summaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
Diffstat (limited to 'modules')
-rw-r--r--modules/darwin/common/default.nix10
-rw-r--r--modules/darwin/common/home-manager.nix3
-rw-r--r--modules/darwin/common/locale.nix7
-rw-r--r--modules/darwin/common/networking.nix10
-rw-r--r--modules/darwin/common/nix.nix21
-rw-r--r--modules/darwin/common/shell.nix3
-rw-r--r--modules/darwin/common/users.nix11
-rw-r--r--modules/darwin/default.nix10
-rw-r--r--modules/darwin/emacs.nix15
-rw-r--r--modules/darwin/fonts.nix12
-rw-r--r--modules/darwin/gnupg.nix15
-rw-r--r--modules/darwin/homebrew.nix23
-rw-r--r--modules/darwin/profiles/default.nix93
-rw-r--r--modules/darwin/profiles/headful.nix19
-rw-r--r--modules/nixfiles/alacritty.nix5
-rw-r--r--modules/nixfiles/bat.nix3
-rw-r--r--modules/nixfiles/chromium.nix2
-rw-r--r--modules/nixfiles/common/default.nix7
-rw-r--r--modules/nixfiles/common/documentation.nix19
-rw-r--r--modules/nixfiles/common/home-manager.nix10
-rw-r--r--modules/nixfiles/common/locale.nix29
-rw-r--r--modules/nixfiles/common/networking.nix101
-rw-r--r--modules/nixfiles/common/nix/default.nix44
-rw-r--r--modules/nixfiles/common/services.nix9
-rw-r--r--modules/nixfiles/common/shell/default.nix152
-rw-r--r--modules/nixfiles/common/users.nix25
-rw-r--r--modules/nixfiles/default.nix49
-rw-r--r--modules/nixfiles/discord.nix22
-rw-r--r--modules/nixfiles/emacs/default.nix26
-rw-r--r--modules/nixfiles/emacs/doom/init.el8
-rw-r--r--modules/nixfiles/endlessh.nix45
-rw-r--r--modules/nixfiles/firefox/default.nix26
-rw-r--r--modules/nixfiles/firefox/userChrome.css5
-rw-r--r--modules/nixfiles/fonts.nix55
-rw-r--r--modules/nixfiles/git.nix287
-rw-r--r--modules/nixfiles/gnupg.nix120
-rw-r--r--modules/nixfiles/nmap.nix5
-rw-r--r--modules/nixfiles/openssh.nix122
-rw-r--r--modules/nixfiles/password-store.nix5
-rw-r--r--modules/nixfiles/profiles/default.nix20
-rw-r--r--modules/nixfiles/profiles/dev/containers.nix12
-rw-r--r--modules/nixfiles/profiles/dev/default.nix19
-rw-r--r--modules/nixfiles/profiles/dev/sql.nix6
-rw-r--r--modules/nixfiles/profiles/headful.nix80
-rw-r--r--modules/nixfiles/profiles/headless.nix30
-rw-r--r--modules/nixfiles/qutebrowser.nix2
-rw-r--r--modules/nixfiles/vscode.nix27
-rw-r--r--modules/nixfiles/wget.nix2
-rw-r--r--modules/nixos/acme.nix (renamed from modules/nixfiles/acme.nix)0
-rw-r--r--modules/nixos/alertmanager.nix (renamed from modules/nixfiles/alertmanager.nix)0
-rw-r--r--modules/nixos/android.nix (renamed from modules/nixfiles/android.nix)0
-rw-r--r--modules/nixos/bluetooth.nix (renamed from modules/nixfiles/bluetooth.nix)0
-rw-r--r--modules/nixos/common/console.nix (renamed from modules/nixfiles/common/console.nix)0
-rw-r--r--modules/nixos/common/default.nix19
-rw-r--r--modules/nixos/common/documentation.nix31
-rw-r--r--modules/nixos/common/home-manager.nix3
-rw-r--r--modules/nixos/common/kernel.nix (renamed from modules/nixfiles/common/kernel.nix)8
-rw-r--r--modules/nixos/common/locale.nix24
-rw-r--r--modules/nixos/common/networking.nix108
-rw-r--r--modules/nixos/common/nix.nix39
-rw-r--r--modules/nixos/common/secrets.nix (renamed from modules/nixfiles/common/secrets.nix)2
-rw-r--r--modules/nixos/common/security.nix (renamed from modules/nixfiles/common/security.nix)0
-rw-r--r--modules/nixos/common/services.nix10
-rw-r--r--modules/nixos/common/shell.nix3
-rw-r--r--modules/nixos/common/systemd.nix (renamed from modules/nixfiles/common/systemd.nix)0
-rw-r--r--modules/nixos/common/tmp.nix (renamed from modules/nixfiles/common/tmp.nix)0
-rw-r--r--modules/nixos/common/users.nix19
-rw-r--r--modules/nixos/common/xdg.nix (renamed from modules/nixfiles/common/xdg.nix)0
-rw-r--r--modules/nixos/default.nix59
-rw-r--r--modules/nixos/discord.nix22
-rw-r--r--modules/nixos/docker.nix (renamed from modules/nixfiles/docker.nix)0
-rw-r--r--modules/nixos/dwm.nix (renamed from modules/nixfiles/dwm.nix)0
-rw-r--r--modules/nixos/emacs.nix30
-rw-r--r--modules/nixos/endlessh-go.nix (renamed from modules/nixfiles/endlessh-go.nix)2
-rw-r--r--modules/nixos/endlessh.nix24
-rw-r--r--modules/nixos/fail2ban.nix (renamed from modules/nixfiles/fail2ban.nix)0
-rw-r--r--modules/nixos/fonts.nix45
-rw-r--r--modules/nixos/games/default.nix (renamed from modules/nixfiles/games/default.nix)0
-rw-r--r--modules/nixos/games/gamemode.nix (renamed from modules/nixfiles/games/gamemode.nix)0
-rw-r--r--modules/nixos/games/gog.nix (renamed from modules/nixfiles/games/gog.nix)0
-rw-r--r--modules/nixos/games/lutris.nix (renamed from modules/nixfiles/games/lutris.nix)7
-rw-r--r--modules/nixos/games/mangohud.nix (renamed from modules/nixfiles/games/mangohud.nix)6
-rw-r--r--modules/nixos/games/minecraft.nix (renamed from modules/nixfiles/games/minecraft.nix)4
-rw-r--r--modules/nixos/games/steam-run.nix (renamed from modules/nixfiles/games/steam-run.nix)26
-rw-r--r--modules/nixos/games/steam.nix (renamed from modules/nixfiles/games/steam.nix)17
-rw-r--r--modules/nixos/git.nix117
-rw-r--r--modules/nixos/gnupg.nix38
-rw-r--r--modules/nixos/gotify.nix (renamed from modules/nixfiles/gotify.nix)0
-rw-r--r--modules/nixos/grafana.nix (renamed from modules/nixfiles/grafana.nix)0
-rw-r--r--modules/nixos/hydra.nix (renamed from modules/nixfiles/hydra.nix)0
-rw-r--r--modules/nixos/ipfs.nix (renamed from modules/nixfiles/ipfs.nix)0
-rw-r--r--modules/nixos/kde.nix (renamed from modules/nixfiles/kde.nix)0
-rw-r--r--modules/nixos/libvirtd.nix (renamed from modules/nixfiles/libvirtd.nix)0
-rw-r--r--modules/nixos/lidarr.nix (renamed from modules/nixfiles/lidarr.nix)0
-rw-r--r--modules/nixos/loki.nix (renamed from modules/nixfiles/loki.nix)0
-rw-r--r--modules/nixos/lxc.nix (renamed from modules/nixfiles/lxc.nix)0
-rw-r--r--modules/nixos/matrix/default.nix (renamed from modules/nixfiles/matrix/default.nix)0
-rw-r--r--modules/nixos/matrix/dendrite.nix (renamed from modules/nixfiles/matrix/dendrite.nix)0
-rw-r--r--modules/nixos/matrix/element.nix (renamed from modules/nixfiles/matrix/element.nix)0
-rw-r--r--modules/nixos/matrix/synapse.nix (renamed from modules/nixfiles/matrix/synapse.nix)0
-rw-r--r--modules/nixos/monitoring/dashboards/endlessh.json (renamed from modules/nixfiles/monitoring/dashboards/endlessh.json)0
-rw-r--r--modules/nixos/monitoring/dashboards/nginx.json (renamed from modules/nixfiles/monitoring/dashboards/nginx.json)0
-rw-r--r--modules/nixos/monitoring/dashboards/postgresql.json (renamed from modules/nixfiles/monitoring/dashboards/postgresql.json)0
-rw-r--r--modules/nixos/monitoring/dashboards/unbound.json (renamed from modules/nixfiles/monitoring/dashboards/unbound.json)0
-rw-r--r--modules/nixos/monitoring/default.nix (renamed from modules/nixfiles/monitoring/default.nix)0
-rw-r--r--modules/nixos/nextcloud.nix (renamed from modules/nixfiles/nextcloud.nix)0
-rw-r--r--modules/nixos/nginx.nix (renamed from modules/nixfiles/nginx.nix)0
-rw-r--r--modules/nixos/node-exporter.nix (renamed from modules/nixfiles/node-exporter.nix)0
-rw-r--r--modules/nixos/nsd.nix (renamed from modules/nixfiles/nsd.nix)2
-rw-r--r--modules/nixos/openssh.nix34
-rw-r--r--modules/nixos/podman.nix (renamed from modules/nixfiles/podman.nix)0
-rw-r--r--modules/nixos/postgresql.nix (renamed from modules/nixfiles/postgresql.nix)0
-rw-r--r--modules/nixos/profiles/default.nix33
-rw-r--r--modules/nixos/profiles/dev/containers.nix27
-rw-r--r--modules/nixos/profiles/dev/default.nix19
-rw-r--r--modules/nixos/profiles/headful.nix88
-rw-r--r--modules/nixos/profiles/headless.nix42
-rw-r--r--modules/nixos/prometheus.nix (renamed from modules/nixfiles/prometheus.nix)0
-rw-r--r--modules/nixos/promtail.nix (renamed from modules/nixfiles/promtail.nix)0
-rw-r--r--modules/nixos/psd.nix (renamed from modules/nixfiles/psd.nix)0
-rw-r--r--modules/nixos/radarr.nix (renamed from modules/nixfiles/radarr.nix)0
-rw-r--r--modules/nixos/radicale.nix (renamed from modules/nixfiles/radicale.nix)0
-rw-r--r--modules/nixos/rss-bridge.nix (renamed from modules/nixfiles/rss-bridge.nix)0
-rw-r--r--modules/nixos/rtorrent.nix (renamed from modules/nixfiles/rtorrent.nix)0
-rw-r--r--modules/nixos/searx.nix (renamed from modules/nixfiles/searx.nix)0
-rw-r--r--modules/nixos/shadowsocks.nix (renamed from modules/nixfiles/shadowsocks.nix)0
-rw-r--r--modules/nixos/soju.nix (renamed from modules/nixfiles/soju.nix)0
-rw-r--r--modules/nixos/solaar.nix (renamed from modules/nixfiles/solaar.nix)0
-rw-r--r--modules/nixos/sonarr.nix (renamed from modules/nixfiles/sonarr.nix)0
-rw-r--r--modules/nixos/sound.nix (renamed from modules/nixfiles/sound.nix)0
-rw-r--r--modules/nixos/syncthing.nix (renamed from modules/nixfiles/syncthing.nix)0
-rw-r--r--modules/nixos/throttled.nix (renamed from modules/nixfiles/throttled.nix)0
-rw-r--r--modules/nixos/unbound.nix (renamed from modules/nixfiles/unbound.nix)0
-rw-r--r--modules/nixos/vaultwarden.nix (renamed from modules/nixfiles/vaultwarden.nix)0
-rw-r--r--modules/nixos/wireguard.nix (renamed from modules/nixfiles/wireguard.nix)0
-rw-r--r--modules/nixos/x11.nix (renamed from modules/nixfiles/x11.nix)0
-rw-r--r--modules/nixos/xmonad.nix (renamed from modules/nixfiles/xmonad.nix)2
137 files changed, 1500 insertions, 1041 deletions
diff --git a/modules/darwin/common/default.nix b/modules/darwin/common/default.nix
new file mode 100644
index 0000000..149b2d6
--- /dev/null
+++ b/modules/darwin/common/default.nix
@@ -0,0 +1,10 @@
+_: {
+ imports = [
+ ./home-manager.nix
+ ./locale.nix
+ ./networking.nix
+ ./nix.nix
+ ./shell.nix
+ ./users.nix
+ ];
+}
diff --git a/modules/darwin/common/home-manager.nix b/modules/darwin/common/home-manager.nix
new file mode 100644
index 0000000..4fc6cbe
--- /dev/null
+++ b/modules/darwin/common/home-manager.nix
@@ -0,0 +1,3 @@
+{inputs, ...}: {
+ imports = [inputs.home-manager.darwinModule];
+}
diff --git a/modules/darwin/common/locale.nix b/modules/darwin/common/locale.nix
new file mode 100644
index 0000000..1ecf6fe
--- /dev/null
+++ b/modules/darwin/common/locale.nix
@@ -0,0 +1,7 @@
+{lib, ...}:
+with lib; {
+ environment.variables.LANG = "en_GB.UTF-8";
+
+ # TODO https://daiderd.com/nix-darwin/manual/index.html#opt-system.keyboard.enableKeyMapping
+ system.keyboard = {};
+}
diff --git a/modules/darwin/common/networking.nix b/modules/darwin/common/networking.nix
new file mode 100644
index 0000000..6c503bc
--- /dev/null
+++ b/modules/darwin/common/networking.nix
@@ -0,0 +1,10 @@
+{
+ this,
+ localHostname ? this.hostname,
+ ...
+}: {
+ networking = {
+ computerName = localHostname;
+ hostName = localHostname;
+ };
+}
diff --git a/modules/darwin/common/nix.nix b/modules/darwin/common/nix.nix
new file mode 100644
index 0000000..a522cb0
--- /dev/null
+++ b/modules/darwin/common/nix.nix
@@ -0,0 +1,21 @@
+{
+ lib,
+ this,
+ ...
+}:
+with lib; {
+ nix = {
+ daemonIOLowPriority = false;
+ daemonProcessType = "Standard";
+
+ extraOptions = optionalString (this.system == "aarch64-darwin") ''
+ extra-platforms = x86_64-darwin aarch64-darwin
+ '';
+
+ settings.trusted-users = ["@admin"];
+ };
+
+ services.nix-daemon.enable = true;
+
+ system.stateVersion = 4;
+}
diff --git a/modules/darwin/common/shell.nix b/modules/darwin/common/shell.nix
new file mode 100644
index 0000000..5985f50
--- /dev/null
+++ b/modules/darwin/common/shell.nix
@@ -0,0 +1,3 @@
+{pkgs, ...}: {
+ environment.shells = with pkgs; [bashInteractive];
+}
diff --git a/modules/darwin/common/users.nix b/modules/darwin/common/users.nix
new file mode 100644
index 0000000..957e50c
--- /dev/null
+++ b/modules/darwin/common/users.nix
@@ -0,0 +1,11 @@
+{
+ lib,
+ localUsername ? lib.my.username,
+ ...
+}:
+with lib; {
+ # The only MacOS machine I'm currently using has a pre-configured domain user
+ # account that I have to login as. I may accidentally break something if I
+ # change options here so this section is left practically untouched.
+ users.users.${localUsername}.home = "/Users/${localUsername}";
+}
diff --git a/modules/darwin/default.nix b/modules/darwin/default.nix
new file mode 100644
index 0000000..153c857
--- /dev/null
+++ b/modules/darwin/default.nix
@@ -0,0 +1,10 @@
+_: {
+ imports = [
+ ./common
+ ./emacs.nix
+ ./fonts.nix
+ ./gnupg.nix
+ ./homebrew.nix
+ ./profiles
+ ];
+}
diff --git a/modules/darwin/emacs.nix b/modules/darwin/emacs.nix
new file mode 100644
index 0000000..02bfb83
--- /dev/null
+++ b/modules/darwin/emacs.nix
@@ -0,0 +1,15 @@
+{
+ config,
+ lib,
+ ...
