diff --git a/.envrc b/.envrc index 3550a30..cb982f0 100644 --- a/.envrc +++ b/.envrc @@ -1 +1,9 @@ -use flake +watch_file flake.nix +watch_file flake.lock + +DEVENV_ROOT_FILE="$(mktemp)" +printf %s "$PWD" > "$DEVENV_ROOT_FILE" +if ! use flake . --override-input devenv-root "file+file://$DEVENV_ROOT_FILE" +then + echo "devenv could not be built. The devenv environment was not loaded. Make the necessary changes to devenv.nix and hit enter to try again." >&2 +fi diff --git a/README.md b/README.md index e49996b..9f8cc50 100644 --- a/README.md +++ b/README.md @@ -2,51 +2,25 @@ This is my cobbled together NixOS configuration. There are many like it, but this one is mine. Copy at your own risk. -## Structure - -* common: Sane defaults that make sense to use for every host. -* modules: Regular NixOS modules. -* profiles: Higher-level NixOS modules that conform to different roles that a host may have. -* packages: Packages that I couldn't fit anywhere else. -* secrets: Agenix secrets. -* hosts: Hosts exposed in `nixosConfigurations`. -* pubkeys.nix: Nix expression with all my SSH public keys, used for OpenSSH, Agenix and Restic. -* lib.nix: Nixpkgs' lib with some extra functionality. - -## Ports - -* 80X0: Public HTTP services that are proxied through nginx -* 40X0: Syncthing instances (4000 being the system instance, subsequent ones are for individual users) - -## Installation - -```bash -nix run git+https://codeberg.org/helvetica/puter.git#disk /path/to/disk -# TODO: Configure additional disks -mkdir -p /mnt/etc/ssh -cat > /mnt/etc/ssh/ssh_host_ed25519_key -chmod 600 /mnt/etc/ssh/ssh_host_ed25519_key -ssh-keygen -f /mnt/etc/ssh/ssh_host_ed25519_key -y > /mnt/etc/ssh/ssh_host_ed25519_key.pub -nixos-install --no-root-password --flake git+https://codeberg.org/helvetica/puter.git#hostname -``` - -## systemd-cryptenroll - -```bash -systemd-cryptenroll /dev/sdX --tpm2-device=auto -``` - -## Create tar for sbctl - -```bash -sudo sbctl create-keys -sudo tar --create --directory /var/lib/sbctl . | agenix -e secure-boot/hostname.tar.age -``` - ## TODO -- [ ] Lanzaboote -- [ ] Monitoring -- [ ] Rom sync +- [ ] lanzaboote +- [ ] monitoring (prometheus) +- [ ] logging (loki) +- [ ] kiosk +- [ ] tailscale and headscale +- [ ] game rom sync insomniac - [ ] insomniac backups - [ ] nginx websites + +## port allocation + +* 80X0: public HTTP services that are proxied through nginx +* 40X0: syncthing instances (4000 being the system instance, subsequent ones are for individual users) +* 60X0: private HTTP services that are accessible via tailscale +* 20XX: Administrative stuff, like prometheus etc. + +* 8000: vaultwarden +* 8010: headscale + +* 4000: syncthing diff --git a/classes/headful/clipboard.nix b/classes/headful/clipboard.nix new file mode 100644 index 0000000..cab0c1c --- /dev/null +++ b/classes/headful/clipboard.nix @@ -0,0 +1,3 @@ +{pkgs, ...}: { + environment.systemPackages = [pkgs.wl-clipboard]; +} diff --git a/classes/headful/codium.nix b/classes/headful/codium.nix new file mode 100644 index 0000000..9361621 --- /dev/null +++ b/classes/headful/codium.nix @@ -0,0 +1,6 @@ +{pkgs, ...}: { + # TODO: wrap + environment.systemPackages = [ + pkgs.vscodium + ]; +} diff --git a/classes/headful/cosmic.nix b/classes/headful/cosmic.nix new file mode 100644 index 0000000..29a20ad --- /dev/null +++ b/classes/headful/cosmic.nix @@ -0,0 +1,17 @@ +{inputs, ...}: { + imports = [ + inputs.nixos-cosmic.nixosModules.default + ]; + + nix.settings = { + substituters = ["https://cosmic.cachix.org"]; + trusted-public-keys = ["cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="]; + }; + + services = { + desktopManager.cosmic.enable = true; + displayManager.cosmic-greeter.enable = true; + }; + + environment.sessionVariables.COSMIC_DATA_CONTROL_ENABLED = 1; +} diff --git a/classes/headful/devenv.nix b/classes/headful/devenv.nix new file mode 100644 index 0000000..32fb44b --- /dev/null +++ b/classes/headful/devenv.nix @@ -0,0 +1,3 @@ +{pkgs, ...}: { + environment.systemPackages = [pkgs.devenv]; +} diff --git a/classes/headful/flatpak.nix b/classes/headful/flatpak.nix new file mode 100644 index 0000000..752a25e --- /dev/null +++ b/classes/headful/flatpak.nix @@ -0,0 +1,7 @@ +{inputs, ...}: { + imports = [ + inputs.flatpak.nixosModules.nix-flatpak + ]; + + services.flatpak.enable = true; +} diff --git a/classes/headful/fonts.nix b/classes/headful/fonts.nix new file mode 100644 index 0000000..bf59051 --- /dev/null +++ b/classes/headful/fonts.nix @@ -0,0 +1,27 @@ +{pkgs, ...}: { + fonts = { + enableDefaultPackages = true; + packages = [ + pkgs.noto-fonts + pkgs.noto-fonts-extra + pkgs.noto-fonts-cjk-sans + pkgs.noto-fonts-cjk-serif + pkgs.noto-fonts-monochrome-emoji + pkgs.noto-fonts-color-emoji + pkgs.nerd-fonts.fira-code + ]; + + fontconfig = { + enable = true; + + defaultFonts = { + monospace = ["FiraCode Nerd Font"]; + sansSerif = ["Noto Sans"]; + serif = ["Noto Serif"]; + emoji = ["Noto Color Emoji" "Noto Emoji"]; + }; + }; + + fontDir.enable = true; + }; +} diff --git a/classes/headful/gamemode.nix b/classes/headful/gamemode.nix new file mode 100644 index 0000000..b3cd1d2 --- /dev/null +++ b/classes/headful/gamemode.nix @@ -0,0 +1,21 @@ +{ + config, + lib, + pkgs, + ... +}: { + programs.gamemode = { + enable = true; + settings = { + general = { + renice = 10; + }; + custom = { + start = "${lib.getExe pkgs.libnotify} 'GameMode started'"; + end = "${lib.getExe pkgs.libnotify} 'GameMode stopped'"; + }; + }; + }; + + users.groups.gamemode.members = config.users.normalUsers; +} diff --git a/classes/headful/hardware.nix b/classes/headful/hardware.nix new file mode 100644 index 0000000..a49266b --- /dev/null +++ b/classes/headful/hardware.nix @@ -0,0 +1,10 @@ +{ + hardware = { + bluetooth.enable = true; + steam-hardware.enable = true; + xone.enable = true; + xpadneo.enable = true; + opentabletdriver.enable = true; + graphics.enable = true; + }; +} diff --git a/classes/headful/location.nix b/classes/headful/location.nix new file mode 100644 index 0000000..474ee00 --- /dev/null +++ b/classes/headful/location.nix @@ -0,0 +1,3 @@ +{ + location.provider = "geoclue2"; +} diff --git a/classes/headful/mullvad.nix b/classes/headful/mullvad.nix new file mode 100644 index 0000000..31d3c05 --- /dev/null +++ b/classes/headful/mullvad.nix @@ -0,0 +1,6 @@ +{pkgs, ...}: { + services.mullvad-vpn = { + enable = true; + package = pkgs.mullvad-vpn; + }; +} diff --git a/classes/headful/networking.nix b/classes/headful/networking.nix new file mode 100644 index 0000000..d7cd8c0 --- /dev/null +++ b/classes/headful/networking.nix @@ -0,0 +1,10 @@ +{config, ...}: { + services.resolved.enable = true; + + networking.networkmanager = { + enable = true; + dns = "systemd-resolved"; + }; + + users.groups.networkmanager.members = config.users.normalUsers; +} diff --git a/classes/headful/pipewire.nix b/classes/headful/pipewire.nix new file mode 100644 index 0000000..157b2af --- /dev/null +++ b/classes/headful/pipewire.nix @@ -0,0 +1,11 @@ +{ + security.rtkit.enable = true; + + services.pipewire = { + enable = true; + wireplumber.enable = true; + alsa.enable = true; + pulse.enable = true; + jack.enable = true; + }; +} diff --git a/classes/headful/printing.nix b/classes/headful/printing.nix new file mode 100644 index 0000000..cc77e7e --- /dev/null +++ b/classes/headful/printing.nix @@ -0,0 +1,6 @@ +{ + services.printing = { + enable = true; + webInterface = true; + }; +} diff --git a/classes/headful/wayland.nix b/classes/headful/wayland.nix new file mode 100644 index 0000000..d11e343 --- /dev/null +++ b/classes/headful/wayland.nix @@ -0,0 +1,6 @@ +{ + environment.sessionVariables = { + NIXOS_OZONE_WL = "1"; + SDL_VIDEODRIVER = "wayland"; + }; +} diff --git a/classes/headful/xdg.nix b/classes/headful/xdg.nix new file mode 100644 index 0000000..a5a81d9 --- /dev/null +++ b/classes/headful/xdg.nix @@ -0,0 +1,3 @@ +{ + xdg.portal.xdgOpenUsePortal = true; +} diff --git a/profiles/server/grafana.nix b/classes/headless/grafana.nix similarity index 99% rename from profiles/server/grafana.nix rename to classes/headless/grafana.nix index 38ccaaa..acd972f 100644 --- a/profiles/server/grafana.nix +++ b/classes/headless/grafana.nix @@ -45,4 +45,4 @@ # # }; # # }; # } -{ } +{} diff --git a/profiles/server/loki.nix b/classes/headless/loki.nix similarity index 99% rename from profiles/server/loki.nix rename to classes/headless/loki.nix index 61a92e5..89d3b99 100644 --- a/profiles/server/loki.nix +++ b/classes/headless/loki.nix @@ -76,4 +76,4 @@ # }; # }; # } -{ } +{} diff --git a/classes/headless/networking.nix b/classes/headless/networking.nix new file mode 100644 index 0000000..027e7df --- /dev/null +++ b/classes/headless/networking.nix @@ -0,0 +1,3 @@ +{ + networking.useNetworkd = true; +} diff --git a/profiles/server/prometheus.nix b/classes/headless/prometheus.nix similarity index 99% rename from profiles/server/prometheus.nix rename to classes/headless/prometheus.nix index 502f9d6..d6bad74 100644 --- a/profiles/server/prometheus.nix +++ b/classes/headless/prometheus.nix @@ -27,4 +27,4 @@ # ]; # }; # } -{ } +{} diff --git a/profiles/server/promtail.nix b/classes/headless/promtail.nix similarity index 99% rename from profiles/server/promtail.nix rename to classes/headless/promtail.nix index 88121cb..c9954c4 100644 --- a/profiles/server/promtail.nix +++ b/classes/headless/promtail.nix @@ -39,4 +39,4 @@ # }; # }; # } -{ } +{} diff --git a/classes/headless/time.nix b/classes/headless/time.nix new file mode 100644 index 0000000..47f2e72 --- /dev/null +++ b/classes/headless/time.nix @@ -0,0 +1,3 @@ +{ + time.timeZone = "UTC"; +} diff --git a/common/agenix.nix b/common/agenix.nix index 7e212a1..aff3765 100644 --- a/common/agenix.nix +++ b/common/agenix.nix @@ -1,5 +1,4 @@ -{ inputs, ... }: -{ +{inputs, ...}: { imports = [ inputs.agenix.nixosModules.default ]; diff --git a/common/bash.nix b/common/bash.nix new file mode 100644 index 0000000..92b7e52 --- /dev/null +++ b/common/bash.nix @@ -0,0 +1,5 @@ +{ + programs.bash.interactiveShellInit = '' + shopt -s autocd globstar nullglob extglob checkwinsize + ''; +} diff --git a/common/boot.nix b/common/boot.nix index 5770446..ce488d2 100644 --- a/common/boot.nix +++ b/common/boot.nix @@ -1,24 +1,21 @@ -{config, inputs, ...}: { - imports = [ - inputs.lanzaboote.nixosModules.lanzaboote - ]; - - fileSystems.${config.boot.loader.efi.efiSysMountPoint} = { +{ + fileSystems."/boot" = { label = "BOOT"; fsType = "vfat"; }; boot = { - lanzaboote = { - enable = true; - pkiBundle = "/var/lib/sbctl"; - }; + loader = { + systemd-boot = { + enable = true; + consoleMode = "max"; + }; - initrd.systemd.enable = true; - - loader.efi = { - canTouchEfiVariables = true; - efiSysMountPoint = "/boot"; + efi = { + canTouchEfiVariables = true; + efiSysMountPoint = "/boot"; + }; }; + tmp.cleanOnBoot = true; }; } diff --git a/common/bottom.nix b/common/bottom.nix index 52cfb51..fcb62d0 100644 --- a/common/bottom.nix +++ b/common/bottom.nix @@ -1,6 +1,3 @@ -{ pkgs, ... }: -{ - environment.systemPackages = [ - pkgs.bottom - ]; +{pkgs, ...}: { + environment.systemPackages = [pkgs.bottom]; } diff --git a/common/comma.nix b/common/comma.nix index ddc4348..05bde3a 100644 --- a/common/comma.nix +++ b/common/comma.nix @@ -1,8 +1,3 @@ -{ inputs, ... }: { - imports = [ - inputs.nix-index-database.nixosModules.nix-index - ]; - programs.nix-index-database.comma.enable = true; } diff --git a/common/command-not-found.nix b/common/command-not-found.nix new file mode 100644 index 0000000..5f8fcff --- /dev/null +++ b/common/command-not-found.nix @@ -0,0 +1,4 @@ +{ + # TODO + programs.command-not-found.enable = false; +} diff --git a/common/dbus.nix b/common/dbus.nix new file mode 100644 index 0000000..7d270b2 --- /dev/null +++ b/common/dbus.nix @@ -0,0 +1,3 @@ +{ + services.dbus.implementation = "broker"; +} diff --git a/common/editor.nix b/common/editor.nix deleted file mode 100644 index 84fe178..0000000 --- a/common/editor.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ - inputs, - lib, - pkgs, - ... -}: -let - package = inputs.hxwrap.packages.${pkgs.system}.default; -in -{ - environment = { - systemPackages = [ package ]; - - sessionVariables = - let - exe = builtins.baseNameOf (lib.getExe package); - in - { - EDITOR = exe; - VISUAL = exe; - }; - }; -} diff --git a/common/fish.nix b/common/fish.nix new file mode 100644 index 0000000..b54be6e --- /dev/null +++ b/common/fish.nix @@ -0,0 +1,5 @@ +{pkgs, ...}: { + programs.fish.enable = true; + + users.defaultUserShell = pkgs.fish; +} diff --git a/common/hardware.nix b/common/fwupd.nix similarity index 100% rename from common/hardware.nix rename to common/fwupd.nix diff --git a/common/gc.nix b/common/gc.nix index 2f9440d..62342bb 100644 --- a/common/gc.nix +++ b/common/gc.nix @@ -2,8 +2,6 @@ nix.gc = { automatic = true; dates = "daily"; - options = "--delete-older-than 30d"; + options = "--delete-older-than 7d"; }; - - boot.loader.systemd-boot.configurationLimit = 5; } diff --git a/common/git.nix b/common/git.nix index 188b2e0..d8ac829 100644 --- a/common/git.nix +++ b/common/git.nix @@ -1,10 +1,6 @@ -{pkgs, ...}: { +{ programs.git = { enable = true; lfs.enable = true; }; - - environment.systemPackages = [ - pkgs.gitui - ]; } diff --git a/common/shpool.nix b/common/gitui.nix similarity index 54% rename from common/shpool.nix rename to common/gitui.nix index ba510bf..e7d891e 100644 --- a/common/shpool.nix +++ b/common/gitui.nix @@ -1,6 +1,5 @@ -{ pkgs, ... }: -{ +{pkgs, ...}: { environment.systemPackages = [ - pkgs.shpool + pkgs.gitui ]; } diff --git a/common/helix.nix b/common/helix.nix new file mode 100644 index 0000000..6cfd9fa --- /dev/null +++ b/common/helix.nix @@ -0,0 +1,16 @@ +{ + lib, + pkgs, + ... +}: let + package = pkgs.helix; +in { + environment.systemPackages = [package]; + + environment.sessionVariables = let + exe = builtins.baseNameOf (lib.getExe package); + in { + EDITOR = exe; + VISUAL = exe; + }; +} diff --git a/common/networking.nix b/common/networking.nix index 5f1a984..654e427 100644 --- a/common/networking.nix +++ b/common/networking.nix @@ -1,9 +1,5 @@ -{ attrName, pkgs, ... }: -{ - networking = { - hostName = attrName; - nftables.enable = true; - }; +{pkgs, ...}: { + networking.nftables.enable = true; environment.systemPackages = [ pkgs.nixos-firewall-tool diff --git a/common/nini.nix b/common/nini.nix deleted file mode 100644 index b23037e..0000000 --- a/common/nini.nix +++ /dev/null @@ -1,10 +0,0 @@ -{inputs, ...}: { - imports = [ - inputs.nini.nixosModules.default - ]; - - programs.nini = { - enable = true; - flakeref = "git+https://forgejo.helveticanonstandard.net/helvetica/puter.git"; - }; -} diff --git a/common/nix-index-database.nix b/common/nix-index-database.nix new file mode 100644 index 0000000..c8b6d0d --- /dev/null +++ b/common/nix-index-database.nix @@ -0,0 +1,5 @@ +{inputs, ...