harald/nixcfg
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: harald:5aaa1fb4176d334bfeb72e1416f43c009d9bfe2f
Branches Tags
harald:main
harald:b24.05
..
compare: harald:900f95169fdcf43b62d77e572c24f002b8f7b6ab
Branches Tags
harald:main
harald:b24.05

3 commits
5aaa1fb417 ... 900f95169f

Author SHA1 Message Date
Harald Hoyer
900f95169f nix fmt 
Signed-off-by: Harald Hoyer <harald@hoyer.xyz>
 2024-11-19 10:31:29 +01:00
Harald Hoyer
a3187e163d more opengl hw support 2024-11-19 10:30:42 +01:00
Harald Hoyer
0d5229036a add ollama 2024-11-19 10:28:30 +01:00
84 changed files with 1147 additions and 710 deletions
Download patch file Download diff file Expand all files Collapse all files

30
flake.lock generated
View file

@ -935,11 +935,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1720042825, "lastModified": 1726989464,
"narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=", "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073", "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1519,11 +1519,11 @@
}, },
"nixpkgs_4": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1722221733, "lastModified": 1731797254,
"narHash": "sha256-sga9SrrPb+pQJxG1ttJfMPheZvDOxApFfwXCFO0H9xw=", "narHash": "sha256-df3dJApLPhd11AlueuoN0Q4fHo/hagP75LlM5K1sz9g=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "12bf09802d77264e441f48e25459c10c93eada2e", "rev": "e8c38b73aeb218e27163376a2d617e61a2ad9b59",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1535,11 +1535,11 @@
}, },
"nixpkgs_5": { "nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1719707984, "lastModified": 1728740863,
"narHash": "sha256-RoxIr/fbndtuKqulGvNCcuzC6KdAib85Q8gXnjzA1dw=", "narHash": "sha256-u+rxA79a0lyhG+u+oPBRtTDtzz8kvkc9a6SWSt9ekVc=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "7dca15289a1c2990efbe4680f0923ce14139b042", "rev": "a3f9ad65a0bf298ed5847629a57808b97e6e8077",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1555,11 +1555,11 @@
"snowfall-lib": "snowfall-lib" "snowfall-lib": "snowfall-lib"
}, },
"locked": { "locked": {
"lastModified": 1721741092, "lastModified": 1731604482,
"narHash": "sha256-ghFoP5gZpc1i4I4PiVCH00QNZ6s6ipGUcA0P1TsSSC8=", "narHash": "sha256-r75GaDBrZFNHSvhcTR5e0JlgSBALvmwFpgNq58pZ4Pg=",
"owner": "matter-labs", "owner": "matter-labs",
"repo": "nixsgx", "repo": "nixsgx",
"rev": "be2c19592d0d5601184c52c07ab6d88dec07ffd6", "rev": "4ec107365fb8403b5dddf35f0ef940bc5657af22",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -2649,11 +2649,11 @@
}, },
"unstable": { "unstable": {
"locked": { "locked": {
"lastModified": 1722185531, "lastModified": 1731676054,
"narHash": "sha256-veKR07psFoJjINLC8RK4DiLniGGMgF3QMlS4tb74S6k=", "narHash": "sha256-OZiZ3m8SCMfh3B6bfGC/Bm4x3qc1m2SVEAlkV6iY7Yg=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "52ec9ac3b12395ad677e8b62106f0b98c1f8569d", "rev": "5e4fbfb6b3de1aa2872b76d49fafc942626e2add",
"type": "github" "type": "github"
}, },
"original": { "original": {

11
flake.nix
View file

@ -45,7 +45,8 @@
attic.inputs.nixpkgs.follows = "nixpkgs"; attic.inputs.nixpkgs.follows = "nixpkgs";
}; };
outputs = inputs: outputs =
inputs:
let let
lib = inputs.snowfall-lib.mkLib { lib = inputs.snowfall-lib.mkLib {
inherit inputs; inherit inputs;
@ -66,9 +67,7 @@
allowUnfree = true; allowUnfree = true;
}; };
homes.modules = with inputs; [ homes.modules = with inputs; [ neovim-flake.homeManagerModules.default ];
neovim-flake.homeManagerModules.default
];
systems.modules.nixos = with inputs; [ systems.modules.nixos = with inputs; [
lanzaboote.nixosModules.lanzaboote lanzaboote.nixosModules.lanzaboote
@ -79,9 +78,7 @@
attic.nixosModules.atticd attic.nixosModules.atticd
]; ];
overlays = with inputs; [ overlays = with inputs; [ nixsgx-flake.overlays.default ];
nixsgx-flake.overlays.default
];
outputs-builder = channels: { outputs-builder = channels: {
formatter = channels.nixpkgs.nixfmt-rfc-style; formatter = channels.nixpkgs.nixfmt-rfc-style;

10
homes/x86_64-darwin/harald@mpro/default.nix
View file

@ -1,7 +1,8 @@
{ lib {
, pkgs lib,
, config pkgs,
, ... config,
...
}: }:
{ {
home = { home = {
@ -29,4 +30,3 @@
}; };
}; };
} }

16
homes/x86_64-linux/harald@mx/default.nix
View file

@ -1,7 +1,8 @@
{ lib {
, pkgs lib,
, config pkgs,
, ... config,
...
}: }:
{ {
home.sessionPath = [ "$HOME/bin" ]; home.sessionPath = [ "$HOME/bin" ];
@ -32,7 +33,8 @@
xdg.enable = true; xdg.enable = true;
xdg.mime.enable = true; xdg.mime.enable = true;
/* ***************************************** /*
*****************************************
systemd.user.services = { systemd.user.services = {
render_blog = { render_blog = {
Service = { Service = {
@ -69,6 +71,6 @@
Install.WantedBy = [ "timers.target" ]; Install.WantedBy = [ "timers.target" ];
}; };
}; };
***************************** */ *****************************
*/
} }

15
homes/x86_64-linux/harald@sgx-azure/default.nix
View file

@ -1,7 +1,8 @@
{ lib {
, pkgs lib,
, config pkgs,
, ... config,
...
}: }:
{ {
home = { home = {
@ -12,7 +13,10 @@
}; };
nix.settings = { nix.settings = {
substituters = [ "https://cache.nixos.org" "https://attic.teepot.org/tee-pot" ]; substituters = [
"https://cache.nixos.org"
"https://attic.teepot.org/tee-pot"
];
trusted-public-keys = [ trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"tee-pot:SS6HcrpG87S1M6HZGPsfo7d1xJccCGev7/tXc5+I4jg=" "tee-pot:SS6HcrpG87S1M6HZGPsfo7d1xJccCGev7/tXc5+I4jg="
@ -36,4 +40,3 @@
}; };
}; };
} }

6
homes/x86_64-linux/harald@sgx-nixos/default.nix
View file

@ -1,7 +1,4 @@
{ lib { lib, config, ... }:
, config
, ...
}:
{ {
home.sessionPath = [ "$HOME/bin" ]; home.sessionPath = [ "$HOME/bin" ];
@ -27,4 +24,3 @@
xdg.enable = true; xdg.enable = true;
xdg.mime.enable = true; xdg.mime.enable = true;
} }

6
homes/x86_64-linux/harald@sgx/default.nix
View file

@ -1,7 +1,4 @@
{ lib { lib, config, ... }:
, config
, ...
}:
{ {
home.sessionPath = [ "$HOME/bin" ]; home.sessionPath = [ "$HOME/bin" ];
@ -27,4 +24,3 @@
xdg.enable = true; xdg.enable = true;
xdg.mime.enable = true; xdg.mime.enable = true;
} }

6
homes/x86_64-linux/harald@t15/default.nix
View file

@ -1,7 +1,4 @@
{ lib { lib, config, ... }:
, config
, ...
}:
{ {
home.sessionPath = [ "$HOME/bin" ]; home.sessionPath = [ "$HOME/bin" ];
@ -63,4 +60,3 @@
xdg.enable = true; xdg.enable = true;
xdg.mime.enable = true; xdg.mime.enable = true;
} }

6
homes/x86_64-linux/harald@x1/default.nix
View file

@ -1,7 +1,4 @@
{ lib { lib, config, ... }:
, config
, ...
}:
{ {
home.sessionPath = [ "$HOME/bin" ]; home.sessionPath = [ "$HOME/bin" ];
@ -63,4 +60,3 @@
xdg.enable = true; xdg.enable = true;
xdg.mime.enable = true; xdg.mime.enable = true;
} }

