From 9a20404924fda2587ce4f9769f75369799f34643 Mon Sep 17 00:00:00 2001 From: Azat Bahawi Date: Wed, 1 May 2024 03:36:55 +0300 Subject: 2024-05-01 --- checks.nix | 8 +- configurations/default.nix | 96 +++++ configurations/eonwe/default.nix | 312 +++++++++++++++ configurations/iso/default.nix | 26 ++ configurations/manwe/default.nix | 76 ++++ configurations/manwe/mailserver/default.nix | 113 ++++++ configurations/manwe/webserver.nix | 109 ++++++ configurations/melian/default.nix | 106 +++++ configurations/test-headful/default.nix | 20 + configurations/test-headless/default.nix | 14 + configurations/varda/default.nix | 62 +++ configurations/yavanna/default.nix | 32 ++ flake.lock | 473 ++++++++++++++++++----- flake.nix | 92 ++--- modules/default.nix | 8 +- modules/profiles/headful.nix | 3 +- modules/x11.nix | 2 - nixosConfigurations/default.nix | 92 ----- nixosConfigurations/eonwe/default.nix | 312 --------------- nixosConfigurations/iso/default.nix | 26 -- nixosConfigurations/manwe/default.nix | 76 ---- nixosConfigurations/manwe/mailserver/default.nix | 113 ------ nixosConfigurations/manwe/webserver.nix | 109 ------ nixosConfigurations/melian/default.nix | 106 ----- nixosConfigurations/test-headful/default.nix | 20 - nixosConfigurations/test-headless/default.nix | 14 - nixosConfigurations/varda/default.nix | 62 --- nixosConfigurations/yavanna/default.nix | 32 -- overlay.nix | 102 ----- overlays.nix | 104 +++++ topology.nix | 8 + 31 files changed, 1521 insertions(+), 1207 deletions(-) create mode 100644 configurations/default.nix create mode 100644 configurations/eonwe/default.nix create mode 100644 configurations/iso/default.nix create mode 100644 configurations/manwe/default.nix create mode 100644 configurations/manwe/mailserver/default.nix create mode 100644 configurations/manwe/webserver.nix create mode 100644 configurations/melian/default.nix create mode 100644 configurations/test-headful/default.nix create mode 100644 configurations/test-headless/default.nix create mode 100644 configurations/varda/default.nix create mode 100644 configurations/yavanna/default.nix delete mode 100644 nixosConfigurations/default.nix delete mode 100644 nixosConfigurations/eonwe/default.nix delete mode 100644 nixosConfigurations/iso/default.nix delete mode 100644 nixosConfigurations/manwe/default.nix delete mode 100644 nixosConfigurations/manwe/mailserver/default.nix delete mode 100644 nixosConfigurations/manwe/webserver.nix delete mode 100644 nixosConfigurations/melian/default.nix delete mode 100644 nixosConfigurations/test-headful/default.nix delete mode 100644 nixosConfigurations/test-headless/default.nix delete mode 100644 nixosConfigurations/varda/default.nix delete mode 100644 nixosConfigurations/yavanna/default.nix delete mode 100644 overlay.nix create mode 100644 overlays.nix create mode 100644 topology.nix diff --git a/checks.nix b/checks.nix index a1915fa..86cb452 100644 --- a/checks.nix +++ b/checks.nix @@ -1,9 +1,5 @@ -{ inputs, system }: -let - pkgs = inputs.self.legacyPackages.${system}; -in -{ - preCommit = inputs.pre-commit.lib.${system}.run { +inputs: system: pkgs: { + preCommit = inputs.git-hooks.lib.${system}.run { src = builtins.path { name = "nixfiles"; path = ./.; diff --git a/configurations/default.nix b/configurations/default.nix new file mode 100644 index 0000000..1c1bda0 --- /dev/null +++ b/configurations/default.nix @@ -0,0 +1,96 @@ +inputs: +with inputs.self.lib; +let + mkConfiguration = + name: + { + modules ? [ ], + configuration ? ./${name}, + this ? my.configurations.${name}, + }: + nameValuePair name (nixosSystem { + inherit (this) system; + modules = + modules + ++ attrValues inputs.self.nixosModules + ++ attrValues inputs.nix-topology.nixosModules + ++ optional (configuration != null) (import configuration); + specialArgs = { + inherit inputs this; + inherit (inputs.self) lib; + }; + }); +in +mapAttrs' mkConfiguration ( + let + mkTest = this: { + modules = with inputs; [ + "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix" + nixpkgs.nixosModules.notDetected + ]; + inherit this; + }; + in + { + test-headless = mkTest { + hostname = "test-headless"; + system = "x86_64-linux"; + isHeadless = true; + isHeadful = false; + }; + + test-headful = mkTest { + hostname = "test-headful"; + system = "x86_64-linux"; + isHeadless = false; + isHeadful = true; + }; + + iso = { + this = { + hostname = "iso"; + system = "x86_64-linux"; + isHeadless = false; + isHeadful = false; + }; + modules = [ + "${inputs.nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal-new-kernel.nix" + ]; + }; + + eonwe.modules = with inputs; [ + nixos-hardware.nixosModules.common-cpu-amd + nixos-hardware.nixosModules.common-cpu-amd-pstate + nixos-hardware.nixosModules.common-gpu-amd + nixos-hardware.nixosModules.common-pc-ssd + nixpkgs.nixosModules.notDetected + ]; + + melian.modules = with inputs; [ + nixos-hardware.nixosModules.common-pc-laptop-ssd + nixos-hardware.nixosModules.lenovo-thinkpad-t480 + nixpkgs.nixosModules.notDetected + ]; + + manwe.modules = with inputs; [ + "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix" + nixos-hardware.nixosModules.common-cpu-amd + nixos-hardware.nixosModules.common-pc-ssd + nixpkgs.nixosModules.notDetected + ]; + + varda.modules = with inputs; [ + "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix" + nixos-hardware.nixosModules.common-cpu-amd + nixos-hardware.nixosModules.common-pc-ssd + nixpkgs.nixosModules.notDetected + ]; + + yavanna.modules = with inputs; [ + "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix" + nixos-hardware.nixosModules.common-cpu-intel + nixos-hardware.nixosModules.common-pc-hdd + nixpkgs.nixosModules.notDetected + ]; + } +) diff --git a/configurations/eonwe/default.nix b/configurations/eonwe/default.nix new file mode 100644 index 0000000..1904cdb --- /dev/null +++ b/configurations/eonwe/default.nix @@ -0,0 +1,312 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; +{ + imports = attrValues (modulesIn ./.); + + nixfiles.modules = { + ark.enable = true; + + wireguard.client.enable = true; + + syncthing.enable = true; + + openssh.server.enable = true; + + android.enable = true; + beets.enable = true; + bluetooth.enable = true; + games = { + lutris.enable = true; + minecraft.client.enable = true; + steam.enable = true; + steam-run.quirks.blackIsleStudios = true; + }; + libvirtd.enable = true; + incus.enable = true; + mpd.enable = true; + qutebrowser.enable = true; + }; + + hm = { + home.packages = with pkgs; [ + anki + gzdoom + iaito + kdenlive + krita + obs-studio + openmw + openttd + qbittorrent + qolibri + qzdl + radeontop + vcmi + vesktop + vial + wacomtablet + xonotic + ]; + + programs = { + beets.settings.directory = mkForce "/mnt/udata/music"; + + mpv = { + profiles = + let + mapShaders = shaders: map (args: toString (pkgs.fetchurl args)) shaders; + cfl-prediction = mapShaders [ + { + url = "https://raw.githubusercontent.com/Artoriuz/glsl-chroma-from-luma-prediction/471c65dd3915d39e7ef69957ab63e006125fbb88/CfL_Prediction.glsl"; + sha256 = "sha256-Mgb1KqF1EPPzR3SCVr9S4XzVmZkYEEFIHSp59RZ9wq8="; + } + ]; + ravu-lite-ar-r4 = mapShaders [ + { + url = "https://raw.githubusercontent.com/bjin/mpv-prescalers/b3f0a59d68f33b7162051ea5970a5169558f0ea2/compute/ravu-lite-ar-r4.hook"; + sha256 = "sha256-gyBAv/Sf75CobVUugeTOhy54B9z8iIoJSJgnLopfMsY="; + } + ]; + ssimdownscaler = mapShaders [ + { + url = "https://gist.githubusercontent.com/igv/36508af3ffc84410fe39761d6969be10/raw/575d13567bbe3caa778310bd3b2a4c516c445039/SSimDownscaler.glsl"; + sha256 = "sha256-AEq2wv/Nxo9g6Y5e4I9aIin0plTcMqBG43FuOxbnR1w="; + } + ]; + in + { + # TODO Profile conditionals on width are not working. + "qhd-downscale" = { + dscale = "lanczos"; + linear-downscaling = false; + glsl-shaders-append = ssimdownscaler; + }; + + "qhd-upscale" = { + glsl-shaders-append = cfl-prediction ++ ravu-lite-ar-r4; + }; + }; + + config = { + profile = "gpu-hq"; + vo = "gpu-next"; + gpu-api = "vulkan"; + hwdec = "auto"; + + deband = true; + deband-iterations = 4; + deband-threshold = 35; + deband-range = 16; + deband-grain = 5; + + temporal-dither = true; + dither-depth = "auto"; + dither = "fruit"; + + interpolation = true; + video-sync = "display-resample"; + tscale = "oversample"; + + target-prim = "auto"; + target-trc = "auto"; + vf = "format=colorlevels=full:colormatrix=auto"; + video-output-levels = "full"; + + glsl-shaders-append = map (text: toString (pkgs.writeText "shader.hook" text)) [ + '' + //!HOOK LUMA + //!BIND HOOKED + #define STRENGTH 48.0 + float mod289(float x) { return x - floor(x / 289.0) * 289.0; } + float permute(float x) { return mod289((34.0*x + 1.0) * x); } + float rand(float x) { return fract(x / 41.0); } + vec4 hook() { + vec3 _m = vec3(HOOKED_pos, 1.0) + vec3(1.0); + float h = permute(permute(permute(_m.x)+_m.y)+_m.z); + vec4 noise; + noise.x = rand(h); + return