Browse Source

nixfmt

master
Yorick van Pelt 6 months ago
parent
commit
a688758401
Signed by: yorick GPG Key ID: D8D3CC6D951384DE
  1. 29
      bin/default.nix
  2. 31
      config.nix
  3. 3
      default.nix
  4. 4
      home-manager/home-manager.nix
  5. 472
      nix/.config/nixpkgs/home.nix
  6. 6
      nix/default.nix
  7. 227
      nix/sources.nix
  8. 30
      nixos/deploy/keys.nix
  9. 8
      nixos/logical/blackadder.nix
  10. 52
      nixos/logical/frumar.nix
  11. 8
      nixos/logical/jarvis.nix
  12. 50
      nixos/logical/pennyworth.nix
  13. 32
      nixos/logical/woodhouse.nix
  14. 114
      nixos/logical/zazu.nix
  15. 15
      nixos/modules/lumi-vpn.nix
  16. 38
      nixos/modules/muflax-blog.nix
  17. 35
      nixos/modules/nginx.nix
  18. 6
      nixos/modules/tor-hidden-service.nix
  19. 36
      nixos/overlay.nix
  20. 4
      nixos/packages/default.nix
  21. 6
      nixos/packages/yori-cc.nix
  22. 34
      nixos/physical/3950x-hardware-config.nix
  23. 24
      nixos/physical/3950x.nix
  24. 14
      nixos/physical/apu2c4.nix
  25. 4
      nixos/physical/default.nix
  26. 42
      nixos/physical/fractal.nix
  27. 21
      nixos/physical/hetznercloud.nix
  28. 40
      nixos/physical/nuc.nix
  29. 22
      nixos/physical/xps9360-hardware-config.nix
  30. 5
      nixos/physical/xps9360.nix
  31. 80
      nixos/roles/default.nix
  32. 4
      nixos/roles/graphical.nix
  33. 2
      nixos/roles/homeserver.nix
  34. 16
      nixos/roles/server.nix
  35. 42
      nixos/roles/workstation.nix
  36. BIN
      nixos/secrets.nix
  37. 20
      nixos/servers.nix
  38. 5
      nixos/services/backup.nix
  39. 9
      nixos/services/default.nix
  40. 10
      nixos/services/email.nix
  41. 10
      nixos/services/git.nix
  42. 40
      nixos/services/muflax-church.nix
  43. 6
      nixos/services/pub.nix
  44. 12
      nixos/services/torrent-wg.nix
  45. 29
      nixos/services/website.nix
  46. 8
      nixos/sshkeys.nix
  47. 10
      overlay.nix

29
bin/default.nix

@ -1,18 +1,21 @@
{ pkgs ? import <nixpkgs> {} }:
{ pkgs ? import <nixpkgs> { } }:
#{ writeScript ? pkgs.writeScript, lib ? pkgs.lib, stdenv ? pkgs.stdenv }:
with pkgs;
let
compileShell = src: buildInputs: name: stdenv.mkDerivation {
inherit name src;
buildInputs = buildInputs ++ [makeWrapper];
unpackPhase = "true";
installPhase = ''mkdir -p $out/bin && cp $src $out/bin/${name}
wrapProgram $out/bin/${name} --suffix PATH : ${lib.makeSearchPath "bin" buildInputs}
'';
};
compileShell = src: buildInputs: name:
stdenv.mkDerivation {
inherit name src;
buildInputs = buildInputs ++ [ makeWrapper ];
unpackPhase = "true";
installPhase = ''
mkdir -p $out/bin && cp $src $out/bin/${name}
wrapProgram $out/bin/${name} --suffix PATH : ${
lib.makeSearchPath "bin" buildInputs
}
'';
};
in lib.mapAttrs (k: f: f k) {
backup = compileShell ./backup.sh
(with pkgs; [utillinux duplicity]);
screenshot_public = compileShell ./screenshot_public.sh
(with pkgs; [scrot xclip rsync]);
backup = compileShell ./backup.sh (with pkgs; [ utillinux duplicity ]);
screenshot_public =
compileShell ./screenshot_public.sh (with pkgs; [ scrot xclip rsync ]);
}

31
config.nix

@ -1,17 +1,16 @@
let sources = import ./nix/sources.nix;
in
{
allowUnfree = true;
overlays = [
(import sources.nixpkgs-wayland)
(import sources.nixpkgs-mozilla)
(import sources.emacs-overlay)
(import ./nixos/overlay.nix)
(import ./nix/.config/nixpkgs/overlays/01-backports.nix)
(import ./nix/.config/nixpkgs/overlays/02-extrapkgs.nix)
(import ./nix/.config/nixpkgs/overlays/03-customizations.nix)
(import ./nix/.config/nixpkgs/overlays/04-combine.nix)
(import ./nix/.config/nixpkgs/overlays/05-envs.nix)
(import ./overlay.nix)
];
}
in {
allowUnfree = true;
overlays = [
(import sources.nixpkgs-wayland)
(import sources.nixpkgs-mozilla)
(import sources.emacs-overlay)
(import ./nixos/overlay.nix)
(import ./nix/.config/nixpkgs/overlays/01-backports.nix)
(import ./nix/.config/nixpkgs/overlays/02-extrapkgs.nix)
(import ./nix/.config/nixpkgs/overlays/03-customizations.nix)
(import ./nix/.config/nixpkgs/overlays/04-combine.nix)
(import ./nix/.config/nixpkgs/overlays/05-envs.nix)
(import ./overlay.nix)
];
}

3
default.nix

@ -1,3 +1,2 @@
let sources = import ./nix/sources.nix;
in
import sources.nixpkgs (import ./config.nix)
in import sources.nixpkgs (import ./config.nix)

4
home-manager/home-manager.nix

@ -1,3 +1 @@
let pkgs = import ../.;
in
pkgs.yorick.home
let pkgs = import ../.; in pkgs.yorick.home

