Compare commits

..

No commits in common. "4f0d45e4d54f2a9cca794e68eb76d5d8e7fe7003" and "86eef74e9c35cb553901e8044f791c71b691115a" have entirely different histories.

89 changed files with 1314 additions and 1622 deletions

View file

@ -1,4 +1,5 @@
{...}: { { ... }:
{
imports = [ imports = [
./gui-programs.nix ./gui-programs.nix
./networking.nix ./networking.nix

View file

@ -1,17 +1,12 @@
{ { pkgs, lib, config, options, ... }:
pkgs, let
lib, inherit (lib)
config,
options,
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
optional optional
; ;
in { in
{
options.my.gui = { options.my.gui = {
enable = mkEnableOption "System has some kind of screen attached"; enable = mkEnableOption "System has some kind of screen attached";
isNvidia = mkEnableOption "System a NVIDIA GPU"; isNvidia = mkEnableOption "System a NVIDIA GPU";
@ -24,10 +19,8 @@ in {
xserver = { xserver = {
enable = true; enable = true;
# NOTE: could use `mkOptionDefault` but this feels more explicit # NOTE: could use `mkOptionDefault` but this feels more explicit
videoDrivers = videoDrivers = if config.my.gui.isNvidia then [ "nvidia" ]
if config.my.gui.isNvidia else options.services.xserver.videoDrivers.default;
then ["nvidia"]
else options.services.xserver.videoDrivers.default;
windowManager.i3.enable = true; windowManager.i3.enable = true;
layout = "fr"; layout = "fr";
xkbVariant = "us"; xkbVariant = "us";
@ -38,8 +31,7 @@ in {
}; };
environment.systemPackages = builtins.attrValues { environment.systemPackages = builtins.attrValues {
inherit inherit (pkgs)
(pkgs)
element-desktop element-desktop
feh feh
firefox firefox
@ -56,7 +48,7 @@ in {
thunderbird thunderbird
virt-manager virt-manager
zathura zathura
; ;
inherit (pkgs.gnome) nautilus; inherit (pkgs.gnome) nautilus;
@ -68,11 +60,11 @@ in {
dispatcherScripts = [ dispatcherScripts = [
{ {
source = let source =
grep = "${pkgs.gnugrep}/bin/grep"; let
nmcli = "${pkgs.networkmanager}/bin/nmcli"; grep = "${pkgs.gnugrep}/bin/grep";
in nmcli = "${pkgs.networkmanager}/bin/nmcli";
pkgs.writeShellScript "disable_wifi_on_ethernet" '' in pkgs.writeShellScript "disable_wifi_on_ethernet" ''
export LC_ALL=C export LC_ALL=C
enable_disable_wifi () enable_disable_wifi ()

View file

@ -1,10 +1,11 @@
{lib, ...}: let { lib, ... }:
inherit let
(lib) inherit (lib)
mkOption mkOption
types types
; ;
in { in
{
options.my.networking.externalInterface = mkOption { options.my.networking.externalInterface = mkOption {
type = types.nullOr types.str; type = types.nullOr types.str;
default = null; default = null;

View file

@ -1,12 +1,13 @@
{pkgs, ...}: { { pkgs, ... }:
{
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
nix = { nix = {
package = pkgs.nixStable; package = pkgs.nixStable;
settings = { settings = {
experimental-features = ["nix-command" "flakes"]; experimental-features = [ "nix-command" "flakes" ];
trusted-users = ["@wheel"]; trusted-users = [ "@wheel" ];
substituters = [ substituters = [
"https://alarsyo.cachix.org" "https://alarsyo.cachix.org"
"https://nix-community.cachix.org" "https://nix-community.cachix.org"

View file

@ -1,4 +1,5 @@
{pkgs, ...}: { { pkgs, ... }:
{
programs = { programs = {
fish.enable = true; fish.enable = true;
gnupg.agent = { gnupg.agent = {
@ -19,10 +20,8 @@
}; };
environment.systemPackages = builtins.attrValues { environment.systemPackages = builtins.attrValues {
inherit inherit (pkgs)
(pkgs)
# shell usage # shell usage
fd fd
ripgrep ripgrep
sd sd
@ -30,9 +29,8 @@
tokei tokei
tree tree
wget wget
# development # development
alejandra
git git
git-crypt git-crypt
git-lfs git-lfs
@ -42,8 +40,8 @@
pinentry-gnome pinentry-gnome
python3 python3
vim vim
# terminal utilities # terminal utilities
bottom bottom
dogdns dogdns
du-dust du-dust
@ -52,16 +50,16 @@
tealdeer tealdeer
unzip unzip
zip zip
# nix pkgs lookup
nix-index
agenix
;
inherit # nix pkgs lookup
(pkgs.llvmPackages_11) nix-index
agenix
;
inherit (pkgs.llvmPackages_11)
bintools bintools
clang clang
; ;
}; };
} }

View file

@ -1,11 +1,8 @@
{ { config, lib, pkgs, ... }:
config, let
lib,
pkgs,
...
}: let
secrets = config.my.secrets; secrets = config.my.secrets;
in { in
{
users.mutableUsers = false; users.mutableUsers = false;
users.users.root = { users.users.root = {
passwordFile = config.age.secrets."users/root-hashed-password".path; passwordFile = config.age.secrets."users/root-hashed-password".path;

View file

@ -1,4 +1,5 @@
{...}: { { ... }:
{
imports = [ imports = [
# Default configuration # Default configuration
./base ./base

171
flake.nix
View file

@ -51,121 +51,104 @@
}; };
}; };
outputs = { outputs = { self, nixpkgs, home-manager, agenix, ... } @inputs: {
self, nixosModules = {
nixpkgs, home = {
home-manager, home-manager.useGlobalPkgs = true;
agenix, home-manager.useUserPackages = true;
... home-manager.users.alarsyo = import ./home;
} @ inputs: home-manager.verbose = true;
{
nixosModules = {
home = {
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.alarsyo = import ./home;
home-manager.verbose = true;
};
nix-path = {
nix.nixPath = [
"nixpkgs=${inputs.nixpkgs}"
];
};
}; };
nix-path = {
nix.nixPath = [
"nixpkgs=${inputs.nixpkgs}"
];
};
};
overlays = import ./overlays; overlays = import ./overlays;
nixosConfigurations = let nixosConfigurations =
let
system = "x86_64-linux"; system = "x86_64-linux";
shared_overlays = shared_overlays = [
[ (self: super: {
(self: super: { packages = import ./pkgs { pkgs = super; };
packages = import ./pkgs {pkgs = super;};
# packages accessible through pkgs.unstable.package # packages accessible through pkgs.unstable.package
unstable = import inputs.nixpkgs-unstable-small { unstable = import inputs.nixpkgs-unstable-small {
inherit system; inherit system;
config.allowUnfree = true; config.allowUnfree = true;
}; };
})
agenix.overlay })
]
++ builtins.attrValues self.overlays; agenix.overlay
sharedModules = ] ++ builtins.attrValues self.overlays;
[ sharedModules = [
agenix.nixosModule agenix.nixosModule
home-manager.nixosModule home-manager.nixosModule
{nixpkgs.overlays = shared_overlays;} { nixpkgs.overlays = shared_overlays; }
] ] ++ (nixpkgs.lib.attrValues self.nixosModules);
++ (nixpkgs.lib.attrValues self.nixosModules);
in { in {
poseidon = nixpkgs.lib.nixosSystem rec { poseidon = nixpkgs.lib.nixosSystem rec {
inherit system; inherit system;
modules = modules = [
[ ./poseidon.nix
./poseidon.nix ] ++ sharedModules;
]
++ sharedModules;
}; };
boreal = nixpkgs.lib.nixosSystem rec { boreal = nixpkgs.lib.nixosSystem rec {
inherit system; inherit system;
modules = modules = [
[ ./boreal.nix
./boreal.nix
{ {
nixpkgs.overlays = [ nixpkgs.overlays = [
inputs.emacs-overlay.overlay inputs.emacs-overlay.overlay
# uncomment this to build everything from scratch, fun but takes a # uncomment this to build everything from scratch, fun but takes a
# while # while
# #
# (self: super: { # (self: super: {
# stdenv = super.impureUseNativeOptimizations super.stdenv; # stdenv = super.impureUseNativeOptimizations super.stdenv;
# }) # })
]; ];
} }
] ] ++ sharedModules;
++ sharedModules;
}; };
zephyrus = nixpkgs.lib.nixosSystem rec { zephyrus = nixpkgs.lib.nixosSystem rec {
inherit system; inherit system;
modules = modules = [
[ ./zephyrus.nix
./zephyrus.nix
inputs.nixos-hardware.nixosModules.common-cpu-intel inputs.nixos-hardware.nixosModules.common-cpu-intel
inputs.nixos-hardware.nixosModules.common-pc-laptop inputs.nixos-hardware.nixosModules.common-pc-laptop
inputs.nixos-hardware.nixosModules.common-pc-ssd inputs.nixos-hardware.nixosModules.common-pc-ssd
{ {
nixpkgs.overlays = [ nixpkgs.overlays = [
inputs.emacs-overlay.overlay inputs.emacs-overlay.overlay
]; ];
} }
] ] ++ sharedModules;
++ sharedModules;
}; };
}; };
} } // inputs.flake-utils.lib.eachDefaultSystem (system: {
// inputs.flake-utils.lib.eachDefaultSystem (system: { packages =
packages = (
( inputs.flake-utils.lib.flattenTree
inputs.flake-utils.lib.flattenTree (import ./pkgs { pkgs = import nixpkgs { inherit system; }; })
(import ./pkgs {pkgs = import nixpkgs {inherit system;};}) ) // {
) emacsPgtkGcc = (
// { import nixpkgs {
emacsPgtkGcc = inherit system;
( overlays = [ inputs.emacs-overlay.overlay ];
import nixpkgs { }
inherit system; ).emacsPgtkGcc;
overlays = [inputs.emacs-overlay.overlay]; };
} });
)
.emacsPgtkGcc;
};
});
} }

View file

@ -1,19 +1,15 @@
{ { config, lib, pkgs, ... }:
config, let
lib, inherit (lib)
pkgs,
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
; ;
cfg = config.my.home.alacritty; cfg = config.my.home.alacritty;
alacrittyTheme = config.my.theme.alacrittyTheme; alacrittyTheme = config.my.theme.alacrittyTheme;
in { in
options.my.home.alacritty.enable = (mkEnableOption "Alacritty terminal") // {default = config.my.home.x.enable;}; {
options.my.home.alacritty.enable = (mkEnableOption "Alacritty terminal") // { default = config.my.home.x.enable; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
programs.alacritty = { programs.alacritty = {
@ -43,7 +39,7 @@ in {
}; };
}; };
home.packages = [pkgs.iosevka-bin]; home.packages = [ pkgs.iosevka-bin ];
# make sure font is discoverable # make sure font is discoverable
fonts.fontconfig.enable = true; fonts.fontconfig.enable = true;

View file

@ -1,19 +1,16 @@
{ { config, lib, ... }:
config, let
lib, inherit (lib)
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
; ;
cfg = config.my.home.bat; cfg = config.my.home.bat;
batTheme = config.my.theme.batTheme; batTheme = config.my.theme.batTheme;
in { in
{
options.my.home.bat = { options.my.home.bat = {
enable = (mkEnableOption "bat code display tool") // {default = true;}; enable = (mkEnableOption "bat code display tool") // { default = true; };
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {

View file

@ -1,4 +1,5 @@
{...}: { { ... }:
{
imports = [ imports = [
./alacritty.nix ./alacritty.nix
./bat.nix ./bat.nix

View file

@ -1,35 +1,30 @@
{ { config, lib, pkgs, ... }:
config, let
lib, inherit (lib)
pkgs,
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
; ;
in { in
{
options.my.home.emacs = { options.my.home.emacs = {
enable = mkEnableOption "Emacs daemon configuration"; enable = mkEnableOption "Emacs daemon configuration";
}; };
config = mkIf config.my.home.emacs.enable { config = mkIf config.my.home.emacs.enable {
home.sessionPath = ["${config.xdg.configHome}/emacs/bin"];
home.sessionPath = [ "${config.xdg.configHome}/emacs/bin" ];
home.sessionVariables = { home.sessionVariables = {
EDITOR = "emacsclient -t"; EDITOR = "emacsclient -t";
}; };
home.packages = builtins.attrValues { home.packages = builtins.attrValues {
inherit inherit (pkgs)
(pkgs)
sqlite # needed by org-roam sqlite # needed by org-roam
# fonts used by my config # fonts used by my config
emacs-all-the-icons-fonts emacs-all-the-icons-fonts
iosevka-bin iosevka-bin
; ;
}; };
# make sure above fonts are discoverable # make sure above fonts are discoverable
fonts.fontconfig.enable = true; fonts.fontconfig.enable = true;

View file

@ -1,4 +1,5 @@
{config, ...}: { { config, ... }:
{
home.sessionPath = [ home.sessionPath = [
"${config.home.homeDirectory}/.cargo/bin" "${config.home.homeDirectory}/.cargo/bin"
"${config.home.homeDirectory}/.local/bin" "${config.home.homeDirectory}/.local/bin"

View file

@ -1,19 +1,15 @@
{ { config, lib, pkgs, ... }:
config, let
lib, inherit (lib)
pkgs,
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
; ;
cfg = config.my.home.firefox; cfg = config.my.home.firefox;
in { in
{
options.my.home.firefox = { options.my.home.firefox = {
enable = (mkEnableOption "firefox config") // {default = config.my.home.x.enable;}; enable = (mkEnableOption "firefox config") // { default = config.my.home.x.enable; };
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {

