diff --git a/_inheritance.mod.nix b/_inheritance.mod.nix index 8d3cca6..caa37ff 100644 --- a/_inheritance.mod.nix +++ b/_inheritance.mod.nix @@ -2,8 +2,7 @@ merge, configs, ... -}: -{ +}: { #capsaicin is a custom-built PC capsaicin = merge configs.universal configs.personal; #menthol is a Lenovo Thinkpad T460s @@ -15,5 +14,4 @@ fructose = merge configs.universal (merge configs.sucrose configs.cluster); #aspartame is a VPS from Contabo aspartame = merge configs.universal configs.cluster; - } diff --git a/adyya-pkgs/adyya_pkgs.mod.nix b/adyya-pkgs/adyya_pkgs.mod.nix index 1330481..e2d40bc 100644 --- a/adyya-pkgs/adyya_pkgs.mod.nix +++ b/adyya-pkgs/adyya_pkgs.mod.nix @@ -1,50 +1,52 @@ { aspartame.modules = [ ( - { pkgs, lib, ... }: { + pkgs, + lib, + ... + }: { nixpkgs.overlays = [ ( - final: prev: - let - caddy-custom = pkgs.callPackage ./caddy-custom.nix { }; - in - let + final: prev: let + caddy-custom = pkgs.callPackage ./caddy-custom.nix {}; + in let # Caddy Layer4 modules l4CaddyModules = lib.lists.map - (name: { - inherit name; - repo = "github.com/mholt/caddy-l4"; - version = "3d22d6da412883875f573ee4ecca3dbb3fdf0fd0"; - }) - [ - "layer4" - "modules/l4proxy" - "modules/l4tls" - "modules/l4proxyprotocol" - ]; - in - { + (name: { + inherit name; + repo = "github.com/mholt/caddy-l4"; + version = "3d22d6da412883875f573ee4ecca3dbb3fdf0fd0"; + }) + [ + "layer4" + "modules/l4proxy" + "modules/l4tls" + "modules/l4proxyprotocol" + ]; + in { caddy-default = caddy-custom; - caddy-base = caddy-custom.withPlugins { caddyModules = [ ]; }; + caddy-base = caddy-custom.withPlugins {caddyModules = [];}; caddy-l4 = caddy-custom.withPlugins { caddyModules = l4CaddyModules; vendorHash = "sha256-Bz2tR1/a2okARCWFEeSEeVUx2mdBe0QKUh5qzKUOF8s="; }; caddy-many = caddy-custom.withPlugins { - caddyModules = [ - { - name = "transform-encoder"; - repo = "github.com/caddyserver/transform-encoder"; - version = "f627fc4f76334b7aef8d4ed8c99c7e2bcf94ac7d"; - } - { - name = "connegmatcher"; - repo = "github.com/mpilhlt/caddy-conneg"; - version = "v0.1.4"; - } - ] ++ l4CaddyModules; + caddyModules = + [ + { + name = "transform-encoder"; + repo = "github.com/caddyserver/transform-encoder"; + version = "f627fc4f76334b7aef8d4ed8c99c7e2bcf94ac7d"; + } + { + name = "connegmatcher"; + repo = "github.com/mpilhlt/caddy-conneg"; + version = "v0.1.4"; + } + ] + ++ l4CaddyModules; vendorHash = "sha256-OjyJdcbLMSvgkHKR4xMF0BgsuA5kdKgDgV+ocuNHUf4="; }; } @@ -52,21 +54,21 @@ ]; } ) - ({ + { nixpkgs.overlays = [ (final: prev: { - gts = final.callPackage ./gts.nix { }; + gts = final.callPackage ./gts.nix {}; }) ]; - }) + } ]; personal.modules = [ - ({ + { nixpkgs.overlays = [ (final: prev: { - beeref = final.callPackage ./beeref.nix { }; # I'M GOING TO TRUNCATE *YOU*, BEEREF. + beeref = final.callPackage ./beeref.nix {}; # I'M GOING TO TRUNCATE *YOU*, BEEREF. }) ]; - }) + } ]; } diff --git a/adyya-pkgs/beeref.nix b/adyya-pkgs/beeref.nix index c8ac990..d392da9 100644 --- a/adyya-pkgs/beeref.nix +++ b/adyya-pkgs/beeref.nix @@ -3,9 +3,7 @@ fetchurl, lib, ... -}: - -let +}: let name = "beeref"; version = "0.3.3"; src = fetchurl { @@ -13,13 +11,13 @@ let hash = "sha256-pavXKtjOvKY2IUPp+UP0v8WkrpPeNEcNDhqoQtFYszo="; }; in -appimageTools.wrapType2 { - inherit name version src; - extraPkgs = pkgs: [ pkgs.python311 ]; - meta = with lib; { - description = "A Simple Reference Image Viewer"; - homepage = "https://github.com/rbreu/beeref"; - license = licenses.gpl3Only; - mainProgram = "beeref"; - }; -} + appimageTools.wrapType2 { + inherit name version src; + extraPkgs = pkgs: [pkgs.python311]; + meta = with lib; { + description = "A Simple Reference Image Viewer"; + homepage = "https://github.com/rbreu/beeref"; + license = licenses.gpl3Only; + mainProgram = "beeref"; + }; + } diff --git a/adyya-pkgs/caddy-custom.nix b/adyya-pkgs/caddy-custom.nix index 0162095..f229d08 100644 --- a/adyya-pkgs/caddy-custom.nix +++ b/adyya-pkgs/caddy-custom.nix @@ -8,8 +8,7 @@ caddy, testers, stdenv, -}: -let +}: let attrsToModule = map (plugin: plugin.repo); attrsToVersionedModule = map ( { @@ -17,7 +16,7 @@ let version, ... }: - lib.escapeShellArg "${repo}@${version}" + lib.escapeShellArg "${repo}@${version}" ); pname = "caddy"; @@ -37,7 +36,7 @@ let hash = "sha256-CBfyqtWp3gYsYwaIxbfXO3AYaBiM7LutLC7uZgYXfkQ="; }; - subPackages = [ "cmd/caddy" ]; + subPackages = ["cmd/caddy"]; ldflags = [ "-s" @@ -46,7 +45,7 @@ let ]; # matches upstream since v2.8.0 - tags = [ "nobadger" ]; + tags = ["nobadger"]; nativeBuildInputs = [ gnused @@ -87,72 +86,71 @@ let ]; }; in -buildGoModule { - inherit - pname - version - src - subPackages - ldflags - tags - nativeBuildInputs - postInstall - meta - ; + buildGoModule { + inherit + pname + version + src + subPackages + ldflags + tags + nativeBuildInputs + postInstall + meta + ; - vendorHash = "sha256-1Api8bBZJ1/oYk4ZGIiwWCSraLzK9L+hsKXkFtk6iVM="; + vendorHash = "sha256-1Api8bBZJ1/oYk4ZGIiwWCSraLzK9L+hsKXkFtk6iVM="; - passthru = { - withPlugins = - { + passthru = { + withPlugins = { caddyModules, vendorHash ? lib.fakeHash, }: - buildGoModule { - pname = "${caddy.pname}-with-plugins"; + buildGoModule { + pname = "${caddy.pname}-with-plugins"; - inherit - version - src - subPackages - ldflags - tags - nativeBuildInputs - postInstall - meta - ; + inherit + version + src + subPackages + ldflags + tags + nativeBuildInputs + postInstall + meta + ; - modBuildPhase = '' - for module in ${toString (attrsToModule caddyModules)}; do - sed -i "/standard/a _ \"$module\"" ./cmd/caddy/main.go - done - for plugin in ${toString (attrsToVersionedModule caddyModules)}; do - go get $plugin - done - go mod vendor - ''; + modBuildPhase = '' + for module in ${toString (attrsToModule caddyModules)}; do + sed -i "/standard/a _ \"$module\"" ./cmd/caddy/main.go + done + for plugin in ${toString (attrsToVersionedModule caddyModules)}; do + go get $plugin + done + go mod vendor + ''; - modInstallPhase = '' - mv -t vendor go.mod go.sum - cp -r vendor "$out" - ''; + modInstallPhase = '' + mv -t vendor go.mod go.sum + cp -r vendor "$out" + ''; - preBuild = '' - chmod -R u+w vendor - [ -f vendor/go.mod ] && mv -t . vendor/go.{mod,sum} - for module in ${toString (attrsToModule caddyModules)}; do - sed -i "/standard/a _ \"$module\"" ./cmd/caddy/main.go - done - ''; + preBuild = '' + chmod -R u+w vendor + [ -f vendor/go.mod ] && mv -t . vendor/go.{mod,sum} + for module in ${toString (attrsToModule caddyModules)}; do + sed -i "/standard/a _ \"$module\"" ./cmd/caddy/main.go + done + ''; - inherit vendorHash; - }; - tests = { - inherit (nixosTests) caddy; - version = testers.testVersion { - command = "${caddy}/bin/caddy version"; - package = caddy; + inherit vendorHash; + }; + tests = { + inherit (nixosTests) caddy; + version = testers.testVersion { + command = "${caddy}/bin/caddy version"; + package = caddy; + }; }; }; - }; -} + } diff --git a/adyya-pkgs/gts.nix b/adyya-pkgs/gts.nix index bfe1c85..80195d2 100644 --- a/adyya-pkgs/gts.nix +++ b/adyya-pkgs/gts.nix @@ -4,8 +4,7 @@ fetchFromGitHub, buildGoModule, nixosTests, -}: -let +}: let owner = "superseriousbusiness"; repo = "gotosocial"; @@ -16,63 +15,61 @@ let hash = "sha256-85CmcWjcX8a+hZxkyRTfXErmkIx64R2scaaS2Fpf668="; }; in -buildGoModule rec { - inherit version; - pname = repo; + buildGoModule rec { + inherit version; + pname = repo; - src = fetchFromGitHub { - inherit owner repo; - rev = "refs/tags/v${version}"; - hash = "sha256-ql0tDaMc/1NgsLUpPHZB6GoXJj9DwUpadTX3AYufR/o="; - }; + src = fetchFromGitHub { + inherit owner repo; + rev = "refs/tags/v${version}"; + hash = "sha256-ql0tDaMc/1NgsLUpPHZB6GoXJj9DwUpadTX3AYufR/o="; + }; - vendorHash = null; + vendorHash = null; - ldflags = [ - "-s" - "-w" - "-X main.Version=${version}" - ]; + ldflags = [ + "-s" + "-w" + "-X main.Version=${version}" + ]; - tags = [ - "kvformat" - ]; + tags = [ + "kvformat" + ]; - postInstall = '' - tar xf ${web-assets} - mkdir -p $out/share/gotosocial - mv web $out/share/gotosocial/ - ''; + postInstall = '' + tar xf ${web-assets} + mkdir -p $out/share/gotosocial + mv web $out/share/gotosocial/ + ''; - # tests are working only on x86_64-linux - # doCheck = stdenv.hostPlatform.isLinux && stdenv.hostPlatform.isx86_64; - # checks are currently very unstable in our setup, so we should test manually for now - doCheck = false; + # tests are working only on x86_64-linux + # doCheck = stdenv.hostPlatform.isLinux && stdenv.hostPlatform.isx86_64; + # checks are currently very unstable in our setup, so we should test manually for now + doCheck = false; - checkFlags = - let + checkFlags = let # flaky / broken tests skippedTests = [ # See: https://github.com/superseriousbusiness/gotosocial/issues/2651 "TestPage/minID,_maxID_and_limit_set" ]; - in - [ "-skip=^${builtins.concatStringsSep "$|^" skippedTests}$" ]; + in ["-skip=^${builtins.concatStringsSep "$|^" skippedTests}$"]; - passthru.tests.gotosocial = nixosTests.gotosocial; + passthru.tests.gotosocial = nixosTests.gotosocial; - meta = with lib; { - homepage = "https://gotosocial.org"; - changelog = "https://github.com/superseriousbusiness/gotosocial/releases/tag/v${version}"; - description = "Fast, fun, ActivityPub server, powered by Go"; - longDescription = '' - ActivityPub social network server, written in Golang. - You can keep in touch with your friends, post, read, and - share images and articles. All without being tracked or - advertised to! A light-weight alternative to Mastodon - and Pleroma, with support for clients! - ''; - maintainers = with maintainers; [ blakesmith ]; - license = licenses.agpl3Only; - }; -} + meta = with lib; { + homepage = "https://gotosocial.org"; + changelog = "https://github.com/superseriousbusiness/gotosocial/releases/tag/v${version}"; + description = "Fast, fun, ActivityPub server, powered by Go"; + longDescription = '' + ActivityPub social network server, written in Golang. + You can keep in touch with your friends, post, read, and + share images and articles. All without being tracked or + advertised to! A light-weight alternative to Mastodon + and Pleroma, with support for clients! + ''; + maintainers = with maintainers; [blakesmith]; + license = licenses.agpl3Only; + }; + } diff --git a/apps.mod.nix b/apps.mod.nix index 1c1a439..233cdfc 100644 --- a/apps.mod.nix +++ b/apps.mod.nix @@ -1,9 +1,7 @@ -{ vscode-server, ... }: -{ +{vscode-server, ...