472
nix/.config/nixpkgs/home.nix

@ -1,18 +1,17 @@
{ lib, config, options, pkgs, ... }:
let
bin = pkgs.callPackage /home/yorick/dotfiles/bin {};
dpi = 109;
font = {
__toString = self: "${self.name} ${self.size}";
name = "DejaVu Sans Mono";
bin = pkgs.callPackage /home/yorick/dotfiles/bin { };
dpi = 109;
font = {
__toString = self: "${self.name} ${self.size}";
name = "DejaVu Sans Mono";
size = "11";
};
y-firefox = pkgs.wrapFirefox pkgs.latest.firefox-beta-bin.unwrapped {
forceWayland = true;
browserName = "firefox";
};
in
{
in {
imports = [ ./arbtt.nix ./libinput-gestures.nix ];
nixpkgs = {
config.allowUnfree = true;
@ -36,41 +35,71 @@ in
emacs = {
enable = true;
package = pkgs.emacsPgtkGcc;
extraPackages = _: let
epkgs = pkgs.emacsPackagesFor pkgs.emacsPgtkGcc;
in (with epkgs.melpaPackages; [ reason-mode evil counsel ivy ivy-hydra swiper magit forge avy ]) ++ (with epkgs.melpaPackages; [
epkgs.undo-tree
epkgs.notmuch epkgs.rust-mode
company
projectile counsel-projectile
ggtags use-package org-bullets solarized-theme
evil-leader evil-surround #evil-magit
epkgs.evil-goggles epkgs.ox-mediawiki
nix-buffer which-key git-gutter-fringe
all-the-icons epkgs.org-cliplink
pandoc-mode markdown-mode interleave
org-ref haskell-mode request #intero
weechat s elixir-mode htmlize
linum-relative terraform-mode
direnv vue-mode solarized-theme
#wlrctl
(epkgs.melpaBuild {
pname = "nix-mode";
version = "1.4.0";
packageRequires = [ json-mode epkgs.mmm-mode company ];
recipe = pkgs.writeText "recipe" ''
(nix-mode
:repo "nixos/nix-mode" :fetcher github
:files ("nix*.el"))
'';
src = pkgs.fetchFromGitHub {
owner = "nixos";
repo = "nix-mode";
rev = "ddf091708b9069f1fe0979a7be4e719445eed918";
sha256 = "0s8ljr4d7kys2xqrhkvj75l7babvk60kxgy4vmyqfwj6xmcxi3ad";
};
})
]);
extraPackages = _:
let epkgs = pkgs.emacsPackagesFor pkgs.emacsPgtkGcc;
in (with epkgs.melpaPackages; [
reason-mode
evil
counsel
ivy
ivy-hydra
swiper
magit
forge
avy
]) ++ (with epkgs.melpaPackages; [
epkgs.undo-tree
epkgs.notmuch
epkgs.rust-mode
company
projectile
counsel-projectile
ggtags
use-package
org-bullets
solarized-theme
evil-leader
evil-surround # evil-magit
epkgs.evil-goggles
epkgs.ox-mediawiki
nix-buffer
which-key
git-gutter-fringe
all-the-icons
epkgs.org-cliplink
pandoc-mode
markdown-mode
interleave
org-ref
haskell-mode
request # intero
weechat
s
elixir-mode
htmlize
linum-relative
terraform-mode
direnv
vue-mode
solarized-theme
#wlrctl
(epkgs.melpaBuild {
pname = "nix-mode";
version = "1.4.0";
packageRequires = [ json-mode epkgs.mmm-mode company ];
recipe = pkgs.writeText "recipe" ''
(nix-mode
:repo "nixos/nix-mode" :fetcher github
:files ("nix*.el"))
'';
src = pkgs.fetchFromGitHub {
owner = "nixos";
repo = "nix-mode";
rev = "ddf091708b9069f1fe0979a7be4e719445eed918";
sha256 = "0s8ljr4d7kys2xqrhkvj75l7babvk60kxgy4vmyqfwj6xmcxi3ad";
};
})
]);
};
git = {
enable = true;
@ -81,9 +110,11 @@ in
extraConfig.help.autocorrect = 5;
extraConfig.push.default = "simple";
extraConfig.pull.ff = "only";
extraConfig."includeIf \"gitdir:~/serokell/\"".path = "~/serokell/.gitconfig";
extraConfig."includeIf \"gitdir:~/serokell/\"".path =
"~/serokell/.gitconfig";
aliases = {
lg = "log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit --date=relative";
lg =
"log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit --date=relative";
st = "status";
remotes = "remote -v";
branches = "branch -a";
@ -92,7 +123,8 @@ in
unstage = "reset -q HEAD --";
discard = "checkout --";
uncommit = "reset --mixed HEAD~";
graph = "log --graph -10 --branches --remotes --tags --format=format:'%Cgreen%h %Creset %<(75,trunc)%s (%cN, %cr) %Cred%d' --date-order ";
graph =
"log --graph -10 --branches --remotes --tags --format=format:'%Cgreen%h %Creset %<(75,trunc)%s (%cN, %cr) %Cred%d' --date-order ";
dad = "!curl https://icanhazdadjoke.com/ && git add";
};
};
@ -108,19 +140,50 @@ in
identityFile = "~/.ssh/id_rsa_pub";
identitiesOnly = true;
};
phassa = { hostname = "karpenoktem.nl"; port = 33933; };
phassa = {
hostname = "karpenoktem.nl";
port = 33933;
};
"jupiter.serokell.io" = jupiter;
jupiter = { hostname = "jupiter.serokell.io"; port = 17788; };
athena = { hostname = "athena.lumi.guide"; user = "yorick.van.pelt"; };
rpibuild3 = { hostname = "10.110.0.3"; user = "yorick.van.pelt"; port = 4222; };
styx = { hostname = "10.110.0.1"; user = "yorick.van.pelt"; port = 2233; };
"*.lumi.guide" = {
jupiter = {
hostname = "jupiter.serokell.io";
port = 17788;
};
athena = {
hostname = "athena.lumi.guide";
user = "yorick.van.pelt";
};
rpibuild3 = {
hostname = "10.110.0.3";
user = "yorick.van.pelt";
port = 4222;
};
styx = {
hostname = "10.110.0.1";
user = "yorick.van.pelt";
port = 2233;
};
"*.lumi.guide" = { user = "yorick.van.pelt"; };
nyx = {
hostname = "nyx.lumi.guide";
user = "yorick.van.pelt";
port = 2233;
};
zeus = {
hostname = "zeus.lumi.guide";
user = "yorick.van.pelt";
port = 2233;
};
ponos = {
hostname = "ponos.lumi.guide";
user = "yorick.van.pelt";
port = 2233;
};
medusa = {
hostname = "lumi.guide";
user = "yorick.van.pelt";
port = 2233;
};
nyx = { hostname = "nyx.lumi.guide"; user = "yorick.van.pelt"; port = 2233; };
zeus = { hostname = "zeus.lumi.guide"; user = "yorick.van.pelt"; port = 2233; };
ponos = { hostname = "ponos.lumi.guide"; user = "yorick.van.pelt"; port = 2233; };
medusa = { hostname = "lumi.guide"; user = "yorick.van.pelt"; port = 2233; };
# signs
"10.108.0.*" = {
