From a394b9cefdb8499d119b91c7cbcf79d107814e8d Mon Sep 17 00:00:00 2001 From: Andrea Ciceri Date: Fri, 20 Sep 2024 11:37:17 +0200 Subject: [PATCH] Reformat everything --- checks/default.nix | 14 +- flake.nix | 11 +- hmModules/aerc/default.nix | 2 +- hmModules/binance/default.nix | 5 +- hmModules/btop/default.nix | 21 +- hmModules/calibre/default.nix | 5 +- hmModules/chrome/default.nix | 3 +- hmModules/cura/default.nix | 25 +- hmModules/digikam/default.nix | 5 +- hmModules/discord/default.nix | 5 +- hmModules/dolphin/default.nix | 5 +- hmModules/element/default.nix | 9 +- hmModules/emacs/default.nix | 4 +- hmModules/email/default.nix | 37 +- hmModules/firefox/default.nix | 7 +- hmModules/foot/default.nix | 83 +-- hmModules/git-workspace/default.nix | 3 +- hmModules/git/default.nix | 11 +- hmModules/gnome-keyring/default.nix | 6 +- hmModules/gpg/default.nix | 38 +- hmModules/headless-hyprland/default.nix | 9 +- hmModules/helix/default.nix | 10 +- hmModules/hyprland/default.nix | 6 +- hmModules/hyprland/hyprpaper.nix | 3 +- hmModules/kicad/default.nix | 5 +- hmModules/kitty/default.nix | 3 +- hmModules/lazygit/default.nix | 3 +- hmModules/lutris/default.nix | 5 +- hmModules/monero/default.nix | 5 +- hmModules/moonlight/default.nix | 5 +- hmModules/mopidy/default.nix | 15 +- hmModules/nheko/default.nix | 5 +- hmModules/nix-index/default.nix | 17 +- hmModules/obs-studio/default.nix | 8 +- hmModules/openscad/default.nix | 5 +- hmModules/pantalaimon/default.nix | 2 +- hmModules/password-store/default.nix | 5 +- hmModules/qutebrowser/default.nix | 26 +- .../reinstall-magisk-on-lineage/default.nix | 8 +- hmModules/remmina/default.nix | 5 +- hmModules/shell/default.nix | 68 ++- hmModules/slack/default.nix | 5 +- hmModules/spotify/default.nix | 14 +- hmModules/steam-run/default.nix | 5 +- hmModules/sway/default.nix | 181 +++--- hmModules/swayidle/default.nix | 93 ++-- hmModules/teams/default.nix | 5 +- hmModules/thunderbird/default.nix | 6 +- hmModules/tor-browser/default.nix | 5 +- hmModules/tremotesf/default.nix | 7 +- hmModules/vscode/default.nix | 3 +- hmModules/waybar/default.nix | 48 +- hmModules/wayvnc/default.nix | 7 +- hmModules/wezterm/default.nix | 73 ++- hmModules/whatsapp/default.nix | 9 +- hmModules/wine/default.nix | 3 +- hmModules/xdg/default.nix | 19 +- hmModules/zmkbatx/default.nix | 10 +- hmModules/zulip/default.nix | 5 +- hosts/archer/default.nix | 3 +- hosts/beebox/default.nix | 5 +- hosts/beebox/hardware-configuration.nix | 19 +- hosts/default.nix | 39 +- hosts/deltaflyer/default.nix | 53 +- hosts/deltaflyer/plasma-mobile.nix | 5 +- hosts/devbox/default.nix | 27 +- hosts/devbox/disko.nix | 7 +- hosts/hs/default.nix | 69 +-- hosts/hs/hardware-configuration.nix | 14 +- hosts/janeway/default.nix | 99 ++-- hosts/kirk/default.nix | 10 +- hosts/module.nix | 520 ++++++++++-------- hosts/mothership/default.nix | 35 +- hosts/mothership/disko.nix | 9 +- hosts/oneplus5t/default.nix | 6 +- hosts/pbp/default.nix | 3 +- hosts/pbp/hardware-configuration.nix | 7 +- hosts/picard/default.nix | 15 +- hosts/sisko/default.nix | 8 +- hosts/sisko/disko.nix | 17 +- hosts/test/default.nix | 6 +- hosts/thinkpad/default.nix | 25 +- hosts/thinkpad/hardware-configuration.nix | 44 +- hosts/thinkpad/zfs.nix | 8 +- modules/adb/default.nix | 2 +- modules/adguard-home/default.nix | 7 +- modules/atuin/default.nix | 3 +- modules/audio/default.nix | 5 +- modules/auto-upgrade/default.nix | 5 +- modules/battery/default.nix | 5 +- modules/binfmt/default.nix | 6 +- modules/bluetooth/default.nix | 7 +- modules/bubbleupnp/default.nix | 9 +- modules/ccr/default.nix | 109 ++-- modules/cgit/config.nix | 55 +- modules/cgit/default.nix | 229 ++++---- modules/cloudflare-dyndns/default.nix | 3 +- modules/common/default.nix | 3 +- modules/dbus/default.nix | 5 +- modules/docker/default.nix | 9 +- modules/fonts/default.nix | 23 +- modules/forgejo-runners/default.nix | 365 ++++++------ modules/forgejo/default.nix | 6 +- modules/fprintd/default.nix | 2 +- modules/garmin-collector/default.nix | 11 +- modules/grafana/default.nix | 6 +- modules/greetd/default.nix | 6 +- modules/grocy/default.nix | 7 +- modules/hass-poweroff/default.nix | 9 +- modules/hercules-ci/default.nix | 3 +- modules/home-assistant/default.nix | 37 +- modules/hydra/config.nix | 8 +- modules/hydra/default.nix | 190 ++++--- modules/hydra/jobsets.nix | 92 ++-- modules/immich/default.nix | 23 +- modules/immich/module.nix | 278 +++++----- modules/jellyfin/default.nix | 2 +- modules/kodi/default.nix | 16 +- modules/loki/default.nix | 6 +- modules/macos-ventura/default.nix | 5 +- modules/mara/default.nix | 22 +- modules/matrix/default.nix | 19 +- modules/mediatomb/default.nix | 2 +- modules/minidlna/default.nix | 7 +- modules/minio/default.nix | 10 +- modules/mothership-proxy/default.nix | 5 +- modules/mount-rock5b/default.nix | 19 +- modules/networkmanager/default.nix | 5 +- modules/nextcloud/default.nix | 9 +- modules/nix-serve/default.nix | 8 +- modules/nix/default.nix | 26 +- modules/org-roam-ui/default.nix | 5 +- modules/paperless/default.nix | 8 +- modules/pipewire/default.nix | 3 +- modules/plex/default.nix | 2 +- modules/printing/default.nix | 5 +- modules/printing/driver.nix | 107 ++-- modules/prometheus-exporters/default.nix | 113 ++-- modules/prometheus/default.nix | 40 +- modules/promtail/default.nix | 16 +- modules/qmk-udev/default.nix | 5 +- modules/remote-xfce/default.nix | 13 +- modules/restic/default.nix | 12 +- modules/rock5b-proxy/default.nix | 7 +- modules/rock5b-samba/default.nix | 7 +- modules/searx/default.nix | 8 +- modules/ssh-initrd/default.nix | 3 +- modules/ssh/default.nix | 7 +- modules/syncthing/default.nix | 16 +- modules/teamviewer/default.nix | 5 +- modules/transmission/default.nix | 5 +- modules/virt-manager/default.nix | 5 +- modules/vm-mara/default.nix | 64 +-- modules/vm-mara/i915-sriov-dkms.nix | 25 +- modules/vm-sala/default.nix | 135 ++--- modules/vm-ubuntu/default.nix | 45 +- modules/wireguard-client/default.nix | 9 +- modules/wireguard-common/default.nix | 14 +- modules/wireguard-server/default.nix | 19 +- modules/xdg/default.nix | 3 +- packages/default.nix | 58 +- packages/deploy/default.nix | 2 +- packages/garmin-collector/default.nix | 2 +- packages/llm-workflow-engine/default.nix | 95 ++-- packages/spotify-adblocked/default.nix | 38 +- secrets/secrets.nix | 217 ++++++-- shell/default.nix | 42 +- 167 files changed, 2795 insertions(+), 2122 deletions(-) diff --git a/checks/default.nix b/checks/default.nix index e809449..d4de7c0 100644 --- a/checks/default.nix +++ b/checks/default.nix @@ -11,18 +11,20 @@ ]; perSystem = - { pkgs, ... }: + { ... }: { treefmt.config = { projectRootFile = ".git/config"; - programs.nixfmt-rfc-style.enable = true; + programs = { + nixfmt-rfc-style.enable = true; + deadnix.enable = true; + }; }; pre-commit.settings.hooks = { nixfmt-rfc-style.enable = true; + deadnix.enable = true; }; - - formatter = pkgs.nixfmt-rfc-style; }; flake.checks = @@ -30,7 +32,9 @@ build = _: nc: nc.config.system.build.toplevel; in { - x86_64-linux = lib.mapAttrs build { inherit (self.nixosConfigurations) picard; }; + x86_64-linux = lib.mapAttrs build { + inherit (self.nixosConfigurations) picard; + }; aarch64-linux = lib.mapAttrs build { inherit (self.nixosConfigurations) sisko; # pbp; }; diff --git a/flake.nix b/flake.nix index 96e3a2c..d4bf146 100644 --- a/flake.nix +++ b/flake.nix @@ -1,6 +1,5 @@ { - description = - "A complete, declarative, and reproducible configuration of my entire Nix fleet"; + description = "A complete, declarative, and reproducible configuration of my entire Nix fleet"; inputs = { flakeParts.url = "github:hercules-ci/flake-parts"; @@ -58,7 +57,8 @@ vscode-server.url = "github:nix-community/nixos-vscode-server"; }; - outputs = inputs@{ flakeParts, ... }: + outputs = + inputs@{ flakeParts, ... }: flakeParts.lib.mkFlake { inherit inputs; } { imports = [ # TODO export modules as flake outputs @@ -69,6 +69,9 @@ ./shell ./checks ]; - systems = [ "x86_64-linux" "aarch64-linux" ]; + systems = [ + "x86_64-linux" + "aarch64-linux" + ]; }; } diff --git a/hmModules/aerc/default.nix b/hmModules/aerc/default.nix index 6c3e65b..1c3c122 100644 --- a/hmModules/aerc/default.nix +++ b/hmModules/aerc/default.nix @@ -1,5 +1,5 @@ { - imports = [../email]; + imports = [ ../email ]; config = { accounts.email.accounts = { autistici.aerc = { diff --git a/hmModules/binance/default.nix b/hmModules/binance/default.nix index c0aa5d2..07c6759 100644 --- a/hmModules/binance/default.nix +++ b/hmModules/binance/default.nix @@ -1,3 +1,4 @@ -{pkgs, ...}: { - home.packages = [pkgs.binance]; +{ pkgs, ... }: +{ + home.packages = [ pkgs.binance ]; } diff --git a/hmModules/btop/default.nix b/hmModules/btop/default.nix index 08fc3a7..d3568da 100644 --- a/hmModules/btop/default.nix +++ b/hmModules/btop/default.nix @@ -1,18 +1,21 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ programs.btop = { enable = true; settings = { update_ms = 100; theme_background = false; # color_theme = "${config.programs.btop.package}/share/btop/themes/dracula.theme"; - color_theme = let - catppuccin-theme = pkgs.fetchFromGitHub { - owner = "catppuccin"; - repo = "btop"; - rev = "21b8d5956a8b07fa52519e3267fb3a2d2e693d17"; - hash = "sha256-UXeTypc15MhjgGUiCrDUZ40m32yH2o1N+rcrEgY6sME="; - }; - in "${catppuccin-theme}/themes/catppuccin_mocha.theme"; + color_theme = + let + catppuccin-theme = pkgs.fetchFromGitHub { + owner = "catppuccin"; + repo = "btop"; + rev = "21b8d5956a8b07fa52519e3267fb3a2d2e693d17"; + hash = "sha256-UXeTypc15MhjgGUiCrDUZ40m32yH2o1N+rcrEgY6sME="; + }; + in + "${catppuccin-theme}/themes/catppuccin_mocha.theme"; }; }; } diff --git a/hmModules/calibre/default.nix b/hmModules/calibre/default.nix index dca9687..b2fd97a 100644 --- a/hmModules/calibre/default.nix +++ b/hmModules/calibre/default.nix @@ -1,3 +1,4 @@ -{pkgs, ...}: { - home.packages = [pkgs.calibre]; +{ pkgs, ... }: +{ + home.packages = [ pkgs.calibre ]; } diff --git a/hmModules/chrome/default.nix b/hmModules/chrome/default.nix index f90f3ce..595c255 100644 --- a/hmModules/chrome/default.nix +++ b/hmModules/chrome/default.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ programs.chromium = { enable = true; package = pkgs.google-chrome; diff --git a/hmModules/cura/default.nix b/hmModules/cura/default.nix index 32a1c64..7b530f3 100644 --- a/hmModules/cura/default.nix +++ b/hmModules/cura/default.nix @@ -1,15 +1,17 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ home.packages = [ - (let - cura5 = pkgs.appimageTools.wrapType2 rec { - name = "cura5"; - version = "5.8.0"; - src = pkgs.fetchurl { - url = "https://github.com/Ultimaker/Cura/releases/download/${version}/UltiMaker-Cura-${version}-linux-X64.AppImage"; - hash = "sha256-EojVAe+o43W80ES5BY3QgGRTxztwS+B6kIOfJOtULOg="; + ( + let + cura5 = pkgs.appimageTools.wrapType2 rec { + name = "cura5"; + version = "5.8.0"; + src = pkgs.fetchurl { + url = "https://github.com/Ultimaker/Cura/releases/download/${version}/UltiMaker-Cura-${version}-linux-X64.AppImage"; + hash = "sha256-EojVAe+o43W80ES5BY3QgGRTxztwS+B6kIOfJOtULOg="; + }; }; - }; - in + in pkgs.writeScriptBin "cura" '' #! ${pkgs.bash}/bin/bash # AppImage version of Cura loses current working directory and treats all paths relateive to $HOME. @@ -23,6 +25,7 @@ args+=("$a") done QT_QPA_PLATFORM=xcb exec "${cura5}/bin/cura5" "''${args[@]}" - '') + '' + ) ]; } diff --git a/hmModules/digikam/default.nix b/hmModules/digikam/default.nix index 928dde1..a2f5b1e 100644 --- a/hmModules/digikam/default.nix +++ b/hmModules/digikam/default.nix @@ -1,3 +1,4 @@ -{pkgs, ...}: { - home.packages = [pkgs.digikam]; +{ pkgs, ... }: +{ + home.packages = [ pkgs.digikam ]; } diff --git a/hmModules/discord/default.nix b/hmModules/discord/default.nix index 2dde8bf..90f6d31 100644 --- a/hmModules/discord/default.nix +++ b/hmModules/discord/default.nix @@ -1,5 +1,6 @@ -{pkgs, ...}: { - home.packages = [pkgs.discord]; +{ pkgs, ... }: +{ + home.packages = [ pkgs.discord ]; home.file.".config/discord/settings.json".text = builtins.toJSON { SKIP_HOST_UPDATE = true; }; diff --git a/hmModules/dolphin/default.nix b/hmModules/dolphin/default.nix index e24cc30..0b68c57 100644 --- a/hmModules/dolphin/default.nix +++ b/hmModules/dolphin/default.nix @@ -1,3 +1,4 @@ -{pkgs, ...}: { - home.packages = [pkgs.dolphin-emu]; +{ pkgs, ... }: +{ + home.packages = [ pkgs.dolphin-emu ]; } diff --git a/hmModules/element/default.nix b/hmModules/element/default.nix index e0f4282..34266c3 100644 --- a/hmModules/element/default.nix +++ b/hmModules/element/default.nix @@ -1,13 +1,14 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ # home.packages = [pkgs.schildichat-desktop]; - home.packages = [pkgs.element-desktop-wayland]; + home.packages = [ pkgs.element-desktop-wayland ]; systemd.user.services.element-desktop = { - Install.WantedBy = ["graphical-session.target"]; + Install.WantedBy = [ "graphical-session.target" ]; Unit = { Description = "Element"; - PartOf = ["graphical-session.target"]; + PartOf = [ "graphical-session.target" ]; }; Service = { diff --git a/hmModules/emacs/default.nix b/hmModules/emacs/default.nix index 69d5607..98463cc 100644 --- a/hmModules/emacs/default.nix +++ b/hmModules/emacs/default.nix @@ -1,9 +1,9 @@ { lib, age, - pkgs, ... -}: { +}: +{ ccrEmacs.enable = true; home.sessionVariables.EDITOR = lib.mkForce "emacsclient"; systemd.user.services.emacs.Service.EnvironmentFile = age.secrets.chatgpt-token.path; diff --git a/hmModules/email/default.nix b/hmModules/email/default.nix index dd02c0c..648bbc8 100644 --- a/hmModules/email/default.nix +++ b/hmModules/email/default.nix @@ -2,22 +2,25 @@ pkgs, secrets, ... -}: { +}: +{ programs.mbsync.enable = true; programs.msmtp.enable = true; services.mbsync.enable = true; - home.file.".config/aerc/stylesets" = let - catppuccin-aerc = pkgs.fetchFromGitHub { - owner = "catppuccin"; - repo = "aerc"; - rev = "ca404a9f2d125ef12db40db663d43c9d94116a05"; - hash = "sha256-OWIkHsKFts/zkrDUtbBPXHVSrHL/F0v3LB1rnlFAKmE="; + home.file.".config/aerc/stylesets" = + let + catppuccin-aerc = pkgs.fetchFromGitHub { + owner = "catppuccin"; + repo = "aerc"; + rev = "ca404a9f2d125ef12db40db663d43c9d94116a05"; + hash = "sha256-OWIkHsKFts/zkrDUtbBPXHVSrHL/F0v3LB1rnlFAKmE="; + }; + in + { + source = "${catppuccin-aerc}/dist"; + recursive = true; }; - in { - source = "${catppuccin-aerc}/dist"; - recursive = true; - }; programs.aerc = { enable = true; @@ -81,7 +84,9 @@ "" = ":clear"; }; - "messages:folder=Drafts" = {"" = ":recall";}; + "messages:folder=Drafts" = { + "" = ":recall"; + }; view = { "/" = ":toggle-key-passthrough/"; @@ -164,8 +169,12 @@ border-char-vertical = "┃"; border-char-horizontal = "━"; }; - viewer = {always-show-mime = true;}; - compose = {no-attachment-warning = "^[^>]*attach(ed|ment)";}; + viewer = { + always-show-mime = true; + }; + compose = { + no-attachment-warning = "^[^>]*attach(ed|ment)"; + }; triggers = { email-received = ''exec notify-send "New email from %n" "%s"''; }; diff --git a/hmModules/firefox/default.nix b/hmModules/firefox/default.nix index 954dbc3..f6ae31e 100644 --- a/hmModules/firefox/default.nix +++ b/hmModules/firefox/default.nix @@ -2,14 +2,15 @@ pkgs, username, ... -}: { +}: +{ programs.firefox = { enable = true; package = pkgs.wrapFirefox pkgs.firefox-unwrapped { extraPolicies = { - ExtensionSettings = {}; + ExtensionSettings = { }; }; - nativeMessagingHosts = [pkgs.tridactyl-native]; + nativeMessagingHosts = [ pkgs.tridactyl-native ]; }; profiles.${username} = { settings = { diff --git a/hmModules/foot/default.nix b/hmModules/foot/default.nix index 1d46469..620e385 100644 --- a/hmModules/foot/default.nix +++ b/hmModules/foot/default.nix @@ -6,51 +6,54 @@ }: lib.mkMerge [ { - programs.foot = let - catppuccin = pkgs.fetchFromGitHub { - owner = "catppuccin"; - repo = "foot"; - rev = "307611230661b7b1787feb7f9d122e851bae97e9"; - hash = "sha256-mkPYHDJtfdfDnqLr1YOjaBpn4lCceok36LrnkUkNIE4="; - }; - in { - enable = true; - server.enable = true; - settings = { - main = { - term = "xterm-256color"; - login-shell = "yes"; - dpi-aware = "no"; - horizontal-letter-offset = "1"; - include = "${catppuccin}/themes/catppuccin-mocha.ini"; - font = let - size = "13"; - in - lib.concatStringsSep ", " [ - "Iosevka Comfy:size=${size}" - "Symbols Nerd Font:size=${size}" - "JoyPixels:size=${size}" - ]; - }; - cursor = { - blink = true; - }; - tweak = { - overflowing-glyphs = true; + programs.foot = + let + catppuccin = pkgs.fetchFromGitHub { + owner = "catppuccin"; + repo = "foot"; + rev = "307611230661b7b1787feb7f9d122e851bae97e9"; + hash = "sha256-mkPYHDJtfdfDnqLr1YOjaBpn4lCceok36LrnkUkNIE4="; }; + in + { + enable = true; + server.enable = true; + settings = { + main = { + term = "xterm-256color"; + login-shell = "yes"; + dpi-aware = "no"; + horizontal-letter-offset = "1"; + include = "${catppuccin}/themes/catppuccin-mocha.ini"; + font = + let + size = "13"; + in + lib.concatStringsSep ", " [ + "Iosevka Comfy:size=${size}" + "Symbols Nerd Font:size=${size}" + "JoyPixels:size=${size}" + ]; + }; + cursor = { + blink = true; + }; + tweak = { + overflowing-glyphs = true; + }; - key-bindings = { - scrollback-up-page = "Control+Shift+k"; - scrollback-down-page = "Control+Shift+j"; - search-start = "Control+Shift+s"; - pipe-command-output = ''[sh -c 'f=$(mktemp); cat - > $f; footclient hx $f; rm $f'] Control+Shift+g''; - }; + key-bindings = { + scrollback-up-page = "Control+Shift+k"; + scrollback-down-page = "Control+Shift+j"; + search-start = "Control+Shift+s"; + pipe-command-output = ''[sh -c 'f=$(mktemp); cat - > $f; footclient hx $f; rm $f'] Control+Shift+g''; + }; - mouse = { - hide-when-typing = "yes"; + mouse = { + hide-when-typing = "yes"; + }; }; }; - }; } (lib.mkIf config.programs.fish.enable { programs.fish.functions = { diff --git a/hmModules/git-workspace/default.nix b/hmModules/git-workspace/default.nix index ac8cc85..25f37ca 100644 --- a/hmModules/git-workspace/default.nix +++ b/hmModules/git-workspace/default.nix @@ -2,7 +2,8 @@ age, username, ... -}: { +}: +{ services.git-workspace = { enable = true; frequency = "04:00:00"; diff --git a/hmModules/git/default.nix b/hmModules/git/default.nix index 52786b2..fcec555 100644 --- a/hmModules/git/default.nix +++ b/hmModules/git/default.nix @@ -2,13 +2,18 @@ pkgs, username, ... -}: let +}: +let config = { name = "Andrea Ciceri"; email = "andrea.ciceri@autistici.org"; }; -in { - imports = [../gitui ../lazygit]; +in +{ + imports = [ + ../gitui + ../lazygit + ]; programs.git = { enable = true; package = pkgs.gitAndTools.gitFull; diff --git a/hmModules/gnome-keyring/default.nix b/hmModules/gnome-keyring/default.nix index b0135ff..9426154 100644 --- a/hmModules/gnome-keyring/default.nix +++ b/hmModules/gnome-keyring/default.nix @@ -1,9 +1,9 @@ { pkgs, lib, - config, ... -}: { +}: +{ services.gnome-keyring = { enable = false; # Is this broken? https://github.com/nix-community/home-manager/issues/1454 components = lib.mkForce [ @@ -12,7 +12,7 @@ ]; }; - home.packages = [pkgs.gcr]; # Needed in PATH + home.packages = [ pkgs.gcr ]; # Needed in PATH # Workaround wayland.windowManager.hyprland.extraConfig = '' diff --git a/hmModules/gpg/default.nix b/hmModules/gpg/default.nix index a28eb67..469c27a 100644 --- a/hmModules/gpg/default.nix +++ b/hmModules/gpg/default.nix @@ -1,25 +1,31 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ services.gpg-agent = { enable = true; enableSshSupport = true; - sshKeys = ["CE2FD0D9BECBD8876811714925066CC257413416"]; - extraConfig = let - pinentryRofi = pkgs.writeShellApplication { - name = "pinentry-rofi-with-env"; - runtimeInputs = with pkgs; [coreutils rofi]; - text = '' - "${pkgs.pinentry-rofi}/bin/pinentry-rofi" "$@" - ''; - }; - in '' - allow-emacs-pinentry - allow-loopback-pinentry - pinentry-program ${pinentryRofi}/bin/pinentry-rofi-with-env - ''; + sshKeys = [ "CE2FD0D9BECBD8876811714925066CC257413416" ]; + extraConfig = + let + pinentryRofi = pkgs.writeShellApplication { + name = "pinentry-rofi-with-env"; + runtimeInputs = with pkgs; [ + coreutils + rofi + ]; + text = '' + "${pkgs.pinentry-rofi}/bin/pinentry-rofi" "$@" + ''; + }; + in + '' + allow-emacs-pinentry + allow-loopback-pinentry + pinentry-program ${pinentryRofi}/bin/pinentry-rofi-with-env + ''; }; programs.gpg = { enable = true; - settings = {}; + settings = { }; }; } diff --git a/hmModules/headless-hyprland/default.nix b/hmModules/headless-hyprland/default.nix index e15b20a..44d7fdb 100644 --- a/hmModules/headless-hyprland/default.nix +++ b/hmModules/headless-hyprland/default.nix @@ -1,11 +1,12 @@ { - config, lib, ... -}: let +}: +let originalConfig = config.wayland.windowManager.hyprland.extraConfig; - config = builtins.replaceStrings ["SUPER"] [""] originalConfig; -in { + config = builtins.replaceStrings [ "SUPER" ] [ "" ] originalConfig; +in +{ systemd.user.services.headless-hyprland = { Unit.Description = "Headless Hyprland"; Service = { diff --git a/hmModules/helix/default.nix b/hmModules/helix/default.nix index 9a5010f..4e724e2 100644 --- a/hmModules/helix/default.nix +++ b/hmModules/helix/default.nix @@ -22,26 +22,26 @@ language = [ { name = "nix"; - language-servers = ["nixd"]; + language-servers = [ "nixd" ]; } { name = "markdown"; - language-servers = ["zk"]; + language-servers = [ "zk" ]; } { name = "typescript"; - language-servers = ["vtsls"]; + language-servers = [ "vtsls" ]; } ]; language-server = { nixd.command = "nixd"; vtsls = { command = "vtsls"; - args = ["--stdio"]; + args = [ "--stdio" ]; }; zk = { command = "zk"; - args = ["lsp"]; + args = [ "lsp" ]; }; }; }; diff --git a/hmModules/hyprland/default.nix b/hmModules/hyprland/default.nix index 821ad1e..646254c 100644 --- a/hmModules/hyprland/default.nix +++ b/hmModules/hyprland/default.nix @@ -2,7 +2,8 @@ config, pkgs, ... -}: let +}: +let screenshotScript = pkgs.writeShellScriptBin "screenshot.sh" '' filename="$HOME/shots/$(date --iso-8601=seconds).png" coords="$(${pkgs.slurp}/bin/slurp)" @@ -19,7 +20,8 @@ fi fi ''; -in { +in +{ imports = [ ./hyprpaper.nix ../waybar diff --git a/hmModules/hyprland/hyprpaper.nix b/hmModules/hyprland/hyprpaper.nix index 73e3148..5264414 100644 --- a/hmModules/hyprland/hyprpaper.nix +++ b/hmModules/hyprland/hyprpaper.nix @@ -1,6 +1,7 @@ let wallpaper = ./wallpaper.png; -in { +in +{ xdg.configFile."hypr/hyprpaper.conf".text = '' splash = false preload = ${wallpaper} diff --git a/hmModules/kicad/default.nix b/hmModules/kicad/default.nix index 280d450..9acc796 100644 --- a/hmModules/kicad/default.nix +++ b/hmModules/kicad/default.nix @@ -1,3 +1,4 @@ -{pkgs, ...}: { - home.packages = [pkgs.kicad-small]; +{ pkgs, ... }: +{ + home.packages = [ pkgs.kicad-small ]; } diff --git a/hmModules/kitty/default.nix b/hmModules/kitty/default.nix index 49a60e8..da36cd0 100644 --- a/hmModules/kitty/default.nix +++ b/hmModules/kitty/default.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ ... }: +{ programs.kitty = { enable = true; font = { diff --git a/hmModules/lazygit/default.nix b/hmModules/lazygit/default.nix index 1689ddc..6b16376 100644 --- a/hmModules/lazygit/default.nix +++ b/hmModules/lazygit/default.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ programs.lazygit = { enable = true; settings = { diff --git a/hmModules/lutris/default.nix b/hmModules/lutris/default.nix index 13c2b29..475abdf 100644 --- a/hmModules/lutris/default.nix +++ b/hmModules/lutris/default.nix @@ -1,3 +1,4 @@ -{pkgs, ...}: { - home.packages = [pkgs.lutris]; +{ pkgs, ... }: +{ + home.packages = [ pkgs.lutris ]; } diff --git a/hmModules/monero/default.nix b/hmModules/monero/default.nix index 427658b..5bf4116 100644 --- a/hmModules/monero/default.nix +++ b/hmModules/monero/default.nix @@ -1,3 +1,4 @@ -{pkgs, ...}: { - home.packages = [pkgs.monero-gui]; +{ pkgs, ... }: +{ + home.packages = [ pkgs.monero-gui ]; } diff --git a/hmModules/moonlight/default.nix b/hmModules/moonlight/default.nix index 653f421..0637001 100644 --- a/hmModules/moonlight/default.nix +++ b/hmModules/moonlight/default.nix @@ -1,3 +1,4 @@ -{pkgs, ...}: { - home.packages = [pkgs.moonlight-qt]; +{ pkgs, ... }: +{ + home.packages = [ pkgs.moonlight-qt ]; } diff --git a/hmModules/mopidy/default.nix b/hmModules/mopidy/default.nix index fa2ebcb..007cecc 100644 --- a/hmModules/mopidy/default.nix +++ b/hmModules/mopidy/default.nix @@ -1,5 +1,6 @@ # TODO: use upstream ytmusic when updated: https://github.com/OzymandiasTheGreat/mopidy-ytmusic/issues/68 -{pkgs, ...}: let +{ pkgs, ... }: +let ytmusicapi = pkgs.python310Packages.buildPythonPackage rec { pname = "ytmusicapi"; version = "0.24.0"; @@ -38,14 +39,20 @@ python310Packages.pytube ]; - pythonImportsCheck = ["mopidy_ytmusic"]; + pythonImportsCheck = [ "mopidy_ytmusic" ]; doCheck = false; }; -in { +in +{ services.mopidy = { enable = true; - extensionPackages = [mopidy-ytmusic] ++ (with pkgs; [mopidy-mpd mopidy-mpris]); + extensionPackages = + [ mopidy-ytmusic ] + ++ (with pkgs; [ + mopidy-mpd + mopidy-mpris + ]); settings = { mpd = { enabled = true; diff --git a/hmModules/nheko/default.nix b/hmModules/nheko/default.nix index 9a4a89e..b921d3a 100644 --- a/hmModules/nheko/default.nix +++ b/hmModules/nheko/default.nix @@ -1,5 +1,6 @@ -{pkgs, ...