diff --git a/.forgejo/workflows/nix_build.yaml b/.forgejo/workflows/nix_build.yaml index daa9899..630f5f7 100644 --- a/.forgejo/workflows/nix_build.yaml +++ b/.forgejo/workflows/nix_build.yaml @@ -1,18 +1,15 @@ name: Build all NixOS Configurations - on: push: branches: - "**" schedule: - cron: "30 2/6 * * *" # not to frequent, GitHub only allows a few pulls per hour - jobs: nix build: runs-on: native steps: - uses: actions/checkout@v4 - - name: update nix flakes if: ${{ github.event_name == 'schedule' }} # we need to use our ssh key here because we need access to private flakes @@ -30,7 +27,6 @@ jobs: echo $SSH_AGENT_PID kill $SSH_AGENT_PID rm .ssh_key - - name: nix flake archive/check # we need to use our ssh key here because we need access to private flakes run: | @@ -48,22 +44,16 @@ jobs: echo $SSH_AGENT_PID kill $SSH_AGENT_PID rm .ssh_key - - name: nix build orbi run: nix build .#nixosConfigurations.orbi.config.system.build.toplevel - - name: nix build cream run: nix build .#nixosConfigurations.cream.config.system.build.toplevel - - name: nix build cherry run: nix build .#nixosConfigurations.cherry.config.system.build.toplevel - - name: nix build chungus run: nix build .#nixosConfigurations.chungus.config.system.build.toplevel - - name: nix build usbstick run: nix build .#nixosConfigurations.usbstick.config.system.build.toplevel - - name: commit & push if: ${{ github.event_name == 'schedule' }} # only if all nix builds are fine we update our branch diff --git a/components/chaospott.nix b/components/chaospott.nix index 02fd012..8e24922 100644 --- a/components/chaospott.nix +++ b/components/chaospott.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: with lib; { diff --git a/components/default.nix b/components/default.nix index 300a72d..d2dca73 100644 --- a/components/default.nix +++ b/components/default.nix @@ -14,5 +14,4 @@ ./yubikey.nix ]; - } diff --git a/components/gui/audio.nix b/components/gui/audio.nix index be0b5ed..ad71a90 100644 --- a/components/gui/audio.nix +++ b/components/gui/audio.nix @@ -1,5 +1,10 @@ # TODO test `alsactl init` after suspend to reinit mic -{ pkgs, config, lib, ... }: +{ + pkgs, + config, + lib, + ... +}: with lib; { options.components.gui.audio.enable = mkOption { diff --git a/components/gui/default.nix b/components/gui/default.nix index 5484130..40b8af5 100644 --- a/components/gui/default.nix +++ b/components/gui/default.nix @@ -1,4 +1,9 @@ -{ pkgs, lib, config, ... }: +{ + pkgs, + lib, + config, + ... +}: with lib; { options.components.gui = { diff --git a/components/gui/home-manager/default.nix b/components/gui/home-manager/default.nix index 86e1f3c..8400ba7 100644 --- a/components/gui/home-manager/default.nix +++ b/components/gui/home-manager/default.nix @@ -1,4 +1,9 @@ -{ pkgs, lib, config, ... }: +{ + pkgs, + lib, + config, + ... +}: with lib; { diff --git a/components/gui/kmonad.nix b/components/gui/kmonad.nix index cf74bb3..5418249 100644 --- a/components/gui/kmonad.nix +++ b/components/gui/kmonad.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: { options.components.gui.kmonad.enable = lib.mkOption { @@ -79,9 +84,21 @@ in { - nativ = keyboard "/dev/input/by-path/platform-i8042-serio-0-event-kbd" [ "lctl" "lmet" "lalt" ]; - dasKeyboard = keyboard "/dev/input/by-id/usb-Metadot_-_Das_Keyboard_Das_Keyboard-event-kbd" [ "lctl" "lmet" "lalt" ]; - uhk = keyboard "/dev/input/by-id/usb-Ultimate_Gadget_Laboratories_UHK_60_v2-event-kbd" [ "lctl" "lmet" "lalt" ]; + nativ = keyboard "/dev/input/by-path/platform-i8042-serio-0-event-kbd" [ + "lctl" + "lmet" + "lalt" + ]; + dasKeyboard = keyboard "/dev/input/by-id/usb-Metadot_-_Das_Keyboard_Das_Keyboard-event-kbd" [ + "lctl" + "lmet" + "lalt" + ]; + uhk = keyboard "/dev/input/by-id/usb-Ultimate_Gadget_Laboratories_UHK_60_v2-event-kbd" [ + "lctl" + "lmet" + "lalt" + ]; }; }; }; diff --git a/components/gui/noti.nix b/components/gui/noti.nix index 9fcdcbe..2a298c9 100644 --- a/components/gui/noti.nix +++ b/components/gui/noti.nix @@ -1,6 +1,11 @@ # notify me when a command is finished # todo : secret managment is shit -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: with lib; { options.components.gui.noti.enable = mkOption { diff --git a/components/gui/pass.nix b/components/gui/pass.nix index 8af969a..089f386 100644 --- a/components/gui/pass.nix +++ b/components/gui/pass.nix @@ -1,11 +1,17 @@ -{ pkgs, config, lib, ... }: +{ + pkgs, + config, + lib, + ... +}: with lib; let # desktop file # ------------ # makes it possible to be used by other programs - desktopFile = name: bin: + desktopFile = + name: bin: pkgs.writeTextFile { name = "${name}.desktop"; destination = "/share/applications/${name}.desktop"; @@ -34,7 +40,9 @@ in environment.systemPackages = [ (pkgs.pass.withExtensions (ext: [ ext.pass-otp ])) # todo : use upstream desktop file creator - (desktopFile "passmenu" "${pkgs.pass.withExtensions (ext: [ext.pass-otp])}/bin/passmenu --type -l 10") + (desktopFile "passmenu" "${ + pkgs.pass.withExtensions (ext: [ ext.pass-otp ]) + }/bin/passmenu --type -l 10") pkgs.otpmenu diff --git a/components/gui/steam.nix b/components/gui/steam.nix index 527127b..ac649c7 100644 --- a/components/gui/steam.nix +++ b/components/gui/steam.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: with lib; { options.components.gui.steam.enable = mkOption { @@ -22,7 +27,12 @@ with lib; isSystemUser = true; home = "/home/steam"; createHome = true; - extraGroups = [ "audio" "input" "video" "pipewire" ]; + extraGroups = [ + "audio" + "input" + "video" + "pipewire" + ]; group = "steam"; shell = pkgs.bashInteractive; }; diff --git a/components/gui/suspend.nix b/components/gui/suspend.nix index 2dffd31..4017ea4 100644 --- a/components/gui/suspend.nix +++ b/components/gui/suspend.nix @@ -1,4 +1,9 @@ -{ pkgs, config, lib, ... }: +{ + pkgs, + config, + lib, + ... +}: with lib; { options.components.gui.suspend.enable = mkOption { @@ -13,13 +18,11 @@ with lib; requiredBy = [ "sleep.target" ]; environment = let - display = - if (config.services.xserver.display != null) then - config.services.xserver.display - else - 0; + display = if (config.services.xserver.display != null) then config.services.xserver.display else 0; in - { DISPLAY = ":${toString display}"; }; + { + DISPLAY = ":${toString display}"; + }; script = '' ${pkgs.xlockmore}/bin/xlock -mode life1d -size 1 & sleep 1 diff --git a/components/gui/vscode.nix b/components/gui/vscode.nix index 80b2012..da7ef76 100644 --- a/components/gui/vscode.nix +++ b/components/gui/vscode.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: with lib; { options.components.gui.vscode.enable = mkOption { diff --git a/components/gui/wayland.nix b/components/gui/wayland.nix index 9b7b871..afbca60 100644 --- a/components/gui/wayland.nix +++ b/components/gui/wayland.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: with lib; { diff --git a/components/gui/xorg/default.nix b/components/gui/xorg/default.nix index 27f04f3..d498358 100644 --- a/components/gui/xorg/default.nix +++ b/components/gui/xorg/default.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: with lib; { @@ -78,4 +83,3 @@ with lib; }; } - diff --git a/components/gui/xorg/xlock.nix b/components/gui/xorg/xlock.nix index d597059..caa351c 100644 --- a/components/gui/xorg/xlock.nix +++ b/components/gui/xorg/xlock.nix @@ -1,4 +1,9 @@ -{ lib, pkgs, config, ... }: +{ + lib, + pkgs, + config, + ... +}: with lib; let diff --git a/components/mainUser.nix b/components/mainUser.nix index d01bbf1..f55c1e3 100644 --- a/components/mainUser.nix +++ b/components/mainUser.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: with lib; with types; let @@ -6,15 +11,10 @@ let cfg = config.components.mainUser; # todo : use optionalList - dockerGroup = - if (config.virtualisation.docker.enable) then [ "docker" ] else [ ]; + dockerGroup = if (config.virtualisation.docker.enable) then [ "docker" ] else [ ]; # todo : use optionalList - vboxGroup = - if (config.virtualisation.virtualbox.host.enable) then - [ "vboxusers" ] - else - [ ]; + vboxGroup = if (config.virtualisation.virtualbox.host.enable) then [ "vboxusers" ] else [ ]; in { @@ -73,8 +73,16 @@ in uid = cfg.uid; home = "/home/${cfg.userName}"; initialPassword = cfg.userName; - extraGroups = [ "wheel" "networkmanager" "transmission" "wireshark" "audio" "pipewire" "input" "dialout" ] - ++ dockerGroup ++ vboxGroup ++ cfg.extraGroups; + extraGroups = [ + "wheel" + "networkmanager" + "transmission" + "wireshark" + "audio" + "pipewire" + "input" + "dialout" + ] ++ dockerGroup ++ vboxGroup ++ cfg.extraGroups; openssh.authorizedKeys.keyFiles = cfg.authorizedKeyFiles; group = config.users.groups.mainUser.name; }; diff --git a/components/media/icecast.nix b/components/media/icecast.nix index 4e9074b..f1c4ab6 100644 --- a/components/media/icecast.nix +++ b/components/media/icecast.nix @@ -4,7 +4,12 @@ # * connect via mixxx to it. # * add the podcast to mpd in the same network # -------------------------------------------------- -{ pkgs, config, lib, ... }: +{ + pkgs, + config, + lib, + ... +}: with lib; let diff --git a/components/media/tts.nix b/components/media/tts.nix index 9ab1f7b..e639a4c 100644 --- a/components/media/tts.nix +++ b/components/media/tts.nix @@ -1,4 +1,9 @@ -{ pkgs, config, lib, ... }: +{ + pkgs, + config, + lib, + ... +}: with lib; { diff --git a/components/media/video.nix b/components/media/video.nix index 6b8cb44..8bdeac2 100644 --- a/components/media/video.nix +++ b/components/media/video.nix @@ -1,31 +1,35 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: with lib; let - obs-cmd = pkgs.rustPlatform.buildRustPackage - rec { - pname = "obs-cmd"; - version = "v0.15.2"; - src = pkgs.fetchFromGitHub { - owner = "grigio"; - repo = "obs-cmd"; - rev = version; - sha256 = "sha256-RRkP0QLWcJLKv8oqESjMgHGW1QScANG7+fzR/rwSyDI="; - }; - - cargoSha256 = "sha256-JqR7MAt2VNEnZGbn+hExtFG6F7X0KhFM1n7GZ+QaHc0="; - #cargoSha256 = fakeSha256; - - meta = with lib; { - description = "a minimal obs CLI for obs-websocket v5"; - homepage = "https://github.com/grigio/obs-cmd"; - license = licenses.mit; - maintainers = [ maintainers.mrVanDalo ]; - platforms = platforms.all; - }; + obs-cmd = pkgs.rustPlatform.buildRustPackage rec { + pname = "obs-cmd"; + version = "v0.15.2"; + src = pkgs.fetchFromGitHub { + owner = "grigio"; + repo = "obs-cmd"; + rev = version; + sha256 = "sha256-RRkP0QLWcJLKv8oqESjMgHGW1QScANG7+fzR/rwSyDI="; }; + cargoSha256 = "sha256-JqR7MAt2VNEnZGbn+hExtFG6F7X0KhFM1n7GZ+QaHc0="; + #cargoSha256 = fakeSha256; + + meta = with lib; { + description = "a minimal obs CLI for obs-websocket v5"; + homepage = "https://github.com/grigio/obs-cmd"; + license = licenses.mit; + maintainers = [ maintainers.mrVanDalo ]; + platforms = platforms.all; + }; + }; + # Lassulus streaming setup # ------------------------- # ffmpeg \ @@ -53,7 +57,12 @@ let name = "screen-keys"; paths = let - screenKeyScript = { position ? "bottom", size ? "small", ... }: + screenKeyScript = + { + position ? "bottom", + size ? "small", + ... + }: pkgs.writeShellScriptBin "screenkeys-${position}-${size}" # sh '' ${pkgs.screenkey}/bin/screenkey \ @@ -65,27 +74,41 @@ let "$@" ''; in - lib.flatten (lib.flip map [ "large" "small" "medium" ] (size: - lib.flip map [ "top" "center" "bottom" ] - (position: screenKeyScript { inherit size position; }))); + lib.flatten ( + lib.flip map + [ + "large" + "small" + "medium" + ] + ( + size: + lib.flip map [ + "top" + "center" + "bottom" + ] (position: screenKeyScript { inherit size position; }) + ) + ); }; - mpvReview = let - moveToDir = key: dir: pkgs.writeText "move-with-${key}.lua" '' - tmp_dir = "${dir}" + moveToDir = + key: dir: + pkgs.writeText "move-with-${key}.lua" '' + tmp_dir = "${dir}" - function move_current_track_${key}() - track = mp.get_property("path") - os.execute("mkdir -p '" .. tmp_dir .. "'") - os.execute("mv '" .. track .. "' '" .. tmp_dir .. "'") - print("moved '" .. track .. "' to " .. tmp_dir) - mp.command("playlist-next") - end + function move_current_track_${key}() + track = mp.get_property("path") + os.execute("mkdir -p '" .. tmp_dir .. "'") + os.execute("mv '" .. track .. "' '" .. tmp_dir .. "'") + print("moved '" .. track .. "' to " .. tmp_dir) + mp.command("playlist-next") + end - mp.add_key_binding("${key}", "move_current_track_${key}", move_current_track_${key}) - ''; + mp.add_key_binding("${key}", "move_current_track_${key}", move_current_track_${key}) + ''; delete = moveToDir "D" "./.graveyard"; good = moveToDir "G" "./.good"; in @@ -110,7 +133,6 @@ in config = mkIf (config.components.media.video.enable) { - home-manager.sharedModules = [ { programs.obs-studio = { @@ -123,7 +145,6 @@ in } ]; - boot.kernelModules = [ "v4l2loopback" ]; boot.extraModulePackages = [ pkgs.linuxPackages.v4l2loopback ]; @@ -137,7 +158,6 @@ in alphaSafe sanitizeFolder - # obs studio stuff obs-cli v4l-utils @@ -154,8 +174,6 @@ in handbrake ffmpeg-full - ]; }; } - diff --git a/components/monitor/logs-promtail.nix b/components/monitor/logs-promtail.nix index 4e685cc..c8ac158 100644 --- a/components/monitor/logs-promtail.nix +++ b/components/monitor/logs-promtail.nix @@ -33,7 +33,7 @@ in services.promtail = { enable = true; configuration = { - server. disable = true; + server.disable = true; positions.filename = "/var/cache/promtail/positions.yaml"; clients = [ @@ -49,7 +49,15 @@ in _end = ''{{ end }}''; elseblock = index: replacement: "${_elseif index}${_replace index replacement}"; ifblock = index: replacement: "${_if index}${_replace index replacement}"; - createTemplateLine = list: "${concatStrings (imap0 (index: replacement: if index == 0 then ifblock index replacement else elseblock index replacement) list)}${_end}"; + createTemplateLine = + list: + "${ + concatStrings ( + imap0 ( + index: replacement: if index == 0 then ifblock index replacement else elseblock index replacement + ) list + ) + }${_end}"; in [ { @@ -117,36 +125,35 @@ in } { # Map facility to human readable - template = - { - source = "facility_label"; - template = createTemplateLine [ - "kern" # Kernel messages - "user" # User-level messages - "mail" # Mail system Archaic POSIX still supported and sometimes used (for more mail(1)) - "daemon" # System daemons All daemons, including systemd and its subsystems - "auth" # Security/authorization messages Also watch for different facility 10 - "syslog" # Messages generated internally by syslogd For syslogd implementations (not used by systemd, see facility 3) - "lpr" # Line printer subsystem (archaic subsystem) - "news" # Network news subsystem (archaic subsystem) - "uucp" # UUCP subsystem (archaic subsystem) - "clock" # Clock daemon systemd-timesyncd - "authpriv" # Security/authorization messages Also watch for different facility 4 - "ftp" # FTP daemon - "-" # NTP subsystem - "-" # Log audit - "-" # Log alert - "cron" # Scheduling daemon - "local0" # Local use 0 (local0) - "local1" # Local use 1 (local1) - "local2" # Local use 2 (local2) - "local3" # Local use 3 (local3) - "local4" # Local use 4 (local4) - "local5" # Local use 5 (local5) - "local6" # Local use 6 (local6) - "local7" # Local use 7 (local7) - ]; - }; + template = { + source = "facility_label"; + template = createTemplateLine [ + "kern" # Kernel messages + "user" # User-level messages + "mail" # Mail system Archaic POSIX still supported and sometimes used (for more mail(1)) + "daemon" # System daemons All daemons, including systemd and its subsystems + "auth" # Security/authorization messages Also watch for different facility 10 + "syslog" # Messages generated internally by syslogd For syslogd implementations (not used by systemd, see facility 3) + "lpr" # Line printer subsystem (archaic subsystem) + "news" # Network news subsystem (archaic subsystem) + "uucp" # UUCP subsystem (archaic subsystem) + "clock" # Clock daemon systemd-timesyncd + "authpriv" # Security/authorization messages Also watch for different facility 4 + "ftp" # FTP daemon + "-" # NTP subsystem + "-" # Log audit + "-" # Log alert + "cron" # Scheduling daemon + "local0" # Local use 0 (local0) + "local1" # Local use 1 (local1) + "local2" # Local use 2 (local2) + "local3" # Local use 3 (local3) + "local4" # Local use 4 (local4) + "local5" # Local use 5 (local5) + "local6" # Local use 6 (local6) + "local7" # Local use 7 (local7) + ]; + }; } { # Key is REQUIRED and the name for the label that will be created. diff --git a/components/monitor/metrics-export-zfs.nix b/components/monitor/metrics-export-zfs.nix index 63892ae..b7623e0 100644 --- a/components/monitor/metrics-export-zfs.nix +++ b/components/monitor/metrics-export-zfs.nix @@ -1,4 +1,9 @@ -{ pkgs, config, lib, ... }: +{ + pkgs, + config, + lib, + ... +}: with lib; with types; { @@ -18,9 +23,11 @@ with types; { job_name = "zfs"; scrape_interval = "10s"; - static_configs = [{ - targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.zfs.port}" ]; - }]; + static_configs = [ + { + targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.zfs.port}" ]; + } + ]; } ]; service.pipelines.metrics.receivers = [ "prometheus" ]; diff --git a/components/monitor/metrics-netdata.nix b/components/monitor/metrics-netdata.nix index 6132405..7c3881b 100644 --- a/components/monitor/metrics-netdata.nix +++ b/components/monitor/metrics-netdata.nix @@ -1,4 +1,9 @@ -{ lib, pkgs, config, ... }: +{ + lib, + pkgs, + config, + ... +}: with lib; with types; { @@ -18,7 +23,7 @@ with types; scrape_interval = "10s"; metrics_path = "/api/v1/allmetrics"; params.format = [ "prometheus" ]; - static_configs = [{ targets = [ "127.0.0.1:19999" ]; }]; + static_configs = [ { targets = [ "127.0.0.1:19999" ]; } ]; } ]; diff --git a/components/monitor/metrics-prometheus.nix b/components/monitor/metrics-prometheus.nix index 095bc59..46a5841 100644 --- a/components/monitor/metrics-prometheus.nix +++ b/components/monitor/metrics-prometheus.nix @@ -36,7 +36,7 @@ in job_name = "opentelemetry"; metrics_path = "/metrics"; scrape_interval = "10s"; - static_configs = [{ targets = [ "localhost:${toString cfg.port}" ]; }]; + static_configs = [ { targets = [ "localhost:${toString cfg.port}" ]; } ]; } ]; }) diff --git a/components/monitor/metrics-telegraf.nix b/components/monitor/metrics-telegraf.nix index ab04632..5f38c71 100644 --- a/components/monitor/metrics-telegraf.nix +++ b/components/monitor/metrics-telegraf.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: with lib; with types; let @@ -24,7 +29,9 @@ in receivers.influxdb.endpoint = "127.0.0.1:${toString cfg.influxDBPort}"; service.pipelines.metrics.receivers = [ "influxdb" ]; }; - services.telegraf.extraConfig.outputs.influxdb_v2.urls = [ "http://127.0.0.1:${toString cfg.influxDBPort}" ]; + services.telegraf.extraConfig.outputs.influxdb_v2.urls = [ + "http://127.0.0.1:${toString cfg.influxDBPort}" + ]; }) (mkIf config.components.monitor.telegraf.enable { @@ -41,7 +48,7 @@ in processes = { }; system = { }; systemd_units = { }; - ping = [{ urls = [ "10.100.0.1" ]; }]; # actually important to make machine visible over wireguard + ping = [ { urls = [ "10.100.0.1" ]; } ]; # actually important to make machine visible over wireguard }; }; }; diff --git a/components/monitor/opentelemetry.nix b/components/monitor/opentelemetry.nix index a402581..d172e21 100644 --- a/components/monitor/opentelemetry.nix +++ b/components/monitor/opentelemetry.nix @@ -1,4 +1,9 @@ -{ pkgs, config, lib, ... }: +{ + pkgs, + config, + lib, + ... +}: with lib; with types; let @@ -22,7 +27,10 @@ in description = "endpoint to ship opentelementry data too"; }; exporter.debug = mkOption { - type = nullOr (enum [ "logs" "metrics" ]); + type = nullOr (enum [ + "logs" + "metrics" + ]); default = null; description = "enable debug exporter."; }; @@ -61,11 +69,13 @@ in include = ".*"; match_type = "regexp"; action = "update"; - operations = [{ - action = "add_label"; - new_label = "machine"; - new_value = config.networking.hostName; - }]; + operations = [ + { + action = "add_label"; + new_label = "machine"; + new_value = config.networking.hostName; + } + ]; } ]; }; @@ -85,7 +95,6 @@ in }; }) - (mkIf (config.components.monitor.opentelemetry.exporter.debug != null) { services.opentelemetry-collector.settings = { exporters.debug = { @@ -111,24 +120,26 @@ in }) (mkIf ( - config.components.monitor.opentelemetry.exporter.endpoint != null && - config.components.monitor.logs.enable + config.components.monitor.opentelemetry.exporter.endpoint != null + && config.components.monitor.logs.enable ) { services.opentelemetry-collector.settings = { service.pipelines.logs.exporters = [ "otlp" ]; }; - }) + } + ) (mkIf ( - config.components.monitor.opentelemetry.exporter.endpoint != null && - config.components.monitor.metrics.enable + config.components.monitor.opentelemetry.exporter.endpoint != null + && config.components.monitor.metrics.enable ) { services.opentelemetry-collector.settings = { service.pipelines.metrics.exporters = [ "otlp" ]; }; - }) + } + ) # ship from other instance (mkIf (config.components.monitor.opentelemetry.receiver.endpoint != null) { @@ -138,26 +149,26 @@ in }) (mkIf ( - config.components.monitor.opentelemetry.receiver.endpoint != null && - config.components.monitor.logs.enable + config.components.monitor.opentelemetry.receiver.endpoint != null + && config.components.monitor.logs.enable ) { services.opentelemetry-collector.settings = { service.pipelines.logs.receivers = [ "otlp" ]; }; - }) + } + ) (mkIf ( - config.components.monitor.opentelemetry.receiver.endpoint != null && - config.components.monitor.metrics.enable + config.components.monitor.opentelemetry.receiver.endpoint != null + && config.components.monitor.metrics.enable ) { services.opentelemetry-collector.settings = { service.pipelines.metrics.receivers = [ "otlp" ]; }; - }) - - + } + ) # scrape opentelemetry-colectors metrics # todo: this should be collected another way (opentelemetry internal?) @@ -169,9 +180,11 @@ in { job_name = "otelcol"; scrape_interval = "10s"; - static_configs = [{ - targets = [ cfg.metrics.endpoint ]; - }]; + static_configs = [ + { + targets = [ cfg.metrics.endpoint ]; + } + ]; metric_relabel_configs = [ { source_labels = [ "__name__" ]; @@ -195,7 +208,7 @@ in }; }) - (mkIf (! config.components.monitor.metrics.enable) { + (mkIf (!config.components.monitor.metrics.enable) { services.opentelemetry-collector.settings = { service.telemetry.metrics.level = "none"; }; diff --git a/components/network/nginx.nix b/components/network/nginx.nix index f0f48ee..7fe00a8 100644 --- a/components/network/nginx.nix +++ b/components/network/nginx.nix @@ -1,4 +1,10 @@ -{ config, lib, pkgs, assets, ... }: +{ + config, + lib, + pkgs, + assets, + ... +}: with lib; { options.components.network.nginx.enable = mkOption { @@ -16,8 +22,13 @@ with lib; environment.systemPackages = [ pkgs.nginx-config-formatter - (pkgs.writers.writePython3Bin "nginx-show-config" { flakeIgnore = [ "E265" "E225" "W292" ]; } - (lib.fileContents "${assets}/nginx-show-config.py")) + (pkgs.writers.writePython3Bin "nginx-show-config" { + flakeIgnore = [ + "E265" + "E225" + "W292" + ]; + } (lib.fileContents "${assets}/nginx-show-config.py")) ]; security.acme.defaults.email = "contact@ingolf-wagner.de"; @@ -85,7 +96,11 @@ with lib; root = pkgs.landingpage.override { jsonConfig = let - entry = { machine, items ? [ ] }: + entry = + { + machine, + items ? [ ], + }: { text = machine; items = [ @@ -174,14 +189,12 @@ with lib; { label = "Hetzner Cloud"; href = "https://console.hetzner.cloud/projects"; - image = - "https://media.giphy.com/media/NECZ8crkbXR0k/giphy.gif"; + image = "https://media.giphy.com/media/NECZ8crkbXR0k/giphy.gif"; } { label = "Cups"; href = "http://localhost:631/"; - image = - "https://media.giphy.com/media/7hU7x4GPurk2c/giphy.gif"; + image = "https://media.giphy.com/media/7hU7x4GPurk2c/giphy.gif"; } ]; } @@ -191,52 +204,42 @@ with lib; { label = "NixOS Manual"; href = "https://nixos.org/nixos/manual/"; - image = - "https://media.giphy.com/media/dsdVyKkSqccEzoPufX/giphy.gif"; + image = "https://media.giphy.com/media/dsdVyKkSqccEzoPufX/giphy.gif"; } { label = "Nixpkgs Manual"; href = "https://nixos.org/nixpkgs/manual/"; - image = - "https://media.giphy.com/media/dsdVyKkSqccEzoPufX/giphy.gif"; + image = "https://media.giphy.com/media/dsdVyKkSqccEzoPufX/giphy.gif"; } { label = "NixOS Reference"; - href = - "https://storage.googleapis.com/files.tazj.in/nixdoc/manual.html#sec-functions-library"; - image = - "https://media.giphy.com/media/LkjlH3rVETgsg/giphy.gif"; + href = "https://storage.googleapis.com/files.tazj.in/nixdoc/manual.html#sec-functions-library"; + image = "https://media.giphy.com/media/LkjlH3rVETgsg/giphy.gif"; } { label = "Nix Packages"; href = "https://nixos.org/nixos/packages.html"; - image = - "https://media.giphy.com/media/l2YWlohvjPnsvkdEc/giphy.gif"; + image = "https://media.giphy.com/media/l2YWlohvjPnsvkdEc/giphy.gif"; } { label = "NixOS Language specific helpers"; - href = - "https://nixos.wiki/wiki/Language-specific_package_helpers"; - image = - "https://media.giphy.com/media/LkjlH3rVETgsg/giphy.gif"; + href = "https://nixos.wiki/wiki/Language-specific_package_helpers"; + image = "https://media.giphy.com/media/LkjlH3rVETgsg/giphy.gif"; } { label = "NixOS Weekly"; href = "https://weekly.nixos.org/"; - image = - "https://media.giphy.com/media/lXiRLb0xFzmreM8k8/giphy.gif"; + image = "https://media.giphy.com/media/lXiRLb0xFzmreM8k8/giphy.gif"; } { label = "NixOS Security"; href = "https://broken.sh/"; - image = - "https://media.giphy.com/media/BqILAHjH1Ttm0/giphy.gif"; + image = "https://media.giphy.com/media/BqILAHjH1Ttm0/giphy.gif"; } { label = "NixOS RFCs"; href = "https://github.com/NixOS/rfcs/"; - image = - "https://media.giphy.com/media/Uq9bGjGKg08M0/giphy.gif"; + image = "https://media.giphy.com/media/Uq9bGjGKg08M0/giphy.gif"; } ]; } diff --git a/components/network/sshd/default.nix b/components/network/sshd/default.nix index 9d9bbc6..3e09a5e 100644 --- a/components/network/sshd/default.nix +++ b/components/network/sshd/default.nix @@ -1,4 +1,10 @@ -{ pkgs, config, lib, assets, ... }: +{ + pkgs, + config, + lib, + assets, + ... +}: with lib; with types; let @@ -6,8 +12,7 @@ let cfg = config.components.network.sshd; # maybe ascii-image-converter is also nice here - sshBanner = pkgs.runCommand "ssh-banner" - { nativeBuildInputs = [ pkgs.boxes ]; } '' + sshBanner = pkgs.runCommand "ssh-banner" { nativeBuildInputs = [ pkgs.boxes ]; } '' echo "${config.networking.hostName}" | boxes -d ansi -s 80x1 -a r > $out ''; diff --git a/components/network/sshd/known-hosts-manual.nix b/components/network/sshd/known-hosts-manual.nix index 542b6f2..dab295f 100644 --- a/components/network/sshd/known-hosts-manual.nix +++ b/components/network/sshd/known-hosts-manual.nix @@ -1,4 +1,10 @@ -{ pkgs, config, lib, clanLib, ... }: +{ + pkgs, + config, + lib, + clanLib, + ... +}: with lib; let publicKey = clanLib.readFact "ssh.id_ed25519.pub"; diff --git a/components/network/sshd/known-hosts-public.nix b/components/network/sshd/known-hosts-public.nix index 3bbdb22..0606878 100644 --- a/components/network/sshd/known-hosts-public.nix +++ b/components/network/sshd/known-hosts-public.nix @@ -1,4 +1,9 @@ -{ pkgs, config, lib, ... }: +{ + pkgs, + config, + lib, + ... +}: with lib; { config = mkIf (config.components.network.sshd.enable) { @@ -28,65 +33,66 @@ with lib; }; gitlab = { hostNames = [ "gitlab.com" ]; - publicKey = - "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY="; + publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY="; }; gitlab-bk = { - hostNames = [ "gitlab.bk-bund-berlin.de" "116.203.133.59" ]; - publicKey = - "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCG/sjnOlbrmpUliFtM5fmZTcm2wpUoP5OQEzFrrkkwhstCO9fMty9mp5qnKlezYA9+l78RTd218qFjSKYxTQNw="; + hostNames = [ + "gitlab.bk-bund-berlin.de" + "116.203.133.59" + ]; + publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCG/sjnOlbrmpUliFtM5fmZTcm2wpUoP5OQEzFrrkkwhstCO9fMty9mp5qnKlezYA9+l78RTd218qFjSKYxTQNw="; }; # space-left gitlabSpaceLeft = { hostNames = [ "git.space-left.org" ]; - publicKey = - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAapztj8I3xy6Ea8A1q7Mo5C6zdgsK1bguAXcKUDCRBO"; + publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAapztj8I3xy6Ea8A1q7Mo5C6zdgsK1bguAXcKUDCRBO"; }; # c-base "bnd-cbase" = { hostNames = [ "bnd.cbrp3.c-base.org" ]; - publicKey = - "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKDknNl4M2WZChp1N/eRIpem2AEOceGIqvjo0ptBuwxUn0w0B8MGTVqoI+pnUVypORJRoNrLPOAkmEVr32BDN3E="; + publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKDknNl4M2WZChp1N/eRIpem2AEOceGIqvjo0ptBuwxUn0w0B8MGTVqoI+pnUVypORJRoNrLPOAkmEVr32BDN3E="; }; "shell.cbase" = { hostNames = [ "shell.c-base.org" ]; - publicKey = - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOBKBn0mZtG3KWxpFqqcog8zvdIVrZmwj+ARujuNIAfo"; + publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOBKBn0mZtG3KWxpFqqcog8zvdIVrZmwj+ARujuNIAfo"; }; "kgb.cbase" = { hostNames = [ "kgb.cbrp3.c-base.org" ]; - publicKey = - "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAdyl7fnnCqomghJ1TDbh5FWFQWFwoO1Y1U/FpmWd8a9RcQvN0Izhg/7A+7ptDxbmpVii8hqfghlqUwtvVy7jo8="; + publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAdyl7fnnCqomghJ1TDbh5FWFQWFwoO1Y1U/FpmWd8a9RcQvN0Izhg/7A+7ptDxbmpVii8hqfghlqUwtvVy7jo8="; }; "cns.cbase" = { hostNames = [ "cns.c-base.org" ]; - publicKey = - "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOtlyLA2nMK9Uqpv4EbWS+rZ9Mx4bAjURmH+zrXkuRGBcU1cKm+TZfWe9/rPX57KaMPBDyIygOJIsM2T5SqX90A="; + publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOtlyLA2nMK9Uqpv4EbWS+rZ9Mx4bAjURmH+zrXkuRGBcU1cKm+TZfWe9/rPX57KaMPBDyIygOJIsM2T5SqX90A="; }; "lassulus" = { hostNames = [ "[lassul.us]:45621" ]; - publicKey = - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD"; + publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD"; }; renoise = { - hostNames = [ "*.renoise.com" "renoise.com" "94.130.128.97" ]; - publicKey = - "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLXxhBlYQJxgcLqKywpl1tI1N/+B5bkptAnR2a3tsRybq0IHZnIkSRGUYcu5zPwJT+bitVw8BvIaGzxI+Zm2ivE="; + hostNames = [ + "*.renoise.com" + "renoise.com" + "94.130.128.97" + ]; + publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLXxhBlYQJxgcLqKywpl1tI1N/+B5bkptAnR2a3tsRybq0IHZnIkSRGUYcu5zPwJT+bitVw8BvIaGzxI+Zm2ivE="; }; git-renoise = { - hostNames = [ "[git.renoise.com]:2229" "[94.130.128.97]:2229" ]; - publicKey = - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmIOTjQsD1TaD9MiECcRqwfAXfRdbI+2pkuF+zhBUkrX41NA4LzifPY4Iw3PlklE0YGIOzYyNitzkdgxIWkeqa0Y9iL3gGZBuLFORj5YXWlDKB2RrPAsZRL8y69y4H6RWPpL6DHHsf9eT+HgRzWzzn5nUFLfkCsuM96BqjIKN1pinIBcE6gst1UUSwSTjK8XZA5d4BiSrLF4HiNXnDm+qniYGbGkzZcjn1ua+l0GdGbfg9TotFnSK/QXgN3MeHHDZKnIjOIkOXCY+L5URe0RHo6pBFdj+BLr211AJhB52MrDNudQcY6eSQiJ08LeE6SkcrsQO/VZ/JnOkHxHd2mOyH"; + hostNames = [ + "[git.renoise.com]:2229" + "[94.130.128.97]:2229" + ]; + publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmIOTjQsD1TaD9MiECcRqwfAXfRdbI+2pkuF+zhBUkrX41NA4LzifPY4Iw3PlklE0YGIOzYyNitzkdgxIWkeqa0Y9iL3gGZBuLFORj5YXWlDKB2RrPAsZRL8y69y4H6RWPpL6DHHsf9eT+HgRzWzzn5nUFLfkCsuM96BqjIKN1pinIBcE6gst1UUSwSTjK8XZA5d4BiSrLF4HiNXnDm+qniYGbGkzZcjn1ua+l0GdGbfg9TotFnSK/QXgN3MeHHDZKnIjOIkOXCY+L5URe0RHo6pBFdj+BLr211AJhB52MrDNudQcY6eSQiJ08LeE6SkcrsQO/VZ/JnOkHxHd2mOyH"; }; "siteground" = { - hostNames = [ "[es5.siteground.eu]:18765" "[37.60.224.6]:18765" ]; - publicKey = - "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHZuvHooyHa69rU+SfOghM6yfc7bce5cMi9sh5JkoLPi+m8QEkX3oiG9rRpAhp0GYnB74M4l1+0XlxmG7/HVmq0="; + hostNames = [ + "[es5.siteground.eu]:18765" + "[37.60.224.6]:18765" + ]; + publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHZuvHooyHa69rU+SfOghM6yfc7bce5cMi9sh5JkoLPi+m8QEkX3oiG9rRpAhp0GYnB74M4l1+0XlxmG7/HVmq0="; }; "cracksucht.de" = { hostNames = [ "cracksucht.de" ]; - publicKey = - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVqpWzX+C7veO/1MDSdh5ukFhpI4cfXevbl6DVb9gVt1wdYB0JsiMiWfl13MZJy9iEP/KfwRLYmu8i36tDR9uJfHQyLK8G7q2DhrleIPgM3dFCdDU1QtulE8hEq/ZsqzMn/QIHYIipIqzNfmC/xnpX2gIo09T7EY+n863ALlj+GqxMb4nr2XDLY+Lllo2yMzylJIz9q8U5hOmzrlCnBpf2MPMwanHXnZXj2CmO80VyBHnAMJ/h72AN1qzDaHFlhxh0Li/POc1bpDjiVjiUPgimHZWpi3VObxWLLn2zf+RH2lx0yXMccSEnkWvHp+Ll5apIUUS+vTlDo3niWpEfGZLl root@debian"; + publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVqpWzX+C7veO/1MDSdh5ukFhpI4cfXevbl6DVb9gVt1wdYB0JsiMiWfl13MZJy9iEP/KfwRLYmu8i36tDR9uJfHQyLK8G7q2DhrleIPgM3dFCdDU1QtulE8hEq/ZsqzMn/QIHYIipIqzNfmC/xnpX2gIo09T7EY+n863ALlj+GqxMb4nr2XDLY+Lllo2yMzylJIz9q8U5hOmzrlCnBpf2MPMwanHXnZXj2CmO80VyBHnAMJ/h72AN1qzDaHFlhxh0Li/POc1bpDjiVjiUPgimHZWpi3VObxWLLn2zf+RH2lx0yXMccSEnkWvHp+Ll5apIUUS+vTlDo3niWpEfGZLl root@debian"; }; }; diff --git a/components/network/sshd/known-hosts-zerotier.nix b/components/network/sshd/known-hosts-zerotier.nix index 8c58282..a6c3ec9 100644 --- a/components/network/sshd/known-hosts-zerotier.nix +++ b/components/network/sshd/known-hosts-zerotier.nix @@ -1,34 +1,34 @@ -{ lib, config, clanLib, ... }: +{ + lib, + config, + clanLib, + ... +}: with lib; with types; let machines = clanLib.allMachineNames; publicKey = clanLib.readFact "ssh.id_ed25519.pub"; tld = config.clan.static-hosts.topLevelDomain; - knownHosts = lib.genAttrs machines - (machine: - { - hostNames = [ - "${machine}" - "${machine}.${tld}" - "${machine}.private" - ]; - publicKey = publicKey machine; - } - ); + knownHosts = lib.genAttrs machines (machine: { + hostNames = [ + "${machine}" + "${machine}.${tld}" + "${machine}.private" + ]; + publicKey = publicKey machine; + }); bootMachines = clanLib.readFactFromAllMachines "ssh.boot.id_ed25519.pub"; - knownBootHosts = lib.mapAttrs' - (machine: publicKey: nameValuePair - "boot_${machine}" - { - inherit publicKey; - hostNames = [ - "[${machine}]:2222" - "[${machine}.public]:2222" - ]; - } - ) - bootMachines; + knownBootHosts = lib.mapAttrs' ( + machine: publicKey: + nameValuePair "boot_${machine}" { + inherit publicKey; + hostNames = [ + "[${machine}]:2222" + "[${machine}.public]:2222" + ]; + } + ) bootMachines; in { diff --git a/components/network/syncthing.nix b/components/network/syncthing.nix index 9170106..c9f39bb 100644 --- a/components/network/syncthing.nix +++ b/components/network/syncthing.nix @@ -1,5 +1,13 @@ -{ config, lib, pkgs, factsGenerator, clanLib, ... }: -with lib; { +{ + config, + lib, + pkgs, + factsGenerator, + clanLib, + ... +}: +with lib; +{ # networking.firewall.interfaces."gummybears".allowedTCPPorts = [ 8384 ]; @@ -19,7 +27,12 @@ with lib; { id = facts."syncthing.pub"; addresses = [ "tcp://[${facts."zerotier-ip"}]:22000" ]; }) - (clanLib.readFactsFromAllMachines [ "syncthing.pub" "zerotier-ip" ]); + ( + clanLib.readFactsFromAllMachines [ + "syncthing.pub" + "zerotier-ip" + ] + ); device = machine: id: { "${machine}" = { name = machine; @@ -30,20 +43,26 @@ with lib; { in clanMachines // (device "iPhone" "RPQBSRB-DYEUUWQ-EAPMBA2-PL4MJ73-Y4F4ZTH-TAD7DUE-GEK56BG-HYW6YAF") - // (device "bumba" "JS7PWTO-VKFGBUP-GNFLSWP-MGFJ2KH-HLO2LKW-V3RPCR6-PCB5SQC-42FCKQZ") - ; + // (device "bumba" "JS7PWTO-VKFGBUP-GNFLSWP-MGFJ2KH-HLO2LKW-V3RPCR6-PCB5SQC-42FCKQZ"); settings.folders = { audiobooks = { enable = lib.mkDefault false; path = lib.mkDefault "/tmp/audiobooks"; - devices = [ "chungus" "orbi" ]; + devices = [ + "chungus" + "orbi" + ]; }; books = { enable = lib.mkDefault false; path = lib.mkDefault "/tmp/books"; - devices = [ "chungus" "cream" "cherry" ]; + devices = [ + "chungus" + "cream" + "cherry" + ]; versioning = { type = "simple"; params.keep = "2"; @@ -52,12 +71,20 @@ with lib; { desktop = { enable = lib.mkDefault false; path = lib.mkDefault "/tmp/desktop"; - devices = [ "chungus" "cream" "cherry" ]; + devices = [ + "chungus" + "cream" + "cherry" + ]; }; finance = { enable = lib.mkDefault false; path = lib.mkDefault "/tmp/finance"; - devices = [ "chungus" "cream" "cherry" ]; + devices = [ + "chungus" + "cream" + "cherry" + ]; versioning = { type = "simple"; params.keep = "10"; @@ -66,27 +93,46 @@ with lib; { flix = { enable = lib.mkDefault false; path = lib.mkDefault "/tmp/flix"; - devices = [ "chungus" "orbi" ]; + devices = [ + "chungus" + "orbi" + ]; }; logseq = { enable = lib.mkDefault false; path = lib.mkDefault "/tmp/logseq"; - devices = [ "chungus" "cream" "cherry" "iPhone" ]; + devices = [ + "chungus" + "cream" + "cherry" + "iPhone" + ]; }; lectures = { enable = lib.mkDefault false; path = lib.mkDefault "/tmp/lectures"; - devices = [ "chungus" "orbi" ]; + devices = [ + "chungus" + "orbi" + ]; }; oscar_cpap = { enable = lib.mkDefault false; path = lib.mkDefault "/tmp/oscar_cpap"; - devices = [ "chungus" "cream" "cherry" ]; + devices = [ + "chungus" + "cream" + "cherry" + ]; }; password-store = { enable = lib.mkDefault false; path = lib.mkDefault "/tmp/password-store"; - devices = [ "chungus" "cream" "cherry" ]; + devices = [ + "chungus" + "cream" + "cherry" + ]; versioning = { type = "simple"; params.keep = "10"; @@ -96,7 +142,11 @@ with lib; { share = { enable = lib.mkDefault false; path = lib.mkDefault "/tmp/password-store"; - devices = [ "cream" "cherry" "orbi" ]; + devices = [ + "cream" + "cherry" + "orbi" + ]; }; }; }; diff --git a/components/network/tinc/default.nix b/components/network/tinc/default.nix index 528c58a..961b4d3 100644 --- a/components/network/tinc/default.nix +++ b/components/network/tinc/default.nix @@ -1,4 +1,10 @@ -{ lib, config, factsGenerator, clanLib, ... }: +{ + lib, + config, + factsGenerator, + clanLib, + ... +}: with lib; { @@ -20,18 +26,21 @@ with lib; }; config = mkMerge [ - (mkIf config.tinc.private.enable (import ./private.nix { - ipv4 = config.tinc.private.ipv4; - ipv6 = null; - inherit (lib) optionalString concatStringsSep mapAttrsToList; - inherit config factsGenerator clanLib; - })) - (mkIf config.tinc.secret.enable (import ./secret.nix { - ipv4 = config.tinc.secret.ipv4; - ipv6 = null; - inherit (lib) optionalString concatStringsSep mapAttrsToList; - inherit config factsGenerator clanLib; - })) + (mkIf config.tinc.private.enable ( + import ./private.nix { + ipv4 = config.tinc.private.ipv4; + ipv6 = null; + inherit (lib) optionalString concatStringsSep mapAttrsToList; + inherit config factsGenerator clanLib; + } + )) + (mkIf config.tinc.secret.enable ( + import ./secret.nix { + ipv4 = config.tinc.secret.ipv4; + ipv6 = null; + inherit (lib) optionalString concatStringsSep mapAttrsToList; + inherit config factsGenerator clanLib; + } + )) ]; } - diff --git a/components/network/tinc/private.nix b/components/network/tinc/private.nix index 891f950..ccf051a 100644 --- a/components/network/tinc/private.nix +++ b/components/network/tinc/private.nix @@ -1,12 +1,13 @@ -{ ipv4 -, ipv6 -, config -, optionalString -, concatStringsSep -, factsGenerator -, mapAttrsToList -, clanLib -, ... +{ + ipv4, + ipv6, + config, + optionalString, + concatStringsSep, + factsGenerator, + mapAttrsToList, + clanLib, + ... }: let hosts = { @@ -51,35 +52,36 @@ in services.tinc.networks = { ${network} = { - ed25519PrivateKeyFile = config.clan.core.facts.services.tinc_private.secret."tinc.private.ed25519_key.priv".path; + ed25519PrivateKeyFile = + config.clan.core.facts.services.tinc_private.secret."tinc.private.ed25519_key.priv".path; interfaceType = "tap"; extraConfig = '' LocalDiscovery = yes ''; hostSettings = { mobi = { - subnets = [{ address = hosts.mobi; }]; + subnets = [ { address = hosts.mobi; } ]; settings.Ed25519PublicKey = "X5sp3YYevVNUrzYvi+HZ2iW5WbO0bIb58jR4jZFH6MB"; }; bobi = { - subnets = [{ address = hosts.bobi; }]; + subnets = [ { address = hosts.bobi; } ]; settings.Ed25519PublicKey = "jwvNd4oAgz2cWEI74VTVYU1qgPWq823/a0iEDqJ8KMD"; }; cream = { - subnets = [{ address = hosts.cream; }]; + subnets = [ { address = hosts.cream; } ]; settings.Ed25519PublicKey = Ed25519PublicKey "cream"; }; cherry = { - subnets = [{ address = hosts.cherry; }]; + subnets = [ { address = hosts.cherry; } ]; settings.Ed25519PublicKey = Ed25519PublicKey "cherry"; }; chungus = { - subnets = [{ address = hosts.chungus; }]; + subnets = [ { address = hosts.chungus; } ]; settings.Ed25519PublicKey = Ed25519PublicKey "chungus"; }; orbi = { - addresses = [{ address = "95.216.66.212"; }]; - subnets = [{ address = hosts.orbi; }]; + addresses = [ { address = "95.216.66.212"; } ]; + subnets = [ { address = hosts.orbi; } ]; settings.Ed25519PublicKey = Ed25519PublicKey "orbi"; }; }; @@ -100,6 +102,8 @@ in LinkLocalAddressing = no ''; - networking.extraHosts = concatStringsSep "\n" (mapAttrsToList (name: ip: "${ip} ${name}.${network}") (hosts // subDomains)); + networking.extraHosts = concatStringsSep "\n" ( + mapAttrsToList (name: ip: "${ip} ${name}.${network}") (hosts // subDomains) + ); } diff --git a/components/network/tinc/secret.nix b/components/network/tinc/secret.nix index 5728a9f..d5e1c05 100644 --- a/components/network/tinc/secret.nix +++ b/components/network/tinc/secret.nix @@ -1,11 +1,12 @@ -{ ipv4 -, ipv6 -, config -, optionalString -, concatStringsSep -, mapAttrsToList -, factsGenerator -, ... +{ + ipv4, + ipv6, + config, + optionalString, + concatStringsSep, + mapAttrsToList, + factsGenerator, + ... }: let port = 721; @@ -23,31 +24,37 @@ in services.tinc.networks = { ${network} = { - ed25519PrivateKeyFile = config.clan.core.facts.services.tinc_secret.secret."tinc.secret.ed25519_key.priv".path; + ed25519PrivateKeyFile = + config.clan.core.facts.services.tinc_secret.secret."tinc.secret.ed25519_key.priv".path; extraConfig = '' LocalDiscovery = yes Port = ${toString port} ''; hostSettings = { sternchen = { - subnets = [{ address = hosts.sternchen; }]; + subnets = [ { address = hosts.sternchen; } ]; settings.Ed25519PublicKey = "Z567IKl00Kw5JFBNwMvjL33QYe2hRoNtQcNIDFRPReB"; }; cream = { - subnets = [{ address = hosts.cream; }]; + subnets = [ { address = hosts.cream; } ]; settings.Ed25519PublicKey = "Y/YRA90mAlNEmdhUWlUTHjjsco6d6hlvW11sPtarIdL"; }; cherry = { - subnets = [{ address = hosts.cherry; }]; + subnets = [ { address = hosts.cherry; } ]; settings.Ed25519PublicKey = "BsPIrZjbzn0aryC0HO3OXSb4oFCMmzNDmMDQmxUXUuC"; }; sterni = { - subnets = [{ address = hosts.sterni; }]; + subnets = [ { address = hosts.sterni; } ]; settings.Ed25519PublicKey = "r6mRDc814z2YtyG9ev/XXV2SgquqWR8n53V13xNXb7O"; }; robi = { - addresses = [{ address = "144.76.13.147"; port = port; }]; - subnets = [{ address = hosts.robi; }]; + addresses = [ + { + address = "144.76.13.147"; + port = port; + } + ]; + subnets = [ { address = hosts.robi; } ]; settings.Ed25519PublicKey = "bZUbSdME4fwudNVbUoNO7PpoOS2xALsyTs81F260KbL"; }; }; @@ -68,23 +75,37 @@ in LinkLocalAddressing = no ''; - networking.extraHosts = concatStringsSep "\n" (mapAttrsToList (name: ip: "${ip} ${name}.${network}") hosts); + networking.extraHosts = concatStringsSep "\n" ( + mapAttrsToList (name: ip: "${ip} ${name}.${network}") hosts + ); services.openssh.knownHosts = { "cream.${network}" = { - hostNames = [ "cream.${network}" hosts.cream ]; + hostNames = [ + "cream.${network}" + hosts.cream + ]; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIConHiCL7INgAhuN6Z9TqP0zP+xNpdV7+OHwUca4IRDD"; }; "sternchen.${network}" = { - hostNames = [ "sterni.${network}" hosts.sterni ]; + hostNames = [ + "sterni.${network}" + hosts.sterni + ]; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILriD/0+65L1mkbjKENwpvB3wUMXz/rEf9J8wuJjJa0q"; }; "sterni.${network}" = { - hostNames = [ "sterni.${network}" hosts.sterni ]; + hostNames = [ + "sterni.${network}" + hosts.sterni + ]; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEQRH4gzT4vWSx3KN80ePPYhSPZRUae/qSyEym6pJTht"; }; "robi" = { - hostNames = [ "robi.${network}" hosts.robi ]; + hostNames = [ + "robi.${network}" + hosts.robi + ]; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK2PGX6cZuBUGX4VweMzi0aRh4uQ61yngCzZGcK3w5XV"; }; }; diff --git a/components/network/wifi.nix b/components/network/wifi.nix index 347f51d..7c76b0f 100644 --- a/components/network/wifi.nix +++ b/components/network/wifi.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: with lib; with types; { @@ -22,7 +27,6 @@ with types; # Setting this value to 1 means to try activation once, without retry. networking.networkmanager.settings.main.autoconnect-retries-default = 999; - hardware.enableRedistributableFirmware = true; # because Networkd-wait-online is just failing. @@ -47,4 +51,3 @@ with types; }; } - diff --git a/components/network/wireguard.nix b/components/network/wireguard.nix index 52a232f..c657cb6 100644 --- a/components/network/wireguard.nix +++ b/components/network/wireguard.nix @@ -28,6 +28,4 @@ with lib; ''; }; - } - diff --git a/components/nixos/upgrade-diff.nix b/components/nixos/upgrade-diff.nix index c5bf7d0..54629ae 100644 --- a/components/nixos/upgrade-diff.nix +++ b/components/nixos/upgrade-diff.nix @@ -1,5 +1,10 @@ # MIT Jörg Thalheim - https://github.com/Mic92/dotfiles/blob/c6cad4e57016945c4816c8ec6f0a94daaa0c3203/nixos/modules/upgrade-diff.nix -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: { options.components.nixos.update-diff.enable = lib.mkOption { diff --git a/components/terminal/bash.nix b/components/terminal/bash.nix index c7bc65d..fe04650 100644 --- a/components/terminal/bash.nix +++ b/components/terminal/bash.nix @@ -1,4 +1,9 @@ -{ pkgs, config, lib, ... }: +{ + pkgs, + config, + lib, + ... +}: with lib; { options.components.terminal.bash.enable = mkOption { @@ -16,7 +21,6 @@ with lib; interactiveShellInit = "set -o vi"; - shellAliases = { ls = "ls --color=tty"; l = "ls -CFh"; diff --git a/components/terminal/default.nix b/components/terminal/default.nix index 11dd4be..f32e3ea 100644 --- a/components/terminal/default.nix +++ b/components/terminal/default.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: with lib; { options.components.terminal = { diff --git a/components/terminal/direnv.nix b/components/terminal/direnv.nix index c0a8dd9..a253000 100644 --- a/components/terminal/direnv.nix +++ b/components/terminal/direnv.nix @@ -1,4 +1,9 @@ -{ pkgs, config, lib, ... }: +{ + pkgs, + config, + lib, + ... +}: with lib; { options.components.terminal.direnv.enable = mkOption { @@ -12,7 +17,10 @@ with lib; home-manager.sharedModules = [ { programs.direnv.enable = true; - programs.git.ignores = [ ".envrc" ".direnv" ]; + programs.git.ignores = [ + ".envrc" + ".direnv" + ]; } ]; diff --git a/components/terminal/git.nix b/components/terminal/git.nix index 95dd7da..bce25fb 100644 --- a/components/terminal/git.nix +++ b/components/terminal/git.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: with lib; { options.components.terminal.git.enable = mkOption { @@ -8,7 +13,6 @@ with lib; config = mkIf (config.components.terminal.git.enable) { - environment.systemPackages = with pkgs; [ git gita @@ -29,4 +33,3 @@ with lib; ]; }; } - diff --git a/components/terminal/heygpt.nix b/components/terminal/heygpt.nix index d053892..1772828 100644 --- a/components/terminal/heygpt.nix +++ b/components/terminal/heygpt.