From a0a3dcde99c4a8aa19b23ead79c08eedca30d002 Mon Sep 17 00:00:00 2001 From: Azat Bahawi Date: Sat, 8 Oct 2022 01:04:01 +0300 Subject: 2022-10-08 --- modules/nixfiles/alacritty.nix | 2 +- modules/nixfiles/bluetooth.nix | 1 - modules/nixfiles/common/networking.nix | 48 ++++++++++++++----- modules/nixfiles/common/nix/default.nix | 85 +++++++++++++++++---------------- modules/nixfiles/common/security.nix | 26 +++++++++- modules/nixfiles/emacs/default.nix | 26 +++++----- modules/nixfiles/emacs/doom/config.el | 5 ++ modules/nixfiles/emacs/doom/init.el | 4 +- modules/nixfiles/endlessh-go.nix | 2 +- modules/nixfiles/firefox/profile.nix | 2 +- modules/nixfiles/games/lutris.nix | 9 ++-- modules/nixfiles/games/mangohud.nix | 16 ++++++- modules/nixfiles/git.nix | 15 +++--- modules/nixfiles/mpv.nix | 10 +++- modules/nixfiles/node-exporter.nix | 2 +- modules/nixfiles/profiles/headful.nix | 13 +++-- modules/nixfiles/wireguard.nix | 2 + 17 files changed, 178 insertions(+), 90 deletions(-) (limited to 'modules') diff --git a/modules/nixfiles/alacritty.nix b/modules/nixfiles/alacritty.nix index bafc0d9..5f8833a 100644 --- a/modules/nixfiles/alacritty.nix +++ b/modules/nixfiles/alacritty.nix @@ -62,7 +62,7 @@ in { foreground = red; background = black; }; - bar = { + footer_bar = { foreground = black; background = white; }; diff --git a/modules/nixfiles/bluetooth.nix b/modules/nixfiles/bluetooth.nix index a1fd58f..8347361 100644 --- a/modules/nixfiles/bluetooth.nix +++ b/modules/nixfiles/bluetooth.nix @@ -13,7 +13,6 @@ in { config = mkIf cfg.enable { hardware.bluetooth = { enable = true; - package = pkgs.bluezFull; settings.General.FastConnectable = true; }; diff --git a/modules/nixfiles/common/networking.nix b/modules/nixfiles/common/networking.nix index 0ff7e3d..3085797 100644 --- a/modules/nixfiles/common/networking.nix +++ b/modules/nixfiles/common/networking.nix @@ -12,36 +12,60 @@ with lib; { +recurse ''; - networking = { + # TODO Support multiple interfaces and IP addresses. + networking = let + interface = "eth0"; # This assumes `usePredictableInterfaceNames` is false. + in { + domain = my.domain.shire; + hostName = this.hostname; hostId = substring 0 8 (builtins.hashString "md5" this.hostname); - domain = my.domain.shire; - usePredictableInterfaceNames = false; + nameservers = mkDefault dns.const.quad9.default; useDHCP = false; - nameservers = dns.const.quad9.default; + # This could potentially break something. + usePredictableInterfaceNames = false; + interfaces.${interface} = { + ipv4.addresses = with this.ipv4; + optional (isString address && isInt prefixLength) { + inherit address prefixLength; + }; - hosts = { - "127.0.0.2" = mkForce []; - "::1" = mkForce []; + ipv6.addresses = with this.ipv6; + optional (isString address && isInt prefixLength) { + inherit address prefixLength; + }; }; + defaultGateway = with this.ipv4; + mkIf (isString gatewayAddress) { + inherit interface; + address = gatewayAddress; + }; + defaultGateway6 = with this.ipv6; + mkIf (isString gatewayAddress) { + inherit interface; + address = gatewayAddress; + }; firewall = { enable = true; - logRefusedConnections = false; - logRefusedPackets = false; - rejectPackets = false; - allowPing = config.nixfiles.modules.profiles.headless.enable; + allowPing = true; + pingLimit = "--limit 1/minute --limit-burst 5"; + + logRefusedConnections = false; + logRefusedPackets = false; + logRefusedUnicastsOnly = false; + logReversePathDrops = false; }; }; environment = { - systemPackages = with pkgs; [dnsutils ldns myip rsync]; + systemPackages = with pkgs; [myip]; shellAliases = listToAttrs (map ({ diff --git a/modules/nixfiles/common/nix/default.nix b/modules/nixfiles/common/nix/default.nix index 878505c..47cd5c1 100644 --- a/modules/nixfiles/common/nix/default.nix +++ b/modules/nixfiles/common/nix/default.nix @@ -33,14 +33,24 @@ with lib; { in { # https://github.com/NixOS/nix/blob/master/src/libutil/experimental-features.cc extraOptions = '' + max-jobs = auto + warn-dirty = false + flake-registry = ${inputs.flake-registry}/flake-registry.json extra-experimental-features = ca-derivations extra-experimental-features = flakes extra-experimental-features = nix-command extra-experimental-features = recursive-nix - flake-registry = ${inputs.flake-registry}/flake-registry.json - keep-derivations = true - keep-outputs = true - warn-dirty = false + keep-going = true + keep-derivations = ${ + if this.isHeadful + then "true" + else "false" + } + keep-outputs = ${ + if this.isHeadful + then "true" + else "false" + } ''; nixPath = @@ -57,14 +67,12 @@ with lib; { substituters = [ "https://azahi.cachix.org" "https://cachix.cachix.org" - "https://mic92.cachix.org" "https://nix-community.cachix.org" "https://pre-commit-hooks.cachix.org" ]; trusted-public-keys = [ "azahi.cachix.org-1:2bayb+iWYMAVw3ZdEpVg+NPOHCXncw7WMQ0ElX1GO3s=" "cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM=" - "mic92.cachix.org-1:gi8IhgiT3CYZnJsaW7fxznzTkMUOn1RY4GmXdT/nXYQ=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "pre-commit-hooks.cachix.org-1:Pkk3Panw5AW24TOv6kz3PvLhlH8puAsJTBbOPmBo7Rc=" ]; @@ -91,21 +99,13 @@ with lib; { patches = [./patches/alejandra-no-ads.patch]; }); - # https://github.com/NixOS/nixpkgs/pull/191633 - inherit - (pkgsPR - "191633" - "sha256-gk0x/hZ/XfLo5PZ4lai4oRhawDUw68LsE2dp5c3FYIA=") - soju - ; - - # Currently broken in Nixpkgs. - inherit - (pkgsRev - "ee01de29d2f58d56b1be4ae24c24bd91c5380cea" - "sha256-R18MixER2iwduNqOlLzXUms0Z7G3emnKZOKyQS52SSA=") - gotify-server - ; + # https://github.com/NixOS/nixpkgs/pull/192671 + # inherit + # (pkgsPR + # "192671" + # "sha256-BdmWzoR+l7f7aV2oTmA8kfm63Y9UZFHABni8xRgkK/M=") + # please + # ; } // (with super; let np = nodePackages; @@ -143,29 +143,34 @@ with lib; { defaultPackages = []; systemPackages = with pkgs; optionals this.isHeadful [ + nix-du nix-top nix-tree ]; }; - hm.home.file.".nix-defexpr/default.nix".text = - optionalString this.isHeadful - ( - let - hostname = strings.escapeNixIdentifier this.hostname; - in '' + hm.home = { + packages = with pkgs; [nix-index]; + + file.".nix-defexpr/default.nix".text = + optionalString this.isHeadful + ( let - self = builtins.getFlake "nixfiles"; - configurations = self.nixosConfigurations; - local = configurations.${hostname}; - in rec { - inherit self; - inherit (self) inputs lib; - inherit (lib) my; - this = my.configurations.${hostname}; - inherit (local) config; - inherit (local.config.system.build) toplevel vm vmWithBootLoader manual; - } // configurations // local._module.args - '' - ); + hostname = strings.escapeNixIdentifier this.hostname; + in '' + let + self = builtins.getFlake "nixfiles"; + configurations = self.nixosConfigurations; + local = configurations.