RGBCube/ncc
1
Fork 0
mirror of https://github.com/RGBCube/ncc synced 2025-07-28 02:27:44 +00:00
Code Issues Activity

Refactor the whole codebase. Most notable changes:

Browse source 
- No more fail2ban. It didn't work properly
  anyways, I'll need to look into this in the future
- No nix-super. I don't need it and the overlay is
  broken so I'm waiting for that to be fixed first.
- Uses nh instead of nixos-rebuild. This is much
  better.
This commit is contained in:
RGBCube 2024-03-27 12:36:50 +03:00
parent f145bdaa4a
commit 62c575774b
No known key found for this signature in database
106 changed files with 1252 additions and 1367 deletions
Download patch file Download diff file Expand all files Collapse all files

17
.gitignore vendored
View file

@ -1,37 +1,34 @@
*
!derivations/
!docs/
!hosts/
!hosts/enka/
!hosts/cube/
!hosts/cube/acme/
!hosts/cube/forgejo/
!hosts/cube/grafana/
!hosts/cube/mail/
!hosts/cube/matrix-synapse/
!hosts/cube/matrix/
!hosts/cube/nextcloud/
!hosts/disk/
!hosts/enka/
!modules/
!modules/hyprland/
!modules/nushell/
!modules/openssh/
!lib/
!options/
!.gitignore
!flake.lock
!*.age
!*.gif
!*.hist
!*.md
!*.nix
!*.nu
!*.opus
!*.png
!*.sh

35
derivations/rat.nix
View file

@ -1,35 +0,0 @@
{
stdenv,
fetchFromGitHub,
unixtools,
}:
stdenv.mkDerivation rec {
pname = "rat";
version = "2.0.1";
src = fetchFromGitHub {
owner = "thinkingsand";
repo = pname;
sha256 = "sha256-OsEIOC6EZrAN2NnDvnyN0nBRLVIviSMX2+TPqlidxrI=";
rev = "4817f542b067255d2b6cd1d29137f393da6e4085";
};
buildInputs = [ unixtools.xxd ];
buildPhase = ''
runHook preBuild
make linux_audio
runHook postBuild
'';
installPhase = ''
runHook preInstall
mkdir -p $out/bin
install -Dm755 ./bin/rat -t $out/bin/
runHook postInstall
'';
}

11
docs/BROKEN.md
View file

@ -1,11 +0,0 @@
# Broken Stuff
- Not broken either but set up Nextcloud exporters.
- Some Nginx headers were commented out because it collided or something.
Idfk. Make them not. Uncomment.
- QT theme doesn't work.
- Nushell custom prompt title does not work, as it gets
overriden by the shell integration in a split second.

0
LICENSE.md → docs/LICENSE.md
View file

12
docs/PORTS.md
View file

@ -1,12 +0,0 @@
# Internal & External Port Numbers
- 80 and 443 are standard HTTP ports. Let them be.
- Same for e-mail ports.
- 8000-8999 are internal web application ports.
- Every app topic must use 80N0-80N9.
- 9000 is the Prometheus port.
- Every exporter topic must use 90N0-90N9.
- For example, Node exporter can be on 9010.
Dovecot can be on 9020, Postfix can be on 9021,
and so on.
- Haven't decided on redis, kresd etc. ports yet.

37
docs/README.md
View file

@ -1,39 +1,6 @@
# My NixOS Configurations
# NCC
This repository contains my NixOS configurations for all my machines.
## Bootstrapping
Here is the script you need to run to get this working:
> [!IMPORTANT]
> You will need to have an SSH key to authorize GitHub with,
> and have access to the Ghostty GitHub repository as I
> use Ghostty and Ghostty is in private beta at the moment.
```sh
sudo nix-shell --packages git nu nix-output-monitor --command "
git clone https://github.com/RGBCube/NixOSConfiguration ~/Configuration
cd ~/Configuration
hostname -v <host>
nu rebuild.nu
"
```
`host` is a host selected from the hosts in the `hosts` directory.
## Applying Changes
Lets say you have changed the configuration and want to apply the changes
to your system. You would have to run the rebuild script:
```sh
./rebuild.nu
```
This runs the script interactively.
You can also check how the script is used by reading the parameters it takes.
RGBCube's NixOS Configuration Collection.
## License

253
flake.lock generated
View file

@ -12,11 +12,11 @@
"systems": "systems"
},
"locked": {
"lastModified": 1707830867,
"narHash": "sha256-PAdwm5QqdlwIqGrfzzvzZubM+FXtilekQ/FA0cI49/o=",
"lastModified": 1712079060,
"narHash": "sha256-/JdiT9t+zzjChc5qQiF+jhrVhRt8figYH29rZO7pFe4=",
"owner": "ryantm",
"repo": "agenix",
"rev": "8cb01a0e717311680e0cbca06a76cbceba6f3ed6",
"rev": "1381a759b205dff7a6818733118d02253340fd5e",
"type": "github"
},
"original": {
@ -71,11 +71,11 @@
"rust-analyzer-src": "rust-analyzer-src"
},
"locked": {
"lastModified": 1711434200,
"narHash": "sha256-d1/GwzQfxG66qfFiZv79m0C63JXIkzLHVHXaf9A42tY=",
"lastModified": 1713335151,
"narHash": "sha256-K97Xs+gvp9wbbpd+a4aSeeczWgtBs63ut6lAcDn3O4U=",
"owner": "nix-community",
"repo": "fenix",
"rev": "08b43790fd25acd39f3cc1fdaf36c183c59ca528",
"rev": "fa179d2b1528f64ae43f83c485ef914d9c3fb85a",
"type": "github"
},
"original": {
@ -137,11 +137,11 @@
]
},
"locked": {
"lastModified": 1711508420,
"narHash": "sha256-T0io4K+gZOlps4GOUbwdskvmE9j6w33RLOTOwzfcgkI=",
"lastModified": 1713285560,
"narHash": "sha256-PlApALZSdBnRtXLk1XYksOzf47BU/V+vnIGjqrO1DmY=",
"ref": "refs/heads/main",
"rev": "caf2742b768937869bb6c843c89c87f48f3ac1d2",
"revCount": 5721,
"rev": "06c5528a59f61e61c7b8b21a51bb60a172ca7955",
"revCount": 5909,
"type": "git",
"url": "ssh://git@github.com/RGBCube/ghostty"
},
@ -193,11 +193,11 @@
]
},
"locked": {
"lastModified": 1711133180,
"narHash": "sha256-WJOahf+6115+GMl3wUfURu8fszuNeJLv9qAWFQl3Vmo=",
"lastModified": 1713294767,
"narHash": "sha256-LmaabaQZdx52MPGKPRt9Opoc9Gd9RbwvCdysUUYQoXI=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "1c2c5e4cabba4c43504ef0f8cc3f3dfa284e2dbb",
"rev": "fa8c16e2452bf092ac76f09ee1fb1e9f7d0796e7",
"type": "github"
},
"original": {
@ -208,7 +208,10 @@
},
"hyprcursor": {
"inputs": {
"hyprlang": "hyprlang",
"hyprlang": [
"hyprland",
"hyprlang"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
@ -219,11 +222,11 @@
]
},
"locked": {
"lastModified": 1711035742,
"narHash": "sha256-5vvhCSUGG9TA2G1eIRgokuYizhRnZu0ZbcU1MXfHsUE=",
"lastModified": 1713214463,
"narHash": "sha256-zAOOjqHAbccCRgJSuvTCA0FNLqKswN63LgVo43R7pxw=",
"owner": "hyprwm",
"repo": "hyprcursor",
"rev": "6a92473237f430399a417e1c2da9d7fcd4970086",
"rev": "0a53b9957f0b17f1a0036b25198f569969ad43a0",
"type": "github"
},
"original": {
@ -249,11 +252,11 @@
"xdph": "xdph"
},
"locked": {
"lastModified": 1711466169,
"narHash": "sha256-8LyPRWHz6YFWS5IIgjb94K6eDH5Riwe65BBkreC6v1c=",
"lastModified": 1713351856,
"narHash": "sha256-5lf6GAXWtJanOTgu3jH0tF4aqoqCv8IcP43wp+pemWg=",
"owner": "hyprwm",
"repo": "Hyprland",
"rev": "ae52b7f4680716976d05b638aaa90e169d199117",
"rev": "e57a2d7ec87ae775828ea8628ef4eeafce8e6e70",
"type": "github"
},
"original": {
@ -288,29 +291,6 @@
}
},
"hyprlang": {
"inputs": {
"nixpkgs": [
"hyprland",
"hyprcursor",
"nixpkgs"
],
"systems": "systems_2"
},
"locked": {
"lastModified": 1709914708,
"narHash": "sha256-bR4o3mynoTa1Wi4ZTjbnsZ6iqVcPGriXp56bZh5UFTk=",
"owner": "hyprwm",
"repo": "hyprlang",
"rev": "a685493fdbeec01ca8ccdf1f3655c044a8ce2fe2",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprlang",
"type": "github"
}
},
"hyprlang_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
@ -320,11 +300,11 @@
]
},
"locked": {
"lastModified": 1711250455,
"narHash": "sha256-LSq1ZsTpeD7xsqvlsepDEelWRDtAhqwetp6PusHXJRo=",
"lastModified": 1713121246,
"narHash": "sha256-502X0Q0fhN6tJK7iEUA8CghONKSatW/Mqj4Wappd++0=",
"owner": "hyprwm",
"repo": "hyprlang",
"rev": "b3e430f81f3364c5dd1a3cc9995706a4799eb3fa",
"rev": "78fcaa27ae9e1d782faa3ff06c8ea55ddce63706",
"type": "github"
},
"original": {
@ -340,11 +320,11 @@
]
},
"locked": {
"lastModified": 1711283076,
"narHash": "sha256-Cda+XbHpvyz3HhdJ7FlXFoaazOWtdBoOWmEaj4ZFwRM=",
"lastModified": 1713196199,
"narHash": "sha256-ifdAQO9wcw/zlAyg8fCpf5I0TtufdRS6YZoTVk1VzLM=",
"owner": "hyprwm",
"repo": "hyprpicker",
"rev": "0eb49192a5cdd5e6e8e6c2c82c33857d78d6cd56",
"rev": "e2472f499d67568edb1b727736c587b877e85344",
"type": "github"
},
"original": {
@ -365,84 +345,29 @@
"url": "https://raw.githubusercontent.com/ziglang/zig/54bbc73f8502fe073d385361ddb34a43d12eec39/doc/langref.html.in"
}
},
"libgit2": {
"flake": false,
"locked": {
"lastModified": 1697646580,
"narHash": "sha256-oX4Z3S9WtJlwvj0uH9HlYcWv+x1hqp8mhXl7HsLu2f0=",
"owner": "libgit2",
"repo": "libgit2",
"rev": "45fd9ed7ae1a9b74b957ef4f337bc3c8b3df01b5",
"type": "github"
},
"original": {
"owner": "libgit2",
"repo": "libgit2",
"type": "github"
}
},
"nixSuper": {
"inputs": {
"flake-compat": [
"flakeCompat"
],
"libgit2": "libgit2",
"nixpkgs": "nixpkgs",
"nixpkgs-regression": "nixpkgs-regression"
},
"locked": {
"lastModified": 1711388763,
"narHash": "sha256-z5lTtZ3Np3P5E03S7J627Gie7HtLPxscmuQ40Vu8xuw=",
"owner": "privatevoid-net",
"repo": "nix-super",
"rev": "06eac000db910dd07c935b2dd279b92b21b61571",
"type": "github"
},
"original": {
"owner": "privatevoid-net",
"repo": "nix-super",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1709083642,
"narHash": "sha256-7kkJQd4rZ+vFrzWu8sTRtta5D1kBG0LSRYAfhtmMlSo=",
"lastModified": 1713248628,
"narHash": "sha256-NLznXB5AOnniUtZsyy/aPWOk8ussTuePp2acb9U+ISA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b550fe4b4776908ac2a861124307045f8e717c8e",
"rev": "5672bc9dbf9d88246ddab5ac454e82318d094bb8",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-23.11",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-regression": {
"locked": {
"lastModified": 1643052045,
"narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
"type": "github"
}
},
"nixpkgs-zig-0-12": {
"locked": {
"lastModified": 1711143939,
"narHash": "sha256-oT6a81U4NHjJH1hjaMVXKsdTZJwl2dT+MhMESKoevvA=",
"lastModified": 1712247214,
"narHash": "sha256-7PTw86NnE2nCQPf+PPI/kOKwmlbbTqUthYSz/nDnAoc=",
"owner": "vancluever",
"repo": "nixpkgs",
"rev": "c4749393c06e52da4adf42877fdf9bac7141f0de",
"rev": "6726262c930716f601345b2c9d0c42ba069991b8",
"type": "github"
},
"original": {
@ -452,37 +377,6 @@
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1711518224,
"narHash": "sha256-M75UGj6cj41U6WEAQIt1NT1KHtmUGFjkFGEkbkOnFFw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "1b08f32c98637285b4dd3b74f2ea2b3b487106bd",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"type": "github"
}
},
"nuScripts": {
"flake": false,
"locked": {
"lastModified": 1711478865,
"narHash": "sha256-cXcMGdmdfyrfhCVHRRHNQnstFbFhIKyQdNivgBT/tpA=",
"owner": "nushell",
"repo": "nu_scripts",
"rev": "41fe58eceeaf24e560dc448280be3a143207982f",
"type": "github"
},
"original": {
"owner": "nushell",
"repo": "nu_scripts",
"type": "github"
}
},
"root": {
"inputs": {
"ageNix": "ageNix",
@ -493,13 +387,11 @@
"ghosttyModule": "ghosttyModule",
"homeManager": "homeManager",
"hyprland": "hyprland",
"hyprlang": "hyprlang_2",
"hyprlang": "hyprlang",
"hyprpicker": "hyprpicker",
"nixSuper": "nixSuper",
"nixpkgs": "nixpkgs_2",
"nuScripts": "nuScripts",
"nixpkgs": "nixpkgs",
"simpleMail": "simpleMail",
"systems": "systems_3",
"systems": "systems_2",
"themes": "themes",
"zig": "zig",
"zls": "zls"
@ -508,11 +400,11 @@
"rust-analyzer-src": {
"flake": false,
"locked": {
"lastModified": 1711404839,
"narHash": "sha256-5W2Vzw2nfrOk194qLcZDyNmmH/mda6B6413M58C85Bk=",
"lastModified": 1713285401,
"narHash": "sha256-/FSI+GvcLWR107Lr2ntTo4d+yw2cAFXnJBw/66hPn8c=",
"owner": "rust-lang",
"repo": "rust-analyzer",
"rev": "e52bb8cddb0d636a86a3560e9eadb5f3d8f8c2af",
"rev": "d07f0240fd9ced3addb8bdcda6fb9a305cb6499f",
"type": "github"
},
"original": {
@ -536,11 +428,11 @@
]
},
"locked": {
"lastModified": 1710449465,
"narHash": "sha256-2orO8nfplp6uQJBFqKkj1iyNMC6TysmwbWwbb4osTag=",
"lastModified": 1713012165,
"narHash": "sha256-z/soXKDnz+w4Nw0LkRaM73YqolhSmIYy6cpg1F2ps8I=",
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"rev": "79c8cfcd5873a85559da6201b116fb38b490d030",
"rev": "9f6635a0351c190179dc6904545f950108a23dd8",
"type": "gitlab"
},
"original": {
@ -565,21 +457,6 @@
}
},
"systems_2": {
"locked": {
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
"owner": "nix-systems",
"repo": "default-linux",
"rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default-linux",
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@ -612,20 +489,18 @@
"wlroots": {
"flake": false,
"locked": {
"host": "gitlab.freedesktop.org",
"lastModified": 1709983277,
"narHash": "sha256-wXWIJLd4F2JZeMaihWVDW/yYXCLEC8OpeNJZg9a9ly8=",
"owner": "wlroots",
"repo": "wlroots",
"rev": "50eae512d9cecbf0b3b1898bb1f0b40fa05fe19b",
"type": "gitlab"
"lastModified": 1713124002,
"narHash": "sha256-vPeZCY+sdiGsz4fl3AVVujfyZyQBz6+vZdkUE4hQ+HI=",
"owner": "hyprwm",
"repo": "wlroots-hyprland",
"rev": "611a4f24cd2384378f6e500253983107c6656c64",
"type": "github"
},
"original": {
"host": "gitlab.freedesktop.org",
"owner": "wlroots",
"repo": "wlroots",
"rev": "50eae512d9cecbf0b3b1898bb1f0b40fa05fe19b",
"type": "gitlab"
"owner": "hyprwm",
"repo": "wlroots-hyprland",
"rev": "611a4f24cd2384378f6e500253983107c6656c64",
"type": "github"
}
},
"xdph": {
@ -648,11 +523,11 @@
]
},
"locked": {
"lastModified": 1709299639,
"narHash": "sha256-jYqJM5khksLIbqSxCLUUcqEgI+O2LdlSlcMEBs39CAU=",
"lastModified": 1713214484,
"narHash": "sha256-h1bSIsDuPk1FGgvTuSHJyiU2Glu7oAyoPMJutKZmLQ8=",
"owner": "hyprwm",
"repo": "xdg-desktop-portal-hyprland",
"rev": "2d2fb547178ec025da643db57d40a971507b82fe",
"rev": "bb44921534a9cee9635304fdb876c1b3ec3a8f61",
"type": "github"
},
"original": {
@ -674,11 +549,11 @@
]
},
"locked": {
"lastModified": 1711454961,
"narHash": "sha256-Hm5wZoCrfQYiSv6F2AqRXfb3iBQOFVwTHaXCVw4VIcg=",
"lastModified": 1713313372,
"narHash": "sha256-JqMBPQKPubOt3ToB0k4q+CTJqfwHfh5iaaFvLOr8GDA=",
"owner": "mitchellh",
"repo": "zig-overlay",
"rev": "fc90c09499061b194328f42469df73b09563fc83",
"rev": "5dcefc19b3fb062bb2beb224d72759ca6c25c9cd",
"type": "github"
},
"original": {
@ -702,11 +577,11 @@
]
},
"locked": {
"lastModified": 1711133472,
"narHash": "sha256-iF7WXLFcze9f/H78NB98Oh3O55SrlgymCD7Vrk13aQU=",
"lastModified": 1713110866,
"narHash": "sha256-ddSLREpgBq87dcbSisliSoSNqKl2x7kVf3E/tFumIXw=",
"owner": "zigtools",
"repo": "zls",
"rev": "96eddd067615efd9a88fa596dfa4c75943302885",
"rev": "172c8f2ef81c95731d7bff6f69f8d497902fe999",
"type": "github"
},
"original": {

