jahanson/mochi
1
0
Fork 0
Code Issues 1 Pull requests 2 Projects Releases Packages Wiki Activity Actions

reformat --> alejandra

Browse source
This commit is contained in:
Joseph Hanson 2025-03-06 09:51:33 -06:00
parent f4e15b7e90
commit e6e258feeb
Signed by: jahanson
SSH key fingerprint: SHA256:vy6dKBECV522aPAwklFM3ReKAVB086rT3oWwiuiFG7o
89 changed files with 875 additions and 901 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
.archive/flake.nix
View file

@ -11,7 +11,7 @@
profileModules = [
./nixos/profiles/role-workstation.nix
./nixos/profiles/role-dev.nix
{ home-manager.users.jahanson = ./nixos/home/jahanson/workstation.nix; }
{home-manager.users.jahanson = ./nixos/home/jahanson/workstation.nix;}
];
};
@ -24,13 +24,13 @@
inputs.nixos-hardware.nixosModules.lenovo-legion-15arh05h
./nixos/profiles/hw-legion-15arh05h.nix
disko.nixosModules.disko
(import ./nixos/profiles/disko-nixos.nix { disks = [ "/dev/nvme0n1" ]; })
(import ./nixos/profiles/disko-nixos.nix {disks = ["/dev/nvme0n1"];})
];
profileModules = [
./nixos/profiles/role-dev.nix
./nixos/profiles/role-gaming.nix
./nixos/profiles/role-workstation.nix
{ home-manager.users.jahanson = ./nixos/home/jahanson/workstation.nix; }
{home-manager.users.jahanson = ./nixos/home/jahanson/workstation.nix;}
];
};
}

5
.archive/home/modules/programs/de/gnome/default.nix
View file

@ -6,8 +6,7 @@
osConfig,
...
}:
with lib.hm.gvariant;
{
with lib.hm.gvariant; {
config = lib.mkIf osConfig.mySystem.de.gnome.enable {
# add user packages
home.packages = with pkgs; [
@ -23,7 +22,7 @@ with lib.hm.gvariant;
workspaces-only-on-primary = false;
};
"org/gnome/settings-daemon/plugins/media-keys" = {
home = [ "<Super>e" ];
home = ["<Super>e"];
};
"org/gnome/desktop/wm/preferences" = {
workspace-names = [

12
.archive/hosts/durincore/default.nix
View file

@ -1,5 +1,4 @@
{ ... }:
{
{...}: {
config = {
networking.hostId = "ad4380db";
networking.hostName = "durincore";
@ -12,10 +11,10 @@
"usb_storage"
"sd_mod"
];
kernelModules = [ ];
kernelModules = [];
};
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
kernelModules = ["kvm-intel"];
extraModulePackages = [];
};
fileSystems = {
@ -39,7 +38,7 @@
};
};
swapDevices = [ ];
swapDevices = [];
# System settings and services.
mySystem = {
@ -48,6 +47,5 @@
"wlp4s0"
];
};
};
}

7
.archive/hosts/gandalf/config/incus-preseed.nix
View file

@ -1,5 +1,4 @@
{ ... }:
{
{...}: {
config = {
"core.https_address" = "10.1.1.15:8445"; # Need quotes around key
};
@ -27,7 +26,7 @@
];
profiles = [
{
config = { };
config = {};
description = "";
devices = {
eth0 = {
@ -44,6 +43,6 @@
name = "default";
}
];
projects = [ ];
projects = [];
cluster = null;
}

3
.archive/hosts/gandalf/config/samba-config.nix
View file

@ -1,5 +1,4 @@
{ ... }:
{
{...}: {
global = {
"workgroup" = "WORKGROUP";
"server string" = "gandalf";

15
.archive/hosts/gandalf/config/sanoid.nix
View file

@ -1,5 +1,4 @@
{ ... }:
{
{...}: {
outputs = {
# ZFS automated snapshots
templates = {
@ -14,22 +13,22 @@
};
datasets = {
"eru/xen-backups" = {
useTemplate = [ "production" ];
useTemplate = ["production"];
};
"eru/hansonhive" = {
useTemplate = [ "production" ];
useTemplate = ["production"];
};
"eru/tm_joe" = {
useTemplate = [ "production" ];
useTemplate = ["production"];
};
"eru/tm_elisia" = {
useTemplate = [ "production" ];
useTemplate = ["production"];
};
"eru/containers/volumes/xo-data" = {
useTemplate = [ "production" ];
useTemplate = ["production"];
};
"eru/containers/volumes/xo-redis-data" = {
useTemplate = [ "production" ];
useTemplate = ["production"];
};
};
};

14
.archive/hosts/gandalf/default.nix
View file

@ -17,7 +17,7 @@
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
inputs.disko.nixosModules.disko
(import ../../profiles/disko-nixos.nix { disks = [ "/dev/sda" ]; })
(import ../../profiles/disko-nixos.nix {disks = ["/dev/sda"];})
];
boot = {
@ -31,8 +31,8 @@
"usb_storage"
"sd_mod"
];
kernelModules = [ "nfs" ];
supportedFilesystems = [ "nfs" ];
kernelModules = ["nfs"];
supportedFilesystems = ["nfs"];
};
kernelModules = [
@ -42,7 +42,7 @@
"vfio_pci"
"vfio_virqfd"
];
extraModulePackages = [ ];
extraModulePackages = [];
kernelParams = [
"iommu=pt"
"intel_iommu=on"
@ -50,7 +50,7 @@
]; # 100GB
};
swapDevices = [ ];
swapDevices = [];
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAGSFTSVPt43PBpSMSF1dGTzN2JbxztDZUml7g4+PnWe CSI-Driver@talos"
@ -107,13 +107,13 @@
sopsFile = ./secrets.sops.yaml;
owner = "jahanson";
mode = "400";
restartUnits = [ "syncthing.service" ];
restartUnits = ["syncthing.service"];
};
"syncthing/privateKey" = {
sopsFile = ./secrets.sops.yaml;
owner = "jahanson";
mode = "400";
restartUnits = [ "syncthing.service" ];
restartUnits = ["syncthing.service"];
};
};
};

12
.archive/hosts/legiondary/default.nix
View file

@ -6,9 +6,7 @@
lib,
modulesPath,
...
}:
{
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
@ -24,9 +22,9 @@
"usbhid"
"sd_mod"
];
initrd.kernelModules = [ ];
kernelModules = [ "kvm-amd" ];
extraModulePackages = [ ];
initrd.kernelModules = [];
kernelModules = ["kvm-amd"];
extraModulePackages = [];
};
fileSystems = {
@ -57,7 +55,7 @@
# options = [ "fmask=0022" "dmask=0022" ];
# };
swapDevices = [ ];
swapDevices = [];
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;

20
.archive/modules/nixos/containers/lego-auto/default.nix
View file

@ -1,6 +1,9 @@
{ lib, config, ... }:
with lib;
let
{
lib,
config,
...
}:
with lib; let
app = "lego-auto";
image = "ghcr.io/bjw-s/lego-auto:v0.3.0";
user = "999"; # string
@ -8,8 +11,7 @@ let
port = 9898; # int
cfg = config.mySystem.services.${app};
appFolder = "/eru/containers/volumes/${app}";
in
{
in {
options.mySystem.services.${app} = {
enable = mkEnableOption "${app}";
dnsimpleTokenPath = mkOption {
@ -56,9 +58,11 @@ in
DNSIMPLE_OAUTH_TOKEN_FILE = "/config/dnsimple-token";
};
volumes = [
"${appFolder}/cert:/cert"
] ++ optionals (cfg.provider == "dnsimple") [ "${cfg.dnsimpleTokenPath}:/config/dnsimple-token" ];
volumes =
[
"${appFolder}/cert:/cert"
]
++ optionals (cfg.provider == "dnsimple") ["${cfg.dnsimpleTokenPath}:/config/dnsimple-token"];
};
};
}

89
.archive/modules/nixos/containers/unifi/default.nix
View file

@ -1,54 +1,57 @@
{ lib, config, ... }:
with lib;
let
{
lib,
config,
...
}:
with lib; let
app = "unifi";
# renovate: depName=goofball222/unifi datasource=github-releases
version = "8.4.62";
cfg = config.mySystem.services.${app};
appFolder = "/eru/containers/volumes/${app}";
in
# persistentFolder = "${config.mySystem.persistentFolder}/var/lib/${appFolder}";
{
options.mySystem.services.${app} = {
enable = mkEnableOption "${app}";
};
# persistentFolder = "${config.mySystem.persistentFolder}/var/lib/${appFolder}";
{
options.mySystem.services.${app} = {
enable = mkEnableOption "${app}";
};
config = mkIf cfg.enable {
networking.firewall.interfaces = {
enp130s0f0 = {
allowedTCPPorts = [ 8443 ];
config = mkIf cfg.enable {
networking.firewall.interfaces = {
enp130s0f0 = {
allowedTCPPorts = [8443];
};
podman0 = {
allowedTCPPorts = [
8080
8443
8880
8843
];
allowedUDPPorts = [3478];
};
};
podman0 = {
allowedTCPPorts = [
8080
8443
8880
8843
virtualisation.oci-containers.containers.${app} = {
image = "ghcr.io/goofball222/unifi:${version}";
autoStart = true;
ports = [
"3478:3478/udp" # STUN
"8080:8080" # inform controller
"8443:8443" # https
"8880:8880" # HTTP portal redirect
"8843:8843" # HTTPS portal redirect
];
environment = {
TZ = "America/Chicago";
RUNAS_UID0 = "false";
PGID = "102";
PUID = "999";
};
volumes = [
"${appFolder}/cert:/usr/lib/unifi/cert"
"${appFolder}/data:/usr/lib/unifi/data"
"${appFolder}/logs:/usr/lib/unifi/logs"
];
allowedUDPPorts = [ 3478 ];
};
};
virtualisation.oci-containers.containers.${app} = {
image = "ghcr.io/goofball222/unifi:${version}";
autoStart = true;
ports = [
"3478:3478/udp" # STUN
"8080:8080" # inform controller
"8443:8443" # https
"8880:8880" # HTTP portal redirect
"8843:8843" # HTTPS portal redirect
];
environment = {
TZ = "America/Chicago";
RUNAS_UID0 = "false";
PGID = "102";
PUID = "999";
};
volumes = [
"${appFolder}/cert:/usr/lib/unifi/cert"
"${appFolder}/data:/usr/lib/unifi/data"
"${appFolder}/logs:/usr/lib/unifi/logs"
];
};
};
}
}