View file

@ -1,17 +1,14 @@
{ { config, lib, ... }:
config, let
lib, inherit (lib)
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
; ;
cfg = config.my.home.fish; cfg = config.my.home.fish;
in { in
options.my.home.fish.enable = (mkEnableOption "Fish shell") // {default = true;}; {
options.my.home.fish.enable = (mkEnableOption "Fish shell") // { default = true; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
home.sessionVariables = { home.sessionVariables = {
@ -24,6 +21,6 @@ in {
enable = true; enable = true;
}; };
xdg.configFile."fish/functions" = {source = ./. + "/functions";}; xdg.configFile."fish/functions" = { source = ./. + "/functions"; };
}; };
} }

View file

@ -1,16 +1,13 @@
{ { config, lib, ... }:
config, let
lib, inherit (lib)
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
; ;
cfg = config.my.home.flameshot; cfg = config.my.home.flameshot;
in { in
{
options.my.home.flameshot = { options.my.home.flameshot = {
enable = mkEnableOption "flameshot autolaunch"; enable = mkEnableOption "flameshot autolaunch";
}; };

View file

@ -1,18 +1,14 @@
{ { config, lib, pkgs, ... }:
config, let
lib, inherit (lib)
pkgs,
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
; ;
cfg = config.my.home.git; cfg = config.my.home.git;
in { in
options.my.home.git.enable = (mkEnableOption "Git configuration") // {default = true;}; {
options.my.home.git.enable = (mkEnableOption "Git configuration") // { default = true; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
programs.git = { programs.git = {
@ -30,11 +26,11 @@ in {
userName = "Antoine Martin"; userName = "Antoine Martin";
extraConfig = { extraConfig = {
commit = {verbose = true;}; commit = { verbose = true; };
core = {editor = "vim";}; core = { editor = "vim"; };
init = {defaultBranch = "main";}; init = { defaultBranch = "main"; };
pull = {rebase = true;}; pull = { rebase = true; };
rerere = {enabled = true;}; rerere = { enabled = true; };
}; };
aliases = { aliases = {
@ -46,15 +42,15 @@ in {
includes = [ includes = [
{ {
condition = "gitdir:~/work/lrde/"; condition = "gitdir:~/work/lrde/";
contents = {user = {email = "amartin@lrde.epita.fr";};}; contents = { user = { email = "amartin@lrde.epita.fr"; }; };
} }
{ {
condition = "gitdir:~/work/prologin/"; condition = "gitdir:~/work/prologin/";
contents = {user = {email = "antoine.martin@prologin.org";};}; contents = { user = { email = "antoine.martin@prologin.org"; }; };
} }
{ {
condition = "gitdir:~/work/epita/"; condition = "gitdir:~/work/epita/";
contents = {user = {email = "antoine4.martin@epita.fr";};}; contents = { user = { email = "antoine4.martin@epita.fr"; }; };
} }
]; ];
}; };

View file

@ -1,13 +1,10 @@
{ { config, lib, ... }:
config, let
lib, inherit (lib)
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
; ;
in { in
{
options.my.home.laptop = { options.my.home.laptop = {
enable = mkEnableOption "Laptop settings"; enable = mkEnableOption "Laptop settings";
}; };

View file

@ -1,28 +1,25 @@
{ { config, lib, ... }:
config, let
lib, inherit (lib)
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
; ;
cfg = config.my.home.lorri; cfg = config.my.home.lorri;
in { in
{
options.my.home.lorri = { options.my.home.lorri = {
enable = (mkEnableOption "lorri daemon setup") // {default = true;}; enable = (mkEnableOption "lorri daemon setup") // { default = true; };
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.lorri.enable = true; services.lorri.enable = true;
programs.direnv = { programs.direnv = {
enable = true;
# FIXME: proper file, not lorri.nix
nix-direnv = {
enable = true; enable = true;
}; # FIXME: proper file, not lorri.nix
nix-direnv = {
enable = true;
};
}; };
}; };
} }

View file

@ -1,26 +1,22 @@
{ { config, lib, pkgs, ... }:
config, let
lib, inherit (lib)
pkgs,
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
; ;
myName = "Antoine Martin"; myName = "Antoine Martin";
email_perso = "antoine@alarsyo.net"; email_perso = "antoine@alarsyo.net";
email_lrde = "amartin@lrde.epita.fr"; email_lrde = "amartin@lrde.epita.fr";
cfg = config.my.home.mail; cfg = config.my.home.mail;
in { in
{
options.my.home.mail = { options.my.home.mail = {
# I *could* read email in a terminal emacs client on a server, but in # I *could* read email in a terminal emacs client on a server, but in
# practice I don't think it'll happen very often, so let's enable this only # practice I don't think it'll happen very often, so let's enable this only
# when I'm on a machine with a Xorg server. # when I'm on a machine with a Xorg server.
enable = (mkEnableOption "email configuration") // {default = config.my.home.x.enable;}; enable = (mkEnableOption "email configuration") // { default = config.my.home.x.enable; };
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {

View file

@ -1,18 +1,14 @@
{ { config, lib, pkgs, ... }:
config, let
lib, inherit (lib)
pkgs,
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
; ;
cfg = config.my.home.mail; cfg = config.my.home.mail;
in { in
{
options.my.home.rbw = { options.my.home.rbw = {
enable = mkEnableOption "rbw configuration"; enable = (mkEnableOption "rbw configuration");
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {

View file

@ -1,19 +1,15 @@
{ { config, lib, pkgs, ... }:
config, let
lib, inherit (lib)
pkgs,
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
; ;
cfg = config.my.home.rofi; cfg = config.my.home.rofi;
in { in
{
options.my.home.rofi = { options.my.home.rofi = {
enable = (mkEnableOption "rofi configuration") // {default = config.my.home.x.enable;}; enable = (mkEnableOption "rofi configuration") // { default = config.my.home.x.enable; };
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {

View file

@ -1,18 +1,15 @@
{ { config, lib, ... }:
config, let
lib, inherit (lib)
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
; ;
cfg = config.my.home.ssh; cfg = config.my.home.ssh;
in { in
{
options.my.home.ssh = { options.my.home.ssh = {
enable = (mkEnableOption "ssh configuration") // {default = true;}; enable = (mkEnableOption "ssh configuration") // { default = true; };
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
@ -20,8 +17,8 @@ in {
enable = true; enable = true;
matchBlocks = { matchBlocks = {
boreal = {hostname = "boreal.alarsyo.net";}; boreal = { hostname = "boreal.alarsyo.net"; };
poseidon = {hostname = "poseidon.alarsyo.net";}; poseidon = { hostname = "poseidon.alarsyo.net"; };
pi = { pi = {
hostname = "pi.alarsyo.net"; hostname = "pi.alarsyo.net";
user = "pi"; user = "pi";

View file

@ -1,11 +1,11 @@
{lib}: let { lib }:
inherit let
(lib) inherit (lib)
mkOption mkOption
types types
; ;
mkColorOption = import ./color.nix {inherit lib;}; mkColorOption = import ./color.nix { inherit lib; };
primaryColorModule = types.submodule { primaryColorModule = types.submodule {
options = { options = {
@ -34,60 +34,60 @@
}; };
}; };
in in
types.submodule { types.submodule {
options = { options = {
primary = mkOption { primary = mkOption {
type = primaryColorModule; type = primaryColorModule;
default = { default = {
foreground = "#c5c8c6"; foreground = "#c5c8c6";
background = "#1d1f21"; background = "#1d1f21";
};
};
cursor = mkOption {
type = cursorColorModule;
default = {
text = "#1d1f21";
cursor = "#c5c8c6";
};
};
normal = mkOption {
type = rainbowColorModule;
default = {
black = "#1d1f21";
red = "#cc6666";
green = "#b5bd68";
yellow = "#f0c674";
blue = "#81a2be";
magenta = "#b294bb";
cyan = "#8abeb7";
white = "#c5c8c6";
};
};
bright = mkOption {
type = rainbowColorModule;
default = {
black = "#666666";
red = "#d54e53";
green = "#b9ca4a";
yellow = "#e7c547";
blue = "#7aa6da";
magenta = "#c397d8";
cyan = "#70c0b1";
white = "#eaeaea";
};
};
dim = mkOption {
type = rainbowColorModule;
default = {
black = "#131415";
red = "#864343";
green = "#777c44";
yellow = "#9e824c";
blue = "#556a7d";
magenta = "#75617b";
cyan = "#5b7d78";
white = "#828482";
};
}; };
}; };
} cursor = mkOption {
type = cursorColorModule;
default = {
text = "#1d1f21";
cursor = "#c5c8c6";
};
};
normal = mkOption {
type = rainbowColorModule;
default = {
black = "#1d1f21";
red = "#cc6666";
green = "#b5bd68";
yellow = "#f0c674";
blue = "#81a2be";
magenta = "#b294bb";
cyan = "#8abeb7";
white = "#c5c8c6";
};
};
bright = mkOption {
type = rainbowColorModule;
default = {
black = "#666666";
red = "#d54e53";
green = "#b9ca4a";
yellow = "#e7c547";
blue = "#7aa6da";
magenta = "#c397d8";
cyan = "#70c0b1";
white = "#eaeaea";
};
};
dim = mkOption {
type = rainbowColorModule;
default = {
black = "#131415";
red = "#864343";
green = "#777c44";
yellow = "#9e824c";
blue = "#556a7d";
magenta = "#75617b";
cyan = "#5b7d78";
white = "#828482";
};
};
};
}

View file

@ -1,15 +1,15 @@
{lib}: let { lib }:
inherit let
(lib) inherit (lib)
mkOption mkOption
types types
; ;
in in
types.submodule { types.submodule {
options = { options = {
name = mkOption { name = mkOption {
type = types.str; type = types.str;
default = ""; default = "";
};
}; };
} };
}

View file

@ -1,18 +1,14 @@
{lib}: let { lib }:
inherit let
(lib) inherit (lib)
mkOption mkOption
types types
; ;
mkColorOption = { mkColorOption = {default ? "#000000", description ? "" }: mkOption {
default ? "#000000", inherit description default;
description ? "", example = "#abcdef";
}: type = types.strMatching "#[0-9a-f]{6}";
mkOption { };
inherit description default;
example = "#abcdef";
type = types.strMatching "#[0-9a-f]{6}";
};
in in
mkColorOption mkColorOption

View file

@ -1,38 +1,35 @@
{ { config, lib, ... }:
config, let
lib, inherit (lib)
...
}: let
inherit
(lib)
mkOption mkOption
types types
; ;
themeType = types.submodule { themeType = types.submodule {
options = { options = {
alacrittyTheme = mkOption { alacrittyTheme = mkOption {
type = import ./alacritty.nix {inherit lib;}; type = import ./alacritty.nix { inherit lib; };
default = {}; default = {};
}; };
batTheme = mkOption { batTheme = mkOption {
type = import ./bat.nix {inherit lib;}; type = import ./bat.nix { inherit lib; };
default = {}; default = {};
}; };
i3Theme = mkOption { i3Theme = mkOption {
type = import ./i3.nix {inherit lib;}; type = import ./i3.nix { inherit lib; };
default = {}; default = {};
}; };
i3BarTheme = mkOption { i3BarTheme = mkOption {
type = import ./i3bar.nix {inherit lib;}; type = import ./i3bar.nix { inherit lib; };
default = {}; default = {};
}; };
}; };
}; };
in { in
{
options.my.theme = mkOption { options.my.theme = mkOption {
type = themeType; type = themeType;
default = {}; default = {};
}; };
options.my.themes = mkOption { options.my.themes = mkOption {