204
flake.nix
View file

@ -7,14 +7,7 @@
};
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs";
nixSuper = {
url = "github:privatevoid-net/nix-super";
inputs.flake-compat.follows = "flakeCompat";
# inputs.nixpkgs.follows = "nixpkgs";
};
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
homeManager = {
url = "github:nix-community/home-manager";
@ -29,11 +22,6 @@
inputs.home-manager.follows = "homeManager";
};
nuScripts = {
url = "github:nushell/nu_scripts";
flake = false;
};
simpleMail = {
url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
@ -69,7 +57,7 @@
fenix = {
url = "github:nix-community/fenix";
inputs.nixpkgs.follows = "nixpkgs";
inputs.nixpkgs.follows = "nixpkgs";
};
zig = {
@ -116,117 +104,103 @@
};
outputs = {
self,
nixpkgs,
ageNix,
simpleMail,
homeManager,
themes,
ghosttyModule,
...
} @ inputs: let
importConfiguration = host: let
hostDefault = import ./hosts/${host} {
config = {};
keys = {};
ulib = (import ./lib lib null) // {
merge = lib.recursiveUpdate;
};
};
lib0 = nixpkgs.lib;
keys = import ./keys.nix;
users = {
all = let
users = builtins.attrNames hostDefault.users.users;
in if builtins.elem "root" users then
users
else
users ++ [ "root" ];
collectNixFiles = directory: with lib0; pipe (builtins.readDir directory) [
(mapAttrsToList (name: type: let
path = /${directory}/${name};
in if type == "directory" then
collectNixFiles path
else
path))
flatten
(filter (hasSuffix ".nix"))
(filter (name: !hasPrefix "_" (builtins.baseNameOf name)))
];
graphical = builtins.attrNames (lib.filterAttrs (_: value: builtins.elem "graphical" (value.extraGroups or [])) hostDefault.users.users);
};
lib1 = with lib0; extend (_: _: pipe (collectNixFiles ./lib) [
(map (file: import file lib0))
(filter (thunk: !isFunction thunk))
(foldl' recursiveUpdate {})
]);
system = hostDefault.nixpkgs.hostPlatform;
lib = nixpkgs.lib;
ulib = import ./lib lib users;
pkgs = import nixpkgs { inherit system; };
upkgs = let
defaults = lib.genAttrs
[ "nixSuper" "ageNix" "hyprland" "hyprpicker" "ghostty" "zls" ]
(name: inputs.${name}.packages.${system}.default);
other = {
nuScripts = inputs.nuScripts;
rat = pkgs.callPackage ./derivations/rat.nix {};
zig = inputs.zig.packages.${system}.master;
};
in defaults // other;
keys = import ./keys.nix;
theme = themes.custom (themes.raw.gruvbox-dark-hard // {
cornerRadius = 8;
borderWidth = 2;
margin = 6;
padding = 8;
font.size.normal = 12;
font.size.big = 18;
font.sans.name = "Lexend";
font.sans.package = pkgs.lexend;
font.mono.name = "JetBrainsMono Nerd Font";
font.mono.package = (pkgs.nerdfonts.override { fonts = [ "JetBrainsMono" ]; });
icons.name = "Gruvbox-Plus-Dark";
icons.package = pkgs.gruvbox-plus-icons;
});
defaultConfiguration = {
age.identityPaths = map (user: "/home/${user}/.ssh/id") users.all;
home-manager.users = lib.genAttrs users.all (_: {});
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
networking.hostName = host;
};
in lib.nixosSystem {
inherit system;
specialArgs = { inherit inputs ulib upkgs keys theme; };
modules = let
mapDirectory = function: directory: with builtins;
attrValues (mapAttrs function (readDir directory));
nullIfUnderscoreOrNotNix = name: if (builtins.substring 0 1 name) == "_" then
null
else if lib.hasSuffix ".age" name then
null
else
name;
filterNull = builtins.filter (x: x != null);
importDirectory = directory:
filterNull (mapDirectory (name: _: lib.mapNullable (name: /${directory}/${name}) (nullIfUnderscoreOrNotNix name)) directory);
in [
homeManager.nixosModules.default
ageNix.nixosModules.default
simpleMail.nixosModules.default
defaultConfiguration
] ++ (importDirectory ./hosts/${host})
++ (importDirectory ./modules);
nixpkgsOverlayModule = with lib1; {
nixpkgs.overlays = [(final: prev: {
ghostty = inputs.ghostty.packages.${prev.system}.default;
zls = inputs.zls.packages.${prev.system}.default;
})] ++ pipe inputs [
attrValues
(filter (value: value ? overlays.default))
(map (value: value.overlays.default))
];
};
hosts = (builtins.attrNames (builtins.readDir ./hosts));
homeManagerModule = { lib, ... }: with lib; {
home-manager.users = genAttrs allNormalUsers (_: {});
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.sharedModules = [ ghosttyModule.homeModules.default ];
};
ageNixModule = {
age.identityPaths = [ "/root/.ssh/id" ];
};
optionModules = [
homeManager.nixosModules.default
ageNix.nixosModules.default
simpleMail.nixosModules.default
(lib1.mkAliasOptionModule [ "secrets" ] [ "age" "secrets" ])
] ++ collectNixFiles ./options;
optionUsageModules = [
nixpkgsOverlayModule
homeManagerModule
ageNixModule
] ++ collectNixFiles ./modules;
specialArgs = { inherit self inputs keys; };
hosts = lib1.pipe (builtins.readDir ./hosts) [
(lib1.filterAttrs (name: type: type == "regular" -> lib1.hasSuffix ".nix" name))
lib1.attrNames
];
lib2s = with lib1; genAttrs hosts (name: let
hostStub = nixosSystem {
inherit specialArgs;
modules = [ ./hosts/${name} ] ++ optionModules;
};
in extend (_: _: pipe (collectNixFiles ./lib) [
(map (file: import file lib1))
(filter (isFunction))
(map (func: func hostStub.config))
(foldl' recursiveUpdate {})
]));
configurations = lib1.genAttrs hosts (name: lib2s.${name}.nixosSystem {
inherit specialArgs;
modules = [{
networking.hostName = name;
}] ++ optionModules ++ optionUsageModules ++ collectNixFiles ./hosts/${name};
});
in {
nixosConfigurations = nixpkgs.lib.genAttrs hosts importConfiguration;
};
nixosConfigurations = configurations;
# This is here so we can do self.<whatever> instead of self.nixosConfigurations.<whatever>.config.
} // lib1.mapAttrs (_: value: value.config) configurations;
}

8
hosts/cube/acme/default.nix → hosts/cube/acme.nix
View file

@ -1,15 +1,15 @@
{ config, ulib, ... }: with ulib;
{ self, config, lib, ... }: with lib;
let
inherit (config.networking) domain;
in serverSystemConfiguration {
age.secrets."hosts/cube/acme/password".file = ./password.age;
in systemConfiguration {
secrets.acmePassword.file = self + /hosts/password.acme.age;
security.acme = {
acceptTerms = true;
defaults = {
environmentFile = config.age.secrets."hosts/cube/acme/password".path;
environmentFile = config.secrets.acmePassword.path;
dnsProvider = "cloudflare";
dnsResolver = "1.1.1.1";
email = "security@${domain}";

BIN
hosts/cube/acme/password.age
View file

Binary file not shown.

32
hosts/cube/default.nix
View file

@ -1,4 +1,4 @@
{ config, ulib, keys, ... }: with ulib; merge
{ config, lib, keys, ... }: with lib; merge
(systemConfiguration {
system.stateVersion = "23.05";
@ -6,18 +6,30 @@
networking.domain = "rgbcu.be";
time.timeZone = "Europe/Amsterdam";
secrets.rgbPassword.file = ./password.rgb.age;
age.secrets."hosts/cube/password.rgb".file = ./password.rgb.age;
users.users = {
root.hashedPasswordFile = config.secrets.rgbPassword.path;
users.users.root.hashedPasswordFile = config.age.secrets."hosts/cube/password.rgb".path;
users.users.rgb = normalUser {
description = "RGB";
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = [ keys.enka ];
hashedPasswordFile = config.age.secrets."hosts/cube/password.rgb".path;
rgb = sudoUser {
description = "RGB";
openssh.authorizedKeys.keys = [ keys.enka ];
hashedPasswordFile = config.secrets.rgbPassword.path;
};
};
services.openssh.banner = ''
_______________________________________
/ If God doesn't destroy San Francisco, \
| He should apologize to Sodom and |
\ Gomorrah. /
---------------------------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
'';
})
(homeConfiguration {

31
hosts/cube/forgejo/default.nix
View file

@ -1,15 +1,17 @@
{ config, ulib, pkgs, ... }: with ulib;
{ config, lib, pkgs, ... }: with lib;
let
inherit (config.networking) domain;
fqdn = "git.${domain}";
in serverSystemConfiguration {
age.secrets."hosts/cube/forgejo/password.mail" = {
port = 8004;
in systemConfiguration {
secrets.forgejoMailPassword = {
file = ./password.mail.age;
owner = "forgejo";
};
age.secrets."hosts/cube/forgejo/password.runner" = {
secrets.forgejoRunnerPassword = {
file = ./password.runner.age;
owner = "forgejo";
};
@ -42,7 +44,7 @@ in serverSystemConfiguration {
"act:docker://ghcr.io/catthehacker/ubuntu:act-latest"
];
tokenFile = config.age.secrets."hosts/cube/forgejo/password.runner".path;
tokenFile = config.secrets.forgejoRunnerPassword.path;
settings = {
cache.enabled = true;
@ -61,11 +63,12 @@ in serverSystemConfiguration {
};
};
services.openssh.settings.AcceptEnv = mkForce "COLORTERM GIT_PROTOCOL";
services.forgejo = enabled {
lfs = enabled {};
lfs = enabled;
mailerPasswordFile = config.age.secrets."hosts/cube/forgejo/password.mail".path;
mailerPasswordFile = config.secrets.forgejoMailPassword.path;
database = {
socket = "/run/postgresql";
@ -78,7 +81,7 @@ in serverSystemConfiguration {
default.APP_NAME = description;
actions = {
ENABLED = true;
ENABLED = true;
DEFAULT_ACTIONS_URL = "https://${fqdn}";
};
@ -89,9 +92,9 @@ in serverSystemConfiguration {
mailer = {
ENABLED = true;
PROTOCOL = "smtps";
PROTOCOL = "smtps";
SMTP_ADDR = config.mailserver.fqdn;
USER = "git@${domain}";
USER = "git@${domain}";
};
other = {
@ -123,8 +126,8 @@ in serverSystemConfiguration {
ROOT_URL = "https://${fqdn}/";
LANDING_PAGE = "/explore";
HTTP_ADDR = "::";
HTTP_PORT = 8004;
HTTP_ADDR = "::1";
HTTP_PORT = port;
SSH_PORT = builtins.elemAt config.services.openssh.ports 0;
@ -145,7 +148,7 @@ in serverSystemConfiguration {
};
};
services.nginx.virtualHosts.${fqdn} = (sslTemplate domain) // {
locations."/".proxyPass = "http://[::]:${toString config.services.forgejo.settings.server.HTTP_PORT}";
services.nginx.virtualHosts.${fqdn} = merge config.sslTemplate {
locations."/".proxyPass = "http://[::1]:${toString port}";
};
}

19
hosts/cube/forgejo/password.mail.age
View file

@ -1,6 +1,15 @@
age-encryption.org/v1
-> ssh-ed25519 +rZ0Tw k4u86tbxSaZTIr9QzN2P+md9WwGvn93jOXqR2JHWy30
tG7p/GaP0MhTqbAin3KmIMCrE67Ls3NYoztcJT8r7po
--- cmz8sBFqHk8RyAae/gBqrWgjCyHrVtngjZGn1xQOze8
9rgMÐ׶9±¬¹¥òíªgù<67>šÉzã<7A>
ý@ÕÙðuO·Þê0×¥ôa
-> ssh-ed25519 +rZ0Tw UdpGG1O9oC4Z3OasaGJyU3TM9FkwcaXQX9+QT4Wqrjs
RX+NdBYD+/GtOSGun8Y04S48MKLDHkQsfqjJQ0vVj18
-> ssh-rsa jPaU3Q
EVX4PE+5bBQm3tzrUkbPBfG7Ech9dS2Ix8ZLLWYW2DFp30F49tJvYUDLGgpRARa+
dh0+tuiOdPHENVbyhM8pob+Jk4Ii1+ZYwQdah0bAmewJ88NAHgfNCPMuAZFsR2w7
r+KeuMa+1PtX3llIVWqTc+pdfrPVnG/DcbQqSgs5a2NVQauMgFgT9eCrwvuWCTSQ
dlUWdysSTYsnGHSKxSgS/MmMIFsrlxqoUUBYTFdS6yU/w6b7VFSJdGczmzD9zFMJ
ywkregpi5y0Z8K5byroRMR1IfIl7B0CHcZbsTFqSrlDSX9Rq2D84TGwdhwBK0L17
Yy1UM3mFIDWgWe2lBY2KRterzxF/XxfDgbDc+1d8NWANVDinoXIOLYg3QBCSupwR
QmgjfvMcqjDSeg/QaV3PXtK/GyzVk8ehAFQpCyi+XofuavhBzP+9yk6IoHQupEAx
mQkm1ZXRc//C5w7Svjf6DmR5KKbF/mTRr7QqJp4XuCNCHA4Bf5BQEw5p8NtfqiWh
--- iRy3XLKWkh6sUOkUS79ZRtRAjGdvvlKRZ6L6h6cKzjE
˘lÚŁYÁ~‡Ď¬¶ ĽšbQ“/ľĐÖo×3‡Ş^ůs}+ř‰ş,B