+}:
+with lib; let
+ cfg = config.nixfiles.modules.emacs;
+in {
+ config = mkIf cfg.enable {
+ # services.emacs = {
+ # enable = true;
+ # package = config.hm.programs.doom-emacs.package;
+ # };
+ };
+}
diff --git a/modules/darwin/fonts.nix b/modules/darwin/fonts.nix
new file mode 100644
index 0000000..741fdc8
--- /dev/null
+++ b/modules/darwin/fonts.nix
@@ -0,0 +1,12 @@
+{
+ config,
+ lib,
+ ...
+}:
+with lib; let
+ cfg = config.nixfiles.modules.fonts;
+in {
+ config = mkIf cfg.enable {
+ fonts.fontDir.enable = true;
+ };
+}
diff --git a/modules/darwin/gnupg.nix b/modules/darwin/gnupg.nix
new file mode 100644
index 0000000..073d3b1
--- /dev/null
+++ b/modules/darwin/gnupg.nix
@@ -0,0 +1,15 @@
+{
+ config,
+ lib,
+ ...
+}:
+with lib; let
+ cfg = config.nixfiles.modules.gnupg;
+in {
+ config = mkIf cfg.enable {
+ programs.gnupg.agent = {
+ enable = true;
+ enableSSHSupport = true;
+ };
+ };
+}
diff --git a/modules/darwin/homebrew.nix b/modules/darwin/homebrew.nix
new file mode 100644
index 0000000..35e8e77
--- /dev/null
+++ b/modules/darwin/homebrew.nix
@@ -0,0 +1,23 @@
+{
+ config,
+ inputs,
+ lib,
+ pkgs,
+ ...
+}:
+with lib; let
+ cfg = config.nixfiles.modules.homebrew;
+in {
+ options.nixfiles.modules.homebrew.enable = mkEnableOption "Homebrew";
+
+ config = mkIf cfg.enable {
+ # This option requires an installed Homebrew[1].
+ #
+ # [1]: https://daiderd.com/nix-darwin/manual/index.html#opt-homebrew.enable
+ # [1]: https://brew.sh
+ homebrew = {
+ enable = true;
+ taps = [];
+ };
+ };
+}
diff --git a/modules/darwin/profiles/default.nix b/modules/darwin/profiles/default.nix
new file mode 100644
index 0000000..f42647a
--- /dev/null
+++ b/modules/darwin/profiles/default.nix
@@ -0,0 +1,93 @@
+{
+ config,
+ lib,
+ pkgs,
+ this,
+ ...
+}:
+with lib; let
+ cfg = config.nixfiles.modules.profiles.default;
+in {
+ imports = [
+ ./headful.nix
+ ];
+
+ config = mkIf cfg.enable {
+ hm.home.packages = with pkgs; [m-cli];
+
+ system = {
+ defaults = {
+ CustomUserPreferences = {};
+
+ ActivityMonitor = {};
+
+ NSGlobalDomain = {
+ AppleEnableMouseSwipeNavigateWithScrolls = true;
+ AppleEnableSwipeNavigateWithScrolls = true;
+
+ AppleInterfaceStyle = "Dark";
+
+ AppleShowAllExtensions = true;
+ AppleShowAllFiles = true;
+
+ InitialKeyRepeat = 15;
+ KeyRepeat = 2;
+
+ NSAutomaticCapitalizationEnabled = false;
+ NSAutomaticDashSubstitutionEnabled = false;
+ NSAutomaticPeriodSubstitutionEnabled = false;
+ NSAutomaticQuoteSubstitutionEnabled = false;
+ NSAutomaticSpellingCorrectionEnabled = false;
+
+ # Make function keys to work as they should.
+ "com.apple.keyboard.fnState" = true;
+
+ # Disable the absolutely retarded "natural" scrolling.
+ "com.apple.swipescrolldirection" = false;
+ };
+
+ dock = {
+ orientation = "bottom";
+ tilesize = 18;
+
+ show-recents = false;
+ static-only = false;
+
+ # Disable hot corners.
+ wvous-bl-corner = 1;
+ wvous-br-corner = 1;
+ wvous-tl-corner = 1;
+ wvous-tr-corner = 1;
+ };
+
+ finder = {
+ AppleShowAllExtensions = true;
+ AppleShowAllFiles = true;
+
+ CreateDesktop = true;
+
+ FXDefaultSearchScope = "SCcf";
+ FXEnableExtensionChangeWarning = false;
+ FXPreferredViewStyle = "clmv";
+
+ ShowStatusBar = false;
+ ShowPathbar = true;
+ _FXShowPosixPathInTitle = true;
+ };
+
+ trackpad = {
+ Clicking = true;
+ Dragging = false;
+ };
+ };
+
+ keyboard = {
+ enableKeyMapping = true;
+ nonUS.remapTilde = true;
+ remapCapsLockToControl = false;
+ remapCapsLockToEscape = true;
+ swapLeftCommandAndLeftAlt = false;
+ };
+ };
+ };
+}
diff --git a/modules/darwin/profiles/headful.nix b/modules/darwin/profiles/headful.nix
new file mode 100644
index 0000000..44695f6
--- /dev/null
+++ b/modules/darwin/profiles/headful.nix
@@ -0,0 +1,19 @@
+{
+ config,
+ lib,
+ pkgs,
+ this,
+ ...
+}:
+with lib; let
+ cfg = config.nixfiles.modules.profiles.headful;
+in {
+ config = mkIf cfg.enable {
+ nixfiles.modules.homebrew.enable = true;
+
+ homebrew.casks = [
+ {name = "firefox";}
+ {name = "telegram-desktop";}
+ ];
+ };
+}
diff --git a/modules/nixfiles/alacritty.nix b/modules/nixfiles/alacritty.nix
index 5f8833a..142f6c5 100644
--- a/modules/nixfiles/alacritty.nix
+++ b/modules/nixfiles/alacritty.nix
@@ -19,10 +19,7 @@ in {
y = size;
};
dynamic_padding = false;
- decorations =
- if kde.enable
- then "full"
- else "none";
+ decorations = "full";
};
font = with config.fontScheme.monospaceFont; {
normal = {
diff --git a/modules/nixfiles/bat.nix b/modules/nixfiles/bat.nix
index 4a98f99..2b31d16 100644
--- a/modules/nixfiles/bat.nix
+++ b/modules/nixfiles/bat.nix
@@ -7,7 +7,8 @@
with lib; let
cfg = config.nixfiles.modules.bat;
in {
- options.nixfiles.modules.bat.enable = mkEnableOption "bat, an alternative to cat";
+ options.nixfiles.modules.bat.enable =
+ mkEnableOption "bat, an alternative to cat";
config = mkIf cfg.enable {
hm.programs = {
diff --git a/modules/nixfiles/chromium.nix b/modules/nixfiles/chromium.nix
index 6a7c771..4f0ae12 100644
--- a/modules/nixfiles/chromium.nix
+++ b/modules/nixfiles/chromium.nix
@@ -23,7 +23,5 @@ in {
];
};
};
-
- services.psd.enable = true;
};
}
diff --git a/modules/nixfiles/common/default.nix b/modules/nixfiles/common/default.nix
index 4f7a6c1..2bfe7e8 100644
--- a/modules/nixfiles/common/default.nix
+++ b/modules/nixfiles/common/default.nix
@@ -2,17 +2,10 @@ _: {
imports = [
./documentation.nix
./home-manager.nix
- ./kernel.nix
./locale.nix
./networking.nix
./nix
- ./secrets.nix
- ./security.nix
- ./services.nix
./shell
- ./systemd.nix
- ./tmp.nix
./users.nix
- ./xdg.nix
];
}
diff --git a/modules/nixfiles/common/documentation.nix b/modules/nixfiles/common/documentation.nix
index 46ec9a5..55f6138 100644
--- a/modules/nixfiles/common/documentation.nix
+++ b/modules/nixfiles/common/documentation.nix
@@ -16,27 +16,8 @@ with lib; {
documentation = {
enable = true;
-
- dev.enable = true;
doc.enable = false;
info.enable = false;
- nixos.enable = true;
-
- man.man-db.manualPages =
- (pkgs.buildEnv {
- name = "man-paths";
- paths = with config;
- environment.systemPackages ++ hm.home.packages;
- pathsToLink = ["/share/man"];
- extraOutputsToInstall = ["man"];
- ignoreCollisions = true;
- })
- .overrideAttrs (_: _: {__contentAddressed = true;});
- };
-
- environment.sessionVariables = {
- MANOPT = "--no-hyphenation";
- MANPAGER = "${pkgs.less}/bin/less -+F";
};
})
(mkIf this.isHeadless {
diff --git a/modules/nixfiles/common/home-manager.nix b/modules/nixfiles/common/home-manager.nix
index 7ce872b..b28260a 100644
--- a/modules/nixfiles/common/home-manager.nix
+++ b/modules/nixfiles/common/home-manager.nix
@@ -1,18 +1,18 @@
{
- config,
inputs,
lib,
+ localUsername ? lib.my.username,
...
}:
with lib; {
imports = [
- inputs.home-manager.nixosModules.home-manager
- (mkAliasOptionModule ["hm"] ["home-manager" "users" my.username])
+ (mkAliasOptionModule ["hm"] ["home-manager" "users" localUsername])
];
hm = {
news.display = "silent";
- home = {inherit (config.system) stateVersion;};
+ home.stateVersion = with builtins;
+ head (split "\n" (readFile "${inputs.nixpkgs}/.version"));
};
home-manager = {
@@ -21,6 +21,4 @@ with lib; {
useGlobalPkgs = true;
verbose = true;
};
-
- system.extraDependencies = [inputs.home-manager];
}
diff --git a/modules/nixfiles/common/locale.nix b/modules/nixfiles/common/locale.nix
index 5f0d5ae..bcb577a 100644
--- a/modules/nixfiles/common/locale.nix
+++ b/modules/nixfiles/common/locale.nix
@@ -1,27 +1,6 @@
-{lib, ...}:
-with lib; {
- i18n = {
- defaultLocale = mkDefault "en_GB.UTF-8";
- supportedLocales = [
- "C.UTF-8/UTF-8"
- "en_GB.UTF-8/UTF-8"
- "en_US.UTF-8/UTF-8"
- "ja_JP.UTF-8/UTF-8"
- "ru_RU.UTF-8/UTF-8"
- ];
- };
-
- time.timeZone = mkDefault "Europe/Moscow";
-
- # TODO Fcitx or UIM as a Japanese IME.
- services.xserver = {
- layout = comcat ["us" "ru"];
- xkbVariant = comcat ["" "phonetic"];
- xkbOptions = comcat [
- "terminate:ctrl_alt_bksp"
- "caps:escape"
- "compose:menu"
- "grp:win_space_toggle"
- ];
+_: {
+ hm.home.language = {
+ collate = "C";
+ messages = "C";
};
}
diff --git a/modules/nixfiles/common/networking.nix b/modules/nixfiles/common/networking.nix
index 8512d78..e5d27d8 100644
--- a/modules/nixfiles/common/networking.nix
+++ b/modules/nixfiles/common/networking.nix
@@ -1,100 +1,3 @@
-{
- config,
- lib,
- pkgs,
- this,
- ...
-}:
-with lib; {
- hm.home.file.".digrc".text = ''
- +answer
- +multiline
- +recurse
- '';
-
- # TODO Support multiple interfaces and IP addresses.
- networking = mkMerge [
- {
- domain = my.domain.shire;
-
- hostName = this.hostname;
- hostId = substring 0 8 (builtins.hashString "md5" this.hostname);
-
- # Remove default hostname mappings. This is required at least by the current
- # implementation of the montoring module.
- hosts = {
- "127.0.0.2" = mkForce [];
- "::1" = mkForce [];
- };
-
- nameservers = mkDefault dns.const.quad9.default;
-
- useDHCP = false;
-
- firewall = {
- enable = true;
-
- rejectPackets = false;
-
- allowPing = true;
- pingLimit = "--limit 1/minute --limit-burst 5";
-
- logRefusedConnections = false;
- logRefusedPackets = false;
- logRefusedUnicastsOnly = false;
- logReversePathDrops = false;
- };
- }
- (let
- interface = "eth0"; # This assumes `usePredictableInterfaceNames` is false.
- in
- mkIf (hasAttr "ipv4" this && hasAttr "ipv6" this) {
- usePredictableInterfaceNames = false; # NOTE This can break something!
- interfaces.${interface} = {
- ipv4.addresses = with this.ipv4;
- optional (isString address && isInt prefixLength) {
- inherit address prefixLength;
- };
-
- ipv6.addresses = with this.ipv6;
- optional (isString address && isInt prefixLength) {
- inherit address prefixLength;
- };
- };
- defaultGateway = with this.ipv4;
- mkIf (isString gatewayAddress) {
- inherit interface;
- address = gatewayAddress;
- };
- defaultGateway6 = with this.ipv6;
- mkIf (isString gatewayAddress) {
- inherit interface;
- address = gatewayAddress;
- };
- })
- ];
-
- environment = {
- systemPackages = with pkgs; [myip];
-
- shellAliases = listToAttrs (map
- ({
- name,
- value,
- }:
- nameValuePair name "${pkgs.iproute2}/bin/${value}") [
- {
- name = "bridge";
- value = "bridge -color=always";
- }
- {
- name = "ip";
- value = "ip -color=always";
- }
- {
- name = "tc";
- value = "tc -color=always";
- }
- ]);
- };
+{pkgs, ...}: {
+ environment.systemPackages = with pkgs; [myip];
}
diff --git a/modules/nixfiles/common/nix/default.nix b/modules/nixfiles/common/nix/default.nix
index c9d3b04..aeb25bd 100644
--- a/modules/nixfiles/common/nix/default.nix
+++ b/modules/nixfiles/common/nix/default.nix
@@ -2,12 +2,8 @@
config,
inputs,
lib,
+ localUsername ? lib.my.username,
pkgs,
- pkgsLocal,
- pkgsMaster,
- pkgsPR,
- pkgsRev,
- pkgsStabe,
this,
...
