From 9a5427e3a0c0ccf2a82dc503149a26b23fbd6004 Mon Sep 17 00:00:00 2001 From: Azat Bahawi Date: Sun, 31 Mar 2024 21:29:27 +0300 Subject: 2024-03-31 --- nixosConfigurations/default.nix | 129 ++++++++++++----------- nixosConfigurations/eonwe/default.nix | 92 ++++++++-------- nixosConfigurations/iso/default.nix | 7 +- nixosConfigurations/manwe/default.nix | 17 +-- nixosConfigurations/manwe/mailserver/default.nix | 72 +++++++------ nixosConfigurations/manwe/webserver.nix | 36 ++++--- nixosConfigurations/melian/default.nix | 63 ++++++----- nixosConfigurations/test-headful/default.nix | 5 +- nixosConfigurations/test-headless/default.nix | 5 +- nixosConfigurations/varda/default.nix | 2 +- nixosConfigurations/yavanna/default.nix | 4 +- 11 files changed, 233 insertions(+), 199 deletions(-) (limited to 'nixosConfigurations') diff --git a/nixosConfigurations/default.nix b/nixosConfigurations/default.nix index b2e1511..1f0d78c 100644 --- a/nixosConfigurations/default.nix +++ b/nixosConfigurations/default.nix @@ -1,14 +1,17 @@ inputs: -with inputs.self.lib; let - mkConfiguration = name: { - modules ? [], - configuration ? ./${name}, - this ? my.configurations.${name}, - extraSpecialArgs ? { - localUsername = my.username; - localHostname = this.hostname; - }, - }: +with inputs.self.lib; +let + mkConfiguration = + name: + { + modules ? [ ], + configuration ? ./${name}, + this ? my.configurations.${name}, + extraSpecialArgs ? { + localUsername = my.username; + localHostname = this.hostname; + }, + }: nameValuePair name (nixosSystem { inherit (this) system; modules = @@ -16,12 +19,10 @@ with inputs.self.lib; let ++ attrValues inputs.self.modules ++ attrValues inputs.self.nixosModules ++ optional (configuration != null) (import configuration); - specialArgs = - { - inherit inputs this; - inherit (inputs.self) lib; - } - // extraSpecialArgs; + specialArgs = { + inherit inputs this; + inherit (inputs.self) lib; + } // extraSpecialArgs; }); mkIso = system: { @@ -32,7 +33,9 @@ with inputs.self.lib; let isHeadful = false; }; configuration = ./iso; - modules = ["${inputs.nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal-new-kernel.nix"]; + modules = [ + "${inputs.nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal-new-kernel.nix" + ]; }; mkTest = this: { @@ -43,55 +46,55 @@ with inputs.self.lib; let inherit this; }; in - mapAttrs' mkConfiguration { - iso-arm = mkIso "aarch64-linux"; - iso-x86 = mkIso "x86_64-linux"; +mapAttrs' mkConfiguration { + iso-arm = mkIso "aarch64-linux"; + iso-x86 = mkIso "x86_64-linux"; - test-headless = mkTest { - hostname = "test-headless"; - system = "x86_64-linux"; - isHeadless = true; - isHeadful = false; - }; - test-headful = mkTest { - hostname = "test-headful"; - system = "x86_64-linux"; - isHeadless = false; - isHeadful = true; - }; + test-headless = mkTest { + hostname = "test-headless"; + system = "x86_64-linux"; + isHeadless = true; + isHeadful = false; + }; + test-headful = mkTest { + hostname = "test-headful"; + system = "x86_64-linux"; + isHeadless = false; + isHeadful = true; + }; - eonwe.modules = with inputs; [ - nixos-hardware.nixosModules.common-cpu-amd - nixos-hardware.nixosModules.common-cpu-amd-pstate - nixos-hardware.nixosModules.common-gpu-amd - nixos-hardware.nixosModules.common-pc-ssd - nixpkgs.nixosModules.notDetected - ]; + eonwe.modules = with inputs; [ + nixos-hardware.nixosModules.common-cpu-amd + nixos-hardware.nixosModules.common-cpu-amd-pstate + nixos-hardware.nixosModules.common-gpu-amd + nixos-hardware.nixosModules.common-pc-ssd + nixpkgs.nixosModules.notDetected + ]; - melian.modules = with inputs; [ - nixos-hardware.nixosModules.common-pc-laptop-ssd - nixos-hardware.nixosModules.lenovo-thinkpad-t480 - nixpkgs.nixosModules.notDetected - ]; + melian.modules = with inputs; [ + nixos-hardware.nixosModules.common-pc-laptop-ssd + nixos-hardware.nixosModules.lenovo-thinkpad-t480 + nixpkgs.nixosModules.notDetected + ]; - manwe.modules = with inputs; [ - "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix" - nixos-hardware.nixosModules.common-cpu-amd - nixos-hardware.nixosModules.common-pc-ssd - nixpkgs.nixosModules.notDetected - ]; + manwe.modules = with inputs; [ + "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix" + nixos-hardware.nixosModules.common-cpu-amd + nixos-hardware.nixosModules.common-pc-ssd + nixpkgs.nixosModules.notDetected + ]; - varda.modules = with inputs; [ - "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix" - nixos-hardware.nixosModules.common-cpu-amd - nixos-hardware.nixosModules.common-pc-ssd - nixpkgs.nixosModules.notDetected - ]; + varda.modules = with inputs; [ + "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix" + nixos-hardware.nixosModules.common-cpu-amd + nixos-hardware.nixosModules.common-pc-ssd + nixpkgs.nixosModules.notDetected + ]; - yavanna.modules = with inputs; [ - "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix" - nixos-hardware.nixosModules.common-cpu-intel - nixos-hardware.nixosModules.common-pc-hdd - nixpkgs.nixosModules.notDetected - ]; - } + yavanna.modules = with inputs; [ + "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix" + nixos-hardware.nixosModules.common-cpu-intel + nixos-hardware.nixosModules.common-pc-hdd + nixpkgs.nixosModules.notDetected + ]; +} diff --git a/nixosConfigurations/eonwe/default.nix b/nixosConfigurations/eonwe/default.nix index 8164cd4..94f70ef 100644 --- a/nixosConfigurations/eonwe/default.nix +++ b/nixosConfigurations/eonwe/default.nix @@ -4,10 +4,9 @@ pkgs, ... }: -with lib; { - imports = [ - ./hidden.nix - ]; +with lib; +{ + imports = [ ./hidden.nix ]; nixfiles.modules = { ark.enable = true; @@ -44,6 +43,7 @@ with lib; { openmw openttd qbittorrent + qolibri qzdl radeontop vcmi @@ -57,38 +57,40 @@ with lib; { beets.settings.directory = mkForce "/mnt/udata/music"; mpv = { - profiles = let - mapShaders = shaders: map (args: toString (pkgs.fetchurl args)) shaders; - cfl-prediction = mapShaders [ - { - url = "https://raw.githubusercontent.com/Artoriuz/glsl-chroma-from-luma-prediction/471c65dd3915d39e7ef69957ab63e006125fbb88/CfL_Prediction.glsl"; - sha256 = "sha256-Mgb1KqF1EPPzR3SCVr9S4XzVmZkYEEFIHSp59RZ9wq8="; - } - ]; - ravu-lite-ar-r4 = mapShaders [ - { - url = "https://raw.githubusercontent.com/bjin/mpv-prescalers/b3f0a59d68f33b7162051ea5970a5169558f0ea2/compute/ravu-lite-ar-r4.hook"; - sha256 = "sha256-gyBAv/Sf75CobVUugeTOhy54B9z8iIoJSJgnLopfMsY="; - } - ]; - ssimdownscaler = mapShaders [ - { - url = "https://gist.githubusercontent.com/igv/36508af3ffc84410fe39761d6969be10/raw/575d13567bbe3caa778310bd3b2a4c516c445039/SSimDownscaler.glsl"; - sha256 = "sha256-AEq2wv/Nxo9g6Y5e4I9aIin0plTcMqBG43FuOxbnR1w="; - } - ]; - in { - # TODO Profile conditionals on width are not working. - "qhd-downscale" = { - dscale = "lanczos"; - linear-downscaling = false; - glsl-shaders-append = ssimdownscaler; - }; - - "qhd-upscale" = { - glsl-shaders-append = cfl-prediction ++ ravu-lite-ar-r4; + profiles = + let + mapShaders = shaders: map (args: toString (pkgs.fetchurl args)) shaders; + cfl-prediction = mapShaders [ + { + url = "https://raw.githubusercontent.com/Artoriuz/glsl-chroma-from-luma-prediction/471c65dd3915d39e7ef69957ab63e006125fbb88/CfL_Prediction.glsl"; + sha256 = "sha256-Mgb1KqF1EPPzR3SCVr9S4XzVmZkYEEFIHSp59RZ9wq8="; + } + ]; + ravu-lite-ar-r4 = mapShaders [ + { + url = "https://raw.githubusercontent.com/bjin/mpv-prescalers/b3f0a59d68f33b7162051ea5970a5169558f0ea2/compute/ravu-lite-ar-r4.hook"; + sha256 = "sha256-gyBAv/Sf75CobVUugeTOhy54B9z8iIoJSJgnLopfMsY="; + } + ]; + ssimdownscaler = mapShaders [ + { + url = "https://gist.githubusercontent.com/igv/36508af3ffc84410fe39761d6969be10/raw/575d13567bbe3caa778310bd3b2a4c516c445039/SSimDownscaler.glsl"; + sha256 = "sha256-AEq2wv/Nxo9g6Y5e4I9aIin0plTcMqBG43FuOxbnR1w="; + } + ]; + in + { + # TODO Profile conditionals on width are not working. + "qhd-downscale" = { + dscale = "lanczos"; + linear-downscaling = false; + glsl-shaders-append = ssimdownscaler; + }; + + "qhd-upscale" = { + glsl-shaders-append = cfl-prediction ++ ravu-lite-ar-r4; + }; }; - }; config = { profile = "gpu-hq"; @@ -174,7 +176,7 @@ with lib; { PasswordAuthentication = mkForce true; }; - udev.packages = with pkgs; [vial]; + udev.packages = with pkgs; [ vial ]; xserver.wacom.enable = true; }; @@ -213,13 +215,16 @@ with lib; { ]; # https://wiki.archlinux.org/title/improving_performance#Watchdogs - blacklistedKernelModules = ["sp5100_tco"]; + blacklistedKernelModules = [ "sp5100_tco" ]; # The boot drive is Samsung SSD 980 PRO 2TB. - initrd.kernelModules = ["nvme"]; + initrd.kernelModules = [ "nvme" ]; # These pools were configured manually with a specific mountpoint. - zfs.extraPools = ["udata" "vdata"]; + zfs.extraPools = [ + "udata" + "vdata" + ]; }; # Filesystem creation: @@ -265,7 +270,10 @@ with lib; { "/" = { device = "none"; fsType = "tmpfs"; - options = ["size=8G" "mode=755"]; + options = [ + "size=8G" + "mode=755" + ]; }; "/boot" = { @@ -276,7 +284,7 @@ with lib; { "/nix" = { device = "nixos/root/nix"; fsType = "zfs"; - options = ["noatime"]; + options = [ "noatime" ]; }; ${config.ark.path} = { @@ -292,7 +300,7 @@ with lib; { # [1]: https://github.com/nix-community/impermanence/issues/22 # [1]: https://github.com/NixOS/nixpkgs/pull/86967#pullrequestreview-667929259 "/home/${my.username}" = { - depends = [config.ark.path]; + depends = [ config.ark.path ]; neededForBoot = true; }; }; diff --git a/nixosConfigurations/iso/default.nix b/nixosConfigurations/iso/default.nix index 9a326a3..7277e88 100644 --- a/nixosConfigurations/iso/default.nix +++ b/nixosConfigurations/iso/default.nix @@ -1,6 +1,7 @@ -{lib, ...