HOOKED_tex(HOOKED_pos) + vec4(STRENGTH/8192.0) * (noise - 0.5); + } + '' + '' + //!HOOK CHROMA + //!BIND HOOKED + #define STRENGTH 48.0 + float mod289(float x) { return x - floor(x / 289.0) * 289.0; } + float permute(float x) { return mod289((34.0*x + 1.0) * x); } + float rand(float x) { return fract(x / 41.0); } + vec4 hook() { + vec3 _m = vec3(HOOKED_pos, 0.5) + vec3(1.0); + float h = permute(permute(permute(_m.x)+_m.y)+_m.z); + vec4 noise; + noise.x = rand(h); h = permute(h); + noise.y = rand(h); + return HOOKED_tex(HOOKED_pos) + vec4(STRENGTH/8192.0) * (noise - 0.5); + } + '' + ]; + }; + }; + }; + + services = { + mpd.musicDirectory = mkForce "/mnt/udata/music"; + + xsettingsd.settings."Xft/DPI" = "93"; + }; + }; + + services = { + smartd = { + enable = true; + notifications.mail = { + enable = true; + sender = "admin+smartd@${my.domain.shire}"; + recipient = "admin+smartd@${my.domain.shire}"; + }; + }; + + openssh.settings = { + KbdInteractiveAuthentication = mkForce true; + PasswordAuthentication = mkForce true; + }; + + udev.packages = with pkgs; [ vial ]; + + xserver.wacom.enable = true; + }; + + # Usually stuff that is going to be compiled on this machine is going to have + # parallelisation support enabled, so we will make sure that all cores are + # utilised and limit the job queue to one. + nix.settings = { + max-jobs = 1; + cores = 32; + }; + + # Required[1] for using ZFS kernel modules with "unsupported" kernels. + # + # [1]: https://github.com/NixOS/nixpkgs/pull/121113#issuecomment-830003344 + # [1]: https://github.com/NixOS/nixpkgs/pull/230498#issuecomment-1551328615 + nixpkgs.config.allowBroken = true; + + boot = { + kernelPackages = pkgs.linuxPackages_xanmod_latest; + + kernelParams = [ + # Silence benign MCE errors: + # ``` + # mce: [Hardware Error]: CPU 1: Machine Check: 0 Bank 29: ffffffffffffffff + # mce: [Hardware Error]: TSC 0 MISC ff1fffffffffffff SYND ffffffffffffffff IPID ffffffffffffffff + # mce: [Hardware Error]: PROCESSOR 2:a60f12 TIME 1669988017 SOCKET 0 APIC 2 microcode a601201 + # ``` + "mce=nobootlog" + # This disables[1] User Mode Instruction Protection (UMIP)[2]. This is + # required for some games to run via Wine. + # + # [1]: https://docs.kernel.org/x86/cpuinfo.html + # [2]: https://en.wikichip.org/wiki/x86/umip + "clearcpuid=514" + ]; + + # https://wiki.archlinux.org/title/improving_performance#Watchdogs + blacklistedKernelModules = [ "sp5100_tco" ]; + + # The boot drive is Samsung SSD 980 PRO 2TB. + initrd.kernelModules = [ "nvme" ]; + + # These pools were configured manually with a specific mountpoint. + zfs.extraPools = [ + "udata" + "vdata" + ]; + }; + + # Filesystem creation: + # ``` + # mkfs.vfat -F 32 -l nixos-boot /dev/nvmeXnYpZ + # + # zpool create + # -o ashift=12 + # -o autotrim=on + # -O acltype=posixacl + # -O xattr=sa + # -O compression=zstd + # -O mountpoint=none + # nixos + # /dev/nvmeXnYpZ + # + # zfs create + # nixos/root + # + # zfs create + # -o encryption=aes-256-gcm + # -o keyformat=passphrase + # -o mountpoint=legacy + # nixos/root/ark + # + # zfs create + # -o mountpoint=legacy + # nixos/root/nix + # ``` + # + # physical structure (backside): + # [ 1 ] [ 2 ] [ 3 ] + # 1: disk/by-id/ata-WDC_WD20SPZX-22UA7T0_WD-WXP2E3163YW6 + # 2: disk/by-id/ata-WDC_WD20SPZX-22UA7T0_WD-WXN2E312R5HP + # 3: disk/by-id/ata-WDC_WD20SPZX-22UA7T0_WD-WXP2E311E6P2 + # + # physical structure (mobo M.2): + # [ 1 ] + # [ 2 ] + # 1: disk/by-id/nvme-Samsung_SSD_980_PRO_2TB_S69ENF0R872526A + # 2: disk/by-id/nvme-Samsung_SSD_980_PRO_2TB_S69ENX0T807723X + fileSystems = { + "/" = { + device = "none"; + fsType = "tmpfs"; + options = [ + "size=8G" + "mode=755" + ]; + }; + + "/boot" = { + device = "/dev/disk/by-uuid/1363-02E6"; + fsType = "vfat"; + }; + + "/nix" = { + device = "nixos/root/nix"; + fsType = "zfs"; + options = [ "noatime" ]; + }; + + ${config.ark.path} = { + device = "nixos/root/ark"; + fsType = "zfs"; + neededForBoot = true; # Required by impermanence. + }; + + # Required[1] when using impermanence with agenix. Filesystem itself is + # defined as an `ark.directory` in `nixos/common/users.nix`. + # + # [1]: https://github.com/ryantm/agenix/issues/45#issuecomment-847852593 + # [1]: https://github.com/nix-community/impermanence/issues/22 + # [1]: https://github.com/NixOS/nixpkgs/pull/86967#pullrequestreview-667929259 + "/home/${my.username}" = { + depends = [ config.ark.path ]; + neededForBoot = true; + }; + }; + + # No swap space is declared here because the system already has 128Gb of RAM. + # I've only manage to hit around 100Gb mark when running large + # computations/compiling something big. Pretty sure that a hefty chunk of it + # was just cache and it wouldn't make me get to OOM situations. +} diff --git a/configurations/iso/default.nix b/configurations/iso/default.nix new file mode 100644 index 0000000..7277e88 --- /dev/null +++ b/configurations/iso/default.nix @@ -0,0 +1,26 @@ +{ lib, ... }: +with lib; +{ + secrets = mkForce { }; + + nixfiles.modules = { + common.networking.onlyDefault = true; + git.client.enable = true; + gnupg.enable = true; + openssh = { + client.enable = true; + server = { + enable = true; + port = 22; + }; + }; + }; + + hm.programs.git.signing.signByDefault = mkForce false; + + programs.mtr.enable = true; + + services.getty.autologinUser = mkForce my.username; + + nixpkgs.config.allowBroken = true; +} diff --git a/configurations/manwe/default.nix b/configurations/manwe/default.nix new file mode 100644 index 0000000..3707440 --- /dev/null +++ b/configurations/manwe/default.nix @@ -0,0 +1,76 @@ +{ config, lib, ... }: +with lib; +{ + imports = attrValues (modulesIn ./.); + + nixfiles.modules = { + nsd = { + enable = true; + fqdn = "ns1.${config.networking.domain}"; + }; + unbound.enable = true; + + wireguard.server.enable = true; + + acme.enable = true; + + monitoring.enable = true; + + postgresql.enable = true; + clickhouse.enable = true; + + git.server = { + enable = true; + domain = "git.${my.domain.azahi}"; + }; + + matrix.dendrite = { + enable = true; + domain = my.domain.azahi; + }; + murmur.enable = true; + radicale.enable = true; + rss-bridge.enable = true; + shadowsocks.enable = true; + soju = { + enable = true; + domain = my.domain.azahi; + }; + vaultwarden.enable = true; + ntfy.enable = true; + plausible.enable = true; + }; + + boot = { + loader.grub = { + enable = true; + device = "/dev/sda"; + }; + + initrd.availableKernelModules = [ + "virtio_pci" + "virtio_scsi" + ]; + }; + + fileSystems = { + "/" = { + device = "/dev/sda2"; + fsType = "xfs"; + options = [ "noatime" ]; + }; + + "/boot" = { + device = "/dev/sda1"; + fsType = "xfs"; + options = [ "noatime" ]; + }; + }; + + swapDevices = [ { device = "/dev/sda3"; } ]; + + zramSwap = { + enable = true; + memoryPercent = 25; + }; +} diff --git a/configurations/manwe/mailserver/default.nix b/configurations/manwe/mailserver/default.nix new file mode 100644 index 0000000..cc8b41d --- /dev/null +++ b/configurations/manwe/mailserver/default.nix @@ -0,0 +1,113 @@ +{ + config, + inputs, + lib, + ... +}: +with lib; +{ + imports = [ inputs.mailserver.nixosModule ] ++ attrValues (modulesIn ./.); + + ark.directories = with config.mailserver; [ + "/var/lib/dovecot" + "/var/lib/postfix" + config.security.dhparams.params.dovecot2.path + dkimKeyDirectory + mailDirectory + sieveDirectory + ]; + + secrets = with config.mailserver; { + dkim-key-azahi-cc = { + file = "${inputs.self}/secrets/dkim-key-azahi-cc"; + path = "${dkimKeyDirectory}/${my.domain.azahi}.${dkimSelector}.key"; + owner = config.services.opendkim.user; + inherit (config.services.opendkim) group; + }; + dkim-key-rohan-net = { + file = "${inputs.self}/secrets/dkim-key-rohan-net"; + path = "${dkimKeyDirectory}/${my.domain.rohan}.${dkimSelector}.key"; + owner = config.services.opendkim.user; + inherit (config.services.opendkim) group; + }; + dkim-key-gondor-net = { + file = "${inputs.self}/secrets/dkim-key-gondor-net"; + path = "${dkimKeyDirectory}/${my.domain.gondor}.${dkimSelector}.key"; + owner = config.services.opendkim.user; + inherit (config.services.opendkim) group; + }; + dkim-key-shire-net = { + file = "${inputs.self}/secrets/dkim-key-shire-net"; + path = "${dkimKeyDirectory}/${my.domain.shire}.${dkimSelector}.key"; + owner = config.services.opendkim.user; + inherit (config.services.opendkim) group; + }; + }; + + nixfiles.modules = { + acme.enable = true; + redis.enable = true; + }; + + mailserver = + let + cert = config.certs.