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: with lib; { options.components.terminal.heygpt.enable = mkOption { diff --git a/components/terminal/hoard.nix b/components/terminal/hoard.nix index e6584cd..5683716 100644 --- a/components/terminal/hoard.nix +++ b/components/terminal/hoard.nix @@ -1,4 +1,9 @@ -{ pkgs, config, lib, ... }: +{ + pkgs, + config, + lib, + ... +}: with lib; let hoardSrc = pkgs.fetchFromGitHub { @@ -31,10 +36,26 @@ in config_home_path = "/home/palo/.config/hoard"; trove_path = "/home/palo/.config/hoard/trove.yml"; query_prefix = " >"; - primary_color = [ 87 142 87 ]; - secondary_color = [ 203 184 144 ]; - tertiary_color = [ 30 30 30 ]; - command_color = [ 30 30 30 ]; + primary_color = [ + 87 + 142 + 87 + ]; + secondary_color = [ + 203 + 184 + 144 + ]; + tertiary_color = [ + 30 + 30 + 30 + ]; + command_color = [ + 30 + 30 + 30 + ]; parameter_token = "#"; read_from_current_directory = true; }; diff --git a/components/terminal/remote-install.nix b/components/terminal/remote-install.nix index 9985528..b321973 100644 --- a/components/terminal/remote-install.nix +++ b/components/terminal/remote-install.nix @@ -1,4 +1,9 @@ -{ pkgs, config, lib, ... }: +{ + pkgs, + config, + lib, + ... +}: with lib; { options.components.terminal.remote-install.enable = mkOption { @@ -10,7 +15,7 @@ with lib; services.tor = { enable = true; client.enable = true; - relay.onionServices.liveos.map = [{ port = 1337; }]; + relay.onionServices.liveos.map = [ { port = 1337; } ]; }; environment.systemPackages = [ diff --git a/components/terminal/wtf.nix b/components/terminal/wtf.nix index ececdd1..c5d24b0 100644 --- a/components/terminal/wtf.nix +++ b/components/terminal/wtf.nix @@ -1,4 +1,9 @@ -{ pkgs, config, lib, ... }: +{ + pkgs, + config, + lib, + ... +}: with lib; let @@ -54,23 +59,29 @@ let echo ''; - userHighlight = map ({ user, ... }: user) - (builtins.attrValues config.services.browser.configList) - ++ [ "steam" ]; + userHighlight = + map ({ user, ... }: user) (builtins.attrValues config.services.browser.configList) + ++ [ "steam" ]; activeUsers = pkgs.writers.writeBash "active-users" '' ${pkgs.procps}/bin/ps -eo user \ | ${pkgs.gnused}/bin/sed '1 d' \ | ${pkgs.coreutils}/bin/sort \ | ${pkgs.coreutils}/bin/uniq \ - | ${pkgs.gnugrep}/bin/egrep --color=always '(${ - pkgs.lib.concatStringsSep "|" userHighlight - })|$' + | ${pkgs.gnugrep}/bin/egrep --color=always '(${pkgs.lib.concatStringsSep "|" userHighlight})|$' ''; # default settings wtfModule = - args@{ height ? 1, width ? 1, top, left, enabled ? true, type, ... }: + args@{ + height ? 1, + width ? 1, + top, + left, + enabled ? true, + type, + ... + }: { enabled = enabled; focusable = false; @@ -78,107 +89,157 @@ let position.left = left; position.height = height; position.width = width; - } // (lib.filterAttrs - (key: _: lib.all (x: x != key) [ "height" "width" "top" "left" ]) - args); + } + // (lib.filterAttrs ( + key: _: + lib.all (x: x != key) [ + "height" + "width" + "top" + "left" + ] + ) args); # command runner module - cmdRunner = args@{ cmd, ... }: - wtfModule ({ - type = "cmdrunner"; - focusable = false; - refreshInterval = 300; - } // args); + cmdRunner = + args@{ cmd, ... }: + wtfModule ( + { + type = "cmdrunner"; + focusable = false; + refreshInterval = 300; + } + // args + ); modules = { inherit cmdRunner; - digitalclock = args@{ top, left, ... }: - cmdRunner ({ - cmd = pkgs.writers.writeDash "clock" '' - ${pkgs.toilet}/bin/toilet --font future `${pkgs.coreutils}/bin/date +"%a %H:%M"` - ${pkgs.coreutils}/bin/date +"%B %d %Y" - ''; - title = ""; - refreshInterval = 30; - } // args); + digitalclock = + args@{ top, left, ... }: + cmdRunner ( + { + cmd = pkgs.writers.writeDash "clock" '' + ${pkgs.toilet}/bin/toilet --font future `${pkgs.coreutils}/bin/date +"%a %H:%M"` + ${pkgs.coreutils}/bin/date +"%B %d %Y" + ''; + title = ""; + refreshInterval = 30; + } + // args + ); - clocks = args@{ top, left, ... }: - wtfModule ({ - type = "clocks"; - title = ""; - border = false; - colors.rows = { - even = "white"; - odd = "white"; - }; - locations = { - UTC = "Etc/UTC"; - Berlin = "Europe/Berlin"; - Thailand = "Asia/Bangkok"; - #Cuba = "America/Havana"; - #Wellington = "Pacific/Auckland"; - }; - sort = "alphabetical"; - refreshInterval = 60; - } // args); + clocks = + args@{ top, left, ... }: + wtfModule ( + { + type = "clocks"; + title = ""; + border = false; + colors.rows = { + even = "white"; + odd = "white"; + }; + locations = { + UTC = "Etc/UTC"; + Berlin = "Europe/Berlin"; + Thailand = "Asia/Bangkok"; + #Cuba = "America/Havana"; + #Wellington = "Pacific/Auckland"; + }; + sort = "alphabetical"; + refreshInterval = 60; + } + // args + ); - resourceusage = args@{ top, left, ... }: - wtfModule ({ - type = "resourceusage"; - title = ""; - cpuCombined = false; - refreshInterval = 5; - } // args); + resourceusage = + args@{ top, left, ... }: + wtfModule ( + { + type = "resourceusage"; + title = ""; + cpuCombined = false; + refreshInterval = 5; + } + // args + ); - power = args@{ top, left, ... }: - wtfModule ({ - type = "power"; - title = ""; - refreshInterval = 100; - } // args); + power = + args@{ top, left, ... }: + wtfModule ( + { + type = "power"; + title = ""; + refreshInterval = 100; + } + // args + ); - prettyweather = args@{ top, left, ... }: - wtfModule ({ - type = "prettyweather"; - title = ""; - city = "Essen"; - unit = "m"; - view = 0; - language = "en"; - refreshInterval = 3600; - } // args); + prettyweather = + args@{ top, left, ... }: + wtfModule ( + { + type = "prettyweather"; + title = ""; + city = "Essen"; + unit = "m"; + view = 0; + language = "en"; + refreshInterval = 3600; + } + // args + ); - feedreader = args@{ top, left, feeds, ... }: - wtfModule ({ - type = "feedreader"; - title = ""; - refreshInterval = 3600; - focusable = true; - #feedLimit = 10; - colors.rows = { - even = "white"; - odd = "white"; - }; - } // args); + feedreader = + args@{ + top, + left, + feeds, + ... + }: + wtfModule ( + { + type = "feedreader"; + title = ""; + refreshInterval = 3600; + focusable = true; + #feedLimit = 10; + colors.rows = { + even = "white"; + odd = "white"; + }; + } + // args + ); - github = args@{ top, left, username, apiKey, ... }: - wtfModule ({ - type = "github"; - title = ""; - refreshInterval = 3600; - feedlimit = 10; + github = + args@{ + top, + left, + username, + apiKey, + ... + }: + wtfModule ( + { + type = "github"; + title = ""; + refreshInterval = 3600; + feedlimit = 10; - enableStatus = true; - # customQueries: - # othersPRs: - # title: "Others Pull Requests" - # filter: "is:open is:pr -author:wtfutil" - # repositories: - # - "wtfutil/wtf" - # - "wtfutil/docs" - # - "umbrella-corp/wesker-api" - } // args); + enableStatus = true; + # customQueries: + # othersPRs: + # title: "Others Pull Requests" + # filter: "is:open is:pr -author:wtfutil" + # repositories: + # - "wtfutil/wtf" + # - "wtfutil/docs" + # - "umbrella-corp/wesker-api" + } + // args + ); }; @@ -191,8 +252,20 @@ let normal = "green"; }; grid = { - columns = [ 28 0 0 ]; - rows = [ 9 9 9 9 9 9 0 ]; + columns = [ + 28 + 0 + 0 + ]; + rows = [ + 9 + 9 + 9 + 9 + 9 + 9 + 0 + ]; }; refreshInterval = 1; mods = with modules; { @@ -227,8 +300,7 @@ let top = 4; left = 1; height = 1; - feeds = - [ "https://latesthackingnews.com/category/hacking-tools/feed/" ]; + feeds = [ "https://latesthackingnews.com/category/hacking-tools/feed/" ]; }; nixos = feedreader { title = "NixOS Weekly"; @@ -265,8 +337,20 @@ let normal = "green"; }; grid = { - columns = [ 33 12 28 36 0 ]; - rows = [ 9 4 6 6 0 ]; + columns = [ + 33 + 12 + 28 + 36 + 0 + ]; + rows = [ + 9 + 4 + 6 + 6 + 0 + ]; }; refreshInterval = 1; mods = with modules; { @@ -312,7 +396,12 @@ let calendar = cmdRunner { title = ""; - args = [ "-3" "--monday" "--color=never" "-w" ]; + args = [ + "-3" + "--monday" + "--color=never" + "-w" + ]; cmd = "cal"; top = 1; left = 1; @@ -374,9 +463,12 @@ let }; }; - createDashboard = { json, name }: - let configuration = pkgs.writeText "config.yml" (builtins.toJSON json); - in pkgs.writers.writeBashBin name '' + createDashboard = + { json, name }: + let + configuration = pkgs.writeText "config.yml" (builtins.toJSON json); + in + pkgs.writers.writeBashBin name '' ${pkgs.wtf}/bin/wtfutil --config=${toString configuration} ''; diff --git a/components/terminal/zsh.nix b/components/terminal/zsh.nix index e977062..6db63bc 100644 --- a/components/terminal/zsh.nix +++ b/components/terminal/zsh.nix @@ -1,4 +1,9 @@ -{ pkgs, config, lib, ... }: +{ + pkgs, + config, + lib, + ... +}: with lib; { options.components.terminal.zsh.enable = mkOption { diff --git a/components/virtualisation/docker.nix b/components/virtualisation/docker.nix index 994ebd9..ced626d 100644 --- a/components/virtualisation/docker.nix +++ b/components/virtualisation/docker.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: with lib; { diff --git a/components/virtualisation/podman.nix b/components/virtualisation/podman.nix index eaf6d1b..6907eb7 100644 --- a/components/virtualisation/podman.nix +++ b/components/virtualisation/podman.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: with lib; { diff --git a/components/virtualisation/qemu.nix b/components/virtualisation/qemu.nix index c3ef4ad..1f7f624 100644 --- a/components/virtualisation/qemu.nix +++ b/components/virtualisation/qemu.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: with lib; { diff --git a/components/virtualisation/virtualbox.nix b/components/virtualisation/virtualbox.nix index d8f3de3..befae1b 100644 --- a/components/virtualisation/virtualbox.nix +++ b/components/virtualisation/virtualbox.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: with lib; { diff --git a/components/yubikey.nix b/components/yubikey.nix index 5c24dd3..7885585 100644 --- a/components/yubikey.nix +++ b/components/yubikey.nix @@ -1,7 +1,12 @@ # References: # * https://github.com/drduh/YubiKey-Guide # * https://nixos.wiki/wiki/Yubikey -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: with lib; { @@ -16,7 +21,6 @@ with lib; services.pcscd.enable = true; services.udev.packages = [ pkgs.yubikey-personalization ]; - environment.systemPackages = [ pkgs.yubikey-personalization diff --git a/features/boot/ssh.nix b/features/boot/ssh.nix index 6d56432..9ff7918 100644 --- a/features/boot/ssh.nix +++ b/features/boot/ssh.nix @@ -1,4 +1,11 @@ -{ config, lib, pkgs, factsGenerator, clanLib, ... }: +{ + config, + lib, + pkgs, + factsGenerator, + clanLib, + ... +}: with lib; with types; @@ -11,8 +18,7 @@ with types; kernelModules = mkOption { type = listOf str; default = [ ]; - description = - "nix-shell -p pciutils --run 'lspci -v' will tell you which kernel module is used for the ethernet interface"; + description = "nix-shell -p pciutils --run 'lspci -v' will tell you which kernel module is used for the ethernet interface"; }; }; @@ -42,4 +48,3 @@ with types; }; } - diff --git a/features/boot/tor.nix b/features/boot/tor.nix index 349ddb6..5ea195c 100644 --- a/features/boot/tor.nix +++ b/features/boot/tor.nix @@ -1,4 +1,11 @@ -{ config, lib, pkgs, factsGenerator, clanLib, ... }: +{ + config, + lib, + pkgs, + factsGenerator, + clanLib, + ... +}: with lib; with types; { @@ -16,14 +23,13 @@ with types; name = "initrd"; addressPrefix = "init"; }; - boot.initrd.secrets = - mapAttrs' (name: file: nameValuePair "/etc/tor/onion/bootup/${name}" file) - (genAttrs [ - "hostname" - "hs_ed25519_public_key" - "hs_ed25519_secret_key" - ] - (secret: config.clan.core.facts.services."initrd.tor".secret."tor.initrd.${secret}".path)); + boot.initrd.secrets = mapAttrs' (name: file: nameValuePair "/etc/tor/onion/bootup/${name}" file) ( + genAttrs [ + "hostname" + "hs_ed25519_public_key" + "hs_ed25519_secret_key" + ] (secret: config.clan.core.facts.services."initrd.tor".secret."tor.initrd.${secret}".path) + ); boot.initrd.systemd.storePaths = [ pkgs.tor @@ -43,7 +49,10 @@ with types; boot.initrd.systemd.services.tor = { description = "tor during init"; wantedBy = [ "initrd.target" ]; - after = [ "network.target" "initrd-nixos-copy-secrets.service" ]; + after = [ + "network.target" + "initrd-nixos-copy-secrets.service" + ]; before = [ "shutdown.target" ]; conflicts = [ "shutdown.target" ]; @@ -53,17 +62,15 @@ with types; pkgs.iproute2 pkgs.coreutils ]; - script = - '' - echo "tor: preparing onion folder" - # have to do this otherwise tor does not want to start - chmod -R 700 /etc/tor + script = '' + echo "tor: preparing onion folder" + # have to do this otherwise tor does not want to start + chmod -R 700 /etc/tor - echo "tor: starting tor" - tor -f /etc/tor/tor.rc --verify-config - tor -f /etc/tor/tor.rc - ''; + echo "tor: starting tor" + tor -f /etc/tor/tor.rc --verify-config + tor -f /etc/tor/tor.rc + ''; }; }; } - diff --git a/features/network/fail2ban.nix b/features/network/fail2ban.nix index 22bd3b6..a961e51 100644 --- a/features/network/fail2ban.nix +++ b/features/network/fail2ban.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: with lib; { options.features.network.fail2ban.enable = mkOption { diff --git a/features/network/sshguard.nix b/features/network/sshguard.nix index e20aec2..8469cbb 100644 --- a/features/network/sshguard.nix +++ b/features/network/sshguard.nix @@ -1,4 +1,10 @@ -{ pkgs, config, lib, assets, ... }: +{ + pkgs, + config, + lib, + assets, + ... +}: with lib; with types; { diff --git a/homes/common/oh-my-posh/default.nix b/homes/common/oh-my-posh/default.nix index 8875429..b9d46f2 100644 --- a/homes/common/oh-my-posh/default.nix +++ b/homes/common/oh-my-posh/default.nix @@ -1,4 +1,9 @@ -{ pkgs, config, lib, ... }: +{ + pkgs, + config, + lib, + ... +}: with lib; { programs.oh-my-posh = { diff --git a/homes/common/oh-my-posh/gmay.json b/homes/common/oh-my-posh/gmay.json index 68ddd82..a6d2468 100644 --- a/homes/common/oh-my-posh/gmay.json +++ b/homes/common/oh-my-posh/gmay.json @@ -86,7 +86,9 @@ }, { "background": "#427B58", - "background_templates": ["{{ if gt .Code 0 }}#9D0006{{ end }}"], + "background_templates": [ + "{{ if gt .Code 0 }}#9D0006{{ end }}" + ], "foreground": "#EBDBB2", "leading_diamond": "\ue0b0", "properties": { diff --git a/homes/common/oh-my-posh/gruvbox.json b/homes/common/oh-my-posh/gruvbox.json index 82da3ee..3bf514a 100644 --- a/homes/common/oh-my-posh/gruvbox.json +++ b/homes/common/oh-my-posh/gruvbox.json @@ -13,9 +13,13 @@ }, { "background": "#fbf1c7", - "background_templates": ["{{ if .Root }}#af3a03{{ end }}"], + "background_templates": [ + "{{ if .Root }}#af3a03{{ end }}" + ], "foreground": "#282828", - "foreground_templates": ["{{ if .Root }}#fbf1c7{{ end }}"], + "foreground_templates": [ + "{{ if .Root }}#fbf1c7{{ end }}" + ], "powerline_symbol": "\ue0b0", "style": "powerline", "template": " {{ if .SSHSession }} {{ end }}{{ .HostName }} ", diff --git a/homes/common/packages.nix b/homes/common/packages.nix index f02ec0f..90344f5 100644 --- a/homes/common/packages.nix +++ b/homes/common/packages.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: with pkgs; with lib; { @@ -41,7 +46,6 @@ with lib; } - (mkIf config.gui.enable { home.packages = [ libreoffice diff --git a/homes/common/terminal.nix b/homes/common/terminal.nix index 50c61a7..5a571d5 100644 --- a/homes/common/terminal.nix +++ b/homes/common/terminal.nix @@ -1,4 +1,9 @@ -{ lib, pkgs, assets, ... }: +{ + lib, + pkgs, + assets, + ... +}: { programs.zsh = { diff --git a/homes/common/zfs.nix b/homes/common/zfs.nix index 9191092..88704be 100644 --- a/homes/common/zfs.nix +++ b/homes/common/zfs.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: with pkgs; with lib; { diff --git a/homes/palo/default.nix b/homes/palo/default.nix index 32946de..99757d9 100644 --- a/homes/palo/default.nix +++ b/homes/palo/default.nix @@ -1,4 +1,5 @@ -{ pkgs, ... }: { +{ pkgs, ... }: +{ imports = [ ../common diff --git a/homes/palo/doom-emacs.nix b/homes/palo/doom-emacs.nix index be93d78..8c193d9 100644 --- a/homes/palo/doom-emacs.nix +++ b/homes/palo/doom-emacs.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: with lib; { config = mkMerge [ diff --git a/homes/palo/git.nix b/homes/palo/git.nix index c3b86e0..fc3e2e9 100644 --- a/homes/palo/git.nix +++ b/homes/palo/git.nix @@ -10,7 +10,15 @@ with pkgs; key = "42AC51C9482D0834CF488AF1389EC2D64AC71EAC"; signByDefault = true; }; - ignores = [ "*.swp" "*~" ".idea" ".*penis.*" "result" ".envrc" ".direnv" ]; + ignores = [ + "*.swp" + "*~" + ".idea" + ".*penis.*" + "result" + ".envrc" + ".direnv" + ]; extraConfig = { init.defaultBranch = "main"; pull.ff = "only"; @@ -19,7 +27,6 @@ with pkgs; difftastic.enable = true; }; - home.packages = [ pre-commit gita diff --git a/homes/palo/gpg.nix b/homes/palo/gpg.nix index 31e8b39..17eeb31 100644 --- a/homes/palo/gpg.nix +++ b/homes/palo/gpg.nix @@ -12,8 +12,7 @@ keyserver = "keyserver.ubuntu.com"; personal-digest-preferences = "SHA512"; cert-digest-algo = "SHA512"; - default-preference-list = - "SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed"; + default-preference-list = "SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed"; }; }; diff --git a/homes/palo/gui/alacritty.nix b/homes/palo/gui/alacritty.nix index d1d3846..b692f9d 100644 --- a/homes/palo/gui/alacritty.nix +++ b/homes/palo/gui/alacritty.nix @@ -1,4 +1,9 @@ -{ pkgs, lib, config, ... }: +{ + pkgs, + lib, + config, + ... +}: with lib; { diff --git a/homes/palo/gui/kitty.nix b/homes/palo/gui/kitty.nix index d462a32..4eda09b 100644 --- a/homes/palo/gui/kitty.nix +++ b/homes/palo/gui/kitty.nix @@ -1,4 +1,9 @@ -{ lib, pkgs, config, ... }: +{ + lib, + pkgs, + config, + ... +}: with lib; { @@ -31,6 +36,5 @@ with lib; }; }; - }; } diff --git a/homes/palo/hyperland.nix b/homes/palo/hyperland.nix index 36674d2..4e6470a 100644 --- a/homes/palo/hyperland.nix +++ b/homes/palo/hyperland.nix @@ -158,4 +158,3 @@ ''; } - diff --git a/homes/palo/i3.nix b/homes/palo/i3.nix index d33675c..6394352 100644 --- a/homes/palo/i3.nix +++ b/homes/palo/i3.nix @@ -1,8 +1,20 @@ -{ config, lib, pkgs, osConfig, ... }: +{ + config, + lib, + pkgs, + osConfig, + ... +}: with lib; let - rofi = pkgs.rofi.override { plugins = [ pkgs.rofi-emoji pkgs.rofi-calc pkgs.xdotool ]; }; + rofi = pkgs.rofi.override { + plugins = [ + pkgs.rofi-emoji + pkgs.rofi-calc + pkgs.xdotool + ]; + }; backgroundCommand = pkgs.writers.writeDash "background" '' ${pkgs.xorg.xrandr}/bin/xrandr | grep " connected" | grep "primary" | \ @@ -140,21 +152,25 @@ in focus = { followMouse = true; }; - colors.focused = - with config.lib.stylix.colors.withHashtag; + colors.focused = with config.lib.stylix.colors.withHashtag; { + # stylix color overrides + border = lib.mkForce base08; + background = lib.mkForce base0A; + text = lib.mkForce base00; + }; + startup = [ + #{ command = "${pkgs.jellyfin-mpv-shim}/bin/jellyfin-mpv-shim"; always = false; } { - # stylix color overrides - border = lib.mkForce base08; - background = lib.mkForce base0A; - text = lib.mkForce base00; - }; - startup = - [ - #{ command = "${pkgs.jellyfin-mpv-shim}/bin/jellyfin-mpv-shim"; always = false; } - { command = "${pkgs.networkmanagerapplet}/bin/nm-applet --indicator"; always = true; } - { command = toString backgroundCommand; always = true; } - { - command = toString (pkgs.writers.writeDash "xsettings" '' + command = "${pkgs.networkmanagerapplet}/bin/nm-applet --indicator"; + always = true; + } + { + command = toString backgroundCommand; + always = true; + } + { + command = toString ( + pkgs.writers.writeDash "xsettings" '' # to allow sudo commands to access X ${pkgs.xorg.xhost}/bin/xhost + # no shitty pcspkr crap @@ -162,13 +178,15 @@ in # no sleeping monitor ${pkgs.xorg.xset}/bin/xset -dpms ${pkgs.xorg.xset}/bin/xset s off - ''); - always = true; - } - ]; + '' + ); + always = true; + } + ]; bars = [ - (config.lib.stylix.i3.bar // - { + ( + config.lib.stylix.i3.bar + // { #mode = "hide"; hiddenState = "hide"; position = "top"; diff --git a/homes/palo/packages/development.nix b/homes/palo/packages/development.nix index f385064..ab5a346 100644 --- a/homes/palo/packages/development.nix +++ b/homes/palo/packages/development.nix @@ -1,4 +1,9 @@ -{ pkgs, lib, config, ... }: +{ + pkgs, + lib, + config, + ... +}: with pkgs; with lib; { @@ -29,15 +34,18 @@ with lib; jetbrains.pycharm-professional # planing - ((ganttproject-bin.override { - jre = pkgs.openjdk11; - }).overrideAttrs (old: { - version = "3.1.3100"; - src = pkgs.fetchzip { - url = "https://dl.ganttproject.biz/ganttproject-3.1.3100/ganttproject-3.1.3100.zip"; - sha256 = "sha256-hw2paak0P670/kemiuqYHIaN0uUtkVKy+AX2X7OdnJ4="; - }; - })) + ( + (ganttproject-bin.override { + jre = pkgs.openjdk11; + }).overrideAttrs + (old: { + version = "3.1.3100"; + src = pkgs.fetchzip { + url = "https://dl.ganttproject.biz/ganttproject-3.1.3100/ganttproject-3.1.3100.zip"; + sha256 = "sha256-hw2paak0P670/kemiuqYHIaN0uUtkVKy+AX2X7OdnJ4="; + }; + }) + ) # Pkl # --- @@ -101,7 +109,8 @@ with lib; { home.packages = let - pandocScript = { inputFormat, outputFormat }: + pandocScript = + { inputFormat, outputFormat }: pkgs.writers.writeDashBin "pandoc-from-${inputFormat}-to-${outputFormat}" '' ${pkgs.pandoc}/bin/pandoc \ --from ${inputFormat} \ @@ -135,10 +144,26 @@ with lib; ${pkgs.less}/bin/less '') - ] ++ (map pandocScript (lib.cartesianProduct { - inputFormat = [ "man" "markdown" "mediawiki" "asciidoc" ]; - outputFormat = [ "mediawiki" "docbook5" "html5" "man" "jira" "markdown" "asciidoc" ]; - })); + ] + ++ (map pandocScript ( + lib.cartesianProduct { + inputFormat = [ + "man" + "markdown" + "mediawiki" + "asciidoc" + ]; + outputFormat = [ + "mediawiki" + "docbook5" + "html5" + "man" + "jira" + "markdown" + "asciidoc" + ]; + } + )); } ]; diff --git a/homes/palo/packages/graphics.nix b/homes/palo/packages/graphics.nix index 981a76a..f624a65 100644 --- a/homes/palo/packages/graphics.nix +++ b/homes/palo/packages/graphics.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: with pkgs; with lib; { diff --git a/homes/palo/packages/logseq.nix b/homes/palo/packages/logseq.nix index 889511e..c478e77 100644 --- a/homes/palo/packages/logseq.nix +++ b/homes/palo/packages/logseq.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: with pkgs; with lib; { diff --git a/homes/palo/packages/media.nix b/homes/palo/packages/media.nix index c295276..bba23c0 100644 --- a/homes/palo/packages/media.nix +++ b/homes/palo/packages/media.nix @@ -1,4 +1,9 @@ -{ pkgs, lib, config, ... }: +{ + pkgs, + lib, + config, + ... +}: with pkgs; with lib; { diff --git a/homes/palo/packages/nextcloud.nix b/homes/palo/packages/nextcloud.nix index aa7b40b..fe0b8f5 100644 --- a/homes/palo/packages/nextcloud.nix +++ b/homes/palo/packages/nextcloud.nix @@ -1,10 +1,16 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: with pkgs; with lib; let nextcloud-client = pkgs.legacy_2311.nextcloud-client; - nextcloudSync = folder: + nextcloudSync = + folder: let password = "$( ${pkgs.pass}/bin/pass show home/nextcloud/palo/nextcloudcmd-token )"; user = "palo"; @@ -16,19 +22,18 @@ let "https://${user}:${password}@nextcloud.ingolf-wagner.de" ''; - borrow = pkgs.writers.writeDashBin "borrow" - '' - ${getExe hledger-ui} \ - --all \ - --theme=terminal \ - --file ~/Nextcloud/Unterlagen/.hledger-borrow "$@" + borrow = pkgs.writers.writeDashBin "borrow" '' + ${getExe hledger-ui} \ + --all \ + --theme=terminal \ + --file ~/Nextcloud/Unterlagen/.hledger-borrow "$@" - ${getExe gum} confirm \ - --affirmative="update" \ - --negative="skip" \ - --default=false \ - "Syncronize with Nextcloud?" && ${getExe(nextcloudSync "Unterlagen")} - ''; + ${getExe gum} confirm \ + --affirmative="update" \ + --negative="skip" \ + --default=false \ + "Syncronize with Nextcloud?" && ${getExe (nextcloudSync "Unterlagen")} + ''; in { diff --git a/homes/palo/packages/packages.nix b/homes/palo/packages/packages.nix index 828c3f3..9ad2caf 100644 --- a/homes/palo/packages/packages.nix +++ b/homes/palo/packages/packages.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: with pkgs; with lib; { @@ -8,7 +13,6 @@ with lib; # ¯\_(ツ)_/¯ home.packages = [ - nixos-shell # bluetooth gui diff --git a/homes/palo/packages/social.nix b/homes/palo/packages/social.nix index ac82582..9f9b785 100644 --- a/homes/palo/packages/social.nix +++ b/homes/palo/packages/social.