Compare commits

...

2 commits

Author SHA1 Message Date
Antoine Martin 4f0d45e4d5 format all code with alejandra 2022-04-10 11:54:58 +02:00
Antoine Martin fa0cda2673 base: add alejandra to CLI programs 2022-04-10 11:40:52 +02:00
89 changed files with 1606 additions and 1298 deletions

View file

@ -1,5 +1,4 @@
{ ... }: {...}: {
{
imports = [ imports = [
./gui-programs.nix ./gui-programs.nix
./networking.nix ./networking.nix

View file

@ -1,12 +1,17 @@
{ pkgs, lib, config, options, ... }: {
let pkgs,
inherit (lib) lib,
config,
options,
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
optional optional
; ;
in in {
{
options.my.gui = { options.my.gui = {
enable = mkEnableOption "System has some kind of screen attached"; enable = mkEnableOption "System has some kind of screen attached";
isNvidia = mkEnableOption "System a NVIDIA GPU"; isNvidia = mkEnableOption "System a NVIDIA GPU";
@ -19,8 +24,10 @@ in
xserver = { xserver = {
enable = true; enable = true;
# NOTE: could use `mkOptionDefault` but this feels more explicit # NOTE: could use `mkOptionDefault` but this feels more explicit
videoDrivers = if config.my.gui.isNvidia then [ "nvidia" ] videoDrivers =
else options.services.xserver.videoDrivers.default; if config.my.gui.isNvidia
then ["nvidia"]
else options.services.xserver.videoDrivers.default;
windowManager.i3.enable = true; windowManager.i3.enable = true;
layout = "fr"; layout = "fr";
xkbVariant = "us"; xkbVariant = "us";
@ -31,7 +38,8 @@ in
}; };
environment.systemPackages = builtins.attrValues { environment.systemPackages = builtins.attrValues {
inherit (pkgs) inherit
(pkgs)
element-desktop element-desktop
feh feh
firefox firefox
@ -48,7 +56,7 @@ in
thunderbird thunderbird
virt-manager virt-manager
zathura zathura
; ;
inherit (pkgs.gnome) nautilus; inherit (pkgs.gnome) nautilus;
@ -60,11 +68,11 @@ in
dispatcherScripts = [ dispatcherScripts = [
{ {
source = source = let
let grep = "${pkgs.gnugrep}/bin/grep";
grep = "${pkgs.gnugrep}/bin/grep"; nmcli = "${pkgs.networkmanager}/bin/nmcli";
nmcli = "${pkgs.networkmanager}/bin/nmcli"; in
in pkgs.writeShellScript "disable_wifi_on_ethernet" '' pkgs.writeShellScript "disable_wifi_on_ethernet" ''
export LC_ALL=C export LC_ALL=C
enable_disable_wifi () enable_disable_wifi ()

View file

@ -1,11 +1,10 @@
{ lib, ... }: {lib, ...}: let
let inherit
inherit (lib) (lib)
mkOption mkOption
types types
; ;
in in {
{
options.my.networking.externalInterface = mkOption { options.my.networking.externalInterface = mkOption {
type = types.nullOr types.str; type = types.nullOr types.str;
default = null; default = null;

View file

@ -1,13 +1,12 @@
{ pkgs, ... }: {pkgs, ...}: {
{
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
nix = { nix = {
package = pkgs.nixStable; package = pkgs.nixStable;
settings = { settings = {
experimental-features = [ "nix-command" "flakes" ]; experimental-features = ["nix-command" "flakes"];
trusted-users = [ "@wheel" ]; trusted-users = ["@wheel"];
substituters = [ substituters = [
"https://alarsyo.cachix.org" "https://alarsyo.cachix.org"
"https://nix-community.cachix.org" "https://nix-community.cachix.org"

View file

@ -1,5 +1,4 @@
{ pkgs, ... }: {pkgs, ...}: {
{
programs = { programs = {
fish.enable = true; fish.enable = true;
gnupg.agent = { gnupg.agent = {
@ -20,8 +19,10 @@
}; };
environment.systemPackages = builtins.attrValues { environment.systemPackages = builtins.attrValues {
inherit (pkgs) inherit
(pkgs)
# shell usage # shell usage
fd fd
ripgrep ripgrep
sd sd
@ -29,8 +30,9 @@
tokei tokei
tree tree
wget wget
# development # development
alejandra
git git
git-crypt git-crypt
git-lfs git-lfs
@ -40,8 +42,8 @@
pinentry-gnome pinentry-gnome
python3 python3
vim vim
# terminal utilities # terminal utilities
bottom bottom
dogdns dogdns
du-dust du-dust
@ -50,16 +52,16 @@
tealdeer tealdeer
unzip unzip
zip zip
# nix pkgs lookup # nix pkgs lookup
nix-index nix-index
agenix agenix
; ;
inherit (pkgs.llvmPackages_11) inherit
(pkgs.llvmPackages_11)
bintools bintools
clang clang
; ;
}; };
} }

View file

@ -1,8 +1,11 @@
{ config, lib, pkgs, ... }:
let
secrets = config.my.secrets;
in
{ {
config,
lib,
pkgs,
...
}: let
secrets = config.my.secrets;
in {
users.mutableUsers = false; users.mutableUsers = false;
users.users.root = { users.users.root = {
passwordFile = config.age.secrets."users/root-hashed-password".path; passwordFile = config.age.secrets."users/root-hashed-password".path;

View file

@ -1,5 +1,4 @@
{ ... }: {...}: {
{
imports = [ imports = [
# Default configuration # Default configuration
./base ./base

171
flake.nix
View file

@ -51,104 +51,121 @@
}; };
}; };
outputs = { self, nixpkgs, home-manager, agenix, ... } @inputs: { outputs = {
nixosModules = { self,
home = { nixpkgs,
home-manager.useGlobalPkgs = true; home-manager,
home-manager.useUserPackages = true; agenix,
home-manager.users.alarsyo = import ./home; ...
home-manager.verbose = true; } @ inputs:
{
nixosModules = {
home = {
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.alarsyo = import ./home;
home-manager.verbose = true;
};
nix-path = {
nix.nixPath = [
"nixpkgs=${inputs.nixpkgs}"
];
};
}; };
nix-path = {
nix.nixPath = [
"nixpkgs=${inputs.nixpkgs}"
];
};
};
overlays = import ./overlays; overlays = import ./overlays;
nixosConfigurations = nixosConfigurations = let
let
system = "x86_64-linux"; system = "x86_64-linux";
shared_overlays = [ shared_overlays =
(self: super: { [
packages = import ./pkgs { pkgs = super; }; (self: super: {
packages = import ./pkgs {pkgs = super;};
# packages accessible through pkgs.unstable.package # packages accessible through pkgs.unstable.package
unstable = import inputs.nixpkgs-unstable-small { unstable = import inputs.nixpkgs-unstable-small {
inherit system; inherit system;
config.allowUnfree = true; config.allowUnfree = true;
}; };
})
}) agenix.overlay
]
agenix.overlay ++ builtins.attrValues self.overlays;
] ++ builtins.attrValues self.overlays; sharedModules =
sharedModules = [ [
agenix.nixosModule agenix.nixosModule
home-manager.nixosModule home-manager.nixosModule
{ nixpkgs.overlays = shared_overlays; } {nixpkgs.overlays = shared_overlays;}
] ++ (nixpkgs.lib.attrValues self.nixosModules); ]
++ (nixpkgs.lib.attrValues self.nixosModules);
in { in {
poseidon = nixpkgs.lib.nixosSystem rec { poseidon = nixpkgs.lib.nixosSystem rec {
inherit system; inherit system;
modules = [ modules =
./poseidon.nix [
] ++ sharedModules; ./poseidon.nix
]
++ sharedModules;
}; };
boreal = nixpkgs.lib.nixosSystem rec { boreal = nixpkgs.lib.nixosSystem rec {
inherit system; inherit system;
modules = [ modules =
./boreal.nix [
./boreal.nix
{ {
nixpkgs.overlays = [ nixpkgs.overlays = [
inputs.emacs-overlay.overlay inputs.emacs-overlay.overlay
# uncomment this to build everything from scratch, fun but takes a # uncomment this to build everything from scratch, fun but takes a
# while # while
# #
# (self: super: { # (self: super: {
# stdenv = super.impureUseNativeOptimizations super.stdenv; # stdenv = super.impureUseNativeOptimizations super.stdenv;
# }) # })
]; ];
} }
] ++ sharedModules; ]
++ sharedModules;
}; };
zephyrus = nixpkgs.lib.nixosSystem rec { zephyrus = nixpkgs.lib.nixosSystem rec {
inherit system; inherit system;
modules = [ modules =
./zephyrus.nix [
./zephyrus.nix
inputs.nixos-hardware.nixosModules.common-cpu-intel inputs.nixos-hardware.nixosModules.common-cpu-intel
inputs.nixos-hardware.nixosModules.common-pc-laptop inputs.nixos-hardware.nixosModules.common-pc-laptop
inputs.nixos-hardware.nixosModules.common-pc-ssd inputs.nixos-hardware.nixosModules.common-pc-ssd
{ {
nixpkgs.overlays = [ nixpkgs.overlays = [
inputs.emacs-overlay.overlay inputs.emacs-overlay.overlay
]; ];
} }
] ++ sharedModules; ]
++ sharedModules;
}; };
}; };
} // inputs.flake-utils.lib.eachDefaultSystem (system: { }
packages = // inputs.flake-utils.lib.eachDefaultSystem (system: {
( packages =
inputs.flake-utils.lib.flattenTree (
(import ./pkgs { pkgs = import nixpkgs { inherit system; }; }) inputs.flake-utils.lib.flattenTree
) // { (import ./pkgs {pkgs = import nixpkgs {inherit system;};})
emacsPgtkGcc = ( )
import nixpkgs { // {
inherit system; emacsPgtkGcc =
overlays = [ inputs.emacs-overlay.overlay ]; (
} import nixpkgs {
).emacsPgtkGcc; inherit system;
}; overlays = [inputs.emacs-overlay.overlay];
}); }
)
.emacsPgtkGcc;
};
});
} }

View file

@ -1,15 +1,19 @@
{ config, lib, pkgs, ... }: {
let config,
inherit (lib) lib,
pkgs,
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
; ;
cfg = config.my.home.alacritty; cfg = config.my.home.alacritty;
alacrittyTheme = config.my.theme.alacrittyTheme; alacrittyTheme = config.my.theme.alacrittyTheme;
in in {
{ options.my.home.alacritty.enable = (mkEnableOption "Alacritty terminal") // {default = config.my.home.x.enable;};
options.my.home.alacritty.enable = (mkEnableOption "Alacritty terminal") // { default = config.my.home.x.enable; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
programs.alacritty = { programs.alacritty = {
@ -39,7 +43,7 @@ in
}; };
}; };
home.packages = [ pkgs.iosevka-bin ]; home.packages = [pkgs.iosevka-bin];
# make sure font is discoverable # make sure font is discoverable
fonts.fontconfig.enable = true; fonts.fontconfig.enable = true;

View file

@ -1,16 +1,19 @@
{ config, lib, ... }: {
let config,
inherit (lib) lib,
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
; ;
cfg = config.my.home.bat; cfg = config.my.home.bat;
batTheme = config.my.theme.batTheme; batTheme = config.my.theme.batTheme;
in in {
{
options.my.home.bat = { options.my.home.bat = {
enable = (mkEnableOption "bat code display tool") // { default = true; }; enable = (mkEnableOption "bat code display tool") // {default = true;};
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {

View file

@ -1,5 +1,4 @@
{ ... }: {...}: {
{
imports = [ imports = [
./alacritty.nix ./alacritty.nix
./bat.nix ./bat.nix

View file

@ -1,30 +1,35 @@
{ config, lib, pkgs, ... }: {
let config,
inherit (lib) lib,
pkgs,
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
; ;
in in {
{
options.my.home.emacs = { options.my.home.emacs = {
enable = mkEnableOption "Emacs daemon configuration"; enable = mkEnableOption "Emacs daemon configuration";
}; };
config = mkIf config.my.home.emacs.enable { config = mkIf config.my.home.emacs.enable {
home.sessionPath = ["${config.xdg.configHome}/emacs/bin"];
home.sessionPath = [ "${config.xdg.configHome}/emacs/bin" ];
home.sessionVariables = { home.sessionVariables = {
EDITOR = "emacsclient -t"; EDITOR = "emacsclient -t";
}; };
home.packages = builtins.attrValues { home.packages = builtins.attrValues {
inherit (pkgs) inherit
(pkgs)
sqlite # needed by org-roam sqlite # needed by org-roam
# fonts used by my config # fonts used by my config
emacs-all-the-icons-fonts emacs-all-the-icons-fonts
iosevka-bin iosevka-bin
; ;
}; };
# make sure above fonts are discoverable # make sure above fonts are discoverable
fonts.fontconfig.enable = true; fonts.fontconfig.enable = true;

View file

@ -1,5 +1,4 @@
{ config, ... }: {config, ...}: {
{
home.sessionPath = [ home.sessionPath = [
"${config.home.homeDirectory}/.cargo/bin" "${config.home.homeDirectory}/.cargo/bin"
"${config.home.homeDirectory}/.local/bin" "${config.home.homeDirectory}/.local/bin"