${hostname}; + in rec { + inherit self; + inherit (self) inputs lib; + inherit (lib) my; + this = my.configurations.${hostname}; + inherit (local) config; + inherit (local.config.system.build) toplevel vm vmWithBootLoader manual; + } // configurations // local._module.args + '' + ); + }; } diff --git a/modules/nixfiles/common/security.nix b/modules/nixfiles/common/security.nix index 2ac5a22..30b4276 100644 --- a/modules/nixfiles/common/security.nix +++ b/modules/nixfiles/common/security.nix @@ -1,4 +1,9 @@ -_: { +{ + inputs, + lib, + ... +}: +with lib; { security = { sudo = { enable = true; @@ -21,4 +26,23 @@ _: { ''; }; }; + + # Remove this later. + # imports = ["${inputs.nixpkgs-pr-please}/nixos/modules/security/please.nix"]; + # security.please = { + # enable = true; + # settings.root = { + # name = my.username; + # target = "root"; + # rule = ".*"; + # require_pass = false; + # }; + # settings.root_edit = { + # name = my.username; + # type = "edit"; + # target = "root"; + # rule = ".*"; + # require_pass = false; + # }; + # }; } diff --git a/modules/nixfiles/emacs/default.nix b/modules/nixfiles/emacs/default.nix index 6b73151..41ef523 100644 --- a/modules/nixfiles/emacs/default.nix +++ b/modules/nixfiles/emacs/default.nix @@ -11,10 +11,8 @@ in { options.nixfiles.modules.emacs.enable = mkEnableOption "GNU Emacs"; config = mkIf cfg.enable { - # TODO Make magit-forge to work with this. secrets.authinfo = { file = "${inputs.self}/secrets/authinfo"; - path = "${config.my.home}/.authinfo"; owner = my.username; inherit (config.my) group; }; @@ -115,6 +113,20 @@ in { concatMapStringsSep ":" (x: "${x}/bin") extraBins }")) + (setq doom-font (font-spec :family "${config.fontScheme.monospaceFont.family}" + :size ${toString config.fontScheme.monospaceFont.size}) + doom-unicode-font doom-font) + + (appendq! auth-sources '("${config.secrets.authinfo.path}")) + + (setq user-full-name "${my.fullname}" + user-mail-address "${my.email}") + + ;; :app irc + (setq circe-default-nick "${my.username}" + circe-default-realname "${my.email}" + circe-default-user circe-default-nick) + ;; :lang plantuml (setq org-plantuml-jar-path "${pkgs.plantuml}/lib/plantuml.jar") @@ -124,16 +136,6 @@ in { ;; :input japanese (setq skk-large-jisyo "${pkgs.skk-dicts}/share/skk/SKK-JISYO.L") - (setq user-full-name "${my.fullname}" - user-mail-address "${my.email}") - - (setq circe-default-nick "${my.username}" - circe-default-realname "${my.fullname}" - circe-default-user circe-default-nick) - - (setq doom-font (font-spec :family "${config.fontScheme.monospaceFont.family}" - :size ${toString config.fontScheme.monospaceFont.size}) - doom-unicode-font doom-font) ''; }; diff --git a/modules/nixfiles/emacs/doom/config.el b/modules/nixfiles/emacs/doom/config.el index 546af9a..fedd98d 100644 --- a/modules/nixfiles/emacs/doom/config.el +++ b/modules/nixfiles/emacs/doom/config.el @@ -119,6 +119,7 @@ mu4e-context-policy 'ask-if-none mu4e-compose-context-policy 'always-ask mu4e-compose--org-msg-toggle-next nil + mu4e-update-interval 60 sendmail-program (executable-find "msmtp") send-mail-function #'smtpmail-send-it message-sendmail-f-is-evil t @@ -127,6 +128,8 @@ +mu4e-personal-addresses (list "frodo@gondor.net" "frodo@rohan.net" "azahi@shire.me" + "admin@shire.me" + "ceo@shire.me" "a.gondor@yahoo.com" "a.gondor@yahoo.com")) @@ -146,6 +149,8 @@ (smtpmail-smtp-user . "azahi")) t) +(setq +mu4e-compose-org-msg-toggle-next nil) + ;; ;;; Circe ;; diff --git a/modules/nixfiles/emacs/doom/init.el b/modules/nixfiles/emacs/doom/init.el index 98317ec..718d5cb 100644 --- a/modules/nixfiles/emacs/doom/init.el +++ b/modules/nixfiles/emacs/doom/init.el @@ -25,7 +25,7 @@ (vc-gutter +diff-hl +pretty) window-select workspaces - zen + ;; zen :editor (evil +everywhere) @@ -113,7 +113,7 @@ (zig +lsp +tree-sitter) :email - mu4e + (mu4e +org) :app calendar diff --git a/modules/nixfiles/endlessh-go.nix b/modules/nixfiles/endlessh-go.nix index 891d484..56c415e 100644 --- a/modules/nixfiles/endlessh-go.nix +++ b/modules/nixfiles/endlessh-go.nix @@ -10,7 +10,7 @@ with lib; let cfg = config.nixfiles.modules.endlessh-go; in { # Remove this later. - imports = ["${inputs.nixpkgs-endlessh-go}/nixos/modules/services/security/endlessh-go.nix"]; + imports = ["${inputs.nixpkgs-pr-endlessh-go}/nixos/modules/services/security/endlessh-go.nix"]; options.nixfiles.modules.endlessh-go.enable = mkEnableOption "endlessh-go"; diff --git a/modules/nixfiles/firefox/profile.nix b/modules/nixfiles/firefox/profile.nix index 93ade51..2649402 100644 --- a/modules/nixfiles/firefox/profile.nix +++ b/modules/nixfiles/firefox/profile.nix @@ -399,7 +399,7 @@ in { "toolkit.legacyUserProfileCustomizations.stylesheets" = true; # "browser.startup.page" = 1; - "browser.startup.homepage" = "about:blank"; # TODO Custom? + "browser.startup.homepage" = "about:blank"; "browser.startup.homepage_welcome_url" = ""; "browser.startup.homepage_welcome_url.additional" = ""; # diff --git a/modules/nixfiles/games/lutris.nix b/modules/nixfiles/games/lutris.nix index c474a44..0c942a8 100644 --- a/modules/nixfiles/games/lutris.nix +++ b/modules/nixfiles/games/lutris.nix @@ -11,8 +11,9 @@ in { config = mkIf cfg.enable { nixfiles.modules.games = { - steam-run.enable = true; gamemode.enable = true; + mangohud.enable = true; + steam-run.enable = true; }; # This removes the annoying warning. @@ -22,10 +23,8 @@ in { (lutris.override { lutris-unwrapped = lutris-unwrapped.override { wine = buildFHSUserEnv { - # We don't really need Wine because Lutris downloads required - # runtime files for us. This feature is more robust because you can - # juggle different versions without manually rebuilding anything - # because nixpkgs cache was pruned. + # We don't really need Wine because Lutris downloads the required + # runtime for us. name = "empty"; }; }; diff --git a/modules/nixfiles/games/mangohud.nix b/modules/nixfiles/games/mangohud.nix index 0625652..b521687 100644 --- a/modules/nixfiles/games/mangohud.nix +++ b/modules/nixfiles/games/mangohud.nix @@ -8,5 +8,19 @@ with lib; let in { options.nixfiles.modules.games.mangohud.enable = mkEnableOption "MangoHud"; - config = mkIf cfg.enable {hm.programs.mangohud.enable = true;}; + config = mkIf cfg.enable { + hm.programs.mangohud = { + enable = true; + settings = { + fps = true; + gpu_stats = true; + gpu_temp = true; + cpu_stats = true; + cpu_temp = true; + }; + settingsPerApplication = { + mpv.no_display = true; + }; + }; + }; } diff --git a/modules/nixfiles/git.nix