18
hosts/cube/forgejo/password.runner.age
View file

@ -1,5 +1,15 @@
age-encryption.org/v1
-> ssh-ed25519 +rZ0Tw rraoMjYwD6IIkmgyiDKlij2+bLqY5PNyMU5IPQ4mvjI
/yttaAf7neHJ69LYh6p33gRBXIZA4oxWS5DDMnfOhhM
--- o+/I/vPxFdL9orC3PsBTazOrwG6Le8uLMUYiHE4XMj8
¬¨<EFBFBD> ±]}ÍWž{[a'mdú€ AÈU‰Ô¬ì7z*ÌY9"èÍ|±1dvùQxcŸ¶Ç“<C387>à"®0ñÆÔpÖò¿Œr½:ÇÅÑ
-> ssh-ed25519 +rZ0Tw cQ6Sb/ZjeBy7VCL03h1A4+67kNoEYfQBee90qOXytxg
pIZpmgRZ9ISGx6CJF0yPX+PYs9VLXXoK01FB+iW4OXo
-> ssh-rsa jPaU3Q
aVlBcpE5GdfXtzuu7uHqDhTtiO7mXMYNr0Ww0MluxQxZmuXyxa7IIxeUR6n6eub/
7H+B2Gcwwnh7txdWGyCytCx1rNp5Dbs0qSm+ufgyzNTSz9rPu2iEHPR0WOB2Y85x
avpC53ESBFORZ4Zswkc0iYBAGIwbtUGDGAV/ziw1hZCEsRCJZX1Pj57Tvk5Bc9mL
gaBix4Qo3X0j/Pqzp4NeaaMmIdCv2XOizQwFVAxqvT17xil3+TuZLKAScgbwtj9u
QfOZjwOQxVZwB5+CHmd7AYX2QCQsi45bBKh9dUU2Fm/MLyDmfSpiwTQ3nIEkSk1n
B6QwA4Z7v0A/IxDyQ9cWpj5TIxQ96RTf/azlRMg0H4bBuwINHlg0oWNIHfGZG15m
uRMvs+xxPcmU710b5WEwZRSlaZ1+Lm8uLY7d0j+Ie4V41JKmMh1pOaFbyo4wxWUo
cwRNFx9Yajiml7VnjaOZOGtA/NCUEall4mCdSJD5vntiTb3Hves0gAtoici1ZrX5
--- 8RA8QeFF0brgptQpnHAO6L0J1DXWeVAKxuXmDcX46Zg
ÛtÄÚ< ¶¿&õ¡†ÅVõ9SúCsFÁð“ ŒQoCk(Ç{¿¸<>õÐHŠm°Ä a ˜Ë¢T°„[>³*»QÛ“Ô

30
hosts/cube/grafana/default.nix
View file

@ -1,25 +1,21 @@
{ config, ulib, ... }: with ulib;
{ config, lib, ... }: with lib;
let
inherit (config.networking) domain;
fqdn = "metrics.${domain}";
in serverSystemConfiguration {
age.secrets."hosts/cube/grafana/password" = {
port = 8000;
in systemConfiguration {
secrets.grafanaPassword = {
file = ./password.age;
owner = "grafana";
};
age.secrets."hosts/cube/grafana/password.mail" = {
secrets.grafanaMailPassword = {
file = ./password.mail.age;
owner = "grafana";
};
services.fail2ban.jails.grafana.settings = {
filter = "grafana";
journalmatch = "_SYSTEMD_UNIT=grafana.service";
maxretry = 3;
};
services.postgresql = {
ensureDatabases = [ "grafana" ];
ensureUsers = [{
@ -34,7 +30,7 @@ in serverSystemConfiguration {
};
services.grafana = enabled {
provision = enabled {};
provision = enabled;
settings = {
analytics.reporting_enabled = false;
@ -44,15 +40,15 @@ in serverSystemConfiguration {
database.user = "grafana";
server.domain = fqdn;
server.http_addr = "[::]";
server.http_port = 8000;
server.http_addr = "[::1]";
server.http_port = port;
users.default_theme = "system";
};
settings.security = {
admin_email = "metrics@${domain}";
admin_password = "$__file{${config.age.secrets."hosts/cube/grafana/password".path}}";
admin_password = "$__file{${config.secrets.grafanaPassword.path}}";
admin_user = "admin";
cookie_secure = true;
@ -64,7 +60,7 @@ in serverSystemConfiguration {
settings.smtp = {
enabled = true;
password = "$__file{${config.age.secrets."hosts/cube/grafana/password.mail".path}}";
password = "$__file{${config.secrets.grafanaMailPassword.path}}";
startTLS_policy = "MandatoryStartTLS";
ehlo_identity = "contact@${domain}";
@ -74,9 +70,9 @@ in serverSystemConfiguration {
};
};
services.nginx.virtualHosts.${fqdn} = (sslTemplate domain) // {
services.nginx.virtualHosts.${fqdn} = merge config.sslTemplate {
locations."/" = {
proxyPass = "http://[::]:${toString config.services.grafana.settings.server.http_port}";
proxyPass = "http://[::1]:${toString port}";
proxyWebsockets = true;
};
};

BIN
hosts/cube/grafana/password.age
View file

Binary file not shown.

18
hosts/cube/grafana/password.mail.age
View file

@ -1,5 +1,15 @@
age-encryption.org/v1
-> ssh-ed25519 +rZ0Tw xkWa1fXAqQk5S+VNegGJpwGGDK0S3U+/QqPqSJgDUzI
xQRrNt48YL6ueLKKN4VXZuwzP0wu7AykvShOTv06YVQ
--- pEof9mZkQfWKgX5jrFGissq6m8/CvS7O2G52d/XbS8w
Ñ,5 ÜK¬h×¾#s®( z™_IipY/ð=¸£Ü¯øßRw•S“¹
-> ssh-ed25519 +rZ0Tw O0H0h+hSKjcOPaWE8iDSpYsR0TGigDeyBUmHtFTCNjQ
EHORIYFfRAoYEME9SM6l3ef6jfYmLBXEgGxZ7L+wZyA
-> ssh-rsa jPaU3Q
bG32pycqaE13cyS0OVqd3mI3lmP91UOgBrhnIhUv6WCDxJdQoshrUNhfF93JAI9+
HSAsAOM1UHeffdNuucCQsoTxENCFonldrK8+cQwPyQlPSGIP5yE4hFFRUjoct0X5
qdJsjgHAP53c5707mdwsx7lbpRLFPhW6JvA90wn1LKZPgMHBD5yQRPc+qM0NQ10b
sOqNU8dVuuIwWGtzHm9vrw3jUZMNiH+AUJ8IcaEC8+5FFAHr1cib3+rzyUmbzrxr
n2dXsIICLmQZVXoNPMYltcHyM6jf1a+cxh9Z7ZKhVxJvD2jXh9CqrHw5Z2xbQJTL
rwKNE85xxwQNzldYPMGLWyfn25j08/Jx4uZHXQIGrjVQCRRy+Mmn9d05MY2BNPNC
vpA848kn1IIM5ybBdsEXSqywoE2+r+J39JVUcQgTdXhjQwfZWcXiaq3haD6mhtRp
0VIqnBeu4vuvgtOEnWzvqVj0k64sYs+uPVjuXrW6szcSBcHj/QLfIQ//Tw4sRpQy
--- DRdJx69Bkj+MVtk3dlZ0gMQmHG7NC7ZbzuMGbEbNVUQ
¹ ¦ ˆñ¥ÈŽ^@„éü%˜”,ƒqå\4a©EÆQEi>ðRÛvêðÞ

12
hosts/cube/hardware.nix
View file

@ -1,8 +1,10 @@
{ ulib, modulesPath, ... }: with ulib; merge
{ lib, modulesPath, ... }: with lib;
(modulesPath + "/profiles/qemu-guest.nix")
systemConfiguration {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
(serverSystemConfiguration {
boot.loader.grub = enabled {
device = "/dev/vda";
useOSProber = true;
@ -17,7 +19,7 @@
];
fileSystems."/" = {
device = "/dev/disk/by-uuid/a14e3685-693a-4099-a2fe-ce959935dd50";
device = "/dev/disk/by-label/root";
fsType = "ext4";
};
})
}

30
hosts/cube/mail/default.nix
View file

@ -1,15 +1,18 @@
{ config, lib, ulib, ... }: with ulib;
{ config, lib, ... }: with lib;
let
inherit (config.networking) domain;
fqdn = "mail.${domain}";
in serverSystemConfiguration {
age.secrets."hosts/cube/mail/password".file = ./password.age;
prometheusPort = 9040;
in systemConfiguration {
secrets.mailPassword.file = ./password.age;
services.prometheus = {
exporters.postfix = enabled {
port = 9040;
listenAddress = "[::1]";
port = prometheusPort;
};
scrapeConfigs = [{
@ -18,27 +21,12 @@ in serverSystemConfiguration {
static_configs = [{
labels.job = "postfix";
targets = [
"[::]:${toString config.services.prometheus.exporters.postfix.port}"
"[::1]:${toString prometheusPort}"
];
}];
}];
};
services.fail2ban.jails = {
dovecot.settings = {
filter = "dovecot";
maxretry = 3;
};
postfix.settings = {
filter = "postfix";
maxretry = 3;
};
};
services.kresd.listenPlain = lib.mkForce [ "[::]:53" "0.0.0.0:53" ];
services.redis.servers.rspamd.bind = "0.0.0.0";
services.dovecot2.sieve = {
extensions = [ "fileinto" ];
globalExtensions = [ "+vnd.dovecot.pipe" "+vnd.dovecot.environment" ];
@ -74,7 +62,7 @@ in serverSystemConfiguration {
loginAccounts."contact@${domain}" = {
aliases = [ "@${domain}" ];
hashedPasswordFile = config.age.secrets."hosts/cube/mail/password".path;
hashedPasswordFile = config.secrets.mailPassword.path;
};
};
}

BIN
hosts/cube/mail/password.age
View file

Binary file not shown.

BIN
hosts/cube/matrix-synapse/password.secret.age
View file

Binary file not shown.

6
hosts/cube/matrix-synapse/password.sync.age
View file

@ -1,6 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 +rZ0Tw qnll3AmLOYVpsLP78bOa0F20HjoN0dOFK2Rk/Ye5w24
Gsmy22GHYX+0dlrUJalVlPXTWyzCz7q9W5gQza71XbA
--- UQhQek9ss1w8rqxj7HQxh8H/uaIsTK5SIfxqCAe1xoQ
ÈfÉ<> ZôržŽU¬Z'²P<C2B2><E280A2>~@þŽf ã‡5_<35>Ëcru<72>ùÒË/<£÷ÚQ°é|fYŠ[‡rò^²<>SO6>
d!ÈHkZõXr$j [—\í…BüÃ(/ëÈÐÏ#

37
hosts/cube/matrix-synapse/default.nix → hosts/cube/matrix/default.nix
View file

@ -1,4 +1,4 @@
{ config, ulib, ... }: with ulib;
{ config, lib, ... }: with lib;
let
inherit (config.networking) domain;
@ -16,6 +16,7 @@ let
clientConfig."m.homeserver".base_url = "https://${chatDomain}";
clientConfig."org.matrix.msc3575.proxy".url = "https://${syncDomain}";
serverConfig."m.server" = "${chatDomain}:443";
wellKnownResponseConfig.locations = {
@ -26,8 +27,8 @@ let
notFoundLocationConfig = {
locations."/".extraConfig = "return 404;";
extraConfig = "error_page 404 /404.html;";
locations."= /404.html".extraConfig = "internal;";
extraConfig = "error_page 404 /404.html;";
locations."/404".extraConfig = "internal;";
locations."/assets/".extraConfig = "return 301 https://${domain}$request_uri;";
};
@ -35,11 +36,11 @@ let
synapsePort = 8001;
syncPort = 8002;
in serverSystemConfiguration {
age.secrets."hosts/cube/matrix-synapse/password.secret" = {
secrets.matrixSecret = {
file = ./password.secret.age;
owner = "matrix-synapse";
};
age.secrets."hosts/cube/matrix-synapse/password.sync" = {
secrets.matrixSyncPassword = {
file = ./password.sync.age;
owner = "matrix-synapse";
};
@ -88,12 +89,12 @@ in serverSystemConfiguration {
};
# Sets registration_shared_secret.
extraConfigFiles = [ config.age.secrets."hosts/cube/matrix-synapse/password.secret".path ];
extraConfigFiles = [ config.secrets.matrixSecret.path ];
settings.listeners = [{
port = synapsePort;
bind_addresses = [ "::" ];
bind_addresses = [ "::1" ];
tls = false;
type = "http";
x_forwarded = true;
@ -107,29 +108,29 @@ in serverSystemConfiguration {
services.nginx.virtualHosts.${domain} = wellKnownResponseConfig;
services.nginx.virtualHosts.${chatDomain} = ulib.recursiveUpdateAll [ (sslTemplate domain) wellKnownResponseConfig notFoundLocationConfig {
services.nginx.virtualHosts.${chatDomain} = merge config.sslTemplate wellKnownResponseConfig notFoundLocationConfig {
root = "${sitePath}";
locations."/_matrix".proxyPass = "http://[::]:${toString synapsePort}";
locations."/_synapse/client".proxyPass = "http://[::]:${toString synapsePort}";
}];
locations."/_matrix".proxyPass = "http://[::1]:${toString synapsePort}";
locations."/_synapse/client".proxyPass = "http://[::1]:${toString synapsePort}";
};
services.matrix-sliding-sync = enabled {
environmentFile = config.age.secrets."hosts/cube/matrix-synapse/password.sync".path;
environmentFile = config.age.secrets.matrixSyncPassword.path;
settings = {
SYNCV3_SERVER = "https://${chatDomain}";
SYNCV3_DB = "postgresql:///matrix-sliding-sync?host=/run/postgresql";
SYNCV3_BINDADDR = "[::]:${toString syncPort}";
SYNCV3_BINDADDR = "[::1]:${toString syncPort}";
};
};
services.nginx.virtualHosts.${syncDomain} = ulib.recursiveUpdateAll [ (sslTemplate domain) notFoundLocationConfig {
root = "${sitePath}";
services.nginx.virtualHosts.${syncDomain} = merge config.sslTemplate notFoundLocationConfig {
root = sitePath;
locations."~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync)"
.proxyPass = "http://[::]:${toString synapsePort}";
.proxyPass = "http://[::1]:${toString synapsePort}";
locations."~ ^(\\/_matrix|\\/_synapse\\/client)"
.proxyPass = "http://[::]:${toString syncPort}";
}];
.proxyPass = "http://[::1]:${toString syncPort}";
};
}

BIN
hosts/cube/matrix/password.secret.age Normal file
View file

Binary file not shown.

15
hosts/cube/matrix/password.sync.age Normal file
View file

@ -0,0 +1,15 @@
age-encryption.org/v1
-> ssh-ed25519 +rZ0Tw 0X0Ku7Shx9cZTtdBQvBT0yNdiRBCA72grq9mbBn5w30
pv1SwZo5Sw2Y0AH5r0U4oIE+l2HLUfAMZa7MdExmi/0
-> ssh-rsa jPaU3Q
yQ4L8WaeBIqJmXXnXiZAq0l0hwaWoIZDUsx1Yfu65CwkhNzxE3zC7qn8TG+/yz90
jxv3qCwkCfKUA12R1JHJj4TAvDXgBw8Icd24M5KcXaCQGZdTGEhGSod1kHFDx30R
J5xJ4a+kJRUGL2UOsXwFBM/7pk/gMgfPvY8kckc0jCXR4w6UxQ2g1T29uqGo17CP
GVHnHW+Kckc34x7Szry9gLKORNlwXskfkAOhXRnoSoj6pMNiTi6qY36DJZtrO38b
CBSx3xe5JzRn+/SwumV+lk5LG/7rqQYttffdIY/qkB322Yl5pJF8eglc/fOShbaM
AgMsOSioE17Kp7dlWOVnYjhcFqPITUryfeCnOzmeWAK7FG1s4nErSw0X9sKn1fYr
zXPnu/J+f862skfkgnJwUEe3hjzwEvnxNGPaTLCBluYeyKQs8L/veTMQkgEjAJKn
/Gzoh/aYEiYgSFsAid9jteup5jNhQS+j7jvF+zjlKgWaQ8k6IcqVK8p2fd8NQ47Y
--- KeyAgC1N1Th+hPkr7kT2b5tk+yd+oN8z7MbVtzHTQHE
3 †n”)õ‹Ã¤„%ý<>(…'šR?e5ˆ´ÁQï®Ç<C2AE>˜Ã7<çèMd«H€õ<E282AC>rË0ÔyhlÔÔõ¸E…G{옷NJÝßnj㔰®;™³tEp»éy÷¿Oãbm1<14>Ý°}®ÊéÈHž=·Ìα[ß