${my.domain.shire}; + in + { + enable = true; + + # Disable potentially insecure[1] STARTTLS connections. SSL-only connections + # are still enabled by default. + # + # [1]: https://www.rfc-editor.org/rfc/rfc3207#section-6 + enableImap = false; + enablePop3 = false; + enableSubmission = false; + + fqdn = config.networking.domain; + domains = with my.domain; [ + azahi + gondor + rohan + shire + ]; + + localDnsResolver = false; + + certificateScheme = "manual"; + certificateFile = "${cert.directory}/fullchain.pem"; + keyFile = "${cert.directory}/key.pem"; + + lmtpSaveToDetailMailbox = "no"; + + redis = with config.services.redis.servers.default; { + address = bind; + inherit port; + password = requirePass; + }; + }; + + services = { + fail2ban.jails = { + dovecot = { + enabled = true; + settings.mode = "aggressive"; + }; + postfix = { + enabled = true; + settings.mode = "aggressive"; + }; + }; + + # https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/issues/275#note_1746383655 + dovecot2.sieve.extensions = [ "fileinto" ]; + + # https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/issues/241 + redis.servers.rspamd.enable = mkForce false; + }; + + systemd.services.rspamd = { + requires = mkForce [ "redis-default.service" ]; + after = mkForce [ "redis-default.service" ]; + }; +} diff --git a/configurations/manwe/webserver.nix b/configurations/manwe/webserver.nix new file mode 100644 index 0000000..95a0b0b --- /dev/null +++ b/configurations/manwe/webserver.nix @@ -0,0 +1,109 @@ +{ + inputs, + lib, + libNginx, + libPlausible, + ... +}: +with lib; +{ + nixfiles.modules.nginx = { + enable = true; + virtualHosts = + with my.domain; + { + # TODO Start using this. + # "start.local" = { + # root = pkgs.hiccup; + # locations = { + # "/".tryFiles = "$uri $uri/ /index.html"; + # "~* ^.+config.json$".extraConfig = let + # config = pkgs.writeText "config.json" (generators.toJSON {} { + # version = "2.0"; + # id = "default"; + # title = "Demo Config"; + # url = "./configs/config.json"; + # featured = [ + # { + # name = "GitHub"; + # background = "/assets/card.png"; + # link = "https://github.com/ashwin-pc/hiccup"; + # } + # ]; + # categories = [ + # { + # title = "Category 1"; + # links = [ + # { + # name = "Link 1"; + # link = "https://example.com"; + # } + # ]; + # } + # { + # title = "Category 2"; + # links = [ + # { + # name = "Link 1"; + # link = "https://example.com"; + # } + # ]; + # } + # { + # title = "Category 3"; + # links = [ + # { + # name = "Link 1"; + # link = "https://example.com"; + # } + # ]; + # } + # { + # title = "Category 4"; + # links = [ + # { + # name = "Link 1"; + # link = "https://example.com"; + # } + # ]; + # } + # ]; + # }); + # in '' + # alias ${config}; + # ''; + # }; + # enableACME = false; + # forceSSL = false; + # }; + ${shire}.locations."/".return = "301 https://www.youtube.com/watch?v=dQw4w9WgXcQ"; + "git.${shire}".locations."/".return = "301 https://git.${azahi}"; + "bitwarden.${shire}".locations."/".return = "301 https://vaultwarden.${shire}"; + ${azahi} = { + serverAliases = [ + "frodo.${gondor}" + "frodo.${rohan}" + ]; + locations."/" = { + root = inputs.azahi-cc; + extraConfig = libNginx.config.appendHead [ (libPlausible.htmlPlausibleScript { domain = azahi; }) ]; + }; + }; + } + // ( + let + frodo = "301 https://frodo."; + in + { + ${gondor}.locations."/".return = concatStrings [ + frodo + gondor + ]; + ${rohan}.locations."/".return = concatStrings [ + frodo + rohan + ]; + } + ); + }; +} diff --git a/configurations/melian/default.nix b/configurations/melian/default.nix new file mode 100644 index 0000000..0805b4a --- /dev/null +++ b/configurations/melian/default.nix @@ -0,0 +1,106 @@ +{ lib, pkgs, ... }: +with lib; +{ + nixfiles.modules = { + wireguard.client.enable = true; + + syncthing.enable = true; + + bluetooth.enable = true; + + throttled.enable = true; + + android.enable = true; + }; + + hardware.trackpoint = { + enable = true; + speed = 500; + sensitivity = 250; + }; + + powerManagement = + let + modprobe = getExe' pkgs.kmod "modprobe"; + in + { + enable = true; + + # This fixes an issue with not being able to suspend or wake up from + # suspend due to a kernel bug[1] which is still not fixed. + # + # I guess this can also be fixed differently[2], which does look a lot nicer + # but I'm just too lazy. + # + # [1]: https://bbs.archlinux.org/viewtopic.php?id=270964 + # [1]: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/522998 + # [1]: https://bugs.launchpad.net/ubuntu/+source/pm-utils/+bug/562484/comments/3 + # [1]: https://gist.github.com/ioggstream/8f380d398aef989ac455b93b92d42048 + # [2]: https://linrunner.de/tlp/settings/runtimepm.html + powerDownCommands = "${modprobe} -r xhci_pci"; + powerUpCommands = "${modprobe} xhci_pci"; + }; + + services = { + thinkfan = { + enable = true; + settings = { + sensors = [ + { + hwmon = "/sys/class/hwmon"; + name = "coretemp"; + indices = [ 1 ]; + } + ]; + fans = [ { tpacpi = "/proc/acpi/ibm/fan"; } ]; + levels = [ + [ + "level auto" + 0 + 50 + ] + [ + "level disengaged" + 50 + 32767 + ] # This could annoy some people but IDGAF. + ]; + }; + }; + + fwupd.enable = true; + }; + + boot.initrd.luks.devices."root" = { + device = "/dev/disk/by-uuid/c1b46f24-eec0-47d2-a142-75ddfd7bb218"; + allowDiscards = true; + bypassWorkqueues = true; + }; + + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/bb8b09dc-cc67-47e5-8280-532b17a9e62a"; + fsType = "xfs"; + options = [ "noatime" ]; + }; + + "/boot" = { + device = "/dev/disk/by-uuid/1083-C8A0"; + fsType = "vfat"; + }; + }; + + # NOTE This makes hibernation pretty much impossible because the partition is + # encrypted. + swapDevices = [ + { + device = "/swapfile"; + size = 8 * 1024; + } + ]; + + zramSwap = { + enable = true; + memoryPercent = 25; + }; +} diff --git a/configurations/test-headful/default.nix b/configurations/test-headful/default.nix new file mode 100644 index 0000000..f1da389 --- /dev/null +++ b/configurations/test-headful/default.nix @@ -0,0 +1,20 @@ +{ lib, ... }: +with lib; +{ + nixfiles.modules = { + dwm.enable = false; + kde.enable = true; + xmonad.enable = false; + }; + + boot.loader.systemd-boot.enable = true; + fileSystems."/".device = "/dev/null"; + + documentation = { + enable = mkForce false; + man = { + enable = mkForce false; + man-db.enable = mkForce false; + }; + }; +} diff --git a/configurations/test-headless/default.nix b/configurations/test-headless/default.nix new file mode 100644 index 0000000..ef3d223 --- /dev/null +++ b/configurations/test-headless/default.nix @@ -0,0 +1,14 @@ +{ lib, ... }: +with lib; +{ + nixfiles.modules = { + endlessh-go.enable = mkForce false; + node-exporter.enable = mkForce false; + promtail.enable = mkForce false; + }; + + boot.loader.systemd-boot.enable = true; + fileSystems."/".device = "/dev/null"; + + documentation.enable = mkForce false; +} diff --git a/configurations/varda/default.nix b/configurations/varda/default.nix new file mode 100644 index 0000000..c8ecef2 --- /dev/null +++ b/configurations/varda/default.nix @@ -0,0 +1,62 @@ +{ lib, ... }: +with lib; +{ + imports = attrValues (modulesIn ./.); + + nixfiles.modules = { + wireguard.client.enable = true; + + acme.enable = true; + + k3s.enable = true; + }; + + boot = { + loader = { + efi.canTouchEfiVariables = true; + + systemd-boot = { + enable = true; + configurationLimit = 10; + }; + }; + + initrd.availableKernelModules = [ + "virtio_pci" + "virtio_scsi" + ]; + + # https://github.com/NixOS/nixpkgs/issues/89025 + # https://forum.netcup.de/administration-of-a-server-vserver/vserver-server-kvm-server/p67571-icmpv6-ra-ndisc-router-discovery-failed-to-add-default-route/#post67571 + # https://superuser.com/questions/33196/how-to-disable-autoconfiguration-on-ipv6-in-linux + kernel.sysctl = { + "net.ipv6.conf.all.autoconf" = 0; + "net.ipv6.conf.all.accept_ra" = 0; + }; + }; + + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/b07e8273-915a-424c-8c55-cdc2bd482f49"; + fsType = "xfs"; + options = [ "noatime" ]; + }; + + "/boot" = { + device = "/dev/disk/by-uuid/03FD-B6C0"; + fsType = "vfat"; + }; + }; + + swapDevices = [ + { + device = "/swapfile"; + size = 4 * 1024; + } + ]; + + zramSwap = { + enable = true; + memoryPercent = 25; + }; +} diff --git a/configurations/yavanna/default.nix b/configurations/yavanna/default.nix new file mode 100644 index 0000000..2d52f53 --- /dev/null +++ b/configurations/yavanna/default.nix @@ -0,0 +1,32 @@ +_: { + nixfiles.modules = { + wireguard.client.enable = true; + + syncthing.enable = true; + + acme.enable = true; + + rtorrent.enable = true; + lidarr.enable = true; + jackett.enable = true; + }; + + boot.loader.grub = { + enable = true; + device = "/dev/sda"; + configurationLimit = 5; + }; + + fileSystems."