}: { + imports = [ + inputs.nix-index-database.nixosModules.nix-index + ]; +} diff --git a/common/nix.nix b/common/nix.nix index 806b91f..fe2be20 100644 --- a/common/nix.nix +++ b/common/nix.nix @@ -3,17 +3,16 @@ inputs, lib, ... -}: -{ +}: { nix = { - registry = lib.mapAttrs (_: value: { flake = value; }) inputs; + registry = lib.mapAttrs (_: value: {flake = value;}) inputs; nixPath = lib.mapAttrsToList (key: _: "${key}=flake:${key}") config.nix.registry; optimise.automatic = true; settings = { - trusted-users = [ "root" ] ++ config.users.normalUsers; + trusted-users = ["root"] ++ config.users.normalUsers; experimental-features = [ "nix-command" "flakes" @@ -25,4 +24,5 @@ }; nixpkgs.config.allowUnfree = true; + hardware.enableAllFirmware = true; } diff --git a/modules/pubkeys.nix b/common/pubkeys.nix similarity index 71% rename from modules/pubkeys.nix rename to common/pubkeys.nix index 137e51b..6672a26 100644 --- a/modules/pubkeys.nix +++ b/common/pubkeys.nix @@ -2,18 +2,15 @@ lib, self, ... -}: -{ - options.pubkeys = - let - inherit (lib) types; - in +}: { + options.pubkeys = let + inherit (lib) types; + in lib.mkOption { type = types.attrsOf (types.attrsOf types.str); description = '' Public keys. ''; - readOnly = true; }; config.pubkeys = lib.mkForce (import (self + /pubkeys.nix)); diff --git a/common/puter.nix b/common/puter.nix new file mode 100644 index 0000000..9304941 --- /dev/null +++ b/common/puter.nix @@ -0,0 +1,12 @@ +{ + pkgs, + self, + ... +}: { + environment = { + systemPackages = [ + self.packages.${pkgs.system}.puter + ]; + sessionVariables.PUTER_FLAKEREF = "git+https://forgejo@tea.wrz.one/lukas/puter.git"; + }; +} diff --git a/common/ripgrep.nix b/common/ripgrep.nix index 26795af..6094a55 100644 --- a/common/ripgrep.nix +++ b/common/ripgrep.nix @@ -1,5 +1,4 @@ -{ pkgs, ... }: -{ +{pkgs, ...}: { environment.systemPackages = [ pkgs.ripgrep ]; diff --git a/common/secure-boot.nix b/common/secure-boot.nix deleted file mode 100644 index 0570b0c..0000000 --- a/common/secure-boot.nix +++ /dev/null @@ -1,12 +0,0 @@ -{self, attrName, config, lib, pkgs, ...}: let - inherit (config.age) secrets; -in{ - age.secrets.secure-boot.file = self + /secrets/secure-boot/${attrName}.tar.age; - - system.activationScripts.secureboot = let - target = config.boot.lanzaboote.pkiBundle; - in '' - mkdir --parents ${target} - ${lib.getExe pkgs.gnutar} --extract --file ${secrets.secure-boot.path} --directory ${target} - ''; -} diff --git a/common/shell.nix b/common/shell.nix deleted file mode 100644 index 1b0e0c2..0000000 --- a/common/shell.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ config, ... }: -{ - programs = { - fish.enable = true; - - bash.interactiveShellInit = '' - shopt -s autocd globstar nullglob extglob checkwinsize - ''; - - starship = { - enable = true; - interactiveOnly = true; - settings.format = "$all"; - }; - }; - - users.defaultUserShell = config.programs.fish.package; -} diff --git a/common/ssh.nix b/common/ssh.nix index a80f958..29b1e6c 100644 --- a/common/ssh.nix +++ b/common/ssh.nix @@ -1,5 +1,5 @@ { - age.identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + age.identityPaths = ["/etc/ssh/ssh_host_ed25519_key"]; services.openssh = { enable = true; diff --git a/common/starship.nix b/common/starship.nix new file mode 100644 index 0000000..491995c --- /dev/null +++ b/common/starship.nix @@ -0,0 +1,7 @@ +{ + programs.starship = { + enable = true; + interactiveOnly = true; + settings.format = "$all"; + }; +} diff --git a/common/sudo.nix b/common/sudo.nix index 0d1ce03..4cac0ec 100644 --- a/common/sudo.nix +++ b/common/sudo.nix @@ -3,8 +3,6 @@ enable = true; execWheelOnly = true; wheelNeedsPassword = true; - extraConfig = '' - Defaults lecture="never" - ''; + extraConfig = "Defaults lecture=\"never\""; }; } diff --git a/common/swap.nix b/common/swap.nix index 71751cf..f8ddd9c 100644 --- a/common/swap.nix +++ b/common/swap.nix @@ -1,6 +1,3 @@ { - zramSwap = { - enable = true; - memoryPercent = 50; - }; + zramSwap.enable = true; } diff --git a/common/syncthing.nix b/common/syncthing.nix index 647ee15..7b6c8ad 100644 --- a/common/syncthing.nix +++ b/common/syncthing.nix @@ -1,8 +1,6 @@ -{ config, ... }: -let +{config, ...}: let inherit (config.networking) hostName; -in -{ +in { services.syncthing = { enable = true; systemService = true; diff --git a/common/tailscale.nix b/common/tailscale.nix index 915d195..12922dd 100644 --- a/common/tailscale.nix +++ b/common/tailscale.nix @@ -1,12 +1,14 @@ -{ config, ... }: -{ +{config, ...}: { services.tailscale = { enable = true; openFirewall = true; - useRoutingFeatures = "both"; # TODO }; - networking.firewall.trustedInterfaces = [ - config.services.tailscale.interfaceName - ]; + networking.firewall = { + trustedInterfaces = [ + config.services.tailscale.interfaceName + ]; + # Required to connect to Tailscale exit nodes + checkReversePath = "loose"; + }; } diff --git a/common/tmp.nix b/common/tmp.nix deleted file mode 100644 index 7f61ff5..0000000 --- a/common/tmp.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - boot.tmp = { - useTmpfs = true; - tmpfsSize = "50%"; - }; -} diff --git a/common/users.nix b/common/users.nix index 18680a7..5ba4530 100644 --- a/common/users.nix +++ b/common/users.nix @@ -1,13 +1,11 @@ { - self, config, + lib, ... -}: -let +}: let inherit (config.users) mainUser; -in -{ - age.secrets."user-${mainUser}".file = self + /secrets/users/${mainUser}.age; +in { + age.secrets = lib.mkSecrets {"user-${mainUser}" = {};}; users = { mutableUsers = false; @@ -22,7 +20,7 @@ in isNormalUser = true; hashedPasswordFile = config.age.secrets."user-${mainUser}".path; openssh.authorizedKeys.keys = builtins.attrValues config.pubkeys.users; - extraGroups = [ "wheel" ]; # TODO remove + extraGroups = ["wheel"]; #TODO remove }; }; }; diff --git a/common/wheel.nix b/common/wheel.nix index 0c17216..8481639 100644 --- a/common/wheel.nix +++ b/common/wheel.nix @@ -1,4 +1,3 @@ -{ config, ... }: -{ +{config, ...}: { users.groups.wheel.members = config.users.normalUsers; } diff --git a/common/yazi.nix b/common/yazi.nix new file mode 100644 index 0000000..2ae4438 --- /dev/null +++ b/common/yazi.nix @@ -0,0 +1,3 @@ +{ + programs.yazi.enable = true; +} diff --git a/hosts/insomniac/freetube.nix b/common/zellij.nix similarity index 53% rename from hosts/insomniac/freetube.nix rename to common/zellij.nix index b24fd0d..c97e1f7 100644 --- a/hosts/insomniac/freetube.nix +++ b/common/zellij.nix @@ -1,6 +1,5 @@ -{ pkgs, ... }: -{ +{pkgs, ...}: { environment.systemPackages = [ - pkgs.freetube + pkgs.zellij ]; } diff --git a/devenv.nix b/devenv.nix new file mode 100644 index 0000000..a80aa4f --- /dev/null +++ b/devenv.nix @@ -0,0 +1,21 @@ +{ + languages.python.enable = true; + + pre-commit.hooks = { + # Nix + alejandra.enable = true; + deadnix.enable = true; + statix.enable = true; + + # Flakes + flake-checker.enable = true; + + # Shell + shellcheck.enable = true; + + # Python + pyright.enable = true; + ruff.enable = true; + ruff-format.enable = true; + }; +} diff --git a/flake.lock b/flake.lock index eca4763..1f4c50c 100644 --- a/flake.lock +++ b/flake.lock @@ -8,11 +8,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1745630506, - "narHash": "sha256-bHCFgGeu8XjWlVuaWzi3QONjDW3coZDqSHvnd4l7xus=", + "lastModified": 1736955230, + "narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=", "owner": "ryantm", "repo": "agenix", - "rev": "96e078c646b711aee04b82ba01aefbff87004ded", + "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c", "type": "github" }, "original": { @@ -21,6 +21,34 @@ "type": "github" } }, + "cachix": { + "inputs": { + "devenv": [ + "devenv" + ], + "flake-compat": [ + "devenv" + ], + "git-hooks": [ + "devenv" + ], + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1742042642, + "narHash": "sha256-D0gP8srrX0qj+wNYNPdtVJsQuFzIng3q43thnHXQ/es=", + "owner": "cachix", + "repo": "cachix", + "rev": "a624d3eaf4b1d225f918de8543ed739f2f574203", + "type": "github" + }, + "original": { + "owner": "cachix", + "ref": "latest", + "repo": "cachix", + "type": "github" + } + }, "crane": { "locked": { "lastModified": 1731098351, @@ -44,11 +72,11 @@ ] }, "locked": { - "lastModified": 1744478979, - "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", + "lastModified": 1700795494, + "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "43975d782b418ebf4969e9ccba82466728c2851b", + "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", "type": "github" }, "original": { @@ -58,23 +86,41 @@ "type": "github" } }, - "flake-compat": { - "flake": false, + "devenv": { + "inputs": { + "cachix": "cachix", + "flake-compat": "flake-compat", + "git-hooks": "git-hooks", + "nix": "nix", + "nixpkgs": "nixpkgs_4" + }, "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "lastModified": 1743783972, + "narHash": "sha256-5wPsNCnWmeLpLxavsftA9L7tnYgtlexV7FwLegxtpy4=", + "owner": "cachix", + "repo": "devenv", + "rev": "2f53e2f867e0c2ba18b880e66169366e5f8ca554", "type": "github" }, "original": { - "owner": "edolstra", - "repo": "flake-compat", + "owner": "cachix", + "repo": "devenv", "type": "github" } }, - "flake-compat_2": { + "devenv-root": { + "flake": false, + "locked": { + "narHash": "sha256-d6xi4mKdjkX2JFicDIv5niSzpyI0m/Hnm8GGAIU04kY=", + "type": "file", + "url": "file:///dev/null" + }, + "original": { + "type": "file", + "url": "file:///dev/null" + } + }, + "flake-compat": { "flake": false, "locked": { "lastModified": 1733328505, @@ -90,14 +136,30 @@ "type": "github" } }, + "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-compat_3": { "flake": false, "locked": { - "lastModified": 1746162366, - "narHash": "sha256-5SSSZ/oQkwfcAz/o/6TlejlVGqeK08wyREBQ5qFFPhM=", + "lastModified": 1717312683, + "narHash": "sha256-FrlieJH50AuvagamEvWMIE6D2OAnERuDboFDYAED/dE=", "owner": "nix-community", "repo": "flake-compat", - "rev": "0f158086a2ecdbb138cd0429410e44994f1b7e4b", + "rev": "38fd3954cf65ce6faf3d0d45cd26059e059f07ea", "type": "github" }, "original": { @@ -106,7 +168,45 @@ "type": "github" } }, + "flake-compat_4": { + "flake": false, + "locked": { + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "devenv", + "nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1712014858, + "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_2": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" }, @@ -124,43 +224,7 @@ "type": "github" } }, - "flake-parts_2": { - "inputs": { - "nixpkgs-lib": "nixpkgs-lib_2" - }, - "locked": { - "lastModified": 1743550720, - "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "c621e8422220273271f52058f618c94e405bb0f5", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, "flake-parts_3": { - "inputs": { - "nixpkgs-lib": "nixpkgs-lib_3" - }, - "locked": { - "lastModified": 1743550720, - "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "c621e8422220273271f52058f618c94e405bb0f5", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_4": { "inputs": { "nixpkgs-lib": [ "lanzaboote", @@ -181,9 +245,9 @@ "type": "github" } }, - "flake-parts_5": { + "flake-parts_4": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib_4" + "nixpkgs-lib": "nixpkgs-lib_2" }, "locked": { "lastModified": 1743550720, @@ -199,65 +263,70 @@ "type": "github" } }, - "flake-parts_6": { - "inputs": { - "nixpkgs-lib": "nixpkgs-lib_5" - }, + "flatpak": { "locked": { - "lastModified": 1743550720, - "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "c621e8422220273271f52058f618c94e405bb0f5", + "lastModified": 1739444422, + "narHash": "sha256-iAVVHi7X3kWORftY+LVbRiStRnQEob2TULWyjMS6dWg=", + "owner": "gmodena", + "repo": "nix-flatpak", + "rev": "5e54c3ca05a7c7d968ae1ddeabe01d2a9bc1e177", "type": "github" }, "original": { - "owner": "hercules-ci", - "repo": "flake-parts", + "owner": "gmodena", + "ref": "latest", + "repo": "nix-flatpak", "type": "github" } }, - "flake-parts_7": { + "git-hooks": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib_6" + "flake-compat": [ + "devenv" + ], + "gitignore": "gitignore", + "nixpkgs": [ + "devenv", + "nixpkgs" + ] }, "locked": { - "lastModified": 1743550720, - "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "c621e8422220273271f52058f618c94e405bb0f5", + "lastModified": 1742649964, + "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82", "type": "github" }, "original": { - "owner": "hercules-ci", - "repo": "flake-parts", + "owner": "cachix", + "repo": "git-hooks.nix", "type": "github" } }, - "forgesync": { - "inputs": { - "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_2", - "pyproject-build-systems": "pyproject-build-systems", - "pyproject-nix": "pyproject-nix", - "uv2nix": "uv2nix" - }, - "locked": { - "lastModified": 1746299148, - "narHash": "sha256-OL9j+S8m4zC2dCqjaWLt6Ooc7EzRjJC/olLVj7mqd/M=", - "ref": "refs/heads/main", - "rev": "e2e0f134da1444b298d4a4601390664124d0a5c4", - "revCount": 10, - "type": "git", - "url": "https://codeberg.org/helvetica/forgesync.git" - }, - "original": { - "type": "git", - "url": "https://codeberg.org/helvetica/forgesync.git" - } - }, "gitignore": { + "inputs": { + "nixpkgs": [ + "devenv", + "git-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_2": { "inputs": { "nixpkgs": [ "lanzaboote", @@ -281,11 +350,11 @@ }, "hardware": { "locked": { - "lastModified": 1747129300, - "narHash": "sha256-L3clA5YGeYCF47ghsI7Tcex+DnaaN/BbQ4dR2wzoiKg=", + "lastModified": 1743420942, + "narHash": "sha256-b/exDDQSLmENZZgbAEI3qi9yHkuXAXCPbormD8CSJXo=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "e81fd167b33121269149c57806599045fd33eeed", + "rev": "de6fc5551121c59c01e2a3d45b277a6d05077bc4", "type": "github" }, "original": { @@ -302,11 +371,11 @@ ] }, "locked": { - "lastModified": 1745494811, - "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=", + "lastModified": 1703113217, + "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", "owner": "nix-community", "repo": "home-manager", - "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be", + "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", "type": "github" }, "original": { @@ -315,33 +384,12 @@ "type": "github" } }, - "hxwrap": { - "inputs": { - "flake-parts": "flake-parts_3", - "nixpkgs": "nixpkgs_3" - }, - "locked": { - "lastModified": 1745088587, - "narHash": "sha256-85AYHWayJVq/dxgk/S4RH7u6w59Akyr1fVttR8KBh8g=", - "ref": "refs/heads/main", - "rev": "8fa5d5d550add7bf6cfd0a619dfac0e8a03b2bae", - "revCount": 21, - "type": "git", - "url": "https://codeberg.org/helvetica/hxwrap.git" - }, - "original": { - "type": "git", - "url": "https://codeberg.org/helvetica/hxwrap.git" - } - }, "lanzaboote": { "inputs": { "crane": "crane", - "flake-compat": "flake-compat", - "flake-parts": "flake-parts_4", - "nixpkgs": [ - "nixpkgs" - ], + "flake-compat": "flake-compat_2", + "flake-parts": "flake-parts_3", + "nixpkgs": "nixpkgs_5", "pre-commit-hooks-nix": "pre-commit-hooks-nix", "rust-overlay": "rust-overlay" }, @@ -360,62 +408,72 @@ "type": "github" } }, + "libgit2": { + "flake": false, + "locked": { + "lastModified": 1697646580, + "narHash": "sha256-oX4Z3S9WtJlwvj0uH9HlYcWv+x1hqp8mhXl7HsLu2f0=", + "owner": "libgit2", + "repo": "libgit2", + "rev": "45fd9ed7ae1a9b74b957ef4f337bc3c8b3df01b5", + "type": "github" + }, + "original": { + "owner": "libgit2", + "repo": "libgit2", + "type": "github" + } + }, "musicomp": { "inputs": { - "flake-parts": "flake-parts_5", - "nixpkgs": "nixpkgs_4" + "flake-parts": "flake-parts_4", + "nixpkgs": "nixpkgs_6" }, "locked": { - "lastModified": 1744916606, - "narHash": "sha256-6l7xP5DTAc7E+gO2xu9aX5BjyuDNLMdeS6oFFrpsulg=", + "lastModified": 1744068246, + "narHash": "sha256-ZrLuwXT0uRxa4hyMyCe/IG9lKZEqAM+lUgLKcCiZjbA=", "ref": "refs/heads/main", - "rev": "0c6b26ce38dbc39d360904ddd98eab1159b922e1", - "revCount": 3, - "type": "git", - "url": "https://codeberg.org/helvetica/musicomp.git" - }, - "original": { - "type": "git", - "url": "https://codeberg.org/helvetica/musicomp.git" - } - }, - "myphps": { - "inputs": { - "flake-parts": "flake-parts_6", - "nixpkgs": "nixpkgs_5", - "phps": "phps" - }, - "locked": { - "lastModified": 1746369841, - "narHash": "sha256-/k3MQPXdsXJ0FDEsT1YvBG9ugRXk1nuE9MCb1wAMGQc=", - "ref": "refs/heads/main", - "rev": "dbe35541ef6923f411685434cc535d0854b55b6a", - "revCount": 5, - "type": "git", - "url": "https://codeberg.org/helvetica/myphps.git" - }, - "original": { - "type": "git", - "url": "https://codeberg.org/helvetica/myphps.git" - } - }, - "nini": { - "inputs": { - "flake-parts": "flake-parts_7", - "nixpkgs": "nixpkgs_7" - }, - "locked": { - "lastModified": 