + hut = { + file = "${inputs.self}/secrets/hut"; + path = "${config.dirs.config}/hut/config"; + owner = my.username; + inherit (config.my) group; + }; + }; + }) + (mkIf cfg.server.enable { + nixfiles.modules.nginx = { + enable = true; + virtualHosts.${cfg.server.domain} = { + locations = { + "/".extraConfig = let + cgitrc = pkgs.writeText "cgitrc" '' + root-title=azahi’s git stuff + root-desc=鯛も一人はうまからず + + about-filter=${cfg.server.package}/lib/cgit/filters/about-formatting.sh + source-filter=${cfg.server.package}/lib/cgit/filters/syntax-highlighting.py + commit-filter=${cfg.server.package}/lib/cgit/filters/commit-links.sh + + enable-git-config=1 + enable-gitweb-owner=1 + remove-suffix=1 + + snapshots=tar.gz tar.bz2 zip + + readme=:README + readme=:README.md + readme=:README.org + readme=:README.txt + readme=:readme + readme=:readme.md + readme=:readme.org + readme=:readme.txt + + scan-path=${config.services.gitolite.dataDir}/repositories + ''; + in '' + include ${config.services.nginx.package}/conf/fastcgi_params; + fastcgi_split_path_info ^(/?)(.+)$; + fastcgi_pass unix:${config.services.fcgiwrap.socketAddress}; + fastcgi_param SCRIPT_FILENAME ${cfg.server.package}/cgit/cgit.cgi; + fastcgi_param CGIT_CONFIG ${cgitrc}; + fastcgi_param PATH_INFO $uri; + fastcgi_param QUERY_STRING $args; + fastcgi_param HTTP_HOST $server_name; + ''; + # FIXME This breaks sources previewing for these files. + "~* ^/(.+.(ico|css|png))$".extraConfig = '' + alias ${cfg.server.package}/cgit/$1; + ''; + }; + }; + }; + + services = let + user = "git"; + group = "git"; + in { + gitolite = { + # TODO Make the configuration purely declarative. + enable = true; + inherit user group; + adminPubkey = my.ssh.key; + }; + + fcgiwrap = { + enable = true; + inherit user group; + }; + }; + }) + ]; +} diff --git a/modules/nixos/gnupg.nix b/modules/nixos/gnupg.nix new file mode 100644 index 0000000..b86be9b --- /dev/null +++ b/modules/nixos/gnupg.nix @@ -0,0 +1,38 @@ +{ + config, + lib, + ... +}: +with lib; let + cfg = config.nixfiles.modules.gnupg; +in { + options.nixfiles.modules.gnupg.pinentry = mkOption { + description = "Name of a pinentry implementation."; + type = types.str; + default = "curses"; + }; + + config = mkIf cfg.enable { + hm = { + programs.gpg.homedir = "${config.dirs.data}/gnupg"; + + services.gpg-agent = { + enable = true; + + enableSshSupport = true; + enableScDaemon = false; + + defaultCacheTtl = 999999; + defaultCacheTtlSsh = 999999; + maxCacheTtl = 999999; + maxCacheTtlSsh = 999999; + + grabKeyboardAndMouse = true; + + sshKeys = [my.pgp.grip]; + + pinentryFlavor = cfg.pinentry; + }; + }; + }; +} diff --git a/modules/nixfiles/gotify.nix b/modules/nixos/gotify.nix index db47bb4..db47bb4 100644 --- a/modules/nixfiles/gotify.nix +++ b/modules/nixos/gotify.nix diff --git a/modules/nixfiles/grafana.nix b/modules/nixos/grafana.nix index a614502..a614502 100644 --- a/modules/nixfiles/grafana.nix +++ b/modules/nixos/grafana.nix diff --git a/modules/nixfiles/hydra.nix b/modules/nixos/hydra.nix index 590fecb..590fecb 100644 --- a/modules/nixfiles/hydra.nix +++ b/modules/nixos/hydra.nix diff --git a/modules/nixfiles/ipfs.nix b/modules/nixos/ipfs.nix index 0ec64e5..0ec64e5 100644 --- a/modules/nixfiles/ipfs.nix +++ b/modules/nixos/ipfs.nix diff --git