diff --git a/checks/default.nix b/checks/default.nix index d4de7c0..38df4ee 100644 --- a/checks/default.nix +++ b/checks/default.nix @@ -3,40 +3,33 @@ self, lib, ... -}: -{ +}: { imports = [ inputs.treefmt-nix.flakeModule - inputs.git-hooks-nix.flakeModule + inputs.pre-commit-hooks.flakeModule ]; - perSystem = - { ... }: - { - treefmt.config = { - projectRootFile = ".git/config"; - programs = { - nixfmt-rfc-style.enable = true; - deadnix.enable = true; - }; - }; - - pre-commit.settings.hooks = { - nixfmt-rfc-style.enable = true; - deadnix.enable = true; - }; + perSystem = _: { + treefmt.config = { + projectRootFile = ".git/config"; + programs.alejandra.enable = true; }; - flake.checks = - let - build = _: nc: nc.config.system.build.toplevel; - in - { - x86_64-linux = lib.mapAttrs build { - inherit (self.nixosConfigurations) picard; - }; - aarch64-linux = lib.mapAttrs build { - inherit (self.nixosConfigurations) sisko; # pbp; - }; + pre-commit.settings.hooks = { + alejandra.enable = true; + # deadnix.enable = true; + # statix.enable = true; }; + }; + + flake.checks = let + build = _: nc: nc.config.system.build.toplevel; + in { + x86_64-linux = lib.mapAttrs build { + inherit (self.nixosConfigurations) picard; + }; + aarch64-linux = lib.mapAttrs build { + inherit (self.nixosConfigurations) sisko; #pbp; + }; + }; } diff --git a/flake.lock b/flake.lock index 178d317..96c7b05 100644 --- a/flake.lock +++ b/flake.lock @@ -50,11 +50,11 @@ ] }, "locked": { - "lastModified": 1726775926, - "narHash": "sha256-5zShvCy9S4tuISFjNSjb+TWpPtORqPbRZ0XwbLbPLho=", + "lastModified": 1726730453, + "narHash": "sha256-Kdi7liMdbr1/uyMhMDl19O5b9LESxcnYgBRZblrJi9E=", "owner": "nix-community", "repo": "disko", - "rev": "624fd86460e482017ed9c3c3c55a3758c06a4e7f", + "rev": "a31fe5ef162f2f963308289e6e27d37e3948a983", "type": "github" }, "original": { @@ -241,33 +241,10 @@ "type": "github" } }, - "git-hooks-nix": { - "inputs": { - "flake-compat": "flake-compat", - "gitignore": "gitignore", - "nixpkgs": [ - "nixpkgs" - ], - "nixpkgs-stable": "nixpkgs-stable" - }, - "locked": { - "lastModified": 1726745158, - "narHash": "sha256-D5AegvGoEjt4rkKedmxlSEmC+nNLMBPWFxvmYnVLhjk=", - "owner": "cachix", - "repo": "git-hooks.nix", - "rev": "4e743a6920eab45e8ba0fbe49dc459f1423a4b74", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "git-hooks.nix", - "type": "github" - } - }, "gitignore": { "inputs": { "nixpkgs": [ - "git-hooks-nix", + "pre-commit-hooks", "nixpkgs" ] }, @@ -353,11 +330,11 @@ ] }, "locked": { - "lastModified": 1726823634, - "narHash": "sha256-rU8Yy62KSLU8Q2J64F+50OJKORNdogxbXl2w4rFw13o=", + "lastModified": 1726745512, + "narHash": "sha256-9xY9UEKC7gsA4sj5cZvZXk5jT/p2wGtkpp8hqE9yIRA=", "owner": "nix-community", "repo": "home-manager", - "rev": "4803bf558bdf20cb067aceb8830b7ad70113f4e3", + "rev": "7578176649a08abb73dfbd2755a5988766952b53", "type": "github" }, "original": { @@ -761,11 +738,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1726836432, - "narHash": "sha256-fk9P0RY2m7r3vAqqSRaR/MZoQJo6yg6vuv4h7D1I2/8=", + "lastModified": 1726757509, + "narHash": "sha256-3/2rV78QyC/OPu+WzimbElmSdD3HsQq/P/TLcFQHjZQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b3e9ef326d3d60dd97c262c6d16cc255175d4902", + "rev": "78fdf431cdf6bc4ba4af9c100aaeda65da7e4ed3", "type": "github" }, "original": { @@ -874,6 +851,29 @@ "type": "gitlab" } }, + "pre-commit-hooks": { + "inputs": { + "flake-compat": "flake-compat", + "gitignore": "gitignore", + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1726745158, + "narHash": "sha256-D5AegvGoEjt4rkKedmxlSEmC+nNLMBPWFxvmYnVLhjk=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "4e743a6920eab45e8ba0fbe49dc459f1423a4b74", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, "purescript-overlay": { "inputs": { "nixpkgs": [ @@ -944,7 +944,6 @@ "disko": "disko", "dream2nix": "dream2nix", "flakeParts": "flakeParts", - "git-hooks-nix": "git-hooks-nix", "homeManager": "homeManager", "homeManagerGitWorkspace": "homeManagerGitWorkspace", "impermanence": "impermanence", @@ -956,6 +955,7 @@ "nixThePlanet": "nixThePlanet", "nixosHardware": "nixosHardware", "nixpkgs": "nixpkgs_5", + "pre-commit-hooks": "pre-commit-hooks", "rock5b": "rock5b", "treefmt-nix": "treefmt-nix_2", "vscode-server": "vscode-server" diff --git a/flake.nix b/flake.nix index d4bf146..638d2af 100644 --- a/flake.nix +++ b/flake.nix @@ -20,8 +20,8 @@ url = "github:nix-community/disko"; inputs.nixpkgs.follows = "nixpkgs"; }; - git-hooks-nix = { - url = "github:cachix/git-hooks.nix"; + pre-commit-hooks = { + url = "github:cachix/pre-commit-hooks.nix"; inputs.nixpkgs.follows = "nixpkgs"; }; agenix.url = "github:ryantm/agenix"; @@ -57,9 +57,8 @@ vscode-server.url = "github:nix-community/nixos-vscode-server"; }; - outputs = - inputs@{ flakeParts, ... }: - flakeParts.lib.mkFlake { inherit inputs; } { + outputs = inputs @ {flakeParts, ...}: + flakeParts.lib.mkFlake {inherit inputs;} { imports = [ # TODO export modules as flake outputs # ./modules @@ -69,9 +68,6 @@ ./shell ./checks ]; - systems = [ - "x86_64-linux" - "aarch64-linux" - ]; + systems = ["x86_64-linux" "aarch64-linux"]; }; } diff --git a/hmModules/aerc/default.nix b/hmModules/aerc/default.nix index 1c3c122..6c3e65b 100644 --- a/hmModules/aerc/default.nix +++ b/hmModules/aerc/default.nix @@ -1,5 +1,5 @@ { - imports = [ ../email ]; + imports = [../email]; config = { accounts.email.accounts = { autistici.aerc = { diff --git a/hmModules/binance/default.nix b/hmModules/binance/default.nix index 07c6759..c0aa5d2 100644 --- a/hmModules/binance/default.nix +++ b/hmModules/binance/default.nix @@ -1,4 +1,3 @@ -{ pkgs, ... }: -{ - home.packages = [ pkgs.binance ]; +{pkgs, ...}: { + home.packages = [pkgs.binance]; } diff --git a/hmModules/btop/default.nix b/hmModules/btop/default.nix index d3568da..08fc3a7 100644 --- a/hmModules/btop/default.nix +++ b/hmModules/btop/default.nix @@ -1,21 +1,18 @@ -{ pkgs, ... }: -{ +{pkgs, ...}: { programs.btop = { enable = true; settings = { update_ms = 100; theme_background = false; # color_theme = "${config.programs.btop.package}/share/btop/themes/dracula.theme"; - color_theme = - let - catppuccin-theme = pkgs.fetchFromGitHub { - owner = "catppuccin"; - repo = "btop"; - rev = "21b8d5956a8b07fa52519e3267fb3a2d2e693d17"; - hash = "sha256-UXeTypc15MhjgGUiCrDUZ40m32yH2o1N+rcrEgY6sME="; - }; - in - "${catppuccin-theme}/themes/catppuccin_mocha.theme"; + color_theme = let + catppuccin-theme = pkgs.fetchFromGitHub { + owner = "catppuccin"; + repo = "btop"; + rev = "21b8d5956a8b07fa52519e3267fb3a2d2e693d17"; + hash = "sha256-UXeTypc15MhjgGUiCrDUZ40m32yH2o1N+rcrEgY6sME="; + }; + in "${catppuccin-theme}/themes/catppuccin_mocha.theme"; }; }; } diff --git a/hmModules/calibre/default.nix b/hmModules/calibre/default.nix index b2fd97a..dca9687 100644 --- a/hmModules/calibre/default.nix +++ b/hmModules/calibre/default.nix @@ -1,4 +1,3 @@ -{ pkgs, ... }: -{ - home.packages = [ pkgs.calibre ]; +{pkgs, ...}: { + home.packages = [pkgs.calibre]; } diff --git a/hmModules/chrome/default.nix b/hmModules/chrome/default.nix index 595c255..f90f3ce 100644 --- a/hmModules/chrome/default.nix +++ b/hmModules/chrome/default.nix @@ -1,5 +1,4 @@ -{ pkgs, ... }: -{ +{pkgs, ...}: { programs.chromium = { enable = true; package = pkgs.google-chrome; diff --git a/hmModules/cura/default.nix b/hmModules/cura/default.nix index 7b530f3..32a1c64 100644 --- a/hmModules/cura/default.nix +++ b/hmModules/cura/default.nix @@ -1,17 +1,15 @@ -{ pkgs, ... }: -{ +{pkgs, ...}: { home.packages = [ - ( - let - cura5 = pkgs.appimageTools.wrapType2 rec { - name = "cura5"; - version = "5.8.0"; - src = pkgs.fetchurl { - url = "https://github.com/Ultimaker/Cura/releases/download/${version}/UltiMaker-Cura-${version}-linux-X64.AppImage"; - hash = "sha256-EojVAe+o43W80ES5BY3QgGRTxztwS+B6kIOfJOtULOg="; - }; + (let + cura5 = pkgs.appimageTools.wrapType2 rec { + name = "cura5"; + version = "5.8.0"; + src = pkgs.fetchurl { + url = "https://github.com/Ultimaker/Cura/releases/download/${version}/UltiMaker-Cura-${version}-linux-X64.AppImage"; + hash = "sha256-EojVAe+o43W80ES5BY3QgGRTxztwS+B6kIOfJOtULOg="; }; - in + }; + in pkgs.writeScriptBin "cura" '' #! ${pkgs.bash}/bin/bash # AppImage version of Cura loses current working directory and treats all paths relateive to $HOME. @@ -25,7 +23,6 @@ args+=("$a") done QT_QPA_PLATFORM=xcb exec "${cura5}/bin/cura5" "''${args[@]}" - '' - ) + '') ]; } diff --git a/hmModules/digikam/default.nix b/hmModules/digikam/default.nix index a2f5b1e..928dde1 100644 --- a/hmModules/digikam/default.nix +++ b/hmModules/digikam/default.nix @@ -1,4 +1,3 @@ -{ pkgs, ... }: -{ - home.packages = [ pkgs.digikam ]; +{pkgs, ...}: { + home.packages = [pkgs.digikam]; } diff --git a/hmModules/discord/default.nix b/hmModules/discord/default.nix index 90f6d31..2dde8bf 100644 --- a/hmModules/discord/default.nix +++ b/hmModules/discord/default.nix @@ -1,6 +1,5 @@ -{ pkgs, ... }: -{ - home.packages = [ pkgs.discord ]; +{pkgs, ...}: { + home.packages = [pkgs.discord]; home.file.".config/discord/settings.json".text = builtins.toJSON { SKIP_HOST_UPDATE = true; }; diff --git a/hmModules/dolphin/default.nix b/hmModules/dolphin/default.nix index 0b68c57..e24cc30 100644 --- a/hmModules/dolphin/default.nix +++ b/hmModules/dolphin/default.nix @@ -1,4 +1,3 @@ -{ pkgs, ... }: -{ - home.packages = [ pkgs.dolphin-emu ]; +{pkgs, ...}: { + home.packages = [pkgs.dolphin-emu]; } diff --git a/hmModules/element/default.nix b/hmModules/element/default.nix index 34266c3..e0f4282 100644 --- a/hmModules/element/default.nix +++ b/hmModules/element/default.nix @@ -1,14 +1,13 @@ -{ pkgs, ... }: -{ +{pkgs, ...}: { # home.packages = [pkgs.schildichat-desktop]; - home.packages = [ pkgs.element-desktop-wayland ]; + home.packages = [pkgs.element-desktop-wayland]; systemd.user.services.element-desktop = { - Install.WantedBy = [ "graphical-session.target" ]; + Install.WantedBy = ["graphical-session.target"]; Unit = { Description = "Element"; - PartOf = [ "graphical-session.target" ]; + PartOf = ["graphical-session.target"]; }; Service = { diff --git a/hmModules/emacs/default.nix b/hmModules/emacs/default.nix index 98463cc..69d5607 100644 --- a/hmModules/emacs/default.nix +++ b/hmModules/emacs/default.nix @@ -1,9 +1,9 @@ { lib, age, + pkgs, ... -}: -{ +}: { ccrEmacs.enable = true; home.sessionVariables.EDITOR = lib.mkForce "emacsclient"; systemd.user.services.emacs.Service.EnvironmentFile = age.secrets.chatgpt-token.path; diff --git a/hmModules/email/default.nix b/hmModules/email/default.nix index 648bbc8..dd02c0c 100644 --- a/hmModules/email/default.nix +++ b/hmModules/email/default.nix @@ -2,25 +2,22 @@ pkgs, secrets, ... -}: -{ +}: { programs.mbsync.enable = true; programs.msmtp.enable = true; services.mbsync.enable = true; - home.file.".config/aerc/stylesets" = - let - catppuccin-aerc = pkgs.fetchFromGitHub { - owner = "catppuccin"; - repo = "aerc"; - rev = "ca404a9f2d125ef12db40db663d43c9d94116a05"; - hash = "sha256-OWIkHsKFts/zkrDUtbBPXHVSrHL/F0v3LB1rnlFAKmE="; - }; - in - { - source = "${catppuccin-aerc}/dist"; - recursive = true; + home.file.".config/aerc/stylesets" = let + catppuccin-aerc = pkgs.fetchFromGitHub { + owner = "catppuccin"; + repo = "aerc"; + rev = "ca404a9f2d125ef12db40db663d43c9d94116a05"; + hash = "sha256-OWIkHsKFts/zkrDUtbBPXHVSrHL/F0v3LB1rnlFAKmE="; }; + in { + source = "${catppuccin-aerc}/dist"; + recursive = true; + }; programs.aerc = { enable = true; @@ -84,9 +81,7 @@ "" = ":clear"; }; - "messages:folder=Drafts" = { - "" = ":recall"; - }; + "messages:folder=Drafts" = {"" = ":recall";}; view = { "/" = ":toggle-key-passthrough/"; @@ -169,12 +164,8 @@ border-char-vertical = "┃"; border-char-horizontal = "━"; }; - viewer = { - always-show-mime = true; - }; - compose = { - no-attachment-warning = "^[^>]*attach(ed|ment)"; - }; + viewer = {always-show-mime = true;}; + compose = {no-attachment-warning = "^[^>]*attach(ed|ment)";}; triggers = { email-received = ''exec notify-send "New email from %n" "%s"''; }; diff --git a/hmModules/firefox/default.nix b/hmModules/firefox/default.nix index f6ae31e..954dbc3 100644 --- a/hmModules/firefox/default.nix +++ b/hmModules/firefox/default.nix @@ -2,15 +2,14 @@ pkgs, username, ... -}: -{ +}: { programs.firefox = { enable = true; package = pkgs.wrapFirefox pkgs.firefox-unwrapped { extraPolicies = { - ExtensionSettings = { }; + ExtensionSettings = {}; }; - nativeMessagingHosts = [ pkgs.tridactyl-native ]; + nativeMessagingHosts = [pkgs.tridactyl-native]; }; profiles.${username} = { settings = { diff --git a/hmModules/foot/default.nix b/hmModules/foot/default.nix index 620e385..a40f2a5 100644 --- a/hmModules/foot/default.nix +++ b/hmModules/foot/default.nix @@ -6,54 +6,51 @@ }: lib.mkMerge [ { - programs.foot = - let - catppuccin = pkgs.fetchFromGitHub { - owner = "catppuccin"; - repo = "foot"; - rev = "307611230661b7b1787feb7f9d122e851bae97e9"; - hash = "sha256-mkPYHDJtfdfDnqLr1YOjaBpn4lCceok36LrnkUkNIE4="; + programs.foot = let + catppuccin = pkgs.fetchFromGitHub { + owner = "catppuccin"; + repo = "foot"; + rev = "307611230661b7b1787feb7f9d122e851bae97e9"; + hash = "sha256-mkPYHDJtfdfDnqLr1YOjaBpn4lCceok36LrnkUkNIE4="; + }; + in { + enable = true; + server.enable = true; + settings = { + main = { + term = "xterm-256color"; + login-shell = "yes"; + dpi-aware = "no"; + horizontal-letter-offset = "1"; + include = "${catppuccin}/themes/catppuccin-mocha.ini"; + font = let + size = "13"; + in + lib.concatStringsSep ", " [ + "Iosevka Comfy:size=${size}" + "Symbols Nerd Font:size=${size}" + "JoyPixels:size=${size}" + ]; + }; + cursor = { + blink = true; + }; + tweak = { + overflowing-glyphs = true; }; - in - { - enable = true; - server.enable = true; - settings = { - main = { - term = "xterm-256color"; - login-shell = "yes"; - dpi-aware = "no"; - horizontal-letter-offset = "1"; - include = "${catppuccin}/themes/catppuccin-mocha.ini"; - font = - let - size = "13"; - in - lib.concatStringsSep ", " [ - "Iosevka Comfy:size=${size}" - "Symbols Nerd Font:size=${size}" - "JoyPixels:size=${size}" - ]; - }; - cursor = { - blink = true; - }; - tweak = { - overflowing-glyphs = true; - }; - key-bindings = { - scrollback-up-page = "Control+Shift+k"; - scrollback-down-page = "Control+Shift+j"; - search-start = "Control+Shift+s"; - pipe-command-output = ''[sh -c 'f=$(mktemp); cat - > $f; footclient hx $f; rm $f'] Control+Shift+g''; - }; + key-bindings = { + scrollback-up-page = "Control+Shift+k"; + scrollback-down-page = "Control+Shift+j"; + search-start = "Control+Shift+s"; + pipe-command-output = ''[sh -c "f=$(mktemp); cat - > $f; footclient hx $f; rm $f"] Control+Shift+g''; + }; - mouse = { - hide-when-typing = "yes"; - }; + mouse = { + hide-when-typing = "yes"; }; }; + }; } (lib.mkIf config.programs.fish.enable { programs.fish.functions = { @@ -66,7 +63,7 @@ lib.mkMerge [ onEvent = "fish_preexec"; }; foot_cmd_end = { - body = ''echo -en "\e]133;D\e\\"''; + body = ''echo -en "\e]133;D\e\\''; onEvent = "fish_postexec"; }; }; diff --git a/hmModules/git-workspace/default.nix b/hmModules/git-workspace/default.nix index 25f37ca..ac8cc85 100644 --- a/hmModules/git-workspace/default.nix +++ b/hmModules/git-workspace/default.nix @@ -2,8 +2,7 @@ age, username, ... -}: -{ +}: { services.git-workspace = { enable = true; frequency = "04:00:00"; diff --git a/hmModules/git/default.nix b/hmModules/git/default.nix index fcec555..52786b2 100644 --- a/hmModules/git/default.nix +++ b/hmModules/git/default.nix @@ -2,18 +2,13 @@ pkgs, username, ... -}: -let +}: let config = { name = "Andrea Ciceri"; email = "andrea.ciceri@autistici.org"; }; -in -{ - imports = [ - ../gitui - ../lazygit - ]; +in { + imports = [../gitui ../lazygit]; programs.git = { enable = true; package = pkgs.gitAndTools.gitFull; diff --git a/hmModules/gnome-keyring/default.nix b/hmModules/gnome-keyring/default.nix index 9426154..b0135ff 100644 --- a/hmModules/gnome-keyring/default.nix +++ b/hmModules/gnome-keyring/default.nix @@ -1,9 +1,9 @@ { pkgs, lib, + config, ... -}: -{ +}: { services.gnome-keyring = { enable = false; # Is this broken? https://github.com/nix-community/home-manager/issues/1454 components = lib.mkForce [ @@ -12,7 +12,7 @@ ]; }; - home.packages = [ pkgs.gcr ]; # Needed in PATH + home.packages = [pkgs.gcr]; # Needed in PATH # Workaround wayland.windowManager.hyprland.extraConfig = '' diff --git a/hmModules/gpg/default.nix b/hmModules/gpg/default.nix index 469c27a..a28eb67 100644 --- a/hmModules/gpg/default.nix +++ b/hmModules/gpg/default.nix @@ -1,31 +1,25 @@ -{ pkgs, ... }: -{ +{pkgs, ...}: { services.gpg-agent = { enable = true; enableSshSupport = true; - sshKeys = [ "CE2FD0D9BECBD8876811714925066CC257413416" ]; - extraConfig = - let - pinentryRofi = pkgs.writeShellApplication { - name = "pinentry-rofi-with-env"; - runtimeInputs = with pkgs; [ - coreutils - rofi - ]; - text = '' - "${pkgs.pinentry-rofi}/bin/pinentry-rofi" "$@" - ''; - }; - in - '' - allow-emacs-pinentry - allow-loopback-pinentry - pinentry-program ${pinentryRofi}/bin/pinentry-rofi-with-env - ''; + sshKeys = ["CE2FD0D9BECBD8876811714925066CC257413416"]; + extraConfig = let + pinentryRofi = pkgs.writeShellApplication { + name = "pinentry-rofi-with-env"; + runtimeInputs = with pkgs; [coreutils rofi]; + text = '' + "${pkgs.pinentry-rofi}/bin/pinentry-rofi" "$@" + ''; + }; + in '' + allow-emacs-pinentry + allow-loopback-pinentry + pinentry-program ${pinentryRofi}/bin/pinentry-rofi-with-env + ''; }; programs.gpg = { enable = true; - settings = { }; + settings = {}; }; } diff --git a/hmModules/headless-hyprland/default.nix b/hmModules/headless-hyprland/default.nix index 44d7fdb..e15b20a 100644 --- a/hmModules/headless-hyprland/default.nix +++ b/hmModules/headless-hyprland/default.nix @@ -1,12 +1,11 @@ { + config, lib, ... -}: -let +}: let originalConfig = config.wayland.windowManager.hyprland.extraConfig; - config = builtins.replaceStrings [ "SUPER" ] [ "" ] originalConfig; -in -{ + config = builtins.replaceStrings ["SUPER"] [""] originalConfig; +in { systemd.user.services.headless-hyprland = { Unit.Description = "Headless Hyprland"; Service = { diff --git a/hmModules/helix/default.nix b/hmModules/helix/default.nix index 4e724e2..9a5010f 100644 --- a/hmModules/helix/default.nix +++ b/hmModules/helix/default.nix @@ -22,26 +22,26 @@ language = [ { name = "nix"; - language-servers = [ "nixd" ]; + language-servers = ["nixd"]; } { name = "markdown"; - language-servers = [ "zk" ]; + language-servers = ["zk"]; } { name = "typescript"; - language-servers = [ "vtsls" ]; + language-servers = ["vtsls"]; } ]; language-server = { nixd.command = "nixd"; vtsls = { command = "vtsls"; - args = [ "--stdio" ]; + args = ["--stdio"]; }; zk = { command = "zk"; - args = [ "lsp" ]; + args = ["lsp"]; }; }; }; diff --git a/hmModules/hyprland/default.nix b/hmModules/hyprland/default.nix index 646254c..6ea8431 100644 --- a/hmModules/hyprland/default.nix +++ b/hmModules/hyprland/default.nix @@ -1,17 +1,17 @@ { config, pkgs, + lib, ... -}: -let - screenshotScript = pkgs.writeShellScriptBin "screenshot.sh" '' +}: let + screenshotScript = pkgs.writeShellScript "screenshot.sh" '' filename="$HOME/shots/$(date --iso-8601=seconds).png" coords="$(${pkgs.slurp}/bin/slurp)" ${pkgs.grim}/bin/grim -t png -g "$coords" "$filename" wl-copy -t image/png < $filename ''; hyprland = config.wayland.windowManager.hyprland.package; - switchMonitorScript = pkgs.writeShellScriptBin "switch-monitor.sh" '' + switchMonitorScript = pkgs.writeShellScript "switch-monitor.sh" '' if [[ "$(${hyprland}/bin/hyprctl monitors) | grep '\sDP-[0-9]+'" ]]; then if [[ $1 == "open" ]]; then ${hyprland}/bin/hyprctl keyword monitor "eDP-1,1920x1080,3760x230,1" @@ -20,8 +20,7 @@ let fi fi ''; -in -{ +in { imports = [ ./hyprpaper.nix ../waybar @@ -33,15 +32,7 @@ in ../foot ]; - home.packages = with pkgs; [ - wl-clipboard - waypipe - switchMonitorScript - screenshotScript - hyprpaper - fuzzel - brightnessctl - ]; + home.packages = with pkgs; [wl-clipboard waypipe]; systemd.user.sessionVariables = { NIXOS_OZONE_WL = "1"; @@ -107,11 +98,133 @@ in wayland.windowManager.hyprland = { enable = true; - plugins = with pkgs.hyprlandPlugins; [ - hy3 - hyprspace - ]; - # TODO migrate to structured options - extraConfig = builtins.readFile ./hyprland.conf; + extraConfig = '' + cursor { + hide_on_key_press = true + enable_hyprcursor = true + zoom_rigid = true + } + + env = HYPRCURSOR_THEME,catppuccin-mocha-sapphire + env = HYPRCURSOR_SIZE,48 + env = XCURSOR_THEME,catppuccin-mocha-sapphire + env = XCURSOR_SIZE,48 + + $mod = SUPER + + input { + touchpad { + disable_while_typing = true # set to true while playing + } + } + + monitor = HDMI-A-1, 2560x1440, 0x0, 1 # picard + monitor = eDP-1, 1920x1080, 0x0, 1 # kirk + + bindl=,switch:off:Lid Switch,exec,${switchMonitorScript} open + bindl=,switch:on:Lid Switch,exec,${switchMonitorScript} close + + exec-once = ${pkgs.hyprpaper}/bin/hyprpaper + + windowrulev2 = tile, class:^(Spotify)$ + windowrulev2 = workspace 9, class:^(Spotify)$ + windowrulev2 = float, title:^(floating)$ + + bind = $mod, b, exec, firefox + bind = $mod, t, exec, footclient + bind = $mod, RETURN, exec, emacsclient -c --eval "(ccr/start-eshell)" + bind = $mod SHIFT, g, exec, emacsclient -c --eval "(ccr/start-chatgpt)" + bind = $mod, x, exec, emacsclient -c + bind = $mod SHIFT, n, exec, emacsclient --eval '(ccr/org-capture "n")' -c -F '((name . "floating"))' + bind = $mod SHIFT, w, exec, emacsclient --eval '(ccr/org-capture "j")' -c -F '((name . "floating"))' + bind = $mod, y, exec, ${pkgs.waypipe}/bin/waypipe --compress lz4=10 ssh picard.fleet emacsclient -c + bind = $mod, d, exec, ${pkgs.fuzzel}/bin/fuzzel --background-color=253559cc --border-radius=5 --border-width=0 + bind = $mod, s, exec, ${screenshotScript} + bind = , XF86MonBrightnessUp, exec, ${pkgs.brightnessctl}/bin/brightnessctl s +5% + bind = , XF86MonBrightnessDown, exec, ${pkgs.brightnessctl}/bin/brightnessctl s 5%- + bind = $mod, code:60, exec, ${pkgs.brightnessctl}/bin/brightnessctl s +5% + bind = $mod, code:59, exec, ${pkgs.brightnessctl}/bin/brightnessctl s 5%- + + bind = $mod SHIFT, t, togglegroup + bind = $mod, G, changegroupactive + bind = $mod SHIFT, q, killactive + bind = $mod SHIFT, f, fullscreen, 0 + bind = $mod SHIFT, e, exit + + bind = $mod, h, movefocus, l + bind = $mod, l, movefocus, r + bind = $mod, k, movefocus, u + bind = $mod, j, movefocus, d + + bind = $mod SHIFT, h, movewindow, l + bind = $mod SHIFT, l, movewindow, r + bind = $mod SHIFT, k, movewindow, u + bind = $mod SHIFT, j ,movewindow, d + + bind = $mod, p, movecurrentworkspacetomonitor, r + bind = $mod, o, movecurrentworkspacetomonitor, l + + bindm=ALT,mouse:272,movewindow + + bind = $mod, 1, workspace, 1 + bind = $mod, 2, workspace, 2 + bind = $mod, 3, workspace, 3 + bind = $mod, 4, workspace, 4 + bind = $mod, 5, workspace, 5 + bind = $mod, 6, workspace, 6 + bind = $mod, 7, workspace, 7 + bind = $mod, 8, workspace, 8 + bind = $mod, 9, workspace, 9 + bind = $mod, 0, workspace, 10 + + bind = $mod SHIFT, 1, movetoworkspace, 1 + bind = $mod SHIFT, 2, movetoworkspace, 2 + bind = $mod SHIFT, 3, movetoworkspace, 3 + bind = $mod SHIFT, 4, movetoworkspace, 4 + bind = $mod SHIFT, 5, movetoworkspace, 5 + bind = $mod SHIFT, 6, movetoworkspace, 6 + bind = $mod SHIFT, 7, movetoworkspace, 7 + bind = $mod SHIFT, 8, movetoworkspace, 8 + bind = $mod SHIFT, 9, movetoworkspace, 9 + bind = $mod SHIFT, 0, movetoworkspace, 10 + + general { + gaps_in = 0 + gaps_out = 0 + border_size = 1 + col.active_border = rgba(AF8D61FF) rgba(CEB153FF) rgba(7B8387FF) 45deg + col.inactive_border = rgba(AF8D6166) + } + + decoration { + # See https://wiki.hyprland.org/Configuring/Variables/ for more + + rounding = 2 + # blur = true + # blur_size = 8 + # blur_passes = 1 + # blur_new_optimizations = true + + drop_shadow = true + shadow_range = 4 + shadow_render_power = 3 + col.shadow = rgba(a8cfee11) + } + + animations { + enabled = true + + # Some default animations, see https://wiki.hyprland.org/Configuring/Animations/ for more + + bezier = myBezier, 0.05, 0.9, 0.1, 1.05 + + animation = windows, 1, 3, myBezier + animation = windowsOut, 1, 3, default, popin 80% + animation = border, 1, 5, default + animation = borderangle, 1, 4, default + animation = fade, 1, 3, default + animation = workspaces, 1, 3, default + } + ''; }; } diff --git a/hmModules/hyprland/hyprland.conf b/hmModules/hyprland/hyprland.conf deleted file mode 100644 index cfc9db7..0000000 --- a/hmModules/hyprland/hyprland.conf +++ /dev/null @@ -1,184 +0,0 @@ -cursor { - hide_on_key_press = true - enable_hyprcursor = true - zoom_rigid = true -} - -env = HYPRCURSOR_THEME,catppuccin-mocha-sapphire -env = HYPRCURSOR_SIZE,48 -env = XCURSOR_THEME,catppuccin-mocha-sapphire -env = XCURSOR_SIZE,48 - -$mod = SUPER - -input { - touchpad { - disable_while_typing = true # set to true while playing - } -} - -monitor = HDMI-A-1, 2560x1440, 0x0, 1 # picard -monitor = eDP-1, 1920x1080, 0x0, 1 # kirk - -bindl=,switch:off:Lid Switch,exec,switch-monitor.sh open -bindl=,switch:on:Lid Switch,exec,switch-monitor.sh close - -exec-once = hyprpaper - -windowrulev2 = tile, class:^(Spotify)$ -windowrulev2 = workspace 9, class:^(Spotify)$ -windowrulev2 = float, title:^(floating)$ - -bind = $mod, b, exec, firefox -bind = $mod, t, exec, footclient -bind = $mod, y, exec, waypipe --compress lz4=10 ssh picard.fleet emacsclient -c -bind = $mod, d, exec, fuzzel --background-color=253559cc --border-radius=5 --border-width=0 -bind = $mod, s, exec, screenshot.sh -bind = , XF86MonBrightnessUp, exec, brightnessctl s +5% -bind = , XF86MonBrightnessDown, exec, brightnessctl s 5%- -bind = $mod, code:60, exec, brightnessctl s +5% -bind = $mod, code:59, exec, brightnessctl s 5%- - -bind = $mod SHIFT, t, hy3:makegroup, tab, ephemeral -bind = $mod SHIFT, q, killactive -bind = $mod SHIFT, f, fullscreen, 0 -bind = $mod SHIFT, e, exit - -bind = $mod, h, hy3:movefocus, l -bind = $mod, l, hy3:movefocus, r -bind = $mod, k, hy3:movefocus, u -bind = $mod, j, hy3:movefocus, d - -bind = $mod SHIFT, h, hy3:movewindow, l -bind = $mod SHIFT, l, hy3:movewindow, r -bind = $mod SHIFT, k, hy3:movewindow, u -bind = $mod SHIFT, j ,hy3:movewindow, d - -bind = $mod, v, hy3:makegroup, v -bind = $mod SHIFT, v, hy3:makegroup, h - -bind = $mod, p, movecurrentworkspacetomonitor, r -bind = $mod, o, movecurrentworkspacetomonitor, l - -bindm=ALT,mouse:272,hy3:movewindow - -bind = $mod, 1, workspace, 1 -bind = $mod, 2, workspace, 2 -bind = $mod, 3, workspace, 3 -bind = $mod, 4, workspace, 4 -bind = $mod, 5, workspace, 5 -bind = $mod, 6, workspace, 6 -bind = $mod, 7, workspace, 7 -bind = $mod, 8, workspace, 8 -bind = $mod, 9, workspace, 9 -bind = $mod, 0, workspace, 10 - -bind = $mod SHIFT, 1, movetoworkspace, 1 -bind = $mod SHIFT, 2, movetoworkspace, 2 -bind = $mod SHIFT, 3, movetoworkspace, 3 -bind = $mod SHIFT, 4, movetoworkspace, 4 -bind = $mod SHIFT, 5, movetoworkspace, 5 -bind = $mod SHIFT, 6, movetoworkspace, 6 -bind = $mod SHIFT, 7, movetoworkspace, 7 -bind = $mod SHIFT, 8, movetoworkspace, 8 -bind = $mod SHIFT, 9, movetoworkspace, 9 -bind = $mod SHIFT, 0, movetoworkspace, 10 - -general { - layout = hy3 - gaps_in = 8 - gaps_out = 5 -} - -decoration { - rounding = 8 - - drop_shadow = true - shadow_range = 4 - shadow_render_power = 3 - col.shadow = rgba(a8cfee11) -} - -animations { - enabled = true - - bezier = myBezier, 0.05, 0.9, 0.1, 1.05 - - animation = windows, 1, 3, myBezier - animation = windowsOut, 1, 3, default, popin 80% - animation = border, 1, 5, default - animation = borderangle, 1, 4, default - animation = fade, 1, 3, default - animation = workspaces, 1, 3, default -} - -plugin { - hy3 { - # disable gaps when only one window is onscreen - # 0 - always show gaps - # 1 - hide gaps with a single window onscreen - # 2 - 1 but also show the window border - no_gaps_when_only = 0 # default: 0 - - # policy controlling what happens when a node is removed from a group, - # leaving only a group - # 0 = remove the nested group - # 1 = keep the nested group - # 2 = keep the nested group only if its parent is a tab group - node_collapse_policy = 2 # default: 2 - - # offset from group split direction when only one window is in a group - group_inset = 0 # default: 10 - - # if a tab group will automatically be created for the first window spawned in a workspace - tab_first_window = false - - # tab group settings - tabs { - # height of the tab bar - height = 20 - - # padding between the tab bar and its focused node - padding = 10 - - # the tab bar should animate in/out from the top instead of below the window - from_top = false - - # rounding of tab bar corners - rounding = 4 - - # render the window title on the bar - render_text = true - - # center the window title - text_center = true - - # font to render the window title with - text_font = Fira Code - - # height of the window title - text_height = 14 - - # left padding of the window title - text_padding = 4 - - # active tab bar segment color - # col.active = # default: 0xff32b4ff - - # urgent tab bar segment color - # col.urgent = # default: 0xffff4f4f - - # inactive tab bar segment color - # col.inactive = # default: 0x80808080 - - # active tab bar text color - # col.text.active = # default: 0xff000000 - - # urgent tab bar text color - # col.text.urgent = # default: 0xff000000 - - # inactive tab bar text color - # col.text.inactive = # default: 0xff000000 - } - } -} diff --git a/hmModules/hyprland/hyprpaper.nix b/hmModules/hyprland/hyprpaper.nix index 5264414..d6ab105 100644 --- a/hmModules/hyprland/hyprpaper.nix +++ b/hmModules/hyprland/hyprpaper.nix @@ -1,9 +1,7 @@ let wallpaper = ./wallpaper.png; -in -{ +in { xdg.configFile."hypr/hyprpaper.conf".text = '' - splash = false preload = ${wallpaper} wallpaper = eDP-1,${wallpaper} wallpaper = DP-1,${wallpaper} diff --git a/hmModules/kicad/default.nix b/hmModules/kicad/default.nix index 9acc796..280d450 100644 --- a/hmModules/kicad/default.nix +++ b/hmModules/kicad/default.nix @@ -1,4 +1,3 @@ -{ pkgs, ... }: -{ - home.packages = [ pkgs.kicad-small ]; +{pkgs, ...