harald/nixcfg
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

nix fmt

Browse source 
Signed-off-by: Harald Hoyer <harald@hoyer.xyz>
This commit is contained in:
Harald Hoyer 2024-11-19 10:31:29 +01:00
parent a3187e163d
commit 900f95169f
83 changed files with 1134 additions and 705 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
flake.lock
View file

@ -935,11 +935,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1720042825, "lastModified": 1726989464,
"narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=", "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073", "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1519,11 +1519,11 @@
}, },
"nixpkgs_4": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1722221733, "lastModified": 1731797254,
"narHash": "sha256-sga9SrrPb+pQJxG1ttJfMPheZvDOxApFfwXCFO0H9xw=", "narHash": "sha256-df3dJApLPhd11AlueuoN0Q4fHo/hagP75LlM5K1sz9g=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "12bf09802d77264e441f48e25459c10c93eada2e", "rev": "e8c38b73aeb218e27163376a2d617e61a2ad9b59",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1535,11 +1535,11 @@
}, },
"nixpkgs_5": { "nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1719707984, "lastModified": 1728740863,
"narHash": "sha256-RoxIr/fbndtuKqulGvNCcuzC6KdAib85Q8gXnjzA1dw=", "narHash": "sha256-u+rxA79a0lyhG+u+oPBRtTDtzz8kvkc9a6SWSt9ekVc=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "7dca15289a1c2990efbe4680f0923ce14139b042", "rev": "a3f9ad65a0bf298ed5847629a57808b97e6e8077",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1555,11 +1555,11 @@
"snowfall-lib": "snowfall-lib" "snowfall-lib": "snowfall-lib"
}, },
"locked": { "locked": {
"lastModified": 1721741092, "lastModified": 1731604482,
"narHash": "sha256-ghFoP5gZpc1i4I4PiVCH00QNZ6s6ipGUcA0P1TsSSC8=", "narHash": "sha256-r75GaDBrZFNHSvhcTR5e0JlgSBALvmwFpgNq58pZ4Pg=",
"owner": "matter-labs", "owner": "matter-labs",
"repo": "nixsgx", "repo": "nixsgx",
"rev": "be2c19592d0d5601184c52c07ab6d88dec07ffd6", "rev": "4ec107365fb8403b5dddf35f0ef940bc5657af22",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -2649,11 +2649,11 @@
}, },
"unstable": { "unstable": {
"locked": { "locked": {
"lastModified": 1722185531, "lastModified": 1731676054,
"narHash": "sha256-veKR07psFoJjINLC8RK4DiLniGGMgF3QMlS4tb74S6k=", "narHash": "sha256-OZiZ3m8SCMfh3B6bfGC/Bm4x3qc1m2SVEAlkV6iY7Yg=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "52ec9ac3b12395ad677e8b62106f0b98c1f8569d", "rev": "5e4fbfb6b3de1aa2872b76d49fafc942626e2add",
"type": "github" "type": "github"
}, },
"original": { "original": {

11
flake.nix
View file

@ -45,7 +45,8 @@
attic.inputs.nixpkgs.follows = "nixpkgs"; attic.inputs.nixpkgs.follows = "nixpkgs";
}; };
outputs = inputs: outputs =
inputs:
let let
lib = inputs.snowfall-lib.mkLib { lib = inputs.snowfall-lib.mkLib {
inherit inputs; inherit inputs;
@ -66,9 +67,7 @@
allowUnfree = true; allowUnfree = true;
}; };
homes.modules = with inputs; [ homes.modules = with inputs; [ neovim-flake.homeManagerModules.default ];
neovim-flake.homeManagerModules.default
];
systems.modules.nixos = with inputs; [ systems.modules.nixos = with inputs; [
lanzaboote.nixosModules.lanzaboote lanzaboote.nixosModules.lanzaboote
@ -79,9 +78,7 @@
attic.nixosModules.atticd attic.nixosModules.atticd
]; ];
overlays = with inputs; [ overlays = with inputs; [ nixsgx-flake.overlays.default ];
nixsgx-flake.overlays.default
];
outputs-builder = channels: { outputs-builder = channels: {
formatter = channels.nixpkgs.nixfmt-rfc-style; formatter = channels.nixpkgs.nixfmt-rfc-style;

10
homes/x86_64-darwin/harald@mpro/default.nix
View file

@ -1,7 +1,8 @@
{ lib {
, pkgs lib,
, config pkgs,
, ... config,
...
}: }:
{ {
home = { home = {
@ -29,4 +30,3 @@
}; };
}; };
} }

82
homes/x86_64-linux/harald@mx/default.nix
View file

@ -1,7 +1,8 @@
{ lib {
, pkgs lib,
, config pkgs,
, ... config,
...
}: }:
{ {
home.sessionPath = [ "$HOME/bin" ]; home.sessionPath = [ "$HOME/bin" ];
@ -32,43 +33,44 @@
xdg.enable = true; xdg.enable = true;
xdg.mime.enable = true; xdg.mime.enable = true;
/* ***************************************** /*
systemd.user.services = { *****************************************
render_blog = { systemd.user.services = {
Service = { render_blog = {
Type = "oneshot"; Service = {
Environment = "PATH=/run/current-system/sw/bin"; Type = "oneshot";
ExecStart = toString ( Environment = "PATH=/run/current-system/sw/bin";
pkgs.writeShellScript "render_blog.sh" '' ExecStart = toString (
set -eou pipefail pkgs.writeShellScript "render_blog.sh" ''
set -x set -eou pipefail
DIR=/var/tmp/blog.$$ set -x
rm -fr $DIR DIR=/var/tmp/blog.$$
mkdir -p $DIR rm -fr $DIR
cd $DIR mkdir -p $DIR
echo $HOME cd $DIR
set echo $HOME
git config --list set
git clone --recurse-submodules https://git.hoyer.xyz/harald/blog.git git config --list
cd blog git clone --recurse-submodules https://git.hoyer.xyz/harald/blog.git
./build.sh cd blog
cd /var/tmp ./build.sh
rm -fr $DIR cd /var/tmp
'' rm -fr $DIR
); ''
);
};
Install.WantedBy = [ "default.target" ];
};
}; };
Install.WantedBy = [ "default.target" ];
};
};
systemd.user.timers = { systemd.user.timers = {
render_blog = { render_blog = {
Timer = { Timer = {
OnCalendar = "hourly"; OnCalendar = "hourly";
};
Install.WantedBy = [ "timers.target" ];
}; };
Install.WantedBy = [ "timers.target" ]; };
}; *****************************
}; */
***************************** */
} }

15
homes/x86_64-linux/harald@sgx-azure/default.nix
View file

@ -1,7 +1,8 @@
{ lib {
, pkgs lib,
, config pkgs,
, ... config,
...
}: }:
{ {
home = { home = {
@ -12,7 +13,10 @@
}; };
nix.settings = { nix.settings = {
substituters = [ "https://cache.nixos.org" "https://attic.teepot.org/tee-pot" ]; substituters = [
"https://cache.nixos.org"
"https://attic.teepot.org/tee-pot"
];
trusted-public-keys = [ trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"tee-pot:SS6HcrpG87S1M6HZGPsfo7d1xJccCGev7/tXc5+I4jg=" "tee-pot:SS6HcrpG87S1M6HZGPsfo7d1xJccCGev7/tXc5+I4jg="
@ -36,4 +40,3 @@
}; };
}; };
} }

6
homes/x86_64-linux/harald@sgx-nixos/default.nix
View file

@ -1,7 +1,4 @@
{ lib { lib, config, ... }:
, config
, ...
}:
{ {
home.sessionPath = [ "$HOME/bin" ]; home.sessionPath = [ "$HOME/bin" ];
@ -27,4 +24,3 @@
xdg.enable = true; xdg.enable = true;
xdg.mime.enable = true; xdg.mime.enable = true;
} }

6
homes/x86_64-linux/harald@sgx/default.nix
View file

@ -1,7 +1,4 @@
{ lib { lib, config, ... }:
, config
, ...
}:
{ {
home.sessionPath = [ "$HOME/bin" ]; home.sessionPath = [ "$HOME/bin" ];
@ -27,4 +24,3 @@
xdg.enable = true; xdg.enable = true;
xdg.mime.enable = true; xdg.mime.enable = true;
} }

6
homes/x86_64-linux/harald@t15/default.nix
View file

@ -1,7 +1,4 @@
{ lib { lib, config, ... }:
, config
, ...
}:
{ {
home.sessionPath = [ "$HOME/bin" ]; home.sessionPath = [ "$HOME/bin" ];
@ -63,4 +60,3 @@
xdg.enable = true; xdg.enable = true;
xdg.mime.enable = true; xdg.mime.enable = true;
} }

6
homes/x86_64-linux/harald@x1/default.nix
View file

@ -1,7 +1,4 @@
{ lib { lib, config, ... }:
, config
, ...
}:
{ {
home.sessionPath = [ "$HOME/bin" ]; home.sessionPath = [ "$HOME/bin" ];
@ -63,4 +60,3 @@
xdg.enable = true; xdg.enable = true;
xdg.mime.enable = true; xdg.mime.enable = true;
} }

