alarsyo/nixos-config
alarsyo/nixos-config
1
1
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Compare commits

base: alarsyo:4f0d45e4d54f2a9cca794e68eb76d5d8e7fe7003
Branches Tags
alarsyo:main
alarsyo:beta-25.11
alarsyo:framework
alarsyo:matrix-synapse-auto-compress
alarsyo:tmux-thumbs
..
compare: alarsyo:86eef74e9c35cb553901e8044f791c71b691115a
Branches Tags
alarsyo:main
alarsyo:beta-25.11
alarsyo:framework
alarsyo:matrix-synapse-auto-compress
alarsyo:tmux-thumbs

No commits in common. "4f0d45e4d54f2a9cca794e68eb76d5d8e7fe7003" and "86eef74e9c35cb553901e8044f791c71b691115a" have entirely different histories.
4f0d45e4d5 ... 86eef74e9c

89 changed files with 1314 additions and 1622 deletions
Download patch file Download diff file Expand all files Collapse all files

3
base/default.nix
View file

@ -1,4 +1,5 @@
{...}: {
{ ... }:
{
imports = [
./gui-programs.nix
./networking.nix

28
base/gui-programs.nix
View file

@ -1,17 +1,12 @@
{
pkgs,
lib,
config,
options,
...
}: let
inherit
(lib)
{ pkgs, lib, config, options, ... }:
let
inherit (lib)
mkEnableOption
mkIf
optional
;
in {
in
{
options.my.gui = {
enable = mkEnableOption "System has some kind of screen attached";
isNvidia = mkEnableOption "System a NVIDIA GPU";
@ -24,9 +19,7 @@ in {
xserver = {
enable = true;
# NOTE: could use `mkOptionDefault` but this feels more explicit
videoDrivers =
if config.my.gui.isNvidia
then ["nvidia"]
videoDrivers = if config.my.gui.isNvidia then [ "nvidia" ]
else options.services.xserver.videoDrivers.default;
windowManager.i3.enable = true;
layout = "fr";
@ -38,8 +31,7 @@ in {
};
environment.systemPackages = builtins.attrValues {
inherit
(pkgs)
inherit (pkgs)
element-desktop
feh
firefox
@ -68,11 +60,11 @@ in {
dispatcherScripts = [
{
source = let
source =
let
grep = "${pkgs.gnugrep}/bin/grep";
nmcli = "${pkgs.networkmanager}/bin/nmcli";
in
pkgs.writeShellScript "disable_wifi_on_ethernet" ''
in pkgs.writeShellScript "disable_wifi_on_ethernet" ''
export LC_ALL=C
enable_disable_wifi ()

9
base/networking.nix
View file

@ -1,10 +1,11 @@
{lib, ...}: let
inherit
(lib)
{ lib, ... }:
let
inherit (lib)
mkOption
types
;
in {
in
{
options.my.networking.externalInterface = mkOption {
type = types.nullOr types.str;
default = null;

7
base/nix.nix
View file

@ -1,12 +1,13 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
nixpkgs.config.allowUnfree = true;
nix = {
package = pkgs.nixStable;
settings = {
experimental-features = ["nix-command" "flakes"];
trusted-users = ["@wheel"];
experimental-features = [ "nix-command" "flakes" ];
trusted-users = [ "@wheel" ];
substituters = [
"https://alarsyo.cachix.org"
"https://nix-community.cachix.org"

18
base/programs.nix
View file

@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
programs = {
fish.enable = true;
gnupg.agent = {
@ -19,10 +20,8 @@
};
environment.systemPackages = builtins.attrValues {
inherit
(pkgs)
inherit (pkgs)
# shell usage
fd
ripgrep
sd
@ -30,9 +29,8 @@
tokei
tree
wget
# development
alejandra
# development
git
git-crypt
git-lfs
@ -42,8 +40,8 @@
pinentry-gnome
python3
vim
# terminal utilities
# terminal utilities
bottom
dogdns
du-dust
@ -52,14 +50,14 @@
tealdeer
unzip
zip
# nix pkgs lookup
# nix pkgs lookup
nix-index
agenix
;
inherit
(pkgs.llvmPackages_11)
inherit (pkgs.llvmPackages_11)
bintools
clang
;

11
base/users.nix
View file

@ -1,11 +1,8 @@
{
config,
lib,
pkgs,
...
}: let
{ config, lib, pkgs, ... }:
let
secrets = config.my.secrets;
in {
in
{
users.mutableUsers = false;
users.users.root = {
passwordFile = config.age.secrets."users/root-hashed-password".path;

3
boreal.nix
View file

@ -1,4 +1,5 @@
{...}: {
{ ... }:
{
imports = [
# Default configuration
./base

65
flake.nix
View file

@ -51,14 +51,7 @@
};
};
outputs = {
self,
nixpkgs,
home-manager,
agenix,
...
} @ inputs:
{
outputs = { self, nixpkgs, home-manager, agenix, ... } @inputs: {
nixosModules = {
home = {
home-manager.useGlobalPkgs = true;
@ -75,44 +68,40 @@
overlays = import ./overlays;
nixosConfigurations = let
nixosConfigurations =
let
system = "x86_64-linux";
shared_overlays =
[
shared_overlays = [
(self: super: {
packages = import ./pkgs {pkgs = super;};
packages = import ./pkgs { pkgs = super; };
# packages accessible through pkgs.unstable.package
unstable = import inputs.nixpkgs-unstable-small {
inherit system;
config.allowUnfree = true;
};
})
agenix.overlay
]
++ builtins.attrValues self.overlays;
sharedModules =
[
] ++ builtins.attrValues self.overlays;
sharedModules = [
agenix.nixosModule
home-manager.nixosModule
{nixpkgs.overlays = shared_overlays;}
]
++ (nixpkgs.lib.attrValues self.nixosModules);
{ nixpkgs.overlays = shared_overlays; }
] ++ (nixpkgs.lib.attrValues self.nixosModules);
in {
poseidon = nixpkgs.lib.nixosSystem rec {
inherit system;
modules =
[
modules = [
./poseidon.nix
]
++ sharedModules;
] ++ sharedModules;
};
boreal = nixpkgs.lib.nixosSystem rec {
inherit system;
modules =
[
modules = [
./boreal.nix
{
@ -127,14 +116,12 @@
# })
];
}
]
++ sharedModules;
] ++ sharedModules;
};
zephyrus = nixpkgs.lib.nixosSystem rec {
inherit system;
modules =
[
modules = [
./zephyrus.nix
inputs.nixos-hardware.nixosModules.common-cpu-intel
@ -146,26 +133,22 @@
inputs.emacs-overlay.overlay
];
}
]
++ sharedModules;
] ++ sharedModules;
};
};
}
// inputs.flake-utils.lib.eachDefaultSystem (system: {
} // inputs.flake-utils.lib.eachDefaultSystem (system: {
packages =
(
inputs.flake-utils.lib.flattenTree
(import ./pkgs {pkgs = import nixpkgs {inherit system;};})
)
// {
emacsPgtkGcc =
(
(import ./pkgs { pkgs = import nixpkgs { inherit system; }; })
) // {
emacsPgtkGcc = (
import nixpkgs {
inherit system;
overlays = [inputs.emacs-overlay.overlay];
overlays = [ inputs.emacs-overlay.overlay ];
}
)
.emacsPgtkGcc;
).emacsPgtkGcc;
};
});
}

18
home/alacritty.nix
View file

@ -1,19 +1,15 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
{ config, lib, pkgs, ... }:
let
inherit (lib)
mkEnableOption
mkIf
;
cfg = config.my.home.alacritty;
alacrittyTheme = config.my.theme.alacrittyTheme;
in {
options.my.home.alacritty.enable = (mkEnableOption "Alacritty terminal") // {default = config.my.home.x.enable;};
in
{
options.my.home.alacritty.enable = (mkEnableOption "Alacritty terminal") // { default = config.my.home.x.enable; };
config = mkIf cfg.enable {
programs.alacritty = {
@ -43,7 +39,7 @@ in {
};
};
home.packages = [pkgs.iosevka-bin];
home.packages = [ pkgs.iosevka-bin ];
# make sure font is discoverable
fonts.fontconfig.enable = true;

15
home/bat.nix
View file

@ -1,19 +1,16 @@
{
config,
lib,
...
}: let
inherit
(lib)
{ config, lib, ... }:
let
inherit (lib)
mkEnableOption
mkIf
;
cfg = config.my.home.bat;
batTheme = config.my.theme.batTheme;
in {
in
{
options.my.home.bat = {
enable = (mkEnableOption "bat code display tool") // {default = true;};
enable = (mkEnableOption "bat code display tool") // { default = true; };
};
config = mkIf cfg.enable {