38
.archive/modules/nixos/de/gnome.nix
View file

@ -3,24 +3,27 @@
config,
pkgs,
...
}:
let
}: let
cfg = config.mySystem.de.gnome;
in
{
in {
options = {
mySystem.de.gnome = {
enable = lib.mkEnableOption "GNOME" // {
default = false;
};
systrayicons = lib.mkEnableOption "Enable systray icons" // {
default = true;
};
gsconnect = lib.mkEnableOption "Enable gsconnect (KDEConnect for GNOME)" // {
default = true;
};
enable =
lib.mkEnableOption "GNOME"
// {
default = false;
};
systrayicons =
lib.mkEnableOption "Enable systray icons"
// {
default = true;
};
gsconnect =
lib.mkEnableOption "Enable gsconnect (KDEConnect for GNOME)"
// {
default = true;
};
};
};
config = lib.mkIf cfg.enable {
@ -49,14 +52,13 @@ in
};
};
udev.packages = lib.optionals cfg.systrayicons [ pkgs.gnome.gnome-settings-daemon ]; # support appindicator
udev.packages = lib.optionals cfg.systrayicons [pkgs.gnome.gnome-settings-daemon]; # support appindicator
};
# systyray icons
# extra pkgs and extensions
environment = {
systemPackages =
with pkgs;
systemPackages = with pkgs;
[
wl-clipboard # ls ~/Downloads | wl-copy or wl-paste > clipboard.txt
playerctl # gsconnect play/pause command
@ -70,7 +72,7 @@ in
gnomeExtensions.caffeine
gnomeExtensions.dash-to-dock
]
++ optionals cfg.systrayicons [ pkgs.gnomeExtensions.appindicator ];
++ optionals cfg.systrayicons [pkgs.gnomeExtensions.appindicator];
};
# enable gsconnect

16
.archive/modules/nixos/de/kde.nix
View file

@ -3,17 +3,17 @@
config,
pkgs,
...
}:
let
}: let
cfg = config.mySystem.de.kde;
flameshotOverride = pkgs.unstable.flameshot.override { enableWlrSupport = true; };
in
{
flameshotOverride = pkgs.unstable.flameshot.override {enableWlrSupport = true;};
in {
options = {
mySystem.de.kde = {
enable = lib.mkEnableOption "KDE" // {
default = false;
};
enable =
lib.mkEnableOption "KDE"
// {
default = false;
};
};
};

6
.archive/modules/nixos/services/cockpit/default.nix
View file

@ -4,11 +4,9 @@
pkgs,
...
}:
with lib;
let
with lib; let
cfg = config.mySystem.services.cockpit;
in
{
in {
options.mySystem.services.cockpit.enable = mkEnableOption "Cockpit";
config.services.cockpit = mkIf cfg.enable {

6
.archive/modules/nixos/services/vault/default.nix
View file

@ -3,11 +3,9 @@
lib,
pkgs,
...
}:
let
}: let
cfg = config.mySystem.services.vault;
in
{
in {
options.mySystem.services.vault = {
enable = lib.mkEnableOption "vault";
address = lib.mkOption {

6
.archive/profiles/disko-telchar.nix
View file

@ -23,7 +23,7 @@
size = "100%";
content = {
type = "btrfs";
extraArgs = [ "-f" ]; # Override existing partition
extraArgs = ["-f"]; # Override existing partition
# Subvolumes must set a mountpoint in order to be mounted,
# unless their parent is mounted
subvolumes = {
@ -33,11 +33,11 @@
};
# Subvolume name is the same as the mountpoint
"/home" = {
mountOptions = [ "compress=zstd" ];
mountOptions = ["compress=zstd"];
mountpoint = "/home";
};
# Sub(sub)volume doesn't need a mountpoint as its parent is mounted
"/home/user" = { };
"/home/user" = {};
# Parent is not mounted so the mountpoint must be set
"/nix" = {
mountOptions = [

7
.archive/profiles/hw-legion-15arh05h.nix
View file

@ -1,5 +1,8 @@
{ lib, pkgs, ... }:
{
lib,
pkgs,
...
}: {
# Support windows partition
mySystem = {
security.wheelNeedsSudoPassword = false;
@ -22,7 +25,7 @@
device = "nodev";
mirroredBoots = [
{
devices = [ "nodev" ];
devices = ["nodev"];
path = "/boot";
}
];

5
.archive/profiles/hw-thinkpad-t470.nix
View file

@ -1,5 +1,8 @@
{ config, lib, ... }:
{
config,
lib,
...
}: {
boot = {
# Use the systemd-boot EFI boot loader.
loader = {

8
.archive/profiles/role-gaming.nix
View file

@ -1,12 +1,15 @@
{ lib, pkgs, ... }:
{
lib,
pkgs,
...
}: {
# Enable module for NVIDIA graphics
mySystem = {
hardware.nvidia.enable = true;
};
# set xserver videodrivers for NVIDIA gpu
services.xserver.videoDrivers = [ "nvidia" ];
services.xserver.videoDrivers = ["nvidia"];
# Install steam systemwide
programs.steam = {
enable = true;
@ -35,5 +38,4 @@
pulse.enable = true;
jack.enable = true;
};
}

3
nixos/home/jahanson/server.nix
View file

@ -1,5 +1,4 @@
{ ... }:
{
{...}: {
imports = [
./global.nix
];

3
nixos/home/modules/programs/browsers/default.nix
View file

@ -1,5 +1,4 @@
{ ... }:
{
{...}: {
imports = [
./firefox
];

8
nixos/home/modules/programs/thunderbird/default.nix
View file

@ -3,8 +3,7 @@
pkgs,
lib,
...
}:
let
}: let
cfg = config.myHome.programs.thunderbird;
policies = {
@ -25,15 +24,14 @@ let
};
};
};
in
{
in {
options.myHome.programs.thunderbird.enable = lib.mkEnableOption "Thunderbird";
config = lib.mkIf cfg.enable {
programs.thunderbird = {
enable = true;
package = pkgs.thunderbird-128.override (old: {
extraPolicies = (old.extrapPolicies or { }) // policies;
extraPolicies = (old.extrapPolicies or {}) // policies;
});
profiles.default.isDefault = true;

3
nixos/home/modules/security/default.nix
View file

@ -1,5 +1,4 @@
{ ... }:
{
{...}: {
imports = [
./ssh
];

14
nixos/home/modules/security/ssh/default.nix
View file

@ -1,14 +1,16 @@
{ config, lib, ... }:
with lib;
let
cfg = config.myHome.security.ssh;
in
{
config,
lib,
...
}:
with lib; let
cfg = config.myHome.security.ssh;
in {
options.myHome.security.ssh = {
enable = mkEnableOption "ssh";
matchBlocks = mkOption {
type = types.attrs;
default = { };
default = {};
};
};

10
nixos/home/modules/shell/atuind/default.nix
View file

@ -4,11 +4,9 @@
lib,
...
}:
with lib;
let
with lib; let
cfg = config.myHome.shell.atuind;
in
{
in {
options.myHome.shell.atuind = {
enable = mkEnableOption "atuind";
};
@ -17,10 +15,10 @@ in
(mkIf cfg.enable {
systemd.user.services.atuind = {
Install = {
WantedBy = [ "default.target" ];
WantedBy = ["default.target"];
};
Unit = {
After = [ "network.target" ];
After = ["network.target"];
};
Service = {
Environment = "ATUIN_LOG=info";

3
nixos/home/modules/shell/default.nix
View file

@ -1,5 +1,4 @@
{ ... }:
{
{...}: {
imports = [
./atuind
./fish

6
nixos/home/modules/shell/starship/default.nix
View file

@ -3,11 +3,9 @@
config,
...
}:
with lib;
let
with lib; let
cfg = config.myHome.shell.starship;
in
{
in {
options.myHome.shell.starship = {
enable = mkEnableOption "starship";
};

6
nixos/home/modules/shell/wezterm/default.nix
View file

@ -4,11 +4,9 @@
lib,
...
}:
with lib;
let
with lib; let
cfg = config.myHome.shell.wezterm;
in
{
in {
options.myHome.shell.wezterm = {
enable = mkEnableOption "wezterm";
configPath = mkOption {

7
nixos/hosts/shadowfax/config/incus-preseed.nix
View file

@ -1,5 +1,4 @@
{ ... }:
{
{...}: {
config = {
"core.https_address" = "10.1.1.61:8443"; # Need quotes around key
};
@ -27,7 +26,7 @@
];
profiles = [
{
config = { };
config = {};
description = "";
devices = {
eth0 = {
@ -44,6 +43,6 @@
name = "default";
}
];
projects = [ ];
projects = [];
cluster = null;
}

15
nixos/hosts/shadowfax/config/sanoid.nix
View file

@ -1,5 +1,4 @@
{ ... }:
{
{...}: {
outputs = {
# ZFS automated snapshots
templates = {
@ -14,27 +13,27 @@
datasets = {
"nahar/qbittorrent" = {
useTemplate = [ "production" ];
useTemplate = ["production"];
recursive = true;
};
"nahar/sabnzbd" = {
useTemplate = [ "production" ];
useTemplate = ["production"];
recursive = true;
};
"nahar/containers/volumes/jellyfin" = {
useTemplate = [ "production" ];
useTemplate = ["production"];
recursive = true;
};
"nahar/containers/volumes/plex" = {
useTemplate = [ "production" ];
useTemplate = ["production"];
recursive = true;
};
"nahar/containers/volumes/scrutiny" = {
useTemplate = [ "production" ];
useTemplate = ["production"];
recursive = true;
};
"nahar/containers/volumes/scrypted" = {
useTemplate = [ "production" ];
useTemplate = ["production"];
recursive = true;
};
};

3
nixos/hosts/telperion/config/bind.nix
View file

@ -1,5 +1,4 @@
{ config, ... }:
''
{config, ...}: ''
include "${config.sops.secrets."bind/rndc-keys/externaldns".path}";
acl trusted {

3
nixos/hosts/telperion/config/haproxy.nix
View file

@ -1,5 +1,4 @@
{ ... }:
''
{...}: ''
global
log /dev/log local0
log /dev/log local1 notice

