From 0ef23d4501592a192ba020a2ac34abb1a3d8fc5e Mon Sep 17 00:00:00 2001 From: Azat Bahawi Date: Sat, 11 Mar 2023 12:51:58 +0300 Subject: 2023-03-11 --- modules/common/beets.nix | 73 ------------------------------ modules/common/common/nix/default.nix | 1 - modules/common/default.nix | 1 - modules/common/emacs/default.nix | 5 ++- modules/common/git.nix | 2 + modules/common/openconnect.nix | 83 ----------------------------------- modules/nixos/beets.nix | 73 ++++++++++++++++++++++++++++++ modules/nixos/default.nix | 3 ++ modules/nixos/k3s.nix | 29 ++++++++++++ modules/nixos/murmur.nix | 28 ++++++++++++ modules/nixos/profiles/headful.nix | 22 +++++----- 11 files changed, 149 insertions(+), 171 deletions(-) delete mode 100644 modules/common/beets.nix delete mode 100644 modules/common/openconnect.nix create mode 100644 modules/nixos/beets.nix create mode 100644 modules/nixos/k3s.nix create mode 100644 modules/nixos/murmur.nix (limited to 'modules') diff --git a/modules/common/beets.nix b/modules/common/beets.nix deleted file mode 100644 index 83cbff1..0000000 --- a/modules/common/beets.nix +++ /dev/null @@ -1,73 +0,0 @@ -{ - config, - lib, - ... -}: -with lib; let - cfg = config.nixfiles.modules.beets; -in { - options.nixfiles.modules.beets.enable = - mkEnableOption "beets"; - - config = mkIf cfg.enable { - hm = let - beetsdir = "${config.dirs.data}/beets"; - in { - home.sessionVariables.BEETSDIR = beetsdir; - - programs = { - beets = { - enable = true; - - settings = { - library = "${beetsdir}/library.db"; - directory = config.userDirs.music; - plugins = "badfiles edit fetchart info mbsync scrub"; - original_date = true; - import = { - write = true; - copy = true; - move = false; - bell = true; - from_scratch = true; - }; - match = { - preferred = { - countries = [ - "JP" - "KR" - "TW" - "HK" - "CN" - "RU" - "NL" - "DE" - "AT" - "GB|UK" - "CA" - "AU" - "NZ" - "US" - ]; - original_year = true; - }; - }; - edit = { - albumfields = "album artist albumartist"; - itemfields = "track title album artist albumartist day month year genre"; - }; - fetchart = { - auto = true; - cautious = true; - cover_names = "cover Cover folder Folder art Art album Album front Front"; - sources = "filesystem coverart itunes amazon albumart wikipedia"; - }; - scrub.auto = true; - }; - }; - - bash.shellAliases.beet = "${config.hm.programs.beets.package}/bin/beet --config ${config.dirs.config}/beets/config.yaml"; - }; - }; - }; -} diff --git a/modules/common/common/nix/default.nix b/modules/common/common/nix/default.nix index 378cd36..9f80838 100644 --- a/modules/common/common/nix/default.nix +++ b/modules/common/common/nix/default.nix @@ -130,7 +130,6 @@ with lib; { tor-browser = tor-browser-bundle-bin; })) agenix.overlays.default - emacs-overlay.overlay nur.overlay ]; diff --git a/modules/common/default.nix b/modules/common/default.nix index e6040cd..b722cae 100644 --- a/modules/common/default.nix +++ b/modules/common/default.nix @@ -3,7 +3,6 @@ _: { ./alacritty.nix ./aria2.nix ./bat.nix - ./beets.nix ./chromium.nix ./common ./curl.nix diff --git a/modules/common/emacs/default.nix b/modules/common/emacs/default.nix index 268d77d..2dbe53f 100644 --- a/modules/common/emacs/default.nix +++ b/modules/common/emacs/default.nix @@ -46,6 +46,7 @@ in { asmfmt # :editor format bash-language-server # :lang (sh +lsp) clang-tools # :lang (cc +lsp) :editor format + cmake # :term vterm cmake-format # :lang cc :editor format cmigemo # :lang japanese css-language-server # :lang (web +lsp) @@ -53,6 +54,7 @@ in { dockerfile-language-server # :tools (docker +lsp) editorconfig # :tools editorconfig fd # doom! + gcc # :tools magit :term vterm gnuplot # :lang (org +gnuplot) gnutls # doom! go-language-server # :lang (go +lsp) @@ -65,6 +67,7 @@ in { html-tidy # :lang web jre # :lang plantuml json-language-server # :lang (json +lsp) + libtool # :term vterm nix-language-server # :lang (nix +lsp) nixfmt # :lang nix :editor format nodePackages.eslint # :lang (json +lsp) @@ -73,6 +76,7 @@ in { nodePackages.stylelint # :lang web nodejs # :tools debugger pandoc # :lang org markdown latex + perl # term vterm pinentry-emacs # doom! pre-commit # :tools magit ripgrep # doom! @@ -175,7 +179,6 @@ in { programs.emacs = { enable = true; package = pkgs.emacs28; # Pin to avoid surprises. - extraPackages = p: with p; [vterm]; }; }; }; diff --git a/modules/common/git.nix b/modules/common/git.nix index c3ebafc..ce4e505 100644 --- a/modules/common/git.nix +++ b/modules/common/git.nix @@ -68,6 +68,8 @@ in { }; init.defaultBranch = "master"; status.submoduleSummary = true; + github.user = my.username; + gitlab.user = my.username; } // mapAttrs' (n: v: nameValuePair ''url "git@${v}:"'' {insteadOf = "${n}:";}) { diff --git a/modules/common/openconnect.nix b/modules/common/openconnect.nix deleted file mode 100644 index 936c9d1..0000000 --- a/modules/common/openconnect.nix +++ /dev/null @@ -1,83 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; let - cfg = config.nixfiles.modules.openconnect; -in { - options.nixfiles.modules.openconnect.enable = - mkEnableOption "OpenConnect VPN"; - - config = mkIf cfg.enable { - assertions = [ - { - assertion = config.networking.networkmanager.enable; - message = "NetworkManager is required"; - } - ]; - - # Spent three days trying to make this work but still getting "No SSO - # handler" even on the HEAD version that 100% has SSO support baked in. - # It's all so tiresome[1]... aaand KDE is not supported[2]. - # - # I fucking hate AnyConnect, truly an example of how shit is is non-free - # software. SAML also sucks balls. I also hate my company for using this - # shit, guess I have no other choice but to use the absolute dogshit laptop - # they gave me. - # - # [1]: https://gitlab.gnome.org/GNOME/NetworkManager-openconnect - # [1]: https://gitlab.com/openconnect/openconnect/-/issues/424 - # [2]: https://groups.google.com/g/linux.debian.bugs.dist/c/lK8u-LMY7n4 - # [2]: https://bugs.kde.org/show_bug.cgi?id=448153 - - networking.networkmanager.plugins = with pkgs; [ - ((networkmanager-openconnect.override { - withGnome = false; - openconnect = openconnect.overrideAttrs (_: _: { - version = "unstable-2022-10-23"; - src = fetchFromGitLab { - owner = "openconnect"; - repo = "openconnect"; - rev = "acdfc753f7885b2a539f99036ac41ba1b78cc7ae"; - hash = "sha256-ub+Z4WFD77h5YMQTb+TLc7EyY2KjBWglF1QVTirCHJM="; - }; - }); - }) - .overrideAttrs (_: super: { - version = "unstable-2022-09-10"; - src = fetchFromGitLab { - domain = "gitlab.gnome.org"; - owner = "GNOME"; - repo = "NetworkManager-openconnect"; - rev = "3c1590786518e9acca33c250660ad21cae565acd"; - hash = "sha256-YTUN46QHsHkXPAhImPG/MMLMqjlSRknapVO8u43nnWk="; - }; - buildInputs = - super.buildInputs - ++ [ - (webkitgtk_4_1.override { - inherit (gnome) libsoup; - }) - ]; - nativeBuildInputs = - super.nativeBuildInputs - ++ [ - autoreconfHook - ]; - postPatch = '' - substituteInPlace configure.ac \ - --replace "PKG_CHECK_MODULES(LIBSECRET, libsecret-1 >= 0.18)" "" - ''; - preAutoreconf = '' - autoupdate - ''; - preConfigure = '' - NOCONFIGURE=x ./autogen.sh - touch gtk4/nm-openconnect-dialog.ui - ''; - })) - ]; - }; -} diff --git a/modules/nixos/beets.nix b/modules/nixos/beets.nix new file mode 100644 index 0000000..83cbff1 --- /dev/null +++ b/modules/nixos/beets.nix @@ -0,0 +1,73 @@ +{ + config, + lib, + ... +}: +with lib; let + cfg = config.nixfiles.modules.beets; +in { + options.nixfiles.modules.beets.enable = + mkEnableOption "beets"; + + config = mkIf cfg.enable { + hm = let + beetsdir = "${config.dirs.data}/beets"; + in { + home.sessionVariables.BEETSDIR = beetsdir; + + programs = { + beets = { + enable = true; + + settings = { + library = "${beetsdir}/library.db"; + directory = config.userDirs.music; + plugins = "badfiles edit fetchart info mbsync scrub"; + original_date = true; + import = { + write = true; + copy = true; + move = false; + bell = true; + from_scratch = true; + }; + match = { + preferred = { + countries = [ + "JP" + "KR" + "TW" + "HK" + "CN" + "RU" + "NL" + "DE" + "AT" + "GB|UK" + "CA" + "AU" + "NZ" + "US" + ]; + original_year = true; + }; + }; + edit = { + albumfields = "album artist albumartist"; + itemfields = "track title album artist albumartist day month year genre"; + }; + fetchart = { + auto = true; + cautious = true; + cover_names = "cover Cover folder Folder art Art album Album front Front"; + sources = "filesystem coverart itunes amazon albumart wikipedia"; + }; + scrub.auto = true; + }; + }; + + bash.shellAliases.beet = "${config.hm.programs.beets.package}/bin/beet --config ${config.dirs.config}/beets/config.yaml"; + }; + }; + }; +} diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index 850d93e..8ac9a29 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -3,6 +3,7 @@ _: { ./acme.nix ./alertmanager.nix ./android.nix + ./beets.nix ./bluetooth.nix ./common ./discord.nix @@ -21,6 +22,7 @@ _: { ./grafana.nix ./hydra.nix ./ipfs.nix + ./k3s.nix ./kde.nix ./libvirtd.nix ./lidarr.nix @@ -29,6 +31,7 @@ _: { ./matrix ./monitoring ./mpd.nix + ./murmur.nix ./nextcloud.nix ./nginx.nix ./node-exporter.nix diff --git a/modules/nixos/k3s.nix b/modules/nixos/k3s.nix new file mode 100644 index 0000000..dcbd052 --- /dev/null +++ b/modules/nixos/k3s.nix @@ -0,0 +1,29 @@ +{ + config, + lib, + ... +}: +with lib; let + cfg = config.nixfiles.modules.k3s; +in { + options.nixfiles.modules.k3s = { + enable = mkEnableOption "K3s"; + }; + + config = mkIf cfg.enable { + ark.directories = [ + "/etc/rancher/k3s" + "/var/lib/rancher/k3s" + ]; + + services.k3s = { + enable = true; + role = "server"; + }; + + systemd.services.k3s.environment = { + K3S_KUBECONFIG_OUTPUT = "/etc/rancher/k3s/k3s.yaml"; + K3S_KUBECONFIG_MODE = "600"; + }; + }; +} diff --git a/modules/nixos/murmur.nix b/modules/nixos/murmur.nix new file mode 100644 index 0000000..cbd90d4 --- /dev/null +++ b/modules/nixos/murmur.nix @@ -0,0 +1,28 @@ +{ + config, + inputs, + lib, + ... +}: +with lib; let + cfg = config.nixfiles.modules.murmur; +in { + options.nixfiles.modules.murmur.enable = mkEnableOption "Murmur"; + + config = mkIf cfg.enable { + secrets.murmur-environment = { + file = "${inputs.self}/secrets/murmur-environment"; + owner = "murmur"; + group = "murmur"; + }; + + services.murmur = { + enable = true; + openFirewall = true; + logDays = -1; + registerName = mkDefault my.domain.shire; + password = "$MURMUR_PASSWORD"; + environmentFile = config.secrets."murmur-environment".path; + }; + }; +} diff --git a/modules/nixos/profiles/headful.nix b/modules/nixos/profiles/headful.nix index d0ca777..67bec29 100644 --- a/modules/nixos/profiles/headful.nix +++ b/modules/nixos/profiles/headful.nix @@ -22,6 +22,7 @@ in { home.packages = with pkgs; [ calibre imv + mumble neochat tdesktop tor-browser @@ -33,18 +34,15 @@ in { boot = { kernelPackages = mkDefault pkgs.linuxPackages_latest; - # There are (arguably) not a lot of reasons to keep mitigations enabled - # for on machine that is not web-facing. First of all, to completely - # mitigate any possible Spectre holes one would need to disable - # Hyperthreading altogether which will essentially put one's computer into - # the stone age by not being able to to effectively utilise multi-core its - # multicore capabilities. Secondly, by enabling mitigations, we introduce - # a plethora of performance overheads[1], which, albeit small, but still - # contribute to the overall speed of things. This is however still poses a - # security risk, which I am willing to take. - # - # [1]: https://www.phoronix.com/scan.php?page=article&item=spectre-meltdown-2&num=11 - kernelParams = ["mitigations=off"]; + kernelParams = [ + # https://wiki.archlinux.org/title/improving_performance#Watchdogs + "nowatchdog" + "kernel.nmi_watchdog=0" + # A security risk I'm willing to take for a reason[1]. + # + # [1]: https://www.phoronix.com/scan.php?page=article&item=spectre-meltdown-2&num=11 + "mitigations=off" + ]; loader = { efi.canTouchEfiVariables = true; -- cgit 1.4.1