}: { - home.packages = [pkgs.nheko]; +{ pkgs, ... }: +{ + home.packages = [ pkgs.nheko ]; # systemd.user.services.nheko = { # Install.WantedBy = ["graphical-session.target"]; diff --git a/hmModules/nix-index/default.nix b/hmModules/nix-index/default.nix index 726d997..cc3440a 100644 --- a/hmModules/nix-index/default.nix +++ b/hmModules/nix-index/default.nix @@ -1,14 +1,15 @@ { - config, pkgs, fleetFlake, - lib, ... -}: { +}: +{ programs.nix-index.enable = true; systemd.user.services.nix-index-update = { - Unit = {Description = "Update nix-index";}; + Unit = { + Description = "Update nix-index"; + }; Service = { CPUSchedulingPolicy = "idle"; @@ -18,7 +19,9 @@ }; systemd.user.timers.nix-index-update = { - Unit = {Description = "Update nix-index";}; + Unit = { + Description = "Update nix-index"; + }; Timer = { Unit = "nix-index-update.service"; @@ -26,6 +29,8 @@ Persistent = true; }; - Install = {WantedBy = ["timers.target"];}; + Install = { + WantedBy = [ "timers.target" ]; + }; }; } diff --git a/hmModules/obs-studio/default.nix b/hmModules/obs-studio/default.nix index 6e527dc..91620ba 100644 --- a/hmModules/obs-studio/default.nix +++ b/hmModules/obs-studio/default.nix @@ -1,6 +1,10 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ programs.obs-studio = { enable = true; - plugins = with pkgs.obs-studio-plugins; [wlrobs input-overlay]; + plugins = with pkgs.obs-studio-plugins; [ + wlrobs + input-overlay + ]; }; } diff --git a/hmModules/openscad/default.nix b/hmModules/openscad/default.nix index aa83ca6..eac465f 100644 --- a/hmModules/openscad/default.nix +++ b/hmModules/openscad/default.nix @@ -1,3 +1,4 @@ -{pkgs, ...}: { - home.packages = [pkgs.openscad]; +{ pkgs, ... }: +{ + home.packages = [ pkgs.openscad ]; } diff --git a/hmModules/pantalaimon/default.nix b/hmModules/pantalaimon/default.nix index 36331cc..2c0a520 100644 --- a/hmModules/pantalaimon/default.nix +++ b/hmModules/pantalaimon/default.nix @@ -9,5 +9,5 @@ }; }; }; - systemd.user.services.pantalaimon.Unit.Requires = ["dbus.socket"]; + systemd.user.services.pantalaimon.Unit.Requires = [ "dbus.socket" ]; } diff --git a/hmModules/password-store/default.nix b/hmModules/password-store/default.nix index 704f123..69be6e1 100644 --- a/hmModules/password-store/default.nix +++ b/hmModules/password-store/default.nix @@ -2,12 +2,13 @@ pkgs, username, ... -}: { +}: +{ programs.password-store = { enable = true; settings = { PASSWORD_STORE_DIR = "/home/${username}/.password-store"; }; - package = pkgs.pass.withExtensions (e: [e.pass-otp]); + package = pkgs.pass.withExtensions (e: [ e.pass-otp ]); }; } diff --git a/hmModules/qutebrowser/default.nix b/hmModules/qutebrowser/default.nix index 4a4c68f..6a77ff7 100644 --- a/hmModules/qutebrowser/default.nix +++ b/hmModules/qutebrowser/default.nix @@ -2,7 +2,8 @@ pkgs, config, ... -}: let +}: +let inherit (config.programs.qutebrowser) settings; websites = { searx = "https://searx.be"; @@ -16,7 +17,8 @@ less-dark-white = "#cccccc"; blue = "#0000ff"; }; -in { +in +{ programs.qutebrowser = { enable = true; searchEngines = with websites; { @@ -41,7 +43,7 @@ in { auto_save.session = true; url = with websites; { default_page = searx; - start_pages = [searx]; + start_pages = [ searx ]; }; editor.command = [ "emacsclient" @@ -108,15 +110,13 @@ in { }; home.packages = with pkgs; [ fuzzel - ( - makeDesktopItem { - name = "qutebrowser"; - exec = "qutebrowser %u"; - comment = "Qutebrowser"; - desktopName = "qutebrowser"; - type = "Application"; - mimeTypes = ["x-scheme-handler/https"]; - } - ) + (makeDesktopItem { + name = "qutebrowser"; + exec = "qutebrowser %u"; + comment = "Qutebrowser"; + desktopName = "qutebrowser"; + type = "Application"; + mimeTypes = [ "x-scheme-handler/https" ]; + }) ]; } diff --git a/hmModules/reinstall-magisk-on-lineage/default.nix b/hmModules/reinstall-magisk-on-lineage/default.nix index 8728f93..dba5e35 100644 --- a/hmModules/reinstall-magisk-on-lineage/default.nix +++ b/hmModules/reinstall-magisk-on-lineage/default.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: let +{ pkgs, ... }: +let reinstall-magisk-on-lineage = pkgs.stdenv.mkDerivation { name = "reinstall-magisk-on-lineage"; version = "git"; @@ -21,6 +22,7 @@ --replace-fail "paste_yours_here" "\"\$1\"" ''; }; -in { - home.packages = [reinstall-magisk-on-lineage]; +in +{ + home.packages = [ reinstall-magisk-on-lineage ]; } diff --git a/hmModules/remmina/default.nix b/hmModules/remmina/default.nix index abbd844..822eddf 100644 --- a/hmModules/remmina/default.nix +++ b/hmModules/remmina/default.nix @@ -1,3 +1,4 @@ -{pkgs, ...}: { - home.packages = [pkgs.remmina]; +{ pkgs, ... }: +{ + home.packages = [ pkgs.remmina ]; } diff --git a/hmModules/shell/default.nix b/hmModules/shell/default.nix index 9c1ca0f..cf7f76a 100644 --- a/hmModules/shell/default.nix +++ b/hmModules/shell/default.nix @@ -4,7 +4,8 @@ age, hostname, ... -}: { +}: +{ programs.bat.enable = true; programs.direnv = { @@ -31,7 +32,9 @@ systemd.user.services.atuind = { Unit.Description = "Atuin daemon"; - Install = {WantedBy = ["default.target"];}; + Install = { + WantedBy = [ "default.target" ]; + }; Service.ExecStart = "${lib.getExe pkgs.atuin} daemon"; }; @@ -116,25 +119,29 @@ xdg.configFile = { "dracula-theme" = { target = "fish/themes/dracula.theme"; - source = let - theme = pkgs.fetchFromGitHub { - owner = "dracula"; - repo = "fish"; - rev = "269cd7d76d5104fdc2721db7b8848f6224bdf554"; - hash = "sha256-Hyq4EfSmWmxwCYhp3O8agr7VWFAflcUe8BUKh50fNfY="; - }; - in "${theme}/themes/Dracula\ Official.theme"; + source = + let + theme = pkgs.fetchFromGitHub { + owner = "dracula"; + repo = "fish"; + rev = "269cd7d76d5104fdc2721db7b8848f6224bdf554"; + hash = "sha256-Hyq4EfSmWmxwCYhp3O8agr7VWFAflcUe8BUKh50fNfY="; + }; + in + "${theme}/themes/Dracula\ Official.theme"; }; "catppuccin-theme" = { target = "fish/themes/Catppuccin\ Mocha.theme"; - source = let - theme = pkgs.fetchFromGitHub { - owner = "catppuccin"; - repo = "fish"; - rev = "a3b9eb5eaf2171ba1359fe98f20d226c016568cf"; - hash = "sha256-shQxlyoauXJACoZWtRUbRMxmm10R8vOigXwjxBhG8ng="; - }; - in "${theme}/themes/Catppuccin\ Mocha.theme"; + source = + let + theme = pkgs.fetchFromGitHub { + owner = "catppuccin"; + repo = "fish"; + rev = "a3b9eb5eaf2171ba1359fe98f20d226c016568cf"; + hash = "sha256-shQxlyoauXJACoZWtRUbRMxmm10R8vOigXwjxBhG8ng="; + }; + in + "${theme}/themes/Catppuccin\ Mocha.theme"; }; }; @@ -227,7 +234,8 @@ # ''; # }; - home.packages = with pkgs; + home.packages = + with pkgs; [ thefuck htop-vim @@ -240,12 +248,18 @@ carapace # used by nushell neovim ] - ++ (lib.optionals (builtins.elem hostname ["kirk" "picard"]) [ - nixd # TODO probably not the best place - terraform-lsp # TODO probably not best place - python3Packages.jedi-language-server # TODO probably not best place - nodePackages.typescript-language-server # TODO probably not best place - cntr # TODO probably not best place - nom # FIXME disable on aarch64-linux, breaks everything :( - ]); + ++ (lib.optionals + (builtins.elem hostname [ + "kirk" + "picard" + ]) + [ + nixd # TODO probably not the best place + terraform-lsp # TODO probably not best place + python3Packages.jedi-language-server # TODO probably not best place + nodePackages.typescript-language-server # TODO probably not best place + cntr # TODO probably not best place + nom # FIXME disable on aarch64-linux, breaks everything :( + ] + ); } diff --git a/hmModules/slack/default.nix b/hmModules/slack/default.nix index bb7e3b1..4ff5f05 100644 --- a/hmModules/slack/default.nix +++ b/hmModules/slack/default.nix @@ -1,3 +1,4 @@ -{pkgs, ...}: { - home.packages = [pkgs.slack]; +{ pkgs, ... }: +{ + home.packages = [ pkgs.slack ]; } diff --git a/hmModules/spotify/default.nix b/hmModules/spotify/default.nix index fb7c2e7..59b2edd 100644 --- a/hmModules/spotify/default.nix +++ b/hmModules/spotify/default.nix @@ -2,17 +2,19 @@ lib, pkgs, ... -}: let - spotify-adblocked = pkgs.callPackage ../../packages/spotify-adblocked {}; -in { - home.packages = [spotify-adblocked]; +}: +let + spotify-adblocked = pkgs.callPackage ../../packages/spotify-adblocked { }; +in +{ + home.packages = [ spotify-adblocked ]; systemd.user.services.spotify-adblocked = { - Install.WantedBy = ["graphical-session.target"]; + Install.WantedBy = [ "graphical-session.target" ]; Unit = { Description = "Spotify"; - PartOf = ["graphical-session.target"]; + PartOf = [ "graphical-session.target" ]; }; Service = { diff --git a/hmModules/steam-run/default.nix b/hmModules/steam-run/default.nix index 42db3d4..7ea2faf 100644 --- a/hmModules/steam-run/default.nix +++ b/hmModules/steam-run/default.nix @@ -1,3 +1,4 @@ -{pkgs, ...}: { - home.packages = [pkgs.steam-run]; +{ pkgs, ... }: +{ + home.packages = [ pkgs.steam-run ]; } diff --git a/hmModules/sway/default.nix b/hmModules/sway/default.nix index af49d1c..26fee7a 100644 --- a/hmModules/sway/default.nix +++ b/hmModules/sway/default.nix @@ -3,7 +3,8 @@ lib, config, ... -}: { +}: +{ imports = [ ../waybar ../swayidle @@ -12,7 +13,7 @@ ../kitty ]; config = { - home.packages = with pkgs; [wl-clipboard]; + home.packages = with pkgs; [ wl-clipboard ]; systemd.user.sessionVariables = { NIXOS_OZONE_WL = "1"; @@ -35,98 +36,100 @@ }; wayland = { - windowManager.sway = let - modifier = "Mod4"; - in { - enable = true; - wrapperFeatures.gtk = true; - config = { - inherit modifier; - menu = "${pkgs.fuzzel}/bin/fuzzel --background-color=253559cc --border-radius=5 --border-width=0"; - output = let - bg = "${./wallpaper.svg} fill"; - in { - DP-2 = { - res = "1900x1200"; - pos = "0 0"; - inherit bg; - transform = "90"; + windowManager.sway = + let + modifier = "Mod4"; + in + { + enable = true; + wrapperFeatures.gtk = true; + config = { + inherit modifier; + menu = "${pkgs.fuzzel}/bin/fuzzel --background-color=253559cc --border-radius=5 --border-width=0"; + output = + let + bg = "${./wallpaper.svg} fill"; + in + { + DP-2 = { + res = "1900x1200"; + pos = "0 0"; + inherit bg; + transform = "90"; + }; + DP-1 = { + res = "2560x1440"; + pos = "1200 230"; + inherit bg; + }; + eDP-1 = { + res = "1920x1080"; + pos = "3760 230"; + inherit bg; + }; + }; + terminal = "${config.programs.kitty.package}/bin/kitty ${config.programs.kitty.package}/bin/kitty +kitten ssh mothership.fleet"; + bars = [ + { + mode = "hide"; + position = "top"; + command = "${pkgs.waybar}/bin/waybar"; + } + ]; + gaps = { + smartBorders = "on"; }; - DP-1 = { - res = "2560x1440"; - pos = "1200 230"; - inherit bg; + assigns = { + "1" = [ + { title = ".*Mozilla Firefox$"; } + { title = ".*qutebrowser$"; } + ]; + "2" = [ { title = "^((?!qutebrowser-editor).)*Emacs$"; } ]; + "3" = [ { title = "Slack.*"; } ]; + "9" = [ { title = "^Element.*"; } ]; }; - eDP-1 = { - res = "1920x1080"; - pos = "3760 230"; - inherit bg; + floating.criteria = [ + { title = "MetaMask Notification.*"; } + { title = "Volume Control"; } # pavucontrol + { title = "^.*editor - qutebrowser$"; } # Emacs opened by qutebrowser + ]; + input = { + "*" = { + xkb_layout = "us"; + xkb_variant = "altgr-intl"; + }; }; + keybindings = + let + screenshotScript = pkgs.writeShellScript "screenshot.sh" '' + filename="$HOME/shots/$(date --iso-8601=seconds).png" + coords="$(${pkgs.slurp}/bin/slurp)" + ${pkgs.grim}/bin/grim -t png -g "$coords" "$filename" + wl-copy -t image/png < $filename + ''; + in + lib.mkOptionDefault { + "${modifier}+x" = "exec emacsclient -c"; + "${modifier}+y" = "exec ${pkgs.waypipe}/bin/waypipe --compress lz4=10 ssh mothership.fleet emacsclient -c"; + "${modifier}+b" = "exec qutebrowser"; + "${modifier}+s" = "exec ${screenshotScript}"; + # "${modifier}+g" = "exec ${screenrecordingScript}"; # FIXME + "${modifier}+t" = '' + exec emacsclient -c -F "\'(name . \\"VTerm\\"))" -q --eval '(vterm (getenv "SHELL"))' + ''; + "${modifier}+u" = '' + exec ${pkgs.waypipe}/bin/waypipe --compress lz4=10 ssh mothership.fleet emacsclient -c -F "\'(name . \\"VTerm\\"))" -q --eval '(eat (getenv "SHELL"))' + ''; + "XF86MonBrightnessUp" = "exec ${pkgs.brightnessctl}/bin/brightnessctl s +5%"; + "XF86MonBrightnessDown" = "exec ${pkgs.brightnessctl}/bin/brightnessctl s 5%-"; + }; }; - terminal = "${config.programs.kitty.package}/bin/kitty ${config.programs.kitty.package}/bin/kitty +kitten ssh mothership.fleet"; - bars = [ - { - mode = "hide"; - position = "top"; - command = "${pkgs.waybar}/bin/waybar"; - } - ]; - gaps = { - smartBorders = "on"; - }; - assigns = { - "1" = [{title = ".*Mozilla Firefox$";} {title = ".*qutebrowser$";}]; - "2" = [{title = "^((?!qutebrowser-editor).)*Emacs$";}]; - "3" = [{title = "Slack.*";}]; - "9" = [{title = "^Element.*";}]; - }; - floating.criteria = [ - {title = "MetaMask Notification.*";} - {title = "Volume Control";} # pavucontrol - {title = "^.*editor - qutebrowser$";} # Emacs opened by qutebrowser - ]; - input = { - "*" = { - xkb_layout = "us"; - xkb_variant = "altgr-intl"; - }; - }; - keybindings = let - screenshotScript = pkgs.writeShellScript "screenshot.sh" '' - filename="$HOME/shots/$(date --iso-8601=seconds).png" - coords="$(${pkgs.slurp}/bin/slurp)" - ${pkgs.grim}/bin/grim -t png -g "$coords" "$filename" - wl-copy -t image/png < $filename - ''; - screenrecordingScript = pkgs.writeShellScript "screenrecorder.sh" '' - filename="$HOME/shots/recording-$(date --iso-8601=seconds).mp4" - coords="$(${pkgs.slurp}/bin/slurp)" - ${pkgs.wf-recorder}/bin/wf-recorder -g "$coords" -f "$filename" - wl-copy -t video/mp4 < $filename - ''; - in - lib.mkOptionDefault { - "${modifier}+x" = "exec emacsclient -c"; - "${modifier}+y" = "exec ${pkgs.waypipe}/bin/waypipe --compress lz4=10 ssh mothership.fleet emacsclient -c"; - "${modifier}+b" = "exec qutebrowser"; - "${modifier}+s" = "exec ${screenshotScript}"; - # "${modifier}+g" = "exec ${screenrecordingScript}"; # FIXME - "${modifier}+t" = '' - exec emacsclient -c -F "\'(name . \\"VTerm\\"))" -q --eval '(vterm (getenv "SHELL"))' - ''; - "${modifier}+u" = '' - exec ${pkgs.waypipe}/bin/waypipe --compress lz4=10 ssh mothership.fleet emacsclient -c -F "\'(name . \\"VTerm\\"))" -q --eval '(eat (getenv "SHELL"))' - ''; - "XF86MonBrightnessUp" = "exec ${pkgs.brightnessctl}/bin/brightnessctl s +5%"; - "XF86MonBrightnessDown" = "exec ${pkgs.brightnessctl}/bin/brightnessctl s 5%-"; - }; + extraConfig = '' + bindsym ${modifier}+p move workspace to output right + ''; + xwayland = true; + systemdIntegration = true; }; - extraConfig = '' - bindsym ${modifier}+p move workspace to output right - ''; - xwayland = true; - systemdIntegration = true; - }; }; }; } diff --git a/hmModules/swayidle/default.nix b/hmModules/swayidle/default.nix index bc26718..60e3ed0 100644 --- a/hmModules/swayidle/default.nix +++ b/hmModules/swayidle/default.nix @@ -2,53 +2,56 @@ pkgs, lib, ... -}: { - services.swayidle = let - swaylockWithArgs = pkgs.writeScriptBin "swaylockWithArgs" '' - ${pkgs.swaylock-effects}/bin/swaylock \ - --daemonize \ - --screenshots \ - --clock \ - --indicator \ - --indicator-radius 100 \ - --indicator-thickness 7 \ - --effect-blur 7x5 \ - --effect-vignette 0.5:0.5 \ - --ring-color bb00cc \ - --key-hl-color 880033 \ - --line-color 00000000 \ - --inside-color 00000088 \ - --separator-color 00000000 \ - --fade-in 0.2 - ''; - swaylockCommand = "${swaylockWithArgs}/bin/swaylockWithArgs"; - in { - enable = true; - events = [ - { - event = "before-sleep"; - command = swaylockCommand; - } - { - event = "lock"; - command = swaylockCommand; - } - ]; - timeouts = [ - { - timeout = 600; - command = swaylockCommand; - } - { - timeout = 720; - command = "${pkgs.systemd}/bin/systemctl suspend"; - } - ]; - }; +}: +{ + services.swayidle = + let + swaylockWithArgs = pkgs.writeScriptBin "swaylockWithArgs" '' + ${pkgs.swaylock-effects}/bin/swaylock \ + --daemonize \ + --screenshots \ + --clock \ + --indicator \ + --indicator-radius 100 \ + --indicator-thickness 7 \ + --effect-blur 7x5 \ + --effect-vignette 0.5:0.5 \ + --ring-color bb00cc \ + --key-hl-color 880033 \ + --line-color 00000000 \ + --inside-color 00000088 \ + --separator-color 00000000 \ + --fade-in 0.2 + ''; + swaylockCommand = "${swaylockWithArgs}/bin/swaylockWithArgs"; + in + { + enable = true; + events = [ + { + event = "before-sleep"; + command = swaylockCommand; + } + { + event = "lock"; + command = swaylockCommand; + } + ]; + timeouts = [ + { + timeout = 600; + command = swaylockCommand; + } + { + timeout = 720; + command = "${pkgs.systemd}/bin/systemctl suspend"; + } + ]; + }; # Otherwise it will start only after Sway and will not work with Hyprland systemd.user.services.swayidle = { - Unit.PartOf = lib.mkForce []; - Install.WantedBy = lib.mkForce ["hyprland-session.target"]; + Unit.PartOf = lib.mkForce [ ]; + Install.WantedBy = lib.mkForce [ "hyprland-session.target" ]; }; } diff --git a/hmModules/teams/default.nix b/hmModules/teams/default.nix index 217685e..9f643c1 100644 --- a/hmModules/teams/default.nix +++ b/hmModules/teams/default.nix @@ -1,3 +1,4 @@ -{pkgs, ...}: { - home.packages = [pkgs.teams-for-linux]; +{ pkgs, ... }: +{ + home.packages = [ pkgs.teams-for-linux ]; } diff --git a/hmModules/thunderbird/default.nix b/hmModules/thunderbird/default.nix index 9eb89c8..2b3ba1e 100644 --- a/hmModules/thunderbird/default.nix +++ b/hmModules/thunderbird/default.nix @@ -1,14 +1,14 @@ { - imports = [../email]; + imports = [ ../email ]; config = { accounts.email.accounts = { autistici.thunderbird = { enable = true; - profiles = ["default"]; + profiles = [ "default" ]; }; mlabs.thunderbird = { enable = true; - profiles = ["default"]; + profiles = [ "default" ]; }; }; programs.thunderbird = { diff --git a/hmModules/tor-browser/default.nix b/hmModules/tor-browser/default.nix index 7b56e78..59796db 100644 --- a/hmModules/tor-browser/default.nix +++ b/hmModules/tor-browser/default.nix @@ -1,3 +1,4 @@ -{pkgs, ...}: { - home.packages = [pkgs.tor-browser]; +{ pkgs, ... }: +{ + home.packages = [ pkgs.tor-browser ]; } diff --git a/hmModules/tremotesf/default.nix b/hmModules/tremotesf/default.nix index 37c75d9..a3569a1 100644 --- a/hmModules/tremotesf/default.nix +++ b/hmModules/tremotesf/default.nix @@ -2,11 +2,12 @@ pkgs, lib, ... -}: { - home.packages = [pkgs.tremotesf]; +}: +{ + home.packages = [ pkgs.tremotesf ]; systemd.user.services.tremotesf = { - Install.WantedBy = ["graphical-session.target"]; + Install.WantedBy = [ "graphical-session.target" ]; Unit = { Description = "tremotesf"; diff --git a/hmModules/vscode/default.nix b/hmModules/vscode/default.nix index e34d82c..f04f149 100644 --- a/hmModules/vscode/default.nix +++ b/hmModules/vscode/default.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ programs.vscode = { enable = true; # For a few reasons sometimes I'm forced to use VSCode and I don't have time to nixifiy even its configuration. diff --git a/hmModules/waybar/default.nix b/hmModules/waybar/default.nix index f7ac1be..5705986 100644 --- a/hmModules/waybar/default.nix +++ b/hmModules/waybar/default.nix @@ -2,7 +2,8 @@ pkgs, lib, ... -}: { +}: +{ programs.waybar = { enable = true; systemd.enable = true; @@ -18,7 +19,7 @@ "wlr/mode" "hyprland/workspaces" ]; - modules-center = ["wlr/window"]; + modules-center = [ "wlr/window" ]; modules-right = [ "network" "tray" @@ -46,9 +47,13 @@ # sort-by-number = true; }; - "wlr/mode" = {tooltip = false;}; + "wlr/mode" = { + tooltip = false; + }; - "wlr/window" = {max_length = 50;}; + "wlr/window" = { + max_length = 50; + }; tray = { spacing = 10; }; @@ -56,7 +61,13 @@ format = "{capacity}% {icon}"; format-alt = "{time} {icon}"; format-charging = "{capacity}% "; - format-icons = [" " " " " " " " " "]; + format-icons = [ + " " + " " + " " + " " + " " + ]; format-plugged = "{capacity}%  "; states = { critical = 15; @@ -71,7 +82,9 @@ format = "{usage}% "; tooltip = false; }; - memory = {format = "{}% ";}; + memory = { + format = "{}% "; + }; network = { interval = 1; format-alt = "{ifname}: {ipaddr}/{cidr}"; @@ -86,7 +99,11 @@ format-bluetooth-muted = " {icon} {format_source}"; format-icons = { car = ""; - default = [" " " " " "]; + default = [ + " " + " " + " " + ]; handsfree = ""; headphones = " "; headset = ""; @@ -98,23 +115,32 @@ format-source-muted = ""; on-click = "${pkgs.pavucontrol}/bin/pavucontrol"; }; - "wlr/mode" = {format = ''{}'';}; + "wlr/mode" = { + format = ''{}''; + }; temperature = { critical-threshold = 80; format = "{temperatureC}°C {icon}"; - format-icons = ["" "" ""]; + format-icons = [ + "" + "" + "" + ]; hwmon-path = "/sys/class/hwmon/hwmon2/temp1_input"; # picard FIXME # hwmon-path = "/sys/class/thermal/thermal_zone4/temp"; # thinkpad }; backlight = { device = "ddcci2"; format = "{percent}% {icon}"; - format-icons = [" " " "]; + format-icons = [ + " " + " " + ]; }; }; }; }; # waybar needs the hyprctl binary in PATH when started in hyprland - systemd.user.services.waybar.Service.Environment = "PATH=${lib.makeBinPath [pkgs.hyprland]}"; + systemd.user.services.waybar.Service.Environment = "PATH=${lib.makeBinPath [ pkgs.hyprland ]}"; } diff --git a/hmModules/wayvnc/default.nix b/hmModules/wayvnc/default.nix index 5f9e090..ccccd7b 100644 --- a/hmModules/wayvnc/default.nix +++ b/hmModules/wayvnc/default.nix @@ -4,13 +4,14 @@ vpn, hostname, ... -}: { +}: +{ systemd.user.services.wayvnc = { - Install.WantedBy = ["graphical-session.target"]; + Install.WantedBy = [ "graphical-session.target" ]; Unit = { Description = "WayVNC"; - PartOf = ["graphical-session.target"]; + PartOf = [ "graphical-session.target" ]; }; Service = { diff --git a/hmModules/wezterm/default.nix b/hmModules/wezterm/default.nix index f6b0fcf..f7baef1 100644 --- a/hmModules/wezterm/default.nix +++ b/hmModules/wezterm/default.nix @@ -2,12 +2,12 @@ pkgs, hostname, ... -}: { +}: +{ programs.wezterm = { enable = true; package = - if hostname == "pircard" - then + if hostname == "pircard" then (pkgs.wezterm.overrideAttrs (old: rec { pname = "wezterm"; version = "20240406-cce0706"; @@ -24,43 +24,40 @@ "xcb-imdkit-0.3.0" = "sha256-fTpJ6uNhjmCWv7dZqVgYuS2Uic36XNYTbqlaly5QBjI="; }; }; - patches = - (old.patches or []) - ++ [ - (pkgs.fetchpatch { - # fix(wayland): ensure repaint event is sent in show - url = "https://patch-diff.githubusercontent.com/raw/wez/wezterm/pull/5264.patch"; - hash = "sha256-c+frVaBEL0h3PJvNu3AW2iap+uUXBY8olbm7Wsxuh4Q="; - }) - (pkgs.writeText - "wezterm-remove_capabilities.patch" - '' - diff --git a/window/src/os/wayland/seat.rs b/window/src/os/wayland/seat.rs - index 3798f4259..e91591130 100644 - --- a/window/src/os/wayland/seat.rs - +++ b/window/src/os/wayland/seat.rs - @@ -65,9 +65,15 @@ impl SeatHandler for WaylandState { - _conn: &Connection, - _qh: &QueueHandle, - _seat: WlSeat, - - _capability: smithay_client_toolkit::seat::Capability, - + capability: smithay_client_toolkit::seat::Capability, - ) { - - todo!() - + if capability == Capability::Keyboard && self.keyboard.is_some() { - + self.keyboard.take().unwrap().release(); - + } - + - + if capability == Capability::Pointer && self.pointer.is_some() { - + self.pointer = None; - + } - } + patches = (old.patches or [ ]) ++ [ + (pkgs.fetchpatch { + # fix(wayland): ensure repaint event is sent in show + url = "https://patch-diff.githubusercontent.com/raw/wez/wezterm/pull/5264.patch"; + hash = "sha256-c+frVaBEL0h3PJvNu3AW2iap+uUXBY8olbm7Wsxuh4Q="; + }) + (pkgs.writeText "wezterm-remove_capabilities.patch" '' + diff --git a/window/src/os/wayland/seat.rs b/window/src/os/wayland/seat.rs + index 3798f4259..e91591130 100644 + --- a/window/src/os/wayland/seat.rs + +++ b/window/src/os/wayland/seat.rs + @@ -65,9 +65,15 @@ impl SeatHandler for WaylandState { + _conn: &Connection, + _qh: &QueueHandle, + _seat: WlSeat, + - _capability: smithay_client_toolkit::seat::Capability, + + capability: smithay_client_toolkit::seat::Capability, + ) { + - todo!() + + if capability == Capability::Keyboard && self.keyboard.is_some() { + + self.keyboard.take().unwrap().release(); + + } + + + + if capability == Capability::Pointer && self.pointer.is_some() { + + self.pointer = None; + + } + } - fn remove_seat(&mut self, _conn: &Connection, _qh: &QueueHandle, _seat: WlSeat) { - '') - ]; + fn remove_seat(&mut self, _conn: &Connection, _qh: &QueueHandle, _seat: WlSeat) { + '') + ]; })) - else pkgs.wezterm; + else + pkgs.wezterm; extraConfig = '' return { diff --git a/hmModules/whatsapp/default.nix b/hmModules/whatsapp/default.nix index 5d0335a..b3f0a90 100644 --- a/hmModules/whatsapp/default.nix +++ b/hmModules/whatsapp/default.nix @@ -1,12 +1,13 @@ -{pkgs, ...}: { - home.packages = [pkgs.whatsapp-for-linux]; +{ pkgs, ... }: +{ + home.packages = [ pkgs.whatsapp-for-linux ]; systemd.user.services.whatsapp = { - Install.WantedBy = ["graphical-session.target"]; + Install.WantedBy = [ "graphical-session.target" ]; Unit = { Description = "Whatsapp"; - PartOf = ["graphical-session.target"]; + PartOf = [ "graphical-session.target" ]; }; Service = { diff --git a/hmModules/wine/default.nix b/hmModules/wine/default.nix index e1f674a..a499a37 100644 --- a/hmModules/wine/default.nix +++ b/hmModules/wine/default.