16
nixos/hosts/telperion/default.nix
View file

@ -7,9 +7,7 @@
modulesPath,
pkgs,
...
}:
{
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
@ -25,9 +23,9 @@
"usb_storage"
"sd_mod"
];
initrd.kernelModules = [ ];
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
initrd.kernelModules = [];
kernelModules = ["kvm-intel"];
extraModulePackages = [];
};
fileSystems = {
"/" = {
@ -51,7 +49,7 @@
};
};
swapDevices = [ ];
swapDevices = [];
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
# Until I can figure out why the tftp port is not opening, disable the firewall.
@ -118,12 +116,12 @@
bind = {
enable = true;
extraConfig = import ./config/bind.nix { inherit config; };
extraConfig = import ./config/bind.nix {inherit config;};
};
haproxy = {
enable = true;
config = import ./config/haproxy.nix { inherit config; };
config = import ./config/haproxy.nix {inherit config;};
tcpPorts = [
6443
6444

9
nixos/hosts/varda/resources/prune-backup.nix
View file

@ -1,13 +1,10 @@
{ pkgs, ... }:
let
{pkgs, ...}: let
cleanupScript = pkgs.writeShellScriptBin "cleanup-backups.sh" (
builtins.readFile ./prune-backups.sh
);
in
{
in {
systemd.timers.cleanup-backups = {
wantedBy = [ "timers.target" ];
wantedBy = ["timers.target"];
timerConfig = {
OnCalendar = "daily";
Persistent = true;

14
nixos/modules/nixos/containers/scrutiny/default.nix
View file

@ -1,12 +1,14 @@
{ lib, config, ... }:
with lib;
let
{
lib,
config,
...
}:
with lib; let
app = "scrutiny";
# renovate: depName=AnalogJ/scrutiny datasource=github-releases
version = "v0.8.1";
cfg = config.mySystem.services.${app};
in
{
in {
options.mySystem.services.${app} = {
enable = mkEnableOption "${app}";
@ -33,7 +35,7 @@ in
# --device /dev/disk/by-id/nvme-XXXXXXXXXXXXXXXXXXXXXXXXXXXX
devices = mkOption {
type = types.listOf types.str;
default = [ ];
default = [];
description = ''
Devices to monitor on Scrutiny.
'';

16
nixos/modules/nixos/de/kde.nix
View file

@ -3,17 +3,17 @@
config,
pkgs,
...
}:
let
}: let
cfg = config.mySystem.de.kde;
flameshotOverride = pkgs.unstable.flameshot.override { enableWlrSupport = true; };
in
{
flameshotOverride = pkgs.unstable.flameshot.override {enableWlrSupport = true;};
in {
options = {
mySystem.de.kde = {
enable = lib.mkEnableOption "KDE" // {
default = false;
};
enable =
lib.mkEnableOption "KDE"
// {
default = false;
};
};
};

44
nixos/modules/nixos/editor/vim.nix
View file

@ -1,12 +1,13 @@
# /home/jahanson/projects/mochi/nixos/modules/nixos/editor/vim.nix
{ config, lib, ... }:
with lib;
let
cfg = config.mySystem.editor.vim;
users = [ "jahanson" ];
in
{
config,
lib,
...
}:
with lib; let
cfg = config.mySystem.editor.vim;
users = ["jahanson"];
in {
options.mySystem.editor.vim.enable = mkEnableOption "vim";
config = mkIf cfg.enable {
# Enable vim and set as default editor
@ -16,19 +17,20 @@ in
# Visual mode off and syntax highlighting on
home-manager.users =
mapAttrs
(user: _: {
home.file.".vimrc".text = ''
set mouse-=a
syntax on
'';
})
(
listToAttrs (
map (u: {
name = u;
value = { };
}) users
)
);
(user: _: {
home.file.".vimrc".text = ''
set mouse-=a
syntax on
'';
})
(
listToAttrs (
map (u: {
name = u;
value = {};
})
users
)
);
};
}

7
nixos/modules/nixos/games/steam/steam.nix
View file

@ -3,11 +3,9 @@
lib,
pkgs,
...
}:
let
}: let
cfg = config.mySystem.games.steam;
in
{
in {
options.mySystem.games.steam = {
enable = lib.mkEnableOption "Steam";
};
@ -24,6 +22,5 @@ in
environment.systemPackages = with pkgs; [
protonup-qt
];
};
}

8
nixos/modules/nixos/hardware/nvidia/default.nix
View file

@ -4,15 +4,12 @@
pkgs,
...
}:
with lib;
let
with lib; let
cfg = config.mySystem.hardware.nvidia;
in
{
in {
options.mySystem.hardware.nvidia.enable = mkEnableOption "NVIDIA config";
config = mkIf cfg.enable {
environment.sessionVariables.NIXOS_OZONE_WL = "1";
# ref: https://nixos.wiki/wiki/Nvidia
# Enable OpenGL
@ -30,7 +27,6 @@ in
# This is for the benefit of VSCODE running natively in wayland
nvidia = {
# Modesetting is required.
modesetting.enable = true;

13
nixos/modules/nixos/programs/shell/fish.nix
View file

@ -1,9 +1,11 @@
{ lib, config, ... }:
with lib;
let
cfg = config.mySystem.shell.fish;
in
{
lib,
config,
...
}:
with lib; let
cfg = config.mySystem.shell.fish;
in {
options.mySystem.shell.fish = {
enable = mkEnableOption "Fish";
enablePlugins = mkOption {
@ -22,5 +24,4 @@ in
functions.enable = true;
};
};
}

14
nixos/modules/nixos/security/1password/default.nix
View file

@ -1,10 +1,12 @@
{ config, lib, ... }:
with lib;
let
{
config,
lib,
...
}:
with lib; let
cfg = config.mySystem.security._1password;
user = "jahanson";
in
{
in {
options.mySystem.security._1password = {
enable = mkEnableOption "_1password";
};
@ -14,7 +16,7 @@ in
_1password.enable = true;
_1password-gui = {
enable = true;
polkitPolicyOwners = [ "${user}" ];
polkitPolicyOwners = ["${user}"];
};
};

14
nixos/modules/nixos/security/acme/default.nix
View file

@ -1,15 +1,17 @@
{ lib, config, ... }:
with lib;
let
cfg = config.mySystem.security.acme;
in
{
lib,
config,
...
}:
with lib; let
cfg = config.mySystem.security.acme;
in {
options.mySystem.security.acme.enable = mkEnableOption "acme";
config = mkIf cfg.enable {
sops.secrets = {
"security/acme/env".sopsFile = ./secrets.sops.yaml;
"security/acme/env".restartUnits = [ "lego.service" ];
"security/acme/env".restartUnits = ["lego.service"];
};
security.acme = {

3
nixos/modules/nixos/security/default.nix
View file

@ -1,5 +1,4 @@
{ ... }:
{
{...}: {
imports = [
./1password
./acme

12
nixos/modules/nixos/services/bind/default.nix
View file

@ -4,14 +4,12 @@
pkgs,
...
}:
with lib;
let
with lib; let
cfg = config.mySystem.services.bind;
in
{
in {
options.mySystem.services.bind = {
enable = mkEnableOption "bind";
package = mkPackageOption pkgs "bind" { };
package = mkPackageOption pkgs "bind" {};
extraConfig = mkOption {
type = types.str;
};
@ -19,8 +17,8 @@ in
config = mkIf cfg.enable {
networking.firewall = {
allowedTCPPorts = [ 53 ];
allowedUDPPorts = [ 53 ];
allowedTCPPorts = [53];
allowedUDPPorts = [53];
};
# Forces the machine to use the resolver provided by the network

10
nixos/modules/nixos/services/dnsmasq/default.nix
View file

@ -4,14 +4,12 @@
pkgs,
...
}:
with lib;
let
with lib; let
cfg = config.mySystem.services.dnsmasq;
in
{
in {
options.mySystem.services.dnsmasq = {
enable = mkEnableOption "dnsmasq";
package = mkPackageOption pkgs "dnsmasq" { };
package = mkPackageOption pkgs "dnsmasq" {};
bootAsset = mkOption {
type = types.str;
example = "http://10.1.1.57:8086/boot.ipxe";
@ -48,7 +46,7 @@ in
settings = {
# Disables only the DNS port.
port = 0;
dhcp-range = [ "10.1.1.1,proxy,255.255.255.0" ];
dhcp-range = ["10.1.1.1,proxy,255.255.255.0"];
# serves TFTP from dnsmasq
enable-tftp = true;
tftp-root = cfg.tftpRoot;

10
nixos/modules/nixos/services/libvirt-qemu/default.nix
View file

@ -5,12 +5,10 @@
inputs,
...
}:
with lib;
let
with lib; let
cfg = config.mySystem.services.libvirt-qemu;
in
{
imports = [ inputs.nixvirt-git.nixosModules.default ];
in {
imports = [inputs.nixvirt-git.nixosModules.default];
options.mySystem.services.libvirt-qemu = {
enable = mkEnableOption "libvirt-qemu";
};
@ -30,7 +28,7 @@ in
qemu = {
package = pkgs.qemu_kvm;
ovmf.enable = true;
ovmf.packages = [ pkgs.OVMFFull.fd ];
ovmf.packages = [pkgs.OVMFFull.fd];
};
};
};

16
nixos/modules/nixos/services/matchbox/default.nix
View file

@ -4,14 +4,12 @@
pkgs,
...
}:
with lib;
let
with lib; let
cfg = config.mySystem.services.matchbox;
in
{
in {
options.mySystem.services.matchbox = {
enable = mkEnableOption "matchbox";
package = mkPackageOption pkgs "matchbox-server" { };
package = mkPackageOption pkgs "matchbox-server" {};
dataPath = mkOption {
type = types.str;
example = "/var/lib/matchbox";
@ -38,10 +36,10 @@ in
networking.firewall = {
# HTTP communication
allowedTCPPorts = [ 8086 ];
allowedTCPPorts = [8086];
};
users.groups.matchbox = { };
users.groups.matchbox = {};
users.users = {
matchbox = {
home = cfg.dataPath;
@ -51,8 +49,8 @@ in
};
systemd.services.matchbox = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
wantedBy = ["multi-user.target"];
after = ["network.target"];
serviceConfig = {
ExecStart = "${pkgs.matchbox-server}/bin/matchbox -address=0.0.0.0:8086 -data-path=${cfg.dataPath} -assets-path=${cfg.assetPath} -log-level=debug";
Restart = "on-failure";

15
nixos/modules/nixos/services/nginx/default.nix
View file

@ -1,13 +1,14 @@
{ lib, config, ... }:
with lib;
let
cfg = config.mySystem.services.nginx;
in
{
lib,
config,
...
}:
with lib; let
cfg = config.mySystem.services.nginx;
in {
options.mySystem.services.nginx.enable = mkEnableOption "nginx";
config = mkIf cfg.enable {
services.nginx = {
enable = true;
@ -63,6 +64,6 @@ in
};
# required for using acme certs
users.users.nginx.extraGroups = [ "acme" ];
users.users.nginx.extraGroups = ["acme"];
};
}