120
lib/audio/default.nix
View file

@ -4,62 +4,96 @@ rec {
## Renames an alsa device from a given `name` using the new `description`. ## Renames an alsa device from a given `name` using the new `description`.
## ##
#@ { name: String, description: String } -> { matches: List, apply_properties: Attrs } #@ { name: String, description: String } -> { matches: List, apply_properties: Attrs }
mkAlsaRename = { name, description }: { mkAlsaRename =
matches = [ { name, description }:
[ {
[ "device.name" "matches" name ] matches = [
] [
]; [
# actions = { "update-props" = { "node.description" = description; }; }; "device.name"
apply_properties = { "matches"
"device.description" = description; name
]
]
];
# actions = { "update-props" = { "node.description" = description; }; };
apply_properties = {
"device.description" = description;
};
}; };
};
## Create a pipewire audio node. ## Create a pipewire audio node.
## ##
#@ { name: String, factory: String ? "adapter", ... } -> { factory: String, args: Attrs } #@ { name: String, factory: String ? "adapter", ... } -> { factory: String, args: Attrs }
mkAudioNode = args@{ name, factory ? "adapter", ... }: { mkAudioNode =
inherit factory; args@{
args = (builtins.removeAttrs args [ "name" "description" ]) // { name,
"node.name" = name; factory ? "adapter",
"node.description" = args.description or args."node.description"; ...
"factory.name" = args."factory.name" or "support.null-audio-sink"; }:
{
inherit factory;
args =
(builtins.removeAttrs args [
"name"
"description"
])
// {
"node.name" = name;
"node.description" = args.description or args."node.description";
"factory.name" = args."factory.name" or "support.null-audio-sink";
};
}; };
};
## Create a virtual pipewire audio node. ## Create a virtual pipewire audio node.
## ##
#@ { name: String, ... } -> { factory: "adapter", args: Attrs } #@ { name: String, ... } -> { factory: "adapter", args: Attrs }
mkVirtualAudioNode = args@{ name, ... }: mkVirtualAudioNode =
mkAudioNode (args // { args@{ name, ... }:
name = "virtual-${lib.toLower name}-audio"; mkAudioNode (
description = "${name} (Virtual)"; args
"media.class" = args.class or args."media.class" or "Audio/Duplex"; // {
"object.linger" = args."object.linger" or true; name = "virtual-${lib.toLower name}-audio";
"audio.position" = args."audio.position" or [ "FL" "FR" ]; description = "${name} (Virtual)";
"monitor.channel-volumes" = args."monitor.channel-volumes" or true; "media.class" = args.class or args."media.class" or "Audio/Duplex";
}); "object.linger" = args."object.linger" or true;
"audio.position" =
args."audio.position" or [
"FL"
"FR"
];
"monitor.channel-volumes" = args."monitor.channel-volumes" or true;
}
);
## Connect two pipewire audio nodes ## Connect two pipewire audio nodes
## ##
#@ { name: String?, from: String, to: String, ... } -> { name: "libpipewire-module-loopback", args: Attrs } #@ { name: String?, from: String, to: String, ... } -> { name: "libpipewire-module-loopback", args: Attrs }
mkBridgeAudioModule = args@{ from, to, ... }: { mkBridgeAudioModule =
name = "libpipewire-module-loopback"; args@{ from, to, ... }:
args = (builtins.removeAttrs args [ "from" "to" "name" ]) // { {
"node.name" = name = "libpipewire-module-loopback";
if args ? name then args =
"${args.name}-bridge" (builtins.removeAttrs args [
else "from"
"${lib.toLower from}-to-${lib.toLower to}-bridge"; "to"
"audio.position" = args."audio.position" or [ "FL" "FR" ]; "name"
"capture.props" = { ])
"node.target" = from; // {
} // (args."capture.props" or { }); "node.name" =
"playback.props" = { if args ? name then "${args.name}-bridge" else "${lib.toLower from}-to-${lib.toLower to}-bridge";
"node.target" = to; "audio.position" =
"monitor.channel-volumes" = true; args."audio.position" or [
} // (args."playback.props" or { }); "FL"
"FR"
];
"capture.props" = {
"node.target" = from;
} // (args."capture.props" or { });
"playback.props" = {
"node.target" = to;
"monitor.channel-volumes" = true;
} // (args."playback.props" or { });
};
}; };
};
} }

9
lib/default.nix
View file

@ -1,4 +1,8 @@
{ lib, inputs, snowfall-inputs }: {
lib,
inputs,
snowfall-inputs,
}:
rec { rec {
## Override a package's metadata ## Override a package's metadata
@ -13,7 +17,8 @@ rec {
## ``` ## ```
## ##
#@ Attrs -> Package -> Package #@ Attrs -> Package -> Package
override-meta = meta: package: override-meta =
meta: package:
package.overrideAttrs (attrs: { package.overrideAttrs (attrs: {
meta = (attrs.meta or { }) // meta; meta = (attrs.meta or { }) // meta;
}); });

54
lib/deploy/default.nix
View file

@ -16,36 +16,42 @@ rec {
## ``` ## ```
## ##
#@ { self: Flake, overrides: Attrs ? {} } -> Attrs #@ { self: Flake, overrides: Attrs ? {} } -> Attrs
mkDeploy = { self, overrides ? { } }: mkDeploy =
{
self,
overrides ? { },
}:
let let
hosts = self.nixosConfigurations or { }; hosts = self.nixosConfigurations or { };
names = builtins.attrNames hosts; names = builtins.attrNames hosts;
nodes = lib.foldl nodes = lib.foldl (
(result: name: result: name:
let let
host = hosts.${name}; host = hosts.${name};
user = host.config.metacfg.user.name or null; user = host.config.metacfg.user.name or null;
inherit (host.pkgs) system; inherit (host.pkgs) system;
in in
result // { result
${name} = (overrides.${name} or { }) // { // {
hostname = overrides.${name}.hostname or "${name}"; ${name} = (overrides.${name} or { }) // {
profiles = (overrides.${name}.profiles or { }) // { hostname = overrides.${name}.hostname or "${name}";
system = (overrides.${name}.profiles.system or { }) // { profiles = (overrides.${name}.profiles or { }) // {
system =
(overrides.${name}.profiles.system or { })
// {
path = deploy-rs.lib.${system}.activate.nixos host; path = deploy-rs.lib.${system}.activate.nixos host;
} // lib.optionalAttrs (user != null) { }
// lib.optionalAttrs (user != null) {
user = "root"; user = "root";
sshUser = user; sshUser = user;
} // lib.optionalAttrs }
(host.config.metacfg.security.doas.enable or false) // lib.optionalAttrs (host.config.metacfg.security.doas.enable or false) { sudo = "doas -u"; };
{
sudo = "doas -u";
};
};
}; };
}) };
{ } }
names; ) { } names;
in in
{ inherit nodes; }; {
inherit nodes;
};
} }

6
lib/module/default.nix
View file

@ -1,6 +1,7 @@
{ lib, ... }: { lib, ... }:
with lib; rec { with lib;
rec {
## Create a NixOS module option. ## Create a NixOS module option.
## ##
## ```nix ## ```nix
@ -8,7 +9,8 @@ with lib; rec {
## ``` ## ```
## ##
#@ Type -> Any -> String #@ Type -> Any -> String
mkOpt = type: default: description: mkOpt =
type: default: description:
mkOption { inherit type default description; }; mkOption { inherit type default description; };
## Create a NixOS module option without a description. ## Create a NixOS module option without a description.

40
lib/network/default.nix
View file

@ -1,4 +1,8 @@
{ lib, inputs, snowfall-inputs }: {
lib,
inputs,
snowfall-inputs,
}:
let let
inherit (inputs.nixpkgs.lib) assertMsg last; inherit (inputs.nixpkgs.lib) assertMsg last;
@ -9,14 +13,17 @@ in
# Type: String -> Attrs # Type: String -> Attrs
# Usage: get-address-parts "bismuth:3000" # Usage: get-address-parts "bismuth:3000"
# result: { host = "bismuth"; port = "3000"; } # result: { host = "bismuth"; port = "3000"; }
get-address-parts = address: get-address-parts =
address:
let let
address-parts = builtins.split ":" address; address-parts = builtins.split ":" address;
ip = builtins.head address-parts; ip = builtins.head address-parts;
host = if ip == "" then "127.0.0.1" else ip; host = if ip == "" then "127.0.0.1" else ip;
port = if builtins.length address-parts != 3 then "" else last address-parts; port = if builtins.length address-parts != 3 then "" else last address-parts;
in in
{ inherit host port; }; {
inherit host port;
};
## Create proxy configuration for NGINX virtual hosts. ## Create proxy configuration for NGINX virtual hosts.
## ##
@ -33,22 +40,23 @@ in
## ##
#@ { port: Int ? null, host: String ? "127.0.0.1", proxy-web-sockets: Bool ? false, extra-config: Attrs ? { } } -> Attrs #@ { port: Int ? null, host: String ? "127.0.0.1", proxy-web-sockets: Bool ? false, extra-config: Attrs ? { } } -> Attrs
create-proxy = create-proxy =
{ port ? null {
, host ? "127.0.0.1" port ? null,
, proxy-web-sockets ? false host ? "127.0.0.1",
, extra-config ? { } proxy-web-sockets ? false,
extra-config ? { },
}: }:
assert assertMsg (port != "" && port != null) "port cannot be empty"; assert assertMsg (port != "" && port != null) "port cannot be empty";
assert assertMsg (host != "") "host cannot be empty"; assert assertMsg (host != "") "host cannot be empty";
extra-config // { extra-config
locations = (extra-config.locations or { }) // { // {
"/" = (extra-config.locations."/" or { }) // { locations = (extra-config.locations or { }) // {
proxyPass = "/" = (extra-config.locations."/" or { }) // {
"http://${host}${if port != null then ":${builtins.toString port}" else ""}"; proxyPass = "http://${host}${if port != null then ":${builtins.toString port}" else ""}";
proxyWebsockets = proxy-web-sockets; proxyWebsockets = proxy-web-sockets;
};
}; };
}; };
};
}; };
} }

17
modules/darwin/home/default.nix
View file

@ -1,4 +1,11 @@
{ options, config, pkgs, lib, inputs, ... }: {
options,
config,
pkgs,
lib,
inputs,
...
}:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
@ -11,10 +18,10 @@ in
# ]; # ];
options.metacfg.home = with types; { options.metacfg.home = with types; {
file = mkOpt attrs { } file = mkOpt attrs { } "A set of files to be managed by home-manager's <option>home.file</option>.";
"A set of files to be managed by home-manager's <option>home.file</option>."; configFile =
configFile = mkOpt attrs { } mkOpt attrs { }
"A set of files to be managed by home-manager's <option>xdg.configFile</option>."; "A set of files to be managed by home-manager's <option>xdg.configFile</option>.";
extraOptions = mkOpt attrs { } "Options to pass directly to home-manager."; extraOptions = mkOpt attrs { } "Options to pass directly to home-manager.";
homeConfig = mkOpt attrs { } "Final config for home-manager."; homeConfig = mkOpt attrs { } "Final config for home-manager.";
}; };

23
modules/darwin/nix/default.nix
View file

@ -1,11 +1,13 @@
{ options {
, config options,
, pkgs config,
, lib pkgs,
, ... lib,
...
}: }:
with lib; with lib;
with lib.metacfg; let with lib.metacfg;
let
cfg = config.metacfg.nix; cfg = config.metacfg.nix;
in in
{ {
@ -24,7 +26,10 @@ in
nix = nix =
let let
users = [ "root" config.metacfg.user.name ]; users = [
"root"
config.metacfg.user.name
];
in in
{ {
package = cfg.package; package = cfg.package;
@ -60,7 +65,9 @@ in
gc = { gc = {
automatic = true; automatic = true;
interval = { Day = 7; }; interval = {
Day = 7;
};
options = "--delete-older-than 30d"; options = "--delete-older-than 30d";
user = config.metacfg.user.name; user = config.metacfg.user.name;
}; };

12
modules/darwin/security/gpg/default.nix
View file

@ -1,4 +1,10 @@
{ lib, config, pkgs, inputs, ... }: {
lib,
config,
pkgs,
inputs,
...
}:
let let
inherit (lib) types mkEnableOption mkIf; inherit (lib) types mkEnableOption mkIf;
@ -21,9 +27,7 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [ gnupg ];
gnupg
];
environment.shellInit = '' environment.shellInit = ''
export GPG_TTY="$(tty)" export GPG_TTY="$(tty)"

16
modules/darwin/services/base/default.nix
View file

@ -1,8 +1,9 @@
{ options {
, config options,
, lib config,
, pkgs lib,
, ... pkgs,
...
}: }:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
@ -37,7 +38,10 @@ in
wget wget
starship starship
]; ];
shells = [ pkgs.fish pkgs.bash ]; shells = [
pkgs.fish
pkgs.bash
];
}; };
programs = { programs = {