View file

@ -1,15 +1,19 @@
{ config, lib, pkgs, ... }: {
let config,
inherit (lib) lib,
pkgs,
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
; ;
cfg = config.my.home.firefox; cfg = config.my.home.firefox;
in in {
{
options.my.home.firefox = { options.my.home.firefox = {
enable = (mkEnableOption "firefox config") // { default = config.my.home.x.enable; }; enable = (mkEnableOption "firefox config") // {default = config.my.home.x.enable;};
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {

View file

@ -1,14 +1,17 @@
{ config, lib, ... }: {
let config,
inherit (lib) lib,
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
; ;
cfg = config.my.home.fish; cfg = config.my.home.fish;
in in {
{ options.my.home.fish.enable = (mkEnableOption "Fish shell") // {default = true;};
options.my.home.fish.enable = (mkEnableOption "Fish shell") // { default = true; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
home.sessionVariables = { home.sessionVariables = {
@ -21,6 +24,6 @@ in
enable = true; enable = true;
}; };
xdg.configFile."fish/functions" = { source = ./. + "/functions"; }; xdg.configFile."fish/functions" = {source = ./. + "/functions";};
}; };
} }

View file

@ -1,13 +1,16 @@
{ config, lib, ... }: {
let config,
inherit (lib) lib,
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
; ;
cfg = config.my.home.flameshot; cfg = config.my.home.flameshot;
in in {
{
options.my.home.flameshot = { options.my.home.flameshot = {
enable = mkEnableOption "flameshot autolaunch"; enable = mkEnableOption "flameshot autolaunch";
}; };

View file

@ -1,14 +1,18 @@
{ config, lib, pkgs, ... }: {
let config,
inherit (lib) lib,
pkgs,
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
; ;
cfg = config.my.home.git; cfg = config.my.home.git;
in in {
{ options.my.home.git.enable = (mkEnableOption "Git configuration") // {default = true;};
options.my.home.git.enable = (mkEnableOption "Git configuration") // { default = true; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
programs.git = { programs.git = {
@ -26,11 +30,11 @@ in
userName = "Antoine Martin"; userName = "Antoine Martin";
extraConfig = { extraConfig = {
commit = { verbose = true; }; commit = {verbose = true;};
core = { editor = "vim"; }; core = {editor = "vim";};
init = { defaultBranch = "main"; }; init = {defaultBranch = "main";};
pull = { rebase = true; }; pull = {rebase = true;};
rerere = { enabled = true; }; rerere = {enabled = true;};
}; };
aliases = { aliases = {
@ -42,15 +46,15 @@ in
includes = [ includes = [
{ {
condition = "gitdir:~/work/lrde/"; condition = "gitdir:~/work/lrde/";
contents = { user = { email = "amartin@lrde.epita.fr"; }; }; contents = {user = {email = "amartin@lrde.epita.fr";};};
} }
{ {
condition = "gitdir:~/work/prologin/"; condition = "gitdir:~/work/prologin/";
contents = { user = { email = "antoine.martin@prologin.org"; }; }; contents = {user = {email = "antoine.martin@prologin.org";};};
} }
{ {
condition = "gitdir:~/work/epita/"; condition = "gitdir:~/work/epita/";
contents = { user = { email = "antoine4.martin@epita.fr"; }; }; contents = {user = {email = "antoine4.martin@epita.fr";};};
} }
]; ];
}; };

View file

@ -1,10 +1,13 @@
{ config, lib, ... }:
let
inherit (lib)
mkEnableOption
;
in
{ {
config,
lib,
...
}: let
inherit
(lib)
mkEnableOption
;
in {
options.my.home.laptop = { options.my.home.laptop = {
enable = mkEnableOption "Laptop settings"; enable = mkEnableOption "Laptop settings";
}; };

View file

@ -1,25 +1,28 @@
{ config, lib, ... }: {
let config,
inherit (lib) lib,
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
; ;
cfg = config.my.home.lorri; cfg = config.my.home.lorri;
in in {
{
options.my.home.lorri = { options.my.home.lorri = {
enable = (mkEnableOption "lorri daemon setup") // { default = true; }; enable = (mkEnableOption "lorri daemon setup") // {default = true;};
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.lorri.enable = true; services.lorri.enable = true;
programs.direnv = { programs.direnv = {
enable = true;
# FIXME: proper file, not lorri.nix
nix-direnv = {
enable = true; enable = true;
# FIXME: proper file, not lorri.nix };
nix-direnv = {
enable = true;
};
}; };
}; };
} }

View file

@ -1,22 +1,26 @@
{ config, lib, pkgs, ... }: {
let config,
inherit (lib) lib,
pkgs,
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
; ;
myName = "Antoine Martin"; myName = "Antoine Martin";
email_perso = "antoine@alarsyo.net"; email_perso = "antoine@alarsyo.net";
email_lrde = "amartin@lrde.epita.fr"; email_lrde = "amartin@lrde.epita.fr";
cfg = config.my.home.mail; cfg = config.my.home.mail;
in in {
{
options.my.home.mail = { options.my.home.mail = {
# I *could* read email in a terminal emacs client on a server, but in # I *could* read email in a terminal emacs client on a server, but in
# practice I don't think it'll happen very often, so let's enable this only # practice I don't think it'll happen very often, so let's enable this only
# when I'm on a machine with a Xorg server. # when I'm on a machine with a Xorg server.
enable = (mkEnableOption "email configuration") // { default = config.my.home.x.enable; }; enable = (mkEnableOption "email configuration") // {default = config.my.home.x.enable;};
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {

View file

@ -1,14 +1,18 @@
{ config, lib, pkgs, ... }: {
let config,
inherit (lib) lib,
pkgs,
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
; ;
cfg = config.my.home.mail; cfg = config.my.home.mail;
in in {
{
options.my.home.rbw = { options.my.home.rbw = {
enable = (mkEnableOption "rbw configuration"); enable = mkEnableOption "rbw configuration";
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {

View file

@ -1,15 +1,19 @@
{ config, lib, pkgs, ... }: {
let config,
inherit (lib) lib,
pkgs,
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
; ;
cfg = config.my.home.rofi; cfg = config.my.home.rofi;
in in {
{
options.my.home.rofi = { options.my.home.rofi = {
enable = (mkEnableOption "rofi configuration") // { default = config.my.home.x.enable; }; enable = (mkEnableOption "rofi configuration") // {default = config.my.home.x.enable;};
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {

View file

@ -1,15 +1,18 @@
{ config, lib, ... }: {
let config,
inherit (lib) lib,
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
; ;
cfg = config.my.home.ssh; cfg = config.my.home.ssh;
in in {
{
options.my.home.ssh = { options.my.home.ssh = {
enable = (mkEnableOption "ssh configuration") // { default = true; }; enable = (mkEnableOption "ssh configuration") // {default = true;};
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
@ -17,8 +20,8 @@ in
enable = true; enable = true;
matchBlocks = { matchBlocks = {
boreal = { hostname = "boreal.alarsyo.net"; }; boreal = {hostname = "boreal.alarsyo.net";};
poseidon = { hostname = "poseidon.alarsyo.net"; }; poseidon = {hostname = "poseidon.alarsyo.net";};
pi = { pi = {
hostname = "pi.alarsyo.net"; hostname = "pi.alarsyo.net";
user = "pi"; user = "pi";

View file

@ -1,11 +1,11 @@
{ lib }: {lib}: let
let inherit
inherit (lib) (lib)
mkOption mkOption
types types
; ;
mkColorOption = import ./color.nix { inherit lib; }; mkColorOption = import ./color.nix {inherit lib;};
primaryColorModule = types.submodule { primaryColorModule = types.submodule {
options = { options = {
@ -34,60 +34,60 @@ let
}; };
}; };
in in
types.submodule { types.submodule {
options = { options = {
primary = mkOption { primary = mkOption {
type = primaryColorModule; type = primaryColorModule;
default = { default = {
foreground = "#c5c8c6"; foreground = "#c5c8c6";
background = "#1d1f21"; background = "#1d1f21";
};
};
cursor = mkOption {
type = cursorColorModule;
default = {
text = "#1d1f21";
cursor = "#c5c8c6";
};
};
normal = mkOption {
type = rainbowColorModule;
default = {
black = "#1d1f21";
red = "#cc6666";
green = "#b5bd68";
yellow = "#f0c674";
blue = "#81a2be";
magenta = "#b294bb";
cyan = "#8abeb7";
white = "#c5c8c6";
};
};
bright = mkOption {
type = rainbowColorModule;
default = {
black = "#666666";
red = "#d54e53";
green = "#b9ca4a";
yellow = "#e7c547";
blue = "#7aa6da";
magenta = "#c397d8";
cyan = "#70c0b1";
white = "#eaeaea";
};
};
dim = mkOption {
type = rainbowColorModule;
default = {
black = "#131415";
red = "#864343";
green = "#777c44";
yellow = "#9e824c";
blue = "#556a7d";
magenta = "#75617b";
cyan = "#5b7d78";
white = "#828482";
};
}; };
}; };
cursor = mkOption { }
type = cursorColorModule;
default = {
text = "#1d1f21";
cursor = "#c5c8c6";
};
};
normal = mkOption {
type = rainbowColorModule;
default = {
black = "#1d1f21";
red = "#cc6666";
green = "#b5bd68";
yellow = "#f0c674";
blue = "#81a2be";
magenta = "#b294bb";
cyan = "#8abeb7";
white = "#c5c8c6";
};
};
bright = mkOption {
type = rainbowColorModule;
default = {
black = "#666666";
red = "#d54e53";
green = "#b9ca4a";
yellow = "#e7c547";
blue = "#7aa6da";
magenta = "#c397d8";
cyan = "#70c0b1";
white = "#eaeaea";
};
};
dim = mkOption {
type = rainbowColorModule;
default = {
black = "#131415";
red = "#864343";
green = "#777c44";
yellow = "#9e824c";
blue = "#556a7d";
magenta = "#75617b";
cyan = "#5b7d78";
white = "#828482";
};
};
};
}

View file

@ -1,15 +1,15 @@
{ lib }: {lib}: let
let inherit
inherit (lib) (lib)
mkOption mkOption
types types
; ;
in in
types.submodule { types.submodule {
options = { options = {
name = mkOption { name = mkOption {
type = types.str; type = types.str;
default = ""; default = "";
};
}; };
}; }
}

View file

@ -1,14 +1,18 @@
{ lib }: {lib}: let
let inherit
inherit (lib) (lib)
mkOption mkOption
types types
; ;
mkColorOption = {default ? "#000000", description ? "" }: mkOption { mkColorOption = {
inherit description default; default ? "#000000",
example = "#abcdef"; description ? "",
type = types.strMatching "#[0-9a-f]{6}"; }:
}; mkOption {
inherit description default;
example = "#abcdef";
type = types.strMatching "#[0-9a-f]{6}";
};
in in
mkColorOption mkColorOption

View file

@ -1,35 +1,38 @@
{ config, lib, ... }: {
let config,
inherit (lib) lib,
...
}: let
inherit
(lib)
mkOption mkOption
types types
; ;
themeType = types.submodule { themeType = types.submodule {
options = { options = {
alacrittyTheme = mkOption { alacrittyTheme = mkOption {
type = import ./alacritty.nix { inherit lib; }; type = import ./alacritty.nix {inherit lib;};
default = {}; default = {};
}; };
batTheme = mkOption { batTheme = mkOption {
type = import ./bat.nix { inherit lib; }; type = import ./bat.nix {inherit lib;};
default = {}; default = {};
}; };
i3Theme = mkOption { i3Theme = mkOption {
type = import ./i3.nix { inherit lib; }; type = import ./i3.nix {inherit lib;};
default = {}; default = {};
}; };
i3BarTheme = mkOption { i3BarTheme = mkOption {
type = import ./i3bar.nix { inherit lib; }; type = import ./i3bar.nix {inherit lib;};
default = {}; default = {};
}; };
}; };
}; };
in in {
{
options.my.theme = mkOption { options.my.theme = mkOption {
type = themeType; type = themeType;
default = {}; default = {};
}; };
options.my.themes = mkOption { options.my.themes = mkOption {