}: { universal.home_modules = [ ( - { pkgs, ... }: - { + {pkgs, ...}: { home.packages = with pkgs; [ ps wget @@ -42,16 +40,14 @@ ]; personal.modules = [ ( - { pkgs, ... }: - { - users.users.emv.extraGroups = [ "video" ]; + {pkgs, ...}: { + users.users.emv.extraGroups = ["video"]; } ) ]; personal.home_modules = [ ( - { pkgs, ... }: - { + {pkgs, ...}: { home.packages = with pkgs; [ emulsion ffmpeg @@ -70,7 +66,6 @@ terminator = { enable = true; }; - }; } ) @@ -81,8 +76,7 @@ ]; capsaicin.home_modules = [ ( - { pkgs, ... }: - { + {pkgs, ...}: { home.packages = with pkgs; [ cryptsetup keepassxc diff --git a/art.mod.nix b/art.mod.nix index 7371ef3..344fbb2 100644 --- a/art.mod.nix +++ b/art.mod.nix @@ -1,9 +1,7 @@ { - capsaicin.home_modules = [ ( - { pkgs, ... }: - { + {pkgs, ...}: { home.packages = with pkgs; [ blender # this is because capsaicin is the only one of the two who can take rendering something without starting a forest fire ]; @@ -12,8 +10,7 @@ ]; personal.home_modules = [ ( - { pkgs, ... }: - { + {pkgs, ...}: { home.packages = with pkgs; [ krita inkscape @@ -26,5 +23,4 @@ } ) ]; - } diff --git a/audio.mod.nix b/audio.mod.nix index 2ff0549..3cef3b7 100644 --- a/audio.mod.nix +++ b/audio.mod.nix @@ -14,8 +14,7 @@ ]; personal.home_modules = [ ( - { pkgs, ... }: - { + {pkgs, ...}: { home.packages = with pkgs; [ pwvucontrol pw-volume diff --git a/cluster/cluster-firewall.mod.nix b/cluster/cluster-firewall.mod.nix index b0f67cc..0635522 100644 --- a/cluster/cluster-firewall.mod.nix +++ b/cluster/cluster-firewall.mod.nix @@ -7,7 +7,7 @@ # 2380 # idem peers # 4240 # cilium health checks # 6443 # k3s server - # + # # 10250 # kumetrics server # ]; # allowedUDPPorts = [ diff --git a/cluster/kernel.mod.nix b/cluster/kernel.mod.nix index 71909e5..2572fec 100644 --- a/cluster/kernel.mod.nix +++ b/cluster/kernel.mod.nix @@ -1,8 +1,11 @@ { cluster-testing.modules = [ ( - { pkgs, lib, ... }: { + pkgs, + lib, + ... + }: { boot.kernelPatches = [ { name = "eBPF-cilium"; @@ -14,7 +17,7 @@ BPF_JIT y NET_CLS_ACT y NET_SCH_INGRESS y - CRYPTO_SHA1 y + CRYPTO_SHA1 y CRYPTO_USER_API_HASH y CGROUPS y CGROUP_BPF y diff --git a/cluster/kubernetes.mod.nix b/cluster/kubernetes.mod.nix index b171acb..80c8f46 100644 --- a/cluster/kubernetes.mod.nix +++ b/cluster/kubernetes.mod.nix @@ -1,45 +1,45 @@ { cluster-testing.modules = [ - ({ + { /* - services.k3s = { # just hogging resources at this moment - enable = true; - role = "server"; - # token = ""; # Agent nodes are joined to the master node using a node-token which can be found on the master node at /var/lib/rancher/k3s/server/node-token. - clusterInit = true; - # allegedly you need different configs for non-starting nodes, including the ip of a server. you should handle this within nix, preferrably -e - # allegedly: " If you are configuring an HA cluster with an embedded etcd, the 1st server must have clusterInit = true and other servers must connect to it using serverAddr. " # I think you can get around this kinda by pointing to a domain, so that if the server with the address specified in the config fails, others take the request. i am not sure about the details of the implementation - i.e how to do it without giving authority to a specific node. This is more of a theoretical problem, i think, since this only matters when a node starts up and gets to be part of the cluster - after it's included i'm pretty sure it would be fine? Might need to do some testing -e - # this kinda makes sense? like otherwise how would the new clusters know where to connect to ? Because it uses raft, the serverAddr doesn't necessarily have to be the one with clusterInit, as, according to the Raft specification, calls to followers get forwarded to the leader node. -e - extraFlags = [ - # "--flannel-backend none" - # "--disable-network-policy" - # "--no-deploy traefik" - ]; # --flannel-backend-none and --disable-network-policy prepare the cluster for cillium, which, as far as i can see, i need to install imperatively because it isn't a service or packaged within nixpkgs. The command used is `cilium install --version 1.x.x --set=ipam.operator.clusterPoolIPv4PodCIDRList="10.42.0.0/16"`,replace the x's with whatever version you need, as of 2024.09.20 1.16.1 is the latest (released on the 14th of August 2024, according to their github). Godspeed to future addy if we decide to do package it ourselves or something. -e - # configPath = ./k3s.yaml; - }; # decided to try stock kubernetes since k3s doesn't seem to be working as i intend --- a week later --- YOU BUMBLING MORON YOU ARE ON UNSTABLE AND YOU WERE LOOKING AT 24.05 DOCS - /* - services.kubernetes = { - # flannel.enable = false; - roles = [ "master" "node" ]; - masterAddress = "10.12.96.4"; - #apiserverAddress = "10.12.96.4:6443"; - kubelet = { - enable = true; - extraOpts = "--fail-swap-on=false"; - }; - scheduler.enable = true; - apiserver ={ - enable = true; - advertiseAddress = "10.12.96.4"; - securePort = 6443; - }; - easyCerts = true; - pki.enable = true; - addons.dns.enable = true; - controllerManager.enable = true; - addonManager.enable = true; - }; #chat is this factual + services.k3s = { # just hogging resources at this moment + enable = true; + role = "server"; + # token = ""; # Agent nodes are joined to the master node using a node-token which can be found on the master node at /var/lib/rancher/k3s/server/node-token. + clusterInit = true; + # allegedly you need different configs for non-starting nodes, including the ip of a server. you should handle this within nix, preferrably -e + # allegedly: " If you are configuring an HA cluster with an embedded etcd, the 1st server must have clusterInit = true and other servers must connect to it using serverAddr. " # I think you can get around this kinda by pointing to a domain, so that if the server with the address specified in the config fails, others take the request. i am not sure about the details of the implementation - i.e how to do it without giving authority to a specific node. This is more of a theoretical problem, i think, since this only matters when a node starts up and gets to be part of the cluster - after it's included i'm pretty sure it would be fine? Might need to do some testing -e + # this kinda makes sense? like otherwise how would the new clusters know where to connect to ? Because it uses raft, the serverAddr doesn't necessarily have to be the one with clusterInit, as, according to the Raft specification, calls to followers get forwarded to the leader node. -e + extraFlags = [ + # "--flannel-backend none" + # "--disable-network-policy" + # "--no-deploy traefik" + ]; # --flannel-backend-none and --disable-network-policy prepare the cluster for cillium, which, as far as i can see, i need to install imperatively because it isn't a service or packaged within nixpkgs. The command used is `cilium install --version 1.x.x --set=ipam.operator.clusterPoolIPv4PodCIDRList="10.42.0.0/16"`,replace the x's with whatever version you need, as of 2024.09.20 1.16.1 is the latest (released on the 14th of August 2024, according to their github). Godspeed to future addy if we decide to do package it ourselves or something. -e + # configPath = ./k3s.yaml; + }; # decided to try stock kubernetes since k3s doesn't seem to be working as i intend --- a week later --- YOU BUMBLING MORON YOU ARE ON UNSTABLE AND YOU WERE LOOKING AT 24.05 DOCS + /* + services.kubernetes = { + # flannel.enable = false; + roles = [ "master" "node" ]; + masterAddress = "10.12.96.4"; + #apiserverAddress = "10.12.96.4:6443"; + kubelet = { + enable = true; + extraOpts = "--fail-swap-on=false"; + }; + scheduler.enable = true; + apiserver ={ + enable = true; + advertiseAddress = "10.12.96.4"; + securePort = 6443; + }; + easyCerts = true; + pki.enable = true; + addons.dns.enable = true; + controllerManager.enable = true; + addonManager.enable = true; + }; #chat is this factual */ - }) + } ]; } diff --git a/cluster/packages.mod.nix b/cluster/packages.mod.nix index 6a3ffd7..ac74d87 100644 --- a/cluster/packages.mod.nix +++ b/cluster/packages.mod.nix @@ -1,8 +1,7 @@ { cluster-testing.modules = [ ( - { pkgs, ... }: - { + {pkgs, ...