4
modules/darwin/services/nix-daemon/default.nix
View file

@ -11,7 +11,5 @@ in
enable = mkOpt types.bool true "Whether to enable the Nix daemon."; enable = mkOpt types.bool true "Whether to enable the Nix daemon.";
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable { services.nix-daemon = enabled; };
services.nix-daemon = enabled;
};
} }

8
modules/darwin/suites/common/default.nix
View file

@ -1,4 +1,10 @@
{ options, config, lib, pkgs, ... }: {
options,
config,
lib,
pkgs,
...
}:
with lib; with lib;
with lib.metacfg; with lib.metacfg;

17
modules/darwin/system/fonts/default.nix
View file

@ -1,8 +1,15 @@
{ options, config, pkgs, lib, ... }: {
options,
config,
pkgs,
lib,
...
}:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
let cfg = config.metacfg.system.fonts; let
cfg = config.metacfg.system.fonts;
in in
{ {
options.metacfg.system.fonts = with types; { options.metacfg.system.fonts = with types; {
@ -17,14 +24,16 @@ in
}; };
fonts = { fonts = {
packages = with pkgs; packages =
with pkgs;
[ [
noto-fonts noto-fonts
noto-fonts-cjk-sans noto-fonts-cjk-sans
noto-fonts-cjk-serif noto-fonts-cjk-serif
noto-fonts-emoji noto-fonts-emoji
(nerdfonts.override { fonts = [ "Hack" ]; }) (nerdfonts.override { fonts = [ "Hack" ]; })
] ++ cfg.fonts; ]
++ cfg.fonts;
}; };
}; };
} }

48
modules/darwin/system/interface/default.nix
View file

@ -1,8 +1,15 @@
{ options, config, pkgs, lib, ... }: {
options,
config,
pkgs,
lib,
...
}:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
let cfg = config.metacfg.system.interface; let
cfg = config.metacfg.system.interface;
in in
{ {
options.metacfg.system.interface = with types; { options.metacfg.system.interface = with types; {
@ -10,25 +17,26 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
system.activationScripts.applications.text = let system.activationScripts.applications.text =
env = pkgs.buildEnv { let
name = "system-applications"; env = pkgs.buildEnv {
paths = config.environment.systemPackages; name = "system-applications";
pathsToLink = "/Applications"; paths = config.environment.systemPackages;
}; pathsToLink = "/Applications";
in };
in
lib.mkForce '' lib.mkForce ''
# Set up applications. # Set up applications.
echo "setting up /Applications..." >&2 echo "setting up /Applications..." >&2
rm -rf /Applications/Nix\ Apps rm -rf /Applications/Nix\ Apps
mkdir -p /Applications/Nix\ Apps mkdir -p /Applications/Nix\ Apps
find ${env}/Applications -maxdepth 1 -type l -exec readlink '{}' + | find ${env}/Applications -maxdepth 1 -type l -exec readlink '{}' + |
while read -r src; do while read -r src; do
app_name=$(basename "$src") app_name=$(basename "$src")
echo "copying $src" >&2 echo "copying $src" >&2
${pkgs.mkalias}/bin/mkalias "$src" "/Applications/Nix Apps/$app_name" ${pkgs.mkalias}/bin/mkalias "$src" "/Applications/Nix Apps/$app_name"
done done
''; '';
system.defaults = { system.defaults = {
dock.autohide = true; dock.autohide = true;

9
modules/darwin/user/default.nix
View file

@ -1,7 +1,8 @@
{ lib {
, config lib,
, pkgs config,
, ... pkgs,
...
}: }:
let let
inherit (lib) types mkIf mkDefault; inherit (lib) types mkIf mkDefault;

13
modules/home/cli-apps/bash/default.nix
View file

@ -1,7 +1,8 @@
{ lib {
, config lib,
, pkgs config,
, ... pkgs,
...
}: }:
let let
inherit (lib) mkEnableOption mkIf; inherit (lib) mkEnableOption mkIf;
@ -14,9 +15,7 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
home.packages = with pkgs; [ home.packages = with pkgs; [ bashInteractive ];
bashInteractive
];
programs.bash = { programs.bash = {
enable = true; enable = true;
initExtra = '' initExtra = ''

19
modules/home/cli-apps/bat/default.nix
View file

@ -1,10 +1,12 @@
{ lib {
, config lib,
, pkgs config,
, ... pkgs,
...
}: }:
with lib; with lib;
with lib.metacfg; let with lib.metacfg;
let
cfg = config.metacfg.cli-apps.bat; cfg = config.metacfg.cli-apps.bat;
in in
{ {
@ -16,7 +18,12 @@ in
programs.bat = { programs.bat = {
enable = true; enable = true;
config.theme = "ansi"; config.theme = "ansi";
extraPackages = with pkgs.bat-extras; [ batdiff batman batgrep batwatch ]; extraPackages = with pkgs.bat-extras; [
batdiff
batman
batgrep
batwatch
];
}; };
}; };
} }

29
modules/home/cli-apps/fish/default.nix
View file

@ -1,7 +1,8 @@
{ lib {
, config lib,
, pkgs config,
, ... pkgs,
...
}: }:
let let
inherit (lib) mkEnableOption mkIf; inherit (lib) mkEnableOption mkIf;
@ -33,15 +34,17 @@ in
end end
''; '';
plugins = [{ plugins = [
name = "foreign-env"; {
src = pkgs.fetchFromGitHub { name = "foreign-env";
owner = "oh-my-fish"; src = pkgs.fetchFromGitHub {
repo = "plugin-foreign-env"; owner = "oh-my-fish";
rev = "dddd9213272a0ab848d474d0cbde12ad034e65bc"; repo = "plugin-foreign-env";
sha256 = "00xqlyl3lffc5l0viin1nyp819wf81fncqyz87jx8ljjdhilmgbs"; rev = "dddd9213272a0ab848d474d0cbde12ad034e65bc";
}; sha256 = "00xqlyl3lffc5l0viin1nyp819wf81fncqyz87jx8ljjdhilmgbs";
}]; };
}
];
# shellInit = # shellInit =
# '' # ''

11
modules/home/cli-apps/home-manager/default.nix
View file

@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }: {
lib,
config,
pkgs,
...
}:
let let
inherit (lib) mkEnableOption mkIf; inherit (lib) mkEnableOption mkIf;
@ -24,8 +29,6 @@ in
man = "${pkgs.bat-extras.batman}/bin/batman"; man = "${pkgs.bat-extras.batman}/bin/batman";
}; };
home.packages = with pkgs; [ home.packages = with pkgs; [ vim ];
vim
];
}; };
} }

17
modules/home/cli-apps/neovim/default.nix
View file

@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }: {
lib,
config,
pkgs,
...
}:
let let
inherit (lib) mkEnableOption mkIf; inherit (lib) mkEnableOption mkIf;
@ -199,7 +204,10 @@ in
nix = 110; nix = 110;
ruby = 120; ruby = 120;
java = 130; java = 130;
go = [ 90 130 ]; go = [
90
130
];
}; };
}; };
}; };
@ -223,7 +231,10 @@ in
comment-nvim.enable = true; comment-nvim.enable = true;
}; };
vim.spellChecking.languages = [ "en" "de" ]; vim.spellChecking.languages = [
"en"
"de"
];
}; };
}; };
}; };

23
modules/home/cli-apps/starship/default.nix
View file

@ -1,7 +1,8 @@
{ lib {
, config lib,
, pkgs config,
, ... pkgs,
...
}: }:
let let
inherit (lib) mkEnableOption mkIf; inherit (lib) mkEnableOption mkIf;
@ -15,16 +16,22 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
home.packages = with pkgs; [ home.packages = with pkgs; [
(pkgs.nerdfonts.override { fonts = [ "FiraCode" "DroidSansMono" "JetBrainsMono" ]; }) (pkgs.nerdfonts.override {
fonts = [
"FiraCode"
"DroidSansMono"
"JetBrainsMono"
];
})
]; ];
programs.starship = { programs.starship = {
enable = true; enable = true;
settings = { settings = {
container.format = "[\\[$name\\]]($style) "; container.format = "[\\[$name\\]]($style) ";
git_status = { git_status = {
ahead = "$\{count}"; ahead = "\${count}";
diverged = "$\{ahead_count}$\{behind_count}"; diverged = "\${ahead_count}\${behind_count}";
behind = "$\{count}"; behind = "\${count}";
}; };
}; };
}; };

18
modules/home/cli-apps/tmux/default.nix
View file

@ -1,10 +1,12 @@
{ lib {
, config lib,
, pkgs config,
, ... pkgs,
...
}: }:
with lib; with lib;
with lib.metacfg; let with lib.metacfg;
let
cfg = config.metacfg.cli-apps.tmux; cfg = config.metacfg.cli-apps.tmux;
in in
{ {
@ -12,9 +14,5 @@ in
enable = mkEnableOption "Tmux"; enable = mkEnableOption "Tmux";
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable { home.packages = with pkgs; [ tmux ]; };
home.packages = with pkgs; [
tmux
];
};
} }

9
modules/home/host/default.nix
View file

@ -1,4 +1,11 @@
{ lib, config, pkgs, host ? null, format ? "unknown", ... }: {
lib,
config,
pkgs,
host ? null,
format ? "unknown",
...
}:
let let
inherit (lib) types; inherit (lib) types;

17
modules/home/tools/alacritty/default.nix
View file

@ -1,7 +1,8 @@
{ lib {
, config lib,
, pkgs config,
, ... pkgs,
...
}: }:
let let
inherit (lib) mkEnableOption mkIf; inherit (lib) mkEnableOption mkIf;
@ -16,7 +17,13 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
home.packages = with pkgs; [ home.packages = with pkgs; [
alacritty alacritty
(pkgs.nerdfonts.override { fonts = [ "FiraCode" "DroidSansMono" "JetBrainsMono" ]; }) (pkgs.nerdfonts.override {
fonts = [
"FiraCode"
"DroidSansMono"
"JetBrainsMono"
];
})
]; ];
}; };
} }

11
modules/home/tools/direnv/default.nix
View file

@ -1,8 +1,15 @@
{ options, config, lib, pkgs, ... }: {
options,
config,
lib,
pkgs,
...
}:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
let cfg = config.metacfg.tools.direnv; let
cfg = config.metacfg.tools.direnv;
in in
{ {
options.metacfg.tools.direnv = with types; { options.metacfg.tools.direnv = with types; {