View file

@ -1,11 +1,11 @@
{ lib }: {lib}: let
let inherit
inherit (lib) (lib)
mkOption mkOption
types types
; ;
mkColorOption = import ./color.nix { inherit lib; }; mkColorOption = import ./color.nix {inherit lib;};
barColorSetModule = types.submodule { barColorSetModule = types.submodule {
options = { options = {
@ -25,165 +25,164 @@ let
}; };
}; };
in in
types.submodule { types.submodule {
options = { options = {
bar = mkOption { bar = mkOption {
type = types.submodule { type = types.submodule {
options = { options = {
background = mkColorOption { background = mkColorOption {
default = "#000000"; default = "#000000";
description = "Background color of the bar."; description = "Background color of the bar.";
};
statusline = mkColorOption {
default = "#ffffff";
description = "Text color to be used for the statusline.";
};
separator = mkColorOption {
default = "#666666";
description = "Text color to be used for the separator.";
};
focusedWorkspace = mkOption {
type = barColorSetModule;
default = {
border = "#4c7899";
background = "#285577";
text = "#ffffff";
}; };
description = ''
Border, background and text color for a workspace button when the workspace has focus.
'';
};
activeWorkspace = mkOption { statusline = mkColorOption {
type = barColorSetModule; default = "#ffffff";
default = { description = "Text color to be used for the statusline.";
border = "#333333";
background = "#5f676a";
text = "#ffffff";
}; };
description = ''
Border, background and text color for a workspace button when the workspace is active.
'';
};
inactiveWorkspace = mkOption { separator = mkColorOption {
type = barColorSetModule; default = "#666666";
default = { description = "Text color to be used for the separator.";
border = "#333333";
background = "#222222";
text = "#888888";
}; };
description = ''
Border, background and text color for a workspace button when the workspace does not
have focus and is not active.
'';
};
urgentWorkspace = mkOption { focusedWorkspace = mkOption {
type = barColorSetModule; type = barColorSetModule;
default = { default = {
border = "#2f343a"; border = "#4c7899";
background = "#900000"; background = "#285577";
text = "#ffffff"; text = "#ffffff";
};
description = ''
Border, background and text color for a workspace button when the workspace has focus.
'';
}; };
description = ''
Border, background and text color for a workspace button when the workspace contains
a window with the urgency hint set.
'';
};
bindingMode = mkOption { activeWorkspace = mkOption {
type = barColorSetModule; type = barColorSetModule;
default = { default = {
border = "#2f343a"; border = "#333333";
background = "#900000"; background = "#5f676a";
text = "#ffffff"; text = "#ffffff";
};
description = ''
Border, background and text color for a workspace button when the workspace is active.
'';
};
inactiveWorkspace = mkOption {
type = barColorSetModule;
default = {
border = "#333333";
background = "#222222";
text = "#888888";
};
description = ''
Border, background and text color for a workspace button when the workspace does not
have focus and is not active.
'';
};
urgentWorkspace = mkOption {
type = barColorSetModule;
default = {
border = "#2f343a";
background = "#900000";
text = "#ffffff";
};
description = ''
Border, background and text color for a workspace button when the workspace contains
a window with the urgency hint set.
'';
};
bindingMode = mkOption {
type = barColorSetModule;
default = {
border = "#2f343a";
background = "#900000";
text = "#ffffff";
};
description = "Border, background and text color for the binding mode indicator";
}; };
description =
"Border, background and text color for the binding mode indicator";
}; };
}; };
default = {};
}; };
default = {}; background = mkOption {
}; type = types.str;
default = "#ffffff";
background = mkOption { description = ''
type = types.str; Background color of the window. Only applications which do not cover
default = "#ffffff"; the whole area expose the color.
description = '' '';
Background color of the window. Only applications which do not cover
the whole area expose the color.
'';
};
focused = mkOption {
type = colorSetModule;
default = {
border = "#4c7899";
background = "#285577";
text = "#ffffff";
indicator = "#2e9ef4";
childBorder = "#285577";
}; };
description = "A window which currently has the focus.";
};
focusedInactive = mkOption { focused = mkOption {
type = colorSetModule; type = colorSetModule;
default = { default = {
border = "#333333"; border = "#4c7899";
background = "#5f676a"; background = "#285577";
text = "#ffffff"; text = "#ffffff";
indicator = "#484e50"; indicator = "#2e9ef4";
childBorder = "#5f676a"; childBorder = "#285577";
};
description = "A window which currently has the focus.";
}; };
description = ''
A window which is the focused one of its container,
but it does not have the focus at the moment.
'';
};
unfocused = mkOption { focusedInactive = mkOption {
type = colorSetModule; type = colorSetModule;
default = { default = {
border = "#333333"; border = "#333333";
background = "#222222"; background = "#5f676a";
text = "#888888"; text = "#ffffff";
indicator = "#292d2e"; indicator = "#484e50";
childBorder = "#222222"; childBorder = "#5f676a";
};
description = ''
A window which is the focused one of its container,
but it does not have the focus at the moment.
'';
}; };
description = "A window which is not focused.";
};
urgent = mkOption { unfocused = mkOption {
type = colorSetModule; type = colorSetModule;
default = { default = {
border = "#2f343a"; border = "#333333";
background = "#900000"; background = "#222222";
text = "#ffffff"; text = "#888888";
indicator = "#900000"; indicator = "#292d2e";
childBorder = "#900000"; childBorder = "#222222";
};
description = "A window which is not focused.";
}; };
description = "A window which has its urgency hint activated.";
};
placeholder = mkOption { urgent = mkOption {
type = colorSetModule; type = colorSetModule;
default = { default = {
border = "#000000"; border = "#2f343a";
background = "#0c0c0c"; background = "#900000";
text = "#ffffff"; text = "#ffffff";
indicator = "#000000"; indicator = "#900000";
childBorder = "#0c0c0c"; childBorder = "#900000";
};
description = "A window which has its urgency hint activated.";
};
placeholder = mkOption {
type = colorSetModule;
default = {
border = "#000000";
background = "#0c0c0c";
text = "#ffffff";
indicator = "#000000";
childBorder = "#0c0c0c";
};
description = ''
Background and text color are used to draw placeholder window
contents (when restoring layouts). Border and indicator are ignored.
'';
}; };
description = ''
Background and text color are used to draw placeholder window
contents (when restoring layouts). Border and indicator are ignored.
'';
}; };
}; }
}

View file

@ -1,28 +1,28 @@
{ lib }: {lib}: let
let inherit
inherit (lib) (lib)
mkOption mkOption
types types
; ;
mkColorOption = import ./color.nix { inherit lib; }; mkColorOption = import ./color.nix {inherit lib;};
in in
types.submodule { types.submodule {
options = { options = {
theme = mkOption { theme = mkOption {
type = types.submodule { type = types.submodule {
options = { options = {
name = mkOption { name = mkOption {
type = types.str; type = types.str;
default = "plain"; default = "plain";
}; };
overrides = mkOption { overrides = mkOption {
type = types.attrsOf types.str; type = types.attrsOf types.str;
default = {}; default = {};
};
}; };
}; };
default = {};
}; };
default = {};
}; };
}; }
}

View file

@ -1,5 +1,6 @@
let let
inherit (import ./colors.nix) inherit
(import ./colors.nix)
base0 base0
base00 base00
base01 base01
@ -16,9 +17,8 @@ let
red red
violet violet
yellow yellow
; ;
in in {
{
primary = { primary = {
background = base3; background = base3;
foreground = base00; foreground = base00;

View file

@ -1,18 +1,18 @@
{ {
base03 = "#002b36"; # brblack base03 = "#002b36"; # brblack
base02 = "#073642"; # black base02 = "#073642"; # black
base01 = "#586e75"; # brgreen base01 = "#586e75"; # brgreen
base00 = "#657b83"; # bryellow base00 = "#657b83"; # bryellow
base0 = "#839496"; # brblue base0 = "#839496"; # brblue
base1 = "#93a1a1"; # brcyan base1 = "#93a1a1"; # brcyan
base2 = "#eee8d5"; # white base2 = "#eee8d5"; # white
base3 = "#fdf6e3"; # brwhite base3 = "#fdf6e3"; # brwhite
yellow = "#b58900"; # yellow yellow = "#b58900"; # yellow
orange = "#cb4b16"; # brred orange = "#cb4b16"; # brred
red = "#dc322f"; # red red = "#dc322f"; # red
magenta = "#d33682"; # magenta magenta = "#d33682"; # magenta
violet = "#6c71c4"; # brmagenta violet = "#6c71c4"; # brmagenta
blue = "#268bd2"; # blue blue = "#268bd2"; # blue
cyan = "#2aa198"; # cyan cyan = "#2aa198"; # cyan
green = "#859900"; # green green = "#859900"; # green
} }

View file

@ -1,5 +1,6 @@
let let
inherit (import ./colors.nix) inherit
(import ./colors.nix)
base00 base00
base2 base2
base3 base3
@ -8,9 +9,8 @@ let
orange orange
red red
yellow yellow
; ;
in in {
{
bar = { bar = {
background = base3; background = base3;
statusline = yellow; statusline = yellow;

View file

@ -1,5 +1,6 @@
let let
inherit (import ./colors.nix) inherit
(import ./colors.nix)
base00 base00
base2 base2
base3 base3
@ -7,9 +8,8 @@ let
green green
red red
yellow yellow
; ;
in in {
{
theme = { theme = {
name = "solarized-light"; name = "solarized-light";
overrides = { overrides = {

View file

@ -1,15 +1,19 @@
{ config, lib, pkgs, ... }: {
let config,
inherit (lib) lib,
pkgs,
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
; ;
cfg = config.my.home.tmux; cfg = config.my.home.tmux;
in in {
{
options.my.home.tmux = { options.my.home.tmux = {
enable = (mkEnableOption "tmux dotfiles") // { default = true; }; enable = (mkEnableOption "tmux dotfiles") // {default = true;};
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
@ -19,7 +23,9 @@ in
terminal = "screen-256color"; terminal = "screen-256color";
clock24 = true; clock24 = true;
plugins = let inherit (pkgs) tmuxPlugins; in [ plugins = let
inherit (pkgs) tmuxPlugins;
in [
{ {
plugin = tmuxPlugins.cpu; plugin = tmuxPlugins.cpu;
extraConfig = '' extraConfig = ''

View file

@ -1,15 +1,18 @@
{ config, lib, ... }: {
let config,
inherit (lib) lib,
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
; ;
cfg = config.my.home.tridactyl; cfg = config.my.home.tridactyl;
in in {
{
options.my.home.tridactyl = { options.my.home.tridactyl = {
enable = (mkEnableOption "tridactyl code display tool") // { default = config.my.home.firefox.enable; }; enable = (mkEnableOption "tridactyl code display tool") // {default = config.my.home.firefox.enable;};
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {

View file

@ -1,14 +1,18 @@
{ config, lib, pkgs, ... }: {
let config,
inherit (lib) lib,
pkgs,
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
; ;
cfg = config.my.home.x.cursor; cfg = config.my.home.x.cursor;
in in {
{ options.my.home.x.cursor.enable = (mkEnableOption "X cursor") // {default = config.my.home.x.enable;};
options.my.home.x.cursor.enable = (mkEnableOption "X cursor") // { default = config.my.home.x.enable; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
xsession.pointerCursor = { xsession.pointerCursor = {

View file

@ -1,10 +1,14 @@
{ config, lib, pkgs, ... }:
let
inherit (lib)
mkEnableOption
;
in
{ {
config,
lib,
pkgs,
...
}: let
inherit
(lib)
mkEnableOption
;
in {
imports = [ imports = [
./cursor.nix ./cursor.nix
./i3.nix ./i3.nix

View file

@ -1,9 +1,14 @@
{ config, lib, pkgs, ... }: {
let config,
inherit (lib) lib,
pkgs,
...
}: let
inherit
(lib)
mkIf mkIf
mkOptionDefault mkOptionDefault
; ;
isEnabled = config.my.home.x.enable; isEnabled = config.my.home.x.enable;
@ -20,14 +25,13 @@ let
logoutMode = "[L]ogout, [S]uspend, [P]oweroff, [R]eboot"; logoutMode = "[L]ogout, [S]uspend, [P]oweroff, [R]eboot";
i3Theme = config.my.theme.i3Theme; i3Theme = config.my.theme.i3Theme;
in in {
{
config = mkIf isEnabled { config = mkIf isEnabled {
my.home = { my.home = {
flameshot.enable = true; flameshot.enable = true;
}; };
home.packages = [ pkgs.betterlockscreen ]; home.packages = [pkgs.betterlockscreen];
xsession.windowManager.i3 = { xsession.windowManager.i3 = {
enable = true; enable = true;
@ -35,39 +39,38 @@ in
config = { config = {
inherit modifier; inherit modifier;
bars = bars = let
let barConfigPath =
barConfigPath = config.xdg.configFile."i3status-rust/config-top.toml".target;
config.xdg.configFile."i3status-rust/config-top.toml".target; in [
in {
[ statusCommand = "i3status-rs ${barConfigPath}";
{ position = "top";
statusCommand = "i3status-rs ${barConfigPath}"; fonts = {
position = "top"; names = ["DejaVuSansMono" "FontAwesome5Free"];
fonts = { size = 9.0;
names = [ "DejaVuSansMono" "FontAwesome5Free" ]; };
size = 9.0;
};
colors = i3Theme.bar; colors = i3Theme.bar;
trayOutput = "primary"; trayOutput = "primary";
# disable mouse scroll wheel in bar # disable mouse scroll wheel in bar
extraConfig = '' extraConfig = ''
bindsym button4 nop bindsym button4 nop
bindsym button5 nop bindsym button5 nop
''; '';
} }
]; ];
colors = { colors = {
inherit (i3Theme) inherit
(i3Theme)
focused focused
focusedInactive focusedInactive
unfocused unfocused
urgent urgent
; ;
}; };
focus = { focus = {
@ -78,7 +81,7 @@ in
workspaceAutoBackAndForth = true; workspaceAutoBackAndForth = true;
fonts = { fonts = {
names = [ "DejaVu Sans Mono" ]; names = ["DejaVu Sans Mono"];
size = 8.0; size = 8.0;
}; };
@ -104,40 +107,44 @@ in
"${modifier}+d" = "exec ${pkgs.rofi}/bin/rofi -show run"; "${modifier}+d" = "exec ${pkgs.rofi}/bin/rofi -show run";
}; };
modes = modes = let
let makeModeBindings = attrs:
makeModeBindings = attrs: attrs // { attrs
// {
"Escape" = "mode default"; "Escape" = "mode default";
"Return" = "mode default"; "Return" = "mode default";
}; };
in in
mkOptionDefault { mkOptionDefault {
"${logoutMode}" = makeModeBindings { "${logoutMode}" = makeModeBindings {
"l" = "exec --no-startup-id i3-msg exit, mode default"; "l" = "exec --no-startup-id i3-msg exit, mode default";
"s" = "exec --no-startup-id betterlockscreen --suspend, mode default"; "s" = "exec --no-startup-id betterlockscreen --suspend, mode default";
"p" = "exec --no-startup-id systemctl poweroff, mode default"; "p" = "exec --no-startup-id systemctl poweroff, mode default";
"r" = "exec --no-startup-id systemctl reboot, mode default"; "r" = "exec --no-startup-id systemctl reboot, mode default";
};
}; };
};
terminal = myTerminal; terminal = myTerminal;
assigns = { assigns = {
"10" = [ "10" = [
{ class = "Slack"; } {class = "Slack";}
{ class = "discord"; } {class = "discord";}
]; ];
}; };
window.commands = [ window.commands = [
{ command = "border pixel 2"; criteria = { class = "Alacritty"; }; } {
command = "border pixel 2";
criteria = {class = "Alacritty";};
}
# NOTE: should be done with an assign command, but Spotify doesn't set # NOTE: should be done with an assign command, but Spotify doesn't set
# its class until after initialization, so has to be done this way. # its class until after initialization, so has to be done this way.
# #
# See https://i3wm.org/docs/userguide.html#assign_workspace # See https://i3wm.org/docs/userguide.html#assign_workspace
{ {
criteria = { class = "Spotify"; }; criteria = {class = "Spotify";};
command = "move --no-auto-back-and-forth to workspace 8"; command = "move --no-auto-back-and-forth to workspace 8";
} }
]; ];

