diff --git a/.gitignore b/.gitignore index 8ab5ca7..781ced8 100644 --- a/.gitignore +++ b/.gitignore @@ -1,41 +1,27 @@ * +!.gitignore + !docs/ !hosts/ - -!hosts/cube/ -!hosts/cube/acme/ -!hosts/cube/forgejo/ -!hosts/cube/grafana/ -!hosts/cube/matrix/ -!hosts/cube/nextcloud/ - -!hosts/disk/ -!hosts/disk/mail/ - -!hosts/nine/ -!hosts/nine/github2forgejo/ - !hosts/pala/ -!modules/ -!modules/hyprland/ -!modules/nushell/ -!modules/restic/ -!modules/ssh/ - !lib/ -!options/ +!modules/ +!modules/common/ +!modules/common/nushell/ +!modules/common/ssh/ +!modules/darwin/ +!modules/linux/ +!modules/linux/hyprland/ +!modules/linux/restic/ -!.gitignore !flake.lock !*.age -!*.gif !*.md !*.nix !*.nu -!*.png !*.txt diff --git a/docs/README.md b/docs/README.md index 6d849a1..06ebfa3 100644 --- a/docs/README.md +++ b/docs/README.md @@ -1,12 +1,10 @@ # NCC -RGBCube's NixOS Configuration Collection. +RGBCube's Configuration Collection. ## License ``` -MIT License - Copyright (c) 2023-present RGBCube Permission is hereby granted, free of charge, to any person obtaining a copy @@ -26,5 +24,4 @@ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - ``` diff --git a/flake.lock b/flake.lock index a93662e..8243c6c 100644 --- a/flake.lock +++ b/flake.lock @@ -1,10 +1,12 @@ { "nodes": { - "ageNix": { + "agenix": { "inputs": { - "darwin": "darwin", + "darwin": [ + "nix-darwin" + ], "home-manager": [ - "homeManager" + "home-manager" ], "nixpkgs": [ "nixpkgs" @@ -25,55 +27,6 @@ "type": "github" } }, - "aquamarine": { - "inputs": { - "hyprutils": [ - "hyprland", - "hyprutils" - ], - "hyprwayland-scanner": [ - "hyprland", - "hyprwayland-scanner" - ], - "nixpkgs": [ - "hyprland", - "nixpkgs" - ], - "systems": [ - "hyprland", - "systems" - ] - }, - "locked": { - "lastModified": 1736102453, - "narHash": "sha256-5qb4kb7Xbt8jJFL/oDqOor9Z2+E+A+ql3PiyDvsfWZ0=", - "owner": "hyprwm", - "repo": "aquamarine", - "rev": "4846091641f3be0ad7542086d52769bb7932bde6", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "aquamarine", - "type": "github" - } - }, - "blobs": { - "flake": false, - "locked": { - "lastModified": 1604995301, - "narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=", - "owner": "simple-nixos-mailserver", - "repo": "blobs", - "rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265", - "type": "gitlab" - }, - "original": { - "owner": "simple-nixos-mailserver", - "repo": "blobs", - "type": "gitlab" - } - }, "crash": { "inputs": { "nixpkgs": [ @@ -94,28 +47,6 @@ "type": "github" } }, - "darwin": { - "inputs": { - "nixpkgs": [ - "ageNix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1700795494, - "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", - "owner": "lnl7", - "repo": "nix-darwin", - "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", - "type": "github" - }, - "original": { - "owner": "lnl7", - "ref": "master", - "repo": "nix-darwin", - "type": "github" - } - }, "fenix": { "inputs": { "nixpkgs": "nixpkgs", @@ -138,11 +69,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", "owner": "edolstra", "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", "type": "github" }, "original": { @@ -151,92 +82,88 @@ "type": "github" } }, - "flake-compat_2": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "github2forgejo": { + "flake-parts": { "inputs": { - "nixpkgs": [ + "nixpkgs-lib": [ + "nix", "nixpkgs" - ], + ] + }, + "locked": { + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-utils": { + "inputs": { "systems": "systems_2" }, "locked": { - "lastModified": 1716973075, - "narHash": "sha256-sRuA57ERuh3McOBl5QbaVwYpG4g4DO0LY2pTDgGlw6A=", - "owner": "RGBCube", - "repo": "GitHub2Forgejo", - "rev": "0cb9aac71bb22f8058d1db8eb3ba62e83f5641bf", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { - "owner": "RGBCube", - "repo": "GitHub2Forgejo", + "owner": "numtide", + "repo": "flake-utils", "type": "github" } }, - "gitignore": { + "git-hooks-nix": { "inputs": { + "flake-compat": [ + "nix" + ], + "gitignore": [ + "nix" + ], "nixpkgs": [ - "hyprland", - "pre-commit-hooks", + "nix", + "nixpkgs" + ], + "nixpkgs-stable": [ + "nix", "nixpkgs" ] }, "locked": { - "lastModified": 1709087332, - "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", - "owner": "hercules-ci", - "repo": "gitignore.nix", - "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "lastModified": 1734279981, + "narHash": "sha256-NdaCraHPp8iYMWzdXAt5Nv6sA3MUzlCiGiR586TCwo0=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "aa9f40c906904ebd83da78e7f328cd8aeaeae785", "type": "github" }, "original": { - "owner": "hercules-ci", - "repo": "gitignore.nix", + "owner": "cachix", + "repo": "git-hooks.nix", "type": "github" } }, - "hardware": { - "locked": { - "lastModified": 1736283893, - "narHash": "sha256-BG1FfTexFwNty5VhYjaQLMR6CMPfI3QRcaZrFQYu2EM=", - "owner": "NixOS", - "repo": "nixos-hardware", - "rev": "4f339f6be2b61662f957c2ee9eda0fa597d8a6d6", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "nixos-hardware", - "type": "github" - } - }, - "homeManager": { + "home-manager": { "inputs": { "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1736277415, - "narHash": "sha256-kPDXF6cIPsVqSK08XF5EC6KM7BdMnM9vtJDzsnf+lLU=", + "lastModified": 1736421950, + "narHash": "sha256-RyrX0WFXxFrYvzHNLTIyuk3NcNl3UBykuYru/P0zW5E=", "owner": "nix-community", "repo": "home-manager", - "rev": "5c4302313d9207f7ec0886d68f8ff4a3c71209a1", + "rev": "d4aebb947a301b8da8654a804979a738c5c5da50", "type": "github" }, "original": { @@ -245,225 +172,66 @@ "type": "github" } }, - "hyprcursor": { + "nil": { "inputs": { - "hyprlang": [ - "hyprland", - "hyprlang" - ], - "nixpkgs": [ - "hyprland", - "nixpkgs" - ], - "systems": [ - "hyprland", - "systems" - ] + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs_2", + "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1734906540, - "narHash": "sha256-vQ/L9hZFezC0LquLo4TWXkyniWtYBlFHAKIsDc7PYJE=", - "owner": "hyprwm", - "repo": "hyprcursor", - "rev": "69270ba8f057d55b0e6c2dca0e165d652856e613", + "lastModified": 1732053863, + "narHash": "sha256-DCIVdlb81Fct2uwzbtnawLBC/U03U2hqx8trqTJB7WA=", + "owner": "oxalica", + "repo": "nil", + "rev": "2e24c9834e3bb5aa2a3701d3713b43a6fb106362", "type": "github" }, "original": { - "owner": "hyprwm", - "repo": "hyprcursor", + "owner": "oxalica", + "repo": "nil", "type": "github" } }, - "hyprgraphics": { + "nix": { "inputs": { - "hyprutils": [ - "hyprland", - "hyprutils" - ], - "nixpkgs": [ - "hyprland", - "nixpkgs" - ], - "systems": [ - "hyprland", - "systems" - ] + "flake-compat": "flake-compat", + "flake-parts": "flake-parts", + "git-hooks-nix": "git-hooks-nix", + "nixpkgs": "nixpkgs_3", + "nixpkgs-23-11": "nixpkgs-23-11", + "nixpkgs-regression": "nixpkgs-regression" }, "locked": { - "lastModified": 1736115290, - "narHash": "sha256-Jcn6yAzfUMcxy3tN/iZRbi/QgrYm7XLyVRl9g/nbUl4=", - "owner": "hyprwm", - "repo": "hyprgraphics", - "rev": "52202272d89da32a9f866c0d10305a5e3d954c50", + "lastModified": 1736440804, + "narHash": "sha256-3cmTOPnZuDEGBtttZXPbads+kmIP1RHrqzjHxqYKWD0=", + "owner": "NixOS", + "repo": "nix", + "rev": "2d9b213cc2b4284f8432aa3883b15d390c665db4", "type": "github" }, "original": { - "owner": "hyprwm", - "repo": "hyprgraphics", + "owner": "NixOS", + "repo": "nix", "type": "github" } }, - "hyprland": { - "inputs": { - "aquamarine": "aquamarine", - "hyprcursor": "hyprcursor", - "hyprgraphics": "hyprgraphics", - "hyprland-protocols": "hyprland-protocols", - "hyprland-qtutils": "hyprland-qtutils", - "hyprlang": "hyprlang", - "hyprutils": "hyprutils", - "hyprwayland-scanner": "hyprwayland-scanner", - "nixpkgs": [ - "nixpkgs" - ], - "pre-commit-hooks": "pre-commit-hooks", - "systems": "systems_3", - "xdph": "xdph" - }, - "locked": { - "lastModified": 1736336083, - "narHash": "sha256-BheKUOkUW1chQkMf1k7Q0p3uIygJzltY7sf7uMTYaUU=", - "owner": "hyprwm", - "repo": "Hyprland", - "rev": "983bc067dac2e737bc724721c79d87cd81f27501", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "Hyprland", - "type": "github" - } - }, - "hyprland-protocols": { + "nix-darwin": { "inputs": { "nixpkgs": [ - "hyprland", "nixpkgs" - ], - "systems": [ - "hyprland", - "systems" ] }, "locked": { - "lastModified": 1735774328, - "narHash": "sha256-vIRwLS9w+N99EU1aJ+XNOU6mJTxrUBa31i1r82l0V7s=", - "owner": "hyprwm", - "repo": "hyprland-protocols", - "rev": "e3b6af97ddcfaafbda8e2828c719a5af84f662cb", + "lastModified": 1736370755, + "narHash": "sha256-iWcjToBpx4PUd74uqvIGAfqqVfyrvRLRauC/SxEKIF0=", + "owner": "LnL7", + "repo": "nix-darwin", + "rev": "57733bd1dc81900e13438e5b4439239f1b29db0e", "type": "github" }, "original": { - "owner": "hyprwm", - "repo": "hyprland-protocols", - "type": "github" - } - }, - "hyprland-qtutils": { - "inputs": { - "hyprutils": [ - "hyprland", - "hyprutils" - ], - "nixpkgs": [ - "hyprland", - "nixpkgs" - ], - "systems": [ - "hyprland", - "systems" - ] - }, - "locked": { - "lastModified": 1736257999, - "narHash": "sha256-chDO669EUPz9JAO0AhdgkmUSAhIeNfu090W//tdL200=", - "owner": "hyprwm", - "repo": "hyprland-qtutils", - "rev": "6cc1cf51f2f10352ec97c2095f49dc5556e43954", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "hyprland-qtutils", - "type": "github" - } - }, - "hyprlang": { - "inputs": { - "hyprutils": [ - "hyprland", - "hyprutils" - ], - "nixpkgs": [ - "hyprland", - "nixpkgs" - ], - "systems": [ - "hyprland", - "systems" - ] - }, - "locked": { - "lastModified": 1735393019, - "narHash": "sha256-NPpqA8rtmDLsEmZOmz+qR67zsB6Y503Jnv+nSFLKJZ8=", - "owner": "hyprwm", - "repo": "hyprlang", - "rev": "55608efdaa387af7bfdc0eddb404c409958efa43", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "hyprlang", - "type": "github" - } - }, - "hyprutils": { - "inputs": { - "nixpkgs": [ - "hyprland", - "nixpkgs" - ], - "systems": [ - "hyprland", - "systems" - ] - }, - "locked": { - "lastModified": 1736164519, - "narHash": "sha256-1LimBKvDpBbeX+qW7T240WEyw+DBVpDotZB4JYm8Aps=", - "owner": "hyprwm", - "repo": "hyprutils", - "rev": "3c895da64b0eb19870142196fa48c07090b441c4", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "hyprutils", - "type": "github" - } - }, - "hyprwayland-scanner": { - "inputs": { - "nixpkgs": [ - "hyprland", - "nixpkgs" - ], - "systems": [ - "hyprland", - "systems" - ] - }, - "locked": { - "lastModified": 1735493474, - "narHash": "sha256-fktzv4NaqKm94VAkAoVqO/nqQlw+X0/tJJNAeCSfzK4=", - "owner": "hyprwm", - "repo": "hyprwayland-scanner", - "rev": "de913476b59ee88685fdc018e77b8f6637a2ae0b", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "hyprwayland-scanner", + "owner": "LnL7", + "repo": "nix-darwin", "type": "github" } }, @@ -483,71 +251,95 @@ "type": "github" } }, - "nixpkgs-24_11": { + "nixpkgs-23-11": { "locked": { - "lastModified": 1734083684, - "narHash": "sha256-5fNndbndxSx5d+C/D0p/VF32xDiJCJzyOqorOYW4JEo=", + "lastModified": 1717159533, + "narHash": "sha256-oamiKNfr2MS6yH64rUn99mIZjc45nGJlj9eGth/3Xuw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "314e12ba369ccdb9b352a4db26ff419f7c49fa84", + "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446", "type": "github" }, "original": { - "id": "nixpkgs", - "ref": "nixos-24.11", - "type": "indirect" + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446", + "type": "github" + } + }, + "nixpkgs-regression": { + "locked": { + "lastModified": 1643052045, + "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", + "type": "github" } }, "nixpkgs_2": { "locked": { - "lastModified": 1736200483, - "narHash": "sha256-JO+lFN2HsCwSLMUWXHeOad6QUxOuwe9UOAF/iSl1J4I=", - "owner": "NixOS", + "lastModified": 1731890469, + "narHash": "sha256-D1FNZ70NmQEwNxpSSdTXCSklBH1z2isPR84J6DQrJGs=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "3f0a8ac25fb674611b98089ca3a5dd6480175751", + "rev": "5083ec887760adfe12af64830a66807423a859a7", "type": "github" }, "original": { - "owner": "NixOS", - "ref": "nixos-24.11", + "owner": "nixos", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } }, - "pre-commit-hooks": { - "inputs": { - "flake-compat": "flake-compat", - "gitignore": "gitignore", - "nixpkgs": [ - "hyprland", - "nixpkgs" - ] - }, + "nixpkgs_3": { "locked": { - "lastModified": 1735882644, - "narHash": "sha256-3FZAG+pGt3OElQjesCAWeMkQ7C/nB1oTHLRQ8ceP110=", - "owner": "cachix", - "repo": "git-hooks.nix", - "rev": "a5a961387e75ae44cc20f0a57ae463da5e959656", + "lastModified": 1734359947, + "narHash": "sha256-1Noao/H+N8nFB4Beoy8fgwrcOQLVm9o4zKW1ODaqK9E=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "48d12d5e70ee91fe8481378e540433a7303dbf6a", "type": "github" }, "original": { - "owner": "cachix", - "repo": "git-hooks.nix", + "owner": "NixOS", + "ref": "release-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { + "locked": { + "lastModified": 1736453036, + "narHash": "sha256-pg+bsDf72cTh5fkqoMdnReljXdo4CovuLktzwZfl1CA=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "271ad8a6123201357e397df692314026ac87f89c", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", "type": "github" } }, "root": { "inputs": { - "ageNix": "ageNix", + "agenix": "agenix", "crash": "crash", "fenix": "fenix", - "github2forgejo": "github2forgejo", - "hardware": "hardware", - "homeManager": "homeManager", - "hyprland": "hyprland", - "nixpkgs": "nixpkgs_2", - "simpleMail": "simpleMail", + "home-manager": "home-manager", + "nil": "nil", + "nix": "nix", + "nix-darwin": "nix-darwin", + "nixpkgs": "nixpkgs_4", "themes": "themes" } }, @@ -568,27 +360,25 @@ "type": "github" } }, - "simpleMail": { + "rust-overlay": { "inputs": { - "blobs": "blobs", - "flake-compat": "flake-compat_2", "nixpkgs": [ + "nil", "nixpkgs" - ], - "nixpkgs-24_11": "nixpkgs-24_11" + ] }, "locked": { - "lastModified": 1735230346, - "narHash": "sha256-zgR8NTiNDPVNrfaiOlB9yHSmCqFDo7Ks2IavaJ2dZo4=", - "owner": "simple-nixos-mailserver", - "repo": "nixos-mailserver", - "rev": "dc0569066e79ae96184541da6fa28f35a33fbf7b", - "type": "gitlab" + "lastModified": 1731983527, + "narHash": "sha256-JECaBgC0pQ91Hq3W4unH6K9to8s2Zl2sPNu7bLOv4ek=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "71287228d96e9568e1e70c6bbfa3f992d145947b", + "type": "github" }, "original": { - "owner": "simple-nixos-mailserver", - "repo": "nixos-mailserver", - "type": "gitlab" + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" } }, "systems": { @@ -621,21 +411,6 @@ "type": "github" } }, - "systems_3": { - "locked": { - "lastModified": 1689347949, - "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", - "owner": "nix-systems", - "repo": "default-linux", - "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default-linux", - "type": "github" - } - }, "themes": { "locked": { "lastModified": 1715166503, @@ -650,47 +425,6 @@ "repo": "ThemeNix", "type": "github" } - }, - "xdph": { - "inputs": { - "hyprland-protocols": [ - "hyprland", - "hyprland-protocols" - ], - "hyprlang": [ - "hyprland", - "hyprlang" - ], - "hyprutils": [ - "hyprland", - "hyprutils" - ], - "hyprwayland-scanner": [ - "hyprland", - "hyprwayland-scanner" - ], - "nixpkgs": [ - "hyprland", - "nixpkgs" - ], - "systems": [ - "hyprland", - "systems" - ] - }, - "locked": { - "lastModified": 1734907020, - "narHash": "sha256-p6HxwpRKVl1KIiY5xrJdjcEeK3pbmc///UOyV6QER+w=", - "owner": "hyprwm", - "repo": "xdg-desktop-portal-hyprland", - "rev": "d7f18dda5e511749fa1511185db3536208fb1a63", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "xdg-desktop-portal-hyprland", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index bdc1821..6a2dccc 100644 --- a/flake.nix +++ b/flake.nix @@ -1,5 +1,5 @@ { - description = "RGBCube's NixOS Configuration Collection"; + description = "RGBCube's Configuration Collection"; nixConfig = { extra-substituters = [ @@ -13,46 +13,51 @@ "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" ]; + + experimental-features = [ + "cgroups" + "flakes" + "nix-command" + "pipe-operators" + ]; + + accept-flake-config = true; + builders-use-substitutes = true; + flake-registry = ""; + http-connections = 50; + show-trace = true; + trusted-users = [ "root" "@wheel" "@admin" ]; + use-cgroups = true; + warn-dirty = false; }; inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11"; + nixpkgs.url = "github:NixOS/nixpkgs"; - hardware.url = "github:NixOS/nixos-hardware"; + nix-darwin = { + url = "github:LnL7/nix-darwin"; - homeManager = { + inputs.nixpkgs.follows = "nixpkgs"; + }; + + home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; }; - ageNix = { + agenix = { url = "github:ryantm/agenix"; inputs.nixpkgs.follows = "nixpkgs"; - inputs.home-manager.follows = "homeManager"; - }; - - simpleMail = { - url = "gitlab:simple-nixos-mailserver/nixos-mailserver"; - - inputs.nixpkgs.follows = "nixpkgs"; + inputs.darwin.follows = "nix-darwin"; + inputs.home-manager.follows = "home-manager"; }; fenix.url = "github:nix-community/fenix"; - hyprland = { - url = "github:hyprwm/Hyprland"; - - inputs.nixpkgs.follows = "nixpkgs"; - }; - - # hyprcursors = { - # url = "github:VirtCode/hypr-dynamic-cursors"; - - # inputs.hyprland.follows = "hyprland"; - # inputs.nixpkgs.follows = "hyprland/nixpkgs"; - # }; + nix.url = "github:NixOS/nix"; + nil.url = "github:oxalica/nil"; crash = { url = "github:RGBCube/crash"; @@ -60,98 +65,27 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - github2forgejo = { - url = "github:RGBCube/GitHub2Forgejo"; - - inputs.nixpkgs.follows = "nixpkgs"; - }; - themes.url = "github:RGBCube/ThemeNix"; }; - outputs = { self, nixpkgs, ... } @ inputs: let - lib0 = nixpkgs.lib; - keys = import ./keys.nix; + outputs = inputs @ { nixpkgs, nix-darwin, ... }: let + inherit (builtins) readDir; + inherit (nixpkgs.lib) attrsToList const groupBy listToAttrs mapAttrs; - collectNixFiles = directory: with lib0; pipe (filesystem.listFilesRecursive directory) [ - (filter (hasSuffix ".nix")) - (filter (name: !hasPrefix "_" (builtins.baseNameOf name))) - ]; + lib'' = nixpkgs.lib.extend (_: _: nix-darwin.lib); + lib' = lib''.extend (_: _: builtins); + lib = lib'.extend <| import ./lib inputs; - lib1 = with lib0; extend (const (const (pipe (collectNixFiles ./lib) [ - (map (file: import file lib0)) - (filter (thunk: !isFunction thunk)) - (foldl' recursiveUpdate {}) - ]))); - - nixpkgsOverlayModule = with lib1; { - nixpkgs.overlays = [(final: prev: { - # hyprcursors = inputs.hyprcursors.packages.${prev.system}.default; - })] ++ pipe inputs [ - attrValues - (filter (value: value ? overlays.default)) - (map (value: value.overlays.default)) - ]; - - nixpkgs.config.allowUnfree = true; # IDGAF anymore. - }; - - homeManagerModule = { lib, ... }: with lib; { - home-manager.users = genAttrs allNormalUsers (const {}); - - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - - home-manager.sharedModules = pipe inputs [ - attrValues - (filter (value: value ? homeModules.default)) - (map (value: value.homeModules.default)) - ]; - }; - - optionModules = with lib1; [ - (lib1.mkAliasOptionModule [ "secrets" ] [ "age" "secrets" ]) - ] ++ collectNixFiles ./options ++ pipe inputs [ - attrValues - (filter (value: value ? nixosModules.default)) - (map (value: value.nixosModules.default)) - ]; - - optionUsageModules = [ - nixpkgsOverlayModule - homeManagerModule - ] ++ collectNixFiles ./modules; - - specialArgs = inputs // { inherit inputs keys; }; - - hosts = lib1.pipe (builtins.readDir ./hosts) [ - (lib1.filterAttrs (name: type: type == "regular" -> lib1.hasSuffix ".nix" name)) - lib1.attrNames - ]; - - lib2s = with lib1; genAttrs hosts (name: let - hostStub = nixosSystem { - inherit specialArgs; - - modules = [ ./hosts/${name} ] ++ optionModules; - }; - in extend (const (const (pipe (collectNixFiles ./lib) [ - (map (file: import file lib1)) - (filter (isFunction)) - (map (func: func hostStub.config)) - (foldl' recursiveUpdate {}) - ])))); - - configurations = lib1.genAttrs hosts (name: lib2s.