3
home/default.nix
View file

@ -1,4 +1,5 @@
{...}: {
{ ... }:
{
imports = [
./alacritty.nix
./bat.nix

21
home/emacs.nix
View file

@ -1,32 +1,27 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
{ config, lib, pkgs, ... }:
let
inherit (lib)
mkEnableOption
mkIf
;
in {
in
{
options.my.home.emacs = {
enable = mkEnableOption "Emacs daemon configuration";
};
config = mkIf config.my.home.emacs.enable {
home.sessionPath = ["${config.xdg.configHome}/emacs/bin"];
home.sessionPath = [ "${config.xdg.configHome}/emacs/bin" ];
home.sessionVariables = {
EDITOR = "emacsclient -t";
};
home.packages = builtins.attrValues {
inherit
(pkgs)
inherit (pkgs)
sqlite # needed by org-roam
# fonts used by my config
emacs-all-the-icons-fonts
iosevka-bin
;

3
home/env.nix
View file

@ -1,4 +1,5 @@
{config, ...}: {
{ config, ... }:
{
home.sessionPath = [
"${config.home.homeDirectory}/.cargo/bin"
"${config.home.homeDirectory}/.local/bin"

16
home/firefox.nix
View file

@ -1,19 +1,15 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
{ config, lib, pkgs, ... }:
let
inherit (lib)
mkEnableOption
mkIf
;
cfg = config.my.home.firefox;
in {
in
{
options.my.home.firefox = {
enable = (mkEnableOption "firefox config") // {default = config.my.home.x.enable;};
enable = (mkEnableOption "firefox config") // { default = config.my.home.x.enable; };
};
config = mkIf cfg.enable {

17
home/fish/default.nix
View file

@ -1,17 +1,14 @@
{
config,
lib,
...
}: let
inherit
(lib)
{ config, lib, ... }:
let
inherit (lib)
mkEnableOption
mkIf
;
cfg = config.my.home.fish;
in {
options.my.home.fish.enable = (mkEnableOption "Fish shell") // {default = true;};
in
{
options.my.home.fish.enable = (mkEnableOption "Fish shell") // { default = true; };
config = mkIf cfg.enable {
home.sessionVariables = {
@ -24,6 +21,6 @@ in {
enable = true;
};
xdg.configFile."fish/functions" = {source = ./. + "/functions";};
xdg.configFile."fish/functions" = { source = ./. + "/functions"; };
};
}

13
home/flameshot.nix
View file

@ -1,16 +1,13 @@
{
config,
lib,
...
}: let
inherit
(lib)
{ config, lib, ... }:
let
inherit (lib)
mkEnableOption
mkIf
;
cfg = config.my.home.flameshot;
in {
in
{
options.my.home.flameshot = {
enable = mkEnableOption "flameshot autolaunch";
};

32
home/git.nix
View file

@ -1,18 +1,14 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
{ config, lib, pkgs, ... }:
let
inherit (lib)
mkEnableOption
mkIf
;
cfg = config.my.home.git;
in {
options.my.home.git.enable = (mkEnableOption "Git configuration") // {default = true;};
in
{
options.my.home.git.enable = (mkEnableOption "Git configuration") // { default = true; };
config = mkIf cfg.enable {
programs.git = {
@ -30,11 +26,11 @@ in {
userName = "Antoine Martin";
extraConfig = {
commit = {verbose = true;};
core = {editor = "vim";};
init = {defaultBranch = "main";};
pull = {rebase = true;};
rerere = {enabled = true;};
commit = { verbose = true; };
core = { editor = "vim"; };
init = { defaultBranch = "main"; };
pull = { rebase = true; };
rerere = { enabled = true; };
};
aliases = {
@ -46,15 +42,15 @@ in {
includes = [
{
condition = "gitdir:~/work/lrde/";
contents = {user = {email = "amartin@lrde.epita.fr";};};
contents = { user = { email = "amartin@lrde.epita.fr"; }; };
}
{
condition = "gitdir:~/work/prologin/";
contents = {user = {email = "antoine.martin@prologin.org";};};
contents = { user = { email = "antoine.martin@prologin.org"; }; };
}
{
condition = "gitdir:~/work/epita/";
contents = {user = {email = "antoine4.martin@epita.fr";};};
contents = { user = { email = "antoine4.martin@epita.fr"; }; };
}
];
};

13
home/laptop.nix
View file

@ -1,13 +1,10 @@
{
config,
lib,
...
}: let
inherit
(lib)
{ config, lib, ... }:
let
inherit (lib)
mkEnableOption
;
in {
in
{
options.my.home.laptop = {
enable = mkEnableOption "Laptop settings";
};

15
home/lorri.nix
View file

@ -1,18 +1,15 @@
{
config,
lib,
...
}: let
inherit
(lib)
{ config, lib, ... }:
let
inherit (lib)
mkEnableOption
mkIf
;
cfg = config.my.home.lorri;
in {
in
{
options.my.home.lorri = {
enable = (mkEnableOption "lorri daemon setup") // {default = true;};
enable = (mkEnableOption "lorri daemon setup") // { default = true; };
};
config = mkIf cfg.enable {

16
home/mail.nix
View file

@ -1,11 +1,6 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
{ config, lib, pkgs, ... }:
let
inherit (lib)
mkEnableOption
mkIf
;
@ -15,12 +10,13 @@
email_lrde = "amartin@lrde.epita.fr";
cfg = config.my.home.mail;
in {
in
{
options.my.home.mail = {
# I *could* read email in a terminal emacs client on a server, but in
# practice I don't think it'll happen very often, so let's enable this only
# when I'm on a machine with a Xorg server.
enable = (mkEnableOption "email configuration") // {default = config.my.home.x.enable;};
enable = (mkEnableOption "email configuration") // { default = config.my.home.x.enable; };
};
config = mkIf cfg.enable {

16
home/rbw.nix
View file

@ -1,18 +1,14 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
{ config, lib, pkgs, ... }:
let
inherit (lib)
mkEnableOption
mkIf
;
cfg = config.my.home.mail;
in {
in
{
options.my.home.rbw = {
enable = mkEnableOption "rbw configuration";
enable = (mkEnableOption "rbw configuration");
};
config = mkIf cfg.enable {

16
home/rofi.nix
View file

@ -1,19 +1,15 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
{ config, lib, pkgs, ... }:
let
inherit (lib)
mkEnableOption
mkIf
;
cfg = config.my.home.rofi;
in {
in
{
options.my.home.rofi = {
enable = (mkEnableOption "rofi configuration") // {default = config.my.home.x.enable;};
enable = (mkEnableOption "rofi configuration") // { default = config.my.home.x.enable; };
};
config = mkIf cfg.enable {

19
home/ssh.nix
View file

@ -1,18 +1,15 @@
{
config,
lib,
...
}: let
inherit
(lib)
{ config, lib, ... }:
let
inherit (lib)
mkEnableOption
mkIf
;
cfg = config.my.home.ssh;
in {
in
{
options.my.home.ssh = {
enable = (mkEnableOption "ssh configuration") // {default = true;};
enable = (mkEnableOption "ssh configuration") // { default = true; };
};
config = mkIf cfg.enable {
@ -20,8 +17,8 @@ in {
enable = true;
matchBlocks = {
boreal = {hostname = "boreal.alarsyo.net";};
poseidon = {hostname = "poseidon.alarsyo.net";};
boreal = { hostname = "boreal.alarsyo.net"; };
poseidon = { hostname = "poseidon.alarsyo.net"; };
pi = {
hostname = "pi.alarsyo.net";
user = "pi";

12
home/themes/alacritty.nix
View file

@ -1,11 +1,11 @@
{lib}: let
inherit
(lib)
{ lib }:
let
inherit (lib)
mkOption
types
;
mkColorOption = import ./color.nix {inherit lib;};
mkColorOption = import ./color.nix { inherit lib; };
primaryColorModule = types.submodule {
options = {
@ -34,7 +34,7 @@
};
};
in
types.submodule {
types.submodule {
options = {
primary = mkOption {
type = primaryColorModule;
@ -90,4 +90,4 @@ in
};
};
};
}
}

10
home/themes/bat.nix
View file

@ -1,15 +1,15 @@
{lib}: let
inherit
(lib)
{ lib }:
let
inherit (lib)
mkOption
types
;
in
types.submodule {
types.submodule {
options = {
name = mkOption {
type = types.str;
default = "";
};
};
}
}

