diff --git a/.archive/home/modules/programs/de/default.nix b/.archive/home/modules/programs/de/default.nix index 4bf617f..e18e144 100644 --- a/.archive/home/modules/programs/de/default.nix +++ b/.archive/home/modules/programs/de/default.nix @@ -1,4 +1,5 @@ -{ ... }: { +{ ... }: +{ imports = [ ./gnome ]; diff --git a/.archive/home/modules/programs/de/gnome/default.nix b/.archive/home/modules/programs/de/gnome/default.nix index 013679d..55ed6fb 100644 --- a/.archive/home/modules/programs/de/gnome/default.nix +++ b/.archive/home/modules/programs/de/gnome/default.nix @@ -1,10 +1,16 @@ # Adjusted manually from generated output of dconf2nix # https://github.com/gvolpe/dconf2nix -{ lib, pkgs, osConfig, ... }: -with lib.hm.gvariant; { +{ + lib, + pkgs, + osConfig, + ... +}: +with lib.hm.gvariant; +{ config = lib.mkIf osConfig.mySystem.de.gnome.enable { # add user packages - home.packages = with pkgs; [ + home.packages = with pkgs; [ dconf2nix ]; @@ -20,13 +26,39 @@ with lib.hm.gvariant; { home = [ "e" ]; }; "org/gnome/desktop/wm/preferences" = { - workspace-names = [ "sys" "talk" "web" "edit" "run" ]; + workspace-names = [ + "sys" + "talk" + "web" + "edit" + "run" + ]; button-layout = "appmenu:minimize,close"; }; "org/gnome/shell" = { - disabled-extensions = [ "apps-menu@gnome-shell-extensions.gcampax.github.com" "light-style@gnome-shell-extensions.gcampax.github.com" "places-menu@gnome-shell-extensions.gcampax.github.com" "drive-menu@gnome-shell-extensions.gcampax.github.com" "window-list@gnome-shell-extensions.gcampax.github.com" "workspace-indicator@gnome-shell-extensions.gcampax.github.com" ]; - enabled-extensions = [ "appindicatorsupport@rgcjonas.gmail.com" "caffeine@patapon.info" "dash-to-dock@micxgx.gmail.com" "gsconnect@andyholmes.github.io" "Vitals@CoreCoding.com" "sp-tray@sp-tray.esenliyim.github.com" ]; - favorite-apps = [ "com.mitchellh.ghostty.desktop" "vivaldi-stable.desktop" "obsidian.desktop" "code.desktop" "vesktop.desktop" ]; + disabled-extensions = [ + "apps-menu@gnome-shell-extensions.gcampax.github.com" + "light-style@gnome-shell-extensions.gcampax.github.com" + "places-menu@gnome-shell-extensions.gcampax.github.com" + "drive-menu@gnome-shell-extensions.gcampax.github.com" + "window-list@gnome-shell-extensions.gcampax.github.com" + "workspace-indicator@gnome-shell-extensions.gcampax.github.com" + ]; + enabled-extensions = [ + "appindicatorsupport@rgcjonas.gmail.com" + "caffeine@patapon.info" + "dash-to-dock@micxgx.gmail.com" + "gsconnect@andyholmes.github.io" + "Vitals@CoreCoding.com" + "sp-tray@sp-tray.esenliyim.github.com" + ]; + favorite-apps = [ + "com.mitchellh.ghostty.desktop" + "vivaldi-stable.desktop" + "obsidian.desktop" + "code.desktop" + "vesktop.desktop" + ]; }; "org/gnome/nautilus/preferences" = { default-folder-viewer = "list-view"; diff --git a/.archive/hosts/durincore/default.nix b/.archive/hosts/durincore/default.nix index 517e832..e820c14 100644 --- a/.archive/hosts/durincore/default.nix +++ b/.archive/hosts/durincore/default.nix @@ -1,11 +1,17 @@ -{ ... }: { +{ ... }: +{ config = { networking.hostId = "ad4380db"; networking.hostName = "durincore"; # Kernel mods boot = { initrd = { - availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" ]; + availableKernelModules = [ + "xhci_pci" + "nvme" + "usb_storage" + "sd_mod" + ]; kernelModules = [ ]; }; kernelModules = [ "kvm-intel" ]; @@ -13,31 +19,34 @@ }; fileSystems = { - "/" = - { - device = "rpool/root"; - fsType = "zfs"; - }; + "/" = { + device = "rpool/root"; + fsType = "zfs"; + }; - "/home" = - { - device = "rpool/home"; - fsType = "zfs"; - }; + "/home" = { + device = "rpool/home"; + fsType = "zfs"; + }; - "/boot" = - { - device = "/dev/disk/by-uuid/F1B9-CA7C"; - fsType = "vfat"; - options = [ "fmask=0077" "dmask=0077" ]; - }; + "/boot" = { + device = "/dev/disk/by-uuid/F1B9-CA7C"; + fsType = "vfat"; + options = [ + "fmask=0077" + "dmask=0077" + ]; + }; }; swapDevices = [ ]; # System settings and services. mySystem = { - system.motd.networkInterfaces = [ "enp0s31f6" "wlp4s0" ]; + system.motd.networkInterfaces = [ + "enp0s31f6" + "wlp4s0" + ]; }; }; diff --git a/.archive/hosts/legiondary/default.nix b/.archive/hosts/legiondary/default.nix index 35d1783..c39f6a5 100644 --- a/.archive/hosts/legiondary/default.nix +++ b/.archive/hosts/legiondary/default.nix @@ -1,50 +1,56 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, modulesPath, ... }: +{ + config, + lib, + modulesPath, + ... +}: { - imports = - [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; networking.hostId = "2132e3bf"; networking.hostName = "legiondary"; boot = { - initrd.availableKernelModules = [ "xhci_pci" "nvme" "ahci" "usb_storage" "usbhid" "sd_mod" ]; + initrd.availableKernelModules = [ + "xhci_pci" + "nvme" + "ahci" + "usb_storage" + "usbhid" + "sd_mod" + ]; initrd.kernelModules = [ ]; kernelModules = [ "kvm-amd" ]; extraModulePackages = [ ]; }; - fileSystems = - { - "/" = - { - device = "zroot/root"; - fsType = "zfs"; - }; - - "/nix" = - { - device = "zroot/nix"; - fsType = "zfs"; - }; - - "/var" = - { - device = "zroot/var"; - fsType = "zfs"; - }; - - "/home" = - { - device = "zroot/home"; - fsType = "zfs"; - }; + fileSystems = { + "/" = { + device = "zroot/root"; + fsType = "zfs"; }; + "/nix" = { + device = "zroot/nix"; + fsType = "zfs"; + }; + + "/var" = { + device = "zroot/var"; + fsType = "zfs"; + }; + + "/home" = { + device = "zroot/home"; + fsType = "zfs"; + }; + }; + # fileSystems."/boot" = # { device = "/dev/disk/by-uuid/E532-B74A"; # fsType = "vfat"; @@ -58,6 +64,9 @@ # System settings and services. mySystem = { purpose = "Development"; - system.motd.networkInterfaces = [ "eno1" "wlp4s0" ]; + system.motd.networkInterfaces = [ + "eno1" + "wlp4s0" + ]; }; } diff --git a/.archive/modules/nixos/containers/lego-auto/default.nix b/.archive/modules/nixos/containers/lego-auto/default.nix index 02f56a5..ba95df8 100644 --- a/.archive/modules/nixos/containers/lego-auto/default.nix +++ b/.archive/modules/nixos/containers/lego-auto/default.nix @@ -3,9 +3,9 @@ with lib; let app = "lego-auto"; image = "ghcr.io/bjw-s/lego-auto:v0.3.0"; - user = "999"; #string - group = "102"; #string - port = 9898; #int + user = "999"; # string + group = "102"; # string + port = 9898; # int cfg = config.mySystem.services.${app}; appFolder = "/eru/containers/volumes/${app}"; in @@ -43,16 +43,18 @@ in extraOptions = [ "--dns=1.1.1.1" ]; - environment = { - TZ = "America/Chicago"; - LA_DATADIR = "/cert"; - LA_CACHEDIR = "/cert/.cache"; - LA_EMAIL = cfg.email; - LA_DOMAINS = cfg.domains; - LA_PROVIDER = cfg.provider; - } // lib.optionalAttrs (cfg.provider == "dnsimple") { - DNSIMPLE_OAUTH_TOKEN_FILE = "/config/dnsimple-token"; - }; + environment = + { + TZ = "America/Chicago"; + LA_DATADIR = "/cert"; + LA_CACHEDIR = "/cert/.cache"; + LA_EMAIL = cfg.email; + LA_DOMAINS = cfg.domains; + LA_PROVIDER = cfg.provider; + } + // lib.optionalAttrs (cfg.provider == "dnsimple") { + DNSIMPLE_OAUTH_TOKEN_FILE = "/config/dnsimple-token"; + }; volumes = [ "${appFolder}/cert:/cert" diff --git a/.archive/modules/nixos/containers/unifi/default.nix b/.archive/modules/nixos/containers/unifi/default.nix index 6603def..0f5fbe6 100644 --- a/.archive/modules/nixos/containers/unifi/default.nix +++ b/.archive/modules/nixos/containers/unifi/default.nix @@ -6,8 +6,8 @@ let version = "8.4.62"; cfg = config.mySystem.services.${app}; appFolder = "/eru/containers/volumes/${app}"; - # persistentFolder = "${config.mySystem.persistentFolder}/var/lib/${appFolder}"; in +# persistentFolder = "${config.mySystem.persistentFolder}/var/lib/${appFolder}"; { options.mySystem.services.${app} = { enable = mkEnableOption "${app}"; @@ -19,7 +19,12 @@ in allowedTCPPorts = [ 8443 ]; }; podman0 = { - allowedTCPPorts = [ 8080 8443 8880 8843 ]; + allowedTCPPorts = [ + 8080 + 8443 + 8880 + 8843 + ]; allowedUDPPorts = [ 3478 ]; }; }; diff --git a/.archive/modules/nixos/de/kde.nix b/.archive/modules/nixos/de/kde.nix index 8cc91b1..bf9adc7 100644 --- a/.archive/modules/nixos/de/kde.nix +++ b/.archive/modules/nixos/de/kde.nix @@ -1,4 +1,9 @@ -{ lib, config, pkgs, ... }: +{ + lib, + config, + pkgs, + ... +}: let cfg = config.mySystem.de.kde; flameshotOverride = pkgs.unstable.flameshot.override { enableWlrSupport = true; }; @@ -6,14 +11,15 @@ in { options = { mySystem.de.kde = { - enable = lib.mkEnableOption "KDE" // { default = false; }; + enable = lib.mkEnableOption "KDE" // { + default = false; + }; }; }; config = lib.mkIf cfg.enable { # Ref: https://wiki.nixos.org/wiki/KDE - # KDE services = { displayManager = { @@ -43,7 +49,6 @@ in jack.enable = true; }; - # extra pkgs and extensions environment = { systemPackages = with pkgs; [ diff --git a/.archive/modules/nixos/services/cockpit/default.nix b/.archive/modules/nixos/services/cockpit/default.nix index 17d589f..3e584d1 100644 --- a/.archive/modules/nixos/services/cockpit/default.nix +++ b/.archive/modules/nixos/services/cockpit/default.nix @@ -1,4 +1,9 @@ -{ lib, config, pkgs, ... }: +{ + lib, + config, + pkgs, + ... +}: with lib; let cfg = config.mySystem.services.cockpit; diff --git a/.archive/modules/nixos/services/vault/default.nix b/.archive/modules/nixos/services/vault/default.nix index 220cf02..611c13a 100644 --- a/.archive/modules/nixos/services/vault/default.nix +++ b/.archive/modules/nixos/services/vault/default.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.mySystem.services.vault; in diff --git a/.archive/profiles/disko-telchar.nix b/.archive/profiles/disko-telchar.nix index fe735ac..7d9b69c 100644 --- a/.archive/profiles/disko-telchar.nix +++ b/.archive/profiles/disko-telchar.nix @@ -40,7 +40,10 @@ "/home/user" = { }; # Parent is not mounted so the mountpoint must be set "/nix" = { - mountOptions = [ "compress=zstd" "noatime" ]; + mountOptions = [ + "compress=zstd" + "noatime" + ]; mountpoint = "/nix"; }; }; diff --git a/.archive/profiles/hw-framework-16-7840hs.nix b/.archive/profiles/hw-framework-16-7840hs.nix index 9bb45d1..a8333bb 100644 --- a/.archive/profiles/hw-framework-16-7840hs.nix +++ b/.archive/profiles/hw-framework-16-7840hs.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: { mySystem = { security.wheelNeedsSudoPassword = false; @@ -16,7 +21,7 @@ }; }; - # For updating firmware on the Framework. + # For updating firmware on the Framework. services.fwupd.enable = true; networking = { diff --git a/.archive/profiles/hw-legion-15arh05h.nix b/.archive/profiles/hw-legion-15arh05h.nix index f3c2eea..c777f24 100644 --- a/.archive/profiles/hw-legion-15arh05h.nix +++ b/.archive/profiles/hw-legion-15arh05h.nix @@ -10,7 +10,10 @@ boot = { # for managing/mounting ntfs - supportedFilesystems = [ "ntfs" "nfs" ]; + supportedFilesystems = [ + "ntfs" + "nfs" + ]; loader = { grub = { @@ -18,7 +21,10 @@ zfsSupport = true; device = "nodev"; mirroredBoots = [ - { devices = [ "nodev" ]; path = "/boot"; } + { + devices = [ "nodev" ]; + path = "/boot"; + } ]; }; }; diff --git a/.archive/profiles/role-workstation.nix b/.archive/profiles/role-workstation.nix index 4b4c974..7b7703b 100644 --- a/.archive/profiles/role-workstation.nix +++ b/.archive/profiles/role-workstation.