64
lib/audio/default.nix
View file

@ -4,10 +4,16 @@ rec {
## Renames an alsa device from a given `name` using the new `description`. ## Renames an alsa device from a given `name` using the new `description`.
## ##
#@ { name: String, description: String } -> { matches: List, apply_properties: Attrs } #@ { name: String, description: String } -> { matches: List, apply_properties: Attrs }
mkAlsaRename = { name, description }: { mkAlsaRename =
{ name, description }:
{
matches = [ matches = [
[ [
[ "device.name" "matches" name ] [
"device.name"
"matches"
name
]
] ]
]; ];
# actions = { "update-props" = { "node.description" = description; }; }; # actions = { "update-props" = { "node.description" = description; }; };
@ -19,9 +25,20 @@ rec {
## Create a pipewire audio node. ## Create a pipewire audio node.
## ##
#@ { name: String, factory: String ? "adapter", ... } -> { factory: String, args: Attrs } #@ { name: String, factory: String ? "adapter", ... } -> { factory: String, args: Attrs }
mkAudioNode = args@{ name, factory ? "adapter", ... }: { mkAudioNode =
args@{
name,
factory ? "adapter",
...
}:
{
inherit factory; inherit factory;
args = (builtins.removeAttrs args [ "name" "description" ]) // { args =
(builtins.removeAttrs args [
"name"
"description"
])
// {
"node.name" = name; "node.name" = name;
"node.description" = args.description or args."node.description"; "node.description" = args.description or args."node.description";
"factory.name" = args."factory.name" or "support.null-audio-sink"; "factory.name" = args."factory.name" or "support.null-audio-sink";
@ -31,28 +48,45 @@ rec {
## Create a virtual pipewire audio node. ## Create a virtual pipewire audio node.
## ##
#@ { name: String, ... } -> { factory: "adapter", args: Attrs } #@ { name: String, ... } -> { factory: "adapter", args: Attrs }
mkVirtualAudioNode = args@{ name, ... }: mkVirtualAudioNode =
mkAudioNode (args // { args@{ name, ... }:
mkAudioNode (
args
// {
name = "virtual-${lib.toLower name}-audio"; name = "virtual-${lib.toLower name}-audio";
description = "${name} (Virtual)"; description = "${name} (Virtual)";
"media.class" = args.class or args."media.class" or "Audio/Duplex"; "media.class" = args.class or args."media.class" or "Audio/Duplex";
"object.linger" = args."object.linger" or true; "object.linger" = args."object.linger" or true;
"audio.position" = args."audio.position" or [ "FL" "FR" ]; "audio.position" =
args."audio.position" or [
"FL"
"FR"
];
"monitor.channel-volumes" = args."monitor.channel-volumes" or true; "monitor.channel-volumes" = args."monitor.channel-volumes" or true;
}); }
);
## Connect two pipewire audio nodes ## Connect two pipewire audio nodes
## ##
#@ { name: String?, from: String, to: String, ... } -> { name: "libpipewire-module-loopback", args: Attrs } #@ { name: String?, from: String, to: String, ... } -> { name: "libpipewire-module-loopback", args: Attrs }
mkBridgeAudioModule = args@{ from, to, ... }: { mkBridgeAudioModule =
args@{ from, to, ... }:
{
name = "libpipewire-module-loopback"; name = "libpipewire-module-loopback";
args = (builtins.removeAttrs args [ "from" "to" "name" ]) // { args =
(builtins.removeAttrs args [
"from"
"to"
"name"
])
// {
"node.name" = "node.name" =
if args ? name then if args ? name then "${args.name}-bridge" else "${lib.toLower from}-to-${lib.toLower to}-bridge";
"${args.name}-bridge" "audio.position" =
else args."audio.position" or [
"${lib.toLower from}-to-${lib.toLower to}-bridge"; "FL"
"audio.position" = args."audio.position" or [ "FL" "FR" ]; "FR"
];
"capture.props" = { "capture.props" = {
"node.target" = from; "node.target" = from;
} // (args."capture.props" or { }); } // (args."capture.props" or { });

9
lib/default.nix
View file

@ -1,4 +1,8 @@
{ lib, inputs, snowfall-inputs }: {
lib,
inputs,
snowfall-inputs,
}:
rec { rec {
## Override a package's metadata ## Override a package's metadata
@ -13,7 +17,8 @@ rec {
## ``` ## ```
## ##
#@ Attrs -> Package -> Package #@ Attrs -> Package -> Package
override-meta = meta: package: override-meta =
meta: package:
package.overrideAttrs (attrs: { package.overrideAttrs (attrs: {
meta = (attrs.meta or { }) // meta; meta = (attrs.meta or { }) // meta;
}); });

42
lib/deploy/default.nix
View file

@ -16,36 +16,42 @@ rec {
## ``` ## ```
## ##
#@ { self: Flake, overrides: Attrs ? {} } -> Attrs #@ { self: Flake, overrides: Attrs ? {} } -> Attrs
mkDeploy = { self, overrides ? { } }: mkDeploy =
{
self,
overrides ? { },
}:
let let
hosts = self.nixosConfigurations or { }; hosts = self.nixosConfigurations or { };
names = builtins.attrNames hosts; names = builtins.attrNames hosts;
nodes = lib.foldl nodes = lib.foldl (
(result: name: result: name:
let let
host = hosts.${name}; host = hosts.${name};
user = host.config.metacfg.user.name or null; user = host.config.metacfg.user.name or null;
inherit (host.pkgs) system; inherit (host.pkgs) system;
in in
result // { result
// {
${name} = (overrides.${name} or { }) // { ${name} = (overrides.${name} or { }) // {
hostname = overrides.${name}.hostname or "${name}"; hostname = overrides.${name}.hostname or "${name}";
profiles = (overrides.${name}.profiles or { }) // { profiles = (overrides.${name}.profiles or { }) // {
system = (overrides.${name}.profiles.system or { }) // { system =
(overrides.${name}.profiles.system or { })
// {
path = deploy-rs.lib.${system}.activate.nixos host; path = deploy-rs.lib.${system}.activate.nixos host;
} // lib.optionalAttrs (user != null) { }
// lib.optionalAttrs (user != null) {
user = "root"; user = "root";
sshUser = user; sshUser = user;
} // lib.optionalAttrs }
(host.config.metacfg.security.doas.enable or false) // lib.optionalAttrs (host.config.metacfg.security.doas.enable or false) { sudo = "doas -u"; };
{ };
sudo = "doas -u"; };
}; }
}; ) { } names;
}; in
}) {
{ } inherit nodes;
names; };
in
{ inherit nodes; };
} }

6
lib/module/default.nix
View file

@ -1,6 +1,7 @@
{ lib, ... }: { lib, ... }:
with lib; rec { with lib;
rec {
## Create a NixOS module option. ## Create a NixOS module option.
## ##
## ```nix ## ```nix
@ -8,7 +9,8 @@ with lib; rec {
## ``` ## ```
## ##
#@ Type -> Any -> String #@ Type -> Any -> String
mkOpt = type: default: description: mkOpt =
type: default: description:
mkOption { inherit type default description; }; mkOption { inherit type default description; };
## Create a NixOS module option without a description. ## Create a NixOS module option without a description.

28
lib/network/default.nix
View file

@ -1,4 +1,8 @@
{ lib, inputs, snowfall-inputs }: {
lib,
inputs,
snowfall-inputs,
}:
let let
inherit (inputs.nixpkgs.lib) assertMsg last; inherit (inputs.nixpkgs.lib) assertMsg last;
@ -9,14 +13,17 @@ in
# Type: String -> Attrs # Type: String -> Attrs
# Usage: get-address-parts "bismuth:3000" # Usage: get-address-parts "bismuth:3000"
# result: { host = "bismuth"; port = "3000"; } # result: { host = "bismuth"; port = "3000"; }
get-address-parts = address: get-address-parts =
address:
let let
address-parts = builtins.split ":" address; address-parts = builtins.split ":" address;
ip = builtins.head address-parts; ip = builtins.head address-parts;
host = if ip == "" then "127.0.0.1" else ip; host = if ip == "" then "127.0.0.1" else ip;
port = if builtins.length address-parts != 3 then "" else last address-parts; port = if builtins.length address-parts != 3 then "" else last address-parts;
in in
{ inherit host port; }; {
inherit host port;
};
## Create proxy configuration for NGINX virtual hosts. ## Create proxy configuration for NGINX virtual hosts.
## ##
@ -33,18 +40,19 @@ in
## ##
#@ { port: Int ? null, host: String ? "127.0.0.1", proxy-web-sockets: Bool ? false, extra-config: Attrs ? { } } -> Attrs #@ { port: Int ? null, host: String ? "127.0.0.1", proxy-web-sockets: Bool ? false, extra-config: Attrs ? { } } -> Attrs
create-proxy = create-proxy =
{ port ? null {
, host ? "127.0.0.1" port ? null,
, proxy-web-sockets ? false host ? "127.0.0.1",
, extra-config ? { } proxy-web-sockets ? false,
extra-config ? { },
}: }:
assert assertMsg (port != "" && port != null) "port cannot be empty"; assert assertMsg (port != "" && port != null) "port cannot be empty";
assert assertMsg (host != "") "host cannot be empty"; assert assertMsg (host != "") "host cannot be empty";
extra-config // { extra-config
// {
locations = (extra-config.locations or { }) // { locations = (extra-config.locations or { }) // {
"/" = (extra-config.locations."/" or { }) // { "/" = (extra-config.locations."/" or { }) // {
proxyPass = proxyPass = "http://${host}${if port != null then ":${builtins.toString port}" else ""}";
"http://${host}${if port != null then ":${builtins.toString port}" else ""}";
proxyWebsockets = proxy-web-sockets; proxyWebsockets = proxy-web-sockets;
}; };

15
modules/darwin/home/default.nix
View file

@ -1,4 +1,11 @@
{ options, config, pkgs, lib, inputs, ... }: {
options,
config,
pkgs,
lib,
inputs,
...
}:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
@ -11,9 +18,9 @@ in
# ]; # ];
options.metacfg.home = with types; { options.metacfg.home = with types; {
file = mkOpt attrs { } file = mkOpt attrs { } "A set of files to be managed by home-manager's <option>home.file</option>.";
"A set of files to be managed by home-manager's <option>home.file</option>."; configFile =
configFile = mkOpt attrs { } mkOpt attrs { }
"A set of files to be managed by home-manager's <option>xdg.configFile</option>."; "A set of files to be managed by home-manager's <option>xdg.configFile</option>.";
extraOptions = mkOpt attrs { } "Options to pass directly to home-manager."; extraOptions = mkOpt attrs { } "Options to pass directly to home-manager.";
homeConfig = mkOpt attrs { } "Final config for home-manager."; homeConfig = mkOpt attrs { } "Final config for home-manager.";

23
modules/darwin/nix/default.nix
View file

@ -1,11 +1,13 @@
{ options {
, config options,
, pkgs config,
, lib pkgs,
, ... lib,
...
}: }:
with lib; with lib;
with lib.metacfg; let with lib.metacfg;
let
cfg = config.metacfg.nix; cfg = config.metacfg.nix;
in in
{ {
@ -24,7 +26,10 @@ in
nix = nix =
let let
users = [ "root" config.metacfg.user.name ]; users = [
"root"
config.metacfg.user.name
];
in in
{ {
package = cfg.package; package = cfg.package;
@ -60,7 +65,9 @@ in
gc = { gc = {
automatic = true; automatic = true;
interval = { Day = 7; }; interval = {
Day = 7;
};
options = "--delete-older-than 30d"; options = "--delete-older-than 30d";
user = config.metacfg.user.name; user = config.metacfg.user.name;
}; };