/" = { + device = "/dev/sda2"; + fsType = "ext4"; + options = [ "noatime" ]; + }; + + swapDevices = [ { device = "/dev/sda3"; } ]; + + zramSwap = { + enable = true; + memoryPercent = 25; + }; +} diff --git a/flake.lock b/flake.lock index 75e6c07..6b31e0f 100644 --- a/flake.lock +++ b/flake.lock @@ -9,9 +9,7 @@ "nixpkgs": [ "nixpkgs" ], - "systems": [ - "systems" - ] + "systems": "systems" }, "locked": { "lastModified": 1714136352, @@ -32,9 +30,7 @@ "flake-compat": [ "flake-compat" ], - "flake-utils": [ - "flake-utils" - ], + "flake-utils": "flake-utils", "nixpkgs": [ "nixpkgs" ] @@ -58,14 +54,12 @@ "flake-compat": [ "flake-compat" ], - "flake-utils": [ - "flake-utils" - ], + "flake-utils": "flake-utils_2", "nixpkgs": [ "nixpkgs" ], "pre-commit": [ - "pre-commit" + "git-hooks" ] }, "locked": { @@ -251,11 +245,31 @@ "type": "github" } }, + "devshell": { + "inputs": { + "flake-utils": "flake-utils_6", + "nixpkgs": [ + "nix-topology", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1711099426, + "narHash": "sha256-HzpgM/wc3aqpnHJJ2oDqPBkNsqWbW0WfWUO8lKu8nGk=", + "owner": "numtide", + "repo": "devshell", + "rev": "2d45b54ca4a183f2fdcf4b19c895b64fbf620ee8", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, "dns": { "inputs": { - "flake-utils": [ - "flake-utils" - ], + "flake-utils": "flake-utils_3", "nixpkgs": [ "nixpkgs" ] @@ -285,7 +299,6 @@ }, "original": { "owner": "edolstra", - "ref": "master", "repo": "flake-compat", "type": "github" } @@ -308,9 +321,58 @@ }, "flake-utils": { "inputs": { - "systems": [ - "systems" - ] + "systems": "systems_2" + }, + "locked": { + "lastModified": 1705309234, + "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { + "inputs": { + "systems": "systems_3" + }, + "locked": { + "lastModified": 1705309234, + "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_3": { + "locked": { + "lastModified": 1614513358, + "narHash": "sha256-LakhOx3S1dRjnh0b5Dg3mbZyH0ToC9I8Y2wKSkBaTzU=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5466c5bbece17adaab2d82fae80b46e807611bf3", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_4": { + "inputs": { + "systems": "systems_4" }, "locked": { "lastModified": 1710146030, @@ -326,6 +388,94 @@ "type": "github" } }, + "flake-utils_5": { + "inputs": { + "systems": "systems_6" + }, + "locked": { + "lastModified": 1681202837, + "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "cfacdce06f30d2b68473a46042957675eebb3401", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_6": { + "inputs": { + "systems": "systems_7" + }, + "locked": { + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_7": { + "inputs": { + "systems": "systems_8" + }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_8": { + "inputs": { + "systems": "systems_9" + }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_9": { + "locked": { + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", + "type": "github" + }, + "original": { + "owner": "numtide", + "ref": "master", + "repo": "flake-utils", + "type": "github" + } + }, "fromYaml": { "flake": false, "locked": { @@ -342,10 +492,38 @@ "type": "github" } }, + "git-hooks": { + "inputs": { + "flake-compat": [ + "flake-compat" + ], + "flake-utils": "flake-utils_4", + "gitignore": "gitignore", + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-stable": [ + "nixpkgs-stable" + ] + }, + "locked": { + "lastModified": 1714478972, + "narHash": "sha256-q//cgb52vv81uOuwz1LaXElp3XAe1TqrABXODAEF6Sk=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "2849da033884f54822af194400f8dff435ada242", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, "gitignore": { "inputs": { "nixpkgs": [ - "pre-commit", + "git-hooks", "nixpkgs" ] }, @@ -387,11 +565,11 @@ ] }, "locked": { - "lastModified": 1714203603, - "narHash": "sha256-eT7DENhYy7EPLOqHI9zkIMD9RvMCXcqh6gGqOK5BWYQ=", + "lastModified": 1714515075, + "narHash": "sha256-azMK7aWH0eUc3IqU4Fg5rwZdB9WZBvimOGG3piqvtsY=", "owner": "nix-community", "repo": "home-manager", - "rev": "c1609d584a6b5e9e6a02010f51bd368cb4782f8e", + "rev": "6d3b6dc9222c12b951169becdf4b0592ee9576ef", "type": "github" }, "original": { @@ -424,9 +602,7 @@ "nixpkgs": [ "nixpkgs" ], - "utils": [ - "flake-utils" - ] + "utils": "utils" }, "locked": { "lastModified": 1714298568, @@ -447,19 +623,17 @@ "flake-compat": [ "flake-compat" ], - "flake-utils": [ - "flake-utils" - ], + "flake-utils": "flake-utils_5", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1714180709, - "narHash": "sha256-UgvCa4nhcgcbMfqJhziwOjMlHPzxzbNzr9AkQb2nc/U=", + "lastModified": 1714439927, + "narHash": "sha256-XH0jGADqW5Xxd4mJIOafwfAKstn2i+UBuc8ODt3g50k=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "94da995402d449a9e8a68ca379338e002ed9e3ae", + "rev": "f9dbb7fb95f41d234e53ac3d46501a0aa6b1098c", "type": "github" }, "original": { @@ -488,13 +662,38 @@ "type": "github" } }, + "nix-topology": { + "inputs": { + "devshell": "devshell", + "flake-utils": "flake-utils_7", + "nixpkgs": [ + "nixpkgs" + ], + "pre-commit-hooks": [ + "git-hooks" + ] + }, + "locked": { + "lastModified": 1714212743, + "narHash": "sha256-+GmuCvecraSTWylPCVSZYwAiz4lKDEpn1TIZlKz7gSw=", + "owner": "oddlama", + "repo": "nix-topology", + "rev": "ac69cc735c58e0028f8ef6a4b5c14efd57f5381b", + "type": "github" + }, + "original": { + "owner": "oddlama", + "repo": "nix-topology", + "type": "github" + } + }, "nixos-hardware": { "locked": { - "lastModified": 1714201532, - "narHash": "sha256-nk0W4rH7xYdDeS7k1SqqNtBaNrcgIBYNmOVc8P2puEY=", + "lastModified": 1714465198, + "narHash": "sha256-ySkEJvS0gPz2UhXm0H3P181T8fUxvDVcoUyGn0Kc5AI=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "53db5e1070d07e750030bf65f1b9963df8f0c678", + "rev": "68d680c1b7c0e67a9b2144d6776583ee83664ef4", "type": "github" }, "original": { @@ -505,11 +704,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1714245158, - "narHash": "sha256-9P2M0+tf1TE7Z5PwDVwhheuD2mFf6/phPr0Jvl7cxcc=", + "lastModified": 1714314149, + "narHash": "sha256-yNAevSKF4krRWacmLUsLK7D7PlfuY3zF0lYnGYNi9vQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2b1f64b358f2cab62617f26b3870fd0ee375d848", + "rev": "cf8cc1201be8bc71b7cbbbdaf349b22f4f99c7ae", "type": "github" }, "original": { @@ -521,11 +720,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1714334083, - "narHash": "sha256-J+8rWV1oLXADlyk7kKPnTkOKal050884rt2g3bZ1KwY=", + "lastModified": 1714520284, + "narHash": "sha256-zwVUfqiFf+r5hifj7OwcFDGt1eiMaveim2ihE+m6dLA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d9fd2b2c31f1f983060af97da8bf56f2abe7c7fc", + "rev": "097de5af21721e8e36a2e0d015dc3a5917de3fa0", "type": "github" }, "original": { @@ -537,11 +736,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1714333746, - "narHash": "sha256-4PvKjtV5nINMzhe2RKmtTvlE5FGzuLbhjM4UHfMUPYc=", + "lastModified": 1714514061, + "narHash": "sha256-QgR4JVjLFFqd/khJ5Og55iyBVdqoKcrfC0urkP3ZCJA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "007064b6be0e8cb970d6e1a8902c30a3e99167e3", + "rev": "95d1b593aab60766964d22d8ec0b0847678bdee2", "type": "github" }, "original": { @@ -563,7 +762,6 @@ }, "original": { "owner": "vulnersCom", - "ref": "master", "repo": "nmap-vulners", "type": "github" } @@ -580,42 +778,10 @@ }, "original": { "owner": "scipag", - "ref": "master", "repo": "vulscan", "type": "github" } }, - "pre-commit": { - "inputs": { - "flake-compat": [ - "flake-compat" - ], - "flake-utils": [ - "flake-utils" - ], - "gitignore": "gitignore", - "nixpkgs": [ - "nixpkgs" - ], - "nixpkgs-stable": [ - "nixpkgs-stable" - ] - }, - "locked": { - "lastModified": 1713954846, - "narHash": "sha256-RWFafuSb5nkWGu8dDbW7gVb8FOQOPqmX/9MlxUUDguw=", - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "rev": "6fb82e44254d6a0ece014ec423cb62d92435336f", - "type": "github" - }, - "original": { - "owner": "cachix", - "ref": "master", - "repo": "pre-commit-hooks.nix", - "type": "github" - } - }, "root": { "inputs": { "agenix": "agenix", @@ -625,21 +791,20 @@ "dns": "dns", "flake-compat": "flake-compat", "flake-registry": "flake-registry", - "flake-utils": "flake-utils", + "git-hooks": "git-hooks", "home-manager": "home-manager", "impermanence": "impermanence", "mailserver": "mailserver", "minecraft": "minecraft", "nix-index-database": "nix-index-database", + "nix-topology": "nix-topology", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", "nixpkgs-master": "nixpkgs-master", "nixpkgs-stable": "nixpkgs-stable", "nmap-vulners": "nmap-vulners", "nmap-vulscan": "nmap-vulscan", - "pre-commit": "pre-commit", "stylix": "stylix", - "systems": "systems", "vscode-extensions": "vscode-extensions", "xmonad-ng": "xmonad-ng" } @@ -693,24 +858,160 @@ "type": "github" } }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_4": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_5": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_6": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_7": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_8": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_9": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "utils": { + "inputs": { + "systems": "systems_5" + }, + "locked": { + "lastModified": 1709126324, + "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "d465f4819400de7c8d874d50b982301f28a84605", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "vscode-extensions": { "inputs": { "flake-compat": [ "flake-compat" ], - "flake-utils": [ - "flake-utils" - ], + "flake-utils": "flake-utils_8", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1714267526, - "narHash": "sha256-92vUWmEZgINBgC2uT39Ihpbc/Ok86iOT2DjPrmrnFnA=", + "lastModified": 