Ittihadyya/adyya-flake
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

i take back what i said, it should be relevant now, though
Some checks failed
/ nix fmt (push) Has been cancelled
Details

Browse source
This commit is contained in:
Ittihadyya 2024-11-26 15:30:26 +02:00
parent 321f72f070
commit abd6c558a2
43 changed files with 929 additions and 978 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
_inheritance.mod.nix
View file

@ -2,8 +2,7 @@
merge,
configs,
...
}:
{
}: {
#capsaicin is a custom-built PC
capsaicin = merge configs.universal configs.personal;
#menthol is a Lenovo Thinkpad T460s
@ -15,5 +14,4 @@
fructose = merge configs.universal (merge configs.sucrose configs.cluster);
#aspartame is a VPS from Contabo
aspartame = merge configs.universal configs.cluster;
}

36
adyya-pkgs/adyya_pkgs.mod.nix
View file

@ -1,15 +1,16 @@
{
aspartame.modules = [
(
{ pkgs, lib, ... }:
{
pkgs,
lib,
...
}: {
nixpkgs.overlays = [
(
final: prev:
let
caddy-custom = pkgs.callPackage ./caddy-custom.nix { };
in
let
final: prev: let
caddy-custom = pkgs.callPackage ./caddy-custom.nix {};
in let
# Caddy Layer4 modules
l4CaddyModules =
lib.lists.map
@ -24,16 +25,16 @@
"modules/l4tls"
"modules/l4proxyprotocol"
];
in
{
in {
caddy-default = caddy-custom;
caddy-base = caddy-custom.withPlugins { caddyModules = [ ]; };
caddy-base = caddy-custom.withPlugins {caddyModules = [];};
caddy-l4 = caddy-custom.withPlugins {
caddyModules = l4CaddyModules;
vendorHash = "sha256-Bz2tR1/a2okARCWFEeSEeVUx2mdBe0QKUh5qzKUOF8s=";
};
caddy-many = caddy-custom.withPlugins {
caddyModules = [
caddyModules =
[
{
name = "transform-encoder";
repo = "github.com/caddyserver/transform-encoder";
@ -44,7 +45,8 @@
repo = "github.com/mpilhlt/caddy-conneg";
version = "v0.1.4";
}
] ++ l4CaddyModules;
]
++ l4CaddyModules;
vendorHash = "sha256-OjyJdcbLMSvgkHKR4xMF0BgsuA5kdKgDgV+ocuNHUf4=";
};
}
@ -52,21 +54,21 @@
];
}
)
({
{
nixpkgs.overlays = [
(final: prev: {
gts = final.callPackage ./gts.nix { };
gts = final.callPackage ./gts.nix {};
})
];
})
}
];
personal.modules = [
({
{
nixpkgs.overlays = [
(final: prev: {
beeref = final.callPackage ./beeref.nix { }; # I'M GOING TO TRUNCATE *YOU*, BEEREF.
beeref = final.callPackage ./beeref.nix {}; # I'M GOING TO TRUNCATE *YOU*, BEEREF.
})
];
})
}
];
}

10
adyya-pkgs/beeref.nix
View file

@ -3,9 +3,7 @@
fetchurl,
lib,
...
}:
let
}: let
name = "beeref";
version = "0.3.3";
src = fetchurl {
@ -13,13 +11,13 @@ let
hash = "sha256-pavXKtjOvKY2IUPp+UP0v8WkrpPeNEcNDhqoQtFYszo=";
};
in
appimageTools.wrapType2 {
appimageTools.wrapType2 {
inherit name version src;
extraPkgs = pkgs: [ pkgs.python311 ];
extraPkgs = pkgs: [pkgs.python311];
meta = with lib; {
description = "A Simple Reference Image Viewer";
homepage = "https://github.com/rbreu/beeref";
license = licenses.gpl3Only;
mainProgram = "beeref";
};
}
}

14
adyya-pkgs/caddy-custom.nix
View file

@ -8,8 +8,7 @@
caddy,
testers,
stdenv,
}:
let
}: let
attrsToModule = map (plugin: plugin.repo);
attrsToVersionedModule = map (
{
@ -37,7 +36,7 @@ let
hash = "sha256-CBfyqtWp3gYsYwaIxbfXO3AYaBiM7LutLC7uZgYXfkQ=";
};
subPackages = [ "cmd/caddy" ];
subPackages = ["cmd/caddy"];
ldflags = [
"-s"
@ -46,7 +45,7 @@ let
];
# matches upstream since v2.8.0
tags = [ "nobadger" ];
tags = ["nobadger"];
nativeBuildInputs = [
gnused
@ -87,7 +86,7 @@ let
];
};
in
buildGoModule {
buildGoModule {
inherit
pname
version
@ -103,8 +102,7 @@ buildGoModule {
vendorHash = "sha256-1Api8bBZJ1/oYk4ZGIiwWCSraLzK9L+hsKXkFtk6iVM=";
passthru = {
withPlugins =
{
withPlugins = {
caddyModules,
vendorHash ? lib.fakeHash,
}:
@ -155,4 +153,4 @@ buildGoModule {
};
};
};
}
}

15
adyya-pkgs/gts.nix
View file

@ -4,8 +4,7 @@
fetchFromGitHub,
buildGoModule,
nixosTests,
}:
let
}: let
owner = "superseriousbusiness";
repo = "gotosocial";
@ -16,7 +15,7 @@ let
hash = "sha256-85CmcWjcX8a+hZxkyRTfXErmkIx64R2scaaS2Fpf668=";
};
in
buildGoModule rec {
buildGoModule rec {
inherit version;
pname = repo;
@ -49,15 +48,13 @@ buildGoModule rec {
# checks are currently very unstable in our setup, so we should test manually for now
doCheck = false;
checkFlags =
let
checkFlags = let
# flaky / broken tests
skippedTests = [
# See: https://github.com/superseriousbusiness/gotosocial/issues/2651
"TestPage/minID,_maxID_and_limit_set"
];
in
[ "-skip=^${builtins.concatStringsSep "$|^" skippedTests}$" ];
in ["-skip=^${builtins.concatStringsSep "$|^" skippedTests}$"];
passthru.tests.gotosocial = nixosTests.gotosocial;
@ -72,7 +69,7 @@ buildGoModule rec {
advertised to! A light-weight alternative to Mastodon
and Pleroma, with support for clients!
'';
maintainers = with maintainers; [ blakesmith ];
maintainers = with maintainers; [blakesmith];
license = licenses.agpl3Only;
};
}
}