1747493683, - "narHash": "sha256-SEszNrbvTzxjFM7apKnL8LaarvDAzcuuQXj8r+ikJdk=", - "ref": "refs/heads/main", - "rev": "a61825fc51a2b52cebd01ce58910707383e08b02", + "rev": "66aa356585132605e8bd9cc630fab7416f3caf3d", "revCount": 2, "type": "git", - "url": "https://codeberg.org/helvetica/nini.git" + "url": "https://codeberg.org/helveticanonstandard/musicomp.git" }, "original": { "type": "git", - "url": "https://codeberg.org/helvetica/nini.git" + "url": "https://codeberg.org/helveticanonstandard/musicomp.git" + } + }, + "nix": { + "inputs": { + "flake-compat": [ + "devenv" + ], + "flake-parts": "flake-parts", + "libgit2": "libgit2", + "nixpkgs": "nixpkgs_3", + "nixpkgs-23-11": [ + "devenv" + ], + "nixpkgs-regression": [ + "devenv" + ], + "pre-commit-hooks": [ + "devenv" + ] + }, + "locked": { + "lastModified": 1741798497, + "narHash": "sha256-E3j+3MoY8Y96mG1dUIiLFm2tZmNbRvSiyN7CrSKuAVg=", + "owner": "domenkozar", + "repo": "nix", + "rev": "f3f44b2baaf6c4c6e179de8cbb1cc6db031083cd", + "type": "github" + }, + "original": { + "owner": "domenkozar", + "ref": "devenv-2.24", + "repo": "nix", + "type": "github" } }, "nix-index-database": { @@ -425,11 +483,11 @@ ] }, "locked": { - "lastModified": 1747470409, - "narHash": "sha256-R9TP2//BDKyjNzuZybplIZm7HQEnwL8khs7EmmTPYP4=", + "lastModified": 1743911143, + "narHash": "sha256-4j4JPwr0TXHH4ZyorXN5yIcmqIQr0WYacsuPA4ktONo=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "c1f63a0c3bf1b2fe05124ccb099333163e2184a7", + "rev": "a36f6a7148aec2c77d78e4466215cceb2f5f4bfb", "type": "github" }, "original": { @@ -441,16 +499,16 @@ "nixos-cosmic": { "inputs": { "flake-compat": "flake-compat_3", - "nixpkgs": "nixpkgs_8", + "nixpkgs": "nixpkgs_7", "nixpkgs-stable": "nixpkgs-stable_2", "rust-overlay": "rust-overlay_2" }, "locked": { - "lastModified": 1747491978, - "narHash": "sha256-Jn7um1fnf2bI9N8gvG5jIHvIJxxLaXd+2+wHXyW0Frs=", + "lastModified": 1744137608, + "narHash": "sha256-KEuKL7lM2ZqKzvaGIptVDAce29CAR4ZSgWtFD3PnpB0=", "owner": "lilyinstarlight", "repo": "nixos-cosmic", - "rev": "2a7be063557ffc19ab1d8ab18bfd1721df8355c5", + "rev": "d20b15f629985fe6900925bef462f947e4a75b2f", "type": "github" }, "original": { @@ -461,11 +519,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1745391562, - "narHash": "sha256-sPwcCYuiEopaafePqlG826tBhctuJsLx/mhKKM5Fmjo=", + "lastModified": 1703013332, + "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8a2f738d9d1f1d986b5a4cd2fd2061a7127237d7", + "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6", "type": "github" }, "original": { @@ -505,66 +563,6 @@ "type": "github" } }, - "nixpkgs-lib_3": { - "locked": { - "lastModified": 1743296961, - "narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=", - "owner": "nix-community", - "repo": "nixpkgs.lib", - "rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixpkgs.lib", - "type": "github" - } - }, - "nixpkgs-lib_4": { - "locked": { - "lastModified": 1743296961, - "narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=", - "owner": "nix-community", - "repo": "nixpkgs.lib", - "rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixpkgs.lib", - "type": "github" - } - }, - "nixpkgs-lib_5": { - "locked": { - "lastModified": 1743296961, - "narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=", - "owner": "nix-community", - "repo": "nixpkgs.lib", - "rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixpkgs.lib", - "type": "github" - } - }, - "nixpkgs-lib_6": { - "locked": { - "lastModified": 1743296961, - "narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=", - "owner": "nix-community", - "repo": "nixpkgs.lib", - "rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixpkgs.lib", - "type": "github" - } - }, "nixpkgs-stable": { "locked": { "lastModified": 1730741070, @@ -583,11 +581,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1747335874, - "narHash": "sha256-IKKIXTSYJMmUtE+Kav5Rob8SgLPnfnq4Qu8LyT4gdqQ=", + "lastModified": 1743975612, + "narHash": "sha256-o4FjFOUmjSRMK7dn0TFdAT0RRWUWD+WsspPHa+qEQT8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ba8b70ee098bc5654c459d6a95dfc498b91ff858", + "rev": "a880f49904d68b5e53338d1e8c7bf80f59903928", "type": "github" }, "original": { @@ -599,11 +597,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1745526057, - "narHash": "sha256-ITSpPDwvLBZBnPRS2bUcHY3gZSwis/uTe255QgMtTLA=", + "lastModified": 1733212471, + "narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f771eb401a46846c1aebd20552521b233dd7e18b", + "rev": "55d15ad12a74eb7d4646254e13638ad0c4128776", "type": "github" }, "original": { @@ -615,21 +613,53 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1744932701, - "narHash": "sha256-fusHbZCyv126cyArUwwKrLdCkgVAIaa/fQJYFlCEqiU=", + "lastModified": 1717432640, + "narHash": "sha256-+f9c4/ZX5MWDOuB1rKoWj+lBNm0z0rs4CK47HBLxy1o=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef", + "rev": "88269ab3044128b7c2f4c7d68448b2fb50456870", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable", + "ref": "release-24.05", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_4": { + "locked": { + "lastModified": 1733477122, + "narHash": "sha256-qamMCz5mNpQmgBwc8SB5tVMlD5sbwVIToVZtSxMph9s=", + "owner": "cachix", + "repo": "devenv-nixpkgs", + "rev": "7bd9e84d0452f6d2e63b6e6da29fe73fac951857", + "type": "github" + }, + "original": { + "owner": "cachix", + "ref": "rolling", + "repo": "devenv-nixpkgs", + "type": "github" + } + }, + "nixpkgs_5": { + "locked": { + "lastModified": 1731919951, + "narHash": "sha256-vOM6ETpl1yu9KLi/icTmLJIPbbdJCdAVYUXZceO/Ce4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "04386ac325a813047fc314d4b4d838a5b1e3c7fe", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_6": { "locked": { "lastModified": 1743964447, "narHash": "sha256-nEo1t3Q0F+0jQ36HJfbJtiRU4OI+/0jX/iITURKe3EE=", @@ -645,38 +675,6 @@ "type": "github" } }, - "nixpkgs_5": { - "locked": { - "lastModified": 1744463964, - "narHash": "sha256-LWqduOgLHCFxiTNYi3Uj5Lgz0SR+Xhw3kr/3Xd0GPTM=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "2631b0b7abcea6e640ce31cd78ea58910d31e650", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_6": { - "locked": { - "lastModified": 1744502386, - "narHash": "sha256-QAd1L37eU7ktL2WeLLLTmI6P9moz9+a/ONO8qNBYJgM=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "f6db44a8daa59c40ae41ba6e5823ec77fe0d2124", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_7": { "locked": { "lastModified": 1743964447, @@ -695,32 +693,32 @@ }, "nixpkgs_8": { "locked": { - "lastModified": 1747327360, - "narHash": "sha256-LSmTbiq/nqZR9B2t4MRnWG7cb0KVNU70dB7RT4+wYK4=", + "lastModified": 1743689281, + "narHash": "sha256-y7Hg5lwWhEOgflEHRfzSH96BOt26LaYfrYWzZ+VoVdg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e06158e58f3adee28b139e9c2bcfcc41f8625b46", + "rev": "2bfc080955153be0be56724be6fa5477b4eefabb", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } }, "phps": { "inputs": { - "flake-compat": "flake-compat_2", - "nixpkgs": "nixpkgs_6", + "flake-compat": "flake-compat_4", + "nixpkgs": "nixpkgs_8", "utils": "utils" }, "locked": { - "lastModified": 1744527323, - "narHash": "sha256-2EyP6SxJsmBFMHArrTGw1J+Ned3aRMUZzbzmJZHDbNo=", + "lastModified": 1744001863, + "narHash": "sha256-0pYw0Idtion++srUKsmGX7mq1weozdVE8gR+inoedUo=", "owner": "fossar", "repo": "nix-phps", - "rev": "f6b53caf2b1c2d592cbac5156f729ef79495992a", + "rev": "220ed74315dc7cd64a6181efd3d583a3607ef01f", "type": "github" }, "original": { @@ -735,7 +733,7 @@ "lanzaboote", "flake-compat" ], - "gitignore": "gitignore", + "gitignore": "gitignore_2", "nixpkgs": [ "lanzaboote", "nixpkgs" @@ -756,73 +754,23 @@ "type": "github" } }, - "pyproject-build-systems": { - "inputs": { - "nixpkgs": [ - "forgesync", - "nixpkgs" - ], - "pyproject-nix": [ - "forgesync", - "pyproject-nix" - ], - "uv2nix": [ - "forgesync", - "uv2nix" - ] - }, - "locked": { - "lastModified": 1744599653, - "narHash": "sha256-nysSwVVjG4hKoOjhjvE6U5lIKA8sEr1d1QzEfZsannU=", - "owner": "pyproject-nix", - "repo": "build-system-pkgs", - "rev": "7dba6dbc73120e15b558754c26024f6c93015dd7", - "type": "github" - }, - "original": { - "owner": "pyproject-nix", - "repo": "build-system-pkgs", - "type": "github" - } - }, - "pyproject-nix": { - "inputs": { - "nixpkgs": [ - "forgesync", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1743438845, - "narHash": "sha256-1GSaoubGtvsLRwoYwHjeKYq40tLwvuFFVhGrG8J9Oek=", - "owner": "pyproject-nix", - "repo": "pyproject.nix", - "rev": "8063ec98edc459571d042a640b1c5e334ecfca1e", - "type": "github" - }, - "original": { - "owner": "pyproject-nix", - "repo": "pyproject.nix", - "type": "github" - } - }, "root": { "inputs": { "agenix": "agenix", - "flake-parts": "flake-parts", - "forgesync": "forgesync", + "devenv": "devenv", + "devenv-root": "devenv-root", + "flake-parts": "flake-parts_2", + "flatpak": "flatpak", "hardware": "hardware", - "hxwrap": "hxwrap", "lanzaboote": "lanzaboote", "musicomp": "musicomp", - "myphps": "myphps", - "nini": "nini", "nix-index-database": "nix-index-database", "nixos-cosmic": "nixos-cosmic", "nixpkgs": [ "nixos-cosmic", "nixpkgs" - ] + ], + "phps": "phps" } }, "rust-overlay": { @@ -854,11 +802,11 @@ ] }, "locked": { - "lastModified": 1747449297, - "narHash": "sha256-veyXchTz6eWwvuW5X49UluHkheHkFcqHJSwGuKBhrmQ=", + "lastModified": 1744079607, + "narHash": "sha256-5cog6Qd6w/bINdLO5mOysAHOHey8PwFXk4IWo+y+Czg=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "f44db7d7cea4528288780c6347756173a8248225", + "rev": "f6b62cc99c25e79a1c17e9fca91dc6b6faebec6c", "type": "github" }, "original": { @@ -914,31 +862,6 @@ "repo": "flake-utils", "type": "github" } - }, - "uv2nix": { - "inputs": { - "nixpkgs": [ - "forgesync", - "nixpkgs" - ], - "pyproject-nix": [ - "forgesync", - "pyproject-nix" - ] - }, - "locked": { - "lastModified": 1745697651, - "narHash": "sha256-r4A/fkiCenEapHkjJWPiNUZEfviuXMCr6mRozJ5dC4o=", - "owner": "pyproject-nix", - "repo": "uv2nix", - "rev": "cb6508484d534dafd097713b575f2aebc3417de0", - "type": "github" - }, - "original": { - "owner": "pyproject-nix", - "repo": "uv2nix", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index c60e029..3ff0627 100644 --- a/flake.nix +++ b/flake.nix @@ -4,62 +4,76 @@ inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; flake-parts.url = "github:hercules-ci/flake-parts"; + devenv-root = { + url = "file+file:///dev/null"; + flake = false; + }; + devenv.url = "github:cachix/devenv"; hardware.url = "github:NixOS/nixos-hardware"; agenix.url = "github:ryantm/agenix"; + phps.url = "github:fossar/nix-phps"; + lanzaboote.url = "github:nix-community/lanzaboote/v0.4.2"; + flatpak.url = "github:gmodena/nix-flatpak?ref=latest"; nixpkgs.follows = "nixos-cosmic/nixpkgs"; nixos-cosmic.url = "github:lilyinstarlight/nixos-cosmic"; nix-index-database = { url = "github:nix-community/nix-index-database"; inputs.nixpkgs.follows = "nixpkgs"; }; - musicomp.url = "git+https://codeberg.org/helvetica/musicomp.git"; - hxwrap.url = "git+https://codeberg.org/helvetica/hxwrap.git"; - myphps.url = "git+https://codeberg.org/helvetica/myphps.git"; - forgesync.url = "git+https://codeberg.org/helvetica/forgesync.git"; - nini.url = "git+https://codeberg.org/helvetica/nini.git"; - lanzaboote = { - url = "github:nix-community/lanzaboote/v0.4.2"; - inputs.nixpkgs.follows = "nixpkgs"; - }; + musicomp.url = "git+https://codeberg.org/helveticanonstandard/musicomp.git"; }; - outputs = - { - self, - nixpkgs, - flake-parts, - ... - }@inputs: - flake-parts.lib.mkFlake { inherit inputs; } { - systems = [ - "x86_64-linux" - "aarch64-linux" + nixConfig = { + extra-substituters = "https://cosmic.cachix.org"; + extra-trusted-public-keys = "cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="; + }; + + outputs = { + self, + nixpkgs, + flake-parts, + ... + } @ inputs: + flake-parts.lib.mkFlake {inherit inputs;} { + imports = [ + inputs.devenv.flakeModule ]; + systems = ["x86_64-linux" "aarch64-linux"]; + flake = { lib = nixpkgs.lib.extend (import ./lib.nix); - nixosConfigurations = self.lib.genNixosConfigurations inputs; + nixosConfigurations = self.lib.genNixosConfigurations {inherit inputs;}; }; - perSystem = - { - pkgs, - inputs', - lib, - ... - }: - { - devShells.default = pkgs.mkShellNoCC { - packages = [ - inputs'.agenix.packages.default - ]; - }; + perSystem = { + pkgs, + inputs', + lib, + ... + }: { + devenv.shells.default = { + devenv.root = let + devenvRootFileContent = builtins.readFile inputs.devenv-root.outPath; + in + lib.mkIf (devenvRootFileContent != "") devenvRootFileContent; - packages = lib.packagesFromDirectoryRecursive { - inherit (pkgs) callPackage newScope; - directory = ./packages; - }; + name = "puter"; + + imports = [ + ./devenv.nix + ]; + + packages = [ + inputs'.agenix.packages.agenix + ]; }; + + packages = lib.packagesFromDirectoryRecursive { + inherit (pkgs) callPackage; + directory = ./packages; + }; + }; }; } diff --git a/hosts/abacus/forgejo.nix b/hosts/abacus/forgejo.nix deleted file mode 100644 index 249e923..0000000 --- a/hosts/abacus/forgejo.nix +++ /dev/null @@ -1,105 +0,0 @@ -{ - self, - config, - lib, - pkgs, - ... -}: -let - cfg = config.services.forgejo; - inherit (config.age) secrets; -in -{ - age.secrets = { - forgejo-mailer = { - file = self + /secrets/forgejo/mailer.age; - mode = "400"; - owner = cfg.user; - }; - - forgejo-admin = { - file = self + /secrets/forgejo/admin.age; - mode = "400"; - owner = cfg.user; - }; - }; - - services.forgejo = { - enable = true; - package = pkgs.forgejo; - database.type = "postgres"; - lfs.enable = true; - dump = { - enable = true; - interval = "*-*-* 02:00:00"; - backupDir = "/srv/backup/forgejo"; - }; - settings = { - server = { - DOMAIN = "forgejo.helveticanonstandard.net"; - ROOT_URL = "https://${cfg.settings.server.DOMAIN}/"; - HTTP_ADDR = "127.0.0.1"; - HTTP_PORT = 8060; - }; - - service = { - DISABLE_REGISTRATION = true; - ENABLE_NOTIFY_MAIL = true; - }; - - # TODO: Enable - federation = { - ENABLED = false; - SHARE_USER_STATISTICS = false; - }; - - mailer = { - ENABLED = true; - SMTP_ADDR = "smtp.fastmail.com"; - FROM = "tea@wrz.one"; - USER = "lukas@wrz.one"; - }; - }; - - secrets.mailer.PASSWD = secrets.forgejo-mailer.path; - }; - - systemd.services.forgejo.preStart = lib.getExe ( - pkgs.writeShellApplication { - name = "forgejo-init-admin"; - text = - let - forgejoExe = lib.getExe cfg.package; - passwordFile = secrets.forgejo-admin.path; - in - '' - admins=$(${forgejoExe} admin user list --admin | wc --lines) - admins=$((admins - 1)) - - if ((admins < 1)); then - ${forgejoExe} admin user create \ - --admin \ - --email helvetica@helveticanonstandard.net \ - --username helvetica \ - --password "$(cat -- ${passwordFile})" - fi - ''; - } - ); - - services.nginx.virtualHosts.${cfg.settings.server.DOMAIN} = { - enableACME = true; - forceSSL = true; - - extraConfig = '' - client_max_body_size 512M; - ''; - - locations."/".proxyPass = - let - host = cfg.settings.server.HTTP_ADDR; - port = builtins.toString cfg.settings.server.HTTP_PORT; - in - "http://${host}:${port}"; - }; -} diff --git a/hosts/abacus/navidrome.nix b/hosts/abacus/navidrome.nix deleted file mode 100644 index 01fecc3..0000000 --- a/hosts/abacus/navidrome.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ config, ... }: -let - virtualHostName = "navidrome.helveticanonstandard.net"; -in -{ - services.navidrome = { - enable = true; - settings = { - Address = "localhost"; - Port = 8050; - MusicFolder = "/srv/music"; - EnableSharing = true; - # Backup = { - # Path = "/srv/backup/navidrome"; - # Count = 1; - # Schedule = "0 2 * * *"; - # }; - }; - }; - - services.nginx.virtualHosts.