1714440038, + "narHash": "sha256-+zO77hQMEX9k87QQhuKgqLWNh1ZQZeF+a6sN/ot8RT4=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "6be0c88ffc813c82a6d3c99129c5cdaed5499468", + "rev": "150f7cf5f7d1c76e36bb5e917c5ac8045d77db45", "type": "github" }, "original": { @@ -721,9 +1022,7 @@ }, "xmonad-ng": { "inputs": { - "flake-utils": [ - "flake-utils" - ], + "flake-utils": "flake-utils_9", "nixpkgs": [ "nixpkgs" ] diff --git a/flake.nix b/flake.nix index adb7416..dc194f5 100644 --- a/flake.nix +++ b/flake.nix @@ -33,16 +33,12 @@ inputs = { home-manager.follows = "home-manager"; nixpkgs.follows = "nixpkgs"; - systems.follows = "systems"; }; }; dns = { url = "github:kirelagin/dns.nix"; - inputs = { - flake-utils.follows = "flake-utils"; - nixpkgs.follows = "nixpkgs"; - }; + inputs.nixpkgs.follows = "nixpkgs"; }; mailserver = { @@ -50,7 +46,6 @@ inputs = { flake-compat.follows = "flake-compat"; nixpkgs.follows = "nixpkgs"; - utils.follows = "flake-utils"; }; }; @@ -58,7 +53,6 @@ url = "github:pinpox/alertmanager-ntfy"; inputs = { flake-compat.follows = "flake-compat"; - flake-utils.follows = "flake-utils"; nixpkgs.follows = "nixpkgs"; }; }; @@ -67,7 +61,6 @@ url = "github:nix-community/nix-vscode-extensions"; inputs = { flake-compat.follows = "flake-compat"; - flake-utils.follows = "flake-utils"; nixpkgs.follows = "nixpkgs"; }; }; @@ -76,9 +69,8 @@ url = "github:dwarfmaster/arkenfox-nixos"; inputs = { flake-compat.follows = "flake-compat"; - flake-utils.follows = "flake-utils"; nixpkgs.follows = "nixpkgs"; - pre-commit.follows = "pre-commit"; + pre-commit.follows = "git-hooks"; }; }; @@ -86,7 +78,6 @@ url = "github:Infinidoge/nix-minecraft"; inputs = { flake-compat.follows = "flake-compat"; - flake-utils.follows = "flake-utils"; nixpkgs.follows = "nixpkgs"; }; }; @@ -96,87 +87,96 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - xmonad-ng = { - url = "git+https://git.azahi.cc/xmonad-ng?ref=master"; + nix-topology = { + url = "github:oddlama/nix-topology"; inputs = { - flake-utils.follows = "flake-utils"; nixpkgs.follows = "nixpkgs"; + pre-commit-hooks.follows = "git-hooks"; }; }; + xmonad-ng = { + url = "git+https://git.azahi.cc/xmonad-ng?ref=master"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + azahi-cc = { url = "git+https://git.azahi.cc/azahi-cc?ref=master"; flake = false; }; nmap-vulners = { - url = "github:vulnersCom/nmap-vulners/master"; + url = "github:vulnersCom/nmap-vulners"; flake = false; }; nmap-vulscan = { - url = "github:scipag/vulscan/master"; + url = "github:scipag/vulscan"; flake = false; }; - pre-commit = { - url = "github:cachix/pre-commit-hooks.nix/master"; + git-hooks = { + url = "github:cachix/git-hooks.nix"; inputs = { flake-compat.follows = "flake-compat"; - flake-utils.follows = "flake-utils"; nixpkgs.follows = "nixpkgs"; nixpkgs-stable.follows = "nixpkgs-stable"; }; }; - systems.url = "github:nix-systems/default"; - flake-utils = { - url = "github:numtide/flake-utils"; - inputs.systems.follows = "systems"; - }; flake-registry = { url = "github:NixOS/flake-registry"; flake = false; }; - flake-compat.url = "github:edolstra/flake-compat/master"; + flake-compat.url = "github:edolstra/flake-compat"; }; outputs = - inputs: - with inputs; - flake-utils.lib.eachDefaultSystem (system: { - apps.default = { - type = "app"; - program = "${self.packages.${system}.default}/bin/nixfiles"; + inputs@{ self, nixpkgs, ... }: + let + system = "x86_64-linux"; + + pkgs = import nixpkgs { + inherit system; + overlays = [ + self.overlays.default + inputs.nix-topology.overlays.default + ]; }; + in + { + lib = nixpkgs.lib.extend (import ./lib); + + legacyPackages.${system} = pkgs; + + packages.${system} = { + default = self.packages.${system}.nixfiles; + inherit (self.legacyPackages.${system}) nixfiles; - packages = { - default = self.legacyPackages.${system}.nixfiles; iso = self.nixosConfigurations.iso.config.system.build.isoImage; }; - legacyPackages = import nixpkgs { - inherit system; - overlays = [ self.overlays.default ]; + apps.${system}.default = { + type = "app"; + program = self.lib.getExe self.packages.${system}.nixfiles; }; - devShells.default = - with self.legacyPackages.${system}; + overlays = import ./overlays.nix; + + devShells.${system}.default = + with pkgs; mkShell { inherit (self.checks.${system}.preCommit) shellHook; packages = [ go-task ]; }; - formatter = self.legacyPackages.${system}.nixfmt; + nixosModules = import ./modules self.lib; - checks = import ./checks.nix { inherit inputs system; }; - }) - // { - lib = nixpkgs.lib.extend (import ./lib); + nixosConfigurations = import ./configurations inputs; - nixosModules.nixfiles = import ./modules; + checks.${system} = import ./checks.nix inputs system pkgs; - nixosConfigurations = import ./nixosConfigurations inputs; + formatter.${system} = pkgs.nixfmt; - overlays.default = final: prev: import ./overlay.nix final prev; + topology = import ./topology.nix inputs self pkgs; }; } diff --git a/modules/default.nix b/modules/default.nix index ef9fb18..9ed1029 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -1 +1,7 @@ -{ lib, ... }: with lib; { imports = attrValues (modulesIn ./.); } +lib: with lib; { + nixfiles = + { ... }: + { + imports = attrValues (modulesIn ./.); + }; +} diff --git a/modules/profiles/headful.nix b/modules/profiles/headful.nix index 20363bc..6e58dae 100644 --- a/modules/profiles/headful.nix +++ b/modules/profiles/headful.nix @@ -100,8 +100,9 @@ in }; services = { - upower.enable = true; + libinput.enable = true; psd.enable = true; + upower.enable = true; }; environment.systemPackages = with pkgs; [ diff --git a/modules/x11.nix b/modules/x11.nix index 55ba0b5..4edab6b 100644 --- a/modules/x11.nix +++ b/modules/x11.nix @@ -64,8 +64,6 @@ in autoRepeatDelay = 200; autoRepeatInterval = 50; - libinput.enable = true; - monitorSection = '' Option "DPMS" "false" ''; diff --git a/nixosConfigurations/default.nix b/nixosConfigurations/default.nix deleted file mode 100644 index b685eb7..0000000 --- a/nixosConfigurations/default.nix +++ /dev/null @@ -1,92 +0,0 @@ -inputs: -with inputs.self.lib; -let - mkConfiguration = - name: - { - modules ? [ ], - configuration ? ./${name}, - this ? my.configurations.${name}, - }: - nameValuePair name (nixosSystem { - inherit (this) system; - modules = - modules - ++ attrValues inputs.self.nixosModules - ++ optional (configuration != null) (import configuration); - specialArgs = { - inherit inputs this; - inherit (inputs.self) lib; - }; - }); - - mkTest = this: { - modules = with inputs; [ - "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix" - nixpkgs.nixosModules.notDetected - ]; - inherit this; - }; -in -mapAttrs' mkConfiguration { - test-headless = mkTest { - hostname = "test-headless"; - system = "x86_64-linux"; - isHeadless = true; - isHeadful = false; - }; - test-headful = mkTest { - hostname = "test-headful"; - system = "x86_64-linux"; - isHeadless = false; - isHeadful = true; - }; - - iso = { - this = { - hostname = "iso"; - system = "x86_64-linux"; - isHeadless = false; - isHeadful = false; - }; - configuration = ./iso; - modules = [ - "${inputs.nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal-new-kernel.nix" - ]; - }; - - eonwe.modules = with inputs; [ - nixos-hardware.nixosModules.common-cpu-amd - nixos-hardware.nixosModules.common-cpu-amd-pstate - nixos-hardware.nixosModules.common-gpu-amd - nixos-hardware.nixosModules.common-pc-ssd - nixpkgs.nixosModules.notDetected - ]; - - melian.modules = with inputs; [ - nixos-hardware.nixosModules.common-pc-laptop-ssd - nixos-hardware.nixosModules.lenovo-thinkpad-t480 - nixpkgs.nixosModules.notDetected - ]; - - manwe.modules = with inputs; [ - "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix" - nixos-hardware.nixosModules.common-cpu-amd - nixos-hardware.nixosModules.common-pc-ssd - nixpkgs.nixosModules.notDetected - ]; - - varda.modules = with inputs; [ - "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix" - nixos-hardware.nixosModules.common-cpu-amd - nixos-hardware.nixosModules.common-pc-ssd - nixpkgs.nixosModules.notDetected - ]; - - yavanna.modules = with inputs; [ - "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix" - nixos-hardware.nixosModules.common-cpu-intel - nixos-hardware.nixosModules.common-pc-hdd - nixpkgs.nixosModules.notDetected - ]; -} diff --git a/nixosConfigurations/eonwe/default.nix b/nixosConfigurations/eonwe/default.nix deleted file mode 100644 index 1904cdb..0000000 --- a/nixosConfigurations/eonwe/default.nix +++ /dev/null @@ -1,312 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; -{ - imports = attrValues (modulesIn ./.); - - nixfiles.modules = { - ark.enable = true; - - wireguard.client.enable = true; - - syncthing.enable = true; - - openssh.server.enable = true; - - android.enable = true; - beets.enable = true; - bluetooth.enable = true; - games = { - lutris.enable = true; - minecraft.client.enable = true; - steam.enable = true; - steam-run.quirks.blackIsleStudios = true; - }; - libvirtd.enable = true; - incus.enable = true; - mpd.enable = true; - qutebrowser.enable = true; - }; - - hm = { - home.packages = with pkgs; [ - anki - gzdoom - iaito - kdenlive - krita - obs-studio - openmw - openttd - qbittorrent - qolibri - qzdl - radeontop - vcmi - vesktop - vial - wacomtablet - xonotic - ]; - - programs = { - beets.settings.directory = mkForce "/mnt/udata/music"; - - mpv = { - profiles = - let - mapShaders = shaders: map (args: toString (pkgs.fetchurl args)) shaders; - cfl-prediction = mapShaders [ - { - url = "https://raw.githubusercontent.com/Artoriuz/glsl-chroma-from-luma-prediction/471c65dd3915d39e7ef69957ab63e006125fbb88/CfL_Prediction.glsl"; - sha256 = "sha256-Mgb1KqF1EPPzR3SCVr9S4XzVmZkYEEFIHSp59RZ9wq8="; - } - ]; - ravu-lite-ar-r4 = mapShaders [ - { - url = "https://raw.githubusercontent.com/bjin/mpv-prescalers/b3f0a59d68f33b7162051ea5970a5169558f0ea2/compute/ravu-lite-ar-r4.hook"; - sha256 = "sha256-gyBAv/Sf75CobVUugeTOhy54B9z8iIoJSJgnLopfMsY="; - } - ]; - ssimdownscaler = mapShaders [ - { - url = "https://gist.githubusercontent.com/igv/36508af3ffc84410fe39761d6969be10/raw/575d13567bbe3caa778310bd3b2a4c516c445039/SSimDownscaler.glsl"; - sha256 = "sha256-AEq2wv/Nxo9g6Y5e4I9aIin0plTcMqBG43FuOxbnR1w="; - } - ]; - in - { - # TODO Profile conditionals on width are not working. - "qhd-downscale" = { - dscale = "lanczos"; - linear-downscaling = false; - glsl-shaders-append = ssimdownscaler; - }; - - "qhd-upscale" = { - glsl-shaders-append = cfl-prediction ++ ravu-lite-ar-r4; - }; - }; - - config = { - profile = "gpu-hq"; - vo = "gpu-next"; - gpu-api = "vulkan"; - hwdec = "auto"; - - deband = true; - deband-iterations = 4; - deband-threshold = 35; - deband-range = 16; - deband-grain = 5; - - temporal-dither = true; - dither-depth = "auto"; - dither = "fruit"; - - interpolation = true; - video-sync = "display-resample"; - tscale = "oversample"; - - target-prim = "auto"; - target-trc = "auto"; - vf = "format=colorlevels=full:colormatrix=auto"; - video-output-levels = "full"; - - glsl-shaders-append = map (text: toString (pkgs.writeText "shader.hook" text)) [ - '' - //!HOOK LUMA - //!BIND HOOKED - #define STRENGTH 48.0 - float mod289(float x) { return x - floor(x / 289.0) * 289.0; } - float permute(float x) { return mod289((34.0*x + 1.0) * x); } - float rand(float x) { return fract(x / 41.0); } - vec4 hook() { - vec3 _m = vec3(HOOKED_pos, 1.0) + vec3(1.0); - float h = permute(permute(permute(_m.x)+_m.y)+_m.z); - vec4 noise; - noise.x = rand(h); - return HOOKED_tex(HOOKED_pos) + vec4(STRENGTH/8192.0) * (noise - 0.5); - } - '' - '' - //!HOOK CHROMA - //!BIND HOOKED - #define STRENGTH 48.0 - float mod289(float x) { return x - floor(x / 289.0) * 289.0; } - float permute(float x) { return mod289((34.0*x + 1.0) * x); } - float rand(float x) { return fract(x / 41.0); } - vec4 hook() { - vec3 _m = vec3(HOOKED_pos, 0.5) + vec3(1.0); - float h = permute(permute(permute(_m.x)+_m.y)+_m.z); - vec4 noise; - noise.x = rand(h); h = permute(h); - noise.y = rand(h); - return HOOKED_tex(HOOKED_pos) + vec4(STRENGTH/8192.0) * (noise - 0.5); - } - '' - ]; - }; - }; - }; - - services = { - mpd.musicDirectory = mkForce "/mnt/udata/music"; - - xsettingsd.settings."Xft/DPI" = "93"; - }; - }; - - services = { - smartd = { - enable = true; - notifications.mail = { - enable = true; - sender = "admin+smartd@${my.domain.shire}"; - recipient = "admin+smartd@${my.domain.shire}"; - }; - }; - - openssh.settings = { - KbdInteractiveAuthentication = mkForce true; - PasswordAuthentication = mkForce true; - }; - - udev.packages = with pkgs; [ vial ]; - - xserver.wacom.enable = true; - }; - - # Usually stuff that is going to be compiled on this machine is going to have - # parallelisation support enabled, so we will make sure that all cores are - # utilised and limit the job queue to one. - nix.settings = { - max-jobs = 1; - cores = 32; - }; - - # Required[1] for using ZFS kernel modules with "unsupported" kernels. - # - # [1]: https://github.com/NixOS/nixpkgs/pull/121113#issuecomment-830003344 - # [1]: https://github.com/NixOS/nixpkgs/pull/230498#issuecomment-1551328615 - nixpkgs.config.allowBroken = true; - - boot = { - kernelPackages = pkgs.linuxPackages_xanmod_latest; - - kernelParams = [ - # Silence benign MCE errors: - # ``` - # mce: [Hardware Error]: CPU 1: Machine Check: 0 Bank 29: ffffffffffffffff - # mce: [Hardware Error]: TSC 0 MISC ff1fffffffffffff SYND ffffffffffffffff IPID ffffffffffffffff - # mce: [Hardware Error]: PROCESSOR 2:a60f12 TIME 1669988017 SOCKET 0 APIC 2 microcode a601201 - # ``` - "mce=nobootlog" - # This disables[1] User Mode Instruction Protection (UMIP)[2]. This is - # required for some games to run via Wine. - # - # [1]: https://docs.kernel.org/x86/cpuinfo.html - # [2]: https://en.wikichip.org/wiki/x86/umip - "clearcpuid=514" - ]; - - # https://wiki.archlinux.org/title/improving_performance#Watchdogs - blacklistedKernelModules = [ "sp5100_tco" ]; - - # The boot drive is Samsung SSD 980 PRO 2TB. - initrd.kernelModules = [ "nvme" ]; - - # These pools were configured manually with a specific mountpoint. - zfs.extraPools = [ - "udata" - "vdata" - ]; - }; - - # Filesystem creation: - # ``` - # mkfs.vfat -F 32 -l nixos-boot /dev/nvmeXnYpZ - # - # zpool create - # -o ashift=12 - # -o autotrim=on - # -O acltype=posixacl - # -O xattr=sa - # -O compression=zstd - # -O mountpoint=none - # nixos - # /dev/nvmeXnYpZ - # - # zfs create - # nixos/root - # - # zfs create - # -o encryption=aes-256-gcm - # -o keyformat=passphrase - # -o mountpoint=legacy - # nixos/root/ark - # - # zfs create - # -o mountpoint=legacy - # nixos/root/nix - # ``` - # - # physical structure (backside): - # [ 1 ] [ 2 ] [ 3 ] - # 1: disk/by-id/ata-WDC_WD20SPZX-22UA7T0_WD-WXP2E3163YW6 - # 2: disk/by-id/ata-WDC_WD20SPZX-22UA7T0_WD-WXN2E312R5HP - # 3: disk/by-id/ata-WDC_WD20SPZX-22UA7T0_WD-WXP2E311E6P2 - # - # physical structure (mobo M.2): - # [ 1 ] - # [ 2 ] - # 1: disk/by-id/nvme-Samsung_SSD_980_PRO_2TB_S69ENF0R872526A - # 2: disk/by-id/nvme-Samsung_SSD_980_PRO_2TB_S69ENX0T807723X - fileSystems = { - "/" = { - device = "none"; - fsType = "tmpfs"; - options = [ - "size=8G" - "mode=755" - ]; - }; - - "/boot" = { - device = "/dev/disk/by-uuid/1363-02E6"; - fsType = "vfat"; - }; - - "/nix" = { - device = "nixos/root/nix"; - fsType = "zfs"; - options = [ "noatime" ]; - }; - - ${config.ark.path} = { - device = "nixos/root/ark"; - fsType = "zfs"; - neededForBoot = true; # Required by impermanence. - }; - - # Required[1] when using impermanence with agenix. Filesystem itself is - # defined as an `ark.directory` in `nixos/common/users.nix`. - # - # [1]: https://github.com/ryantm/agenix/issues/45#issuecomment-847852593 - # [1]: https://github.com/nix-community/impermanence/issues/22 - # [1]: https://github.com/NixOS/nixpkgs/pull/86967#pullrequestreview-667929259 - "/home/${my.username}" = { - depends = [ config.ark.path ]; - neededForBoot = true; - }; - }; - - # No swap space is declared here because the system already has 128Gb of RAM. - # I've only manage to hit around 100Gb mark when running large - # computations/compiling something big. Pretty sure that a hefty chunk of it - # was just cache and it wouldn't make me get to OOM situations. -} diff --git a/nixosConfigurations/iso/default.nix b/nixosConfigurations/iso/default.nix deleted file mode 100644 index 7277e88..0000000 --- a/nixosConfigurations/iso/default.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ lib, ... }: -with lib; -{ - secrets = mkForce { }; - - nixfiles.modules = { - common.networking.onlyDefault = true; - git.client.enable = true; - gnupg.enable = true; - openssh = { - client.enable = true; - server = { - enable = true; - port = 22; - }; - }; - }; - - hm.programs.git.signing.signByDefault = mkForce false; - - programs.mtr.enable = true; - - services.getty.autologinUser = mkForce my.username; - - nixpkgs.config.allowBroken = true; -} diff --git a/nixosConfigurations/manwe/default.nix b/nixosConfigurations/manwe/default.nix deleted file mode 100644 index 3707440..0000000 --- a/nixosConfigurations/manwe/default.nix +++ /dev/null @@ -1,76 +0,0 @@ -{ config, lib, ... }: -with lib; -{ - imports = attrValues (modulesIn ./.); - - nixfiles.modules = { - nsd = { - enable = true; - fqdn = "ns1.${config.networking.domain}"; - }; - unbound.enable = true; - - wireguard.server.enable = true; - - acme.enable = true; - - monitoring.enable = true; - - postgresql.enable = true; - clickhouse.enable = true; - - git.server = { - enable = true; - domain = "git.