}: { + home.packages = [pkgs.kicad-small]; } diff --git a/hmModules/kitty/default.nix b/hmModules/kitty/default.nix index da36cd0..49a60e8 100644 --- a/hmModules/kitty/default.nix +++ b/hmModules/kitty/default.nix @@ -1,5 +1,4 @@ -{ ... }: -{ +{pkgs, ...}: { programs.kitty = { enable = true; font = { diff --git a/hmModules/lazygit/default.nix b/hmModules/lazygit/default.nix index 6b16376..1689ddc 100644 --- a/hmModules/lazygit/default.nix +++ b/hmModules/lazygit/default.nix @@ -1,5 +1,4 @@ -{ pkgs, ... }: -{ +{pkgs, ...}: { programs.lazygit = { enable = true; settings = { diff --git a/hmModules/lutris/default.nix b/hmModules/lutris/default.nix index 475abdf..13c2b29 100644 --- a/hmModules/lutris/default.nix +++ b/hmModules/lutris/default.nix @@ -1,4 +1,3 @@ -{ pkgs, ... }: -{ - home.packages = [ pkgs.lutris ]; +{pkgs, ...}: { + home.packages = [pkgs.lutris]; } diff --git a/hmModules/monero/default.nix b/hmModules/monero/default.nix index 5bf4116..427658b 100644 --- a/hmModules/monero/default.nix +++ b/hmModules/monero/default.nix @@ -1,4 +1,3 @@ -{ pkgs, ... }: -{ - home.packages = [ pkgs.monero-gui ]; +{pkgs, ...}: { + home.packages = [pkgs.monero-gui]; } diff --git a/hmModules/moonlight/default.nix b/hmModules/moonlight/default.nix index 0637001..653f421 100644 --- a/hmModules/moonlight/default.nix +++ b/hmModules/moonlight/default.nix @@ -1,4 +1,3 @@ -{ pkgs, ... }: -{ - home.packages = [ pkgs.moonlight-qt ]; +{pkgs, ...}: { + home.packages = [pkgs.moonlight-qt]; } diff --git a/hmModules/mopidy/default.nix b/hmModules/mopidy/default.nix index 007cecc..fa2ebcb 100644 --- a/hmModules/mopidy/default.nix +++ b/hmModules/mopidy/default.nix @@ -1,6 +1,5 @@ # TODO: use upstream ytmusic when updated: https://github.com/OzymandiasTheGreat/mopidy-ytmusic/issues/68 -{ pkgs, ... }: -let +{pkgs, ...}: let ytmusicapi = pkgs.python310Packages.buildPythonPackage rec { pname = "ytmusicapi"; version = "0.24.0"; @@ -39,20 +38,14 @@ let python310Packages.pytube ]; - pythonImportsCheck = [ "mopidy_ytmusic" ]; + pythonImportsCheck = ["mopidy_ytmusic"]; doCheck = false; }; -in -{ +in { services.mopidy = { enable = true; - extensionPackages = - [ mopidy-ytmusic ] - ++ (with pkgs; [ - mopidy-mpd - mopidy-mpris - ]); + extensionPackages = [mopidy-ytmusic] ++ (with pkgs; [mopidy-mpd mopidy-mpris]); settings = { mpd = { enabled = true; diff --git a/hmModules/nheko/default.nix b/hmModules/nheko/default.nix index b921d3a..9a4a89e 100644 --- a/hmModules/nheko/default.nix +++ b/hmModules/nheko/default.nix @@ -1,6 +1,5 @@ -{ pkgs, ... }: -{ - home.packages = [ pkgs.nheko ]; +{pkgs, ...}: { + home.packages = [pkgs.nheko]; # systemd.user.services.nheko = { # Install.WantedBy = ["graphical-session.target"]; diff --git a/hmModules/nix-index/default.nix b/hmModules/nix-index/default.nix index cc3440a..726d997 100644 --- a/hmModules/nix-index/default.nix +++ b/hmModules/nix-index/default.nix @@ -1,15 +1,14 @@ { + config, pkgs, fleetFlake, + lib, ... -}: -{ +}: { programs.nix-index.enable = true; systemd.user.services.nix-index-update = { - Unit = { - Description = "Update nix-index"; - }; + Unit = {Description = "Update nix-index";}; Service = { CPUSchedulingPolicy = "idle"; @@ -19,9 +18,7 @@ }; systemd.user.timers.nix-index-update = { - Unit = { - Description = "Update nix-index"; - }; + Unit = {Description = "Update nix-index";}; Timer = { Unit = "nix-index-update.service"; @@ -29,8 +26,6 @@ Persistent = true; }; - Install = { - WantedBy = [ "timers.target" ]; - }; + Install = {WantedBy = ["timers.target"];}; }; } diff --git a/hmModules/obs-studio/default.nix b/hmModules/obs-studio/default.nix index 91620ba..6e527dc 100644 --- a/hmModules/obs-studio/default.nix +++ b/hmModules/obs-studio/default.nix @@ -1,10 +1,6 @@ -{ pkgs, ... }: -{ +{pkgs, ...}: { programs.obs-studio = { enable = true; - plugins = with pkgs.obs-studio-plugins; [ - wlrobs - input-overlay - ]; + plugins = with pkgs.obs-studio-plugins; [wlrobs input-overlay]; }; } diff --git a/hmModules/openscad/default.nix b/hmModules/openscad/default.nix index eac465f..aa83ca6 100644 --- a/hmModules/openscad/default.nix +++ b/hmModules/openscad/default.nix @@ -1,4 +1,3 @@ -{ pkgs, ... }: -{ - home.packages = [ pkgs.openscad ]; +{pkgs, ...}: { + home.packages = [pkgs.openscad]; } diff --git a/hmModules/pantalaimon/default.nix b/hmModules/pantalaimon/default.nix index 2c0a520..36331cc 100644 --- a/hmModules/pantalaimon/default.nix +++ b/hmModules/pantalaimon/default.nix @@ -9,5 +9,5 @@ }; }; }; - systemd.user.services.pantalaimon.Unit.Requires = [ "dbus.socket" ]; + systemd.user.services.pantalaimon.Unit.Requires = ["dbus.socket"]; } diff --git a/hmModules/password-store/default.nix b/hmModules/password-store/default.nix index 69be6e1..704f123 100644 --- a/hmModules/password-store/default.nix +++ b/hmModules/password-store/default.nix @@ -2,13 +2,12 @@ pkgs, username, ... -}: -{ +}: { programs.password-store = { enable = true; settings = { PASSWORD_STORE_DIR = "/home/${username}/.password-store"; }; - package = pkgs.pass.withExtensions (e: [ e.pass-otp ]); + package = pkgs.pass.withExtensions (e: [e.pass-otp]); }; } diff --git a/hmModules/qutebrowser/default.nix b/hmModules/qutebrowser/default.nix index 6a77ff7..4a4c68f 100644 --- a/hmModules/qutebrowser/default.nix +++ b/hmModules/qutebrowser/default.nix @@ -2,8 +2,7 @@ pkgs, config, ... -}: -let +}: let inherit (config.programs.qutebrowser) settings; websites = { searx = "https://searx.be"; @@ -17,8 +16,7 @@ let less-dark-white = "#cccccc"; blue = "#0000ff"; }; -in -{ +in { programs.qutebrowser = { enable = true; searchEngines = with websites; { @@ -43,7 +41,7 @@ in auto_save.session = true; url = with websites; { default_page = searx; - start_pages = [ searx ]; + start_pages = [searx]; }; editor.command = [ "emacsclient" @@ -110,13 +108,15 @@ in }; home.packages = with pkgs; [ fuzzel - (makeDesktopItem { - name = "qutebrowser"; - exec = "qutebrowser %u"; - comment = "Qutebrowser"; - desktopName = "qutebrowser"; - type = "Application"; - mimeTypes = [ "x-scheme-handler/https" ]; - }) + ( + makeDesktopItem { + name = "qutebrowser"; + exec = "qutebrowser %u"; + comment = "Qutebrowser"; + desktopName = "qutebrowser"; + type = "Application"; + mimeTypes = ["x-scheme-handler/https"]; + } + ) ]; } diff --git a/hmModules/reinstall-magisk-on-lineage/default.nix b/hmModules/reinstall-magisk-on-lineage/default.nix index dba5e35..8728f93 100644 --- a/hmModules/reinstall-magisk-on-lineage/default.nix +++ b/hmModules/reinstall-magisk-on-lineage/default.nix @@ -1,5 +1,4 @@ -{ pkgs, ... }: -let +{pkgs, ...}: let reinstall-magisk-on-lineage = pkgs.stdenv.mkDerivation { name = "reinstall-magisk-on-lineage"; version = "git"; @@ -22,7 +21,6 @@ let --replace-fail "paste_yours_here" "\"\$1\"" ''; }; -in -{ - home.packages = [ reinstall-magisk-on-lineage ]; +in { + home.packages = [reinstall-magisk-on-lineage]; } diff --git a/hmModules/remmina/default.nix b/hmModules/remmina/default.nix index 822eddf..abbd844 100644 --- a/hmModules/remmina/default.nix +++ b/hmModules/remmina/default.nix @@ -1,4 +1,3 @@ -{ pkgs, ... }: -{ - home.packages = [ pkgs.remmina ]; +{pkgs, ...}: { + home.packages = [pkgs.remmina]; } diff --git a/hmModules/shell/default.nix b/hmModules/shell/default.nix index cf7f76a..9c1ca0f 100644 --- a/hmModules/shell/default.nix +++ b/hmModules/shell/default.nix @@ -4,8 +4,7 @@ age, hostname, ... -}: -{ +}: { programs.bat.enable = true; programs.direnv = { @@ -32,9 +31,7 @@ systemd.user.services.atuind = { Unit.Description = "Atuin daemon"; - Install = { - WantedBy = [ "default.target" ]; - }; + Install = {WantedBy = ["default.target"];}; Service.ExecStart = "${lib.getExe pkgs.atuin} daemon"; }; @@ -119,29 +116,25 @@ xdg.configFile = { "dracula-theme" = { target = "fish/themes/dracula.theme"; - source = - let - theme = pkgs.fetchFromGitHub { - owner = "dracula"; - repo = "fish"; - rev = "269cd7d76d5104fdc2721db7b8848f6224bdf554"; - hash = "sha256-Hyq4EfSmWmxwCYhp3O8agr7VWFAflcUe8BUKh50fNfY="; - }; - in - "${theme}/themes/Dracula\ Official.theme"; + source = let + theme = pkgs.fetchFromGitHub { + owner = "dracula"; + repo = "fish"; + rev = "269cd7d76d5104fdc2721db7b8848f6224bdf554"; + hash = "sha256-Hyq4EfSmWmxwCYhp3O8agr7VWFAflcUe8BUKh50fNfY="; + }; + in "${theme}/themes/Dracula\ Official.theme"; }; "catppuccin-theme" = { target = "fish/themes/Catppuccin\ Mocha.theme"; - source = - let - theme = pkgs.fetchFromGitHub { - owner = "catppuccin"; - repo = "fish"; - rev = "a3b9eb5eaf2171ba1359fe98f20d226c016568cf"; - hash = "sha256-shQxlyoauXJACoZWtRUbRMxmm10R8vOigXwjxBhG8ng="; - }; - in - "${theme}/themes/Catppuccin\ Mocha.theme"; + source = let + theme = pkgs.fetchFromGitHub { + owner = "catppuccin"; + repo = "fish"; + rev = "a3b9eb5eaf2171ba1359fe98f20d226c016568cf"; + hash = "sha256-shQxlyoauXJACoZWtRUbRMxmm10R8vOigXwjxBhG8ng="; + }; + in "${theme}/themes/Catppuccin\ Mocha.theme"; }; }; @@ -234,8 +227,7 @@ # ''; # }; - home.packages = - with pkgs; + home.packages = with pkgs; [ thefuck htop-vim @@ -248,18 +240,12 @@ carapace # used by nushell neovim ] - ++ (lib.optionals - (builtins.elem hostname [ - "kirk" - "picard" - ]) - [ - nixd # TODO probably not the best place - terraform-lsp # TODO probably not best place - python3Packages.jedi-language-server # TODO probably not best place - nodePackages.typescript-language-server # TODO probably not best place - cntr # TODO probably not best place - nom # FIXME disable on aarch64-linux, breaks everything :( - ] - ); + ++ (lib.optionals (builtins.elem hostname ["kirk" "picard"]) [ + nixd # TODO probably not the best place + terraform-lsp # TODO probably not best place + python3Packages.jedi-language-server # TODO probably not best place + nodePackages.typescript-language-server # TODO probably not best place + cntr # TODO probably not best place + nom # FIXME disable on aarch64-linux, breaks everything :( + ]); } diff --git a/hmModules/slack/default.nix b/hmModules/slack/default.nix index 4ff5f05..bb7e3b1 100644 --- a/hmModules/slack/default.nix +++ b/hmModules/slack/default.nix @@ -1,4 +1,3 @@ -{ pkgs, ... }: -{ - home.packages = [ pkgs.slack ]; +{pkgs, ...}: { + home.packages = [pkgs.slack]; } diff --git a/hmModules/spotify/default.nix b/hmModules/spotify/default.nix index 59b2edd..fb7c2e7 100644 --- a/hmModules/spotify/default.nix +++ b/hmModules/spotify/default.nix @@ -2,19 +2,17 @@ lib, pkgs, ... -}: -let - spotify-adblocked = pkgs.callPackage ../../packages/spotify-adblocked { }; -in -{ - home.packages = [ spotify-adblocked ]; +}: let + spotify-adblocked = pkgs.callPackage ../../packages/spotify-adblocked {}; +in { + home.packages = [spotify-adblocked]; systemd.user.services.spotify-adblocked = { - Install.WantedBy = [ "graphical-session.target" ]; + Install.WantedBy = ["graphical-session.target"]; Unit = { Description = "Spotify"; - PartOf = [ "graphical-session.target" ]; + PartOf = ["graphical-session.target"]; }; Service = { diff --git a/hmModules/steam-run/default.nix b/hmModules/steam-run/default.nix index 7ea2faf..42db3d4 100644 --- a/hmModules/steam-run/default.nix +++ b/hmModules/steam-run/default.nix @@ -1,4 +1,3 @@ -{ pkgs, ... }: -{ - home.packages = [ pkgs.steam-run ]; +{pkgs, ...}: { + home.packages = [pkgs.steam-run]; } diff --git a/hmModules/sway/default.nix b/hmModules/sway/default.nix index 26fee7a..af49d1c 100644 --- a/hmModules/sway/default.nix +++ b/hmModules/sway/default.nix @@ -3,8 +3,7 @@ lib, config, ... -}: -{ +}: { imports = [ ../waybar ../swayidle @@ -13,7 +12,7 @@ ../kitty ]; config = { - home.packages = with pkgs; [ wl-clipboard ]; + home.packages = with pkgs; [wl-clipboard]; systemd.user.sessionVariables = { NIXOS_OZONE_WL = "1"; @@ -36,100 +35,98 @@ }; wayland = { - windowManager.sway = - let - modifier = "Mod4"; - in - { - enable = true; - wrapperFeatures.gtk = true; - config = { - inherit modifier; - menu = "${pkgs.fuzzel}/bin/fuzzel --background-color=253559cc --border-radius=5 --border-width=0"; - output = - let - bg = "${./wallpaper.svg} fill"; - in - { - DP-2 = { - res = "1900x1200"; - pos = "0 0"; - inherit bg; - transform = "90"; - }; - DP-1 = { - res = "2560x1440"; - pos = "1200 230"; - inherit bg; - }; - eDP-1 = { - res = "1920x1080"; - pos = "3760 230"; - inherit bg; - }; - }; - terminal = "${config.programs.kitty.package}/bin/kitty ${config.programs.kitty.package}/bin/kitty +kitten ssh mothership.fleet"; - bars = [ - { - mode = "hide"; - position = "top"; - command = "${pkgs.waybar}/bin/waybar"; - } - ]; - gaps = { - smartBorders = "on"; + windowManager.sway = let + modifier = "Mod4"; + in { + enable = true; + wrapperFeatures.gtk = true; + config = { + inherit modifier; + menu = "${pkgs.fuzzel}/bin/fuzzel --background-color=253559cc --border-radius=5 --border-width=0"; + output = let + bg = "${./wallpaper.svg} fill"; + in { + DP-2 = { + res = "1900x1200"; + pos = "0 0"; + inherit bg; + transform = "90"; }; - assigns = { - "1" = [ - { title = ".*Mozilla Firefox$"; } - { title = ".*qutebrowser$"; } - ]; - "2" = [ { title = "^((?!qutebrowser-editor).)*Emacs$"; } ]; - "3" = [ { title = "Slack.*"; } ]; - "9" = [ { title = "^Element.*"; } ]; + DP-1 = { + res = "2560x1440"; + pos = "1200 230"; + inherit bg; }; - floating.criteria = [ - { title = "MetaMask Notification.*"; } - { title = "Volume Control"; } # pavucontrol - { title = "^.*editor - qutebrowser$"; } # Emacs opened by qutebrowser - ]; - input = { - "*" = { - xkb_layout = "us"; - xkb_variant = "altgr-intl"; - }; + eDP-1 = { + res = "1920x1080"; + pos = "3760 230"; + inherit bg; }; - keybindings = - let - screenshotScript = pkgs.writeShellScript "screenshot.sh" '' - filename="$HOME/shots/$(date --iso-8601=seconds).png" - coords="$(${pkgs.slurp}/bin/slurp)" - ${pkgs.grim}/bin/grim -t png -g "$coords" "$filename" - wl-copy -t image/png < $filename - ''; - in - lib.mkOptionDefault { - "${modifier}+x" = "exec emacsclient -c"; - "${modifier}+y" = "exec ${pkgs.waypipe}/bin/waypipe --compress lz4=10 ssh mothership.fleet emacsclient -c"; - "${modifier}+b" = "exec qutebrowser"; - "${modifier}+s" = "exec ${screenshotScript}"; - # "${modifier}+g" = "exec ${screenrecordingScript}"; # FIXME - "${modifier}+t" = '' - exec emacsclient -c -F "\'(name . \\"VTerm\\"))" -q --eval '(vterm (getenv "SHELL"))' - ''; - "${modifier}+u" = '' - exec ${pkgs.waypipe}/bin/waypipe --compress lz4=10 ssh mothership.fleet emacsclient -c -F "\'(name . \\"VTerm\\"))" -q --eval '(eat (getenv "SHELL"))' - ''; - "XF86MonBrightnessUp" = "exec ${pkgs.brightnessctl}/bin/brightnessctl s +5%"; - "XF86MonBrightnessDown" = "exec ${pkgs.brightnessctl}/bin/brightnessctl s 5%-"; - }; }; - extraConfig = '' - bindsym ${modifier}+p move workspace to output right - ''; - xwayland = true; - systemdIntegration = true; + terminal = "${config.programs.kitty.package}/bin/kitty ${config.programs.kitty.package}/bin/kitty +kitten ssh mothership.fleet"; + bars = [ + { + mode = "hide"; + position = "top"; + command = "${pkgs.waybar}/bin/waybar"; + } + ]; + gaps = { + smartBorders = "on"; + }; + assigns = { + "1" = [{title = ".*Mozilla Firefox$";} {title = ".*qutebrowser$";}]; + "2" = [{title = "^((?!qutebrowser-editor).)*Emacs$";}]; + "3" = [{title = "Slack.*";}]; + "9" = [{title = "^Element.*";}]; + }; + floating.criteria = [ + {title = "MetaMask Notification.*";} + {title = "Volume Control";} # pavucontrol + {title = "^.*editor - qutebrowser$";} # Emacs opened by qutebrowser + ]; + input = { + "*" = { + xkb_layout = "us"; + xkb_variant = "altgr-intl"; + }; + }; + keybindings = let + screenshotScript = pkgs.writeShellScript "screenshot.sh" '' + filename="$HOME/shots/$(date --iso-8601=seconds).png" + coords="$(${pkgs.slurp}/bin/slurp)" + ${pkgs.grim}/bin/grim -t png -g "$coords" "$filename" + wl-copy -t image/png < $filename + ''; + screenrecordingScript = pkgs.writeShellScript "screenrecorder.sh" '' + filename="$HOME/shots/recording-$(date --iso-8601=seconds).mp4" + coords="$(${pkgs.slurp}/bin/slurp)" + ${pkgs.wf-recorder}/bin/wf-recorder -g "$coords" -f "$filename" + wl-copy -t video/mp4 < $filename + ''; + in + lib.mkOptionDefault { + "${modifier}+x" = "exec emacsclient -c"; + "${modifier}+y" = "exec ${pkgs.waypipe}/bin/waypipe --compress lz4=10 ssh mothership.fleet emacsclient -c"; + "${modifier}+b" = "exec qutebrowser"; + "${modifier}+s" = "exec ${screenshotScript}"; + # "${modifier}+g" = "exec ${screenrecordingScript}"; # FIXME + "${modifier}+t" = '' + exec emacsclient -c -F "\'(name . \\"VTerm\\"))" -q --eval '(vterm (getenv "SHELL"))' + ''; + "${modifier}+u" = '' + exec ${pkgs.waypipe}/bin/waypipe --compress lz4=10 ssh mothership.fleet emacsclient -c -F "\'(name . \\"VTerm\\"))" -q --eval '(eat (getenv "SHELL"))' + ''; + "XF86MonBrightnessUp" = "exec ${pkgs.brightnessctl}/bin/brightnessctl s +5%"; + "XF86MonBrightnessDown" = "exec ${pkgs.brightnessctl}/bin/brightnessctl s 5%-"; + }; }; + extraConfig = '' + bindsym ${modifier}+p move workspace to output right + ''; + xwayland = true; + systemdIntegration = true; + }; }; }; } diff --git a/hmModules/swayidle/default.nix b/hmModules/swayidle/default.nix index 60e3ed0..bc26718 100644 --- a/hmModules/swayidle/default.nix +++ b/hmModules/swayidle/default.nix @@ -2,56 +2,53 @@ pkgs, lib, ... -}: -{ - services.swayidle = - let - swaylockWithArgs = pkgs.writeScriptBin "swaylockWithArgs" '' - ${pkgs.swaylock-effects}/bin/swaylock \ - --daemonize \ - --screenshots \ - --clock \ - --indicator \ - --indicator-radius 100 \ - --indicator-thickness 7 \ - --effect-blur 7x5 \ - --effect-vignette 0.5:0.5 \ - --ring-color bb00cc \ - --key-hl-color 880033 \ - --line-color 00000000 \ - --inside-color 00000088 \ - --separator-color 00000000 \ - --fade-in 0.2 - ''; - swaylockCommand = "${swaylockWithArgs}/bin/swaylockWithArgs"; - in - { - enable = true; - events = [ - { - event = "before-sleep"; - command = swaylockCommand; - } - { - event = "lock"; - command = swaylockCommand; - } - ]; - timeouts = [ - { - timeout = 600; - command = swaylockCommand; - } - { - timeout = 720; - command = "${pkgs.systemd}/bin/systemctl suspend"; - } - ]; - }; +}: { + services.swayidle = let + swaylockWithArgs = pkgs.writeScriptBin "swaylockWithArgs" '' + ${pkgs.swaylock-effects}/bin/swaylock \ + --daemonize \ + --screenshots \ + --clock \ + --indicator \ + --indicator-radius 100 \ + --indicator-thickness 7 \ + --effect-blur 7x5 \ + --effect-vignette 0.5:0.5 \ + --ring-color bb00cc \ + --key-hl-color 880033 \ + --line-color 00000000 \ + --inside-color 00000088 \ + --separator-color 00000000 \ + --fade-in 0.2 + ''; + swaylockCommand = "${swaylockWithArgs}/bin/swaylockWithArgs"; + in { + enable = true; + events = [ + { + event = "before-sleep"; + command = swaylockCommand; + } + { + event = "lock"; + command = swaylockCommand; + } + ]; + timeouts = [ + { + timeout = 600; + command = swaylockCommand; + } + { + timeout = 720; + command = "${pkgs.systemd}/bin/systemctl suspend"; + } + ]; + }; # Otherwise it will start only after Sway and will not work with Hyprland systemd.user.services.swayidle = { - Unit.PartOf = lib.mkForce [ ]; - Install.WantedBy = lib.mkForce [ "hyprland-session.target" ]; + Unit.PartOf = lib.mkForce []; + Install.WantedBy = lib.mkForce ["hyprland-session.target"]; }; } diff --git a/hmModules/teams/default.nix b/hmModules/teams/default.nix index 9f643c1..217685e 100644 --- a/hmModules/teams/default.nix +++ b/hmModules/teams/default.nix @@ -1,4 +1,3 @@ -{ pkgs, ... }: -{ - home.packages = [ pkgs.teams-for-linux ]; +{pkgs, ...}: { + home.packages = [pkgs.teams-for-linux]; } diff --git a/hmModules/thunderbird/default.nix b/hmModules/thunderbird/default.nix index 2b3ba1e..9eb89c8 100644 --- a/hmModules/thunderbird/default.nix +++ b/hmModules/thunderbird/default.nix @@ -1,14 +1,14 @@ { - imports = [ ../email ]; + imports = [../email]; config = { accounts.email.accounts = { autistici.thunderbird = { enable = true; - profiles = [ "default" ]; + profiles = ["default"]; }; mlabs.thunderbird = { enable = true; - profiles = [ "default" ]; + profiles = ["default"]; }; }; programs.thunderbird = { diff --git a/hmModules/tor-browser/default.nix b/hmModules/tor-browser/default.nix index 59796db..7b56e78 100644 --- a/hmModules/tor-browser/default.nix +++ b/hmModules/tor-browser/default.nix @@ -1,4 +1,3 @@ -{ pkgs, ... }: -{ - home.packages = [ pkgs.tor-browser ]; +{pkgs, ...}: { + home.packages = [pkgs.tor-browser]; } diff --git a/hmModules/tremotesf/default.nix b/hmModules/tremotesf/default.nix index a3569a1..37c75d9 100644 --- a/hmModules/tremotesf/default.nix +++ b/hmModules/tremotesf/default.nix @@ -2,12 +2,11 @@ pkgs, lib, ... -}: -{ - home.packages = [ pkgs.tremotesf ]; +}: { + home.packages = [pkgs.tremotesf]; systemd.user.services.tremotesf = { - Install.WantedBy = [ "graphical-session.target" ]; + Install.WantedBy = ["graphical-session.target"]; Unit = { Description = "tremotesf"; diff --git a/hmModules/vscode/default.nix b/hmModules/vscode/default.nix index f04f149..e34d82c 100644 --- a/hmModules/vscode/default.nix +++ b/hmModules/vscode/default.nix @@ -1,5 +1,4 @@ -{ pkgs, ... }: -{ +{pkgs, ...