user = "yorick.van.pelt";
@ -164,21 +227,21 @@ in
shellAliases = {
l = "ls";
ls = "exa";
nr = "nix repl \"<nixpkgs>\"";
nr = ''nix repl "<nixpkgs>"'';
nsp = "nix-shell -p";
};
interactiveShellInit = ''
function fuck -d "Correct your previous console command"
set -l fucked_up_command $history[1]
env TF_SHELL=fish TF_ALIAS=fuck PYTHONIOENCODING=utf-8 thefuck $fucked_up_command THEFUCK_ARGUMENT_PLACEHOLDER $argv | read -l unfucked_command
if [ "$unfucked_command" != "" ]
eval $unfucked_command
builtin history delete --exact --case-sensitive -- $fucked_up_command
builtin history merge ^ /dev/null
end
end
starship init fish | source
source ~/dotfiles/nr.fish
function fuck -d "Correct your previous console command"
set -l fucked_up_command $history[1]
env TF_SHELL=fish TF_ALIAS=fuck PYTHONIOENCODING=utf-8 thefuck $fucked_up_command THEFUCK_ARGUMENT_PLACEHOLDER $argv | read -l unfucked_command
if [ "$unfucked_command" != "" ]
eval $unfucked_command
builtin history delete --exact --case-sensitive -- $fucked_up_command
builtin history merge ^ /dev/null
end
end
starship init fish | source
source ~/dotfiles/nr.fish
'';
promptInit = "set fish_greeting";
};
@ -186,52 +249,52 @@ in
enable = true;
historyControl = [ "erasedups" "ignoredups" "ignorespace" ];
shellAliases = {
nr = "nix repl \"<nixpkgs>\"";
nr = ''nix repl "<nixpkgs>"'';
nsp = "nix-shell -p";
};
initExtra = ''
#eval $(thefuck --alias)
function fuck () {
TF_PYTHONIOENCODING=$PYTHONIOENCODING;
export TF_SHELL=bash;
export TF_ALIAS=fuck;
export TF_SHELL_ALIASES=$(alias);
export TF_HISTORY=$(fc -ln -10);
export PYTHONIOENCODING=utf-8;
TF_CMD=$(
thefuck THEFUCK_ARGUMENT_PLACEHOLDER $@
) && eval $TF_CMD;
unset TF_HISTORY;
export PYTHONIOENCODING=$TF_PYTHONIOENCODING;
history -s $TF_CMD;
}
# This script was automatically generated by the broot function
# More information can be found in https://github.com/Canop/broot
# This function starts broot and executes the command
# it produces, if any.
# It's needed because some shell commands, like `cd`,
# have no useful effect if executed in a subshell.
function br {
f=$(mktemp)
(
set +e
broot --outcmd "$f" "$@"
code=$?
if [ "$code" != 0 ]; then
rm -f "$f"
exit "$code"
fi
)
code=$?
if [ "$code" != 0 ]; then
return "$code"
fi
d=$(<"$f")
rm -f "$f"
eval "$d"
}
eval "$(starship init bash)"
'';
#eval $(thefuck --alias)
function fuck () {
TF_PYTHONIOENCODING=$PYTHONIOENCODING;
export TF_SHELL=bash;
export TF_ALIAS=fuck;
export TF_SHELL_ALIASES=$(alias);
export TF_HISTORY=$(fc -ln -10);
export PYTHONIOENCODING=utf-8;
TF_CMD=$(
thefuck THEFUCK_ARGUMENT_PLACEHOLDER $@
) && eval $TF_CMD;
unset TF_HISTORY;
export PYTHONIOENCODING=$TF_PYTHONIOENCODING;
history -s $TF_CMD;
}
# This script was automatically generated by the broot function
# More information can be found in https://github.com/Canop/broot
# This function starts broot and executes the command
# it produces, if any.
# It's needed because some shell commands, like `cd`,
# have no useful effect if executed in a subshell.
function br {
f=$(mktemp)
(
set +e
broot --outcmd "$f" "$@"
code=$?
if [ "$code" != 0 ]; then
rm -f "$f"
exit "$code"
fi
)
code=$?
if [ "$code" != 0 ]; then
return "$code"
fi
d=$(<"$f")
rm -f "$f"
eval "$d"
}
eval "$(starship init bash)"
'';
};
};
xresources.properties = {
@ -249,12 +312,18 @@ eval "$(starship init bash)"
# rev = "025ceddbddf55f2eb4ab40b05889148aab9699fc";
# sha256 = "0lxv37gmh38y9d3l8nbnsm1mskcv10g3i83j0kac0a2qmypv1k9f";
# } + "/Xresources.dark");
home.file.".emacs.d/init.el" = { source = (toString /home/yorick/dotfiles/emacs/.emacs.d/init.el); };
home.file.".emacs.d/init.el" = {
source = (toString /home/yorick/dotfiles/emacs/.emacs.d/init.el);
};
xdg.configFile."streamlink/config".text = ''
player = mpv --cache 2048
default-stream = best
'';
xdg.configFile."waybar" = { source = ./waybar; recursive = true; onChange = "systemctl --user restart waybar"; };
xdg.configFile."waybar" = {
source = ./waybar;
recursive = true;
onChange = "systemctl --user restart waybar";
};
programs.mako.enable = true;
services = {
lorri.enable = true;
@ -290,46 +359,55 @@ eval "$(starship init bash)"
fonts = [ (toString font) ];
window.border = 2;
floating.modifier = "Mod4";
keybindings = with pkgs; (builtins.head (builtins.head options.wayland.windowManager.sway.config.type.getSubModules).imports).options.keybindings.default //
(let exec = pkg: cmd: "exec --no-startup-id ${pkg}/bin/${cmd}"; mod = "Mod4"; in
{
"${mod}+Shift+c" = "kill";
"${mod}+j" = "focus left";
"${mod}+k" = "focus right";
"${mod}+d" = "layout toggle split";
"${mod}+i" = "exec --no-startup-id bash /home/yorick/dotfiles/bin/invert.sh";
#"${mod}+ctrl+l" = "exec --no-startup-id loginctl lock-session";
"${mod}+ctrl+l" = "exec --no-startup-id sleep 1s && pkill -USR1 swayidle";
"${mod}+Return" = "exec alacritty";
"${mod}+Escape" = "workspace back_and_forth";
"${mod}+0" = "workspace 10";
"${mod}+Shift+0" = "move container to workspace 10";
"${mod}+Shift+Left" = "move left";
"${mod}+Shift+Right" = "move right";
"${mod}+Shift+Up" = "move up";
"${mod}+Shift+Down" = "move down";
"${mod}+Ctrl+Right" = "move workspace to output right";
"${mod}+Ctrl+Left" = "move workspace to output left";
"${mod}+Ctrl+Up" = "move workspace to output up";
"${mod}+Ctrl+Down" = "move workspace to output down";
"XF86MonBrightnessUp" = exec light "light -A 5";
"XF86MonBrightnessDown" = exec light "light -U 5";
