From b8af0e9761b8b819190c2507ad56bebab47948f4 Mon Sep 17 00:00:00 2001 From: Lukas Wurzinger Date: Sun, 11 May 2025 22:49:04 +0200 Subject: [PATCH] whatever --- .envrc | 10 +- classes/headful/clipboard.nix | 3 - classes/headful/codium.nix | 6 - classes/headful/cosmic.nix | 17 - classes/headful/devenv.nix | 3 - classes/headful/flatpak.nix | 7 - classes/headful/fonts.nix | 27 - classes/headful/hardware.nix | 10 - classes/headful/location.nix | 3 - classes/headful/mullvad.nix | 6 - classes/headful/networking.nix | 10 - classes/headful/pipewire.nix | 11 - classes/headful/printing.nix | 6 - classes/headful/wayland.nix | 6 - classes/headful/xdg.nix | 3 - classes/headless/networking.nix | 3 - classes/headless/time.nix | 3 - common/agenix.nix | 3 +- common/boot.nix | 11 +- common/bottom.nix | 5 +- common/fish.nix | 3 +- common/gc.nix | 7 - common/gitui.nix | 3 +- common/helix.nix | 25 +- common/networking.nix | 8 +- common/nh.nix | 17 + common/nix-index-database.nix | 3 +- common/nix.nix | 8 +- common/pubkeys.nix | 10 +- common/puter.nix | 12 - common/ripgrep.nix | 3 +- common/rsync.nix | 25 + common/shpool.nix | 6 + common/ssh.nix | 2 +- common/syncthing.nix | 6 +- common/tailscale.nix | 3 +- common/users.nix | 10 +- common/wheel.nix | 3 +- common/zellij.nix | 3 +- devenv.nix | 21 - flake.lock | 657 +++++++----------- flake.nix | 88 +-- hosts/{headless => }/abacus/acme.nix | 0 .../{headless => }/abacus/authorized-keys.nix | 3 +- hosts/{headless => }/abacus/filesystems.nix | 7 +- hosts/{headless => }/abacus/forgejo.nix | 46 +- hosts/{headless => }/abacus/hardware.nix | 11 +- hosts/{headless => }/abacus/headscale.nix | 16 +- hosts/{headless => }/abacus/mealie.nix | 16 +- hosts/{headless => }/abacus/navidrome.nix | 16 +- hosts/abacus/networking.nix | 23 + hosts/abacus/nginx.nix | 32 + hosts/{headless => }/abacus/postgresql.nix | 0 hosts/abacus/restic.nix | 41 ++ hosts/abacus/static-sites.nix | 34 + hosts/{headful/flamingo => abacus}/system.nix | 0 hosts/{headless => }/abacus/vaultwarden.nix | 18 +- .../work => flamingo}/filesystems.nix | 2 +- hosts/{headful => }/flamingo/hardware.nix | 12 +- .../{headful/glacier => flamingo}/system.nix | 0 .../flamingo => glacier}/filesystems.nix | 2 +- hosts/{headful => }/glacier/hardware.nix | 18 +- hosts/glacier/profiles.nix | 9 + .../{headful/insomniac => glacier}/system.nix | 0 hosts/{headful => }/glacier/users.nix | 0 hosts/headful/flamingo/libreoffice.nix | 5 - hosts/headful/flamingo/librewolf.nix | 5 - hosts/headful/flamingo/mpv.nix | 5 - hosts/headful/flamingo/supersonic.nix | 5 - hosts/headful/glacier/gimp.nix | 5 - hosts/headful/glacier/inkscape.nix | 5 - hosts/headful/glacier/lanzaboote.nix | 3 - hosts/headful/glacier/libreoffice.nix | 5 - hosts/headful/glacier/librewolf.nix | 5 - hosts/headful/glacier/mpv.nix | 5 - hosts/headful/glacier/steam.nix | 6 - hosts/headful/glacier/supersonic.nix | 5 - hosts/headful/insomniac/cosmic.nix | 17 - hosts/headful/insomniac/dolphin.nix | 5 - hosts/headful/insomniac/flatpak.nix | 6 - hosts/headful/insomniac/freetube.nix | 5 - hosts/headful/insomniac/rmg.nix | 5 - hosts/headful/insomniac/steam.nix | 5 - hosts/headful/insomniac/supersonic.nix | 5 - hosts/headful/work/kubectl.nix | 6 - hosts/headful/work/php.nix | 95 --- hosts/headful/work/supersonic.nix | 5 - hosts/headful/work/syncthing.nix | 3 - hosts/headless/abacus/backup.nix | 30 - hosts/headless/abacus/networking.nix | 18 - hosts/headless/abacus/nginx.nix | 30 - hosts/headless/abacus/static-sites.nix | 32 - hosts/headless/vessel/backup.nix | 61 -- hosts/headless/vessel/blocky.nix | 27 - hosts/headless/vessel/filesystems.nix | 14 - hosts/headless/vessel/musicomp.nix | 37 - hosts/headless/vessel/storage.nix | 27 - hosts/{headful => }/insomniac/filesystems.nix | 2 +- hosts/insomniac/freetube.nix | 6 + hosts/{headful => }/insomniac/hardware.nix | 15 +- hosts/{headful/work => insomniac}/system.nix | 0 hosts/{headful => }/insomniac/users.nix | 6 +- hosts/vessel/filesystems.nix | 24 + hosts/{headless => }/vessel/hardware.nix | 14 +- hosts/vessel/musicomp.nix | 45 ++ hosts/vessel/restic.nix | 56 ++ hosts/vessel/rsync.nix | 7 + hosts/vessel/storage.nix | 16 + hosts/{headless/abacus => vessel}/system.nix | 0 hosts/{headful => }/work/docker.nix | 3 +- .../{headful/glacier => work}/filesystems.nix | 2 +- hosts/{headful => }/work/hardware.nix | 17 +- hosts/{headful => }/work/hosts.nix | 0 hosts/work/php.nix | 22 + hosts/{headful => }/work/plasma.nix | 5 +- hosts/{headless/vessel => work}/system.nix | 0 hosts/{headful => }/work/tools.nix | 3 +- hosts/{headful => }/work/users.nix | 6 +- lib.nix | 97 ++- modules/gcadapter.nix | 27 + modules/main-user.nix | 6 +- modules/rsync.nix | 208 ++++++ modules/secure-boot.nix | 28 - modules/user-types.nix | 25 +- profiles/desktop/clipboard.nix | 16 + profiles/desktop/compat.nix | 33 + profiles/desktop/cosmic.nix | 29 + profiles/desktop/default.nix | 29 + profiles/desktop/firefox.nix | 25 + profiles/desktop/fonts.nix | 48 ++ profiles/desktop/hardware.nix | 22 + profiles/desktop/location.nix | 13 + profiles/desktop/networking.nix | 20 + profiles/desktop/pipewire.nix | 21 + profiles/desktop/printing.nix | 16 + profiles/desktop/supersonic.nix | 16 + profiles/desktop/vesktop.nix | 17 + profiles/desktop/wayland.nix | 16 + profiles/desktop/xdg.nix | 13 + profiles/desktop/zk.nix | 16 + profiles/emulation/cemu.nix | 16 + profiles/emulation/default.nix | 18 + profiles/emulation/dolphin.nix | 16 + profiles/emulation/rmg.nix | 16 + profiles/gaming/default.nix | 18 + .../headful => profiles/gaming}/gamemode.nix | 8 +- profiles/gaming/prismlauncher.nix | 16 + profiles/gaming/steam.nix | 20 + profiles/piracy/default.nix | 18 + profiles/piracy/mullvad.nix | 17 + profiles/piracy/qbittorrent.nix | 16 + profiles/productivity/default.nix | 18 + profiles/productivity/gimp.nix | 16 + profiles/productivity/inkscape.nix | 16 + profiles/productivity/libreoffice.nix | 16 + profiles/server/default.nix | 3 + .../headless => profiles/server}/grafana.nix | 2 +- .../headless => profiles/server}/loki.nix | 2 +- profiles/server/networking.nix | 13 + .../server}/prometheus.nix | 2 +- .../headless => profiles/server}/promtail.nix | 2 +- profiles/server/time.nix | 13 + pubkeys.nix | 6 +- secrets/secrets.nix | 22 +- symfony-cli/package.nix | 72 -- 165 files changed, 1815 insertions(+), 1431 deletions(-) delete mode 100644 classes/headful/clipboard.nix delete mode 100644 classes/headful/codium.nix delete mode 100644 classes/headful/cosmic.nix delete mode 100644 classes/headful/devenv.nix delete mode 100644 classes/headful/flatpak.nix delete mode 100644 classes/headful/fonts.nix delete mode 100644 classes/headful/hardware.nix delete mode 100644 classes/headful/location.nix delete mode 100644 classes/headful/mullvad.nix delete mode 100644 classes/headful/networking.nix delete mode 100644 classes/headful/pipewire.nix delete mode 100644 classes/headful/printing.nix delete mode 100644 classes/headful/wayland.nix delete mode 100644 classes/headful/xdg.nix delete mode 100644 classes/headless/networking.nix delete mode 100644 classes/headless/time.nix delete mode 100644 common/gc.nix create mode 100644 common/nh.nix delete mode 100644 common/puter.nix create mode 100644 common/rsync.nix create mode 100644 common/shpool.nix delete mode 100644 devenv.nix rename hosts/{headless => }/abacus/acme.nix (100%) rename hosts/{headless => }/abacus/authorized-keys.nix (82%) rename hosts/{headless => }/abacus/filesystems.nix (71%) rename hosts/{headless => }/abacus/forgejo.nix (65%) rename hosts/{headless => }/abacus/hardware.nix (52%) rename hosts/{headless => }/abacus/headscale.nix (68%) rename hosts/{headless => }/abacus/mealie.nix (61%) rename hosts/{headless => }/abacus/navidrome.nix (59%) create mode 100644 hosts/abacus/networking.nix create mode 100644 hosts/abacus/nginx.nix rename hosts/{headless => }/abacus/postgresql.nix (100%) create mode 100644 hosts/abacus/restic.nix create mode 100644 hosts/abacus/static-sites.nix rename hosts/{headful/flamingo => abacus}/system.nix (100%) rename hosts/{headless => }/abacus/vaultwarden.nix (71%) rename hosts/{headful/work => flamingo}/filesystems.nix (84%) rename hosts/{headful => }/flamingo/hardware.nix (68%) rename hosts/{headful/glacier => flamingo}/system.nix (100%) rename hosts/{headful/flamingo => glacier}/filesystems.nix (84%) rename hosts/{headful => }/glacier/hardware.nix (58%) create mode 100644 hosts/glacier/profiles.nix rename hosts/{headful/insomniac => glacier}/system.nix (100%) rename hosts/{headful => }/glacier/users.nix (100%) delete mode 100644 hosts/headful/flamingo/libreoffice.nix delete mode 100644 hosts/headful/flamingo/librewolf.nix delete mode 100644 hosts/headful/flamingo/mpv.nix delete mode 100644 hosts/headful/flamingo/supersonic.nix delete mode 100644 hosts/headful/glacier/gimp.nix delete mode 100644 hosts/headful/glacier/inkscape.nix delete mode 100644 hosts/headful/glacier/lanzaboote.nix delete mode 100644 hosts/headful/glacier/libreoffice.nix delete mode 100644 hosts/headful/glacier/librewolf.nix delete mode 100644 hosts/headful/glacier/mpv.nix delete mode 100644 hosts/headful/glacier/steam.nix delete mode 100644 hosts/headful/glacier/supersonic.nix delete mode 100644 hosts/headful/insomniac/cosmic.nix delete mode 100644 hosts/headful/insomniac/dolphin.nix delete mode 100644 hosts/headful/insomniac/flatpak.nix delete mode 100644 hosts/headful/insomniac/freetube.nix delete mode 100644 hosts/headful/insomniac/rmg.nix delete mode 100644 hosts/headful/insomniac/steam.nix delete mode 100644 hosts/headful/insomniac/supersonic.nix delete mode 100644 hosts/headful/work/kubectl.nix delete mode 100644 hosts/headful/work/php.nix delete mode 100644 hosts/headful/work/supersonic.nix delete mode 100644 hosts/headful/work/syncthing.nix delete mode 100644 hosts/headless/abacus/backup.nix delete mode 100644 hosts/headless/abacus/networking.nix delete mode 100644 hosts/headless/abacus/nginx.nix delete mode 100644 hosts/headless/abacus/static-sites.nix delete mode 100644 hosts/headless/vessel/backup.nix delete mode 100644 hosts/headless/vessel/blocky.nix delete mode 100644 hosts/headless/vessel/filesystems.nix delete mode 100644 hosts/headless/vessel/musicomp.nix delete mode 100644 hosts/headless/vessel/storage.nix rename hosts/{headful => }/insomniac/filesystems.nix (71%) create mode 100644 hosts/insomniac/freetube.nix rename hosts/{headful => }/insomniac/hardware.nix (65%) rename hosts/{headful/work => insomniac}/system.nix (100%) rename hosts/{headful => }/insomniac/users.nix (93%) create mode 100644 hosts/vessel/filesystems.nix rename hosts/{headless => }/vessel/hardware.nix (66%) create mode 100644 hosts/vessel/musicomp.nix create mode 100644 hosts/vessel/restic.nix create mode 100644 hosts/vessel/rsync.nix create mode 100644 hosts/vessel/storage.nix rename hosts/{headless/abacus => vessel}/system.nix (100%) rename hosts/{headful => }/work/docker.nix (97%) rename hosts/{headful/glacier => work}/filesystems.nix (84%) rename hosts/{headful => }/work/hardware.nix (62%) rename hosts/{headful => }/work/hosts.nix (100%) create mode 100644 hosts/work/php.nix rename hosts/{headful => }/work/plasma.nix (90%) rename hosts/{headless/vessel => work}/system.nix (100%) rename hosts/{headful => }/work/tools.nix (88%) rename hosts/{headful => }/work/users.nix (93%) create mode 100644 modules/gcadapter.nix create mode 100644 modules/rsync.nix delete mode 100644 modules/secure-boot.nix create mode 100644 profiles/desktop/clipboard.nix create mode 100644 profiles/desktop/compat.nix create mode 100644 profiles/desktop/cosmic.nix create mode 100644 profiles/desktop/default.nix create mode 100644 profiles/desktop/firefox.nix create mode 100644 profiles/desktop/fonts.nix create mode 100644 profiles/desktop/hardware.nix create mode 100644 profiles/desktop/location.nix create mode 100644 profiles/desktop/networking.nix create mode 100644 profiles/desktop/pipewire.nix create mode 100644 profiles/desktop/printing.nix create mode 100644 profiles/desktop/supersonic.nix create mode 100644 profiles/desktop/vesktop.nix create mode 100644 profiles/desktop/wayland.nix create mode 100644 profiles/desktop/xdg.nix create mode 100644 profiles/desktop/zk.nix create mode 100644 profiles/emulation/cemu.nix create mode 100644 profiles/emulation/default.nix create mode 100644 profiles/emulation/dolphin.nix create mode 100644 profiles/emulation/rmg.nix create mode 100644 profiles/gaming/default.nix rename {classes/headful => profiles/gaming}/gamemode.nix (82%) create mode 100644 profiles/gaming/prismlauncher.nix create mode 100644 profiles/gaming/steam.nix create mode 100644 profiles/piracy/default.nix create mode 100644 profiles/piracy/mullvad.nix create mode 100644 profiles/piracy/qbittorrent.nix create mode 100644 profiles/productivity/default.nix create mode 100644 profiles/productivity/gimp.nix create mode 100644 profiles/productivity/inkscape.nix create mode 100644 profiles/productivity/libreoffice.nix create mode 100644 profiles/server/default.nix rename {classes/headless => profiles/server}/grafana.nix (99%) rename {classes/headless => profiles/server}/loki.nix (99%) create mode 100644 profiles/server/networking.nix rename {classes/headless => profiles/server}/prometheus.nix (99%) rename {classes/headless => profiles/server}/promtail.nix (99%) create mode 100644 profiles/server/time.nix delete mode 100644 symfony-cli/package.nix diff --git a/.envrc b/.envrc index cb982f0..3550a30 100644 --- a/.envrc +++ b/.envrc @@ -1,9 +1 @@ -watch_file flake.nix -watch_file flake.lock - -DEVENV_ROOT_FILE="$(mktemp)" -printf %s "$PWD" > "$DEVENV_ROOT_FILE" -if ! use flake . --override-input devenv-root "file+file://$DEVENV_ROOT_FILE" -then - echo "devenv could not be built. The devenv environment was not loaded. Make the necessary changes to devenv.nix and hit enter to try again." >&2 -fi +use flake diff --git a/classes/headful/clipboard.nix b/classes/headful/clipboard.nix deleted file mode 100644 index cab0c1c..0000000 --- a/classes/headful/clipboard.nix +++ /dev/null @@ -1,3 +0,0 @@ -{pkgs, ...}: { - environment.systemPackages = [pkgs.wl-clipboard]; -} diff --git a/classes/headful/codium.nix b/classes/headful/codium.nix deleted file mode 100644 index 9361621..0000000 --- a/classes/headful/codium.nix +++ /dev/null @@ -1,6 +0,0 @@ -{pkgs, ...}: { - # TODO: wrap - environment.systemPackages = [ - pkgs.vscodium - ]; -} diff --git a/classes/headful/cosmic.nix b/classes/headful/cosmic.nix deleted file mode 100644 index 29a20ad..0000000 --- a/classes/headful/cosmic.nix +++ /dev/null @@ -1,17 +0,0 @@ -{inputs, ...}: { - imports = [ - inputs.nixos-cosmic.nixosModules.default - ]; - - nix.settings = { - substituters = ["https://cosmic.cachix.org"]; - trusted-public-keys = ["cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="]; - }; - - services = { - desktopManager.cosmic.enable = true; - displayManager.cosmic-greeter.enable = true; - }; - - environment.sessionVariables.COSMIC_DATA_CONTROL_ENABLED = 1; -} diff --git a/classes/headful/devenv.nix b/classes/headful/devenv.nix deleted file mode 100644 index 32fb44b..0000000 --- a/classes/headful/devenv.nix +++ /dev/null @@ -1,3 +0,0 @@ -{pkgs, ...