18
apps.mod.nix
View file

@ -1,9 +1,7 @@
{ vscode-server, ... }:
{
{vscode-server, ...}: {
universal.home_modules = [
(
{ pkgs, ... }:
{
{pkgs, ...}: {
home.packages = with pkgs; [
ps
wget
@ -42,16 +40,14 @@
];
personal.modules = [
(
{ pkgs, ... }:
{
users.users.emv.extraGroups = [ "video" ];
{pkgs, ...}: {
users.users.emv.extraGroups = ["video"];
}
)
];
personal.home_modules = [
(
{ pkgs, ... }:
{
{pkgs, ...}: {
home.packages = with pkgs; [
emulsion
ffmpeg
@ -70,7 +66,6 @@
terminator = {
enable = true;
};
};
}
)
@ -81,8 +76,7 @@
];
capsaicin.home_modules = [
(
{ pkgs, ... }:
{
{pkgs, ...}: {
home.packages = with pkgs; [
cryptsetup
keepassxc

8
art.mod.nix
View file

@ -1,9 +1,7 @@
{
capsaicin.home_modules = [
(
{ pkgs, ... }:
{
{pkgs, ...}: {
home.packages = with pkgs; [
blender # this is because capsaicin is the only one of the two who can take rendering something without starting a forest fire
];
@ -12,8 +10,7 @@
];
personal.home_modules = [
(
{ pkgs, ... }:
{
{pkgs, ...}: {
home.packages = with pkgs; [
krita
inkscape
@ -26,5 +23,4 @@
}
)
];
}

3
audio.mod.nix
View file

@ -14,8 +14,7 @@
];
personal.home_modules = [
(
{ pkgs, ... }:
{
{pkgs, ...}: {
home.packages = with pkgs; [
pwvucontrol
pw-volume

5
cluster/kernel.mod.nix
View file

@ -1,8 +1,11 @@
{
cluster-testing.modules = [
(
{ pkgs, lib, ... }:
{
pkgs,
lib,
...
}: {
boot.kernelPatches = [
{
name = "eBPF-cilium";

4
cluster/kubernetes.mod.nix
View file

@ -1,6 +1,6 @@
{
cluster-testing.modules = [
({
{
/*
services.k3s = { # just hogging resources at this moment
enable = true;
@ -40,6 +40,6 @@
addonManager.enable = true;
}; #chat is this factual
*/
})
}
];
}

3
cluster/packages.mod.nix
View file

@ -1,8 +1,7 @@
{
cluster-testing.modules = [
(
{ pkgs, ... }:
{
{pkgs, ...}: {
environment.systemPackages = with pkgs; [
clang # this is for cilium
llvm_18 # idem

9
cluster/virtualisation.mod.nix
View file

@ -1,16 +1,15 @@
{
cluster.modules = [
({
{
users.users.emv.extraGroups = [
"podman"
];
})
}
];
sucrose.modules = [
(
{ pkgs, ... }:
{
environment.systemPackages = [ pkgs.podman-compose ];
{pkgs, ...}: {
environment.systemPackages = [pkgs.podman-compose];
virtualisation = {
containers.enable = true;
podman = {

10
dev.mod.nix
View file

@ -17,8 +17,7 @@
];
personal.home_modules = [
(
{ pkgs, ... }:
{
{pkgs, ...}: {
programs.vscode = {
enable = true;
package = pkgs.vscodium;
@ -38,11 +37,8 @@
];
personal.modules = [
(
{ pkgs, ... }:
{
environment.systemPackages =
with pkgs;
[
{pkgs, ...}: {
environment.systemPackages = with pkgs; [
];
programs = {
direnv = {

3
emacs.mod.nix
View file

@ -1,8 +1,7 @@
{
personal.home_modules = [
(
{ pkgs, ... }:
{
{pkgs, ...}: {
home.packages = with pkgs; [
mupdf
];