14
home/themes/color.nix
View file

@ -1,18 +1,14 @@
{lib}: let
inherit
(lib)
{ lib }:
let
inherit (lib)
mkOption
types
;
mkColorOption = {
default ? "#000000",
description ? "",
}:
mkOption {
mkColorOption = {default ? "#000000", description ? "" }: mkOption {
inherit description default;
example = "#abcdef";
type = types.strMatching "#[0-9a-f]{6}";
};
in
mkColorOption
mkColorOption

21
home/themes/default.nix
View file

@ -1,10 +1,6 @@
{
config,
lib,
...
}: let
inherit
(lib)
{ config, lib, ... }:
let
inherit (lib)
mkOption
types
;
@ -12,24 +8,25 @@
themeType = types.submodule {
options = {
alacrittyTheme = mkOption {
type = import ./alacritty.nix {inherit lib;};
type = import ./alacritty.nix { inherit lib; };
default = {};
};
batTheme = mkOption {
type = import ./bat.nix {inherit lib;};
type = import ./bat.nix { inherit lib; };
default = {};
};
i3Theme = mkOption {
type = import ./i3.nix {inherit lib;};
type = import ./i3.nix { inherit lib; };
default = {};
};
i3BarTheme = mkOption {
type = import ./i3bar.nix {inherit lib;};
type = import ./i3bar.nix { inherit lib; };
default = {};
};
};
};
in {
in
{
options.my.theme = mkOption {
type = themeType;
default = {};

15
home/themes/i3.nix
View file

@ -1,11 +1,11 @@
{lib}: let
inherit
(lib)
{ lib }:
let
inherit (lib)
mkOption
types
;
mkColorOption = import ./color.nix {inherit lib;};
mkColorOption = import ./color.nix { inherit lib; };
barColorSetModule = types.submodule {
options = {
@ -25,7 +25,7 @@
};
};
in
types.submodule {
types.submodule {
options = {
bar = mkOption {
type = types.submodule {
@ -102,7 +102,8 @@ in
background = "#900000";
text = "#ffffff";
};
description = "Border, background and text color for the binding mode indicator";
description =
"Border, background and text color for the binding mode indicator";
};
};
};
@ -185,4 +186,4 @@ in
'';
};
};
}
}

12
home/themes/i3bar.nix
View file

@ -1,13 +1,13 @@
{lib}: let
inherit
(lib)
{ lib }:
let
inherit (lib)
mkOption
types
;
mkColorOption = import ./color.nix {inherit lib;};
mkColorOption = import ./color.nix { inherit lib; };
in
types.submodule {
types.submodule {
options = {
theme = mkOption {
type = types.submodule {
@ -25,4 +25,4 @@ in
default = {};
};
};
}
}

6
home/themes/solarizedLight/alacritty.nix
View file

@ -1,6 +1,5 @@
let
inherit
(import ./colors.nix)
inherit (import ./colors.nix)
base0
base00
base01
@ -18,7 +17,8 @@ let
violet
yellow
;
in {
in
{
primary = {
background = base3;
foreground = base00;

6
home/themes/solarizedLight/i3.nix
View file

@ -1,6 +1,5 @@
let
inherit
(import ./colors.nix)
inherit (import ./colors.nix)
base00
base2
base3
@ -10,7 +9,8 @@ let
red
yellow
;
in {
in
{
bar = {
background = base3;
statusline = yellow;

6
home/themes/solarizedLight/i3bar.nix
View file

@ -1,6 +1,5 @@
let
inherit
(import ./colors.nix)
inherit (import ./colors.nix)
base00
base2
base3
@ -9,7 +8,8 @@ let
red
yellow
;
in {
in
{
theme = {
name = "solarized-light";
overrides = {

20
home/tmux.nix
View file

@ -1,19 +1,15 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
{ config, lib, pkgs, ... }:
let
inherit (lib)
mkEnableOption
mkIf
;
cfg = config.my.home.tmux;
in {
in
{
options.my.home.tmux = {
enable = (mkEnableOption "tmux dotfiles") // {default = true;};
enable = (mkEnableOption "tmux dotfiles") // { default = true; };
};
config = mkIf cfg.enable {
@ -23,9 +19,7 @@ in {
terminal = "screen-256color";
clock24 = true;
plugins = let
inherit (pkgs) tmuxPlugins;
in [
plugins = let inherit (pkgs) tmuxPlugins; in [
{
plugin = tmuxPlugins.cpu;
extraConfig = ''

15
home/tridactyl.nix
View file

@ -1,18 +1,15 @@
{
config,
lib,
...
}: let
inherit
(lib)
{ config, lib, ... }:
let
inherit (lib)
mkEnableOption
mkIf
;
cfg = config.my.home.tridactyl;
in {
in
{
options.my.home.tridactyl = {
enable = (mkEnableOption "tridactyl code display tool") // {default = config.my.home.firefox.enable;};
enable = (mkEnableOption "tridactyl code display tool") // { default = config.my.home.firefox.enable; };
};
config = mkIf cfg.enable {

16
home/x/cursor.nix
View file

@ -1,18 +1,14 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
{ config, lib, pkgs, ... }:
let
inherit (lib)
mkEnableOption
mkIf
;
cfg = config.my.home.x.cursor;
in {
options.my.home.x.cursor.enable = (mkEnableOption "X cursor") // {default = config.my.home.x.enable;};
in
{
options.my.home.x.cursor.enable = (mkEnableOption "X cursor") // { default = config.my.home.x.enable; };
config = mkIf cfg.enable {
xsession.pointerCursor = {

14
home/x/default.nix
View file

@ -1,14 +1,10 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
{ config, lib, pkgs, ... }:
let
inherit (lib)
mkEnableOption
;
in {
in
{
imports = [
./cursor.nix
./i3.nix

47
home/x/i3.nix
View file

@ -1,11 +1,6 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
{ config, lib, pkgs, ... }:
let
inherit (lib)
mkIf
mkOptionDefault
;
@ -25,13 +20,14 @@
logoutMode = "[L]ogout, [S]uspend, [P]oweroff, [R]eboot";
i3Theme = config.my.theme.i3Theme;
in {
in
{
config = mkIf isEnabled {
my.home = {
flameshot.enable = true;
};
home.packages = [pkgs.betterlockscreen];
home.packages = [ pkgs.betterlockscreen ];
xsession.windowManager.i3 = {
enable = true;
@ -39,15 +35,17 @@ in {
config = {
inherit modifier;
bars = let
bars =
let
barConfigPath =
config.xdg.configFile."i3status-rust/config-top.toml".target;
in [
in
[
{
statusCommand = "i3status-rs ${barConfigPath}";
position = "top";
fonts = {
names = ["DejaVuSansMono" "FontAwesome5Free"];
names = [ "DejaVuSansMono" "FontAwesome5Free" ];
size = 9.0;
};
@ -64,8 +62,7 @@ in {
];
colors = {
inherit
(i3Theme)
inherit (i3Theme)
focused
focusedInactive
unfocused
@ -81,7 +78,7 @@ in {
workspaceAutoBackAndForth = true;
fonts = {
names = ["DejaVu Sans Mono"];
names = [ "DejaVu Sans Mono" ];
size = 8.0;
};
@ -107,10 +104,9 @@ in {
"${modifier}+d" = "exec ${pkgs.rofi}/bin/rofi -show run";
};
modes = let
makeModeBindings = attrs:
attrs
// {
modes =
let
makeModeBindings = attrs: attrs // {
"Escape" = "mode default";
"Return" = "mode default";
};
@ -128,23 +124,20 @@ in {
assigns = {
"10" = [
{class = "Slack";}
{class = "discord";}
{ class = "Slack"; }
{ class = "discord"; }
];
};
window.commands = [
{
command = "border pixel 2";
criteria = {class = "Alacritty";};
}
{ command = "border pixel 2"; criteria = { class = "Alacritty"; }; }
# NOTE: should be done with an assign command, but Spotify doesn't set
# its class until after initialization, so has to be done this way.
#
# See https://i3wm.org/docs/userguide.html#assign_workspace
{
criteria = {class = "Spotify";};
criteria = { class = "Spotify"; };
command = "move --no-auto-back-and-forth to workspace 8";
}
];