}: { programs.vscode = { enable = true; # For a few reasons sometimes I'm forced to use VSCode and I don't have time to nixifiy even its configuration. diff --git a/hmModules/waybar/default.nix b/hmModules/waybar/default.nix index 5705986..f7ac1be 100644 --- a/hmModules/waybar/default.nix +++ b/hmModules/waybar/default.nix @@ -2,8 +2,7 @@ pkgs, lib, ... -}: -{ +}: { programs.waybar = { enable = true; systemd.enable = true; @@ -19,7 +18,7 @@ "wlr/mode" "hyprland/workspaces" ]; - modules-center = [ "wlr/window" ]; + modules-center = ["wlr/window"]; modules-right = [ "network" "tray" @@ -47,13 +46,9 @@ # sort-by-number = true; }; - "wlr/mode" = { - tooltip = false; - }; + "wlr/mode" = {tooltip = false;}; - "wlr/window" = { - max_length = 50; - }; + "wlr/window" = {max_length = 50;}; tray = { spacing = 10; }; @@ -61,13 +56,7 @@ format = "{capacity}% {icon}"; format-alt = "{time} {icon}"; format-charging = "{capacity}% "; - format-icons = [ - " " - " " - " " - " " - " " - ]; + format-icons = [" " " " " " " " " "]; format-plugged = "{capacity}%  "; states = { critical = 15; @@ -82,9 +71,7 @@ format = "{usage}% "; tooltip = false; }; - memory = { - format = "{}% "; - }; + memory = {format = "{}% ";}; network = { interval = 1; format-alt = "{ifname}: {ipaddr}/{cidr}"; @@ -99,11 +86,7 @@ format-bluetooth-muted = " {icon} {format_source}"; format-icons = { car = ""; - default = [ - " " - " " - " " - ]; + default = [" " " " " "]; handsfree = ""; headphones = " "; headset = ""; @@ -115,32 +98,23 @@ format-source-muted = ""; on-click = "${pkgs.pavucontrol}/bin/pavucontrol"; }; - "wlr/mode" = { - format = ''{}''; - }; + "wlr/mode" = {format = ''{}'';}; temperature = { critical-threshold = 80; format = "{temperatureC}°C {icon}"; - format-icons = [ - "" - "" - "" - ]; + format-icons = ["" "" ""]; hwmon-path = "/sys/class/hwmon/hwmon2/temp1_input"; # picard FIXME # hwmon-path = "/sys/class/thermal/thermal_zone4/temp"; # thinkpad }; backlight = { device = "ddcci2"; format = "{percent}% {icon}"; - format-icons = [ - " " - " " - ]; + format-icons = [" " " "]; }; }; }; }; # waybar needs the hyprctl binary in PATH when started in hyprland - systemd.user.services.waybar.Service.Environment = "PATH=${lib.makeBinPath [ pkgs.hyprland ]}"; + systemd.user.services.waybar.Service.Environment = "PATH=${lib.makeBinPath [pkgs.hyprland]}"; } diff --git a/hmModules/wayvnc/default.nix b/hmModules/wayvnc/default.nix index ccccd7b..5f9e090 100644 --- a/hmModules/wayvnc/default.nix +++ b/hmModules/wayvnc/default.nix @@ -4,14 +4,13 @@ vpn, hostname, ... -}: -{ +}: { systemd.user.services.wayvnc = { - Install.WantedBy = [ "graphical-session.target" ]; + Install.WantedBy = ["graphical-session.target"]; Unit = { Description = "WayVNC"; - PartOf = [ "graphical-session.target" ]; + PartOf = ["graphical-session.target"]; }; Service = { diff --git a/hmModules/wezterm/default.nix b/hmModules/wezterm/default.nix index f7baef1..f6b0fcf 100644 --- a/hmModules/wezterm/default.nix +++ b/hmModules/wezterm/default.nix @@ -2,12 +2,12 @@ pkgs, hostname, ... -}: -{ +}: { programs.wezterm = { enable = true; package = - if hostname == "pircard" then + if hostname == "pircard" + then (pkgs.wezterm.overrideAttrs (old: rec { pname = "wezterm"; version = "20240406-cce0706"; @@ -24,40 +24,43 @@ "xcb-imdkit-0.3.0" = "sha256-fTpJ6uNhjmCWv7dZqVgYuS2Uic36XNYTbqlaly5QBjI="; }; }; - patches = (old.patches or [ ]) ++ [ - (pkgs.fetchpatch { - # fix(wayland): ensure repaint event is sent in show - url = "https://patch-diff.githubusercontent.com/raw/wez/wezterm/pull/5264.patch"; - hash = "sha256-c+frVaBEL0h3PJvNu3AW2iap+uUXBY8olbm7Wsxuh4Q="; - }) - (pkgs.writeText "wezterm-remove_capabilities.patch" '' - diff --git a/window/src/os/wayland/seat.rs b/window/src/os/wayland/seat.rs - index 3798f4259..e91591130 100644 - --- a/window/src/os/wayland/seat.rs - +++ b/window/src/os/wayland/seat.rs - @@ -65,9 +65,15 @@ impl SeatHandler for WaylandState { - _conn: &Connection, - _qh: &QueueHandle, - _seat: WlSeat, - - _capability: smithay_client_toolkit::seat::Capability, - + capability: smithay_client_toolkit::seat::Capability, - ) { - - todo!() - + if capability == Capability::Keyboard && self.keyboard.is_some() { - + self.keyboard.take().unwrap().release(); - + } - + - + if capability == Capability::Pointer && self.pointer.is_some() { - + self.pointer = None; - + } - } + patches = + (old.patches or []) + ++ [ + (pkgs.fetchpatch { + # fix(wayland): ensure repaint event is sent in show + url = "https://patch-diff.githubusercontent.com/raw/wez/wezterm/pull/5264.patch"; + hash = "sha256-c+frVaBEL0h3PJvNu3AW2iap+uUXBY8olbm7Wsxuh4Q="; + }) + (pkgs.writeText + "wezterm-remove_capabilities.patch" + '' + diff --git a/window/src/os/wayland/seat.rs b/window/src/os/wayland/seat.rs + index 3798f4259..e91591130 100644 + --- a/window/src/os/wayland/seat.rs + +++ b/window/src/os/wayland/seat.rs + @@ -65,9 +65,15 @@ impl SeatHandler for WaylandState { + _conn: &Connection, + _qh: &QueueHandle, + _seat: WlSeat, + - _capability: smithay_client_toolkit::seat::Capability, + + capability: smithay_client_toolkit::seat::Capability, + ) { + - todo!() + + if capability == Capability::Keyboard && self.keyboard.is_some() { + + self.keyboard.take().unwrap().release(); + + } + + + + if capability == Capability::Pointer && self.pointer.is_some() { + + self.pointer = None; + + } + } - fn remove_seat(&mut self, _conn: &Connection, _qh: &QueueHandle, _seat: WlSeat) { - '') - ]; + fn remove_seat(&mut self, _conn: &Connection, _qh: &QueueHandle, _seat: WlSeat) { + '') + ]; })) - else - pkgs.wezterm; + else pkgs.wezterm; extraConfig = '' return { diff --git a/hmModules/whatsapp/default.nix b/hmModules/whatsapp/default.nix index b3f0a90..5d0335a 100644 --- a/hmModules/whatsapp/default.nix +++ b/hmModules/whatsapp/default.nix @@ -1,13 +1,12 @@ -{ pkgs, ... }: -{ - home.packages = [ pkgs.whatsapp-for-linux ]; +{pkgs, ...}: { + home.packages = [pkgs.whatsapp-for-linux]; systemd.user.services.whatsapp = { - Install.WantedBy = [ "graphical-session.target" ]; + Install.WantedBy = ["graphical-session.target"]; Unit = { Description = "Whatsapp"; - PartOf = [ "graphical-session.target" ]; + PartOf = ["graphical-session.target"]; }; Service = { diff --git a/hmModules/wine/default.nix b/hmModules/wine/default.nix index a499a37..e1f674a 100644 --- a/hmModules/wine/default.nix +++ b/hmModules/wine/default.nix @@ -1,5 +1,4 @@ -{ pkgs, ... }: -{ +{pkgs, ...}: { home.packages = with pkgs; [ winetricks wineWowPackages.waylandFull diff --git a/hmModules/xdg/default.nix b/hmModules/xdg/default.nix index bdcfdeb..858798f 100644 --- a/hmModules/xdg/default.nix +++ b/hmModules/xdg/default.nix @@ -1,12 +1,11 @@ -{ pkgs, ... }: -{ +{pkgs, ...}: { xdg = { enable = true; mimeApps.enable = true; mimeApps.defaultApplications = { - "text/html" = [ "firefox.desktop" ]; - "x-scheme-handler/http" = [ "firefox.desktop" ]; - "x-scheme-handler/https" = [ "firefox.desktop" ]; + "text/html" = ["firefox.desktop"]; + "x-scheme-handler/http" = ["firefox.desktop"]; + "x-scheme-handler/https" = ["firefox.desktop"]; }; desktopEntries = { org-protocol = { @@ -14,20 +13,16 @@ genericName = "Org protocol"; exec = "emacsclient -- %u"; terminal = false; - mimeType = [ "x-scheme-handler/org-protocol" ]; + mimeType = ["x-scheme-handler/org-protocol"]; }; firefox = { name = "firefox"; genericName = "Firefox protocol"; exec = "firefox -- %U"; terminal = false; - mimeType = [ - "text/html" - "text/xml" - "text/uri" - ]; + mimeType = ["text/html" "text/xml" "text/uri"]; }; }; }; - home.packages = [ pkgs.xdg-utils ]; + home.packages = [pkgs.xdg-utils]; } diff --git a/hmModules/zmkbatx/default.nix b/hmModules/zmkbatx/default.nix index b7f9065..64771fc 100644 --- a/hmModules/zmkbatx/default.nix +++ b/hmModules/zmkbatx/default.nix @@ -2,15 +2,11 @@ pkgs, lib, ... -}: -{ - home.packages = [ pkgs.zmkBATx ]; +}: { + home.packages = [pkgs.zmkBATx]; systemd.user.services.zmkBATx = { - Install.WantedBy = [ - "graphical-session.target" - "waybar.service" - ]; + Install.WantedBy = ["graphical-session.target" "waybar.service"]; Unit = { Description = "zmkBATx"; diff --git a/hmModules/zulip/default.nix b/hmModules/zulip/default.nix index 40cdfb2..f598162 100644 --- a/hmModules/zulip/default.nix +++ b/hmModules/zulip/default.nix @@ -1,4 +1,3 @@ -{ pkgs, ... }: -{ - home.packages = [ pkgs.zulip ]; +{pkgs, ...}: { + home.packages = [pkgs.zulip]; } diff --git a/hosts/archer/default.nix b/hosts/archer/default.nix index de91621..9437ec4 100644 --- a/hosts/archer/default.nix +++ b/hosts/archer/default.nix @@ -1,5 +1,4 @@ -{ pkgs, ... }: -{ +{pkgs, ...}: { environment.systemPackages = [ pkgs.vim ]; diff --git a/hosts/beebox/default.nix b/hosts/beebox/default.nix index 538b6cf..d99b8b1 100644 --- a/hosts/beebox/default.nix +++ b/hosts/beebox/default.nix @@ -1,8 +1,9 @@ { fleetModules, + pkgs, + lib, ... -}: -{ +}: { imports = [ ./hardware-configuration.nix diff --git a/hosts/beebox/hardware-configuration.nix b/hosts/beebox/hardware-configuration.nix index 56c4753..5ea0dce 100644 --- a/hosts/beebox/hardware-configuration.nix +++ b/hosts/beebox/hardware-configuration.nix @@ -7,22 +7,15 @@ pkgs, modulesPath, ... -}: -{ +}: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ - "ahci" - "xhci_pci" - "usb_storage" - "usbhid" - "sd_mod" - ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "usb_storage" "usbhid" "sd_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; @@ -38,7 +31,7 @@ }; swapDevices = [ - { device = "/dev/disk/by-label/swap"; } + {device = "/dev/disk/by-label/swap";} ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking diff --git a/hosts/default.nix b/hosts/default.nix index 748d6a4..a96b64b 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -1,14 +1,16 @@ { + self, + lib, + config, inputs, ... -}: -{ - imports = [ ./module.nix ]; +}: { + imports = [./module.nix]; fleet = { - darwinHosts.archer = { }; + darwinHosts.archer = {}; - nixOnDroidHosts.janeway = { }; + nixOnDroidHosts.janeway = {}; hosts = { # thinkpad = { @@ -72,11 +74,10 @@ # }; deltaflyer = { - nixpkgs = - let - # keep in sync with https://github.com/NixOS/mobile-nixos/blob/development/pkgs.nix - rev = "44d0940ea560dee511026a53f0e2e2cde489b4d4"; - in + nixpkgs = let + # keep in sync with https://github.com/NixOS/mobile-nixos/blob/development/pkgs.nix + rev = "44d0940ea560dee511026a53f0e2e2cde489b4d4"; + in builtins.getFlake "github:NixOS/nixpkgs/${rev}"; extraHmModules = [ # inputs.ccrEmacs.hmModules.default @@ -87,10 +88,10 @@ }; homeManager = builtins.getFlake "github:nix-community/home-manager/670d9ecc3e46a6e3265c203c2d136031a3d3548e"; extraModules = [ - (import "${inputs.mobile-nixos}/lib/configuration.nix" { device = "oneplus-fajita"; }) + (import "${inputs.mobile-nixos}/lib/configuration.nix" {device = "oneplus-fajita";}) ]; secrets = { - "deltaflyer-wireguard-private-key" = { }; + "deltaflyer-wireguard-private-key" = {}; "chatgpt-token".owner = "ccr"; }; }; @@ -110,12 +111,12 @@ "${inputs.homeManagerGitWorkspace}/modules/services/git-workspace.nix" ]; secrets = { - "kirk-wireguard-private-key" = { }; + "kirk-wireguard-private-key" = {}; "chatgpt-token".owner = "ccr"; "cachix-personal-token".owner = "ccr"; "git-workspace-tokens".owner = "ccr"; "autistici-password".owner = "ccr"; - "restic-hetzner-password" = { }; + "restic-hetzner-password" = {}; }; }; @@ -136,7 +137,7 @@ inputs.vscode-server.nixosModules.home ]; secrets = { - "picard-wireguard-private-key" = { }; + "picard-wireguard-private-key" = {}; "chatgpt-token".owner = "ccr"; "cachix-personal-token".owner = "ccr"; "hercules-ci-join-token".owner = "hercules-ci-agent"; @@ -144,7 +145,7 @@ "hercules-ci-secrets-json".owner = "hercules-ci-agent"; "git-workspace-tokens".owner = "ccr"; "autistici-password".owner = "ccr"; - "restic-hetzner-password" = { }; + "restic-hetzner-password" = {}; "aws-credentials".owner = "hercules-ci-agent"; "forgejo-runners-token".owner = "nixuser"; "forgejo-nix-access-tokens".owner = "nixuser"; @@ -165,7 +166,7 @@ # rock5b.nixosModules.default ]; secrets = { - "sisko-wireguard-private-key" = { }; + "sisko-wireguard-private-key" = {}; "hercules-ci-join-token".owner = "hercules-ci-agent"; "hercules-ci-binary-caches".owner = "hercules-ci-agent"; "hercules-ci-secrets-json".owner = "hercules-ci-agent"; @@ -173,8 +174,8 @@ "home-planimetry".owner = "hass"; "home-assistant-token".owner = "prometheus"; "grafana-password".owner = "grafana"; - "cloudflare-dyndns-api-token" = { }; - "restic-hetzner-password" = { }; + "cloudflare-dyndns-api-token" = {}; + "restic-hetzner-password" = {}; # "minio-credentials".owner = "minio"; # "aws-credentials".owner = "hercules-ci-agent"; "hass-ssh-key".owner = "hass"; diff --git a/hosts/deltaflyer/default.nix b/hosts/deltaflyer/default.nix index 70f479f..915f695 100644 --- a/hosts/deltaflyer/default.nix +++ b/hosts/deltaflyer/default.nix @@ -3,8 +3,7 @@ lib, pkgs, ... -}: -{ +}: { imports = fleetModules [ "common" @@ -42,10 +41,7 @@ # Networking, modem and misc. { # Ensures any rndis config from stage-1 is not clobbered by NetworkManager - networking.networkmanager.unmanaged = [ - "rndis0" - "usb0" - ]; + networking.networkmanager.unmanaged = ["rndis0" "usb0"]; # Setup USB gadget networking in initrd... mobile.boot.stage-1.networking.enable = lib.mkDefault true; @@ -79,14 +75,13 @@ "video" "wheel" ]; - backupPaths = [ ]; + backupPaths = []; }; } { system.stateVersion = "24.11"; - nixpkgs.config.allowUnfreePredicate = - pkg: + nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "oneplus-sdm845-firmware-zstd" "oneplus-sdm845-firmware-xz" @@ -111,23 +106,21 @@ bind = $mod, r, exec, rotate-screen hor bind = $mod SHIFT, r, exec, rotate-screen ver ''; - home.packages = - let - rotateScript = pkgs.writeShellApplication { - name = "rotate-screen"; - runtimeInputs = [ pkgs.hyprland ]; - text = '' - if [[ "$1" == "hor" ]]; then - hyprctl keyword monitor DSI-1,1080x2340,0x0,2,transform,1 - hyprctl keyword input:touchdevice:transform 1 - elif [[ "$1" == "ver" ]]; then - hyprctl keyword monitor DSI-1,1080x2340,0x0,2,transform,0 - hyprctl keyword input:touchdevice:transform 0 - fi - ''; - }; - in - [ rotateScript ]; + home.packages = let + rotateScript = pkgs.writeShellApplication { + name = "rotate-screen"; + runtimeInputs = [pkgs.hyprland]; + text = '' + if [[ "$1" == "hor" ]]; then + hyprctl keyword monitor DSI-1,1080x2340,0x0,2,transform,1 + hyprctl keyword input:touchdevice:transform 1 + elif [[ "$1" == "ver" ]]; then + hyprctl keyword monitor DSI-1,1080x2340,0x0,2,transform,0 + hyprctl keyword input:touchdevice:transform 0 + fi + ''; + }; + in [rotateScript]; services.swayidle.enable = lib.mkForce false; } ]; @@ -145,13 +138,7 @@ zramSwap.enable = lib.mkDefault true; - boot.binfmt.emulatedSystems = lib.mkForce [ - "x86_64-linux" - "i686-linux" - "i386-linux" - "i486-linux" - "i586-linux" - ]; + boot.binfmt.emulatedSystems = lib.mkForce ["x86_64-linux" "i686-linux" "i386-linux" "i486-linux" "i586-linux"]; } ]; } diff --git a/hosts/deltaflyer/plasma-mobile.nix b/hosts/deltaflyer/plasma-mobile.nix index 35c6f86..7206c5e 100644 --- a/hosts/deltaflyer/plasma-mobile.nix +++ b/hosts/deltaflyer/plasma-mobile.nix @@ -2,10 +2,11 @@ # Minimum config used to enable Plasma Mobile. # { + config, lib, + pkgs, ... -}: -{ +}: { mobile.beautification = { silentBoot = lib.mkDefault false; splash = lib.mkDefault false; diff --git a/hosts/devbox/default.nix b/hosts/devbox/default.nix index 599bc62..a3b3793 100644 --- a/hosts/devbox/default.nix +++ b/hosts/devbox/default.nix @@ -4,8 +4,7 @@ lib, pkgs, ... -}: -{ +}: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") @@ -43,29 +42,17 @@ }; fonts = { - fonts = with pkgs; [ - powerline-fonts - dejavu_fonts - fira-code - fira-code-symbols - emacs-all-the-icons-fonts - nerdfonts - joypixels - etBook - ]; + fonts = with pkgs; [powerline-fonts dejavu_fonts fira-code fira-code-symbols emacs-all-the-icons-fonts nerdfonts joypixels etBook]; fontconfig.defaultFonts = { - monospace = [ "DejaVu Sans Mono for Powerline" ]; - sansSerif = [ "DejaVu Sans" ]; - serif = [ "DejaVu Serif" ]; + monospace = ["DejaVu Sans Mono for Powerline"]; + sansSerif = ["DejaVu Sans"]; + serif = ["DejaVu Serif"]; }; }; nixpkgs.config.joypixels.acceptLicense = true; - environment.systemPackages = with pkgs; [ - waypipe - firefox - ]; + environment.systemPackages = with pkgs; [waypipe firefox]; programs.mosh.enable = true; @@ -74,7 +61,7 @@ }; boot.loader.grub = { - devices = [ "/dev/sda" ]; + devices = ["/dev/sda"]; efiSupport = true; efiInstallAsRemovable = true; }; diff --git a/hosts/devbox/disko.nix b/hosts/devbox/disko.nix index 0a891ca..bdf06b4 100644 --- a/hosts/devbox/disko.nix +++ b/hosts/devbox/disko.nix @@ -1,10 +1,9 @@ # Example to create a bios compatible gpt partition { lib, - disks ? [ "/dev/sda" ], + disks ? ["/dev/sda"], ... -}: -{ +}: { disk = lib.genAttrs disks (dev: { device = dev; type = "disk"; @@ -18,7 +17,7 @@ start = "0"; end = "1M"; part-type = "primary"; - flags = [ "bios_grub" ]; + flags = ["bios_grub"]; } { type = "partition"; diff --git a/hosts/hs/default.nix b/hosts/hs/default.nix index 407d8f6..d1bbafb 100644 --- a/hosts/hs/default.nix +++ b/hosts/hs/default.nix @@ -4,8 +4,7 @@ lib, config, ... -}: -{ +}: { imports = [ ./hardware-configuration.nix @@ -22,7 +21,7 @@ "shell" "git" ]; - packages = [ ]; + packages = []; extraGroups = [ "wheel" "fuse" @@ -32,7 +31,7 @@ systemd.services.standby-sdb = { description = "Set spindown time (sleep) for /dev/sdb "; - wantedBy = [ "multi-user.target" ]; + wantedBy = ["multi-user.target"]; serviceConfig = { Type = "oneshot"; ExecStart = "${pkgs.hdparm}/bin/hdparm -B 127 -S 241 /dev/sdb"; @@ -41,7 +40,7 @@ systemd.services.standby-sdc = { description = "Set spindown time (sleep) for /dev/sdc "; - wantedBy = [ "multi-user.target" ]; + wantedBy = ["multi-user.target"]; serviceConfig = { Type = "oneshot"; ExecStart = "${pkgs.hdparm}/bin/hdparm -B 127 -S 241 /dev/sdc"; @@ -55,7 +54,7 @@ isSystemUser = true; group = "amule"; }; - users.groups."amule" = { }; + users.groups."amule" = {}; services = { samba-wsdd = { @@ -262,35 +261,33 @@ }; }; - systemd.services.ydns = - let - ydnsUpdater = pkgs.writeScriptBin "ydnsUpdater" '' - USER="andrea.ciceri@autistici.org" - PASSWORD=$(cat /home/ccr/.ydns-password) - DOMAIN="ccr.ydns.eu" - for SUBDOMAIN in "books" "music" "sync" "torrent" "gate" - do - HOST="$SUBDOMAIN.$DOMAIN" - ${pkgs.curl}/bin/curl --basic -u "$USER:$PASSWORD" --silent https://ydns.io/api/v1/update/?host=$HOST - done - ${pkgs.curl}/bin/curl --basic -u "$USER:$PASSWORD" --silent https://ydns.io/api/v1/update/?host=$DOMAIN - ''; - in - { - description = "YDNS IP updater"; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - serviceConfig = { - User = "root"; - Type = "oneshot"; - ExecStart = "${pkgs.bash}/bin/bash ${ydnsUpdater}/bin/ydnsUpdater"; - }; + systemd.services.ydns = let + ydnsUpdater = pkgs.writeScriptBin "ydnsUpdater" '' + USER="andrea.ciceri@autistici.org" + PASSWORD=$(cat /home/ccr/.ydns-password) + DOMAIN="ccr.ydns.eu" + for SUBDOMAIN in "books" "music" "sync" "torrent" "gate" + do + HOST="$SUBDOMAIN.$DOMAIN" + ${pkgs.curl}/bin/curl --basic -u "$USER:$PASSWORD" --silent https://ydns.io/api/v1/update/?host=$HOST + done + ${pkgs.curl}/bin/curl --basic -u "$USER:$PASSWORD" --silent https://ydns.io/api/v1/update/?host=$DOMAIN + ''; + in { + description = "YDNS IP updater"; + wantedBy = ["multi-user.target"]; + after = ["network.target"]; + serviceConfig = { + User = "root"; + Type = "oneshot"; + ExecStart = "${pkgs.bash}/bin/bash ${ydnsUpdater}/bin/ydnsUpdater"; }; + }; systemd.services.wstunnel = { description = "WSTunnel"; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; + wantedBy = ["multi-user.target"]; + after = ["network.target"]; serviceConfig = { User = "root"; Type = "oneshot"; @@ -300,8 +297,8 @@ # TODO It seems to not work systemd.timers.ydnsUpdater = { - wantedBy = [ "timers.target" ]; - partOf = [ "ydnsUpdater.service" ]; + wantedBy = ["timers.target"]; + partOf = ["ydnsUpdater.service"]; timerConfig = { OnCalendar = "*-*-* *:00:00"; # hourly Unit = "ydnsUpdater.service"; @@ -333,13 +330,13 @@ networking.nat.enable = true; networking.nat.externalInterface = "enp0s10"; - networking.nat.internalInterfaces = [ "wg0" ]; + networking.nat.internalInterfaces = ["wg0"]; networking.wireguard.interfaces = { # "wg0" is the network interface name. You can name the interface arbitrarily. wg0 = { # Determines the IP address and subnet of the server's end of the tunnel interface. - ips = [ "10.100.0.1/24" ]; + ips = ["10.100.0.1/24"]; # The port that WireGuard listens to. Must be accessible by the client. listenPort = 51820; @@ -369,7 +366,7 @@ # Public key of the peer (not a file path). publicKey = "fCwjd75CefC9A7WqO7s3xfOk2nRcoTKfnAzDT6Lc5AA="; # List of IPs assigned to this peer within the tunnel subnet. Used to configure routing. - allowedIPs = [ "10.100.0.2/32" ]; + allowedIPs = ["10.100.0.2/32"]; } ]; }; diff --git a/hosts/hs/hardware-configuration.nix b/hosts/hs/hardware-configuration.nix index 308318a..e573bf0 100644 --- a/hosts/hs/hardware-configuration.nix +++ b/hosts/hs/hardware-configuration.nix @@ -1,14 +1,6 @@ -{ lib, ... }: -{ +{lib, ...}: { boot = { - initrd.availableKernelModules = [ - "ohci_pci" - "ehci_pci" - "ahci" - "usb_storage" - "usbhid" - "sd_mod" - ]; + initrd.availableKernelModules = ["ohci_pci" "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod"]; loader.grub = lib.mkForce { enable = true; version = 2; @@ -31,5 +23,5 @@ }; }; - swapDevices = [ { device = "/dev/disk/by-label/swap"; } ]; + swapDevices = [{device = "/dev/disk/by-label/swap";}]; } diff --git a/hosts/janeway/default.nix b/hosts/janeway/default.nix index 150e4e0..ecaee5a 100644 --- a/hosts/janeway/default.nix +++ b/hosts/janeway/default.nix @@ -1,15 +1,14 @@ { config, + lib, pkgs, fleetFlake, ... -}: -let +}: let sshdTmpDirectory = "${config.user.home}/sshd-tmp"; sshdDirectory = "${config.user.home}/sshd"; port = 8022; -in -{ +in { # Backup etc files instead of failing to activate generation if a file already exists in /etc environment.etcBackupExtension = ".bak"; @@ -24,60 +23,54 @@ in # Set your time zone time.timeZone = "Europe/Rome"; - home-manager.config = - { ... }: - { - home.stateVersion = "24.05"; - _module.args = { - hostname = "janeway"; - age.secrets = { }; - }; - imports = [ ../../hmModules/shell ]; + home-manager.config = {pkgs, ...}: { + home.stateVersion = "24.05"; + _module.args = { + hostname = "janeway"; + age.secrets = {}; }; + imports = [../../hmModules/shell]; + }; - build.activation.sshd = - let - keys = (builtins.import ../../lib).keys; - inherit (keys) hosts users; - in - '' - $DRY_RUN_CMD mkdir $VERBOSE_ARG --parents "${config.user.home}/.ssh" - $DRY_RUN_CMD echo ${hosts.picard} > "${config.user.home}/.ssh/authorized_keys" - $DRY_RUN_CMD echo ${hosts.sisko} >> "${config.user.home}/.ssh/authorized_keys" - $DRY_RUN_CMD echo ${hosts.kirk} >> "${config.user.home}/.ssh/authorized_keys" - $DRY_RUN_CMD echo ${users.ccr-ssh} >> "${config.user.home}/.ssh/authorized_keys" - $DRY_RUN_CMD echo ${users.ccr-gpg} >> "${config.user.home}/.ssh/authorized_keys" + build.activation.sshd = let + keys = (builtins.import ../../lib).keys; + inherit (keys) hosts users; + in '' + $DRY_RUN_CMD mkdir $VERBOSE_ARG --parents "${config.user.home}/.ssh" + $DRY_RUN_CMD echo ${hosts.picard} > "${config.user.home}/.ssh/authorized_keys" + $DRY_RUN_CMD echo ${hosts.sisko} >> "${config.user.home}/.ssh/authorized_keys" + $DRY_RUN_CMD echo ${hosts.kirk} >> "${config.user.home}/.ssh/authorized_keys" + $DRY_RUN_CMD echo ${users.ccr-ssh} >> "${config.user.home}/.ssh/authorized_keys" + $DRY_RUN_CMD echo ${users.ccr-gpg} >> "${config.user.home}/.ssh/authorized_keys" - if [[ ! -d "${sshdDirectory}" ]]; then - $DRY_RUN_CMD rm $VERBOSE_ARG --recursive --force "${sshdTmpDirectory}" - $DRY_RUN_CMD mkdir $VERBOSE_ARG --parents "${sshdTmpDirectory}" + if [[ ! -d "${sshdDirectory}" ]]; then + $DRY_RUN_CMD rm $VERBOSE_ARG --recursive --force "${sshdTmpDirectory}" + $DRY_RUN_CMD mkdir $VERBOSE_ARG --parents "${sshdTmpDirectory}" - $VERBOSE_ECHO "Generating host keys..." - $DRY_RUN_CMD ${pkgs.openssh}/bin/ssh-keygen -t rsa -b 4096 -f "${sshdTmpDirectory}/ssh_host_rsa_key" -N "" + $VERBOSE_ECHO "Generating host keys..." + $DRY_RUN_CMD ${pkgs.openssh}/bin/ssh-keygen -t rsa -b 4096 -f "${sshdTmpDirectory}/ssh_host_rsa_key" -N "" - $VERBOSE_ECHO "Writing sshd_config..." - $DRY_RUN_CMD echo -e "HostKey ${sshdDirectory}/ssh_host_rsa_key\nPort ${toString port}\n" > "${sshdTmpDirectory}/sshd_config" + $VERBOSE_ECHO "Writing sshd_config..." + $DRY_RUN_CMD echo -e "HostKey ${sshdDirectory}/ssh_host_rsa_key\nPort ${toString port}\n" > "${sshdTmpDirectory}/sshd_config" - $DRY_RUN_CMD mv $VERBOSE_ARG "${sshdTmpDirectory}" "${sshdDirectory}" - fi - ''; + $DRY_RUN_CMD mv $VERBOSE_ARG "${sshdTmpDirectory}" "${sshdDirectory}" + fi + ''; - environment.packages = - let - inherit (fleetFlake.inputs.ccrEmacs.packages.aarch64-linux) ccrEmacs; - in - [ - pkgs.bottom - pkgs.helix - pkgs.stress - pkgs.openssh - pkgs.git - pkgs.btop - ccrEmacs - (pkgs.writeScriptBin "sshd-start" '' - #!${pkgs.runtimeShell} - echo "Starting sshd in non-daemonized way on port ${toString port}" - ${pkgs.openssh}/bin/sshd -f "${sshdDirectory}/sshd_config" -D - '') - ]; + environment.packages = let + inherit (fleetFlake.inputs.ccrEmacs.packages.aarch64-linux) ccrEmacs; + in [ + pkgs.bottom + pkgs.helix + pkgs.stress + pkgs.openssh + pkgs.git + pkgs.btop + ccrEmacs + (pkgs.writeScriptBin "sshd-start" '' + #!${pkgs.runtimeShell} + echo "Starting sshd in non-daemonized way on port ${toString port}" + ${pkgs.openssh}/bin/sshd -f "${sshdDirectory}/sshd_config" -D + '') + ]; } diff --git a/hosts/kirk/default.nix b/hosts/kirk/default.nix index e1fb82d..cc529d1 100644 --- a/hosts/kirk/default.nix +++ b/hosts/kirk/default.nix @@ -1,10 +1,10 @@ { fleetModules, lib, + pkgs, config, ... -}: -{ +}: { imports = fleetModules [ "common" @@ -47,6 +47,7 @@ "helix" "shell" "element" + "emacs" "firefox" "gpg" "mpv" @@ -67,11 +68,11 @@ "zulip" "calibre" ]; - extraGroups = [ ]; - backupPaths = [ ]; + extraGroups = []; + backupPaths = []; }; - boot.initrd.kernelModules = [ "i915" ]; + boot.initrd.kernelModules = ["i915"]; boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" diff --git a/hosts/module.nix b/hosts/module.nix index 03cc8d6..cfc1bdd 100644 --- a/hosts/module.nix +++ b/hosts/module.nix @@ -8,208 +8,107 @@ config, inputs, ... -}: -let +} @ flakePartsArgs: let cfg = config.fleet; -in -{ +in { options.fleet = { darwinHosts = lib.mkOption { - type = lib.types.attrsOf ( - lib.types.submodule ( - { name, ... }: - { - options = { - name = lib.mkOption { - description = "Host name"; - type = lib.types.strMatching "^$|^[[:alnum:]]([[:alnum:]_-]{0,61}[[:alnum:]])?$"; - default = name; - }; - system = lib.mkOption { - description = "NixOS architecture (a.k.a. system)"; - type = lib.types.str; - default = "x86_64-darwin"; - }; - nixpkgs = lib.mkOption { - description = "Used nixpkgs"; - type = lib.types.anything; - default = inputs.nixpkgs; - }; - extraModules = lib.mkOption { - description = "Extra NixOS modules"; - type = lib.types.listOf lib.types.deferredModule; - default = [ ]; - }; - overlays = lib.mkOption { - description = "Enabled Nixpkgs overlays"; - type = lib.types.listOf ( - lib.mkOptionType { - name = "nixpkgs-overlay"; - description = "nixpkgs overlay"; - check = lib.isFunction; - merge = lib.mergeOneOption; - } - ); - default = [ ]; - }; - }; - } - ) - ); + type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { + options = { + name = lib.mkOption { + description = "Host name"; + type = lib.types.strMatching "^$|^[[:alnum:]]([[:alnum:]_-]{0,61}[[:alnum:]])?