From a688758401809d73a3e8a4712727cd164dfc5dec Mon Sep 17 00:00:00 2001 From: Yorick van Pelt Date: Sat, 29 May 2021 18:05:31 +0200 Subject: [PATCH] nixfmt --- bin/default.nix | 29 +- config.nix | 31 +- default.nix | 3 +- home-manager/home-manager.nix | 4 +- nix/.config/nixpkgs/home.nix | 472 +++++++++++++-------- nix/default.nix | 6 +- nix/sources.nix | 227 +++++----- nixos/deploy/keys.nix | 30 +- nixos/logical/blackadder.nix | 8 +- nixos/logical/frumar.nix | 52 +-- nixos/logical/jarvis.nix | 8 +- nixos/logical/pennyworth.nix | 50 ++- nixos/logical/woodhouse.nix | 32 +- nixos/logical/zazu.nix | 114 +++-- nixos/modules/lumi-vpn.nix | 15 +- nixos/modules/muflax-blog.nix | 38 +- nixos/modules/nginx.nix | 35 +- nixos/modules/tor-hidden-service.nix | 6 +- nixos/overlay.nix | 36 +- nixos/packages/default.nix | 4 +- nixos/packages/yori-cc.nix | 6 +- nixos/physical/3950x-hardware-config.nix | 34 +- nixos/physical/3950x.nix | 24 +- nixos/physical/apu2c4.nix | 14 +- nixos/physical/default.nix | 4 +- nixos/physical/fractal.nix | 42 +- nixos/physical/hetznercloud.nix | 21 +- nixos/physical/nuc.nix | 40 +- nixos/physical/xps9360-hardware-config.nix | 22 +- nixos/physical/xps9360.nix | 5 +- nixos/roles/default.nix | 80 ++-- nixos/roles/graphical.nix | 4 +- nixos/roles/homeserver.nix | 2 +- nixos/roles/server.nix | 16 +- nixos/roles/workstation.nix | 42 +- nixos/secrets.nix | Bin 974 -> 988 bytes nixos/servers.nix | 20 +- nixos/services/backup.nix | 5 +- nixos/services/default.nix | 9 +- nixos/services/email.nix | 10 +- nixos/services/git.nix | 10 +- nixos/services/muflax-church.nix | 40 +- nixos/services/pub.nix | 6 +- nixos/services/torrent-wg.nix | 12 +- nixos/services/website.nix | 29 +- nixos/sshkeys.nix | 8 +- overlay.nix | 10 +- 47 files changed, 957 insertions(+), 758 deletions(-) diff --git a/bin/default.nix b/bin/default.nix index a830558..fb77a68 100644 --- a/bin/default.nix +++ b/bin/default.nix @@ -1,18 +1,21 @@ -{ pkgs ? import {} }: +{ pkgs ? import { } }: #{ writeScript ? pkgs.writeScript, lib ? pkgs.lib, stdenv ? pkgs.stdenv }: with pkgs; let - compileShell = src: buildInputs: name: stdenv.mkDerivation { - inherit name src; - buildInputs = buildInputs ++ [makeWrapper]; - unpackPhase = "true"; - installPhase = ''mkdir -p $out/bin && cp $src $out/bin/${name} - wrapProgram $out/bin/${name} --suffix PATH : ${lib.makeSearchPath "bin" buildInputs} - ''; - }; + compileShell = src: buildInputs: name: + stdenv.mkDerivation { + inherit name src; + buildInputs = buildInputs ++ [ makeWrapper ]; + unpackPhase = "true"; + installPhase = '' + mkdir -p $out/bin && cp $src $out/bin/${name} + wrapProgram $out/bin/${name} --suffix PATH : ${ + lib.makeSearchPath "bin" buildInputs + } + ''; + }; in lib.mapAttrs (k: f: f k) { - backup = compileShell ./backup.sh - (with pkgs; [utillinux duplicity]); - screenshot_public = compileShell ./screenshot_public.sh - (with pkgs; [scrot xclip rsync]); + backup = compileShell ./backup.sh (with pkgs; [ utillinux duplicity ]); + screenshot_public = + compileShell ./screenshot_public.sh (with pkgs; [ scrot xclip rsync ]); } diff --git a/config.nix b/config.nix index 7f0c7d8..64ca54d 100644 --- a/config.nix +++ b/config.nix @@ -1,17 +1,16 @@ let sources = import ./nix/sources.nix; -in - { - allowUnfree = true; - overlays = [ - (import sources.nixpkgs-wayland) - (import sources.nixpkgs-mozilla) - (import sources.emacs-overlay) - (import ./nixos/overlay.nix) - (import ./nix/.config/nixpkgs/overlays/01-backports.nix) - (import ./nix/.config/nixpkgs/overlays/02-extrapkgs.nix) - (import ./nix/.config/nixpkgs/overlays/03-customizations.nix) - (import ./nix/.config/nixpkgs/overlays/04-combine.nix) - (import ./nix/.config/nixpkgs/overlays/05-envs.nix) - (import ./overlay.nix) - ]; - } +in { + allowUnfree = true; + overlays = [ + (import sources.nixpkgs-wayland) + (import sources.nixpkgs-mozilla) + (import sources.emacs-overlay) + (import ./nixos/overlay.nix) + (import ./nix/.config/nixpkgs/overlays/01-backports.nix) + (import ./nix/.config/nixpkgs/overlays/02-extrapkgs.nix) + (import ./nix/.config/nixpkgs/overlays/03-customizations.nix) + (import ./nix/.config/nixpkgs/overlays/04-combine.nix) + (import ./nix/.config/nixpkgs/overlays/05-envs.nix) + (import ./overlay.nix) + ]; +} diff --git a/default.nix b/default.nix index 8b0cf23..e9fdf76 100644 --- a/default.nix +++ b/default.nix @@ -1,3 +1,2 @@ let sources = import ./nix/sources.nix; -in -import sources.nixpkgs (import ./config.nix) +in import sources.nixpkgs (import ./config.nix) diff --git a/home-manager/home-manager.nix b/home-manager/home-manager.nix index 17143a7..1cd6f9b 100644 --- a/home-manager/home-manager.nix +++ b/home-manager/home-manager.nix @@ -1,3 +1 @@ -let pkgs = import ../.; -in -pkgs.yorick.home +let pkgs = import ../.; in pkgs.yorick.home diff --git a/nix/.config/nixpkgs/home.nix b/nix/.config/nixpkgs/home.nix index 4300721..2e74066 100644 --- a/nix/.config/nixpkgs/home.nix +++ b/nix/.config/nixpkgs/home.nix @@ -1,18 +1,17 @@ { lib, config, options, pkgs, ... }: let - bin = pkgs.callPackage /home/yorick/dotfiles/bin {}; -dpi = 109; -font = { - __toString = self: "${self.name} ${self.size}"; - name = "DejaVu Sans Mono"; + bin = pkgs.callPackage /home/yorick/dotfiles/bin { }; + dpi = 109; + font = { + __toString = self: "${self.name} ${self.size}"; + name = "DejaVu Sans Mono"; size = "11"; }; y-firefox = pkgs.wrapFirefox pkgs.latest.firefox-beta-bin.unwrapped { forceWayland = true; browserName = "firefox"; }; -in -{ +in { imports = [ ./arbtt.nix ./libinput-gestures.nix ]; nixpkgs = { config.allowUnfree = true; @@ -36,41 +35,71 @@ in emacs = { enable = true; package = pkgs.emacsPgtkGcc; - extraPackages = _: let - epkgs = pkgs.emacsPackagesFor pkgs.emacsPgtkGcc; - in (with epkgs.melpaPackages; [ reason-mode evil counsel ivy ivy-hydra swiper magit forge avy ]) ++ (with epkgs.melpaPackages; [ - epkgs.undo-tree - epkgs.notmuch epkgs.rust-mode - company - projectile counsel-projectile - ggtags use-package org-bullets solarized-theme - evil-leader evil-surround #evil-magit - epkgs.evil-goggles epkgs.ox-mediawiki - nix-buffer which-key git-gutter-fringe - all-the-icons epkgs.org-cliplink - pandoc-mode markdown-mode interleave - org-ref haskell-mode request #intero - weechat s elixir-mode htmlize - linum-relative terraform-mode - direnv vue-mode solarized-theme - #wlrctl - (epkgs.melpaBuild { - pname = "nix-mode"; - version = "1.4.0"; - packageRequires = [ json-mode epkgs.mmm-mode company ]; - recipe = pkgs.writeText "recipe" '' - (nix-mode - :repo "nixos/nix-mode" :fetcher github - :files ("nix*.el")) - ''; - src = pkgs.fetchFromGitHub { - owner = "nixos"; - repo = "nix-mode"; - rev = "ddf091708b9069f1fe0979a7be4e719445eed918"; - sha256 = "0s8ljr4d7kys2xqrhkvj75l7babvk60kxgy4vmyqfwj6xmcxi3ad"; - }; - }) - ]); + extraPackages = _: + let epkgs = pkgs.emacsPackagesFor pkgs.emacsPgtkGcc; + in (with epkgs.melpaPackages; [ + reason-mode + evil + counsel + ivy + ivy-hydra + swiper + magit + forge + avy + ]) ++ (with epkgs.melpaPackages; [ + epkgs.undo-tree + epkgs.notmuch + epkgs.rust-mode + company + projectile + counsel-projectile + ggtags + use-package + org-bullets + solarized-theme + evil-leader + evil-surround # evil-magit + epkgs.evil-goggles + epkgs.ox-mediawiki + nix-buffer + which-key + git-gutter-fringe + all-the-icons + epkgs.org-cliplink + pandoc-mode + markdown-mode + interleave + org-ref + haskell-mode + request # intero + weechat + s + elixir-mode + htmlize + linum-relative + terraform-mode + direnv + vue-mode + solarized-theme + #wlrctl + (epkgs.melpaBuild { + pname = "nix-mode"; + version = "1.4.0"; + packageRequires = [ json-mode epkgs.mmm-mode company ]; + recipe = pkgs.writeText "recipe" '' + (nix-mode + :repo "nixos/nix-mode" :fetcher github + :files ("nix*.el")) + ''; + src = pkgs.fetchFromGitHub { + owner = "nixos"; + repo = "nix-mode"; + rev = "ddf091708b9069f1fe0979a7be4e719445eed918"; + sha256 = "0s8ljr4d7kys2xqrhkvj75l7babvk60kxgy4vmyqfwj6xmcxi3ad"; + }; + }) + ]); }; git = { enable = true; @@ -81,9 +110,11 @@ in extraConfig.help.autocorrect = 5; extraConfig.push.default = "simple"; extraConfig.pull.ff = "only"; - extraConfig."includeIf \"gitdir:~/serokell/\"".path = "~/serokell/.gitconfig"; + extraConfig."includeIf \"gitdir:~/serokell/\"".path = + "~/serokell/.gitconfig"; aliases = { - lg = "log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit --date=relative"; + lg = + "log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit --date=relative"; st = "status"; remotes = "remote -v"; branches = "branch -a"; @@ -92,7 +123,8 @@ in unstage = "reset -q HEAD --"; discard = "checkout --"; uncommit = "reset --mixed HEAD~"; - graph = "log --graph -10 --branches --remotes --tags --format=format:'%Cgreen%h %Creset• %<(75,trunc)%s (%cN, %cr) %Cred%d' --date-order "; + graph = + "log --graph -10 --branches --remotes --tags --format=format:'%Cgreen%h %Creset• %<(75,trunc)%s (%cN, %cr) %Cred%d' --date-order "; dad = "!curl https://icanhazdadjoke.com/ && git add"; }; }; @@ -108,19 +140,50 @@ in identityFile = "~/.ssh/id_rsa_pub"; identitiesOnly = true; }; - phassa = { hostname = "karpenoktem.nl"; port = 33933; }; + phassa = { + hostname = "karpenoktem.nl"; + port = 33933; + }; "jupiter.serokell.io" = jupiter; - jupiter = { hostname = "jupiter.serokell.io"; port = 17788; }; - athena = { hostname = "athena.lumi.guide"; user = "yorick.van.pelt"; }; - rpibuild3 = { hostname = "10.110.0.3"; user = "yorick.van.pelt"; port = 4222; }; - styx = { hostname = "10.110.0.1"; user = "yorick.van.pelt"; port = 2233; }; - "*.lumi.guide" = { + jupiter = { + hostname = "jupiter.serokell.io"; + port = 17788; + }; + athena = { + hostname = "athena.lumi.guide"; user = "yorick.van.pelt"; }; - nyx = { hostname = "nyx.lumi.guide"; user = "yorick.van.pelt"; port = 2233; }; - zeus = { hostname = "zeus.lumi.guide"; user = "yorick.van.pelt"; port = 2233; }; - ponos = { hostname = "ponos.lumi.guide"; user = "yorick.van.pelt"; port = 2233; }; - medusa = { hostname = "lumi.guide"; user = "yorick.van.pelt"; port = 2233; }; + rpibuild3 = { + hostname = "10.110.0.3"; + user = "yorick.van.pelt"; + port = 4222; + }; + styx = { + hostname = "10.110.0.1"; + user = "yorick.van.pelt"; + port = 2233; + }; + "*.lumi.guide" = { user = "yorick.van.pelt"; }; + nyx = { + hostname = "nyx.lumi.guide"; + user = "yorick.van.pelt"; + port = 2233; + }; + zeus = { + hostname = "zeus.lumi.guide"; + user = "yorick.van.pelt"; + port = 2233; + }; + ponos = { + hostname = "ponos.lumi.guide"; + user = "yorick.van.pelt"; + port = 2233; + }; + medusa = { + hostname = "lumi.guide"; + user = "yorick.van.pelt"; + port = 2233; + }; # signs "10.108.0.