55
hosts/cube/nextcloud/default.nix
View file

@ -1,19 +1,49 @@
{ config, lib, ulib, pkgs, ... }: with ulib;
{ config, lib, pkgs, ... }: with lib;
let
inherit (config.networking) domain;
fqdn = "cloud.${domain}";
in serverSystemConfiguration {
age.secrets."hosts/cube/nextcloud/password" = {
prometheusPort = 9060;
nextcloudPackage = pkgs.nextcloud28;
in systemConfiguration {
secrets.nextcloudPassword = {
file = ./password.age;
owner = "nextcloud";
};
secrets.nextcloudExporterPassword = {
file = ./password.age;
owner = "nextcloud-exporter";
};
services.prometheus = {
exporters.nextcloud = enabled {
listenAddress = "[::1]";
port = prometheusPort;
username = "admin";
url = "https://${fqdn}";
passwordFile = config.secrets.nextcloudExporterPassword.path;
};
scrapeConfigs = [{
job_name = "nextcloud";
static_configs = [{
labels.job = "nextcloud";
targets = [
"[::1]:${toString prometheusPort}"
];
}];
}];
};
services.postgresql = {
ensureDatabases = [ "nextcloud" ];
ensureUsers = [{
name = "nextcloud";
name = "nextcloud";
ensureDBOwnership = true;
}];
};
@ -22,7 +52,7 @@ in serverSystemConfiguration {
after = [ "postgresql.service" ];
requires = [ "postgresql.service" ];
script = lib.mkAfter ''
script = mkAfter ''
nextcloud-occ theming:config name "RGBCube's Depot"
nextcloud-occ theming:config slogan "RGBCube's storage of insignificant data."
@ -34,7 +64,7 @@ in serverSystemConfiguration {
};
services.nextcloud = enabled {
package = pkgs.nextcloud28;
package = nextcloudPackage;
hostName = fqdn;
https = true;
@ -42,7 +72,7 @@ in serverSystemConfiguration {
configureRedis = true;
config.adminuser = "admin";
config.adminpassFile = config.age.secrets."hosts/cube/nextcloud/password".path;
config.adminpassFile = config.secrets.nextcloudPassword.path;
config.dbhost = "/run/postgresql";
config.dbtype = "pgsql";
@ -50,7 +80,7 @@ in serverSystemConfiguration {
settings = {
default_phone_region = "TR";
mail_smtphost = "::";
mail_smtphost = "::1";
mail_smtpmode = "sendmail";
mail_from_address = "cloud";
};
@ -76,16 +106,15 @@ in serverSystemConfiguration {
extraAppsEnable = true;
extraApps = {
inherit (config.services.nextcloud.package.packages.apps)
inherit (nextcloudPackage.packages.apps)
bookmarks calendar contacts deck
forms groupfolders impersonate
mail maps notes phonetrack
polls previewgenerator tasks;
forms groupfolders impersonate mail
maps notes polls previewgenerator tasks;
# Add: files_markdown files_texteditor memories news
};
nginx.recommendedHttpHeaders = true;
};
services.nginx.virtualHosts.${fqdn} = sslTemplate domain;
services.nginx.virtualHosts.${fqdn} = config.sslTemplate;
}

18
hosts/cube/nextcloud/password.age
View file

@ -1,5 +1,15 @@
age-encryption.org/v1
-> ssh-ed25519 +rZ0Tw 3QOn//uIWJTnBEVz3bn3s3yQlAeGDCynaJ4C+2Zi8iE
AsPa4woWILuLVS0bvkLBddda9mQqJ9CS1hkWwhNrLg8
--- 7XNX3eRRei1LrcRiQSLgHJ0OkYt145uDVq+gtN/A9tk
˜²KD r.'Q…î‰ø°ü<C2B0>¦”¡DöÕML3óIš•Çû½3ðì
-> ssh-ed25519 +rZ0Tw HGa+kmHedio/tQYp0ZuMCMjdEOtETkioVoRf0a5pkkY
OoAFxkLB8pSADTgUcCwdqInYwF83//28Cza8jblQzaU
-> ssh-rsa jPaU3Q
W1fQyikhppgQKqASdAuKX2tpDrNgdXhe5LD1KjPuocTUa3sS+DM9UYf8Ap/uNDlA
V481pDnrzO9c7lwP/HzUU4O2cm5APbT+Ho0kF1B+W4T3DiXt4/pvzxcufApoloY5
bM7l3eH4gsp6Buiqr0EowZ48KNi9wW4OXxqjVRSCbyyfygEAl80zT8QP1/cF7A4q
JwHVM6oyGLwLkfXrdLdxQw9T1Q/5wTCePBfzNzCE6XhmL48Hb1vKXnOwTpobVb1v
Dn0FuD7GvhkgV06sd34sN6YO90lJAgPKvE0up2gIHG2FEJK0Pt8Er+SFJ5gag+W6
fNZ/0P3lT/sB1WSWNn5w4nzmCU5VhxdJf+8hkdRwYqnGoE29YJXT/vW8PX4qFDGf
++0HDup6FHFp4VZf6NwVI/Ua68IfyX53Y7iAeLvMiSF/SK5b4KezR0oTRd88t6x+
qA/iv9wcV5z2qDXaVyitcREpC+bwvF7HdI+qmFIl9i5oMFv+pSoxuQRrTtAoBwup
--- TsR5Ga8FM1YlCiUXVghF3MoWq9jvAo4/2g8IvOrBMCg
„NÐyÌjÆ㦩ÝÞu2àÒƒp£™ÅB,0l<Mð¨Î<E280BA>Õ²¯{Ôðƒ

17
hosts/cube/nginx.nix
View file

@ -1,12 +1,17 @@
{ config, ulib, pkgs, ... }: with ulib;
{ lib, pkgs, ... }: with lib;
serverSystemConfiguration {
networking.firewall.allowedTCPPorts = [ 80 443 ];
networking.firewall.allowedUDPPorts = [ 443 ];
let
prometheusPort = 9030;
in systemConfiguration {
networking.firewall = {
allowedTCPPorts = [ 443 80 ];
allowedUDPPorts = [ 443 ];
};
services.prometheus = {
exporters.nginx = enabled {
port = 9030;
listenAddress = "[::1]";
port = prometheusPort;
};
scrapeConfigs = [{
@ -14,7 +19,7 @@ serverSystemConfiguration {
static_configs = [{
labels.job = "nginx";
targets = [ "[::]:${toString config.services.prometheus.exporters.nginx.port}" ];
targets = [ "[::1]:${toString prometheusPort}" ];
}];
}];
};

19
hosts/cube/password.rgb.age
View file

@ -1,5 +1,16 @@
age-encryption.org/v1
-> ssh-ed25519 +rZ0Tw 5+B9syGilyIjTRiIbR/tQqIRZ5ZUax8gOIZR62lYGhw
vTzxsGNvqnZKGkDHy2+gyIIPqLXZltVBzwEQ5HeuLO0
--- eRFepEnDGHeb96HOq0kZOvILnQlL/WCf8fnVJbFHP8w
iaõþëo'DÝÌ—êc[‰º\;m/¤ÖëKÝÉù€ªðsÒê0óñ rð½û)Vàöh}¬™Ïxhðâzq¡A}w¢ÚDª— Ù«V÷×P1jÛÓ%ÁµJ-
-> ssh-ed25519 +rZ0Tw AMjDOXqRZGRFrMUIlDdqbSkwXuDSwg+0I7WLgYOnqAU
awL2vueTU9BIRVBcvWQOtV3xoqC8BCrePg/D/FHtz28
-> ssh-rsa jPaU3Q
wIBOZFIsnXTf0fC3u2EOBdx4WSRefY3rcvG1pjwhUhpkSYc0E9U0EgZHFvfIk2kD
uJUxtob3X45oJtM+8IS5vPrOHJMg8HFUJ/8h8uLJ8Jv2MTZvLeIxg5eFZBtXXR3m
pR8gY0jCTzzrRjwVvF6RHYYFtdVtAKJ9ikI7Y/Q6UKI0Qk5jWBcAVBW0fkW4BM9i
qj0fzByXXnzORePvFItlh8JXI07L8lUgt5cPOtMnoAXZDQRvzTAbHiigHYZZKDgl
s0rw+CZ/lbUm9fvjPdGSOZ2v8Xo147Gf0bUgHMdBpDbFHglBiW2SeP7+JJNV0M3q
eLGgI/eMeBBoQVV/cTRkKZzeB2S7Gsh3ogSBFqmHa9nLEitzATcgW5xyVBN9YdnG
ZDi0GcPbe0VzpGaLIiF+qSNtUjIgKQKFuMoMKT6lcSUUhDw6OK5YeliK7P6JOS30
rlwsZcxGDEcvJp8lRFKal9Kkv6+0EOr4b3d2NLWe3Wdd5uCpVF3FusAdwgxW8VH+
--- jLhThmnzFUBiv2G29RihvdYKXuk6b7JLWyPC+quwX8w
ŻąeäČ*V71ůFňpáŚćŁvĹPE_uśš<C5A1>â¦GŞ<útë¨%ľĹŇôŕ@<40>/f^“ËxĎŚş<C59A>7*Ňř`YłčFNĆ0™Ŕ•N¬ÜR<08>¤“e<E2809C> N<C2A0>~xĄYĎőˇ(<28>˛úň
ˇaWŹ

6
hosts/cube/podman.nix
View file

@ -1,9 +1,9 @@
{ ulib, ... }: with ulib;
{ lib, ... }: with lib;
serverSystemConfiguration {
systemConfiguration {
virtualisation.podman = enabled {
dockerCompat = true;
dockerSocket = enabled {};
dockerSocket = enabled;
defaultNetwork.settings.dns_enabled = true;

17
hosts/cube/postgresql.nix
View file

@ -1,9 +1,12 @@
{ config, lib, ulib, pkgs, ... }: with ulib; merge
{ lib, pkgs, ... }: with lib; merge
(serverSystemConfiguration {
(let
prometheusPort = 9020;
in systemConfiguration {
services.prometheus = {
exporters.postgres = enabled {
port = 9020;
listenAddress = "[::1]";
port = prometheusPort;
runAsLocalSuperUser = true;
};
@ -12,7 +15,7 @@
static_configs = [{
labels.job = "postgres";
targets = [ "[::]:${toString config.services.prometheus.exporters.postgres.port}" ];
targets = [ "[::1]:${toString prometheusPort}" ];
}];
}];
};
@ -22,7 +25,7 @@
initdbArgs = [ "--locale=C" "--encoding=UTF8" ];
authentication = lib.mkOverride 10 ''
authentication = mkOverride 10 ''
# Type Database DBUser Authentication IdentMap
local sameuser all peer map=superuser_map
'';
@ -58,7 +61,7 @@
];
settings = {
listen_addresses = lib.mkForce "";
listen_addresses = mkForce "";
# https://pgconfigurator.cybertec.at/
max_connections = 100;
@ -118,6 +121,6 @@
};
})
(serverSystemPackages (with pkgs; [
(systemPackages (with pkgs; [
postgresql
]))

18
hosts/cube/prometheus.nix
View file

@ -1,11 +1,15 @@
{ config, ulib, ... }: with ulib;
{ lib, ... }: with lib;
serverSystemConfiguration {
let
port = 9000;
nodeExporterPort = 9010;
in systemConfiguration {
services.grafana.provision.datasources.settings = {
datasources = [{
name = "Prometheus";
type = "prometheus";
url = "http://[::]:${toString config.services.prometheus.port}";
url = "http://[::1]:${toString port}";
orgId = 1;
}];
@ -17,12 +21,14 @@ serverSystemConfiguration {
};
services.prometheus = enabled {
port = 9000;
inherit port;
retentionTime = "1w";
exporters.node = enabled {
enabledCollectors = [ "processes" "systemd" ];
port = 9010;
listenAddress = "[::1]";
port = nodeExporterPort;
};
scrapeConfigs = [{
@ -30,7 +36,7 @@ serverSystemConfiguration {
static_configs = [{
labels.job = "node";
targets = [ "[::]:${toString config.services.prometheus.exporters.node.port}" ];
targets = [ "[::1]:${toString nodeExporterPort}" ];
}];
}];
};

80
hosts/cube/site.nix
View file

@ -1,52 +1,54 @@
{ config, ulib, ... }: with ulib;
{ config, lib, ... }: with lib;
let
inherit (config.networking) domain;
path = "/var/www/site";
sitePath = "/var/www/site";
notFoundLocationConfig = {
extraConfig = "error_page 404 /404.html;";
locations."= /404.html".extraConfig = "internal;";
extraConfig = "error_page 404 /404.html;";
locations."/404".extraConfig = "internal;";
};
in serverSystemConfiguration {
services.nginx.appendHttpConfig = ''
map $http_origin $allow_origin {
~^https://.+\.rgbcu.be$ $http_origin;
}
map $http_origin $allow_methods {
~^https://.+\.rgbcu.be$ "GET, HEAD, OPTIONS";
}
'';
services.nginx.virtualHosts.${domain} = ulib.recursiveUpdateAll [ (sslTemplate domain) notFoundLocationConfig {
root = "${path}";
locations."/".tryFiles = "$uri $uri.html $uri/index.html =404";
locations."/assets/".extraConfig = ''
add_header Access-Control-Allow-Origin $allow_origin;
add_header Access-Control-Allow-Methods $allow_methods;
if ($request_method = OPTIONS) {
add_header Content-Type text/plain;
add_header Content-Length 0;
return 204;
in systemConfiguration {
services.nginx = enabled {
appendHttpConfig = ''
map $http_origin $allow_origin {
~^https://.+\.rgbcu.be$ $http_origin;
}
expires 24h;
map $http_origin $allow_methods {
~^https://.+\.rgbcu.be$ "GET, HEAD, OPTIONS";
}
'';
}];
services.nginx.virtualHosts."www.${domain}" = (sslTemplate domain) // {
locations."/".extraConfig = "return 301 https://${domain}$request_uri;";
virtualHosts.${domain} = merge config.sslTemplate notFoundLocationConfig {
root = sitePath;
locations."/".tryFiles = "$uri $uri.html $uri/index.html =404";
locations."/assets/".extraConfig = ''
add_header Access-Control-Allow-Origin $allow_origin;
add_header Access-Control-Allow-Methods $allow_methods;
if ($request_method = OPTIONS) {
add_header Content-Type text/plain;
add_header Content-Length 0;
return 204;
}
expires 24h;
'';
};
virtualHosts."www.${domain}" = merge config.sslTemplate {
locations."/".extraConfig = "return 301 https://${domain}$request_uri;";
};
virtualHosts._ = merge config.sslTemplate notFoundLocationConfig {
root = sitePath;
locations."/".extraConfig = "return 404;";
locations."/assets/".extraConfig = "return 301 https://${domain}$request_uri;";
};
};
services.nginx.virtualHosts._ = ulib.recursiveUpdateAll [ (sslTemplate domain) notFoundLocationConfig {
root = "${path}";
locations."/".extraConfig = "return 404;";
locations."/assets/".extraConfig = "return 301 https://${domain}$request_uri;";
}];
}

41
hosts/disk/default.nix Normal file
View file

@ -0,0 +1,41 @@
{ config, lib, keys, ... }: with lib; merge
(systemConfiguration {
system.stateVersion = "23.11";
nixpkgs.hostPlatform = "x86_64-linux";
networking.domain = "rgbcu.be";
secrets.floppyPassword.file = ./password.floppy.age;
users.users = {
root.hashedPasswordFile = config.secrets.floppyPassword.path;
floppy = sudoUser {
description = "Floppy";
openssh.authorizedKeys.keys = [ keys.enka ];
hashedPasswordFile = config.secrets.floppyPassword.path;
};
};
networking = {
defaultGateway = "23.164.232.1";
defaultGateway6 = "2602:f9f7::1";
interfaces.ens32 = {
ipv4.addresses = [{
address = "23.164.232.40";
prefixLength = 25;
}];
ipv6.addresses = [{
address = "2602:f9f7::40";
prefixLength = 64;
}];
};
};
})
(homeConfiguration {
home.stateVersion = "23.11";
})

27
hosts/disk/hardware.nix Normal file
View file

@ -0,0 +1,27 @@
{ config, lib, ... }: with lib;
systemConfiguration {
boot.loader = {
systemd-boot = enabled {
editor = false;
};
efi.canTouchEfiVariables = true;
};
boot.initrd.availableKernelModules = [ "ahci" "ata_piix" "nvme" "sr_mod" ];
fileSystems."/" = {
device = "/dev/disk/by-label/root";
fsType = "ext4";
};
fileSystems.${config.boot.loader.efi.efiSysMountPoint} = {
device = "/dev/disk/by-label/boot";
fsType = "vfat";
};
swapDevices = [{
device = "/dev/disk/by-label/swap";
}];
}

BIN
hosts/disk/password.floppy.age Normal file
View file

Binary file not shown.