${name}.nixosSystem { - inherit specialArgs; - - modules = [{ - networking.hostName = name; - }] ++ optionModules ++ optionUsageModules ++ collectNixFiles ./hosts/${name}; - }); - in { - nixosConfigurations = configurations; - - # This is here so we can do self. instead of self.nixosConfigurations..config. - } // lib1.mapAttrs (lib1.const (value: value.config)) configurations; + hostsByType = readDir ./hosts + |> mapAttrs (name: const <| import ./hosts/${name} lib) + |> attrsToList + |> groupBy ({ name, value }: + if value ? class && value.class == "nixos" then + "nixosConfigurations" + else + "darwinConfigurations") + |> mapAttrs (const listToAttrs); + in hostsByType // { + inherit lib; + }; } diff --git a/hosts/cube/acme/default.nix b/hosts/cube/acme/default.nix deleted file mode 100644 index cf05ff3..0000000 --- a/hosts/cube/acme/default.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ config, lib, ... }: with lib; - -let - inherit (config.networking) domain; -in systemConfiguration { - secrets.acmeEnvironment.file = ./environment.age; - - security.acme = { - acceptTerms = true; - - defaults = { - environmentFile = config.secrets.acmeEnvironment.path; - dnsProvider = "cloudflare"; - dnsResolver = "1.1.1.1"; - email = "security@${domain}"; - }; - - certs.${domain} = { - extraDomainNames = [ "*.${domain}" ]; - group = "nginx"; - }; - }; -} diff --git a/hosts/cube/acme/environment.age b/hosts/cube/acme/environment.age deleted file mode 100644 index e9a3dca..0000000 Binary files a/hosts/cube/acme/environment.age and /dev/null differ diff --git a/hosts/cube/default.nix b/hosts/cube/default.nix deleted file mode 100644 index 638a60a..0000000 --- a/hosts/cube/default.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ config, lib, keys, ... }: with lib; merge - -(systemConfiguration { - system.stateVersion = "23.05"; - nixpkgs.hostPlatform = "x86_64-linux"; - - secrets.id.file = ./id.age; - secrets.rgbPassword.file = ./password.rgb.age; - - users.users = { - root.hashedPasswordFile = config.secrets.rgbPassword.path; - - rgb = sudoUser { - description = "RGB"; - openssh.authorizedKeys.keys = keys.admins; - hashedPasswordFile = config.secrets.rgbPassword.path; - }; - - backup = normalUser { - description = "Backup"; - openssh.authorizedKeys.keys = keys.all; - hashedPasswordFile = config.secrets.rgbPassword.path; - }; - }; - - services.openssh = { - banner = '' - _______________________________________ - / If God doesn't destroy San Francisco, \ - | He should apologize to Sodom and | - \ Gomorrah. / - --------------------------------------- - \ ^__^ - \ (oo)\_______ - (__)\ )\/\ - ||----w | - || || - ''; - - hostKeys = [{ - type = "ed25519"; - path = config.secrets.id.path; - }]; - }; - - networking = { - ipv4 = "5.255.78.70"; - - domain = "rgbcu.be"; - }; -}) - -(homeConfiguration { - home.stateVersion = "23.11"; -}) diff --git a/hosts/cube/forgejo/default.nix b/hosts/cube/forgejo/default.nix deleted file mode 100644 index fb074c0..0000000 --- a/hosts/cube/forgejo/default.nix +++ /dev/null @@ -1,158 +0,0 @@ -{ self, config, lib, pkgs, ... }: with lib; - -let - inherit (config.networking) domain; - - fqdn = "git.${domain}"; - - port = 8001; -in systemConfiguration { - secrets.forgejoMailPassword = { - file = self + /hosts/disk/mail/password.plain.age; - owner = "forgejo"; - }; - secrets.forgejoRunnerPassword = { - file = ./password.runner.age; - owner = "forgejo"; - }; - - services.postgresql = { - ensureDatabases = [ "forgejo" ]; - ensureUsers = [{ - name = "forgejo"; - ensureDBOwnership = true; - }]; - }; - - services.restic.backups = genAttrs config.resticHosts (const { - paths = [ "/var/lib/gitea-runner" "/var/lib/forgejo" ]; - }); - - users.groups.gitea-runner = {}; - users.users.gitea-runner = systemUser { - extraGroups = [ "docker" ]; - group = "gitea-runner"; - home = "/var/lib/gitea-runner"; - }; - - services.gitea-actions-runner = { - package = pkgs.forgejo-actions-runner; - - instances.runner-01 = enabled { - name = "runner-01"; - url = fqdn; - - labels = [ - "debian-latest:docker://node:18-bullseye" - "ubuntu-latest:docker://node:18-bullseye" - "act:docker://ghcr.io/catthehacker/ubuntu:act-latest" - ]; - - tokenFile = config.secrets.forgejoRunnerPassword.path; - - settings = { - cache.enabled = true; - capacity = 4; - container.network = "host"; - }; - - hostPackages = with pkgs; [ - bash - coreutils - curl - gitMinimal - sudo - wget - ]; - }; - }; - - services.openssh.settings.AcceptEnv = mkForce "SHELLS COLOTERM GIT_PROTOCOL"; - - services.forgejo = enabled { - lfs = enabled; - - secrets.mailer.PASSWD = config.secrets.forgejoMailPassword.path; - - database = { - socket = "/run/postgresql"; - type = "postgres"; - }; - - settings = let - description = "RGBCube's Forge of Shitty Software"; - in { - default.APP_NAME = description; - - actions = { - ENABLED = true; - DEFAULT_ACTIONS_URL = "https://${fqdn}"; - }; - - attachment.ALLOWED_TYPES = "*/*"; - - cache.ENABLED = true; - - mailer = { - ENABLED = true; - - PROTOCOL = "smtps"; - SMTP_ADDR = self.disk.mailserver.fqdn; - USER = "git@${domain}"; - }; - - other = { - SHOW_FOOTER_TEMPLATE_LOAD_TIME = false; - SHOW_FOOTER_VERSION = false; - }; - - packages.ENABLED = false; - - repository = { - DEFAULT_BRANCH = "master"; - DEFAULT_MERGE_STYLE = "rebase-merge"; - DEFAULT_REPO_UNITS = "repo.code, repo.issues, repo.pulls, repo.actions"; - - DEFAULT_PUSH_CREATE_PRIVATE = false; - ENABLE_PUSH_CREATE_ORG = true; - ENABLE_PUSH_CREATE_USER = true; - - DISABLE_STARS = true; - }; - - "repository.upload" = { - FILE_MAX_SIZE = 100; - MAX_FILES = 10; - }; - - server = { - DOMAIN = domain; - ROOT_URL = "https://${fqdn}/"; - LANDING_PAGE = "/explore"; - - HTTP_ADDR = "::1"; - HTTP_PORT = port; - - SSH_PORT = head config.services.openssh.ports; - - DISABLE_ROUTER_LOG = true; - }; - - service.DISABLE_REGISTRATION = true; - - session = { - COOKIE_SECURE = true; - SAME_SITE = "strict"; - }; - - "ui.meta" = { - AUTHOR = description; - DESCRIPTION = description; - }; - }; - }; - - services.nginx.virtualHosts.${fqdn} = merge config.sslTemplate { - locations."/".proxyPass = "http://[::1]:${toString port}"; - }; -} diff --git a/hosts/cube/forgejo/password.runner.age b/hosts/cube/forgejo/password.runner.age deleted file mode 100644 index 229f68f..0000000 --- a/hosts/cube/forgejo/password.runner.age +++ /dev/null @@ -1,10 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 +rZ0Tw 7yIsoOHvJRbNV4J0HxwKHVUaScp0hNXB/DLX1UrSsys -CSFy5ta8rbBPeUw1TEZDSLNV+v5Q+PDcKYwWkFQBv5M --> ssh-ed25519 CzqbPQ 8xO/hPZZP9D1AddhcKLaLdB2Ch1sTBMsm/xgXYW/6y0 -/dACny3vjrpms1oEEj5gBFd/Cjx2P37JKk+BKui/TgA --> ssh-ed25519 f5VzMA AQc4W4u7jTN9qzhm344xYfT7t/AQSbV8sPAOXo2c4EY -YF2pb/iv9b52RBD91cvMN9ABge+Oswr1bUbJxr0xP7k ---- 9KEPq+2YLjFJeeuapOVQ/9Lf/bKkIcZnjsaNJCK9W2s -ski94mop붷WvvO^v3\ -Ck(tl$=*jIJA:] \ No newline at end of file diff --git a/hosts/cube/grafana/default.nix b/hosts/cube/grafana/default.nix deleted file mode 100644 index bbea952..0000000 --- a/hosts/cube/grafana/default.nix +++ /dev/null @@ -1,83 +0,0 @@ -{ self, config, lib, ... }: with lib; - -let - inherit (config.networking) domain; - - fqdn = "metrics.${domain}"; - - port = 8000; -in systemConfiguration { - secrets.grafanaPassword = { - file = ./password.age; - owner = "grafana"; - }; - secrets.grafanaMailPassword = { - file = self + /hosts/disk/mail/password.plain.age; - owner = "grafana"; - }; - - services.postgresql = { - ensureDatabases = [ "grafana" ]; - ensureUsers = [{ - name = "grafana"; - ensureDBOwnership = true; - }]; - }; - - services.restic.backups = genAttrs config.resticHosts (const { - paths = [ "/var/lib/grafana" ]; - }); - - systemd.services.grafana = { - after = [ "postgresql.service" ]; - requires = [ "postgresql.service" ]; - }; - - services.grafana = enabled { - provision = enabled; - - settings = { - analytics.reporting_enabled = false; - - database.host = "/run/postgresql"; - database.type = "postgres"; - database.user = "grafana"; - - server.domain = fqdn; - server.http_addr = "[::1]"; - server.http_port = port; - - users.default_theme = "system"; - }; - - settings.security = { - admin_email = "metrics@${domain}"; - admin_password = "$__file{${config.secrets.grafanaPassword.path}}"; - admin_user = "admin"; - - cookie_secure = true; - disable_gravatar = true; - - disable_initial_admin_creation = true; # Just in case. - }; - - settings.smtp = { - enabled = true; - - password = "$__file{${config.secrets.grafanaMailPassword.path}}"; - startTLS_policy = "MandatoryStartTLS"; - - ehlo_identity = "metrics@${domain}"; - from_address = "metrics@${domain}"; - from_name = "Metrics"; - host = "${self.disk.mailserver.fqdn}:${toString config.services.postfix.relayPort}"; - }; - }; - - services.nginx.virtualHosts.${fqdn} = merge config.sslTemplate { - locations."/" = { - proxyPass = "http://[::1]:${toString port}"; - proxyWebsockets = true; - }; - }; -} diff --git a/hosts/cube/grafana/password.age b/hosts/cube/grafana/password.age deleted file mode 100644 index b741604..0000000 --- a/hosts/cube/grafana/password.age +++ /dev/null @@ -1,10 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 +rZ0Tw 8RuMWyMIVBwAX7r/A+P0nscmsW9KTpt56b+le5dOz3o -D1syuLeAeAdVmEtXE6BTFKjrCcJYB58gUfbr9gCN9gM --> ssh-ed25519 CzqbPQ LWqVp66/EnvhmF3R3fGB9RXq8YA9/1HvhkP8b7fL5no -cQGRxNoR7EdwkuyH8L748V3iTCxmDOs1cDvC7whiOiM --> ssh-ed25519 f5VzMA By51kxuXGN75sqnhDAJLOVKobXxxsqmZvBi43kPs8g8 -xWeGyCzxGckOYCqRMxjmVN1VirTJHtqS21/uBfwaiMo ---- LgeEowlRzUo1IyGr4jdD5ysCx2KdnlhfKRUHaesilO0 -, ܼxD@QP/o: -v1ߍ; ? \ No newline at end of file diff --git a/hosts/cube/hardware.nix b/hosts/cube/hardware.nix deleted file mode 100644 index cc669fa..0000000 --- a/hosts/cube/hardware.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ lib, modulesPath, ... }: with lib; - -systemConfiguration { - imports = [(modulesPath + "/profiles/qemu-guest.nix")]; - - boot.loader.grub = enabled { - device = "/dev/vda"; - }; - - boot.initrd.availableKernelModules = [ - "ata_piix" - "sr_mod" - "uhci_hcd" - "virtio_blk" - "virtio_pci" - ]; - - fileSystems."/" = { - device = "/dev/disk/by-label/root"; - fsType = "ext4"; - options = [ "noatime" ]; - }; -} diff --git a/hosts/cube/id.age b/hosts/cube/id.age deleted file mode 100644 index bcb15ca..0000000 --- a/hosts/cube/id.age +++ /dev/null @@ -1,11 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 +rZ0Tw YN0Cb+kyG3YXy5M4EXoijLRmGMjO1q2U+KxSPIc0FXE -pDeBwpWP1F/+rKGnKcmIZ7rTqGhAgO+bZoW0Fm/P4KA --> ssh-ed25519 CzqbPQ AViDLwkL2z0htUhLNnxK+25SeDNETpRD7TxEe3KiClg -qr0QX65nb5aIu2BzdKthIdS7FEwotgGXMyLQ6goGpF0 --> ssh-ed25519 f5VzMA tSMV6ZkLc6+/SLA8IpWLmQngeQ8b1N/fQzlAP7xF0Ao -GW6YyVj8KlMjL4xzSVCHlOEajPqYi1ytu3RBLbov70k ---- r3znXRy2jH0r6yH94WnUQ8VbrGuKJRwHAMD9y/M4+Gs -VȢQ-\|L|2YWqǁCpn0 %vt 53|+3,wZцL27'ݣeۋfwU<~̦Wm߯y:ty &ͩp/ƖYՒXQ]6YLhC-x{ud?bW9=7Z,c߈R>\B&uzj] ߐ%XzXޭ]hk.rЋe.p \ No newline at end of file diff --git a/hosts/cube/matrix/default.nix b/hosts/cube/matrix/default.nix deleted file mode 100644 index ac055ea..0000000 --- a/hosts/cube/matrix/default.nix +++ /dev/null @@ -1,140 +0,0 @@ -{ config, lib, ... }: with lib; - -let - inherit (config.networking) domain; - - sitePath = "/var/www/site"; - - chatDomain = "chat.${domain}"; - syncDomain = "sync.${domain}"; - - wellKnownResponse = data: '' - default_type application/json; - add_header Access-Control-Allow-Origin *; - return 200 '${strings.toJSON data}'; - ''; - - clientConfig."m.homeserver".base_url = "https://${chatDomain}"; - clientConfig."org.matrix.msc3575.proxy".url = "https://${syncDomain}"; - - serverConfig."m.server" = "${chatDomain}:443"; - - wellKnownResponseConfig.locations = { - "= /.well-known/matrix/client".extraConfig = wellKnownResponse clientConfig; - "= /.well-known/matrix/server".extraConfig = wellKnownResponse serverConfig; - }; - - notFoundLocationConfig = { - locations."/".extraConfig = "return 404;"; - - extraConfig = "error_page 404 /404.html;"; - locations."/404".extraConfig = "internal;"; - - locations."/assets/".extraConfig = "return 301 https://${domain}$request_uri;"; - }; - - synapsePort = 8002; - syncPort = 8003; -in serverSystemConfiguration { - secrets.matrixSecret = { - file = ./password.secret.age; - owner = "matrix-synapse"; - }; - secrets.matrixSyncPassword = { - file = ./password.sync.age; - owner = "matrix-synapse"; - }; - - services.postgresql = { - ensureDatabases = [ "matrix-synapse" "matrix-sliding-sync" ]; - ensureUsers = [ - { - name = "matrix-synapse"; - ensureDBOwnership = true; - } - { - name = "matrix-sliding-sync"; - ensureDBOwnership = true; - } - ]; - }; - - services.restic.backups = genAttrs config.resticHosts (const { - paths = [ "/var/lib/matrix-synapse" "/var/lib/matrix-sliding-sync" ]; - }); - - services.matrix-synapse = enabled { - withJemalloc = true; - - configureRedisLocally = true; - settings.redis.enabled = true; - - extras = [ "postgres" "url-preview" "user-search" ]; - - log.root.level = "WARNING"; # Shut the fuck up. - - settings = { - server_name = domain; - # We are not setting web_client_location since the root is not accessible - # from the outside web at all. Only /_matrix is reverse proxied to. - - database.name = "psycopg2"; - - report_stats = false; - - enable_metrics = true; - metrics_flags.known_servers = true; - - expire_access_token = true; - url_preview_enabled = true; - - # Trusting Matrix.org. - suppress_key_server_warning = true; - }; - - # Sets registration_shared_secret. - extraConfigFiles = [ config.secrets.matrixSecret.path ]; - - settings.listeners = [{ - port = synapsePort; - - bind_addresses = [ "::1" ]; - tls = false; - type = "http"; - x_forwarded = true; - - resources = [{ - compress = false; - names = [ "client" "federation" ]; - }]; - }]; - }; - - services.nginx.virtualHosts.${domain} = wellKnownResponseConfig; - - services.nginx.virtualHosts.${chatDomain} = merge config.sslTemplate wellKnownResponseConfig notFoundLocationConfig { - root = "${sitePath}"; - - locations."/_matrix".proxyPass = "http://[::1]:${toString synapsePort}"; - locations."/_synapse/client".proxyPass = "http://[::1]:${toString synapsePort}"; - }; - - services.matrix-sliding-sync = enabled { - environmentFile = config.age.secrets.matrixSyncPassword.path; - settings = { - SYNCV3_SERVER = "https://${chatDomain}"; - SYNCV3_DB = "postgresql:///matrix-sliding-sync?host=/run/postgresql"; - SYNCV3_BINDADDR = "[::1]:${toString syncPort}"; - }; - }; - - services.nginx.virtualHosts.${syncDomain} = merge config.sslTemplate notFoundLocationConfig { - root = sitePath; - - locations."~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync)" - .proxyPass = "http://[::1]:${toString synapsePort}"; - - locations."~ ^(\\/_matrix|\\/_synapse\\/client)" - .proxyPass = "http://[::1]:${toString syncPort}"; - }; -} diff --git a/hosts/cube/matrix/password.secret.age b/hosts/cube/matrix/password.secret.age deleted file mode 100644 index c9da0b9..0000000 --- a/hosts/cube/matrix/password.secret.age +++ /dev/null @@ -1,9 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 +rZ0Tw StDMwwxCWcdMkWnDUt2pA1PINfLt1M+H+J3Y2P/mxnk -GL+g8U3bWjtN0wC5kgPFmDH6ptLk3qCVofqHF6d9gg4 --> ssh-ed25519 CzqbPQ 3O4JTSO7S3oZ28YCMGLzD7ILzSphLfj7wHZFnklQlQg -MP/45MWFIcGH4kDytDO2rVzXZ+ls+Y3tCSdp3S9A3EA --> ssh-ed25519 f5VzMA 2avBGy/8FgfUfreAfO7tJ4g3zRzMBkUxN3G+IqLk6GM -vsEj8QMWRYYz844Gbf7hNpfMyRqoytaruRUOxQZj3NM ---- AugFTj/dABkP+jM/sYBSZKMjUH+BeifJ455bdt+bKZA -&2TpUCFD7ZF&l$~H";~ |g>i_#{#%FwJRqխ.o)zrn-k@g_kڹ+WRmzpA \ No newline at end of file diff --git a/hosts/cube/matrix/password.sync.age b/hosts/cube/matrix/password.sync.age deleted file mode 100644 index 0234666..0000000 --- a/hosts/cube/matrix/password.sync.age +++ /dev/null @@ -1,9 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 +rZ0Tw T319LGGGp0tzS0vevrIUOZKoGYQ1NX0KOWqkqTLumh8 -449QEoppibas2HtJJPJMQXcZeHEU9vJyZJV2NnYiXCY --> ssh-ed25519 CzqbPQ i3wvtVCcnGGKibtvOd7pApma03sal+krPZcXobRfk2U -GpmrpAgQqRkDbXRq/WMAulZFNKlEXo2ZzBJdAJTHePA --> ssh-ed25519 f5VzMA SSVe9YKEjtWIg3ZIlFYBDZasfzL4HN7frgaC24S1ZTk -S5u4oWUgHiSvvF0XKtVSPkgCOQ0dzIZUqnhRbCeCPt4 ---- tnWULd4aX4DFcQn1+typTWtIw+2wEoQ4OO3mvCkFgEs -ir򗠡xo7k$֯YFXBIMcބ?cno0WLfMa o+ '&p*<9Pu#}W ·MB~7 \ No newline at end of file diff --git a/hosts/cube/nextcloud/default.nix b/hosts/cube/nextcloud/default.nix deleted file mode 100644 index f54eca0..0000000 --- a/hosts/cube/nextcloud/default.nix +++ /dev/null @@ -1,116 +0,0 @@ - { config, lib, pkgs, ... }: with lib; - -let - inherit (config.networking) domain; - - fqdn = "cloud.${domain}"; - - nextcloudPackage = pkgs.nextcloud29; -in systemConfiguration { - secrets.nextcloudPassword = { - file = ./password.age; - owner = "nextcloud"; - }; - secrets.nextcloudExporterPassword = { - file = ./password.age; - owner = "nextcloud-exporter"; - }; - - services.prometheus.exporters.nextcloud = enabled { - listenAddress = "[::]"; - - username = "admin"; - url = "https://${fqdn}"; - passwordFile = config.secrets.nextcloudExporterPassword.path; - }; - - services.postgresql = { - ensureDatabases = [ "nextcloud" ]; - ensureUsers = [{ - name = "nextcloud"; - ensureDBOwnership = true; - }]; - }; - - services.restic.backups = genAttrs config.resticHosts (const { - paths = [ "/var/lib/nextcloud" ]; - }); - - systemd.services.nextcloud-setup = { - after = [ "postgresql.service" ]; - requires = [ "postgresql.service" ]; - - script = mkAfter '' - nextcloud-occ theming:config name "RGBCube's Depot" - nextcloud-occ theming:config slogan "RGBCube's storage of insignificant data." - - nextcloud-occ theming:config color "#000000" - nextcloud-occ theming:config background backgroundColor - - nextcloud-occ theming:config logo ${./icon.gif} - ''; - }; - - services.nextcloud = enabled { - package = nextcloudPackage; - - hostName = fqdn; - https = true; - - configureRedis = true; - - config.adminuser = "admin"; - config.adminpassFile = config.secrets.nextcloudPassword.path; - - config.dbhost = "/run/postgresql"; - config.dbtype = "pgsql"; - - settings = { - default_phone_region = "TR"; - - # Even with manual SMTP configuration, Nextcloud fails to communicate properly - # and fails to send mail. PHP moment? - # mail_smtphost = "::1"; # FIXME: Will need to use SMTP. - # mail_smtpmode = "sendmail"; - # mail_from_address = "cloud"; - - maintenance_window_start = 1; - - # No clue why it was syslog. - # What are the NixOS module authors on? - log_type = "file"; - }; - - settings.enabledPreviewProviders = [ - "OC\\Preview\\BMP" - "OC\\Preview\\GIF" - "OC\\Preview\\JPEG" - "OC\\Preview\\Krita" - "OC\\Preview\\MarkDown" - "OC\\Preview\\MP3" - "OC\\Preview\\OpenDocument" - "OC\\Preview\\PNG" - "OC\\Preview\\TXT" - "OC\\Preview\\XBitmap" - "OC\\Preview\\HEIC" - ]; - - phpOptions = { - "opcache.interned_strings_buffer" = "16"; - output_buffering = "off"; - }; - - extraAppsEnable = true; - extraApps = { - inherit (nextcloudPackage.packages.apps) - bookmarks calendar contacts deck - forms impersonate mail # groupfolders impersonate mail - maps notes polls previewgenerator; # tasks; - # Add: files_markdown files_texteditor memories news - }; - - nginx.recommendedHttpHeaders = true; - }; - - services.nginx.virtualHosts.${fqdn} = config.sslTemplate; -} diff --git a/hosts/cube/nextcloud/icon.gif b/hosts/cube/nextcloud/icon.gif deleted file mode 100644 index 7449097..0000000 Binary files a/hosts/cube/nextcloud/icon.gif and /dev/null differ diff --git a/hosts/cube/nextcloud/password.age b/hosts/cube/nextcloud/password.age deleted file mode 100644 index 7b4097f..0000000 Binary files a/hosts/cube/nextcloud/password.age and /dev/null differ diff --git a/hosts/cube/nginx.nix b/hosts/cube/nginx.nix deleted file mode 100644 index 183f6d2..0000000 --- a/hosts/cube/nginx.