12
modules/darwin/security/gpg/default.nix
View file

@ -1,4 +1,10 @@
{ lib, config, pkgs, inputs, ... }: {
lib,
config,
pkgs,
inputs,
...
}:
let let
inherit (lib) types mkEnableOption mkIf; inherit (lib) types mkEnableOption mkIf;
@ -21,9 +27,7 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [ gnupg ];
gnupg
];
environment.shellInit = '' environment.shellInit = ''
export GPG_TTY="$(tty)" export GPG_TTY="$(tty)"

16
modules/darwin/services/base/default.nix
View file

@ -1,8 +1,9 @@
{ options {
, config options,
, lib config,
, pkgs lib,
, ... pkgs,
...
}: }:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
@ -37,7 +38,10 @@ in
wget wget
starship starship
]; ];
shells = [ pkgs.fish pkgs.bash ]; shells = [
pkgs.fish
pkgs.bash
];
}; };
programs = { programs = {

4
modules/darwin/services/nix-daemon/default.nix
View file

@ -11,7 +11,5 @@ in
enable = mkOpt types.bool true "Whether to enable the Nix daemon."; enable = mkOpt types.bool true "Whether to enable the Nix daemon.";
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable { services.nix-daemon = enabled; };
services.nix-daemon = enabled;
};
} }

8
modules/darwin/suites/common/default.nix
View file

@ -1,4 +1,10 @@
{ options, config, lib, pkgs, ... }: {
options,
config,
lib,
pkgs,
...
}:
with lib; with lib;
with lib.metacfg; with lib.metacfg;

17
modules/darwin/system/fonts/default.nix
View file

@ -1,8 +1,15 @@
{ options, config, pkgs, lib, ... }: {
options,
config,
pkgs,
lib,
...
}:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
let cfg = config.metacfg.system.fonts; let
cfg = config.metacfg.system.fonts;
in in
{ {
options.metacfg.system.fonts = with types; { options.metacfg.system.fonts = with types; {
@ -17,14 +24,16 @@ in
}; };
fonts = { fonts = {
packages = with pkgs; packages =
with pkgs;
[ [
noto-fonts noto-fonts
noto-fonts-cjk-sans noto-fonts-cjk-sans
noto-fonts-cjk-serif noto-fonts-cjk-serif
noto-fonts-emoji noto-fonts-emoji
(nerdfonts.override { fonts = [ "Hack" ]; }) (nerdfonts.override { fonts = [ "Hack" ]; })
] ++ cfg.fonts; ]
++ cfg.fonts;
}; };
}; };
} }

14
modules/darwin/system/interface/default.nix
View file

@ -1,8 +1,15 @@
{ options, config, pkgs, lib, ... }: {
options,
config,
pkgs,
lib,
...
}:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
let cfg = config.metacfg.system.interface; let
cfg = config.metacfg.system.interface;
in in
{ {
options.metacfg.system.interface = with types; { options.metacfg.system.interface = with types; {
@ -10,7 +17,8 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
system.activationScripts.applications.text = let system.activationScripts.applications.text =
let
env = pkgs.buildEnv { env = pkgs.buildEnv {
name = "system-applications"; name = "system-applications";
paths = config.environment.systemPackages; paths = config.environment.systemPackages;

9
modules/darwin/user/default.nix
View file

@ -1,7 +1,8 @@
{ lib {
, config lib,
, pkgs config,
, ... pkgs,
...
}: }:
let let
inherit (lib) types mkIf mkDefault; inherit (lib) types mkIf mkDefault;

13
modules/home/cli-apps/bash/default.nix
View file

@ -1,7 +1,8 @@
{ lib {
, config lib,
, pkgs config,
, ... pkgs,
...
}: }:
let let
inherit (lib) mkEnableOption mkIf; inherit (lib) mkEnableOption mkIf;
@ -14,9 +15,7 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
home.packages = with pkgs; [ home.packages = with pkgs; [ bashInteractive ];
bashInteractive
];
programs.bash = { programs.bash = {
enable = true; enable = true;
initExtra = '' initExtra = ''

19
modules/home/cli-apps/bat/default.nix
View file

@ -1,10 +1,12 @@
{ lib {
, config lib,
, pkgs config,
, ... pkgs,
...
}: }:
with lib; with lib;
with lib.metacfg; let with lib.metacfg;
let
cfg = config.metacfg.cli-apps.bat; cfg = config.metacfg.cli-apps.bat;
in in
{ {
@ -16,7 +18,12 @@ in
programs.bat = { programs.bat = {
enable = true; enable = true;
config.theme = "ansi"; config.theme = "ansi";
extraPackages = with pkgs.bat-extras; [ batdiff batman batgrep batwatch ]; extraPackages = with pkgs.bat-extras; [
batdiff
batman
batgrep
batwatch
];
}; };
}; };
} }

15
modules/home/cli-apps/fish/default.nix
View file

@ -1,7 +1,8 @@
{ lib {
, config lib,
, pkgs config,
, ... pkgs,
...
}: }:
let let
inherit (lib) mkEnableOption mkIf; inherit (lib) mkEnableOption mkIf;
@ -33,7 +34,8 @@ in
end end
''; '';
plugins = [{ plugins = [
{
name = "foreign-env"; name = "foreign-env";
src = pkgs.fetchFromGitHub { src = pkgs.fetchFromGitHub {
owner = "oh-my-fish"; owner = "oh-my-fish";
@ -41,7 +43,8 @@ in
rev = "dddd9213272a0ab848d474d0cbde12ad034e65bc"; rev = "dddd9213272a0ab848d474d0cbde12ad034e65bc";
sha256 = "00xqlyl3lffc5l0viin1nyp819wf81fncqyz87jx8ljjdhilmgbs"; sha256 = "00xqlyl3lffc5l0viin1nyp819wf81fncqyz87jx8ljjdhilmgbs";
}; };
}]; }
];
# shellInit = # shellInit =
# '' # ''

11
modules/home/cli-apps/home-manager/default.nix
View file

@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }: {
lib,
config,
pkgs,
...
}:
let let
inherit (lib) mkEnableOption mkIf; inherit (lib) mkEnableOption mkIf;
@ -24,8 +29,6 @@ in
man = "${pkgs.bat-extras.batman}/bin/batman"; man = "${pkgs.bat-extras.batman}/bin/batman";
}; };
home.packages = with pkgs; [ home.packages = with pkgs; [ vim ];
vim
];
}; };
} }

17
modules/home/cli-apps/neovim/default.nix
View file

@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }: {
lib,
config,
pkgs,
...
}:
let let
inherit (lib) mkEnableOption mkIf; inherit (lib) mkEnableOption mkIf;
@ -199,7 +204,10 @@ in
nix = 110; nix = 110;
ruby = 120; ruby = 120;
java = 130; java = 130;
go = [ 90 130 ]; go = [
90
130
];
}; };
}; };
}; };
@ -223,7 +231,10 @@ in
comment-nvim.enable = true; comment-nvim.enable = true;
}; };
vim.spellChecking.languages = [ "en" "de" ]; vim.spellChecking.languages = [
"en"
"de"
];
}; };
}; };
}; };

23
modules/home/cli-apps/starship/default.nix
View file

@ -1,7 +1,8 @@
{ lib {
, config lib,
, pkgs config,
, ... pkgs,
...
}: }:
let let
inherit (lib) mkEnableOption mkIf; inherit (lib) mkEnableOption mkIf;
@ -15,16 +16,22 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
home.packages = with pkgs; [ home.packages = with pkgs; [
(pkgs.nerdfonts.override { fonts = [ "FiraCode" "DroidSansMono" "JetBrainsMono" ]; }) (pkgs.nerdfonts.override {
fonts = [
"FiraCode"
"DroidSansMono"
"JetBrainsMono"
];
})
]; ];
programs.starship = { programs.starship = {
enable = true; enable = true;
settings = { settings = {
container.format = "[\\[$name\\]]($style) "; container.format = "[\\[$name\\]]($style) ";
git_status = { git_status = {
ahead = "$\{count}"; ahead = "\${count}";
diverged = "$\{ahead_count}$\{behind_count}"; diverged = "\${ahead_count}\${behind_count}";
behind = "$\{count}"; behind = "\${count}";
}; };
}; };
}; };

18
modules/home/cli-apps/tmux/default.nix
View file

@ -1,10 +1,12 @@
{ lib {
, config lib,
, pkgs config,
, ... pkgs,
...
}: }:
with lib; with lib;
with lib.metacfg; let with lib.metacfg;
let
cfg = config.metacfg.cli-apps.tmux; cfg = config.metacfg.cli-apps.tmux;
in in
{ {
@ -12,9 +14,5 @@ in
enable = mkEnableOption "Tmux"; enable = mkEnableOption "Tmux";
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable { home.packages = with pkgs; [ tmux ]; };
home.packages = with pkgs; [
tmux
];
};
} }

9
modules/home/host/default.nix
View file

@ -1,4 +1,11 @@
{ lib, config, pkgs, host ? null, format ? "unknown", ... }: {
lib,
config,
pkgs,
host ? null,
format ? "unknown",
...
}:
let let
inherit (lib) types; inherit (lib) types;

17
modules/home/tools/alacritty/default.nix
View file

@ -1,7 +1,8 @@
{ lib {
, config lib,
, pkgs config,
, ... pkgs,
...
}: }:
let let
inherit (lib) mkEnableOption mkIf; inherit (lib) mkEnableOption mkIf;
@ -16,7 +17,13 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
home.packages = with pkgs; [ home.packages = with pkgs; [
alacritty alacritty
(pkgs.nerdfonts.override { fonts = [ "FiraCode" "DroidSansMono" "JetBrainsMono" ]; }) (pkgs.nerdfonts.override {
fonts = [
"FiraCode"
"DroidSansMono"
"JetBrainsMono"
];
})
]; ];
}; };
} }