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ home.packages = with pkgs; [ winetricks wineWowPackages.waylandFull diff --git a/hmModules/xdg/default.nix b/hmModules/xdg/default.nix index 858798f..bdcfdeb 100644 --- a/hmModules/xdg/default.nix +++ b/hmModules/xdg/default.nix @@ -1,11 +1,12 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ xdg = { enable = true; mimeApps.enable = true; mimeApps.defaultApplications = { - "text/html" = ["firefox.desktop"]; - "x-scheme-handler/http" = ["firefox.desktop"]; - "x-scheme-handler/https" = ["firefox.desktop"]; + "text/html" = [ "firefox.desktop" ]; + "x-scheme-handler/http" = [ "firefox.desktop" ]; + "x-scheme-handler/https" = [ "firefox.desktop" ]; }; desktopEntries = { org-protocol = { @@ -13,16 +14,20 @@ genericName = "Org protocol"; exec = "emacsclient -- %u"; terminal = false; - mimeType = ["x-scheme-handler/org-protocol"]; + mimeType = [ "x-scheme-handler/org-protocol" ]; }; firefox = { name = "firefox"; genericName = "Firefox protocol"; exec = "firefox -- %U"; terminal = false; - mimeType = ["text/html" "text/xml" "text/uri"]; + mimeType = [ + "text/html" + "text/xml" + "text/uri" + ]; }; }; }; - home.packages = [pkgs.xdg-utils]; + home.packages = [ pkgs.xdg-utils ]; } diff --git a/hmModules/zmkbatx/default.nix b/hmModules/zmkbatx/default.nix index 64771fc..b7f9065 100644 --- a/hmModules/zmkbatx/default.nix +++ b/hmModules/zmkbatx/default.nix @@ -2,11 +2,15 @@ pkgs, lib, ... -}: { - home.packages = [pkgs.zmkBATx]; +}: +{ + home.packages = [ pkgs.zmkBATx ]; systemd.user.services.zmkBATx = { - Install.WantedBy = ["graphical-session.target" "waybar.service"]; + Install.WantedBy = [ + "graphical-session.target" + "waybar.service" + ]; Unit = { Description = "zmkBATx"; diff --git a/hmModules/zulip/default.nix b/hmModules/zulip/default.nix index f598162..40cdfb2 100644 --- a/hmModules/zulip/default.nix +++ b/hmModules/zulip/default.nix @@ -1,3 +1,4 @@ -{pkgs, ...}: { - home.packages = [pkgs.zulip]; +{ pkgs, ... }: +{ + home.packages = [ pkgs.zulip ]; } diff --git a/hosts/archer/default.nix b/hosts/archer/default.nix index 9437ec4..de91621 100644 --- a/hosts/archer/default.nix +++ b/hosts/archer/default.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ environment.systemPackages = [ pkgs.vim ]; diff --git a/hosts/beebox/default.nix b/hosts/beebox/default.nix index d99b8b1..538b6cf 100644 --- a/hosts/beebox/default.nix +++ b/hosts/beebox/default.nix @@ -1,9 +1,8 @@ { fleetModules, - pkgs, - lib, ... -}: { +}: +{ imports = [ ./hardware-configuration.nix diff --git a/hosts/beebox/hardware-configuration.nix b/hosts/beebox/hardware-configuration.nix index 5ea0dce..56c4753 100644 --- a/hosts/beebox/hardware-configuration.nix +++ b/hosts/beebox/hardware-configuration.nix @@ -7,15 +7,22 @@ pkgs, modulesPath, ... -}: { +}: +{ imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "usb_storage" "usbhid" "sd_mod"]; - boot.initrd.kernelModules = []; - boot.kernelModules = ["kvm-intel"]; - boot.extraModulePackages = []; + boot.initrd.availableKernelModules = [ + "ahci" + "xhci_pci" + "usb_storage" + "usbhid" + "sd_mod" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; @@ -31,7 +38,7 @@ }; swapDevices = [ - {device = "/dev/disk/by-label/swap";} + { device = "/dev/disk/by-label/swap"; } ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking diff --git a/hosts/default.nix b/hosts/default.nix index a96b64b..748d6a4 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -1,16 +1,14 @@ { - self, - lib, - config, inputs, ... -}: { - imports = [./module.nix]; +}: +{ + imports = [ ./module.nix ]; fleet = { - darwinHosts.archer = {}; + darwinHosts.archer = { }; - nixOnDroidHosts.janeway = {}; + nixOnDroidHosts.janeway = { }; hosts = { # thinkpad = { @@ -74,10 +72,11 @@ # }; deltaflyer = { - nixpkgs = let - # keep in sync with https://github.com/NixOS/mobile-nixos/blob/development/pkgs.nix - rev = "44d0940ea560dee511026a53f0e2e2cde489b4d4"; - in + nixpkgs = + let + # keep in sync with https://github.com/NixOS/mobile-nixos/blob/development/pkgs.nix + rev = "44d0940ea560dee511026a53f0e2e2cde489b4d4"; + in builtins.getFlake "github:NixOS/nixpkgs/${rev}"; extraHmModules = [ # inputs.ccrEmacs.hmModules.default @@ -88,10 +87,10 @@ }; homeManager = builtins.getFlake "github:nix-community/home-manager/670d9ecc3e46a6e3265c203c2d136031a3d3548e"; extraModules = [ - (import "${inputs.mobile-nixos}/lib/configuration.nix" {device = "oneplus-fajita";}) + (import "${inputs.mobile-nixos}/lib/configuration.nix" { device = "oneplus-fajita"; }) ]; secrets = { - "deltaflyer-wireguard-private-key" = {}; + "deltaflyer-wireguard-private-key" = { }; "chatgpt-token".owner = "ccr"; }; }; @@ -111,12 +110,12 @@ "${inputs.homeManagerGitWorkspace}/modules/services/git-workspace.nix" ]; secrets = { - "kirk-wireguard-private-key" = {}; + "kirk-wireguard-private-key" = { }; "chatgpt-token".owner = "ccr"; "cachix-personal-token".owner = "ccr"; "git-workspace-tokens".owner = "ccr"; "autistici-password".owner = "ccr"; - "restic-hetzner-password" = {}; + "restic-hetzner-password" = { }; }; }; @@ -137,7 +136,7 @@ inputs.vscode-server.nixosModules.home ]; secrets = { - "picard-wireguard-private-key" = {}; + "picard-wireguard-private-key" = { }; "chatgpt-token".owner = "ccr"; "cachix-personal-token".owner = "ccr"; "hercules-ci-join-token".owner = "hercules-ci-agent"; @@ -145,7 +144,7 @@ "hercules-ci-secrets-json".owner = "hercules-ci-agent"; "git-workspace-tokens".owner = "ccr"; "autistici-password".owner = "ccr"; - "restic-hetzner-password" = {}; + "restic-hetzner-password" = { }; "aws-credentials".owner = "hercules-ci-agent"; "forgejo-runners-token".owner = "nixuser"; "forgejo-nix-access-tokens".owner = "nixuser"; @@ -166,7 +165,7 @@ # rock5b.nixosModules.default ]; secrets = { - "sisko-wireguard-private-key" = {}; + "sisko-wireguard-private-key" = { }; "hercules-ci-join-token".owner = "hercules-ci-agent"; "hercules-ci-binary-caches".owner = "hercules-ci-agent"; "hercules-ci-secrets-json".owner = "hercules-ci-agent"; @@ -174,8 +173,8 @@ "home-planimetry".owner = "hass"; "home-assistant-token".owner = "prometheus"; "grafana-password".owner = "grafana"; - "cloudflare-dyndns-api-token" = {}; - "restic-hetzner-password" = {}; + "cloudflare-dyndns-api-token" = { }; + "restic-hetzner-password" = { }; # "minio-credentials".owner = "minio"; # "aws-credentials".owner = "hercules-ci-agent"; "hass-ssh-key".owner = "hass"; diff --git a/hosts/deltaflyer/default.nix b/hosts/deltaflyer/default.nix index 915f695..70f479f 100644 --- a/hosts/deltaflyer/default.nix +++ b/hosts/deltaflyer/default.nix @@ -3,7 +3,8 @@ lib, pkgs, ... -}: { +}: +{ imports = fleetModules [ "common" @@ -41,7 +42,10 @@ # Networking, modem and misc. { # Ensures any rndis config from stage-1 is not clobbered by NetworkManager - networking.networkmanager.unmanaged = ["rndis0" "usb0"]; + networking.networkmanager.unmanaged = [ + "rndis0" + "usb0" + ]; # Setup USB gadget networking in initrd... mobile.boot.stage-1.networking.enable = lib.mkDefault true; @@ -75,13 +79,14 @@ "video" "wheel" ]; - backupPaths = []; + backupPaths = [ ]; }; } { system.stateVersion = "24.11"; - nixpkgs.config.allowUnfreePredicate = pkg: + nixpkgs.config.allowUnfreePredicate = + pkg: builtins.elem (lib.getName pkg) [ "oneplus-sdm845-firmware-zstd" "oneplus-sdm845-firmware-xz" @@ -106,21 +111,23 @@ bind = $mod, r, exec, rotate-screen hor bind = $mod SHIFT, r, exec, rotate-screen ver ''; - home.packages = let - rotateScript = pkgs.writeShellApplication { - name = "rotate-screen"; - runtimeInputs = [pkgs.hyprland]; - text = '' - if [[ "$1" == "hor" ]]; then - hyprctl keyword monitor DSI-1,1080x2340,0x0,2,transform,1 - hyprctl keyword input:touchdevice:transform 1 - elif [[ "$1" == "ver" ]]; then - hyprctl keyword monitor DSI-1,1080x2340,0x0,2,transform,0 - hyprctl keyword input:touchdevice:transform 0 - fi - ''; - }; - in [rotateScript]; + home.packages = + let + rotateScript = pkgs.writeShellApplication { + name = "rotate-screen"; + runtimeInputs = [ pkgs.hyprland ]; + text = '' + if [[ "$1" == "hor" ]]; then + hyprctl keyword monitor DSI-1,1080x2340,0x0,2,transform,1 + hyprctl keyword input:touchdevice:transform 1 + elif [[ "$1" == "ver" ]]; then + hyprctl keyword monitor DSI-1,1080x2340,0x0,2,transform,0 + hyprctl keyword input:touchdevice:transform 0 + fi + ''; + }; + in + [ rotateScript ]; services.swayidle.enable = lib.mkForce false; } ]; @@ -138,7 +145,13 @@ zramSwap.enable = lib.mkDefault true; - boot.binfmt.emulatedSystems = lib.mkForce ["x86_64-linux" "i686-linux" "i386-linux" "i486-linux" "i586-linux"]; + boot.binfmt.emulatedSystems = lib.mkForce [ + "x86_64-linux" + "i686-linux" + "i386-linux" + "i486-linux" + "i586-linux" + ]; } ]; } diff --git a/hosts/deltaflyer/plasma-mobile.nix b/hosts/deltaflyer/plasma-mobile.nix index 7206c5e..35c6f86 100644 --- a/hosts/deltaflyer/plasma-mobile.nix +++ b/hosts/deltaflyer/plasma-mobile.nix @@ -2,11 +2,10 @@ # Minimum config used to enable Plasma Mobile. # { - config, lib, - pkgs, ... -}: { +}: +{ mobile.beautification = { silentBoot = lib.mkDefault false; splash = lib.mkDefault false; diff --git a/hosts/devbox/default.nix b/hosts/devbox/default.nix index a3b3793..599bc62 100644 --- a/hosts/devbox/default.nix +++ b/hosts/devbox/default.nix @@ -4,7 +4,8 @@ lib, pkgs, ... -}: { +}: +{ imports = [ (modulesPath + "/installer/scan/not-detected.nix") @@ -42,17 +43,29 @@ }; fonts = { - fonts = with pkgs; [powerline-fonts dejavu_fonts fira-code fira-code-symbols emacs-all-the-icons-fonts nerdfonts joypixels etBook]; + fonts = with pkgs; [ + powerline-fonts + dejavu_fonts + fira-code + fira-code-symbols + emacs-all-the-icons-fonts + nerdfonts + joypixels + etBook + ]; fontconfig.defaultFonts = { - monospace = ["DejaVu Sans Mono for Powerline"]; - sansSerif = ["DejaVu Sans"]; - serif = ["DejaVu Serif"]; + monospace = [ "DejaVu Sans Mono for Powerline" ]; + sansSerif = [ "DejaVu Sans" ]; + serif = [ "DejaVu Serif" ]; }; }; nixpkgs.config.joypixels.acceptLicense = true; - environment.systemPackages = with pkgs; [waypipe firefox]; + environment.systemPackages = with pkgs; [ + waypipe + firefox + ]; programs.mosh.enable = true; @@ -61,7 +74,7 @@ }; boot.loader.grub = { - devices = ["/dev/sda"]; + devices = [ "/dev/sda" ]; efiSupport = true; efiInstallAsRemovable = true; }; diff --git a/hosts/devbox/disko.nix b/hosts/devbox/disko.nix index bdf06b4..0a891ca 100644 --- a/hosts/devbox/disko.nix +++ b/hosts/devbox/disko.nix @@ -1,9 +1,10 @@ # Example to create a bios compatible gpt partition { lib, - disks ? ["/dev/sda"], + disks ? [ "/dev/sda" ], ... -}: { +}: +{ disk = lib.genAttrs disks (dev: { device = dev; type = "disk"; @@ -17,7 +18,7 @@ start = "0"; end = "1M"; part-type = "primary"; - flags = ["bios_grub"]; + flags = [ "bios_grub" ]; } { type = "partition"; diff --git a/hosts/hs/default.nix b/hosts/hs/default.nix index d1bbafb..407d8f6 100644 --- a/hosts/hs/default.nix +++ b/hosts/hs/default.nix @@ -4,7 +4,8 @@ lib, config, ... -}: { +}: +{ imports = [ ./hardware-configuration.nix @@ -21,7 +22,7 @@ "shell" "git" ]; - packages = []; + packages = [ ]; extraGroups = [ "wheel" "fuse" @@ -31,7 +32,7 @@ systemd.services.standby-sdb = { description = "Set spindown time (sleep) for /dev/sdb "; - wantedBy = ["multi-user.target"]; + wantedBy = [ "multi-user.target" ]; serviceConfig = { Type = "oneshot"; ExecStart = "${pkgs.hdparm}/bin/hdparm -B 127 -S 241 /dev/sdb"; @@ -40,7 +41,7 @@ systemd.services.standby-sdc = { description = "Set spindown time (sleep) for /dev/sdc "; - wantedBy = ["multi-user.target"]; + wantedBy = [ "multi-user.target" ]; serviceConfig = { Type = "oneshot"; ExecStart = "${pkgs.hdparm}/bin/hdparm -B 127 -S 241 /dev/sdc"; @@ -54,7 +55,7 @@ isSystemUser = true; group = "amule"; }; - users.groups."amule" = {}; + users.groups."amule" = { }; services = { samba-wsdd = { @@ -261,33 +262,35 @@ }; }; - systemd.services.ydns = let - ydnsUpdater = pkgs.writeScriptBin "ydnsUpdater" '' - USER="andrea.ciceri@autistici.org" - PASSWORD=$(cat /home/ccr/.ydns-password) - DOMAIN="ccr.ydns.eu" - for SUBDOMAIN in "books" "music" "sync" "torrent" "gate" - do - HOST="$SUBDOMAIN.$DOMAIN" - ${pkgs.curl}/bin/curl --basic -u "$USER:$PASSWORD" --silent https://ydns.io/api/v1/update/?host=$HOST - done - ${pkgs.curl}/bin/curl --basic -u "$USER:$PASSWORD" --silent https://ydns.io/api/v1/update/?host=$DOMAIN - ''; - in { - description = "YDNS IP updater"; - wantedBy = ["multi-user.target"]; - after = ["network.target"]; - serviceConfig = { - User = "root"; - Type = "oneshot"; - ExecStart = "${pkgs.bash}/bin/bash ${ydnsUpdater}/bin/ydnsUpdater"; + systemd.services.ydns = + let + ydnsUpdater = pkgs.writeScriptBin "ydnsUpdater" '' + USER="andrea.ciceri@autistici.org" + PASSWORD=$(cat /home/ccr/.ydns-password) + DOMAIN="ccr.ydns.eu" + for SUBDOMAIN in "books" "music" "sync" "torrent" "gate" + do + HOST="$SUBDOMAIN.$DOMAIN" + ${pkgs.curl}/bin/curl --basic -u "$USER:$PASSWORD" --silent https://ydns.io/api/v1/update/?host=$HOST + done + ${pkgs.curl}/bin/curl --basic -u "$USER:$PASSWORD" --silent https://ydns.io/api/v1/update/?host=$DOMAIN + ''; + in + { + description = "YDNS IP updater"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + serviceConfig = { + User = "root"; + Type = "oneshot"; + ExecStart = "${pkgs.bash}/bin/bash ${ydnsUpdater}/bin/ydnsUpdater"; + }; }; - }; systemd.services.wstunnel = { description = "WSTunnel"; - wantedBy = ["multi-user.target"]; - after = ["network.target"]; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; serviceConfig = { User = "root"; Type = "oneshot"; @@ -297,8 +300,8 @@ # TODO It seems to not work systemd.timers.ydnsUpdater = { - wantedBy = ["timers.target"]; - partOf = ["ydnsUpdater.service"]; + wantedBy = [ "timers.target" ]; + partOf = [ "ydnsUpdater.service" ]; timerConfig = { OnCalendar = "*-*-* *:00:00"; # hourly Unit = "ydnsUpdater.service"; @@ -330,13 +333,13 @@ networking.nat.enable = true; networking.nat.externalInterface = "enp0s10"; - networking.nat.internalInterfaces = ["wg0"]; + networking.nat.internalInterfaces = [ "wg0" ]; networking.wireguard.interfaces = { # "wg0" is the network interface name. You can name the interface arbitrarily. wg0 = { # Determines the IP address and subnet of the server's end of the tunnel interface. - ips = ["10.100.0.1/24"]; + ips = [ "10.100.0.1/24" ]; # The port that WireGuard listens to. Must be accessible by the client. listenPort = 51820; @@ -366,7 +369,7 @@ # Public key of the peer (not a file path). publicKey = "fCwjd75CefC9A7WqO7s3xfOk2nRcoTKfnAzDT6Lc5AA="; # List of IPs assigned to this peer within the tunnel subnet. Used to configure routing. - allowedIPs = ["10.100.0.2/32"]; + allowedIPs = [ "10.100.0.2/32" ]; } ]; }; diff --git a/hosts/hs/hardware-configuration.nix b/hosts/hs/hardware-configuration.nix index e573bf0..308318a 100644 --- a/hosts/hs/hardware-configuration.nix +++ b/hosts/hs/hardware-configuration.nix @@ -1,6 +1,14 @@ -{lib, ...}: { +{ lib, ... }: +{ boot = { - initrd.availableKernelModules = ["ohci_pci" "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod"]; + initrd.availableKernelModules = [ + "ohci_pci" + "ehci_pci" + "ahci" + "usb_storage" + "usbhid" + "sd_mod" + ]; loader.grub = lib.mkForce { enable = true; version = 2; @@ -23,5 +31,5 @@ }; }; - swapDevices = [{device = "/dev/disk/by-label/swap";}]; + swapDevices = [ { device = "/dev/disk/by-label/swap"; } ]; } diff --git a/hosts/janeway/default.nix b/hosts/janeway/default.nix index ecaee5a..150e4e0 100644 --- a/hosts/janeway/default.nix +++ b/hosts/janeway/default.nix @@ -1,14 +1,15 @@ { config, - lib, pkgs, fleetFlake, ... -}: let +}: +let sshdTmpDirectory = "${config.user.home}/sshd-tmp"; sshdDirectory = "${config.user.home}/sshd"; port = 8022; -in { +in +{ # Backup etc files instead of failing to activate generation if a file already exists in /etc environment.etcBackupExtension = ".bak"; @@ -23,54 +24,60 @@ in { # Set your time zone time.timeZone = "Europe/Rome"; - home-manager.config = {pkgs, ...}: { - home.stateVersion = "24.05"; - _module.args = { - hostname = "janeway"; - age.secrets = {}; + home-manager.config = + { ... }: + { + home.stateVersion = "24.05"; + _module.args = { + hostname = "janeway"; + age.secrets = { }; + }; + imports = [ ../../hmModules/shell ]; }; - imports = [../../hmModules/shell]; - }; - build.activation.sshd = let - keys = (builtins.import ../../lib).keys; - inherit (keys) hosts users; - in '' - $DRY_RUN_CMD mkdir $VERBOSE_ARG --parents "${config.user.home}/.ssh" - $DRY_RUN_CMD echo ${hosts.picard} > "${config.user.home}/.ssh/authorized_keys" - $DRY_RUN_CMD echo ${hosts.sisko} >> "${config.user.home}/.ssh/authorized_keys" - $DRY_RUN_CMD echo ${hosts.kirk} >> "${config.user.home}/.ssh/authorized_keys" - $DRY_RUN_CMD echo ${users.ccr-ssh} >> "${config.user.home}/.ssh/authorized_keys" - $DRY_RUN_CMD echo ${users.ccr-gpg} >> "${config.user.home}/.ssh/authorized_keys" + build.activation.sshd = + let + keys = (builtins.import ../../lib).keys; + inherit (keys) hosts users; + in + '' + $DRY_RUN_CMD mkdir $VERBOSE_ARG --parents "${config.user.home}/.ssh" + $DRY_RUN_CMD echo ${hosts.picard} > "${config.user.home}/.ssh/authorized_keys" + $DRY_RUN_CMD echo ${hosts.sisko} >> "${config.user.home}/.ssh/authorized_keys" + $DRY_RUN_CMD echo ${hosts.kirk} >> "${config.user.home}/.ssh/authorized_keys" + $DRY_RUN_CMD echo ${users.ccr-ssh} >> "${config.user.home}/.ssh/authorized_keys" + $DRY_RUN_CMD echo ${users.ccr-gpg} >> "${config.user.home}/.ssh/authorized_keys" - if [[ ! -d "${sshdDirectory}" ]]; then - $DRY_RUN_CMD rm $VERBOSE_ARG --recursive --force "${sshdTmpDirectory}" - $DRY_RUN_CMD mkdir $VERBOSE_ARG --parents "${sshdTmpDirectory}" + if [[ ! -d "${sshdDirectory}" ]]; then + $DRY_RUN_CMD rm $VERBOSE_ARG --recursive --force "${sshdTmpDirectory}" + $DRY_RUN_CMD mkdir $VERBOSE_ARG --parents "${sshdTmpDirectory}" - $VERBOSE_ECHO "Generating host keys..." - $DRY_RUN_CMD ${pkgs.openssh}/bin/ssh-keygen -t rsa -b 4096 -f "${sshdTmpDirectory}/ssh_host_rsa_key" -N "" + $VERBOSE_ECHO "Generating host keys..." + $DRY_RUN_CMD ${pkgs.openssh}/bin/ssh-keygen -t rsa -b 4096 -f "${sshdTmpDirectory}/ssh_host_rsa_key" -N "" - $VERBOSE_ECHO "Writing sshd_config..." - $DRY_RUN_CMD echo -e "HostKey ${sshdDirectory}/ssh_host_rsa_key\nPort ${toString port}\n" > "${sshdTmpDirectory}/sshd_config" + $VERBOSE_ECHO "Writing sshd_config..." + $DRY_RUN_CMD echo -e "HostKey ${sshdDirectory}/ssh_host_rsa_key\nPort ${toString port}\n" > "${sshdTmpDirectory}/sshd_config" - $DRY_RUN_CMD mv $VERBOSE_ARG "${sshdTmpDirectory}" "${sshdDirectory}" - fi - ''; + $DRY_RUN_CMD mv $VERBOSE_ARG "${sshdTmpDirectory}" "${sshdDirectory}" + fi + ''; - environment.packages = let - inherit (fleetFlake.inputs.ccrEmacs.packages.aarch64-linux) ccrEmacs; - in [ - pkgs.bottom - pkgs.helix - pkgs.stress - pkgs.openssh - pkgs.git - pkgs.btop - ccrEmacs - (pkgs.writeScriptBin "sshd-start" '' - #!${pkgs.runtimeShell} - echo "Starting sshd in non-daemonized way on port ${toString port}" - ${pkgs.openssh}/bin/sshd -f "${sshdDirectory}/sshd_config" -D - '') - ]; + environment.packages = + let + inherit (fleetFlake.inputs.ccrEmacs.packages.aarch64-linux) ccrEmacs; + in + [ + pkgs.bottom + pkgs.helix + pkgs.stress + pkgs.openssh + pkgs.git + pkgs.btop + ccrEmacs + (pkgs.writeScriptBin "sshd-start" '' + #!${pkgs.runtimeShell} + echo "Starting sshd in non-daemonized way on port ${toString port}" + ${pkgs.openssh}/bin/sshd -f "${sshdDirectory}/sshd_config" -D + '') + ]; } diff --git a/hosts/kirk/default.nix b/hosts/kirk/default.nix index 64873e6..e1fb82d 100644 --- a/hosts/kirk/default.nix +++ b/hosts/kirk/default.nix @@ -1,10 +1,10 @@ { fleetModules, lib, - pkgs, config, ... -}: { +}: +{ imports = fleetModules [ "common" @@ -67,11 +67,11 @@ "zulip" "calibre" ]; - extraGroups = []; - backupPaths = []; + extraGroups = [ ]; + backupPaths = [ ]; }; - boot.initrd.kernelModules = ["i915"]; + boot.initrd.kernelModules = [ "i915" ]; boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" diff --git a/hosts/module.nix b/hosts/module.nix index cfc1bdd..03cc8d6 100644 --- a/hosts/module.nix +++ b/hosts/module.nix @@ -8,107 +8,208 @@ config, inputs, ... -} @ flakePartsArgs: let +}: +let cfg = config.fleet; -in { +in +{ options.fleet = { darwinHosts = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { - options = { - name = lib.mkOption { - description = "Host name"; - type = lib.types.strMatching "^$|^[[:alnum:]]([[:alnum:]_-]{0,61}[[:alnum:]])?$"; - default = name; - }; - system = lib.mkOption { - description = "NixOS architecture (a.k.a. system)"; - type = lib.types.str; - default = "x86_64-darwin"; - }; - nixpkgs = lib.mkOption { - description = "Used nixpkgs"; - type = lib.types.anything; - default = inputs.nixpkgs; - }; - extraModules = lib.mkOption { - description = "Extra NixOS modules"; - type = lib.types.listOf lib.types.deferredModule; - default = []; - }; - overlays = lib.mkOption { - description = "Enabled Nixpkgs overlays"; - type = lib.types.listOf (lib.mkOptionType { - name = "nixpkgs-overlay"; - description = "nixpkgs overlay"; - check = lib.isFunction; - merge = lib.mergeOneOption; - }); - default = []; - }; - }; - })); + type = lib.types.attrsOf ( + lib.types.submodule ( + { name, ... }: + { + options = { + name = lib.mkOption { + description = "Host name"; + type = lib.types.strMatching "^$|^[[:alnum:]]([[:alnum:]_-]{0,61}[[:alnum:]])?$"; + default = name; + }; + system = lib.mkOption { + description = "NixOS architecture (a.k.a. system)"; + type = lib.types.str; + default = "x86_64-darwin"; + }; + nixpkgs = lib.mkOption { + description = "Used nixpkgs"; + type = lib.types.anything; + default = inputs.nixpkgs; + }; + extraModules = lib.mkOption { + description = "Extra NixOS modules"; + type = lib.types.listOf lib.types.deferredModule; + default = [ ]; + }; + overlays = lib.mkOption { + description = "Enabled Nixpkgs overlays"; + type = lib.types.listOf ( + lib.mkOptionType { + name = "nixpkgs-overlay"; + description = "nixpkgs overlay"; + check = lib.isFunction; + merge = lib.mergeOneOption; + } + ); + default = [ ]; + }; + }; + } + ) + ); }; nixOnDroidHosts = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { - options = { - name = lib.mkOption { - description = "Host name"; - type = lib.types.strMatching "^$|^[[:alnum:]]([[:alnum:]_-]{0,61}[[:alnum:]])?$"; - default = name; - }; - system = lib.mkOption { - description = "NixOS architecture (a.k.a. system)"; - type = lib.types.str; - default = "aarch64-linux"; - }; - nixpkgs = lib.mkOption { - description = "Used nixpkgs"; - type = lib.types.anything; - default = inputs.nixpkgs; - }; - extraModules = lib.mkOption { - description = "Extra NixOS modules"; - type = lib.types.listOf lib.types.deferredModule; - default = []; - }; - overlays = lib.mkOption { - description = "Enabled Nixpkgs overlays"; - type = lib.types.listOf (lib.mkOptionType { - name = "nixpkgs-overlay"; - description = "nixpkgs overlay"; - check = lib.isFunction; - merge = lib.mergeOneOption; - }); - default = []; - }; - }; - })); + type = lib.types.attrsOf ( + lib.types.submodule ( + { name, ... }: + { + options = { + name = lib.mkOption { + description = "Host name"; + type = lib.types.strMatching "^$|^[[:alnum:]]([[:alnum:]_-]{0,61}[[:alnum:]])?$"; + default = name; + }; + system = lib.mkOption { + description = "NixOS architecture (a.k.a. system)"; + type = lib.types.str; + default = "aarch64-linux"; + }; + nixpkgs = lib.mkOption { + description = "Used nixpkgs"; + type = lib.types.anything; + default = inputs.nixpkgs; + }; + extraModules = lib.mkOption { + description = "Extra NixOS modules"; + type = lib.types.listOf lib.types.deferredModule; + default = [ ]; + }; + overlays = lib.mkOption { + description = "Enabled Nixpkgs overlays"; + type = lib.types.listOf ( + lib.mkOptionType { + name = "nixpkgs-overlay"; + description = "nixpkgs overlay"; + check = lib.isFunction; + merge = lib.mergeOneOption; + } + ); + default = [ ]; + }; + }; + } + ) + ); }; hosts = lib.mkOption { description = "Host configuration"; - type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { - options = { - name = lib.mkOption { - description = "Host name"; - type = lib.types.strMatching "^$|^[[:alnum:]]([[:alnum:]_-]{0,61}[[:alnum:]])?$"; - default = name; - }; - system = lib.mkOption { - description = "NixOS architecture (a.k.a. system)"; - type = lib.types.str; - default = "x86_64-linux"; - }; - nixpkgs = lib.mkOption { - description = "Used nixpkgs"; - type = lib.types.anything; - default = inputs.nixpkgs; - }; - homeManager = lib.mkOption { - description = "Used home-manager"; - type = lib.types.anything; - default = inputs.homeManager; - }; - vpn = { + type = lib.types.attrsOf ( + lib.types.submodule ( + { name, ... }: + { + options = { + name = lib.mkOption { + description = "Host name"; + type = lib.types.strMatching "^$|^[[:alnum:]]([[:alnum:]_-]{0,61}[[:alnum:]])?