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: # Role for workstations # Covers desktops/laptops, expected to have a GUI and do workloads # Will have home-manager installs diff --git a/flake.lock b/flake.lock index 80d1a99..4b9e432 100644 --- a/flake.lock +++ b/flake.lock @@ -237,24 +237,6 @@ "inputs": { "systems": "systems_4" }, - "locked": { - "lastModified": 1726560853, - "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_4": { - "inputs": { - "systems": "systems_5" - }, "locked": { "lastModified": 1681202837, "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", @@ -269,9 +251,9 @@ "type": "github" } }, - "flake-utils_5": { + "flake-utils_4": { "inputs": { - "systems": "systems_6" + "systems": "systems_5" }, "locked": { "lastModified": 1710146030, @@ -287,9 +269,9 @@ "type": "github" } }, - "flake-utils_6": { + "flake-utils_5": { "inputs": { - "systems": "systems_7" + "systems": "systems_6" }, "locked": { "lastModified": 1681202837, @@ -670,25 +652,6 @@ "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-2.tar.gz" } }, - "mise": { - "inputs": { - "flake-utils": "flake-utils_3", - "nixpkgs": "nixpkgs_2" - }, - "locked": { - "lastModified": 1735325928, - "narHash": "sha256-MfOIDwb6pMakn9eCulGrPwAMuL5qFOhwaEoFFeuv8cY=", - "owner": "jdx", - "repo": "mise", - "rev": "323a85b6f7632b906cb113a428519f2ba89197e7", - "type": "github" - }, - "original": { - "owner": "jdx", - "repo": "mise", - "type": "github" - } - }, "mk-naked-shell": { "flake": false, "locked": { @@ -757,7 +720,7 @@ "nix-minecraft": { "inputs": { "flake-compat": "flake-compat_3", - "flake-utils": "flake-utils_4", + "flake-utils": "flake-utils_3", "nixpkgs": [ "nixpkgs-unstable" ] @@ -779,7 +742,7 @@ "nix-vscode-extensions": { "inputs": { "flake-compat": "flake-compat_4", - "flake-utils": "flake-utils_5", + "flake-utils": "flake-utils_4", "nixpkgs": [ "nixpkgs" ] @@ -891,22 +854,6 @@ } }, "nixpkgs_2": { - "locked": { - "lastModified": 1729980323, - "narHash": "sha256-eWPRZAlhf446bKSmzw6x7RWEE4IuZgAp8NW3eXZwRAY=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "86e78d3d2084ff87688da662cf78c2af085d8e73", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { "locked": { "lastModified": 1735141468, "narHash": "sha256-VIAjBr1qGcEbmhLwQJD6TABppPMggzOvqFsqkDoMsAY=", @@ -922,7 +869,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_3": { "locked": { "lastModified": 1734649271, "narHash": "sha256-4EVBRhOjMDuGtMaofAIqzJbg4Ql7Ai0PSeuVZTHjyKQ=", @@ -938,7 +885,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_4": { "locked": { "lastModified": 1682134069, "narHash": "sha256-TnI/ZXSmRxQDt2sjRYK/8j8iha4B4zP2cnQCZZ3vp7k=", @@ -977,7 +924,7 @@ "nur": { "inputs": { "flake-parts": "flake-parts", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_3", "treefmt-nix": "treefmt-nix" }, "locked": { @@ -1111,12 +1058,11 @@ "hyprland-plugins": "hyprland-plugins", "krewfile": "krewfile", "lix-module": "lix-module", - "mise": "mise", "nix-inspect": "nix-inspect", "nix-minecraft": "nix-minecraft", "nix-vscode-extensions": "nix-vscode-extensions", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_2", "nixpkgs-unstable": "nixpkgs-unstable", "nixvirt-git": "nixvirt-git", "nur": "nur", @@ -1281,21 +1227,6 @@ "type": "github" } }, - "systems_7": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "talhelper": { "inputs": { "flake-parts": "flake-parts_2", @@ -1362,8 +1293,8 @@ }, "vscode-server": { "inputs": { - "flake-utils": "flake-utils_6", - "nixpkgs": "nixpkgs_5" + "flake-utils": "flake-utils_5", + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1729422940, diff --git a/flake.nix b/flake.nix index afcf1f7..ea891a7 100644 --- a/flake.nix +++ b/flake.nix @@ -92,9 +92,6 @@ url = "github:hyprwm/hyprland-plugins"; inputs.hyprland.follows = "hyprland"; }; - - # Mise - mise.url = "github:jdx/mise"; }; outputs = @@ -110,7 +107,6 @@ lix-module, vscode-server, krewfile, - mise, ... }@inputs: let diff --git a/nixos/home/jahanson/global.nix b/nixos/home/jahanson/global.nix index e7941bb..3cf247e 100644 --- a/nixos/home/jahanson/global.nix +++ b/nixos/home/jahanson/global.nix @@ -1,4 +1,9 @@ -{ pkgs, config, inputs, ... }: +{ + pkgs, + config, + inputs, + ... +}: with config; { imports = [ @@ -76,7 +81,6 @@ with config; # filesystem tools gptfdisk # sgdisk - # system call monitoring strace # system call monitoring ltrace # library call monitoring diff --git a/nixos/home/modules/default.nix b/nixos/home/modules/default.nix index 4060911..f520e75 100644 --- a/nixos/home/modules/default.nix +++ b/nixos/home/modules/default.nix @@ -1,4 +1,5 @@ -{ lib, ... }: { +{ lib, ... }: +{ imports = [ ./shell diff --git a/nixos/home/modules/programs/browsers/default.nix b/nixos/home/modules/programs/browsers/default.nix index 3062d5e..70a8be5 100644 --- a/nixos/home/modules/programs/browsers/default.nix +++ b/nixos/home/modules/programs/browsers/default.nix @@ -1,4 +1,5 @@ -{ ... }: { +{ ... }: +{ imports = [ ./firefox ]; diff --git a/nixos/home/modules/programs/browsers/firefox/default.nix b/nixos/home/modules/programs/browsers/firefox/default.nix index 2e4308f..0d38124 100644 --- a/nixos/home/modules/programs/browsers/firefox/default.nix +++ b/nixos/home/modules/programs/browsers/firefox/default.nix @@ -1,4 +1,9 @@ -{ lib, config, pkgs, ... }: +{ + lib, + config, + pkgs, + ... +}: with lib; let cfg = config.myHome.programs.firefox; @@ -6,27 +11,25 @@ in { options.myHome.programs.firefox.enable = mkEnableOption "Firefox"; - config = mkIf cfg.enable - { - programs.firefox = { - enable = true; - package = pkgs.firefox.override - { - extraPolicies = { - DontCheckDefaultBrowser = true; - DisablePocket = true; - # See nixpkgs' firefox/wrapper.nix to check which options you can use - nativeMessagingHosts = [ - # Gnome shell native connector - pkgs.gnome-browser-connector - # plasma connector - # plasma5Packages.plasma-browser-integration - ]; - }; - }; - policies = import ./policies.nix; - - profiles.default = import ./profile-default.nix { inherit pkgs; }; + config = mkIf cfg.enable { + programs.firefox = { + enable = true; + package = pkgs.firefox.override { + extraPolicies = { + DontCheckDefaultBrowser = true; + DisablePocket = true; + # See nixpkgs' firefox/wrapper.nix to check which options you can use + nativeMessagingHosts = [ + # Gnome shell native connector + pkgs.gnome-browser-connector + # plasma connector + # plasma5Packages.plasma-browser-integration + ]; + }; }; + policies = import ./policies.nix; + + profiles.default = import ./profile-default.nix { inherit pkgs; }; }; + }; } diff --git a/nixos/home/modules/programs/default.nix b/nixos/home/modules/programs/default.nix index 6658c8e..b84d8c8 100644 --- a/nixos/home/modules/programs/default.nix +++ b/nixos/home/modules/programs/default.nix @@ -1,4 +1,5 @@ -{ ... }: { +{ ... }: +{ imports = [ ./browsers ./thunderbird diff --git a/nixos/home/modules/programs/thunderbird/default.nix b/nixos/home/modules/programs/thunderbird/default.nix index 37306af..1601b5f 100644 --- a/nixos/home/modules/programs/thunderbird/default.nix +++ b/nixos/home/modules/programs/thunderbird/default.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: let cfg = config.myHome.programs.thunderbird; diff --git a/nixos/home/modules/security/default.nix b/nixos/home/modules/security/default.nix index 327a590..837aa1e 100644 --- a/nixos/home/modules/security/default.nix +++ b/nixos/home/modules/security/default.nix @@ -1,4 +1,5 @@ -{ ... }: { +{ ... }: +{ imports = [ ./ssh ]; diff --git a/nixos/home/modules/security/ssh/default.nix b/nixos/home/modules/security/ssh/default.nix index b7c394d..04e20e3 100644 --- a/nixos/home/modules/security/ssh/default.nix +++ b/nixos/home/modules/security/ssh/default.nix @@ -1,5 +1,6 @@ { config, lib, ... }: -with lib; let +with lib; +let cfg = config.myHome.security.ssh; in { diff --git a/nixos/home/modules/shell/atuind/default.nix b/nixos/home/modules/shell/atuind/default.nix index 74c3a48..15150e1 100644 --- a/nixos/home/modules/shell/atuind/default.nix +++ b/nixos/home/modules/shell/atuind/default.nix @@ -1,5 +1,11 @@ -{ config, pkgs, lib, ... }: -with lib; let +{ + config, + pkgs, + lib, + ... +}: +with lib; +let cfg = config.myHome.shell.atuind; in { @@ -9,22 +15,21 @@ in config = mkMerge [ (mkIf cfg.enable { - systemd.user.services.atuind = - { - Install = { - WantedBy = [ "default.target" ]; - }; - Unit = { - After = [ "network.target" ]; - }; - Service = { - Environment = "ATUIN_LOG=info"; - ExecStart = "${pkgs.unstable.atuin}/bin/atuin daemon"; - # Remove the socket file if the daemon is not running. - # Unexpected shutdowns may have left this file here. - ExecStartPre="/run/current-system/sw/bin/bash -c '! pgrep atuin && /run/current-system/sw/bin/rm -f ~/.local/share/atuin/atuin.sock'"; - }; + systemd.user.services.atuind = { + Install = { + WantedBy = [ "default.target" ]; }; + Unit = { + After = [ "network.target" ]; + }; + Service = { + Environment = "ATUIN_LOG=info"; + ExecStart = "${pkgs.unstable.atuin}/bin/atuin daemon"; + # Remove the socket file if the daemon is not running. + # Unexpected shutdowns may have left this file here. + ExecStartPre = "/run/current-system/sw/bin/bash -c '! pgrep atuin && /run/current-system/sw/bin/rm -f ~/.local/share/atuin/atuin.sock'"; + }; + }; }) ]; } diff --git a/nixos/home/modules/shell/default.nix b/nixos/home/modules/shell/default.nix index bb65b7c..5c5aa4c 100644 --- a/nixos/home/modules/shell/default.nix +++ b/nixos/home/modules/shell/default.nix @@ -1,4 +1,5 @@ -{ ... }: { +{ ... }: +{ imports = [ ./atuind ./fish diff --git a/nixos/home/modules/shell/fish/default.nix b/nixos/home/modules/shell/fish/default.nix index 596f552..5b548bb 100644 --- a/nixos/home/modules/shell/fish/default.nix +++ b/nixos/home/modules/shell/fish/default.nix @@ -96,6 +96,9 @@ in set -gx SSH_ASKPASS_REQUIRE "prefer" # This is for git to use the ssh-askpass set -gx ATUIN_SYNC_ADDRESS "https://sh.hsn.dev" + # Mise https://mise.jdx.dev + mise activate fish | source + # One Password cli if test -e ~/.config/op/plugins.sh source ~/.config/op/plugins.sh diff --git a/nixos/home/modules/shell/git/default.nix b/nixos/home/modules/shell/git/default.nix index 2ef17cb..1f1cbd4 100644 --- a/nixos/home/modules/shell/git/default.nix +++ b/nixos/home/modules/shell/git/default.nix @@ -1,4 +1,9 @@ -{ pkgs, config, lib, ... }: +{ + pkgs, + config, + lib, + ... +}: let cfg = config.myHome.shell.git; in diff --git a/nixos/home/modules/shell/starship/default.nix b/nixos/home/modules/shell/starship/default.nix index ad07718..2b3d56b 100644 --- a/nixos/home/modules/shell/starship/default.nix +++ b/nixos/home/modules/shell/starship/default.nix @@ -1,12 +1,16 @@ -{ lib -, config -, ... +{ + lib, + config, + ... }: -with lib; let +with lib; +let cfg = config.myHome.shell.starship; in { - options.myHome.shell.starship = { enable = mkEnableOption "starship"; }; + options.myHome.shell.starship = { + enable = mkEnableOption "starship"; + }; config = mkIf cfg.enable { programs.starship = { diff --git a/nixos/home/modules/shell/wezterm/default.nix b/nixos/home/modules/shell/wezterm/default.nix index 936dcf6..28190c5 100644 --- a/nixos/home/modules/shell/wezterm/default.nix +++ b/nixos/home/modules/shell/wezterm/default.nix @@ -1,5 +1,11 @@ -{ config, pkgs, lib, ... }: -with lib; let +{ + config, + pkgs, + lib, + ... +}: +with lib; +let cfg = config.myHome.shell.wezterm; in { diff --git a/nixos/hosts/gandalf/config/sanoid.nix b/nixos/hosts/gandalf/config/sanoid.nix index af9794e..328cc82 100644 --- a/nixos/hosts/gandalf/config/sanoid.nix +++ b/nixos/hosts/gandalf/config/sanoid.nix @@ -14,22 +14,22 @@ }; datasets = { "eru/xen-backups" = { - useTemplate = ["production"]; + useTemplate = [ "production" ]; }; "eru/hansonhive" = { - useTemplate = ["production"]; + useTemplate = [ "production" ]; }; "eru/tm_joe" = { - useTemplate = ["production"]; + useTemplate = [ "production" ]; }; "eru/tm_elisia" = { - useTemplate = ["production"]; + useTemplate = [ "production" ]; }; "eru/containers/volumes/xo-data" = { - useTemplate = ["production"]; + useTemplate = [ "production" ]; }; "eru/containers/volumes/xo-redis-data" = { - useTemplate = ["production"]; + useTemplate = [ "production" ]; }; }; }; diff --git a/nixos/hosts/gandalf/default.nix b/nixos/hosts/gandalf/default.nix index 397e7cb..fa41b2b 100644 --- a/nixos/hosts/gandalf/default.nix +++ b/nixos/hosts/gandalf/default.nix @@ -9,9 +9,9 @@ ... }: # let - # sanoidConfig = import ./config/sanoid.nix { }; - # disks = import ./config/disks.nix; - # smartdDevices = map (device: { inherit device; }) disks; +# sanoidConfig = import ./config/sanoid.nix { }; +# disks = import ./config/disks.nix; +# smartdDevices = map (device: { inherit device; }) disks; # in { imports = [ diff --git a/nixos/hosts/shadowfax/config/disks.nix b/nixos/hosts/shadowfax/config/disks.nix index 4a92680..f30289b 100644 --- a/nixos/hosts/shadowfax/config/disks.nix +++ b/nixos/hosts/shadowfax/config/disks.nix @@ -1,15 +1,13 @@ [ # zroot "/dev/disk/by-id/nvme-Samsung_SSD_970_EVO_Plus_500GB_S58SNM0W406409E" - "/dev/disk/by-id/nvme-SOLIDIGM_SSDPFKNU020TZ_PHEH314200DT2P0C" - "/dev/disk/by-id/nvme-SOLIDIGM_SSDPFKNU020TZ_PHEH3142017H2P0C" - "/dev/disk/by-id/nvme-SOLIDIGM_SSDPFKNU020TZ_PHEH314201AD2P0C" - "/dev/disk/by-id/nvme-SOLIDIGM_SSDPFKNU020TZ_PHEH314201E72P0C" # nahar - "/dev/nvme0" # These are required to fix a smartctl bug I have yet to upgrade to a version that fixes it. + "/dev/nvme0" "/dev/nvme1" "/dev/nvme2" "/dev/nvme3" + "/dev/nvme4" + "/dev/nvme5" # moria "/dev/disk/by-id/scsi-35000cca23bc8a504" "/dev/disk/by-id/scsi-35000cca23bd29918" @@ -31,5 +29,4 @@ "/dev/disk/by-id/scsi-35000cca0461810f8" "/dev/disk/by-id/scsi-35000cca04618b930" "/dev/disk/by-id/scsi-35000cca04618cec4" - ] diff --git a/nixos/hosts/shadowfax/config/sanoid.nix b/nixos/hosts/shadowfax/config/sanoid.nix index 0639a0a..f8c834f 100644 --- a/nixos/hosts/shadowfax/config/sanoid.nix +++ b/nixos/hosts/shadowfax/config/sanoid.nix @@ -14,19 +14,19 @@ }; datasets = { "nahar/scrypted" = { - useTemplate = ["production"]; + useTemplate = [ "production" ]; }; "nahar/containers/volumes/plex" = { - useTemplate = ["production"]; + useTemplate = [ "production" ]; }; "nahar/containers/volumes/scrypted" = { - useTemplate = ["production"]; + useTemplate = [ "production" ]; }; "nahar/containers/volumes/jellyfin" = { - useTemplate = ["production"]; + useTemplate = [ "production" ]; }; "nahar/containers/volumes/scrutiny" = { - useTemplate = ["production"]; + useTemplate = [ "production" ]; }; }; }; diff --git a/nixos/hosts/shadowfax/default.nix b/nixos/hosts/shadowfax/default.nix index 378f6d5..42e3e80 100644 --- a/nixos/hosts/shadowfax/default.nix +++ b/nixos/hosts/shadowfax/default.nix @@ -47,10 +47,7 @@ in nvidia-container-toolkit.enable = true; }; - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAGSFTSVPt43PBpSMSF1dGTzN2JbxztDZUml7g4+PnWe CSI-Driver@talos" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBROTzSefJGJeCNUgNLbE5l4sHHg2fHUO4sCwqvP+zAd root@Gollum" - ]; + users.users.root.openssh.authorizedKeys.keys = [ ]; # Network settings networking = { @@ -187,7 +184,10 @@ in scrutiny = { enable = true; devices = disks; - extraCapabilities = [ "SYS_RAWIO" ]; + extraCapabilities = [ + "SYS_RAWIO" + "SYS_ADMIN" + ]; containerVolumeLocation = "/nahar/containers/volumes/scrutiny"; port = 8585; }; diff --git a/nixos/hosts/telperion/config/bind.nix b/nixos/hosts/telperion/config/bind.nix index d608580..6c4ab6b 100644 --- a/nixos/hosts/telperion/config/bind.nix +++ b/nixos/hosts/telperion/config/bind.nix @@ -1,27 +1,27 @@ -{config, ...}: +{ config, ... }: '' -include "${config.sops.secrets."bind/rndc-keys/externaldns".path}"; + include "${config.sops.secrets."bind/rndc-keys/externaldns".path}"; -acl trusted { - 10.33.44.0/24; # LAN - 10.1.1.0/24; # Servers - 10.1.2.0/24; # Trusted - 10.1.3.0/24; # IoT - 10.1.4.0/24; # Video -}; + acl trusted { + 10.33.44.0/24; # LAN + 10.1.1.0/24; # Servers + 10.1.2.0/24; # Trusted + 10.1.3.0/24; # IoT + 10.1.4.0/24; # Video + }; -zone "jahanson.tech." { - type master; - file "${config.sops.secrets."bind/zones/jahanson.tech".path}"; - journal "${config.services.bind.directory}/db.jahanson.tech.jnl"; - allow-transfer { - key "externaldns"; + zone "jahanson.tech." { + type master; + file "${config.sops.secrets."bind/zones/jahanson.tech".path}"; + journal "${config.services.bind.directory}/db.jahanson.tech.jnl"; + allow-transfer { + key "externaldns"; + }; + update-policy { + grant externaldns zonesub ANY; + }; + allow-query { + trusted; + }; }; - update-policy { - grant externaldns zonesub ANY; - }; - allow-query { - trusted; - }; -}; -'' \ No newline at end of file +'' diff --git a/nixos/hosts/telperion/config/haproxy.nix b/nixos/hosts/telperion/config/haproxy.nix index 9dd69aa..0d471ac 100644 --- a/nixos/hosts/telperion/config/haproxy.nix +++ b/nixos/hosts/telperion/config/haproxy.nix @@ -1,53 +1,53 @@ { ... }: '' -global - log /dev/log local0 - log /dev/log local1 notice - daemon + global + log /dev/log local0 + log /dev/log local1 notice + daemon -defaults - mode http - log global - option httplog - option dontlognull - option http-server-close - option redispatch - retries 3 - timeout http-request 10s - timeout queue 20s - timeout connect 10s - timeout client 1h - timeout server 1h - timeout http-keep-alive 10s - timeout check 10s + defaults + mode http + log global + option httplog + option dontlognull + option http-server-close + option redispatch + retries 3 + timeout http-request 10s + timeout queue 20s + timeout connect 10s + timeout client 1h + timeout server 1h + timeout http-keep-alive 10s + timeout check 10s -frontend k8s_homelab_apiserver - bind *:6443 - mode tcp - option tcplog - default_backend k8s_homelab_controlplane + frontend k8s_homelab_apiserver + bind *:6443 + mode tcp + option tcplog + default_backend k8s_homelab_controlplane -frontend k8s_theshire_apiserver - bind *:6444 - mode tcp - option tcplog - default_backend k8s_theshire_controlplane + frontend k8s_theshire_apiserver + bind *:6444 + mode tcp + option tcplog + default_backend k8s_theshire_controlplane -backend k8s_homelab_controlplane - option httpchk GET /healthz - http-check expect status 200 - mode tcp - option ssl-hello-chk - balance roundrobin - server shadowfax 10.1.1.61:6443 check + backend k8s_homelab_controlplane + option httpchk GET /healthz + http-check expect status 200 + mode tcp + option ssl-hello-chk + balance roundrobin + server shadowfax 10.1.1.61:6443 check -backend k8s_theshire_controlplane - option httpchk GET /healthz - http-check expect status 200 - mode tcp - option ssl-hello-chk - balance roundrobin - server bilbo 10.1.1.62:6443 check - server frodo 10.1.1.63:6443 check - server sam 10.1.1.64:6443 check + backend k8s_theshire_controlplane + option httpchk GET /healthz + http-check expect status 200 + mode tcp + option ssl-hello-chk + balance roundrobin + server bilbo 10.1.1.62:6443 check + server frodo 10.1.1.63:6443 check + server sam 10.1.1.64:6443 check '' diff --git a/nixos/hosts/telperion/default.nix b/nixos/hosts/telperion/default.nix index 29d5409..631d176 100644 --- a/nixos/hosts/telperion/default.nix +++ b/nixos/hosts/telperion/default.nix @@ -1,18 +1,29 @@ # Do not modify this file! It was generated by `nixos-generate-config` # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, modulesPath, ... }: +{ + config, + lib, + modulesPath, + ... +}: { - imports = - [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; networking.hostId = "ce196a02"; networking.hostName = "telperion"; boot = { - initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; + initrd.availableKernelModules = [ + "xhci_pci" + "ahci" + "nvme" + "usbhid" + "usb_storage" + "sd_mod" + ]; initrd.kernelModules = [ ]; kernelModules = [ "kvm-intel" ]; extraModulePackages = [ ]; @@ -69,7 +80,10 @@ mySystem = { purpose = "Production"; system = { - motd.networkInterfaces = [ "enp2s0" "wlp3s0" ]; + motd.networkInterfaces = [ + "enp2s0" + "wlp3s0" + ]; }; services = { @@ -88,7 +102,11 @@ haproxy = { enable = true; config = import ./config/haproxy.nix { inherit config; }; - tcpPorts = [ 6443 6444 50000 ]; + tcpPorts = [ + 6443 + 6444 + 50000 + ]; }; matchbox = { diff --git a/nixos/hosts/varda/default.nix b/nixos/hosts/varda/default.nix index d651021..9b331eb 100644 --- a/nixos/hosts/varda/default.nix +++ b/nixos/hosts/varda/default.nix @@ -1,4 +1,5 @@ -{ pkgs, ... }: { +{ pkgs, ... }: +{ imports = [ ./resources/prune-backup.nix ]; networking.hostId = "cdab8473"; @@ -22,7 +23,6 @@ swapDevices = [ ]; - # System settings and services. mySystem = { purpose = "Production"; diff --git a/nixos/hosts/varda/resources/prune-backup.nix b/nixos/hosts/varda/resources/prune-backup.nix index 4f9f507..240acdf 100644 --- a/nixos/hosts/varda/resources/prune-backup.nix +++ b/nixos/hosts/varda/resources/prune-backup.nix @@ -1,7 +1,9 @@ { pkgs, ... }: let - cleanupScript = pkgs.writeShellScriptBin "cleanup-backups.sh" (builtins.readFile ./prune-backups.sh); + cleanupScript = pkgs.writeShellScriptBin "cleanup-backups.sh" ( + builtins.readFile ./prune-backups.sh + ); in { systemd.timers.cleanup-backups = { diff --git a/nixos/lib/default.nix b/nixos/lib/default.nix index a2e796a..7a3a45b 100644 --- a/nixos/lib/default.nix +++ b/nixos/lib/default.nix @@ -4,40 +4,60 @@ with lib; rec { firstOrDefault = first: default: if first != null then first else default; - existsOrDefault = x: set: default: if builtins.hasAttr x set then builtins.getAttr x set else default; + existsOrDefault = + x: set: default: + if builtins.hasAttr x set then builtins.getAttr x set else default; # main service builder - mkService = options: ( - let - user = existsOrDefault "user" options "568"; - group = existsOrDefault "group" options "568"; + mkService = + options: + ( + let + user = existsOrDefault "user" options "568"; + group = existsOrDefault "group" options "568"; - enableBackups = (lib.attrsets.hasAttrByPath [ "persistence" "folder" ] options) - && (lib.attrsets.attrByPath [ "persistence" "enable" ] true options); + enableBackups = + (lib.attrsets.hasAttrByPath [ "persistence" "folder" ] options) + && (lib.attrsets.attrByPath [ "persistence" "enable" ] true options); - # Security options for containers - containerExtraOptions = lib.optionals (lib.attrsets.attrByPath [ "container" "caps" "privileged" ] false options) [ "--privileged" ] - ++ lib.optionals (lib.attrsets.attrByPath [ "container" "caps" "readOnly" ] false options) [ "--read-only" ] - ++ lib.optionals (lib.attrsets.attrByPath [ "container" "caps" "tmpfs" ] false options) [ (map (folders: "--tmpfs=${folders}") tmpfsFolders) ] - ++ lib.optionals (lib.attrsets.attrByPath [ "container" "caps" "noNewPrivileges" ] false options) [ "--security-opt=no-new-privileges" ] - ++ lib.optionals (lib.attrsets.attrByPath [ "container" "caps" "dropAll" ] false options) [ "--cap-drop=ALL" ] - ; - in - { - virtualisation.oci-containers.containers.