diff --git a/apps.mod.nix b/apps.mod.nix index 5cfad1b..1c1a439 100644 --- a/apps.mod.nix +++ b/apps.mod.nix @@ -59,7 +59,7 @@ signal-desktop discord obsidian - # calibre # still borked apparently, what the hell # still!!! + # calibre # still borked apparently, what the hell # still!!! libreoffice ]; @@ -70,19 +70,7 @@ terminator = { enable = true; }; - vscode = { - enable = true; - package = pkgs.vscodium; - mutableExtensionsDir = false; - extensions = with pkgs.vscode-extensions; [ - rust-lang.rust-analyzer - tuttieee.emacs-mcx - tamasfe.even-better-toml - vadimcn.vscode-lldb - jnoortheen.nix-ide - mkhl.direnv - ]; - }; + }; } ) diff --git a/cluster/virtualisation.mod.nix b/cluster/virtualisation.mod.nix index 8c4adc4..6cc4d63 100644 --- a/cluster/virtualisation.mod.nix +++ b/cluster/virtualisation.mod.nix @@ -3,22 +3,24 @@ ({ users.users.emv.extraGroups = [ "podman" - # "docker" + # "docker" ]; }) ]; sucrose.modules = [ - /* ({ - virtualisation.docker = { - enable = true; - storageDriver = "btrfs"; - daemon.settings = { - userland-proxy = false; - ipv6 = false; - data-root = "/home/emv/docker-data-root/"; + /* + ({ + virtualisation.docker = { + enable = true; + storageDriver = "btrfs"; + daemon.settings = { + userland-proxy = false; + ipv6 = false; + data-root = "/home/emv/docker-data-root/"; + }; }; - }; - })*/ + }) + */ ( { pkgs, ... }: { diff --git a/dev.mod.nix b/dev.mod.nix index 5d7fd88..2edc461 100644 --- a/dev.mod.nix +++ b/dev.mod.nix @@ -15,6 +15,27 @@ }; } ]; + personal.home_modules = [ + ( + { pkgs, ... }: + { + programs.vscode = { + enable = true; + package = pkgs.vscodium; + mutableExtensionsDir = false; + extensions = with pkgs.vscode-extensions; [ + rust-lang.rust-analyzer + tuttieee.emacs-mcx + tamasfe.even-better-toml + vadimcn.vscode-lldb + jnoortheen.nix-ide + mkhl.direnv + matthewpi.caddyfile-support + ]; + }; + } + ) + ]; personal.modules = [ ( { pkgs, ... }: diff --git a/hardware.mod.nix b/hardware.mod.nix index da9c2f2..c602b51 100644 --- a/hardware.mod.nix +++ b/hardware.mod.nix @@ -43,7 +43,7 @@ in { environment.systemPackages = with pkgs; [ mergerfs ]; hardware.enableRedistributableFirmware = true; - boot.kernelPackages = pkgs.linuxPackages_latest; # hope this doesn't break anything -e + boot.kernelPackages = pkgs.linuxPackages_latest; # hope this doesn't break anything -e networking.useDHCP = lib.mkDefault true; } ) diff --git a/networking/general.mod.nix b/networking/general.mod.nix index 5c7b3da..146cc58 100644 --- a/networking/general.mod.nix +++ b/networking/general.mod.nix @@ -8,7 +8,7 @@ enable = true; plugins = lib.mkForce [ ]; # networkmanager has a shit ton of vpn plugins by default. which we do not care about because we use wireguard. -e }; - systemd.services.NetworkManager-wait-online.enable = false; ## disable networkmanager's waitonline because it fucks up switches + systemd.services.NetworkManager-wait-online.enable = false; # # disable networkmanager's waitonline because it fucks up switches networking.usePredictableInterfaceNames = false; users.users.emv.extraGroups = [ "networkmanager" ]; environment.systemPackages = with pkgs; [ diff --git a/networking/ssh.mod.nix b/networking/ssh.mod.nix index 70ac69e..fcb655a 100644 --- a/networking/ssh.mod.nix +++ b/networking/ssh.mod.nix @@ -16,7 +16,10 @@ ]; fructose.modules = [ { - services.openssh.ports = [ 22 222 ]; + services.openssh.ports = [ + 22 + 222 + ]; } ]; personal.home_modules = [ diff --git a/networking/tailscale.mod.nix b/networking/tailscale.mod.nix index fea15d3..a28e54b 100644 --- a/networking/tailscale.mod.nix +++ b/networking/tailscale.mod.nix @@ -39,11 +39,14 @@ } ]; - /*sucrose.modules = [ - { - services.tailscale.extraSetFlags = [ - "--advertise-exit-node" - ]; - } - ];*/ # this is not needed, currently -e + /* + sucrose.modules = [ + { + services.tailscale.extraSetFlags = [ + "--advertise-exit-node" + ]; + } + ]; + */ + # this is not needed, currently -e } diff --git a/nix.mod.nix b/nix.mod.nix index c993f71..a8c0e5c 100644 --- a/nix.mod.nix +++ b/nix.mod.nix @@ -97,7 +97,7 @@ in ''; }) ]; - # nix.package = pkgs.nix-monitored; + # nix.package = pkgs.nix-monitored; environment.systemPackages = [ pkgs.nixmon ]; programs.nh.enable = true; } @@ -179,39 +179,41 @@ in secretKeyFile = config.sops.secrets.binary-cache-secret.path; }; - /* systemd.timers."auto-update-rebuild" = { - wantedBy = [ "timers.target" ]; - timerConfig = { - OnBootSec = "5m"; - OnUnitInactiveSec = "1h"; - Unit = "auto-update-rebuild.service"; + /* + systemd.timers."auto-update-rebuild" = { + wantedBy = [ "timers.target" ]; + timerConfig = { + OnBootSec = "5m"; + OnUnitInactiveSec = "1h"; + Unit = "auto-update-rebuild.service"; + }; }; - }; - systemd.services."auto-update-rebuild" = { - script = '' - mkdir -p /tmp/auto-update-rebuild && cd /tmp/auto-update-rebuild + systemd.services."auto-update-rebuild" = { + script = '' + mkdir -p /tmp/auto-update-rebuild && cd /tmp/auto-update-rebuild - export PATH=${ - lib.makeBinPath ( - with pkgs; - [ - nix - git - coreutils - ] - ) - } + export PATH=${ + lib.makeBinPath ( + with pkgs; + [ + nix + git + coreutils + ] + ) + } - nix flake update --flake /home/emv/adyya-flake - ''; + nix flake update --flake /home/emv/adyya-flake + ''; - serviceConfig = { - Restart = "on-failure"; - RestartSec = "15m"; - Type = "oneshot"; + serviceConfig = { + Restart = "on-failure"; + RestartSec = "15m"; + Type = "oneshot"; + }; }; - };*/ + */ } ) garbage-collection-module diff --git a/services/forgejo/forgejo.mod.nix b/services/forgejo/forgejo.mod.nix index 81b33a0..5ff2c8b 100644 --- a/services/forgejo/forgejo.mod.nix +++ b/services/forgejo/forgejo.mod.nix @@ -25,7 +25,8 @@ type = "tar.gz"; }; - settings = { # this directly drops stuff in the forgejo app.ini + settings = { + # this directly drops stuff in the forgejo app.ini server = { DOMAIN = "git.collective-conciousness.monster"; PROTOCOL = "http"; diff --git a/services/gts/gts.mod.nix b/services/gts/gts.mod.nix index 6789974..f45add2 100644 --- a/services/gts/gts.mod.nix +++ b/services/gts/gts.mod.nix @@ -42,8 +42,8 @@ cache.memory-target = "500MiB"; ### Web config - # web-template-base-dir = "/var/gts/web/template/"; - # web-asset-base-dir = "/var/gts/web/assets/"; + # web-template-base-dir = "/var/gts/web/template/"; + # web-asset-base-dir = "/var/gts/web/assets/"; ### Instance config instance-languages = [ diff --git a/services/murmur/murmur.mod.nix b/services/murmur/murmur.mod.nix index b9e2ef9..458d342 100644 --- a/services/murmur/murmur.mod.nix +++ b/services/murmur/murmur.mod.nix @@ -1,21 +1,29 @@ { glucose.modules = [ - ({pkgs, config, lib, ...