10
nixos/modules/nixos/services/nix-index-daily/default.nix
View file

@ -3,11 +3,9 @@
lib,
pkgs,
...
}:
let
}: let
cfg = config.mySystem.services.nix-index-daily;
in
{
in {
options.mySystem.services.nix-index-daily = {
enable = lib.mkEnableOption "Automatic daily nix-index database updates";
@ -29,8 +27,8 @@ in
systemd.user = {
# Timer for nix-index update
timers.nix-index-update = {
wantedBy = [ "timers.target" ];
partOf = [ "nix-index-update.service" ];
wantedBy = ["timers.target"];
partOf = ["nix-index-update.service"];
timerConfig = {
OnCalendar = cfg.startTime;
Persistent = true;

18
nixos/modules/nixos/services/onepassword-connect/default.nix
View file

@ -1,9 +1,11 @@
{ lib, config, ... }:
with lib;
let
cfg = config.mySystem.services.onepassword-connect;
in
{
lib,
config,
...
}:
with lib; let
cfg = config.mySystem.services.onepassword-connect;
in {
options.mySystem.services.onepassword-connect = {
enable = mkEnableOption "onepassword-connect";
apiVersion = lib.mkOption {
@ -27,7 +29,7 @@ in
config = mkIf cfg.enable {
# Create data dir
system.activationScripts.makeOnePasswordConnectDataDir = lib.stringAfter [ "var" ] ''
system.activationScripts.makeOnePasswordConnectDataDir = lib.stringAfter ["var"] ''
mkdir -p "${cfg.dataDir}"
chown -R 999:999 ${cfg.dataDir}
'';
@ -37,7 +39,7 @@ in
onepassword-connect-api = {
image = "docker.io/1password/connect-api:${cfg.apiVersion}";
autoStart = true;
ports = [ "8080:8080" ];
ports = ["8080:8080"];
volumes = [
"${cfg.credentialsFile}:/home/opuser/.op/1password-credentials.json"
"${cfg.dataDir}:/home/opuser/.op/data"
@ -47,7 +49,7 @@ in
onepassword-connect-sync = {
image = "docker.io/1password/connect-sync:${cfg.syncVersion}";
autoStart = true;
ports = [ "8081:8080" ];
ports = ["8081:8080"];
volumes = [
"${cfg.credentialsFile}:/home/opuser/.op/1password-credentials.json"
"${cfg.dataDir}:/home/opuser/.op/data"

14
nixos/modules/nixos/services/podman/default.nix
View file

@ -4,11 +4,9 @@
pkgs,
...
}:
with lib;
let
with lib; let
cfg = config.mySystem.services.podman;
in
{
in {
options.mySystem.services.podman.enable = mkEnableOption "Podman";
config = mkIf cfg.enable {
@ -16,7 +14,7 @@ in
enable = true;
dockerCompat = true;
extraPackages = [ pkgs.zfs ];
extraPackages = [pkgs.zfs];
# regular cleanup
autoPrune.enable = true;
@ -42,16 +40,16 @@ in
lazypodman = "sudo DOCKER_HOST=unix:///run/podman/podman.sock lazydocker";
};
networking.firewall.interfaces.podman0.allowedUDPPorts = [ 53 ];
networking.firewall.interfaces.podman0.allowedUDPPorts = [53];
# extra user for containers
users.groups.kah = { };
users.groups.kah = {};
users.users = {
kah = {
uid = 568;
group = "kah";
};
jahanson.extraGroups = [ "kah" ];
jahanson.extraGroups = ["kah"];
};
};
}

14
nixos/modules/nixos/services/qbittorrent/default.nix
View file

@ -4,11 +4,9 @@
pkgs,
...
}:
with lib;
let
with lib; let
cfg = config.mySystem.services.qbittorrent;
in
{
in {
options.mySystem.services.qbittorrent = {
enable = mkEnableOption "qBittorrent";
@ -68,7 +66,7 @@ in
};
config = mkIf cfg.enable {
users.groups.${cfg.group} = { };
users.groups.${cfg.group} = {};
users.users = mkIf (cfg.user == "qbittorrent") {
qbittorrent = {
inherit (cfg) group;
@ -108,8 +106,8 @@ in
Group = cfg.group;
}
(lib.mkIf cfg.hardening {
CapabilityBoundingSet = [ "" ];
DeviceAllow = [ "" ];
CapabilityBoundingSet = [""];
DeviceAllow = [""];
DevicePolicy = "closed";
LockPersonality = true;
MemoryDenyWriteExecute = true;
@ -154,7 +152,7 @@ in
cfg.webuiPort
cfg.qbittorrentPort
];
allowedUDPPorts = [ cfg.qbittorrentPort ];
allowedUDPPorts = [cfg.qbittorrentPort];
};
};
}

14
nixos/modules/nixos/services/reboot-required-check.nix
View file

@ -1,15 +1,17 @@
{ lib, config, ... }:
with lib;
let
cfg = config.mySystem.services.rebootRequiredCheck;
in
{
lib,
config,
...
}:
with lib; let
cfg = config.mySystem.services.rebootRequiredCheck;
in {
options.mySystem.services.rebootRequiredCheck.enable = mkEnableOption "Reboot required check";
config = mkIf cfg.enable {
# Enable timer
systemd.timers."reboot-required-check" = {
wantedBy = [ "timers.target" ];
wantedBy = ["timers.target"];
timerConfig = {
# start at boot
OnBootSec = "0m";

8
nixos/modules/nixos/services/sanoid/default.nix
View file

@ -4,14 +4,12 @@
pkgs,
...
}:
with lib;
let
with lib; let
cfg = config.mySystem.services.sanoid;
in
{
in {
options.mySystem.services.sanoid = {
enable = mkEnableOption "sanoid";
package = mkPackageOption pkgs "sanoid" { };
package = mkPackageOption pkgs "sanoid" {};
datasets = mkOption {
type = lib.types.attrsOf (lib.types.attrsOf lib.types.unspecified);
};

11
nixos/modules/nixos/services/syncthing/config/default.nix
View file

@ -1,5 +1,4 @@
{ sops, ... }:
{
{sops, ...}: {
gui = {
user = sops.secrets.username;
password = sops.secrets.password;
@ -9,22 +8,22 @@
gandalf = {
name = "gandalf";
id = "2VYHSOB-4QE3UIJ-EFKAD4D-J7YTLYG-4KF36C2-3SOLD4G-MFR6NK3-C2VSAQV";
addresses = [ "tcp://10.1.1.13:22000" ];
addresses = ["tcp://10.1.1.13:22000"];
};
legiondary = {
name = "legiondary";
id = "O4WI2YC-BZBPF2W-2ALNQ2D-UOP3BK5-ZDSEHVH-DIHS2FG-BSVJCXG-GF47XAE";
addresses = [ "dynamic" ];
addresses = ["dynamic"];
};
shadowfax = {
name = "shadowfax";
id = "U3DS7CW-GBZT44M-IFP3MOB-AV6SHVY-YFVEL5P-HE3ACC5-NDDGAOB-HOTKJAC";
addresses = [ "tcp://10.1.1.61:22000" ];
addresses = ["tcp://10.1.1.61:22000"];
};
telchar = {
name = "telchar";
id = "ENO4NVK-DUKOLUT-ASJZOEI-IFBVBTA-GDNWKWS-DQF3TZW-JJ72VVB-VWTHNAH";
addresses = [ "dynamic" ];
addresses = ["dynamic"];
};
};

12
nixos/modules/nixos/services/syncthing/default.nix
View file

@ -2,11 +2,9 @@
config,
lib,
...
}:
let
}: let
cfg = config.mySystem.services.syncthing;
in
{
in {
options.mySystem.services.syncthing = {
enable = lib.mkEnableOption "Syncthing";
publicCertPath = lib.mkOption {
@ -30,13 +28,13 @@ in
sopsFile = ./secrets.sops.yaml;
owner = "jahanson";
mode = "400";
restartUnits = [ "syncthing.service" ];
restartUnits = ["syncthing.service"];
};
"password" = {
sopsFile = ./secrets.sops.yaml;
owner = "jahanson";
mode = "400";
restartUnits = [ "syncthing.service" ];
restartUnits = ["syncthing.service"];
};
};
@ -48,7 +46,7 @@ in
openDefaultPorts = true;
key = "${cfg.privateKeyPath}";
cert = "${cfg.publicCertPath}";
settings = import ./config { inherit (config) sops; };
settings = import ./config {inherit (config) sops;};
};
};
# Don't create default ~/Sync folder

24
nixos/modules/nixos/services/unpackerr/default.nix
View file

@ -4,17 +4,13 @@
pkgs,
...
}:
with lib;
let
with lib; let
cfg = config.mySystem.services.unpackerr;
in
{
in {
options.mySystem.services.unpackerr = {
enable = mkEnableOption "Unpackerr";
package = mkPackageOption pkgs "unpackerr" { };
package = mkPackageOption pkgs "unpackerr" {};
user = mkOption {
type = types.str;
@ -43,7 +39,7 @@ in
};
config = mkIf cfg.enable {
users.groups.${cfg.group} = { };
users.groups.${cfg.group} = {};
users.users = mkIf (cfg.user == "unpackerr") {
unpackerr = {
inherit (cfg) group;
@ -53,8 +49,8 @@ in
systemd.services.unpackerr = {
description = "Unpackerr service";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
after = ["network.target"];
wantedBy = ["multi-user.target"];
serviceConfig = {
User = cfg.user;
Group = cfg.group;
@ -66,9 +62,11 @@ in
]
);
EnvironmentFile = lib.optional (
cfg.extraEnvVarsFile != null && cfg.extraEnvVarsFile != ""
) cfg.extraEnvVarsFile;
EnvironmentFile =
lib.optional (
cfg.extraEnvVarsFile != null && cfg.extraEnvVarsFile != ""
)
cfg.extraEnvVarsFile;
};
};
};

14
nixos/modules/nixos/system/borg/borgbackup/default.nix
View file

@ -1,17 +1,19 @@
{ lib, config, ... }:
let
cfg = config.mySystem.system.borgbackup;
in
{
lib,
config,
...
}: let
cfg = config.mySystem.system.borgbackup;
in {
options.mySystem.system.borgbackup = {
enable = lib.mkEnableOption "borgbackup";
paths = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
default = [];
};
exclude = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
default = [];
};
repo = lib.mkOption {
example = "borgbackup@myserver:repo";