}: { environment.systemPackages = with pkgs; [ clang # this is for cilium llvm_18 # idem diff --git a/cluster/virtualisation.mod.nix b/cluster/virtualisation.mod.nix index 42fdd0b..5329782 100644 --- a/cluster/virtualisation.mod.nix +++ b/cluster/virtualisation.mod.nix @@ -1,16 +1,15 @@ { cluster.modules = [ - ({ + { users.users.emv.extraGroups = [ "podman" ]; - }) + } ]; sucrose.modules = [ ( - { pkgs, ... }: - { - environment.systemPackages = [ pkgs.podman-compose ]; + {pkgs, ...}: { + environment.systemPackages = [pkgs.podman-compose]; virtualisation = { containers.enable = true; podman = { diff --git a/dev.mod.nix b/dev.mod.nix index 2edc461..f65a19e 100644 --- a/dev.mod.nix +++ b/dev.mod.nix @@ -17,8 +17,7 @@ ]; personal.home_modules = [ ( - { pkgs, ... }: - { + {pkgs, ...}: { programs.vscode = { enable = true; package = pkgs.vscodium; @@ -38,12 +37,9 @@ ]; personal.modules = [ ( - { pkgs, ... }: - { - environment.systemPackages = - with pkgs; - [ - ]; + {pkgs, ...}: { + environment.systemPackages = with pkgs; [ + ]; programs = { direnv = { enable = true; diff --git a/emacs.mod.nix b/emacs.mod.nix index 8dde7d6..d9a79b3 100644 --- a/emacs.mod.nix +++ b/emacs.mod.nix @@ -1,8 +1,7 @@ { personal.home_modules = [ ( - { pkgs, ... }: - { + {pkgs, ...}: { home.packages = with pkgs; [ mupdf ]; @@ -61,7 +60,7 @@ ;; If you prefer you can use `obsidian-insert-link' ("C-c C-l" . obsidian-insert-wikilink))) - ;; obsidian hydra + ;; obsidian hydra (bind-key (kbd "C-c M-o") 'obsidian-hydra/body 'obsidian-mode-map) ''; }; diff --git a/flake.nix b/flake.nix index 37cae75..269c870 100644 --- a/flake.nix +++ b/flake.nix @@ -24,44 +24,43 @@ #niri.url = "github:sodiboo/niri-flake"; }; - outputs = - { - self, - nixpkgs, - ... - }@inputs: - with nixpkgs.lib; - let + outputs = { + self, + nixpkgs, + ... + } @ inputs: + with nixpkgs.lib; let match = flip getAttr; - read_dir_recursively = - dir: + read_dir_recursively = dir: concatMapAttrs ( this: - match { - directory = mapAttrs' (subpath: nameValuePair "${this}/${subpath}") ( - read_dir_recursively "${dir}/${this}" - ); - regular = { - ${this} = "${dir}/${this}"; - }; - symlink = { }; - } + match { + directory = mapAttrs' (subpath: nameValuePair "${this}/${subpath}") ( + read_dir_recursively "${dir}/${this}" + ); + regular = { + ${this} = "${dir}/${this}"; + }; + symlink = {}; + } ) (builtins.readDir dir); # `const` helper function is used extensively: the function is constant in regards to the name of the attribute. - params = inputs // { - configs = raw_configs; - molecules = { - # number via perfect squares for now, start from 15 squared for personal and 2 squared for others (use primes afterwards, in the same way) - capsaicin = 225; # pc - menthol = 196; # laptop - glucose = 4; # minipc functioning as server node - fructose = 9; # idem - aspartame = 16; # VPS + params = + inputs + // { + configs = raw_configs; + molecules = { + # number via perfect squares for now, start from 15 squared for personal and 2 squared for others (use primes afterwards, in the same way) + capsaicin = 225; # pc + menthol = 196; # laptop + glucose = 4; # minipc functioning as server node + fructose = 9; # idem + aspartame = 16; # VPS + }; + inherit merge extras; }; - inherit merge extras; - }; # It is important to note, that when adding a new `.mod.nix` file, you need to run `git add` on the file. # If you don't, the file will not be included in the flake, and the modules defined within will not be loaded. @@ -73,11 +72,10 @@ (mapAttrs (const (flip toFunction params))) ]; - merge = - prev: this: + merge = prev: this: { - modules = prev.modules or [ ] ++ this.modules or [ ]; - home_modules = prev.home_modules or [ ] ++ this.home_modules or [ ]; + modules = prev.modules or [] ++ this.modules or []; + home_modules = prev.home_modules or [] ++ this.home_modules or []; } // (optionalAttrs (prev ? system || this ? system) { system = prev.system or this.system; @@ -85,27 +83,35 @@ all_modules = attrValues (read_all_modules "${self}"); - raw_configs' = builtins.zipAttrsWith ( - machine: if machine == "extras" then mergeAttrsList else builtins.foldl' merge { } - ) all_modules; + raw_configs' = + builtins.zipAttrsWith ( + machine: + if machine == "extras" + then mergeAttrsList + else builtins.foldl' merge {} + ) + all_modules; - raw_configs = builtins.removeAttrs raw_configs' [ "extras" ]; + raw_configs = builtins.removeAttrs raw_configs' ["extras"]; - extras = raw_configs'.extras or { }; + extras = raw_configs'.extras or {}; - configs = builtins.mapAttrs (const ( - config: - nixpkgs.lib.nixosSystem { - inherit (config) system; - modules = config.modules ++ [ - { - _module.args.home_modules = config.home_modules; + configs = + builtins.mapAttrs (const ( + config: + nixpkgs.lib.nixosSystem { + inherit (config) system; + modules = + config.modules + ++ [ + { + _module.args.home_modules = config.home_modules; + } + ]; } - ]; - } - )) raw_configs; - in - { + )) + raw_configs; + in { # for use in nix repl p = s: builtins.trace "\n\n${s}\n" "---"; @@ -113,14 +119,15 @@ nixosConfigurations = builtins.mapAttrs (name: const configs.${name}) params.molecules; # This is useful to rebuild all systems at once, for substitution - all-systems = nixpkgs.legacyPackages.x86_64-linux.runCommand "all-systems" { } ( + all-systems = nixpkgs.legacyPackages.x86_64-linux.runCommand "all-systems" {} ( '' mkdir $out '' + (builtins.concatStringsSep "\n" ( mapAttrsToList (name: config: '' ln -s ${config.config.system.build.toplevel} $out/${name} - '') self.nixosConfigurations + '') + self.nixosConfigurations )) ); }; diff --git a/fonts.mod.nix b/fonts.mod.nix index 25ddc69..065c9ed 100644 --- a/fonts.mod.nix +++ b/fonts.mod.nix @@ -1,8 +1,7 @@ { personal.modules = [ ( - { pkgs, ... }: - { + {pkgs, ...}: { fonts.packages = with pkgs; [ noto-fonts noto-fonts-cjk-sans diff --git a/games.mod.nix b/games.mod.nix index 81042e5..e48d368 100644 --- a/games.mod.nix +++ b/games.mod.nix @@ -1,8 +1,7 @@ { personal.modules = [ ( - { pkgs, ... }: - { + {pkgs, ...}: { programs.steam = { enable = true; extraCompatPackages = with pkgs; [ @@ -15,8 +14,7 @@ personal.home_modules = [ ( - { pkgs, ... }: - { + {pkgs, ...}: { home.packages = with pkgs; [ lutris heroic diff --git a/hardware.mod.nix b/hardware.mod.nix index c602b51..2eab603 100644 --- a/hardware.mod.nix +++ b/hardware.mod.nix @@ -1,154 +1,158 @@ -{ nixos-hardware, ... }: -let +{nixos-hardware, ...}: let config = name: system: additional: { inherit name; value = { inherit system; - modules = [ - { - networking.hostName = name; - nixpkgs.hostPlatform = system; - } - ] ++ additional; + modules = + [ + { + networking.hostName = name; + nixpkgs.hostPlatform = system; + } + ] + ++ additional; }; }; filesystem = fsType: path: device: options: { - fileSystems.${path} = { - inherit device fsType; - } // (if options == null then { } else { inherit options; }); + fileSystems.${path} = + { + inherit device fsType; + } + // ( + if options == null + then {} + else {inherit options;} + ); }; fs.mergerfs = filesystem "fuse.mergerfs"; fs.btrfs = filesystem "btrfs"; fs.ext4 = filesystem "ext4"; fs.vfat = filesystem "vfat"; - swap = device: { swapDevices = [ { inherit device; } ]; }; + swap = device: {swapDevices = [{inherit device;}];}; - cpu = brand: { hardware.cpu.${brand}.updateMicrocode = true; }; - qemu = - { modulesPath, ... }: - { - imports = [ "${modulesPath}/profiles/qemu-guest.nix" ]; - }; + cpu = brand: {hardware.cpu.${brand}.updateMicrocode = true;}; + qemu = {modulesPath, ...}: { + imports = ["${modulesPath}/profiles/qemu-guest.nix"]; + }; in -{ - universal.modules = [ - ( - { - pkgs, - lib, - ... - }: - { - environment.systemPackages = with pkgs; [ mergerfs ]; - hardware.enableRedistributableFirmware = true; - boot.kernelPackages = pkgs.linuxPackages_latest; # hope this doesn't break anything -e - networking.useDHCP = lib.mkDefault true; - } - ) - ]; + { + universal.modules = [ + ( + { + pkgs, + lib, + ... + }: { + environment.systemPackages = with pkgs; [mergerfs]; + hardware.enableRedistributableFirmware = true; + boot.kernelPackages = pkgs.linuxPackages_latest; # hope this doesn't break anything -e + networking.useDHCP = lib.mkDefault true; + } + ) + ]; - personal.modules = [ - { - services.fwupd.enable = true; - } - ]; -} -// builtins.listToAttrs [ - (config "capsaicin" "x86_64-linux" [ - (cpu "intel") - (fs.btrfs "/" "/dev/disk/by-uuid/a1a32f8b-847c-4349-8743-05d25950db1d" null) - (fs.btrfs "/mnt/hdd1tb" "/dev/disk/by-uuid/1b1451cd-89ce-4daa-afdb-37ceecbb9484" null) - (fs.ext4 "/mnt/hdd500gb" "/dev/disk/by-uuid/d7a35003-4b60-4a5e-b87a-af7c18eefe04" null) - (fs.vfat "/boot" "/dev/disk/by-uuid/5C2E-B6F1" null) - (swap "/dev/disk/by-uuid/16f09a9c-74ef-4a32-b9c0-d3948d76f3a0") - { - boot.loader.systemd-boot.enable = true; - zramSwap.enable = true; - boot.initrd.kernelModules = [ ]; - boot.initrd.availableKernelModules = [ - "xhci_pci" - "ahci" - "usbhid" - "sd_mod" - ]; - boot.kernelModules = [ - "usbmon" - "v4l2loopback" - ]; - boot.extraModulePackages = [ ]; - } - ]) - (config "menthol" "x86_64-linux" [ - (cpu "intel") - (fs.btrfs "/" "/dev/disk/by-uuid/1a254d99-6480-4557-b3e8-e8ee745f5832" null) - (swap "/dev/disk/by-uuid/455a7c78-fdc3-4dbb-b9f2-9518d960191b") - { - boot.loader.grub.enable = true; - boot.loader.grub.device = "/dev/sda"; - boot.initrd.kernelModules = [ ]; - boot.initrd.availableKernelModules = [ - "xhci_pci" - "ahci" - "sd_mod" - "rtsx_pci_sdmmc" - ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - } - ]) - (config "glucose" "x86_64-linux" [ - (cpu "intel") - (fs.btrfs "/" "/dev/disk/by-uuid/abbb549e-19b4-4855-b3c7-0b81ab784b74" null) - (swap "/dev/disk/by-uuid/dc948ee6-94fb-49b2-94d4-317aa41f1a9d") - { - boot.loader.grub.enable = true; - boot.loader.grub.device = "/dev/sda"; - boot.initrd.kernelModules = [ ]; - boot.initrd.availableKernelModules = [ - "xhci_pci" - "ehci_pci" - "ahci" - "sd_mod" - ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - } - ]) - (config "fructose" "x86_64-linux" [ - (cpu "intel") - (fs.btrfs "/" "/dev/disk/by-uuid/e1b611e6-485f-4c2e-81fa-2fbcb3a7f1ba" null) - (swap "/dev/disk/by-uuid/83c561a1-08b9-4b48-bdfc-102098fd2059") - { - boot.loader.grub.enable = true; - boot.loader.grub.device = "/dev/sda"; - boot.initrd.kernelModules = [ ]; - boot.initrd.availableKernelModules = [ - "xhci_pci" - "ehci_pci" - "ahci" - "sd_mod" - ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - } - ]) - (config "aspartame" "x86_64-linux" [ - qemu - (fs.ext4 "/" "/dev/disk/by-uuid/2def7bee-b1e3-49ea-b46c-33f272aaa5b2" null) - { - boot.tmp.cleanOnBoot = true; - zramSwap.enable = true; - boot.loader.grub.device = "/dev/sda"; - boot.initrd.availableKernelModules = [ - "ata_piix" - "uhci_hcd" - "virtio_pci" - "virtio_scsi" - "sd_mod" - ]; - boot.initrd.kernelModules = [ ]; - } - ]) -] + personal.modules = [ + { + services.fwupd.enable = true; + } + ]; + } + // builtins.listToAttrs [ + (config "capsaicin" "x86_64-linux" [ + (cpu "intel") + (fs.btrfs "/" "/dev/disk/by-uuid/a1a32f8b-847c-4349-8743-05d25950db1d" null) + (fs.btrfs "/mnt/hdd1tb" "/dev/disk/by-uuid/1b1451cd-89ce-4daa-afdb-37ceecbb9484" null) + (fs.ext4 "/mnt/hdd500gb" "/dev/disk/by-uuid/d7a35003-4b60-4a5e-b87a-af7c18eefe04" null) + (fs.vfat "/boot" "/dev/disk/by-uuid/5C2E-B6F1" null) + (swap "/dev/disk/by-uuid/16f09a9c-74ef-4a32-b9c0-d3948d76f3a0") + { + boot.loader.systemd-boot.enable = true; + zramSwap.enable = true; + boot.initrd.kernelModules = []; + boot.initrd.availableKernelModules = [ + "xhci_pci" + "ahci" + "usbhid" + "sd_mod" + ]; + boot.kernelModules = [ + "usbmon" + "v4l2loopback" + ]; + boot.extraModulePackages = []; + } + ]) + (config "menthol" "x86_64-linux" [ + (cpu "intel") + (fs.btrfs "/" "/dev/disk/by-uuid/1a254d99-6480-4557-b3e8-e8ee745f5832" null) + (swap "/dev/disk/by-uuid/455a7c78-fdc3-4dbb-b9f2-9518d960191b") + { + boot.loader.grub.enable = true; + boot.loader.grub.device = "/dev/sda"; + boot.initrd.kernelModules = []; + boot.initrd.availableKernelModules = [ + "xhci_pci" + "ahci" + "sd_mod" + "rtsx_pci_sdmmc" + ]; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; + } + ]) + (config "glucose" "x86_64-linux" [ + (cpu "intel") + (fs.btrfs "/" "/dev/disk/by-uuid/abbb549e-19b4-4855-b3c7-0b81ab784b74" null) + (swap "/dev/disk/by-uuid/dc948ee6-94fb-49b2-94d4-317aa41f1a9d") + { + boot.loader.grub.enable = true; + boot.loader.grub.device = "/dev/sda"; + boot.initrd.kernelModules = []; + boot.initrd.availableKernelModules = [ + "xhci_pci" + "ehci_pci" + "ahci" + "sd_mod" + ]; + boot.kernelModules = []; + boot.extraModulePackages = []; + } + ]) + (config "fructose" "x86_64-linux" [ + (cpu "intel") + (fs.btrfs "/" "/dev/disk/by-uuid/e1b611e6-485f-4c2e-81fa-2fbcb3a7f1ba" null) + (swap "/dev/disk/by-uuid/83c561a1-08b9-4b48-bdfc-102098fd2059") + { + boot.loader.grub.enable = true; + boot.loader.grub.device = "/dev/sda"; + boot.initrd.kernelModules = []; + boot.initrd.availableKernelModules = [ + "xhci_pci" + "ehci_pci" + "ahci" + "sd_mod" + ]; + boot.kernelModules = []; + boot.extraModulePackages = []; + } + ]) + (config "aspartame" "x86_64-linux" [ + qemu + (fs.ext4 "/" "/dev/disk/by-uuid/2def7bee-b1e3-49ea-b46c-33f272aaa5b2" null) + { + boot.tmp.cleanOnBoot = true; + zramSwap.enable = true; + boot.loader.grub.device = "/dev/sda"; + boot.initrd.availableKernelModules = [ + "ata_piix" + "uhci_hcd" + "virtio_pci" + "virtio_scsi" + "sd_mod" + ]; + boot.initrd.kernelModules = []; + } + ]) + ] diff --git a/home.mod.nix b/home.mod.nix index e0830b3..da7f699 100644 --- a/home.mod.nix +++ b/home.mod.nix @@ -1,16 +1,18 @@ -{ home-manager, ... }: -{ +{home-manager, ...}: { universal.modules = [ home-manager.nixosModules.home-manager ( - { config, pkgs, ... }: { + config, + pkgs, + ... + }: { users.users.emv = { isNormalUser = true; description = "emv"; # shell = pkgs.zsh; # this is scuffed as hell, please, for the love of fuck, make a zsh.mod.nix file sometime # ignoreShellProgramCheck = true; - extraGroups = [ "wheel" ]; + extraGroups = ["wheel"]; }; home-manager = { backupFileExtension = "bak"; @@ -33,34 +35,32 @@ lib, config, ... - }: - { + }: { options.systemd-fuckery = { auto-restart = lib.mkOption { type = lib.types.listOf lib.types.str; - default = [ ]; + default = []; }; }; config = { - home.activation.restartSystemdFuckery = - let - ensureRuntimeDir = "XDG_RUNTIME_DIR=\${XDG_RUNTIME_DIR:-/run/user/$(id -u)}"; + home.activation.restartSystemdFuckery = let + ensureRuntimeDir = "XDG_RUNTIME_DIR=\${XDG_RUNTIME_DIR:-/run/user/$(id -u)}"; - systemctl = "env ${ensureRuntimeDir} ${config.systemd.user.systemctlPath}"; + systemctl = "env ${ensureRuntimeDir} ${config.systemd.user.systemctlPath}"; - each = f: builtins.concatStringsSep "\n" (map f config.systemd-fuckery.auto-restart); - in - lib.mkIf (config.systemd-fuckery.auto-restart != [ ]) ( - lib.hm.dag.entryAfter [ "reloadSystemd" ] '' + each = f: builtins.concatStringsSep "\n" (map f config.systemd-fuckery.auto-restart); + in + lib.mkIf (config.systemd-fuckery.auto-restart != []) ( + lib.hm.dag.entryAfter ["reloadSystemd"] '' systemdStatus=$(${systemctl} --user is-system-running 2>&1 || true) if [[ $systemdStatus == 'running' || $systemdStatus == 'degraded' ]]; then ${ - each (unit: '' - run ${systemctl} --user try-restart ${unit}.service - '') - } + each (unit: '' + run ${systemctl} --user try-restart ${unit}.service + '') + } else echo "User systemd daemon not running. Skipping reload." fi diff --git a/locale.mod.nix b/locale.mod.nix index 8250550..136ee01 100644 --- a/locale.mod.nix +++ b/locale.mod.nix @@ -1,16 +1,19 @@ { universal.modules = [ - ({ + { time.timeZone = "Europe/Bucharest"; i18n.defaultLocale = "en_US.UTF-8"; - }) + } ( - { pkgs, lib, ... }: { + pkgs, + lib, + ... + }: { services.xserver.xkb.extraLayouts = { rulemak = { description = "Rulemak, Colemak based Russian phonetic layout"; - languages = [ "ru" ]; + languages = ["ru"]; symbolsFile = pkgs.fetchurl { url = "https://geert.hendrickx.be/colemak/rulemak.xkb"; hash = "sha256-S91aAlOllcpw9NWYf/vkZksfe4miZgx3BahswPWDWhU="; diff --git a/nerd.mod.nix b/nerd.mod.nix index eca26bb..96abd40 100644 --- a/nerd.mod.nix +++ b/nerd.mod.nix @@ -1,8 +1,7 @@ { personal.home_modules = [ ( - { pkgs, ... }: - { + {pkgs, ...}: { home.packages = with pkgs; [ geogebra6 # geogebra5 currently does not work? gimp diff --git a/networking/firewall.mod.nix b/networking/firewall.mod.nix index 43903d1..d952102 100644 --- a/networking/firewall.mod.nix +++ b/networking/firewall.mod.nix @@ -9,7 +9,7 @@ fructose.modules = [ { networking.firewall = { - allowedUDPPorts = [ ]; + allowedUDPPorts = []; allowedTCPPorts = [ 3000 # forgejo http 222 # forgejo ssh @@ -32,7 +32,7 @@ ]; aspartame.modules = [ - ({ + { services.fail2ban.enable = true; networking.firewall = { interfaces.eth0.allowedTCPPorts = [ @@ -45,6 +45,6 @@ 64738 # murmur udp ]; }; - }) + } ]; } diff --git a/networking/general.mod.nix b/networking/general.mod.nix index 146cc58..0e2c324 100644 --- a/networking/general.mod.nix +++ b/networking/general.mod.nix @@ -2,15 +2,18 @@ # networking? I sure hope it is. (It was not) universal.modules = [ ( - { pkgs, lib, ... }: { + pkgs, + lib, + ... + }: { networking.networkmanager = { enable = true; - plugins = lib.mkForce [ ]; # networkmanager has a shit ton of vpn plugins by default. which we do not care about because we use wireguard. -e + plugins = lib.mkForce []; # networkmanager has a shit ton of vpn plugins by default. which we do not care about because we use wireguard. -e }; systemd.services.NetworkManager-wait-online.enable = false; # # disable networkmanager's waitonline because it fucks up switches networking.usePredictableInterfaceNames = false; - users.users.emv.extraGroups = [ "networkmanager" ]; + users.users.emv.extraGroups = ["networkmanager"]; environment.systemPackages = with pkgs; [ busybox tcpdump @@ -26,13 +29,12 @@ personal.modules = [ ( - { pkgs, ... }: - { + {pkgs, ...}: { environment.systemPackages = with pkgs; [ toybox ]; programs.wireshark.enable = true; - users.users.emv.extraGroups = [ "wireshark" ]; + users.users.emv.extraGroups = ["wireshark"]; } ) ]; @@ -54,8 +56,7 @@ ]; glucose.modules = [ ( - { ... }: - { + {...}: { networking = { interfaces.eth0.ipv4.addresses = [ { @@ -74,8 +75,7 @@ fructose.modules = [ ( - { ... }: - { + {...}: { networking = { interfaces.eth0.ipv4.addresses = [ { @@ -94,8 +94,7 @@ capsaicin.modules = [ ( - { config, ... }: - { + {config, ...