"ctrl+XF86MonBrightnessUp" = exec light "light -A 1";
"ctrl+XF86MonBrightnessDown" = exec light "light -U 1";
"XF86AudioLowerVolume" = exec alsaUtils "amixer set Master 1%-";
"XF86AudioRaiseVolume" = exec alsaUtils "amixer set Master 1%+";
"XF86AudioMute" = exec alsaUtils "amixer set Master toggle";
"${mod}+Shift+s" = exec bin.screenshot_public "screenshot_public";
"Print" = exec bin.screenshot_public "screenshot_public";
"${mod}+Shift+t" = "exec --no-startup-id /home/yorick/dotfiles/bin/toggle_solarized.sh";
"--locked ${mod}+x" = "exec /home/yorick/dotfiles/bin/docked.sh";
"${mod}+p" = "exec /home/yorick/dotfiles/bin/ala-fzf-pass.sh";
#"${mod}+p" = exec rofi-pass "rofi-pass";
"${mod}+e" = exec pkgs.wldash "wldash start-or-kill";
"--locked ${mod}+bracketleft" = "exec --no-startup-id /home/yorick/dotfiles/bin/sunplate.sh 0";
"--locked ${mod}+bracketright" = "exec --no-startup-id /home/yorick/dotfiles/bin/sunplate.sh 1";
});
keybindings = with pkgs;
(builtins.head (builtins.head
options.wayland.windowManager.sway.config.type.getSubModules).imports).options.keybindings.default
// (let
exec = pkg: cmd: "exec --no-startup-id ${pkg}/bin/${cmd}";
mod = "Mod4";
in {
"${mod}+Shift+c" = "kill";
"${mod}+j" = "focus left";
"${mod}+k" = "focus right";
"${mod}+d" = "layout toggle split";
"${mod}+i" =
"exec --no-startup-id bash /home/yorick/dotfiles/bin/invert.sh";
#"${mod}+ctrl+l" = "exec --no-startup-id loginctl lock-session";
"${mod}+ctrl+l" =
"exec --no-startup-id sleep 1s && pkill -USR1 swayidle";
"${mod}+Return" = "exec alacritty";
"${mod}+Escape" = "workspace back_and_forth";
"${mod}+0" = "workspace 10";
"${mod}+Shift+0" = "move container to workspace 10";
"${mod}+Shift+Left" = "move left";
"${mod}+Shift+Right" = "move right";
"${mod}+Shift+Up" = "move up";
"${mod}+Shift+Down" = "move down";
"${mod}+Ctrl+Right" = "move workspace to output right";
"${mod}+Ctrl+Left" = "move workspace to output left";
"${mod}+Ctrl+Up" = "move workspace to output up";
"${mod}+Ctrl+Down" = "move workspace to output down";
"XF86MonBrightnessUp" = exec light "light -A 5";
"XF86MonBrightnessDown" = exec light "light -U 5";
"ctrl+XF86MonBrightnessUp" = exec light "light -A 1";
"ctrl+XF86MonBrightnessDown" = exec light "light -U 1";
"XF86AudioLowerVolume" = exec alsaUtils "amixer set Master 1%-";
"XF86AudioRaiseVolume" = exec alsaUtils "amixer set Master 1%+";
"XF86AudioMute" = exec alsaUtils "amixer set Master toggle";
"${mod}+Shift+s" = exec bin.screenshot_public "screenshot_public";
"Print" = exec bin.screenshot_public "screenshot_public";
"${mod}+Shift+t" =
"exec --no-startup-id /home/yorick/dotfiles/bin/toggle_solarized.sh";
"--locked ${mod}+x" = "exec /home/yorick/dotfiles/bin/docked.sh";
"${mod}+p" = "exec /home/yorick/dotfiles/bin/ala-fzf-pass.sh";
#"${mod}+p" = exec rofi-pass "rofi-pass";
"${mod}+e" = exec pkgs.wldash "wldash start-or-kill";
"--locked ${mod}+bracketleft" =
"exec --no-startup-id /home/yorick/dotfiles/bin/sunplate.sh 0";
"--locked ${mod}+bracketright" =
"exec --no-startup-id /home/yorick/dotfiles/bin/sunplate.sh 1";
});
};
systemdIntegration = true;
extraConfig = ''
@ -370,33 +448,63 @@ eval "$(starship init bash)"
EDITOR = "emacsclient";
#GDK_BACKEND = "wayland";
TERMINAL = "alacritty";
QT_WAYLAND_DISABLE_WINDOWDECORATION="1";
QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
QT_QPA_PLATFORM = "wayland";
_JAVA_AWT_WM_NONREPARENTING = "1";
XCURSOR_THEME = "Adwaita";
XCURSOR_PATH = "${pkgs.gnome3.adwaita-icon-theme}/share/icons";
XDG_CURRENT_DESKTOP = "sway";
XDG_CURRENT_DESKTOP = "sway";
};
home.packages = with pkgs.envs; [
apps code de games pdf media misc scripts coins js
] ++ (with pkgs; [
github-cli libreoffice nix-tree virt-manager watchman
gnome3.gcr.out #alacritty
waybar slurp grim wl-clipboard
wldash gebaar-libinput
notmuch gmailieer afew
swaybg swayidle
swaylock broot starship
fd htop kcachegrind lm_sensors niv
nixfmt linuxPackages.perf pssh slack smartmontools vim waypipe xdg_utils
nix-top nix-diff
ltrace asciinema cargo minecraft
unzip
exa obs-studio-dmabuf obs-wlrobs
zoom-us
cachix eagle
y-firefox
]); # qtwayland
home.packages = with pkgs.envs;
[ apps code de games pdf media misc scripts coins js ] ++ (with pkgs; [
github-cli
libreoffice
nix-tree
virt-manager
watchman
gnome3.gcr.out # alacritty
waybar
slurp
grim
wl-clipboard
wldash
gebaar-libinput
notmuch
gmailieer
afew
swaybg
swayidle
swaylock
broot
starship
fd
htop
kcachegrind
lm_sensors
niv
nixfmt
linuxPackages.perf
pssh
slack
smartmontools
vim
waypipe
xdg_utils
nix-top
nix-diff
ltrace
asciinema
cargo
minecraft
unzip
exa
obs-studio-dmabuf
obs-wlrobs
zoom-us
cachix
eagle
y-firefox
]); # qtwayland
# programs.firefox = {
# enable = true;
# package = pkgs.wrapFirefox pkgs.firefox-unwrapped {
@ -409,11 +517,9 @@ eval "$(starship init bash)"
After = [ "graphical-session-pre.target" ];
PartOf = [ "graphical-session.target" ];
};
Install = {
WantedBy = [ "graphical-session.target" ];
};
Install = { WantedBy = [ "graphical-session.target" ]; };
Service = {
ExecStart = ''
${pkgs.waybar}/bin/waybar
@ -448,11 +554,9 @@ eval "$(starship init bash)"
After = [ "graphical-session-pre.target" ];
PartOf = [ "graphical-session.target" ];
};
Install = {
WantedBy = [ "graphical-session.target" ];
};
Install = { WantedBy = [ "graphical-session.target" ]; };
Service = {
ExecStart = ''
${pkgs.gebaar-libinput}/bin/gebaard