57
flake.nix
View file

@ -24,17 +24,14 @@
#niri.url = "github:sodiboo/niri-flake";
};
outputs =
{
outputs = {
self,
nixpkgs,
...
}@inputs:
with nixpkgs.lib;
let
} @ inputs:
with nixpkgs.lib; let
match = flip getAttr;
read_dir_recursively =
dir:
read_dir_recursively = dir:
concatMapAttrs (
this:
match {
@ -44,13 +41,15 @@
regular = {
${this} = "${dir}/${this}";
};
symlink = { };
symlink = {};
}
) (builtins.readDir dir);
# `const` helper function is used extensively: the function is constant in regards to the name of the attribute.
params = inputs // {
params =
inputs
// {
configs = raw_configs;
molecules = {
# number via perfect squares for now, start from 15 squared for personal and 2 squared for others (use primes afterwards, in the same way)
@ -73,11 +72,10 @@
(mapAttrs (const (flip toFunction params)))
];
merge =
prev: this:
merge = prev: this:
{
modules = prev.modules or [ ] ++ this.modules or [ ];
home_modules = prev.home_modules or [ ] ++ this.home_modules or [ ];
modules = prev.modules or [] ++ this.modules or [];
home_modules = prev.home_modules or [] ++ this.home_modules or [];
}
// (optionalAttrs (prev ? system || this ? system) {
system = prev.system or this.system;
@ -85,27 +83,35 @@
all_modules = attrValues (read_all_modules "${self}");
raw_configs' = builtins.zipAttrsWith (
machine: if machine == "extras" then mergeAttrsList else builtins.foldl' merge { }
) all_modules;
raw_configs' =
builtins.zipAttrsWith (
machine:
if machine == "extras"
then mergeAttrsList
else builtins.foldl' merge {}
)
all_modules;
raw_configs = builtins.removeAttrs raw_configs' [ "extras" ];
raw_configs = builtins.removeAttrs raw_configs' ["extras"];
extras = raw_configs'.extras or { };
extras = raw_configs'.extras or {};
configs = builtins.mapAttrs (const (
configs =
builtins.mapAttrs (const (
config:
nixpkgs.lib.nixosSystem {
inherit (config) system;
modules = config.modules ++ [
modules =
config.modules
++ [
{
_module.args.home_modules = config.home_modules;
}
];
}
)) raw_configs;
in
{
))
raw_configs;
in {
# for use in nix repl
p = s: builtins.trace "\n\n${s}\n" "---";
@ -113,14 +119,15 @@
nixosConfigurations = builtins.mapAttrs (name: const configs.${name}) params.molecules;
# This is useful to rebuild all systems at once, for substitution
all-systems = nixpkgs.legacyPackages.x86_64-linux.runCommand "all-systems" { } (
all-systems = nixpkgs.legacyPackages.x86_64-linux.runCommand "all-systems" {} (
''
mkdir $out
''
+ (builtins.concatStringsSep "\n" (
mapAttrsToList (name: config: ''
ln -s ${config.config.system.build.toplevel} $out/${name}
'') self.nixosConfigurations
'')
self.nixosConfigurations
))
);
};

3
fonts.mod.nix
View file

@ -1,8 +1,7 @@
{
personal.modules = [
(
{ pkgs, ... }:
{
{pkgs, ...}: {
fonts.packages = with pkgs; [
noto-fonts
noto-fonts-cjk-sans

6
games.mod.nix
View file

@ -1,8 +1,7 @@
{
personal.modules = [
(
{ pkgs, ... }:
{
{pkgs, ...}: {
programs.steam = {
enable = true;
extraCompatPackages = with pkgs; [
@ -15,8 +14,7 @@
personal.home_modules = [
(
{ pkgs, ... }:
{
{pkgs, ...}: {
home.packages = with pkgs; [
lutris
heroic

66
hardware.mod.nix
View file

@ -1,47 +1,51 @@
{ nixos-hardware, ... }:
let
{nixos-hardware, ...}: let
config = name: system: additional: {
inherit name;
value = {
inherit system;
modules = [
modules =
[
{
networking.hostName = name;
nixpkgs.hostPlatform = system;
}
] ++ additional;
]
++ additional;
};
};
filesystem = fsType: path: device: options: {
fileSystems.${path} = {
fileSystems.${path} =
{
inherit device fsType;
} // (if options == null then { } else { inherit options; });
}
// (
if options == null
then {}
else {inherit options;}
);
};
fs.mergerfs = filesystem "fuse.mergerfs";
fs.btrfs = filesystem "btrfs";
fs.ext4 = filesystem "ext4";
fs.vfat = filesystem "vfat";
swap = device: { swapDevices = [ { inherit device; } ]; };
swap = device: {swapDevices = [{inherit device;}];};
cpu = brand: { hardware.cpu.${brand}.updateMicrocode = true; };
qemu =
{ modulesPath, ... }:
{
imports = [ "${modulesPath}/profiles/qemu-guest.nix" ];
cpu = brand: {hardware.cpu.${brand}.updateMicrocode = true;};
qemu = {modulesPath, ...}: {
imports = ["${modulesPath}/profiles/qemu-guest.nix"];
};
in
{
{
universal.modules = [
(
{
pkgs,
lib,
...
}:
{
environment.systemPackages = with pkgs; [ mergerfs ];
}: {
environment.systemPackages = with pkgs; [mergerfs];
hardware.enableRedistributableFirmware = true;
boot.kernelPackages = pkgs.linuxPackages_latest; # hope this doesn't break anything -e
networking.useDHCP = lib.mkDefault true;
@ -54,8 +58,8 @@ in
services.fwupd.enable = true;
}
];
}
// builtins.listToAttrs [
}
// builtins.listToAttrs [
(config "capsaicin" "x86_64-linux" [
(cpu "intel")
(fs.btrfs "/" "/dev/disk/by-uuid/a1a32f8b-847c-4349-8743-05d25950db1d" null)
@ -66,7 +70,7 @@ in
{
boot.loader.systemd-boot.enable = true;
zramSwap.enable = true;
boot.initrd.kernelModules = [ ];
boot.initrd.kernelModules = [];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
@ -77,7 +81,7 @@ in
"usbmon"
"v4l2loopback"
];
boot.extraModulePackages = [ ];
boot.extraModulePackages = [];
}
])
(config "menthol" "x86_64-linux" [
@ -87,15 +91,15 @@ in
{
boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/sda";
boot.initrd.kernelModules = [ ];
boot.initrd.kernelModules = [];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"sd_mod"
"rtsx_pci_sdmmc"
];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
}
])
(config "glucose" "x86_64-linux" [
@ -105,15 +109,15 @@ in
{
boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/sda";
boot.initrd.kernelModules = [ ];
boot.initrd.kernelModules = [];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ehci_pci"
"ahci"
"sd_mod"
];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
boot.kernelModules = [];
boot.extraModulePackages = [];
}
])
(config "fructose" "x86_64-linux" [
@ -123,15 +127,15 @@ in
{
boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/sda";
boot.initrd.kernelModules = [ ];
boot.initrd.kernelModules = [];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ehci_pci"
"ahci"
"sd_mod"
];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
boot.kernelModules = [];
boot.extraModulePackages = [];
}
])
(config "aspartame" "x86_64-linux" [
@ -148,7 +152,7 @@ in
"virtio_scsi"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.initrd.kernelModules = [];
}
])
]
]