View file

@ -1,11 +1,11 @@
{lib}: let { lib }:
inherit let
(lib) inherit (lib)
mkOption mkOption
types types
; ;
mkColorOption = import ./color.nix {inherit lib;}; mkColorOption = import ./color.nix { inherit lib; };
barColorSetModule = types.submodule { barColorSetModule = types.submodule {
options = { options = {
@ -25,164 +25,165 @@
}; };
}; };
in in
types.submodule { types.submodule {
options = { options = {
bar = mkOption { bar = mkOption {
type = types.submodule { type = types.submodule {
options = { options = {
background = mkColorOption { background = mkColorOption {
default = "#000000"; default = "#000000";
description = "Background color of the bar."; description = "Background color of the bar.";
}; };
statusline = mkColorOption { statusline = mkColorOption {
default = "#ffffff"; default = "#ffffff";
description = "Text color to be used for the statusline."; description = "Text color to be used for the statusline.";
}; };
separator = mkColorOption { separator = mkColorOption {
default = "#666666"; default = "#666666";
description = "Text color to be used for the separator."; description = "Text color to be used for the separator.";
}; };
focusedWorkspace = mkOption { focusedWorkspace = mkOption {
type = barColorSetModule; type = barColorSetModule;
default = { default = {
border = "#4c7899"; border = "#4c7899";
background = "#285577"; background = "#285577";
text = "#ffffff"; text = "#ffffff";
};
description = ''
Border, background and text color for a workspace button when the workspace has focus.
'';
}; };
description = ''
Border, background and text color for a workspace button when the workspace has focus.
'';
};
activeWorkspace = mkOption { activeWorkspace = mkOption {
type = barColorSetModule; type = barColorSetModule;
default = { default = {
border = "#333333"; border = "#333333";
background = "#5f676a"; background = "#5f676a";
text = "#ffffff"; text = "#ffffff";
};
description = ''
Border, background and text color for a workspace button when the workspace is active.
'';
}; };
description = ''
Border, background and text color for a workspace button when the workspace is active.
'';
};
inactiveWorkspace = mkOption { inactiveWorkspace = mkOption {
type = barColorSetModule; type = barColorSetModule;
default = { default = {
border = "#333333"; border = "#333333";
background = "#222222"; background = "#222222";
text = "#888888"; text = "#888888";
};
description = ''
Border, background and text color for a workspace button when the workspace does not
have focus and is not active.
'';
}; };
description = ''
Border, background and text color for a workspace button when the workspace does not
have focus and is not active.
'';
};
urgentWorkspace = mkOption { urgentWorkspace = mkOption {
type = barColorSetModule; type = barColorSetModule;
default = { default = {
border = "#2f343a"; border = "#2f343a";
background = "#900000"; background = "#900000";
text = "#ffffff"; text = "#ffffff";
};
description = ''
Border, background and text color for a workspace button when the workspace contains
a window with the urgency hint set.
'';
}; };
description = ''
Border, background and text color for a workspace button when the workspace contains
a window with the urgency hint set.
'';
};
bindingMode = mkOption { bindingMode = mkOption {
type = barColorSetModule; type = barColorSetModule;
default = { default = {
border = "#2f343a"; border = "#2f343a";
background = "#900000"; background = "#900000";
text = "#ffffff"; text = "#ffffff";
};
description = "Border, background and text color for the binding mode indicator";
}; };
description =
"Border, background and text color for the binding mode indicator";
}; };
}; };
default = {};
}; };
background = mkOption { default = {};
type = types.str;
default = "#ffffff";
description = ''
Background color of the window. Only applications which do not cover
the whole area expose the color.
'';
};
focused = mkOption {
type = colorSetModule;
default = {
border = "#4c7899";
background = "#285577";
text = "#ffffff";
indicator = "#2e9ef4";
childBorder = "#285577";
};
description = "A window which currently has the focus.";
};
focusedInactive = mkOption {
type = colorSetModule;
default = {
border = "#333333";
background = "#5f676a";
text = "#ffffff";
indicator = "#484e50";
childBorder = "#5f676a";
};
description = ''
A window which is the focused one of its container,
but it does not have the focus at the moment.
'';
};
unfocused = mkOption {
type = colorSetModule;
default = {
border = "#333333";
background = "#222222";
text = "#888888";
indicator = "#292d2e";
childBorder = "#222222";
};
description = "A window which is not focused.";
};
urgent = mkOption {
type = colorSetModule;
default = {
border = "#2f343a";
background = "#900000";
text = "#ffffff";
indicator = "#900000";
childBorder = "#900000";
};
description = "A window which has its urgency hint activated.";
};
placeholder = mkOption {
type = colorSetModule;
default = {
border = "#000000";
background = "#0c0c0c";
text = "#ffffff";
indicator = "#000000";
childBorder = "#0c0c0c";
};
description = ''
Background and text color are used to draw placeholder window
contents (when restoring layouts). Border and indicator are ignored.
'';
};
}; };
}
background = mkOption {
type = types.str;
default = "#ffffff";
description = ''
Background color of the window. Only applications which do not cover
the whole area expose the color.
'';
};
focused = mkOption {
type = colorSetModule;
default = {
border = "#4c7899";
background = "#285577";
text = "#ffffff";
indicator = "#2e9ef4";
childBorder = "#285577";
};
description = "A window which currently has the focus.";
};
focusedInactive = mkOption {
type = colorSetModule;
default = {
border = "#333333";
background = "#5f676a";
text = "#ffffff";
indicator = "#484e50";
childBorder = "#5f676a";
};
description = ''
A window which is the focused one of its container,
but it does not have the focus at the moment.
'';
};
unfocused = mkOption {
type = colorSetModule;
default = {
border = "#333333";
background = "#222222";
text = "#888888";
indicator = "#292d2e";
childBorder = "#222222";
};
description = "A window which is not focused.";
};
urgent = mkOption {
type = colorSetModule;
default = {
border = "#2f343a";
background = "#900000";
text = "#ffffff";
indicator = "#900000";
childBorder = "#900000";
};
description = "A window which has its urgency hint activated.";
};
placeholder = mkOption {
type = colorSetModule;
default = {
border = "#000000";
background = "#0c0c0c";
text = "#ffffff";
indicator = "#000000";
childBorder = "#0c0c0c";
};
description = ''
Background and text color are used to draw placeholder window
contents (when restoring layouts). Border and indicator are ignored.
'';
};
};
}

View file

@ -1,28 +1,28 @@
{lib}: let { lib }:
inherit let
(lib) inherit (lib)
mkOption mkOption
types types
; ;
mkColorOption = import ./color.nix {inherit lib;}; mkColorOption = import ./color.nix { inherit lib; };
in in
types.submodule { types.submodule {
options = { options = {
theme = mkOption { theme = mkOption {
type = types.submodule { type = types.submodule {
options = { options = {
name = mkOption { name = mkOption {
type = types.str; type = types.str;
default = "plain"; default = "plain";
}; };
overrides = mkOption { overrides = mkOption {
type = types.attrsOf types.str; type = types.attrsOf types.str;
default = {}; default = {};
};
}; };
}; };
default = {};
}; };
default = {};
}; };
} };
}

View file

@ -1,6 +1,5 @@
let let
inherit inherit (import ./colors.nix)
(import ./colors.nix)
base0 base0
base00 base00
base01 base01
@ -17,8 +16,9 @@ let
red red
violet violet
yellow yellow
; ;
in { in
{
primary = { primary = {
background = base3; background = base3;
foreground = base00; foreground = base00;

View file

@ -1,18 +1,18 @@
{ {
base03 = "#002b36"; # brblack base03 = "#002b36"; # brblack
base02 = "#073642"; # black base02 = "#073642"; # black
base01 = "#586e75"; # brgreen base01 = "#586e75"; # brgreen
base00 = "#657b83"; # bryellow base00 = "#657b83"; # bryellow
base0 = "#839496"; # brblue base0 = "#839496"; # brblue
base1 = "#93a1a1"; # brcyan base1 = "#93a1a1"; # brcyan
base2 = "#eee8d5"; # white base2 = "#eee8d5"; # white
base3 = "#fdf6e3"; # brwhite base3 = "#fdf6e3"; # brwhite
yellow = "#b58900"; # yellow yellow = "#b58900"; # yellow
orange = "#cb4b16"; # brred orange = "#cb4b16"; # brred
red = "#dc322f"; # red red = "#dc322f"; # red
magenta = "#d33682"; # magenta magenta = "#d33682"; # magenta
violet = "#6c71c4"; # brmagenta violet = "#6c71c4"; # brmagenta
blue = "#268bd2"; # blue blue = "#268bd2"; # blue
cyan = "#2aa198"; # cyan cyan = "#2aa198"; # cyan
green = "#859900"; # green green = "#859900"; # green
} }

View file

@ -1,6 +1,5 @@
let let
inherit inherit (import ./colors.nix)
(import ./colors.nix)
base00 base00
base2 base2
base3 base3
@ -9,8 +8,9 @@ let
orange orange
red red
yellow yellow
; ;
in { in
{
bar = { bar = {
background = base3; background = base3;
statusline = yellow; statusline = yellow;

View file

@ -1,6 +1,5 @@
let let
inherit inherit (import ./colors.nix)
(import ./colors.nix)
base00 base00
base2 base2
base3 base3
@ -8,8 +7,9 @@ let
green green
red red
yellow yellow
; ;
in { in
{
theme = { theme = {
name = "solarized-light"; name = "solarized-light";
overrides = { overrides = {

View file

@ -1,19 +1,15 @@
{ { config, lib, pkgs, ... }:
config, let
lib, inherit (lib)
pkgs,
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
; ;
cfg = config.my.home.tmux; cfg = config.my.home.tmux;
in { in
{
options.my.home.tmux = { options.my.home.tmux = {
enable = (mkEnableOption "tmux dotfiles") // {default = true;}; enable = (mkEnableOption "tmux dotfiles") // { default = true; };
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
@ -23,9 +19,7 @@ in {
terminal = "screen-256color"; terminal = "screen-256color";
clock24 = true; clock24 = true;
plugins = let plugins = let inherit (pkgs) tmuxPlugins; in [
inherit (pkgs) tmuxPlugins;
in [
{ {
plugin = tmuxPlugins.cpu; plugin = tmuxPlugins.cpu;
extraConfig = '' extraConfig = ''

View file

@ -1,18 +1,15 @@
{ { config, lib, ... }:
config, let
lib, inherit (lib)
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
; ;
cfg = config.my.home.tridactyl; cfg = config.my.home.tridactyl;
in { in
{
options.my.home.tridactyl = { options.my.home.tridactyl = {
enable = (mkEnableOption "tridactyl code display tool") // {default = config.my.home.firefox.enable;}; enable = (mkEnableOption "tridactyl code display tool") // { default = config.my.home.firefox.enable; };
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {

View file

@ -1,18 +1,14 @@
{ { config, lib, pkgs, ... }:
config, let
lib, inherit (lib)
pkgs,
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
; ;
cfg = config.my.home.x.cursor; cfg = config.my.home.x.cursor;
in { in
options.my.home.x.cursor.enable = (mkEnableOption "X cursor") // {default = config.my.home.x.enable;}; {
options.my.home.x.cursor.enable = (mkEnableOption "X cursor") // { default = config.my.home.x.enable; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
xsession.pointerCursor = { xsession.pointerCursor = {

View file

@ -1,14 +1,10 @@
{ { config, lib, pkgs, ... }:
config, let
lib, inherit (lib)
pkgs,
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
; ;
in { in
{
imports = [ imports = [
./cursor.nix ./cursor.nix
./i3.nix ./i3.nix

View file

@ -1,14 +1,9 @@
{ { config, lib, pkgs, ... }:
config, let
lib, inherit (lib)
pkgs,
...
}: let
inherit
(lib)
mkIf mkIf
mkOptionDefault mkOptionDefault
; ;
isEnabled = config.my.home.x.enable; isEnabled = config.my.home.x.enable;
@ -25,13 +20,14 @@
logoutMode = "[L]ogout, [S]uspend, [P]oweroff, [R]eboot"; logoutMode = "[L]ogout, [S]uspend, [P]oweroff, [R]eboot";
i3Theme = config.my.theme.i3Theme; i3Theme = config.my.theme.i3Theme;
in { in
{
config = mkIf isEnabled { config = mkIf isEnabled {
my.home = { my.home = {
flameshot.enable = true; flameshot.enable = true;
}; };
home.packages = [pkgs.betterlockscreen]; home.packages = [ pkgs.betterlockscreen ];
xsession.windowManager.i3 = { xsession.windowManager.i3 = {
enable = true; enable = true;
@ -39,38 +35,39 @@ in {
config = { config = {
inherit modifier; inherit modifier;
bars = let bars =
barConfigPath = let
config.xdg.configFile."i3status-rust/config-top.toml".target; barConfigPath =
in [ config.xdg.configFile."i3status-rust/config-top.toml".target;
{ in
statusCommand = "i3status-rs ${barConfigPath}"; [
position = "top"; {
fonts = { statusCommand = "i3status-rs ${barConfigPath}";
names = ["DejaVuSansMono" "FontAwesome5Free"]; position = "top";
size = 9.0; fonts = {
}; names = [ "DejaVuSansMono" "FontAwesome5Free" ];
size = 9.0;
};
colors = i3Theme.bar; colors = i3Theme.bar;
trayOutput = "primary"; trayOutput = "primary";
# disable mouse scroll wheel in bar # disable mouse scroll wheel in bar
extraConfig = '' extraConfig = ''
bindsym button4 nop bindsym button4 nop
bindsym button5 nop bindsym button5 nop
''; '';
} }
]; ];
colors = { colors = {
inherit inherit (i3Theme)
(i3Theme)
focused focused
focusedInactive focusedInactive
unfocused unfocused
urgent urgent
; ;
}; };
focus = { focus = {
@ -81,7 +78,7 @@ in {
workspaceAutoBackAndForth = true; workspaceAutoBackAndForth = true;
fonts = { fonts = {
names = ["DejaVu Sans Mono"]; names = [ "DejaVu Sans Mono" ];
size = 8.0; size = 8.0;
}; };
@ -107,44 +104,40 @@ in {
"${modifier}+d" = "exec ${pkgs.rofi}/bin/rofi -show run"; "${modifier}+d" = "exec ${pkgs.rofi}/bin/rofi -show run";
}; };
modes = let modes =
makeModeBindings = attrs: let
attrs makeModeBindings = attrs: attrs // {
// {
"Escape" = "mode default"; "Escape" = "mode default";
"Return" = "mode default"; "Return" = "mode default";
}; };
in in
mkOptionDefault { mkOptionDefault {
"${logoutMode}" = makeModeBindings { "${logoutMode}" = makeModeBindings {
"l" = "exec --no-startup-id i3-msg exit, mode default"; "l" = "exec --no-startup-id i3-msg exit, mode default";
"s" = "exec --no-startup-id betterlockscreen --suspend, mode default"; "s" = "exec --no-startup-id betterlockscreen --suspend, mode default";
"p" = "exec --no-startup-id systemctl poweroff, mode default"; "p" = "exec --no-startup-id systemctl poweroff, mode default";
"r" = "exec --no-startup-id systemctl reboot, mode default"; "r" = "exec --no-startup-id systemctl reboot, mode default";
};
}; };
};
terminal = myTerminal; terminal = myTerminal;
assigns = { assigns = {
"10" = [ "10" = [
{class = "Slack";} { class = "Slack"; }
{class = "discord";} { class = "discord"; }
]; ];
}; };
window.commands = [ window.commands = [
{ { command = "border pixel 2"; criteria = { class = "Alacritty"; }; }
command = "border pixel 2";
criteria = {class = "Alacritty";};
}
# NOTE: should be done with an assign command, but Spotify doesn't set # NOTE: should be done with an assign command, but Spotify doesn't set
# its class until after initialization, so has to be done this way. # its class until after initialization, so has to be done this way.
# #
# See https://i3wm.org/docs/userguide.html#assign_workspace # See https://i3wm.org/docs/userguide.html#assign_workspace
{ {
criteria = {class = "Spotify";}; criteria = { class = "Spotify"; };
command = "move --no-auto-back-and-forth to workspace 8"; command = "move --no-auto-back-and-forth to workspace 8";
} }
]; ];