$"; + default = name; + }; + system = lib.mkOption { + description = "NixOS architecture (a.k.a. system)"; + type = lib.types.str; + default = "x86_64-linux"; + }; + nixpkgs = lib.mkOption { + description = "Used nixpkgs"; + type = lib.types.anything; + default = inputs.nixpkgs; + }; + homeManager = lib.mkOption { + description = "Used home-manager"; + type = lib.types.anything; + default = inputs.homeManager; + }; + vpn = { + ip = lib.mkOption { + description = "Wireguard VPN ip"; + type = lib.types.str; + }; + publicKey = lib.mkOption { + description = "Wireguard public key"; + type = lib.types.str; + }; + }; + secrets = lib.mkOption { + description = "List of secrets names in the `secrets` folder"; + type = lib.types.attrsOf ( + lib.types.submodule ( + { name, ... }: + { + options = { + owner = lib.mkOption { + type = lib.types.str; + default = "root"; + }; + group = lib.mkOption { + type = lib.types.str; + default = "root"; + }; + file = lib.mkOption { + type = lib.types.path; + default = "${self.outPath}/secrets/${name}.age"; + }; + mode = lib.mkOption { + # TODO improve type + type = lib.types.str; + default = "0440"; + }; + }; + } + ) + ); + default = { }; + }; + enableHomeManager = lib.mkOption { + description = "Enable home-manager module"; + type = lib.types.bool; + default = true; + }; + overlays = lib.mkOption { + description = "Enabled Nixpkgs overlays"; + type = lib.types.listOf ( + lib.mkOptionType { + name = "nixpkgs-overlay"; + description = "nixpkgs overlay"; + check = lib.isFunction; + merge = lib.mergeOneOption; + } + ); + default = [ ]; + }; + extraModules = lib.mkOption { + description = "Extra NixOS modules"; + type = lib.types.listOf lib.types.deferredModule; + default = [ ]; + }; + extraHmModules = lib.mkOption { + description = "Extra home-manager modules"; + type = lib.types.listOf lib.types.deferredModule; + default = [ ]; + }; + extraHmModulesUser = lib.mkOption { + description = "User for which to import extraHmModulesUser"; + type = lib.types.str; + default = "ccr"; + }; + }; + config.overlays = with inputs; cfg.overlays; + } + ) + ); + default = { }; + }; + vpnExtra = lib.mkOption { + type = lib.types.attrsOf ( + lib.types.submodule { + options = { ip = lib.mkOption { description = "Wireguard VPN ip"; type = lib.types.str; @@ -118,138 +219,81 @@ in { type = lib.types.str; }; }; - secrets = lib.mkOption { - description = "List of secrets names in the `secrets` folder"; - type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { - options = { - owner = lib.mkOption { - type = lib.types.str; - default = "root"; - }; - group = lib.mkOption { - type = lib.types.str; - default = "root"; - }; - file = lib.mkOption { - type = lib.types.path; - default = "${self.outPath}/secrets/${name}.age"; - }; - mode = lib.mkOption { - # TODO improve type - type = lib.types.str; - default = "0440"; - }; - }; - })); - default = {}; - }; - enableHomeManager = lib.mkOption { - description = "Enable home-manager module"; - type = lib.types.bool; - default = true; - }; - overlays = lib.mkOption { - description = "Enabled Nixpkgs overlays"; - type = lib.types.listOf (lib.mkOptionType { - name = "nixpkgs-overlay"; - description = "nixpkgs overlay"; - check = lib.isFunction; - merge = lib.mergeOneOption; - }); - default = []; - }; - extraModules = lib.mkOption { - description = "Extra NixOS modules"; - type = lib.types.listOf lib.types.deferredModule; - default = []; - }; - extraHmModules = lib.mkOption { - description = "Extra home-manager modules"; - type = lib.types.listOf lib.types.deferredModule; - default = []; - }; - extraHmModulesUser = lib.mkOption { - description = "User for which to import extraHmModulesUser"; - type = lib.types.str; - default = "ccr"; - }; - }; - config.overlays = with inputs; cfg.overlays; - })); - default = {}; - }; - vpnExtra = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule { - options = { - ip = lib.mkOption { - description = "Wireguard VPN ip"; - type = lib.types.str; - }; - publicKey = lib.mkOption { - description = "Wireguard public key"; - type = lib.types.str; - }; - }; - }); - default = {}; + } + ); + default = { }; }; _mkNixosConfiguration = lib.mkOption { description = "Function returning a proper NixOS configuration"; type = lib.types.functionTo (lib.types.functionTo lib.types.attrs); # TODO improve this type internal = true; - default = hostname: config: + default = + hostname: config: config.nixpkgs.lib.nixosSystem { inherit (config) system; modules = [ - ({lib, ...}: { - networking.hostName = lib.mkForce hostname; - nixpkgs.overlays = config.overlays; - }) + ( + { lib, ... }: + { + networking.hostName = lib.mkForce hostname; + nixpkgs.overlays = config.overlays; + } + ) "${self.outPath}/hosts/${hostname}" ] - ++ (lib.optionals (config.secrets != []) [ + ++ (lib.optionals (config.secrets != [ ]) [ inputs.agenix.nixosModules.default - ({lib, ...}: let - allSecrets = lib.mapAttrs' (name: value: { - name = lib.removeSuffix ".age" name; - inherit value; - }) (import "${self.outPath}/secrets/secrets.nix"); - filteredSecrets = - lib.filterAttrs - (name: _: builtins.hasAttr name config.secrets) - allSecrets; - in { - age.secrets = - lib.mapAttrs' (name: _: { + ( + { lib, ... }: + let + allSecrets = lib.mapAttrs' (name: value: { + name = lib.removeSuffix ".age" name; + inherit value; + }) (import "${self.outPath}/secrets/secrets.nix"); + filteredSecrets = lib.filterAttrs (name: _: builtins.hasAttr name config.secrets) allSecrets; + in + { + age.secrets = lib.mapAttrs' (name: _: { name = builtins.baseNameOf name; value = { - inherit (config.secrets.${name}) owner group file mode; + inherit (config.secrets.${name}) + owner + group + file + mode + ; }; - }) - filteredSecrets; - }) + }) filteredSecrets; + } + ) ]) - ++ (lib.optionals config.enableHomeManager (let - user = config.extraHmModulesUser; - extraHmModules = config.extraHmModules; - in [ - config.homeManager.nixosModule - ({ - config, - pkgs, - ... - }: { - home-manager.users."${user}" = { - imports = extraHmModules; - _module.args = { - age = config.age or {}; - fleetFlake = self; - pkgsStable = inputs.nixpkgsStable.legacyPackages.${pkgs.system}; - }; - }; - }) - ])) + ++ (lib.optionals config.enableHomeManager ( + let + user = config.extraHmModulesUser; + extraHmModules = config.extraHmModules; + in + [ + config.homeManager.nixosModule + ( + { + config, + pkgs, + ... + }: + { + home-manager.users."${user}" = { + imports = extraHmModules; + _module.args = { + age = config.age or { }; + fleetFlake = self; + pkgsStable = inputs.nixpkgsStable.legacyPackages.${pkgs.system}; + }; + }; + } + ) + ] + )) ++ config.extraModules; specialArgs = { fleetModules = builtins.map (moduleName: "${self.outPath}/modules/${moduleName}"); @@ -263,18 +307,21 @@ in { description = "Function returning a proper Darwin configuration"; type = lib.types.functionTo (lib.types.functionTo lib.types.attrs); # TODO improve this type internal = true; - default = hostname: config: + default = + hostname: config: inputs.nixDarwin.lib.darwinSystem { modules = [ - ({ - lib, - pkgs, - ... - }: { - networking.hostName = lib.mkForce hostname; - nixpkgs.overlays = config.overlays; - nixpkgs.hostPlatform = config.system; - }) + ( + { + lib, + ... + }: + { + networking.hostName = lib.mkForce hostname; + nixpkgs.overlays = config.overlays; + nixpkgs.hostPlatform = config.system; + } + ) "${self.outPath}/hosts/${hostname}" ]; }; @@ -284,18 +331,20 @@ in { description = "Function returning a proper nix-on-droid configuration"; type = lib.types.functionTo (lib.types.functionTo lib.types.attrs); # TODO improve this type internal = true; - default = hostname: config: + default = + hostname: config: inputs.nix-on-droid.lib.nixOnDroidConfiguration { pkgs = inputs.nixpkgs.legacyPackages.aarch64-linux; modules = [ - ({ - lib, - pkgs, - ... - }: { - nixpkgs.overlays = config.overlays; - _module.args.fleetFlake = self; - }) + ( + { + ... + }: + { + nixpkgs.overlays = config.overlays; + _module.args.fleetFlake = self; + } + ) "${self.outPath}/hosts/${hostname}" ]; }; @@ -303,19 +352,10 @@ in { }; config = { - flake.nixosConfigurations = - lib.mapAttrs - config.fleet._mkNixosConfiguration - config.fleet.hosts; + flake.nixosConfigurations = lib.mapAttrs config.fleet._mkNixosConfiguration config.fleet.hosts; - flake.darwinConfigurations = - lib.mapAttrs - config.fleet._mkDarwinConfiguration - config.fleet.darwinHosts; + flake.darwinConfigurations = lib.mapAttrs config.fleet._mkDarwinConfiguration config.fleet.darwinHosts; - flake.nixOnDroidConfigurations = - lib.mapAttrs - config.fleet._mkNixOnDroidConfiguration - config.fleet.nixOnDroidHosts; + flake.nixOnDroidConfigurations = lib.mapAttrs config.fleet._mkNixOnDroidConfiguration config.fleet.nixOnDroidHosts; }; } diff --git a/hosts/mothership/default.nix b/hosts/mothership/default.nix index 5b0562f..dc0f9ba 100644 --- a/hosts/mothership/default.nix +++ b/hosts/mothership/default.nix @@ -5,7 +5,8 @@ pkgs, config, ... -}: { +}: +{ imports = fleetModules [ "common" "wireguard-server" @@ -57,11 +58,20 @@ }; fonts = { - fonts = with pkgs; [powerline-fonts dejavu_fonts fira-code fira-code-symbols emacs-all-the-icons-fonts nerdfonts joypixels etBook]; + fonts = with pkgs; [ + powerline-fonts + dejavu_fonts + fira-code + fira-code-symbols + emacs-all-the-icons-fonts + nerdfonts + joypixels + etBook + ]; fontconfig.defaultFonts = { - monospace = ["DejaVu Sans Mono for Powerline"]; - sansSerif = ["DejaVu Sans"]; - serif = ["DejaVu Serif"]; + monospace = [ "DejaVu Sans Mono for Powerline" ]; + sansSerif = [ "DejaVu Sans" ]; + serif = [ "DejaVu Serif" ]; }; }; @@ -69,16 +79,21 @@ nixpkgs.config.joypixels.acceptLicense = true; - environment.systemPackages = with pkgs; [waypipe]; + environment.systemPackages = with pkgs; [ waypipe ]; programs.dconf.enable = true; programs.mosh.enable = true; - boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid"]; - boot.initrd.kernelModules = []; - boot.kernelModules = ["kvm-intel"]; - boot.extraModulePackages = []; + boot.initrd.availableKernelModules = [ + "xhci_pci" + "ahci" + "nvme" + "usbhid" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; boot.loader.efi.canTouchEfiVariables = true; boot.loader.systemd-boot = { diff --git a/hosts/mothership/disko.nix b/hosts/mothership/disko.nix index 0c71d4a..2078a8f 100644 --- a/hosts/mothership/disko.nix +++ b/hosts/mothership/disko.nix @@ -1,8 +1,11 @@ { - lib, - disks ? ["/dev/nvme0n1" "/dev/nvme1n1"], + disks ? [ + "/dev/nvme0n1" + "/dev/nvme1n1" + ], ... -}: { +}: +{ disk = { x = { type = "disk"; diff --git a/hosts/oneplus5t/default.nix b/hosts/oneplus5t/default.nix index 990d6c9..2d4a904 100644 --- a/hosts/oneplus5t/default.nix +++ b/hosts/oneplus5t/default.nix @@ -1,9 +1,7 @@ { - config, - lib, - pkgs, ... -}: { +}: +{ signing.enable = true; # apps.prebuilt = { diff --git a/hosts/pbp/default.nix b/hosts/pbp/default.nix index 71b4595..337bc66 100644 --- a/hosts/pbp/default.nix +++ b/hosts/pbp/default.nix @@ -3,7 +3,8 @@ pkgs, lib, ... -}: { +}: +{ imports = [ ./hardware-configuration.nix diff --git a/hosts/pbp/hardware-configuration.nix b/hosts/pbp/hardware-configuration.nix index e038154..ff8baac 100644 --- a/hosts/pbp/hardware-configuration.nix +++ b/hosts/pbp/hardware-configuration.nix @@ -3,11 +3,12 @@ lib, pkgs, ... -}: { - disko.devices = import ./disko.nix {}; +}: +{ + disko.devices = import ./disko.nix { }; boot = { - initrd.availableKernelModules = ["usbhid"]; + initrd.availableKernelModules = [ "usbhid" ]; extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ]; diff --git a/hosts/picard/default.nix b/hosts/picard/default.nix index 01dfa6f..e5c0374 100644 --- a/hosts/picard/default.nix +++ b/hosts/picard/default.nix @@ -4,7 +4,8 @@ config, pkgs, ... -}: { +}: +{ imports = fleetModules [ "common" @@ -85,12 +86,12 @@ "reinstall-magisk-on-lineage" "vscode-server" ]; - extraGroups = []; - backupPaths = []; + extraGroups = [ ]; + backupPaths = [ ]; }; - boot.kernelParams = ["ip=dhcp"]; - boot.initrd.kernelModules = ["amdgpu"]; + boot.kernelParams = [ "ip=dhcp" ]; + boot.initrd.kernelModules = [ "amdgpu" ]; boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" @@ -108,7 +109,7 @@ # https://github.com/NixOS/nixpkgs/issues/328909 boot.extraModulePackages = [ (config.boot.kernelPackages.ddcci-driver.overrideAttrs (old: { - patches = []; + patches = [ ]; src = pkgs.fetchFromGitLab { owner = "${old.pname}-linux"; repo = "${old.pname}-linux"; @@ -154,6 +155,6 @@ # TODO move away from here (how can the interface name be retrieved programmatically?) networking.interfaces.enp11s0.wakeOnLan = { enable = true; - policy = ["magic"]; + policy = [ "magic" ]; }; } diff --git a/hosts/sisko/default.nix b/hosts/sisko/default.nix index c6c2050..79ef8fe 100644 --- a/hosts/sisko/default.nix +++ b/hosts/sisko/default.nix @@ -1,10 +1,10 @@ { fleetModules, pkgs, - fleetFlake, config, ... -}: { +}: +{ imports = fleetModules [ "common" @@ -71,7 +71,7 @@ nixpkgs.hostPlatform = "aarch64-linux"; - swapDevices = []; + swapDevices = [ ]; boot.loader = { systemd-boot.enable = true; @@ -128,7 +128,7 @@ fileSystems."/mnt/hd" = { device = "/dev/disk/by-id/ata-WDC_WD5000AAKX-08U6AA0_WD-WCC2E5TR40FU-part1"; fsType = "ext4"; - options = ["nofail"]; + options = [ "nofail" ]; }; environment.systemPackages = with pkgs; [ diff --git a/hosts/sisko/disko.nix b/hosts/sisko/disko.nix index b1fda80..909a33b 100644 --- a/hosts/sisko/disko.nix +++ b/hosts/sisko/disko.nix @@ -1,15 +1,18 @@ let - emmc = "/dev/disk/by-id/mmc-SLD64G_0xf6be3ba0"; ssd = "/dev/disk/by-id/ata-CT240BX300SSD1_1739E1042F3C"; - # hd1 = "/dev/disk/by-id/ata-WDC_WD10EADS-22M2B0_WD-WCAV52709550"; - # hd2 = "/dev/disk/by-id/ata-WDC_WD10EADX-22TDHB0_WD-WCAV5V359530"; - hd = "/dev/disk/by-id/ata-WDC_WD10EADS-22M2B0_WD-WCAV52709550-part1"; - # old_hd = "/dev/disk/by-id/ata-WDC_WD5000AAKX-08U6AA0_WD-WCC2E5TR40FU"; -in { +in +# hd1 = "/dev/disk/by-id/ata-WDC_WD10EADS-22M2B0_WD-WCAV52709550"; +# hd2 = "/dev/disk/by-id/ata-WDC_WD10EADX-22TDHB0_WD-WCAV5V359530"; +# old_hd = "/dev/disk/by-id/ata-WDC_WD5000AAKX-08U6AA0_WD-WCC2E5TR40FU"; +{ disko.devices = { nodev."/" = { fsType = "tmpfs"; - mountOptions = ["size=1024M" "defaults" "mode=755"]; + mountOptions = [ + "size=1024M" + "defaults" + "mode=755" + ]; }; disk = { ssd = { diff --git a/hosts/test/default.nix b/hosts/test/default.nix index 34c1daf..a99e079 100644 --- a/hosts/test/default.nix +++ b/hosts/test/default.nix @@ -1,10 +1,8 @@ { fleetModules, - lib, - config, - pkgs, ... -}: { +}: +{ imports = fleetModules [ "common" diff --git a/hosts/thinkpad/default.nix b/hosts/thinkpad/default.nix index 2285cb2..40a5c56 100644 --- a/hosts/thinkpad/default.nix +++ b/hosts/thinkpad/default.nix @@ -1,10 +1,10 @@ { config, - lib, pkgs, fleetModules, ... -}: { +}: +{ imports = [ ./zfs.nix @@ -97,10 +97,15 @@ ]; }; - boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod"]; - boot.initrd.kernelModules = []; - boot.kernelModules = ["kvm-intel"]; - boot.extraModulePackages = with config.boot.kernelPackages; [v4l2loopback]; + boot.initrd.availableKernelModules = [ + "xhci_pci" + "nvme" + "usb_storage" + "sd_mod" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ]; # boot.kernelPackages = pkgs.linuxPackages_zen; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking @@ -126,8 +131,8 @@ useXkbConfig = true; # use xkbOptions in tty. }; - services.joycond.enable = true; #FIXME not here - services.udev.packages = [pkgs.joycond]; + services.joycond.enable = true; # FIXME not here + services.udev.packages = [ pkgs.joycond ]; # Enable the X11 windowing system. # services.xserver.enable = true; @@ -183,7 +188,7 @@ # services.openssh.enable = true; # Open ports in the firewall. - networking.firewall.allowedTCPPorts = [8000]; + networking.firewall.allowedTCPPorts = [ 8000 ]; # networking.firewall.allowedUDPPorts = [ 5000 ]; # Or disable the firewall altogether. # networking.firewall.enable = false; @@ -214,7 +219,7 @@ ]; }; - users.groups.input.members = ["ccr"]; + users.groups.input.members = [ "ccr" ]; services.udev.extraRules = '' Sunshine KERNEL=="uinput", GROUP="input", MODE="0660", OPTIONS+="static_node=uinput" diff --git a/hosts/thinkpad/hardware-configuration.nix b/hosts/thinkpad/hardware-configuration.nix index 0f97b7d..df9aa53 100644 --- a/hosts/thinkpad/hardware-configuration.nix +++ b/hosts/thinkpad/hardware-configuration.nix @@ -4,47 +4,67 @@ { config, lib, - pkgs, modulesPath, ... -}: { +}: +{ imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod"]; - boot.initrd.kernelModules = []; - boot.kernelModules = ["uinput"]; - boot.extraModulePackages = []; + boot.initrd.availableKernelModules = [ + "xhci_pci" + "nvme" + "usb_storage" + "sd_mod" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "uinput" ]; + boot.extraModulePackages = [ ]; fileSystems."/" = { device = "rpool/nixos/root"; fsType = "zfs"; - options = ["zfsutil" "X-mount.mkdir"]; + options = [ + "zfsutil" + "X-mount.mkdir" + ]; }; fileSystems."/home" = { device = "rpool/nixos/home"; fsType = "zfs"; - options = ["zfsutil" "X-mount.mkdir"]; + options = [ + "zfsutil" + "X-mount.mkdir" + ]; }; fileSystems."/var/lib" = { device = "rpool/nixos/var/lib"; fsType = "zfs"; - options = ["zfsutil" "X-mount.mkdir"]; + options = [ + "zfsutil" + "X-mount.mkdir" + ]; }; fileSystems."/var/log" = { device = "rpool/nixos/var/log"; fsType = "zfs"; - options = ["zfsutil" "X-mount.mkdir"]; + options = [ + "zfsutil" + "X-mount.mkdir" + ]; }; fileSystems."/boot" = { device = "bpool/nixos/root"; fsType = "zfs"; - options = ["zfsutil" "X-mount.mkdir"]; + options = [ + "zfsutil" + "X-mount.mkdir" + ]; }; fileSystems."/boot/efis/nvme-INTEL_SSDPEKKF010T8L_PHHP938405741P0D-part1" = { @@ -64,7 +84,7 @@ # }; swapDevices = [ - {device = "/dev/disk/by-label/swap";} + { device = "/dev/disk/by-label/swap"; } ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking diff --git a/hosts/thinkpad/zfs.nix b/hosts/thinkpad/zfs.nix index dd64da1..e248e47 100644 --- a/hosts/thinkpad/zfs.nix +++ b/hosts/thinkpad/zfs.nix @@ -1,10 +1,10 @@ { - config, pkgs, lib, ... -}: { - boot.supportedFilesystems = ["zfs"]; +}: +{ + boot.supportedFilesystems = [ "zfs" ]; networking.hostId = "adf0b5e7"; boot.loader.efi.efiSysMountPoint = "/boot/efi"; boot.loader.efi.canTouchEfiVariables = false; @@ -23,7 +23,7 @@ mount /boot/efi ''; boot.loader.grub.extraInstallCommands = '' - export PATH=$PATH:${lib.makeBinPath [pkgs.coreutils]} + export PATH=$PATH:${lib.makeBinPath [ pkgs.coreutils ]} ESP_MIRROR=$(mktemp -d) cp -r /boot/efi/EFI $ESP_MIRROR for i in /boot/efis/*; do diff --git a/modules/adb/default.nix b/modules/adb/default.nix index 4ca3870..928fbe4 100644 --- a/modules/adb/default.nix +++ b/modules/adb/default.nix @@ -1,4 +1,4 @@ { programs.adb.enable = true; - ccr.extraGroups = ["adbusers"]; + ccr.extraGroups = [ "adbusers" ]; } diff --git a/modules/adguard-home/default.nix b/modules/adguard-home/default.nix index 5836d1e..988b8ca 100644 --- a/modules/adguard-home/default.nix +++ b/modules/adguard-home/default.nix @@ -6,6 +6,9 @@ openFirewall = true; }; }; - networking.firewall.allowedTCPPorts = [3000 53]; - networking.firewall.allowedUDPPorts = [53]; + networking.firewall.allowedTCPPorts = [ + 3000 + 53 + ]; + networking.firewall.allowedUDPPorts = [ 53 ]; } diff --git a/modules/atuin/default.nix b/modules/atuin/default.nix index ebbefef..d9e04f9 100644 --- a/modules/atuin/default.nix +++ b/modules/atuin/default.nix @@ -1,4 +1,5 @@ -{config, ...}: { +{ config, ... }: +{ services.atuin = { enable = true; openFirewall = false; # use only in the VPN diff --git a/modules/audio/default.nix b/modules/audio/default.nix index 8e5c841..96e68ee 100644 --- a/modules/audio/default.nix +++ b/modules/audio/default.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ sound.enable = true; hardware.pulseaudio = { @@ -6,5 +7,5 @@ package = pkgs.pulseaudioFull; }; - users.extraUsers.ccr.extraGroups = ["audio"]; + users.extraUsers.ccr.extraGroups = [ "audio" ]; } diff --git a/modules/auto-upgrade/default.nix b/modules/auto-upgrade/default.nix index 72cd5c9..a9d6213 100644 --- a/modules/auto-upgrade/default.nix +++ b/modules/auto-upgrade/default.nix @@ -1,9 +1,8 @@ { config, - options, - lib, ... -}: { +}: +{ system.autoUpgrade = { enable = false; flake = "github:aciceri/nixfleet#${config.networking.hostName}"; diff --git a/modules/battery/default.nix b/modules/battery/default.nix index 2f56d8b..96c5bf3 100644 --- a/modules/battery/default.nix +++ b/modules/battery/default.nix @@ -1,10 +1,11 @@ -{config, ...}: { +{ config, ... }: +{ services.tlp.enable = true; services.upower.enable = true; nixpkgs.overlays = [ - (self: super: { + (_self: super: { tlp = super.tlp.override { enableRDW = config.networkmanager.enable; }; diff --git a/modules/binfmt/default.nix b/modules/binfmt/default.nix index b1f04cf..bd582f7 100644 --- a/modules/binfmt/default.nix +++ b/modules/binfmt/default.nix @@ -1,5 +1,9 @@ { - boot.binfmt.emulatedSystems = ["i686-linux" "aarch64-linux" "riscv64-linux"]; + boot.binfmt.emulatedSystems = [ + "i686-linux" + "aarch64-linux" + "riscv64-linux" + ]; nix.extraOptions = '' extra-platforms = aarch64-linux arm-linux i686-linux riscv64-linux ''; diff --git a/modules/bluetooth/default.nix b/modules/bluetooth/default.nix index 49fbc36..9d5ee45 100644 --- a/modules/bluetooth/default.nix +++ b/modules/bluetooth/default.nix @@ -2,7 +2,8 @@ pkgs, config, ... -}: { +}: +{ services.blueman.enable = true; hardware.pulseaudio.enable = true; hardware.bluetooth = { @@ -19,6 +20,6 @@ }; }; }; - services.dbus.packages = with pkgs; [blueman]; - ccr.extraGroups = ["bluetooth"]; + services.dbus.packages = with pkgs; [ blueman ]; + ccr.extraGroups = [ "bluetooth" ]; } diff --git a/modules/bubbleupnp/default.nix b/modules/bubbleupnp/default.nix index 64c304f..7858899 100644 --- a/modules/bubbleupnp/default.nix +++ b/modules/bubbleupnp/default.nix @@ -2,10 +2,13 @@ virtualisation.oci-containers.containers = { bubbleupnpserver = { image = "bubblesoftapps/bubbleupnpserver"; - ports = ["58050:58050"]; - extraOptions = ["--network=host" "-device /dev/dri:/dev/dri"]; + ports = [ "58050:58050" ]; + extraOptions = [ + "--network=host" + "-device /dev/dri:/dev/dri" + ]; }; }; - networking.firewall.allowedTCPPorts = [58050]; + networking.firewall.allowedTCPPorts = [ 58050 ]; } diff --git a/modules/ccr/default.nix b/modules/ccr/default.nix index 13494c5..3ffa60d 100644 --- a/modules/ccr/default.nix +++ b/modules/ccr/default.nix @@ -7,10 +7,12 @@ vpn, options, ... -}: let +}: +let cfg = config.ccr; inherit (lib) types; -in { +in +{ options.ccr = { enable = lib.mkEnableOption "ccr"; @@ -31,12 +33,12 @@ in { modules = lib.mkOption { type = types.listOf types.str; - default = []; + default = [ ]; }; packages = lib.mkOption { type = types.listOf types.package; - default = []; + default = [ ]; }; autologin = lib.mkOption { @@ -56,63 +58,74 @@ in { extraGroups = lib.mkOption { type = types.listOf types.str; - default = {}; + default = { }; }; extraModules = lib.mkOption { type = types.listOf types.deferredModule; - default = []; + default = [ ]; }; backupPaths = lib.mkOption { type = types.listOf types.str; - default = []; + default = [ ]; }; }; - config = lib.mkIf cfg.enable (lib.mkMerge [ - (lib.optionalAttrs (builtins.hasAttr "backup" options) { - backup.paths = cfg.backupPaths; - }) - { - # FIXME shouldn't set these groups by default - ccr.extraGroups = ["wheel" "fuse" "video" "dialout" "systemd-journal" "camera"]; - ccr.modules = ["shell" "git" "nix-index" "btop"]; + config = lib.mkIf cfg.enable ( + lib.mkMerge [ + (lib.optionalAttrs (builtins.hasAttr "backup" options) { + backup.paths = cfg.backupPaths; + }) + { + # FIXME shouldn't set these groups by default + ccr.extraGroups = [ + "wheel" + "fuse" + "video" + "dialout" + "systemd-journal" + "camera" + ]; + ccr.modules = [ + "shell" + "git" + "nix-index" + "btop" + ]; - users.users.${cfg.username} = { - inherit (config.ccr) hashedPassword extraGroups description; - uid = 1000; - isNormalUser = true; - shell = cfg.shell; - openssh.authorizedKeys.keys = config.ccr.authorizedKeys; - }; + users.users.${cfg.username} = { + inherit (config.ccr) hashedPassword extraGroups description; + uid = 1000; + isNormalUser = true; + shell = cfg.shell; + openssh.authorizedKeys.keys = config.ccr.authorizedKeys; + }; - programs.fish.enable = true; + programs.fish.enable = true; - services.getty.autologinUser = - if config.ccr.autologin - then cfg.username - else null; + services.getty.autologinUser = if config.ccr.autologin then cfg.username else null; - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.users.${cfg.username} = { - imports = - fleetHmModules cfg.modules - ++ [ - { - _module.args = { - inherit (config.age) secrets; - inherit (cfg) username; - inherit vpn; - hostname = config.networking.hostName; - }; - } - ] - ++ cfg.extraModules; - home.packages = cfg.packages; - home.stateVersion = config.system.stateVersion; - }; - } - ]); + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.