3
nixos/modules/nixos/system/borg/default.nix
View file

@ -1,5 +1,4 @@
{ ... }:
{
{...}: {
imports = [
./borgbackup
./pikabackup

6
nixos/modules/nixos/system/borg/pikabackup/default.nix
View file

@ -3,12 +3,10 @@
config,
pkgs,
...
}:
let
}: let
cfg = config.mySystem.system.borg.pika-backup;
user = "jahanson";
in
{
in {
options.mySystem.system.borg.pika-backup = {
enable = lib.mkEnableOption "pika-backup";
};

9
nixos/modules/nixos/system/incus/default.nix
View file

@ -3,12 +3,10 @@
pkgs,
lib,
...
}:
let
}: let
cfg = config.mySystem.system.incus;
user = "jahanson";
in
{
in {
# sops.secrets.secret-domain-0 = {
# sopsFile = ./secret.sops.yaml;
# };
@ -27,14 +25,13 @@ in
};
config = lib.mkIf cfg.enable {
virtualisation.incus = {
inherit (cfg) preseed;
enable = true;
ui.enable = true;
};
users.users.${user}.extraGroups = [ "incus-admin" ];
users.users.${user}.extraGroups = ["incus-admin"];
# systemd.services.incus-preseed.postStart = "${oidcSetup}";

12
nixos/modules/nixos/system/motd/default.nix
View file

@ -3,8 +3,7 @@
lib,
pkgs,
...
}:
let
}: let
motd = pkgs.writeShellScriptBin "motd" ''
#! /usr/bin/env bash
source /etc/os-release
@ -41,8 +40,7 @@ let
printf "\n"
${lib.strings.concatStrings (
lib.lists.forEach cfg.networkInterfaces (
x:
"printf \"$BOLD * %-20s$ENDCOLOR %s\\n\" \"IPv4 ${x}\" \"$(ip -4 addr show ${x} | grep -oP '(?<=inet\\s)\\d+(\\.\\d+){3}')\"\n"
x: "printf \"$BOLD * %-20s$ENDCOLOR %s\\n\" \"IPv4 ${x}\" \"$(ip -4 addr show ${x} | grep -oP '(?<=inet\\s)\\d+(\\.\\d+){3}')\"\n"
)
)}
printf "$BOLD * %-20s$ENDCOLOR %s\n" "Release" "$PRETTY_NAME"
@ -82,17 +80,15 @@ let
fi
'';
cfg = config.mySystem.system.motd;
in
{
in {
options.mySystem.system.motd = {
enable = lib.mkEnableOption "MOTD";
networkInterfaces = lib.mkOption {
description = "Network interfaces to monitor";
type = lib.types.listOf lib.types.str;
# default = lib.mapAttrsToList (_: val: val.interface)
default = [ ];
default = [];
};
};
config = lib.mkIf cfg.enable {
environment.systemPackages = [

10
nixos/modules/nixos/system/nfs/default.nix
View file

@ -1,8 +1,10 @@
{ lib, config, ... }:
let
cfg = config.mySystem.system.nfs;
in
{
lib,
config,
...
}: let
cfg = config.mySystem.system.nfs;
in {
options.mySystem.system.nfs = {
enable = lib.mkEnableOption "nfs";
exports = lib.mkOption {

20
nixos/modules/nixos/system/nix.nix
View file

@ -1,9 +1,11 @@
{ lib, config, ... }:
with lib;
let
cfg = config.mySystem.nix;
in
{
lib,
config,
...
}:
with lib; let
cfg = config.mySystem.nix;
in {
options.mySystem.nix = {
autoOptimiseStore = mkOption {
type = lib.types.bool;
@ -11,9 +13,11 @@ in
default = true;
};
gc = {
enable = mkEnableOption "automatic garbage collection" // {
default = true;
};
enable =
mkEnableOption "automatic garbage collection"
// {
default = true;
};
persistent = mkOption {
type = lib.types.bool;
description = "Persistent timer for gc, runs at startup if timer missed";

20
nixos/modules/nixos/system/openssh.nix
View file

@ -1,13 +1,17 @@
{ lib, config, ... }:
with lib;
let
cfg = config.mySystem.services.openssh;
in
{
lib,
config,
...
}:
with lib; let
cfg = config.mySystem.services.openssh;
in {
options.mySystem.services.openssh = {
enable = mkEnableOption "openssh" // {
default = true;
};
enable =
mkEnableOption "openssh"
// {
default = true;
};
passwordAuthentication = mkOption {
type = lib.types.bool;
description = "If password can be accepted for ssh (commonly disable for security hardening)";

13
nixos/modules/nixos/system/pushover/default.nix
View file

@ -4,21 +4,18 @@
pkgs,
...
}:
with lib;
let
with lib; let
cfg = config.mySystem.system.systemd.pushover-alerts;
in
{
in {
options.mySystem.system.systemd.pushover-alerts.enable =
mkEnableOption "Pushover alerts for systemd failures"
// {
default = true;
};
options.systemd.services = mkOption {
type =
with types;
type = with types;
attrsOf (submodule {
config.onFailure = [ "notify-pushover@%n.service" ];
config.onFailure = ["notify-pushover@%n.service"];
});
};
@ -32,7 +29,7 @@ in
systemd.services."notify-pushover@" = mkIf cfg.enable {
enable = true;
onFailure = lib.mkForce [ ]; # cant refer to itself on failure
onFailure = lib.mkForce []; # cant refer to itself on failure
description = "Notify on failed unit %i";
serviceConfig = {
Type = "oneshot";

12
nixos/modules/nixos/system/security.nix
View file

@ -1,9 +1,11 @@
{ lib, config, ... }:
with lib;
let
cfg = config.mySystem.security;
in
{
lib,
config,
...
}:
with lib; let
cfg = config.mySystem.security;
in {
options.mySystem.security = {
sshAgentAuth.enable = lib.mkEnableOption "openssh";
wheelNeedsSudoPassword = lib.mkOption {

14
nixos/modules/nixos/system/systempackages.nix
View file

@ -1,14 +1,16 @@
{ lib, config, ... }:
with lib;
let
cfg = config.mySystem.system;
in
{
lib,
config,
...
}:
with lib; let
cfg = config.mySystem.system;
in {
options.mySystem.system = {
packages = mkOption {
type = with types; listOf package;
description = "List of system level package installs";
default = [ ];
default = [];
};
};
# System packages deployed globally.

10
nixos/modules/nixos/system/time.nix
View file

@ -1,8 +1,10 @@
{ lib, config, ... }:
let
cfg = config.mySystem.time;
in
{
lib,
config,
...
}: let
cfg = config.mySystem.time;
in {
options.mySystem.time = {
timeZone = lib.mkOption {
type = lib.types.str;

14
nixos/modules/nixos/system/wifi_swap/default.nix
View file

@ -5,8 +5,7 @@
pkgs,
...
}:
with lib;
let
with lib; let
cfg = config.mySystem.framework_wifi_swap;
wifiSwap = pkgs.writeShellScriptBin "wifi_swap" ''
#! /usr/bin/env bash
@ -34,12 +33,13 @@ let
;;
esac
'';
in
{
in {
options.mySystem.framework_wifi_swap = {
enable = mkEnableOption "framework_wifi_swap" // {
default = false;
};
enable =
mkEnableOption "framework_wifi_swap"
// {
default = false;
};
};
config = mkIf cfg.enable {
# Create bash script and add it to nix store

70
nixos/modules/nixos/system/zfs.nix
View file

@ -3,45 +3,43 @@
config,
pkgs,
...
}:
let
}: let
cfg = config.mySystem.system.zfs;
in
with lib;
{
options.mySystem.system.zfs = {
enable = lib.mkEnableOption "zfs";
mountPoolsAtBoot = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
};
};
config = lib.mkIf cfg.enable {
# setup boot
boot = {
supportedFilesystems = [
"zfs"
];
zfs = {
forceImportRoot = false; # if stuck on boot, modify grub options, force importing isnt secure
extraPools = cfg.mountPoolsAtBoot;
with lib; {
options.mySystem.system.zfs = {
enable = lib.mkEnableOption "zfs";
mountPoolsAtBoot = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [];
};
};
config = lib.mkIf cfg.enable {
# setup boot
boot = {
supportedFilesystems = [
"zfs"
];
zfs = {
forceImportRoot = false; # if stuck on boot, modify grub options, force importing isnt secure
extraPools = cfg.mountPoolsAtBoot;
};
};
services.zfs = {
autoScrub.enable = true;
autoScrub.interval = "weekly";
trim.enable = true;
services.zfs = {
autoScrub.enable = true;
autoScrub.interval = "weekly";
trim.enable = true;
};
# Pushover notifications
environment.systemPackages = with pkgs; [
busybox
];
services.zfs.zed.settings = {
ZED_PUSHOVER_TOKEN = "$(${pkgs.busybox}/bin/cat ${config.sops.secrets.pushover-api-key.path})";
ZED_PUSHOVER_USER = "$(${pkgs.busybox}/bin/cat ${config.sops.secrets.pushover-user-key.path})";
};
};
# Pushover notifications
environment.systemPackages = with pkgs; [
busybox
];
services.zfs.zed.settings = {
ZED_PUSHOVER_TOKEN = "$(${pkgs.busybox}/bin/cat ${config.sops.secrets.pushover-api-key.path})";
ZED_PUSHOVER_USER = "$(${pkgs.busybox}/bin/cat ${config.sops.secrets.pushover-user-key.path})";
};
};
}
}

15
nixos/overlays/cargo-tauri/default.nix
View file

@ -1,10 +1,9 @@
{ ... }:
let
{...}: let
finalVersion = "tauri-v2.0.4";
in
final: prev: {
cargo-tauri = prev.cargo-tauri.overrideAttrs (oldAttrs: {
version = finalVersion;
vendorHash = "sha256-aTtvVpL979BUvSBwBqRqCWSWIBBmmty9vBD97Q5P4+E=";
});
}
final: prev: {
cargo-tauri = prev.cargo-tauri.overrideAttrs (oldAttrs: {
version = finalVersion;
vendorHash = "sha256-aTtvVpL979BUvSBwBqRqCWSWIBBmmty9vBD97Q5P4+E=";
});
}