22
home.mod.nix
View file

@ -1,16 +1,18 @@
{ home-manager, ... }:
{
{home-manager, ...}: {
universal.modules = [
home-manager.nixosModules.home-manager
(
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
users.users.emv = {
isNormalUser = true;
description = "emv";
# shell = pkgs.zsh; # this is scuffed as hell, please, for the love of fuck, make a zsh.mod.nix file sometime
# ignoreShellProgramCheck = true;
extraGroups = [ "wheel" ];
extraGroups = ["wheel"];
};
home-manager = {
backupFileExtension = "bak";
@ -33,26 +35,24 @@
lib,
config,
...
}:
{
}: {
options.systemd-fuckery = {
auto-restart = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
default = [];
};
};
config = {
home.activation.restartSystemdFuckery =
let
home.activation.restartSystemdFuckery = let
ensureRuntimeDir = "XDG_RUNTIME_DIR=\${XDG_RUNTIME_DIR:-/run/user/$(id -u)}";
systemctl = "env ${ensureRuntimeDir} ${config.systemd.user.systemctlPath}";
each = f: builtins.concatStringsSep "\n" (map f config.systemd-fuckery.auto-restart);
in
lib.mkIf (config.systemd-fuckery.auto-restart != [ ]) (
lib.hm.dag.entryAfter [ "reloadSystemd" ] ''
lib.mkIf (config.systemd-fuckery.auto-restart != []) (
lib.hm.dag.entryAfter ["reloadSystemd"] ''
systemdStatus=$(${systemctl} --user is-system-running 2>&1 || true)
if [[ $systemdStatus == 'running' || $systemdStatus == 'degraded' ]]; then

11
locale.mod.nix
View file

@ -1,16 +1,19 @@
{
universal.modules = [
({
{
time.timeZone = "Europe/Bucharest";
i18n.defaultLocale = "en_US.UTF-8";
})
}
(
{ pkgs, lib, ... }:
{
pkgs,
lib,
...
}: {
services.xserver.xkb.extraLayouts = {
rulemak = {
description = "Rulemak, Colemak based Russian phonetic layout";
languages = [ "ru" ];
languages = ["ru"];
symbolsFile = pkgs.fetchurl {
url = "https://geert.hendrickx.be/colemak/rulemak.xkb";
hash = "sha256-S91aAlOllcpw9NWYf/vkZksfe4miZgx3BahswPWDWhU=";

3
nerd.mod.nix
View file

@ -1,8 +1,7 @@
{
personal.home_modules = [
(
{ pkgs, ... }:
{
{pkgs, ...}: {
home.packages = with pkgs; [
geogebra6 # geogebra5 currently does not work?
gimp

6
networking/firewall.mod.nix
View file

@ -9,7 +9,7 @@
fructose.modules = [
{
networking.firewall = {
allowedUDPPorts = [ ];
allowedUDPPorts = [];
allowedTCPPorts = [
3000 # forgejo http
222 # forgejo ssh
@ -32,7 +32,7 @@
];
aspartame.modules = [
({
{
services.fail2ban.enable = true;
networking.firewall = {
interfaces.eth0.allowedTCPPorts = [
@ -45,6 +45,6 @@
64738 # murmur udp
];
};
})
}
];
}

28
networking/general.mod.nix
View file

@ -2,15 +2,18 @@
# networking? I sure hope it is. (It was not)
universal.modules = [
(
{ pkgs, lib, ... }:
{
pkgs,
lib,
...
}: {
networking.networkmanager = {
enable = true;
plugins = lib.mkForce [ ]; # networkmanager has a shit ton of vpn plugins by default. which we do not care about because we use wireguard. -e
plugins = lib.mkForce []; # networkmanager has a shit ton of vpn plugins by default. which we do not care about because we use wireguard. -e
};
systemd.services.NetworkManager-wait-online.enable = false; # # disable networkmanager's waitonline because it fucks up switches
networking.usePredictableInterfaceNames = false;
users.users.emv.extraGroups = [ "networkmanager" ];
users.users.emv.extraGroups = ["networkmanager"];
environment.systemPackages = with pkgs; [
busybox
tcpdump
@ -26,13 +29,12 @@
personal.modules = [
(
{ pkgs, ... }:
{
{pkgs, ...}: {
environment.systemPackages = with pkgs; [
toybox
];
programs.wireshark.enable = true;
users.users.emv.extraGroups = [ "wireshark" ];
users.users.emv.extraGroups = ["wireshark"];
}
)
];
@ -54,8 +56,7 @@
];
glucose.modules = [
(
{ ... }:
{
{...}: {
networking = {
interfaces.eth0.ipv4.addresses = [
{
@ -74,8 +75,7 @@
fructose.modules = [
(
{ ... }:
{
{...}: {
networking = {
interfaces.eth0.ipv4.addresses = [
{
@ -94,8 +94,7 @@
capsaicin.modules = [
(
{ config, ... }:
{
{config, ...}: {
networking.resolvconf.enable = false;
networking = {
interfaces.eth0.ipv4.addresses = [
@ -166,8 +165,7 @@
menthol.modules = [
(
{ config, ... }:
{
{config, ...}: {
hardware.bluetooth = {
enable = true; # menthol is the only computer that actually has a bluetooth module.
powerOnBoot = true; # this will kill the battery, beware.
@ -175,7 +173,7 @@
networking.networkmanager = {
# should probably figure out a way to get the default wireless interface?
ensureProfiles = {
environmentFiles = [ "${config.sops.templates."networkmanager.env.secrets.yaml".path}" ];
environmentFiles = ["${config.sops.templates."networkmanager.env.secrets.yaml".path}"];
profiles = {
home2wireless = {
connection = {