11
modules/home/tools/direnv/default.nix
View file

@ -1,8 +1,15 @@
{ options, config, lib, pkgs, ... }: {
options,
config,
lib,
pkgs,
...
}:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
let cfg = config.metacfg.tools.direnv; let
cfg = config.metacfg.tools.direnv;
in in
{ {
options.metacfg.tools.direnv = with types; { options.metacfg.tools.direnv = with types; {

26
modules/home/tools/git/default.nix
View file

@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }: {
lib,
config,
pkgs,
...
}:
let let
inherit (lib) types mkEnableOption mkIf; inherit (lib) types mkEnableOption mkIf;
@ -13,7 +18,8 @@ in
userName = mkOpt types.str user.fullName "The name to configure git with."; userName = mkOpt types.str user.fullName "The name to configure git with.";
userEmail = mkOpt types.str user.email "The email to configure git with."; userEmail = mkOpt types.str user.email "The email to configure git with.";
signingKey = signingKey =
mkOpt types.str "7F3D64824AC0B6B8009E50504BC0896FB5693595" "The key ID to sign commits with."; mkOpt types.str "7F3D64824AC0B6B8009E50504BC0896FB5693595"
"The key ID to sign commits with.";
signByDefault = mkOpt types.bool false "Whether to sign commits by default."; signByDefault = mkOpt types.bool false "Whether to sign commits by default.";
}; };
@ -32,10 +38,18 @@ in
inherit (cfg) signByDefault; inherit (cfg) signByDefault;
}; };
extraConfig = { extraConfig = {
init = { defaultBranch = "main"; }; init = {
pull = { rebase = true; }; defaultBranch = "main";
push = { autoSetupRemote = true; }; };
core = { whitespace = "trailing-space,space-before-tab"; }; pull = {
rebase = true;
};
push = {
autoSetupRemote = true;
};
core = {
whitespace = "trailing-space,space-before-tab";
};
safe = { safe = {
directory = "${user.home}/git"; directory = "${user.home}/git";
}; };

23
modules/home/tools/jetbrains/default.nix
View file

@ -1,8 +1,15 @@
{ options, config, lib, pkgs, ... }: {
options,
config,
lib,
pkgs,
...
}:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
let cfg = config.metacfg.tools.jetbrains; let
cfg = config.metacfg.tools.jetbrains;
in in
{ {
options.metacfg.tools.jetbrains = with types; { options.metacfg.tools.jetbrains = with types; {
@ -10,12 +17,16 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
home.sessionPath = [ home.sessionPath = [ "$HOME/.local/share/JetBrains/Toolbox/scripts" ];
"$HOME/.local/share/JetBrains/Toolbox/scripts"
];
home.packages = with pkgs; [ home.packages = with pkgs; [
jetbrains-toolbox jetbrains-toolbox
(pkgs.nerdfonts.override { fonts = [ "FiraCode" "DroidSansMono" "JetBrainsMono" ]; }) (pkgs.nerdfonts.override {
fonts = [
"FiraCode"
"DroidSansMono"
"JetBrainsMono"
];
})
]; ];
}; };
} }

11
modules/home/tools/ssh/default.nix
View file

@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }: {
lib,
config,
pkgs,
...
}:
let let
inherit (lib) types mkEnableOption mkIf; inherit (lib) types mkEnableOption mkIf;
@ -10,9 +15,7 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
home.packages = with pkgs; [ home.packages = with pkgs; [ mosh ];
mosh
];
programs.ssh = { programs.ssh = {
enable = true; enable = true;
extraConfig = '' extraConfig = ''

15
modules/home/user/default.nix
View file

@ -1,7 +1,18 @@
{ lib, config, pkgs, osConfig ? { }, ... }: {
lib,
config,
pkgs,
osConfig ? { },
...
}:
let let
inherit (lib) types mkIf mkDefault mkMerge; inherit (lib)
types
mkIf
mkDefault
mkMerge
;
inherit (lib.metacfg) mkOpt; inherit (lib.metacfg) mkOpt;
cfg = config.metacfg.user; cfg = config.metacfg.user;

23
modules/nixos/home/default.nix
View file

@ -1,15 +1,23 @@
{ options, config, pkgs, lib, inputs, ... }: {
options,
config,
pkgs,
lib,
inputs,
...
}:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
let cfg = config.metacfg.home; let
cfg = config.metacfg.home;
in in
{ {
options.metacfg.home = with types; { options.metacfg.home = with types; {
file = mkOpt attrs { } file = mkOpt attrs { } (mdDoc "A set of files to be managed by home-manager's `home.file`.");
(mdDoc "A set of files to be managed by home-manager's `home.file`."); configFile = mkOpt attrs { } (
configFile = mkOpt attrs { } mdDoc "A set of files to be managed by home-manager's `xdg.configFile`."
(mdDoc "A set of files to be managed by home-manager's `xdg.configFile`."); );
extraOptions = mkOpt attrs { } "Options to pass directly to home-manager."; extraOptions = mkOpt attrs { } "Options to pass directly to home-manager.";
}; };
@ -25,8 +33,7 @@ in
useUserPackages = true; useUserPackages = true;
useGlobalPkgs = true; useGlobalPkgs = true;
users.${config.metacfg.user.name} = users.${config.metacfg.user.name} = mkAliasDefinitions options.metacfg.home.extraOptions;
mkAliasDefinitions options.metacfg.home.extraOptions;
}; };
}; };
} }

11
modules/nixos/nix-ld/default.nix
View file

@ -1,8 +1,15 @@
{ options, config, lib, pkgs, ... }: {
options,
config,
lib,
pkgs,
...
}:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
let cfg = config.metacfg.nix-ld; let
cfg = config.metacfg.nix-ld;
in in
{ {
options.metacfg.nix-ld = with types; { options.metacfg.nix-ld = with types; {

56
modules/nixos/nix/default.nix
View file

@ -1,15 +1,25 @@
{ options, config, pkgs, lib, inputs, ... }: {
options,
config,
pkgs,
lib,
inputs,
...
}:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
let let
cfg = config.metacfg.nix; cfg = config.metacfg.nix;
substituters-submodule = types.submodule ({ name, ... }: { substituters-submodule = types.submodule (
{ name, ... }:
{
options = with types; { options = with types; {
key = mkOpt (nullOr str) null "The trusted public key for this substituter."; key = mkOpt (nullOr str) null "The trusted public key for this substituter.";
}; };
}); }
);
in in
{ {
options.metacfg.nix = with types; { options.metacfg.nix = with types; {
@ -18,25 +28,23 @@ in
default-substituter = { default-substituter = {
url = mkOpt str "https://cache.nixos.org" "The url for the substituter."; url = mkOpt str "https://cache.nixos.org" "The url for the substituter.";
key = mkOpt str "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" "The trusted public key for the substituter."; key =
mkOpt str "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"The trusted public key for the substituter.";
}; };
extra-substituters = mkOpt (attrsOf substituters-submodule) { } "Extra substituters to configure."; extra-substituters = mkOpt (attrsOf substituters-submodule) { } "Extra substituters to configure.";
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
assertions = mapAttrsToList assertions = mapAttrsToList (name: value: {
(name: value: {
assertion = value.key != null; assertion = value.key != null;
message = "metacfg.nix.extra-substituters.${name}.key must be set"; message = "metacfg.nix.extra-substituters.${name}.key must be set";
}) }) cfg.extra-substituters;
cfg.extra-substituters;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
metacfg.nixos-revision metacfg.nixos-revision
(metacfg.nixos-hosts.override { (metacfg.nixos-hosts.override { hosts = inputs.self.nixosConfigurations; })
hosts = inputs.self.nixosConfigurations;
})
deploy-rs deploy-rs
nixfmt nixfmt
nix-index nix-index
@ -48,8 +56,10 @@ in
nix = nix =
let let
users = [ "root" config.metacfg.user.name ] ++ users = [
optional config.services.hydra.enable "hydra"; "root"
config.metacfg.user.name
] ++ optional config.services.hydra.enable "hydra";
extra-substituters = cfg.extra-substituters // { extra-substituters = cfg.extra-substituters // {
"https://attic.teepot.org/tee-pot".key = "tee-pot:SS6HcrpG87S1M6HZGPsfo7d1xJccCGev7/tXc5+I4jg="; "https://attic.teepot.org/tee-pot".key = "tee-pot:SS6HcrpG87S1M6HZGPsfo7d1xJccCGev7/tXc5+I4jg=";
}; };
@ -57,7 +67,8 @@ in
{ {
package = cfg.package; package = cfg.package;
settings = { settings =
{
experimental-features = "nix-command flakes"; experimental-features = "nix-command flakes";
http-connections = 50; http-connections = 50;
warn-dirty = false; warn-dirty = false;
@ -67,16 +78,15 @@ in
trusted-users = users; trusted-users = users;
allowed-users = users; allowed-users = users;
substituters = substituters = [
[ cfg.default-substituter.url ] cfg.default-substituter.url
++ ] ++ (mapAttrsToList (name: value: name) extra-substituters);
(mapAttrsToList (name: value: name) extra-substituters); trusted-public-keys = [
trusted-public-keys = cfg.default-substituter.key
[ cfg.default-substituter.key ] ] ++ (mapAttrsToList (name: value: value.key) extra-substituters);
++
(mapAttrsToList (name: value: value.key) extra-substituters);
} // (lib.optionalAttrs config.metacfg.tools.direnv.enable { }
// (lib.optionalAttrs config.metacfg.tools.direnv.enable {
keep-outputs = true; keep-outputs = true;
keep-derivations = true; keep-derivations = true;
}); });