}: { networking.resolvconf.enable = false; networking = { interfaces.eth0.ipv4.addresses = [ @@ -110,54 +109,54 @@ }; }; /* - networking.networkmanager = { # should probably figure out a way to get the default wireless interface? -e --- https://www.networkmanager.dev/docs/api/latest/nm-settings-nmcli.html Godsend - ensureProfiles = { - environmentFiles = [ "${config.sops.templates."networkmanager.env.secrets.yaml".path}" ]; - profiles = { - home-wifi = { - connection = { - id = "home-wifi"; - permissions = ""; - type = "wifi"; - interface-name = "wlp4s0"; - }; - ipv4 = { - method = "manual"; - ignore-auto-dns = true; - addresses = "192.168.88.170/24, 10.12.96.226/24"; - }; - ipv6.method = "disabled"; - wifi = { - mode = "infrastructure"; - ssid = "$HOME1_SSID"; - }; - wifi-security = { - auth-alg = "open"; - key-mgmt = "wpa-psk"; - psk = "$HOME1_PSK"; - }; + networking.networkmanager = { # should probably figure out a way to get the default wireless interface? -e --- https://www.networkmanager.dev/docs/api/latest/nm-settings-nmcli.html Godsend + ensureProfiles = { + environmentFiles = [ "${config.sops.templates."networkmanager.env.secrets.yaml".path}" ]; + profiles = { + home-wifi = { + connection = { + id = "home-wifi"; + permissions = ""; + type = "wifi"; + interface-name = "wlp4s0"; }; - home1eth = { - connection = { - id = "home1eth"; - permissions = ""; - type = "ethernet"; - interface-name = "enp5s0"; - }; - ipv4 = { - method = "manual"; - ignore-auto-dns = true; - addresses = "192.168.88.169/24, 10.12.96.225/24"; - }; - ipv6.method = "disabled"; - ethernet = { - auto-negotiate = true; - mtu = "auto"; - }; + ipv4 = { + method = "manual"; + ignore-auto-dns = true; + addresses = "192.168.88.170/24, 10.12.96.226/24"; + }; + ipv6.method = "disabled"; + wifi = { + mode = "infrastructure"; + ssid = "$HOME1_SSID"; + }; + wifi-security = { + auth-alg = "open"; + key-mgmt = "wpa-psk"; + psk = "$HOME1_PSK"; + }; + }; + home1eth = { + connection = { + id = "home1eth"; + permissions = ""; + type = "ethernet"; + interface-name = "enp5s0"; + }; + ipv4 = { + method = "manual"; + ignore-auto-dns = true; + addresses = "192.168.88.169/24, 10.12.96.225/24"; + }; + ipv6.method = "disabled"; + ethernet = { + auto-negotiate = true; + mtu = "auto"; }; }; }; }; + }; */ # this doesn't work, for reasons unknown, so i'm commenting it out -e } @@ -166,8 +165,7 @@ menthol.modules = [ ( - { config, ... }: - { + {config, ...}: { hardware.bluetooth = { enable = true; # menthol is the only computer that actually has a bluetooth module. powerOnBoot = true; # this will kill the battery, beware. @@ -175,7 +173,7 @@ networking.networkmanager = { # should probably figure out a way to get the default wireless interface? ensureProfiles = { - environmentFiles = [ "${config.sops.templates."networkmanager.env.secrets.yaml".path}" ]; + environmentFiles = ["${config.sops.templates."networkmanager.env.secrets.yaml".path}"]; profiles = { home2wireless = { connection = { diff --git a/networking/ssh.mod.nix b/networking/ssh.mod.nix index fcb655a..9fd90c2 100644 --- a/networking/ssh.mod.nix +++ b/networking/ssh.mod.nix @@ -1,10 +1,10 @@ { universal.modules = [ - ({ + { services.openssh = { enable = true; settings.PasswordAuthentication = false; # english is a fake language, apparently it's not "authentification", literally go explode, it makes sense but i am still mad -e - # ports = [ 1295 ]; # can just do it on 22 bc of the preceding setting, i think. + # ports = [ 1295 ]; # can just do it on 22 bc of the preceding setting, i think. openFirewall = true; banner = "This place is not a place of honor... no highly esteemed deed is commemorated here... nothing valued is here.\nWhat is here was dangerous and repulsive to us.\nThis message is a warning about danger.\n"; }; @@ -12,7 +12,7 @@ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDRf6PfZtcUN5GJ3hcxoxencU2EMRBeu4BIyBSOgKReD emv@capsaicin" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK2r4QfMmGcPUs4mpYd1YgcLKwwNpBmuHbZVT5VC+8W7 emv@menthol" ]; - }) + } ]; fructose.modules = [ { @@ -26,21 +26,19 @@ { programs.ssh = { enable = true; - matchBlocks = - let - to = hostname: { - inherit hostname; - user = "emv"; - identityFile = "~/.ssh/id_ed25519"; - }; - in - { - glucose = to "glucose.wg"; - fructose = to "fructose.wg"; - capsaicin = to "capsaicin.wg"; - menthol = to "menthol.wg"; - aspartame = to "aspartame.wg"; + matchBlocks = let + to = hostname: { + inherit hostname; + user = "emv"; + identityFile = "~/.ssh/id_ed25519"; }; + in { + glucose = to "glucose.wg"; + fructose = to "fructose.wg"; + capsaicin = to "capsaicin.wg"; + menthol = to "menthol.wg"; + aspartame = to "aspartame.wg"; + }; }; } ]; diff --git a/networking/tailscale.mod.nix b/networking/tailscale.mod.nix index a28e54b..062a4dd 100644 --- a/networking/tailscale.mod.nix +++ b/networking/tailscale.mod.nix @@ -25,7 +25,7 @@ }; }; }; - networking.firewall.allowedUDPPorts = [ 6561 ]; + networking.firewall.allowedUDPPorts = [6561]; } ]; @@ -40,13 +40,13 @@ ]; /* - sucrose.modules = [ - { - services.tailscale.extraSetFlags = [ - "--advertise-exit-node" - ]; - } - ]; + sucrose.modules = [ + { + services.tailscale.extraSetFlags = [ + "--advertise-exit-node" + ]; + } + ]; */ # this is not needed, currently -e } diff --git a/networking/vpn.mod.nix b/networking/vpn.mod.nix index b32dc21..248a122 100644 --- a/networking/vpn.mod.nix +++ b/networking/vpn.mod.nix @@ -3,8 +3,7 @@ nixpkgs, molecules, ... -}: -let +}: let public-keys = { capsaicin = "Jn0yQV0qdi1oPdiMSmQSPk4IYbfR2THuiY5pTl7cLgs="; menthol = "6cDCwXBSC0bpEtpRVtzAFrt+a4BYd2iPjCmQb4xpZnU="; @@ -19,32 +18,32 @@ let ips = builtins.mapAttrs (nixpkgs.lib.const ip) molecules; ips' = builtins.mapAttrs (name: ip: "${ip}/32") ips; - port-for = builtins.mapAttrs ( - machine: { config, ... }: toString config.networking.wireguard.interfaces.wg0.listenPort - ) self.nixosConfigurations; -in -{ + port-for = + builtins.mapAttrs ( + machine: {config, ...}: toString config.networking.wireguard.interfaces.wg0.listenPort + ) + self.nixosConfigurations; +in { extras = { wireguard-ips = ips; }; universal.modules = [ ( - { config, ... }: - { + {config, ...}: { networking = { # i sure hope it is nat = { enable = true; externalInterface = "eth0"; - internalInterfaces = [ "wg0" ]; + internalInterfaces = ["wg0"]; }; - firewall.allowedUDPPorts = [ config.networking.wireguard.interfaces.wg0.listenPort ]; + firewall.allowedUDPPorts = [config.networking.wireguard.interfaces.wg0.listenPort]; extraHosts = builtins.concatStringsSep "\n" ( nixpkgs.lib.mapAttrsToList (name: ip: "${ip} ${name}.wg") ips ); wireguard.interfaces.wg0 = { - ips = [ "${ips.${config.networking.hostName}}/24" ]; + ips = ["${ips.${config.networking.hostName}}/24"]; listenPort = 46656; privateKeyFile = config.sops.secrets.wireguard-private-key.path; }; @@ -55,8 +54,7 @@ in glucose.modules = [ ( - { pkgs, ... }: - { + {pkgs, ...}: { boot.kernel.sysctl."net.ipv4.ip_forward" = 1; networking.wireguard.interfaces.wg0 = { postSetup = '' @@ -69,17 +67,17 @@ in peers = [ { publicKey = public-keys.capsaicin; - allowedIPs = [ ips'.capsaicin ]; + allowedIPs = [ips'.capsaicin]; } { publicKey = public-keys.fructose; - allowedIPs = [ ips'.fructose ]; + allowedIPs = [ips'.fructose]; endpoint = "10.12.96.9:${port-for.fructose}"; persistentKeepalive = 25; } { publicKey = public-keys.aspartame; - allowedIPs = [ subnet ]; + allowedIPs = [subnet]; endpoint = "vps.collective-conciousness.monster:${port-for.aspartame}"; persistentKeepalive = 25; } @@ -91,8 +89,7 @@ in fructose.modules = [ ( - { pkgs, ... }: - { + {pkgs, ...}: { boot.kernel.sysctl."net.ipv4.ip_forward" = 1; networking.wireguard.interfaces.wg0 = { postSetup = '' @@ -105,17 +102,17 @@ in peers = [ { publicKey = public-keys.capsaicin; - allowedIPs = [ ips'.capsaicin ]; + allowedIPs = [ips'.capsaicin]; } { publicKey = public-keys.glucose; - allowedIPs = [ ips'.glucose ]; + allowedIPs = [ips'.glucose]; endpoint = "10.12.96.4:${port-for.glucose}"; persistentKeepalive = 25; } { publicKey = public-keys.aspartame; - allowedIPs = [ subnet ]; + allowedIPs = [subnet]; endpoint = "vps.collective-conciousness.monster:${port-for.aspartame}"; persistentKeepalive = 25; } @@ -127,8 +124,7 @@ in aspartame.modules = [ ( - { pkgs, ... }: - { + {pkgs, ...}: { boot.kernel.sysctl."net.ipv4.ip_forward" = 1; networking.wireguard.interfaces.wg0 = { postSetup = '' @@ -141,19 +137,19 @@ in peers = [ { publicKey = public-keys.capsaicin; - allowedIPs = [ ips'.capsaicin ]; + allowedIPs = [ips'.capsaicin]; } { publicKey = public-keys.glucose; - allowedIPs = [ ips'.glucose ]; + allowedIPs = [ips'.glucose]; } { publicKey = public-keys.fructose; - allowedIPs = [ ips'.fructose ]; + allowedIPs = [ips'.fructose]; } { publicKey = public-keys.menthol; - allowedIPs = [ ips'.menthol ]; + allowedIPs = [ips'.menthol]; } ]; }; @@ -166,19 +162,19 @@ in networking.wireguard.interfaces.wg0.peers = [ { publicKey = public-keys.aspartame; - allowedIPs = [ subnet ]; + allowedIPs = [subnet]; endpoint = "vps.collective-conciousness.monster:${port-for.aspartame}"; persistentKeepalive = 25; } { publicKey = public-keys.glucose; - allowedIPs = [ ips'.glucose ]; + allowedIPs = [ips'.glucose]; endpoint = "10.12.96.4:${port-for.glucose}"; persistentKeepalive = 25; } { publicKey = public-keys.fructose; - allowedIPs = [ ips'.fructose ]; + allowedIPs = [ips'.fructose]; endpoint = "10.12.96.9:${port-for.fructose}"; persistentKeepalive = 25; } @@ -191,7 +187,7 @@ in networking.wireguard.interfaces.wg0.peers = [ { publicKey = public-keys.aspartame; - allowedIPs = [ subnet ]; + allowedIPs = [subnet]; endpoint = "vps.collective-conciousness.monster:${port-for.aspartame}"; persistentKeepalive = 25; } diff --git a/nix.mod.nix b/nix.mod.nix index 1b4fc7b..296838e 100644 --- a/nix.mod.nix +++ b/nix.mod.nix @@ -2,65 +2,57 @@ nix-monitored, molecules, ... -}: -let - garbage-collection-module = - { lib, ... }: - { - programs.nh.clean = { - enable = true; - extraArgs = "--keep 3 --keep-since 7d"; - dates = "Mon..Sun *-*-* 03:00:00"; - }; - - nix.optimise = { - automatic = true; - dates = [ "Mon..Sun *-*-* 04:00:00" ]; - }; - # there are very few circumstances in which we'd be awake at those times. - - systemd.timers = - let - fuck-off.timerConfig = { - Persistent = lib.mkForce false; - RandomizedDelaySec = lib.mkForce 0; - }; - in - { - nh-clean = fuck-off; - nix-optimise = fuck-off; - }; +}: let + garbage-collection-module = {lib, ...