}: { - environment.systemPackages = [pkgs.devenv]; -} diff --git a/classes/headful/flatpak.nix b/classes/headful/flatpak.nix deleted file mode 100644 index 752a25e..0000000 --- a/classes/headful/flatpak.nix +++ /dev/null @@ -1,7 +0,0 @@ -{inputs, ...}: { - imports = [ - inputs.flatpak.nixosModules.nix-flatpak - ]; - - services.flatpak.enable = true; -} diff --git a/classes/headful/fonts.nix b/classes/headful/fonts.nix deleted file mode 100644 index bf59051..0000000 --- a/classes/headful/fonts.nix +++ /dev/null @@ -1,27 +0,0 @@ -{pkgs, ...}: { - fonts = { - enableDefaultPackages = true; - packages = [ - pkgs.noto-fonts - pkgs.noto-fonts-extra - pkgs.noto-fonts-cjk-sans - pkgs.noto-fonts-cjk-serif - pkgs.noto-fonts-monochrome-emoji - pkgs.noto-fonts-color-emoji - pkgs.nerd-fonts.fira-code - ]; - - fontconfig = { - enable = true; - - defaultFonts = { - monospace = ["FiraCode Nerd Font"]; - sansSerif = ["Noto Sans"]; - serif = ["Noto Serif"]; - emoji = ["Noto Color Emoji" "Noto Emoji"]; - }; - }; - - fontDir.enable = true; - }; -} diff --git a/classes/headful/hardware.nix b/classes/headful/hardware.nix deleted file mode 100644 index a49266b..0000000 --- a/classes/headful/hardware.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ - hardware = { - bluetooth.enable = true; - steam-hardware.enable = true; - xone.enable = true; - xpadneo.enable = true; - opentabletdriver.enable = true; - graphics.enable = true; - }; -} diff --git a/classes/headful/location.nix b/classes/headful/location.nix deleted file mode 100644 index 474ee00..0000000 --- a/classes/headful/location.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - location.provider = "geoclue2"; -} diff --git a/classes/headful/mullvad.nix b/classes/headful/mullvad.nix deleted file mode 100644 index 31d3c05..0000000 --- a/classes/headful/mullvad.nix +++ /dev/null @@ -1,6 +0,0 @@ -{pkgs, ...}: { - services.mullvad-vpn = { - enable = true; - package = pkgs.mullvad-vpn; - }; -} diff --git a/classes/headful/networking.nix b/classes/headful/networking.nix deleted file mode 100644 index d7cd8c0..0000000 --- a/classes/headful/networking.nix +++ /dev/null @@ -1,10 +0,0 @@ -{config, ...}: { - services.resolved.enable = true; - - networking.networkmanager = { - enable = true; - dns = "systemd-resolved"; - }; - - users.groups.networkmanager.members = config.users.normalUsers; -} diff --git a/classes/headful/pipewire.nix b/classes/headful/pipewire.nix deleted file mode 100644 index 157b2af..0000000 --- a/classes/headful/pipewire.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ - security.rtkit.enable = true; - - services.pipewire = { - enable = true; - wireplumber.enable = true; - alsa.enable = true; - pulse.enable = true; - jack.enable = true; - }; -} diff --git a/classes/headful/printing.nix b/classes/headful/printing.nix deleted file mode 100644 index cc77e7e..0000000 --- a/classes/headful/printing.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - services.printing = { - enable = true; - webInterface = true; - }; -} diff --git a/classes/headful/wayland.nix b/classes/headful/wayland.nix deleted file mode 100644 index d11e343..0000000 --- a/classes/headful/wayland.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - environment.sessionVariables = { - NIXOS_OZONE_WL = "1"; - SDL_VIDEODRIVER = "wayland"; - }; -} diff --git a/classes/headful/xdg.nix b/classes/headful/xdg.nix deleted file mode 100644 index a5a81d9..0000000 --- a/classes/headful/xdg.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - xdg.portal.xdgOpenUsePortal = true; -} diff --git a/classes/headless/networking.nix b/classes/headless/networking.nix deleted file mode 100644 index 027e7df..0000000 --- a/classes/headless/networking.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - networking.useNetworkd = true; -} diff --git a/classes/headless/time.nix b/classes/headless/time.nix deleted file mode 100644 index 47f2e72..0000000 --- a/classes/headless/time.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - time.timeZone = "UTC"; -} diff --git a/common/agenix.nix b/common/agenix.nix index aff3765..7e212a1 100644 --- a/common/agenix.nix +++ b/common/agenix.nix @@ -1,4 +1,5 @@ -{inputs, ...}: { +{ inputs, ... }: +{ imports = [ inputs.agenix.nixosModules.default ]; diff --git a/common/boot.nix b/common/boot.nix index ce488d2..d5a4930 100644 --- a/common/boot.nix +++ b/common/boot.nix @@ -1,5 +1,6 @@ +{ config, ... }: { - fileSystems."/boot" = { + fileSystems.${config.boot.loader.efi.efiSysMountPoint} = { label = "BOOT"; fsType = "vfat"; }; @@ -16,6 +17,12 @@ efiSysMountPoint = "/boot"; }; }; - tmp.cleanOnBoot = true; + + # TODO + tmp = { + useTmpfs = true; + tmpfsSize = "50%"; + cleanOnBoot = true; + }; }; } diff --git a/common/bottom.nix b/common/bottom.nix index fcb62d0..0dd6c8b 100644 --- a/common/bottom.nix +++ b/common/bottom.nix @@ -1,3 +1,4 @@ -{pkgs, ...}: { - environment.systemPackages = [pkgs.bottom]; +{ pkgs, ... }: +{ + environment.systemPackages = [ pkgs.bottom ]; } diff --git a/common/fish.nix b/common/fish.nix index b54be6e..1abe9c7 100644 --- a/common/fish.nix +++ b/common/fish.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ programs.fish.enable = true; users.defaultUserShell = pkgs.fish; diff --git a/common/gc.nix b/common/gc.nix deleted file mode 100644 index 62342bb..0000000 --- a/common/gc.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ - nix.gc = { - automatic = true; - dates = "daily"; - options = "--delete-older-than 7d"; - }; -} diff --git a/common/gitui.nix b/common/gitui.nix index e7d891e..5c91753 100644 --- a/common/gitui.nix +++ b/common/gitui.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ environment.systemPackages = [ pkgs.gitui ]; diff --git a/common/helix.nix b/common/helix.nix index 6cfd9fa..f654cc1 100644 --- a/common/helix.nix +++ b/common/helix.nix @@ -1,16 +1,21 @@ { + inputs, lib, pkgs, ... -}: let - package = pkgs.helix; -in { - environment.systemPackages = [package]; +}: +let + package = inputs.hxwrap.packages.${pkgs.system}.default; +in +{ + environment.systemPackages = [ package ]; - environment.sessionVariables = let - exe = builtins.baseNameOf (lib.getExe package); - in { - EDITOR = exe; - VISUAL = exe; - }; + environment.sessionVariables = + let + exe = builtins.baseNameOf (lib.getExe package); + in + { + EDITOR = exe; + VISUAL = exe; + }; } diff --git a/common/networking.nix b/common/networking.nix index 654e427..5f1a984 100644 --- a/common/networking.nix +++ b/common/networking.nix @@ -1,5 +1,9 @@ -{pkgs, ...}: { - networking.nftables.enable = true; +{ attrName, pkgs, ... }: +{ + networking = { + hostName = attrName; + nftables.enable = true; + }; environment.systemPackages = [ pkgs.nixos-firewall-tool diff --git a/common/nh.nix b/common/nh.nix new file mode 100644 index 0000000..92b865a --- /dev/null +++ b/common/nh.nix @@ -0,0 +1,17 @@ +{ + pkgs, + self, + ... +}: +{ + programs.nh = { + enable = true; + clean = { + enable = true; + extraArgs = "--keep 5 --keep-since 1w"; + dates = "weekly"; + }; + }; + + environment.sessionVariables.NH_FLAKE = "git+https://forgejo@forgejo.helveticanonstandard.net/helvetica/puter.git"; # TODO +} diff --git a/common/nix-index-database.nix b/common/nix-index-database.nix index c8b6d0d..d545e20 100644 --- a/common/nix-index-database.nix +++ b/common/nix-index-database.nix @@ -1,4 +1,5 @@ -{inputs, ...}: { +{ inputs, ... }: +{ imports = [ inputs.nix-index-database.nixosModules.nix-index ]; diff --git a/common/nix.nix b/common/nix.nix index fe2be20..806b91f 100644 --- a/common/nix.nix +++ b/common/nix.nix @@ -3,16 +3,17 @@ inputs, lib, ... -}: { +}: +{ nix = { - registry = lib.mapAttrs (_: value: {flake = value;}) inputs; + registry = lib.mapAttrs (_: value: { flake = value; }) inputs; nixPath = lib.mapAttrsToList (key: _: "${key}=flake:${key}") config.nix.registry; optimise.automatic = true; settings = { - trusted-users = ["root"] ++ config.users.normalUsers; + trusted-users = [ "root" ] ++ config.users.normalUsers; experimental-features = [ "nix-command" "flakes" @@ -24,5 +25,4 @@ }; nixpkgs.config.allowUnfree = true; - hardware.enableAllFirmware = true; } diff --git a/common/pubkeys.nix b/common/pubkeys.nix index 6672a26..46594fd 100644 --- a/common/pubkeys.nix +++ b/common/pubkeys.nix @@ -2,10 +2,12 @@ lib, self, ... -}: { - options.pubkeys = let - inherit (lib) types; - in +}: +{ + options.pubkeys = + let + inherit (lib) types; + in lib.mkOption { type = types.attrsOf (types.attrsOf types.str); description = '' diff --git a/common/puter.nix b/common/puter.nix deleted file mode 100644 index 9304941..0000000 --- a/common/puter.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ - pkgs, - self, - ... -}: { - environment = { - systemPackages = [ - self.packages.${pkgs.system}.puter - ]; - sessionVariables.PUTER_FLAKEREF = "git+https://forgejo@tea.wrz.one/lukas/puter.git"; - }; -} diff --git a/common/ripgrep.nix b/common/ripgrep.nix index 6094a55..26795af 100644 --- a/common/ripgrep.nix +++ b/common/ripgrep.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ environment.systemPackages = [ pkgs.ripgrep ]; diff --git a/common/rsync.nix b/common/rsync.nix new file mode 100644 index 0000000..5cdad8e --- /dev/null +++ b/common/rsync.nix @@ -0,0 +1,25 @@ +{ + lib, + pkgs, + ... +}: +{ + #services.rsync = { + # enable = true; + + # commonArgs = let + # rsh = "${lib.getExe pkgs.openssh} -i /etc/ssh/ssh_host_ed25519_key -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"; + # in [ + # "--verbose" + # "--verbose" + # "--archive" + # "--update" + # "--delete" + # "--mkpath" + # "--exclude" + # "lost+found" + # "--rsh" + # rsh + # ]; + #}; +} diff --git a/common/shpool.nix b/common/shpool.nix new file mode 100644 index 0000000..ba510bf --- /dev/null +++ b/common/shpool.nix @@ -0,0 +1,6 @@ +{ pkgs, ... }: +{ + environment.systemPackages = [ + pkgs.shpool + ]; +} diff --git a/common/ssh.nix b/common/ssh.nix index 29b1e6c..a80f958 100644 --- a/common/ssh.nix +++ b/common/ssh.nix @@ -1,5 +1,5 @@ { - age.identityPaths = ["/etc/ssh/ssh_host_ed25519_key"]; + age.identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; services.openssh = { enable = true; diff --git a/common/syncthing.nix b/common/syncthing.nix index 7b6c8ad..647ee15 100644 --- a/common/syncthing.nix +++ b/common/syncthing.nix @@ -1,6 +1,8 @@ -{config, ...}: let +{ config, ... }: +let inherit (config.networking) hostName; -in { +in +{ services.syncthing = { enable = true; systemService = true; diff --git a/common/tailscale.nix b/common/tailscale.nix index 12922dd..1f87127 100644 --- a/common/tailscale.nix +++ b/common/tailscale.nix @@ -1,4 +1,5 @@ -{config, ...}: { +{ config, ... }: +{ services.tailscale = { enable = true; openFirewall = true; diff --git a/common/users.nix b/common/users.nix index 5ba4530..da7995a 100644 --- a/common/users.nix +++ b/common/users.nix @@ -2,10 +2,12 @@ config, lib, ... -}: let +}: +let inherit (config.users) mainUser; -in { - age.secrets = lib.mkSecrets {"user-${mainUser}" = {};}; +in +{ + age.secrets = lib.mkSecrets { "user-${mainUser}" = { }; }; users = { mutableUsers = false; @@ -20,7 +22,7 @@ in { isNormalUser = true; hashedPasswordFile = config.age.secrets."user-${mainUser}".path; openssh.authorizedKeys.keys = builtins.attrValues config.pubkeys.users; - extraGroups = ["wheel"]; #TODO remove + extraGroups = [ "wheel" ]; # TODO remove }; }; }; diff --git a/common/wheel.nix b/common/wheel.nix index 8481639..0c17216 100644 --- a/common/wheel.nix +++ b/common/wheel.nix @@ -1,3 +1,4 @@ -{config, ...}: { +{ config, ... }: +{ users.groups.wheel.members = config.users.normalUsers; } diff --git a/common/zellij.nix b/common/zellij.nix index c97e1f7..eaf8886 100644 --- a/common/zellij.nix +++ b/common/zellij.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ environment.systemPackages = [ pkgs.zellij ]; diff --git a/devenv.nix b/devenv.nix deleted file mode 100644 index a80aa4f..0000000 --- a/devenv.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ - languages.python.enable = true; - - pre-commit.hooks = { - # Nix - alejandra.enable = true; - deadnix.enable = true; - statix.enable = true; - - # Flakes - flake-checker.enable = true; - - # Shell - shellcheck.enable = true; - - # Python - pyright.enable = true; - ruff.enable = true; - ruff-format.enable = true; - }; -} diff --git a/flake.lock b/flake.lock index af8f13e..6f17782 100644 --- a/flake.lock +++ b/flake.lock @@ -8,11 +8,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1736955230, - "narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=", + "lastModified": 1745630506, + "narHash": "sha256-bHCFgGeu8XjWlVuaWzi3QONjDW3coZDqSHvnd4l7xus=", "owner": "ryantm", "repo": "agenix", - "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c", + "rev": "96e078c646b711aee04b82ba01aefbff87004ded", "type": "github" }, "original": { @@ -21,49 +21,6 @@ "type": "github" } }, - "cachix": { - "inputs": { - "devenv": [ - "devenv" - ], - "flake-compat": [ - "devenv" - ], - "git-hooks": [ - "devenv" - ], - "nixpkgs": "nixpkgs_2" - }, - "locked": { - "lastModified": 1742042642, - "narHash": "sha256-D0gP8srrX0qj+wNYNPdtVJsQuFzIng3q43thnHXQ/es=", - "owner": "cachix", - "repo": "cachix", - "rev": "a624d3eaf4b1d225f918de8543ed739f2f574203", - "type": "github" - }, - "original": { - "owner": "cachix", - "ref": "latest", - "repo": "cachix", - "type": "github" - } - }, - "crane": { - "locked": { - "lastModified": 1731098351, - "narHash": "sha256-HQkYvKvaLQqNa10KEFGgWHfMAbWBfFp+4cAgkut+NNE=", - "owner": "ipetkov", - "repo": "crane", - "rev": "ef80ead953c1b28316cc3f8613904edc2eb90c28", - "type": "github" - }, - "original": { - "owner": "ipetkov", - "repo": "crane", - "type": "github" - } - }, "darwin": { "inputs": { "nixpkgs": [ @@ -72,11 +29,11 @@ ] }, "locked": { - "lastModified": 1700795494, - "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", + "lastModified": 1744478979, + "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", + "rev": "43975d782b418ebf4969e9ccba82466728c2851b", "type": "github" }, "original": { @@ -86,40 +43,6 @@ "type": "github" } }, - "devenv": { - "inputs": { - "cachix": "cachix", - "flake-compat": "flake-compat", - "git-hooks": "git-hooks", - "nix": "nix", - "nixpkgs": "nixpkgs_4" - }, - "locked": { - "lastModified": 1744298740, - "narHash": "sha256-m5RnbHQqYQhQA4ntohXlJsiIsOAKx+pz/vOC+E+FmHg=", - "owner": "cachix", - "repo": "devenv", - "rev": "028c6a38fb0284c96691176bd31626bf36981129", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "devenv", - "type": "github" - } - }, - "devenv-root": { - "flake": false, - "locked": { - "narHash": "sha256-d6xi4mKdjkX2JFicDIv5niSzpyI0m/Hnm8GGAIU04kY=", - "type": "file", - "url": "file:///dev/null" - }, - "original": { - "type": "file", - "url": "file:///dev/null" - } - }, "flake-compat": { "flake": false, "locked": { @@ -139,27 +62,11 @@ "flake-compat_2": { "flake": false, "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_3": { - "flake": false, - "locked": { - "lastModified": 1717312683, - "narHash": "sha256-FrlieJH50AuvagamEvWMIE6D2OAnERuDboFDYAED/dE=", + "lastModified": 