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: with pkgs; with lib; { diff --git a/homes/palo/ssh.nix b/homes/palo/ssh.nix index 9a939f7..66edfd3 100644 --- a/homes/palo/ssh.nix +++ b/homes/palo/ssh.nix @@ -1,4 +1,9 @@ -{ pkgs, lib, config, ... }: +{ + pkgs, + lib, + config, + ... +}: { home.packages = [ pkgs.sshuttle ]; diff --git a/homes/palo/taskwarrior.nix b/homes/palo/taskwarrior.nix index 5f0de7b..b872dba 100644 --- a/homes/palo/taskwarrior.nix +++ b/homes/palo/taskwarrior.nix @@ -1,29 +1,47 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: with lib; with types; let - mkMagicMergeOption = { description ? "", example ? { }, default ? { }, apply ? id, ... }: + mkMagicMergeOption = + { + description ? "", + example ? { }, + default ? { }, + apply ? id, + ... + }: mkOption { - inherit example description default apply; - type = with lib.types; + inherit + example + description + default + apply + ; + type = + with lib.types; let - valueType = nullOr - (oneOf [ + valueType = + nullOr (oneOf [ bool int float str (attrsOf valueType) (listOf valueType) - ]) // { - description = "bool, int, float or str"; - emptyValue.value = { }; - }; + ]) + // { + description = "bool, int, float or str"; + emptyValue.value = { }; + }; in valueType; }; - taskwarrior-tui = pkgs.legacy_2311.taskwarrior-tui; in @@ -31,69 +49,72 @@ in { # bugwarrior (a bit fiddly) - imports = [{ + imports = [ + { - options.bugwarrior.config = mkMagicMergeOption { - type = attrs; - default = { }; - }; + options.bugwarrior.config = mkMagicMergeOption { + type = attrs; + default = { }; + }; - config = { - home.file.".config/bugwarrior/bugwarrior.toml".source = (pkgs.formats.toml { }).generate "bugwarriorrc.toml" config.bugwarrior.config; - # todo : before deleting this, put it in logseq + config = { + home.file.".config/bugwarrior/bugwarrior.toml".source = + (pkgs.formats.toml { }).generate "bugwarriorrc.toml" + config.bugwarrior.config; + # todo : before deleting this, put it in logseq - home.packages = [ - (pkgs.legacy_2311.python3Packages.bugwarrior.overrideAttrs (old: { - version = "develop"; - src = pkgs.fetchFromGitHub { - owner = "ralphbean"; - repo = "bugwarrior"; - rev = "6554e70c199cc766a2b5e4e4fe22e4e46d64bba1"; - sha256 = "sha256-cKhL8FBH7wxCxXrybVRLfCHQTCxursFqtBDl3e1UUXs="; - }; - propagatedBuildInputs = old.propagatedBuildInputs ++ [ - pkgs.legacy_2311.python3Packages.pydantic - pkgs.legacy_2311.python3Packages.tomli - pkgs.legacy_2311.python3Packages.email-validator - pkgs.legacy_2311.python3Packages.packaging - ]; - })) - ]; - }; + home.packages = [ + (pkgs.legacy_2311.python3Packages.bugwarrior.overrideAttrs (old: { + version = "develop"; + src = pkgs.fetchFromGitHub { + owner = "ralphbean"; + repo = "bugwarrior"; + rev = "6554e70c199cc766a2b5e4e4fe22e4e46d64bba1"; + sha256 = "sha256-cKhL8FBH7wxCxXrybVRLfCHQTCxursFqtBDl3e1UUXs="; + }; + propagatedBuildInputs = old.propagatedBuildInputs ++ [ + pkgs.legacy_2311.python3Packages.pydantic + pkgs.legacy_2311.python3Packages.tomli + pkgs.legacy_2311.python3Packages.email-validator + pkgs.legacy_2311.python3Packages.packaging + ]; + })) + ]; + }; - }]; + } + ]; config = mkIf config.gui.enable { - home.packages = with pkgs; - [ + home.packages = with pkgs; [ - taskwarrior - taskwarrior-tui + taskwarrior + taskwarrior-tui - timewarrior - tasksh - taskwarrior-hooks - (pkgs.writeShellScriptBin "tsak" ''${pkgs.taskwarrior}/bin/task "$@"'') + timewarrior + tasksh + taskwarrior-hooks + (pkgs.writeShellScriptBin "tsak" ''${pkgs.taskwarrior}/bin/task "$@"'') - vit - (pkgs.writers.writeBashBin "active" "${taskwarrior-tui}/bin/taskwarrior-tui -r active") - (pkgs.writers.writeBashBin "todo" "${taskwarrior-tui}/bin/taskwarrior-tui -r todo") + vit + (pkgs.writers.writeBashBin "active" "${taskwarrior-tui}/bin/taskwarrior-tui -r active") + (pkgs.writers.writeBashBin "todo" "${taskwarrior-tui}/bin/taskwarrior-tui -r todo") - (pkgs.writers.writeBashBin "calendar" '' - ${pkgs.taskwarrior}/bin/task calendar - ${pkgs.taskwarrior}/bin/task calendar_report - '') + (pkgs.writers.writeBashBin "calendar" '' + ${pkgs.taskwarrior}/bin/task calendar + ${pkgs.taskwarrior}/bin/task calendar_report + '') - # todo : belongs to calendar.nix - vdirsyncer - khal - (pkgs.writers.writeBashBin "kalendar" '' - ${pkgs.vdirsyncer}/bin/vdirsyncer sync - ${pkgs.khal}/bin/ikhal - '') + # todo : belongs to calendar.nix + vdirsyncer + khal + (pkgs.writers.writeBashBin "kalendar" '' + ${pkgs.vdirsyncer}/bin/vdirsyncer sync + ${pkgs.khal}/bin/ikhal + '') - ]; + ]; }; diff --git a/homes/tina/logseq.nix b/homes/tina/logseq.nix index 64b4d00..fb73fdd 100644 --- a/homes/tina/logseq.nix +++ b/homes/tina/logseq.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: with pkgs; with lib; { @@ -6,13 +11,17 @@ with lib; home.packages = [ logseq ]; - home.file.".config/Logseq/Preferences".source = (pkgs.formats.json { }).generate "LogseqPreferences.json" - { - spellcheck = { - dictionaries = [ "en-US" "de-DE" ]; - dictionary = ""; + home.file.".config/Logseq/Preferences".source = + (pkgs.formats.json { }).generate "LogseqPreferences.json" + { + spellcheck = { + dictionaries = [ + "en-US" + "de-DE" + ]; + dictionary = ""; + }; }; - }; }; } diff --git a/homes/tina/packages.nix b/homes/tina/packages.nix index 01438d2..3d7e9c2 100644 --- a/homes/tina/packages.nix +++ b/homes/tina/packages.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: with pkgs; with lib; { @@ -25,10 +30,7 @@ with lib; pdfarranger calibre - ]; - - }; } diff --git a/images/lib/remote-access.nix b/images/lib/remote-access.nix index b1f71ad..b8557a8 100644 --- a/images/lib/remote-access.nix +++ b/images/lib/remote-access.nix @@ -1,11 +1,16 @@ { # cat ~/.ssh/id_rsa.pub - publicSshKey ? "" -, # remote-install-get-hiddenReceiver - hiddenReceiver ? "" -, + publicSshKey ? "", + # remote-install-get-hiddenReceiver + hiddenReceiver ? "", }: -{ config, lib, pkgs, ... }: { +{ + config, + lib, + pkgs, + ... +}: +{ imports = [ { @@ -13,7 +18,9 @@ networking.hostName = "liveos"; users.extraUsers = { - root = { openssh.authorizedKeys.keys = [ publicSshKey ]; }; + root = { + openssh.authorizedKeys.keys = [ publicSshKey ]; + }; }; } { @@ -104,15 +111,20 @@ client.enable = true; relay.onionServices.hidden-ssh = { version = 3; - map = [{ - port = 22; - target.port = 22; - }]; + map = [ + { + port = 22; + target.port = 22; + } + ]; }; }; systemd.services.hidden-ssh-announce = { description = "irc announce hidden ssh"; - after = [ "tor.service" "network-online.target" ]; + after = [ + "tor.service" + "network-online.target" + ]; wants = [ "tor.service" ]; wantedBy = [ "multi-user.target" ]; serviceConfig = { diff --git a/images/machine-init-configuration.nix b/images/machine-init-configuration.nix index 4504fe1..c76da1a 100644 --- a/images/machine-init-configuration.nix +++ b/images/machine-init-configuration.nix @@ -1,15 +1,19 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: { - imports = - [ - # Include the results of the hardware scan. - ./hardware-configuration.nix + imports = [ + # Include the results of the hardware scan. + ./hardware-configuration.nix - "${builtins.fetchTarball "https://github.com/nix-community/disko/archive/master.tar.gz"}/module.nix" - (import ./disko-config.nix { }) - ]; + "${builtins.fetchTarball "https://github.com/nix-community/disko/archive/master.tar.gz"}/module.nix" + (import ./disko-config.nix { }) + ]; networking.hostName = "nixos"; @@ -42,7 +46,9 @@ services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw== contact@ingolf-wagner.de" ]; + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw== contact@ingolf-wagner.de" + ]; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions @@ -52,5 +58,4 @@ # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "22.11"; # Did you read the comment? - } diff --git a/images/remote-install/config.nix b/images/remote-install/config.nix index c83b018..a64382d 100644 --- a/images/remote-install/config.nix +++ b/images/remote-install/config.nix @@ -4,8 +4,7 @@ let remote-access = import ../lib/remote-access.nix { # cat ~/.ssh/id_rsa.pub - publicSshKey = - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw=="; + publicSshKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw=="; # remote-install-get-hiddenReceiver hiddenReceiver = ""; diff --git a/images/remote-install/remote-install.nix b/images/remote-install/remote-install.nix index 7d1d24d..2930f16 100644 --- a/images/remote-install/remote-install.nix +++ b/images/remote-install/remote-install.nix @@ -3,7 +3,7 @@ services.tor = { enable = true; client.enable = true; - relay.onionServices.liveos.map = [{ port = 1337; }]; + relay.onionServices.liveos.map = [ { port = 1337; } ]; }; environment.systemPackages = [ diff --git a/images/translate-setup/audio.nix b/images/translate-setup/audio.nix index fce4297..a5188c6 100644 --- a/images/translate-setup/audio.nix +++ b/images/translate-setup/audio.nix @@ -1,10 +1,22 @@ -{ pkgs, lib, config, ... }: { - users.users.mainUser.extraGroups = [ "audio" "pipewire" ]; +{ + pkgs, + lib, + config, + ... +}: +{ + users.users.mainUser.extraGroups = [ + "audio" + "pipewire" + ]; hardware.pulseaudio = { enable = true; package = pkgs.pulseaudioFull; }; - environment.systemPackages = with pkgs; [ alsaUtils pavucontrol ]; + environment.systemPackages = with pkgs; [ + alsaUtils + pavucontrol + ]; } diff --git a/images/translate-setup/config.nix b/images/translate-setup/config.nix index a46899a..3416dd0 100644 --- a/images/translate-setup/config.nix +++ b/images/translate-setup/config.nix @@ -1,6 +1,15 @@ -{ pkgs, lib, config, ... }: { +{ + pkgs, + lib, + config, + ... +}: +{ - imports = [ ./x11.nix ./audio.nix ]; + imports = [ + ./x11.nix + ./audio.nix + ]; #networking.networkmanager.enable = true; #networking.wireless.enable = false; diff --git a/images/translate-setup/x11.nix b/images/translate-setup/x11.nix index f584bbb..49ce6b9 100644 --- a/images/translate-setup/x11.nix +++ b/images/translate-setup/x11.nix @@ -1,4 +1,10 @@ -{ pkgs, config, lib, ... }: { +{ + pkgs, + config, + lib, + ... +}: +{ services.xserver = { enable = true; @@ -44,6 +50,11 @@ # Packages # -------- - environment.systemPackages = with pkgs; [ flameshot pavucontrol mumble vlc ]; + environment.systemPackages = with pkgs; [ + flameshot + pavucontrol + mumble + vlc + ]; } diff --git a/images/usb-init-configuration.nix b/images/usb-init-configuration.nix index 115bcd9..b89661f 100644 --- a/images/usb-init-configuration.nix +++ b/images/usb-init-configuration.nix @@ -1,17 +1,19 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: { - - imports = - [ - # Include the results of the hardware scan. - ./hardware-configuration.nix - ]; + imports = [ + # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; networking.hostName = "nixos"; - # grub configuraton # ----------------- boot.loader.grub.enable = true; @@ -41,7 +43,9 @@ services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw== contact@ingolf-wagner.de" ]; + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw== contact@ingolf-wagner.de" + ]; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions @@ -51,5 +55,4 @@ # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "22.11"; # Did you read the comment? - } diff --git a/images/windows-rescue/config.nix b/images/windows-rescue/config.nix index c207ade..26c492b 100644 --- a/images/windows-rescue/config.nix +++ b/images/windows-rescue/config.nix @@ -8,8 +8,7 @@ let plainTextPassword = ""; }; remote-access = import ../lib/remote-access.nix { - publicSshKey = - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw=="; + publicSshKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw=="; hiddenReceiver = ""; }; in @@ -17,7 +16,10 @@ in imports = [ remote-access ]; - environment.systemPackages = [ pkgs.chntpw pkgs.ntfs3g ]; + environment.systemPackages = [ + pkgs.chntpw + pkgs.ntfs3g + ]; networking.dhcpcd.enable = true; networking.wireless = { diff --git a/images/yubikey-image.nix b/images/yubikey-image.nix index 169d478..29ddb48 100644 --- a/images/yubikey-image.nix +++ b/images/yubikey-image.nix @@ -12,8 +12,7 @@ let sha256 = "0rzy06a5xgfjpaklxdgrxml24d0vhk78lb577l3z4x7a2p32dbyq"; }; buildInputs = [ pkgs.pandoc ]; - installPhase = - "pandoc --highlight-style pygments -s --toc README.md -o $out"; + installPhase = "pandoc --highlight-style pygments -s --toc README.md -o $out"; }; in { diff --git a/lib/clanlib.nix b/lib/clanlib.nix index 6f19a6c..454e2cd 100644 --- a/lib/clanlib.nix +++ b/lib/clanlib.nix @@ -3,17 +3,14 @@ let allMachineNames = lib.mapAttrsToList (name: _: name) (builtins.readDir machineDir); - getFactPath = fact: machine: - "${machineDir}/${machine}/facts/${fact}"; + getFactPath = fact: machine: "${machineDir}/${machine}/facts/${fact}"; - readFact = fact: machine: + readFact = + fact: machine: let path = getFactPath fact machine; in - if builtins.pathExists path then - builtins.readFile path - else - null; + if builtins.pathExists path then builtins.readFile path else null; # Example: # @@ -22,7 +19,8 @@ let # machineA = "1.2.3.4"; # machineB = "5.6.7.8"; # }; - readFactFromAllMachines = fact: + readFactFromAllMachines = + fact: let machines = allMachineNames; facts = lib.genAttrs machines (readFact fact); @@ -47,18 +45,27 @@ let # "synching.pub" = "23456719"; # }; # }; - readFactsFromAllMachines = facts: + readFactsFromAllMachines = + facts: let # machine -> fact -> factvalue - machinesFactsAttrs = lib.genAttrs allMachineNames (machine: lib.genAttrs facts (fact: readFact fact machine)); + machinesFactsAttrs = lib.genAttrs allMachineNames ( + machine: lib.genAttrs facts (fact: readFact fact machine) + ); # remove all machines which don't have all facts set - filteredMachineFactAttrs = - lib.filterAttrs (_machine: values: builtins.all (fact: values.${fact} != null) facts) - machinesFactsAttrs; + filteredMachineFactAttrs = lib.filterAttrs ( + _machine: values: builtins.all (fact: values.${fact} != null) facts + ) machinesFactsAttrs; in filteredMachineFactAttrs; - - in -{ inherit allMachineNames getFactPath readFact readFactFromAllMachines readFactsFromAllMachines; } +{ + inherit + allMachineNames + getFactPath + readFact + readFactFromAllMachines + readFactsFromAllMachines + ; +} diff --git a/machines/cherry/37c3.nix b/machines/cherry/37c3.nix index 24cb476..d16c885 100644 --- a/machines/cherry/37c3.nix +++ b/machines/cherry/37c3.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let interface = "wlp170s0"; in @@ -26,9 +31,9 @@ in phase2-auth = "pap"; altsubject-matches = "DNS:radius.c3noc.net"; ca-cert = "${builtins.fetchurl { - url = "https://letsencrypt.org/certs/isrgrootx1.pem"; - sha256 = "sha256:1la36n2f31j9s03v847ig6ny9lr875q3g7smnq33dcsmf2i5gd92"; - }}"; + url = "https://letsencrypt.org/certs/isrgrootx1.pem"; + sha256 = "sha256:1la36n2f31j9s03v847ig6ny9lr875q3g7smnq33dcsmf2i5gd92"; + }}"; }; ipv4 = { method = "auto"; diff --git a/machines/cherry/configuration.nix b/machines/cherry/configuration.nix index a1325d8..8ab0631 100644 --- a/machines/cherry/configuration.nix +++ b/machines/cherry/configuration.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: { imports = [ @@ -37,7 +42,6 @@ # (promptKey "pushover.user_key") // # (promptKey "pushover.api_key"); - components.virtualisation.enable = true; components.gui.enable = true; @@ -52,11 +56,13 @@ components.monitor.opentelemetry.exporter.endpoint = "10.100.0.1:4317"; # orbi #components.monitor.opentelemetry.exporter.debug = "logs"; - home-manager.users.mainUser.home.sessionPath = [ "$HOME/.timewarrior/scripts" ]; home-manager.users.mainUser.bugwarrior.config = { general = { - targets = [ "terranix" "my_github" ]; + targets = [ + "terranix" + "my_github" + ]; log_level = "INFO"; static_fields = [ "priority" ]; merge_annotations = false; @@ -84,12 +90,15 @@ add_tags = "github"; include_user_issues = true; include_user_repos = true; - exclude_repos = [ "azubi" "csv-to-qif" "stepp0r" ]; + exclude_repos = [ + "azubi" + "csv-to-qif" + "stepp0r" + ]; }; # todo : add github issues }; - users.users.mainUser.extraGroups = [ "pipewire" ]; services.nginx.enable = true; diff --git a/machines/cherry/hardware-configuration/default.nix b/machines/cherry/hardware-configuration/default.nix index cdf3b7c..b7db2c0 100644 --- a/machines/cherry/hardware-configuration/default.nix +++ b/machines/cherry/hardware-configuration/default.nix @@ -1,4 +1,9 @@ -{ lib, config, factsGenerator, ... }: +{ + lib, + config, + factsGenerator, + ... +}: { imports = [ ./disko-config.nix @@ -24,6 +29,4 @@ ACTION=="add|change", KERNEL=="sd[a-z]*[0-9]*|mmcblk[0-9]*p[0-9]*|nvme[0-9]*n[0-9]*p[0-9]*", ENV{ID_FS_TYPE}=="zfs_member", ATTR{../queue/scheduler}="none" ''; - - } diff --git a/machines/cherry/hardware-configuration/disko-config.nix b/machines/cherry/hardware-configuration/disko-config.nix index c78f4d0..a66cc08 100644 --- a/machines/cherry/hardware-configuration/disko-config.nix +++ b/machines/cherry/hardware-configuration/disko-config.nix @@ -70,4 +70,3 @@ }; } - diff --git a/machines/cherry/hardware-configuration/graphics.nix b/machines/cherry/hardware-configuration/graphics.nix index d1edcd0..836865a 100644 --- a/machines/cherry/hardware-configuration/graphics.nix +++ b/machines/cherry/hardware-configuration/graphics.nix @@ -14,6 +14,8 @@ hardware.graphics.enable32Bit = true; hardware.graphics.extraPackages32 = with pkgs.pkgsi686Linux; [ intel-vaapi-driver ]; - environment.sessionVariables = { LIBVA_DRIVER_NAME = "i965"; }; # Optionally, set the environment variable + environment.sessionVariables = { + LIBVA_DRIVER_NAME = "i965"; + }; # Optionally, set the environment variable } diff --git a/machines/cherry/hardware-configuration/hardware-configuration.nix b/machines/cherry/hardware-configuration/hardware-configuration.nix index 9d7c395..78dd140 100644 --- a/machines/cherry/hardware-configuration/hardware-configuration.nix +++ b/machines/cherry/hardware-configuration/hardware-configuration.nix @@ -1,15 +1,26 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { - imports = - [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ]; + boot.initrd.availableKernelModules = [ + "xhci_pci" + "thunderbolt" + "nvme" + "usb_storage" + "sd_mod" + ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; diff --git a/machines/cherry/network-tinc_retiolum.nix b/machines/cherry/network-tinc_retiolum.nix index 31c4b1d..f86da8e 100644 --- a/machines/cherry/network-tinc_retiolum.nix +++ b/machines/cherry/network-tinc_retiolum.nix @@ -7,8 +7,10 @@ networking.retiolum.nodename = "cherry"; services.tinc.networks.retiolum = { - ed25519PrivateKeyFile = config.clan.core.facts.services.tinc_retiolum.secret."tinc.retiolum.ed25519_key.priv".path; - rsaPrivateKeyFile = config.clan.core.facts.services.tinc_retiolum.secret."tinc.retiolum.rsa_key.priv".path; + ed25519PrivateKeyFile = + config.clan.core.facts.services.tinc_retiolum.secret."tinc.retiolum.ed25519_key.priv".path; + rsaPrivateKeyFile = + config.clan.core.facts.services.tinc_retiolum.secret."tinc.retiolum.rsa_key.priv".path; }; #fileSystems."/retiolum/sicily" = { diff --git a/machines/cherry/network-wireguard-wg0.nix b/machines/cherry/network-wireguard-wg0.nix index f509825..9962536 100644 --- a/machines/cherry/network-wireguard-wg0.nix +++ b/machines/cherry/network-wireguard-wg0.nix @@ -1,4 +1,9 @@ -{ config, factsGenerator, clanLib, ... }: +{ + config, + factsGenerator, + clanLib, + ... +}: { networking.firewall.allowedUDPPorts = [ 51820 ]; clan.core.facts.services.wireguard = factsGenerator.wireguard { name = "wg0"; }; diff --git a/machines/cherry/network-wireguard-wg1.nix b/machines/cherry/network-wireguard-wg1.nix index 3dc6481..f871518 100644 --- a/machines/cherry/network-wireguard-wg1.nix +++ b/machines/cherry/network-wireguard-wg1.nix @@ -14,10 +14,14 @@ }; home-manager.users.root.home.packages = [ (pkgs.writers.writeBashBin "wg1-up" '' - ${pkgs.wireguard-tools}/bin/wg-quick up ${config.clan.core.facts.services.wg1.secret."wg1.conf".path} + ${pkgs.wireguard-tools}/bin/wg-quick up ${ + config.clan.core.facts.services.wg1.secret."wg1.conf".path + } '') (pkgs.writers.writeBashBin "wg1-down" '' - ${pkgs.wireguard-tools}/bin/wg-quick down ${config.clan.core.facts.services.wg1.secret."wg1.conf".path} + ${pkgs.wireguard-tools}/bin/wg-quick down ${ + config.clan.core.facts.services.wg1.secret."wg1.conf".path + } '') ]; } diff --git a/machines/cherry/syncthing.nix b/machines/cherry/syncthing.nix index 6d02291..5754fa7 100644 --- a/machines/cherry/syncthing.nix +++ b/machines/cherry/syncthing.nix @@ -1,4 +1,10 @@ -{ config, pkgs, lib, ... }: { +{ + config, + pkgs, + lib, + ... +}: +{ services.syncthing = { enable = true; diff --git a/machines/chungus/configuration.nix b/machines/chungus/configuration.nix index 21d9927..f82d867 100644 --- a/machines/chungus/configuration.nix +++ b/machines/chungus/configuration.nix @@ -1,4 +1,10 @@ -{ config, pkgs, lib, ... }: { +{ + config, + pkgs, + lib, + ... +}: +{ imports = [ @@ -66,7 +72,6 @@ services.printing.enable = false; - networking.hostName = "chungus"; # nix-shell -p speedtest_cli --run speedtest @@ -81,4 +86,3 @@ system.stateVersion = "23.11"; } - diff --git a/machines/chungus/hardware-configuration/default.nix b/machines/chungus/hardware-configuration/default.nix index 336a0ba..d81e286 100644 --- a/machines/chungus/hardware-configuration/default.nix +++ b/machines/chungus/hardware-configuration/default.nix @@ -1,4 +1,9 @@ -{ config, factsGenerator, clanLib, ... }: +{ + config, + factsGenerator, + clanLib, + ... +}: { imports = [ ./disko-config.nix diff --git a/machines/chungus/hardware-configuration/disko-config.nix b/machines/chungus/hardware-configuration/disko-config.nix index e087c21..f700b97 100644 --- a/machines/chungus/hardware-configuration/disko-config.nix +++ b/machines/chungus/hardware-configuration/disko-config.nix @@ -20,42 +20,43 @@ in ''; disko.devices = { - disk = { - root = { - type = "disk"; - device = "/dev/nvme0n1"; - content = { - type = "gpt"; - partitions = { - boot = { - priority = 1; - size = "500M"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ - "defaults" - ]; - }; - }; - root = { - priority = 100; - size = "100%"; - content = { - type = "luks"; - name = "root"; + disk = + { + root = { + type = "disk"; + device = "/dev/nvme0n1"; + content = { + type = "gpt"; + partitions = { + boot = { + priority = 1; + size = "500M"; content = { - type = "zfs"; - pool = "zroot"; + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ + "defaults" + ]; + }; + }; + root = { + priority = 100; + size = "100%"; + content = { + type = "luks"; + name = "root"; + content = { + type = "zfs"; + pool = "zroot"; + }; }; }; }; }; }; - }; - } // builtins.mapAttrs - (name: device_path: { + } + // builtins.mapAttrs (name: device_path: { type = "disk"; device = device_path; content = { @@ -74,9 +75,7 @@ in }; }; }; - } - ) - raid_disks; + }) raid_disks; zpool = { @@ -241,4 +240,3 @@ in }; }; } - diff --git a/machines/chungus/hardware-configuration/graphics.nix b/machines/chungus/hardware-configuration/graphics.nix index d1edcd0..836865a 100644 --- a/machines/chungus/hardware-configuration/graphics.nix +++ b/machines/chungus/hardware-configuration/graphics.nix @@ -14,6 +14,8 @@ hardware.graphics.enable32Bit = true; hardware.graphics.extraPackages32 = with pkgs.pkgsi686Linux; [ intel-vaapi-driver ]; - environment.sessionVariables = { LIBVA_DRIVER_NAME = "i965"; }; # Optionally, set the environment variable + environment.sessionVariables = { + LIBVA_DRIVER_NAME = "i965"; + }; # Optionally, set the environment variable } diff --git a/machines/chungus/hardware-configuration/hardware-configuration.nix b/machines/chungus/hardware-configuration/hardware-configuration.nix index 93f6a93..8283845 100644 --- a/machines/chungus/hardware-configuration/hardware-configuration.nix +++ b/machines/chungus/hardware-configuration/hardware-configuration.nix @@ -1,15 +1,27 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { - imports = - [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.availableKernelModules = [ + "xhci_pci" + "ahci" + "nvme" + "usbhid" + "usb_storage" + "sd_mod" + ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; diff --git a/machines/chungus/hass-mqtt.nix b/machines/chungus/hass-mqtt.nix index 9bb6aea..c82e0ee 100644 --- a/machines/chungus/hass-mqtt.nix +++ b/machines/chungus/hass-mqtt.nix @@ -1,12 +1,15 @@ -{ lib, ... }: { +{ lib, ... }: +{ services.mosquitto = { enable = true; - listeners = [{ - acl = [ "pattern readwrite #" ]; - omitPasswordAuth = true; - settings.allow_anonymous = true; - }]; + listeners = [ + { + acl = [ "pattern readwrite #" ]; + omitPasswordAuth = true; + settings.allow_anonymous = true; + } + ]; }; # open for tasmota diff --git a/machines/chungus/hass-zigbee2mqtt.nix b/machines/chungus/hass-zigbee2mqtt.nix index 466e602..f47d73e 100644 --- a/machines/chungus/hass-zigbee2mqtt.nix +++ b/machines/chungus/hass-zigbee2mqtt.nix @@ -1,4 +1,9 @@ -{ pkgs, lib, config, ... }: +{ + pkgs, + lib, + config, + ... +}: { imports = [ ./hass-mqtt.nix ]; diff --git a/machines/chungus/hass.nix b/machines/chungus/hass.nix index 7ca8f8e..868b969 100644 --- a/machines/chungus/hass.nix +++ b/machines/chungus/hass.