diff --git a/.gitignore b/.gitignore index b4f8486..92e4b98 100644 --- a/.gitignore +++ b/.gitignore @@ -1,37 +1,34 @@ * -!derivations/ - !docs/ !hosts/ -!hosts/enka/ - !hosts/cube/ -!hosts/cube/acme/ !hosts/cube/forgejo/ !hosts/cube/grafana/ !hosts/cube/mail/ -!hosts/cube/matrix-synapse/ +!hosts/cube/matrix/ !hosts/cube/nextcloud/ +!hosts/disk/ + +!hosts/enka/ + !modules/ !modules/hyprland/ !modules/nushell/ -!modules/openssh/ !lib/ +!options/ + !.gitignore !flake.lock !*.age !*.gif -!*.hist !*.md !*.nix !*.nu -!*.opus !*.png -!*.sh diff --git a/derivations/rat.nix b/derivations/rat.nix deleted file mode 100644 index 1c1590c..0000000 --- a/derivations/rat.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ - stdenv, - fetchFromGitHub, - unixtools, -}: - -stdenv.mkDerivation rec { - pname = "rat"; - version = "2.0.1"; - - src = fetchFromGitHub { - owner = "thinkingsand"; - repo = pname; - sha256 = "sha256-OsEIOC6EZrAN2NnDvnyN0nBRLVIviSMX2+TPqlidxrI="; - rev = "4817f542b067255d2b6cd1d29137f393da6e4085"; - }; - - buildInputs = [ unixtools.xxd ]; - buildPhase = '' - runHook preBuild - - make linux_audio - - runHook postBuild - ''; - - installPhase = '' - runHook preInstall - - mkdir -p $out/bin - install -Dm755 ./bin/rat -t $out/bin/ - - runHook postInstall - ''; -} diff --git a/docs/BROKEN.md b/docs/BROKEN.md deleted file mode 100644 index c5abbd0..0000000 --- a/docs/BROKEN.md +++ /dev/null @@ -1,11 +0,0 @@ -# Broken Stuff - -- Not broken either but set up Nextcloud exporters. - -- Some Nginx headers were commented out because it collided or something. - Idfk. Make them not. Uncomment. - -- QT theme doesn't work. - -- Nushell custom prompt title does not work, as it gets - overriden by the shell integration in a split second. diff --git a/LICENSE.md b/docs/LICENSE.md similarity index 100% rename from LICENSE.md rename to docs/LICENSE.md diff --git a/docs/PORTS.md b/docs/PORTS.md deleted file mode 100644 index d24dc95..0000000 --- a/docs/PORTS.md +++ /dev/null @@ -1,12 +0,0 @@ -# Internal & External Port Numbers - -- 80 and 443 are standard HTTP ports. Let them be. -- Same for e-mail ports. -- 8000-8999 are internal web application ports. - - Every app topic must use 80N0-80N9. -- 9000 is the Prometheus port. - - Every exporter topic must use 90N0-90N9. - - For example, Node exporter can be on 9010. - Dovecot can be on 9020, Postfix can be on 9021, - and so on. -- Haven't decided on redis, kresd etc. ports yet. diff --git a/docs/README.md b/docs/README.md index 5978671..6d849a1 100644 --- a/docs/README.md +++ b/docs/README.md @@ -1,39 +1,6 @@ -# My NixOS Configurations +# NCC -This repository contains my NixOS configurations for all my machines. - -## Bootstrapping - -Here is the script you need to run to get this working: - -> [!IMPORTANT] -> You will need to have an SSH key to authorize GitHub with, -> and have access to the Ghostty GitHub repository as I -> use Ghostty and Ghostty is in private beta at the moment. - -```sh -sudo nix-shell --packages git nu nix-output-monitor --command " - git clone https://github.com/RGBCube/NixOSConfiguration ~/Configuration - cd ~/Configuration - hostname -v - nu rebuild.nu -" -``` - -`host` is a host selected from the hosts in the `hosts` directory. - -## Applying Changes - -Lets say you have changed the configuration and want to apply the changes -to your system. You would have to run the rebuild script: - -```sh -./rebuild.nu -``` - -This runs the script interactively. - -You can also check how the script is used by reading the parameters it takes. +RGBCube's NixOS Configuration Collection. ## License diff --git a/flake.lock b/flake.lock index 066aea5..f962741 100644 --- a/flake.lock +++ b/flake.lock @@ -12,11 +12,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1707830867, - "narHash": "sha256-PAdwm5QqdlwIqGrfzzvzZubM+FXtilekQ/FA0cI49/o=", + "lastModified": 1712079060, + "narHash": "sha256-/JdiT9t+zzjChc5qQiF+jhrVhRt8figYH29rZO7pFe4=", "owner": "ryantm", "repo": "agenix", - "rev": "8cb01a0e717311680e0cbca06a76cbceba6f3ed6", + "rev": "1381a759b205dff7a6818733118d02253340fd5e", "type": "github" }, "original": { @@ -71,11 +71,11 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1711434200, - "narHash": "sha256-d1/GwzQfxG66qfFiZv79m0C63JXIkzLHVHXaf9A42tY=", + "lastModified": 1713335151, + "narHash": "sha256-K97Xs+gvp9wbbpd+a4aSeeczWgtBs63ut6lAcDn3O4U=", "owner": "nix-community", "repo": "fenix", - "rev": "08b43790fd25acd39f3cc1fdaf36c183c59ca528", + "rev": "fa179d2b1528f64ae43f83c485ef914d9c3fb85a", "type": "github" }, "original": { @@ -137,11 +137,11 @@ ] }, "locked": { - "lastModified": 1711508420, - "narHash": "sha256-T0io4K+gZOlps4GOUbwdskvmE9j6w33RLOTOwzfcgkI=", + "lastModified": 1713285560, + "narHash": "sha256-PlApALZSdBnRtXLk1XYksOzf47BU/V+vnIGjqrO1DmY=", "ref": "refs/heads/main", - "rev": "caf2742b768937869bb6c843c89c87f48f3ac1d2", - "revCount": 5721, + "rev": "06c5528a59f61e61c7b8b21a51bb60a172ca7955", + "revCount": 5909, "type": "git", "url": "ssh://git@github.com/RGBCube/ghostty" }, @@ -193,11 +193,11 @@ ] }, "locked": { - "lastModified": 1711133180, - "narHash": "sha256-WJOahf+6115+GMl3wUfURu8fszuNeJLv9qAWFQl3Vmo=", + "lastModified": 1713294767, + "narHash": "sha256-LmaabaQZdx52MPGKPRt9Opoc9Gd9RbwvCdysUUYQoXI=", "owner": "nix-community", "repo": "home-manager", - "rev": "1c2c5e4cabba4c43504ef0f8cc3f3dfa284e2dbb", + "rev": "fa8c16e2452bf092ac76f09ee1fb1e9f7d0796e7", "type": "github" }, "original": { @@ -208,7 +208,10 @@ }, "hyprcursor": { "inputs": { - "hyprlang": "hyprlang", + "hyprlang": [ + "hyprland", + "hyprlang" + ], "nixpkgs": [ "hyprland", "nixpkgs" @@ -219,11 +222,11 @@ ] }, "locked": { - "lastModified": 1711035742, - "narHash": "sha256-5vvhCSUGG9TA2G1eIRgokuYizhRnZu0ZbcU1MXfHsUE=", + "lastModified": 1713214463, + "narHash": "sha256-zAOOjqHAbccCRgJSuvTCA0FNLqKswN63LgVo43R7pxw=", "owner": "hyprwm", "repo": "hyprcursor", - "rev": "6a92473237f430399a417e1c2da9d7fcd4970086", + "rev": "0a53b9957f0b17f1a0036b25198f569969ad43a0", "type": "github" }, "original": { @@ -249,11 +252,11 @@ "xdph": "xdph" }, "locked": { - "lastModified": 1711466169, - "narHash": "sha256-8LyPRWHz6YFWS5IIgjb94K6eDH5Riwe65BBkreC6v1c=", + "lastModified": 1713351856, + "narHash": "sha256-5lf6GAXWtJanOTgu3jH0tF4aqoqCv8IcP43wp+pemWg=", "owner": "hyprwm", "repo": "Hyprland", - "rev": "ae52b7f4680716976d05b638aaa90e169d199117", + "rev": "e57a2d7ec87ae775828ea8628ef4eeafce8e6e70", "type": "github" }, "original": { @@ -288,29 +291,6 @@ } }, "hyprlang": { - "inputs": { - "nixpkgs": [ - "hyprland", - "hyprcursor", - "nixpkgs" - ], - "systems": "systems_2" - }, - "locked": { - "lastModified": 1709914708, - "narHash": "sha256-bR4o3mynoTa1Wi4ZTjbnsZ6iqVcPGriXp56bZh5UFTk=", - "owner": "hyprwm", - "repo": "hyprlang", - "rev": "a685493fdbeec01ca8ccdf1f3655c044a8ce2fe2", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "hyprlang", - "type": "github" - } - }, - "hyprlang_2": { "inputs": { "nixpkgs": [ "nixpkgs" @@ -320,11 +300,11 @@ ] }, "locked": { - "lastModified": 1711250455, - "narHash": "sha256-LSq1ZsTpeD7xsqvlsepDEelWRDtAhqwetp6PusHXJRo=", + "lastModified": 1713121246, + "narHash": "sha256-502X0Q0fhN6tJK7iEUA8CghONKSatW/Mqj4Wappd++0=", "owner": "hyprwm", "repo": "hyprlang", - "rev": "b3e430f81f3364c5dd1a3cc9995706a4799eb3fa", + "rev": "78fcaa27ae9e1d782faa3ff06c8ea55ddce63706", "type": "github" }, "original": { @@ -340,11 +320,11 @@ ] }, "locked": { - "lastModified": 1711283076, - "narHash": "sha256-Cda+XbHpvyz3HhdJ7FlXFoaazOWtdBoOWmEaj4ZFwRM=", + "lastModified": 1713196199, + "narHash": "sha256-ifdAQO9wcw/zlAyg8fCpf5I0TtufdRS6YZoTVk1VzLM=", "owner": "hyprwm", "repo": "hyprpicker", - "rev": "0eb49192a5cdd5e6e8e6c2c82c33857d78d6cd56", + "rev": "e2472f499d67568edb1b727736c587b877e85344", "type": "github" }, "original": { @@ -365,84 +345,29 @@ "url": "https://raw.githubusercontent.com/ziglang/zig/54bbc73f8502fe073d385361ddb34a43d12eec39/doc/langref.html.in" } }, - "libgit2": { - "flake": false, - "locked": { - "lastModified": 1697646580, - "narHash": "sha256-oX4Z3S9WtJlwvj0uH9HlYcWv+x1hqp8mhXl7HsLu2f0=", - "owner": "libgit2", - "repo": "libgit2", - "rev": "45fd9ed7ae1a9b74b957ef4f337bc3c8b3df01b5", - "type": "github" - }, - "original": { - "owner": "libgit2", - "repo": "libgit2", - "type": "github" - } - }, - "nixSuper": { - "inputs": { - "flake-compat": [ - "flakeCompat" - ], - "libgit2": "libgit2", - "nixpkgs": "nixpkgs", - "nixpkgs-regression": "nixpkgs-regression" - }, - "locked": { - "lastModified": 1711388763, - "narHash": "sha256-z5lTtZ3Np3P5E03S7J627Gie7HtLPxscmuQ40Vu8xuw=", - "owner": "privatevoid-net", - "repo": "nix-super", - "rev": "06eac000db910dd07c935b2dd279b92b21b61571", - "type": "github" - }, - "original": { - "owner": "privatevoid-net", - "repo": "nix-super", - "type": "github" - } - }, "nixpkgs": { "locked": { - "lastModified": 1709083642, - "narHash": "sha256-7kkJQd4rZ+vFrzWu8sTRtta5D1kBG0LSRYAfhtmMlSo=", + "lastModified": 1713248628, + "narHash": "sha256-NLznXB5AOnniUtZsyy/aPWOk8ussTuePp2acb9U+ISA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b550fe4b4776908ac2a861124307045f8e717c8e", + "rev": "5672bc9dbf9d88246ddab5ac454e82318d094bb8", "type": "github" }, "original": { "owner": "NixOS", - "ref": "release-23.11", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, - "nixpkgs-regression": { - "locked": { - "lastModified": 1643052045, - "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", - "type": "github" - } - }, "nixpkgs-zig-0-12": { "locked": { - "lastModified": 1711143939, - "narHash": "sha256-oT6a81U4NHjJH1hjaMVXKsdTZJwl2dT+MhMESKoevvA=", + "lastModified": 1712247214, + "narHash": "sha256-7PTw86NnE2nCQPf+PPI/kOKwmlbbTqUthYSz/nDnAoc=", "owner": "vancluever", "repo": "nixpkgs", - "rev": "c4749393c06e52da4adf42877fdf9bac7141f0de", + "rev": "6726262c930716f601345b2c9d0c42ba069991b8", "type": "github" }, "original": { @@ -452,37 +377,6 @@ "type": "github" } }, - "nixpkgs_2": { - "locked": { - "lastModified": 1711518224, - "narHash": "sha256-M75UGj6cj41U6WEAQIt1NT1KHtmUGFjkFGEkbkOnFFw=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "1b08f32c98637285b4dd3b74f2ea2b3b487106bd", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "nixpkgs", - "type": "github" - } - }, - "nuScripts": { - "flake": false, - "locked": { - "lastModified": 1711478865, - "narHash": "sha256-cXcMGdmdfyrfhCVHRRHNQnstFbFhIKyQdNivgBT/tpA=", - "owner": "nushell", - "repo": "nu_scripts", - "rev": "41fe58eceeaf24e560dc448280be3a143207982f", - "type": "github" - }, - "original": { - "owner": "nushell", - "repo": "nu_scripts", - "type": "github" - } - }, "root": { "inputs": { "ageNix": "ageNix", @@ -493,13 +387,11 @@ "ghosttyModule": "ghosttyModule", "homeManager": "homeManager", "hyprland": "hyprland", - "hyprlang": "hyprlang_2", + "hyprlang": "hyprlang", "hyprpicker": "hyprpicker", - "nixSuper": "nixSuper", - "nixpkgs": "nixpkgs_2", - "nuScripts": "nuScripts", + "nixpkgs": "nixpkgs", "simpleMail": "simpleMail", - "systems": "systems_3", + "systems": "systems_2", "themes": "themes", "zig": "zig", "zls": "zls" @@ -508,11 +400,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1711404839, - "narHash": "sha256-5W2Vzw2nfrOk194qLcZDyNmmH/mda6B6413M58C85Bk=", + "lastModified": 1713285401, + "narHash": "sha256-/FSI+GvcLWR107Lr2ntTo4d+yw2cAFXnJBw/66hPn8c=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "e52bb8cddb0d636a86a3560e9eadb5f3d8f8c2af", + "rev": "d07f0240fd9ced3addb8bdcda6fb9a305cb6499f", "type": "github" }, "original": { @@ -536,11 +428,11 @@ ] }, "locked": { - "lastModified": 1710449465, - "narHash": "sha256-2orO8nfplp6uQJBFqKkj1iyNMC6TysmwbWwbb4osTag=", + "lastModified": 1713012165, + "narHash": "sha256-z/soXKDnz+w4Nw0LkRaM73YqolhSmIYy6cpg1F2ps8I=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "79c8cfcd5873a85559da6201b116fb38b490d030", + "rev": "9f6635a0351c190179dc6904545f950108a23dd8", "type": "gitlab" }, "original": { @@ -565,21 +457,6 @@ } }, "systems_2": { - "locked": { - "lastModified": 1689347949, - "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", - "owner": "nix-systems", - "repo": "default-linux", - "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default-linux", - "type": "github" - } - }, - "systems_3": { "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", @@ -612,20 +489,18 @@ "wlroots": { "flake": false, "locked": { - "host": "gitlab.freedesktop.org", - "lastModified": 1709983277, - "narHash": "sha256-wXWIJLd4F2JZeMaihWVDW/yYXCLEC8OpeNJZg9a9ly8=", - "owner": "wlroots", - "repo": "wlroots", - "rev": "50eae512d9cecbf0b3b1898bb1f0b40fa05fe19b", - "type": "gitlab" + "lastModified": 1713124002, + "narHash": "sha256-vPeZCY+sdiGsz4fl3AVVujfyZyQBz6+vZdkUE4hQ+HI=", + "owner": "hyprwm", + "repo": "wlroots-hyprland", + "rev": "611a4f24cd2384378f6e500253983107c6656c64", + "type": "github" }, "original": { - "host": "gitlab.freedesktop.org", - "owner": "wlroots", - "repo": "wlroots", - "rev": "50eae512d9cecbf0b3b1898bb1f0b40fa05fe19b", - "type": "gitlab" + "owner": "hyprwm", + "repo": "wlroots-hyprland", + "rev": "611a4f24cd2384378f6e500253983107c6656c64", + "type": "github" } }, "xdph": { @@ -648,11 +523,11 @@ ] }, "locked": { - "lastModified": 1709299639, - "narHash": "sha256-jYqJM5khksLIbqSxCLUUcqEgI+O2LdlSlcMEBs39CAU=", + "lastModified": 