${options.app} = mkIf options.container.enable { - image = "${options.container.image}"; - user = "${user}:${group}"; - environment = { - TZ = options.timeZone; - } // options.container.env; - environmentFiles = lib.attrsets.attrByPath [ "container" "envFiles" ] [ ] options; - volumes = [ "/etc/localtime:/etc/localtime:ro" ] ++ - lib.optionals (lib.attrsets.hasAttrByPath [ "container" "persistentFolderMount" ] options) [ - "${options.persistence.folder}:${options.container.persistentFolderMount}:rw" - ] ++ lib.attrsets.attrByPath [ "container" "volumes" ] [ ] options; - extraOptions = containerExtraOptions; - }; - systemd.tmpfiles.rules = lib.optionals (lib.attrsets.hasAttrByPath [ "persistence" "folder" ] options) [ "d ${options.persistence.folder} 0750 ${user} ${group} -" ]; - } - ); + # Security options for containers + containerExtraOptions = + lib.optionals (lib.attrsets.attrByPath [ "container" "caps" "privileged" ] false options) [ + "--privileged" + ] + ++ lib.optionals (lib.attrsets.attrByPath [ "container" "caps" "readOnly" ] false options) [ + "--read-only" + ] + ++ lib.optionals (lib.attrsets.attrByPath [ "container" "caps" "tmpfs" ] false options) [ + (map (folders: "--tmpfs=${folders}") tmpfsFolders) + ] + ++ lib.optionals (lib.attrsets.attrByPath [ "container" "caps" "noNewPrivileges" ] false options) [ + "--security-opt=no-new-privileges" + ] + ++ lib.optionals (lib.attrsets.attrByPath [ "container" "caps" "dropAll" ] false options) [ + "--cap-drop=ALL" + ]; + in + { + virtualisation.oci-containers.containers.${options.app} = mkIf options.container.enable { + image = "${options.container.image}"; + user = "${user}:${group}"; + environment = { + TZ = options.timeZone; + } // options.container.env; + environmentFiles = lib.attrsets.attrByPath [ "container" "envFiles" ] [ ] options; + volumes = + [ "/etc/localtime:/etc/localtime:ro" ] + ++ lib.optionals (lib.attrsets.hasAttrByPath [ "container" "persistentFolderMount" ] options) [ + "${options.persistence.folder}:${options.container.persistentFolderMount}:rw" + ] + ++ lib.attrsets.attrByPath [ "container" "volumes" ] [ ] options; + extraOptions = containerExtraOptions; + }; + systemd.tmpfiles.rules = lib.optionals (lib.attrsets.hasAttrByPath [ + "persistence" + "folder" + ] options) [ "d ${options.persistence.folder} 0750 ${user} ${group} -" ]; + } + ); } diff --git a/nixos/modules/nixos/containers/jellyfin/default.nix b/nixos/modules/nixos/containers/jellyfin/default.nix index 4a5f080..f501db8 100644 --- a/nixos/modules/nixos/containers/jellyfin/default.nix +++ b/nixos/modules/nixos/containers/jellyfin/default.nix @@ -45,7 +45,9 @@ in ${pkgs.podman}/bin/podman run \ --rm \ --name=${app} \ - --user="${toString config.users.users."${user}".uid}:${toString config.users.groups."${group}".gid}" \ + --user="${toString config.users.users."${user}".uid}:${ + toString config.users.groups."${group}".gid + }" \ --device='nvidia.com/gpu=all' \ --log-driver=journald \ --cidfile=/run/${app}.ctr-id \ diff --git a/nixos/modules/nixos/containers/plex/default.nix b/nixos/modules/nixos/containers/plex/default.nix index ae5a940..9c06f14 100644 --- a/nixos/modules/nixos/containers/plex/default.nix +++ b/nixos/modules/nixos/containers/plex/default.nix @@ -51,7 +51,9 @@ in --cidfile=/run/${app}.ctr-id \ --cgroups=no-conmon \ --sdnotify=conmon \ - --user="${toString config.users.users."${user}".uid}:${toString config.users.groups."${group}".gid}" \ + --user="${toString config.users.users."${user}".uid}:${ + toString config.users.groups."${group}".gid + }" \ --volume="${volumeLocation}:/config:rw" \ --volume="/moria/media:/media:rw" \ --volume="tmpfs:/config/Library/Application Support/Plex Media Server/Logs:rw" \ @@ -78,7 +80,7 @@ in ]; }; - sops.secrets ={ + sops.secrets = { "restic/plex/env" = { sopsFile = ./secrets.sops.yaml; owner = user; @@ -155,6 +157,5 @@ in # } # ]; - }; } diff --git a/nixos/modules/nixos/containers/scrutiny/default.nix b/nixos/modules/nixos/containers/scrutiny/default.nix index 9e9852e..d804c2d 100644 --- a/nixos/modules/nixos/containers/scrutiny/default.nix +++ b/nixos/modules/nixos/containers/scrutiny/default.nix @@ -85,8 +85,7 @@ in # using the --device and --cap-add flags extraOptions = (map (disk: "--device=${toString disk}") cfg.devices) - ++ - (map (cap: "--cap-add=${cap}") cfg.extraCapabilities); + ++ (map (cap: "--cap-add=${cap}") cfg.extraCapabilities); }; }; } diff --git a/nixos/modules/nixos/default.nix b/nixos/modules/nixos/default.nix index 8c97ade..0328596 100644 --- a/nixos/modules/nixos/default.nix +++ b/nixos/modules/nixos/default.nix @@ -57,7 +57,7 @@ with lib; config = { systemd.tmpfiles.rules = [ - "d ${config.mySystem.persistentFolder} 777 - - -" #The - disables automatic cleanup, so the file wont be removed after a period + "d ${config.mySystem.persistentFolder} 777 - - -" # The - disables automatic cleanup, so the file wont be removed after a period ]; }; } diff --git a/nixos/modules/nixos/editor/vim.nix b/nixos/modules/nixos/editor/vim.nix index d67e1d0..45395e7 100644 --- a/nixos/modules/nixos/editor/vim.nix +++ b/nixos/modules/nixos/editor/vim.nix @@ -14,13 +14,21 @@ in programs.vim.defaultEditor = true; # Visual mode off and syntax highlighting on - home-manager.users = mapAttrs - (user: _: { - home.file.".vimrc".text = '' - set mouse-=a - syntax on - ''; - }) - (listToAttrs (map (u: { name = u; value = { }; }) users)); + home-manager.users = + mapAttrs + (user: _: { + home.file.".vimrc".text = '' + set mouse-=a + syntax on + ''; + }) + ( + listToAttrs ( + map (u: { + name = u; + value = { }; + }) users + ) + ); }; } diff --git a/nixos/modules/nixos/editor/vscode.nix b/nixos/modules/nixos/editor/vscode.nix index 1b3a1a3..a2195b4 100644 --- a/nixos/modules/nixos/editor/vscode.nix +++ b/nixos/modules/nixos/editor/vscode.nix @@ -1,4 +1,9 @@ -{ lib, config, pkgs, ... }: +{ + lib, + config, + pkgs, + ... +}: with lib; let cfg = config.mySystem.editor.vscode; @@ -74,8 +79,12 @@ let } ]; # Extract extension strings and coerce them to a list of valid attribute paths. - vscodeCommunityExtensionsPackages = map (ext: getAttrFromPath (splitString "." ext) pkgs.vscode-marketplace) vscodeCommunityExtensions; - nixpkgsExtensionsPackages = map (ext: getAttrFromPath (splitString "." ext) pkgs.vscode-extensions) vscodeNixpkgsExtensions; + vscodeCommunityExtensionsPackages = map ( + ext: getAttrFromPath (splitString "." ext) pkgs.vscode-marketplace + ) vscodeCommunityExtensions; + nixpkgsExtensionsPackages = map ( + ext: getAttrFromPath (splitString "." ext) pkgs.vscode-extensions + ) vscodeNixpkgsExtensions; marketplaceExtensionsPackages = pkgs.vscode-utils.extensionsFromVscodeMarketplace marketplaceExtensions; in { diff --git a/nixos/modules/nixos/games/steam/steam.nix b/nixos/modules/nixos/games/steam/steam.nix index db334cd..5bccfec 100644 --- a/nixos/modules/nixos/games/steam/steam.nix +++ b/nixos/modules/nixos/games/steam/steam.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.mySystem.games.steam; in diff --git a/nixos/modules/nixos/hardware/nvidia/default.nix b/nixos/modules/nixos/hardware/nvidia/default.nix index eeb9182..86cc5dd 100644 --- a/nixos/modules/nixos/hardware/nvidia/default.nix +++ b/nixos/modules/nixos/hardware/nvidia/default.nix @@ -1,4 +1,9 @@ -{ lib, config, pkgs, ... }: +{ + lib, + config, + pkgs, + ... +}: with lib; let cfg = config.mySystem.hardware.nvidia; diff --git a/nixos/modules/nixos/lib.nix b/nixos/modules/nixos/lib.nix index e89fe64..1a955e1 100644 --- a/nixos/modules/nixos/lib.nix +++ b/nixos/modules/nixos/lib.nix @@ -88,10 +88,7 @@ else null; remoteResticTemplate = - if builtins.hasAttr "remoteResticTemplate" options then - options.remoteResticTemplate - else - null; + if builtins.hasAttr "remoteResticTemplate" options then options.remoteResticTemplate else null; # 2:05 daily backup with 3h random delay timerConfig = { OnCalendar = "02:05"; @@ -125,7 +122,9 @@ inherit (options) user passwordFile environmentFile; # Move the path to the zfs snapshot path paths = map (x: "${config.mySystem.services.zfs-nightly-snap.mountPath}/${x}") options.paths; - exclude = map (x: "${config.mySystem.services.zfs-nightly-snap.mountPath}/${x}") options.excludePaths; + exclude = map ( + x: "${config.mySystem.services.zfs-nightly-snap.mountPath}/${x}" + ) options.excludePaths; repository = "${options.localResticTemplate}"; }; @@ -142,7 +141,9 @@ paths = map (x: "${config.mySystem.services.zfs-nightly-snap.mountPath}/${x}") options.paths; repository = remoteResticTemplate; repositoryFile = remoteResticTemplateFile; - exclude = map (x: "${config.mySystem.services.zfs-nightly-snap.mountPath}/${x}") options.excludePaths; + exclude = map ( + x: "${config.mySystem.services.zfs-nightly-snap.mountPath}/${x}" + ) options.excludePaths; }; }; } diff --git a/nixos/modules/nixos/programs/shell/fish.nix b/nixos/modules/nixos/programs/shell/fish.nix index 9ee8179..b4b1729 100644 --- a/nixos/modules/nixos/programs/shell/fish.nix +++ b/nixos/modules/nixos/programs/shell/fish.nix @@ -4,16 +4,14 @@ let cfg = config.mySystem.shell.fish; in { - options.mySystem.shell.fish = - { - enable = mkEnableOption "Fish"; - enablePlugins = mkOption - { - type = lib.types.bool; - description = "If we want to add fish plugins"; - default = true; - }; + options.mySystem.shell.fish = { + enable = mkEnableOption "Fish"; + enablePlugins = mkOption { + type = lib.types.bool; + description = "If we want to add fish plugins"; + default = true; }; + }; # Install fish systemwide config.programs.fish = mkIf cfg.enable { diff --git a/nixos/modules/nixos/security/1password/default.nix b/nixos/modules/nixos/security/1password/default.nix index 21b748d..062ba26 100644 --- a/nixos/modules/nixos/security/1password/default.nix +++ b/nixos/modules/nixos/security/1password/default.nix @@ -1,5 +1,6 @@ { config, lib, ... }: -with lib; let +with lib; +let cfg = config.mySystem.security._1password; user = "jahanson"; in diff --git a/nixos/modules/nixos/services/bind/default.nix b/nixos/modules/nixos/services/bind/default.nix index d7b51b5..4fbfb33 100644 --- a/nixos/modules/nixos/services/bind/default.nix +++ b/nixos/modules/nixos/services/bind/default.nix @@ -1,4 +1,9 @@ -{ lib, config, pkgs, ... }: +{ + lib, + config, + pkgs, + ... +}: with lib; let cfg = config.mySystem.services.bind; diff --git a/nixos/modules/nixos/services/dnsmasq/default.nix b/nixos/modules/nixos/services/dnsmasq/default.nix index e481dc1..102dcc1 100644 --- a/nixos/modules/nixos/services/dnsmasq/default.nix +++ b/nixos/modules/nixos/services/dnsmasq/default.nix @@ -1,4 +1,9 @@ -{ lib, config, pkgs, ... }: +{ + lib, + config, + pkgs, + ... +}: with lib; let cfg = config.mySystem.services.dnsmasq; @@ -25,7 +30,11 @@ in networking.firewall = { # dhcp ports | tftp port - allowedUDPPorts = [ 67 68 69 ]; # server/client/tftp + allowedUDPPorts = [ + 67 + 68 + 69 + ]; # server/client/tftp }; # Proxy DHCP for PXE booting. This leaves DHCP address allocation alone and dhcp clients diff --git a/nixos/modules/nixos/services/haproxy/default.nix b/nixos/modules/nixos/services/haproxy/default.nix index 0d21965..5876a7c 100644 --- a/nixos/modules/nixos/services/haproxy/default.nix +++ b/nixos/modules/nixos/services/haproxy/default.nix @@ -1,4 +1,9 @@ -{ lib, config, pkgs, ... }: +{ + lib, + config, + pkgs, + ... +}: with lib; let cfg = config.mySystem.services.haproxy; @@ -6,7 +11,9 @@ let in { options.mySystem.services.haproxy = { - enable = mkEnableOption "haproxy" // { default = false; }; + enable = mkEnableOption "haproxy" // { + default = false; + }; package = mkPackageOption pkgs "haproxy" { }; config = mkOption { type = types.str; diff --git a/nixos/modules/nixos/services/libvirt-qemu/default.nix b/nixos/modules/nixos/services/libvirt-qemu/default.nix index 2ff3c14..ca6ef85 100644 --- a/nixos/modules/nixos/services/libvirt-qemu/default.nix +++ b/nixos/modules/nixos/services/libvirt-qemu/default.nix @@ -1,4 +1,10 @@ -{ lib, config, pkgs, inputs, ... }: +{ + lib, + config, + pkgs, + inputs, + ... +}: with lib; let cfg = config.mySystem.services.libvirt-qemu; @@ -11,7 +17,10 @@ in config = mkIf cfg.enable { networking.firewall = { - allowedTCPPorts = [ 16509 16514 ]; + allowedTCPPorts = [ + 16509 + 16514 + ]; }; # Enable bind with domain configuration diff --git a/nixos/modules/nixos/services/matchbox/default.nix b/nixos/modules/nixos/services/matchbox/default.nix index 35d873b..e2742c7 100644 --- a/nixos/modules/nixos/services/matchbox/default.nix +++ b/nixos/modules/nixos/services/matchbox/default.nix @@ -1,4 +1,9 @@ -{ lib, config, pkgs, ... }: +{ + lib, + config, + pkgs, + ... +}: with lib; let cfg = config.mySystem.services.matchbox; diff --git a/nixos/modules/nixos/services/nginx/default.nix b/nixos/modules/nixos/services/nginx/default.nix index 3ab62c4..87fcdb2 100644 --- a/nixos/modules/nixos/services/nginx/default.nix +++ b/nixos/modules/nixos/services/nginx/default.nix @@ -52,8 +52,14 @@ in }; networking.firewall = { - allowedTCPPorts = [ 80 443 ]; - allowedUDPPorts = [ 80 443 ]; + allowedTCPPorts = [ + 80 + 443 + ]; + allowedUDPPorts = [ + 80 + 443 + ]; }; # required for using acme certs diff --git a/nixos/modules/nixos/services/podman/default.nix b/nixos/modules/nixos/services/podman/default.nix index 7485cd1..d705d8a 100644 --- a/nixos/modules/nixos/services/podman/default.nix +++ b/nixos/modules/nixos/services/podman/default.nix @@ -1,4 +1,9 @@ -{ lib, config, pkgs, ... }: +{ + lib, + config, + pkgs, + ... +}: with lib; let cfg = config.mySystem.services.podman; @@ -6,47 +11,46 @@ in { options.mySystem.services.podman.enable = mkEnableOption "Podman"; - config = mkIf cfg.enable - { - virtualisation.podman = { - enable = true; + config = mkIf cfg.enable { + virtualisation.podman = { + enable = true; - dockerCompat = true; - extraPackages = [ pkgs.zfs ]; + dockerCompat = true; + extraPackages = [ pkgs.zfs ]; - # regular cleanup - autoPrune.enable = true; - autoPrune.dates = "weekly"; + # regular cleanup + autoPrune.enable = true; + autoPrune.dates = "weekly"; - # and add dns - defaultNetwork.settings = { - dns_enabled = false; - }; - }; - virtualisation.oci-containers = { - backend = "podman"; - }; - - environment.systemPackages = with pkgs; [ - podman-tui # status of containers in the terminal - unstable.lazydocker - ]; - - programs.fish.shellAliases = { - # lazydocker --> lazypodman - lazypodman = "sudo DOCKER_HOST=unix:///run/podman/podman.sock lazydocker"; - }; - - networking.firewall.interfaces.podman0.allowedUDPPorts = [ 53 ]; - - # extra user for containers - users.groups.kah = { }; - users.users = { - kah = { - uid = 568; - group = "kah"; - }; - jahanson.extraGroups = [ "kah" ]; + # and add dns + defaultNetwork.settings = { + dns_enabled = false; }; }; + virtualisation.oci-containers = { + backend = "podman"; + }; + + environment.systemPackages = with pkgs; [ + podman-tui # status of containers in the terminal + unstable.lazydocker + ]; + + programs.fish.shellAliases = { + # lazydocker --> lazypodman + lazypodman = "sudo DOCKER_HOST=unix:///run/podman/podman.sock lazydocker"; + }; + + networking.firewall.interfaces.podman0.allowedUDPPorts = [ 53 ]; + + # extra user for containers + users.groups.kah = { }; + users.users = { + kah = { + uid = 568; + group = "kah"; + }; + jahanson.extraGroups = [ "kah" ]; + }; + }; } diff --git a/nixos/modules/nixos/services/sanoid/default.nix b/nixos/modules/nixos/services/sanoid/default.nix index 1d41ec2..168e7ca 100644 --- a/nixos/modules/nixos/services/sanoid/default.nix +++ b/nixos/modules/nixos/services/sanoid/default.nix @@ -1,4 +1,9 @@ -{ lib, config, pkgs, ... }: +{ + lib, + config, + pkgs, + ... +}: with lib; let cfg = config.mySystem.services.sanoid; diff --git a/nixos/modules/nixos/system/borg/pikabackup/default.nix b/nixos/modules/nixos/system/borg/pikabackup/default.nix index 273df94..116835e 100644 --- a/nixos/modules/nixos/system/borg/pikabackup/default.nix +++ b/nixos/modules/nixos/system/borg/pikabackup/default.nix @@ -1,4 +1,9 @@ -{ lib, config, pkgs, ... }: +{ + lib, + config, + pkgs, + ... +}: let cfg = config.mySystem.system.borg.pika-backup; user = "jahanson"; diff --git a/nixos/modules/nixos/system/fingerprint-reader-on-laptop-lid/default.nix b/nixos/modules/nixos/system/fingerprint-reader-on-laptop-lid/default.nix index f6fb560..4fe5697 100644 --- a/nixos/modules/nixos/system/fingerprint-reader-on-laptop-lid/default.nix +++ b/nixos/modules/nixos/system/fingerprint-reader-on-laptop-lid/default.nix @@ -12,7 +12,12 @@ # On Framework 16 the USB is: # Bus 005 Device 007: ID 27c6:609c Shenzhen Goodix Technology Co.,Ltd # Use `findfp.sh` to find the correct USB device. -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.mySystem.system.fingerprint-reader-on-laptop-lid; laptop-lid = pkgs.writeShellScript "laptop-lid" '' @@ -79,8 +84,13 @@ in systemd.services.fingerprint-laptop-lid = { enable = true; description = "Disable fingerprint reader when laptop lid closes"; - serviceConfig = { ExecStart = "${laptop-lid}"; }; - wantedBy = [ "multi-user.target" "suspend.target" ]; + serviceConfig = { + ExecStart = "${laptop-lid}"; + }; + wantedBy = [ + "multi-user.target" + "suspend.target" + ]; after = [ "suspend.target" ]; }; }; diff --git a/nixos/modules/nixos/system/incus/default.nix b/nixos/modules/nixos/system/incus/default.nix index c7dfb1c..33752c3 100644 --- a/nixos/modules/nixos/system/incus/default.nix +++ b/nixos/modules/nixos/system/incus/default.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: let cfg = config.mySystem.system.incus; user = "jahanson"; diff --git a/nixos/modules/nixos/system/motd/default.nix b/nixos/modules/nixos/system/motd/default.nix index a6c5025..28d82d9 100644 --- a/nixos/modules/nixos/system/motd/default.nix +++ b/nixos/modules/nixos/system/motd/default.nix @@ -1,77 +1,86 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let - motd = pkgs.writeShellScriptBin "motd" - '' - #! /usr/bin/env bash - source /etc/os-release - service_status=$(systemctl list-units | grep podman-) - RED="\e[31m" - GREEN="\e[32m" - BOLD="\e[1m" - ENDCOLOR="\e[0m" - LOAD1=`cat /proc/loadavg | awk {'print $1'}` - LOAD5=`cat /proc/loadavg | awk {'print $2'}` - LOAD15=`cat /proc/loadavg | awk {'print $3'}` + motd = pkgs.writeShellScriptBin "motd" '' + #! /usr/bin/env bash + source /etc/os-release + service_status=$(systemctl list-units 'podman-*.service' 'plex.service' 'scrutiny.service' 'jellyfin.service' 'ollama.service' 'scrypted.service' | grep '\.service') + RED="\e[31m" + GREEN="\e[32m" + BOLD="\e[1m" + ENDCOLOR="\e[0m" + LOAD1=`cat /proc/loadavg | awk {'print $1'}` + LOAD5=`cat /proc/loadavg | awk {'print $2'}` + LOAD15=`cat /proc/loadavg | awk {'print $3'}` - MEMORY=`free -m | awk 'NR==2{printf "%s/%sMB (%.2f%%)\n", $3,$2,$3*100 / $2 }'` + MEMORY=`free -m | awk 'NR==2{printf "%s/%sMB (%.2f%%)\n", $3,$2,$3*100 / $2 }'` - # time of day - HOUR=$(date +"%H") - if [ $HOUR -lt 12 -a $HOUR -ge 0 ] - then TIME="morning" - elif [ $HOUR -lt 17 -a $HOUR -ge 12 ] - then TIME="afternoon" - else - TIME="evening" - fi + # time of day + HOUR=$(date +"%H") + if [ $HOUR -lt 12 -a $HOUR -ge 0 ] + then TIME="morning" + elif [ $HOUR -lt 17 -a $HOUR -ge 12 ] + then TIME="afternoon" + else + TIME="evening" + fi - uptime=`cat /proc/uptime | cut -f1 -d.` - upDays=$((uptime/60/60/24)) - upHours=$((uptime/60/60%24)) - upMins=$((uptime/60%60)) - upSecs=$((uptime%60)) + uptime=`cat /proc/uptime | cut -f1 -d.` + upDays=$((uptime/60/60/24)) + upHours=$((uptime/60/60%24)) + upMins=$((uptime/60%60)) + upSecs=$((uptime%60)) - figlet "$(hostname)" | lolcat -f - printf "$BOLD %-20s$ENDCOLOR %s\n" "Role:" "${config.mySystem.purpose}" - printf "\n" - ${lib.strings.concatStrings (lib.lists.forEach cfg.networkInterfaces (x: "printf \"$BOLD * %-20s$ENDCOLOR %s\\n\" \"IPv4 ${x}\" \"$(ip -4 addr show ${x} | grep -oP '(?<=inet\\s)\\d+(\\.\\d+){3}')\"\n"))} - printf "$BOLD * %-20s$ENDCOLOR %s\n" "Release" "$PRETTY_NAME" - printf "$BOLD * %-20s$ENDCOLOR %s\n" "Kernel" "$(uname -rs)" - [ -f /var/run/reboot-required ] && printf "$RED * %-20s$ENDCOLOR %s\n" "A reboot is required" - printf "\n" - printf "$BOLD * %-20s$ENDCOLOR %s\n" "CPU usage" "$LOAD1, $LOAD5, $LOAD15 (1, 5, 15 min)" - printf "$BOLD * %-20s$ENDCOLOR %s\n" "Memory" "$MEMORY" - printf "$BOLD * %-20s$ENDCOLOR %s\n" "System uptime" "$upDays days $upHours hours $upMins minutes $upSecs seconds" - printf "\n" - if ! type "$zpool" &> /dev/null; then - printf "$BOLD Zpool status: $ENDCOLOR\n" - zpool status -x | sed -e 's/^/ /' - fi - if ! type "$zpool" &> /dev/null; then - printf "$BOLD Zpool usage: $ENDCOLOR\n" - zpool list -Ho name,cap,size | awk '{ printf("%-10s%+3s used out of %+5s\n", $1, $2, $3); }' | sed -e 's/^/ /' - fi - printf "\n" + figlet "$(hostname)" | lolcat -f + printf "$BOLD %-20s$ENDCOLOR %s\n" "Role:" "${config.mySystem.purpose}" + printf "\n" + ${lib.strings.concatStrings ( + lib.lists.forEach cfg.networkInterfaces ( + x: + "printf \"$BOLD * %-20s$ENDCOLOR %s\\n\" \"IPv4 ${x}\" \"$(ip -4 addr show ${x} | grep -oP '(?<=inet\\s)\\d+(\\.