View file

@ -1,18 +1,22 @@
{ config, lib, pkgs, ... }: {
let config,
inherit (lib) lib,
pkgs,
...
}: let
inherit
(lib)
lists lists
mkIf mkIf
mkOption mkOption
optional optional
types types
; ;
isEnabled = config.my.home.x.enable; isEnabled = config.my.home.x.enable;
i3BarTheme = config.my.theme.i3BarTheme; i3BarTheme = config.my.theme.i3BarTheme;
cfg = config.my.home.x.i3bar; cfg = config.my.home.x.i3bar;
in in {
{
options.my.home.x.i3bar = { options.my.home.x.i3bar = {
temperature.chip = mkOption { temperature.chip = mkOption {
type = types.str; type = types.str;
@ -27,17 +31,19 @@ in
networking.throughput_interfaces = mkOption { networking.throughput_interfaces = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
example = [ "wlp1s0" ]; example = ["wlp1s0"];
default = [ ]; default = [];
}; };
}; };
config = mkIf isEnabled { config = mkIf isEnabled {
home.packages = builtins.attrValues { home.packages = builtins.attrValues {
inherit (pkgs) inherit
(pkgs)
# FIXME: is this useful? # FIXME: is this useful?
font-awesome font-awesome
; ;
}; };
programs.i3status-rust = { programs.i3status-rust = {
@ -49,81 +55,86 @@ in
theme = i3BarTheme.theme.name; theme = i3BarTheme.theme.name;
settings = i3BarTheme; settings = i3BarTheme;
blocks = [ blocks =
{ [
block = "pomodoro"; {
length = 60; block = "pomodoro";
break_length = 10; length = 60;
notifier = "i3nag"; break_length = 10;
} notifier = "i3nag";
{ }
block = "disk_space"; {
path = "/"; block = "disk_space";
alias = "/"; path = "/";
info_type = "available"; alias = "/";
unit = "GB"; info_type = "available";
interval = 60; unit = "GB";
warning = 20.0; interval = 60;
alert = 10.0; warning = 20.0;
} alert = 10.0;
{ }
block = "memory"; {
display_type = "memory"; block = "memory";
format_mem = "{mem_used;G}/{mem_total;G}"; display_type = "memory";
warning_mem = 70.0; format_mem = "{mem_used;G}/{mem_total;G}";
critical_mem = 90.0; warning_mem = 70.0;
# don't show swap critical_mem = 90.0;
clickable = false; # don't show swap
} clickable = false;
{ }
block = "cpu"; {
interval = 1; block = "cpu";
format = "{barchart}"; interval = 1;
} format = "{barchart}";
{ }
block = "temperature"; {
collapsed = false; block = "temperature";
interval = 10; collapsed = false;
format = "{max}"; interval = 10;
chip = cfg.temperature.chip; format = "{max}";
inputs = cfg.temperature.inputs; chip = cfg.temperature.chip;
} inputs = cfg.temperature.inputs;
] ++ (lists.optionals ((builtins.length cfg.networking.throughput_interfaces) != 0) }
(map ]
(interface: ++ (
{ lists.optionals ((builtins.length cfg.networking.throughput_interfaces) != 0)
(map
(interface: {
block = "net"; block = "net";
device = interface; device = interface;
interval = 1; interval = 1;
hide_inactive = true; hide_inactive = true;
}) })
cfg.networking.throughput_interfaces)
cfg.networking.throughput_interfaces) )
) ++ [ ++ [
{ {
block = "networkmanager"; block = "networkmanager";
primary_only = true; primary_only = true;
} }
{ {
block = "sound"; block = "sound";
driver = "pulseaudio"; driver = "pulseaudio";
} }
] ++ (optional config.my.home.laptop.enable ]
{ ++ (
block = "battery"; optional config.my.home.laptop.enable
} {
) ++ [ block = "battery";
# { }
# block = "notify"; )
# } ++ [
{ # {
block = "time"; # block = "notify";
interval = 5; # }
format = "%a %d/%m %T"; {
locale = "fr_FR"; block = "time";
timezone = "Europe/Paris"; interval = 5;
} format = "%a %d/%m %T";
]; locale = "fr_FR";
timezone = "Europe/Paris";
}
];
}; };
}; };
}; };

View file

@ -1,17 +1,20 @@
# Edit this configuration file to define what should be installed on # Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page # your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help). # and in the NixOS manual (accessible by running nixos-help).
{ config, lib, pkgs, ... }:
{ {
imports = config,
[ # Include the results of the hardware scan. lib,
./hardware-configuration.nix pkgs,
...
}: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
./home.nix ./home.nix
./secrets.nix ./secrets.nix
]; ];
boot.kernelPackages = pkgs.linuxPackages_latest; boot.kernelPackages = pkgs.linuxPackages_latest;
@ -27,7 +30,7 @@
services.btrfs = { services.btrfs = {
autoScrub = { autoScrub = {
enable = true; enable = true;
fileSystems = [ "/" ]; fileSystems = ["/"];
}; };
}; };
@ -93,7 +96,7 @@
"rfkill-release" "rfkill-release"
]; ];
services.udev.packages = [ pkgs.packages.kaleidoscope-udev-rules ]; services.udev.packages = [pkgs.packages.kaleidoscope-udev-rules];
hardware.bluetooth = { hardware.bluetooth = {
enable = true; enable = true;

View file

@ -1,30 +1,34 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ {
imports = config,
[ (modulesPath + "/installer/scan/not-detected.nix") lib,
]; pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [];
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [];
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-uuid/1a942915-c1ae-4058-b99d-09d12d40dbd3"; device = "/dev/disk/by-uuid/1a942915-c1ae-4058-b99d-09d12d40dbd3";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=nixos" "compress=zstd:1" "noatime" ]; options = ["subvol=nixos" "compress=zstd:1" "noatime"];
}; };
fileSystems."/boot" = fileSystems."/boot" = {
{ device = "/dev/disk/by-uuid/17C7-368D"; device = "/dev/disk/by-uuid/17C7-368D";
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices = [ ]; swapDevices = [];
hardware.cpu.amd.updateMicrocode = true; hardware.cpu.amd.updateMicrocode = true;
} }

View file

@ -1,26 +1,31 @@
{ config, pkgs, ... }:
{ {
config,
pkgs,
...
}: {
home-manager.users.alarsyo = { home-manager.users.alarsyo = {
# Keyboard settings & i3 settings # Keyboard settings & i3 settings
my.home.x.enable = true; my.home.x.enable = true;
my.home.x.i3bar.temperature.chip = "k10temp-pci-*"; my.home.x.i3bar.temperature.chip = "k10temp-pci-*";
my.home.x.i3bar.temperature.inputs = [ "Tccd1" ]; my.home.x.i3bar.temperature.inputs = ["Tccd1"];
my.home.x.i3bar.networking.throughput_interfaces = [ "enp8s0" "wlp4s0" ]; my.home.x.i3bar.networking.throughput_interfaces = ["enp8s0" "wlp4s0"];
my.home.emacs.enable = true; my.home.emacs.enable = true;
my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight; my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight;
home.packages = builtins.attrValues { home.packages = builtins.attrValues {
inherit (pkgs) inherit
(pkgs)
# some websites only work there :( # some websites only work there :(
chromium chromium
# dev # dev
rustup rustup
# keyboard goodness # keyboard goodness
chrysalis chrysalis
; ;
inherit (pkgs.packages) spot; inherit (pkgs.packages) spot;
}; };

View file

@ -1,19 +1,23 @@
{ config, lib, options, ... }:
{ {
config,
lib,
options,
...
}: {
config.age = { config.age = {
secrets = secrets = let
let toSecret = name: {...} @ attrs:
toSecret = name: { ... }@attrs: { {
file = ./../../modules/secrets + "/${name}.age"; file = ./../../modules/secrets + "/${name}.age";
} // attrs; }
in // attrs;
lib.mapAttrs toSecret { in
"restic-backup/boreal-credentials" = {}; lib.mapAttrs toSecret {
"restic-backup/boreal-password" = {}; "restic-backup/boreal-credentials" = {};
"restic-backup/boreal-password" = {};
"users/alarsyo-hashed-password" = {}; "users/alarsyo-hashed-password" = {};
"users/root-hashed-password" = {}; "users/root-hashed-password" = {};
}; };
}; };
} }

View file

@ -1,31 +1,33 @@
# Edit this configuration file to define what should be installed on # Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page # your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help). # and in the NixOS manual (accessible by running nixos-help).
{ config, lib, pkgs, ... }:
let
secrets = config.my.secrets;
in
{ {
imports = config,
[ # Include the results of the hardware scan. lib,
./hardware-configuration.nix pkgs,
...
}: let
secrets = config.my.secrets;
in {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
./home.nix ./home.nix
./secrets.nix ./secrets.nix
]; ];
# Use the GRUB 2 boot loader. # Use the GRUB 2 boot loader.
boot.loader.grub.enable = true; boot.loader.grub.enable = true;
boot.loader.grub.version = 2; boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
boot.supportedFilesystems = [ "btrfs" ]; boot.supportedFilesystems = ["btrfs"];
services.btrfs = { services.btrfs = {
autoScrub = { autoScrub = {
enable = true; enable = true;
fileSystems = [ "/" ]; fileSystems = ["/"];
}; };
}; };

View file

@ -1,40 +1,45 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
let
inherit (lib)
mkDefault
;
in
{ {
imports = config,
[ (modulesPath + "/installer/scan/not-detected.nix") lib,
pkgs,
modulesPath,
...
}: let
inherit
(lib)
mkDefault
;
in {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["ahci" "usbhid"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "/dev/disk/by-uuid/adcf0158-edfb-402f-82e7-61e4902af989";
fsType = "btrfs";
options = [
"subvol=@nixos"
"compress=zstd"
"noatime"
]; ];
};
boot.initrd.availableKernelModules = [ "ahci" "usbhid" ]; fileSystems."/boot" = {
boot.initrd.kernelModules = [ ]; device = "/dev/disk/by-uuid/ff54b622-0e26-4c6e-aa0c-ac2c1e12699a";
boot.kernelModules = [ "kvm-intel" ]; fsType = "ext4";
boot.extraModulePackages = [ ]; };
fileSystems."/" = swapDevices = [
{ device = "/dev/disk/by-uuid/adcf0158-edfb-402f-82e7-61e4902af989"; {device = "/dev/disk/by-uuid/381a9c5e-4d71-45b4-ac62-e7414b3768fc";}
fsType = "btrfs"; ];
options = [
"subvol=@nixos"
"compress=zstd"
"noatime"
];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/ff54b622-0e26-4c6e-aa0c-ac2c1e12699a";
fsType = "ext4";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/381a9c5e-4d71-45b4-ac62-e7414b3768fc"; }
];
powerManagement.cpuFreqGovernor = mkDefault "ondemand"; powerManagement.cpuFreqGovernor = mkDefault "ondemand";
} }

View file

@ -1,7 +1,5 @@
{ config, ... }: {config, ...}: {
{
home-manager.users.alarsyo = { home-manager.users.alarsyo = {
my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight; my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight;
}; };
} }

View file

@ -1,36 +1,40 @@
{ config, lib, options, ... }:
{ {
config,
lib,
options,
...
}: {
config.age = { config.age = {
secrets = secrets = let
let toSecret = name: {...} @ attrs:
toSecret = name: { ... }@attrs: { {
file = ./../../modules/secrets + "/${name}.age"; file = ./../../modules/secrets + "/${name}.age";
} // attrs; }
in // attrs;
lib.mapAttrs toSecret { in
"gandi/api-key" = {}; lib.mapAttrs toSecret {
"gandi/api-key" = {};
"lohr/shared-secret" = {}; "lohr/shared-secret" = {};
"matrix-synapse/secret-config" = { "matrix-synapse/secret-config" = {
owner = "matrix-synapse"; owner = "matrix-synapse";
};
"miniflux/admin-credentials" = {};
"nextcloud/admin-pass" = {
owner = "nextcloud";
};
"paperless/admin-password" = {};
"paperless/secret-key" = {};
"restic-backup/poseidon-credentials" = {};
"restic-backup/poseidon-password" = {};
"users/alarsyo-hashed-password" = {};
"users/root-hashed-password" = {};
}; };
"miniflux/admin-credentials" = {};
"nextcloud/admin-pass" = {
owner = "nextcloud";
};
"paperless/admin-password" = {};
"paperless/secret-key" = {};
"restic-backup/poseidon-credentials" = {};
"restic-backup/poseidon-password" = {};
"users/alarsyo-hashed-password" = {};
"users/root-hashed-password" = {};
};
}; };
} }