}: { + programs.nh.clean = { + enable = true; + extraArgs = "--keep 3 --keep-since 7d"; + dates = "Mon..Sun *-*-* 03:00:00"; }; - distributed-build-module = - { config, ... }: - { - nix.distributedBuilds = true; - nix.buildMachines = [ - { - hostName = "capsaicin"; - system = "x86_64-linux"; - maxJobs = 2; - speedFactor = 3; - } - { - hostName = "glucose"; - system = "x86_64-linux"; - - maxJobs = 3; - speedFactor = 2; - } - { - hostName = "fructose"; - system = "x86_64-linux"; - - maxJobs = 2; - speedFactor = 1; - } - ]; + nix.optimise = { + automatic = true; + dates = ["Mon..Sun *-*-* 04:00:00"]; }; -in -{ + # there are very few circumstances in which we'd be awake at those times. + + systemd.timers = let + fuck-off.timerConfig = { + Persistent = lib.mkForce false; + RandomizedDelaySec = lib.mkForce 0; + }; + in { + nh-clean = fuck-off; + nix-optimise = fuck-off; + }; + }; + distributed-build-module = {config, ...}: { + nix.distributedBuilds = true; + nix.buildMachines = [ + { + hostName = "capsaicin"; + system = "x86_64-linux"; + + maxJobs = 2; + speedFactor = 3; + } + { + hostName = "glucose"; + system = "x86_64-linux"; + + maxJobs = 3; + speedFactor = 2; + } + { + hostName = "fructose"; + system = "x86_64-linux"; + + maxJobs = 2; + speedFactor = 1; + } + ]; + }; +in { universal.modules = [ { system.stateVersion = "24.05"; @@ -75,8 +67,7 @@ in }; } ( - { pkgs, ... }: - { + {pkgs, ...}: { nixpkgs.overlays = [ nix-monitored.overlays.default (final: prev: { @@ -91,14 +82,14 @@ in nix-direnv = prev.nix-direnv.override { nix = prev.nix-monitored; }; - nixmon = prev.runCommand "nixmon" { } '' + nixmon = prev.runCommand "nixmon" {} '' mkdir -p $out/bin ln -s ${prev.nix-monitored}/bin/nix $out/bin/nixmon ''; }) ]; # nix.package = pkgs.nix-monitored; - environment.systemPackages = [ pkgs.nixmon ]; + environment.systemPackages = [pkgs.nixmon]; programs.nh.enable = true; } ) @@ -108,8 +99,7 @@ in pkgs, lib, ... - }: - { + }: { programs.ssh.extraConfig = '' ${builtins.concatStringsSep "" ( lib.mapAttrsToList (name: n: '' @@ -117,7 +107,8 @@ in HostName ${name}.wg User remote-builder IdentityFile ${config.sops.secrets.remote-build-ssh-privkey.path} - '') molecules + '') + molecules )} ''; @@ -131,9 +122,9 @@ in shell = pkgs.runtimeShell; }; - users.groups.remote-builder = { }; + users.groups.remote-builder = {}; - nix.settings.trusted-users = [ "remote-builder" ]; + nix.settings.trusted-users = ["remote-builder"]; } ) ( @@ -142,15 +133,15 @@ in lib, ... }: - lib.mkIf + lib.mkIf ( # Don't make glucose a substitute for itself. Using glucose at the moment because it is not used for anything else. -e config.networking.hostName != "glucose" ) { nix.settings = { - substituters = [ "https://cache.collective-conciousness.monster" ]; - trusted-public-keys = [ "adyya-flake:PAbC0hnAiNj/kHcm9wIykmKIf25FDeXB6JusqlX2ghs=" ]; + substituters = ["https://cache.collective-conciousness.monster"]; + trusted-public-keys = ["adyya-flake:PAbC0hnAiNj/kHcm9wIykmKIf25FDeXB6JusqlX2ghs="]; }; } ) @@ -167,8 +158,7 @@ in pkgs, lib, ... - }: - { + }: { # This is publicly served from https://cache.collective-conciousness.monster # That's proxied through aspartame via caddy. services.nix-serve = { @@ -180,57 +170,59 @@ in }; /* - systemd.timers."auto-update-rebuild" = { - wantedBy = [ "timers.target" ]; - timerConfig = { - OnBootSec = "5m"; - OnUnitInactiveSec = "1h"; - Unit = "auto-update-rebuild.service"; - }; + systemd.timers."auto-update-rebuild" = { + wantedBy = [ "timers.target" ]; + timerConfig = { + OnBootSec = "5m"; + OnUnitInactiveSec = "1h"; + Unit = "auto-update-rebuild.service"; }; + }; - systemd.services."auto-update-rebuild" = { - script = '' - mkdir -p /tmp/auto-update-rebuild && cd /tmp/auto-update-rebuild + systemd.services."auto-update-rebuild" = { + script = '' + mkdir -p /tmp/auto-update-rebuild && cd /tmp/auto-update-rebuild - export PATH=${ - lib.makeBinPath ( - with pkgs; - [ - nix - git - coreutils - ] - ) - } + export PATH=${ + lib.makeBinPath ( + with pkgs; + [ + nix + git + coreutils + ] + ) + } - nix flake update --flake /home/emv/adyya-flake - ''; + nix flake update --flake /home/emv/adyya-flake + ''; - serviceConfig = { - Restart = "on-failure"; - RestartSec = "15m"; - Type = "oneshot"; - }; + serviceConfig = { + Restart = "on-failure"; + RestartSec = "15m"; + Type = "oneshot"; }; + }; */ } ) garbage-collection-module ]; - fructose.modules = [ garbage-collection-module ]; - menthol.modules = [ distributed-build-module ]; + fructose.modules = [garbage-collection-module]; + menthol.modules = [distributed-build-module]; aspartame.modules = [ distributed-build-module garbage-collection-module ]; - capsaicin.modules = [ garbage-collection-module ]; + capsaicin.modules = [garbage-collection-module]; universal.home_modules = [ ( - { pkgs, lib, ... }: { - + pkgs, + lib, + ... + }: { home.packages = with pkgs; [ cachix nil diff --git a/peripherals.mod.nix b/peripherals.mod.nix index f257886..5e46a58 100644 --- a/peripherals.mod.nix +++ b/peripherals.mod.nix @@ -1,11 +1,10 @@ { personal.modules = [ ( - { pkgs, ... }: - { + {pkgs, ...}: { programs.adb.enable = true; # #yeag that's it for now lol - users.users.emv.extraGroups = [ "adbusers" ]; - services.udev.packages = [ pkgs.android-udev-rules ]; + users.users.emv.extraGroups = ["adbusers"]; + services.udev.packages = [pkgs.android-udev-rules]; } ) ]; diff --git a/services/caddy/caddy.mod.nix b/services/caddy/caddy.mod.nix index 2fc5522..2e3bd00 100644 --- a/services/caddy/caddy.mod.nix +++ b/services/caddy/caddy.mod.nix @@ -1,8 +1,11 @@ { aspartame.modules = [ ( - { pkgs, lib, ... }: { + pkgs, + lib, + ... + }: { services.caddy = { enable = true; package = pkgs.caddy-many; diff --git a/services/couchdb/couchdb.mod.nix b/services/couchdb/couchdb.mod.nix index 9ec1278..724beed 100644 --- a/services/couchdb/couchdb.mod.nix +++ b/services/couchdb/couchdb.mod.nix @@ -1,8 +1,7 @@ { glucose.modules = [ ( - { config, ... }: - { + {config, ...}: { # services.couchdb = { # enable = true; # adminUser = "Admin"; diff --git a/services/forgejo/forgejo.mod.nix b/services/forgejo/forgejo.mod.nix index 5ff2c8b..53509d2 100644 --- a/services/forgejo/forgejo.mod.nix +++ b/services/forgejo/forgejo.mod.nix @@ -1,8 +1,11 @@ { fructose.modules = [ ( - { config, pkgs, ... }: { + config, + pkgs, + ... + }: { services.forgejo = { enable = true; package = pkgs.forgejo; diff --git a/services/forgejo/runner.mod.nix b/services/forgejo/runner.mod.nix index 38e38f5..0b2d8df 100644 --- a/services/forgejo/runner.mod.nix +++ b/services/forgejo/runner.mod.nix @@ -6,15 +6,13 @@ config, lib, ... - }: - { + }: { services.gitea-actions-runner = { package = pkgs.forgejo-runner; instances = { ${config.networking.hostName} = { enable = true; - hostPackages = - with pkgs; + hostPackages = with pkgs; lib.mkDefault [ bash coreutils @@ -26,9 +24,9 @@ nix nixfmt-rfc-style ]; - labels = [ ]; + labels = []; name = config.networking.hostName; - settings = { }; + settings = {}; tokenFile = config.sops.templates."forgejo_runner.env.secrets.yaml".path; url = "https://git.collective-conciousness.monster"; }; diff --git a/services/gts/gts.mod.nix b/services/gts/gts.mod.nix index f45add2..99cb22c 100644 --- a/services/gts/gts.mod.nix +++ b/services/gts/gts.mod.nix @@ -1,8 +1,11 @@ { aspartame.modules = [ ( - { pkgs, config, ... }: { + pkgs, + config, + ... + }: { services.gotosocial = { enable = true; package = pkgs.gts; @@ -28,7 +31,7 @@ "::1" ]; - ### Database config - still have to set this up. + ### Database config - still have to set this up. db-type = "postgres"; db-address = "10.24.1.9"; db-port = "5432"; diff --git a/services/murmur/murmur.mod.nix b/services/murmur/murmur.mod.nix index ae6e3dc..9cca441 100644 --- a/services/murmur/murmur.mod.nix +++ b/services/murmur/murmur.mod.nix @@ -6,8 +6,7 @@ config, lib, ... - }: - { + }: { services.murmur = { enable = true; diff --git a/services/pihole/pihole.mod.nix b/services/pihole/pihole.mod.nix index 706b086..348a984 100644 --- a/services/pihole/pihole.mod.nix +++ b/services/pihole/pihole.mod.nix @@ -1,8 +1,7 @@ { fructose.modules = [ ( - { config, ... }: - { + {config, ...