RGBCube/ncc
1
Fork 0
mirror of https://github.com/RGBCube/ncc synced 2025-07-28 10:37:44 +00:00
Code Issues Activity

Refactor the whole codebase. Most notable changes:

Browse source 
- No more fail2ban. It didn't work properly
  anyways, I'll need to look into this in the future
- No nix-super. I don't need it and the overlay is
  broken so I'm waiting for that to be fixed first.
- Uses nh instead of nixos-rebuild. This is much
  better.
This commit is contained in:
RGBCube 2024-03-27 12:36:50 +03:00
parent f145bdaa4a
commit 62c575774b
No known key found for this signature in database
106 changed files with 1252 additions and 1367 deletions
Download patch file Download diff file Expand all files Collapse all files

17
.gitignore vendored
View file

@ -1,37 +1,34 @@
* *
!derivations/
!docs/ !docs/
!hosts/ !hosts/
!hosts/enka/
!hosts/cube/ !hosts/cube/
!hosts/cube/acme/
!hosts/cube/forgejo/ !hosts/cube/forgejo/
!hosts/cube/grafana/ !hosts/cube/grafana/
!hosts/cube/mail/ !hosts/cube/mail/
!hosts/cube/matrix-synapse/ !hosts/cube/matrix/
!hosts/cube/nextcloud/ !hosts/cube/nextcloud/
!hosts/disk/
!hosts/enka/
!modules/ !modules/
!modules/hyprland/ !modules/hyprland/
!modules/nushell/ !modules/nushell/
!modules/openssh/
!lib/ !lib/
!options/
!.gitignore !.gitignore
!flake.lock !flake.lock
!*.age !*.age
!*.gif !*.gif
!*.hist
!*.md !*.md
!*.nix !*.nix
!*.nu !*.nu
!*.opus
!*.png !*.png
!*.sh

35
derivations/rat.nix
View file

@ -1,35 +0,0 @@
{
stdenv,
fetchFromGitHub,
unixtools,
}:
stdenv.mkDerivation rec {
pname = "rat";
version = "2.0.1";
src = fetchFromGitHub {
owner = "thinkingsand";
repo = pname;
sha256 = "sha256-OsEIOC6EZrAN2NnDvnyN0nBRLVIviSMX2+TPqlidxrI=";
rev = "4817f542b067255d2b6cd1d29137f393da6e4085";
};
buildInputs = [ unixtools.xxd ];
buildPhase = ''
runHook preBuild
make linux_audio
runHook postBuild
'';
installPhase = ''
runHook preInstall
mkdir -p $out/bin
install -Dm755 ./bin/rat -t $out/bin/
runHook postInstall
'';
}

11
docs/BROKEN.md
View file

@ -1,11 +0,0 @@
# Broken Stuff
- Not broken either but set up Nextcloud exporters.
- Some Nginx headers were commented out because it collided or something.
Idfk. Make them not. Uncomment.
- QT theme doesn't work.
- Nushell custom prompt title does not work, as it gets
overriden by the shell integration in a split second.

0
LICENSE.md → docs/LICENSE.md
View file

12
docs/PORTS.md
View file

@ -1,12 +0,0 @@
# Internal & External Port Numbers
- 80 and 443 are standard HTTP ports. Let them be.
- Same for e-mail ports.
- 8000-8999 are internal web application ports.
- Every app topic must use 80N0-80N9.
- 9000 is the Prometheus port.
- Every exporter topic must use 90N0-90N9.
- For example, Node exporter can be on 9010.
Dovecot can be on 9020, Postfix can be on 9021,
and so on.
- Haven't decided on redis, kresd etc. ports yet.

37
docs/README.md
View file

@ -1,39 +1,6 @@
# My NixOS Configurations # NCC
This repository contains my NixOS configurations for all my machines. RGBCube's NixOS Configuration Collection.
## Bootstrapping
Here is the script you need to run to get this working:
> [!IMPORTANT]
> You will need to have an SSH key to authorize GitHub with,
> and have access to the Ghostty GitHub repository as I
> use Ghostty and Ghostty is in private beta at the moment.
```sh
sudo nix-shell --packages git nu nix-output-monitor --command "
git clone https://github.com/RGBCube/NixOSConfiguration ~/Configuration
cd ~/Configuration
hostname -v <host>
nu rebuild.nu
"
```
`host` is a host selected from the hosts in the `hosts` directory.
## Applying Changes
Lets say you have changed the configuration and want to apply the changes
to your system. You would have to run the rebuild script:
```sh
./rebuild.nu
```
This runs the script interactively.
You can also check how the script is used by reading the parameters it takes.
## License ## License

253
flake.lock generated
View file

@ -12,11 +12,11 @@
"systems": "systems" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1707830867, "lastModified": 1712079060,
"narHash": "sha256-PAdwm5QqdlwIqGrfzzvzZubM+FXtilekQ/FA0cI49/o=", "narHash": "sha256-/JdiT9t+zzjChc5qQiF+jhrVhRt8figYH29rZO7pFe4=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "8cb01a0e717311680e0cbca06a76cbceba6f3ed6", "rev": "1381a759b205dff7a6818733118d02253340fd5e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -71,11 +71,11 @@
"rust-analyzer-src": "rust-analyzer-src" "rust-analyzer-src": "rust-analyzer-src"
}, },
"locked": { "locked": {
"lastModified": 1711434200, "lastModified": 1713335151,
"narHash": "sha256-d1/GwzQfxG66qfFiZv79m0C63JXIkzLHVHXaf9A42tY=", "narHash": "sha256-K97Xs+gvp9wbbpd+a4aSeeczWgtBs63ut6lAcDn3O4U=",
"owner": "nix-community", "owner": "nix-community",
"repo": "fenix", "repo": "fenix",
"rev": "08b43790fd25acd39f3cc1fdaf36c183c59ca528", "rev": "fa179d2b1528f64ae43f83c485ef914d9c3fb85a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -137,11 +137,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1711508420, "lastModified": 1713285560,
"narHash": "sha256-T0io4K+gZOlps4GOUbwdskvmE9j6w33RLOTOwzfcgkI=", "narHash": "sha256-PlApALZSdBnRtXLk1XYksOzf47BU/V+vnIGjqrO1DmY=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "caf2742b768937869bb6c843c89c87f48f3ac1d2", "rev": "06c5528a59f61e61c7b8b21a51bb60a172ca7955",
"revCount": 5721, "revCount": 5909,
"type": "git", "type": "git",
"url": "ssh://git@github.com/RGBCube/ghostty" "url": "ssh://git@github.com/RGBCube/ghostty"
}, },
@ -193,11 +193,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1711133180, "lastModified": 1713294767,
"narHash": "sha256-WJOahf+6115+GMl3wUfURu8fszuNeJLv9qAWFQl3Vmo=", "narHash": "sha256-LmaabaQZdx52MPGKPRt9Opoc9Gd9RbwvCdysUUYQoXI=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "1c2c5e4cabba4c43504ef0f8cc3f3dfa284e2dbb", "rev": "fa8c16e2452bf092ac76f09ee1fb1e9f7d0796e7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -208,7 +208,10 @@
}, },
"hyprcursor": { "hyprcursor": {
"inputs": { "inputs": {
"hyprlang": "hyprlang", "hyprlang": [
"hyprland",
"hyprlang"
],
"nixpkgs": [ "nixpkgs": [
"hyprland", "hyprland",
"nixpkgs" "nixpkgs"
@ -219,11 +222,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1711035742, "lastModified": 1713214463,
"narHash": "sha256-5vvhCSUGG9TA2G1eIRgokuYizhRnZu0ZbcU1MXfHsUE=", "narHash": "sha256-zAOOjqHAbccCRgJSuvTCA0FNLqKswN63LgVo43R7pxw=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprcursor", "repo": "hyprcursor",
"rev": "6a92473237f430399a417e1c2da9d7fcd4970086", "rev": "0a53b9957f0b17f1a0036b25198f569969ad43a0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -249,11 +252,11 @@
"xdph": "xdph" "xdph": "xdph"
}, },
"locked": { "locked": {
"lastModified": 1711466169, "lastModified": 1713351856,
"narHash": "sha256-8LyPRWHz6YFWS5IIgjb94K6eDH5Riwe65BBkreC6v1c=", "narHash": "sha256-5lf6GAXWtJanOTgu3jH0tF4aqoqCv8IcP43wp+pemWg=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "Hyprland", "repo": "Hyprland",
"rev": "ae52b7f4680716976d05b638aaa90e169d199117", "rev": "e57a2d7ec87ae775828ea8628ef4eeafce8e6e70",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -288,29 +291,6 @@
} }
}, },
"hyprlang": { "hyprlang": {
"inputs": {
"nixpkgs": [
"hyprland",
"hyprcursor",
"nixpkgs"
],
"systems": "systems_2"
},
"locked": {
"lastModified": 1709914708,
"narHash": "sha256-bR4o3mynoTa1Wi4ZTjbnsZ6iqVcPGriXp56bZh5UFTk=",
"owner": "hyprwm",
"repo": "hyprlang",
"rev": "a685493fdbeec01ca8ccdf1f3655c044a8ce2fe2",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprlang",
"type": "github"
}
},
"hyprlang_2": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
@ -320,11 +300,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1711250455, "lastModified": 1713121246,
"narHash": "sha256-LSq1ZsTpeD7xsqvlsepDEelWRDtAhqwetp6PusHXJRo=", "narHash": "sha256-502X0Q0fhN6tJK7iEUA8CghONKSatW/Mqj4Wappd++0=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprlang", "repo": "hyprlang",
"rev": "b3e430f81f3364c5dd1a3cc9995706a4799eb3fa", "rev": "78fcaa27ae9e1d782faa3ff06c8ea55ddce63706",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -340,11 +320,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1711283076, "lastModified": 1713196199,
"narHash": "sha256-Cda+XbHpvyz3HhdJ7FlXFoaazOWtdBoOWmEaj4ZFwRM=", "narHash": "sha256-ifdAQO9wcw/zlAyg8fCpf5I0TtufdRS6YZoTVk1VzLM=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprpicker", "repo": "hyprpicker",
"rev": "0eb49192a5cdd5e6e8e6c2c82c33857d78d6cd56", "rev": "e2472f499d67568edb1b727736c587b877e85344",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -365,84 +345,29 @@
"url": "https://raw.githubusercontent.com/ziglang/zig/54bbc73f8502fe073d385361ddb34a43d12eec39/doc/langref.html.in" "url": "https://raw.githubusercontent.com/ziglang/zig/54bbc73f8502fe073d385361ddb34a43d12eec39/doc/langref.html.in"
} }
}, },
"libgit2": {
"flake": false,
"locked": {
"lastModified": 1697646580,
"narHash": "sha256-oX4Z3S9WtJlwvj0uH9HlYcWv+x1hqp8mhXl7HsLu2f0=",
"owner": "libgit2",
"repo": "libgit2",
"rev": "45fd9ed7ae1a9b74b957ef4f337bc3c8b3df01b5",
"type": "github"
},
"original": {
"owner": "libgit2",
"repo": "libgit2",
"type": "github"
}
},
"nixSuper": {
"inputs": {
"flake-compat": [
"flakeCompat"
],
"libgit2": "libgit2",
"nixpkgs": "nixpkgs",
"nixpkgs-regression": "nixpkgs-regression"
},
"locked": {
"lastModified": 1711388763,
"narHash": "sha256-z5lTtZ3Np3P5E03S7J627Gie7HtLPxscmuQ40Vu8xuw=",
"owner": "privatevoid-net",
"repo": "nix-super",
"rev": "06eac000db910dd07c935b2dd279b92b21b61571",
"type": "github"
},
"original": {
"owner": "privatevoid-net",
"repo": "nix-super",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1709083642, "lastModified": 1713248628,
"narHash": "sha256-7kkJQd4rZ+vFrzWu8sTRtta5D1kBG0LSRYAfhtmMlSo=", "narHash": "sha256-NLznXB5AOnniUtZsyy/aPWOk8ussTuePp2acb9U+ISA=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "b550fe4b4776908ac2a861124307045f8e717c8e", "rev": "5672bc9dbf9d88246ddab5ac454e82318d094bb8",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "release-23.11", "ref": "nixos-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs-regression": {
"locked": {
"lastModified": 1643052045,
"narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
"type": "github"
}
},
"nixpkgs-zig-0-12": { "nixpkgs-zig-0-12": {
"locked": { "locked": {
"lastModified": 1711143939, "lastModified": 1712247214,
"narHash": "sha256-oT6a81U4NHjJH1hjaMVXKsdTZJwl2dT+MhMESKoevvA=", "narHash": "sha256-7PTw86NnE2nCQPf+PPI/kOKwmlbbTqUthYSz/nDnAoc=",
"owner": "vancluever", "owner": "vancluever",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "c4749393c06e52da4adf42877fdf9bac7141f0de", "rev": "6726262c930716f601345b2c9d0c42ba069991b8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -452,37 +377,6 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_2": {
"locked": {
"lastModified": 1711518224,
"narHash": "sha256-M75UGj6cj41U6WEAQIt1NT1KHtmUGFjkFGEkbkOnFFw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "1b08f32c98637285b4dd3b74f2ea2b3b487106bd",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"type": "github"
}
},
"nuScripts": {
"flake": false,
"locked": {
"lastModified": 1711478865,
"narHash": "sha256-cXcMGdmdfyrfhCVHRRHNQnstFbFhIKyQdNivgBT/tpA=",
"owner": "nushell",
"repo": "nu_scripts",
"rev": "41fe58eceeaf24e560dc448280be3a143207982f",
"type": "github"
},
"original": {
"owner": "nushell",
"repo": "nu_scripts",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"ageNix": "ageNix", "ageNix": "ageNix",
@ -493,13 +387,11 @@
"ghosttyModule": "ghosttyModule", "ghosttyModule": "ghosttyModule",
"homeManager": "homeManager", "homeManager": "homeManager",
"hyprland": "hyprland", "hyprland": "hyprland",
"hyprlang": "hyprlang_2", "hyprlang": "hyprlang",
"hyprpicker": "hyprpicker", "hyprpicker": "hyprpicker",
"nixSuper": "nixSuper", "nixpkgs": "nixpkgs",
"nixpkgs": "nixpkgs_2",
"nuScripts": "nuScripts",
"simpleMail": "simpleMail", "simpleMail": "simpleMail",
"systems": "systems_3", "systems": "systems_2",
"themes": "themes", "themes": "themes",
"zig": "zig", "zig": "zig",
"zls": "zls" "zls": "zls"
@ -508,11 +400,11 @@
"rust-analyzer-src": { "rust-analyzer-src": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1711404839, "lastModified": 1713285401,
"narHash": "sha256-5W2Vzw2nfrOk194qLcZDyNmmH/mda6B6413M58C85Bk=", "narHash": "sha256-/FSI+GvcLWR107Lr2ntTo4d+yw2cAFXnJBw/66hPn8c=",
"owner": "rust-lang", "owner": "rust-lang",
"repo": "rust-analyzer", "repo": "rust-analyzer",
"rev": "e52bb8cddb0d636a86a3560e9eadb5f3d8f8c2af", "rev": "d07f0240fd9ced3addb8bdcda6fb9a305cb6499f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -536,11 +428,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1710449465, "lastModified": 1713012165,
"narHash": "sha256-2orO8nfplp6uQJBFqKkj1iyNMC6TysmwbWwbb4osTag=", "narHash": "sha256-z/soXKDnz+w4Nw0LkRaM73YqolhSmIYy6cpg1F2ps8I=",
"owner": "simple-nixos-mailserver", "owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver", "repo": "nixos-mailserver",
"rev": "79c8cfcd5873a85559da6201b116fb38b490d030", "rev": "9f6635a0351c190179dc6904545f950108a23dd8",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@ -565,21 +457,6 @@
} }
}, },
"systems_2": { "systems_2": {
"locked": {
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
"owner": "nix-systems",
"repo": "default-linux",
"rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default-linux",
"type": "github"
}
},
"systems_3": {
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@ -612,20 +489,18 @@
"wlroots": { "wlroots": {
"flake": false, "flake": false,
"locked": { "locked": {
"host": "gitlab.freedesktop.org", "lastModified": 1713124002,
"lastModified": 1709983277, "narHash": "sha256-vPeZCY+sdiGsz4fl3AVVujfyZyQBz6+vZdkUE4hQ+HI=",
"narHash": "sha256-wXWIJLd4F2JZeMaihWVDW/yYXCLEC8OpeNJZg9a9ly8=", "owner": "hyprwm",
"owner": "wlroots", "repo": "wlroots-hyprland",
"repo": "wlroots", "rev": "611a4f24cd2384378f6e500253983107c6656c64",
"rev": "50eae512d9cecbf0b3b1898bb1f0b40fa05fe19b", "type": "github"
"type": "gitlab"
}, },
"original": { "original": {
"host": "gitlab.freedesktop.org", "owner": "hyprwm",
"owner": "wlroots", "repo": "wlroots-hyprland",
"repo": "wlroots", "rev": "611a4f24cd2384378f6e500253983107c6656c64",
"rev": "50eae512d9cecbf0b3b1898bb1f0b40fa05fe19b", "type": "github"
"type": "gitlab"
} }
}, },
"xdph": { "xdph": {
@ -648,11 +523,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1709299639, "lastModified": 1713214484,
"narHash": "sha256-jYqJM5khksLIbqSxCLUUcqEgI+O2LdlSlcMEBs39CAU=", "narHash": "sha256-h1bSIsDuPk1FGgvTuSHJyiU2Glu7oAyoPMJutKZmLQ8=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "xdg-desktop-portal-hyprland", "repo": "xdg-desktop-portal-hyprland",
"rev": "2d2fb547178ec025da643db57d40a971507b82fe", "rev": "bb44921534a9cee9635304fdb876c1b3ec3a8f61",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -674,11 +549,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1711454961, "lastModified": 1713313372,
"narHash": "sha256-Hm5wZoCrfQYiSv6F2AqRXfb3iBQOFVwTHaXCVw4VIcg=", "narHash": "sha256-JqMBPQKPubOt3ToB0k4q+CTJqfwHfh5iaaFvLOr8GDA=",
"owner": "mitchellh", "owner": "mitchellh",
"repo": "zig-overlay", "repo": "zig-overlay",
"rev": "fc90c09499061b194328f42469df73b09563fc83", "rev": "5dcefc19b3fb062bb2beb224d72759ca6c25c9cd",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -702,11 +577,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1711133472, "lastModified": 1713110866,
"narHash": "sha256-iF7WXLFcze9f/H78NB98Oh3O55SrlgymCD7Vrk13aQU=", "narHash": "sha256-ddSLREpgBq87dcbSisliSoSNqKl2x7kVf3E/tFumIXw=",
"owner": "zigtools", "owner": "zigtools",
"repo": "zls", "repo": "zls",
"rev": "96eddd067615efd9a88fa596dfa4c75943302885", "rev": "172c8f2ef81c95731d7bff6f69f8d497902fe999",
"type": "github" "type": "github"
}, },
"original": { "original": {

