From a0a3dcde99c4a8aa19b23ead79c08eedca30d002 Mon Sep 17 00:00:00 2001 From: Azat Bahawi Date: Sat, 8 Oct 2022 01:04:01 +0300 Subject: 2022-10-08 --- configurations/default.nix | 14 ++++ configurations/manwe/default.nix | 41 ++-------- configurations/melian/default.nix | 117 +++++++++++++-------------- configurations/varda/default.nix | 45 +++-------- configurations/yavanna/default.nix | 30 ------- flake.lock | 137 ++++++++++++++++++-------------- flake.nix | 15 ++-- lib/my.nix | 41 +++++++--- modules/nixfiles/alacritty.nix | 2 +- modules/nixfiles/bluetooth.nix | 1 - modules/nixfiles/common/networking.nix | 48 ++++++++--- modules/nixfiles/common/nix/default.nix | 85 ++++++++++---------- modules/nixfiles/common/security.nix | 26 +++++- modules/nixfiles/emacs/default.nix | 26 +++--- modules/nixfiles/emacs/doom/config.el | 5 ++ modules/nixfiles/emacs/doom/init.el | 4 +- modules/nixfiles/endlessh-go.nix | 2 +- modules/nixfiles/firefox/profile.nix | 2 +- modules/nixfiles/games/lutris.nix | 9 +-- modules/nixfiles/games/mangohud.nix | 16 +++- modules/nixfiles/git.nix | 15 ++-- modules/nixfiles/mpv.nix | 10 ++- modules/nixfiles/node-exporter.nix | 2 +- modules/nixfiles/profiles/headful.nix | 13 ++- modules/nixfiles/wireguard.nix | 2 + 25 files changed, 382 insertions(+), 326 deletions(-) diff --git a/configurations/default.nix b/configurations/default.nix index 40c133f..684b4e4 100644 --- a/configurations/default.nix +++ b/configurations/default.nix @@ -18,6 +18,7 @@ with lib; let }); in mapAttrs' mkConfiguration { + # A dummy configuration to test the "headless" profile. test-headless = { modules = with inputs; [ "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix" @@ -31,6 +32,7 @@ in }; }; + # A dummy configuration to test the "headful" profile. test-headful = { modules = with inputs; [ "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix" @@ -44,12 +46,22 @@ in }; }; + # Planned: a beefy tower desktop PC. + # eonwe.modules = with inputs; [ + # nixos-hardware.nixosModules.common-cpu-amd + # nixos-hardware.nixosModules.common-gpu-amd + # nixos-hardware.nixosModules.common-pc-ssd + # nixpkgs.nixosModules.notDetected + # ]; + + # ThinkPad T480. melian.modules = with inputs; [ nixos-hardware.nixosModules.common-pc-laptop-ssd nixos-hardware.nixosModules.lenovo-thinkpad-t480 nixpkgs.nixosModules.notDetected ]; + # VPS: Germany manwe.modules = with inputs; [ "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix" nixos-hardware.nixosModules.common-cpu-amd @@ -57,6 +69,7 @@ in nixpkgs.nixosModules.notDetected ]; + # VPS: Germany varda.modules = with inputs; [ "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix" nixos-hardware.nixosModules.common-cpu-amd @@ -64,6 +77,7 @@ in nixpkgs.nixosModules.notDetected ]; + # VPS: France yavanna.modules = with inputs; [ "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix" nixos-hardware.nixosModules.common-cpu-intel diff --git a/configurations/manwe/default.nix b/configurations/manwe/default.nix index 5531cb9..db08c3f 100644 --- a/configurations/manwe/default.nix +++ b/configurations/manwe/default.nix @@ -43,45 +43,20 @@ with lib; { vaultwarden.enable = true; }; - networking = let - interface = "eth0"; - in { - interfaces.${interface} = { - ipv4.addresses = [ - { - inherit (this.ipv4) address; - prefixLength = 22; - } - ]; - - ipv6.addresses = [ - { - inherit (this.ipv6) address; - prefixLength = 64; - } - ]; - }; - - defaultGateway = { - inherit interface; - address = this.ipv4.gateway; - }; - - defaultGateway6 = { - inherit interface; - address = this.ipv6.gateway; - }; - - nat.externalInterface = interface; - }; - boot = { loader.grub = { enable = true; device = "/dev/sda"; }; - initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"]; + initrd.availableKernelModules = [ + "ata_piix" + "sd_mod" + "sr_mod" + "uhci_hcd" + "virtio_pci" + "virtio_scsi" + ]; }; fileSystems = { diff --git a/configurations/melian/default.nix b/configurations/melian/default.nix index 0aca218..3ef0e46 100644 --- a/configurations/melian/default.nix +++ b/configurations/melian/default.nix @@ -7,7 +7,6 @@ with lib; { nixfiles.modules = { games = { lutris.enable = true; - minecraft.client.enable = true; steam.enable = true; }; @@ -38,31 +37,45 @@ with lib; { }; }; - fileSystems = { - "/boot" = { - device = "/dev/disk/by-uuid/1083-C8A0"; - fsType = "vfat"; - }; - - "/" = { - device = "/dev/disk/by-uuid/bb8b09dc-cc67-47e5-8280-532b17a9e62a"; - fsType = "xfs"; - options = ["noatime"]; - }; + hardware.trackpoint = { + enable = true; + speed = 500; + sensitivity = 250; }; - # NOTE This will make hibernation extremely hard if on an encrypted partition. - # This also could not work on ZFS or Btrfs. - swapDevices = [ - { - device = "/swapfile"; - size = 8 * 1024; - } - ]; + powerManagement = let + modprobe = "${pkgs.kmod}/bin/modprobe"; + in { + enable = true; - zramSwap = { + # This fixes an issue with not being able to suspend or wake up from suspend + # due to a kernel bug[1]. + # + # [1]: https://bbs.archlinux.org/viewtopic.php?id=270964 + # [1]: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/522998 + # [1]: https://bugs.launchpad.net/ubuntu/+source/pm-utils/+bug/562484/comments/3 + # [1]: https://gist.github.com/ioggstream/8f380d398aef989ac455b93b92d42048 + powerDownCommands = "${modprobe} -r xhci_pci"; + powerUpCommands = "${modprobe} xhci_pci"; + }; + + services.thinkfan = { enable = true; - memoryPercent = 25; + + settings = { + sensors = [ + { + hwmon = "/sys/class/hwmon"; + name = "coretemp"; + indices = [1]; + } + ]; + fans = [{tpacpi = "/proc/acpi/ibm/fan";}]; + levels = [ + ["level auto" 0 50] + ["level disengaged" 50 32767] + ]; + }; }; boot = { @@ -91,48 +104,30 @@ with lib; { }; }; - hardware.trackpoint = { - enable = true; - speed = 500; - sensitivity = 250; - }; - - powerManagement = let - modprobe = "${pkgs.kmod}/bin/modprobe"; - in { - enable = true; + fileSystems = { + "/boot" = { + device = "/dev/disk/by-uuid/1083-C8A0"; + fsType = "vfat"; + }; - # This fixes an issue with not being able to suspend or wake up from suspend - # due to a kernel bug[1]. - # - # [1]: https://bbs.archlinux.org/viewtopic.php?id=270964 - # [1]: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/522998 - # [1]: https://bugs.launchpad.net/ubuntu/+source/pm-utils/+bug/562484/comments/3 - # [1]: https://gist.github.com/ioggstream/8f380d398aef989ac455b93b92d42048 - powerDownCommands = "${modprobe} -r xhci_pci"; - powerUpCommands = "${modprobe} xhci_pci"; + "/" = { + device = "/dev/disk/by-uuid/bb8b09dc-cc67-47e5-8280-532b17a9e62a"; + fsType = "xfs"; + options = ["noatime"]; + }; }; - services = { - thinkfan = { - enable = true; - - settings = { - sensors = [ - { - hwmon = "/sys/class/hwmon"; - name = "coretemp"; - indices = [1]; - } - ]; - fans = [{tpacpi = "/proc/acpi/ibm/fan";}]; - levels = [ - ["level auto" 0 50] - ["level disengaged" 50 32767] - ]; - }; - }; + # NOTE This will make hibernation extremely hard if on an encrypted partition. + # This also could not work on ZFS or Btrfs. + swapDevices = [ + { + device = "/swapfile"; + size = 8 * 1024; + } + ]; - # xserver.videoDrivers = ["intel" "modesetting"]; + zramSwap = { + enable = true; + memoryPercent = 25; }; } diff --git a/configurations/varda/default.nix b/configurations/varda/default.nix index ac7b493..5e0914e 100644 --- a/configurations/varda/default.nix +++ b/configurations/varda/default.nix @@ -7,41 +7,11 @@ with lib; { nixfiles.modules = { wireguard.client.enable = true; - # games.minecraft.server = { - # enable = true; - # memory = "6G"; - # }; - acme.enable = true; - }; - - networking = let - interface = "eth0"; - in { - interfaces.${interface} = { - ipv4.addresses = [ - { - inherit (this.ipv4) address; - prefixLength = 22; - } - ]; - - ipv6.addresses = [ - { - inherit (this.ipv6) address; - prefixLength = 64; - } - ]; - }; - - defaultGateway = { - inherit interface; - address = this.ipv4.gateway; - }; - defaultGateway6 = { - inherit interface; - address = this.ipv6.gateway; + games.minecraft.server = { + enable = false; # Disabled because no one is playing now. + memory = "6G"; }; }; @@ -55,7 +25,14 @@ with lib; { }; }; - initrd.availableKernelModules = ["ata_piix" "sd_mod" "sr_mod" "uhci_hcd" "virtio_pci" "virtio_scsi"]; + initrd.availableKernelModules = [ + "ata_piix" + "sd_mod" + "sr_mod" + "uhci_hcd" + "virtio_pci" + "virtio_scsi" + ]; }; fileSystems = { diff --git a/configurations/yavanna/default.nix b/configurations/yavanna/default.nix index aa3118e..e3172a6 100644 --- a/configurations/yavanna/default.nix +++ b/configurations/yavanna/default.nix @@ -14,36 +14,6 @@ with lib; { rtorrent.enable = true; }; - networking = let - interface = "eth0"; - in { - interfaces.