}:
@@ -62,10 +58,11 @@ with lib; {
// {nixfiles.flake = inputs.self;};
settings = {
- trusted-users = ["root" "@wheel"];
+ trusted-users = ["root" localUsername];
substituters = [
"https://azahi.cachix.org"
+ "https://cache.iog.io"
"https://cachix.cachix.org"
"https://nix-community.cachix.org"
"https://pre-commit-hooks.cachix.org"
@@ -73,6 +70,7 @@ with lib; {
trusted-public-keys = [
"azahi.cachix.org-1:2bayb+iWYMAVw3ZdEpVg+NPOHCXncw7WMQ0ElX1GO3s="
"cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM="
+ "hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"pre-commit-hooks.cachix.org-1:Pkk3Panw5AW24TOv6kz3PvLhlH8puAsJTBbOPmBo7Rc="
];
@@ -114,45 +112,25 @@ with lib; {
inherit (np) yaml-language-server;
json-language-server = np.vscode-json-languageserver-bin;
k3d = kube3d;
+ kubelogin = kubelogin-oidc;
lua-language-server = sumneko-lua-language-server;
nix-language-server = rnix-lsp;
omnisharp = omnisharp-roslyn;
+ telepresence = telepresence2;
tor-browser = tor-browser-bundle-bin;
}))
- agenix.overlay
emacs-overlay.overlay
# nil.overlays.default
- # nix-minecraft-servers.overlays.default
nur.overlay
# pollymc.overlay
- xmonad-ng.overlays.default
];
- system = {
- stateVersion = builtins.readFile "${inputs.nixpkgs}/.version";
-
- extraDependencies = with inputs; [
- nixos-hardware
- nixpkgs
- nixpkgs-master
- nixpkgs-stable
- nur
+ environment.systemPackages = with pkgs;
+ optionals this.isHeadful [
+ nix-du
+ nix-top
+ nix-tree
];
- };
-
- environment = {
- sessionVariables.NIX_SHELL_PRESERVE_PROMPT = "1";
-
- localBinInPath = true;
-
- defaultPackages = [];
- systemPackages = with pkgs;
- optionals this.isHeadful [
- nix-du
- nix-top
- nix-tree
- ];
- };
hm.home = {
packages = with pkgs; [nix-index];
diff --git a/modules/nixfiles/common/services.nix b/modules/nixfiles/common/services.nix
deleted file mode 100644
index 376c87d..0000000
--- a/modules/nixfiles/common/services.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-_: {
- services = {
- earlyoom.enable = true;
- haveged.enable = true;
- irqbalance.enable = true;
- };
-
- hardware.ksm.enable = true;
-}
diff --git a/modules/nixfiles/common/shell/default.nix b/modules/nixfiles/common/shell/default.nix
index 8ed2e99..9425578 100644
--- a/modules/nixfiles/common/shell/default.nix
+++ b/modules/nixfiles/common/shell/default.nix
@@ -40,6 +40,72 @@ with lib; {
fi
'';
+ shellAliases =
+ listToAttrs
+ (map
+ ({
+ name,
+ value,
+ }:
+ nameValuePair name (with pkgs; let
+ pkg =
+ if this.isHeadful
+ then
+ (coreutils.overrideAttrs (_: super: {
+ patches =
+ super.patches
+ ++ [
+ (fetchpatch {
+ url = "https://raw.githubusercontent.com/jarun/advcpmv/ea268d870b475edd5960dcd55d5378abc9705958/advcpmv-0.9-9.1.patch";
+ hash = "sha256-d+SRT/R4xmfHLAdOr7m4R3WFiW64P5ZH6iqDvErYCyg=";
+ })
+ ];
+ }))
+ else coreutils;
+ in "${pkg}/bin/coreutils --coreutils-prog=${value}"))
+ (
+ let
+ mkAlias = {
+ name ? head command,
+ command,
+ }: {
+ inherit name;
+ value = concatStringsSep " " command;
+ };
+
+ progressBar = optionalString this.isHeadful "--progress-bar";
+ in [
+ (mkAlias {
+ command = ["cp" "--interactive" "--recursive" progressBar];
+ })
+ (mkAlias {command = ["mv" "--interactive" progressBar];})
+ (mkAlias {command = ["rm" "--interactive=once"];})
+ (mkAlias {command = ["ln" "--interactive"];})
+ (mkAlias {command = ["mkdir" "--parents"];})
+ (mkAlias {command = ["rmdir" "--parents"];})
+ (mkAlias {
+ name = "lower";
+ command = ["tr" "'[:upper:]'" "'[:lower:]'"];
+ })
+ (mkAlias {
+ name = "upper";
+ command = ["tr" "'[:lower:]'" "'[:upper:]'"];
+ })
+ (mkAlias {
+ name = "disk";
+ command = [
+ "df"
+ "--human-readable"
+ "--exclude-type=tmpfs"
+ "--exclude-type=devtmpfs"
+ "2>/dev/null"
+ ];
+ })
+ ]
+ ))
+ // genAttrs ["grep" "egrep" "fgrep"]
+ (name: "${pkgs.gnugrep}/bin/${name} --color=always");
+
historyControl = ["ignoredups" "ignorespace"];
};
@@ -51,82 +117,12 @@ with lib; {
home.packages = with pkgs; [grc];
};
- programs.command-not-found.enable = false;
-
- environment = {
- shellAliases =
- listToAttrs
- (map
- ({
- name,
- value,
- }:
- nameValuePair name (with pkgs; let
- pkg =
- if this.isHeadful
- then
- (coreutils.overrideAttrs (_: super: {
- patches =
- super.patches
- ++ [
- (fetchpatch {
- url = "https://raw.githubusercontent.com/jarun/advcpmv/ea268d870b475edd5960dcd55d5378abc9705958/advcpmv-0.9-9.1.patch";
- hash = "sha256-d+SRT/R4xmfHLAdOr7m4R3WFiW64P5ZH6iqDvErYCyg=";
- })
- ];
- }))
- else coreutils;
- in "${pkg}/bin/coreutils --coreutils-prog=${value}"))
- (
- let
- mkAlias = {
- name ? head command,
- command,
- }: {
- inherit name;
- value = concatStringsSep " " command;
- };
-
- progressBar = optionalString this.isHeadful "--progress-bar";
- in [
- (mkAlias {
- command = ["cp" "--interactive" "--recursive" progressBar];
- })
- (mkAlias {command = ["mv" "--interactive" progressBar];})
- (mkAlias {command = ["rm" "--interactive=once"];})
- (mkAlias {command = ["ln" "--interactive"];})
- (mkAlias {command = ["mkdir" "--parents"];})
- (mkAlias {command = ["rmdir" "--parents"];})
- (mkAlias {
- name = "lower";
- command = ["tr" "'[:upper:]'" "'[:lower:]'"];
- })
- (mkAlias {
- name = "upper";
- command = ["tr" "'[:lower:]'" "'[:upper:]'"];
- })
- (mkAlias {
- name = "disk";
- command = [
- "df"
- "--human-readable"
- "--exclude-type=tmpfs"
- "--exclude-type=devtmpfs"
- "2>/dev/null"
- ];
- })
- ]
- ))
- // genAttrs ["grep" "egrep" "fgrep"]
- (name: "${pkgs.gnugrep}/bin/${name} --color=always");
-
- systemPackages = with pkgs; [
- bash-completion
- bc
- gawk
- hr
- moreutils
- pv
- ];
- };
+ environment.systemPackages = with pkgs; [
+ bash-completion
+ bc
+ gawk
+ hr
+ moreutils
+ pv
+ ];
}
diff --git a/modules/nixfiles/common/users.nix b/modules/nixfiles/common/users.nix
index fb85c1b..aee0e38 100644
--- a/modules/nixfiles/common/users.nix
+++ b/modules/nixfiles/common/users.nix
@@ -1,21 +1,8 @@
-{lib, ...}:
+{
+ lib,
+ localUsername ? lib.my.username,
+ ...
+}:
with lib; {
- imports = [(mkAliasOptionModule ["my"] ["users" "users" my.username])];
-
- users = {
- mutableUsers = false;
-
- users = {
- root.hashedPassword = "@HASHED_PASSWORD@";
-
- ${my.username} = {
- isNormalUser = true;
- uid = 1000;
- description = my.fullname;
- inherit (my) hashedPassword;
- openssh.authorizedKeys.keys = [my.ssh.key];
- extraGroups = ["wheel"];
- };
- };
- };
+ imports = [(mkAliasOptionModule ["my"] ["users" "users" localUsername])];
}
diff --git a/modules/nixfiles/default.nix b/modules/nixfiles/default.nix
index 82ccc27..d4e5e26 100644
--- a/modules/nixfiles/default.nix
+++ b/modules/nixfiles/default.nix
@@ -1,78 +1,31 @@
-{...}: {
+_: {
imports = [
- ./acme.nix
./alacritty.nix
- ./alertmanager.nix
- ./android.nix
./aria2.nix
./bat.nix
./beets.nix
- ./bluetooth.nix
./chromium.nix
./common
./curl.nix
./direnv.nix
- ./docker.nix
- ./dwm.nix
./emacs
- ./endlessh-go.nix
- ./endlessh.nix
- ./fail2ban.nix
./firefox
./fonts.nix
- ./games
./git.nix
./gnupg.nix
- ./gotify.nix
- ./grafana.nix
./htop.nix
- ./hydra.nix
- ./ipfs.nix
- ./kde.nix
- ./libvirtd.nix
- ./lidarr.nix
- ./loki.nix
- ./lxc.nix
- ./matrix
- ./monitoring
./mpd.nix
./mpv.nix
- ./nextcloud.nix
- ./nginx.nix
./nmap.nix
- ./node-exporter.nix
- ./nsd.nix
./openssh.nix
./password-store.nix
- ./podman.nix
- ./postgresql.nix
./profiles
- ./prometheus.nix
- ./promtail.nix
- ./psd.nix
./qutebrowser.nix
- ./radarr.nix
- ./radicale.nix
- ./rss-bridge.nix
- ./rtorrent.nix
- ./searx.nix
- ./shadowsocks.nix
- ./soju.nix
- ./solaar.nix
- ./sonarr.nix
- ./sound.nix
./subversion.nix
- ./syncthing.nix
- ./throttled.nix
./tmux.nix
- ./unbound.nix
- ./vaultwarden.nix
./vim
./vscode.nix
./wget.nix
- ./wireguard.nix
- ./x11.nix
- ./xmonad.nix
./zathura.nix
];
}
diff --git a/modules/nixfiles/discord.nix b/modules/nixfiles/discord.nix
new file mode 100644
index 0000000..190b5fc
--- /dev/null
+++ b/modules/nixfiles/discord.nix
@@ -0,0 +1,22 @@
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+with lib; let
+ cfg = config.nixfiles.modules.discord;
+in {
+ options.nixfiles.modules.discord.enable =
+ mkEnableOption "Steam runtime";
+
+ config = mkIf cfg.enable {
+ nixfiles.modules.common.nix.allowedUnfreePackages = ["discord"];
+
+ hm.home.packages = with pkgs; [
+ (discord.override {
+ withOpenASAR = true;
+ })
+ ];
+ };
+}
diff --git a/modules/nixfiles/emacs/default.nix b/modules/nixfiles/emacs/default.nix
index 0ae2bf9..933a32e 100644
--- a/modules/nixfiles/emacs/default.nix
+++ b/modules/nixfiles/emacs/default.nix
@@ -11,17 +11,10 @@ in {
options.nixfiles.modules.emacs.enable = mkEnableOption "GNU Emacs";
config = mkIf cfg.enable {
- secrets.authinfo = {
- file = "${inputs.self}/secrets/authinfo";
- owner = my.username;
- inherit (config.my) group;
- };
-
nixfiles.modules = {
fonts.enable = true;
git.client.enable = true;
gnupg.enable = true;
- x11.enable = true;
};
hm = {
@@ -65,7 +58,6 @@ in {
gore # :lang go
gotests # :lang go
graphviz # :lang (org +roam2) :lang plantuml
- grip # :lang (markdown +grip)
haskell-language-server # :lang (haskell +lsp)
haskellPackages.brittany # :lang haskell :editor format
haskellPackages.cabal-fmt # :lang haskell :editor format
@@ -97,10 +89,6 @@ in {
texlive.combined.scheme-full # :lang org tex
unzip # :tools debugger
wordnet # :tools (lookup +dictionary +offline)
- xclip # :app everywhere
- xdotool # :app everywhere
- xorg.xprop # :app everywhere
- xorg.xwininfo # :app everywhere
yaml-language-server # :lang (yaml +lsp)
zls # :lang (zig +lsp)
zstd # :emacs undo
@@ -117,13 +105,11 @@ in {
(setq custom-file (file-name-concat doom-emacs-dir "custom.el"))
- ;; Font must be set to n+2 because otherwise it looks too small.
+ Font must be set to n+2 because otherwise it looks too small.
(setq doom-font (font-spec :family "${config.fontScheme.monospaceFont.family}"
:size ${toString (config.fontScheme.monospaceFont.size + 2)})
doom-unicode-font doom-font)
- (appendq! auth-sources '("${config.secrets.authinfo.path}"))
-
(setq user-full-name "${my.fullname}"
user-mail-address "${my.email}")
@@ -142,16 +128,6 @@ in {
(setq skk-large-jisyo "${pkgs.skk-dicts}/share/skk/SKK-JISYO.L")
'';
};
-
- services.emacs = {
- enable = true;
- client.enable = true;
- };
};
-
- system.extraDependencies = with inputs; [
- emacs-overlay
- nix-doom-emacs
- ];
};
}
diff --git a/modules/nixfiles/emacs/doom/init.el b/modules/nixfiles/emacs/doom/init.el
index ef663a0..efb831e 100644
--- a/modules/nixfiles/emacs/doom/init.el
+++ b/modules/nixfiles/emacs/doom/init.el
@@ -20,7 +20,7 @@
ophints
(popup +defaults)
;; tabs
- (treemacs +lsp)
+ ;; (treemacs +lsp)
;; unicode
(vc-gutter +diff-hl +pretty)
window-select
@@ -91,7 +91,7 @@
(javascript +lsp +tree-sitter)
json
(latex +lsp +tree-sittter)
- (lua +lsp +tree-sitter)
+ ;; (lua +lsp +tree-sitter)
(markdown +lsp +tree-sitter)
(nix +lsp)
(org +pandoc +roam2)
@@ -99,7 +99,7 @@
(python +lsp +tree-sitter)
;; (racket +lsp +tree-sitter)
;; rst
- (rust +lsp +tree-sitter)
+ ;; (rust +lsp +tree-sitter)
;; (scheme +lsp +tree-sitter +racket)
(sh +lsp +tree-sitter)
web
@@ -112,7 +112,7 @@
:app
calendar
;; emms
- everywhere
+ ;; everywhere
irc
(rss +org)
diff --git a/modules/nixfiles/endlessh.nix b/modules/nixfiles/endlessh.nix
deleted file mode 100644
index c66d8b3..0000000
--- a/modules/nixfiles/endlessh.nix
+++ /dev/null
@@ -1,45 +0,0 @@
-{
- config,
- lib,
- pkgs,
- ...
-}:
-with lib; let
- cfg = config.nixfiles.modules.endlessh;
-in {
- options.nixfiles.modules.endlessh.enable =
- mkEnableOption "endlessh";
-
- config = let
- port = 22;
- in
- mkIf cfg.enable {
- assertions = [
- {
- assertion = !(any (x: x == port) config.services.openssh.ports);
- message = "Port ${toString port} is already occupied by OpenSSH";
- }
- ];
-
- systemd.services.endlessh = {
- description = "Endlessh SSH Tarpit";
- requires = ["network-online.target"];
- serviceConfig = {
- Restart = "always";
- ExecStart = concatStringsSep " " [
- "${pkgs.endlessh}/bin/endlessh"
- "-v"
- "-4"
- "-p ${toString port}"
- ];
- KillSignal = "SIGTERM";
- AmbientCapabilities = "CAP_NET_BIND_SERVICE";
- DynamicUser = true;
- StateDirectory = "endlessh";
- };
- wantedBy = ["multi-user.target"];
- };
-
- networking.firewall.allowedTCPPorts = [port];
- };
-}
diff --git a/modules/nixfiles/firefox/default.nix b/modules/nixfiles/firefox/default.nix
index 8557d64..cd651a6 100644
--- a/modules/nixfiles/firefox/default.nix
+++ b/modules/nixfiles/firefox/default.nix
@@ -276,23 +276,17 @@ in {
};
};
- extensions = with pkgs.nur.repos.rycee.firefox-addons;
- [
- bitwarden
- consent-o-matic
- darkreader
- localcdn
- noscript
- privacy-redirect
- ublock-origin
- violentmonkey
- ]
- ++ optional config.nixfiles.modules.ipfs.enable ipfs-companion;
+ extensions = with pkgs.nur.repos.rycee.firefox-addons; [
+ bitwarden
+ consent-o-matic
+ darkreader
+ localcdn
+ noscript
+ privacy-redirect
+ ublock-origin
+ violentmonkey
+ ];
};
};
-
- services.psd.enable = true;
-
- system.extraDependencies = [inputs.arkenfox-nixos];
};
}
diff --git a/modules/nixfiles/firefox/userChrome.css b/modules/nixfiles/firefox/userChrome.css
index 23fc336..5300d17 100644
--- a/modules/nixfiles/firefox/userChrome.css
+++ b/modules/nixfiles/firefox/userChrome.css
@@ -94,8 +94,8 @@
min-width: 1.6em;
}
- #back-button,
#forward-button,
+ #back-button,
#context-bookmarklink,
#context-inspect-a11y,
#context-navigation,
@@ -117,7 +117,8 @@
#context_moveTabOptions,
#context_reopenInContainer,
#context_selectAllTabs,
- #context_sendTabToDevice {
+ #context_sendTabToDevice,
+ #webrtcIndicator {
display: none !important;
}
}
diff --git a/modules/nixfiles/fonts.nix b/modules/nixfiles/fonts.nix
index dbae282..483de0d 100644
--- a/modules/nixfiles/fonts.nix
+++ b/modules/nixfiles/fonts.nix
@@ -80,51 +80,12 @@ in {
};
};
- config = mkMerge [
- (mkIf cfg.enable {
- hm.fonts.fontconfig.enable = true;
-
- fonts = {
- fonts = with pkgs; [
- iosevka-bin
- (iosevka-bin.override {variant = "aile";})
- (iosevka-bin.override {variant = "etoile";})
- sarasa-gothic
- ];
-
- fontconfig = {
- enable = true;
-
- defaultFonts = {
- monospace = [
- "Iosevka"
- "Sarasa Mono K"
- "Sarasa Mono J"
- "Sarasa Mono SC"
- "Sarasa Mono CL"
- ];
- sansSerif = [
- "Iosevka Aile"
- "Sarasa Gothic K"
- "Sarasa Gothic J"
- "Sarasa Gothic SC"
- "Sarasa Gothic CL"
- ];
- serif = [
- "Iosevka Etoile"
- "Sarasa Gothic K"
- "Sarasa Gothic J"
- "Sarasa Gothic SC"
- "Sarasa Gothic CL"
- ];
- };
- };
- };
- })
- (mkIf (!cfg.enable) {
- # Disable fonts for headless profiles.