View file

@ -1,15 +1,18 @@
# Edit this configuration file to define what should be installed on # Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page # your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help). # and in the NixOS manual (accessible by running nixos-help).
{ config, lib, pkgs, ... }:
{ {
imports = config,
[ # Include the results of the hardware scan. lib,
./hardware-configuration.nix pkgs,
./home.nix ...
./secrets.nix }: {
]; imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
./home.nix
./secrets.nix
];
boot.kernelPackages = pkgs.linuxPackages; boot.kernelPackages = pkgs.linuxPackages;
@ -20,7 +23,7 @@
services.btrfs = { services.btrfs = {
autoScrub = { autoScrub = {
enable = true; enable = true;
fileSystems = [ "/" ]; fileSystems = ["/"];
}; };
}; };
@ -86,9 +89,9 @@
}; };
my.gui.enable = true; my.gui.enable = true;
environment.systemPackages = [ pkgs.arandr pkgs.chrysalis ]; environment.systemPackages = [pkgs.arandr pkgs.chrysalis];
services.udev.packages = [ pkgs.packages.kaleidoscope-udev-rules ]; services.udev.packages = [pkgs.packages.kaleidoscope-udev-rules];
hardware.bluetooth = { hardware.bluetooth = {
enable = true; enable = true;

View file

@ -1,49 +1,54 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
let
inherit (lib)
mkDefault
;
in
{ {
imports = config,
[ (modulesPath + "/installer/scan/not-detected.nix") lib,
]; pkgs,
modulesPath,
...
}: let
inherit
(lib)
mkDefault
;
in {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [];
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-uuid/6395cef1-c30b-450a-917c-cfb3c0380642"; device = "/dev/disk/by-uuid/6395cef1-c30b-450a-917c-cfb3c0380642";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=@" "compress=zstd" "noatime" ]; options = ["subvol=@" "compress=zstd" "noatime"];
}; };
boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/c59e7067-e33c-474c-9b8e-96d0e8f59297"; boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/c59e7067-e33c-474c-9b8e-96d0e8f59297";
fileSystems."/home" = fileSystems."/home" = {
{ device = "/dev/disk/by-uuid/6395cef1-c30b-450a-917c-cfb3c0380642"; device = "/dev/disk/by-uuid/6395cef1-c30b-450a-917c-cfb3c0380642";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=@home" "compress=zstd" "noatime" ]; options = ["subvol=@home" "compress=zstd" "noatime"];
neededForBoot = true; # agenix needs my key for some root secrets neededForBoot = true; # agenix needs my key for some root secrets
}; };
fileSystems."/nix" = fileSystems."/nix" = {
{ device = "/dev/disk/by-uuid/6395cef1-c30b-450a-917c-cfb3c0380642"; device = "/dev/disk/by-uuid/6395cef1-c30b-450a-917c-cfb3c0380642";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=@nix" "compress=zstd" "noatime" ]; options = ["subvol=@nix" "compress=zstd" "noatime"];
}; };
fileSystems."/boot" = fileSystems."/boot" = {
{ device = "/dev/disk/by-uuid/D9DA-F46C"; device = "/dev/disk/by-uuid/D9DA-F46C";
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices = [ ]; swapDevices = [];
powerManagement.cpuFreqGovernor = mkDefault "powersave"; powerManagement.cpuFreqGovernor = mkDefault "powersave";

View file

@ -1,5 +1,8 @@
{ config, pkgs, ... }:
{ {
config,
pkgs,
...
}: {
home-manager.users.alarsyo = { home-manager.users.alarsyo = {
my.home.laptop.enable = true; my.home.laptop.enable = true;
@ -7,25 +10,26 @@
my.home.x.enable = true; my.home.x.enable = true;
my.home.x.i3bar.temperature.chip = "coretemp-isa-*"; my.home.x.i3bar.temperature.chip = "coretemp-isa-*";
my.home.x.i3bar.temperature.inputs = ["Core 0" "Core 1" "Core 2" "Core 3"]; my.home.x.i3bar.temperature.inputs = ["Core 0" "Core 1" "Core 2" "Core 3"];
my.home.x.i3bar.networking.throughput_interfaces = [ "enp0s31f6" "wlp0s20f3" "enp43s0u1u1" ]; my.home.x.i3bar.networking.throughput_interfaces = ["enp0s31f6" "wlp0s20f3" "enp43s0u1u1"];
my.home.emacs.enable = true; my.home.emacs.enable = true;
my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight; my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight;
home.packages = builtins.attrValues { home.packages = builtins.attrValues {
inherit (pkgs) inherit
# some websites only work there :( (pkgs)
chromium # some websites only work there :(
darktable chromium
darktable
# dev # dev
rustup
rustup
; ;
inherit (pkgs.packages) spot; inherit (pkgs.packages) spot;
inherit (pkgs.wineWowPackages) stable; inherit (pkgs.wineWowPackages) stable;
}; };
}; };
} }

View file

@ -1,19 +1,23 @@
{ config, lib, options, ... }:
{ {
config,
lib,
options,
...
}: {
config.age = { config.age = {
secrets = secrets = let
let toSecret = name: {...} @ attrs:
toSecret = name: { ... }@attrs: { {
file = ./../../modules/secrets + "/${name}.age"; file = ./../../modules/secrets + "/${name}.age";
} // attrs; }
in // attrs;
lib.mapAttrs toSecret { in
"restic-backup/zephyrus-credentials" = {}; lib.mapAttrs toSecret {
"restic-backup/zephyrus-password" = {}; "restic-backup/zephyrus-credentials" = {};
"restic-backup/zephyrus-password" = {};
"users/alarsyo-hashed-password" = {}; "users/alarsyo-hashed-password" = {};
"users/root-hashed-password" = {}; "users/root-hashed-password" = {};
}; };
}; };
} }

View file

@ -1,5 +1,4 @@
{ ... }: {...}: {
{
imports = [ imports = [
./sddm.nix ./sddm.nix
./secrets ./secrets

View file

@ -1,13 +1,17 @@
{ config, lib, pkgs, ... }: {
let config,
inherit (lib) lib,
pkgs,
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
; ;
cfg = config.my.displayManager.sddm; cfg = config.my.displayManager.sddm;
in in {
{
options.my.displayManager.sddm.enable = mkEnableOption "SDDM setup"; options.my.displayManager.sddm.enable = mkEnableOption "SDDM setup";
config = mkIf cfg.enable { config = mkIf cfg.enable {
@ -17,15 +21,17 @@ in
}; };
environment.systemPackages = builtins.attrValues { environment.systemPackages = builtins.attrValues {
inherit (pkgs.packages) inherit
(pkgs.packages)
sddm-sugar-candy sddm-sugar-candy
; ;
inherit (pkgs.libsForQt5.qt5) inherit
(pkgs.libsForQt5.qt5)
qtgraphicaleffects qtgraphicaleffects
qtquickcontrols2 qtquickcontrols2
qtsvg qtsvg
; ;
}; };
}; };
} }

View file

@ -1,9 +1,14 @@
{ config, lib, options, ... }:
{ {
config,
lib,
options,
...
}: {
config.age = { config.age = {
identityPaths = options.age.identityPaths.default ++ [ identityPaths =
"/home/alarsyo/.ssh/id_ed25519" options.age.identityPaths.default
]; ++ [
"/home/alarsyo/.ssh/id_ed25519"
];
}; };
} }

View file

@ -1,36 +1,35 @@
let let
alarsyo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH3rrF3VSWI4n4cpguvlmLAaU3uftuX4AVV/39S/8GO9 alarsyo@thinkpad"; alarsyo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH3rrF3VSWI4n4cpguvlmLAaU3uftuX4AVV/39S/8GO9 alarsyo@thinkpad";
users = [ alarsyo ]; users = [alarsyo];
boreal = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAagal1aqZh52wEmgsw7fkCzO41o4Cx+nV4wJGZuX1RP root@boreal"; boreal = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAagal1aqZh52wEmgsw7fkCzO41o4Cx+nV4wJGZuX1RP root@boreal";
poseidon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKYhZYMbWQG9TSQ2qze8GgFo2XrZzgu/GuSOGwenByJo root@poseidon"; poseidon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKYhZYMbWQG9TSQ2qze8GgFo2XrZzgu/GuSOGwenByJo root@poseidon";
zephyrus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILU4JfIADH9MXUnVe+3ezYK9WXsqy/jJcm1zFkmL4aSU root@zephyrus"; zephyrus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILU4JfIADH9MXUnVe+3ezYK9WXsqy/jJcm1zFkmL4aSU root@zephyrus";
machines = [ boreal poseidon zephyrus ]; machines = [boreal poseidon zephyrus];
all = users ++ machines; all = users ++ machines;
in in {
{ "gandi/api-key.age".publicKeys = [poseidon];
"gandi/api-key.age".publicKeys = [ poseidon ];
"lohr/shared-secret.age".publicKeys = [ poseidon ]; "lohr/shared-secret.age".publicKeys = [poseidon];
"matrix-synapse/secret-config.age".publicKeys = [ poseidon ]; "matrix-synapse/secret-config.age".publicKeys = [poseidon];
"miniflux/admin-credentials.age".publicKeys = [ poseidon ]; "miniflux/admin-credentials.age".publicKeys = [poseidon];
"nextcloud/admin-pass.age".publicKeys = [ poseidon ]; "nextcloud/admin-pass.age".publicKeys = [poseidon];
"paperless/admin-password.age".publicKeys = [ poseidon ]; "paperless/admin-password.age".publicKeys = [poseidon];
"paperless/secret-key.age".publicKeys = [ poseidon ]; "paperless/secret-key.age".publicKeys = [poseidon];
"restic-backup/boreal-password.age".publicKeys = [ alarsyo boreal ]; "restic-backup/boreal-password.age".publicKeys = [alarsyo boreal];
"restic-backup/boreal-credentials.age".publicKeys = [ alarsyo boreal ]; "restic-backup/boreal-credentials.age".publicKeys = [alarsyo boreal];
"restic-backup/poseidon-password.age".publicKeys = [ alarsyo poseidon ]; "restic-backup/poseidon-password.age".publicKeys = [alarsyo poseidon];
"restic-backup/poseidon-credentials.age".publicKeys = [ alarsyo poseidon ]; "restic-backup/poseidon-credentials.age".publicKeys = [alarsyo poseidon];
"restic-backup/zephyrus-password.age".publicKeys = [ alarsyo zephyrus ]; "restic-backup/zephyrus-password.age".publicKeys = [alarsyo zephyrus];
"restic-backup/zephyrus-credentials.age".publicKeys = [ alarsyo zephyrus ]; "restic-backup/zephyrus-credentials.age".publicKeys = [alarsyo zephyrus];
"users/root-hashed-password.age".publicKeys = machines; "users/root-hashed-password.age".publicKeys = machines;
"users/alarsyo-hashed-password.age".publicKeys = machines ++ [ alarsyo ]; "users/alarsyo-hashed-password.age".publicKeys = machines ++ [alarsyo];
} }

View file

@ -1,23 +1,27 @@
{ config, lib, pkgs, ... }: {
config,
let lib,
inherit (lib) pkgs,
...
}: let
inherit
(lib)
concatStringsSep concatStringsSep
literalExample literalExample
mapAttrs' mapAttrs'
mkIf mkIf
mkOption mkOption
nameValuePair nameValuePair
; ;
cfg = config.my.wakeonwlan; cfg = config.my.wakeonwlan;
mkWowlanService = name: cfg: mkWowlanService = name: cfg:
nameValuePair "wowlan-${name}" { nameValuePair "wowlan-${name}" {
description = "Enable WoWLAN for interface ${name}"; description = "Enable WoWLAN for interface ${name}";
requires = [ "network.target" ]; requires = ["network.target"];
after = [ "network.target" ]; after = ["network.target"];
wantedBy = [ "multi-user.target" ]; wantedBy = ["multi-user.target"];
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
}; };
@ -25,11 +29,12 @@ let
${pkgs.iw}/bin/iw ${name} wowlan enable ${concatStringsSep " " cfg.methods} ${pkgs.iw}/bin/iw ${name} wowlan enable ${concatStringsSep " " cfg.methods}
''; '';
}; };
in in {
{ options.my.wakeonwlan = let
options.my.wakeonwlan = let inherit (lib) types; in { inherit (lib) types;
in {
interfaces = mkOption { interfaces = mkOption {
default = { }; default = {};
description = "Wireless interfaces where you want to enable WoWLAN"; description = "Wireless interfaces where you want to enable WoWLAN";
example = literalExample '' example = literalExample ''
{ {