$"; + default = name; + }; + system = lib.mkOption { + description = "NixOS architecture (a.k.a. system)"; + type = lib.types.str; + default = "x86_64-darwin"; + }; + nixpkgs = lib.mkOption { + description = "Used nixpkgs"; + type = lib.types.anything; + default = inputs.nixpkgs; + }; + extraModules = lib.mkOption { + description = "Extra NixOS modules"; + type = lib.types.listOf lib.types.deferredModule; + default = []; + }; + overlays = lib.mkOption { + description = "Enabled Nixpkgs overlays"; + type = lib.types.listOf (lib.mkOptionType { + name = "nixpkgs-overlay"; + description = "nixpkgs overlay"; + check = lib.isFunction; + merge = lib.mergeOneOption; + }); + default = []; + }; + }; + })); }; nixOnDroidHosts = lib.mkOption { - type = lib.types.attrsOf ( - lib.types.submodule ( - { name, ... }: - { - options = { - name = lib.mkOption { - description = "Host name"; - type = lib.types.strMatching "^$|^[[:alnum:]]([[:alnum:]_-]{0,61}[[:alnum:]])?$"; - default = name; - }; - system = lib.mkOption { - description = "NixOS architecture (a.k.a. system)"; - type = lib.types.str; - default = "aarch64-linux"; - }; - nixpkgs = lib.mkOption { - description = "Used nixpkgs"; - type = lib.types.anything; - default = inputs.nixpkgs; - }; - extraModules = lib.mkOption { - description = "Extra NixOS modules"; - type = lib.types.listOf lib.types.deferredModule; - default = [ ]; - }; - overlays = lib.mkOption { - description = "Enabled Nixpkgs overlays"; - type = lib.types.listOf ( - lib.mkOptionType { - name = "nixpkgs-overlay"; - description = "nixpkgs overlay"; - check = lib.isFunction; - merge = lib.mergeOneOption; - } - ); - default = [ ]; - }; - }; - } - ) - ); + type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { + options = { + name = lib.mkOption { + description = "Host name"; + type = lib.types.strMatching "^$|^[[:alnum:]]([[:alnum:]_-]{0,61}[[:alnum:]])?$"; + default = name; + }; + system = lib.mkOption { + description = "NixOS architecture (a.k.a. system)"; + type = lib.types.str; + default = "aarch64-linux"; + }; + nixpkgs = lib.mkOption { + description = "Used nixpkgs"; + type = lib.types.anything; + default = inputs.nixpkgs; + }; + extraModules = lib.mkOption { + description = "Extra NixOS modules"; + type = lib.types.listOf lib.types.deferredModule; + default = []; + }; + overlays = lib.mkOption { + description = "Enabled Nixpkgs overlays"; + type = lib.types.listOf (lib.mkOptionType { + name = "nixpkgs-overlay"; + description = "nixpkgs overlay"; + check = lib.isFunction; + merge = lib.mergeOneOption; + }); + default = []; + }; + }; + })); }; hosts = lib.mkOption { description = "Host configuration"; - type = lib.types.attrsOf ( - lib.types.submodule ( - { name, ... }: - { - options = { - name = lib.mkOption { - description = "Host name"; - type = lib.types.strMatching "^$|^[[:alnum:]]([[:alnum:]_-]{0,61}[[:alnum:]])?$"; - default = name; - }; - system = lib.mkOption { - description = "NixOS architecture (a.k.a. system)"; - type = lib.types.str; - default = "x86_64-linux"; - }; - nixpkgs = lib.mkOption { - description = "Used nixpkgs"; - type = lib.types.anything; - default = inputs.nixpkgs; - }; - homeManager = lib.mkOption { - description = "Used home-manager"; - type = lib.types.anything; - default = inputs.homeManager; - }; - vpn = { - ip = lib.mkOption { - description = "Wireguard VPN ip"; - type = lib.types.str; - }; - publicKey = lib.mkOption { - description = "Wireguard public key"; - type = lib.types.str; - }; - }; - secrets = lib.mkOption { - description = "List of secrets names in the `secrets` folder"; - type = lib.types.attrsOf ( - lib.types.submodule ( - { name, ... }: - { - options = { - owner = lib.mkOption { - type = lib.types.str; - default = "root"; - }; - group = lib.mkOption { - type = lib.types.str; - default = "root"; - }; - file = lib.mkOption { - type = lib.types.path; - default = "${self.outPath}/secrets/${name}.age"; - }; - mode = lib.mkOption { - # TODO improve type - type = lib.types.str; - default = "0440"; - }; - }; - } - ) - ); - default = { }; - }; - enableHomeManager = lib.mkOption { - description = "Enable home-manager module"; - type = lib.types.bool; - default = true; - }; - overlays = lib.mkOption { - description = "Enabled Nixpkgs overlays"; - type = lib.types.listOf ( - lib.mkOptionType { - name = "nixpkgs-overlay"; - description = "nixpkgs overlay"; - check = lib.isFunction; - merge = lib.mergeOneOption; - } - ); - default = [ ]; - }; - extraModules = lib.mkOption { - description = "Extra NixOS modules"; - type = lib.types.listOf lib.types.deferredModule; - default = [ ]; - }; - extraHmModules = lib.mkOption { - description = "Extra home-manager modules"; - type = lib.types.listOf lib.types.deferredModule; - default = [ ]; - }; - extraHmModulesUser = lib.mkOption { - description = "User for which to import extraHmModulesUser"; - type = lib.types.str; - default = "ccr"; - }; - }; - config.overlays = with inputs; cfg.overlays; - } - ) - ); - default = { }; - }; - vpnExtra = lib.mkOption { - type = lib.types.attrsOf ( - lib.types.submodule { - options = { + type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { + options = { + name = lib.mkOption { + description = "Host name"; + type = lib.types.strMatching "^$|^[[:alnum:]]([[:alnum:]_-]{0,61}[[:alnum:]])?$"; + default = name; + }; + system = lib.mkOption { + description = "NixOS architecture (a.k.a. system)"; + type = lib.types.str; + default = "x86_64-linux"; + }; + nixpkgs = lib.mkOption { + description = "Used nixpkgs"; + type = lib.types.anything; + default = inputs.nixpkgs; + }; + homeManager = lib.mkOption { + description = "Used home-manager"; + type = lib.types.anything; + default = inputs.homeManager; + }; + vpn = { ip = lib.mkOption { description = "Wireguard VPN ip"; type = lib.types.str; @@ -219,81 +118,138 @@ in type = lib.types.str; }; }; - } - ); - default = { }; + secrets = lib.mkOption { + description = "List of secrets names in the `secrets` folder"; + type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { + options = { + owner = lib.mkOption { + type = lib.types.str; + default = "root"; + }; + group = lib.mkOption { + type = lib.types.str; + default = "root"; + }; + file = lib.mkOption { + type = lib.types.path; + default = "${self.outPath}/secrets/${name}.age"; + }; + mode = lib.mkOption { + # TODO improve type + type = lib.types.str; + default = "0440"; + }; + }; + })); + default = {}; + }; + enableHomeManager = lib.mkOption { + description = "Enable home-manager module"; + type = lib.types.bool; + default = true; + }; + overlays = lib.mkOption { + description = "Enabled Nixpkgs overlays"; + type = lib.types.listOf (lib.mkOptionType { + name = "nixpkgs-overlay"; + description = "nixpkgs overlay"; + check = lib.isFunction; + merge = lib.mergeOneOption; + }); + default = []; + }; + extraModules = lib.mkOption { + description = "Extra NixOS modules"; + type = lib.types.listOf lib.types.deferredModule; + default = []; + }; + extraHmModules = lib.mkOption { + description = "Extra home-manager modules"; + type = lib.types.listOf lib.types.deferredModule; + default = []; + }; + extraHmModulesUser = lib.mkOption { + description = "User for which to import extraHmModulesUser"; + type = lib.types.str; + default = "ccr"; + }; + }; + config.overlays = with inputs; cfg.overlays; + })); + default = {}; + }; + vpnExtra = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule { + options = { + ip = lib.mkOption { + description = "Wireguard VPN ip"; + type = lib.types.str; + }; + publicKey = lib.mkOption { + description = "Wireguard public key"; + type = lib.types.str; + }; + }; + }); + default = {}; }; _mkNixosConfiguration = lib.mkOption { description = "Function returning a proper NixOS configuration"; type = lib.types.functionTo (lib.types.functionTo lib.types.attrs); # TODO improve this type internal = true; - default = - hostname: config: + default = hostname: config: config.nixpkgs.lib.nixosSystem { inherit (config) system; modules = [ - ( - { lib, ... }: - { - networking.hostName = lib.mkForce hostname; - nixpkgs.overlays = config.overlays; - } - ) + ({lib, ...}: { + networking.hostName = lib.mkForce hostname; + nixpkgs.overlays = config.overlays; + }) "${self.outPath}/hosts/${hostname}" ] - ++ (lib.optionals (config.secrets != [ ]) [ + ++ (lib.optionals (config.secrets != []) [ inputs.agenix.nixosModules.default - ( - { lib, ... }: - let - allSecrets = lib.mapAttrs' (name: value: { - name = lib.removeSuffix ".age" name; - inherit value; - }) (import "${self.outPath}/secrets/secrets.nix"); - filteredSecrets = lib.filterAttrs (name: _: builtins.hasAttr name config.secrets) allSecrets; - in - { - age.secrets = lib.mapAttrs' (name: _: { + ({lib, ...}: let + allSecrets = lib.mapAttrs' (name: value: { + name = lib.removeSuffix ".age" name; + inherit value; + }) (import "${self.outPath}/secrets/secrets.nix"); + filteredSecrets = + lib.filterAttrs + (name: _: builtins.hasAttr name config.secrets) + allSecrets; + in { + age.secrets = + lib.mapAttrs' (name: _: { name = builtins.baseNameOf name; value = { - inherit (config.secrets.${name}) - owner - group - file - mode - ; + inherit (config.secrets.${name}) owner group file mode; }; - }) filteredSecrets; - } - ) + }) + filteredSecrets; + }) ]) - ++ (lib.optionals config.enableHomeManager ( - let - user = config.extraHmModulesUser; - extraHmModules = config.extraHmModules; - in - [ - config.homeManager.nixosModule - ( - { - config, - pkgs, - ... - }: - { - home-manager.users."${user}" = { - imports = extraHmModules; - _module.args = { - age = config.age or { }; - fleetFlake = self; - pkgsStable = inputs.nixpkgsStable.legacyPackages.${pkgs.system}; - }; - }; - } - ) - ] - )) + ++ (lib.optionals config.enableHomeManager (let + user = config.extraHmModulesUser; + extraHmModules = config.extraHmModules; + in [ + config.homeManager.nixosModule + ({ + config, + pkgs, + ... + }: { + home-manager.users."${user}" = { + imports = extraHmModules; + _module.args = { + age = config.age or {}; + fleetFlake = self; + pkgsStable = inputs.nixpkgsStable.legacyPackages.${pkgs.system}; + }; + }; + }) + ])) ++ config.extraModules; specialArgs = { fleetModules = builtins.map (moduleName: "${self.outPath}/modules/${moduleName}"); @@ -307,21 +263,18 @@ in description = "Function returning a proper Darwin configuration"; type = lib.types.functionTo (lib.types.functionTo lib.types.attrs); # TODO improve this type internal = true; - default = - hostname: config: + default = hostname: config: inputs.nixDarwin.lib.darwinSystem { modules = [ - ( - { - lib, - ... - }: - { - networking.hostName = lib.mkForce hostname; - nixpkgs.overlays = config.overlays; - nixpkgs.hostPlatform = config.system; - } - ) + ({ + lib, + pkgs, + ... + }: { + networking.hostName = lib.mkForce hostname; + nixpkgs.overlays = config.overlays; + nixpkgs.hostPlatform = config.system; + }) "${self.outPath}/hosts/${hostname}" ]; }; @@ -331,20 +284,18 @@ in description = "Function returning a proper nix-on-droid configuration"; type = lib.types.functionTo (lib.types.functionTo lib.types.attrs); # TODO improve this type internal = true; - default = - hostname: config: + default = hostname: config: inputs.nix-on-droid.lib.nixOnDroidConfiguration { pkgs = inputs.nixpkgs.legacyPackages.aarch64-linux; modules = [ - ( - { - ... - }: - { - nixpkgs.overlays = config.overlays; - _module.args.fleetFlake = self; - } - ) + ({ + lib, + pkgs, + ... + }: { + nixpkgs.overlays = config.overlays; + _module.args.fleetFlake = self; + }) "${self.outPath}/hosts/${hostname}" ]; }; @@ -352,10 +303,19 @@ in }; config = { - flake.nixosConfigurations = lib.mapAttrs config.fleet._mkNixosConfiguration config.fleet.hosts; + flake.nixosConfigurations = + lib.mapAttrs + config.fleet._mkNixosConfiguration + config.fleet.hosts; - flake.darwinConfigurations = lib.mapAttrs config.fleet._mkDarwinConfiguration config.fleet.darwinHosts; + flake.darwinConfigurations = + lib.mapAttrs + config.fleet._mkDarwinConfiguration + config.fleet.darwinHosts; - flake.nixOnDroidConfigurations = lib.mapAttrs config.fleet._mkNixOnDroidConfiguration config.fleet.nixOnDroidHosts; + flake.nixOnDroidConfigurations = + lib.mapAttrs + config.fleet._mkNixOnDroidConfiguration + config.fleet.nixOnDroidHosts; }; } diff --git a/hosts/mothership/default.nix b/hosts/mothership/default.nix index dc0f9ba..5b0562f 100644 --- a/hosts/mothership/default.nix +++ b/hosts/mothership/default.nix @@ -5,8 +5,7 @@ pkgs, config, ... -}: -{ +}: { imports = fleetModules [ "common" "wireguard-server" @@ -58,20 +57,11 @@ }; fonts = { - fonts = with pkgs; [ - powerline-fonts - dejavu_fonts - fira-code - fira-code-symbols - emacs-all-the-icons-fonts - nerdfonts - joypixels - etBook - ]; + fonts = with pkgs; [powerline-fonts dejavu_fonts fira-code fira-code-symbols emacs-all-the-icons-fonts nerdfonts joypixels etBook]; fontconfig.defaultFonts = { - monospace = [ "DejaVu Sans Mono for Powerline" ]; - sansSerif = [ "DejaVu Sans" ]; - serif = [ "DejaVu Serif" ]; + monospace = ["DejaVu Sans Mono for Powerline"]; + sansSerif = ["DejaVu Sans"]; + serif = ["DejaVu Serif"]; }; }; @@ -79,21 +69,16 @@ nixpkgs.config.joypixels.acceptLicense = true; - environment.systemPackages = with pkgs; [ waypipe ]; + environment.systemPackages = with pkgs; [waypipe]; programs.dconf.enable = true; programs.mosh.enable = true; - boot.initrd.availableKernelModules = [ - "xhci_pci" - "ahci" - "nvme" - "usbhid" - ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; boot.loader.efi.canTouchEfiVariables = true; boot.loader.systemd-boot = { diff --git a/hosts/mothership/disko.nix b/hosts/mothership/disko.nix index 2078a8f..0c71d4a 100644 --- a/hosts/mothership/disko.nix +++ b/hosts/mothership/disko.nix @@ -1,11 +1,8 @@ { - disks ? [ - "/dev/nvme0n1" - "/dev/nvme1n1" - ], + lib, + disks ? ["/dev/nvme0n1" "/dev/nvme1n1"], ... -}: -{ +}: { disk = { x = { type = "disk"; diff --git a/hosts/oneplus5t/default.nix b/hosts/oneplus5t/default.nix index 2d4a904..990d6c9 100644 --- a/hosts/oneplus5t/default.nix +++ b/hosts/oneplus5t/default.nix @@ -1,7 +1,9 @@ { + config, + lib, + pkgs, ... -}: -{ +}: { signing.enable = true; # apps.prebuilt = { diff --git a/hosts/pbp/default.nix b/hosts/pbp/default.nix index 337bc66..71b4595 100644 --- a/hosts/pbp/default.nix +++ b/hosts/pbp/default.nix @@ -3,8 +3,7 @@ pkgs, lib, ... -}: -{ +}: { imports = [ ./hardware-configuration.nix diff --git a/hosts/pbp/hardware-configuration.nix b/hosts/pbp/hardware-configuration.nix index ff8baac..e038154 100644 --- a/hosts/pbp/hardware-configuration.nix +++ b/hosts/pbp/hardware-configuration.nix @@ -3,12 +3,11 @@ lib, pkgs, ... -}: -{ - disko.devices = import ./disko.nix { }; +}: { + disko.devices = import ./disko.nix {}; boot = { - initrd.availableKernelModules = [ "usbhid" ]; + initrd.availableKernelModules = ["usbhid"]; extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ]; diff --git a/hosts/picard/default.nix b/hosts/picard/default.nix index e5c0374..01dfa6f 100644 --- a/hosts/picard/default.nix +++ b/hosts/picard/default.nix @@ -4,8 +4,7 @@ config, pkgs, ... -}: -{ +}: { imports = fleetModules [ "common" @@ -86,12 +85,12 @@ "reinstall-magisk-on-lineage" "vscode-server" ]; - extraGroups = [ ]; - backupPaths = [ ]; + extraGroups = []; + backupPaths = []; }; - boot.kernelParams = [ "ip=dhcp" ]; - boot.initrd.kernelModules = [ "amdgpu" ]; + boot.kernelParams = ["ip=dhcp"]; + boot.initrd.kernelModules = ["amdgpu"]; boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" @@ -109,7 +108,7 @@ # https://github.com/NixOS/nixpkgs/issues/328909 boot.extraModulePackages = [ (config.boot.kernelPackages.ddcci-driver.overrideAttrs (old: { - patches = [ ]; + patches = []; src = pkgs.fetchFromGitLab { owner = "${old.pname}-linux"; repo = "${old.pname}-linux"; @@ -155,6 +154,6 @@ # TODO move away from here (how can the interface name be retrieved programmatically?) networking.interfaces.enp11s0.wakeOnLan = { enable = true; - policy = [ "magic" ]; + policy = ["magic"]; }; } diff --git a/hosts/sisko/default.nix b/hosts/sisko/default.nix index 79ef8fe..b685f19 100644 --- a/hosts/sisko/default.nix +++ b/hosts/sisko/default.nix @@ -1,10 +1,10 @@ { fleetModules, pkgs, + fleetFlake, config, ... -}: -{ +}: { imports = fleetModules [ "common" @@ -71,22 +71,17 @@ nixpkgs.hostPlatform = "aarch64-linux"; - swapDevices = [ ]; + swapDevices = []; boot.loader = { systemd-boot.enable = true; efi.canTouchEfiVariables = false; }; - hardware.deviceTree.enable = true; - hardware.deviceTree.name = "rockchip/rk3588-rock-5b.dtb"; - boot.loader.systemd-boot.installDeviceTree = true; - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" - "usb_storage" ]; boot.kernelParams = [ @@ -128,7 +123,7 @@ fileSystems."/mnt/hd" = { device = "/dev/disk/by-id/ata-WDC_WD5000AAKX-08U6AA0_WD-WCC2E5TR40FU-part1"; fsType = "ext4"; - options = [ "nofail" ]; + options = ["nofail"]; }; environment.systemPackages = with pkgs; [ diff --git a/hosts/sisko/disko.nix b/hosts/sisko/disko.nix index 909a33b..b1fda80 100644 --- a/hosts/sisko/disko.nix +++ b/hosts/sisko/disko.nix @@ -1,18 +1,15 @@ let + emmc = "/dev/disk/by-id/mmc-SLD64G_0xf6be3ba0"; ssd = "/dev/disk/by-id/ata-CT240BX300SSD1_1739E1042F3C"; -in -# hd1 = "/dev/disk/by-id/ata-WDC_WD10EADS-22M2B0_WD-WCAV52709550"; -# hd2 = "/dev/disk/by-id/ata-WDC_WD10EADX-22TDHB0_WD-WCAV5V359530"; -# old_hd = "/dev/disk/by-id/ata-WDC_WD5000AAKX-08U6AA0_WD-WCC2E5TR40FU"; -{ + # hd1 = "/dev/disk/by-id/ata-WDC_WD10EADS-22M2B0_WD-WCAV52709550"; + # hd2 = "/dev/disk/by-id/ata-WDC_WD10EADX-22TDHB0_WD-WCAV5V359530"; + hd = "/dev/disk/by-id/ata-WDC_WD10EADS-22M2B0_WD-WCAV52709550-part1"; + # old_hd = "/dev/disk/by-id/ata-WDC_WD5000AAKX-08U6AA0_WD-WCC2E5TR40FU"; +in { disko.devices = { nodev."/" = { fsType = "tmpfs"; - mountOptions = [ - "size=1024M" - "defaults" - "mode=755" - ]; + mountOptions = ["size=1024M" "defaults" "mode=755"]; }; disk = { ssd = { diff --git a/hosts/test/default.nix b/hosts/test/default.nix index a99e079..34c1daf 100644 --- a/hosts/test/default.nix +++ b/hosts/test/default.nix @@ -1,8 +1,10 @@ { fleetModules, + lib, + config, + pkgs, ... -}: -{ +}: { imports = fleetModules [ "common" diff --git a/hosts/thinkpad/default.nix b/hosts/thinkpad/default.nix index 40a5c56..2285cb2 100644 --- a/hosts/thinkpad/default.nix +++ b/hosts/thinkpad/default.nix @@ -1,10 +1,10 @@ { config, + lib, pkgs, fleetModules, ... -}: -{ +}: { imports = [ ./zfs.nix @@ -97,15 +97,10 @@ ]; }; - boot.initrd.availableKernelModules = [ - "xhci_pci" - "nvme" - "usb_storage" - "sd_mod" - ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ]; + boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = with config.boot.kernelPackages; [v4l2loopback]; # boot.kernelPackages = pkgs.linuxPackages_zen; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking @@ -131,8 +126,8 @@ useXkbConfig = true; # use xkbOptions in tty. }; - services.joycond.enable = true; # FIXME not here - services.udev.packages = [ pkgs.joycond ]; + services.joycond.enable = true; #FIXME not here + services.udev.packages = [pkgs.joycond]; # Enable the X11 windowing system. # services.xserver.enable = true; @@ -188,7 +183,7 @@ # services.openssh.enable = true; # Open ports in the firewall. - networking.firewall.allowedTCPPorts = [ 8000 ]; + networking.firewall.allowedTCPPorts = [8000]; # networking.firewall.allowedUDPPorts = [ 5000 ]; # Or disable the firewall altogether. # networking.firewall.enable = false; @@ -219,7 +214,7 @@ ]; }; - users.groups.input.members = [ "ccr" ]; + users.groups.input.members = ["ccr"]; services.udev.extraRules = '' Sunshine KERNEL=="uinput", GROUP="input", MODE="0660", OPTIONS+="static_node=uinput" diff --git a/hosts/thinkpad/hardware-configuration.nix b/hosts/thinkpad/hardware-configuration.nix index df9aa53..0f97b7d 100644 --- a/hosts/thinkpad/hardware-configuration.nix +++ b/hosts/thinkpad/hardware-configuration.nix @@ -4,67 +4,47 @@ { config, lib, + pkgs, modulesPath, ... -}: -{ +}: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ - "xhci_pci" - "nvme" - "usb_storage" - "sd_mod" - ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "uinput" ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["uinput"]; + boot.extraModulePackages = []; fileSystems."/" = { device = "rpool/nixos/root"; fsType = "zfs"; - options = [ - "zfsutil" - "X-mount.mkdir" - ]; + options = ["zfsutil" "X-mount.mkdir"]; }; fileSystems."/home" = { device = "rpool/nixos/home"; fsType = "zfs"; - options = [ - "zfsutil" - "X-mount.mkdir" - ]; + options = ["zfsutil" "X-mount.mkdir"]; }; fileSystems."/var/lib" = { device = "rpool/nixos/var/lib"; fsType = "zfs"; - options = [ - "zfsutil" - "X-mount.mkdir" - ]; + options = ["zfsutil" "X-mount.mkdir"]; }; fileSystems."/var/log" = { device = "rpool/nixos/var/log"; fsType = "zfs"; - options = [ - "zfsutil" - "X-mount.mkdir" - ]; + options = ["zfsutil" "X-mount.mkdir"]; }; fileSystems."/boot" = { device = "bpool/nixos/root"; fsType = "zfs"; - options = [ - "zfsutil" - "X-mount.mkdir" - ]; + options = ["zfsutil" "X-mount.mkdir"]; }; fileSystems."/boot/efis/nvme-INTEL_SSDPEKKF010T8L_PHHP938405741P0D-part1" = { @@ -84,7 +64,7 @@ # }; swapDevices = [ - { device = "/dev/disk/by-label/swap"; } + {device = "/dev/disk/by-label/swap";} ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking diff --git a/hosts/thinkpad/zfs.nix b/hosts/thinkpad/zfs.nix index e248e47..dd64da1 100644 --- a/hosts/thinkpad/zfs.nix +++ b/hosts/thinkpad/zfs.nix @@ -1,10 +1,10 @@ { + config, pkgs, lib, ... -}: -{ - boot.supportedFilesystems = [ "zfs" ]; +}: { + boot.supportedFilesystems = ["zfs"]; networking.hostId = "adf0b5e7"; boot.loader.efi.efiSysMountPoint = "/boot/efi"; boot.loader.efi.canTouchEfiVariables = false; @@ -23,7 +23,7 @@ mount /boot/efi ''; boot.loader.grub.extraInstallCommands = '' - export PATH=$PATH:${lib.makeBinPath [ pkgs.coreutils ]} + export PATH=$PATH:${lib.makeBinPath [pkgs.coreutils]} ESP_MIRROR=$(mktemp -d) cp -r /boot/efi/EFI $ESP_MIRROR for i in /boot/efis/*; do diff --git a/modules/adb/default.nix b/modules/adb/default.nix index 928fbe4..4ca3870 100644 --- a/modules/adb/default.nix +++ b/modules/adb/default.nix @@ -1,4 +1,4 @@ { programs.adb.enable = true; - ccr.extraGroups = [ "adbusers" ]; + ccr.extraGroups = ["adbusers"]; } diff --git a/modules/adguard-home/default.nix b/modules/adguard-home/default.nix index 988b8ca..5836d1e 100644 --- a/modules/adguard-home/default.nix +++ b/modules/adguard-home/default.nix @@ -6,9 +6,6 @@ openFirewall = true; }; }; - networking.firewall.allowedTCPPorts = [ - 3000 - 53 - ]; - networking.firewall.allowedUDPPorts = [ 53 ]; + networking.firewall.allowedTCPPorts = [3000 53]; + networking.firewall.allowedUDPPorts = [53]; } diff --git a/modules/atuin/default.nix b/modules/atuin/default.nix index d9e04f9..ebbefef 100644 --- a/modules/atuin/default.nix +++ b/modules/atuin/default.nix @@ -1,5 +1,4 @@ -{ config, ... }: -{ +{config, ...}: { services.atuin = { enable = true; openFirewall = false; # use only in the VPN diff --git a/modules/audio/default.nix b/modules/audio/default.nix index 96e68ee..8e5c841 100644 --- a/modules/audio/default.nix +++ b/modules/audio/default.nix @@ -1,5 +1,4 @@ -{ pkgs, ... }: -{ +{pkgs, ...}: { sound.enable = true; hardware.pulseaudio = { @@ -7,5 +6,5 @@ package = pkgs.pulseaudioFull; }; - users.extraUsers.ccr.extraGroups = [ "audio" ]; + users.extraUsers.ccr.extraGroups = ["audio"]; } diff --git a/modules/auto-upgrade/default.nix b/modules/auto-upgrade/default.nix index a9d6213..72cd5c9 100644 --- a/modules/auto-upgrade/default.nix +++ b/modules/auto-upgrade/default.nix @@ -1,8 +1,9 @@ { config, + options, + lib, ... -}: -{ +}: { system.autoUpgrade = { enable = false; flake = "github:aciceri/nixfleet#${config.networking.hostName}"; diff --git a/modules/battery/default.nix b/modules/battery/default.nix index 96c5bf3..2f56d8b 100644 --- a/modules/battery/default.nix +++ b/modules/battery/default.nix @@ -1,11 +1,10 @@ -{ config, ... }: -{ +{config, ...}: { services.tlp.enable = true; services.upower.enable = true; nixpkgs.overlays = [ - (_self: super: { + (self: super: { tlp = super.tlp.override { enableRDW = config.networkmanager.enable; }; diff --git a/modules/binfmt/default.nix b/modules/binfmt/default.nix index bd582f7..b1f04cf 100644 --- a/modules/binfmt/default.nix +++ b/modules/binfmt/default.nix @@ -1,9 +1,5 @@ { - boot.binfmt.emulatedSystems = [ - "i686-linux" - "aarch64-linux" - "riscv64-linux" - ]; + boot.binfmt.emulatedSystems = ["i686-linux" "aarch64-linux" "riscv64-linux"]; nix.extraOptions = '' extra-platforms = aarch64-linux arm-linux i686-linux riscv64-linux ''; diff --git a/modules/bluetooth/default.nix b/modules/bluetooth/default.nix index 9d5ee45..49fbc36 100644 --- a/modules/bluetooth/default.nix +++ b/modules/bluetooth/default.nix @@ -2,8 +2,7 @@ pkgs, config, ... -}: -{ +}: { services.blueman.enable = true; hardware.pulseaudio.enable = true; hardware.bluetooth = { @@ -20,6 +19,6 @@ }; }; }; - services.dbus.packages = with pkgs; [ blueman ]; - ccr.extraGroups = [ "bluetooth" ]; + services.dbus.packages = with pkgs; [blueman]; + ccr.extraGroups = ["bluetooth"]; } diff --git a/modules/bubbleupnp/default.nix b/modules/bubbleupnp/default.nix index 7858899..64c304f 100644 --- a/modules/bubbleupnp/default.nix +++ b/modules/bubbleupnp/default.nix @@ -2,13 +2,10 @@ virtualisation.oci-containers.containers = { bubbleupnpserver = { image = "bubblesoftapps/bubbleupnpserver"; - ports = [ "58050:58050" ]; - extraOptions = [ - "--network=host" - "-device /dev/dri:/dev/dri" - ]; + ports = ["58050:58050"]; + extraOptions = ["--network=host" "-device /dev/dri:/dev/dri"]; }; }; - networking.firewall.allowedTCPPorts = [ 58050 ]; + networking.firewall.allowedTCPPorts = [58050]; } diff --git a/modules/ccr/default.nix b/modules/ccr/default.nix index 3ffa60d..13494c5 100644 --- a/modules/ccr/default.nix +++ b/modules/ccr/default.nix @@ -7,12 +7,10 @@ vpn, options, ... -}: -let +}: let cfg = config.ccr; inherit (lib) types; -in -{ +in { options.ccr = { enable = lib.mkEnableOption "ccr"; @@ -33,12 +31,12 @@ in modules = lib.mkOption { type = types.listOf types.str; - default = [ ]; + default = []; }; packages = lib.mkOption { type = types.listOf types.package; - default = [ ]; + default = []; }; autologin = lib.mkOption { @@ -58,74 +56,63 @@ in extraGroups = lib.mkOption { type = types.listOf types.str; - default = { }; + default = {}; }; extraModules = lib.mkOption { type = types.listOf types.deferredModule; - default = [ ]; + default = []; }; backupPaths = lib.mkOption { type = types.listOf types.str; - default = [ ]; + default = []; }; }; - config = lib.mkIf cfg.enable ( - lib.mkMerge [ - (lib.optionalAttrs (builtins.hasAttr "backup" options) { - backup.paths = cfg.backupPaths; - }) - { - # FIXME shouldn't set these groups by default - ccr.extraGroups = [ - "wheel" - "fuse" - "video" - "dialout" - "systemd-journal" - "camera" - ]; - ccr.modules = [ - "shell" - "git" - "nix-index" - "btop" - ]; + config = lib.mkIf cfg.enable (lib.mkMerge [ + (lib.optionalAttrs (builtins.hasAttr "backup" options) { + backup.paths = cfg.backupPaths; + }) + { + # FIXME shouldn't set these groups by default + ccr.extraGroups = ["wheel" "fuse" "video" "dialout" "systemd-journal" "camera"]; + ccr.modules = ["shell" "git" "nix-index" "btop"]; - users.users.