View file

@ -1,22 +1,18 @@
{ { config, lib, pkgs, ... }:
config, let
lib, inherit (lib)
pkgs,
...
}: let
inherit
(lib)
lists lists
mkIf mkIf
mkOption mkOption
optional optional
types types
; ;
isEnabled = config.my.home.x.enable; isEnabled = config.my.home.x.enable;
i3BarTheme = config.my.theme.i3BarTheme; i3BarTheme = config.my.theme.i3BarTheme;
cfg = config.my.home.x.i3bar; cfg = config.my.home.x.i3bar;
in { in
{
options.my.home.x.i3bar = { options.my.home.x.i3bar = {
temperature.chip = mkOption { temperature.chip = mkOption {
type = types.str; type = types.str;
@ -31,19 +27,17 @@ in {
networking.throughput_interfaces = mkOption { networking.throughput_interfaces = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
example = ["wlp1s0"]; example = [ "wlp1s0" ];
default = []; default = [ ];
}; };
}; };
config = mkIf isEnabled { config = mkIf isEnabled {
home.packages = builtins.attrValues { home.packages = builtins.attrValues {
inherit inherit (pkgs)
(pkgs)
# FIXME: is this useful? # FIXME: is this useful?
font-awesome font-awesome
; ;
}; };
programs.i3status-rust = { programs.i3status-rust = {
@ -55,86 +49,81 @@ in {
theme = i3BarTheme.theme.name; theme = i3BarTheme.theme.name;
settings = i3BarTheme; settings = i3BarTheme;
blocks = blocks = [
[ {
{ block = "pomodoro";
block = "pomodoro"; length = 60;
length = 60; break_length = 10;
break_length = 10; notifier = "i3nag";
notifier = "i3nag"; }
} {
{ block = "disk_space";
block = "disk_space"; path = "/";
path = "/"; alias = "/";
alias = "/"; info_type = "available";
info_type = "available"; unit = "GB";
unit = "GB"; interval = 60;
interval = 60; warning = 20.0;
warning = 20.0; alert = 10.0;
alert = 10.0; }
} {
{ block = "memory";
block = "memory"; display_type = "memory";
display_type = "memory"; format_mem = "{mem_used;G}/{mem_total;G}";
format_mem = "{mem_used;G}/{mem_total;G}"; warning_mem = 70.0;
warning_mem = 70.0; critical_mem = 90.0;
critical_mem = 90.0; # don't show swap
# don't show swap clickable = false;
clickable = false; }
} {
{ block = "cpu";
block = "cpu"; interval = 1;
interval = 1; format = "{barchart}";
format = "{barchart}"; }
} {
{ block = "temperature";
block = "temperature"; collapsed = false;
collapsed = false; interval = 10;
interval = 10; format = "{max}";
format = "{max}"; chip = cfg.temperature.chip;
chip = cfg.temperature.chip; inputs = cfg.temperature.inputs;
inputs = cfg.temperature.inputs; }
} ] ++ (lists.optionals ((builtins.length cfg.networking.throughput_interfaces) != 0)
] (map
++ ( (interface:
lists.optionals ((builtins.length cfg.networking.throughput_interfaces) != 0) {
(map
(interface: {
block = "net"; block = "net";
device = interface; device = interface;
interval = 1; interval = 1;
hide_inactive = true; hide_inactive = true;
}) })
cfg.networking.throughput_interfaces)
) cfg.networking.throughput_interfaces)
++ [ ) ++ [
{ {
block = "networkmanager"; block = "networkmanager";
primary_only = true; primary_only = true;
} }
{ {
block = "sound"; block = "sound";
driver = "pulseaudio"; driver = "pulseaudio";
} }
] ] ++ (optional config.my.home.laptop.enable
++ ( {
optional config.my.home.laptop.enable block = "battery";
{ }
block = "battery"; ) ++ [
} # {
) # block = "notify";
++ [ # }
# { {
# block = "notify"; block = "time";
# } interval = 5;
{ format = "%a %d/%m %T";
block = "time"; locale = "fr_FR";
interval = 5; timezone = "Europe/Paris";
format = "%a %d/%m %T"; }
locale = "fr_FR"; ];
timezone = "Europe/Paris";
}
];
}; };
}; };
}; };

View file

@ -1,20 +1,17 @@
# Edit this configuration file to define what should be installed on # Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page # your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help). # and in the NixOS manual (accessible by running nixos-help).
{ config, lib, pkgs, ... }:
{ {
config, imports =
lib, [ # Include the results of the hardware scan.
pkgs, ./hardware-configuration.nix
...
}: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
./home.nix ./home.nix
./secrets.nix ./secrets.nix
]; ];
boot.kernelPackages = pkgs.linuxPackages_latest; boot.kernelPackages = pkgs.linuxPackages_latest;
@ -30,7 +27,7 @@
services.btrfs = { services.btrfs = {
autoScrub = { autoScrub = {
enable = true; enable = true;
fileSystems = ["/"]; fileSystems = [ "/" ];
}; };
}; };
@ -96,7 +93,7 @@
"rfkill-release" "rfkill-release"
]; ];
services.udev.packages = [pkgs.packages.kaleidoscope-udev-rules]; services.udev.packages = [ pkgs.packages.kaleidoscope-udev-rules ];
hardware.bluetooth = { hardware.bluetooth = {
enable = true; enable = true;

View file

@ -1,34 +1,30 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ {
config, imports =
lib, [ (modulesPath + "/installer/scan/not-detected.nix")
pkgs, ];
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"]; boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = []; boot.initrd.kernelModules = [ ];
boot.kernelModules = ["kvm-amd"]; boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = []; boot.extraModulePackages = [ ];
fileSystems."/" = { fileSystems."/" =
device = "/dev/disk/by-uuid/1a942915-c1ae-4058-b99d-09d12d40dbd3"; { device = "/dev/disk/by-uuid/1a942915-c1ae-4058-b99d-09d12d40dbd3";
fsType = "btrfs"; fsType = "btrfs";
options = ["subvol=nixos" "compress=zstd:1" "noatime"]; options = [ "subvol=nixos" "compress=zstd:1" "noatime" ];
}; };
fileSystems."/boot" = { fileSystems."/boot" =
device = "/dev/disk/by-uuid/17C7-368D"; { device = "/dev/disk/by-uuid/17C7-368D";
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices = []; swapDevices = [ ];
hardware.cpu.amd.updateMicrocode = true; hardware.cpu.amd.updateMicrocode = true;
} }

View file

@ -1,31 +1,26 @@
{ config, pkgs, ... }:
{ {
config,
pkgs,
...
}: {
home-manager.users.alarsyo = { home-manager.users.alarsyo = {
# Keyboard settings & i3 settings # Keyboard settings & i3 settings
my.home.x.enable = true; my.home.x.enable = true;
my.home.x.i3bar.temperature.chip = "k10temp-pci-*"; my.home.x.i3bar.temperature.chip = "k10temp-pci-*";
my.home.x.i3bar.temperature.inputs = ["Tccd1"]; my.home.x.i3bar.temperature.inputs = [ "Tccd1" ];
my.home.x.i3bar.networking.throughput_interfaces = ["enp8s0" "wlp4s0"]; my.home.x.i3bar.networking.throughput_interfaces = [ "enp8s0" "wlp4s0" ];
my.home.emacs.enable = true; my.home.emacs.enable = true;
my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight; my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight;
home.packages = builtins.attrValues { home.packages = builtins.attrValues {
inherit inherit (pkgs)
(pkgs)
# some websites only work there :( # some websites only work there :(
chromium chromium
# dev # dev
rustup rustup
# keyboard goodness # keyboard goodness
chrysalis chrysalis
; ;
inherit (pkgs.packages) spot; inherit (pkgs.packages) spot;
}; };

View file

@ -1,23 +1,19 @@
{ { config, lib, options, ... }:
config,
lib,
options,
...
}: {
config.age = {
secrets = let
toSecret = name: {...} @ attrs:
{
file = ./../../modules/secrets + "/${name}.age";
}
// attrs;
in
lib.mapAttrs toSecret {
"restic-backup/boreal-credentials" = {};
"restic-backup/boreal-password" = {};
"users/alarsyo-hashed-password" = {}; {
"users/root-hashed-password" = {}; config.age = {
}; secrets =
let
toSecret = name: { ... }@attrs: {
file = ./../../modules/secrets + "/${name}.age";
} // attrs;
in
lib.mapAttrs toSecret {
"restic-backup/boreal-credentials" = {};
"restic-backup/boreal-password" = {};
"users/alarsyo-hashed-password" = {};
"users/root-hashed-password" = {};
};
}; };
} }

View file

@ -1,33 +1,31 @@
# Edit this configuration file to define what should be installed on # Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page # your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help). # and in the NixOS manual (accessible by running nixos-help).
{
config,
lib,
pkgs,
...
}: let
secrets = config.my.secrets;
in {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
./home.nix { config, lib, pkgs, ... }:
./secrets.nix let
]; secrets = config.my.secrets;
in
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
./home.nix
./secrets.nix
];
# Use the GRUB 2 boot loader. # Use the GRUB 2 boot loader.
boot.loader.grub.enable = true; boot.loader.grub.enable = true;
boot.loader.grub.version = 2; boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
boot.supportedFilesystems = ["btrfs"]; boot.supportedFilesystems = [ "btrfs" ];
services.btrfs = { services.btrfs = {
autoScrub = { autoScrub = {
enable = true; enable = true;
fileSystems = ["/"]; fileSystems = [ "/" ];
}; };
}; };

View file

@ -1,45 +1,40 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ { config, lib, pkgs, modulesPath, ... }:
config, let
lib, inherit (lib)
pkgs,
modulesPath,
...
}: let
inherit
(lib)
mkDefault mkDefault
; ;
in { in
imports = [ {
(modulesPath + "/installer/scan/not-detected.nix") imports =
]; [ (modulesPath + "/installer/scan/not-detected.nix")
boot.initrd.availableKernelModules = ["ahci" "usbhid"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "/dev/disk/by-uuid/adcf0158-edfb-402f-82e7-61e4902af989";
fsType = "btrfs";
options = [
"subvol=@nixos"
"compress=zstd"
"noatime"
]; ];
};
fileSystems."/boot" = { boot.initrd.availableKernelModules = [ "ahci" "usbhid" ];
device = "/dev/disk/by-uuid/ff54b622-0e26-4c6e-aa0c-ac2c1e12699a"; boot.initrd.kernelModules = [ ];
fsType = "ext4"; boot.kernelModules = [ "kvm-intel" ];
}; boot.extraModulePackages = [ ];
swapDevices = [ fileSystems."/" =
{device = "/dev/disk/by-uuid/381a9c5e-4d71-45b4-ac62-e7414b3768fc";} { device = "/dev/disk/by-uuid/adcf0158-edfb-402f-82e7-61e4902af989";
]; fsType = "btrfs";
options = [
"subvol=@nixos"
"compress=zstd"
"noatime"
];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/ff54b622-0e26-4c6e-aa0c-ac2c1e12699a";
fsType = "ext4";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/381a9c5e-4d71-45b4-ac62-e7414b3768fc"; }
];
powerManagement.cpuFreqGovernor = mkDefault "ondemand"; powerManagement.cpuFreqGovernor = mkDefault "ondemand";
} }

View file

@ -1,5 +1,7 @@
{config, ...}: { { config, ... }:
{
home-manager.users.alarsyo = { home-manager.users.alarsyo = {
my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight; my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight;
}; };
} }

View file

@ -1,40 +1,36 @@
{ config, lib, options, ... }:
{ {
config,
lib,
options,
...
}: {
config.age = { config.age = {
secrets = let secrets =
toSecret = name: {...} @ attrs: let
{ toSecret = name: { ... }@attrs: {
file = ./../../modules/secrets + "/${name}.age"; file = ./../../modules/secrets + "/${name}.age";
} } // attrs;
// attrs; in
in lib.mapAttrs toSecret {
lib.mapAttrs toSecret { "gandi/api-key" = {};
"gandi/api-key" = {};
"lohr/shared-secret" = {}; "lohr/shared-secret" = {};
"matrix-synapse/secret-config" = { "matrix-synapse/secret-config" = {
owner = "matrix-synapse"; owner = "matrix-synapse";
};
"miniflux/admin-credentials" = {};
"nextcloud/admin-pass" = {
owner = "nextcloud";
};
"paperless/admin-password" = {};
"paperless/secret-key" = {};
"restic-backup/poseidon-credentials" = {};
"restic-backup/poseidon-password" = {};
"users/alarsyo-hashed-password" = {};
"users/root-hashed-password" = {};
}; };
"miniflux/admin-credentials" = {};
"nextcloud/admin-pass" = {
owner = "nextcloud";
};
"paperless/admin-password" = {};
"paperless/secret-key" = {};
"restic-backup/poseidon-credentials" = {};
"restic-backup/poseidon-password" = {};
"users/alarsyo-hashed-password" = {};
"users/root-hashed-password" = {};
};
}; };
} }