}: -with lib; { - secrets = mkForce {}; +{ lib, ... }: +with lib; +{ + secrets = mkForce { }; nixfiles.modules = { common.networking.onlyDefault = true; diff --git a/nixosConfigurations/manwe/default.nix b/nixosConfigurations/manwe/default.nix index 5a2fffd..e7edbf9 100644 --- a/nixosConfigurations/manwe/default.nix +++ b/nixosConfigurations/manwe/default.nix @@ -1,9 +1,6 @@ +{ config, lib, ... }: +with lib; { - config, - lib, - ... -}: -with lib; { imports = [ ./mailserver ./webserver.nix @@ -64,21 +61,17 @@ with lib; { "/" = { device = "/dev/sda2"; fsType = "xfs"; - options = ["noatime"]; + options = [ "noatime" ]; }; "/boot" = { device = "/dev/sda1"; fsType = "xfs"; - options = ["noatime"]; + options = [ "noatime" ]; }; }; - swapDevices = [ - { - device = "/dev/sda3"; - } - ]; + swapDevices = [ { device = "/dev/sda3"; } ]; zramSwap = { enable = true; diff --git a/nixosConfigurations/manwe/mailserver/default.nix b/nixosConfigurations/manwe/mailserver/default.nix index 56dabce..822de6f 100644 --- a/nixosConfigurations/manwe/mailserver/default.nix +++ b/nixosConfigurations/manwe/mailserver/default.nix @@ -4,8 +4,9 @@ lib, ... }: -with lib; { - imports = [inputs.mailserver.nixosModule]; +with lib; +{ + imports = [ inputs.mailserver.nixosModule ]; ark.directories = with config.mailserver; [ "/var/lib/dovecot" @@ -48,40 +49,47 @@ with lib; { redis.enable = true; }; - mailserver = let - cert = config.certs.${my.domain.shire}; - in { - enable = true; + mailserver = + let + cert = config.certs.${my.domain.shire}; + in + { + enable = true; - # Disable potentially insecure[1] STARTTLS connections. SSL-only connections - # are still enabled by default. - # - # [1]: https://www.rfc-editor.org/rfc/rfc3207#section-6 - enableImap = false; - enablePop3 = false; - enableSubmission = false; + # Disable potentially insecure[1] STARTTLS connections. SSL-only connections + # are still enabled by default. + # + # [1]: https://www.rfc-editor.org/rfc/rfc3207#section-6 + enableImap = false; + enablePop3 = false; + enableSubmission = false; - fqdn = config.networking.domain; - domains = with my.domain; [azahi gondor rohan shire]; + fqdn = config.networking.domain; + domains = with my.domain; [ + azahi + gondor + rohan + shire + ]; - localDnsResolver = false; + localDnsResolver = false; - certificateScheme = "manual"; - certificateFile = "${cert.directory}/fullchain.pem"; - keyFile = "${cert.directory}/key.pem"; + certificateScheme = "manual"; + certificateFile = "${cert.directory}/fullchain.pem"; + keyFile = "${cert.directory}/key.pem"; - lmtpSaveToDetailMailbox = "no"; + lmtpSaveToDetailMailbox = "no"; - redis = with config.services.redis.servers.default; { - address = bind; - inherit port; - password = requirePass; - }; + redis = with config.services.redis.servers.default; { + address = bind; + inherit port; + password = requirePass; + }; - # Just a list of accounts with aliases and hasedPasswords. Not necessarily - # secret, but kept from prying eyes. - loginAccounts = import ./hidden.nix lib; - }; + # Just a list of accounts with aliases and hasedPasswords. Not