diff --git a/.taskfiles/nix/Taskfile.yaml b/.taskfiles/nix/Taskfile.yaml index 5ab4a44..c3f637c 100644 --- a/.taskfiles/nix/Taskfile.yaml +++ b/.taskfiles/nix/Taskfile.yaml @@ -45,7 +45,8 @@ tasks: vars: - host cmds: - - echo "This will dry-run your config." + - echo "This will dry-run your config and add your untracked git files." + - git add . - nixos-rebuild dry-run --flake "{{.ROOT_DIR}}/#{{.host}}" --impure preconditions: - sh: which nix @@ -61,7 +62,9 @@ tasks: vars: - host cmds: + - git add . - nixos-rebuild build --flake "{{.ROOT_DIR}}/#{{.host}}" --impure + - nvd diff /run/current-system result preconditions: - sh: which nix msg: "nix not found" diff --git a/dns01.qcow2 b/dns01.qcow2 new file mode 100644 index 0000000..22c5606 Binary files /dev/null and b/dns01.qcow2 differ diff --git a/nixos/hosts/citadel/default.nix b/nixos/hosts/citadel/default.nix index dedbcfb..35e7ff2 100644 --- a/nixos/hosts/citadel/default.nix +++ b/nixos/hosts/citadel/default.nix @@ -6,14 +6,6 @@ , pkgs , ... }: { - imports = [ - - # Common imports - ../common/optional/gnome.nix - ../common/optional/editors/vscode - ../common/optional/firefox.nix - - ]; config = { diff --git a/nixos/hosts/common/optional/chrony.nix b/nixos/hosts/common/optional/chrony.nix deleted file mode 100644 index e9a42cf..0000000 --- a/nixos/hosts/common/optional/chrony.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ inputs -, outputs -, config -, ... -}: { - # Time - networking.timeServers = [ "10.8.10.1" ]; - services.chrony = { - enable = true; - }; -} diff --git a/nixos/hosts/common/optional/dnscrypt-proxy2.nix b/nixos/hosts/common/optional/dnscrypt-proxy2.nix deleted file mode 100644 index 9c8ebeb..0000000 --- a/nixos/hosts/common/optional/dnscrypt-proxy2.nix +++ /dev/null @@ -1,41 +0,0 @@ -# Ref: https://nixos.wiki/wiki/Encrypted_DNS#dnscrypt-proxy2 -{ inputs -, outputs -, pkgs -, config -, ... -}: { - # Disable resolvd to ensure it doesnt re-write /etc/resolv.conf - config.services.resolved.enable = false; - - # Fix this devices DNS resolv.conf else resolvd will point it to dnscrypt - # causing a risk of no dns if service fails. - config.networking = { - nameservers = [ "10.8.10.1" ]; # TODO make varible IP - - dhcpcd.extraConfig = "nohook resolv.conf"; - }; - - # configure secret for forwarding rules - config.sops.secrets."system/networking/dnscrypt-proxy2/forwarding-rules".sopsFile = ./dnscrypt-proxy2.sops.yaml; - config.sops.secrets."system/networking/dnscrypt-proxy2/forwarding-rules".mode = "0444"; # This is world-readable but theres nothing security related in the file - - # Restart dnscrypt when secret changes - config.sops.secrets."system/networking/dnscrypt-proxy2/forwarding-rules".restartUnits = [ "dnscrypt-proxy2" ]; - - config.services.dnscrypt-proxy2 = { - enable = true; - settings = { - require_dnssec = true; - forwarding_rules = config.sops.secrets."system/networking/dnscrypt-proxy2/forwarding-rules".path; - listen_addresses = [ "0.0.0.0:53" ]; - server_names = [ "NextDNS" ]; - - static = { - "NextDNS" = { - stamp = "sdns://AgEAAAAAAAAAAAAOZG5zLm5leHRkbnMuaW8HL2Y2ZmUzNQ"; - }; - }; - }; - }; -} diff --git a/nixos/hosts/common/optional/editors/vscode/default.nix b/nixos/hosts/common/optional/editors/vscode/default.nix deleted file mode 100644 index 5a3f682..0000000 --- a/nixos/hosts/common/optional/editors/vscode/default.nix +++ /dev/null @@ -1,139 +0,0 @@ -{ config -, pkgs -, lib -, ... -}: { - # TODO add USER settings.json - # Enable vscode & addons - environment.systemPackages = with pkgs; [ - (vscode-with-extensions.override { - vscode = vscodium; - vscodeExtensions = with vscode-extensions; - [ - bbenoist.nix - mkhl.direnv - - ] - ++ pkgs.vscode-utils.extensionsFromVscodeMarketplace [ - { - name = "prettier-vscode"; - publisher = "esbenp"; - version = "10.1.0"; - sha256 = "01s0vi2h917mqfpdrhqhp2ijwkibw95yk2js0l587wvajbbry2s9"; - } - - { - name = "vscode-docker"; - publisher = "ms-azuretools"; - version = "1.28.0"; - sha256 = "0nmc3pdgxpmr6k2ksdczkv9bbwszncfczik0xjympqnd2k0ra9h0"; - } - - { - name = "gitlens"; - publisher = "eamodio"; - version = "14.7.0"; - sha256 = "07f9fryaci8lsrdahgll5yhlzf5rhscpy1zd258hi211ymvkxlmy"; - } - - { - name = "remote-containers"; - publisher = "ms-vscode-remote"; - version = "0.327.0"; - sha256 = "0asswm55bx5gpz08cgpmgfvnb0494irj0gsvzx5nwknqfzpj07lz"; - } - - { - name = "remote-ssh"; - publisher = "ms-vscode-remote"; - version = "0.107.1"; - sha256 = "1q9xp8id9afhjx67zc7a61zb572f296apvdz305xd5v4brqd9xrf"; - } - - { - name = "vscode-yaml"; - publisher = "redhat"; - version = "1.14.0"; - sha256 = "0pww9qndd2vsizsibjsvscz9fbfx8srrj67x4vhmwr581q674944"; - } - - { - name = "todo-tree"; - publisher = "gruntfuggly"; - version = "0.0.226"; - sha256 = "0yrc9qbdk7zznd823bqs1g6n2i5xrda0f9a7349kknj9wp1mqgqn"; - } - - { - name = "path-autocomplete"; - publisher = "ionutvmi"; - version = "1.25.0"; - sha256 = "0jjqh3p456p1aafw1gl6xgxw4cqqzs3hssr74mdsmh77bjizcgcb"; - } - - { - name = "even-better-toml"; - publisher = "tamasfe"; - version = "0.19.2"; - sha256 = "0q9z98i446cc8bw1h1mvrddn3dnpnm2gwmzwv2s3fxdni2ggma14"; - } - - { - name = "linter"; - publisher = "fnando"; - version = "0.0.19"; - sha256 = "13bllbxd7sy4qlclh37qvvnjp1v13al11nskcf2a8pmnmj455v4g"; - } - - { - name = "catppuccin-vsc"; - publisher = "catppuccin"; - version = "3.11.0"; - sha256 = "12bzx1pv9pxbm08dhvl8pskpz1vg2whxmasl0qk2x54swa2rhi4d"; - } - - { - name = "catppuccin-vsc-icons"; - publisher = "catppuccin"; - version = "1.8.0"; - sha256 = "12sw9f00vnmppmvhwbamyjcap3acjs1f67mdmyv6ka52mav58z8z"; - } - - { - name = "nix-ide"; - publisher = "jnoortheen"; - version = "0.2.2"; - sha256 = "1264027sjh9a112si0y0p3pk3y36shj5b4qkpsj207z7lbxqq0wg"; - } - - { - name = "vscode-swissknife"; - publisher = "luisfontes19"; - version = "1.8.1"; - sha256 = "1rpk8zayzkn2kg4jjdd2fy6xl50kib71dqg73v46326cr4dwxa7c"; - } - - { - name = "pre-commit-helper"; - publisher = "elagil"; - version = "0.5.0"; - sha256 = "05cs1ndnha9dgv1ys23z81ajk300wpixqmks0lfmrj1zwyjg2wlj"; - } - - { - name = "sops-edit"; - publisher = "shipitsmarter"; - version = "1.0.0"; - sha256 = "0b2z9khiwrpf6gxdb9y315ayqkibvgixmvx82in5rlp8pndb6sq4"; - } - - { - name = "json5-for-vscode"; - publisher = "tudoudou"; - version = "0.0.3"; - sha256 = "1d1c18mr91ll5fsp0l0aszyi7nx0ad352ssm0fm40z81m4dmzm0w"; - } - ]; - }) - ]; -} diff --git a/nixos/hosts/common/optional/editors/vscode/extensions.nix b/nixos/hosts/common/optional/editors/vscode/extensions.nix deleted file mode 100644 index 9b24a06..0000000 --- a/nixos/hosts/common/optional/editors/vscode/extensions.nix +++ /dev/null @@ -1,174 +0,0 @@ -# Warning, this file is autogenerated by nix4vscode. Don't modify this manually. -{ pkgs }: -let - vscode-utils = pkgs.vscode-utils; -in -{ - "ms-python"."python" = vscode-utils.extensionFromVscodeMarketplace { - name = "python"; - publisher = "ms-python"; - version = "2024.0.0"; - sha256 = "0sy1z2r6b0m1lkivjyrcf41dbgj9m5zkjy6yncpji1hisjcbgq6n"; - }; - - "ms-python"."vscode-pylance" = vscode-utils.extensionFromVscodeMarketplace { - name = "vscode-pylance"; - publisher = "ms-python"; - version = "2023.12.1"; - sha256 = "03fr9zanhdsf3wirv65vb41swvdnxxaz8lviyjdbmzcw9yihf8dv"; - }; - - "esbenp"."prettier-vscode" = vscode-utils.extensionFromVscodeMarketplace { - name = "prettier-vscode"; - publisher = "esbenp"; - version = "10.1.0"; - sha256 = "01s0vi2h917mqfpdrhqhp2ijwkibw95yk2js0l587wvajbbry2s9"; - }; - - "ms-azuretools"."vscode-docker" = vscode-utils.extensionFromVscodeMarketplace { - name = "vscode-docker"; - publisher = "ms-azuretools"; - version = "1.28.0"; - sha256 = "0nmc3pdgxpmr6k2ksdczkv9bbwszncfczik0xjympqnd2k0ra9h0"; - }; - - "eamodio"."gitlens" = vscode-utils.extensionFromVscodeMarketplace { - name = "gitlens"; - publisher = "eamodio"; - version = "14.7.0"; - sha256 = "07f9fryaci8lsrdahgll5yhlzf5rhscpy1zd258hi211ymvkxlmy"; - }; - - "ms-vscode-remote"."remote-containers" = vscode-utils.extensionFromVscodeMarketplace { - name = "remote-containers"; - publisher = "ms-vscode-remote"; - version = "0.327.0"; - sha256 = "0asswm55bx5gpz08cgpmgfvnb0494irj0gsvzx5nwknqfzpj07lz"; - }; - - "ms-vscode-remote"."remote-ssh" = vscode-utils.extensionFromVscodeMarketplace { - name = "remote-ssh"; - publisher = "ms-vscode-remote"; - version = "0.107.1"; - sha256 = "1q9xp8id9afhjx67zc7a61zb572f296apvdz305xd5v4brqd9xrf"; - }; - - "redhat"."vscode-yaml" = vscode-utils.extensionFromVscodeMarketplace { - name = "vscode-yaml"; - publisher = "redhat"; - version = "1.14.0"; - sha256 = "0pww9qndd2vsizsibjsvscz9fbfx8srrj67x4vhmwr581q674944"; - }; - - "github"."copilot" = vscode-utils.extensionFromVscodeMarketplace { - name = "copilot"; - publisher = "github"; - version = "1.156.0"; - sha256 = "16nzwazfbh895kmc2887b17zzbbcjyk8fhiphk5xmy1nm9qxszk0"; - }; - - "golang"."go" = vscode-utils.extensionFromVscodeMarketplace { - name = "go"; - publisher = "golang"; - version = "0.40.3"; - sha256 = "15kicpv9xpn7l3w9mbmsjdzjmavh88p3skkim0a9prg9p40bsq0m"; - }; - - "gruntfuggly"."todo-tree" = vscode-utils.extensionFromVscodeMarketplace { - name = "todo-tree"; - publisher = "gruntfuggly"; - version = "0.0.226"; - sha256 = "0yrc9qbdk7zznd823bqs1g6n2i5xrda0f9a7349kknj9wp1mqgqn"; - }; - - "ms-kubernetes-tools"."vscode-kubernetes-tools" = vscode-utils.extensionFromVscodeMarketplace { - name = "vscode-kubernetes-tools"; - publisher = "ms-kubernetes-tools"; - version = "1.3.15"; - sha256 = "1x6npc90p6b1wx5sd1hd0x0djahmffr6lw9cxh2zg10rbpq48w8i"; - }; - - "hashicorp"."terraform" = vscode-utils.extensionFromVscodeMarketplace { - name = "terraform"; - publisher = "hashicorp"; - version = "2.29.3"; - sha256 = "sha256-cYYtBZaWgtT6vS6In+tbpLfp/GdyWodBXyHsxn8ZZrU="; - }; - - "ionutvmi"."path-autocomplete" = vscode-utils.extensionFromVscodeMarketplace { - name = "path-autocomplete"; - publisher = "ionutvmi"; - version = "1.25.0"; - sha256 = "0jjqh3p456p1aafw1gl6xgxw4cqqzs3hssr74mdsmh77bjizcgcb"; - }; - - "tamasfe"."even-better-toml" = vscode-utils.extensionFromVscodeMarketplace { - name = "even-better-toml"; - publisher = "tamasfe"; - version = "0.19.2"; - sha256 = "0q9z98i446cc8bw1h1mvrddn3dnpnm2gwmzwv2s3fxdni2ggma14"; - }; - - "redhat"."ansible" = vscode-utils.extensionFromVscodeMarketplace { - name = "ansible"; - publisher = "redhat"; - version = "2.9.118"; - sha256 = "0yndj2r0w2zxc5firxgfrykkc5ajy9gsmrfmkz80kfhwk33n9y1p"; - }; - - "fnando"."linter" = vscode-utils.extensionFromVscodeMarketplace { - name = "linter"; - publisher = "fnando"; - version = "0.0.19"; - sha256 = "13bllbxd7sy4qlclh37qvvnjp1v13al11nskcf2a8pmnmj455v4g"; - }; - - "catppuccin"."catppuccin-vsc" = vscode-utils.extensionFromVscodeMarketplace { - name = "catppuccin-vsc"; - publisher = "catppuccin"; - version = "3.11.0"; - sha256 = "12bzx1pv9pxbm08dhvl8pskpz1vg2whxmasl0qk2x54swa2rhi4d"; - }; - - "catppuccin"."catppuccin-vsc-icons" = vscode-utils.extensionFromVscodeMarketplace { - name = "catppuccin-vsc-icons"; - publisher = "catppuccin"; - version = "1.8.0"; - sha256 = "12sw9f00vnmppmvhwbamyjcap3acjs1f67mdmyv6ka52mav58z8z"; - }; - - "jnoortheen"."nix-ide" = vscode-utils.extensionFromVscodeMarketplace { - name = "nix-ide"; - publisher = "jnoortheen"; - version = "0.2.2"; - sha256 = "1264027sjh9a112si0y0p3pk3y36shj5b4qkpsj207z7lbxqq0wg"; - }; - - "luisfontes19"."vscode-swissknife" = vscode-utils.extensionFromVscodeMarketplace { - name = "vscode-swissknife"; - publisher = "luisfontes19"; - version = "1.8.1"; - sha256 = "1rpk8zayzkn2kg4jjdd2fy6xl50kib71dqg73v46326cr4dwxa7c"; - }; - - "elagil"."pre-commit-helper" = vscode-utils.extensionFromVscodeMarketplace { - name = "pre-commit-helper"; - publisher = "elagil"; - version = "0.5.0"; - sha256 = "05cs1ndnha9dgv1ys23z81ajk300wpixqmks0lfmrj1zwyjg2wlj"; - }; - - "shipitsmarter"."sops-edit" = vscode-utils.extensionFromVscodeMarketplace { - name = "sops-edit"; - publisher = "shipitsmarter"; - version = "1.0.0"; - sha256 = "0b2z9khiwrpf6gxdb9y315ayqkibvgixmvx82in5rlp8pndb6sq4"; - }; - - "tudoudou"."json5-for-vscode" = vscode-utils.extensionFromVscodeMarketplace { - name = "json5-for-vscode"; - publisher = "tudoudou"; - version = "0.0.3"; - sha256 = "1d1c18mr91ll5fsp0l0aszyi7nx0ad352ssm0fm40z81m4dmzm0w"; - }; -} diff --git a/nixos/hosts/common/optional/firefox.nix b/nixos/hosts/common/optional/firefox.nix deleted file mode 100644 index e15318c..0000000 --- a/nixos/hosts/common/optional/firefox.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ config -, pkgs -, lib -, ... -}: { - programs.firefox = { - enable = true; - }; -} diff --git a/nixos/hosts/common/optional/gnome.nix b/nixos/hosts/common/optional/gnome.nix deleted file mode 100644 index 5259b79..0000000 --- a/nixos/hosts/common/optional/gnome.nix +++ /dev/null @@ -1,68 +0,0 @@ -{ config -, pkgs -, lib -, ... -}: { - # Ref: https://nixos.wiki/wiki/GNOME - - # GNOME plz - services.xserver = { - enable = true; - displayManager = - { - gdm.enable = true; - defaultSession = "gnome"; # TODO move to config overlay - - autoLogin.enable = true; - autoLogin.user = "truxnell"; # TODO move to config overlay - }; - desktopManager = { - # GNOME - gnome.enable = true; - }; - - layout = "us"; # `localctl` will give you - }; - - # TODO remove this when possible - # workaround for GNOME autologin - # https://github.com/NixOS/nixpkgs/issues/103746#issuecomment-945091229 - systemd.services."getty@tty1".enable = false; - systemd.services."autovt@tty1".enable = false; - - # TODO tidy this - # port forward for GNOME when using RDP***REMOVED*** - - networking.firewall.allowedTCPPorts = [ - 3389 - ]; - - # And dconf - programs.dconf.enable = true; - - # https://github.com/NixOS/nixpkgs/issues/114514 - # dconf write /org/gnome/mutter/experimental-features "['scale-monitor-framebuffer']" TODO hack for GNOME 45 - - - # Exclude default GNOME packages that dont interest me. - environment.gnome.excludePackages = - (with pkgs; [ - gnome-photos - gnome-tour - ]) - ++ (with pkgs.gnome; [ - cheese # webcam tool - gnome-music - gnome-terminal - gedit # text editor - epiphany # web browser - geary # email reader - evince # document viewer - gnome-characters - totem # video player - tali # poker game - iagno # go game - hitori # sudoku game - atomix # puzzle game - ]); -} diff --git a/nixos/hosts/common/optional/maddy.nix b/nixos/hosts/common/optional/maddy.nix deleted file mode 100644 index 6043ae1..0000000 --- a/nixos/hosts/common/optional/maddy.