View file

@ -1,18 +1,15 @@
# Edit this configuration file to define what should be installed on # Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page # your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help). # and in the NixOS manual (accessible by running nixos-help).
{ config, lib, pkgs, ... }:
{ {
config, imports =
lib, [ # Include the results of the hardware scan.
pkgs, ./hardware-configuration.nix
... ./home.nix
}: { ./secrets.nix
imports = [ ];
# Include the results of the hardware scan.
./hardware-configuration.nix
./home.nix
./secrets.nix
];
boot.kernelPackages = pkgs.linuxPackages; boot.kernelPackages = pkgs.linuxPackages;
@ -23,7 +20,7 @@
services.btrfs = { services.btrfs = {
autoScrub = { autoScrub = {
enable = true; enable = true;
fileSystems = ["/"]; fileSystems = [ "/" ];
}; };
}; };
@ -89,9 +86,9 @@
}; };
my.gui.enable = true; my.gui.enable = true;
environment.systemPackages = [pkgs.arandr pkgs.chrysalis]; environment.systemPackages = [ pkgs.arandr pkgs.chrysalis ];
services.udev.packages = [pkgs.packages.kaleidoscope-udev-rules]; services.udev.packages = [ pkgs.packages.kaleidoscope-udev-rules ];
hardware.bluetooth = { hardware.bluetooth = {
enable = true; enable = true;

View file

@ -1,54 +1,49 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ { config, lib, pkgs, modulesPath, ... }:
config, let
lib, inherit (lib)
pkgs,
modulesPath,
...
}: let
inherit
(lib)
mkDefault mkDefault
; ;
in { in
imports = [ {
(modulesPath + "/installer/scan/not-detected.nix") imports =
]; [ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"]; boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.initrd.kernelModules = []; boot.initrd.kernelModules = [ ];
boot.kernelModules = ["kvm-intel"]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = []; boot.extraModulePackages = [ ];
fileSystems."/" = { fileSystems."/" =
device = "/dev/disk/by-uuid/6395cef1-c30b-450a-917c-cfb3c0380642"; { device = "/dev/disk/by-uuid/6395cef1-c30b-450a-917c-cfb3c0380642";
fsType = "btrfs"; fsType = "btrfs";
options = ["subvol=@" "compress=zstd" "noatime"]; options = [ "subvol=@" "compress=zstd" "noatime" ];
}; };
boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/c59e7067-e33c-474c-9b8e-96d0e8f59297"; boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/c59e7067-e33c-474c-9b8e-96d0e8f59297";
fileSystems."/home" = { fileSystems."/home" =
device = "/dev/disk/by-uuid/6395cef1-c30b-450a-917c-cfb3c0380642"; { device = "/dev/disk/by-uuid/6395cef1-c30b-450a-917c-cfb3c0380642";
fsType = "btrfs"; fsType = "btrfs";
options = ["subvol=@home" "compress=zstd" "noatime"]; options = [ "subvol=@home" "compress=zstd" "noatime" ];
neededForBoot = true; # agenix needs my key for some root secrets neededForBoot = true; # agenix needs my key for some root secrets
}; };
fileSystems."/nix" = { fileSystems."/nix" =
device = "/dev/disk/by-uuid/6395cef1-c30b-450a-917c-cfb3c0380642"; { device = "/dev/disk/by-uuid/6395cef1-c30b-450a-917c-cfb3c0380642";
fsType = "btrfs"; fsType = "btrfs";
options = ["subvol=@nix" "compress=zstd" "noatime"]; options = [ "subvol=@nix" "compress=zstd" "noatime" ];
}; };
fileSystems."/boot" = { fileSystems."/boot" =
device = "/dev/disk/by-uuid/D9DA-F46C"; { device = "/dev/disk/by-uuid/D9DA-F46C";
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices = []; swapDevices = [ ];
powerManagement.cpuFreqGovernor = mkDefault "powersave"; powerManagement.cpuFreqGovernor = mkDefault "powersave";

View file

@ -1,8 +1,5 @@
{ config, pkgs, ... }:
{ {
config,
pkgs,
...
}: {
home-manager.users.alarsyo = { home-manager.users.alarsyo = {
my.home.laptop.enable = true; my.home.laptop.enable = true;
@ -10,26 +7,25 @@
my.home.x.enable = true; my.home.x.enable = true;
my.home.x.i3bar.temperature.chip = "coretemp-isa-*"; my.home.x.i3bar.temperature.chip = "coretemp-isa-*";
my.home.x.i3bar.temperature.inputs = ["Core 0" "Core 1" "Core 2" "Core 3"]; my.home.x.i3bar.temperature.inputs = ["Core 0" "Core 1" "Core 2" "Core 3"];
my.home.x.i3bar.networking.throughput_interfaces = ["enp0s31f6" "wlp0s20f3" "enp43s0u1u1"]; my.home.x.i3bar.networking.throughput_interfaces = [ "enp0s31f6" "wlp0s20f3" "enp43s0u1u1" ];
my.home.emacs.enable = true; my.home.emacs.enable = true;
my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight; my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight;
home.packages = builtins.attrValues { home.packages = builtins.attrValues {
inherit inherit (pkgs)
(pkgs) # some websites only work there :(
# some websites only work there :( chromium
chromium darktable
darktable
# dev # dev
rustup
rustup
; ;
inherit (pkgs.packages) spot; inherit (pkgs.packages) spot;
inherit (pkgs.wineWowPackages) stable; inherit (pkgs.wineWowPackages) stable;
}; };
}; };
} }

View file

@ -1,23 +1,19 @@
{ { config, lib, options, ... }:
config,
lib,
options,
...
}: {
config.age = {
secrets = let
toSecret = name: {...} @ attrs:
{
file = ./../../modules/secrets + "/${name}.age";
}
// attrs;
in
lib.mapAttrs toSecret {
"restic-backup/zephyrus-credentials" = {};
"restic-backup/zephyrus-password" = {};
"users/alarsyo-hashed-password" = {}; {
"users/root-hashed-password" = {}; config.age = {
}; secrets =
let
toSecret = name: { ... }@attrs: {
file = ./../../modules/secrets + "/${name}.age";
} // attrs;
in
lib.mapAttrs toSecret {
"restic-backup/zephyrus-credentials" = {};
"restic-backup/zephyrus-password" = {};
"users/alarsyo-hashed-password" = {};
"users/root-hashed-password" = {};
};
}; };
} }

View file

@ -1,4 +1,5 @@
{...}: { { ... }:
{
imports = [ imports = [
./sddm.nix ./sddm.nix
./secrets ./secrets

View file

@ -1,17 +1,13 @@
{ { config, lib, pkgs, ... }:
config, let
lib, inherit (lib)
pkgs,
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
; ;
cfg = config.my.displayManager.sddm; cfg = config.my.displayManager.sddm;
in { in
{
options.my.displayManager.sddm.enable = mkEnableOption "SDDM setup"; options.my.displayManager.sddm.enable = mkEnableOption "SDDM setup";
config = mkIf cfg.enable { config = mkIf cfg.enable {
@ -21,17 +17,15 @@ in {
}; };
environment.systemPackages = builtins.attrValues { environment.systemPackages = builtins.attrValues {
inherit inherit (pkgs.packages)
(pkgs.packages)
sddm-sugar-candy sddm-sugar-candy
; ;
inherit inherit (pkgs.libsForQt5.qt5)
(pkgs.libsForQt5.qt5)
qtgraphicaleffects qtgraphicaleffects
qtquickcontrols2 qtquickcontrols2
qtsvg qtsvg
; ;
}; };
}; };
} }

View file

@ -1,14 +1,9 @@
{ config, lib, options, ... }:
{ {
config,
lib,
options,
...
}: {
config.age = { config.age = {
identityPaths = identityPaths = options.age.identityPaths.default ++ [
options.age.identityPaths.default "/home/alarsyo/.ssh/id_ed25519"
++ [ ];
"/home/alarsyo/.ssh/id_ed25519"
];
}; };
} }

View file

@ -1,35 +1,36 @@
let let
alarsyo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH3rrF3VSWI4n4cpguvlmLAaU3uftuX4AVV/39S/8GO9 alarsyo@thinkpad"; alarsyo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH3rrF3VSWI4n4cpguvlmLAaU3uftuX4AVV/39S/8GO9 alarsyo@thinkpad";
users = [alarsyo]; users = [ alarsyo ];
boreal = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAagal1aqZh52wEmgsw7fkCzO41o4Cx+nV4wJGZuX1RP root@boreal"; boreal = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAagal1aqZh52wEmgsw7fkCzO41o4Cx+nV4wJGZuX1RP root@boreal";
poseidon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKYhZYMbWQG9TSQ2qze8GgFo2XrZzgu/GuSOGwenByJo root@poseidon"; poseidon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKYhZYMbWQG9TSQ2qze8GgFo2XrZzgu/GuSOGwenByJo root@poseidon";
zephyrus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILU4JfIADH9MXUnVe+3ezYK9WXsqy/jJcm1zFkmL4aSU root@zephyrus"; zephyrus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILU4JfIADH9MXUnVe+3ezYK9WXsqy/jJcm1zFkmL4aSU root@zephyrus";
machines = [boreal poseidon zephyrus]; machines = [ boreal poseidon zephyrus ];
all = users ++ machines; all = users ++ machines;
in { in
"gandi/api-key.age".publicKeys = [poseidon]; {
"gandi/api-key.age".publicKeys = [ poseidon ];
"lohr/shared-secret.age".publicKeys = [poseidon]; "lohr/shared-secret.age".publicKeys = [ poseidon ];
"matrix-synapse/secret-config.age".publicKeys = [poseidon]; "matrix-synapse/secret-config.age".publicKeys = [ poseidon ];
"miniflux/admin-credentials.age".publicKeys = [poseidon]; "miniflux/admin-credentials.age".publicKeys = [ poseidon ];
"nextcloud/admin-pass.age".publicKeys = [poseidon]; "nextcloud/admin-pass.age".publicKeys = [ poseidon ];
"paperless/admin-password.age".publicKeys = [poseidon]; "paperless/admin-password.age".publicKeys = [ poseidon ];
"paperless/secret-key.age".publicKeys = [poseidon]; "paperless/secret-key.age".publicKeys = [ poseidon ];
"restic-backup/boreal-password.age".publicKeys = [alarsyo boreal]; "restic-backup/boreal-password.age".publicKeys = [ alarsyo boreal ];
"restic-backup/boreal-credentials.age".publicKeys = [alarsyo boreal]; "restic-backup/boreal-credentials.age".publicKeys = [ alarsyo boreal ];
"restic-backup/poseidon-password.age".publicKeys = [alarsyo poseidon]; "restic-backup/poseidon-password.age".publicKeys = [ alarsyo poseidon ];
"restic-backup/poseidon-credentials.age".publicKeys = [alarsyo poseidon]; "restic-backup/poseidon-credentials.age".publicKeys = [ alarsyo poseidon ];
"restic-backup/zephyrus-password.age".publicKeys = [alarsyo zephyrus]; "restic-backup/zephyrus-password.age".publicKeys = [ alarsyo zephyrus ];
"restic-backup/zephyrus-credentials.age".publicKeys = [alarsyo zephyrus]; "restic-backup/zephyrus-credentials.age".publicKeys = [ alarsyo zephyrus ];
"users/root-hashed-password.age".publicKeys = machines; "users/root-hashed-password.age".publicKeys = machines;
"users/alarsyo-hashed-password.age".publicKeys = machines ++ [alarsyo]; "users/alarsyo-hashed-password.age".publicKeys = machines ++ [ alarsyo ];
} }

View file

@ -1,27 +1,23 @@
{ { config, lib, pkgs, ... }:
config,
lib, let
pkgs, inherit (lib)
...
}: let
inherit
(lib)
concatStringsSep concatStringsSep
literalExample literalExample
mapAttrs' mapAttrs'
mkIf mkIf
mkOption mkOption
nameValuePair nameValuePair
; ;
cfg = config.my.wakeonwlan; cfg = config.my.wakeonwlan;
mkWowlanService = name: cfg: mkWowlanService = name: cfg:
nameValuePair "wowlan-${name}" { nameValuePair "wowlan-${name}" {
description = "Enable WoWLAN for interface ${name}"; description = "Enable WoWLAN for interface ${name}";
requires = ["network.target"]; requires = [ "network.target" ];
after = ["network.target"]; after = [ "network.target" ];
wantedBy = ["multi-user.target"]; wantedBy = [ "multi-user.target" ];
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
}; };
@ -29,12 +25,11 @@
${pkgs.iw}/bin/iw ${name} wowlan enable ${concatStringsSep " " cfg.methods} ${pkgs.iw}/bin/iw ${name} wowlan enable ${concatStringsSep " " cfg.methods}
''; '';
}; };
in { in
options.my.wakeonwlan = let {
inherit (lib) types; options.my.wakeonwlan = let inherit (lib) types; in {
in {
interfaces = mkOption { interfaces = mkOption {
default = {}; default = { };
description = "Wireless interfaces where you want to enable WoWLAN"; description = "Wireless interfaces where you want to enable WoWLAN";
example = literalExample '' example = literalExample ''
{ {