9
hosts/disk/site6.nix Normal file
View file

@ -0,0 +1,9 @@
{ self, lib, ... }: with lib;
systemConfiguration {
imports = [
(self + /hosts/cube/acme.nix)
(self + /hosts/cube/nginx.nix)
(self + /hosts/cube/site.nix)
];
}

33
hosts/enka/default.nix
View file

@ -1,4 +1,4 @@
{ config, ulib, ... }: with ulib; merge
{ config, lib, ... }: with lib; merge
(systemConfiguration {
system.stateVersion = "23.05";
@ -6,26 +6,23 @@
time.timeZone = "Europe/Istanbul";
age.secrets."hosts/enka/password.said".file = ./password.said.age;
age.secrets."hosts/enka/password.orhan".file = ./password.orhan.age;
users.users.root.hashedPasswordFile = config.age.secrets."hosts/enka/password.said".path;
users.users.said = graphicalUser {
description = "Said";
extraGroups = [ "wheel" ];
hashedPasswordFile = config.age.secrets."hosts/enka/password.said".path;
uid = 1000;
secrets = {
orhanPassword.file = ./password.orhan.age;
saidPassword.file = ./password.said.age;
};
users.users.orhan = graphicalUser {
description = "Orhan";
hashedPasswordFile = config.age.secrets."hosts/enka/password.orhan".path;
uid = 1001;
};
users.users = {
root.hashedPasswordFile = config.secrets.saidPassword.path;
networking.firewall = enabled {
allowedTCPPorts = [ 8080 ];
orhan = desktopUser {
description = "Orhan";
hashedPasswordFile = config.secrets.orhanPassword.path;
};
said = sudoUser (desktopUser {
description = "Said";
hashedPasswordFile = config.secrets.saidPassword.path;
});
};
})

19
hosts/enka/hardware.nix
View file

@ -1,10 +1,13 @@
{ ulib, ... }: with ulib;
{ config, lib, ... }: with lib;
desktopSystemConfiguration {
systemConfiguration {
boot.loader = {
systemd-boot = enabled {
editor = false;
consoleMode = "max";
};
efi.canTouchEfiVariables = true;
systemd-boot.enable = true;
systemd-boot.editor = false;
};
boot.initrd.availableKernelModules = [
@ -20,14 +23,14 @@ desktopSystemConfiguration {
fsType = "btrfs";
};
fileSystems."/boot" = {
fileSystems.${config.boot.loader.efi.efiSysMountPoint} = {
device = "/dev/disk/by-label/boot";
fsType = "vfat";
};
swapDevices = [
{ device = "/dev/disk/by-label/swap"; }
];
swapDevices = [{
device = "/dev/disk/by-label/swap";
}];
hardware.enableAllFirmware = true;
hardware.cpu.intel.updateMicrocode = true;

20
hosts/enka/password.orhan.age
View file

@ -1,13 +1,13 @@
age-encryption.org/v1
-> ssh-rsa jPaU3Q
M19jE1+l5CGuAbWy3AAhJcVtW9E1b8al9rgjSJ26ESewP5fipabiW8/KEA6QowU4
NbFFu9Za0Sqo2ly5AS7kubYROCYQE238cZgMfVG15nFmIP1s3MY8hNZFaeJdjYJW
W8SLTddBA5xWBzfNH2ZtW7KBICMgl5+mKAj35pB6qxcZjj274llFy8d8Xs0UsyDW
4exLZdzbgCXC5JXVgZpOR0Ou0AdJPtHIxYmkaS+gjkr45fSo3XGSepxRw+SOlkV/
0kQgyw5KPPNZZ9wXo89P4zponyWNqQCKPaxXbGJl44mKBXLxFSvCPjjuAZ7cZ+xn
vd2ZcwztgLV84JT5pSJbUwjo6a5GrzOJ3/frxYgG4MK5foM8iyZ6cHFpNVeyOx/b
IhfCdFc71+c+hfLpa1OETlKYEVYHDQ/nuAELAy81bfEa8OL1yh8q75gJZukgwWX8
QEJLzwsN/496uBbFwwjj05R4feu35Iql1XLqOrTaixUA6uSdWjsnJscENFpchfzI
Ra86YZeGq1g0NlPLVj/mdqFDp/SZQHL/CDJ3SaFTYtmfUqSER/hXOz7X5wqOZ+Yf
SC0DUxrAaPobkuK9QMayBNmwB8Rq/cGXOb/vKmT5PnLpqNVu0ggIoaO+ZTEiUG8g
ATdjUU+xPQpOCkk7wsdW4AzW1G4bOAS7AXFipfU+BhVtLzGziDJ6Uuglvt0ussku
FHdIaD3AJcQQ1/kMdYtiLPQUaGdBnuUqOLzcoAgsp+4SDMHXKfuvyO7EsOaGVCc1
RmCwWZ7UqQdwsn2pXUoAXOlhr3QdjiDTcBd6nVbxWCxy/GBpHgD4ffyMrF+Xv48n
fyX9dMhb4AAz6kAN+/7g/WNHuv0kRCjggHCcd9BhRvrZKGBs7h1B6OvUcREDxVr8
45QpKo2bpQqPBUJPlZXuHRWiQrInGJJHdA2JU1VBGJMnIumVrUCGeJSnBP3Ui46z
GXIqHhgUYvBLXH0eLaHH17fx7ytWez88dDL8wwaHzL8AEtN+/XPFU7kNEU97QZJo
--- 06pUnwHPhIIgovnUcakwOCjfK5Et4twJF8NChBf3G9o
àçg0FÓ»Äͱõ*¯ŠŽUö;¢ÄÇÍGK½sÏqH-ÞŒ-Mí« v%Ç ¾o÷ºjdOx¸çCkìëÞÕÌçJrºªeÑn±:ÿKãBÓMœ7
--- RNDo4JKbsihikrIB+cxCXuDCbvd2BqdIEKfLsBplLsI
<EFBFBD>~59\<5C>[{ZV7J2<<3C><><EFBFBD><EFBFBD><EFBFBD>•<EFBFBD><C295><EFBFBD>!U<>ID<49><44><EFBFBD><EFBFBD><EFBFBD><H!<21>s<EFBFBD>L<><4C><EFBFBD><02>R<EFBFBD>[()<29>V<EFBFBD>ja<6A>s<EFBFBD><73><EFBFBD><EFBFBD>><3E>><3E>GGT<47>*<2A><>JAI1:zx <0A><>ͺ?<3F><>t<EFBFBD>

20
hosts/enka/password.said.age
View file

@ -1,13 +1,13 @@
age-encryption.org/v1
-> ssh-rsa jPaU3Q
fNM8bL9QB/wvgB+MZOfWXDrPMCc/2bs3B5t1xgXe/Z6I0HXcnL/G1ipebvth/+Mr
Wv6bMPgPPwrxvWaoC84PHTclp8kqsipTYO4r40cB5F7Yyq+oBOHlm3Kd1SGSPQQn
FPCA0BxFhYQuHtQuqEdoMRZ5YxgoxWoso1gAAMzcnhac9HVK595F4HITpYzs453Q
UTW+c1UigqvI70YNKo2jNSqAwJh2rA4EP/ivz5Y0fOv/WD8TpygbFdbFhvLZ4rBS
NveQrMJcha/KArzu5cxYuQq+vF7ckGmPygGSMGkXCbb66ET8Mj/daBhfPfZ+nC+v
eaBOlAJ4y+jUwajn3PlWelOjUTNoDHdp8I/xHtJs1avmlWhv8pdA/vR/61C0mApd
39uzl2XsnvKQkqlE2CD618h1xsmXk9RDxzUzDuejO0Kv1Of7+SsR1Swk7IKaJQpB
SzAfBCtnJxRsTIDVcBvqtb1cJiBgJt5/FFN8IGa9C0Hf3lFvB8qqR2BlwijhfGi/
u3Kl4BwfKKxIk1ASkkOeEBOFbusd/hYapO/Ab78sc0ufOIJvso7rXgK8pjIoKhlD
FLJ6kD8m+z79MDJU5o0UdqAEvzT/O5vUAxVI1XWGdDliSAzEQkaLDtz/Hhg8wlel
9l/oCaV5cEB/3JXPI++4Ck+TaZ61+DGcfkQFXBGFITQyQOcErfGP54KyYeMPPKH6
XB57IahfwK1G9DaIhGxHni328H1d4xmoWobEOS+RalIW9Yc+oJBTw5LEJZpgt8+t
HUQ5x1kKRqqIgZYSuyTV33LI4JxiXpJgPSQIUyUFHCN+0tkshaOa6VjZvIxX+LKi
ZUgAsWTkA/nfpQqX9zOpyhTN1cVR8xUptZWIFlSeu2W9O6xjirOSo6+3574ANrD4
pvUQe+VEV+U7ePnx81YS9BhESQ8lmqUlaX1d8uGHSWas5DjE8Kcaa6K9k9ab7u9q
mh+g2b/P2w2lVRgrcUyqn2S/coEzaHgskx8fyV23w4BbMefoHWdmsNwGhIew8Uhr
--- JmxH14QpQiLryhESgYyK4H7fpol168CbjecUwfnRFRM
bd!<&Š¦<C5A0>-1e³ƒs”ă¼{OqóG¡~Çû.c¸Šm‰u!Õ$(!/Ää¾aš§§æ´svz¡áw6ãCü¾êE2¢÷>ñ.xBÞb=€ËÿºÔ<C2BA>gjÎ<xàáýN
--- C4f6KVF7Y1hMY+aD+qNTbMeGj9CJ2K5nMkJAzib7QHE
iäH)‰9 f*âêµgbd\À)/A2Vc·îø´¼¬Tÿ'Õü/»Ò£½Æ¿¾Èh<C388>ºåÜ©<19>{¤hÈ££ulêµ]…f9àú 1^ø‹.¾‘C·aYS

17
hosts/password.acme.age Normal file
View file

@ -0,0 +1,17 @@
age-encryption.org/v1
-> ssh-ed25519 +rZ0Tw jXnHlBEI/Soqpgq1ivfJHfyG1Vu6587MRmsiiY/s3Gc
PzOumPaUFNwlkD0e0c9ES7Ix1RGsdnqRKgHPBKpIGuc
-> ssh-ed25519 spFFQA wGPxs3a6og3Hjx5a/EHY8cRoFCGHDu9Ce3BH87FwiEc
X3FdpYD1OftG9xaFzQ3mlvZkQPn4AQmCqfB/6KnCVvE
-> ssh-rsa jPaU3Q
WfcscVagmu1lL48CmP+QLrswXBJVGqMvBpOGbIDDbMXXXGQhuDhKX3f/j35ThUeq
snuV+Nz7Fs4y0RRYlZ5ieWbCV3Xa/TaEA1TfoQD4GMZreX7Fn+w4AhfiPFrc9sUV
ZGpfIxBx2HSkV36c0iLS4Vp14wTYJzrY3gJuldMbHLY9tLD0AVF2EJ456WI4KE0v
XpyvdH37BXwpUrWMk7dGvLS0CnQjGBceRcaWaTU93izFO2GiwE0Vk2nRO9EOxaw/
M08VC7LvAm9Uj4iAJonfnCIf4KdrDlwbBkjDA0FPl2Wg3dOo1/qgGYuMi8wzcuYF
OLbh5kQAcOZ/3QsWnhEd8Vf1BVaQyE/hhelj1R0ZJDB3CeVLdzTlg/MFKUOC9SPw
5znm8ELiQziBariOgGmvAwCYt3O4Wpp7UqWjlnyPBWp94Q6teaj7PuIQ0OCuixPZ
QQikdfG0u0FgXK0fQAmO7/UChbKcrq+xEb84NUd0WiH0t+GTuMq0CpRSg9B1fE0r
--- iJOaeMlcZ5LkNlwPuRdcpyzARZpDxQB0Mn73JKZLCyM
ÜKŠ`Úº€ìÕ^HZL¹úèûù|îfTºß†öÀ‰Ö¢E_ô%Êó?œšk¡'ÆùÐî<C390>ZT&YÎ^¥áPA•¿~Ú÷ŸÜ Æ<>·*tÓ•ÝW˜/Pïh©¯h‡MðšÔØþEAÑHs­¨Î^ÖOÉÆ!žèõŒ±HÜJƒ~¸'g¿9ÑHTIŒO"I§GÆ;][¡¨²ç…_T}SÆ5eîG<C3AE>×®ìg•=]Ëb K HQ°QáóXS ¢Î•(ZXÂ϶Ž%}O Ø:

3
keys.nix
View file

@ -1,4 +1,5 @@
{
enka = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDRSLWxpIMOZIQv9ggDnAwSxmux/TZvuEPgq2HFiH+oI2OE07xYQAiroBVI5HH+aIg1nwpYtArANoD8V9Hrx2XCo2py/fMi9LhJWNMlFVcRLqYrCmrZYhBqZhxXIdY+wXqkSE7kvTKsz84BrhwilfA/bqTgVw2Ro6w0RnTzUhlYx4w10DT3isN09cQJMgvuyWNRlpGpkEGhPwyXythKM2ERoHTfq/XtpiGZQeLr6yoTTd9q4rbvnGGka5IUEz3RrmeXEs13l02IY6dCUFJkRRsK8dvB9zFjQyM08IqdaoHeudZoCOsnl/AiegZ7C5FoYEKIXY86RqxS3TH3nwuxe2fXTNr9gwf2PumM1Yh2WxV4+pHQOksxW8rWgv1nXMT5AG0RrJxr+S0Nn7NBbzCImrprX3mg4vJqT24xcUjUSDYllEMa2ioXGCeff8cwVKK/Ly5fwj0AX1scjiw+b7jD6VvDLA5z+ALwCblxiRMCN0SOMk9/V2Xsg9YIRMHyQwpqu8k= said@enka";
cube = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINMkCJeHcD0SIOZ4HkyF6rqUmbvlKhSha3HWMZ0hbIjp rgb@cube";
disk = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIItpYQ3Pz6zFifKXvFX7xAC8aby9RW/m5PkW8T9SOee4 floppy@disk";
enka = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDRSLWxpIMOZIQv9ggDnAwSxmux/TZvuEPgq2HFiH+oI2OE07xYQAiroBVI5HH+aIg1nwpYtArANoD8V9Hrx2XCo2py/fMi9LhJWNMlFVcRLqYrCmrZYhBqZhxXIdY+wXqkSE7kvTKsz84BrhwilfA/bqTgVw2Ro6w0RnTzUhlYx4w10DT3isN09cQJMgvuyWNRlpGpkEGhPwyXythKM2ERoHTfq/XtpiGZQeLr6yoTTd9q4rbvnGGka5IUEz3RrmeXEs13l02IY6dCUFJkRRsK8dvB9zFjQyM08IqdaoHeudZoCOsnl/AiegZ7C5FoYEKIXY86RqxS3TH3nwuxe2fXTNr9gwf2PumM1Yh2WxV4+pHQOksxW8rWgv1nXMT5AG0RrJxr+S0Nn7NBbzCImrprX3mg4vJqT24xcUjUSDYllEMa2ioXGCeff8cwVKK/Ly5fwj0AX1scjiw+b7jD6VvDLA5z+ALwCblxiRMCN0SOMk9/V2Xsg9YIRMHyQwpqu8k= said@enka";
}

37
lib/configuration.nix
View file

@ -1,37 +0,0 @@
users: let
userHomeConfiguration = users: configuration: {
home-manager.users = builtins.foldl' (final: user: final // {
${user} = configuration;
}) {} (if builtins.isList users then users else [ users ]);
};
in rec {
inherit users;
isServer = users.graphical == [];
isDesktop = !isServer;
# For every machine.
systemConfiguration = configuration: configuration;
systemPackages = packages: systemConfiguration { environment.systemPackages = packages; };
systemFonts = packages: systemConfiguration { fonts.packages = packages; };
# For every user, on every machine.
homeConfiguration = configuration: { home-manager.sharedModules = [ configuration ]; };
homePackages = packages: homeConfiguration { home.packages = packages; };
# For every desktop.
desktopSystemConfiguration = configuration: if isServer then {} else configuration;
desktopSystemPackages = packages: if isServer then {} else systemPackages packages;
desktopSystemFonts = packages: if isServer then {} else systemFonts packages;
# For every graphical user on every desktop.
desktopHomeConfiguration = configuration: if isServer then {} else userHomeConfiguration users.graphical configuration;
desktopHomePackages = packages: if isServer then {} else desktopHomeConfiguration { home.packages = packages; };
# For every server.
serverSystemConfiguration = configuration: if isServer then configuration else {};
serverSystemPackages = packages: if isServer then systemPackages packages else {};
serverSystemFonts = packages: if isServer then systemFonts packages else {};
# For every user on every server.
serverHomeConfiguration = configuration: if isServer then homeConfiguration configuration else {};
serverHomePackages = packages: if isServer then homePackages packages else {};
}

6
lib/configuration1.nix Normal file
View file

@ -0,0 +1,6 @@
lib: {
systemConfiguration = cfg: cfg;
systemPackages = pkgs: { environment.systemPackages = pkgs; };
systemFonts = pkgs: { fonts.packages = pkgs; };
homeConfiguration = cfg: { home-manager.sharedModules = [ cfg ]; };
}