20
modules/nixos/services/base/default.nix
View file

@ -1,8 +1,9 @@
{ options {
, config options,
, lib config,
, pkgs lib,
, ... pkgs,
...
}: }:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
@ -39,7 +40,9 @@ in
}; };
environment = { environment = {
sessionVariables = { PATH = "$HOME/bin"; }; sessionVariables = {
PATH = "$HOME/bin";
};
systemPackages = with pkgs; [ systemPackages = with pkgs; [
age age
bash bash
@ -73,7 +76,10 @@ in
"$@" "$@"
'') '')
]; ];
shells = [ pkgs.fish pkgs.bash ]; shells = [
pkgs.fish
pkgs.bash
];
}; };
hardware = { hardware = {

25
modules/nixos/services/gui/default.nix
View file

@ -1,8 +1,15 @@
{ options, config, lib, pkgs, ... }: {
options,
config,
lib,
pkgs,
...
}:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
let cfg = config.metacfg.gui; let
cfg = config.metacfg.gui;
in in
{ {
options.metacfg.gui = with types; { options.metacfg.gui = with types; {
@ -60,12 +67,18 @@ in
hardware.pulseaudio.enable = false; hardware.pulseaudio.enable = false;
hardware.opengl = { hardware.opengl = {
enable = true; enable = true;
driSupport = true;
driSupport32Bit = true;
extraPackages = with pkgs; [ extraPackages = with pkgs; [
onevpl-intel-gpu onevpl-intel-gpu
intel-compute-runtime intel-compute-runtime
intel-media-driver # LIBVA_DRIVER_NAME=iHD intel-media-driver # LIBVA_DRIVER_NAME=iHD
#intel-vaapi-driver # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium) #intel-vaapi-driver # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
libvdpau-va-gl libvdpau-va-gl
rocmPackages.clr.icd
amdvlk
]; ];
}; };
environment.sessionVariables = { environment.sessionVariables = {
@ -144,7 +157,13 @@ in
noto-fonts-emoji noto-fonts-emoji
liberation_ttf liberation_ttf
freefont_ttf freefont_ttf
(nerdfonts.override { fonts = [ "FiraCode" "DroidSansMono" "JetBrainsMono" ]; }) (nerdfonts.override {
fonts = [
"FiraCode"
"DroidSansMono"
"JetBrainsMono"
];
})
]; ];
fontconfig = { fontconfig = {

11
modules/nixos/services/homeprinter/default.nix
View file

@ -1,8 +1,15 @@
{ options, config, lib, pkgs, ... }: {
options,
config,
lib,
pkgs,
...
}:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
let cfg = config.metacfg.homeprinter; let
cfg = config.metacfg.homeprinter;
in in
{ {
options.metacfg.homeprinter = with types; { options.metacfg.homeprinter = with types; {

15
modules/nixos/services/podman/default.nix
View file

@ -1,8 +1,15 @@
{ options, config, lib, pkgs, ... }: {
options,
config,
lib,
pkgs,
...
}:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
let cfg = config.metacfg.podman; let
cfg = config.metacfg.podman;
in in
{ {
options.metacfg.podman = with types; { options.metacfg.podman = with types; {
@ -18,7 +25,9 @@ in
dockerCompat = lib.mkDefault true; dockerCompat = lib.mkDefault true;
# For Nixos version > 22.11 # For Nixos version > 22.11
defaultNetwork.settings = { dns_enabled = true; }; defaultNetwork.settings = {
dns_enabled = true;
};
}; };
}; };
}; };

11
modules/nixos/services/secureboot/default.nix
View file

@ -1,8 +1,15 @@
{ options, config, lib, pkgs, ... }: {
options,
config,
lib,
pkgs,
...
}:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
let cfg = config.metacfg.secureboot; let
cfg = config.metacfg.secureboot;
in in
{ {
options.metacfg.secureboot = with types; { options.metacfg.secureboot = with types; {

23
modules/nixos/sgx/aesmd_dcap/default.nix
View file

@ -1,4 +1,10 @@
{ options, config, lib, pkgs, ... }: {
options,
config,
lib,
pkgs,
...
}:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
@ -21,14 +27,15 @@ in
quoteProviderLibrary = pkgs.nixsgx.sgx-dcap.default_qpl; quoteProviderLibrary = pkgs.nixsgx.sgx-dcap.default_qpl;
}; };
systemd.services.aesmd = { systemd.services.aesmd = {
environment.LD_LIBRARY_PATH = lib.mkForce (lib.makeLibraryPath [ pkgs.nixsgx.sgx-dcap.default_qpl pkgs.curl.out ]); environment.LD_LIBRARY_PATH = lib.mkForce (
lib.makeLibraryPath [
pkgs.nixsgx.sgx-dcap.default_qpl
pkgs.curl.out
]
);
serviceConfig = { serviceConfig = {
BindReadOnlyPaths = [ BindReadOnlyPaths = [ "/etc/sgx_default_qcnl.conf" ];
"/etc/sgx_default_qcnl.conf" BindPaths = [ "/dev/log" ];
];
BindPaths = [
"/dev/log"
];
}; };
}; };
}; };

12
modules/nixos/sgx/pccs/default.nix
View file

@ -1,4 +1,10 @@
{ options, config, lib, pkgs, ... }: {
options,
config,
lib,
pkgs,
...
}:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
@ -49,8 +55,7 @@ in
}; };
}; };
systemd.services.pccs-secret = systemd.services.pccs-secret = {
{
description = "Inject pccs secret"; description = "Inject pccs secret";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
before = [ "podman-pccs.service" ]; before = [ "podman-pccs.service" ];
@ -64,6 +69,5 @@ in
}; };
}; };
}; };
} }

11
modules/nixos/tools/direnv/default.nix
View file

@ -1,8 +1,15 @@
{ options, config, lib, pkgs, ... }: {
options,
config,
lib,
pkgs,
...
}:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
let cfg = config.metacfg.tools.direnv; let
cfg = config.metacfg.tools.direnv;
in in
{ {
options.metacfg.tools.direnv = with types; { options.metacfg.tools.direnv = with types; {

27
modules/nixos/tools/git/default.nix
View file

@ -1,4 +1,10 @@
{ options, config, pkgs, lib, ... }: {
options,
config,
pkgs,
lib,
...
}:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
@ -12,8 +18,7 @@ in
enable = mkBoolOpt false "Whether or not to install and configure git."; enable = mkBoolOpt false "Whether or not to install and configure git.";
userName = mkOpt types.str user.fullName "The name to configure git with."; userName = mkOpt types.str user.fullName "The name to configure git with.";
userEmail = mkOpt types.str user.email "The email to configure git with."; userEmail = mkOpt types.str user.email "The email to configure git with.";
signingKey = signingKey = mkOpt types.str "9762169A1B35EA68" "The key ID to sign commits with.";
mkOpt types.str "9762169A1B35EA68" "The key ID to sign commits with.";
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
@ -29,10 +34,18 @@ in
signByDefault = mkIf gpg.enable true; signByDefault = mkIf gpg.enable true;
}; };
extraConfig = { extraConfig = {
init = { defaultBranch = "main"; }; init = {
pull = { rebase = true; }; defaultBranch = "main";
push = { autoSetupRemote = true; }; };
core = { whitespace = "trailing-space,space-before-tab"; }; pull = {
rebase = true;
};
push = {
autoSetupRemote = true;
};
core = {
whitespace = "trailing-space,space-before-tab";
};
safe = { safe = {
directory = "${user.home}/git"; directory = "${user.home}/git";
}; };

46
modules/nixos/user/default.nix
View file

@ -1,11 +1,13 @@
{ options {
, config options,
, pkgs config,
, lib pkgs,
, ... lib,
...
}: }:
with lib; with lib;
with lib.metacfg; let with lib.metacfg;
let
cfg = config.metacfg.user; cfg = config.metacfg.user;
defaultIconFileName = "profile.jpg"; defaultIconFileName = "profile.jpg";
defaultIcon = pkgs.stdenvNoCC.mkDerivation { defaultIcon = pkgs.stdenvNoCC.mkDerivation {
@ -18,11 +20,17 @@ with lib.metacfg; let
cp $src $out cp $src $out
''; '';
passthru = { fileName = defaultIconFileName; }; passthru = {
fileName = defaultIconFileName;
};
}; };
propagatedIcon = propagatedIcon =
pkgs.runCommandNoCC "propagated-icon" pkgs.runCommandNoCC "propagated-icon"
{ passthru = { fileName = cfg.icon.fileName; }; } {
passthru = {
fileName = cfg.icon.fileName;
};
}
'' ''
local target="$out/share/metacfg-icons/user/${cfg.name}" local target="$out/share/metacfg-icons/user/${cfg.name}"
mkdir -p "$target" mkdir -p "$target"
@ -38,9 +46,7 @@ in
initialPassword = initialPassword =
mkOpt str "password" mkOpt str "password"
"The initial password to use when the user is first created."; "The initial password to use when the user is first created.";
icon = icon = mkOpt (nullOr package) defaultIcon "The profile picture to use for the user.";
mkOpt (nullOr package) defaultIcon
"The profile picture to use for the user.";
prompt-init = mkBoolOpt true "Whether or not to show an initial message when opening a new shell."; prompt-init = mkBoolOpt true "Whether or not to show an initial message when opening a new shell.";
extraGroups = mkOpt (listOf str) [ ] "Groups for the user to be assigned."; extraGroups = mkOpt (listOf str) [ ] "Groups for the user to be assigned.";
sshKeys = mkOpt (listOf str) [ sshKeys = mkOpt (listOf str) [
@ -49,14 +55,11 @@ in
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAYbUTKpy4QR3s944/hjJ1UK05asFEs/SmWeUbtS0cdA660sT4xHnRfals73FicOoz+uIucJCwn/SCM804j+wtM=" "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAYbUTKpy4QR3s944/hjJ1UK05asFEs/SmWeUbtS0cdA660sT4xHnRfals73FicOoz+uIucJCwn/SCM804j+wtM="
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNsmP15vH8BVKo7bdvIiiEjiQboPGcRPqJK0+bH4jKD harald@lenovo.fritz.box" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNsmP15vH8BVKo7bdvIiiEjiQboPGcRPqJK0+bH4jKD harald@lenovo.fritz.box"
] "ssh keys"; ] "ssh keys";
extraOptions = extraOptions = mkOpt attrs { } (mdDoc "Extra options passed to `users.users.<name>`.");
mkOpt attrs { }
(mdDoc "Extra options passed to `users.users.<name>`.");
}; };
config = { config = {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [ ];
];
metacfg.home = { metacfg.home = {
file = { file = {
@ -68,10 +71,7 @@ in
"Videos/.keep".text = ""; "Videos/.keep".text = "";
"work/.keep".text = ""; "work/.keep".text = "";
".face".source = cfg.icon; ".face".source = cfg.icon;
"Pictures/${ "Pictures/${cfg.icon.fileName or (builtins.baseNameOf cfg.icon)}".source = cfg.icon;
cfg.icon.fileName or (builtins.baseNameOf cfg.icon)
}".source =
cfg.icon;
}; };
extraOptions.programs.bash.initExtra = '' extraOptions.programs.bash.initExtra = ''
@ -85,8 +85,7 @@ in
''; '';
}; };
users.users.${cfg.name} = users.users.${cfg.name} = {
{
isNormalUser = true; isNormalUser = true;
# inherit (cfg) name initialPassword; # inherit (cfg) name initialPassword;
@ -105,7 +104,6 @@ in
uid = 1000; uid = 1000;
extraGroups = [ "wheel" ] ++ cfg.extraGroups; extraGroups = [ "wheel" ] ++ cfg.extraGroups;
} } // cfg.extraOptions;
// cfg.extraOptions;
}; };
} }