1713214484, + "narHash": "sha256-h1bSIsDuPk1FGgvTuSHJyiU2Glu7oAyoPMJutKZmLQ8=", "owner": "hyprwm", "repo": "xdg-desktop-portal-hyprland", - "rev": "2d2fb547178ec025da643db57d40a971507b82fe", + "rev": "bb44921534a9cee9635304fdb876c1b3ec3a8f61", "type": "github" }, "original": { @@ -674,11 +549,11 @@ ] }, "locked": { - "lastModified": 1711454961, - "narHash": "sha256-Hm5wZoCrfQYiSv6F2AqRXfb3iBQOFVwTHaXCVw4VIcg=", + "lastModified": 1713313372, + "narHash": "sha256-JqMBPQKPubOt3ToB0k4q+CTJqfwHfh5iaaFvLOr8GDA=", "owner": "mitchellh", "repo": "zig-overlay", - "rev": "fc90c09499061b194328f42469df73b09563fc83", + "rev": "5dcefc19b3fb062bb2beb224d72759ca6c25c9cd", "type": "github" }, "original": { @@ -702,11 +577,11 @@ ] }, "locked": { - "lastModified": 1711133472, - "narHash": "sha256-iF7WXLFcze9f/H78NB98Oh3O55SrlgymCD7Vrk13aQU=", + "lastModified": 1713110866, + "narHash": "sha256-ddSLREpgBq87dcbSisliSoSNqKl2x7kVf3E/tFumIXw=", "owner": "zigtools", "repo": "zls", - "rev": "96eddd067615efd9a88fa596dfa4c75943302885", + "rev": "172c8f2ef81c95731d7bff6f69f8d497902fe999", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index fa9efe4..e0d9d76 100644 --- a/flake.nix +++ b/flake.nix @@ -7,14 +7,7 @@ }; inputs = { - nixpkgs.url = "github:NixOS/nixpkgs"; - - nixSuper = { - url = "github:privatevoid-net/nix-super"; - - inputs.flake-compat.follows = "flakeCompat"; - # inputs.nixpkgs.follows = "nixpkgs"; - }; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; homeManager = { url = "github:nix-community/home-manager"; @@ -29,11 +22,6 @@ inputs.home-manager.follows = "homeManager"; }; - nuScripts = { - url = "github:nushell/nu_scripts"; - flake = false; - }; - simpleMail = { url = "gitlab:simple-nixos-mailserver/nixos-mailserver"; @@ -69,7 +57,7 @@ fenix = { url = "github:nix-community/fenix"; - inputs.nixpkgs.follows = "nixpkgs"; + inputs.nixpkgs.follows = "nixpkgs"; }; zig = { @@ -116,117 +104,103 @@ }; outputs = { + self, nixpkgs, ageNix, simpleMail, homeManager, - themes, + ghosttyModule, ... } @ inputs: let - importConfiguration = host: let - hostDefault = import ./hosts/${host} { - config = {}; - keys = {}; - ulib = (import ./lib lib null) // { - merge = lib.recursiveUpdate; - }; - }; + lib0 = nixpkgs.lib; + keys = import ./keys.nix; - users = { - all = let - users = builtins.attrNames hostDefault.users.users; - in if builtins.elem "root" users then - users - else - users ++ [ "root" ]; + collectNixFiles = directory: with lib0; pipe (builtins.readDir directory) [ + (mapAttrsToList (name: type: let + path = /${directory}/${name}; + in if type == "directory" then + collectNixFiles path + else + path)) + flatten + (filter (hasSuffix ".nix")) + (filter (name: !hasPrefix "_" (builtins.baseNameOf name))) + ]; - graphical = builtins.attrNames (lib.filterAttrs (_: value: builtins.elem "graphical" (value.extraGroups or [])) hostDefault.users.users); - }; + lib1 = with lib0; extend (_: _: pipe (collectNixFiles ./lib) [ + (map (file: import file lib0)) + (filter (thunk: !isFunction thunk)) + (foldl' recursiveUpdate {}) + ]); - system = hostDefault.nixpkgs.hostPlatform; - - lib = nixpkgs.lib; - ulib = import ./lib lib users; - - pkgs = import nixpkgs { inherit system; }; - upkgs = let - defaults = lib.genAttrs - [ "nixSuper" "ageNix" "hyprland" "hyprpicker" "ghostty" "zls" ] - (name: inputs.${name}.packages.${system}.default); - - other = { - nuScripts = inputs.nuScripts; - rat = pkgs.callPackage ./derivations/rat.nix {}; - zig = inputs.zig.packages.${system}.master; - }; - in defaults // other; - - keys = import ./keys.nix; - - theme = themes.custom (themes.raw.gruvbox-dark-hard // { - cornerRadius = 8; - borderWidth = 2; - - margin = 6; - padding = 8; - - font.size.normal = 12; - font.size.big = 18; - - font.sans.name = "Lexend"; - font.sans.package = pkgs.lexend; - - font.mono.name = "JetBrainsMono Nerd Font"; - font.mono.package = (pkgs.nerdfonts.override { fonts = [ "JetBrainsMono" ]; }); - - icons.name = "Gruvbox-Plus-Dark"; - icons.package = pkgs.gruvbox-plus-icons; - }); - - defaultConfiguration = { - age.identityPaths = map (user: "/home/${user}/.ssh/id") users.all; - - home-manager.users = lib.genAttrs users.all (_: {}); - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - - networking.hostName = host; - }; - - in lib.nixosSystem { - inherit system; - - specialArgs = { inherit inputs ulib upkgs keys theme; }; - - modules = let - mapDirectory = function: directory: with builtins; - attrValues (mapAttrs function (readDir directory)); - - nullIfUnderscoreOrNotNix = name: if (builtins.substring 0 1 name) == "_" then - null - else if lib.hasSuffix ".age" name then - null - else - name; - - filterNull = builtins.filter (x: x != null); - - importDirectory = directory: - filterNull (mapDirectory (name: _: lib.mapNullable (name: /${directory}/${name}) (nullIfUnderscoreOrNotNix name)) directory); - in [ - homeManager.nixosModules.default - - ageNix.nixosModules.default - - simpleMail.nixosModules.default - - defaultConfiguration - ] ++ (importDirectory ./hosts/${host}) - ++ (importDirectory ./modules); + nixpkgsOverlayModule = with lib1; { + nixpkgs.overlays = [(final: prev: { + ghostty = inputs.ghostty.packages.${prev.system}.default; + zls = inputs.zls.packages.${prev.system}.default; + })] ++ pipe inputs [ + attrValues + (filter (value: value ? overlays.default)) + (map (value: value.overlays.default)) + ]; }; - hosts = (builtins.attrNames (builtins.readDir ./hosts)); + homeManagerModule = { lib, ... }: with lib; { + home-manager.users = genAttrs allNormalUsers (_: {}); + + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + + home-manager.sharedModules = [ ghosttyModule.homeModules.default ]; + }; + + ageNixModule = { + age.identityPaths = [ "/root/.ssh/id" ]; + }; + + optionModules = [ + homeManager.nixosModules.default + ageNix.nixosModules.default + simpleMail.nixosModules.default + + (lib1.mkAliasOptionModule [ "secrets" ] [ "age" "secrets" ]) + ] ++ collectNixFiles ./options; + + optionUsageModules = [ + nixpkgsOverlayModule + homeManagerModule + ageNixModule + ] ++ collectNixFiles ./modules; + + specialArgs = { inherit self inputs keys; }; + + hosts = lib1.pipe (builtins.readDir ./hosts) [ + (lib1.filterAttrs (name: type: type == "regular" -> lib1.hasSuffix ".nix" name)) + lib1.attrNames + ]; + + lib2s = with lib1; genAttrs hosts (name: let + hostStub = nixosSystem { + inherit specialArgs; + + modules = [ ./hosts/${name} ] ++ optionModules; + }; + in extend (_: _: pipe (collectNixFiles ./lib) [ + (map (file: import file lib1)) + (filter (isFunction)) + (map (func: func hostStub.config)) + (foldl' recursiveUpdate {}) + ])); + + configurations = lib1.genAttrs hosts (name: lib2s.${name}.nixosSystem { + inherit specialArgs; + + modules = [{ + networking.hostName = name; + }] ++ optionModules ++ optionUsageModules ++ collectNixFiles ./hosts/${name}; + }); in { - nixosConfigurations = nixpkgs.lib.genAttrs hosts importConfiguration; - }; + nixosConfigurations = configurations; + + # This is here so we can do self. instead of self.nixosConfigurations..config. + } // lib1.mapAttrs (_: value: value.config) configurations; } diff --git a/hosts/cube/acme/default.nix b/hosts/cube/acme.nix similarity index 62% rename from hosts/cube/acme/default.nix rename to hosts/cube/acme.nix index 9aa3416..0a76c91 100644 --- a/hosts/cube/acme/default.nix +++ b/hosts/cube/acme.nix @@ -1,15 +1,15 @@ -{ config, ulib, ... }: with ulib; +{ self, config, lib, ... }: with lib; let inherit (config.networking) domain; -in serverSystemConfiguration { - age.secrets."hosts/cube/acme/password".file = ./password.age; +in systemConfiguration { + secrets.acmePassword.file = self + /hosts/password.acme.age; security.acme = { acceptTerms = true; defaults = { - environmentFile = config.age.secrets."hosts/cube/acme/password".path; + environmentFile = config.secrets.acmePassword.path; dnsProvider = "cloudflare"; dnsResolver = "1.1.1.1"; email = "security@${domain}"; diff --git a/hosts/cube/acme/password.age b/hosts/cube/acme/password.age deleted file mode 100644 index ccb115a..0000000 Binary files a/hosts/cube/acme/password.age and /dev/null differ diff --git a/hosts/cube/default.nix b/hosts/cube/default.nix index 87318aa..2da2b01 100644 --- a/hosts/cube/default.nix +++ b/hosts/cube/default.nix @@ -1,4 +1,4 @@ -{ config, ulib, keys, ... }: with ulib; merge +{ config, lib, keys, ... }: with lib; merge (systemConfiguration { system.stateVersion = "23.05"; @@ -6,18 +6,30 @@ networking.domain = "rgbcu.be"; - time.timeZone = "Europe/Amsterdam"; + secrets.rgbPassword.file = ./password.rgb.age; - age.secrets."hosts/cube/password.rgb".file = ./password.rgb.age; + users.users = { + root.hashedPasswordFile = config.secrets.rgbPassword.path; - users.users.root.hashedPasswordFile = config.age.secrets."hosts/cube/password.rgb".path; - - users.users.rgb = normalUser { - description = "RGB"; - extraGroups = [ "wheel" ]; - openssh.authorizedKeys.keys = [ keys.enka ]; - hashedPasswordFile = config.age.secrets."hosts/cube/password.rgb".path; + rgb = sudoUser { + description = "RGB"; + openssh.authorizedKeys.keys = [ keys.enka ]; + hashedPasswordFile = config.secrets.rgbPassword.path; + }; }; + + services.openssh.banner = '' + _______________________________________ + / If God doesn't destroy San Francisco, \ + | He should apologize to Sodom and | + \ Gomorrah. / + --------------------------------------- + \ ^__^ + \ (oo)\_______ + (__)\ )\/\ + ||----w | + || || + ''; }) (homeConfiguration { diff --git a/hosts/cube/forgejo/default.nix b/hosts/cube/forgejo/default.nix index ceca47e..cb4ce7d 100644 --- a/hosts/cube/forgejo/default.nix +++ b/hosts/cube/forgejo/default.nix @@ -1,15 +1,17 @@ -{ config, ulib, pkgs, ... }: with ulib; +{ config, lib, pkgs, ... }: with lib; let inherit (config.networking) domain; fqdn = "git.${domain}"; -in serverSystemConfiguration { - age.secrets."hosts/cube/forgejo/password.mail" = { + + port = 8004; +in systemConfiguration { + secrets.forgejoMailPassword = { file = ./password.mail.age; owner = "forgejo"; }; - age.secrets."hosts/cube/forgejo/password.runner" = { + secrets.forgejoRunnerPassword = { file = ./password.runner.age; owner = "forgejo"; }; @@ -42,7 +44,7 @@ in serverSystemConfiguration { "act:docker://ghcr.io/catthehacker/ubuntu:act-latest" ]; - tokenFile = config.age.secrets."hosts/cube/forgejo/password.runner".path; + tokenFile = config.secrets.forgejoRunnerPassword.path; settings = { cache.enabled = true; @@ -61,11 +63,12 @@ in serverSystemConfiguration { }; }; + services.openssh.settings.AcceptEnv = mkForce "COLORTERM GIT_PROTOCOL"; services.forgejo = enabled { - lfs = enabled {}; + lfs = enabled; - mailerPasswordFile = config.age.secrets."hosts/cube/forgejo/password.mail".path; + mailerPasswordFile = config.secrets.forgejoMailPassword.path; database = { socket = "/run/postgresql"; @@ -78,7 +81,7 @@ in serverSystemConfiguration { default.APP_NAME = description; actions = { - ENABLED = true; + ENABLED = true; DEFAULT_ACTIONS_URL = "https://${fqdn}"; }; @@ -89,9 +92,9 @@ in serverSystemConfiguration { mailer = { ENABLED = true; - PROTOCOL = "smtps"; + PROTOCOL = "smtps"; SMTP_ADDR = config.mailserver.fqdn; - USER = "git@${domain}"; + USER = "git@${domain}"; }; other = { @@ -123,8 +126,8 @@ in serverSystemConfiguration { ROOT_URL = "https://${fqdn}/"; LANDING_PAGE = "/explore"; - HTTP_ADDR = "::"; - HTTP_PORT = 8004; + HTTP_ADDR = "::1"; + HTTP_PORT = port; SSH_PORT = builtins.elemAt config.services.openssh.ports 0; @@ -145,7 +148,7 @@ in serverSystemConfiguration { }; }; - services.nginx.virtualHosts.${fqdn} = (sslTemplate domain) // { - locations."/".proxyPass = "http://[::]:${toString config.services.forgejo.settings.server.HTTP_PORT}"; + services.nginx.virtualHosts.${fqdn} = merge config.sslTemplate { + locations."