a/modules/nixfiles/kde.nix b/modules/nixos/kde.nix index a430294..a430294 100644 --- a/modules/nixfiles/kde.nix +++ b/modules/nixos/kde.nix diff --git a/modules/nixfiles/libvirtd.nix b/modules/nixos/libvirtd.nix index ae8b336..ae8b336 100644 --- a/modules/nixfiles/libvirtd.nix +++ b/modules/nixos/libvirtd.nix diff --git a/modules/nixfiles/lidarr.nix b/modules/nixos/lidarr.nix index f73f917..f73f917 100644 --- a/modules/nixfiles/lidarr.nix +++ b/modules/nixos/lidarr.nix diff --git a/modules/nixfiles/loki.nix b/modules/nixos/loki.nix index 1582164..1582164 100644 --- a/modules/nixfiles/loki.nix +++ b/modules/nixos/loki.nix diff --git a/modules/nixfiles/lxc.nix b/modules/nixos/lxc.nix index 4f7805f..4f7805f 100644 --- a/modules/nixfiles/lxc.nix +++ b/modules/nixos/lxc.nix diff --git a/modules/nixfiles/matrix/default.nix b/modules/nixos/matrix/default.nix index bd221c4..bd221c4 100644 --- a/modules/nixfiles/matrix/default.nix +++ b/modules/nixos/matrix/default.nix diff --git a/modules/nixfiles/matrix/dendrite.nix b/modules/nixos/matrix/dendrite.nix index 0fad5f2..0fad5f2 100644 --- a/modules/nixfiles/matrix/dendrite.nix +++ b/modules/nixos/matrix/dendrite.nix diff --git a/modules/nixfiles/matrix/element.nix b/modules/nixos/matrix/element.nix index 3d47800..3d47800 100644 --- a/modules/nixfiles/matrix/element.nix +++ b/modules/nixos/matrix/element.nix diff --git a/modules/nixfiles/matrix/synapse.nix b/modules/nixos/matrix/synapse.nix index 6ff5e0d..6ff5e0d 100644 --- a/modules/nixfiles/matrix/synapse.nix +++ b/modules/nixos/matrix/synapse.nix diff --git a/modules/nixfiles/monitoring/dashboards/endlessh.json b/modules/nixos/monitoring/dashboards/endlessh.json index 0b47ee2..0b47ee2 100644 --- a/modules/nixfiles/monitoring/dashboards/endlessh.json +++ b/modules/nixos/monitoring/dashboards/endlessh.json diff --git a/modules/nixfiles/monitoring/dashboards/nginx.json b/modules/nixos/monitoring/dashboards/nginx.json index b2cc499..b2cc499 100644 --- a/modules/nixfiles/monitoring/dashboards/nginx.json +++ b/modules/nixos/monitoring/dashboards/nginx.json diff --git a/modules/nixfiles/monitoring/dashboards/postgresql.json b/modules/nixos/monitoring/dashboards/postgresql.json index 4e533f7..4e533f7 100644 --- a/modules/nixfiles/monitoring/dashboards/postgresql.json +++ b/modules/nixos/monitoring/dashboards/postgresql.json diff --git a/modules/nixfiles/monitoring/dashboards/unbound.json b/modules/nixos/monitoring/dashboards/unbound.json index 8a0d503..8a0d503 100644 --- a/modules/nixfiles/monitoring/dashboards/unbound.json +++ b/modules/nixos/monitoring/dashboards/unbound.json diff --git a/modules/nixfiles/monitoring/default.nix b/modules/nixos/monitoring/default.nix index 4ff4c50..4ff4c50 100644 --- a/modules/nixfiles/monitoring/default.nix +++ b/modules/nixos/monitoring/default.nix diff --git a/modules/nixfiles/nextcloud.nix b/modules/nixos/nextcloud.nix index 69bea8a..69bea8a 100644 --- a/modules/nixfiles/nextcloud.nix +++ b/modules/nixos/nextcloud.nix diff --git a/modules/nixfiles/nginx.nix b/modules/nixos/nginx.nix index b8ab24d..b8ab24d 100644 --- a/modules/nixfiles/nginx.nix +++ b/modules/nixos/nginx.nix diff --git a/modules/nixfiles/node-exporter.nix b/modules/nixos/node-exporter.nix index 43f48f6..43f48f6 100644 --- a/modules/nixfiles/node-exporter.nix +++ b/modules/nixos/node-exporter.nix diff --git a/modules/nixfiles/nsd.nix b/modules/nixos/nsd.nix index f5a7d84..0dade8f 100644 --- a/modules/nixfiles/nsd.nix +++ b/modules/nixos/nsd.nix @@ -170,7 +170,5 @@ in { allowedTCPPorts = [53]; allowedUDPPorts = allowedTCPPorts; }; - - system.extraDependencies = [inputs.dns-nix]; }; } diff --git a/modules/nixos/openssh.nix b/modules/nixos/openssh.nix new file mode 100644 index 0000000..00d2852 --- /dev/null +++ b/modules/nixos/openssh.nix @@ -0,0 +1,34 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.nixfiles.modules.openssh; +in { + options.nixfiles.modules.openssh.server.enable = + mkEnableOption "OpenSSH server"; + + config = mkIf cfg.server.enable { + programs.mosh.enable = true; + + services = let + port = 22022; # Port 22 should be occupied by a tarpit. + in { + openssh = { + enable = true; + ports = [port]; + logLevel = "VERBOSE"; # Required by fail2ban. + permitRootLogin = "no"; + passwordAuthentication = false; + }; + + fail2ban.jails.sshd = '' + enabled = true + mode = aggressive + port = ${toString port} + ''; + }; + }; +} diff --git a/modules/nixfiles/podman.nix b/modules/nixos/podman.nix index 1c5378b..1c5378b 100644 --- a/modules/nixfiles/podman.nix +++ b/modules/nixos/podman.nix diff --git a/modules/nixfiles/postgresql.nix b/modules/nixos/postgresql.nix index df05e7e..df05e7e 100644 --- a/modules/nixfiles/postgresql.nix +++ b/modules/nixos/postgresql.nix diff --git a/modules/nixos/profiles/default.nix b/modules/nixos/profiles/default.nix new file mode 100644 index 0000000..d5ab838 --- /dev/null +++ b/modules/nixos/profiles/default.nix @@ -0,0 +1,33 @@ +{ + config, + lib, + pkgs, + this, + ... +}: +with lib; let + cfg = config.nixfiles.modules.profiles.default; +in { + imports = [ + ./dev + ./headful.nix + ./headless.nix + ]; + + config = mkIf cfg.enable { + programs.less = { + enable = true; + envVariables.LESSHISTFILE = "-"; + }; + + environment.systemPackages = with pkgs; [ + cryptsetup + lshw + lsof + pciutils + psmisc + usbutils + util-linux + ]; + }; +} diff --git a/modules/nixos/profiles/dev/containers.nix b/modules/nixos/profiles/dev/containers.nix new file mode 100644 index 0000000..195b892 --- /dev/null +++ b/modules/nixos/profiles/dev/containers.nix @@ -0,0 +1,27 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.nixfiles.modules.profiles.dev.containers; +in { + config = mkIf cfg.enable { + nixfiles.modules.podman.enable = true; + + hm = { + home = { + sessionVariables.MINIKUBE_HOME = "${config.dirs.config}/minikube"; + + packages = with pkgs; [buildah]; + }; + + xdg.dataFile."minikube/config/config.json".text = generators.toJSON {} { + config.Rootless = true; + driver = "podman"; + container-runtime = "cri-o"; + }; + }; + }; +} diff --git a/modules/nixos/profiles/dev/default.nix b/modules/nixos/profiles/dev/default.nix new file mode 100644 index 0000000..83d41c0 --- /dev/null +++ b/modules/nixos/profiles/dev/default.nix @@ -0,0 +1,19 @@ +{ + config, + lib, + pkgs, + this, + ... +}: +with lib; let + cfg = config.nixfiles.modules.profiles.dev.default; +in { + config = mkIf cfg.enable { + hm.home.language = { + collate = "C"; + messages = "C"; + }; + + my.extraGroups = ["kvm"]; + }; +} diff --git a/modules/nixos/profiles/headful.nix