32
lib/configuration2.nix Normal file
View file

@ -0,0 +1,32 @@
lib: config: let
userHomeConfiguration = users: cfg: {
home-manager.users = lib.genAttrs users (_: cfg);
};
allNormalUsers = [ "root" ] ++ lib.pipe config.users.users [
(lib.filterAttrs (_: lib.getAttr "isNormalUser"))
lib.attrNames
];
desktopUsers = lib.pipe config.users.users [
(lib.filterAttrs (_: lib.getAttr "isDesktopUser"))
lib.attrNames
];
in rec {
inherit allNormalUsers desktopUsers;
isDesktop = desktopUsers != [];
isServer = desktopUsers == [];
desktopSystemConfiguration = cfg: lib.optionalAttrs isDesktop cfg;
desktopSystemPackages = pkgs: desktopSystemConfiguration (lib.systemPackages pkgs);
desktopSystemFonts = pkgs: desktopSystemConfiguration (lib.systemFonts pkgs);
desktopUserHomeConfiguration = cfg: userHomeConfiguration desktopUsers cfg;
desktopUserHomePackages = pkgs: desktopUserHomeConfiguration { home.packages = pkgs; };
desktopHomeConfiguration = cfg: desktopSystemConfiguration (lib.homeConfiguration cfg);
desktopHomePackages = pkgs: desktopHomeConfiguration { home.packages = pkgs; };
serverSystemConfiguration = cfg: lib.optionalAttrs isServer cfg;
serverSystemPackages = pkgs: serverSystemConfiguration (lib.systemPackages pkgs);
serverHomeConfiguration = cfg: serverSystemConfiguration (lib.homeConfiguration cfg);
}

6
lib/default.nix
View file

@ -1,6 +0,0 @@
lib: users: let
configuration = import ./configuration.nix users;
merge = import ./merge.nix lib;
ssl = import ./ssl.nix;
values = import ./values.nix;
in configuration // merge // ssl // values

11
lib/enabled.nix Normal file
View file

@ -0,0 +1,11 @@
lib: {
enabled = lib.mkMerge [{
enable = true;
}] // {
__functor = self: attributes: self // {
contents = self.contents ++ [ attributes ];
};
};
disabled = { enable = false; };
}

18
lib/merge.nix
View file

@ -1,13 +1,7 @@
lib: let
mergeAll = builtins.foldl' (collected: module: {
imports = collected.imports ++ [ module ];
}) { imports = []; };
in {
merge = a: b: mergeAll [ a b ];
merge3 = a: b: c: mergeAll [ a b c ];
merge4 = a: b: c: d: mergeAll [ a b c d ];
merge5 = a: b: c: d: e: mergeAll [ a b c d e ];
merge6 = a: b: c: d: e: f: mergeAll [ a b c d e f ];
recursiveUpdateAll = builtins.foldl' lib.recursiveUpdate {};
lib: {
merge = lib.mkMerge [] // {
__functor = self: next: self // {
contents = self.contents ++ [ next ];
};
};
}

10
lib/modules.nix Normal file
View file

@ -0,0 +1,10 @@
lib: {
mkConst = value: lib.mkOption {
default = value;
readOnly = true;
};
mkValue = value: lib.mkOption {
default = value;
};
}

7
lib/ssl.nix
View file

@ -1,7 +0,0 @@
{
sslTemplate = domain: {
forceSSL = true;
quic = true;
useACMEHost = domain;
};
}

21
lib/values.nix
View file

@ -1,18 +1,19 @@
{
enabled = attributes: attributes // {
enable = true;
};
lib: {
normalUser = attributes: attributes // {
isNormalUser = true;
};
sudoUser = attributes: attributes // {
isNormalUser = true;
extraGroups = [ "wheel" ] ++ attributes.extraGroups or [];
};
desktopUser = attributes: attributes // {
isNormalUser = true;
isDesktopUser = true; # Defined in options/desktop.nix.
};
systemUser = attributes: attributes // {
isSystemUser = true;
};
graphicalUser = attributes: attributes // {
isNormalUser = true;
extraGroups = [ "graphical" ] ++ attributes.extraGroups or [];
};
}

4
modules/autofreq.nix
View file

@ -1,5 +1,5 @@
{ ulib, ... }: with ulib;
{ lib, ... }: with lib;
desktopSystemConfiguration {
services.auto-cpufreq = enabled {};
services.auto-cpufreq = enabled;
}

20
modules/bat.nix
View file

@ -1,17 +1,19 @@
{ ulib, pkgs, theme, ... }: with ulib;
{ config, lib, pkgs, ... }: with lib; merge
homeConfiguration {
programs.nushell.environmentVariables = {
MANPAGER = ''"bat --plain --language man"'';
PAGER = ''"bat --plain"'';
(systemConfiguration {
environment.variables = {
MANPAGER = "bat --plain --language man";
PAGER = "bat --plain";
};
programs.nushell.shellAliases.cat = "bat";
environment.shellAliases.cat = "bat";
})
(homeConfiguration {
programs.bat = enabled {
config.theme = "base16";
themes.base16.src = pkgs.writeText "base16.tmTheme" theme.tmTheme;
config.theme = "base16";
themes.base16.src = pkgs.writeText "base16.tmTheme" config.theme.tmTheme;
config.pager = "less -FR";
};
}
})

4
modules/blueman.nix
View file

@ -1,7 +1,7 @@
{ ulib, ... }: with ulib;
{ lib, ... }: with lib;
desktopSystemConfiguration {
services.blueman = enabled {};
services.blueman = enabled;
hardware.bluetooth = enabled {
powerOnBoot = true;

6
modules/btop.nix
View file

@ -1,11 +1,11 @@
{ ulib, theme, ... }: with ulib;
{ config, lib, ... }: with lib;
homeConfiguration {
xdg.configFile."btop/themes/base16.theme".text = theme.btopTheme;
xdg.configFile."btop/themes/base16.theme".text = config.theme.btopTheme;
programs.btop = enabled {
settings.color_theme = "base16";
settings.rounded_corners = theme.cornerRadius != 0;
settings.rounded_corners = config.theme.cornerRadius > 0;
};
}

10
modules/discord.nix
View file

@ -1,15 +1,15 @@
{ ulib, pkgs, theme, ... }: with ulib; merge3
{ config, lib, pkgs, ... }: with lib; merge
(desktopSystemConfiguration {
nixpkgs.config.allowUnfree = true;
})
(desktopHomeConfiguration {
xdg.configFile."Vencord/settings/quickCss.css".text = theme.discordCss;
(desktopUserHomeConfiguration {
xdg.configFile."Vencord/settings/quickCss.css".text = config.theme.discordCss;
})
(desktopHomePackages (with pkgs; [
(discord-canary.override {
(desktopUserHomePackages (with pkgs; [
(discord.override {
withOpenASAR = true;
withVencord = true;
})

6
modules/documentation.nix
View file

@ -1,9 +1,9 @@
{ ulib, ... }: with ulib;
{ lib, ... }: with lib;
systemConfiguration {
documentation = {
doc.enable = false;
info.enable = false;
doc = disabled;
info = disabled;
man = enabled {
generateCaches = true;

6
modules/dunst.nix
View file

@ -1,7 +1,7 @@
{ ulib, theme, ... }: with ulib;
{ config, lib, ... }: with lib;
desktopHomeConfiguration {
services.dunst = with theme.withHashtag; enabled {
desktopUserHomeConfiguration {
services.dunst = with config.theme.withHashtag; enabled {
iconTheme = icons;
settings.global = {

18
modules/endlessh-go.nix
View file

@ -1,13 +1,16 @@
{ config, ulib, pkgs, ... }: with ulib;
{ lib, pkgs, ... }: with lib;
serverSystemConfiguration {
let
fakeSSHPort = 22;
prometheusPort = 9050;
in serverSystemConfiguration {
services.prometheus.scrapeConfigs = [{
job_name = "endlessh-go";
static_configs = [{
labels.job = "endlessh-go";
targets = [
"[::]:${toString config.services.endlessh-go.prometheus.port}"
"[::1]:${toString prometheusPort}"
];
}];
}];
@ -17,10 +20,11 @@ serverSystemConfiguration {
# services.endlessh-go.openFirewall exposes both the Prometheus
# exporters port and the SSH port, and we don't want the metrics
# to leak, so we manually expose this like so.
networking.firewall.allowedTCPPorts = [ config.services.endlessh-go.port ];
networking.firewall.allowedTCPPorts = [ fakeSSHPort ];
services.endlessh-go = enabled {
port = 22;
listenAddress = "[::]";
port = fakeSSHPort;
extraOptions = [
"-alsologtostderr"
@ -29,8 +33,8 @@ serverSystemConfiguration {
];
prometheus = enabled {
listenAddress = "[::]";
port = 9050;
listenAddress = "[::1]";
port = prometheusPort;
};
};
}

10
modules/fail2ban.nix
View file

@ -1,10 +0,0 @@
{ ulib, ... }: with ulib;
serverSystemConfiguration {
services.fail2ban = enabled {
bantime = "24h";
bantime-increment = enabled {
maxtime = "7d";
};
};
}

6
modules/firefox.nix
View file

@ -1,8 +1,8 @@
{ ulib, theme, ... }: with ulib;
{ config, lib, ... }: with lib;
desktopHomeConfiguration {
desktopUserHomeConfiguration {
programs.firefox = enabled {
profiles.default.settings = with theme.font; {
profiles.default.settings = with config.theme.font; {
"general.autoScroll" = true;
"privacy.donottrackheader.enabled" = true;

24
modules/fonts.nix
View file

@ -1,6 +1,6 @@
{ ulib, pkgs, theme, ... }: with ulib; merge
{ config, lib, pkgs, ... }: with lib; merge
(systemConfiguration {
(desktopSystemConfiguration {
console = {
earlySetup = true;
font = "Lat2-Terminus16";
@ -8,12 +8,16 @@
};
})
(desktopSystemFonts (with pkgs; [
theme.font.sans.package
theme.font.mono.package
(desktopSystemFonts [
config.theme.font.sans.package
config.theme.font.mono.package
noto-fonts
noto-fonts-cjk-sans
noto-fonts-lgc-plus
noto-fonts-emoji
]))
pkgs.noto-fonts
pkgs.noto-fonts-cjk-sans
pkgs.noto-fonts-lgc-plus
pkgs.noto-fonts-emoji
])
(serverSystemConfiguration {
fonts.fontconfig = disabled;
})

20
modules/fuzzel.nix
View file

@ -1,7 +1,7 @@
{ ulib, theme, ... }: with ulib;
{ config, lib, ... }: with lib;
desktopHomeConfiguration {
programs.fuzzel = with theme; enabled {
desktopUserHomeConfiguration {
programs.fuzzel = with config.theme; enabled {
settings.main = {
dpi-aware = false;
font = "${font.sans.name}:size=${toString font.size.big}";
@ -19,13 +19,13 @@ desktopHomeConfiguration {
inner-pad = padding;
};
settings.colors = {
background = base00 + "FF";
text = base05 + "FF";
match = base0A + "FF";
selection = base05 + "FF";
selection-text = base00 + "FF";
border = base0A + "FF";
settings.colors = mapAttrs (_: color: color + "FF") {
background = base00;
text = base05;
match = base0A;
selection = base05;
selection-text = base00;
border = base0A;
};
settings.border = {

23
modules/ghostty.nix
View file

@ -1,18 +1,14 @@
{ inputs, lib, ulib, pkgs, upkgs, theme, ... }: with ulib; merge
{ config, lib, pkgs, ... }: with lib;
(desktopSystemConfiguration {
home-manager.sharedModules = [ inputs.ghosttyModule.homeModules.default ];
})
(desktopHomeConfiguration {
desktopUserHomeConfiguration {
programs.nushell.environmentVariables.TERMINAL = "ghostty";
programs.ghostty = enabled {
package = upkgs.ghostty;
package = pkgs.ghostty;
clearDefaultKeybindings = true;
keybindings = (lib.mapAttrs' (name: lib.nameValuePair "ctrl+shift+${name}") {
keybindings = (mapAttrs' (name: nameValuePair "ctrl+shift+${name}") {
c = "copy_to_clipboard";
v = "paste_from_clipboard";
@ -50,14 +46,15 @@
"physical:eight" = "goto_tab:8";
"physical:nine" = "goto_tab:9";
"physical:zero" = "goto_tab:10";
}) // (lib.mapAttrs' (name: lib.nameValuePair "ctrl+${name}") {
"physical:tab" = "next_tab";
}) // (mapAttrs' (name: nameValuePair "ctrl+${name}") {
"physical:tab" = "next_tab";
"shift+physical:tab" = "previous_tab";
});
shellIntegration.enable = false;
# Disabled here as Nushell isn't supported and Nushell enables it in its own config.
shellIntegration = disabled;
settings = with theme; {
settings = with config.theme; {
font-size = font.size.normal;
font-family = font.mono.name;
@ -73,4 +70,4 @@
];
};
};
})
}

22
modules/git.nix
View file

@ -1,7 +1,7 @@
{ lib, ulib, pkgs, ... }: with ulib; merge3
{ lib, pkgs, ... }: with lib; merge
(homeConfiguration {
programs.nushell.shellAliases = {
(systemConfiguration {
environment.shellAliases = {
g = "git";
ga = "git add";
@ -62,8 +62,10 @@
gst = "git status";
};
})
programs.nushell.configFile.text = lib.mkAfter ''
(homeConfiguration {
programs.nushell.configFile.text = mkAfter ''
# Sets the remote origin to the specified user and repository on my git instance
def gsr [user_and_repo: string] {
let user_and_repo = if ($user_and_repo | str index-of "/") != -1 {
@ -82,13 +84,13 @@
userName = "RGBCube";
userEmail = "git@rgbcu.be";
lfs = enabled {};
lfs = enabled;
difftastic = enabled {
background = "dark";
};
extraConfig = lib.recursiveUpdate {
extraConfig = merge {
init.defaultBranch = "master";
commit.verbose = true;
@ -122,7 +124,7 @@
core.sshCommand = "ssh -i ~/.ssh/id";
url."ssh://git@github.com/".insteadOf = "https://github.com/";
url."ssh://forgejo@rgbcu.be:2222/".insteadOf = "https://git.rgbcu.be/";
} (lib.optionalAttrs ulib.isDesktop {
} (mkIf isDesktop {
commit.gpgSign = true;
tag.gpgSign = true;
gpg.format = "ssh";
@ -131,13 +133,15 @@
};
})
(desktopHomeConfiguration {
programs.nushell.shellAliases = {
(desktopSystemConfiguration {
environment.shellAliases = {
"??" = "gh copilot suggest --target shell";
"gh?" = "gh copilot suggest --target gh";
"git?" = "gh copilot suggest --target git";
};
})
(desktopHomeConfiguration {
programs.gh = enabled {
settings.git_protocol = "ssh";
};

15
modules/gtk.nix
View file

@ -1,21 +1,21 @@
{ ulib, pkgs, theme, ... }: with ulib; merge
{ config, lib, pkgs, ... }: with lib; merge
(desktopSystemConfiguration {
programs.dconf = enabled {};
programs.dconf = enabled;
})
(desktopHomeConfiguration {
(desktopUserHomeConfiguration {
gtk = enabled {
gtk3.extraCss = theme.adwaitaGtkCss;
gtk4.extraCss = theme.adwaitaGtkCss;
gtk3.extraCss = config.theme.adwaitaGtkCss;
gtk4.extraCss = config.theme.adwaitaGtkCss;
font = with theme.font; {
font = with config.theme.font; {
inherit (sans) name package;
size = size.normal;
};
iconTheme = theme.icons;
iconTheme = config.theme.icons;
theme = {
name = "Adwaita-dark";
@ -24,3 +24,4 @@
};
})