6
overlays/jetbrains-toolbox/default.nix
View file

@ -1,5 +1 @@
{ channels, ... }: { channels, ... }: final: prev: { inherit (channels.unstable) jetbrains-toolbox ollama; }
final: prev:
{
inherit (channels.unstable) jetbrains-toolbox;
}

6
overlays/nixsgx/default.nix
View file

@ -1,5 +1 @@
{ channels, ... }: { channels, ... }: final: prev: { inherit (channels.nixpkgs.nixsgx) sgx-psw; }
final: prev:
{
inherit (channels.nixpkgs.nixsgx) sgx-psw;
}

60
packages/dcpl2530dw-cups/default.nix
View file

@ -1,17 +1,18 @@
{ lib {
, stdenv lib,
, fetchurl stdenv,
, makeWrapper fetchurl,
, cups makeWrapper,
, dpkg cups,
, a2ps dpkg,
, ghostscript a2ps,
, gnugrep ghostscript,
, gnused gnugrep,
, coreutils gnused,
, file coreutils,
, perl file,
, which perl,
which,
}: }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
@ -27,7 +28,12 @@ stdenv.mkDerivation rec {
}; };
nativeBuildInputs = [ makeWrapper ]; nativeBuildInputs = [ makeWrapper ];
buildInputs = [ cups ghostscript dpkg a2ps ]; buildInputs = [
cups
ghostscript
dpkg
a2ps
];
dontUnpack = true; dontUnpack = true;
@ -55,9 +61,14 @@ stdenv.mkDerivation rec {
; do ; do
#substituteInPlace $f \ #substituteInPlace $f \
wrapProgram $f \ wrapProgram $f \
--prefix PATH : ${lib.makeBinPath [ --prefix PATH : ${
coreutils ghostscript gnugrep gnused lib.makeBinPath [
]} coreutils
ghostscript
gnugrep
gnused
]
}
done done
mkdir -p $out/lib/cups/filter/ mkdir -p $out/lib/cups/filter/
@ -67,7 +78,17 @@ stdenv.mkDerivation rec {
ln -s $out/opt/brother/Printers/DCPL2530DW/cupswrapper/brother-DCPL2530DW-cups-en.ppd $out/share/cups/model/ ln -s $out/opt/brother/Printers/DCPL2530DW/cupswrapper/brother-DCPL2530DW-cups-en.ppd $out/share/cups/model/
wrapProgram $out/opt/brother/Printers/DCPL2530DW/lpd/lpdfilter \ wrapProgram $out/opt/brother/Printers/DCPL2530DW/lpd/lpdfilter \
--prefix PATH ":" ${ lib.makeBinPath [ ghostscript a2ps file gnused gnugrep coreutils which ] } --prefix PATH ":" ${
lib.makeBinPath [
ghostscript
a2ps
file
gnused
gnugrep
coreutils
which
]
}
''; '';
meta = with lib; { meta = with lib; {
@ -79,4 +100,3 @@ stdenv.mkDerivation rec {
downloadPage = "https://www.brother.de/support/dcp-l2530dw/downloads"; downloadPage = "https://www.brother.de/support/dcp-l2530dw/downloads";
}; };
} }

25
packages/nixos-hosts/default.nix
View file

@ -1,11 +1,12 @@
{ lib {
, writeText lib,
, writeShellApplication writeText,
, substituteAll writeShellApplication,
, gum substituteAll,
, inputs gum,
, hosts ? { } inputs,
, ... hosts ? { },
...
}: }:
let let
@ -14,9 +15,7 @@ let
substitute = args: builtins.readFile (substituteAll args); substitute = args: builtins.readFile (substituteAll args);
formatted-hosts = mapAttrsToList formatted-hosts = mapAttrsToList (name: host: "${name},${host.pkgs.system}") hosts;
(name: host: "${name},${host.pkgs.system}")
hosts;
hosts-csv = writeText "hosts.csv" '' hosts-csv = writeText "hosts.csv" ''
Name,System Name,System
@ -35,9 +34,7 @@ let
checkPhase = ""; checkPhase = "";
runtimeInputs = [ runtimeInputs = [ gum ];
gum
];
}; };
new-meta = with lib; { new-meta = with lib; {

12
packages/nixos-revision/default.nix
View file

@ -1,7 +1,8 @@
{ pkgs {
, lib pkgs,
, gitHostCommitUrl ? "https://git.hoyer.xyz/harald/nixcfg/commit" lib,
, ... gitHostCommitUrl ? "https://git.hoyer.xyz/harald/nixcfg/commit",
...
}: }:
let let
@ -13,8 +14,7 @@ let
maintainers = with maintainers; [ jakehamilton ]; maintainers = with maintainers; [ jakehamilton ];
}; };
package = package = pkgs.writeShellScriptBin "nixos-revision" ''
pkgs.writeShellScriptBin "nixos-revision" ''
HAS_HELP=false HAS_HELP=false
HAS_OPEN=false HAS_OPEN=false

11
packages/rot8000/default.nix
View file

@ -1,8 +1,9 @@
{ lib {
, stdenv lib,
, rustPlatform stdenv,
, fetchFromGitHub rustPlatform,
, ... fetchFromGitHub,
...
}: }:
rustPlatform.buildRustPackage rec { rustPlatform.buildRustPackage rec {
pname = "rot8000"; pname = "rot8000";

4
systems/x86_64-darwin/mpro/default.nix
View file

@ -8,9 +8,7 @@ with lib.metacfg;
}; };
}; };
environment.systemPath = [ environment.systemPath = [ "/usr/local/Homebrew/bin" ];
"/usr/local/Homebrew/bin"
];
users.users.harald.shell = pkgs.fish; users.users.harald.shell = pkgs.fish;

27
systems/x86_64-linux/mx/acme.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
{ {
sops.secrets.internetbs = { sops.secrets.internetbs = {
sopsFile = ../../../.secrets/hetzner/internetbs.yaml; # bring your own password file sopsFile = ../../../.secrets/hetzner/internetbs.yaml; # bring your own password file
@ -13,27 +18,19 @@
}; };
certs = { certs = {
"surfsite.org" = { "surfsite.org" = {
extraDomainNames = [ extraDomainNames = [ "*.surfsite.org" ];
"*.surfsite.org"
];
}; };
"hartwin-hoyer.de" = { "hartwin-hoyer.de" = {
extraDomainNames = [ extraDomainNames = [ "*.hartwin-hoyer.de" ];
"*.hartwin-hoyer.de"
];
}; };
"herward-hoyer.de" = { "herward-hoyer.de" = {
extraDomainNames = [ extraDomainNames = [ "*.herward-hoyer.de" ];
"*.herward-hoyer.de"
];
}; };
"varlink.org" = { "varlink.org" = {
extraDomainNames = [ extraDomainNames = [ "*.varlink.org" ];
"*.varlink.org"
];
}; };
"meike-hoyer.de" = { }; "meike-hoyer.de" = { };
@ -71,9 +68,7 @@
}; };
"harald-hoyer.de" = { "harald-hoyer.de" = {
extraDomainNames = [ extraDomainNames = [ "*.harald-hoyer.de" ];
"*.harald-hoyer.de"
];
}; };
}; };
}; };