${cfg.username} = { - inherit (config.ccr) hashedPassword extraGroups description; - uid = 1000; - isNormalUser = true; - shell = cfg.shell; - openssh.authorizedKeys.keys = config.ccr.authorizedKeys; - }; + users.users.${cfg.username} = { + inherit (config.ccr) hashedPassword extraGroups description; + uid = 1000; + isNormalUser = true; + shell = cfg.shell; + openssh.authorizedKeys.keys = config.ccr.authorizedKeys; + }; - programs.fish.enable = true; + programs.fish.enable = true; - services.getty.autologinUser = if config.ccr.autologin then cfg.username else null; + services.getty.autologinUser = + if config.ccr.autologin + then cfg.username + else null; - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.users.${cfg.username} = { - imports = - fleetHmModules cfg.modules - ++ [ - { - _module.args = { - inherit (config.age) secrets; - inherit (cfg) username; - inherit vpn; - hostname = config.networking.hostName; - }; - } - ] - ++ cfg.extraModules; - home.packages = cfg.packages; - home.stateVersion = config.system.stateVersion; - }; - } - ] - ); + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.${cfg.username} = { + imports = + fleetHmModules cfg.modules + ++ [ + { + _module.args = { + inherit (config.age) secrets; + inherit (cfg) username; + inherit vpn; + hostname = config.networking.hostName; + }; + } + ] + ++ cfg.extraModules; + home.packages = cfg.packages; + home.stateVersion = config.system.stateVersion; + }; + } + ]); } diff --git a/modules/cgit/config.nix b/modules/cgit/config.nix index 9386a34..ab5be50 100644 --- a/modules/cgit/config.nix +++ b/modules/cgit/config.nix @@ -1,31 +1,28 @@ { + lib, pkgs, ... -}: -let +}: let repos-path = "/var/lib/cgit-repos"; cgit-setup-repos = - pkgs.writers.writePython3 "cgit-setup-repos" - { - libraries = with pkgs.python3Packages; [ PyGithub ]; - } - '' - from github import Github - from pathlib import Path + pkgs.writers.writePython3 "cgit-setup-repos" { + libraries = with pkgs.python3Packages; [PyGithub]; + } '' + from github import Github + from pathlib import Path - c = Path("${repos-path}") - c.unlink(missing_ok=True) + c = Path("${repos-path}") + c.unlink(missing_ok=True) - with open(c, "w") as f: - for repo in Github().get_user("aciceri").get_repos(): - f.writelines([ - f"repo.url={repo.name}\n" - f"repo.path=/home/ccr/projects/aciceri/{repo.name}/.git\n" - f"repo.desc={repo.description}\n" - ]) - ''; -in -{ + with open(c, "w") as f: + for repo in Github().get_user("aciceri").get_repos(): + f.writelines([ + f"repo.url={repo.name}\n" + f"repo.path=/home/ccr/projects/aciceri/{repo.name}/.git\n" + f"repo.desc={repo.description}\n" + ]) + ''; +in { services.nginx.virtualHosts."git.aciceri.dev" = { cgit = { enable = true; @@ -34,12 +31,10 @@ in virtual-root = "/"; cache-size = 1000; include = [ - (builtins.toString ( - pkgs.writeText "cgit-extra" '' - source-filter=${pkgs.cgit-pink}/lib/cgit/filters/syntax-highlighting.py - about-filter=${pkgs.cgit-pink}/lib/cgit/filters/about-formatting.sh - '' - )) + (builtins.toString (pkgs.writeText "cgit-extra" '' + source-filter=${pkgs.cgit-pink}/lib/cgit/filters/syntax-highlighting.py + about-filter=${pkgs.cgit-pink}/lib/cgit/filters/about-formatting.sh + '')) repos-path ]; }; @@ -53,13 +48,13 @@ in Type = "oneshot"; RemainAfterExit = true; }; - wantedBy = [ "multi-user.target" ]; + wantedBy = ["multi-user.target"]; script = builtins.toString cgit-setup-repos; }; systemd.timers.cgit-setup-repos = { - wantedBy = [ "timers.target" ]; - partOf = [ "cgit-setup-repos.service" ]; + wantedBy = ["timers.target"]; + partOf = ["cgit-setup-repos.service"]; timerConfig = { OnCalendar = "*-*-* 4:00:00"; # daily at 4 AM Unit = "cgit-setup-repos.service"; diff --git a/modules/cgit/default.nix b/modules/cgit/default.nix index 20561ce..a6439f8 100644 --- a/modules/cgit/default.nix +++ b/modules/cgit/default.nix @@ -4,149 +4,134 @@ pkgs, ... }: -with lib; -let +with lib; let globalConfig = config; settingsFormat = { - type = - with lib.types; - let - value = - oneOf [ - int - str - ] - // { - description = "INI-like atom (int or string)"; - }; - values = coercedTo value lib.singleton (listOf value) // { + type = with lib.types; let + value = + oneOf [int str] + // { + description = "INI-like atom (int or string)"; + }; + values = + coercedTo value lib.singleton (listOf value) + // { description = value.description + " or a list of them for duplicate keys"; }; - in + in attrsOf values; - generate = - name: values: - pkgs.writeText name (lib.generators.toKeyValue { listsAsDuplicateKeys = true; } values); + generate = name: values: + pkgs.writeText name (lib.generators.toKeyValue {listsAsDuplicateKeys = true;} values); }; -in -{ +in { imports = [ ../nginx-base ./config.nix ]; options.services.nginx.virtualHosts = mkOption { - type = types.attrsOf ( - types.submodule ( - { config, ... }: - let - cfg = config.cgit; + type = types.attrsOf (types.submodule ({config, ...}: let + cfg = config.cgit; - # These are the global options for this submodule, but for nicer UX they - # are inlined into the freeform settings. Hence they MUST NOT INTERSECT - # with any settings from cgitrc! - options = { - enable = mkEnableOption "cgit"; + # These are the global options for this submodule, but for nicer UX they + # are inlined into the freeform settings. Hence they MUST NOT INTERSECT + # with any settings from cgitrc! + options = { + enable = mkEnableOption "cgit"; - location = mkOption { - default = "/"; - type = types.str; - description = '' - Location to serve cgit on. - ''; - }; + location = mkOption { + default = "/"; + type = types.str; + description = '' + Location to serve cgit on. + ''; + }; + }; + + # Remove the global options for serialization into cgitrc + settings = removeAttrs cfg (attrNames options); + in { + options.cgit = mkOption { + type = types.submodule { + freeformType = settingsFormat.type; + inherit options; + config = { + css = mkDefault "/cgit.css"; + logo = mkDefault "/cgit.png"; + favicon = mkDefault "/favicon.ico"; }; + }; + default = {}; + example = literalExample '' + { + enable = true; + virtual-root = "/"; + source-filter = "''${pkgs.cgit-pink}/lib/cgit/filters/syntax-highlighting.py"; + about-filter = "''${pkgs.cgit-pink}/lib/cgit/filters/about-formatting.sh"; + cache-size = 1000; + scan-path = "/srv/git"; + include = [ + (builtins.toFile "cgitrc-extra-1" ''' + # Anything that has to be in a particular order + ''') + (builtins.toFile "cgitrc-extra-2" ''' + # Anything that has to be in a particular order + ''') + ]; + } + ''; + description = '' + Verbatim contents of the cgit runtime configuration file. Documentation + (with cgitrc example file) is available in "man cgitrc". Or online: + http://git.zx2c4.com/cgit/tree/cgitrc.5.txt + ''; + }; - # Remove the global options for serialization into cgitrc - settings = removeAttrs cfg (attrNames options); - in - { - options.cgit = mkOption { - type = types.submodule { - freeformType = settingsFormat.type; - inherit options; - config = { - css = mkDefault "/cgit.css"; - logo = mkDefault "/cgit.png"; - favicon = mkDefault "/favicon.ico"; - }; - }; - default = { }; - example = literalExample '' - { - enable = true; - virtual-root = "/"; - source-filter = "''${pkgs.cgit-pink}/lib/cgit/filters/syntax-highlighting.py"; - about-filter = "''${pkgs.cgit-pink}/lib/cgit/filters/about-formatting.sh"; - cache-size = 1000; - scan-path = "/srv/git"; - include = [ - (builtins.toFile "cgitrc-extra-1" ''' - # Anything that has to be in a particular order - ''') - (builtins.toFile "cgitrc-extra-2" ''' - # Anything that has to be in a particular order - ''') - ]; - } - ''; - description = '' - Verbatim contents of the cgit runtime configuration file. Documentation - (with cgitrc example file) is available in "man cgitrc". Or online: - http://git.zx2c4.com/cgit/tree/cgitrc.5.txt - ''; + config = let + location = removeSuffix "/" cfg.location; + in + mkIf cfg.enable { + locations."${location}/" = { + root = "${pkgs.cgit-pink}/cgit/"; + tryFiles = "$uri @cgit"; }; - - config = - let - location = removeSuffix "/" cfg.location; - in - mkIf cfg.enable { - locations."${location}/" = { - root = "${pkgs.cgit-pink}/cgit/"; - tryFiles = "$uri @cgit"; - }; - locations."~ ^${location}/(cgit.(css|png)|favicon.ico|robots.txt)$" = { - alias = "${pkgs.cgit-pink}/cgit/$1"; - }; - locations."~ ^${location}/custom.css$" = { - alias = ./custom.css; - }; - locations."@cgit" = { - extraConfig = - '' - include ${pkgs.nginx}/conf/fastcgi_params; - fastcgi_param CGIT_CONFIG ${settingsFormat.generate "cgitrc" settings}; - fastcgi_param SCRIPT_FILENAME ${pkgs.cgit-pink}/cgit/cgit.cgi; - fastcgi_param QUERY_STRING $args; - fastcgi_param HTTP_HOST $server_name; - fastcgi_pass unix:${globalConfig.services.fcgiwrap.socketAddress}; - '' - + ( - if cfg.location == "/" then - '' - fastcgi_param PATH_INFO $uri; - '' - else - '' - fastcgi_split_path_info ^(${location}/)(/?.+)$; - fastcgi_param PATH_INFO $fastcgi_path_info; - '' - ); - }; - }; - } - ) - ); + locations."~ ^${location}/(cgit.(css|png)|favicon.ico|robots.txt)$" = { + alias = "${pkgs.cgit-pink}/cgit/$1"; + }; + locations."~ ^${location}/custom.css$" = { + alias = ./custom.css; + }; + locations."@cgit" = { + extraConfig = + '' + include ${pkgs.nginx}/conf/fastcgi_params; + fastcgi_param CGIT_CONFIG ${settingsFormat.generate "cgitrc" settings}; + fastcgi_param SCRIPT_FILENAME ${pkgs.cgit-pink}/cgit/cgit.cgi; + fastcgi_param QUERY_STRING $args; + fastcgi_param HTTP_HOST $server_name; + fastcgi_pass unix:${globalConfig.services.fcgiwrap.socketAddress}; + '' + + ( + if cfg.location == "/" + then '' + fastcgi_param PATH_INFO $uri; + '' + else '' + fastcgi_split_path_info ^(${location}/)(/?.+)$; + fastcgi_param PATH_INFO $fastcgi_path_info; + '' + ); + }; + }; + })); }; - config = - let - vhosts = config.services.nginx.virtualHosts; - in + config = let + vhosts = config.services.nginx.virtualHosts; + in mkIf (any (name: vhosts.${name}.cgit.enable) (attrNames vhosts)) { # make the cgitrc manpage available - environment.systemPackages = [ pkgs.cgit-pink ]; + environment.systemPackages = [pkgs.cgit-pink]; services.fcgiwrap.enable = true; }; diff --git a/modules/cloudflare-dyndns/default.nix b/modules/cloudflare-dyndns/default.nix index b70c98d..10fe6dc 100644 --- a/modules/cloudflare-dyndns/default.nix +++ b/modules/cloudflare-dyndns/default.nix @@ -1,5 +1,4 @@ -{ config, ... }: -{ +{config, ...}: { services.cloudflare-dyndns = { enable = true; ipv4 = true; diff --git a/modules/common/default.nix b/modules/common/default.nix index c802ddd..7bd90c3 100644 --- a/modules/common/default.nix +++ b/modules/common/default.nix @@ -2,8 +2,7 @@ lib, fleetModules, ... -}: -{ +}: { imports = fleetModules [ "nix" "auto-upgrade" diff --git a/modules/dbus/default.nix b/modules/dbus/default.nix index a50d8d9..b481548 100644 --- a/modules/dbus/default.nix +++ b/modules/dbus/default.nix @@ -1,5 +1,4 @@ -{ pkgs, ... }: -{ - services.dbus.packages = [ pkgs.dconf ]; +{pkgs, ...}: { + services.dbus.packages = [pkgs.dconf]; programs.dconf.enable = true; } diff --git a/modules/docker/default.nix b/modules/docker/default.nix index d2a0f2a..b49ba1d 100644 --- a/modules/docker/default.nix +++ b/modules/docker/default.nix @@ -1,16 +1,13 @@ { pkgs, + config, ... -}: -{ +}: { virtualisation.podman.enable = true; # virtualisation.docker.enable = true; environment.systemPackages = with pkgs; [ docker-compose podman-compose ]; - ccr.extraGroups = [ - "docker" - "podman" - ]; + ccr.extraGroups = ["docker" "podman"]; } diff --git a/modules/fonts/default.nix b/modules/fonts/default.nix index e89327a..4fbe894 100644 --- a/modules/fonts/default.nix +++ b/modules/fonts/default.nix @@ -1,23 +1,10 @@ -{ pkgs, ... }: -{ +{pkgs, ...}: { fonts = { - packages = with pkgs; [ - powerline-fonts - dejavu_fonts - fira-code - fira-code-symbols - iosevka - iosevka-comfy.comfy - emacs-all-the-icons-fonts - nerdfonts - joypixels - etBook - vegur - ]; + packages = with pkgs; [powerline-fonts dejavu_fonts fira-code fira-code-symbols iosevka iosevka-comfy.comfy emacs-all-the-icons-fonts nerdfonts joypixels etBook vegur]; fontconfig.defaultFonts = { - monospace = [ "DejaVu Sans Mono for Powerline" ]; - sansSerif = [ "DejaVu Sans" ]; - serif = [ "DejaVu Serif" ]; + monospace = ["DejaVu Sans Mono for Powerline"]; + sansSerif = ["DejaVu Sans"]; + serif = ["DejaVu Serif"]; }; }; nixpkgs.config.joypixels.acceptLicense = true; diff --git a/modules/forgejo-runners/default.nix b/modules/forgejo-runners/default.nix index 4cbb492..28b4c35 100644 --- a/modules/forgejo-runners/default.nix +++ b/modules/forgejo-runners/default.nix @@ -4,27 +4,10 @@ pkgs, lib, ... -}: -let - storeDeps = pkgs.runCommand "store-deps" { } '' +}: let + storeDeps = pkgs.runCommand "store-deps" {} '' mkdir -p $out/bin - for dir in ${ - with pkgs; - builtins.toString [ - coreutils - findutils - gnugrep - gawk - git - nix - bash - jq - nodejs - nix-fast-build - curl - tea - ] - }; do + for dir in ${with pkgs; builtins.toString [coreutils findutils gnugrep gawk git nix bash jq nodejs nix-fast-build curl tea]}; do for bin in "$dir"/bin/*; do ln -s "$bin" "$out/bin/$(basename "$bin")" done @@ -45,194 +28,182 @@ let exec nix copy --to "s3://cache?profile=default®ion=eu-south-1&scheme=https&endpoint=cache.aciceri.dev" $OUT_PATHS ''; in -lib.mkMerge [ - { - # everything here has no dependencies on the store - systemd.services.gitea-runner-nix-image = { - wantedBy = [ "multi-user.target" ]; - after = [ "podman.service" ]; - requires = [ "podman.service" ]; - path = [ - config.virtualisation.podman.package - pkgs.gnutar - pkgs.shadow - pkgs.getent - ]; - # we also include etc here because the cleanup job also wants the nixuser to be present - script = '' - set -eux -o pipefail - mkdir -p etc/nix + lib.mkMerge [ + { + # everything here has no dependencies on the store + systemd.services.gitea-runner-nix-image = { + wantedBy = ["multi-user.target"]; + after = ["podman.service"]; + requires = ["podman.service"]; + path = [config.virtualisation.podman.package pkgs.gnutar pkgs.shadow pkgs.getent]; + # we also include etc here because the cleanup job also wants the nixuser to be present + script = '' + set -eux -o pipefail + mkdir -p etc/nix - # Create an unpriveleged user that we can use also without the run-as-user.sh script - touch etc/passwd etc/group - groupid=$(cut -d: -f3 < <(getent group nixuser)) - userid=$(cut -d: -f3 < <(getent passwd nixuser)) - groupadd --prefix $(pwd) --gid "$groupid" nixuser - emptypassword='$6$1ero.LwbisiU.h3D$GGmnmECbPotJoPQ5eoSTD6tTjKnSWZcjHoVTkxFLZP17W9hRi/XkmCiAMOfWruUwy8gMjINrBMNODc7cYEo4K.' - useradd --prefix $(pwd) -p "$emptypassword" -m -d /tmp -u "$userid" -g "$groupid" -G nixuser nixuser + # Create an unpriveleged user that we can use also without the run-as-user.sh script + touch etc/passwd etc/group + groupid=$(cut -d: -f3 < <(getent group nixuser)) + userid=$(cut -d: -f3 < <(getent passwd nixuser)) + groupadd --prefix $(pwd) --gid "$groupid" nixuser + emptypassword='$6$1ero.LwbisiU.h3D$GGmnmECbPotJoPQ5eoSTD6tTjKnSWZcjHoVTkxFLZP17W9hRi/XkmCiAMOfWruUwy8gMjINrBMNODc7cYEo4K.' + useradd --prefix $(pwd) -p "$emptypassword" -m -d /tmp -u "$userid" -g "$groupid" -G nixuser nixuser - echo -n "access-tokens = " > etc/nix/access-tokens - cat ${config.age.secrets.forgejo-nix-access-tokens.path} >> etc/nix/access-tokens + echo -n "access-tokens = " > etc/nix/access-tokens + cat ${config.age.secrets.forgejo-nix-access-tokens.path} >> etc/nix/access-tokens - cat < etc/nix/nix.conf - accept-flake-config = true - experimental-features = nix-command flakes - post-build-hook = ${pushToCache} - include access-tokens - NIX_CONFIG + cat < etc/nix/nix.conf + accept-flake-config = true + experimental-features = nix-command flakes + post-build-hook = ${pushToCache} + include access-tokens + NIX_CONFIG - cat < etc/nsswitch.conf - passwd: files mymachines systemd - group: files mymachines systemd - shadow: files + cat < etc/nsswitch.conf + passwd: files mymachines systemd + group: files mymachines systemd + shadow: files - hosts: files mymachines dns myhostname - networks: files + hosts: files mymachines dns myhostname + networks: files - ethers: files - services: files - protocols: files - rpc: files - NSSWITCH + ethers: files + services: files + protocols: files + rpc: files + NSSWITCH - # list the content as it will be imported into the container - tar -cv . | tar -tvf - - tar -cv . | podman import - gitea-runner-nix - ''; - serviceConfig = { - RuntimeDirectory = "gitea-runner-nix-image"; - WorkingDirectory = "/run/gitea-runner-nix-image"; - Type = "oneshot"; - RemainAfterExit = true; + # list the content as it will be imported into the container + tar -cv . | tar -tvf - + tar -cv . | podman import - gitea-runner-nix + ''; + serviceConfig = { + RuntimeDirectory = "gitea-runner-nix-image"; + WorkingDirectory = "/run/gitea-runner-nix-image"; + Type = "oneshot"; + RemainAfterExit = true; + }; }; - }; - users.users.nixuser = { - group = "nixuser"; - description = "Used for running nix ci jobs"; - home = "/var/empty"; - isSystemUser = true; - # extraGroups = [ "podman" ]; - }; - users.groups.nixuser = { }; - } - { - # Format of the token file: - virtualisation = { - podman.enable = true; - }; + users.users.nixuser = { + group = "nixuser"; + description = "Used for running nix ci jobs"; + home = "/var/empty"; + isSystemUser = true; + # extraGroups = [ "podman" ]; + }; + users.groups.nixuser = {}; + } + { + # Format of the token file: + virtualisation = { + podman.enable = true; + }; - # virtualisation.containers.storage.settings = { - # storage.driver = "zfs"; - # storage.graphroot = "/var/lib/containers/storage"; - # storage.runroot = "/run/containers/storage"; - # storage.options.zfs.fsname = "zroot/root/podman"; - # }; + # virtualisation.containers.storage.settings = { + # storage.driver = "zfs"; + # storage.graphroot = "/var/lib/containers/storage"; + # storage.runroot = "/run/containers/storage"; + # storage.options.zfs.fsname = "zroot/root/podman"; + # }; - # virtualisation.containers.containersConf.settings = { - # # podman seems to not work with systemd-resolved - # containers.dns_servers = [ "8.8.8.8" "8.8.4.4" ]; - # }; - } - { - systemd.services = - lib.genAttrs (builtins.genList (n: "gitea-runner-nix${builtins.toString n}") numInstances) - (_name: { - # TODO: systemd confinment - serviceConfig = { - # Hardening (may overlap with DynamicUser=) - # The following options are only for optimizing output of systemd-analyze - AmbientCapabilities = ""; - CapabilityBoundingSet = ""; - # ProtectClock= adds DeviceAllow=char-rtc r - DeviceAllow = ""; - NoNewPrivileges = true; - PrivateDevices = true; - PrivateMounts = true; - PrivateTmp = true; - PrivateUsers = true; - ProtectClock = true; - ProtectControlGroups = true; - ProtectHome = true; - ProtectHostname = true; - ProtectKernelLogs = true; - ProtectKernelModules = true; - ProtectKernelTunables = true; - ProtectSystem = "strict"; - RemoveIPC = true; - RestrictNamespaces = true; - RestrictRealtime = true; - RestrictSUIDSGID = true; - UMask = "0066"; - ProtectProc = "invisible"; - SystemCallFilter = [ - "~@clock" - "~@cpu-emulation" - "~@module" - "~@mount" - "~@obsolete" - "~@raw-io" - "~@reboot" - "~@swap" - # needed by go? - #"~@resources" - "~@privileged" - "~capset" - "~setdomainname" - "~sethostname" - ]; - RestrictAddressFamilies = [ - "AF_INET" - "AF_INET6" - "AF_UNIX" - "AF_NETLINK" - ]; - - # Needs network access - PrivateNetwork = false; - # Cannot be true due to Node - MemoryDenyWriteExecute = false; - - # The more restrictive "pid" option makes `nix` commands in CI emit - # "GC Warning: Couldn't read /proc/stat" - # You may want to set this to "pid" if not using `nix` commands - ProcSubset = "all"; - # Coverage programs for compiled code such as `cargo-tarpaulin` disable - # ASLR (address space layout randomization) which requires the - # `personality` syscall - # You may want to set this to `true` if not using coverage tooling on - # compiled code - LockPersonality = false; - - # Note that this has some interactions with the User setting; so you may - # want to consult the systemd docs if using both. - DynamicUser = true; - }; - }); - - services.gitea-actions-runner = { - package = pkgs.forgejo-actions-runner; - instances = lib.genAttrs (builtins.genList (n: "nix${builtins.toString n}") numInstances) (name: { - enable = true; - name = "nix-runner"; - # take the git root url from the gitea config - # only possible if you've also configured your gitea though the same nix config - # otherwise you need to set it manually - url = "https://git.aciceri.dev"; - # use your favourite nix secret manager to get a path for this - tokenFile = config.age.secrets.forgejo-runners-token.path; - labels = [ "nix:docker://gitea-runner-nix" ]; - settings = { - container.options = "-e NIX_BUILD_SHELL=/bin/bash -e PAGER=cat -e PATH=/bin -e SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt --device /dev/kvm -v /nix:/nix -v ${storeDeps}/bin:/bin -v ${storeDeps}/etc/ssl:/etc/ssl --user nixuser --device=/dev/kvm"; - # the default network that also respects our dns server settings - container.network = "host"; - container.valid_volumes = [ - "/nix" - "${storeDeps}/bin" - "${storeDeps}/etc/ssl" + # virtualisation.containers.containersConf.settings = { + # # podman seems to not work with systemd-resolved + # containers.dns_servers = [ "8.8.8.8" "8.8.4.4" ]; + # }; + } + { + systemd.services = lib.genAttrs (builtins.genList (n: "gitea-runner-nix${builtins.toString n}") numInstances) (name: { + # TODO: systemd confinment + serviceConfig = { + # Hardening (may overlap with DynamicUser=) + # The following options are only for optimizing output of systemd-analyze + AmbientCapabilities = ""; + CapabilityBoundingSet = ""; + # ProtectClock= adds DeviceAllow=char-rtc r + DeviceAllow = ""; + NoNewPrivileges = true; + PrivateDevices = true; + PrivateMounts = true; + PrivateTmp = true; + PrivateUsers = true; + ProtectClock = true; + ProtectControlGroups = true; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectSystem = "strict"; + RemoveIPC = true; + RestrictNamespaces = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + UMask = "0066"; + ProtectProc = "invisible"; + SystemCallFilter = [ + "~@clock" + "~@cpu-emulation" + "~@module" + "~@mount" + "~@obsolete" + "~@raw-io" + "~@reboot" + "~@swap" + # needed by go? + #"~@resources" + "~@privileged" + "~capset" + "~setdomainname" + "~sethostname" ]; + RestrictAddressFamilies = ["AF_INET" "AF_INET6" "AF_UNIX" "AF_NETLINK"]; + + # Needs network access + PrivateNetwork = false; + # Cannot be true due to Node + MemoryDenyWriteExecute = false; + + # The more restrictive "pid" option makes `nix` commands in CI emit + # "GC Warning: Couldn't read /proc/stat" + # You may want to set this to "pid" if not using `nix` commands + ProcSubset = "all"; + # Coverage programs for compiled code such as `cargo-tarpaulin` disable + # ASLR (address space layout randomization) which requires the + # `personality` syscall + # You may want to set this to `true` if not using coverage tooling on + # compiled code + LockPersonality = false; + + # Note that this has some interactions with the User setting; so you may + # want to consult the systemd docs if using both. + DynamicUser = true; }; }); - }; - } -] + + services.gitea-actions-runner = { + package = pkgs.forgejo-actions-runner; + instances = lib.genAttrs (builtins.genList (n: "nix${builtins.toString n}") numInstances) (name: { + enable = true; + name = "nix-runner"; + # take the git root url from the gitea config + # only possible if you've also configured your gitea though the same nix config + # otherwise you need to set it manually + url = "https://git.aciceri.dev"; + # use your favourite nix secret manager to get a path for this + tokenFile = config.age.secrets.forgejo-runners-token.path; + labels = ["nix:docker://gitea-runner-nix"]; + settings = { + container.options = "-e NIX_BUILD_SHELL=/bin/bash -e PAGER=cat -e PATH=/bin -e SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt --device /dev/kvm -v /nix:/nix -v ${storeDeps}/bin:/bin -v ${storeDeps}/etc/ssl:/etc/ssl --user nixuser --device=/dev/kvm"; + # the default network that also respects our dns server settings + container.network = "host"; + container.valid_volumes = [ + "/nix" + "${storeDeps}/bin" + "${storeDeps}/etc/ssl" + ]; + }; + }); + }; + } + ] diff --git a/modules/forgejo/default.nix b/modules/forgejo/default.nix index ae7f0c4..1365115 100644 --- a/modules/forgejo/default.nix +++ b/modules/forgejo/default.nix @@ -1,8 +1,8 @@ { config, + pkgs, ... -}: -{ +}: { services.forgejo = { enable = true; settings = { @@ -37,7 +37,7 @@ config.services.forgejo.stateDir ]; - imports = [ ../nginx-base ]; + imports = [../nginx-base]; services.nginx.virtualHosts = { "git.aciceri.dev" = { diff --git a/modules/fprintd/default.nix b/modules/fprintd/default.nix index dcb13ec..85508db 100644 --- a/modules/fprintd/default.nix +++ b/modules/fprintd/default.nix @@ -1,5 +1,5 @@ { - imports = [ ../pam ]; + imports = [../pam]; services.fprintd = { enable = false; # temporarily disable diff --git a/modules/garmin-collector/default.nix b/modules/garmin-collector/default.nix index 5b0a72d..b4ac0e1 100644 --- a/modules/garmin-collector/default.nix +++ b/modules/garmin-collector/default.nix @@ -4,20 +4,19 @@ fleetFlake, config, ... -}: -{ +}: { users.users.garmin-collector = { isSystemUser = true; group = "garmin-collector"; - extraGroups = [ "garmin-collector" ]; + extraGroups = ["garmin-collector"]; home = "/var/lib/garmin-collector"; }; - users.groups.garmin-collector = { }; + users.groups.garmin-collector = {}; systemd.services.garmin-collector = { description = "Garmin collector pushing to Prometheus Pushgateway"; - wantedBy = [ "multi-user.target" ]; + wantedBy = ["multi-user.target"]; environment = { PUSHGATEWAY_ADDRESS = config.services.prometheus.pushgateway.web.listen-address; }; @@ -33,7 +32,7 @@ }; systemd.timers."garmin-collector" = { - wantedBy = [ "timers.target" ]; + wantedBy = ["timers.target"]; timerConfig = { OnBootSec = "5m"; OnUnitActiveSec = "4h"; diff --git a/modules/grafana/default.nix b/modules/grafana/default.nix index a95e543..33d93f7 100644 --- a/modules/grafana/default.nix +++ b/modules/grafana/default.nix @@ -1,8 +1,6 @@ -{ config, ... }: -let +{config, ...