${virtualHostName} = { - enableACME = true; - forceSSL = true; - - locations."/".proxyPass = - let - host = config.services.navidrome.settings.Address; - port = builtins.toString config.services.navidrome.settings.Port; - in - "http://${host}:${port}"; - }; -} diff --git a/hosts/abacus/networking.nix b/hosts/abacus/networking.nix deleted file mode 100644 index 35e1b20..0000000 --- a/hosts/abacus/networking.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ - networking = - let - interface = "enp1s0"; - in - { - domain = "wrz.one"; - interfaces.${interface}.ipv6.addresses = [ - { - address = "2a01:4f8:c013:e64a::2"; - prefixLength = 64; - } - ]; - defaultGateway6 = { - address = "fe80::1"; - inherit interface; - }; - firewall.allowedTCPPorts = [ - 80 - 443 - ]; - }; -} diff --git a/hosts/abacus/nginx.nix b/hosts/abacus/nginx.nix deleted file mode 100644 index e3cbee8..0000000 --- a/hosts/abacus/nginx.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ config, ... }: -{ - services.nginx = { - enable = true; - - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - - commonHttpConfig = '' - error_log stderr; - access_log /var/log/nginx/access.log; - ''; - - virtualHosts = - let - matchAll = ''~.*''; - matchWww = ''~^www\.(?.+)$''; - in - { - # Redirect anything that doesn't match any server name to networking.domain - ${matchAll} = { - default = true; - rejectSSL = true; - - globalRedirect = config.networking.domain; - }; - # Redirect www to non-www - ${matchWww}.globalRedirect = "$domain"; - }; - }; -} diff --git a/hosts/abacus/profiles.nix b/hosts/abacus/profiles.nix deleted file mode 100644 index 92e505a..0000000 --- a/hosts/abacus/profiles.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - profiles.server.enable = true; -} diff --git a/hosts/abacus/restic.nix b/hosts/abacus/restic.nix deleted file mode 100644 index 8504c03..0000000 --- a/hosts/abacus/restic.nix +++ /dev/null @@ -1,42 +0,0 @@ -{ - attrName, - config, - lib, - ... -}: -let - secretName = "restic-${attrName}"; - secret = config.age.secrets.${secretName}; -in -{ - age.secrets = lib.mkSecrets { ${secretName} = { }; }; - - services.restic.backups.remote = { - repository = "sftp:u459482@u459482.your-storagebox.de:/${attrName}"; - initialize = true; - paths = [ - config.services.vaultwarden.backupDir - config.services.syncthing.dataDir - config.services.forgejo.stateDir - config.services.forgejo.dump.backupDir - config.services.postgresqlBackup.location - # config.services.navidrome.settings.Backup.Path - # TODO: Add stateDir options for these - "/var/lib/headscale" - "/var/lib/navidrome" - ]; - passwordFile = secret.path; - pruneOpts = [ - "--keep-daily 7" - "--keep-weekly 5" - "--keep-monthly 12" - ]; - timerConfig = { - OnCalendar = "*-*-* 03:00:00"; - Persistent = true; - }; - extraOptions = [ - "sftp.args='-i /etc/ssh/ssh_host_ed25519_key -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null'" - ]; - }; -} diff --git a/hosts/abacus/static-sites.nix b/hosts/abacus/static-sites.nix deleted file mode 100644 index b47d33a..0000000 --- a/hosts/abacus/static-sites.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ - config, - lib, - ... -}: -let - parent = "/var/www"; - sites = [ - "wrz.one" - "helveticanonstandard.net" - ]; -in -lib.mkMerge ( - map ( - virtualHostName: - let - root = "${parent}/${virtualHostName}"; - in - { - services.nginx.virtualHosts.${virtualHostName} = { - enableACME = true; - forceSSL = true; - - inherit root; - }; - - systemd.tmpfiles.settings."10-static-sites".${root}.d = { - user = config.users.mainUser; - group = "users"; - mode = "0755"; - }; - } - ) sites -) diff --git a/hosts/abacus/system.nix b/hosts/abacus/system.nix deleted file mode 100644 index 8033946..0000000 --- a/hosts/abacus/system.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - system.stateVersion = "25.05"; -} diff --git a/hosts/flamingo/profiles.nix b/hosts/flamingo/profiles.nix deleted file mode 100644 index b2f1fd3..0000000 --- a/hosts/flamingo/profiles.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ - profiles = { - desktop.enable = true; - emulation.enable = true; - gaming.enable = true; - piracy.enable = true; - productivity.enable = true; - }; -} diff --git a/hosts/glacier/profiles.nix b/hosts/glacier/profiles.nix deleted file mode 100644 index b2f1fd3..0000000 --- a/hosts/glacier/profiles.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ - profiles = { - desktop.enable = true; - emulation.enable = true; - gaming.enable = true; - piracy.enable = true; - productivity.enable = true; - }; -} diff --git a/hosts/work/filesystems.nix b/hosts/headful/flamingo/filesystems.nix similarity index 84% rename from hosts/work/filesystems.nix rename to hosts/headful/flamingo/filesystems.nix index 52a1bfd..14ff284 100644 --- a/hosts/work/filesystems.nix +++ b/hosts/headful/flamingo/filesystems.nix @@ -4,6 +4,6 @@ fileSystems."/" = { fsType = "ext4"; device = "/dev/mapper/main"; - options = [ "noatime" ]; + options = ["noatime"]; }; } diff --git a/hosts/flamingo/hardware.nix b/hosts/headful/flamingo/hardware.nix similarity index 68% rename from hosts/flamingo/hardware.nix rename to hosts/headful/flamingo/hardware.nix index 92f0ed5..bd39347 100644 --- a/hosts/flamingo/hardware.nix +++ b/hosts/headful/flamingo/hardware.nix @@ -2,8 +2,7 @@ inputs, modulesPath, ... -}: -{ +}: { imports = [ "${modulesPath}/installer/scan/not-detected.nix" @@ -13,13 +12,8 @@ nixpkgs.hostPlatform = "x86_64-linux"; boot = { - initrd.availableKernelModules = [ - "xhci_pci" - "nvme" - "usb_storage" - "sd_mod" - ]; - kernelModules = [ "kvm-intel" ]; + initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod"]; + kernelModules = ["kvm-intel"]; }; powerManagement.cpuFreqGovernor = "powersave"; diff --git a/hosts/headful/flamingo/libreoffice.nix b/hosts/headful/flamingo/libreoffice.nix new file mode 100644 index 0000000..fd1b44d --- /dev/null +++ b/hosts/headful/flamingo/libreoffice.nix @@ -0,0 +1,5 @@ +{ + services.flatpak.packages = [ + "org.libreoffice.LibreOffice" + ]; +} diff --git a/hosts/headful/flamingo/librewolf.nix b/hosts/headful/flamingo/librewolf.nix new file mode 100644 index 0000000..229aa0a --- /dev/null +++ b/hosts/headful/flamingo/librewolf.nix @@ -0,0 +1,5 @@ +{ + services.flatpak.packages = [ + "io.gitlab.librewolf-community" + ]; +} diff --git a/hosts/headful/flamingo/mpv.nix b/hosts/headful/flamingo/mpv.nix new file mode 100644 index 0000000..24250ff --- /dev/null +++ b/hosts/headful/flamingo/mpv.nix @@ -0,0 +1,5 @@ +{ + services.flatpak.packages = [ + "io.mpv.Mpv" + ]; +} diff --git a/hosts/headful/flamingo/supersonic.nix b/hosts/headful/flamingo/supersonic.nix new file mode 100644 index 0000000..8b4dba9 --- /dev/null +++ b/hosts/headful/flamingo/supersonic.nix @@ -0,0 +1,5 @@ +{ + services.flatpak.packages = [ + "io.github.dweymouth.supersonic" + ]; +} diff --git a/hosts/flamingo/system.nix b/hosts/headful/flamingo/system.nix similarity index 100% rename from hosts/flamingo/system.nix rename to hosts/headful/flamingo/system.nix diff --git a/hosts/glacier/filesystems.nix b/hosts/headful/glacier/filesystems.nix similarity index 84% rename from hosts/glacier/filesystems.nix rename to hosts/headful/glacier/filesystems.nix index 52a1bfd..14ff284 100644 --- a/hosts/glacier/filesystems.nix +++ b/hosts/headful/glacier/filesystems.nix @@ -4,6 +4,6 @@ fileSystems."/" = { fsType = "ext4"; device = "/dev/mapper/main"; - options = [ "noatime" ]; + options = ["noatime"]; }; } diff --git a/hosts/headful/glacier/gimp.nix b/hosts/headful/glacier/gimp.nix new file mode 100644 index 0000000..468fc89 --- /dev/null +++ b/hosts/headful/glacier/gimp.nix @@ -0,0 +1,5 @@ +{ + services.flatpak.packages = [ + "org.gimp.GIMP" + ]; +} diff --git a/hosts/glacier/hardware.nix b/hosts/headful/glacier/hardware.nix similarity index 63% rename from hosts/glacier/hardware.nix rename to hosts/headful/glacier/hardware.nix index 84280eb..b55c9fc 100644 --- a/hosts/glacier/hardware.nix +++ b/hosts/headful/glacier/hardware.nix @@ -2,8 +2,7 @@ inputs, modulesPath, ... -}: -{ +}: { imports = [ "${modulesPath}/installer/scan/not-detected.nix" @@ -16,17 +15,11 @@ boot = { initrd = { - availableKernelModules = [ - "nvme" - "ahci" - "xhci_pci" - "usbhid" - "usb_storage" - "sd_mod" - ]; - kernelModules = [ "amdgpu" ]; + availableKernelModules = ["nvme" "ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod"]; + kernelModules = ["amdgpu"]; }; - kernelModules = [ "kvm-amd" ]; + kernelModules = ["kvm-amd"]; + binfmt.emulatedSystems = ["aarch64-linux"]; }; powerManagement.cpuFreqGovernor = "performance"; diff --git a/hosts/headful/glacier/inkscape.nix b/hosts/headful/glacier/inkscape.nix new file mode 100644 index 0000000..c274256 --- /dev/null +++ b/hosts/headful/glacier/inkscape.nix @@ -0,0 +1,5 @@ +{ + services.flatpak.packages = [ + "org.inkscape.Inkscape" + ]; +} diff --git a/hosts/headful/glacier/lanzaboote.nix b/hosts/headful/glacier/lanzaboote.nix new file mode 100644 index 0000000..9ede875 --- /dev/null +++ b/hosts/headful/glacier/lanzaboote.nix @@ -0,0 +1,3 @@ +{ + setups.secureBoot.enable = true; +} diff --git a/hosts/headful/glacier/libreoffice.nix b/hosts/headful/glacier/libreoffice.nix new file mode 100644 index 0000000..fd1b44d --- /dev/null +++ b/hosts/headful/glacier/libreoffice.nix @@ -0,0 +1,5 @@ +{ + services.flatpak.packages = [ + "org.libreoffice.LibreOffice" + ]; +} diff --git a/hosts/headful/glacier/librewolf.nix b/hosts/headful/glacier/librewolf.nix new file mode 100644 index 0000000..229aa0a --- /dev/null +++ b/hosts/headful/glacier/librewolf.nix @@ -0,0 +1,5 @@ +{ + services.flatpak.packages = [ + "io.gitlab.librewolf-community" + ]; +} diff --git a/hosts/headful/glacier/mpv.nix b/hosts/headful/glacier/mpv.nix new file mode 100644 index 0000000..24250ff --- /dev/null +++ b/hosts/headful/glacier/mpv.nix @@ -0,0 +1,5 @@ +{ + services.flatpak.packages = [ + "io.mpv.Mpv" + ]; +} diff --git a/hosts/headful/glacier/steam.nix b/hosts/headful/glacier/steam.nix new file mode 100644 index 0000000..50a8f9f --- /dev/null +++ b/hosts/headful/glacier/steam.nix @@ -0,0 +1,6 @@ +{ + services.flatpak.packages = [ + "com.valvesoftware.Steam" + "com.github.Matoking.protontricks" + ]; +} diff --git a/hosts/headful/glacier/supersonic.nix b/hosts/headful/glacier/supersonic.nix new file mode 100644 index 0000000..8b4dba9 --- /dev/null +++ b/hosts/headful/glacier/supersonic.nix @@ -0,0 +1,5 @@ +{ + services.flatpak.packages = [ + "io.github.dweymouth.supersonic" + ]; +} diff --git a/hosts/glacier/system.nix b/hosts/headful/glacier/system.nix similarity index 100% rename from hosts/glacier/system.nix rename to hosts/headful/glacier/system.nix diff --git a/hosts/glacier/users.nix b/hosts/headful/glacier/users.nix similarity index 100% rename from hosts/glacier/users.nix rename to hosts/headful/glacier/users.nix diff --git a/hosts/headful/insomniac/cosmic.nix b/hosts/headful/insomniac/cosmic.nix new file mode 100644 index 0000000..629d9f9 --- /dev/null +++ b/hosts/headful/insomniac/cosmic.nix @@ -0,0 +1,17 @@ +{ + config, + lib, + pkgs, + ... +}: { + services.greetd.settings.initial_session = { + user = config.users.mainUser; + command = '' + ${lib.getExe' pkgs.coreutils "env"} XCURSOR_THEME="''${XCURSOR_THEME:-Pop}" systemd-cat --identifier start-cosmic ${lib.getExe' pkgs.cosmic-session "start-cosmic"} + ''; + }; + + environment.cosmic.excludePackages = [ + pkgs.cosmic-store + ]; +} diff --git a/hosts/headful/insomniac/dolphin.nix b/hosts/headful/insomniac/dolphin.nix new file mode 100644 index 0000000..c37c31b --- /dev/null +++ b/hosts/headful/insomniac/dolphin.nix @@ -0,0 +1,5 @@ +{ + services.flatpak.packages = [ + "org.DolphinEmu.dolphin-emu" + ]; +} diff --git a/hosts/insomniac/filesystems.nix b/hosts/headful/insomniac/filesystems.nix similarity index 71% rename from hosts/insomniac/filesystems.nix rename to hosts/headful/insomniac/filesystems.nix index 07eb879..5e977d8 100644 --- a/hosts/insomniac/filesystems.nix +++ b/hosts/headful/insomniac/filesystems.nix @@ -2,6 +2,6 @@ fileSystems."/" = { fsType = "ext4"; label = "main"; - options = [ "noatime" ]; + options = ["noatime"]; }; } diff --git a/hosts/headful/insomniac/flatpak.nix b/hosts/headful/insomniac/flatpak.nix new file mode 100644 index 0000000..9976199 --- /dev/null +++ b/hosts/headful/insomniac/flatpak.nix @@ -0,0 +1,6 @@ +{ + services.flatpak.update.auto = { + enable = true; + onCalendar = "weekly"; + }; +} diff --git a/hosts/headful/insomniac/freetube.nix b/hosts/headful/insomniac/freetube.nix new file mode 100644 index 0000000..c56f588 --- /dev/null +++ b/hosts/headful/insomniac/freetube.nix @@ -0,0 +1,5 @@ +{ + services.flatpak.packages = [ + "io.freetubeapp.FreeTube" + ]; +} diff --git a/hosts/insomniac/hardware.nix b/hosts/headful/insomniac/hardware.nix similarity index 65% rename from hosts/insomniac/hardware.nix rename to hosts/headful/insomniac/hardware.nix index 8bd84e9..091424d 100644 --- a/hosts/insomniac/hardware.nix +++ b/hosts/headful/insomniac/hardware.nix @@ -2,8 +2,7 @@ inputs, modulesPath, ... -}: -{ +}: { imports = [ "${modulesPath}/installer/scan/not-detected.nix" @@ -16,16 +15,10 @@ boot = { initrd = { - availableKernelModules = [ - "nvme" - "xhci_pci" - "ahci" - "usb_storage" - "sd_mod" - ]; - kernelModules = [ "amdgpu" ]; + availableKernelModules = ["nvme" "xhci_pci" "ahci" "usb_storage" "sd_mod"]; + kernelModules = ["amdgpu"]; }; - kernelModules = [ "kvm-amd" ]; + kernelModules = ["kvm-amd"]; }; powerManagement.cpuFreqGovernor = "performance"; diff --git a/hosts/headful/insomniac/rmg.nix b/hosts/headful/insomniac/rmg.nix new file mode 100644 index 0000000..c8771df --- /dev/null +++ b/hosts/headful/insomniac/rmg.nix @@ -0,0 +1,5 @@ +{ + services.flatpak.packages = [ + "com.github.Rosalie241.RMG" + ]; +} diff --git a/hosts/headful/insomniac/steam.nix b/hosts/headful/insomniac/steam.nix new file mode 100644 index 0000000..e51a6e8 --- /dev/null +++ b/hosts/headful/insomniac/steam.nix @@ -0,0 +1,5 @@ +{ + services.flatpak.packages = [ + "com.valvesoftware.Steam" + ]; +} diff --git a/hosts/headful/insomniac/supersonic.nix b/hosts/headful/insomniac/supersonic.nix new file mode 100644 index 0000000..8b4dba9 --- /dev/null +++ b/hosts/headful/insomniac/supersonic.nix @@ -0,0 +1,5 @@ +{ + services.flatpak.packages = [ + "io.github.dweymouth.supersonic" + ]; +} diff --git a/hosts/insomniac/system.nix b/hosts/headful/insomniac/system.nix similarity index 100% rename from hosts/insomniac/system.nix rename to hosts/headful/insomniac/system.nix diff --git a/hosts/insomniac/users.nix b/hosts/headful/insomniac/users.nix similarity index 93% rename from hosts/insomniac/users.nix rename to hosts/headful/insomniac/users.nix index 1d93475..e059585 100644 --- a/hosts/insomniac/users.nix +++ b/hosts/headful/insomniac/users.nix @@ -2,11 +2,9 @@ config, lib, ... -}: -let +}: let inherit (config.users) mainUser; -in -{ +in { users = { mainUser = lib.mkForce "insomniac"; users.${mainUser}.description = lib.mkForce "Insomniac"; diff --git a/hosts/work/docker.nix b/hosts/headful/work/docker.nix similarity index 97% rename from hosts/work/docker.nix rename to hosts/headful/work/docker.nix index 34032f1..5f25fb5 100644 --- a/hosts/work/docker.nix +++ b/hosts/headful/work/docker.nix @@ -2,8 +2,7 @@ config, pkgs, ... -}: -{ +}: { virtualisation.docker.enable = true; environment.systemPackages = [ diff --git a/hosts/flamingo/filesystems.nix b/hosts/headful/work/filesystems.nix similarity index 84% rename from hosts/flamingo/filesystems.nix rename to hosts/headful/work/filesystems.nix index 52a1bfd..14ff284 100644 --- a/hosts/flamingo/filesystems.nix +++ b/hosts/headful/work/filesystems.nix @@ -4,6 +4,6 @@ fileSystems."