43
home/x/i3bar.nix
View file

@ -1,11 +1,6 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
{ config, lib, pkgs, ... }:
let
inherit (lib)
lists
mkIf
mkOption
@ -16,7 +11,8 @@
isEnabled = config.my.home.x.enable;
i3BarTheme = config.my.theme.i3BarTheme;
cfg = config.my.home.x.i3bar;
in {
in
{
options.my.home.x.i3bar = {
temperature.chip = mkOption {
type = types.str;
@ -31,17 +27,15 @@ in {
networking.throughput_interfaces = mkOption {
type = types.listOf types.str;
example = ["wlp1s0"];
default = [];
example = [ "wlp1s0" ];
default = [ ];
};
};
config = mkIf isEnabled {
home.packages = builtins.attrValues {
inherit
(pkgs)
inherit (pkgs)
# FIXME: is this useful?
font-awesome
;
};
@ -55,8 +49,7 @@ in {
theme = i3BarTheme.theme.name;
settings = i3BarTheme;
blocks =
[
blocks = [
{
block = "pomodoro";
length = 60;
@ -95,19 +88,18 @@ in {
chip = cfg.temperature.chip;
inputs = cfg.temperature.inputs;
}
]
++ (
lists.optionals ((builtins.length cfg.networking.throughput_interfaces) != 0)
] ++ (lists.optionals ((builtins.length cfg.networking.throughput_interfaces) != 0)
(map
(interface: {
(interface:
{
block = "net";
device = interface;
interval = 1;
hide_inactive = true;
})
cfg.networking.throughput_interfaces)
)
++ [
) ++ [
{
block = "networkmanager";
primary_only = true;
@ -116,14 +108,11 @@ in {
block = "sound";
driver = "pulseaudio";
}
]
++ (
optional config.my.home.laptop.enable
] ++ (optional config.my.home.laptop.enable
{
block = "battery";
}
)
++ [
) ++ [
# {
# block = "notify";
# }

15
hosts/boreal/default.nix
View file

@ -1,14 +1,11 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}: {
imports = [
# Include the results of the hardware scan.
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
./home.nix
@ -30,7 +27,7 @@
services.btrfs = {
autoScrub = {
enable = true;
fileSystems = ["/"];
fileSystems = [ "/" ];
};
};
@ -96,7 +93,7 @@
"rfkill-release"
];
services.udev.packages = [pkgs.packages.kaleidoscope-udev-rules];
services.udev.packages = [ pkgs.packages.kaleidoscope-udev-rules ];
hardware.bluetooth = {
enable = true;

32
hosts/boreal/hardware-configuration.nix
View file

@ -1,34 +1,30 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/1a942915-c1ae-4058-b99d-09d12d40dbd3";
fileSystems."/" =
{ device = "/dev/disk/by-uuid/1a942915-c1ae-4058-b99d-09d12d40dbd3";
fsType = "btrfs";
options = ["subvol=nixos" "compress=zstd:1" "noatime"];
options = [ "subvol=nixos" "compress=zstd:1" "noatime" ];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/17C7-368D";
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/17C7-368D";
fsType = "vfat";
};
swapDevices = [];
swapDevices = [ ];
hardware.cpu.amd.updateMicrocode = true;
}

17
hosts/boreal/home.nix
View file

@ -1,29 +1,24 @@
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
home-manager.users.alarsyo = {
# Keyboard settings & i3 settings
my.home.x.enable = true;
my.home.x.i3bar.temperature.chip = "k10temp-pci-*";
my.home.x.i3bar.temperature.inputs = ["Tccd1"];
my.home.x.i3bar.networking.throughput_interfaces = ["enp8s0" "wlp4s0"];
my.home.x.i3bar.temperature.inputs = [ "Tccd1" ];
my.home.x.i3bar.networking.throughput_interfaces = [ "enp8s0" "wlp4s0" ];
my.home.emacs.enable = true;
my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight;
home.packages = builtins.attrValues {
inherit
(pkgs)
inherit (pkgs)
# some websites only work there :(
chromium
# dev
rustup
# keyboard goodness
# keyboard goodness
chrysalis
;

16
hosts/boreal/secrets.nix
View file

@ -1,16 +1,12 @@
{ config, lib, options, ... }:
{
config,
lib,
options,
...
}: {
config.age = {
secrets = let
toSecret = name: {...} @ attrs:
{
secrets =
let
toSecret = name: { ... }@attrs: {
file = ./../../modules/secrets + "/${name}.age";
}
// attrs;
} // attrs;
in
lib.mapAttrs toSecret {
"restic-backup/boreal-credentials" = {};

20
hosts/poseidon/default.nix
View file

@ -1,16 +1,14 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{
config,
lib,
pkgs,
...
}: let
{ config, lib, pkgs, ... }:
let
secrets = config.my.secrets;
in {
imports = [
# Include the results of the hardware scan.
in
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
./home.nix
@ -22,12 +20,12 @@ in {
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
boot.supportedFilesystems = ["btrfs"];
boot.supportedFilesystems = [ "btrfs" ];
services.btrfs = {
autoScrub = {
enable = true;
fileSystems = ["/"];
fileSystems = [ "/" ];
};
};

39
hosts/poseidon/hardware-configuration.nix
View file

@ -1,29 +1,24 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: let
inherit
(lib)
{ config, lib, pkgs, modulesPath, ... }:
let
inherit (lib)
mkDefault
;
in {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
in
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["ahci" "usbhid"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [ "ahci" "usbhid" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/adcf0158-edfb-402f-82e7-61e4902af989";
fileSystems."/" =
{ device = "/dev/disk/by-uuid/adcf0158-edfb-402f-82e7-61e4902af989";
fsType = "btrfs";
options = [
"subvol=@nixos"
@ -32,13 +27,13 @@ in {
];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/ff54b622-0e26-4c6e-aa0c-ac2c1e12699a";
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/ff54b622-0e26-4c6e-aa0c-ac2c1e12699a";
fsType = "ext4";
};
swapDevices = [
{device = "/dev/disk/by-uuid/381a9c5e-4d71-45b4-ac62-e7414b3768fc";}
swapDevices =
[ { device = "/dev/disk/by-uuid/381a9c5e-4d71-45b4-ac62-e7414b3768fc"; }
];
powerManagement.cpuFreqGovernor = mkDefault "ondemand";

4
hosts/poseidon/home.nix
View file

@ -1,5 +1,7 @@
{config, ...}: {
{ config, ... }:
{
home-manager.users.alarsyo = {
my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight;
};
}

16
hosts/poseidon/secrets.nix
View file

@ -1,16 +1,12 @@
{ config, lib, options, ... }:
{
config,
lib,
options,
...
}: {
config.age = {
secrets = let
toSecret = name: {...} @ attrs:
{
secrets =
let
toSecret = name: { ... }@attrs: {
file = ./../../modules/secrets + "/${name}.age";
}
// attrs;
} // attrs;
in
lib.mapAttrs toSecret {
"gandi/api-key" = {};

17
hosts/zephyrus/default.nix
View file

@ -1,14 +1,11 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}: {
imports = [
# Include the results of the hardware scan.
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
./home.nix
./secrets.nix
@ -23,7 +20,7 @@
services.btrfs = {
autoScrub = {
enable = true;
fileSystems = ["/"];
fileSystems = [ "/" ];
};
};
@ -89,9 +86,9 @@
};
my.gui.enable = true;
environment.systemPackages = [pkgs.arandr pkgs.chrysalis];
environment.systemPackages = [ pkgs.arandr pkgs.chrysalis ];
services.udev.packages = [pkgs.packages.kaleidoscope-udev-rules];
services.udev.packages = [ pkgs.packages.kaleidoscope-udev-rules ];
hardware.bluetooth = {
enable = true;

51
hosts/zephyrus/hardware-configuration.nix
View file

@ -1,54 +1,49 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: let
inherit
(lib)
{ config, lib, pkgs, modulesPath, ... }:
let
inherit (lib)
mkDefault
;
in {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
in
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/6395cef1-c30b-450a-917c-cfb3c0380642";
fileSystems."/" =
{ device = "/dev/disk/by-uuid/6395cef1-c30b-450a-917c-cfb3c0380642";
fsType = "btrfs";
options = ["subvol=@" "compress=zstd" "noatime"];
options = [ "subvol=@" "compress=zstd" "noatime" ];
};
boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/c59e7067-e33c-474c-9b8e-96d0e8f59297";
fileSystems."/home" = {
device = "/dev/disk/by-uuid/6395cef1-c30b-450a-917c-cfb3c0380642";
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/6395cef1-c30b-450a-917c-cfb3c0380642";
fsType = "btrfs";
options = ["subvol=@home" "compress=zstd" "noatime"];
options = [ "subvol=@home" "compress=zstd" "noatime" ];
neededForBoot = true; # agenix needs my key for some root secrets
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/6395cef1-c30b-450a-917c-cfb3c0380642";
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/6395cef1-c30b-450a-917c-cfb3c0380642";
fsType = "btrfs";
options = ["subvol=@nix" "compress=zstd" "noatime"];
options = [ "subvol=@nix" "compress=zstd" "noatime" ];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/D9DA-F46C";
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/D9DA-F46C";
fsType = "vfat";
};
swapDevices = [];
swapDevices = [ ];
powerManagement.cpuFreqGovernor = mkDefault "powersave";