204
flake.nix
View file

@ -7,14 +7,7 @@
}; };
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
nixSuper = {
url = "github:privatevoid-net/nix-super";
inputs.flake-compat.follows = "flakeCompat";
# inputs.nixpkgs.follows = "nixpkgs";
};
homeManager = { homeManager = {
url = "github:nix-community/home-manager"; url = "github:nix-community/home-manager";
@ -29,11 +22,6 @@
inputs.home-manager.follows = "homeManager"; inputs.home-manager.follows = "homeManager";
}; };
nuScripts = {
url = "github:nushell/nu_scripts";
flake = false;
};
simpleMail = { simpleMail = {
url = "gitlab:simple-nixos-mailserver/nixos-mailserver"; url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
@ -69,7 +57,7 @@
fenix = { fenix = {
url = "github:nix-community/fenix"; url = "github:nix-community/fenix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
zig = { zig = {
@ -116,117 +104,103 @@
}; };
outputs = { outputs = {
self,
nixpkgs, nixpkgs,
ageNix, ageNix,
simpleMail, simpleMail,
homeManager, homeManager,
themes, ghosttyModule,
... ...
} @ inputs: let } @ inputs: let
importConfiguration = host: let lib0 = nixpkgs.lib;
hostDefault = import ./hosts/${host} { keys = import ./keys.nix;
config = {};
keys = {};
ulib = (import ./lib lib null) // {
merge = lib.recursiveUpdate;
};
};
users = { collectNixFiles = directory: with lib0; pipe (builtins.readDir directory) [
all = let (mapAttrsToList (name: type: let
users = builtins.attrNames hostDefault.users.users; path = /${directory}/${name};
in if builtins.elem "root" users then in if type == "directory" then
users collectNixFiles path
else else
users ++ [ "root" ]; path))
flatten
(filter (hasSuffix ".nix"))
(filter (name: !hasPrefix "_" (builtins.baseNameOf name)))
];
graphical = builtins.attrNames (lib.filterAttrs (_: value: builtins.elem "graphical" (value.extraGroups or [])) hostDefault.users.users); lib1 = with lib0; extend (_: _: pipe (collectNixFiles ./lib) [
}; (map (file: import file lib0))
(filter (thunk: !isFunction thunk))
(foldl' recursiveUpdate {})
]);
system = hostDefault.nixpkgs.hostPlatform; nixpkgsOverlayModule = with lib1; {
nixpkgs.overlays = [(final: prev: {
lib = nixpkgs.lib; ghostty = inputs.ghostty.packages.${prev.system}.default;
ulib = import ./lib lib users; zls = inputs.zls.packages.${prev.system}.default;
})] ++ pipe inputs [
pkgs = import nixpkgs { inherit system; }; attrValues
upkgs = let (filter (value: value ? overlays.default))
defaults = lib.genAttrs (map (value: value.overlays.default))
[ "nixSuper" "ageNix" "hyprland" "hyprpicker" "ghostty" "zls" ] ];
(name: inputs.${name}.packages.${system}.default);
other = {
nuScripts = inputs.nuScripts;
rat = pkgs.callPackage ./derivations/rat.nix {};
zig = inputs.zig.packages.${system}.master;
};
in defaults // other;
keys = import ./keys.nix;
theme = themes.custom (themes.raw.gruvbox-dark-hard // {
cornerRadius = 8;
borderWidth = 2;
margin = 6;
padding = 8;
font.size.normal = 12;
font.size.big = 18;
font.sans.name = "Lexend";
font.sans.package = pkgs.lexend;
font.mono.name = "JetBrainsMono Nerd Font";
font.mono.package = (pkgs.nerdfonts.override { fonts = [ "JetBrainsMono" ]; });
icons.name = "Gruvbox-Plus-Dark";
icons.package = pkgs.gruvbox-plus-icons;
});
defaultConfiguration = {
age.identityPaths = map (user: "/home/${user}/.ssh/id") users.all;
home-manager.users = lib.genAttrs users.all (_: {});
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
networking.hostName = host;
};
in lib.nixosSystem {
inherit system;
specialArgs = { inherit inputs ulib upkgs keys theme; };
modules = let
mapDirectory = function: directory: with builtins;
attrValues (mapAttrs function (readDir directory));
nullIfUnderscoreOrNotNix = name: if (builtins.substring 0 1 name) == "_" then
null
else if lib.hasSuffix ".age" name then
null
else
name;
filterNull = builtins.filter (x: x != null);
importDirectory = directory:
filterNull (mapDirectory (name: _: lib.mapNullable (name: /${directory}/${name}) (nullIfUnderscoreOrNotNix name)) directory);
in [
homeManager.nixosModules.default
ageNix.nixosModules.default
simpleMail.nixosModules.default
defaultConfiguration
] ++ (importDirectory ./hosts/${host})
++ (importDirectory ./modules);
}; };
hosts = (builtins.attrNames (builtins.readDir ./hosts)); homeManagerModule = { lib, ... }: with lib; {
home-manager.users = genAttrs allNormalUsers (_: {});
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.sharedModules = [ ghosttyModule.homeModules.default ];
};
ageNixModule = {
age.identityPaths = [ "/root/.ssh/id" ];
};
optionModules = [
homeManager.nixosModules.default
ageNix.nixosModules.default
simpleMail.nixosModules.default
(lib1.mkAliasOptionModule [ "secrets" ] [ "age" "secrets" ])
] ++ collectNixFiles ./options;
optionUsageModules = [
nixpkgsOverlayModule
homeManagerModule
ageNixModule
] ++ collectNixFiles ./modules;
specialArgs = { inherit self inputs keys; };
hosts = lib1.pipe (builtins.readDir ./hosts) [
(lib1.filterAttrs (name: type: type == "regular" -> lib1.hasSuffix ".nix" name))
lib1.attrNames
];
lib2s = with lib1; genAttrs hosts (name: let
hostStub = nixosSystem {
inherit specialArgs;
modules = [ ./hosts/${name} ] ++ optionModules;
};
in extend (_: _: pipe (collectNixFiles ./lib) [
(map (file: import file lib1))
(filter (isFunction))
(map (func: func hostStub.config))
(foldl' recursiveUpdate {})
]));
configurations = lib1.genAttrs hosts (name: lib2s.${name}.nixosSystem {
inherit specialArgs;
modules = [{
networking.hostName = name;
}] ++ optionModules ++ optionUsageModules ++ collectNixFiles ./hosts/${name};
});
in { in {
nixosConfigurations = nixpkgs.lib.genAttrs hosts importConfiguration; nixosConfigurations = configurations;
};
# This is here so we can do self.<whatever> instead of self.nixosConfigurations.<whatever>.config.
} // lib1.mapAttrs (_: value: value.config) configurations;
} }

8
hosts/cube/acme/default.nix → hosts/cube/acme.nix
View file

@ -1,15 +1,15 @@
{ config, ulib, ... }: with ulib; { self, config, lib, ... }: with lib;
let let
inherit (config.networking) domain; inherit (config.networking) domain;
in serverSystemConfiguration { in systemConfiguration {
age.secrets."hosts/cube/acme/password".file = ./password.age; secrets.acmePassword.file = self + /hosts/password.acme.age;
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
defaults = { defaults = {
environmentFile = config.age.secrets."hosts/cube/acme/password".path; environmentFile = config.secrets.acmePassword.path;
dnsProvider = "cloudflare"; dnsProvider = "cloudflare";
dnsResolver = "1.1.1.1"; dnsResolver = "1.1.1.1";
email = "security@${domain}"; email = "security@${domain}";

BIN
hosts/cube/acme/password.age
View file

Binary file not shown.

32
hosts/cube/default.nix
View file

@ -1,4 +1,4 @@
{ config, ulib, keys, ... }: with ulib; merge { config, lib, keys, ... }: with lib; merge
(systemConfiguration { (systemConfiguration {
system.stateVersion = "23.05"; system.stateVersion = "23.05";
@ -6,18 +6,30 @@
networking.domain = "rgbcu.be"; networking.domain = "rgbcu.be";
time.timeZone = "Europe/Amsterdam"; secrets.rgbPassword.file = ./password.rgb.age;
age.secrets."hosts/cube/password.rgb".file = ./password.rgb.age; users.users = {
root.hashedPasswordFile = config.secrets.rgbPassword.path;
users.users.root.hashedPasswordFile = config.age.secrets."hosts/cube/password.rgb".path; rgb = sudoUser {
description = "RGB";
users.users.rgb = normalUser { openssh.authorizedKeys.keys = [ keys.enka ];
description = "RGB"; hashedPasswordFile = config.secrets.rgbPassword.path;
extraGroups = [ "wheel" ]; };
openssh.authorizedKeys.keys = [ keys.enka ];
hashedPasswordFile = config.age.secrets."hosts/cube/password.rgb".path;
}; };
services.openssh.banner = ''
_______________________________________
/ If God doesn't destroy San Francisco, \
| He should apologize to Sodom and |
\ Gomorrah. /
---------------------------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
'';
}) })
(homeConfiguration { (homeConfiguration {

31
hosts/cube/forgejo/default.nix
View file

@ -1,15 +1,17 @@
{ config, ulib, pkgs, ... }: with ulib; { config, lib, pkgs, ... }: with lib;
let let
inherit (config.networking) domain; inherit (config.networking) domain;
fqdn = "git.${domain}"; fqdn = "git.${domain}";
in serverSystemConfiguration {
age.secrets."hosts/cube/forgejo/password.mail" = { port = 8004;
in systemConfiguration {
secrets.forgejoMailPassword = {
file = ./password.mail.age; file = ./password.mail.age;
owner = "forgejo"; owner = "forgejo";
}; };
age.secrets."hosts/cube/forgejo/password.runner" = { secrets.forgejoRunnerPassword = {
file = ./password.runner.age; file = ./password.runner.age;
owner = "forgejo"; owner = "forgejo";
}; };
@ -42,7 +44,7 @@ in serverSystemConfiguration {
"act:docker://ghcr.io/catthehacker/ubuntu:act-latest" "act:docker://ghcr.io/catthehacker/ubuntu:act-latest"
]; ];
tokenFile = config.age.secrets."hosts/cube/forgejo/password.runner".path; tokenFile = config.secrets.forgejoRunnerPassword.path;
settings = { settings = {
cache.enabled = true; cache.enabled = true;
@ -61,11 +63,12 @@ in serverSystemConfiguration {
}; };
}; };
services.openssh.settings.AcceptEnv = mkForce "COLORTERM GIT_PROTOCOL";
services.forgejo = enabled { services.forgejo = enabled {
lfs = enabled {}; lfs = enabled;
mailerPasswordFile = config.age.secrets."hosts/cube/forgejo/password.mail".path; mailerPasswordFile = config.secrets.forgejoMailPassword.path;
database = { database = {
socket = "/run/postgresql"; socket = "/run/postgresql";
@ -78,7 +81,7 @@ in serverSystemConfiguration {
default.APP_NAME = description; default.APP_NAME = description;
actions = { actions = {
ENABLED = true; ENABLED = true;
DEFAULT_ACTIONS_URL = "https://${fqdn}"; DEFAULT_ACTIONS_URL = "https://${fqdn}";
}; };
@ -89,9 +92,9 @@ in serverSystemConfiguration {
mailer = { mailer = {
ENABLED = true; ENABLED = true;
PROTOCOL = "smtps"; PROTOCOL = "smtps";
SMTP_ADDR = config.mailserver.fqdn; SMTP_ADDR = config.mailserver.fqdn;
USER = "git@${domain}"; USER = "git@${domain}";
}; };
other = { other = {
@ -123,8 +126,8 @@ in serverSystemConfiguration {
ROOT_URL = "https://${fqdn}/"; ROOT_URL = "https://${fqdn}/";
LANDING_PAGE = "/explore"; LANDING_PAGE = "/explore";
HTTP_ADDR = "::"; HTTP_ADDR = "::1";
HTTP_PORT = 8004; HTTP_PORT = port;
SSH_PORT = builtins.elemAt config.services.openssh.ports 0; SSH_PORT = builtins.elemAt config.services.openssh.ports 0;
@ -145,7 +148,7 @@ in serverSystemConfiguration {
}; };
}; };
services.nginx.virtualHosts.${fqdn} = (sslTemplate domain) // { services.nginx.virtualHosts.${fqdn} = merge config.sslTemplate {
locations."/".proxyPass = "http://[::]:${toString config.services.forgejo.settings.server.HTTP_PORT}"; locations."/".proxyPass = "http://[::1]:${toString port}";
}; };
} }

19
hosts/cube/forgejo/password.mail.age
View file

@ -1,6 +1,15 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 +rZ0Tw k4u86tbxSaZTIr9QzN2P+md9WwGvn93jOXqR2JHWy30 -> ssh-ed25519 +rZ0Tw UdpGG1O9oC4Z3OasaGJyU3TM9FkwcaXQX9+QT4Wqrjs
tG7p/GaP0MhTqbAin3KmIMCrE67Ls3NYoztcJT8r7po RX+NdBYD+/GtOSGun8Y04S48MKLDHkQsfqjJQ0vVj18
--- cmz8sBFqHk8RyAae/gBqrWgjCyHrVtngjZGn1xQOze8 -> ssh-rsa jPaU3Q
9rgMÐ׶9±¬¹¥òíªgù<67>šÉzã<7A> EVX4PE+5bBQm3tzrUkbPBfG7Ech9dS2Ix8ZLLWYW2DFp30F49tJvYUDLGgpRARa+
ý@ÕÙðuO·Þê0×¥ôa dh0+tuiOdPHENVbyhM8pob+Jk4Ii1+ZYwQdah0bAmewJ88NAHgfNCPMuAZFsR2w7
r+KeuMa+1PtX3llIVWqTc+pdfrPVnG/DcbQqSgs5a2NVQauMgFgT9eCrwvuWCTSQ
dlUWdysSTYsnGHSKxSgS/MmMIFsrlxqoUUBYTFdS6yU/w6b7VFSJdGczmzD9zFMJ
ywkregpi5y0Z8K5byroRMR1IfIl7B0CHcZbsTFqSrlDSX9Rq2D84TGwdhwBK0L17
Yy1UM3mFIDWgWe2lBY2KRterzxF/XxfDgbDc+1d8NWANVDinoXIOLYg3QBCSupwR
QmgjfvMcqjDSeg/QaV3PXtK/GyzVk8ehAFQpCyi+XofuavhBzP+9yk6IoHQupEAx
mQkm1ZXRc//C5w7Svjf6DmR5KKbF/mTRr7QqJp4XuCNCHA4Bf5BQEw5p8NtfqiWh
--- iRy3XLKWkh6sUOkUS79ZRtRAjGdvvlKRZ6L6h6cKzjE
˘lÚŁYÁ~‡Ď¬¶ ĽšbQ“/ľĐÖo×3‡Ş^ůs}+ř‰ş,B

18
hosts/cube/forgejo/password.runner.age
View file

@ -1,5 +1,15 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 +rZ0Tw rraoMjYwD6IIkmgyiDKlij2+bLqY5PNyMU5IPQ4mvjI -> ssh-ed25519 +rZ0Tw cQ6Sb/ZjeBy7VCL03h1A4+67kNoEYfQBee90qOXytxg
/yttaAf7neHJ69LYh6p33gRBXIZA4oxWS5DDMnfOhhM pIZpmgRZ9ISGx6CJF0yPX+PYs9VLXXoK01FB+iW4OXo
--- o+/I/vPxFdL9orC3PsBTazOrwG6Le8uLMUYiHE4XMj8 -> ssh-rsa jPaU3Q
¬¨<EFBFBD> ±]}ÍWž{[a'mdú€ AÈU‰Ô¬ì7z*ÌY9"èÍ|±1dvùQxcŸ¶Ç“<C387>à"®0ñÆÔpÖò¿Œr½:ÇÅÑ aVlBcpE5GdfXtzuu7uHqDhTtiO7mXMYNr0Ww0MluxQxZmuXyxa7IIxeUR6n6eub/
7H+B2Gcwwnh7txdWGyCytCx1rNp5Dbs0qSm+ufgyzNTSz9rPu2iEHPR0WOB2Y85x
avpC53ESBFORZ4Zswkc0iYBAGIwbtUGDGAV/ziw1hZCEsRCJZX1Pj57Tvk5Bc9mL
gaBix4Qo3X0j/Pqzp4NeaaMmIdCv2XOizQwFVAxqvT17xil3+TuZLKAScgbwtj9u
QfOZjwOQxVZwB5+CHmd7AYX2QCQsi45bBKh9dUU2Fm/MLyDmfSpiwTQ3nIEkSk1n
B6QwA4Z7v0A/IxDyQ9cWpj5TIxQ96RTf/azlRMg0H4bBuwINHlg0oWNIHfGZG15m
uRMvs+xxPcmU710b5WEwZRSlaZ1+Lm8uLY7d0j+Ie4V41JKmMh1pOaFbyo4wxWUo
cwRNFx9Yajiml7VnjaOZOGtA/NCUEall4mCdSJD5vntiTb3Hves0gAtoici1ZrX5
--- 8RA8QeFF0brgptQpnHAO6L0J1DXWeVAKxuXmDcX46Zg
ÛtÄÚ< ¶¿&õ¡†ÅVõ9SúCsFÁð“ ŒQoCk(Ç{¿¸<>õÐHŠm°Ä a ˜Ë¢T°„[>³*»QÛ“Ô