View file

@ -1,4 +1,5 @@
final: prev: { final: prev:
{
# overlay created because nixpkgs's `i3status-rust` depended on `notmuch`, and # overlay created because nixpkgs's `i3status-rust` depended on `notmuch`, and
# `notmuch`'s tests were briefly broken. the features I'm disabling, I don't # `notmuch`'s tests were briefly broken. the features I'm disabling, I don't
# need anyway: (at the time of writing) # need anyway: (at the time of writing)
@ -7,14 +8,13 @@ final: prev: {
# - maildir # - maildir
i3status-rust = prev.i3status-rust.overrideAttrs (oldAttrs: { i3status-rust = prev.i3status-rust.overrideAttrs (oldAttrs: {
buildInputs = builtins.attrValues { buildInputs = builtins.attrValues {
inherit inherit (final)
(final)
dbus dbus
lm_sensors lm_sensors
openssl openssl
pulseaudio pulseaudio
; ;
}; };
cargoBuildFeatures = ["pulseaudio"]; cargoBuildFeatures = [ "pulseaudio" ];
}); });
} }

View file

@ -1,4 +1,5 @@
{pkgs}: { { pkgs }:
{
sddm-sugar-candy = pkgs.callPackage ./sddm-sugar-candy {}; sddm-sugar-candy = pkgs.callPackage ./sddm-sugar-candy {};
kaleidoscope-udev-rules = pkgs.callPackage ./kaleidoscope-udev-rules {}; kaleidoscope-udev-rules = pkgs.callPackage ./kaleidoscope-udev-rules {};
grafanaDashboards = pkgs.recurseIntoAttrs (pkgs.callPackage ./grafana-dashboards {}); grafanaDashboards = pkgs.recurseIntoAttrs (pkgs.callPackage ./grafana-dashboards {});

View file

@ -1,4 +1,5 @@
{callPackage}: { { callPackage }:
{
nginx = callPackage ./nginx.nix {}; nginx = callPackage ./nginx.nix {};
node-exporter = callPackage ./node-exporter.nix {}; node-exporter = callPackage ./node-exporter.nix {};
} }

View file

@ -1,37 +1,32 @@
{ { stdenv, fetchFromGitHub, lib, ... }:
stdenv, let
fetchFromGitHub, inherit (lib)
lib,
...
}: let
inherit
(lib)
licenses licenses
; ;
version = "0.9.0"; version = "0.9.0";
in in
stdenv.mkDerivation { stdenv.mkDerivation {
inherit version; inherit version;
pname = "grafana-dashboard-nginx"; pname = "grafana-dashboard-nginx";
dontBuild = true; dontBuild = true;
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "nginxinc"; owner = "nginxinc";
repo = "nginx-prometheus-exporter"; repo = "nginx-prometheus-exporter";
rev = "v${version}"; rev = "v${version}";
sha256 = "sha256:04y5vpj2kv2ygdzxy3crpnx4mhpkm1ns2995kxgvjlhnyck7a5rf"; sha256 = "sha256:04y5vpj2kv2ygdzxy3crpnx4mhpkm1ns2995kxgvjlhnyck7a5rf";
}; };
installPhase = '' installPhase = ''
mkdir -p $out mkdir -p $out
cp grafana/dashboard.json $out/dashboard.json cp grafana/dashboard.json $out/dashboard.json
''; '';
meta = { meta = {
description = "grafana dashboard for NGINX exporter"; description = "grafana dashboard for NGINX exporter";
homepage = "https://github.com/nginxinc/nginx-prometheus-exporter"; homepage = "https://github.com/nginxinc/nginx-prometheus-exporter";
license = licenses.asl20; license = licenses.asl20;
}; };
} }

View file

@ -1,37 +1,32 @@
{ { stdenv, fetchFromGitHub, lib, ... }:
stdenv, let
fetchFromGitHub, inherit (lib)
lib,
...
}: let
inherit
(lib)
licenses licenses
; ;
version = "7d61c79619e5749e629758ecd96748c010028120"; version = "7d61c79619e5749e629758ecd96748c010028120";
in in
stdenv.mkDerivation { stdenv.mkDerivation {
version = "master-${version}"; version = "master-${version}";
pname = "grafana-dashboard-node-exporter"; pname = "grafana-dashboard-node-exporter";
dontBuild = true; dontBuild = true;
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "rfrail3"; owner = "rfrail3";
repo = "grafana-dashboards"; repo = "grafana-dashboards";
rev = version; rev = version;
sha256 = "sha256:1z6i76jdiw3jjigbmbqvyi8kyj4ngw0y73fv9yksr2ncjfqlhhv6"; sha256 = "sha256:1z6i76jdiw3jjigbmbqvyi8kyj4ngw0y73fv9yksr2ncjfqlhhv6";
}; };
installPhase = '' installPhase = ''
mkdir -p $out mkdir -p $out
cp prometheus/node-exporter-full.json $out/node-exporter-full.json cp prometheus/node-exporter-full.json $out/node-exporter-full.json
''; '';
meta = { meta = {
description = "grafana dashboard for node exporter"; description = "grafana dashboard for node exporter";
homepage = "https://github.com/rfrail3/grafana-dashboards"; homepage = "https://github.com/rfrail3/grafana-dashboards";
license = licenses.lgpl3Only; license = licenses.lgpl3Only;
}; };
} }

View file

@ -1,36 +1,33 @@
{ { stdenv, lib, fetchFromGitHub }:
stdenv,
lib, let
fetchFromGitHub, inherit (lib)
}: let
inherit
(lib)
licenses licenses
; ;
version = "1.99.3"; version = "1.99.3";
in in
stdenv.mkDerivation { stdenv.mkDerivation {
inherit version; inherit version;
pname = "kaleidoscope-udev-rules"; pname = "kaleidoscope-udev-rules";
dontBuild = true; dontBuild = true;
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "keyboardio"; owner = "keyboardio";
repo = "Kaleidoscope"; repo = "Kaleidoscope";
rev = "v${version}"; rev = "v${version}";
sha256 = "sha256-4WIl/Hj23j9GLzdMcyEQvg9X7HI4WSInrLkYCkj6yhM="; sha256 = "sha256-4WIl/Hj23j9GLzdMcyEQvg9X7HI4WSInrLkYCkj6yhM=";
}; };
installPhase = '' installPhase = ''
mkdir -p $out/lib/udev/rules.d mkdir -p $out/lib/udev/rules.d
cp etc/60-kaleidoscope.rules $out/lib/udev/rules.d/ cp etc/60-kaleidoscope.rules $out/lib/udev/rules.d/
''; '';
meta = { meta = {
description = "udev rules for kaleidoscope firmware keyboards"; description = "udev rules for kaleidoscope firmware keyboards";
homepage = "https://github.com/keyboardio/Kaleidoscope"; homepage = "https://github.com/keyboardio/Kaleidoscope";
license = licenses.gpl3Only; license = licenses.gpl3Only;
}; };
} }

View file

@ -1,7 +1,4 @@
{ { stdenv, fetchFromGitLab }:
stdenv,
fetchFromGitLab,
}:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "sddm-sugar-candy"; pname = "sddm-sugar-candy";
# latest master commit, no recent tags :( # latest master commit, no recent tags :(
@ -13,7 +10,7 @@ stdenv.mkDerivation rec {
cp -aR . $out/share/sddm/themes/sugar-candy cp -aR . $out/share/sddm/themes/sugar-candy
''; '';
patches = [./custom-conf.patch]; patches = [ ./custom-conf.patch ];
src = fetchFromGitLab { src = fetchFromGitLab {
domain = "framagit.org"; domain = "framagit.org";

View file

@ -1,20 +1,20 @@
{ { stdenv
stdenv, , fetchurl
fetchurl, , python3
python3, }:
}: let let
version = "2.10.4"; version = "2.10.4";
in in
stdenv.mkDerivation { stdenv.mkDerivation {
inherit version; inherit version;
pname = "spot"; pname = "spot";
buildInputs = [ buildInputs = [
python3 python3
]; ];
src = fetchurl { src = fetchurl {
url = "https://www.lrde.epita.fr/dload/spot/spot-${version}.tar.gz"; url = "https://www.lrde.epita.fr/dload/spot/spot-${version}.tar.gz";
sha256 = "sha256-6GKc22zOgwd4JpYM0B7OUhPar5ooPW9iqvaa+gYjR4o="; sha256 = "sha256-6GKc22zOgwd4JpYM0B7OUhPar5ooPW9iqvaa+gYjR4o=";
}; };
} }

View file

@ -1,4 +1,6 @@
{...}: { { ... }:
{
imports = [ imports = [
# Default configuration # Default configuration
./base ./base

View file

@ -1,4 +1,6 @@
{...}: { { ... }:
{
imports = [ imports = [
./vaultwarden.nix ./vaultwarden.nix
./fail2ban.nix ./fail2ban.nix

View file

@ -1,14 +1,10 @@
{ { config, lib, pkgs, ... }:
config,
lib, let
pkgs, inherit (lib)
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
; ;
cfg = config.my.services.fail2ban; cfg = config.my.services.fail2ban;
in { in {

View file

@ -1,24 +1,19 @@
{ { config, lib, pkgs, ... }:
config,
lib, let
pkgs, inherit (lib)
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
mkOption mkOption
; ;
cfg = config.my.services.fava; cfg = config.my.services.fava;
my = config.my; my = config.my;
domain = config.networking.domain; domain = config.networking.domain;
secrets = config.my.secrets; secrets = config.my.secrets;
in { in
options.my.services.fava = let {
inherit (lib) types; options.my.services.fava = let inherit (lib) types; in {
in {
enable = mkEnableOption "Fava"; enable = mkEnableOption "Fava";
home = mkOption { home = mkOption {
@ -44,7 +39,7 @@ in {
config = mkIf cfg.enable { config = mkIf cfg.enable {
systemd.services.fava = { systemd.services.fava = {
wantedBy = ["multi-user.target"]; wantedBy = [ "multi-user.target" ];
serviceConfig = { serviceConfig = {
Environment = []; Environment = [];
ExecStart = "${pkgs.fava}/bin/fava -H 127.0.0.1 -p ${toString cfg.port} ${cfg.home}/${cfg.filePath}"; ExecStart = "${pkgs.fava}/bin/fava -H 127.0.0.1 -p ${toString cfg.port} ${cfg.home}/${cfg.filePath}";
@ -60,7 +55,7 @@ in {
createHome = true; createHome = true;
group = "fava"; group = "fava";
}; };
users.groups.fava = {}; users.groups.fava = { };
services.nginx.virtualHosts = { services.nginx.virtualHosts = {
"fava.${domain}" = { "fava.${domain}" = {

View file

@ -1,24 +1,18 @@
{ { config, lib, pkgs, ... }:
config,
lib, let
pkgs, inherit (lib)
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
mkOption mkOption
; ;
cfg = config.my.services.gitea; cfg = config.my.services.gitea;
my = config.my; my = config.my;
domain = config.networking.domain; domain = config.networking.domain;
in { in {
options.my.services.gitea = let options.my.services.gitea = let inherit (lib) types; in {
inherit (lib) types;
in {
enable = mkEnableOption "Personal Git hosting with Gitea"; enable = mkEnableOption "Personal Git hosting with Gitea";
privatePort = mkOption { privatePort = mkOption {
@ -39,11 +33,11 @@ in {
# the systemd service for the gitea module seems to hardcode the group as # the systemd service for the gitea module seems to hardcode the group as
# gitea, so, uh, just in case? # gitea, so, uh, just in case?
extraGroups = ["gitea"]; extraGroups = [ "gitea" ];
isSystemUser = true; isSystemUser = true;
}; };
users.groups.git = {}; users.groups.git = { };
services.gitea = { services.gitea = {
enable = true; enable = true;
@ -94,7 +88,7 @@ in {
}; };
services.postgresqlBackup = { services.postgresqlBackup = {
databases = ["gitea"]; databases = [ "gitea" ];
}; };
services.nginx = { services.nginx = {

View file

@ -1,14 +1,10 @@
{ { config, lib, pkgs, ... }:
config,
lib, let
pkgs, inherit (lib)
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
; ;
cfg = config.my.services.jellyfin; cfg = config.my.services.jellyfin;
my = config.my; my = config.my;

View file

@ -1,28 +1,24 @@
{ { config, lib, pkgs, ... }:
config,
lib, let
pkgs, inherit (lib)
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
mkOption mkOption
; ;
cfg = config.my.services.lohr; cfg = config.my.services.lohr;
my = config.my; my = config.my;
domain = config.networking.domain; domain = config.networking.domain;
secrets = config.my.secrets; secrets = config.my.secrets;
lohrPkg = let lohrPkg =
flake = builtins.getFlake "github:alarsyo/lohr?rev=58503cc8b95c8b627f6ae7e56740609e91f323cd"; let
in flake = builtins.getFlake "github:alarsyo/lohr?rev=58503cc8b95c8b627f6ae7e56740609e91f323cd";
in
flake.defaultPackage."x86_64-linux"; # FIXME: use correct system flake.defaultPackage."x86_64-linux"; # FIXME: use correct system
in { in
options.my.services.lohr = let {
inherit (lib) types; options.my.services.lohr = let inherit (lib) types; in {
in {
enable = mkEnableOption "Lohr Mirroring Daemon"; enable = mkEnableOption "Lohr Mirroring Daemon";
home = mkOption { home = mkOption {
@ -42,7 +38,7 @@ in {
config = mkIf cfg.enable { config = mkIf cfg.enable {
systemd.services.lohr = { systemd.services.lohr = {
wantedBy = ["multi-user.target"]; wantedBy = [ "multi-user.target" ];
serviceConfig = { serviceConfig = {
Environment = [ Environment = [
"ROCKET_PORT=${toString cfg.port}" "ROCKET_PORT=${toString cfg.port}"
@ -56,7 +52,7 @@ in {
User = "lohr"; User = "lohr";
Group = "lohr"; Group = "lohr";
}; };
path = [pkgs.git]; path = [ pkgs.git ];
}; };
users.users.lohr = { users.users.lohr = {
@ -65,7 +61,7 @@ in {
createHome = true; createHome = true;
group = "lohr"; group = "lohr";
}; };
users.groups.lohr = {}; users.groups.lohr = { };
services.nginx.virtualHosts = { services.nginx.virtualHosts = {
"lohr.${domain}" = { "lohr.${domain}" = {