/".proxyPass = "http://[::1]:${toString port}"; }; } diff --git a/hosts/cube/forgejo/password.mail.age b/hosts/cube/forgejo/password.mail.age index 2113e92..b1fc1ab 100644 --- a/hosts/cube/forgejo/password.mail.age +++ b/hosts/cube/forgejo/password.mail.age @@ -1,6 +1,15 @@ age-encryption.org/v1 --> ssh-ed25519 +rZ0Tw k4u86tbxSaZTIr9QzN2P+md9WwGvn93jOXqR2JHWy30 -tG7p/GaP0MhTqbAin3KmIMCrE67Ls3NYoztcJT8r7po ---- cmz8sBFqHk8RyAae/gBqrWgjCyHrVtngjZGn1xQOze8 -9rgM׶9gz -@uO0ץa \ No newline at end of file +-> ssh-ed25519 +rZ0Tw UdpGG1O9oC4Z3OasaGJyU3TM9FkwcaXQX9+QT4Wqrjs +RX+NdBYD+/GtOSGun8Y04S48MKLDHkQsfqjJQ0vVj18 +-> ssh-rsa jPaU3Q +EVX4PE+5bBQm3tzrUkbPBfG7Ech9dS2Ix8ZLLWYW2DFp30F49tJvYUDLGgpRARa+ +dh0+tuiOdPHENVbyhM8pob+Jk4Ii1+ZYwQdah0bAmewJ88NAHgfNCPMuAZFsR2w7 +r+KeuMa+1PtX3llIVWqTc+pdfrPVnG/DcbQqSgs5a2NVQauMgFgT9eCrwvuWCTSQ +dlUWdysSTYsnGHSKxSgS/MmMIFsrlxqoUUBYTFdS6yU/w6b7VFSJdGczmzD9zFMJ +ywkregpi5y0Z8K5byroRMR1IfIl7B0CHcZbsTFqSrlDSX9Rq2D84TGwdhwBK0L17 +Yy1UM3mFIDWgWe2lBY2KRterzxF/XxfDgbDc+1d8NWANVDinoXIOLYg3QBCSupwR +QmgjfvMcqjDSeg/QaV3PXtK/GyzVk8ehAFQpCyi+XofuavhBzP+9yk6IoHQupEAx +mQkm1ZXRc//C5w7Svjf6DmR5KKbF/mTRr7QqJp4XuCNCHA4Bf5BQEw5p8NtfqiWh + +--- iRy3XLKWkh6sUOkUS79ZRtRAjGdvvlKRZ6L6h6cKzjE +lڣY~Ϭ bQ/o3^s}+,B \ No newline at end of file diff --git a/hosts/cube/forgejo/password.runner.age b/hosts/cube/forgejo/password.runner.age index bdc21c5..5e42912 100644 --- a/hosts/cube/forgejo/password.runner.age +++ b/hosts/cube/forgejo/password.runner.age @@ -1,5 +1,15 @@ age-encryption.org/v1 --> ssh-ed25519 +rZ0Tw rraoMjYwD6IIkmgyiDKlij2+bLqY5PNyMU5IPQ4mvjI -/yttaAf7neHJ69LYh6p33gRBXIZA4oxWS5DDMnfOhhM ---- o+/I/vPxFdL9orC3PsBTazOrwG6Le8uLMUYiHE4XMj8 - ]}W{[a'md AUԬ7z*Y9"|1dvQxcǓ"0pr: \ No newline at end of file +-> ssh-ed25519 +rZ0Tw cQ6Sb/ZjeBy7VCL03h1A4+67kNoEYfQBee90qOXytxg +pIZpmgRZ9ISGx6CJF0yPX+PYs9VLXXoK01FB+iW4OXo +-> ssh-rsa jPaU3Q +aVlBcpE5GdfXtzuu7uHqDhTtiO7mXMYNr0Ww0MluxQxZmuXyxa7IIxeUR6n6eub/ +7H+B2Gcwwnh7txdWGyCytCx1rNp5Dbs0qSm+ufgyzNTSz9rPu2iEHPR0WOB2Y85x +avpC53ESBFORZ4Zswkc0iYBAGIwbtUGDGAV/ziw1hZCEsRCJZX1Pj57Tvk5Bc9mL +gaBix4Qo3X0j/Pqzp4NeaaMmIdCv2XOizQwFVAxqvT17xil3+TuZLKAScgbwtj9u +QfOZjwOQxVZwB5+CHmd7AYX2QCQsi45bBKh9dUU2Fm/MLyDmfSpiwTQ3nIEkSk1n +B6QwA4Z7v0A/IxDyQ9cWpj5TIxQ96RTf/azlRMg0H4bBuwINHlg0oWNIHfGZG15m +uRMvs+xxPcmU710b5WEwZRSlaZ1+Lm8uLY7d0j+Ie4V41JKmMh1pOaFbyo4wxWUo +cwRNFx9Yajiml7VnjaOZOGtA/NCUEall4mCdSJD5vntiTb3Hves0gAtoici1ZrX5 + +--- 8RA8QeFF0brgptQpnHAO6L0J1DXWeVAKxuXmDcX46Zg + t<&V9SCsF“ QoCk({Hm a ˢT[>*Qۓ \ No newline at end of file diff --git a/hosts/cube/grafana/default.nix b/hosts/cube/grafana/default.nix index 1031e34..a19ff27 100644 --- a/hosts/cube/grafana/default.nix +++ b/hosts/cube/grafana/default.nix @@ -1,25 +1,21 @@ -{ config, ulib, ... }: with ulib; +{ config, lib, ... }: with lib; let inherit (config.networking) domain; fqdn = "metrics.${domain}"; -in serverSystemConfiguration { - age.secrets."hosts/cube/grafana/password" = { + + port = 8000; +in systemConfiguration { + secrets.grafanaPassword = { file = ./password.age; owner = "grafana"; }; - age.secrets."hosts/cube/grafana/password.mail" = { + secrets.grafanaMailPassword = { file = ./password.mail.age; owner = "grafana"; }; - services.fail2ban.jails.grafana.settings = { - filter = "grafana"; - journalmatch = "_SYSTEMD_UNIT=grafana.service"; - maxretry = 3; - }; - services.postgresql = { ensureDatabases = [ "grafana" ]; ensureUsers = [{ @@ -34,7 +30,7 @@ in serverSystemConfiguration { }; services.grafana = enabled { - provision = enabled {}; + provision = enabled; settings = { analytics.reporting_enabled = false; @@ -44,15 +40,15 @@ in serverSystemConfiguration { database.user = "grafana"; server.domain = fqdn; - server.http_addr = "[::]"; - server.http_port = 8000; + server.http_addr = "[::1]"; + server.http_port = port; users.default_theme = "system"; }; settings.security = { admin_email = "metrics@${domain}"; - admin_password = "$__file{${config.age.secrets."hosts/cube/grafana/password".path}}"; + admin_password = "$__file{${config.secrets.grafanaPassword.path}}"; admin_user = "admin"; cookie_secure = true; @@ -64,7 +60,7 @@ in serverSystemConfiguration { settings.smtp = { enabled = true; - password = "$__file{${config.age.secrets."hosts/cube/grafana/password.mail".path}}"; + password = "$__file{${config.secrets.grafanaMailPassword.path}}"; startTLS_policy = "MandatoryStartTLS"; ehlo_identity = "contact@${domain}"; @@ -74,9 +70,9 @@ in serverSystemConfiguration { }; }; - services.nginx.virtualHosts.${fqdn} = (sslTemplate domain) // { + services.nginx.virtualHosts.${fqdn} = merge config.sslTemplate { locations."/" = { - proxyPass = "http://[::]:${toString config.services.grafana.settings.server.http_port}"; + proxyPass = "http://[::1]:${toString port}"; proxyWebsockets = true; }; }; diff --git a/hosts/cube/grafana/password.age b/hosts/cube/grafana/password.age index a9816e2..7e22990 100644 Binary files a/hosts/cube/grafana/password.age and b/hosts/cube/grafana/password.age differ diff --git a/hosts/cube/grafana/password.mail.age b/hosts/cube/grafana/password.mail.age index 01e8aee..c0cd623 100644 --- a/hosts/cube/grafana/password.mail.age +++ b/hosts/cube/grafana/password.mail.age @@ -1,5 +1,15 @@ age-encryption.org/v1 --> ssh-ed25519 +rZ0Tw xkWa1fXAqQk5S+VNegGJpwGGDK0S3U+/QqPqSJgDUzI -xQRrNt48YL6ueLKKN4VXZuwzP0wu7AykvShOTv06YVQ ---- pEof9mZkQfWKgX5jrFGissq6m8/CvS7O2G52d/XbS8w -,5Kh#s( z_IipY/=ܯRwS \ No newline at end of file +-> ssh-ed25519 +rZ0Tw O0H0h+hSKjcOPaWE8iDSpYsR0TGigDeyBUmHtFTCNjQ +EHORIYFfRAoYEME9SM6l3ef6jfYmLBXEgGxZ7L+wZyA +-> ssh-rsa jPaU3Q +bG32pycqaE13cyS0OVqd3mI3lmP91UOgBrhnIhUv6WCDxJdQoshrUNhfF93JAI9+ +HSAsAOM1UHeffdNuucCQsoTxENCFonldrK8+cQwPyQlPSGIP5yE4hFFRUjoct0X5 +qdJsjgHAP53c5707mdwsx7lbpRLFPhW6JvA90wn1LKZPgMHBD5yQRPc+qM0NQ10b +sOqNU8dVuuIwWGtzHm9vrw3jUZMNiH+AUJ8IcaEC8+5FFAHr1cib3+rzyUmbzrxr +n2dXsIICLmQZVXoNPMYltcHyM6jf1a+cxh9Z7ZKhVxJvD2jXh9CqrHw5Z2xbQJTL +rwKNE85xxwQNzldYPMGLWyfn25j08/Jx4uZHXQIGrjVQCRRy+Mmn9d05MY2BNPNC +vpA848kn1IIM5ybBdsEXSqywoE2+r+J39JVUcQgTdXhjQwfZWcXiaq3haD6mhtRp +0VIqnBeu4vuvgtOEnWzvqVj0k64sYs+uPVjuXrW6szcSBcHj/QLfIQ//Tw4sRpQy + +--- DRdJx69Bkj+MVtk3dlZ0gMQmHG7NC7ZbzuMGbEbNVUQ + Ȏ^@%,q\4aEQEi>Rv \ No newline at end of file diff --git a/hosts/cube/hardware.nix b/hosts/cube/hardware.nix index 031996f..47cdec9 100644 --- a/hosts/cube/hardware.nix +++ b/hosts/cube/hardware.nix @@ -1,8 +1,10 @@ -{ ulib, modulesPath, ... }: with ulib; merge +{ lib, modulesPath, ... }: with lib; -(modulesPath + "/profiles/qemu-guest.nix") +systemConfiguration { + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; -(serverSystemConfiguration { boot.loader.grub = enabled { device = "/dev/vda"; useOSProber = true; @@ -17,7 +19,7 @@ ]; fileSystems."/" = { - device = "/dev/disk/by-uuid/a14e3685-693a-4099-a2fe-ce959935dd50"; + device = "/dev/disk/by-label/root"; fsType = "ext4"; }; -}) +} diff --git a/hosts/cube/mail/default.nix b/hosts/cube/mail/default.nix index fef217c..c0b0643 100644 --- a/hosts/cube/mail/default.nix +++ b/hosts/cube/mail/default.nix @@ -1,15 +1,18 @@ -{ config, lib, ulib, ... }: with ulib; +{ config, lib, ... }: with lib; let inherit (config.networking) domain; fqdn = "mail.${domain}"; -in serverSystemConfiguration { - age.secrets."hosts/cube/mail/password".file = ./password.age; + + prometheusPort = 9040; +in systemConfiguration { + secrets.mailPassword.file = ./password.age; services.prometheus = { exporters.postfix = enabled { - port = 9040; + listenAddress = "[::1]"; + port = prometheusPort; }; scrapeConfigs = [{ @@ -18,27 +21,12 @@ in serverSystemConfiguration { static_configs = [{ labels.job = "postfix"; targets = [ - "[::]:${toString config.services.prometheus.exporters.postfix.port}" + "[::1]:${toString prometheusPort}" ]; }]; }]; }; - services.fail2ban.jails = { - dovecot.settings = { - filter = "dovecot"; - maxretry = 3; - }; - - postfix.settings = { - filter = "postfix"; - maxretry = 3; - }; - }; - - services.kresd.listenPlain = lib.mkForce [ "[::]:53" "0.0.0.0:53" ]; - services.redis.servers.rspamd.bind = "0.0.0.0"; - services.dovecot2.sieve = { extensions = [ "fileinto" ]; globalExtensions = [ "+vnd.dovecot.pipe" "+vnd.dovecot.environment" ]; @@ -74,7 +62,7 @@ in serverSystemConfiguration { loginAccounts."contact@${domain}" = { aliases = [ "@${domain}" ]; - hashedPasswordFile = config.age.secrets."hosts/cube/mail/password".path; + hashedPasswordFile = config.secrets.mailPassword.path; }; }; } diff --git a/hosts/cube/mail/password.age b/hosts/cube/mail/password.age index 54765f9..6e93dd8 100644 Binary files a/hosts/cube/mail/password.age and b/hosts/cube/mail/password.age differ diff --git a/hosts/cube/matrix-synapse/password.secret.age b/hosts/cube/matrix-synapse/password.secret.age deleted file mode 100644 index 40911ac..0000000 Binary files a/hosts/cube/matrix-synapse/password.secret.age and /dev/null differ diff --git a/hosts/cube/matrix-synapse/password.sync.age b/hosts/cube/matrix-synapse/password.sync.age deleted file mode 100644 index efa6027..0000000 --- a/hosts/cube/matrix-synapse/password.sync.age +++ /dev/null @@ -1,6 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 +rZ0Tw qnll3AmLOYVpsLP78bOa0F20HjoN0dOFK2Rk/Ye5w24 -Gsmy22GHYX+0dlrUJalVlPXTWyzCz7q9W5gQza71XbA ---- UQhQek9ss1w8rqxj7HQxh8H/uaIsTK5SIfxqCAe1xoQ -fɏ ZrUZ'P~@f 5_cru/<Q|fY[r^SO6}> -d!HkZXr$j [\nB(/# \ No newline at end of file diff --git a/hosts/cube/matrix-synapse/default.nix b/hosts/cube/matrix/default.nix similarity index 71% rename from hosts/cube/matrix-synapse/default.nix rename to hosts/cube/matrix/default.nix index e53b84e..3e4e90d 100644 --- a/hosts/cube/matrix-synapse/default.nix +++ b/hosts/cube/matrix/default.nix @@ -1,4 +1,4 @@ -{ config, ulib, ... }: with ulib; +{ config, lib, ... }: with lib; let inherit (config.networking) domain; @@ -16,6 +16,7 @@ let clientConfig."m.homeserver".base_url = "https://${chatDomain}"; clientConfig."org.matrix.msc3575.proxy".url = "https://${syncDomain}"; + serverConfig."m.server" = "${chatDomain}:443"; wellKnownResponseConfig.locations = { @@ -26,8 +27,8 @@ let notFoundLocationConfig = { locations."/".extraConfig = "return 404;"; - extraConfig = "error_page 404 /404.html;"; - locations."= /404.html".extraConfig = "internal;"; + extraConfig = "error_page 404 /404.html;"; + locations."/404".extraConfig = "internal;"; locations."/assets/".extraConfig = "return 301 https://${domain}$request_uri;"; }; @@ -35,11 +36,11 @@ let synapsePort = 8001; syncPort = 8002; in serverSystemConfiguration { - age.secrets."hosts/cube/matrix-synapse/password.secret" = { + secrets.matrixSecret = { file = ./password.secret.age; owner = "matrix-synapse"; }; - age.secrets."hosts/cube/matrix-synapse/password.sync" = { + secrets.matrixSyncPassword = { file = ./password.sync.age; owner = "matrix-synapse"; }; @@ -88,12 +89,12 @@ in serverSystemConfiguration { }; # Sets registration_shared_secret. - extraConfigFiles = [ config.age.secrets."hosts/cube/matrix-synapse/password.secret".path ]; + extraConfigFiles = [ config.secrets.matrixSecret.path ]; settings.listeners = [{ port = synapsePort; - bind_addresses = [ "::" ]; + bind_addresses = [ "::1" ]; tls = false; type = "http"; x_forwarded = true; @@ -107,29 +108,29 @@ in serverSystemConfiguration { services.nginx.virtualHosts.${domain} = wellKnownResponseConfig; - services.nginx.virtualHosts.${chatDomain} = ulib.recursiveUpdateAll [ (sslTemplate domain) wellKnownResponseConfig notFoundLocationConfig { + services.nginx.virtualHosts.${chatDomain} = merge config.sslTemplate wellKnownResponseConfig notFoundLocationConfig { root = "${sitePath}"; - locations."/_matrix".proxyPass = "http://[::]:${toString synapsePort}"; - locations."/_synapse/client".proxyPass = "http://[::]:${toString synapsePort}"; - }]; + locations."/_matrix".proxyPass = "http://[::1]:${toString synapsePort}"; + locations."/_synapse/client".proxyPass = "http://[::1]:${toString synapsePort}"; + }; services.matrix-sliding-sync = enabled { - environmentFile = config.age.secrets."hosts/cube/matrix-synapse/password.sync".path; + environmentFile = config.age.secrets.matrixSyncPassword.path; settings = { SYNCV3_SERVER = "https://${chatDomain}"; SYNCV3_DB = "postgresql:///matrix-sliding-sync?host=/run/postgresql"; - SYNCV3_BINDADDR = "[::]:${toString syncPort}"; + SYNCV3_BINDADDR = "[::1]:${toString syncPort}"; }; }; - services.nginx.virtualHosts.${syncDomain} = ulib.recursiveUpdateAll [ (sslTemplate domain) notFoundLocationConfig { - root = "${sitePath}"; + services.nginx.virtualHosts.${syncDomain} = merge config.sslTemplate notFoundLocationConfig { + root = sitePath; locations."~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync)" - .proxyPass = "http://[::]:${toString synapsePort}"; + .proxyPass = "http://[::1]:${toString synapsePort}"; locations."~ ^(\\/_matrix|\\/_synapse\\/client)" - .proxyPass = "http://[::]:${toString syncPort}"; - }]; + .proxyPass = "http://[::1]:${toString syncPort}"; + }; } diff --git a/hosts/cube/matrix/password.secret.age b/hosts/cube/matrix/password.secret.age new file mode 100644 index 0000000..c125322 Binary files /dev/null and b/hosts/cube/matrix/password.secret.age differ diff --git a/hosts/cube/matrix/password.sync.age b/hosts/cube/matrix/password.sync.age new file mode 100644 index 0000000..033da0a --- /dev/null +++ b/hosts/cube/matrix/password.sync.age @@ -0,0 +1,15 @@ +age-encryption.org/v1 +-> ssh-ed25519 +rZ0Tw 0X0Ku7Shx9cZTtdBQvBT0yNdiRBCA72grq9mbBn5w30 +pv1SwZo5Sw2Y0AH5r0U4oIE+l2HLUfAMZa7MdExmi/0 +-> ssh-rsa jPaU3Q +yQ4L8WaeBIqJmXXnXiZAq0l0hwaWoIZDUsx1Yfu65CwkhNzxE3zC7qn8TG+/yz90 +jxv3qCwkCfKUA12R1JHJj4TAvDXgBw8Icd24M5KcXaCQGZdTGEhGSod1kHFDx30R +J5xJ4a+kJRUGL2UOsXwFBM/7pk/gMgfPvY8kckc0jCXR4w6UxQ2g1T29uqGo17CP +GVHnHW+Kckc34x7Szry9gLKORNlwXskfkAOhXRnoSoj6pMNiTi6qY36DJZtrO38b +CBSx3xe5JzRn+/SwumV+lk5LG/7rqQYttffdIY/qkB322Yl5pJF8eglc/fOShbaM +AgMsOSioE17Kp7dlWOVnYjhcFqPITUryfeCnOzmeWAK7FG1s4nErSw0X9sKn1fYr +zXPnu/J+f862skfkgnJwUEe3hjzwEvnxNGPaTLCBluYeyKQs8L/veTMQkgEjAJKn +/Gzoh/aYEiYgSFsAid9jteup5jNhQS+j7jvF+zjlKgWaQ8k6IcqVK8p2fd8NQ47Y + +--- KeyAgC1N1Th+hPkr7kT2b5tk+yd+oN8z7MbVtzHTQHE +3 n)ä%('R?e5OQǝ7<MdHr0yhlEG{옷NJnj㔰;tEpyObm1ݰ}ʋH=α[ \ No newline at end of file diff --git a/hosts/cube/nextcloud/default.nix b/hosts/cube/nextcloud/default.nix index f5dfdba..7259478 100644 --- a/hosts/cube/nextcloud/default.nix +++ b/hosts/cube/nextcloud/default.nix @@ -1,19 +1,49 @@ - { config, lib, ulib, pkgs, ... }: with ulib; + { config, lib, pkgs, ... }: with lib; let inherit (config.networking) domain; fqdn = "cloud.