30
hosts/cube/grafana/default.nix
View file

@ -1,25 +1,21 @@
{ config, ulib, ... }: with ulib; { config, lib, ... }: with lib;
let let
inherit (config.networking) domain; inherit (config.networking) domain;
fqdn = "metrics.${domain}"; fqdn = "metrics.${domain}";
in serverSystemConfiguration {
age.secrets."hosts/cube/grafana/password" = { port = 8000;
in systemConfiguration {
secrets.grafanaPassword = {
file = ./password.age; file = ./password.age;
owner = "grafana"; owner = "grafana";
}; };
age.secrets."hosts/cube/grafana/password.mail" = { secrets.grafanaMailPassword = {
file = ./password.mail.age; file = ./password.mail.age;
owner = "grafana"; owner = "grafana";
}; };
services.fail2ban.jails.grafana.settings = {
filter = "grafana";
journalmatch = "_SYSTEMD_UNIT=grafana.service";
maxretry = 3;
};
services.postgresql = { services.postgresql = {
ensureDatabases = [ "grafana" ]; ensureDatabases = [ "grafana" ];
ensureUsers = [{ ensureUsers = [{
@ -34,7 +30,7 @@ in serverSystemConfiguration {
}; };
services.grafana = enabled { services.grafana = enabled {
provision = enabled {}; provision = enabled;
settings = { settings = {
analytics.reporting_enabled = false; analytics.reporting_enabled = false;
@ -44,15 +40,15 @@ in serverSystemConfiguration {
database.user = "grafana"; database.user = "grafana";
server.domain = fqdn; server.domain = fqdn;
server.http_addr = "[::]"; server.http_addr = "[::1]";
server.http_port = 8000; server.http_port = port;
users.default_theme = "system"; users.default_theme = "system";
}; };
settings.security = { settings.security = {
admin_email = "metrics@${domain}"; admin_email = "metrics@${domain}";
admin_password = "$__file{${config.age.secrets."hosts/cube/grafana/password".path}}"; admin_password = "$__file{${config.secrets.grafanaPassword.path}}";
admin_user = "admin"; admin_user = "admin";
cookie_secure = true; cookie_secure = true;
@ -64,7 +60,7 @@ in serverSystemConfiguration {
settings.smtp = { settings.smtp = {
enabled = true; enabled = true;
password = "$__file{${config.age.secrets."hosts/cube/grafana/password.mail".path}}"; password = "$__file{${config.secrets.grafanaMailPassword.path}}";
startTLS_policy = "MandatoryStartTLS"; startTLS_policy = "MandatoryStartTLS";
ehlo_identity = "contact@${domain}"; ehlo_identity = "contact@${domain}";
@ -74,9 +70,9 @@ in serverSystemConfiguration {
}; };
}; };
services.nginx.virtualHosts.${fqdn} = (sslTemplate domain) // { services.nginx.virtualHosts.${fqdn} = merge config.sslTemplate {
locations."/" = { locations."/" = {
proxyPass = "http://[::]:${toString config.services.grafana.settings.server.http_port}"; proxyPass = "http://[::1]:${toString port}";
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };

BIN
hosts/cube/grafana/password.age
View file

Binary file not shown.

18
hosts/cube/grafana/password.mail.age
View file

@ -1,5 +1,15 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 +rZ0Tw xkWa1fXAqQk5S+VNegGJpwGGDK0S3U+/QqPqSJgDUzI -> ssh-ed25519 +rZ0Tw O0H0h+hSKjcOPaWE8iDSpYsR0TGigDeyBUmHtFTCNjQ
xQRrNt48YL6ueLKKN4VXZuwzP0wu7AykvShOTv06YVQ EHORIYFfRAoYEME9SM6l3ef6jfYmLBXEgGxZ7L+wZyA
--- pEof9mZkQfWKgX5jrFGissq6m8/CvS7O2G52d/XbS8w -> ssh-rsa jPaU3Q
Ñ,5 ÜK¬h×¾#s®( z™_IipY/ð=¸£Ü¯øßRw•S“¹ bG32pycqaE13cyS0OVqd3mI3lmP91UOgBrhnIhUv6WCDxJdQoshrUNhfF93JAI9+
HSAsAOM1UHeffdNuucCQsoTxENCFonldrK8+cQwPyQlPSGIP5yE4hFFRUjoct0X5
qdJsjgHAP53c5707mdwsx7lbpRLFPhW6JvA90wn1LKZPgMHBD5yQRPc+qM0NQ10b
sOqNU8dVuuIwWGtzHm9vrw3jUZMNiH+AUJ8IcaEC8+5FFAHr1cib3+rzyUmbzrxr
n2dXsIICLmQZVXoNPMYltcHyM6jf1a+cxh9Z7ZKhVxJvD2jXh9CqrHw5Z2xbQJTL
rwKNE85xxwQNzldYPMGLWyfn25j08/Jx4uZHXQIGrjVQCRRy+Mmn9d05MY2BNPNC
vpA848kn1IIM5ybBdsEXSqywoE2+r+J39JVUcQgTdXhjQwfZWcXiaq3haD6mhtRp
0VIqnBeu4vuvgtOEnWzvqVj0k64sYs+uPVjuXrW6szcSBcHj/QLfIQ//Tw4sRpQy
--- DRdJx69Bkj+MVtk3dlZ0gMQmHG7NC7ZbzuMGbEbNVUQ
¹ ¦ ˆñ¥ÈŽ^@„éü%˜”,ƒqå\4a©EÆQEi>ðRÛvêðÞ

12
hosts/cube/hardware.nix
View file

@ -1,8 +1,10 @@
{ ulib, modulesPath, ... }: with ulib; merge { lib, modulesPath, ... }: with lib;
(modulesPath + "/profiles/qemu-guest.nix") systemConfiguration {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
(serverSystemConfiguration {
boot.loader.grub = enabled { boot.loader.grub = enabled {
device = "/dev/vda"; device = "/dev/vda";
useOSProber = true; useOSProber = true;
@ -17,7 +19,7 @@
]; ];
fileSystems."/" = { fileSystems."/" = {
device = "/dev/disk/by-uuid/a14e3685-693a-4099-a2fe-ce959935dd50"; device = "/dev/disk/by-label/root";
fsType = "ext4"; fsType = "ext4";
}; };
}) }

30
hosts/cube/mail/default.nix
View file

@ -1,15 +1,18 @@
{ config, lib, ulib, ... }: with ulib; { config, lib, ... }: with lib;
let let
inherit (config.networking) domain; inherit (config.networking) domain;
fqdn = "mail.${domain}"; fqdn = "mail.${domain}";
in serverSystemConfiguration {
age.secrets."hosts/cube/mail/password".file = ./password.age; prometheusPort = 9040;
in systemConfiguration {
secrets.mailPassword.file = ./password.age;
services.prometheus = { services.prometheus = {
exporters.postfix = enabled { exporters.postfix = enabled {
port = 9040; listenAddress = "[::1]";
port = prometheusPort;
}; };
scrapeConfigs = [{ scrapeConfigs = [{
@ -18,27 +21,12 @@ in serverSystemConfiguration {
static_configs = [{ static_configs = [{
labels.job = "postfix"; labels.job = "postfix";
targets = [ targets = [
"[::]:${toString config.services.prometheus.exporters.postfix.port}" "[::1]:${toString prometheusPort}"
]; ];
}]; }];
}]; }];
}; };
services.fail2ban.jails = {
dovecot.settings = {
filter = "dovecot";
maxretry = 3;
};
postfix.settings = {
filter = "postfix";
maxretry = 3;
};
};
services.kresd.listenPlain = lib.mkForce [ "[::]:53" "0.0.0.0:53" ];
services.redis.servers.rspamd.bind = "0.0.0.0";
services.dovecot2.sieve = { services.dovecot2.sieve = {
extensions = [ "fileinto" ]; extensions = [ "fileinto" ];
globalExtensions = [ "+vnd.dovecot.pipe" "+vnd.dovecot.environment" ]; globalExtensions = [ "+vnd.dovecot.pipe" "+vnd.dovecot.environment" ];
@ -74,7 +62,7 @@ in serverSystemConfiguration {
loginAccounts."contact@${domain}" = { loginAccounts."contact@${domain}" = {
aliases = [ "@${domain}" ]; aliases = [ "@${domain}" ];
hashedPasswordFile = config.age.secrets."hosts/cube/mail/password".path; hashedPasswordFile = config.secrets.mailPassword.path;
}; };
}; };
} }

BIN
hosts/cube/mail/password.age
View file

Binary file not shown.

BIN
hosts/cube/matrix-synapse/password.secret.age
View file

Binary file not shown.

6
hosts/cube/matrix-synapse/password.sync.age
View file

@ -1,6 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 +rZ0Tw qnll3AmLOYVpsLP78bOa0F20HjoN0dOFK2Rk/Ye5w24
Gsmy22GHYX+0dlrUJalVlPXTWyzCz7q9W5gQza71XbA
--- UQhQek9ss1w8rqxj7HQxh8H/uaIsTK5SIfxqCAe1xoQ
ÈfÉ<> ZôržŽU¬Z'²P<C2B2><E280A2>~@þŽf ã‡5_<35>Ëcru<72>ùÒË/<£÷ÚQ°é|fYŠ[‡rò^²<>SO6>
d!ÈHkZõXr$j [—\í…BüÃ(/ëÈÐÏ#

37
hosts/cube/matrix-synapse/default.nix → hosts/cube/matrix/default.nix
View file

@ -1,4 +1,4 @@
{ config, ulib, ... }: with ulib; { config, lib, ... }: with lib;
let let
inherit (config.networking) domain; inherit (config.networking) domain;
@ -16,6 +16,7 @@ let
clientConfig."m.homeserver".base_url = "https://${chatDomain}"; clientConfig."m.homeserver".base_url = "https://${chatDomain}";
clientConfig."org.matrix.msc3575.proxy".url = "https://${syncDomain}"; clientConfig."org.matrix.msc3575.proxy".url = "https://${syncDomain}";
serverConfig."m.server" = "${chatDomain}:443"; serverConfig."m.server" = "${chatDomain}:443";
wellKnownResponseConfig.locations = { wellKnownResponseConfig.locations = {
@ -26,8 +27,8 @@ let
notFoundLocationConfig = { notFoundLocationConfig = {
locations."/".extraConfig = "return 404;"; locations."/".extraConfig = "return 404;";
extraConfig = "error_page 404 /404.html;"; extraConfig = "error_page 404 /404.html;";
locations."= /404.html".extraConfig = "internal;"; locations."/404".extraConfig = "internal;";
locations."/assets/".extraConfig = "return 301 https://${domain}$request_uri;"; locations."/assets/".extraConfig = "return 301 https://${domain}$request_uri;";
}; };
@ -35,11 +36,11 @@ let
synapsePort = 8001; synapsePort = 8001;
syncPort = 8002; syncPort = 8002;
in serverSystemConfiguration { in serverSystemConfiguration {
age.secrets."hosts/cube/matrix-synapse/password.secret" = { secrets.matrixSecret = {
file = ./password.secret.age; file = ./password.secret.age;
owner = "matrix-synapse"; owner = "matrix-synapse";
}; };
age.secrets."hosts/cube/matrix-synapse/password.sync" = { secrets.matrixSyncPassword = {
file = ./password.sync.age; file = ./password.sync.age;
owner = "matrix-synapse"; owner = "matrix-synapse";
}; };
@ -88,12 +89,12 @@ in serverSystemConfiguration {
}; };
# Sets registration_shared_secret. # Sets registration_shared_secret.
extraConfigFiles = [ config.age.secrets."hosts/cube/matrix-synapse/password.secret".path ]; extraConfigFiles = [ config.secrets.matrixSecret.path ];
settings.listeners = [{ settings.listeners = [{
port = synapsePort; port = synapsePort;
bind_addresses = [ "::" ]; bind_addresses = [ "::1" ];
tls = false; tls = false;
type = "http"; type = "http";
x_forwarded = true; x_forwarded = true;
@ -107,29 +108,29 @@ in serverSystemConfiguration {
services.nginx.virtualHosts.${domain} = wellKnownResponseConfig; services.nginx.virtualHosts.${domain} = wellKnownResponseConfig;
services.nginx.virtualHosts.${chatDomain} = ulib.recursiveUpdateAll [ (sslTemplate domain) wellKnownResponseConfig notFoundLocationConfig { services.nginx.virtualHosts.${chatDomain} = merge config.sslTemplate wellKnownResponseConfig notFoundLocationConfig {
root = "${sitePath}"; root = "${sitePath}";
locations."/_matrix".proxyPass = "http://[::]:${toString synapsePort}"; locations."/_matrix".proxyPass = "http://[::1]:${toString synapsePort}";
locations."/_synapse/client".proxyPass = "http://[::]:${toString synapsePort}"; locations."/_synapse/client".proxyPass = "http://[::1]:${toString synapsePort}";
}]; };
services.matrix-sliding-sync = enabled { services.matrix-sliding-sync = enabled {
environmentFile = config.age.secrets."hosts/cube/matrix-synapse/password.sync".path; environmentFile = config.age.secrets.matrixSyncPassword.path;
settings = { settings = {
SYNCV3_SERVER = "https://${chatDomain}"; SYNCV3_SERVER = "https://${chatDomain}";
SYNCV3_DB = "postgresql:///matrix-sliding-sync?host=/run/postgresql"; SYNCV3_DB = "postgresql:///matrix-sliding-sync?host=/run/postgresql";
SYNCV3_BINDADDR = "[::]:${toString syncPort}"; SYNCV3_BINDADDR = "[::1]:${toString syncPort}";
}; };
}; };
services.nginx.virtualHosts.${syncDomain} = ulib.recursiveUpdateAll [ (sslTemplate domain) notFoundLocationConfig { services.nginx.virtualHosts.${syncDomain} = merge config.sslTemplate notFoundLocationConfig {
root = "${sitePath}"; root = sitePath;
locations."~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync)" locations."~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync)"
.proxyPass = "http://[::]:${toString synapsePort}"; .proxyPass = "http://[::1]:${toString synapsePort}";
locations."~ ^(\\/_matrix|\\/_synapse\\/client)" locations."~ ^(\\/_matrix|\\/_synapse\\/client)"
.proxyPass = "http://[::]:${toString syncPort}"; .proxyPass = "http://[::1]:${toString syncPort}";
}]; };
} }

BIN
hosts/cube/matrix/password.secret.age Normal file
View file

Binary file not shown.

15
hosts/cube/matrix/password.sync.age Normal file
View file

@ -0,0 +1,15 @@
age-encryption.org/v1
-> ssh-ed25519 +rZ0Tw 0X0Ku7Shx9cZTtdBQvBT0yNdiRBCA72grq9mbBn5w30
pv1SwZo5Sw2Y0AH5r0U4oIE+l2HLUfAMZa7MdExmi/0
-> ssh-rsa jPaU3Q
yQ4L8WaeBIqJmXXnXiZAq0l0hwaWoIZDUsx1Yfu65CwkhNzxE3zC7qn8TG+/yz90
jxv3qCwkCfKUA12R1JHJj4TAvDXgBw8Icd24M5KcXaCQGZdTGEhGSod1kHFDx30R
J5xJ4a+kJRUGL2UOsXwFBM/7pk/gMgfPvY8kckc0jCXR4w6UxQ2g1T29uqGo17CP
GVHnHW+Kckc34x7Szry9gLKORNlwXskfkAOhXRnoSoj6pMNiTi6qY36DJZtrO38b
CBSx3xe5JzRn+/SwumV+lk5LG/7rqQYttffdIY/qkB322Yl5pJF8eglc/fOShbaM
AgMsOSioE17Kp7dlWOVnYjhcFqPITUryfeCnOzmeWAK7FG1s4nErSw0X9sKn1fYr
zXPnu/J+f862skfkgnJwUEe3hjzwEvnxNGPaTLCBluYeyKQs8L/veTMQkgEjAJKn
/Gzoh/aYEiYgSFsAid9jteup5jNhQS+j7jvF+zjlKgWaQ8k6IcqVK8p2fd8NQ47Y
--- KeyAgC1N1Th+hPkr7kT2b5tk+yd+oN8z7MbVtzHTQHE
3 †n”)õ‹Ã¤„%ý<>(…'šR?e5ˆ´ÁQï®Ç<C2AE>˜Ã7<çèMd«H€õ<E282AC>rË0ÔyhlÔÔõ¸E…G{옷NJÝßnj㔰®;™³tEp»éy÷¿Oãbm1<14>Ý°}®ÊéÈHž=·Ìα[ß