View file

@ -7,36 +7,24 @@
# - https://github.com/delroth/infra.delroth.net/blob/master/roles/matrix-synapse.nix # - https://github.com/delroth/infra.delroth.net/blob/master/roles/matrix-synapse.nix
# - https://nixos.org/manual/nixos/stable/index.html#module-services-matrix # - https://nixos.org/manual/nixos/stable/index.html#module-services-matrix
# #
{ { config, lib, pkgs, ... }:
config,
lib, let
pkgs, inherit (lib)
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
mkOption mkOption
optionals optionals
; ;
cfg = config.my.services.matrix; cfg = config.my.services.matrix;
my = config.my; my = config.my;
federationPort = { federationPort = { public = 8448; private = 11338; };
public = 8448; clientPort = { public = 443; private = 11339; };
private = 11338;
};
clientPort = {
public = 443;
private = 11339;
};
domain = config.networking.domain; domain = config.networking.domain;
in { in {
options.my.services.matrix = let options.my.services.matrix = let inherit (lib) types; in {
inherit (lib) types;
in {
enable = mkEnableOption "Matrix Synapse"; enable = mkEnableOption "Matrix Synapse";
secretConfigFile = mkOption { secretConfigFile = mkOption {
@ -53,7 +41,7 @@ in {
}; };
services.postgresqlBackup = { services.postgresqlBackup = {
databases = ["matrix-synapse"]; databases = [ "matrix-synapse" ];
}; };
services.matrix-synapse = { services.matrix-synapse = {
@ -102,30 +90,20 @@ in {
listeners = [ listeners = [
# Federation # Federation
{ {
bind_addresses = ["::1"]; bind_addresses = [ "::1" ];
port = federationPort.private; port = federationPort.private;
tls = false; # Terminated by nginx. tls = false; # Terminated by nginx.
x_forwarded = true; x_forwarded = true;
resources = [ resources = [ { names = [ "federation" ]; compress = false; } ];
{
names = ["federation"];
compress = false;
}
];
} }
# Client # Client
{ {
bind_addresses = ["::1"]; bind_addresses = [ "::1" ];
port = clientPort.private; port = clientPort.private;
tls = false; # Terminated by nginx. tls = false; # Terminated by nginx.
x_forwarded = true; x_forwarded = true;
resources = [ resources = [ { names = [ "client" ]; compress = false; } ];
{
names = ["client"];
compress = false;
}
];
} }
]; ];
@ -149,32 +127,26 @@ in {
onlySSL = true; onlySSL = true;
useACMEHost = domain; useACMEHost = domain;
locations = let locations =
proxyToClientPort = { let
proxyPass = "http://[::1]:${toString clientPort.private}"; proxyToClientPort = {
}; proxyPass = "http://[::1]:${toString clientPort.private}";
in { };
# Or do a redirect instead of the 404, or whatever is appropriate in {
# for you. But do not put a Matrix Web client here! See the # Or do a redirect instead of the 404, or whatever is appropriate
# Element web section below. # for you. But do not put a Matrix Web client here! See the
"/".return = "404"; # Element web section below.
"/".return = "404";
"/_matrix" = proxyToClientPort; "/_matrix" = proxyToClientPort;
"/_synapse/client" = proxyToClientPort; "/_synapse/client" = proxyToClientPort;
}; };
listen = [ listen = [
{ { addr = "0.0.0.0"; port = clientPort.public; ssl = true; }
addr = "0.0.0.0"; { addr = "[::]"; port = clientPort.public; ssl = true; }
port = clientPort.public;
ssl = true;
}
{
addr = "[::]";
port = clientPort.public;
ssl = true;
}
]; ];
}; };
# same as above, but listening on the federation port # same as above, but listening on the federation port
@ -190,37 +162,32 @@ in {
}; };
listen = [ listen = [
{ { addr = "0.0.0.0"; port = federationPort.public; ssl = true; }
addr = "0.0.0.0"; { addr = "[::]"; port = federationPort.public; ssl = true; }
port = federationPort.public;
ssl = true;
}
{
addr = "[::]";
port = federationPort.public;
ssl = true;
}
]; ];
}; };
"${domain}" = { "${domain}" = {
forceSSL = true; forceSSL = true;
useACMEHost = domain; useACMEHost = domain;
locations."= /.well-known/matrix/server".extraConfig = let locations."= /.well-known/matrix/server".extraConfig =
server = {"m.server" = "matrix.${domain}:${toString federationPort.public}";}; let
in '' server = { "m.server" = "matrix.${domain}:${toString federationPort.public}"; };
in ''
add_header Content-Type application/json; add_header Content-Type application/json;
return 200 '${builtins.toJSON server}'; return 200 '${builtins.toJSON server}';
''; '';
locations."= /.well-known/matrix/client".extraConfig = let locations."= /.well-known/matrix/client".extraConfig =
client = { let
"m.homeserver" = {"base_url" = "https://matrix.${domain}";}; client = {
"m.identity_server" = {"base_url" = "https://vector.im";}; "m.homeserver" = { "base_url" = "https://matrix.${domain}"; };
}; "m.identity_server" = { "base_url" = "https://vector.im"; };
# ACAO required to allow element-web on any URL to request this json file };
in '' # ACAO required to allow element-web on any URL to request this json file
in ''
add_header Content-Type application/json; add_header Content-Type application/json;
add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON client}'; return 200 '${builtins.toJSON client}';
@ -260,7 +227,7 @@ in {
}; };
# For administration tools. # For administration tools.
environment.systemPackages = [pkgs.matrix-synapse]; environment.systemPackages = [ pkgs.matrix-synapse ];
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
clientPort.public clientPort.public
@ -269,11 +236,10 @@ in {
my.services.restic-backup = let my.services.restic-backup = let
dataDir = config.services.matrix-synapse.dataDir; dataDir = config.services.matrix-synapse.dataDir;
in in mkIf cfg.enable {
mkIf cfg.enable { paths = [ dataDir ];
paths = [dataDir]; # this is just caching for other servers media, doesn't need backup
# this is just caching for other servers media, doesn't need backup exclude = [ "${dataDir}/media/remote_*" ];
exclude = ["${dataDir}/media/remote_*"]; };
};
}; };
} }

View file

@ -1,21 +1,17 @@
{ { config, lib, ... }:
config, let
lib, inherit (lib)
...
}: let
inherit
(lib)
mkIf mkIf
; ;
mediaServices = builtins.attrValues { mediaServices = builtins.attrValues {
inherit inherit (config.my.services)
(config.my.services)
jellyfin jellyfin
transmission transmission
; ;
}; };
needed = builtins.any (service: service.enable) mediaServices; needed = builtins.any (service: service.enable) mediaServices;
in { in
config.users.groups.media = mkIf needed {}; {
config.users.groups.media = mkIf needed { };
} }

View file

@ -1,24 +1,18 @@
{ { config, lib, pkgs, ... }:
config,
lib, let
pkgs, inherit (lib)
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
mkOption mkOption
; ;
cfg = config.my.services.miniflux; cfg = config.my.services.miniflux;
my = config.my; my = config.my;
domain = config.networking.domain; domain = config.networking.domain;
in { in {
options.my.services.miniflux = let options.my.services.miniflux = let inherit (lib) types; in {
inherit (lib) types;
in {
enable = mkEnableOption "Serve a Miniflux instance"; enable = mkEnableOption "Serve a Miniflux instance";
adminCredentialsFile = mkOption { adminCredentialsFile = mkOption {
@ -40,7 +34,7 @@ in {
# services.postgresql is automatically enabled by services.miniflux, let's # services.postgresql is automatically enabled by services.miniflux, let's
# back it up # back it up
services.postgresqlBackup = { services.postgresqlBackup = {
databases = ["miniflux"]; databases = [ "miniflux" ];
}; };
services.miniflux = { services.miniflux = {

View file

@ -1,22 +1,16 @@
{ { config, lib, pkgs, ... }:
config,
lib, let
pkgs, inherit (lib)
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
mkOption mkOption
; ;
cfg = config.my.services.monitoring; cfg = config.my.services.monitoring;
domain = config.networking.domain; domain = config.networking.domain;
in { in {
options.my.services.monitoring = let options.my.services.monitoring = let inherit (lib) types; in {
inherit (lib) types;
in {
enable = mkEnableOption "Enable monitoring"; enable = mkEnableOption "Enable monitoring";
domain = mkOption { domain = mkOption {
@ -80,7 +74,7 @@ in {
exporters = { exporters = {
node = { node = {
enable = true; enable = true;
enabledCollectors = ["systemd"]; enabledCollectors = [ "systemd" ];
port = 9100; port = 9100;
listenAddress = "127.0.0.1"; listenAddress = "127.0.0.1";
}; };
@ -93,11 +87,9 @@ in {
scrapeConfigs = [ scrapeConfigs = [
{ {
job_name = config.networking.hostName; job_name = config.networking.hostName;
static_configs = [ static_configs = [{
{ targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" ];
targets = ["127.0.0.1:${toString config.services.prometheus.exporters.node.port}"]; }];
}
];
} }
]; ];
}; };

View file

@ -1,23 +1,17 @@
{ { config, lib, pkgs, ... }:
config,
lib, let
pkgs, inherit (lib)
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
mkOption mkOption
optional optional
; ;
cfg = config.my.services.navidrome; cfg = config.my.services.navidrome;
domain = config.networking.domain; domain = config.networking.domain;
in { in {
options.my.services.navidrome = let options.my.services.navidrome = let inherit (lib) types; in {
inherit (lib) types;
in {
enable = mkEnableOption "Navidrome"; enable = mkEnableOption "Navidrome";
musicFolder = { musicFolder = {
path = mkOption { path = mkOption {
@ -40,8 +34,8 @@ in {
}; };
my.services.restic-backup = { my.services.restic-backup = {
paths = ["/var/lib/navidrome"] ++ optional cfg.musicFolder.backup cfg.musicFolder.path; paths = [ "/var/lib/navidrome" ] ++ optional cfg.musicFolder.backup cfg.musicFolder.path;
exclude = ["/var/lib/navidrome/cache"]; exclude = [ "/var/lib/navidrome/cache" ];
}; };
services.nginx.virtualHosts."music.${domain}" = { services.nginx.virtualHosts."music.${domain}" = {

View file

@ -1,26 +1,21 @@
{ { lib, config, pkgs, ... }:
lib,
config,
pkgs,
...
}:
# TODO: setup prometheus exporter # TODO: setup prometheus exporter
let let
inherit inherit (lib)
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
mkOption mkOption
; ;
cfg = config.my.services.nextcloud; cfg = config.my.services.nextcloud;
my = config.my; my = config.my;
domain = config.networking.domain; domain = config.networking.domain;
dbName = "nextcloud"; dbName = "nextcloud";
in { in
options.my.services.nextcloud = let {
inherit (lib) types; options.my.services.nextcloud = let inherit (lib) types; in {
in {
enable = mkEnableOption "NextCloud"; enable = mkEnableOption "NextCloud";
adminpassFile = mkOption { adminpassFile = mkOption {
@ -36,7 +31,7 @@ in {
services.postgresql = { services.postgresql = {
enable = true; enable = true;
ensureDatabases = [dbName]; ensureDatabases = [ dbName ];
ensureUsers = [ ensureUsers = [
{ {
name = "nextcloud"; name = "nextcloud";
@ -48,13 +43,13 @@ in {
}; };
# not handled by module # not handled by module
systemd.services.nextcloud-setup = { systemd.services.nextcloud-setup= {
requires = ["postgresql.service"]; requires = [ "postgresql.service" ];
after = ["postgresql.service"]; after = [ "postgresql.service" ];
}; };
services.postgresqlBackup = { services.postgresqlBackup = {
databases = [dbName]; databases = [ dbName ];
}; };
services.nextcloud = { services.nextcloud = {
@ -92,17 +87,16 @@ in {
my.services.restic-backup = let my.services.restic-backup = let
nextcloudHome = config.services.nextcloud.home; nextcloudHome = config.services.nextcloud.home;
in in mkIf cfg.enable {
mkIf cfg.enable { paths = [ nextcloudHome ];
paths = [nextcloudHome]; exclude = [
exclude = [ # borg can fail if *.part files disappear during backup
# borg can fail if *.part files disappear during backup "${nextcloudHome}/data/*/uploads"
"${nextcloudHome}/data/*/uploads" # image previews can take up a lot of space
# image previews can take up a lot of space "${nextcloudHome}/data/appdata_*/preview"
"${nextcloudHome}/data/appdata_*/preview" # specific account for huge files I don't care about losing
# specific account for huge files I don't care about losing "${nextcloudHome}/data/misc"
"${nextcloudHome}/data/misc" ];
]; };
};
}; };
} }

