From 364e8a98ad25127f2a51696ec03729e3a783044f Mon Sep 17 00:00:00 2001 From: Azat Bahawi Date: Sat, 25 May 2024 22:16:47 +0300 Subject: 2024-05-25 --- checks.nix | 13 +- configurations/default.nix | 5 + configurations/eonwe/default.nix | 11 +- configurations/manwe/default.nix | 3 +- configurations/melian/default.nix | 10 +- configurations/varda/default.nix | 4 +- configurations/yavanna/default.nix | 2 +- flake.lock | 376 ++++++++++--------------------------- flake.nix | 37 +++- lib/default.nix | 19 +- lib/my.nix | 11 ++ modules/common/documentation.nix | 2 +- modules/common/home-manager.nix | 1 + modules/common/networking.nix | 16 +- modules/common/nix.nix | 230 ++++++++++++----------- modules/common/security.nix | 12 +- modules/common/stylix.nix | 2 + modules/common/systemd.nix | 3 +- modules/common/xdg.nix | 5 +- modules/default.nix | 10 +- modules/firefox/userContent.css | 7 + modules/nginx.nix | 18 +- modules/openssh.nix | 1 - modules/postgresql.nix | 2 +- modules/profiles/default.nix | 11 +- modules/profiles/dev/default.nix | 3 + modules/profiles/headful.nix | 2 + modules/profiles/headless.nix | 14 +- modules/qutebrowser.nix | 5 +- modules/shadowsocks.nix | 3 +- modules/soju.nix | 4 +- modules/sound.nix | 27 ++- 32 files changed, 376 insertions(+), 493 deletions(-) diff --git a/checks.nix b/checks.nix index 3570574..511b658 100644 --- a/checks.nix +++ b/checks.nix @@ -7,7 +7,7 @@ { preCommit = inputs.git-hooks.lib.${system}.run { src = builtins.path { - name = "nixfiles"; + name = "src"; path = ./.; }; hooks = { @@ -22,8 +22,19 @@ entry = "${pkgs.prometheus.cli}/bin/promtool check rules"; files = "(?x)^(modules/monitoring/rules/.*\.yaml)$"; }; + trim-trailing-whitespace = { + enable = true; + excludes = [ ".*\.patch" ]; + }; + check-added-large-files.enable = true; + check-case-conflicts.enable = true; + check-symlinks.enable = true; deadnix.enable = true; + detect-private-keys.enable = true; editorconfig-checker.enable = true; + fix-byte-order-marker.enable = true; + flake-checker.enable = true; + nil.enable = true; prettier.enable = true; shellcheck.enable = true; shfmt.enable = true; diff --git a/configurations/default.nix b/configurations/default.nix index 78eb2bc..088060b 100644 --- a/configurations/default.nix +++ b/configurations/default.nix @@ -64,12 +64,14 @@ mapAttrs' mkConfiguration ( nixos-hardware.nixosModules.common-gpu-amd nixos-hardware.nixosModules.common-pc-ssd nixpkgs.nixosModules.notDetected + srvos.nixosModules.common ]; melian.modules = with inputs; [ nixos-hardware.nixosModules.common-pc-laptop-ssd nixos-hardware.nixosModules.lenovo-thinkpad-t480 nixpkgs.nixosModules.notDetected + srvos.nixosModules.common ]; manwe.modules = with inputs; [ @@ -77,6 +79,7 @@ mapAttrs' mkConfiguration ( nixos-hardware.nixosModules.common-cpu-amd nixos-hardware.nixosModules.common-pc-ssd nixpkgs.nixosModules.notDetected + srvos.nixosModules.server ]; varda.modules = with inputs; [ @@ -84,6 +87,7 @@ mapAttrs' mkConfiguration ( nixos-hardware.nixosModules.common-cpu-amd nixos-hardware.nixosModules.common-pc-ssd nixpkgs.nixosModules.notDetected + srvos.nixosModules.server ]; yavanna.modules = with inputs; [ @@ -91,6 +95,7 @@ mapAttrs' mkConfiguration ( nixos-hardware.nixosModules.common-cpu-intel nixos-hardware.nixosModules.common-pc-hdd nixpkgs.nixosModules.notDetected + srvos.nixosModules.server ]; } ) diff --git a/configurations/eonwe/default.nix b/configurations/eonwe/default.nix index fdff40e..c02a3c3 100644 --- a/configurations/eonwe/default.nix +++ b/configurations/eonwe/default.nix @@ -28,7 +28,8 @@ with lib; hm = { home.packages = with pkgs; [ - # anki # FIXME Broken again. + anki + gimp iaito kdenlive krita @@ -293,8 +294,8 @@ with lib; }; }; - # No swap space is declared here because the system already has 128Gb of RAM. - # I've only manage to hit around 100Gb mark when running large - # computations/compiling something big. Pretty sure that a hefty chunk of it - # was just cache and it wouldn't make me get to OOM situations. + zramSwap = { + enable = true; + memoryPercent = 25; + }; } diff --git a/configurations/manwe/default.nix b/configurations/manwe/default.nix index 3707440..609d2a8 100644 --- a/configurations/manwe/default.nix +++ b/configurations/manwe/default.nix @@ -23,7 +23,6 @@ with lib; enable = true; domain = "git.