55
hosts/cube/nextcloud/default.nix
View file

@ -1,19 +1,49 @@
{ config, lib, ulib, pkgs, ... }: with ulib; { config, lib, pkgs, ... }: with lib;
let let
inherit (config.networking) domain; inherit (config.networking) domain;
fqdn = "cloud.${domain}"; fqdn = "cloud.${domain}";
in serverSystemConfiguration {
age.secrets."hosts/cube/nextcloud/password" = { prometheusPort = 9060;
nextcloudPackage = pkgs.nextcloud28;
in systemConfiguration {
secrets.nextcloudPassword = {
file = ./password.age; file = ./password.age;
owner = "nextcloud"; owner = "nextcloud";
}; };
secrets.nextcloudExporterPassword = {
file = ./password.age;
owner = "nextcloud-exporter";
};
services.prometheus = {
exporters.nextcloud = enabled {
listenAddress = "[::1]";
port = prometheusPort;
username = "admin";
url = "https://${fqdn}";
passwordFile = config.secrets.nextcloudExporterPassword.path;
};
scrapeConfigs = [{
job_name = "nextcloud";
static_configs = [{
labels.job = "nextcloud";
targets = [
"[::1]:${toString prometheusPort}"
];
}];
}];
};
services.postgresql = { services.postgresql = {
ensureDatabases = [ "nextcloud" ]; ensureDatabases = [ "nextcloud" ];
ensureUsers = [{ ensureUsers = [{
name = "nextcloud"; name = "nextcloud";
ensureDBOwnership = true; ensureDBOwnership = true;
}]; }];
}; };
@ -22,7 +52,7 @@ in serverSystemConfiguration {
after = [ "postgresql.service" ]; after = [ "postgresql.service" ];
requires = [ "postgresql.service" ]; requires = [ "postgresql.service" ];
script = lib.mkAfter '' script = mkAfter ''
nextcloud-occ theming:config name "RGBCube's Depot" nextcloud-occ theming:config name "RGBCube's Depot"
nextcloud-occ theming:config slogan "RGBCube's storage of insignificant data." nextcloud-occ theming:config slogan "RGBCube's storage of insignificant data."
@ -34,7 +64,7 @@ in serverSystemConfiguration {
}; };
services.nextcloud = enabled { services.nextcloud = enabled {
package = pkgs.nextcloud28; package = nextcloudPackage;
hostName = fqdn; hostName = fqdn;
https = true; https = true;
@ -42,7 +72,7 @@ in serverSystemConfiguration {
configureRedis = true; configureRedis = true;
config.adminuser = "admin"; config.adminuser = "admin";
config.adminpassFile = config.age.secrets."hosts/cube/nextcloud/password".path; config.adminpassFile = config.secrets.nextcloudPassword.path;
config.dbhost = "/run/postgresql"; config.dbhost = "/run/postgresql";
config.dbtype = "pgsql"; config.dbtype = "pgsql";
@ -50,7 +80,7 @@ in serverSystemConfiguration {
settings = { settings = {
default_phone_region = "TR"; default_phone_region = "TR";
mail_smtphost = "::"; mail_smtphost = "::1";
mail_smtpmode = "sendmail"; mail_smtpmode = "sendmail";
mail_from_address = "cloud"; mail_from_address = "cloud";
}; };
@ -76,16 +106,15 @@ in serverSystemConfiguration {
extraAppsEnable = true; extraAppsEnable = true;
extraApps = { extraApps = {
inherit (config.services.nextcloud.package.packages.apps) inherit (nextcloudPackage.packages.apps)
bookmarks calendar contacts deck bookmarks calendar contacts deck
forms groupfolders impersonate forms groupfolders impersonate mail
mail maps notes phonetrack maps notes polls previewgenerator tasks;
polls previewgenerator tasks;
# Add: files_markdown files_texteditor memories news # Add: files_markdown files_texteditor memories news
}; };
nginx.recommendedHttpHeaders = true; nginx.recommendedHttpHeaders = true;
}; };
services.nginx.virtualHosts.${fqdn} = sslTemplate domain; services.nginx.virtualHosts.${fqdn} = config.sslTemplate;
} }

18
hosts/cube/nextcloud/password.age
View file

@ -1,5 +1,15 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 +rZ0Tw 3QOn//uIWJTnBEVz3bn3s3yQlAeGDCynaJ4C+2Zi8iE -> ssh-ed25519 +rZ0Tw HGa+kmHedio/tQYp0ZuMCMjdEOtETkioVoRf0a5pkkY
AsPa4woWILuLVS0bvkLBddda9mQqJ9CS1hkWwhNrLg8 OoAFxkLB8pSADTgUcCwdqInYwF83//28Cza8jblQzaU
--- 7XNX3eRRei1LrcRiQSLgHJ0OkYt145uDVq+gtN/A9tk -> ssh-rsa jPaU3Q
˜²KD r.'Q…î‰ø°ü<C2B0>¦”¡DöÕML3óIš•Çû½3ðì W1fQyikhppgQKqASdAuKX2tpDrNgdXhe5LD1KjPuocTUa3sS+DM9UYf8Ap/uNDlA
V481pDnrzO9c7lwP/HzUU4O2cm5APbT+Ho0kF1B+W4T3DiXt4/pvzxcufApoloY5
bM7l3eH4gsp6Buiqr0EowZ48KNi9wW4OXxqjVRSCbyyfygEAl80zT8QP1/cF7A4q
JwHVM6oyGLwLkfXrdLdxQw9T1Q/5wTCePBfzNzCE6XhmL48Hb1vKXnOwTpobVb1v
Dn0FuD7GvhkgV06sd34sN6YO90lJAgPKvE0up2gIHG2FEJK0Pt8Er+SFJ5gag+W6
fNZ/0P3lT/sB1WSWNn5w4nzmCU5VhxdJf+8hkdRwYqnGoE29YJXT/vW8PX4qFDGf
++0HDup6FHFp4VZf6NwVI/Ua68IfyX53Y7iAeLvMiSF/SK5b4KezR0oTRd88t6x+
qA/iv9wcV5z2qDXaVyitcREpC+bwvF7HdI+qmFIl9i5oMFv+pSoxuQRrTtAoBwup
--- TsR5Ga8FM1YlCiUXVghF3MoWq9jvAo4/2g8IvOrBMCg
„NÐyÌjÆ㦩ÝÞu2àÒƒp£™ÅB,0l<Mð¨Î<E280BA>Õ²¯{Ôðƒ

17
hosts/cube/nginx.nix
View file

@ -1,12 +1,17 @@
{ config, ulib, pkgs, ... }: with ulib; { lib, pkgs, ... }: with lib;
serverSystemConfiguration { let
networking.firewall.allowedTCPPorts = [ 80 443 ]; prometheusPort = 9030;
networking.firewall.allowedUDPPorts = [ 443 ]; in systemConfiguration {
networking.firewall = {
allowedTCPPorts = [ 443 80 ];
allowedUDPPorts = [ 443 ];
};
services.prometheus = { services.prometheus = {
exporters.nginx = enabled { exporters.nginx = enabled {
port = 9030; listenAddress = "[::1]";
port = prometheusPort;
}; };
scrapeConfigs = [{ scrapeConfigs = [{
@ -14,7 +19,7 @@ serverSystemConfiguration {
static_configs = [{ static_configs = [{
labels.job = "nginx"; labels.job = "nginx";
targets = [ "[::]:${toString config.services.prometheus.exporters.nginx.port}" ]; targets = [ "[::1]:${toString prometheusPort}" ];
}]; }];
}]; }];
}; };

19
hosts/cube/password.rgb.age
View file

@ -1,5 +1,16 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 +rZ0Tw 5+B9syGilyIjTRiIbR/tQqIRZ5ZUax8gOIZR62lYGhw -> ssh-ed25519 +rZ0Tw AMjDOXqRZGRFrMUIlDdqbSkwXuDSwg+0I7WLgYOnqAU
vTzxsGNvqnZKGkDHy2+gyIIPqLXZltVBzwEQ5HeuLO0 awL2vueTU9BIRVBcvWQOtV3xoqC8BCrePg/D/FHtz28
--- eRFepEnDGHeb96HOq0kZOvILnQlL/WCf8fnVJbFHP8w -> ssh-rsa jPaU3Q
iaõþëo'DÝÌ—êc[‰º\;m/¤ÖëKÝÉù€ªðsÒê0óñ rð½û)Vàöh}¬™Ïxhðâzq¡A}w¢ÚDª— Ù«V÷×P1jÛÓ%ÁµJ- wIBOZFIsnXTf0fC3u2EOBdx4WSRefY3rcvG1pjwhUhpkSYc0E9U0EgZHFvfIk2kD
uJUxtob3X45oJtM+8IS5vPrOHJMg8HFUJ/8h8uLJ8Jv2MTZvLeIxg5eFZBtXXR3m
pR8gY0jCTzzrRjwVvF6RHYYFtdVtAKJ9ikI7Y/Q6UKI0Qk5jWBcAVBW0fkW4BM9i
qj0fzByXXnzORePvFItlh8JXI07L8lUgt5cPOtMnoAXZDQRvzTAbHiigHYZZKDgl
s0rw+CZ/lbUm9fvjPdGSOZ2v8Xo147Gf0bUgHMdBpDbFHglBiW2SeP7+JJNV0M3q
eLGgI/eMeBBoQVV/cTRkKZzeB2S7Gsh3ogSBFqmHa9nLEitzATcgW5xyVBN9YdnG
ZDi0GcPbe0VzpGaLIiF+qSNtUjIgKQKFuMoMKT6lcSUUhDw6OK5YeliK7P6JOS30
rlwsZcxGDEcvJp8lRFKal9Kkv6+0EOr4b3d2NLWe3Wdd5uCpVF3FusAdwgxW8VH+
--- jLhThmnzFUBiv2G29RihvdYKXuk6b7JLWyPC+quwX8w
ŻąeäČ*V71ůFňpáŚćŁvĹPE_uśš<C5A1>â¦GŞ<útë¨%ľĹŇôŕ@<40>/f^“ËxĎŚş<C59A>7*Ňř`YłčFNĆ0™Ŕ•N¬ÜR<08>¤“e<E2809C> N<C2A0>~xĄYĎőˇ(<28>˛úň
ˇaWŹ

6
hosts/cube/podman.nix
View file

@ -1,9 +1,9 @@
{ ulib, ... }: with ulib; { lib, ... }: with lib;
serverSystemConfiguration { systemConfiguration {
virtualisation.podman = enabled { virtualisation.podman = enabled {
dockerCompat = true; dockerCompat = true;
dockerSocket = enabled {}; dockerSocket = enabled;
defaultNetwork.settings.dns_enabled = true; defaultNetwork.settings.dns_enabled = true;

17
hosts/cube/postgresql.nix
View file

@ -1,9 +1,12 @@
{ config, lib, ulib, pkgs, ... }: with ulib; merge { lib, pkgs, ... }: with lib; merge
(serverSystemConfiguration { (let
prometheusPort = 9020;
in systemConfiguration {
services.prometheus = { services.prometheus = {
exporters.postgres = enabled { exporters.postgres = enabled {
port = 9020; listenAddress = "[::1]";
port = prometheusPort;
runAsLocalSuperUser = true; runAsLocalSuperUser = true;
}; };
@ -12,7 +15,7 @@
static_configs = [{ static_configs = [{
labels.job = "postgres"; labels.job = "postgres";
targets = [ "[::]:${toString config.services.prometheus.exporters.postgres.port}" ]; targets = [ "[::1]:${toString prometheusPort}" ];
}]; }];
}]; }];
}; };
@ -22,7 +25,7 @@
initdbArgs = [ "--locale=C" "--encoding=UTF8" ]; initdbArgs = [ "--locale=C" "--encoding=UTF8" ];
authentication = lib.mkOverride 10 '' authentication = mkOverride 10 ''
# Type Database DBUser Authentication IdentMap # Type Database DBUser Authentication IdentMap
local sameuser all peer map=superuser_map local sameuser all peer map=superuser_map
''; '';
@ -58,7 +61,7 @@
]; ];
settings = { settings = {
listen_addresses = lib.mkForce ""; listen_addresses = mkForce "";
# https://pgconfigurator.cybertec.at/ # https://pgconfigurator.cybertec.at/
max_connections = 100; max_connections = 100;
@ -118,6 +121,6 @@
}; };
}) })
(serverSystemPackages (with pkgs; [ (systemPackages (with pkgs; [
postgresql postgresql
])) ]))

18
hosts/cube/prometheus.nix
View file

@ -1,11 +1,15 @@
{ config, ulib, ... }: with ulib; { lib, ... }: with lib;
serverSystemConfiguration { let
port = 9000;
nodeExporterPort = 9010;
in systemConfiguration {
services.grafana.provision.datasources.settings = { services.grafana.provision.datasources.settings = {
datasources = [{ datasources = [{
name = "Prometheus"; name = "Prometheus";
type = "prometheus"; type = "prometheus";
url = "http://[::]:${toString config.services.prometheus.port}"; url = "http://[::1]:${toString port}";
orgId = 1; orgId = 1;
}]; }];
@ -17,12 +21,14 @@ serverSystemConfiguration {
}; };
services.prometheus = enabled { services.prometheus = enabled {
port = 9000; inherit port;
retentionTime = "1w"; retentionTime = "1w";
exporters.node = enabled { exporters.node = enabled {
enabledCollectors = [ "processes" "systemd" ]; enabledCollectors = [ "processes" "systemd" ];
port = 9010; listenAddress = "[::1]";
port = nodeExporterPort;
}; };
scrapeConfigs = [{ scrapeConfigs = [{
@ -30,7 +36,7 @@ serverSystemConfiguration {
static_configs = [{ static_configs = [{
labels.job = "node"; labels.job = "node";
targets = [ "[::]:${toString config.services.prometheus.exporters.node.port}" ]; targets = [ "[::1]:${toString nodeExporterPort}" ];
}]; }];
}]; }];
}; };

80
hosts/cube/site.nix
View file

@ -1,52 +1,54 @@
{ config, ulib, ... }: with ulib; { config, lib, ... }: with lib;
let let
inherit (config.networking) domain; inherit (config.networking) domain;
path = "/var/www/site"; sitePath = "/var/www/site";
notFoundLocationConfig = { notFoundLocationConfig = {
extraConfig = "error_page 404 /404.html;"; extraConfig = "error_page 404 /404.html;";
locations."= /404.html".extraConfig = "internal;"; locations."/404".extraConfig = "internal;";
}; };
in serverSystemConfiguration { in systemConfiguration {
services.nginx.appendHttpConfig = '' services.nginx = enabled {
map $http_origin $allow_origin { appendHttpConfig = ''
~^https://.+\.rgbcu.be$ $http_origin; map $http_origin $allow_origin {
} ~^https://.+\.rgbcu.be$ $http_origin;
map $http_origin $allow_methods {
~^https://.+\.rgbcu.be$ "GET, HEAD, OPTIONS";
}
'';
services.nginx.virtualHosts.${domain} = ulib.recursiveUpdateAll [ (sslTemplate domain) notFoundLocationConfig {
root = "${path}";
locations."/".tryFiles = "$uri $uri.html $uri/index.html =404";
locations."/assets/".extraConfig = ''
add_header Access-Control-Allow-Origin $allow_origin;
add_header Access-Control-Allow-Methods $allow_methods;
if ($request_method = OPTIONS) {
add_header Content-Type text/plain;
add_header Content-Length 0;
return 204;
} }
expires 24h; map $http_origin $allow_methods {
~^https://.+\.rgbcu.be$ "GET, HEAD, OPTIONS";
}
''; '';
}];
services.nginx.virtualHosts."www.${domain}" = (sslTemplate domain) // { virtualHosts.${domain} = merge config.sslTemplate notFoundLocationConfig {
locations."/".extraConfig = "return 301 https://${domain}$request_uri;"; root = sitePath;
locations."/".tryFiles = "$uri $uri.html $uri/index.html =404";
locations."/assets/".extraConfig = ''
add_header Access-Control-Allow-Origin $allow_origin;
add_header Access-Control-Allow-Methods $allow_methods;
if ($request_method = OPTIONS) {
add_header Content-Type text/plain;
add_header Content-Length 0;
return 204;
}
expires 24h;
'';
};
virtualHosts."www.${domain}" = merge config.sslTemplate {
locations."/".extraConfig = "return 301 https://${domain}$request_uri;";
};
virtualHosts._ = merge config.sslTemplate notFoundLocationConfig {
root = sitePath;
locations."/".extraConfig = "return 404;";
locations."/assets/".extraConfig = "return 301 https://${domain}$request_uri;";
};
}; };
services.nginx.virtualHosts._ = ulib.recursiveUpdateAll [ (sslTemplate domain) notFoundLocationConfig {
root = "${path}";
locations."/".extraConfig = "return 404;";
locations."/assets/".extraConfig = "return 301 https://${domain}$request_uri;";
}];
} }

41
hosts/disk/default.nix Normal file
View file

@ -0,0 +1,41 @@
{ config, lib, keys, ... }: with lib; merge
(systemConfiguration {
system.stateVersion = "23.11";
nixpkgs.hostPlatform = "x86_64-linux";
networking.domain = "rgbcu.be";
secrets.floppyPassword.file = ./password.floppy.age;
users.users = {
root.hashedPasswordFile = config.secrets.floppyPassword.path;
floppy = sudoUser {
description = "Floppy";
openssh.authorizedKeys.keys = [ keys.enka ];
hashedPasswordFile = config.secrets.floppyPassword.path;
};
};
networking = {
defaultGateway = "23.164.232.1";
defaultGateway6 = "2602:f9f7::1";
interfaces.ens32 = {
ipv4.addresses = [{
address = "23.164.232.40";
prefixLength = 25;
}];
ipv6.addresses = [{
address = "2602:f9f7::40";
prefixLength = 64;
}];
};
};
})
(homeConfiguration {
home.stateVersion = "23.11";
})

27
hosts/disk/hardware.nix Normal file
View file

@ -0,0 +1,27 @@
{ config, lib, ... }: with lib;
systemConfiguration {
boot.loader = {
systemd-boot = enabled {
editor = false;
};
efi.canTouchEfiVariables = true;
};
boot.initrd.availableKernelModules = [ "ahci" "ata_piix" "nvme" "sr_mod" ];
fileSystems."/" = {
device = "/dev/disk/by-label/root";
fsType = "ext4";
};
fileSystems.${config.boot.loader.efi.efiSysMountPoint} = {
device = "/dev/disk/by-label/boot";
fsType = "vfat";
};
swapDevices = [{
device = "/dev/disk/by-label/swap";
}];
}

BIN
hosts/disk/password.floppy.age Normal file
View file

Binary file not shown.