16
hosts/zephyrus/home.nix
View file

@ -1,8 +1,5 @@
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
home-manager.users.alarsyo = {
my.home.laptop.enable = true;
@ -10,20 +7,19 @@
my.home.x.enable = true;
my.home.x.i3bar.temperature.chip = "coretemp-isa-*";
my.home.x.i3bar.temperature.inputs = ["Core 0" "Core 1" "Core 2" "Core 3"];
my.home.x.i3bar.networking.throughput_interfaces = ["enp0s31f6" "wlp0s20f3" "enp43s0u1u1"];
my.home.x.i3bar.networking.throughput_interfaces = [ "enp0s31f6" "wlp0s20f3" "enp43s0u1u1" ];
my.home.emacs.enable = true;
my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight;
home.packages = builtins.attrValues {
inherit
(pkgs)
inherit (pkgs)
# some websites only work there :(
chromium
darktable
# dev
darktable
# dev
rustup
;

16
hosts/zephyrus/secrets.nix
View file

@ -1,16 +1,12 @@
{ config, lib, options, ... }:
{
config,
lib,
options,
...
}: {
config.age = {
secrets = let
toSecret = name: {...} @ attrs:
{
secrets =
let
toSecret = name: { ... }@attrs: {
file = ./../../modules/secrets + "/${name}.age";
}
// attrs;
} // attrs;
in
lib.mapAttrs toSecret {
"restic-backup/zephyrus-credentials" = {};

3
modules/default.nix
View file

@ -1,4 +1,5 @@
{...}: {
{ ... }:
{
imports = [
./sddm.nix
./secrets

20
modules/sddm.nix
View file

@ -1,17 +1,13 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
{ config, lib, pkgs, ... }:
let
inherit (lib)
mkEnableOption
mkIf
;
cfg = config.my.displayManager.sddm;
in {
in
{
options.my.displayManager.sddm.enable = mkEnableOption "SDDM setup";
config = mkIf cfg.enable {
@ -21,13 +17,11 @@ in {
};
environment.systemPackages = builtins.attrValues {
inherit
(pkgs.packages)
inherit (pkgs.packages)
sddm-sugar-candy
;
inherit
(pkgs.libsForQt5.qt5)
inherit (pkgs.libsForQt5.qt5)
qtgraphicaleffects
qtquickcontrols2
qtsvg

11
modules/secrets/default.nix
View file

@ -1,13 +1,8 @@
{ config, lib, options, ... }:
{
config,
lib,
options,
...
}: {
config.age = {
identityPaths =
options.age.identityPaths.default
++ [
identityPaths = options.age.identityPaths.default ++ [
"/home/alarsyo/.ssh/id_ed25519"
];
};

35
modules/secrets/secrets.nix
View file

@ -1,35 +1,36 @@
let
alarsyo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH3rrF3VSWI4n4cpguvlmLAaU3uftuX4AVV/39S/8GO9 alarsyo@thinkpad";
users = [alarsyo];
users = [ alarsyo ];
boreal = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAagal1aqZh52wEmgsw7fkCzO41o4Cx+nV4wJGZuX1RP root@boreal";
poseidon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKYhZYMbWQG9TSQ2qze8GgFo2XrZzgu/GuSOGwenByJo root@poseidon";
zephyrus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILU4JfIADH9MXUnVe+3ezYK9WXsqy/jJcm1zFkmL4aSU root@zephyrus";
machines = [boreal poseidon zephyrus];
machines = [ boreal poseidon zephyrus ];
all = users ++ machines;
in {
"gandi/api-key.age".publicKeys = [poseidon];
in
{
"gandi/api-key.age".publicKeys = [ poseidon ];
"lohr/shared-secret.age".publicKeys = [poseidon];
"lohr/shared-secret.age".publicKeys = [ poseidon ];
"matrix-synapse/secret-config.age".publicKeys = [poseidon];
"matrix-synapse/secret-config.age".publicKeys = [ poseidon ];
"miniflux/admin-credentials.age".publicKeys = [poseidon];
"miniflux/admin-credentials.age".publicKeys = [ poseidon ];
"nextcloud/admin-pass.age".publicKeys = [poseidon];
"nextcloud/admin-pass.age".publicKeys = [ poseidon ];
"paperless/admin-password.age".publicKeys = [poseidon];
"paperless/secret-key.age".publicKeys = [poseidon];
"paperless/admin-password.age".publicKeys = [ poseidon ];
"paperless/secret-key.age".publicKeys = [ poseidon ];
"restic-backup/boreal-password.age".publicKeys = [alarsyo boreal];
"restic-backup/boreal-credentials.age".publicKeys = [alarsyo boreal];
"restic-backup/poseidon-password.age".publicKeys = [alarsyo poseidon];
"restic-backup/poseidon-credentials.age".publicKeys = [alarsyo poseidon];
"restic-backup/zephyrus-password.age".publicKeys = [alarsyo zephyrus];
"restic-backup/zephyrus-credentials.age".publicKeys = [alarsyo zephyrus];
"restic-backup/boreal-password.age".publicKeys = [ alarsyo boreal ];
"restic-backup/boreal-credentials.age".publicKeys = [ alarsyo boreal ];
"restic-backup/poseidon-password.age".publicKeys = [ alarsyo poseidon ];
"restic-backup/poseidon-credentials.age".publicKeys = [ alarsyo poseidon ];
"restic-backup/zephyrus-password.age".publicKeys = [ alarsyo zephyrus ];
"restic-backup/zephyrus-credentials.age".publicKeys = [ alarsyo zephyrus ];
"users/root-hashed-password.age".publicKeys = machines;
"users/alarsyo-hashed-password.age".publicKeys = machines ++ [alarsyo];
"users/alarsyo-hashed-password.age".publicKeys = machines ++ [ alarsyo ];
}

27
modules/wakeonwlan.nix
View file

@ -1,11 +1,7 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
{ config, lib, pkgs, ... }:
let
inherit (lib)
concatStringsSep
literalExample
mapAttrs'
@ -19,9 +15,9 @@
mkWowlanService = name: cfg:
nameValuePair "wowlan-${name}" {
description = "Enable WoWLAN for interface ${name}";
requires = ["network.target"];
after = ["network.target"];
wantedBy = ["multi-user.target"];
requires = [ "network.target" ];
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
};
@ -29,12 +25,11 @@
${pkgs.iw}/bin/iw ${name} wowlan enable ${concatStringsSep " " cfg.methods}
'';
};
in {
options.my.wakeonwlan = let
inherit (lib) types;
in {
in
{
options.my.wakeonwlan = let inherit (lib) types; in {
interfaces = mkOption {
default = {};
default = { };
description = "Wireless interfaces where you want to enable WoWLAN";
example = literalExample ''
{

8
overlays/i3status-rust/default.nix
View file

@ -1,4 +1,5 @@
final: prev: {
final: prev:
{
# overlay created because nixpkgs's `i3status-rust` depended on `notmuch`, and
# `notmuch`'s tests were briefly broken. the features I'm disabling, I don't
# need anyway: (at the time of writing)
@ -7,14 +8,13 @@ final: prev: {
# - maildir
i3status-rust = prev.i3status-rust.overrideAttrs (oldAttrs: {
buildInputs = builtins.attrValues {
inherit
(final)
inherit (final)
dbus
lm_sensors
openssl
pulseaudio
;
};
cargoBuildFeatures = ["pulseaudio"];
cargoBuildFeatures = [ "pulseaudio" ];
});
}

3
pkgs/default.nix
View file

@ -1,4 +1,5 @@
{pkgs}: {
{ pkgs }:
{
sddm-sugar-candy = pkgs.callPackage ./sddm-sugar-candy {};
kaleidoscope-udev-rules = pkgs.callPackage ./kaleidoscope-udev-rules {};
grafanaDashboards = pkgs.recurseIntoAttrs (pkgs.callPackage ./grafana-dashboards {});

3
pkgs/grafana-dashboards/default.nix
View file

@ -1,4 +1,5 @@
{callPackage}: {
{ callPackage }:
{
nginx = callPackage ./nginx.nix {};
node-exporter = callPackage ./node-exporter.nix {};
}