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: { virtualisation.oci-containers = { diff --git a/machines/chungus/media-audiobookshelf.nix b/machines/chungus/media-audiobookshelf.nix index 40f23f5..07af2be 100644 --- a/machines/chungus/media-audiobookshelf.nix +++ b/machines/chungus/media-audiobookshelf.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: with pkgs; let port = 8000; diff --git a/machines/chungus/media-curl.nix b/machines/chungus/media-curl.nix index 9aa6722..ee7689b 100644 --- a/machines/chungus/media-curl.nix +++ b/machines/chungus/media-curl.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: with lib; let configuration = { @@ -14,18 +19,24 @@ let StableConfussion = { url = "http://stable-confusion.r/outputs/"; target = "/media/curl/stable-confusion"; - options = [ "--mirror" "--quiet" ]; + options = [ + "--mirror" + "--quiet" + ]; command = "wget"; }; }; downloadScript = - name: { url - , options - , target - , command ? "curl" - }: pkgs.writers.writeDash "curl-script-${name}" '' + name: + { + url, + options, + target, + command ? "curl", + }: + pkgs.writers.writeDash "curl-script-${name}" '' mkdir -p "${target}" cd "${target}" ${command} ${concatStringsSep " " options} "${url}" @@ -36,14 +47,15 @@ in systemd.services.curl-download = { after = [ "network.target" ]; - path = [ pkgs.curl pkgs.wget ]; + path = [ + pkgs.curl + pkgs.wget + ]; serviceConfig = { User = "media"; Group = "media"; }; - script = (concatStringsSep "\n" - (mapAttrsToList downloadScript configuration) - ); + script = (concatStringsSep "\n" (mapAttrsToList downloadScript configuration)); }; systemd.timers.curl-download = { diff --git a/machines/chungus/media-jellyfin.nix b/machines/chungus/media-jellyfin.nix index f68b86f..89094df 100644 --- a/machines/chungus/media-jellyfin.nix +++ b/machines/chungus/media-jellyfin.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: { services.jellyfin = { enable = true; diff --git a/machines/chungus/media-navidrome.nix b/machines/chungus/media-navidrome.nix index 0dd2616..24ce819 100644 --- a/machines/chungus/media-navidrome.nix +++ b/machines/chungus/media-navidrome.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: { services.navidrome = { diff --git a/machines/chungus/media-share.nix b/machines/chungus/media-share.nix index c4c4751..53d55e0 100644 --- a/machines/chungus/media-share.nix +++ b/machines/chungus/media-share.nix @@ -1,8 +1,14 @@ { config, ... }: { - networking.firewall.interfaces.enp0s31f6.allowedTCPPorts = [ 445 139 ]; - networking.firewall.interfaces.enp0s31f6.allowedUDPPorts = [ 137 138 ]; + networking.firewall.interfaces.enp0s31f6.allowedTCPPorts = [ + 445 + 139 + ]; + networking.firewall.interfaces.enp0s31f6.allowedUDPPorts = [ + 137 + 138 + ]; # To set password: # nix-shell -p samba --run "smbpasswd -a media" diff --git a/machines/chungus/media-syncthing.nix b/machines/chungus/media-syncthing.nix index 5e10f6d..0200d0a 100644 --- a/machines/chungus/media-syncthing.nix +++ b/machines/chungus/media-syncthing.nix @@ -1,4 +1,10 @@ -{ config, pkgs, lib, ... }: { +{ + config, + pkgs, + lib, + ... +}: +{ services.syncthing = { enable = true; diff --git a/machines/chungus/media-youtube.nix b/machines/chungus/media-youtube.nix index 2a9e0c2..3c1875a 100644 --- a/machines/chungus/media-youtube.nix +++ b/machines/chungus/media-youtube.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: with lib; let configuration = { @@ -168,21 +173,24 @@ let }; downloadScript = - name: { url - , target - , output - , sponsorBlockCategories ? [ "default" ] - , notOlderThan ? "" # e.g: 1week - , breakOnExisting ? true - , reverse ? false - }: pkgs.writers.writeDash "download-script-${name}" '' + name: + { + url, + target, + output, + sponsorBlockCategories ? [ "default" ], + notOlderThan ? "", # e.g: 1week + breakOnExisting ? true, + reverse ? false, + }: + pkgs.writers.writeDash "download-script-${name}" '' mkdir -p "${target}" yt-dlp \ --no-abort-on-error \ --no-mark-watched \ --continue \ - ${optionalString (notOlderThan != "") "--dateafter now-${notOlderThan}" } \ - ${optionalString reverse "--playlist-reverse" } \ + ${optionalString (notOlderThan != "") "--dateafter now-${notOlderThan}"} \ + ${optionalString reverse "--playlist-reverse"} \ --download-archive "${target}/.downloaded.txt" \ --output "${target}/${output}" \ --format "bestvideo[ext=mp4]+bestaudio[ext=m4a]" \ @@ -191,8 +199,12 @@ let --write-thumbnail \ --convert-thumbnail jpg \ --sponsorblock-mark "default" \ - ${optionalString (sponsorBlockCategories != []) "--sponsorblock-remove ${concatStringsSep "," sponsorBlockCategories}" } \ - ${optionalString breakOnExisting "--break-on-existing" } \ + ${ + optionalString ( + sponsorBlockCategories != [ ] + ) "--sponsorblock-remove ${concatStringsSep "," sponsorBlockCategories}" + } \ + ${optionalString breakOnExisting "--break-on-existing"} \ "${url}" || true ''; @@ -206,9 +218,7 @@ in User = "media"; Group = "media"; }; - script = (concatStringsSep "\n" - (mapAttrsToList downloadScript configuration) - ); + script = (concatStringsSep "\n" (mapAttrsToList downloadScript configuration)); }; systemd.timers.youtube = { diff --git a/machines/chungus/network-tinc-retiolum.nix b/machines/chungus/network-tinc-retiolum.nix index 2bac2d0..727ebce 100644 --- a/machines/chungus/network-tinc-retiolum.nix +++ b/machines/chungus/network-tinc-retiolum.nix @@ -6,7 +6,9 @@ networking.retiolum.nodename = "centauri"; services.tinc.networks.retiolum = { - ed25519PrivateKeyFile = config.clan.core.facts.services.tinc_retiolum.secret."tinc.retiolum.ed25519_key.priv".path; - rsaPrivateKeyFile = config.clan.core.facts.services.tinc_retiolum.secret."tinc.retiolum.rsa_key.priv".path; + ed25519PrivateKeyFile = + config.clan.core.facts.services.tinc_retiolum.secret."tinc.retiolum.ed25519_key.priv".path; + rsaPrivateKeyFile = + config.clan.core.facts.services.tinc_retiolum.secret."tinc.retiolum.rsa_key.priv".path; }; } diff --git a/machines/chungus/network-wireguard.nix b/machines/chungus/network-wireguard.nix index ad538fc..f62f5aa 100644 --- a/machines/chungus/network-wireguard.nix +++ b/machines/chungus/network-wireguard.nix @@ -1,4 +1,9 @@ -{ config, factsGenerator, clanLib, ... }: +{ + config, + factsGenerator, + clanLib, + ... +}: { networking.firewall.allowedUDPPorts = [ 51820 ]; clan.core.facts.services.wireguard = factsGenerator.wireguard { name = "wg0"; }; diff --git a/machines/chungus/packages.nix b/machines/chungus/packages.nix index f0e4a0b..4a1fb22 100644 --- a/machines/chungus/packages.nix +++ b/machines/chungus/packages.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: { environment.systemPackages = [ diff --git a/machines/chungus/service-atuin.nix b/machines/chungus/service-atuin.nix index e4695ee..db876be 100644 --- a/machines/chungus/service-atuin.nix +++ b/machines/chungus/service-atuin.nix @@ -1,4 +1,10 @@ -{ config, pkgs, assets, ... }: { +{ + config, + pkgs, + assets, + ... +}: +{ services.atuin = { enable = true; package = pkgs.legacy_2405.atuin.overrideAttrs (_old: { diff --git a/machines/chungus/service-paperless.nix b/machines/chungus/service-paperless.nix index 1624448..456ecc9 100644 --- a/machines/chungus/service-paperless.nix +++ b/machines/chungus/service-paperless.nix @@ -1,4 +1,10 @@ -{ config, pkgs, nixos-artwork, ... }: { +{ + config, + pkgs, + nixos-artwork, + ... +}: +{ services.paperless = { enable = true; @@ -6,7 +12,10 @@ settings = { PAPERLESS_OCR_LANGUAGE = "deu+eng"; PAPERLESS_APP_TITLE = "paperless.chungus.private"; - PAPERLESS_CONSUMER_IGNORE_PATTERN = builtins.toJSON [ ".DS_STORE/*" "desktop.ini" ]; + PAPERLESS_CONSUMER_IGNORE_PATTERN = builtins.toJSON [ + ".DS_STORE/*" + "desktop.ini" + ]; PAPERLESS_EMAIL_TASK_CRON = "0 */8 * * *"; # “At minute 0 past every 8th hour.” #PAPERLESS_CONSUMER_DELETE_DUPLICATES = false; }; diff --git a/machines/chungus/services-forgejo.nix b/machines/chungus/services-forgejo.nix index 7f3f903..87e0a97 100644 --- a/machines/chungus/services-forgejo.nix +++ b/machines/chungus/services-forgejo.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: { services.nginx = { diff --git a/machines/chungus/services-s3.nix b/machines/chungus/services-s3.nix index db5112a..4c26646 100644 --- a/machines/chungus/services-s3.nix +++ b/machines/chungus/services-s3.nix @@ -1,7 +1,10 @@ { config, factsGenerator, ... }: { - clan.core.facts.services.s3 = factsGenerator.password { name = "root"; service = "s3"; }; + clan.core.facts.services.s3 = factsGenerator.password { + name = "root"; + service = "s3"; + }; services.minio = { enable = true; diff --git a/machines/chungus/sync-rbackup.nix b/machines/chungus/sync-rbackup.nix index a228176..0b4b41d 100644 --- a/machines/chungus/sync-rbackup.nix +++ b/machines/chungus/sync-rbackup.nix @@ -42,5 +42,4 @@ in }; }; - } diff --git a/machines/chungus/sync-syncoid.nix b/machines/chungus/sync-syncoid.nix index 3846161..531311f 100644 --- a/machines/chungus/sync-syncoid.nix +++ b/machines/chungus/sync-syncoid.nix @@ -1,4 +1,9 @@ -{ pkgs, config, factsGenerator, ... }: +{ + pkgs, + config, + factsGenerator, + ... +}: let tld = config.clan.static-hosts.topLevelDomain; in diff --git a/machines/chungus/taskwarrior-autotag.nix b/machines/chungus/taskwarrior-autotag.nix index 521e8ec..517d27c 100644 --- a/machines/chungus/taskwarrior-autotag.nix +++ b/machines/chungus/taskwarrior-autotag.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: { diff --git a/machines/chungus/telemetry/loki.nix b/machines/chungus/telemetry/loki.nix index 3552e0c..96bd3c1 100644 --- a/machines/chungus/telemetry/loki.nix +++ b/machines/chungus/telemetry/loki.nix @@ -33,7 +33,10 @@ ]; }; service.pipelines.logs.exporters = [ "loki" ]; - service.pipelines.logs.processors = [ "resource" "attributes" ]; + service.pipelines.logs.processors = [ + "resource" + "attributes" + ]; }; services.loki = { @@ -64,16 +67,18 @@ }; schema_config = { - configs = [{ - from = "2024-05-28"; - store = "tsdb"; - object_store = "filesystem"; - schema = "v13"; - index = { - prefix = "index_"; - period = "24h"; - }; - }]; + configs = [ + { + from = "2024-05-28"; + store = "tsdb"; + object_store = "filesystem"; + schema = "v13"; + index = { + prefix = "index_"; + period = "24h"; + }; + } + ]; }; storage_config = { diff --git a/machines/chungus/telemetry/prometheus.nix b/machines/chungus/telemetry/prometheus.nix index 14aea33..18cb59d 100644 --- a/machines/chungus/telemetry/prometheus.nix +++ b/machines/chungus/telemetry/prometheus.nix @@ -1,4 +1,10 @@ -{ config, pkgs, lib, ... }: { +{ + config, + pkgs, + lib, + ... +}: +{ services.nginx = { enable = true; @@ -9,7 +15,9 @@ allow ${config.tinc.private.subnet}; deny all; ''; - locations."/" = { proxyPass = "http://localhost:${toString config.services.prometheus.port}"; }; + locations."/" = { + proxyPass = "http://localhost:${toString config.services.prometheus.port}"; + }; }; }; }; diff --git a/machines/chungus/telemetry/telegraf-smart.nix b/machines/chungus/telemetry/telegraf-smart.nix index 040fb5d..d000266 100644 --- a/machines/chungus/telemetry/telegraf-smart.nix +++ b/machines/chungus/telemetry/telegraf-smart.nix @@ -2,14 +2,21 @@ { services.smartd.enable = true; - environment.systemPackages = [ pkgs.smartmontools pkgs.nvme-cli ]; + environment.systemPackages = [ + pkgs.smartmontools + pkgs.nvme-cli + ]; services.telegraf.extraConfig.inputs.smart = { attributes = true; use_sudo = true; }; - systemd.services.telegraf.path = [ pkgs.smartmontools pkgs.nvme-cli "/run/wrappers" ]; + systemd.services.telegraf.path = [ + pkgs.smartmontools + pkgs.nvme-cli + "/run/wrappers" + ]; security.sudo.configFile = '' # For smartctl add the following lines: diff --git a/machines/chungus/telemetry/telegraf.nix b/machines/chungus/telemetry/telegraf.nix index 6b6101b..c30de18 100644 --- a/machines/chungus/telemetry/telegraf.nix +++ b/machines/chungus/telemetry/telegraf.nix @@ -1,13 +1,34 @@ { config, pkgs, ... }: let urls = [ - { url = "https://bitwarden.ingolf-wagner.de"; path = ""; } - { url = "https://flix.ingolf-wagner.de"; path = "web/index.html"; } - { url = "https://git.ingolf-wagner.de"; path = ""; } - { url = "https://ingolf-wagner.de"; path = ""; } - { url = "https://nextcloud.ingolf-wagner.de"; path = "login"; } - { url = "https://tech.ingolf-wagner.de"; path = ""; } - { url = "https://matrix.ingolf-wagner.de"; path = ""; } + { + url = "https://bitwarden.ingolf-wagner.de"; + path = ""; + } + { + url = "https://flix.ingolf-wagner.de"; + path = "web/index.html"; + } + { + url = "https://git.ingolf-wagner.de"; + path = ""; + } + { + url = "https://ingolf-wagner.de"; + path = ""; + } + { + url = "https://nextcloud.ingolf-wagner.de"; + path = "login"; + } + { + url = "https://tech.ingolf-wagner.de"; + path = ""; + } + { + url = "https://matrix.ingolf-wagner.de"; + path = ""; + } ]; in { @@ -15,13 +36,17 @@ in extraConfig = { # https://github.com/influxdata/telegraf/tree/master/plugins/inputs < all them plugins inputs = { - x509_cert = [{ - sources = (map (url: "${url.url}:443") urls); - interval = "30m"; # agent.interval = "10s" is default - }]; + x509_cert = [ + { + sources = (map (url: "${url.url}:443") urls); + interval = "30m"; # agent.interval = "10s" is default + } + ]; http_response = - let fullUrls = map ({ url, path }: "${url}/${path}") urls; - in [{ urls = fullUrls; }]; + let + fullUrls = map ({ url, path }: "${url}/${path}") urls; + in + [ { urls = fullUrls; } ]; internet_speed.interval = "10m"; nginx.urls = [ "http://localhost/nginx_status" ]; }; diff --git a/machines/chungus/zerotier-controller.nix b/machines/chungus/zerotier-controller.nix index a07c3c7..8c9ed2e 100644 --- a/machines/chungus/zerotier-controller.nix +++ b/machines/chungus/zerotier-controller.nix @@ -1,16 +1,24 @@ -{ pkgs, lib, config, clanLib, ... }: +{ + pkgs, + lib, + config, + clanLib, + ... +}: let zerotierSetup = '' export NWID=${config.clan.core.facts.services.zerotier.public."zerotier-network-id".value} export TOKEN=$(cat /var/lib/zerotier-one/authtoken.secret) ''; - zerotierCommand = name: command: pkgs.writers.writeBashBin name '' - set -e - set -o pipefail - export PATH=${pkgs.curl}/bin:${pkgs.gojq}/bin:${pkgs.zerotierone}/bin:$PATH - ${zerotierSetup} - ${command} - ''; + zerotierCommand = + name: command: + pkgs.writers.writeBashBin name '' + set -e + set -o pipefail + export PATH=${pkgs.curl}/bin:${pkgs.gojq}/bin:${pkgs.zerotierone}/bin:$PATH + ${zerotierSetup} + ${command} + ''; in { environment.systemPackages = [ diff --git a/machines/cream/configuration.nix b/machines/cream/configuration.nix index 3b672b1..f77815d 100644 --- a/machines/cream/configuration.nix +++ b/machines/cream/configuration.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: { imports = [ @@ -40,7 +45,10 @@ home-manager.users.mainUser.home.sessionPath = [ "$HOME/.timewarrior/scripts" ]; home-manager.users.mainUser.bugwarrior.config = { general = { - targets = [ "terranix" "my_github" ]; + targets = [ + "terranix" + "my_github" + ]; log_level = "INFO"; static_fields = [ "priority" ]; merge_annotations = false; @@ -68,12 +76,15 @@ add_tags = "github"; include_user_issues = true; include_user_repos = true; - exclude_repos = [ "azubi" "csv-to-qif" "stepp0r" ]; + exclude_repos = [ + "azubi" + "csv-to-qif" + "stepp0r" + ]; }; # todo : add github issues }; - users.users.mainUser.extraGroups = [ "pipewire" ]; services.nginx.enable = true; @@ -123,5 +134,4 @@ # for congress and streaming hardware.graphics.enable = true; - } diff --git a/machines/cream/hardware-configuration.nix b/machines/cream/hardware-configuration.nix index 7a08bd3..91d472d 100644 --- a/machines/cream/hardware-configuration.nix +++ b/machines/cream/hardware-configuration.nix @@ -1,20 +1,31 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { - imports = - [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "uas" "sd_mod" ]; + boot.initrd.availableKernelModules = [ + "xhci_pci" + "thunderbolt" + "nvme" + "usb_storage" + "uas" + "sd_mod" + ]; boot.initrd.kernelModules = [ "dm-snapshot" ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; - boot.initrd.luks.devices = { pool = { device = "/dev/nvme0n1p2"; @@ -22,23 +33,20 @@ }; }; - fileSystems."/" = - { - device = "/dev/disk/by-uuid/48228fad-8123-4e87-9c70-2e4c204d7a49"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/48228fad-8123-4e87-9c70-2e4c204d7a49"; + fsType = "ext4"; + }; - fileSystems."/boot" = - { - device = "/dev/disk/by-uuid/13A0-D756"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/13A0-D756"; + fsType = "vfat"; + }; - fileSystems."/home" = - { - device = "/dev/disk/by-uuid/d73dd71d-9f0f-4c49-8267-9ad7e3f01ff1"; - fsType = "ext4"; - }; + fileSystems."/home" = { + device = "/dev/disk/by-uuid/d73dd71d-9f0f-4c49-8267-9ad7e3f01ff1"; + fsType = "ext4"; + }; #fileSystems."/removable" = # { diff --git a/machines/cream/network-tinc_retiolum.nix b/machines/cream/network-tinc_retiolum.nix index f71459c..c2378b7 100644 --- a/machines/cream/network-tinc_retiolum.nix +++ b/machines/cream/network-tinc_retiolum.nix @@ -7,8 +7,10 @@ networking.retiolum.nodename = "sol"; services.tinc.networks.retiolum = { - ed25519PrivateKeyFile = config.clan.core.facts.services.tinc_retiolum.secret."tinc.retiolum.ed25519_key.priv".path; - rsaPrivateKeyFile = config.clan.core.facts.services.tinc_retiolum.secret."tinc.retiolum.rsa_key.priv".path; + ed25519PrivateKeyFile = + config.clan.core.facts.services.tinc_retiolum.secret."tinc.retiolum.ed25519_key.priv".path; + rsaPrivateKeyFile = + config.clan.core.facts.services.tinc_retiolum.secret."tinc.retiolum.rsa_key.priv".path; }; #fileSystems."/retiolum/sicily" = { diff --git a/machines/cream/network-wireguard-wg0.nix b/machines/cream/network-wireguard-wg0.nix index b139c7a..4cbca26 100644 --- a/machines/cream/network-wireguard-wg0.nix +++ b/machines/cream/network-wireguard-wg0.nix @@ -1,4 +1,9 @@ -{ config, factsGenerator, clanLib, ... }: +{ + config, + factsGenerator, + clanLib, + ... +}: { networking.firewall.allowedUDPPorts = [ 51820 ]; clan.core.facts.services.wireguard = factsGenerator.wireguard { name = "wg0"; }; diff --git a/machines/cream/network-wireguard-wg1.nix b/machines/cream/network-wireguard-wg1.nix index 948c210..440c796 100644 --- a/machines/cream/network-wireguard-wg1.nix +++ b/machines/cream/network-wireguard-wg1.nix @@ -14,10 +14,14 @@ }; home-manager.users.root.home.packages = [ (pkgs.writers.writeBashBin "wg1-up" '' - ${pkgs.wireguard-tools}/bin/wg-quick up ${config.clan.core.facts.services.wg1.secret."wg1.conf".path} + ${pkgs.wireguard-tools}/bin/wg-quick up ${ + config.clan.core.facts.services.wg1.secret."wg1.conf".path + } '') (pkgs.writers.writeBashBin "wg1-down" '' - ${pkgs.wireguard-tools}/bin/wg-quick up ${config.clan.core.facts.services.wg1.secret."wg1.conf".path} + ${pkgs.wireguard-tools}/bin/wg-quick up ${ + config.clan.core.facts.services.wg1.secret."wg1.conf".path + } '') ]; } diff --git a/machines/cream/proxy.nix b/machines/cream/proxy.nix index b3c9990..2195e82 100644 --- a/machines/cream/proxy.nix +++ b/machines/cream/proxy.nix @@ -37,7 +37,6 @@ in }; }; - # most likely not needed systemd.services.nginx.serviceConfig = { RestrictNamespaces = lib.mkForce false; @@ -58,7 +57,6 @@ in RestrictSUIDSGID = lib.mkForce false; }; - #services.permown."/data" = { # owner = "nginx"; #}; diff --git a/machines/cream/syncthing.nix b/machines/cream/syncthing.nix index f7e9c2c..5754fa7 100644 --- a/machines/cream/syncthing.nix +++ b/machines/cream/syncthing.nix @@ -1,5 +1,10 @@ -{ config, pkgs, lib, ... }: { - +{ + config, + pkgs, + lib, + ... +}: +{ services.syncthing = { enable = true; diff --git a/machines/orbi/configuration.nix b/machines/orbi/configuration.nix index 23dc79a..ae920c1 100644 --- a/machines/orbi/configuration.nix +++ b/machines/orbi/configuration.nix @@ -1,4 +1,11 @@ -{ lib, config, pkgs, modulesPath, ... }: { +{ + lib, + config, + pkgs, + modulesPath, + ... +}: +{ imports = [ (modulesPath + "/profiles/hardened.nix") @@ -60,7 +67,9 @@ security.acme.defaults.email = "contact@ingolf-wagner.de"; # chungus rsync - users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJkqVvuJSvRMO5pG2CHNNBxjB7HlJudK4TQs3BhbOWOD" ]; + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJkqVvuJSvRMO5pG2CHNNBxjB7HlJudK4TQs3BhbOWOD" + ]; # todo : need this for syncoid environment.systemPackages = [ diff --git a/machines/orbi/hardware-configuration/default.nix b/machines/orbi/hardware-configuration/default.nix index a68445b..26de346 100644 --- a/machines/orbi/hardware-configuration/default.nix +++ b/machines/orbi/hardware-configuration/default.nix @@ -1,5 +1,11 @@ -{ config, pkgs, modulesPath, lib, factsGenerator, ... }: - +{ + config, + pkgs, + modulesPath, + lib, + factsGenerator, + ... +}: { system.stateVersion = "23.11"; @@ -14,7 +20,8 @@ # root password clan.core.facts.services.rootPassword = factsGenerator.password { name = "root"; }; - users.users.root.hashedPasswordFile = config.clan.core.facts.services.rootPassword.secret."password.root.pam".path; + users.users.root.hashedPasswordFile = + config.clan.core.facts.services.rootPassword.secret."password.root.pam".path; # todo : use component for that services.openssh.settings.PermitRootLogin = "prohibit-password"; diff --git a/machines/orbi/hardware-configuration/disko-config.nix b/machines/orbi/hardware-configuration/disko-config.nix index af553dd..9c0c639 100644 --- a/machines/orbi/hardware-configuration/disko-config.nix +++ b/machines/orbi/hardware-configuration/disko-config.nix @@ -1,77 +1,78 @@ # nix run github:nix-community/nixos-anywhere -- --copy-host-keys --disk-encryption-keys /run/secret.key /home/palo/orbi/run/secret.key --flake .