49
modules/helix.nix
View file

@ -1,24 +1,26 @@
{ ulib, lib, pkgs, upkgs, theme, ... }: with ulib; merge
{ config, lib, pkgs, ... }: with lib; merge
(systemConfiguration {
environment = {
variables.EDITOR = "hx";
shellAliases.x = "hx";
};
})
(homeConfiguration {
programs.nushell = {
environmentVariables.EDITOR = "hx";
shellAliases.x = "hx";
configFile.text = lib.mkAfter ''
def --wrapped hx [...arguments] {
if $env.TERM == "xterm-kitty" {
kitty @ set-spacing padding=0
}
^hx ...$arguments
if $env.TERM == "xterm-kitty" {
kitty @ set-spacing padding=${toString theme.padding}
}
programs.nushell.configFile.text = mkAfter ''
def --wrapped hx [...arguments] {
if $env.TERM == "xterm-kitty" {
kitty @ set-spacing padding=0
}
'';
};
^hx ...$arguments
if $env.TERM == "xterm-kitty" {
kitty @ set-spacing padding=${toString config.theme.padding}
}
}
'';
programs.helix = enabled {
languages.language = let
@ -96,11 +98,6 @@
formatter = denoFormatter "tsx";
language-servers = [ "deno" ];
}
{ # TODO: Remove in the next Helix release.
name = "nu";
language-servers = [ "nu" ];
}
];
languages.language-server = {
@ -145,7 +142,7 @@
cursorline = true;
bufferline = "multiple";
file-picker.hidden = false;
idle-timeout = 50;
idle-timeout = 0;
line-number = "relative";
shell = [ "bash" "-c" ];
text-width = 100;
@ -167,7 +164,7 @@
render.tab = "all";
};
settings.keys = lib.genAttrs [ "normal" "select" ] (_: {
settings.keys = genAttrs [ "normal" "select" ] (_: {
D = "extend_to_line_end";
});
};
@ -213,5 +210,5 @@
yaml-language-server
# ZIG
upkgs.zls
zls
]))

339
modules/hyprland/default.nix
View file

@ -1,7 +1,7 @@
{ ulib, pkgs, upkgs, theme, ... }: with ulib; merge3
{ config, lib, pkgs, ... }: with lib; merge
(desktopSystemConfiguration {
hardware.opengl = enabled {};
hardware.opengl = enabled;
xdg.portal = enabled {
config.common.default = "*";
@ -12,220 +12,205 @@
};
})
(desktopHomeConfiguration {
wayland.windowManager.hyprland = with theme; enabled {
package = upkgs.hyprland;
(desktopUserHomeConfiguration {
wayland.windowManager.hyprland = enabled {
settings = {
monitor = [ ",preferred,auto,1" ];
windowrule = [ "noinitialfocus" ];
extraConfig =
''
monitor = , preferred, auto, 1
''
+
''
windowrule = noinitialfocus
''
+
''
exec-once = wl-paste --type text --watch cliphist store -max-items 1000
exec-once = wl-paste --type image --watch cliphist store -max-items 1000
exec-once = [
"wl-paste --type text --watch cliphist store -max-items 1000"
"wl-paste --type image --watch cliphist store -max-items 1000"
];
exec = pkill swaybg; swaybg --image ${./wallpaper.png}
exec = [
"pkill swaybg; swaybg --image ${./wallpaper.png}"
"pkill --signal SIGUSR2 waybar"
];
exec = pkill --signal SIGUSR2 waybar
''
+
''
binde = SUPER, left , movefocus, l
binde = SUPER, down , movefocus, d
binde = SUPER, up , movefocus, u
binde = SUPER, right, movefocus, r
bindl = [
(replaceStrings [ "\n;" "\n" ] [ ";" "" ] ''
,XF86PowerOff,exec,
pkill fuzzel;
echo -en "Suspend\0icon\x1fsystem-suspend\nHibernate\0icon\x1fsystem-suspend-hibernate-alt2\nPower Off\0icon\x1fsystem-shutdown\nReboot\0icon\x1fsystem-reboot"
| fuzzel --dmenu
| tr --delete " "
| tr '[:upper:]' '[:lower:]'
| ifne xargs systemctl
'')
];
binde = SUPER, h, movefocus, l
binde = SUPER, j, movefocus, d
binde = SUPER, k, movefocus, u
binde = SUPER, l, movefocus, r
''
+
''
bind = SUPER , TAB, workspace, e+1
bind = SUPER+ALT, TAB, workspace, e-1
bindle = [
",XF86AudioRaiseVolume , exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+ --limit 1.5"
",XF86AudioLowerVolume , exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-"
bind = SUPER, mouse_up, workspace, e+1
bind = SUPER, mouse_down, workspace, e-1
",XF86AudioMute , exec, wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle"
",XF86AudioMicMute , exec, wpctl set-mute @DEFAULT_AUDIO_SOURCE@ toggle"
bind = SUPER, 1, workspace, 1
bind = SUPER, 2, workspace, 2
bind = SUPER, 3, workspace, 3
bind = SUPER, 4, workspace, 4
bind = SUPER, 5, workspace, 5
",XF86MonBrightnessUp , exec, brightnessctl set 5%+"
",XF86MonBrightnessDown, exec, brightnessctl set --min-value=0 5%-"
];
bind = SUPER+ALT, 1, movetoworkspacesilent, 1
bind = SUPER+ALT, 2, movetoworkspacesilent, 2
bind = SUPER+ALT, 3, movetoworkspacesilent, 3
bind = SUPER+ALT, 4, movetoworkspacesilent, 4
bind = SUPER+ALT, 5, movetoworkspacesilent, 5
bindm = [
"SUPER, mouse:272, movewindow"
"SUPER, mouse:274, movewindow"
"SUPER, mouse:273, resizewindow"
];
bindm = SUPER, mouse:272, movewindow
bindm = SUPER, mouse:274, movewindow
''
+
''
binde = SUPER+CTRL, left , resizeactive, -100 0
binde = SUPER+CTRL, down , resizeactive, 0 100
binde = SUPER+CTRL, up , resizeactive, 0 -100
binde = SUPER+CTRL, right, resizeactive, 100 0
binde = [
"SUPER, left , movefocus, l"
"SUPER, down , movefocus, d"
"SUPER, up , movefocus, u"
"SUPER, right, movefocus, r"
binde = SUPER+CTRL, h, resizeactive, -100 0
binde = SUPER+CTRL, j, resizeactive, 0 100
binde = SUPER+CTRL, k, resizeactive, 0 -100
binde = SUPER+CTRL, l, resizeactive, 100 0
"SUPER, h, movefocus, l"
"SUPER, j, movefocus, d"
"SUPER, k, movefocus, u"
"SUPER, l, movefocus, r"
bindm = SUPER, mouse:273, resizewindow
''
+
''
bind = SUPER+ALT, left , movewindow, l
bind = SUPER+ALT, down , movewindow, d
bind = SUPER+ALT, up , movewindow, u
bind = SUPER+ALT, right, movewindow, r
"SUPER+CTRL, left , resizeactive, -100 0"
"SUPER+CTRL, down , resizeactive, 0 100"
"SUPER+CTRL, up , resizeactive, 0 -100"
"SUPER+CTRL, right, resizeactive, 100 0"
bind = SUPER+ALT, h, movewindow, l
bind = SUPER+ALT, j, movewindow, d
bind = SUPER+ALT, k, movewindow, u
bind = SUPER+ALT, l, movewindow, r
''
+
''
bind = SUPER , Q, killactive
bind = SUPER , F, fullscreen
bind = SUPER+ALT, F, togglefloating
"SUPER+CTRL, h, resizeactive, -100 0"
"SUPER+CTRL, j, resizeactive, 0 100"
"SUPER+CTRL, k, resizeactive, 0 -100"
"SUPER+CTRL, l, resizeactive, 100 0"
];
bind = SUPER+ALT, RETURN, exec, kitty
bind = SUPER , RETURN, exec, ghostty --gtk-single-instance=true
bind = SUPER , W , exec, firefox
bind = SUPER , D , exec, discordcanary
bind = SUPER , E , exec, fractal
bind = SUPER , M , exec, thunderbird
bind = SUPER , T , exec, thunar
bind = SUPER , C , exec, hyprpicker --autocopy
bind = [
"SUPER , TAB, workspace, e+1"
"SUPER+ALT, TAB, workspace, e-1"
bind = SUPER, B, exec, pkill --signal SIGUSR1 waybar
"SUPER, mouse_up, workspace, e+1"
"SUPER, mouse_down, workspace, e-1"
bind = SUPER, SPACE, exec, pkill fuzzel; fuzzel
bind = SUPER, V , exec, pkill fuzzel; cliphist list | fuzzel --dmenu | cliphist decode | wl-copy
"SUPER, 1, workspace, 1"
"SUPER, 2, workspace, 2"
"SUPER, 3, workspace, 3"
"SUPER, 4, workspace, 4"
"SUPER, 5, workspace, 5"
bind = , PRINT, exec, pkill grim; grim -g "$(slurp -w 0)" - | swappy -f - -o - | wl-copy --type image/png
bind = ALT, PRINT, exec, pkill grim; grim - | swappy -f - -o - | wl-copy --type image/png
''
+
''
bindle = , XF86AudioRaiseVolume, exec, wpctl set-volume --limit 1.5 @DEFAULT_AUDIO_SINK@ 5%+
bindle = , XF86AudioLowerVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-
"SUPER+ALT, 1, movetoworkspacesilent, 1"
"SUPER+ALT, 2, movetoworkspacesilent, 2"
"SUPER+ALT, 3, movetoworkspacesilent, 3"
"SUPER+ALT, 4, movetoworkspacesilent, 4"
"SUPER+ALT, 5, movetoworkspacesilent, 5"
bindle = , XF86AudioMute , exec, wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle
bindle = , XF86AudioMicMute, exec, wpctl set-mute @DEFAULT_AUDIO_SOURCE@ toggle
"SUPER+ALT, left , movewindow, l"
"SUPER+ALT, down , movewindow, d"
"SUPER+ALT, up , movewindow, u"
"SUPER+ALT, right, movewindow, r"
bindle = , XF86MonBrightnessUp , exec, brightnessctl set 5%+
bindle = , XF86MonBrightnessDown, exec, brightnessctl set --min-value=0 5%-
"SUPER+ALT, h, movewindow, l"
"SUPER+ALT, j, movewindow, d"
"SUPER+ALT, k, movewindow, u"
"SUPER+ALT, l, movewindow, r"
"SUPER , Q, killactive"
"SUPER , F, fullscreen"
"SUPER+ALT, F, togglefloating"
bindl = , XF86PowerOff, exec, pkill fuzzel; echo -en "Suspend\0icon\x1fsystem-suspend\nHibernate\0icon\x1fsystem-suspend-hibernate-alt2\nPower Off\0icon\x1fsystem-shutdown\nReboot\0icon\x1fsystem-reboot" | fuzzel --dmenu | tr --delete " " | tr "[:upper:]" "[:lower:]" | ifne xargs systemctl
''
+
''
animations {
bezier = material_decelerate, 0.05, 0.7, 0.1, 1
"SUPER+ALT, RETURN, exec, kitty"
"SUPER , RETURN, exec, ghostty --gtk-single-instance=true"
"SUPER , W , exec, firefox"
"SUPER , D , exec, discord"
"SUPER , E , exec, fractal"
"SUPER , M , exec, thunderbird"
"SUPER , T , exec, thunar"
"SUPER , C , exec, hyprpicker --autocopy"
animation = windows, 1, 2 , material_decelerate, popin 80%
animation = border , 1, 10, default
animation = fade , 1, 2 , default
animation = workspaces,1, 3 , material_decelerate
}
''
+
''
decoration {
drop_shadow = false
rounding = ${toString cornerRadius}
"SUPER, B, exec, pkill --signal SIGUSR1 waybar"
"SUPER, SPACE, exec, pkill fuzzel; fuzzel"
"SUPER, V , exec, pkill fuzzel; cliphist list | fuzzel --dmenu | cliphist decode | wl-copy"
blur {
enabled = false
}
}
''
+
''
general {
gaps_in = ${toString (margin/ 2)}
gaps_out = ${toString margin}
border_size = ${toString borderWidth}
" , PRINT, exec, pkill grim; grim -g \"$(slurp -w 0)\" - | swappy -f - -o - | wl-copy --type image/png"
"ALT, PRINT, exec, pkill grim; grim - | swappy -f - -o - | wl-copy --type image/png"
];
col.active_border = 0xFF${base0A}
col.nogroup_border_active = 0xFF${base0A}
general = with config.theme; {
gaps_in = margin / 2;
gaps_out = margin;
border_size = borderWidth;
col.inactive_border = 0xFF${base01}
col.nogroup_border = 0xFF${base01}
"col.active_border" = "0xFF${base0A}";
"col.nogroup_border_active" = "0xFF${base0A}";
cursor_inactive_timeout = 10
no_cursor_warps = true
"col.inactive_border" = "0xFF${base01}";
"col.nogroup_border" = "0xFF${base01}";
resize_on_border = true
}
''
+
''
gestures {
workspace_swipe = true
}
''
+
''
input {
follow_mouse = 1
cursor_inactive_timeout = 10;
no_cursor_warps = true;
kb_layout = tr
resize_on_border = true;
};
repeat_delay = 400
repeat_rate = 100
decoration = {
drop_shadow = false;
rounding = config.theme.cornerRadius;
touchpad {
clickfinger_behavior = true
drag_lock = true
blur.enabled = false;
};
natural_scroll = true
scroll_factor = 0.7
}
}
''
+
''
dwindle {
preserve_split = true
smart_resizing = false
}
''
+
''
misc {
animate_manual_resizes = true
input = {
follow_mouse = 1;
disable_hyprland_logo = true
disable_splash_rendering = true
kb_layout = "tr";
key_press_enables_dpms = true
mouse_move_enables_dpms = true
}
'';
repeat_delay = 400;
repeat_rate = 100;
touchpad = {
clickfinger_behavior = true;
drag_lock = true;
natural_scroll = true;
scroll_factor = 0.7;
};
};
gestures.workspace_swipe = true;
animations = {
bezier = [ "material_decelerate,0.05,0.7,0.1,1" ];
animation = [
"border , 1, 10, material_decelerate"
"fade , 1, 2 , material_decelerate"
"layers , 1, 2 , material_decelerate"
"windows , 1, 2 , material_decelerate, popin 80%"
"workspaces, 1, 3 , material_decelerate"
];
};
misc = {
animate_manual_resizes = true;
disable_hyprland_logo = true;
disable_splash_rendering = true;
hide_cursor_on_key_press = true;
key_press_enables_dpms = true;
mouse_move_enables_dpms = true;
};
dwindle = {
preserve_split = true;
smart_resizing = false;
};
};
};
})
(desktopHomePackages (with pkgs; [
(desktopUserHomePackages (with pkgs; [
brightnessctl
cliphist
grim
hyprpicker
slurp
swappy
swaybg
upkgs.hyprpicker
wl-clipboard
xdg-utils
xwaylandvideobridge

2
modules/kernel.nix
View file

@ -1,4 +1,4 @@
{ ulib, pkgs, ... }: with ulib;
{ lib, pkgs, ... }: with lib;
systemConfiguration {
boot.kernelPackages = pkgs.linuxPackages_latest;

6
modules/keyring.nix
View file

@ -1,9 +1,9 @@
{ ulib, ... }: with ulib;
{ lib, ... }: with lib;
desktopSystemConfiguration {
programs.seahorse = enabled {};
programs.seahorse = enabled;
security.pam.services.login.enableGnomeKeyring = true;
services.gnome.gnome-keyring = enabled {};
services.gnome.gnome-keyring = enabled;
}

6
modules/kitty.nix
View file

@ -1,7 +1,7 @@
{ ulib, theme, ... }: with ulib;
{ config, lib, ... }: with lib;
desktopHomeConfiguration {
programs.kitty = with theme.withHashtag; enabled {
desktopUserHomeConfiguration {
programs.kitty = with config.theme.withHashtag; enabled {
font = with font; {
inherit (mono) name package;

7
modules/kresd.nix Normal file
View file

@ -0,0 +1,7 @@
{ lib, ... }: with lib;
systemConfiguration {
services.kresd = enabled;
networking.nameservers = [ "::1" "127.0.0.1" ];
}

26
modules/localisation.nix
View file

@ -1,4 +1,4 @@
{ ulib, ... }: with ulib; merge
{ lib, ... }: with lib; merge
(systemConfiguration {
console.keyMap = "trq";
@ -7,17 +7,15 @@
})
(desktopSystemConfiguration {
i18n.extraLocaleSettings = let
locale = "tr_TR.UTF-8";
in {
LC_ADDRESS = locale;
LC_IDENTIFICATION = locale;
LC_MEASUREMENT = locale;
LC_MONETARY = locale;
LC_NAME = locale;
LC_NUMERIC = locale;
LC_PAPER = locale;
LC_TELEPHONE = locale;
LC_TIME = locale;
};
i18n.extraLocaleSettings = genAttrs [
"LC_ADDRESS"
"LC_IDENTIFICATION"
"LC_MEASUREMENT"
"LC_MONETARY"
"LC_NAME"
"LC_NUMERIC"
"LC_PAPER"
"LC_TELEPHONE"
"LC_TIME"
] (_: "tr_TR.UTF-8");
})

2
modules/logind.nix
View file

@ -1,4 +1,4 @@
{ ulib, ... }: with ulib;
{ lib, ... }: with lib;
desktopSystemConfiguration {
services.logind.powerKey = "ignore";