}: let cfg = config.services.grafana; -in -{ +in { services.grafana = { enable = true; settings = { diff --git a/modules/greetd/default.nix b/modules/greetd/default.nix index 5a6e826..d8ee546 100644 --- a/modules/greetd/default.nix +++ b/modules/greetd/default.nix @@ -2,8 +2,7 @@ pkgs, lib, ... -}: -let +}: let sessions = builtins.concatStringsSep ":" [ (pkgs.writeTextFile { name = "xorg-session.desktop"; @@ -24,8 +23,7 @@ let ''; }) ]; -in -{ +in { services.greetd = { enable = true; vt = 2; diff --git a/modules/grocy/default.nix b/modules/grocy/default.nix index 16d730e..72ba8bc 100644 --- a/modules/grocy/default.nix +++ b/modules/grocy/default.nix @@ -2,11 +2,10 @@ pkgs, config, ... -}: -{ +}: { nixpkgs.overlays = [ - (_self: super: { - grocy = super.grocy.overrideAttrs (_old: { + (self: super: { + grocy = super.grocy.overrideAttrs (old: { meta.broken = false; version = "4.0.1"; src = pkgs.fetchFromGitHub { diff --git a/modules/hass-poweroff/default.nix b/modules/hass-poweroff/default.nix index d9ad3a2..4312093 100644 --- a/modules/hass-poweroff/default.nix +++ b/modules/hass-poweroff/default.nix @@ -1,17 +1,14 @@ -{ pkgs, ... }: -{ +{pkgs, ...}: { # Creates an user that home assistant can log in as to power off the system users.users.hass = { - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFcoVVrMFili8UBjziIu2wyFgcDGTlT1avBh2nLTa9aM" - ]; + openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFcoVVrMFili8UBjziIu2wyFgcDGTlT1avBh2nLTa9aM"]; isNormalUser = true; isSystemUser = false; group = "hass"; createHome = false; }; - users.groups.hass = { }; + users.groups.hass = {}; security.sudo.extraConfig = '' hass ALL=NOPASSWD:${pkgs.systemd}/bin/systemctl diff --git a/modules/hercules-ci/default.nix b/modules/hercules-ci/default.nix index 8160afd..f2cc077 100644 --- a/modules/hercules-ci/default.nix +++ b/modules/hercules-ci/default.nix @@ -1,5 +1,4 @@ -{ config, ... }: -{ +{config, ...}: { services.hercules-ci-agent = { enable = true; settings = { diff --git a/modules/home-assistant/default.nix b/modules/home-assistant/default.nix index cebc663..efab59b 100644 --- a/modules/home-assistant/default.nix +++ b/modules/home-assistant/default.nix @@ -2,26 +2,36 @@ pkgs, config, ... -}: -let +}: let + smartthings-fork = pkgs.fetchFromGitHub { + owner = "veista"; + repo = "smartthings"; + rev = "ba1a6f33c6ac37d81f4263073571628803e79697"; + sha256 = "sha256-X3SYkg0B5pzEich7/4iUmlADJneVuT8HTVnIiC7odRE="; + }; pun_sensor = pkgs.fetchFromGitHub { owner = "virtualdj"; repo = "pun_sensor"; rev = "51b216fab5c0d454d66060647c36e81bebfaf059"; hash = "sha256-bGVJx3bObXdf4AiC6bDvafs53NGS2aufRcTUmXy8nAI="; }; + cozy_life = pkgs.fetchFromGitHub { + owner = "yangqian"; + repo = "hass-cozylife"; + rev = "9a40a2fa09b0f74aee0b278e2858f5600b3487a9"; + hash = "sha256-i+82EUamV1Fhwhb1vhRqn9aA9dJ0FxSSMD734domyhw="; + }; garmin_connect = pkgs.fetchFromGitHub { owner = "cyberjunky"; repo = "home-assistant-garmin_connect"; rev = "d42edcabc67ba6a7f960e849c8aaec1aabef87c0"; hash = "sha256-KqbP6TpH9B0/AjtsW5TcWSNgUhND+w8rO6X8fHqtsDI="; }; -in -{ +in { services.home-assistant = { enable = true; openFirewall = true; - package = pkgs.home-assistant.overrideAttrs (_old: { + package = pkgs.home-assistant.overrideAttrs (old: { doInstallCheck = false; # prePatch = # '' @@ -51,8 +61,8 @@ in "wake_on_lan" "prometheus" ]; - extraPackages = - python3Packages: with python3Packages; [ + extraPackages = python3Packages: + with python3Packages; [ # used by pun_sensor holidays beautifulsoup4 @@ -62,13 +72,10 @@ in tzlocal ]; config = { - default_config = { }; + default_config = {}; http = { use_x_forwarded_for = true; - trusted_proxies = [ - "127.0.0.1" - "::1" - ]; + trusted_proxies = ["127.0.0.1" "::1"]; }; # ffmpeg = {}; # camera = [ @@ -98,7 +105,7 @@ in # data.mac = "20:28:bc:74:14:c2"; # }; # }]; - wake_on_lan = { }; + wake_on_lan = {}; switch = [ { name = "Picard"; @@ -157,7 +164,7 @@ in containers = { whisper = { image = "rhasspy/wyoming-whisper:latest"; - ports = [ "10300:10300" ]; + ports = ["10300:10300"]; cmd = [ "--model" "medium-int8" @@ -167,7 +174,7 @@ in }; piper = { image = "rhasspy/wyoming-piper:latest"; - ports = [ "10200:10200" ]; + ports = ["10200:10200"]; cmd = [ "--voice" "it_IT-riccardo-x_low" diff --git a/modules/hydra/config.nix b/modules/hydra/config.nix index dc0ed77..39e8e7e 100644 --- a/modules/hydra/config.nix +++ b/modules/hydra/config.nix @@ -1,8 +1,8 @@ { services.my-hydra.repos = { - emacs = { }; - nixfleet = { }; - trotten = { }; - blog = { }; + emacs = {}; + nixfleet = {}; + trotten = {}; + blog = {}; }; } diff --git a/modules/hydra/default.nix b/modules/hydra/default.nix index d0331fd..c95fdd8 100644 --- a/modules/hydra/default.nix +++ b/modules/hydra/default.nix @@ -3,63 +3,58 @@ config, pkgs, ... -}: -let +}: let cfg = config.services.my-hydra; - toSpec = - { - name, - owner, - ... - }: - let - spec = { - enabled = 1; - hidden = false; - description = "Declarative specification jobset automatically generated"; - checkinterval = 120; - schedulingshares = 10000; - enableemail = false; - emailoverride = ""; - keepnr = 1; - nixexprinput = "src"; - nixexprpath = "jobsets.nix"; - inputs = { - src = { - type = "path"; - value = pkgs.writeTextFile { - name = "src"; - text = builtins.readFile ./jobsets.nix; - destination = "/jobsets.nix"; + toSpec = { + name, + owner, + ... + }: let + spec = { + enabled = 1; + hidden = false; + description = "Declarative specification jobset automatically generated"; + checkinterval = 120; + schedulingshares = 10000; + enableemail = false; + emailoverride = ""; + keepnr = 1; + nixexprinput = "src"; + nixexprpath = "jobsets.nix"; + inputs = { + src = { + type = "path"; + value = pkgs.writeTextFile { + name = "src"; + text = builtins.readFile ./jobsets.nix; + destination = "/jobsets.nix"; + }; + emailresponsible = false; + }; + repoInfoPath = { + type = "path"; + value = pkgs.writeTextFile { + name = "repo"; + text = builtins.toJSON { + inherit name owner; }; - emailresponsible = false; - }; - repoInfoPath = { - type = "path"; - value = pkgs.writeTextFile { - name = "repo"; - text = builtins.toJSON { - inherit name owner; - }; - }; - emailresponsible = false; - }; - prs = { - type = "githubpulls"; - value = "${owner} ${name}"; - emailresponsible = false; }; + emailresponsible = false; + }; + prs = { + type = "githubpulls"; + value = "${owner} ${name}"; + emailresponsible = false; }; }; - drv = pkgs.writeTextFile { - name = "hydra-jobset-specification-${name}"; - text = builtins.toJSON spec; - destination = "/spec.json"; - }; - in - "${drv}"; -in -{ + }; + drv = pkgs.writeTextFile { + name = "hydra-jobset-specification-${name}"; + text = builtins.toJSON spec; + destination = "/spec.json"; + }; + in "${drv}"; +in { imports = [ ./config.nix ../nginx-base @@ -71,40 +66,35 @@ in default = "hydra.aciceri.dev"; }; repos = lib.mkOption { - type = lib.types.attrsOf ( - lib.types.submodule ( - { - name, - config, - ... - }: - { - options = { - name = lib.mkOption { - type = lib.types.str; - default = name; - }; - owner = lib.mkOption { - type = lib.types.str; - default = "aciceri"; - }; - description = lib.mkOption { - type = lib.types.str; - default = config.homepage; - }; - homepage = lib.mkOption { - type = lib.types.str; - default = "https://github.com/${config.owner}/${config.name}"; - }; - reportStatus = lib.mkOption { - type = lib.types.bool; - default = true; - }; - }; - } - ) - ); - default = { }; + type = lib.types.attrsOf (lib.types.submodule ({ + name, + config, + ... + }: { + options = { + name = lib.mkOption { + type = lib.types.str; + default = name; + }; + owner = lib.mkOption { + type = lib.types.str; + default = "aciceri"; + }; + description = lib.mkOption { + type = lib.types.str; + default = config.homepage; + }; + homepage = lib.mkOption { + type = lib.types.str; + default = "https://github.com/${config.owner}/${config.name}"; + }; + reportStatus = lib.mkOption { + type = lib.types.bool; + default = true; + }; + }; + })); + default = {}; }; }; @@ -125,38 +115,28 @@ in include ${config.age.secrets.hydra-github-token.path} '' - + (lib.concatMapStrings ( - repo: - lib.optionalString repo.reportStatus '' + + (lib.concatMapStrings (repo: + lib.optionalString repo.reportStatus + '' jobs = ${repo.name}.* excludeBuildFromContext = 1 useShortContext = 1 - '' - ) (builtins.attrValues cfg.repos)); + '') (builtins.attrValues cfg.repos)); }; systemd.services.hydra-setup = { description = "Hydra CI setup"; serviceConfig.Type = "oneshot"; serviceConfig.RemainAfterExit = true; - wantedBy = [ "multi-user.target" ]; - requires = [ "hydra-init.service" ]; - after = [ "hydra-init.service" ]; - environment = builtins.removeAttrs (config.systemd.services.hydra-init.environment) [ "PATH" ]; + wantedBy = ["multi-user.target"]; + requires = ["hydra-init.service"]; + after = ["hydra-init.service"]; + environment = builtins.removeAttrs (config.systemd.services.hydra-init.environment) ["PATH"]; script = '' - PATH=$PATH:${ - lib.makeBinPath ( - with pkgs; - [ - yq-go - curl - config.services.hydra.package - ] - ) - } + PATH=$PATH:${lib.makeBinPath (with pkgs; [yq-go curl config.services.hydra.package])} PASSWORD="$(cat ${config.age.secrets.hydra-admin-password.path})" if [ ! -e ~hydra/.setup-is-complete ]; then hydra-create-user admin \ diff --git a/modules/hydra/jobsets.nix b/modules/hydra/jobsets.nix index f44a79f..fed7df8 100644 --- a/modules/hydra/jobsets.nix +++ b/modules/hydra/jobsets.nix @@ -2,45 +2,42 @@ repoInfoPath, prs, ... -}: -let +}: let minutes = 60; - mapAttrs' = f: set: builtins.listToAttrs (map (attr: f attr set.${attr}) (builtins.attrNames set)); - - mkJobset = - { - enabled ? 1, - hidden ? false, - type ? 1, - description ? "", - checkinterval ? 5 * minutes, - schedulingshares ? 100, - enableemail ? false, - emailoverride ? "", - keepnr ? 1, - flake, - }: - { - inherit - enabled - hidden - type - description - checkinterval - schedulingshares - enableemail - emailoverride - keepnr - flake - ; - }; - - mkSpec = - contents: - let - escape = builtins.replaceStrings [ ''"'' ] [ ''\"'' ]; - contentsJson = builtins.toJSON contents; + hours = 60 * minutes; + days = 24 * hours; + filterAttrs = pred: set: + builtins.listToAttrs (builtins.concatMap (name: let + v = set.${name}; in + if pred name v + then [ + { + inherit name; + value = v; + } + ] + else []) (builtins.attrNames set)); + mapAttrs' = f: set: + builtins.listToAttrs (map (attr: f attr set.${attr}) (builtins.attrNames set)); + + mkJobset = { + enabled ? 1, + hidden ? false, + type ? 1, + description ? "", + checkinterval ? 5 * minutes, + schedulingshares ? 100, + enableemail ? false, + emailoverride ? "", + keepnr ? 1, + flake, + } @ args: {inherit enabled hidden type description checkinterval schedulingshares enableemail emailoverride keepnr flake;}; + + mkSpec = contents: let + escape = builtins.replaceStrings [''"''] [''\"'']; + contentsJson = builtins.toJSON contents; + in builtins.derivation { name = "spec.json"; system = "x86_64-linux"; @@ -57,21 +54,20 @@ let repo = builtins.fromJSON (builtins.readFile repoInfoPath); pullRequests = builtins.fromJSON (builtins.readFile prs); -in -{ - jobsets = mkSpec ( - { + pullRequestsToBuild = filterAttrs (n: pr: pr.head.repo != null && pr.head.repo.owner.login == repo.owner && pr.head.repo.name == repo.name) pullRequests; +in { + jobsets = mkSpec ({ master = mkJobset { description = "${repo.name}'s master branch"; flake = "git+ssh://git@github.com/${repo.owner}/${repo.name}?ref=master"; }; } // (mapAttrs' (n: pr: { - name = "pullRequest_${n}"; - value = mkJobset { - description = pr.title; - flake = "git+ssh://git@github.com/${repo.owner}/${repo.name}?ref=${pr.head.ref}"; - }; - }) pullRequests) - ); + name = "pullRequest_${n}"; + value = mkJobset { + description = pr.title; + flake = "git+ssh://git@github.com/${repo.owner}/${repo.name}?ref=${pr.head.ref}"; + }; + }) + pullRequests)); } diff --git a/modules/immich/default.nix b/modules/immich/default.nix index 21d8bd5..61ee117 100644 --- a/modules/immich/default.nix +++ b/modules/immich/default.nix @@ -1,8 +1,6 @@ -{ config, ... }: -let +{config, ...}: let nixpkgsImmich = builtins.getFlake "github:NixOS/nixpkgs/c0ee4c1770aa1ef998c977c4cc653a07ec95d9bf"; -in -{ +in { containers.nextcloud = { nixpkgs = nixpkgsImmich; autoStart = true; @@ -11,14 +9,15 @@ in # localAddress = "192.168.100.11"; # hostAddress6 = "fc00::1"; # localAddress6 = "fc00::2"; - config = - { - ... - }: - { - services.immich = { - enable = true; - }; + config = { + config, + pkgs, + lib, + ... + }: { + services.immich = { + enable = true; }; + }; }; } diff --git a/modules/immich/module.nix b/modules/immich/module.nix index 230691a..b31f11f 100644 --- a/modules/immich/module.nix +++ b/modules/immich/module.nix @@ -3,9 +3,9 @@ lib, pkgs, ... -}: -let - inherit (lib) +}: let + inherit + (lib) hasAttr hasPrefix maintainers @@ -31,18 +31,17 @@ let isServerPostgresUnix = hasPrefix "/" serverCfg.postgres.host; postgresEnv = - if isServerPostgresUnix then - { - # If passwordFile is given, this will be overwritten in ExecStart - DB_URL = "socket://${serverCfg.postgres.host}?dbname=${serverCfg.postgres.database}"; - } - else - { - DB_HOSTNAME = serverCfg.postgres.host; - DB_PORT = toString serverCfg.postgres.port; - DB_DATABASE_NAME = serverCfg.postgres.database; - DB_USERNAME = serverCfg.postgres.username; - }; + if isServerPostgresUnix + then { + # If passwordFile is given, this will be overwritten in ExecStart + DB_URL = "socket://${serverCfg.postgres.host}?dbname=${serverCfg.postgres.database}"; + } + else { + DB_HOSTNAME = serverCfg.postgres.host; + DB_PORT = toString serverCfg.postgres.port; + DB_DATABASE_NAME = serverCfg.postgres.database; + DB_USERNAME = serverCfg.postgres.username; + }; typesenseEnv = { @@ -55,8 +54,7 @@ let }; # Don't start a redis instance if the user sets a custom redis connection - enableRedis = - !hasAttr "REDIS_URL" serverCfg.extraConfig && !hasAttr "REDIS_SOCKET" serverCfg.extraConfig; + enableRedis = !hasAttr "REDIS_URL" serverCfg.extraConfig && !hasAttr "REDIS_SOCKET" serverCfg.extraConfig; redisServerCfg = config.services.redis.servers.immich; redisEnv = optionalAttrs enableRedis { REDIS_SOCKET = redisServerCfg.unixSocket; @@ -71,7 +69,9 @@ let IMMICH_MEDIA_LOCATION = serverCfg.mediaDir; IMMICH_MACHINE_LEARNING_URL = - if serverCfg.machineLearningUrl != null then serverCfg.machineLearningUrl else "false"; + if serverCfg.machineLearningUrl != null + then serverCfg.machineLearningUrl + else "false"; }; serverStartWrapper = program: '' @@ -79,10 +79,9 @@ let mkdir -p ${serverCfg.mediaDir} ${optionalString (serverCfg.postgres.passwordFile != null) ( - if isServerPostgresUnix then - ''export DB_URL="socket://${serverCfg.postgres.username}:$(cat ${serverCfg.postgres.passwordFile})@${serverCfg.postgres.host}?dbname=${serverCfg.postgres.database}"'' - else - "export DB_PASSWORD=$(cat ${serverCfg.postgres.passwordFile})" + if isServerPostgresUnix + then ''export DB_URL="socket://${serverCfg.postgres.username}:$(cat ${serverCfg.postgres.passwordFile})@${serverCfg.postgres.host}?dbname=${serverCfg.postgres.database}"'' + else "export DB_PASSWORD=$(cat ${serverCfg.postgres.passwordFile})" )} ${optionalString serverCfg.typesense.enable '' @@ -147,27 +146,30 @@ let EnvironmentFile = mkIf (serverCfg.environmentFile != null) serverCfg.environmentFile; TemporaryFileSystem = "/:ro"; - BindReadOnlyPaths = [ - "/nix/store" - "-/etc/resolv.conf" - "-/etc/nsswitch.conf" - "-/etc/hosts" - "-/etc/localtime" - "-/run/postgresql" - ] ++ optional enableRedis redisServerCfg.unixSocket; + BindReadOnlyPaths = + [ + "/nix/store" + "-/etc/resolv.conf" + "-/etc/nsswitch.conf" + "-/etc/hosts" + "-/etc/localtime" + "-/run/postgresql" + ] + ++ optional enableRedis redisServerCfg.unixSocket; }; -in -{ +in { options.services.immich = { - enable = mkEnableOption "immich" // { - description = '' - Enables immich which consists of a backend server, microservices, - machine-learning and web ui. You can disable or reconfigure components - individually using the subsections. - ''; - }; + enable = + mkEnableOption "immich" + // { + description = '' + Enables immich which consists of a backend server, microservices, + machine-learning and web ui. You can disable or reconfigure components + individually using the subsections. + ''; + }; - package = mkPackageOption pkgs "immich" { }; + package = mkPackageOption pkgs "immich" {}; server = { mediaDir = mkOption { @@ -177,9 +179,11 @@ in }; backend = { - enable = mkEnableOption "immich backend server" // { - default = true; - }; + enable = + mkEnableOption "immich backend server" + // { + default = true; + }; port = mkOption { type = types.port; default = 3001; @@ -194,7 +198,7 @@ in extraConfig = mkOption { type = types.attrs; - default = { }; + default = {}; example = { LOG_LEVEL = "debug"; }; @@ -216,9 +220,11 @@ in }; microservices = { - enable = mkEnableOption "immich microservices" // { - default = true; - }; + enable = + mkEnableOption "immich microservices" + // { + default = true; + }; port = mkOption { type = types.port; @@ -234,7 +240,7 @@ in extraConfig = mkOption { type = types.attrs; - default = { }; + default = {}; example = { REVERSE_GEOCODING_PRECISION = 1; }; @@ -256,9 +262,11 @@ in }; typesense = { - enable = mkEnableOption "typesense" // { - default = true; - }; + enable = + mkEnableOption "typesense" + // { + default = true; + }; host = mkOption { type = types.str; @@ -335,7 +343,7 @@ in extraConfig = mkOption { type = types.attrs; - default = { }; + default = {}; example = { REDIS_SOCKET = "/run/custom-redis"; }; @@ -357,9 +365,11 @@ in }; web = { - enable = mkEnableOption "immich web frontend" // { - default = true; - }; + enable = + mkEnableOption "immich web frontend" + // { + default = true; + }; port = mkOption { type = types.port; @@ -388,7 +398,7 @@ in extraConfig = mkOption { type = types.attrs; - default = { }; + default = {}; example = { PUBLIC_LOGIN_PAGE_MESSAGE = "My awesome Immich instance!"; }; @@ -400,9 +410,11 @@ in }; machineLearning = { - enable = mkEnableOption "immich machine-learning server" // { - default = true; - }; + enable = + mkEnableOption "immich machine-learning server" + // { + default = true; + }; port = mkOption { type = types.port; @@ -418,7 +430,7 @@ in extraConfig = mkOption { type = types.attrs; - default = { }; + default = {}; example = { MACHINE_LEARNING_MODEL_TTL = 600; }; @@ -439,10 +451,10 @@ in ]; networking.firewall.allowedTCPPorts = mkMerge [ - (mkIf (backendCfg.enable && backendCfg.openFirewall) [ backendCfg.port ]) - (mkIf (microservicesCfg.enable && microservicesCfg.openFirewall) [ microservicesCfg.port ]) - (mkIf (webCfg.enable && webCfg.openFirewall) [ webCfg.port ]) - (mkIf (mlCfg.enable && mlCfg.openFirewall) [ mlCfg.port ]) + (mkIf (backendCfg.enable && backendCfg.openFirewall) [backendCfg.port]) + (mkIf (microservicesCfg.enable && microservicesCfg.openFirewall) [microservicesCfg.port]) + (mkIf (webCfg.enable && webCfg.openFirewall) [webCfg.port]) + (mkIf (mlCfg.enable && mlCfg.openFirewall) [mlCfg.port]) ]; services.redis.servers.immich.enable = mkIf enableRedis true; @@ -450,13 +462,15 @@ in systemd.services.immich-server = mkIf backendCfg.enable { description = "Immich backend server (Self-hosted photo and video backup solution)"; - after = [ - "network.target" - "typesense.service" - "postgresql.service" - "immich-machine-learning.service" - ] ++ optional enableRedis "redis-immich.service"; - wantedBy = [ "multi-user.target" ]; + after = + [ + "network.target" + "typesense.service" + "postgresql.service" + "immich-machine-learning.service" + ] + ++ optional enableRedis "redis-immich.service"; + wantedBy = ["multi-user.target"]; environment = serverEnv @@ -477,13 +491,15 @@ in systemd.services.immich-microservices = mkIf microservicesCfg.enable { description = "Immich microservices (Self-hosted photo and video backup solution)"; - after = [ - "network.target" - "typesense.service" - "postgresql.service" - "immich-machine-learning.service" - ] ++ optional enableRedis "redis-immich.service"; - wantedBy = [ "multi-user.target" ]; + after = + [ + "network.target" + "typesense.service" + "postgresql.service" + "immich-machine-learning.service" + ] + ++ optional enableRedis "redis-immich.service"; + wantedBy = ["multi-user.target"]; environment = serverEnv @@ -508,14 +524,16 @@ in "network.target" "immich-server.service" ]; - wantedBy = [ "multi-user.target" ]; + wantedBy = ["multi-user.target"]; - environment = { - NODE_ENV = "production"; - PORT = toString webCfg.port; - IMMICH_SERVER_URL = webCfg.serverUrl; - IMMICH_API_URL_EXTERNAL = webCfg.apiUrlExternal; - } // mapAttrs (_: toString) webCfg.extraConfig; + environment = + { + NODE_ENV = "production"; + PORT = toString webCfg.port; + IMMICH_SERVER_URL = webCfg.serverUrl; + IMMICH_API_URL_EXTERNAL = webCfg.apiUrlExternal; + } + // mapAttrs (_: toString) webCfg.extraConfig; script = '' set -euo pipefail @@ -523,62 +541,68 @@ in export PUBLIC_IMMICH_API_URL_EXTERNAL=$IMMICH_API_URL_EXTERNAL exec ${cfg.package.web}/bin/web ''; - serviceConfig = commonServiceConfig // { - DynamicUser = true; - User = "immich-web"; - Group = "immich-web"; + serviceConfig = + commonServiceConfig + // { + DynamicUser = true; + User = "immich-web"; + Group = "immich-web"; - MemoryDenyWriteExecute = false; # nodejs requires this. + MemoryDenyWriteExecute = false; # nodejs requires this. - TemporaryFileSystem = "/:ro"; - BindReadOnlyPaths = [ - "/nix/store" - "-/etc/resolv.conf" - "-/etc/nsswitch.conf" - "-/etc/hosts" - "-/etc/localtime" - ]; - }; + TemporaryFileSystem = "/:ro"; + BindReadOnlyPaths = [ + "/nix/store" + "-/etc/resolv.conf" + "-/etc/nsswitch.conf" + "-/etc/hosts" + "-/etc/localtime" + ]; + }; }; systemd.services.immich-machine-learning = mkIf mlCfg.enable { description = "Immich machine learning (Self-hosted photo and video backup solution)"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; + after = ["network.target"]; + wantedBy = ["multi-user.target"]; - environment = { - NODE_ENV = "production"; - MACHINE_LEARNING_PORT = toString mlCfg.port; + environment = + { + NODE_ENV = "production"; + MACHINE_LEARNING_PORT = toString mlCfg.port; - MACHINE_LEARNING_CACHE_FOLDER = "/var/cache/immich-ml"; - TRANSFORMERS_CACHE = "/var/cache/immich-ml"; - } // mapAttrs (_: toString) mlCfg.extraConfig; + MACHINE_LEARNING_CACHE_FOLDER = "/var/cache/immich-ml"; + TRANSFORMERS_CACHE = "/var/cache/immich-ml"; + } + // mapAttrs (_: toString) mlCfg.extraConfig; - serviceConfig = commonServiceConfig // { - ExecStart = "${cfg.package.machine-learning}/bin/machine-learning"; - DynamicUser = true; - User = "immich-ml"; - Group = "immich-ml"; + serviceConfig = + commonServiceConfig + // { + ExecStart = "${cfg.package.machine-learning}/bin/machine-learning"; + DynamicUser = true; + User = "immich-ml"; + Group = "immich-ml"; - MemoryDenyWriteExecute = false; # onnxruntime_pybind11 requires this. - ProcSubset = "all"; # Needs /proc/cpuinfo + MemoryDenyWriteExecute = false; # onnxruntime_pybind11 requires this. + ProcSubset = "all"; # Needs /proc/cpuinfo - CacheDirectory = "immich-ml"; - CacheDirectoryMode = "0700"; + CacheDirectory = "immich-ml"; + CacheDirectoryMode = "0700"; - # TODO gpu access + # TODO gpu access - TemporaryFileSystem = "/:ro"; - BindReadOnlyPaths = [ - "/nix/store" - "-/etc/resolv.conf" - "-/etc/nsswitch.conf" - "-/etc/hosts" - "-/etc/localtime" - ]; - }; + TemporaryFileSystem = "/:ro"; + BindReadOnlyPaths = [ + "/nix/store" + "-/etc/resolv.conf" + "-/etc/nsswitch.conf" + "-/etc/hosts" + "-/etc/localtime" + ]; + }; }; - meta.maintainers = with maintainers; [ oddlama ]; + meta.maintainers = with maintainers; [oddlama]; }; } diff --git a/modules/jellyfin/default.nix b/modules/jellyfin/default.nix index 33e1cd1..1615176 100644 --- a/modules/jellyfin/default.nix +++ b/modules/jellyfin/default.nix @@ -3,5 +3,5 @@ enable = true; }; - users.users.jellyfin.extraGroups = [ "transmission" ]; + users.users.jellyfin.extraGroups = ["transmission"]; } diff --git a/modules/kodi/default.nix b/modules/kodi/default.nix index 41708a1..1eb104e 100644 --- a/modules/kodi/default.nix +++ b/modules/kodi/default.nix @@ -1,20 +1,20 @@ { + config, + lib, pkgs, ... -}: -{ +}: { services.xserver = { enable = true; desktopManager.kodi = { enable = true; - package = pkgs.kodi.withPackages ( - ps: with ps; [ + package = pkgs.kodi.withPackages (ps: + with ps; [ joystick youtube libretro libretro-mgba - ] - ); + ]); }; displayManager.autoLogin = { enable = true; @@ -28,8 +28,8 @@ }; networking.firewall = { - allowedTCPPorts = [ 8080 ]; - allowedUDPPorts = [ 8080 ]; + allowedTCPPorts = [8080]; + allowedUDPPorts = [8080]; }; # environment.systemPackages = with pkgs; [xboxdrv cifs-utils]; diff --git a/modules/loki/default.nix b/modules/loki/default.nix index 01d9bc3..79d9738 100644 --- a/modules/loki/default.nix +++ b/modules/loki/default.nix @@ -1,8 +1,6 @@ -{ config, ... }: -let +{config, ...}: let cfg = config.services.loki; -in -{ +in { services.loki = { enable = true; configuration = { diff --git a/modules/macos-ventura/default.nix b/modules/macos-ventura/default.nix index 919e4c8..128729b 100644 --- a/modules/macos-ventura/default.nix +++ b/modules/macos-ventura/default.nix @@ -1,12 +1,11 @@ -{ fleetFlake, ... }: -{ +{fleetFlake, ...