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ lib, pkgs, ... }: with lib; - -systemConfiguration { - networking.firewall = { - allowedTCPPorts = [ 443 80 ]; - allowedUDPPorts = [ 443 ]; - }; - - services.prometheus.exporters.nginx = enabled { - listenAddress = "[::]"; - }; - - services.nginx = enabled { - package = pkgs.nginxQuic; - - statusPage = true; - - recommendedBrotliSettings = true; - recommendedGzipSettings = true; - recommendedZstdSettings = true; - - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - - commonHttpConfig = '' - map $scheme $hsts_header { - https "max-age=31536000; includeSubdomains; preload"; - } - add_header Strict-Transport-Security $hsts_header; - - # add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always; - - add_header Referrer-Policy no-referrer; - - # add_header X-Frame-Options DENY; - - # add_header X-Content-Type-Options nosniff; - - proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict"; - ''; - }; -} diff --git a/hosts/cube/password.rgb.age b/hosts/cube/password.rgb.age deleted file mode 100644 index 680fee1..0000000 Binary files a/hosts/cube/password.rgb.age and /dev/null differ diff --git a/hosts/cube/podman.nix b/hosts/cube/podman.nix deleted file mode 100644 index b150a3c..0000000 --- a/hosts/cube/podman.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ lib, ... }: with lib; - -systemConfiguration { - virtualisation.podman = enabled { - dockerCompat = true; - dockerSocket = enabled; - - defaultNetwork.settings.dns_enabled = true; - - autoPrune = enabled { - dates = "weekly"; - flags = [ "--all" ]; - }; - }; -} diff --git a/hosts/cube/postgresql.nix b/hosts/cube/postgresql.nix deleted file mode 100644 index 89db7e7..0000000 --- a/hosts/cube/postgresql.nix +++ /dev/null @@ -1,125 +0,0 @@ -{ config, lib, pkgs, ... }: with lib; merge - -(systemConfiguration { - services.prometheus.exporters.postgres = enabled { - listenAddress = "[::]"; - runAsLocalSuperUser = true; - }; - - services.restic.backups = genAttrs config.resticHosts (const { - paths = [ "/tmp/postgresql-dump.sql.gz" ]; - - backupPrepareCommand = '' - ${config.services.postgresql.package}/bin/pg_dumpall --clean \ - | ${lib.getExe pkgs.gzip} --rsyncable \ - > /tmp/postgresql-dump.sql.gz - ''; - - backupCleanupCommand = '' - rm /tmp/postgresql-dump.sql.gz - ''; - }); - - services.postgresql = enabled { - package = pkgs.postgresql_14; - - enableJIT = true; - - initdbArgs = [ "--locale=C" "--encoding=UTF8" ]; - initialScript = pkgs.writeText "grant-root-perms" '' - GRANT pg_read_all_data TO root; - GRANT pg_write_all_data TO root; - ''; - - authentication = mkOverride 10 '' - # Type Database DBUser Authentication - local all all peer - ''; - - ensureUsers = [ - { - name = "postgres"; - ensureClauses = { - createdb = true; - createrole = true; - login = true; - replication = true; - superuser = true; - }; - } - { - name = "root"; - ensureClauses = { - createdb = true; - createrole = true; - login = true; - replication = true; - superuser = true; - }; - } - ]; - - settings = { - listen_addresses = mkForce ""; - - # https://pgconfigurator.cybertec.at/ - max_connections = 100; - superuser_reserved_connections = 3; - - # Memory Settings - shared_buffers = "1024 MB"; - work_mem = "32 MB"; - maintenance_work_mem = "320 MB"; - huge_pages = "off"; - effective_cache_size = "3 GB"; - effective_io_concurrency = 1; # Concurrent IO only really activated if OS supports posix_fadvise function. - random_page_cost = 4; # Speed of random disk access relative to sequential access (1.0). - - # Monitoring - shared_preload_libraries = "pg_stat_statements"; # Per statement resource usage stats. - track_io_timing = "on"; # Measure exact block IO times. - track_functions = "pl"; # Track execution times of pl-language procedures if any. - - # Replication - wal_level = "replica"; - max_wal_senders = 0; - synchronous_commit = "on"; - - # Checkpointing - checkpoint_timeout = "15 min"; - checkpoint_completion_target = 0.9; - max_wal_size = "1024 MB"; - min_wal_size = "512 MB"; - - # WAL writing - wal_compression = "on"; - wal_buffers = -1; # auto-tuned by Postgres till maximum of segment size (16MB by default). - wal_writer_delay = "200ms"; - wal_writer_flush_after = "1MB"; - - # Background writer - bgwriter_delay = "200ms"; - bgwriter_lru_maxpages = 100; - bgwriter_lru_multiplier = 2.0; - bgwriter_flush_after = 0; - - # Parallel queries - max_worker_processes = 2; - max_parallel_workers_per_gather = 1; - max_parallel_maintenance_workers = 1; - max_parallel_workers = 2; - parallel_leader_participation = "on"; - - # Advanced features - enable_partitionwise_join = "on"; - enable_partitionwise_aggregate = "on"; - jit = "on"; - max_slot_wal_keep_size = "1000 MB"; - track_wal_io_timing = "on"; - }; - }; -}) - -(systemPackages (with pkgs; [ - postgresql -])) diff --git a/hosts/cube/prometheus.nix b/hosts/cube/prometheus.nix deleted file mode 100644 index 0e8c4c8..0000000 --- a/hosts/cube/prometheus.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ self, config, lib, ... }: with lib; - -systemConfiguration { - services.grafana.provision.datasources.settings = { - datasources = [{ - name = "Prometheus"; - type = "prometheus"; - url = "http://[::1]:${toString config.services.prometheus.port}"; - - orgId = 1; - }]; - - deleteDatasources = [{ - name = "Prometheus"; - orgId = 1; - }]; - }; - - services.prometheus = enabled { - listenAddress = "[::]"; - retentionTime = "1w"; - - scrapeConfigs = with lib; let - configToScrapeConfig = name: { config, ... }: pipe config.services.prometheus.exporters [ - (filterAttrs (name: value: name != "minio" && name != "unifi-poller" && value.enable or false)) - (mapAttrsToList (expName: expConfig: { - job_name = "${expName}-${name}"; - - static_configs = [{ - targets = [ "${name}:${toString expConfig.port}" ]; - }]; - })) - ]; - in flatten (mapAttrsToList configToScrapeConfig self.nixosConfigurations); - }; -} diff --git a/hosts/cube/site.nix b/hosts/cube/site.nix deleted file mode 100644 index 343110b..0000000 --- a/hosts/cube/site.nix +++ /dev/null @@ -1,54 +0,0 @@ -{ config, lib, ... }: with lib; - -let - inherit (config.networking) domain; - - sitePath = "/var/www/site"; - - notFoundLocationConfig = { - extraConfig = "error_page 404 /404.html;"; - locations."/404".extraConfig = "internal;"; - }; -in systemConfiguration { - services.nginx = enabled { - appendHttpConfig = '' - map $http_origin $allow_origin { - ~^https://.+\.${domain}$ $http_origin; - } - - map $http_origin $allow_methods { - ~^https://.+\.${domain}$ "GET, HEAD, OPTIONS"; - } - ''; - - virtualHosts.${domain} = merge config.sslTemplate notFoundLocationConfig { - root = sitePath; - - locations."/".tryFiles = "$uri $uri.html $uri/index.html =404"; - - locations."/assets/".extraConfig = '' - add_header Access-Control-Allow-Origin $allow_origin; - add_header Access-Control-Allow-Methods $allow_methods; - - if ($request_method = OPTIONS) { - add_header Content-Type text/plain; - add_header Content-Length 0; - return 204; - } - - expires 24h; - ''; - }; - - virtualHosts."www.${domain}" = merge config.sslTemplate { - locations."/".extraConfig = "return 301 https://${domain}$request_uri;"; - }; - - virtualHosts._ = merge config.sslTemplate notFoundLocationConfig { - root = sitePath; - - locations."/".extraConfig = "return 404;"; - locations."/assets/".extraConfig = "return 301 https://${domain}$request_uri;"; - }; - }; -} diff --git a/hosts/disk/default.nix b/hosts/disk/default.nix deleted file mode 100644 index 09ea585..0000000 --- a/hosts/disk/default.nix +++ /dev/null @@ -1,56 +0,0 @@ -{ config, lib, keys, ... }: with lib; merge - -(systemConfiguration { - system.stateVersion = "23.11"; - nixpkgs.hostPlatform = "x86_64-linux"; - - secrets.id.file = ./id.age; - secrets.floppyPassword.file = ./password.floppy.age; - - users.users = { - root.hashedPasswordFile = config.secrets.floppyPassword.path; - - floppy = sudoUser { - description = "Floppy"; - openssh.authorizedKeys.keys = keys.admins; - hashedPasswordFile = config.secrets.floppyPassword.path; - }; - - backup = normalUser { - description = "Backup"; - openssh.authorizedKeys.keys = keys.all; - hashedPasswordFile = config.secrets.floppyPassword.path; - }; - }; - - services.openssh.hostKeys = [{ - type = "ed25519"; - path = config.secrets.id.path; - }]; - - networking = { - ipv4 = "23.164.232.40"; - ipv6 = "2602:f9f7::40"; - - domain = "rgbcu.be"; - - defaultGateway = "23.164.232.1"; - defaultGateway6 = "2602:f9f7::1"; - - interfaces.ens32 = { - ipv4.addresses = [{ - address = config.networking.ipv4; - prefixLength = 25; - }]; - - ipv6.addresses = [{ - address = config.networking.ipv6; - prefixLength = 64; - }]; - }; - }; -}) - -(homeConfiguration { - home.stateVersion = "23.11"; -}) diff --git a/hosts/disk/hardware.nix b/hosts/disk/hardware.nix deleted file mode 100644 index 5af3174..0000000 --- a/hosts/disk/hardware.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ config, lib, ... }: with lib; - -systemConfiguration { - boot.loader = { - systemd-boot = enabled { - editor = false; - }; - - efi.canTouchEfiVariables = true; - }; - - boot.initrd.availableKernelModules = [ - "ahci" - "ata_piix" - "nvme" - "sr_mod" - ]; - - fileSystems."/" = { - device = "/dev/disk/by-label/root"; - fsType = "ext4"; - options = [ "noatime" ]; - }; - - fileSystems.${config.boot.loader.efi.efiSysMountPoint} = { - device = "/dev/disk/by-label/boot"; - fsType = "vfat"; - options = [ "noatime" ]; - }; - - swapDevices = [{ - device = "/dev/disk/by-label/swap"; - }]; -} diff --git a/hosts/disk/id.age b/hosts/disk/id.age deleted file mode 100644 index de307b8..0000000 Binary files a/hosts/disk/id.age and /dev/null differ diff --git a/hosts/disk/mail/default.nix b/hosts/disk/mail/default.nix deleted file mode 100644 index 9fbff9e..0000000 --- a/hosts/disk/mail/default.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ self, config, lib, ... }: with lib; - -let - inherit (config.networking) domain; - - fqdn = "mail1.${domain}"; -in systemConfiguration { - imports = [(self + /hosts/cube/acme)]; - - secrets.mailPassword.file = ./password.hash.age; - - services.prometheus.exporters.postfix = enabled { - listenAddress = "[::]"; - }; - - services.restic.backups = genAttrs config.resticHosts (const { - paths = [ config.mailserver.dkimKeyDirectory config.mailserver.mailDirectory ]; - }); - - mailserver = enabled { - fqdn = mkDefault fqdn; - - domains = mkDefault [ domain ]; - certificateScheme = "acme"; - - # We use systemd-resolved instead of Knot Resolver. - localDnsResolver = false; - - hierarchySeparator = "/"; - useFsLayout = true; - - dkimKeyDirectory = "/var/lib/dkim"; - mailDirectory = "/var/lib/mail"; - sieveDirectory = "/var/lib/sieve"; - - vmailUserName = "mail"; - vmailGroupName = "mail"; - - dmarcReporting = enabled { - domain = head config.mailserver.domains; - - organizationName = "Doofemshmirtz Evil Inc."; - }; - - fullTextSearch = enabled { - indexAttachments = true; - }; - - loginAccounts."contact@${head config.mailserver.domains}" = { - aliases = [ "@${head config.mailserver.domains}" ]; - - hashedPasswordFile = config.secrets.mailPassword.path; - }; - }; -} diff --git a/hosts/disk/mail/password.hash.age b/hosts/disk/mail/password.hash.age deleted file mode 100644 index 6703d17..0000000 Binary files a/hosts/disk/mail/password.hash.age and /dev/null differ diff --git a/hosts/disk/mail/password.plain.age b/hosts/disk/mail/password.plain.age deleted file mode 100644 index 1a41359..0000000 --- a/hosts/disk/mail/password.plain.age +++ /dev/null @@ -1,15 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 +rZ0Tw AZFDaJ2juVpQRex9baxUPiFC4xZyna2G6ysYA4aFQkU -Cg1SJWa8PTiMDB5fOQYx7WcbfPri7nFsuCZuCRquD8c --> ssh-ed25519 spFFQA vBOffcs6nE2VcGzkQBlhfy0GIWz+/7L09CJ5cQzRhQg -b4ZWVCSDdiF+5zMNK1b+wvG2esRfU+otY5OnVCTvRBo --> ssh-ed25519 CzqbPQ jPL7pBXMF4QIYkULJhlvinx1hnr+aJclp8jpuLIlp2g -ud5StShENlRhlO+JJyaJciLKVUGW1XQPmPk1u9KXOKo --> ssh-ed25519 dASlBQ LIRlKcAHsI3kf0MSuR7lpbTXCYRL1g2JjLZs4msYCAw -7o3ESCqC3Jm/5NK52IDGkx0ZQkAZY8eyiBgf9y5mUCI --> ssh-ed25519 f5VzMA FUHuEsI2aebZiTwODrXpKJnAV4EyaUGE/+gDxwsVixY -XyEpcL1XXuoQU6erVRE2Sv9x8PisaXDBZHdWdelQPTE --> ssh-ed25519 V6IHIQ IlarCBGBKJGagqo6cL5VhhnETwDdy/nJZ0EoBtfmrH0 -QE6Z9Dk5mFcLF0hb1oG53ZWwhf+v0Ena90ocXEk50a0 ---- 7kXJ0xIQb1yooKiZ70qZz/5kJvnE7K6uvgFu63PXQC0 -6֛gU }c;D)ex2}v`kz#ȱ( \ No newline at end of file diff --git a/hosts/disk/password.floppy.age b/hosts/disk/password.floppy.age deleted file mode 100644 index 2c32ac7..0000000 --- a/hosts/disk/password.floppy.age +++ /dev/null @@ -1,10 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 spFFQA GwQd6KJsc9NzOs7fVBTyeusvYtpD2KjOqsitNqmgxAg -2U1KsgcT4cKNOjFCWlDfilSfe5+EIW/94nsMITcntSM --> ssh-ed25519 CzqbPQ G7MWCZj/l2DaviWkph1NBxiMlxjxKO+/jcpPQ5rM+yU -6Nzzd6X+SRkLcdMIm2CQdkimq6UqD/bsTYObgglq5Ns --> ssh-ed25519 f5VzMA Yho8qwQjRfrjepTOYCvos0pEidzf4sRRkgcZFIx7Th0 -K6M3CmEGuZBk5kUFsv31AB8p/KgdcpjXU5uayFQr6ws ---- vzZtwqbz/MdrNaAQ3SYEoeGrHP+yYiI+kv451wRlkdw - -p~T͐(Ed\$U{ " l5E[J;.~jB@Tu&b-pPRFzg" ssh-ed25519 CzqbPQ ozAGsEreYHlTYUsRF2mk2HyHsgPFWgG5OnQVHCqjWBU -w6j8Cl7h/TVKBgZ36fJIime4GUDaA75+NAH7BYyQ9rg --> ssh-ed25519 CzqbPQ eMmV1mSSS+yyI9GznqmBwDEUYPcsIN2uxSyrP3sW+S0 -RAIaJhBIIdSfOufhKsoFs8LELJ1bzskeGreSB+qn41o --> ssh-ed25519 CzqbPQ CDg4IuWX7dLXjOGKj61VbXsULFJjlyr9DZ5bWq3iLmI -b/EK8IoDlN6IoZ9bfG64iQprTqxH6OGK6t9/Vg5KFaw ---- rVFs9eG5vCmvV6TTx1bKIg9bksEZ7nCazlMAu2aJqBw -If$Wb filter (hasSuffix ".nix"); + + commonModules = collect ../modules/common; + nixosModules = collect ../modules/nixos; + darwinModules = collect ../modules/darwin; + + collectInputs = let + inputs' = attrValues inputs; + in path: inputs' + |> filter (hasAttrByPath path) + |> map (getAttrFromPath path); + + inputNixosModules = collectInputs [ "nixosModules" "default" ]; + inputDarwinModules = collectInputs [ "darwinModules" "default" ]; + + inputOverlays = collectInputs [ "overlays" "default" ]; + overlayModule = { nixpkgs.overlays = inputOverlays; }; +in { + nixosSystem = module: super.nixosSystem { + modules = [ + module + overlayModule + ] ++ commonModules + ++ nixosModules + ++ inputNixosModules; + + specialArgs = inputs // { + inherit inputs; + + lib = self; + }; + }; + + darwinSystem = module: super.darwinSystem { + modules = [ + module + overlayModule + ] ++ commonModules + ++ darwinModules + ++ inputDarwinModules; + + specialArgs = inputs // { + inherit inputs; + + lib = self; + }; + }; +} diff --git a/lib/values.nix b/lib/values.nix index 00dfd25..196d9d5 100644 --- a/lib/values.nix +++ b/lib/values.nix @@ -1,19 +1,18 @@ -lib: { - normalUser = attributes: attributes // { - isNormalUser = true; - }; - - sudoUser = attributes: attributes // { - isNormalUser = true; - extraGroups = [ "wheel" ] ++ attributes.extraGroups or []; - }; - - desktopUser = attributes: attributes // { - isNormalUser = true; - isDesktopUser = true; # Defined in options/desktop.nix. - }; - - systemUser = attributes: attributes // { - isSystemUser = true; +_: self: _: let + inherit (self) merge mkMerge; +in { + # When the block has a `_type` attribute in the NixOS + # module system, anything not immediately relevant is + # silently ignored. We can make use of that by adding + # a `__functor` attribute, which lets us call the set. + merge = mkMerge [] // { + __functor = self: next: self // { + # Technically, `contents` is implementation defined + # but nothing ever happens, so we can rely on this. + contents = self.contents ++ [ next ]; + }; }; + + enabled = merge { enable = true; }; + disabled = merge { enable = false; }; } diff --git a/modules/_discord.nix b/modules/_discord.nix deleted file mode 100644 index 1643e6e..0000000 --- a/modules/_discord.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ config, lib, pkgs, ... }: with lib; merge - -(desktopUserHomeConfiguration { - xdg.configFile."Vencord/settings/quickCss.css".text = config.theme.discordCss; -}) - -(desktopUserHomePackages (with pkgs; [ - ((discord.override { - withOpenASAR = true; - withVencord = true; - }).overrideAttrs (old: { - nativeBuildInputs = old.nativeBuildInputs ++ [ makeWrapper ]; - - postFixup = '' - wrapProgram $out/opt/Discord/Discord \ - --set ELECTRON_OZONE_PLATFORM_HINT "auto" \ - --add-flags "--enable-features=UseOzonePlatform --ozone-platform=wayland" - ''; - })) -])) diff --git a/modules/_steam.nix b/modules/_steam.nix deleted file mode 100644 index 95f84b5..0000000 --- a/modules/_steam.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ lib, pkgs, ... }: with lib; merge - -(desktopSystemConfiguration { - # Steam uses 32-bit drivers for some unholy fucking reason. - hardware.graphics.enable32Bit = true; -}) - -(desktopUserHomePackages (with pkgs; [ - steam -])) diff --git a/modules/agenix.nix b/modules/agenix.nix deleted file mode 100644 index 93435ce..0000000 --- a/modules/agenix.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ lib, pkgs, ... }: with lib; merge - -(systemConfiguration { - age.identityPaths = [ "/root/.ssh/id" ]; -}) - -(desktopSystemConfiguration { - environment.shellAliases.agenix = "agenix --identity ~/.ssh/id"; -}) - -(desktopSystemPackages (with pkgs; [ - agenix -])) diff --git a/modules/bat.nix b/modules/bat.nix deleted file mode 100644 index 5b59214..0000000 --- a/modules/bat.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ config, lib, pkgs, ... }: with lib; merge - -(systemConfiguration { - environment.variables = { - MANPAGER = "bat --plain"; - PAGER = "bat --plain"; - }; - - environment.shellAliases = { - cat = "bat"; - less = "bat --plain"; - }; -}) - -(homeConfiguration { - programs.bat = enabled { - config.theme = "base16"; - themes.base16.src = pkgs.writeText "base16.tmTheme" config.theme.tmTheme; - - config.pager = "less -FR"; - }; -}) diff --git a/modules/btop.nix b/modules/btop.nix deleted file mode 100644 index de1fb80..0000000 --- a/modules/btop.