26
modules/home/tools/git/default.nix
View file

@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }: {
lib,
config,
pkgs,
...
}:
let let
inherit (lib) types mkEnableOption mkIf; inherit (lib) types mkEnableOption mkIf;
@ -13,7 +18,8 @@ in
userName = mkOpt types.str user.fullName "The name to configure git with."; userName = mkOpt types.str user.fullName "The name to configure git with.";
userEmail = mkOpt types.str user.email "The email to configure git with."; userEmail = mkOpt types.str user.email "The email to configure git with.";
signingKey = signingKey =
mkOpt types.str "7F3D64824AC0B6B8009E50504BC0896FB5693595" "The key ID to sign commits with."; mkOpt types.str "7F3D64824AC0B6B8009E50504BC0896FB5693595"
"The key ID to sign commits with.";
signByDefault = mkOpt types.bool false "Whether to sign commits by default."; signByDefault = mkOpt types.bool false "Whether to sign commits by default.";
}; };
@ -32,10 +38,18 @@ in
inherit (cfg) signByDefault; inherit (cfg) signByDefault;
}; };
extraConfig = { extraConfig = {
init = { defaultBranch = "main"; }; init = {
pull = { rebase = true; }; defaultBranch = "main";
push = { autoSetupRemote = true; }; };
core = { whitespace = "trailing-space,space-before-tab"; }; pull = {
rebase = true;
};
push = {
autoSetupRemote = true;
};
core = {
whitespace = "trailing-space,space-before-tab";
};
safe = { safe = {
directory = "${user.home}/git"; directory = "${user.home}/git";
}; };

23
modules/home/tools/jetbrains/default.nix
View file

@ -1,8 +1,15 @@
{ options, config, lib, pkgs, ... }: {
options,
config,
lib,
pkgs,
...
}:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
let cfg = config.metacfg.tools.jetbrains; let
cfg = config.metacfg.tools.jetbrains;
in in
{ {
options.metacfg.tools.jetbrains = with types; { options.metacfg.tools.jetbrains = with types; {
@ -10,12 +17,16 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
home.sessionPath = [ home.sessionPath = [ "$HOME/.local/share/JetBrains/Toolbox/scripts" ];
"$HOME/.local/share/JetBrains/Toolbox/scripts"
];
home.packages = with pkgs; [ home.packages = with pkgs; [
jetbrains-toolbox jetbrains-toolbox
(pkgs.nerdfonts.override { fonts = [ "FiraCode" "DroidSansMono" "JetBrainsMono" ]; }) (pkgs.nerdfonts.override {
fonts = [
"FiraCode"
"DroidSansMono"
"JetBrainsMono"
];
})
]; ];
}; };
} }

11
modules/home/tools/ssh/default.nix
View file

@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }: {
lib,
config,
pkgs,
...
}:
let let
inherit (lib) types mkEnableOption mkIf; inherit (lib) types mkEnableOption mkIf;
@ -10,9 +15,7 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
home.packages = with pkgs; [ home.packages = with pkgs; [ mosh ];
mosh
];
programs.ssh = { programs.ssh = {
enable = true; enable = true;
extraConfig = '' extraConfig = ''

15
modules/home/user/default.nix
View file

@ -1,7 +1,18 @@
{ lib, config, pkgs, osConfig ? { }, ... }: {
lib,
config,
pkgs,
osConfig ? { },
...
}:
let let
inherit (lib) types mkIf mkDefault mkMerge; inherit (lib)
types
mkIf
mkDefault
mkMerge
;
inherit (lib.metacfg) mkOpt; inherit (lib.metacfg) mkOpt;
cfg = config.metacfg.user; cfg = config.metacfg.user;

23
modules/nixos/home/default.nix
View file

@ -1,15 +1,23 @@
{ options, config, pkgs, lib, inputs, ... }: {
options,
config,
pkgs,
lib,
inputs,
...
}:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
let cfg = config.metacfg.home; let
cfg = config.metacfg.home;
in in
{ {
options.metacfg.home = with types; { options.metacfg.home = with types; {
file = mkOpt attrs { } file = mkOpt attrs { } (mdDoc "A set of files to be managed by home-manager's `home.file`.");
(mdDoc "A set of files to be managed by home-manager's `home.file`."); configFile = mkOpt attrs { } (
configFile = mkOpt attrs { } mdDoc "A set of files to be managed by home-manager's `xdg.configFile`."
(mdDoc "A set of files to be managed by home-manager's `xdg.configFile`."); );
extraOptions = mkOpt attrs { } "Options to pass directly to home-manager."; extraOptions = mkOpt attrs { } "Options to pass directly to home-manager.";
}; };
@ -25,8 +33,7 @@ in
useUserPackages = true; useUserPackages = true;
useGlobalPkgs = true; useGlobalPkgs = true;
users.${config.metacfg.user.name} = users.${config.metacfg.user.name} = mkAliasDefinitions options.metacfg.home.extraOptions;
mkAliasDefinitions options.metacfg.home.extraOptions;
}; };
}; };
} }

11
modules/nixos/nix-ld/default.nix
View file

@ -1,8 +1,15 @@
{ options, config, lib, pkgs, ... }: {
options,
config,
lib,
pkgs,
...
}:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
let cfg = config.metacfg.nix-ld; let
cfg = config.metacfg.nix-ld;
in in
{ {
options.metacfg.nix-ld = with types; { options.metacfg.nix-ld = with types; {

88
modules/nixos/nix/default.nix
View file

@ -1,15 +1,25 @@
{ options, config, pkgs, lib, inputs, ... }: {
options,
config,
pkgs,
lib,
inputs,
...
}:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
let let
cfg = config.metacfg.nix; cfg = config.metacfg.nix;
substituters-submodule = types.submodule ({ name, ... }: { substituters-submodule = types.submodule (
options = with types; { { name, ... }:
key = mkOpt (nullOr str) null "The trusted public key for this substituter."; {
}; options = with types; {
}); key = mkOpt (nullOr str) null "The trusted public key for this substituter.";
};
}
);
in in
{ {
options.metacfg.nix = with types; { options.metacfg.nix = with types; {
@ -18,25 +28,23 @@ in
default-substituter = { default-substituter = {
url = mkOpt str "https://cache.nixos.org" "The url for the substituter."; url = mkOpt str "https://cache.nixos.org" "The url for the substituter.";
key = mkOpt str "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" "The trusted public key for the substituter."; key =
mkOpt str "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"The trusted public key for the substituter.";
}; };
extra-substituters = mkOpt (attrsOf substituters-submodule) { } "Extra substituters to configure."; extra-substituters = mkOpt (attrsOf substituters-submodule) { } "Extra substituters to configure.";
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
assertions = mapAttrsToList assertions = mapAttrsToList (name: value: {
(name: value: { assertion = value.key != null;
assertion = value.key != null; message = "metacfg.nix.extra-substituters.${name}.key must be set";
message = "metacfg.nix.extra-substituters.${name}.key must be set"; }) cfg.extra-substituters;
})
cfg.extra-substituters;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
metacfg.nixos-revision metacfg.nixos-revision
(metacfg.nixos-hosts.override { (metacfg.nixos-hosts.override { hosts = inputs.self.nixosConfigurations; })
hosts = inputs.self.nixosConfigurations;
})
deploy-rs deploy-rs
nixfmt nixfmt
nix-index nix-index
@ -48,8 +56,10 @@ in
nix = nix =
let let
users = [ "root" config.metacfg.user.name ] ++ users = [
optional config.services.hydra.enable "hydra"; "root"
config.metacfg.user.name
] ++ optional config.services.hydra.enable "hydra";
extra-substituters = cfg.extra-substituters // { extra-substituters = cfg.extra-substituters // {
"https://attic.teepot.org/tee-pot".key = "tee-pot:SS6HcrpG87S1M6HZGPsfo7d1xJccCGev7/tXc5+I4jg="; "https://attic.teepot.org/tee-pot".key = "tee-pot:SS6HcrpG87S1M6HZGPsfo7d1xJccCGev7/tXc5+I4jg=";
}; };
@ -57,29 +67,29 @@ in
{ {
package = cfg.package; package = cfg.package;
settings = { settings =
experimental-features = "nix-command flakes"; {
http-connections = 50; experimental-features = "nix-command flakes";
warn-dirty = false; http-connections = 50;
log-lines = 50; warn-dirty = false;
sandbox = true; log-lines = 50;
auto-optimise-store = true; sandbox = true;
trusted-users = users; auto-optimise-store = true;
allowed-users = users; trusted-users = users;
allowed-users = users;
substituters = substituters = [
[ cfg.default-substituter.url ] cfg.default-substituter.url
++ ] ++ (mapAttrsToList (name: value: name) extra-substituters);
(mapAttrsToList (name: value: name) extra-substituters); trusted-public-keys = [
trusted-public-keys = cfg.default-substituter.key
[ cfg.default-substituter.key ] ] ++ (mapAttrsToList (name: value: value.key) extra-substituters);
++
(mapAttrsToList (name: value: value.key) extra-substituters);
} // (lib.optionalAttrs config.metacfg.tools.direnv.enable { }
keep-outputs = true; // (lib.optionalAttrs config.metacfg.tools.direnv.enable {
keep-derivations = true; keep-outputs = true;
}); keep-derivations = true;
});
gc = { gc = {
automatic = true; automatic = true;

20
modules/nixos/services/base/default.nix
View file

@ -1,8 +1,9 @@
{ options {
, config options,
, lib config,
, pkgs lib,
, ... pkgs,
...
}: }:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
@ -39,7 +40,9 @@ in
}; };
environment = { environment = {
sessionVariables = { PATH = "$HOME/bin"; }; sessionVariables = {
PATH = "$HOME/bin";
};
systemPackages = with pkgs; [ systemPackages = with pkgs; [
age age
bash bash
@ -73,7 +76,10 @@ in
"$@" "$@"
'') '')
]; ];
shells = [ pkgs.fish pkgs.bash ]; shells = [
pkgs.fish
pkgs.bash
];
}; };
hardware = { hardware = {

19
modules/nixos/services/gui/default.nix
View file

@ -1,8 +1,15 @@
{ options, config, lib, pkgs, ... }: {
options,
config,
lib,
pkgs,
...
}:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
let cfg = config.metacfg.gui; let
cfg = config.metacfg.gui;
in in
{ {
options.metacfg.gui = with types; { options.metacfg.gui = with types; {
@ -150,7 +157,13 @@ in
noto-fonts-emoji noto-fonts-emoji
liberation_ttf liberation_ttf
freefont_ttf freefont_ttf
(nerdfonts.override { fonts = [ "FiraCode" "DroidSansMono" "JetBrainsMono" ]; }) (nerdfonts.override {
fonts = [
"FiraCode"
"DroidSansMono"
"JetBrainsMono"
];
})
]; ];
fontconfig = { fontconfig = {

11
modules/nixos/services/homeprinter/default.nix
View file

@ -1,8 +1,15 @@
{ options, config, lib, pkgs, ... }: {
options,
config,
lib,
pkgs,
...
}:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
let cfg = config.metacfg.homeprinter; let
cfg = config.metacfg.homeprinter;
in in
{ {
options.metacfg.homeprinter = with types; { options.metacfg.homeprinter = with types; {