#orbi root@95.216.66.212 { config, lib, ... }: let - disks = [ "sda" "sdb" ]; + disks = [ + "sda" + "sdb" + ]; in { disko.devices = { - disk = - lib.genAttrs disks (disk: { - type = "disk"; - device = "/dev/${disk}"; - content = { - type = "gpt"; - partitions = { - boot = { - priority = 0; - size = "1M"; - type = "EF02"; # for grub MBR + disk = lib.genAttrs disks (disk: { + type = "disk"; + device = "/dev/${disk}"; + content = { + type = "gpt"; + partitions = { + boot = { + priority = 0; + size = "1M"; + type = "EF02"; # for grub MBR + }; + ESP = { + priority = 1; + size = "500M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = if disk == "sda" then "/boot" else "/boot_${disk}"; + mountOptions = [ "defaults" ]; }; - ESP = { - priority = 1; - size = "500M"; - type = "EF00"; + }; + root = { + priority = 10; + size = "500G"; + content = { + type = "luks"; + name = "root_${disk}"; + # if you want to use the key for interactive login be sure there is no trailing newline + # for example use `echo -n "password" > /run/secret.key` + # for example use `pass show hetzner/orbi/master_password | head -c -1 > /run/secret.key` + # or use nixos-anywhere --disk-encryption-keys /run/secret.key + passwordFile = "/run/secret.key"; + settings = { + allowDiscards = true; + }; content = { - type = "filesystem"; - format = "vfat"; - mountpoint = if disk == "sda" then "/boot" else "/boot_${disk}"; - mountOptions = [ "defaults" ]; + type = "zfs"; + pool = "zroot"; }; }; - root = { - priority = 10; - size = "500G"; - content = { - type = "luks"; - name = "root_${disk}"; - # if you want to use the key for interactive login be sure there is no trailing newline - # for example use `echo -n "password" > /run/secret.key` - # for example use `pass show hetzner/orbi/master_password | head -c -1 > /run/secret.key` - # or use nixos-anywhere --disk-encryption-keys /run/secret.key - passwordFile = "/run/secret.key"; - settings = { - allowDiscards = true; - }; - content = { - type = "zfs"; - pool = "zroot"; - }; + }; + media = { + priority = 50; + size = "100%"; + content = { + type = "luks"; + # if you want to use the key for interactive login be sure there is no trailing newline + # for example use `echo -n "password" > /run/secret.key` + # for example use `pass show hetzner/orbi/master_password | head -c -1 > /run/secret.key` + # or use nixos-anywhere --disk-encryption-keys /run/secret.key + passwordFile = "/run/secret.key"; + settings = { + allowDiscards = true; }; - }; - media = { - priority = 50; - size = "100%"; + name = "media_${disk}"; content = { - type = "luks"; - # if you want to use the key for interactive login be sure there is no trailing newline - # for example use `echo -n "password" > /run/secret.key` - # for example use `pass show hetzner/orbi/master_password | head -c -1 > /run/secret.key` - # or use nixos-anywhere --disk-encryption-keys /run/secret.key - passwordFile = "/run/secret.key"; - settings = { - allowDiscards = true; - }; - name = "media_${disk}"; - content = { - type = "zfs"; - pool = "zmedia"; - }; + type = "zfs"; + pool = "zmedia"; }; }; }; }; - }); - + }; + }); zpool = { @@ -184,4 +185,3 @@ in }; } - diff --git a/machines/orbi/hardware-configuration/hardware-configuration.nix b/machines/orbi/hardware-configuration/hardware-configuration.nix index bcdc404..a0a8263 100644 --- a/machines/orbi/hardware-configuration/hardware-configuration.nix +++ b/machines/orbi/hardware-configuration/hardware-configuration.nix @@ -1,12 +1,21 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "usbhid" ]; + boot.initrd.availableKernelModules = [ + "xhci_pci" + "usbhid" + ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; diff --git a/machines/orbi/media-arr.nix b/machines/orbi/media-arr.nix index 1ccf76d..ae1a2b4 100644 --- a/machines/orbi/media-arr.nix +++ b/machines/orbi/media-arr.nix @@ -1,6 +1,10 @@ { config, ... }: { - networking.firewall.interfaces.wg0.allowedTCPPorts = [ 7878 8989 8686 ]; + networking.firewall.interfaces.wg0.allowedTCPPorts = [ + 7878 + 8989 + 8686 + ]; # download series services.sonarr = { diff --git a/machines/orbi/media-jellyfin.nix b/machines/orbi/media-jellyfin.nix index 63993a9..38288b0 100644 --- a/machines/orbi/media-jellyfin.nix +++ b/machines/orbi/media-jellyfin.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: { services.jellyfin = { @@ -32,6 +37,6 @@ in { enable = true; - virtualHosts. "flix.ingolf-wagner.de" = flixConfig; + virtualHosts."flix.ingolf-wagner.de" = flixConfig; }; } diff --git a/machines/orbi/media-nextcloud.nix b/machines/orbi/media-nextcloud.nix index fdf2fbe..5e4fda7 100644 --- a/machines/orbi/media-nextcloud.nix +++ b/machines/orbi/media-nextcloud.nix @@ -1,4 +1,10 @@ -{ pkgs, config, factsGenerator, components, ... }: +{ + pkgs, + config, + factsGenerator, + components, + ... +}: # don't forget the database backup before upgrading # ------------------------------------------------- @@ -18,8 +24,14 @@ let in { - networking.firewall.allowedTCPPorts = [ 80 443 ]; - networking.firewall.allowedUDPPorts = [ 80 443 ]; + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; + networking.firewall.allowedUDPPorts = [ + 80 + 443 + ]; services.nginx = { enable = true; @@ -51,8 +63,14 @@ in }; }; - clan.core.facts.services.nextcloud_root = factsGenerator.password { service = "nextcloud"; name = "root"; }; - clan.core.facts.services.nextcloud_database = factsGenerator.password { service = "nextcloud"; name = "database"; }; + clan.core.facts.services.nextcloud_root = factsGenerator.password { + service = "nextcloud"; + name = "root"; + }; + clan.core.facts.services.nextcloud_database = factsGenerator.password { + service = "nextcloud"; + name = "database"; + }; # Container Setup # =============== @@ -83,128 +101,137 @@ in privateNetwork = false; autoStart = true; - config = { config, lib, ... }: { - nixpkgs.pkgs = pkgs; - imports = [ "${components}/monitor/container.nix" ]; - system.stateVersion = "23.11"; - services.logrotate.checkConfig = false; # because uid 3000 does not exist in here + config = + { config, lib, ... }: + { + nixpkgs.pkgs = pkgs; + imports = [ "${components}/monitor/container.nix" ]; + system.stateVersion = "23.11"; + services.logrotate.checkConfig = false; # because uid 3000 does not exist in here - # Configuring nameservers for containers is currently broken. - # Therefore in some cases internet connectivity can be broken inside the containers. - # A temporary workaround is to manually write the /etc/nixos/resolv.conf file like this: - #environment.etc."resolv.conf".text = "nameserver 8.8.8.8"; + # Configuring nameservers for containers is currently broken. + # Therefore in some cases internet connectivity can be broken inside the containers. + # A temporary workaround is to manually write the /etc/nixos/resolv.conf file like this: + #environment.etc."resolv.conf".text = "nameserver 8.8.8.8"; - systemd.tmpfiles.settings.nextcloud = { - "/run/secrets/nextcloud.root"."C+" = { - user = "nextcloud"; - group = "nextcloud"; - mode = "400"; - argument = "/run/secrets/nextcloud.root.input"; + systemd.tmpfiles.settings.nextcloud = { + "/run/secrets/nextcloud.root"."C+" = { + user = "nextcloud"; + group = "nextcloud"; + mode = "400"; + argument = "/run/secrets/nextcloud.root.input"; + }; + "/run/secrets/nextcloud.database"."C+" = { + user = "nextcloud"; + group = "nextcloud"; + mode = "400"; + argument = "/run/secrets/nextcloud.database.input"; + }; }; - "/run/secrets/nextcloud.database"."C+" = { - user = "nextcloud"; - group = "nextcloud"; - mode = "400"; - argument = "/run/secrets/nextcloud.database.input"; + + users.users.nextcloud.uid = nextcloudUid; + users.groups.nextcloud = { + gid = nextcloudGid; + members = [ "nextcloud" ]; + }; + + services.nginx = { + defaultListen = [ + { + addr = "0.0.0.0"; + port = nextcloudPort; + } + ]; + # Use recommended settings + recommendedGzipSettings = lib.mkDefault true; + recommendedOptimisation = lib.mkDefault true; + recommendedProxySettings = lib.mkDefault true; + recommendedTlsSettings = lib.mkDefault true; + }; + + # nextcloud database + # ================== + # + # set user password: + # ----------------- + # #> mysql + # mysql> ALTER USER 'nextcloud'@'localhost' IDENTIFIED BY 'nextcloud-password'; + # + # recreate database: + # ------------------ + # mysql> DROP DATABASE nextcloud; + # mysql> CREATE DATABASE nextcloud; + # + # migration: + # ---------- + # nextcloud-occ db:convert-type --all-apps mysql nextcloud 127.0.0.1 nextcloud + # + # 4-byte stuff: + # ------------- + # https://docs.nextcloud.com/server/18/admin_manual/configuration_database/mysql_4byte_support.html + # if you do this don't forget --default-character-set=utf8mb4 for mysqldump + services.mysql = { + enable = true; + package = mySQLPackage; + # https://nixos.org/manual/nixos/stable/release-notes.html#sec-release-20.09-incompatibilities + ensureDatabases = [ "nextcloud" ]; + ensureUsers = [ + { + name = "nextcloud"; + ensurePermissions = { + "nextcloud.*" = "ALL PRIVILEGES"; + }; + } + ]; + settings.mysqld = { + innodb_large_prefix = true; + innodb_file_format = "barracuda"; + innodb_file_per_table = 1; + innodb_read_only_compressed = 0; + }; + }; + + # Backup database + # --------------- + services.mysqlBackup = { + enable = true; + databases = config.services.mysql.ensureDatabases; + singleTransaction = true; + }; + systemd.services."mysql-backup".serviceConfig = { + ExecStartPre = [ "+/run/current-system/sw/bin/nextcloud-occ maintenance:mode --on" ]; + ExecStopPost = [ "+/run/current-system/sw/bin/nextcloud-occ maintenance:mode --off" ]; + }; + + # in php + services.phpfpm = { + phpPackage = phpPackage; + phpOptions = '' + opcache.revalidate_freq = 10 + ''; + }; + + # nextcloud setup + services.nextcloud = { + enable = true; + package = nextcloudPackage; + autoUpdateApps.enable = true; + hostName = nextcloudHostName; + https = true; + settings = { + overwriteprotocol = "https"; + default_phone_region = "DE"; + loglevel = 2; + }; + config = { + adminpassFile = "/run/secrets/nextcloud.root"; + #overwriteProtocol = "https"; + dbtype = "mysql"; + dbpassFile = "/run/secrets/nextcloud.database"; + dbhost = "localhost:3306"; + }; }; }; - - users.users.nextcloud.uid = nextcloudUid; - users.groups.nextcloud = { - gid = nextcloudGid; - members = [ "nextcloud" ]; - }; - - services.nginx = { - defaultListen = [ - { addr = "0.0.0.0"; port = nextcloudPort; } - ]; - # Use recommended settings - recommendedGzipSettings = lib.mkDefault true; - recommendedOptimisation = lib.mkDefault true; - recommendedProxySettings = lib.mkDefault true; - recommendedTlsSettings = lib.mkDefault true; - }; - - # nextcloud database - # ================== - # - # set user password: - # ----------------- - # #> mysql - # mysql> ALTER USER 'nextcloud'@'localhost' IDENTIFIED BY 'nextcloud-password'; - # - # recreate database: - # ------------------ - # mysql> DROP DATABASE nextcloud; - # mysql> CREATE DATABASE nextcloud; - # - # migration: - # ---------- - # nextcloud-occ db:convert-type --all-apps mysql nextcloud 127.0.0.1 nextcloud - # - # 4-byte stuff: - # ------------- - # https://docs.nextcloud.com/server/18/admin_manual/configuration_database/mysql_4byte_support.html - # if you do this don't forget --default-character-set=utf8mb4 for mysqldump - services.mysql = { - enable = true; - package = mySQLPackage; - # https://nixos.org/manual/nixos/stable/release-notes.html#sec-release-20.09-incompatibilities - ensureDatabases = [ "nextcloud" ]; - ensureUsers = [{ - name = "nextcloud"; - ensurePermissions = { "nextcloud.*" = "ALL PRIVILEGES"; }; - }]; - settings.mysqld = { - innodb_large_prefix = true; - innodb_file_format = "barracuda"; - innodb_file_per_table = 1; - innodb_read_only_compressed = 0; - }; - }; - - # Backup database - # --------------- - services.mysqlBackup = { - enable = true; - databases = config.services.mysql.ensureDatabases; - singleTransaction = true; - }; - systemd.services."mysql-backup".serviceConfig = { - ExecStartPre = [ "+/run/current-system/sw/bin/nextcloud-occ maintenance:mode --on" ]; - ExecStopPost = [ "+/run/current-system/sw/bin/nextcloud-occ maintenance:mode --off" ]; - }; - - # in php - services.phpfpm = { - phpPackage = phpPackage; - phpOptions = '' - opcache.revalidate_freq = 10 - ''; - }; - - # nextcloud setup - services.nextcloud = { - enable = true; - package = nextcloudPackage; - autoUpdateApps.enable = true; - hostName = nextcloudHostName; - https = true; - settings = { - overwriteprotocol = "https"; - default_phone_region = "DE"; - loglevel = 2; - }; - config = { - adminpassFile = "/run/secrets/nextcloud.root"; - #overwriteProtocol = "https"; - dbtype = "mysql"; - dbpassFile = "/run/secrets/nextcloud.database"; - dbhost = "localhost:3306"; - }; - }; - }; }; } diff --git a/machines/orbi/media-share.nix b/machines/orbi/media-share.nix index cc3a0fb..005cb65 100644 --- a/machines/orbi/media-share.nix +++ b/machines/orbi/media-share.nix @@ -17,5 +17,4 @@ file-mode = "770"; }; - } diff --git a/machines/orbi/media-syncthing.nix b/machines/orbi/media-syncthing.nix index c926e1c..06de41c 100644 --- a/machines/orbi/media-syncthing.nix +++ b/machines/orbi/media-syncthing.nix @@ -1,4 +1,10 @@ -{ config, pkgs, lib, ... }: { +{ + config, + pkgs, + lib, + ... +}: +{ #networking.firewall.allowedTCPPorts = [ 22000 ]; #networking.firewall.allowedUDPPorts = [ 22000 ]; diff --git a/machines/orbi/media-transmission2.nix b/machines/orbi/media-transmission2.nix index 45ad7da..b06fca6 100644 --- a/machines/orbi/media-transmission2.nix +++ b/machines/orbi/media-transmission2.nix @@ -1,4 +1,10 @@ -{ lib, pkgs, config, components, ... }: +{ + lib, + pkgs, + config, + components, + ... +}: let uiPort = 9091; in @@ -23,91 +29,96 @@ in }; }; - config = { config, lib, ... }: { - nixpkgs.pkgs = pkgs; - imports = [ "${components}/monitor/container.nix" ]; - system.stateVersion = "21.05"; - services.logrotate.checkConfig = false; # because uid 3000 does not exist in here + config = + { config, lib, ... }: + { + nixpkgs.pkgs = pkgs; + imports = [ "${components}/monitor/container.nix" ]; + system.stateVersion = "21.05"; + services.logrotate.checkConfig = false; # because uid 3000 does not exist in here - # allow transmission to write in syncthing folders - users.groups.syncthing = { - gid = config.ids.gids.syncthing; - members = [ "transmission" ]; - }; + # allow transmission to write in syncthing folders + users.groups.syncthing = { + gid = config.ids.gids.syncthing; + members = [ "transmission" ]; + }; - services.transmission = { - enable = true; - package = pkgs.legacy_2405.transmission_4; - settings = { - download-dir = "/media/torrent/downloads"; - incomplete-dir = "/media/torrent/incomplete"; - incomplete-dir-enabled = true; - message-level = 1; - umask = 2; - rpc-whitelist-enabled = false; - rpc-host-whitelist-enabled = false; - rpc-port = uiPort; - rpc-enable = true; - rpc-bind-address = "127.0.0.1"; + services.transmission = { + enable = true; + package = pkgs.legacy_2405.transmission_4; + settings = { + download-dir = "/media/torrent/downloads"; + incomplete-dir = "/media/torrent/incomplete"; + incomplete-dir-enabled = true; + message-level = 1; + umask = 2; + rpc-whitelist-enabled = false; + rpc-host-whitelist-enabled = false; + rpc-port = uiPort; + rpc-enable = true; + rpc-bind-address = "127.0.0.1"; - # "normal" speed limits - speed-limit-down-enabled = false; - speed-limit-down = 800; - speed-limit-up-enabled = true; - speed-limit-up = 3000; - upload-slots-per-torrent = 8; - # Queuing - # When true, Transmission will only download - # download-queue-size non-stalled torrents at once. - download-queue-enabled = true; - download-queue-size = 3; + # "normal" speed limits + speed-limit-down-enabled = false; + speed-limit-down = 800; + speed-limit-up-enabled = true; + speed-limit-up = 3000; + upload-slots-per-torrent = 8; + # Queuing + # When true, Transmission will only download + # download-queue-size non-stalled torrents at once. + download-queue-enabled = true; + download-queue-size = 3; - # When true, torrents that have not shared data for - # queue-stalled-minutes are treated as 'stalled' - # and are not counted against the queue-download-size - # and seed-queue-size limits. - queue-stalled-enabled = true; - queue-stalled-minutes = 60; + # When true, torrents that have not shared data for + # queue-stalled-minutes are treated as 'stalled' + # and are not counted against the queue-download-size + # and seed-queue-size limits. + queue-stalled-enabled = true; + queue-stalled-minutes = 60; - # When true. Transmission will only seed seed-queue-size - # non-stalled torrents at once. - seed-queue-enabled = false; - seed-queue-size = 10; + # When true. Transmission will only seed seed-queue-size + # non-stalled torrents at once. + seed-queue-enabled = false; + seed-queue-size = 10; - # Enable UPnP or NAT-PMP. - peer-port = 51413; - port-forwarding-enabled = false; + # Enable UPnP or NAT-PMP. + peer-port = 51413; + port-forwarding-enabled = false; - # Start torrents as soon as they are added - start-added-torrents = true; + # Start torrents as soon as they are added + start-added-torrents = true; - # Encryption preference. - # 0 = Prefer unencrypted connections, - # 1 = Prefer encrypted connections, - # 2 = Require encrypted connections; - # default = 1 - # Encryption may help get around some ISP filtering, but at the cost of slightly - # higher CPU use - encryption = 2; + # Encryption preference. + # 0 = Prefer unencrypted connections, + # 1 = Prefer encrypted connections, + # 2 = Require encrypted connections; + # default = 1 + # Encryption may help get around some ISP filtering, but at the cost of slightly + # higher CPU use + encryption = 2; + }; + }; + + systemd.services.transmission = { + serviceConfig = { + Restart = "always"; + BindPaths = lib.mkForce [ + "/media" # this is needed otherwise cp -l is not working + "/var/lib/transmission/.config/transmission-daemon" + ]; + BindReadOnlyPaths = lib.mkForce [ + builtins.storeDir + "/etc" + ]; + PrivateMounts = lib.mkForce false; + PrivateUsers = lib.mkForce false; + RootDirectoryStartOnly = lib.mkForce false; + RootDirectory = lib.mkForce "/var/lib"; + ExecStartPre = lib.mkForce [ ]; # this prevents configuration creation, but fixes startup problems + }; }; }; - - systemd.services.transmission = { - serviceConfig = { - Restart = "always"; - BindPaths = lib.mkForce [ - "/media" # this is needed otherwise cp -l is not working - "/var/lib/transmission/.config/transmission-daemon" - ]; - BindReadOnlyPaths = lib.mkForce [ builtins.storeDir "/etc" ]; - PrivateMounts = lib.mkForce false; - PrivateUsers = lib.mkForce false; - RootDirectoryStartOnly = lib.mkForce false; - RootDirectory = lib.mkForce "/var/lib"; - ExecStartPre = lib.mkForce [ ]; # this prevents configuration creation, but fixes startup problems - }; - }; - }; }; networking.firewall = { diff --git a/machines/orbi/network-tinc.nix b/machines/orbi/network-tinc.nix index 9afe192..4467de9 100644 --- a/machines/orbi/network-tinc.nix +++ b/machines/orbi/network-tinc.nix @@ -1,9 +1,14 @@ { - networking.firewall = { - allowedTCPPorts = [ 655 721 ]; - allowedUDPPorts = [ 655 721 ]; + allowedTCPPorts = [ + 655 + 721 + ]; + allowedUDPPorts = [ + 655 + 721 + ]; }; tinc.private.enable = true; diff --git a/machines/orbi/network-wireguard.nix b/machines/orbi/network-wireguard.nix index 8f314de..231df40 100644 --- a/machines/orbi/network-wireguard.nix +++ b/machines/orbi/network-wireguard.nix @@ -1,15 +1,22 @@ -{ pkgs, config, factsGenerator, clanLib, lib, ... }: +{ + pkgs, + config, + factsGenerator, + clanLib, + lib, + ... +}: let - otherMachines = lib.filterAttrs (name: _value: name != "orbi") (clanLib.readFactsFromAllMachines [ "wireguard.wg0.pub" "wireguard.wg0.cidr" ]); - peers = - lib.mapAttrsToList - (_machine: facts: - { - publicKey = facts."wireguard.wg0.pub"; - allowedIPs = [ facts."wireguard.wg0.cidr" ]; - } - ) - otherMachines; + otherMachines = lib.filterAttrs (name: _value: name != "orbi") ( + clanLib.readFactsFromAllMachines [ + "wireguard.wg0.pub" + "wireguard.wg0.cidr" + ] + ); + peers = lib.mapAttrsToList (_machine: facts: { + publicKey = facts."wireguard.wg0.pub"; + allowedIPs = [ facts."wireguard.wg0.cidr" ]; + }) otherMachines; in { networking.firewall.allowedUDPPorts = [ 51820 ]; diff --git a/machines/orbi/nginx-ingolf-wagner-de.nix b/machines/orbi/nginx-ingolf-wagner-de.nix index f12845a..eb16f86 100644 --- a/machines/orbi/nginx-ingolf-wagner-de.nix +++ b/machines/orbi/nginx-ingolf-wagner-de.nix @@ -1,4 +1,10 @@ -{ config, lib, pkgs, assets, ... }: +{ + config, + lib, + pkgs, + assets, + ... +}: let # todo create flake for this errorPages = pkgs.fetchFromGitHub { @@ -30,9 +36,14 @@ let in { - networking.firewall.allowedTCPPorts = [ 80 443 ]; - networking.firewall.allowedUDPPorts = [ 80 443 ]; - + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; + networking.firewall.allowedUDPPorts = [ + 80 + 443 + ]; services.nginx = { enable = true; diff --git a/machines/orbi/nginx-wkd.nix b/machines/orbi/nginx-wkd.nix index 78bd195..b8d54a9 100644 --- a/machines/orbi/nginx-wkd.nix +++ b/machines/orbi/nginx-wkd.nix @@ -1,4 +1,10 @@ -{ config, pkgs, lib, assets, ... }: +{ + config, + pkgs, + lib, + assets, + ... +}: let server_name = "ingolf-wagner.de"; in @@ -8,17 +14,16 @@ in # - $> gpg --homedir "$(mktemp -d)" -v --auto-key-locate clear,wkd,nodefault --locate-key contact@ingolf-wagner.de services.nginx.virtualHosts.${server_name}.locations = let - wkd = - { - extraConfig = '' - default_type application/octet-stream; - add_header Access-Control-Allow-Origin * always; - ''; - #alias = pkgs.runCommand "contact@ingolf-wagner.de" { } '' - # cat ${assets}/contact@ingolf-wagner.de.gpg | ${pkgs.gnupg}/bin/gpg --dearmor > $out - #''; - alias = toString "${assets}/contact@ingolf-wagner.de.gpg"; - }; + wkd = { + extraConfig = '' + default_type application/octet-stream; + add_header Access-Control-Allow-Origin * always; + ''; + #alias = pkgs.runCommand "contact@ingolf-wagner.de" { } '' + # cat ${assets}/contact@ingolf-wagner.de.gpg | ${pkgs.gnupg}/bin/gpg --dearmor > $out + #''; + alias = toString "${assets}/contact@ingolf-wagner.de.gpg"; + }; in { "= /.well-known/openpgpkey/policy".return = "200"; diff --git a/machines/orbi/service-forgejo-runner.nix b/machines/orbi/service-forgejo-runner.nix index a0c177f..3d64d9d 100644 --- a/machines/orbi/service-forgejo-runner.nix +++ b/machines/orbi/service-forgejo-runner.nix @@ -1,12 +1,22 @@ -{ config, lib, pkgs, utils, ... }: -let inherit (utils) escapeSystemdPath; +{ + config, + lib, + pkgs, + utils, + ... +}: +let + inherit (utils) escapeSystemdPath; in { virtualisation.podman.enable = true; #nix.settings.trusted-users = [ "root" "gitea-runner"]; - nix.settings.allowed-users = [ "*" "gitea-runner" ]; + nix.settings.allowed-users = [ + "*" + "gitea-runner" + ]; users.users.gitea-runner = { isSystemUser = true; diff --git a/machines/orbi/service-forgejo.nix b/machines/orbi/service-forgejo.nix index 24adb1f..d71fec7 100644 --- a/machines/orbi/service-forgejo.nix +++ b/machines/orbi/service-forgejo.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: { services.nginx = { diff --git a/machines/orbi/service-hedgedoc.nix b/machines/orbi/service-hedgedoc.nix index c44a0d8..1af8191 100644 --- a/machines/orbi/service-hedgedoc.nix +++ b/machines/orbi/service-hedgedoc.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let domain = "md.ingolf-wagner.de"; in @@ -31,4 +36,3 @@ in }; } - diff --git a/machines/orbi/service-nix-cache.nix b/machines/orbi/service-nix-cache.nix index 56aa684..950e200 100644 --- a/machines/orbi/service-nix-cache.nix +++ b/machines/orbi/service-nix-cache.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: { # nixpkgs.config.packageOverrides = p: { @@ -10,7 +15,10 @@ clan.core.facts.services."nix-serve" = { secret."nix-serve.key" = { }; public."nix-serve.pub" = { }; - generator.path = with pkgs; [ coreutils nix ]; + generator.path = with pkgs; [ + coreutils + nix + ]; generator.script = '' nix-store --generate-binary-cache-key "cache.${config.networking.hostName}.wg0" nix-serve.key nix-serve.pub mv nix-serve.key "$secrets"/nix-serve.key @@ -44,4 +52,3 @@ }; }; } - diff --git a/machines/orbi/service-photoprism.nix b/machines/orbi/service-photoprism.nix index b08b126..e8647f0 100644 --- a/machines/orbi/service-photoprism.nix +++ b/machines/orbi/service-photoprism.nix @@ -1,4 +1,10 @@ -{ config, pkgs, lib, components, ... }: +{ + config, + pkgs, + lib, + components, + ... +}: let mySQLPackage = pkgs.mysql; photoprismPort = 2342; @@ -13,64 +19,67 @@ in privateNetwork = false; autoStart = true; - config = { config, lib, ... }: { - nixpkgs.pkgs = pkgs; - imports = [ "${components}/monitor/container.nix" ]; - system.stateVersion = "23.11"; - services.logrotate.checkConfig = false; # because uid 3000 does not exist in here + config = + { config, lib, ... }: + { + nixpkgs.pkgs = pkgs; + imports = [ "${components}/monitor/container.nix" ]; + system.stateVersion = "23.11"; + services.logrotate.checkConfig = false; # because uid 3000 does not exist in here - environment.systemPackages = [ - config.services.photoprism.package - ]; + environment.systemPackages = [ + config.services.photoprism.package + ]; - # Photoprism - # ---------- - services.photoprism = { - enable = true; - port = photoprismPort; - package = pkgs.legacy_2405.photoprism; - originalsPath = "/var/lib/private/photoprism/originals"; - address = "0.0.0.0"; - settings = { - PHOTOPRISM_ADMIN_USER = "admin"; - PHOTOPRISM_ADMIN_PASSWORD = "..."; # change me after initialisation - PHOTOPRISM_DEFAULT_LOCALE = "en"; - PHOTOPRISM_DATABASE_DRIVER = "mysql"; - PHOTOPRISM_DATABASE_NAME = "photoprism"; - PHOTOPRISM_DATABASE_SERVER = "/run/mysqld/mysqld.sock"; - PHOTOPRISM_DATABASE_USER = "photoprism"; - PHOTOPRISM_SITE_URL = "http://photoprism.orbi.private:${toString photoprismPort}"; - PHOTOPRISM_SITE_TITLE = "PhotoPrism"; - PHOTOPRISM_UPLOAD_NSFW = "true"; - PHOTOPRISM_THUMB_UNCACHED = "false"; # https://docs.photoprism.app/user-guide/settings/advanced/#static-and-dynamic-size-limits < prevents thumbs from beeing wrong orientation, but takes time for photo import. - }; - }; - - # MySQL Database - # -------------- - services.mysql = { - enable = true; - package = mySQLPackage; - settings.mysqld.port = mysqlPort; - ensureDatabases = [ "photoprism" ]; - ensureUsers = [{ - name = "photoprism"; - ensurePermissions = { - "photoprism.