\\d+){3}')\"\n" + ) + )} + printf "$BOLD * %-20s$ENDCOLOR %s\n" "Release" "$PRETTY_NAME" + printf "$BOLD * %-20s$ENDCOLOR %s\n" "Kernel" "$(uname -rs)" + [ -f /var/run/reboot-required ] && printf "$RED * %-20s$ENDCOLOR %s\n" "A reboot is required" + printf "\n" + printf "$BOLD * %-20s$ENDCOLOR %s\n" "CPU usage" "$LOAD1, $LOAD5, $LOAD15 (1, 5, 15 min)" + printf "$BOLD * %-20s$ENDCOLOR %s\n" "Memory" "$MEMORY" + printf "$BOLD * %-20s$ENDCOLOR %s\n" "System uptime" "$upDays days $upHours hours $upMins minutes $upSecs seconds" + printf "\n" + if ! type "$zpool" &> /dev/null; then + printf "$BOLD Zpool status: $ENDCOLOR\n" + zpool status -x | sed -e 's/^/ /' + fi + if ! type "$zpool" &> /dev/null; then + printf "$BOLD Zpool usage: $ENDCOLOR\n" + zpool list -Ho name,cap,size | awk '{ printf("%-10s%+3s used out of %+5s\n", $1, $2, $3); }' | sed -e 's/^/ /' + fi + printf "\n" - if [[ -n "$service_status" ]]; then - printf "$BOLDService status$ENDCOLOR\n" - while IFS= read -r line; do - if [[ $line =~ ".scope" ]]; then - continue - fi - if echo "$line" | grep -q 'failed'; then - service_name=$(echo $line | awk '{print $2;}' | sed 's/podman-//g') - printf "$RED• $ENDCOLOR%-50s $RED[failed]$ENDCOLOR\n" "$service_name" - elif echo "$line" | grep -q 'running'; then - service_name=$(echo $line | awk '{print $1;}' | sed 's/podman-//g') - printf "$GREEN• $ENDCOLOR%-50s $GREEN[active]$ENDCOLOR\n" "$service_name" - else - echo "service status unknown" - fi - done <<< "$service_status" - fi - ''; + if [[ -n "$service_status" ]]; then + printf "$BOLDService status$ENDCOLOR\n" + while IFS= read -r line; do + if [[ $line =~ ".scope" ]]; then + continue + fi + if echo "$line" | grep -q 'failed'; then + service_name=$(echo $line | awk '{print $2;}' | sed 's/podman-//g') + printf "$RED• $ENDCOLOR%-50s $RED[failed]$ENDCOLOR\n" "$service_name" + elif echo "$line" | grep -q 'running'; then + service_name=$(echo $line | awk '{print $1;}' | sed 's/podman-//g') + printf "$GREEN• $ENDCOLOR%-50s $GREEN[active]$ENDCOLOR\n" "$service_name" + else + echo "service status unknown" + fi + done <<< "$service_status" + fi + ''; cfg = config.mySystem.system.motd; in { diff --git a/nixos/modules/nixos/system/nix.nix b/nixos/modules/nixos/system/nix.nix index dd6adbf..164b04b 100644 --- a/nixos/modules/nixos/system/nix.nix +++ b/nixos/modules/nixos/system/nix.nix @@ -5,22 +5,20 @@ let in { options.mySystem.nix = { - autoOptimiseStore = mkOption - { - type = lib.types.bool; - description = "If we want to auto optimise store"; - default = true; - }; + autoOptimiseStore = mkOption { + type = lib.types.bool; + description = "If we want to auto optimise store"; + default = true; + }; gc = { enable = mkEnableOption "automatic garbage collection" // { default = true; }; - persistent = mkOption - { - type = lib.types.bool; - description = "Persistent timer for gc, runs at startup if timer missed"; - default = true; - }; + persistent = mkOption { + type = lib.types.bool; + description = "Persistent timer for gc, runs at startup if timer missed"; + default = true; + }; }; }; diff --git a/nixos/modules/nixos/system/openssh.nix b/nixos/modules/nixos/system/openssh.nix index c82cffd..ce37dbc 100644 --- a/nixos/modules/nixos/system/openssh.nix +++ b/nixos/modules/nixos/system/openssh.nix @@ -5,19 +5,25 @@ let in { options.mySystem.services.openssh = { - enable = mkEnableOption "openssh" // { default = true; }; - passwordAuthentication = mkOption - { - type = lib.types.bool; - description = "If password can be accepted for ssh (commonly disable for security hardening)"; - default = false; - }; - permitRootLogin = mkOption - { - type = types.enum [ "yes" "without-password" "prohibit-password" "forced-commands-only" "no" ]; - description = "If root can login via ssh (commonly disable for security hardening)"; - default = "prohibit-password"; - }; + enable = mkEnableOption "openssh" // { + default = true; + }; + passwordAuthentication = mkOption { + type = lib.types.bool; + description = "If password can be accepted for ssh (commonly disable for security hardening)"; + default = false; + }; + permitRootLogin = mkOption { + type = types.enum [ + "yes" + "without-password" + "prohibit-password" + "forced-commands-only" + "no" + ]; + description = "If root can login via ssh (commonly disable for security hardening)"; + default = "prohibit-password"; + }; }; config = mkIf cfg.enable { diff --git a/nixos/modules/nixos/system/pushover/default.nix b/nixos/modules/nixos/system/pushover/default.nix index 68f02bd..8992700 100644 --- a/nixos/modules/nixos/system/pushover/default.nix +++ b/nixos/modules/nixos/system/pushover/default.nix @@ -1,26 +1,33 @@ -{ lib -, config -, pkgs -, ... +{ + lib, + config, + pkgs, + ... }: with lib; let cfg = config.mySystem.system.systemd.pushover-alerts; in { - options.mySystem.system.systemd.pushover-alerts.enable = mkEnableOption "Pushover alerts for systemd failures" // { default = true; }; + options.mySystem.system.systemd.pushover-alerts.enable = + mkEnableOption "Pushover alerts for systemd failures" + // { + default = true; + }; options.systemd.services = mkOption { - type = with types; attrsOf ( - submodule { + type = + with types; + attrsOf (submodule { config.onFailure = [ "notify-pushover@%n.service" ]; - } - ); + }); }; config = { # Warn if backups are disable and machine isnt a dev box warnings = [ - (mkIf (!cfg.enable && config.mySystem.purpose != "Development") "WARNING: Pushover SystemD notifications are disabled!") + (mkIf ( + !cfg.enable && config.mySystem.purpose != "Development" + ) "WARNING: Pushover SystemD notifications are disabled!") ]; systemd.services."notify-pushover@" = mkIf cfg.enable { diff --git a/nixos/modules/nixos/system/security.nix b/nixos/modules/nixos/system/security.nix index 9a84e33..69f0585 100644 --- a/nixos/modules/nixos/system/security.nix +++ b/nixos/modules/nixos/system/security.nix @@ -18,28 +18,27 @@ in }; }; - config = - { - security = { - sudo.wheelNeedsPassword = cfg.wheelNeedsSudoPassword; - # Don't bother with the lecture or the need to keep state about who's been lectured - sudo.extraConfig = "Defaults lecture=\"never\""; - pam.sshAgentAuth.enable = cfg.sshAgentAuth.enable; - # Increase open file limit for sudoers - pam.loginLimits = mkIf cfg.increaseWheelLoginLimits [ - { - domain = "@wheel"; - item = "nofile"; - type = "soft"; - value = "524288"; - } - { - domain = "@wheel"; - item = "nofile"; - type = "hard"; - value = "1048576"; - } - ]; - }; + config = { + security = { + sudo.wheelNeedsPassword = cfg.wheelNeedsSudoPassword; + # Don't bother with the lecture or the need to keep state about who's been lectured + sudo.extraConfig = "Defaults lecture=\"never\""; + pam.sshAgentAuth.enable = cfg.sshAgentAuth.enable; + # Increase open file limit for sudoers + pam.loginLimits = mkIf cfg.increaseWheelLoginLimits [ + { + domain = "@wheel"; + item = "nofile"; + type = "soft"; + value = "524288"; + } + { + domain = "@wheel"; + item = "nofile"; + type = "hard"; + value = "1048576"; + } + ]; }; + }; } diff --git a/nixos/modules/nixos/system/wifi_swap/default.nix b/nixos/modules/nixos/system/wifi_swap/default.nix index 413a2d9..ca34121 100644 --- a/nixos/modules/nixos/system/wifi_swap/default.nix +++ b/nixos/modules/nixos/system/wifi_swap/default.nix @@ -1,39 +1,45 @@ # turns off the wifi when the usb device 0bda:8156 is connected. -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: with lib; let cfg = config.mySystem.framework_wifi_swap; - wifiSwap = pkgs.writeShellScriptBin "wifi_swap" - '' - #! /usr/bin/env bash - # This script turns off the wifi and on when the usb device 0bda:8156 is connected or removed. - # It is useful when you want to use a wired connection instead of wifi. - # The script is run by udev when the usb device is connected. - # The script is located at /run/current-system/sw/bin/wifi_swap - # The udev rule is located at -extra-udev-rules/etc/udev/rules.d/99-local.rules - # The udev rule is: - # ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="0bda", ATTR{idProduct}=="8156", RUN+="/run/current-system/sw/bin/wifi_swap" - # ACTION=="remove", SUBSYSTEM=="net", ENV{ID_USB_VENDOR_ID}=="0bda", ENV{ID_USB_MODEL_ID}=="8156", RUN+="/run/current-system/sw/bin/wifi_swap" - echo "wifi_swap ACTION: $ACTION" | systemd-cat -t wifi_swap - # Case or switch for $ACTION - case $ACTION in - add) - echo "Plugged in USB device 0bda:8156 (Realtek 2.5gbe). Turning Wi-Fi off." | systemd-cat -t wifi_swap - ${pkgs.networkmanager.outPath}/bin/nmcli radio wifi off - ;; - remove) - echo "unplugged in USB device 0bda:8156 (Realtek 2.5gbe) Turning Wi-Fi on." | systemd-cat -t wifi_swap - ${pkgs.networkmanager.outPath}/bin/nmcli radio wifi on - ;; - *) - echo "Uknown ACTION: $ACTION" | systemd-cat -t wifi_swap - ;; - esac - ''; + wifiSwap = pkgs.writeShellScriptBin "wifi_swap" '' + #! /usr/bin/env bash + # This script turns off the wifi and on when the usb device 0bda:8156 is connected or removed. + # It is useful when you want to use a wired connection instead of wifi. + # The script is run by udev when the usb device is connected. + # The script is located at /run/current-system/sw/bin/wifi_swap + # The udev rule is located at -extra-udev-rules/etc/udev/rules.d/99-local.rules + # The udev rule is: + # ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="0bda", ATTR{idProduct}=="8156", RUN+="/run/current-system/sw/bin/wifi_swap" + # ACTION=="remove", SUBSYSTEM=="net", ENV{ID_USB_VENDOR_ID}=="0bda", ENV{ID_USB_MODEL_ID}=="8156", RUN+="/run/current-system/sw/bin/wifi_swap" + echo "wifi_swap ACTION: $ACTION" | systemd-cat -t wifi_swap + # Case or switch for $ACTION + case $ACTION in + add) + echo "Plugged in USB device 0bda:8156 (Realtek 2.5gbe). Turning Wi-Fi off." | systemd-cat -t wifi_swap + ${pkgs.networkmanager.outPath}/bin/nmcli radio wifi off + ;; + remove) + echo "unplugged in USB device 0bda:8156 (Realtek 2.5gbe) Turning Wi-Fi on." | systemd-cat -t wifi_swap + ${pkgs.networkmanager.outPath}/bin/nmcli radio wifi on + ;; + *) + echo "Uknown ACTION: $ACTION" | systemd-cat -t wifi_swap + ;; + esac + ''; in { options.mySystem.framework_wifi_swap = { - enable = mkEnableOption "framework_wifi_swap" // { default = false; }; + enable = mkEnableOption "framework_wifi_swap" // { + default = false; + }; }; config = mkIf cfg.enable { # Create bash script and add it to nix store diff --git a/nixos/modules/nixos/system/zfs.nix b/nixos/modules/nixos/system/zfs.nix index 4c52e1d..9be78bc 100644 --- a/nixos/modules/nixos/system/zfs.nix +++ b/nixos/modules/nixos/system/zfs.nix @@ -1,4 +1,9 @@ -{ lib, config, pkgs, ... }: +{ + lib, + config, + pkgs, + ... +}: let cfg = config.mySystem.system.zfs; in @@ -25,7 +30,6 @@ with lib; services.zfs = { autoScrub.enable = true; - # Defaults to weekly and is a bit too regular for my NAS autoScrub.interval = "weekly"; trim.enable = true; }; @@ -34,7 +38,7 @@ with lib; environment.systemPackages = with pkgs; [ busybox ]; - + services.zfs.zed.settings = { ZED_PUSHOVER_TOKEN = "$(${pkgs.busybox}/bin/cat ${config.sops.secrets.pushover-api-key.path})"; ZED_PUSHOVER_USER = "$(${pkgs.busybox}/bin/cat ${config.sops.secrets.pushover-user-key.path})"; diff --git a/nixos/overlays/charm-mods/default.nix b/nixos/overlays/charm-mods/default.nix index 49a1ea1..41d131f 100644 --- a/nixos/overlays/charm-mods/default.nix +++ b/nixos/overlays/charm-mods/default.nix @@ -62,7 +62,10 @@ buildGoModule rec { description = "AI on the command line"; homepage = "https://github.com/charmbracelet/mods"; license = licenses.mit; - maintainers = with maintainers; [ dit7ya caarlos0 ]; + maintainers = with maintainers; [ + dit7ya + caarlos0 + ]; mainProgram = "mods"; }; } diff --git a/nixos/overlays/coder/default.nix b/nixos/overlays/coder/default.nix index 904f39f..17ad078 100644 --- a/nixos/overlays/coder/default.nix +++ b/nixos/overlays/coder/default.nix @@ -1,12 +1,13 @@ -{ lib -, channel ? "stable" -, fetchurl -, installShellFiles -, makeBinaryWrapper -, terraform -, stdenvNoCC -, unzip -, nixosTests +{ + lib, + channel ? "stable", + fetchurl, + installShellFiles, + makeBinaryWrapper, + terraform, + stdenvNoCC, + unzip, + nixosTests, }: let @@ -41,19 +42,23 @@ stdenvNoCC.mkDerivation (finalAttrs: { url = let - systemName = { - x86_64-linux = "linux_amd64"; - aarch64-linux = "linux_arm64"; - x86_64-darwin = "darwin_amd64"; - aarch64-darwin = "darwin_arm64"; - }.