2
systems/x86_64-linux/mx/backup.nix
View file

@ -4,7 +4,7 @@
shell = pkgs.bash; shell = pkgs.bash;
isNormalUser = true; isNormalUser = true;
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"restrict,command=\"/run/wrappers/bin/rrsync -ro /\" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQGdtB6BFdXN+cRepkzWhbG5KRIM5nXmHiw1K+CEhGihwWsNVKGgU/q4rePK6PVNflTIoHUfL30jkA7H8VpSzu0XOa97Tqf+sF9VQOFrMjpf2rOWv38nc2GnKpnUu68c17KRZ+i8cnPZH0VUqRzaY/1IPMFH3OYO4qHJAEN5oAsyMFI9pbqFLqRnwNALjxf8fUvR/XB88zt3P34vFFer15FtLr4dlIzoEFGdUSOErmGJGmDzTptMqi/t0kn2AgaBKzMxwGTDUj6adU6KKBERj4ii3ekOrPwcNjsws3Mtlm5p8ycUkwUFoIiXukF6XRzCRSWMbZOgSnu2TfC6jRRrdbMNWn4QGF/jdBvvKcBoD4sChzpG6aF4m+7ue0QuHES7Kd2Rwnq0jbesGuBnRciDN+jssGvxZKX7XEialuXiaTQ4jPUA4zgWq474CR6ksuxpUDlKpH+leWPLtuKlhEZZnJHCMhz8Ewk/ZwiNSbLO97cwJciBM71orGWpFxHciT1QE= root@sgx" ''restrict,command="/run/wrappers/bin/rrsync -ro /" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQGdtB6BFdXN+cRepkzWhbG5KRIM5nXmHiw1K+CEhGihwWsNVKGgU/q4rePK6PVNflTIoHUfL30jkA7H8VpSzu0XOa97Tqf+sF9VQOFrMjpf2rOWv38nc2GnKpnUu68c17KRZ+i8cnPZH0VUqRzaY/1IPMFH3OYO4qHJAEN5oAsyMFI9pbqFLqRnwNALjxf8fUvR/XB88zt3P34vFFer15FtLr4dlIzoEFGdUSOErmGJGmDzTptMqi/t0kn2AgaBKzMxwGTDUj6adU6KKBERj4ii3ekOrPwcNjsws3Mtlm5p8ycUkwUFoIiXukF6XRzCRSWMbZOgSnu2TfC6jRRrdbMNWn4QGF/jdBvvKcBoD4sChzpG6aF4m+7ue0QuHES7Kd2Rwnq0jbesGuBnRciDN+jssGvxZKX7XEialuXiaTQ4jPUA4zgWq474CR6ksuxpUDlKpH+leWPLtuKlhEZZnJHCMhz8Ewk/ZwiNSbLO97cwJciBM71orGWpFxHciT1QE= root@sgx''
]; ];
}; };

27
systems/x86_64-linux/mx/coturn.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
{ {
sops.secrets."coturn/static-auth-secret" = { sops.secrets."coturn/static-auth-secret" = {
sopsFile = ../../../.secrets/hetzner/coturn.yaml; # bring your own password file sopsFile = ../../../.secrets/hetzner/coturn.yaml; # bring your own password file
@ -8,20 +13,30 @@
networking.firewall = networking.firewall =
let let
range = with config.services.coturn; [{ range = with config.services.coturn; [
{
from = min-port; from = min-port;
to = max-port; to = max-port;
}]; }
];
in in
{ {
allowedUDPPortRanges = range; allowedUDPPortRanges = range;
allowedTCPPorts = [ 3478 3479 5349 ]; allowedTCPPorts = [
allowedUDPPorts = [ 3478 3479 5349 ]; 3478
3479
5349
];
allowedUDPPorts = [
3478
3479
5349
];
}; };
# get a certificate # get a certificate
security.acme.certs.${config.services.coturn.realm} = { security.acme.certs.${config.services.coturn.realm} = {
/* insert here the right configuration to obtain a certificate */ # insert here the right configuration to obtain a certificate
postRun = "systemctl restart coturn.service"; postRun = "systemctl restart coturn.service";
group = "turnserver"; group = "turnserver";
}; };

7
systems/x86_64-linux/mx/forgejo.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
{ {
sops.secrets."postgres/gitea_dbpass" = { sops.secrets."postgres/gitea_dbpass" = {
sopsFile = ../../../.secrets/hetzner/postgres.yaml; # bring your own password file sopsFile = ../../../.secrets/hetzner/postgres.yaml; # bring your own password file

17
systems/x86_64-linux/mx/hardware-configuration.nix
View file

@ -1,12 +1,15 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ lib, pkgs, modulesPath, ... }: {
lib,
pkgs,
modulesPath,
...
}:
{ {
imports = [ imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.kernelPackages = lib.mkForce pkgs.linuxPackages; boot.kernelPackages = lib.mkForce pkgs.linuxPackages;
@ -28,14 +31,16 @@
"rng_core" "rng_core"
]; ];
boot.swraid.enable = true; boot.swraid.enable = true;
boot.swraid.mdadmConf = '' boot.swraid.mdadmConf = ''
MAILADDR admin@hoyer.xyz MAILADDR admin@hoyer.xyz
''; '';
disko.devices = import ./server-raid.nix { disko.devices = import ./server-raid.nix {
inherit lib; inherit lib;
disks = [ "/dev/sda" "/dev/sdb" ]; disks = [
"/dev/sda"
"/dev/sdb"
];
}; };
swapDevices = [ { device = "/swapfile"; } ]; swapDevices = [ { device = "/swapfile"; } ];

4
systems/x86_64-linux/mx/kicker.nix
View file

@ -9,9 +9,7 @@
"/home/hartwin/kicker/.htpasswd:/app/public/.htpasswd" "/home/hartwin/kicker/.htpasswd:/app/public/.htpasswd"
"/home/hartwin/kicker/live.db:/app/db/data/current.db" "/home/hartwin/kicker/live.db:/app/db/data/current.db"
]; ];
extraOptions = [ extraOptions = [ "--pull=always" ];
"--pull=always"
];
}; };
}; };
} }

7
systems/x86_64-linux/mx/mailserver.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
{ {
# email addresses git smudged # email addresses git smudged
mailserver = { mailserver = {

23
systems/x86_64-linux/mx/network.nix
View file

@ -8,7 +8,10 @@
services.resolved.extraConfig = "ReadEtcHosts=no"; services.resolved.extraConfig = "ReadEtcHosts=no";
services.nscd.enableNsncd = false; services.nscd.enableNsncd = false;
networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedTCPPorts = [
80
443
];
networking.firewall.allowPing = true; networking.firewall.allowPing = true;
networking.hostName = "mx"; # Define your hostname. networking.hostName = "mx"; # Define your hostname.
@ -26,20 +29,26 @@
networking.interfaces.enp0s31f6 = { networking.interfaces.enp0s31f6 = {
ipv6 = { ipv6 = {
addresses = [{ addresses = [
{
address = "2a01:4f9:2b:2e3::2"; # Your IPv6 here address = "2a01:4f9:2b:2e3::2"; # Your IPv6 here
prefixLength = 64; prefixLength = 64;
}]; }
];
# Default IPv6 route # Default IPv6 route
routes = [{ routes = [
{
address = "::"; address = "::";
prefixLength = 0; prefixLength = 0;
via = "fe80::1"; via = "fe80::1";
}]; }
];
}; };
ipv4.addresses = [{ ipv4.addresses = [
{
address = "95.216.66.178"; address = "95.216.66.178";
prefixLength = 26; prefixLength = 26;
}]; }
];
}; };
} }

4
systems/x86_64-linux/mx/nextcloud.nix
View file

@ -49,9 +49,7 @@
}; };
services.postgresql = { services.postgresql = {
ensureDatabases = [ ensureDatabases = [ "nextcloud" ];
"nextcloud"
];
ensureUsers = [ ensureUsers = [
{ {
name = "nextcloud"; name = "nextcloud";

17
systems/x86_64-linux/mx/nginx.nix
View file

@ -30,7 +30,6 @@
root = "/var/www/hoyer.xyz/html"; root = "/var/www/hoyer.xyz/html";
}; };
"hoyer.world" = { "hoyer.world" = {
enableACME = false; enableACME = false;
useACMEHost = "hoyer.world"; useACMEHost = "hoyer.world";
@ -47,9 +46,7 @@
"hoyer.xyz" = { "hoyer.xyz" = {
# serverName = "hoyer.xyz"; # serverName = "hoyer.xyz";
serverAliases = [ serverAliases = [ "www.hoyer.xyz" ];
"www.hoyer.xyz"
];
useACMEHost = "hoyer.xyz"; useACMEHost = "hoyer.xyz";
enableACME = false; enableACME = false;
forceSSL = true; forceSSL = true;
@ -108,17 +105,13 @@
}; };
"harald-hoyer.de" = { "harald-hoyer.de" = {
serverAliases = [ serverAliases = [ "www.harald-hoyer.de" ];
"www.harald-hoyer.de"
];
useACMEHost = "harald-hoyer.de"; useACMEHost = "harald-hoyer.de";
globalRedirect = "harald.hoyer.xyz"; globalRedirect = "harald.hoyer.xyz";
forceSSL = true; forceSSL = true;
}; };
"harald.hoyer.xyz" = { "harald.hoyer.xyz" = {
serverAliases = [ serverAliases = [ "www.harald.hoyer.xyz" ];
"www.harald.hoyer.xyz"
];
useACMEHost = "hoyer.xyz"; useACMEHost = "hoyer.xyz";
root = "/var/www/harald.hoyer.xyz/html/"; root = "/var/www/harald.hoyer.xyz/html/";
extraConfig = '' extraConfig = ''
@ -141,9 +134,7 @@
}; };
"hartwin-hoyer.de" = { "hartwin-hoyer.de" = {
serverAliases = [ serverAliases = [ "www.hartwin-hoyer.de" ];
"www.hartwin-hoyer.de"
];
useACMEHost = "hartwin-hoyer.de"; useACMEHost = "hartwin-hoyer.de";
globalRedirect = "hartwin.hoyer.xyz"; globalRedirect = "hartwin.hoyer.xyz";
forceSSL = true; forceSSL = true;

7
systems/x86_64-linux/mx/postgresql.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
{ {
services.postgresql = { services.postgresql = {
package = pkgs.postgresql_14; package = pkgs.postgresql_14;

