From b07e10139c88d6060e57ca52b2dc12b17b53ac82 Mon Sep 17 00:00:00 2001 From: Azat Bahawi Date: Sun, 21 May 2023 23:10:32 +0300 Subject: 2023-05-21 --- flake.lock | 108 ++++++++++++++++++------------- lib/default.nix | 2 - modules/common/chromium.nix | 27 -------- modules/common/default.nix | 1 - modules/common/emacs/doom/config.el | 8 +-- modules/common/emacs/doom/init.el | 2 +- modules/common/emacs/doom/packages.el | 8 ++- modules/common/mpv.nix | 2 +- modules/common/profiles/headful.nix | 1 + modules/nixos/chromium.nix | 27 ++++++++ modules/nixos/common/locale.nix | 12 +++- modules/nixos/common/systemd.nix | 2 + modules/nixos/default.nix | 1 + modules/nixos/matrix/dendrite.nix | 20 ++++++ modules/nixos/monitoring/default.nix | 18 +++--- modules/nixos/profiles/headful.nix | 7 +- modules/nixos/promtail.nix | 41 ++++++------ modules/nixos/syncthing.nix | 117 +++++++++++++++++----------------- modules/nixos/unbound.nix | 17 ++++- nixosConfigurations/eonwe/default.nix | 16 +++-- nixosConfigurations/varda/default.nix | 8 +++ 21 files changed, 266 insertions(+), 179 deletions(-) delete mode 100644 modules/common/chromium.nix create mode 100644 modules/nixos/chromium.nix diff --git a/flake.lock b/flake.lock index 176bdc8..9758c4b 100644 --- a/flake.lock +++ b/flake.lock @@ -5,16 +5,17 @@ "darwin": [ "darwin" ], + "home-manager": "home-manager", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1682101079, - "narHash": "sha256-MdAhtjrLKnk2uiqun1FWABbKpLH090oeqCSiWemtuck=", + "lastModified": 1684153753, + "narHash": "sha256-PVbWt3qrjYAK+T5KplFcO+h7aZWfEj1UtyoKlvcDxh0=", "owner": "ryantm", "repo": "agenix", - "rev": "2994d002dcff5353ca1ac48ec584c7f6589fe447", + "rev": "db5637d10f797bb251b94ef9040b237f4702cde3", "type": "github" }, "original": { @@ -67,11 +68,11 @@ ] }, "locked": { - "lastModified": 1682873512, - "narHash": "sha256-/klMuyTFQLI3HgAPhh0il8RtXUvnLqylwFvlvCcd5Q8=", + "lastModified": 1683614365, + "narHash": "sha256-55hW0UQjQRJ6+xtMDpNI5mjxp/5QHNZuY1iqExqYdiM=", "owner": "dwarfmaster", "repo": "arkenfox-nixos", - "rev": "75b869828b85755f940ee71b5ecbd824e8f20185", + "rev": "8b5d2c251cdd6c2fbcb86d0501a957cc94a14f10", "type": "github" }, "original": { @@ -121,11 +122,11 @@ ] }, "locked": { - "lastModified": 1682773107, - "narHash": "sha256-+h94XeJnG3uk5imJlBi/1lVmcfCbxHpwZp5u7n3Krwg=", + "lastModified": 1684343812, + "narHash": "sha256-ZTEjiC8PDKeP8JRchuwcFXUNlMcyQ4U+DpyVZ3pB6Q4=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "379d42fad6bc5c28f79d5f7ff2fa5f1c90cb7bf8", + "rev": "dfbdabbb3e797334172094d4f6c0ffca8c791281", "type": "github" }, "original": { @@ -234,17 +235,38 @@ } }, "home-manager": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1682203081, + "narHash": "sha256-kRL4ejWDhi0zph/FpebFYhzqlOBrk0Pl3dzGEKSAlEw=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "32d3e39c491e2f91152c84f8ad8b003420eab0a1", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_2": { "inputs": { "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1683221986, - "narHash": "sha256-n688GK4wO2pZpI4gHOxj/PF85bzUMPEJ8B3Wd3cHSjk=", + "lastModified": 1684596126, + "narHash": "sha256-4RZZmygeEXpuBqEXGs38ZAcWjWKGwu13Iqbxub6wuJk=", "owner": "nix-community", "repo": "home-manager", - "rev": "f3824311a16cbe70dbaeedc17a97dfcd11901c3f", + "rev": "27ef11f0218d9018ebb2948d40133df2b1de622d", "type": "github" }, "original": { @@ -256,11 +278,11 @@ }, "impermanence": { "locked": { - "lastModified": 1682268411, - "narHash": "sha256-ICDKQ7tournRVtfM8C2II0qHiOZOH1b3dXVOCsgr11o=", + "lastModified": 1684264534, + "narHash": "sha256-K0zr+ry3FwIo3rN2U/VWAkCJSgBslBisvfRIPwMbuCQ=", "owner": "nix-community", "repo": "impermanence", - "rev": "df1692e2d9f1efc4300b1ea9201831730e0b817d", + "rev": "89253fb1518063556edd5e54509c30ac3089d5e6", "type": "github" }, "original": { @@ -296,11 +318,11 @@ ] }, "locked": { - "lastModified": 1683163598, - "narHash": "sha256-1mbFzocbp6qTMTZtgylIUKKBxQAvRfZN18l4zft5KSg=", + "lastModified": 1684287466, + "narHash": "sha256-Qo+tBZLEZZkQYZsbhOUswH5DsB23nDk/LCkzO5n3yoo=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "400056c5694a7ce5b7a97e446b64dee44c48d01c", + "rev": "5f4e13776ee0899b0aee4b253a8b733d899746a2", "type": "github" }, "original": { @@ -312,11 +334,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1683009613, - "narHash": "sha256-jJh8JaoHOLlk7iFLgZk1PlxCCNA2KTKfOLMLCa9mduA=", + "lastModified": 1684169666, + "narHash": "sha256-N5jrykeSxLVgvm3Dd3hZ38/XwM/jU+dltqlXgrGlYxk=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "7dc46304675f4ff2d6be921ef60883efd31363c4", + "rev": "71ce85372a614d418d5e303dd5702a79d1545c04", "type": "github" }, "original": { @@ -328,11 +350,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1683205728, - "narHash": "sha256-WF63FGzW3F3MHsUYkqbPyXrJgNR+gNOMAZDNoP5LYWE=", + "lastModified": 1684585791, + "narHash": "sha256-lYPboblKrchmbkGMoAcAivomiOscZCjtGxxTSCY51SM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f73acb5733244d0740c8181af30a58912427f5c6", + "rev": "eea79d584eff53bf7a76aeb63f8845da6d386129", "type": "github" }, "original": { @@ -344,11 +366,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1683236789, - "narHash": "sha256-BvCGBja7mzUqhbueGsGOyBlKPsnaVoA+HHmLkE6/QKs=", + "lastModified": 1684612454, + "narHash": "sha256-15vluZKXxC76FqAryST1QrUVE7Xlwkrs7lrPTQGYIz0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bbccd7d90372f5042b404ea74ead61d7df124384", + "rev": "8bf3e834daedadc6d0f4172616b2bdede1109c48", "type": "github" }, "original": { @@ -360,11 +382,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1683207485, - "narHash": "sha256-gs+PHt/y/XQB7S8+YyBLAM8LjgYpPZUVFQBwpFSmJro=", + "lastModified": 1684611397, + "narHash": "sha256-A65pyWfriRMqsjHlc9F19RKkMgY/EJqr7cBTcgxUo6Y=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "cc45a3f8c98e1c33ca996e3504adefbf660a72d1", + "rev": "e31e2ce559a628995f6f564a80a2074b7f5dcd25", "type": "github" }, "original": { @@ -394,11 +416,11 @@ "nmap-vulscan": { "flake": false, "locked": { - "lastModified": 1667425422, - "narHash": "sha256-NqRDzajxQilkvqfgRCjtplpSu4Q0fun0W3+IaK1aYWc=", + "lastModified": 1683781674, + "narHash": "sha256-X9z1TPFHaDEnjhn3MAgVsYx0SqXpK1U0mkmKN7aGXKk=", "owner": "scipag", "repo": "vulscan", - "rev": "a89e5b1372dfb2c07b37907537ac10a576532adf", + "rev": "7d62b8a4b111ffe258e45d9d994329996efe0a81", "type": "github" }, "original": { @@ -410,11 +432,11 @@ }, "nur": { "locked": { - "lastModified": 1683236736, - "narHash": "sha256-ruEH8oO2WLlZI8CSrKPmMbIFNO4/oEGeBwyTyszhw5Y=", + "lastModified": 