10
networking/ssh.mod.nix
View file

@ -1,6 +1,6 @@
{
universal.modules = [
({
{
services.openssh = {
enable = true;
settings.PasswordAuthentication = false; # english is a fake language, apparently it's not "authentification", literally go explode, it makes sense but i am still mad -e
@ -12,7 +12,7 @@
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDRf6PfZtcUN5GJ3hcxoxencU2EMRBeu4BIyBSOgKReD emv@capsaicin"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK2r4QfMmGcPUs4mpYd1YgcLKwwNpBmuHbZVT5VC+8W7 emv@menthol"
];
})
}
];
fructose.modules = [
{
@ -26,15 +26,13 @@
{
programs.ssh = {
enable = true;
matchBlocks =
let
matchBlocks = let
to = hostname: {
inherit hostname;
user = "emv";
identityFile = "~/.ssh/id_ed25519";
};
in
{
in {
glucose = to "glucose.wg";
fructose = to "fructose.wg";
capsaicin = to "capsaicin.wg";

2
networking/tailscale.mod.nix
View file

@ -25,7 +25,7 @@
};
};
};
networking.firewall.allowedUDPPorts = [ 6561 ];
networking.firewall.allowedUDPPorts = [6561];
}
];

60
networking/vpn.mod.nix
View file

@ -3,8 +3,7 @@
nixpkgs,
molecules,
...
}:
let
}: let
public-keys = {
capsaicin = "Jn0yQV0qdi1oPdiMSmQSPk4IYbfR2THuiY5pTl7cLgs=";
menthol = "6cDCwXBSC0bpEtpRVtzAFrt+a4BYd2iPjCmQb4xpZnU=";
@ -19,32 +18,32 @@ let
ips = builtins.mapAttrs (nixpkgs.lib.const ip) molecules;
ips' = builtins.mapAttrs (name: ip: "${ip}/32") ips;
port-for = builtins.mapAttrs (
machine: { config, ... }: toString config.networking.wireguard.interfaces.wg0.listenPort
) self.nixosConfigurations;
in
{
port-for =
builtins.mapAttrs (
machine: {config, ...}: toString config.networking.wireguard.interfaces.wg0.listenPort
)
self.nixosConfigurations;
in {
extras = {
wireguard-ips = ips;
};
universal.modules = [
(
{ config, ... }:
{
{config, ...}: {
networking = {
# i sure hope it is
nat = {
enable = true;
externalInterface = "eth0";
internalInterfaces = [ "wg0" ];
internalInterfaces = ["wg0"];
};
firewall.allowedUDPPorts = [ config.networking.wireguard.interfaces.wg0.listenPort ];
firewall.allowedUDPPorts = [config.networking.wireguard.interfaces.wg0.listenPort];
extraHosts = builtins.concatStringsSep "\n" (
nixpkgs.lib.mapAttrsToList (name: ip: "${ip} ${name}.wg") ips
);
wireguard.interfaces.wg0 = {
ips = [ "${ips.${config.networking.hostName}}/24" ];
ips = ["${ips.${config.networking.hostName}}/24"];
listenPort = 46656;
privateKeyFile = config.sops.secrets.wireguard-private-key.path;
};
@ -55,8 +54,7 @@ in
glucose.modules = [
(
{ pkgs, ... }:
{
{pkgs, ...}: {
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
networking.wireguard.interfaces.wg0 = {
postSetup = ''
@ -69,17 +67,17 @@ in
peers = [
{
publicKey = public-keys.capsaicin;
allowedIPs = [ ips'.capsaicin ];
allowedIPs = [ips'.capsaicin];
}
{
publicKey = public-keys.fructose;
allowedIPs = [ ips'.fructose ];
allowedIPs = [ips'.fructose];
endpoint = "10.12.96.9:${port-for.fructose}";
persistentKeepalive = 25;
}
{
publicKey = public-keys.aspartame;
allowedIPs = [ subnet ];
allowedIPs = [subnet];
endpoint = "vps.collective-conciousness.monster:${port-for.aspartame}";
persistentKeepalive = 25;
}
@ -91,8 +89,7 @@ in
fructose.modules = [
(
{ pkgs, ... }:
{
{pkgs, ...}: {
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
networking.wireguard.interfaces.wg0 = {
postSetup = ''
@ -105,17 +102,17 @@ in
peers = [
{
publicKey = public-keys.capsaicin;
allowedIPs = [ ips'.capsaicin ];
allowedIPs = [ips'.capsaicin];
}
{
publicKey = public-keys.glucose;
allowedIPs = [ ips'.glucose ];
allowedIPs = [ips'.glucose];
endpoint = "10.12.96.4:${port-for.glucose}";
persistentKeepalive = 25;
}
{
publicKey = public-keys.aspartame;
allowedIPs = [ subnet ];
allowedIPs = [subnet];
endpoint = "vps.collective-conciousness.monster:${port-for.aspartame}";
persistentKeepalive = 25;
}
@ -127,8 +124,7 @@ in
aspartame.modules = [
(
{ pkgs, ... }:
{
{pkgs, ...}: {
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
networking.wireguard.interfaces.wg0 = {
postSetup = ''
@ -141,19 +137,19 @@ in
peers = [
{
publicKey = public-keys.capsaicin;
allowedIPs = [ ips'.capsaicin ];
allowedIPs = [ips'.capsaicin];
}
{
publicKey = public-keys.glucose;
allowedIPs = [ ips'.glucose ];
allowedIPs = [ips'.glucose];
}
{
publicKey = public-keys.fructose;
allowedIPs = [ ips'.fructose ];
allowedIPs = [ips'.fructose];
}
{
publicKey = public-keys.menthol;
allowedIPs = [ ips'.menthol ];
allowedIPs = [ips'.menthol];
}
];
};
@ -166,19 +162,19 @@ in
networking.wireguard.interfaces.wg0.peers = [
{
publicKey = public-keys.aspartame;
allowedIPs = [ subnet ];
allowedIPs = [subnet];
endpoint = "vps.collective-conciousness.monster:${port-for.aspartame}";
persistentKeepalive = 25;
}
{
publicKey = public-keys.glucose;
allowedIPs = [ ips'.glucose ];
allowedIPs = [ips'.glucose];
endpoint = "10.12.96.4:${port-for.glucose}";
persistentKeepalive = 25;
}
{
publicKey = public-keys.fructose;
allowedIPs = [ ips'.fructose ];
allowedIPs = [ips'.fructose];
endpoint = "10.12.96.9:${port-for.fructose}";
persistentKeepalive = 25;
}
@ -191,7 +187,7 @@ in
networking.wireguard.interfaces.wg0.peers = [
{
publicKey = public-keys.aspartame;
allowedIPs = [ subnet ];
allowedIPs = [subnet];
endpoint = "vps.collective-conciousness.monster:${port-for.aspartame}";
persistentKeepalive = 25;
}