${my.domain.azahi}"; }; - matrix.dendrite = { enable = true; domain = my.domain.azahi; @@ -71,6 +70,6 @@ with lib; zramSwap = { enable = true; - memoryPercent = 25; + memoryPercent = 50; }; } diff --git a/configurations/melian/default.nix b/configurations/melian/default.nix index 0805b4a..0d50f9f 100644 --- a/configurations/melian/default.nix +++ b/configurations/melian/default.nix @@ -6,11 +6,9 @@ with lib; syncthing.enable = true; + android.enable = true; bluetooth.enable = true; - throttled.enable = true; - - android.enable = true; }; hardware.trackpoint = { @@ -63,7 +61,7 @@ with lib; "level disengaged" 50 32767 - ] # This could annoy some people but IDGAF. + ] ]; }; }; @@ -90,8 +88,6 @@ with lib; }; }; - # NOTE This makes hibernation pretty much impossible because the partition is - # encrypted. swapDevices = [ { device = "/swapfile"; @@ -101,6 +97,6 @@ with lib; zramSwap = { enable = true; - memoryPercent = 25; + memoryPercent = 100; }; } diff --git a/configurations/varda/default.nix b/configurations/varda/default.nix index c8ecef2..76f8daf 100644 --- a/configurations/varda/default.nix +++ b/configurations/varda/default.nix @@ -6,8 +6,6 @@ with lib; nixfiles.modules = { wireguard.client.enable = true; - acme.enable = true; - k3s.enable = true; }; @@ -57,6 +55,6 @@ with lib; zramSwap = { enable = true; - memoryPercent = 25; + memoryPercent = 50; }; } diff --git a/configurations/yavanna/default.nix b/configurations/yavanna/default.nix index 2d52f53..b9de05e 100644 --- a/configurations/yavanna/default.nix +++ b/configurations/yavanna/default.nix @@ -27,6 +27,6 @@ _: { zramSwap = { enable = true; - memoryPercent = 25; + memoryPercent = 50; }; } diff --git a/flake.lock b/flake.lock index 9da599c..8c1b4ee 100644 --- a/flake.lock +++ b/flake.lock @@ -12,11 +12,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1714136352, - "narHash": "sha256-BtWQ2Th/jamO1SlD+2ASSW5Jaf7JhA/JLpQHk0Goqpg=", + "lastModified": 1716561646, + "narHash": "sha256-UIGtLO89RxKt7RF2iEgPikSdU53r6v/6WYB0RW3k89I=", "owner": "ryantm", "repo": "agenix", - "rev": "24a7ea390564ccd5b39b7884f597cfc8d7f6f44e", + "rev": "c2fc0762bbe8feb06a2e59a364fa81b3a57671c9", "type": "github" }, "original": { @@ -30,7 +30,9 @@ "flake-compat": [ "flake-compat" ], - "flake-utils": "flake-utils", + "flake-utils": [ + "flake-utils" + ], "nixpkgs": [ "nixpkgs" ] @@ -54,7 +56,9 @@ "flake-compat": [ "flake-compat" ], - "flake-utils": "flake-utils_2", + "flake-utils": [ + "flake-utils" + ], "nixpkgs": [ "nixpkgs" ], @@ -247,18 +251,18 @@ }, "devshell": { "inputs": { - "flake-utils": "flake-utils_6", + "flake-utils": "flake-utils_2", "nixpkgs": [ "nix-topology", "nixpkgs" ] }, "locked": { - "lastModified": 1711099426, - "narHash": "sha256-HzpgM/wc3aqpnHJJ2oDqPBkNsqWbW0WfWUO8lKu8nGk=", + "lastModified": 1713532798, + "narHash": "sha256-wtBhsdMJA3Wa32Wtm1eeo84GejtI43pMrFrmwLXrsEc=", "owner": "numtide", "repo": "devshell", - "rev": "2d45b54ca4a183f2fdcf4b19c895b64fbf620ee8", + "rev": "12e914740a25ea1891ec619bb53cf5e6ca922e40", "type": "github" }, "original": { @@ -269,21 +273,23 @@ }, "dns": { "inputs": { - "flake-utils": "flake-utils_3", + "flake-utils": [ + "flake-utils" + ], "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1635273082, - "narHash": "sha256-EHiDP2jEa7Ai5ZwIf5uld9RVFcV77+2SUxjQXwJsJa0=", - "owner": "kirelagin", + "lastModified": 1715873341, + "narHash": "sha256-vOTcr7KXhNDvYPwGotjxcLBrrUq/Nt3sfKRtFwGdHGo=", + "owner": "nix-community", "repo": "dns.nix", - "rev": "c7b9645da9c0ddce4f9de4ef27ec01bb8108039a", + "rev": "9ebfa9158290de09fafcc759211e48bda48329ee", "type": "github" }, "original": { - "owner": "kirelagin", + "owner": "nix-community", "repo": "dns.nix", "type": "github" } @@ -303,77 +309,10 @@ "type": "github" } }, - "flake-registry": { - "flake": false, - "locked": { - "lastModified": 1705308826, - "narHash": "sha256-Z3xTYZ9EcRIqZAufZbci912MUKB0sD+qxi/KTGMFVwY=", - "owner": "NixOS", - "repo": "flake-registry", - "rev": "9c69f7bd2363e71fe5cd7f608113290c7614dcdd", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "flake-registry", - "type": "github" - } - }, "flake-utils": { "inputs": { "systems": "systems_2" }, - "locked": { - "lastModified": 1705309234, - "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_2": { - "inputs": { - "systems": "systems_3" - }, - "locked": { - "lastModified": 1705309234, - "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_3": { - "locked": { - "lastModified": 1614513358, - "narHash": "sha256-LakhOx3S1dRjnh0b5Dg3mbZyH0ToC9I8Y2wKSkBaTzU=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "5466c5bbece17adaab2d82fae80b46e807611bf3", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_4": { - "inputs": { - "systems": "systems_4" - }, "locked": { "lastModified": 1710146030, "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", @@ -388,27 +327,9 @@ "type": "github" } }, - "flake-utils_5": { - "inputs": { - "systems": "systems_6" - }, - "locked": { - "lastModified": 1681202837, - "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "cfacdce06f30d2b68473a46042957675eebb3401", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_6": { + "flake-utils_2": { "inputs": { - "systems": "systems_7" + "systems": "systems_4" }, "locked": { "lastModified": 1701680307, @@ -424,58 +345,6 @@ "type": "github" } }, - "flake-utils_7": { - "inputs": { - "systems": "systems_8" - }, - "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_8": { - "inputs": { - "systems": "systems_9" - }, - "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_9": { - "locked": { - "lastModified": 