*" = { user = "yorick.van.pelt"; @@ -164,21 +227,21 @@ in shellAliases = { l = "ls"; ls = "exa"; - nr = "nix repl \"\""; + nr = ''nix repl ""''; nsp = "nix-shell -p"; }; interactiveShellInit = '' - function fuck -d "Correct your previous console command" - set -l fucked_up_command $history[1] - env TF_SHELL=fish TF_ALIAS=fuck PYTHONIOENCODING=utf-8 thefuck $fucked_up_command THEFUCK_ARGUMENT_PLACEHOLDER $argv | read -l unfucked_command - if [ "$unfucked_command" != "" ] - eval $unfucked_command - builtin history delete --exact --case-sensitive -- $fucked_up_command - builtin history merge ^ /dev/null - end - end - starship init fish | source - source ~/dotfiles/nr.fish + function fuck -d "Correct your previous console command" + set -l fucked_up_command $history[1] + env TF_SHELL=fish TF_ALIAS=fuck PYTHONIOENCODING=utf-8 thefuck $fucked_up_command THEFUCK_ARGUMENT_PLACEHOLDER $argv | read -l unfucked_command + if [ "$unfucked_command" != "" ] + eval $unfucked_command + builtin history delete --exact --case-sensitive -- $fucked_up_command + builtin history merge ^ /dev/null + end + end + starship init fish | source + source ~/dotfiles/nr.fish ''; promptInit = "set fish_greeting"; }; @@ -186,52 +249,52 @@ in enable = true; historyControl = [ "erasedups" "ignoredups" "ignorespace" ]; shellAliases = { - nr = "nix repl \"\""; + nr = ''nix repl ""''; nsp = "nix-shell -p"; }; initExtra = '' - #eval $(thefuck --alias) - function fuck () { - TF_PYTHONIOENCODING=$PYTHONIOENCODING; - export TF_SHELL=bash; - export TF_ALIAS=fuck; - export TF_SHELL_ALIASES=$(alias); - export TF_HISTORY=$(fc -ln -10); - export PYTHONIOENCODING=utf-8; - TF_CMD=$( - thefuck THEFUCK_ARGUMENT_PLACEHOLDER $@ - ) && eval $TF_CMD; - unset TF_HISTORY; - export PYTHONIOENCODING=$TF_PYTHONIOENCODING; - history -s $TF_CMD; - } -# This script was automatically generated by the broot function -# More information can be found in https://github.com/Canop/broot -# This function starts broot and executes the command -# it produces, if any. -# It's needed because some shell commands, like `cd`, -# have no useful effect if executed in a subshell. -function br { - f=$(mktemp) - ( - set +e - broot --outcmd "$f" "$@" - code=$? - if [ "$code" != 0 ]; then - rm -f "$f" - exit "$code" - fi - ) - code=$? - if [ "$code" != 0 ]; then - return "$code" - fi - d=$(<"$f") - rm -f "$f" - eval "$d" -} -eval "$(starship init bash)" - ''; + #eval $(thefuck --alias) + function fuck () { + TF_PYTHONIOENCODING=$PYTHONIOENCODING; + export TF_SHELL=bash; + export TF_ALIAS=fuck; + export TF_SHELL_ALIASES=$(alias); + export TF_HISTORY=$(fc -ln -10); + export PYTHONIOENCODING=utf-8; + TF_CMD=$( + thefuck THEFUCK_ARGUMENT_PLACEHOLDER $@ + ) && eval $TF_CMD; + unset TF_HISTORY; + export PYTHONIOENCODING=$TF_PYTHONIOENCODING; + history -s $TF_CMD; + } + # This script was automatically generated by the broot function + # More information can be found in https://github.com/Canop/broot + # This function starts broot and executes the command + # it produces, if any. + # It's needed because some shell commands, like `cd`, + # have no useful effect if executed in a subshell. + function br { + f=$(mktemp) + ( + set +e + broot --outcmd "$f" "$@" + code=$? + if [ "$code" != 0 ]; then + rm -f "$f" + exit "$code" + fi + ) + code=$? + if [ "$code" != 0 ]; then + return "$code" + fi + d=$(<"$f") + rm -f "$f" + eval "$d" + } + eval "$(starship init bash)" + ''; }; }; xresources.properties = { @@ -249,12 +312,18 @@ eval "$(starship init bash)" # rev = "025ceddbddf55f2eb4ab40b05889148aab9699fc"; # sha256 = "0lxv37gmh38y9d3l8nbnsm1mskcv10g3i83j0kac0a2qmypv1k9f"; # } + "/Xresources.dark"); - home.file.".emacs.d/init.el" = { source = (toString /home/yorick/dotfiles/emacs/.emacs.d/init.el); }; + home.file.".emacs.d/init.el" = { + source = (toString /home/yorick/dotfiles/emacs/.emacs.d/init.el); + }; xdg.configFile."streamlink/config".text = '' player = mpv --cache 2048 default-stream = best ''; - xdg.configFile."waybar" = { source = ./waybar; recursive = true; onChange = "systemctl --user restart waybar"; }; + xdg.configFile."waybar" = { + source = ./waybar; + recursive = true; + onChange = "systemctl --user restart waybar"; + }; programs.mako.enable = true; services = { lorri.enable = true; @@ -290,46 +359,55 @@ eval "$(starship init bash)" fonts = [ (toString font) ]; window.border = 2; floating.modifier = "Mod4"; - keybindings = with pkgs; (builtins.head (builtins.head options.wayland.windowManager.sway.config.type.getSubModules).imports).options.keybindings.default // - (let exec = pkg: cmd: "exec --no-startup-id ${pkg}/bin/${cmd}"; mod = "Mod4"; in - { - "${mod}+Shift+c" = "kill"; - "${mod}+j" = "focus left"; - "${mod}+k" = "focus right"; - "${mod}+d" = "layout toggle split"; - "${mod}+i" = "exec --no-startup-id bash /home/yorick/dotfiles/bin/invert.sh"; - #"${mod}+ctrl+l" = "exec --no-startup-id loginctl lock-session"; - "${mod}+ctrl+l" = "exec --no-startup-id sleep 1s && pkill -USR1 swayidle"; - "${mod}+Return" = "exec alacritty"; - "${mod}+Escape" = "workspace back_and_forth"; - "${mod}+0" = "workspace 10"; - "${mod}+Shift+0" = "move container to workspace 10"; - "${mod}+Shift+Left" = "move left"; - "${mod}+Shift+Right" = "move right"; - "${mod}+Shift+Up" = "move up"; - "${mod}+Shift+Down" = "move down"; - "${mod}+Ctrl+Right" = "move workspace to output right"; - "${mod}+Ctrl+Left" = "move workspace to output left"; - "${mod}+Ctrl+Up" = "move workspace to output up"; - "${mod}+Ctrl+Down" = "move workspace to output down"; - - "XF86MonBrightnessUp" = exec light "light -A 5"; - "XF86MonBrightnessDown" = exec light "light -U 5"; - "ctrl+XF86MonBrightnessUp" = exec light "light -A 1"; - "ctrl+XF86MonBrightnessDown" = exec light "light -U 1"; - "XF86AudioLowerVolume" = exec alsaUtils "amixer set Master 1%-"; - "XF86AudioRaiseVolume" = exec alsaUtils "amixer set Master 1%+"; - "XF86AudioMute" = exec alsaUtils "amixer set Master toggle"; - "${mod}+Shift+s" = exec bin.screenshot_public "screenshot_public"; - "Print" = exec bin.screenshot_public "screenshot_public"; - "${mod}+Shift+t" = "exec --no-startup-id /home/yorick/dotfiles/bin/toggle_solarized.sh"; - "--locked ${mod}+x" = "exec /home/yorick/dotfiles/bin/docked.sh"; - "${mod}+p" = "exec /home/yorick/dotfiles/bin/ala-fzf-pass.sh"; - #"${mod}+p" = exec rofi-pass "rofi-pass"; - "${mod}+e" = exec pkgs.wldash "wldash start-or-kill"; - "--locked ${mod}+bracketleft" = "exec --no-startup-id /home/yorick/dotfiles/bin/sunplate.sh 0"; - "--locked ${mod}+bracketright" = "exec --no-startup-id /home/yorick/dotfiles/bin/sunplate.sh 1"; - }); + keybindings = with pkgs; + (builtins.head (builtins.head + options.wayland.windowManager.sway.config.type.getSubModules).imports).options.keybindings.default + // (let + exec = pkg: cmd: "exec --no-startup-id ${pkg}/bin/${cmd}"; + mod = "Mod4"; + in { + "${mod}+Shift+c" = "kill"; + "${mod}+j" = "focus left"; + "${mod}+k" = "focus right"; + "${mod}+d" = "layout toggle split"; + "${mod}+i" = + "exec --no-startup-id bash /home/yorick/dotfiles/bin/invert.sh"; + #"${mod}+ctrl+l" = "exec --no-startup-id loginctl lock-session"; + "${mod}+ctrl+l" = + "exec --no-startup-id sleep 1s && pkill -USR1 swayidle"; + "${mod}+Return" = "exec alacritty"; + "${mod}+Escape" = "workspace back_and_forth"; + "${mod}+0" = "workspace 10"; + "${mod}+Shift+0" = "move container to workspace 10"; + "${mod}+Shift+Left" = "move left"; + "${mod}+Shift+Right" = "move right"; + "${mod}+Shift+Up" = "move up"; + "${mod}+Shift+Down" = "move down"; + "${mod}+Ctrl+Right" = "move workspace to output right"; + "${mod}+Ctrl+Left" = "move workspace to output left"; + "${mod}+Ctrl+Up" = "move workspace to output up"; + "${mod}+Ctrl+Down" = "move workspace to output down"; + + "XF86MonBrightnessUp" = exec light "light -A 5"; + "XF86MonBrightnessDown" = exec light "light -U 5"; + "ctrl+XF86MonBrightnessUp" = exec light "light -A 1"; + "ctrl+XF86MonBrightnessDown" = exec light "light -U 1"; + "XF86AudioLowerVolume" = exec alsaUtils "amixer set Master 1%-"; + "XF86AudioRaiseVolume" = exec alsaUtils "amixer set Master 1%+"; + "XF86AudioMute" = exec alsaUtils "amixer set Master toggle"; + "${mod}+Shift+s" = exec bin.screenshot_public "screenshot_public"; + "Print" = exec bin.screenshot_public "screenshot_public"; + "${mod}+Shift+t" = + "exec --no-startup-id /home/yorick/dotfiles/bin/toggle_solarized.sh"; + "--locked ${mod}+x" = "exec /home/yorick/dotfiles/bin/docked.sh"; + "${mod}+p" = "exec /home/yorick/dotfiles/bin/ala-fzf-pass.sh"; + #"${mod}+p" = exec rofi-pass "rofi-pass"; + "${mod}+e" = exec pkgs.wldash "wldash start-or-kill"; + "--locked ${mod}+bracketleft" = + "exec --no-startup-id /home/yorick/dotfiles/bin/sunplate.sh 0"; + "--locked ${mod}+bracketright" = + "exec --no-startup-id /home/yorick/dotfiles/bin/sunplate.sh 1"; + }); }; systemdIntegration = true; extraConfig = '' @@ -370,33 +448,63 @@ eval "$(starship init bash)" EDITOR = "emacsclient"; #GDK_BACKEND = "wayland"; TERMINAL = "alacritty"; - QT_WAYLAND_DISABLE_WINDOWDECORATION="1"; + QT_WAYLAND_DISABLE_WINDOWDECORATION = "1"; QT_QPA_PLATFORM = "wayland"; _JAVA_AWT_WM_NONREPARENTING = "1"; XCURSOR_THEME = "Adwaita"; XCURSOR_PATH = "${pkgs.gnome3.adwaita-icon-theme}/share/icons"; - XDG_CURRENT_DESKTOP = "sway"; + XDG_CURRENT_DESKTOP = "sway"; }; - home.packages = with pkgs.envs; [ - apps code de games pdf media misc scripts coins js - ] ++ (with pkgs; [ - github-cli libreoffice nix-tree virt-manager watchman - gnome3.gcr.out #alacritty - waybar slurp grim wl-clipboard - wldash gebaar-libinput - notmuch gmailieer afew - swaybg swayidle - swaylock broot starship - fd htop kcachegrind lm_sensors niv - nixfmt linuxPackages.perf pssh slack smartmontools vim waypipe xdg_utils - nix-top nix-diff - ltrace asciinema cargo minecraft - unzip - exa obs-studio-dmabuf obs-wlrobs - zoom-us - cachix eagle - y-firefox - ]); # qtwayland + home.packages = with pkgs.envs; + [ apps code de games pdf media misc scripts coins js ] ++ (with pkgs; [ + github-cli + libreoffice + nix-tree + virt-manager + watchman + gnome3.gcr.out # alacritty + waybar + slurp + grim + wl-clipboard + wldash + gebaar-libinput + notmuch + gmailieer + afew + swaybg + swayidle + swaylock + broot + starship + fd + htop + kcachegrind + lm_sensors + niv + nixfmt + linuxPackages.perf + pssh + slack + smartmontools + vim + waypipe + xdg_utils + nix-top + nix-diff + ltrace + asciinema + cargo + minecraft + unzip + exa + obs-studio-dmabuf + obs-wlrobs + zoom-us + cachix + eagle + y-firefox + ]); # qtwayland # programs.firefox = { # enable = true; # package = pkgs.wrapFirefox pkgs.firefox-unwrapped { @@ -409,11 +517,9 @@ eval "$(starship init bash)" After = [ "graphical-session-pre.target" ]; PartOf = [ "graphical-session.target" ]; }; - - Install = { - WantedBy = [ "graphical-session.target" ]; - }; - + + Install = { WantedBy = [ "graphical-session.target" ]; }; + Service = { ExecStart = '' ${pkgs.waybar}/bin/waybar @@ -448,11 +554,9 @@ eval "$(starship init bash)" After = [ "graphical-session-pre.target" ]; PartOf = [ "graphical-session.target" ]; }; - - Install = { - WantedBy = [ "graphical-session.target" ]; - }; - + + Install = { WantedBy = [ "graphical-session.target" ]; }; + Service = { ExecStart = '' ${pkgs.gebaar-libinput}/bin/gebaard diff --git a/nix/default.nix b/nix/default.nix index cd8ec90..80349e0 100644 --- a/nix/default.nix +++ b/nix/default.nix @@ -1,4 +1,2 @@ -let - sources = import /home/yorick/dotfiles/nix/sources.nix; -in -import sources.nixpkgs (import ./config.nix) +let sources = import /home/yorick/dotfiles/nix/sources.nix; +in import sources.nixpkgs (import ./config.nix) diff --git a/nix/sources.nix b/nix/sources.nix index 1938409..b54826a 100644 --- a/nix/sources.nix +++ b/nix/sources.nix @@ -7,42 +7,59 @@ let # fetch_file = pkgs: name: spec: - let - name' = sanitizeName name + "-src"; - in - if spec.builtin or true then - builtins_fetchurl { inherit (spec) url sha256; name = name'; } - else - pkgs.fetchurl { inherit (spec) url sha256; name = name'; }; + let name' = sanitizeName name + "-src"; + in if spec.builtin or true then + builtins_fetchurl { + inherit (spec) url sha256; + name = name'; + } + else + pkgs.fetchurl { + inherit (spec) url sha256; + name = name'; + }; fetch_tarball = pkgs: name: spec: - let - name' = sanitizeName name + "-src"; - in - if spec.builtin or true then - builtins_fetchTarball { name = name'; inherit (spec) url sha256; } - else - pkgs.fetchzip { name = name'; inherit (spec) url sha256; }; + let name' = sanitizeName name + "-src"; + in if spec.builtin or true then + builtins_fetchTarball { + name = name'; + inherit (spec) url sha256; + } + else + pkgs.fetchzip { + name = name'; + inherit (spec) url sha256; + }; fetch_git = name: spec: let - ref = - if spec ? ref then spec.ref else - if spec ? branch then "refs/heads/${spec.branch}" else - if spec ? tag then "refs/tags/${spec.tag}" else - abort "In git source '${name}': Please specify `ref`, `tag` or `branch`!"; - in - builtins.fetchGit { url = spec.repo; inherit (spec) rev; inherit ref; }; + ref = if spec ? ref then + spec.ref + else if spec ? branch then + "refs/heads/${spec.branch}" + else if spec ? tag then + "refs/tags/${spec.tag}" + else + abort + "In git source '${name}': Please specify `ref`, `tag` or `branch`!"; + in builtins.fetchGit { + url = spec.repo; + inherit (spec) rev; + inherit ref; + }; fetch_local = spec: spec.path; - fetch_builtin-tarball = name: throw - ''[${name}] The niv type "builtin-tarball" is deprecated. You should instead use `builtin = true`. - $ niv modify ${name} -a type=tarball -a builtin=true''; + fetch_builtin-tarball = name: + throw '' + [${name}] The niv type "builtin-tarball" is deprecated. You should instead use `builtin = true`. + $ niv modify ${name} -a type=tarball -a builtin=true''; - fetch_builtin-url = name: throw - ''[${name}] The niv type "builtin-url" will soon be deprecated. You should instead use `builtin = true`. - $ niv modify ${name} -a type=file -a builtin=true''; + fetch_builtin-url = name: + throw '' + [${name}] The niv type "builtin-url" will soon be deprecated. You should instead use `builtin = true`. + $ niv modify ${name} -a type=file -a builtin=true''; # # Various helpers @@ -50,72 +67,87 @@ let # https://github.com/NixOS/nixpkgs/pull/83241/files#diff-c6f540a4f3bfa4b0e8b6bafd4cd54e8bR695 sanitizeName = name: - ( - concatMapStrings (s: if builtins.isList s then "-" else s) - ( - builtins.split "[^[:alnum:]+._?=-]+" - ((x: builtins.elemAt (builtins.match "\\.*(.*)" x) 0) name) - ) - ); + (concatMapStrings (s: if builtins.isList s then "-" else s) + (builtins.split "[^[:alnum:]+._?=-]+" + ((x: builtins.elemAt (builtins.match "\\.*(.*)" x) 0) name))); # The set of packages used when specs are fetched using non-builtins. mkPkgs = sources: system: let - sourcesNixpkgs = - import (builtins_fetchTarball { inherit (sources.nixpkgs) url sha256; }) { inherit system; }; + sourcesNixpkgs = import + (builtins_fetchTarball { inherit (sources.nixpkgs) url sha256; }) { + inherit system; + }; hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath; hasThisAsNixpkgsPath = == ./.; - in - if builtins.hasAttr "nixpkgs" sources - then sourcesNixpkgs - else if hasNixpkgsPath && ! hasThisAsNixpkgsPath then - import {} - else - abort - '' - Please specify either (through -I or NIX_PATH=nixpkgs=...) or - add a package called "nixpkgs" to your sources.json. - ''; + in if builtins.hasAttr "nixpkgs" sources then + sourcesNixpkgs + else if hasNixpkgsPath && !hasThisAsNixpkgsPath then + import { } + else + abort '' + Please specify either (through -I or NIX_PATH=nixpkgs=...) or + add a package called "nixpkgs" to your sources.json. + ''; # The actual fetching function. fetch = pkgs: name: spec: - if ! builtins.hasAttr "type" spec then + if !builtins.hasAttr "type" spec then abort "ERROR: niv spec ${name} does not have a 'type' attribute" - else if spec.type == "file" then fetch_file pkgs name spec - else if spec.type == "tarball" then fetch_tarball pkgs name spec - else if spec.type == "git" then fetch_git name spec - else if spec.type == "local" then fetch_local spec - else if spec.type == "builtin-tarball" then fetch_builtin-tarball name - else if spec.type == "builtin-url" then fetch_builtin-url name + else if spec.type == "file" then + fetch_file pkgs name spec + else if spec.type == "tarball" then + fetch_tarball pkgs name spec + else if spec.type == "git" then + fetch_git name spec + else if spec.type == "local" then + fetch_local spec + else if spec.type == "builtin-tarball" then + fetch_builtin-tarball name + else if spec.type == "builtin-url" then + fetch_builtin-url name else - abort "ERROR: niv spec ${name} has unknown type ${builtins.toJSON spec.type}"; + abort + "ERROR: niv spec ${name} has unknown type ${builtins.toJSON spec.type}"; # If the environment variable NIV_OVERRIDE_${name} is set, then use # the path directly as opposed to the fetched source. replace = name: drv: let - saneName = stringAsChars (c: if isNull (builtins.match "[a-zA-Z0-9]" c) then "_" else c) name; + saneName = stringAsChars + (c: if isNull (builtins.match "[a-zA-Z0-9]" c) then "_" else c) name; ersatz = builtins.getEnv "NIV_OVERRIDE_${saneName}"; - in - if ersatz == "" then drv else - # this turns the string into an actual Nix path (for both absolute and - # relative paths) - if builtins.substring 0 1 ersatz == "/" then /. + ersatz else /. + builtins.getEnv "PWD" + "/${ersatz}"; + in if ersatz == "" then + drv + else + # this turns the string into an actual Nix path (for both absolute and + # relative paths) + if builtins.substring 0 1 ersatz == "/" then + /. + ersatz + else + /. + builtins.getEnv "PWD" + "/${ersatz}"; # Ports of functions for older nix versions # a Nix version of mapAttrs if the built-in doesn't exist - mapAttrs = builtins.mapAttrs or ( - f: set: with builtins; - listToAttrs (map (attr: { name = attr; value = f attr set.