1746162366, + "narHash": "sha256-5SSSZ/oQkwfcAz/o/6TlejlVGqeK08wyREBQ5qFFPhM=", "owner": "nix-community", "repo": "flake-compat", - "rev": "38fd3954cf65ce6faf3d0d45cd26059e059f07ea", + "rev": "0f158086a2ecdbb138cd0429410e44994f1b7e4b", "type": "github" }, "original": { @@ -168,45 +75,7 @@ "type": "github" } }, - "flake-compat_4": { - "flake": false, - "locked": { - "lastModified": 1733328505, - "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-parts": { - "inputs": { - "nixpkgs-lib": [ - "devenv", - "nix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1712014858, - "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_2": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" }, @@ -224,28 +93,7 @@ "type": "github" } }, - "flake-parts_3": { - "inputs": { - "nixpkgs-lib": [ - "lanzaboote", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1730504689, - "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "506278e768c2a08bec68eb62932193e341f55c90", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_4": { + "flake-parts_2": { "inputs": { "nixpkgs-lib": "nixpkgs-lib_2" }, @@ -263,98 +111,89 @@ "type": "github" } }, - "flatpak": { + "flake-parts_3": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib_3" + }, "locked": { - "lastModified": 1739444422, - "narHash": "sha256-iAVVHi7X3kWORftY+LVbRiStRnQEob2TULWyjMS6dWg=", - "owner": "gmodena", - "repo": "nix-flatpak", - "rev": "5e54c3ca05a7c7d968ae1ddeabe01d2a9bc1e177", + "lastModified": 1743550720, + "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "c621e8422220273271f52058f618c94e405bb0f5", "type": "github" }, "original": { - "owner": "gmodena", - "ref": "latest", - "repo": "nix-flatpak", + "owner": "hercules-ci", + "repo": "flake-parts", "type": "github" } }, - "git-hooks": { + "flake-parts_4": { "inputs": { - "flake-compat": [ - "devenv" - ], - "gitignore": "gitignore", - "nixpkgs": [ - "devenv", - "nixpkgs" - ] + "nixpkgs-lib": "nixpkgs-lib_4" }, "locked": { - "lastModified": 1742649964, - "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=", - "owner": "cachix", - "repo": "git-hooks.nix", - "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82", + "lastModified": 1743550720, + "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "c621e8422220273271f52058f618c94e405bb0f5", "type": "github" }, "original": { - "owner": "cachix", - "repo": "git-hooks.nix", + "owner": "hercules-ci", + "repo": "flake-parts", "type": "github" } }, - "gitignore": { + "flake-parts_5": { "inputs": { - "nixpkgs": [ - "devenv", - "git-hooks", - "nixpkgs" - ] + "nixpkgs-lib": "nixpkgs-lib_5" }, "locked": { - "lastModified": 1709087332, - "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "lastModified": 1743550720, + "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", "owner": "hercules-ci", - "repo": "gitignore.nix", - "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "repo": "flake-parts", + "rev": "c621e8422220273271f52058f618c94e405bb0f5", "type": "github" }, "original": { "owner": "hercules-ci", - "repo": "gitignore.nix", + "repo": "flake-parts", "type": "github" } }, - "gitignore_2": { + "forgesync": { "inputs": { - "nixpkgs": [ - "lanzaboote", - "pre-commit-hooks-nix", - "nixpkgs" - ] + "flake-parts": "flake-parts_2", + "nixpkgs": "nixpkgs_2", + "pyproject-build-systems": "pyproject-build-systems", + "pyproject-nix": "pyproject-nix", + "uv2nix": "uv2nix" }, "locked": { - "lastModified": 1709087332, - "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", - "owner": "hercules-ci", - "repo": "gitignore.nix", - "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", - "type": "github" + "lastModified": 1746299148, + "narHash": "sha256-OL9j+S8m4zC2dCqjaWLt6Ooc7EzRjJC/olLVj7mqd/M=", + "ref": "refs/heads/main", + "rev": "e2e0f134da1444b298d4a4601390664124d0a5c4", + "revCount": 10, + "type": "git", + "url": "https://codeberg.org/helvetica/forgesync.git" }, "original": { - "owner": "hercules-ci", - "repo": "gitignore.nix", - "type": "github" + "type": "git", + "url": "https://codeberg.org/helvetica/forgesync.git" } }, "hardware": { "locked": { - "lastModified": 1744366945, - "narHash": "sha256-OuLhysErPHl53BBifhesrRumJNhrlSgQDfYOTXfgIMg=", + "lastModified": 1746341346, + "narHash": "sha256-WjupK5Xpc+viJlJWiyPHp/dF4aJItp1BPuFsEdv2/fI=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "1fe3cc2bc5d2dc9c81cb4e63d2f67c1543340df1", + "rev": "0833dc8bbc4ffa9cf9b0cbfccf1c5ec8632fc66e", "type": "github" }, "original": { @@ -371,11 +210,11 @@ ] }, "locked": { - "lastModified": 1703113217, - "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", + "lastModified": 1745494811, + "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=", "owner": "nix-community", "repo": "home-manager", - "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", + "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be", "type": "github" }, "original": { @@ -384,96 +223,62 @@ "type": "github" } }, - "lanzaboote": { + "hxwrap": { "inputs": { - "crane": "crane", - "flake-compat": "flake-compat_2", "flake-parts": "flake-parts_3", - "nixpkgs": "nixpkgs_5", - "pre-commit-hooks-nix": "pre-commit-hooks-nix", - "rust-overlay": "rust-overlay" + "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1737639419, - "narHash": "sha256-AEEDktApTEZ5PZXNDkry2YV2k6t0dTgLPEmAZbnigXU=", - "owner": "nix-community", - "repo": "lanzaboote", - "rev": "a65905a09e2c43ff63be8c0e86a93712361f871e", - "type": "github" + "lastModified": 1745088587, + "narHash": "sha256-85AYHWayJVq/dxgk/S4RH7u6w59Akyr1fVttR8KBh8g=", + "ref": "refs/heads/main", + "rev": "8fa5d5d550add7bf6cfd0a619dfac0e8a03b2bae", + "revCount": 21, + "type": "git", + "url": "https://codeberg.org/helvetica/hxwrap.git" }, "original": { - "owner": "nix-community", - "ref": "v0.4.2", - "repo": "lanzaboote", - "type": "github" - } - }, - "libgit2": { - "flake": false, - "locked": { - "lastModified": 1697646580, - "narHash": "sha256-oX4Z3S9WtJlwvj0uH9HlYcWv+x1hqp8mhXl7HsLu2f0=", - "owner": "libgit2", - "repo": "libgit2", - "rev": "45fd9ed7ae1a9b74b957ef4f337bc3c8b3df01b5", - "type": "github" - }, - "original": { - "owner": "libgit2", - "repo": "libgit2", - "type": "github" + "type": "git", + "url": "https://codeberg.org/helvetica/hxwrap.git" } }, "musicomp": { "inputs": { "flake-parts": "flake-parts_4", - "nixpkgs": "nixpkgs_6" + "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1744068246, - "narHash": "sha256-ZrLuwXT0uRxa4hyMyCe/IG9lKZEqAM+lUgLKcCiZjbA=", + "lastModified": 1744916606, + "narHash": "sha256-6l7xP5DTAc7E+gO2xu9aX5BjyuDNLMdeS6oFFrpsulg=", "ref": "refs/heads/main", - "rev": "66aa356585132605e8bd9cc630fab7416f3caf3d", - "revCount": 2, + "rev": "0c6b26ce38dbc39d360904ddd98eab1159b922e1", + "revCount": 3, "type": "git", - "url": "https://codeberg.org/helveticanonstandard/musicomp.git" + "url": "https://codeberg.org/helvetica/musicomp.git" }, "original": { "type": "git", - "url": "https://codeberg.org/helveticanonstandard/musicomp.git" + "url": "https://codeberg.org/helvetica/musicomp.git" } }, - "nix": { + "myphps": { "inputs": { - "flake-compat": [ - "devenv" - ], - "flake-parts": "flake-parts", - "libgit2": "libgit2", - "nixpkgs": "nixpkgs_3", - "nixpkgs-23-11": [ - "devenv" - ], - "nixpkgs-regression": [ - "devenv" - ], - "pre-commit-hooks": [ - "devenv" - ] + "flake-parts": "flake-parts_5", + "nixpkgs": "nixpkgs_5", + "phps": "phps" }, "locked": { - "lastModified": 1741798497, - "narHash": "sha256-E3j+3MoY8Y96mG1dUIiLFm2tZmNbRvSiyN7CrSKuAVg=", - "owner": "domenkozar", - "repo": "nix", - "rev": "f3f44b2baaf6c4c6e179de8cbb1cc6db031083cd", - "type": "github" + "lastModified": 1746369841, + "narHash": "sha256-/k3MQPXdsXJ0FDEsT1YvBG9ugRXk1nuE9MCb1wAMGQc=", + "ref": "refs/heads/main", + "rev": "dbe35541ef6923f411685434cc535d0854b55b6a", + "revCount": 5, + "type": "git", + "url": "https://codeberg.org/helvetica/myphps.git" }, "original": { - "owner": "domenkozar", - "ref": "devenv-2.24", - "repo": "nix", - "type": "github" + "type": "git", + "url": "https://codeberg.org/helvetica/myphps.git" } }, "nix-index-database": { @@ -483,11 +288,11 @@ ] }, "locked": { - "lastModified": 1743911143, - "narHash": "sha256-4j4JPwr0TXHH4ZyorXN5yIcmqIQr0WYacsuPA4ktONo=", + "lastModified": 1746330942, + "narHash": "sha256-ShizFaJCAST23tSrHHtFFGF0fwd72AG+KhPZFFQX/0o=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "a36f6a7148aec2c77d78e4466215cceb2f5f4bfb", + "rev": "137fd2bd726fff343874f85601b51769b48685cc", "type": "github" }, "original": { @@ -498,17 +303,17 @@ }, "nixos-cosmic": { "inputs": { - "flake-compat": "flake-compat_3", + "flake-compat": "flake-compat_2", "nixpkgs": "nixpkgs_7", - "nixpkgs-stable": "nixpkgs-stable_2", - "rust-overlay": "rust-overlay_2" + "nixpkgs-stable": "nixpkgs-stable", + "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1744369853, - "narHash": "sha256-rVW9J8gMUFj8PsFV2TgNiNuJd8+O+FUizEQgl1ooQFY=", + "lastModified": 1746356902, + "narHash": "sha256-aV2pm+XKEoGE/BuqJwI1zDhtHclzC5BsbSO+SAMFEKk=", "owner": "lilyinstarlight", "repo": "nixos-cosmic", - "rev": "c2b4dd2f85d558c7147bc06c6417f87aa1775ad5", + "rev": "22325997671e2a6f0a2e784db2746267868a33ed", "type": "github" }, "original": { @@ -519,11 +324,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1703013332, - "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=", + "lastModified": 1745391562, + "narHash": "sha256-sPwcCYuiEopaafePqlG826tBhctuJsLx/mhKKM5Fmjo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6", + "rev": "8a2f738d9d1f1d986b5a4cd2fd2061a7127237d7", "type": "github" }, "original": { @@ -563,29 +368,58 @@ "type": "github" } }, - "nixpkgs-stable": { + "nixpkgs-lib_3": { "locked": { - "lastModified": 1730741070, - "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3", + "lastModified": 1743296961, + "narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa", "type": "github" }, "original": { - "owner": "NixOS", - "ref": "nixos-24.05", - "repo": "nixpkgs", + "owner": "nix-community", + "repo": "nixpkgs.lib", "type": "github" } }, - "nixpkgs-stable_2": { + "nixpkgs-lib_4": { "locked": { - "lastModified": 1744168086, - "narHash": "sha256-S9M4HddBCxbbX1CKSyDYgZ8NCVyHcbKnBfoUXeRu2jQ=", + "lastModified": 1743296961, + "narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixpkgs-lib_5": { + "locked": { + "lastModified": 1743296961, + "narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1746183838, + "narHash": "sha256-kwaaguGkAqTZ1oK0yXeQ3ayYjs8u/W7eEfrFpFfIDFA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "60e405b241edb6f0573f3d9f944617fe33ac4a73", + "rev": "bf3287dac860542719fe7554e21e686108716879", "type": "github" }, "original": { @@ -597,11 +431,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1733212471, - "narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=", + "lastModified": 1745526057, + "narHash": "sha256-ITSpPDwvLBZBnPRS2bUcHY3gZSwis/uTe255QgMtTLA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "55d15ad12a74eb7d4646254e13638ad0c4128776", + "rev": "f771eb401a46846c1aebd20552521b233dd7e18b", "type": "github" }, "original": { @@ -613,53 +447,21 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1717432640, - "narHash": "sha256-+f9c4/ZX5MWDOuB1rKoWj+lBNm0z0rs4CK47HBLxy1o=", + "lastModified": 1744932701, + "narHash": "sha256-fusHbZCyv126cyArUwwKrLdCkgVAIaa/fQJYFlCEqiU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "88269ab3044128b7c2f4c7d68448b2fb50456870", + "rev": "b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef", "type": "github" }, "original": { "owner": "NixOS", - "ref": "release-24.05", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_4": { - "locked": { - "lastModified": 1733477122, - "narHash": "sha256-qamMCz5mNpQmgBwc8SB5tVMlD5sbwVIToVZtSxMph9s=", - "owner": "cachix", - "repo": "devenv-nixpkgs", - "rev": "7bd9e84d0452f6d2e63b6e6da29fe73fac951857", - "type": "github" - }, - "original": { - "owner": "cachix", - "ref": "rolling", - "repo": "devenv-nixpkgs", - "type": "github" - } - }, - "nixpkgs_5": { - "locked": { - "lastModified": 1731919951, - "narHash": "sha256-vOM6ETpl1yu9KLi/icTmLJIPbbdJCdAVYUXZceO/Ce4=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "04386ac325a813047fc314d4b4d838a5b1e3c7fe", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable-small", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_6": { "locked": { "lastModified": 1743964447, "narHash": "sha256-nEo1t3Q0F+0jQ36HJfbJtiRU4OI+/0jX/iITURKe3EE=", @@ -675,13 +477,13 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_5": { "locked": { - "lastModified": 1744098102, - "narHash": "sha256-tzCdyIJj9AjysC3OuKA+tMD/kDEDAF9mICPDU7ix0JA=", + "lastModified": 1744463964, + "narHash": "sha256-LWqduOgLHCFxiTNYi3Uj5Lgz0SR+Xhw3kr/3Xd0GPTM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c8cd81426f45942bb2906d5ed2fe21d2f19d95b7", + "rev": "2631b0b7abcea6e640ce31cd78ea58910d31e650", "type": "github" }, "original": { @@ -691,13 +493,13 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_6": { "locked": { - "lastModified": 1743689281, - "narHash": "sha256-y7Hg5lwWhEOgflEHRfzSH96BOt26LaYfrYWzZ+VoVdg=", + "lastModified": 1744502386, + "narHash": "sha256-QAd1L37eU7ktL2WeLLLTmI6P9moz9+a/ONO8qNBYJgM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2bfc080955153be0be56724be6fa5477b4eefabb", + "rev": "f6db44a8daa59c40ae41ba6e5823ec77fe0d2124", "type": "github" }, "original": { @@ -707,18 +509,34 @@ "type": "github" } }, + "nixpkgs_7": { + "locked": { + "lastModified": 1746232882, + "narHash": "sha256-MHmBH2rS8KkRRdoU/feC/dKbdlMkcNkB5mwkuipVHeQ=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "7a2622e2c0dbad5c4493cb268aba12896e28b008", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "phps": { "inputs": { - "flake-compat": "flake-compat_4", - "nixpkgs": "nixpkgs_8", + "flake-compat": "flake-compat", + "nixpkgs": "nixpkgs_6", "utils": "utils" }, "locked": { - "lastModified": 1744001863, - "narHash": "sha256-0pYw0Idtion++srUKsmGX7mq1weozdVE8gR+inoedUo=", + "lastModified": 1744527323, + "narHash": "sha256-2EyP6SxJsmBFMHArrTGw1J+Ned3aRMUZzbzmJZHDbNo=", "owner": "fossar", "repo": "nix-phps", - "rev": "220ed74315dc7cd64a6181efd3d583a3607ef01f", + "rev": "f6b53caf2b1c2d592cbac5156f729ef79495992a", "type": "github" }, "original": { @@ -727,74 +545,74 @@ "type": "github" } }, - "pre-commit-hooks-nix": { + "pyproject-build-systems": { "inputs": { - "flake-compat": [ - "lanzaboote", - "flake-compat" - ], - "gitignore": "gitignore_2", "nixpkgs": [ - "lanzaboote", + "forgesync", "nixpkgs" ], - "nixpkgs-stable": "nixpkgs-stable" + "pyproject-nix": [ + "forgesync", + "pyproject-nix" + ], + "uv2nix": [ + "forgesync", + "uv2nix" + ] }, "locked": { - "lastModified": 1731363552, - "narHash": "sha256-vFta1uHnD29VUY4HJOO/D6p6rxyObnf+InnSMT4jlMU=", - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "rev": "cd1af27aa85026ac759d5d3fccf650abe7e1bbf0", + "lastModified": 1744599653, + "narHash": "sha256-nysSwVVjG4hKoOjhjvE6U5lIKA8sEr1d1QzEfZsannU=", + "owner": "pyproject-nix", + "repo": "build-system-pkgs", + "rev": "7dba6dbc73120e15b558754c26024f6c93015dd7", "type": "github" }, "original": { - "owner": "cachix", - "repo": "pre-commit-hooks.nix", + "owner": "pyproject-nix", + "repo": "build-system-pkgs", + "type": "github" + } + }, + "pyproject-nix": { + "inputs": { + "nixpkgs": [ + "forgesync", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1743438845, + "narHash": "sha256-1GSaoubGtvsLRwoYwHjeKYq40tLwvuFFVhGrG8J9Oek=", + "owner": "pyproject-nix", + "repo": "pyproject.nix", + "rev": "8063ec98edc459571d042a640b1c5e334ecfca1e", + "type": "github" + }, + "original": { + "owner": "pyproject-nix", + "repo": "pyproject.nix", "type": "github" } }, "root": { "inputs": { "agenix": "agenix", - "devenv": "devenv", - "devenv-root": "devenv-root", - "flake-parts": "flake-parts_2", - "flatpak": "flatpak", + "flake-parts": "flake-parts", + "forgesync": "forgesync", "hardware": "hardware", - "lanzaboote": "lanzaboote", + "hxwrap": "hxwrap", "musicomp": "musicomp", + "myphps": "myphps", "nix-index-database": "nix-index-database", "nixos-cosmic": "nixos-cosmic", "nixpkgs": [ "nixos-cosmic", "nixpkgs" - ], - "phps": "phps" + ] } }, "rust-overlay": { - "inputs": { - "nixpkgs": [ - "lanzaboote", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1731897198, - "narHash": "sha256-Ou7vLETSKwmE/HRQz4cImXXJBr/k9gp4J4z/PF8LzTE=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "0be641045af6d8666c11c2c40e45ffc9667839b5", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, - "rust-overlay_2": { "inputs": { "nixpkgs": [ "nixos-cosmic", @@ -802,11 +620,11 @@ ] }, "locked": { - "lastModified": 1744338850, - "narHash": "sha256-pwMIVmsb8fjjT92n5XFDqCsplcX70qVMMT7NulumPXs=", + "lastModified": 1746326315, + "narHash": "sha256-IDqSls/r6yBfdOBRSMQ/noTUoigmsKnTQ7TqpsBtN4Y=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "5e64aecc018e6f775572609e7d7485fdba6985a7", + "rev": "dd280c436961ec5adccf0135efe5b66a23d84497", "type": "github" }, "original": { @@ -862,6 +680,31 @@ "repo": "flake-utils", "type": "github" } + }, + "uv2nix": { + "inputs": { + "nixpkgs": [ + "forgesync", + "nixpkgs" + ], + "pyproject-nix": [ + "forgesync", + "pyproject-nix" + ] + }, + "locked": { + "lastModified": 1745697651, + "narHash": "sha256-r4A/fkiCenEapHkjJWPiNUZEfviuXMCr6mRozJ5dC4o=", + "owner": "pyproject-nix", + "repo": "uv2nix", + "rev": "cb6508484d534dafd097713b575f2aebc3417de0", + "type": "github" + }, + "original": { + "owner": "pyproject-nix", + "repo": "uv2nix", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 357ce0e..dfb9898 100644 --- a/flake.nix +++ b/flake.nix @@ -4,23 +4,18 @@ inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; flake-parts.url = "github:hercules-ci/flake-parts"; - devenv-root = { - url = "file+file:///dev/null"; - flake = false; - }; - devenv.url = "github:cachix/devenv"; hardware.url = "github:NixOS/nixos-hardware"; agenix.url = "github:ryantm/agenix"; - phps.url = "github:fossar/nix-phps"; - lanzaboote.url = "github:nix-community/lanzaboote/v0.4.2"; - flatpak.url = "github:gmodena/nix-flatpak?ref=latest"; nixpkgs.follows = "nixos-cosmic/nixpkgs"; nixos-cosmic.url = "github:lilyinstarlight/nixos-cosmic"; nix-index-database = { url = "github:nix-community/nix-index-database"; inputs.nixpkgs.follows = "nixpkgs"; }; - musicomp.url = "git+https://codeberg.org/helveticanonstandard/musicomp.git"; + musicomp.url = "git+https://codeberg.org/helvetica/musicomp.git"; + hxwrap.url = "git+https://codeberg.org/helvetica/hxwrap.git"; + myphps.url = "git+https://codeberg.org/helvetica/myphps.git"; + forgesync.url = "git+https://codeberg.org/helvetica/forgesync.git"; }; nixConfig = { @@ -28,58 +23,43 @@ extra-trusted-public-keys = "cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="; }; - outputs = { - self, - nixpkgs, - flake-parts, - ... - } @ inputs: - flake-parts.lib.mkFlake {inherit inputs;} { - imports = [ - inputs.devenv.flakeModule + outputs = + { + self, + nixpkgs, + flake-parts, + ... + }@inputs: + flake-parts.lib.mkFlake { inherit inputs; } { + systems = [ + "x86_64-linux" + "aarch64-linux" ]; - systems = ["x86_64-linux" "aarch64-linux"]; - flake = { lib = nixpkgs.lib.extend (import ./lib.nix); - nixosConfigurations = self.lib.genNixosConfigurations {inherit inputs;}; + nixosConfigurations = self.lib.genNixosConfigurations inputs; }; - perSystem = { - pkgs, - inputs', - lib, - ... - }: { - devenv.shells.default = { - devenv.root = let - devenvRootFileContent = builtins.readFile inputs.devenv-root.outPath; - in - lib.mkIf (devenvRootFileContent != "") devenvRootFileContent; - - name = "puter"; - - imports = [ - ./devenv.nix - ]; - - packages = [ - inputs'.agenix.packages.agenix - ]; - }; - - packages = - lib.packagesFromDirectoryRecursive { - inherit (pkgs) callPackage; - directory = ./packages; - } - // { - symfony-cli = pkgs.callPackage ./symfony-cli/package.nix { - fossarPhps = inputs'.phps.packages; - }; + perSystem = + { + pkgs, + inputs', + lib, + ... + }: + { + devShells.default = pkgs.mkShellNoCC { + packages = [ + inputs'.agenix.packages.default + ]; }; - }; + + packages = lib.packagesFromDirectoryRecursive { + inherit (pkgs) callPackage newScope; + directory = ./packages; + }; + }; }; } diff --git a/hosts/headless/abacus/acme.nix b/hosts/abacus/acme.nix similarity index 100% rename from hosts/headless/abacus/acme.nix rename to hosts/abacus/acme.nix diff --git a/hosts/headless/abacus/authorized-keys.nix b/hosts/abacus/authorized-keys.nix similarity index 82% rename from hosts/headless/abacus/authorized-keys.nix rename to hosts/abacus/authorized-keys.nix index 41d2c3f..a1c7a40 100644 --- a/hosts/headless/abacus/authorized-keys.nix +++ b/hosts/abacus/authorized-keys.nix @@ -1,4 +1,5 @@ -{config, ...}: { +{ config, ... }: +{ users.users.root.openssh.authorizedKeys.keys = [ config.pubkeys.hosts.vessel ]; diff --git a/hosts/headless/abacus/filesystems.nix b/hosts/abacus/filesystems.nix similarity index 71% rename from hosts/headless/abacus/filesystems.nix rename to hosts/abacus/filesystems.nix index e22a8dd..d6ca29a 100644 --- a/hosts/headless/abacus/filesystems.nix +++ b/hosts/abacus/filesystems.nix @@ -1,14 +1,15 @@ -{config, ...}: { +{ config, ... }: +{ fileSystems = { "/" = { fsType = "ext4"; label = "main"; - options = ["noatime"]; + options = [ "noatime" ]; }; ${config.services.navidrome.settings.MusicFolder} = { label = "music"; fsType = "ext4"; - options = ["noatime"]; + options = [ "noatime" ]; }; }; } diff --git a/hosts/headless/abacus/forgejo.nix b/hosts/abacus/forgejo.nix similarity index 65% rename from hosts/headless/abacus/forgejo.nix rename to hosts/abacus/forgejo.nix index 4cc5186..49268fd 100644 --- a/hosts/headless/abacus/forgejo.nix +++ b/hosts/abacus/forgejo.nix @@ -3,9 +3,11 @@ lib, pkgs, ... -}: let +}: +let virtualHostName = "forgejo.helveticanonstandard.net"; -in { +in +{ age.secrets = lib.mkSecrets { forgejo-mailer = { mode = "400"; @@ -19,6 +21,7 @@ in { services.forgejo = { enable = true; + package = pkgs.forgejo; database.type = "postgres"; lfs.enable = true; settings = { @@ -51,25 +54,28 @@ in { secrets.mailer.PASSWD = config.age.secrets.forgejo-mailer.path; }; + # TODO what systemd.services.forgejo.preStart = lib.getExe pkgs.writeShellApplication { name = "forgejo-init-admin"; runtimeInputs = [ config.services.forgejo.package ]; - text = let - passwordFile = config.age.secrets.forgejo-admin.path; - in '' - admins=$(admin user list --admin) - admins=$((admins - 1)) + text = + let + passwordFile = config.age.secrets.forgejo-admin.path; + in + '' + admins=$(admin user list --admin) + admins=$((admins - 1)) - if ((admins < 1)); then - gitea admin user create \ - --admin \ - --email helvetica@helveticanonstandard.net \ - --username helvetica \ - --password "$(cat -- ${passwordFile})" - fi - ''; + if ((admins < 1)); then + gitea admin user create \ + --admin \ + --email helvetica@helveticanonstandard.net \ + --username helvetica \ + --password "$(cat -- ${passwordFile})" + fi + ''; }; services.nginx.virtualHosts.${virtualHostName} = { @@ -80,9 +86,11 @@ in { client_max_body_size 512M; ''; - locations."/".proxyPass = let - host = config.services.forgejo.settings.server.HTTP_ADDR; - port = builtins.toString config.services.forgejo.settings.server.HTTP_PORT; - in "http://${host}:${port}"; + locations."/".proxyPass = + let + host = config.services.forgejo.settings.server.HTTP_ADDR; + port = builtins.toString config.services.forgejo.settings.server.HTTP_PORT; + in + "http://${host}:${port}"; }; } diff --git a/hosts/headless/abacus/hardware.nix b/hosts/abacus/hardware.nix similarity index 52% rename from hosts/headless/abacus/hardware.nix rename to hosts/abacus/hardware.nix index 8f2220e..0016566 100644 --- a/hosts/headless/abacus/hardware.nix +++ b/hosts/abacus/hardware.nix @@ -1,11 +1,18 @@ -{modulesPath, ...}: { +{ modulesPath, ... }: +{ imports = [ "${modulesPath}/profiles/qemu-guest.nix" ]; nixpkgs.hostPlatform = "aarch64-linux"; - boot.initrd.availableKernelModules = ["xhci_pci" "virtio_pci" "virtio_scsi" "usbhid" "sr_mod"]; + boot.initrd.availableKernelModules = [ + "xhci_pci" + "virtio_pci" + "virtio_scsi" + "usbhid" + "sr_mod" + ]; powerManagement.cpuFreqGovernor = "performance"; } diff --git a/hosts/headless/abacus/headscale.nix b/hosts/abacus/headscale.nix similarity index 68% rename from hosts/headless/abacus/headscale.nix rename to hosts/abacus/headscale.nix index b17cece..4009020 100644 --- a/hosts/headless/abacus/headscale.nix +++ b/hosts/abacus/headscale.nix @@ -1,6 +1,8 @@ -{config, ...}: let +{ config, ... }: +let virtualHostName = "headscale.helveticanonstandard.net"; -in { +in +{ services.headscale = { enable = true; address = "127.0.0.1"; @@ -16,10 +18,12 @@ in { forceSSL = true; enableACME = true; locations."/" = { - proxyPass = let - host = config.services.headscale.address; - port = builtins.toString config.services.headscale.port; - in "http://${host}:${port}"; + proxyPass = + let + host = config.services.headscale.address; + port = builtins.toString config.services.headscale.port; + in + "http://${host}:${port}"; proxyWebsockets = true; }; }; diff --git a/hosts/headless/abacus/mealie.nix b/hosts/abacus/mealie.nix similarity index 61% rename from hosts/headless/abacus/mealie.nix rename to hosts/abacus/mealie.nix index 7601750..217ad63 100644 --- a/hosts/headless/abacus/mealie.nix +++ b/hosts/abacus/mealie.nix @@ -1,6 +1,8 @@ -{config, ...}: let +{ config, ... }: +let virtualHostName = "mealie.helveticanonstandard.net"; -in { +in +{ services.mealie = { enable = true; settings = { @@ -15,9 +17,11 @@ in { enableACME = true; forceSSL = true; - locations."/".proxyPass = let - host = config.services.mealie.listenAddress; - port = builtins.toString config.services.mealie.port; - in "http://${host}:${port}"; + locations."/".proxyPass = + let + host = config.services.mealie.listenAddress; + port = builtins.toString config.services.mealie.port; + in + "http://${host}:${port}"; }; } diff --git a/hosts/headless/abacus/navidrome.nix b/hosts/abacus/navidrome.nix similarity index 59% rename from hosts/headless/abacus/navidrome.nix rename to hosts/abacus/navidrome.nix index 3470813..56e030e 100644 --- a/hosts/headless/abacus/navidrome.nix +++ b/hosts/abacus/navidrome.nix @@ -1,6 +1,8 @@ -{config, ...}: let +{ config, ... }: +let virtualHostName = "navidrome.helveticanonstandard.net"; -in { +in +{ services.navidrome = { enable = true; settings = { @@ -15,9 +17,11 @@ in { enableACME = true; forceSSL = true; - locations."/".proxyPass = let - host = config.services.navidrome.settings.Address; - port = builtins.toString config.services.navidrome.settings.Port; - in "http://${host}:${port}"; + locations."/".proxyPass = + let + host = config.services.navidrome.settings.Address; + port = builtins.toString config.services.navidrome.settings.Port; + in + "http://${host}:${port}"; }; } diff --git a/hosts/abacus/networking.nix b/hosts/abacus/networking.nix new file mode 100644 index 0000000..6c07960 --- /dev/null +++ b/hosts/abacus/networking.nix @@ -0,0 +1,23 @@ +{ + networking = + let + interface = "enp1s0"; + in + { + domain = "wrz.one"; + interfaces.${interface}.ipv6.addresses = [ + { + address = "2a01:4f9:c012:92b5::2"; + prefixLength = 64; + } + ]; + defaultGateway6 = { + address = "fe80::1"; + inherit interface; + }; + firewall.allowedTCPPorts = [ + 80 + 443 + ]; + }; +} diff --git a/hosts/abacus/nginx.nix b/hosts/abacus/nginx.nix new file mode 100644 index 0000000..d601045 --- /dev/null +++ b/hosts/abacus/nginx.nix @@ -0,0 +1,32 @@ +{ + services.nginx = { + enable = true; + + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + + commonHttpConfig = '' + error_log stderr; + access_log /var/log/nginx/access.log; + ''; + + virtualHosts = + let + matchAll = ''~.*''; + matchWww = ''~^www\.(?.+)$''; + in + { + # Redirect anything that doesn't match any server name to networking.domain + ${matchAll} = { + default = true; + rejectSSL = true; + + globalRedirect = "wrz.one"; + }; + # Redirect www to non-www + ${matchWww}.globalRedirect = "$domain"; + }; + }; +} diff --git a/hosts/headless/abacus/postgresql.nix b/hosts/abacus/postgresql.nix similarity index 100% rename from hosts/headless/abacus/postgresql.nix rename to hosts/abacus/postgresql.nix diff --git a/hosts/abacus/restic.nix b/hosts/abacus/restic.nix new file mode 100644 index 0000000..14e8994 --- /dev/null +++ b/hosts/abacus/restic.nix @@ -0,0 +1,41 @@ +{ + attrName, + config, + lib, + ... +}: +let + secretName = "restic-${attrName}"; + secret = config.age.secrets.${secretName}; +in +{ + age.secrets = lib.mkSecrets { ${secretName} = { }; }; + + services.restic.backups.remote = { + repository = "sftp:u459482@u459482.your-storagebox.de:/${attrName}"; + initialize = true; + paths = [ + config.services.vaultwarden.backupDir + config.services.syncthing.dataDir + config.services.forgejo.stateDir + config.services.postgresqlBackup.location + config.services.postgresqlBackup.location + # TODO: Add stateDir options for these + "/var/lib/headscale" + "/var/lib/navidrome" + ]; + passwordFile = secret.path; + pruneOpts = [ + "--keep-daily 7" + "--keep-weekly 5" + "--keep-monthly 12" + ]; + timerConfig = { + OnCalendar = "*-*-* 03:00:00"; + Persistent = true; + }; + extraOptions = [ + "sftp.args='-i /etc/ssh/ssh_host_ed25519_key -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null'" + ]; + }; +} diff --git a/hosts/abacus/static-sites.nix b/hosts/abacus/static-sites.nix new file mode 100644 index 0000000..b47d33a --- /dev/null +++ b/hosts/abacus/static-sites.nix @@ -0,0 +1,34 @@ +{ + config, + lib, + ... +}: +let + parent = "/var/www"; + sites = [ + "wrz.one" + "helveticanonstandard.net" + ]; +in +lib.mkMerge ( + map ( + virtualHostName: + let + root = "${parent}/${virtualHostName}"; + in + { + services.nginx.virtualHosts.${virtualHostName} = { + enableACME = true; + forceSSL = true; + + inherit root; + }; + + systemd.tmpfiles.settings."10-static-sites".