1659877975, - "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", - "type": "github" - }, - "original": { - "owner": "numtide", - "ref": "master", - "repo": "flake-utils", - "type": "github" - } - }, "fromYaml": { "flake": false, "locked": { @@ -497,7 +366,6 @@ "flake-compat": [ "flake-compat" ], - "flake-utils": "flake-utils_4", "gitignore": "gitignore", "nixpkgs": [ "nixpkgs" @@ -507,11 +375,11 @@ ] }, "locked": { - "lastModified": 1714478972, - "narHash": "sha256-q//cgb52vv81uOuwz1LaXElp3XAe1TqrABXODAEF6Sk=", + "lastModified": 1716213921, + "narHash": "sha256-xrsYFST8ij4QWaV6HEokCUNIZLjjLP1bYC60K8XiBVA=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "2849da033884f54822af194400f8dff435ada242", + "rev": "0e8fcc54b842ad8428c9e705cb5994eaf05c26a0", "type": "github" }, "original": { @@ -544,16 +412,16 @@ "gnome-shell": { "flake": false, "locked": { - "lastModified": 1698794309, - "narHash": "sha256-/TIkZ8y5Wv3QHLFp79Poao9fINurKs5pa4z0CRe+F8s=", + "lastModified": 1713702291, + "narHash": "sha256-zYP1ehjtcV8fo+c+JFfkAqktZ384Y+y779fzmR9lQAU=", "owner": "GNOME", "repo": "gnome-shell", - "rev": "a7c169c6c29cf02a4c392fa0acbbc5f5072823e7", + "rev": "0d0aadf013f78a7f7f1dc984d0d812971864b934", "type": "github" }, "original": { "owner": "GNOME", - "ref": "45.1", + "ref": "46.1", "repo": "gnome-shell", "type": "github" } @@ -565,11 +433,11 @@ ] }, "locked": { - "lastModified": 1714900398, - "narHash": "sha256-H7XYHpjk1G6dkA3AnbYrKtaTFjcCE7ul6nUVlVQxtsA=", + "lastModified": 1716457508, + "narHash": "sha256-ZxzffLuWRyuMrkVVq7wastNUqeO0HJL9xqfY1QsYaqo=", "owner": "nix-community", "repo": "home-manager", - "rev": "fdaaf543bad047639ef0b356ea2e6caec2f1215c", + "rev": "850cb322046ef1a268449cf1ceda5fd24d930b05", "type": "github" }, "original": { @@ -581,11 +449,11 @@ "homelab-svg-assets": { "flake": false, "locked": { - "lastModified": 1713467357, - "narHash": "sha256-DwjQVWgN8Ys9IbiR18IHMlAKD2q5dgdWSxP/Ze1kRQA=", + "lastModified": 1715873439, + "narHash": "sha256-hiW4kxpwuiln9ULYfydZbARZE4j2qzT/qAOPRBReyIY=", "owner": "loganmarchione", "repo": "homelab-svg-assets", - "rev": "8bb1d84d848155e2d9eb1680a2e04b1bb51f3da8", + "rev": "80b6b632a4cce01b3d91ad943e3e6391d2d60745", "type": "github" }, "original": { @@ -639,17 +507,19 @@ "flake-compat": [ "flake-compat" ], - "flake-utils": "flake-utils_5", + "flake-utils": [ + "flake-utils" + ], "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1714872254, - "narHash": "sha256-O9n7CATdL7uD+MNcxd8RhjA4Bn6yweF7uoGaJKOYcE0=", + "lastModified": 1716600043, + "narHash": "sha256-6qCzoi1hLw24Wbx4K9Qgw/rVV4YOQBFJpkiYM3deKv4=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "716121fd08323465a25878cba2814f7463be0095", + "rev": "d20a387ad4a5376dfce8f220707fb1d5fbd97ab2", "type": "github" }, "original": { @@ -665,11 +535,11 @@ ] }, "locked": { - "lastModified": 1714878592, - "narHash": "sha256-E68C03sYRsYFsK7wiGHUIJm8IsyPRALOrFoTL0glXnI=", + "lastModified": 1716170277, + "narHash": "sha256-fCAiox/TuzWGVaAz16PxrR4Jtf9lN5dwWL2W74DS0yI=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "a362555e9dbd4ecff3bb98969bbdb8f79fe87f10", + "rev": "e0638db3db43b582512a7de8c0f8363a162842b9", "type": "github" }, "original": { @@ -681,7 +551,9 @@ "nix-topology": { "inputs": { "devshell": "devshell", - "flake-utils": "flake-utils_7", + "flake-utils": [ + "flake-utils" + ], "nixpkgs": [ "nixpkgs" ], @@ -690,11 +562,11 @@ ] }, "locked": { - "lastModified": 1714686485, - "narHash": "sha256-JUIGvx9sHjGqpGAFhY9jpOPzxLh8M7B8p/7ClmE/L24=", + "lastModified": 1715634843, + "narHash": "sha256-YrECYhEXY7g8Ji5luq8mdRaLRGiwTPCSDEeVP91DyDY=", "owner": "oddlama", "repo": "nix-topology", - "rev": "79f82222e38c010dfa9367705d2b0142b9ceb635", + "rev": "9ed5c7b5c5cd5bed9e204e8b9d69f4be1954abd3", "type": "github" }, "original": { @@ -705,11 +577,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1714885415, - "narHash": "sha256-LG+2IVqVi1fy724rSDAkgqae+f47fGGko4cJhtkN8PE=", + "lastModified": 1716173274, + "narHash": "sha256-FC21Bn4m6ctajMjiUof30awPBH/7WjD0M5yqrWepZbY=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "753176b57b3fcddb140c1c012868e62c025120bd", + "rev": "d9e0b26202fd500cf3e79f73653cce7f7d541191", "type": "github" }, "original": { @@ -720,11 +592,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1714809261, - "narHash": "sha256-hfBmnYFyz9I1mdrC3tX1A+dF9cOUcds5PIMPxrT+cRk=", + "lastModified": 1716619601, + "narHash": "sha256-9dUxZf8MOqJH3vjbhrz7LH4qTcnRsPSBU1Q50T7q/X8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d32560238207b8e26d88b265207b216ee46b8450", + "rev": "47e03a624662ce399e55c45a5f6da698fc72c797", "type": "github" }, "original": { @@ -736,11 +608,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1714918599, - "narHash": "sha256-xC/YiDwYPUiBdb92EKheCJlioIKldbFmuxKISvWnLR8=", + "lastModified": 1716660083, + "narHash": "sha256-QO7cdjtDhx72KEw6m0NOtuE5FS4asaRExZ65uFR/q8g=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4e83e12e19f96a483dab8a31851f8b7ae8f224bb", + "rev": "6de51d98ec2ae46730f11845e221aab9d2470a8a", "type": "github" }, "original": { @@ -752,16 +624,16 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1714917266, - "narHash": "sha256-uxNVLUDf5HY+140Y/9uyYyqAml51W1y0CuRkQid+nnw=", + "lastModified": 1716656097, + "narHash": "sha256-iobi+LJSawPbbwLEEOe2ENSCgVPHdR9sW32bTeU+Avk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fb5a7b84b7127ed1baa8bc4242368ecc99fcd4e3", + "rev": "8219ecf351180fc02b0e72383beb37b5d731f9a9", "type": "github" }, "original": { "owner": "NixOS", - "ref": "release-23.11", + "ref": "release-24.05", "repo": "nixpkgs", "type": "github" } @@ -806,7 +678,7 @@ "azahi-cc": "azahi-cc", "dns": "dns", "flake-compat": "flake-compat", - "flake-registry": "flake-registry", + "flake-utils": "flake-utils", "git-hooks": "git-hooks", "home-manager": "home-manager", "homelab-svg-assets": "homelab-svg-assets", @@ -821,11 +693,32 @@ "nixpkgs-stable": "nixpkgs-stable", "nmap-vulners": "nmap-vulners", "nmap-vulscan": "nmap-vulscan", + "srvos": "srvos", "stylix": "stylix", "vscode-extensions": "vscode-extensions", "xmonad-ng": "xmonad-ng" } }, + "srvos": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1716425501, + "narHash": "sha256-BSLhmGYY1khyyBAjraR+N0Pa9Nha/et5yQQlEZxcfkU=", + "owner": "nix-community", + "repo": "srvos", + "rev": "1122cd50a23647e09c3e7a679d37ec02113bc412", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "srvos", + "type": "github" + } + }, "stylix": { "inputs": { "base16": "base16", @@ -847,11 +740,11 @@ ] }, "locked": { - "lastModified": 1714555012, - "narHash": "sha256-WVUrm3TGVj6c8g5aG20OjJRHMvUtAZjpHQgukDhyOT8=", + "lastModified": 1716456264, + "narHash": "sha256-s9Tyj5pEivl/AsvrpkUkfR1Iu3zHfXpviPfe4HbPJ5I=", "owner": "danth", "repo": "stylix", - "rev": "43d23b1609b87f6a4100db2a09bd118c52c78766", + "rev": "290c8aef476ce98fff9cefc059284429d561a085", "type": "github" }, "original": { @@ -920,84 +813,9 @@ "type": "github" } }, - "systems_5": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_6": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_7": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_8": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_9": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "utils": { "inputs": { - "systems": "systems_5" + "systems": "systems_3" }, "locked": { "lastModified": 1709126324, @@ -1018,17 +836,19 @@ "flake-compat": [ "flake-compat" ], - "flake-utils": "flake-utils_8", + "flake-utils": [ + "flake-utils" + ], "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1714872267, - "narHash": "sha256-G04hUZnX7rrJ5a9A2OqrKZ1x25svs2xpGDrP2ExExUg=", + "lastModified": 1716600075, + "narHash": "sha256-WeUfE0jslseCeGUcQPHQLL2aFArGst1RdA0WKfoOHJ4=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "7d48b70548c01495e9d434db3a89f61600ca4aca", + "rev": "b2de3e372569c4af5bacc49e5920392e1808f98a", "type": "github" }, "original": { @@ -1039,7 +859,9 @@ }, "xmonad-ng": { "inputs": { - "flake-utils": "flake-utils_9", + "flake-utils": [ + "flake-utils" + ], "nixpkgs": [ "nixpkgs" ] diff --git a/flake.nix b/flake.nix index f0a1fc2..9e78601 100644 --- a/flake.nix +++ b/flake.nix @@ -8,7 +8,7 @@ inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; nixpkgs-master.url = "github:NixOS/nixpkgs/master"; - nixpkgs-stable.url = "github:NixOS/nixpkgs/release-23.11"; + nixpkgs-stable.url = "github:NixOS/nixpkgs/release-24.05"; nixos-hardware.url = "github:NixOS/nixos-hardware"; @@ -17,6 +17,11 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + srvos = { + url = "github:nix-community/srvos"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + stylix = { url = "github:danth/stylix"; inputs = { @@ -35,10 +40,21 @@ nixpkgs.follows = "nixpkgs"; }; }; + # agenix-rekey = { + # url = "github:oddlama/agenix-rekey"; + # inputs = { + # flake-utils.follows = "flake-utils"; + # nixpkgs.follows = "nixpkgs"; + # pre-commit-hooks.follows = "git-hooks"; + # }; + # }; dns = { - url = "github:kirelagin/dns.nix"; - inputs.nixpkgs.follows = "nixpkgs"; + url = "github:nix-community/dns.nix"; + inputs = { + nixpkgs.follows = "nixpkgs"; + flake-utils.follows = "flake-utils"; + }; }; mailserver = { @@ -53,6 +69,7 @@ url = "github:pinpox/alertmanager-ntfy"; inputs = { flake-compat.follows = "flake-compat"; + flake-utils.follows = "flake-utils"; nixpkgs.follows = "nixpkgs"; }; }; @@ -61,6 +78,7 @@ url = "github:nix-community/nix-vscode-extensions"; inputs = { flake-compat.follows = "flake-compat"; + flake-utils.follows = "flake-utils"; nixpkgs.follows = "nixpkgs"; }; }; @@ -69,6 +87,7 @@ url = "github:dwarfmaster/arkenfox-nixos"; inputs = { flake-compat.follows = "flake-compat"; + flake-utils.follows = "flake-utils"; nixpkgs.follows = "nixpkgs"; pre-commit.follows = "git-hooks"; }; @@ -78,6 +97,7 @@ url = "github:Infinidoge/nix-minecraft"; inputs = { flake-compat.follows = "flake-compat"; + flake-utils.follows = "flake-utils"; nixpkgs.follows = "nixpkgs"; }; }; @@ -91,6 +111,7 @@ url = "github:oddlama/nix-topology"; inputs = { nixpkgs.follows = "nixpkgs"; + flake-utils.follows = "flake-utils"; pre-commit-hooks.follows = "git-hooks"; }; }; @@ -101,7 +122,10 @@ xmonad-ng = { url = "git+https://git.azahi.cc/xmonad-ng?ref=master"; - inputs.nixpkgs.follows = "nixpkgs"; + inputs = { + nixpkgs.follows = "nixpkgs"; + flake-utils.follows = "flake-utils"; + }; }; azahi-cc = { @@ -127,10 +151,7 @@ }; }; - flake-registry = { - url = "github:NixOS/flake-registry"; - flake = false; - }; + flake-utils.url = "github:numtide/flake-utils"; flake-compat.url = "github:edolstra/flake-compat"; }; diff --git a/lib/default.nix b/lib/default.nix index cd4b601..a6a25c9 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -33,20 +33,13 @@ lib: _: with lib; rec { builtins.readDir (mapAttrsToList ( name: type: + let + modulePath = dir + "/${name}"; + in if type == "regular" && hasSuffix ".nix" name && name != "default.nix" then - [ - { - name = removeSuffix ".nix" name; - value = dir + "/${name}"; - } - ] - else if type == "directory" && pathExists (dir + "/${name}/default.nix") then - [ - { - inherit name; - value = dir + "/${name}"; - } - ] + [ (nameValuePair (removeSuffix ".nix" name) modulePath) ] + else if type == "directory" && pathExists (modulePath + "/default.nix") then + [ (nameValuePair name modulePath) ] else [ ] )) diff --git a/lib/my.nix b/lib/my.nix index 7d2d1de..8e9b3fc 100644 --- a/lib/my.nix +++ b/lib/my.nix @@ -30,6 +30,12 @@ with lib; readOnly = true; }; + stateVersion = mkOption { + description = "Machine's Nixpkgs state version."; + type = str; + default = trivial.release; + }; + deviceIcon = mkOption { description = "Device icon to be used with nix-topology."; type = nullOr (either path str); @@ -152,6 +158,7 @@ with lib; configurations = { # VPS in Germany. manwe = { + stateVersion = "24.05"; deviceIcon = "devices.cloud-server"; system = "x86_64-linux"; isHeadless = true; @@ -195,6 +202,7 @@ with lib; # VPS in Germany. varda = { + stateVersion = "24.05"; deviceIcon = "devices.cloud-server"; system = "x86_64-linux"; isHeadless = true; @@ -217,6 +225,7 @@ with lib; # VPS in France. yavanna = { + stateVersion = "24.05"; deviceIcon = "devices.cloud-server"; system = "x86_64-linux"; isHeadless = true; @@ -245,6 +254,7 @@ with lib; # A beefy desktop: 7950x/rx6750xt/128GB. eonwe = { + stateVersion = "24.05"; deviceIcon = "devices.desktop"; system = "x86_64-linux"; isHeadful = true; @@ -258,6 +268,7 @@ with lib; # ThinkPad T480. melian = { + stateVersion = "24.05"; deviceIcon = "devices.laptop"; system = "x86_64-linux"; isHeadful = true; diff --git a/modules/common/documentation.nix b/modules/common/documentation.nix index 20856cb..33e767c 100644 --- a/modules/common/documentation.nix +++ b/modules/common/documentation.nix @@ -32,7 +32,7 @@ with lib; (_: _: { __contentAddressed = true; }); }; - environment.sessionVariables = { + environment.variables = { MANOPT = "--no-hyphenation"; MANPAGER = "${getExe pkgs.less} -+F"; }; diff --git a/modules/common/home-manager.nix b/modules/common/home-manager.nix index 9c4cbeb..f2fc8a8 100644 --- a/modules/common/home-manager.nix +++ b/modules/common/home-manager.nix @@ -19,6 +19,7 @@ with lib; news.display = "silent"; home = { inherit (config.system) stateVersion; + enableNixpkgsReleaseCheck = false; }; }; diff --git a/modules/common/networking.nix b/modules/common/networking.nix index 727def4..e891e58 100644 --- a/modules/common/networking.nix +++ b/modules/common/networking.nix @@ -18,7 +18,6 @@ in optional networkmanager.enable "/etc/NetworkManager/system-connections" ++ optional wireless.iwd.enable "/var/lib/iwd"; - # TODO Switch to systemd-networkd. networking = mkMerge [ { domain = my.domain.shire; @@ -29,12 +28,11 @@ in # Remove default hostname mappings. This is required at least by the # current implementation of the monitoring module. hosts = { - "127.0.0.2" = mkForce [ ]; + "127.0.0.1" = mkForce [ ]; "::1" = mkForce [ ]; }; nameservers = mkDefault dns.const.quad9.default; - resolvconf.enable = true; useDHCP = false; @@ -84,13 +82,17 @@ in } ) (mkIf this.isHeadful { - interfaces = { - eth0.useDHCP = mkDefault true; - wlan0.useDHCP = mkDefault true; - }; + interfaces.eth0.useDHCP = mkDefault true; networkmanager = { enable = mkDefault true; + unmanaged = [ + "bridge" + "ethernet" + "loopback" + "wireguard" + ]; + plugins = mkForce [ ]; wifi.backend = "iwd"; }; diff --git a/modules/common/nix.nix b/modules/common/nix.nix index c03c1b1..6c5bd18 100644 --- a/modules/common/nix.nix +++ b/modules/common/nix.nix @@ -3,7 +3,6 @@ inputs, lib, pkgs, - pkgsPr, this, ... }: @@ -12,142 +11,149 @@ let cfg = config.nixfiles.modules.common.nix; in { + imports = with inputs.srvos.nixosModules; [ + mixins-nix-experimental + mixins-trusted-nix-caches + ]; + options.nixfiles.modules.common.nix.allowedUnfreePackages = mkOption { description = "A list of allowed