${interface} = { - ipv4.addresses = [ - { - inherit (this.ipv4) address; - prefixLength = 24; - } - ]; - - ipv6.addresses = [ - { - inherit (this.ipv6) address; - prefixLength = 128; - } - ]; - }; - - defaultGateway = { - inherit interface; - address = this.ipv4.gateway; - }; - - defaultGateway6 = { - inherit interface; - address = this.ipv6.gateway; - }; - }; - boot = { loader.grub = { enable = true; diff --git a/flake.lock b/flake.lock index 48253ef..761a302 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1662241716, - "narHash": "sha256-urqPvSvvGUhkwzTDxUI8N1nsdMysbAfjmBNZaTYBZRU=", + "lastModified": 1664140963, + "narHash": "sha256-pFxDtOLduRFlol0Y4ShE+soRQX4kbhaCNBtDOvx7ykw=", "owner": "ryantm", "repo": "agenix", - "rev": "c96da5835b76d3d8e8d99a0fec6fe32f8539ee2e", + "rev": "6acb1fe5f8597d5ce63fc82bc7fcac7774b1cdf0", "type": "github" }, "original": { @@ -121,11 +121,11 @@ ] }, "locked": { - "lastModified": 1663410592, - "narHash": "sha256-WkcXd6uAfSfJscflb2ivOPqCgCyQGo4nUkQwIUTXtjg=", + "lastModified": 1665120353, + "narHash": "sha256-4wOdNQoP7F9hOshrU/APxs/L7Lma75OABRR4eMcEhsk=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "350a3df35560f727046192cefd19e0d7e496a652", + "rev": "db1c01c5faeea34547fff2017324f8a2d2253402", "type": "github" }, "original": { @@ -329,11 +329,11 @@ ] }, "locked": { - "lastModified": 1663328500, - "narHash": "sha256-7n+J/exp8ky4dmk02y5a9R7CGmJvHpzrHMzfEkMtSWA=", + "lastModified": 1665119273, + "narHash": "sha256-neL/ZRrwk47Ke1nfjk8ltlIm+NRZyA3MBcNbqEGSBeE=", "owner": "nix-community", "repo": "home-manager", - "rev": "5427f3d1f0ea4357cd4af0bffee7248d640c6ffc", + "rev": "9fcae11ff29ca5f959b05c206f3724486c28ff07", "type": "github" }, "original": { @@ -396,11 +396,11 @@ "ws-butler": "ws-butler" }, "locked": { - "lastModified": 1662839665, - "narHash": "sha256-TGSRXMmRTn4eza3q0XvqpuPoeCnkktPeD0TaM/V1pZ0=", + "lastModified": 1664622347, + "narHash": "sha256-pJTnEG68PhrXjpkfz/784BlcxaHgV06b1cUVGRxhMdw=", "owner": "nix-community", "repo": "nix-doom-emacs", - "rev": "acbf1b70335d4fd6a6c05bc417d7f3ca44739437", + "rev": "b65e204ce9d20b376acc38ec205d08007eccdaef", "type": "github" }, "original": { @@ -420,11 +420,11 @@ ] }, "locked": { - "lastModified": 1663120334, - "narHash": "sha256-6OzKHiEWvvXCmoDZtiUhox8QwhftiU4yfIxhg3psPqQ=", + "lastModified": 1665020519, + "narHash": "sha256-1DdFTskxpBw/McAuNNvUkWpNtSN1tUywpsBjNfsSBLY=", "owner": "jyooru", "repo": "nix-minecraft-servers", - "rev": "e4e9f126df09d00e3284dbe79a92768aa898efa1", + "rev": "d34bbd2bbb2afb2f43365238c218f97365686742", "type": "github" }, "original": { @@ -452,11 +452,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1663229557, - "narHash": "sha256-1uU4nsDLXKG0AHc/VCsNBAEPkTA/07juYhcEWRb1O1E=", + "lastModified": 1665040200, + "narHash": "sha256-glqL6yj3aUm40y92inzRmowGt9aIrUrpBX7eBAMic4I=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "a0df6cd6e199df4a78c833c273781ea92fa62cfb", + "rev": "47fd70289491c1f0c0d9a1f44fb5a9e2801120c9", "type": "github" }, "original": { @@ -468,11 +468,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1663372752, - "narHash": "sha256-HxP/vZFDD/5Q9VEyX3VmsnCnm7vsH4IX6j/xE/+IVkc=", + "lastModified": 1665056165, + "narHash": "sha256-2C7VfNphJa0FxPoT+suMOmUDVrQ5RIE+NKfDWqElvE4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d9a1414346059619d9e13ab93e749bbb82e5252a", + "rev": "27a89ba43b0fb735ce867e8ab3d2442f8cc61dad", "type": "github" }, "original": { @@ -482,13 +482,29 @@ "type": "github" } }, - "nixpkgs-endlessh-go": { + "nixpkgs-master": { + "locked": { + "lastModified": 1665132380, + "narHash": "sha256-98YwYPul7feV+tQQXtTbLQ52t6yJnoBHaswoiIZ9KGk=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "7e5b689f69fa15e3ed3aa355d1751c9b6e4cea78", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "master", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-pr-endlessh-go": { "locked": { - "lastModified": 1662056195, - "narHash": "sha256-aVRDrBgZUyGT9FMTOvJmiemu6baJTlYEfdpVKloOOj0=", + "lastModified": 1663966554, + "narHash": "sha256-Ssvy4TushGEKa9AZlfo7hM+auQlw5JUA2PROWcbUNfc=", "owner": "azahi", "repo": "nixpkgs", - "rev": "c23131bc34da36f938c6f64de685afbd0f149039", + "rev": "99dc9b9c164af3bc6c08ff4a4db4c2b58e368160", "type": "github" }, "original": { @@ -498,29 +514,29 @@ "type": "github" } }, - "nixpkgs-master": { + "nixpkgs-pr-please": { "locked": { - "lastModified": 1663446975, - "narHash": "sha256-MRF4NO010nzVVWRFGErFxv8/P2wRfU3BEda4H07kSOM=", - "owner": "NixOS", + "lastModified": 1664618495, + "narHash": "sha256-WIBCgnVHmqwblSZqXhx62cHa9MQo1+9JEDWIbYbEJf4=", + "owner": "azahi", "repo": "nixpkgs", - "rev": "e986ddf417949e1a045430326a7238f9972827c9", + "rev": "a1ebdc24da21d98c66f527c56abff4283b3df61a", "type": "github" }, "original": { - "owner": "NixOS", - "ref": "master", + "owner": "azahi", + "ref": "please", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-stable": { "locked": { - "lastModified": 