9
hosts/disk/site6.nix Normal file
View file

@ -0,0 +1,9 @@
{ self, lib, ... }: with lib;
systemConfiguration {
imports = [
(self + /hosts/cube/acme.nix)
(self + /hosts/cube/nginx.nix)
(self + /hosts/cube/site.nix)
];
}

33
hosts/enka/default.nix
View file

@ -1,4 +1,4 @@
{ config, ulib, ... }: with ulib; merge { config, lib, ... }: with lib; merge
(systemConfiguration { (systemConfiguration {
system.stateVersion = "23.05"; system.stateVersion = "23.05";
@ -6,26 +6,23 @@
time.timeZone = "Europe/Istanbul"; time.timeZone = "Europe/Istanbul";
age.secrets."hosts/enka/password.said".file = ./password.said.age; secrets = {
age.secrets."hosts/enka/password.orhan".file = ./password.orhan.age; orhanPassword.file = ./password.orhan.age;
saidPassword.file = ./password.said.age;
users.users.root.hashedPasswordFile = config.age.secrets."hosts/enka/password.said".path;
users.users.said = graphicalUser {
description = "Said";
extraGroups = [ "wheel" ];
hashedPasswordFile = config.age.secrets."hosts/enka/password.said".path;
uid = 1000;
}; };
users.users.orhan = graphicalUser { users.users = {
description = "Orhan"; root.hashedPasswordFile = config.secrets.saidPassword.path;
hashedPasswordFile = config.age.secrets."hosts/enka/password.orhan".path;
uid = 1001;
};
networking.firewall = enabled { orhan = desktopUser {
allowedTCPPorts = [ 8080 ]; description = "Orhan";
hashedPasswordFile = config.secrets.orhanPassword.path;
};
said = sudoUser (desktopUser {
description = "Said";
hashedPasswordFile = config.secrets.saidPassword.path;
});
}; };
}) })

19
hosts/enka/hardware.nix
View file

@ -1,10 +1,13 @@
{ ulib, ... }: with ulib; { config, lib, ... }: with lib;
desktopSystemConfiguration { systemConfiguration {
boot.loader = { boot.loader = {
systemd-boot = enabled {
editor = false;
consoleMode = "max";
};
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;
systemd-boot.enable = true;
systemd-boot.editor = false;
}; };
boot.initrd.availableKernelModules = [ boot.initrd.availableKernelModules = [
@ -20,14 +23,14 @@ desktopSystemConfiguration {
fsType = "btrfs"; fsType = "btrfs";
}; };
fileSystems."/boot" = { fileSystems.${config.boot.loader.efi.efiSysMountPoint} = {
device = "/dev/disk/by-label/boot"; device = "/dev/disk/by-label/boot";
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices = [ swapDevices = [{
{ device = "/dev/disk/by-label/swap"; } device = "/dev/disk/by-label/swap";
]; }];
hardware.enableAllFirmware = true; hardware.enableAllFirmware = true;
hardware.cpu.intel.updateMicrocode = true; hardware.cpu.intel.updateMicrocode = true;

20
hosts/enka/password.orhan.age
View file

@ -1,13 +1,13 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-rsa jPaU3Q -> ssh-rsa jPaU3Q
M19jE1+l5CGuAbWy3AAhJcVtW9E1b8al9rgjSJ26ESewP5fipabiW8/KEA6QowU4 Ra86YZeGq1g0NlPLVj/mdqFDp/SZQHL/CDJ3SaFTYtmfUqSER/hXOz7X5wqOZ+Yf
NbFFu9Za0Sqo2ly5AS7kubYROCYQE238cZgMfVG15nFmIP1s3MY8hNZFaeJdjYJW SC0DUxrAaPobkuK9QMayBNmwB8Rq/cGXOb/vKmT5PnLpqNVu0ggIoaO+ZTEiUG8g
W8SLTddBA5xWBzfNH2ZtW7KBICMgl5+mKAj35pB6qxcZjj274llFy8d8Xs0UsyDW ATdjUU+xPQpOCkk7wsdW4AzW1G4bOAS7AXFipfU+BhVtLzGziDJ6Uuglvt0ussku
4exLZdzbgCXC5JXVgZpOR0Ou0AdJPtHIxYmkaS+gjkr45fSo3XGSepxRw+SOlkV/ FHdIaD3AJcQQ1/kMdYtiLPQUaGdBnuUqOLzcoAgsp+4SDMHXKfuvyO7EsOaGVCc1
0kQgyw5KPPNZZ9wXo89P4zponyWNqQCKPaxXbGJl44mKBXLxFSvCPjjuAZ7cZ+xn RmCwWZ7UqQdwsn2pXUoAXOlhr3QdjiDTcBd6nVbxWCxy/GBpHgD4ffyMrF+Xv48n
vd2ZcwztgLV84JT5pSJbUwjo6a5GrzOJ3/frxYgG4MK5foM8iyZ6cHFpNVeyOx/b fyX9dMhb4AAz6kAN+/7g/WNHuv0kRCjggHCcd9BhRvrZKGBs7h1B6OvUcREDxVr8
IhfCdFc71+c+hfLpa1OETlKYEVYHDQ/nuAELAy81bfEa8OL1yh8q75gJZukgwWX8 45QpKo2bpQqPBUJPlZXuHRWiQrInGJJHdA2JU1VBGJMnIumVrUCGeJSnBP3Ui46z
QEJLzwsN/496uBbFwwjj05R4feu35Iql1XLqOrTaixUA6uSdWjsnJscENFpchfzI GXIqHhgUYvBLXH0eLaHH17fx7ytWez88dDL8wwaHzL8AEtN+/XPFU7kNEU97QZJo
--- 06pUnwHPhIIgovnUcakwOCjfK5Et4twJF8NChBf3G9o --- RNDo4JKbsihikrIB+cxCXuDCbvd2BqdIEKfLsBplLsI
àçg0FÓ»Äͱõ*¯ŠŽUö;¢ÄÇÍGK½sÏqH-ÞŒ-Mí« v%Ç ¾o÷ºjdOx¸çCkìëÞÕÌçJrºªeÑn±:ÿKãBÓMœ7 <EFBFBD>~59\<5C>[{ZV7J2<<3C><><EFBFBD><EFBFBD><EFBFBD>•<EFBFBD><C295><EFBFBD>!U<>ID<49><44><EFBFBD><EFBFBD><EFBFBD><H!<21>s<EFBFBD>L<><4C><EFBFBD><02>R<EFBFBD>[()<29>V<EFBFBD>ja<6A>s<EFBFBD><73><EFBFBD><EFBFBD>><3E>><3E>GGT<47>*<2A><>JAI1:zx <0A><>ͺ?<3F><>t<EFBFBD>

20
hosts/enka/password.said.age
View file

@ -1,13 +1,13 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-rsa jPaU3Q -> ssh-rsa jPaU3Q
fNM8bL9QB/wvgB+MZOfWXDrPMCc/2bs3B5t1xgXe/Z6I0HXcnL/G1ipebvth/+Mr u3Kl4BwfKKxIk1ASkkOeEBOFbusd/hYapO/Ab78sc0ufOIJvso7rXgK8pjIoKhlD
Wv6bMPgPPwrxvWaoC84PHTclp8kqsipTYO4r40cB5F7Yyq+oBOHlm3Kd1SGSPQQn FLJ6kD8m+z79MDJU5o0UdqAEvzT/O5vUAxVI1XWGdDliSAzEQkaLDtz/Hhg8wlel
FPCA0BxFhYQuHtQuqEdoMRZ5YxgoxWoso1gAAMzcnhac9HVK595F4HITpYzs453Q 9l/oCaV5cEB/3JXPI++4Ck+TaZ61+DGcfkQFXBGFITQyQOcErfGP54KyYeMPPKH6
UTW+c1UigqvI70YNKo2jNSqAwJh2rA4EP/ivz5Y0fOv/WD8TpygbFdbFhvLZ4rBS XB57IahfwK1G9DaIhGxHni328H1d4xmoWobEOS+RalIW9Yc+oJBTw5LEJZpgt8+t
NveQrMJcha/KArzu5cxYuQq+vF7ckGmPygGSMGkXCbb66ET8Mj/daBhfPfZ+nC+v HUQ5x1kKRqqIgZYSuyTV33LI4JxiXpJgPSQIUyUFHCN+0tkshaOa6VjZvIxX+LKi
eaBOlAJ4y+jUwajn3PlWelOjUTNoDHdp8I/xHtJs1avmlWhv8pdA/vR/61C0mApd ZUgAsWTkA/nfpQqX9zOpyhTN1cVR8xUptZWIFlSeu2W9O6xjirOSo6+3574ANrD4
39uzl2XsnvKQkqlE2CD618h1xsmXk9RDxzUzDuejO0Kv1Of7+SsR1Swk7IKaJQpB pvUQe+VEV+U7ePnx81YS9BhESQ8lmqUlaX1d8uGHSWas5DjE8Kcaa6K9k9ab7u9q
SzAfBCtnJxRsTIDVcBvqtb1cJiBgJt5/FFN8IGa9C0Hf3lFvB8qqR2BlwijhfGi/ mh+g2b/P2w2lVRgrcUyqn2S/coEzaHgskx8fyV23w4BbMefoHWdmsNwGhIew8Uhr
--- JmxH14QpQiLryhESgYyK4H7fpol168CbjecUwfnRFRM --- C4f6KVF7Y1hMY+aD+qNTbMeGj9CJ2K5nMkJAzib7QHE
bd!<&Š¦<C5A0>-1e³ƒs”ă¼{OqóG¡~Çû.c¸Šm‰u!Õ$(!/Ää¾aš§§æ´svz¡áw6ãCü¾êE2¢÷>ñ.xBÞb=€ËÿºÔ<C2BA>gjÎ<xàáýN iäH)‰9 f*âêµgbd\À)/A2Vc·îø´¼¬Tÿ'Õü/»Ò£½Æ¿¾Èh<C388>ºåÜ©<19>{¤hÈ££ulêµ]…f9àú 1^ø‹.¾‘C·aYS

17
hosts/password.acme.age Normal file
View file

@ -0,0 +1,17 @@
age-encryption.org/v1
-> ssh-ed25519 +rZ0Tw jXnHlBEI/Soqpgq1ivfJHfyG1Vu6587MRmsiiY/s3Gc
PzOumPaUFNwlkD0e0c9ES7Ix1RGsdnqRKgHPBKpIGuc
-> ssh-ed25519 spFFQA wGPxs3a6og3Hjx5a/EHY8cRoFCGHDu9Ce3BH87FwiEc
X3FdpYD1OftG9xaFzQ3mlvZkQPn4AQmCqfB/6KnCVvE
-> ssh-rsa jPaU3Q
WfcscVagmu1lL48CmP+QLrswXBJVGqMvBpOGbIDDbMXXXGQhuDhKX3f/j35ThUeq
snuV+Nz7Fs4y0RRYlZ5ieWbCV3Xa/TaEA1TfoQD4GMZreX7Fn+w4AhfiPFrc9sUV
ZGpfIxBx2HSkV36c0iLS4Vp14wTYJzrY3gJuldMbHLY9tLD0AVF2EJ456WI4KE0v
XpyvdH37BXwpUrWMk7dGvLS0CnQjGBceRcaWaTU93izFO2GiwE0Vk2nRO9EOxaw/
M08VC7LvAm9Uj4iAJonfnCIf4KdrDlwbBkjDA0FPl2Wg3dOo1/qgGYuMi8wzcuYF
OLbh5kQAcOZ/3QsWnhEd8Vf1BVaQyE/hhelj1R0ZJDB3CeVLdzTlg/MFKUOC9SPw
5znm8ELiQziBariOgGmvAwCYt3O4Wpp7UqWjlnyPBWp94Q6teaj7PuIQ0OCuixPZ
QQikdfG0u0FgXK0fQAmO7/UChbKcrq+xEb84NUd0WiH0t+GTuMq0CpRSg9B1fE0r
--- iJOaeMlcZ5LkNlwPuRdcpyzARZpDxQB0Mn73JKZLCyM
ÜKŠ`Úº€ìÕ^HZL¹úèûù|îfTºß†öÀ‰Ö¢E_ô%Êó?œšk¡'ÆùÐî<C390>ZT&YÎ^¥áPA•¿~Ú÷ŸÜ Æ<>·*tÓ•ÝW˜/Pïh©¯h‡MðšÔØþEAÑHs­¨Î^ÖOÉÆ!žèõŒ±HÜJƒ~¸'g¿9ÑHTIŒO"I§GÆ;][¡¨²ç…_T}SÆ5eîG<C3AE>×®ìg•=]Ëb K HQ°QáóXS ¢Î•(ZXÂ϶Ž%}O Ø:

3
keys.nix
View file

@ -1,4 +1,5 @@
{ {
enka = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDRSLWxpIMOZIQv9ggDnAwSxmux/TZvuEPgq2HFiH+oI2OE07xYQAiroBVI5HH+aIg1nwpYtArANoD8V9Hrx2XCo2py/fMi9LhJWNMlFVcRLqYrCmrZYhBqZhxXIdY+wXqkSE7kvTKsz84BrhwilfA/bqTgVw2Ro6w0RnTzUhlYx4w10DT3isN09cQJMgvuyWNRlpGpkEGhPwyXythKM2ERoHTfq/XtpiGZQeLr6yoTTd9q4rbvnGGka5IUEz3RrmeXEs13l02IY6dCUFJkRRsK8dvB9zFjQyM08IqdaoHeudZoCOsnl/AiegZ7C5FoYEKIXY86RqxS3TH3nwuxe2fXTNr9gwf2PumM1Yh2WxV4+pHQOksxW8rWgv1nXMT5AG0RrJxr+S0Nn7NBbzCImrprX3mg4vJqT24xcUjUSDYllEMa2ioXGCeff8cwVKK/Ly5fwj0AX1scjiw+b7jD6VvDLA5z+ALwCblxiRMCN0SOMk9/V2Xsg9YIRMHyQwpqu8k= said@enka";
cube = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINMkCJeHcD0SIOZ4HkyF6rqUmbvlKhSha3HWMZ0hbIjp rgb@cube"; cube = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINMkCJeHcD0SIOZ4HkyF6rqUmbvlKhSha3HWMZ0hbIjp rgb@cube";
disk = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIItpYQ3Pz6zFifKXvFX7xAC8aby9RW/m5PkW8T9SOee4 floppy@disk";
enka = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDRSLWxpIMOZIQv9ggDnAwSxmux/TZvuEPgq2HFiH+oI2OE07xYQAiroBVI5HH+aIg1nwpYtArANoD8V9Hrx2XCo2py/fMi9LhJWNMlFVcRLqYrCmrZYhBqZhxXIdY+wXqkSE7kvTKsz84BrhwilfA/bqTgVw2Ro6w0RnTzUhlYx4w10DT3isN09cQJMgvuyWNRlpGpkEGhPwyXythKM2ERoHTfq/XtpiGZQeLr6yoTTd9q4rbvnGGka5IUEz3RrmeXEs13l02IY6dCUFJkRRsK8dvB9zFjQyM08IqdaoHeudZoCOsnl/AiegZ7C5FoYEKIXY86RqxS3TH3nwuxe2fXTNr9gwf2PumM1Yh2WxV4+pHQOksxW8rWgv1nXMT5AG0RrJxr+S0Nn7NBbzCImrprX3mg4vJqT24xcUjUSDYllEMa2ioXGCeff8cwVKK/Ly5fwj0AX1scjiw+b7jD6VvDLA5z+ALwCblxiRMCN0SOMk9/V2Xsg9YIRMHyQwpqu8k= said@enka";
} }

37
lib/configuration.nix
View file

@ -1,37 +0,0 @@
users: let
userHomeConfiguration = users: configuration: {
home-manager.users = builtins.foldl' (final: user: final // {
${user} = configuration;
}) {} (if builtins.isList users then users else [ users ]);
};
in rec {
inherit users;
isServer = users.graphical == [];
isDesktop = !isServer;
# For every machine.
systemConfiguration = configuration: configuration;
systemPackages = packages: systemConfiguration { environment.systemPackages = packages; };
systemFonts = packages: systemConfiguration { fonts.packages = packages; };
# For every user, on every machine.
homeConfiguration = configuration: { home-manager.sharedModules = [ configuration ]; };
homePackages = packages: homeConfiguration { home.packages = packages; };
# For every desktop.
desktopSystemConfiguration = configuration: if isServer then {} else configuration;
desktopSystemPackages = packages: if isServer then {} else systemPackages packages;
desktopSystemFonts = packages: if isServer then {} else systemFonts packages;
# For every graphical user on every desktop.
desktopHomeConfiguration = configuration: if isServer then {} else userHomeConfiguration users.graphical configuration;
desktopHomePackages = packages: if isServer then {} else desktopHomeConfiguration { home.packages = packages; };
# For every server.
serverSystemConfiguration = configuration: if isServer then configuration else {};
serverSystemPackages = packages: if isServer then systemPackages packages else {};
serverSystemFonts = packages: if isServer then systemFonts packages else {};
# For every user on every server.
serverHomeConfiguration = configuration: if isServer then homeConfiguration configuration else {};
serverHomePackages = packages: if isServer then homePackages packages else {};
}

6
lib/configuration1.nix Normal file
View file

@ -0,0 +1,6 @@
lib: {
systemConfiguration = cfg: cfg;
systemPackages = pkgs: { environment.systemPackages = pkgs; };
systemFonts = pkgs: { fonts.packages = pkgs; };
homeConfiguration = cfg: { home-manager.sharedModules = [ cfg ]; };
}

32
lib/configuration2.nix Normal file
View file

@ -0,0 +1,32 @@
lib: config: let
userHomeConfiguration = users: cfg: {
home-manager.users = lib.genAttrs users (_: cfg);
};
allNormalUsers = [ "root" ] ++ lib.pipe config.users.users [
(lib.filterAttrs (_: lib.getAttr "isNormalUser"))
lib.attrNames
];
desktopUsers = lib.pipe config.users.users [
(lib.filterAttrs (_: lib.getAttr "isDesktopUser"))
lib.attrNames
];
in rec {
inherit allNormalUsers desktopUsers;
isDesktop = desktopUsers != [];
isServer = desktopUsers == [];
desktopSystemConfiguration = cfg: lib.optionalAttrs isDesktop cfg;
desktopSystemPackages = pkgs: desktopSystemConfiguration (lib.systemPackages pkgs);
desktopSystemFonts = pkgs: desktopSystemConfiguration (lib.systemFonts pkgs);
desktopUserHomeConfiguration = cfg: userHomeConfiguration desktopUsers cfg;
desktopUserHomePackages = pkgs: desktopUserHomeConfiguration { home.packages = pkgs; };
desktopHomeConfiguration = cfg: desktopSystemConfiguration (lib.homeConfiguration cfg);
desktopHomePackages = pkgs: desktopHomeConfiguration { home.packages = pkgs; };
serverSystemConfiguration = cfg: lib.optionalAttrs isServer cfg;
serverSystemPackages = pkgs: serverSystemConfiguration (lib.systemPackages pkgs);
serverHomeConfiguration = cfg: serverSystemConfiguration (lib.homeConfiguration cfg);
}