15
modules/nixos/services/podman/default.nix
View file

@ -1,8 +1,15 @@
{ options, config, lib, pkgs, ... }: {
options,
config,
lib,
pkgs,
...
}:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
let cfg = config.metacfg.podman; let
cfg = config.metacfg.podman;
in in
{ {
options.metacfg.podman = with types; { options.metacfg.podman = with types; {
@ -18,7 +25,9 @@ in
dockerCompat = lib.mkDefault true; dockerCompat = lib.mkDefault true;
# For Nixos version > 22.11 # For Nixos version > 22.11
defaultNetwork.settings = { dns_enabled = true; }; defaultNetwork.settings = {
dns_enabled = true;
};
}; };
}; };
}; };

11
modules/nixos/services/secureboot/default.nix
View file

@ -1,8 +1,15 @@
{ options, config, lib, pkgs, ... }: {
options,
config,
lib,
pkgs,
...
}:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
let cfg = config.metacfg.secureboot; let
cfg = config.metacfg.secureboot;
in in
{ {
options.metacfg.secureboot = with types; { options.metacfg.secureboot = with types; {

23
modules/nixos/sgx/aesmd_dcap/default.nix
View file

@ -1,4 +1,10 @@
{ options, config, lib, pkgs, ... }: {
options,
config,
lib,
pkgs,
...
}:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
@ -21,14 +27,15 @@ in
quoteProviderLibrary = pkgs.nixsgx.sgx-dcap.default_qpl; quoteProviderLibrary = pkgs.nixsgx.sgx-dcap.default_qpl;
}; };
systemd.services.aesmd = { systemd.services.aesmd = {
environment.LD_LIBRARY_PATH = lib.mkForce (lib.makeLibraryPath [ pkgs.nixsgx.sgx-dcap.default_qpl pkgs.curl.out ]); environment.LD_LIBRARY_PATH = lib.mkForce (
lib.makeLibraryPath [
pkgs.nixsgx.sgx-dcap.default_qpl
pkgs.curl.out
]
);
serviceConfig = { serviceConfig = {
BindReadOnlyPaths = [ BindReadOnlyPaths = [ "/etc/sgx_default_qcnl.conf" ];
"/etc/sgx_default_qcnl.conf" BindPaths = [ "/dev/log" ];
];
BindPaths = [
"/dev/log"
];
}; };
}; };
}; };

32
modules/nixos/sgx/pccs/default.nix
View file

@ -1,4 +1,10 @@
{ options, config, lib, pkgs, ... }: {
options,
config,
lib,
pkgs,
...
}:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
@ -49,21 +55,19 @@ in
}; };
}; };
systemd.services.pccs-secret = systemd.services.pccs-secret = {
{ description = "Inject pccs secret";
description = "Inject pccs secret"; wantedBy = [ "multi-user.target" ];
wantedBy = [ "multi-user.target" ]; before = [ "podman-pccs.service" ];
before = [ "podman-pccs.service" ];
serviceConfig = { serviceConfig = {
EnvironmentFile = cfg.secret; EnvironmentFile = cfg.secret;
ExecStart = '' ExecStart = ''
-${pkgs.podman}/bin/podman secret create --env PCCS_CONFIG PCCS_CONFIG -${pkgs.podman}/bin/podman secret create --env PCCS_CONFIG PCCS_CONFIG
''; '';
RemainAfterExit = true; RemainAfterExit = true;
};
}; };
};
}; };
} }

11
modules/nixos/tools/direnv/default.nix
View file

@ -1,8 +1,15 @@
{ options, config, lib, pkgs, ... }: {
options,
config,
lib,
pkgs,
...
}:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
let cfg = config.metacfg.tools.direnv; let
cfg = config.metacfg.tools.direnv;
in in
{ {
options.metacfg.tools.direnv = with types; { options.metacfg.tools.direnv = with types; {

27
modules/nixos/tools/git/default.nix
View file

@ -1,4 +1,10 @@
{ options, config, pkgs, lib, ... }: {
options,
config,
pkgs,
lib,
...
}:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
@ -12,8 +18,7 @@ in
enable = mkBoolOpt false "Whether or not to install and configure git."; enable = mkBoolOpt false "Whether or not to install and configure git.";
userName = mkOpt types.str user.fullName "The name to configure git with."; userName = mkOpt types.str user.fullName "The name to configure git with.";
userEmail = mkOpt types.str user.email "The email to configure git with."; userEmail = mkOpt types.str user.email "The email to configure git with.";
signingKey = signingKey = mkOpt types.str "9762169A1B35EA68" "The key ID to sign commits with.";
mkOpt types.str "9762169A1B35EA68" "The key ID to sign commits with.";
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
@ -29,10 +34,18 @@ in
signByDefault = mkIf gpg.enable true; signByDefault = mkIf gpg.enable true;
}; };
extraConfig = { extraConfig = {
init = { defaultBranch = "main"; }; init = {
pull = { rebase = true; }; defaultBranch = "main";
push = { autoSetupRemote = true; }; };
core = { whitespace = "trailing-space,space-before-tab"; }; pull = {
rebase = true;
};
push = {
autoSetupRemote = true;
};
core = {
whitespace = "trailing-space,space-before-tab";
};
safe = { safe = {
directory = "${user.home}/git"; directory = "${user.home}/git";
}; };

72
modules/nixos/user/default.nix
View file

@ -1,11 +1,13 @@
{ options {
, config options,
, pkgs config,
, lib pkgs,
, ... lib,
...
}: }:
with lib; with lib;
with lib.metacfg; let with lib.metacfg;
let
cfg = config.metacfg.user; cfg = config.metacfg.user;
defaultIconFileName = "profile.jpg"; defaultIconFileName = "profile.jpg";
defaultIcon = pkgs.stdenvNoCC.mkDerivation { defaultIcon = pkgs.stdenvNoCC.mkDerivation {
@ -18,11 +20,17 @@ with lib.metacfg; let
cp $src $out cp $src $out
''; '';
passthru = { fileName = defaultIconFileName; }; passthru = {
fileName = defaultIconFileName;
};
}; };
propagatedIcon = propagatedIcon =
pkgs.runCommandNoCC "propagated-icon" pkgs.runCommandNoCC "propagated-icon"
{ passthru = { fileName = cfg.icon.fileName; }; } {
passthru = {
fileName = cfg.icon.fileName;
};
}
'' ''
local target="$out/share/metacfg-icons/user/${cfg.name}" local target="$out/share/metacfg-icons/user/${cfg.name}"
mkdir -p "$target" mkdir -p "$target"
@ -38,9 +46,7 @@ in
initialPassword = initialPassword =
mkOpt str "password" mkOpt str "password"
"The initial password to use when the user is first created."; "The initial password to use when the user is first created.";
icon = icon = mkOpt (nullOr package) defaultIcon "The profile picture to use for the user.";
mkOpt (nullOr package) defaultIcon
"The profile picture to use for the user.";
prompt-init = mkBoolOpt true "Whether or not to show an initial message when opening a new shell."; prompt-init = mkBoolOpt true "Whether or not to show an initial message when opening a new shell.";
extraGroups = mkOpt (listOf str) [ ] "Groups for the user to be assigned."; extraGroups = mkOpt (listOf str) [ ] "Groups for the user to be assigned.";
sshKeys = mkOpt (listOf str) [ sshKeys = mkOpt (listOf str) [
@ -49,14 +55,11 @@ in
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAYbUTKpy4QR3s944/hjJ1UK05asFEs/SmWeUbtS0cdA660sT4xHnRfals73FicOoz+uIucJCwn/SCM804j+wtM=" "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAYbUTKpy4QR3s944/hjJ1UK05asFEs/SmWeUbtS0cdA660sT4xHnRfals73FicOoz+uIucJCwn/SCM804j+wtM="
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNsmP15vH8BVKo7bdvIiiEjiQboPGcRPqJK0+bH4jKD harald@lenovo.fritz.box" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNsmP15vH8BVKo7bdvIiiEjiQboPGcRPqJK0+bH4jKD harald@lenovo.fritz.box"
] "ssh keys"; ] "ssh keys";
extraOptions = extraOptions = mkOpt attrs { } (mdDoc "Extra options passed to `users.users.<name>`.");
mkOpt attrs { }
(mdDoc "Extra options passed to `users.users.<name>`.");
}; };
config = { config = {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [ ];
];
metacfg.home = { metacfg.home = {
file = { file = {
@ -68,10 +71,7 @@ in
"Videos/.keep".text = ""; "Videos/.keep".text = "";
"work/.keep".text = ""; "work/.keep".text = "";
".face".source = cfg.icon; ".face".source = cfg.icon;
"Pictures/${ "Pictures/${cfg.icon.fileName or (builtins.baseNameOf cfg.icon)}".source = cfg.icon;
cfg.icon.fileName or (builtins.baseNameOf cfg.icon)
}".source =
cfg.icon;
}; };
extraOptions.programs.bash.initExtra = '' extraOptions.programs.bash.initExtra = ''
@ -85,27 +85,25 @@ in
''; '';
}; };
users.users.${cfg.name} = users.users.${cfg.name} = {
{ isNormalUser = true;
isNormalUser = true;
# inherit (cfg) name initialPassword; # inherit (cfg) name initialPassword;
openssh.authorizedKeys.keys = cfg.sshKeys; openssh.authorizedKeys.keys = cfg.sshKeys;
home = "/home/${cfg.name}"; home = "/home/${cfg.name}";
group = "users"; group = "users";
shell = pkgs.bash; shell = pkgs.bash;
# Arbitrary user ID to use for the user. Since I only # Arbitrary user ID to use for the user. Since I only
# have a single user on my machines this won't ever collide. # have a single user on my machines this won't ever collide.
# However, if you add multiple users you'll need to change this # However, if you add multiple users you'll need to change this
# so each user has their own unique uid (or leave it out for the # so each user has their own unique uid (or leave it out for the
# system to select). # system to select).
uid = 1000; uid = 1000;
extraGroups = [ "wheel" ] ++ cfg.extraGroups; extraGroups = [ "wheel" ] ++ cfg.extraGroups;
} } // cfg.extraOptions;
// cfg.extraOptions;
}; };
} }

6
overlays/nixsgx/default.nix
View file

@ -1,5 +1 @@
{ channels, ... }: { channels, ... }: final: prev: { inherit (channels.nixpkgs.nixsgx) sgx-psw; }
final: prev:
{
inherit (channels.nixpkgs.nixsgx) sgx-psw;
}