- hm.fonts.fontconfig.enable = mkForce false;
- fonts.fontconfig.enable = mkForce false;
- })
- ];
+ config = mkIf cfg.enable {
+ fonts.fonts = with pkgs; [
+ iosevka-bin
+ (iosevka-bin.override {variant = "aile";})
+ (iosevka-bin.override {variant = "etoile";})
+ sarasa-gothic
+ ];
+ };
}
diff --git a/modules/nixfiles/git.nix b/modules/nixfiles/git.nix
index facff2f..2c1dd1f 100644
--- a/modules/nixfiles/git.nix
+++ b/modules/nixfiles/git.nix
@@ -1,224 +1,117 @@
{
config,
lib,
- inputs,
pkgs,
...
}:
with lib; let
cfg = config.nixfiles.modules.git;
in {
- options.nixfiles.modules.git = {
- client.enable = mkEnableOption "Git client";
- server = {
- enable = mkEnableOption "Git server";
+ options.nixfiles.modules.git.client.enable =
+ mkEnableOption "Git client";
- domain = mkOption {
- description = "Domain name sans protocol scheme.";
- type = with types; nullOr str;
- default = "git.${config.networking.domain}";
- };
-
- package = mkOption {
- description = "Package.";
- type = types.package;
- default = pkgs.cgit-pink;
- };
- };
- };
-
- config = mkMerge [
- (mkIf cfg.client.enable {
- secrets = {
- glab-cli-config = {
- file = "${inputs.self}/secrets/glab-cli-config";
- path = "${config.dirs.config}/glab-cli/config.yml";
- owner = my.username;
- inherit (config.my) group;
- };
- gh-hosts = {
- file = "${inputs.self}/secrets/gh-hosts";
- path = "${config.dirs.config}/gh/hosts.yml";
- owner = my.username;
- inherit (config.my) group;
- };
- hut = {
- file = "${inputs.self}/secrets/hut";
- path = "${config.dirs.config}/hut/config";
- owner = my.username;
- inherit (config.my) group;
- };
- };
-
- hm = {
- home.packages = with pkgs; [glab hut];
-
- programs = {
- git = {
- enable = true;
-
- package = pkgs.git.override {
- doInstallCheck = false;
- pythonSupport = false;
- sendEmailSupport = true;
- withLibsecret = false;
- withSsh = true;
- };
-
- userName = my.fullname;
- userEmail = my.email;
- signing = {
- inherit (my.pgp) key;
- signByDefault = true;
- };
-
- extraConfig =
- {
- advice.detachedHead = false;
- color.ui = true;
- core.whitespace = "trailing-space";
- diff = {
- mnemonicPrefix = true;
- renames = "copies";
- submodule = "log";
- };
- init.defaultBranch = "master";
- status.submoduleSummary = true;
- github.user = my.username;
- gitlab.user = my.username;
- }
- // mapAttrs'
- (n: v: nameValuePair ''url "git@${v}:"'' {insteadOf = "${n}:";}) {
- "alpine" = "gitlab.alpinelinux.org";
- "bitbucket" = "bitbucket.com";
- "codeberg" = "codeberg.org";
- "freedesktop" = "gitlab.freedesktop.org";
- "github" = "github.com";
- "gitlab" = "gitlab.com";
- "gnome" = "gitlab.gnome.org";
- "haskell" = "gitlab.haskell.org";
- "kde" = "invent.kde.org";
- "notabug" = "notabug.org";
- "opencode" = "opencode.net";
- "sourcehut" = "git.sr.ht";
- "videolan" = "code.videolan.org";
- };
+ config = mkIf cfg.client.enable {
+ hm = {
+ home.packages = with pkgs; [glab hut];
- aliases = let
- git = "${config.hm.programs.git.package}/bin/git";
- curl = "${pkgs.curl}/bin/curl";
- in {
- fuck = "!${git} reset --hard && ${git} clean -fdx";
- gud = ''commit -m "git gud"'';
- wtc = "!${curl} -sq whatthecommit.com/index.txt | ${git} commit -F -";
- };
+ programs = {
+ git = {
+ enable = true;
- # All helper tools/editor generated files should go here. This must
- # be kept relatively clean and void of any project-specific residual
- # files.
- ignores = [
- "*~"
- ".cache/clangd/"
- ".ccls-cache/"
- ".dir-locals.el"
- ".gdb_history"
- ".netrwhist"
- ".projectile"
- "[._]*.s[a-v][a-z]"
- "[._]*.sw[a-p]"
- "[._]s[a-rt-v][a-z]"
- "[._]ss[a-gi-z]"
- "[._]sw[a-p]"
- "\#*\#"
- "compile_commands*.json"
- "cscope.*"
- "vgcore.*"
- ];
+ package = pkgs.git.override {
+ doInstallCheck = false;
+ pythonSupport = false;
+ sendEmailSupport = true;
+ withLibsecret = false;
+ withSsh = true;
};
- gh = {
- enable = true;
- settings.git_protocol = "ssh";
+ userName = my.fullname;
+ userEmail = my.email;
+ signing = {
+ inherit (my.pgp) key;
+ signByDefault = true;
};
- bash = {
- shellAliases = {
- gl = "${pkgs.glab}/bin/glab";
- ht = "${pkgs.hut}/bin/hut";
+ extraConfig =
+ {
+ advice.detachedHead = false;
+ color.ui = true;
+ core.whitespace = "trailing-space";
+ diff = {
+ mnemonicPrefix = true;
+ renames = "copies";
+ submodule = "log";
+ };
+ init.defaultBranch = "master";
+ status.submoduleSummary = true;
+ }
+ // mapAttrs'
+ (n: v: nameValuePair ''url "git@${v}:"'' {insteadOf = "${n}:";}) {
+ "alpine" = "gitlab.alpinelinux.org";
+ "bitbucket" = "bitbucket.com";
+ "codeberg" = "codeberg.org";
+ "freedesktop" = "gitlab.freedesktop.org";
+ "github" = "github.com";
+ "gitlab" = "gitlab.com";
+ "gnome" = "gitlab.gnome.org";
+ "haskell" = "gitlab.haskell.org";
+ "kde" = "invent.kde.org";
+ "notabug" = "notabug.org";
+ "opencode" = "opencode.net";
+ "sourcehut" = "git.sr.ht";
+ "videolan" = "code.videolan.org";
};
- initExtra = mkAfter ''
- _complete_alias gl __start_glab glab
- _complete_alias ht __start_hut hut
- '';
- };
- };
- };
- })
- (mkIf cfg.server.enable {
- nixfiles.modules.nginx = {
- enable = true;
- virtualHosts.${cfg.server.domain} = {
- locations = {
- "/".extraConfig = let
- cgitrc = pkgs.writeText "cgitrc" ''
- root-title=azahi’s git stuff
- root-desc=鯛も一人はうまからず
-
- about-filter=${cfg.server.package}/lib/cgit/filters/about-formatting.sh
- source-filter=${cfg.server.package}/lib/cgit/filters/syntax-highlighting.py
- commit-filter=${cfg.server.package}/lib/cgit/filters/commit-links.sh
-
- enable-git-config=1
- enable-gitweb-owner=1
- remove-suffix=1
- snapshots=tar.gz tar.bz2 zip
-
- readme=:README
- readme=:README.md
- readme=:README.org
- readme=:README.txt
- readme=:readme
- readme=:readme.md
- readme=:readme.org
- readme=:readme.txt
-
- scan-path=${config.services.gitolite.dataDir}/repositories
- '';
- in ''
- include ${config.services.nginx.package}/conf/fastcgi_params;
- fastcgi_split_path_info ^(/?)(.+)$;
- fastcgi_pass unix:${config.services.fcgiwrap.socketAddress};
- fastcgi_param SCRIPT_FILENAME ${cfg.server.package}/cgit/cgit.cgi;
- fastcgi_param CGIT_CONFIG ${cgitrc};
- fastcgi_param PATH_INFO $uri;
- fastcgi_param QUERY_STRING $args;
- fastcgi_param HTTP_HOST $server_name;
- '';
- # FIXME This breaks sources previewing for these files.
- "~* ^/(.+.(ico|css|png))$".extraConfig = ''
- alias ${cfg.server.package}/cgit/$1;
- '';
+ aliases = let
+ git = "${config.hm.programs.git.package}/bin/git";
+ curl = "${pkgs.curl}/bin/curl";
+ in {
+ fuck = "!${git} reset --hard && ${git} clean -fdx";
+ gud = ''commit -m "git gud"'';
+ wtc = "!${curl} -sq whatthecommit.com/index.txt | ${git} commit -F -";
};
+
+ # All helper tools/editor generated files should go here. This must
+ # be kept relatively clean and void of any project-specific residual
+ # files.
+ ignores = [
+ "*~"
+ ".DS_Store"
+ ".cache/clangd/"
+ ".ccls-cache/"
+ ".dir-locals.el"
+ ".gdb_history"
+ ".netrwhist"
+ ".projectile"
+ "[._]*.s[a-v][a-z]"
+ "[._]*.sw[a-p]"
+ "[._]s[a-rt-v][a-z]"
+ "[._]ss[a-gi-z]"
+ "[._]sw[a-p]"
+ "\#*\#"
+ "compile_commands*.json"
+ "cscope.*"
+ "vgcore.*"
+ ];
};
- };
- services = let
- user = "git";
- group = "git";
- in {
- gitolite = {
- # TODO Make the configuration purely declarative.
+ gh = {
enable = true;
- inherit user group;
- adminPubkey = my.ssh.key;
+ settings.git_protocol = "ssh";
};
- fcgiwrap = {
- enable = true;
- inherit user group;
+ bash = {
+ shellAliases = {
+ gl = "${pkgs.glab}/bin/glab";
+ ht = "${pkgs.hut}/bin/hut";
+ };
+ initExtra = mkAfter ''
+ _complete_alias gl __start_glab glab
+ _complete_alias ht __start_hut hut
+ '';
};
};
- })
- ];
+ };
+ };
}
diff --git a/modules/nixfiles/gnupg.nix b/modules/nixfiles/gnupg.nix
index c1419e4..c0f10f9 100644
--- a/modules/nixfiles/gnupg.nix
+++ b/modules/nixfiles/gnupg.nix
@@ -6,83 +6,53 @@
with lib; let
cfg = config.nixfiles.modules.gnupg;
in {
- options.nixfiles.modules.gnupg = {
- enable = mkEnableOption "GnuPG";
-
- pinentry = mkOption {
- description = "Name of a pinentry implementation.";
- type = types.str;
- default = "curses";
- };
- };
+ options.nixfiles.modules.gnupg.enable = mkEnableOption "GnuPG";
config = mkIf cfg.enable {
- hm = {
- programs.gpg = {
- enable = true;
-
- homedir = "${config.dirs.data}/gnupg";
-
- settings =
- {
- display-charset = "utf-8";
- enable-progress-filter = true;
- fixed-list-mode = true;
- keyid-format = "0xlong";
- no-comments = true;
- no-emit-version = true;
- no-greeting = true;
- with-fingerprint = true;
- throw-keyids = false;
-
- use-agent = true;
-
- armor = true;
-
- no-random-seed-file = true;
-
- list-options = "show-uid-validity";
- verify-options = "show-uid-validity";
- }
- // (let
- cipherAlgos = ["AES256" "AES192" "AES"];
- compressionAlgos = ["ZLIB" "BZIP2" "ZIP" "Uncompressed"];
- digestAlgos = ["SHA512" "SHA384" "SHA256" "SHA224"];
-
- cs = concatStringsSep " ";
- in {
- default-preference-list =
- cs (digestAlgos ++ cipherAlgos ++ compressionAlgos);
-
- personal-cipher-preferences = cs cipherAlgos;
- personal-compress-preferences = cs compressionAlgos;
- personal-digest-preferences = cs digestAlgos;
-
- s2k-cipher-algo = head cipherAlgos;
- s2k-digest-algo = head digestAlgos;
-
- digest-algo = head digestAlgos;
- cert-digest-algo = head digestAlgos;
- });
- };
-
- services.gpg-agent = {
- enable = true;
-
- enableSshSupport = true;
- enableScDaemon = false;
-
- defaultCacheTtl = 999999;
- defaultCacheTtlSsh = 999999;
- maxCacheTtl = 999999;
- maxCacheTtlSsh = 999999;
-
- grabKeyboardAndMouse = true;
-
- sshKeys = [my.pgp.grip];
-
- pinentryFlavor = cfg.pinentry;
- };
+ hm.programs.gpg = {
+ enable = true;
+
+ settings =
+ {
+ display-charset = "utf-8";
+ enable-progress-filter = true;
+ fixed-list-mode = true;
+ keyid-format = "0xlong";
+ no-comments = true;
+ no-emit-version = true;
+ no-greeting = true;
+ with-fingerprint = true;
+ throw-keyids = false;
+
+ use-agent = true;
+
+ armor = true;
+
+ no-random-seed-file = true;
+
+ list-options = "show-uid-validity";
+ verify-options = "show-uid-validity";
+ }
+ // (let
+ cipherAlgos = ["AES256" "AES192" "AES"];
+ digestAlgos = ["SHA512" "SHA384" "SHA256" "SHA224"];
+ compressionAlgos = ["ZLIB" "BZIP2" "ZIP" "Uncompressed"];
+
+ cs = concatStringsSep " ";
+ in {
+ default-preference-list =
+ cs (cipherAlgos ++ digestAlgos ++ compressionAlgos);
+
+ personal-cipher-preferences = cs cipherAlgos;
+ personal-digest-preferences = cs digestAlgos;
+ personal-compress-preferences = cs compressionAlgos;
+
+ s2k-cipher-algo = head cipherAlgos;
+ s2k-digest-algo = head digestAlgos;
+
+ digest-algo = head digestAlgos;
+ cert-digest-algo = head digestAlgos;
+ });
};
};
}
diff --git a/modules/nixfiles/nmap.nix b/modules/nixfiles/nmap.nix
index 14ad007..65877be 100644
--- a/modules/nixfiles/nmap.nix
+++ b/modules/nixfiles/nmap.nix
@@ -55,10 +55,5 @@ in {
'';
};
};
-
- system.extraDependencies = with inputs; [
- nmap-vulners
- nmap-vulscan
- ];
};
}
diff --git a/modules/nixfiles/openssh.nix b/modules/nixfiles/openssh.nix
index bf470ca..4b80809 100644
--- a/modules/nixfiles/openssh.nix
+++ b/modules/nixfiles/openssh.nix
@@ -7,80 +7,52 @@
with lib; let
cfg = config.nixfiles.modules.openssh;
in {
- options.nixfiles.modules.openssh = {
- client.enable = mkEnableOption "OpenSSH client";
- server.enable = mkEnableOption "OpenSSH server";
+ options.nixfiles.modules.openssh.client.enable =
+ mkEnableOption "OpenSSH client";
+
+ config = mkIf cfg.client.enable {
+ hm = {
+ home.packages = with pkgs; [mosh sshfs];
+
+ programs.ssh = {
+ enable = true;
+
+ hashKnownHosts = true;
+
+ controlMaster = "auto";
+ controlPersist = "24H";
+
+ serverAliveCountMax = 30;
+ serverAliveInterval = 60;
+
+ matchBlocks = let
+ mkBlock = name: {
+ hostname ? name,
+ port ? 22022, # NOTE This is not the default OpenSSH port.