${my.domain.azahi}"; - }; - - matrix.dendrite = { - enable = true; - domain = my.domain.azahi; - }; - murmur.enable = true; - radicale.enable = true; - rss-bridge.enable = true; - shadowsocks.enable = true; - soju = { - enable = true; - domain = my.domain.azahi; - }; - vaultwarden.enable = true; - ntfy.enable = true; - plausible.enable = true; - }; - - boot = { - loader.grub = { - enable = true; - device = "/dev/sda"; - }; - - initrd.availableKernelModules = [ - "virtio_pci" - "virtio_scsi" - ]; - }; - - fileSystems = { - "/" = { - device = "/dev/sda2"; - fsType = "xfs"; - options = [ "noatime" ]; - }; - - "/boot" = { - device = "/dev/sda1"; - fsType = "xfs"; - options = [ "noatime" ]; - }; - }; - - swapDevices = [ { device = "/dev/sda3"; } ]; - - zramSwap = { - enable = true; - memoryPercent = 25; - }; -} diff --git a/nixosConfigurations/manwe/mailserver/default.nix b/nixosConfigurations/manwe/mailserver/default.nix deleted file mode 100644 index cc8b41d..0000000 --- a/nixosConfigurations/manwe/mailserver/default.nix +++ /dev/null @@ -1,113 +0,0 @@ -{ - config, - inputs, - lib, - ... -}: -with lib; -{ - imports = [ inputs.mailserver.nixosModule ] ++ attrValues (modulesIn ./.); - - ark.directories = with config.mailserver; [ - "/var/lib/dovecot" - "/var/lib/postfix" - config.security.dhparams.params.dovecot2.path - dkimKeyDirectory - mailDirectory - sieveDirectory - ]; - - secrets = with config.mailserver; { - dkim-key-azahi-cc = { - file = "${inputs.self}/secrets/dkim-key-azahi-cc"; - path = "${dkimKeyDirectory}/${my.domain.azahi}.${dkimSelector}.key"; - owner = config.services.opendkim.user; - inherit (config.services.opendkim) group; - }; - dkim-key-rohan-net = { - file = "${inputs.self}/secrets/dkim-key-rohan-net"; - path = "${dkimKeyDirectory}/${my.domain.rohan}.${dkimSelector}.key"; - owner = config.services.opendkim.user; - inherit (config.services.opendkim) group; - }; - dkim-key-gondor-net = { - file = "${inputs.self}/secrets/dkim-key-gondor-net"; - path = "${dkimKeyDirectory}/${my.domain.gondor}.${dkimSelector}.key"; - owner = config.services.opendkim.user; - inherit (config.services.opendkim) group; - }; - dkim-key-shire-net = { - file = "${inputs.self}/secrets/dkim-key-shire-net"; - path = "${dkimKeyDirectory}/${my.domain.shire}.${dkimSelector}.key"; - owner = config.services.opendkim.user; - inherit (config.services.opendkim) group; - }; - }; - - nixfiles.modules = { - acme.enable = true; - redis.enable = true; - }; - - mailserver = - let - cert = config.certs.${my.domain.shire}; - in - { - enable = true; - - # Disable potentially insecure[1] STARTTLS connections. SSL-only connections - # are still enabled by default. - # - # [1]: https://www.rfc-editor.org/rfc/rfc3207#section-6 - enableImap = false; - enablePop3 = false; - enableSubmission = false; - - fqdn = config.networking.domain; - domains = with my.domain; [ - azahi - gondor - rohan - shire - ]; - - localDnsResolver = false; - - certificateScheme = "manual"; - certificateFile = "${cert.directory}/fullchain.pem"; - keyFile = "${cert.directory}/key.pem"; - - lmtpSaveToDetailMailbox = "no"; - - redis = with config.services.redis.servers.default; { - address = bind; - inherit port; - password = requirePass; - }; - }; - - services = { - fail2ban.jails = { - dovecot = { - enabled = true; - settings.mode = "aggressive"; - }; - postfix = { - enabled = true; - settings.mode = "aggressive"; - }; - }; - - # https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/issues/275#note_1746383655 - dovecot2.sieve.extensions = [ "fileinto" ]; - - # https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/issues/241 - redis.servers.rspamd.enable = mkForce false; - }; - - systemd.services.rspamd = { - requires = mkForce [ "redis-default.service" ]; - after = mkForce [ "redis-default.service" ]; - }; -} diff --git a/nixosConfigurations/manwe/webserver.nix b/nixosConfigurations/manwe/webserver.nix deleted file mode 100644 index 95a0b0b..0000000 --- a/nixosConfigurations/manwe/webserver.nix +++ /dev/null @@ -1,109 +0,0 @@ -{ - inputs, - lib, - libNginx, - libPlausible, - ... -}: -with lib; -{ - nixfiles.modules.nginx = { - enable = true; - virtualHosts = - with my.domain; - { - # TODO Start using this. - # "start.local" = { - # root = pkgs.hiccup; - # locations = { - # "/".tryFiles = "$uri $uri/ /index.html"; - # "~* ^.+config.json$".extraConfig = let - # config = pkgs.writeText "config.json" (generators.toJSON {} { - # version = "2.0"; - # id = "default"; - # title = "Demo Config"; - # url = "./configs/config.json"; - # featured = [ - # { - # name = "GitHub"; - # background = "/assets/card.png"; - # link = "https://github.com/ashwin-pc/hiccup"; - # } - # ]; - # categories = [ - # { - # title = "Category 1"; - # links = [ - # { - # name = "Link 1"; - # link = "https://example.com"; - # } - # ]; - # } - # { - # title = "Category 2"; - # links = [ - # { - # name = "Link 1"; - # link = "https://example.com"; - # } - # ]; - # } - # { - # title = "Category 3"; - # links = [ - # { - # name = "Link 1"; - # link = "https://example.com"; - # } - # ]; - # } - # { - # title = "Category 4"; - # links = [ - # { - # name = "Link 1"; - # link = "https://example.com"; - # } - # ]; - # } - # ]; - # }); - # in '' - # alias ${config}; - # ''; - # }; - # enableACME = false; - # forceSSL = false; - # }; - ${shire}.locations."/".return = "301 https://www.youtube.com/watch?v=dQw4w9WgXcQ"; - "git.${shire}".locations."/".return = "301 https://git.${azahi}"; - "bitwarden.${shire}".locations."/".return = "301 https://vaultwarden.${shire}"; - ${azahi} = { - serverAliases = [ - "frodo.${gondor}" - "frodo.${rohan}" - ]; - locations."/" = { - root = inputs.azahi-cc; - extraConfig = libNginx.config.appendHead [ (libPlausible.htmlPlausibleScript { domain = azahi; }) ]; - }; - }; - } - // ( - let - frodo = "301 https://frodo."; - in - { - ${gondor}.locations."/".return = concatStrings [ - frodo - gondor - ]; - ${rohan}.locations."/".return = concatStrings [ - frodo - rohan - ]; - } - ); - }; -} diff --git a/nixosConfigurations/melian/default.nix b/nixosConfigurations/melian/default.nix deleted file mode 100644 index 0805b4a..0000000 --- a/nixosConfigurations/melian/default.nix +++ /dev/null @@ -1,106 +0,0 @@ -{ lib, pkgs, ... }: -with lib; -{ - nixfiles.modules = { - wireguard.client.enable = true; - - syncthing.enable = true; - - bluetooth.enable = true; - - throttled.enable = true; - - android.enable = true; - }; - - hardware.trackpoint = { - enable = true; - speed = 500; - sensitivity = 250; - }; - - powerManagement = - let - modprobe = getExe' pkgs.kmod "modprobe"; - in - { - enable = true; - - # This fixes an issue with not being able to suspend or wake up from - # suspend due to a kernel bug[1] which is still not fixed. - # - # I guess this can also be fixed differently[2], which does look a lot nicer - # but I'm just too lazy. - # - # [1]: https://bbs.archlinux.org/viewtopic.php?id=270964 - # [1]: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/522998 - # [1]: https://bugs.launchpad.net/ubuntu/+source/pm-utils/+bug/562484/comments/3 - # [1]: https://gist.github.com/ioggstream/8f380d398aef989ac455b93b92d42048 - # [2]: https://linrunner.de/tlp/settings/runtimepm.html - powerDownCommands = "${modprobe} -r xhci_pci"; - powerUpCommands = "${modprobe} xhci_pci"; - }; - - services = { - thinkfan = { - enable = true; - settings = { - sensors = [ - { - hwmon = "/sys/class/hwmon"; - name = "coretemp"; - indices = [ 1 ]; - } - ]; - fans = [ { tpacpi = "/proc/acpi/ibm/fan"; } ]; - levels = [ - [ - "level auto" - 0 - 50 - ] - [ - "level disengaged" - 50 - 32767 - ] # This could annoy some people but IDGAF. - ]; - }; - }; - - fwupd.enable = true; - }; - - boot.initrd.luks.devices."root" = { - device = "/dev/disk/by-uuid/c1b46f24-eec0-47d2-a142-75ddfd7bb218"; - allowDiscards = true; - bypassWorkqueues = true; - }; - - fileSystems = { - "/" = { - device = "/dev/disk/by-uuid/bb8b09dc-cc67-47e5-8280-532b17a9e62a"; - fsType = "xfs"; - options = [ "noatime" ]; - }; - - "/boot" = { - device = "/dev/disk/by-uuid/1083-C8A0"; - fsType = "vfat"; - }; - }; - - # NOTE This makes hibernation pretty much impossible because the partition is - # encrypted. - swapDevices = [ - { - device = "/swapfile"; - size = 8 * 1024; - } - ]; - - zramSwap = { - enable = true; - memoryPercent = 25; - }; -} diff --git a/nixosConfigurations/test-headful/default.nix b/nixosConfigurations/test-headful/default.nix deleted file mode 100644 index f1da389..0000000 --- a/nixosConfigurations/test-headful/default.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ lib, ... }: -with lib; -{ - nixfiles.modules = { - dwm.enable = false; - kde.enable = true; - xmonad.enable = false; - }; - - boot.loader.systemd-boot.enable = true; - fileSystems."/".device = "/dev/null"; - - documentation = { - enable = mkForce false; - man = { - enable = mkForce false; - man-db.enable = mkForce false; - }; - }; -} diff --git a/nixosConfigurations/test-headless/default.nix b/nixosConfigurations/test-headless/default.nix deleted file mode 100644 index ef3d223..0000000 --- a/nixosConfigurations/test-headless/default.