b/modules/nixfiles/git.nix index c7a2ba6..b121f8f 100644 --- a/modules/nixfiles/git.nix +++ b/modules/nixfiles/git.nix @@ -89,11 +89,19 @@ in { } // mapAttrs' (n: v: nameValuePair ''url "git@${v}:"'' {insteadOf = "${n}:";}) { + "alpine" = "gitlab.alpinelinux.org"; "bitbucket" = "bitbucket.com"; "codeberg" = "codeberg.org"; + "freedesktop" = "gitlab.freedesktop.org"; "github" = "github.com"; "gitlab" = "gitlab.com"; + "gnome" = "gitlab.gnome.org"; + "haskell" = "gitlab.haskell.org"; + "kde" = "invent.kde.org"; + "notabug" = "notabug.org"; + "opencode" = "opencode.net"; "sourcehut" = "git.sr.ht"; + "videolan" = "code.videolan.org"; }; aliases = let @@ -138,12 +146,6 @@ in { initExtra = mkAfter "_complete_alias gl __start_glab glab"; }; }; - - xdg.configFile."glab-cli/aliases.yml".text = generators.toYAML {} { - ci = "pipeline ci"; - co = "mr checkout"; - li = "ci lint"; - }; }; }) (mkIf cfg.server.enable { @@ -187,6 +189,7 @@ in { fastcgi_param QUERY_STRING $args; fastcgi_param HTTP_HOST $server_name; ''; + # FIXME This breaks sources previewing for these files. "~* ^/(.+.(ico|css|png))$".extraConfig = '' alias ${cfg.server.package}/cgit/$1; ''; diff --git a/modules/nixfiles/mpv.nix b/modules/nixfiles/mpv.nix index 0c3fcc5..2072bc6 100644 --- a/modules/nixfiles/mpv.nix +++ b/modules/nixfiles/mpv.nix @@ -14,9 +14,15 @@ in { mpv = { enable = true; + # This is so dumb. And people still wonder why NixOS is so inacessable + # to outsiders. package = with pkgs; - mpv-with-scripts.override { - scripts = with mpvScripts; [autoload mpv-autosub sponsorblock]; + wrapMpv mpv-unwrapped { + scripts = with mpvScripts; [ + autoload + mpv-autosub + sponsorblock + ]; }; bindings = { diff --git a/modules/nixfiles/node-exporter.nix b/modules/nixfiles/node-exporter.nix index fad1cc8..43f48f6 100644 --- a/modules/nixfiles/node-exporter.nix +++ b/modules/nixfiles/node-exporter.nix @@ -16,6 +16,7 @@ in { port = 9100; enabledCollectors = [ "buddyinfo" + "cgroups" "ethtool" "interrupts" "ksmd" @@ -26,7 +27,6 @@ in { "processes" "qdisc" "systemd" - "tcpstat" "zoneinfo" ]; }; diff --git a/modules/nixfiles/profiles/headful.nix b/modules/nixfiles/profiles/headful.nix index afe9194..0563640 100644 --- a/modules/nixfiles/profiles/headful.nix +++ b/modules/nixfiles/profiles/headful.nix @@ -34,9 +34,13 @@ in { hm = { home.packages = with pkgs; [ calibre + fd imv - kotatogram-desktop - nheko + neochat + ripgrep + ripgrep-all + sd + tdesktop tor-browser ]; @@ -89,6 +93,7 @@ in { }; programs = { + bash.shellAliases.open = "${pkgs.xdg-utils}/bin/xdg-open"; mbsync.enable = true; msmtp.enable = true; mu.enable = true; @@ -121,16 +126,16 @@ in { iftop.enable = true; mtr.enable = true; traceroute.enable = true; - - bash.shellAliases.open = "${pkgs.xdg-utils}/bin/xdg-open"; }; services.upower.enable = true; environment.systemPackages = with pkgs; [ arping + dnsutils ethtool inetutils + ldns nethogs socat tcpdump diff --git a/modules/nixfiles/wireguard.nix b/modules/nixfiles/wireguard.nix index f98b4e3..d05c6ae 100644 --- a/modules/nixfiles/wireguard.nix +++ b/modules/nixfiles/wireguard.nix @@ -177,6 +177,8 @@ in { enable = true; enableIPv6 = true; + externalInterface = mkDefault "eth0"; + internalInterfaces = [cfg.interface]; internalIPs = [cfg.ipv4.subnet]; internalIPv6s = [cfg.ipv6.subnet]; -- cgit 1.4.1