}: { - services.murmur = { - enable = true; + ( + { + pkgs, + config, + lib, + ... + }: + { + services.murmur = { + enable = true; - environmentFile = "${config.sops.templates."murmur.env.secrets.yaml".path}"; - # the environment variables are provided by, evidently, the environment file. - welcometext = "$MURMUR_WELCOME_MESSAGE"; - # registerPassword = "$MURMUR_REGISTRY_PASSWORD"; # removed as we realized we don't actually want it to be a public server. - password = "$MURMUR_LOGIN_PASSWORD"; + environmentFile = "${config.sops.templates."murmur.env.secrets.yaml".path}"; + # the environment variables are provided by, evidently, the environment file. + welcometext = "$MURMUR_WELCOME_MESSAGE"; + # registerPassword = "$MURMUR_REGISTRY_PASSWORD"; # removed as we realized we don't actually want it to be a public server. + password = "$MURMUR_LOGIN_PASSWORD"; - port = 64738; # tcp/udp - this is the default but i'm writing it out as to not have to dig into the declaration every time i need to know which port it is. - openFirewall = true; # this is fine since glucose is not public-facing. otherwise i would prefer to do it through `networking` - registerName = "Adyya's cave of hushed tones"; - registerUrl = "https://mumble.collective-conciousness.monster"; - registerHostname = "mumble.collective-conciousness.mosnter"; # i vaguely know what the difference between these two are but it is a bit strange, i guess. - }; - }) + port = 64738; # tcp/udp - this is the default but i'm writing it out as to not have to dig into the declaration every time i need to know which port it is. + openFirewall = true; # this is fine since glucose is not public-facing. otherwise i would prefer to do it through `networking` + registerName = "Adyya's cave of hushed tones"; + registerUrl = "https://mumble.collective-conciousness.monster"; + registerHostname = "mumble.collective-conciousness.mosnter"; # i vaguely know what the difference between these two are but it is a bit strange, i guess. + }; + } + ) ]; -} \ No newline at end of file +} diff --git a/sops.mod.nix b/sops.mod.nix index 81b8e7c..83fb7f9 100644 --- a/sops.mod.nix +++ b/sops.mod.nix @@ -48,14 +48,17 @@ ''; } ) - ({config, ...}:{ - sops.secrets.murmur_login_password = { }; - sops.secrets.murmur_welcome_message = { }; - sops.templates."murmur.env.secrets.yaml".content = '' - MURMUR_LOGIN_PASSWORD="${config.sops.placeholder."murmur_login_password"}" - MURMUR_WELCOME_MESSAGE="${config.sops.placeholder."murmur_welcome_message"}" - ''; - }) + ( + { config, ... }: + { + sops.secrets.murmur_login_password = { }; + sops.secrets.murmur_welcome_message = { }; + sops.templates."murmur.env.secrets.yaml".content = '' + MURMUR_LOGIN_PASSWORD="${config.sops.placeholder."murmur_login_password"}" + MURMUR_WELCOME_MESSAGE="${config.sops.placeholder."murmur_welcome_message"}" + ''; + } + ) ]; fructose.modules = [ ( @@ -68,7 +71,8 @@ } ) ( - {config, ...}: { + { config, ... }: + { sops.secrets.postgresdb_admin_password = { }; sops.secrets.forgejo_db_pass = { }; sops.templates."postgresdb.env.secrets.yaml".content = ''