58
nix.mod.nix
View file

@ -2,11 +2,8 @@
nix-monitored,
molecules,
...
}:
let
garbage-collection-module =
{ lib, ... }:
{
}: let
garbage-collection-module = {lib, ...}: {
programs.nh.clean = {
enable = true;
extraArgs = "--keep 3 --keep-since 7d";
@ -15,25 +12,21 @@ let
nix.optimise = {
automatic = true;
dates = [ "Mon..Sun *-*-* 04:00:00" ];
dates = ["Mon..Sun *-*-* 04:00:00"];
};
# there are very few circumstances in which we'd be awake at those times.
systemd.timers =
let
systemd.timers = let
fuck-off.timerConfig = {
Persistent = lib.mkForce false;
RandomizedDelaySec = lib.mkForce 0;
};
in
{
in {
nh-clean = fuck-off;
nix-optimise = fuck-off;
};
};
distributed-build-module =
{ config, ... }:
{
distributed-build-module = {config, ...}: {
nix.distributedBuilds = true;
nix.buildMachines = [
{
@ -59,8 +52,7 @@ let
}
];
};
in
{
in {
universal.modules = [
{
system.stateVersion = "24.05";
@ -75,8 +67,7 @@ in
};
}
(
{ pkgs, ... }:
{
{pkgs, ...}: {
nixpkgs.overlays = [
nix-monitored.overlays.default
(final: prev: {
@ -91,14 +82,14 @@ in
nix-direnv = prev.nix-direnv.override {
nix = prev.nix-monitored;
};
nixmon = prev.runCommand "nixmon" { } ''
nixmon = prev.runCommand "nixmon" {} ''
mkdir -p $out/bin
ln -s ${prev.nix-monitored}/bin/nix $out/bin/nixmon
'';
})
];
# nix.package = pkgs.nix-monitored;
environment.systemPackages = [ pkgs.nixmon ];
environment.systemPackages = [pkgs.nixmon];
programs.nh.enable = true;
}
)
@ -108,8 +99,7 @@ in
pkgs,
lib,
...
}:
{
}: {
programs.ssh.extraConfig = ''
${builtins.concatStringsSep "" (
lib.mapAttrsToList (name: n: ''
@ -117,7 +107,8 @@ in
HostName ${name}.wg
User remote-builder
IdentityFile ${config.sops.secrets.remote-build-ssh-privkey.path}
'') molecules
'')
molecules
)}
'';
@ -131,9 +122,9 @@ in
shell = pkgs.runtimeShell;
};
users.groups.remote-builder = { };
users.groups.remote-builder = {};
nix.settings.trusted-users = [ "remote-builder" ];
nix.settings.trusted-users = ["remote-builder"];
}
)
(
@ -149,8 +140,8 @@ in
)
{
nix.settings = {
substituters = [ "https://cache.collective-conciousness.monster" ];
trusted-public-keys = [ "adyya-flake:PAbC0hnAiNj/kHcm9wIykmKIf25FDeXB6JusqlX2ghs=" ];
substituters = ["https://cache.collective-conciousness.monster"];
trusted-public-keys = ["adyya-flake:PAbC0hnAiNj/kHcm9wIykmKIf25FDeXB6JusqlX2ghs="];
};
}
)
@ -167,8 +158,7 @@ in
pkgs,
lib,
...
}:
{
}: {
# This is publicly served from https://cache.collective-conciousness.monster
# That's proxied through aspartame via caddy.
services.nix-serve = {
@ -218,19 +208,21 @@ in
)
garbage-collection-module
];
fructose.modules = [ garbage-collection-module ];
menthol.modules = [ distributed-build-module ];
fructose.modules = [garbage-collection-module];
menthol.modules = [distributed-build-module];
aspartame.modules = [
distributed-build-module
garbage-collection-module
];
capsaicin.modules = [ garbage-collection-module ];
capsaicin.modules = [garbage-collection-module];
universal.home_modules = [
(
{ pkgs, lib, ... }:
{
pkgs,
lib,
...
}: {
home.packages = with pkgs; [
cachix
nil

7
peripherals.mod.nix
View file

@ -1,11 +1,10 @@
{
personal.modules = [
(
{ pkgs, ... }:
{
{pkgs, ...}: {
programs.adb.enable = true; # #yeag that's it for now lol
users.users.emv.extraGroups = [ "adbusers" ];
services.udev.packages = [ pkgs.android-udev-rules ];
users.users.emv.extraGroups = ["adbusers"];
services.udev.packages = [pkgs.android-udev-rules];
}
)
];