60
packages/dcpl2530dw-cups/default.nix
View file

@ -1,17 +1,18 @@
{ lib {
, stdenv lib,
, fetchurl stdenv,
, makeWrapper fetchurl,
, cups makeWrapper,
, dpkg cups,
, a2ps dpkg,
, ghostscript a2ps,
, gnugrep ghostscript,
, gnused gnugrep,
, coreutils gnused,
, file coreutils,
, perl file,
, which perl,
which,
}: }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
@ -27,7 +28,12 @@ stdenv.mkDerivation rec {
}; };
nativeBuildInputs = [ makeWrapper ]; nativeBuildInputs = [ makeWrapper ];
buildInputs = [ cups ghostscript dpkg a2ps ]; buildInputs = [
cups
ghostscript
dpkg
a2ps
];
dontUnpack = true; dontUnpack = true;
@ -55,9 +61,14 @@ stdenv.mkDerivation rec {
; do ; do
#substituteInPlace $f \ #substituteInPlace $f \
wrapProgram $f \ wrapProgram $f \
--prefix PATH : ${lib.makeBinPath [ --prefix PATH : ${
coreutils ghostscript gnugrep gnused lib.makeBinPath [
]} coreutils
ghostscript
gnugrep
gnused
]
}
done done
mkdir -p $out/lib/cups/filter/ mkdir -p $out/lib/cups/filter/
@ -67,7 +78,17 @@ stdenv.mkDerivation rec {
ln -s $out/opt/brother/Printers/DCPL2530DW/cupswrapper/brother-DCPL2530DW-cups-en.ppd $out/share/cups/model/ ln -s $out/opt/brother/Printers/DCPL2530DW/cupswrapper/brother-DCPL2530DW-cups-en.ppd $out/share/cups/model/
wrapProgram $out/opt/brother/Printers/DCPL2530DW/lpd/lpdfilter \ wrapProgram $out/opt/brother/Printers/DCPL2530DW/lpd/lpdfilter \
--prefix PATH ":" ${ lib.makeBinPath [ ghostscript a2ps file gnused gnugrep coreutils which ] } --prefix PATH ":" ${
lib.makeBinPath [
ghostscript
a2ps
file
gnused
gnugrep
coreutils
which
]
}
''; '';
meta = with lib; { meta = with lib; {
@ -79,4 +100,3 @@ stdenv.mkDerivation rec {
downloadPage = "https://www.brother.de/support/dcp-l2530dw/downloads"; downloadPage = "https://www.brother.de/support/dcp-l2530dw/downloads";
}; };
} }

25
packages/nixos-hosts/default.nix
View file

@ -1,11 +1,12 @@
{ lib {
, writeText lib,
, writeShellApplication writeText,
, substituteAll writeShellApplication,
, gum substituteAll,
, inputs gum,
, hosts ? { } inputs,
, ... hosts ? { },
...
}: }:
let let
@ -14,9 +15,7 @@ let
substitute = args: builtins.readFile (substituteAll args); substitute = args: builtins.readFile (substituteAll args);
formatted-hosts = mapAttrsToList formatted-hosts = mapAttrsToList (name: host: "${name},${host.pkgs.system}") hosts;
(name: host: "${name},${host.pkgs.system}")
hosts;
hosts-csv = writeText "hosts.csv" '' hosts-csv = writeText "hosts.csv" ''
Name,System Name,System
@ -35,9 +34,7 @@ let
checkPhase = ""; checkPhase = "";
runtimeInputs = [ runtimeInputs = [ gum ];
gum
];
}; };
new-meta = with lib; { new-meta = with lib; {

98
packages/nixos-revision/default.nix
View file

@ -1,7 +1,8 @@
{ pkgs {
, lib pkgs,
, gitHostCommitUrl ? "https://git.hoyer.xyz/harald/nixcfg/commit" lib,
, ... gitHostCommitUrl ? "https://git.hoyer.xyz/harald/nixcfg/commit",
...
}: }:
let let
@ -13,61 +14,60 @@ let
maintainers = with maintainers; [ jakehamilton ]; maintainers = with maintainers; [ jakehamilton ];
}; };
package = package = pkgs.writeShellScriptBin "nixos-revision" ''
pkgs.writeShellScriptBin "nixos-revision" '' HAS_HELP=false
HAS_HELP=false HAS_OPEN=false
HAS_OPEN=false
while [[ $# -gt 0 ]]; do while [[ $# -gt 0 ]]; do
case $1 in case $1 in
-h|--help) -h|--help)
HAS_HELP=true HAS_HELP=true
shift shift
;; ;;
-o|--open) -o|--open)
HAS_OPEN=true HAS_OPEN=true
shift shift
;; ;;
*) *)
shift shift
;; ;;
esac esac
done done
if [ $HAS_HELP == true ]; then if [ $HAS_HELP == true ]; then
HELP_MSG=" HELP_MSG="
nixos-revision nixos-revision
USAGE USAGE
nixos-revision [options] nixos-revision [options]
OPTIONS OPTIONS
-h, --help Show this help message -h, --help Show this help message
-o, --open Open the revision on GitHub -o, --open Open the revision on GitHub
EXAMPLES EXAMPLES
$ # Print the current revision $ # Print the current revision
$ nixos-revision $ nixos-revision
$ # Open the current revision on GitHub $ # Open the current revision on GitHub
$ nixos-revision --open $ nixos-revision --open
" "
echo "$HELP_MSG" echo "$HELP_MSG"
exit 0 exit 0
fi fi
REVISION=$(nixos-version --json | ${pkgs.jq}/bin/jq -r .configurationRevision) REVISION=$(nixos-version --json | ${pkgs.jq}/bin/jq -r .configurationRevision)
if [ $HAS_OPEN == true ]; then if [ $HAS_OPEN == true ]; then
GITHUB_URL="${gitHostCommitUrl}/$REVISION" GITHUB_URL="${gitHostCommitUrl}/$REVISION"
echo "Opening URL: $GITHUB_URL" echo "Opening URL: $GITHUB_URL"
${pkgs.xdg-utils}/bin/xdg-open $GITHUB_URL ${pkgs.xdg-utils}/bin/xdg-open $GITHUB_URL
else else
echo $REVISION echo $REVISION
fi fi
''; '';
in in
override-meta new-meta package override-meta new-meta package

11
packages/rot8000/default.nix
View file

@ -1,8 +1,9 @@
{ lib {
, stdenv lib,
, rustPlatform stdenv,
, fetchFromGitHub rustPlatform,
, ... fetchFromGitHub,
...
}: }:
rustPlatform.buildRustPackage rec { rustPlatform.buildRustPackage rec {
pname = "rot8000"; pname = "rot8000";

4
systems/x86_64-darwin/mpro/default.nix
View file

@ -8,9 +8,7 @@ with lib.metacfg;
}; };
}; };
environment.systemPath = [ environment.systemPath = [ "/usr/local/Homebrew/bin" ];
"/usr/local/Homebrew/bin"
];
users.users.harald.shell = pkgs.fish; users.users.harald.shell = pkgs.fish;

27
systems/x86_64-linux/mx/acme.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
{ {
sops.secrets.internetbs = { sops.secrets.internetbs = {
sopsFile = ../../../.secrets/hetzner/internetbs.yaml; # bring your own password file sopsFile = ../../../.secrets/hetzner/internetbs.yaml; # bring your own password file
@ -13,27 +18,19 @@
}; };
certs = { certs = {
"surfsite.org" = { "surfsite.org" = {
extraDomainNames = [ extraDomainNames = [ "*.surfsite.org" ];
"*.surfsite.org"
];
}; };
"hartwin-hoyer.de" = { "hartwin-hoyer.de" = {
extraDomainNames = [ extraDomainNames = [ "*.hartwin-hoyer.de" ];
"*.hartwin-hoyer.de"
];
}; };
"herward-hoyer.de" = { "herward-hoyer.de" = {
extraDomainNames = [ extraDomainNames = [ "*.herward-hoyer.de" ];
"*.herward-hoyer.de"
];
}; };
"varlink.org" = { "varlink.org" = {
extraDomainNames = [ extraDomainNames = [ "*.varlink.org" ];
"*.varlink.org"
];
}; };
"meike-hoyer.de" = { }; "meike-hoyer.de" = { };
@ -71,9 +68,7 @@
}; };
"harald-hoyer.de" = { "harald-hoyer.de" = {
extraDomainNames = [ extraDomainNames = [ "*.harald-hoyer.de" ];
"*.harald-hoyer.de"
];
}; };
}; };
}; };

2
systems/x86_64-linux/mx/backup.nix
View file

@ -4,7 +4,7 @@
shell = pkgs.bash; shell = pkgs.bash;
isNormalUser = true; isNormalUser = true;
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"restrict,command=\"/run/wrappers/bin/rrsync -ro /\" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQGdtB6BFdXN+cRepkzWhbG5KRIM5nXmHiw1K+CEhGihwWsNVKGgU/q4rePK6PVNflTIoHUfL30jkA7H8VpSzu0XOa97Tqf+sF9VQOFrMjpf2rOWv38nc2GnKpnUu68c17KRZ+i8cnPZH0VUqRzaY/1IPMFH3OYO4qHJAEN5oAsyMFI9pbqFLqRnwNALjxf8fUvR/XB88zt3P34vFFer15FtLr4dlIzoEFGdUSOErmGJGmDzTptMqi/t0kn2AgaBKzMxwGTDUj6adU6KKBERj4ii3ekOrPwcNjsws3Mtlm5p8ycUkwUFoIiXukF6XRzCRSWMbZOgSnu2TfC6jRRrdbMNWn4QGF/jdBvvKcBoD4sChzpG6aF4m+7ue0QuHES7Kd2Rwnq0jbesGuBnRciDN+jssGvxZKX7XEialuXiaTQ4jPUA4zgWq474CR6ksuxpUDlKpH+leWPLtuKlhEZZnJHCMhz8Ewk/ZwiNSbLO97cwJciBM71orGWpFxHciT1QE= root@sgx" ''restrict,command="/run/wrappers/bin/rrsync -ro /" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQGdtB6BFdXN+cRepkzWhbG5KRIM5nXmHiw1K+CEhGihwWsNVKGgU/q4rePK6PVNflTIoHUfL30jkA7H8VpSzu0XOa97Tqf+sF9VQOFrMjpf2rOWv38nc2GnKpnUu68c17KRZ+i8cnPZH0VUqRzaY/1IPMFH3OYO4qHJAEN5oAsyMFI9pbqFLqRnwNALjxf8fUvR/XB88zt3P34vFFer15FtLr4dlIzoEFGdUSOErmGJGmDzTptMqi/t0kn2AgaBKzMxwGTDUj6adU6KKBERj4ii3ekOrPwcNjsws3Mtlm5p8ycUkwUFoIiXukF6XRzCRSWMbZOgSnu2TfC6jRRrdbMNWn4QGF/jdBvvKcBoD4sChzpG6aF4m+7ue0QuHES7Kd2Rwnq0jbesGuBnRciDN+jssGvxZKX7XEialuXiaTQ4jPUA4zgWq474CR6ksuxpUDlKpH+leWPLtuKlhEZZnJHCMhz8Ewk/ZwiNSbLO97cwJciBM71orGWpFxHciT1QE= root@sgx''
]; ];
}; };