15
pkgs/grafana-dashboards/nginx.nix
View file

@ -1,17 +1,12 @@
{
stdenv,
fetchFromGitHub,
lib,
...
}: let
inherit
(lib)
{ stdenv, fetchFromGitHub, lib, ... }:
let
inherit (lib)
licenses
;
version = "0.9.0";
in
stdenv.mkDerivation {
stdenv.mkDerivation {
inherit version;
pname = "grafana-dashboard-nginx";
@ -34,4 +29,4 @@ in
homepage = "https://github.com/nginxinc/nginx-prometheus-exporter";
license = licenses.asl20;
};
}
}

15
pkgs/grafana-dashboards/node-exporter.nix
View file

@ -1,17 +1,12 @@
{
stdenv,
fetchFromGitHub,
lib,
...
}: let
inherit
(lib)
{ stdenv, fetchFromGitHub, lib, ... }:
let
inherit (lib)
licenses
;
version = "7d61c79619e5749e629758ecd96748c010028120";
in
stdenv.mkDerivation {
stdenv.mkDerivation {
version = "master-${version}";
pname = "grafana-dashboard-node-exporter";
@ -34,4 +29,4 @@ in
homepage = "https://github.com/rfrail3/grafana-dashboards";
license = licenses.lgpl3Only;
};
}
}

15
pkgs/kaleidoscope-udev-rules/default.nix
View file

@ -1,16 +1,13 @@
{
stdenv,
lib,
fetchFromGitHub,
}: let
inherit
(lib)
{ stdenv, lib, fetchFromGitHub }:
let
inherit (lib)
licenses
;
version = "1.99.3";
in
stdenv.mkDerivation {
stdenv.mkDerivation {
inherit version;
pname = "kaleidoscope-udev-rules";
@ -33,4 +30,4 @@ in
homepage = "https://github.com/keyboardio/Kaleidoscope";
license = licenses.gpl3Only;
};
}
}

7
pkgs/sddm-sugar-candy/default.nix
View file

@ -1,7 +1,4 @@
{
stdenv,
fetchFromGitLab,
}:
{ stdenv, fetchFromGitLab }:
stdenv.mkDerivation rec {
pname = "sddm-sugar-candy";
# latest master commit, no recent tags :(
@ -13,7 +10,7 @@ stdenv.mkDerivation rec {
cp -aR . $out/share/sddm/themes/sugar-candy
'';
patches = [./custom-conf.patch];
patches = [ ./custom-conf.patch ];
src = fetchFromGitLab {
domain = "framagit.org";

14
pkgs/spot/default.nix
View file

@ -1,11 +1,11 @@
{
stdenv,
fetchurl,
python3,
}: let
{ stdenv
, fetchurl
, python3
}:
let
version = "2.10.4";
in
stdenv.mkDerivation {
stdenv.mkDerivation {
inherit version;
pname = "spot";
@ -17,4 +17,4 @@ in
url = "https://www.lrde.epita.fr/dload/spot/spot-${version}.tar.gz";
sha256 = "sha256-6GKc22zOgwd4JpYM0B7OUhPar5ooPW9iqvaa+gYjR4o=";
};
}
}

4
poseidon.nix
View file

@ -1,4 +1,6 @@
{...}: {
{ ... }:
{
imports = [
# Default configuration
./base

4
services/default.nix
View file

@ -1,4 +1,6 @@
{...}: {
{ ... }:
{
imports = [
./vaultwarden.nix
./fail2ban.nix

12
services/fail2ban.nix
View file

@ -1,11 +1,7 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
{ config, lib, pkgs, ... }:
let
inherit (lib)
mkEnableOption
mkIf
;

23
services/fava.nix
View file

@ -1,11 +1,7 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
{ config, lib, pkgs, ... }:
let
inherit (lib)
mkEnableOption
mkIf
mkOption
@ -15,10 +11,9 @@
my = config.my;
domain = config.networking.domain;
secrets = config.my.secrets;
in {
options.my.services.fava = let
inherit (lib) types;
in {
in
{
options.my.services.fava = let inherit (lib) types; in {
enable = mkEnableOption "Fava";
home = mkOption {
@ -44,7 +39,7 @@ in {
config = mkIf cfg.enable {
systemd.services.fava = {
wantedBy = ["multi-user.target"];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Environment = [];
ExecStart = "${pkgs.fava}/bin/fava -H 127.0.0.1 -p ${toString cfg.port} ${cfg.home}/${cfg.filePath}";
@ -60,7 +55,7 @@ in {
createHome = true;
group = "fava";
};
users.groups.fava = {};
users.groups.fava = { };
services.nginx.virtualHosts = {
"fava.${domain}" = {

22
services/gitea/default.nix
View file

@ -1,11 +1,7 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
{ config, lib, pkgs, ... }:
let
inherit (lib)
mkEnableOption
mkIf
mkOption
@ -16,9 +12,7 @@
domain = config.networking.domain;
in {
options.my.services.gitea = let
inherit (lib) types;
in {
options.my.services.gitea = let inherit (lib) types; in {
enable = mkEnableOption "Personal Git hosting with Gitea";
privatePort = mkOption {
@ -39,11 +33,11 @@ in {
# the systemd service for the gitea module seems to hardcode the group as
# gitea, so, uh, just in case?
extraGroups = ["gitea"];
extraGroups = [ "gitea" ];
isSystemUser = true;
};
users.groups.git = {};
users.groups.git = { };
services.gitea = {
enable = true;
@ -94,7 +88,7 @@ in {
};
services.postgresqlBackup = {
databases = ["gitea"];
databases = [ "gitea" ];
};
services.nginx = {

12
services/jellyfin.nix
View file

@ -1,11 +1,7 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
{ config, lib, pkgs, ... }:
let
inherit (lib)
mkEnableOption
mkIf
;

28
services/lohr.nix
View file

@ -1,11 +1,7 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
{ config, lib, pkgs, ... }:
let
inherit (lib)
mkEnableOption
mkIf
mkOption
@ -15,14 +11,14 @@
my = config.my;
domain = config.networking.domain;
secrets = config.my.secrets;
lohrPkg = let
lohrPkg =
let
flake = builtins.getFlake "github:alarsyo/lohr?rev=58503cc8b95c8b627f6ae7e56740609e91f323cd";
in
flake.defaultPackage."x86_64-linux"; # FIXME: use correct system
in {
options.my.services.lohr = let
inherit (lib) types;
in {
in
{
options.my.services.lohr = let inherit (lib) types; in {
enable = mkEnableOption "Lohr Mirroring Daemon";
home = mkOption {
@ -42,7 +38,7 @@ in {
config = mkIf cfg.enable {
systemd.services.lohr = {
wantedBy = ["multi-user.target"];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Environment = [
"ROCKET_PORT=${toString cfg.port}"
@ -56,7 +52,7 @@ in {
User = "lohr";
Group = "lohr";
};
path = [pkgs.git];
path = [ pkgs.git ];
};
users.users.lohr = {
@ -65,7 +61,7 @@ in {
createHome = true;
group = "lohr";
};
users.groups.lohr = {};
users.groups.lohr = { };
services.nginx.virtualHosts = {
"lohr.${domain}" = {