5
services/caddy/caddy.mod.nix
View file

@ -1,8 +1,11 @@
{
aspartame.modules = [
(
{ pkgs, lib, ... }:
{
pkgs,
lib,
...
}: {
services.caddy = {
enable = true;
package = pkgs.caddy-many;

3
services/couchdb/couchdb.mod.nix
View file

@ -1,8 +1,7 @@
{
glucose.modules = [
(
{ config, ... }:
{
{config, ...}: {
# services.couchdb = {
# enable = true;
# adminUser = "Admin";

5
services/forgejo/forgejo.mod.nix
View file

@ -1,8 +1,11 @@
{
fructose.modules = [
(
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
services.forgejo = {
enable = true;
package = pkgs.forgejo;

10
services/forgejo/runner.mod.nix
View file

@ -6,15 +6,13 @@
config,
lib,
...
}:
{
}: {
services.gitea-actions-runner = {
package = pkgs.forgejo-runner;
instances = {
${config.networking.hostName} = {
enable = true;
hostPackages =
with pkgs;
hostPackages = with pkgs;
lib.mkDefault [
bash
coreutils
@ -26,9 +24,9 @@
nix
nixfmt-rfc-style
];
labels = [ ];
labels = [];
name = config.networking.hostName;
settings = { };
settings = {};
tokenFile = config.sops.templates."forgejo_runner.env.secrets.yaml".path;
url = "https://git.collective-conciousness.monster";
};

5
services/gts/gts.mod.nix
View file

@ -1,8 +1,11 @@
{
aspartame.modules = [
(
{ pkgs, config, ... }:
{
pkgs,
config,
...
}: {
services.gotosocial = {
enable = true;
package = pkgs.gts;

3
services/murmur/murmur.mod.nix
View file

@ -6,8 +6,7 @@
config,
lib,
...
}:
{
}: {
services.murmur = {
enable = true;

3
services/pihole/pihole.mod.nix
View file

@ -1,8 +1,7 @@
{
fructose.modules = [
(
{ config, ... }:
{
{config, ...}: {
virtualisation.oci-containers = {
containers.pihole = {
image = "pihole/pihole:latest";

6
services/postgres/postgres.mod.nix
View file

@ -85,8 +85,7 @@
pkgs,
lib,
...
}:
{
}: {
virtualisation.oci-containers = {
containers.postgres = {
image = "postgres:17";
@ -106,11 +105,10 @@
"5433:8080"
"5434:53"
];
dependsOn = [ "postgres" ];
dependsOn = ["postgres"];
};
};
}
)
];
}

3
services/website/website.mod.nix
View file

@ -1,8 +1,7 @@
{
aspartame.modules = [
(
{ pkgs, ... }:
{
{pkgs, ...}: {
environment.systemPackages = with pkgs; [
zola
];

72
sops.mod.nix
View file

@ -1,5 +1,4 @@
{ sops-nix, ... }:
{
{sops-nix, ...}: {
universal.modules = [
sops-nix.nixosModules.sops
{
@ -11,22 +10,20 @@
sops.age.keyFile = "/home/emv/.config/sops/age/keys.txt";
}
(
{ config, ... }:
{
{config, ...}: {
sops.secrets.wireguard-private-key = {
key = "wireguard-private-keys/${config.networking.hostName}";
};
}
)
({
sops.secrets.remote-build-ssh-privkey = { };
})
{
sops.secrets.remote-build-ssh-privkey = {};
}
];
aspartame.modules = [
(
{ config, ... }:
{
sops.secrets.gts_db_pass = { };
{config, ...}: {
sops.secrets.gts_db_pass = {};
sops.templates."gts.env.secrets.yaml".content = ''
GTS_DB_PASSWORD=${config.sops.placeholder."gts_db_pass"}
'';
@ -35,9 +32,8 @@
];
sucrose.modules = [
(
{ config, ... }:
{
sops.secrets."forgejo_runner_${config.networking.hostName}_token" = { };
{config, ...}: {
sops.secrets."forgejo_runner_${config.networking.hostName}_token" = {};
sops.templates."forgejo_runner.env.secrets.yaml".content = ''
TOKEN=${config.sops.placeholder."forgejo_runner_${config.networking.hostName}_token"}
'';
@ -45,14 +41,13 @@
)
];
glucose.modules = [
({
sops.secrets.binary_cache_secret = { };
})
(
{ config, ... }:
{
sops.secrets.couchdb_admin_pass = { };
sops.secrets.couchdb_admin_account = { };
sops.secrets.binary_cache_secret = {};
}
(
{config, ...}: {
sops.secrets.couchdb_admin_pass = {};
sops.secrets.couchdb_admin_account = {};
sops.templates."couchdb.env.secrets.yaml".content = ''
COUCHDB_PASSWORD="${config.sops.placeholder."couchdb_admin_pass"}"
COUCHDB_USER="${config.sops.placeholder."couchdb_admin_account"}"
@ -60,10 +55,9 @@
}
)
(
{ config, ... }:
{
sops.secrets.murmur_login_password = { };
sops.secrets.murmur_welcome_message = { };
{config, ...}: {
sops.secrets.murmur_login_password = {};
sops.secrets.murmur_welcome_message = {};
sops.templates."murmur.env.secrets.yaml".content = ''
MURMUR_LOGIN_PASSWORD="${config.sops.placeholder."murmur_login_password"}"
MURMUR_WELCOME_MESSAGE="${config.sops.placeholder."murmur_welcome_message"}"
@ -73,19 +67,17 @@
];
fructose.modules = [
(
{ config, ... }:
{
sops.secrets.pihole_webpassword = { };
{config, ...}: {
sops.secrets.pihole_webpassword = {};
sops.templates."pihole.env.secrets.yaml".content = ''
WEBPASSWORD="${config.sops.placeholder."pihole_webpassword"}"
'';
}
)
(
{ config, ... }:
{
sops.secrets.postgresdb_admin_password = { };
sops.secrets.forgejo_db_pass = { };
{config, ...}: {
sops.secrets.postgresdb_admin_password = {};
sops.secrets.forgejo_db_pass = {};
sops.templates."postgresdb.env.secrets.yaml".content = ''
POSTGRES_PASSWORD=${config.sops.placeholder."postgresdb_admin_password"}
'';
@ -94,14 +86,13 @@
];
personal.modules = [
(
{ config, ... }:
{
sops.secrets.home1_ssid = { };
sops.secrets.home1_psk = { };
sops.secrets.home2_ssid = { };
sops.secrets.home2_psk = { };
sops.secrets.phone_ssid = { };
sops.secrets.phone_psk = { };
{config, ...}: {
sops.secrets.home1_ssid = {};
sops.secrets.home1_psk = {};
sops.secrets.home2_ssid = {};
sops.secrets.home2_psk = {};
sops.secrets.phone_ssid = {};
sops.secrets.phone_psk = {};
sops.templates."networkmanager.env.secrets.yaml".content = ''
HOME1_SSID="${config.sops.placeholder."home1_ssid"}"
HOME2_SSID="${config.sops.placeholder."home2_ssid"}"
@ -115,8 +106,7 @@
];
universal.home_modules = [
(
{ pkgs, ... }:
{
{pkgs, ...}: {
home.packages = with pkgs; [
sops
age