View file

@ -1,5 +1,4 @@
final: prev: final: prev: {
{
# overlay created because nixpkgs's `i3status-rust` depended on `notmuch`, and # overlay created because nixpkgs's `i3status-rust` depended on `notmuch`, and
# `notmuch`'s tests were briefly broken. the features I'm disabling, I don't # `notmuch`'s tests were briefly broken. the features I'm disabling, I don't
# need anyway: (at the time of writing) # need anyway: (at the time of writing)
@ -8,13 +7,14 @@ final: prev:
# - maildir # - maildir
i3status-rust = prev.i3status-rust.overrideAttrs (oldAttrs: { i3status-rust = prev.i3status-rust.overrideAttrs (oldAttrs: {
buildInputs = builtins.attrValues { buildInputs = builtins.attrValues {
inherit (final) inherit
(final)
dbus dbus
lm_sensors lm_sensors
openssl openssl
pulseaudio pulseaudio
; ;
}; };
cargoBuildFeatures = [ "pulseaudio" ]; cargoBuildFeatures = ["pulseaudio"];
}); });
} }

View file

@ -1,5 +1,4 @@
{ pkgs }: {pkgs}: {
{
sddm-sugar-candy = pkgs.callPackage ./sddm-sugar-candy {}; sddm-sugar-candy = pkgs.callPackage ./sddm-sugar-candy {};
kaleidoscope-udev-rules = pkgs.callPackage ./kaleidoscope-udev-rules {}; kaleidoscope-udev-rules = pkgs.callPackage ./kaleidoscope-udev-rules {};
grafanaDashboards = pkgs.recurseIntoAttrs (pkgs.callPackage ./grafana-dashboards {}); grafanaDashboards = pkgs.recurseIntoAttrs (pkgs.callPackage ./grafana-dashboards {});

View file

@ -1,5 +1,4 @@
{ callPackage }: {callPackage}: {
{
nginx = callPackage ./nginx.nix {}; nginx = callPackage ./nginx.nix {};
node-exporter = callPackage ./node-exporter.nix {}; node-exporter = callPackage ./node-exporter.nix {};
} }

View file

@ -1,32 +1,37 @@
{ stdenv, fetchFromGitHub, lib, ... }: {
let stdenv,
inherit (lib) fetchFromGitHub,
lib,
...
}: let
inherit
(lib)
licenses licenses
; ;
version = "0.9.0"; version = "0.9.0";
in in
stdenv.mkDerivation { stdenv.mkDerivation {
inherit version; inherit version;
pname = "grafana-dashboard-nginx"; pname = "grafana-dashboard-nginx";
dontBuild = true; dontBuild = true;
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "nginxinc"; owner = "nginxinc";
repo = "nginx-prometheus-exporter"; repo = "nginx-prometheus-exporter";
rev = "v${version}"; rev = "v${version}";
sha256 = "sha256:04y5vpj2kv2ygdzxy3crpnx4mhpkm1ns2995kxgvjlhnyck7a5rf"; sha256 = "sha256:04y5vpj2kv2ygdzxy3crpnx4mhpkm1ns2995kxgvjlhnyck7a5rf";
}; };
installPhase = '' installPhase = ''
mkdir -p $out mkdir -p $out
cp grafana/dashboard.json $out/dashboard.json cp grafana/dashboard.json $out/dashboard.json
''; '';
meta = { meta = {
description = "grafana dashboard for NGINX exporter"; description = "grafana dashboard for NGINX exporter";
homepage = "https://github.com/nginxinc/nginx-prometheus-exporter"; homepage = "https://github.com/nginxinc/nginx-prometheus-exporter";
license = licenses.asl20; license = licenses.asl20;
}; };
} }

View file

@ -1,32 +1,37 @@
{ stdenv, fetchFromGitHub, lib, ... }: {
let stdenv,
inherit (lib) fetchFromGitHub,
lib,
...
}: let
inherit
(lib)
licenses licenses
; ;
version = "7d61c79619e5749e629758ecd96748c010028120"; version = "7d61c79619e5749e629758ecd96748c010028120";
in in
stdenv.mkDerivation { stdenv.mkDerivation {
version = "master-${version}"; version = "master-${version}";
pname = "grafana-dashboard-node-exporter"; pname = "grafana-dashboard-node-exporter";
dontBuild = true; dontBuild = true;
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "rfrail3"; owner = "rfrail3";
repo = "grafana-dashboards"; repo = "grafana-dashboards";
rev = version; rev = version;
sha256 = "sha256:1z6i76jdiw3jjigbmbqvyi8kyj4ngw0y73fv9yksr2ncjfqlhhv6"; sha256 = "sha256:1z6i76jdiw3jjigbmbqvyi8kyj4ngw0y73fv9yksr2ncjfqlhhv6";
}; };
installPhase = '' installPhase = ''
mkdir -p $out mkdir -p $out
cp prometheus/node-exporter-full.json $out/node-exporter-full.json cp prometheus/node-exporter-full.json $out/node-exporter-full.json
''; '';
meta = { meta = {
description = "grafana dashboard for node exporter"; description = "grafana dashboard for node exporter";
homepage = "https://github.com/rfrail3/grafana-dashboards"; homepage = "https://github.com/rfrail3/grafana-dashboards";
license = licenses.lgpl3Only; license = licenses.lgpl3Only;
}; };
} }

View file

@ -1,33 +1,36 @@
{ stdenv, lib, fetchFromGitHub }: {
stdenv,
let lib,
inherit (lib) fetchFromGitHub,
}: let
inherit
(lib)
licenses licenses
; ;
version = "1.99.3"; version = "1.99.3";
in in
stdenv.mkDerivation { stdenv.mkDerivation {
inherit version; inherit version;
pname = "kaleidoscope-udev-rules"; pname = "kaleidoscope-udev-rules";
dontBuild = true; dontBuild = true;
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "keyboardio"; owner = "keyboardio";
repo = "Kaleidoscope"; repo = "Kaleidoscope";
rev = "v${version}"; rev = "v${version}";
sha256 = "sha256-4WIl/Hj23j9GLzdMcyEQvg9X7HI4WSInrLkYCkj6yhM="; sha256 = "sha256-4WIl/Hj23j9GLzdMcyEQvg9X7HI4WSInrLkYCkj6yhM=";
}; };
installPhase = '' installPhase = ''
mkdir -p $out/lib/udev/rules.d mkdir -p $out/lib/udev/rules.d
cp etc/60-kaleidoscope.rules $out/lib/udev/rules.d/ cp etc/60-kaleidoscope.rules $out/lib/udev/rules.d/
''; '';
meta = { meta = {
description = "udev rules for kaleidoscope firmware keyboards"; description = "udev rules for kaleidoscope firmware keyboards";
homepage = "https://github.com/keyboardio/Kaleidoscope"; homepage = "https://github.com/keyboardio/Kaleidoscope";
license = licenses.gpl3Only; license = licenses.gpl3Only;
}; };
} }

View file

@ -1,4 +1,7 @@
{ stdenv, fetchFromGitLab }: {
stdenv,
fetchFromGitLab,
}:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "sddm-sugar-candy"; pname = "sddm-sugar-candy";
# latest master commit, no recent tags :( # latest master commit, no recent tags :(
@ -10,7 +13,7 @@ stdenv.mkDerivation rec {
cp -aR . $out/share/sddm/themes/sugar-candy cp -aR . $out/share/sddm/themes/sugar-candy
''; '';
patches = [ ./custom-conf.patch ]; patches = [./custom-conf.patch];
src = fetchFromGitLab { src = fetchFromGitLab {
domain = "framagit.org"; domain = "framagit.org";

View file

@ -1,20 +1,20 @@
{ stdenv {
, fetchurl stdenv,
, python3 fetchurl,
}: python3,
let }: let
version = "2.10.4"; version = "2.10.4";
in in
stdenv.mkDerivation { stdenv.mkDerivation {
inherit version; inherit version;
pname = "spot"; pname = "spot";
buildInputs = [ buildInputs = [
python3 python3
]; ];
src = fetchurl { src = fetchurl {
url = "https://www.lrde.epita.fr/dload/spot/spot-${version}.tar.gz"; url = "https://www.lrde.epita.fr/dload/spot/spot-${version}.tar.gz";
sha256 = "sha256-6GKc22zOgwd4JpYM0B7OUhPar5ooPW9iqvaa+gYjR4o="; sha256 = "sha256-6GKc22zOgwd4JpYM0B7OUhPar5ooPW9iqvaa+gYjR4o=";
}; };
} }

View file

@ -1,6 +1,4 @@
{ ... }: {...}: {
{
imports = [ imports = [
# Default configuration # Default configuration
./base ./base

View file

@ -1,6 +1,4 @@
{ ... }: {...}: {
{
imports = [ imports = [
./vaultwarden.nix ./vaultwarden.nix
./fail2ban.nix ./fail2ban.nix

View file

@ -1,10 +1,14 @@
{ config, lib, pkgs, ... }: {
config,
let lib,
inherit (lib) pkgs,
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
; ;
cfg = config.my.services.fail2ban; cfg = config.my.services.fail2ban;
in { in {

View file

@ -1,19 +1,24 @@
{ config, lib, pkgs, ... }: {
config,
let lib,
inherit (lib) pkgs,
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
mkOption mkOption
; ;
cfg = config.my.services.fava; cfg = config.my.services.fava;
my = config.my; my = config.my;
domain = config.networking.domain; domain = config.networking.domain;
secrets = config.my.secrets; secrets = config.my.secrets;
in in {
{ options.my.services.fava = let
options.my.services.fava = let inherit (lib) types; in { inherit (lib) types;
in {
enable = mkEnableOption "Fava"; enable = mkEnableOption "Fava";
home = mkOption { home = mkOption {
@ -39,7 +44,7 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
systemd.services.fava = { systemd.services.fava = {
wantedBy = [ "multi-user.target" ]; wantedBy = ["multi-user.target"];
serviceConfig = { serviceConfig = {
Environment = []; Environment = [];
ExecStart = "${pkgs.fava}/bin/fava -H 127.0.0.1 -p ${toString cfg.port} ${cfg.home}/${cfg.filePath}"; ExecStart = "${pkgs.fava}/bin/fava -H 127.0.0.1 -p ${toString cfg.port} ${cfg.home}/${cfg.filePath}";
@ -55,7 +60,7 @@ in
createHome = true; createHome = true;
group = "fava"; group = "fava";
}; };
users.groups.fava = { }; users.groups.fava = {};
services.nginx.virtualHosts = { services.nginx.virtualHosts = {
"fava.${domain}" = { "fava.${domain}" = {

View file

@ -1,18 +1,24 @@
{ config, lib, pkgs, ... }: {
config,
let lib,
inherit (lib) pkgs,
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
mkOption mkOption
; ;
cfg = config.my.services.gitea; cfg = config.my.services.gitea;
my = config.my; my = config.my;
domain = config.networking.domain; domain = config.networking.domain;
in { in {
options.my.services.gitea = let inherit (lib) types; in { options.my.services.gitea = let
inherit (lib) types;
in {
enable = mkEnableOption "Personal Git hosting with Gitea"; enable = mkEnableOption "Personal Git hosting with Gitea";
privatePort = mkOption { privatePort = mkOption {
@ -33,11 +39,11 @@ in {
# the systemd service for the gitea module seems to hardcode the group as # the systemd service for the gitea module seems to hardcode the group as
# gitea, so, uh, just in case? # gitea, so, uh, just in case?
extraGroups = [ "gitea" ]; extraGroups = ["gitea"];
isSystemUser = true; isSystemUser = true;
}; };
users.groups.git = { }; users.groups.git = {};
services.gitea = { services.gitea = {
enable = true; enable = true;
@ -88,7 +94,7 @@ in {
}; };
services.postgresqlBackup = { services.postgresqlBackup = {
databases = [ "gitea" ]; databases = ["gitea"];
}; };
services.nginx = { services.nginx = {

View file

@ -1,10 +1,14 @@
{ config, lib, pkgs, ... }: {
config,
let lib,
inherit (lib) pkgs,
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
; ;
cfg = config.my.services.jellyfin; cfg = config.my.services.jellyfin;
my = config.my; my = config.my;

View file

@ -1,24 +1,28 @@
{ config, lib, pkgs, ... }: {
config,
let lib,
inherit (lib) pkgs,
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
mkOption mkOption
; ;
cfg = config.my.services.lohr; cfg = config.my.services.lohr;
my = config.my; my = config.my;
domain = config.networking.domain; domain = config.networking.domain;
secrets = config.my.secrets; secrets = config.my.secrets;
lohrPkg = lohrPkg = let
let flake = builtins.getFlake "github:alarsyo/lohr?rev=58503cc8b95c8b627f6ae7e56740609e91f323cd";
flake = builtins.getFlake "github:alarsyo/lohr?rev=58503cc8b95c8b627f6ae7e56740609e91f323cd"; in
in
flake.defaultPackage."x86_64-linux"; # FIXME: use correct system flake.defaultPackage."x86_64-linux"; # FIXME: use correct system
in in {
{ options.my.services.lohr = let
options.my.services.lohr = let inherit (lib) types; in { inherit (lib) types;
in {
enable = mkEnableOption "Lohr Mirroring Daemon"; enable = mkEnableOption "Lohr Mirroring Daemon";
home = mkOption { home = mkOption {
@ -38,7 +42,7 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
systemd.services.lohr = { systemd.services.lohr = {
wantedBy = [ "multi-user.target" ]; wantedBy = ["multi-user.target"];
serviceConfig = { serviceConfig = {
Environment = [ Environment = [
"ROCKET_PORT=${toString cfg.port}" "ROCKET_PORT=${toString cfg.port}"
@ -52,7 +56,7 @@ in
User = "lohr"; User = "lohr";
Group = "lohr"; Group = "lohr";
}; };
path = [ pkgs.git ]; path = [pkgs.git];
}; };
users.users.lohr = { users.users.lohr = {
@ -61,7 +65,7 @@ in
createHome = true; createHome = true;
group = "lohr"; group = "lohr";
}; };
users.groups.lohr = { }; users.groups.lohr = {};
services.nginx.virtualHosts = { services.nginx.virtualHosts = {
"lohr.${domain}" = { "lohr.${domain}" = {