1663433994, - "narHash": "sha256-Bpthhv1PdZRrIFct8KbHACNvOu9bsYAMEaqoH83cvqM=", + "lastModified": 1665132027, + "narHash": "sha256-zoHPqSQSENt96zTk6Mt1AP+dMNqQDshXKQ4I6MfjP80=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "17989edb05615c4f61803b9c427d80b84c289c6b", + "rev": "9ecc270f02b09b2f6a76b98488554dd842797357", "type": "github" }, "original": { @@ -582,11 +598,11 @@ }, "nur": { "locked": { - "lastModified": 1663440270, - "narHash": "sha256-RkBoLyxamsBqRn9lB9RbFSDg7KHiGgHBsrpffEVXWCQ=", + "lastModified": 1665132827, + "narHash": "sha256-MLYVbC4piJOUdDLvlX3428zRSq+t4YUUZnDJ5JfvwnY=", "owner": "nix-community", "repo": "NUR", - "rev": "7511d58da488c67887745f40fd4846aa8c876d25", + "rev": "aa9c7abdce11c70b770defb55dbf3de0de2d9cab", "type": "github" }, "original": { @@ -615,11 +631,11 @@ "org": { "flake": false, "locked": { - "lastModified": 1662614940, - "narHash": "sha256-9eAqhKXpTfZQH3bn19ien3HIzF100h8z97iHqs/QUgY=", + "lastModified": 1664493874, + "narHash": "sha256-8zLosjfQX0aR5HprtCeiSqN1pfB+GEUF9AULk6WRcR4=", "owner": "emacs-straight", "repo": "org-mode", - "rev": "eb5ef0ae1424a725f933ef3929e5396a2ab727ab", + "rev": "fe1f4f2ccf040deff9c57288d987f17cc2da321f", "type": "github" }, "original": { @@ -631,11 +647,11 @@ "org-contrib": { "flake": false, "locked": { - "lastModified": 1661026052, - "narHash": "sha256-rE7aioQxeVjo+TVI4DIppKkmf/c7tRNzK6hQJAmUnVE=", + "lastModified": 1664301003, + "narHash": "sha256-8CAq/EB52RMQHNLZM0uc/1N5gKTfxGhf7WFt9sMKoD8=", "owner": "emacsmirror", "repo": "org-contrib", - "rev": "0740bd3fe69c4b327420185d931dcf0a9900a80e", + "rev": "aa104c0bbc3113f6d3d167b20bd8d6bf6a285f0f", "type": "github" }, "original": { @@ -711,11 +727,11 @@ ] }, "locked": { - "lastModified": 1663082609, - "narHash": "sha256-lmCCIu4dj59qbzkGKHQtolhpIEQMeAd2XUbXVPqgPYo=", + "lastModified": 1664708386, + "narHash": "sha256-aCD8UUGNYb5nYzRmtsq/0yP9gFOQQHr/Lsb5vW+mucw=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "60cad1a326df17a8c6cf2bb23436609fdd83024e", + "rev": "2e4a708918e14fdbd534cc94aaa9470cd19b2464", "type": "github" }, "original": { @@ -728,11 +744,11 @@ "revealjs": { "flake": false, "locked": { - "lastModified": 1662369032, - "narHash": "sha256-1BZWA3W77YbNZUj+7vJbkTeWY8O4jjPg7t5PvlEVDYA=", + "lastModified": 1664012352, + "narHash": "sha256-Pu5p6HqIO2wvWiTEhsQyIuwlWEIa1GjO3EDXosznyYE=", "owner": "hakimel", "repo": "reveal.js", - "rev": "8a97ad58b04045fe5a9c964aa31659bd27e665c5", + "rev": "468132320d6e072abd1297d7cc24766a2b7a832d", "type": "github" }, "original": { @@ -756,8 +772,9 @@ "nix-minecraft-servers": "nix-minecraft-servers", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", - "nixpkgs-endlessh-go": "nixpkgs-endlessh-go", "nixpkgs-master": "nixpkgs-master", + "nixpkgs-pr-endlessh-go": "nixpkgs-pr-endlessh-go", + "nixpkgs-pr-please": "nixpkgs-pr-please", "nixpkgs-stable": "nixpkgs-stable", "nmap-vulners": "nmap-vulners", "nmap-vulscan": "nmap-vulscan", @@ -831,11 +848,11 @@ "ts-fold": { "flake": false, "locked": { - "lastModified": 1662386895, - "narHash": "sha256-pYW2hcHgkr9KYdRvX2EkpOt/OL8yl+mkZ21JbMKWc8Q=", + "lastModified": 1663136308, + "narHash": "sha256-FI25RLoHqhcjA2qel75LVmQH4rTkKiAUR2w9QODT1XM=", "owner": "jcs-elpa", "repo": "ts-fold", - "rev": "017402713bd2f1fd7a691aa48afb4330f5397432", + "rev": "c3da5520b988720f7f6e9e5e11b60746598112e0", "type": "github" }, "original": { @@ -872,16 +889,16 @@ "locked": { "lastModified": 1660604184, "narHash": "sha256-iZLY0PNsscaAgHQOY/iuV9yFIHdkEVF1m9mHfN0lT/c=", - "owner": "azahi", - "repo": "xmonad-ng", + "ref": "master", "rev": "ba163659c9652efe46dd22cb4ad38e8a99adaf7c", - "type": "gitlab" + "revCount": 76, + "type": "git", + "url": "https://git.azahi.cc/xmonad-ng" }, "original": { - "owner": "azahi", "ref": "master", - "repo": "xmonad-ng", - "type": "gitlab" + "type": "git", + "url": "https://git.azahi.cc/xmonad-ng" } } }, diff --git a/flake.nix b/flake.nix index 5a224e1..26f46fc 100644 --- a/flake.nix +++ b/flake.nix @@ -34,13 +34,21 @@ # }; # FIXME https://github.com/NixOS/nixpkgs/pull/187026 - nixpkgs-endlessh-go = { + nixpkgs-pr-endlessh-go = { type = "github"; owner = "azahi"; repo = "nixpkgs"; ref = "endlessh-go"; }; + # FIXME https://github.com/NixOS/nixpkgs/pull/192671 + nixpkgs-pr-please = { + type = "github"; + owner = "azahi"; + repo = "nixpkgs"; + ref = "please"; + }; + nixos-hardware = { type = "github"; owner = "NixOS"; @@ -180,12 +188,9 @@ }; xmonad-ng = { - type = "gitlab"; - owner = "azahi"; - repo = "xmonad-ng"; - ref = "master"; # type = "path"; # path = "/home/azahi/src/xmonad-ng"; + url = "git+https://git.azahi.cc/xmonad-ng?ref=master"; inputs = { flake-utils.follows = "flake-utils"; nixpkgs.follows = "nixpkgs"; diff --git a/lib/my.nix b/lib/my.nix index 6f744bc..05fd6e9 100644 --- a/lib/my.nix +++ b/lib/my.nix @@ -34,24 +34,34 @@ with lib; ipv4 = { address = mkOption { - description = "The machine's public IPv4 addresses."; + description = "The machine's public IPv4 address."; type = nullOr str; default = null; }; - gateway = mkOption { - description = "The machine's IPv4 gateway."; + prefixLength = mkOption { + description = "The machine's IPv4 prefix length."; + type = nullOr int; + default = null; + }; + gatewayAddress = mkOption { + description = "The machine's IPv4 gateway address."; type = nullOr str; default = null; }; }; ipv6 = { address = mkOption { - description = "The machine's public IPv6 addresses."; + description = "The machine's public IPv6 address."; type = nullOr str; default = null; }; - gateway = mkOption { - description = "The machine's IPv6 gateway."; + prefixLength = mkOption { + description = "The machine's IPv6 prefix length."; + type = nullOr int; + default = null; + }; + gatewayAddress = mkOption { + description = "The machine's IPv6 gateway address."; type = nullOr str; default = null; }; @@ -127,12 +137,14 @@ with lib; manwe = { isHeadless = true; ipv4 = { + gatewayAddress = "@IPV4_ADDRESS@"; address = "@IPV4_ADDRESS@"; - gateway = "@IPV4_ADDRESS@"; + prefixLength = 22; }; ipv6 = { + gatewayAddress = "@IPV6_ADDRESS@"; address = "@IPV6_ADDRESS@]"; - gateway = "@IPV6_ADDRESS@"; + prefixLength = 64; }; wireguard = { ipv4.address = "10.69.0.1"; @@ -161,29 +173,32 @@ with lib; varda = { isHeadless = true; ipv4 = { + gatewayAddress = "@IPV4_ADDRESS@"; address = "@IPV4_ADDRESS@"; - gateway = "@IPV4_ADDRESS@"; + prefixLength = 22; }; ipv6 = { + gatewayAddress = "@IPV6_ADDRESS@"; address = "@IPV6_ADDRESS@"; - gateway = "@IPV6_ADDRESS@"; + prefixLength = 64; }; wireguard = { ipv4.address = "10.69.1.1"; ipv6.address = "fd69::1:1"; publicKey = "@PUBLIC_KEY@"; }; - domains = with my.domain; ["minecraft.${shire}"]; }; yavanna = { isHeadless = true; ipv4 = { + gatewayAddress = "@IPV4_ADDRESS@"; address = "@IPV4_ADDRESS@"; - gateway = "@IPV4_ADDRESS@"; + prefixLength = 24; }; ipv6 = { + gatewayAddress = "@IPV6_ADDRESS@"; address = "@IPV6_ADDRESS@"; - gateway = "@IPV6_ADDRESS@"; + prefixLength = 128; }; wireguard = { ipv4.address = "10.69.1.2"; diff --git a/modules/nixfiles/alacritty.nix b/modules/nixfiles/alacritty.nix index bafc0d9..5f8833a 100644 --- a/modules/nixfiles/alacritty.nix +++ b/modules/nixfiles/alacritty.nix @@ -62,7 +62,7 @@ in { foreground = red; background = black; }; - bar = { + footer_bar = { foreground = black; background = white; }; diff --git a/modules/nixfiles/bluetooth.nix b/modules/nixfiles/bluetooth.nix index a1fd58f..8347361 100644 --- a/modules/nixfiles/bluetooth.nix +++ b/modules/nixfiles/bluetooth.nix @@ -13,7 +13,6 @@ in { config = mkIf cfg.enable { hardware.bluetooth = { enable = true; - package = pkgs.bluezFull; settings.General.FastConnectable = true; }; diff --git a/modules/nixfiles/common/networking.nix b/modules/nixfiles/common/networking.nix index 0ff7e3d..3085797 100644 --- a/modules/nixfiles/common/networking.nix +++ b/modules/nixfiles/common/networking.nix @@ -12,36 +12,60 @@ with lib; { +recurse ''; - networking = { + # TODO Support multiple interfaces and IP addresses. + networking = let + interface = "eth0"; # This assumes `usePredictableInterfaceNames` is false. + in { + domain = my.domain.shire; + hostName = this.hostname; hostId = substring 0 8 (builtins.hashString "md5" this.hostname); - domain = my.domain.shire; - usePredictableInterfaceNames = false; + nameservers = mkDefault dns.const.quad9.default; useDHCP = false; - nameservers = dns.const.quad9.default; + # This could potentially break something. + usePredictableInterfaceNames = false; + interfaces.