24
stylix.mod.nix
View file

@ -1,15 +1,12 @@
{ stylix, ... }:
let
{stylix, ...}: let
wallpapers =
builtins.mapAttrs
(
name: value:
{
name: value: {
lib,
pkgs,
...
}:
{
}: {
stylix.image = pkgs.fetchurl {
url = value.url;
hash = value.hash or lib.fakeHash;
@ -38,8 +35,7 @@ let
twirly-bh.url = "https://w.wallhaven.cc/full/l8/wallhaven-l8v7kq.jpg";
twirly-bh.hash = "sha256-on/wIsdUgKSgl9o/jwKu/Rk2ehK9JgDBoGji+QH5b5s=";
};
in
{
in {
personal.modules = [
stylix.nixosModules.stylix
(
@ -47,8 +43,7 @@ in
pkgs,
config,
...
}:
{
}: {
stylix.enable = true;
stylix.polarity = "dark";
@ -87,15 +82,14 @@ in
pkgs,
config,
...
}:
{
systemd-fuckery.auto-restart = [ "swaybg" ];
}: {
systemd-fuckery.auto-restart = ["swaybg"];
systemd.user.services."swaybg" = {
Unit = {
Description = "wallpapers! brought to you by stylix! :3";
PartOf = [ "graphical-session.target" ];
PartOf = ["graphical-session.target"];
};
Install.WantedBy = [ "graphical-session.target" ];
Install.WantedBy = ["graphical-session.target"];
Service = {
ExecStart = "${lib.getExe pkgs.swaybg} -i ${config.stylix.image}";
Restart = "on-failure";

38
sway.mod.nix
View file

@ -1,8 +1,7 @@
{
personal.modules = [
(
{ pkgs, ... }:
{
{pkgs, ...}: {
programs.sway = {
enable = true;
package = pkgs.swayfx;
@ -25,8 +24,7 @@
pkgs,
config,
...
}:
{
}: {
wayland.windowManager.sway = {
enable = true;
systemd.enable = true;
@ -36,19 +34,17 @@
config = {
modifier = "Mod4";
fonts = lib.mkDefault {
names = [ "pango" ];
names = ["pango"];
style = "monospace";
size = 8.0;
};
terminal = "terminator";
keybindings =
let
keybindings = let
mod = config.wayland.windowManager.sway.config.modifier;
term = config.wayland.windowManager.sway.config.terminal;
rofi = "rofi";
in
{
in {
"${mod}+Return" = "exec ${term}"; # opens a terminal window
"${mod}+Shift+q" = "kill"; # kills the active window
@ -114,16 +110,16 @@
### TODO : Resize mode and automatic floating
assigns = {
"1:" = [ { title = "^Signal$|Discord$"; } ];
"2:main" = [ { title = "VSCodium$"; } ];
"3:browsing" = [ { title = "LibreWolf$"; } ];
"4:misc" = [ ];
"5:5" = [ ];
"6:6" = [ ];
"7:7" = [ ];
"8:8" = [ ];
"9:9" = [ ];
"0:audio" = [ { title = "pwvucontrol$|noisetorch$"; } ];
"1:" = [{title = "^Signal$|Discord$";}];
"2:main" = [{title = "VSCodium$";}];
"3:browsing" = [{title = "LibreWolf$";}];
"4:misc" = [];
"5:5" = [];
"6:6" = [];
"7:7" = [];
"8:8" = [];
"9:9" = [];
"0:audio" = [{title = "pwvucontrol$|noisetorch$";}];
};
/*
@ -169,7 +165,7 @@
*/
bars = [
({
{
statusCommand = "\${pkgs.swayrbar}/bin/swayrbar";
position = "bottom";
trayOutput = "primary";
@ -208,7 +204,7 @@
text = "#ffffff";
};
};
})
}
];
output = {
DP-3 = {

6
tex.mod.nix
View file

@ -1,13 +1,13 @@
{
personal.home_modules = [
(
{ pkgs, ... }:
{
{pkgs, ...}: {
programs.texlive = {
enable = true;
packageSet = pkgs.texlive;
extraPackages = tpkgs: {
inherit (tpkgs)
inherit
(tpkgs)
scheme-medium
dvisvgm
dvipng # in-place output

3
zsh.mod.nix
View file

@ -1,8 +1,7 @@
{
universal.modules = [
(
{ pkgs, ... }:
{
{pkgs, ...}: {
programs.zsh = {
enable = true;
};