View file

@ -7,24 +7,36 @@
# - https://github.com/delroth/infra.delroth.net/blob/master/roles/matrix-synapse.nix # - https://github.com/delroth/infra.delroth.net/blob/master/roles/matrix-synapse.nix
# - https://nixos.org/manual/nixos/stable/index.html#module-services-matrix # - https://nixos.org/manual/nixos/stable/index.html#module-services-matrix
# #
{ config, lib, pkgs, ... }: {
config,
let lib,
inherit (lib) pkgs,
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
mkOption mkOption
optionals optionals
; ;
cfg = config.my.services.matrix; cfg = config.my.services.matrix;
my = config.my; my = config.my;
federationPort = { public = 8448; private = 11338; }; federationPort = {
clientPort = { public = 443; private = 11339; }; public = 8448;
private = 11338;
};
clientPort = {
public = 443;
private = 11339;
};
domain = config.networking.domain; domain = config.networking.domain;
in { in {
options.my.services.matrix = let inherit (lib) types; in { options.my.services.matrix = let
inherit (lib) types;
in {
enable = mkEnableOption "Matrix Synapse"; enable = mkEnableOption "Matrix Synapse";
secretConfigFile = mkOption { secretConfigFile = mkOption {
@ -41,7 +53,7 @@ in {
}; };
services.postgresqlBackup = { services.postgresqlBackup = {
databases = [ "matrix-synapse" ]; databases = ["matrix-synapse"];
}; };
services.matrix-synapse = { services.matrix-synapse = {
@ -90,20 +102,30 @@ in {
listeners = [ listeners = [
# Federation # Federation
{ {
bind_addresses = [ "::1" ]; bind_addresses = ["::1"];
port = federationPort.private; port = federationPort.private;
tls = false; # Terminated by nginx. tls = false; # Terminated by nginx.
x_forwarded = true; x_forwarded = true;
resources = [ { names = [ "federation" ]; compress = false; } ]; resources = [
{
names = ["federation"];
compress = false;
}
];
} }
# Client # Client
{ {
bind_addresses = [ "::1" ]; bind_addresses = ["::1"];
port = clientPort.private; port = clientPort.private;
tls = false; # Terminated by nginx. tls = false; # Terminated by nginx.
x_forwarded = true; x_forwarded = true;
resources = [ { names = [ "client" ]; compress = false; } ]; resources = [
{
names = ["client"];
compress = false;
}
];
} }
]; ];
@ -127,26 +149,32 @@ in {
onlySSL = true; onlySSL = true;
useACMEHost = domain; useACMEHost = domain;
locations = locations = let
let proxyToClientPort = {
proxyToClientPort = { proxyPass = "http://[::1]:${toString clientPort.private}";
proxyPass = "http://[::1]:${toString clientPort.private}";
};
in {
# Or do a redirect instead of the 404, or whatever is appropriate
# for you. But do not put a Matrix Web client here! See the
# Element web section below.
"/".return = "404";
"/_matrix" = proxyToClientPort;
"/_synapse/client" = proxyToClientPort;
}; };
in {
# Or do a redirect instead of the 404, or whatever is appropriate
# for you. But do not put a Matrix Web client here! See the
# Element web section below.
"/".return = "404";
"/_matrix" = proxyToClientPort;
"/_synapse/client" = proxyToClientPort;
};
listen = [ listen = [
{ addr = "0.0.0.0"; port = clientPort.public; ssl = true; } {
{ addr = "[::]"; port = clientPort.public; ssl = true; } addr = "0.0.0.0";
port = clientPort.public;
ssl = true;
}
{
addr = "[::]";
port = clientPort.public;
ssl = true;
}
]; ];
}; };
# same as above, but listening on the federation port # same as above, but listening on the federation port
@ -162,32 +190,37 @@ in {
}; };
listen = [ listen = [
{ addr = "0.0.0.0"; port = federationPort.public; ssl = true; } {
{ addr = "[::]"; port = federationPort.public; ssl = true; } addr = "0.0.0.0";
port = federationPort.public;
ssl = true;
}
{
addr = "[::]";
port = federationPort.public;
ssl = true;
}
]; ];
}; };
"${domain}" = { "${domain}" = {
forceSSL = true; forceSSL = true;
useACMEHost = domain; useACMEHost = domain;
locations."= /.well-known/matrix/server".extraConfig = locations."= /.well-known/matrix/server".extraConfig = let
let server = {"m.server" = "matrix.${domain}:${toString federationPort.public}";};
server = { "m.server" = "matrix.${domain}:${toString federationPort.public}"; }; in ''
in ''
add_header Content-Type application/json; add_header Content-Type application/json;
return 200 '${builtins.toJSON server}'; return 200 '${builtins.toJSON server}';
''; '';
locations."= /.well-known/matrix/client".extraConfig = locations."= /.well-known/matrix/client".extraConfig = let
let client = {
client = { "m.homeserver" = {"base_url" = "https://matrix.${domain}";};
"m.homeserver" = { "base_url" = "https://matrix.${domain}"; }; "m.identity_server" = {"base_url" = "https://vector.im";};
"m.identity_server" = { "base_url" = "https://vector.im"; }; };
}; # ACAO required to allow element-web on any URL to request this json file
# ACAO required to allow element-web on any URL to request this json file in ''
in ''
add_header Content-Type application/json; add_header Content-Type application/json;
add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON client}'; return 200 '${builtins.toJSON client}';
@ -227,7 +260,7 @@ in {
}; };
# For administration tools. # For administration tools.
environment.systemPackages = [ pkgs.matrix-synapse ]; environment.systemPackages = [pkgs.matrix-synapse];
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
clientPort.public clientPort.public
@ -236,10 +269,11 @@ in {
my.services.restic-backup = let my.services.restic-backup = let
dataDir = config.services.matrix-synapse.dataDir; dataDir = config.services.matrix-synapse.dataDir;
in mkIf cfg.enable { in
paths = [ dataDir ]; mkIf cfg.enable {
# this is just caching for other servers media, doesn't need backup paths = [dataDir];
exclude = [ "${dataDir}/media/remote_*" ]; # this is just caching for other servers media, doesn't need backup
}; exclude = ["${dataDir}/media/remote_*"];
};
}; };
} }

View file

@ -1,17 +1,21 @@
{ config, lib, ... }: {
let config,
inherit (lib) lib,
...
}: let
inherit
(lib)
mkIf mkIf
; ;
mediaServices = builtins.attrValues { mediaServices = builtins.attrValues {
inherit (config.my.services) inherit
(config.my.services)
jellyfin jellyfin
transmission transmission
; ;
}; };
needed = builtins.any (service: service.enable) mediaServices; needed = builtins.any (service: service.enable) mediaServices;
in in {
{ config.users.groups.media = mkIf needed {};
config.users.groups.media = mkIf needed { };
} }

View file

@ -1,18 +1,24 @@
{ config, lib, pkgs, ... }: {
config,
let lib,
inherit (lib) pkgs,
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
mkOption mkOption
; ;
cfg = config.my.services.miniflux; cfg = config.my.services.miniflux;
my = config.my; my = config.my;
domain = config.networking.domain; domain = config.networking.domain;
in { in {
options.my.services.miniflux = let inherit (lib) types; in { options.my.services.miniflux = let
inherit (lib) types;
in {
enable = mkEnableOption "Serve a Miniflux instance"; enable = mkEnableOption "Serve a Miniflux instance";
adminCredentialsFile = mkOption { adminCredentialsFile = mkOption {
@ -34,7 +40,7 @@ in {
# services.postgresql is automatically enabled by services.miniflux, let's # services.postgresql is automatically enabled by services.miniflux, let's
# back it up # back it up
services.postgresqlBackup = { services.postgresqlBackup = {
databases = [ "miniflux" ]; databases = ["miniflux"];
}; };
services.miniflux = { services.miniflux = {

View file

@ -1,16 +1,22 @@
{ config, lib, pkgs, ... }: {
config,
let lib,
inherit (lib) pkgs,
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
mkOption mkOption
; ;
cfg = config.my.services.monitoring; cfg = config.my.services.monitoring;
domain = config.networking.domain; domain = config.networking.domain;
in { in {
options.my.services.monitoring = let inherit (lib) types; in { options.my.services.monitoring = let
inherit (lib) types;
in {
enable = mkEnableOption "Enable monitoring"; enable = mkEnableOption "Enable monitoring";
domain = mkOption { domain = mkOption {
@ -74,7 +80,7 @@ in {
exporters = { exporters = {
node = { node = {
enable = true; enable = true;
enabledCollectors = [ "systemd" ]; enabledCollectors = ["systemd"];
port = 9100; port = 9100;
listenAddress = "127.0.0.1"; listenAddress = "127.0.0.1";
}; };
@ -87,9 +93,11 @@ in {
scrapeConfigs = [ scrapeConfigs = [
{ {
job_name = config.networking.hostName; job_name = config.networking.hostName;
static_configs = [{ static_configs = [
targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" ]; {
}]; targets = ["127.0.0.1:${toString config.services.prometheus.exporters.node.port}"];
}
];
} }
]; ];
}; };

View file

@ -1,17 +1,23 @@
{ config, lib, pkgs, ... }: {
config,
let lib,
inherit (lib) pkgs,
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
mkOption mkOption
optional optional
; ;
cfg = config.my.services.navidrome; cfg = config.my.services.navidrome;
domain = config.networking.domain; domain = config.networking.domain;
in { in {
options.my.services.navidrome = let inherit (lib) types; in { options.my.services.navidrome = let
inherit (lib) types;
in {
enable = mkEnableOption "Navidrome"; enable = mkEnableOption "Navidrome";
musicFolder = { musicFolder = {
path = mkOption { path = mkOption {
@ -34,8 +40,8 @@ in {
}; };
my.services.restic-backup = { my.services.restic-backup = {
paths = [ "/var/lib/navidrome" ] ++ optional cfg.musicFolder.backup cfg.musicFolder.path; paths = ["/var/lib/navidrome"] ++ optional cfg.musicFolder.backup cfg.musicFolder.path;
exclude = [ "/var/lib/navidrome/cache" ]; exclude = ["/var/lib/navidrome/cache"];
}; };
services.nginx.virtualHosts."music.${domain}" = { services.nginx.virtualHosts."music.${domain}" = {

View file

@ -1,21 +1,26 @@
{ lib, config, pkgs, ... }: {
lib,
config,
pkgs,
...
}:
# TODO: setup prometheus exporter # TODO: setup prometheus exporter
let let
inherit (lib) inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
mkOption mkOption
; ;
cfg = config.my.services.nextcloud; cfg = config.my.services.nextcloud;
my = config.my; my = config.my;
domain = config.networking.domain; domain = config.networking.domain;
dbName = "nextcloud"; dbName = "nextcloud";
in in {
{ options.my.services.nextcloud = let
options.my.services.nextcloud = let inherit (lib) types; in { inherit (lib) types;
in {
enable = mkEnableOption "NextCloud"; enable = mkEnableOption "NextCloud";
adminpassFile = mkOption { adminpassFile = mkOption {
@ -31,7 +36,7 @@ in
services.postgresql = { services.postgresql = {
enable = true; enable = true;
ensureDatabases = [ dbName ]; ensureDatabases = [dbName];
ensureUsers = [ ensureUsers = [
{ {
name = "nextcloud"; name = "nextcloud";
@ -43,13 +48,13 @@ in
}; };
# not handled by module # not handled by module
systemd.services.nextcloud-setup= { systemd.services.nextcloud-setup = {
requires = [ "postgresql.service" ]; requires = ["postgresql.service"];
after = [ "postgresql.service" ]; after = ["postgresql.service"];
}; };
services.postgresqlBackup = { services.postgresqlBackup = {
databases = [ dbName ]; databases = [dbName];
}; };
services.nextcloud = { services.nextcloud = {
@ -87,16 +92,17 @@ in
my.services.restic-backup = let my.services.restic-backup = let
nextcloudHome = config.services.nextcloud.home; nextcloudHome = config.services.nextcloud.home;
in mkIf cfg.enable { in
paths = [ nextcloudHome ]; mkIf cfg.enable {
exclude = [ paths = [nextcloudHome];
# borg can fail if *.part files disappear during backup exclude = [
"${nextcloudHome}/data/*/uploads" # borg can fail if *.part files disappear during backup
# image previews can take up a lot of space "${nextcloudHome}/data/*/uploads"
"${nextcloudHome}/data/appdata_*/preview" # image previews can take up a lot of space
# specific account for huge files I don't care about losing "${nextcloudHome}/data/appdata_*/preview"
"${nextcloudHome}/data/misc" # specific account for huge files I don't care about losing
]; "${nextcloudHome}/data/misc"
}; ];
};
}; };
} }