${cfg.username} = { + imports = + fleetHmModules cfg.modules + ++ [ + { + _module.args = { + inherit (config.age) secrets; + inherit (cfg) username; + inherit vpn; + hostname = config.networking.hostName; + }; + } + ] + ++ cfg.extraModules; + home.packages = cfg.packages; + home.stateVersion = config.system.stateVersion; + }; + } + ] + ); } diff --git a/modules/cgit/config.nix b/modules/cgit/config.nix index ab5be50..9386a34 100644 --- a/modules/cgit/config.nix +++ b/modules/cgit/config.nix @@ -1,28 +1,31 @@ { - lib, pkgs, ... -}: let +}: +let repos-path = "/var/lib/cgit-repos"; cgit-setup-repos = - pkgs.writers.writePython3 "cgit-setup-repos" { - libraries = with pkgs.python3Packages; [PyGithub]; - } '' - from github import Github - from pathlib import Path + pkgs.writers.writePython3 "cgit-setup-repos" + { + libraries = with pkgs.python3Packages; [ PyGithub ]; + } + '' + from github import Github + from pathlib import Path - c = Path("${repos-path}") - c.unlink(missing_ok=True) + c = Path("${repos-path}") + c.unlink(missing_ok=True) - with open(c, "w") as f: - for repo in Github().get_user("aciceri").get_repos(): - f.writelines([ - f"repo.url={repo.name}\n" - f"repo.path=/home/ccr/projects/aciceri/{repo.name}/.git\n" - f"repo.desc={repo.description}\n" - ]) - ''; -in { + with open(c, "w") as f: + for repo in Github().get_user("aciceri").get_repos(): + f.writelines([ + f"repo.url={repo.name}\n" + f"repo.path=/home/ccr/projects/aciceri/{repo.name}/.git\n" + f"repo.desc={repo.description}\n" + ]) + ''; +in +{ services.nginx.virtualHosts."git.aciceri.dev" = { cgit = { enable = true; @@ -31,10 +34,12 @@ in { virtual-root = "/"; cache-size = 1000; include = [ - (builtins.toString (pkgs.writeText "cgit-extra" '' - source-filter=${pkgs.cgit-pink}/lib/cgit/filters/syntax-highlighting.py - about-filter=${pkgs.cgit-pink}/lib/cgit/filters/about-formatting.sh - '')) + (builtins.toString ( + pkgs.writeText "cgit-extra" '' + source-filter=${pkgs.cgit-pink}/lib/cgit/filters/syntax-highlighting.py + about-filter=${pkgs.cgit-pink}/lib/cgit/filters/about-formatting.sh + '' + )) repos-path ]; }; @@ -48,13 +53,13 @@ in { Type = "oneshot"; RemainAfterExit = true; }; - wantedBy = ["multi-user.target"]; + wantedBy = [ "multi-user.target" ]; script = builtins.toString cgit-setup-repos; }; systemd.timers.cgit-setup-repos = { - wantedBy = ["timers.target"]; - partOf = ["cgit-setup-repos.service"]; + wantedBy = [ "timers.target" ]; + partOf = [ "cgit-setup-repos.service" ]; timerConfig = { OnCalendar = "*-*-* 4:00:00"; # daily at 4 AM Unit = "cgit-setup-repos.service"; diff --git a/modules/cgit/default.nix b/modules/cgit/default.nix index a6439f8..20561ce 100644 --- a/modules/cgit/default.nix +++ b/modules/cgit/default.nix @@ -4,134 +4,149 @@ pkgs, ... }: -with lib; let +with lib; +let globalConfig = config; settingsFormat = { - type = with lib.types; let - value = - oneOf [int str] - // { - description = "INI-like atom (int or string)"; - }; - values = - coercedTo value lib.singleton (listOf value) - // { + type = + with lib.types; + let + value = + oneOf [ + int + str + ] + // { + description = "INI-like atom (int or string)"; + }; + values = coercedTo value lib.singleton (listOf value) // { description = value.description + " or a list of them for duplicate keys"; }; - in + in attrsOf values; - generate = name: values: - pkgs.writeText name (lib.generators.toKeyValue {listsAsDuplicateKeys = true;} values); + generate = + name: values: + pkgs.writeText name (lib.generators.toKeyValue { listsAsDuplicateKeys = true; } values); }; -in { +in +{ imports = [ ../nginx-base ./config.nix ]; options.services.nginx.virtualHosts = mkOption { - type = types.attrsOf (types.submodule ({config, ...}: let - cfg = config.cgit; + type = types.attrsOf ( + types.submodule ( + { config, ... }: + let + cfg = config.cgit; - # These are the global options for this submodule, but for nicer UX they - # are inlined into the freeform settings. Hence they MUST NOT INTERSECT - # with any settings from cgitrc! - options = { - enable = mkEnableOption "cgit"; + # These are the global options for this submodule, but for nicer UX they + # are inlined into the freeform settings. Hence they MUST NOT INTERSECT + # with any settings from cgitrc! + options = { + enable = mkEnableOption "cgit"; - location = mkOption { - default = "/"; - type = types.str; - description = '' - Location to serve cgit on. - ''; - }; - }; + location = mkOption { + default = "/"; + type = types.str; + description = '' + Location to serve cgit on. + ''; + }; + }; - # Remove the global options for serialization into cgitrc - settings = removeAttrs cfg (attrNames options); - in { - options.cgit = mkOption { - type = types.submodule { - freeformType = settingsFormat.type; - inherit options; - config = { - css = mkDefault "/cgit.css"; - logo = mkDefault "/cgit.png"; - favicon = mkDefault "/favicon.ico"; + # Remove the global options for serialization into cgitrc + settings = removeAttrs cfg (attrNames options); + in + { + options.cgit = mkOption { + type = types.submodule { + freeformType = settingsFormat.type; + inherit options; + config = { + css = mkDefault "/cgit.css"; + logo = mkDefault "/cgit.png"; + favicon = mkDefault "/favicon.ico"; + }; + }; + default = { }; + example = literalExample '' + { + enable = true; + virtual-root = "/"; + source-filter = "''${pkgs.cgit-pink}/lib/cgit/filters/syntax-highlighting.py"; + about-filter = "''${pkgs.cgit-pink}/lib/cgit/filters/about-formatting.sh"; + cache-size = 1000; + scan-path = "/srv/git"; + include = [ + (builtins.toFile "cgitrc-extra-1" ''' + # Anything that has to be in a particular order + ''') + (builtins.toFile "cgitrc-extra-2" ''' + # Anything that has to be in a particular order + ''') + ]; + } + ''; + description = '' + Verbatim contents of the cgit runtime configuration file. Documentation + (with cgitrc example file) is available in "man cgitrc". Or online: + http://git.zx2c4.com/cgit/tree/cgitrc.5.txt + ''; }; - }; - default = {}; - example = literalExample '' - { - enable = true; - virtual-root = "/"; - source-filter = "''${pkgs.cgit-pink}/lib/cgit/filters/syntax-highlighting.py"; - about-filter = "''${pkgs.cgit-pink}/lib/cgit/filters/about-formatting.sh"; - cache-size = 1000; - scan-path = "/srv/git"; - include = [ - (builtins.toFile "cgitrc-extra-1" ''' - # Anything that has to be in a particular order - ''') - (builtins.toFile "cgitrc-extra-2" ''' - # Anything that has to be in a particular order - ''') - ]; - } - ''; - description = '' - Verbatim contents of the cgit runtime configuration file. Documentation - (with cgitrc example file) is available in "man cgitrc". Or online: - http://git.zx2c4.com/cgit/tree/cgitrc.5.txt - ''; - }; - config = let - location = removeSuffix "/" cfg.location; - in - mkIf cfg.enable { - locations."${location}/" = { - root = "${pkgs.cgit-pink}/cgit/"; - tryFiles = "$uri @cgit"; - }; - locations."~ ^${location}/(cgit.(css|png)|favicon.ico|robots.txt)$" = { - alias = "${pkgs.cgit-pink}/cgit/$1"; - }; - locations."~ ^${location}/custom.css$" = { - alias = ./custom.css; - }; - locations."@cgit" = { - extraConfig = - '' - include ${pkgs.nginx}/conf/fastcgi_params; - fastcgi_param CGIT_CONFIG ${settingsFormat.generate "cgitrc" settings}; - fastcgi_param SCRIPT_FILENAME ${pkgs.cgit-pink}/cgit/cgit.cgi; - fastcgi_param QUERY_STRING $args; - fastcgi_param HTTP_HOST $server_name; - fastcgi_pass unix:${globalConfig.services.fcgiwrap.socketAddress}; - '' - + ( - if cfg.location == "/" - then '' - fastcgi_param PATH_INFO $uri; - '' - else '' - fastcgi_split_path_info ^(${location}/)(/?.+)$; - fastcgi_param PATH_INFO $fastcgi_path_info; - '' - ); - }; - }; - })); + config = + let + location = removeSuffix "/" cfg.location; + in + mkIf cfg.enable { + locations."${location}/" = { + root = "${pkgs.cgit-pink}/cgit/"; + tryFiles = "$uri @cgit"; + }; + locations."~ ^${location}/(cgit.(css|png)|favicon.ico|robots.txt)$" = { + alias = "${pkgs.cgit-pink}/cgit/$1"; + }; + locations."~ ^${location}/custom.css$" = { + alias = ./custom.css; + }; + locations."@cgit" = { + extraConfig = + '' + include ${pkgs.nginx}/conf/fastcgi_params; + fastcgi_param CGIT_CONFIG ${settingsFormat.generate "cgitrc" settings}; + fastcgi_param SCRIPT_FILENAME ${pkgs.cgit-pink}/cgit/cgit.cgi; + fastcgi_param QUERY_STRING $args; + fastcgi_param HTTP_HOST $server_name; + fastcgi_pass unix:${globalConfig.services.fcgiwrap.socketAddress}; + '' + + ( + if cfg.location == "/" then + '' + fastcgi_param PATH_INFO $uri; + '' + else + '' + fastcgi_split_path_info ^(${location}/)(/?.+)$; + fastcgi_param PATH_INFO $fastcgi_path_info; + '' + ); + }; + }; + } + ) + ); }; - config = let - vhosts = config.services.nginx.virtualHosts; - in + config = + let + vhosts = config.services.nginx.virtualHosts; + in mkIf (any (name: vhosts.${name}.cgit.enable) (attrNames vhosts)) { # make the cgitrc manpage available - environment.systemPackages = [pkgs.cgit-pink]; + environment.systemPackages = [ pkgs.cgit-pink ]; services.fcgiwrap.enable = true; }; diff --git a/modules/cloudflare-dyndns/default.nix b/modules/cloudflare-dyndns/default.nix index 10fe6dc..b70c98d 100644 --- a/modules/cloudflare-dyndns/default.nix +++ b/modules/cloudflare-dyndns/default.nix @@ -1,4 +1,5 @@ -{config, ...}: { +{ config, ... }: +{ services.cloudflare-dyndns = { enable = true; ipv4 = true; diff --git a/modules/common/default.nix b/modules/common/default.nix index 7bd90c3..c802ddd 100644 --- a/modules/common/default.nix +++ b/modules/common/default.nix @@ -2,7 +2,8 @@ lib, fleetModules, ... -}: { +}: +{ imports = fleetModules [ "nix" "auto-upgrade" diff --git a/modules/dbus/default.nix b/modules/dbus/default.nix index b481548..a50d8d9 100644 --- a/modules/dbus/default.nix +++ b/modules/dbus/default.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { - services.dbus.packages = [pkgs.dconf]; +{ pkgs, ... }: +{ + services.dbus.packages = [ pkgs.dconf ]; programs.dconf.enable = true; } diff --git a/modules/docker/default.nix b/modules/docker/default.nix index b49ba1d..d2a0f2a 100644 --- a/modules/docker/default.nix +++ b/modules/docker/default.nix @@ -1,13 +1,16 @@ { pkgs, - config, ... -}: { +}: +{ virtualisation.podman.enable = true; # virtualisation.docker.enable = true; environment.systemPackages = with pkgs; [ docker-compose podman-compose ]; - ccr.extraGroups = ["docker" "podman"]; + ccr.extraGroups = [ + "docker" + "podman" + ]; } diff --git a/modules/fonts/default.nix b/modules/fonts/default.nix index 4fbe894..e89327a 100644 --- a/modules/fonts/default.nix +++ b/modules/fonts/default.nix @@ -1,10 +1,23 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ fonts = { - packages = with pkgs; [powerline-fonts dejavu_fonts fira-code fira-code-symbols iosevka iosevka-comfy.comfy emacs-all-the-icons-fonts nerdfonts joypixels etBook vegur]; + packages = with pkgs; [ + powerline-fonts + dejavu_fonts + fira-code + fira-code-symbols + iosevka + iosevka-comfy.comfy + emacs-all-the-icons-fonts + nerdfonts + joypixels + etBook + vegur + ]; fontconfig.defaultFonts = { - monospace = ["DejaVu Sans Mono for Powerline"]; - sansSerif = ["DejaVu Sans"]; - serif = ["DejaVu Serif"]; + monospace = [ "DejaVu Sans Mono for Powerline" ]; + sansSerif = [ "DejaVu Sans" ]; + serif = [ "DejaVu Serif" ]; }; }; nixpkgs.config.joypixels.acceptLicense = true; diff --git a/modules/forgejo-runners/default.nix b/modules/forgejo-runners/default.nix index 28b4c35..4cbb492 100644 --- a/modules/forgejo-runners/default.nix +++ b/modules/forgejo-runners/default.nix @@ -4,10 +4,27 @@ pkgs, lib, ... -}: let - storeDeps = pkgs.runCommand "store-deps" {} '' +}: +let + storeDeps = pkgs.runCommand "store-deps" { } '' mkdir -p $out/bin - for dir in ${with pkgs; builtins.toString [coreutils findutils gnugrep gawk git nix bash jq nodejs nix-fast-build curl tea]}; do + for dir in ${ + with pkgs; + builtins.toString [ + coreutils + findutils + gnugrep + gawk + git + nix + bash + jq + nodejs + nix-fast-build + curl + tea + ] + }; do for bin in "$dir"/bin/*; do ln -s "$bin" "$out/bin/$(basename "$bin")" done @@ -28,182 +45,194 @@ exec nix copy --to "s3://cache?profile=default®ion=eu-south-1&scheme=https&endpoint=cache.aciceri.dev" $OUT_PATHS ''; in - lib.mkMerge [ - { - # everything here has no dependencies on the store - systemd.services.gitea-runner-nix-image = { - wantedBy = ["multi-user.target"]; - after = ["podman.service"]; - requires = ["podman.service"]; - path = [config.virtualisation.podman.package pkgs.gnutar pkgs.shadow pkgs.getent]; - # we also include etc here because the cleanup job also wants the nixuser to be present - script = '' - set -eux -o pipefail - mkdir -p etc/nix +lib.mkMerge [ + { + # everything here has no dependencies on the store + systemd.services.gitea-runner-nix-image = { + wantedBy = [ "multi-user.target" ]; + after = [ "podman.service" ]; + requires = [ "podman.service" ]; + path = [ + config.virtualisation.podman.package + pkgs.gnutar + pkgs.shadow + pkgs.getent + ]; + # we also include etc here because the cleanup job also wants the nixuser to be present + script = '' + set -eux -o pipefail + mkdir -p etc/nix - # Create an unpriveleged user that we can use also without the run-as-user.sh script - touch etc/passwd etc/group - groupid=$(cut -d: -f3 < <(getent group nixuser)) - userid=$(cut -d: -f3 < <(getent passwd nixuser)) - groupadd --prefix $(pwd) --gid "$groupid" nixuser - emptypassword='$6$1ero.LwbisiU.h3D$GGmnmECbPotJoPQ5eoSTD6tTjKnSWZcjHoVTkxFLZP17W9hRi/XkmCiAMOfWruUwy8gMjINrBMNODc7cYEo4K.' - useradd --prefix $(pwd) -p "$emptypassword" -m -d /tmp -u "$userid" -g "$groupid" -G nixuser nixuser + # Create an unpriveleged user that we can use also without the run-as-user.sh script + touch etc/passwd etc/group + groupid=$(cut -d: -f3 < <(getent group nixuser)) + userid=$(cut -d: -f3 < <(getent passwd nixuser)) + groupadd --prefix $(pwd) --gid "$groupid" nixuser + emptypassword='$6$1ero.LwbisiU.h3D$GGmnmECbPotJoPQ5eoSTD6tTjKnSWZcjHoVTkxFLZP17W9hRi/XkmCiAMOfWruUwy8gMjINrBMNODc7cYEo4K.' + useradd --prefix $(pwd) -p "$emptypassword" -m -d /tmp -u "$userid" -g "$groupid" -G nixuser nixuser - echo -n "access-tokens = " > etc/nix/access-tokens - cat ${config.age.secrets.forgejo-nix-access-tokens.path} >> etc/nix/access-tokens + echo -n "access-tokens = " > etc/nix/access-tokens + cat ${config.age.secrets.forgejo-nix-access-tokens.path} >> etc/nix/access-tokens - cat < etc/nix/nix.conf - accept-flake-config = true - experimental-features = nix-command flakes - post-build-hook = ${pushToCache} - include access-tokens - NIX_CONFIG + cat < etc/nix/nix.conf + accept-flake-config = true + experimental-features = nix-command flakes + post-build-hook = ${pushToCache} + include access-tokens + NIX_CONFIG - cat < etc/nsswitch.conf - passwd: files mymachines systemd - group: files mymachines systemd - shadow: files + cat < etc/nsswitch.conf + passwd: files mymachines systemd + group: files mymachines systemd + shadow: files - hosts: files mymachines dns myhostname - networks: files + hosts: files mymachines dns myhostname + networks: files - ethers: files - services: files - protocols: files - rpc: files - NSSWITCH + ethers: files + services: files + protocols: files + rpc: files + NSSWITCH - # list the content as it will be imported into the container - tar -cv . | tar -tvf - - tar -cv . | podman import - gitea-runner-nix - ''; - serviceConfig = { - RuntimeDirectory = "gitea-runner-nix-image"; - WorkingDirectory = "/run/gitea-runner-nix-image"; - Type = "oneshot"; - RemainAfterExit = true; - }; + # list the content as it will be imported into the container + tar -cv . | tar -tvf - + tar -cv . | podman import - gitea-runner-nix + ''; + serviceConfig = { + RuntimeDirectory = "gitea-runner-nix-image"; + WorkingDirectory = "/run/gitea-runner-nix-image"; + Type = "oneshot"; + RemainAfterExit = true; }; + }; - users.users.nixuser = { - group = "nixuser"; - description = "Used for running nix ci jobs"; - home = "/var/empty"; - isSystemUser = true; - # extraGroups = [ "podman" ]; - }; - users.groups.nixuser = {}; - } - { - # Format of the token file: - virtualisation = { - podman.enable = true; - }; + users.users.nixuser = { + group = "nixuser"; + description = "Used for running nix ci jobs"; + home = "/var/empty"; + isSystemUser = true; + # extraGroups = [ "podman" ]; + }; + users.groups.nixuser = { }; + } + { + # Format of the token file: + virtualisation = { + podman.enable = true; + }; - # virtualisation.containers.storage.settings = { - # storage.driver = "zfs"; - # storage.graphroot = "/var/lib/containers/storage"; - # storage.runroot = "/run/containers/storage"; - # storage.options.zfs.fsname = "zroot/root/podman"; - # }; + # virtualisation.containers.storage.settings = { + # storage.driver = "zfs"; + # storage.graphroot = "/var/lib/containers/storage"; + # storage.runroot = "/run/containers/storage"; + # storage.options.zfs.fsname = "zroot/root/podman"; + # }; - # virtualisation.containers.containersConf.settings = { - # # podman seems to not work with systemd-resolved - # containers.dns_servers = [ "8.8.8.8" "8.8.4.4" ]; - # }; - } - { - systemd.services = lib.genAttrs (builtins.genList (n: "gitea-runner-nix${builtins.toString n}") numInstances) (name: { - # TODO: systemd confinment - serviceConfig = { - # Hardening (may overlap with DynamicUser=) - # The following options are only for optimizing output of systemd-analyze - AmbientCapabilities = ""; - CapabilityBoundingSet = ""; - # ProtectClock= adds DeviceAllow=char-rtc r - DeviceAllow = ""; - NoNewPrivileges = true; - PrivateDevices = true; - PrivateMounts = true; - PrivateTmp = true; - PrivateUsers = true; - ProtectClock = true; - ProtectControlGroups = true; - ProtectHome = true; - ProtectHostname = true; - ProtectKernelLogs = true; - ProtectKernelModules = true; - ProtectKernelTunables = true; - ProtectSystem = "strict"; - RemoveIPC = true; - RestrictNamespaces = true; - RestrictRealtime = true; - RestrictSUIDSGID = true; - UMask = "0066"; - ProtectProc = "invisible"; - SystemCallFilter = [ - "~@clock" - "~@cpu-emulation" - "~@module" - "~@mount" - "~@obsolete" - "~@raw-io" - "~@reboot" - "~@swap" - # needed by go? - #"~@resources" - "~@privileged" - "~capset" - "~setdomainname" - "~sethostname" - ]; - RestrictAddressFamilies = ["AF_INET" "AF_INET6" "AF_UNIX" "AF_NETLINK"]; - - # Needs network access - PrivateNetwork = false; - # Cannot be true due to Node - MemoryDenyWriteExecute = false; - - # The more restrictive "pid" option makes `nix` commands in CI emit - # "GC Warning: Couldn't read /proc/stat" - # You may want to set this to "pid" if not using `nix` commands - ProcSubset = "all"; - # Coverage programs for compiled code such as `cargo-tarpaulin` disable - # ASLR (address space layout randomization) which requires the - # `personality` syscall - # You may want to set this to `true` if not using coverage tooling on - # compiled code - LockPersonality = false; - - # Note that this has some interactions with the User setting; so you may - # want to consult the systemd docs if using both. - DynamicUser = true; - }; - }); - - services.gitea-actions-runner = { - package = pkgs.forgejo-actions-runner; - instances = lib.genAttrs (builtins.genList (n: "nix${builtins.toString n}") numInstances) (name: { - enable = true; - name = "nix-runner"; - # take the git root url from the gitea config - # only possible if you've also configured your gitea though the same nix config - # otherwise you need to set it manually - url = "https://git.aciceri.dev"; - # use your favourite nix secret manager to get a path for this - tokenFile = config.age.secrets.forgejo-runners-token.path; - labels = ["nix:docker://gitea-runner-nix"]; - settings = { - container.options = "-e NIX_BUILD_SHELL=/bin/bash -e PAGER=cat -e PATH=/bin -e SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt --device /dev/kvm -v /nix:/nix -v ${storeDeps}/bin:/bin -v ${storeDeps}/etc/ssl:/etc/ssl --user nixuser --device=/dev/kvm"; - # the default network that also respects our dns server settings - container.network = "host"; - container.valid_volumes = [ - "/nix" - "${storeDeps}/bin" - "${storeDeps}/etc/ssl" + # virtualisation.containers.containersConf.settings = { + # # podman seems to not work with systemd-resolved + # containers.dns_servers = [ "8.8.8.8" "8.8.4.4" ]; + # }; + } + { + systemd.services = + lib.genAttrs (builtins.genList (n: "gitea-runner-nix${builtins.toString n}") numInstances) + (_name: { + # TODO: systemd confinment + serviceConfig = { + # Hardening (may overlap with DynamicUser=) + # The following options are only for optimizing output of systemd-analyze + AmbientCapabilities = ""; + CapabilityBoundingSet = ""; + # ProtectClock= adds DeviceAllow=char-rtc r + DeviceAllow = ""; + NoNewPrivileges = true; + PrivateDevices = true; + PrivateMounts = true; + PrivateTmp = true; + PrivateUsers = true; + ProtectClock = true; + ProtectControlGroups = true; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectSystem = "strict"; + RemoveIPC = true; + RestrictNamespaces = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + UMask = "0066"; + ProtectProc = "invisible"; + SystemCallFilter = [ + "~@clock" + "~@cpu-emulation" + "~@module" + "~@mount" + "~@obsolete" + "~@raw-io" + "~@reboot" + "~@swap" + # needed by go? + #"~@resources" + "~@privileged" + "~capset" + "~setdomainname" + "~sethostname" ]; + RestrictAddressFamilies = [ + "AF_INET" + "AF_INET6" + "AF_UNIX" + "AF_NETLINK" + ]; + + # Needs network access + PrivateNetwork = false; + # Cannot be true due to Node + MemoryDenyWriteExecute = false; + + # The more restrictive "pid" option makes `nix` commands in CI emit + # "GC Warning: Couldn't read /proc/stat" + # You may want to set this to "pid" if not using `nix` commands + ProcSubset = "all"; + # Coverage programs for compiled code such as `cargo-tarpaulin` disable + # ASLR (address space layout randomization) which requires the + # `personality` syscall + # You may want to set this to `true` if not using coverage tooling on + # compiled code + LockPersonality = false; + + # Note that this has some interactions with the User setting; so you may + # want to consult the systemd docs if using both. + DynamicUser = true; }; }); - }; - } - ] + + services.gitea-actions-runner = { + package = pkgs.forgejo-actions-runner; + instances = lib.genAttrs (builtins.genList (n: "nix${builtins.toString n}") numInstances) (name: { + enable = true; + name = "nix-runner"; + # take the git root url from the gitea config + # only possible if you've also configured your gitea though the same nix config + # otherwise you need to set it manually + url = "https://git.aciceri.dev"; + # use your favourite nix secret manager to get a path for this + tokenFile = config.age.secrets.forgejo-runners-token.path; + labels = [ "nix:docker://gitea-runner-nix" ]; + settings = { + container.options = "-e NIX_BUILD_SHELL=/bin/bash -e PAGER=cat -e PATH=/bin -e SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt --device /dev/kvm -v /nix:/nix -v ${storeDeps}/bin:/bin -v ${storeDeps}/etc/ssl:/etc/ssl --user nixuser --device=/dev/kvm"; + # the default network that also respects our dns server settings + container.network = "host"; + container.valid_volumes = [ + "/nix" + "${storeDeps}/bin" + "${storeDeps}/etc/ssl" + ]; + }; + }); + }; + } +] diff --git a/modules/forgejo/default.nix b/modules/forgejo/default.nix index 1365115..ae7f0c4 100644 --- a/modules/forgejo/default.nix +++ b/modules/forgejo/default.nix @@ -1,8 +1,8 @@ { config, - pkgs, ... -}: { +}: +{ services.forgejo = { enable = true; settings = { @@ -37,7 +37,7 @@ config.services.forgejo.stateDir ]; - imports = [../nginx-base]; + imports = [ ../nginx-base ]; services.nginx.virtualHosts = { "git.aciceri.dev" = { diff --git a/modules/fprintd/default.nix b/modules/fprintd/default.nix index 85508db..dcb13ec 100644 --- a/modules/fprintd/default.nix +++ b/modules/fprintd/default.nix @@ -1,5 +1,5 @@ { - imports = [../pam]; + imports = [ ../pam ]; services.fprintd = { enable = false; # temporarily disable diff --git a/modules/garmin-collector/default.nix b/modules/garmin-collector/default.nix index b4ac0e1..5b0a72d 100644 --- a/modules/garmin-collector/default.nix +++ b/modules/garmin-collector/default.nix @@ -4,19 +4,20 @@ fleetFlake, config, ... -}: { +}: +{ users.users.garmin-collector = { isSystemUser = true; group = "garmin-collector"; - extraGroups = ["garmin-collector"]; + extraGroups = [ "garmin-collector" ]; home = "/var/lib/garmin-collector"; }; - users.groups.garmin-collector = {}; + users.groups.garmin-collector = { }; systemd.services.garmin-collector = { description = "Garmin collector pushing to Prometheus Pushgateway"; - wantedBy = ["multi-user.target"]; + wantedBy = [ "multi-user.target" ]; environment = { PUSHGATEWAY_ADDRESS = config.services.prometheus.pushgateway.web.listen-address; }; @@ -32,7 +33,7 @@ }; systemd.timers."garmin-collector" = { - wantedBy = ["timers.target"]; + wantedBy = [ "timers.target" ]; timerConfig = { OnBootSec = "5m"; OnUnitActiveSec = "4h"; diff --git a/modules/grafana/default.nix b/modules/grafana/default.nix index 33d93f7..a95e543 100644 --- a/modules/grafana/default.nix +++ b/modules/grafana/default.nix @@ -1,6 +1,8 @@ -{config, ...}: let +{ config, ... }: +let cfg = config.services.grafana; -in { +in +{ services.grafana = { enable = true; settings = { diff --git a/modules/greetd/default.nix b/modules/greetd/default.nix index d8ee546..5a6e826 100644 --- a/modules/greetd/default.nix +++ b/modules/greetd/default.nix @@ -2,7 +2,8 @@ pkgs, lib, ... -}: let +}: +let sessions = builtins.concatStringsSep ":" [ (pkgs.writeTextFile { name = "xorg-session.desktop"; @@ -23,7 +24,8 @@ ''; }) ]; -in { +in +{ services.greetd = { enable = true; vt = 2; diff --git a/modules/grocy/default.nix b/modules/grocy/default.nix index 72ba8bc..16d730e 100644 --- a/modules/grocy/default.nix +++ b/modules/grocy/default.nix @@ -2,10 +2,11 @@ pkgs, config, ... -}: { +}: +{ nixpkgs.overlays = [ - (self: super: { - grocy = super.grocy.overrideAttrs (old: { + (_self: super: { + grocy = super.grocy.overrideAttrs (_old: { meta.broken = false; version = "4.0.1"; src = pkgs.fetchFromGitHub { diff --git a/modules/hass-poweroff/default.nix b/modules/hass-poweroff/default.nix index 4312093..d9ad3a2 100644 --- a/modules/hass-poweroff/default.nix +++ b/modules/hass-poweroff/default.nix @@ -1,14 +1,17 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ # Creates an user that home assistant can log in as to power off the system users.users.hass = { - openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFcoVVrMFili8UBjziIu2wyFgcDGTlT1avBh2nLTa9aM"]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFcoVVrMFili8UBjziIu2wyFgcDGTlT1avBh2nLTa9aM" + ]; isNormalUser = true; isSystemUser = false; group = "hass"; createHome = false; }; - users.groups.hass = {}; + users.groups.hass = { }; security.sudo.extraConfig = '' hass ALL=NOPASSWD:${pkgs.systemd}/bin/systemctl diff --git a/modules/hercules-ci/default.nix b/modules/hercules-ci/default.nix index f2cc077..8160afd 100644 --- a/modules/hercules-ci/default.nix +++ b/modules/hercules-ci/default.nix @@ -1,4 +1,5 @@ -{config, ...