}: { services.macos-ventura = { enable = true; cores = 8; threads = 8; mem = "8G"; vncListenAddr = "0.0.0.0"; - extraQemuFlags = [ "-nographic" ]; + extraQemuFlags = ["-nographic"]; sshPort = 2021; installNix = true; stateless = true; diff --git a/modules/mara/default.nix b/modules/mara/default.nix index 8696519..1888ef2 100644 --- a/modules/mara/default.nix +++ b/modules/mara/default.nix @@ -5,8 +5,7 @@ fleetHmModules, fleetFlake, ... -}: -{ +}: { options.mara = { enable = lib.mkOption { type = lib.types.bool; @@ -15,15 +14,12 @@ modules = lib.mkOption { type = with lib.types; listOf str; - default = [ - "shell" - "git" - ]; + default = ["shell" "git"]; }; packages = lib.mkOption { type = with lib.types; listOf package; - default = [ ]; + default = []; }; autologin = lib.mkOption { @@ -43,12 +39,7 @@ extraGroups = lib.mkOption { type = with lib.types; listOf str; - default = [ - "wheel" - "fuse" - "networkmanager" - "dialout" - ]; + default = ["wheel" "fuse" "networkmanager" "dialout"]; }; }; @@ -63,7 +54,10 @@ openssh.authorizedKeys.keys = config.mara.authorizedKeys; }; - services.getty.autologinUser = if config.mara.autologin then "mara" else null; + services.getty.autologinUser = + if config.mara.autologin + then "mara" + else null; home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; diff --git a/modules/matrix/default.nix b/modules/matrix/default.nix index b80803d..5fc24b1 100644 --- a/modules/matrix/default.nix +++ b/modules/matrix/default.nix @@ -3,8 +3,7 @@ lib, pkgs, ... -}: -let +}: let clientConfig = { "m.homeserver".base_url = "https://matrix.aciceri.dev"; "org.matrix.msc3575.proxy".url = "https://syncv3.matrix.aciceri.dev"; @@ -15,9 +14,8 @@ let add_header Access-Control-Allow-Origin *; return 200 '${builtins.toJSON data}'; ''; -in -{ - imports = [ ../nginx-base ]; +in { + imports = [../nginx-base]; services.nginx.virtualHosts = { "aciceri.dev" = { @@ -60,23 +58,20 @@ in listeners = [ { port = 8008; - bind_addresses = [ "127.0.0.1" ]; + bind_addresses = ["127.0.0.1"]; type = "http"; tls = false; x_forwarded = true; resources = [ { - names = [ - "client" - "federation" - ]; + names = ["client" "federation"]; compress = true; } ]; } ]; }; - extraConfigFiles = [ config.age.secrets.matrix-registration-shared-secret.path ]; + extraConfigFiles = [config.age.secrets.matrix-registration-shared-secret.path]; }; backup.paths = [ @@ -86,7 +81,7 @@ in services.postgresqlBackup = { enable = true; - databases = [ "matrix-synapse" ]; + databases = ["matrix-synapse"]; }; services.matrix-sliding-sync = { diff --git a/modules/mediatomb/default.nix b/modules/mediatomb/default.nix index 5608e81..e09bd65 100644 --- a/modules/mediatomb/default.nix +++ b/modules/mediatomb/default.nix @@ -11,5 +11,5 @@ ]; }; - users.users.mediatomb.extraGroups = [ "transmission" ]; + users.users.mediatomb.extraGroups = ["transmission"]; } diff --git a/modules/minidlna/default.nix b/modules/minidlna/default.nix index e5ffae8..6a813bd 100644 --- a/modules/minidlna/default.nix +++ b/modules/minidlna/default.nix @@ -1,5 +1,4 @@ -{ config, ... }: -{ +{config, ...}: { services.minidlna = { enable = true; openFirewall = true; @@ -12,6 +11,6 @@ }; }; - ccr.extraGroups = [ "minidlna" ]; - users.users.minidlna.extraGroups = [ "transmission" ]; + ccr.extraGroups = ["minidlna"]; + users.users.minidlna.extraGroups = ["transmission"]; } diff --git a/modules/minio/default.nix b/modules/minio/default.nix index 8f378c3..1f503af 100644 --- a/modules/minio/default.nix +++ b/modules/minio/default.nix @@ -2,15 +2,14 @@ config, lib, ... -}: -{ - imports = [ ../nginx-base ]; +}: { + imports = [../nginx-base]; services.minio = { enable = true; rootCredentialsFile = config.age.secrets.minio-credentials.path; region = "eu-south-1"; - dataDir = lib.mkForce [ "/mnt/hd/minio" ]; + dataDir = lib.mkForce ["/mnt/hd/minio"]; }; services.nginx.virtualHosts."cache.aciceri.dev" = { @@ -26,7 +25,8 @@ ''; locations."/" = { proxyPass = "http://127.0.0.1:9000"; - extraConfig = ''''; + extraConfig = '' + ''; }; }; } diff --git a/modules/mothership-proxy/default.nix b/modules/mothership-proxy/default.nix index a1df867..bf9bef4 100644 --- a/modules/mothership-proxy/default.nix +++ b/modules/mothership-proxy/default.nix @@ -1,6 +1,5 @@ -{ ... }: -{ - imports = [ ../nginx-base ]; +{config, ...}: { + imports = [../nginx-base]; services.nginx.virtualHosts = { "home.aciceri.dev" = { forceSSL = true; diff --git a/modules/mount-rock5b/default.nix b/modules/mount-rock5b/default.nix index a31eb1c..680c42b 100644 --- a/modules/mount-rock5b/default.nix +++ b/modules/mount-rock5b/default.nix @@ -2,20 +2,15 @@ pkgs, config, ... -}: -{ +}: { fileSystems."/home/${config.ccr.username}/torrent" = { device = "//sisko.fleet/torrent"; fsType = "cifs"; - options = - let - credentials = pkgs.writeText "credentials" '' - username=guest - password= - ''; - in - [ - "credentials=${credentials},x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s" - ]; + options = let + credentials = pkgs.writeText "credentials" '' + username=guest + password= + ''; + in ["credentials=${credentials},x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"]; }; } diff --git a/modules/networkmanager/default.nix b/modules/networkmanager/default.nix index 7259900..c5e2c48 100644 --- a/modules/networkmanager/default.nix +++ b/modules/networkmanager/default.nix @@ -1,6 +1,5 @@ -{ lib, ... }: -{ +{lib, ...}: { networking.networkmanager.enable = true; - ccr.extraGroups = [ "networkmanager" ]; + ccr.extraGroups = ["networkmanager"]; networking.useDHCP = lib.mkDefault true; } diff --git a/modules/nextcloud/default.nix b/modules/nextcloud/default.nix index 37340e4..0346551 100644 --- a/modules/nextcloud/default.nix +++ b/modules/nextcloud/default.nix @@ -2,13 +2,14 @@ config, pkgs, ... -}: -{ +}: let + cfg = config.services.nextcloud; +in { systemd.tmpfiles.rules = [ "d /mnt/raid/nextcloud 770 nextcloud nextcloud" ]; - ccr.extraGroups = [ "nextcloud" ]; + ccr.extraGroups = ["nextcloud"]; services.nextcloud = { enable = true; @@ -22,5 +23,5 @@ }; }; - networking.firewall.allowedTCPPorts = [ 80 ]; + networking.firewall.allowedTCPPorts = [80]; } diff --git a/modules/nix-serve/default.nix b/modules/nix-serve/default.nix index 261b517..bcb1bd5 100644 --- a/modules/nix-serve/default.nix +++ b/modules/nix-serve/default.nix @@ -2,12 +2,10 @@ config, lib, ... -}: -let +}: let cfg = config.services.my-nix-serve; -in -{ - imports = [ ../nginx-base ]; +in { + imports = [../nginx-base]; options.services.my-nix-serve = { domain = lib.mkOption { type = lib.types.str; diff --git a/modules/nix/default.nix b/modules/nix/default.nix index 550aadf..737eb63 100644 --- a/modules/nix/default.nix +++ b/modules/nix/default.nix @@ -2,9 +2,9 @@ config, lib, fleetFlake, + pkgs, ... -}: -{ +}: { nix = { optimise.automatic = true; @@ -35,7 +35,7 @@ # deprecated-features = [ "url-literals" ]; }; - nixPath = [ "nixpkgs=${fleetFlake.inputs.nixpkgs}" ]; + nixPath = ["nixpkgs=${fleetFlake.inputs.nixpkgs}"]; extraOptions = '' experimental-features = nix-command flakes impure-derivations @@ -48,8 +48,7 @@ options = "--delete-older-than 180d"; }; - registry = lib.mkForce ( - { + registry = lib.mkForce ({ nixpkgs.to = { type = "path"; path = fleetFlake.inputs.nixpkgs; @@ -72,8 +71,7 @@ type = "path"; path = "/home/${config.ccr.username}/.config/emacs"; }; - }) - ); + })); distributedBuilds = true; buildMachines = @@ -81,12 +79,7 @@ hostName = "sisko.fleet"; system = "aarch64-linux"; maxJobs = 7; - supportedFeatures = [ - "kvm" - "nixos-test" - "big-parallel" - "benchmark" - ]; + supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark"]; protocol = "ssh-ng"; sshUser = "root"; sshKey = "/home/${config.ccr.username}/.ssh/id_rsa"; @@ -95,12 +88,7 @@ hostName = "mac.staging.mlabs.city?remote-program=/run/current-system/sw/bin/nix-store"; system = "x86_64-darwin"; maxJobs = 4; - supportedFeatures = [ - "kvm" - "nixos-test" - "big-parallel" - "benchmark" - ]; + supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark"]; protocol = "ssh"; sshUser = "root"; sshKey = "/home/${config.ccr.username}/.ssh/id_rsa"; diff --git a/modules/org-roam-ui/default.nix b/modules/org-roam-ui/default.nix index 7b932a4..f3abe34 100644 --- a/modules/org-roam-ui/default.nix +++ b/modules/org-roam-ui/default.nix @@ -1,11 +1,10 @@ -{ ... }: -{ +{...}: { networking.firewall.interfaces."wg0" = { allowedTCPPorts = [ 35901 ]; }; - imports = [ ../nginx-base ]; + imports = [../nginx-base]; services.nginx.virtualHosts = { "roam.aciceri.dev" = { forceSSL = true; diff --git a/modules/paperless/default.nix b/modules/paperless/default.nix index 6770ce5..b1c0e6f 100644 --- a/modules/paperless/default.nix +++ b/modules/paperless/default.nix @@ -1,5 +1,4 @@ -{ config, ... }: -{ +{config, ...}: { services.paperless = { enable = true; address = "0.0.0.0"; @@ -8,10 +7,7 @@ consumptionDir = "/mnt/hd/paperless/consume"; settings = { PAPERLESS_OCR_LANGUAGE = "ita+eng"; - PAPERLESS_CONSUMER_IGNORE_PATTERN = builtins.toJSON [ - ".DS_STORE/*" - "desktop.ini" - ]; + PAPERLESS_CONSUMER_IGNORE_PATTERN = builtins.toJSON [".DS_STORE/*" "desktop.ini"]; PAPERLESS_OCR_USER_ARGS = builtins.toJSON { optimize = 1; pdfa_image_compression = "lossless"; diff --git a/modules/pipewire/default.nix b/modules/pipewire/default.nix index 8b69935..b2d9a1b 100644 --- a/modules/pipewire/default.nix +++ b/modules/pipewire/default.nix @@ -1,5 +1,4 @@ -{ lib, ... }: -{ +{lib, ...}: { services.pipewire.enable = true; hardware.pulseaudio = { diff --git a/modules/plex/default.nix b/modules/plex/default.nix index dcf446b..650a29a 100644 --- a/modules/plex/default.nix +++ b/modules/plex/default.nix @@ -9,5 +9,5 @@ "d /mnt/raid/plex 770 plex plex" ]; - users.users.plex.extraGroups = [ "transmission" ]; + users.users.plex.extraGroups = ["transmission"]; } diff --git a/modules/printing/default.nix b/modules/printing/default.nix index 254ec26..10c1539 100644 --- a/modules/printing/default.nix +++ b/modules/printing/default.nix @@ -1,5 +1,4 @@ -{ pkgs, ... }: -{ +{pkgs, ...}: { services.avahi = { enable = true; # Important to resolve .local domains of printers, otherwise you get an error @@ -12,7 +11,7 @@ services.printing = { enable = true; drivers = [ - (pkgs.callPackage ./driver.nix { }) + (pkgs.callPackage ./driver.nix {}) ]; }; } diff --git a/modules/printing/driver.nix b/modules/printing/driver.nix index 46a4d96..e2c5c2d 100644 --- a/modules/printing/driver.nix +++ b/modules/printing/driver.nix @@ -12,13 +12,8 @@ coreutils, gnugrep, which, -}: -let - arches = [ - "x86_64" - "i686" - "armv7l" - ]; +}: let + arches = ["x86_64" "i686" "armv7l"]; runtimeDeps = [ ghostscript @@ -29,67 +24,63 @@ let which ]; in -stdenv.mkDerivation rec { - pname = "cups-brother-mfcl2710dw"; - version = "4.0.0-1"; + stdenv.mkDerivation rec { + pname = "cups-brother-mfcl2710dw"; + version = "4.0.0-1"; - nativeBuildInputs = [ - dpkg - makeWrapper - autoPatchelfHook - ]; - buildInputs = [ perl ]; + nativeBuildInputs = [dpkg makeWrapper autoPatchelfHook]; + buildInputs = [perl]; - dontUnpack = true; + dontUnpack = true; - src = fetchurl { - url = "https://download.brother.com/welcome/dlf103526/mfcl2710dwpdrv-${version}.i386.deb"; - hash = "sha256-OOTvbCuyxw4k01CTMuBqG2boMN13q5xC7LacaweGmyw="; - }; + src = fetchurl { + url = "https://download.brother.com/welcome/dlf103526/mfcl2710dwpdrv-${version}.i386.deb"; + hash = "sha256-OOTvbCuyxw4k01CTMuBqG2boMN13q5xC7LacaweGmyw="; + }; - installPhase = - '' - runHook preInstall + installPhase = + '' + runHook preInstall - mkdir -p $out - dpkg-deb -x $src $out + mkdir -p $out + dpkg-deb -x $src $out - # delete unnecessary files for the current architecture - '' - + lib.concatMapStrings (arch: '' - echo Deleting files for ${arch} - rm -r "$out/opt/brother/Printers/MFCL2710DW/lpd/${arch}" - '') (builtins.filter (arch: arch != stdenv.hostPlatform.linuxArch) arches) - + '' + # delete unnecessary files for the current architecture + '' + + lib.concatMapStrings (arch: '' + echo Deleting files for ${arch} + rm -r "$out/opt/brother/Printers/MFCL2710DW/lpd/${arch}" + '') (builtins.filter (arch: arch != stdenv.hostPlatform.linuxArch) arches) + + '' - # bundled scripts don't understand the arch subdirectories for some reason - ln -s \ - "$out/opt/brother/Printers/MFCL2710DW/lpd/${stdenv.hostPlatform.linuxArch}/"* \ - "$out/opt/brother/Printers/MFCL2710DW/lpd/" + # bundled scripts don't understand the arch subdirectories for some reason + ln -s \ + "$out/opt/brother/Printers/MFCL2710DW/lpd/${stdenv.hostPlatform.linuxArch}/"* \ + "$out/opt/brother/Printers/MFCL2710DW/lpd/" - # Fix global references and replace auto discovery mechanism with hardcoded values - substituteInPlace $out/opt/brother/Printers/MFCL2710DW/lpd/lpdfilter \ - --replace /opt "$out/opt" \ - --replace "my \$BR_PRT_PATH =" "my \$BR_PRT_PATH = \"$out/opt/brother/Printers/MFCL2710DW\"; #" \ - --replace "PRINTER =~" "PRINTER = \"MFCL2710DW\"; #" + # Fix global references and replace auto discovery mechanism with hardcoded values + substituteInPlace $out/opt/brother/Printers/MFCL2710DW/lpd/lpdfilter \ + --replace /opt "$out/opt" \ + --replace "my \$BR_PRT_PATH =" "my \$BR_PRT_PATH = \"$out/opt/brother/Printers/MFCL2710DW\"; #" \ + --replace "PRINTER =~" "PRINTER = \"MFCL2710DW\"; #" - # Make sure all executables have the necessary runtime dependencies available - find "$out" -executable -and -type f | while read file; do - wrapProgram "$file" --prefix PATH : "${lib.makeBinPath runtimeDeps}" - done + # Make sure all executables have the necessary runtime dependencies available + find "$out" -executable -and -type f | while read file; do + wrapProgram "$file" --prefix PATH : "${lib.makeBinPath runtimeDeps}" + done - # Symlink filter and ppd into a location where CUPS will discover it - mkdir -p $out/lib/cups/filter - mkdir -p $out/share/cups/model + # Symlink filter and ppd into a location where CUPS will discover it + mkdir -p $out/lib/cups/filter + mkdir -p $out/share/cups/model - ln -s \ - $out/opt/brother/Printers/MFCL2710DW/lpd/lpdfilter \ - $out/lib/cups/filter/brother_lpdwrapper_MFCL2710DW + ln -s \ + $out/opt/brother/Printers/MFCL2710DW/lpd/lpdfilter \ + $out/lib/cups/filter/brother_lpdwrapper_MFCL2710DW - ln -s \ - $out/opt/brother/Printers/MFCL2710DW/cupswrapper/brother-MFCL2710DW-cups-en.ppd \ - $out/share/cups/model/ + ln -s \ + $out/opt/brother/Printers/MFCL2710DW/cupswrapper/brother-MFCL2710DW-cups-en.ppd \ + $out/share/cups/model/ - runHook postInstall - ''; -} + runHook postInstall + ''; + } diff --git a/modules/prometheus-exporters/default.nix b/modules/prometheus-exporters/default.nix index 4d1a70e..f183852 100644 --- a/modules/prometheus-exporters/default.nix +++ b/modules/prometheus-exporters/default.nix @@ -1,89 +1,56 @@ { config, + pkgs, lib, ... -}: -let +}: let hostname = config.networking.hostName; mkFor = hosts: lib.mkIf (builtins.elem hostname hosts); -in -{ +in { services.prometheus.exporters = { - node = - mkFor - [ - "sisko" - "picard" - "kirk" - ] - { - enable = true; - enabledCollectors = [ - "cpu" - "conntrack" - "diskstats" - "entropy" - "filefd" - "filesystem" - "loadavg" - "mdadm" - "meminfo" - "netdev" - "netstat" - "stat" - "time" - "vmstat" - "systemd" - "logind" - "interrupts" - "ksmd" - "textfile" - "pressure" - ]; - extraFlags = [ - "--collector.ethtool" - "--collector.softirqs" - "--collector.tcpstat" - "--collector.wifi" - ]; - }; - wireguard = - mkFor - [ - "sisko" - "picard" - "kirk" - ] - { - enable = true; - }; - zfs = - mkFor - [ - "picard" - "kirk" - ] - { - enable = true; - }; + node = mkFor ["sisko" "picard" "kirk"] { + enable = true; + enabledCollectors = [ + "cpu" + "conntrack" + "diskstats" + "entropy" + "filefd" + "filesystem" + "loadavg" + "mdadm" + "meminfo" + "netdev" + "netstat" + "stat" + "time" + "vmstat" + "systemd" + "logind" + "interrupts" + "ksmd" + "textfile" + "pressure" + ]; + extraFlags = ["--collector.ethtool" "--collector.softirqs" "--collector.tcpstat" "--collector.wifi"]; + }; + wireguard = mkFor ["sisko" "picard" "kirk"] { + enable = true; + }; + zfs = mkFor ["picard" "kirk"] { + enable = true; + }; # restic = mkFor ["sisko"] { # enable = true; # }; - postgres = mkFor [ "sisko" ] { + postgres = mkFor ["sisko"] { enable = true; }; - nginx = mkFor [ "sisko" ] { + nginx = mkFor ["sisko"] { + enable = true; + }; + smartctl = mkFor ["sisko" "picard" "kirk"] { enable = true; }; - smartctl = - mkFor - [ - "sisko" - "picard" - "kirk" - ] - { - enable = true; - }; }; } diff --git a/modules/prometheus/default.nix b/modules/prometheus/default.nix index 382d4e8..cd52e90 100644 --- a/modules/prometheus/default.nix +++ b/modules/prometheus/default.nix @@ -1,8 +1,6 @@ -{ config, ... }: -let +{config, ...}: let cfg = config.services.prometheus; -in -{ +in { services.prometheus = { enable = true; pushgateway = { @@ -21,9 +19,7 @@ in bearer_token_file = config.age.secrets.home-assistant-token.path; static_configs = [ { - targets = [ - "sisko.fleet:${builtins.toString config.services.home-assistant.config.http.server_port}" - ]; + targets = ["sisko.fleet:${builtins.toString config.services.home-assistant.config.http.server_port}"]; } ]; } @@ -31,7 +27,7 @@ in job_name = "pushgateway"; static_configs = [ { - targets = [ cfg.pushgateway.web.listen-address ]; + targets = [cfg.pushgateway.web.listen-address]; } ]; } @@ -39,11 +35,7 @@ in job_name = "node"; static_configs = [ { - targets = builtins.map (host: "${host}.fleet:9100") [ - "sisko" - "picard" - "kirk" - ]; + targets = builtins.map (host: "${host}.fleet:9100") ["sisko" "picard" "kirk"]; } ]; } @@ -51,10 +43,7 @@ in job_name = "wireguard"; static_configs = [ { - targets = builtins.map (host: "${host}.fleet:9586") [ - "picard" - "kirk" - ]; + targets = builtins.map (host: "${host}.fleet:9586") ["picard" "kirk"]; } ]; } @@ -62,10 +51,7 @@ in job_name = "zfs"; static_configs = [ { - targets = builtins.map (host: "${host}.fleet:9134") [ - "picard" - "kirk" - ]; + targets = builtins.map (host: "${host}.fleet:9134") ["picard" "kirk"]; } ]; } @@ -73,7 +59,7 @@ in job_name = "restic"; static_configs = [ { - targets = builtins.map (host: "${host}.fleet:9753") [ "sisko" ]; + targets = builtins.map (host: "${host}.fleet:9753") ["sisko"]; } ]; } @@ -81,7 +67,7 @@ in job_name = "postgres"; static_configs = [ { - targets = builtins.map (host: "${host}.fleet:9187") [ "sisko" ]; + targets = builtins.map (host: "${host}.fleet:9187") ["sisko"]; } ]; } @@ -89,7 +75,7 @@ in job_name = "nginx"; static_configs = [ { - targets = builtins.map (host: "${host}.fleet:9117") [ "sisko" ]; + targets = builtins.map (host: "${host}.fleet:9117") ["sisko"]; } ]; } @@ -97,11 +83,7 @@ in job_name = "smartctl"; static_configs = [ { - targets = builtins.map (host: "${host}.fleet:9633") [ - "sisko" - "kirk" - "picard" - ]; + targets = builtins.map (host: "${host}.fleet:9633") ["sisko" "kirk" "picard"]; } ]; } diff --git a/modules/promtail/default.nix b/modules/promtail/default.nix index f2ab2ef..f6d7621 100644 --- a/modules/promtail/default.nix +++ b/modules/promtail/default.nix @@ -3,8 +3,7 @@ lib, config, ... -}: -let +}: let conf = { server = { http_listen_port = 28183; @@ -12,9 +11,7 @@ let }; clients = [ { - url = "http://sisko.fleet:${ - builtins.toString config.services.loki.configuration.server.http_listen_port or 3100 - }/loki/api/v1/push"; + url = "http://sisko.fleet:${builtins.toString config.services.loki.configuration.server.http_listen_port or 3100}/loki/api/v1/push"; } ]; positions = { @@ -32,7 +29,7 @@ let }; relabel_configs = [ { - source_labels = [ "__journal__systemd_unit" ]; + source_labels = ["__journal__systemd_unit"]; target_label = "unit"; } ]; @@ -41,13 +38,12 @@ let }; configFile = pkgs.writeTextFile { name = "promtail.yaml"; - text = lib.generators.toYAML { } conf; + text = lib.generators.toYAML {} conf; }; -in -{ +in { systemd.services.promtail = { description = "Promtail service for Loki"; - wantedBy = [ "multi-user.target" ]; + wantedBy = ["multi-user.target"]; serviceConfig = { ExecStart = '' diff --git a/modules/qmk-udev/default.nix b/modules/qmk-udev/default.nix index 5bfd1e6..8a9b4ba 100644 --- a/modules/qmk-udev/default.nix +++ b/modules/qmk-udev/default.nix @@ -1,4 +1,3 @@ -{ pkgs, ... }: -{ - services.udev.packages = [ pkgs.qmk-udev-rules ]; +{pkgs, ...}: { + services.udev.packages = [pkgs.qmk-udev-rules]; } diff --git a/modules/remote-xfce/default.nix b/modules/remote-xfce/default.nix index c9889f7..af0b332 100644 --- a/modules/remote-xfce/default.nix +++ b/modules/remote-xfce/default.nix @@ -1,8 +1,8 @@ { pkgs, + config, ... -}: -{ +}: { # nixpkgs.config.pulseaudio = true; # services.xrdp = { # enable = true; @@ -16,14 +16,11 @@ # }; # displayManager.defaultSession = "xfce"; # }; - environment.systemPackages = with pkgs; [ - sunshine - superTuxKart - ]; + environment.systemPackages = with pkgs; [sunshine superTuxKart]; - boot.kernelModules = [ "uinput" ]; + boot.kernelModules = ["uinput"]; - users.groups.input.members = [ "ccr" ]; + users.groups.input.members = ["ccr"]; services.udev.extraRules = '' KERNEL=="uinput", SUBSYSTEM=="misc", OPTIONS+="static_node=uinput", TAG+="uaccess"' | diff --git a/modules/restic/default.nix b/modules/restic/default.nix index 0d082b3..52da5cf 100644 --- a/modules/restic/default.nix +++ b/modules/restic/default.nix @@ -3,13 +3,11 @@ pkgs, lib, ... -}: -let +}: let user = "u382036-sub1"; host = "u382036.your-storagebox.de"; port = "23"; -in -{ +in { age.secrets = { HETZNER_STORAGE_BOX_SISKO_SSH_PASSWORD = { file = ../../secrets/hetzner-storage-box-sisko-ssh-password.age; @@ -21,12 +19,10 @@ in }; }; - services.openssh.knownHosts."${ - host - }".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs"; + services.openssh.knownHosts."${host}".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs"; services.restic.backups.sisko = { - paths = [ "/persist" ]; + paths = ["/persist"]; passwordFile = config.age.secrets.SISKO_RESTIC_PASSWORD.path; extraOptions = [ "sftp.command='${lib.getExe pkgs.sshpass} -f ${config.age.secrets.HETZNER_STORAGE_BOX_SISKO_SSH_PASSWORD.path} ssh -p${port} ${user}@${host} -s sftp'" diff --git a/modules/rock5b-proxy/default.nix b/modules/rock5b-proxy/default.nix index 926f664..6e51923 100644 --- a/modules/rock5b-proxy/default.nix +++ b/modules/rock5b-proxy/default.nix @@ -1,8 +1,7 @@ -{ config, ... }: -{ - imports = [ ../nginx-base ]; +{config, ...}: { + imports = [../nginx-base]; services.nginx.virtualHosts = { - localhost.listen = [ { addr = "127.0.0.1"; } ]; + localhost.listen = [{addr = "127.0.0.1";}]; "home.aciceri.dev" = { forceSSL = true; enableACME = true; diff --git a/modules/rock5b-samba/default.nix b/modules/rock5b-samba/default.nix index 3791c92..e26c8b8 100644 --- a/modules/rock5b-samba/default.nix +++ b/modules/rock5b-samba/default.nix @@ -36,10 +36,7 @@ }; networking.firewall = { - allowedTCPPorts = [ - 139 - 445 - ]; - allowedUDPPorts = [ 138 ]; + allowedTCPPorts = [139 445]; + allowedUDPPorts = [138]; }; } diff --git a/modules/searx/default.nix b/modules/searx/default.nix index 85f616f..8d18188 100644 --- a/modules/searx/default.nix +++ b/modules/searx/default.nix @@ -1,14 +1,10 @@ -{ pkgs, ... }: -{ +{pkgs, ...}: { services.searx = { enable = true; package = pkgs.searxng; settings = { server.secret_key = "secret"; - search.formats = [ - "html" - "json" - ]; + search.formats = ["html" "json"]; }; }; } diff --git a/modules/ssh-initrd/default.nix b/modules/ssh-initrd/default.nix index 79a936d..07b7c5a 100644 --- a/modules/ssh-initrd/default.nix +++ b/modules/ssh-initrd/default.nix @@ -2,8 +2,7 @@ config, pkgs, ... -}: -{ +}: { # For unlocking the disk connect using ssh and type # systemctl start initrd-nixos-activation boot.initrd = { diff --git a/modules/ssh/default.nix b/modules/ssh/default.nix index fdcb9ad..8f8033a 100644 --- a/modules/ssh/default.nix +++ b/modules/ssh/default.nix @@ -1,5 +1,4 @@ -{ fleetFlake, ... }: -{ +{fleetFlake, ...}: { services = { openssh = { enable = true; @@ -16,7 +15,5 @@ }; # This makes sense only because I'm the only user for these machines - users.users.root.openssh.authorizedKeys.keys = builtins.attrValues ( - with (import "${fleetFlake}/lib"); keys.users // keys.hosts - ); + users.users.root.openssh.authorizedKeys.keys = builtins.attrValues (with (import "${fleetFlake}/lib"); keys.users // keys.hosts); } diff --git a/modules/syncthing/default.nix b/modules/syncthing/default.nix index b857df4..0acb3dc 100644 --- a/modules/syncthing/default.nix +++ b/modules/syncthing/default.nix @@ -1,5 +1,4 @@ -{ config, ... }: -{ +{config, ...}: { services = { syncthing = { enable = true; @@ -46,12 +45,7 @@ kirk = "/home/${config.ccr.username}/org"; } .${config.networking.hostName}; - devices = [ - "picard" - "sisko" - "kirk" - "oneplus8t" - ]; + devices = ["picard" "sisko" "kirk" "oneplus8t"]; }; sync = { path = @@ -61,11 +55,7 @@ kirk = "/home/${config.ccr.username}/sync"; } .${config.networking.hostName}; - devices = [ - "picard" - "sisko" - "kirk" - ]; + devices = ["picard" "sisko" "kirk"]; }; }; }; diff --git a/modules/teamviewer/default.nix b/modules/teamviewer/default.nix index e4f20e2..6ed6177 100644 --- a/modules/teamviewer/default.nix +++ b/modules/teamviewer/default.nix @@ -1,5 +1,4 @@ -{ pkgs, ... }: -{ +{pkgs, ...}: { services.teamviewer.enable = true; - ccr.packages = [ pkgs.teamviewer ]; + ccr.packages = [pkgs.teamviewer]; } diff --git a/modules/transmission/default.nix b/modules/transmission/default.nix index 2a1f3cb..c1bcc3d 100644 --- a/modules/transmission/default.nix +++ b/modules/transmission/default.nix @@ -1,5 +1,4 @@ -{ config, ... }: -{ +{config, ...}: { services.transmission = { enable = true; openRPCPort = true; @@ -45,7 +44,7 @@ "d /mnt/hd/torrent/.incomplete 770 transmission transmission" ]; - ccr.extraGroups = [ "transmission" ]; + ccr.extraGroups = ["transmission"]; environment.persistence."/persist".directories = [ config.services.transmission.home diff --git a/modules/virt-manager/default.nix b/modules/virt-manager/default.nix index 37863e6..08097fe 100644 --- a/modules/virt-manager/default.nix +++ b/modules/virt-manager/default.nix @@ -1,7 +1,6 @@ -{ config, ... }: -{ +{config, ...}: { programs.virt-manager.enable = true; virtualisation.libvirtd.enable = true; - users.users."