${attr}; }) (attrNames set)) - ); + mapAttrs = builtins.mapAttrs or (f: set: + with builtins; + listToAttrs (map (attr: { + name = attr; + value = f attr set.${attr}; + }) (attrNames set))); # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/lists.nix#L295 - range = first: last: if first > last then [] else builtins.genList (n: first + n) (last - first + 1); + range = first: last: + if first > last then + [ ] + else + builtins.genList (n: first + n) (last - first + 1); # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L257 - stringToCharacters = s: map (p: builtins.substring p 1 s) (range 0 (builtins.stringLength s - 1)); + stringToCharacters = s: + map (p: builtins.substring p 1 s) (range 0 (builtins.stringLength s - 1)); # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L269 stringAsChars = f: s: concatStrings (map f (stringToCharacters s)); @@ -123,46 +155,44 @@ let concatStrings = builtins.concatStringsSep ""; # https://github.com/NixOS/nixpkgs/blob/8a9f58a375c401b96da862d969f66429def1d118/lib/attrsets.nix#L331 - optionalAttrs = cond: as: if cond then as else {}; + optionalAttrs = cond: as: if cond then as else { }; # fetchTarball version that is compatible between all the versions of Nix builtins_fetchTarball = { url, name ? null, sha256 }@attrs: - let - inherit (builtins) lessThan nixVersion fetchTarball; - in - if lessThan nixVersion "1.12" then - fetchTarball ({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; })) - else - fetchTarball attrs; + let inherit (builtins) lessThan nixVersion fetchTarball; + in if lessThan nixVersion "1.12" then + fetchTarball + ({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; })) + else + fetchTarball attrs; # fetchurl version that is compatible between all the versions of Nix builtins_fetchurl = { url, name ? null, sha256 }@attrs: - let - inherit (builtins) lessThan nixVersion fetchurl; - in - if lessThan nixVersion "1.12" then - fetchurl ({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; })) - else - fetchurl attrs; + let inherit (builtins) lessThan nixVersion fetchurl; + in if lessThan nixVersion "1.12" then + fetchurl + ({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; })) + else + fetchurl attrs; # Create the final "sources" from the config mkSources = config: - mapAttrs ( - name: spec: - if builtins.hasAttr "outPath" spec - then abort - "The values in sources.json should not have an 'outPath' attribute" - else - spec // { outPath = replace name (fetch config.pkgs name spec); } - ) config.sources; + mapAttrs (name: spec: + if builtins.hasAttr "outPath" spec then + abort + "The values in sources.json should not have an 'outPath' attribute" + else + spec // { outPath = replace name (fetch config.pkgs name spec); }) + config.sources; # The "config" used by the fetchers - mkConfig = - { sourcesFile ? if builtins.pathExists ./sources.json then ./sources.json else null - , sources ? if isNull sourcesFile then {} else builtins.fromJSON (builtins.readFile sourcesFile) - , system ? builtins.currentSystem - , pkgs ? mkPkgs sources system - }: rec { + mkConfig = { sourcesFile ? + if builtins.pathExists ./sources.json then ./sources.json else null + , sources ? if isNull sourcesFile then + { } + else + builtins.fromJSON (builtins.readFile sourcesFile) + , system ? builtins.currentSystem, pkgs ? mkPkgs sources system }: rec { # The sources, i.e. the attribute set of spec name to spec inherit sources; @@ -170,5 +200,6 @@ let inherit pkgs; }; -in -mkSources (mkConfig {}) // { __functor = _: settings: mkSources (mkConfig settings); } +in mkSources (mkConfig { }) // { + __functor = _: settings: mkSources (mkConfig settings); +} diff --git a/nixos/deploy/keys.nix b/nixos/deploy/keys.nix index 55febbe..e295f13 100644 --- a/nixos/deploy/keys.nix +++ b/nixos/deploy/keys.nix @@ -1,19 +1,23 @@ { pkgs, lib, config, ... }: with lib; -let cfg = config.deployment.keyys; in -{ - options.deployment.keyys = mkOption { type = types.listOf types.path; default = []; }; +let cfg = config.deployment.keyys; +in { + options.deployment.keyys = mkOption { + type = types.listOf types.path; + default = [ ]; + }; options.deployment.keys-copy = mkOption { type = types.package; }; config = { - deployment.keys-copy = pkgs.writeShellScriptBin "copy-keys" (if cfg != [] then '' - set -e - ssh root@$1 "mkdir -p /root/keys" - scp ${concatMapStringsSep " " toString cfg} root@$1:/root/keys - echo "uploaded keys" - '' else '' - echo "no keys to upload" - ''); - + deployment.keys-copy = pkgs.writeShellScriptBin "copy-keys" + (if cfg != [ ] then '' + set -e + ssh root@$1 "mkdir -p /root/keys" + scp ${concatMapStringsSep " " toString cfg} root@$1:/root/keys + echo "uploaded keys" + '' else '' + echo "no keys to upload" + ''); + }; - + } diff --git a/nixos/logical/blackadder.nix b/nixos/logical/blackadder.nix index 4f0abcd..6ef269f 100644 --- a/nixos/logical/blackadder.nix +++ b/nixos/logical/blackadder.nix @@ -1,9 +1,5 @@ -{ config, pkgs, lib, ... }: -{ - imports = - [ ../physical/3950x.nix - ../roles/workstation.nix - ]; +{ config, pkgs, lib, ... }: { + imports = [ ../physical/3950x.nix ../roles/workstation.nix ]; nix.nixPath = [ "nixpkgs=${pkgs.path}" ]; diff --git a/nixos/logical/frumar.nix b/nixos/logical/frumar.nix index 87740dd..0ca1196 100644 --- a/nixos/logical/frumar.nix +++ b/nixos/logical/frumar.nix @@ -1,6 +1,5 @@ -{ config, pkgs, lib, ... }: -{ - imports = [ +{ config, pkgs, lib, ... }: { + imports = [ ../physical/fractal.nix ../roles/server.nix ../roles/homeserver.nix @@ -20,7 +19,9 @@ # }; boot.supportedFilesystems = [ "zfs" ]; services.yorick.torrent-vpn = { - enable = true; name = "mullvad-nl4"; namespace = "torrent"; + enable = true; + name = "mullvad-nl4"; + namespace = "torrent"; }; services.plex = { enable = true; @@ -32,26 +33,28 @@ }; services.prometheus = { enable = true; - extraFlags = [ - "--web.enable-admin-api" - ]; + extraFlags = [ "--web.enable-admin-api" ]; # victoriametrics - remoteWrite = [ { url = "http://127.0.0.1:8428/api/v1/write"; } ]; - scrapeConfigs = [ { - job_name = "smartmeter"; - # prometheus doesn't support mdns :thinking_face: - static_configs = [ { targets = [ "192.168.178.30" ]; } ]; - scrape_interval = "10s"; - } { - job_name = "node"; - static_configs = [ { targets = [ "localhost:9100" ]; } ]; - # } { - # job_name = "unifi"; - # static_configs = [ { targets = [ "localhost:9130" ]; } ]; - } { - job_name = "thermometer"; - static_configs = [ { targets = [ "192.168.178.21:8000" ]; } ]; - }]; + remoteWrite = [{ url = "http://127.0.0.1:8428/api/v1/write"; }]; + scrapeConfigs = [ + { + job_name = "smartmeter"; + # prometheus doesn't support mdns :thinking_face: + static_configs = [{ targets = [ "192.168.178.30" ]; }]; + scrape_interval = "10s"; + } + { + job_name = "node"; + static_configs = [{ targets = [ "localhost:9100" ]; }]; + # } { + # job_name = "unifi"; + # static_configs = [ { targets = [ "localhost:9130" ]; } ]; + } + { + job_name = "thermometer"; + static_configs = [{ targets = [ "192.168.178.21:8000" ]; }]; + } + ]; exporters.node.enable = true; # exporters.unifi = { # enable = true; @@ -81,7 +84,8 @@ AUTH_GOOGLE_ALLOW_SIGN_UP = "false"; }; }; - systemd.services.grafana.serviceConfig.EnvironmentFile = "/root/keys/grafana.env"; + systemd.services.grafana.serviceConfig.EnvironmentFile = + "/root/keys/grafana.env"; services.zfs = { trim.enable = false; # no ssd's autoScrub = { diff --git a/nixos/logical/jarvis.nix b/nixos/logical/jarvis.nix index 17d0cb0..db2c300 100644 --- a/nixos/logical/jarvis.nix +++ b/nixos/logical/jarvis.nix @@ -1,9 +1,5 @@ -{ config, pkgs, lib, ... }: -{ - imports = - [ ../physical/xps9360.nix - ../roles/workstation.nix - ]; +{ config, pkgs, lib, ... }: { + imports = [ ../physical/xps9360.nix ../roles/workstation.nix ]; system.stateVersion = "17.09"; diff --git a/nixos/logical/pennyworth.nix b/nixos/logical/pennyworth.nix index 51cb658..953b144 100644 --- a/nixos/logical/pennyworth.nix +++ b/nixos/logical/pennyworth.nix @@ -13,8 +13,7 @@ let }; }; vpn = import ../vpn.nix; -in -{ +in { imports = [ ../physical/hetznercloud.nix ../roles/server.nix @@ -24,20 +23,30 @@ in ]; system.stateVersion = "19.03"; - + services.nginx.enable = true; services.yorick = { - public = { enable = true; vhost = "pub.yori.cc"; }; - website = { enable = true; vhost = "yorickvanpelt.nl"; }; - git = { enable = true; vhost = "git.yori.cc"; }; - muflax-church = { enable = true; vhost = "muflax.church"; }; + public = { + enable = true; + vhost = "pub.yori.cc"; + }; + website = { + enable = true; + vhost = "yorickvanpelt.nl"; + }; + git = { + enable = true; + vhost = "git.yori.cc"; + }; + muflax-church = { + enable = true; + vhost = "muflax.church"; + }; }; services.muflax-blog = { enable = true; - web-server = { - port = 9001; - }; + web-server = { port = 9001; }; hidden-service = { hostname = "muflax65ngodyewp.onion"; private_key = "/root/keys/http.muflax.key"; @@ -52,12 +61,16 @@ in forceSSL = true; globalRedirect = "yorickvanpelt.nl"; }; - "yorickvanpelt.nl".locations."