1684612984, + "narHash": "sha256-XqWVrtHiY7r/NJMDS02i1kj3Q7BOU7BnfQfEd6v3ZIE=", "owner": "nix-community", "repo": "NUR", - "rev": "ee7b5b05842c7db8688a3a21f7c10e2eb8762882", + "rev": "3c932dd06b0a537b890e1fd3e31deceb1ac3dea3", "type": "github" }, "original": { @@ -466,11 +488,11 @@ ] }, "locked": { - "lastModified": 1682596858, - "narHash": "sha256-Hf9XVpqaGqe/4oDGr30W8HlsWvJXtMsEPHDqHZA6dDg=", + "lastModified": 1684195081, + "narHash": "sha256-IKnQUSBhQTChFERxW2AzuauVpY1HRgeVzAjNMAA4B6I=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "fb58866e20af98779017134319b5663b8215d912", + "rev": "96eabec58248ed8f4b0ad59e7ce9398018684fdc", "type": "github" }, "original": { @@ -491,7 +513,7 @@ "flake-compat": "flake-compat", "flake-registry": "flake-registry", "flake-utils": "flake-utils", - "home-manager": "home-manager", + "home-manager": "home-manager_2", "impermanence": "impermanence", "nix-minecraft": "nix-minecraft", "nixos-hardware": "nixos-hardware", @@ -524,11 +546,11 @@ ] }, "locked": { - "lastModified": 1671738303, - "narHash": "sha256-PRgqtaWf2kMSYqVmcnmhTh+UsC0RmvXRTr+EOw5VZUA=", + "lastModified": 1684048308, + "narHash": "sha256-JcQe0Zmov/32L+GQ+O+H8Qoll+jjvkcrd8/TNtE6TBY=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "6d0d9fb966cc565a3df74d3b686f924c7615118c", + "rev": "c04e4f22da48319d15593a2c942431744c12f27c", "type": "gitlab" }, "original": { diff --git a/lib/default.nix b/lib/default.nix index 9e9cc1a..de013c2 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -14,8 +14,6 @@ lib: _: rec { assert exponent > 0; builtins.foldl' (x: _: x * base) 1 (builtins.genList _ exponent); - comcat = builtins.concatStringsSep ","; - mapListToAttrs = f: xs: builtins.listToAttrs (map (name: { name = diff --git a/modules/common/chromium.nix b/modules/common/chromium.nix deleted file mode 100644 index 4f0ae12..0000000 --- a/modules/common/chromium.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; let - cfg = config.nixfiles.modules.chromium; -in { - options.nixfiles.modules.chromium.enable = mkEnableOption "Chromium"; - - config = mkIf cfg.enable { - hm = { - home.packages = with pkgs; [profile-cleaner]; - - programs.chromium = { - enable = true; - - package = pkgs.chromium; - - extensions = [ - {id = "cjpalhdlnbpafiamejdnhcphjbkeiagm";} # uBlock Origin - ]; - }; - }; - }; -} diff --git a/modules/common/default.nix b/modules/common/default.nix index b722cae..a159a87 100644 --- a/modules/common/default.nix +++ b/modules/common/default.nix @@ -3,7 +3,6 @@ _: { ./alacritty.nix ./aria2.nix ./bat.nix - ./chromium.nix ./common ./curl.nix ./direnv.nix diff --git a/modules/common/emacs/doom/config.el b/modules/common/emacs/doom/config.el index 589b993..d726406 100644 --- a/modules/common/emacs/doom/config.el +++ b/modules/common/emacs/doom/config.el @@ -122,10 +122,10 @@ (setq-hook! 'mu4e-main-mode-hook mu4e-update-interval 60) (setq-hook! 'mu4e-compose-mode-hook sendmail-program (executable-find "msmtp") - send-mail-function #'sendmail-send-it - message-send-mail-function #'message-send-mail-with-sendmail - message-sendmail-extra-arguments '("--read-envelope-from") - message-sendmail-f-is-evil t) + send-mail-function #'sendmail-send-it + message-send-mail-function #'message-send-mail-with-sendmail + message-sendmail-extra-arguments '("--read-envelope-from") + message-sendmail-f-is-evil t) ;; ;;; Circe diff --git