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ config, lib, ... }: with lib; - -homeConfiguration { - xdg.configFile."btop/themes/base16.theme".text = config.theme.btopTheme; - - programs.btop = enabled { - settings.color_theme = "base16"; - - settings.rounded_corners = config.theme.cornerRadius > 0; - }; -} diff --git a/modules/common/agenix.nix b/modules/common/agenix.nix new file mode 100644 index 0000000..160e50c --- /dev/null +++ b/modules/common/agenix.nix @@ -0,0 +1,17 @@ +{ config, lib, pkgs, ... }: let + inherit (lib) attrNames head mkAliasOptionModule mkIf; +in { + imports = [(mkAliasOptionModule [ "secrets" ] [ "age" "secrets" ])]; + + age.identityPaths = [ + (if config.isLinux then + "/root/.ssh/id" + else + "/Users/${config.users.users |> attrNames |> head}/.ssh/id") + ]; + + environment = mkIf config.isDesktop { + shellAliases.agenix = "agenix --identity ~/.ssh/id"; + systemPackages = [ pkgs.agenix ]; + }; +} diff --git a/modules/common/bat.nix b/modules/common/bat.nix new file mode 100644 index 0000000..5f1c40a --- /dev/null +++ b/modules/common/bat.nix @@ -0,0 +1,20 @@ +{ config, lib, pkgs, ... }: let + inherit (lib) enabled; +in { + environment.variables = { + MANPAGER = "bat --plain"; + PAGER = "bat --plain"; + }; + environment.shellAliases = { + cat = "bat"; + less = "bat --plain"; + }; + + home-manager.sharedModules = [{ + programs.bat = enabled { + config.theme = "base16"; + themes.base16.src = pkgs.writeText "base16.tmTheme" config.theme.tmTheme; + config.pager = "less -FR"; + }; + }]; +} diff --git a/modules/common/btop.nix b/modules/common/btop.nix new file mode 100644 index 0000000..cdb1b9a --- /dev/null +++ b/modules/common/btop.nix @@ -0,0 +1,13 @@ +{ config, lib, ... }: let + inherit (lib) enabled; +in { + home-manager.sharedModules = [{ + xdg.configFile."btop/themes/base16.theme".text = config.theme.btopTheme; + + programs.btop = enabled { + settings.color_theme = "base16"; + + settings.rounded_corners = config.theme.cornerRadius > 0; + }; + }]; +} diff --git a/modules/common/discord.nix b/modules/common/discord.nix new file mode 100644 index 0000000..a7a3324 --- /dev/null +++ b/modules/common/discord.nix @@ -0,0 +1,22 @@ +{ config, lib, pkgs, ... }: let + inherit (lib) merge mkIf; +in merge <| mkIf config.isDesktop { + home-manager.sharedModules = [{ + xdg.configFile."Vencord/settings/quickCss.css".text = config.theme.discordCss; + }]; + + environment.systemPackages = mkIf config.isLinux [ + ((pkgs.discord.override { + withOpenASAR = true; + withVencord = true; + }).overrideAttrs (old: { + nativeBuildInputs = old.nativeBuildInputs ++ [ pkgs.makeWrapper ]; + + postFixup = '' + wrapProgram $out/opt/Discord/Discord \ + --set ELECTRON_OZONE_PLATFORM_HINT "auto" \ + --add-flags "--enable-features=UseOzonePlatform --ozone-platform=wayland" + ''; + })) + ]; +} diff --git a/modules/common/dns.nix b/modules/common/dns.nix new file mode 100644 index 0000000..9568642 --- /dev/null +++ b/modules/common/dns.nix @@ -0,0 +1,24 @@ +{ lib, ... }: let + inherit (lib) mkConst; +in { + options.dnsServers = mkConst [ + "45.90.28.0#7f2bf8.dns.nextdns.io" + "2a07:a8c0::#7f2bf8.dns.nextdns.io" + "45.90.30.0#7f2bf8.dns.nextdns.io" + "2a07:a8c1::#7f2bf8.dns.nextdns.io" + ]; + + options.fallbackDnsServers = mkConst [ + "1.1.1.1#one.one.one.one" + "2606:4700:4700::1111#one.one.one.one" + + "1.0.0.1#one.one.one.one" + "2606:4700:4700::1001#one.one.one.one" + + "8.8.8.8#dns.google" + "2001:4860:4860::8888#dns.google" + + "8.8.4.4#dns.google" + "2001:4860:4860::8844#dns.google" + ]; +} diff --git a/modules/common/ghostty.nix b/modules/common/ghostty.nix new file mode 100644 index 0000000..b472be4 --- /dev/null +++ b/modules/common/ghostty.nix @@ -0,0 +1,78 @@ +{ config, lib, pkgs, ... }: let + inherit (lib) enabled mapAttrsToList merge mkIf; +in merge <| mkIf config.isDesktop { + home-manager.sharedModules = [{ + programs.nushell.environmentVariables = { + TERMINAL = mkIf config.isLinux "ghostty"; + TERM_PROGRAM = mkIf config.isDarwin "ghostty"; + }; + + programs.ghostty = enabled { + # Don't actually install Ghostty if we are on Darwin. + # For some reason it is marked as broken. + package = mkIf config.isDarwin <| pkgs.writeScriptBin "not-ghostty" ""; + + # Bat syntax points to emptyDirectory. + installBatSyntax = !config.isDarwin; + + clearDefaultKeybinds = true; + + settings = with config.theme; { + font-size = font.size.normal; + font-family = font.mono.name; + + window-padding-x = padding; + window-padding-y = padding; + + confirm-close-surface = false; + + window-decoration = config.isDarwin; + + config-file = toString <| pkgs.writeText "base16-config" ghosttyConfig; + + keybind = mapAttrsToList (name: value: "ctrl+shift+${name}=${value}") { + c = "copy_to_clipboard"; + v = "paste_from_clipboard"; + + z = "jump_to_prompt:-2"; + x = "jump_to_prompt:2"; + + h = "write_scrollback_file:paste"; + i = "inspector:toggle"; + + page_down = "scroll_page_fractional:0.33"; + down = "scroll_page_lines:1"; + j = "scroll_page_lines:1"; + + page_up = "scroll_page_fractional:-0.33"; + up = "scroll_page_lines:-1"; + k = "scroll_page_lines:-1"; + + home = "scroll_to_top"; + end = "scroll_to_bottom"; + + enter = "reset_font_size"; + plus = "increase_font_size:1"; + minus = "decrease_font_size:1"; + + t = "new_tab"; + q = "close_surface"; + + "physical:one" = "goto_tab:1"; + "physical:two" = "goto_tab:2"; + "physical:three" = "goto_tab:3"; + "physical:four" = "goto_tab:4"; + "physical:five" = "goto_tab:5"; + "physical:six" = "goto_tab:6"; + "physical:seven" = "goto_tab:7"; + "physical:eight" = "goto_tab:8"; + "physical:nine" = "goto_tab:9"; + "physical:zero" = "goto_tab:10"; + } ++ mapAttrsToList (name: value: "ctrl+${name}=${value}") { + "physical:tab" = "next_tab"; + "shift+physical:tab" = "previous_tab"; + }; + }; + }; + }]; +} diff --git a/modules/common/git.nix b/modules/common/git.nix new file mode 100644 index 0000000..6817d75 --- /dev/null +++ b/modules/common/git.nix @@ -0,0 +1,161 @@ +{ self, config, lib, pkgs, ... }: let + inherit (lib) head mkAfter enabled merge mkIf; + inherit (lib.strings) match; +in { + environment.shellAliases = merge { + g = "git"; + + ga = "git add"; + gaa = "git add ./"; + + gab = "git absorb"; + gabr = "git absorb --and-rebase"; + + gb = "git branch"; + gbv = "git branch --verbose"; + + gc = "git commit"; + gca = "git commit --amend --no-edit"; + gcm = "git commit --message"; + gcam = "git commit --amend --message"; + + gcl = "git clone"; + + gd = "git diff"; + gds = "git diff --staged"; + + gp = "git push"; + gpf = "git push --force-with-lease"; + + gl = "git log"; + glo = "git log --oneline --graph"; + glp = "git log -p --ext-diff"; + + gpl = "git pull"; + gplr = "git pull --rebase"; + gplff = "git pull --ff-only"; + + gr = "git recent"; + + grb = "git rebase"; + grba = "git rebase --abort"; + grbc = "git rebase --continue"; + grbi = "git rebase --interactive"; + grbm = "git rebase master"; + + grl = "git reflog"; + + grm = "git remote"; + grma = "git remote add"; + grmv = "git remote --verbose"; + grmsu = "git remote set-url"; + + grs = "git reset"; + grsh = "git reset --hard"; + + gs = "git stash"; + gsp = "git stash pop"; + + gsw = "git switch"; + gswm = "git switch master"; + + gsh = "git show --ext-diff"; + + gst = "git status"; + } <| mkIf config.isDesktop { + "\"??\"" = "gh copilot suggest --target shell"; + "\"gh?\"" = "gh copilot suggest --target gh"; + "\"git?\"" = "gh copilot suggest --target git"; + }; + + environment.systemPackages = [ + pkgs.git-absorb + pkgs.tig + ]; + + home-manager.sharedModules = [ + (let + # TODO: gitUrl = self.cube.services.forgejo.settings.server.ROOT_URL; + gitUrl = "https://git.rgbcu.be/"; + gitDomain = head <| match "https://(.*)/" gitUrl; + + # TODO: mailDomain = head self.disk.mailserver.domains; + mailDomain = "rgbcu.be"; + in { + programs.nushell.configFile.text = mkAfter '' + # Sets the remote origin to the specified user and repository on my git instance + def gsr [user_and_repo: string] { + let user_and_repo = if ($user_and_repo | str index-of "/") != -1 { + $user_and_repo + } else { + "RGBCube/" + $user_and_repo + } + + git remote add origin ("${gitUrl}" + $user_and_repo) + } + ''; + + programs.git = enabled { + package = pkgs.gitFull; + + userName = "RGBCube"; + userEmail = "git@${mailDomain}"; + + lfs = enabled; + + difftastic = enabled { + background = "dark"; + }; + + extraConfig = merge { + init.defaultBranch = "master"; + + commit.verbose = true; + + log.date = "iso"; + column.ui = "auto"; + + branch.sort = "-committerdate"; + tag.sort = "version:refname"; + + diff.algorithm = "histogram"; + diff.colorMoved = "default"; + + pull.rebase = true; + push.autoSetupRemote = true; + + merge.conflictStyle = "zdiff3"; + + rebase.autoSquash = true; + rebase.autoStash = true; + rebase.updateRefs = true; + rerere.enabled = true; + + fetch.fsckObjects = true; + receive.fsckObjects = true; + transfer.fsckobjects = true; + + # https://bernsteinbear.com/git + alias.recent = "! git branch --sort=-committerdate --format=\"%(committerdate:relative)%09%(refname:short)\" | head -10"; + } <| mkIf config.isDesktop { + core.sshCommand = "ssh -i ~/.ssh/id"; + url."ssh://git@github.com/".insteadOf = "https://github.com/"; + # TODO: url."ssh://forgejo@${gitDomain}:${toString (head self.cube.services.openssh.ports)}/".insteadOf = gitUrl; + url."ssh://forgejo@${gitDomain}:2222/".insteadOf = gitUrl; + + commit.gpgSign = true; + tag.gpgSign = true; + + gpg.format = "ssh"; + user.signingKey = "~/.ssh/id"; + }; + }; + }) + + (mkIf config.isDesktop { + programs.gh = enabled { + settings.git_protocol = "ssh"; + }; + }) + ]; +} diff --git a/modules/common/helix.nix b/modules/common/helix.nix new file mode 100644 index 0000000..d31b9b6 --- /dev/null +++ b/modules/common/helix.nix @@ -0,0 +1,196 @@ +{ config, lib, pkgs, ... }: let + inherit (lib) const enabled genAttrs mkAfter mkIf; +in { + environment = { + variables.EDITOR = "hx"; + shellAliases.x = "hx"; + }; + + home-manager.sharedModules = [{ + programs.nushell.configFile.text = mkIf (config.isDesktop && config.isLinux) <| mkAfter '' + def --wrapped hx [...arguments] { + if $env.TERM == "xterm-kitty" { + kitty @ set-spacing padding=0 + } + + ^hx ...$arguments + + if $env.TERM == "xterm-kitty" { + kitty @ set-spacing padding=${toString config.theme.padding} + } + } + ''; + + programs.helix = enabled { + languages.language = let + denoFormatter = language: { + command = "deno"; + args = [ "fmt" "-" "--ext" language ]; + }; + + denoFormatterLanguages = map (name: { + inherit name; + + auto-format = true; + formatter = denoFormatter name; + }) [ "markdown" "json" ]; + + prettier = language: { + command = "prettier"; + args = [ "--parser" language ]; + }; + + prettierLanguages = map (name: { + inherit name; + + auto-format = true; + formatter = prettier name; + }) [ "css" "scss" "yaml" ]; + in denoFormatterLanguages ++ prettierLanguages ++ [ + { + name = "nix"; + auto-format = false; + formatter.command = "alejandra"; + } + { + name = "html"; + # Added vto. + file-types = [ "asp" "aspx" "htm" "html" "jshtm" "jsp" "rhtml" "shtml" "volt" "vto" "xht" "xhtml" ]; + auto-format = false; + formatter = prettier "html"; + } + { + name = "javascript"; + auto-format = true; + formatter = denoFormatter "js"; + language-servers = [ "deno" ]; + } + { + name = "jsx"; + auto-format = true; + formatter = denoFormatter "jsx"; + language-servers = [ "deno" ]; + } + { + name = "typescript"; + auto-format = true; + formatter = denoFormatter "ts"; + language-servers = [ "deno" ]; + } + { + name = "tsx"; + auto-format = true; + formatter = denoFormatter "tsx"; + language-servers = [ "deno" ]; + } + ]; + + languages.language-server = { + deno = { + command = "deno"; + args = [ "lsp" ]; + + environment.NO_COLOR = "1"; + + config.deno = enabled { + lint = true; + unstable = true; + + suggest.imports.hosts."https://deno.land" = true; + + inlayHints = { + enumMemberValues.enabled = true; + functionLikeReturnTypes.enabled = true; + parameterNames.enabled = "all"; + parameterTypes.enabled = true; + propertyDeclarationTypes.enabled = true; + variableTypes.enabled = true; + }; + }; + }; + + rust-analyzer.config.check.command = "clippy"; + }; + + settings.theme = "gruvbox_dark_hard"; + + settings.editor = { + color-modes = true; + completion-replace = true; + completion-trigger-len = 0; + cursor-shape.insert = "bar"; + cursorline = true; + bufferline = "multiple"; + file-picker.hidden = false; + idle-timeout = 0; + line-number = "relative"; + shell = [ "bash" "-c" ]; + text-width = 100; + }; + + settings.editor.indent-guides = { + character = "▏"; + render = true; + }; + + settings.editor.statusline.mode = { + insert = "INSERT"; + normal = "NORMAL"; + select = "SELECT"; + }; + + settings.editor.whitespace = { + characters.tab = "→"; + render.tab = "all"; + }; + + settings.keys = genAttrs [ "normal" "select" ] (const { + D = "extend_to_line_end"; + }); + }; + }]; + + environment.systemPackages = mkIf config.isDesktop [ + # CMAKE + pkgs.cmake-language-server + + # GO + pkgs.gopls + + # HTML + pkgs.vscode-langservers-extracted + pkgs.nodePackages_latest.prettier + + # KOTLIN + pkgs.kotlin-language-server + + # LATEX + pkgs.texlab + + # LUA + pkgs.lua-language-server + + # MARKDOWN + pkgs.marksman + + # NIX + pkgs.alejandra + pkgs.nil + + # PYTHON + pkgs.python311Packages.python-lsp-server + + # RUST + pkgs.rust-analyzer-nightly + + # TYPESCRIPT & OTHERS + pkgs.deno + + # YAML + pkgs.yaml-language-server + + # ZIG + pkgs.zls + ]; +} + diff --git a/modules/common/home-manager.nix b/modules/common/home-manager.nix new file mode 100644 index 0000000..3eca196 --- /dev/null +++ b/modules/common/home-manager.nix @@ -0,0 +1,6 @@ +{ + home-manager = { + useGlobalPkgs = true; + useUserPackages = true; + }; +} diff --git a/modules/common/nix.nix b/modules/common/nix.nix new file mode 100644 index 0000000..ee20272 --- /dev/null +++ b/modules/common/nix.nix @@ -0,0 +1,61 @@ +{ self, config, inputs, lib, pkgs, ... }: let + inherit (lib) concatStringsSep const disabled filterAttrs flip isType mapAttrs mapAttrsToList merge mkAfter optionalAttrs; + inherit (lib.strings) toJSON; + + registryMap = inputs + |> filterAttrs (const <| isType "flake"); +in { + # We don't want this to be garbage collected away because if + # that happens rebuilds are slow thanks to my garbage WiFi. + environment.etc.".system-inputs.json".text = toJSON registryMap; + + nix.nixPath = registryMap + |> mapAttrsToList (name: value: "${name}=${value}") + |> concatStringsSep ":"; + + nix.registry = registryMap // { default = inputs.nixpkgs; } + |> mapAttrs (_: flake: { inherit flake; }); + + nix.channel = disabled; + + nix.settings = (import <| self + /flake.nix).nixConfig + |> flip removeAttrs (if config.isDarwin then [ "use-cgroups" ] else []); + + nix.gc = merge { + automatic = true; + options = "--delete-older-than 3d"; + } <| optionalAttrs config.isLinux { + dates = "weekly"; + persistent = true; + }; + + nix.optimise.automatic = true; + + environment.systemPackages = [ + pkgs.nh + pkgs.nix-index + pkgs.nix-output-monitor + ]; + + home-manager.sharedModules = [{ + programs.nushell.configFile.text = mkAfter '' + def --wrapped nr [program: string = "", ...arguments] { + if ($program | str contains "#") or ($program | str contains ":") { + nix run $program -- ...$arguments + } else { + nix run ("default#" + $program) -- ...$arguments + } + } + + def --wrapped ns [...programs] { + nix shell ...($programs | each { + if ($in | str contains "#") or ($in | str contains ":") { + $in + } else { + "default#" + $in + } + }) + } + ''; + }]; +} diff --git a/modules/nushell/configuration.nu b/modules/common/nushell/configuration.nu similarity index 100% rename from modules/nushell/configuration.nu rename to modules/common/nushell/configuration.nu diff --git a/modules/common/nushell/default.nix b/modules/common/nushell/default.nix new file mode 100644 index 0000000..84f560f --- /dev/null +++ b/modules/common/nushell/default.nix @@ -0,0 +1,92 @@ +{ config, lib, pkgs, ... }: let + inherit (lib) enabled filter first foldl' getExe last match mkIf nameValuePair optionalAttrs readFile removeAttrs splitString; +in { + users = optionalAttrs config.isLinux { defaultUserShell = pkgs.nushell; }; + + environment.shells = mkIf config.isDarwin [ pkgs.nushell ]; + + environment.shellAliases = { + la = "ls --all"; + lla = "ls --long --all"; + sl = "ls"; + + cp = "cp --recursive --verbose --progress"; + mk = "mkdir"; + mv = "mv --verbose"; + rm = "rm --recursive --verbose"; + + pstree = "pstree -g 2"; + tree = "tree -CF --dirsfirst"; + }; + + environment.systemPackages = [ + pkgs.fish # For completions. + pkgs.zoxide # For completions and better cd. + ]; + + environment.variables.STARSHIP_LOG = "error"; + + home-manager.sharedModules = [(homeArgs: { + xdg.configFile = { + "nushell/zoxide.nu".source = pkgs.runCommand "zoxide.nu" {} '' + ${getExe pkgs.zoxide} init nushell --cmd cd > $out + ''; + + "nushell/ls_colors.txt".source = pkgs.runCommand "ls_colors.txt" {} '' + ${getExe pkgs.vivid} generate gruvbox-dark-hard > $out + ''; + + "nushell/starship.nu".source = pkgs.runCommand "starship.nu" {} '' + ${getExe pkgs.starship} init nu > $out + ''; + }; + + programs.starship = enabled { + # No because we are doing it at build time instead of the way + # this retarded does it. Why the hell do you generate the config + # every time the shell is launched? + enableNushellIntegration = false; + + settings = { + command_timeout = 100; + scan_timeout = 20; + + cmd_duration.show_notifications = config.isDesktop; + + package.disabled = config.isServer; + + character.error_symbol = ""; + character.success_symbol = ""; + }; + }; + + programs.nushell = enabled { + configFile.text = readFile ./configuration.nu; + envFile.text = readFile ./environment.nu; + + environmentVariables = let + environmentVariables = config.environment.variables; + + homeVariables = homeArgs.config.home.sessionVariables; + homeVariablesExtra = pkgs.runCommand "home-variables-extra.env" {} '' + alias export=echo + # echo foo > $out + # FIXME + eval $(cat ${homeArgs.config.home.sessionVariablesPackage}/etc/profile.d/hm-session-vars.sh) > $out + '' + # |> (aaa: (_: break _) aaa) + |> readFile + |> splitString "\n" + |> filter (s: s != "") + |> map (match "([^=]+)=(.*)") + |> map (keyAndValue: nameValuePair (first keyAndValue) (last keyAndValue)) + |> foldl' (x: y: x // y) {}; + in environmentVariables // homeVariables // homeVariablesExtra; + + shellAliases = removeAttrs config.environment.shellAliases [ "ls" "l" ] // { + cdtmp = "cd (mktemp --directory)"; + ll = "ls --long"; + }; + }; + })]; +} diff --git a/modules/nushell/environment.nu b/modules/common/nushell/environment.nu similarity index 100% rename from modules/nushell/environment.nu rename to modules/common/nushell/environment.nu diff --git a/modules/common/packages.nix b/modules/common/packages.nix new file mode 100644 index 0000000..64a3a00 --- /dev/null +++ b/modules/common/packages.nix @@ -0,0 +1,58 @@ +{ config, lib, pkgs, ... }: let + inherit (lib) optionals; +in { + environment.systemPackages = [ + pkgs.asciinema + pkgs.cowsay + pkgs.curlHTTP3 + pkgs.dig + pkgs.doggo + pkgs.fastfetch + pkgs.fd + (pkgs.fortune.override { withOffensive = true; }) + pkgs.hyperfine + pkgs.moreutils + pkgs.openssl + pkgs.p7zip + pkgs.pstree + pkgs.rsync + pkgs.timg + pkgs.tree + pkgs.uutils-coreutils-noprefix + pkgs.yazi + pkgs.yt-dlp + ] ++ optionals config.isLinux [ + pkgs.traceroute + pkgs.usbutils + pkgs.strace + ] ++ optionals config.isDesktop [ + pkgs.clang_16 + pkgs.clang-tools_16 + pkgs.deno + pkgs.gh + pkgs.go + pkgs.jdk + pkgs.lld + pkgs.maven + pkgs.zig + + pkgs.element-desktop + + pkgs.qbittorrent + ] ++ optionals (config.isLinux && config.isDesktop) [ + pkgs.thunderbird + + pkgs.whatsapp-for-linux + + pkgs.zulip + pkgs.fractal + + pkgs.obs-studio + + pkgs.krita + + pkgs.libreoffice + pkgs.hunspellDicts.en_US + pkgs.hunspellDicts.en_GB-ize + ]; +} diff --git a/modules/common/python.nix b/modules/common/python.nix new file mode 100644 index 0000000..74c8acf --- /dev/null +++ b/modules/common/python.nix @@ -0,0 +1,10 @@ +{ pkgs, ... }: { + environment.systemPackages = [ + (pkgs.python311.withPackages (pkgs: [ + pkgs.pip + pkgs.requests + ])) + + pkgs.uv + ]; +} diff --git a/modules/common/ripgrep.nix b/modules/common/ripgrep.nix new file mode 100644 index 0000000..23f3910 --- /dev/null +++ b/modules/common/ripgrep.nix @@ -0,0 +1,14 @@ +{ lib, ... }: let + inherit (lib) enabled; +in { + environment.shellAliases.todo = ''rg "todo|fixme" --colors match:fg:yellow --colors match:style:bold''; + + home-manager.sharedModules = [{ + programs.ripgrep = enabled { + arguments = [ + "--line-number" + "--smart-case" + ]; + }; + }]; +} diff --git a/modules/common/rust.nix b/modules/common/rust.nix new file mode 100644 index 0000000..d7aaa43 --- /dev/null +++ b/modules/common/rust.nix @@ -0,0 +1,18 @@ +{ pkgs, ... }: { + environment.variables.CARGO_NET_GIT_FETCH_WITH_CLI = "true"; + + environment.systemPackages = [ + pkgs.cargo-expand + pkgs.cargo-fuzz + + pkgs.evcxr + + (pkgs.fenix.complete.withComponents [ + "cargo" + "clippy" + "rust-src" + "rustc" + "rustfmt" + ]) + ]; +} diff --git a/modules/common/ssh/config.age b/modules/common/ssh/config.age new file mode 100644 index 0000000..38c5abe --- /dev/null +++ b/modules/common/ssh/config.age @@ -0,0 +1,12 @@ +age-encryption.org/v1 +-> ssh-ed25519 +rZ0Tw nOt0AMht8Aod+1V2bTWMJnMWtYVm8AckH27mnwFAQS4 +rBp+kJFoQwh8jD0q5Dv9O6O/iT7tTbPioQGUnOE4Eyc +-> ssh-ed25519 spFFQA 7s4U2WKZZwRIYRsZNBmnXI7Yawkh7ZZ0YuTDeaoHCww +NX/akV5Cj5WEyeg86kd2JVPGq8f54oixuyR020c6aqs +-> ssh-ed25519 dASlBQ fGx+vne56PxD8gaACu1f8iR+Nhscxqs292rH4uEeChc +mVq1++pve3Kk0kRbhf4LCTutiEJBEbmsy4fVS+QYrYM +-> ssh-ed25519 CzqbPQ Pj0lZnFQXqQrJk9fyi15923rqnVA2GbhR+kRxNMm3Ec +yu14hvCAV2MzexoDeiza5CfisuKC5e1p2JbDHbyPy0E +--- 8UNtL1+o7GYCfWOYk0E+mIXFt3kb7NhAVzTnBkx0YPQ +rmJ)4UCܘJ`vY,ڝC|`'[w"\@I +.'