4
modules/nano.nix
View file

@ -1,7 +1,7 @@
{ ulib, ... }: with ulib;
{ lib, ... }: with lib;
systemConfiguration {
environment.defaultPackages = [];
programs.nano.enable = false; # Garbage.
programs.nano = disabled; # Garbage.
}

9
modules/network-manager.nix Normal file
View file

@ -0,0 +1,9 @@
{ lib, ... }: with lib;
systemConfiguration {
networking.networkmanager = enabled;
users.extraGroups.networkmanager.members = allNormalUsers;
environment.shellAliases.wifi = "nmcli dev wifi show-password";
}

11
modules/networkmanager.nix
View file

@ -1,11 +0,0 @@
{ ulib, ... }: with ulib; merge
(systemConfiguration {
networking.networkmanager = enabled {};
users.extraGroups.networkmanager.members = ulib.users.all;
})
(homeConfiguration {
programs.nushell.shellAliases.wifi = "nmcli dev wifi show-password";
})

68
modules/nix.nix
View file

@ -1,19 +1,7 @@
{ inputs, lib, ulib, upkgs, ... }: with ulib; merge
(homeConfiguration {
programs.nushell = {
shellAliases.ns = "nix shell";
configFile.text = lib.mkAfter ''
def --wrapped nr [program: string = "", ...arguments] {
nix run $program -- ...$arguments
}
'';
};
})
{ inputs, lib, pkgs, ... }: with lib; merge
(systemConfiguration {
environment.etc."flakes".text = builtins.toJSON inputs;
environment.etc."flakes.json".text = strings.toJSON inputs;
nix = {
gc = {
@ -27,11 +15,9 @@
optimise.automatic = true;
package = upkgs.nixSuper;
registry = {
default.flake = inputs.nixpkgs;
} // builtins.mapAttrs (_: value: lib.mkIf (lib.isType "flake" value) {
} // mapAttrs (_: value: mkIf (isType "flake" value) {
flake = value;
}) inputs;
@ -39,25 +25,51 @@
"auto-allocate-uids"
"ca-derivations"
"cgroups"
"configurable-impure-env"
"flakes"
"git-hashing"
"nix-command"
"recursive-nix"
"repl-flake"
"verified-fetches"
];
settings = {
accept-flake-config = true;
builders-use-substitutes = true;
flake-registry = ""; # I DON'T WANT THE GLOBAL REGISTRY!!!
http-connections = 50;
trusted-users = [ "root" "@wheel" ];
use-cgroups = true;
warn-dirty = false;
accept-flake-config = true;
builders-use-substitutes = true;
flake-registry = ""; # I DON'T WANT THE GLOBAL REGISTRY!!!
http-connections = 50;
show-trace = true;
trusted-users = [ "root" "@wheel" ];
use-cgroups = true;
warn-dirty = false;
};
};
programs.nix-ld = enabled {};
programs.nix-ld = enabled;
})
(systemPackages (with pkgs; [
nh
nix-index
nix-output-monitor
]))
(homeConfiguration {
programs.nushell.configFile.text = mkAfter ''
def --wrapped nr [program: string = "", ...arguments] {
if ($program | str contains "#") or ($program | str contains ":") {
nix run $program -- ...$arguments
} else {
nix run ("default#" + $program) -- ...$arguments
}
}
def --wrapped ns [...programs] {
nix shell ...($programs | each {
if ($in | str contains "#") or ($in | str contains ":") {
$in
} else {
"default#" + $in
}
})
}
'';
})

BIN
modules/nushell/boom.opus
View file

Binary file not shown.

16
modules/nushell/configuration.nix.nu
View file

@ -1,4 +1,4 @@
{ lib, ulib, ... }: ''
{ lib, ... }: ''
$env.config = {
bracketed_paste: true
buffer_editor: ""
@ -155,19 +155,7 @@ $env.config.cursor_shape = {
}
$env.config.hooks = {
command_not_found: {||
${lib.optionalString ulib.isDesktop ''
task status
| where label == boom
| get id
| each {|id|
task kill $id | null
task remove $id | null
}
task spawn --label boom { pw-play ${./boom.opus} }
''}
}
command_not_found: {||}
display_output: "table --expand"
env_change: {}
pre_execution: [

48
modules/nushell/default.nix
View file

@ -1,7 +1,22 @@
{ config, ulib, pkgs, ... } @ inputs: with ulib; merge3
{ config, lib, pkgs, ... } @ inputs: with lib; merge
(systemConfiguration {
users.defaultUserShell = pkgs.nushell;
users.defaultUserShell = pkgs.nushellFull;
environment.shellAliases = {
la = "ls --all";
lla = "ls --long --all";
sl = "ls";
cp = "cp --recursive --verbose --progress";
mk = "mkdir";
mv = "mv --verbose";
rm = "rm --recursive --verbose";
less = "less -FR";
pstree = "pstree -g 2";
tree = "tree -CF --dirsfirst";
};
})
(homeConfiguration {
@ -10,9 +25,9 @@
command_timeout = 100;
scan_timeout = 20;
cmd_duration.show_notifications = ulib.isDesktop;
cmd_duration.show_notifications = isDesktop;
package.disabled = ulib.isServer;
package.disabled = isServer;
character.error_symbol = "";
character.success_symbol = "";
@ -20,29 +35,16 @@
};
programs.nushell = enabled {
package = pkgs.nushellFull;
configFile.text = import ./configuration.nix.nu inputs;
envFile.text = import ./environment.nix.nu inputs;
envFile.source = ./environment.nu;
environmentVariables = {
inherit (config.environment.variables) NIX_LD;
};
environmentVariables = mapAttrs (_: value: ''"${value}"'') config.environment.variables;
shellAliases = {
shellAliases = (attrsets.removeAttrs config.environment.shellAliases [ "ls" "l" ]) // {
cdtmp = "cd (mktemp --directory)";
la = "ls --all";
ll = "ls --long";
lla = "ls --long --all";
sl = "ls";
cp = "cp --recursive --verbose --progress";
mk = "mkdir";
mv = "mv --verbose";
rm = "rm --recursive --verbose";
less = "less -FR";
pstree = "pstree -g 2";
tree = "tree -CF --dirsfirst";
ll = "ls --long";
};
};
})

4
modules/nushell/environment.nix.nu → modules/nushell/environment.nu
View file

@ -1,5 +1,3 @@
{ upkgs, ... }: ''
$env.ENV_CONVERSIONS.PATH = {
from_string: {|string|
$string | split row (char esep) | path expand --no-symlink
@ -20,6 +18,4 @@ def --env mcg [path: path] {
git init
}
use ${upkgs.nuScripts}/modules/background_task/task.nu
zoxide init nushell --cmd cd | save --force ~/.config/nushell/zoxide.nu
''

27
modules/openssh/default.nix
View file

@ -1,27 +0,0 @@
{ ulib, ... }: with ulib;
serverSystemConfiguration {
programs.mosh = enabled {
openFirewall = true;
};
services.openssh = enabled {
banner = ''
_______________________________________
/ If God doesn't destroy San Francisco, \
| He should apologize to Sodom and |
\ Gomorrah. /
---------------------------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
'';
ports = [ 2222 ];
settings = {
KbdInteractiveAuthentication = false;
PasswordAuthentication = false;
};
};
}

21
modules/openssh/motd.hist
View file

@ -1,21 +0,0 @@
_________________________________________
/ You will pay for your sins. If you have \
| already paid, please disregard this |
\ message. /
-----------------------------------------
\ / \ //\
\ |\___/| / \// \\
/0 0 \__ / // | \ \
/ / \/_/ // | \ \
@_^_@'/ \/_ // | \ \
//_^_/ \/_ // | \ \
( //) | \/// | \ \
( / /) _|_ / ) // | \ _\
( // /) '/,_ _ _/ ( ; -. | _ _\.-~ .-~~~^-.
(( / / )) ,-{ _ `-.|.-~-. .~ `.
(( // / )) '/\ / ~-. _ .-~ .-~^-. \
(( /// )) `. { } / \ \
(( / )) .----~-.\ \-' .~ \ `. \^-.
///.----..> \ _ -~ `. ^-` ^-_
///-._ _ _ _ _ _ _}^ - - - - ~ ~-- ,.-~
/.-~

5
modules/openttd.nix
View file

@ -1,5 +0,0 @@
{ ulib, pkgs, ... }: with ulib;
desktopHomePackages (with pkgs; [
openttd
])

11
modules/packages.nix
View file

@ -1,4 +1,4 @@
{ ulib, pkgs, upkgs, ... }: with ulib; merge3
{ lib, pkgs, ... }: with lib; merge
(systemPackages (with pkgs; [
asciinema
@ -10,8 +10,6 @@
(fortune.override { withOffensive = true; })
hyperfine
moreutils
nix-index
nix-output-monitor
openssl
p7zip
pstree
@ -26,7 +24,7 @@
]))
(desktopSystemPackages (with pkgs; [
upkgs.ageNix
agenix
clang_16
clang-tools_16
@ -36,18 +34,17 @@
jdk
lld
maven
upkgs.zig
vlang
zig
wine
]))
(desktopHomePackages (with pkgs; [
(desktopUserHomePackages (with pkgs; [
element-desktop
fractal
qbittorrent
thunderbird
upkgs.rat
whatsapp-for-linux
krita

8
modules/pipewire.nix
View file

@ -1,11 +1,11 @@
{ ulib, ... }: with ulib;
{ lib, ... }: with lib;
desktopSystemConfiguration {
security.rtkit = enabled {};
sound = enabled {};
security.rtkit = enabled;
sound = enabled;
services.pipewire = enabled {
alsa = enabled { support32Bit = true; };
pulse = enabled {};
pulse = enabled;
};
}

39
modules/pueue.nix
View file

@ -1,39 +0,0 @@
{ ulib, ... }: with ulib;
homeConfiguration {
services.pueue = enabled {
settings = {
shared = {
pueue_directory = "~/.local/share/pueue";
use_unix_socket = true;
runtime_directory = null;
unix_socket_path = "~/.local/share/pueue/pueue_your_user.socket";
host = "localhost";
port = 6924;
daemon_cert = "~/.local/share/pueue/certs/daemon.cert";
daemon_key = "~/.local/share/pueue/certs/daemon.key";
shared_secret_path = "~/.local/share/pueue/shared_secret";
};
client = {
restart_in_place = false;
read_local_logs = true;
show_confirmation_questions = false;
show_expanded_aliases = false;
dark_mode = false;
max_status_height = null;
status_time_format = "%H:%M:%S";
status_datetime_format = "%Y-%m-%d\n%H:%M:%S";
};
daemon = {
default_parallel_tasks = 10;
pause_group_on_failure = false;
pause_all_on_failure = false;
callback = "\"Task {{ id }}\nCommand: {{ command }}\nPath: {{ path }}\nFinished with status '{{ result }}'\"";
callback_log_lines = 10;
groups.default = 1;
};
};
};
}

14
modules/python.nix
View file

@ -1,4 +1,10 @@
{ ulib, pkgs, ... }: with ulib; merge
{ lib, pkgs, ... }: with lib; merge
(systemConfiguration {
environment.shellAliases = {
venv = "virtualenv venv";
};
})
(systemPackages (with pkgs; [
(python311.withPackages (pkgs: with pkgs; [
@ -8,9 +14,3 @@
virtualenv
poetry
]))
(homeConfiguration {
programs.nushell.shellAliases = {
venv = "virtualenv venv";
};
})

9
modules/qt.nix
View file

@ -1,9 +0,0 @@
{ ulib, pkgs, ... }: with ulib;
desktopHomeConfiguration {
qt = enabled {
platformTheme = "gnome";
style.name = "adwaita-dark";
style.package = pkgs.adwaita-qt;
};
}

12
modules/ripgrep.nix
View file

@ -1,10 +1,12 @@
{ ulib, ... }: with ulib;
{ lib, ... }: with lib; merge
homeConfiguration {
programs.nushell.shellAliases = {
(systemConfiguration {
environment.shellAliases = {
rg = "rg --line-number --smart-case";
todo = ''rg "todo|fixme" --colors match:fg:yellow --colors match:style:bold'';
};
})
programs.ripgrep = enabled {};
}
(homeConfiguration {
programs.ripgrep = enabled;
})

11
modules/rust.nix
View file

@ -1,8 +1,4 @@
{ inputs, ulib, pkgs, ... }: with ulib; merge3
(desktopSystemConfiguration {
nixpkgs.overlays = [ inputs.fenix.overlays.default ];
})
{ lib, pkgs, ... }: with lib; merge
(desktopSystemPackages (with pkgs; [
cargo-expand
@ -16,6 +12,7 @@
])
]))
(desktopHomeConfiguration {
programs.nushell.environmentVariables.CARGO_NET_GIT_FETCH_WITH_CLI = ''"true"'';
(desktopSystemConfiguration {
environment.variables.CARGO_NET_GIT_FETCH_WITH_CLI = "true";
})

58
modules/ssh.nix
View file

@ -1,4 +1,4 @@
{ ulib, pkgs, ... }: with ulib; merge
{ lib, pkgs, ... }: with lib; merge
(desktopSystemPackages (with pkgs; [
mosh
@ -11,23 +11,49 @@
serverAliveCountMax = 2;
serverAliveInterval = 60;
matchBlocks."*".setEnv = {
COLORTERM = "truecolor";
TERM = "xterm-256color";
};
matchBlocks = {
"*" = {
setEnv.COLORTERM = "truecolor";
setEnv.TERM = "xterm-256color";
matchBlocks.cube = {
hostname = "5.255.78.70";
user = "rgb";
port = 2222;
identityFile = "~/.ssh/id";
};
identityFile = "~/.ssh/id";
};
matchBlocks.robotic = {
hostname = "86.105.252.189";
user = "rgbcube";
port = 2299;
identityFile = "~/.ssh/id";
cube = {
hostname = "5.255.78.70";
user = "rgb";
port = 2222;
};
disk = {
hostname = "23.164.232.40";
user = "floppy";
port = 2222;
};
robotic = {
hostname = "86.105.252.189";
user = "rgbcube";
port = 2299;
};
};
};
})
(let
port = 2222;
in serverSystemConfiguration {
programs.mosh = enabled {
openFirewall = true;
};
services.openssh = enabled {
ports = [ port ];
settings = {
KbdInteractiveAuthentication = false;
PasswordAuthentication = false;
AcceptEnv = "COLORTERM";
};
};
})

4
modules/steam.nix
View file

@ -1,4 +1,4 @@
{ ulib, pkgs, ... }: with ulib; merge
{ lib, pkgs, ... }: with lib; merge
(desktopSystemConfiguration {
# Steam uses 32-bit drivers for some unholy fucking reason.
@ -7,6 +7,6 @@
nixpkgs.config.allowUnfree = true;
})
(desktopHomePackages (with pkgs; [
(desktopUserHomePackages (with pkgs; [
steam
]))

6
modules/sudo.nix
View file

@ -1,4 +1,4 @@
{ lib, ulib, ... }: with ulib; merge
{ lib, ... }: with lib; merge
(desktopSystemConfiguration {
security.sudo.wheelNeedsPassword = false;
@ -6,15 +6,15 @@
(systemConfiguration {
security.sudo = enabled {
execWheelOnly = true;
extraConfig = ''
Defaults lecture = never
Defaults pwfeedback
Defaults env_keep += "DISPLAY EDITOR PATH"
${lib.optionalString ulib.isServer ''
${optionalString isServer ''
Defaults timestamp_timeout = 0
''}
'';
execWheelOnly = true;
extraRules = [{
groups = [ "wheel" ];

2
modules/thunar.nix
View file

@ -1,4 +1,4 @@
{ ulib, pkgs, ... }: with ulib; merge
{ lib, pkgs, ... }: with lib; merge
(desktopSystemConfiguration {
programs.thunar = enabled {

2
modules/tmp.nix
View file

@ -1,4 +1,4 @@
{ ulib, ... }: with ulib;
{ lib, ... }: with lib;
systemConfiguration {
boot.tmp.cleanOnBoot = true;

2
modules/users.nix
View file

@ -1,4 +1,4 @@
{ ulib, ... }: with ulib;
{ lib, ... }: with lib;
systemConfiguration {
users.mutableUsers = false;

14
modules/w3m.nix
View file

@ -1,12 +1,12 @@
{ ulib, pkgs, ... }: with ulib; merge
{ lib, pkgs, ... }: with lib; merge
(systemPackages (with pkgs; [
w3m
]))
(homeConfiguration {
programs.nushell.shellAliases = {
(systemConfiguration {
environment.shellAliases = {
ddg = "w3m lite.duckduckgo.com";
web = "w3m";
};
})
(systemPackages (with pkgs; [
w3m
]))

Some files were not shown because too many files have changed in this diff Show more