}: { +{ config, ... }: +{ services.hercules-ci-agent = { enable = true; settings = { diff --git a/modules/home-assistant/default.nix b/modules/home-assistant/default.nix index efab59b..cebc663 100644 --- a/modules/home-assistant/default.nix +++ b/modules/home-assistant/default.nix @@ -2,36 +2,26 @@ pkgs, config, ... -}: let - smartthings-fork = pkgs.fetchFromGitHub { - owner = "veista"; - repo = "smartthings"; - rev = "ba1a6f33c6ac37d81f4263073571628803e79697"; - sha256 = "sha256-X3SYkg0B5pzEich7/4iUmlADJneVuT8HTVnIiC7odRE="; - }; +}: +let pun_sensor = pkgs.fetchFromGitHub { owner = "virtualdj"; repo = "pun_sensor"; rev = "51b216fab5c0d454d66060647c36e81bebfaf059"; hash = "sha256-bGVJx3bObXdf4AiC6bDvafs53NGS2aufRcTUmXy8nAI="; }; - cozy_life = pkgs.fetchFromGitHub { - owner = "yangqian"; - repo = "hass-cozylife"; - rev = "9a40a2fa09b0f74aee0b278e2858f5600b3487a9"; - hash = "sha256-i+82EUamV1Fhwhb1vhRqn9aA9dJ0FxSSMD734domyhw="; - }; garmin_connect = pkgs.fetchFromGitHub { owner = "cyberjunky"; repo = "home-assistant-garmin_connect"; rev = "d42edcabc67ba6a7f960e849c8aaec1aabef87c0"; hash = "sha256-KqbP6TpH9B0/AjtsW5TcWSNgUhND+w8rO6X8fHqtsDI="; }; -in { +in +{ services.home-assistant = { enable = true; openFirewall = true; - package = pkgs.home-assistant.overrideAttrs (old: { + package = pkgs.home-assistant.overrideAttrs (_old: { doInstallCheck = false; # prePatch = # '' @@ -61,8 +51,8 @@ in { "wake_on_lan" "prometheus" ]; - extraPackages = python3Packages: - with python3Packages; [ + extraPackages = + python3Packages: with python3Packages; [ # used by pun_sensor holidays beautifulsoup4 @@ -72,10 +62,13 @@ in { tzlocal ]; config = { - default_config = {}; + default_config = { }; http = { use_x_forwarded_for = true; - trusted_proxies = ["127.0.0.1" "::1"]; + trusted_proxies = [ + "127.0.0.1" + "::1" + ]; }; # ffmpeg = {}; # camera = [ @@ -105,7 +98,7 @@ in { # data.mac = "20:28:bc:74:14:c2"; # }; # }]; - wake_on_lan = {}; + wake_on_lan = { }; switch = [ { name = "Picard"; @@ -164,7 +157,7 @@ in { containers = { whisper = { image = "rhasspy/wyoming-whisper:latest"; - ports = ["10300:10300"]; + ports = [ "10300:10300" ]; cmd = [ "--model" "medium-int8" @@ -174,7 +167,7 @@ in { }; piper = { image = "rhasspy/wyoming-piper:latest"; - ports = ["10200:10200"]; + ports = [ "10200:10200" ]; cmd = [ "--voice" "it_IT-riccardo-x_low" diff --git a/modules/hydra/config.nix b/modules/hydra/config.nix index 39e8e7e..dc0ed77 100644 --- a/modules/hydra/config.nix +++ b/modules/hydra/config.nix @@ -1,8 +1,8 @@ { services.my-hydra.repos = { - emacs = {}; - nixfleet = {}; - trotten = {}; - blog = {}; + emacs = { }; + nixfleet = { }; + trotten = { }; + blog = { }; }; } diff --git a/modules/hydra/default.nix b/modules/hydra/default.nix index c95fdd8..d0331fd 100644 --- a/modules/hydra/default.nix +++ b/modules/hydra/default.nix @@ -3,58 +3,63 @@ config, pkgs, ... -}: let +}: +let cfg = config.services.my-hydra; - toSpec = { - name, - owner, - ... - }: let - spec = { - enabled = 1; - hidden = false; - description = "Declarative specification jobset automatically generated"; - checkinterval = 120; - schedulingshares = 10000; - enableemail = false; - emailoverride = ""; - keepnr = 1; - nixexprinput = "src"; - nixexprpath = "jobsets.nix"; - inputs = { - src = { - type = "path"; - value = pkgs.writeTextFile { - name = "src"; - text = builtins.readFile ./jobsets.nix; - destination = "/jobsets.nix"; - }; - emailresponsible = false; - }; - repoInfoPath = { - type = "path"; - value = pkgs.writeTextFile { - name = "repo"; - text = builtins.toJSON { - inherit name owner; + toSpec = + { + name, + owner, + ... + }: + let + spec = { + enabled = 1; + hidden = false; + description = "Declarative specification jobset automatically generated"; + checkinterval = 120; + schedulingshares = 10000; + enableemail = false; + emailoverride = ""; + keepnr = 1; + nixexprinput = "src"; + nixexprpath = "jobsets.nix"; + inputs = { + src = { + type = "path"; + value = pkgs.writeTextFile { + name = "src"; + text = builtins.readFile ./jobsets.nix; + destination = "/jobsets.nix"; }; + emailresponsible = false; + }; + repoInfoPath = { + type = "path"; + value = pkgs.writeTextFile { + name = "repo"; + text = builtins.toJSON { + inherit name owner; + }; + }; + emailresponsible = false; + }; + prs = { + type = "githubpulls"; + value = "${owner} ${name}"; + emailresponsible = false; }; - emailresponsible = false; - }; - prs = { - type = "githubpulls"; - value = "${owner} ${name}"; - emailresponsible = false; }; }; - }; - drv = pkgs.writeTextFile { - name = "hydra-jobset-specification-${name}"; - text = builtins.toJSON spec; - destination = "/spec.json"; - }; - in "${drv}"; -in { + drv = pkgs.writeTextFile { + name = "hydra-jobset-specification-${name}"; + text = builtins.toJSON spec; + destination = "/spec.json"; + }; + in + "${drv}"; +in +{ imports = [ ./config.nix ../nginx-base @@ -66,35 +71,40 @@ in { default = "hydra.aciceri.dev"; }; repos = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({ - name, - config, - ... - }: { - options = { - name = lib.mkOption { - type = lib.types.str; - default = name; - }; - owner = lib.mkOption { - type = lib.types.str; - default = "aciceri"; - }; - description = lib.mkOption { - type = lib.types.str; - default = config.homepage; - }; - homepage = lib.mkOption { - type = lib.types.str; - default = "https://github.com/${config.owner}/${config.name}"; - }; - reportStatus = lib.mkOption { - type = lib.types.bool; - default = true; - }; - }; - })); - default = {}; + type = lib.types.attrsOf ( + lib.types.submodule ( + { + name, + config, + ... + }: + { + options = { + name = lib.mkOption { + type = lib.types.str; + default = name; + }; + owner = lib.mkOption { + type = lib.types.str; + default = "aciceri"; + }; + description = lib.mkOption { + type = lib.types.str; + default = config.homepage; + }; + homepage = lib.mkOption { + type = lib.types.str; + default = "https://github.com/${config.owner}/${config.name}"; + }; + reportStatus = lib.mkOption { + type = lib.types.bool; + default = true; + }; + }; + } + ) + ); + default = { }; }; }; @@ -115,28 +125,38 @@ in { include ${config.age.secrets.hydra-github-token.path} '' - + (lib.concatMapStrings (repo: - lib.optionalString repo.reportStatus - '' + + (lib.concatMapStrings ( + repo: + lib.optionalString repo.reportStatus '' jobs = ${repo.name}.* excludeBuildFromContext = 1 useShortContext = 1 - '') (builtins.attrValues cfg.repos)); + '' + ) (builtins.attrValues cfg.repos)); }; systemd.services.hydra-setup = { description = "Hydra CI setup"; serviceConfig.Type = "oneshot"; serviceConfig.RemainAfterExit = true; - wantedBy = ["multi-user.target"]; - requires = ["hydra-init.service"]; - after = ["hydra-init.service"]; - environment = builtins.removeAttrs (config.systemd.services.hydra-init.environment) ["PATH"]; + wantedBy = [ "multi-user.target" ]; + requires = [ "hydra-init.service" ]; + after = [ "hydra-init.service" ]; + environment = builtins.removeAttrs (config.systemd.services.hydra-init.environment) [ "PATH" ]; script = '' - PATH=$PATH:${lib.makeBinPath (with pkgs; [yq-go curl config.services.hydra.package])} + PATH=$PATH:${ + lib.makeBinPath ( + with pkgs; + [ + yq-go + curl + config.services.hydra.package + ] + ) + } PASSWORD="$(cat ${config.age.secrets.hydra-admin-password.path})" if [ ! -e ~hydra/.setup-is-complete ]; then hydra-create-user admin \ diff --git a/modules/hydra/jobsets.nix b/modules/hydra/jobsets.nix index fed7df8..f44a79f 100644 --- a/modules/hydra/jobsets.nix +++ b/modules/hydra/jobsets.nix @@ -2,42 +2,45 @@ repoInfoPath, prs, ... -}: let +}: +let minutes = 60; - hours = 60 * minutes; - days = 24 * hours; - filterAttrs = pred: set: - builtins.listToAttrs (builtins.concatMap (name: let - v = set.${name}; + mapAttrs' = f: set: builtins.listToAttrs (map (attr: f attr set.${attr}) (builtins.attrNames set)); + + mkJobset = + { + enabled ? 1, + hidden ? false, + type ? 1, + description ? "", + checkinterval ? 5 * minutes, + schedulingshares ? 100, + enableemail ? false, + emailoverride ? "", + keepnr ? 1, + flake, + }: + { + inherit + enabled + hidden + type + description + checkinterval + schedulingshares + enableemail + emailoverride + keepnr + flake + ; + }; + + mkSpec = + contents: + let + escape = builtins.replaceStrings [ ''"'' ] [ ''\"'' ]; + contentsJson = builtins.toJSON contents; in - if pred name v - then [ - { - inherit name; - value = v; - } - ] - else []) (builtins.attrNames set)); - mapAttrs' = f: set: - builtins.listToAttrs (map (attr: f attr set.${attr}) (builtins.attrNames set)); - - mkJobset = { - enabled ? 1, - hidden ? false, - type ? 1, - description ? "", - checkinterval ? 5 * minutes, - schedulingshares ? 100, - enableemail ? false, - emailoverride ? "", - keepnr ? 1, - flake, - } @ args: {inherit enabled hidden type description checkinterval schedulingshares enableemail emailoverride keepnr flake;}; - - mkSpec = contents: let - escape = builtins.replaceStrings [''"''] [''\"'']; - contentsJson = builtins.toJSON contents; - in builtins.derivation { name = "spec.json"; system = "x86_64-linux"; @@ -54,20 +57,21 @@ repo = builtins.fromJSON (builtins.readFile repoInfoPath); pullRequests = builtins.fromJSON (builtins.readFile prs); - pullRequestsToBuild = filterAttrs (n: pr: pr.head.repo != null && pr.head.repo.owner.login == repo.owner && pr.head.repo.name == repo.name) pullRequests; -in { - jobsets = mkSpec ({ +in +{ + jobsets = mkSpec ( + { master = mkJobset { description = "${repo.name}'s master branch"; flake = "git+ssh://git@github.com/${repo.owner}/${repo.name}?ref=master"; }; } // (mapAttrs' (n: pr: { - name = "pullRequest_${n}"; - value = mkJobset { - description = pr.title; - flake = "git+ssh://git@github.com/${repo.owner}/${repo.name}?ref=${pr.head.ref}"; - }; - }) - pullRequests)); + name = "pullRequest_${n}"; + value = mkJobset { + description = pr.title; + flake = "git+ssh://git@github.com/${repo.owner}/${repo.name}?ref=${pr.head.ref}"; + }; + }) pullRequests) + ); } diff --git a/modules/immich/default.nix b/modules/immich/default.nix index 61ee117..21d8bd5 100644 --- a/modules/immich/default.nix +++ b/modules/immich/default.nix @@ -1,6 +1,8 @@ -{config, ...}: let +{ config, ... }: +let nixpkgsImmich = builtins.getFlake "github:NixOS/nixpkgs/c0ee4c1770aa1ef998c977c4cc653a07ec95d9bf"; -in { +in +{ containers.nextcloud = { nixpkgs = nixpkgsImmich; autoStart = true; @@ -9,15 +11,14 @@ in { # localAddress = "192.168.100.11"; # hostAddress6 = "fc00::1"; # localAddress6 = "fc00::2"; - config = { - config, - pkgs, - lib, - ... - }: { - services.immich = { - enable = true; + config = + { + ... + }: + { + services.immich = { + enable = true; + }; }; - }; }; } diff --git a/modules/immich/module.nix b/modules/immich/module.nix index b31f11f..230691a 100644 --- a/modules/immich/module.nix +++ b/modules/immich/module.nix @@ -3,9 +3,9 @@ lib, pkgs, ... -}: let - inherit - (lib) +}: +let + inherit (lib) hasAttr hasPrefix maintainers @@ -31,17 +31,18 @@ isServerPostgresUnix = hasPrefix "/" serverCfg.postgres.host; postgresEnv = - if isServerPostgresUnix - then { - # If passwordFile is given, this will be overwritten in ExecStart - DB_URL = "socket://${serverCfg.postgres.host}?dbname=${serverCfg.postgres.database}"; - } - else { - DB_HOSTNAME = serverCfg.postgres.host; - DB_PORT = toString serverCfg.postgres.port; - DB_DATABASE_NAME = serverCfg.postgres.database; - DB_USERNAME = serverCfg.postgres.username; - }; + if isServerPostgresUnix then + { + # If passwordFile is given, this will be overwritten in ExecStart + DB_URL = "socket://${serverCfg.postgres.host}?dbname=${serverCfg.postgres.database}"; + } + else + { + DB_HOSTNAME = serverCfg.postgres.host; + DB_PORT = toString serverCfg.postgres.port; + DB_DATABASE_NAME = serverCfg.postgres.database; + DB_USERNAME = serverCfg.postgres.username; + }; typesenseEnv = { @@ -54,7 +55,8 @@ }; # Don't start a redis instance if the user sets a custom redis connection - enableRedis = !hasAttr "REDIS_URL" serverCfg.extraConfig && !hasAttr "REDIS_SOCKET" serverCfg.extraConfig; + enableRedis = + !hasAttr "REDIS_URL" serverCfg.extraConfig && !hasAttr "REDIS_SOCKET" serverCfg.extraConfig; redisServerCfg = config.services.redis.servers.immich; redisEnv = optionalAttrs enableRedis { REDIS_SOCKET = redisServerCfg.unixSocket; @@ -69,9 +71,7 @@ IMMICH_MEDIA_LOCATION = serverCfg.mediaDir; IMMICH_MACHINE_LEARNING_URL = - if serverCfg.machineLearningUrl != null - then serverCfg.machineLearningUrl - else "false"; + if serverCfg.machineLearningUrl != null then serverCfg.machineLearningUrl else "false"; }; serverStartWrapper = program: '' @@ -79,9 +79,10 @@ mkdir -p ${serverCfg.mediaDir} ${optionalString (serverCfg.postgres.passwordFile != null) ( - if isServerPostgresUnix - then ''export DB_URL="socket://${serverCfg.postgres.username}:$(cat ${serverCfg.postgres.passwordFile})@${serverCfg.postgres.host}?dbname=${serverCfg.postgres.database}"'' - else "export DB_PASSWORD=$(cat ${serverCfg.postgres.passwordFile})" + if isServerPostgresUnix then + ''export DB_URL="socket://${serverCfg.postgres.username}:$(cat ${serverCfg.postgres.passwordFile})@${serverCfg.postgres.host}?dbname=${serverCfg.postgres.database}"'' + else + "export DB_PASSWORD=$(cat ${serverCfg.postgres.passwordFile})" )} ${optionalString serverCfg.typesense.enable '' @@ -146,30 +147,27 @@ EnvironmentFile = mkIf (serverCfg.environmentFile != null) serverCfg.environmentFile; TemporaryFileSystem = "/:ro"; - BindReadOnlyPaths = - [ - "/nix/store" - "-/etc/resolv.conf" - "-/etc/nsswitch.conf" - "-/etc/hosts" - "-/etc/localtime" - "-/run/postgresql" - ] - ++ optional enableRedis redisServerCfg.unixSocket; + BindReadOnlyPaths = [ + "/nix/store" + "-/etc/resolv.conf" + "-/etc/nsswitch.conf" + "-/etc/hosts" + "-/etc/localtime" + "-/run/postgresql" + ] ++ optional enableRedis redisServerCfg.unixSocket; }; -in { +in +{ options.services.immich = { - enable = - mkEnableOption "immich" - // { - description = '' - Enables immich which consists of a backend server, microservices, - machine-learning and web ui. You can disable or reconfigure components - individually using the subsections. - ''; - }; + enable = mkEnableOption "immich" // { + description = '' + Enables immich which consists of a backend server, microservices, + machine-learning and web ui. You can disable or reconfigure components + individually using the subsections. + ''; + }; - package = mkPackageOption pkgs "immich" {}; + package = mkPackageOption pkgs "immich" { }; server = { mediaDir = mkOption { @@ -179,11 +177,9 @@ in { }; backend = { - enable = - mkEnableOption "immich backend server" - // { - default = true; - }; + enable = mkEnableOption "immich backend server" // { + default = true; + }; port = mkOption { type = types.port; default = 3001; @@ -198,7 +194,7 @@ in { extraConfig = mkOption { type = types.attrs; - default = {}; + default = { }; example = { LOG_LEVEL = "debug"; }; @@ -220,11 +216,9 @@ in { }; microservices = { - enable = - mkEnableOption "immich microservices" - // { - default = true; - }; + enable = mkEnableOption "immich microservices" // { + default = true; + }; port = mkOption { type = types.port; @@ -240,7 +234,7 @@ in { extraConfig = mkOption { type = types.attrs; - default = {}; + default = { }; example = { REVERSE_GEOCODING_PRECISION = 1; }; @@ -262,11 +256,9 @@ in { }; typesense = { - enable = - mkEnableOption "typesense" - // { - default = true; - }; + enable = mkEnableOption "typesense" // { + default = true; + }; host = mkOption { type = types.str; @@ -343,7 +335,7 @@ in { extraConfig = mkOption { type = types.attrs; - default = {}; + default = { }; example = { REDIS_SOCKET = "/run/custom-redis"; }; @@ -365,11 +357,9 @@ in { }; web = { - enable = - mkEnableOption "immich web frontend" - // { - default = true; - }; + enable = mkEnableOption "immich web frontend" // { + default = true; + }; port = mkOption { type = types.port; @@ -398,7 +388,7 @@ in { extraConfig = mkOption { type = types.attrs; - default = {}; + default = { }; example = { PUBLIC_LOGIN_PAGE_MESSAGE = "My awesome Immich instance!"; }; @@ -410,11 +400,9 @@ in { }; machineLearning = { - enable = - mkEnableOption "immich machine-learning server" - // { - default = true; - }; + enable = mkEnableOption "immich machine-learning server" // { + default = true; + }; port = mkOption { type = types.port; @@ -430,7 +418,7 @@ in { extraConfig = mkOption { type = types.attrs; - default = {}; + default = { }; example = { MACHINE_LEARNING_MODEL_TTL = 600; }; @@ -451,10 +439,10 @@ in { ]; networking.firewall.allowedTCPPorts = mkMerge [ - (mkIf (backendCfg.enable && backendCfg.openFirewall) [backendCfg.port]) - (mkIf (microservicesCfg.enable && microservicesCfg.openFirewall) [microservicesCfg.port]) - (mkIf (webCfg.enable && webCfg.openFirewall) [webCfg.port]) - (mkIf (mlCfg.enable && mlCfg.openFirewall) [mlCfg.port]) + (mkIf (backendCfg.enable && backendCfg.openFirewall) [ backendCfg.port ]) + (mkIf (microservicesCfg.enable && microservicesCfg.openFirewall) [ microservicesCfg.port ]) + (mkIf (webCfg.enable && webCfg.openFirewall) [ webCfg.port ]) + (mkIf (mlCfg.enable && mlCfg.openFirewall) [ mlCfg.port ]) ]; services.redis.servers.immich.enable = mkIf enableRedis true; @@ -462,15 +450,13 @@ in { systemd.services.immich-server = mkIf backendCfg.enable { description = "Immich backend server (Self-hosted photo and video backup solution)"; - after = - [ - "network.target" - "typesense.service" - "postgresql.service" - "immich-machine-learning.service" - ] - ++ optional enableRedis "redis-immich.service"; - wantedBy = ["multi-user.target"]; + after = [ + "network.target" + "typesense.service" + "postgresql.service" + "immich-machine-learning.service" + ] ++ optional enableRedis "redis-immich.service"; + wantedBy = [ "multi-user.target" ]; environment = serverEnv @@ -491,15 +477,13 @@ in { systemd.services.immich-microservices = mkIf microservicesCfg.enable { description = "Immich microservices (Self-hosted photo and video backup solution)"; - after = - [ - "network.target" - "typesense.service" - "postgresql.service" - "immich-machine-learning.service" - ] - ++ optional enableRedis "redis-immich.service"; - wantedBy = ["multi-user.target"]; + after = [ + "network.target" + "typesense.service" + "postgresql.service" + "immich-machine-learning.service" + ] ++ optional enableRedis "redis-immich.service"; + wantedBy = [ "multi-user.target" ]; environment = serverEnv @@ -524,16 +508,14 @@ in { "network.target" "immich-server.service" ]; - wantedBy = ["multi-user.target"]; + wantedBy = [ "multi-user.target" ]; - environment = - { - NODE_ENV = "production"; - PORT = toString webCfg.port; - IMMICH_SERVER_URL = webCfg.serverUrl; - IMMICH_API_URL_EXTERNAL = webCfg.apiUrlExternal; - } - // mapAttrs (_: toString) webCfg.extraConfig; + environment = { + NODE_ENV = "production"; + PORT = toString webCfg.port; + IMMICH_SERVER_URL = webCfg.serverUrl; + IMMICH_API_URL_EXTERNAL = webCfg.apiUrlExternal; + } // mapAttrs (_: toString) webCfg.extraConfig; script = '' set -euo pipefail @@ -541,68 +523,62 @@ in { export PUBLIC_IMMICH_API_URL_EXTERNAL=$IMMICH_API_URL_EXTERNAL exec ${cfg.package.web}/bin/web ''; - serviceConfig = - commonServiceConfig - // { - DynamicUser = true; - User = "immich-web"; - Group = "immich-web"; + serviceConfig = commonServiceConfig // { + DynamicUser = true; + User = "immich-web"; + Group = "immich-web"; - MemoryDenyWriteExecute = false; # nodejs requires this. + MemoryDenyWriteExecute = false; # nodejs requires this. - TemporaryFileSystem = "/:ro"; - BindReadOnlyPaths = [ - "/nix/store" - "-/etc/resolv.conf" - "-/etc/nsswitch.conf" - "-/etc/hosts" - "-/etc/localtime" - ]; - }; + TemporaryFileSystem = "/:ro"; + BindReadOnlyPaths = [ + "/nix/store" + "-/etc/resolv.conf" + "-/etc/nsswitch.conf" + "-/etc/hosts" + "-/etc/localtime" + ]; + }; }; systemd.services.immich-machine-learning = mkIf mlCfg.enable { description = "Immich machine learning (Self-hosted photo and video backup solution)"; - after = ["network.target"]; - wantedBy = ["multi-user.target"]; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; - environment = - { - NODE_ENV = "production"; - MACHINE_LEARNING_PORT = toString mlCfg.port; + environment = { + NODE_ENV = "production"; + MACHINE_LEARNING_PORT = toString mlCfg.port; - MACHINE_LEARNING_CACHE_FOLDER = "/var/cache/immich-ml"; - TRANSFORMERS_CACHE = "/var/cache/immich-ml"; - } - // mapAttrs (_: toString) mlCfg.extraConfig; + MACHINE_LEARNING_CACHE_FOLDER = "/var/cache/immich-ml"; + TRANSFORMERS_CACHE = "/var/cache/immich-ml"; + } // mapAttrs (_: toString) mlCfg.extraConfig; - serviceConfig = - commonServiceConfig - // { - ExecStart = "${cfg.package.machine-learning}/bin/machine-learning"; - DynamicUser = true; - User = "immich-ml"; - Group = "immich-ml"; + serviceConfig = commonServiceConfig // { + ExecStart = "${cfg.package.machine-learning}/bin/machine-learning"; + DynamicUser = true; + User = "immich-ml"; + Group = "immich-ml"; - MemoryDenyWriteExecute = false; # onnxruntime_pybind11 requires this. - ProcSubset = "all"; # Needs /proc/cpuinfo + MemoryDenyWriteExecute = false; # onnxruntime_pybind11 requires this. + ProcSubset = "all"; # Needs /proc/cpuinfo - CacheDirectory = "immich-ml"; - CacheDirectoryMode = "0700"; + CacheDirectory = "immich-ml"; + CacheDirectoryMode = "0700"; - # TODO gpu access + # TODO gpu access - TemporaryFileSystem = "/:ro"; - BindReadOnlyPaths = [ - "/nix/store" - "-/etc/resolv.conf" - "-/etc/nsswitch.conf" - "-/etc/hosts" - "-/etc/localtime" - ]; - }; + TemporaryFileSystem = "/:ro"; + BindReadOnlyPaths = [ + "/nix/store" + "-/etc/resolv.conf" + "-/etc/nsswitch.conf" + "-/etc/hosts" + "-/etc/localtime" + ]; + }; }; - meta.maintainers = with maintainers; [oddlama]; + meta.maintainers = with maintainers; [ oddlama ]; }; } diff --git a/modules/jellyfin/default.nix b/modules/jellyfin/default.nix index 1615176..33e1cd1 100644 --- a/modules/jellyfin/default.nix +++ b/modules/jellyfin/default.nix @@ -3,5 +3,5 @@ enable = true; }; - users.users.jellyfin.extraGroups = ["transmission"]; + users.users.jellyfin.extraGroups = [ "transmission" ]; } diff --git a/modules/kodi/default.nix b/modules/kodi/default.nix index 1eb104e..41708a1 100644 --- a/modules/kodi/default.nix +++ b/modules/kodi/default.nix @@ -1,20 +1,20 @@ { - config, - lib, pkgs, ... -}: { +}: +{ services.xserver = { enable = true; desktopManager.kodi = { enable = true; - package = pkgs.kodi.withPackages (ps: - with ps; [ + package = pkgs.kodi.withPackages ( + ps: with ps; [ joystick youtube libretro libretro-mgba - ]); + ] + ); }; displayManager.autoLogin = { enable = true; @@ -28,8 +28,8 @@ }; networking.firewall = { - allowedTCPPorts = [8080]; - allowedUDPPorts = [8080]; + allowedTCPPorts = [ 8080 ]; + allowedUDPPorts = [ 8080 ]; }; # environment.systemPackages = with pkgs; [xboxdrv cifs-utils]; diff --git a/modules/loki/default.nix b/modules/loki/default.nix index 79d9738..01d9bc3 100644 --- a/modules/loki/default.nix +++ b/modules/loki/default.nix @@ -1,6 +1,8 @@ -{config, ...}: let +{ config, ... }: +let cfg = config.services.loki; -in { +in +{ services.loki = { enable = true; configuration = { diff --git a/modules/macos-ventura/default.nix b/modules/macos-ventura/default.nix index 128729b..919e4c8 100644 --- a/modules/macos-ventura/default.nix +++ b/modules/macos-ventura/default.nix @@ -1,11 +1,12 @@ -{fleetFlake, ...}: { +{ fleetFlake, ... }: +{ services.macos-ventura = { enable = true; cores = 8; threads = 8; mem = "8G"; vncListenAddr = "0.0.0.0"; - extraQemuFlags = ["-nographic"]; + extraQemuFlags = [ "-nographic" ]; sshPort = 2021; installNix = true; stateless = true; diff --git a/modules/mara/default.nix b/modules/mara/default.nix index 1888ef2..8696519 100644 --- a/modules/mara/default.nix +++ b/modules/mara/default.nix @@ -5,7 +5,8 @@ fleetHmModules, fleetFlake, ... -}: { +}: +{ options.mara = { enable = lib.mkOption { type = lib.types.bool; @@ -14,12 +15,15 @@ modules = lib.mkOption { type = with lib.types; listOf str; - default = ["shell" "git"]; + default = [ + "shell" + "git" + ]; }; packages = lib.mkOption { type = with lib.types; listOf package; - default = []; + default = [ ]; }; autologin = lib.mkOption { @@ -39,7 +43,12 @@ extraGroups = lib.mkOption { type = with lib.types; listOf str; - default = ["wheel" "fuse" "networkmanager" "dialout"]; + default = [ + "wheel" + "fuse" + "networkmanager" + "dialout" + ]; }; }; @@ -54,10 +63,7 @@ openssh.authorizedKeys.keys = config.mara.authorizedKeys; }; - services.getty.autologinUser = - if config.mara.autologin - then "mara" - else null; + services.getty.autologinUser = if config.mara.autologin then "mara" else null; home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; diff --git a/modules/matrix/default.nix b/modules/matrix/default.nix index 5fc24b1..b80803d 100644 --- a/modules/matrix/default.nix +++ b/modules/matrix/default.nix @@ -3,7 +3,8 @@ lib, pkgs, ... -}: let +}: +let clientConfig = { "m.homeserver".base_url = "https://matrix.aciceri.dev"; "org.matrix.msc3575.proxy".url = "https://syncv3.matrix.aciceri.dev"; @@ -14,8 +15,9 @@ add_header Access-Control-Allow-Origin *; return 200 '${builtins.toJSON data}'; ''; -in { - imports = [../nginx-base]; +in +{ + imports = [ ../nginx-base ]; services.nginx.virtualHosts = { "aciceri.dev" = { @@ -58,20 +60,23 @@ in { listeners = [ { port = 8008; - bind_addresses = ["127.0.0.1"]; + bind_addresses = [ "127.0.0.1" ]; type = "http"; tls = false; x_forwarded = true; resources = [ { - names = ["client" "federation"]; + names = [ + "client" + "federation" + ]; compress = true; } ]; } ]; }; - extraConfigFiles = [config.age.secrets.matrix-registration-shared-secret.path]; + extraConfigFiles = [ config.age.secrets.matrix-registration-shared-secret.path ]; }; backup.paths = [ @@ -81,7 +86,7 @@ in { services.postgresqlBackup = { enable = true; - databases = ["matrix-synapse"]; + databases = [ "matrix-synapse" ]; }; services.matrix-sliding-sync = { diff --git a/modules/mediatomb/default.nix b/modules/mediatomb/default.nix index e09bd65..5608e81 100644 --- a/modules/mediatomb/default.nix +++ b/modules/mediatomb/default.nix @@ -11,5 +11,5 @@ ]; }; - users.users.mediatomb.extraGroups = ["transmission"]; + users.users.mediatomb.extraGroups = [ "transmission" ]; } diff --git a/modules/minidlna/default.nix b/modules/minidlna/default.nix index 6a813bd..e5ffae8 100644 --- a/modules/minidlna/default.nix +++ b/modules/minidlna/default.nix @@ -1,4 +1,5 @@ -{config, ...