6
lib/default.nix
View file

@ -1,6 +0,0 @@
lib: users: let
configuration = import ./configuration.nix users;
merge = import ./merge.nix lib;
ssl = import ./ssl.nix;
values = import ./values.nix;
in configuration // merge // ssl // values

11
lib/enabled.nix Normal file
View file

@ -0,0 +1,11 @@
lib: {
enabled = lib.mkMerge [{
enable = true;
}] // {
__functor = self: attributes: self // {
contents = self.contents ++ [ attributes ];
};
};
disabled = { enable = false; };
}

18
lib/merge.nix
View file

@ -1,13 +1,7 @@
lib: let lib: {
mergeAll = builtins.foldl' (collected: module: { merge = lib.mkMerge [] // {
imports = collected.imports ++ [ module ]; __functor = self: next: self // {
}) { imports = []; }; contents = self.contents ++ [ next ];
in { };
merge = a: b: mergeAll [ a b ]; };
merge3 = a: b: c: mergeAll [ a b c ];
merge4 = a: b: c: d: mergeAll [ a b c d ];
merge5 = a: b: c: d: e: mergeAll [ a b c d e ];
merge6 = a: b: c: d: e: f: mergeAll [ a b c d e f ];
recursiveUpdateAll = builtins.foldl' lib.recursiveUpdate {};
} }

10
lib/modules.nix Normal file
View file

@ -0,0 +1,10 @@
lib: {
mkConst = value: lib.mkOption {
default = value;
readOnly = true;
};
mkValue = value: lib.mkOption {
default = value;
};
}

7
lib/ssl.nix
View file

@ -1,7 +0,0 @@
{
sslTemplate = domain: {
forceSSL = true;
quic = true;
useACMEHost = domain;
};
}

21
lib/values.nix
View file

@ -1,18 +1,19 @@
{ lib: {
enabled = attributes: attributes // {
enable = true;
};
normalUser = attributes: attributes // { normalUser = attributes: attributes // {
isNormalUser = true; isNormalUser = true;
}; };
sudoUser = attributes: attributes // {
isNormalUser = true;
extraGroups = [ "wheel" ] ++ attributes.extraGroups or [];
};
desktopUser = attributes: attributes // {
isNormalUser = true;
isDesktopUser = true; # Defined in options/desktop.nix.
};
systemUser = attributes: attributes // { systemUser = attributes: attributes // {
isSystemUser = true; isSystemUser = true;
}; };
graphicalUser = attributes: attributes // {
isNormalUser = true;
extraGroups = [ "graphical" ] ++ attributes.extraGroups or [];
};
} }

4
modules/autofreq.nix
View file

@ -1,5 +1,5 @@
{ ulib, ... }: with ulib; { lib, ... }: with lib;
desktopSystemConfiguration { desktopSystemConfiguration {
services.auto-cpufreq = enabled {}; services.auto-cpufreq = enabled;
} }

20
modules/bat.nix
View file

@ -1,17 +1,19 @@
{ ulib, pkgs, theme, ... }: with ulib; { config, lib, pkgs, ... }: with lib; merge
homeConfiguration { (systemConfiguration {
programs.nushell.environmentVariables = { environment.variables = {
MANPAGER = ''"bat --plain --language man"''; MANPAGER = "bat --plain --language man";
PAGER = ''"bat --plain"''; PAGER = "bat --plain";
}; };
programs.nushell.shellAliases.cat = "bat"; environment.shellAliases.cat = "bat";
})
(homeConfiguration {
programs.bat = enabled { programs.bat = enabled {
config.theme = "base16"; config.theme = "base16";
themes.base16.src = pkgs.writeText "base16.tmTheme" theme.tmTheme; themes.base16.src = pkgs.writeText "base16.tmTheme" config.theme.tmTheme;
config.pager = "less -FR"; config.pager = "less -FR";
}; };
} })

4
modules/blueman.nix
View file

@ -1,7 +1,7 @@
{ ulib, ... }: with ulib; { lib, ... }: with lib;
desktopSystemConfiguration { desktopSystemConfiguration {
services.blueman = enabled {}; services.blueman = enabled;
hardware.bluetooth = enabled { hardware.bluetooth = enabled {
powerOnBoot = true; powerOnBoot = true;

6
modules/btop.nix
View file

@ -1,11 +1,11 @@
{ ulib, theme, ... }: with ulib; { config, lib, ... }: with lib;
homeConfiguration { homeConfiguration {
xdg.configFile."btop/themes/base16.theme".text = theme.btopTheme; xdg.configFile."btop/themes/base16.theme".text = config.theme.btopTheme;
programs.btop = enabled { programs.btop = enabled {
settings.color_theme = "base16"; settings.color_theme = "base16";
settings.rounded_corners = theme.cornerRadius != 0; settings.rounded_corners = config.theme.cornerRadius > 0;
}; };
} }

10
modules/discord.nix
View file

@ -1,15 +1,15 @@
{ ulib, pkgs, theme, ... }: with ulib; merge3 { config, lib, pkgs, ... }: with lib; merge
(desktopSystemConfiguration { (desktopSystemConfiguration {
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
}) })
(desktopHomeConfiguration { (desktopUserHomeConfiguration {
xdg.configFile."Vencord/settings/quickCss.css".text = theme.discordCss; xdg.configFile."Vencord/settings/quickCss.css".text = config.theme.discordCss;
}) })
(desktopHomePackages (with pkgs; [ (desktopUserHomePackages (with pkgs; [
(discord-canary.override { (discord.override {
withOpenASAR = true; withOpenASAR = true;
withVencord = true; withVencord = true;
}) })

6
modules/documentation.nix
View file

@ -1,9 +1,9 @@
{ ulib, ... }: with ulib; { lib, ... }: with lib;
systemConfiguration { systemConfiguration {
documentation = { documentation = {
doc.enable = false; doc = disabled;
info.enable = false; info = disabled;
man = enabled { man = enabled {
generateCaches = true; generateCaches = true;

6
modules/dunst.nix
View file

@ -1,7 +1,7 @@
{ ulib, theme, ... }: with ulib; { config, lib, ... }: with lib;
desktopHomeConfiguration { desktopUserHomeConfiguration {
services.dunst = with theme.withHashtag; enabled { services.dunst = with config.theme.withHashtag; enabled {
iconTheme = icons; iconTheme = icons;
settings.global = { settings.global = {

18
modules/endlessh-go.nix
View file

@ -1,13 +1,16 @@
{ config, ulib, pkgs, ... }: with ulib; { lib, pkgs, ... }: with lib;
serverSystemConfiguration { let
fakeSSHPort = 22;
prometheusPort = 9050;
in serverSystemConfiguration {
services.prometheus.scrapeConfigs = [{ services.prometheus.scrapeConfigs = [{
job_name = "endlessh-go"; job_name = "endlessh-go";
static_configs = [{ static_configs = [{
labels.job = "endlessh-go"; labels.job = "endlessh-go";
targets = [ targets = [
"[::]:${toString config.services.endlessh-go.prometheus.port}" "[::1]:${toString prometheusPort}"
]; ];
}]; }];
}]; }];
@ -17,10 +20,11 @@ serverSystemConfiguration {
# services.endlessh-go.openFirewall exposes both the Prometheus # services.endlessh-go.openFirewall exposes both the Prometheus
# exporters port and the SSH port, and we don't want the metrics # exporters port and the SSH port, and we don't want the metrics
# to leak, so we manually expose this like so. # to leak, so we manually expose this like so.
networking.firewall.allowedTCPPorts = [ config.services.endlessh-go.port ]; networking.firewall.allowedTCPPorts = [ fakeSSHPort ];
services.endlessh-go = enabled { services.endlessh-go = enabled {
port = 22; listenAddress = "[::]";
port = fakeSSHPort;
extraOptions = [ extraOptions = [
"-alsologtostderr" "-alsologtostderr"
@ -29,8 +33,8 @@ serverSystemConfiguration {
]; ];
prometheus = enabled { prometheus = enabled {
listenAddress = "[::]"; listenAddress = "[::1]";
port = 9050; port = prometheusPort;
}; };
}; };
} }

10
modules/fail2ban.nix
View file

@ -1,10 +0,0 @@
{ ulib, ... }: with ulib;
serverSystemConfiguration {
services.fail2ban = enabled {
bantime = "24h";
bantime-increment = enabled {
maxtime = "7d";
};
};
}

6
modules/firefox.nix
View file

@ -1,8 +1,8 @@
{ ulib, theme, ... }: with ulib; { config, lib, ... }: with lib;
desktopHomeConfiguration { desktopUserHomeConfiguration {
programs.firefox = enabled { programs.firefox = enabled {
profiles.default.settings = with theme.font; { profiles.default.settings = with config.theme.font; {
"general.autoScroll" = true; "general.autoScroll" = true;
"privacy.donottrackheader.enabled" = true; "privacy.donottrackheader.enabled" = true;

24
modules/fonts.nix
View file

@ -1,6 +1,6 @@
{ ulib, pkgs, theme, ... }: with ulib; merge { config, lib, pkgs, ... }: with lib; merge
(systemConfiguration { (desktopSystemConfiguration {
console = { console = {
earlySetup = true; earlySetup = true;
font = "Lat2-Terminus16"; font = "Lat2-Terminus16";
@ -8,12 +8,16 @@
}; };
}) })
(desktopSystemFonts (with pkgs; [ (desktopSystemFonts [
theme.font.sans.package config.theme.font.sans.package
theme.font.mono.package config.theme.font.mono.package
noto-fonts pkgs.noto-fonts
noto-fonts-cjk-sans pkgs.noto-fonts-cjk-sans
noto-fonts-lgc-plus pkgs.noto-fonts-lgc-plus
noto-fonts-emoji pkgs.noto-fonts-emoji
])) ])
(serverSystemConfiguration {
fonts.fontconfig = disabled;
})

20
modules/fuzzel.nix
View file

@ -1,7 +1,7 @@
{ ulib, theme, ... }: with ulib; { config, lib, ... }: with lib;
desktopHomeConfiguration { desktopUserHomeConfiguration {
programs.fuzzel = with theme; enabled { programs.fuzzel = with config.theme; enabled {
settings.main = { settings.main = {
dpi-aware = false; dpi-aware = false;
font = "${font.sans.name}:size=${toString font.size.big}"; font = "${font.sans.name}:size=${toString font.size.big}";
@ -19,13 +19,13 @@ desktopHomeConfiguration {
inner-pad = padding; inner-pad = padding;
}; };
settings.colors = { settings.colors = mapAttrs (_: color: color + "FF") {
background = base00 + "FF"; background = base00;
text = base05 + "FF"; text = base05;
match = base0A + "FF"; match = base0A;
selection = base05 + "FF"; selection = base05;
selection-text = base00 + "FF"; selection-text = base00;
border = base0A + "FF"; border = base0A;
}; };
settings.border = { settings.border = {

23
modules/ghostty.nix
View file

@ -1,18 +1,14 @@
{ inputs, lib, ulib, pkgs, upkgs, theme, ... }: with ulib; merge { config, lib, pkgs, ... }: with lib;
(desktopSystemConfiguration { desktopUserHomeConfiguration {
home-manager.sharedModules = [ inputs.ghosttyModule.homeModules.default ];
})
(desktopHomeConfiguration {
programs.nushell.environmentVariables.TERMINAL = "ghostty"; programs.nushell.environmentVariables.TERMINAL = "ghostty";
programs.ghostty = enabled { programs.ghostty = enabled {
package = upkgs.ghostty; package = pkgs.ghostty;
clearDefaultKeybindings = true; clearDefaultKeybindings = true;
keybindings = (lib.mapAttrs' (name: lib.nameValuePair "ctrl+shift+${name}") { keybindings = (mapAttrs' (name: nameValuePair "ctrl+shift+${name}") {
c = "copy_to_clipboard"; c = "copy_to_clipboard";
v = "paste_from_clipboard"; v = "paste_from_clipboard";
@ -50,14 +46,15 @@
"physical:eight" = "goto_tab:8"; "physical:eight" = "goto_tab:8";
"physical:nine" = "goto_tab:9"; "physical:nine" = "goto_tab:9";
"physical:zero" = "goto_tab:10"; "physical:zero" = "goto_tab:10";
}) // (lib.mapAttrs' (name: lib.nameValuePair "ctrl+${name}") { }) // (mapAttrs' (name: nameValuePair "ctrl+${name}") {
"physical:tab" = "next_tab"; "physical:tab" = "next_tab";
"shift+physical:tab" = "previous_tab"; "shift+physical:tab" = "previous_tab";
}); });
shellIntegration.enable = false; # Disabled here as Nushell isn't supported and Nushell enables it in its own config.
shellIntegration = disabled;
settings = with theme; { settings = with config.theme; {
font-size = font.size.normal; font-size = font.size.normal;
font-family = font.mono.name; font-family = font.mono.name;
@ -73,4 +70,4 @@
]; ];
}; };
}; };
}) }

22
modules/git.nix
View file

@ -1,7 +1,7 @@
{ lib, ulib, pkgs, ... }: with ulib; merge3 { lib, pkgs, ... }: with lib; merge
(homeConfiguration { (systemConfiguration {
programs.nushell.shellAliases = { environment.shellAliases = {
g = "git"; g = "git";
ga = "git add"; ga = "git add";
@ -62,8 +62,10 @@
gst = "git status"; gst = "git status";
}; };
})
programs.nushell.configFile.text = lib.mkAfter '' (homeConfiguration {
programs.nushell.configFile.text = mkAfter ''
# Sets the remote origin to the specified user and repository on my git instance # Sets the remote origin to the specified user and repository on my git instance
def gsr [user_and_repo: string] { def gsr [user_and_repo: string] {
let user_and_repo = if ($user_and_repo | str index-of "/") != -1 { let user_and_repo = if ($user_and_repo | str index-of "/") != -1 {
@ -82,13 +84,13 @@
userName = "RGBCube"; userName = "RGBCube";
userEmail = "git@rgbcu.be"; userEmail = "git@rgbcu.be";
lfs = enabled {}; lfs = enabled;
difftastic = enabled { difftastic = enabled {
background = "dark"; background = "dark";
}; };
extraConfig = lib.recursiveUpdate { extraConfig = merge {
init.defaultBranch = "master"; init.defaultBranch = "master";
commit.verbose = true; commit.verbose = true;
@ -122,7 +124,7 @@
core.sshCommand = "ssh -i ~/.ssh/id"; core.sshCommand = "ssh -i ~/.ssh/id";
url."ssh://git@github.com/".insteadOf = "https://github.com/"; url."ssh://git@github.com/".insteadOf = "https://github.com/";
url."ssh://forgejo@rgbcu.be:2222/".insteadOf = "https://git.rgbcu.be/"; url."ssh://forgejo@rgbcu.be:2222/".insteadOf = "https://git.rgbcu.be/";
} (lib.optionalAttrs ulib.isDesktop { } (mkIf isDesktop {
commit.gpgSign = true; commit.gpgSign = true;
tag.gpgSign = true; tag.gpgSign = true;
gpg.format = "ssh"; gpg.format = "ssh";
@ -131,13 +133,15 @@
}; };
}) })
(desktopHomeConfiguration { (desktopSystemConfiguration {
programs.nushell.shellAliases = { environment.shellAliases = {
"??" = "gh copilot suggest --target shell"; "??" = "gh copilot suggest --target shell";
"gh?" = "gh copilot suggest --target gh"; "gh?" = "gh copilot suggest --target gh";
"git?" = "gh copilot suggest --target git"; "git?" = "gh copilot suggest --target git";
}; };
})
(desktopHomeConfiguration {
programs.gh = enabled { programs.gh = enabled {
settings.git_protocol = "ssh"; settings.git_protocol = "ssh";
}; };

15
modules/gtk.nix
View file

@ -1,21 +1,21 @@
{ ulib, pkgs, theme, ... }: with ulib; merge { config, lib, pkgs, ... }: with lib; merge
(desktopSystemConfiguration { (desktopSystemConfiguration {
programs.dconf = enabled {}; programs.dconf = enabled;
}) })
(desktopHomeConfiguration { (desktopUserHomeConfiguration {
gtk = enabled { gtk = enabled {
gtk3.extraCss = theme.adwaitaGtkCss; gtk3.extraCss = config.theme.adwaitaGtkCss;
gtk4.extraCss = theme.adwaitaGtkCss; gtk4.extraCss = config.theme.adwaitaGtkCss;
font = with theme.font; { font = with config.theme.font; {
inherit (sans) name package; inherit (sans) name package;
size = size.normal; size = size.normal;
}; };
iconTheme = theme.icons; iconTheme = config.theme.icons;
theme = { theme = {
name = "Adwaita-dark"; name = "Adwaita-dark";
@ -24,3 +24,4 @@
}; };
}) })

49
modules/helix.nix
View file

@ -1,24 +1,26 @@
{ ulib, lib, pkgs, upkgs, theme, ... }: with ulib; merge { config, lib, pkgs, ... }: with lib; merge
(systemConfiguration {
environment = {
variables.EDITOR = "hx";
shellAliases.x = "hx";
};
})
(homeConfiguration { (homeConfiguration {
programs.nushell = { programs.nushell.configFile.text = mkAfter ''
environmentVariables.EDITOR = "hx"; def --wrapped hx [...arguments] {
shellAliases.x = "hx"; if $env.TERM == "xterm-kitty" {
kitty @ set-spacing padding=0
configFile.text = lib.mkAfter ''
def --wrapped hx [...arguments] {
if $env.TERM == "xterm-kitty" {
kitty @ set-spacing padding=0
}
^hx ...$arguments
if $env.TERM == "xterm-kitty" {
kitty @ set-spacing padding=${toString theme.padding}
}
} }
'';
}; ^hx ...$arguments
if $env.TERM == "xterm-kitty" {
kitty @ set-spacing padding=${toString config.theme.padding}
}
}
'';
programs.helix = enabled { programs.helix = enabled {
languages.language = let languages.language = let
@ -96,11 +98,6 @@
formatter = denoFormatter "tsx"; formatter = denoFormatter "tsx";
language-servers = [ "deno" ]; language-servers = [ "deno" ];
} }
{ # TODO: Remove in the next Helix release.
name = "nu";
language-servers = [ "nu" ];
}
]; ];
languages.language-server = { languages.language-server = {
@ -145,7 +142,7 @@
cursorline = true; cursorline = true;
bufferline = "multiple"; bufferline = "multiple";
file-picker.hidden = false; file-picker.hidden = false;
idle-timeout = 50; idle-timeout = 0;
line-number = "relative"; line-number = "relative";
shell = [ "bash" "-c" ]; shell = [ "bash" "-c" ];
text-width = 100; text-width = 100;
@ -167,7 +164,7 @@
render.tab = "all"; render.tab = "all";
}; };
settings.keys = lib.genAttrs [ "normal" "select" ] (_: { settings.keys = genAttrs [ "normal" "select" ] (_: {
D = "extend_to_line_end"; D = "extend_to_line_end";
}); });
}; };
@ -213,5 +210,5 @@
yaml-language-server yaml-language-server
# ZIG # ZIG
upkgs.zls zls
])) ]))