a/modules/common/emacs/doom/init.el b/modules/common/emacs/doom/init.el index 764c25e..b0a7f4a 100644 --- a/modules/common/emacs/doom/init.el +++ b/modules/common/emacs/doom/init.el @@ -90,7 +90,7 @@ (kotlin +lsp +tree-sitter) (latex +lsp +tree-sittter) (markdown +lsp +tree-sitter) - (nix +lsp) + (nix +lsp +tree-sitter) (org +pandoc +roam2) plantuml (python +lsp +tree-sitter) diff --git a/modules/common/emacs/doom/packages.el b/modules/common/emacs/doom/packages.el index 5df21b6..a8e52eb 100644 --- a/modules/common/emacs/doom/packages.el +++ b/modules/common/emacs/doom/packages.el @@ -1,6 +1,5 @@ (disable-packages! writegood-mode) -(unpin! org-roam) (package! org-roam :recipe (:host github :repo "org-roam/org-roam" @@ -10,7 +9,12 @@ :repo "org-roam/org-roam-ui" :branch "main")) -;; (package! hledger-mode) +(package! tree-sitter + :recipe (:host github + :repo "azahi/elisp-tree-sitter" + :branch "master")) + +(package! hledger-mode) (package! kubernetes) (package! kubernetes-evil) diff --git a/modules/common/mpv.nix b/modules/common/mpv.nix index afab1dd..0421d62 100644 --- a/modules/common/mpv.nix +++ b/modules/common/mpv.nix @@ -46,7 +46,7 @@ in { }; config = let - lang = comcat [ + lang = concatStringsSep "," [ "Japanese" "japanese" "jp" diff --git a/modules/common/profiles/headful.nix b/modules/common/profiles/headful.nix index e5490b5..f51ecc8 100644 --- a/modules/common/profiles/headful.nix +++ b/modules/common/profiles/headful.nix @@ -36,6 +36,7 @@ in { ripgrep ripgrep-all sd + tldr ]; }; }; diff --git a/modules/nixos/chromium.nix b/modules/nixos/chromium.nix new file mode 100644 index 0000000..4f0ae12 --- /dev/null +++ b/modules/nixos/chromium.nix @@ -0,0 +1,27 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.nixfiles.modules.chromium; +in { + options.nixfiles.modules.chromium.enable = mkEnableOption "Chromium"; + + config = mkIf cfg.enable { + hm = { + home.packages = with pkgs; [profile-cleaner]; + + programs.chromium = { + enable = true; + + package = pkgs.chromium; + + extensions = [ + {id = "cjpalhdlnbpafiamejdnhcphjbkeiagm";} # uBlock Origin + ]; + }; + }; + }; +} diff --git a/modules/nixos/common/locale.nix b/modules/nixos/common/locale.nix index 62d19f4..7529996 100644 --- a/modules/nixos/common/locale.nix +++ b/modules/nixos/common/locale.nix @@ -12,9 +12,15 @@ with lib; { }; services.xserver = { - layout = comcat ["us" "ru"]; - xkbVariant = comcat ["" "phonetic"]; - xkbOptions = comcat [ + layout = concatStringsSep "," [ + "us" + "ru" + ]; + xkbVariant = concatStringsSep "," [ + "" + "phonetic" + ]; + xkbOptions = concatStringsSep "," [ "terminate:ctrl_alt_bksp" "caps:escape" "compose:menu" diff --git a/modules/nixos/common/systemd.nix b/modules/nixos/common/systemd.nix index 29020a0..4e9eb26 100644 --- a/modules/nixos/common/systemd.nix +++ b/modules/nixos/common/systemd.nix @@ -4,6 +4,8 @@ directories = ["/var/lib/systemd/coredump"]; }; + my.extraGroups = ["systemd-journal"]; + hm.systemd.user.startServices = "sd-switch"; services.journald.extraConfig = '' diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index 3c6e61b..f8347cf 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -5,6 +5,7 @@ _: { ./android.nix ./beets.nix ./bluetooth.nix + ./chromium.nix ./common ./discord.nix ./docker.nix diff --git a/modules/nixos/matrix/dendrite.nix b/modules/nixos/matrix/dendrite.nix index d9c4914..d7c7b18 100644 --- a/modules/nixos/matrix/dendrite.nix +++ b/modules/nixos/matrix/dendrite.nix @@ -67,6 +67,7 @@ in { }; }; }; + postgresql = { enable = true; extraPostStart = [ @@ -75,6 +76,25 @@ in { '' ]; }; + + # Silence annoying errors when connecting to poorly configured federated + # homeservers. + promtail.filters = [ + { + match = { + selector = ''{syslog_identifier="dendrite"} |~ ".