${system}; + systemName = + { + x86_64-linux = "linux_amd64"; + aarch64-linux = "linux_arm64"; + x86_64-darwin = "darwin_amd64"; + aarch64-darwin = "darwin_arm64"; + } + .${system}; - ext = { - x86_64-linux = "tar.gz"; - aarch64-linux = "tar.gz"; - x86_64-darwin = "zip"; - aarch64-darwin = "zip"; - }.${system}; + ext = + { + x86_64-linux = "tar.gz"; + aarch64-linux = "tar.gz"; + x86_64-darwin = "zip"; + aarch64-darwin = "zip"; + } + .${system}; in "https://github.com/coder/coder/releases/download/v${finalAttrs.version}/coder_${finalAttrs.version}_${systemName}.${ext}"; }; @@ -96,7 +101,11 @@ stdenvNoCC.mkDerivation (finalAttrs: { homepage = "https://coder.com"; license = lib.licenses.agpl3Only; mainProgram = "coder"; - maintainers = with lib.maintainers; [ ghuntley kylecarbs urandom ]; + maintainers = with lib.maintainers; [ + ghuntley + kylecarbs + urandom + ]; }; passthru = { diff --git a/nixos/overlays/default.nix b/nixos/overlays/default.nix index 0db99fb..0f6f522 100644 --- a/nixos/overlays/default.nix +++ b/nixos/overlays/default.nix @@ -19,16 +19,22 @@ in # The unstable nixpkgs set (declared in the flake inputs) will # be accessible through 'pkgs.unstable' unstable-packages = final: prev: { - unstable = import inputs.nixpkgs-unstable - { + unstable = + import inputs.nixpkgs-unstable { inherit (final) system; config.allowUnfree = true; - } // { - # Add talosctl to the unstable set - talosctl = final.unstable.callPackage ./talosctl { - inherit (final.unstable) lib buildGoModule fetchFromGitHub installShellFiles; + } + // { + # Add talosctl to the unstable set + talosctl = final.unstable.callPackage ./talosctl { + inherit (final.unstable) + lib + buildGoModule + fetchFromGitHub + installShellFiles + ; + }; + xpipe = final.unstable.callPackage ./xpipe/ptb.nix { }; }; - xpipe = final.unstable.callPackage ./xpipe/ptb.nix {}; - }; }; } diff --git a/nixos/overlays/talosctl/default.nix b/nixos/overlays/talosctl/default.nix index 711c711..c808fe2 100644 --- a/nixos/overlays/talosctl/default.nix +++ b/nixos/overlays/talosctl/default.nix @@ -1,4 +1,10 @@ -{ lib, buildGoModule, fetchFromGitHub, installShellFiles, git }: +{ + lib, + buildGoModule, + fetchFromGitHub, + installShellFiles, + git, +}: buildGoModule rec { pname = "talosctl"; @@ -13,7 +19,10 @@ buildGoModule rec { vendorHash = "sha256-XvOMNyiHnemqnbOzWmzZXkr3+/ZgJDg8vjCtWFkCtLs="; - ldflags = [ "-s" "-w" ]; + ldflags = [ + "-s" + "-w" + ]; subPackages = [ "cmd/talosctl" ]; @@ -33,7 +42,10 @@ buildGoModule rec { export GOFLAGS="-mod=vendor" ''; - nativeBuildInputs = [ installShellFiles git ]; + nativeBuildInputs = [ + installShellFiles + git + ]; postInstall = '' installShellCompletion --cmd talosctl \ diff --git a/nixos/overlays/termius/default.nix b/nixos/overlays/termius/default.nix index 7c3f7be..cc3a04d 100644 --- a/nixos/overlays/termius/default.nix +++ b/nixos/overlays/termius/default.nix @@ -1,15 +1,16 @@ -{ autoPatchelfHook -, squashfsTools -, alsa-lib -, fetchurl -, makeDesktopItem -, makeWrapper -, stdenv -, lib -, libsecret -, mesa -, udev -, wrapGAppsHook3 +{ + autoPatchelfHook, + squashfsTools, + alsa-lib, + fetchurl, + makeDesktopItem, + makeWrapper, + stdenv, + lib, + libsecret, + mesa, + udev, + wrapGAppsHook3, }: stdenv.mkDerivation rec { @@ -45,7 +46,12 @@ stdenv.mkDerivation rec { dontWrapGApps = true; # TODO: migrate off autoPatchelfHook and use nixpkgs' electron - nativeBuildInputs = [ autoPatchelfHook squashfsTools makeWrapper wrapGAppsHook3 ]; + nativeBuildInputs = [ + autoPatchelfHook + squashfsTools + makeWrapper + wrapGAppsHook3 + ]; buildInputs = [ alsa-lib @@ -89,7 +95,10 @@ stdenv.mkDerivation rec { downloadPage = "https://termius.com/linux/"; sourceProvenance = with sourceTypes; [ binaryNativeCode ]; license = licenses.unfree; - maintainers = with maintainers; [ Br1ght0ne th0rgal ]; + maintainers = with maintainers; [ + Br1ght0ne + th0rgal + ]; platforms = [ "x86_64-linux" ]; mainProgram = "termius-app"; }; diff --git a/nixos/overlays/vivaldi/default.nix b/nixos/overlays/vivaldi/default.nix index 7563f18..a4dbbaf 100644 --- a/nixos/overlays/vivaldi/default.nix +++ b/nixos/overlays/vivaldi/default.nix @@ -1,42 +1,92 @@ -{ lib, stdenv, fetchurl, zlib, libX11, libXext, libSM, libICE, libxkbcommon, libxshmfence -, libXfixes, libXt, libXi, libXcursor, libXScrnSaver, libXcomposite, libXdamage, libXtst, libXrandr -, alsa-lib, dbus, cups, libexif, ffmpeg, systemd, libva, libGL -, freetype, fontconfig, libXft, libXrender, libxcb, expat -, libuuid -, libxml2 -, glib, gtk3, pango, gdk-pixbuf, cairo, atk, at-spi2-atk, at-spi2-core -, qt5 -, libdrm, mesa -, vulkan-loader -, nss, nspr -, patchelf, makeWrapper -, wayland, pipewire -, isSnapshot ? false -, proprietaryCodecs ? false, vivaldi-ffmpeg-codecs ? null -, enableWidevine ? false, widevine-cdm ? null -, commandLineArgs ? "" -, pulseSupport ? stdenv.isLinux, libpulseaudio -, kerberosSupport ? true, libkrb5 +{ + lib, + stdenv, + fetchurl, + zlib, + libX11, + libXext, + libSM, + libICE, + libxkbcommon, + libxshmfence, + libXfixes, + libXt, + libXi, + libXcursor, + libXScrnSaver, + libXcomposite, + libXdamage, + libXtst, + libXrandr, + alsa-lib, + dbus, + cups, + libexif, + ffmpeg, + systemd, + libva, + libGL, + freetype, + fontconfig, + libXft, + libXrender, + libxcb, + expat, + libuuid, + libxml2, + glib, + gtk3, + pango, + gdk-pixbuf, + cairo, + atk, + at-spi2-atk, + at-spi2-core, + qt5, + libdrm, + mesa, + vulkan-loader, + nss, + nspr, + patchelf, + makeWrapper, + wayland, + pipewire, + isSnapshot ? false, + proprietaryCodecs ? false, + vivaldi-ffmpeg-codecs ? null, + enableWidevine ? false, + widevine-cdm ? null, + commandLineArgs ? "", + pulseSupport ? stdenv.isLinux, + libpulseaudio, + kerberosSupport ? true, + libkrb5, }: let branch = if isSnapshot then "snapshot" else "stable"; vivaldiName = if isSnapshot then "vivaldi-snapshot" else "vivaldi"; -in stdenv.mkDerivation rec { +in +stdenv.mkDerivation rec { pname = "vivaldi"; version = "6.9.3447.37"; - suffix = { - aarch64-linux = "arm64"; - x86_64-linux = "amd64"; - }.${stdenv.hostPlatform.system} or (throw "Unsupported system: ${stdenv.hostPlatform.system}"); + suffix = + { + aarch64-linux = "arm64"; + x86_64-linux = "amd64"; + } + .${stdenv.hostPlatform.system} or (throw "Unsupported system: ${stdenv.hostPlatform.system}"); src = fetchurl { url = "https://downloads.vivaldi.com/${branch}/vivaldi-${branch}_${version}-1_${suffix}.deb"; - hash = { - aarch64-linux = "sha256-kYTnWad/jrJt9z+AhjXzHYxVSIwIIO3RKD7szuPEg2s="; - x86_64-linux = "sha256-+h7SHci8gZ+epKFHD0PiXyME2xT+loD2KXpJGFCfIFg="; - }.${stdenv.hostPlatform.system} or (throw "Unsupported system: ${stdenv.hostPlatform.system}"); + hash = + { + aarch64-linux = "sha256-kYTnWad/jrJt9z+AhjXzHYxVSIwIIO3RKD7szuPEg2s="; + x86_64-linux = "sha256-+h7SHci8gZ+epKFHD0PiXyME2xT+loD2KXpJGFCfIFg="; + } + .${stdenv.hostPlatform.system} or (throw "Unsupported system: ${stdenv.hostPlatform.system}"); }; unpackPhase = '' @@ -44,92 +94,151 @@ in stdenv.mkDerivation rec { tar -xvf data.tar.xz ''; - nativeBuildInputs = [ patchelf makeWrapper ]; + nativeBuildInputs = [ + patchelf + makeWrapper + ]; dontWrapQtApps = true; - buildInputs = [ - stdenv.cc.cc stdenv.cc.libc zlib libX11 libXt libXext libSM libICE libxcb libxkbcommon libxshmfence - libXi libXft libXcursor libXfixes libXScrnSaver libXcomposite libXdamage libXtst libXrandr - atk at-spi2-atk at-spi2-core alsa-lib dbus cups gtk3 gdk-pixbuf libexif ffmpeg systemd libva - qt5.qtbase - freetype fontconfig libXrender libuuid expat glib nss nspr libGL - libxml2 pango cairo - libdrm mesa vulkan-loader - wayland pipewire - ] ++ lib.optional proprietaryCodecs vivaldi-ffmpeg-codecs + buildInputs = + [ + stdenv.cc.cc + stdenv.cc.libc + zlib + libX11 + libXt + libXext + libSM + libICE + libxcb + libxkbcommon + libxshmfence + libXi + libXft + libXcursor + libXfixes + libXScrnSaver + libXcomposite + libXdamage + libXtst + libXrandr + atk + at-spi2-atk + at-spi2-core + alsa-lib + dbus + cups + gtk3 + gdk-pixbuf + libexif + ffmpeg + systemd + libva + qt5.qtbase + freetype + fontconfig + libXrender + libuuid + expat + glib + nss + nspr + libGL + libxml2 + pango + cairo + libdrm + mesa + vulkan-loader + wayland + pipewire + ] + ++ lib.optional proprietaryCodecs vivaldi-ffmpeg-codecs ++ lib.optional pulseSupport libpulseaudio ++ lib.optional kerberosSupport libkrb5; - libPath = lib.makeLibraryPath buildInputs - + lib.optionalString (stdenv.is64bit) - (":" + lib.makeSearchPathOutput "lib" "lib64" buildInputs) + libPath = + lib.makeLibraryPath buildInputs + + lib.optionalString (stdenv.is64bit) (":" + lib.makeSearchPathOutput "lib" "lib64" buildInputs) + ":$out/opt/${vivaldiName}/lib"; - buildPhase = '' - runHook preBuild - echo "Patching Vivaldi binaries" - for f in chrome_crashpad_handler vivaldi-bin vivaldi-sandbox ; do - patchelf \ - --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \ - --set-rpath "${libPath}" \ - opt/${vivaldiName}/$f - done + buildPhase = + '' + runHook preBuild + echo "Patching Vivaldi binaries" + for f in chrome_crashpad_handler vivaldi-bin vivaldi-sandbox ; do + patchelf \ + --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \ + --set-rpath "${libPath}" \ + opt/${vivaldiName}/$f + done - for f in libGLESv2.so libqt5_shim.so ; do - patchelf --set-rpath "${libPath}" opt/${vivaldiName}/$f - done - '' + lib.optionalString proprietaryCodecs '' - ln -s ${vivaldi-ffmpeg-codecs}/lib/libffmpeg.so opt/${vivaldiName}/libffmpeg.so.''${version%\.*\.*} - '' + '' - echo "Finished patching Vivaldi binaries" - runHook postBuild - ''; + for f in libGLESv2.so libqt5_shim.so ; do + patchelf --set-rpath "${libPath}" opt/${vivaldiName}/$f + done + '' + + lib.optionalString proprietaryCodecs '' + ln -s ${vivaldi-ffmpeg-codecs}/lib/libffmpeg.so opt/${vivaldiName}/libffmpeg.so.''${version%\.*\.