96
services/matrix.nix
View file

@ -7,14 +7,10 @@
# - https://github.com/delroth/infra.delroth.net/blob/master/roles/matrix-synapse.nix
# - https://nixos.org/manual/nixos/stable/index.html#module-services-matrix
#
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
{ config, lib, pkgs, ... }:
let
inherit (lib)
mkEnableOption
mkIf
mkOption
@ -24,19 +20,11 @@
cfg = config.my.services.matrix;
my = config.my;
federationPort = {
public = 8448;
private = 11338;
};
clientPort = {
public = 443;
private = 11339;
};
federationPort = { public = 8448; private = 11338; };
clientPort = { public = 443; private = 11339; };
domain = config.networking.domain;
in {
options.my.services.matrix = let
inherit (lib) types;
in {
options.my.services.matrix = let inherit (lib) types; in {
enable = mkEnableOption "Matrix Synapse";
secretConfigFile = mkOption {
@ -53,7 +41,7 @@ in {
};
services.postgresqlBackup = {
databases = ["matrix-synapse"];
databases = [ "matrix-synapse" ];
};
services.matrix-synapse = {
@ -102,30 +90,20 @@ in {
listeners = [
# Federation
{
bind_addresses = ["::1"];
bind_addresses = [ "::1" ];
port = federationPort.private;
tls = false; # Terminated by nginx.
x_forwarded = true;
resources = [
{
names = ["federation"];
compress = false;
}
];
resources = [ { names = [ "federation" ]; compress = false; } ];
}
# Client
{
bind_addresses = ["::1"];
bind_addresses = [ "::1" ];
port = clientPort.private;
tls = false; # Terminated by nginx.
x_forwarded = true;
resources = [
{
names = ["client"];
compress = false;
}
];
resources = [ { names = [ "client" ]; compress = false; } ];
}
];
@ -149,7 +127,8 @@ in {
onlySSL = true;
useACMEHost = domain;
locations = let
locations =
let
proxyToClientPort = {
proxyPass = "http://[::1]:${toString clientPort.private}";
};
@ -164,17 +143,10 @@ in {
};
listen = [
{
addr = "0.0.0.0";
port = clientPort.public;
ssl = true;
}
{
addr = "[::]";
port = clientPort.public;
ssl = true;
}
{ addr = "0.0.0.0"; port = clientPort.public; ssl = true; }
{ addr = "[::]"; port = clientPort.public; ssl = true; }
];
};
# same as above, but listening on the federation port
@ -190,34 +162,29 @@ in {
};
listen = [
{
addr = "0.0.0.0";
port = federationPort.public;
ssl = true;
}
{
addr = "[::]";
port = federationPort.public;
ssl = true;
}
{ addr = "0.0.0.0"; port = federationPort.public; ssl = true; }
{ addr = "[::]"; port = federationPort.public; ssl = true; }
];
};
"${domain}" = {
forceSSL = true;
useACMEHost = domain;
locations."= /.well-known/matrix/server".extraConfig = let
server = {"m.server" = "matrix.${domain}:${toString federationPort.public}";};
locations."= /.well-known/matrix/server".extraConfig =
let
server = { "m.server" = "matrix.${domain}:${toString federationPort.public}"; };
in ''
add_header Content-Type application/json;
return 200 '${builtins.toJSON server}';
'';
locations."= /.well-known/matrix/client".extraConfig = let
locations."= /.well-known/matrix/client".extraConfig =
let
client = {
"m.homeserver" = {"base_url" = "https://matrix.${domain}";};
"m.identity_server" = {"base_url" = "https://vector.im";};
"m.homeserver" = { "base_url" = "https://matrix.${domain}"; };
"m.identity_server" = { "base_url" = "https://vector.im"; };
};
# ACAO required to allow element-web on any URL to request this json file
in ''
@ -260,7 +227,7 @@ in {
};
# For administration tools.
environment.systemPackages = [pkgs.matrix-synapse];
environment.systemPackages = [ pkgs.matrix-synapse ];
networking.firewall.allowedTCPPorts = [
clientPort.public
@ -269,11 +236,10 @@ in {
my.services.restic-backup = let
dataDir = config.services.matrix-synapse.dataDir;
in
mkIf cfg.enable {
paths = [dataDir];
in mkIf cfg.enable {
paths = [ dataDir ];
# this is just caching for other servers media, doesn't need backup
exclude = ["${dataDir}/media/remote_*"];
exclude = [ "${dataDir}/media/remote_*" ];
};
};
}

18
services/media.nix
View file

@ -1,21 +1,17 @@
{
config,
lib,
...
}: let
inherit
(lib)
{ config, lib, ... }:
let
inherit (lib)
mkIf
;
mediaServices = builtins.attrValues {
inherit
(config.my.services)
inherit (config.my.services)
jellyfin
transmission
;
};
needed = builtins.any (service: service.enable) mediaServices;
in {
config.users.groups.media = mkIf needed {};
in
{
config.users.groups.media = mkIf needed { };
}

18
services/miniflux.nix
View file

@ -1,11 +1,7 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
{ config, lib, pkgs, ... }:
let
inherit (lib)
mkEnableOption
mkIf
mkOption
@ -16,9 +12,7 @@
domain = config.networking.domain;
in {
options.my.services.miniflux = let
inherit (lib) types;
in {
options.my.services.miniflux = let inherit (lib) types; in {
enable = mkEnableOption "Serve a Miniflux instance";
adminCredentialsFile = mkOption {
@ -40,7 +34,7 @@ in {
# services.postgresql is automatically enabled by services.miniflux, let's
# back it up
services.postgresqlBackup = {
databases = ["miniflux"];
databases = [ "miniflux" ];
};
services.miniflux = {

26
services/monitoring.nix
View file

@ -1,11 +1,7 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
{ config, lib, pkgs, ... }:
let
inherit (lib)
mkEnableOption
mkIf
mkOption
@ -14,9 +10,7 @@
cfg = config.my.services.monitoring;
domain = config.networking.domain;
in {
options.my.services.monitoring = let
inherit (lib) types;
in {
options.my.services.monitoring = let inherit (lib) types; in {
enable = mkEnableOption "Enable monitoring";
domain = mkOption {
@ -80,7 +74,7 @@ in {
exporters = {
node = {
enable = true;
enabledCollectors = ["systemd"];
enabledCollectors = [ "systemd" ];
port = 9100;
listenAddress = "127.0.0.1";
};
@ -93,11 +87,9 @@ in {
scrapeConfigs = [
{
job_name = config.networking.hostName;
static_configs = [
{
targets = ["127.0.0.1:${toString config.services.prometheus.exporters.node.port}"];
}
];
static_configs = [{
targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" ];
}];
}
];
};

20
services/navidrome.nix
View file

@ -1,11 +1,7 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
{ config, lib, pkgs, ... }:
let
inherit (lib)
mkEnableOption
mkIf
mkOption
@ -15,9 +11,7 @@
cfg = config.my.services.navidrome;
domain = config.networking.domain;
in {
options.my.services.navidrome = let
inherit (lib) types;
in {
options.my.services.navidrome = let inherit (lib) types; in {
enable = mkEnableOption "Navidrome";
musicFolder = {
path = mkOption {
@ -40,8 +34,8 @@ in {
};
my.services.restic-backup = {
paths = ["/var/lib/navidrome"] ++ optional cfg.musicFolder.backup cfg.musicFolder.path;
exclude = ["/var/lib/navidrome/cache"];
paths = [ "/var/lib/navidrome" ] ++ optional cfg.musicFolder.backup cfg.musicFolder.path;
exclude = [ "/var/lib/navidrome/cache" ];
};
services.nginx.virtualHosts."music.${domain}" = {

34
services/nextcloud.nix
View file

@ -1,13 +1,9 @@
{
lib,
config,
pkgs,
...
}:
{ lib, config, pkgs, ... }:
# TODO: setup prometheus exporter
let
inherit
(lib)
inherit (lib)
mkEnableOption
mkIf
mkOption
@ -17,10 +13,9 @@ let
my = config.my;
domain = config.networking.domain;
dbName = "nextcloud";
in {
options.my.services.nextcloud = let
inherit (lib) types;
in {
in
{
options.my.services.nextcloud = let inherit (lib) types; in {
enable = mkEnableOption "NextCloud";
adminpassFile = mkOption {
@ -36,7 +31,7 @@ in {
services.postgresql = {
enable = true;
ensureDatabases = [dbName];
ensureDatabases = [ dbName ];
ensureUsers = [
{
name = "nextcloud";
@ -48,13 +43,13 @@ in {
};
# not handled by module
systemd.services.nextcloud-setup = {
requires = ["postgresql.service"];
after = ["postgresql.service"];
systemd.services.nextcloud-setup= {
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
};
services.postgresqlBackup = {
databases = [dbName];
databases = [ dbName ];
};
services.nextcloud = {
@ -92,9 +87,8 @@ in {
my.services.restic-backup = let
nextcloudHome = config.services.nextcloud.home;
in
mkIf cfg.enable {
paths = [nextcloudHome];
in mkIf cfg.enable {
paths = [ nextcloudHome ];
exclude = [
# borg can fail if *.part files disappear during backup
"${nextcloudHome}/data/*/uploads"

31
services/nginx.nix
View file

@ -1,20 +1,16 @@
# Part of config shamelessly stolen from:
#
# https://github.com/delroth/infra.delroth.net
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
{ config, lib, pkgs, ... }:
let
inherit (lib)
mkIf
;
in {
in
{
# Whenever something defines an nginx vhost, ensure that nginx defaults are
# properly set.
config = mkIf ((builtins.attrNames config.services.nginx.virtualHosts) != ["localhost"]) {
config = mkIf ((builtins.attrNames config.services.nginx.virtualHosts) != [ "localhost" ]) {
services.nginx = {
enable = true;
statusPage = true; # For monitoring scraping.
@ -25,7 +21,7 @@ in {
recommendedProxySettings = true;
};
networking.firewall.allowedTCPPorts = [80 443];
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.prometheus = {
exporters.nginx = {
@ -36,14 +32,12 @@ in {
scrapeConfigs = [
{
job_name = "nginx";
static_configs = [
{
targets = ["127.0.0.1:${toString config.services.prometheus.exporters.nginx.port}"];
static_configs = [{
targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.nginx.port}" ];
labels = {
instance = config.networking.hostName;
};
}
];
}];
}
];
};
@ -52,12 +46,13 @@ in {
acceptTerms = true;
defaults.email = "antoine97.martin@gmail.com";
certs = let
certs =
let
domain = config.networking.domain;
gandiKey = config.my.secrets.gandiKey;
in {
"${domain}" = {
extraDomainNames = ["*.${domain}"];
extraDomainNames = [ "*.${domain}" ];
dnsProvider = "gandiv5";
credentialsFile = config.age.secrets."gandi/api-key".path;
group = "nginx";