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ lib, ... }: -with lib; -{ - nixfiles.modules = { - endlessh-go.enable = mkForce false; - node-exporter.enable = mkForce false; - promtail.enable = mkForce false; - }; - - boot.loader.systemd-boot.enable = true; - fileSystems."/".device = "/dev/null"; - - documentation.enable = mkForce false; -} diff --git a/nixosConfigurations/varda/default.nix b/nixosConfigurations/varda/default.nix deleted file mode 100644 index c8ecef2..0000000 --- a/nixosConfigurations/varda/default.nix +++ /dev/null @@ -1,62 +0,0 @@ -{ lib, ... }: -with lib; -{ - imports = attrValues (modulesIn ./.); - - nixfiles.modules = { - wireguard.client.enable = true; - - acme.enable = true; - - k3s.enable = true; - }; - - boot = { - loader = { - efi.canTouchEfiVariables = true; - - systemd-boot = { - enable = true; - configurationLimit = 10; - }; - }; - - initrd.availableKernelModules = [ - "virtio_pci" - "virtio_scsi" - ]; - - # https://github.com/NixOS/nixpkgs/issues/89025 - # https://forum.netcup.de/administration-of-a-server-vserver/vserver-server-kvm-server/p67571-icmpv6-ra-ndisc-router-discovery-failed-to-add-default-route/#post67571 - # https://superuser.com/questions/33196/how-to-disable-autoconfiguration-on-ipv6-in-linux - kernel.sysctl = { - "net.ipv6.conf.all.autoconf" = 0; - "net.ipv6.conf.all.accept_ra" = 0; - }; - }; - - fileSystems = { - "/" = { - device = "/dev/disk/by-uuid/b07e8273-915a-424c-8c55-cdc2bd482f49"; - fsType = "xfs"; - options = [ "noatime" ]; - }; - - "/boot" = { - device = "/dev/disk/by-uuid/03FD-B6C0"; - fsType = "vfat"; - }; - }; - - swapDevices = [ - { - device = "/swapfile"; - size = 4 * 1024; - } - ]; - - zramSwap = { - enable = true; - memoryPercent = 25; - }; -} diff --git a/nixosConfigurations/yavanna/default.nix b/nixosConfigurations/yavanna/default.nix deleted file mode 100644 index 2d52f53..0000000 --- a/nixosConfigurations/yavanna/default.nix +++ /dev/null @@ -1,32 +0,0 @@ -_: { - nixfiles.modules = { - wireguard.client.enable = true; - - syncthing.enable = true; - - acme.enable = true; - - rtorrent.enable = true; - lidarr.enable = true; - jackett.enable = true; - }; - - boot.loader.grub = { - enable = true; - device = "/dev/sda"; - configurationLimit = 5; - }; - - fileSystems."/" = { - device = "/dev/sda2"; - fsType = "ext4"; - options = [ "noatime" ]; - }; - - swapDevices = [ { device = "/dev/sda3"; } ]; - - zramSwap = { - enable = true; - memoryPercent = 25; - }; -} diff --git a/overlay.nix b/overlay.nix deleted file mode 100644 index a37d3e7..0000000 --- a/overlay.nix +++ /dev/null @@ -1,102 +0,0 @@ -final: prev: { - bruh = prev.callPackage ./packages/bruh.nix { }; - - emacsql-sqlite = prev.callPackage ./packages/emacsql-sqlite.nix { }; - - git-extras = prev.git-extras.overrideAttrs ( - _: super: { - postPatch = - (super.postPatch or "") - + '' - substituteInPlace bin/git-setup \ - --replace 'Initial commit' 'chore: init' - ''; - } - ); - - grc = prev.grc.overrideAttrs ( - _: super: { - version = "unstable-2021-08-12"; - src = final.fetchFromGitHub { - owner = "garabik"; - repo = "grc"; - rev = "4d6a51fd78ad7e19af8dd12b2a828d1807267079"; - hash = "sha256-SmOZrgV0lgLryFoxADU15IKJ7jhxXar0MgbsV/z1GaE="; - }; - patches = (super.patches or [ ]) ++ [ - (final.fetchpatch { - url = "https://patch-diff.githubusercontent.com/raw/garabik/grc/pull/214.patch"; - hash = "sha256-VNr9jl5oFbFNJbGsjflwFV3oTbCzJ0lBIZA4eyeoXLY="; - }) - ]; - } - ); - - hiccup = prev.callPackage ./packages/hiccup.nix { }; - - logcli = prev.grafana-loki.overrideAttrs ( - _: super: { - pname = "logcli"; - subPackages = [ "cmd/logcli" ]; - nativeBuildInputs = super.nativeBuildInputs ++ [ final.installShellFiles ]; - postInstall = - (super.postInstall or "") - + '' - installShellCompletion --cmd logcli \ - --bash <($out/bin/logcli --completion--script-bash) \ - --zsh <($out/bin/logcli --completion-script-zsh) - ''; - preFixup = null; - } - ); - - myip = prev.callPackage ./packages/myip.nix { }; - - nixfiles = prev.callPackage ./packages/nixfiles.nix { }; - - nixfmt = prev.nixfmt-rfc-style; - - openssl_1_0_0 = prev.callPackage ./packages/openssl_1_0_0.nix { }; - - parinfer-rust = prev.callPackage ./packages/parinfer-rust.nix { }; - - # FIXME https://nixpk.gs/pr-tracker.html?pr=307505 - poetry = prev.poetry.overrideAttrs (finalAttrs: { - nativeBuildInputs = (finalAttrs.nativeBuildInputs or [ ]) ++ [ - prev.python3Packages.pythonRelaxDepsHook - ]; - pythonRelaxDeps = [ "dulwich" ]; - }); - - prismlauncher-unwrapped = - (prev.prismlauncher-unwrapped.override (finalAttrs: { - stdenv = final.useMoldLinker finalAttrs.stdenv; - })).overrideAttrs - ( - _: super: { - patches = (super.patches or [ ]) ++ [ ./patches/prismlauncher-allow-offline-accounts.patch ]; - } - ); - - telegram-desktop = - (prev.telegram-desktop.override (finalAttrs: { - stdenv = final.useMoldLinker finalAttrs.stdenv; - })).overrideAttrs - (_: super: { patches = (super.patches or [ ]) ++ [ ./patches/telegram-desktop-no-ads.patch ]; }); - - vesktop = prev.vesktop.overrideAttrs ( - _: super: { - nativeBuildInputs = super.nativeBuildInputs ++ [ final.imagemagick ]; - patches = (super.patches or [ ]) ++ [ ./patches/vesktop-no-anime.patch ]; - postInstall = - (super.postInstall or "") - + '' - rm -rf $out/share/icons/hicolor/* - for size in 16 24 32 48 64 96; do - convert -scale $size icon.png $size.png - install -Dm644 $size.png $out/share/icons/hicolor/''${size}x''${size}/apps/vesktop.png - done - ''; - } - ); -} diff --git a/overlays.nix b/overlays.nix new file mode 100644 index 0000000..642c587 --- /dev/null +++ b/overlays.nix @@ -0,0 +1,104 @@ +{ + default = final: prev: { + bruh = prev.callPackage ./packages/bruh.nix { }; + + emacsql-sqlite = prev.callPackage ./packages/emacsql-sqlite.nix { }; + + git-extras = prev.git-extras.overrideAttrs ( + _: super: { + postPatch = + (super.postPatch or "") + + '' + substituteInPlace bin/git-setup \ + --replace 'Initial commit' 'chore: init' + ''; + } + ); + + grc = prev.grc.overrideAttrs ( + _: super: { + version = "unstable-2021-08-12"; + src = final.fetchFromGitHub { + owner = "garabik"; + repo = "grc"; + rev = "4d6a51fd78ad7e19af8dd12b2a828d1807267079"; + hash = "sha256-SmOZrgV0lgLryFoxADU15IKJ7jhxXar0MgbsV/z1GaE="; + }; + patches = (super.patches or [ ]) ++ [ + (final.fetchpatch { + url = "https://patch-diff.githubusercontent.com/raw/garabik/grc/pull/214.patch"; + hash = "sha256-VNr9jl5oFbFNJbGsjflwFV3oTbCzJ0lBIZA4eyeoXLY="; + }) + ]; + } + ); + + hiccup = prev.callPackage ./packages/hiccup.nix { }; + + logcli = prev.grafana-loki.overrideAttrs ( + _: super: { + pname = "logcli"; + subPackages = [ "cmd/logcli" ]; + nativeBuildInputs = super.nativeBuildInputs ++ [ final.installShellFiles ]; + postInstall = + (super.postInstall or "") + + '' + installShellCompletion --cmd logcli \ + --bash <($out/bin/logcli --completion--script-bash) \ + --zsh <($out/bin/logcli --completion-script-zsh) + ''; + preFixup = null; + } + ); + + myip = prev.callPackage ./packages/myip.nix { }; + + nixfiles = prev.callPackage ./packages/nixfiles.nix { }; + + nixfmt = prev.nixfmt-rfc-style; + + openssl_1_0_0 = prev.callPackage ./packages/openssl_1_0_0.nix { }; + + parinfer-rust = prev.callPackage ./packages/parinfer-rust.nix { }; + + # FIXME https://nixpk.gs/pr-tracker.html?pr=307505 + poetry = prev.poetry.overrideAttrs (finalAttrs: { + nativeBuildInputs = (finalAttrs.nativeBuildInputs or [ ]) ++ [ + prev.python3Packages.pythonRelaxDepsHook + ]; + pythonRelaxDeps = [ "dulwich" ]; + }); + + prismlauncher-unwrapped = + (prev.prismlauncher-unwrapped.override (finalAttrs: { + stdenv = final.useMoldLinker finalAttrs.stdenv; + })).overrideAttrs + ( + _: super: { + patches = (super.patches or [ ]) ++ [ ./patches/prismlauncher-allow-offline-accounts.patch ]; + } + ); + + telegram-desktop = + (prev.telegram-desktop.override (finalAttrs: { + stdenv = final.useMoldLinker finalAttrs.stdenv; + })).overrideAttrs + (_: super: { patches = (super.patches or [ ]) ++ [ ./patches/telegram-desktop-no-ads.patch ]; }); + + vesktop = prev.vesktop.overrideAttrs ( + _: super: { + nativeBuildInputs = super.nativeBuildInputs ++ [ final.imagemagick ]; + patches = (super.patches or [ ]) ++ [ ./patches/vesktop-no-anime.patch ]; + postInstall = + (super.postInstall or "") + + '' + rm -rf $out/share/icons/hicolor/* + for size in 16 24 32 48 64 96; do + convert -scale $size icon.png $size.png + install -Dm644 $size.png $out/share/icons/hicolor/''${size}x''${size}/apps/vesktop.png + done + ''; + } + ); + }; +} diff --git a/topology.nix b/topology.nix new file mode 100644 index 0000000..8830f12 --- /dev/null +++ b/topology.nix @@ -0,0 +1,8 @@ +inputs: self: pkgs: +import inputs.nix-topology { + inherit pkgs; + modules = [ + { inherit (self) nixosConfigurations; } + (_: { }) + ]; +} -- cgit 1.4.1