View file

@ -1,16 +1,20 @@
# Part of config shamelessly stolen from: # Part of config shamelessly stolen from:
# #
# https://github.com/delroth/infra.delroth.net # https://github.com/delroth/infra.delroth.net
{ config, lib, pkgs, ... }:
let
inherit (lib)
mkIf
;
in
{ {
config,
lib,
pkgs,
...
}: let
inherit
(lib)
mkIf
;
in {
# Whenever something defines an nginx vhost, ensure that nginx defaults are # Whenever something defines an nginx vhost, ensure that nginx defaults are
# properly set. # properly set.
config = mkIf ((builtins.attrNames config.services.nginx.virtualHosts) != [ "localhost" ]) { config = mkIf ((builtins.attrNames config.services.nginx.virtualHosts) != ["localhost"]) {
services.nginx = { services.nginx = {
enable = true; enable = true;
statusPage = true; # For monitoring scraping. statusPage = true; # For monitoring scraping.
@ -21,7 +25,7 @@ in
recommendedProxySettings = true; recommendedProxySettings = true;
}; };
networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedTCPPorts = [80 443];
services.prometheus = { services.prometheus = {
exporters.nginx = { exporters.nginx = {
@ -32,12 +36,14 @@ in
scrapeConfigs = [ scrapeConfigs = [
{ {
job_name = "nginx"; job_name = "nginx";
static_configs = [{ static_configs = [
targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.nginx.port}" ]; {
labels = { targets = ["127.0.0.1:${toString config.services.prometheus.exporters.nginx.port}"];
instance = config.networking.hostName; labels = {
}; instance = config.networking.hostName;
}]; };
}
];
} }
]; ];
}; };
@ -46,18 +52,17 @@ in
acceptTerms = true; acceptTerms = true;
defaults.email = "antoine97.martin@gmail.com"; defaults.email = "antoine97.martin@gmail.com";
certs = certs = let
let domain = config.networking.domain;
domain = config.networking.domain; gandiKey = config.my.secrets.gandiKey;
gandiKey = config.my.secrets.gandiKey; in {
in { "${domain}" = {
"${domain}" = { extraDomainNames = ["*.${domain}"];
extraDomainNames = [ "*.${domain}" ]; dnsProvider = "gandiv5";
dnsProvider = "gandiv5"; credentialsFile = config.age.secrets."gandi/api-key".path;
credentialsFile = config.age.secrets."gandi/api-key".path; group = "nginx";
group = "nginx";
};
}; };
};
}; };
}; };
} }

View file

@ -1,15 +1,17 @@
{ config, lib, ... }: {
config,
let lib,
inherit (lib) ...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
; ;
cfg = config.my.services.nuage; cfg = config.my.services.nuage;
my = config.my; my = config.my;
in in {
{
options.my.services.nuage = { options.my.services.nuage = {
enable = mkEnableOption "Nuage redirect"; enable = mkEnableOption "Nuage redirect";
}; };

View file

@ -1,19 +1,24 @@
{ config, lib, pkgs, ... }: {
config,
let lib,
inherit (lib) pkgs,
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
mkOption mkOption
; ;
cfg = config.my.services.paperless; cfg = config.my.services.paperless;
my = config.my; my = config.my;
domain = config.networking.domain; domain = config.networking.domain;
paperlessDomain = "paperless.${domain}"; paperlessDomain = "paperless.${domain}";
in in {
{ options.my.services.paperless = let
options.my.services.paperless = let inherit (lib) types; in { inherit (lib) types;
in {
enable = mkEnableOption "Paperless"; enable = mkEnableOption "Paperless";
port = mkOption { port = mkOption {
@ -77,7 +82,7 @@ in
services.postgresql = { services.postgresql = {
enable = true; enable = true;
ensureDatabases = [ "paperless" ]; ensureDatabases = ["paperless"];
ensureUsers = [ ensureUsers = [
{ {
name = "paperless"; name = "paperless";
@ -88,7 +93,7 @@ in
systemd.services.paperless-ng-server = { systemd.services.paperless-ng-server = {
# Make sure the DB is available # Make sure the DB is available
after = [ "postgresql.service" ]; after = ["postgresql.service"];
}; };
services.nginx.virtualHosts = { services.nginx.virtualHosts = {

View file

@ -1,16 +1,20 @@
{ config, lib, pkgs, options, ... }: {
config,
let lib,
inherit (lib) pkgs,
options,
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
optionalAttrs optionalAttrs
; ;
cfg = config.my.services.pipewire; cfg = config.my.services.pipewire;
my = config.my; my = config.my;
in in {
{
options.my.services.pipewire = { options.my.services.pipewire = {
enable = mkEnableOption "Pipewire sound backend"; enable = mkEnableOption "Pipewire sound backend";
}; };
@ -37,6 +41,6 @@ in
# FIXME: a shame pactl isn't available by itself, eventually this should be # FIXME: a shame pactl isn't available by itself, eventually this should be
# replaced by pw-cli or a wrapper, I guess? # replaced by pw-cli or a wrapper, I guess?
environment.systemPackages = [ pkgs.pulseaudio ]; environment.systemPackages = [pkgs.pulseaudio];
}); });
} }

View file

@ -1,10 +1,14 @@
{ config, lib, pkgs, ... }: {
config,
let lib,
inherit (lib) pkgs,
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
; ;
cfg = config.my.services.postgresql-backup; cfg = config.my.services.postgresql-backup;
in { in {
@ -20,12 +24,11 @@ in {
}; };
my.services.restic-backup = mkIf cfg.enable { my.services.restic-backup = mkIf cfg.enable {
paths = [ "/var/backup/postgresql" ]; paths = ["/var/backup/postgresql"];
# no need to store previously backed up files, as borg does the snapshoting # no need to store previously backed up files, as borg does the snapshoting
# for us # for us
exclude = [ "/var/backup/postgresql/*.prev.sql.gz" ]; exclude = ["/var/backup/postgresql/*.prev.sql.gz"];
}; };
}; };
} }

View file

@ -1,5 +1,8 @@
{ config, pkgs, ... }:
{ {
config,
pkgs,
...
}: {
# set postgresql version so we don't get any bad surprise # set postgresql version so we don't get any bad surprise
config.services.postgresql = { config.services.postgresql = {
package = pkgs.postgresql_13; package = pkgs.postgresql_13;

View file

@ -1,21 +1,27 @@
{ config, lib, pkgs, ... }: {
config,
let lib,
inherit (lib) pkgs,
...
}: let
inherit
(lib)
attrsets attrsets
concatStringsSep concatStringsSep
mkEnableOption mkEnableOption
mkIf mkIf
mkOption mkOption
optional optional
; ;
cfg = config.my.services.restic-backup; cfg = config.my.services.restic-backup;
excludeArg = "--exclude-file=" + (pkgs.writeText "excludes.txt" (concatStringsSep "\n" cfg.exclude)); excludeArg = "--exclude-file=" + (pkgs.writeText "excludes.txt" (concatStringsSep "\n" cfg.exclude));
makePruneOpts = pruneOpts: makePruneOpts = pruneOpts:
attrsets.mapAttrsToList (name: value: "--keep-${name} ${toString value}") pruneOpts; attrsets.mapAttrsToList (name: value: "--keep-${name} ${toString value}") pruneOpts;
in { in {
options.my.services.restic-backup = let inherit (lib) types; in { options.my.services.restic-backup = let
inherit (lib) types;
in {
enable = mkEnableOption "Enable Restic backups for this host"; enable = mkEnableOption "Enable Restic backups for this host";
repo = mkOption { repo = mkOption {
@ -23,12 +29,11 @@ in {
default = null; default = null;
example = "/mnt/hdd"; example = "/mnt/hdd";
description = "Restic backup repo"; description = "Restic backup repo";
}; };
paths = mkOption { paths = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
default = [ ]; default = [];
example = [ example = [
"/var/lib" "/var/lib"
"/home" "/home"
@ -38,7 +43,7 @@ in {
exclude = mkOption { exclude = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
default = [ ]; default = [];
example = [ example = [
# very large paths # very large paths
"/var/lib/docker" "/var/lib/docker"
@ -81,7 +86,7 @@ in {
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.restic ]; environment.systemPackages = [pkgs.restic];
services.restic.backups.backblaze = { services.restic.backups.backblaze = {
initialize = true; initialize = true;
@ -92,8 +97,9 @@ in {
passwordFile = cfg.passwordFile; passwordFile = cfg.passwordFile;
environmentFile = cfg.environmentFile; environmentFile = cfg.environmentFile;
extraBackupArgs = [ "--verbose=2" ] extraBackupArgs =
++ optional (builtins.length cfg.exclude != 0) excludeArg; ["--verbose=2"]
++ optional (builtins.length cfg.exclude != 0) excludeArg;
timerConfig = cfg.timerConfig; timerConfig = cfg.timerConfig;

View file

@ -1,14 +1,17 @@
{ config, lib, pkgs, ... }: {
config,
let lib,
inherit (lib) pkgs,
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
; ;
cfg = config.my.services.tailscale; cfg = config.my.services.tailscale;
in in {
{
options.my.services.tailscale = { options.my.services.tailscale = {
enable = mkEnableOption "Tailscale"; enable = mkEnableOption "Tailscale";
@ -23,8 +26,8 @@ in
}; };
networking.firewall = { networking.firewall = {
trustedInterfaces = [ "tailscale0" ]; trustedInterfaces = ["tailscale0"];
allowedUDPPorts = [ config.services.tailscale.port ]; allowedUDPPorts = [config.services.tailscale.port];
}; };
# enable IP forwarding to use as exit node # enable IP forwarding to use as exit node

View file

@ -1,15 +1,17 @@
{ config, lib, ... }: {
config,
let lib,
inherit (lib) ...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
; ;
cfg = config.my.services.tgv; cfg = config.my.services.tgv;
my = config.my; my = config.my;
in in {
{
options.my.services.tgv = { options.my.services.tgv = {
enable = mkEnableOption "TGV redirect"; enable = mkEnableOption "TGV redirect";
}; };

View file

@ -1,11 +1,15 @@
{ config, lib, ... }: {
let config,
inherit (lib) lib,
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
mkOption mkOption
optionalAttrs optionalAttrs
; ;
cfg = config.my.services.transmission; cfg = config.my.services.transmission;
@ -16,9 +20,10 @@ let
transmissionPeerPort = 30251; transmissionPeerPort = 30251;
downloadBase = "/media/torrents/"; downloadBase = "/media/torrents/";
in in {
{ options.my.services.transmission = let
options.my.services.transmission = let inherit (lib) types; in { inherit (lib) types;
in {
enable = mkEnableOption "Transmission torrent client"; enable = mkEnableOption "Transmission torrent client";
username = mkOption { username = mkOption {
@ -37,32 +42,34 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.transmission = { services.transmission =
enable = true; {
group = "media"; enable = true;
group = "media";
settings = { settings = {
download-dir = "${downloadBase}/complete"; download-dir = "${downloadBase}/complete";
incomplete-dir = "${downloadBase}/incomplete"; incomplete-dir = "${downloadBase}/incomplete";
peer-port = transmissionPeerPort; peer-port = transmissionPeerPort;
rpc-enabled = true; rpc-enabled = true;
rpc-port = transmissionRpcPort; rpc-port = transmissionRpcPort;
rpc-authentication-required = false; rpc-authentication-required = false;
rpc-whitelist-enabled = true; rpc-whitelist-enabled = true;
rpc-whitelist = "127.0.0.1"; rpc-whitelist = "127.0.0.1";
rpc-host-whitelist-enabled = true; rpc-host-whitelist-enabled = true;
rpc-host-whitelist = webuiDomain; rpc-host-whitelist = webuiDomain;
}; };
# automatically allow transmission.settings.peer-port # automatically allow transmission.settings.peer-port
openFirewall = true; openFirewall = true;
} // (optionalAttrs (cfg.secretConfigFile != null) { }
credentialsFile = cfg.secretConfigFile; // (optionalAttrs (cfg.secretConfigFile != null) {
}); credentialsFile = cfg.secretConfigFile;
});
services.nginx.virtualHosts."${webuiDomain}" = { services.nginx.virtualHosts."${webuiDomain}" = {
forceSSL = true; forceSSL = true;

View file

@ -1,18 +1,24 @@
{ config, lib, pkgs, ... }: {
config,
let lib,
inherit (lib) pkgs,
...
}: let
inherit
(lib)
mkEnableOption mkEnableOption
mkIf mkIf
mkOption mkOption
; ;
cfg = config.my.services.vaultwarden; cfg = config.my.services.vaultwarden;
my = config.my; my = config.my;
domain = config.networking.domain; domain = config.networking.domain;
in { in {
options.my.services.vaultwarden = let inherit (lib) types; in { options.my.services.vaultwarden = let
inherit (lib) types;
in {
enable = mkEnableOption "Vaultwarden"; enable = mkEnableOption "Vaultwarden";
privatePort = mkOption { privatePort = mkOption {
@ -36,7 +42,7 @@ in {
}; };
services.postgresqlBackup = { services.postgresqlBackup = {
databases = [ "vaultwarden" ]; databases = ["vaultwarden"];
}; };
services.vaultwarden = { services.vaultwarden = {
@ -82,8 +88,8 @@ in {
# FIXME: should be renamed to vaultwarden eventually # FIXME: should be renamed to vaultwarden eventually
my.services.restic-backup = mkIf cfg.enable { my.services.restic-backup = mkIf cfg.enable {
paths = [ "/var/lib/bitwarden_rs" ]; paths = ["/var/lib/bitwarden_rs"];
exclude = [ "/var/lib/bitwarden_rs/icon_cache" ]; exclude = ["/var/lib/bitwarden_rs/icon_cache"];
}; };
services.fail2ban.jails = { services.fail2ban.jails = {
@ -119,5 +125,4 @@ in {
''; '';
}; };
}; };
} }

View file

@ -1,5 +1,4 @@
{ ... }: {...}: {
{
imports = [ imports = [
# Default configuration # Default configuration
./base ./base