{nkE@ 6 \ No newline at end of file diff --git a/modules/common/ssh/default.nix b/modules/common/ssh/default.nix new file mode 100644 index 0000000..0b00b64 --- /dev/null +++ b/modules/common/ssh/default.nix @@ -0,0 +1,61 @@ +{ self, config, lib, pkgs, ... }: let + inherit (lib) enabled mkIf; + + controlPath = "~/.ssh/control"; +in { + secrets.sshConfig = { + file = ./config.age; + mode = "444"; + }; + + home-manager.sharedModules = [{ + home.activation.createControlPath = { + after = [ "writeBoundary" ]; + before = []; + data = "mkdir --parents ${controlPath}"; + }; + + programs.ssh = enabled { + controlMaster = "auto"; + controlPath = "${controlPath}/%r@%n:%p"; + controlPersist = "60m"; + serverAliveCountMax = 2; + serverAliveInterval = 60; + + includes = [ config.secrets.sshConfig.path ]; + + matchBlocks = { + "*" = { + setEnv.COLORTERM = "truecolor"; + setEnv.TERM = "xterm-256color"; + + identityFile = "~/.ssh/id"; + }; + + # TODO: Maybe autogenerate these? + + # cube = { + # hostname = self.cube.networking.ipv4; + # user = "rgb"; + # port = 2222; + # }; + + # disk = { + # hostname = self.disk.networking.ipv4; + # user = "floppy"; + # port = 2222; + # }; + + # nine = { + # hostname = self.nine.networking.ipv4; + # user = "seven"; + # port = 2222; + # }; + }; + }; + }]; + + environment.systemPackages = mkIf config.isDesktop [ + pkgs.mosh + ]; +} diff --git a/modules/common/system.nix b/modules/common/system.nix new file mode 100644 index 0000000..8a39c9d --- /dev/null +++ b/modules/common/system.nix @@ -0,0 +1,13 @@ +{ config, lib, ... }: let + inherit (lib) any elem last mapAttrsToList mkConst splitString; +in { + options = { + os = mkConst <| last <| splitString "-" config.nixpkgs.hostPlatform.system; + + isLinux = mkConst <| config.os == "linux"; + isDarwin = mkConst <| config.os == "darwin"; + + isDesktop = mkConst <| config.isDarwin || (any <| mapAttrsToList (_: value: elem "graphical" value.extraGroups) config.users.users); + isServer = mkConst <| !config.isDesktop; + }; +} diff --git a/modules/common/tailscale.nix b/modules/common/tailscale.nix new file mode 100644 index 0000000..bcb53d4 --- /dev/null +++ b/modules/common/tailscale.nix @@ -0,0 +1,7 @@ +{ lib, ... }: let + inherit (lib) enabled; +in { + environment.shellAliases.ts = "sudo tailscale"; + + services.tailscale = enabled; +} diff --git a/modules/termbin.nix b/modules/common/termbin.nix similarity index 55% rename from modules/termbin.nix rename to modules/common/termbin.nix index 66d49bd..9fec77c 100644 --- a/modules/termbin.nix +++ b/modules/common/termbin.nix @@ -1,5 +1,4 @@ -{ lib, ... }: with lib; - -systemConfiguration { +{ environment.shellAliases.tb = "nc termbin.com 9999"; } + diff --git a/options/theme.nix b/modules/common/theme.nix similarity index 61% rename from options/theme.nix rename to modules/common/theme.nix index 4f46028..6eae8d3 100644 --- a/options/theme.nix +++ b/modules/common/theme.nix @@ -1,6 +1,8 @@ -{ lib, pkgs, themes, ... }: { - options.theme = lib.mkValue (themes.custom (themes.raw.gruvbox-dark-hard // { - cornerRadius = 0; +{ lib, pkgs, themes, ... }: let + inherit (lib) mkValue; +in { + options.theme = mkValue <| themes.custom <| themes.raw.gruvbox-dark-hard // { + cornerRadius = 4; borderWidth = 2; margin = 0; @@ -13,9 +15,10 @@ font.sans.package = pkgs.lexend; font.mono.name = "JetBrainsMono Nerd Font"; - font.mono.package = pkgs.nerdfonts.override { fonts = [ "JetBrainsMono"]; }; + font.mono.package = pkgs.nerd-fonts.jetbrains-mono; icons.name = "Gruvbox-Plus-Dark"; icons.package = pkgs.gruvbox-plus-icons; - })); + }; } + diff --git a/modules/common/w3m.nix b/modules/common/w3m.nix new file mode 100644 index 0000000..20890a9 --- /dev/null +++ b/modules/common/w3m.nix @@ -0,0 +1,10 @@ +{ pkgs, ... }: { + environment.shellAliases = { + ddg = "w3m lite.duckduckgo.com"; + web = "w3m"; + }; + + environment.systemPackages = [ + pkgs.w3m + ]; +} diff --git a/modules/darwin/aerospace.nix b/modules/darwin/aerospace.nix new file mode 100644 index 0000000..b14554f --- /dev/null +++ b/modules/darwin/aerospace.nix @@ -0,0 +1,6 @@ +{ lib, ... }: let + inherit (lib) enabled; +in { + services.aerospace = enabled { + }; +} diff --git a/modules/darwin/dns.nix b/modules/darwin/dns.nix new file mode 100644 index 0000000..b7cb3d5 --- /dev/null +++ b/modules/darwin/dns.nix @@ -0,0 +1,14 @@ +{ config, lib, ... }: let + inherit (lib) head map splitString; +in { + # Yeah, no DNSSEC or DoT or anything. + # That's what you get for using Darwin I guess. + networking.dns = config.dnsServers + |> map (splitString "#") + |> map head; + + networking.knownNetworkServices = [ + "Thunderbolt Bridge" + "Wi-Fi" + ]; +} diff --git a/modules/endlessh-go.nix b/modules/endlessh-go.nix deleted file mode 100644 index 8623e12..0000000 --- a/modules/endlessh-go.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ lib, pkgs, ... }: with lib; - -let - fakeSSHPort = 22; -in serverSystemConfiguration { - services.prometheus.exporters.endlessh-go = enabled { - listenAddress = "[::]"; - }; - - # `services.endlessh-go.openFirewall` exposes both the Prometheus - # exporters port and the SSH port, and we don't want the metrics - # to leak, so we manually expose this like so. - networking.firewall.allowedTCPPorts = [ fakeSSHPort ]; - - services.endlessh-go = enabled { - listenAddress = "[::]"; - port = fakeSSHPort; - - extraOptions = [ - "-alsologtostderr" - "-geoip_supplier max-mind-db" - "-max_mind_db ${pkgs.clash-geoip}/etc/clash/Country.mmdb" - ]; - }; -} diff --git a/modules/firefox.nix b/modules/firefox.nix deleted file mode 100644 index 1fcfb5b..0000000 --- a/modules/firefox.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ config, lib, ... }: with lib; - -desktopUserHomeConfiguration { - programs.firefox = enabled { - profiles.default = { - settings = with config.theme.font; { - "general.autoScroll" = true; - "privacy.donottrackheader.enabled" = true; - - "browser.fixup.domainsuffixwhitelist.idk" = true; - - "font.name.serif.x-western" = sans.name; - "font.size.variable.x-western" = builtins.ceil (1.3 * size.normal); - - "toolkit.legacyUserProfileCustomizations.stylesheets" = true; - }; - - userChrome = '' - #TabsToolbar { - visibility: collapse; - } - ''; - }; - }; -} diff --git a/modules/ghostty.nix b/modules/ghostty.nix deleted file mode 100644 index d54aa3f..0000000 --- a/modules/ghostty.nix +++ /dev/null @@ -1,66 +0,0 @@ -{ config, lib, pkgs, ... }: with lib; - -desktopUserHomeConfiguration { - programs.nushell.environmentVariables.TERMINAL = "ghostty"; - - programs.ghostty = enabled { - clearDefaultKeybinds = true; - - settings = with config.theme; { - font-size = font.size.normal; - font-family = font.mono.name; - - window-padding-x = padding; - window-padding-y = padding; - - confirm-close-surface = false; - - window-decoration = false; - - config-file = toString (pkgs.writeText "base16-config" ghosttyConfig); - - keybind = (mapAttrsToList (name: value: "ctrl+shift+${name}=${value}") { - c = "copy_to_clipboard"; - v = "paste_from_clipboard"; - - z = "jump_to_prompt:-2"; - x = "jump_to_prompt:2"; - - h = "write_scrollback_file"; - i = "inspector:toggle"; - - page_down = "scroll_page_fractional:0.33"; - down = "scroll_page_lines:1"; - j = "scroll_page_lines:1"; - - page_up = "scroll_page_fractional:-0.33"; - up = "scroll_page_lines:-1"; - k = "scroll_page_lines:-1"; - - home = "scroll_to_top"; - end = "scroll_to_bottom"; - - "physical:kp_enter" = "reset_font_size"; - "physical:kp_add" = "increase_font_size:1"; - "physical:kp_subtract" = "decrease_font_size:1"; - - t = "new_tab"; - q = "close_surface"; - - "physical:one" = "goto_tab:1"; - "physical:two" = "goto_tab:2"; - "physical:three" = "goto_tab:3"; - "physical:four" = "goto_tab:4"; - "physical:five" = "goto_tab:5"; - "physical:six" = "goto_tab:6"; - "physical:seven" = "goto_tab:7"; - "physical:eight" = "goto_tab:8"; - "physical:nine" = "goto_tab:9"; - "physical:zero" = "goto_tab:10"; - }) ++ (mapAttrsToList (name: value: "ctrl+${name}=${value}") { - "physical:tab" = "next_tab"; - "shift+physical:tab" = "previous_tab"; - }); - }; - }; -} diff --git a/modules/git.nix b/modules/git.nix deleted file mode 100644 index c7b990a..0000000 --- a/modules/git.nix +++ /dev/null @@ -1,159 +0,0 @@ -{ self, lib, pkgs, ... }: with lib; merge - -(systemConfiguration { - environment.shellAliases = { - g = "git"; - - ga = "git add"; - gaa = "git add ./"; - - gab = "git absorb"; - gabr = "git absorb --and-rebase"; - - gb = "git branch"; - gbv = "git branch --verbose"; - - gc = "git commit"; - gca = "git commit --amend --no-edit"; - gcm = "git commit --message"; - gcam = "git commit --amend --message"; - - gcl = "git clone"; - - gd = "git diff"; - gds = "git diff --staged"; - - gp = "git push"; - gpf = "git push --force-with-lease"; - - gl = "git log"; - glo = "git log --oneline --graph"; - glp = "git log -p --ext-diff"; - - gpl = "git pull"; - gplr = "git pull --rebase"; - gplff = "git pull --ff-only"; - - gr = "git recent"; - - grb = "git rebase"; - grba = "git rebase --abort"; - grbc = "git rebase --continue"; - grbi = "git rebase --interactive"; - grbm = "git rebase master"; - - grl = "git reflog"; - - grm = "git remote"; - grma = "git remote add"; - grmv = "git remote --verbose"; - grmsu = "git remote set-url"; - - grs = "git reset"; - grsh = "git reset --hard"; - - gs = "git stash"; - gsp = "git stash pop"; - - gsw = "git switch"; - gswm = "git switch master"; - - gsh = "git show --ext-diff"; - - gst = "git status"; - }; -}) - -(let - gitUrl = self.cube.services.forgejo.settings.server.ROOT_URL; - gitDomain = head (strings.match "https://(.*)/" gitUrl); - - mailDomain = head self.disk.mailserver.domains; -in homeConfiguration { - programs.nushell.configFile.text = mkAfter '' - # Sets the remote origin to the specified user and repository on my git instance - def gsr [user_and_repo: string] { - let user_and_repo = if ($user_and_repo | str index-of "/") != -1 { - $user_and_repo - } else { - "RGBCube/" + $user_and_repo - } - - git remote add origin ("${gitUrl}" + $user_and_repo) - } - ''; - - programs.git = enabled { - package = pkgs.gitFull; - - userName = "RGBCube"; - userEmail = "git@${mailDomain}"; - - lfs = enabled; - - difftastic = enabled { - background = "dark"; - }; - - extraConfig = merge { - init.defaultBranch = "master"; - - commit.verbose = true; - - log.date = "iso"; - column.ui = "auto"; - - branch.sort = "-committerdate"; - tag.sort = "version:refname"; - - diff.algorithm = "histogram"; - diff.colorMoved = "default"; - - pull.rebase = true; - push.autoSetupRemote = true; - - merge.conflictStyle = "zdiff3"; - - rebase.autoSquash = true; - rebase.autoStash = true; - rebase.updateRefs = true; - rerere.enabled = true; - - fetch.fsckObjects = true; - receive.fsckObjects = true; - transfer.fsckobjects = true; - - # https://bernsteinbear.com/git - alias.recent = "! git branch --sort=-committerdate --format=\"%(committerdate:relative)%09%(refname:short)\" | head -10"; - } (mkIf isDesktop { - core.sshCommand = "ssh -i ~/.ssh/id"; - url."ssh://git@github.com/".insteadOf = "https://github.com/"; - url."ssh://forgejo@${gitDomain}:${toString (head self.cube.services.openssh.ports)}/".insteadOf = gitUrl; - - commit.gpgSign = true; - tag.gpgSign = true; - - gpg.format = "ssh"; - user.signingKey = "~/.ssh/id"; - }); - }; -}) - -(desktopSystemConfiguration { - environment.shellAliases = { - "??" = "gh copilot suggest --target shell"; - "gh?" = "gh copilot suggest --target gh"; - "git?" = "gh copilot suggest --target git"; - }; -}) - -(desktopHomeConfiguration { - programs.gh = enabled { - settings.git_protocol = "ssh"; - }; -}) - -(systemPackages (with pkgs; [ - git-absorb - tig -])) diff --git a/modules/gtk.nix b/modules/gtk.nix deleted file mode 100644 index 687bbaf..0000000 --- a/modules/gtk.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ config, lib, pkgs, ... }: with lib; merge - -(desktopSystemConfiguration { - programs.dconf = enabled; -}) - -(desktopUserHomeConfiguration { - gtk = enabled { - gtk3.extraCss = config.theme.adwaitaGtkCss; - gtk4.extraCss = config.theme.adwaitaGtkCss; - - font = with config.theme.font; { - inherit (sans) name package; - - size = size.normal; - }; - - iconTheme = config.theme.icons; - - theme = { - name = "Adwaita-dark"; - package = pkgs.gnome-themes-extra; - }; - }; -}) - - diff --git a/modules/helix.nix b/modules/helix.nix deleted file mode 100644 index c9ec464..0000000 --- a/modules/helix.nix +++ /dev/null @@ -1,195 +0,0 @@ -{ config, lib, pkgs, ... }: with lib; merge - -(systemConfiguration { - environment = { - variables.EDITOR = "hx"; - shellAliases.x = "hx"; - }; -}) - -(homeConfiguration { - programs.nushell.configFile.text = mkAfter '' - def --wrapped hx [...arguments] { - if $env.TERM == "xterm-kitty" { - kitty @ set-spacing padding=0 - } - - ^hx ...$arguments - - if $env.TERM == "xterm-kitty" { - kitty @ set-spacing padding=${toString config.theme.padding} - } - } - ''; - - programs.helix = enabled { - languages.language = let - denoFormatter = language: { - command = "deno"; - args = [ "fmt" "-" "--ext" language ]; - }; - - denoFormatterLanguages = map (name: { - inherit name; - - auto-format = true; - formatter = denoFormatter name; - }) [ "markdown" "json" ]; - - prettier = language: { - command = "prettier"; - args = [ "--parser" language ]; - }; - - prettierLanguages = map (name: { - inherit name; - - auto-format = true; - formatter = prettier name; - }) [ "css" "scss" "yaml" ]; - in denoFormatterLanguages ++ prettierLanguages ++ [ - { - name = "nix"; - auto-format = false; - formatter.command = "alejandra"; - } - { - name = "html"; - # Added vto. - file-types = [ "asp" "aspx" "htm" "html" "jshtm" "jsp" "rhtml" "shtml" "volt" "vto" "xht" "xhtml" ]; - auto-format = false; - formatter = prettier "html"; - } - { - name = "javascript"; - auto-format = true; - formatter = denoFormatter "js"; - language-servers = [ "deno" ]; - } - { - name = "jsx"; - auto-format = true; - formatter = denoFormatter "jsx"; - language-servers = [ "deno" ]; - } - { - name = "typescript"; - auto-format = true; - formatter = denoFormatter "ts"; - language-servers = [ "deno" ]; - } - { - name = "tsx"; - auto-format = true; - formatter = denoFormatter "tsx"; - language-servers = [ "deno" ]; - } - ]; - - languages.language-server = { - deno = { - command = "deno"; - args = [ "lsp" ]; - - environment.NO_COLOR = "1"; - - config.deno = enabled { - lint = true; - unstable = true; - - suggest.imports.hosts."https://deno.land" = true; - - inlayHints = { - enumMemberValues.enabled = true; - functionLikeReturnTypes.enabled = true; - parameterNames.enabled = "all"; - parameterTypes.enabled = true; - propertyDeclarationTypes.enabled = true; - variableTypes.enabled = true; - }; - }; - }; - - rust-analyzer.config.check.command = "clippy"; - }; - - settings.theme = "gruvbox_dark_hard"; - - settings.editor = { - color-modes = true; - completion-replace = true; - completion-trigger-len = 0; - cursor-shape.insert = "bar"; - cursorline = true; - bufferline = "multiple"; - file-picker.hidden = false; - idle-timeout = 0; - line-number = "relative"; - shell = [ "bash" "-c" ]; - text-width = 100; - }; - - settings.editor.indent-guides = { - character = "▏"; - render = true; - }; - - settings.editor.statusline.mode = { - insert = "INSERT"; - normal = "NORMAL"; - select = "SELECT"; - }; - - settings.editor.whitespace = { - characters.tab = "→"; - render.tab = "all"; - }; - - settings.keys = genAttrs [ "normal" "select" ] (const { - D = "extend_to_line_end"; - }); - }; -}) - -(desktopSystemPackages (with pkgs; [ - # CMAKE - cmake-language-server - - # GO - gopls - - # HTML - vscode-langservers-extracted - nodePackages_latest.prettier - - # KOTLIN - # kotlin-language-server - - # LATEX - texlab - - # LUA - lua-language-server - - # MARKDOWN - marksman - - # NIX - alejandra - nil - - # PYTHON - python311Packages.python-lsp-server - - # RUST - rust-analyzer-nightly - - # TYPESCRIPT & OTHERS - deno - - # YAML - yaml-language-server - - # ZIG - # zls -])) diff --git a/modules/hyprland/dunst.nix b/modules/hyprland/dunst.nix deleted file mode 100644 index c1bd869..0000000 --- a/modules/hyprland/dunst.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ config, lib, ... }: with lib; - -desktopUserHomeConfiguration { - services.dunst = with config.theme.withHashtag; enabled { - iconTheme = icons; - - settings.global = { - width = "(300, 900)"; - - dmenu = "fuzzel --dmenu"; - - corner_radius = cornerRadius; - gap_size = margin; - horizontal_padding = padding; - padding = padding; - - frame_color = base0A; - frame_width = borderWidth; - separator_color = "frame"; - - background = base00; - foreground = base05; - - alignment = "center"; - font = "${font.sans.name} ${toString font.size.normal}"; - - min_icon_size = 64; - - offset = "0x${toString margin}"; - origin = "top-center"; - }; - - settings.urgency_low = { - frame_color = base0A; - timeout = 5; - }; - - settings.urgency_normal = { - frame_color = base09; - timeout = 10; - }; - - settings.urgency_critical = { - frame_color = base08; - timeout = 15; - }; - }; -} diff --git a/modules/hyprland/fuzzel.nix b/modules/hyprland/fuzzel.nix deleted file mode 100644 index b122a3d..0000000 --- a/modules/hyprland/fuzzel.nix +++ /dev/null @@ -1,59 +0,0 @@ -{ config, lib, ... }: with lib; - -desktopUserHomeConfiguration { - wayland.windowManager.hyprland.settings = { - bindl = [(replaceStrings [ "\n;" "\n" ] [ ";" "" ] '' - , XF86PowerOff, exec, - pkill fuzzel; - echo -en "Suspend\0icon\x1fsystem-suspend\nHibernate\0icon\x1fsystem-suspend-hibernate-alt2\nPower Off\0icon\x1fsystem-shutdown\nReboot\0icon\x1fsystem-reboot" - | fuzzel --dmenu - | tr --delete " " - | tr '[:upper:]' '[:lower:]' - | ifne xargs systemctl - '')]; - - bind = [ - "SUPER , SPACE, exec, pkill fuzzel; fuzzel" - "SUPER , E , exec, pkill fuzzel; cat ${./emojis.txt} | fuzzel --no-fuzzy --dmenu | cut -d ' ' -f 1 | tr -d '\\n' | wl-copy" - "SUPER+ALT, E , exec, pkill fuzzel; cat ${./emojis.txt} | fuzzel --no-fuzzy --dmenu | cut -d ' ' -f 1 | tr -d '\\n' | wtype -" - "SUPER , V , exec, pkill fuzzel; cliphist list | fuzzel --dmenu | cliphist decode | wl-copy" - ]; - }; - - services.cliphist = enabled { - extraOptions = [ "-max-items" "1000" ]; - }; - - programs.fuzzel = with config.theme; enabled { - settings.main = { - dpi-aware = false; - font = "${font.sans.name}:size=${toString font.size.big}"; - icon-theme = icons.name; - - layer = "overlay"; - prompt = ''"❯ "''; - - terminal = "ghostty -e"; - - tabs = 4; - - horizontal-pad = padding; - vertical-pad = padding; - inner-pad = padding; - }; - - settings.colors = mapAttrs (const (color: color + "FF")) { - background = base00; - text = base05; - match = base0A; - selection = base05; - selection-text = base00; - border = base0A; - }; - - settings.border = { - radius = cornerRadius; - width = borderWidth; - }; - }; -} diff --git a/modules/hyprland/gammastep.nix b/modules/hyprland/gammastep.nix deleted file mode 100644 index fcba839..0000000 --- a/modules/hyprland/gammastep.