}: { virtualisation.oci-containers = { containers.pihole = { image = "pihole/pihole:latest"; diff --git a/services/postgres/postgres.mod.nix b/services/postgres/postgres.mod.nix index 5a359b0..dbaec21 100644 --- a/services/postgres/postgres.mod.nix +++ b/services/postgres/postgres.mod.nix @@ -1,82 +1,82 @@ { fructose.modules = [ /* - ( - { config, pkgs, lib, ... }: - { - systemd.services.postgresql.serviceConfig.TimeoutSec = lib.mkForce "infinity"; - services.postgresql = { - enable = true; - checkConfig = true; - package = pkgs.postgresql_17; - dataDir = "/var/services/postgres/"; + ( + { config, pkgs, lib, ... }: + { + systemd.services.postgresql.serviceConfig.TimeoutSec = lib.mkForce "infinity"; + services.postgresql = { + enable = true; + checkConfig = true; + package = pkgs.postgresql_17; + dataDir = "/var/services/postgres/"; - ensureDatabases = [ - "forgejo" - "gts" - ]; - ensureUsers = [ - { - name = "forgejo"; - ensureDBOwnership = true; - ensureClauses = { - login = true; - }; - } - { - name = "gts"; - ensureDBOwnership = true; - ensureClauses = { - login = true; - }; - } - ]; - settings = { - # connection - listen_addresses = lib.mkForce "127.0.0.1"; - port = 5432; - unix_socket_directories = "/var/services/postgres/postgres.sock"; + ensureDatabases = [ + "forgejo" + "gts" + ]; + ensureUsers = [ + { + name = "forgejo"; + ensureDBOwnership = true; + ensureClauses = { + login = true; + }; + } + { + name = "gts"; + ensureDBOwnership = true; + ensureClauses = { + login = true; + }; + } + ]; + settings = { + # connection + listen_addresses = lib.mkForce "127.0.0.1"; + port = 5432; + unix_socket_directories = "/var/services/postgres/postgres.sock"; - # auth - password_encryption = "scram-sha-256"; + # auth + password_encryption = "scram-sha-256"; - # ssl - ssl = false; + # ssl + ssl = false; - #log - log_connections = true; - log_directory = "/var/services/postgres/log"; - logging_collector = true; - log_disconnections = true; - }; + #log + log_connections = true; + log_directory = "/var/services/postgres/log"; + logging_collector = true; + log_disconnections = true; }; + }; - services.postgresqlBackup = { - enable = true; - location = "/var/services/postgresbackup/"; - compression = "gzip"; - backupAll = true; - startAt = "*-*-* 3:20:00"; - }; + services.postgresqlBackup = { + enable = true; + location = "/var/services/postgresbackup/"; + compression = "gzip"; + backupAll = true; + startAt = "*-*-* 3:20:00"; + }; - # services.pgadmin = { - # enable = true; - # initialEmail = "pgadmin@collective-conciousness.monster"; - # initialPasswordFile = "${config.sops.secrets.pgadmin_pass.path}"; - # openFirewall = true; - # port = 5050; + # services.pgadmin = { + # enable = true; + # initialEmail = "pgadmin@collective-conciousness.monster"; + # initialPasswordFile = "${config.sops.secrets.pgadmin_pass.path}"; + # openFirewall = true; + # port = 5050; - # settings = { - # STRICT_TRANSPORT_SECURITY_ENABLED = true; - # ALLOWED_HOSTS = [ - # "127.0.0.1" - # "10.24.1.225" - # "10.24.1.196" - # ]; - # }; - # }; - } - ) + # settings = { + # STRICT_TRANSPORT_SECURITY_ENABLED = true; + # ALLOWED_HOSTS = [ + # "127.0.0.1" + # "10.24.1.225" + # "10.24.1.196" + # ]; + # }; + # }; + } + ) */ #doesn't seem to work so i'm just gonna make a container for it at the moment. ( @@ -85,8 +85,7 @@ pkgs, lib, ... - }: - { + }: { virtualisation.oci-containers = { containers.postgres = { image = "postgres:17"; @@ -106,11 +105,10 @@ "5433:8080" "5434:53" ]; - dependsOn = [ "postgres" ]; + dependsOn = ["postgres"]; }; }; } ) - ]; } diff --git a/services/website/website.mod.nix b/services/website/website.mod.nix index 8d3f758..ecbea73 100644 --- a/services/website/website.mod.nix +++ b/services/website/website.mod.nix @@ -1,8 +1,7 @@ { aspartame.modules = [ ( - { pkgs, ... }: - { + {pkgs, ...}: { environment.systemPackages = with pkgs; [ zola ]; diff --git a/sops.mod.nix b/sops.mod.nix index 7efac15..107fcc5 100644 --- a/sops.mod.nix +++ b/sops.mod.nix @@ -1,5 +1,4 @@ -{ sops-nix, ... }: -{ +{sops-nix, ...}: { universal.modules = [ sops-nix.nixosModules.sops { @@ -11,22 +10,20 @@ sops.age.keyFile = "/home/emv/.config/sops/age/keys.txt"; } ( - { config, ... }: - { + {config, ...}: { sops.secrets.wireguard-private-key = { key = "wireguard-private-keys/${config.networking.hostName}"; }; } ) - ({ - sops.secrets.remote-build-ssh-privkey = { }; - }) + { + sops.secrets.remote-build-ssh-privkey = {}; + } ]; aspartame.modules = [ ( - { config, ... }: - { - sops.secrets.gts_db_pass = { }; + {config, ...}: { + sops.secrets.gts_db_pass = {}; sops.templates."gts.env.secrets.yaml".content = '' GTS_DB_PASSWORD=${config.sops.placeholder."gts_db_pass"} ''; @@ -35,9 +32,8 @@ ]; sucrose.modules = [ ( - { config, ... }: - { - sops.secrets."forgejo_runner_${config.networking.hostName}_token" = { }; + {config, ...}: { + sops.secrets."forgejo_runner_${config.networking.hostName}_token" = {}; sops.templates."forgejo_runner.env.secrets.yaml".content = '' TOKEN=${config.sops.placeholder."forgejo_runner_${config.networking.hostName}_token"} ''; @@ -45,14 +41,13 @@ ) ]; glucose.modules = [ - ({ - sops.secrets.binary_cache_secret = { }; - }) + { + sops.secrets.binary_cache_secret = {}; + } ( - { config, ... }: - { - sops.secrets.couchdb_admin_pass = { }; - sops.secrets.couchdb_admin_account = { }; + {config, ...}: { + sops.secrets.couchdb_admin_pass = {}; + sops.secrets.couchdb_admin_account = {}; sops.templates."couchdb.env.secrets.yaml".content = '' COUCHDB_PASSWORD="${config.sops.placeholder."couchdb_admin_pass"}" COUCHDB_USER="${config.sops.placeholder."couchdb_admin_account"}" @@ -60,10 +55,9 @@ } ) ( - { config, ... }: - { - sops.secrets.murmur_login_password = { }; - sops.secrets.murmur_welcome_message = { }; + {config, ...}: { + sops.secrets.murmur_login_password = {}; + sops.secrets.murmur_welcome_message = {}; sops.templates."murmur.env.secrets.yaml".content = '' MURMUR_LOGIN_PASSWORD="${config.sops.placeholder."murmur_login_password"}" MURMUR_WELCOME_MESSAGE="${config.sops.placeholder."murmur_welcome_message"}" @@ -73,19 +67,17 @@ ]; fructose.modules = [ ( - { config, ... }: - { - sops.secrets.pihole_webpassword = { }; + {config, ...}: { + sops.secrets.pihole_webpassword = {}; sops.templates."pihole.env.secrets.yaml".content = '' WEBPASSWORD="${config.sops.placeholder."pihole_webpassword"}" ''; } ) ( - { config, ... }: - { - sops.secrets.postgresdb_admin_password = { }; - sops.secrets.forgejo_db_pass = { }; + {config, ...}: { + sops.secrets.postgresdb_admin_password = {}; + sops.secrets.forgejo_db_pass = {}; sops.templates."postgresdb.env.secrets.yaml".content = '' POSTGRES_PASSWORD=${config.sops.placeholder."postgresdb_admin_password"} ''; @@ -94,14 +86,13 @@ ]; personal.modules = [ ( - { config, ... }: - { - sops.secrets.home1_ssid = { }; - sops.secrets.home1_psk = { }; - sops.secrets.home2_ssid = { }; - sops.secrets.home2_psk = { }; - sops.secrets.phone_ssid = { }; - sops.secrets.phone_psk = { }; + {config, ...}: { + sops.secrets.home1_ssid = {}; + sops.secrets.home1_psk = {}; + sops.secrets.home2_ssid = {}; + sops.secrets.home2_psk = {}; + sops.secrets.phone_ssid = {}; + sops.secrets.phone_psk = {}; sops.templates."networkmanager.env.secrets.yaml".content = '' HOME1_SSID="${config.sops.placeholder."home1_ssid"}" HOME2_SSID="${config.sops.placeholder."home2_ssid"}" @@ -115,8 +106,7 @@ ]; universal.home_modules = [ ( - { pkgs, ... }: - { + {pkgs, ...}: { home.packages = with pkgs; [ sops age diff --git a/stylix.mod.nix b/stylix.mod.nix index 074895e..00010aa 100644 --- a/stylix.mod.nix +++ b/stylix.mod.nix @@ -1,45 +1,41 @@ -{ stylix, ... }: -let +{stylix, ...}: let wallpapers = builtins.mapAttrs - ( - name: value: - { - lib, - pkgs, - ... - }: - { - stylix.image = pkgs.fetchurl { - url = value.url; - hash = value.hash or lib.fakeHash; - }; - } - ) - { - sekiro.url = "https://w.wallhaven.cc/full/vg/wallhaven-vgor6p.jpg"; - sekiro.hash = "sha256-pcNIr1yON9SsOhUAr//GGbijZayksBTYBu7l+/1+He8="; + ( + name: value: { + lib, + pkgs, + ... + }: { + stylix.image = pkgs.fetchurl { + url = value.url; + hash = value.hash or lib.fakeHash; + }; + } + ) + { + sekiro.url = "https://w.wallhaven.cc/full/vg/wallhaven-vgor6p.jpg"; + sekiro.hash = "sha256-pcNIr1yON9SsOhUAr//GGbijZayksBTYBu7l+/1+He8="; - ac-frozen.url = "https://w.wallhaven.cc/full/7p/wallhaven-7p22j9.png"; - ac-frozen.hash = "sha256-qBJL8ddJhUWuUeaqPssMDUSfuNa9elfb7XMMeOAlwpE="; + ac-frozen.url = "https://w.wallhaven.cc/full/7p/wallhaven-7p22j9.png"; + ac-frozen.hash = "sha256-qBJL8ddJhUWuUeaqPssMDUSfuNa9elfb7XMMeOAlwpE="; - ac-impact.url = "https://w.wallhaven.cc/full/jx/wallhaven-jx3xmp.png"; - ac-impact.hash = "sha256-oAm8IVMlZpEuLp1baoFqzFk5VWzELOiOv+CaRIAE2Dc="; + ac-impact.url = "https://w.wallhaven.cc/full/jx/wallhaven-jx3xmp.png"; + ac-impact.hash = "sha256-oAm8IVMlZpEuLp1baoFqzFk5VWzELOiOv+CaRIAE2Dc="; - ac-grid.url = "https://w.wallhaven.cc/full/kx/wallhaven-kxg7d1.png"; - ac-grid.hash = "sha256-7zO4rHrVsFMsnH+X7GJKr6qcGB3Z/k525UIv19lnSls="; + ac-grid.url = "https://w.wallhaven.cc/full/kx/wallhaven-kxg7d1.png"; + ac-grid.hash = "sha256-7zO4rHrVsFMsnH+X7GJKr6qcGB3Z/k525UIv19lnSls="; - ludwig.url = "https://w.wallhaven.cc/full/6d/wallhaven-6d8p9w.png"; - ludwig.hash = "sha256-DmV8sF6zN6/A+wQNCaxyQ32aZb4MPsdoKiNDwvnT6qU="; + ludwig.url = "https://w.wallhaven.cc/full/6d/wallhaven-6d8p9w.png"; + ludwig.hash = "sha256-DmV8sF6zN6/A+wQNCaxyQ32aZb4MPsdoKiNDwvnT6qU="; - wukong.url = "https://w.wallhaven.cc/full/l8/wallhaven-l81moy.jpg"; - wukong.hash = "sha256-EE/VhlbA/hnvjTSvqYLIWay+llNUyZ0iC2OCRphcKkQ="; + wukong.url = "https://w.wallhaven.cc/full/l8/wallhaven-l81moy.jpg"; + wukong.hash = "sha256-EE/VhlbA/hnvjTSvqYLIWay+llNUyZ0iC2OCRphcKkQ="; - twirly-bh.url = "https://w.wallhaven.cc/full/l8/wallhaven-l8v7kq.jpg"; - twirly-bh.hash = "sha256-on/wIsdUgKSgl9o/jwKu/Rk2ehK9JgDBoGji+QH5b5s="; - }; -in -{ + twirly-bh.url = "https://w.wallhaven.cc/full/l8/wallhaven-l8v7kq.jpg"; + twirly-bh.hash = "sha256-on/wIsdUgKSgl9o/jwKu/Rk2ehK9JgDBoGji+QH5b5s="; + }; +in { personal.modules = [ stylix.nixosModules.stylix ( @@ -47,8 +43,7 @@ in pkgs, config, ... - }: - { + }: { stylix.enable = true; stylix.polarity = "dark"; @@ -87,15 +82,14 @@ in pkgs, config, ... - }: - { - systemd-fuckery.auto-restart = [ "swaybg" ]; + }: { + systemd-fuckery.auto-restart = ["swaybg"]; systemd.user.services."swaybg" = { Unit = { Description = "wallpapers! brought to you by stylix! :3"; - PartOf = [ "graphical-session.target" ]; + PartOf = ["graphical-session.target"]; }; - Install.WantedBy = [ "graphical-session.target" ]; + Install.WantedBy = ["graphical-session.target"]; Service = { ExecStart = "${lib.getExe pkgs.swaybg} -i ${config.stylix.image}"; Restart = "on-failure"; diff --git a/sway.mod.nix b/sway.mod.nix index 2438083..f93b58a 100644 --- a/sway.mod.nix +++ b/sway.mod.nix @@ -1,8 +1,7 @@ { personal.modules = [ ( - { pkgs, ... }: - { + {pkgs, ...