14
services/nuage.nix
View file

@ -1,17 +1,15 @@
{
config,
lib,
...
}: let
inherit
(lib)
{ config, lib, ... }:
let
inherit (lib)
mkEnableOption
mkIf
;
cfg = config.my.services.nuage;
my = config.my;
in {
in
{
options.my.services.nuage = {
enable = mkEnableOption "Nuage redirect";
};

23
services/paperless.nix
View file

@ -1,11 +1,7 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
{ config, lib, pkgs, ... }:
let
inherit (lib)
mkEnableOption
mkIf
mkOption
@ -15,10 +11,9 @@
my = config.my;
domain = config.networking.domain;
paperlessDomain = "paperless.${domain}";
in {
options.my.services.paperless = let
inherit (lib) types;
in {
in
{
options.my.services.paperless = let inherit (lib) types; in {
enable = mkEnableOption "Paperless";
port = mkOption {
@ -82,7 +77,7 @@ in {
services.postgresql = {
enable = true;
ensureDatabases = ["paperless"];
ensureDatabases = [ "paperless" ];
ensureUsers = [
{
name = "paperless";
@ -93,7 +88,7 @@ in {
systemd.services.paperless-ng-server = {
# Make sure the DB is available
after = ["postgresql.service"];
after = [ "postgresql.service" ];
};
services.nginx.virtualHosts = {

18
services/pipewire.nix
View file

@ -1,12 +1,7 @@
{
config,
lib,
pkgs,
options,
...
}: let
inherit
(lib)
{ config, lib, pkgs, options, ... }:
let
inherit (lib)
mkEnableOption
mkIf
optionalAttrs
@ -14,7 +9,8 @@
cfg = config.my.services.pipewire;
my = config.my;
in {
in
{
options.my.services.pipewire = {
enable = mkEnableOption "Pipewire sound backend";
};
@ -41,6 +37,6 @@ in {
# FIXME: a shame pactl isn't available by itself, eventually this should be
# replaced by pw-cli or a wrapper, I guess?
environment.systemPackages = [pkgs.pulseaudio];
environment.systemPackages = [ pkgs.pulseaudio ];
});
}

17
services/postgresql-backup.nix
View file

@ -1,11 +1,7 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
{ config, lib, pkgs, ... }:
let
inherit (lib)
mkEnableOption
mkIf
;
@ -24,11 +20,12 @@ in {
};
my.services.restic-backup = mkIf cfg.enable {
paths = ["/var/backup/postgresql"];
paths = [ "/var/backup/postgresql" ];
# no need to store previously backed up files, as borg does the snapshoting
# for us
exclude = ["/var/backup/postgresql/*.prev.sql.gz"];
exclude = [ "/var/backup/postgresql/*.prev.sql.gz" ];
};
};
}

5
services/postgresql.nix
View file

@ -1,8 +1,5 @@
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
# set postgresql version so we don't get any bad surprise
config.services.postgresql = {
package = pkgs.postgresql_13;

26
services/restic-backup.nix
View file

@ -1,11 +1,7 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
{ config, lib, pkgs, ... }:
let
inherit (lib)
attrsets
concatStringsSep
mkEnableOption
@ -19,9 +15,7 @@
makePruneOpts = pruneOpts:
attrsets.mapAttrsToList (name: value: "--keep-${name} ${toString value}") pruneOpts;
in {
options.my.services.restic-backup = let
inherit (lib) types;
in {
options.my.services.restic-backup = let inherit (lib) types; in {
enable = mkEnableOption "Enable Restic backups for this host";
repo = mkOption {
@ -29,11 +23,12 @@ in {
default = null;
example = "/mnt/hdd";
description = "Restic backup repo";
};
paths = mkOption {
type = types.listOf types.str;
default = [];
default = [ ];
example = [
"/var/lib"
"/home"
@ -43,7 +38,7 @@ in {
exclude = mkOption {
type = types.listOf types.str;
default = [];
default = [ ];
example = [
# very large paths
"/var/lib/docker"
@ -86,7 +81,7 @@ in {
};
config = mkIf cfg.enable {
environment.systemPackages = [pkgs.restic];
environment.systemPackages = [ pkgs.restic ];
services.restic.backups.backblaze = {
initialize = true;
@ -97,8 +92,7 @@ in {
passwordFile = cfg.passwordFile;
environmentFile = cfg.environmentFile;
extraBackupArgs =
["--verbose=2"]
extraBackupArgs = [ "--verbose=2" ]
++ optional (builtins.length cfg.exclude != 0) excludeArg;
timerConfig = cfg.timerConfig;

19
services/tailscale.nix
View file

@ -1,17 +1,14 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
{ config, lib, pkgs, ... }:
let
inherit (lib)
mkEnableOption
mkIf
;
cfg = config.my.services.tailscale;
in {
in
{
options.my.services.tailscale = {
enable = mkEnableOption "Tailscale";
@ -26,8 +23,8 @@ in {
};
networking.firewall = {
trustedInterfaces = ["tailscale0"];
allowedUDPPorts = [config.services.tailscale.port];
trustedInterfaces = [ "tailscale0" ];
allowedUDPPorts = [ config.services.tailscale.port ];
};
# enable IP forwarding to use as exit node

14
services/tgv.nix
View file

@ -1,17 +1,15 @@
{
config,
lib,
...
}: let
inherit
(lib)
{ config, lib, ... }:
let
inherit (lib)
mkEnableOption
mkIf
;
cfg = config.my.services.tgv;
my = config.my;
in {
in
{
options.my.services.tgv = {
enable = mkEnableOption "TGV redirect";
};

23
services/transmission.nix
View file

@ -1,10 +1,6 @@
{
config,
lib,
...
}: let
inherit
(lib)
{ config, lib, ... }:
let
inherit (lib)
mkEnableOption
mkIf
mkOption
@ -20,10 +16,9 @@
transmissionPeerPort = 30251;
downloadBase = "/media/torrents/";
in {
options.my.services.transmission = let
inherit (lib) types;
in {
in
{
options.my.services.transmission = let inherit (lib) types; in {
enable = mkEnableOption "Transmission torrent client";
username = mkOption {
@ -42,8 +37,7 @@ in {
};
config = mkIf cfg.enable {
services.transmission =
{
services.transmission = {
enable = true;
group = "media";
@ -66,8 +60,7 @@ in {
# automatically allow transmission.settings.peer-port
openFirewall = true;
}
// (optionalAttrs (cfg.secretConfigFile != null) {
} // (optionalAttrs (cfg.secretConfigFile != null) {
credentialsFile = cfg.secretConfigFile;
});

23
services/vaultwarden.nix
View file

@ -1,11 +1,7 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
{ config, lib, pkgs, ... }:
let
inherit (lib)
mkEnableOption
mkIf
mkOption
@ -16,9 +12,7 @@
domain = config.networking.domain;
in {
options.my.services.vaultwarden = let
inherit (lib) types;
in {
options.my.services.vaultwarden = let inherit (lib) types; in {
enable = mkEnableOption "Vaultwarden";
privatePort = mkOption {
@ -42,7 +36,7 @@ in {
};
services.postgresqlBackup = {
databases = ["vaultwarden"];
databases = [ "vaultwarden" ];
};
services.vaultwarden = {
@ -88,8 +82,8 @@ in {
# FIXME: should be renamed to vaultwarden eventually
my.services.restic-backup = mkIf cfg.enable {
paths = ["/var/lib/bitwarden_rs"];
exclude = ["/var/lib/bitwarden_rs/icon_cache"];
paths = [ "/var/lib/bitwarden_rs" ];
exclude = [ "/var/lib/bitwarden_rs/icon_cache" ];
};
services.fail2ban.jails = {
@ -125,4 +119,5 @@ in {
'';
};
};
}

3
zephyrus.nix
View file

@ -1,4 +1,5 @@
{...}: {
{ ... }:
{
imports = [
# Default configuration
./base