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ lib, ... }: with lib; merge - -(desktopSystemConfiguration { - services.geoclue2 = enabled { - appConfig.gammstep = { - isAllowed = true; - isSystem = false; - }; - }; -}) - -(desktopUserHomeConfiguration { - services.gammastep = enabled { - provider = "geoclue2"; - }; -}) diff --git a/modules/hyprland/hyprland.nix b/modules/hyprland/hyprland.nix deleted file mode 100644 index 1eec393..0000000 --- a/modules/hyprland/hyprland.nix +++ /dev/null @@ -1,243 +0,0 @@ -{ config, lib, pkgs, ... }: with lib; merge - -(desktopSystemConfiguration { - hardware.graphics = enabled; - - services.logind.powerKey = "ignore"; - - xdg.portal = enabled { - config.common.default = "*"; - - extraPortals = with pkgs; [ - xdg-desktop-portal-hyprland - ]; - - configPackages = with pkgs; [ - hyprland - ]; - }; - - programs.xwayland = enabled; -}) - -(desktopUserHomeConfiguration { - xdg.configFile."xkb/symbols/tr-swapped-i".text = '' - default partial - xkb_symbols "basic" { - include "tr(basic)" - - name[Group1]="Turkish (i and ı swapped)"; - - key { type[group1] = "FOUR_LEVEL_SEMIALPHABETIC", [ idotless, Iabovedot, paragraph , none ]}; - key { type[group1] = "FOUR_LEVEL_SEMIALPHABETIC", [ i , I , apostrophe, dead_caron ]}; - }; - ''; - - wayland.windowManager.hyprland = enabled { - systemd = enabled { - enableXdgAutostart = true; - }; - - # plugins = with pkgs; [ hyprcursors ]; - - # settings.plugin.dynamic-cursors = { - # mode = "rotate"; - - # shake = { - # threshold = 3; - - # effects = true; - # nearest = false; - # }; - # }; - - settings = { - monitor = [ ", preferred, auto, 1.5" ]; - - windowrule = [ "noinitialfocus" ]; - windowrulev2 = [ "workspace special silent, initialclass:^(xwaylandvideobridge)$" ]; - - exec = [ "pkill swaybg; swaybg --image ${./wallpaper.png}" ]; - - bindle = [ - ", XF86AudioRaiseVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+ --limit 1.5" - ", XF86AudioLowerVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-" - - ", XF86MonBrightnessUp , exec, brightnessctl set 5%+" - ", XF86MonBrightnessDown, exec, brightnessctl set --min-value=0 5%-" - - "SUPER, Prior, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+ --limit 1.5" - "SUPER, Next , exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-" - - "SUPER, Home, exec, brightnessctl set 5%+" - "SUPER, End , exec, brightnessctl set --min-value=0 5%-" - ]; - - bindl = [ - ", XF86AudioMute , exec, wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle" - ", XF86AudioMicMute, exec, wpctl set-mute @DEFAULT_AUDIO_SOURCE@ toggle" - - "SUPER+ALT, Insert, exec, wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle" - "SUPER+ALT, Delete, exec, wpctl set-mute @DEFAULT_AUDIO_SOURCE@ toggle" - ]; - - bindm = [ - "SUPER, mouse:272, movewindow" - "SUPER, mouse:274, movewindow" - "SUPER, mouse:273, resizewindow" - ]; - - binde = [ - "SUPER, left , movefocus, l" - "SUPER, down , movefocus, d" - "SUPER, up , movefocus, u" - "SUPER, right, movefocus, r" - - "SUPER, h, movefocus, l" - "SUPER, j, movefocus, d" - "SUPER, k, movefocus, u" - "SUPER, l, movefocus, r" - - "SUPER+CTRL, left , resizeactive, -100 0" - "SUPER+CTRL, down , resizeactive, 0 100" - "SUPER+CTRL, up , resizeactive, 0 -100" - "SUPER+CTRL, right, resizeactive, 100 0" - - "SUPER+CTRL, h, resizeactive, -100 0" - "SUPER+CTRL, j, resizeactive, 0 100" - "SUPER+CTRL, k, resizeactive, 0 -100" - "SUPER+CTRL, l, resizeactive, 100 0" - ]; - - bind = flatten [ - "SUPER , TAB, workspace, e+1" - "SUPER+ALT, TAB, workspace, e-1" - - "SUPER, mouse_up, workspace, e+1" - "SUPER, mouse_down, workspace, e-1" - - (map (n: [ - "SUPER , ${toString n}, workspace , ${toString n}" - "SUPER+ALT, ${toString n}, movetoworkspacesilent, ${toString n}" - ]) (range 1 9)) - "SUPER , 0, workspace , 10" - "SUPER+ALT, 0, movetoworkspacesilent, 10" - - "SUPER+ALT, left , movewindow, l" - "SUPER+ALT, down , movewindow, d" - "SUPER+ALT, up , movewindow, u" - "SUPER+ALT, right, movewindow, r" - - "SUPER+ALT, h, movewindow, l" - "SUPER+ALT, j, movewindow, d" - "SUPER+ALT, k, movewindow, u" - "SUPER+ALT, l, movewindow, r" - - "SUPER , Q, killactive" - "SUPER , F, fullscreen" - "SUPER+ALT, F, togglefloating" - - "SUPER+ALT, RETURN, exec, kitty" - "SUPER , RETURN, exec, ghostty --gtk-single-instance=true" - "SUPER , W , exec, firefox" - "SUPER , D , exec, discord" - "SUPER , Z , exec, zulip" - "SUPER , M , exec, thunderbird" - "SUPER , T , exec, thunar" - # "SUPER , C , exec, hyprpicker --autocopy" - - " , PRINT, exec, pkill grim; grim -g \"$(slurp -w 0)\" - | swappy -f - -o - | wl-copy --type image/png" - "ALT, PRINT, exec, pkill grim; grim - | swappy -f - -o - | wl-copy --type image/png" - ]; - - general = with config.theme; { - gaps_in = margin / 2; - gaps_out = margin; - border_size = borderWidth; - - "col.active_border" = "0xFF${base0A}"; - "col.nogroup_border_active" = "0xFF${base0A}"; - - "col.inactive_border" = "0xFF${base01}"; - "col.nogroup_border" = "0xFF${base01}"; - - resize_on_border = true; - }; - - decoration = { - drop_shadow = false; - rounding = config.theme.cornerRadius; - - blur.enabled = false; - }; - - input = { - follow_mouse = 1; - - kb_layout = "tr-swapped-i"; - - repeat_delay = 400; - repeat_rate = 100; - - touchpad = { - clickfinger_behavior = true; - drag_lock = true; - - natural_scroll = true; - scroll_factor = 0.7; - }; - }; - - gestures.workspace_swipe = true; - - animations = { - bezier = [ "material_decelerate, 0.05, 0.7, 0.1, 1" ]; - - animation = [ - "border , 1, 2, material_decelerate" - "fade , 1, 2, material_decelerate" - "layers , 1, 2, material_decelerate" - "windows , 1, 2, material_decelerate, popin 80%" - "workspaces, 1, 2, material_decelerate" - ]; - }; - - misc = { - animate_manual_resizes = true; - - background_color = config.theme.with0x.base00; - disable_hyprland_logo = true; - disable_splash_rendering = true; - - key_press_enables_dpms = true; - mouse_move_enables_dpms = true; - }; - - cursor = { - hide_on_key_press = true; - inactive_timeout = 10; - no_warps = true; - }; - - dwindle = { - preserve_split = true; - smart_resizing = false; - }; - - debug.error_position = 1; - }; - }; -}) - -(desktopUserHomePackages (with pkgs; [ - brightnessctl - grim - # hyprpicker - slurp - swappy - swaybg - wl-clipboard - wtype - xdg-utils - xwaylandvideobridge -])) diff --git a/modules/hyprland/wallpaper.png b/modules/hyprland/wallpaper.png deleted file mode 100644 index d5afcba..0000000 Binary files a/modules/hyprland/wallpaper.png and /dev/null differ diff --git a/modules/hyprland/waybar.nix b/modules/hyprland/waybar.nix deleted file mode 100644 index 8681093..0000000 --- a/modules/hyprland/waybar.nix +++ /dev/null @@ -1,142 +0,0 @@ -{ config, lib, ... }: with lib; - -desktopUserHomeConfiguration { - wayland.windowManager.hyprland.settings = { - exec = [ "pkill --signal SIGUSR2 waybar" ]; - bind = [ "SUPER, B, exec, pkill --signal SIGUSR1 waybar" ]; - }; - - programs.waybar = with config.theme.withHashtag; enabled { - systemd = enabled; - - settings = [{ - layer = "top"; - height = 2 * cornerRadius; - - margin-right = margin; - margin-left = margin; - margin-top = margin; - - modules-left = [ "hyprland/workspaces" ]; - - "hyprland/workspaces" = { - format = "{icon}"; - format-icons.default = ""; - format-icons.active = ""; - - persistent-workspaces."*" = 10; - }; - - modules-center = [ - "hyprland/window" - ]; - - "hyprland/window" = { - seperate-outputs = true; - - rewrite."(.*) - Discord" = "󰙯 $1"; - rewrite."(.*) — Mozilla Firefox" = "󰖟 $1"; - rewrite."(.*) — nu" = " $1"; - }; - - modules-right = [ "tray" "pulseaudio" "backlight" "cpu" "memory" "network" "battery" "clock" ]; - - tray = { - reverse-direction = true; - spacing = 5; - }; - - pulseaudio = { - format = "{format_source} {icon} {volume}%"; - format-muted = "{format_source} 󰸈"; - - format-bluetooth = "{format_source} 󰋋 󰂯 {volume}%"; - format-bluetooth-muted = "{format_source} 󰟎 󰂯"; - - format-source = "󰍬"; - format-source-muted = "󰍭"; - - format-icons.default = [ "󰕿" "󰖀" "󰕾" ]; - }; - - backlight = { - format = "{icon} {percent}%"; - format-icons = [ "" "" "" "" "" "" "" "" "" ]; - }; - - cpu.format = " {usage}%"; - memory.format = "󰽘 {}%"; - - network = { - format-disconnected = "󰤮 "; - format-ethernet = "󰈀 {ipaddr}/{cidr}"; - format-linked = " {ifname} (No IP)"; - format-wifi = " {signalStrength}%"; - }; - - battery = { - format = "{icon} {capacity}%"; - format-charging = "󰂄 {capacity}%"; - format-plugged = "󰂄 {capacity}%"; - - format-icons = [ "󰁺" "󰁻" "󰁼" "󰁽" "󰁾" "󰁿" "󰂀" "󰂁" "󰂂" "󰁹" ]; - - states.warning = 30; - states.critical = 15; - }; - - clock.tooltip-format = "{:%Y %B}\n{calendar}"; - }]; - - style = '' - * { - border: none; - border-radius: ${toString cornerRadius}px; - font-family: "${font.sans.name}"; - } - - .modules-right { - margin-right: ${toString padding}px; - } - - #waybar { - background: ${base00}; - color: ${base05}; - } - - #workspaces button:nth-child(1) { color: ${base08}; } - #workspaces button:nth-child(2) { color: ${base09}; } - #workspaces button:nth-child(3) { color: ${base0A}; } - #workspaces button:nth-child(4) { color: ${base0B}; } - #workspaces button:nth-child(5) { color: ${base0C}; } - #workspaces button:nth-child(6) { color: ${base0D}; } - #workspaces button:nth-child(7) { color: ${base0E}; } - #workspaces button:nth-child(8) { color: ${base0F}; } - #workspaces button:nth-child(9) { color: ${base04}; } - #workspaces button:nth-child(10) { color: ${base06}; } - - #workspaces button.empty { - color: ${base02}; - } - - #tray, #pulseaudio, #backlight, #cpu, #memory, #network, #battery, #clock { - margin-left: 20px; - } - - @keyframes blink { - to { - color: ${base05}; - } - } - - #battery.critical:not(.charging) { - animation-direction: alternate; - animation-duration: 0.5s; - animation-iteration-count: infinite; - animation-name: blink; - animation-timing-function: linear; - color: ${base08}; - } - ''; - }; -} diff --git a/modules/kitty.nix b/modules/kitty.nix deleted file mode 100644 index abccd87..0000000 --- a/modules/kitty.nix +++ /dev/null @@ -1,74 +0,0 @@ -{ config, lib, ... }: with lib; - -desktopUserHomeConfiguration { - programs.kitty = with config.theme.withHashtag; enabled { - font = with font; { - inherit (mono) name package; - - size = size.normal; - }; - - settings = { - allow_remote_control = true; - confirm_os_window_close = 0; - focus_follows_mouse = true; - mouse_hide_wait = 0; - window_padding_width = padding; - - scrollback_lines = 100000; - scrollback_pager = "bat --chop-long-lines"; - - cursor = base05; - cursor_text_color = base00; - cursor_shape = "beam"; - - url_color = base0D; - - strip_trailing_spaces = "always"; - - enable_audio_bell = false; - - active_border_color = base0A; - inactive_border_color = base01; - window_border_width = "0pt"; - - background = base00; - foreground = base05; - - selection_background = base02; - selection_foreground = base00; - - tab_bar_edge = "top"; - tab_bar_style = "powerline"; - - active_tab_background = base00; - active_tab_foreground = base05; - - inactive_tab_background = base01; - inactive_tab_foreground = base05; - - color0 = base00; - color1 = base08; - color2 = base0B; - color3 = base0A; - color4 = base0D; - color5 = base0E; - color6 = base0C; - color7 = base05; - color8 = base03; - color9 = base08; - color10 = base0B; - color11 = base0A; - color12 = base0D; - color13 = base0E; - color14 = base0C; - color15 = base07; - color16 = base09; - color17 = base0F; - color18 = base01; - color19 = base02; - color20 = base04; - color21 = base06; - }; - }; -} diff --git a/modules/linux/crash.nix b/modules/linux/crash.nix new file mode 100644 index 0000000..8383d71 --- /dev/null +++ b/modules/linux/crash.nix @@ -0,0 +1,7 @@ +{ config, lib, pkgs, ... }: let + inherit (lib) getExe; +in { + environment.sessionVariables.SHELLS = getExe config.environment.sessionVariables.SHELL; + + users.defaultUserShell = pkgs.crash; +} diff --git a/modules/documentation.nix b/modules/linux/documentation.nix similarity index 68% rename from modules/documentation.nix rename to modules/linux/documentation.nix index c2f0218..fca4d03 100644 --- a/modules/documentation.nix +++ b/modules/linux/documentation.nix @@ -1,6 +1,6 @@ -{ lib, ... }: with lib; - -systemConfiguration { +{ lib, ... }: let + inherit (lib) enabled disabled; +in { documentation = { doc = disabled; info = disabled; diff --git a/modules/emulated-systems.nix b/modules/linux/emulated-systems.nix similarity index 72% rename from modules/emulated-systems.nix rename to modules/linux/emulated-systems.nix index 3c9fd17..d459cd4 100644 --- a/modules/emulated-systems.nix +++ b/modules/linux/emulated-systems.nix @@ -1,6 +1,6 @@ -{ config, lib, ... }: with lib; - -systemConfiguration { +{ config, lib, ... }: let + inherit (lib) remove; +in { boot.binfmt.emulatedSystems = remove config.nixpkgs.hostPlatform.system [ "aarch64-linux" "riscv64-linux" diff --git a/modules/linux/endlessh-go.nix b/modules/linux/endlessh-go.nix new file mode 100644 index 0000000..efe8704 --- /dev/null +++ b/modules/linux/endlessh-go.nix @@ -0,0 +1,50 @@ +{ config, lib, pkgs, ... }: let + inherit (lib) enabled merge mkEnableOption mkIf mkOption types; + + fakeSSHPort = 22; +in merge <| mkIf config.isServer { + config.services.prometheus.exporters.endlessh-go = enabled { + listenAddress = "[::]"; + }; + + # `services.endlessh-go.openFirewall` exposes both the Prometheus + # exporters port and the SSH port, and we don't want the metrics + # to leak, so we manually expose this like so. + config.networking.firewall.allowedTCPPorts = [ fakeSSHPort ]; + + config.services.endlessh-go = enabled { + listenAddress = "[::]"; + port = fakeSSHPort; + + extraOptions = [ + "-alsologtostderr" + "-geoip_supplier max-mind-db" + "-max_mind_db ${pkgs.clash-geoip}/etc/clash/Country.mmdb" + ]; + + prometheus = config.services.prometheus.exporters.endlessh-go; + }; + + # And yes, I've tried lib.mkAliasOptionModule. + # It doesn't work for a mysterious reason, + # says it can't find `services.prometheus.exporters.endlessh-go`. + # + # This works, however. + # + # TODO: I may be stupid, because the above note says that I tried + # to alias to a nonexistent option, rather than the other way around. + # Let's try mkAliasOptionModule again later. + options.services.prometheus.exporters.endlessh-go = { + enable = mkEnableOption "Prometheus integration"; + + listenAddress = mkOption { + type = types.str; + default = "0.0.0.0"; + }; + + port = mkOption { + type = types.port; + default = 2112; + }; + }; +} diff --git a/modules/linux/firefox.nix b/modules/linux/firefox.nix new file mode 100644 index 0000000..2ba35f0 --- /dev/null +++ b/modules/linux/firefox.nix @@ -0,0 +1,28 @@ +{ config, lib, ... }: let + inherit (lib) enabled merge mkIf; +in merge <| mkIf config.isDesktop { + home-manager.sharedModules = [{ + programs.firefox = enabled { + profiles.default = { + settings = with config.theme.font; { + "general.autoScroll" = true; + "privacy.donottrackheader.enabled" = true; + + "browser.fixup.domainsuffixwhitelist.idk" = true; + + "font.name.serif.x-western" = sans.name; + "font.size.variable.x-western" = builtins.ceil (1.3 * size.normal); + + "toolkit.legacyUserProfileCustomizations.stylesheets" = true; + }; + + userChrome = '' + #TabsToolbar { + visibility: collapse; + } + ''; + }; + }; + }]; +} + diff --git a/modules/fonts.nix b/modules/linux/fonts.nix similarity index 59% rename from modules/fonts.nix rename to modules/linux/fonts.nix index 9e1da4e..d42aaac 100644 --- a/modules/fonts.nix +++ b/modules/linux/fonts.nix @@ -1,14 +1,15 @@ -{ config, lib, pkgs, ... }: with lib; merge +{ config, lib, pkgs, ... }: let + inherit (lib) disabled merge mkIf; +in merge -(desktopSystemConfiguration { +(mkIf config.isDesktop { console = { earlySetup = true; font = "Lat2-Terminus16"; - packages = with pkgs; [ terminus_font ]; + packages = [ pkgs.terminus_font ]; }; -}) -(desktopSystemFonts [ + fonts.packages = [ config.theme.font.sans.package config.theme.font.mono.package @@ -16,8 +17,9 @@ pkgs.noto-fonts-cjk-sans pkgs.noto-fonts-lgc-plus pkgs.noto-fonts-emoji -]) + ]; +}) -(serverSystemConfiguration { +(mkIf config.isServer { fonts.fontconfig = disabled; }) diff --git a/modules/linux/gtk.nix b/modules/linux/gtk.nix new file mode 100644 index 0000000..1960c93 --- /dev/null +++ b/modules/linux/gtk.nix @@ -0,0 +1,26 @@ +{ config, lib, pkgs, ... }: let + inherit (lib) enabled mkIf merge; +in merge <| mkIf config.isDesktop { + programs.dconf = enabled; + + home-manager.sharedModules = [{ + gtk = enabled { + gtk3.extraCss = config.theme.adwaitaGtkCss; + gtk4.extraCss = config.theme.adwaitaGtkCss; + + font = with config.theme.font; { + inherit (sans) name package; + + size = size.normal; + }; + + iconTheme = config.theme.icons; + + theme = { + name = "Adwaita-dark"; + package = pkgs.gnome-themes-extra; + }; + }; + }]; +} + diff --git a/modules/linux/hyprland/dunst.nix b/modules/linux/hyprland/dunst.nix new file mode 100644 index 0000000..bd43bee --- /dev/null +++ b/modules/linux/hyprland/dunst.nix @@ -0,0 +1,50 @@ +{ config, lib, ... }: let + inherit (lib) merge mkIf; +in merge <| mkIf config.isDesktop { + home-manager.sharedModules = [{ + services.dunst = with config.theme.withHashtag; enabled { + iconTheme = icons; + + settings.global = { + width = "(300, 900)"; + + dmenu = "fuzzel --dmenu"; + + corner_radius = cornerRadius; + gap_size = margin; + horizontal_padding = padding; + padding = padding; + + frame_color = base0A; + frame_width = borderWidth; + separator_color = "frame"; + + background = base00; + foreground = base05; + + alignment = "center"; + font = "${font.sans.name} ${toString font.size.normal}"; + + min_icon_size = 64; + + offset = "0x${toString margin}"; + origin = "top-center"; + }; + + settings.urgency_low = { + frame_color = base0A; + timeout = 5; + }; + + settings.urgency_normal = { + frame_color = base09; + timeout = 10; + }; + + settings.urgency_critical = { + frame_color = base08; + timeout = 15; + }; + }; + }]; +} diff --git a/modules/hyprland/emojis.txt b/modules/linux/hyprland/emojis.txt similarity index 100% rename from modules/hyprland/emojis.txt rename to modules/linux/hyprland/emojis.txt diff --git a/modules/linux/hyprland/fuzzel.nix b/modules/linux/hyprland/fuzzel.nix new file mode 100644 index 0000000..d7b3474 --- /dev/null +++ b/modules/linux/hyprland/fuzzel.nix @@ -0,0 +1,61 @@ +{ config, lib, ... }: let + inherit (lib) enabled mapAttrs merge mkIf replaceStrings; +in merge <| mkIf config.isDesktop { + home-manager.sharedNodules = [{ + wayland.windowManager.hyprland.settings = { + bindl = [(replaceStrings [ "\n;" "\n" ] [ ";" "" ] '' + , XF86PowerOff, exec, + pkill fuzzel; + echo -en "Suspend\0icon\x1fsystem-suspend\nHibernate\0icon\x1fsystem-suspend-hibernate-alt2\nPower Off\0icon\x1fsystem-shutdown\nReboot\0icon\x1fsystem-reboot" + | fuzzel --dmenu + | tr --delete " " + | tr '[:upper:]' '[:lower:]' + | ifne xargs systemctl + '')]; + + bind = [ + "SUPER , SPACE, exec, pkill fuzzel; fuzzel" + "SUPER , E , exec, pkill fuzzel; cat ${./emojis.txt} | fuzzel --no-fuzzy --dmenu | cut -d ' ' -f 1 | tr -d '\\n' | wl-copy" + "SUPER+ALT, E , exec, pkill fuzzel; cat ${./emojis.txt} | fuzzel --no-fuzzy --dmenu | cut -d ' ' -f 1 | tr -d '\\n' | wtype -" + "SUPER , V , exec, pkill fuzzel; cliphist list | fuzzel --dmenu | cliphist decode | wl-copy" + ]; + }; + + services.cliphist = enabled { + extraOptions = [ "-max-items" "1000" ]; + }; + + programs.fuzzel = with config.theme; enabled { + settings.main = { + dpi-aware = false; + font = "${font.sans.name}:size=${toString font.size.big}"; + icon-theme = icons.name; + + layer = "overlay"; + prompt = ''"❯ "''; + + terminal = "ghostty -e"; + + tabs = 4; + + horizontal-pad = padding; + vertical-pad = padding; + inner-pad = padding; + }; + + settings.colors = mapAttrs (_: color: color + "FF") { + background = base00; + text = base05; + match = base0A; + selection = base05; + selection-text = base00; + border = base0A; + }; + + settings.border = { + radius = cornerRadius; + width = borderWidth; + }; + }; + }]; +} diff --git a/modules/linux/hyprland/gammastep.nix b/modules/linux/hyprland/gammastep.nix new file mode 100644 index 0000000..5a98fec --- /dev/null +++ b/modules/linux/hyprland/gammastep.nix @@ -0,0 +1,16 @@ +{ config, lib, ... }: let + inherit (lib) enabled merge mkIf; +in merge <| mkIf config.isDesktop { + services.geoclue2 = enabled { + appConfig.gammstep = { + isAllowed = true; + isSystem = false; + }; + }; + + home-manager.sharedModules = [{ + services.gammastep = enabled { + provider = "geoclue2"; + }; + }]; +} diff --git a/modules/linux/hyprland/hyprland.nix b/modules/linux/hyprland/hyprland.nix new file mode 100644 index 0000000..cfe6132 --- /dev/null +++ b/modules/linux/hyprland/hyprland.nix @@ -0,0 +1,243 @@ +{ config, lib, pkgs, ... }: let + inherit (lib) enabled merge mkIf flatten range; +in merge <| mkIf config.isDesktop { + hardware.graphics = enabled; + + services.logind.powerKey = "ignore"; + + xdg.portal = enabled { + config.common.default = "*"; + + extraPortals = with pkgs; [ + xdg-desktop-portal-hyprland + ]; + + configPackages = with pkgs; [ + hyprland + ]; + }; + + programs.xwayland = enabled; + + environment.systemPackages = [ + pkgs.brightnessctl + pkgs.grim + # pkgs.hyprpicker + pkgs.slurp + pkgs.swappy + pkgs.swaybg + pkgs.wl-clipboard + pkgs.wtype + pkgs.xdg-utils + pkgs.xwaylandvideobridge + ]; + + home-manager.sharedModules = [{ + xdg.configFile."xkb/symbols/tr-swapped-i".text = '' + default partial + xkb_symbols "basic" { + include "tr(basic)" + + name[Group1]="Turkish (i and ı swapped)"; + + key { type[group1] = "FOUR_LEVEL_SEMIALPHABETIC", [ idotless, Iabovedot, paragraph , none ]}; + key { type[group1] = "FOUR_LEVEL_SEMIALPHABETIC", [ i , I , apostrophe, dead_caron ]}; + }; + ''; + + wayland.windowManager.hyprland = enabled { + systemd = enabled { + enableXdgAutostart = true; + }; + + # plugins = with pkgs; [ hyprcursors ]; + + # settings.plugin.dynamic-cursors = { + # mode = "rotate"; + + # shake = { + # threshold = 3; + + # effects = true; + # nearest = false; + # }; + # }; + + settings = { + monitor = [ ", preferred, auto, 1.5" ]; + + windowrule = [ "noinitialfocus" ]; + windowrulev2 = [ "workspace special silent, initialclass:^(xwaylandvideobridge)$" ]; + + exec = [ "pkill swaybg; swaybg --image ${./wallpaper.png}" ]; + + bindle = [ + ", XF86AudioRaiseVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+ --limit 1.5" + ", XF86AudioLowerVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-" + + ", XF86MonBrightnessUp , exec, brightnessctl set 5%+" + ", XF86MonBrightnessDown, exec, brightnessctl set --min-value=0 5%-" + + "SUPER, Prior, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+ --limit 1.5" + "SUPER, Next , exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-" + + "SUPER, Home, exec, brightnessctl set 5%+" + "SUPER, End , exec, brightnessctl set --min-value=0 5%-" + ]; + + bindl = [ + ", XF86AudioMute , exec, wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle" + ", XF86AudioMicMute, exec, wpctl set-mute @DEFAULT_AUDIO_SOURCE@ toggle" + + "SUPER+ALT, Insert, exec, wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle" + "SUPER+ALT, Delete, exec, wpctl set-mute @DEFAULT_AUDIO_SOURCE@ toggle" + ]; + + bindm = [ + "SUPER, mouse:272, movewindow" + "SUPER, mouse:274, movewindow" + "SUPER, mouse:273, resizewindow" + ]; + + binde = [ + "SUPER, left , movefocus, l" + "SUPER, down , movefocus, d" + "SUPER, up , movefocus, u" + "SUPER, right, movefocus, r" + + "SUPER, h, movefocus, l" + "SUPER, j, movefocus, d" + "SUPER, k, movefocus, u" + "SUPER, l, movefocus, r" + + "SUPER+CTRL, left , resizeactive, -100 0" + "SUPER+CTRL, down , resizeactive, 0 100" + "SUPER+CTRL, up , resizeactive, 0 -100" + "SUPER+CTRL, right, resizeactive, 100 0" + + "SUPER+CTRL, h, resizeactive, -100 0" + "SUPER+CTRL, j, resizeactive, 0 100" + "SUPER+CTRL, k, resizeactive, 0 -100" + "SUPER+CTRL, l, resizeactive, 100 0" + ]; + + bind = flatten [ + "SUPER , TAB, workspace, e+1" + "SUPER+ALT, TAB, workspace, e-1" + + "SUPER, mouse_up, workspace, e+1" + "SUPER, mouse_down, workspace, e-1" + + (map (n: [ + "SUPER , ${toString n}, workspace , ${toString n}" + "SUPER+ALT, ${toString n}, movetoworkspacesilent, ${toString n}" + ]) <| range 1 9) + "SUPER , 0, workspace , 10" + "SUPER+ALT, 0, movetoworkspacesilent, 10" + + "SUPER+ALT, left , movewindow, l" + "SUPER+ALT, down , movewindow, d" + "SUPER+ALT, up , movewindow, u" + "SUPER+ALT, right, movewindow, r" + + "SUPER+ALT, h, movewindow, l" + "SUPER+ALT, j, movewindow, d" + "SUPER+ALT, k, movewindow, u" + "SUPER+ALT, l, movewindow, r" + + "SUPER , Q, killactive" + "SUPER , F, fullscreen" + "SUPER+ALT, F, togglefloating" + + "SUPER+ALT, RETURN, exec, kitty" + "SUPER , RETURN, exec, ghostty --gtk-single-instance=true" + "SUPER , W , exec, firefox" + "SUPER , D , exec, discord" + "SUPER , Z , exec, zulip" + "SUPER , M , exec, thunderbird" + "SUPER , T , exec, thunar" + # "SUPER , C , exec, hyprpicker --autocopy" + + " , PRINT, exec, pkill grim; grim -g \"$(slurp -w 0)\" - | swappy -f - -o - | wl-copy --type image/png" + "ALT, PRINT, exec, pkill grim; grim - | swappy -f - -o - | wl-copy --type image/png" + ]; + + general = with config.theme; { + gaps_in = margin / 2; + gaps_out = margin; + border_size = borderWidth; + + "col.active_border" = "0xFF${base0A}"; + "col.nogroup_border_active" = "0xFF${base0A}"; + + "col.inactive_border" = "0xFF${base01}"; + "col.nogroup_border" = "0xFF${base01}"; + + resize_on_border = true; + }; + + decoration = { + drop_shadow = false; + rounding = config.theme.cornerRadius; + + blur.enabled = false; + }; + + input = { + follow_mouse = 1; + + kb_layout = "tr-swapped-i"; + + repeat_delay = 400; + repeat_rate = 100; + + touchpad = { + clickfinger_behavior = true; + drag_lock = true; + + natural_scroll = true; + scroll_factor = 0.7; + }; + }; + + gestures.workspace_swipe = true; + + animations = { + bezier = [ "material_decelerate, 0.05, 0.7, 0.1, 1" ]; + + animation = [ + "border , 1, 2, material_decelerate" + "fade , 1, 2, material_decelerate" + "layers , 1, 2, material_decelerate" + "windows , 1, 2, material_decelerate, popin 80%" + "workspaces, 1, 2, material_decelerate" + ]; + }; + + misc = { + animate_manual_resizes = true; + + background_color = config.theme.with0x.base00; + disable_hyprland_logo = true; + disable_splash_rendering = true; + + key_press_enables_dpms = true; + mouse_move_enables_dpms = true; + }; + + cursor = { + hide_on_key_press = true; + inactive_timeout = 10; + no_warps = true; + }; + + dwindle = { + preserve_split = true; + smart_resizing = false; + }; + + debug.error_position = 1; + }; + }; + }]; +} diff --git a/modules/linux/hyprland/waybar.nix b/modules/linux/hyprland/waybar.nix new file mode 100644 index 0000000..5164d7b --- /dev/null +++ b/modules/linux/hyprland/waybar.nix @@ -0,0 +1,144 @@ +{ config, lib, ... }: let + inherit (lib) enabled merge mkIf; +in merge <| mkIf config.isDesktop { + home-manager.sharedModules = [{ + wayland.windowManager.hyprland.settings = { + exec = [ "pkill --signal SIGUSR2 waybar" ]; + bind = [ "SUPER, B, exec, pkill --signal SIGUSR1 waybar" ]; + }; + + programs.waybar = with config.theme.withHashtag; enabled { + systemd = enabled; + + settings = [{ + layer = "top"; + height = 2 * cornerRadius; + + margin-right = margin; + margin-left = margin; + margin-top = margin; + + modules-left = [ "hyprland/workspaces" ]; + + "hyprland/workspaces" = { + format = "{icon}"; + format-icons.default = ""; + format-icons.active = ""; + + persistent-workspaces."*" = 10; + }; + + modules-center = [ + "hyprland/window" + ]; + + "hyprland/window" = { + separate-outputs = true; + + rewrite."(.*) - Discord" = "󰙯 $1"; + rewrite."(.*) — Mozilla Firefox" = "󰖟 $1"; + rewrite."(.*) — nu" = " $1"; + }; + + modules-right = [ "tray" "pulseaudio" "backlight" "cpu" "memory" "network" "battery" "clock" ]; + + tray = { + reverse-direction = true; + spacing = 5; + }; + + pulseaudio = { + format = "{format_source} {icon} {volume}%"; + format-muted = "{format_source} 󰸈"; + + format-bluetooth = "{format_source} 󰋋 󰂯 {volume}%"; + format-bluetooth-muted = "{format_source} 󰟎 󰂯"; + + format-source = "󰍬"; + format-source-muted = "󰍭"; + + format-icons.default = [ "󰕿" "󰖀" "󰕾" ]; + }; + + backlight = { + format = "{icon} {percent}%"; + format-icons = [ "" "" "" "" "" "" "" "" "" ]; + }; + + cpu.format = " {usage}%"; + memory.format = "󰽘 {}%"; + + network = { + format-disconnected = "󰤮 "; + format-ethernet = "󰈀 {ipaddr}/{cidr}"; + format-linked = " {ifname} (No IP)"; + format-wifi = " {signalStrength}%"; + }; + + battery = { + format = "{icon} {capacity}%"; + format-charging = "󰂄 {capacity}%"; + format-plugged = "󰂄 {capacity}%"; + + format-icons = [ "󰁺" "󰁻" "󰁼" "󰁽" "󰁾" "󰁿" "󰂀" "󰂁" "󰂂" "󰁹" ]; + + states.warning = 30; + states.critical = 15; + }; + + clock.tooltip-format = "{:%Y %B}\n{calendar}"; + }]; + + style = '' + * { + border: none; + border-radius: ${toString cornerRadius}px; + font-family: "${font.sans.name}"; + } + + .modules-right { + margin-right: ${toString padding}px; + } + + #waybar { + background: ${base00}; + color: ${base05}; + } + + #workspaces button:nth-child(1) { color: ${base08}; } + #workspaces button:nth-child(2) { color: ${base09}; } + #workspaces button:nth-child(3) { color: ${base0A}; } + #workspaces button:nth-child(4) { color: ${base0B}; } + #workspaces button:nth-child(5) { color: ${base0C}; } + #workspaces button:nth-child(6) { color: ${base0D}; } + #workspaces button:nth-child(7) { color: ${base0E}; } + #workspaces button:nth-child(8) { color: ${base0F}; } + #workspaces button:nth-child(9) { color: ${base04}; } + #workspaces button:nth-child(10) { color: ${base06}; } + + #workspaces button.empty { + color: ${base02}; + } + + #tray, #pulseaudio, #backlight, #cpu, #memory, #network, #battery, #clock { + margin-left: 20px; + } + + @keyframes blink { + to { + color: ${base05}; + } + } + + #battery.critical:not(.charging) { + animation-direction: alternate; + animation-duration: 0.5s; + animation-iteration-count: infinite; + animation-name: blink; + animation-timing-function: linear; + color: ${base08}; + } + ''; + }; + }]; +} diff --git a/modules/kernel.nix b/modules/linux/kernel.nix similarity index 99% rename from modules/kernel.nix rename to modules/linux/kernel.nix index 8776b19..0ca1079 100644 --- a/modules/kernel.nix +++ b/modules/linux/kernel.nix @@ -1,6 +1,4 @@ -{ lib, pkgs, ... }: with lib; - -systemConfiguration { +{ pkgs, ... }: { boot.kernelPackages = pkgs.linuxPackages_latest; # Credits: diff --git a/modules/keyring.nix b/modules/linux/keyring.nix similarity index 71% rename from modules/keyring.nix rename to modules/linux/keyring.nix index b47e244..f83afd0 100644 --- a/modules/keyring.nix +++ b/modules/linux/keyring.nix @@ -1,6 +1,6 @@ -{ lib, ... }: with lib; - -desktopSystemConfiguration { +{ lib, ... }: let + inherit (lib) enabled; +in { programs.seahorse = enabled; security.pam.services.login.enableGnomeKeyring = true; diff --git a/modules/linux/kitty.nix b/modules/linux/kitty.nix new file mode 100644 index 0000000..854f7ff --- /dev/null +++ b/modules/linux/kitty.nix @@ -0,0 +1,76 @@ +{ config, lib, ... }: let + inherit (lib) enabled merge mkIf; +in merge <| mkIf config.isDesktop { + home-manager.sharedModules = [{ + programs.kitty = with config.theme.withHashtag; enabled { + font = with font; { + inherit (mono) name package; + + size = size.normal; + }; + + settings = { + allow_remote_control = true; + confirm_os_window_close = 0; + focus_follows_mouse = true; + mouse_hide_wait = 0; + window_padding_width = padding; + + scrollback_lines = 100000; + scrollback_pager = "bat --chop-long-lines"; + + cursor = base05; + cursor_text_color = base00; + cursor_shape = "beam"; + + url_color = base0D; + + strip_trailing_spaces = "always"; + + enable_audio_bell = false; + + active_border_color = base0A; + inactive_border_color = base01; + window_border_width = "0pt"; + + background = base00; + foreground = base05; + + selection_background = base02; + selection_foreground = base00; + + tab_bar_edge = "top"; + tab_bar_style = "powerline"; + + active_tab_background = base00; + active_tab_foreground = base05; + + inactive_tab_background = base01; + inactive_tab_foreground = base05; + + color0 = base00; + color1 = base08; + color2 = base0B; + color3 = base0A; + color4 = base0D; + color5 = base0E; + color6 = base0C; + color7 = base05; + color8 = base03; + color9 = base08; + color10 = base0B; + color11 = base0A; + color12 = base0D; + color13 = base0E; + color14 = base0C; + color15 = base07; + color16 = base09; + color17 = base0F; + color18 = base01; + color19 = base02; + color20 = base04; + color21 = base06; + }; + }; + }]; +} diff --git a/modules/localisation.nix b/modules/linux/localisation.nix similarity index 77% rename from modules/localisation.nix rename to modules/linux/localisation.nix index dc80b8d..dacb110 100644 --- a/modules/localisation.nix +++ b/modules/linux/localisation.nix @@ -1,6 +1,6 @@ -{ lib, pkgs, ... }: with lib; merge - -(systemConfiguration { +{ config, lib, pkgs, ... }: let + inherit (lib) const genAttrs merge mkIf; +in merge { console.keyMap = pkgs.writeText "trq-swapped-i.map" '' include "${pkgs.kbd}/share/keymaps/i386/qwerty/trq.map" @@ -12,9 +12,7 @@ ''; i18n.defaultLocale = "C.UTF-8"; -}) - -(desktopSystemConfiguration { +} <| mkIf config.isDesktop { i18n.extraLocaleSettings = genAttrs [ "LC_ADDRESS" "LC_IDENTIFICATION" @@ -25,5 +23,6 @@ "LC_PAPER" "LC_TELEPHONE" "LC_TIME" - ] (const "tr_TR.UTF-8"); -}) + ] <| const "tr_TR.UTF-8"; +} + diff --git a/modules/nano.nix b/modules/linux/nano.nix similarity index 61% rename from modules/nano.nix rename to modules/linux/nano.nix index 0121211..4f3d1d5 100644 --- a/modules/nano.nix +++ b/modules/linux/nano.nix @@ -1,6 +1,6 @@ -{ lib, ... }: with lib; - -systemConfiguration { +{ lib, ... }: let + inherit (lib) disabled; +in { environment.defaultPackages = []; programs.nano = disabled; # Garbage. diff --git a/modules/linux/network-manager.nix b/modules/linux/network-manager.nix new file mode 100644 index 0000000..b520e27 --- /dev/null +++ b/modules/linux/network-manager.nix @@ -0,0 +1,12 @@ +{ config, lib, ... }: let + inherit (lib) attrNames const enabled filterAttrs getAttr; +in { + networking.networkmanager = enabled; + + users.extraGroups.networkmanager.members = config.users.users + |> filterAttrs (const <| getAttr "isNormalUser") + |> attrNames; + + environment.shellAliases.wifi = "nmcli dev wifi show-password"; +} + diff --git a/modules/linux/nix-ld.nix b/modules/linux/nix-ld.nix new file mode 100644 index 0000000..404e633 --- /dev/null +++ b/modules/linux/nix-ld.nix @@ -0,0 +1,5 @@ +{ lib, ... }: let + inherit (lib) enabled; +in { + programs.nix-ld = enabled; +} diff --git a/modules/node-exporter.nix b/modules/linux/node-exporter.nix similarity index 59% rename from modules/node-exporter.nix rename to modules/linux/node-exporter.nix index 8299357..2dcb170 100644 --- a/modules/node-exporter.nix +++ b/modules/linux/node-exporter.nix @@ -1,8 +1,9 @@ -{ lib, ... }: with lib; - -serverSystemConfiguration { +{ config, lib, ... }: let + inherit (lib) enabled merge mkIf; +in merge <| mkIf config.isServer { services.prometheus.exporters.node = enabled { enabledCollectors = [ "processes" "systemd" ]; listenAddress = "[::]"; }; } + diff --git a/modules/pipewire.nix b/modules/linux/pipewire.nix similarity index 58% rename from modules/pipewire.nix rename to modules/linux/pipewire.nix index 76a9432..2b5691a 100644 --- a/modules/pipewire.nix +++ b/modules/linux/pipewire.nix @@ -1,6 +1,6 @@ -{ lib, ... }: with lib; - -desktopSystemConfiguration { +{ config, lib, ... }: let + inherit (lib) enabled merge mkIf; +in merge <| mkIf config.isDesktop { security.rtkit = enabled; services.pipewire = enabled { @@ -8,3 +8,4 @@ desktopSystemConfiguration { pulse = enabled; }; } + diff --git a/modules/linux/qt.nix b/modules/linux/qt.nix new file mode 100644 index 0000000..af762ad --- /dev/null +++ b/modules/linux/qt.nix @@ -0,0 +1,10 @@ +{ config, lib, ... }: let + inherit (lib) enabled merge mkIf; +in merge <| mkIf config.isDesktop { + home-manager.sharedModules = [{ + qt = enabled { + platformTheme.name = "adwaita"; + style.name = "adwaita"; + }; + }]; +} diff --git a/modules/linux/resolved.nix b/modules/linux/resolved.nix new file mode 100644 index 0000000..85f8c61 --- /dev/null +++ b/modules/linux/resolved.nix @@ -0,0 +1,14 @@ +{ config, lib, ... }: let + inherit (lib) enabled concatStringsSep map; +in { + services.resolved = enabled { + dnssec = "true"; + dnsovertls = "true"; + + extraConfig = config.dnsServers + |> map (server: "DNS=${server}") + |> concatStringsSep "\n"; + + fallbackDns = config.fallbackDnsServers; + }; +} diff --git a/modules/linux/restic/default.nix b/modules/linux/restic/default.nix new file mode 100644 index 0000000..0b2c743 --- /dev/null +++ b/modules/linux/restic/default.nix @@ -0,0 +1,20 @@ +{ config, lib, ... }: let + inherit (lib) genAttrs merge mkConst mkIf remove; +in merge <| mkIf config.isServer { + options.resticHosts = mkConst <| remove config.networking.hostName [ "cube" "disk" "nine" ]; + + config.secrets.resticPassword.file = ./password.age; + + config.services.restic.backups = genAttrs config.resticHosts (host: { + repository = "sftp:backup@${host}:${config.networking.hostName}-backup"; + passwordFile = config.secrets.resticPassword.path; + initialize = true; + + pruneOpts = [ + "--keep-daily 7" + "--keep-weekly 4" + "--keep-monthly 12" + ]; + }); +} + diff --git a/modules/linux/restic/password.age b/modules/linux/restic/password.age new file mode 100644 index 0000000..4c4e20d --- /dev/null +++ b/modules/linux/restic/password.age @@ -0,0 +1,11 @@ +age-encryption.org/v1 +-> ssh-ed25519 +rZ0Tw 06oZk46oR6ELo5J27k6yawjranT3zRItKK+rl0P9bgk +Zl9FaZ0zz7X+NNa8YZ7mF+I3NM6uIQ4OyOxHCC7tG0s +-> ssh-ed25519 spFFQA lNlbKPxx4NolZih3OdSW+Om6LfLzQGPcOateTm7PmjE +faPPdpWeJytmEGMCfNiup4hE/wjwAp9hdFBRR9PJ7JE +-> ssh-ed25519 dASlBQ 0hpF2NYQrE8k0yQWjecxaEmxPswUfqjr/isjwcuRbio +zy5tvK0/6WaxzOOzmhRdMIdWeMyE0YYvRI+UAx4sW1c +-> ssh-ed25519 CzqbPQ VuaclNfcFIo7wIFauMBcy4amv4QDMUwmWevaCaMICxg +JpO3lbn95Hfhqi7x2SRUSzVHQ7tS/Ay9Gn+mFhQpKbE +--- iuP1ypvDk453T8/jiyTnWRnVpKZ89yLdWbrMJubNwq8 +n Q)pպ1 Cbn)TaO^VL}4@Q \ No newline at end of file diff --git a/modules/linux/sshd.nix b/modules/linux/sshd.nix new file mode 100644 index 0000000..a0bda2e --- /dev/null +++ b/modules/linux/sshd.nix @@ -0,0 +1,18 @@ +{ lib, ...