+ user ? my.username,
+ identityFile ? "${config.my.home}/.ssh/${my.username}_${my.ssh.type}",
+ extraAttrs ? {},
+ }:
+ nameValuePair name ({inherit hostname port user identityFile;}
+ // extraAttrs);
+
+ internalServers =
+ mapAttrs' mkBlock
+ (mapAttrs (name: _: {
+ hostname = "${name}.${my.domain.shire}";
+ }) (filterAttrs (_: attr:
+ hasAttr "wireguard" attr
+ && attr.isHeadless)
+ my.configurations));
+ in
+ internalServers
+ // (mapAttrs' mkBlock {
+ gitolite = {
+ user = "git";
+ hostname = "git.${my.domain.shire}";
+ };
+ });
+ };
+ };
};
-
- config = let
- port = 22022; # Port 22 should be occupied by endlessh.
- in
- mkMerge [
- (mkIf cfg.client.enable {
- hm = {
- home.packages = with pkgs; [mosh sshfs];
-
- programs.ssh = {
- enable = true;
-
- hashKnownHosts = true;
-
- controlMaster = "auto";
- controlPersist = "24H";
-
- serverAliveCountMax = 30;
- serverAliveInterval = 60;
-
- matchBlocks = let
- mkBlock = name: {
- hostname ? name,
- port ? 22,
- user ? my.username,
- identityFile ? "${config.my.home}/.ssh/id_ed25519",
- extraAttrs ? {},
- }:
- nameValuePair name ({inherit hostname port user identityFile;}
- // extraAttrs);
-
- internalServers =
- mapAttrs' mkBlock
- (mapAttrs (name: _: {
- hostname = "${name}.${my.domain.shire}";
- inherit port;
- }) (filterAttrs (_: attr:
- hasAttr "wireguard" attr
- && attr.isHeadless)
- my.configurations));
- in
- internalServers
- // (mapAttrs' mkBlock {
- gitolite = {
- user = "git";
- hostname = "git.${my.domain.shire}";
- inherit port;
- };
- });
- };
- };
- })
- (mkIf cfg.server.enable {
- programs.mosh.enable = true;
-
- services = {
- openssh = {
- enable = true;
- ports = [port];
- logLevel = "VERBOSE"; # Required by fail2ban.
- permitRootLogin = "no";
- passwordAuthentication = false;
- };
-
- fail2ban.jails.sshd = ''
- enabled = true
- mode = aggressive
- port = ${toString port}
- '';
- };
- })
- ];
}
diff --git a/modules/nixfiles/password-store.nix b/modules/nixfiles/password-store.nix
index 7eac85e..1de8a55 100644
--- a/modules/nixfiles/password-store.nix
+++ b/modules/nixfiles/password-store.nix
@@ -7,7 +7,8 @@
with lib; let
cfg = config.nixfiles.modules.password-store;
in {
- options.nixfiles.modules.password-store.enable = mkEnableOption "Unix pass";
+ options.nixfiles.modules.password-store.enable =
+ mkEnableOption "the standard UNIX password manager";
config = mkIf cfg.enable {
hm.programs = {
@@ -16,7 +17,7 @@ in {
package = pkgs.pass.withExtensions (p: with p; [pass-otp]);
- settings.PASSWORD_STORE_DIR = "${config.dirs.data}/password-store";
+ settings.PASSWORD_STORE_DIR = "${config.my.home}/.password-store";
};
# https://github.com/NixOS/nixpkgs/issues/183604
diff --git a/modules/nixfiles/profiles/default.nix b/modules/nixfiles/profiles/default.nix
index 356413a..7d5ee8e 100644
--- a/modules/nixfiles/profiles/default.nix
+++ b/modules/nixfiles/profiles/default.nix
@@ -77,32 +77,14 @@ in {
vim.enable = true;
};
- # home-manager.users.root.home.file.".bash_history".source =
- # config.hm.lib.file.mkOutOfStoreSymlink "/dev/null";
-
- hm.home.language = {
- collate = "C";
- messages = "C";
- };
-
- programs.less = {
- enable = true;
- envVariables.LESSHISTFILE = "-";
- };
+ time.timeZone = mkDefault "Europe/Moscow";
environment.systemPackages = with pkgs; [
- cryptsetup
ddrescue
file
git
gnupg
- lshw
- lsof
- pciutils
- psmisc
tree
- usbutils
- util-linux
];
};
}
diff --git a/modules/nixfiles/profiles/dev/containers.nix b/modules/nixfiles/profiles/dev/containers.nix
index da7aa27..7ec6768 100644
--- a/modules/nixfiles/profiles/dev/containers.nix
+++ b/modules/nixfiles/profiles/dev/containers.nix
@@ -14,12 +14,9 @@ in {
};
config = mkIf cfg.enable {
- nixfiles.modules.podman.enable = true;
-
hm = {
home = {
sessionVariables = {
- MINIKUBE_HOME = "${config.dirs.config}/minikube";
MINIKUBE_IN_STYLE = "false";
WERF_DEV = "true";
WERF_INSECURE_REGISTRY = "true";
@@ -31,15 +28,16 @@ in {
};
packages = with pkgs; [
- buildah
chart-testing
cmctl
datree
helm
kubectl
kubectx
+ kubelogin
kubescape
kubespy
+ lima
minikube
skaffold
skopeo
@@ -49,12 +47,6 @@ in {
];
};
- xdg.dataFile."minikube/config/config.json".text = generators.toJSON {} {
- config.Rootless = true;
- driver = "podman";
- container-runtime = "cri-o";
- };
-
programs.bash = {
shellAliases = with pkgs; {
b = "${buildah}/bin/buildah";
diff --git a/modules/nixfiles/profiles/dev/default.nix b/modules/nixfiles/profiles/dev/default.nix
index 4656ade..b05aeac 100644
--- a/modules/nixfiles/profiles/dev/default.nix
+++ b/modules/nixfiles/profiles/dev/default.nix
@@ -2,6 +2,7 @@
config,
lib,
pkgs,
+ this,
...
}:
with lib; let
@@ -34,7 +35,7 @@ in {
".ghc/ghci.conf".source = ./ghci.conf;
- "${config.dirs.data}/stack/config.yaml".text = generators.toYAML {} {
+ ".stack/config.yaml".text = generators.toYAML {} {
templates.params = rec {
author-name = my.fullname;
author-email = my.email;
@@ -43,16 +44,14 @@ in {
};
};
- "${config.dirs.data}/stack/global-project/stack.yaml".text = generators.toYAML {} {
+ ".stack/global-project/stack.yaml".text = generators.toYAML {} {
packages = [];
- resolver = "lts-19.28";
+ resolver = "lts-20.3";
};
};
sessionVariables = with config.dirs; rec {
- ANDROID_HOME = "${data}/android";
-
- CABAL_DIR = "${data}/cabal";
+ CABAL_DIR = "${config.my.home}/.cabal";
CABAL_CONFIG = pkgs.writeText "cabal-config" ''
repository hackage.haskell.org
url: https://hackage.haskell.org/
@@ -71,11 +70,11 @@ in {
extra-prog-path: ${CABAL_DIR}/bin
'';
- STACK_ROOT = "${data}/stack";
+ STACK_ROOT = "${config.my.home}/.stack";
- CARGO_HOME = "${data}/cargo";
+ CARGO_HOME = "${config.my.home}/.cargo";
- GOPATH = "${data}/go";
+ GOPATH = "${config.my.home}/.go";
PYTHONSTARTUP = ./pystartup.py;
};
@@ -86,7 +85,5 @@ in {
yq
];
};
-
- my.extraGroups = ["kvm"];
};
}
diff --git a/modules/nixfiles/profiles/dev/sql.nix b/modules/nixfiles/profiles/dev/sql.nix
index d6bcba8..7a2a09c 100644
--- a/modules/nixfiles/profiles/dev/sql.nix
+++ b/modules/nixfiles/profiles/dev/sql.nix
@@ -15,7 +15,11 @@ in {
config = mkIf cfg.enable {
hm = {
- home.packages = with pkgs; [pgcli litecli];
+ home.packages = with pkgs; [
+ dbeaver
+ pgcli
+ litecli
+ ];
xdg = let
mainSection = {
diff --git a/modules/nixfiles/profiles/headful.nix b/modules/nixfiles/profiles/headful.nix
index f3355b6..1c1f43b 100644
--- a/modules/nixfiles/profiles/headful.nix
+++ b/modules/nixfiles/profiles/headful.nix
@@ -17,44 +17,27 @@ in {
alacritty.enable = true;
aria2.enable = true;
- chromium.enable = true;
emacs.enable = true;
- firefox.enable = true;
mpv.enable = true;
openssh.client.enable = true;
password-store.enable = true;
- sound.enable = true;
- x11.enable = true;
-
- dwm.enable = mkDefault false;
- kde.enable = mkDefault true;
- xmonad.enable = mkDefault false;
};
hm = {
- home.packages = with pkgs; [
- # (openconnect.overrideAttrs (_: super: {
- # version = "unstable-2022-10-23";
- # src = pkgs.fetchFromGitLab {
- # owner = "openconnect";
- # repo = "openconnect";
- # rev = "acdfc753f7885b2a539f99036ac41ba1b78cc7ae";
- # hash = "sha256-ub+Z4WFD77h5YMQTb+TLc7EyY2KjBWglF1QVTirCHJM=";
- # };
- # configureFlags = super.configureFlags ++ [
- # "--with-external-browser=${config.hm.programs.firefox.package}/bin/firefox"
- # ];
- # }))
- calibre
- fd
- imv
- neochat
- ripgrep
- ripgrep-all
- sd
- tdesktop
- tor-browser
- ];
+ home = {
+ file.".digrc".text = ''
+ +answer
+ +multiline
+ +recurse
+ '';
+
+ packages = with pkgs; [
+ fd
+ ripgrep
+ ripgrep-all
+ sd
+ ];
+ };
accounts.email = {
maildirBasePath = "${config.my.home}/mail";
@@ -105,54 +88,19 @@ in {
};
programs = {
- bash.shellAliases.open = "${pkgs.xdg-utils}/bin/xdg-open";
mbsync.enable = true;
msmtp.enable = true;
mu.enable = true;
};
};
- boot = {
- kernelPackages = mkForce pkgs.linuxPackages_xanmod_latest;
-
- # There are (arguably) not a lot of reasons to keep mitigations enabled
- # for on machine that is not web-facing. First of all, to completely
- # mitigate any possible Spectre holes one would need to disable
- # Hyperthreading altogether which will essentially put one's computer into
- # the stone age by not being able to to effectively utilise multi-core its
- # multicore capabilities. Secondly, by enabling mitigations, we introduce
- # a plethora of performace overheads[1], which, albeit small, but still
- # contribute to the overall speed of things. This is however still poses a
- # security risk, which I am willing to take.
- #
- # [1]: https://www.phoronix.com/scan.php?page=article&item=spectre-meltdown-2&num=11
- kernelParams = ["mitigations=off"];
- };
-
- hardware.opengl = {
- enable = true;
- driSupport = true;
- };
-
- programs = {
- iftop.enable = true;
- mtr.enable = true;
- traceroute.enable = true;
- };
-
- services.upower.enable = true;
-
environment.systemPackages = with pkgs; [
arping
dnsutils
- ethtool
inetutils
ldns
- nethogs
socat
tcpdump
];
-
- my.extraGroups = ["audio" "video" "input"];
};
}
diff --git a/modules/nixfiles/profiles/headless.nix b/modules/nixfiles/profiles/headless.nix
index 520b97f..cc7c326 100644
--- a/modules/nixfiles/profiles/headless.nix
+++ b/modules/nixfiles/profiles/headless.nix
@@ -12,42 +12,12 @@ in {
mkEnableOption "headless profile" // {default = this.isHeadless;};
config = mkIf cfg.enable {
- nixfiles.modules = {
- openssh.server.enable = true;
- endlessh-go.enable = true;
-
- fail2ban.enable = true;
-
- node-exporter.enable = true;
- promtail.enable = true;
- };
-
hm.home.file = {
".hushlogin".text = "";
".bash_history".source =
config.hm.lib.file.mkOutOfStoreSymlink "/dev/null";
};
- # Pin version to prevent any surprises.
- boot.kernelPackages = pkgs.linuxPackages_5_15_hardened;
-
- nix = {
- gc = {
- automatic = true;
- dates = "weekly";
- options = "--delete-older-than 30d";
- };
-
- optimise = {
- automatic = true;
- dates = ["daily"];
- };
- };
-
- services.udisks2.enable = false;
-
- xdg.sounds.enable = false;
-
environment.systemPackages = with pkgs; [alacritty.terminfo];
};
}
diff --git a/modules/nixfiles/qutebrowser.nix b/modules/nixfiles/qutebrowser.nix
index 76f9f98..68a41a5 100644
--- a/modules/nixfiles/qutebrowser.nix
+++ b/modules/nixfiles/qutebrowser.nix
@@ -532,7 +532,5 @@ in {
in
concatStringsSep "\n" final + "\n");
};
-
- services.psd.enable = true;
};
}
diff --git a/modules/nixfiles/vscode.nix b/modules/nixfiles/vscode.nix
index 7175b36..6671973 100644
--- a/modules/nixfiles/vscode.nix
+++ b/modules/nixfiles/vscode.nix
@@ -34,16 +34,16 @@ in {
extensions = with pkgs;
with vscode-extensions;
- [editorconfig.editorconfig file-icons.file-icons redhat.vscode-yaml]
- ++ optional cfg.vim.enable vscodevim.vim
- ++ vscode-utils.extensionsFromVscodeMarketplace [
- {
- name = "vscode-xml";
- publisher = "redhat";
- version = "0.20.0";
- hash = "sha256-GKBrf9s8n7Wv14RSfwyDma1dM0fGMvRkU/7v2DAcB9A=";
- }
- ];
+ [
+ editorconfig.editorconfig
+ file-icons.file-icons
+ gitlab.gitlab-workflow
+ ms-kubernetes-tools.vscode-kubernetes-tools
+ redhat.vscode-xml
+ redhat.vscode-yaml
+ streetsidesoftware.code-spell-checker
+ ]
+ ++ optional cfg.vim.enable vscodevim.vim;
userSettings = let
font = config.fontScheme.monospaceFont;
@@ -61,7 +61,7 @@ in {
renderWhitespace = "trailing";
rulers = [80 120];
smoothScrolling = false;
- tabCompletion = true;
+ tabCompletion = "on";
}
// (let
surround = 10;
@@ -160,11 +160,6 @@ in {
leader = " ";
useSystemClipboard = true;
-
- autoSwitchInputMethod = let
- inputMethod = config.i18n.inputMethod.enabled;
- in
- mkIf (inputMethod != null) applyInputMethod.${inputMethod};
};
};
};
diff --git a/modules/nixfiles/wget.nix b/modules/nixfiles/wget.nix
index 6d7b1b2..9a16fcc 100644
--- a/modules/nixfiles/wget.nix
+++ b/modules/nixfiles/wget.nix
@@ -11,7 +11,7 @@ in {
config = mkIf cfg.enable {
hm = {
- programs.bash.shellAliases.wget = "${pkgs.wget}/bin/wget --hsts-file=${config.dirs.data}/wget-hsts";
+ programs.bash.shellAliases.wget = "${pkgs.wget}/bin/wget --hsts-file=/tmp/wget-hsts";
home.sessionVariables.WGETRC = pkgs.writeText "wgetrc" ''
adjust_extension = on
diff --git a/modules/nixfiles/acme.nix b/modules/nixos/acme.nix
index d3ad661..d3ad661 100644
--- a/modules/nixfiles/acme.nix
+++ b/modules/nixos/acme.nix
diff --git a/modules/nixfiles/alertmanager.nix b/modules/nixos/alertmanager.nix
index 871b0c4..871b0c4 100644
--- a/modules/nixfiles/alertmanager.nix
+++ b/modules/nixos/alertmanager.nix
diff --git a/modules/nixfiles/android.nix b/modules/nixos/android.nix
index 307490a..307490a 100644
--- a/modules/nixfiles/android.nix
+++ b/modules/nixos/android.nix
diff --git a/modules/nixfiles/bluetooth.nix b/modules/nixos/bluetooth.nix
index 8347361..8347361 100644
--- a/modules/nixfiles/bluetooth.nix
+++ b/modules/nixos/bluetooth.nix
diff --git a/modules/nixfiles/common/console.nix b/modules/nixos/common/console.nix
index 3c73695..3c73695 100644
--- a/modules/nixfiles/common/console.nix
+++ b/modules/nixos/common/console.nix
diff --git a/modules/nixos/common/default.nix b/modules/nixos/common/default.nix
new file mode 100644
index 0000000..8724c8b
--- /dev/null
+++ b/modules/nixos/common/default.nix
@@ -0,0 +1,19 @@
+_: {
+ imports = [
+ ./console.nix
+ ./documentation.nix
+ ./home-manager.nix
+ ./kernel.nix
+ ./locale.nix
+ ./networking.nix
+ ./nix.nix
+ ./secrets.nix
+ ./security.nix
+ ./services.nix
+ ./shell.nix
+ ./systemd.nix
+ ./tmp.nix
+ ./users.nix
+ ./xdg.nix
+ ];
+}
diff --git a/modules/nixos/common/documentation.nix b/modules/nixos/common/documentation.nix
new file mode 100644
index 0000000..f909108
--- /dev/null
+++ b/modules/nixos/common/documentation.nix
@@ -0,0 +1,31 @@
+{
+ config,
+ lib,
+ pkgs,
+ this,
+ ...