}: { +{ config, ... }: +{ services.minidlna = { enable = true; openFirewall = true; @@ -11,6 +12,6 @@ }; }; - ccr.extraGroups = ["minidlna"]; - users.users.minidlna.extraGroups = ["transmission"]; + ccr.extraGroups = [ "minidlna" ]; + users.users.minidlna.extraGroups = [ "transmission" ]; } diff --git a/modules/minio/default.nix b/modules/minio/default.nix index 1f503af..8f378c3 100644 --- a/modules/minio/default.nix +++ b/modules/minio/default.nix @@ -2,14 +2,15 @@ config, lib, ... -}: { - imports = [../nginx-base]; +}: +{ + imports = [ ../nginx-base ]; services.minio = { enable = true; rootCredentialsFile = config.age.secrets.minio-credentials.path; region = "eu-south-1"; - dataDir = lib.mkForce ["/mnt/hd/minio"]; + dataDir = lib.mkForce [ "/mnt/hd/minio" ]; }; services.nginx.virtualHosts."cache.aciceri.dev" = { @@ -25,8 +26,7 @@ ''; locations."/" = { proxyPass = "http://127.0.0.1:9000"; - extraConfig = '' - ''; + extraConfig = ''''; }; }; } diff --git a/modules/mothership-proxy/default.nix b/modules/mothership-proxy/default.nix index bf9bef4..a1df867 100644 --- a/modules/mothership-proxy/default.nix +++ b/modules/mothership-proxy/default.nix @@ -1,5 +1,6 @@ -{config, ...}: { - imports = [../nginx-base]; +{ ... }: +{ + imports = [ ../nginx-base ]; services.nginx.virtualHosts = { "home.aciceri.dev" = { forceSSL = true; diff --git a/modules/mount-rock5b/default.nix b/modules/mount-rock5b/default.nix index 680c42b..a31eb1c 100644 --- a/modules/mount-rock5b/default.nix +++ b/modules/mount-rock5b/default.nix @@ -2,15 +2,20 @@ pkgs, config, ... -}: { +}: +{ fileSystems."/home/${config.ccr.username}/torrent" = { device = "//sisko.fleet/torrent"; fsType = "cifs"; - options = let - credentials = pkgs.writeText "credentials" '' - username=guest - password= - ''; - in ["credentials=${credentials},x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"]; + options = + let + credentials = pkgs.writeText "credentials" '' + username=guest + password= + ''; + in + [ + "credentials=${credentials},x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s" + ]; }; } diff --git a/modules/networkmanager/default.nix b/modules/networkmanager/default.nix index c5e2c48..7259900 100644 --- a/modules/networkmanager/default.nix +++ b/modules/networkmanager/default.nix @@ -1,5 +1,6 @@ -{lib, ...}: { +{ lib, ... }: +{ networking.networkmanager.enable = true; - ccr.extraGroups = ["networkmanager"]; + ccr.extraGroups = [ "networkmanager" ]; networking.useDHCP = lib.mkDefault true; } diff --git a/modules/nextcloud/default.nix b/modules/nextcloud/default.nix index 0346551..37340e4 100644 --- a/modules/nextcloud/default.nix +++ b/modules/nextcloud/default.nix @@ -2,14 +2,13 @@ config, pkgs, ... -}: let - cfg = config.services.nextcloud; -in { +}: +{ systemd.tmpfiles.rules = [ "d /mnt/raid/nextcloud 770 nextcloud nextcloud" ]; - ccr.extraGroups = ["nextcloud"]; + ccr.extraGroups = [ "nextcloud" ]; services.nextcloud = { enable = true; @@ -23,5 +22,5 @@ in { }; }; - networking.firewall.allowedTCPPorts = [80]; + networking.firewall.allowedTCPPorts = [ 80 ]; } diff --git a/modules/nix-serve/default.nix b/modules/nix-serve/default.nix index bcb1bd5..261b517 100644 --- a/modules/nix-serve/default.nix +++ b/modules/nix-serve/default.nix @@ -2,10 +2,12 @@ config, lib, ... -}: let +}: +let cfg = config.services.my-nix-serve; -in { - imports = [../nginx-base]; +in +{ + imports = [ ../nginx-base ]; options.services.my-nix-serve = { domain = lib.mkOption { type = lib.types.str; diff --git a/modules/nix/default.nix b/modules/nix/default.nix index 737eb63..550aadf 100644 --- a/modules/nix/default.nix +++ b/modules/nix/default.nix @@ -2,9 +2,9 @@ config, lib, fleetFlake, - pkgs, ... -}: { +}: +{ nix = { optimise.automatic = true; @@ -35,7 +35,7 @@ # deprecated-features = [ "url-literals" ]; }; - nixPath = ["nixpkgs=${fleetFlake.inputs.nixpkgs}"]; + nixPath = [ "nixpkgs=${fleetFlake.inputs.nixpkgs}" ]; extraOptions = '' experimental-features = nix-command flakes impure-derivations @@ -48,7 +48,8 @@ options = "--delete-older-than 180d"; }; - registry = lib.mkForce ({ + registry = lib.mkForce ( + { nixpkgs.to = { type = "path"; path = fleetFlake.inputs.nixpkgs; @@ -71,7 +72,8 @@ type = "path"; path = "/home/${config.ccr.username}/.config/emacs"; }; - })); + }) + ); distributedBuilds = true; buildMachines = @@ -79,7 +81,12 @@ hostName = "sisko.fleet"; system = "aarch64-linux"; maxJobs = 7; - supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark"]; + supportedFeatures = [ + "kvm" + "nixos-test" + "big-parallel" + "benchmark" + ]; protocol = "ssh-ng"; sshUser = "root"; sshKey = "/home/${config.ccr.username}/.ssh/id_rsa"; @@ -88,7 +95,12 @@ hostName = "mac.staging.mlabs.city?remote-program=/run/current-system/sw/bin/nix-store"; system = "x86_64-darwin"; maxJobs = 4; - supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark"]; + supportedFeatures = [ + "kvm" + "nixos-test" + "big-parallel" + "benchmark" + ]; protocol = "ssh"; sshUser = "root"; sshKey = "/home/${config.ccr.username}/.ssh/id_rsa"; diff --git a/modules/org-roam-ui/default.nix b/modules/org-roam-ui/default.nix index f3abe34..7b932a4 100644 --- a/modules/org-roam-ui/default.nix +++ b/modules/org-roam-ui/default.nix @@ -1,10 +1,11 @@ -{...}: { +{ ... }: +{ networking.firewall.interfaces."wg0" = { allowedTCPPorts = [ 35901 ]; }; - imports = [../nginx-base]; + imports = [ ../nginx-base ]; services.nginx.virtualHosts = { "roam.aciceri.dev" = { forceSSL = true; diff --git a/modules/paperless/default.nix b/modules/paperless/default.nix index b1c0e6f..6770ce5 100644 --- a/modules/paperless/default.nix +++ b/modules/paperless/default.nix @@ -1,4 +1,5 @@ -{config, ...}: { +{ config, ... }: +{ services.paperless = { enable = true; address = "0.0.0.0"; @@ -7,7 +8,10 @@ consumptionDir = "/mnt/hd/paperless/consume"; settings = { PAPERLESS_OCR_LANGUAGE = "ita+eng"; - PAPERLESS_CONSUMER_IGNORE_PATTERN = builtins.toJSON [".DS_STORE/*" "desktop.ini"]; + PAPERLESS_CONSUMER_IGNORE_PATTERN = builtins.toJSON [ + ".DS_STORE/*" + "desktop.ini" + ]; PAPERLESS_OCR_USER_ARGS = builtins.toJSON { optimize = 1; pdfa_image_compression = "lossless"; diff --git a/modules/pipewire/default.nix b/modules/pipewire/default.nix index b2d9a1b..8b69935 100644 --- a/modules/pipewire/default.nix +++ b/modules/pipewire/default.nix @@ -1,4 +1,5 @@ -{lib, ...}: { +{ lib, ... }: +{ services.pipewire.enable = true; hardware.pulseaudio = { diff --git a/modules/plex/default.nix b/modules/plex/default.nix index 650a29a..dcf446b 100644 --- a/modules/plex/default.nix +++ b/modules/plex/default.nix @@ -9,5 +9,5 @@ "d /mnt/raid/plex 770 plex plex" ]; - users.users.plex.extraGroups = ["transmission"]; + users.users.plex.extraGroups = [ "transmission" ]; } diff --git a/modules/printing/default.nix b/modules/printing/default.nix index 10c1539..254ec26 100644 --- a/modules/printing/default.nix +++ b/modules/printing/default.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ services.avahi = { enable = true; # Important to resolve .local domains of printers, otherwise you get an error @@ -11,7 +12,7 @@ services.printing = { enable = true; drivers = [ - (pkgs.callPackage ./driver.nix {}) + (pkgs.callPackage ./driver.nix { }) ]; }; } diff --git a/modules/printing/driver.nix b/modules/printing/driver.nix index e2c5c2d..46a4d96 100644 --- a/modules/printing/driver.nix +++ b/modules/printing/driver.nix @@ -12,8 +12,13 @@ coreutils, gnugrep, which, -}: let - arches = ["x86_64" "i686" "armv7l"]; +}: +let + arches = [ + "x86_64" + "i686" + "armv7l" + ]; runtimeDeps = [ ghostscript @@ -24,63 +29,67 @@ which ]; in - stdenv.mkDerivation rec { - pname = "cups-brother-mfcl2710dw"; - version = "4.0.0-1"; +stdenv.mkDerivation rec { + pname = "cups-brother-mfcl2710dw"; + version = "4.0.0-1"; - nativeBuildInputs = [dpkg makeWrapper autoPatchelfHook]; - buildInputs = [perl]; + nativeBuildInputs = [ + dpkg + makeWrapper + autoPatchelfHook + ]; + buildInputs = [ perl ]; - dontUnpack = true; + dontUnpack = true; - src = fetchurl { - url = "https://download.brother.com/welcome/dlf103526/mfcl2710dwpdrv-${version}.i386.deb"; - hash = "sha256-OOTvbCuyxw4k01CTMuBqG2boMN13q5xC7LacaweGmyw="; - }; + src = fetchurl { + url = "https://download.brother.com/welcome/dlf103526/mfcl2710dwpdrv-${version}.i386.deb"; + hash = "sha256-OOTvbCuyxw4k01CTMuBqG2boMN13q5xC7LacaweGmyw="; + }; - installPhase = - '' - runHook preInstall + installPhase = + '' + runHook preInstall - mkdir -p $out - dpkg-deb -x $src $out + mkdir -p $out + dpkg-deb -x $src $out - # delete unnecessary files for the current architecture - '' - + lib.concatMapStrings (arch: '' - echo Deleting files for ${arch} - rm -r "$out/opt/brother/Printers/MFCL2710DW/lpd/${arch}" - '') (builtins.filter (arch: arch != stdenv.hostPlatform.linuxArch) arches) - + '' + # delete unnecessary files for the current architecture + '' + + lib.concatMapStrings (arch: '' + echo Deleting files for ${arch} + rm -r "$out/opt/brother/Printers/MFCL2710DW/lpd/${arch}" + '') (builtins.filter (arch: arch != stdenv.hostPlatform.linuxArch) arches) + + '' - # bundled scripts don't understand the arch subdirectories for some reason - ln -s \ - "$out/opt/brother/Printers/MFCL2710DW/lpd/${stdenv.hostPlatform.linuxArch}/"* \ - "$out/opt/brother/Printers/MFCL2710DW/lpd/" + # bundled scripts don't understand the arch subdirectories for some reason + ln -s \ + "$out/opt/brother/Printers/MFCL2710DW/lpd/${stdenv.hostPlatform.linuxArch}/"* \ + "$out/opt/brother/Printers/MFCL2710DW/lpd/" - # Fix global references and replace auto discovery mechanism with hardcoded values - substituteInPlace $out/opt/brother/Printers/MFCL2710DW/lpd/lpdfilter \ - --replace /opt "$out/opt" \ - --replace "my \$BR_PRT_PATH =" "my \$BR_PRT_PATH = \"$out/opt/brother/Printers/MFCL2710DW\"; #" \ - --replace "PRINTER =~" "PRINTER = \"MFCL2710DW\"; #" + # Fix global references and replace auto discovery mechanism with hardcoded values + substituteInPlace $out/opt/brother/Printers/MFCL2710DW/lpd/lpdfilter \ + --replace /opt "$out/opt" \ + --replace "my \$BR_PRT_PATH =" "my \$BR_PRT_PATH = \"$out/opt/brother/Printers/MFCL2710DW\"; #" \ + --replace "PRINTER =~" "PRINTER = \"MFCL2710DW\"; #" - # Make sure all executables have the necessary runtime dependencies available - find "$out" -executable -and -type f | while read file; do - wrapProgram "$file" --prefix PATH : "${lib.makeBinPath runtimeDeps}" - done + # Make sure all executables have the necessary runtime dependencies available + find "$out" -executable -and -type f | while read file; do + wrapProgram "$file" --prefix PATH : "${lib.makeBinPath runtimeDeps}" + done - # Symlink filter and ppd into a location where CUPS will discover it - mkdir -p $out/lib/cups/filter - mkdir -p $out/share/cups/model + # Symlink filter and ppd into a location where CUPS will discover it + mkdir -p $out/lib/cups/filter + mkdir -p $out/share/cups/model - ln -s \ - $out/opt/brother/Printers/MFCL2710DW/lpd/lpdfilter \ - $out/lib/cups/filter/brother_lpdwrapper_MFCL2710DW + ln -s \ + $out/opt/brother/Printers/MFCL2710DW/lpd/lpdfilter \ + $out/lib/cups/filter/brother_lpdwrapper_MFCL2710DW - ln -s \ - $out/opt/brother/Printers/MFCL2710DW/cupswrapper/brother-MFCL2710DW-cups-en.ppd \ - $out/share/cups/model/ + ln -s \ + $out/opt/brother/Printers/MFCL2710DW/cupswrapper/brother-MFCL2710DW-cups-en.ppd \ + $out/share/cups/model/ - runHook postInstall - ''; - } + runHook postInstall + ''; +} diff --git a/modules/prometheus-exporters/default.nix b/modules/prometheus-exporters/default.nix index f183852..4d1a70e 100644 --- a/modules/prometheus-exporters/default.nix +++ b/modules/prometheus-exporters/default.nix @@ -1,56 +1,89 @@ { config, - pkgs, lib, ... -}: let +}: +let hostname = config.networking.hostName; mkFor = hosts: lib.mkIf (builtins.elem hostname hosts); -in { +in +{ services.prometheus.exporters = { - node = mkFor ["sisko" "picard" "kirk"] { - enable = true; - enabledCollectors = [ - "cpu" - "conntrack" - "diskstats" - "entropy" - "filefd" - "filesystem" - "loadavg" - "mdadm" - "meminfo" - "netdev" - "netstat" - "stat" - "time" - "vmstat" - "systemd" - "logind" - "interrupts" - "ksmd" - "textfile" - "pressure" - ]; - extraFlags = ["--collector.ethtool" "--collector.softirqs" "--collector.tcpstat" "--collector.wifi"]; - }; - wireguard = mkFor ["sisko" "picard" "kirk"] { - enable = true; - }; - zfs = mkFor ["picard" "kirk"] { - enable = true; - }; + node = + mkFor + [ + "sisko" + "picard" + "kirk" + ] + { + enable = true; + enabledCollectors = [ + "cpu" + "conntrack" + "diskstats" + "entropy" + "filefd" + "filesystem" + "loadavg" + "mdadm" + "meminfo" + "netdev" + "netstat" + "stat" + "time" + "vmstat" + "systemd" + "logind" + "interrupts" + "ksmd" + "textfile" + "pressure" + ]; + extraFlags = [ + "--collector.ethtool" + "--collector.softirqs" + "--collector.tcpstat" + "--collector.wifi" + ]; + }; + wireguard = + mkFor + [ + "sisko" + "picard" + "kirk" + ] + { + enable = true; + }; + zfs = + mkFor + [ + "picard" + "kirk" + ] + { + enable = true; + }; # restic = mkFor ["sisko"] { # enable = true; # }; - postgres = mkFor ["sisko"] { + postgres = mkFor [ "sisko" ] { enable = true; }; - nginx = mkFor ["sisko"] { - enable = true; - }; - smartctl = mkFor ["sisko" "picard" "kirk"] { + nginx = mkFor [ "sisko" ] { enable = true; }; + smartctl = + mkFor + [ + "sisko" + "picard" + "kirk" + ] + { + enable = true; + }; }; } diff --git a/modules/prometheus/default.nix b/modules/prometheus/default.nix index cd52e90..382d4e8 100644 --- a/modules/prometheus/default.nix +++ b/modules/prometheus/default.nix @@ -1,6 +1,8 @@ -{config, ...}: let +{ config, ... }: +let cfg = config.services.prometheus; -in { +in +{ services.prometheus = { enable = true; pushgateway = { @@ -19,7 +21,9 @@ in { bearer_token_file = config.age.secrets.home-assistant-token.path; static_configs = [ { - targets = ["sisko.fleet:${builtins.toString config.services.home-assistant.config.http.server_port}"]; + targets = [ + "sisko.fleet:${builtins.toString config.services.home-assistant.config.http.server_port}" + ]; } ]; } @@ -27,7 +31,7 @@ in { job_name = "pushgateway"; static_configs = [ { - targets = [cfg.pushgateway.web.listen-address]; + targets = [ cfg.pushgateway.web.listen-address ]; } ]; } @@ -35,7 +39,11 @@ in { job_name = "node"; static_configs = [ { - targets = builtins.map (host: "${host}.fleet:9100") ["sisko" "picard" "kirk"]; + targets = builtins.map (host: "${host}.fleet:9100") [ + "sisko" + "picard" + "kirk" + ]; } ]; } @@ -43,7 +51,10 @@ in { job_name = "wireguard"; static_configs = [ { - targets = builtins.map (host: "${host}.fleet:9586") ["picard" "kirk"]; + targets = builtins.map (host: "${host}.fleet:9586") [ + "picard" + "kirk" + ]; } ]; } @@ -51,7 +62,10 @@ in { job_name = "zfs"; static_configs = [ { - targets = builtins.map (host: "${host}.fleet:9134") ["picard" "kirk"]; + targets = builtins.map (host: "${host}.fleet:9134") [ + "picard" + "kirk" + ]; } ]; } @@ -59,7 +73,7 @@ in { job_name = "restic"; static_configs = [ { - targets = builtins.map (host: "${host}.fleet:9753") ["sisko"]; + targets = builtins.map (host: "${host}.fleet:9753") [ "sisko" ]; } ]; } @@ -67,7 +81,7 @@ in { job_name = "postgres"; static_configs = [ { - targets = builtins.map (host: "${host}.fleet:9187") ["sisko"]; + targets = builtins.map (host: "${host}.fleet:9187") [ "sisko" ]; } ]; } @@ -75,7 +89,7 @@ in { job_name = "nginx"; static_configs = [ { - targets = builtins.map (host: "${host}.fleet:9117") ["sisko"]; + targets = builtins.map (host: "${host}.fleet:9117") [ "sisko" ]; } ]; } @@ -83,7 +97,11 @@ in { job_name = "smartctl"; static_configs = [ { - targets = builtins.map (host: "${host}.fleet:9633") ["sisko" "kirk" "picard"]; + targets = builtins.map (host: "${host}.fleet:9633") [ + "sisko" + "kirk" + "picard" + ]; } ]; } diff --git a/modules/promtail/default.nix b/modules/promtail/default.nix index f6d7621..f2ab2ef 100644 --- a/modules/promtail/default.nix +++ b/modules/promtail/default.nix @@ -3,7 +3,8 @@ lib, config, ... -}: let +}: +let conf = { server = { http_listen_port = 28183; @@ -11,7 +12,9 @@ }; clients = [ { - url = "http://sisko.fleet:${builtins.toString config.services.loki.configuration.server.http_listen_port or 3100}/loki/api/v1/push"; + url = "http://sisko.fleet:${ + builtins.toString config.services.loki.configuration.server.http_listen_port or 3100 + }/loki/api/v1/push"; } ]; positions = { @@ -29,7 +32,7 @@ }; relabel_configs = [ { - source_labels = ["__journal__systemd_unit"]; + source_labels = [ "__journal__systemd_unit" ]; target_label = "unit"; } ]; @@ -38,12 +41,13 @@ }; configFile = pkgs.writeTextFile { name = "promtail.yaml"; - text = lib.generators.toYAML {} conf; + text = lib.generators.toYAML { } conf; }; -in { +in +{ systemd.services.promtail = { description = "Promtail service for Loki"; - wantedBy = ["multi-user.target"]; + wantedBy = [ "multi-user.target" ]; serviceConfig = { ExecStart = '' diff --git a/modules/qmk-udev/default.nix b/modules/qmk-udev/default.nix index 8a9b4ba..5bfd1e6 100644 --- a/modules/qmk-udev/default.nix +++ b/modules/qmk-udev/default.nix @@ -1,3 +1,4 @@ -{pkgs, ...}: { - services.udev.packages = [pkgs.qmk-udev-rules]; +{ pkgs, ... }: +{ + services.udev.packages = [ pkgs.qmk-udev-rules ]; } diff --git a/modules/remote-xfce/default.nix b/modules/remote-xfce/default.nix index af0b332..c9889f7 100644 --- a/modules/remote-xfce/default.nix +++ b/modules/remote-xfce/default.nix @@ -1,8 +1,8 @@ { pkgs, - config, ... -}: { +}: +{ # nixpkgs.config.pulseaudio = true; # services.xrdp = { # enable = true; @@ -16,11 +16,14 @@ # }; # displayManager.defaultSession = "xfce"; # }; - environment.systemPackages = with pkgs; [sunshine superTuxKart]; + environment.systemPackages = with pkgs; [ + sunshine + superTuxKart + ]; - boot.kernelModules = ["uinput"]; + boot.kernelModules = [ "uinput" ]; - users.groups.input.members = ["ccr"]; + users.groups.input.members = [ "ccr" ]; services.udev.extraRules = '' KERNEL=="uinput", SUBSYSTEM=="misc", OPTIONS+="static_node=uinput", TAG+="uaccess"' | diff --git a/modules/restic/default.nix b/modules/restic/default.nix index 52da5cf..0d082b3 100644 --- a/modules/restic/default.nix +++ b/modules/restic/default.nix @@ -3,11 +3,13 @@ pkgs, lib, ... -}: let +}: +let user = "u382036-sub1"; host = "u382036.your-storagebox.de"; port = "23"; -in { +in +{ age.secrets = { HETZNER_STORAGE_BOX_SISKO_SSH_PASSWORD = { file = ../../secrets/hetzner-storage-box-sisko-ssh-password.age; @@ -19,10 +21,12 @@ in { }; }; - services.openssh.knownHosts."${host}".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs"; + services.openssh.knownHosts."${ + host + }".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs"; services.restic.backups.sisko = { - paths = ["/persist"]; + paths = [ "/persist" ]; passwordFile = config.age.secrets.SISKO_RESTIC_PASSWORD.path; extraOptions = [ "sftp.command='${lib.getExe pkgs.sshpass} -f ${config.age.secrets.HETZNER_STORAGE_BOX_SISKO_SSH_PASSWORD.path} ssh -p${port} ${user}@${host} -s sftp'" diff --git a/modules/rock5b-proxy/default.nix b/modules/rock5b-proxy/default.nix index 6e51923..926f664 100644 --- a/modules/rock5b-proxy/default.nix +++ b/modules/rock5b-proxy/default.nix @@ -1,7 +1,8 @@ -{config, ...}: { - imports = [../nginx-base]; +{ config, ... }: +{ + imports = [ ../nginx-base ]; services.nginx.virtualHosts = { - localhost.listen = [{addr = "127.0.0.1";}]; + localhost.listen = [ { addr = "127.0.0.1"; } ]; "home.aciceri.dev" = { forceSSL = true; enableACME = true; diff --git a/modules/rock5b-samba/default.nix b/modules/rock5b-samba/default.nix index e26c8b8..3791c92 100644 --- a/modules/rock5b-samba/default.nix +++ b/modules/rock5b-samba/default.nix @@ -36,7 +36,10 @@ }; networking.firewall = { - allowedTCPPorts = [139 445]; - allowedUDPPorts = [138]; + allowedTCPPorts = [ + 139 + 445 + ]; + allowedUDPPorts = [ 138 ]; }; } diff --git a/modules/searx/default.nix b/modules/searx/default.nix index 8d18188..85f616f 100644 --- a/modules/searx/default.nix +++ b/modules/searx/default.nix @@ -1,10 +1,14 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ services.searx = { enable = true; package = pkgs.searxng; settings = { server.secret_key = "secret"; - search.formats = ["html" "json"]; + search.formats = [ + "html" + "json" + ]; }; }; } diff --git a/modules/ssh-initrd/default.nix b/modules/ssh-initrd/default.nix index 07b7c5a..79a936d 100644 --- a/modules/ssh-initrd/default.nix +++ b/modules/ssh-initrd/default.nix @@ -2,7 +2,8 @@ config, pkgs, ... -}: { +}: +{ # For unlocking the disk connect using ssh and type # systemctl start initrd-nixos-activation boot.initrd = { diff --git a/modules/ssh/default.nix b/modules/ssh/default.nix index 8f8033a..fdcb9ad 100644 --- a/modules/ssh/default.nix +++ b/modules/ssh/default.nix @@ -1,4 +1,5 @@ -{fleetFlake, ...}: { +{ fleetFlake, ... }: +{ services = { openssh = { enable = true; @@ -15,5 +16,7 @@ }; # This makes sense only because I'm the only user for these machines - users.users.root.openssh.authorizedKeys.keys = builtins.attrValues (with (import "${fleetFlake}/lib"); keys.users // keys.hosts); + users.users.root.openssh.authorizedKeys.keys = builtins.attrValues ( + with (import "${fleetFlake}/lib"); keys.users // keys.hosts + ); } diff --git a/modules/syncthing/default.nix b/modules/syncthing/default.nix index 0acb3dc..b857df4 100644 --- a/modules/syncthing/default.nix +++ b/modules/syncthing/default.nix @@ -1,4 +1,5 @@ -{config, ...}: { +{ config, ... }: +{ services = { syncthing = { enable = true; @@ -45,7 +46,12 @@ kirk = "/home/${config.ccr.username}/org"; } .${config.networking.hostName}; - devices = ["picard" "sisko" "kirk" "oneplus8t"]; + devices = [ + "picard" + "sisko" + "kirk" + "oneplus8t" + ]; }; sync = { path = @@ -55,7 +61,11 @@ kirk = "/home/${config.ccr.username}/sync"; } .${config.networking.hostName}; - devices = ["picard" "sisko" "kirk"]; + devices = [ + "picard" + "sisko" + "kirk" + ]; }; }; }; diff --git a/modules/teamviewer/default.nix b/modules/teamviewer/default.nix index 6ed6177..e4f20e2 100644 --- a/modules/teamviewer/default.nix +++ b/modules/teamviewer/default.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ services.teamviewer.enable = true; - ccr.packages = [pkgs.teamviewer]; + ccr.packages = [ pkgs.teamviewer ]; } diff --git a/modules/transmission/default.nix b/modules/transmission/default.nix index c1bcc3d..2a1f3cb 100644 --- a/modules/transmission/default.nix +++ b/modules/transmission/default.nix @@ -1,4 +1,5 @@ -{config, ...}: { +{ config, ... }: +{ services.transmission = { enable = true; openRPCPort = true; @@ -44,7 +45,7 @@ "d /mnt/hd/torrent/.incomplete 770 transmission transmission" ]; - ccr.extraGroups = ["transmission"]; + ccr.extraGroups = [ "transmission" ]; environment.persistence."/persist".directories = [ config.services.transmission.home diff --git a/modules/virt-manager/default.nix b/modules/virt-manager/default.nix index 08097fe..37863e6 100644 --- a/modules/virt-manager/default.nix +++ b/modules/virt-manager/default.nix @@ -1,6 +1,7 @@ -{config, ...}: { +{ config, ... }: +{ programs.virt-manager.enable = true; virtualisation.libvirtd.enable = true; - users.users."${config.ccr.username}".extraGroups = ["libvirtd"]; + users.users."