*" = "ALL PRIVILEGES"; + # Photoprism + # ---------- + services.photoprism = { + enable = true; + port = photoprismPort; + package = pkgs.legacy_2405.photoprism; + originalsPath = "/var/lib/private/photoprism/originals"; + address = "0.0.0.0"; + settings = { + PHOTOPRISM_ADMIN_USER = "admin"; + PHOTOPRISM_ADMIN_PASSWORD = "..."; # change me after initialisation + PHOTOPRISM_DEFAULT_LOCALE = "en"; + PHOTOPRISM_DATABASE_DRIVER = "mysql"; + PHOTOPRISM_DATABASE_NAME = "photoprism"; + PHOTOPRISM_DATABASE_SERVER = "/run/mysqld/mysqld.sock"; + PHOTOPRISM_DATABASE_USER = "photoprism"; + PHOTOPRISM_SITE_URL = "http://photoprism.orbi.private:${toString photoprismPort}"; + PHOTOPRISM_SITE_TITLE = "PhotoPrism"; + PHOTOPRISM_UPLOAD_NSFW = "true"; + PHOTOPRISM_THUMB_UNCACHED = "false"; # https://docs.photoprism.app/user-guide/settings/advanced/#static-and-dynamic-size-limits < prevents thumbs from beeing wrong orientation, but takes time for photo import. }; - }]; - }; + }; - # Backup Database - # --------------- - services.mysqlBackup = { - enable = true; - databases = config.services.mysql.ensureDatabases; - singleTransaction = true; - }; + # MySQL Database + # -------------- + services.mysql = { + enable = true; + package = mySQLPackage; + settings.mysqld.port = mysqlPort; + ensureDatabases = [ "photoprism" ]; + ensureUsers = [ + { + name = "photoprism"; + ensurePermissions = { + "photoprism.*" = "ALL PRIVILEGES"; + }; + } + ]; + }; - }; + # Backup Database + # --------------- + services.mysqlBackup = { + enable = true; + databases = config.services.mysql.ensureDatabases; + singleTransaction = true; + }; + + }; }; - } diff --git a/machines/orbi/service-surrealdb.nix b/machines/orbi/service-surrealdb.nix index 82cfe81..00c0090 100644 --- a/machines/orbi/service-surrealdb.nix +++ b/machines/orbi/service-surrealdb.nix @@ -1,4 +1,12 @@ -{ config, pkgs, lib, clanCore, factsGenerator, components, ... }: +{ + config, + pkgs, + lib, + clanCore, + factsGenerator, + components, + ... +}: let surrealdbPort = 8000; in @@ -10,29 +18,30 @@ in privateNetwork = false; autoStart = true; - config = { config, lib, ... }: { - nixpkgs.pkgs = pkgs; - imports = [ "${components}/monitor/container.nix" ]; - system.stateVersion = "24.05"; - services.logrotate.checkConfig = false; # because uid 3000 does not exist in here + config = + { config, lib, ... }: + { + nixpkgs.pkgs = pkgs; + imports = [ "${components}/monitor/container.nix" ]; + system.stateVersion = "24.05"; + services.logrotate.checkConfig = false; # because uid 3000 does not exist in here + + # Photoprism + # ---------- + services.surrealdb = { + enable = true; + host = "0.0.0.0"; + port = surrealdbPort; + extraFlags = [ + "--auth" + "--user" + "root" + "--pass" + "root" + ]; + }; - # Photoprism - # ---------- - services.surrealdb = { - enable = true; - host = "0.0.0.0"; - port = surrealdbPort; - extraFlags = [ - "--auth" - "--user" - "root" - "--pass" - "root" - ]; }; - - }; }; - } diff --git a/machines/orbi/service-taskserver.nix b/machines/orbi/service-taskserver.nix index 01ba735..19c381f 100644 --- a/machines/orbi/service-taskserver.nix +++ b/machines/orbi/service-taskserver.nix @@ -1,4 +1,10 @@ -{ config, lib, pkgs, ... }: { +{ + config, + lib, + pkgs, + ... +}: +{ # todo: backup taskserver via zfs syncoid services.taskserver = { @@ -8,7 +14,10 @@ requestLimit = 104857600; trust = "strict"; dataDir = "/var/lib/taskserver"; - organisations."1337".users = [ "palo" "beta" ]; + organisations."1337".users = [ + "palo" + "beta" + ]; ciphers = "SECURE256"; }; diff --git a/machines/orbi/service-vaultwarden.nix b/machines/orbi/service-vaultwarden.nix index 64fba00..8c12069 100644 --- a/machines/orbi/service-vaultwarden.nix +++ b/machines/orbi/service-vaultwarden.nix @@ -1,4 +1,10 @@ -{ config, pkgs, lib, ... }: { +{ + config, + pkgs, + lib, + ... +}: +{ services.vaultwarden = { enable = true; # backupDir = @@ -22,9 +28,7 @@ extraConfig = '' client_max_body_size 500M; ''; - proxyPass = "http://localhost:${ - toString config.services.vaultwarden.config.rocketPort - }"; + proxyPass = "http://localhost:${toString config.services.vaultwarden.config.rocketPort}"; }; }; }; diff --git a/machines/orbi/service-vikunja.nix b/machines/orbi/service-vikunja.nix index 5fb5149..38f3a67 100644 --- a/machines/orbi/service-vikunja.nix +++ b/machines/orbi/service-vikunja.nix @@ -1,4 +1,10 @@ -{ config, pkgs, lib, components, ... }: +{ + config, + pkgs, + lib, + components, + ... +}: let vikunjaPort = 3456; mysqlPort = 3337; @@ -11,52 +17,55 @@ in privateNetwork = false; autoStart = true; - config = { config, lib, ... }: { - nixpkgs.pkgs = pkgs; - imports = [ "${components}/monitor/container.nix" ]; - system.stateVersion = "24.05"; - services.logrotate.checkConfig = false; # because uid 3000 does not exist in here + config = + { config, lib, ... }: + { + nixpkgs.pkgs = pkgs; + imports = [ "${components}/monitor/container.nix" ]; + system.stateVersion = "24.05"; + services.logrotate.checkConfig = false; # because uid 3000 does not exist in here + + # Vikunja + # ---------- + services.vikunja = { + enable = true; + port = vikunjaPort; + frontendScheme = "http"; + frontendHostname = "vikunja.ingolf-wagner.de"; + database.type = "sqlite"; + #database = { + # type = "mysql"; + # host = "localhost:${toString mysqlPort}"; + # user = "vikunja"; + #}; + }; + + # MySQL Database + # -------------- + services.mysql = { + enable = false; + package = pkgs.mariadb; + settings.mysqld.port = mysqlPort; + ensureDatabases = [ "vikunja" ]; + ensureUsers = [ + { + name = "vikunja"; + ensurePermissions = { + "vikunja.*" = "ALL PRIVILEGES"; + }; + } + ]; + }; + + # Backup Database + # --------------- + services.mysqlBackup = { + enable = false; + databases = config.services.mysql.ensureDatabases; + singleTransaction = true; + }; - # Vikunja - # ---------- - services.vikunja = { - enable = true; - port = vikunjaPort; - frontendScheme = "http"; - frontendHostname = "vikunja.ingolf-wagner.de"; - database.type = "sqlite"; - #database = { - # type = "mysql"; - # host = "localhost:${toString mysqlPort}"; - # user = "vikunja"; - #}; }; - - # MySQL Database - # -------------- - services.mysql = { - enable = false; - package = pkgs.mariadb; - settings.mysqld.port = mysqlPort; - ensureDatabases = [ "vikunja" ]; - ensureUsers = [{ - name = "vikunja"; - ensurePermissions = { - "vikunja.*" = "ALL PRIVILEGES"; - }; - }]; - }; - - # Backup Database - # --------------- - services.mysqlBackup = { - enable = false; - databases = config.services.mysql.ensureDatabases; - singleTransaction = true; - }; - - }; }; - } diff --git a/machines/orbi/service-wastebin.nix b/machines/orbi/service-wastebin.nix index aa73926..570f340 100644 --- a/machines/orbi/service-wastebin.nix +++ b/machines/orbi/service-wastebin.nix @@ -14,7 +14,7 @@ in services.nginx = { enable = true; - virtualHosts. "paste.ingolf-wagner.de" = { + virtualHosts."paste.ingolf-wagner.de" = { forceSSL = true; enableACME = true; locations."/" = { diff --git a/machines/orbi/social-jitsi.nix b/machines/orbi/social-jitsi.nix index fc308d2..ef40b97 100644 --- a/machines/orbi/social-jitsi.nix +++ b/machines/orbi/social-jitsi.nix @@ -1,4 +1,5 @@ -{ config, ... }: { +{ config, ... }: +{ # + + # | | # | | @@ -53,7 +54,10 @@ }; networking.firewall = { - allowedTCPPorts = [ 80 443 ]; + allowedTCPPorts = [ + 80 + 443 + ]; allowedUDPPorts = [ 10000 ]; }; diff --git a/machines/orbi/social-matrix-terranix.nix b/machines/orbi/social-matrix-terranix.nix index ecd41bd..82af404 100644 --- a/machines/orbi/social-matrix-terranix.nix +++ b/machines/orbi/social-matrix-terranix.nix @@ -1,4 +1,10 @@ -{ config, pkgs, factsGenerator, components, ... }: +{ + config, + pkgs, + factsGenerator, + components, + ... +}: let # 1. create DNS entry `matrix.terranix.org A - 95.216.66.212` # 2. test with : https://federationtester.matrix.org/#terranix.org @@ -11,7 +17,8 @@ let synapse_port = 8008; federation_port = 8448; - shared_secret = config.clan.core.facts.services.matrix_terranix.secret."matrix-synapse.terranix.registration_shared_secret.yml"; + shared_secret = + config.clan.core.facts.services.matrix_terranix.secret."matrix-synapse.terranix.registration_shared_secret.yml"; matrix_create_user = pkgs.writers.writeBashBin "matrix-create-user-${name}" '' ${pkgs.matrix-synapse}/bin/register_new_matrix_user \ @@ -35,18 +42,27 @@ let pkgs.runCommand "element-web-with-config" { nativeBuildInputs = [ pkgs.buildPackages.jq ]; - } '' - cp -r ${pkgs.element-web} $out - chmod -R u+w $out - jq '."default_server_config"."m.homeserver" = { "base_url": "https://matrix.${domain}", "server_name": "${domain}" }' \ - > $out/config.json < ${pkgs.element-web}/config.json - ln -s $out/config.json $out/config.matrix.${domain}.json - ''; + } + '' + cp -r ${pkgs.element-web} $out + chmod -R u+w $out + jq '."default_server_config"."m.homeserver" = { "base_url": "https://matrix.${domain}", "server_name": "${domain}" }' \ + > $out/config.json < ${pkgs.element-web}/config.json + ln -s $out/config.json $out/config.matrix.${domain}.json + ''; in { - networking.firewall.allowedTCPPorts = [ 80 443 federation_port ]; - networking.firewall.allowedUDPPorts = [ 80 443 federation_port ]; + networking.firewall.allowedTCPPorts = [ + 80 + 443 + federation_port + ]; + networking.firewall.allowedUDPPorts = [ + 80 + 443 + federation_port + ]; clan.core.facts.services.matrix_terranix = factsGenerator.matrix-synapse { name = "terranix"; }; @@ -64,67 +80,67 @@ in }; }; - config = { config, lib, ... }: { - nixpkgs.pkgs = pkgs; - imports = [ "${components}/monitor/container.nix" ]; - system.stateVersion = "23.11"; - services.logrotate.checkConfig = false; # because uid 3000 does not exist in here + config = + { config, lib, ... }: + { + nixpkgs.pkgs = pkgs; + imports = [ "${components}/monitor/container.nix" ]; + system.stateVersion = "23.11"; + services.logrotate.checkConfig = false; # because uid 3000 does not exist in here - systemd.tmpfiles.settings.nextcloud = { - "/run/secrets/matrix-shared-secret"."C+" = { - user = "matrix-synapse"; - group = "matrix-synapse"; - mode = "400"; - argument = "/run/secrets/matrix-shared-secret.input"; + systemd.tmpfiles.settings.nextcloud = { + "/run/secrets/matrix-shared-secret"."C+" = { + user = "matrix-synapse"; + group = "matrix-synapse"; + mode = "400"; + argument = "/run/secrets/matrix-shared-secret.input"; + }; }; + + services.postgresql = { + enable = true; + initialScript = pkgs.writeText "synapse-init.sql" '' + CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; + CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + ''; + }; + + services.matrix-synapse = { + enable = true; + settings.server_name = domain; + # The public base URL value must match the `base_url` value set in `clientConfig` above. + # The default value here is based on `server_name`, so if your `server_name` is different + # from the value of `matrix.` above, you will likely run into some mismatched domain names + # in client applications. + settings.public_baseurl = baseUrl; + extraConfigFiles = [ "/run/secrets/matrix-shared-secret" ]; + settings.listeners = [ + { + port = synapse_port; + bind_addresses = [ "::1" ]; + type = "http"; + tls = false; + x_forwarded = true; + resources = [ + { + names = [ "client" ]; + compress = true; + } + { + names = [ "federation" ]; + compress = false; + } + ]; + } + ]; + }; + }; - - services.postgresql = { - enable = true; - initialScript = pkgs.writeText "synapse-init.sql" '' - CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; - CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - ''; - }; - - services.matrix-synapse = { - enable = true; - settings.server_name = domain; - # The public base URL value must match the `base_url` value set in `clientConfig` above. - # The default value here is based on `server_name`, so if your `server_name` is different - # from the value of `matrix.` above, you will likely run into some mismatched domain names - # in client applications. - settings.public_baseurl = baseUrl; - extraConfigFiles = [ "/run/secrets/matrix-shared-secret" ]; - settings.listeners = [ - { - port = synapse_port; - bind_addresses = [ "::1" ]; - type = "http"; - tls = false; - x_forwarded = true; - resources = [ - { - names = [ "client" ]; - compress = true; - } - { - names = [ "federation" ]; - compress = false; - } - ]; - } - ]; - }; - - - }; }; - services.nginx = { enable = true; recommendedTlsSettings = true; diff --git a/machines/probe/configuration.nix b/machines/probe/configuration.nix index a67f16f..d5bdc1c 100644 --- a/machines/probe/configuration.nix +++ b/machines/probe/configuration.nix @@ -1,4 +1,10 @@ -{ lib, config, pkgs, ... }: { +{ + lib, + config, + pkgs, + ... +}: +{ imports = [ ./hardware-configuration ]; @@ -14,7 +20,9 @@ components.monitor.enable = false; networking.hostName = "probe"; - users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJkqVvuJSvRMO5pG2CHNNBxjB7HlJudK4TQs3BhbOWOD" ]; + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJkqVvuJSvRMO5pG2CHNNBxjB7HlJudK4TQs3BhbOWOD" + ]; #users.users.root.initialPassword = "admin"; } diff --git a/machines/probe/hardware-configuration/default.nix b/machines/probe/hardware-configuration/default.nix index 57ff87b..92bcc7b 100644 --- a/machines/probe/hardware-configuration/default.nix +++ b/machines/probe/hardware-configuration/default.nix @@ -1,4 +1,9 @@ -{ config, factsGenerator, clanLib, ... }: +{ + config, + factsGenerator, + clanLib, + ... +}: { imports = [ #./disko-config-simple.nix diff --git a/machines/probe/hardware-configuration/hardware-configuration.nix b/machines/probe/hardware-configuration/hardware-configuration.nix index 9e5d555..7d633a9 100644 --- a/machines/probe/hardware-configuration/hardware-configuration.nix +++ b/machines/probe/hardware-configuration/hardware-configuration.nix @@ -1,15 +1,27 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { - imports = - [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.availableKernelModules = [ + "xhci_pci" + "ahci" + "nvme" + "usbhid" + "usb_storage" + "sd_mod" + ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; diff --git a/machines/sternchen/configuration.nix b/machines/sternchen/configuration.nix index 516c55f..67c1ecd 100644 --- a/machines/sternchen/configuration.nix +++ b/machines/sternchen/configuration.nix @@ -1,4 +1,10 @@ -{ config, pkgs, lib, ... }: { +{ + config, + pkgs, + lib, + ... +}: +{ imports = [ @@ -24,7 +30,6 @@ components.mainUser.enable = true; components.monitor.enable = false; - users.users.mainUser.extraGroups = [ "video" ]; home-manager.users.mainUser.home.git-pull.enable = false; @@ -83,4 +88,3 @@ }; } - diff --git a/machines/sternchen/hardware-configuration.nix b/machines/sternchen/hardware-configuration.nix index c07609d..761d6ab 100644 --- a/machines/sternchen/hardware-configuration.nix +++ b/machines/sternchen/hardware-configuration.nix @@ -1,14 +1,26 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ modulesPath, config, lib, pkgs, ... }: +{ + modulesPath, + config, + lib, + pkgs, + ... +}: { imports = [ "${modulesPath}/installer/scan/not-detected.nix" ]; - boot.initrd.availableKernelModules = - [ "ehci_pci" "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" ]; + boot.initrd.availableKernelModules = [ + "ehci_pci" + "ahci" + "xhci_pci" + "usb_storage" + "sd_mod" + "sdhci_pci" + ]; boot.initrd.kernelModules = [ "dm-snapshot" ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; @@ -55,7 +67,11 @@ # root # ---- fileSystems."/" = { - options = [ "noatime" "nodiratime" "discard" ]; + options = [ + "noatime" + "nodiratime" + "discard" + ]; device = "/dev/vg/root"; fsType = "ext4"; }; @@ -63,7 +79,11 @@ # home # ---- fileSystems."/home" = { - options = [ "noatime" "nodiratime" "discard" ]; + options = [ + "noatime" + "nodiratime" + "discard" + ]; device = "/dev/vg/home"; fsType = "ext4"; }; diff --git a/machines/sternchen/packages.nix b/machines/sternchen/packages.nix index e2c2c5f..e037593 100644 --- a/machines/sternchen/packages.nix +++ b/machines/sternchen/packages.nix @@ -1,5 +1,10 @@ -{ config, lib, pkgs, ... }: { - +{ + config, + lib, + pkgs, + ... +}: +{ # todo : put these into `/homes/tina` environment.systemPackages = with pkgs; [ @@ -12,15 +17,18 @@ zoom-us pdfarranger - ((ganttproject-bin.override { - jre = pkgs.openjdk11; - }).overrideAttrs (old: { - version = "3.1.3100"; - src = pkgs.fetchzip { - url = "https://dl.ganttproject.biz/ganttproject-3.1.3100/ganttproject-3.1.3100.zip"; - sha256 = "sha256-hw2paak0P670/kemiuqYHIaN0uUtkVKy+AX2X7OdnJ4="; - }; - })) + ( + (ganttproject-bin.override { + jre = pkgs.openjdk11; + }).overrideAttrs + (old: { + version = "3.1.3100"; + src = pkgs.fetchzip { + url = "https://dl.ganttproject.biz/ganttproject-3.1.3100/ganttproject-3.1.3100.zip"; + sha256 = "sha256-hw2paak0P670/kemiuqYHIaN0uUtkVKy+AX2X7OdnJ4="; + }; + }) + ) # graphic #krita @@ -39,7 +47,6 @@ gwenview skanlite - ]; } diff --git a/machines/sternchen/syncthing.nix b/machines/sternchen/syncthing.nix index 0316095..2d6dc8d 100644 --- a/machines/sternchen/syncthing.nix +++ b/machines/sternchen/syncthing.nix @@ -1,4 +1,10 @@ -{ config, pkgs, lib, ... }: { +{ + config, + pkgs, + lib, + ... +}: +{ services.syncthing = { guiAddress = "localhost:8384"; diff --git a/machines/usbstick/configuration.nix b/machines/usbstick/configuration.nix index e60fe0d..24f2007 100644 --- a/machines/usbstick/configuration.nix +++ b/machines/usbstick/configuration.nix @@ -1,4 +1,10 @@ -{ config, pkgs, lib, ... }: { +{ + config, + pkgs, + lib, + ... +}: +{ imports = [ @@ -50,4 +56,3 @@ system.stateVersion = "22.05"; # Did you read the comment? } - diff --git a/machines/usbstick/hardware-configuration/default.nix b/machines/usbstick/hardware-configuration/default.nix index feb2c6c..d629290 100644 --- a/machines/usbstick/hardware-configuration/default.nix +++ b/machines/usbstick/hardware-configuration/default.nix @@ -4,7 +4,6 @@ #./disko-config.nix # todo: not used yet (use a simple installer usb stick for that) ]; - # grub configuraton # ----------------- boot.loader.grub.enable = true; diff --git a/machines/usbstick/hardware-configuration/hardware-configuration.nix b/machines/usbstick/hardware-configuration/hardware-configuration.nix index a5a3652..4ec92a7 100644 --- a/machines/usbstick/hardware-configuration/hardware-configuration.nix +++ b/machines/usbstick/hardware-configuration/hardware-configuration.nix @@ -1,33 +1,44 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { - imports = - [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "usb_storage" "usbhid" "sd_mod" "sdhci_pci" ]; + boot.initrd.availableKernelModules = [ + "ehci_pci" + "ahci" + "xhci_pci" + "usb_storage" + "usbhid" + "sd_mod" + "sdhci_pci" + ]; boot.initrd.kernelModules = [ "dm-snapshot" ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; - fileSystems."/" = - { - #device = "/dev/disk/by-uuid/b3dc4880-fb1b-415d-a5a8-a53b9f0a9ab6"; - device = "/dev/mapper/root-enc"; - fsType = "ext4"; - }; + fileSystems."/" = { + #device = "/dev/disk/by-uuid/b3dc4880-fb1b-415d-a5a8-a53b9f0a9ab6"; + device = "/dev/mapper/root-enc"; + fsType = "ext4"; + }; boot.initrd.luks.devices."root-enc".device = "/dev/disk/by-uuid/c2a56e0f-f831-4d21-8cf4-7ddf3901ea8a"; - fileSystems."/boot" = - { - device = "/dev/disk/by-uuid/EBCE-D756"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/EBCE-D756"; + fsType = "vfat"; + }; swapDevices = [ ]; diff --git a/machines/usbstick/network-wireguard-wg0.nix b/machines/usbstick/network-wireguard-wg0.nix index 941c489..702c406 100644 --- a/machines/usbstick/network-wireguard-wg0.nix +++ b/machines/usbstick/network-wireguard-wg0.nix @@ -1,4 +1,9 @@ -{ config, factsGenerator, clanLib, ... }: +{ + config, + factsGenerator, + clanLib, + ... +}: { networking.firewall.allowedUDPPorts = [ 51820 ]; clan.core.facts.services.wireguard = factsGenerator.wireguard { name = "wg0"; }; diff --git a/machines/usbstick/syncthing.nix b/machines/usbstick/syncthing.nix index bc07e88..9bbad4b 100644 --- a/machines/usbstick/syncthing.nix +++ b/machines/usbstick/syncthing.nix @@ -1,4 +1,10 @@ -{ config, pkgs, lib, ... }: { +{ + config, + pkgs, + lib, + ... +}: +{ services.syncthing = { enable = true; diff --git a/modules/browser.nix b/modules/browser.nix index 46dadc0..c8dd718 100644 --- a/modules/browser.nix +++ b/modules/browser.