*} + '' + + '' + echo "Finished patching Vivaldi binaries" + runHook postBuild + ''; dontPatchELF = true; - dontStrip = true; + dontStrip = true; - installPhase = '' - runHook preInstall - mkdir -p "$out" - cp -r opt "$out" - mkdir "$out/bin" - ln -s "$out/opt/${vivaldiName}/${vivaldiName}" "$out/bin/vivaldi" - mkdir -p "$out/share" - cp -r usr/share/{applications,xfce4} "$out"/share - substituteInPlace "$out"/share/applications/*.desktop \ - --replace /usr/bin/${vivaldiName} "$out"/bin/vivaldi - substituteInPlace "$out"/share/applications/*.desktop \ - --replace vivaldi-stable vivaldi - local d - for d in 16 22 24 32 48 64 128 256; do - mkdir -p "$out"/share/icons/hicolor/''${d}x''${d}/apps - ln -s \ - "$out"/opt/${vivaldiName}/product_logo_''${d}.png \ - "$out"/share/icons/hicolor/''${d}x''${d}/apps/vivaldi.png - done - wrapProgram "$out/bin/vivaldi" \ - --add-flags ${lib.escapeShellArg commandLineArgs} \ - --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations}}" \ - --set-default FONTCONFIG_FILE "${fontconfig.out}/etc/fonts/fonts.conf" \ - --set-default FONTCONFIG_PATH "${fontconfig.out}/etc/fonts" \ - --suffix XDG_DATA_DIRS : ${gtk3}/share/gsettings-schemas/${gtk3.name}/ \ - ${lib.optionalString enableWidevine "--suffix LD_LIBRARY_PATH : ${libPath}"} - '' + lib.optionalString enableWidevine '' - ln -sf ${widevine-cdm}/share/google/chrome/WidevineCdm $out/opt/${vivaldiName}/WidevineCdm - '' + '' - runHook postInstall - ''; + installPhase = + '' + runHook preInstall + mkdir -p "$out" + cp -r opt "$out" + mkdir "$out/bin" + ln -s "$out/opt/${vivaldiName}/${vivaldiName}" "$out/bin/vivaldi" + mkdir -p "$out/share" + cp -r usr/share/{applications,xfce4} "$out"/share + substituteInPlace "$out"/share/applications/*.desktop \ + --replace /usr/bin/${vivaldiName} "$out"/bin/vivaldi + substituteInPlace "$out"/share/applications/*.desktop \ + --replace vivaldi-stable vivaldi + local d + for d in 16 22 24 32 48 64 128 256; do + mkdir -p "$out"/share/icons/hicolor/''${d}x''${d}/apps + ln -s \ + "$out"/opt/${vivaldiName}/product_logo_''${d}.png \ + "$out"/share/icons/hicolor/''${d}x''${d}/apps/vivaldi.png + done + wrapProgram "$out/bin/vivaldi" \ + --add-flags ${lib.escapeShellArg commandLineArgs} \ + --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations}}" \ + --set-default FONTCONFIG_FILE "${fontconfig.out}/etc/fonts/fonts.conf" \ + --set-default FONTCONFIG_PATH "${fontconfig.out}/etc/fonts" \ + --suffix XDG_DATA_DIRS : ${gtk3}/share/gsettings-schemas/${gtk3.name}/ \ + ${lib.optionalString enableWidevine "--suffix LD_LIBRARY_PATH : ${libPath}"} + '' + + lib.optionalString enableWidevine '' + ln -sf ${widevine-cdm}/share/google/chrome/WidevineCdm $out/opt/${vivaldiName}/WidevineCdm + '' + + '' + runHook postInstall + ''; passthru.updateScript = ./update-vivaldi.sh; meta = with lib; { description = "Browser for our Friends, powerful and personal"; - homepage = "https://vivaldi.com"; - license = licenses.unfree; + homepage = "https://vivaldi.com"; + license = licenses.unfree; sourceProvenance = with sourceTypes; [ binaryNativeCode ]; mainProgram = "vivaldi"; - maintainers = with maintainers; [ otwieracz badmutex ]; - platforms = [ "x86_64-linux" "aarch64-linux" ]; + maintainers = with maintainers; [ + otwieracz + badmutex + ]; + platforms = [ + "x86_64-linux" + "aarch64-linux" + ]; }; } diff --git a/nixos/overlays/vivaldi/ffmpeg-codecs.nix b/nixos/overlays/vivaldi/ffmpeg-codecs.nix index dafc914..0872fd8 100644 --- a/nixos/overlays/vivaldi/ffmpeg-codecs.nix +++ b/nixos/overlays/vivaldi/ffmpeg-codecs.nix @@ -1,4 +1,9 @@ -{ squashfsTools, fetchurl, lib, stdenv }: +{ + squashfsTools, + fetchurl, + lib, + stdenv, +}: # This derivation roughly follows the update-ffmpeg script that ships with the official Vivaldi # downloads at https://vivaldi.com/download/ @@ -23,10 +28,14 @@ stdenv.mkDerivation rec { meta = with lib; { description = "Additional support for proprietary codecs for Vivaldi"; - homepage = "https://ffmpeg.org/"; + homepage = "https://ffmpeg.org/"; sourceProvenance = with sourceTypes; [ binaryNativeCode ]; - license = licenses.lgpl21; - maintainers = with maintainers; [ betaboon cawilliamson fptje ]; - platforms = [ "x86_64-linux" ]; + license = licenses.lgpl21; + maintainers = with maintainers; [ + betaboon + cawilliamson + fptje + ]; + platforms = [ "x86_64-linux" ]; }; } diff --git a/nixos/overlays/xpipe/ptb.nix b/nixos/overlays/xpipe/ptb.nix index 52dbe03..2401499 100644 --- a/nixos/overlays/xpipe/ptb.nix +++ b/nixos/overlays/xpipe/ptb.nix @@ -1,48 +1,54 @@ -{ stdenvNoCC -, lib -, fetchzip -, makeDesktopItem -, autoPatchelfHook -, zlib -, fontconfig -, udev -, gtk3 -, freetype -, alsa-lib -, makeShellWrapper -, libX11 -, libXext -, libXdamage -, libXfixes -, libxcb -, libXcomposite -, libXcursor -, libXi -, libXrender -, libXtst -, libXxf86vm -, util-linux -, socat -, hicolor-icon-theme +{ + stdenvNoCC, + lib, + fetchzip, + makeDesktopItem, + autoPatchelfHook, + zlib, + fontconfig, + udev, + gtk3, + freetype, + alsa-lib, + makeShellWrapper, + libX11, + libXext, + libXdamage, + libXfixes, + libxcb, + libXcomposite, + libXcursor, + libXi, + libXrender, + libXtst, + libXxf86vm, + util-linux, + socat, + hicolor-icon-theme, }: let inherit (stdenvNoCC.hostPlatform) system; throwSystem = throw "Unsupported system: ${system}"; - arch = { - x86_64-linux = "x86_64"; - aarch64-linux = "arm64"; - }.${system} or throwSystem; + arch = + { + x86_64-linux = "x86_64"; + aarch64-linux = "arm64"; + } + .${system} or throwSystem; - hash = { - x86_64-linux = "sha256-O4gl0WulhDyqL9lDwqR1oxNAzVjHn+3q0UB8KP0/sBk="; - aarch64-linux = ""; - }.${system} or throwSystem; + hash = + { + x86_64-linux = "sha256-O4gl0WulhDyqL9lDwqR1oxNAzVjHn+3q0UB8KP0/sBk="; + aarch64-linux = ""; + } + .${system} or throwSystem; displayname = "XPipe PTB"; -in stdenvNoCC.mkDerivation rec { +in +stdenvNoCC.mkDerivation rec { pname = "xpipe-ptb"; version = "13.0-10"; @@ -60,25 +66,25 @@ in stdenvNoCC.mkDerivation rec { autoPatchelfIgnoreMissingDeps = true; buildInputs = [ - fontconfig - zlib - udev - freetype - gtk3 - alsa-lib - libX11 - libX11 - libXext - libXdamage - libXfixes - libxcb - libXcomposite - libXcursor - libXi - libXrender - libXtst - libXxf86vm - ]; + fontconfig + zlib + udev + freetype + gtk3 + alsa-lib + libX11 + libX11 + libXext + libXdamage + libXfixes + libxcb + libXcomposite + libXcursor + libXi + libXrender + libXtst + libXxf86vm + ]; desktopItem = makeDesktopItem { categories = [ "Network" ]; @@ -114,9 +120,21 @@ in stdenvNoCC.mkDerivation rec { mv "$out/opt/$pkg/app/scripts/xpiped_debug.sh" "$out/opt/$pkg/app/scripts/xpiped_debug_raw.sh" makeShellWrapper "$out/opt/$pkg/app/bin/xpiped_raw" "$out/opt/$pkg/app/bin/xpiped" \ - --prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [ fontconfig gtk3 udev ]}" + --prefix LD_LIBRARY_PATH : "${ + lib.makeLibraryPath [ + fontconfig + gtk3 + udev + ] + }" makeShellWrapper "$out/opt/$pkg/app/scripts/xpiped_debug_raw.sh" "$out/opt/$pkg/app/scripts/xpiped_debug.sh" \ - --prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [ fontconfig gtk3 udev ]}" + --prefix LD_LIBRARY_PATH : "${ + lib.makeLibraryPath [ + fontconfig + gtk3 + udev + ] + }" runHook postInstall ''; @@ -127,9 +145,15 @@ in stdenvNoCC.mkDerivation rec { downloadPage = "https://github.com/xpipe-io/${pname}/releases/latest"; sourceProvenance = with sourceTypes; [ binaryNativeCode ]; changelog = "https://github.com/xpipe-io/${pname}/releases/tag/${version}"; - license = [ licenses.asl20 licenses.unfree ]; + license = [ + licenses.asl20 + licenses.unfree + ]; maintainers = with maintainers; [ crschnick ]; - platforms = [ "x86_64-linux" "aarch64-linux" ]; + platforms = [ + "x86_64-linux" + "aarch64-linux" + ]; mainProgram = pname; }; } diff --git a/nixos/overlays/zed-editor/default.nix b/nixos/overlays/zed-editor/default.nix index 0b354cb..a121dcc 100644 --- a/nixos/overlays/zed-editor/default.nix +++ b/nixos/overlays/zed-editor/default.nix @@ -3,14 +3,13 @@ let finalVersion = "0.149.3"; in final: prev: { - zed-editor = prev.zed-editor.overrideAttrs - (oldAttrs: { - version = finalVersion; - src = prev.fetchFromGithub { - hash = "sha256-ed6/QQObmclSA36g+civhii1aFKTBSjqB+LOyp2LUPg="; - }; - cargoLock = prev.outputHashes { - "blade-graphics-0.4.0" = "sha256-sGXhXmgtd7Wx/Gf7HCWro4RsQOGS4pQt8+S3T+2wMfY="; - }; - }); + zed-editor = prev.zed-editor.overrideAttrs (oldAttrs: { + version = finalVersion; + src = prev.fetchFromGithub { + hash = "sha256-ed6/QQObmclSA36g+civhii1aFKTBSjqB+LOyp2LUPg="; + }; + cargoLock = prev.outputHashes { + "blade-graphics-0.4.0" = "sha256-sGXhXmgtd7Wx/Gf7HCWro4RsQOGS4pQt8+S3T+2wMfY="; + }; + }); } diff --git a/nixos/profiles/disko-nixos.nix b/nixos/profiles/disko-nixos.nix index 1c566bc..acbb46d 100644 --- a/nixos/profiles/disko-nixos.nix +++ b/nixos/profiles/disko-nixos.nix @@ -1,4 +1,8 @@ -{ disks ? [ "/dev/sda" ], ... }: { +{ + disks ? [ "/dev/sda" ], + ... +}: +{ disko.devices = { disk = { main = { diff --git a/nixos/profiles/global/nix.nix b/nixos/profiles/global/nix.nix index edd0a1e..49ab2e0 100644 --- a/nixos/profiles/global/nix.nix +++ b/nixos/profiles/global/nix.nix @@ -42,7 +42,10 @@ connect-timeout = 25; # Avoid copying unnecessary stuff over SSH builders-use-substitutes = true; - trusted-users = [ "root" "@wheel" ]; + trusted-users = [ + "root" + "@wheel" + ]; warn-dirty = false; # The default at 10 is rarely enough. log-lines = lib.mkDefault 25; diff --git a/nixos/profiles/global/system.nix b/nixos/profiles/global/system.nix index 3bedf7a..1f02ad5 100644 --- a/nixos/profiles/global/system.nix +++ b/nixos/profiles/global/system.nix @@ -3,7 +3,12 @@ system = { # Enable printing changes on nix build etc with nvd activationScripts.report-changes = '' - PATH=$PATH:${lib.makeBinPath [ pkgs.nvd pkgs.nix ]} + PATH=$PATH:${ + lib.makeBinPath [ + pkgs.nvd + pkgs.nix + ] + } profiles=$(${pkgs.coreutils}/bin/ls -dv /nix/var/nix/profiles/system-*-link | tail -2) profile_count=$(echo "$profiles" | ${pkgs.coreutils}/bin/wc -l) if [ $profile_count -gt 1 ]; then diff --git a/nixos/profiles/hw-generic-x86.nix b/nixos/profiles/hw-generic-x86.nix index 4a94111..02281dc 100644 --- a/nixos/profiles/hw-generic-x86.nix +++ b/nixos/profiles/hw-generic-x86.nix @@ -3,7 +3,14 @@ with lib; { boot = { - initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + initrd.availableKernelModules = [ + "nvme" + "xhci_pci" + "ahci" + "usbhid" + "usb_storage" + "sd_mod" + ]; kernelModules = [ ]; extraModulePackages = [ ]; diff --git a/nixos/profiles/hw-hetzner-cax.nix b/nixos/profiles/hw-hetzner-cax.nix index a41efe3..6b9ba0b 100644 --- a/nixos/profiles/hw-hetzner-cax.nix +++ b/nixos/profiles/hw-hetzner-cax.nix @@ -1,10 +1,17 @@ -{ lib, ... }: { +{ lib, ... }: +{ imports = [ ]; boot = { loader.systemd-boot.enable = true; loader.efi.canTouchEfiVariables = true; - initrd.availableKernelModules = [ "xhci_pci" "virtio_pci" "virtio_scsi" "usbhid" "sr_mod" ]; + initrd.availableKernelModules = [ + "xhci_pci" + "virtio_pci" + "virtio_scsi" + "usbhid" + "sr_mod" + ]; initrd.kernelModules = [ ]; kernelModules = [ ]; extraModulePackages = [ ]; diff --git a/nixos/profiles/hw-supermicro.nix b/nixos/profiles/hw-supermicro.nix index 70a2c14..cd63ce9 100644 --- a/nixos/profiles/hw-supermicro.nix +++ b/nixos/profiles/hw-supermicro.nix @@ -10,7 +10,10 @@ efiSupport = true; efiInstallAsRemovable = true; mirroredBoots = [ - { devices = [ "nodev" ]; path = "/boot"; } + { + devices = [ "nodev" ]; + path = "/boot"; + } ]; }; }; diff --git a/nixos/profiles/hw-threadripperpro.nix b/nixos/profiles/hw-threadripperpro.nix index 09ffb58..c43bd6e 100644 --- a/nixos/profiles/hw-threadripperpro.nix +++ b/nixos/profiles/hw-threadripperpro.nix @@ -1,10 +1,18 @@ -{ lib, ... }: { +{ lib, ... }: +{ imports = [ ]; boot = { loader.systemd-boot.enable = true; loader.efi.canTouchEfiVariables = true; - initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; + initrd.availableKernelModules = [ + "xhci_pci" + "ahci" + "nvme" + "usbhid" + "usb_storage" + "sd_mod" + ]; initrd.kernelModules = [ ]; kernelModules = [ "kvm-amd" ]; extraModulePackages = [ ]; diff --git a/nixos/profiles/role-dev.nix b/nixos/profiles/role-dev.nix index f5f9dad..abf2b44 100644 --- a/nixos/profiles/role-dev.nix +++ b/nixos/profiles/role-dev.nix @@ -38,6 +38,7 @@ shfmt statix tmux + unstable.mise unstable.bottom unstable.cyme unstable.go-task