${domain}"; -in serverSystemConfiguration { - age.secrets."hosts/cube/nextcloud/password" = { + + prometheusPort = 9060; + + nextcloudPackage = pkgs.nextcloud28; +in systemConfiguration { + secrets.nextcloudPassword = { file = ./password.age; owner = "nextcloud"; }; + secrets.nextcloudExporterPassword = { + file = ./password.age; + owner = "nextcloud-exporter"; + }; + + services.prometheus = { + exporters.nextcloud = enabled { + listenAddress = "[::1]"; + port = prometheusPort; + + username = "admin"; + url = "https://${fqdn}"; + passwordFile = config.secrets.nextcloudExporterPassword.path; + }; + + scrapeConfigs = [{ + job_name = "nextcloud"; + + static_configs = [{ + labels.job = "nextcloud"; + targets = [ + "[::1]:${toString prometheusPort}" + ]; + }]; + }]; + }; services.postgresql = { ensureDatabases = [ "nextcloud" ]; ensureUsers = [{ - name = "nextcloud"; + name = "nextcloud"; ensureDBOwnership = true; }]; }; @@ -22,7 +52,7 @@ in serverSystemConfiguration { after = [ "postgresql.service" ]; requires = [ "postgresql.service" ]; - script = lib.mkAfter '' + script = mkAfter '' nextcloud-occ theming:config name "RGBCube's Depot" nextcloud-occ theming:config slogan "RGBCube's storage of insignificant data." @@ -34,7 +64,7 @@ in serverSystemConfiguration { }; services.nextcloud = enabled { - package = pkgs.nextcloud28; + package = nextcloudPackage; hostName = fqdn; https = true; @@ -42,7 +72,7 @@ in serverSystemConfiguration { configureRedis = true; config.adminuser = "admin"; - config.adminpassFile = config.age.secrets."hosts/cube/nextcloud/password".path; + config.adminpassFile = config.secrets.nextcloudPassword.path; config.dbhost = "/run/postgresql"; config.dbtype = "pgsql"; @@ -50,7 +80,7 @@ in serverSystemConfiguration { settings = { default_phone_region = "TR"; - mail_smtphost = "::"; + mail_smtphost = "::1"; mail_smtpmode = "sendmail"; mail_from_address = "cloud"; }; @@ -76,16 +106,15 @@ in serverSystemConfiguration { extraAppsEnable = true; extraApps = { - inherit (config.services.nextcloud.package.packages.apps) + inherit (nextcloudPackage.packages.apps) bookmarks calendar contacts deck - forms groupfolders impersonate - mail maps notes phonetrack - polls previewgenerator tasks; + forms groupfolders impersonate mail + maps notes polls previewgenerator tasks; # Add: files_markdown files_texteditor memories news }; nginx.recommendedHttpHeaders = true; }; - services.nginx.virtualHosts.${fqdn} = sslTemplate domain; + services.nginx.virtualHosts.${fqdn} = config.sslTemplate; } diff --git a/hosts/cube/nextcloud/password.age b/hosts/cube/nextcloud/password.age index 5836b95..ef657fa 100644 --- a/hosts/cube/nextcloud/password.age +++ b/hosts/cube/nextcloud/password.age @@ -1,5 +1,15 @@ age-encryption.org/v1 --> ssh-ed25519 +rZ0Tw 3QOn//uIWJTnBEVz3bn3s3yQlAeGDCynaJ4C+2Zi8iE -AsPa4woWILuLVS0bvkLBddda9mQqJ9CS1hkWwhNrLg8 ---- 7XNX3eRRei1LrcRiQSLgHJ0OkYt145uDVq+gtN/A9tk -\KDr.'QDML3I3 \ No newline at end of file +-> ssh-ed25519 +rZ0Tw HGa+kmHedio/tQYp0ZuMCMjdEOtETkioVoRf0a5pkkY +OoAFxkLB8pSADTgUcCwdqInYwF83//28Cza8jblQzaU +-> ssh-rsa jPaU3Q +W1fQyikhppgQKqASdAuKX2tpDrNgdXhe5LD1KjPuocTUa3sS+DM9UYf8Ap/uNDlA +V481pDnrzO9c7lwP/HzUU4O2cm5APbT+Ho0kF1B+W4T3DiXt4/pvzxcufApoloY5 +bM7l3eH4gsp6Buiqr0EowZ48KNi9wW4OXxqjVRSCbyyfygEAl80zT8QP1/cF7A4q +JwHVM6oyGLwLkfXrdLdxQw9T1Q/5wTCePBfzNzCE6XhmL48Hb1vKXnOwTpobVb1v +Dn0FuD7GvhkgV06sd34sN6YO90lJAgPKvE0up2gIHG2FEJK0Pt8Er+SFJ5gag+W6 +fNZ/0P3lT/sB1WSWNn5w4nzmCU5VhxdJf+8hkdRwYqnGoE29YJXT/vW8PX4qFDGf +++0HDup6FHFp4VZf6NwVI/Ua68IfyX53Y7iAeLvMiSF/SK5b4KezR0oTRd88t6x+ +qA/iv9wcV5z2qDXaVyitcREpC+bwvF7HdI+qmFIl9i5oMFv+pSoxuQRrTtAoBwup + +--- TsR5Ga8FM1YlCiUXVghF3MoWq9jvAo4/2g8IvOrBMCg +Nyj㦩u2҃pB,0l ssh-ed25519 +rZ0Tw 5+B9syGilyIjTRiIbR/tQqIRZ5ZUax8gOIZR62lYGhw -vTzxsGNvqnZKGkDHy2+gyIIPqLXZltVBzwEQ5HeuLO0 ---- eRFepEnDGHeb96HOq0kZOvILnQlL/WCf8fnVJbFHP8w -iao'D̗c[\;m/K݂s0 r)Vh}xhzqA}wD ٫VP1jۛ%J- \ No newline at end of file +-> ssh-ed25519 +rZ0Tw AMjDOXqRZGRFrMUIlDdqbSkwXuDSwg+0I7WLgYOnqAU +awL2vueTU9BIRVBcvWQOtV3xoqC8BCrePg/D/FHtz28 +-> ssh-rsa jPaU3Q +wIBOZFIsnXTf0fC3u2EOBdx4WSRefY3rcvG1pjwhUhpkSYc0E9U0EgZHFvfIk2kD +uJUxtob3X45oJtM+8IS5vPrOHJMg8HFUJ/8h8uLJ8Jv2MTZvLeIxg5eFZBtXXR3m +pR8gY0jCTzzrRjwVvF6RHYYFtdVtAKJ9ikI7Y/Q6UKI0Qk5jWBcAVBW0fkW4BM9i +qj0fzByXXnzORePvFItlh8JXI07L8lUgt5cPOtMnoAXZDQRvzTAbHiigHYZZKDgl +s0rw+CZ/lbUm9fvjPdGSOZ2v8Xo147Gf0bUgHMdBpDbFHglBiW2SeP7+JJNV0M3q +eLGgI/eMeBBoQVV/cTRkKZzeB2S7Gsh3ogSBFqmHa9nLEitzATcgW5xyVBN9YdnG +ZDi0GcPbe0VzpGaLIiF+qSNtUjIgKQKFuMoMKT6lcSUUhDw6OK5YeliK7P6JOS30 +rlwsZcxGDEcvJp8lRFKal9Kkv6+0EOr4b3d2NLWe3Wdd5uCpVF3FusAdwgxW8VH+ + +--- jLhThmnzFUBiv2G29RihvdYKXuk6b7JLWyPC+quwX8w +e*V71FpvPE_uG ssh-rsa jPaU3Q -M19jE1+l5CGuAbWy3AAhJcVtW9E1b8al9rgjSJ26ESewP5fipabiW8/KEA6QowU4 -NbFFu9Za0Sqo2ly5AS7kubYROCYQE238cZgMfVG15nFmIP1s3MY8hNZFaeJdjYJW -W8SLTddBA5xWBzfNH2ZtW7KBICMgl5+mKAj35pB6qxcZjj274llFy8d8Xs0UsyDW -4exLZdzbgCXC5JXVgZpOR0Ou0AdJPtHIxYmkaS+gjkr45fSo3XGSepxRw+SOlkV/ -0kQgyw5KPPNZZ9wXo89P4zponyWNqQCKPaxXbGJl44mKBXLxFSvCPjjuAZ7cZ+xn -vd2ZcwztgLV84JT5pSJbUwjo6a5GrzOJ3/frxYgG4MK5foM8iyZ6cHFpNVeyOx/b -IhfCdFc71+c+hfLpa1OETlKYEVYHDQ/nuAELAy81bfEa8OL1yh8q75gJZukgwWX8 -QEJLzwsN/496uBbFwwjj05R4feu35Iql1XLqOrTaixUA6uSdWjsnJscENFpchfzI +Ra86YZeGq1g0NlPLVj/mdqFDp/SZQHL/CDJ3SaFTYtmfUqSER/hXOz7X5wqOZ+Yf +SC0DUxrAaPobkuK9QMayBNmwB8Rq/cGXOb/vKmT5PnLpqNVu0ggIoaO+ZTEiUG8g +ATdjUU+xPQpOCkk7wsdW4AzW1G4bOAS7AXFipfU+BhVtLzGziDJ6Uuglvt0ussku +FHdIaD3AJcQQ1/kMdYtiLPQUaGdBnuUqOLzcoAgsp+4SDMHXKfuvyO7EsOaGVCc1 +RmCwWZ7UqQdwsn2pXUoAXOlhr3QdjiDTcBd6nVbxWCxy/GBpHgD4ffyMrF+Xv48n +fyX9dMhb4AAz6kAN+/7g/WNHuv0kRCjggHCcd9BhRvrZKGBs7h1B6OvUcREDxVr8 +45QpKo2bpQqPBUJPlZXuHRWiQrInGJJHdA2JU1VBGJMnIumVrUCGeJSnBP3Ui46z +GXIqHhgUYvBLXH0eLaHH17fx7ytWez88dDL8wwaHzL8AEtN+/XPFU7kNEU97QZJo ---- 06pUnwHPhIIgovnUcakwOCjfK5Et4twJF8NChBf3G9o - g0Fӻͱ*U;GKsqH-ތ-M v% ojdOxCkJren:KBM7 \ No newline at end of file +--- RNDo4JKbsihikrIB+cxCXuDCbvd2BqdIEKfLsBplLsI +~59\[{ZV7J2<•!UID>GGT*JAI1:zx ͺ?t \ No newline at end of file diff --git a/hosts/enka/password.said.age b/hosts/enka/password.said.age index fb4dcd2..9cd5ff1 100644 --- a/hosts/enka/password.said.age +++ b/hosts/enka/password.said.age @@ -1,13 +1,13 @@ age-encryption.org/v1 -> ssh-rsa jPaU3Q -fNM8bL9QB/wvgB+MZOfWXDrPMCc/2bs3B5t1xgXe/Z6I0HXcnL/G1ipebvth/+Mr -Wv6bMPgPPwrxvWaoC84PHTclp8kqsipTYO4r40cB5F7Yyq+oBOHlm3Kd1SGSPQQn -FPCA0BxFhYQuHtQuqEdoMRZ5YxgoxWoso1gAAMzcnhac9HVK595F4HITpYzs453Q -UTW+c1UigqvI70YNKo2jNSqAwJh2rA4EP/ivz5Y0fOv/WD8TpygbFdbFhvLZ4rBS -NveQrMJcha/KArzu5cxYuQq+vF7ckGmPygGSMGkXCbb66ET8Mj/daBhfPfZ+nC+v -eaBOlAJ4y+jUwajn3PlWelOjUTNoDHdp8I/xHtJs1avmlWhv8pdA/vR/61C0mApd -39uzl2XsnvKQkqlE2CD618h1xsmXk9RDxzUzDuejO0Kv1Of7+SsR1Swk7IKaJQpB -SzAfBCtnJxRsTIDVcBvqtb1cJiBgJt5/FFN8IGa9C0Hf3lFvB8qqR2BlwijhfGi/ +u3Kl4BwfKKxIk1ASkkOeEBOFbusd/hYapO/Ab78sc0ufOIJvso7rXgK8pjIoKhlD +FLJ6kD8m+z79MDJU5o0UdqAEvzT/O5vUAxVI1XWGdDliSAzEQkaLDtz/Hhg8wlel +9l/oCaV5cEB/3JXPI++4Ck+TaZ61+DGcfkQFXBGFITQyQOcErfGP54KyYeMPPKH6 +XB57IahfwK1G9DaIhGxHni328H1d4xmoWobEOS+RalIW9Yc+oJBTw5LEJZpgt8+t +HUQ5x1kKRqqIgZYSuyTV33LI4JxiXpJgPSQIUyUFHCN+0tkshaOa6VjZvIxX+LKi +ZUgAsWTkA/nfpQqX9zOpyhTN1cVR8xUptZWIFlSeu2W9O6xjirOSo6+3574ANrD4 +pvUQe+VEV+U7ePnx81YS9BhESQ8lmqUlaX1d8uGHSWas5DjE8Kcaa6K9k9ab7u9q +mh+g2b/P2w2lVRgrcUyqn2S/coEzaHgskx8fyV23w4BbMefoHWdmsNwGhIew8Uhr ---- JmxH14QpQiLryhESgYyK4H7fpol168CbjecUwfnRFRM -bd!<&-1esă{OqG~.cmu!$(!/asvzw6CE2>.xBb=Ԑgj ssh-ed25519 +rZ0Tw jXnHlBEI/Soqpgq1ivfJHfyG1Vu6587MRmsiiY/s3Gc +PzOumPaUFNwlkD0e0c9ES7Ix1RGsdnqRKgHPBKpIGuc +-> ssh-ed25519 spFFQA wGPxs3a6og3Hjx5a/EHY8cRoFCGHDu9Ce3BH87FwiEc +X3FdpYD1OftG9xaFzQ3mlvZkQPn4AQmCqfB/6KnCVvE +-> ssh-rsa jPaU3Q +WfcscVagmu1lL48CmP+QLrswXBJVGqMvBpOGbIDDbMXXXGQhuDhKX3f/j35ThUeq +snuV+Nz7Fs4y0RRYlZ5ieWbCV3Xa/TaEA1TfoQD4GMZreX7Fn+w4AhfiPFrc9sUV +ZGpfIxBx2HSkV36c0iLS4Vp14wTYJzrY3gJuldMbHLY9tLD0AVF2EJ456WI4KE0v +XpyvdH37BXwpUrWMk7dGvLS0CnQjGBceRcaWaTU93izFO2GiwE0Vk2nRO9EOxaw/ +M08VC7LvAm9Uj4iAJonfnCIf4KdrDlwbBkjDA0FPl2Wg3dOo1/qgGYuMi8wzcuYF +OLbh5kQAcOZ/3QsWnhEd8Vf1BVaQyE/hhelj1R0ZJDB3CeVLdzTlg/MFKUOC9SPw +5znm8ELiQziBariOgGmvAwCYt3O4Wpp7UqWjlnyPBWp94Q6teaj7PuIQ0OCuixPZ +QQikdfG0u0FgXK0fQAmO7/UChbKcrq+xEb84NUd0WiH0t+GTuMq0CpRSg9B1fE0r + +--- iJOaeMlcZ5LkNlwPuRdcpyzARZpDxQB0Mn73JKZLCyM +K`ں^HZL|fT߆À֢E_%?k'ZT&Y^PA~ Ɓ*tӕW/PhhMEAHs^O!HJ~'g9HTIO"IG;][_T}S5eG׮g=]b K HQQXSΕ(ZX϶%}O : \ No newline at end of file diff --git a/keys.nix b/keys.nix index 77aefdf..44ac65b 100644 --- a/keys.nix +++ b/keys.nix @@ -1,4 +1,5 @@ { - enka = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDRSLWxpIMOZIQv9ggDnAwSxmux/TZvuEPgq2HFiH+oI2OE07xYQAiroBVI5HH+aIg1nwpYtArANoD8V9Hrx2XCo2py/fMi9LhJWNMlFVcRLqYrCmrZYhBqZhxXIdY+wXqkSE7kvTKsz84BrhwilfA/bqTgVw2Ro6w0RnTzUhlYx4w10DT3isN09cQJMgvuyWNRlpGpkEGhPwyXythKM2ERoHTfq/XtpiGZQeLr6yoTTd9q4rbvnGGka5IUEz3RrmeXEs13l02IY6dCUFJkRRsK8dvB9zFjQyM08IqdaoHeudZoCOsnl/AiegZ7C5FoYEKIXY86RqxS3TH3nwuxe2fXTNr9gwf2PumM1Yh2WxV4+pHQOksxW8rWgv1nXMT5AG0RrJxr+S0Nn7NBbzCImrprX3mg4vJqT24xcUjUSDYllEMa2ioXGCeff8cwVKK/Ly5fwj0AX1scjiw+b7jD6VvDLA5z+ALwCblxiRMCN0SOMk9/V2Xsg9YIRMHyQwpqu8k= said@enka"; cube = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINMkCJeHcD0SIOZ4HkyF6rqUmbvlKhSha3HWMZ0hbIjp rgb@cube"; + disk = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIItpYQ3Pz6zFifKXvFX7xAC8aby9RW/m5PkW8T9SOee4 floppy@disk"; + enka = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDRSLWxpIMOZIQv9ggDnAwSxmux/TZvuEPgq2HFiH+oI2OE07xYQAiroBVI5HH+aIg1nwpYtArANoD8V9Hrx2XCo2py/fMi9LhJWNMlFVcRLqYrCmrZYhBqZhxXIdY+wXqkSE7kvTKsz84BrhwilfA/bqTgVw2Ro6w0RnTzUhlYx4w10DT3isN09cQJMgvuyWNRlpGpkEGhPwyXythKM2ERoHTfq/XtpiGZQeLr6yoTTd9q4rbvnGGka5IUEz3RrmeXEs13l02IY6dCUFJkRRsK8dvB9zFjQyM08IqdaoHeudZoCOsnl/AiegZ7C5FoYEKIXY86RqxS3TH3nwuxe2fXTNr9gwf2PumM1Yh2WxV4+pHQOksxW8rWgv1nXMT5AG0RrJxr+S0Nn7NBbzCImrprX3mg4vJqT24xcUjUSDYllEMa2ioXGCeff8cwVKK/Ly5fwj0AX1scjiw+b7jD6VvDLA5z+ALwCblxiRMCN0SOMk9/V2Xsg9YIRMHyQwpqu8k= said@enka"; } diff --git a/lib/configuration.nix b/lib/configuration.nix deleted file mode 100644 index bff22f7..0000000 --- a/lib/configuration.nix +++ /dev/null @@ -1,37 +0,0 @@ -users: let - userHomeConfiguration = users: configuration: { - home-manager.users = builtins.foldl' (final: user: final // { - ${user} = configuration; - }) {} (if builtins.isList users then users else [ users ]); - }; -in rec { - inherit users; - - isServer = users.graphical == []; - isDesktop = !isServer; - - # For every machine. - systemConfiguration = configuration: configuration; - systemPackages = packages: systemConfiguration { environment.systemPackages = packages; }; - systemFonts = packages: systemConfiguration { fonts.packages = packages; }; - - # For every user, on every machine. - homeConfiguration = configuration: { home-manager.sharedModules = [ configuration ]; }; - homePackages = packages: homeConfiguration { home.packages = packages; }; - - # For every desktop. - desktopSystemConfiguration = configuration: if isServer then {} else configuration; - desktopSystemPackages = packages: if isServer then {} else systemPackages packages; - desktopSystemFonts = packages: if isServer then {} else systemFonts packages; - # For every graphical user on every desktop. - desktopHomeConfiguration = configuration: if isServer then {} else userHomeConfiguration users.graphical configuration; - desktopHomePackages = packages: if isServer then {} else desktopHomeConfiguration { home.packages = packages; }; - - # For every server. - serverSystemConfiguration = configuration: if isServer then configuration else {}; - serverSystemPackages = packages: if isServer then systemPackages packages else {}; - serverSystemFonts = packages: if isServer then systemFonts packages else {}; - # For every user on every server. - serverHomeConfiguration = configuration: if isServer then homeConfiguration configuration else {}; - serverHomePackages = packages: if isServer then homePackages packages else {}; -} diff --git a/lib/configuration1.nix b/lib/configuration1.nix new file mode 100644 index 0000000..067df8c --- /dev/null +++ b/lib/configuration1.nix @@ -0,0 +1,6 @@ +lib: { + systemConfiguration = cfg: cfg; + systemPackages = pkgs: { environment.systemPackages = pkgs; }; + systemFonts = pkgs: { fonts.packages = pkgs; }; + homeConfiguration = cfg: { home-manager.sharedModules = [ cfg ]; }; +} diff --git a/lib/configuration2.nix b/lib/configuration2.nix new file mode 100644 index 0000000..aa59e78 --- /dev/null +++ b/lib/configuration2.nix @@ -0,0 +1,32 @@ +lib: config: let + userHomeConfiguration = users: cfg: { + home-manager.users = lib.genAttrs users (_: cfg); + }; + + allNormalUsers = [ "root" ] ++ lib.pipe config.users.users [ + (lib.filterAttrs (_: lib.getAttr "isNormalUser")) + lib.attrNames + ]; + + desktopUsers = lib.pipe config.users.users [ + (lib.filterAttrs (_: lib.getAttr "isDesktopUser")) + lib.attrNames + ]; +in rec { + inherit allNormalUsers desktopUsers; + + isDesktop = desktopUsers != []; + isServer = desktopUsers == []; + + desktopSystemConfiguration = cfg: lib.optionalAttrs isDesktop cfg; + desktopSystemPackages = pkgs: desktopSystemConfiguration (lib.systemPackages pkgs); + desktopSystemFonts = pkgs: desktopSystemConfiguration (lib.systemFonts pkgs); + desktopUserHomeConfiguration = cfg: userHomeConfiguration desktopUsers cfg; + desktopUserHomePackages = pkgs: desktopUserHomeConfiguration { home.packages = pkgs; }; + desktopHomeConfiguration = cfg: desktopSystemConfiguration (lib.homeConfiguration cfg); + desktopHomePackages = pkgs: desktopHomeConfiguration { home.packages = pkgs; }; + + serverSystemConfiguration = cfg: lib.optionalAttrs isServer cfg; + serverSystemPackages = pkgs: serverSystemConfiguration (lib.systemPackages pkgs); + serverHomeConfiguration = cfg: serverSystemConfiguration (lib.homeConfiguration cfg); +} diff --git a/lib/default.nix b/lib/default.nix deleted file mode 100644 index 634af0a..0000000 --- a/lib/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -lib: users: let - configuration = import ./configuration.nix users; - merge = import ./merge.nix lib; - ssl = import ./ssl.nix; - values = import ./values.nix; -in configuration // merge // ssl // values diff --git a/lib/enabled.nix b/lib/enabled.nix new file mode 100644 index 0000000..f55fac8 --- /dev/null +++ b/lib/enabled.nix @@ -0,0 +1,11 @@ +lib: { + enabled = lib.mkMerge [{ + enable = true; + }] // { + __functor = self: attributes: self // { + contents = self.contents ++ [ attributes ]; + }; + }; + + disabled = { enable = false; }; +} diff --git a/lib/merge.nix b/lib/merge.nix index cd72807..14d86a5 100644 --- a/lib/merge.nix +++ b/lib/merge.nix @@ -1,13 +1,7 @@ -lib: let - mergeAll = builtins.foldl' (collected: module: { - imports = collected.imports ++ [ module ]; - }) { imports = []; }; -in { - merge = a: b: mergeAll [ a b ]; - merge3 = a: b: c: mergeAll [ a b c ]; - merge4 = a: b: c: d: mergeAll [ a b c d ]; - merge5 = a: b: c: d: e: mergeAll [ a b c d e ]; - merge6 = a: b: c: d: e: f: mergeAll [ a b c d e f ]; - - recursiveUpdateAll = builtins.foldl' lib.recursiveUpdate {}; +lib: { + merge = lib.mkMerge [] // { + __functor = self: next: self // { + contents = self.contents ++ [ next ]; + }; + }; } diff --git a/lib/modules.nix b/lib/modules.nix new file mode 100644 index 0000000..e8e1586 --- /dev/null +++ b/lib/modules.nix @@ -0,0 +1,10 @@ +lib: { + mkConst = value: lib.mkOption { + default = value; + readOnly = true; + }; + + mkValue = value: lib.mkOption { + default = value; + }; +} diff --git a/lib/ssl.nix b/lib/ssl.nix deleted file mode 100644 index 474c971..0000000 --- a/lib/ssl.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ - sslTemplate = domain: { - forceSSL = true; - quic = true; - useACMEHost = domain; - }; -} diff --git a/lib/values.nix b/lib/values.nix index a2328e4..00dfd25 100644 --- a/lib/values.nix +++ b/lib/values.nix @@ -1,18 +1,19 @@ -{ - enabled = attributes: attributes // { - enable = true; - }; - +lib: { normalUser = attributes: attributes // { isNormalUser = true; }; + sudoUser = attributes: attributes // { + isNormalUser = true; + extraGroups = [ "wheel" ] ++ attributes.extraGroups or []; + }; + + desktopUser = attributes: attributes // { + isNormalUser = true; + isDesktopUser = true; # Defined in options/desktop.nix. + }; + systemUser = attributes: attributes // { isSystemUser = true; }; - - graphicalUser = attributes: attributes // { - isNormalUser = true; - extraGroups = [ "graphical" ] ++ attributes.extraGroups or []; - }; } diff --git a/modules/autofreq.nix b/modules/autofreq.nix index f0ef820..53372c9 100644 --- a/modules/autofreq.nix +++ b/modules/autofreq.nix @@ -1,5 +1,5 @@ -{ ulib, ... }: with ulib; +{ lib, ... }: with lib; desktopSystemConfiguration { - services.auto-cpufreq = enabled {}; + services.auto-cpufreq = enabled; } diff --git a/modules/bat.nix b/modules/bat.nix index b9de9b1..0afdf35 100644 --- a/modules/bat.nix +++ b/modules/bat.nix @@ -1,17 +1,19 @@ -{ ulib, pkgs, theme, ... }: with ulib; +{ config, lib, pkgs, ... }: with lib; merge -homeConfiguration { - programs.nushell.environmentVariables = { - MANPAGER = ''"bat --plain --language man"''; - PAGER = ''"bat --plain"''; +(systemConfiguration { + environment.variables = { + MANPAGER = "bat --plain --language man"; + PAGER = "bat --plain"; }; - programs.nushell.shellAliases.cat = "bat"; + environment.shellAliases.cat = "bat"; +}) +(homeConfiguration { programs.bat = enabled { - config.theme = "base16"; - themes.base16.src = pkgs.writeText "base16.tmTheme" theme.tmTheme; + config.theme = "base16"; + themes.base16.src = pkgs.writeText "base16.tmTheme" config.theme.tmTheme; config.pager = "less -FR"; }; -} +}) diff --git a/modules/blueman.nix b/modules/blueman.nix index d7b426a..23fa606 100644 --- a/modules/blueman.nix +++ b/modules/blueman.nix @@ -1,7 +1,7 @@ -{ ulib, ... }: with ulib; +{ lib, ... }: with lib; desktopSystemConfiguration { - services.blueman = enabled {}; + services.blueman = enabled; hardware.bluetooth = enabled { powerOnBoot = true; diff --git a/modules/btop.nix b/modules/btop.nix index ac2f44c..de1fb80 100644 --- a/modules/btop.nix +++ b/modules/btop.nix @@ -1,11 +1,11 @@ -{ ulib, theme, ... }: with ulib; +{ config, lib, ... }: with lib; homeConfiguration { - xdg.configFile."btop/themes/base16.theme".text = theme.btopTheme; + xdg.configFile."btop/themes/base16.theme".text = config.theme.btopTheme; programs.btop = enabled { settings.color_theme = "base16"; - settings.rounded_corners = theme.cornerRadius != 0; + settings.rounded_corners = config.theme.cornerRadius > 0; }; } diff --git a/modules/discord.nix b/modules/discord.nix index a318d9c..b1fda87 100644 --- a/modules/discord.nix +++ b/modules/discord.nix @@ -1,15 +1,15 @@ -{ ulib, pkgs, theme, ... }: with ulib; merge3 +{ config, lib, pkgs, ... }: with lib; merge (desktopSystemConfiguration { nixpkgs.config.allowUnfree = true; }) -(desktopHomeConfiguration { - xdg.configFile."Vencord/settings/quickCss.css".text = theme.discordCss; +(desktopUserHomeConfiguration { + xdg.configFile."Vencord/settings/quickCss.css".text = config.theme.discordCss; }) -(desktopHomePackages (with pkgs; [ - (discord-canary.override { +(desktopUserHomePackages (with pkgs; [ + (discord.override { withOpenASAR = true; withVencord = true; }) diff --git a/modules/documentation.nix b/modules/documentation.nix index 93112cf..c2f0218 100644 --- a/modules/documentation.nix +++ b/modules/documentation.nix @@ -1,9 +1,9 @@ -{ ulib, ... }: with ulib; +{ lib, ... }: with lib; systemConfiguration { documentation = { - doc.enable = false; - info.enable = false; + doc = disabled; + info = disabled; man = enabled { generateCaches = true; diff --git a/modules/dunst.nix b/modules/dunst.nix index fae5844..c1bd869 100644 --- a/modules/dunst.nix +++ b/modules/dunst.nix @@ -1,7 +1,7 @@ -{ ulib, theme, ... }: with ulib; +{ config, lib, ... }: with lib; -desktopHomeConfiguration { - services.dunst = with theme.withHashtag; enabled { +desktopUserHomeConfiguration { + services.dunst = with config.theme.withHashtag; enabled { iconTheme = icons; settings.global = { diff --git a/modules/endlessh-go.nix b/modules/endlessh-go.nix index d97982f..ac56d7b 100644 --- a/modules/endlessh-go.nix +++ b/modules/endlessh-go.nix @@ -1,13 +1,16 @@ -{ config, ulib, pkgs, ... }: with ulib; +{ lib, pkgs, ... }: with lib; -serverSystemConfiguration { +let + fakeSSHPort = 22; + prometheusPort = 9050; +in serverSystemConfiguration { services.prometheus.scrapeConfigs = [{ job_name = "endlessh-go"; static_configs = [{ labels.job = "endlessh-go"; targets = [ - "[::]:${toString config.services.endlessh-go.prometheus.port}" + "[::1]:${toString prometheusPort}" ]; }]; }]; @@ -17,10 +20,11 @@ serverSystemConfiguration { # services.endlessh-go.openFirewall exposes both the Prometheus # exporters port and the SSH port, and we don't want the metrics # to leak, so we manually expose this like so. - networking.firewall.allowedTCPPorts = [ config.services.endlessh-go.port ]; + networking.firewall.allowedTCPPorts = [ fakeSSHPort ]; services.endlessh-go = enabled { - port = 22; + listenAddress = "[::]"; + port = fakeSSHPort; extraOptions = [ "-alsologtostderr" @@ -29,8 +33,8 @@ serverSystemConfiguration { ]; prometheus = enabled { - listenAddress = "[::]"; - port = 9050; + listenAddress = "[::1]"; + port = prometheusPort; }; }; } diff --git a/modules/fail2ban.nix b/modules/fail2ban.nix deleted file mode 100644 index 0b64ad3..0000000 --- a/modules/fail2ban.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ ulib, ... }: with ulib; - -serverSystemConfiguration { - services.fail2ban = enabled { - bantime = "24h"; - bantime-increment = enabled { - maxtime = "7d"; - }; - }; -} diff --git a/modules/firefox.nix b/modules/firefox.nix index 7c6c220..989834a 100644 --- a/modules/firefox.nix +++ b/modules/firefox.nix @@ -1,8 +1,8 @@ -{ ulib, theme, ... }: with ulib; +{ config, lib, ... }: with lib; -desktopHomeConfiguration { +desktopUserHomeConfiguration { programs.firefox = enabled { - profiles.default.settings = with theme.font; { + profiles.default.settings = with config.theme.font; { "general.autoScroll" = true; "privacy.donottrackheader.enabled" = true; diff --git a/modules/fonts.nix b/modules/fonts.nix index 628ece3..9e1da4e 100644 --- a/modules/fonts.nix +++ b/modules/fonts.nix @@ -1,6 +1,6 @@ -{ ulib, pkgs, theme, ... }: with ulib; merge +{ config, lib, pkgs, ... }: with lib; merge -(systemConfiguration { +(desktopSystemConfiguration { console = { earlySetup = true; font = "Lat2-Terminus16"; @@ -8,12 +8,16 @@ }; }) -(desktopSystemFonts (with pkgs; [ - theme.font.sans.package - theme.font.mono.package +(desktopSystemFonts [ + config.theme.font.sans.package + config.theme.font.mono.package - noto-fonts - noto-fonts-cjk-sans - noto-fonts-lgc-plus - noto-fonts-emoji -])) + pkgs.noto-fonts + pkgs.noto-fonts-cjk-sans + pkgs.noto-fonts-lgc-plus + pkgs.noto-fonts-emoji +]) + +(serverSystemConfiguration { + fonts.fontconfig = disabled; +}) diff --git a/modules/fuzzel.nix b/modules/fuzzel.nix index 0088f55..6fceeaa 100644 --- a/modules/fuzzel.nix +++ b/modules/fuzzel.nix @@ -1,7 +1,7 @@ -{ ulib, theme, ... }: with ulib; +{ config, lib, ... }: with lib; -desktopHomeConfiguration { - programs.fuzzel = with theme; enabled { +desktopUserHomeConfiguration { + programs.fuzzel = with config.theme; enabled { settings.main = { dpi-aware = false; font = "${font.sans.name}:size=${toString font.size.big}"; @@ -19,13 +19,13 @@ desktopHomeConfiguration { inner-pad = padding; }; - settings.colors = { - background = base00 + "FF"; - text = base05 + "FF"; - match = base0A + "FF"; - selection = base05 + "FF"; - selection-text = base00 + "FF"; - border = base0A + "FF"; + settings.colors = mapAttrs (_: color: color + "FF") { + background = base00; + text = base05; + match = base0A; + selection = base05; + selection-text = base00; + border = base0A; }; settings.border = { diff --git a/modules/ghostty.nix b/modules/ghostty.nix index c39a19c..1f3828c 100644 --- a/modules/ghostty.nix +++ b/modules/ghostty.nix @@ -1,18 +1,14 @@ -{ inputs, lib, ulib, pkgs, upkgs, theme, ... }: with ulib; merge +{ config, lib, pkgs, ... }: with lib; -(desktopSystemConfiguration { - home-manager.sharedModules = [ inputs.ghosttyModule.homeModules.default ]; -}) - -(desktopHomeConfiguration { +desktopUserHomeConfiguration { programs.nushell.environmentVariables.TERMINAL = "ghostty"; programs.ghostty = enabled { - package = upkgs.ghostty; + package = pkgs.ghostty; clearDefaultKeybindings = true; - keybindings = (lib.mapAttrs' (name: lib.nameValuePair "ctrl+shift+${name}") { + keybindings = (mapAttrs' (name: nameValuePair "ctrl+shift+${name}") { c = "copy_to_clipboard"; v = "paste_from_clipboard"; @@ -50,14 +46,15 @@ "physical:eight" = "goto_tab:8"; "physical:nine" = "goto_tab:9"; "physical:zero" = "goto_tab:10"; - }) // (lib.mapAttrs' (name: lib.nameValuePair "ctrl+${name}") { - "physical:tab" = "next_tab"; + }) // (mapAttrs' (name: nameValuePair "ctrl+${name}") { + "physical:tab" = "next_tab"; "shift+physical:tab" = "previous_tab"; }); - shellIntegration.enable = false; + # Disabled here as Nushell isn't supported and Nushell enables it in its own config. + shellIntegration = disabled; - settings = with theme; { + settings = with config.theme; { font-size = font.size.normal; font-family = font.mono.name; @@ -73,4 +70,4 @@ ]; }; }; -}) +} diff --git a/modules/git.nix b/modules/git.nix index 3277d03..9c31f66 100644 --- a/modules/git.nix +++ b/modules/git.nix @@ -1,7 +1,7 @@ -{ lib, ulib, pkgs, ... }: with ulib; merge3 +{ lib, pkgs, ... }: with lib; merge -(homeConfiguration { - programs.nushell.shellAliases = { +(systemConfiguration { + environment.shellAliases = { g = "git"; ga = "git add"; @@ -62,8 +62,10 @@ gst = "git status"; }; +}) - programs.nushell.configFile.text = lib.mkAfter '' +(homeConfiguration { + programs.nushell.configFile.text = mkAfter '' # Sets the remote origin to the specified user and repository on my git instance def gsr [user_and_repo: string] { let user_and_repo = if ($user_and_repo | str index-of "/") != -1 { @@ -82,13 +84,13 @@ userName = "RGBCube"; userEmail = "git@rgbcu.be"; - lfs = enabled {}; + lfs = enabled; difftastic = enabled { background = "dark"; }; - extraConfig = lib.recursiveUpdate { + extraConfig = merge { init.defaultBranch = "master"; commit.verbose = true; @@ -122,7 +124,7 @@ core.sshCommand = "ssh -i ~/.ssh/id"; url."ssh://git@github.com/".insteadOf = "https://github.com/"; url."ssh://forgejo@rgbcu.be:2222/".insteadOf = "https://git.rgbcu.be/"; - } (lib.optionalAttrs ulib.isDesktop { + } (mkIf isDesktop { commit.gpgSign = true; tag.gpgSign = true; gpg.format = "ssh"; @@ -131,13 +133,15 @@ }; }) -(desktopHomeConfiguration { - programs.nushell.shellAliases = { +(desktopSystemConfiguration { + environment.shellAliases = { "??" = "gh copilot suggest --target shell"; "gh?" = "gh copilot suggest --target gh"; "git?" = "gh copilot suggest --target git"; }; +}) +(desktopHomeConfiguration { programs.gh = enabled { settings.git_protocol = "ssh"; }; diff --git a/modules/gtk.nix b/modules/gtk.nix index 20fac3f..687bbaf 100644 --- a/modules/gtk.nix +++ b/modules/gtk.nix @@ -1,21 +1,21 @@ -{ ulib, pkgs, theme, ... }: with ulib; merge +{ config, lib, pkgs, ... }: with lib; merge (desktopSystemConfiguration { - programs.dconf = enabled {}; + programs.dconf = enabled; }) -(desktopHomeConfiguration { +(desktopUserHomeConfiguration { gtk = enabled { - gtk3.extraCss = theme.adwaitaGtkCss; - gtk4.extraCss = theme.adwaitaGtkCss; + gtk3.extraCss = config.theme.adwaitaGtkCss; + gtk4.extraCss = config.theme.adwaitaGtkCss; - font = with theme.font; { + font = with config.theme.font; { inherit (sans) name package; size = size.normal; }; - iconTheme = theme.icons; + iconTheme = config.theme.icons; theme = { name = "Adwaita-dark"; @@ -24,3 +24,4 @@ }; }) + diff --git a/modules/helix.nix b/modules/helix.nix index 9871e14..4da4857 100644 --- a/modules/helix.nix +++ b/modules/helix.nix @@ -1,24 +1,26 @@ -{ ulib, lib, pkgs, upkgs, theme, ... }: with ulib; merge +{ config, lib, pkgs, ... }: with lib; merge + +(systemConfiguration { + environment = { + variables.EDITOR = "hx"; + shellAliases.x = "hx"; + }; +}) (homeConfiguration { - programs.nushell = { - environmentVariables.EDITOR = "hx"; - shellAliases.x = "hx"; - - configFile.text = lib.mkAfter '' - def --wrapped hx [...arguments] { - if $env.TERM == "xterm-kitty" { - kitty @ set-spacing padding=0 - } - - ^hx ...