/p1".return = "301 https://git.yori.cc/yorick/meterkast"; + "yorickvanpelt.nl".locations."/p1".return = + "301 https://git.yori.cc/yorick/meterkast"; "grafana.yori.cc" = sslforward "http://${vpn.ips.frumar}:3000"; "ubiquiti.yori.cc" = sslforward "https://${vpn.ips.woodhouse}:8443"; "prometheus.yori.cc" = { # only over vpn - listen = [ { addr = "10.209.0.1"; port = 80; } ]; + listen = [{ + addr = "10.209.0.1"; + port = 80; + }]; locations."/".proxyPass = "http://10.209.0.3:9090"; }; "pub.yori.cc".locations."/muflax/".extraConfig = '' @@ -66,19 +79,20 @@ in }; deployment.keyys = [ ]; networking.firewall.allowedUDPPorts = [ 31790 ]; # wg - networking.wireguard.interfaces.wg-y.peers = - lib.mkForce (lib.mapAttrsToList (machine: publicKey: { + networking.wireguard.interfaces.wg-y.peers = lib.mkForce (lib.mapAttrsToList + (machine: publicKey: { inherit publicKey; allowedIPs = [ "${vpn.ips.${machine}}/32" ]; }) vpn.keys); - services.prometheus.exporters.wireguard = { - enable = true; - }; + services.prometheus.exporters.wireguard = { enable = true; }; networking.firewall.interfaces.wg-y.allowedTCPPorts = [ 9586 ]; boot.kernel.sysctl."net.ipv4.ip_forward" = 1; environment.noXlibs = true; users.users.yorick.packages = with pkgs; [ - python2 sshfs-fuse weechat ripgrep + python2 + sshfs-fuse + weechat + ripgrep ]; } diff --git a/nixos/logical/woodhouse.nix b/nixos/logical/woodhouse.nix index 5857d0d..b8df6b5 100644 --- a/nixos/logical/woodhouse.nix +++ b/nixos/logical/woodhouse.nix @@ -1,18 +1,27 @@ { config, pkgs, lib, ... }: let #secrets = import ; -mkFuseMount = device: opts: { + mkFuseMount = device: opts: { # todo: "ServerAliveCountMax=3" "ServerAliveInterval=30" device = "${pkgs.sshfsFuse}/bin/sshfs#${device}"; fsType = "fuse"; - options = ["noauto" "x-systemd.automount" "_netdev" "users" "idmap=user" - "defaults" "allow_other" "transform_symlinks" "default_permissions" - "uid=1000" - "reconnect" "IdentityFile=/root/.ssh/id_sshfs"] ++ opts; -}; -in -{ + options = [ + "noauto" + "x-systemd.automount" + "_netdev" + "users" + "idmap=user" + "defaults" + "allow_other" + "transform_symlinks" + "default_permissions" + "uid=1000" + "reconnect" + "IdentityFile=/root/.ssh/id_sshfs" + ] ++ opts; + }; +in { imports = [ ../physical/nuc.nix ../roles/graphical.nix @@ -35,12 +44,13 @@ in hardware.bluetooth.enable = true; # kodi ports - networking.firewall.allowedTCPPorts = [7 8080 8443 9090 9777]; + networking.firewall.allowedTCPPorts = [ 7 8080 8443 9090 9777 ]; users.users.tv = { isNormalUser = true; uid = 1043; extraGroups = [ "wheel" ]; - hashedPassword = "$6$hD4ESAGS8O1d$yctx6spOPZ0nt/6cgYpsWZ86UoXw3ISRpf2gbdhbl8JgDz6Psjx6JCqJ9NsMi5BHnXlgRRK/z2SVrTjHEsqQR."; + hashedPassword = + "$6$hD4ESAGS8O1d$yctx6spOPZ0nt/6cgYpsWZ86UoXw3ISRpf2gbdhbl8JgDz6Psjx6JCqJ9NsMi5BHnXlgRRK/z2SVrTjHEsqQR."; packages = with pkgs; [ plex-media-player ]; }; services.xserver.windowManager.i3.enable = true; @@ -57,6 +67,6 @@ in # }; # todo: debug: services.resolved.extraConfig = "MulticastDNS=true"; - systemd.network.networks."40-eno1".networkConfig.MulticastDNS="yes"; + systemd.network.networks."40-eno1".networkConfig.MulticastDNS = "yes"; services.fstrim.enable = true; } diff --git a/nixos/logical/zazu.nix b/nixos/logical/zazu.nix index 228552d..5704452 100644 --- a/nixos/logical/zazu.nix +++ b/nixos/logical/zazu.nix @@ -1,16 +1,15 @@ # Edit this configuration file to define what should be installed on your system. Help is available in the configuration.nix(5) man page and in the NixOS manual (accessible by running ‘nixos-help’). -let sources = import ../../nix/sources.nix; in -{ config, lib, pkgs, ... }: +let sources = import ../../nix/sources.nix; +in { config, lib, pkgs, ... }: { - imports = - [ # Include the results of the hardware scan. - ../physical/apu2c4.nix - # - ../roles - "${sources.nixos-hardware}/pcengines/apu" - - ]; + imports = [ # Include the results of the hardware scan. + ../physical/apu2c4.nix + # + ../roles + "${sources.nixos-hardware}/pcengines/apu" + + ]; boot.loader.grub.enable = true; boot.loader.grub.version = 2; @@ -50,10 +49,15 @@ let sources = import ../../nix/sources.nix; in interface = "dslite1"; }; systemd.services.dslite1-netdev = { - wantedBy = [ "network-setup.service" "sys-subsystem-net-devices-dslite1.device" ]; - bindsTo = []; + wantedBy = + [ "network-setup.service" "sys-subsystem-net-devices-dslite1.device" ]; + bindsTo = [ ]; partOf = [ "network-setup.service" ]; - after = [ "network-pre.target" "network-addresses-enp1s0.service" "network-link-enp1s0.service" ]; + after = [ + "network-pre.target" + "network-addresses-enp1s0.service" + "network-link-enp1s0.service" + ]; before = [ "network-setup.service" ]; path = [ pkgs.iproute ]; serviceConfig = { @@ -96,16 +100,56 @@ let sources = import ../../nix/sources.nix; in interfaces = [ "enp2s0" ]; enable = true; machines = [ - { hostName = "amateria"; ethernetAddress = "a8:a1:59:15:8b:63"; ipAddress = "192.168.178.42"; } - { hostName = "blackadder"; ethernetAddress = "a8:a1:59:03:8a:75"; ipAddress = "192.168.178.33"; } - { hostName = "frumar"; ethernetAddress = "bc:5f:f4:e8:42:9f"; ipAddress = "192.168.178.37"; } - { hostName = "jarvis"; ethernetAddress = "18:1d:ea:35:13:58"; ipAddress = "192.168.178.34"; } - { hostName = "jarvis-dock"; ethernetAddress = "64:4b:f0:10:05:f2"; ipAddress = "192.168.178.13"; } - { hostName = "printer"; ethernetAddress = "30:05:5c:44:20:a7"; ipAddress = "192.168.178.26"; } - { hostName = "raspberrypi"; ethernetAddress = "b8:27:eb:b9:ec:3a"; ipAddress = "192.168.178.21"; } - { hostName = "smartMeter"; ethernetAddress = "5c:cf:7f:26:ca:91"; ipAddress = "192.168.178.30"; } - { hostName = "gang-ap"; ethernetAddress = "b4:fb:e4:2d:fc:f3"; ipAddress = "192.168.178.32"; } - { hostName = "woodhouse"; ethernetAddress = "94:c6:91:15:1f:c5"; ipAddress = "192.168.178.39"; } + { + hostName = "amateria"; + ethernetAddress = "a8:a1:59:15:8b:63"; + ipAddress = "192.168.178.42"; + } + { + hostName = "blackadder"; + ethernetAddress = "a8:a1:59:03:8a:75"; + ipAddress = "192.168.178.33"; + } + { + hostName = "frumar"; + ethernetAddress = "bc:5f:f4:e8:42:9f"; + ipAddress = "192.168.178.37"; + } + { + hostName = "jarvis"; + ethernetAddress = "18:1d:ea:35:13:58"; + ipAddress = "192.168.178.34"; + } + { + hostName = "jarvis-dock"; + ethernetAddress = "64:4b:f0:10:05:f2"; + ipAddress = "192.168.178.13"; + } + { + hostName = "printer"; + ethernetAddress = "30:05:5c:44:20:a7"; + ipAddress = "192.168.178.26"; + } + { + hostName = "raspberrypi"; + ethernetAddress = "b8:27:eb:b9:ec:3a"; + ipAddress = "192.168.178.21"; + } + { + hostName = "smartMeter"; + ethernetAddress = "5c:cf:7f:26:ca:91"; + ipAddress = "192.168.178.30"; + } + { + hostName = "gang-ap"; + ethernetAddress = "b4:fb:e4:2d:fc:f3"; + ipAddress = "192.168.178.32"; + } + { + hostName = "woodhouse"; + ethernetAddress = "94:c6:91:15:1f:c5"; + ipAddress = "192.168.178.39"; + } ]; extraConfig = '' subnet 192.168.178.0 netmask 255.255.255.0 { @@ -183,15 +227,17 @@ let sources = import ../../nix/sources.nix; in boot.supportedFilesystems = lib.mkForce [ "ext4" ]; boot.initrd.supportedFilesystems = lib.mkForce [ "ext4" ]; security.polkit.enable = false; - nixpkgs.overlays = [ (self: super: { - dhcpcd = super.dhcpcd.overrideAttrs (o: rec { - pname = "dhcpcd"; - version = "8.1.9"; - src = self.fetchurl { - url = "mirror://roy/${pname}/${pname}-${version}.tar.xz"; - sha256 = "1kzv61bgrd0zwiy6r218zkccx36j9p5mz1gxqvbhg05xn9g50alf"; - }; - patches = []; - }); - }) ]; + nixpkgs.overlays = [ + (self: super: { + dhcpcd = super.dhcpcd.overrideAttrs (o: rec { + pname = "dhcpcd"; + version = "8.1.9"; + src = self.fetchurl { + url = "mirror://roy/${pname}/${pname}-${version}.tar.xz"; + sha256 = "1kzv61bgrd0zwiy6r218zkccx36j9p5mz1gxqvbhg05xn9g50alf"; + }; + patches = [ ]; + }); + }) + ]; } diff --git a/nixos/modules/lumi-vpn.nix b/nixos/modules/lumi-vpn.nix index 78ec185..f62ead8 100644 --- a/nixos/modules/lumi-vpn.nix +++ b/nixos/modules/lumi-vpn.nix @@ -1,10 +1,12 @@ { config, lib, ... }: let cfg = config.yorick.lumi-vpn; - addresses = import "${builtins.getEnv "HOME"}/engineering/lumi/os/gateway/addresses.nix" - { lib.ip4.ip = a: b: c: d: x: lib.concatStringsSep "." (map toString [ a b c d ]); }; -in -{ + addresses = import + "${builtins.getEnv "HOME"}/engineering/lumi/os/gateway/addresses.nix" { + lib.ip4.ip = a: b: c: d: x: + lib.concatStringsSep "." (map toString [ a b c d ]); + }; +in { options.yorick.lumi-vpn = with lib; { enable = mkEnableOption "lumi vpn"; name = mkOption { @@ -28,9 +30,10 @@ in config = lib.mkIf cfg.enable { networking.wireguard.interfaces = { wg-lumi = { - privateKeyFile = "/home/${cfg.user}/engineering/lumi/secrets/devel/vpn/wg/workstations.${cfg.name}.key"; + privateKeyFile = + "/home/${cfg.user}/engineering/lumi/secrets/devel/vpn/wg/workstations.