126
nixos/overlays/coder/default.nix
View file

@ -8,9 +8,7 @@
stdenvNoCC,
unzip,
nixosTests,
}:
let
}: let
inherit (stdenvNoCC.hostPlatform) system;
channels = {
@ -34,14 +32,13 @@ let
};
};
in
stdenvNoCC.mkDerivation (finalAttrs: {
pname = "coder";
version = channels.${channel}.version;
src = fetchurl {
hash = (channels.${channel}.hash).${system};
stdenvNoCC.mkDerivation (finalAttrs: {
pname = "coder";
version = channels.${channel}.version;
src = fetchurl {
hash = (channels.${channel}.hash).${system};
url =
let
url = let
systemName =
{
x86_64-linux = "linux_amd64";
@ -59,59 +56,58 @@ stdenvNoCC.mkDerivation (finalAttrs: {
aarch64-darwin = "zip";
}
.${system};
in
"https://github.com/coder/coder/releases/download/v${finalAttrs.version}/coder_${finalAttrs.version}_${systemName}.${ext}";
};
nativeBuildInputs = [
installShellFiles
makeBinaryWrapper
unzip
];
unpackPhase = ''
runHook preUnpack
case $src in
*.tar.gz) tar -xz -f "$src" ;;
*.zip) unzip "$src" ;;
esac
runHook postUnpack
'';
installPhase = ''
runHook preInstall
install -D -m755 coder $out/bin/coder
runHook postInstall
'';
postInstall = ''
wrapProgram $out/bin/coder \
--prefix PATH : ${lib.makeBinPath [ terraform ]}
'';
# integration tests require network access
doCheck = false;
meta = {
description = "Provision remote development environments via Terraform";
homepage = "https://coder.com";
license = lib.licenses.agpl3Only;
mainProgram = "coder";
maintainers = with lib.maintainers; [
ghuntley
kylecarbs
urandom
];
};
passthru = {
updateScript = ./update.sh;
tests = {
inherit (nixosTests) coder;
in "https://github.com/coder/coder/releases/download/v${finalAttrs.version}/coder_${finalAttrs.version}_${systemName}.${ext}";
};
};
})
nativeBuildInputs = [
installShellFiles
makeBinaryWrapper
unzip
];
unpackPhase = ''
runHook preUnpack
case $src in
*.tar.gz) tar -xz -f "$src" ;;
*.zip) unzip "$src" ;;
esac
runHook postUnpack
'';
installPhase = ''
runHook preInstall
install -D -m755 coder $out/bin/coder
runHook postInstall
'';
postInstall = ''
wrapProgram $out/bin/coder \
--prefix PATH : ${lib.makeBinPath [terraform]}
'';
# integration tests require network access
doCheck = false;
meta = {
description = "Provision remote development environments via Terraform";
homepage = "https://coder.com";
license = lib.licenses.agpl3Only;
mainProgram = "coder";
maintainers = with lib.maintainers; [
ghuntley
kylecarbs
urandom
];
};
passthru = {
updateScript = ./update.sh;
tests = {
inherit (nixosTests) coder;
};
};
})

23
nixos/overlays/smartmontools/default.nix
View file

@ -1,15 +1,14 @@
{ ... }:
let
{...}: let
dbrev = "5613";
drivedbBranch = "RELEASE_7_4";
in
final: prev: {
smartmontools = prev.smartmontools.overrideAttrs (oldAttrs: {
inherit dbrev drivedbBranch;
driverdb = builtins.fetchurl {
url = "https://sourceforge.net/p/smartmontools/code/${dbrev}/tree/trunk/smartmontools/drivedb.h?format=raw";
sha256 = "sha256-6r7Pd298Ea55AXOLijUEQoJq+Km5cE+Ygti65yacdoM=";
name = "smartmontools-drivedb.h";
};
});
}
final: prev: {
smartmontools = prev.smartmontools.overrideAttrs (oldAttrs: {
inherit dbrev drivedbBranch;
driverdb = builtins.fetchurl {
url = "https://sourceforge.net/p/smartmontools/code/${dbrev}/tree/trunk/smartmontools/drivedb.h?format=raw";
sha256 = "sha256-6r7Pd298Ea55AXOLijUEQoJq+Km5cE+Ygti65yacdoM=";
name = "smartmontools-drivedb.h";
};
});
}

5
nixos/overlays/talosctl/default.nix
View file

@ -5,7 +5,6 @@
installShellFiles,
git,
}:
buildGoModule rec {
pname = "talosctl";
version = "1.9.0";
@ -24,7 +23,7 @@ buildGoModule rec {
"-w"
];
subPackages = [ "cmd/talosctl" ];
subPackages = ["cmd/talosctl"];
doCheck = false;
@ -58,7 +57,7 @@ buildGoModule rec {
description = "A CLI for out-of-band management of Kubernetes nodes created by Talos";
homepage = "https://www.talos.dev/";
license = licenses.mpl20;
maintainers = with maintainers; [ flokli ];
maintainers = with maintainers; [flokli];
mainProgram = "talosctl";
};
}

9
nixos/overlays/termius/default.nix
View file

@ -12,7 +12,6 @@
udev,
wrapGAppsHook3,
}:
stdenv.mkDerivation rec {
pname = "termius";
version = "9.5.0";
@ -31,7 +30,7 @@ stdenv.mkDerivation rec {
};
desktopItem = makeDesktopItem {
categories = [ "Network" ];
categories = ["Network"];
comment = "The SSH client that works on Desktop and Mobile";
desktopName = "Termius";
exec = "termius-app";
@ -82,7 +81,7 @@ stdenv.mkDerivation rec {
install -Dm644 meta/gui/icon.png $out/share/icons/hicolor/128x128/apps/termius-app.png
'';
runtimeDependencies = [ (lib.getLib udev) ];
runtimeDependencies = [(lib.getLib udev)];
postFixup = ''
makeWrapper $out/opt/termius/termius-app $out/bin/termius-app \
@ -93,13 +92,13 @@ stdenv.mkDerivation rec {
description = "A cross-platform SSH client with cloud data sync and more";
homepage = "https://termius.com/";
downloadPage = "https://termius.com/linux/";
sourceProvenance = with sourceTypes; [ binaryNativeCode ];
sourceProvenance = with sourceTypes; [binaryNativeCode];
license = licenses.unfree;
maintainers = with maintainers; [
Br1ght0ne
th0rgal
];
platforms = [ "x86_64-linux" ];
platforms = ["x86_64-linux"];
mainProgram = "termius-app";
};
}