$arguments - - if $env.TERM == "xterm-kitty" { - kitty @ set-spacing padding=${toString theme.padding} - } + programs.nushell.configFile.text = mkAfter '' + def --wrapped hx [...arguments] { + if $env.TERM == "xterm-kitty" { + kitty @ set-spacing padding=0 } - ''; - }; + + ^hx ...$arguments + + if $env.TERM == "xterm-kitty" { + kitty @ set-spacing padding=${toString config.theme.padding} + } + } + ''; programs.helix = enabled { languages.language = let @@ -96,11 +98,6 @@ formatter = denoFormatter "tsx"; language-servers = [ "deno" ]; } - - { # TODO: Remove in the next Helix release. - name = "nu"; - language-servers = [ "nu" ]; - } ]; languages.language-server = { @@ -145,7 +142,7 @@ cursorline = true; bufferline = "multiple"; file-picker.hidden = false; - idle-timeout = 50; + idle-timeout = 0; line-number = "relative"; shell = [ "bash" "-c" ]; text-width = 100; @@ -167,7 +164,7 @@ render.tab = "all"; }; - settings.keys = lib.genAttrs [ "normal" "select" ] (_: { + settings.keys = genAttrs [ "normal" "select" ] (_: { D = "extend_to_line_end"; }); }; @@ -213,5 +210,5 @@ yaml-language-server # ZIG - upkgs.zls + zls ])) diff --git a/modules/hyprland/default.nix b/modules/hyprland/default.nix index 321b40a..94a4585 100644 --- a/modules/hyprland/default.nix +++ b/modules/hyprland/default.nix @@ -1,7 +1,7 @@ -{ ulib, pkgs, upkgs, theme, ... }: with ulib; merge3 +{ config, lib, pkgs, ... }: with lib; merge (desktopSystemConfiguration { - hardware.opengl = enabled {}; + hardware.opengl = enabled; xdg.portal = enabled { config.common.default = "*"; @@ -12,220 +12,205 @@ }; }) -(desktopHomeConfiguration { - wayland.windowManager.hyprland = with theme; enabled { - package = upkgs.hyprland; +(desktopUserHomeConfiguration { + wayland.windowManager.hyprland = enabled { + settings = { + monitor = [ ",preferred,auto,1" ]; + windowrule = [ "noinitialfocus" ]; - extraConfig = - '' - monitor = , preferred, auto, 1 - '' - + - '' - windowrule = noinitialfocus - '' - + - '' - exec-once = wl-paste --type text --watch cliphist store -max-items 1000 - exec-once = wl-paste --type image --watch cliphist store -max-items 1000 + exec-once = [ + "wl-paste --type text --watch cliphist store -max-items 1000" + "wl-paste --type image --watch cliphist store -max-items 1000" + ]; - exec = pkill swaybg; swaybg --image ${./wallpaper.png} + exec = [ + "pkill swaybg; swaybg --image ${./wallpaper.png}" + "pkill --signal SIGUSR2 waybar" + ]; - exec = pkill --signal SIGUSR2 waybar - '' - + - '' - binde = SUPER, left , movefocus, l - binde = SUPER, down , movefocus, d - binde = SUPER, up , movefocus, u - binde = SUPER, right, movefocus, r + bindl = [ + (replaceStrings [ "\n;" "\n" ] [ ";" "" ] '' + ,XF86PowerOff,exec, + pkill fuzzel; + echo -en "Suspend\0icon\x1fsystem-suspend\nHibernate\0icon\x1fsystem-suspend-hibernate-alt2\nPower Off\0icon\x1fsystem-shutdown\nReboot\0icon\x1fsystem-reboot" + | fuzzel --dmenu + | tr --delete " " + | tr '[:upper:]' '[:lower:]' + | ifne xargs systemctl + '') + ]; - binde = SUPER, h, movefocus, l - binde = SUPER, j, movefocus, d - binde = SUPER, k, movefocus, u - binde = SUPER, l, movefocus, r - '' - + - '' - bind = SUPER , TAB, workspace, e+1 - bind = SUPER+ALT, TAB, workspace, e-1 + bindle = [ + ",XF86AudioRaiseVolume , exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+ --limit 1.5" + ",XF86AudioLowerVolume , exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-" - bind = SUPER, mouse_up, workspace, e+1 - bind = SUPER, mouse_down, workspace, e-1 + ",XF86AudioMute , exec, wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle" + ",XF86AudioMicMute , exec, wpctl set-mute @DEFAULT_AUDIO_SOURCE@ toggle" - bind = SUPER, 1, workspace, 1 - bind = SUPER, 2, workspace, 2 - bind = SUPER, 3, workspace, 3 - bind = SUPER, 4, workspace, 4 - bind = SUPER, 5, workspace, 5 + ",XF86MonBrightnessUp , exec, brightnessctl set 5%+" + ",XF86MonBrightnessDown, exec, brightnessctl set --min-value=0 5%-" + ]; - bind = SUPER+ALT, 1, movetoworkspacesilent, 1 - bind = SUPER+ALT, 2, movetoworkspacesilent, 2 - bind = SUPER+ALT, 3, movetoworkspacesilent, 3 - bind = SUPER+ALT, 4, movetoworkspacesilent, 4 - bind = SUPER+ALT, 5, movetoworkspacesilent, 5 + bindm = [ + "SUPER, mouse:272, movewindow" + "SUPER, mouse:274, movewindow" + "SUPER, mouse:273, resizewindow" + ]; - bindm = SUPER, mouse:272, movewindow - bindm = SUPER, mouse:274, movewindow - '' - + - '' - binde = SUPER+CTRL, left , resizeactive, -100 0 - binde = SUPER+CTRL, down , resizeactive, 0 100 - binde = SUPER+CTRL, up , resizeactive, 0 -100 - binde = SUPER+CTRL, right, resizeactive, 100 0 + binde = [ + "SUPER, left , movefocus, l" + "SUPER, down , movefocus, d" + "SUPER, up , movefocus, u" + "SUPER, right, movefocus, r" - binde = SUPER+CTRL, h, resizeactive, -100 0 - binde = SUPER+CTRL, j, resizeactive, 0 100 - binde = SUPER+CTRL, k, resizeactive, 0 -100 - binde = SUPER+CTRL, l, resizeactive, 100 0 + "SUPER, h, movefocus, l" + "SUPER, j, movefocus, d" + "SUPER, k, movefocus, u" + "SUPER, l, movefocus, r" - bindm = SUPER, mouse:273, resizewindow - '' - + - '' - bind = SUPER+ALT, left , movewindow, l - bind = SUPER+ALT, down , movewindow, d - bind = SUPER+ALT, up , movewindow, u - bind = SUPER+ALT, right, movewindow, r + "SUPER+CTRL, left , resizeactive, -100 0" + "SUPER+CTRL, down , resizeactive, 0 100" + "SUPER+CTRL, up , resizeactive, 0 -100" + "SUPER+CTRL, right, resizeactive, 100 0" - bind = SUPER+ALT, h, movewindow, l - bind = SUPER+ALT, j, movewindow, d - bind = SUPER+ALT, k, movewindow, u - bind = SUPER+ALT, l, movewindow, r - '' - + - '' - bind = SUPER , Q, killactive - bind = SUPER , F, fullscreen - bind = SUPER+ALT, F, togglefloating + "SUPER+CTRL, h, resizeactive, -100 0" + "SUPER+CTRL, j, resizeactive, 0 100" + "SUPER+CTRL, k, resizeactive, 0 -100" + "SUPER+CTRL, l, resizeactive, 100 0" + ]; - bind = SUPER+ALT, RETURN, exec, kitty - bind = SUPER , RETURN, exec, ghostty --gtk-single-instance=true - bind = SUPER , W , exec, firefox - bind = SUPER , D , exec, discordcanary - bind = SUPER , E , exec, fractal - bind = SUPER , M , exec, thunderbird - bind = SUPER , T , exec, thunar - bind = SUPER , C , exec, hyprpicker --autocopy + bind = [ + "SUPER , TAB, workspace, e+1" + "SUPER+ALT, TAB, workspace, e-1" - bind = SUPER, B, exec, pkill --signal SIGUSR1 waybar + "SUPER, mouse_up, workspace, e+1" + "SUPER, mouse_down, workspace, e-1" - bind = SUPER, SPACE, exec, pkill fuzzel; fuzzel - bind = SUPER, V , exec, pkill fuzzel; cliphist list | fuzzel --dmenu | cliphist decode | wl-copy + "SUPER, 1, workspace, 1" + "SUPER, 2, workspace, 2" + "SUPER, 3, workspace, 3" + "SUPER, 4, workspace, 4" + "SUPER, 5, workspace, 5" - bind = , PRINT, exec, pkill grim; grim -g "$(slurp -w 0)" - | swappy -f - -o - | wl-copy --type image/png - bind = ALT, PRINT, exec, pkill grim; grim - | swappy -f - -o - | wl-copy --type image/png - '' - + - '' - bindle = , XF86AudioRaiseVolume, exec, wpctl set-volume --limit 1.5 @DEFAULT_AUDIO_SINK@ 5%+ - bindle = , XF86AudioLowerVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%- + "SUPER+ALT, 1, movetoworkspacesilent, 1" + "SUPER+ALT, 2, movetoworkspacesilent, 2" + "SUPER+ALT, 3, movetoworkspacesilent, 3" + "SUPER+ALT, 4, movetoworkspacesilent, 4" + "SUPER+ALT, 5, movetoworkspacesilent, 5" - bindle = , XF86AudioMute , exec, wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle - bindle = , XF86AudioMicMute, exec, wpctl set-mute @DEFAULT_AUDIO_SOURCE@ toggle + "SUPER+ALT, left , movewindow, l" + "SUPER+ALT, down , movewindow, d" + "SUPER+ALT, up , movewindow, u" + "SUPER+ALT, right, movewindow, r" - bindle = , XF86MonBrightnessUp , exec, brightnessctl set 5%+ - bindle = , XF86MonBrightnessDown, exec, brightnessctl set --min-value=0 5%- + "SUPER+ALT, h, movewindow, l" + "SUPER+ALT, j, movewindow, d" + "SUPER+ALT, k, movewindow, u" + "SUPER+ALT, l, movewindow, r" + + "SUPER , Q, killactive" + "SUPER , F, fullscreen" + "SUPER+ALT, F, togglefloating" - bindl = , XF86PowerOff, exec, pkill fuzzel; echo -en "Suspend\0icon\x1fsystem-suspend\nHibernate\0icon\x1fsystem-suspend-hibernate-alt2\nPower Off\0icon\x1fsystem-shutdown\nReboot\0icon\x1fsystem-reboot" | fuzzel --dmenu | tr --delete " " | tr "[:upper:]" "[:lower:]" | ifne xargs systemctl - '' - + - '' - animations { - bezier = material_decelerate, 0.05, 0.7, 0.1, 1 + "SUPER+ALT, RETURN, exec, kitty" + "SUPER , RETURN, exec, ghostty --gtk-single-instance=true" + "SUPER , W , exec, firefox" + "SUPER , D , exec, discord" + "SUPER , E , exec, fractal" + "SUPER , M , exec, thunderbird" + "SUPER , T , exec, thunar" + "SUPER , C , exec, hyprpicker --autocopy" - animation = windows, 1, 2 , material_decelerate, popin 80% - animation = border , 1, 10, default - animation = fade , 1, 2 , default - animation = workspaces,1, 3 , material_decelerate - } - '' - + - '' - decoration { - drop_shadow = false - rounding = ${toString cornerRadius} + "SUPER, B, exec, pkill --signal SIGUSR1 waybar" + "SUPER, SPACE, exec, pkill fuzzel; fuzzel" + "SUPER, V , exec, pkill fuzzel; cliphist list | fuzzel --dmenu | cliphist decode | wl-copy" - blur { - enabled = false - } - } - '' - + - '' - general { - gaps_in = ${toString (margin/ 2)} - gaps_out = ${toString margin} - border_size = ${toString borderWidth} + " , PRINT, exec, pkill grim; grim -g \"$(slurp -w 0)\" - | swappy -f - -o - | wl-copy --type image/png" + "ALT, PRINT, exec, pkill grim; grim - | swappy -f - -o - | wl-copy --type image/png" + ]; - col.active_border = 0xFF${base0A} - col.nogroup_border_active = 0xFF${base0A} + general = with config.theme; { + gaps_in = margin / 2; + gaps_out = margin; + border_size = borderWidth; - col.inactive_border = 0xFF${base01} - col.nogroup_border = 0xFF${base01} + "col.active_border" = "0xFF${base0A}"; + "col.nogroup_border_active" = "0xFF${base0A}"; - cursor_inactive_timeout = 10 - no_cursor_warps = true + "col.inactive_border" = "0xFF${base01}"; + "col.nogroup_border" = "0xFF${base01}"; - resize_on_border = true - } - '' - + - '' - gestures { - workspace_swipe = true - } - '' - + - '' - input { - follow_mouse = 1 + cursor_inactive_timeout = 10; + no_cursor_warps = true; - kb_layout = tr + resize_on_border = true; + }; - repeat_delay = 400 - repeat_rate = 100 + decoration = { + drop_shadow = false; + rounding = config.theme.cornerRadius; - touchpad { - clickfinger_behavior = true - drag_lock = true + blur.enabled = false; + }; - natural_scroll = true - scroll_factor = 0.7 - } - } - '' - + - '' - dwindle { - preserve_split = true - smart_resizing = false - } - '' - + - '' - misc { - animate_manual_resizes = true + input = { + follow_mouse = 1; - disable_hyprland_logo = true - disable_splash_rendering = true + kb_layout = "tr"; - key_press_enables_dpms = true - mouse_move_enables_dpms = true - } - ''; + repeat_delay = 400; + repeat_rate = 100; + + touchpad = { + clickfinger_behavior = true; + drag_lock = true; + + natural_scroll = true; + scroll_factor = 0.7; + }; + }; + + gestures.workspace_swipe = true; + + animations = { + bezier = [ "material_decelerate,0.05,0.7,0.1,1" ]; + + animation = [ + "border , 1, 10, material_decelerate" + "fade , 1, 2 , material_decelerate" + "layers , 1, 2 , material_decelerate" + "windows , 1, 2 , material_decelerate, popin 80%" + "workspaces, 1, 3 , material_decelerate" + ]; + }; + + misc = { + animate_manual_resizes = true; + + disable_hyprland_logo = true; + disable_splash_rendering = true; + + hide_cursor_on_key_press = true; + key_press_enables_dpms = true; + mouse_move_enables_dpms = true; + }; + + dwindle = { + preserve_split = true; + smart_resizing = false; + }; + }; }; }) -(desktopHomePackages (with pkgs; [ +(desktopUserHomePackages (with pkgs; [ brightnessctl cliphist grim + hyprpicker slurp swappy swaybg - upkgs.hyprpicker wl-clipboard xdg-utils xwaylandvideobridge diff --git a/modules/kernel.nix b/modules/kernel.nix index 74ad770..8776b19 100644 --- a/modules/kernel.nix +++ b/modules/kernel.nix @@ -1,4 +1,4 @@ -{ ulib, pkgs, ... }: with ulib; +{ lib, pkgs, ... }: with lib; systemConfiguration { boot.kernelPackages = pkgs.linuxPackages_latest; diff --git a/modules/keyring.nix b/modules/keyring.nix index 375c1a3..b47e244 100644 --- a/modules/keyring.nix +++ b/modules/keyring.nix @@ -1,9 +1,9 @@ -{ ulib, ... }: with ulib; +{ lib, ... }: with lib; desktopSystemConfiguration { - programs.seahorse = enabled {}; + programs.seahorse = enabled; security.pam.services.login.enableGnomeKeyring = true; - services.gnome.gnome-keyring = enabled {}; + services.gnome.gnome-keyring = enabled; } diff --git a/modules/kitty.nix b/modules/kitty.nix index 5294193..abccd87 100644 --- a/modules/kitty.nix +++ b/modules/kitty.nix @@ -1,7 +1,7 @@ -{ ulib, theme, ... }: with ulib; +{ config, lib, ... }: with lib; -desktopHomeConfiguration { - programs.kitty = with theme.withHashtag; enabled { +desktopUserHomeConfiguration { + programs.kitty = with config.theme.withHashtag; enabled { font = with font; { inherit (mono) name package; diff --git a/modules/kresd.nix b/modules/kresd.nix new file mode 100644 index 0000000..ed359ee --- /dev/null +++ b/modules/kresd.nix @@ -0,0 +1,7 @@ +{ lib, ... }: with lib; + +systemConfiguration { + services.kresd = enabled; + + networking.nameservers = [ "::1" "127.0.0.1" ]; +} diff --git a/modules/localisation.nix b/modules/localisation.nix index f3aa5dc..31496e0 100644 --- a/modules/localisation.nix +++ b/modules/localisation.nix @@ -1,4 +1,4 @@ -{ ulib, ... }: with ulib; merge +{ lib, ... }: with lib; merge (systemConfiguration { console.keyMap = "trq"; @@ -7,17 +7,15 @@ }) (desktopSystemConfiguration { - i18n.extraLocaleSettings = let - locale = "tr_TR.UTF-8"; - in { - LC_ADDRESS = locale; - LC_IDENTIFICATION = locale; - LC_MEASUREMENT = locale; - LC_MONETARY = locale; - LC_NAME = locale; - LC_NUMERIC = locale; - LC_PAPER = locale; - LC_TELEPHONE = locale; - LC_TIME = locale; - }; + i18n.extraLocaleSettings = genAttrs [ + "LC_ADDRESS" + "LC_IDENTIFICATION" + "LC_MEASUREMENT" + "LC_MONETARY" + "LC_NAME" + "LC_NUMERIC" + "LC_PAPER" + "LC_TELEPHONE" + "LC_TIME" + ] (_: "tr_TR.UTF-8"); }) diff --git a/modules/logind.nix b/modules/logind.nix index df7d75c..8e68ce3 100644 --- a/modules/logind.nix +++ b/modules/logind.nix @@ -1,4 +1,4 @@ -{ ulib, ... }: with ulib; +{ lib, ... }: with lib; desktopSystemConfiguration { services.logind.powerKey = "ignore"; diff --git a/modules/nano.nix b/modules/nano.nix index ccd78c6..0121211 100644 --- a/modules/nano.nix +++ b/modules/nano.nix @@ -1,7 +1,7 @@ -{ ulib, ... }: with ulib; +{ lib, ... }: with lib; systemConfiguration { environment.defaultPackages = []; - programs.nano.enable = false; # Garbage. + programs.nano = disabled; # Garbage. } diff --git a/modules/network-manager.nix b/modules/network-manager.nix new file mode 100644 index 0000000..13d3186 --- /dev/null +++ b/modules/network-manager.nix @@ -0,0 +1,9 @@ +{ lib, ... }: with lib; + +systemConfiguration { + networking.networkmanager = enabled; + + users.extraGroups.networkmanager.members = allNormalUsers; + + environment.shellAliases.wifi = "nmcli dev wifi show-password"; +} diff --git a/modules/networkmanager.nix b/modules/networkmanager.nix deleted file mode 100644 index 114ea07..0000000 --- a/modules/networkmanager.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ ulib, ... }: with ulib; merge - -(systemConfiguration { - networking.networkmanager = enabled {}; - - users.extraGroups.networkmanager.members = ulib.users.all; -}) - -(homeConfiguration { - programs.nushell.shellAliases.wifi = "nmcli dev wifi show-password"; -}) diff --git a/modules/nix.nix b/modules/nix.nix index f4a3b83..9f030d2 100644 --- a/modules/nix.nix +++ b/modules/nix.nix @@ -1,19 +1,7 @@ -{ inputs, lib, ulib, upkgs, ... }: with ulib; merge - -(homeConfiguration { - programs.nushell = { - shellAliases.ns = "nix shell"; - - configFile.text = lib.mkAfter '' - def --wrapped nr [program: string = "", ...arguments] { - nix run $program -- ...$arguments - } - ''; - }; -}) +{ inputs, lib, pkgs, ... }: with lib; merge (systemConfiguration { - environment.etc."flakes".text = builtins.toJSON inputs; + environment.etc."flakes.json".text = strings.toJSON inputs; nix = { gc = { @@ -27,11 +15,9 @@ optimise.automatic = true; - package = upkgs.nixSuper; - registry = { default.flake = inputs.nixpkgs; - } // builtins.mapAttrs (_: value: lib.mkIf (lib.isType "flake" value) { + } // mapAttrs (_: value: mkIf (isType "flake" value) { flake = value; }) inputs; @@ -39,25 +25,51 @@ "auto-allocate-uids" "ca-derivations" "cgroups" - "configurable-impure-env" "flakes" - "git-hashing" "nix-command" "recursive-nix" "repl-flake" - "verified-fetches" ]; settings = { - accept-flake-config = true; - builders-use-substitutes = true; - flake-registry = ""; # I DON'T WANT THE GLOBAL REGISTRY!!! - http-connections = 50; - trusted-users = [ "root" "@wheel" ]; - use-cgroups = true; - warn-dirty = false; + accept-flake-config = true; + builders-use-substitutes = true; + flake-registry = ""; # I DON'T WANT THE GLOBAL REGISTRY!!! + http-connections = 50; + show-trace = true; + trusted-users = [ "root" "@wheel" ]; + use-cgroups = true; + warn-dirty = false; }; }; - programs.nix-ld = enabled {}; + programs.nix-ld = enabled; +}) + +(systemPackages (with pkgs; [ + nh + nix-index + nix-output-monitor +])) + +(homeConfiguration { + programs.nushell.configFile.text = mkAfter '' + def --wrapped nr [program: string = "", ...arguments] { + if ($program | str contains "#") or ($program | str contains ":") { + nix run $program -- ...$arguments + } else { + nix run ("default#" + $program) -- ...$arguments + } + } + + def --wrapped ns [...programs] { + nix shell ...($programs | each { + if ($in | str contains "#") or ($in | str contains ":") { + $in + } else { + "default#" + $in + } + }) + } + ''; }) diff --git a/modules/nushell/boom.opus b/modules/nushell/boom.opus deleted file mode 100644 index df0622e..0000000 Binary files a/modules/nushell/boom.opus and /dev/null differ diff --git a/modules/nushell/configuration.nix.nu b/modules/nushell/configuration.nix.nu index 382fb6f..eed4f4b 100644 --- a/modules/nushell/configuration.nix.nu +++ b/modules/nushell/configuration.nix.nu @@ -1,4 +1,4 @@ -{ lib, ulib, ... }: '' +{ lib, ... }: '' $env.config = { bracketed_paste: true buffer_editor: "" @@ -155,19 +155,7 @@ $env.config.cursor_shape = { } $env.config.hooks = { - command_not_found: {|| - ${lib.optionalString ulib.isDesktop '' - task status - | where label == boom - | get id - | each {|id| - task kill $id | null - task remove $id | null - } - - task spawn --label boom { pw-play ${./boom.opus} } - ''} - } + command_not_found: {||} display_output: "table --expand" env_change: {} pre_execution: [ diff --git a/modules/nushell/default.nix b/modules/nushell/default.nix index 40c76bb..56dd59d 100644 --- a/modules/nushell/default.nix +++ b/modules/nushell/default.nix @@ -1,7 +1,22 @@ -{ config, ulib, pkgs, ... } @ inputs: with ulib; merge3 +{ config, lib, pkgs, ... } @ inputs: with lib; merge (systemConfiguration { - users.defaultUserShell = pkgs.nushell; + users.defaultUserShell = pkgs.nushellFull; + + environment.shellAliases = { + la = "ls --all"; + lla = "ls --long --all"; + sl = "ls"; + + cp = "cp --recursive --verbose --progress"; + mk = "mkdir"; + mv = "mv --verbose"; + rm = "rm --recursive --verbose"; + + less = "less -FR"; + pstree = "pstree -g 2"; + tree = "tree -CF --dirsfirst"; + }; }) (homeConfiguration { @@ -10,9 +25,9 @@ command_timeout = 100; scan_timeout = 20; - cmd_duration.show_notifications = ulib.isDesktop; + cmd_duration.show_notifications = isDesktop; - package.disabled = ulib.isServer; + package.disabled = isServer; character.error_symbol = ""; character.success_symbol = ""; @@ -20,29 +35,16 @@ }; programs.nushell = enabled { + package = pkgs.nushellFull; + configFile.text = import ./configuration.nix.nu inputs; - envFile.text = import ./environment.nix.nu inputs; + envFile.source = ./environment.nu; - environmentVariables = { - inherit (config.environment.variables) NIX_LD; - }; + environmentVariables = mapAttrs (_: value: ''"${value}"'') config.environment.variables; - shellAliases = { + shellAliases = (attrsets.removeAttrs config.environment.shellAliases [ "ls" "l" ]) // { cdtmp = "cd (mktemp --directory)"; - - la = "ls --all"; - ll = "ls --long"; - lla = "ls --long --all"; - sl = "ls"; - - cp = "cp --recursive --verbose --progress"; - mk = "mkdir"; - mv = "mv --verbose"; - rm = "rm --recursive --verbose"; - - less = "less -FR"; - pstree = "pstree -g 2"; - tree = "tree -CF --dirsfirst"; + ll = "ls --long"; }; }; }) diff --git a/modules/nushell/environment.nix.nu b/modules/nushell/environment.nu similarity index 83% rename from modules/nushell/environment.nix.nu rename to modules/nushell/environment.nu index d4831f9..24f0672 100644 --- a/modules/nushell/environment.nix.nu +++ b/modules/nushell/environment.nu @@ -1,5 +1,3 @@ -{ upkgs, ... }: '' - $env.ENV_CONVERSIONS.PATH = { from_string: {|string| $string | split row (char esep) | path expand --no-symlink @@ -20,6 +18,4 @@ def --env mcg [path: path] { git init } -use ${upkgs.nuScripts}/modules/background_task/task.nu zoxide init nushell --cmd cd | save --force ~/.config/nushell/zoxide.nu -'' diff --git a/modules/openssh/default.nix b/modules/openssh/default.nix deleted file mode 100644 index 6a3aaa0..0000000 --- a/modules/openssh/default.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ ulib, ... }: with ulib; - -serverSystemConfiguration { - programs.mosh = enabled { - openFirewall = true; - }; - - services.openssh = enabled { - banner = '' - _______________________________________ - / If God doesn't destroy San Francisco, \ - | He should apologize to Sodom and | - \ Gomorrah. / - --------------------------------------- - \ ^__^ - \ (oo)\_______ - (__)\ )\/\ - ||----w | - || || - ''; - ports = [ 2222 ]; - settings = { - KbdInteractiveAuthentication = false; - PasswordAuthentication = false; - }; - }; -} diff --git a/modules/openssh/motd.hist b/modules/openssh/motd.hist deleted file mode 100644 index 3897daa..0000000 --- a/modules/openssh/motd.hist +++ /dev/null @@ -1,21 +0,0 @@ - _________________________________________ -/ You will pay for your sins. If you have \ -| already paid, please disregard this | -\ message. / - ----------------------------------------- - \ / \ //\ - \ |\___/| / \// \\ - /0 0 \__ / // | \ \ - / / \/_/ // | \ \ - @_^_@'/ \/_ // | \ \ - //_^_/ \/_ // | \ \ - ( //) | \/// | \ \ - ( / /) _|_ / ) // | \ _\ - ( // /) '/,_ _ _/ ( ; -. | _ _\.-~ .-~~~^-. - (( / / )) ,-{ _ `-.|.-~-. .~ `. - (( // / )) '/\ / ~-. _ .-~ .-~^-. \ - (( /// )) `. { } / \ \ - (( / )) .----~-.\ \-' .~ \ `. \^-. - ///.----..> \ _ -~ `. ^-` ^-_ - ///-._ _ _ _ _ _ _}^ - - - - ~ ~-- ,.-~ - /.-~ diff --git a/modules/openttd.nix b/modules/openttd.nix deleted file mode 100644 index 3629d96..0000000 --- a/modules/openttd.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ ulib, pkgs, ... }: with ulib; - -desktopHomePackages (with pkgs; [ - openttd -]) diff --git a/modules/packages.nix b/modules/packages.nix index e0e0e4e..e11934a 100644 --- a/modules/packages.nix +++ b/modules/packages.nix @@ -1,4 +1,4 @@ -{ ulib, pkgs, upkgs, ... }: with ulib; merge3 +{ lib, pkgs, ... }: with lib; merge (systemPackages (with pkgs; [ asciinema @@ -10,8 +10,6 @@ (fortune.override { withOffensive = true; }) hyperfine moreutils - nix-index - nix-output-monitor openssl p7zip pstree @@ -26,7 +24,7 @@ ])) (desktopSystemPackages (with pkgs; [ - upkgs.ageNix + agenix clang_16 clang-tools_16 @@ -36,18 +34,17 @@ jdk lld maven - upkgs.zig vlang + zig wine ])) -(desktopHomePackages (with pkgs; [ +(desktopUserHomePackages (with pkgs; [ element-desktop fractal qbittorrent thunderbird - upkgs.rat whatsapp-for-linux krita diff --git a/modules/pipewire.nix b/modules/pipewire.nix index 01229fe..309e799 100644 --- a/modules/pipewire.nix +++ b/modules/pipewire.nix @@ -1,11 +1,11 @@ -{ ulib, ... }: with ulib; +{ lib, ... }: with lib; desktopSystemConfiguration { - security.rtkit = enabled {}; - sound = enabled {}; + security.rtkit = enabled; + sound = enabled; services.pipewire = enabled { alsa = enabled { support32Bit = true; }; - pulse = enabled {}; + pulse = enabled; }; } diff --git a/modules/pueue.nix b/modules/pueue.nix deleted file mode 100644 index 4aee13b..0000000 --- a/modules/pueue.