+}:
+with lib; {
+ config = mkIf this.isHeadful {
+ documentation = {
+ dev.enable = true;
+ nixos.enable = true;
+
+ man.man-db.manualPages =
+ (pkgs.buildEnv {
+ name = "man-paths";
+ paths = with config;
+ environment.systemPackages ++ hm.home.packages;
+ pathsToLink = ["/share/man"];
+ extraOutputsToInstall = ["man"];
+ ignoreCollisions = true;
+ })
+ .overrideAttrs (_: _: {__contentAddressed = true;});
+ };
+
+ environment.sessionVariables = {
+ MANOPT = "--no-hyphenation";
+ MANPAGER = "${pkgs.less}/bin/less -+F";
+ };
+ };
+}
diff --git a/modules/nixos/common/home-manager.nix b/modules/nixos/common/home-manager.nix
new file mode 100644
index 0000000..52f2fd3
--- /dev/null
+++ b/modules/nixos/common/home-manager.nix
@@ -0,0 +1,3 @@
+{inputs, ...}: {
+ imports = [inputs.home-manager.nixosModule];
+}
diff --git a/modules/nixfiles/common/kernel.nix b/modules/nixos/common/kernel.nix
index 2fdfeeb..2fc40f9 100644
--- a/modules/nixfiles/common/kernel.nix
+++ b/modules/nixos/common/kernel.nix
@@ -1,7 +1,10 @@
{lib, ...}:
with lib; {
boot = {
- # I don't use it even on laptops.
+ # I don't use it even on laptops. It's also /required/ to disable it for
+ # ZFS[1].
+ # [1]: https://github.com/openzfs/zfs/issues/260
+ # [1]: https://github.com/openzfs/zfs/issues/12842
kernelParams = ["hibernate=no"];
kernel.sysctl = {
@@ -30,4 +33,7 @@ with lib; {
"vm.vfs_cache_pressure" = 50;
};
};
+
+ # https://docs.kernel.org/admin-guide/mm/ksm.html
+ hardware.ksm.enable = true;
}
diff --git a/modules/nixos/common/locale.nix b/modules/nixos/common/locale.nix
new file mode 100644
index 0000000..62d19f4
--- /dev/null
+++ b/modules/nixos/common/locale.nix
@@ -0,0 +1,24 @@
+{lib, ...}:
+with lib; {
+ i18n = {
+ defaultLocale = mkDefault "en_GB.UTF-8";
+ supportedLocales = [
+ "C.UTF-8/UTF-8"
+ "en_GB.UTF-8/UTF-8"
+ "en_US.UTF-8/UTF-8"
+ "ja_JP.UTF-8/UTF-8"
+ "ru_RU.UTF-8/UTF-8"
+ ];
+ };
+
+ services.xserver = {
+ layout = comcat ["us" "ru"];
+ xkbVariant = comcat ["" "phonetic"];
+ xkbOptions = comcat [
+ "terminate:ctrl_alt_bksp"
+ "caps:escape"
+ "compose:menu"
+ "grp:win_space_toggle"
+ ];
+ };
+}
diff --git a/modules/nixos/common/networking.nix b/modules/nixos/common/networking.nix
new file mode 100644
index 0000000..6109933
--- /dev/null
+++ b/modules/nixos/common/networking.nix
@@ -0,0 +1,108 @@
+{
+ config,
+ lib,
+ pkgs,
+ this,
+ ...
+}:
+with lib; {
+ # TODO Support multiple interfaces and IP addresses.
+ networking = mkMerge [
+ {
+ domain = my.domain.shire;
+
+ hostName = this.hostname;
+ hostId = substring 0 8 (builtins.hashString "md5" this.hostname);
+
+ # Remove default hostname mappings. This is required at least by the current
+ # implementation of the montoring module.
+ hosts = {
+ "127.0.0.2" = mkForce [];
+ "::1" = mkForce [];
+ };
+
+ nameservers = mkDefault dns.const.quad9.default;
+
+ useDHCP = false;
+
+ firewall = {
+ enable = true;
+
+ rejectPackets = false;
+
+ allowPing = true;
+ pingLimit = "--limit 1/minute --limit-burst 5";
+
+ logRefusedConnections = false;
+ logRefusedPackets = false;
+ logRefusedUnicastsOnly = false;
+ logReversePathDrops = false;
+ };
+ }
+ (let
+ interface = "eth0"; # This assumes `usePredictableInterfaceNames` is false.
+ in
+ mkIf (hasAttr "ipv4" this && hasAttr "ipv6" this) {
+ usePredictableInterfaceNames = false; # NOTE This can break something!
+ interfaces.${interface} = {
+ ipv4.addresses = with this.ipv4;
+ optional (isString address && isInt prefixLength) {
+ inherit address prefixLength;
+ };
+
+ ipv6.addresses = with this.ipv6;
+ optional (isString address && isInt prefixLength) {
+ inherit address prefixLength;
+ };
+ };
+ defaultGateway = with this.ipv4;
+ mkIf (isString gatewayAddress) {
+ inherit interface;
+ address = gatewayAddress;
+ };
+ defaultGateway6 = with this.ipv6;
+ mkIf (isString gatewayAddress) {
+ inherit interface;
+ address = gatewayAddress;
+ };
+ })
+ (mkIf this.isHeadful {
+ interfaces = {
+ eth0.useDHCP = mkDefault true;
+ wlan0.useDHCP = mkDefault true;
+ };
+
+ networkmanager = {
+ enable = mkDefault true;
+ wifi.backend = "iwd";
+ };
+
+ wireless = {
+ enable = false;
+ iwd.enable = mkDefault true;
+ userControlled.enable = true;
+ allowAuxiliaryImperativeNetworks = true;
+ };
+ })
+ ];
+
+ environment.shellAliases = listToAttrs (map
+ ({
+ name,
+ value,
+ }:
+ nameValuePair name "${pkgs.iproute2}/bin/${value}") [
+ {
+ name = "bridge";
+ value = "bridge -color=always";
+ }
+ {
+ name = "ip";
+ value = "ip -color=always";
+ }
+ {
+ name = "tc";
+ value = "tc -color=always";
+ }
+ ]);
+}
diff --git a/modules/nixos/common/nix.nix b/modules/nixos/common/nix.nix
new file mode 100644
index 0000000..07136a0
--- /dev/null
+++ b/modules/nixos/common/nix.nix
@@ -0,0 +1,39 @@
+{
+ config,
+ inputs,
+ lib,
+ this,
+ ...
+}:
+with lib; let
+ cfg = config.nixfiles.modules.common.nix;
+in {
+ options.nixfiles.modules.common.nix.allowedUnfreePackages = mkOption {
+ description = "A list of allowed unfree packages.";
+ type = with types; listOf str;
+ default = [];
+ };
+
+ config = {
+ nix.settings.trusted-users = ["@wheel"];
+
+ nixpkgs = {
+ config.allowUnfreePredicate = p: elem (getName p) cfg.allowedUnfreePackages;
+
+ overlays = with inputs; [
+ agenix.overlay
+ # nix-minecraft-servers.overlays.default
+ xmonad-ng.overlays.default
+ ];
+ };
+
+ system.stateVersion = with builtins;
+ head (split "\n" (readFile "${inputs.nixpkgs}/.version"));
+
+ environment = {
+ sessionVariables.NIX_SHELL_PRESERVE_PROMPT = "1";
+ localBinInPath = true;
+ defaultPackages = [];
+ };
+ };
+}
diff --git a/modules/nixfiles/common/secrets.nix b/modules/nixos/common/secrets.nix
index 9e59716..4fcdc61 100644
--- a/modules/nixfiles/common/secrets.nix
+++ b/modules/nixos/common/secrets.nix
@@ -41,7 +41,5 @@ with lib; {
};
environment.systemPackages = with pkgs; [agenix];
-
- system.extraDependencies = [inputs.agenix];
};
}
diff --git a/modules/nixfiles/common/security.nix b/modules/nixos/common/security.nix
index 09c5da1..09c5da1 100644
--- a/modules/nixfiles/common/security.nix
+++ b/modules/nixos/common/security.nix
diff --git a/modules/nixos/common/services.nix b/modules/nixos/common/services.nix
new file mode 100644
index 0000000..725502a
--- /dev/null
+++ b/modules/nixos/common/services.nix
@@ -0,0 +1,10 @@
+_: {
+ services = {
+ # https://github.com/Irqbalance/irqbalance/issues/54#issuecomment-319245584
+ # https://unix.stackexchange.com/questions/710603/should-the-irqbalance-daemon-be-used-on-a-modern-desktop-x86-system
+ irqbalance.enable = true;
+
+ # https://github.com/NixOS/nixpkgs/issues/135888
+ nscd.enableNsncd = true;
+ };
+}
diff --git a/modules/nixos/common/shell.nix b/modules/nixos/common/shell.nix
new file mode 100644
index 0000000..5fbc441
--- /dev/null
+++ b/modules/nixos/common/shell.nix
@@ -0,0 +1,3 @@
+_: {
+ programs.command-not-found.enable = false;
+}
diff --git a/modules/nixfiles/common/systemd.nix b/modules/nixos/common/systemd.nix
index 5c7282d..5c7282d 100644
--- a/modules/nixfiles/common/systemd.nix
+++ b/modules/nixos/common/systemd.nix
diff --git a/modules/nixfiles/common/tmp.nix b/modules/nixos/common/tmp.nix
index d56e2b6..d56e2b6 100644
--- a/modules/nixfiles/common/tmp.nix
+++ b/modules/nixos/common/tmp.nix
diff --git a/modules/nixos/common/users.nix b/modules/nixos/common/users.nix
new file mode 100644
index 0000000..22e8023
--- /dev/null
+++ b/modules/nixos/common/users.nix
@@ -0,0 +1,19 @@
+{lib, ...}:
+with lib; {
+ users = {
+ mutableUsers = false;
+
+ users = {
+ root.hashedPassword = "@HASHED_PASSWORD@";
+
+ ${my.username} = {
+ isNormalUser = true;
+ uid = 1000;
+ description = my.fullname;
+ inherit (my) hashedPassword;
+ openssh.authorizedKeys.keys = [my.ssh.key];
+ extraGroups = ["wheel"];
+ };
+ };
+ };
+}
diff --git a/modules/nixfiles/common/xdg.nix b/modules/nixos/common/xdg.nix
index 8ddf1ac..8ddf1ac 100644
--- a/modules/nixfiles/common/xdg.nix
+++ b/modules/nixos/common/xdg.nix
diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix
new file mode 100644
index 0000000..b35e461
--- /dev/null
+++ b/modules/nixos/default.nix
@@ -0,0 +1,59 @@
+_: {
+ imports = [
+ ./acme.nix
+ ./alertmanager.nix
+ ./android.nix
+ ./bluetooth.nix
+ ./common
+ ./discord.nix
+ ./docker.nix
+ ./dwm.nix
+ ./emacs.nix
+ ./endlessh-go.nix
+ ./endlessh.nix
+ ./fail2ban.nix
+ ./fonts.nix
+ ./games
+ ./git.nix
+ ./gnupg.nix
+ ./gotify.nix
+ ./grafana.nix
+ ./hydra.nix
+ ./ipfs.nix
+ ./kde.nix
+ ./libvirtd.nix
+ ./lidarr.nix
+ ./loki.nix
+ ./lxc.nix
+ ./matrix
+ ./monitoring
+ ./nextcloud.nix
+ ./nginx.nix
+ ./node-exporter.nix
+ ./nsd.nix
+ ./openssh.nix
+ ./podman.nix
+ ./postgresql.nix
+ ./profiles
+ ./prometheus.nix
+ ./promtail.nix
+ ./psd.nix
+ ./radarr.nix
+ ./radicale.nix
+ ./rss-bridge.nix
+ ./rtorrent.nix
+ ./searx.nix
+ ./shadowsocks.nix
+ ./soju.nix
+ ./solaar.nix
+ ./sonarr.nix
+ ./sound.nix
+ ./syncthing.nix
+ ./throttled.nix
+ ./unbound.nix
+ ./vaultwarden.nix
+ ./wireguard.nix
+ ./x11.nix
+ ./xmonad.nix
+ ];
+}
diff --git a/modules/nixos/discord.nix b/modules/nixos/discord.nix
new file mode 100644
index 0000000..190b5fc
--- /dev/null
+++ b/modules/nixos/discord.nix
@@ -0,0 +1,22 @@
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+with lib; let
+ cfg = config.nixfiles.modules.discord;
+in {
+ options.nixfiles.modules.discord.enable =
+ mkEnableOption "Steam runtime";
+
+ config = mkIf cfg.enable {
+ nixfiles.modules.common.nix.allowedUnfreePackages = ["discord"];
+
+ hm.home.packages = with pkgs; [
+ (discord.override {
+ withOpenASAR = true;
+ })
+ ];
+ };
+}
diff --git a/modules/nixfiles/docker.nix b/modules/nixos/docker.nix
index e642030..e642030 100644
--- a/modules/nixfiles/docker.nix
+++ b/modules/nixos/docker.nix
diff --git a/modules/nixfiles/dwm.nix b/modules/nixos/dwm.nix
index 618d8ed..618d8ed 100644
--- a/modules/nixfiles/dwm.nix
+++ b/modules/nixos/dwm.nix
diff --git a/modules/nixos/emacs.nix b/modules/nixos/emacs.nix
new file mode 100644
index 0000000..800d411
--- /dev/null
+++ b/modules/nixos/emacs.nix
@@ -0,0 +1,30 @@
+{
+ config,
+ inputs,
+ lib,
+ ...
+}:
+with lib; let
+ cfg = config.nixfiles.modules.emacs;
+in {
+ config = mkIf cfg.enable {
+ secrets.authinfo = {
+ file = "${inputs.self}/secrets/authinfo";
+ owner = my.username;
+ inherit (config.my) group;
+ };
+
+ nixfiles.modules.x11.enable = true;
+
+ hm = {
+ programs.doom-emacs.extraConfig = ''
+ (appendq! auth-sources '("${config.secrets.authinfo.path}"))
+ '';
+
+ services.emacs = {
+ enable = true;
+ client.enable = true;
+ };
+ };
+ };
+}
diff --git a/modules/nixfiles/endlessh-go.nix b/modules/nixos/endlessh-go.nix
index 9ceb4e4..435305d 100644
--- a/modules/nixfiles/endlessh-go.nix
+++ b/modules/nixos/endlessh-go.nix
@@ -1,8 +1,6 @@
{
config,
- inputs,
lib,
- pkgs,
this,
...