}: { programs.sway = { enable = true; package = pkgs.swayfx; @@ -25,8 +24,7 @@ pkgs, config, ... - }: - { + }: { wayland.windowManager.sway = { enable = true; systemd.enable = true; @@ -36,140 +34,138 @@ config = { modifier = "Mod4"; fonts = lib.mkDefault { - names = [ "pango" ]; + names = ["pango"]; style = "monospace"; size = 8.0; }; terminal = "terminator"; - keybindings = - let - mod = config.wayland.windowManager.sway.config.modifier; - term = config.wayland.windowManager.sway.config.terminal; - rofi = "rofi"; - in - { - "${mod}+Return" = "exec ${term}"; # opens a terminal window - "${mod}+Shift+q" = "kill"; # kills the active window + keybindings = let + mod = config.wayland.windowManager.sway.config.modifier; + term = config.wayland.windowManager.sway.config.terminal; + rofi = "rofi"; + in { + "${mod}+Return" = "exec ${term}"; # opens a terminal window + "${mod}+Shift+q" = "kill"; # kills the active window - "${mod}+s" = ''exec --no-startup-id ${rofi} -run-command "/bin/sh -i -c '{cmd}'" -show combi''; # opens rofi - "${mod}+Tab" = "exec --no-startup-id ${rofi} -show window"; + "${mod}+s" = ''exec --no-startup-id ${rofi} -run-command "/bin/sh -i -c '{cmd}'" -show combi''; # opens rofi + "${mod}+Tab" = "exec --no-startup-id ${rofi} -show window"; - # "${mod}+p" = ''mode "resize"''; - "${mod}+o" = "exec swaylock"; # locks the session, requiring password to unlock. + # "${mod}+p" = ''mode "resize"''; + "${mod}+o" = "exec swaylock"; # locks the session, requiring password to unlock. - ### move focus - "${mod}+Left" = "focus left"; - "${mod}+Down" = "focus down"; - "${mod}+Up" = "focus up"; - "${mod}+Right" = "focus right"; + ### move focus + "${mod}+Left" = "focus left"; + "${mod}+Down" = "focus down"; + "${mod}+Up" = "focus up"; + "${mod}+Right" = "focus right"; - ### move windows - "${mod}+Shift+Left" = "move left"; - "${mod}+Shift+Down" = "move down"; - "${mod}+Shift+Up" = "move up"; - "${mod}+Shift+Right" = "move right"; + ### move windows + "${mod}+Shift+Left" = "move left"; + "${mod}+Shift+Down" = "move down"; + "${mod}+Shift+Up" = "move up"; + "${mod}+Shift+Right" = "move right"; - "${mod}+Shift+m" = "split h"; # Horizontal split - "${mod}+Shift+v" = "split v"; # Vertical Split + "${mod}+Shift+m" = "split h"; # Horizontal split + "${mod}+Shift+v" = "split v"; # Vertical Split - "${mod}+t" = "fullscreen toggle"; # fullscreen + "${mod}+t" = "fullscreen toggle"; # fullscreen - "${mod}+r" = "layout stacking"; - "${mod}+w" = "layout tabbed"; - "${mod}+e" = "layout toggle split"; + "${mod}+r" = "layout stacking"; + "${mod}+w" = "layout tabbed"; + "${mod}+e" = "layout toggle split"; - "${mod}+Shift+Space" = "floating toggle"; - "${mod}+Space" = "focus mode_toggle"; # change focus between tiling and floating + "${mod}+Shift+Space" = "floating toggle"; + "${mod}+Space" = "focus mode_toggle"; # change focus between tiling and floating - "${mod}+a" = "focus parent"; - "${mod}+Shift+a" = "focus child"; + "${mod}+a" = "focus parent"; + "${mod}+Shift+a" = "focus child"; - "${mod}+Shift+d" = "reload"; + "${mod}+Shift+d" = "reload"; - ### moves user around - "${mod}+1" = "workspace number 1"; - "${mod}+2" = "workspace number 2"; - "${mod}+3" = "workspace number 3"; - "${mod}+4" = "workspace number 4"; - "${mod}+5" = "workspace number 5"; - "${mod}+6" = "workspace number 6"; - "${mod}+7" = "workspace number 7"; - "${mod}+8" = "workspace number 8"; - "${mod}+9" = "workspace number 9"; - "${mod}+0" = "workspace number 10"; + ### moves user around + "${mod}+1" = "workspace number 1"; + "${mod}+2" = "workspace number 2"; + "${mod}+3" = "workspace number 3"; + "${mod}+4" = "workspace number 4"; + "${mod}+5" = "workspace number 5"; + "${mod}+6" = "workspace number 6"; + "${mod}+7" = "workspace number 7"; + "${mod}+8" = "workspace number 8"; + "${mod}+9" = "workspace number 9"; + "${mod}+0" = "workspace number 10"; - ### moves containers around - "${mod}+Shift+1" = "move container to workspace number 1"; - "${mod}+Shift+2" = "move container to workspace number 2"; - "${mod}+Shift+3" = "move container to workspace number 3"; - "${mod}+Shift+4" = "move container to workspace number 4"; - "${mod}+Shift+5" = "move container to workspace number 5"; - "${mod}+Shift+6" = "move container to workspace number 6"; - "${mod}+Shift+7" = "move container to workspace number 7"; - "${mod}+Shift+8" = "move container to workspace number 8"; - "${mod}+Shift+9" = "move container to workspace number 9"; - "${mod}+Shift+0" = "move container to workspace number 10"; - }; + ### moves containers around + "${mod}+Shift+1" = "move container to workspace number 1"; + "${mod}+Shift+2" = "move container to workspace number 2"; + "${mod}+Shift+3" = "move container to workspace number 3"; + "${mod}+Shift+4" = "move container to workspace number 4"; + "${mod}+Shift+5" = "move container to workspace number 5"; + "${mod}+Shift+6" = "move container to workspace number 6"; + "${mod}+Shift+7" = "move container to workspace number 7"; + "${mod}+Shift+8" = "move container to workspace number 8"; + "${mod}+Shift+9" = "move container to workspace number 9"; + "${mod}+Shift+0" = "move container to workspace number 10"; + }; ### TODO : Resize mode and automatic floating assigns = { - "1:说" = [ { title = "^Signal$|Discord$"; } ]; - "2:main" = [ { title = "VSCodium$"; } ]; - "3:browsing" = [ { title = "LibreWolf$"; } ]; - "4:misc" = [ ]; - "5:5" = [ ]; - "6:6" = [ ]; - "7:7" = [ ]; - "8:8" = [ ]; - "9:9" = [ ]; - "0:audio" = [ { title = "pwvucontrol$|noisetorch$"; } ]; + "1:说" = [{title = "^Signal$|Discord$";}]; + "2:main" = [{title = "VSCodium$";}]; + "3:browsing" = [{title = "LibreWolf$";}]; + "4:misc" = []; + "5:5" = []; + "6:6" = []; + "7:7" = []; + "8:8" = []; + "9:9" = []; + "0:audio" = [{title = "pwvucontrol$|noisetorch$";}]; }; /* - colors = { - # should probably use a let ... in ... here - background = "#212121"; - focused = { - # border = "#2b83a6"; # test to see if stylix does magic - background = "#2b83a6"; - text = "#ffffff"; - indicator = "#dddddd"; - childBorder = "#2b83a6"; - }; - focusedInactive = { - border = "#212121"; - background = "#212121"; - text = "#86888c"; - indicator = "#292d2e"; - childBorder = "#5a5a5a"; - }; - unfocused = { - border = "#212121"; - background = "#212121"; - text = "#86888c"; - indicator = "#292d2e"; - childBorder = "#5a5a5a"; - }; - urgent = { - border = "#d64e4e"; - background = "#d64e4e"; - text = "#ffffff"; - indicator = "#d64e4e"; - childBorder = "#d64e4e"; - }; - placeholder = { - border = "#212121"; - background = "#0c0c0c"; - text = "#ffffff"; - indicator = "#212121"; - childBorder = "#262626"; - }; + colors = { + # should probably use a let ... in ... here + background = "#212121"; + focused = { + # border = "#2b83a6"; # test to see if stylix does magic + background = "#2b83a6"; + text = "#ffffff"; + indicator = "#dddddd"; + childBorder = "#2b83a6"; }; + focusedInactive = { + border = "#212121"; + background = "#212121"; + text = "#86888c"; + indicator = "#292d2e"; + childBorder = "#5a5a5a"; + }; + unfocused = { + border = "#212121"; + background = "#212121"; + text = "#86888c"; + indicator = "#292d2e"; + childBorder = "#5a5a5a"; + }; + urgent = { + border = "#d64e4e"; + background = "#d64e4e"; + text = "#ffffff"; + indicator = "#d64e4e"; + childBorder = "#d64e4e"; + }; + placeholder = { + border = "#212121"; + background = "#0c0c0c"; + text = "#ffffff"; + indicator = "#212121"; + childBorder = "#262626"; + }; + }; */ bars = [ - ({ + { statusCommand = "\${pkgs.swayrbar}/bin/swayrbar"; position = "bottom"; trayOutput = "primary"; @@ -208,7 +204,7 @@ text = "#ffffff"; }; }; - }) + } ]; output = { DP-3 = { diff --git a/tex.mod.nix b/tex.mod.nix index d9ad65c..af96027 100644 --- a/tex.mod.nix +++ b/tex.mod.nix @@ -1,13 +1,13 @@ { personal.home_modules = [ ( - { pkgs, ... }: - { + {pkgs, ...}: { programs.texlive = { enable = true; packageSet = pkgs.texlive; extraPackages = tpkgs: { - inherit (tpkgs) + inherit + (tpkgs) scheme-medium dvisvgm dvipng # in-place output diff --git a/zsh.mod.nix b/zsh.mod.nix index 83e5972..56c7826 100644 --- a/zsh.mod.nix +++ b/zsh.mod.nix @@ -1,8 +1,7 @@ { universal.modules = [ ( - { pkgs, ... }: - { + {pkgs, ...}: { programs.zsh = { enable = true; };