6
nix/default.nix

@ -1,4 +1,2 @@
let
sources = import /home/yorick/dotfiles/nix/sources.nix;
in
import sources.nixpkgs (import ./config.nix)
let sources = import /home/yorick/dotfiles/nix/sources.nix;
in import sources.nixpkgs (import ./config.nix)

227
nix/sources.nix

@ -7,42 +7,59 @@ let
#
fetch_file = pkgs: name: spec:
let
name' = sanitizeName name + "-src";
in
if spec.builtin or true then
builtins_fetchurl { inherit (spec) url sha256; name = name'; }
else
pkgs.fetchurl { inherit (spec) url sha256; name = name'; };
let name' = sanitizeName name + "-src";
in if spec.builtin or true then
builtins_fetchurl {
inherit (spec) url sha256;
name = name';
}
else
pkgs.fetchurl {
inherit (spec) url sha256;
name = name';
};
fetch_tarball = pkgs: name: spec:
let
name' = sanitizeName name + "-src";
in
if spec.builtin or true then
builtins_fetchTarball { name = name'; inherit (spec) url sha256; }
else
pkgs.fetchzip { name = name'; inherit (spec) url sha256; };
let name' = sanitizeName name + "-src";
in if spec.builtin or true then
builtins_fetchTarball {
name = name';
inherit (spec) url sha256;
}
else
pkgs.fetchzip {
name = name';
inherit (spec) url sha256;
};
fetch_git = name: spec:
let
ref =
if spec ? ref then spec.ref else
if spec ? branch then "refs/heads/${spec.branch}" else
if spec ? tag then "refs/tags/${spec.tag}" else
abort "In git source '${name}': Please specify `ref`, `tag` or `branch`!";
in
builtins.fetchGit { url = spec.repo; inherit (spec) rev; inherit ref; };
ref = if spec ? ref then
spec.ref
else if spec ? branch then
"refs/heads/${spec.branch}"
else if spec ? tag then
"refs/tags/${spec.tag}"
else
abort
"In git source '${name}': Please specify `ref`, `tag` or `branch`!";
in builtins.fetchGit {
url = spec.repo;
inherit (spec) rev;
inherit ref;
};
fetch_local = spec: spec.path;
fetch_builtin-tarball = name: throw
''[${name}] The niv type "builtin-tarball" is deprecated. You should instead use `builtin = true`.
$ niv modify ${name} -a type=tarball -a builtin=true'';
fetch_builtin-tarball = name:
throw ''
[${name}] The niv type "builtin-tarball" is deprecated. You should instead use `builtin = true`.
$ niv modify ${name} -a type=tarball -a builtin=true'';
fetch_builtin-url = name: throw
''[${name}] The niv type "builtin-url" will soon be deprecated. You should instead use `builtin = true`.
$ niv modify ${name} -a type=file -a builtin=true'';
fetch_builtin-url = name:
throw ''
[${name}] The niv type "builtin-url" will soon be deprecated. You should instead use `builtin = true`.
$ niv modify ${name} -a type=file -a builtin=true'';
#
# Various helpers
@ -50,72 +67,87 @@ let
# https://github.com/NixOS/nixpkgs/pull/83241/files#diff-c6f540a4f3bfa4b0e8b6bafd4cd54e8bR695
sanitizeName = name:
(
concatMapStrings (s: if builtins.isList s then "-" else s)
(
builtins.split "[^[:alnum:]+._?=-]+"
((x: builtins.elemAt (builtins.match "\\.*(.*)" x) 0) name)
)
);
(concatMapStrings (s: if builtins.isList s then "-" else s)
(builtins.split "[^[:alnum:]+._?=-]+"
((x: builtins.elemAt (builtins.match "\\.*(.*)" x) 0) name)));
# The set of packages used when specs are fetched using non-builtins.
mkPkgs = sources: system:
let
sourcesNixpkgs =
import (builtins_fetchTarball { inherit (sources.nixpkgs) url sha256; }) { inherit system; };
sourcesNixpkgs = import
(builtins_fetchTarball { inherit (sources.nixpkgs) url sha256; }) {
inherit system;
};
hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath;
hasThisAsNixpkgsPath = <nixpkgs> == ./.;
in
if builtins.hasAttr "nixpkgs" sources
then sourcesNixpkgs
else if hasNixpkgsPath && ! hasThisAsNixpkgsPath then
import <nixpkgs> {}
else
abort
''
Please specify either <nixpkgs> (through -I or NIX_PATH=nixpkgs=...) or
add a package called "nixpkgs" to your sources.json.
'';
in if builtins.hasAttr "nixpkgs" sources then
sourcesNixpkgs
else if hasNixpkgsPath && !hasThisAsNixpkgsPath then
import <nixpkgs> { }
else
abort ''
Please specify either <nixpkgs> (through -I or NIX_PATH=nixpkgs=...) or
add a package called "nixpkgs" to your sources.json.
'';
# The actual fetching function.
fetch = pkgs: name: spec:
if ! builtins.hasAttr "type" spec then
if !builtins.hasAttr "type" spec then
abort "ERROR: niv spec ${name} does not have a 'type' attribute"
else if spec.type == "file" then fetch_file pkgs name spec
else if spec.type == "tarball" then fetch_tarball pkgs name spec
else if spec.type == "git" then fetch_git name spec
else if spec.type == "local" then fetch_local spec
else if spec.type == "builtin-tarball" then fetch_builtin-tarball name
else if spec.type == "builtin-url" then fetch_builtin-url name
else if spec.type == "file" then
fetch_file pkgs name spec
else if spec.type == "tarball" then
fetch_tarball pkgs name spec
else if spec.type == "git" then
fetch_git name spec
else if spec.type == "local" then
fetch_local spec
else if spec.type == "builtin-tarball" then