}:
diff --git a/modules/nixos/endlessh.nix b/modules/nixos/endlessh.nix
new file mode 100644
index 0000000..67789fd
--- /dev/null
+++ b/modules/nixos/endlessh.nix
@@ -0,0 +1,24 @@
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+with lib; let
+ cfg = config.nixfiles.modules.endlessh;
+in {
+ options.nixfiles.modules.endlessh.enable = mkEnableOption "endlessh";
+
+ config = let
+ port = 22;
+ in
+ mkIf cfg.enable {
+ services.endlessh = {
+ enable = true;
+ inherit port;
+ extraOptions = ["-v" "-4"];
+ };
+
+ networking.firewall.allowedTCPPorts = [port];
+ };
+}
diff --git a/modules/nixfiles/fail2ban.nix b/modules/nixos/fail2ban.nix
index 5ac3c9c..5ac3c9c 100644
--- a/modules/nixfiles/fail2ban.nix
+++ b/modules/nixos/fail2ban.nix
diff --git a/modules/nixos/fonts.nix b/modules/nixos/fonts.nix
new file mode 100644
index 0000000..d4a7330
--- /dev/null
+++ b/modules/nixos/fonts.nix
@@ -0,0 +1,45 @@
+{
+ config,
+ lib,
+ ...
+}:
+with lib; let
+ cfg = config.nixfiles.modules.fonts;
+in {
+ config = mkMerge [
+ (mkIf cfg.enable {
+ hm.fonts.fontconfig.enable = true;
+ fonts.fontconfig = {
+ enable = true;
+
+ defaultFonts = {
+ monospace = [
+ "Iosevka"
+ "Sarasa Mono K"
+ "Sarasa Mono J"
+ "Sarasa Mono SC"
+ "Sarasa Mono CL"
+ ];
+ sansSerif = [
+ "Iosevka Aile"
+ "Sarasa Gothic K"
+ "Sarasa Gothic J"
+ "Sarasa Gothic SC"
+ "Sarasa Gothic CL"
+ ];
+ serif = [
+ "Iosevka Etoile"
+ "Sarasa Gothic K"
+ "Sarasa Gothic J"
+ "Sarasa Gothic SC"
+ "Sarasa Gothic CL"
+ ];
+ };
+ };
+ })
+ (mkIf (!cfg.enable) {
+ hm.fonts.fontconfig.enable = false;
+ fonts.fontconfig.enable = false;
+ })
+ ];
+}
diff --git a/modules/nixfiles/games/default.nix b/modules/nixos/games/default.nix
index 1c5766b..1c5766b 100644
--- a/modules/nixfiles/games/default.nix
+++ b/modules/nixos/games/default.nix
diff --git a/modules/nixfiles/games/gamemode.nix b/modules/nixos/games/gamemode.nix
index 051d12e..051d12e 100644
--- a/modules/nixfiles/games/gamemode.nix
+++ b/modules/nixos/games/gamemode.nix
diff --git a/modules/nixfiles/games/gog.nix b/modules/nixos/games/gog.nix
index 86039f1..86039f1 100644
--- a/modules/nixfiles/games/gog.nix
+++ b/modules/nixos/games/gog.nix
diff --git a/modules/nixfiles/games/lutris.nix b/modules/nixos/games/lutris.nix
index e7faef3..72179fc 100644
--- a/modules/nixfiles/games/lutris.nix
+++ b/modules/nixos/games/lutris.nix
@@ -16,20 +16,17 @@ in {
steam-run.enable = true;
};
- # This removes the annoying warning.
- boot.kernel.sysctl."dev.i915.perf_stream_paranoid" = 0;
-
hm.home.packages = with pkgs; [
(lutris.override {
lutris-unwrapped = lutris-unwrapped.override {
wine = buildFHSUserEnv {
- # We don't really need Wine because Lutris downloads the required
+ # We don't really need Wine because Lutris downloads a required
# runtime for us.
name = "empty";
};
};
- steamSupport = false;
})
+ vkBasalt
];
};
}
diff --git a/modules/nixfiles/games/mangohud.nix b/modules/nixos/games/mangohud.nix
index b521687..d693c82 100644
--- a/modules/nixfiles/games/mangohud.nix
+++ b/modules/nixos/games/mangohud.nix
@@ -13,13 +13,13 @@ in {
enable = true;
settings = {
fps = true;
+ frame_timing = true;
gpu_stats = true;
gpu_temp = true;
cpu_stats = true;
cpu_temp = true;
- };
- settingsPerApplication = {
- mpv.no_display = true;
+ ram = true;
+ vram = true;
};
};
};
diff --git a/modules/nixfiles/games/minecraft.nix b/modules/nixos/games/minecraft.nix
index 47279f8..e53f9eb 100644
--- a/modules/nixfiles/games/minecraft.nix
+++ b/modules/nixos/games/minecraft.nix
@@ -23,8 +23,6 @@ in {
config = mkMerge [
(mkIf cfg.client.enable {
hm.home.packages = with pkgs; [pollymc];
-
- system.extraDependencies = [inputs.pollymc];
})
(mkIf cfg.server.enable {
# Configurations, opslist, whitelist and plugins are managed imperatively.
@@ -47,8 +45,6 @@ in {
# Defined in /var/lib/minecraft/server.properties.
networking.firewall.allowedTCPPorts = [55565];
-
- system.extraDependencies = [inputs.nix-minecraft-servers];
})
];
}
diff --git a/modules/nixfiles/games/steam-run.nix b/modules/nixos/games/steam-run.nix
index 4731fd6..1a1e61f 100644
--- a/modules/nixfiles/games/steam-run.nix
+++ b/modules/nixos/games/steam-run.nix
@@ -11,12 +11,15 @@ in {
enable = mkEnableOption "native Steam runtime";
quirks = {
- mountandblade = mkEnableOption ''fixes for "Mount & Blade: Warband" issues'';
+ mountAndBladeWarband = mkEnableOption ''fixes for "Mount & Blade: Warband" issues'';
+ cryptOfTheNecrodancer = mkEnableOption ''fixes for "Crypt of the NecroDancer" issues'';
};
};
config = mkIf cfg.enable {
nixfiles.modules = {
+ common.nix.allowedUnfreePackages = ["steam" "steam-run"];
+
games = {
enable32BitSupport = true;
gamemode.enable = true;
@@ -27,11 +30,12 @@ in {
(steam.override {
extraLibraries = _:
with cfg.quirks;
- optionals mountandblade [
+ []
+ ++ optionals mountAndBladeWarband [
(glew.overrideAttrs (_: super: let
opname = super.pname;
in rec {
- pname = "${opname}-mbw";
+ pname = "${opname}-runfix";
inherit (super) version;
src = fetchurl {
url = "mirror://sourceforge/${opname}/${opname}-${version}.tgz";
@@ -41,7 +45,7 @@ in {
(fmodex.overrideAttrs (_: super: let
opname = super.pname;
in rec {
- pname = "${opname}-mbw";
+ pname = "${opname}-runfix";
inherit (super) version;
installPhase = let
libPath = makeLibraryPath [
@@ -54,16 +58,16 @@ in {
patchelf --set-rpath ${libPath} $out/lib/libfmodex64.so
'';
}))
+ ]
+ ++ optionals cryptOfTheNecrodancer [
+ (import (builtins.fetchTarball {
+ url = "https://github.com/NixOS/nixpkgs/archive/d1c3fea7ecbed758168787fe4e4a3157e52bc808.tar.gz";
+ sha256 = "0ykm15a690v8lcqf2j899za3j6hak1rm3xixdxsx33nz7n3swsyy";
+ }) {inherit (config.nixpkgs) config localSystem;})
+ .flac
];
})
.run
];
-
- nixpkgs.config.allowUnfreePredicate = p:
- elem (getName p) [
- "steam"
- "steam-original"
- "steam-run"
- ];
};
}
diff --git a/modules/nixfiles/games/steam.nix b/modules/nixos/games/steam.nix
index bbd01f6..8dfa72c 100644
--- a/modules/nixfiles/games/steam.nix
+++ b/modules/nixos/games/steam.nix
@@ -11,18 +11,15 @@ in {
mkEnableOption "Steam runtime";
config = mkIf cfg.enable {
- nixfiles.modules.games = {
- enable32BitSupport = true;
- gamemode.enable = true;
+ nixfiles.modules = {
+ common.nix.allowedUnfreePackages = ["steam" "steam-original"];
+
+ games = {
+ enable32BitSupport = true;
+ gamemode.enable = true;
+ };
};
hm.home.packages = with pkgs; [steam];
-
- nixpkgs.config.allowUnfreePredicate = p:
- elem (getName p) [
- "steam"
- "steam-original"
- "steam-run"
- ];
};
}
diff --git a/modules/nixos/git.nix b/modules/nixos/git.nix
new file mode 100644
index 0000000..f754588
--- /dev/null
+++ b/modules/nixos/git.nix
@@ -0,0 +1,117 @@
+{
+ config,
+ lib,
+ inputs,
+ pkgs,
+ ...
+}:
+with lib; let
+ cfg = config.nixfiles.modules.git;
+in {
+ options.nixfiles.modules.git.server = {
+ enable = mkEnableOption "Git server";
+
+ domain = mkOption {
+ description = "Domain name sans protocol scheme.";
+ type = with types; nullOr str;
+ default = "git.${config.networking.domain}";
+ };
+
+ package = mkOption {
+ description = "Package.";
+ type = types.package;
+ default = pkgs.cgit-pink;
+ };
+ };
+
+ config = mkMerge [
+ (mkIf cfg.client.enable {
+ secrets = {
+ glab-cli-config = {
+ file = "${inputs.self}/secrets/glab-cli-config";
+ path = "${config.dirs.config}/glab-cli/config.yml";
+ owner = my.username;
+ inherit (config.my) group;
+ };
+ gh-hosts = {
+ file = "${inputs.self}/secrets/gh-hosts";
+ path = "${config.dirs.config}/gh/hosts.yml";
+ owner = my.username;
+ inherit (config.my) group;
+ };
+ hut = {
+ file = "${inputs.self}/secrets/hut";
+ path = "${config.dirs.config}/hut/config";
+ owner = my.username;
+ inherit (config.my) group;
+ };
+ };
+ })
+ (mkIf cfg.server.enable {
+ nixfiles.modules.nginx = {
+ enable = true;
+ virtualHosts.${cfg.server.domain} = {
+ locations = {
+ "/".extraConfig = let
+ cgitrc = pkgs.writeText "cgitrc" ''
+ root-title=azahi’s git stuff
+ root-desc=鯛も一人はうまからず
+
+ about-filter=${cfg.server.package}/lib/cgit/filters/about-formatting.sh
+ source-filter=${cfg.server.package}/lib/cgit/filters/syntax-highlighting.py
+ commit-filter=${cfg.server.package}/lib/cgit/filters/commit-links.sh
+
+ enable-git-config=1
+ enable-gitweb-owner=1
+ remove-suffix=1
+
+ snapshots=tar.gz tar.bz2 zip
+
+ readme=:README
+ readme=:README.md
+ readme=:README.org
+ readme=:README.txt
+ readme=:readme
+ readme=:readme.md
+ readme=:readme.org
+ readme=:readme.txt
+
+ scan-path=${config.services.gitolite.dataDir}/repositories
+ '';
+ in ''
+ include ${config.services.nginx.package}/conf/fastcgi_params;
+ fastcgi_split_path_info ^(/?)(.+)$;
+ fastcgi_pass unix:${config.services.fcgiwrap.socketAddress};
+ fastcgi_param SCRIPT_FILENAME ${cfg.server.package}/cgit/cgit.cgi;
+ fastcgi_param CGIT_CONFIG ${cgitrc};
+ fastcgi_param PATH_INFO $uri;
+ fastcgi_param QUERY_STRING $args;
+ fastcgi_param HTTP_HOST $server_name;
+ '';
+ # FIXME This breaks sources previewing for these files.
+ "~* ^/(.+.(ico|css|png))$".extraConfig = ''
+ alias ${cfg.server.package}/cgit/$1;
+ '';
+ };
+ };
+ };
+
+ services = let
+ user = "git";
+ group = "git";
+ in {
+ gitolite = {
+ # TODO Make the configuration purely declarative.
+ enable = true;
+ inherit user group;
+ adminPubkey = my.ssh.key;
+ };
+
+ fcgiwrap = {
+ enable = true;
+ inherit user group;
+ };
+ };
+ })
+ ];
+}
diff --git a/modules/nixos/gnupg.nix b/modules/nixos/gnupg.nix
new file mode 100644
index 0000000..b86be9b
--- /dev/null
+++ b/modules/nixos/gnupg.nix
@@ -0,0 +1,38 @@
+{
+ config,
+ lib,
+ ...