View file

@ -1,20 +1,16 @@
# Part of config shamelessly stolen from: # Part of config shamelessly stolen from:
# #
# https://github.com/delroth/infra.delroth.net # https://github.com/delroth/infra.delroth.net
{ { config, lib, pkgs, ... }:
config, let
lib, inherit (lib)
pkgs,
...
}: let
inherit
(lib)
mkIf mkIf
; ;
in { in
{
# Whenever something defines an nginx vhost, ensure that nginx defaults are # Whenever something defines an nginx vhost, ensure that nginx defaults are
# properly set. # properly set.
config = mkIf ((builtins.attrNames config.services.nginx.virtualHosts) != ["localhost"]) { config = mkIf ((builtins.attrNames config.services.nginx.virtualHosts) != [ "localhost" ]) {
services.nginx = { services.nginx = {
enable = true; enable = true;
statusPage = true; # For monitoring scraping. statusPage = true; # For monitoring scraping.
@ -25,7 +21,7 @@ in {
recommendedProxySettings = true; recommendedProxySettings = true;
}; };
networking.firewall.allowedTCPPorts = [80 443]; networking.firewall.allowedTCPPorts = [ 80 443 ];
services.prometheus = { services.prometheus = {
exporters.nginx = { exporters.nginx = {
@ -36,14 +32,12 @@ in {
scrapeConfigs = [ scrapeConfigs = [
{ {
job_name = "nginx"; job_name = "nginx";
static_configs = [ static_configs = [{
{ targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.nginx.port}" ];
targets = ["127.0.0.1:${toString config.services.prometheus.exporters.nginx.port}"]; labels = {
labels = { instance = config.networking.hostName;
instance = config.networking.hostName; };
}; }];
}
];
} }
]; ];
}; };
@ -52,17 +46,18 @@ in {
acceptTerms = true; acceptTerms = true;
defaults.email = "antoine97.martin@gmail.com"; defaults.email = "antoine97.martin@gmail.com";
certs = let certs =
domain = config.networking.domain; let
gandiKey = config.my.secrets.gandiKey; domain = config.networking.domain;
in { gandiKey = config.my.secrets.gandiKey;
"${domain}" = { in {
extraDomainNames = ["*.${domain}"]; "${domain}" = {
dnsProvider = "gandiv5"; extraDomainNames = [ "*.${domain}" ];
credentialsFile = config.age.secrets."gandi/api-key".path; dnsProvider = "gandiv5";
group = "nginx"; credentialsFile = config.age.secrets."gandi/api-key".path;
group = "nginx";
};
}; };
};
}; };
}; };
} }

View file

@ -1,17 +1,15 @@
{ { config, lib, ... }:
config,
lib, let
... inherit (lib)
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
; ;
cfg = config.my.services.nuage; cfg = config.my.services.nuage;
my = config.my; my = config.my;
in { in
{
options.my.services.nuage = { options.my.services.nuage = {
enable = mkEnableOption "Nuage redirect"; enable = mkEnableOption "Nuage redirect";
}; };

View file

@ -1,24 +1,19 @@
{ { config, lib, pkgs, ... }:
config,
lib, let
pkgs, inherit (lib)
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
mkOption mkOption
; ;
cfg = config.my.services.paperless; cfg = config.my.services.paperless;
my = config.my; my = config.my;
domain = config.networking.domain; domain = config.networking.domain;
paperlessDomain = "paperless.${domain}"; paperlessDomain = "paperless.${domain}";
in { in
options.my.services.paperless = let {
inherit (lib) types; options.my.services.paperless = let inherit (lib) types; in {
in {
enable = mkEnableOption "Paperless"; enable = mkEnableOption "Paperless";
port = mkOption { port = mkOption {
@ -82,7 +77,7 @@ in {
services.postgresql = { services.postgresql = {
enable = true; enable = true;
ensureDatabases = ["paperless"]; ensureDatabases = [ "paperless" ];
ensureUsers = [ ensureUsers = [
{ {
name = "paperless"; name = "paperless";
@ -93,7 +88,7 @@ in {
systemd.services.paperless-ng-server = { systemd.services.paperless-ng-server = {
# Make sure the DB is available # Make sure the DB is available
after = ["postgresql.service"]; after = [ "postgresql.service" ];
}; };
services.nginx.virtualHosts = { services.nginx.virtualHosts = {

View file

@ -1,20 +1,16 @@
{ { config, lib, pkgs, options, ... }:
config,
lib, let
pkgs, inherit (lib)
options,
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
optionalAttrs optionalAttrs
; ;
cfg = config.my.services.pipewire; cfg = config.my.services.pipewire;
my = config.my; my = config.my;
in { in
{
options.my.services.pipewire = { options.my.services.pipewire = {
enable = mkEnableOption "Pipewire sound backend"; enable = mkEnableOption "Pipewire sound backend";
}; };
@ -41,6 +37,6 @@ in {
# FIXME: a shame pactl isn't available by itself, eventually this should be # FIXME: a shame pactl isn't available by itself, eventually this should be
# replaced by pw-cli or a wrapper, I guess? # replaced by pw-cli or a wrapper, I guess?
environment.systemPackages = [pkgs.pulseaudio]; environment.systemPackages = [ pkgs.pulseaudio ];
}); });
} }

View file

@ -1,14 +1,10 @@
{ { config, lib, pkgs, ... }:
config,
lib, let
pkgs, inherit (lib)
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
; ;
cfg = config.my.services.postgresql-backup; cfg = config.my.services.postgresql-backup;
in { in {
@ -24,11 +20,12 @@ in {
}; };
my.services.restic-backup = mkIf cfg.enable { my.services.restic-backup = mkIf cfg.enable {
paths = ["/var/backup/postgresql"]; paths = [ "/var/backup/postgresql" ];
# no need to store previously backed up files, as borg does the snapshoting # no need to store previously backed up files, as borg does the snapshoting
# for us # for us
exclude = ["/var/backup/postgresql/*.prev.sql.gz"]; exclude = [ "/var/backup/postgresql/*.prev.sql.gz" ];
}; };
}; };
} }

View file

@ -1,8 +1,5 @@
{ config, pkgs, ... }:
{ {
config,
pkgs,
...
}: {
# set postgresql version so we don't get any bad surprise # set postgresql version so we don't get any bad surprise
config.services.postgresql = { config.services.postgresql = {
package = pkgs.postgresql_13; package = pkgs.postgresql_13;

View file

@ -1,27 +1,21 @@
{ { config, lib, pkgs, ... }:
config,
lib, let
pkgs, inherit (lib)
...
}: let
inherit
(lib)
attrsets attrsets
concatStringsSep concatStringsSep
mkEnableOption mkEnableOption
mkIf mkIf
mkOption mkOption
optional optional
; ;
cfg = config.my.services.restic-backup; cfg = config.my.services.restic-backup;
excludeArg = "--exclude-file=" + (pkgs.writeText "excludes.txt" (concatStringsSep "\n" cfg.exclude)); excludeArg = "--exclude-file=" + (pkgs.writeText "excludes.txt" (concatStringsSep "\n" cfg.exclude));
makePruneOpts = pruneOpts: makePruneOpts = pruneOpts:
attrsets.mapAttrsToList (name: value: "--keep-${name} ${toString value}") pruneOpts; attrsets.mapAttrsToList (name: value: "--keep-${name} ${toString value}") pruneOpts;
in { in {
options.my.services.restic-backup = let options.my.services.restic-backup = let inherit (lib) types; in {
inherit (lib) types;
in {
enable = mkEnableOption "Enable Restic backups for this host"; enable = mkEnableOption "Enable Restic backups for this host";
repo = mkOption { repo = mkOption {
@ -29,11 +23,12 @@ in {
default = null; default = null;
example = "/mnt/hdd"; example = "/mnt/hdd";
description = "Restic backup repo"; description = "Restic backup repo";
}; };
paths = mkOption { paths = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
default = []; default = [ ];
example = [ example = [
"/var/lib" "/var/lib"
"/home" "/home"
@ -43,7 +38,7 @@ in {
exclude = mkOption { exclude = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
default = []; default = [ ];
example = [ example = [
# very large paths # very large paths
"/var/lib/docker" "/var/lib/docker"
@ -86,7 +81,7 @@ in {
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
environment.systemPackages = [pkgs.restic]; environment.systemPackages = [ pkgs.restic ];
services.restic.backups.backblaze = { services.restic.backups.backblaze = {
initialize = true; initialize = true;
@ -97,9 +92,8 @@ in {
passwordFile = cfg.passwordFile; passwordFile = cfg.passwordFile;
environmentFile = cfg.environmentFile; environmentFile = cfg.environmentFile;
extraBackupArgs = extraBackupArgs = [ "--verbose=2" ]
["--verbose=2"] ++ optional (builtins.length cfg.exclude != 0) excludeArg;
++ optional (builtins.length cfg.exclude != 0) excludeArg;
timerConfig = cfg.timerConfig; timerConfig = cfg.timerConfig;

View file

@ -1,17 +1,14 @@
{ { config, lib, pkgs, ... }:
config,
lib, let
pkgs, inherit (lib)
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
; ;
cfg = config.my.services.tailscale; cfg = config.my.services.tailscale;
in { in
{
options.my.services.tailscale = { options.my.services.tailscale = {
enable = mkEnableOption "Tailscale"; enable = mkEnableOption "Tailscale";
@ -26,8 +23,8 @@ in {
}; };
networking.firewall = { networking.firewall = {
trustedInterfaces = ["tailscale0"]; trustedInterfaces = [ "tailscale0" ];
allowedUDPPorts = [config.services.tailscale.port]; allowedUDPPorts = [ config.services.tailscale.port ];
}; };
# enable IP forwarding to use as exit node # enable IP forwarding to use as exit node

View file

@ -1,17 +1,15 @@
{ { config, lib, ... }:
config,
lib, let
... inherit (lib)
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
; ;
cfg = config.my.services.tgv; cfg = config.my.services.tgv;
my = config.my; my = config.my;
in { in
{
options.my.services.tgv = { options.my.services.tgv = {
enable = mkEnableOption "TGV redirect"; enable = mkEnableOption "TGV redirect";
}; };

View file

@ -1,15 +1,11 @@
{ { config, lib, ... }:
config, let
lib, inherit (lib)
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
mkOption mkOption
optionalAttrs optionalAttrs
; ;
cfg = config.my.services.transmission; cfg = config.my.services.transmission;
@ -20,10 +16,9 @@
transmissionPeerPort = 30251; transmissionPeerPort = 30251;
downloadBase = "/media/torrents/"; downloadBase = "/media/torrents/";
in { in
options.my.services.transmission = let {
inherit (lib) types; options.my.services.transmission = let inherit (lib) types; in {
in {
enable = mkEnableOption "Transmission torrent client"; enable = mkEnableOption "Transmission torrent client";
username = mkOption { username = mkOption {
@ -42,34 +37,32 @@ in {
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.transmission = services.transmission = {
{ enable = true;
enable = true; group = "media";
group = "media";
settings = { settings = {
download-dir = "${downloadBase}/complete"; download-dir = "${downloadBase}/complete";
incomplete-dir = "${downloadBase}/incomplete"; incomplete-dir = "${downloadBase}/incomplete";
peer-port = transmissionPeerPort; peer-port = transmissionPeerPort;
rpc-enabled = true; rpc-enabled = true;
rpc-port = transmissionRpcPort; rpc-port = transmissionRpcPort;
rpc-authentication-required = false; rpc-authentication-required = false;
rpc-whitelist-enabled = true; rpc-whitelist-enabled = true;
rpc-whitelist = "127.0.0.1"; rpc-whitelist = "127.0.0.1";
rpc-host-whitelist-enabled = true; rpc-host-whitelist-enabled = true;
rpc-host-whitelist = webuiDomain; rpc-host-whitelist = webuiDomain;
}; };
# automatically allow transmission.settings.peer-port # automatically allow transmission.settings.peer-port
openFirewall = true; openFirewall = true;
} } // (optionalAttrs (cfg.secretConfigFile != null) {
// (optionalAttrs (cfg.secretConfigFile != null) { credentialsFile = cfg.secretConfigFile;
credentialsFile = cfg.secretConfigFile; });
});
services.nginx.virtualHosts."${webuiDomain}" = { services.nginx.virtualHosts."${webuiDomain}" = {
forceSSL = true; forceSSL = true;

View file

@ -1,24 +1,18 @@
{ { config, lib, pkgs, ... }:
config,
lib, let
pkgs, inherit (lib)
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
mkOption mkOption
; ;
cfg = config.my.services.vaultwarden; cfg = config.my.services.vaultwarden;
my = config.my; my = config.my;
domain = config.networking.domain; domain = config.networking.domain;
in { in {
options.my.services.vaultwarden = let options.my.services.vaultwarden = let inherit (lib) types; in {
inherit (lib) types;
in {
enable = mkEnableOption "Vaultwarden"; enable = mkEnableOption "Vaultwarden";
privatePort = mkOption { privatePort = mkOption {
@ -42,7 +36,7 @@ in {
}; };
services.postgresqlBackup = { services.postgresqlBackup = {
databases = ["vaultwarden"]; databases = [ "vaultwarden" ];
}; };
services.vaultwarden = { services.vaultwarden = {
@ -88,8 +82,8 @@ in {
# FIXME: should be renamed to vaultwarden eventually # FIXME: should be renamed to vaultwarden eventually
my.services.restic-backup = mkIf cfg.enable { my.services.restic-backup = mkIf cfg.enable {
paths = ["/var/lib/bitwarden_rs"]; paths = [ "/var/lib/bitwarden_rs" ];
exclude = ["/var/lib/bitwarden_rs/icon_cache"]; exclude = [ "/var/lib/bitwarden_rs/icon_cache" ];
}; };
services.fail2ban.jails = { services.fail2ban.jails = {
@ -125,4 +119,5 @@ in {
''; '';
}; };
}; };
} }

View file

@ -1,4 +1,5 @@
{...}: { { ... }:
{
imports = [ imports = [
# Default configuration # Default configuration
./base ./base