${interface} = { + ipv4.addresses = with this.ipv4; + optional (isString address && isInt prefixLength) { + inherit address prefixLength; + }; - hosts = { - "127.0.0.2" = mkForce []; - "::1" = mkForce []; + ipv6.addresses = with this.ipv6; + optional (isString address && isInt prefixLength) { + inherit address prefixLength; + }; }; + defaultGateway = with this.ipv4; + mkIf (isString gatewayAddress) { + inherit interface; + address = gatewayAddress; + }; + defaultGateway6 = with this.ipv6; + mkIf (isString gatewayAddress) { + inherit interface; + address = gatewayAddress; + }; firewall = { enable = true; - logRefusedConnections = false; - logRefusedPackets = false; - rejectPackets = false; - allowPing = config.nixfiles.modules.profiles.headless.enable; + allowPing = true; + pingLimit = "--limit 1/minute --limit-burst 5"; + + logRefusedConnections = false; + logRefusedPackets = false; + logRefusedUnicastsOnly = false; + logReversePathDrops = false; }; }; environment = { - systemPackages = with pkgs; [dnsutils ldns myip rsync]; + systemPackages = with pkgs; [myip]; shellAliases = listToAttrs (map ({ diff --git a/modules/nixfiles/common/nix/default.nix b/modules/nixfiles/common/nix/default.nix index 878505c..47cd5c1 100644 --- a/modules/nixfiles/common/nix/default.nix +++ b/modules/nixfiles/common/nix/default.nix @@ -33,14 +33,24 @@ with lib; { in { # https://github.com/NixOS/nix/blob/master/src/libutil/experimental-features.cc extraOptions = '' + max-jobs = auto + warn-dirty = false + flake-registry = ${inputs.flake-registry}/flake-registry.json extra-experimental-features = ca-derivations extra-experimental-features = flakes extra-experimental-features = nix-command extra-experimental-features = recursive-nix - flake-registry = ${inputs.flake-registry}/flake-registry.json - keep-derivations = true - keep-outputs = true - warn-dirty = false + keep-going = true + keep-derivations = ${ + if this.isHeadful + then "true" + else "false" + } + keep-outputs = ${ + if this.isHeadful + then "true" + else "false" + } ''; nixPath = @@ -57,14 +67,12 @@ with lib; { substituters = [ "https://azahi.cachix.org" "https://cachix.cachix.org" - "https://mic92.cachix.org" "https://nix-community.cachix.org" "https://pre-commit-hooks.cachix.org" ]; trusted-public-keys = [ "azahi.cachix.org-1:2bayb+iWYMAVw3ZdEpVg+NPOHCXncw7WMQ0ElX1GO3s=" "cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM=" - "mic92.cachix.org-1:gi8IhgiT3CYZnJsaW7fxznzTkMUOn1RY4GmXdT/nXYQ=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "pre-commit-hooks.cachix.org-1:Pkk3Panw5AW24TOv6kz3PvLhlH8puAsJTBbOPmBo7Rc=" ]; @@ -91,21 +99,13 @@ with lib; { patches = [./patches/alejandra-no-ads.patch]; }); - # https://github.com/NixOS/nixpkgs/pull/191633 - inherit - (pkgsPR - "191633" - "sha256-gk0x/hZ/XfLo5PZ4lai4oRhawDUw68LsE2dp5c3FYIA=") - soju - ; - - # Currently broken in Nixpkgs. - inherit - (pkgsRev - "ee01de29d2f58d56b1be4ae24c24bd91c5380cea" - "sha256-R18MixER2iwduNqOlLzXUms0Z7G3emnKZOKyQS52SSA=") - gotify-server - ; + # https://github.com/NixOS/nixpkgs/pull/192671 + # inherit + # (pkgsPR + # "192671" + # "sha256-BdmWzoR+l7f7aV2oTmA8kfm63Y9UZFHABni8xRgkK/M=") + # please + # ; } // (with super; let np = nodePackages; @@ -143,29 +143,34 @@ with lib; { defaultPackages = []; systemPackages = with pkgs; optionals this.isHeadful [ + nix-du nix-top nix-tree ]; }; - hm.home.file.".nix-defexpr/default.nix".text = - optionalString this.isHeadful - ( - let - hostname = strings.escapeNixIdentifier this.hostname; - in '' + hm.home = { + packages = with pkgs; [nix-index]; + + file.".nix-defexpr/default.nix".text = + optionalString this.isHeadful + ( let - self = builtins.getFlake "nixfiles"; - configurations = self.nixosConfigurations; - local = configurations.${hostname}; - in rec { - inherit self; - inherit (self) inputs lib; - inherit (lib) my; - this = my.configurations.${hostname}; - inherit (local) config; - inherit (local.config.system.build) toplevel vm vmWithBootLoader manual; - } // configurations // local._module.args - '' - ); + hostname = strings.escapeNixIdentifier this.hostname; + in '' + let + self = builtins.getFlake "nixfiles"; + configurations = self.nixosConfigurations; + local = configurations.${hostname}; + in rec { + inherit self; + inherit (self) inputs lib; + inherit (lib) my; + this = my.configurations.${hostname}; + inherit (local) config; + inherit (local.config.system.build) toplevel vm vmWithBootLoader manual; + } // configurations // local._module.args + '' + ); + }; } diff --git a/modules/nixfiles/common/security.nix b/modules/nixfiles/common/security.nix index 2ac5a22..30b4276 100644 --- a/modules/nixfiles/common/security.nix +++ b/modules/nixfiles/common/security.nix @@ -1,4 +1,9 @@ -_: { +{ + inputs, + lib, + ... +}: +with lib; { security = { sudo = { enable = true; @@ -21,4 +26,23 @@ _: { ''; }; }; + + # Remove this later. + # imports = ["${inputs.nixpkgs-pr-please}/nixos/modules/security/please.nix"]; + # security.please = { + # enable = true; + # settings.root = { + # name = my.username; + # target = "root"; + # rule = ".