${config.ccr.username}".extraGroups = [ "libvirtd" ]; virtualisation.libvirtd.qemu.swtpm.enable = true; } diff --git a/modules/vm-mara/default.nix b/modules/vm-mara/default.nix index b1e8051..ff3e7c9 100644 --- a/modules/vm-mara/default.nix +++ b/modules/vm-mara/default.nix @@ -1,10 +1,10 @@ { - config, pkgs, # lib, # fleetFlake, ... -}: { +}: +{ security.polkit.enable = true; virtualisation.libvirtd.enable = true; @@ -117,35 +117,37 @@ # -audiodev alsa,id=snd0,out.try-poll=off -device ich9-intel-hda -device hda-output,audiodev=snd0 \ # -device vfio-pci,host=00:02.0 \ - systemd.services.vm-mara = let - start-vm = pkgs.writeShellApplication { - name = "start-vm"; - runtimeInputs = with pkgs; [qemu]; - text = '' - [ ! -f /var/lib/vm-mara/w10.qcow2 ] && \ - qemu-img create -f qcow2 /var/lib/vm-mara/w10.qcow2 50G + systemd.services.vm-mara = + let + start-vm = pkgs.writeShellApplication { + name = "start-vm"; + runtimeInputs = with pkgs; [ qemu ]; + text = '' + [ ! -f /var/lib/vm-mara/w10.qcow2 ] && \ + qemu-img create -f qcow2 /var/lib/vm-mara/w10.qcow2 50G - qemu-system-x86_64 \ - -enable-kvm \ - -cpu host,kvm=off,hv-spinlocks=819,hv-vapic=on,hv-relaxed=on,hv-vendor-id="IrisXE" \ - -smp 4 \ - -m 8192 \ - -nic user,model=virtio-net-pci,hostfwd=tcp::3389-:3389,hostfwd=tcp::47989-:47989,hostfwd=tcp::47990-:47990,hostfwd=tcp::47984-:47984,hostfwd=tcp::48010-:48010,hostfwd=udp::47998-:47988,hostfwd=udp::47999-:47999,hostfwd=udp::48000-:48000,hostfwd=udp::48002-:48002,hostfwd=udp::48003-:48003,hostfwd=udp::48004-:48004,hostfwd=udp::48005-:48005,hostfwd=udp::48006-:48006,hostfwd=udp::48007-:48007,hostfwd=udp::48008-:48008,hostfwd=udp::48009-:48009,hostfwd=udp::48010-:48010 \ - -cdrom /var/lib/vm-mara/virtio-win.iso \ - -device nec-usb-xhci,id=usb,bus=pci.0,addr=0x4 \ - -device usb-tablet \ - -vnc :0 \ - -nographic \ - -vga none \ - -drive file=/var/lib/vm-mara/w10.qcow2 \ - -device vfio-pci,host=00:02.0,addr=03.0,x-vga=on,multifunction=on,romfile=${./adls_dmc_ver2_01.bin} - ''; + qemu-system-x86_64 \ + -enable-kvm \ + -cpu host,kvm=off,hv-spinlocks=819,hv-vapic=on,hv-relaxed=on,hv-vendor-id="IrisXE" \ + -smp 4 \ + -m 8192 \ + -nic user,model=virtio-net-pci,hostfwd=tcp::3389-:3389,hostfwd=tcp::47989-:47989,hostfwd=tcp::47990-:47990,hostfwd=tcp::47984-:47984,hostfwd=tcp::48010-:48010,hostfwd=udp::47998-:47988,hostfwd=udp::47999-:47999,hostfwd=udp::48000-:48000,hostfwd=udp::48002-:48002,hostfwd=udp::48003-:48003,hostfwd=udp::48004-:48004,hostfwd=udp::48005-:48005,hostfwd=udp::48006-:48006,hostfwd=udp::48007-:48007,hostfwd=udp::48008-:48008,hostfwd=udp::48009-:48009,hostfwd=udp::48010-:48010 \ + -cdrom /var/lib/vm-mara/virtio-win.iso \ + -device nec-usb-xhci,id=usb,bus=pci.0,addr=0x4 \ + -device usb-tablet \ + -vnc :0 \ + -nographic \ + -vga none \ + -drive file=/var/lib/vm-mara/w10.qcow2 \ + -device vfio-pci,host=00:02.0,addr=03.0,x-vga=on,multifunction=on,romfile=${./adls_dmc_ver2_01.bin} + ''; + }; + in + { + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + serviceConfig = { + ExecStart = "${start-vm}/bin/start-vm"; + }; }; - in { - wantedBy = ["multi-user.target"]; - after = ["network.target"]; - serviceConfig = { - ExecStart = "${start-vm}/bin/start-vm"; - }; - }; } diff --git a/modules/vm-mara/i915-sriov-dkms.nix b/modules/vm-mara/i915-sriov-dkms.nix index 894ee01..892b4ae 100644 --- a/modules/vm-mara/i915-sriov-dkms.nix +++ b/modules/vm-mara/i915-sriov-dkms.nix @@ -2,9 +2,9 @@ stdenv, kernel, fetchFromGitHub, - runCommand, ... -}: let +}: +let m = stdenv.mkDerivation rec { name = "i915-sriov-dkms"; version = "4d89a1d5ba8c66308e3276c5297eda838c70cc31"; @@ -22,32 +22,29 @@ export sourceRoot=$(pwd)/source ''; - makeFlags = - kernel.makeFlags - ++ [ - "-C" - "${kernel.dev}/lib/modules/${kernel.modDirVersion}/build" - "M=$(sourceRoot)" - "KVER=${kernel.version}" - ]; + makeFlags = kernel.makeFlags ++ [ + "-C" + "${kernel.dev}/lib/modules/${kernel.modDirVersion}/build" + "M=$(sourceRoot)" + "KVER=${kernel.version}" + ]; # installPhase = '' # install -D i915.ko $out/lib/modules/${kernel.modDirVersion}/kernel/drivers/gpu/drm/i915/i915.ko # ''; - installFlags = ["INSTALL_MOD_PATH=${placeholder "out"}"]; + installFlags = [ "INSTALL_MOD_PATH=${placeholder "out"}" ]; - installTargets = ["modules_install"]; + installTargets = [ "modules_install" ]; enableParallelBuilding = true; # meta.priority = -10; }; in - m +m # in runCommand "test" {} '' # # mkdir -p $out/lib/modules/6.1.30/kernel/drivers/gpu/drm/i915 # mkdir -p $out/lib/modules/6.1.30/extra # cp ${m}/lib/modules/6.1.30/extra/i915.ko.xz $out/lib/modules/6.1.30/extra/foo.ko.xz # '' - diff --git a/modules/vm-sala/default.nix b/modules/vm-sala/default.nix index 4dc5457..5702a2a 100644 --- a/modules/vm-sala/default.nix +++ b/modules/vm-sala/default.nix @@ -1,9 +1,9 @@ { pkgs, - lib, fleetFlake, ... -}: { +}: +{ security.polkit.enable = true; virtualisation.libvirtd.enable = true; @@ -11,7 +11,7 @@ 2222 ]; - imports = [../nginx-base]; + imports = [ ../nginx-base ]; services.nginx.virtualHosts."git.slavni.aciceri.dev" = { forceSSL = true; @@ -21,67 +21,74 @@ }; }; - systemd.services.vm-sala = let - initial-config = fleetFlake.inputs.nixos-generators.nixosGenerate { - system = "x86_64-linux"; - modules = [ - # fleetFlake.inputs.nixos-vscode-server.nixosModule - ({ - modulesPath, - lib, - config, - ... - }: { - # services.vscode-server = { - # enable = true; - # enableFHS = true; - # }; - system.build.qcow = lib.mkForce (import "${toString modulesPath}/../lib/make-disk-image.nix" { - inherit lib config pkgs; - diskSize = 50 * 1024; - format = "qcow2"; - partitionTableType = "hybrid"; - }); - services.openssh.enable = true; - environment.systemPackages = with pkgs; [ - vim - git - htop - ]; - users.users.root = { - password = "password"; - openssh.authorizedKeys.keys = [ - (import "${fleetFlake.outPath}/lib").keys.users.ccr-ssh - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7qikwR0a4LDoMQIVvtX+gyJ41OsAOWe8RcXc4ksIBP9x1nCcSrItlgC2soADB77QGIgyeyLGmnTCtMj5/s8NdREAycPeXLii1WRakbT7oZ/hTEmvAgObpadeYJn3LhaUDNtmsnAqqh2pRpCpSsAdhfIt+YyV4VgRYSfaa12Ozp/H6NI9bJMNttmG8TmY9V4zyskV9bE+up9y8Yuck2bZV/GjQe6UWgxsiC3XPSrFFGuxyaFMRGsc8h86xVwTAmwaHESEFhRvHD4EtdPNss0jqmSI6m4AoSZQ2wq7eiH8ZiYzERF0FnEFf4UsyOTM7j78bfogNLfKrdcEIPLrNNFFc3Iarfe9CJn3DdSnwwPnhFU1MBBXSbGOp1IyN3+gpjHwLMPzozlDAVqOwx6XpnpF78VpeknFBHCbkcKC/R0MXzqf900wH3i2HvfB7v9e9EUFzCQ0vUC+1Og+BFw3F5VSo0QtZyLc4BJ/akBs5mEE6TnuWQa/GhlY8Lz7wbcV1AaBOAQdx+NTbL/+Q31SJ1XsXtGtXCrwMY9noUTyVfpGVXo7Mn4HSslmeQ9SKfYKjyetkBR/1f8a47O3rCggjBy1AlfLjgbERnXy+0Ma4T8lnPZAKt3s9Ya1JupZ7SO7D5j7WfPKP+60c372/RrX1wXsxEeLvBJ0jd8GnSCXDOuvHTQ==" - ]; - }; - }) - ]; - format = "qcow"; - }; - image = "${initial-config}/nixos.qcow2"; - start-vm = pkgs.writeShellApplication { - name = "start-vm"; - runtimeInputs = with pkgs; [qemu]; - text = '' - [ ! -f /var/lib/vm-sala/nixos.qcow2 ] && \ - install ${image} /var/lib/vm-sala + systemd.services.vm-sala = + let + initial-config = fleetFlake.inputs.nixos-generators.nixosGenerate { + system = "x86_64-linux"; + modules = [ + # fleetFlake.inputs.nixos-vscode-server.nixosModule + ( + { + modulesPath, + lib, + config, + ... + }: + { + # services.vscode-server = { + # enable = true; + # enableFHS = true; + # }; + system.build.qcow = lib.mkForce ( + import "${toString modulesPath}/../lib/make-disk-image.nix" { + inherit lib config pkgs; + diskSize = 50 * 1024; + format = "qcow2"; + partitionTableType = "hybrid"; + } + ); + services.openssh.enable = true; + environment.systemPackages = with pkgs; [ + vim + git + htop + ]; + users.users.root = { + password = "password"; + openssh.authorizedKeys.keys = [ + (import "${fleetFlake.outPath}/lib").keys.users.ccr-ssh + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7qikwR0a4LDoMQIVvtX+gyJ41OsAOWe8RcXc4ksIBP9x1nCcSrItlgC2soADB77QGIgyeyLGmnTCtMj5/s8NdREAycPeXLii1WRakbT7oZ/hTEmvAgObpadeYJn3LhaUDNtmsnAqqh2pRpCpSsAdhfIt+YyV4VgRYSfaa12Ozp/H6NI9bJMNttmG8TmY9V4zyskV9bE+up9y8Yuck2bZV/GjQe6UWgxsiC3XPSrFFGuxyaFMRGsc8h86xVwTAmwaHESEFhRvHD4EtdPNss0jqmSI6m4AoSZQ2wq7eiH8ZiYzERF0FnEFf4UsyOTM7j78bfogNLfKrdcEIPLrNNFFc3Iarfe9CJn3DdSnwwPnhFU1MBBXSbGOp1IyN3+gpjHwLMPzozlDAVqOwx6XpnpF78VpeknFBHCbkcKC/R0MXzqf900wH3i2HvfB7v9e9EUFzCQ0vUC+1Og+BFw3F5VSo0QtZyLc4BJ/akBs5mEE6TnuWQa/GhlY8Lz7wbcV1AaBOAQdx+NTbL/+Q31SJ1XsXtGtXCrwMY9noUTyVfpGVXo7Mn4HSslmeQ9SKfYKjyetkBR/1f8a47O3rCggjBy1AlfLjgbERnXy+0Ma4T8lnPZAKt3s9Ya1JupZ7SO7D5j7WfPKP+60c372/RrX1wXsxEeLvBJ0jd8GnSCXDOuvHTQ==" + ]; + }; + } + ) + ]; + format = "qcow"; + }; + image = "${initial-config}/nixos.qcow2"; + start-vm = pkgs.writeShellApplication { + name = "start-vm"; + runtimeInputs = with pkgs; [ qemu ]; + text = '' + [ ! -f /var/lib/vm-sala/nixos.qcow2 ] && \ + install ${image} /var/lib/vm-sala - qemu-system-x86_64 \ - -enable-kvm \ - -cpu host \ - -smp 2 \ - -m 4096 \ - -nic user,model=virtio-net-pci,hostfwd=tcp::2222-:22,hostfwd=tcp::13000-:3000 \ - -nographic \ - -drive file=/var/lib/vm-sala/nixos.qcow2 - ''; + qemu-system-x86_64 \ + -enable-kvm \ + -cpu host \ + -smp 2 \ + -m 4096 \ + -nic user,model=virtio-net-pci,hostfwd=tcp::2222-:22,hostfwd=tcp::13000-:3000 \ + -nographic \ + -drive file=/var/lib/vm-sala/nixos.qcow2 + ''; + }; + in + { + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + serviceConfig = { + ExecStart = "${start-vm}/bin/start-vm"; + }; }; - in { - wantedBy = ["multi-user.target"]; - after = ["network.target"]; - serviceConfig = { - ExecStart = "${start-vm}/bin/start-vm"; - }; - }; } diff --git a/modules/vm-ubuntu/default.nix b/modules/vm-ubuntu/default.nix index 9c07fe5..f7c4518 100644 --- a/modules/vm-ubuntu/default.nix +++ b/modules/vm-ubuntu/default.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ virtualisation.libvirtd.enable = true; networking.firewall.interfaces."wg0" = { @@ -10,25 +11,27 @@ ]; }; - systemd.services.vm-ubuntu = let - start-vm = pkgs.writeShellApplication { - name = "start-vm"; - runtimeInputs = with pkgs; [qemu]; - text = '' - qemu-system-x86_64 \ - -enable-kvm \ - -cpu host,kvm=on,hv-vendor_id="GenuineIntel" \ - -smp 4 \ - -m 8192 \ - -nic user,model=virtio-net-pci,hostfwd=tcp::60022-:22,hostfwd=tcp::8545-:8545 \ - -drive file=/var/lib/vm-ubuntu/ubuntu.qcow2 - ''; + systemd.services.vm-ubuntu = + let + start-vm = pkgs.writeShellApplication { + name = "start-vm"; + runtimeInputs = with pkgs; [ qemu ]; + text = '' + qemu-system-x86_64 \ + -enable-kvm \ + -cpu host,kvm=on,hv-vendor_id="GenuineIntel" \ + -smp 4 \ + -m 8192 \ + -nic user,model=virtio-net-pci,hostfwd=tcp::60022-:22,hostfwd=tcp::8545-:8545 \ + -drive file=/var/lib/vm-ubuntu/ubuntu.qcow2 + ''; + }; + in + { + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + serviceConfig = { + ExecStart = "${start-vm}/bin/start-vm"; + }; }; - in { - wantedBy = ["multi-user.target"]; - after = ["network.target"]; - serviceConfig = { - ExecStart = "${start-vm}/bin/start-vm"; - }; - }; } diff --git a/modules/wireguard-client/default.nix b/modules/wireguard-client/default.nix index 9a93f17..352aa40 100644 --- a/modules/wireguard-client/default.nix +++ b/modules/wireguard-client/default.nix @@ -2,16 +2,17 @@ config, vpn, ... -}: { - imports = [../wireguard-common]; +}: +{ + imports = [ ../wireguard-common ]; networking.wireguard.interfaces.wg0 = { mtu = 1200; - ips = ["${vpn.${config.networking.hostName}.ip}/32"]; + ips = [ "${vpn.${config.networking.hostName}.ip}/32" ]; peers = [ { publicKey = vpn.sisko.publicKey; - allowedIPs = ["10.100.0.0/24"]; + allowedIPs = [ "10.100.0.0/24" ]; endpoint = "vpn.aciceri.dev:51820"; persistentKeepalive = 25; } diff --git a/modules/wireguard-common/default.nix b/modules/wireguard-common/default.nix index 9ebfc78..ad50ad8 100644 --- a/modules/wireguard-common/default.nix +++ b/modules/wireguard-common/default.nix @@ -3,7 +3,8 @@ config, vpn, ... -}: { +}: +{ networking.firewall.interfaces.wg0 = { allowedUDPPortRanges = [ { @@ -24,11 +25,8 @@ listenPort = 51820; }; - networking.hosts = - lib.mapAttrs' - (hostname: vpnConfig: { - name = vpnConfig.ip; - value = ["${hostname}.fleet"]; - }) - vpn; + networking.hosts = lib.mapAttrs' (hostname: vpnConfig: { + name = vpnConfig.ip; + value = [ "${hostname}.fleet" ]; + }) vpn; } diff --git a/modules/wireguard-server/default.nix b/modules/wireguard-server/default.nix index 7c4b7c7..27c8a8a 100644 --- a/modules/wireguard-server/default.nix +++ b/modules/wireguard-server/default.nix @@ -3,20 +3,19 @@ lib, vpn, ... -}: { - imports = [../wireguard-common]; +}: +{ + imports = [ ../wireguard-common ]; networking.nat.enable = true; - networking.firewall.allowedUDPPorts = [config.networking.wireguard.interfaces.wg0.listenPort]; # FIXME move this to wireguard-server + networking.firewall.allowedUDPPorts = [ config.networking.wireguard.interfaces.wg0.listenPort ]; # FIXME move this to wireguard-server networking.wireguard.interfaces.wg0 = { - ips = ["${vpn.${config.networking.hostName}.ip}/24"]; - peers = - lib.mapAttrsToList (hostname: vpnConfig: { - publicKey = vpnConfig.publicKey; - allowedIPs = ["${vpnConfig.ip}/32"]; - }) - vpn; + ips = [ "${vpn.${config.networking.hostName}.ip}/24" ]; + peers = lib.mapAttrsToList (_hostname: vpnConfig: { + publicKey = vpnConfig.publicKey; + allowedIPs = [ "${vpnConfig.ip}/32" ]; + }) vpn; }; } diff --git a/modules/xdg/default.nix b/modules/xdg/default.nix index 5631915..0a07d40 100644 --- a/modules/xdg/default.nix +++ b/modules/xdg/default.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ xdg = { portal = { enable = true; diff --git a/packages/default.nix b/packages/default.nix index 9aedeba..ace7ede 100644 --- a/packages/default.nix +++ b/packages/default.nix @@ -4,16 +4,18 @@ config, self, ... -}: { +}: +{ options.fleet = { - overlays = let - overlayType = lib.mkOptionType { - name = "nixpkgs-overlay"; - description = "nixpkgs overlay"; - check = lib.isFunction; - merge = lib.mergeOneOption; - }; - in + overlays = + let + overlayType = lib.mkOptionType { + name = "nixpkgs-overlay"; + description = "nixpkgs overlay"; + check = lib.isFunction; + merge = lib.mergeOneOption; + }; + in lib.mkOption { description = "Nixpkgs overlays to apply at flake level (not in hosts)"; type = lib.types.listOf overlayType; @@ -30,27 +32,25 @@ description = "Packages that are broken on a given system"; type = lib.types.attrsOf (lib.types.listOf lib.types.str); default = { - aarch64-linux = ["llm-workflow-engine"]; - x86_64-linux = []; + aarch64-linux = [ "llm-workflow-engine" ]; + x86_64-linux = [ ]; }; }; }; - config.perSystem = { - system, - lib, - pkgs, - ... - }: { - _module.args.pkgs = - lib.foldl - (legacyPackages: legacyPackages.extend) - inputs.nixpkgs.legacyPackages.${system} - config.fleet.overlays; + config.perSystem = + { + system, + lib, + pkgs, + ... + }: + { + _module.args.pkgs = lib.foldl ( + legacyPackages: legacyPackages.extend + ) inputs.nixpkgs.legacyPackages.${system} config.fleet.overlays; - packages = - builtins.removeAttrs - (lib.mapAttrs' + packages = builtins.removeAttrs (lib.mapAttrs' (name: value: { inherit name; value = pkgs.callPackage "${self}/packages/${name}" { @@ -60,9 +60,7 @@ packagePath = "packages/${name}"; }; }) - (lib.filterAttrs - (_: type: type == "directory") - (builtins.readDir "${self}/packages"))) - config.fleet.brokenPackages.${system}; - }; + (lib.filterAttrs (_: type: type == "directory") (builtins.readDir "${self}/packages")) + ) config.fleet.brokenPackages.${system}; + }; } diff --git a/packages/deploy/default.nix b/packages/deploy/default.nix index e7cfd57..058993b 100644 --- a/packages/deploy/default.nix +++ b/packages/deploy/default.nix @@ -6,5 +6,5 @@ writeShellApplication { name = "deploy"; text = builtins.readFile ./deploy.sh; - runtimeInputs = [nixos-rebuild]; + runtimeInputs = [ nixos-rebuild ]; } diff --git a/packages/garmin-collector/default.nix b/packages/garmin-collector/default.nix index 2e19330..8f911a4 100644 --- a/packages/garmin-collector/default.nix +++ b/packages/garmin-collector/default.nix @@ -8,5 +8,5 @@ writers.writePython3Bin "garmin-collector" { prometheus-client garminconnect ]; - flakeIgnore = ["E501"]; + flakeIgnore = [ "E501" ]; } (builtins.readFile ./garmin-collector.py) diff --git a/packages/llm-workflow-engine/default.nix b/packages/llm-workflow-engine/default.nix index 486eded..307d133 100644 --- a/packages/llm-workflow-engine/default.nix +++ b/packages/llm-workflow-engine/default.nix @@ -5,60 +5,63 @@ packagePath, fetchFromGitHub, ... -}: let +}: +let src = fetchFromGitHub { owner = "llm-workflow-engine"; repo = "llm-workflow-engine"; rev = "v0.18.10"; hash = "sha256-q9tCPQvGtufSL+E0h5gB0pA1CaKB9nUL1Hf5cmImZz8"; }; - module = { - config, - lib, - dream2nix, - ... - }: { - imports = [ - dream2nix.modules.dream2nix.pip - ]; - - name = "llm-workflow-engine"; - version = "0.18.10"; - - paths = { - inherit projectRoot; - package = packagePath; - }; - - mkDerivation = { - src = src; - propagatedBuildInputs = [ - config.pip.drvs.setuptools.public + module = + { + config, + lib, + dream2nix, + ... + }: + { + imports = [ + dream2nix.modules.dream2nix.pip ]; - }; - buildPythonPackage = { - format = lib.mkForce "pyproject"; - pythonImportsCheck = [ - "lwe" - ]; - catchConflicts = false; - }; + name = "llm-workflow-engine"; + version = "0.18.10"; - pip = { - pypiSnapshotDate = "2024-04-25"; - requirementsFiles = [ - "${src}/requirements.txt" - ]; - requirementsList = [ - "setuptools" - ]; - flattenDependencies = true; + paths = { + inherit projectRoot; + package = packagePath; + }; + + mkDerivation = { + src = src; + propagatedBuildInputs = [ + config.pip.drvs.setuptools.public + ]; + }; + + buildPythonPackage = { + format = lib.mkForce "pyproject"; + pythonImportsCheck = [ + "lwe" + ]; + catchConflicts = false; + }; + + pip = { + pypiSnapshotDate = "2024-04-25"; + requirementsFiles = [ + "${src}/requirements.txt" + ]; + requirementsList = [ + "setuptools" + ]; + flattenDependencies = true; + }; }; - }; in - dream2nix.lib.evalModules { - specialArgs.dream2nix = dream2nix; - packageSets.nixpkgs = pkgs; - modules = [module]; - } +dream2nix.lib.evalModules { + specialArgs.dream2nix = dream2nix; + packageSets.nixpkgs = pkgs; + modules = [ module ]; +} diff --git a/packages/spotify-adblocked/default.nix b/packages/spotify-adblocked/default.nix index 18cb8c5..94df5c9 100644 --- a/packages/spotify-adblocked/default.nix +++ b/packages/spotify-adblocked/default.nix @@ -4,7 +4,8 @@ fetchFromGitHub, zip, unzip, -}: let +}: +let spotify-adblock = rustPlatform.buildRustPackage { pname = "spotify-adblock"; version = "1.0.3"; @@ -33,21 +34,22 @@ ''; }; in - spotify.overrideAttrs ( - old: { - buildInputs = (old.buildInputs or []) ++ [zip unzip]; - postInstall = - (old.postInstall or "") - + '' - ln -s ${spotify-adblock}/lib/libspotifyadblock.so $libdir - sed -i "s:^Name=Spotify.*:Name=Spotify-adblock:" "$out/share/spotify/spotify.desktop" - wrapProgram $out/bin/spotify \ - --set LD_PRELOAD "${spotify-adblock}/lib/libspotifyadblock.so" +spotify.overrideAttrs (old: { + buildInputs = (old.buildInputs or [ ]) ++ [ + zip + unzip + ]; + postInstall = + (old.postInstall or "") + + '' + ln -s ${spotify-adblock}/lib/libspotifyadblock.so $libdir + sed -i "s:^Name=Spotify.*:Name=Spotify-adblock:" "$out/share/spotify/spotify.desktop" + wrapProgram $out/bin/spotify \ + --set LD_PRELOAD "${spotify-adblock}/lib/libspotifyadblock.so" - # Hide placeholder for advert banner - ${unzip}/bin/unzip -p $out/share/spotify/Apps/xpui.spa xpui.js | sed 's/adsEnabled:\!0/adsEnabled:false/' > $out/share/spotify/Apps/xpui.js - ${zip}/bin/zip --junk-paths --update $out/share/spotify/Apps/xpui.spa $out/share/spotify/Apps/xpui.js - rm $out/share/spotify/Apps/xpui.js - ''; - } - ) + # Hide placeholder for advert banner + ${unzip}/bin/unzip -p $out/share/spotify/Apps/xpui.spa xpui.js | sed 's/adsEnabled:\!0/adsEnabled:false/' > $out/share/spotify/Apps/xpui.js + ${zip}/bin/zip --junk-paths --update $out/share/spotify/Apps/xpui.spa $out/share/spotify/Apps/xpui.js + rm $out/share/spotify/Apps/xpui.js + ''; +}) diff --git a/secrets/secrets.nix b/secrets/secrets.nix index b41e70e..e5e95f4 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -1,39 +1,186 @@ let keys = (import ../lib).keys; in - with keys.hosts; - with keys.users; { - "cachix-personal-token.age".publicKeys = [ccr-ssh ccr-gpg mothership kirk sisko pbp picard]; - "magit-forge-github-token.age".publicKeys = [ccr-ssh ccr-gpg mothership kirk]; - "git-workspace-tokens.age".publicKeys = [ccr-ssh ccr-gpg mothership kirk picard]; - "hydra-admin-password.age".publicKeys = [ccr-ssh ccr-gpg mothership]; - "hydra-github-token.age".publicKeys = [ccr-ssh ccr-gpg mothership]; - "cache-private-key.age".publicKeys = [ccr-ssh ccr-gpg mothership]; - "autistici-password.age".publicKeys = [ccr-ssh ccr-gpg kirk picard sisko]; - "hercules-ci-join-token.age".publicKeys = [ccr-ssh ccr-gpg mothership sisko picard]; - "hercules-ci-binary-caches.age".publicKeys = [ccr-ssh ccr-gpg mothership sisko picard]; - "hercules-ci-secrets-json.age".publicKeys = [ccr-ssh ccr-gpg mothership sisko picard]; - "minio-credentials.age".publicKeys = [ccr-ssh ccr-gpg picard sisko]; - "aws-credentials.age".publicKeys = [ccr-ssh ccr-gpg picard sisko]; - "nextcloud-admin-pass.age".publicKeys = [ccr-ssh ccr-gpg sisko]; - "home-planimetry.age".publicKeys = [ccr-ssh ccr-gpg sisko]; - "home-assistant-token.age".publicKeys = [ccr-ssh ccr-gpg sisko]; - "chatgpt-token.age".publicKeys = [ccr-ssh ccr-gpg kirk mothership picard deltaflyer]; - "cloudflare-dyndns-api-token.age".publicKeys = [ccr-ssh ccr-gpg sisko]; - "restic-hetzner-password.age".publicKeys = [ccr-ssh ccr-gpg picard sisko kirk]; - "hass-ssh-key.age".publicKeys = [ccr-ssh ccr-gpg sisko]; - "grafana-password.age".publicKeys = [ccr-ssh ccr-gpg sisko]; - "matrix-registration-shared-secret.age".publicKeys = [ccr-ssh ccr-gpg sisko]; - "matrix-sliding-sync-secret.age".publicKeys = [ccr-ssh ccr-gpg sisko]; - "forgejo-runners-token.age".publicKeys = [ccr-ssh ccr-gpg picard]; - "forgejo-nix-access-tokens.age".publicKeys = [ccr-ssh ccr-gpg picard]; - "garmin-collector-environment.age".publicKeys = [ccr-ssh ccr-gpg sisko]; - "hetzner-storage-box-sisko-ssh-password.age".publicKeys = [ccr-ssh ccr-gpg sisko]; - "sisko-restic-password.age".publicKeys = [ccr-ssh ccr-gpg sisko]; +with keys.hosts; +with keys.users; +{ + "cachix-personal-token.age".publicKeys = [ + ccr-ssh + ccr-gpg + mothership + kirk + sisko + pbp + picard + ]; + "magit-forge-github-token.age".publicKeys = [ + ccr-ssh + ccr-gpg + mothership + kirk + ]; + "git-workspace-tokens.age".publicKeys = [ + ccr-ssh + ccr-gpg + mothership + kirk + picard + ]; + "hydra-admin-password.age".publicKeys = [ + ccr-ssh + ccr-gpg + mothership + ]; + "hydra-github-token.age".publicKeys = [ + ccr-ssh + ccr-gpg + mothership + ]; + "cache-private-key.age".publicKeys = [ + ccr-ssh + ccr-gpg + mothership + ]; + "autistici-password.age".publicKeys = [ + ccr-ssh + ccr-gpg + kirk + picard + sisko + ]; + "hercules-ci-join-token.age".publicKeys = [ + ccr-ssh + ccr-gpg + mothership + sisko + picard + ]; + "hercules-ci-binary-caches.age".publicKeys = [ + ccr-ssh + ccr-gpg + mothership + sisko + picard + ]; + "hercules-ci-secrets-json.age".publicKeys = [ + ccr-ssh + ccr-gpg + mothership + sisko + picard + ]; + "minio-credentials.age".publicKeys = [ + ccr-ssh + ccr-gpg + picard + sisko + ]; + "aws-credentials.age".publicKeys = [ + ccr-ssh + ccr-gpg + picard + sisko + ]; + "nextcloud-admin-pass.age".publicKeys = [ + ccr-ssh + ccr-gpg + sisko + ]; + "home-planimetry.age".publicKeys = [ + ccr-ssh + ccr-gpg + sisko + ]; + "home-assistant-token.age".publicKeys = [ + ccr-ssh + ccr-gpg + sisko + ]; + "chatgpt-token.age".publicKeys = [ + ccr-ssh + ccr-gpg + kirk + mothership + picard + deltaflyer + ]; + "cloudflare-dyndns-api-token.age".publicKeys = [ + ccr-ssh + ccr-gpg + sisko + ]; + "restic-hetzner-password.age".publicKeys = [ + ccr-ssh + ccr-gpg + picard + sisko + kirk + ]; + "hass-ssh-key.age".publicKeys = [ + ccr-ssh + ccr-gpg + sisko + ]; + "grafana-password.age".publicKeys = [ + ccr-ssh + ccr-gpg + sisko + ]; + "matrix-registration-shared-secret.age".publicKeys = [ + ccr-ssh + ccr-gpg + sisko + ]; + "matrix-sliding-sync-secret.age".publicKeys = [ + ccr-ssh + ccr-gpg + sisko + ]; + "forgejo-runners-token.age".publicKeys = [ + ccr-ssh + ccr-gpg + picard + ]; + "forgejo-nix-access-tokens.age".publicKeys = [ + ccr-ssh + ccr-gpg + picard + ]; + "garmin-collector-environment.age".publicKeys = [ + ccr-ssh + ccr-gpg + sisko + ]; + "hetzner-storage-box-sisko-ssh-password.age".publicKeys = [ + ccr-ssh + ccr-gpg + sisko + ]; + "sisko-restic-password.age".publicKeys = [ + ccr-ssh + ccr-gpg + sisko + ]; - # WireGuard - "picard-wireguard-private-key.age".publicKeys = [ccr-ssh ccr-gpg picard]; - "sisko-wireguard-private-key.age".publicKeys = [ccr-ssh ccr-gpg sisko]; - "kirk-wireguard-private-key.age".publicKeys = [ccr-ssh ccr-gpg kirk]; - "deltaflyer-wireguard-private-key.age".publicKeys = [ccr-ssh ccr-gpg deltaflyer]; - } + # WireGuard + "picard-wireguard-private-key.age".publicKeys = [ + ccr-ssh + ccr-gpg + picard + ]; + "sisko-wireguard-private-key.age".publicKeys = [ + ccr-ssh + ccr-gpg + sisko + ]; + "kirk-wireguard-private-key.age".publicKeys = [ + ccr-ssh + ccr-gpg + kirk + ]; + "deltaflyer-wireguard-private-key.age".publicKeys = [ + ccr-ssh + ccr-gpg + deltaflyer + ]; +} diff --git a/shell/default.nix b/shell/default.nix index 38c8fc6..4bb67b2 100644 --- a/shell/default.nix +++ b/shell/default.nix @@ -1,23 +1,25 @@ { - perSystem = { pkgs, config, ... }: { - devShells.default = pkgs.mkShell { - name = "fleet-shell"; - buildInputs = with pkgs; [ - git - agenix - age - deadnix - statix - alejandra - disko - deploy - colmena - nixos-anywhere - ]; - shellHook = '' - export RULES="$(git rev-parse --show-toplevel)/secrets/secrets.nix"; - ${config.pre-commit.installationScript} - ''; + perSystem = + { pkgs, config, ... }: + { + devShells.default = pkgs.mkShell { + name = "fleet-shell"; + buildInputs = with pkgs; [ + git + agenix + age + deadnix + statix + alejandra + disko + deploy + colmena + nixos-anywhere + ]; + shellHook = '' + export RULES="$(git rev-parse --show-toplevel)/secrets/secrets.nix"; + ${config.pre-commit.installationScript} + ''; + }; }; - }; }