*Failed to fetch key for server.*"''; + action = "drop"; + drop_counter_reason = "noisy_error"; + }; + } + { + match = { + selector = ''{syslog_identifier="dendrite"} |~ ".*could not download key for.*"''; + action = "drop"; + drop_counter_reason = "noisy_error"; + }; + } + ]; }; services.postgresql = { diff --git a/modules/nixos/monitoring/default.nix b/modules/nixos/monitoring/default.nix index 37e34d9..7f62874 100644 --- a/modules/nixos/monitoring/default.nix +++ b/modules/nixos/monitoring/default.nix @@ -122,8 +122,6 @@ in { loki.configuration.ruler.alertmanager_url = "https://${config.nixfiles.modules.alertmanager.domain}"; prometheus = { - # It would be nice if these could be generated dynamically. That would - # require a complete rework of how configurations are defined, though. scrapeConfigs = with my.configurations; mapAttrsToList ( @@ -144,13 +142,15 @@ in { hosts; } ]; - relabel_configs = [ - { - source_labels = ["__address__"]; - regex = "([^:]+):\\d+"; - target_label = "instance"; - } - ]; + relabel_configs = + [ + { + source_labels = ["__address__"]; + regex = "([^:]+):\\d+"; + target_label = "instance"; + } + ] + ++ optionals (hasAttr "relabel" value) value.relabel; } ) { diff --git a/modules/nixos/profiles/headful.nix b/modules/nixos/profiles/headful.nix index 3bdf8fd..9e2b7a3 100644 --- a/modules/nixos/profiles/headful.nix +++ b/modules/nixos/profiles/headful.nix @@ -109,6 +109,11 @@ in { environment.systemPackages = with pkgs; [lm_sensors]; - my.extraGroups = ["audio" "video" "input"]; + my.extraGroups = [ + "audio" + "input" + "render" + "video" + ]; }; } diff --git a/modules/nixos/promtail.nix b/modules/nixos/promtail.nix index d52384a..157eb72 100644 --- a/modules/nixos/promtail.nix +++ b/modules/nixos/promtail.nix @@ -21,6 +21,12 @@ in { type = with types; str; default = "https://${config.nixfiles.modules.loki.domain}"; }; + + filters = mkOption { + description = ''Filters to use with "scrape_config.pipeline_stages".''; + type = with types; listOf attrs; + default = []; + }; }; config = mkIf cfg.enable { @@ -56,7 +62,7 @@ in { scrape_configs = [ { job_name = "journal"; - journal.max_age = "12h"; + journal.max_age = "24h"; relabel_configs = map (n: let label = toLower n; @@ -74,12 +80,12 @@ in { "MESSAGE" # "MESSAGE_ID" - # "PRIORITY" + "PRIORITY" # "CODE_FILE" # "CODE_LINE" # "CODE_FUNC" # "ERRNO" - # "SYSLOG_FACILITY" + "SYSLOG_FACILITY" "SYSLOG_IDENTIFIER" # "SYSLOG_PID" # "_PID" @@ -93,8 +99,8 @@ in { # "_AUDIT_LOGINUID" # "_SYSTEMD_CGROUP" # "_SYSTEMD_SESSION" - "_SYSTEMD_UNIT" - "_SYSTEMD_USER_UNIT" + # "_SYSTEMD_UNIT" + # "_SYSTEMD_USER_UNIT" # "_SYSTEMD_OWNER_UID" # "_SYSTEMD_SLICE" # "_SELINUX_CONTEXT" @@ -106,23 +112,16 @@ in { # "__CURSOR" # "__REALTIME_TIMESTAMP" # "__MONOTONIC_TIMESTAMP" + ] + ++ [ + { + # This is weird. I can't find where is this defined in the + # source code but apparently it exists. + source_labels = ["__journal_priority_keyword"]; + target_label = "level"; + } ]; - pipeline_stages = [ - { - match = { - selector = ''{systemd_unit="dendrite.service"} |~ ".