unfree packages."; type = with types; listOf str; default = [ ]; }; - config = { - _module.args = - let - importNixpkgs = - nixpkgs: - import nixpkgs { - inherit (config.nixpkgs) config; - inherit (this) system; - }; - in - rec { - pkgsLocal = importNixpkgs "${config.my.home}/src/nixpkgs"; # Impure! - pkgsMaster = importNixpkgs inputs.nixpkgs-master; - pkgsStable = importNixpkgs inputs.nixpkgs-stable; - pkgsRev = - rev: hash: - importNixpkgs ( - pkgs.fetchFromGitHub { - owner = "NixOS"; - repo = "nixpkgs"; - inherit rev hash; - } - ); - pkgsPr = pr: pkgsRev "refs/pull/${toString pr}/head"; + config = + let + useNixpkgs = + nixpkgs: + import nixpkgs { + inherit (config.nixpkgs) config; + inherit (this) system; + }; + + pkgsLocal = useNixpkgs "${config.my.home}/src/nixpkgs"; # Impure! + pkgsMaster = useNixpkgs inputs.nixpkgs-master; + pkgsStable = useNixpkgs inputs.nixpkgs-stable; + pkgsRev = + rev: hash: + useNixpkgs ( + pkgs.fetchFromGitHub { + owner = "NixOS"; + repo = "nixpkgs"; + inherit rev hash; + } + ); + pkgsPr = pr: pkgsRev "refs/pull/${toString pr}/head"; + in + { + _module.args = { + inherit + pkgsLocal + pkgsMaster + pkgsStable + pkgsRev + pkgsPr + ; + }; + + hm = { + # Used primarily in conjunction with the "nixfiles" script. + home.file.".nix-defexpr/default.nix".text = + let + hostname = strings.escapeNixIdentifier this.hostname; + in + optionalString this.isHeadful '' + let + self = builtins.getFlake "nixfiles"; + configurations = self.nixosConfigurations; + local = configurations.${hostname}; + in rec { + inherit self; + inherit (self) inputs lib; + inherit (lib) my; + this = my.configurations.${hostname}; + inherit (local) config; + inherit (local.config.system.build) toplevel vm vmWithBootLoader manual; + pretty = expr: lib.trace (lib.generators.toPretty {} expr) {}; + } // configurations // local._module.args + ''; + + programs.bash.shellAliases.nix = "nix --verbose --print-build-logs"; }; - hm = { - # Used primarily in conjunction with the "nixfiles" script. - home.file.".nix-defexpr/default.nix".text = + nix = let - hostname = strings.escapeNixIdentifier this.hostname; + notSelfInputs = filterAttrs (n: _: n != "self") inputs; in - optionalString this.isHeadful '' - let - self = builtins.getFlake "nixfiles"; - configurations = self.nixosConfigurations; - local = configurations.${hostname}; - in rec { - inherit self; - inherit (self) inputs lib; - inherit (lib) my; - this = my.configurations.${hostname}; - inherit (local) config; - inherit (local.config.system.build) toplevel vm vmWithBootLoader manual; - pretty = expr: lib.trace (lib.generators.toPretty {} expr) {}; - } // configurations // local._module.args - ''; - - programs.bash.shellAliases.nix = "nix --verbose --print-build-logs"; - }; + { + daemonCPUSchedPolicy = "idle"; + daemonIOSchedClass = "idle"; + daemonIOSchedPriority = 7; - nix = - let - notSelfInputs = filterAttrs (n: _: n != "self") inputs; - in - { - daemonCPUSchedPolicy = "idle"; - daemonIOSchedClass = "idle"; - daemonIOSchedPriority = 7; - - settings = { - # https://nixos.org/manual/nix/unstable/contributing/experimental-features.html#currently-available-experimental-features - # https://github.com/NixOS/nix/blob/master/src/libutil/experimental-features.cc - experimental-features = concatStringsSep " " [ - "flakes" - "nix-command" - "recursive-nix" - "repl-flake" - ]; + settings = { + keep-derivations = if this.isHeadful then "true" else "false"; + keep-outputs = if this.isHeadful then "true" else "false"; - keep-derivations = if this.isHeadful then "true" else "false"; - keep-outputs = if this.isHeadful then "true" else "false"; + warn-dirty = false; - flake-registry = "${inputs.flake-registry}/flake-registry.json"; + keep-going = true; - warn-dirty = false; + substituters = [ + "https://azahi.cachix.org" + "https://nix-community.cachix.org" + ]; - keep-going = true; + trusted-substituters = [ "https://azahi.cachix.org" ]; + trusted-public-keys = [ "azahi.cachix.org-1:2bayb+iWYMAVw3ZdEpVg+NPOHCXncw7WMQ0ElX1GO3s=" ]; - substituters = [ - "https://azahi.cachix.org" - "https://nix-community.cachix.org" - ]; - trusted-public-keys = [ - "azahi.cachix.org-1:2bayb+iWYMAVw3ZdEpVg+NPOHCXncw7WMQ0ElX1GO3s=" - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - ]; + trusted-users = [ + "root" + my.username + ]; + }; - trusted-users = [ - "root" - my.username + nixPath = mapAttrsToList (n: v: "${n}=${v}") notSelfInputs ++ [ + "nixfiles=${config.my.home}/src/nixfiles" ]; + + registry = mapAttrs (_: flake: { inherit flake; }) notSelfInputs // { + nixfiles.flake = inputs.self; + }; }; - nixPath = mapAttrsToList (n: v: "${n}=${v}") notSelfInputs ++ [ - "nixfiles=${config.my.home}/src/nixfiles" + nixpkgs = { + config.allowUnfreePredicate = p: elem (getName p) cfg.allowedUnfreePackages; + + overlays = with inputs; [ + self.overlays.default + (_: _: { + # Global PR package overrides go here. Example: + # ``` + # inherit (pkgsPr 