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ ulib, ... }: with ulib; - -homeConfiguration { - services.pueue = enabled { - settings = { - shared = { - pueue_directory = "~/.local/share/pueue"; - use_unix_socket = true; - runtime_directory = null; - unix_socket_path = "~/.local/share/pueue/pueue_your_user.socket"; - host = "localhost"; - port = 6924; - daemon_cert = "~/.local/share/pueue/certs/daemon.cert"; - daemon_key = "~/.local/share/pueue/certs/daemon.key"; - shared_secret_path = "~/.local/share/pueue/shared_secret"; - }; - - client = { - restart_in_place = false; - read_local_logs = true; - show_confirmation_questions = false; - show_expanded_aliases = false; - dark_mode = false; - max_status_height = null; - status_time_format = "%H:%M:%S"; - status_datetime_format = "%Y-%m-%d\n%H:%M:%S"; - }; - - daemon = { - default_parallel_tasks = 10; - pause_group_on_failure = false; - pause_all_on_failure = false; - callback = "\"Task {{ id }}\nCommand: {{ command }}\nPath: {{ path }}\nFinished with status '{{ result }}'\""; - callback_log_lines = 10; - groups.default = 1; - }; - }; - }; -} diff --git a/modules/python.nix b/modules/python.nix index a63dd7c..e1a1612 100644 --- a/modules/python.nix +++ b/modules/python.nix @@ -1,4 +1,10 @@ -{ ulib, pkgs, ... }: with ulib; merge +{ lib, pkgs, ... }: with lib; merge + +(systemConfiguration { + environment.shellAliases = { + venv = "virtualenv venv"; + }; +}) (systemPackages (with pkgs; [ (python311.withPackages (pkgs: with pkgs; [ @@ -8,9 +14,3 @@ virtualenv poetry ])) - -(homeConfiguration { - programs.nushell.shellAliases = { - venv = "virtualenv venv"; - }; -}) diff --git a/modules/qt.nix b/modules/qt.nix deleted file mode 100644 index 127c7fc..0000000 --- a/modules/qt.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ ulib, pkgs, ... }: with ulib; - -desktopHomeConfiguration { - qt = enabled { - platformTheme = "gnome"; - style.name = "adwaita-dark"; - style.package = pkgs.adwaita-qt; - }; -} diff --git a/modules/ripgrep.nix b/modules/ripgrep.nix index f459bd4..929cce6 100644 --- a/modules/ripgrep.nix +++ b/modules/ripgrep.nix @@ -1,10 +1,12 @@ -{ ulib, ... }: with ulib; +{ lib, ... }: with lib; merge -homeConfiguration { - programs.nushell.shellAliases = { +(systemConfiguration { + environment.shellAliases = { rg = "rg --line-number --smart-case"; todo = ''rg "todo|fixme" --colors match:fg:yellow --colors match:style:bold''; }; +}) - programs.ripgrep = enabled {}; -} +(homeConfiguration { + programs.ripgrep = enabled; +}) diff --git a/modules/rust.nix b/modules/rust.nix index f648d78..28c2d34 100644 --- a/modules/rust.nix +++ b/modules/rust.nix @@ -1,8 +1,4 @@ -{ inputs, ulib, pkgs, ... }: with ulib; merge3 - -(desktopSystemConfiguration { - nixpkgs.overlays = [ inputs.fenix.overlays.default ]; -}) +{ lib, pkgs, ... }: with lib; merge (desktopSystemPackages (with pkgs; [ cargo-expand @@ -16,6 +12,7 @@ ]) ])) -(desktopHomeConfiguration { - programs.nushell.environmentVariables.CARGO_NET_GIT_FETCH_WITH_CLI = ''"true"''; +(desktopSystemConfiguration { + environment.variables.CARGO_NET_GIT_FETCH_WITH_CLI = "true"; }) + diff --git a/modules/ssh.nix b/modules/ssh.nix index ccf9aee..ed3c166 100644 --- a/modules/ssh.nix +++ b/modules/ssh.nix @@ -1,4 +1,4 @@ -{ ulib, pkgs, ... }: with ulib; merge +{ lib, pkgs, ... }: with lib; merge (desktopSystemPackages (with pkgs; [ mosh @@ -11,23 +11,49 @@ serverAliveCountMax = 2; serverAliveInterval = 60; - matchBlocks."*".setEnv = { - COLORTERM = "truecolor"; - TERM = "xterm-256color"; - }; + matchBlocks = { + "*" = { + setEnv.COLORTERM = "truecolor"; + setEnv.TERM = "xterm-256color"; - matchBlocks.cube = { - hostname = "5.255.78.70"; - user = "rgb"; - port = 2222; - identityFile = "~/.ssh/id"; - }; + identityFile = "~/.ssh/id"; + }; - matchBlocks.robotic = { - hostname = "86.105.252.189"; - user = "rgbcube"; - port = 2299; - identityFile = "~/.ssh/id"; + cube = { + hostname = "5.255.78.70"; + user = "rgb"; + port = 2222; + }; + + disk = { + hostname = "23.164.232.40"; + user = "floppy"; + port = 2222; + }; + + robotic = { + hostname = "86.105.252.189"; + user = "rgbcube"; + port = 2299; + }; + }; + }; +}) + +(let + port = 2222; +in serverSystemConfiguration { + programs.mosh = enabled { + openFirewall = true; + }; + + services.openssh = enabled { + ports = [ port ]; + settings = { + KbdInteractiveAuthentication = false; + PasswordAuthentication = false; + + AcceptEnv = "COLORTERM"; }; }; }) diff --git a/modules/steam.nix b/modules/steam.nix index 42ac1b2..14727b5 100644 --- a/modules/steam.nix +++ b/modules/steam.nix @@ -1,4 +1,4 @@ -{ ulib, pkgs, ... }: with ulib; merge +{ lib, pkgs, ... }: with lib; merge (desktopSystemConfiguration { # Steam uses 32-bit drivers for some unholy fucking reason. @@ -7,6 +7,6 @@ nixpkgs.config.allowUnfree = true; }) -(desktopHomePackages (with pkgs; [ +(desktopUserHomePackages (with pkgs; [ steam ])) diff --git a/modules/sudo.nix b/modules/sudo.nix index 16ef378..ed7be40 100644 --- a/modules/sudo.nix +++ b/modules/sudo.nix @@ -1,4 +1,4 @@ -{ lib, ulib, ... }: with ulib; merge +{ lib, ... }: with lib; merge (desktopSystemConfiguration { security.sudo.wheelNeedsPassword = false; @@ -6,15 +6,15 @@ (systemConfiguration { security.sudo = enabled { + execWheelOnly = true; extraConfig = '' Defaults lecture = never Defaults pwfeedback Defaults env_keep += "DISPLAY EDITOR PATH" - ${lib.optionalString ulib.isServer '' + ${optionalString isServer '' Defaults timestamp_timeout = 0 ''} ''; - execWheelOnly = true; extraRules = [{ groups = [ "wheel" ]; diff --git a/modules/thunar.nix b/modules/thunar.nix index 95e78e4..3f1ebc5 100644 --- a/modules/thunar.nix +++ b/modules/thunar.nix @@ -1,4 +1,4 @@ -{ ulib, pkgs, ... }: with ulib; merge +{ lib, pkgs, ... }: with lib; merge (desktopSystemConfiguration { programs.thunar = enabled { diff --git a/modules/tmp.nix b/modules/tmp.nix index 67f5cf3..f739059 100644 --- a/modules/tmp.nix +++ b/modules/tmp.nix @@ -1,4 +1,4 @@ -{ ulib, ... }: with ulib; +{ lib, ... }: with lib; systemConfiguration { boot.tmp.cleanOnBoot = true; diff --git a/modules/users.nix b/modules/users.nix index b43732e..92342c7 100644 --- a/modules/users.nix +++ b/modules/users.nix @@ -1,4 +1,4 @@ -{ ulib, ... }: with ulib; +{ lib, ... }: with lib; systemConfiguration { users.mutableUsers = false; diff --git a/modules/w3m.nix b/modules/w3m.nix index 01802a6..0975bda 100644 --- a/modules/w3m.nix +++ b/modules/w3m.nix @@ -1,12 +1,12 @@ -{ ulib, pkgs, ... }: with ulib; merge +{ lib, pkgs, ... }: with lib; merge -(systemPackages (with pkgs; [ - w3m -])) - -(homeConfiguration { - programs.nushell.shellAliases = { +(systemConfiguration { + environment.shellAliases = { ddg = "w3m lite.duckduckgo.com"; web = "w3m"; }; }) + +(systemPackages (with pkgs; [ + w3m +])) diff --git a/modules/waybar.nix b/modules/waybar.nix index 8192197..cd02127 100644 --- a/modules/waybar.nix +++ b/modules/waybar.nix @@ -1,8 +1,8 @@ -{ ulib, theme, ... }: with ulib; +{ config, lib, ... }: with lib; -desktopHomeConfiguration { - programs.waybar = with theme.withHashtag; enabled { - systemd = enabled {}; +desktopUserHomeConfiguration { + programs.waybar = with config.theme.withHashtag; enabled { + systemd = enabled; settings = [{ layer = "top"; @@ -12,9 +12,7 @@ desktopHomeConfiguration { margin-left = margin; margin-top = margin; - modules-left = [ - "hyprland/workspaces" - ]; + modules-left = [ "hyprland/workspaces" ]; "hyprland/workspaces" = { format = "{icon}"; @@ -36,16 +34,7 @@ desktopHomeConfiguration { rewrite."(.*) — nu" = " $1"; }; - modules-right = [ - "tray" - "pulseaudio" - "backlight" - "cpu" - "memory" - "network" - "battery" - "clock" - ]; + modules-right = [ "tray" "pulseaudio" "backlight" "cpu" "memory" "network" "battery" "clock" ]; tray = { reverse-direction = true; @@ -53,35 +42,21 @@ desktopHomeConfiguration { }; pulseaudio = { - format = "{format_source} {icon} {volume}%"; - format-muted = "{format_source} 󰸈"; + format = "{format_source} {icon} {volume}%"; + format-muted = "{format_source} 󰸈"; format-bluetooth = "{format_source} 󰋋 󰂯 {volume}%"; format-bluetooth-muted = "{format_source} 󰟎 󰂯"; - format-source = "󰍬"; - format-source-muted = "󰍭"; + format-source = "󰍬"; + format-source-muted = "󰍭"; - format-icons.default = [ - "󰕿" - "󰖀" - "󰕾" - ]; + format-icons.default = [ "󰕿" "󰖀" "󰕾" ]; }; backlight = { format = "{icon} {percent}%"; - format-icons = [ - "" - "" - "" - "" - "" - "" - "" - "" - "" - ]; + format-icons = [ "" "" "" "" "" "" "" "" "" ]; }; cpu.format = " {usage}%"; @@ -99,26 +74,13 @@ desktopHomeConfiguration { format-charging = "󰂄 {capacity}%"; format-plugged = "󰂄 {capacity}%"; - format-icons = [ - "󰁺" - "󰁻" - "󰁼" - "󰁽" - "󰁾" - "󰁿" - "󰂀" - "󰂁" - "󰂂" - "󰁹" - ]; + format-icons = [ "󰁺" "󰁻" "󰁼" "󰁽" "󰁾" "󰁿" "󰂀" "󰂁" "󰂂" "󰁹" ]; states.warning = 30; states.critical = 15; }; - clock = { - tooltip-format = "{:%Y %B}\n{calendar}"; - }; + clock.tooltip-format = "{:%Y %B}\n{calendar}"; }]; style = '' diff --git a/options/desktop.nix b/options/desktop.nix new file mode 100644 index 0000000..609146b --- /dev/null +++ b/options/desktop.nix @@ -0,0 +1,10 @@ +{ lib, ... }: let + userOptions.options.isDesktopUser = lib.mkOption { + type = lib.types.bool; + default = false; + }; +in { + options.users.users = lib.mkOption { + type = with lib.types; attrsOf (submodule userOptions); + }; +} diff --git a/options/ssl.nix b/options/ssl.nix new file mode 100644 index 0000000..b989733 --- /dev/null +++ b/options/ssl.nix @@ -0,0 +1,7 @@ +{ config, lib, ... }: { + options.sslTemplate = lib.mkConst { + forceSSL = true; + quic = true; + useACMEHost = config.networking.domain; + }; +} diff --git a/options/theme.nix b/options/theme.nix new file mode 100644 index 0000000..7c3fb19 --- /dev/null +++ b/options/theme.nix @@ -0,0 +1,23 @@ +{ inputs, lib, pkgs, ... }: let + inherit (inputs) themes; +in { + options.theme = lib.mkConst (themes.custom (themes.raw.gruvbox-dark-hard // { + cornerRadius = 8; + borderWidth = 2; + + margin = 6; + padding = 8; + + font.size.normal = 12; + font.size.big = 18; + + font.sans.name = "Lexend"; + font.sans.package = pkgs.lexend; + + font.mono.name = "JetBrainsMono Nerd Font"; + font.mono.package = (pkgs.nerdfonts.override { fonts = [ "JetBrainsMono" ]; }); + + icons.name = "Gruvbox-Plus-Dark"; + icons.package = pkgs.gruvbox-plus-icons; + })); +} diff --git a/rebuild.nu b/rebuild.nu index c12f440..fdb5a96 100755 --- a/rebuild.nu +++ b/rebuild.nu @@ -1,29 +1,40 @@ #!/usr/bin/env nu -def complete [] { - ls hosts | get name | each { $in | str replace "hosts/" "" } -} - def main --wrapped [ - host: string@complete = "" # The host to build. - ...arguments # The arguments to pass to `nixos-rebuild switch`. + host: string = "" # The host to build. + ...arguments # The arguments to pass to `nixos-rebuild switch`. ] { - let flags = [ - $"--flake ('.#' + $host)" - "--show-trace" - "--option accept-flake-config true" - "--log-format internal-json" - ] | append $arguments - - if $host == (hostname) or $host == "" { - sudo sh -c $"nixos-rebuild switch ($flags | str join ' ') |& nom --json" + let host = if ($host | is-not-empty) { + $host } else { - git ls-files | rsync --rsh "ssh -q" --delete --compress --files-from - ./ cube:Configuration + (hostname) + } - ssh -q $host $"sh -c ' + let args_split = $arguments | split list "--" + + let nh_flags = [ + "--hostname" $host + ] | append ($args_split | get --ignore-errors 0 | default []) + + let nix_flags = [ + "--option" "accept-flake-config" "true" + ] | append ($args_split | get --ignore-errors 1 | default []) + + if $host == (hostname) { + nh os switch . ...$nh_flags -- ...$nix_flags + } else { + git ls-files | ( + rsync + --rsh "ssh -q" + --delete --delete-excluded + --compress + --files-from - + ./ ($host + ":Configuration") + ) + + ssh -q $host $" cd Configuration - nix flake archive - sudo nixos-rebuild switch ($flags | str join ' ') |& nom --json - '" + ./rebuild.nu ($host) ($arguments | str join ' ') + " } } diff --git a/secrets.nix b/secrets.nix index 3640990..ceb11b7 100644 --- a/secrets.nix +++ b/secrets.nix @@ -1,18 +1,24 @@ let keys = import ./keys.nix; -in with builtins.mapAttrs (_: value: [ value ]) keys; { - "hosts/enka/password.orhan.age".publicKeys = enka; - "hosts/enka/password.said.age".publicKeys = enka; +in with keys; { + "hosts/cube/password.rgb.age".publicKeys = [ cube enka ]; - "hosts/cube/acme/password.age".publicKeys = cube; - "hosts/cube/forjego/password.mail.age".publicKeys = cube; - "hosts/cube/forjego/password.runner.age".publicKeys = cube; - "hosts/cube/grafana/password.age".publicKeys = cube; - "hosts/cube/grafana/password.mail.age".publicKeys = cube; - "hosts/cube/mail/password.age".publicKeys = cube; - "hosts/cube/matrix-synapse/password.secret.age".publicKeys = cube; - "hosts/cube/matrix-synapse/password.sync.age".publicKeys = cube; - "hosts/cube/nextcloud/password.age".publicKeys = cube; - "hosts/cube/password.rgb.age".publicKeys = cube; + "hosts/cube/forgejo/password.mail.age".publicKeys = [ cube enka ]; + "hosts/cube/forgejo/password.runner.age".publicKeys = [ cube enka ]; + + "hosts/cube/grafana/password.age".publicKeys = [ cube enka ]; + "hosts/cube/grafana/password.mail.age".publicKeys = [ cube enka ]; + + "hosts/cube/matrix/password.secret.age".publicKeys = [ cube enka ]; + "hosts/cube/matrix/password.sync.age".publicKeys = [ cube enka ]; + + "hosts/cube/mail/password.age".publicKeys = [ cube enka ]; + "hosts/cube/nextcloud/password.age".publicKeys = [ cube enka ]; + + "hosts/disk/password.floppy.age".publicKeys = [ disk enka ]; + + "hosts/enka/password.orhan.age".publicKeys = [ enka ]; + "hosts/enka/password.said.age".publicKeys = [ enka ]; + + "hosts/password.acme.age".publicKeys = [ cube disk enka ]; } -