+}:
+with lib; let
+ cfg = config.nixfiles.modules.gnupg;
+in {
+ options.nixfiles.modules.gnupg.pinentry = mkOption {
+ description = "Name of a pinentry implementation.";
+ type = types.str;
+ default = "curses";
+ };
+
+ config = mkIf cfg.enable {
+ hm = {
+ programs.gpg.homedir = "${config.dirs.data}/gnupg";
+
+ services.gpg-agent = {
+ enable = true;
+
+ enableSshSupport = true;
+ enableScDaemon = false;
+
+ defaultCacheTtl = 999999;
+ defaultCacheTtlSsh = 999999;
+ maxCacheTtl = 999999;
+ maxCacheTtlSsh = 999999;
+
+ grabKeyboardAndMouse = true;
+
+ sshKeys = [my.pgp.grip];
+
+ pinentryFlavor = cfg.pinentry;
+ };
+ };
+ };
+}
diff --git a/modules/nixfiles/gotify.nix b/modules/nixos/gotify.nix
index db47bb4..db47bb4 100644
--- a/modules/nixfiles/gotify.nix
+++ b/modules/nixos/gotify.nix
diff --git a/modules/nixfiles/grafana.nix b/modules/nixos/grafana.nix
index a614502..a614502 100644
--- a/modules/nixfiles/grafana.nix
+++ b/modules/nixos/grafana.nix
diff --git a/modules/nixfiles/hydra.nix b/modules/nixos/hydra.nix
index 590fecb..590fecb 100644
--- a/modules/nixfiles/hydra.nix
+++ b/modules/nixos/hydra.nix
diff --git a/modules/nixfiles/ipfs.nix b/modules/nixos/ipfs.nix
index 0ec64e5..0ec64e5 100644
--- a/modules/nixfiles/ipfs.nix
+++ b/modules/nixos/ipfs.nix
diff --git a/modules/nixfiles/kde.nix b/modules/nixos/kde.nix
index a430294..a430294 100644
--- a/modules/nixfiles/kde.nix
+++ b/modules/nixos/kde.nix
diff --git a/modules/nixfiles/libvirtd.nix b/modules/nixos/libvirtd.nix
index ae8b336..ae8b336 100644
--- a/modules/nixfiles/libvirtd.nix
+++ b/modules/nixos/libvirtd.nix
diff --git a/modules/nixfiles/lidarr.nix b/modules/nixos/lidarr.nix
index f73f917..f73f917 100644
--- a/modules/nixfiles/lidarr.nix
+++ b/modules/nixos/lidarr.nix
diff --git a/modules/nixfiles/loki.nix b/modules/nixos/loki.nix
index 1582164..1582164 100644
--- a/modules/nixfiles/loki.nix
+++ b/modules/nixos/loki.nix
diff --git a/modules/nixfiles/lxc.nix b/modules/nixos/lxc.nix
index 4f7805f..4f7805f 100644
--- a/modules/nixfiles/lxc.nix
+++ b/modules/nixos/lxc.nix
diff --git a/modules/nixfiles/matrix/default.nix b/modules/nixos/matrix/default.nix
index bd221c4..bd221c4 100644
--- a/modules/nixfiles/matrix/default.nix
+++ b/modules/nixos/matrix/default.nix
diff --git a/modules/nixfiles/matrix/dendrite.nix b/modules/nixos/matrix/dendrite.nix
index 0fad5f2..0fad5f2 100644
--- a/modules/nixfiles/matrix/dendrite.nix
+++ b/modules/nixos/matrix/dendrite.nix
diff --git a/modules/nixfiles/matrix/element.nix b/modules/nixos/matrix/element.nix
index 3d47800..3d47800 100644
--- a/modules/nixfiles/matrix/element.nix
+++ b/modules/nixos/matrix/element.nix
diff --git a/modules/nixfiles/matrix/synapse.nix b/modules/nixos/matrix/synapse.nix
index 6ff5e0d..6ff5e0d 100644
--- a/modules/nixfiles/matrix/synapse.nix
+++ b/modules/nixos/matrix/synapse.nix
diff --git a/modules/nixfiles/monitoring/dashboards/endlessh.json b/modules/nixos/monitoring/dashboards/endlessh.json
index 0b47ee2..0b47ee2 100644
--- a/modules/nixfiles/monitoring/dashboards/endlessh.json
+++ b/modules/nixos/monitoring/dashboards/endlessh.json
diff --git a/modules/nixfiles/monitoring/dashboards/nginx.json b/modules/nixos/monitoring/dashboards/nginx.json
index b2cc499..b2cc499 100644
--- a/modules/nixfiles/monitoring/dashboards/nginx.json
+++ b/modules/nixos/monitoring/dashboards/nginx.json
diff --git a/modules/nixfiles/monitoring/dashboards/postgresql.json b/modules/nixos/monitoring/dashboards/postgresql.json
index 4e533f7..4e533f7 100644
--- a/modules/nixfiles/monitoring/dashboards/postgresql.json
+++ b/modules/nixos/monitoring/dashboards/postgresql.json
diff --git a/modules/nixfiles/monitoring/dashboards/unbound.json b/modules/nixos/monitoring/dashboards/unbound.json
index 8a0d503..8a0d503 100644
--- a/modules/nixfiles/monitoring/dashboards/unbound.json
+++ b/modules/nixos/monitoring/dashboards/unbound.json
diff --git a/modules/nixfiles/monitoring/default.nix b/modules/nixos/monitoring/default.nix
index 4ff4c50..4ff4c50 100644
--- a/modules/nixfiles/monitoring/default.nix
+++ b/modules/nixos/monitoring/default.nix
diff --git a/modules/nixfiles/nextcloud.nix b/modules/nixos/nextcloud.nix
index 69bea8a..69bea8a 100644
--- a/modules/nixfiles/nextcloud.nix
+++ b/modules/nixos/nextcloud.nix
diff --git a/modules/nixfiles/nginx.nix b/modules/nixos/nginx.nix
index b8ab24d..b8ab24d 100644
--- a/modules/nixfiles/nginx.nix
+++ b/modules/nixos/nginx.nix
diff --git a/modules/nixfiles/node-exporter.nix b/modules/nixos/node-exporter.nix
index 43f48f6..43f48f6 100644
--- a/modules/nixfiles/node-exporter.nix
+++ b/modules/nixos/node-exporter.nix
diff --git a/modules/nixfiles/nsd.nix b/modules/nixos/nsd.nix
index f5a7d84..0dade8f 100644
--- a/modules/nixfiles/nsd.nix
+++ b/modules/nixos/nsd.nix
@@ -170,7 +170,5 @@ in {
allowedTCPPorts = [53];
allowedUDPPorts = allowedTCPPorts;
};
-
- system.extraDependencies = [inputs.dns-nix];
};
}
diff --git a/modules/nixos/openssh.nix b/modules/nixos/openssh.nix
new file mode 100644
index 0000000..00d2852
--- /dev/null
+++ b/modules/nixos/openssh.nix
@@ -0,0 +1,34 @@
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+with lib; let
+ cfg = config.nixfiles.modules.openssh;
+in {
+ options.nixfiles.modules.openssh.server.enable =
+ mkEnableOption "OpenSSH server";
+
+ config = mkIf cfg.server.enable {
+ programs.mosh.enable = true;
+
+ services = let
+ port = 22022; # Port 22 should be occupied by a tarpit.
+ in {
+ openssh = {
+ enable = true;
+ ports = [port];
+ logLevel = "VERBOSE"; # Required by fail2ban.
+ permitRootLogin = "no";
+ passwordAuthentication = false;
+ };
+
+ fail2ban.jails.sshd = ''
+ enabled = true
+ mode = aggressive
+ port = ${toString port}
+ '';
+ };
+ };
+}
diff --git a/modules/nixfiles/podman.nix b/modules/nixos/podman.nix
index 1c5378b..1c5378b 100644
--- a/modules/nixfiles/podman.nix
+++ b/modules/nixos/podman.nix
diff --git a/modules/nixfiles/postgresql.nix b/modules/nixos/postgresql.nix
index df05e7e..df05e7e 100644
--- a/modules/nixfiles/postgresql.nix
+++ b/modules/nixos/postgresql.nix
diff --git a/modules/nixos/profiles/default.nix b/modules/nixos/profiles/default.nix
new file mode 100644
index 0000000..d5ab838
--- /dev/null
+++ b/modules/nixos/profiles/default.nix
@@ -0,0 +1,33 @@
+{
+ config,
+ lib,
+ pkgs,
+ this,
+ ...
+}:
+with lib; let
+ cfg = config.nixfiles.modules.profiles.default;
+in {
+ imports = [
+ ./dev
+ ./headful.nix
+ ./headless.nix
+ ];
+
+ config = mkIf cfg.enable {
+ programs.less = {
+ enable = true;
+ envVariables.LESSHISTFILE = "-";
+ };
+
+ environment.systemPackages = with pkgs; [
+ cryptsetup
+ lshw
+ lsof
+ pciutils
+ psmisc
+ usbutils
+ util-linux
+ ];
+ };
+}
diff --git a/modules/nixos/profiles/dev/containers.nix b/modules/nixos/profiles/dev/containers.nix
new file mode 100644
index 0000000..195b892
--- /dev/null
+++ b/modules/nixos/profiles/dev/containers.nix
@@ -0,0 +1,27 @@
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+with lib; let
+ cfg = config.nixfiles.modules.profiles.dev.containers;
+in {
+ config = mkIf cfg.enable {
+ nixfiles.modules.podman.enable = true;
+
+ hm = {
+ home = {
+ sessionVariables.MINIKUBE_HOME = "${config.dirs.config}/minikube";
+
+ packages = with pkgs; [buildah];
+ };
+
+ xdg.dataFile."minikube/config/config.json".text = generators.toJSON {} {
+ config.Rootless = true;
+ driver = "podman";
+ container-runtime = "cri-o";
+ };
+ };
+ };
+}
diff --git a/modules/nixos/profiles/dev/default.nix b/modules/nixos/profiles/dev/default.nix
new file mode 100644
index 0000000..83d41c0
--- /dev/null
+++ b/modules/nixos/profiles/dev/default.nix
@@ -0,0 +1,19 @@
+{
+ config,
+ lib,
+ pkgs,
+ this,
+ ...
+}:
+with lib; let
+ cfg = config.nixfiles.modules.profiles.dev.default;
+in {
+ config = mkIf cfg.enable {
+ hm.home.language = {
+ collate = "C";
+ messages = "C";
+ };
+
+ my.extraGroups = ["kvm"];
+ };
+}
diff --git a/modules/nixos/profiles/headful.nix b/modules/nixos/profiles/headful.nix
new file mode 100644
index 0000000..01c442e
--- /dev/null
+++ b/modules/nixos/profiles/headful.nix
@@ -0,0 +1,88 @@
+{
+ config,
+ lib,
+ pkgs,
+ this,
+ ...
+}:
+with lib; let
+ cfg = config.nixfiles.modules.profiles.headful;
+in {
+ config = mkIf cfg.enable {
+ nixfiles.modules = {
+ chromium.enable = true;
+ firefox.enable = true;
+ sound.enable = true;
+ x11.enable = true;
+
+ dwm.enable = mkDefault false;
+ kde.enable = mkDefault true;
+ xmonad.enable = mkDefault false;
+ };
+
+ hm = {
+ home.packages = with pkgs; [
+ calibre
+ imv
+ neochat
+ tdesktop
+ tor-browser
+ ];
+
+ programs.bash.shellAliases.open = "${pkgs.xdg-utils}/bin/xdg-open";
+ };
+
+ boot = {
+ # Pretty much placebo but has some nice patches for `-march=native`
+ # optimisations, P-State Zen4 support and Fsync for Wine.
+ kernelPackages = mkDefault pkgs.linuxPackages_xanmod_latest;
+
+ # There are (arguably) not a lot of reasons to keep mitigations enabled
+ # for on machine that is not web-facing. First of all, to completely
+ # mitigate any possible Spectre holes one would need to disable
+ # Hyperthreading altogether which will essentially put one's computer into
+ # the stone age by not being able to to effectively utilise multi-core its
+ # multicore capabilities. Secondly, by enabling mitigations, we introduce
+ # a plethora of performace overheads[1], which, albeit small, but still
+ # contribute to the overall speed of things. This is however still poses a
+ # security risk, which I am willing to take.
+ #
+ # [1]: https://www.phoronix.com/scan.php?page=article&item=spectre-meltdown-2&num=11
+ kernelParams = ["mitigations=off"];
+
+ loader = {
+ efi.canTouchEfiVariables = true;
+
+ systemd-boot = {
+ enable = true;
+ configurationLimit = 10;
+ };
+ };
+ };
+
+ hardware.opengl = {
+ enable = true;
+ driSupport = true;
+ };
+
+ programs = {
+ iftop.enable = true;
+ mtr.enable = true;
+ traceroute.enable = true;
+ };
+
+ services = {
+ # https://github.com/NixOS/nixpkgs/issues/135888
+ upower.enable = true;
+
+ psd.enable = true;
+ };
+
+ environment.systemPackages = with pkgs; [
+ ethtool
+ nethogs
+ ];
+
+ my.extraGroups = ["audio" "video" "input"];
+ };
+}
diff --git a/modules/nixos/profiles/headless.nix b/modules/nixos/profiles/headless.nix
new file mode 100644
index 0000000..9faf531
--- /dev/null
+++ b/modules/nixos/profiles/headless.nix
@@ -0,0 +1,42 @@
+{
+ config,
+ lib,
+ pkgs,
+ this,
+ ...
+}:
+with lib; let
+ cfg = config.nixfiles.modules.profiles.headless;
+in {
+ config = mkIf cfg.enable {
+ nixfiles.modules = {
+ openssh.server.enable = true;
+ endlessh-go.enable = true;
+
+ fail2ban.enable = true;
+
+ node-exporter.enable = true;
+ promtail.enable = true;
+ };
+
+ # Pin version to prevent any surprises.
+ boot.kernelPackages = pkgs.linuxPackages_5_15_hardened;
+
+ nix = {
+ gc = {
+ automatic = true;
+ dates = "weekly";
+ options = "--delete-older-than 30d";
+ };
+
+ optimise = {
+ automatic = true;
+ dates = ["daily"];
+ };
+ };
+
+ services.udisks2.enable = false;
+
+ xdg.sounds.enable = false;
+ };
+}
diff --git a/modules/nixfiles/prometheus.nix b/modules/nixos/prometheus.nix
index a75c151..a75c151 100644
--- a/modules/nixfiles/prometheus.nix
+++ b/modules/nixos/prometheus.nix
diff --git a/modules/nixfiles/promtail.nix b/modules/nixos/promtail.nix
index 552df82..552df82 100644
--- a/modules/nixfiles/promtail.nix
+++ b/modules/nixos/promtail.nix
diff --git a/modules/nixfiles/psd.nix b/modules/nixos/psd.nix
index 77d3c66..77d3c66 100644
--- a/modules/nixfiles/psd.nix
+++ b/modules/nixos/psd.nix
diff --git a/modules/nixfiles/radarr.nix b/modules/nixos/radarr.nix
index 0abfdf2..0abfdf2 100644
--- a/modules/nixfiles/radarr.nix
+++ b/modules/nixos/radarr.nix
diff --git a/modules/nixfiles/radicale.nix b/modules/nixos/radicale.nix
index c903d39..c903d39 100644
--- a/modules/nixfiles/radicale.nix
+++ b/modules/nixos/radicale.nix
diff --git a/modules/nixfiles/rss-bridge.nix b/modules/nixos/rss-bridge.nix
index fef1070..fef1070 100644
--- a/modules/nixfiles/rss-bridge.nix
+++ b/modules/nixos/rss-bridge.nix
diff --git a/modules/nixfiles/rtorrent.nix b/modules/nixos/rtorrent.nix
index 4014a3b..4014a3b 100644
--- a/modules/nixfiles/rtorrent.nix
+++ b/modules/nixos/rtorrent.nix
diff --git a/modules/nixfiles/searx.nix b/modules/nixos/searx.nix
index 9462d5d..9462d5d 100644
--- a/modules/nixfiles/searx.nix
+++ b/modules/nixos/searx.nix
diff --git a/modules/nixfiles/shadowsocks.nix b/modules/nixos/shadowsocks.nix
index b59359c..b59359c 100644
--- a/modules/nixfiles/shadowsocks.nix
+++ b/modules/nixos/shadowsocks.nix
diff --git a/modules/nixfiles/soju.nix b/modules/nixos/soju.nix
index 14faf00..14faf00 100644
--- a/modules/nixfiles/soju.nix
+++ b/modules/nixos/soju.nix
diff --git a/modules/nixfiles/solaar.nix b/modules/nixos/solaar.nix
index ceff23d..ceff23d 100644
--- a/modules/nixfiles/solaar.nix
+++ b/modules/nixos/solaar.nix
diff --git a/modules/nixfiles/sonarr.nix b/modules/nixos/sonarr.nix
index 8c79175..8c79175 100644
--- a/modules/nixfiles/sonarr.nix
+++ b/modules/nixos/sonarr.nix
diff --git a/modules/nixfiles/sound.nix b/modules/nixos/sound.nix
index ae35e44..ae35e44 100644
--- a/modules/nixfiles/sound.nix
+++ b/modules/nixos/sound.nix
diff --git a/modules/nixfiles/syncthing.nix b/modules/nixos/syncthing.nix
index b690ab4..b690ab4 100644
--- a/modules/nixfiles/syncthing.nix
+++ b/modules/nixos/syncthing.nix
diff --git a/modules/nixfiles/throttled.nix b/modules/nixos/throttled.nix
index f182ee1..f182ee1 100644
--- a/modules/nixfiles/throttled.nix
+++ b/modules/nixos/throttled.nix
diff --git a/modules/nixfiles/unbound.nix b/modules/nixos/unbound.nix
index 8c40291..8c40291 100644
--- a/modules/nixfiles/unbound.nix
+++ b/modules/nixos/unbound.nix
diff --git a/modules/nixfiles/vaultwarden.nix b/modules/nixos/vaultwarden.nix
index 7d51667..7d51667 100644
--- a/modules/nixfiles/vaultwarden.nix
+++ b/modules/nixos/vaultwarden.nix
diff --git a/modules/nixfiles/wireguard.nix b/modules/nixos/wireguard.nix
index d05c6ae..d05c6ae 100644
--- a/modules/nixfiles/wireguard.nix
+++ b/modules/nixos/wireguard.nix
diff --git a/modules/nixfiles/x11.nix b/modules/nixos/x11.nix
index cd8dfbe..cd8dfbe 100644
--- a/modules/nixfiles/x11.nix
+++ b/modules/nixos/x11.nix
diff --git a/modules/nixfiles/xmonad.nix b/modules/nixos/xmonad.nix
index 847110e..2cc7ad6 100644
--- a/modules/nixfiles/xmonad.nix
+++ b/modules/nixos/xmonad.nix
@@ -24,7 +24,5 @@ in {
};
services.xserver.displayManager.startx.enable = true;
-
- system.extraDependencies = [inputs.xmonad-ng];
};
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-20 05:51:05 +0000