${config.ccr.username}".extraGroups = [ "libvirtd" ]; + users.users."${config.ccr.username}".extraGroups = ["libvirtd"]; virtualisation.libvirtd.qemu.swtpm.enable = true; } diff --git a/modules/vm-mara/default.nix b/modules/vm-mara/default.nix index ff3e7c9..b1e8051 100644 --- a/modules/vm-mara/default.nix +++ b/modules/vm-mara/default.nix @@ -1,10 +1,10 @@ { + config, pkgs, # lib, # fleetFlake, ... -}: -{ +}: { security.polkit.enable = true; virtualisation.libvirtd.enable = true; @@ -117,37 +117,35 @@ # -audiodev alsa,id=snd0,out.try-poll=off -device ich9-intel-hda -device hda-output,audiodev=snd0 \ # -device vfio-pci,host=00:02.0 \ - systemd.services.vm-mara = - let - start-vm = pkgs.writeShellApplication { - name = "start-vm"; - runtimeInputs = with pkgs; [ qemu ]; - text = '' - [ ! -f /var/lib/vm-mara/w10.qcow2 ] && \ - qemu-img create -f qcow2 /var/lib/vm-mara/w10.qcow2 50G + systemd.services.vm-mara = let + start-vm = pkgs.writeShellApplication { + name = "start-vm"; + runtimeInputs = with pkgs; [qemu]; + text = '' + [ ! -f /var/lib/vm-mara/w10.qcow2 ] && \ + qemu-img create -f qcow2 /var/lib/vm-mara/w10.qcow2 50G - qemu-system-x86_64 \ - -enable-kvm \ - -cpu host,kvm=off,hv-spinlocks=819,hv-vapic=on,hv-relaxed=on,hv-vendor-id="IrisXE" \ - -smp 4 \ - -m 8192 \ - -nic user,model=virtio-net-pci,hostfwd=tcp::3389-:3389,hostfwd=tcp::47989-:47989,hostfwd=tcp::47990-:47990,hostfwd=tcp::47984-:47984,hostfwd=tcp::48010-:48010,hostfwd=udp::47998-:47988,hostfwd=udp::47999-:47999,hostfwd=udp::48000-:48000,hostfwd=udp::48002-:48002,hostfwd=udp::48003-:48003,hostfwd=udp::48004-:48004,hostfwd=udp::48005-:48005,hostfwd=udp::48006-:48006,hostfwd=udp::48007-:48007,hostfwd=udp::48008-:48008,hostfwd=udp::48009-:48009,hostfwd=udp::48010-:48010 \ - -cdrom /var/lib/vm-mara/virtio-win.iso \ - -device nec-usb-xhci,id=usb,bus=pci.0,addr=0x4 \ - -device usb-tablet \ - -vnc :0 \ - -nographic \ - -vga none \ - -drive file=/var/lib/vm-mara/w10.qcow2 \ - -device vfio-pci,host=00:02.0,addr=03.0,x-vga=on,multifunction=on,romfile=${./adls_dmc_ver2_01.bin} - ''; - }; - in - { - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - serviceConfig = { - ExecStart = "${start-vm}/bin/start-vm"; - }; + qemu-system-x86_64 \ + -enable-kvm \ + -cpu host,kvm=off,hv-spinlocks=819,hv-vapic=on,hv-relaxed=on,hv-vendor-id="IrisXE" \ + -smp 4 \ + -m 8192 \ + -nic user,model=virtio-net-pci,hostfwd=tcp::3389-:3389,hostfwd=tcp::47989-:47989,hostfwd=tcp::47990-:47990,hostfwd=tcp::47984-:47984,hostfwd=tcp::48010-:48010,hostfwd=udp::47998-:47988,hostfwd=udp::47999-:47999,hostfwd=udp::48000-:48000,hostfwd=udp::48002-:48002,hostfwd=udp::48003-:48003,hostfwd=udp::48004-:48004,hostfwd=udp::48005-:48005,hostfwd=udp::48006-:48006,hostfwd=udp::48007-:48007,hostfwd=udp::48008-:48008,hostfwd=udp::48009-:48009,hostfwd=udp::48010-:48010 \ + -cdrom /var/lib/vm-mara/virtio-win.iso \ + -device nec-usb-xhci,id=usb,bus=pci.0,addr=0x4 \ + -device usb-tablet \ + -vnc :0 \ + -nographic \ + -vga none \ + -drive file=/var/lib/vm-mara/w10.qcow2 \ + -device vfio-pci,host=00:02.0,addr=03.0,x-vga=on,multifunction=on,romfile=${./adls_dmc_ver2_01.bin} + ''; }; + in { + wantedBy = ["multi-user.target"]; + after = ["network.target"]; + serviceConfig = { + ExecStart = "${start-vm}/bin/start-vm"; + }; + }; } diff --git a/modules/vm-mara/i915-sriov-dkms.nix b/modules/vm-mara/i915-sriov-dkms.nix index 892b4ae..894ee01 100644 --- a/modules/vm-mara/i915-sriov-dkms.nix +++ b/modules/vm-mara/i915-sriov-dkms.nix @@ -2,9 +2,9 @@ stdenv, kernel, fetchFromGitHub, + runCommand, ... -}: -let +}: let m = stdenv.mkDerivation rec { name = "i915-sriov-dkms"; version = "4d89a1d5ba8c66308e3276c5297eda838c70cc31"; @@ -22,29 +22,32 @@ let export sourceRoot=$(pwd)/source ''; - makeFlags = kernel.makeFlags ++ [ - "-C" - "${kernel.dev}/lib/modules/${kernel.modDirVersion}/build" - "M=$(sourceRoot)" - "KVER=${kernel.version}" - ]; + makeFlags = + kernel.makeFlags + ++ [ + "-C" + "${kernel.dev}/lib/modules/${kernel.modDirVersion}/build" + "M=$(sourceRoot)" + "KVER=${kernel.version}" + ]; # installPhase = '' # install -D i915.ko $out/lib/modules/${kernel.modDirVersion}/kernel/drivers/gpu/drm/i915/i915.ko # ''; - installFlags = [ "INSTALL_MOD_PATH=${placeholder "out"}" ]; + installFlags = ["INSTALL_MOD_PATH=${placeholder "out"}"]; - installTargets = [ "modules_install" ]; + installTargets = ["modules_install"]; enableParallelBuilding = true; # meta.priority = -10; }; in -m + m # in runCommand "test" {} '' # # mkdir -p $out/lib/modules/6.1.30/kernel/drivers/gpu/drm/i915 # mkdir -p $out/lib/modules/6.1.30/extra # cp ${m}/lib/modules/6.1.30/extra/i915.ko.xz $out/lib/modules/6.1.30/extra/foo.ko.xz # '' + diff --git a/modules/vm-sala/default.nix b/modules/vm-sala/default.nix index 5702a2a..4dc5457 100644 --- a/modules/vm-sala/default.nix +++ b/modules/vm-sala/default.nix @@ -1,9 +1,9 @@ { pkgs, + lib, fleetFlake, ... -}: -{ +}: { security.polkit.enable = true; virtualisation.libvirtd.enable = true; @@ -11,7 +11,7 @@ 2222 ]; - imports = [ ../nginx-base ]; + imports = [../nginx-base]; services.nginx.virtualHosts."git.slavni.aciceri.dev" = { forceSSL = true; @@ -21,74 +21,67 @@ }; }; - systemd.services.vm-sala = - let - initial-config = fleetFlake.inputs.nixos-generators.nixosGenerate { - system = "x86_64-linux"; - modules = [ - # fleetFlake.inputs.nixos-vscode-server.nixosModule - ( - { - modulesPath, - lib, - config, - ... - }: - { - # services.vscode-server = { - # enable = true; - # enableFHS = true; - # }; - system.build.qcow = lib.mkForce ( - import "${toString modulesPath}/../lib/make-disk-image.nix" { - inherit lib config pkgs; - diskSize = 50 * 1024; - format = "qcow2"; - partitionTableType = "hybrid"; - } - ); - services.openssh.enable = true; - environment.systemPackages = with pkgs; [ - vim - git - htop - ]; - users.users.root = { - password = "password"; - openssh.authorizedKeys.keys = [ - (import "${fleetFlake.outPath}/lib").keys.users.ccr-ssh - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7qikwR0a4LDoMQIVvtX+gyJ41OsAOWe8RcXc4ksIBP9x1nCcSrItlgC2soADB77QGIgyeyLGmnTCtMj5/s8NdREAycPeXLii1WRakbT7oZ/hTEmvAgObpadeYJn3LhaUDNtmsnAqqh2pRpCpSsAdhfIt+YyV4VgRYSfaa12Ozp/H6NI9bJMNttmG8TmY9V4zyskV9bE+up9y8Yuck2bZV/GjQe6UWgxsiC3XPSrFFGuxyaFMRGsc8h86xVwTAmwaHESEFhRvHD4EtdPNss0jqmSI6m4AoSZQ2wq7eiH8ZiYzERF0FnEFf4UsyOTM7j78bfogNLfKrdcEIPLrNNFFc3Iarfe9CJn3DdSnwwPnhFU1MBBXSbGOp1IyN3+gpjHwLMPzozlDAVqOwx6XpnpF78VpeknFBHCbkcKC/R0MXzqf900wH3i2HvfB7v9e9EUFzCQ0vUC+1Og+BFw3F5VSo0QtZyLc4BJ/akBs5mEE6TnuWQa/GhlY8Lz7wbcV1AaBOAQdx+NTbL/+Q31SJ1XsXtGtXCrwMY9noUTyVfpGVXo7Mn4HSslmeQ9SKfYKjyetkBR/1f8a47O3rCggjBy1AlfLjgbERnXy+0Ma4T8lnPZAKt3s9Ya1JupZ7SO7D5j7WfPKP+60c372/RrX1wXsxEeLvBJ0jd8GnSCXDOuvHTQ==" - ]; - }; - } - ) - ]; - format = "qcow"; - }; - image = "${initial-config}/nixos.qcow2"; - start-vm = pkgs.writeShellApplication { - name = "start-vm"; - runtimeInputs = with pkgs; [ qemu ]; - text = '' - [ ! -f /var/lib/vm-sala/nixos.qcow2 ] && \ - install ${image} /var/lib/vm-sala - - qemu-system-x86_64 \ - -enable-kvm \ - -cpu host \ - -smp 2 \ - -m 4096 \ - -nic user,model=virtio-net-pci,hostfwd=tcp::2222-:22,hostfwd=tcp::13000-:3000 \ - -nographic \ - -drive file=/var/lib/vm-sala/nixos.qcow2 - ''; - }; - in - { - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - serviceConfig = { - ExecStart = "${start-vm}/bin/start-vm"; - }; + systemd.services.vm-sala = let + initial-config = fleetFlake.inputs.nixos-generators.nixosGenerate { + system = "x86_64-linux"; + modules = [ + # fleetFlake.inputs.nixos-vscode-server.nixosModule + ({ + modulesPath, + lib, + config, + ... + }: { + # services.vscode-server = { + # enable = true; + # enableFHS = true; + # }; + system.build.qcow = lib.mkForce (import "${toString modulesPath}/../lib/make-disk-image.nix" { + inherit lib config pkgs; + diskSize = 50 * 1024; + format = "qcow2"; + partitionTableType = "hybrid"; + }); + services.openssh.enable = true; + environment.systemPackages = with pkgs; [ + vim + git + htop + ]; + users.users.root = { + password = "password"; + openssh.authorizedKeys.keys = [ + (import "${fleetFlake.outPath}/lib").keys.users.ccr-ssh + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7qikwR0a4LDoMQIVvtX+gyJ41OsAOWe8RcXc4ksIBP9x1nCcSrItlgC2soADB77QGIgyeyLGmnTCtMj5/s8NdREAycPeXLii1WRakbT7oZ/hTEmvAgObpadeYJn3LhaUDNtmsnAqqh2pRpCpSsAdhfIt+YyV4VgRYSfaa12Ozp/H6NI9bJMNttmG8TmY9V4zyskV9bE+up9y8Yuck2bZV/GjQe6UWgxsiC3XPSrFFGuxyaFMRGsc8h86xVwTAmwaHESEFhRvHD4EtdPNss0jqmSI6m4AoSZQ2wq7eiH8ZiYzERF0FnEFf4UsyOTM7j78bfogNLfKrdcEIPLrNNFFc3Iarfe9CJn3DdSnwwPnhFU1MBBXSbGOp1IyN3+gpjHwLMPzozlDAVqOwx6XpnpF78VpeknFBHCbkcKC/R0MXzqf900wH3i2HvfB7v9e9EUFzCQ0vUC+1Og+BFw3F5VSo0QtZyLc4BJ/akBs5mEE6TnuWQa/GhlY8Lz7wbcV1AaBOAQdx+NTbL/+Q31SJ1XsXtGtXCrwMY9noUTyVfpGVXo7Mn4HSslmeQ9SKfYKjyetkBR/1f8a47O3rCggjBy1AlfLjgbERnXy+0Ma4T8lnPZAKt3s9Ya1JupZ7SO7D5j7WfPKP+60c372/RrX1wXsxEeLvBJ0jd8GnSCXDOuvHTQ==" + ]; + }; + }) + ]; + format = "qcow"; }; + image = "${initial-config}/nixos.qcow2"; + start-vm = pkgs.writeShellApplication { + name = "start-vm"; + runtimeInputs = with pkgs; [qemu]; + text = '' + [ ! -f /var/lib/vm-sala/nixos.qcow2 ] && \ + install ${image} /var/lib/vm-sala + + qemu-system-x86_64 \ + -enable-kvm \ + -cpu host \ + -smp 2 \ + -m 4096 \ + -nic user,model=virtio-net-pci,hostfwd=tcp::2222-:22,hostfwd=tcp::13000-:3000 \ + -nographic \ + -drive file=/var/lib/vm-sala/nixos.qcow2 + ''; + }; + in { + wantedBy = ["multi-user.target"]; + after = ["network.target"]; + serviceConfig = { + ExecStart = "${start-vm}/bin/start-vm"; + }; + }; } diff --git a/modules/vm-ubuntu/default.nix b/modules/vm-ubuntu/default.nix index f7c4518..9c07fe5 100644 --- a/modules/vm-ubuntu/default.nix +++ b/modules/vm-ubuntu/default.nix @@ -1,5 +1,4 @@ -{ pkgs, ... }: -{ +{pkgs, ...}: { virtualisation.libvirtd.enable = true; networking.firewall.interfaces."wg0" = { @@ -11,27 +10,25 @@ ]; }; - systemd.services.vm-ubuntu = - let - start-vm = pkgs.writeShellApplication { - name = "start-vm"; - runtimeInputs = with pkgs; [ qemu ]; - text = '' - qemu-system-x86_64 \ - -enable-kvm \ - -cpu host,kvm=on,hv-vendor_id="GenuineIntel" \ - -smp 4 \ - -m 8192 \ - -nic user,model=virtio-net-pci,hostfwd=tcp::60022-:22,hostfwd=tcp::8545-:8545 \ - -drive file=/var/lib/vm-ubuntu/ubuntu.qcow2 - ''; - }; - in - { - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - serviceConfig = { - ExecStart = "${start-vm}/bin/start-vm"; - }; + systemd.services.vm-ubuntu = let + start-vm = pkgs.writeShellApplication { + name = "start-vm"; + runtimeInputs = with pkgs; [qemu]; + text = '' + qemu-system-x86_64 \ + -enable-kvm \ + -cpu host,kvm=on,hv-vendor_id="GenuineIntel" \ + -smp 4 \ + -m 8192 \ + -nic user,model=virtio-net-pci,hostfwd=tcp::60022-:22,hostfwd=tcp::8545-:8545 \ + -drive file=/var/lib/vm-ubuntu/ubuntu.qcow2 + ''; }; + in { + wantedBy = ["multi-user.target"]; + after = ["network.target"]; + serviceConfig = { + ExecStart = "${start-vm}/bin/start-vm"; + }; + }; } diff --git a/modules/wireguard-client/default.nix b/modules/wireguard-client/default.nix index 352aa40..9a93f17 100644 --- a/modules/wireguard-client/default.nix +++ b/modules/wireguard-client/default.nix @@ -2,17 +2,16 @@ config, vpn, ... -}: -{ - imports = [ ../wireguard-common ]; +}: { + imports = [../wireguard-common]; networking.wireguard.interfaces.wg0 = { mtu = 1200; - ips = [ "${vpn.${config.networking.hostName}.ip}/32" ]; + ips = ["${vpn.${config.networking.hostName}.ip}/32"]; peers = [ { publicKey = vpn.sisko.publicKey; - allowedIPs = [ "10.100.0.0/24" ]; + allowedIPs = ["10.100.0.0/24"]; endpoint = "vpn.aciceri.dev:51820"; persistentKeepalive = 25; } diff --git a/modules/wireguard-common/default.nix b/modules/wireguard-common/default.nix index ad50ad8..9ebfc78 100644 --- a/modules/wireguard-common/default.nix +++ b/modules/wireguard-common/default.nix @@ -3,8 +3,7 @@ config, vpn, ... -}: -{ +}: { networking.firewall.interfaces.wg0 = { allowedUDPPortRanges = [ { @@ -25,8 +24,11 @@ listenPort = 51820; }; - networking.hosts = lib.mapAttrs' (hostname: vpnConfig: { - name = vpnConfig.ip; - value = [ "${hostname}.fleet" ]; - }) vpn; + networking.hosts = + lib.mapAttrs' + (hostname: vpnConfig: { + name = vpnConfig.ip; + value = ["${hostname}.fleet"]; + }) + vpn; } diff --git a/modules/wireguard-server/default.nix b/modules/wireguard-server/default.nix index 27c8a8a..7c4b7c7 100644 --- a/modules/wireguard-server/default.nix +++ b/modules/wireguard-server/default.nix @@ -3,19 +3,20 @@ lib, vpn, ... -}: -{ - imports = [ ../wireguard-common ]; +}: { + imports = [../wireguard-common]; networking.nat.enable = true; - networking.firewall.allowedUDPPorts = [ config.networking.wireguard.interfaces.wg0.listenPort ]; # FIXME move this to wireguard-server + networking.firewall.allowedUDPPorts = [config.networking.wireguard.interfaces.wg0.listenPort]; # FIXME move this to wireguard-server networking.wireguard.interfaces.wg0 = { - ips = [ "${vpn.${config.networking.hostName}.ip}/24" ]; - peers = lib.mapAttrsToList (_hostname: vpnConfig: { - publicKey = vpnConfig.publicKey; - allowedIPs = [ "${vpnConfig.ip}/32" ]; - }) vpn; + ips = ["${vpn.${config.networking.hostName}.ip}/24"]; + peers = + lib.mapAttrsToList (hostname: vpnConfig: { + publicKey = vpnConfig.publicKey; + allowedIPs = ["${vpnConfig.ip}/32"]; + }) + vpn; }; } diff --git a/modules/xdg/default.nix b/modules/xdg/default.nix index 0a07d40..5631915 100644 --- a/modules/xdg/default.nix +++ b/modules/xdg/default.nix @@ -1,5 +1,4 @@ -{ pkgs, ... }: -{ +{pkgs, ...}: { xdg = { portal = { enable = true; diff --git a/packages/default.nix b/packages/default.nix index ace7ede..9aedeba 100644 --- a/packages/default.nix +++ b/packages/default.nix @@ -4,18 +4,16 @@ config, self, ... -}: -{ +}: { options.fleet = { - overlays = - let - overlayType = lib.mkOptionType { - name = "nixpkgs-overlay"; - description = "nixpkgs overlay"; - check = lib.isFunction; - merge = lib.mergeOneOption; - }; - in + overlays = let + overlayType = lib.mkOptionType { + name = "nixpkgs-overlay"; + description = "nixpkgs overlay"; + check = lib.isFunction; + merge = lib.mergeOneOption; + }; + in lib.mkOption { description = "Nixpkgs overlays to apply at flake level (not in hosts)"; type = lib.types.listOf overlayType; @@ -32,25 +30,27 @@ description = "Packages that are broken on a given system"; type = lib.types.attrsOf (lib.types.listOf lib.types.str); default = { - aarch64-linux = [ "llm-workflow-engine" ]; - x86_64-linux = [ ]; + aarch64-linux = ["llm-workflow-engine"]; + x86_64-linux = []; }; }; }; - config.perSystem = - { - system, - lib, - pkgs, - ... - }: - { - _module.args.pkgs = lib.foldl ( - legacyPackages: legacyPackages.extend - ) inputs.nixpkgs.legacyPackages.${system} config.fleet.overlays; + config.perSystem = { + system, + lib, + pkgs, + ... + }: { + _module.args.pkgs = + lib.foldl + (legacyPackages: legacyPackages.extend) + inputs.nixpkgs.legacyPackages.${system} + config.fleet.overlays; - packages = builtins.removeAttrs (lib.mapAttrs' + packages = + builtins.removeAttrs + (lib.mapAttrs' (name: value: { inherit name; value = pkgs.callPackage "${self}/packages/${name}" { @@ -60,7 +60,9 @@ packagePath = "packages/${name}"; }; }) - (lib.filterAttrs (_: type: type == "directory") (builtins.readDir "${self}/packages")) - ) config.fleet.brokenPackages.${system}; - }; + (lib.filterAttrs + (_: type: type == "directory") + (builtins.readDir "${self}/packages"))) + config.fleet.brokenPackages.${system}; + }; } diff --git a/packages/deploy/default.nix b/packages/deploy/default.nix index 058993b..e7cfd57 100644 --- a/packages/deploy/default.nix +++ b/packages/deploy/default.nix @@ -6,5 +6,5 @@ writeShellApplication { name = "deploy"; text = builtins.readFile ./deploy.sh; - runtimeInputs = [ nixos-rebuild ]; + runtimeInputs = [nixos-rebuild]; } diff --git a/packages/garmin-collector/default.nix b/packages/garmin-collector/default.nix index 8f911a4..2e19330 100644 --- a/packages/garmin-collector/default.nix +++ b/packages/garmin-collector/default.nix @@ -8,5 +8,5 @@ writers.writePython3Bin "garmin-collector" { prometheus-client garminconnect ]; - flakeIgnore = [ "E501" ]; + flakeIgnore = ["E501"]; } (builtins.readFile ./garmin-collector.py) diff --git a/packages/llm-workflow-engine/default.nix b/packages/llm-workflow-engine/default.nix index 307d133..486eded 100644 --- a/packages/llm-workflow-engine/default.nix +++ b/packages/llm-workflow-engine/default.nix @@ -5,63 +5,60 @@ packagePath, fetchFromGitHub, ... -}: -let +}: let src = fetchFromGitHub { owner = "llm-workflow-engine"; repo = "llm-workflow-engine"; rev = "v0.18.10"; hash = "sha256-q9tCPQvGtufSL+E0h5gB0pA1CaKB9nUL1Hf5cmImZz8"; }; - module = - { - config, - lib, - dream2nix, - ... - }: - { - imports = [ - dream2nix.modules.dream2nix.pip - ]; + module = { + config, + lib, + dream2nix, + ... + }: { + imports = [ + dream2nix.modules.dream2nix.pip + ]; - name = "llm-workflow-engine"; - version = "0.18.10"; + name = "llm-workflow-engine"; + version = "0.18.10"; - paths = { - inherit projectRoot; - package = packagePath; - }; - - mkDerivation = { - src = src; - propagatedBuildInputs = [ - config.pip.drvs.setuptools.public - ]; - }; - - buildPythonPackage = { - format = lib.mkForce "pyproject"; - pythonImportsCheck = [ - "lwe" - ]; - catchConflicts = false; - }; - - pip = { - pypiSnapshotDate = "2024-04-25"; - requirementsFiles = [ - "${src}/requirements.txt" - ]; - requirementsList = [ - "setuptools" - ]; - flattenDependencies = true; - }; + paths = { + inherit projectRoot; + package = packagePath; }; + + mkDerivation = { + src = src; + propagatedBuildInputs = [ + config.pip.drvs.setuptools.public + ]; + }; + + buildPythonPackage = { + format = lib.mkForce "pyproject"; + pythonImportsCheck = [ + "lwe" + ]; + catchConflicts = false; + }; + + pip = { + pypiSnapshotDate = "2024-04-25"; + requirementsFiles = [ + "${src}/requirements.txt" + ]; + requirementsList = [ + "setuptools" + ]; + flattenDependencies = true; + }; + }; in -dream2nix.lib.evalModules { - specialArgs.dream2nix = dream2nix; - packageSets.nixpkgs = pkgs; - modules = [ module ]; -} + dream2nix.lib.evalModules { + specialArgs.dream2nix = dream2nix; + packageSets.nixpkgs = pkgs; + modules = [module]; + } diff --git a/packages/spotify-adblocked/default.nix b/packages/spotify-adblocked/default.nix index 94df5c9..18cb8c5 100644 --- a/packages/spotify-adblocked/default.nix +++ b/packages/spotify-adblocked/default.nix @@ -4,8 +4,7 @@ fetchFromGitHub, zip, unzip, -}: -let +}: let spotify-adblock = rustPlatform.buildRustPackage { pname = "spotify-adblock"; version = "1.0.3"; @@ -34,22 +33,21 @@ let ''; }; in -spotify.overrideAttrs (old: { - buildInputs = (old.buildInputs or [ ]) ++ [ - zip - unzip - ]; - postInstall = - (old.postInstall or "") - + '' - ln -s ${spotify-adblock}/lib/libspotifyadblock.so $libdir - sed -i "s:^Name=Spotify.*:Name=Spotify-adblock:" "$out/share/spotify/spotify.desktop" - wrapProgram $out/bin/spotify \ - --set LD_PRELOAD "${spotify-adblock}/lib/libspotifyadblock.so" + spotify.overrideAttrs ( + old: { + buildInputs = (old.buildInputs or []) ++ [zip unzip]; + postInstall = + (old.postInstall or "") + + '' + ln -s ${spotify-adblock}/lib/libspotifyadblock.so $libdir + sed -i "s:^Name=Spotify.*:Name=Spotify-adblock:" "$out/share/spotify/spotify.desktop" + wrapProgram $out/bin/spotify \ + --set LD_PRELOAD "${spotify-adblock}/lib/libspotifyadblock.so" - # Hide placeholder for advert banner - ${unzip}/bin/unzip -p $out/share/spotify/Apps/xpui.spa xpui.js | sed 's/adsEnabled:\!0/adsEnabled:false/' > $out/share/spotify/Apps/xpui.js - ${zip}/bin/zip --junk-paths --update $out/share/spotify/Apps/xpui.spa $out/share/spotify/Apps/xpui.js - rm $out/share/spotify/Apps/xpui.js - ''; -}) + # Hide placeholder for advert banner + ${unzip}/bin/unzip -p $out/share/spotify/Apps/xpui.spa xpui.js | sed 's/adsEnabled:\!0/adsEnabled:false/' > $out/share/spotify/Apps/xpui.js + ${zip}/bin/zip --junk-paths --update $out/share/spotify/Apps/xpui.spa $out/share/spotify/Apps/xpui.js + rm $out/share/spotify/Apps/xpui.js + ''; + } + ) diff --git a/secrets/secrets.nix b/secrets/secrets.nix index e5e95f4..b41e70e 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -1,186 +1,39 @@ let keys = (import ../lib).keys; in -with keys.hosts; -with keys.users; -{ - "cachix-personal-token.age".publicKeys = [ - ccr-ssh - ccr-gpg - mothership - kirk - sisko - pbp - picard - ]; - "magit-forge-github-token.age".publicKeys = [ - ccr-ssh - ccr-gpg - mothership - kirk - ]; - "git-workspace-tokens.age".publicKeys = [ - ccr-ssh - ccr-gpg - mothership - kirk - picard - ]; - "hydra-admin-password.age".publicKeys = [ - ccr-ssh - ccr-gpg - mothership - ]; - "hydra-github-token.age".publicKeys = [ - ccr-ssh - ccr-gpg - mothership - ]; - "cache-private-key.age".publicKeys = [ - ccr-ssh - ccr-gpg - mothership - ]; - "autistici-password.age".publicKeys = [ - ccr-ssh - ccr-gpg - kirk - picard - sisko - ]; - "hercules-ci-join-token.age".publicKeys = [ - ccr-ssh - ccr-gpg - mothership - sisko - picard - ]; - "hercules-ci-binary-caches.age".publicKeys = [ - ccr-ssh - ccr-gpg - mothership - sisko - picard - ]; - "hercules-ci-secrets-json.age".publicKeys = [ - ccr-ssh - ccr-gpg - mothership - sisko - picard - ]; - "minio-credentials.age".publicKeys = [ - ccr-ssh - ccr-gpg - picard - sisko - ]; - "aws-credentials.age".publicKeys = [ - ccr-ssh - ccr-gpg - picard - sisko - ]; - "nextcloud-admin-pass.age".publicKeys = [ - ccr-ssh - ccr-gpg - sisko - ]; - "home-planimetry.age".publicKeys = [ - ccr-ssh - ccr-gpg - sisko - ]; - "home-assistant-token.age".publicKeys = [ - ccr-ssh - ccr-gpg - sisko - ]; - "chatgpt-token.age".publicKeys = [ - ccr-ssh - ccr-gpg - kirk - mothership - picard - deltaflyer - ]; - "cloudflare-dyndns-api-token.age".publicKeys = [ - ccr-ssh - ccr-gpg - sisko - ]; - "restic-hetzner-password.age".publicKeys = [ - ccr-ssh - ccr-gpg - picard - sisko - kirk - ]; - "hass-ssh-key.age".publicKeys = [ - ccr-ssh - ccr-gpg - sisko - ]; - "grafana-password.age".publicKeys = [ - ccr-ssh - ccr-gpg - sisko - ]; - "matrix-registration-shared-secret.age".publicKeys = [ - ccr-ssh - ccr-gpg - sisko - ]; - "matrix-sliding-sync-secret.age".publicKeys = [ - ccr-ssh - ccr-gpg - sisko - ]; - "forgejo-runners-token.age".publicKeys = [ - ccr-ssh - ccr-gpg - picard - ]; - "forgejo-nix-access-tokens.age".publicKeys = [ - ccr-ssh - ccr-gpg - picard - ]; - "garmin-collector-environment.age".publicKeys = [ - ccr-ssh - ccr-gpg - sisko - ]; - "hetzner-storage-box-sisko-ssh-password.age".publicKeys = [ - ccr-ssh - ccr-gpg - sisko - ]; - "sisko-restic-password.age".publicKeys = [ - ccr-ssh - ccr-gpg - sisko - ]; + with keys.hosts; + with keys.users; { + "cachix-personal-token.age".publicKeys = [ccr-ssh ccr-gpg mothership kirk sisko pbp picard]; + "magit-forge-github-token.age".publicKeys = [ccr-ssh ccr-gpg mothership kirk]; + "git-workspace-tokens.age".publicKeys = [ccr-ssh ccr-gpg mothership kirk picard]; + "hydra-admin-password.age".publicKeys = [ccr-ssh ccr-gpg mothership]; + "hydra-github-token.age".publicKeys = [ccr-ssh ccr-gpg mothership]; + "cache-private-key.age".publicKeys = [ccr-ssh ccr-gpg mothership]; + "autistici-password.age".publicKeys = [ccr-ssh ccr-gpg kirk picard sisko]; + "hercules-ci-join-token.age".publicKeys = [ccr-ssh ccr-gpg mothership sisko picard]; + "hercules-ci-binary-caches.age".publicKeys = [ccr-ssh ccr-gpg mothership sisko picard]; + "hercules-ci-secrets-json.age".publicKeys = [ccr-ssh ccr-gpg mothership sisko picard]; + "minio-credentials.age".publicKeys = [ccr-ssh ccr-gpg picard sisko]; + "aws-credentials.age".publicKeys = [ccr-ssh ccr-gpg picard sisko]; + "nextcloud-admin-pass.age".publicKeys = [ccr-ssh ccr-gpg sisko]; + "home-planimetry.age".publicKeys = [ccr-ssh ccr-gpg sisko]; + "home-assistant-token.age".publicKeys = [ccr-ssh ccr-gpg sisko]; + "chatgpt-token.age".publicKeys = [ccr-ssh ccr-gpg kirk mothership picard deltaflyer]; + "cloudflare-dyndns-api-token.age".publicKeys = [ccr-ssh ccr-gpg sisko]; + "restic-hetzner-password.age".publicKeys = [ccr-ssh ccr-gpg picard sisko kirk]; + "hass-ssh-key.age".publicKeys = [ccr-ssh ccr-gpg sisko]; + "grafana-password.age".publicKeys = [ccr-ssh ccr-gpg sisko]; + "matrix-registration-shared-secret.age".publicKeys = [ccr-ssh ccr-gpg sisko]; + "matrix-sliding-sync-secret.age".publicKeys = [ccr-ssh ccr-gpg sisko]; + "forgejo-runners-token.age".publicKeys = [ccr-ssh ccr-gpg picard]; + "forgejo-nix-access-tokens.age".publicKeys = [ccr-ssh ccr-gpg picard]; + "garmin-collector-environment.age".publicKeys = [ccr-ssh ccr-gpg sisko]; + "hetzner-storage-box-sisko-ssh-password.age".publicKeys = [ccr-ssh ccr-gpg sisko]; + "sisko-restic-password.age".publicKeys = [ccr-ssh ccr-gpg sisko]; - # WireGuard - "picard-wireguard-private-key.age".publicKeys = [ - ccr-ssh - ccr-gpg - picard - ]; - "sisko-wireguard-private-key.age".publicKeys = [ - ccr-ssh - ccr-gpg - sisko - ]; - "kirk-wireguard-private-key.age".publicKeys = [ - ccr-ssh - ccr-gpg - kirk - ]; - "deltaflyer-wireguard-private-key.age".publicKeys = [ - ccr-ssh - ccr-gpg - deltaflyer - ]; -} + # WireGuard + "picard-wireguard-private-key.age".publicKeys = [ccr-ssh ccr-gpg picard]; + "sisko-wireguard-private-key.age".publicKeys = [ccr-ssh ccr-gpg sisko]; + "kirk-wireguard-private-key.age".publicKeys = [ccr-ssh ccr-gpg kirk]; + "deltaflyer-wireguard-private-key.age".publicKeys = [ccr-ssh ccr-gpg deltaflyer]; + } diff --git a/shell/default.nix b/shell/default.nix index 4bb67b2..f8e8240 100644 --- a/shell/default.nix +++ b/shell/default.nix @@ -1,25 +1,27 @@ -{ - perSystem = - { pkgs, config, ... }: - { - devShells.default = pkgs.mkShell { - name = "fleet-shell"; - buildInputs = with pkgs; [ - git - agenix - age - deadnix - statix - alejandra - disko - deploy - colmena - nixos-anywhere - ]; - shellHook = '' - export RULES="$(git rev-parse --show-toplevel)/secrets/secrets.nix"; - ${config.pre-commit.installationScript} - ''; - }; +{inputs, ...}: { + perSystem = { + pkgs, + config, + ... + }: { + devShells.default = pkgs.mkShell { + name = "fleet-shell"; + buildInputs = with pkgs; [ + git + agenix + age + deadnix + statix + alejandra + disko + deploy + colmena + nixos-anywhere + ]; + shellHook = '' + export RULES="$(git rev-parse --show-toplevel)/secrets/secrets.nix"; + ${config.pre-commit.installationScript} + ''; }; + }; }