${cfg.name}.key"; ips = [ cfg.ip ]; - peers = [ { + peers = [{ publicKey = "6demp+PX2XyVoMovDj4xHQ2ZHKoj4QAF8maWpjcyzzI="; endpoint = "wg.lumi.guide:31727"; allowedIPs = [ "10.96.0.0/12" "10.0.0.0/17" ]; diff --git a/nixos/modules/muflax-blog.nix b/nixos/modules/muflax-blog.nix index f303c3a..a45653f 100644 --- a/nixos/modules/muflax-blog.nix +++ b/nixos/modules/muflax-blog.nix @@ -1,30 +1,32 @@ { cur_pkgs, config, lib, ... }: - let cfg = config.services.muflax-blog; muflax-source = builtins.fetchGit { rev = "e5ce7ae4296c6605a7e886c153d569fc38318096"; ref = "HEAD"; url = "https://github.com/fmap/muflax65ngodyewp.onion.git"; -}; -nixpkgs = import (builtins.fetchTarball { - url = "https://github.com/NixOS/nixpkgs-channels/archive/78e9665b48ff45d3e29f45b3ebeb6fc6c6e19922.tar.gz"; - sha256 = "09f50jaijvry9lrnx891qmcf92yb8qs64n1cvy0db2yjrmxsxyw8"; -}) { system = builtins.currentSystem; }; - blog = lib.overrideDerivation (nixpkgs.callPackage "${muflax-source}/maintenance" {}) (default: { - buildPhase = default.buildPhase + "\n" + '' - grep -lr '[^@]muflax.com' out | xargs -r sed -i 's/\([^@]\)muflax.com/\1${cfg.hidden-service.hostname}/g' - ''; - }); + }; + nixpkgs = import (builtins.fetchTarball { + url = + "https://github.com/NixOS/nixpkgs-channels/archive/78e9665b48ff45d3e29f45b3ebeb6fc6c6e19922.tar.gz"; + sha256 = "09f50jaijvry9lrnx891qmcf92yb8qs64n1cvy0db2yjrmxsxyw8"; + }) { system = builtins.currentSystem; }; + blog = lib.overrideDerivation + (nixpkgs.callPackage "${muflax-source}/maintenance" { }) (default: { + buildPhase = default.buildPhase + "\n" + '' + grep -lr '[^@]muflax.com' out | xargs -r sed -i 's/\([^@]\)muflax.com/\1${cfg.hidden-service.hostname}/g' + ''; + }); in with lib; { options.services.muflax-blog = { - enable = mkOption { type = types.bool; default = false; }; - web-server = { - port = mkOption { type = types.int; }; + enable = mkOption { + type = types.bool; + default = false; }; + web-server = { port = mkOption { type = types.int; }; }; hidden-service = { - hostname = mkOption { type = types.str; }; + hostname = mkOption { type = types.str; }; private_key = mkOption { type = types.str; }; }; }; @@ -47,11 +49,13 @@ in with lib; { server_name ${site}.${cfg.hidden-service.hostname}; root ${blog}/${site}; } - '') ["daily" "gospel" "blog"]); + '') [ "daily" "gospel" "blog" ]); }; services.tor.enable = true; services.tor.hiddenServices.muflax-blog.map = [{ - port = 80; toPort = cfg.web-server.port; }]; + port = 80; + toPort = cfg.web-server.port; + }]; services.tor.service-keys.muflax-blog = cfg.hidden-service.private_key; }; } diff --git a/nixos/modules/nginx.nix b/nixos/modules/nginx.nix index 72dbffa..6982e14 100644 --- a/nixos/modules/nginx.nix +++ b/nixos/modules/nginx.nix @@ -1,36 +1,35 @@ { config, lib, pkgs, ... }: let -sslcfg = dir: '' + sslcfg = dir: '' ssl on; ssl_certificate_key ${dir}/key.pem; ssl_certificate ${dir}/fullchain.pem; ssl_trusted_certificate ${dir}/fullchain.pem; add_header Strict-Transport-Security max-age=15768000; -''; + ''; -in -{ +in { config = lib.mkIf config.services.nginx.enable { - services.nginx = { - recommendedTlsSettings = true; - recommendedGzipSettings = true; - recommendedProxySettings = true; - recommendedOptimisation = true; - serverTokens = false; - sslDhparam = "/etc/nginx/dhparam.pem"; + services.nginx = { + recommendedTlsSettings = true; + recommendedGzipSettings = true; + recommendedProxySettings = true; + recommendedOptimisation = true; + serverTokens = false; + sslDhparam = "/etc/nginx/dhparam.pem"; virtualHosts."${config.networking.hostName}.yori.cc" = { enableACME = true; forceSSL = true; default = true; }; }; - networking.firewall.allowedTCPPorts = [80 443]; - system.activationScripts.nginxdhparams = '' - if ! [[ -e /etc/nginx/dhparam.pem ]]; then - mkdir -p /etc/nginx/ - ${pkgs.openssl}/bin/openssl dhparam -out /etc/nginx/dhparam.pem 2048 - fi + networking.firewall.allowedTCPPorts = [ 80 443 ]; + system.activationScripts.nginxdhparams = '' + if ! [[ -e /etc/nginx/dhparam.pem ]]; then + mkdir -p /etc/nginx/ + ${pkgs.openssl}/bin/openssl dhparam -out /etc/nginx/dhparam.pem 2048 + fi ''; - }; + }; } diff --git a/nixos/modules/tor-hidden-service.nix b/nixos/modules/tor-hidden-service.nix index dbe6211..3a4978f 100644 --- a/nixos/modules/tor-hidden-service.nix +++ b/nixos/modules/tor-hidden-service.nix @@ -7,13 +7,13 @@ let torDir = "/var/lib/tor"; in { options.services.tor.service-keys = mkOption { - default = {}; + default = { }; type = with types; attrsOf str; }; - config = mkIf (service-keys != {}) { + config = mkIf (service-keys != { }) { systemd.services."install-tor-hidden-service-keys" = { - wantedBy = ["tor.service"]; + wantedBy = [ "tor.service" ]; serviceConfig.Type = "oneshot"; serviceConfig.User = "root"; serviceConfig.Group = "keys"; diff --git a/nixos/overlay.nix b/nixos/overlay.nix index 0179301..0d7aa42 100644 --- a/nixos/overlay.nix +++ b/nixos/overlay.nix @@ -1,32 +1,20 @@ -let - names = [ "pennyworth" "jarvis" "blackadder" "woodhouse" "frumar" "zazu" ]; -in -pkgs: super: { - yorick = (super.yorick or {}) // rec { - nixos = - configuration: extraArgs: +let names = [ "pennyworth" "jarvis" "blackadder" "woodhouse" "frumar" "zazu" ]; +in pkgs: super: { + yorick = (super.yorick or { }) // rec { + nixos = configuration: extraArgs: let c = import (pkgs.path + "/nixos/lib/eval-config.nix") { inherit (pkgs.stdenv.hostPlatform) system; inherit extraArgs; modules = - [( - { lib, ... }: { - config.nixpkgs.pkgs = lib.mkDefault pkgs; - } - )] ++ ( - if builtins.isList configuration - then configuration - else [configuration] - ); + [ ({ lib, ... }: { config.nixpkgs.pkgs = lib.mkDefault pkgs; }) ] + ++ (if builtins.isList configuration then + configuration + else + [ configuration ]); }; - in - c.config.system.build // c; - machine = pkgs.lib.genAttrs names (name: nixos [ - ./roles - (./logical + "/${name}.nix") - ] { - inherit name; - }); + in c.config.system.build // c; + machine = pkgs.lib.genAttrs names + (name: nixos [ ./roles (./logical + "/${name}.nix") ] { inherit name; }); }; } diff --git a/nixos/packages/default.nix b/nixos/packages/default.nix index 51eef8f..dd23b15 100644 --- a/nixos/packages/default.nix +++ b/nixos/packages/default.nix @@ -1,3 +1 @@ -[ (self: super: { - yori-cc = super.callPackage ./yori-cc.nix {}; -})] +[ (self: super: { yori-cc = super.callPackage ./yori-cc.nix { }; }) ] diff --git a/nixos/packages/yori-cc.nix b/nixos/packages/yori-cc.nix index 92f5a5f..f1ff2be 100644 --- a/nixos/packages/yori-cc.nix +++ b/nixos/packages/yori-cc.nix @@ -2,12 +2,12 @@ stdenv.mkDerivation { name = "yori-cc-1.5"; - + src = builtins.fetchGit { url = "git@git.yori.cc:yorick/yori-cc.git"; rev = "68c75ab84cceaf98dd8fd0646b97d73f966b8962"; }; - + buildInputs = [ ]; installPhase = '' @@ -17,7 +17,7 @@ stdenv.mkDerivation { meta = { description = "Yori-cc website"; - homepage = https://yorickvanpelt.nl; + homepage = "https://yorickvanpelt.nl"; maintainers = [ "Yorick" ]; }; } diff --git a/nixos/physical/3950x-hardware-config.nix b/nixos/physical/3950x-hardware-config.nix index 66b12c4..1e8c237 100644 --- a/nixos/physical/3950x-hardware-config.nix +++ b/nixos/physical/3950x-hardware-config.nix @@ -4,33 +4,31 @@ { config, lib, pkgs, modulesPath, ... }: { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.availableKernelModules = + [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-amd" ]; boot.extraModulePackages = [ ]; - fileSystems."/" = - { device = "rpool/root/nixos"; - fsType = "zfs"; - }; + fileSystems."/" = { + device = "rpool/root/nixos"; + fsType = "zfs"; + }; - fileSystems."/home" = - { device = "rpool/home-enc"; - fsType = "zfs"; - }; + fileSystems."/home" = { + device = "rpool/home-enc"; + fsType = "zfs"; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/5D0A-7902"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/5D0A-7902"; + fsType = "vfat"; + }; swapDevices = - [ { device = "/dev/disk/by-uuid/61a23e27-2cd4-4456-bcde-aec68be04239"; } - ]; + [{ device = "/dev/disk/by-uuid/61a23e27-2cd4-4456-bcde-aec68be04239"; }]; nix.maxJobs = lib.mkDefault 32; # High-DPI console diff --git a/nixos/physical/3950x.nix b/nixos/physical/3950x.nix index bbec0c3..e6316a3 100644 --- a/nixos/physical/3950x.nix +++ b/nixos/physical/3950x.nix @@ -1,12 +1,11 @@ { config, pkgs, lib, ... }: -let sources = import ../../nix/sources.nix; -in -{ - imports = - [ ./. - ./3950x-hardware-config.nix - "${sources.nixos-hardware}/common/cpu/amd" - ]; +let sources = import ../../nix/sources.nix; +in { + imports = [ + ./. + ./3950x-hardware-config.nix + "${sources.nixos-hardware}/common/cpu/amd" + ]; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; @@ -27,8 +26,13 @@ in # linkConfig.NamePolicy = "mac kernel database onboard slot path"; # }; boot.kernelParams = [ - "amdgpu.ppfeaturemask=0xffffffff" "amdgpu.noretry=0" "amdgpu.lockup_timeout=1000" "amdgpu.gpu_recovery=1" "amdgpu.audio=0" + "amdgpu.ppfeaturemask=0xffffffff" + "amdgpu.noretry=0" + "amdgpu.lockup_timeout=1000" + "amdgpu.gpu_recovery=1" + "amdgpu.audio=0" # thunderbolt - "pcie_ports=native" "pci=assign-busses,hpbussize=0x33,realloc" + "pcie_ports=native" + "pci=assign-busses,hpbussize=0x33,realloc" ]; } diff --git a/nixos/physical/apu2c4.nix b/nixos/physical/apu2c4.nix index b6eb949..45bffa4 100644 --- a/nixos/physical/apu2c4.nix +++ b/nixos/physical/apu2c4.nix @@ -4,19 +4,19 @@ { config, lib, pkgs, ... }: { - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ehci_pci" "usb_storage" "sd_mod" "sdhci_pci" ]; + boot.initrd.availableKernelModules = + [ "xhci_pci" "ahci" "ehci_pci" "usb_storage" "sd_mod" "sdhci_pci" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-amd" ]; boot.extraModulePackages = [ ]; - fileSystems."