/" = { fsType = "ext4"; device = "/dev/mapper/main"; - options = [ "noatime" ]; + options = ["noatime"]; }; } diff --git a/hosts/work/hardware.nix b/hosts/headful/work/hardware.nix similarity index 62% rename from hosts/work/hardware.nix rename to hosts/headful/work/hardware.nix index 531c541..24f1ac0 100644 --- a/hosts/work/hardware.nix +++ b/hosts/headful/work/hardware.nix @@ -2,8 +2,7 @@ inputs, modulesPath, ... -}: -{ +}: { imports = [ "${modulesPath}/installer/scan/not-detected.nix" @@ -17,16 +16,10 @@ boot = { initrd = { - availableKernelModules = [ - "nvme" - "xhci_pci" - "thunderbolt" - "usb_storage" - "sd_mod" - ]; - kernelModules = [ ]; + availableKernelModules = ["nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod"]; + kernelModules = []; }; - kernelModules = [ "kvm-amd" ]; - extraModulePackages = [ ]; + kernelModules = ["kvm-amd"]; + extraModulePackages = []; }; } diff --git a/hosts/work/hosts.nix b/hosts/headful/work/hosts.nix similarity index 100% rename from hosts/work/hosts.nix rename to hosts/headful/work/hosts.nix diff --git a/hosts/headful/work/kubectl.nix b/hosts/headful/work/kubectl.nix new file mode 100644 index 0000000..a3937a4 --- /dev/null +++ b/hosts/headful/work/kubectl.nix @@ -0,0 +1,6 @@ +{pkgs, ...}: { + environment.systemPackages = [ + pkgs.kubectl + pkgs.awscli + ]; +} diff --git a/hosts/headful/work/php.nix b/hosts/headful/work/php.nix new file mode 100644 index 0000000..7e8e644 --- /dev/null +++ b/hosts/headful/work/php.nix @@ -0,0 +1,95 @@ +{ + lib, + inputs, + pkgs, + ... +}: let + supportedPhps = [ + "php72" + "php73" + "php74" + "php80" + "php81" + "php82" + "php83" + "php84" + ]; + + selectedPhp = lib.last supportedPhps; + + extraConfig = '' + memory_limit = -1 + + xdebug.mode = develop,coverage,gcstats,profile,debug,trace + xdebug.discover_client_host = 1 + xdebug.client_host = localhost + ''; + + # Wrap all PHP versions with the extensions I need and bundle composer + phps = lib.genAttrs supportedPhps ( + phpName: let + phpBase = inputs.phps.packages.${pkgs.system}.${phpName}; + phpWithEnv = phpBase.buildEnv { + extensions = { + enabled, + all, + }: + enabled + ++ [all.xdebug] + ++ ( + if (lib.versionAtLeast phpBase.version "8") + then [all.amqp] + else [] + ); + inherit extraConfig; + }; + phpWithTools = pkgs.symlinkJoin { + inherit (phpWithEnv) name version meta passthru; + paths = [ + phpWithEnv + phpWithEnv.packages.composer + ]; + }; + in + phpWithTools + ); + + prefix = "/var/lib/phps"; + + # Tell Symfony's CLI where it can access the different PHP versions + symfony-cli = let + package = pkgs.symfony-cli; + in + pkgs.symlinkJoin { + inherit (package) pname version meta; + + paths = [package]; + + buildInputs = [pkgs.makeWrapper]; + + postBuild = '' + wrapProgram $out/bin/${package.meta.mainProgram} \ + --suffix PATH : ${pkgs.lib.makeBinPath ( + builtins.attrValues phps + )} + ''; + }; +in { + nix.settings = { + substituters = ["https://fossar.cachix.org/"]; + trusted-public-keys = ["fossar.cachix.org-1:Zv6FuqIboeHPWQS7ysLCJ7UT7xExb4OE8c4LyGb5AsE="]; + }; + + # Link PHP installations so that PhpStorm knows about them + systemd.tmpfiles.settings = + builtins.mapAttrs (name: drv: { + "${prefix}/${name}"."L+".argument = drv.outPath; + }) + phps; + + environment.systemPackages = [ + pkgs.jetbrains.phpstorm + phps.${selectedPhp} + symfony-cli + ]; +} diff --git a/hosts/work/plasma.nix b/hosts/headful/work/plasma.nix similarity index 90% rename from hosts/work/plasma.nix rename to hosts/headful/work/plasma.nix index 37ece95..03996b4 100644 --- a/hosts/work/plasma.nix +++ b/hosts/headful/work/plasma.nix @@ -2,8 +2,7 @@ lib, pkgs, ... -}: -{ +}: { services = { desktopManager = { cosmic.enable = lib.mkForce false; @@ -31,6 +30,6 @@ xdg.portal = { xdgOpenUsePortal = true; - extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; + extraPortals = [pkgs.xdg-desktop-portal-gtk]; }; } diff --git a/hosts/headful/work/supersonic.nix b/hosts/headful/work/supersonic.nix new file mode 100644 index 0000000..8b4dba9 --- /dev/null +++ b/hosts/headful/work/supersonic.nix @@ -0,0 +1,5 @@ +{ + services.flatpak.packages = [ + "io.github.dweymouth.supersonic" + ]; +} diff --git a/hosts/headful/work/syncthing.nix b/hosts/headful/work/syncthing.nix new file mode 100644 index 0000000..25c60a0 --- /dev/null +++ b/hosts/headful/work/syncthing.nix @@ -0,0 +1,3 @@ +{lib, ...}: { + services.syncthing.enable = lib.mkForce false; +} diff --git a/hosts/vessel/system.nix b/hosts/headful/work/system.nix similarity index 100% rename from hosts/vessel/system.nix rename to hosts/headful/work/system.nix diff --git a/hosts/work/tools.nix b/hosts/headful/work/tools.nix similarity index 88% rename from hosts/work/tools.nix rename to hosts/headful/work/tools.nix index 2dca47b..2c2281e 100644 --- a/hosts/work/tools.nix +++ b/hosts/headful/work/tools.nix @@ -1,5 +1,4 @@ -{ pkgs, ... }: -{ +{pkgs, ...}: { environment.systemPackages = [ pkgs.gnumake pkgs.unzip diff --git a/hosts/work/users.nix b/hosts/headful/work/users.nix similarity index 93% rename from hosts/work/users.nix rename to hosts/headful/work/users.nix index 078acbf..87c3ee3 100644 --- a/hosts/work/users.nix +++ b/hosts/headful/work/users.nix @@ -2,11 +2,9 @@ config, lib, ... -}: -let +}: let inherit (config.users) mainUser; -in -{ +in { users = { mainUser = lib.mkForce "lukas"; users.${mainUser}.description = lib.mkForce "Lukas Wurzinger"; diff --git a/hosts/abacus/acme.nix b/hosts/headless/abacus/acme.nix similarity index 100% rename from hosts/abacus/acme.nix rename to hosts/headless/abacus/acme.nix diff --git a/hosts/abacus/authorized-keys.nix b/hosts/headless/abacus/authorized-keys.nix similarity index 82% rename from hosts/abacus/authorized-keys.nix rename to hosts/headless/abacus/authorized-keys.nix index a1c7a40..41d2c3f 100644 --- a/hosts/abacus/authorized-keys.nix +++ b/hosts/headless/abacus/authorized-keys.nix @@ -1,5 +1,4 @@ -{ config, ... }: -{ +{config, ...}: { users.users.root.openssh.authorizedKeys.keys = [ config.pubkeys.hosts.vessel ]; diff --git a/hosts/headless/abacus/backup.nix b/hosts/headless/abacus/backup.nix new file mode 100644 index 0000000..d6cef2f --- /dev/null +++ b/hosts/headless/abacus/backup.nix @@ -0,0 +1,30 @@ +{ + attrName, + config, + lib, + ... +}: { + age.secrets = lib.mkSecrets {"restic-${attrName}" = {};}; + + services.restic.backups.${attrName} = { + repository = "sftp:u385962@u385962.your-storagebox.de:/restic/${attrName}"; + initialize = true; + paths = [ + config.services.vaultwarden.backupDir + config.services.syncthing.dataDir + config.services.forgejo.stateDir + config.services.postgresqlBackup.location + config.services.postgresqlBackup.location + # TODO: Add stateDir options for these + "/var/lib/headscale" + "/var/lib/navidrome" + ]; + passwordFile = config.age.secrets."restic-${attrName}".path; + pruneOpts = ["--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12"]; + timerConfig = { + OnCalendar = "*-*-* 03:00:00"; + Persistent = true; + }; + extraOptions = ["sftp.args='-i /etc/ssh/ssh_host_ed25519_key -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null'"]; + }; +} diff --git a/hosts/abacus/filesystems.nix b/hosts/headless/abacus/filesystems.nix similarity index 71% rename from hosts/abacus/filesystems.nix rename to hosts/headless/abacus/filesystems.nix index d6ca29a..e22a8dd 100644 --- a/hosts/abacus/filesystems.nix +++ b/hosts/headless/abacus/filesystems.nix @@ -1,15 +1,14 @@ -{ config, ... }: -{ +{config, ...}: { fileSystems = { "/" = { fsType = "ext4"; label = "main"; - options = [ "noatime" ]; + options = ["noatime"]; }; ${config.services.navidrome.settings.MusicFolder} = { label = "music"; fsType = "ext4"; - options = [ "noatime" ]; + options = ["noatime"]; }; }; } diff --git a/hosts/headless/abacus/forgejo.nix b/hosts/headless/abacus/forgejo.nix new file mode 100644 index 0000000..4cc5186 --- /dev/null +++ b/hosts/headless/abacus/forgejo.nix @@ -0,0 +1,88 @@ +{ + config, + lib, + pkgs, + ... +}: let + virtualHostName = "forgejo.helveticanonstandard.net"; +in { + age.secrets = lib.mkSecrets { + forgejo-mailer = { + mode = "400"; + owner = "forgejo"; + }; + forgejo-admin = { + mode = "400"; + owner = "forgejo"; + }; + }; + + services.forgejo = { + enable = true; + database.type = "postgres"; + lfs.enable = true; + settings = { + server = { + DOMAIN = virtualHostName; + ROOT_URL = "https://${virtualHostName}/"; + HTTP_ADDR = "127.0.0.1"; + HTTP_PORT = 8060; + }; + + service = { + DISABLE_REGISTRATION = true; + ENABLE_NOTIFY_MAIL = true; + }; + + # TODO: Enable + federation = { + ENABLED = false; + SHARE_USER_STATISTICS = false; + }; + + mailer = { + ENABLED = true; + SMTP_ADDR = "smtp.fastmail.com"; + FROM = "tea@wrz.one"; + USER = "lukas@wrz.one"; + }; + }; + + secrets.mailer.PASSWD = config.age.secrets.forgejo-mailer.path; + }; + + systemd.services.forgejo.preStart = lib.getExe pkgs.writeShellApplication { + name = "forgejo-init-admin"; + runtimeInputs = [ + config.services.forgejo.package + ]; + text = let + passwordFile = config.age.secrets.forgejo-admin.path; + in '' + admins=$(admin user list --admin) + admins=$((admins - 1)) + + if ((admins < 1)); then + gitea admin user create \ + --admin \ + --email helvetica@helveticanonstandard.net \ + --username helvetica \ + --password "$(cat -- ${passwordFile})" + fi + ''; + }; + + services.nginx.virtualHosts.${virtualHostName} = { + enableACME = true; + forceSSL = true; + + extraConfig = '' + client_max_body_size 512M; + ''; + + locations."/".proxyPass = let + host = config.services.forgejo.settings.server.HTTP_ADDR; + port = builtins.toString config.services.forgejo.settings.server.HTTP_PORT; + in "http://${host}:${port}"; + }; +} diff --git a/hosts/abacus/hardware.nix b/hosts/headless/abacus/hardware.nix similarity index 52% rename from hosts/abacus/hardware.nix rename to hosts/headless/abacus/hardware.nix index 0016566..8f2220e 100644 --- a/hosts/abacus/hardware.nix +++ b/hosts/headless/abacus/hardware.nix @@ -1,18 +1,11 @@ -{ modulesPath, ... }: -{ +{modulesPath, ...}: { imports = [ "${modulesPath}/profiles/qemu-guest.nix" ]; nixpkgs.hostPlatform = "aarch64-linux"; - boot.initrd.availableKernelModules = [ - "xhci_pci" - "virtio_pci" - "virtio_scsi" - "usbhid" - "sr_mod" - ]; + boot.initrd.availableKernelModules = ["xhci_pci" "virtio_pci" "virtio_scsi" "usbhid" "sr_mod"]; powerManagement.cpuFreqGovernor = "performance"; } diff --git a/hosts/abacus/headscale.nix b/hosts/headless/abacus/headscale.nix similarity index 68% rename from hosts/abacus/headscale.nix rename to hosts/headless/abacus/headscale.nix index 4009020..b17cece 100644 --- a/hosts/abacus/headscale.nix +++ b/hosts/headless/abacus/headscale.nix @@ -1,8 +1,6 @@ -{ config, ... }: -let +{config, ...}: let virtualHostName = "headscale.helveticanonstandard.net"; -in -{ +in { services.headscale = { enable = true; address = "127.0.0.1"; @@ -18,12 +16,10 @@ in forceSSL = true; enableACME = true; locations."/" = { - proxyPass = - let - host = config.services.headscale.address; - port = builtins.toString config.services.headscale.port; - in - "http://${host}:${port}"; + proxyPass = let + host = config.services.headscale.address; + port = builtins.toString config.services.headscale.port; + in "http://${host}:${port}"; proxyWebsockets = true; }; }; diff --git a/hosts/abacus/mealie.nix b/hosts/headless/abacus/mealie.nix similarity index 56% rename from hosts/abacus/mealie.nix rename to hosts/headless/abacus/mealie.nix index 396bf64..7601750 100644 --- a/hosts/abacus/mealie.nix +++ b/hosts/headless/abacus/mealie.nix @@ -1,13 +1,11 @@ -{ config, ... }: -let +{config, ...}: let virtualHostName = "mealie.helveticanonstandard.net"; -in -{ +in { services.mealie = { enable = true; settings = { BASE_URL = "https://${virtualHostName}"; - ALLOW_SIGNUP = "false"; + ALLOW_SIGNUP = false; }; listenAddress = "127.0.0.1"; port = 8040; @@ -17,11 +15,9 @@ in enableACME = true; forceSSL = true; - locations."/".proxyPass = - let - host = config.services.mealie.listenAddress; - port = builtins.toString config.services.mealie.port; - in - "http://${host}:${port}"; + locations."/".proxyPass = let + host = config.services.mealie.listenAddress; + port = builtins.toString config.services.mealie.port; + in "http://${host}:${port}"; }; } diff --git a/hosts/headless/abacus/navidrome.nix b/hosts/headless/abacus/navidrome.nix new file mode 100644 index 0000000..3470813 --- /dev/null +++ b/hosts/headless/abacus/navidrome.nix @@ -0,0 +1,23 @@ +{config, ...}: let + virtualHostName = "navidrome.helveticanonstandard.net"; +in { + services.navidrome = { + enable = true; + settings = { + Address = "localhost"; + Port = 8050; + MusicFolder = "/srv/music"; + EnableSharing = true; + }; + }; + + services.nginx.virtualHosts.${virtualHostName} = { + enableACME = true; + forceSSL = true; + + locations."/".proxyPass = let + host = config.services.navidrome.settings.Address; + port = builtins.toString config.services.navidrome.settings.Port; + in "http://${host}:${port}"; + }; +} diff --git a/hosts/headless/abacus/networking.nix b/hosts/headless/abacus/networking.nix new file mode 100644 index 0000000..a6f04a5 --- /dev/null +++ b/hosts/headless/abacus/networking.nix @@ -0,0 +1,18 @@ +{ + networking = let + interface = "enp1s0"; + in { + domain = "wrz.one"; + interfaces.${interface}.ipv6.addresses = [ + { + address = "2a01:4f9:c012:92b5::2"; + prefixLength = 64; + } + ]; + defaultGateway6 = { + address = "fe80::1"; + inherit interface; + }; + firewall.allowedTCPPorts = [80 443]; + }; +} diff --git a/hosts/headless/abacus/nginx.nix b/hosts/headless/abacus/nginx.nix new file mode 100644 index 0000000..d4a8656 --- /dev/null +++ b/hosts/headless/abacus/nginx.nix @@ -0,0 +1,30 @@ +{ + services.nginx = { + enable = true; + + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + + commonHttpConfig = '' + error_log stderr; + access_log /var/log/nginx/access.log; + ''; + + virtualHosts = let + matchAll = ''~.*''; + matchWww = ''~^www\.(?.+)$''; + in { + # Redirect anything that doesn't match any server name to networking.domain + ${matchAll} = { + default = true; + rejectSSL = true; + + globalRedirect = "wrz.one"; + }; + # Redirect www to non-www + ${matchWww}.globalRedirect = "$domain"; + }; + }; +} diff --git a/hosts/abacus/postgresql.nix b/hosts/headless/abacus/postgresql.nix similarity index 100% rename from hosts/abacus/postgresql.nix rename to hosts/headless/abacus/postgresql.nix diff --git a/hosts/headless/abacus/static-sites.nix b/hosts/headless/abacus/static-sites.nix new file mode 100644 index 0000000..4e0deda --- /dev/null +++ b/hosts/headless/abacus/static-sites.nix @@ -0,0 +1,32 @@ +{ + config, + lib, + ... +}: let + parent = "/var/www"; + sites = [ + "wrz.one" + "helveticanonstandard.net" + ]; +in + lib.mkMerge ( + map ( + virtualHostName: let + root = "${parent}/${virtualHostName}"; + in { + services.nginx.virtualHosts.${virtualHostName} = { + enableACME = true; + forceSSL = true; + + inherit root; + }; + + systemd.tmpfiles.settings."10-static-sites".