b/modules/nixos/profiles/headful.nix new file mode 100644 index 0000000..01c442e --- /dev/null +++ b/modules/nixos/profiles/headful.nix @@ -0,0 +1,88 @@ +{ + config, + lib, + pkgs, + this, + ... +}: +with lib; let + cfg = config.nixfiles.modules.profiles.headful; +in { + config = mkIf cfg.enable { + nixfiles.modules = { + chromium.enable = true; + firefox.enable = true; + sound.enable = true; + x11.enable = true; + + dwm.enable = mkDefault false; + kde.enable = mkDefault true; + xmonad.enable = mkDefault false; + }; + + hm = { + home.packages = with pkgs; [ + calibre + imv + neochat + tdesktop + tor-browser + ]; + + programs.bash.shellAliases.open = "${pkgs.xdg-utils}/bin/xdg-open"; + }; + + boot = { + # Pretty much placebo but has some nice patches for `-march=native` + # optimisations, P-State Zen4 support and Fsync for Wine. + kernelPackages = mkDefault pkgs.linuxPackages_xanmod_latest; + + # There are (arguably) not a lot of reasons to keep mitigations enabled + # for on machine that is not web-facing. First of all, to completely + # mitigate any possible Spectre holes one would need to disable + # Hyperthreading altogether which will essentially put one's computer into + # the stone age by not being able to to effectively utilise multi-core its + # multicore capabilities. Secondly, by enabling mitigations, we introduce + # a plethora of performace overheads[1], which, albeit small, but still + # contribute to the overall speed of things. This is however still poses a + # security risk, which I am willing to take. + # + # [1]: https://www.phoronix.com/scan.php?page=article&item=spectre-meltdown-2&num=11 + kernelParams = ["mitigations=off"]; + + loader = { + efi.canTouchEfiVariables = true; + + systemd-boot = { + enable = true; + configurationLimit = 10; + }; + }; + }; + + hardware.opengl = { + enable = true; + driSupport = true; + }; + + programs = { + iftop.enable = true; + mtr.enable = true; + traceroute.enable = true; + }; + + services = { + # https://github.com/NixOS/nixpkgs/issues/135888 + upower.enable = true; + + psd.enable = true; + }; + + environment.systemPackages = with pkgs; [ + ethtool + nethogs + ]; + + my.extraGroups = ["audio" "video" "input"]; + }; +} diff --git a/modules/nixos/profiles/headless.nix b/modules/nixos/profiles/headless.nix new file mode 100644 index 0000000..9faf531 --- /dev/null +++ b/modules/nixos/profiles/headless.nix @@ -0,0 +1,42 @@ +{ + config, + lib, + pkgs, + this, + ... +}: +with lib; let + cfg = config.nixfiles.modules.profiles.headless; +in { + config = mkIf cfg.enable { + nixfiles.modules = { + openssh.server.enable = true; + endlessh-go.enable = true; + + fail2ban.enable = true; + + node-exporter.enable = true; + promtail.enable = true; + }; + + # Pin version to prevent any surprises. + boot.kernelPackages = pkgs.linuxPackages_5_15_hardened; + + nix = { + gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 30d"; + }; + + optimise = { + automatic = true; + dates = ["daily"]; + }; + }; + + services.udisks2.enable = false; + + xdg.sounds.enable = false; + }; +} diff --git a/modules/nixfiles/prometheus.nix b/modules/nixos/prometheus.nix index a75c151..a75c151 100644 --- a/modules/nixfiles/prometheus.nix +++ b/modules/nixos/prometheus.nix diff --git a/modules/nixfiles/promtail.nix