${root}.d = { + user = config.users.mainUser; + group = "users"; + mode = "0755"; + }; + } + ) sites +) diff --git a/hosts/headful/flamingo/system.nix b/hosts/abacus/system.nix similarity index 100% rename from hosts/headful/flamingo/system.nix rename to hosts/abacus/system.nix diff --git a/hosts/headless/abacus/vaultwarden.nix b/hosts/abacus/vaultwarden.nix similarity index 71% rename from hosts/headless/abacus/vaultwarden.nix rename to hosts/abacus/vaultwarden.nix index bd3bf96..f63b97b 100644 --- a/hosts/headless/abacus/vaultwarden.nix +++ b/hosts/abacus/vaultwarden.nix @@ -2,11 +2,13 @@ config, lib, ... -}: let +}: +let virtualHostName = "vault.wrz.one"; backupDir = "/srv/backup/vaultwarden"; -in { - age.secrets = lib.mkSecrets {vaultwarden = {};}; +in +{ + age.secrets = lib.mkSecrets { vaultwarden = { }; }; services.vaultwarden = { enable = true; @@ -37,10 +39,12 @@ in { forceSSL = true; locations."/" = { - proxyPass = let - host = config.services.vaultwarden.config.ROCKET_ADDRESS; - port = builtins.toString config.services.vaultwarden.config.ROCKET_PORT; - in "http://${host}:${port}"; + proxyPass = + let + host = config.services.vaultwarden.config.ROCKET_ADDRESS; + port = builtins.toString config.services.vaultwarden.config.ROCKET_PORT; + in + "http://${host}:${port}"; proxyWebsockets = true; }; }; diff --git a/hosts/headful/work/filesystems.nix b/hosts/flamingo/filesystems.nix similarity index 84% rename from hosts/headful/work/filesystems.nix rename to hosts/flamingo/filesystems.nix index 14ff284..52a1bfd 100644 --- a/hosts/headful/work/filesystems.nix +++ b/hosts/flamingo/filesystems.nix @@ -4,6 +4,6 @@ fileSystems."/" = { fsType = "ext4"; device = "/dev/mapper/main"; - options = ["noatime"]; + options = [ "noatime" ]; }; } diff --git a/hosts/headful/flamingo/hardware.nix b/hosts/flamingo/hardware.nix similarity index 68% rename from hosts/headful/flamingo/hardware.nix rename to hosts/flamingo/hardware.nix index bd39347..92f0ed5 100644 --- a/hosts/headful/flamingo/hardware.nix +++ b/hosts/flamingo/hardware.nix @@ -2,7 +2,8 @@ inputs, modulesPath, ... -}: { +}: +{ imports = [ "${modulesPath}/installer/scan/not-detected.nix" @@ -12,8 +13,13 @@ nixpkgs.hostPlatform = "x86_64-linux"; boot = { - initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod"]; - kernelModules = ["kvm-intel"]; + initrd.availableKernelModules = [ + "xhci_pci" + "nvme" + "usb_storage" + "sd_mod" + ]; + kernelModules = [ "kvm-intel" ]; }; powerManagement.cpuFreqGovernor = "powersave"; diff --git a/hosts/headful/glacier/system.nix b/hosts/flamingo/system.nix similarity index 100% rename from hosts/headful/glacier/system.nix rename to hosts/flamingo/system.nix diff --git a/hosts/headful/flamingo/filesystems.nix b/hosts/glacier/filesystems.nix similarity index 84% rename from hosts/headful/flamingo/filesystems.nix rename to hosts/glacier/filesystems.nix index 14ff284..52a1bfd 100644 --- a/hosts/headful/flamingo/filesystems.nix +++ b/hosts/glacier/filesystems.nix @@ -4,6 +4,6 @@ fileSystems."/" = { fsType = "ext4"; device = "/dev/mapper/main"; - options = ["noatime"]; + options = [ "noatime" ]; }; } diff --git a/hosts/headful/glacier/hardware.nix b/hosts/glacier/hardware.nix similarity index 58% rename from hosts/headful/glacier/hardware.nix rename to hosts/glacier/hardware.nix index b55c9fc..7296c95 100644 --- a/hosts/headful/glacier/hardware.nix +++ b/hosts/glacier/hardware.nix @@ -2,7 +2,8 @@ inputs, modulesPath, ... -}: { +}: +{ imports = [ "${modulesPath}/installer/scan/not-detected.nix" @@ -15,11 +16,18 @@ boot = { initrd = { - availableKernelModules = ["nvme" "ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod"]; - kernelModules = ["amdgpu"]; + availableKernelModules = [ + "nvme" + "ahci" + "xhci_pci" + "usbhid" + "usb_storage" + "sd_mod" + ]; + kernelModules = [ "amdgpu" ]; }; - kernelModules = ["kvm-amd"]; - binfmt.emulatedSystems = ["aarch64-linux"]; + kernelModules = [ "kvm-amd" ]; + binfmt.emulatedSystems = [ "aarch64-linux" ]; }; powerManagement.cpuFreqGovernor = "performance"; diff --git a/hosts/glacier/profiles.nix b/hosts/glacier/profiles.nix new file mode 100644 index 0000000..016e2fa --- /dev/null +++ b/hosts/glacier/profiles.nix @@ -0,0 +1,9 @@ +{ + profiles = { + desktop = true; + emulation = true; + gaming = true; + piracy = true; + productivity = true; + }; +} diff --git a/hosts/headful/insomniac/system.nix b/hosts/glacier/system.nix similarity index 100% rename from hosts/headful/insomniac/system.nix rename to hosts/glacier/system.nix diff --git a/hosts/headful/glacier/users.nix b/hosts/glacier/users.nix similarity index 100% rename from hosts/headful/glacier/users.nix rename to hosts/glacier/users.nix diff --git a/hosts/headful/flamingo/libreoffice.nix b/hosts/headful/flamingo/libreoffice.nix deleted file mode 100644 index fd1b44d..0000000 --- a/hosts/headful/flamingo/libreoffice.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - services.flatpak.packages = [ - "org.libreoffice.LibreOffice" - ]; -} diff --git a/hosts/headful/flamingo/librewolf.nix b/hosts/headful/flamingo/librewolf.nix deleted file mode 100644 index 229aa0a..0000000 --- a/hosts/headful/flamingo/librewolf.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - services.flatpak.packages = [ - "io.gitlab.librewolf-community" - ]; -} diff --git a/hosts/headful/flamingo/mpv.nix b/hosts/headful/flamingo/mpv.nix deleted file mode 100644 index 24250ff..0000000 --- a/hosts/headful/flamingo/mpv.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - services.flatpak.packages = [ - "io.mpv.Mpv" - ]; -} diff --git a/hosts/headful/flamingo/supersonic.nix b/hosts/headful/flamingo/supersonic.nix deleted file mode 100644 index 8b4dba9..0000000 --- a/hosts/headful/flamingo/supersonic.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - services.flatpak.packages = [ - "io.github.dweymouth.supersonic" - ]; -} diff --git a/hosts/headful/glacier/gimp.nix b/hosts/headful/glacier/gimp.nix deleted file mode 100644 index 468fc89..0000000 --- a/hosts/headful/glacier/gimp.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - services.flatpak.packages = [ - "org.gimp.GIMP" - ]; -} diff --git a/hosts/headful/glacier/inkscape.nix b/hosts/headful/glacier/inkscape.nix deleted file mode 100644 index c274256..0000000 --- a/hosts/headful/glacier/inkscape.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - services.flatpak.packages = [ - "org.inkscape.Inkscape" - ]; -} diff --git a/hosts/headful/glacier/lanzaboote.nix b/hosts/headful/glacier/lanzaboote.nix deleted file mode 100644 index 9ede875..0000000 --- a/hosts/headful/glacier/lanzaboote.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - setups.secureBoot.enable = true; -} diff --git a/hosts/headful/glacier/libreoffice.nix b/hosts/headful/glacier/libreoffice.nix deleted file mode 100644 index fd1b44d..0000000 --- a/hosts/headful/glacier/libreoffice.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - services.flatpak.packages = [ - "org.libreoffice.LibreOffice" - ]; -} diff --git a/hosts/headful/glacier/librewolf.nix b/hosts/headful/glacier/librewolf.nix deleted file mode 100644 index 229aa0a..0000000 --- a/hosts/headful/glacier/librewolf.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - services.flatpak.packages = [ - "io.gitlab.librewolf-community" - ]; -} diff --git a/hosts/headful/glacier/mpv.nix b/hosts/headful/glacier/mpv.nix deleted file mode 100644 index 24250ff..0000000 --- a/hosts/headful/glacier/mpv.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - services.flatpak.packages = [ - "io.mpv.Mpv" - ]; -} diff --git a/hosts/headful/glacier/steam.nix b/hosts/headful/glacier/steam.nix deleted file mode 100644 index 50a8f9f..0000000 --- a/hosts/headful/glacier/steam.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - services.flatpak.packages = [ - "com.valvesoftware.Steam" - "com.github.Matoking.protontricks" - ]; -} diff --git a/hosts/headful/glacier/supersonic.nix b/hosts/headful/glacier/supersonic.nix deleted file mode 100644 index 8b4dba9..0000000 --- a/hosts/headful/glacier/supersonic.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - services.flatpak.packages = [ - "io.github.dweymouth.supersonic" - ]; -} diff --git a/hosts/headful/insomniac/cosmic.nix b/hosts/headful/insomniac/cosmic.nix deleted file mode 100644 index 629d9f9..0000000 --- a/hosts/headful/insomniac/cosmic.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: { - services.greetd.settings.initial_session = { - user = config.users.mainUser; - command = '' - ${lib.getExe' pkgs.coreutils "env"} XCURSOR_THEME="''${XCURSOR_THEME:-Pop}" systemd-cat --identifier start-cosmic ${lib.getExe' pkgs.cosmic-session "start-cosmic"} - ''; - }; - - environment.cosmic.excludePackages = [ - pkgs.cosmic-store - ]; -} diff --git a/hosts/headful/insomniac/dolphin.nix b/hosts/headful/insomniac/dolphin.nix deleted file mode 100644 index c37c31b..0000000 --- a/hosts/headful/insomniac/dolphin.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - services.flatpak.packages = [ - "org.DolphinEmu.dolphin-emu" - ]; -} diff --git a/hosts/headful/insomniac/flatpak.nix b/hosts/headful/insomniac/flatpak.nix deleted file mode 100644 index 9976199..0000000 --- a/hosts/headful/insomniac/flatpak.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - services.flatpak.update.auto = { - enable = true; - onCalendar = "weekly"; - }; -} diff --git a/hosts/headful/insomniac/freetube.nix b/hosts/headful/insomniac/freetube.nix deleted file mode 100644 index c56f588..0000000 --- a/hosts/headful/insomniac/freetube.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - services.flatpak.packages = [ - "io.freetubeapp.FreeTube" - ]; -} diff --git a/hosts/headful/insomniac/rmg.nix b/hosts/headful/insomniac/rmg.nix deleted file mode 100644 index c8771df..0000000 --- a/hosts/headful/insomniac/rmg.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - services.flatpak.packages = [ - "com.github.Rosalie241.RMG" - ]; -} diff --git a/hosts/headful/insomniac/steam.nix b/hosts/headful/insomniac/steam.nix deleted file mode 100644 index e51a6e8..0000000 --- a/hosts/headful/insomniac/steam.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - services.flatpak.packages = [ - "com.valvesoftware.Steam" - ]; -} diff --git a/hosts/headful/insomniac/supersonic.nix b/hosts/headful/insomniac/supersonic.nix deleted file mode 100644 index 8b4dba9..0000000 --- a/hosts/headful/insomniac/supersonic.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - services.flatpak.packages = [ - "io.github.dweymouth.supersonic" - ]; -} diff --git a/hosts/headful/work/kubectl.nix b/hosts/headful/work/kubectl.nix deleted file mode 100644 index a3937a4..0000000 --- a/hosts/headful/work/kubectl.nix +++ /dev/null @@ -1,6 +0,0 @@ -{pkgs, ...}: { - environment.systemPackages = [ - pkgs.kubectl - pkgs.awscli - ]; -} diff --git a/hosts/headful/work/php.nix b/hosts/headful/work/php.nix deleted file mode 100644 index 7e8e644..0000000 --- a/hosts/headful/work/php.nix +++ /dev/null @@ -1,95 +0,0 @@ -{ - lib, - inputs, - pkgs, - ... -}: let - supportedPhps = [ - "php72" - "php73" - "php74" - "php80" - "php81" - "php82" - "php83" - "php84" - ]; - - selectedPhp = lib.last supportedPhps; - - extraConfig = '' - memory_limit = -1 - - xdebug.mode = develop,coverage,gcstats,profile,debug,trace - xdebug.discover_client_host = 1 - xdebug.client_host = localhost - ''; - - # Wrap all PHP versions with the extensions I need and bundle composer - phps = lib.genAttrs supportedPhps ( - phpName: let - phpBase = inputs.phps.packages.${pkgs.system}.${phpName}; - phpWithEnv = phpBase.buildEnv { - extensions = { - enabled, - all, - }: - enabled - ++ [all.xdebug] - ++ ( - if (lib.versionAtLeast phpBase.version "8") - then [all.amqp] - else [] - ); - inherit extraConfig; - }; - phpWithTools = pkgs.symlinkJoin { - inherit (phpWithEnv) name version meta passthru; - paths = [ - phpWithEnv - phpWithEnv.packages.composer - ]; - }; - in - phpWithTools - ); - - prefix = "/var/lib/phps"; - - # Tell Symfony's CLI where it can access the different PHP versions - symfony-cli = let - package = pkgs.symfony-cli; - in - pkgs.symlinkJoin { - inherit (package) pname version meta; - - paths = [package]; - - buildInputs = [pkgs.makeWrapper]; - - postBuild = '' - wrapProgram $out/bin/${package.meta.mainProgram} \ - --suffix PATH : ${pkgs.lib.makeBinPath ( - builtins.attrValues phps - )} - ''; - }; -in { - nix.settings = { - substituters = ["https://fossar.cachix.org/"]; - trusted-public-keys = ["fossar.cachix.org-1:Zv6FuqIboeHPWQS7ysLCJ7UT7xExb4OE8c4LyGb5AsE="]; - }; - - # Link PHP installations so that PhpStorm knows about them - systemd.tmpfiles.settings = - builtins.mapAttrs (name: drv: { - "${prefix}/${name}"."L+".argument = drv.outPath; - }) - phps; - - environment.systemPackages = [ - pkgs.jetbrains.phpstorm - phps.${selectedPhp} - symfony-cli - ]; -} diff --git a/hosts/headful/work/supersonic.nix b/hosts/headful/work/supersonic.nix deleted file mode 100644 index 8b4dba9..0000000 --- a/hosts/headful/work/supersonic.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - services.flatpak.packages = [ - "io.github.dweymouth.supersonic" - ]; -} diff --git a/hosts/headful/work/syncthing.nix b/hosts/headful/work/syncthing.nix deleted file mode 100644 index 25c60a0..0000000 --- a/hosts/headful/work/syncthing.nix +++ /dev/null @@ -1,3 +0,0 @@ -{lib, ...}: { - services.syncthing.enable = lib.mkForce false; -} diff --git a/hosts/headless/abacus/backup.nix b/hosts/headless/abacus/backup.nix deleted file mode 100644 index d6cef2f..0000000 --- a/hosts/headless/abacus/backup.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ - attrName, - config, - lib, - ... -}: { - age.secrets = lib.mkSecrets {"restic-${attrName}" = {};}; - - services.restic.backups.${attrName} = { - repository = "sftp:u385962@u385962.your-storagebox.de:/restic/${attrName}"; - initialize = true; - paths = [ - config.services.vaultwarden.backupDir - config.services.syncthing.dataDir - config.services.forgejo.stateDir - config.services.postgresqlBackup.location - config.services.postgresqlBackup.location - # TODO: Add stateDir options for these - "/var/lib/headscale" - "/var/lib/navidrome" - ]; - passwordFile = config.age.secrets."restic-${attrName}".path; - pruneOpts = ["--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12"]; - timerConfig = { - OnCalendar = "*-*-* 03:00:00"; - Persistent = true; - }; - extraOptions = ["sftp.args='-i /etc/ssh/ssh_host_ed25519_key -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null'"]; - }; -} diff --git a/hosts/headless/abacus/networking.nix b/hosts/headless/abacus/networking.nix deleted file mode 100644 index a6f04a5..0000000 --- a/hosts/headless/abacus/networking.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ - networking = let - interface = "enp1s0"; - in { - domain = "wrz.one"; - interfaces.${interface}.ipv6.addresses = [ - { - address = "2a01:4f9:c012:92b5::2"; - prefixLength = 64; - } - ]; - defaultGateway6 = { - address = "fe80::1"; - inherit interface; - }; - firewall.allowedTCPPorts = [80 443]; - }; -} diff --git a/hosts/headless/abacus/nginx.nix b/hosts/headless/abacus/nginx.nix deleted file mode 100644 index d4a8656..0000000 --- a/hosts/headless/abacus/nginx.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ - services.nginx = { - enable = true; - - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - - commonHttpConfig = '' - error_log stderr; - access_log /var/log/nginx/access.log; - ''; - - virtualHosts = let - matchAll = ''~.*''; - matchWww = ''~^www\.(?.