*"; + # require_pass = false; + # }; + # settings.root_edit = { + # name = my.username; + # type = "edit"; + # target = "root"; + # rule = ".*"; + # require_pass = false; + # }; + # }; } diff --git a/modules/nixfiles/emacs/default.nix b/modules/nixfiles/emacs/default.nix index 6b73151..41ef523 100644 --- a/modules/nixfiles/emacs/default.nix +++ b/modules/nixfiles/emacs/default.nix @@ -11,10 +11,8 @@ in { options.nixfiles.modules.emacs.enable = mkEnableOption "GNU Emacs"; config = mkIf cfg.enable { - # TODO Make magit-forge to work with this. secrets.authinfo = { file = "${inputs.self}/secrets/authinfo"; - path = "${config.my.home}/.authinfo"; owner = my.username; inherit (config.my) group; }; @@ -115,6 +113,20 @@ in { concatMapStringsSep ":" (x: "${x}/bin") extraBins }")) + (setq doom-font (font-spec :family "${config.fontScheme.monospaceFont.family}" + :size ${toString config.fontScheme.monospaceFont.size}) + doom-unicode-font doom-font) + + (appendq! auth-sources '("${config.secrets.authinfo.path}")) + + (setq user-full-name "${my.fullname}" + user-mail-address "${my.email}") + + ;; :app irc + (setq circe-default-nick "${my.username}" + circe-default-realname "${my.email}" + circe-default-user circe-default-nick) + ;; :lang plantuml (setq org-plantuml-jar-path "${pkgs.plantuml}/lib/plantuml.jar") @@ -124,16 +136,6 @@ in { ;; :input japanese (setq skk-large-jisyo "${pkgs.skk-dicts}/share/skk/SKK-JISYO.L") - (setq user-full-name "${my.fullname}" - user-mail-address "${my.email}") - - (setq circe-default-nick "${my.username}" - circe-default-realname "${my.fullname}" - circe-default-user circe-default-nick) - - (setq doom-font (font-spec :family "${config.fontScheme.monospaceFont.family}" - :size ${toString config.fontScheme.monospaceFont.size}) - doom-unicode-font doom-font) ''; }; diff --git a/modules/nixfiles/emacs/doom/config.el b/modules/nixfiles/emacs/doom/config.el index 546af9a..fedd98d 100644 --- a/modules/nixfiles/emacs/doom/config.el +++ b/modules/nixfiles/emacs/doom/config.el @@ -119,6 +119,7 @@ mu4e-context-policy 'ask-if-none mu4e-compose-context-policy 'always-ask mu4e-compose--org-msg-toggle-next nil + mu4e-update-interval 60 sendmail-program (executable-find "msmtp") send-mail-function #'smtpmail-send-it message-sendmail-f-is-evil t @@ -127,6 +128,8 @@ +mu4e-personal-addresses (list "frodo@gondor.net" "frodo@rohan.net" "azahi@shire.me" + "admin@shire.me" + "ceo@shire.me" "a.gondor@yahoo.com" "a.gondor@yahoo.com")) @@ -146,6 +149,8 @@ (smtpmail-smtp-user . "azahi")) t) +(setq +mu4e-compose-org-msg-toggle-next nil) + ;; ;;; Circe ;; diff --git a/modules/nixfiles/emacs/doom/init.el b/modules/nixfiles/emacs/doom/init.el index 98317ec..718d5cb 100644 --- a/modules/nixfiles/emacs/doom/init.el +++ b/modules/nixfiles/emacs/doom/init.el @@ -25,7 +25,7 @@ (vc-gutter +diff-hl +pretty) window-select workspaces - zen + ;; zen :editor (evil +everywhere) @@ -113,7 +113,7 @@ (zig +lsp +tree-sitter) :email - mu4e + (mu4e +org) :app calendar diff --git a/modules/nixfiles/endlessh-go.nix b/modules/nixfiles/endlessh-go.nix index 891d484..56c415e 100644 --- a/modules/nixfiles/endlessh-go.nix +++ b/modules/nixfiles/endlessh-go.nix @@ -10,7 +10,7 @@ with lib; let cfg = config.nixfiles.modules.endlessh-go; in { # Remove this later. - imports = ["${inputs.nixpkgs-endlessh-go}/nixos/modules/services/security/endlessh-go.nix"]; + imports = ["${inputs.nixpkgs-pr-endlessh-go}/nixos/modules/services/security/endlessh-go.nix"]; options.nixfiles.modules.endlessh-go.enable = mkEnableOption "endlessh-go"; diff --git a/modules/nixfiles/firefox/profile.nix b/modules/nixfiles/firefox/profile.nix index 93ade51..2649402 100644 --- a/modules/nixfiles/firefox/profile.nix +++ b/modules/nixfiles/firefox/profile.nix @@ -399,7 +399,7 @@ in { "toolkit.legacyUserProfileCustomizations.stylesheets" = true; # "browser.startup.page" = 1; - "browser.startup.homepage" = "about:blank"; # TODO Custom? + "browser.startup.homepage" = "about:blank"; "browser.startup.homepage_welcome_url" = ""; "browser.startup.homepage_welcome_url.additional" = ""; # diff --git a/modules/nixfiles/games/lutris.nix b/modules/nixfiles/games/lutris.nix index c474a44..0c942a8 100644 --- a/modules/nixfiles/games/lutris.nix +++ b/modules/nixfiles/games/lutris.nix @@ -11,8 +11,9 @@ in { config = mkIf cfg.enable { nixfiles.modules.games = { - steam-run.enable = true; gamemode.enable = true; + mangohud.enable = true; + steam-run.enable = true; }; # This removes the annoying warning. @@ -22,10 +23,8 @@ in { (lutris.override { lutris-unwrapped = lutris-unwrapped.override { wine = buildFHSUserEnv { - # We don't really need Wine because Lutris downloads required - # runtime files for us. This feature is more robust because you can - # juggle different versions without manually rebuilding anything - # because nixpkgs cache was pruned. + # We don't really need Wine because Lutris downloads the required + # runtime for us. name = "empty"; }; }; diff --git a/modules/nixfiles/games/mangohud.nix b/modules/nixfiles/games/mangohud.nix index 0625652..b521687 100644 --- a/modules/nixfiles/games/mangohud.nix +++ b/modules/nixfiles/games/mangohud.nix @@ -8,5 +8,19 @@ with lib; let in { options.nixfiles.modules.games.mangohud.enable = mkEnableOption "MangoHud"; - config = mkIf cfg.enable {hm.programs.mangohud.enable = true;}; + config = mkIf cfg.enable { + hm.programs.mangohud = { + enable = true; + settings = { + fps = true; + gpu_stats = true; + gpu_temp = true; + cpu_stats = true; + cpu_temp = true; + }; + settingsPerApplication = { + mpv.no_display = true; + }; + }; + }; } diff --git a/modules/nixfiles/git.nix b/modules/nixfiles/git.nix index c7a2ba6..b121f8f 100644 --- a/modules/nixfiles/git.nix +++ b/modules/nixfiles/git.nix @@ -89,11 +89,19 @@ in { } // mapAttrs' (n: v: nameValuePair ''url "git@${v}:"'' {insteadOf = "${n}:";}) { + "alpine" = "gitlab.alpinelinux.org"; "bitbucket" = "bitbucket.com"; "codeberg" = "codeberg.org"; + "freedesktop" = "gitlab.freedesktop.org"; "github" = "github.com"; "gitlab" = "gitlab.com"; + "gnome" = "gitlab.gnome.org"; + "haskell" = "gitlab.haskell.org"; + "kde" = "invent.kde.org"; + "notabug" = "notabug.org"; + "opencode" = "opencode.net"; "sourcehut" = "git.sr.ht"; + "videolan" = "code.videolan.org"; }; aliases = let @@ -138,12 +146,6 @@ in { initExtra = mkAfter "_complete_alias gl __start_glab glab"; }; }; - - xdg.configFile."glab-cli/aliases.yml".text = generators.toYAML {} { - ci = "pipeline ci"; - co = "mr checkout"; - li = "ci lint"; - }; }; }) (mkIf cfg.server.enable { @@ -187,6 +189,7 @@ in { fastcgi_param QUERY_STRING $args; fastcgi_param HTTP_HOST $server_name; ''; + # FIXME This breaks sources previewing for these files. "~* ^/(.+.(ico|css|png))$".extraConfig = '' alias ${cfg.server.package}/cgit/$1; ''; diff --git a/modules/nixfiles/mpv.nix b/modules/nixfiles/mpv.nix index 0c3fcc5..2072bc6 100644 --- a/modules/nixfiles/mpv.nix +++ b/modules/nixfiles/mpv.nix @@ -14,9 +14,15 @@ in { mpv = { enable = true; + # This is so dumb. And people still wonder why NixOS is so inacessable + # to outsiders. package = with pkgs; - mpv-with-scripts.override { - scripts = with mpvScripts; [autoload mpv-autosub sponsorblock]; + wrapMpv mpv-unwrapped { + scripts = with mpvScripts; [ + autoload + mpv-autosub + sponsorblock + ]; }; bindings = { diff --git a/modules/nixfiles/node-exporter.nix b/modules/nixfiles/node-exporter.nix index fad1cc8..43f48f6 100644 --- a/modules/nixfiles/node-exporter.nix +++ b/modules/nixfiles/node-exporter.nix @@ -16,6 +16,7 @@ in { port = 9100; enabledCollectors = [ "buddyinfo" + "cgroups" "ethtool" "interrupts" "ksmd" @@ -26,7 +27,6 @@ in { "processes" "qdisc" "systemd" - "tcpstat" "zoneinfo" ]; }; diff --git a/modules/nixfiles/profiles/headful.nix b/modules/nixfiles/profiles/headful.nix index afe9194..0563640 100644 --- a/modules/nixfiles/profiles/headful.nix +++ b/modules/nixfiles/profiles/headful.nix @@ -34,9 +34,13 @@ in { hm = { home.packages = with pkgs; [ calibre + fd imv - kotatogram-desktop - nheko + neochat + ripgrep + ripgrep-all + sd + tdesktop tor-browser ]; @@ -89,6 +93,7 @@ in { }; programs = { + bash.shellAliases.open = "${pkgs.xdg-utils}/bin/xdg-open"; mbsync.enable = true; msmtp.enable = true; mu.enable = true; @@ -121,16 +126,16 @@ in { iftop.enable = true; mtr.enable = true; traceroute.enable = true; - - bash.shellAliases.open = "${pkgs.xdg-utils}/bin/xdg-open"; }; services.upower.enable = true; environment.systemPackages = with pkgs; [ arping + dnsutils ethtool inetutils + ldns nethogs socat tcpdump diff --git a/modules/nixfiles/wireguard.nix b/modules/nixfiles/wireguard.nix index f98b4e3..d05c6ae 100644 --- a/modules/nixfiles/wireguard.nix +++ b/modules/nixfiles/wireguard.nix @@ -177,6 +177,8 @@ in { enable = true; enableIPv6 = true; + externalInterface = mkDefault "eth0"; + internalInterfaces = [cfg.interface]; internalIPs = [cfg.ipv4.subnet]; internalIPv6s = [cfg.ipv6.subnet]; -- cgit v1.2.3