b/modules/nixos/promtail.nix index 552df82..552df82 100644 --- a/modules/nixfiles/promtail.nix +++ b/modules/nixos/promtail.nix diff --git a/modules/nixfiles/psd.nix b/modules/nixos/psd.nix index 77d3c66..77d3c66 100644 --- a/modules/nixfiles/psd.nix +++ b/modules/nixos/psd.nix diff --git a/modules/nixfiles/radarr.nix b/modules/nixos/radarr.nix index 0abfdf2..0abfdf2 100644 --- a/modules/nixfiles/radarr.nix +++ b/modules/nixos/radarr.nix diff --git a/modules/nixfiles/radicale.nix b/modules/nixos/radicale.nix index c903d39..c903d39 100644 --- a/modules/nixfiles/radicale.nix +++ b/modules/nixos/radicale.nix diff --git a/modules/nixfiles/rss-bridge.nix b/modules/nixos/rss-bridge.nix index fef1070..fef1070 100644 --- a/modules/nixfiles/rss-bridge.nix +++ b/modules/nixos/rss-bridge.nix diff --git a/modules/nixfiles/rtorrent.nix b/modules/nixos/rtorrent.nix index 4014a3b..4014a3b 100644 --- a/modules/nixfiles/rtorrent.nix +++ b/modules/nixos/rtorrent.nix diff --git a/modules/nixfiles/searx.nix b/modules/nixos/searx.nix index 9462d5d..9462d5d 100644 --- a/modules/nixfiles/searx.nix +++ b/modules/nixos/searx.nix diff --git a/modules/nixfiles/shadowsocks.nix b/modules/nixos/shadowsocks.nix index b59359c..b59359c 100644 --- a/modules/nixfiles/shadowsocks.nix +++ b/modules/nixos/shadowsocks.nix diff --git a/modules/nixfiles/soju.nix b/modules/nixos/soju.nix index 14faf00..14faf00 100644 --- a/modules/nixfiles/soju.nix +++ b/modules/nixos/soju.nix diff --git a/modules/nixfiles/solaar.nix b/modules/nixos/solaar.nix index ceff23d..ceff23d 100644 --- a/modules/nixfiles/solaar.nix +++ b/modules/nixos/solaar.nix diff --git a/modules/nixfiles/sonarr.nix b/modules/nixos/sonarr.nix index 8c79175..8c79175 100644 --- a/modules/nixfiles/sonarr.nix +++ b/modules/nixos/sonarr.nix diff --git a/modules/nixfiles/sound.nix b/modules/nixos/sound.nix index ae35e44..ae35e44 100644 --- a/modules/nixfiles/sound.nix +++ b/modules/nixos/sound.nix diff --git a/modules/nixfiles/syncthing.nix b/modules/nixos/syncthing.nix index b690ab4..b690ab4 100644 --- a/modules/nixfiles/syncthing.nix +++ b/modules/nixos/syncthing.nix diff --git a/modules/nixfiles/throttled.nix b/modules/nixos/throttled.nix index f182ee1..f182ee1 100644 --- a/modules/nixfiles/throttled.nix +++ b/modules/nixos/throttled.nix diff --git a/modules/nixfiles/unbound.nix b/modules/nixos/unbound.nix index 8c40291..8c40291 100644 --- a/modules/nixfiles/unbound.nix +++ b/modules/nixos/unbound.nix diff --git a/modules/nixfiles/vaultwarden.nix b/modules/nixos/vaultwarden.nix index 7d51667..7d51667 100644 --- a/modules/nixfiles/vaultwarden.nix +++ b/modules/nixos/vaultwarden.nix diff --git a/modules/nixfiles/wireguard.nix b/modules/nixos/wireguard.nix index d05c6ae..d05c6ae 100644 --- a/modules/nixfiles/wireguard.nix +++ b/modules/nixos/wireguard.nix diff --git a/modules/nixfiles/x11.nix b/modules/nixos/x11.nix index cd8dfbe..cd8dfbe 100644 --- a/modules/nixfiles/x11.nix +++ b/modules/nixos/x11.nix diff --git a/modules/nixfiles/xmonad.nix b/modules/nixos/xmonad.nix index 847110e..2cc7ad6 100644 --- a/modules/nixfiles/xmonad.nix +++ b/modules/nixos/xmonad.nix @@ -24,7 +24,5 @@ in { }; services.xserver.displayManager.startx.enable = true; - - system.extraDependencies = [inputs.xmonad-ng]; }; } |