348
nixos/overlays/vivaldi/default.nix
View file

@ -62,183 +62,189 @@
libpulseaudio,
kerberosSupport ? true,
libkrb5,
}:
let
branch = if isSnapshot then "snapshot" else "stable";
vivaldiName = if isSnapshot then "vivaldi-snapshot" else "vivaldi";
}: let
branch =
if isSnapshot
then "snapshot"
else "stable";
vivaldiName =
if isSnapshot
then "vivaldi-snapshot"
else "vivaldi";
in
stdenv.mkDerivation rec {
pname = "vivaldi";
version = "6.9.3447.37";
stdenv.mkDerivation rec {
pname = "vivaldi";
version = "6.9.3447.37";
suffix =
{
aarch64-linux = "arm64";
x86_64-linux = "amd64";
}
.${stdenv.hostPlatform.system} or (throw "Unsupported system: ${stdenv.hostPlatform.system}");
src = fetchurl {
url = "https://downloads.vivaldi.com/${branch}/vivaldi-${branch}_${version}-1_${suffix}.deb";
hash =
suffix =
{
aarch64-linux = "sha256-kYTnWad/jrJt9z+AhjXzHYxVSIwIIO3RKD7szuPEg2s=";
x86_64-linux = "sha256-+h7SHci8gZ+epKFHD0PiXyME2xT+loD2KXpJGFCfIFg=";
aarch64-linux = "arm64";
x86_64-linux = "amd64";
}
.${stdenv.hostPlatform.system} or (throw "Unsupported system: ${stdenv.hostPlatform.system}");
};
.${stdenv.hostPlatform.system}
or (throw "Unsupported system: ${stdenv.hostPlatform.system}");
unpackPhase = ''
ar vx $src
tar -xvf data.tar.xz
'';
src = fetchurl {
url = "https://downloads.vivaldi.com/${branch}/vivaldi-${branch}_${version}-1_${suffix}.deb";
hash =
{
aarch64-linux = "sha256-kYTnWad/jrJt9z+AhjXzHYxVSIwIIO3RKD7szuPEg2s=";
x86_64-linux = "sha256-+h7SHci8gZ+epKFHD0PiXyME2xT+loD2KXpJGFCfIFg=";
}
.${stdenv.hostPlatform.system}
or (throw "Unsupported system: ${stdenv.hostPlatform.system}");
};
nativeBuildInputs = [
patchelf
makeWrapper
];
dontWrapQtApps = true;
buildInputs =
[
stdenv.cc.cc
stdenv.cc.libc
zlib
libX11
libXt
libXext
libSM
libICE
libxcb
libxkbcommon
libxshmfence
libXi
libXft
libXcursor
libXfixes
libXScrnSaver
libXcomposite
libXdamage
libXtst
libXrandr
atk
at-spi2-atk
at-spi2-core
alsa-lib
dbus
cups
gtk3
gdk-pixbuf
libexif
ffmpeg
systemd
libva
qt5.qtbase
freetype
fontconfig
libXrender
libuuid
expat
glib
nss
nspr
libGL
libxml2
pango
cairo
libdrm
mesa
vulkan-loader
wayland
pipewire
]
++ lib.optional proprietaryCodecs vivaldi-ffmpeg-codecs
++ lib.optional pulseSupport libpulseaudio
++ lib.optional kerberosSupport libkrb5;
libPath =
lib.makeLibraryPath buildInputs
+ lib.optionalString (stdenv.is64bit) (":" + lib.makeSearchPathOutput "lib" "lib64" buildInputs)
+ ":$out/opt/${vivaldiName}/lib";
buildPhase =
''
runHook preBuild
echo "Patching Vivaldi binaries"
for f in chrome_crashpad_handler vivaldi-bin vivaldi-sandbox ; do
patchelf \
--set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \
--set-rpath "${libPath}" \
opt/${vivaldiName}/$f
done
for f in libGLESv2.so libqt5_shim.so ; do
patchelf --set-rpath "${libPath}" opt/${vivaldiName}/$f
done
''
+ lib.optionalString proprietaryCodecs ''
ln -s ${vivaldi-ffmpeg-codecs}/lib/libffmpeg.so opt/${vivaldiName}/libffmpeg.so.''${version%\.*\.*}
''
+ ''
echo "Finished patching Vivaldi binaries"
runHook postBuild
unpackPhase = ''
ar vx $src
tar -xvf data.tar.xz
'';
dontPatchELF = true;
dontStrip = true;
installPhase =
''
runHook preInstall
mkdir -p "$out"
cp -r opt "$out"
mkdir "$out/bin"
ln -s "$out/opt/${vivaldiName}/${vivaldiName}" "$out/bin/vivaldi"
mkdir -p "$out/share"
cp -r usr/share/{applications,xfce4} "$out"/share
substituteInPlace "$out"/share/applications/*.desktop \
--replace /usr/bin/${vivaldiName} "$out"/bin/vivaldi
substituteInPlace "$out"/share/applications/*.desktop \
--replace vivaldi-stable vivaldi
local d
for d in 16 22 24 32 48 64 128 256; do
mkdir -p "$out"/share/icons/hicolor/''${d}x''${d}/apps
ln -s \
"$out"/opt/${vivaldiName}/product_logo_''${d}.png \
"$out"/share/icons/hicolor/''${d}x''${d}/apps/vivaldi.png
done
wrapProgram "$out/bin/vivaldi" \
--add-flags ${lib.escapeShellArg commandLineArgs} \
--add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations}}" \
--set-default FONTCONFIG_FILE "${fontconfig.out}/etc/fonts/fonts.conf" \
--set-default FONTCONFIG_PATH "${fontconfig.out}/etc/fonts" \
--suffix XDG_DATA_DIRS : ${gtk3}/share/gsettings-schemas/${gtk3.name}/ \
${lib.optionalString enableWidevine "--suffix LD_LIBRARY_PATH : ${libPath}"}
''
+ lib.optionalString enableWidevine ''
ln -sf ${widevine-cdm}/share/google/chrome/WidevineCdm $out/opt/${vivaldiName}/WidevineCdm
''
+ ''
runHook postInstall
'';
passthru.updateScript = ./update-vivaldi.sh;
meta = with lib; {
description = "Browser for our Friends, powerful and personal";
homepage = "https://vivaldi.com";
license = licenses.unfree;
sourceProvenance = with sourceTypes; [ binaryNativeCode ];
mainProgram = "vivaldi";
maintainers = with maintainers; [
otwieracz
badmutex
nativeBuildInputs = [
patchelf
makeWrapper
];
platforms = [
"x86_64-linux"
"aarch64-linux"
];
};
}
dontWrapQtApps = true;
buildInputs =
[
stdenv.cc.cc
stdenv.cc.libc
zlib
libX11
libXt
libXext
libSM
libICE
libxcb
libxkbcommon
libxshmfence
libXi
libXft
libXcursor
libXfixes
libXScrnSaver
libXcomposite
libXdamage
libXtst
libXrandr
atk
at-spi2-atk
at-spi2-core
alsa-lib
dbus
cups
gtk3
gdk-pixbuf
libexif
ffmpeg
systemd
libva
qt5.qtbase
freetype
fontconfig
libXrender
libuuid
expat
glib
nss
nspr
libGL
libxml2
pango
cairo
libdrm
mesa
vulkan-loader
wayland
pipewire
]
++ lib.optional proprietaryCodecs vivaldi-ffmpeg-codecs
++ lib.optional pulseSupport libpulseaudio
++ lib.optional kerberosSupport libkrb5;
libPath =
lib.makeLibraryPath buildInputs
+ lib.optionalString (stdenv.is64bit) (":" + lib.makeSearchPathOutput "lib" "lib64" buildInputs)
+ ":$out/opt/${vivaldiName}/lib";
buildPhase =
''
runHook preBuild
echo "Patching Vivaldi binaries"
for f in chrome_crashpad_handler vivaldi-bin vivaldi-sandbox ; do
patchelf \
--set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \
--set-rpath "${libPath}" \
opt/${vivaldiName}/$f
done
for f in libGLESv2.so libqt5_shim.so ; do
patchelf --set-rpath "${libPath}" opt/${vivaldiName}/$f
done
''
+ lib.optionalString proprietaryCodecs ''
ln -s ${vivaldi-ffmpeg-codecs}/lib/libffmpeg.so opt/${vivaldiName}/libffmpeg.so.''${version%\.*\.*}
''
+ ''
echo "Finished patching Vivaldi binaries"
runHook postBuild
'';
dontPatchELF = true;
dontStrip = true;
installPhase =
''
runHook preInstall
mkdir -p "$out"
cp -r opt "$out"
mkdir "$out/bin"
ln -s "$out/opt/${vivaldiName}/${vivaldiName}" "$out/bin/vivaldi"
mkdir -p "$out/share"
cp -r usr/share/{applications,xfce4} "$out"/share
substituteInPlace "$out"/share/applications/*.desktop \
--replace /usr/bin/${vivaldiName} "$out"/bin/vivaldi
substituteInPlace "$out"/share/applications/*.desktop \
--replace vivaldi-stable vivaldi
local d
for d in 16 22 24 32 48 64 128 256; do
mkdir -p "$out"/share/icons/hicolor/''${d}x''${d}/apps
ln -s \
"$out"/opt/${vivaldiName}/product_logo_''${d}.png \
"$out"/share/icons/hicolor/''${d}x''${d}/apps/vivaldi.png
done
wrapProgram "$out/bin/vivaldi" \
--add-flags ${lib.escapeShellArg commandLineArgs} \
--add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations}}" \
--set-default FONTCONFIG_FILE "${fontconfig.out}/etc/fonts/fonts.conf" \
--set-default FONTCONFIG_PATH "${fontconfig.out}/etc/fonts" \
--suffix XDG_DATA_DIRS : ${gtk3}/share/gsettings-schemas/${gtk3.name}/ \
${lib.optionalString enableWidevine "--suffix LD_LIBRARY_PATH : ${libPath}"}
''
+ lib.optionalString enableWidevine ''
ln -sf ${widevine-cdm}/share/google/chrome/WidevineCdm $out/opt/${vivaldiName}/WidevineCdm
''
+ ''
runHook postInstall
'';
passthru.updateScript = ./update-vivaldi.sh;
meta = with lib; {
description = "Browser for our Friends, powerful and personal";
homepage = "https://vivaldi.com";
license = licenses.unfree;
sourceProvenance = with sourceTypes; [binaryNativeCode];
mainProgram = "vivaldi";
maintainers = with maintainers; [
otwieracz
badmutex
];
platforms = [
"x86_64-linux"
"aarch64-linux"
];
};
}

7
nixos/overlays/vivaldi/ffmpeg-codecs.nix
View file

@ -4,7 +4,6 @@
lib,
stdenv,
}:
# This derivation roughly follows the update-ffmpeg script that ships with the official Vivaldi
# downloads at https://vivaldi.com/download/
stdenv.mkDerivation rec {
@ -16,7 +15,7 @@ stdenv.mkDerivation rec {
hash = "sha256-a1peHhku+OaGvPyChvLdh6/7zT+v8OHNwt60QUq7VvU=";
};
buildInputs = [ squashfsTools ];
buildInputs = [squashfsTools];
unpackPhase = ''
unsquashfs -dest . $src
@ -29,13 +28,13 @@ stdenv.mkDerivation rec {
meta = with lib; {
description = "Additional support for proprietary codecs for Vivaldi";
homepage = "https://ffmpeg.org/";
sourceProvenance = with sourceTypes; [ binaryNativeCode ];
sourceProvenance = with sourceTypes; [binaryNativeCode];
license = licenses.lgpl21;
maintainers = with maintainers; [
betaboon
cawilliamson
fptje
];
platforms = [ "x86_64-linux" ];
platforms = ["x86_64-linux"];
};
}