fetch_builtin-tarball name
else if spec.type == "builtin-url" then
fetch_builtin-url name
else
abort "ERROR: niv spec ${name} has unknown type ${builtins.toJSON spec.type}";
abort
"ERROR: niv spec ${name} has unknown type ${builtins.toJSON spec.type}";
# If the environment variable NIV_OVERRIDE_${name} is set, then use
# the path directly as opposed to the fetched source.
replace = name: drv:
let
saneName = stringAsChars (c: if isNull (builtins.match "[a-zA-Z0-9]" c) then "_" else c) name;
saneName = stringAsChars
(c: if isNull (builtins.match "[a-zA-Z0-9]" c) then "_" else c) name;
ersatz = builtins.getEnv "NIV_OVERRIDE_${saneName}";
in
if ersatz == "" then drv else
# this turns the string into an actual Nix path (for both absolute and
# relative paths)
if builtins.substring 0 1 ersatz == "/" then /. + ersatz else /. + builtins.getEnv "PWD" + "/${ersatz}";
in if ersatz == "" then
drv
else
# this turns the string into an actual Nix path (for both absolute and
# relative paths)
if builtins.substring 0 1 ersatz == "/" then
/. + ersatz
else
/. + builtins.getEnv "PWD" + "/${ersatz}";
# Ports of functions for older nix versions
# a Nix version of mapAttrs if the built-in doesn't exist
mapAttrs = builtins.mapAttrs or (
f: set: with builtins;
listToAttrs (map (attr: { name = attr; value = f attr set.${attr}; }) (attrNames set))
);
mapAttrs = builtins.mapAttrs or (f: set:
with builtins;
listToAttrs (map (attr: {
name = attr;
value = f attr set.${attr};
}) (attrNames set)));
# https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/lists.nix#L295
range = first: last: if first > last then [] else builtins.genList (n: first + n) (last - first + 1);
range = first: last:
if first > last then
[ ]
else
builtins.genList (n: first + n) (last - first + 1);
# https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L257
stringToCharacters = s: map (p: builtins.substring p 1 s) (range 0 (builtins.stringLength s - 1));
stringToCharacters = s:
map (p: builtins.substring p 1 s) (range 0 (builtins.stringLength s - 1));
# https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L269
stringAsChars = f: s: concatStrings (map f (stringToCharacters s));
@ -123,46 +155,44 @@ let
concatStrings = builtins.concatStringsSep "";
# https://github.com/NixOS/nixpkgs/blob/8a9f58a375c401b96da862d969f66429def1d118/lib/attrsets.nix#L331
optionalAttrs = cond: as: if cond then as else {};
optionalAttrs = cond: as: if cond then as else { };
# fetchTarball version that is compatible between all the versions of Nix
builtins_fetchTarball = { url, name ? null, sha256 }@attrs:
let
inherit (builtins) lessThan nixVersion fetchTarball;
in
if lessThan nixVersion "1.12" then
fetchTarball ({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; }))
else
fetchTarball attrs;
let inherit (builtins) lessThan nixVersion fetchTarball;
in if lessThan nixVersion "1.12" then
fetchTarball
({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; }))
else
fetchTarball attrs;
# fetchurl version that is compatible between all the versions of Nix
builtins_fetchurl = { url, name ? null, sha256 }@attrs:
let
inherit (builtins) lessThan nixVersion fetchurl;
in
if lessThan nixVersion "1.12" then
fetchurl ({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; }))
else
fetchurl attrs;
let inherit (builtins) lessThan nixVersion fetchurl;
in if lessThan nixVersion "1.12" then
fetchurl
({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; }))
else
fetchurl attrs;
# Create the final "sources" from the config
mkSources = config:
mapAttrs (
name: spec:
if builtins.hasAttr "outPath" spec
then abort
"The values in sources.json should not have an 'outPath' attribute"
else
spec // { outPath = replace name (fetch config.pkgs name spec); }
) config.sources;
mapAttrs (name: spec:
if builtins.hasAttr "outPath" spec then
abort
"The values in sources.json should not have an 'outPath' attribute"
else
spec // { outPath = replace name (fetch config.pkgs name spec); })
config.sources;
# The "config" used by the fetchers
mkConfig =
{ sourcesFile ? if builtins.pathExists ./sources.json then ./sources.json else null
, sources ? if isNull sourcesFile then {} else builtins.fromJSON (builtins.readFile sourcesFile)
, system ? builtins.currentSystem
, pkgs ? mkPkgs sources system
}: rec {
mkConfig = { sourcesFile ?
if builtins.pathExists ./sources.json then ./sources.json else null
, sources ? if isNull sourcesFile then
{ }
else
builtins.fromJSON (builtins.readFile sourcesFile)
, system ? builtins.currentSystem, pkgs ? mkPkgs sources system }: rec {
# The sources, i.e. the attribute set of spec name to spec
inherit sources;
@ -170,5 +200,6 @@ let
inherit pkgs;
};
in
mkSources (mkConfig {}) // { __functor = _: settings: mkSources (mkConfig settings); }
in mkSources (mkConfig { }) // {
__functor = _: settings: mkSources (mkConfig settings);
}