necessarily + # secret, but kept from prying eyes. + loginAccounts = import ./hidden.nix lib; + }; services = { fail2ban.jails = { @@ -96,14 +104,14 @@ with lib; { }; # https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/issues/275#note_1746383655 - dovecot2.sieve.extensions = ["fileinto"]; + dovecot2.sieve.extensions = [ "fileinto" ]; # https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/issues/241 redis.servers.rspamd.enable = mkForce false; }; systemd.services.rspamd = { - requires = mkForce ["redis-default.service"]; - after = mkForce ["redis-default.service"]; + requires = mkForce [ "redis-default.service" ]; + after = mkForce [ "redis-default.service" ]; }; } diff --git a/nixosConfigurations/manwe/webserver.nix b/nixosConfigurations/manwe/webserver.nix index d0784e8..95a0b0b 100644 --- a/nixosConfigurations/manwe/webserver.nix +++ b/nixosConfigurations/manwe/webserver.nix @@ -5,10 +5,12 @@ libPlausible, ... }: -with lib; { +with lib; +{ nixfiles.modules.nginx = { enable = true; - virtualHosts = with my.domain; + virtualHosts = + with my.domain; { # TODO Start using this. # "start.local" = { @@ -78,20 +80,30 @@ with lib; { "git.${shire}".locations."/".return = "301 https://git.${azahi}"; "bitwarden.${shire}".locations."/".return = "301 https://vaultwarden.${shire}"; ${azahi} = { - serverAliases = ["frodo.${gondor}" "frodo.${rohan}"]; + serverAliases = [ + "frodo.${gondor}" + "frodo.${rohan}" + ]; locations."/" = { root = inputs.azahi-cc; - extraConfig = libNginx.config.appendHead [ - (libPlausible.htmlPlausibleScript {domain = azahi;}) - ]; + extraConfig = libNginx.config.appendHead [ (libPlausible.htmlPlausibleScript { domain = azahi; }) ]; }; }; } - // (let - frodo = "301 https://frodo."; - in { - ${gondor}.locations."/".return = concatStrings [frodo gondor]; - ${rohan}.locations."/".return = concatStrings [frodo rohan]; - }); + // ( + let + frodo = "301 https://frodo."; + in + { + ${gondor}.locations."/".return = concatStrings [ + frodo + gondor + ]; + ${rohan}.locations."/".return = concatStrings [ + frodo + rohan + ]; + } + ); }; } diff --git a/nixosConfigurations/melian/default.nix b/nixosConfigurations/melian/default.nix index 64dd152..0805b4a 100644 --- a/nixosConfigurations/melian/default.nix +++ b/nixosConfigurations/melian/default.nix @@ -1,9 +1,6 @@ +{ lib, pkgs, ... }: +with lib; { - lib, - pkgs, - ... -}: -with lib; { nixfiles.modules = { wireguard.client.enable = true; @@ -22,25 +19,27 @@ with lib; { sensitivity = 250; }; - powerManagement = let - modprobe = getExe' pkgs.kmod "modprobe"; - in { - enable = true; + powerManagement = + let + modprobe = getExe' pkgs.kmod "modprobe"; + in + { + enable = true; - # This fixes an issue with not being able to suspend or wake up from - # suspend due to a kernel bug[1] which is still not fixed. - # - # I guess this can also be fixed differently[2], which does look a lot nicer - # but I'm just too lazy. - # - # [1]: https://bbs.archlinux.org/viewtopic.php?id=270964 - # [1]: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/522998 - # [1]: https://bugs.launchpad.net/ubuntu/+source/pm-utils/+bug/562484/comments/3 - # [1]: https://gist.github.com/ioggstream/8f380d398aef989ac455b93b92d42048 - # [2]: https://linrunner.de/tlp/settings/runtimepm.html - powerDownCommands = "${modprobe} -r xhci_pci"; - powerUpCommands = "${modprobe} xhci_pci"; - }; + # This fixes an issue with not being able to suspend or wake up from + # suspend due to a kernel bug[1] which is still not fixed. + # + # I guess this can also be fixed differently[2], which does look a lot nicer + # but I'm just too lazy. + # + # [1]: https://bbs.archlinux.org/viewtopic.php?id=270964 + # [1]: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/522998 + # [1]: https://bugs.launchpad.net/ubuntu/+source/pm-utils/+bug/562484/comments/3 + # [1]: https://gist.github.com/ioggstream/8f380d398aef989ac455b93b92d42048 + # [2]: https://linrunner.de/tlp/settings/runtimepm.html + powerDownCommands = "${modprobe} -r xhci_pci"; + powerUpCommands = "${modprobe} xhci_pci"; + }; services = { thinkfan = { @@ -50,13 +49,21 @@ with lib; { { hwmon = "/sys/class/hwmon"; name = "coretemp"; - indices = [1]; + indices = [ 1 ]; } ]; - fans = [{tpacpi = "/proc/acpi/ibm/fan";}]; + fans = [ { tpacpi = "/proc/acpi/ibm/fan"; } ]; levels = [ - ["level auto" 0 50] - ["level disengaged" 50 32767] # This could annoy some people but IDGAF. + [ + "level auto" + 0 + 50 + ] + [ + "level disengaged" + 50 + 32767 + ] # This could annoy some people but IDGAF. ]; }; }; @@ -74,7 +81,7 @@ with lib; { "/" = { device = "/dev/disk/by-uuid/bb8b09dc-cc67-47e5-8280-532b17a9e62a"; fsType = "xfs"; - options = ["noatime"]; + options = [ "noatime" ]; }; "/boot" = { diff --git a/nixosConfigurations/test-headful/default.nix b/nixosConfigurations/test-headful/default.nix index a385a2e..f1da389 100644 --- a/nixosConfigurations/test-headful/default.nix +++ b/nixosConfigurations/test-headful/default.nix @@ -1,5 +1,6 @@ -{lib, ...}: -with lib; { +{ lib, ... }: +with lib; +{ nixfiles.modules = { dwm.enable = false; kde.enable = true; diff --git a/nixosConfigurations/test-headless/default.nix b/nixosConfigurations/test-headless/default.nix index 919a436..ef3d223 100644 --- a/nixosConfigurations/test-headless/default.nix +++ b/nixosConfigurations/test-headless/default.nix @@ -1,5 +1,6 @@ -{lib, ...}: -with lib; { +{ lib, ... }: +with lib; +{ nixfiles.modules = { endlessh-go.enable = mkForce false; node-exporter.enable = mkForce false; diff --git a/nixosConfigurations/varda/default.nix b/nixosConfigurations/varda/default.nix index 7d4b5bc..d93c98e 100644 --- a/nixosConfigurations/varda/default.nix +++ b/nixosConfigurations/varda/default.nix @@ -35,7 +35,7 @@ _: { "/" = { device = "/dev/disk/by-uuid/b07e8273-915a-424c-8c55-cdc2bd482f49"; fsType = "xfs"; - options = ["noatime"]; + options = [ "noatime" ]; }; "/boot" = { diff --git a/nixosConfigurations/yavanna/default.nix b/nixosConfigurations/yavanna/default.nix index 4f0d43c..2d52f53 100644 --- a/nixosConfigurations/yavanna/default.nix +++ b/nixosConfigurations/yavanna/default.nix @@ -20,10 +20,10 @@ _: { fileSystems."/" = { device = "/dev/sda2"; fsType = "ext4"; - options = ["noatime"]; + options = [ "noatime" ]; }; - swapDevices = [{device = "/dev/sda3";}]; + swapDevices = [ { device = "/dev/sda3"; } ]; zramSwap = { enable = true; -- cgit 1.4.1