+)$''; - in { - # Redirect anything that doesn't match any server name to networking.domain - ${matchAll} = { - default = true; - rejectSSL = true; - - globalRedirect = "wrz.one"; - }; - # Redirect www to non-www - ${matchWww}.globalRedirect = "$domain"; - }; - }; -} diff --git a/hosts/headless/abacus/static-sites.nix b/hosts/headless/abacus/static-sites.nix deleted file mode 100644 index 4e0deda..0000000 --- a/hosts/headless/abacus/static-sites.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ - config, - lib, - ... -}: let - parent = "/var/www"; - sites = [ - "wrz.one" - "helveticanonstandard.net" - ]; -in - lib.mkMerge ( - map ( - virtualHostName: let - root = "${parent}/${virtualHostName}"; - in { - services.nginx.virtualHosts.${virtualHostName} = { - enableACME = true; - forceSSL = true; - - inherit root; - }; - - systemd.tmpfiles.settings."10-static-sites".${root}.d = { - user = config.users.mainUser; - group = "users"; - mode = "0755"; - }; - } - ) - sites - ) diff --git a/hosts/headless/vessel/backup.nix b/hosts/headless/vessel/backup.nix deleted file mode 100644 index 02ae2b9..0000000 --- a/hosts/headless/vessel/backup.nix +++ /dev/null @@ -1,61 +0,0 @@ -{ - attrName, - config, - lib, - pkgs, - ... -}: let - backups = { - music = "/srv/music"; - safe = "/srv/safe"; - storage = "/srv/storage"; - sync = config.services.syncthing.dataDir; - }; -in { - systemd = lib.mkMerge (map ( - backupName: let - systemdName = "${backupName}-backup"; - in { - timers.${systemdName} = { - description = "Local rsync Backup ${backupName}"; - wantedBy = ["timers.target"]; - timerConfig = { - OnCalendar = "*-*-* 03:00:00"; # TODO - Persistent = true; - Unit = "${systemdName}.service"; # TODO - }; - }; - - services.${systemdName} = { - description = "Local rsync Backup ${backupName}"; - serviceConfig = { - Type = "oneshot"; - User = "root"; - Group = "root"; - }; - # TODO - script = '' - ${lib.getExe pkgs.rsync} --verbose --verbose --archive --update --delete --mkpath -- ${backups.${backupName}}/ /srv/backup/${backupName}/ - ''; - }; - } - ) (lib.attrNames backups)); - - age.secrets = lib.mkSecrets {"restic-${attrName}" = {};}; - - services.restic.backups.${attrName} = { - repository = "sftp:u385962@u385962.your-storagebox.de:/restic/${attrName}"; - initialize = true; - paths = [ - backups.safe - backups.sync - ]; - passwordFile = config.age.secrets."restic-${attrName}".path; - pruneOpts = ["--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12"]; - timerConfig = { - OnCalendar = "*-*-* 03:00:00"; # TODO - Persistent = true; - }; - extraOptions = ["sftp.args='-i /etc/ssh/ssh_host_ed25519_key -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null'"]; - }; -} diff --git a/hosts/headless/vessel/blocky.nix b/hosts/headless/vessel/blocky.nix deleted file mode 100644 index 091c08d..0000000 --- a/hosts/headless/vessel/blocky.nix +++ /dev/null @@ -1,27 +0,0 @@ -let - upstream = "https://one.one.one.one/dns-query"; -in { - services = { - resolved.extraConfig = "DNSStubListener=no"; - blocky = { - enable = true; - settings = { - ports.dns = 53; - upstreams.groups.default = [upstream]; - bootstrapDns = { - inherit upstream; - ips = ["1.1.1.1" "1.0.0.1"]; - }; - blocking = { - denylists.ads = ["https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts"]; - clientGroupsBlock.default = ["ads"]; - }; - caching = { - minTime = "5m"; - maxTime = "30m"; - prefetching = true; - }; - }; - }; - }; -} diff --git a/hosts/headless/vessel/filesystems.nix b/hosts/headless/vessel/filesystems.nix deleted file mode 100644 index 1da6965..0000000 --- a/hosts/headless/vessel/filesystems.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ - fileSystems = { - "/" = { - fsType = "ext4"; - label = "main"; - options = ["noatime"]; - }; - "/srv/backup" = { - label = "backup"; - fsType = "ext4"; - options = ["noatime"]; - }; - }; -} diff --git a/hosts/headless/vessel/musicomp.nix b/hosts/headless/vessel/musicomp.nix deleted file mode 100644 index 56b75b2..0000000 --- a/hosts/headless/vessel/musicomp.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ - inputs, - self, - lib, - pkgs, - ... -}: { - imports = [ - inputs.musicomp.nixosModules.default - ]; - - services.musicomp.jobs.main = { - music = "/srv/music"; - comp = "/srv/compmusic"; - timerConfig = { - OnCalendar = "daily"; - Persistent = true; - }; - inhibitsSleep = true; - post = let - remoteDir = self.nixosConfigurations.abacus.config.services.navidrome.settings.MusicFolder; - rsyncExe = lib.getExe pkgs.rsync; - rsh = "${lib.getExe pkgs.openssh} -i /etc/ssh/ssh_host_ed25519_key -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"; - in '' - ${rsyncExe} \ - --archive \ - --recursive \ - --delete \ - --update \ - --mkpath \ - --verbose --verbose \ - --exclude lost+found \ - --rsh ${lib.escapeShellArg rsh} \ - /srv/compmusic/ root@wrz.one:${remoteDir} - ''; - }; -} diff --git a/hosts/headless/vessel/storage.nix b/hosts/headless/vessel/storage.nix deleted file mode 100644 index e899606..0000000 --- a/hosts/headless/vessel/storage.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - systemd.tmpfiles.settings = { - "10-safe"."/srv/safe".d = { - user = "helvetica"; - group = "users"; - mode = "0755"; - }; - - "10-storage"."/srv/storage".d = { - user = "helvetica"; - group = "users"; - mode = "0755"; - }; - - "10-music"."/srv/music".d = { - user = "helvetica"; - group = "users"; - mode = "0755"; - }; - - "10-compmusic"."/srv/compmusic".d = { - user = "helvetica"; - group = "users"; - mode = "0755"; - }; - }; -} diff --git a/hosts/headful/insomniac/filesystems.nix b/hosts/insomniac/filesystems.nix similarity index 71% rename from hosts/headful/insomniac/filesystems.nix rename to hosts/insomniac/filesystems.nix index 5e977d8..07eb879 100644 --- a/hosts/headful/insomniac/filesystems.nix +++ b/hosts/insomniac/filesystems.nix @@ -2,6 +2,6 @@ fileSystems."/" = { fsType = "ext4"; label = "main"; - options = ["noatime"]; + options = [ "noatime" ]; }; } diff --git a/hosts/insomniac/freetube.nix b/hosts/insomniac/freetube.nix new file mode 100644 index 0000000..b24fd0d --- /dev/null +++ b/hosts/insomniac/freetube.nix @@ -0,0 +1,6 @@ +{ pkgs, ... }: +{ + environment.systemPackages = [ + pkgs.freetube + ]; +} diff --git a/hosts/headful/insomniac/hardware.nix b/hosts/insomniac/hardware.nix similarity index 65% rename from hosts/headful/insomniac/hardware.nix rename to hosts/insomniac/hardware.nix index 091424d..8bd84e9 100644 --- a/hosts/headful/insomniac/hardware.nix +++ b/hosts/insomniac/hardware.nix @@ -2,7 +2,8 @@ inputs, modulesPath, ... -}: { +}: +{ imports = [ "${modulesPath}/installer/scan/not-detected.nix" @@ -15,10 +16,16 @@ boot = { initrd = { - availableKernelModules = ["nvme" "xhci_pci" "ahci" "usb_storage" "sd_mod"]; - kernelModules = ["amdgpu"]; + availableKernelModules = [ + "nvme" + "xhci_pci" + "ahci" + "usb_storage" + "sd_mod" + ]; + kernelModules = [ "amdgpu" ]; }; - kernelModules = ["kvm-amd"]; + kernelModules = [ "kvm-amd" ]; }; powerManagement.cpuFreqGovernor = "performance"; diff --git a/hosts/headful/work/system.nix b/hosts/insomniac/system.nix similarity index 100% rename from hosts/headful/work/system.nix rename to hosts/insomniac/system.nix diff --git a/hosts/headful/insomniac/users.nix b/hosts/insomniac/users.nix similarity index 93% rename from hosts/headful/insomniac/users.nix rename to hosts/insomniac/users.nix index e059585..1d93475 100644 --- a/hosts/headful/insomniac/users.nix +++ b/hosts/insomniac/users.nix @@ -2,9 +2,11 @@ config, lib, ... -}: let +}: +let inherit (config.users) mainUser; -in { +in +{ users = { mainUser = lib.mkForce "insomniac"; users.${mainUser}.description = lib.mkForce "Insomniac"; diff --git a/hosts/vessel/filesystems.nix b/hosts/vessel/filesystems.nix new file mode 100644 index 0000000..6daadbd --- /dev/null +++ b/hosts/vessel/filesystems.nix @@ -0,0 +1,24 @@ +{ + fileSystems = { + "/" = { + label = "white"; + fsType = "ext4"; + options = [ "noatime" ]; + }; + "/srv/vault" = { + label = "black"; + fsType = "ext4"; + options = [ "noatime" ]; + }; + "/srv/void" = { + label = "green"; + fsType = "ext4"; + options = [ "noatime" ]; + }; + "/srv/sync" = { + label = "red"; + fsType = "ext4"; + options = [ "noatime" ]; + }; + }; +} diff --git a/hosts/headless/vessel/hardware.nix b/hosts/vessel/hardware.nix similarity index 66% rename from hosts/headless/vessel/hardware.nix rename to hosts/vessel/hardware.nix index 82aab42..d75f671 100644 --- a/hosts/headless/vessel/hardware.nix +++ b/hosts/vessel/hardware.nix @@ -2,7 +2,8 @@ inputs, modulesPath, ... -}: { +}: +{ imports = [ "${modulesPath}/installer/scan/not-detected.nix" @@ -14,8 +15,15 @@ nixpkgs.hostPlatform = "x86_64-linux"; boot = { - initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"]; - kernelModules = ["kvm-intel"]; + initrd.availableKernelModules = [ + "xhci_pci" + "ahci" + "nvme" + "usbhid" + "usb_storage" + "sd_mod" + ]; + kernelModules = [ "kvm-intel" ]; }; powerManagement.cpuFreqGovernor = "powersave"; diff --git a/hosts/vessel/musicomp.nix b/hosts/vessel/musicomp.nix new file mode 100644 index 0000000..4d61a8a --- /dev/null +++ b/hosts/vessel/musicomp.nix @@ -0,0 +1,45 @@ +{ + inputs, + self, + lib, + pkgs, + ... +}: +{ + imports = [ + inputs.musicomp.nixosModules.default + ]; + + services.musicomp.jobs.main = { + music = "/srv/music"; + comp = "/srv/compmusic"; + timerConfig = { + OnCalendar = "daily"; + Persistent = true; + }; + inhibitsSleep = true; + post = + let + remoteDir = self.nixosConfigurations.abacus.config.services.navidrome.settings.MusicFolder; + package = pkgs.writeShellApplication { + name = "sync"; + runtimeInputs = [ + pkgs.openssh + pkgs.rsync + ]; + text = '' + rsync \ + --archive \ + --recursive \ + --delete \ + --update \ + --mkpath \ + --verbose --verbose \ + --rsh 'ssh -i /etc/ssh/ssh_host_ed25519_key -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null' \ + /srv/void/compmusic/ root@wrz.one:${lib.escapeShellArg remoteDir} + ''; + }; + in + lib.getExe package; + }; +} diff --git a/hosts/vessel/restic.nix b/hosts/vessel/restic.nix new file mode 100644 index 0000000..fd22f6b --- /dev/null +++ b/hosts/vessel/restic.nix @@ -0,0 +1,56 @@ +{ + attrName, + config, + lib, + pkgs, + ... +}: +let + secretName = "restic-${attrName}"; + secret = config.age.secrets.${secretName}; +in +{ + age.secrets = lib.mkSecrets { ${secretName} = { }; }; + + services.restic.backups = { + local = { + repository = "/srv/backup/void"; + initialize = true; + paths = [ + "/srv/void" + ]; + passwordFile = secret.path; + pruneOpts = [ + "--keep-daily 7" + "--keep-weekly 5" + "--keep-monthly 12" + ]; + timerConfig = { + OnCalendar = "*-*-* 03:00:00"; + Persistent = true; + }; + }; + + remote = { + repository = "sftp:u459482@u459482.your-storagebox.de:/${attrName}"; + initialize = true; + paths = [ + config.services.syncthing.dataDir + "/srv/vault" + ]; + passwordFile = secret.path; + pruneOpts = [ + "--keep-daily 7" + "--keep-weekly 5" + "--keep-monthly 12" + ]; + timerConfig = { + OnCalendar = "*-*-* 03:00:00"; + Persistent = true; + }; + extraOptions = [ + "sftp.args='-i /etc/ssh/ssh_host_ed25519_key -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null'" + ]; + }; + }; +} diff --git a/hosts/vessel/rsync.nix b/hosts/vessel/rsync.nix new file mode 100644 index 0000000..9fe2546 --- /dev/null +++ b/hosts/vessel/rsync.nix @@ -0,0 +1,7 @@ +{ + services.rsync.jobs.vault = { + sources = [ "/srv/vault/" ]; + destination = "/srv/sync/"; + inhibitsSleep = true; + }; +} diff --git a/hosts/vessel/storage.nix b/hosts/vessel/storage.nix new file mode 100644 index 0000000..25c569c --- /dev/null +++ b/hosts/vessel/storage.nix @@ -0,0 +1,16 @@ +{ + systemd.tmpfiles.settings = { + music = { + "/srv/vault/music".d = { + user = "root"; + group = "users"; + mode = "0755"; + }; + "/srv/void/compmusic".d = { + user = "root"; + group = "users"; + mode = "0755"; + }; + }; + }; +} diff --git a/hosts/headless/abacus/system.nix b/hosts/vessel/system.nix similarity index 100% rename from hosts/headless/abacus/system.nix rename to hosts/vessel/system.nix diff --git a/hosts/headful/work/docker.nix b/hosts/work/docker.nix similarity index 97% rename from hosts/headful/work/docker.nix rename to hosts/work/docker.nix index 5f25fb5..34032f1 100644 --- a/hosts/headful/work/docker.nix +++ b/hosts/work/docker.nix @@ -2,7 +2,8 @@ config, pkgs, ... -}: { +}: +{ virtualisation.docker.enable = true; environment.systemPackages = [ diff --git a/hosts/headful/glacier/filesystems.nix b/hosts/work/filesystems.nix similarity index 84% rename from hosts/headful/glacier/filesystems.nix rename to hosts/work/filesystems.nix index 14ff284..52a1bfd 100644 --- a/hosts/headful/glacier/filesystems.nix +++ b/hosts/work/filesystems.nix @@ -4,6 +4,6 @@ fileSystems."/" = { fsType = "ext4"; device = "/dev/mapper/main"; - options = ["noatime"]; + options = [ "noatime" ]; }; } diff --git a/hosts/headful/work/hardware.nix b/hosts/work/hardware.nix similarity index 62% rename from hosts/headful/work/hardware.nix rename to hosts/work/hardware.nix index 24f1ac0..531c541 100644 --- a/hosts/headful/work/hardware.nix +++ b/hosts/work/hardware.nix @@ -2,7 +2,8 @@ inputs, modulesPath, ... -}: { +}: +{ imports = [ "${modulesPath}/installer/scan/not-detected.nix" @@ -16,10 +17,16 @@ boot = { initrd = { - availableKernelModules = ["nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod"]; - kernelModules = []; + availableKernelModules = [ + "nvme" + "xhci_pci" + "thunderbolt" + "usb_storage" + "sd_mod" + ]; + kernelModules = [ ]; }; - kernelModules = ["kvm-amd"]; - extraModulePackages = []; + kernelModules = [ "kvm-amd" ]; + extraModulePackages = [ ]; }; } diff --git a/hosts/headful/work/hosts.nix b/hosts/work/hosts.nix similarity index 100% rename from hosts/headful/work/hosts.nix rename to hosts/work/hosts.nix diff --git a/hosts/work/php.nix b/hosts/work/php.nix new file mode 100644 index 0000000..ee7281a --- /dev/null +++ b/hosts/work/php.nix @@ -0,0 +1,22 @@ +{ + config, + inputs, + pkgs, + ... +}: +{ + imports = [ + inputs.myphps.nixosModules.default + ]; + + services.myphps = { + enable = true; + prefix = "/var/lib/phps"; + }; + + environment.systemPackages = [ + pkgs.jetbrains.phpstorm + config.services.myphps.phps.php + inputs.myphps.packages.${pkgs.system}.symfony-cli + ]; +} diff --git a/hosts/headful/work/plasma.nix b/hosts/work/plasma.nix similarity index 90% rename from hosts/headful/work/plasma.nix rename to hosts/work/plasma.nix index 03996b4..37ece95 100644 --- a/hosts/headful/work/plasma.nix +++ b/hosts/work/plasma.nix @@ -2,7 +2,8 @@ lib, pkgs, ... -}: { +}: +{ services = { desktopManager = { cosmic.enable = lib.mkForce false; @@ -30,6 +31,6 @@ xdg.portal = { xdgOpenUsePortal = true; - extraPortals = [pkgs.xdg-desktop-portal-gtk]; + extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; }; } diff --git a/hosts/headless/vessel/system.nix b/hosts/work/system.nix similarity index 100% rename from hosts/headless/vessel/system.nix rename to hosts/work/system.nix diff --git a/hosts/headful/work/tools.nix b/hosts/work/tools.nix similarity index 88% rename from hosts/headful/work/tools.nix rename to hosts/work/tools.nix index 2c2281e..2dca47b 100644 --- a/hosts/headful/work/tools.nix +++ b/hosts/work/tools.