${root}.d = { + user = config.users.mainUser; + group = "users"; + mode = "0755"; + }; + } + ) + sites + ) diff --git a/hosts/work/system.nix b/hosts/headless/abacus/system.nix similarity index 100% rename from hosts/work/system.nix rename to hosts/headless/abacus/system.nix diff --git a/hosts/abacus/vaultwarden.nix b/hosts/headless/abacus/vaultwarden.nix similarity index 60% rename from hosts/abacus/vaultwarden.nix rename to hosts/headless/abacus/vaultwarden.nix index 22f076c..bd3bf96 100644 --- a/hosts/abacus/vaultwarden.nix +++ b/hosts/headless/abacus/vaultwarden.nix @@ -2,25 +2,27 @@ config, lib, ... -}: -let - virtualHostName = "vault.helveticanonstandard.net"; -in -{ - # TODO: tailscale - - age.secrets = lib.mkSecrets { vaultwarden = { }; }; +}: let + virtualHostName = "vault.wrz.one"; + backupDir = "/srv/backup/vaultwarden"; +in { + age.secrets = lib.mkSecrets {vaultwarden = {};}; services.vaultwarden = { enable = true; + dbBackend = "sqlite"; - backupDir = "/srv/backup/vaultwarden"; + + inherit backupDir; config = { DOMAIN = "https://${virtualHostName}"; + SIGNUPS_ALLOWED = false; INVITATIONS_ALLOWED = false; + ENABLE_WEBSOCKET = true; + ROCKET_ADDRESS = "127.0.0.1"; ROCKET_PORT = 8000; }; @@ -35,12 +37,10 @@ in forceSSL = true; locations."/" = { - proxyPass = - let - host = config.services.vaultwarden.config.ROCKET_ADDRESS; - port = builtins.toString config.services.vaultwarden.config.ROCKET_PORT; - in - "http://${host}:${port}"; + proxyPass = let + host = config.services.vaultwarden.config.ROCKET_ADDRESS; + port = builtins.toString config.services.vaultwarden.config.ROCKET_PORT; + in "http://${host}:${port}"; proxyWebsockets = true; }; }; diff --git a/hosts/headless/vessel/backup.nix b/hosts/headless/vessel/backup.nix new file mode 100644 index 0000000..02ae2b9 --- /dev/null +++ b/hosts/headless/vessel/backup.nix @@ -0,0 +1,61 @@ +{ + attrName, + config, + lib, + pkgs, + ... +}: let + backups = { + music = "/srv/music"; + safe = "/srv/safe"; + storage = "/srv/storage"; + sync = config.services.syncthing.dataDir; + }; +in { + systemd = lib.mkMerge (map ( + backupName: let + systemdName = "${backupName}-backup"; + in { + timers.${systemdName} = { + description = "Local rsync Backup ${backupName}"; + wantedBy = ["timers.target"]; + timerConfig = { + OnCalendar = "*-*-* 03:00:00"; # TODO + Persistent = true; + Unit = "${systemdName}.service"; # TODO + }; + }; + + services.${systemdName} = { + description = "Local rsync Backup ${backupName}"; + serviceConfig = { + Type = "oneshot"; + User = "root"; + Group = "root"; + }; + # TODO + script = '' + ${lib.getExe pkgs.rsync} --verbose --verbose --archive --update --delete --mkpath -- ${backups.${backupName}}/ /srv/backup/${backupName}/ + ''; + }; + } + ) (lib.attrNames backups)); + + age.secrets = lib.mkSecrets {"restic-${attrName}" = {};}; + + services.restic.backups.${attrName} = { + repository = "sftp:u385962@u385962.your-storagebox.de:/restic/${attrName}"; + initialize = true; + paths = [ + backups.safe + backups.sync + ]; + passwordFile = config.age.secrets."restic-${attrName}".path; + pruneOpts = ["--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12"]; + timerConfig = { + OnCalendar = "*-*-* 03:00:00"; # TODO + Persistent = true; + }; + extraOptions = ["sftp.args='-i /etc/ssh/ssh_host_ed25519_key -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null'"]; + }; +} diff --git a/hosts/headless/vessel/blocky.nix b/hosts/headless/vessel/blocky.nix new file mode 100644 index 0000000..091c08d --- /dev/null +++ b/hosts/headless/vessel/blocky.nix @@ -0,0 +1,27 @@ +let + upstream = "https://one.one.one.one/dns-query"; +in { + services = { + resolved.extraConfig = "DNSStubListener=no"; + blocky = { + enable = true; + settings = { + ports.dns = 53; + upstreams.groups.default = [upstream]; + bootstrapDns = { + inherit upstream; + ips = ["1.1.1.1" "1.0.0.1"]; + }; + blocking = { + denylists.ads = ["https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts"]; + clientGroupsBlock.default = ["ads"]; + }; + caching = { + minTime = "5m"; + maxTime = "30m"; + prefetching = true; + }; + }; + }; + }; +} diff --git a/hosts/headless/vessel/filesystems.nix b/hosts/headless/vessel/filesystems.nix new file mode 100644 index 0000000..1da6965 --- /dev/null +++ b/hosts/headless/vessel/filesystems.nix @@ -0,0 +1,14 @@ +{ + fileSystems = { + "/" = { + fsType = "ext4"; + label = "main"; + options = ["noatime"]; + }; + "/srv/backup" = { + label = "backup"; + fsType = "ext4"; + options = ["noatime"]; + }; + }; +} diff --git a/hosts/vessel/hardware.nix b/hosts/headless/vessel/hardware.nix similarity index 66% rename from hosts/vessel/hardware.nix rename to hosts/headless/vessel/hardware.nix index d75f671..82aab42 100644 --- a/hosts/vessel/hardware.nix +++ b/hosts/headless/vessel/hardware.nix @@ -2,8 +2,7 @@ inputs, modulesPath, ... -}: -{ +}: { imports = [ "${modulesPath}/installer/scan/not-detected.nix" @@ -15,15 +14,8 @@ nixpkgs.hostPlatform = "x86_64-linux"; boot = { - initrd.availableKernelModules = [ - "xhci_pci" - "ahci" - "nvme" - "usbhid" - "usb_storage" - "sd_mod" - ]; - kernelModules = [ "kvm-intel" ]; + initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"]; + kernelModules = ["kvm-intel"]; }; powerManagement.cpuFreqGovernor = "powersave"; diff --git a/hosts/headless/vessel/musicomp.nix b/hosts/headless/vessel/musicomp.nix new file mode 100644 index 0000000..56b75b2 --- /dev/null +++ b/hosts/headless/vessel/musicomp.nix @@ -0,0 +1,37 @@ +{ + inputs, + self, + lib, + pkgs, + ... +}: { + imports = [ + inputs.musicomp.nixosModules.default + ]; + + services.musicomp.jobs.main = { + music = "/srv/music"; + comp = "/srv/compmusic"; + timerConfig = { + OnCalendar = "daily"; + Persistent = true; + }; + inhibitsSleep = true; + post = let + remoteDir = self.nixosConfigurations.abacus.config.services.navidrome.settings.MusicFolder; + rsyncExe = lib.getExe pkgs.rsync; + rsh = "${lib.getExe pkgs.openssh} -i /etc/ssh/ssh_host_ed25519_key -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"; + in '' + ${rsyncExe} \ + --archive \ + --recursive \ + --delete \ + --update \ + --mkpath \ + --verbose --verbose \ + --exclude lost+found \ + --rsh ${lib.escapeShellArg rsh} \ + /srv/compmusic/ root@wrz.one:${remoteDir} + ''; + }; +} diff --git a/hosts/headless/vessel/storage.nix b/hosts/headless/vessel/storage.nix new file mode 100644 index 0000000..e899606 --- /dev/null +++ b/hosts/headless/vessel/storage.nix @@ -0,0 +1,27 @@ +{ + systemd.tmpfiles.settings = { + "10-safe"."/srv/safe".d = { + user = "helvetica"; + group = "users"; + mode = "0755"; + }; + + "10-storage"."/srv/storage".d = { + user = "helvetica"; + group = "users"; + mode = "0755"; + }; + + "10-music"."/srv/music".d = { + user = "helvetica"; + group = "users"; + mode = "0755"; + }; + + "10-compmusic"."/srv/compmusic".d = { + user = "helvetica"; + group = "users"; + mode = "0755"; + }; + }; +} diff --git a/hosts/headless/vessel/system.nix b/hosts/headless/vessel/system.nix new file mode 100644 index 0000000..a05de83 --- /dev/null +++ b/hosts/headless/vessel/system.nix @@ -0,0 +1,3 @@ +{ + system.stateVersion = "24.11"; +} diff --git a/hosts/insomniac/profiles.nix b/hosts/insomniac/profiles.nix deleted file mode 100644 index b2f1fd3..0000000 --- a/hosts/insomniac/profiles.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ - profiles = { - desktop.enable = true; - emulation.enable = true; - gaming.enable = true; - piracy.enable = true; - productivity.enable = true; - }; -} diff --git a/hosts/vessel/filesystems.nix b/hosts/vessel/filesystems.nix deleted file mode 100644 index 7f37877..0000000 --- a/hosts/vessel/filesystems.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ - boot.initrd.luks.devices = { - main.device = "/dev/disk/by-label/cryptmain"; - vault.device = "/dev/disk/by-label/cryptvault"; - void.device = "/dev/disk/by-label/cryptvoid"; - sync.device = "/dev/disk/by-label/cryptsync"; - }; - - fileSystems = { - "/" = { - device = "/dev/mapper/main"; - fsType = "ext4"; - options = [ "noatime" ]; - }; - "/srv/vault" = { - device = "/dev/mapper/vault"; - fsType = "ext4"; - options = [ "noatime" ]; - }; - "/srv/void" = { - device = "/dev/mapper/void"; - fsType = "ext4"; - options = [ "noatime" ]; - }; - "/srv/sync" = { - device = "/dev/mapper/sync"; - fsType = "ext4"; - options = [ "noatime" ]; - }; - }; -} diff --git a/hosts/vessel/musicomp.nix b/hosts/vessel/musicomp.nix deleted file mode 100644 index 3cbb39e..0000000 --- a/hosts/vessel/musicomp.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ - inputs, - self, - lib, - pkgs, - ... -}: -{ - imports = [ - inputs.musicomp.nixosModules.default - ]; - - services.musicomp.jobs.main = { - music = "/srv/music"; - comp = "/srv/compmusic"; - timerConfig = { - OnCalendar = "daily"; - Persistent = true; - }; - inhibitsSleep = true; - post = - let - abacusConfig = self.nixosConfigurations.abacus.config; - remoteDir = abacusConfig.services.navidrome.settings.MusicFolder; - remoteDomain = abacusConfig.networking.domain; - package = pkgs.writeShellApplication { - name = "sync"; - runtimeInputs = [ - pkgs.openssh - pkgs.rsync - ]; - text = '' - rsync \ - --archive \ - --recursive \ - --delete \ - --update \ - --mkpath \ - --verbose --verbose \ - --rsh 'ssh -i /etc/ssh/ssh_host_ed25519_key -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null' \ - /srv/void/compmusic/ root@${lib.escapeShellArg remoteDomain}:${lib.escapeShellArg remoteDir}/ - ''; - }; - in - lib.getExe package; - }; -} diff --git a/hosts/vessel/profiles.nix b/hosts/vessel/profiles.nix deleted file mode 100644 index 92e505a..0000000 --- a/hosts/vessel/profiles.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - profiles.server.enable = true; -} diff --git a/hosts/vessel/restic.nix b/hosts/vessel/restic.nix deleted file mode 100644 index 11031d5..0000000 --- a/hosts/vessel/restic.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ - attrName, - config, - lib, - ... -}: -let - secretName = "restic-${attrName}"; - secret = config.age.secrets.${secretName}; -in -{ - age.secrets = lib.mkSecrets { ${secretName} = { }; }; - - services.restic.backups = { - local = { - repository = "/srv/backup/void"; - initialize = true; - paths = [ - "/srv/void" - ]; - passwordFile = secret.path; - pruneOpts = [ - "--keep-daily 7" - "--keep-weekly 5" - "--keep-monthly 12" - ]; - timerConfig = { - OnCalendar = "*-*-* 03:00:00"; - Persistent = true; - }; - }; - - remote = { - repository = "sftp:u459482@u459482.your-storagebox.de:/${attrName}"; - initialize = true; - paths = [ - config.services.syncthing.dataDir - "/srv/vault" - ]; - passwordFile = secret.path; - pruneOpts = [ - "--keep-daily 7" - "--keep-weekly 5" - "--keep-monthly 12" - ]; - timerConfig = { - OnCalendar = "*-*-* 03:00:00"; - Persistent = true; - }; - extraOptions = [ - "sftp.args='-i /etc/ssh/ssh_host_ed25519_key -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null'" - ]; - }; - }; -} diff --git a/hosts/vessel/rsync.nix b/hosts/vessel/rsync.nix deleted file mode 100644 index 9fe2546..0000000 --- a/hosts/vessel/rsync.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ - services.rsync.jobs.vault = { - sources = [ "/srv/vault/" ]; - destination = "/srv/sync/"; - inhibitsSleep = true; - }; -} diff --git a/hosts/vessel/storage.nix b/hosts/vessel/storage.nix deleted file mode 100644 index 25c569c..0000000 --- a/hosts/vessel/storage.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ - systemd.tmpfiles.settings = { - music = { - "/srv/vault/music".d = { - user = "root"; - group = "users"; - mode = "0755"; - }; - "/srv/void/compmusic".d = { - user = "root"; - group = "users"; - mode = "0755"; - }; - }; - }; -} diff --git a/hosts/work/php.nix b/hosts/work/php.nix deleted file mode 100644 index ee7281a..0000000 --- a/hosts/work/php.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ - config, - inputs, - pkgs, - ... -}: -{ - imports = [ - inputs.myphps.nixosModules.default - ]; - - services.myphps = { - enable = true; - prefix = "/var/lib/phps"; - }; - - environment.systemPackages = [ - pkgs.jetbrains.phpstorm - config.services.myphps.phps.php - inputs.myphps.packages.${pkgs.system}.symfony-cli - ]; -} diff --git a/hosts/work/profiles.nix b/hosts/work/profiles.nix deleted file mode 100644 index c901b18..0000000 --- a/hosts/work/profiles.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - profiles = { - desktop.enable = true; - productivity.enable = true; - }; -} diff --git a/lib.nix b/lib.nix index 745ec43..c9acc8a 100644 --- a/lib.nix +++ b/lib.nix @@ -1,66 +1,80 @@ lib: _: { - findModules = - paths: - builtins.concatMap ( - path: + findModules = paths: + builtins.concatMap (path: lib.pipe path [ - (lib.fileset.fileFilter (file: file.hasExt "nix")) + (lib.fileset.fileFilter ( + file: file.hasExt "nix" + )) lib.fileset.toList - ] - ) paths; + ]) + paths; - mkIfElse = - condition: trueContent: falseContent: + mkIfElse = condition: trueContent: falseContent: lib.mkMerge [ (lib.mkIf condition trueContent) (lib.mkIf (!condition) falseContent) ]; - mkSecrets = - secrets: - let - mkSecret = - { - name, - secret, - }: - secret - // { - file = ./secrets/${name}.age; + mkSecrets = secrets: let + mkSecret = { + name, + secret, + }: + secret + // { + file = ./secrets/${name}.age; + }; + in + builtins.mapAttrs (name: secret: mkSecret {inherit name secret;}) secrets; + + genNixosConfigurations = { + inputs, + extraModules ? _: [], + }: let + modulesDir = ./modules; + commonDir = ./common; + classesDir = ./classes; + hostsDir = ./hosts; + + commonNixosSystem = { + class, + name, + }: + lib.nixosSystem { + specialArgs = { + inherit (inputs) self; + inherit inputs lib; + attrName = name; }; - in - builtins.mapAttrs (name: secret: mkSecret { inherit name secret; }) secrets; - genNixosConfigurations = - inputs: - let - modulesDir = ./modules; - profilesDir = ./profiles; - commonDir = ./common; - hostsDir = ./hosts; - - commonNixosSystem = - name: - lib.nixosSystem { - specialArgs = { - inherit (inputs) self; - inherit inputs lib; - attrName = name; - }; - - modules = lib.findModules [ + modules = + (lib.findModules [ modulesDir - profilesDir commonDir - (hostsDir + /${name}) - ]; - }; + ./classes/${class} + (classesDir + /${class}) + (hostsDir + /${class}/${name}) + ]) + ++ [ + {networking.hostName = lib.mkDefault name;} + ] + ++ (extraModules {inherit class name;}); + }; - hosts = lib.pipe hostsDir [ + dirsIn = dir: + lib.pipe dir [ builtins.readDir (lib.filterAttrs (_: type: type == "directory")) builtins.attrNames ]; - in - lib.genAttrs hosts commonNixosSystem; + in + lib.pipe (dirsIn hostsDir) [ + (classes: + builtins.concatMap ( + class: map (name: {inherit class name;}) (dirsIn (hostsDir + /${class})) + ) + classes) + (map (args: lib.nameValuePair args.name (commonNixosSystem args))) + builtins.listToAttrs + ]; } diff --git a/modules/gcadapter.nix b/modules/gcadapter.nix deleted file mode 100644 index 3d3bba8..0000000 --- a/modules/gcadapter.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - config, - lib, - ... -}: -let - cfg = config.hardware.gcadapter; -in -{ - options.hardware.gcadapter.enable = lib.mkEnableOption "GameCube Adapter support"; - - config = lib.mkIf cfg.enable { - services.udev.extraRules = '' - ATTRS{idVendor}=="057e", ATTRS{idProduct}=="0337", MODE="666", SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device" TAG+="uaccess" - ''; - - boot = { - extraModulePackages = [ - config.boot.kernelPackages.gcadapter-oc-kmod - ]; - - kernelModules = [ - "gcadapter_oc" - ]; - }; - }; -} diff --git a/modules/main-user.nix b/modules/main-user.nix index 4123a80..d714e79 100644 --- a/modules/main-user.nix +++ b/modules/main-user.nix @@ -1,8 +1,6 @@ -{ lib, ... }: -let +{lib, ...