30
nixos/deploy/keys.nix

@ -1,19 +1,23 @@
{ pkgs, lib, config, ... }:
with lib;
let cfg = config.deployment.keyys; in
{
options.deployment.keyys = mkOption { type = types.listOf types.path; default = []; };
let cfg = config.deployment.keyys;
in {
options.deployment.keyys = mkOption {
type = types.listOf types.path;
default = [ ];
};
options.deployment.keys-copy = mkOption { type = types.package; };
config = {
deployment.keys-copy = pkgs.writeShellScriptBin "copy-keys" (if cfg != [] then ''
set -e
ssh root@$1 "mkdir -p /root/keys"
scp ${concatMapStringsSep " " toString cfg} root@$1:/root/keys
echo "uploaded keys"
'' else ''
echo "no keys to upload"
'');
deployment.keys-copy = pkgs.writeShellScriptBin "copy-keys"
(if cfg != [ ] then ''
set -e
ssh root@$1 "mkdir -p /root/keys"
scp ${concatMapStringsSep " " toString cfg} root@$1:/root/keys
echo "uploaded keys"
'' else ''
echo "no keys to upload"
'');
};
}

8
nixos/logical/blackadder.nix

@ -1,9 +1,5 @@
{ config, pkgs, lib, ... }:
{
imports =
[ ../physical/3950x.nix
../roles/workstation.nix
];
{ config, pkgs, lib, ... }: {
imports = [ ../physical/3950x.nix ../roles/workstation.nix ];
nix.nixPath = [ "nixpkgs=${pkgs.path}" ];