/" = - { device = "/dev/disk/by-uuid/1396f814-6cc2-4988-992a-3558fa1ac5a2"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/1396f814-6cc2-4988-992a-3558fa1ac5a2"; + fsType = "ext4"; + }; swapDevices = - [ { device = "/dev/disk/by-uuid/5f8f358d-f63c-48ad-a322-d1aeb403e4ff"; } - ]; + [{ device = "/dev/disk/by-uuid/5f8f358d-f63c-48ad-a322-d1aeb403e4ff"; }]; nix.maxJobs = lib.mkDefault 4; } diff --git a/nixos/physical/default.nix b/nixos/physical/default.nix index c92b7a0..555bc31 100644 --- a/nixos/physical/default.nix +++ b/nixos/physical/default.nix @@ -1,3 +1 @@ -{ - hardware.enableRedistributableFirmware = true; -} +{ hardware.enableRedistributableFirmware = true; } diff --git a/nixos/physical/fractal.nix b/nixos/physical/fractal.nix index daa9e26..8fa54de 100644 --- a/nixos/physical/fractal.nix +++ b/nixos/physical/fractal.nix @@ -1,13 +1,10 @@ { config, lib, pkgs, ... }: let sources = import ../../nix/sources.nix; -in -{ - imports = - [ ./. - "${sources.nixos-hardware}/common/cpu/intel" - ]; +in { + imports = [ ./. "${sources.nixos-hardware}/common/cpu/intel" ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" ]; + boot.initrd.availableKernelModules = + [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" ]; # Use the GRUB 2 boot loader. boot.loader.grub = { @@ -17,25 +14,22 @@ in device = "/dev/disk/by-id/ata-Samsung_SSD_850_EVO_250GB_S21PNXAG441016B"; }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/ba95c638-f243-48ee-ae81-0c70884e7e74"; + fsType = "ext4"; + options = [ "defaults" "relatime" "discard" ]; + }; - fileSystems."/" = - { device = "/dev/disk/by-uuid/ba95c638-f243-48ee-ae81-0c70884e7e74"; - fsType = "ext4"; - options = ["defaults" "relatime" "discard"]; - }; + swapDevices = [{ device = "/dev/disk/by-label/nixos-swap"; }]; + fileSystems."/data" = { + device = "frumar-new"; + fsType = "zfs"; + }; - swapDevices = - [ { device = "/dev/disk/by-label/nixos-swap"; } - ]; - fileSystems."/data" = - { device = "frumar-new"; - fsType = "zfs"; - }; - - fileSystems."/data/plexmedia" = - { device = "frumar-new/plexmedia"; - fsType = "zfs"; - }; + fileSystems."/data/plexmedia" = { + device = "frumar-new/plexmedia"; + fsType = "zfs"; + }; nix.maxJobs = 4; services.avahi.interfaces = [ "enp2s0" ]; diff --git a/nixos/physical/hetznercloud.nix b/nixos/physical/hetznercloud.nix index 0a5277c..9bc7d64 100644 --- a/nixos/physical/hetznercloud.nix +++ b/nixos/physical/hetznercloud.nix @@ -1,14 +1,11 @@ { config, lib, pkgs, modulesPath, ... }: -let - ipconf = (import ../secrets.nix).ipconf.${config.networking.hostName}; -in -{ - imports = - [ (modulesPath + "/profiles/qemu-guest.nix") - ]; +let ipconf = (import ../secrets.nix).ipconf.${config.networking.hostName}; +in { + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; boot.kernelPackages = pkgs.linuxPackages_latest; - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ]; + boot.initrd.availableKernelModules = + [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ]; boot.kernelModules = [ ]; boot.extraModulePackages = [ ]; boot.loader.grub = { @@ -17,10 +14,10 @@ in device = "/dev/sda"; }; - fileSystems."/" = - { device = "/dev/sda1"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/sda1"; + fsType = "ext4"; + }; swapDevices = [ ]; diff --git a/nixos/physical/nuc.nix b/nixos/physical/nuc.nix index 86e6afd..411ba84 100644 --- a/nixos/physical/nuc.nix +++ b/nixos/physical/nuc.nix @@ -1,31 +1,30 @@ { config, lib, pkgs, modulesPath, ... }: -let sources = import ../../nix/sources.nix; -in -{ +let sources = import ../../nix/sources.nix; +in { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ./. + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ./. "${sources.nixos-hardware}/common/cpu/intel" - ]; + ]; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.initrd.availableKernelModules = + [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; - fileSystems."/" = - { device = "/dev/disk/by-uuid/3e148654-0ed8-4354-8159-e3499c6fa299"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/3e148654-0ed8-4354-8159-e3499c6fa299"; + fsType = "ext4"; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/439E-26EA"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/439E-26EA"; + fsType = "vfat"; + }; swapDevices = [ ]; @@ -35,7 +34,8 @@ in nixpkgs.config.packageOverrides = pkgs: { vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; }; - hardware.opengl.extraPackages = with pkgs; [ - intel-media-driver # only available starting nixos-19.03 or the current nixos-unstable - ]; + hardware.opengl.extraPackages = with pkgs; + [ + intel-media-driver # only available starting nixos-19.03 or the current nixos-unstable + ]; } diff --git a/nixos/physical/xps9360-hardware-config.nix b/nixos/physical/xps9360-hardware-config.nix index e201e76..4889d73 100644 --- a/nixos/physical/xps9360-hardware-config.nix +++ b/nixos/physical/xps9360-hardware-config.nix @@ -9,21 +9,21 @@ boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; - fileSystems."/" = - { device = "/dev/disk/by-uuid/a751e4ea-f1aa-48e1-9cbe-423878e29b62"; - fsType = "btrfs"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/a751e4ea-f1aa-48e1-9cbe-423878e29b62"; + fsType = "btrfs"; + }; - boot.initrd.luks.devices."nix-crypt".device = "/dev/disk/by-uuid/320ef81d-283f-4916-ac26-ecfb0f31e549"; + boot.initrd.luks.devices."nix-crypt".device = + "/dev/disk/by-uuid/320ef81d-283f-4916-ac26-ecfb0f31e549"; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/0E07-7805"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/0E07-7805"; + fsType = "vfat"; + }; swapDevices = - [ { device = "/dev/disk/by-uuid/198ddaba-a849-41de-993d-862c2d37937a"; } - ]; + [{ device = "/dev/disk/by-uuid/198ddaba-a849-41de-993d-862c2d37937a"; }]; nix.maxJobs = lib.mkDefault 4; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; diff --git a/nixos/physical/xps9360.nix b/nixos/physical/xps9360.nix index 35e9311..28d6125 100644 --- a/nixos/physical/xps9360.nix +++ b/nixos/physical/xps9360.nix @@ -1,7 +1,6 @@ { config, lib, pkgs, ... }: let sources = import ../../nix/sources.nix; -in -{ +in { imports = [ "${sources.nixos-hardware}/dell/xps/13-9360" ./xps9360-hardware-config.nix @@ -12,7 +11,7 @@ in boot.extraModprobeConfig = '' options i8k ignore_dmi=1 ''; - fileSystems."/".options = ["defaults" "relatime" "discard"]; + fileSystems."/".options = [ "defaults" "relatime" "discard" ]; boot.initrd.luks.devices."nix-crypt".allowDiscards = true; diff --git a/nixos/roles/default.nix b/nixos/roles/default.nix index cc557d0..462864a 100644 --- a/nixos/roles/default.nix +++ b/nixos/roles/default.nix @@ -1,12 +1,10 @@ let secrets = import ../secrets.nix; -in -{ config, pkgs, lib, name, ...}: +in { config, pkgs, lib, name, ... }: let machine = name; vpn = import ../vpn.nix; -in -{ - imports = [ +in { + imports = [ ../modules/tor-hidden-service.nix ../modules/nginx.nix ../modules/lumi-vpn.nix @@ -15,23 +13,24 @@ in ]; networking.domain = "yori.cc"; networking.hostName = machine; - time.timeZone = "Europe/Amsterdam"; - users.mutableUsers = false; - users.users.root = { - openssh.authorizedKeys.keys = config.users.users.yorick.openssh.authorizedKeys.keys; + time.timeZone = "Europe/Amsterdam"; + users.mutableUsers = false; + users.users.root = { + openssh.authorizedKeys.keys = + config.users.users.yorick.openssh.authorizedKeys.keys; # root password is useful from console, ssh has password logins disabled hashedPassword = secrets.pennyworth_hashedPassword; # TODO: generate own - }; + }; services.timesyncd.enable = true; - users.users.yorick = { - isNormalUser = true; - uid = 1000; - extraGroups = ["wheel"]; - group = "users"; - openssh.authorizedKeys.keys = with (import ../sshkeys.nix); yorick; + users.users.yorick = { + isNormalUser = true; + uid = 1000; + extraGroups = [ "wheel" ]; + group = "users"; + openssh.authorizedKeys.keys = with (import ../sshkeys.nix); yorick; hashedPassword = secrets.yorick_hashedPassword; - }; + }; # Nix nixpkgs.config.allowUnfree = true; @@ -44,14 +43,13 @@ in services.openssh = { enable = true; - passwordAuthentication = false; - challengeResponseAuthentication = false; + passwordAuthentication = false; + challengeResponseAuthentication = false; }; - environment.systemPackages = with pkgs; [ # v important. - cowsay #ponysay + cowsay # ponysay ed # ed, man! sl rlwrap @@ -59,31 +57,43 @@ in #vim # system stuff - ethtool inetutils - pciutils usbutils - /*iotop*/ powertop htop - psmisc lsof - smartmontools hdparm + ethtool + inetutils + pciutils + usbutils + # iotop + powertop + htop + psmisc + lsof + smartmontools + hdparm lm_sensors ncdu - + # utils - file which + file + which reptyr tmux bc mkpasswd shadow - + # archiving xdelta libarchive atool # network - nmap mtr bind - socat netcat-openbsd - lftp wget rsync + nmap + mtr + bind + socat + netcat-openbsd + lftp + wget + rsync #gitMinimal #rxvt_unicode.terminfo @@ -94,12 +104,12 @@ in ipv6 = true; hostName = machine; }; - deployment.keyys = [ (+"/wg.${machine}.key") ]; + deployment.keyys = [ ( + "/wg.${machine}.key") ]; networking.wireguard.interfaces.wg-y = { privateKeyFile = "/root/keys/wg.