309018 "sha256-x3ATxjrTVdaX5eo9P6pz+8/W6D2TNYzvjZpOBa3ZRI8=") endlessh-go; + # ``` + }) ]; + }; - registry = mapAttrs (_: flake: { inherit flake; }) notSelfInputs // { - nixfiles.flake = inputs.self; + environment = { + localBinInPath = true; + defaultPackages = [ ]; + systemPackages = + with pkgs; + optionals this.isHeadful [ + nix-top + nix-tree + nixfiles + ]; + variables = { + NIXFILES = "${config.my.home}/src/nixfiles"; + NIX_SHELL_PRESERVE_PROMPT = "1"; }; }; - nixpkgs = { - config.allowUnfreePredicate = p: elem (getName p) cfg.allowedUnfreePackages; - - overlays = with inputs; [ - self.overlays.default - (_: _super: { - inherit (pkgsPr 309018 "sha256-x3ATxjrTVdaX5eo9P6pz+8/W6D2TNYzvjZpOBa3ZRI8=") endlessh-go; - }) - ]; - }; - - environment = { - localBinInPath = true; - defaultPackages = mkForce [ ]; - systemPackages = - with pkgs; - optionals this.isHeadful [ - nix-top - nix-tree - nixfiles - ]; - sessionVariables = { - NIXFILES = "${config.my.home}/src/nixfiles"; - NIX_SHELL_PRESERVE_PROMPT = "1"; + system = { + # HACK This lets `nix flake check` to pass. + stateVersion = if hasAttr "stateVersion" this then this.stateVersion else trivial.release; }; }; - - system.stateVersion = with builtins; head (split "\n" (readFile "${inputs.nixpkgs}/.version")); - }; } diff --git a/modules/common/security.nix b/modules/common/security.nix index c635cdc..acfc9cc 100644 --- a/modules/common/security.nix +++ b/modules/common/security.nix @@ -1,13 +1,6 @@ _: { security = { - sudo = { - enable = true; - execWheelOnly = true; - wheelNeedsPassword = false; - extraConfig = '' - Defaults lecture=never - ''; - }; + sudo.wheelNeedsPassword = false; polkit = { enable = true; @@ -24,8 +17,5 @@ _: { }); ''; }; - - # Pretty much used only for PipeWire. - rtkit.enable = true; }; } diff --git a/modules/common/stylix.nix b/modules/common/stylix.nix index 9a360ad..314aa4c 100644 --- a/modules/common/stylix.nix +++ b/modules/common/stylix.nix @@ -37,6 +37,8 @@ with lib; # [1]: https://github.com/tinted-theming/base24/blob/master/styling.md config = { stylix = { + autoEnable = this.isHeadful; + image = pkgs.fetchurl { url = "https://upload.wikimedia.org/wikipedia/commons/a/a5/Bonaparte_ante_la_Esfinge%2C_por_Jean-Léon_Gérôme.jpg"; sha256 = "sha256-qWv52oT8cF9K4ZoeawmR3jgoGB2ARfjbKKc12IljUcM="; diff --git a/modules/common/systemd.nix b/modules/common/systemd.nix index b393d9f..aac1647 100644 --- a/modules/common/systemd.nix +++ b/modules/common/systemd.nix @@ -13,7 +13,6 @@ enable = true; network = { inherit (config.systemd.network) enable; - wait-online.enable = false; }; }; @@ -35,7 +34,7 @@ }; }; - environment.sessionVariables = { + environment.variables = { SYSTEMD_PAGERSECURE = "1"; SYSTEMD_PAGER = "${pkgs.less}/bin/less"; SYSTEMD_LESS = "FRSXMK"; diff --git a/modules/common/xdg.nix b/modules/common/xdg.nix index c581369..0b807b7 100644 --- a/modules/common/xdg.nix +++ b/modules/common/xdg.nix @@ -84,7 +84,10 @@ in }; config = { - xdg.portal = mkIf this.isHeadful { enable = true; }; + xdg = { + portal.enable = this.isHeadful; + sounds.enable = this.isHeadful; + }; hm.xdg = mkMerge [ (with cfg; { diff --git a/modules/default.nix b/modules/default.nix index e41e09b..63b3aa7 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -1,9 +1 @@ -{ lib, ... }: -with lib; -{ - nixfiles = - { ... }: - { - imports = attrValues (modulesIn ./.); - }; -} +{ lib, ... }: with lib; { nixfiles = _: { imports = attrValues (modulesIn ./.); }; } diff --git a/modules/firefox/userContent.css b/modules/firefox/userContent.css index cf7b659..df0124a 100644 --- a/modules/firefox/userContent.css +++ b/modules/firefox/userContent.css @@ -397,3 +397,10 @@ display: none !important; } } + +@-moz-document regexp("https?://app\.slack\.com\.*") +{ + .p-client__banners.p-ia__workspace_banner { + display: none !important; + } +} diff --git a/modules/nginx.nix b/modules/nginx.nix index ed34237..b912e22 100644 --- a/modules/nginx.nix +++ b/modules/nginx.nix @@ -55,13 +55,16 @@ in serverTokens = false; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; + recommendedBrotliSettings = lib.mkDefault true; + recommendedGzipSettings = lib.mkDefault true; + recommendedOptimisation = lib.mkDefault true; + recommendedProxySettings = lib.mkDefault true; + recommendedTlsSettings = lib.mkDefault true; + recommendedZstdSettings = lib.mkDefault true; commonHttpConfig = concatStrings [ '' + access_log syslog:server=unix:/dev/log; add_header X-Robots-Tag "noindex, nofollow, noarchive, nosnippet"; '' (optionalString (hasAttr "wireguard" this) ( @@ -100,6 +103,8 @@ in ] ) cfg.virtualHosts )); + + sslDhparam = config.security.dhparams.params.nginx.path; }; fail2ban.jails = { @@ -114,6 +119,11 @@ in }; }; + security.dhparams = { + enable = true; + params.nginx = { }; + }; + networking.firewall.allowedTCPPorts = [ 80 443 diff --git a/modules/openssh.nix b/modules/openssh.nix index 5504521..470b6c9 100644 --- a/modules/openssh.nix +++ b/modules/openssh.nix @@ -99,7 +99,6 @@ in ClientAliveCountMax = 3; ClientAliveInterval = 60; KbdInteractiveAuthentication = false; - LogLevel = if config.nixfiles.modules.fail2ban.enable then "VERBOSE" else "ERROR"; MaxAuthTries = 3; PasswordAuthentication = false; PermitRootLogin = mkForce "no"; diff --git a/modules/postgresql.nix b/modules/postgresql.nix index f9ea64f..f88831b 100644 --- a/modules/postgresql.nix +++ b/modules/postgresql.nix @@ -79,7 +79,7 @@ in cfg.extraPostStart != [ ] ) concatLines cfg.extraPostStart; - environment.sessionVariables.PSQLRC = toString ( + environment.variables.PSQLRC = toString ( pkgs.writeText "psqlrc" '' \set QUIET 1 diff --git a/modules/profiles/default.nix b/modules/profiles/default.nix index 5edfd7a..6967cb7 100644 --- a/modules/profiles/default.nix +++ b/modules/profiles/default.nix @@ -36,12 +36,15 @@ in eza.enable = true; htop.enable = true; tmux.enable = true; - vim.enable = true; }; - programs.less = { - enable = true; - envVariables.LESSHISTFILE = "-"; + programs = { + less = { + enable = true; + envVariables.LESSHISTFILE = "-"; + }; + + nano.enable = false; }; time.timeZone = "Europe/Moscow"; diff --git a/modules/profiles/dev/default.nix b/modules/profiles/dev/default.nix index eab447c..3ee2ff5 100644 --- a/modules/profiles/dev/default.nix +++ b/modules/profiles/dev/default.nix @@ -58,6 +58,7 @@ in packages = with pkgs; [ age + google-cloud-sdk htmlq httpie hydra-check @@ -65,7 +66,9 @@ in logcli nix-update nixpkgs-review + scaleway-cli sops + vultr-cli yq ]; diff --git a/modules/profiles/headful.nix b/modules/profiles/headful.nix index 7060e49..83b3e4a 100644 --- a/modules/profiles/headful.nix +++ b/modules/profiles/headful.nix @@ -93,6 +93,8 @@ in configurationLimit = 10; }; }; + + consoleLogLevel = 3; }; hardware.opengl = { diff --git a/modules/profiles/headless.nix b/modules/profiles/headless.nix index 7733f3e..f739206 100644 --- a/modules/profiles/headless.nix +++ b/modules/profiles/headless.nix @@ -30,11 +30,13 @@ in ".bash_history".source = config.hm.lib.file.mkOutOfStoreSymlink "/dev/null"; }; - # Pin version to prevent any surprises. Try keeping this up-to-date[1] with - # the latest LTS release + hardened patches (just in case). - # - # [1]: https://kernel.org - boot.kernelPackages = pkgs.linuxPackages_6_6_hardened; + boot = { + # Pin version to prevent any surprises. Try keeping this up-to-date[1] + # with the latest LTS release + hardened patches (just in case). + # + # [1]: https://kernel.org + kernelPackages = pkgs.linuxPackages_6_6_hardened; # EOL Dec, 2026 + }; nix = { gc = { @@ -55,7 +57,5 @@ in ]; services.udisks2.enable = false; - - xdg.sounds.enable = false; }; } diff --git a/modules/qutebrowser.nix b/modules/qutebrowser.nix index 8fdcf48..36a71e7 100644 --- a/modules/qutebrowser.nix +++ b/modules/qutebrowser.nix @@ -12,10 +12,7 @@ in options.nixfiles.modules.qutebrowser.enable = mkEnableOption "Qutebrowser"; config = mkIf cfg.enable { - nixfiles.modules = { - mpv.enable = true; - vim.enable = true; - }; + nixfiles.modules.mpv.enable = true; hm = { programs.qutebrowser = with config.nixfiles.modules; { diff --git a/modules/shadowsocks.nix b/modules/shadowsocks.nix index 1d55cf5..a70e2d1 100644 --- a/modules/shadowsocks.nix +++ b/modules/shadowsocks.nix @@ -127,8 +127,7 @@ in "net.ipv4.tcp_mem" = mkOverride 100 (mkTcpMem 15 16 17); "net.ipv4.tcp_rmem" = mkOverride 100 (mkTcpMem 12 16 26); "net.ipv4.tcp_wmem" = mkOverride 100 (mkTcpMem 12 16 26); - "net.ipv4.tcp_mtu_probing" = 1; - "net.ipv4.tcp_congestion_control" = "hybla"; + "net.ipv4.tcp_mtu_probing" = mkOverride 100 1; }; topology = with cfg; { diff --git a/modules/soju.nix b/modules/soju.nix index f8212b5..c64b89e 100644 --- a/modules/soju.nix +++ b/modules/soju.nix @@ -89,14 +89,14 @@ in listen ircs://${cfg.address}:${toString cfg.port} tls ${with config.certs.${cfg.domain}; "${directory}/fullchain.pem ${directory}/key.pem"} ${with cfg.prometheus; optionalString enable "listen http+prometheus://localhost:${toString port}"} - db postgres ${ + db postgres "${ concatStringsSep " " [ "host=/run/postgresql" "user=${db}" "dbname=${db}" "sslmode=disable" ] - } + }" hostname ${cfg.domain} title ${cfg.domain} ''; diff --git a/modules/sound.nix b/modules/sound.nix index ff90dfc..49ca5bc 100644 --- a/modules/sound.nix +++ b/modules/sound.nix @@ -1,4 +1,9 @@ -{ config, lib, ... }: +{ + config, + lib, + this, + ... +}: with lib; let cfg = config.nixfiles.modules.sound; @@ -6,13 +11,19 @@ in { options.nixfiles.modules.sound.enable = mkEnableOption "sound support"; - config = mkIf cfg.enable { - services.pipewire = { - enable = true; + config = + mkIf cfg.enable { + services.pipewire = { + enable = true; + + alsa.enable = true; + jack.enable = true; + pulse.enable = true; + }; - alsa.enable = true; - jack.enable = true; - pulse.enable = true; + security.rtkit.enable = true; + } + // { + sound.enable = this.isHeadful; }; - }; } -- cgit 1.4.1