}: let + inherit (lib) enabled; + port = 2222; +in { + programs.mosh = enabled { + openFirewall = true; + }; + + services.openssh = enabled { + ports = [ port ]; + settings = { + KbdInteractiveAuthentication = false; + PasswordAuthentication = false; + + AcceptEnv = "SHELLS COLORTERM"; + }; + }; +} diff --git a/modules/linux/steam.nix b/modules/linux/steam.nix new file mode 100644 index 0000000..ba1766d --- /dev/null +++ b/modules/linux/steam.nix @@ -0,0 +1,8 @@ +{ pkgs, ... }: { + # Steam uses 32-bit drivers for some unholy fucking reason. + hardware.graphics.enable32Bit = true; + + environment.systemPackages = [ + pkgs.steam + ]; +} diff --git a/modules/sudo.nix b/modules/linux/sudo.nix similarity index 90% rename from modules/sudo.nix rename to modules/linux/sudo.nix index ed7be40..7e0f9fb 100644 --- a/modules/sudo.nix +++ b/modules/linux/sudo.nix @@ -1,17 +1,13 @@ -{ lib, ... }: with lib; merge - -(desktopSystemConfiguration { - security.sudo.wheelNeedsPassword = false; -}) - -(systemConfiguration { +{ config, lib, ... }: let + inherit (lib) enabled merge mkIf optionalString; +in merge { security.sudo = enabled { execWheelOnly = true; extraConfig = '' Defaults lecture = never Defaults pwfeedback Defaults env_keep += "DISPLAY EDITOR PATH" - ${optionalString isServer '' + ${optionalString config.isServer '' Defaults timestamp_timeout = 0 ''} ''; @@ -65,4 +61,6 @@ ]; }]; }; -}) +} <| mkIf config.isDesktop { + security.sudo.wheelNeedsPassword = false; +} diff --git a/modules/systemd.nix b/modules/linux/systemd.nix similarity index 92% rename from modules/systemd.nix rename to modules/linux/systemd.nix index 55cd392..e535034 100644 --- a/modules/systemd.nix +++ b/modules/linux/systemd.nix @@ -1,6 +1,4 @@ -{ lib, ... }: with lib; - -systemConfiguration { +{ environment.shellAliases = { sc = "systemctl"; scd = "systemctl stop"; diff --git a/modules/tailscale.nix b/modules/linux/tailscale.nix similarity index 79% rename from modules/tailscale.nix rename to modules/linux/tailscale.nix index e412ed1..cc4cb68 100644 --- a/modules/tailscale.nix +++ b/modules/linux/tailscale.nix @@ -1,11 +1,9 @@ -{ lib, ... }: with lib; +{ lib, ... }: let + inherit (lib) enabled; -let # Shorter is better for networking interfaces IMO. interface = "ts0"; -in systemConfiguration { - environment.shellAliases.ts = "sudo tailscale"; - +in { # This doesn't work with dig but works with curl, Firefox # and all other tools. Skill issue. services.resolved.domains = [ "warthog-major.ts.net" ]; diff --git a/modules/linux/thunar.nix b/modules/linux/thunar.nix new file mode 100644 index 0000000..471f1d9 --- /dev/null +++ b/modules/linux/thunar.nix @@ -0,0 +1,18 @@ +{ config, lib, pkgs, ... }: let + inherit (lib) enabled merge mkIf; +in merge <| mkIf config.isDesktop { + programs.thunar = enabled { + plugins = [ + pkgs.xfce.thunar-archive-plugin + pkgs.xfce.thunar-media-tags-plugin + pkgs.xfce.thunar-volman + ]; + }; + + environment.systemPackages = [ + pkgs.ark + pkgs.ffmpegthumbnailer + pkgs.libgsf + pkgs.xfce.tumbler + ]; +} diff --git a/modules/linux/tmp.nix b/modules/linux/tmp.nix new file mode 100644 index 0000000..2755c93 --- /dev/null +++ b/modules/linux/tmp.nix @@ -0,0 +1,3 @@ +{ + boot.tmp.cleanOnBoot = true; +} diff --git a/modules/linux/users.nix b/modules/linux/users.nix new file mode 100644 index 0000000..23b7787 --- /dev/null +++ b/modules/linux/users.nix @@ -0,0 +1,3 @@ +{ + users.mutableUsers = false; +} diff --git a/modules/network-manager.nix b/modules/network-manager.nix deleted file mode 100644 index 13d3186..0000000 --- a/modules/network-manager.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ lib, ... }: with lib; - -systemConfiguration { - networking.networkmanager = enabled; - - users.extraGroups.networkmanager.members = allNormalUsers; - - environment.shellAliases.wifi = "nmcli dev wifi show-password"; -} diff --git a/modules/nix.nix b/modules/nix.nix deleted file mode 100644 index 0f5528f..0000000 --- a/modules/nix.nix +++ /dev/null @@ -1,74 +0,0 @@ -{ self, inputs, lib, pkgs, ... }: with lib; merge - -(systemConfiguration { - environment.etc."flakes.json".text = strings.toJSON inputs; - - nix = { - gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 3d"; - persistent = true; - }; - - nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; - - optimise.automatic = true; - - registry = { - default.flake = inputs.nixpkgs; - } // mapAttrs (const (value: mkIf (isType "flake" value) { - flake = value; - })) inputs; - - settings = { - experimental-features = [ - "auto-allocate-uids" - "ca-derivations" - "cgroups" - "flakes" - "nix-command" - "recursive-nix" - ]; - - accept-flake-config = true; - builders-use-substitutes = true; - flake-registry = ""; # I DON'T WANT THE GLOBAL REGISTRY!!! - http-connections = 50; - show-trace = true; - trusted-users = [ "root" "@wheel" ]; - use-cgroups = true; - warn-dirty = false; - } // (import (self + /flake.nix)).nixConfig; - }; - - programs.nix-ld = enabled; -}) - -(systemPackages (with pkgs; [ - nh - nix-index - nix-output-monitor -])) - -(homeConfiguration { - programs.nushell.configFile.text = mkAfter '' - def --wrapped nr [program: string = "", ...arguments] { - if ($program | str contains "#") or ($program | str contains ":") { - nix run $program -- ...$arguments - } else { - nix run ("default#" + $program) -- ...$arguments - } - } - - def --wrapped ns [...programs] { - nix shell ...($programs | each { - if ($in | str contains "#") or ($in | str contains ":") { - $in - } else { - "default#" + $in - } - }) - } - ''; -}) diff --git a/modules/nushell/default.nix b/modules/nushell/default.nix deleted file mode 100644 index 624eaad..0000000 --- a/modules/nushell/default.nix +++ /dev/null @@ -1,92 +0,0 @@ -{ config, lib, pkgs, ... }: with lib; merge - -(systemConfiguration { - users.defaultUserShell = pkgs.crash; - - environment.sessionVariables = { - SHELLS = lib.getExe pkgs.nushell; - - STARSHIP_LOG = "error"; - }; - - environment.shellAliases = { - la = "ls --all"; - lla = "ls --long --all"; - sl = "ls"; - - cp = "cp --recursive --verbose --progress"; - mk = "mkdir"; - mv = "mv --verbose"; - rm = "rm --recursive --verbose"; - - pstree = "pstree -g 2"; - tree = "tree -CF --dirsfirst"; - }; -}) - -(homeConfiguration (homeArgs: { - xdg.configFile = { - "nushell/zoxide.nu".source = pkgs.runCommand "zoxide.nu" {} '' - ${lib.getExe pkgs.zoxide} init nushell --cmd cd > $out - ''; - - "nushell/ls_colors.txt".source = pkgs.runCommand "ls_colors.txt" {} '' - ${lib.getExe pkgs.vivid} generate gruvbox-dark-hard > $out - ''; - - "nushell/starship.nu".source = pkgs.runCommand "starship.nu" {} '' - ${lib.getExe pkgs.starship} init nu > $out - ''; - }; - - # No `enabled` because home-manager is terrible and spits out something - # that does it at runtime instead of doing it at system realization time. - programs.starship = { - settings = { - command_timeout = 100; - scan_timeout = 20; - - cmd_duration.show_notifications = isDesktop; - - package.disabled = isServer; - - character.error_symbol = ""; - character.success_symbol = ""; - }; - }; - - programs.nushell = enabled { - configFile.text = readFile ./configuration.nu; - envFile.source = ./environment.nu; - - environmentVariables = let - environmentVariables = config.environment.variables; - - homeVariables = homeArgs.config.home.sessionVariables; - homeVariablesExtra = pipe (pkgs.runCommand "home-variables-extra.env" {} '' - alias export=echo - # echo foo > $out - # FIXME - eval $(cat ${homeArgs.config.home.sessionVariablesPackage}/etc/profile.d/hm-session-vars.sh) > $out - '') [ - # (aaa: (_: break _) aaa) - readFile - (splitString "\n") - (filter (s: s != "")) - (map (strings.match "([^=]+)=(.*)")) - (map (keyAndValue: nameValuePair (first keyAndValue) (last keyAndValue))) - (foldl' (x: y: x // y) {}) - ]; - in environmentVariables // homeVariables // homeVariablesExtra; - - shellAliases = (attrsets.removeAttrs config.environment.shellAliases [ "ls" "l" ]) // { - cdtmp = "cd (mktemp --directory)"; - ll = "ls --long"; - }; - }; -})) - -(systemPackages (with pkgs; [ - fish # For completions. - zoxide # For completions and better cd. -])) diff --git a/modules/packages.nix b/modules/packages.nix deleted file mode 100644 index 1ad0757..0000000 --- a/modules/packages.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ lib, pkgs, ... }: with lib; merge - -(systemPackages (with pkgs; [ - asciinema - cowsay - curlHTTP3 - dig - doggo - fastfetch - fd - (fortune.override { withOffensive = true; }) - hyperfine - moreutils - openssl - p7zip - pstree - rsync - strace - timg - traceroute - tree - usbutils - uutils-coreutils-noprefix - yazi - yt-dlp -])) - -(desktopSystemPackages (with pkgs; [ - clang_16 - clang-tools_16 - deno - gh - go - jdk - lld - maven - zig - - # wine -])) - -(desktopUserHomePackages (with pkgs; [ - element-desktop - fractal - # whatsapp-for-linux - # zulip - - qbittorrent - - thunderbird - - # krita - obs-studio - - libreoffice - hunspellDicts.en_US - hunspellDicts.en_GB-ize -])) diff --git a/modules/python.nix b/modules/python.nix deleted file mode 100644 index e1a1612..0000000 --- a/modules/python.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ lib, pkgs, ... }: with lib; merge - -(systemConfiguration { - environment.shellAliases = { - venv = "virtualenv venv"; - }; -}) - -(systemPackages (with pkgs; [ - (python311.withPackages (pkgs: with pkgs; [ - pip - requests - ])) - virtualenv - poetry -])) diff --git a/modules/qt.nix b/modules/qt.nix deleted file mode 100644 index f0e709b..0000000 --- a/modules/qt.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ lib, ... }: with lib; - -desktopUserHomeConfiguration { - qt = enabled { - platformTheme.name = "adwaita"; - style.name = "adwaita"; - }; -} diff --git a/modules/resolved.nix b/modules/resolved.nix deleted file mode 100644 index e647c1a..0000000 --- a/modules/resolved.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ lib, ... }: with lib; - -systemConfiguration { - services.resolved = enabled { - dnssec = "true"; - dnsovertls = "true"; - - extraConfig = '' - DNS=45.90.28.0#7f2bf8.dns.nextdns.io - DNS=2a07:a8c0::#7f2bf8.dns.nextdns.io - DNS=45.90.30.0#7f2bf8.dns.nextdns.io - DNS=2a07:a8c1::#7f2bf8.dns.nextdns.io - ''; - - fallbackDns = [ - "1.1.1.1#one.one.one.one" - "2606:4700:4700::1111#one.one.one.one" - - "1.0.0.1#one.one.one.one" - "2606:4700:4700::1001#one.one.one.one" - - "8.8.8.8#dns.google" - "2001:4860:4860::8888#dns.google" - - "8.8.4.4#dns.google" - "2001:4860:4860::8844#dns.google" - ]; - }; -} diff --git a/modules/restic/default.nix b/modules/restic/default.nix deleted file mode 100644 index b84cb9d..0000000 --- a/modules/restic/default.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ config, lib, ... }: with lib; - -serverSystemConfiguration { - options.resticHosts = mkConst (remove config.networking.hostName [ "cube" "disk" "nine" ]); - - config = { - secrets.resticPassword.file = ./password.age; - - services.restic.backups = genAttrs config.resticHosts (host: { - repository = "sftp:backup@${host}:${config.networking.hostName}-backup"; - passwordFile = config.secrets.resticPassword.path; - initialize = true; - - pruneOpts = [ - "--keep-daily 7" - "--keep-weekly 4" - "--keep-monthly 12" - ]; - }); - }; -} diff --git a/modules/restic/password.age b/modules/restic/password.age deleted file mode 100644 index 7737abd..0000000 --- a/modules/restic/password.age +++ /dev/null @@ -1,13 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 +rZ0Tw Em0WbO4gplG2ja+XW889tC0EGeuc8Mv3IfOWvwN0QXE -5zIOO6qXiBcOOPe00D5hWMaQiA8pM6zmsWxV2wubNJE --> ssh-ed25519 spFFQA Dp3QVWKHnrPnJXQ3n9t6PzDLuulZu98CZDm25WZaJgA -4PexDQzjTEA3KQ2oo+2lC8cHdYp8iOc5ilKrnf54uOU --> ssh-ed25519 CzqbPQ Ove5RO0REKpcyDrcihPYFqAxO0ynvK9MIJhM2BX8v1A -KyIbllnvM+Eiir2wsMp1mdkyjbKPcsCQy8tNLoF+CNA --> ssh-ed25519 dASlBQ P3eVN6O2MfcSzdIlV6z7ALBtKC0HhtW296qDIjtayEk -+drcAG52h0dzmp45woWadyNlUqaY156XaGEeq5AR0JM --> ssh-ed25519 f5VzMA 4e4M6qzgt1qiZp2DJrd9Jk5wDEVBB8Gac31litJ62Ug -QretaVV5MLi5qwt18eQyDCJiTvicV/VAvvImfx1//FI ---- 5AqRIM2qsjiMytT70BtR7JS/XRNj5U7mpzSu6mjmmrY -}M}K6aGs⒞B$i[ն@LoIL \ No newline at end of file diff --git a/modules/ripgrep.nix b/modules/ripgrep.nix deleted file mode 100644 index 929cce6..0000000 --- a/modules/ripgrep.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ lib, ... }: with lib; merge - -(systemConfiguration { - environment.shellAliases = { - rg = "rg --line-number --smart-case"; - todo = ''rg "todo|fixme" --colors match:fg:yellow --colors match:style:bold''; - }; -}) - -(homeConfiguration { - programs.ripgrep = enabled; -}) diff --git a/modules/rust.nix b/modules/rust.nix deleted file mode 100644 index 8967071..0000000 --- a/modules/rust.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ lib, pkgs, ... }: with lib; merge - -(desktopSystemPackages (with pkgs; [ - cargo-expand - cargo-fuzz - - evcxr - - (fenix.complete.withComponents [ - "cargo" - "clippy" - "rust-src" - "rustc" - "rustfmt" - ]) -])) - -(desktopSystemConfiguration { - environment.variables.CARGO_NET_GIT_FETCH_WITH_CLI = "true"; -}) - diff --git a/modules/ssh/config.age b/modules/ssh/config.age deleted file mode 100644 index f367763..0000000 --- a/modules/ssh/config.age +++ /dev/null @@ -1,16 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 +rZ0Tw /j82x9Agw/wG4Who2GuKYOhFyhfM6Uw4yfLr+oUrrwk -N0Oymf68GGLw3/1G32qGBlMsj7Sd/HqBtu5eXDcJ+v0 --> ssh-ed25519 spFFQA mHhwVQIcInJogAuz8FNqzgOSv4xEw6aW/PuZMmv9HzQ -PAjt/looW3SZSEpiwQYyVS7u3H0/hdqoJ7RW7toMVzQ --> ssh-ed25519 CzqbPQ ykwSohQ1MZIUMOS+9+8EzFxiKWK8YuOxJskJMpIqpCY -yK8USN5UjK+Zm6x7sX+GEaHa0WF7lvjTMJU4hXYuHg4 --> ssh-ed25519 dASlBQ bNmzApWOoO6arrfuOJXbEBQ+jSjsNZYK2WhOjhlHTBw -GYyUFRzChbg2+4R15nhyHV9jjgSnYaGovuco+d5l3b4 --> ssh-ed25519 f5VzMA bu1zjVKLXsZrtLISB9RQQK6ywhq6KXnk3B1DTMS8R2Q -jx2W7veML38YXA0a7vh8EVdrgBjM+Cc84AQ6+e9w4WA --> ssh-ed25519 V6IHIQ /IRDpxzKESL6IJr4Eq1J1VTIqJXcAmFwkYdJTRCL9Cs -nvrlP/fEowlvvPjGVVwx/DF+904OWR0rX33aOh77C0s ---- sMYN2M/dRMasneiSvIWDpVSRiLgNVUN2oPr7NqWdlKk -3F(7mRNN{%P%K0Hʴ.oč‰ -MFұ'JľXmڴ@n I(%LH \ No newline at end of file diff --git a/modules/ssh/default.nix b/modules/ssh/default.nix deleted file mode 100644 index 168c3a2..0000000 --- a/modules/ssh/default.nix +++ /dev/null @@ -1,79 +0,0 @@ -{ self, config, lib, pkgs, ... }: with lib; merge - -(systemConfiguration { - secrets.sshConfig = { - file = ./config.age; - mode = "444"; - }; -}) - -(desktopSystemPackages (with pkgs; [ - mosh -])) - -(let - controlPath = "~/.ssh/control"; -in homeConfiguration { - home.activation.createControlPath = { - after = [ "writeBoundary" ]; - before = []; - data = "mkdir --parents ${controlPath}"; - }; - - programs.ssh = enabled { - controlMaster = "auto"; - controlPath = "${controlPath}/%r@%n:%p"; - controlPersist = "60m"; - serverAliveCountMax = 2; - serverAliveInterval = 60; - - includes = [ config.secrets.sshConfig.path ]; - - matchBlocks = { - "*" = { - setEnv.COLORTERM = "truecolor"; - setEnv.TERM = "xterm-256color"; - - identityFile = "~/.ssh/id"; - }; - - # Maybe autogenerate these? - - cube = { - hostname = self.cube.networking.ipv4; - user = "rgb"; - port = 2222; - }; - - disk = { - hostname = self.disk.networking.ipv4; - user = "floppy"; - port = 2222; - }; - - nine = { - hostname = self.nine.networking.ipv4; - user = "seven"; - port = 2222; - }; - }; - }; -}) - -(let - port = 2222; -in serverSystemConfiguration { - programs.mosh = enabled { - openFirewall = true; - }; - - services.openssh = enabled { - ports = [ port ]; - settings = { - KbdInteractiveAuthentication = false; - PasswordAuthentication = false; - - AcceptEnv = "SHELLS COLORTERM"; - }; - }; -}) diff --git a/modules/thunar.nix b/modules/thunar.nix deleted file mode 100644 index 3f1ebc5..0000000 --- a/modules/thunar.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ lib, pkgs, ... }: with lib; merge - -(desktopSystemConfiguration { - programs.thunar = enabled { - plugins = with pkgs.xfce; [ - thunar-archive-plugin - thunar-media-tags-plugin - thunar-volman - ]; - }; -}) - -(desktopSystemPackages (with pkgs; [ - ark - ffmpegthumbnailer - libgsf - xfce.tumbler -])) diff --git a/modules/tmp.nix b/modules/tmp.nix deleted file mode 100644 index f739059..0000000 --- a/modules/tmp.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ lib, ... }: with lib; - -systemConfiguration { - boot.tmp.cleanOnBoot = true; -} diff --git a/modules/users.nix b/modules/users.nix deleted file mode 100644 index 92342c7..0000000 --- a/modules/users.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ lib, ... }: with lib; - -systemConfiguration { - users.mutableUsers = false; -} diff --git a/modules/w3m.nix b/modules/w3m.nix deleted file mode 100644 index 0975bda..0000000 --- a/modules/w3m.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ lib, pkgs, ... }: with lib; merge - -(systemConfiguration { - environment.shellAliases = { - ddg = "w3m lite.duckduckgo.com"; - web = "w3m"; - }; -}) - -(systemPackages (with pkgs; [ - w3m -])) diff --git a/options/desktop.nix b/options/desktop.nix deleted file mode 100644 index 609146b..0000000 --- a/options/desktop.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ lib, ... }: let - userOptions.options.isDesktopUser = lib.mkOption { - type = lib.types.bool; - default = false; - }; -in { - options.users.users = lib.mkOption { - type = with lib.types; attrsOf (submodule userOptions); - }; -} diff --git a/options/endlessh-go-exporter-alias.nix b/options/endlessh-go-exporter-alias.nix deleted file mode 100644 index e04333c..0000000 --- a/options/endlessh-go-exporter-alias.nix +++ /dev/null @@ -1,23 +0,0 @@ -# And yes, I've tried lib.mkAliasOptionModule. -# It doesn't work for a mysterious reason, -# says it can't find `services.prometheus.exporters.endlessh-go`. -# -# This works, however. - -{ config, lib, ... }: { - options.services.prometheus.exporters.endlessh-go = { - enable = lib.mkEnableOption (lib.mdDoc "Prometheus integration"); - - listenAddress = lib.mkOption { - type = lib.types.str; - default = "0.0.0.0"; - }; - - port = lib.mkOption { - type = lib.types.port; - default = 2112; - }; - }; - - config.services.endlessh-go.prometheus = config.services.prometheus.exporters.endlessh-go; -} diff --git a/options/ip.nix b/options/ip.nix deleted file mode 100644 index 166a5cf..0000000 --- a/options/ip.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ lib, ... }: { - options.networking = { - ipv4 = lib.mkValue null; - ipv6 = lib.mkValue null; - }; -} diff --git a/options/ssl.nix b/options/ssl.nix deleted file mode 100644 index b989733..0000000 --- a/options/ssl.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ config, lib, ... }: { - options.sslTemplate = lib.mkConst { - forceSSL = true; - quic = true; - useACMEHost = config.networking.domain; - }; -} diff --git a/rebuild.nu b/rebuild.nu index 26fa6e8..e6b94f7 100755 --- a/rebuild.nu +++ b/rebuild.nu @@ -1,5 +1,6 @@ #!/usr/bin/env nu +# Rebuild a NixOS / Darwin configuration. def main --wrapped [ host: string = "" # The host to build. ...arguments # The arguments to pass to `nixos-rebuild switch`. @@ -21,21 +22,27 @@ def main --wrapped [ "--option" "eval-cache" "false" ] | append ($args_split | get --ignore-errors 1 | default []) - if $host == (hostname) { - nh os switch . ...$nh_flags -- ...$nix_flags - } else { - git ls-files | ( - rsync - --rsh "ssh -q" - --delete-missing-args - --compress - --files-from - - ./ ($host + ":ncc") - ) + if $host != (hostname) { + git ls-files + | (rsync + --rsh "ssh -q" + --delete-missing-args + --compress + --files-from - + ./ ($host + ":ncc")) ssh -q -tt $host $" cd ncc ./rebuild.nu ($host) ($arguments | str join ' ') " + + return + } + + if (uname | get kernel-name) == "Darwin" { + darwin-rebuild switch --flake (".#" + $host) ...$nix_flags + } else { + nh os switch . ...$nh_flags -- ...$nix_flags } } + diff --git a/secrets.nix b/secrets.nix index 26b1006..26e6cf9 100644 --- a/secrets.nix +++ b/secrets.nix @@ -1,36 +1,7 @@ -with import ./keys.nix; { - # cube - "hosts/cube/id.age".publicKeys = [ cube ] ++ admins; - "hosts/cube/password.rgb.age".publicKeys = [ cube ] ++ admins; - - "hosts/cube/acme/environment.age".publicKeys = all; - - "hosts/cube/forgejo/password.runner.age".publicKeys = [ cube ] ++ admins; - - "hosts/cube/grafana/password.age".publicKeys = [ cube ] ++ admins; - - "hosts/cube/matrix/password.secret.age".publicKeys = [ cube ] ++ admins; - "hosts/cube/matrix/password.sync.age".publicKeys = [ cube ] ++ admins; - - "hosts/cube/nextcloud/password.age".publicKeys = [ cube ] ++ admins; - - # disk - "hosts/disk/id.age".publicKeys = [ disk ] ++ admins; - "hosts/disk/password.floppy.age".publicKeys = [ disk ] ++ admins; - - "hosts/disk/mail/password.plain.age".publicKeys = all; - "hosts/disk/mail/password.hash.age".publicKeys = [ disk nine ] ++ admins; - - # nine - "hosts/nine/id.age".publicKeys = [ nine ] ++ admins; - "hosts/nine/password.seven.age".publicKeys = [ nine ] ++ admins; - - "hosts/nine/github2forgejo/environment.age".publicKeys = [ nine ] ++ admins; - - # pala - "hosts/pala/password.said.age".publicKeys = admins; - +let + inherit (import ./keys.nix) all; +in { # shared - "modules/ssh/config.age".publicKeys = all; - "modules/restic/password.age".publicKeys = all; + "modules/common/ssh/config.age".publicKeys = all; + "modules/linux/restic/password.age".publicKeys = all; }