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: # todo : this needs to be cleaned up @@ -16,9 +21,12 @@ let # desktop file # ------------ # makes it possible to be used by other programs - desktopFile = bin: - let browserName = bin.name; - in pkgs.writeTextFile { + desktopFile = + bin: + let + browserName = bin.name; + in + pkgs.writeTextFile { name = "${browserName}.desktop"; destination = "/share/applications/${browserName}.desktop"; text = '' @@ -36,10 +44,11 @@ let ''; }; - killBrowser = name: - pkgs.writeShellScriptBin "${name}-kill" "sudo ${pkgs.killall}/bin/killall -9 -u ${name}"; + killBrowser = + name: pkgs.writeShellScriptBin "${name}-kill" "sudo ${pkgs.killall}/bin/killall -9 -u ${name}"; - cleanBrowser = name: browser: home: homeBackup: + cleanBrowser = + name: browser: home: homeBackup: let backupFile = "${homeBackup}.tar.lzma"; rolloutFile = "${home}.tar.lzma"; @@ -52,7 +61,8 @@ let sudo rm -rf ${home} ''; - createBrowser = name: user: browser: home: homeBackup: + createBrowser = + name: user: browser: home: homeBackup: let backupFile = "${homeBackup}.tar.lzma"; rolloutFile = "${home}.tar.lzma"; @@ -84,7 +94,8 @@ let browserExecutableList = let - allBrowser = flip mapAttrsToList cfg.configList (name: config: + allBrowser = flip mapAttrsToList cfg.configList ( + name: config: let browser = if config.browserType == "chrome" then @@ -94,17 +105,20 @@ let else ''${firefoxBin} "$@"''; in - createBrowser name config.user browser config.home config.homeBackup); + createBrowser name config.user browser config.home config.homeBackup + ); xclipBrowser = [ (pkgs.writeShellScriptBin "copy-to-xclip" # sh '' echo "$*" | ${pkgs.xclip}/bin/xclip - '') + '' + ) ]; in allBrowser ++ xclipBrowser; - createBackupScript = name: home: backupHome: + createBackupScript = + name: home: backupHome: createBackupScriptTemplate { sudo = name; name = name; @@ -132,43 +146,47 @@ let ]; }; - createBackupScriptTemplate = { sudo, name, source, target, excludes ? [ ] }: - pkgs.writers.writeBashBin "${name}-backup" - '' - sudo -u ${sudo} \ - ${tarBin} \ - ${concatStringsSep " " (map (pattern: "--exclude=\"${pattern}\"") excludes)} \ - --create \ - --verbos \ - --lzma \ - --file ${source}.tar.lzma \ - --directory ${source} \ - . + createBackupScriptTemplate = + { + sudo, + name, + source, + target, + excludes ? [ ], + }: + pkgs.writers.writeBashBin "${name}-backup" '' + sudo -u ${sudo} \ + ${tarBin} \ + ${concatStringsSep " " (map (pattern: "--exclude=\"${pattern}\"") excludes)} \ + --create \ + --verbos \ + --lzma \ + --file ${source}.tar.lzma \ + --directory ${source} \ + . - cp ${source}.tar.lzma ${target}.tar.lzma - ''; + cp ${source}.tar.lzma ${target}.tar.lzma + ''; allBackupScripts = let - filteredConfigs = - filterAttrs (name: browserConfig: browserConfig.homeBackup != null) - cfg.configList; + filteredConfigs = filterAttrs ( + name: browserConfig: browserConfig.homeBackup != null + ) cfg.configList; in - mapAttrsToList - (name: browserConfig: - createBackupScript name browserConfig.home browserConfig.homeBackup) - filteredConfigs; + mapAttrsToList ( + name: browserConfig: createBackupScript name browserConfig.home browserConfig.homeBackup + ) filteredConfigs; allCleanScripts = let - filteredConfigs = - filterAttrs (name: browserConfig: browserConfig.homeBackup != null) - cfg.configList; + filteredConfigs = filterAttrs ( + name: browserConfig: browserConfig.homeBackup != null + ) cfg.configList; in - mapAttrsToList - (name: browserConfig: - cleanBrowser name name browserConfig.home browserConfig.homeBackup) - filteredConfigs; + mapAttrsToList ( + name: browserConfig: cleanBrowser name name browserConfig.home browserConfig.homeBackup + ) filteredConfigs; allKillScripts = mapAttrsToList (name: _: killBrowser name) cfg.configList; @@ -177,16 +195,15 @@ let browserSelect = pkgs.writeScriptBin "browser-select" '' # select a browser using dmenu # ---------------------------- - BROWSER=$( echo -e "${ - lib.concatMapStringsSep "\\n" (bin: bin.name) browserExecutableList - }" \ + BROWSER=$( echo -e "${lib.concatMapStringsSep "\\n" (bin: bin.name) browserExecutableList}" \ | ${pkgs.rofi}/bin/rofi -dmenu ) # start selected browser # ---------------------- case $BROWSER in - ${lib.concatStringsSep "\n" (flip map browserExecutableList - (bin: "${bin.name}) export BIN=${bin}/bin/${bin.name} ;;"))} + ${lib.concatStringsSep "\n" ( + flip map browserExecutableList (bin: "${bin.name}) export BIN=${bin}/bin/${bin.name} ;;") + )} *) exit 0 ;; esac $BIN "$@" @@ -200,55 +217,67 @@ in # todo : it's not a list configList = mkOption { default = { }; - type = with types; - attrsOf (submodule ({ name, ... }: { - options = { - browserType = mkOption { - type = with types; enum [ "firefox" "chrome" "google" ]; - default = "chrome"; - description = '' - the type of browser which is simulated - ''; - }; - home = mkOption { - type = with types; str; - description = '' - Home of the browser. - ''; - }; - gpu = mkOption { - type = with types; bool; - default = true; - description = '' - add browser user to video group so give browser rights to use gpu. - see : chrome://gpu/ - ''; - }; - user = mkOption { - default = name; - type = with types; str; - description = '' - user to run the browser as - ''; - }; - sudoUsers = mkOption { - type = with types; listOf str; - description = '' - user allowed to run sudo without password to start the browser - ''; - }; - homeBackup = mkOption { - type = with types; nullOr str; - default = null; - example = "~/.my-browser-backup"; - description = '' - backup of the home, which gets rolled out if the - home does not exists. usefull for homes in tmpfs. - dont use file endings! - ''; - }; - }; - })); + type = + with types; + attrsOf ( + submodule ( + { name, ... }: + { + options = { + browserType = mkOption { + type = + with types; + enum [ + "firefox" + "chrome" + "google" + ]; + default = "chrome"; + description = '' + the type of browser which is simulated + ''; + }; + home = mkOption { + type = with types; str; + description = '' + Home of the browser. + ''; + }; + gpu = mkOption { + type = with types; bool; + default = true; + description = '' + add browser user to video group so give browser rights to use gpu. + see : chrome://gpu/ + ''; + }; + user = mkOption { + default = name; + type = with types; str; + description = '' + user to run the browser as + ''; + }; + sudoUsers = mkOption { + type = with types; listOf str; + description = '' + user allowed to run sudo without password to start the browser + ''; + }; + homeBackup = mkOption { + type = with types; nullOr str; + default = null; + example = "~/.my-browser-backup"; + description = '' + backup of the home, which gets rolled out if the + home does not exists. usefull for homes in tmpfs. + dont use file endings! + ''; + }; + }; + } + ) + ); }; }; @@ -257,9 +286,10 @@ in # add sudo rights security.sudo.extraConfig = let - extraRules = flip mapAttrsToList cfg.configList (name: values: - concatStringsSep "" (map - (sudoUser: '' + extraRules = flip mapAttrsToList cfg.configList ( + name: values: + concatStringsSep "" ( + map (sudoUser: '' # sudo configuration to control browser ${sudoUser} ALL=(${values.user}) NOPASSWD: ALL ${sudoUser} ALL=(root) NOPASSWD: /run/current-system/sw/bin/mkdir -p ${values.home} @@ -267,36 +297,45 @@ in ${sudoUser} ALL=(root) NOPASSWD: ${pkgs.killall}/bin/killall -9 -u ${name} ${sudoUser} ALL=(root) NOPASSWD: /run/current-system/sw/bin/rm -rf ${values.home} ${sudoUser} ALL=(root) NOPASSWD: /run/current-system/sw/bin/rm -f ${values.home}-lock - '') - values.sudoUsers)); + '') values.sudoUsers + ) + ); in lib.concatStringsSep "\n" extraRules; # create users - users.users = flip mapAttrs cfg.configList - (name: config: { - home = config.home; - createHome = false; - initialPassword = "${name} -browser"; - shell = pkgs.bashInteractive; - isNormalUser = false; - isSystemUser = true; - group = "users"; - # enable video usage - extraGroups = [ "audio" "pipewire" ] ++ (if config.gpu then [ "video" ] else [ ]); - }) // { - # add groups to mainUser - mainUser.extraGroups = builtins.attrNames cfg.configList; - }; + users.users = + flip mapAttrs cfg.configList ( + name: config: { + home = config.home; + createHome = false; + initialPassword = "${name} -browser"; + shell = pkgs.bashInteractive; + isNormalUser = false; + isSystemUser = true; + group = "users"; + # enable video usage + extraGroups = [ + "audio" + "pipewire" + ] ++ (if config.gpu then [ "video" ] else [ ]); + } + ) + // { + # add groups to mainUser + mainUser.extraGroups = builtins.attrNames cfg.configList; + }; - environment.systemPackages = [ - browserSelect - (desktopFile browserSelect) - ] - ++ browserExecutableList - ++ (map (bin: desktopFile bin) browserExecutableList) ++ allBackupScripts - ++ allCleanScripts ++ allKillScripts; + environment.systemPackages = + [ + browserSelect + (desktopFile browserSelect) + ] + ++ browserExecutableList + ++ (map (bin: desktopFile bin) browserExecutableList) + ++ allBackupScripts + ++ allCleanScripts + ++ allKillScripts; }; } - diff --git a/modules/castget.nix b/modules/castget.nix index f2061f1..d565e63 100644 --- a/modules/castget.nix +++ b/modules/castget.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: with lib; with types; let @@ -37,7 +42,9 @@ in }; timerConfig = mkOption { type = attrsOf str; - default = { OnCalendar = "daily"; }; + default = { + OnCalendar = "daily"; + }; example = { OnCalendar = "00:05"; RandomizedDelaySec = "5h"; @@ -76,20 +83,17 @@ in configurationFile = let - configurations = mapAttrsToList - (key: value: '' - [${key}] - url=${value.url} - spool=${value.spool} - '') - cfg.feeds; + configurations = mapAttrsToList (key: value: '' + [${key}] + url=${value.url} + spool=${value.spool} + '') cfg.feeds; in - (pkgs.writeText "castget-configuration" - (concatStringsSep "" configurations)); + (pkgs.writeText "castget-configuration" (concatStringsSep "" configurations)); in - (concatMapStringsSep "\n" - (channel: "${castget} --rcfile ${configurationFile} ${channel}") - channels); + (concatMapStringsSep "\n" ( + channel: "${castget} --rcfile ${configurationFile} ${channel}" + ) channels); }; systemd.timers."${cfg.serviceName}" = { diff --git a/modules/rbackup.nix b/modules/rbackup.nix index 68296e7..c6e1147 100644 --- a/modules/rbackup.nix +++ b/modules/rbackup.nix @@ -1,10 +1,16 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: with lib; let escape = escapeShellArg; cfg = config.rbackup; - start = name: plan: + start = + name: plan: let login-name = "root"; identity = plan.sshKeyPath; @@ -29,65 +35,70 @@ in options.rbackup = { plans = mkOption { default = { }; - type = types.attrsOf - (types.submodule ({ config, ... }: { - options = { - sshKeyPath = mkOption { - type = types.str; - }; - src = mkOption { - type = types.str; - }; - dst = mkOption { - type = types.str; - }; - startAt = mkOption { - default = "hourly"; - type = with types; nullOr str; # TODO systemd.time(7)'s calendar event - }; - delete = mkOption { - type = types.bool; - default = true; - description = "delete old files (adds the --delete argument to rsync)"; - }; - timerConfig = mkOption { - type = with types; attrsOf str; - default = optionalAttrs (config.startAt != null) { - OnCalendar = config.startAt; + type = types.attrsOf ( + types.submodule ( + { config, ... }: + { + options = { + sshKeyPath = mkOption { + type = types.str; + }; + src = mkOption { + type = types.str; + }; + dst = mkOption { + type = types.str; + }; + startAt = mkOption { + default = "hourly"; + type = with types; nullOr str; # TODO systemd.time(7)'s calendar event + }; + delete = mkOption { + type = types.bool; + default = true; + description = "delete old files (adds the --delete argument to rsync)"; + }; + timerConfig = mkOption { + type = with types; attrsOf str; + default = optionalAttrs (config.startAt != null) { + OnCalendar = config.startAt; + }; }; }; - }; - })); + } + ) + ); }; }; config = { - systemd.services = - mapAttrs' - (name: plan: nameValuePair "rbackup.${name}" { - path = with pkgs; [ - coreutils - gnused - openssh - rsync - util-linux - ]; - restartIfChanged = false; - serviceConfig = rec { - ExecStart = start name plan; - SyslogIdentifier = ExecStart.name; - Type = "oneshot"; - }; - }) - cfg.plans; + systemd.services = mapAttrs' ( + name: plan: + nameValuePair "rbackup.${name}" { + path = with pkgs; [ + coreutils + gnused + openssh + rsync + util-linux + ]; + restartIfChanged = false; + serviceConfig = rec { + ExecStart = start name plan; + SyslogIdentifier = ExecStart.name; + Type = "oneshot"; + }; + } + ) cfg.plans; - systemd.timers = mapAttrs' - (name: plan: nameValuePair "rbackup.${name}" { + systemd.timers = mapAttrs' ( + name: plan: + nameValuePair "rbackup.${name}" { wantedBy = [ "timers.target" ]; timerConfig = plan.timerConfig; - }) - cfg.plans; + } + ) cfg.plans; }; diff --git a/modules/samba-share.nix b/modules/samba-share.nix index d9f7615..38cf3f8 100644 --- a/modules/samba-share.nix +++ b/modules/samba-share.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: with lib; with types; @@ -24,11 +29,14 @@ in description = '' folders to share as readonly ''; - example = { public = "/srv/downloads/movies"; }; + example = { + public = "/srv/downloads/movies"; + }; }; private = mkOption { default = { }; - type = with types; + type = + with types; attrsOf (submodule { options = { users = mkOption { @@ -64,8 +72,8 @@ in disable spoolss = yes ''; - shares = mapAttrs' - (name: path: { + shares = + mapAttrs' (name: path: { name = name; value = { browsable = "yes"; @@ -74,10 +82,11 @@ in "read only" = "yes"; "guest ok" = "yes"; }; - }) - cfg.folders // (mapAttrs' - (name: - { users, folder, ... }: { + }) cfg.folders + // (mapAttrs' ( + name: + { users, folder, ... }: + { name = name; value = { browsable = "yes"; @@ -87,8 +96,8 @@ in "read only" = "no"; "guest ok" = "no"; }; - }) - cfg.private); + } + ) cfg.private); }; #users.users.smbguest = { @@ -109,8 +118,16 @@ in }) (mkIf cfg.openPorts { - networking.firewall.allowedTCPPorts = [ 445 139 5357 ]; - networking.firewall.allowedUDPPorts = [ 137 138 3702 ]; + networking.firewall.allowedTCPPorts = [ + 445 + 139 + 5357 + ]; + networking.firewall.allowedUDPPorts = [ + 137 + 138 + 3702 + ]; }) (mkIf cfg.enableWSDD { diff --git a/modules/taskwarrior-autotag.nix b/modules/taskwarrior-autotag.nix index 87cea1b..fd2cdea 100644 --- a/modules/taskwarrior-autotag.nix +++ b/modules/taskwarrior-autotag.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: with lib; with types; @@ -14,7 +19,10 @@ in default = "4:00:00"; }; recurrence = mkOption { - type = enum [ "on" "off" ]; + type = enum [ + "on" + "off" + ]; default = "off"; }; query = mkOption { diff --git a/modules/taskwarrior-pushover.nix b/modules/taskwarrior-pushover.nix index 1cffa6a..d422e39 100644 --- a/modules/taskwarrior-pushover.nix +++ b/modules/taskwarrior-pushover.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: with lib; with types; @@ -14,7 +19,10 @@ in default = "4:00:00"; }; recurrence = mkOption { - type = enum [ "on" "off" ]; + type = enum [ + "on" + "off" + ]; default = "off"; }; pushoverApiTokenFile = mkOption { @@ -89,9 +97,10 @@ in ''; # tags as title title = - if (cfg.tagsInTitle && (cfg.tagLimitInTitle > 0)) - then ''(.tags | if . == null or . == [] then "taskwarrior" else [limit(${toString cfg.tagLimitInTitle};.[])] | join(",") end)'' - else ''"taskwarrior"''; + if (cfg.tagsInTitle && (cfg.tagLimitInTitle > 0)) then + ''(.tags | if . == null or . == [] then "taskwarrior" else [limit(${toString cfg.tagLimitInTitle};.[])] | join(",") end)'' + else + ''"taskwarrior"''; in '' if [ -d /var/lib/${name}/${cfg.dataDir} ] diff --git a/pkgs/default.nix b/pkgs/default.nix index 8b5f191..8573857 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -2,9 +2,11 @@ self: super: -let callPackage = super.pkgs.callPackage; +let + callPackage = super.pkgs.callPackage; -in { +in +{ otpmenu = callPackage ./otpmenu { }; #sononym = callPackage ./sononym { }; diff --git a/pkgs/otpmenu/default.nix b/pkgs/otpmenu/default.nix index 586f245..b6c30e7 100644 --- a/pkgs/otpmenu/default.nix +++ b/pkgs/otpmenu/default.nix @@ -1,11 +1,12 @@ -{ lib -, symlinkJoin -, rofi -, gnused -, pass -, writeTextFile -, writeShellScriptBin -, xdotool +{ + lib, + symlinkJoin, + rofi, + gnused, + pass, + writeTextFile, + writeShellScriptBin, + xdotool, }: let @@ -28,26 +29,30 @@ let ''; }; - bin = writeShellScriptBin name # sh - '' - set -efu + bin = + writeShellScriptBin name # sh + '' + set -efu - x=$( - ${pass.withExtensions (ext: [ext.pass-otp])}/bin/pass git ls-files '*/otp.gpg' \ - | ${gnused}/bin/sed 's:/otp\.gpg$::' \ - | ${rofi}/bin/rofi -dmenu -f -p OTP - ) + x=$( + ${pass.withExtensions (ext: [ ext.pass-otp ])}/bin/pass git ls-files '*/otp.gpg' \ + | ${gnused}/bin/sed 's:/otp\.gpg$::' \ + | ${rofi}/bin/rofi -dmenu -f -p OTP + ) - otp=$(${pass.withExtensions (ext: [ext.pass-otp])}/bin/pass otp code "$x/otp") + otp=$(${pass.withExtensions (ext: [ ext.pass-otp ])}/bin/pass otp code "$x/otp") - printf %s "$otp" | ${xdotool}/bin/xdotool type -f - - ''; + printf %s "$otp" | ${xdotool}/bin/xdotool type -f - + ''; in symlinkJoin rec { version = "1.0.0"; name = "otpMenu-${version}"; - paths = [ bin desktopFile ]; + paths = [ + bin + desktopFile + ]; meta = with lib; { description = "similar to passmenu shows and prints otp"; homepage = "https://your.mama"; @@ -56,4 +61,3 @@ symlinkJoin rec { maintainers = with maintainers; [ mrVanDalo ]; }; } - diff --git a/pkgs/pkl/default.nix b/pkgs/pkl/default.nix index a189e6a..abede00 100644 --- a/pkgs/pkl/default.nix +++ b/pkgs/pkl/default.nix @@ -1,12 +1,13 @@ -{ stdenv -, jdk17 -, gradle_7 -, lib -, fetchFromGitHub -, jre -, perl -, git -, util-linux +{ + stdenv, + jdk17, + gradle_7, + lib, + fetchFromGitHub, + jre, + perl, + git, + util-linux, }: let @@ -74,7 +75,12 @@ let }; in stdenv.mkDerivation rec { - inherit pname version src deps; + inherit + pname + version + src + deps + ; nativeBuildInputs = [ git @@ -111,4 +117,3 @@ stdenv.mkDerivation rec { mainProgram = "pkl"; }; } - diff --git a/pkgs/sononym-crawler/default.nix b/pkgs/sononym-crawler/default.nix index 0ff2812..48b785e 100644 --- a/pkgs/sononym-crawler/default.nix +++ b/pkgs/sononym-crawler/default.nix @@ -1,4 +1,9 @@ -{ pkgs, lib, stdenv, fetchurl }: +{ + pkgs, + lib, + stdenv, + fetchurl, +}: with lib; @@ -43,8 +48,8 @@ in # --------------------- # these are packages which are compiled for the target # system architecture - targetPkgs = pkgs: - with pkgs; [ + targetPkgs = + pkgs: with pkgs; [ sononymPkg diff --git a/pkgs/sononym/default.nix b/pkgs/sononym/default.nix index 9b9d6d4..b9c7388 100644 --- a/pkgs/sononym/default.nix +++ b/pkgs/sononym/default.nix @@ -1,4 +1,8 @@ -{ pkgs, stdenv, fetchurl }: +{ + pkgs, + stdenv, + fetchurl, +}: with lib; @@ -43,8 +47,8 @@ in # --------------------- # these are packages which are compiled for the target # system architecture - targetPkgs = pkgs: - with pkgs; [ + targetPkgs = + pkgs: with pkgs; [ sononymPkg diff --git a/pkgs/taskwarrior-hooks/default.nix b/pkgs/taskwarrior-hooks/default.nix index c1bbf70..f93fd27 100644 --- a/pkgs/taskwarrior-hooks/default.nix +++ b/pkgs/taskwarrior-hooks/default.nix @@ -1,4 +1,9 @@ -{ rustPlatform, fetchFromGitHub, lib, ... }: +{ + rustPlatform, + fetchFromGitHub, + lib, + ... +}: rustPlatform.buildRustPackage rec { name = "taskwarrior-hooks-${version}"; @@ -16,12 +21,10 @@ rustPlatform.buildRustPackage rec { #verifyCargoDeps = true; meta = with lib; { - description = - "A fast line-oriented regex search tool, similar to ag and ack"; + description = "A fast line-oriented regex search tool, similar to ag and ack"; homepage = "https://github.com/mrvandalo/taskwarrior-hooks"; license = licenses.gpl3; maintainers = [ maintainers.mrVanDalo ]; platforms = platforms.all; }; } - diff --git a/scripts/shell.nix b/scripts/shell.nix index 4c36589..5e759a4 100644 --- a/scripts/shell.nix +++ b/scripts/shell.nix @@ -1,4 +1,6 @@ -{ pkgs ? import { } }: +{ + pkgs ? import { }, +}: pkgs.mkShell { buildInputs = [ diff --git a/system/all/default.nix b/system/all/default.nix index f337504..37a48f4 100644 --- a/system/all/default.nix +++ b/system/all/default.nix @@ -1,4 +1,10 @@ -{ lib, config, pkgs, ... }: { +{ + lib, + config, + pkgs, + ... +}: +{ imports = [ diff --git a/system/all/defaults.nix b/system/all/defaults.nix index 458f6da..f67b813 100644 --- a/system/all/defaults.nix +++ b/system/all/defaults.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: { imports = [ ./packages.nix ]; diff --git a/system/all/grub.nix b/system/all/grub.nix index 8b3858c..fc8b2fd 100644 --- a/system/all/grub.nix +++ b/system/all/grub.nix @@ -1,4 +1,9 @@ -{ pkgs, lib, config, ... }: +{ + pkgs, + lib, + config, + ... +}: let falloutGrubTheme = pkgs.fetchgit { url = "https://github.com/shvchk/fallout-grub-theme.git"; diff --git a/system/all/networking-qos.nix b/system/all/networking-qos.nix index 2a57816..aa0d3e4 100644 --- a/system/all/networking-qos.nix +++ b/system/all/networking-qos.nix @@ -1,4 +1,10 @@ -{ pkgs, config, lib, ... }: { +{ + pkgs, + config, + lib, + ... +}: +{ options.configuration.fireqos = with lib; { enable = mkEnableOption "enable"; @@ -28,9 +34,12 @@ config = let - kbits = number: - import (pkgs.runCommand "round-${toString number}" { } - ''awk 'BEGIN{printf "\"%ikbit\"", ${toString number}}' > $out''); + kbits = + number: + import ( + pkgs.runCommand "round-${toString number}" { } + ''awk 'BEGIN{printf "\"%ikbit\"", ${toString number}}' > $out'' + ); interface = config.configuration.fireqos.interface; input = "${toString config.configuration.fireqos.input}kbit"; @@ -51,77 +60,71 @@ systemd.services.fireqos.wantedBy = [ "multi-user.target" ]; services.fireqos.config = '' - # ------------------- world + # ------------------- world - interface ${interface} world-in input rate ${input} ${ - lib.optionalString useBalancedForExperimenting "balanced" - } + interface ${interface} world-in input rate ${input} ${lib.optionalString useBalancedForExperimenting "balanced"} - class ssh commit 300kbit - match tcp port 22 + class ssh commit 300kbit + match tcp port 22 - class http commit 80% - match tcp port 80,443 + class http commit 80% + match tcp port 80,443 - #class tinc commit 80% - # match port ${lib.concatStringsSep "," tincPorts} + #class tinc commit 80% + # match port ${lib.concatStringsSep "," tincPorts} - class surfing commit 30% - match tcp sports 0:1023 # include TCP traffic from port 0-1023 + class surfing commit 30% + match tcp sports 0:1023 # include TCP traffic from port 0-1023 - interface ${interface} world-out output rate ${output} ${ - lib.optionalString useBalancedForExperimenting "balanced" - } + interface ${interface} world-out output rate ${output} ${lib.optionalString useBalancedForExperimenting "balanced"} - class ssh commit 500kbit - match tcp port 22 + class ssh commit 500kbit + match tcp port 22 - class http commit 80% - match tcp port 80,443 + class http commit 80% + match tcp port 80,443 - class tinc commit 80% - match port ${lib.concatStringsSep "," tincPorts} + class tinc commit 80% + match port ${lib.concatStringsSep "," tincPorts} - class surfing commit 5% - match tcp dports 0:1023 # include TCP traffic to port 0-1023 + class surfing commit 5% + match tcp dports 0:1023 # include TCP traffic to port 0-1023 - # ------------------- tinc + # ------------------- tinc - interface tinc.private tinc bidirectional input rate ${tincInput} output rate ${tincOutput} ${ - lib.optionalString useBalancedForExperimenting "balanced" - } + interface tinc.private tinc bidirectional input rate ${tincInput} output rate ${tincOutput} ${lib.optionalString useBalancedForExperimenting "balanced"} - class ssh commit 300kbit - match dport 22 # ssh - match dport 2222 # gogs ssh - match udp dport 60001:60999 # mosh + class ssh commit 300kbit + match dport 22 # ssh + match dport 2222 # gogs ssh + match udp dport 60001:60999 # mosh - # public servers - class public commit 80% - match port 80,443 - match port 3000 # gogs - match port 8000 # bepasty + # public servers + class public commit 80% + match port 80,443 + match port 3000 # gogs + match port 8000 # bepasty - class homeassistant commit 100kbit - match tcp port ${toString config.services.home-assistant.port} + class homeassistant commit 100kbit + match tcp port ${toString config.services.home-assistant.port} - class prometheus commit 100kbit - match tcp port 19999 # netdata - match tcp port 9113 # netdata exporter - match port 11201 # graylog sink + class prometheus commit 100kbit + match tcp port 19999 # netdata + match tcp port 9113 # netdata exporter + match port 11201 # graylog sink - class wuis commit 100kbit - match port 8384 # syncthing - match port 8123 # home-assistant - match port 5656 # grafana - match port 8080 # kodi - match port 9090 # prometheus - match port 9000 # graylog + class wuis commit 100kbit + match port 8384 # syncthing + match port 8123 # home-assistant + match port 5656 # grafana + match port 8080 # kodi + match port 9090 # prometheus + match port 9000 # graylog - class syncthing - match port 22000 + class syncthing + match port 22000 - ''; + ''; }; diff --git a/system/all/nginx-landingpage.nix b/system/all/nginx-landingpage.nix index d715db6..bac1b32 100644 --- a/system/all/nginx-landingpage.nix +++ b/system/all/nginx-landingpage.nix @@ -1,4 +1,10 @@ -{ config, lib, pkgs, ... }: { +{ + config, + lib, + pkgs, + ... +}: +{ # deprecated services.nginx.virtualHosts."${config.networking.hostName}.private" = { default = true; diff --git a/system/all/nginx.nix b/system/all/nginx.nix index 5add99e..18a5d61 100644 --- a/system/all/nginx.nix +++ b/system/all/nginx.nix @@ -37,7 +37,6 @@ in # access_log syslog:server=unix:/dev/log logfmt; # ''; - # for graylog logging #commonHttpConfig = '' # log_format graylog2_json escape=json '{ "timestamp": "$time_iso8601", ' diff --git a/system/all/packages.nix b/system/all/packages.nix index cb1a671..6d42a84 100644 --- a/system/all/packages.nix +++ b/system/all/packages.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: let @@ -8,26 +13,24 @@ let ps aux | awk '{mem[$11]+=int($6/1024)}; {cpuper[$11]+=$3};{memper[$11]+=$4}; END {for (i in mem) {printf "%6.2f%% %6.2f%% %10.2f MB : %s\n", cpuper[i],memper[i],mem[i],i}}' | sort -k3nr | head -n 5 ''; - prefetch-git-rendered = - pkgs.writeShellScriptBin "nix-prefetch-git-rendered" '' - ${pkgs.nix-prefetch-scripts}/bin/nix-prefetch-git "$@" \ - | ${pkgs.jq}/bin/jq --raw-output '"pkgs.fetchgit{ - url = \"\(.url)\"; - rev = \"\(.rev)\"; - sha256 = \"\(.sha256)\"; - };"' - ''; + prefetch-git-rendered = pkgs.writeShellScriptBin "nix-prefetch-git-rendered" '' + ${pkgs.nix-prefetch-scripts}/bin/nix-prefetch-git "$@" \ + | ${pkgs.jq}/bin/jq --raw-output '"pkgs.fetchgit{ + url = \"\(.url)\"; + rev = \"\(.rev)\"; + sha256 = \"\(.sha256)\"; + };"' + ''; - prefetch-url-rendered = - pkgs.writeShellScriptBin "nix-prefetch-url-rendered" '' - HASH=$( ${pkgs.nix}/bin/nix-prefetch-url "$1" ) - cat <