31
systems/x86_64-linux/mx/coturn.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
{ {
sops.secrets."coturn/static-auth-secret" = { sops.secrets."coturn/static-auth-secret" = {
sopsFile = ../../../.secrets/hetzner/coturn.yaml; # bring your own password file sopsFile = ../../../.secrets/hetzner/coturn.yaml; # bring your own password file
@ -8,20 +13,30 @@
networking.firewall = networking.firewall =
let let
range = with config.services.coturn; [{ range = with config.services.coturn; [
from = min-port; {
to = max-port; from = min-port;
}]; to = max-port;
}
];
in in
{ {
allowedUDPPortRanges = range; allowedUDPPortRanges = range;
allowedTCPPorts = [ 3478 3479 5349 ]; allowedTCPPorts = [
allowedUDPPorts = [ 3478 3479 5349 ]; 3478
3479
5349
];
allowedUDPPorts = [
3478
3479
5349
];
}; };
# get a certificate # get a certificate
security.acme.certs.${config.services.coturn.realm} = { security.acme.certs.${config.services.coturn.realm} = {
/* insert here the right configuration to obtain a certificate */ # insert here the right configuration to obtain a certificate
postRun = "systemctl restart coturn.service"; postRun = "systemctl restart coturn.service";
group = "turnserver"; group = "turnserver";
}; };

7
systems/x86_64-linux/mx/forgejo.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
{ {
sops.secrets."postgres/gitea_dbpass" = { sops.secrets."postgres/gitea_dbpass" = {
sopsFile = ../../../.secrets/hetzner/postgres.yaml; # bring your own password file sopsFile = ../../../.secrets/hetzner/postgres.yaml; # bring your own password file

19
systems/x86_64-linux/mx/hardware-configuration.nix
View file

@ -1,12 +1,15 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ lib, pkgs, modulesPath, ... }: {
lib,
pkgs,
modulesPath,
...
}:
{ {
imports = [ imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.kernelPackages = lib.mkForce pkgs.linuxPackages; boot.kernelPackages = lib.mkForce pkgs.linuxPackages;
@ -28,15 +31,17 @@
"rng_core" "rng_core"
]; ];
boot.swraid.enable = true; boot.swraid.enable = true;
boot.swraid.mdadmConf = '' boot.swraid.mdadmConf = ''
MAILADDR admin@hoyer.xyz MAILADDR admin@hoyer.xyz
''; '';
disko.devices = import ./server-raid.nix { disko.devices = import ./server-raid.nix {
inherit lib; inherit lib;
disks = [ "/dev/sda" "/dev/sdb" ]; disks = [
"/dev/sda"
"/dev/sdb"
];
}; };
swapDevices = [{ device = "/swapfile"; }]; swapDevices = [ { device = "/swapfile"; } ];
} }

4
systems/x86_64-linux/mx/kicker.nix
View file

@ -9,9 +9,7 @@
"/home/hartwin/kicker/.htpasswd:/app/public/.htpasswd" "/home/hartwin/kicker/.htpasswd:/app/public/.htpasswd"
"/home/hartwin/kicker/live.db:/app/db/data/current.db" "/home/hartwin/kicker/live.db:/app/db/data/current.db"
]; ];
extraOptions = [ extraOptions = [ "--pull=always" ];
"--pull=always"
];
}; };
}; };
} }

7
systems/x86_64-linux/mx/mailserver.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
{ {
# email addresses git smudged # email addresses git smudged
mailserver = { mailserver = {

37
systems/x86_64-linux/mx/network.nix
View file

@ -8,7 +8,10 @@
services.resolved.extraConfig = "ReadEtcHosts=no"; services.resolved.extraConfig = "ReadEtcHosts=no";
services.nscd.enableNsncd = false; services.nscd.enableNsncd = false;
networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedTCPPorts = [
80
443
];
networking.firewall.allowPing = true; networking.firewall.allowPing = true;
networking.hostName = "mx"; # Define your hostname. networking.hostName = "mx"; # Define your hostname.
@ -26,20 +29,26 @@
networking.interfaces.enp0s31f6 = { networking.interfaces.enp0s31f6 = {
ipv6 = { ipv6 = {
addresses = [{ addresses = [
address = "2a01:4f9:2b:2e3::2"; # Your IPv6 here {
prefixLength = 64; address = "2a01:4f9:2b:2e3::2"; # Your IPv6 here
}]; prefixLength = 64;
}
];
# Default IPv6 route # Default IPv6 route
routes = [{ routes = [
address = "::"; {
prefixLength = 0; address = "::";
via = "fe80::1"; prefixLength = 0;
}]; via = "fe80::1";
}
];
}; };
ipv4.addresses = [{ ipv4.addresses = [
address = "95.216.66.178"; {
prefixLength = 26; address = "95.216.66.178";
}]; prefixLength = 26;
}
];
}; };
} }

4
systems/x86_64-linux/mx/nextcloud.nix
View file

@ -49,9 +49,7 @@
}; };
services.postgresql = { services.postgresql = {
ensureDatabases = [ ensureDatabases = [ "nextcloud" ];
"nextcloud"
];
ensureUsers = [ ensureUsers = [
{ {
name = "nextcloud"; name = "nextcloud";

17
systems/x86_64-linux/mx/nginx.nix
View file

@ -30,7 +30,6 @@
root = "/var/www/hoyer.xyz/html"; root = "/var/www/hoyer.xyz/html";
}; };
"hoyer.world" = { "hoyer.world" = {
enableACME = false; enableACME = false;
useACMEHost = "hoyer.world"; useACMEHost = "hoyer.world";
@ -47,9 +46,7 @@
"hoyer.xyz" = { "hoyer.xyz" = {
# serverName = "hoyer.xyz"; # serverName = "hoyer.xyz";
serverAliases = [ serverAliases = [ "www.hoyer.xyz" ];
"www.hoyer.xyz"
];
useACMEHost = "hoyer.xyz"; useACMEHost = "hoyer.xyz";
enableACME = false; enableACME = false;
forceSSL = true; forceSSL = true;
@ -108,17 +105,13 @@
}; };
"harald-hoyer.de" = { "harald-hoyer.de" = {
serverAliases = [ serverAliases = [ "www.harald-hoyer.de" ];
"www.harald-hoyer.de"
];
useACMEHost = "harald-hoyer.de"; useACMEHost = "harald-hoyer.de";
globalRedirect = "harald.hoyer.xyz"; globalRedirect = "harald.hoyer.xyz";
forceSSL = true; forceSSL = true;
}; };
"harald.hoyer.xyz" = { "harald.hoyer.xyz" = {
serverAliases = [ serverAliases = [ "www.harald.hoyer.xyz" ];
"www.harald.hoyer.xyz"
];
useACMEHost = "hoyer.xyz"; useACMEHost = "hoyer.xyz";
root = "/var/www/harald.hoyer.xyz/html/"; root = "/var/www/harald.hoyer.xyz/html/";
extraConfig = '' extraConfig = ''
@ -141,9 +134,7 @@
}; };
"hartwin-hoyer.de" = { "hartwin-hoyer.de" = {
serverAliases = [ serverAliases = [ "www.hartwin-hoyer.de" ];
"www.hartwin-hoyer.de"
];
useACMEHost = "hartwin-hoyer.de"; useACMEHost = "hartwin-hoyer.de";
globalRedirect = "hartwin.hoyer.xyz"; globalRedirect = "hartwin.hoyer.xyz";
forceSSL = true; forceSSL = true;

7
systems/x86_64-linux/mx/postgresql.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
{ {
services.postgresql = { services.postgresql = {
package = pkgs.postgresql_14; package = pkgs.postgresql_14;

10
systems/x86_64-linux/mx/rspamd.nix
View file

@ -10,10 +10,12 @@ let
''; '';
in in
{ {
services.rspamd.workers.controller.bindSockets = [{ services.rspamd.workers.controller.bindSockets = [
socket = "/run/rspamd/worker-controller.sock"; {
mode = "0660"; socket = "/run/rspamd/worker-controller.sock";
}]; mode = "0660";
}
];
services.rspamd.locals = { services.rspamd.locals = {
"settings.conf".text = '' "settings.conf".text = ''
bogenschiessen { bogenschiessen {

9
systems/x86_64-linux/mx/server-raid.nix
View file

@ -1,4 +1,11 @@
{ disks ? [ "/dev/sda" "/dev/sdb" ], ... }: { {
disks ? [
"/dev/sda"
"/dev/sdb"
],
...
}:
{
disk = { disk = {
one = { one = {
type = "disk"; type = "disk";

13
systems/x86_64-linux/sgx-attic/atticd.nix
View file

@ -1,18 +1,21 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
{ {
services.postgresql = { services.postgresql = {
enable = true; enable = true;
ensureDatabases = [ "attic" ]; ensureDatabases = [ "attic" ];
ensureUsers = [{ name = "atticd"; }]; ensureUsers = [ { name = "atticd"; } ];
}; };
systemd.services.postgresql.postStart = lib.mkAfter '' systemd.services.postgresql.postStart = lib.mkAfter ''
$PSQL -tAc 'ALTER DATABASE "attic" OWNER TO "atticd"' $PSQL -tAc 'ALTER DATABASE "attic" OWNER TO "atticd"'
''; '';
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [ attic-client ];
attic-client
];
services.atticd = { services.atticd = {
enable = true; enable = true;

7
systems/x86_64-linux/sgx-attic/default.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
{ {

25
systems/x86_64-linux/sgx-attic/hardware-configuration.nix
View file

@ -1,17 +1,28 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: {
config,
lib,
pkgs,
modulesPath,
...
}:
{ {
imports = imports = [
[ ./disko.nix
./disko.nix (modulesPath + "/profiles/qemu-guest.nix")
(modulesPath + "/profiles/qemu-guest.nix") ];
];
disko.devices.disk.main.device = "/dev/vda"; disko.devices.disk.main.device = "/dev/vda";
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ]; boot.initrd.availableKernelModules = [
"ahci"
"xhci_pci"
"virtio_pci"
"sr_mod"
"virtio_blk"
];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];

30
systems/x86_64-linux/sgx-nixos/default.nix
View file

@ -1,10 +1,13 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
{ {
imports = [ imports = [ ./hardware-configuration.nix ];
./hardware-configuration.nix
];
boot.kernel.sysctl."net.ipv4.conf.all.route_localnet" = 1; boot.kernel.sysctl."net.ipv4.conf.all.route_localnet" = 1;
boot.kernelPackages = lib.mkOverride 0 pkgs.linuxPackages_latest; boot.kernelPackages = lib.mkOverride 0 pkgs.linuxPackages_latest;
@ -20,7 +23,10 @@ with lib.metacfg;
nix.enable = true; nix.enable = true;
aesmd_dcap.enable = true; aesmd_dcap.enable = true;
podman.enable = true; podman.enable = true;
user.extraGroups = [ "docker" "sgx" ]; user.extraGroups = [
"docker"
"sgx"
];
}; };
environment.etc."sgx_default_qcnl.conf".text = '' environment.etc."sgx_default_qcnl.conf".text = ''
@ -59,8 +65,18 @@ with lib.metacfg;
systemd.user.extraConfig = "DefaultLimitNOFILE=32768"; systemd.user.extraConfig = "DefaultLimitNOFILE=32768";
security.pam.loginLimits = [ security.pam.loginLimits = [
{ domain = "*"; item = "nofile"; type = "-"; value = "32768"; } {
{ domain = "*"; item = "memlock"; type = "-"; value = "32768"; } domain = "*";
item = "nofile";
type = "-";
value = "32768";
}
{
domain = "*";
item = "memlock";
type = "-";
value = "32768";
}
]; ];
system.stateVersion = "23.11"; system.stateVersion = "23.11";