}: let inherit (lib) types; -in -{ +in { options = { users.mainUser = lib.mkOption { type = types.passwdEntry types.str; diff --git a/modules/secure-boot.nix b/modules/secure-boot.nix new file mode 100644 index 0000000..91955c3 --- /dev/null +++ b/modules/secure-boot.nix @@ -0,0 +1,28 @@ +{ + config, + lib, + # inputs, + # pkgs, + ... +}: let + cfg = config.setups.secureBoot; +in { + # imports = [ + # inputs.lanzaboote.nixosModules.lanzaboote + # ]; + + options.setups.secureBoot.enable = lib.mkEnableOption "Secure Boot"; + + config = lib.mkIf cfg.enable { + # environment.systemPackages = [ + # pkgs.sbctl + # ]; + + # boot.loader.systemd-boot.enable = lib.mkForce false; + + # boot.lanzaboote = { + # enable = lib.mkForce true; + # pkiBundle = lib.mkDefault "/var/lib/sbctl"; + # }; + }; +} diff --git a/modules/user-types.nix b/modules/user-types.nix index 28b5188..f9595f5 100644 --- a/modules/user-types.nix +++ b/modules/user-types.nix @@ -2,24 +2,15 @@ config, lib, ... -}: -let - inherit (lib) types; - filterUsers = - predicate: - (lib.pipe config.users.users [ - (lib.filterAttrs (_: predicate)) - builtins.attrNames - ]); -in -{ - options.users = { +}: { + options.users = let + inherit (lib) types; + in { normalUsers = lib.mkOption { type = types.listOf (types.passwdEntry types.str); description = '' List of normal users. ''; - readOnly = true; }; systemUsers = lib.mkOption { @@ -27,11 +18,15 @@ in description = '' List of system users. ''; - readOnly = true; }; }; - config.users = { + config.users = let + filterUsers = pred: (lib.pipe config.users.users [ + (lib.filterAttrs (_: pred)) + builtins.attrNames + ]); + in { normalUsers = filterUsers (user: user.isNormalUser); systemUsers = filterUsers (user: user.isSystemUser); }; diff --git a/packages/disk/disk b/packages/disk/disk.bash similarity index 100% rename from packages/disk/disk rename to packages/disk/disk.bash diff --git a/packages/disk/package.nix b/packages/disk/package.nix index a8466f7..0d292c1 100644 --- a/packages/disk/package.nix +++ b/packages/disk/package.nix @@ -15,5 +15,5 @@ writeShellApplication { dosfstools ]; - text = builtins.readFile ./disk; + text = builtins.readFile ./disk.bash; } diff --git a/packages/puter/package.nix b/packages/puter/package.nix new file mode 100644 index 0000000..bfd5a2c --- /dev/null +++ b/packages/puter/package.nix @@ -0,0 +1,11 @@ +{ + writeShellApplication, + nixos-rebuild, +}: +writeShellApplication { + name = "puter"; + runtimeInputs = [ + nixos-rebuild + ]; + text = builtins.readFile ./puter.bash; +} diff --git a/packages/puter/puter.bash b/packages/puter/puter.bash new file mode 100644 index 0000000..3f242ff --- /dev/null +++ b/packages/puter/puter.bash @@ -0,0 +1,192 @@ +#!/usr/bin/env bash + +set -o errexit +set -o nounset +set -o pipefail + +progname=$0 + +warn() { + local line + for line in "$@"; do + echo "$progname: $line" 1>&2 + done +} + +error() { + warn "$@" + + exit 1 +} + +args=$( + getopt \ + --options F:f:o:t:v \ + --longoptions flakeref:,flake:,on:,to:,verbose \ + --name "$progname" \ + -- "$@" +) + +eval set -- "$args" + +if [[ -v PUTER_FLAKEREF && -n $PUTER_FLAKEREF ]]; then + flakeref=$PUTER_FLAKEREF +fi +flags=( + --refresh + --use-remote-sudo + --no-write-lock-file +) +verbose=false +while true; do + case $1 in + -F | --flakeref) + flakeref=$2 + shift 2 + ;; + -f | --flake) + flake=$2 + shift 2 + ;; + -o | --on) + flags+=(--build-host "$2") + shift 2 + ;; + -t | --to) + host=$2 + flags+=(--target-host "$host") + shift 2 + ;; + -v | --verbose) + flags+=(--verbose) + verbose=true + shift + ;; + --) + shift + break + ;; + esac +done + +if [[ ! -v flake ]]; then + if [[ -v flakeref ]]; then + warn "using flake reference $flakeref" + if [[ -v host ]]; then + hostname=$(ssh -- "$host" hostname) + else + hostname=$(hostname) + fi + if [[ -z $hostname ]]; then + error 'hostname could not be resolved and no flake specified' + fi + flake=$flakeref#$hostname + warn "resolved to $flake" + else + error 'no flake or flake reference specified' + fi +fi + +flags+=(--flake "$flake") + +if (($# == 0)); then + error 'a subcommand is required' +fi + +run() { + cmd=(nixos-rebuild "${flags[@]}" "$@") + + if "$verbose"; then + warn "running ${cmd[*]}" + fi + + "${cmd[@]}" +} + +sub=$1 + +case $sub in +s | switch) + shift + + if (($# > 0)); then + error 'too many arguments' + fi + + run switch + ;; +b | boot) + shift + + if (($# > 0)); then + error 'too many arguments' + fi + + run boot + ;; +t | test) + shift + + if (($# > 0)); then + error 'too many arguments' + fi + + run test + ;; +bld | build) + shift + + if (($# > 0)); then + error 'too many arguments' + fi + + run build + ;; +dbld | dry-build) + shift + + if (($# > 0)); then + error 'too many arguments' + fi + + run dry-build + ;; +da | dry-activate) + shift + + if (($# > 0)); then + error 'too many arguments' + fi + + run dry-activate + ;; +vm | build-vm) + shift + + if (($# > 0)); then + error 'too many arguments' + fi + + run build-vm + ;; +i | img | build-image) + shift + + if (($# < 1)); then + error 'image variant is required' + fi + + if (($# > 1)); then + error 'too many arguments' + fi + + variant=$1 + + flags+=("$variant") + + run build-image + ;; +*) + error 'invalid subcommand' + ;; +esac diff --git a/profiles/desktop/clipboard.nix b/profiles/desktop/clipboard.nix deleted file mode 100644 index 2acb2df..0000000 --- a/profiles/desktop/clipboard.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -let - cfg = config.profiles.desktop; -in -{ - config = lib.mkIf cfg.enable { - environment.systemPackages = [ - pkgs.wl-clipboard - ]; - }; -} diff --git a/profiles/desktop/compat.nix b/profiles/desktop/compat.nix deleted file mode 100644 index a9a6477..0000000 --- a/profiles/desktop/compat.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -let - cfg = config.profiles.desktop; -in -{ - config = lib.mkIf cfg.enable { - programs.appimage = { - enable = true; - binfmt = true; - package = pkgs.appimage-run.override { - extraPkgs = pkgs: [ - pkgs.curl - pkgs.zlib - pkgs.libmpg123 - ]; - }; - }; - - boot.binfmt.emulatedSystems = lib.remove pkgs.stdenv.hostPlatform.system [ - "x86_64-linux" - "aarch64-linux" - ]; - - environment.systemPackages = [ - pkgs.wineWow64Packages.waylandFull - ]; - }; -} diff --git a/profiles/desktop/cosmic.nix b/profiles/desktop/cosmic.nix deleted file mode 100644 index 8857cc5..0000000 --- a/profiles/desktop/cosmic.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ - config, - lib, - inputs, - ... -}: -let - cfg = config.profiles.desktop; -in -{ - imports = [ - inputs.nixos-cosmic.nixosModules.default - ]; - - config = lib.mkIf cfg.enable { - - nix.settings = { - substituters = [ "https://cosmic.cachix.org" ]; - trusted-public-keys = [ "cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE=" ]; - }; - - services = { - desktopManager.cosmic.enable = true; - displayManager.cosmic-greeter.enable = true; - }; - - environment.sessionVariables.COSMIC_DATA_CONTROL_ENABLED = 1; - }; -} diff --git a/profiles/desktop/default.nix b/profiles/desktop/default.nix deleted file mode 100644 index 11e024f..0000000 --- a/profiles/desktop/default.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ config, lib, ... }: -let - cfg = config.profiles.desktop; -in -{ - options.profiles.desktop = { - enable = lib.mkEnableOption "desktop"; - }; - - config = lib.mkIf cfg.enable { - assertions = [ - { - assertion = !config.profiles.server.enable; - message = "The desktop profile is not compatible with the server profile."; - } - ]; - }; -} diff --git a/profiles/desktop/firefox.nix b/profiles/desktop/firefox.nix deleted file mode 100644 index e5ba561..0000000 --- a/profiles/desktop/firefox.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -let - cfg = config.profiles.desktop; -in -{ - config = lib.mkIf cfg.enable { - programs.firefox = { - enable = true; - package = pkgs.librewolf; - preferences = { - "webgl.disabled" = false; - "privacy.resistFingerprinting" = false; - "middlemouse.paste" = false; - "general.autoScroll" = true; - "privacy.clearOnShutdown.history" = false; - "privacy.clearOnShutdown.downloads" = false; - }; - }; - }; -} diff --git a/profiles/desktop/fonts.nix b/profiles/desktop/fonts.nix deleted file mode 100644 index 2a528be..0000000 --- a/profiles/desktop/fonts.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -let - cfg = config.profiles.desktop; -in -{ - config = lib.mkIf cfg.enable { - fonts = { - enableDefaultPackages = true; - packages = [ - pkgs.noto-fonts - pkgs.noto-fonts-extra - pkgs.noto-fonts-cjk-sans - pkgs.noto-fonts-cjk-serif - pkgs.noto-fonts-monochrome-emoji - pkgs.noto-fonts-color-emoji - pkgs.nerd-fonts.fira-code - ]; - - fontconfig = { - enable = true; - - defaultFonts = { - monospace = [ - "FiraCode Nerd Font" - ]; - sansSerif = [ - "Noto Sans" - ]; - serif = [ - "Noto Serif" - ]; - emoji = [ - "Noto Color Emoji" - "Noto Emoji" - ]; - }; - }; - - # TODO - fontDir.enable = true; - }; - }; -} diff --git a/profiles/desktop/hardware.nix b/profiles/desktop/hardware.nix deleted file mode 100644 index 13163b5..0000000 --- a/profiles/desktop/hardware.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ - config, - lib, - ... -}: -let - cfg = config.profiles.desktop; -in -{ - config = lib.mkIf cfg.enable { - hardware = { - bluetooth.enable = true; - steam-hardware.enable = true; - xone.enable = true; - xpadneo.enable = true; - opentabletdriver.enable = true; - gcadapter.enable = true; - graphics.enable = true; - enableAllFirmware = true; - }; - }; -} diff --git a/profiles/desktop/location.nix b/profiles/desktop/location.nix deleted file mode 100644 index fffcb56..0000000 --- a/profiles/desktop/location.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ - config, - lib, - ... -}: -let - cfg = config.profiles.desktop; -in -{ - config = lib.mkIf cfg.enable { - location.provider = "geoclue2"; - }; -} diff --git a/profiles/desktop/networking.nix b/profiles/desktop/networking.nix deleted file mode 100644 index bdc6911..0000000 --- a/profiles/desktop/networking.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ - config, - lib, - ... -}: -let - cfg = config.profiles.desktop; -in -{ - config = lib.mkIf cfg.enable { - services.resolved.enable = true; - - networking.networkmanager = { - enable = true; - dns = "systemd-resolved"; - }; - - users.groups.networkmanager.members = config.users.normalUsers; - }; -} diff --git a/profiles/desktop/pipewire.nix b/profiles/desktop/pipewire.nix deleted file mode 100644 index 7e6986f..0000000 --- a/profiles/desktop/pipewire.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ - config, - lib, - ... -}: -let - cfg = config.profiles.desktop; -in -{ - config = lib.mkIf cfg.enable { - security.rtkit.enable = true; - - services.pipewire = { - enable = true; - wireplumber.enable = true; - alsa.enable = true; - pulse.enable = true; - jack.enable = true; - }; - }; -} diff --git a/profiles/desktop/printing.nix b/profiles/desktop/printing.nix deleted file mode 100644 index d251c14..0000000 --- a/profiles/desktop/printing.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ - config, - lib, - ... -}: -let - cfg = config.profiles.desktop; -in -{ - config = lib.mkIf cfg.enable { - services.printing = { - enable = true; - webInterface = true; - }; - }; -} diff --git a/profiles/desktop/supersonic.nix b/profiles/desktop/supersonic.nix deleted file mode 100644 index 7eb28b0..0000000 --- a/profiles/desktop/supersonic.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -let - cfg = config.profiles.desktop; -in -{ - config = lib.mkIf cfg.enable { - environment.systemPackages = [ - pkgs.supersonic-wayland - ]; - }; -} diff --git a/profiles/desktop/vesktop.nix b/profiles/desktop/vesktop.nix deleted file mode 100644 index f1b45fe..0000000 --- a/profiles/desktop/vesktop.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -let - cfg = config.profiles.desktop; -in -{ - # TODO - config = lib.mkIf cfg.enable { - environment.systemPackages = [ - pkgs.vesktop - ]; - }; -} diff --git a/profiles/desktop/wayland.nix b/profiles/desktop/wayland.nix deleted file mode 100644 index e76d7fc..0000000 --- a/profiles/desktop/wayland.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ - config, - lib, - ... -}: -let - cfg = config.profiles.desktop; -in -{ - config = lib.mkIf cfg.enable { - environment.sessionVariables = { - NIXOS_OZONE_WL = "1"; - SDL_VIDEODRIVER = "wayland"; - }; - }; -} diff --git a/profiles/desktop/xdg.nix b/profiles/desktop/xdg.nix deleted file mode 100644 index 892a8dc..0000000 --- a/profiles/desktop/xdg.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ - config, - lib, - ... -}: -let - cfg = config.profiles.desktop; -in -{ - config = lib.mkIf cfg.enable { - xdg.portal.xdgOpenUsePortal = true; - }; -} diff --git a/profiles/desktop/zk.nix b/profiles/desktop/zk.nix deleted file mode 100644 index d4f4a66..0000000 --- a/profiles/desktop/zk.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -let - cfg = config.profiles.desktop; -in -{ - config = lib.mkIf cfg.enable { - environment.systemPackages = [ - pkgs.zk - ]; - }; -} diff --git a/profiles/emulation/cemu.nix b/profiles/emulation/cemu.nix deleted file mode 100644 index 40ca12b..0000000 --- a/profiles/emulation/cemu.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -let - cfg = config.profiles.emulation; -in -{ - config = lib.mkIf cfg.enable { - environment.systemPackages = [ - pkgs.cemu - ]; - }; -} diff --git a/profiles/emulation/default.nix b/profiles/emulation/default.nix deleted file mode 100644 index f7b51d8..0000000 --- a/profiles/emulation/default.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ config, lib, ... }: -let - cfg = config.profiles.emulation; -in -{ - options.profiles.emulation = { - enable = lib.mkEnableOption "emulation"; - }; - - config = lib.mkIf cfg.enable { - assertions = [ - { - assertion = config.profiles.desktop.enable; - message = "The emulation profile depends on the desktop profile."; - } - ]; - }; -} diff --git a/profiles/emulation/dolphin.nix b/profiles/emulation/dolphin.nix deleted file mode 100644 index 6376ad0..0000000 --- a/profiles/emulation/dolphin.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -let - cfg = config.profiles.emulation; -in -{ - config = lib.mkIf cfg.enable { - environment.systemPackages = [ - pkgs.dolphin-emu - ]; - }; -} diff --git a/profiles/emulation/rmg.nix b/profiles/emulation/rmg.nix deleted file mode 100644 index 4ed9c74..0000000 --- a/profiles/emulation/rmg.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -let - cfg = config.profiles.emulation; -in -{ - config = lib.mkIf cfg.enable { - environment.systemPackages = [ - pkgs.rmg-wayland - ]; - }; -} diff --git a/profiles/gaming/default.nix b/profiles/gaming/default.nix deleted file mode 100644 index 9846529..0000000 --- a/profiles/gaming/default.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ config, lib, ... }: -let - cfg = config.profiles.gaming; -in -{ - options.profiles.gaming = { - enable = lib.mkEnableOption "gaming"; - }; - - config.assertions = lib.mkIf cfg.enable [ - { - assertion = config.profiles.desktop.enable; - message = "The gaming profile depends on the desktop profile."; - } - ]; -} diff --git a/profiles/gaming/gamemode.nix b/profiles/gaming/gamemode.nix deleted file mode 100644 index 921d7a2..0000000 --- a/profiles/gaming/gamemode.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -let - cfg = config.profiles.gaming; -in -{ - config = lib.mkIf cfg.enable { - programs.gamemode = { - enable = true; - settings = { - general = { - renice = 10; - }; - custom = { - start = "${lib.getExe pkgs.libnotify} 'GameMode started'"; - end = "${lib.getExe pkgs.libnotify} 'GameMode stopped'"; - }; - }; - }; - - users.groups.gamemode.members = config.users.normalUsers; - }; -} diff --git a/profiles/gaming/prismlauncher.nix b/profiles/gaming/prismlauncher.nix deleted file mode 100644 index c3888ec..0000000 --- a/profiles/gaming/prismlauncher.