*Failed to fetch key for server.*"''; - action = "drop"; - drop_counter_reason = "noisy_error"; - }; - } - { - match = { - selector = ''{systemd_unit="dendrite.service"} |~ ".*could not download key for.*"''; - action = "drop"; - drop_counter_reason = "noisy_error"; - }; - } - ]; + pipeline_stages = cfg.filters; } ]; }; diff --git a/modules/nixos/syncthing.nix b/modules/nixos/syncthing.nix index b0d98bc..faf6723 100644 --- a/modules/nixos/syncthing.nix +++ b/modules/nixos/syncthing.nix @@ -48,74 +48,77 @@ in { key = config.secrets."syncthing-key-${this.hostname}".path; overrideDevices = true; - devices = mapAttrs (name: attr: - mkIf (attr.syncthing.id != null && hasAttr "wireguard" attr) { - inherit (attr.syncthing) id; - addresses = ["tcp://${name}.${config.networking.domain}:22000"]; - introducer = this.isHeadless; - }) - my.configurations; - overrideFolders = true; - folders = let - filterDevices = f: - attrNames (filterAttrs (_: attr: - (attr.hostname != this.hostname) - && (attr.syncthing.id != null) - && f attr) - my.configurations); - all = filterDevices (_: true); - notHeadless = filterDevices (attr: !attr.isHeadless); - notOther = filterDevices (attr: !attr.isOther); - simple = { - type = "simple"; - params.keep = "5"; - }; - trashcan = { - type = "trashcan"; - params.cleanoutDays = "7"; - }; - in - with config.hm.xdg.userDirs; { - share = { - path = publicShare; - devices = notHeadless; - versioning = trashcan; - }; - pass = { - path = config.hm.programs.password-store.settings.PASSWORD_STORE_DIR; - devices = notOther; - versioning = trashcan; - }; - org = { - path = "${documents}/org"; - devices = all; - versioning = simple; - }; - roam = { - path = "${documents}/roam"; - devices = notOther; - versioning = simple; + settings = { + devices = mapAttrs (name: attr: + mkIf (attr.syncthing.id != null && hasAttr "wireguard" attr) { + inherit (attr.syncthing) id; + addresses = ["tcp://${name}.${config.networking.domain}:22000"]; + introducer = this.isHeadless; + }) + my.configurations; + + folders = let + filterDevices = f: + attrNames (filterAttrs (_: attr: + (attr.hostname != this.hostname) + && (attr.syncthing.id != null) + && f attr) + my.configurations); + all = filterDevices (_: true); + notHeadless = filterDevices (attr: !attr.isHeadless); + notOther = filterDevices (attr: !attr.isOther); + + simple = { + type = "simple"; + params.keep = "5"; }; - elfeed = { - path = "${config.my.home}/.elfeed"; - devices = notOther; - versioning = trashcan; + trashcan = { + type = "trashcan"; + params.cleanoutDays = "7"; }; - books = { - path = "${documents}/books"; - devices = notOther; - versioning = trashcan; + in + with config.hm.xdg.userDirs; { + share = { + path = publicShare; + devices = notHeadless; + versioning = trashcan; + }; + pass = { + path = config.hm.programs.password-store.settings.PASSWORD_STORE_DIR; + devices = notOther; + versioning = trashcan; + }; + org = { + path = "${documents}/org"; + devices = all; + versioning = simple; + }; + roam = { + path = "${documents}/roam"; + devices = notOther; + versioning = simple; + }; + elfeed = { + path = "${config.my.home}/.elfeed"; + devices = notOther; + versioning = trashcan; + }; + books = { + path = "${documents}/books"; + devices = notOther; + versioning = trashcan; + }; }; - }; - extraOptions = { gui = { insecureAdminAccess = true; insecureSkipHostcheck = this.isHeadless; }; + options = { + testOption = false; autoUpgradeIntervalH = 0; crashReportingEnabled = false; globalAnnounceEnabled = false; diff --git a/modules/nixos/unbound.nix b/modules/nixos/unbound.nix index 7805b02..c9d45f2 100644 --- a/modules/nixos/unbound.nix +++ b/modules/nixos/unbound.nix @@ -24,7 +24,22 @@ in { mkIf cfg.enable { ark.directories = [config.services.unbound.stateDir]; - nixfiles.modules.redis.enable = true; + nixfiles.modules = { + redis.enable = true; + + promtail.filters = [ + { + match = { + # Should be fixed[1] in the next release. + # + # [1]: https://github.com/NLnetLabs/unbound/commit/d7e776114114c16816570e48ab3a27eedc401a0e + selector = ''{syslog_identifier="unbound"} |~ ".*could not SSL_read crypto.*"''; + action = "drop"; + drop_counter_reason = "noisy_error"; + }; + } + ]; + }; services = { unbound = { diff --git a/nixosConfigurations/eonwe/default.nix b/nixosConfigurations/eonwe/default.nix index 5de3315..1545925 100644 --- a/nixosConfigurations/eonwe/default.nix +++ b/nixosConfigurations/eonwe/default.nix @@ -16,7 +16,7 @@ with lib; { games = { lutris.enable = true; - # minecraft.client.enable = true; # FIXME Build fails. + minecraft.client.enable = true; steam.enable = true; steam-run.quirks.crusaderKings3 = true; }; @@ -81,10 +81,14 @@ with lib; { cores = 32; }; + # Required[1] for using ZFS kernel modules with "unsupported" kernels. + # + # [1]: https://github.com/NixOS/nixpkgs/pull/121113#issuecomment-830003344 + # [1]: https://github.com/NixOS/nixpkgs/pull/230498#issuecomment-1551328615 + nixpkgs.config.allowBroken = true; + boot = { - # TODO Override Xanmod kernel to support ZFS. This probably will require - # some patching. - kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; + kernelPackages = pkgs.linuxPackages_xanmod; kernelParams = [ # Silence benign MCE errors: @@ -94,8 +98,8 @@ with lib; { # mce: [Hardware Error]: PROCESSOR 2:a60f12 TIME 1669988017 SOCKET 0 APIC 2 microcode a601201 # ``` "mce=nobootlog" - # This disables[1] User Mode Instruction Protection (UMIP)[2]. Required - # for some games to run via Wine. + # This disables[1] User Mode Instruction Protection (UMIP)[2]. This is + # required for some games to run via Wine. # # [1]: https://docs.kernel.org/x86/cpuinfo.html # [2]: https://en.wikichip.org/wiki/x86/umip diff --git a/nixosConfigurations/varda/default.nix b/nixosConfigurations/varda/default.nix index 2ff8993..230521e 100644 --- a/nixosConfigurations/varda/default.nix +++ b/nixosConfigurations/varda/default.nix @@ -22,6 +22,14 @@ with lib; { "virtio_pci" "virtio_scsi" ]; + + # https://github.com/NixOS/nixpkgs/issues/89025 + # https://forum.netcup.de/administration-of-a-server-vserver/vserver-server-kvm-server/p67571-icmpv6-ra-ndisc-router-discovery-failed-to-add-default-route/#post67571 + # https://superuser.com/questions/33196/how-to-disable-autoconfiguration-on-ipv6-in-linux + kernel.sysctl = { + "net.ipv6.conf.all.autoconf" = 0; + "net.ipv6.conf.all.accept_ra" = 0; + }; }; fileSystems = { -- cgit 1.4.1