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ environment.systemPackages = [ pkgs.gnumake pkgs.unzip diff --git a/hosts/headful/work/users.nix b/hosts/work/users.nix similarity index 93% rename from hosts/headful/work/users.nix rename to hosts/work/users.nix index 87c3ee3..078acbf 100644 --- a/hosts/headful/work/users.nix +++ b/hosts/work/users.nix @@ -2,9 +2,11 @@ config, lib, ... -}: let +}: +let inherit (config.users) mainUser; -in { +in +{ users = { mainUser = lib.mkForce "lukas"; users.${mainUser}.description = lib.mkForce "Lukas Wurzinger"; diff --git a/lib.nix b/lib.nix index c9acc8a..cd56dce 100644 --- a/lib.nix +++ b/lib.nix @@ -9,72 +9,59 @@ lib: _: { ]) paths; - mkIfElse = condition: trueContent: falseContent: + mkIfElse = + condition: trueContent: falseContent: lib.mkMerge [ (lib.mkIf condition trueContent) (lib.mkIf (!condition) falseContent) ]; - mkSecrets = secrets: let - mkSecret = { - name, - secret, - }: - secret - // { - file = ./secrets/${name}.age; - }; - in - builtins.mapAttrs (name: secret: mkSecret {inherit name secret;}) secrets; + mkSecrets = + secrets: + let + mkSecret = + { + name, + secret, + }: + secret + // { + file = ./secrets/${name}.age; + }; + in + builtins.mapAttrs (name: secret: mkSecret { inherit name secret; }) secrets; - genNixosConfigurations = { - inputs, - extraModules ? _: [], - }: let - modulesDir = ./modules; - commonDir = ./common; - classesDir = ./classes; - hostsDir = ./hosts; + genNixosConfigurations = + inputs: + let + modulesDir = ./modules; + profilesDir = ./profiles; + commonDir = ./common; + hostsDir = ./hosts; - commonNixosSystem = { - class, - name, - }: - lib.nixosSystem { - specialArgs = { - inherit (inputs) self; - inherit inputs lib; - attrName = name; + commonNixosSystem = + name: + lib.nixosSystem { + specialArgs = { + inherit (inputs) self; + inherit inputs lib; + attrName = name; + }; + + modules = + (lib.findModules [ + modulesDir + profilesDir + commonDir + (hostsDir + /${name}) + ]); }; - modules = - (lib.findModules [ - modulesDir - commonDir - ./classes/${class} - (classesDir + /${class}) - (hostsDir + /${class}/${name}) - ]) - ++ [ - {networking.hostName = lib.mkDefault name;} - ] - ++ (extraModules {inherit class name;}); - }; - - dirsIn = dir: - lib.pipe dir [ + hosts = lib.pipe hostsDir [ builtins.readDir (lib.filterAttrs (_: type: type == "directory")) builtins.attrNames ]; - in - lib.pipe (dirsIn hostsDir) [ - (classes: - builtins.concatMap ( - class: map (name: {inherit class name;}) (dirsIn (hostsDir + /${class})) - ) - classes) - (map (args: lib.nameValuePair args.name (commonNixosSystem args))) - builtins.listToAttrs - ]; + in + lib.genAttrs hosts commonNixosSystem; } diff --git a/modules/gcadapter.nix b/modules/gcadapter.nix new file mode 100644 index 0000000..3d3bba8 --- /dev/null +++ b/modules/gcadapter.nix @@ -0,0 +1,27 @@ +{ + config, + lib, + ... +}: +let + cfg = config.hardware.gcadapter; +in +{ + options.hardware.gcadapter.enable = lib.mkEnableOption "GameCube Adapter support"; + + config = lib.mkIf cfg.enable { + services.udev.extraRules = '' + ATTRS{idVendor}=="057e", ATTRS{idProduct}=="0337", MODE="666", SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device" TAG+="uaccess" + ''; + + boot = { + extraModulePackages = [ + config.boot.kernelPackages.gcadapter-oc-kmod + ]; + + kernelModules = [ + "gcadapter_oc" + ]; + }; + }; +} diff --git a/modules/main-user.nix b/modules/main-user.nix index d714e79..4123a80 100644 --- a/modules/main-user.nix +++ b/modules/main-user.nix @@ -1,6 +1,8 @@ -{lib, ...}: let +{ lib, ... }: +let inherit (lib) types; -in { +in +{ options = { users.mainUser = lib.mkOption { type = types.passwdEntry types.str; diff --git a/modules/rsync.nix b/modules/rsync.nix new file mode 100644 index 0000000..d5d7a55 --- /dev/null +++ b/modules/rsync.nix @@ -0,0 +1,208 @@ +{ + config, + lib, + pkgs, + utils, + ... +}: +let + cfg = config.services.rsync; + inherit (lib) types; + inherit (utils.systemdUtils.unitOptions) unitOption; + settingsToShell = lib.cli.toGNUCommandLineShell { + mkOptionName = k: "--${k}"; + }; + settingsType = + let + simples = [ + types.bool + types.str + types.int + types.float + ]; + in + types.attrsOf ( + types.oneOf ( + simples + ++ [ + (types.listOf (types.oneOf simples)) + ] + ) + ); +in +{ + options.services.rsync = { + enable = lib.mkEnableOption "periodic directory syncing via rsync"; + + package = lib.mkPackageOption pkgs "rsync" { }; + + # commonSettings = lib.mkOption { + # type = settingsType; + # default = { }; + # example = { + # archive = true; + # update = true; + # delete = true; + # mkpath = true; + # }; + # description = '' + # Common arguments to pass to the rsync command. + # ''; + # }; + + jobs = lib.mkOption { + description = '' + Synchronization jobs to run. + ''; + default = { }; + type = types.attrsOf ( + types.submodule { + options = { + sources = lib.mkOption { + type = types.listOf types.str; + example = [ + "/srv/src1/" + "/srv/src2/" + ]; + description = '' + Source directories. + ''; + }; + + destination = lib.mkOption { + type = types.str; + example = "/srv/dst/"; + description = '' + Destination directory. + ''; + }; + + settings = lib.mkOption { + type = settingsType; + default = { }; + example = { + verbose = true; + }; + description = '' + Extra arguments to pass to the rsync command. + ''; + }; + + user = lib.mkOption { + type = types.str; + default = "root"; + description = '' + The name of an existing user account under which the rsync process should run. + ''; + }; + + group = lib.mkOption { + type = types.str; + default = "root"; + description = '' + The name of an existing user group under which the rsync process should run. + ''; + }; + + timerConfig = lib.mkOption { + type = lib.types.nullOr (lib.types.attrsOf unitOption); + default = { + OnCalendar = "daily"; + Persistent = true; + }; + description = '' + When to run the job. + ''; + }; + + inhibit = lib.mkOption { + default = [ ]; + type = types.listOf types.str; + example = [ + "sleep" + ]; + description = '' + Run the rsync process with an inhibition lock taken; + see {manpage}`systemd-inhibit(1)` for a list of possible operations. + ''; + }; + }; + } + ); + }; + }; + + config = lib.mkIf cfg.enable { + assertions = [ + { + assertion = lib.all (job: job.sources != [ ]) (lib.attrValues cfg.jobs); + message = '' + At least one source directory must be provided to rsync. + ''; + } + ]; + + systemd = lib.mkMerge ( + lib.mapAttrsToList ( + jobName: job: + let + systemdName = "rsync-job-${jobName}"; + description = "Directory syncing via rsync job ${jobName}"; + in + { + timers.${systemdName} = { + wantedBy = [ + "timers.target" + ]; + inherit description; + inherit (job) timerConfig; + }; + + services.${systemdName} = { + inherit description; + + serviceConfig = { + Type = "oneshot"; + User = job.user; + Group = job.group; + + NoNewPrivileges = true; + PrivateDevices = true; + ProtectSystem = "full"; + ProtectKernelTunables = true; + ProtectKernelModules = true; + ProtectControlGroups = true; + MemoryDenyWriteExecute = true; + LockPersonality = true; + }; + + script = + let + settingsShell = settingsToShell job.settings; + inhibitString = lib.concatStringsSep ":" job.inhibit; + in + '' + ${ + lib.optionalString (job.inhibit != [ ]) '' + ${lib.getExe' config.systemd.package "systemd-inhibit"} \ + --mode block \ + --who ${lib.escapeShellArg description} \ + --what ${lib.escapeShellArg inhibitString} \ + --why ${lib.escapeShellArg "Scheduled rsync job ${jobName}"} \ + -- \ + '' + } \ + ${lib.getExe cfg.package} ${settingsShell} -- \ + ${lib.escapeShellArgs job.sources} \ + ${lib.escapeShellArg job.destination} + ''; + }; + } + ) cfg.jobs + ); + }; + + meta.maintainers = [ + lib.maintainers.lukaswrz + ]; +} diff --git a/modules/secure-boot.nix b/modules/secure-boot.nix deleted file mode 100644 index 91955c3..0000000 --- a/modules/secure-boot.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - config, - lib, - # inputs, - # pkgs, - ... -}: let - cfg = config.setups.secureBoot; -in { - # imports = [ - # inputs.lanzaboote.nixosModules.lanzaboote - # ]; - - options.setups.secureBoot.enable = lib.mkEnableOption "Secure Boot"; - - config = lib.mkIf cfg.enable { - # environment.systemPackages = [ - # pkgs.sbctl - # ]; - - # boot.loader.systemd-boot.enable = lib.mkForce false; - - # boot.lanzaboote = { - # enable = lib.mkForce true; - # pkiBundle = lib.mkDefault "/var/lib/sbctl"; - # }; - }; -} diff --git a/modules/user-types.nix b/modules/user-types.nix index f9595f5..28b5188 100644 --- a/modules/user-types.nix +++ b/modules/user-types.nix @@ -2,15 +2,24 @@ config, lib, ... -}: { - options.users = let - inherit (lib) types; - in { +}: +let + inherit (lib) types; + filterUsers = + predicate: + (lib.pipe config.users.users [ + (lib.filterAttrs (_: predicate)) + builtins.attrNames + ]); +in +{ + options.users = { normalUsers = lib.mkOption { type = types.listOf (types.passwdEntry types.str); description = '' List of normal users. ''; + readOnly = true; }; systemUsers = lib.mkOption { @@ -18,15 +27,11 @@ description = '' List of system users. ''; + readOnly = true; }; }; - config.users = let - filterUsers = pred: (lib.pipe config.users.users [ - (lib.filterAttrs (_: pred)) - builtins.attrNames - ]); - in { + config.users = { normalUsers = filterUsers (user: user.isNormalUser); systemUsers = filterUsers (user: user.isSystemUser); }; diff --git a/profiles/desktop/clipboard.nix b/profiles/desktop/clipboard.nix new file mode 100644 index 0000000..2acb2df --- /dev/null +++ b/profiles/desktop/clipboard.nix @@ -0,0 +1,16 @@ +{ + config, + lib, + pkgs, + ... +}: +let + cfg = config.profiles.desktop; +in +{ + config = lib.mkIf cfg.enable { + environment.systemPackages = [ + pkgs.wl-clipboard + ]; + }; +} diff --git a/profiles/desktop/compat.nix b/profiles/desktop/compat.nix new file mode 100644 index 0000000..a9a6477 --- /dev/null +++ b/profiles/desktop/compat.nix @@ -0,0 +1,33 @@ +{ + config, + lib, + pkgs, + ... +}: +let + cfg = config.profiles.desktop; +in +{ + config = lib.mkIf cfg.enable { + programs.appimage = { + enable = true; + binfmt = true; + package = pkgs.appimage-run.override { + extraPkgs = pkgs: [ + pkgs.curl + pkgs.zlib + pkgs.libmpg123 + ]; + }; + }; + + boot.binfmt.emulatedSystems = lib.remove pkgs.stdenv.hostPlatform.system [ + "x86_64-linux" + "aarch64-linux" + ]; + + environment.systemPackages = [ + pkgs.wineWow64Packages.waylandFull + ]; + }; +} diff --git a/profiles/desktop/cosmic.nix b/profiles/desktop/cosmic.nix new file mode 100644 index 0000000..8857cc5 --- /dev/null +++ b/profiles/desktop/cosmic.nix @@ -0,0 +1,29 @@ +{ + config, + lib, + inputs, + ... +}: +let + cfg = config.profiles.desktop; +in +{ + imports = [ + inputs.nixos-cosmic.nixosModules.default + ]; + + config = lib.mkIf cfg.enable { + + nix.settings = { + substituters = [ "https://cosmic.cachix.org" ]; + trusted-public-keys = [ "cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE=" ]; + }; + + services = { + desktopManager.cosmic.enable = true; + displayManager.cosmic-greeter.enable = true; + }; + + environment.sessionVariables.COSMIC_DATA_CONTROL_ENABLED = 1; + }; +} diff --git a/profiles/desktop/default.nix b/profiles/desktop/default.nix new file mode 100644 index 0000000..f328857 --- /dev/null +++ b/profiles/desktop/default.nix @@ -0,0 +1,29 @@ +{ config, lib, ... }: +let + cfg = config.profiles.desktop; +in +{ + options.profiles.desktop = { + enable = lib.mkEnableOption "desktop"; + }; + + # imports = lib.optionals cfg.enable (lib.findModules {} [./profile]); + + config = lib.mkIf cfg.enable { + imports = lib.findModules { } [ ./profile ]; + + assertions = [ + { + assertion = config.profiles.server.enable == false; + message = "The desktop profile is not compatible with the server profile."; + } + ]; + }; + + # config.assertions = lib.mkIf cfg.enable [ + # { + # assertion = config.profiles.server.enable == false; + # message = "The desktop profile is not compatible with the server profile."; + # } + # ]; +} diff --git a/profiles/desktop/firefox.nix b/profiles/desktop/firefox.nix new file mode 100644 index 0000000..e5ba561 --- /dev/null +++ b/profiles/desktop/firefox.nix @@ -0,0 +1,25 @@ +{ + config, + lib, + pkgs, + ... +}: +let + cfg = config.profiles.desktop; +in +{ + config = lib.mkIf cfg.enable { + programs.firefox = { + enable = true; + package = pkgs.librewolf; + preferences = { + "webgl.disabled" = false; + "privacy.resistFingerprinting" = false; + "middlemouse.paste" = false; + "general.autoScroll" = true; + "privacy.clearOnShutdown.history" = false; + "privacy.clearOnShutdown.downloads" = false; + }; + }; + }; +} diff --git a/profiles/desktop/fonts.nix b/profiles/desktop/fonts.nix new file mode 100644 index 0000000..2a528be --- /dev/null +++ b/profiles/desktop/fonts.nix @@ -0,0 +1,48 @@ +{ + config, + lib, + pkgs, + ... +}: +let + cfg = config.profiles.desktop; +in +{ + config = lib.mkIf cfg.enable { + fonts = { + enableDefaultPackages = true; + packages = [ + pkgs.noto-fonts + pkgs.noto-fonts-extra + pkgs.noto-fonts-cjk-sans + pkgs.noto-fonts-cjk-serif + pkgs.noto-fonts-monochrome-emoji + pkgs.noto-fonts-color-emoji + pkgs.nerd-fonts.fira-code + ]; + + fontconfig = { + enable = true; + + defaultFonts = { + monospace = [ + "FiraCode Nerd Font" + ]; + sansSerif = [ + "Noto Sans" + ]; + serif = [ + "Noto Serif" + ]; + emoji = [ + "Noto Color Emoji" + "Noto Emoji" + ]; + }; + }; + + # TODO + fontDir.enable = true; + }; + }; +} diff --git a/profiles/desktop/hardware.nix b/profiles/desktop/hardware.nix new file mode 100644 index 0000000..13163b5 --- /dev/null +++ b/profiles/desktop/hardware.nix @@ -0,0 +1,22 @@ +{ + config, + lib, + ... +}: +let + cfg = config.profiles.desktop; +in +{ + config = lib.mkIf cfg.enable { + hardware = { + bluetooth.enable = true; + steam-hardware.enable = true; + xone.enable = true; + xpadneo.enable = true; + opentabletdriver.enable = true; + gcadapter.enable = true; + graphics.enable = true; + enableAllFirmware = true; + }; + }; +} diff --git a/profiles/desktop/location.nix b/profiles/desktop/location.nix new file mode 100644 index 0000000..fffcb56 --- /dev/null +++ b/profiles/desktop/location.nix @@ -0,0 +1,13 @@ +{ + config, + lib, + ... +}: +let + cfg = config.profiles.desktop; +in +{ + config = lib.mkIf cfg.enable { + location.provider = "geoclue2"; + }; +} diff --git a/profiles/desktop/networking.nix b/profiles/desktop/networking.nix new file mode 100644 index 0000000..bdc6911 --- /dev/null +++ b/profiles/desktop/networking.nix @@ -0,0 +1,20 @@ +{ + config, + lib, + ... +}: +let + cfg = config.profiles.desktop; +in +{ + config = lib.mkIf cfg.enable { + services.resolved.enable = true; + + networking.networkmanager = { + enable = true; + dns = "systemd-resolved"; + }; + + users.groups.networkmanager.members = config.users.normalUsers; + }; +} diff --git a/profiles/desktop/pipewire.nix b/profiles/desktop/pipewire.nix new file mode 100644 index 0000000..7e6986f --- /dev/null +++ b/profiles/desktop/pipewire.nix @@ -0,0 +1,21 @@ +{ + config, + lib, + ... +}: +let + cfg = config.profiles.desktop; +in +{ + config = lib.mkIf cfg.enable { + security.rtkit.enable = true; + + services.pipewire = { + enable = true; + wireplumber.enable = true; + alsa.enable = true; + pulse.enable = true; + jack.enable = true; + }; + }; +} diff --git a/profiles/desktop/printing.nix b/profiles/desktop/printing.nix new file mode 100644 index 0000000..d251c14 --- /dev/null +++ b/profiles/desktop/printing.nix @@ -0,0 +1,16 @@ +{ + config, + lib, + ... +}: +let + cfg = config.profiles.desktop; +in +{ + config = lib.mkIf cfg.enable { + services.printing = { + enable = true; + webInterface = true; + }; + }; +} diff --git a/profiles/desktop/supersonic.nix b/profiles/desktop/supersonic.nix new file mode 100644 index 0000000..7eb28b0 --- /dev/null +++ b/profiles/desktop/supersonic.nix @@ -0,0 +1,16 @@ +{ + config, + lib, + pkgs, + ... +}: +let + cfg = config.profiles.desktop; +in +{ + config = lib.mkIf cfg.enable { + environment.systemPackages = [ + pkgs.supersonic-wayland + ]; + }; +} diff --git a/profiles/desktop/vesktop.nix b/profiles/desktop/vesktop.nix new file mode 100644 index 0000000..f1b45fe --- /dev/null +++ b/profiles/desktop/vesktop.nix @@ -0,0 +1,17 @@ +{ + config, + lib, + pkgs, + ... +}: +let + cfg = config.profiles.desktop; +in +{ + # TODO + config = lib.mkIf cfg.enable { + environment.systemPackages = [ + pkgs.vesktop + ]; + }; +} diff --git a/profiles/desktop/wayland.nix b/profiles/desktop/wayland.nix new file mode 100644 index 0000000..e76d7fc --- /dev/null +++ b/profiles/desktop/wayland.nix @@ -0,0 +1,16 @@ +{ + config, + lib, + ... +}: +let + cfg = config.profiles.desktop; +in +{ + config = lib.mkIf cfg.enable { + environment.sessionVariables = { + NIXOS_OZONE_WL = "1"; + SDL_VIDEODRIVER = "wayland"; + }; + }; +} diff --git a/profiles/desktop/xdg.nix b/profiles/desktop/xdg.nix new file mode 100644 index 0000000..892a8dc --- /dev/null +++ b/profiles/desktop/xdg.nix @@ -0,0 +1,13 @@ +{ + config, + lib, + ... +}: +let + cfg = config.profiles.desktop; +in +{ + config = lib.mkIf cfg.enable { + xdg.portal.xdgOpenUsePortal = true; + }; +} diff --git a/profiles/desktop/zk.nix b/profiles/desktop/zk.nix new file mode 100644 index 0000000..d4f4a66 --- /dev/null +++ b/profiles/desktop/zk.nix @@ -0,0 +1,16 @@ +{ + config, + lib, + pkgs, + ... +}: +let + cfg = config.profiles.desktop; +in +{ + config = lib.mkIf cfg.enable { + environment.systemPackages = [ + pkgs.zk + ]; + }; +} diff --git a/profiles/emulation/cemu.nix b/profiles/emulation/cemu.nix new file mode 100644 index 0000000..40ca12b --- /dev/null +++ b/profiles/emulation/cemu.nix @@ -0,0 +1,16 @@ +{ + config, + lib, + pkgs, + ... +}: +let + cfg = config.profiles.emulation; +in +{ + config = lib.mkIf cfg.enable { + environment.systemPackages = [ + pkgs.cemu + ]; + }; +} diff --git a/profiles/emulation/default.nix b/profiles/emulation/default.nix new file mode 100644 index 0000000..f7b51d8 --- /dev/null +++ b/profiles/emulation/default.nix @@ -0,0 +1,18 @@ +{ config, lib, ... }: +let + cfg = config.profiles.emulation; +in +{ + options.profiles.emulation = { + enable = lib.mkEnableOption "emulation"; + }; + + config = lib.mkIf cfg.enable { + assertions = [ + { + assertion = config.profiles.desktop.enable; + message = "The emulation profile depends on the desktop profile."; + } + ]; + }; +} diff --git a/profiles/emulation/dolphin.nix b/profiles/emulation/dolphin.nix new file mode 100644 index 0000000..f103752 --- /dev/null +++ b/profiles/emulation/dolphin.nix @@ -0,0 +1,16 @@ +{ + config, + lib, + pkgs, + ... +}: +let + cfg = config.profiles.emulation; +in +{ + config = lib.mkIf cfg.enable { + environment.systemPackages = [ + pkgs.dolphin-emu + ]; + }; +} diff --git a/profiles/emulation/rmg.nix b/profiles/emulation/rmg.nix new file mode 100644 index 0000000..4e7cd98 --- /dev/null +++ b/profiles/emulation/rmg.nix @@ -0,0 +1,16 @@ +{ + config, + lib, + pkgs, + ... +}: +let + cfg = config.profiles.emulation; +in +{ + config = lib.mkIf cfg.enable { + environment.systemPackages = [ + pkgs.rmg-wayland + ]; + }; +} diff --git a/profiles/gaming/default.nix b/profiles/gaming/default.nix new file mode 100644 index 0000000..0694b00 --- /dev/null +++ b/profiles/gaming/default.nix @@ -0,0 +1,18 @@ +{ config, lib, ... }: +let + cfg = config.profiles.gaming; +in +{ + options.profiles.gaming = { + enable = lib.mkEnableOption "gaming"; + }; + + imports = lib.optionals cfg.enable (lib.findModules { } [ ./profile ]); + + config.assertions = lib.mkIf cfg.enable [ + { + assertion = config.profiles.desktop.enable; + message = "The gaming profile depends on the desktop profile."; + } + ]; +} diff --git a/classes/headful/gamemode.nix b/profiles/gaming/gamemode.nix similarity index 82% rename from classes/headful/gamemode.nix rename to profiles/gaming/gamemode.nix index b3cd1d2..fa34276 100644 --- a/classes/headful/gamemode.nix +++ b/profiles/gaming/gamemode.nix @@ -3,7 +3,12 @@ lib, pkgs, ... -}: { +}: +let + cfg = config.profiles.gaming; +in +{ + config = lib.mkIf cfg.enable { programs.gamemode = { enable = true; settings = { @@ -18,4 +23,5 @@ }; users.groups.gamemode.members = config.users.normalUsers; + }; } diff --git a/profiles/gaming/prismlauncher.nix b/profiles/gaming/prismlauncher.nix new file mode 100644 index 0000000..4b16a95 --- /dev/null +++ b/profiles/gaming/prismlauncher.nix @@ -0,0 +1,16 @@ +{ + config, + lib, + pkgs, + ... +}: +let + cfg = config.profiles.gaming; +in +{ + config = lib.mkIf cfg.enable { + environment.systemPackages = [ + pkgs.prismlauncher + ]; + }; +} diff --git a/profiles/gaming/steam.nix b/profiles/gaming/steam.nix new file mode 100644 index 0000000..ddd5d63 --- /dev/null +++ b/profiles/gaming/steam.nix @@ -0,0 +1,20 @@ +{ + config, + lib, + ... +}: +let + cfg = config.profiles.gaming; +in +{ + config = lib.mkIf cfg.enable { + programs.steam = { + enable = true; + extest.enable = true; + protontricks.enable = true; + dedicatedServer.openFirewall = true; + remotePlay.openFirewall = true; + localNetworkGameTransfers.openFirewall = true; + }; + }; +} diff --git a/profiles/piracy/default.nix b/profiles/piracy/default.nix new file mode 100644 index 0000000..6d8ff03 --- /dev/null +++ b/profiles/piracy/default.nix @@ -0,0 +1,18 @@ +{ config, lib, ... }: +let + cfg = config.profiles.piracy; +in +{ + options.profiles.piracy = { + enable = lib.mkEnableOption "piracy"; + }; + + config = lib.mkIf cfg.enable { + assertions = [ + { + assertion = config.profiles.desktop.enable; + message = "The piracy profile depends on the desktop profile."; + } + ]; + }; +} diff --git a/profiles/piracy/mullvad.nix b/profiles/piracy/mullvad.nix new file mode 100644 index 0000000..f8a1542 --- /dev/null +++ b/profiles/piracy/mullvad.nix @@ -0,0 +1,17 @@ +{ + config, + lib, + pkgs, + ... +}: +let + cfg = config.profiles.gaming; +in +{ + config = lib.mkIf cfg.enable { + services.mullvad-vpn = { + enable = true; + package = pkgs.mullvad-vpn; + }; + }; +} diff --git a/profiles/piracy/qbittorrent.nix b/profiles/piracy/qbittorrent.nix new file mode 100644 index 0000000..e8ca0a5 --- /dev/null +++ b/profiles/piracy/qbittorrent.nix @@ -0,0 +1,16 @@ +{ + config, + lib, + pkgs, + ... +}: +let + cfg = config.profiles.gaming; +in +{ + config = lib.mkIf cfg.enable { + environment.systemPackages = [ + pkgs.qbittorrent + ]; + }; +} diff --git a/profiles/productivity/default.nix b/profiles/productivity/default.nix new file mode 100644 index 0000000..88f6e36 --- /dev/null +++ b/profiles/productivity/default.nix @@ -0,0 +1,18 @@ +{ config, lib, ... }: +let + cfg = config.profiles.productivity; +in +{ + options.profiles.productivity = { + enable = lib.mkEnableOption "productivity"; + }; + + config = lib.mkIf cfg.enable { + assertions = [ + { + assertion = config.profiles.desktop.enable; + message = "The productivity profile depends on the desktop profile."; + } + ]; + }; +} diff --git a/profiles/productivity/gimp.nix b/profiles/productivity/gimp.nix new file mode 100644 index 0000000..1498376 --- /dev/null +++ b/profiles/productivity/gimp.nix @@ -0,0 +1,16 @@ +{ + config, + lib, + pkgs, + ... +}: +let + cfg = config.profiles.productivity; +in +{ + config = lib.mkIf cfg.enable { + environment.systemPackages = [ + pkgs.gimp3-with-plugins + ]; + }; +} diff --git a/profiles/productivity/inkscape.nix b/profiles/productivity/inkscape.nix new file mode 100644 index 0000000..b883126 --- /dev/null +++ b/profiles/productivity/inkscape.nix @@ -0,0 +1,16 @@ +{ + config, + lib, + pkgs, + ... +}: +let + cfg = config.profiles.productivity; +in +{ + config = lib.mkIf cfg.enable { + environment.systemPackages = [ + pkgs.inkscape-with-extensions + ]; + }; +} diff --git a/profiles/productivity/libreoffice.nix b/profiles/productivity/libreoffice.nix new file mode 100644 index 0000000..22897f6 --- /dev/null +++ b/profiles/productivity/libreoffice.nix @@ -0,0 +1,16 @@ +{ + config, + lib, + pkgs, + ... +}: +let + cfg = config.profiles.productivity; +in +{ + config = lib.mkIf cfg.enable { + environment.systemPackages = [ + pkgs.libreoffice-fresh + ]; + }; +} diff --git a/profiles/server/default.nix b/profiles/server/default.nix new file mode 100644 index 0000000..0db3279 --- /dev/null +++ b/profiles/server/default.nix @@ -0,0 +1,3 @@ +{ + +} diff --git a/classes/headless/grafana.nix b/profiles/server/grafana.nix similarity index 99% rename from classes/headless/grafana.nix rename to profiles/server/grafana.nix index acd972f..38ccaaa 100644 --- a/classes/headless/grafana.nix +++ b/profiles/server/grafana.nix @@ -45,4 +45,4 @@ # # }; # # }; # } -{} +{ } diff --git a/classes/headless/loki.nix b/profiles/server/loki.nix similarity index 99% rename from classes/headless/loki.nix rename to profiles/server/loki.nix index 89d3b99..61a92e5 100644 --- a/classes/headless/loki.nix +++ b/profiles/server/loki.nix @@ -76,4 +76,4 @@ # }; # }; # } -{} +{ } diff --git a/profiles/server/networking.nix b/profiles/server/networking.nix new file mode 100644 index 0000000..6daa82c --- /dev/null +++ b/profiles/server/networking.nix @@ -0,0 +1,13 @@ +{ + config, + lib, + ... +}: +let + cfg = config.profiles.server; +in +{ + config = lib.mkIf cfg.enable { + networking.useNetworkd = true; + }; +} diff --git a/classes/headless/prometheus.nix b/profiles/server/prometheus.nix similarity index 99% rename from classes/headless/prometheus.nix rename to profiles/server/prometheus.nix index d6bad74..502f9d6 100644 --- a/classes/headless/prometheus.nix +++ b/profiles/server/prometheus.nix @@ -27,4 +27,4 @@ # ]; # }; # } -{} +{ } diff --git a/classes/headless/promtail.nix b/profiles/server/promtail.nix similarity index 99% rename from classes/headless/promtail.nix rename to profiles/server/promtail.nix index c9954c4..88121cb 100644 --- a/classes/headless/promtail.nix +++ b/profiles/server/promtail.nix @@ -39,4 +39,4 @@ # }; # }; # } -{} +{ } diff --git a/profiles/server/time.nix b/profiles/server/time.nix new file mode 100644 index 0000000..1113447 --- /dev/null +++ b/profiles/server/time.nix @@ -0,0 +1,13 @@ +{ + config, + lib, + ... +}: +let + cfg = config.profiles.server; +in +{ + config = lib.mkIf cfg.enable { + time.timeZone = "UTC"; + }; +} diff --git a/pubkeys.nix b/pubkeys.nix index 2af161c..cb6709e 100644 --- a/pubkeys.nix +++ b/pubkeys.nix @@ -1,7 +1,9 @@ { users = { - "lukas@flamingo" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAztZgcRBHqX8Wb2nAlP1qCKF205M3un/D1YnREcO7Dy"; - "lukas@glacier" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK4U9RzV/gVGBfrCOye7BlS11g5BS7SmuZ36n2ZIJyAX"; + "helvetica@flamingo" = + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAztZgcRBHqX8Wb2nAlP1qCKF205M3un/D1YnREcO7Dy"; + "helvetica@glacier" = + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK4U9RzV/gVGBfrCOye7BlS11g5BS7SmuZ36n2ZIJyAX"; "lukas@work" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINjvkQeQhAlS+e5EJOXW9Lqd3/uG9qNLIO0NaMFCA0Ew"; }; diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 0a37768..4ddb9bc 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -1,19 +1,21 @@ let pubkeys = import ../pubkeys.nix; inherit (pubkeys) users hosts; -in { - "user-helvetica.age".publicKeys = (builtins.attrValues users) ++ (builtins.attrValues (builtins.removeAttrs hosts ["insomniac"])); - "user-insomniac.age".publicKeys = (builtins.attrValues users) ++ [hosts.insomniac]; +in +{ + "user-helvetica.age".publicKeys = + (builtins.attrValues users) ++ (builtins.attrValues (builtins.removeAttrs hosts [ "insomniac" ])); + "user-insomniac.age".publicKeys = (builtins.attrValues users) ++ [ hosts.insomniac ]; - "miniflux.age".publicKeys = (builtins.attrValues users) ++ [hosts.abacus]; + "miniflux.age".publicKeys = (builtins.attrValues users) ++ [ hosts.abacus ]; - "vaultwarden.age".publicKeys = (builtins.attrValues users) ++ [hosts.abacus]; + "vaultwarden.age".publicKeys = (builtins.attrValues users) ++ [ hosts.abacus ]; - "forgejo-mailer.age".publicKeys = (builtins.attrValues users) ++ [hosts.abacus]; - "forgejo-admin.age".publicKeys = (builtins.attrValues users) ++ [hosts.abacus]; + "forgejo-mailer.age".publicKeys = (builtins.attrValues users) ++ [ hosts.abacus ]; + "forgejo-admin.age".publicKeys = (builtins.attrValues users) ++ [ hosts.abacus ]; - "restic-vessel.age".publicKeys = (builtins.attrValues users) ++ [hosts.vessel]; - "restic-abacus.age".publicKeys = (builtins.attrValues users) ++ [hosts.abacus]; + "restic-vessel.age".publicKeys = (builtins.attrValues users) ++ [ hosts.vessel ]; + "restic-abacus.age".publicKeys = (builtins.attrValues users) ++ [ hosts.abacus ]; - "syncserver.age".publicKeys = (builtins.attrValues users) ++ [hosts.abacus]; + "syncserver.age".publicKeys = (builtins.attrValues users) ++ [ hosts.abacus ]; } diff --git a/symfony-cli/package.nix b/symfony-cli/package.nix deleted file mode 100644 index 4f2101c..0000000 --- a/symfony-cli/package.nix +++ /dev/null @@ -1,72 +0,0 @@ -{ - lib, - fossarPhps, - symlinkJoin, - symfony-cli, - makeWrapper, -}: let - supportedPhps = [ - "php72" - "php73" - "php74" - "php80" - "php81" - "php82" - "php83" - "php84" - ]; - - extraConfig = '' - memory_limit = -1 - - xdebug.mode = develop,coverage,gcstats,profile,debug,trace - xdebug.discover_client_host = 1 - xdebug.client_host = localhost - ''; - - # Wrap all PHP versions with the extensions I need and bundle composer - phps = lib.genAttrs supportedPhps ( - phpName: let - phpBase = fossarPhps.${phpName}; - phpWithEnv = phpBase.buildEnv { - extensions = { - enabled, - all, - }: - enabled - ++ [all.xdebug] - ++ ( - if (lib.versionAtLeast phpBase.version "8") - then [all.amqp] - else [] - ); - inherit extraConfig; - }; - phpWithTools = symlinkJoin { - inherit (phpWithEnv) name version meta passthru; - paths = [ - phpWithEnv - phpWithEnv.packages.composer - ]; - }; - in - phpWithTools - ); - - package = symfony-cli; -in - # Tell Symfony's CLI where it can access the different PHP versions - symlinkJoin { - inherit (package) pname version meta; - - paths = [package]; - - buildInputs = [makeWrapper]; - - postBuild = '' - wrapProgram $out/bin/${package.meta.mainProgram} \ - --suffix PATH : ${lib.makeBinPath ( - builtins.attrValues phps - )} - ''; - }