39
systems/x86_64-linux/sgx-nixos/hardware-configuration.nix
View file

@ -1,30 +1,37 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: {
config,
lib,
pkgs,
modulesPath,
...
}:
{ {
imports = imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
[
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ]; boot.initrd.availableKernelModules = [
"ahci"
"xhci_pci"
"virtio_pci"
"sr_mod"
"virtio_blk"
];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-uuid/ebb90474-ddcb-484b-9663-d71863827af4";
device = "/dev/disk/by-uuid/ebb90474-ddcb-484b-9663-d71863827af4"; fsType = "ext4";
fsType = "ext4"; };
};
fileSystems."/boot" = fileSystems."/boot" = {
{ device = "/dev/disk/by-uuid/941C-7B02";
device = "/dev/disk/by-uuid/941C-7B02"; fsType = "vfat";
fsType = "vfat"; };
};
swapDevices = [ ]; swapDevices = [ ];

10
systems/x86_64-linux/sgx/backup.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
backup_new_path = "/mnt/raid/backup/hoyer/new/"; backup_new_path = "/mnt/raid/backup/hoyer/new/";
restic_repo = "/mnt/backup/restic-repo"; restic_repo = "/mnt/backup/restic-repo";
@ -61,8 +66,7 @@ in
".log" ".log"
".Trash" ".Trash"
]; ];
ignoreFile = builtins.toFile "ignore" ignoreFile = builtins.toFile "ignore" (lib.foldl (a: b: a + "\n" + b) "" ignorePatterns);
(lib.foldl (a: b: a + "\n" + b) "" ignorePatterns);
in in
[ "--exclude-file=${ignoreFile}" ]; [ "--exclude-file=${ignoreFile}" ];
pruneOpts = [ pruneOpts = [

7
systems/x86_64-linux/sgx/default.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
{ {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix

7
systems/x86_64-linux/sgx/fileserver.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
{ {
services.netatalk = { services.netatalk = {
enable = true; enable = true;

35
systems/x86_64-linux/sgx/hardware-configuration.nix
View file

@ -1,12 +1,16 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ pkgs, config, lib, modulesPath, ... }: {
pkgs,
config,
lib,
modulesPath,
...
}:
{ {
imports = [ imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ boot.initrd.availableKernelModules = [
"xhci_pci" "xhci_pci"
@ -43,18 +47,33 @@
"/mnt/raid" = { "/mnt/raid" = {
fsType = "btrfs"; fsType = "btrfs";
device = "/dev/disk/by-uuid/11727be7-bf9b-4888-8b02-d7eb1f898712"; device = "/dev/disk/by-uuid/11727be7-bf9b-4888-8b02-d7eb1f898712";
options = [ "defaults" "compress=zstd" "subvol=root" "autodefrag" "noatime" "nofail" "x-systemd.device-timeout=60" ]; options = [
"defaults"
"compress=zstd"
"subvol=root"
"autodefrag"
"noatime"
"nofail"
"x-systemd.device-timeout=60"
];
}; };
"/mnt/backup" = { "/mnt/backup" = {
fsType = "btrfs"; fsType = "btrfs";
device = "/dev/disk/by-uuid/c29e7eac-26ba-41b1-ac3e-11123476b7c5"; device = "/dev/disk/by-uuid/c29e7eac-26ba-41b1-ac3e-11123476b7c5";
options = [ "defaults" "compress=zstd" "subvol=root" "autodefrag" "noatime" "nofail" "x-systemd.device-timeout=60" ]; options = [
"defaults"
"compress=zstd"
"subvol=root"
"autodefrag"
"noatime"
"nofail"
"x-systemd.device-timeout=60"
];
}; };
}; };
swapDevices = swapDevices = [ { device = "/dev/disk/by-uuid/72d061d7-ab18-47b9-beb1-1c465dda1be9"; } ];
[{ device = "/dev/disk/by-uuid/72d061d7-ab18-47b9-beb1-1c465dda1be9"; }];
environment.etc."crypttab".text = '' environment.etc."crypttab".text = ''
a16 /dev/disk/by-uuid/6f1c1b24-3c94-44be-8d1b-70db562079c1 /dev/disk/by-id/usb-Ut165_USB2FlashStorage_08050508d213e6-0:0-part1 luks,keyfile-size=256 a16 /dev/disk/by-uuid/6f1c1b24-3c94-44be-8d1b-70db562079c1 /dev/disk/by-id/usb-Ut165_USB2FlashStorage_08050508d213e6-0:0-part1 luks,keyfile-size=256

18
systems/x86_64-linux/sgx/network.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
{ {
networking.hostName = "sgx"; # Define your hostname. networking.hostName = "sgx"; # Define your hostname.
networking.useDHCP = false; networking.useDHCP = false;
@ -37,7 +42,14 @@
}; };
}; };
networking.firewall.allowedTCPPorts = [ 8384 22000 config.services.netatalk.port ]; networking.firewall.allowedTCPPorts = [
networking.firewall.allowedUDPPorts = [ 22000 21027 ]; 8384
22000
config.services.netatalk.port
];
networking.firewall.allowedUDPPorts = [
22000
21027
];
networking.firewall.allowPing = true; networking.firewall.allowPing = true;
} }

5
systems/x86_64-linux/t15/default.nix
View file

@ -10,7 +10,10 @@
podman.enable = true; podman.enable = true;
secureboot.enable = true; secureboot.enable = true;
homeprinter.enable = true; homeprinter.enable = true;
user.extraGroups = [ "docker" "dialout" ]; user.extraGroups = [
"docker"
"dialout"
];
}; };
system.autoUpgrade = { system.autoUpgrade = {

36
systems/x86_64-linux/t15/hardware-configuration.nix
View file

@ -1,12 +1,16 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: {
config,
lib,
pkgs,
modulesPath,
...
}:
{ {
imports = [ imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.initrd.availableKernelModules = [ boot.initrd.availableKernelModules = [
@ -40,7 +44,7 @@
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
services.btrfs.autoScrub.enable = true; services.btrfs.autoScrub.enable = true;
swapDevices = [{ device = "/swapfile"; }]; swapDevices = [ { device = "/swapfile"; } ];
boot.initrd.luks.devices.crypted = { boot.initrd.luks.devices.crypted = {
device = "/dev/nvme0n1p2"; device = "/dev/nvme0n1p2";
@ -48,13 +52,12 @@
}; };
fileSystems = { fileSystems = {
"/" = "/" = {
{ device = "/dev/mapper/crypted";
device = "/dev/mapper/crypted"; fsType = "btrfs";
fsType = "btrfs"; options = [ "subvol=/rootfs" ];
options = [ "subvol=/rootfs" ]; neededForBoot = true;
neededForBoot = true; };
};
"/nix" = { "/nix" = {
device = "/dev/mapper/crypted"; device = "/dev/mapper/crypted";
fsType = "btrfs"; fsType = "btrfs";
@ -72,11 +75,10 @@
options = [ "subvol=/persist" ]; options = [ "subvol=/persist" ];
neededForBoot = true; neededForBoot = true;
}; };
"/boot" = "/boot" = {
{ device = "/dev/disk/by-partlabel/disk-one-ESP";
device = "/dev/disk/by-partlabel/disk-one-ESP"; fsType = "vfat";
fsType = "vfat"; };
};
}; };
console.keyMap = "de-latin1-nodeadkeys"; console.keyMap = "de-latin1-nodeadkeys";

19
systems/x86_64-linux/x1/default.nix
View file

@ -12,7 +12,10 @@ with lib.metacfg;
podman.enable = true; podman.enable = true;
secureboot.enable = true; secureboot.enable = true;
homeprinter.enable = true; homeprinter.enable = true;
user.extraGroups = [ "docker" "dialout" ]; user.extraGroups = [
"docker"
"dialout"
];
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
@ -51,8 +54,18 @@ with lib.metacfg;
systemd.user.extraConfig = "DefaultLimitNOFILE=32768"; systemd.user.extraConfig = "DefaultLimitNOFILE=32768";
security.pam.loginLimits = [ security.pam.loginLimits = [
{ domain = "*"; item = "nofile"; type = "-"; value = "32768"; } {
{ domain = "*"; item = "memlock"; type = "-"; value = "32768"; } domain = "*";
item = "nofile";
type = "-";
value = "32768";
}
{
domain = "*";
item = "memlock";
type = "-";
value = "32768";
}
]; ];
services.ollama = { services.ollama = {

43
systems/x86_64-linux/x1/hardware-configuration.nix
View file

@ -1,14 +1,25 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: {
config,
lib,
pkgs,
modulesPath,
...
}:
{ {
imports = [ imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "uas" "usbhid" "sd_mod" ]; boot.initrd.availableKernelModules = [
"xhci_pci"
"thunderbolt"
"nvme"
"uas"
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelPackages = lib.mkOverride 0 pkgs.linuxPackages_latest; boot.kernelPackages = lib.mkOverride 0 pkgs.linuxPackages_latest;
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
@ -24,12 +35,11 @@
services.btrfs.autoScrub.enable = true; services.btrfs.autoScrub.enable = true;
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-uuid/1106202c-c3bf-4c15-b7cd-e78749e5c955";
device = "/dev/disk/by-uuid/1106202c-c3bf-4c15-b7cd-e78749e5c955"; fsType = "btrfs";
fsType = "btrfs"; options = [ "subvol=@" ];
options = [ "subvol=@" ]; };
};
boot.initrd.luks.devices."luks-0e2792db-1b80-49a7-b2eb-54e4b5fc3502" = { boot.initrd.luks.devices."luks-0e2792db-1b80-49a7-b2eb-54e4b5fc3502" = {
device = "/dev/disk/by-uuid/0e2792db-1b80-49a7-b2eb-54e4b5fc3502"; device = "/dev/disk/by-uuid/0e2792db-1b80-49a7-b2eb-54e4b5fc3502";
@ -41,13 +51,12 @@
allowDiscards = true; allowDiscards = true;
}; };
fileSystems."/boot" = fileSystems."/boot" = {
{ device = "/dev/disk/by-uuid/13C4-A825";
device = "/dev/disk/by-uuid/13C4-A825"; fsType = "vfat";
fsType = "vfat"; };
};
swapDevices = [{ device = "/dev/mapper/luks-280f2e07-e5fc-478e-b7ee-445c99bea415"; }]; swapDevices = [ { device = "/dev/mapper/luks-280f2e07-e5fc-478e-b7ee-445c99bea415"; } ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's