175
nixos/overlays/xpipe/ptb.nix
View file

@ -25,9 +25,7 @@
util-linux,
socat,
hicolor-icon-theme,
}:
let
}: let
inherit (stdenvNoCC.hostPlatform) system;
throwSystem = throw "Unsupported system: ${system}";
@ -36,99 +34,100 @@ let
x86_64-linux = "x86_64";
aarch64-linux = "arm64";
}
.${system} or throwSystem;
.${system}
or throwSystem;
hash =
{
x86_64-linux = "sha256-O4gl0WulhDyqL9lDwqR1oxNAzVjHn+3q0UB8KP0/sBk=";
aarch64-linux = "";
}
.${system} or throwSystem;
.${system}
or throwSystem;
displayname = "XPipe PTB";
in
stdenvNoCC.mkDerivation rec {
pname = "xpipe-ptb";
version = "13.0-10";
stdenvNoCC.mkDerivation rec {
pname = "xpipe-ptb";
version = "13.0-10";
src = fetchzip {
url = "https://github.com/xpipe-io/${pname}/releases/download/${version}/xpipe-portable-linux-${arch}.tar.gz";
inherit hash;
};
src = fetchzip {
url = "https://github.com/xpipe-io/${pname}/releases/download/${version}/xpipe-portable-linux-${arch}.tar.gz";
inherit hash;
};
nativeBuildInputs = [
autoPatchelfHook
makeShellWrapper
];
nativeBuildInputs = [
autoPatchelfHook
makeShellWrapper
];
# Ignore libavformat dependencies as we don't need them
autoPatchelfIgnoreMissingDeps = true;
# Ignore libavformat dependencies as we don't need them
autoPatchelfIgnoreMissingDeps = true;
buildInputs = [
fontconfig
zlib
udev
freetype
gtk3
alsa-lib
libX11
libX11
libXext
libXdamage
libXfixes
libxcb
libXcomposite
libXcursor
libXi
libXrender
libXtst
libXxf86vm
];
buildInputs = [
fontconfig
zlib
udev
freetype
gtk3
alsa-lib
libX11
libX11
libXext
libXdamage
libXfixes
libxcb
libXcomposite
libXcursor
libXi
libXrender
libXtst
libXxf86vm
];
desktopItem = makeDesktopItem {
categories = [ "Network" ];
comment = "XPipe (Public Test Build) releases";
desktopName = displayname;
exec = "/opt/${pname}/cli/bin/xpipe open %U";
genericName = "Shell connection hub";
icon = "/opt/${pname}/logo.png";
name = displayname;
};
desktopItem = makeDesktopItem {
categories = ["Network"];
comment = "XPipe (Public Test Build) releases";
desktopName = displayname;
exec = "/opt/${pname}/cli/bin/xpipe open %U";
genericName = "Shell connection hub";
icon = "/opt/${pname}/logo.png";
name = displayname;
};
installPhase = ''
runHook preInstall
installPhase = ''
runHook preInstall
pkg="${pname}"
mkdir -p $out/opt/$pkg
cp -r ./ $out/opt/$pkg
pkg="${pname}"
mkdir -p $out/opt/$pkg
cp -r ./ $out/opt/$pkg
mkdir -p "$out/bin"
ln -s "$out/opt/$pkg/cli/bin/xpipe" "$out/bin/$pkg"
mkdir -p "$out/bin"
ln -s "$out/opt/$pkg/cli/bin/xpipe" "$out/bin/$pkg"
mkdir -p "$out/share/applications"
cp -r "${desktopItem}/share/applications/" "$out/share/"
mkdir -p "$out/share/applications"
cp -r "${desktopItem}/share/applications/" "$out/share/"
mkdir -p "$out/etc/bash_completion.d"
ln -s "$out/opt/$pkg/cli/xpipe_completion" "$out/etc/bash_completion.d/$pkg"
mkdir -p "$out/etc/bash_completion.d"
ln -s "$out/opt/$pkg/cli/xpipe_completion" "$out/etc/bash_completion.d/$pkg"
substituteInPlace "$out/share/applications/${displayname}.desktop" --replace "Exec=" "Exec=$out"
substituteInPlace "$out/share/applications/${displayname}.desktop" --replace "Icon=" "Icon=$out"
substituteInPlace "$out/share/applications/${displayname}.desktop" --replace "Exec=" "Exec=$out"
substituteInPlace "$out/share/applications/${displayname}.desktop" --replace "Icon=" "Icon=$out"
mv "$out/opt/$pkg/app/bin/xpiped" "$out/opt/$pkg/app/bin/xpiped_raw"
mv "$out/opt/$pkg/app/lib/app/xpiped.cfg" "$out/opt/$pkg/app/lib/app/xpiped_raw.cfg"
mv "$out/opt/$pkg/app/scripts/xpiped_debug.sh" "$out/opt/$pkg/app/scripts/xpiped_debug_raw.sh"
mv "$out/opt/$pkg/app/bin/xpiped" "$out/opt/$pkg/app/bin/xpiped_raw"
mv "$out/opt/$pkg/app/lib/app/xpiped.cfg" "$out/opt/$pkg/app/lib/app/xpiped_raw.cfg"
mv "$out/opt/$pkg/app/scripts/xpiped_debug.sh" "$out/opt/$pkg/app/scripts/xpiped_debug_raw.sh"
makeShellWrapper "$out/opt/$pkg/app/bin/xpiped_raw" "$out/opt/$pkg/app/bin/xpiped" \
--prefix LD_LIBRARY_PATH : "${
makeShellWrapper "$out/opt/$pkg/app/bin/xpiped_raw" "$out/opt/$pkg/app/bin/xpiped" \
--prefix LD_LIBRARY_PATH : "${
lib.makeLibraryPath [
fontconfig
gtk3
udev
]
}"
makeShellWrapper "$out/opt/$pkg/app/scripts/xpiped_debug_raw.sh" "$out/opt/$pkg/app/scripts/xpiped_debug.sh" \
--prefix LD_LIBRARY_PATH : "${
makeShellWrapper "$out/opt/$pkg/app/scripts/xpiped_debug_raw.sh" "$out/opt/$pkg/app/scripts/xpiped_debug.sh" \
--prefix LD_LIBRARY_PATH : "${
lib.makeLibraryPath [
fontconfig
gtk3
@ -136,24 +135,24 @@ stdenvNoCC.mkDerivation rec {
]
}"
runHook postInstall
'';
runHook postInstall
'';
meta = with lib; {
description = "XPipe (Public Test Build) releases";
homepage = "https://github.com/xpipe-io/${pname}";
downloadPage = "https://github.com/xpipe-io/${pname}/releases/latest";
sourceProvenance = with sourceTypes; [ binaryNativeCode ];
changelog = "https://github.com/xpipe-io/${pname}/releases/tag/${version}";
license = [
licenses.asl20
licenses.unfree
];
maintainers = with maintainers; [ crschnick ];
platforms = [
"x86_64-linux"
"aarch64-linux"
];
mainProgram = pname;
};
}
meta = with lib; {
description = "XPipe (Public Test Build) releases";
homepage = "https://github.com/xpipe-io/${pname}";
downloadPage = "https://github.com/xpipe-io/${pname}/releases/latest";
sourceProvenance = with sourceTypes; [binaryNativeCode];
changelog = "https://github.com/xpipe-io/${pname}/releases/tag/${version}";
license = [
licenses.asl20
licenses.unfree
];
maintainers = with maintainers; [crschnick];
platforms = [
"x86_64-linux"
"aarch64-linux"
];
mainProgram = pname;
};
}

25
nixos/overlays/zed-editor/default.nix
View file

@ -1,15 +1,14 @@
{ ... }:
let
{...}: let
finalVersion = "0.149.3";
in
final: prev: {
zed-editor = prev.zed-editor.overrideAttrs (oldAttrs: {
version = finalVersion;
src = prev.fetchFromGithub {
hash = "sha256-ed6/QQObmclSA36g+civhii1aFKTBSjqB+LOyp2LUPg=";
};
cargoLock = prev.outputHashes {
"blade-graphics-0.4.0" = "sha256-sGXhXmgtd7Wx/Gf7HCWro4RsQOGS4pQt8+S3T+2wMfY=";
};
});
}
final: prev: {
zed-editor = prev.zed-editor.overrideAttrs (oldAttrs: {
version = finalVersion;
src = prev.fetchFromGithub {
hash = "sha256-ed6/QQObmclSA36g+civhii1aFKTBSjqB+LOyp2LUPg=";
};
cargoLock = prev.outputHashes {
"blade-graphics-0.4.0" = "sha256-sGXhXmgtd7Wx/Gf7HCWro4RsQOGS4pQt8+S3T+2wMfY=";
};
});
}

6
nixos/profiles/disko-nixos.nix
View file

@ -1,8 +1,4 @@
{
disks ? [ "/dev/sda" ],
...
}:
{
{disks ? ["/dev/sda"], ...}: {
disko.devices = {
disk = {
main = {

7
nixos/profiles/global/nix.nix
View file

@ -1,5 +1,8 @@
{ lib, nixpkgs, ... }:
{
lib,
nixpkgs,
...
}: {
## Below is to align shell/system to flake's nixpkgs
## ref: https://nixos-and-flakes.thiscute.world/best-practices/nix-path-and-flake-registry
@ -10,7 +13,7 @@
registry.nixpkgs.flake = nixpkgs;
channel.enable = false; # remove nix-channel related tools & configs, we use flakes instead.
nixPath = [ "nixpkgs=${nixpkgs}" ];
nixPath = ["nixpkgs=${nixpkgs}"];
settings = {
# but NIX_PATH is still used by many useful tools, so we set it to the same value as the one used by this flake.

5
nixos/profiles/global/sops.nix
View file

@ -1,6 +1,5 @@
{ ... }:
{
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
{...}: {
sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
# Secret for machine-specific pushover
sops.secrets = {
"services/pushover/env" = {

5
nixos/profiles/global/system.nix
View file

@ -1,5 +1,8 @@
{ lib, pkgs, ... }:
{
lib,
pkgs,
...
}: {
system = {
# Enable printing changes on nix build etc with nvd
activationScripts.report-changes = ''

16
nixos/profiles/hw-generic-x86.nix
View file

@ -1,8 +1,10 @@
{ lib, pkgs, ... }:
with lib;
{
lib,
pkgs,
...
}:
with lib; {
boot = {
initrd.availableKernelModules = [
"nvme"
"xhci_pci"
@ -11,20 +13,18 @@ with lib;
"usb_storage"
"sd_mod"
];
kernelModules = [ ];
extraModulePackages = [ ];
kernelModules = [];
extraModulePackages = [];
# for managing/mounting nfs
supportedFilesystems = [ "nfs" ];
supportedFilesystems = ["nfs"];
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
grub.memtest86.enable = true;
};
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

11
nixos/profiles/hw-hetzner-cax.nix
View file

@ -1,6 +1,5 @@
{ lib, ... }:
{
imports = [ ];
{lib, ...}: {
imports = [];
boot = {
loader.systemd-boot.enable = true;
@ -12,9 +11,9 @@
"usbhid"
"sr_mod"
];
initrd.kernelModules = [ ];
kernelModules = [ ];
extraModulePackages = [ ];
initrd.kernelModules = [];
kernelModules = [];
extraModulePackages = [];
};
mySystem = {

3
nixos/profiles/hw-hp-s01.nix
View file

@ -1,5 +1,4 @@
{ lib, ... }:
{
{lib, ...}: {
mySystem = {
security.wheelNeedsSudoPassword = false;
};

9
nixos/profiles/hw-supermicro.nix
View file

@ -1,8 +1,11 @@
{ lib, pkgs, ... }:
{
lib,
pkgs,
...
}: {
boot = {
# for managing/mounting nfs
supportedFilesystems = [ "nfs" ];
supportedFilesystems = ["nfs"];
loader = {
grub = {
@ -11,7 +14,7 @@
efiInstallAsRemovable = true;
mirroredBoots = [
{
devices = [ "nodev" ];
devices = ["nodev"];
path = "/boot";
}
];

11
nixos/profiles/role-server.nix
View file

@ -1,7 +1,10 @@
{ lib, pkgs, ... }:
# Role for headless servers
with lib;
{
lib,
pkgs,
...
}:
# Role for headless servers
with lib; {
config = {
mySystem = {
services.rebootRequiredCheck.enable = true;
@ -20,7 +23,7 @@ with lib;
};
environment = {
systemPackages = [ pkgs.unstable.lazygit ];
systemPackages = [pkgs.unstable.lazygit];
};
documentation = {

38
shell.nix
View file

@ -1,24 +1,24 @@
# Need the unstable nixpkgs to get latest dev tools
let
nixpkgs = fetchTarball "https://github.com/NixOS/nixpkgs/archive/nixos-unstable.tar.gz";
pkgs = import nixpkgs { allowUnfree = true; };
pkgs = import nixpkgs {allowUnfree = true;};
in
pkgs.mkShell {
# Enable experimental features without having to specify the argument
NIX_CONFIG = "experimental-features = nix-command flakes";
shellHook = ''
export TMP=$(mktemp -d "/tmp/nix-shell-XXXXXX")
export TEMP=$TMP
export TMPDIR=$TMP
'';
pkgs.mkShell {
# Enable experimental features without having to specify the argument
NIX_CONFIG = "experimental-features = nix-command flakes";
shellHook = ''
export TMP=$(mktemp -d "/tmp/nix-shell-XXXXXX")
export TEMP=$TMP
export TMPDIR=$TMP
'';
nativeBuildInputs = with pkgs; [
cachix
git
gitleaks
go-task
pre-commit
sops
statix
];
}
nativeBuildInputs = with pkgs; [
cachix
git
gitleaks
go-task
pre-commit
sops
statix
];
}