339
modules/hyprland/default.nix
View file

@ -1,7 +1,7 @@
{ ulib, pkgs, upkgs, theme, ... }: with ulib; merge3 { config, lib, pkgs, ... }: with lib; merge
(desktopSystemConfiguration { (desktopSystemConfiguration {
hardware.opengl = enabled {}; hardware.opengl = enabled;
xdg.portal = enabled { xdg.portal = enabled {
config.common.default = "*"; config.common.default = "*";
@ -12,220 +12,205 @@
}; };
}) })
(desktopHomeConfiguration { (desktopUserHomeConfiguration {
wayland.windowManager.hyprland = with theme; enabled { wayland.windowManager.hyprland = enabled {
package = upkgs.hyprland; settings = {
monitor = [ ",preferred,auto,1" ];
windowrule = [ "noinitialfocus" ];
extraConfig = exec-once = [
'' "wl-paste --type text --watch cliphist store -max-items 1000"
monitor = , preferred, auto, 1 "wl-paste --type image --watch cliphist store -max-items 1000"
'' ];
+
''
windowrule = noinitialfocus
''
+
''
exec-once = wl-paste --type text --watch cliphist store -max-items 1000
exec-once = wl-paste --type image --watch cliphist store -max-items 1000
exec = pkill swaybg; swaybg --image ${./wallpaper.png} exec = [
"pkill swaybg; swaybg --image ${./wallpaper.png}"
"pkill --signal SIGUSR2 waybar"
];
exec = pkill --signal SIGUSR2 waybar bindl = [
'' (replaceStrings [ "\n;" "\n" ] [ ";" "" ] ''
+ ,XF86PowerOff,exec,
'' pkill fuzzel;
binde = SUPER, left , movefocus, l echo -en "Suspend\0icon\x1fsystem-suspend\nHibernate\0icon\x1fsystem-suspend-hibernate-alt2\nPower Off\0icon\x1fsystem-shutdown\nReboot\0icon\x1fsystem-reboot"
binde = SUPER, down , movefocus, d | fuzzel --dmenu
binde = SUPER, up , movefocus, u | tr --delete " "
binde = SUPER, right, movefocus, r | tr '[:upper:]' '[:lower:]'
| ifne xargs systemctl
'')
];
binde = SUPER, h, movefocus, l bindle = [
binde = SUPER, j, movefocus, d ",XF86AudioRaiseVolume , exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+ --limit 1.5"
binde = SUPER, k, movefocus, u ",XF86AudioLowerVolume , exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-"
binde = SUPER, l, movefocus, r
''
+
''
bind = SUPER , TAB, workspace, e+1
bind = SUPER+ALT, TAB, workspace, e-1
bind = SUPER, mouse_up, workspace, e+1 ",XF86AudioMute , exec, wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle"
bind = SUPER, mouse_down, workspace, e-1 ",XF86AudioMicMute , exec, wpctl set-mute @DEFAULT_AUDIO_SOURCE@ toggle"
bind = SUPER, 1, workspace, 1 ",XF86MonBrightnessUp , exec, brightnessctl set 5%+"
bind = SUPER, 2, workspace, 2 ",XF86MonBrightnessDown, exec, brightnessctl set --min-value=0 5%-"
bind = SUPER, 3, workspace, 3 ];
bind = SUPER, 4, workspace, 4
bind = SUPER, 5, workspace, 5
bind = SUPER+ALT, 1, movetoworkspacesilent, 1 bindm = [
bind = SUPER+ALT, 2, movetoworkspacesilent, 2 "SUPER, mouse:272, movewindow"
bind = SUPER+ALT, 3, movetoworkspacesilent, 3 "SUPER, mouse:274, movewindow"
bind = SUPER+ALT, 4, movetoworkspacesilent, 4 "SUPER, mouse:273, resizewindow"
bind = SUPER+ALT, 5, movetoworkspacesilent, 5 ];
bindm = SUPER, mouse:272, movewindow binde = [
bindm = SUPER, mouse:274, movewindow "SUPER, left , movefocus, l"
'' "SUPER, down , movefocus, d"
+ "SUPER, up , movefocus, u"
'' "SUPER, right, movefocus, r"
binde = SUPER+CTRL, left , resizeactive, -100 0
binde = SUPER+CTRL, down , resizeactive, 0 100
binde = SUPER+CTRL, up , resizeactive, 0 -100
binde = SUPER+CTRL, right, resizeactive, 100 0
binde = SUPER+CTRL, h, resizeactive, -100 0 "SUPER, h, movefocus, l"
binde = SUPER+CTRL, j, resizeactive, 0 100 "SUPER, j, movefocus, d"
binde = SUPER+CTRL, k, resizeactive, 0 -100 "SUPER, k, movefocus, u"
binde = SUPER+CTRL, l, resizeactive, 100 0 "SUPER, l, movefocus, r"
bindm = SUPER, mouse:273, resizewindow "SUPER+CTRL, left , resizeactive, -100 0"
'' "SUPER+CTRL, down , resizeactive, 0 100"
+ "SUPER+CTRL, up , resizeactive, 0 -100"
'' "SUPER+CTRL, right, resizeactive, 100 0"
bind = SUPER+ALT, left , movewindow, l
bind = SUPER+ALT, down , movewindow, d
bind = SUPER+ALT, up , movewindow, u
bind = SUPER+ALT, right, movewindow, r
bind = SUPER+ALT, h, movewindow, l "SUPER+CTRL, h, resizeactive, -100 0"
bind = SUPER+ALT, j, movewindow, d "SUPER+CTRL, j, resizeactive, 0 100"
bind = SUPER+ALT, k, movewindow, u "SUPER+CTRL, k, resizeactive, 0 -100"
bind = SUPER+ALT, l, movewindow, r "SUPER+CTRL, l, resizeactive, 100 0"
'' ];
+
''
bind = SUPER , Q, killactive
bind = SUPER , F, fullscreen
bind = SUPER+ALT, F, togglefloating
bind = SUPER+ALT, RETURN, exec, kitty bind = [
bind = SUPER , RETURN, exec, ghostty --gtk-single-instance=true "SUPER , TAB, workspace, e+1"
bind = SUPER , W , exec, firefox "SUPER+ALT, TAB, workspace, e-1"
bind = SUPER , D , exec, discordcanary
bind = SUPER , E , exec, fractal
bind = SUPER , M , exec, thunderbird
bind = SUPER , T , exec, thunar
bind = SUPER , C , exec, hyprpicker --autocopy
bind = SUPER, B, exec, pkill --signal SIGUSR1 waybar "SUPER, mouse_up, workspace, e+1"
"SUPER, mouse_down, workspace, e-1"
bind = SUPER, SPACE, exec, pkill fuzzel; fuzzel "SUPER, 1, workspace, 1"
bind = SUPER, V , exec, pkill fuzzel; cliphist list | fuzzel --dmenu | cliphist decode | wl-copy "SUPER, 2, workspace, 2"
"SUPER, 3, workspace, 3"
"SUPER, 4, workspace, 4"
"SUPER, 5, workspace, 5"
bind = , PRINT, exec, pkill grim; grim -g "$(slurp -w 0)" - | swappy -f - -o - | wl-copy --type image/png "SUPER+ALT, 1, movetoworkspacesilent, 1"
bind = ALT, PRINT, exec, pkill grim; grim - | swappy -f - -o - | wl-copy --type image/png "SUPER+ALT, 2, movetoworkspacesilent, 2"
'' "SUPER+ALT, 3, movetoworkspacesilent, 3"
+ "SUPER+ALT, 4, movetoworkspacesilent, 4"
'' "SUPER+ALT, 5, movetoworkspacesilent, 5"
bindle = , XF86AudioRaiseVolume, exec, wpctl set-volume --limit 1.5 @DEFAULT_AUDIO_SINK@ 5%+
bindle = , XF86AudioLowerVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-
bindle = , XF86AudioMute , exec, wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle "SUPER+ALT, left , movewindow, l"
bindle = , XF86AudioMicMute, exec, wpctl set-mute @DEFAULT_AUDIO_SOURCE@ toggle "SUPER+ALT, down , movewindow, d"
"SUPER+ALT, up , movewindow, u"
"SUPER+ALT, right, movewindow, r"
bindle = , XF86MonBrightnessUp , exec, brightnessctl set 5%+ "SUPER+ALT, h, movewindow, l"
bindle = , XF86MonBrightnessDown, exec, brightnessctl set --min-value=0 5%- "SUPER+ALT, j, movewindow, d"
"SUPER+ALT, k, movewindow, u"
"SUPER+ALT, l, movewindow, r"
bindl = , XF86PowerOff, exec, pkill fuzzel; echo -en "Suspend\0icon\x1fsystem-suspend\nHibernate\0icon\x1fsystem-suspend-hibernate-alt2\nPower Off\0icon\x1fsystem-shutdown\nReboot\0icon\x1fsystem-reboot" | fuzzel --dmenu | tr --delete " " | tr "[:upper:]" "[:lower:]" | ifne xargs systemctl "SUPER , Q, killactive"
'' "SUPER , F, fullscreen"
+ "SUPER+ALT, F, togglefloating"
''
animations {
bezier = material_decelerate, 0.05, 0.7, 0.1, 1
animation = windows, 1, 2 , material_decelerate, popin 80% "SUPER+ALT, RETURN, exec, kitty"
animation = border , 1, 10, default "SUPER , RETURN, exec, ghostty --gtk-single-instance=true"
animation = fade , 1, 2 , default "SUPER , W , exec, firefox"
animation = workspaces,1, 3 , material_decelerate "SUPER , D , exec, discord"
} "SUPER , E , exec, fractal"
'' "SUPER , M , exec, thunderbird"
+ "SUPER , T , exec, thunar"
'' "SUPER , C , exec, hyprpicker --autocopy"
decoration {
drop_shadow = false
rounding = ${toString cornerRadius}
blur { "SUPER, B, exec, pkill --signal SIGUSR1 waybar"
enabled = false "SUPER, SPACE, exec, pkill fuzzel; fuzzel"
} "SUPER, V , exec, pkill fuzzel; cliphist list | fuzzel --dmenu | cliphist decode | wl-copy"
}
''
+
''
general {
gaps_in = ${toString (margin/ 2)}
gaps_out = ${toString margin}
border_size = ${toString borderWidth}
col.active_border = 0xFF${base0A} " , PRINT, exec, pkill grim; grim -g \"$(slurp -w 0)\" - | swappy -f - -o - | wl-copy --type image/png"
col.nogroup_border_active = 0xFF${base0A} "ALT, PRINT, exec, pkill grim; grim - | swappy -f - -o - | wl-copy --type image/png"
];
col.inactive_border = 0xFF${base01} general = with config.theme; {
col.nogroup_border = 0xFF${base01} gaps_in = margin / 2;
gaps_out = margin;
border_size = borderWidth;
cursor_inactive_timeout = 10 "col.active_border" = "0xFF${base0A}";
no_cursor_warps = true "col.nogroup_border_active" = "0xFF${base0A}";
resize_on_border = true "col.inactive_border" = "0xFF${base01}";
} "col.nogroup_border" = "0xFF${base01}";
''
+
''
gestures {
workspace_swipe = true
}
''
+
''
input {
follow_mouse = 1
kb_layout = tr cursor_inactive_timeout = 10;
no_cursor_warps = true;
repeat_delay = 400 resize_on_border = true;
repeat_rate = 100 };
touchpad { decoration = {
clickfinger_behavior = true drop_shadow = false;
drag_lock = true rounding = config.theme.cornerRadius;
natural_scroll = true blur.enabled = false;
scroll_factor = 0.7 };
}
}
''
+
''
dwindle {
preserve_split = true
smart_resizing = false
}
''
+
''
misc {
animate_manual_resizes = true
disable_hyprland_logo = true input = {
disable_splash_rendering = true follow_mouse = 1;
key_press_enables_dpms = true kb_layout = "tr";
mouse_move_enables_dpms = true
} repeat_delay = 400;
''; repeat_rate = 100;
touchpad = {
clickfinger_behavior = true;
drag_lock = true;
natural_scroll = true;
scroll_factor = 0.7;
};
};
gestures.workspace_swipe = true;
animations = {
bezier = [ "material_decelerate,0.05,0.7,0.1,1" ];
animation = [
"border , 1, 10, material_decelerate"
"fade , 1, 2 , material_decelerate"
"layers , 1, 2 , material_decelerate"
"windows , 1, 2 , material_decelerate, popin 80%"
"workspaces, 1, 3 , material_decelerate"
];
};
misc = {
animate_manual_resizes = true;
disable_hyprland_logo = true;
disable_splash_rendering = true;
hide_cursor_on_key_press = true;
key_press_enables_dpms = true;
mouse_move_enables_dpms = true;
};
dwindle = {
preserve_split = true;
smart_resizing = false;
};
};
}; };
}) })
(desktopHomePackages (with pkgs; [ (desktopUserHomePackages (with pkgs; [
brightnessctl brightnessctl
cliphist cliphist
grim grim
hyprpicker
slurp slurp
swappy swappy
swaybg swaybg
upkgs.hyprpicker
wl-clipboard wl-clipboard
xdg-utils xdg-utils
xwaylandvideobridge xwaylandvideobridge

2
modules/kernel.nix
View file

@ -1,4 +1,4 @@
{ ulib, pkgs, ... }: with ulib; { lib, pkgs, ... }: with lib;
systemConfiguration { systemConfiguration {
boot.kernelPackages = pkgs.linuxPackages_latest; boot.kernelPackages = pkgs.linuxPackages_latest;

6
modules/keyring.nix
View file

@ -1,9 +1,9 @@
{ ulib, ... }: with ulib; { lib, ... }: with lib;
desktopSystemConfiguration { desktopSystemConfiguration {
programs.seahorse = enabled {}; programs.seahorse = enabled;
security.pam.services.login.enableGnomeKeyring = true; security.pam.services.login.enableGnomeKeyring = true;
services.gnome.gnome-keyring = enabled {}; services.gnome.gnome-keyring = enabled;
} }

6
modules/kitty.nix
View file

@ -1,7 +1,7 @@
{ ulib, theme, ... }: with ulib; { config, lib, ... }: with lib;
desktopHomeConfiguration { desktopUserHomeConfiguration {
programs.kitty = with theme.withHashtag; enabled { programs.kitty = with config.theme.withHashtag; enabled {
font = with font; { font = with font; {
inherit (mono) name package; inherit (mono) name package;

7
modules/kresd.nix Normal file
View file

@ -0,0 +1,7 @@
{ lib, ... }: with lib;
systemConfiguration {
services.kresd = enabled;
networking.nameservers = [ "::1" "127.0.0.1" ];
}

26
modules/localisation.nix
View file

@ -1,4 +1,4 @@
{ ulib, ... }: with ulib; merge { lib, ... }: with lib; merge
(systemConfiguration { (systemConfiguration {
console.keyMap = "trq"; console.keyMap = "trq";
@ -7,17 +7,15 @@
}) })
(desktopSystemConfiguration { (desktopSystemConfiguration {
i18n.extraLocaleSettings = let i18n.extraLocaleSettings = genAttrs [
locale = "tr_TR.UTF-8"; "LC_ADDRESS"
in { "LC_IDENTIFICATION"
LC_ADDRESS = locale; "LC_MEASUREMENT"
LC_IDENTIFICATION = locale; "LC_MONETARY"
LC_MEASUREMENT = locale; "LC_NAME"
LC_MONETARY = locale; "LC_NUMERIC"
LC_NAME = locale; "LC_PAPER"
LC_NUMERIC = locale; "LC_TELEPHONE"
LC_PAPER = locale; "LC_TIME"
LC_TELEPHONE = locale; ] (_: "tr_TR.UTF-8");
LC_TIME = locale;
};
}) })

2
modules/logind.nix
View file

@ -1,4 +1,4 @@
{ ulib, ... }: with ulib; { lib, ... }: with lib;
desktopSystemConfiguration { desktopSystemConfiguration {
services.logind.powerKey = "ignore"; services.logind.powerKey = "ignore";

4
modules/nano.nix
View file

@ -1,7 +1,7 @@
{ ulib, ... }: with ulib; { lib, ... }: with lib;
systemConfiguration { systemConfiguration {
environment.defaultPackages = []; environment.defaultPackages = [];
programs.nano.enable = false; # Garbage. programs.nano = disabled; # Garbage.
} }

9
modules/network-manager.nix Normal file
View file

@ -0,0 +1,9 @@
{ lib, ... }: with lib;
systemConfiguration {
networking.networkmanager = enabled;
users.extraGroups.networkmanager.members = allNormalUsers;
environment.shellAliases.wifi = "nmcli dev wifi show-password";
}

11
modules/networkmanager.nix
View file

@ -1,11 +0,0 @@
{ ulib, ... }: with ulib; merge
(systemConfiguration {
networking.networkmanager = enabled {};
users.extraGroups.networkmanager.members = ulib.users.all;
})
(homeConfiguration {
programs.nushell.shellAliases.wifi = "nmcli dev wifi show-password";
})