${machine}.key"; ips = [ vpn.ips.${machine} ]; listenPort = 31790; - peers = [ { + peers = [{ publicKey = vpn.keys.pennyworth; endpoint = "pennyworth.yori.cc:31790"; allowedIPs = [ "10.209.0.0/24" ]; @@ -112,7 +122,7 @@ in nix.binaryCachePublicKeys = [ "yorick:Pmd0gyrTvVdzpQyb/raHJKdoOag8RLaj434qBgMm4I0=" ]; - nix.trustedUsers = ["@wheel"]; + nix.trustedUsers = [ "@wheel" ]; services.prometheus.exporters.node = { enable = true; enabledCollectors = [ "systemd" ]; diff --git a/nixos/roles/graphical.nix b/nixos/roles/graphical.nix index 86e30b6..ff59639 100644 --- a/nixos/roles/graphical.nix +++ b/nixos/roles/graphical.nix @@ -45,7 +45,9 @@ in { config, lib, pkgs, ... }: { programs.sway = { enable = true; extraSessionCommands = '' - export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:${lib.makeLibraryPath (with pkgs; [ libxkbcommon libglvnd wayland ])} + export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:${ + lib.makeLibraryPath (with pkgs; [ libxkbcommon libglvnd wayland ]) + } ''; }; }; diff --git a/nixos/roles/homeserver.nix b/nixos/roles/homeserver.nix index a0eec7c..63a58e1 100644 --- a/nixos/roles/homeserver.nix +++ b/nixos/roles/homeserver.nix @@ -1,4 +1,4 @@ -{lib, ...}: { +{ lib, ... }: { users.users.lars = { isNormalUser = true; openssh.authorizedKeys.keys = [ diff --git a/nixos/roles/server.nix b/nixos/roles/server.nix index c9eef60..7451693 100644 --- a/nixos/roles/server.nix +++ b/nixos/roles/server.nix @@ -1,16 +1,20 @@ { imports = [ ./. ]; - + documentation.nixos.enable = false; services.sshguard.enable = true; programs.mosh.enable = true; environment.noXlibs = true; - networking.firewall.logRefusedConnections = false; # Silence logging of scanners and knockers + networking.firewall.logRefusedConnections = + false; # Silence logging of scanners and knockers # TODO: upstream with noXlibs # https://github.com/NixOS/nixpkgs/pull/107394 - nixpkgs.overlays = [ (self: super: { - elixir_1_8 = (self.beam.packagesWith (self.beam.interpreters.erlang_nox)).elixir_1_8; - erlang = super.erlang_nox; - }) ]; + nixpkgs.overlays = [ + (self: super: { + elixir_1_8 = + (self.beam.packagesWith (self.beam.interpreters.erlang_nox)).elixir_1_8; + erlang = super.erlang_nox; + }) + ]; } diff --git a/nixos/roles/workstation.nix b/nixos/roles/workstation.nix index cd68c54..91e2cbc 100644 --- a/nixos/roles/workstation.nix +++ b/nixos/roles/workstation.nix @@ -1,20 +1,20 @@ { config, lib, pkgs, ... }: let - nixNetrcFile = pkgs.runCommand "nix-netrc-file" -{ hostname = "cache.lumi.guide"; - username = "lumi"; -} '' - cat > $out < $out <WV{5BZ4=}GS+UIgO$~l^k)^!5m?(T7PLhT-`cM85K+^a%i-jMa$BipiLoL_ zyF-z0Mc*EVu>kZzifgxq#SQWqOST*Lj=h&Vlk{CY3f@OoRY*^j6Vn+=nU2?TFa z+(ruLVtt`g)n)0`LYd959{hspxcCn1b5Ey9v169@A)VI5atVWN`+r*Zvkh$WXlO`b z5RbT9WB;Q+_4QTjYTYX!mR7?N(<|a_N%l<8^<~=tz;+;UZa7|cEvI**6+vf2mLW7# zctQYmhh+;<{I#_WXA6*y^(nMtTuuSu*DPV0Gjd%50z!sA{Dr8%8hkw@W63G_Jmu39%9tuV<9KiESj!b1Irz`F>^7{~sW@Q|)7P zEtWz{6=sf%YSgBIIq#lSEM&|wFwu8lfeWY>8xHnS1E_ivwR~jKjNln++jgJAgnvq! z)m_W1<15}>xiV0oWoUSlv$A^x;whoqxfvyjzCa${BJL_~sF#&#W&$gLY71OLN*Q zdX~>k$JFG)LoHjSMlm@Ht=AEHu)sc$EAmWdqW6^4!jkxg zfGnSN#3QmbGIwR65%@w}HdCMlA-4;VV}qdV{vSL~B;Ib3X4Wr@F zIjJ`-<@j#11yL9d{K1IPkZB6DWDGrQ#~m?j|Q+@LlO; z2#y1ODYK(UZb5?a@r>>wbh`G;ZLb~_QRCz2LMYCV zAm^h9s$+RK*0fCz#%*1LwtiqU&9-`GHWs7+a_eDH$xYqPyN|7|j9BHX|1we?5Y+WHjI4EXN<$*i*Ruv&n59R2)1PKZMX0yIM~nYP9ukm{M8HC4hvCb6x=k$s^O2q#q9P*)cgi% zNGAZG^^wKWkq*lWI2ADjV&i`Oy}0KXT^^dbZwZIYm9xL!G7C~Euu!Z3`i8NnOKpKs zBL3LT>>gP5hg`=>nw;qg<2}ItpGRQb{f`%!Ig?7Qc=$PJl(DnBbm8tfZtuJ$L*xhG znC5uNYXmk{g2))~?jCdk!kFE9;k<4l2*1Aq{COj0V!5r4E=8xsLK(Y;EN2Kv4)DFo zcCzCuBDp&+N6ODR=Ji%No^4rK#Gzx!kAUOY2UzmequeBfevUH z#f#q3NQ&uD3t$-nKX_HRIu9>q^jX1SDSld;wnh`-1on(yz;OKtp>+Woz2 z4FaK7+c;#aVGAvWSk19KVpmZFnuA7-p~j=WgR_MO`k ze_g5#$o%txBkiz!IG1G^b=tnj5h^kda@&I-`AmB1+TSQ{5ElZkk?Oh2BW@dDZV+j< z*rgrHkS`${ET?AHGfQVI8&{%Ud0SE(j}|FPBiSmz`jSBO$HuGx3lO@dKHuQXnZl2L zRXjty%Q~Q+S&@&e!3rN$+|pP6jyTw1o=(ET%{hApIM=5D%!LX5ed3mZpL6xIjZ;y^ z9uH588Y9gFK1d-u!5?p>{_oz>E;iv#tschxN3I<=R2R52TFk?^4Dg^oGjdI_S9Fh> zrrrImDjRwLPH2qJ6rlf~uf1xCSO`3~7M+8U-i|yn8gnMLbK z`XFZg!;ASzjrL)Bd%#o930d51^WS#e7!5spObmA{c{Jt8*DD1E2WjH@qT0S3h*DfD zJiyIb=iA(Ir!L7Zuiy@l3pWTU(rjFyc`^T@OiX1P#4o$ob=>d8)kb%x2KT4*VLc({ z@TFY75SBLUcM)}z2Cn;NQ-z@Kqc>W#NZd~q`63?e=kFk;U|ZJ$HAkk5D6bR(ifl?e wFIgf|cc2~ljr+"/wg.${cfg.name}.key") ]; + deployment.keyys = [ ( + "/wg.${cfg.name}.key") ]; networking.wireguard.interfaces.${cfg.name} = { # curl -s https://api.mullvad.net/www/relays/all/ | jq '.[] | select(.type == "wireguard" and .country_code == "nl")' ips = [ "10.66.30.26/32" "fc00:bbbb:bbbb:bb01::3:1e19/128" ]; privateKeyFile = "/root/keys/wg.${cfg.name}.key"; peers = [{ publicKey = "hnRyse6QxPPcZOoSwRsHUtK1W+APWXnIoaDTmH6JsHQ="; - allowedIPs = ["0.0.0.0/0" "::0/0"]; + allowedIPs = [ "0.0.0.0/0" "::0/0" ]; endpoint = "[2a03:1b20:3:f011::a04f]:51820"; }]; interfaceNamespace = cfg.namespace; diff --git a/nixos/services/website.nix b/nixos/services/website.nix index d4cec95..15db876 100644 --- a/nixos/services/website.nix +++ b/nixos/services/website.nix @@ -1,25 +1,30 @@ { config, lib, pkgs, ... }: let - yoricc = pkgs.callPackage ../packages/yori-cc.nix {}; + yoricc = pkgs.callPackage ../packages/yori-cc.nix { }; cfg = config.services.yorick.website; -in - with lib; -{ +in with lib; { options.services.yorick = { website = { enable = mkEnableOption "yoricc website"; vhost = mkOption { type = types.str; }; - pkg = mkOption { type = types.package; default = yoricc; }; + pkg = mkOption { + type = types.package; + default = yoricc; + }; }; - redirect = mkOption { type = types.loaOf types.str; default = []; }; - }; - config.services.nginx.virtualHosts = with cfg; mkIf enable { - ${vhost} = { - enableACME = true; - forceSSL = true; - locations."/".root = "${pkg}/web"; + redirect = mkOption { + type = types.loaOf types.str; + default = [ ]; }; }; + config.services.nginx.virtualHosts = with cfg; + mkIf enable { + ${vhost} = { + enableACME = true; + forceSSL = true; + locations."/".root = "${pkg}/web"; + }; + }; } diff --git a/nixos/sshkeys.nix b/nixos/sshkeys.nix index e0a41ec..ff9f9e1 100644 --- a/nixos/sshkeys.nix +++ b/nixos/sshkeys.nix @@ -1,4 +1,8 @@ { - public = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZv+hBDmjxF8h9Gxwvy0o7sMgOsqwp8pVj9AlpG90Y7agvkOm2IGtFueVfiDe0yWPXT0/EIiVWcPhWwcVkbY/BkypPJSMLnlcQ6ld+aO1g+BtdDaVuxcTSvQ77UCT2p+wftxoq1EiUdlhTsXpPucrBd+5NOde+jlPBE4qChIAf2zhOIByJAGT+M4Ie3eV4p5S9LB9CMI4s32gNUBbSA8UDmkjpBXkf9a1TZzdkOGWUmUFXt53/O8LZlGK9kkA5TsjM2xaxDjCLWf5wEcey4JsEggi1prE4aB68Q7+kdbvDiVSEFyZn0A/A9RXHBRAgW8yPdh+EGC56iDW/wkGxWBY5"; - yorick = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDo1N5E6qkb3McJOvv0PqI7E8iYLAcjil5RWc+zeTtN/" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFQm2OJ8PlnDHfI7FV3hddXP0t2jgKAiCnnuWIc+LK4dnyGmlC/ihIe9KhSENZEnzVAXnYAMOoOvpkVa5p0Itf1n0anCK3k2vDq0Jz9nY3ZXmkSHE09QGCpSG8kU6j+zWJPo2jWYNtxYMRmmHAuzzOdlPY9Q199PEvHVaqzpSVhIdhqhEcmap8oqHW6KbJu+17nLGGQB5XiTB1SlTxbg62copA9KMcvQzNGIooKs5QyrU/B0g05EfbogH7xOLbwYAK676DTUBEcKpEUYFMMv+DBcU4cH2EI6UTLxI5ohrS1pxk20zu5nTRMlQRUETpWN4EbEPfOzF8FW1YOwdttfCas8D6Y6t9gA4o8GpylBG9AElVw7VyOFeBR+AtchormH+wH6nZEvzs6wg2d84I8xo5qYGUJIQS7OYxypjlY01IFCCa/7rjzXGDmdWAP/UEu85ys9FSryn9Ey5DXDQOqhMHguOwQDUyaArWyRCCBzKbx6cPZw2D9bLfDxbnaC2/5dVyxHJXoWmwneX2E/UT5QwtG1nyLShIZhYgO9lfDpO61Mz9Jjap3sj6mJPxHZc5SGye0j47xV6kX4vbSgfoSHHnasaI3fR2ZBS7tnfq1ebxXqFFSPHK6uHjLgDHtkMisvjOVZnybuXB296pjv6K1o2G3qlUnImOqfxZxvuy4Xl/mw== cardno:000607186578"]; + public = + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZv+hBDmjxF8h9Gxwvy0o7sMgOsqwp8pVj9AlpG90Y7agvkOm2IGtFueVfiDe0yWPXT0/EIiVWcPhWwcVkbY/BkypPJSMLnlcQ6ld+aO1g+BtdDaVuxcTSvQ77UCT2p+wftxoq1EiUdlhTsXpPucrBd+5NOde+jlPBE4qChIAf2zhOIByJAGT+M4Ie3eV4p5S9LB9CMI4s32gNUBbSA8UDmkjpBXkf9a1TZzdkOGWUmUFXt53/O8LZlGK9kkA5TsjM2xaxDjCLWf5wEcey4JsEggi1prE4aB68Q7+kdbvDiVSEFyZn0A/A9RXHBRAgW8yPdh+EGC56iDW/wkGxWBY5"; + yorick = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDo1N5E6qkb3McJOvv0PqI7E8iYLAcjil5RWc+zeTtN/" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFQm2OJ8PlnDHfI7FV3hddXP0t2jgKAiCnnuWIc+LK4dnyGmlC/ihIe9KhSENZEnzVAXnYAMOoOvpkVa5p0Itf1n0anCK3k2vDq0Jz9nY3ZXmkSHE09QGCpSG8kU6j+zWJPo2jWYNtxYMRmmHAuzzOdlPY9Q199PEvHVaqzpSVhIdhqhEcmap8oqHW6KbJu+17nLGGQB5XiTB1SlTxbg62copA9KMcvQzNGIooKs5QyrU/B0g05EfbogH7xOLbwYAK676DTUBEcKpEUYFMMv+DBcU4cH2EI6UTLxI5ohrS1pxk20zu5nTRMlQRUETpWN4EbEPfOzF8FW1YOwdttfCas8D6Y6t9gA4o8GpylBG9AElVw7VyOFeBR+AtchormH+wH6nZEvzs6wg2d84I8xo5qYGUJIQS7OYxypjlY01IFCCa/7rjzXGDmdWAP/UEu85ys9FSryn9Ey5DXDQOqhMHguOwQDUyaArWyRCCBzKbx6cPZw2D9bLfDxbnaC2/5dVyxHJXoWmwneX2E/UT5QwtG1nyLShIZhYgO9lfDpO61Mz9Jjap3sj6mJPxHZc5SGye0j47xV6kX4vbSgfoSHHnasaI3fR2ZBS7tnfq1ebxXqFFSPHK6uHjLgDHtkMisvjOVZnybuXB296pjv6K1o2G3qlUnImOqfxZxvuy4Xl/mw== cardno:000607186578" + ]; } diff --git a/overlay.nix b/overlay.nix index 4e0a79a..1f67cd4 100644 --- a/overlay.nix +++ b/overlay.nix @@ -1,10 +1,10 @@ -let sources = import ./nix/sources.nix; in -pkgs: super: { +let sources = import ./nix/sources.nix; +in pkgs: super: { yorick = super.yorick // rec { home = { check ? true, newsReadIdsFile ? null }: import "${sources.home-manager}/home-manager/home-manager.nix" { - confPath = ./nix/.config/nixpkgs/home.nix; - inherit pkgs check newsReadIdsFile; - }; + confPath = ./nix/.config/nixpkgs/home.nix; + inherit pkgs check newsReadIdsFile; + }; }; }