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ inputs -, outputs -, config -, ... -}: { - # init secret - config.sops.secrets."system/mail/maddy/envFile" = { - sopsFile = ./maddy.sops.yaml; - owner = "maddy"; - group = "maddy"; - }; - - # Restart dnscrypt when secret changes - config.sops.secrets."system/mail/maddy/envFile".restartUnits = [ "maddy" ]; - - # - config.services.maddy = { - enable = true; - secrets = [ config.sops.secrets."system/mail/maddy/envFile".path ]; - config = builtins.readFile ./maddy.conf; - }; -} diff --git a/nixos/hosts/dns01/default.nix b/nixos/hosts/dns01/default.nix index e7cda43..dc87959 100644 --- a/nixos/hosts/dns01/default.nix +++ b/nixos/hosts/dns01/default.nix @@ -8,10 +8,15 @@ }: { imports = [ - ../common/optional/dnscrypt-proxy2.nix - ../common/optional/maddy.nix + ]; - mySystem.services.cfddns.enable = true; + + mySystem = { + services.maddy.enable = true; + services.dnscrypt-proxy.enable = true; + services.cfDdns.enable = true; + }; + networking.hostName = "dns01"; # Define your hostname. networking.useDHCP = lib.mkDefault true; diff --git a/nixos/hosts/rickenbacker/default.nix b/nixos/hosts/rickenbacker/default.nix index 3a99a2c..bafde50 100644 --- a/nixos/hosts/rickenbacker/default.nix +++ b/nixos/hosts/rickenbacker/default.nix @@ -5,15 +5,7 @@ }: { # hardware-configuration.nix is missing as I've abstracted out the parts - # into various areas like my global/hardware profiles, etc. - imports = [ - - # Common imports - ../common/optional/gnome.nix - ../common/optional/editors/vscode - ../common/optional/firefox.nix - - ]; + config.mySystem = { services.openssh.enable = true; security.wheelNeedsSudoPassword = false; diff --git a/nixos/modules/nixos/browser/default.nix b/nixos/modules/nixos/browser/default.nix new file mode 100644 index 0000000..1c7c3ee --- /dev/null +++ b/nixos/modules/nixos/browser/default.nix @@ -0,0 +1,5 @@ +{ + imports = [ + ./firefox.nix + ]; +} diff --git a/nixos/modules/nixos/browser/firefox.nix b/nixos/modules/nixos/browser/firefox.nix new file mode 100644 index 0000000..58b22a3 --- /dev/null +++ b/nixos/modules/nixos/browser/firefox.nix @@ -0,0 +1,22 @@ +{ lib +, config +, ... +}: + +with lib; +let + cfg = config.mySystem.browser.firefox; +in +{ + options.mySystem.browser.firefox.enable = mkEnableOption "Firefox"; + + config = mkIf cfg.enable { + + programs.firefox = { + enable = true; + }; + + }; + + +} diff --git a/nixos/modules/nixos/de/default.nix b/nixos/modules/nixos/de/default.nix new file mode 100644 index 0000000..6ce4870 --- /dev/null +++ b/nixos/modules/nixos/de/default.nix @@ -0,0 +1,6 @@ +{ + imports = [ + ./gnome.nix + + ]; +} diff --git a/nixos/modules/nixos/de/gnome.nix b/nixos/modules/nixos/de/gnome.nix new file mode 100644 index 0000000..9301423 --- /dev/null +++ b/nixos/modules/nixos/de/gnome.nix @@ -0,0 +1,81 @@ +{ lib +, config +, pkgs +, ... +}: + +with lib; +let + cfg = config.mySystem.de.gnome; +in +{ + options.mySystem.de.gnome.enable = mkEnableOption "GNOME"; + + config = mkIf cfg.enable { + + # Ref: https://nixos.wiki/wiki/GNOME + + # GNOME plz + services.xserver = { + enable = true; + displayManager = + { + gdm.enable = true; + defaultSession = "gnome"; # TODO move to config overlay + + autoLogin.enable = true; + autoLogin.user = "truxnell"; # TODO move to config overlay + }; + desktopManager = { + # GNOME + gnome.enable = true; + }; + + layout = "us"; # `localctl` will give you + }; + + # TODO remove this when possible + # workaround for GNOME autologin + # https://github.com/NixOS/nixpkgs/issues/103746#issuecomment-945091229 + systemd.services."getty@tty1".enable = false; + systemd.services."autovt@tty1".enable = false; + + # TODO tidy this + # port forward for GNOME when using RDP***REMOVED*** + + networking.firewall.allowedTCPPorts = [ + 3389 + ]; + + # And dconf + programs.dconf.enable = true; + + # https://github.com/NixOS/nixpkgs/issues/114514 + # dconf write /org/gnome/mutter/experimental-features "['scale-monitor-framebuffer']" TODO hack for GNOME 45 + + + # Exclude default GNOME packages that dont interest me. + environment.gnome.excludePackages = + (with pkgs; [ + gnome-photos + gnome-tour + ]) + ++ (with pkgs.gnome; [ + cheese # webcam tool + gnome-music + gnome-terminal + gedit # text editor + epiphany # web browser + geary # email reader + evince # document viewer + gnome-characters + totem # video player + tali # poker game + iagno # go game + hitori # sudoku game + atomix # puzzle game + ]); + }; + + +} diff --git a/nixos/modules/nixos/default.nix b/nixos/modules/nixos/default.nix index e1f6e80..08ba128 100644 --- a/nixos/modules/nixos/default.nix +++ b/nixos/modules/nixos/default.nix @@ -3,6 +3,9 @@ ./system ./programs ./services + ./browser + ./de + ./editor ]; } diff --git a/nixos/modules/nixos/editor/default.nix b/nixos/modules/nixos/editor/default.nix new file mode 100644 index 0000000..20df622 --- /dev/null +++ b/nixos/modules/nixos/editor/default.nix @@ -0,0 +1,6 @@ +{ + imports = [ + ./vscodium.nix + + ]; +} diff --git a/nixos/modules/nixos/editor/vscodium.nix b/nixos/modules/nixos/editor/vscodium.nix new file mode 100644 index 0000000..2e055bf --- /dev/null +++ b/nixos/modules/nixos/editor/vscodium.nix @@ -0,0 +1,154 @@ +{ lib +, config +, pkgs + +, ... +}: + +with lib; +let + cfg = config.mySystem.editor.vscodium; +in +{ + options.mySystem.editor.vscodium.enable = mkEnableOption "Vscodium"; + + config = mkIf cfg.enable { + + # TODO add USER settings.json + # Enable vscode & addons + environment.systemPackages = with pkgs; [ + (vscode-with-extensions.override { + vscode = vscodium; + vscodeExtensions = with vscode-extensions; + [ + bbenoist.nix + mkhl.direnv + + ] + ++ pkgs.vscode-utils.extensionsFromVscodeMarketplace [ + { + name = "prettier-vscode"; + publisher = "esbenp"; + version = "10.1.0"; + sha256 = "01s0vi2h917mqfpdrhqhp2ijwkibw95yk2js0l587wvajbbry2s9"; + } + + { + name = "vscode-docker"; + publisher = "ms-azuretools"; + version = "1.28.0"; + sha256 = "0nmc3pdgxpmr6k2ksdczkv9bbwszncfczik0xjympqnd2k0ra9h0"; + } + + { + name = "gitlens"; + publisher = "eamodio"; + version = "14.7.0"; + sha256 = "07f9fryaci8lsrdahgll5yhlzf5rhscpy1zd258hi211ymvkxlmy"; + } + + { + name = "remote-containers"; + publisher = "ms-vscode-remote"; + version = "0.327.0"; + sha256 = "0asswm55bx5gpz08cgpmgfvnb0494irj0gsvzx5nwknqfzpj07lz"; + } + + { + name = "remote-ssh"; + publisher = "ms-vscode-remote"; + version = "0.107.1"; + sha256 = "1q9xp8id9afhjx67zc7a61zb572f296apvdz305xd5v4brqd9xrf"; + } + + { + name = "vscode-yaml"; + publisher = "redhat"; + version = "1.14.0"; + sha256 = "0pww9qndd2vsizsibjsvscz9fbfx8srrj67x4vhmwr581q674944"; + } + + { + name = "todo-tree"; + publisher = "gruntfuggly"; + version = "0.0.226"; + sha256 = "0yrc9qbdk7zznd823bqs1g6n2i5xrda0f9a7349kknj9wp1mqgqn"; + } + + { + name = "path-autocomplete"; + publisher = "ionutvmi"; + version = "1.25.0"; + sha256 = "0jjqh3p456p1aafw1gl6xgxw4cqqzs3hssr74mdsmh77bjizcgcb"; + } + + { + name = "even-better-toml"; + publisher = "tamasfe"; + version = "0.19.2"; + sha256 = "0q9z98i446cc8bw1h1mvrddn3dnpnm2gwmzwv2s3fxdni2ggma14"; + } + + { + name = "linter"; + publisher = "fnando"; + version = "0.0.19"; + sha256 = "13bllbxd7sy4qlclh37qvvnjp1v13al11nskcf2a8pmnmj455v4g"; + } + + { + name = "catppuccin-vsc"; + publisher = "catppuccin"; + version = "3.11.0"; + sha256 = "12bzx1pv9pxbm08dhvl8pskpz1vg2whxmasl0qk2x54swa2rhi4d"; + } + + { + name = "catppuccin-vsc-icons"; + publisher = "catppuccin"; + version = "1.8.0"; + sha256 = "12sw9f00vnmppmvhwbamyjcap3acjs1f67mdmyv6ka52mav58z8z"; + } + + { + name = "nix-ide"; + publisher = "jnoortheen"; + version = "0.2.2"; + sha256 = "1264027sjh9a112si0y0p3pk3y36shj5b4qkpsj207z7lbxqq0wg"; + } + + { + name = "vscode-swissknife"; + publisher = "luisfontes19"; + version = "1.8.1"; + sha256 = "1rpk8zayzkn2kg4jjdd2fy6xl50kib71dqg73v46326cr4dwxa7c"; + } + + { + name = "pre-commit-helper"; + publisher = "elagil"; + version = "0.5.0"; + sha256 = "05cs1ndnha9dgv1ys23z81ajk300wpixqmks0lfmrj1zwyjg2wlj"; + } + + { + name = "sops-edit"; + publisher = "shipitsmarter"; + version = "1.0.0"; + sha256 = "0b2z9khiwrpf6gxdb9y315ayqkibvgixmvx82in5rlp8pndb6sq4"; + } + + { + name = "json5-for-vscode"; + publisher = "tudoudou"; + version = "0.0.3"; + sha256 = "1d1c18mr91ll5fsp0l0aszyi7nx0ad352ssm0fm40z81m4dmzm0w"; + } + ]; + }) + ]; + + }; + + +} diff --git a/nixos/modules/nixos/services/cloudflare-dyndns/default.nix b/nixos/modules/nixos/services/cloudflare-dyndns/default.nix index 40fe5ea..4334f3c 100644 --- a/nixos/modules/nixos/services/cloudflare-dyndns/default.nix +++ b/nixos/modules/nixos/services/cloudflare-dyndns/default.nix @@ -22,13 +22,13 @@ in # TODO add notifications on IP change # init secret - config.sops.secrets."system/networking/cloudflare-dyndns/apiTokenFile".sopsFile = ./cloudflare-dyndns.sops.yaml; + sops.secrets."system/networking/cloudflare-dyndns/apiTokenFile".sopsFile = ./cloudflare-dyndns.sops.yaml; # Restart when secret changes - config.sops.secrets."system/networking/cloudflare-dyndns/apiTokenFile".restartUnits = [ "cloudflare-dyndns" ]; + sops.secrets."system/networking/cloudflare-dyndns/apiTokenFile".restartUnits = [ "cloudflare-dyndns" ]; # Cloudflare dynamic dns to keep my DNS records pointed at home - config.services.cloudflare-dyndns = { + services.cloudflare-dyndns = { enable = true; ipv6 = false; proxied = true; diff --git a/nixos/modules/nixos/services/default.nix b/nixos/modules/nixos/services/default.nix index f9ea679..7871bb5 100644 --- a/nixos/modules/nixos/services/default.nix +++ b/nixos/modules/nixos/services/default.nix @@ -3,5 +3,7 @@ ./monitoring.nix ./reboot-required-check.nix ./cloudflare-dyndns + ./maddy + ./dnscrypt-proxy2 ]; } diff --git a/nixos/modules/nixos/services/dnscrypt-proxy2/default.nix b/nixos/modules/nixos/services/dnscrypt-proxy2/default.nix new file mode 100644 index 0000000..de96e6c --- /dev/null +++ b/nixos/modules/nixos/services/dnscrypt-proxy2/default.nix @@ -0,0 +1,48 @@ +{ lib +, config +, ... +}: + +with lib; +let + cfg = config.mySystem.services.dnscrypt-proxy; +in +{ + options.mySystem.services.dnscrypt-proxy.enable = mkEnableOption "Cloudflare ddns"; + + config = mkIf cfg.enable { + # Disable resolvd to ensure it doesnt re-write /etc/resolv.conf + services.resolved.enable = false; + + # Fix this devices DNS resolv.conf else resolvd will point it to dnscrypt + # causing a risk of no dns if service fails. + networking = { + nameservers = [ "10.8.10.1" ]; # TODO make varible IP + + dhcpcd.extraConfig = "nohook resolv.conf"; + }; + + # configure secret for forwarding rules + sops.secrets."system/networking/dnscrypt-proxy2/forwarding-rules".sopsFile = ./dnscrypt-proxy2.sops.yaml; + sops.secrets."system/networking/dnscrypt-proxy2/forwarding-rules".mode = "0444"; # This is world-readable but theres nothing security related in the file + + # Restart dnscrypt when secret changes + sops.secrets."system/networking/dnscrypt-proxy2/forwarding-rules".restartUnits = [ "dnscrypt-proxy2" ]; + + services.dnscrypt-proxy2 = { + enable = true; + settings = { + require_dnssec = true; + forwarding_rules = config.sops.secrets."system/networking/dnscrypt-proxy2/forwarding-rules".path; + listen_addresses = [ "0.0.0.0:53" ]; + server_names = [ "NextDNS" ]; + + static = { + "NextDNS" = { + stamp = "sdns://AgEAAAAAAAAAAAAOZG5zLm5leHRkbnMuaW8HL2Y2ZmUzNQ"; + }; + }; + }; + }; + }; +} diff --git a/nixos/hosts/common/optional/dnscrypt-proxy2.sops.yaml b/nixos/modules/nixos/services/dnscrypt-proxy2/dnscrypt-proxy2.sops.yaml similarity index 100% rename from nixos/hosts/common/optional/dnscrypt-proxy2.sops.yaml rename to nixos/modules/nixos/services/dnscrypt-proxy2/dnscrypt-proxy2.sops.yaml diff --git a/nixos/modules/nixos/services/maddy/default.nix b/nixos/modules/nixos/services/maddy/default.nix new file mode 100644 index 0000000..37cc87e --- /dev/null +++ b/nixos/modules/nixos/services/maddy/default.nix @@ -0,0 +1,30 @@ +{ lib +, config +, ... +}: + +with lib; +let + cfg = config.mySystem.services.maddy; +in +{ + options.mySystem.services.maddy.enable = mkEnableOption "Maddy SMTP Client (Relay)"; + + config = mkIf cfg.enable { + + sops.secrets."system/mail/maddy/envFile" = { + sopsFile = ./maddy.sops.yaml; + owner = "maddy"; + group = "maddy"; + }; + + sops.secrets."system/mail/maddy/envFile".restartUnits = [ "maddy" ]; + + services.maddy = { + enable = true; + secrets = [ config.sops.secrets."system/mail/maddy/envFile".path ]; + config = builtins.readFile ./maddy.conf; + }; + + }; +} diff --git a/nixos/hosts/common/optional/maddy.conf b/nixos/modules/nixos/services/maddy/maddy.conf similarity index 100% rename from nixos/hosts/common/optional/maddy.conf rename to nixos/modules/nixos/services/maddy/maddy.conf diff --git a/nixos/hosts/common/optional/maddy.sops.yaml b/nixos/modules/nixos/services/maddy/maddy.sops.yaml similarity index 100% rename from nixos/hosts/common/optional/maddy.sops.yaml rename to nixos/modules/nixos/services/maddy/maddy.sops.yaml diff --git a/nixos/profiles/role-worstation.nix b/nixos/profiles/role-worstation.nix index 12bb03d..909d6f2 100644 --- a/nixos/profiles/role-worstation.nix +++ b/nixos/profiles/role-worstation.nix @@ -3,16 +3,20 @@ # Covers desktops/laptops, expected to have a GUI and do worloads # Will have home-manager installs -with lib; +with config; { - config.boot = { + mySystem.de.gnome.enable = true; + mySystem.editor.vscodium.enable = true; + mySystem.browser.firefox.enable = true; + + boot = { binfmt.emulatedSystems = [ "aarch64-linux" ]; # Enabled for raspi4 compilation plymouth.enable = true; # hide console with splash screen }; - config.nix.settings = { + nix.settings = { # TODO factor out into mySystem # Avoid disk full issues max-free = lib.mkDefault (1000 * 1000 * 1000); @@ -20,7 +24,7 @@ with lib; }; # set xserver videodrivers if used - config.services.xserver.enable = true; + services.xserver.enable = true; # Laptop so ill likely use wireles # very likely to be set by GUI packages but lets