52
nixos/logical/frumar.nix

@ -1,6 +1,5 @@
{ config, pkgs, lib, ... }:
{
imports = [
{ config, pkgs, lib, ... }: {
imports = [
../physical/fractal.nix
../roles/server.nix
../roles/homeserver.nix
@ -20,7 +19,9 @@
# };
boot.supportedFilesystems = [ "zfs" ];
services.yorick.torrent-vpn = {
enable = true; name = "mullvad-nl4"; namespace = "torrent";
enable = true;
name = "mullvad-nl4";
namespace = "torrent";
};
services.plex = {
enable = true;
@ -32,26 +33,28 @@
};
services.prometheus = {
enable = true;
extraFlags = [
"--web.enable-admin-api"
];
extraFlags = [ "--web.enable-admin-api" ];
# victoriametrics
remoteWrite = [ { url = "http://127.0.0.1:8428/api/v1/write"; } ];
scrapeConfigs = [ {
job_name = "smartmeter";
# prometheus doesn't support mdns :thinking_face:
static_configs = [ { targets = [ "192.168.178.30" ]; } ];
scrape_interval = "10s";
} {
job_name = "node";
static_configs = [ { targets = [ "localhost:9100" ]; } ];
# } {
# job_name = "unifi";
# static_configs = [ { targets = [ "localhost:9130" ]; } ];
} {
job_name = "thermometer";
static_configs = [ { targets = [ "192.168.178.21:8000" ]; } ];
}];
remoteWrite = [{ url = "http://127.0.0.1:8428/api/v1/write"; }];
scrapeConfigs = [
{
job_name = "smartmeter";
# prometheus doesn't support mdns :thinking_face:
static_configs = [{ targets = [ "192.168.178.30" ]; }];
scrape_interval = "10s";
}
{
job_name = "node";
static_configs = [{ targets = [ "localhost:9100" ]; }];
# } {
# job_name = "unifi";
# static_configs = [ { targets = [ "localhost:9130" ]; } ];
}
{
job_name = "thermometer";
static_configs = [{ targets = [ "192.168.178.21:8000" ]; }];
}
];
exporters.node.enable = true;
# exporters.unifi = {
# enable = true;
@ -81,7 +84,8 @@
AUTH_GOOGLE_ALLOW_SIGN_UP = "false";
};
};
systemd.services.grafana.serviceConfig.EnvironmentFile = "/root/keys/grafana.env";
systemd.services.grafana.serviceConfig.EnvironmentFile =
"/root/keys/grafana.env";
services.zfs = {
trim.enable = false; # no ssd's
autoScrub = {

8
nixos/logical/jarvis.nix

@ -1,9 +1,5 @@
{ config, pkgs, lib, ... }:
{
imports =
[ ../physical/xps9360.nix
../roles/workstation.nix
];
{ config, pkgs, lib, ... }: {
imports = [ ../physical/xps9360.nix ../roles/workstation.nix ];
system.stateVersion = "17.09";

50
nixos/logical/pennyworth.nix

@ -13,8 +13,7 @@ let
};
};
vpn = import ../vpn.nix;
in
{
in {
imports = [
../physical/hetznercloud.nix
../roles/server.nix
@ -24,20 +23,30 @@ in
];
system.stateVersion = "19.03";
services.nginx.enable = true;
services.yorick = {
public = { enable = true; vhost = "pub.yori.cc"; };
website = { enable = true; vhost = "yorickvanpelt.nl"; };
git = { enable = true; vhost = "git.yori.cc"; };
muflax-church = { enable = true; vhost = "muflax.church"; };
public = {
enable = true;
vhost = "pub.yori.cc";
};
website = {
enable = true;
vhost = "yorickvanpelt.nl";
};
git = {
enable = true;
vhost = "git.yori.cc";
};
muflax-church = {
enable = true;
vhost = "muflax.church";
};
};
services.muflax-blog = {
enable = true;
web-server = {
port = 9001;
};
web-server = { port = 9001; };
hidden-service = {
hostname = "muflax65ngodyewp.onion";
private_key = "/root/keys/http.muflax.key";
@ -52,12 +61,16 @@ in
forceSSL = true;
globalRedirect = "yorickvanpelt.nl";
};
"yorickvanpelt.nl".locations."/p1".return = "301 https://git.yori.cc/yorick/meterkast";
"yorickvanpelt.nl".locations."/p1".return =
"301 https://git.yori.cc/yorick/meterkast";
"grafana.yori.cc" = sslforward "http://${vpn.ips.frumar}:3000";
"ubiquiti.yori.cc" = sslforward "https://${vpn.ips.woodhouse}:8443";
"prometheus.yori.cc" = {
# only over vpn
listen = [ { addr = "10.209.0.1"; port = 80; } ];
listen = [{
addr = "10.209.0.1";
port = 80;
}];
locations."/".proxyPass = "http://10.209.0.3:9090";
};
"pub.yori.cc".locations."/muflax/".extraConfig = ''
@ -66,19 +79,20 @@ in
};
deployment.keyys = [ <yori-nix/keys/http.muflax.key> ];
networking.firewall.allowedUDPPorts = [ 31790 ]; # wg
networking.wireguard.interfaces.wg-y.peers =
lib.mkForce (lib.mapAttrsToList (machine: publicKey: {
networking.wireguard.interfaces.wg-y.peers = lib.mkForce (lib.mapAttrsToList
(machine: publicKey: {
inherit publicKey;
allowedIPs = [ "${vpn.ips.${machine}}/32" ];
}) vpn.keys);
services.prometheus.exporters.wireguard = {
enable = true;
};
services.prometheus.exporters.wireguard = { enable = true; };
networking.firewall.interfaces.wg-y.allowedTCPPorts = [ 9586 ];
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
environment.noXlibs = true;
users.users.yorick.packages = with pkgs; [
python2 sshfs-fuse weechat ripgrep
python2
sshfs-fuse
weechat
ripgrep
];
}

32
nixos/logical/woodhouse.nix

@ -1,18 +1,27 @@
{ config, pkgs, lib, ... }:
let
#secrets = import <secrets>;
mkFuseMount = device: opts: {
mkFuseMount = device: opts: {
# todo: "ServerAliveCountMax=3" "ServerAliveInterval=30"
device = "${pkgs.sshfsFuse}/bin/sshfs#${device}";
fsType = "fuse";
options = ["noauto" "x-systemd.automount" "_netdev" "users" "idmap=user"
"defaults" "allow_other" "transform_symlinks" "default_permissions"