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -let - cfg = config.profiles.gaming; -in -{ - config = lib.mkIf cfg.enable { - environment.systemPackages = [ - pkgs.prismlauncher - ]; - }; -} diff --git a/profiles/gaming/steam.nix b/profiles/gaming/steam.nix deleted file mode 100644 index 5195abf..0000000 --- a/profiles/gaming/steam.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ - config, - lib, - ... -}: -let - cfg = config.profiles.gaming; -in -{ - config = lib.mkIf cfg.enable { - programs.steam = { - enable = true; - extest.enable = true; - protontricks.enable = true; - dedicatedServer.openFirewall = true; - remotePlay.openFirewall = true; - localNetworkGameTransfers.openFirewall = true; - }; - }; -} diff --git a/profiles/piracy/default.nix b/profiles/piracy/default.nix deleted file mode 100644 index 6d8ff03..0000000 --- a/profiles/piracy/default.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ config, lib, ... }: -let - cfg = config.profiles.piracy; -in -{ - options.profiles.piracy = { - enable = lib.mkEnableOption "piracy"; - }; - - config = lib.mkIf cfg.enable { - assertions = [ - { - assertion = config.profiles.desktop.enable; - message = "The piracy profile depends on the desktop profile."; - } - ]; - }; -} diff --git a/profiles/piracy/mullvad.nix b/profiles/piracy/mullvad.nix deleted file mode 100644 index c59b5dc..0000000 --- a/profiles/piracy/mullvad.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -let - cfg = config.profiles.gaming; -in -{ - config = lib.mkIf cfg.enable { - services.mullvad-vpn = { - enable = true; - package = pkgs.mullvad-vpn; - }; - }; -} diff --git a/profiles/piracy/qbittorrent.nix b/profiles/piracy/qbittorrent.nix deleted file mode 100644 index b099637..0000000 --- a/profiles/piracy/qbittorrent.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -let - cfg = config.profiles.gaming; -in -{ - config = lib.mkIf cfg.enable { - environment.systemPackages = [ - pkgs.qbittorrent - ]; - }; -} diff --git a/profiles/productivity/default.nix b/profiles/productivity/default.nix deleted file mode 100644 index 88f6e36..0000000 --- a/profiles/productivity/default.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ config, lib, ... }: -let - cfg = config.profiles.productivity; -in -{ - options.profiles.productivity = { - enable = lib.mkEnableOption "productivity"; - }; - - config = lib.mkIf cfg.enable { - assertions = [ - { - assertion = config.profiles.desktop.enable; - message = "The productivity profile depends on the desktop profile."; - } - ]; - }; -} diff --git a/profiles/productivity/gimp.nix b/profiles/productivity/gimp.nix deleted file mode 100644 index 0ce8ca9..0000000 --- a/profiles/productivity/gimp.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -let - cfg = config.profiles.productivity; -in -{ - config = lib.mkIf cfg.enable { - environment.systemPackages = [ - pkgs.gimp3-with-plugins - ]; - }; -} diff --git a/profiles/productivity/inkscape.nix b/profiles/productivity/inkscape.nix deleted file mode 100644 index d38e624..0000000 --- a/profiles/productivity/inkscape.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -let - cfg = config.profiles.productivity; -in -{ - config = lib.mkIf cfg.enable { - environment.systemPackages = [ - pkgs.inkscape-with-extensions - ]; - }; -} diff --git a/profiles/productivity/libreoffice.nix b/profiles/productivity/libreoffice.nix deleted file mode 100644 index e7d4077..0000000 --- a/profiles/productivity/libreoffice.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -let - cfg = config.profiles.productivity; -in -{ - config = lib.mkIf cfg.enable { - environment.systemPackages = [ - pkgs.libreoffice-fresh - ]; - }; -} diff --git a/profiles/server/default.nix b/profiles/server/default.nix deleted file mode 100644 index 555c4d0..0000000 --- a/profiles/server/default.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ config, lib, ... }: -let - cfg = config.profiles.server; -in -{ - options.profiles.server = { - enable = lib.mkEnableOption "server"; - }; - - config = lib.mkIf cfg.enable { - assertions = [ - { - assertion = !config.profiles.desktop.enable; - message = "The server profile is not compatible with the desktop profile."; - } - ]; - }; -} diff --git a/profiles/server/networking.nix b/profiles/server/networking.nix deleted file mode 100644 index 597a7ed..0000000 --- a/profiles/server/networking.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ - config, - lib, - ... -}: -let - cfg = config.profiles.server; -in -{ - config = lib.mkIf cfg.enable { - networking.useNetworkd = true; - }; -} diff --git a/profiles/server/time.nix b/profiles/server/time.nix deleted file mode 100644 index 0f4f76d..0000000 --- a/profiles/server/time.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ - config, - lib, - ... -}: -let - cfg = config.profiles.server; -in -{ - config = lib.mkIf cfg.enable { - time.timeZone = "UTC"; - }; -} diff --git a/pubkeys.nix b/pubkeys.nix index cb6709e..2af161c 100644 --- a/pubkeys.nix +++ b/pubkeys.nix @@ -1,9 +1,7 @@ { users = { - "helvetica@flamingo" = - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAztZgcRBHqX8Wb2nAlP1qCKF205M3un/D1YnREcO7Dy"; - "helvetica@glacier" = - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK4U9RzV/gVGBfrCOye7BlS11g5BS7SmuZ36n2ZIJyAX"; + "lukas@flamingo" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAztZgcRBHqX8Wb2nAlP1qCKF205M3un/D1YnREcO7Dy"; + "lukas@glacier" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK4U9RzV/gVGBfrCOye7BlS11g5BS7SmuZ36n2ZIJyAX"; "lukas@work" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINjvkQeQhAlS+e5EJOXW9Lqd3/uG9qNLIO0NaMFCA0Ew"; }; diff --git a/secrets/forgejo-admin.age b/secrets/forgejo-admin.age new file mode 100644 index 0000000..f18cf68 --- /dev/null +++ b/secrets/forgejo-admin.age @@ -0,0 +1,12 @@ +age-encryption.org/v1 +-> ssh-ed25519 SFHVrw 1eOoURN0W33AUbKglRCVBNzW3RMTyLIwWMRdI/n0iHI +cE0GpXpRyHqxXotqgvEvYYue05yASNmKpPS7QDadVOQ +-> ssh-ed25519 S+dwQQ YAhXTqFh18wXzQ02TUvfZJvYdyCZcNufvNTJ7ZjByGk +T3bb0jOs9SL1/5cmsHbYrxYsW4DBOXWN3Bc93/bQ+c4 +-> ssh-ed25519 bPbvlw isx3ppsjOWxJgp6w7m1+a1W5DsMWSrYmcwD/I7kfREY +zZBV0iGYfF5kRdwnXzeUYCaNxrDAFn97072kg2d6uaM +-> ssh-ed25519 ffmsLw K6sD34XppM8mIaFAB4h43J8miednzvR4W9KUczc0Hk0 +pxOWAsf24bCVDTXeLgayKgqWB512Dzx/1+Gx17RT31I +--- JvtcFW8QYtA1PViXec9je99Shc/KVbACsvDZEfBV5kU +D2ǵ,jqޤ 7LܭA +fGQ4S g᫃ \ No newline at end of file diff --git a/secrets/forgejo-mailer.age b/secrets/forgejo-mailer.age new file mode 100644 index 0000000..c758379 --- /dev/null +++ b/secrets/forgejo-mailer.age @@ -0,0 +1,11 @@ +age-encryption.org/v1 +-> ssh-ed25519 SFHVrw rEjkYPlPge7UMzbYwPwH80iWaQqIhPHwq9UKpF1LdEE +hn+knYiTYUTobUnAx50E6S7kAwzOhJC3aTXp7tB6kVs +-> ssh-ed25519 S+dwQQ JHScT9expJ30xkXY/QZZs6fttyiUz81+xCnt4FCyLQs +m1OykPIXU1WI/7rL/0AroNBp1alYCo7PsmKn6dMjiTM +-> ssh-ed25519 bPbvlw IFnxf/jKXZptRpEY7F00agI3yEbztWL8jf8WK03bZ3U +djSqXIYLK+puHMUtVG2EOQyc1mwFRxUshkDPSNWVhkE +-> ssh-ed25519 ffmsLw S325emLg33EycUbKCVzD8nLYbVOrQoOhnW5HnJXATC4 +IKBSnzg1BaHYtJhVc8FliY1XVB7P46GsuW/ffeuEa74 +--- QK8UE0WcbtpaBKOZJ/X9n+ZH9Uq1i+y2axyX+zjosXY +G*9k5>\u{ŏj ssh-ed25519 SFHVrw /Rn9mDfrW6WXvk2rHnvFRikKPKjytoZSxr7nIHfaYBQ -dk43RULffWoNdpcyg46PYoyp4+Se/P7hKOq9dlYKHQs --> ssh-ed25519 S+dwQQ j6cPjS+jTJZ3vX3RtBgcdHDNYUpwHaK470znK3t2PAU -3x9YctUrApvED+9Z8RXRzYbYvzmWcY6OLySDViAAruY --> ssh-ed25519 bPbvlw wLrlOsWNEhfkJS08IVvIRbuadsZj/mw+J3PmH9dlD1c -FZ2U3gdU2Y9LqCiQ1mz7beYSPyNY3tIEbsPGVfMjmHM --> ssh-ed25519 ffmsLw aCodb4aiUqIlMGzR7YwQDb8eQh1BHvmUeQAcOaT7fgo -KxSrylhmv3aylhqUp4j9dO/z5judvI5CeRDXE0XqbyE ---- 3tsgl8nyTeB1+YqslwzwdENX1QbP47GZG4EbRPKy8r8 -qJIh.H'O-Ob_s6  \ No newline at end of file diff --git a/secrets/forgejo/mailer.age b/secrets/forgejo/mailer.age deleted file mode 100644 index 2475d67..0000000 --- a/secrets/forgejo/mailer.age +++ /dev/null @@ -1,11 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 SFHVrw 6hEwUxHZ7YxTRZGxM+pGfKKtpt0KUME5onbtQqHdsxk -zUEng+GntP/LGygdZTPCsFK9Vmn++VODWR0lWCuC0kQ --> ssh-ed25519 S+dwQQ eznFi6oeKUpS1VmkK3cVjcRFF3zI6o9zzFkukj1X6lY -KApBmW4r4AQwqv6DrBg8I4x2TCUjgGOzHOfsLP5NDx4 --> ssh-ed25519 bPbvlw 86J2AsTVgm3GAbLmlOi5n73b8qgHxsIlDZKtM96zcQo -SYR28elHJA6Z0NCo90bZVQvixpKGTWmeafqr0CrLhcM --> ssh-ed25519 ffmsLw LdxVlRNsqwSZc0qXWC7N+q69PTIXY0q49upfuEk5GwM -Z73ga/GtcdDUgAWRteHat0gmtISjTbVvzjUaugtYwCY ---- D065LOfAd9xDAc2QMAmEZQeduBgIaYtpC/W/wgcwY7Q -R~OZJwj]1~9QVm \ No newline at end of file diff --git a/secrets/restic-abacus.age b/secrets/restic-abacus.age index 47478e4..3823dd8 100644 Binary files a/secrets/restic-abacus.age and b/secrets/restic-abacus.age differ diff --git a/secrets/restic-vessel.age b/secrets/restic-vessel.age index 654cfad..5f33d9c 100644 --- a/secrets/restic-vessel.age +++ b/secrets/restic-vessel.age @@ -1,11 +1,11 @@ age-encryption.org/v1 --> ssh-ed25519 SFHVrw nyWvoLnNXzbxV3pKyVFIJIdzO1WOCHThAEKe0dyDxgM -N6t8SrPsvLrIRG4iu9896ZN8Ebzez7/pLC4RnS1ZEhs --> ssh-ed25519 S+dwQQ UPHt9CTJmM9VvubDx5XSnTusm4oSyq+/A2R5FLYKbj4 -n5wDmZwRmyjunS7njesVc0PZKhC51x5xqDlrD/9d1VE --> ssh-ed25519 bPbvlw /2b8HRR2KzTiiVQKxN82oQ8PqVcRKEJ6hwNfMhFaf2I -1cDwbIcK9VI65Rb84wN87SdkyVP357+WrKk04PfXNhU --> ssh-ed25519 Sm0lOA LZ2gX5nnMF3xbo/dhGQa6Ms5ifheF4ulag8mKJp6YEs -atOPulZBoi5Xf2uJ+bAXVo3I+XIitkaFM6eoMa7oqwo ---- R15O8zIkvnQHp0FOz24YB0DPOaPWfkt3G4GbBs+lY2o -V7]6 c: D*@z%M3=\B Z%2k \ No newline at end of file +-> ssh-ed25519 SFHVrw IS1zLmLNl5l0+IJoZObLSKzjg12V9hPCYOuD0ZJphk8 +FipqdCWVqXZ9RdNPXUnyqM8xvktCbjUHyAbh8GRLLg0 +-> ssh-ed25519 S+dwQQ 0oWHsd3MryyksSbUZEWdFw8kyLPaxko1bMUWbmSxlyM +xgu+2woj3pIRHcR3XasLaiMZqs2uj3VoDh8da9GQADs +-> ssh-ed25519 bPbvlw JwdTUP9poe45VREZKqDcqmM4Sgr8BMB3CrTw6rS+VFI +WWkM2uC2uovhB5ZkQVQ4xnNKhY3B+2Lus+3Qd+SZFKE +-> ssh-ed25519 Sm0lOA Nu0x8ec0G7N9Tc1JNRGzHWCCUIY9zUanTOgfZfxrUTQ +iueKqGbDunTkpgVsymj6yc7t7J1yhvg1ug0PJHRCyX4 +--- 2ZAyA0YLFKg9DgbtmN4TVJPc6dLhrvu8UJMR0+DZItc +ʡ;*(Kْ7Gy,ﮰ5dK>6g \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index e93b6ad..0a37768 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -1,23 +1,19 @@ let pubkeys = import ../pubkeys.nix; inherit (pubkeys) users hosts; -in -{ - "users/helvetica.age".publicKeys = - (builtins.attrValues users) ++ (builtins.attrValues (builtins.removeAttrs hosts [ "insomniac" ])); - "users/insomniac.age".publicKeys = (builtins.attrValues users) ++ [ hosts.insomniac ]; +in { + "user-helvetica.age".publicKeys = (builtins.attrValues users) ++ (builtins.attrValues (builtins.removeAttrs hosts ["insomniac"])); + "user-insomniac.age".publicKeys = (builtins.attrValues users) ++ [hosts.insomniac]; - "vaultwarden.age".publicKeys = (builtins.attrValues users) ++ [ hosts.abacus ]; + "miniflux.age".publicKeys = (builtins.attrValues users) ++ [hosts.abacus]; - "forgejo/mailer.age".publicKeys = (builtins.attrValues users) ++ [ hosts.abacus ]; - "forgejo/admin.age".publicKeys = (builtins.attrValues users) ++ [ hosts.abacus ]; + "vaultwarden.age".publicKeys = (builtins.attrValues users) ++ [hosts.abacus]; - "restic-vessel.age".publicKeys = (builtins.attrValues users) ++ [ hosts.vessel ]; - "restic-abacus.age".publicKeys = (builtins.attrValues users) ++ [ hosts.abacus ]; + "forgejo-mailer.age".publicKeys = (builtins.attrValues users) ++ [hosts.abacus]; + "forgejo-admin.age".publicKeys = (builtins.attrValues users) ++ [hosts.abacus]; - "syncserver.age".publicKeys = (builtins.attrValues users) ++ [ hosts.abacus ]; + "restic-vessel.age".publicKeys = (builtins.attrValues users) ++ [hosts.vessel]; + "restic-abacus.age".publicKeys = (builtins.attrValues users) ++ [hosts.abacus]; - "secure-boot/glacier.tar.age".publicKeys = (builtins.attrValues users) ++ [ hosts.glacier ]; - "secure-boot/abacus.tar.age".publicKeys = (builtins.attrValues users) ++ [ hosts.abacus ]; - "secure-boot/flamingo.tar.age".publicKeys = (builtins.attrValues users) ++ [ hosts.flamingo ]; + "syncserver.age".publicKeys = (builtins.attrValues users) ++ [hosts.abacus]; } diff --git a/secrets/secure-boot/abacus.tar.age b/secrets/secure-boot/abacus.tar.age deleted file mode 100644 index b34def7..0000000 Binary files a/secrets/secure-boot/abacus.tar.age and /dev/null differ diff --git a/secrets/secure-boot/flamingo.tar.age b/secrets/secure-boot/flamingo.tar.age deleted file mode 100644 index fdfc6e8..0000000 Binary files a/secrets/secure-boot/flamingo.tar.age and /dev/null differ diff --git a/secrets/secure-boot/glacier.tar.age b/secrets/secure-boot/glacier.tar.age deleted file mode 100644 index c428c59..0000000 Binary files a/secrets/secure-boot/glacier.tar.age and /dev/null differ diff --git a/secrets/syncserver.age b/secrets/syncserver.age index 3fa9b09..6256bf7 100644 Binary files a/secrets/syncserver.age and b/secrets/syncserver.age differ diff --git a/secrets/users/lukas.age b/secrets/user-helvetica.age similarity index 100% rename from secrets/users/lukas.age rename to secrets/user-helvetica.age diff --git a/secrets/user-insomniac.age b/secrets/user-insomniac.age new file mode 100644 index 0000000..af210ad --- /dev/null +++ b/secrets/user-insomniac.age @@ -0,0 +1,11 @@ +age-encryption.org/v1 +-> ssh-ed25519 SFHVrw 5jjXKCP1LHhUGYyri1g04ZvmJCT3oaHKv3rrX17w2gc +7WncrC6u6edUne4VQGZb/9EnNsL4JRQ/7egfViuclpE +-> ssh-ed25519 S+dwQQ KwH9DQOT0uLanFKUkbppGIX9Q5aDjjZZYO7gsF19K0c +ese8sLUSS8c5FgMRITavOj6bqPWV0M3/zOnbyaSj6as +-> ssh-ed25519 bPbvlw ufEzOz5vppSomacvWoMe/RAKm6GKPNMjnGbhLpuID3o +HKh4+nBARw8pHhl1+p+hwdvXY+wG4448pnUarQp12rE +-> ssh-ed25519 8l76Rg dMN8haWgW3i0EXv2ki8EySvdGVTQ36b6JKC4zSRNWmA +6hoVTll3E8cYkRM1gNV4OU65dcYS/Ufy58xNOgppms8 +--- jYMZqNR10eeeo2aUlSWM02A10ykvDB7mr+DZf7JxdDk +-/ezG`[(K;~BUUZK|Hne_iVO?-45w7ձQ7 /|&hr(}OLC(VhW5 \ No newline at end of file diff --git a/secrets/user-lukas.age b/secrets/user-lukas.age new file mode 100644 index 0000000..d500ab6 Binary files /dev/null and b/secrets/user-lukas.age differ diff --git a/secrets/users/helvetica.age b/secrets/users/helvetica.age deleted file mode 100644 index 28ad975..0000000 --- a/secrets/users/helvetica.age +++ /dev/null @@ -1,20 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 SFHVrw 5O32JjIL6EnnFpSEWuqYSnlQXCi86TjEGU5hKxEVfUk -mnI5nBEyM/M4hiOEl0lBdBt0v4cthrIlnWd6kvgud5s --> ssh-ed25519 S+dwQQ bOtKQWynZxYPRukkGBVJ8p6d7mU6J1LxDc7RbxRjxn8 -ykEExNA0KIXWRS0oAME7c6lScb7P5PR6rcoao35dd6s --> ssh-ed25519 bPbvlw mBeVkAPVjuPyiGZoWTtU9cZEJ7DjT06wS7+BbK8xrlY -l5yxGa/CH2pM6IL6SeWgtQg/nJvcU6vLZQp9f10eQCg --> ssh-ed25519 ffmsLw LqpIMiGZF5DZwibH8hJD8V8yJfpaRddJRxFC+MWqaQQ -1mGrkOKPZ7ZOQ/kwHA0VigU9DUY8SYTxRiq5tZnaWqk --> ssh-ed25519 d2fKsw L8PpoPH43jKLkC8tduV2ILAypnwfGP2eJUTjX5foLzs -/Hu7tHtq9m4MYV6K48KDk68HWJzzCCr1DL7dKCyvndo --> ssh-ed25519 US6ATA XqSHAd4tAGQgfD5zZUgGi85F4WX3Uz3K72ZbSf1b7lI -EYfjkYeoG7fvskrKdUnp/Yz713QfF2Wb+zZyXC/0pHc --> ssh-ed25519 Sm0lOA UTaaX0IZkosP/zU1s1a1ExcD0Y3lgru+RoAZq4vjaRY -CLFv9o3r3R5RFFlkglmvKQ0S1ROY6VI9yvMO43YjZf8 --> ssh-ed25519 bgFypQ 6YB0i3QUbaAbTim7e+KSBYUUCRLCbrE+Tg9iW8MG/Uw -EN/o6IgKLUjsNkCNfEeThJZWEmglRis3yWTVWkq0ATg ---- 6oBNTwtiKyo7lhARYSWj1t3pudr+m5ESdA95+Ij3orc -6TB#gX4QUJV(32ZɟD縪 /&9 - ssh-ed25519 SFHVrw iq1lz1cbf7HgkH5Iglb9j9JChuJQALY3JPltoh0DcR4 -xHJ4UsmFymFb7f5mGR6Yj8GGqKQRmD8YLdqYv8wxJMU --> ssh-ed25519 S+dwQQ wKenvkV4uWqPHN4PNBZ+hQhmtQwULS/Vft6UDYmeKhs -G6fLhpl3K4S/JREeUBnIPs+XOj1BO0S2pAhrOPeQSvI --> ssh-ed25519 bPbvlw GRzNM9ZIwICpUEjEVl+3Sk4jBKTQ8LxmqLAyaILTUHU -2RLJirofLXeDyvYijMwW5VbDSq6a0iZpCZU7WYtvgFE --> ssh-ed25519 8l76Rg KReunAJWnHAVMs6Se2MvkWtsnHJwyZA1ZXExvxD93zE -xJUkcjqO33R728mU0dmhBnmF45ZkuxXtW0XgwVf74HA ---- aNnE3YE/Oe/IcRUDuoMNNBeaIcEtPfCpy69bZX8TQg8 -}'C=vTЄq -b.Y?4Ye5|Ӱ7A]+3o2 - &'0ؔⰺU -x \ No newline at end of file diff --git a/secrets/vaultwarden.age b/secrets/vaultwarden.age index 2e8452b..26cd857 100644 Binary files a/secrets/vaultwarden.age and b/secrets/vaultwarden.age differ