68
modules/nix.nix
View file

@ -1,19 +1,7 @@
{ inputs, lib, ulib, upkgs, ... }: with ulib; merge { inputs, lib, pkgs, ... }: with lib; merge
(homeConfiguration {
programs.nushell = {
shellAliases.ns = "nix shell";
configFile.text = lib.mkAfter ''
def --wrapped nr [program: string = "", ...arguments] {
nix run $program -- ...$arguments
}
'';
};
})
(systemConfiguration { (systemConfiguration {
environment.etc."flakes".text = builtins.toJSON inputs; environment.etc."flakes.json".text = strings.toJSON inputs;
nix = { nix = {
gc = { gc = {
@ -27,11 +15,9 @@
optimise.automatic = true; optimise.automatic = true;
package = upkgs.nixSuper;
registry = { registry = {
default.flake = inputs.nixpkgs; default.flake = inputs.nixpkgs;
} // builtins.mapAttrs (_: value: lib.mkIf (lib.isType "flake" value) { } // mapAttrs (_: value: mkIf (isType "flake" value) {
flake = value; flake = value;
}) inputs; }) inputs;
@ -39,25 +25,51 @@
"auto-allocate-uids" "auto-allocate-uids"
"ca-derivations" "ca-derivations"
"cgroups" "cgroups"
"configurable-impure-env"
"flakes" "flakes"
"git-hashing"
"nix-command" "nix-command"
"recursive-nix" "recursive-nix"
"repl-flake" "repl-flake"
"verified-fetches"
]; ];
settings = { settings = {
accept-flake-config = true; accept-flake-config = true;
builders-use-substitutes = true; builders-use-substitutes = true;
flake-registry = ""; # I DON'T WANT THE GLOBAL REGISTRY!!! flake-registry = ""; # I DON'T WANT THE GLOBAL REGISTRY!!!
http-connections = 50; http-connections = 50;
trusted-users = [ "root" "@wheel" ]; show-trace = true;
use-cgroups = true; trusted-users = [ "root" "@wheel" ];
warn-dirty = false; use-cgroups = true;
warn-dirty = false;
}; };
}; };
programs.nix-ld = enabled {}; programs.nix-ld = enabled;
})
(systemPackages (with pkgs; [
nh
nix-index
nix-output-monitor
]))
(homeConfiguration {
programs.nushell.configFile.text = mkAfter ''
def --wrapped nr [program: string = "", ...arguments] {
if ($program | str contains "#") or ($program | str contains ":") {
nix run $program -- ...$arguments
} else {
nix run ("default#" + $program) -- ...$arguments
}
}
def --wrapped ns [...programs] {
nix shell ...($programs | each {
if ($in | str contains "#") or ($in | str contains ":") {
$in
} else {
"default#" + $in
}
})
}
'';
}) })

BIN
modules/nushell/boom.opus
View file

Binary file not shown.

16
modules/nushell/configuration.nix.nu
View file

@ -1,4 +1,4 @@
{ lib, ulib, ... }: '' { lib, ... }: ''
$env.config = { $env.config = {
bracketed_paste: true bracketed_paste: true
buffer_editor: "" buffer_editor: ""
@ -155,19 +155,7 @@ $env.config.cursor_shape = {
} }
$env.config.hooks = { $env.config.hooks = {
command_not_found: {|| command_not_found: {||}
${lib.optionalString ulib.isDesktop ''
task status
| where label == boom
| get id
| each {|id|
task kill $id | null
task remove $id | null
}
task spawn --label boom { pw-play ${./boom.opus} }
''}
}
display_output: "table --expand" display_output: "table --expand"
env_change: {} env_change: {}
pre_execution: [ pre_execution: [

48
modules/nushell/default.nix
View file

@ -1,7 +1,22 @@
{ config, ulib, pkgs, ... } @ inputs: with ulib; merge3 { config, lib, pkgs, ... } @ inputs: with lib; merge
(systemConfiguration { (systemConfiguration {
users.defaultUserShell = pkgs.nushell; users.defaultUserShell = pkgs.nushellFull;
environment.shellAliases = {
la = "ls --all";
lla = "ls --long --all";
sl = "ls";
cp = "cp --recursive --verbose --progress";
mk = "mkdir";
mv = "mv --verbose";
rm = "rm --recursive --verbose";
less = "less -FR";
pstree = "pstree -g 2";
tree = "tree -CF --dirsfirst";
};
}) })
(homeConfiguration { (homeConfiguration {
@ -10,9 +25,9 @@
command_timeout = 100; command_timeout = 100;
scan_timeout = 20; scan_timeout = 20;
cmd_duration.show_notifications = ulib.isDesktop; cmd_duration.show_notifications = isDesktop;
package.disabled = ulib.isServer; package.disabled = isServer;
character.error_symbol = ""; character.error_symbol = "";
character.success_symbol = ""; character.success_symbol = "";
@ -20,29 +35,16 @@
}; };
programs.nushell = enabled { programs.nushell = enabled {
package = pkgs.nushellFull;
configFile.text = import ./configuration.nix.nu inputs; configFile.text = import ./configuration.nix.nu inputs;
envFile.text = import ./environment.nix.nu inputs; envFile.source = ./environment.nu;
environmentVariables = { environmentVariables = mapAttrs (_: value: ''"${value}"'') config.environment.variables;
inherit (config.environment.variables) NIX_LD;
};
shellAliases = { shellAliases = (attrsets.removeAttrs config.environment.shellAliases [ "ls" "l" ]) // {
cdtmp = "cd (mktemp --directory)"; cdtmp = "cd (mktemp --directory)";
ll = "ls --long";
la = "ls --all";
ll = "ls --long";
lla = "ls --long --all";
sl = "ls";
cp = "cp --recursive --verbose --progress";
mk = "mkdir";
mv = "mv --verbose";
rm = "rm --recursive --verbose";
less = "less -FR";
pstree = "pstree -g 2";
tree = "tree -CF --dirsfirst";
}; };
}; };
}) })

4
modules/nushell/environment.nix.nu → modules/nushell/environment.nu
View file

@ -1,5 +1,3 @@
{ upkgs, ... }: ''
$env.ENV_CONVERSIONS.PATH = { $env.ENV_CONVERSIONS.PATH = {
from_string: {|string| from_string: {|string|
$string | split row (char esep) | path expand --no-symlink $string | split row (char esep) | path expand --no-symlink
@ -20,6 +18,4 @@ def --env mcg [path: path] {
git init git init
} }
use ${upkgs.nuScripts}/modules/background_task/task.nu
zoxide init nushell --cmd cd | save --force ~/.config/nushell/zoxide.nu zoxide init nushell --cmd cd | save --force ~/.config/nushell/zoxide.nu
''

27
modules/openssh/default.nix
View file

@ -1,27 +0,0 @@
{ ulib, ... }: with ulib;
serverSystemConfiguration {
programs.mosh = enabled {
openFirewall = true;
};
services.openssh = enabled {
banner = ''
_______________________________________
/ If God doesn't destroy San Francisco, \
| He should apologize to Sodom and |
\ Gomorrah. /
---------------------------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
'';
ports = [ 2222 ];
settings = {
KbdInteractiveAuthentication = false;
PasswordAuthentication = false;
};
};
}

21
modules/openssh/motd.hist
View file

@ -1,21 +0,0 @@
_________________________________________
/ You will pay for your sins. If you have \
| already paid, please disregard this |
\ message. /
-----------------------------------------
\ / \ //\
\ |\___/| / \// \\
/0 0 \__ / // | \ \
/ / \/_/ // | \ \
@_^_@'/ \/_ // | \ \
//_^_/ \/_ // | \ \
( //) | \/// | \ \
( / /) _|_ / ) // | \ _\
( // /) '/,_ _ _/ ( ; -. | _ _\.-~ .-~~~^-.
(( / / )) ,-{ _ `-.|.-~-. .~ `.
(( // / )) '/\ / ~-. _ .-~ .-~^-. \
(( /// )) `. { } / \ \
(( / )) .----~-.\ \-' .~ \ `. \^-.
///.----..> \ _ -~ `. ^-` ^-_
///-._ _ _ _ _ _ _}^ - - - - ~ ~-- ,.-~
/.-~

5
modules/openttd.nix
View file

@ -1,5 +0,0 @@
{ ulib, pkgs, ... }: with ulib;
desktopHomePackages (with pkgs; [
openttd
])

11
modules/packages.nix
View file

@ -1,4 +1,4 @@
{ ulib, pkgs, upkgs, ... }: with ulib; merge3 { lib, pkgs, ... }: with lib; merge
(systemPackages (with pkgs; [ (systemPackages (with pkgs; [
asciinema asciinema
@ -10,8 +10,6 @@
(fortune.override { withOffensive = true; }) (fortune.override { withOffensive = true; })
hyperfine hyperfine
moreutils moreutils
nix-index
nix-output-monitor
openssl openssl
p7zip p7zip
pstree pstree
@ -26,7 +24,7 @@
])) ]))
(desktopSystemPackages (with pkgs; [ (desktopSystemPackages (with pkgs; [
upkgs.ageNix agenix
clang_16 clang_16
clang-tools_16 clang-tools_16
@ -36,18 +34,17 @@
jdk jdk
lld lld
maven maven
upkgs.zig
vlang vlang
zig
wine wine
])) ]))
(desktopHomePackages (with pkgs; [ (desktopUserHomePackages (with pkgs; [
element-desktop element-desktop
fractal fractal
qbittorrent qbittorrent
thunderbird thunderbird
upkgs.rat
whatsapp-for-linux whatsapp-for-linux
krita krita

8
modules/pipewire.nix
View file

@ -1,11 +1,11 @@
{ ulib, ... }: with ulib; { lib, ... }: with lib;
desktopSystemConfiguration { desktopSystemConfiguration {
security.rtkit = enabled {}; security.rtkit = enabled;
sound = enabled {}; sound = enabled;
services.pipewire = enabled { services.pipewire = enabled {
alsa = enabled { support32Bit = true; }; alsa = enabled { support32Bit = true; };
pulse = enabled {}; pulse = enabled;
}; };
} }

39
modules/pueue.nix
View file

@ -1,39 +0,0 @@
{ ulib, ... }: with ulib;
homeConfiguration {
services.pueue = enabled {
settings = {
shared = {
pueue_directory = "~/.local/share/pueue";
use_unix_socket = true;
runtime_directory = null;
unix_socket_path = "~/.local/share/pueue/pueue_your_user.socket";
host = "localhost";
port = 6924;
daemon_cert = "~/.local/share/pueue/certs/daemon.cert";
daemon_key = "~/.local/share/pueue/certs/daemon.key";
shared_secret_path = "~/.local/share/pueue/shared_secret";
};
client = {
restart_in_place = false;
read_local_logs = true;
show_confirmation_questions = false;
show_expanded_aliases = false;
dark_mode = false;
max_status_height = null;
status_time_format = "%H:%M:%S";
status_datetime_format = "%Y-%m-%d\n%H:%M:%S";
};
daemon = {
default_parallel_tasks = 10;
pause_group_on_failure = false;
pause_all_on_failure = false;
callback = "\"Task {{ id }}\nCommand: {{ command }}\nPath: {{ path }}\nFinished with status '{{ result }}'\"";
callback_log_lines = 10;
groups.default = 1;
};
};
};
}

14
modules/python.nix
View file

@ -1,4 +1,10 @@
{ ulib, pkgs, ... }: with ulib; merge { lib, pkgs, ... }: with lib; merge
(systemConfiguration {
environment.shellAliases = {
venv = "virtualenv venv";
};
})
(systemPackages (with pkgs; [ (systemPackages (with pkgs; [
(python311.withPackages (pkgs: with pkgs; [ (python311.withPackages (pkgs: with pkgs; [
@ -8,9 +14,3 @@
virtualenv virtualenv
poetry poetry
])) ]))
(homeConfiguration {
programs.nushell.shellAliases = {
venv = "virtualenv venv";
};
})

9
modules/qt.nix
View file

@ -1,9 +0,0 @@
{ ulib, pkgs, ... }: with ulib;
desktopHomeConfiguration {
qt = enabled {
platformTheme = "gnome";
style.name = "adwaita-dark";
style.package = pkgs.adwaita-qt;
};
}

12
modules/ripgrep.nix
View file

@ -1,10 +1,12 @@
{ ulib, ... }: with ulib; { lib, ... }: with lib; merge
homeConfiguration { (systemConfiguration {
programs.nushell.shellAliases = { environment.shellAliases = {
rg = "rg --line-number --smart-case"; rg = "rg --line-number --smart-case";
todo = ''rg "todo|fixme" --colors match:fg:yellow --colors match:style:bold''; todo = ''rg "todo|fixme" --colors match:fg:yellow --colors match:style:bold'';
}; };
})
programs.ripgrep = enabled {}; (homeConfiguration {
} programs.ripgrep = enabled;
})

11
modules/rust.nix
View file

@ -1,8 +1,4 @@
{ inputs, ulib, pkgs, ... }: with ulib; merge3 { lib, pkgs, ... }: with lib; merge
(desktopSystemConfiguration {
nixpkgs.overlays = [ inputs.fenix.overlays.default ];
})
(desktopSystemPackages (with pkgs; [ (desktopSystemPackages (with pkgs; [
cargo-expand cargo-expand
@ -16,6 +12,7 @@
]) ])
])) ]))
(desktopHomeConfiguration { (desktopSystemConfiguration {
programs.nushell.environmentVariables.CARGO_NET_GIT_FETCH_WITH_CLI = ''"true"''; environment.variables.CARGO_NET_GIT_FETCH_WITH_CLI = "true";
}) })

58
modules/ssh.nix
View file

@ -1,4 +1,4 @@
{ ulib, pkgs, ... }: with ulib; merge { lib, pkgs, ... }: with lib; merge
(desktopSystemPackages (with pkgs; [ (desktopSystemPackages (with pkgs; [
mosh mosh
@ -11,23 +11,49 @@
serverAliveCountMax = 2; serverAliveCountMax = 2;
serverAliveInterval = 60; serverAliveInterval = 60;
matchBlocks."*".setEnv = { matchBlocks = {
COLORTERM = "truecolor"; "*" = {
TERM = "xterm-256color"; setEnv.COLORTERM = "truecolor";
}; setEnv.TERM = "xterm-256color";
matchBlocks.cube = { identityFile = "~/.ssh/id";
hostname = "5.255.78.70"; };
user = "rgb";
port = 2222;
identityFile = "~/.ssh/id";
};
matchBlocks.robotic = { cube = {
hostname = "86.105.252.189"; hostname = "5.255.78.70";
user = "rgbcube"; user = "rgb";
port = 2299; port = 2222;
identityFile = "~/.ssh/id"; };
disk = {
hostname = "23.164.232.40";
user = "floppy";
port = 2222;
};
robotic = {
hostname = "86.105.252.189";
user = "rgbcube";
port = 2299;
};
};
};
})
(let
port = 2222;
in serverSystemConfiguration {
programs.mosh = enabled {
openFirewall = true;
};
services.openssh = enabled {
ports = [ port ];
settings = {
KbdInteractiveAuthentication = false;
PasswordAuthentication = false;
AcceptEnv = "COLORTERM";
}; };
}; };
}) })

4
modules/steam.nix
View file

@ -1,4 +1,4 @@
{ ulib, pkgs, ... }: with ulib; merge { lib, pkgs, ... }: with lib; merge
(desktopSystemConfiguration { (desktopSystemConfiguration {
# Steam uses 32-bit drivers for some unholy fucking reason. # Steam uses 32-bit drivers for some unholy fucking reason.
@ -7,6 +7,6 @@
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
}) })
(desktopHomePackages (with pkgs; [ (desktopUserHomePackages (with pkgs; [
steam steam
])) ]))

6
modules/sudo.nix
View file

@ -1,4 +1,4 @@
{ lib, ulib, ... }: with ulib; merge { lib, ... }: with lib; merge
(desktopSystemConfiguration { (desktopSystemConfiguration {
security.sudo.wheelNeedsPassword = false; security.sudo.wheelNeedsPassword = false;
@ -6,15 +6,15 @@
(systemConfiguration { (systemConfiguration {
security.sudo = enabled { security.sudo = enabled {
execWheelOnly = true;
extraConfig = '' extraConfig = ''
Defaults lecture = never Defaults lecture = never
Defaults pwfeedback Defaults pwfeedback
Defaults env_keep += "DISPLAY EDITOR PATH" Defaults env_keep += "DISPLAY EDITOR PATH"
${lib.optionalString ulib.isServer '' ${optionalString isServer ''
Defaults timestamp_timeout = 0 Defaults timestamp_timeout = 0
''} ''}
''; '';
execWheelOnly = true;
extraRules = [{ extraRules = [{
groups = [ "wheel" ]; groups = [ "wheel" ];

2
modules/thunar.nix
View file

@ -1,4 +1,4 @@
{ ulib, pkgs, ... }: with ulib; merge { lib, pkgs, ... }: with lib; merge
(desktopSystemConfiguration { (desktopSystemConfiguration {
programs.thunar = enabled { programs.thunar = enabled {

2
modules/tmp.nix
View file

@ -1,4 +1,4 @@
{ ulib, ... }: with ulib; { lib, ... }: with lib;
systemConfiguration { systemConfiguration {
boot.tmp.cleanOnBoot = true; boot.tmp.cleanOnBoot = true;

2
modules/users.nix
View file

@ -1,4 +1,4 @@
{ ulib, ... }: with ulib; { lib, ... }: with lib;
systemConfiguration { systemConfiguration {
users.mutableUsers = false; users.mutableUsers = false;

14
modules/w3m.nix
View file

@ -1,12 +1,12 @@
{ ulib, pkgs, ... }: with ulib; merge { lib, pkgs, ... }: with lib; merge
(systemPackages (with pkgs; [ (systemConfiguration {
w3m environment.shellAliases = {
]))
(homeConfiguration {
programs.nushell.shellAliases = {
ddg = "w3m lite.duckduckgo.com"; ddg = "w3m lite.duckduckgo.com";
web = "w3m"; web = "w3m";
}; };
}) })
(systemPackages (with pkgs; [
w3m
]))

Some files were not shown because too many files have changed in this diff Show more