6
systems/x86_64-linux/mx/rspamd.nix
View file

@ -10,10 +10,12 @@ let
''; '';
in in
{ {
services.rspamd.workers.controller.bindSockets = [{ services.rspamd.workers.controller.bindSockets = [
{
socket = "/run/rspamd/worker-controller.sock"; socket = "/run/rspamd/worker-controller.sock";
mode = "0660"; mode = "0660";
}]; }
];
services.rspamd.locals = { services.rspamd.locals = {
"settings.conf".text = '' "settings.conf".text = ''
bogenschiessen { bogenschiessen {

9
systems/x86_64-linux/mx/server-raid.nix
View file

@ -1,4 +1,11 @@
{ disks ? [ "/dev/sda" "/dev/sdb" ], ... }: { {
disks ? [
"/dev/sda"
"/dev/sdb"
],
...
}:
{
disk = { disk = {
one = { one = {
type = "disk"; type = "disk";

11
systems/x86_64-linux/sgx-attic/atticd.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
{ {
services.postgresql = { services.postgresql = {
enable = true; enable = true;
@ -10,9 +15,7 @@
$PSQL -tAc 'ALTER DATABASE "attic" OWNER TO "atticd"' $PSQL -tAc 'ALTER DATABASE "attic" OWNER TO "atticd"'
''; '';
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [ attic-client ];
attic-client
];
services.atticd = { services.atticd = {
enable = true; enable = true;

7
systems/x86_64-linux/sgx-attic/default.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
{ {

19
systems/x86_64-linux/sgx-attic/hardware-configuration.nix
View file

@ -1,17 +1,28 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: {
config,
lib,
pkgs,
modulesPath,
...
}:
{ {
imports = imports = [
[
./disko.nix ./disko.nix
(modulesPath + "/profiles/qemu-guest.nix") (modulesPath + "/profiles/qemu-guest.nix")
]; ];
disko.devices.disk.main.device = "/dev/vda"; disko.devices.disk.main.device = "/dev/vda";
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ]; boot.initrd.availableKernelModules = [
"ahci"
"xhci_pci"
"virtio_pci"
"sr_mod"
"virtio_blk"
];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];

30
systems/x86_64-linux/sgx-nixos/default.nix
View file

@ -1,10 +1,13 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
{ {
imports = [ imports = [ ./hardware-configuration.nix ];
./hardware-configuration.nix
];
boot.kernel.sysctl."net.ipv4.conf.all.route_localnet" = 1; boot.kernel.sysctl."net.ipv4.conf.all.route_localnet" = 1;
boot.kernelPackages = lib.mkOverride 0 pkgs.linuxPackages_latest; boot.kernelPackages = lib.mkOverride 0 pkgs.linuxPackages_latest;
@ -20,7 +23,10 @@ with lib.metacfg;
nix.enable = true; nix.enable = true;
aesmd_dcap.enable = true; aesmd_dcap.enable = true;
podman.enable = true; podman.enable = true;
user.extraGroups = [ "docker" "sgx" ]; user.extraGroups = [
"docker"
"sgx"
];
}; };
environment.etc."sgx_default_qcnl.conf".text = '' environment.etc."sgx_default_qcnl.conf".text = ''
@ -59,8 +65,18 @@ with lib.metacfg;
systemd.user.extraConfig = "DefaultLimitNOFILE=32768"; systemd.user.extraConfig = "DefaultLimitNOFILE=32768";
security.pam.loginLimits = [ security.pam.loginLimits = [
{ domain = "*"; item = "nofile"; type = "-"; value = "32768"; } {
{ domain = "*"; item = "memlock"; type = "-"; value = "32768"; } domain = "*";
item = "nofile";
type = "-";
value = "32768";
}
{
domain = "*";
item = "memlock";
type = "-";
value = "32768";
}
]; ];
system.stateVersion = "23.11"; system.stateVersion = "23.11";

27
systems/x86_64-linux/sgx-nixos/hardware-configuration.nix
View file

@ -1,27 +1,34 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: {
config,
lib,
pkgs,
modulesPath,
...
}:
{ {
imports = imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
[
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ]; boot.initrd.availableKernelModules = [
"ahci"
"xhci_pci"
"virtio_pci"
"sr_mod"
"virtio_blk"
];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" = {
{
device = "/dev/disk/by-uuid/ebb90474-ddcb-484b-9663-d71863827af4"; device = "/dev/disk/by-uuid/ebb90474-ddcb-484b-9663-d71863827af4";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/boot" = fileSystems."/boot" = {
{
device = "/dev/disk/by-uuid/941C-7B02"; device = "/dev/disk/by-uuid/941C-7B02";
fsType = "vfat"; fsType = "vfat";
}; };

10
systems/x86_64-linux/sgx/backup.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
backup_new_path = "/mnt/raid/backup/hoyer/new/"; backup_new_path = "/mnt/raid/backup/hoyer/new/";
restic_repo = "/mnt/backup/restic-repo"; restic_repo = "/mnt/backup/restic-repo";
@ -61,8 +66,7 @@ in
".log" ".log"
".Trash" ".Trash"
]; ];
ignoreFile = builtins.toFile "ignore" ignoreFile = builtins.toFile "ignore" (lib.foldl (a: b: a + "\n" + b) "" ignorePatterns);
(lib.foldl (a: b: a + "\n" + b) "" ignorePatterns);
in in
[ "--exclude-file=${ignoreFile}" ]; [ "--exclude-file=${ignoreFile}" ];
pruneOpts = [ pruneOpts = [

7
systems/x86_64-linux/sgx/default.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
{ {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix

7
systems/x86_64-linux/sgx/fileserver.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
{ {
services.netatalk = { services.netatalk = {
enable = true; enable = true;

35
systems/x86_64-linux/sgx/hardware-configuration.nix
View file

@ -1,12 +1,16 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ pkgs, config, lib, modulesPath, ... }: {
pkgs,
config,
lib,
modulesPath,
...
}:
{ {
imports = [ imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ boot.initrd.availableKernelModules = [
"xhci_pci" "xhci_pci"
@ -43,18 +47,33 @@
"/mnt/raid" = { "/mnt/raid" = {
fsType = "btrfs"; fsType = "btrfs";
device = "/dev/disk/by-uuid/11727be7-bf9b-4888-8b02-d7eb1f898712"; device = "/dev/disk/by-uuid/11727be7-bf9b-4888-8b02-d7eb1f898712";
options = [ "defaults" "compress=zstd" "subvol=root" "autodefrag" "noatime" "nofail" "x-systemd.device-timeout=60" ]; options = [
"defaults"
"compress=zstd"
"subvol=root"
"autodefrag"
"noatime"
"nofail"
"x-systemd.device-timeout=60"
];
}; };
"/mnt/backup" = { "/mnt/backup" = {
fsType = "btrfs"; fsType = "btrfs";
device = "/dev/disk/by-uuid/c29e7eac-26ba-41b1-ac3e-11123476b7c5"; device = "/dev/disk/by-uuid/c29e7eac-26ba-41b1-ac3e-11123476b7c5";
options = [ "defaults" "compress=zstd" "subvol=root" "autodefrag" "noatime" "nofail" "x-systemd.device-timeout=60" ]; options = [
"defaults"
"compress=zstd"
"subvol=root"
"autodefrag"
"noatime"
"nofail"
"x-systemd.device-timeout=60"
];
}; };
}; };
swapDevices = swapDevices = [ { device = "/dev/disk/by-uuid/72d061d7-ab18-47b9-beb1-1c465dda1be9"; } ];
[{ device = "/dev/disk/by-uuid/72d061d7-ab18-47b9-beb1-1c465dda1be9"; }];
environment.etc."crypttab".text = '' environment.etc."crypttab".text = ''
a16 /dev/disk/by-uuid/6f1c1b24-3c94-44be-8d1b-70db562079c1 /dev/disk/by-id/usb-Ut165_USB2FlashStorage_08050508d213e6-0:0-part1 luks,keyfile-size=256 a16 /dev/disk/by-uuid/6f1c1b24-3c94-44be-8d1b-70db562079c1 /dev/disk/by-id/usb-Ut165_USB2FlashStorage_08050508d213e6-0:0-part1 luks,keyfile-size=256

18
systems/x86_64-linux/sgx/network.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
{ {
networking.hostName = "sgx"; # Define your hostname. networking.hostName = "sgx"; # Define your hostname.
networking.useDHCP = false; networking.useDHCP = false;
@ -37,7 +42,14 @@
}; };
}; };
networking.firewall.allowedTCPPorts = [ 8384 22000 config.services.netatalk.port ]; networking.firewall.allowedTCPPorts = [
networking.firewall.allowedUDPPorts = [ 22000 21027 ]; 8384
22000
config.services.netatalk.port
];
networking.firewall.allowedUDPPorts = [
22000
21027
];
networking.firewall.allowPing = true; networking.firewall.allowPing = true;
} }

5
systems/x86_64-linux/t15/default.nix
View file

@ -10,7 +10,10 @@
podman.enable = true; podman.enable = true;
secureboot.enable = true; secureboot.enable = true;
homeprinter.enable = true; homeprinter.enable = true;
user.extraGroups = [ "docker" "dialout" ]; user.extraGroups = [
"docker"
"dialout"
];
}; };
system.autoUpgrade = { system.autoUpgrade = {

18
systems/x86_64-linux/t15/hardware-configuration.nix
View file

@ -1,12 +1,16 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: {
config,
lib,
pkgs,
modulesPath,
...
}:
{ {
imports = [ imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.initrd.availableKernelModules = [ boot.initrd.availableKernelModules = [
@ -48,8 +52,7 @@
}; };
fileSystems = { fileSystems = {
"/" = "/" = {
{
device = "/dev/mapper/crypted"; device = "/dev/mapper/crypted";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=/rootfs" ]; options = [ "subvol=/rootfs" ];
@ -72,8 +75,7 @@
options = [ "subvol=/persist" ]; options = [ "subvol=/persist" ];
neededForBoot = true; neededForBoot = true;
}; };
"/boot" = "/boot" = {
{
device = "/dev/disk/by-partlabel/disk-one-ESP"; device = "/dev/disk/by-partlabel/disk-one-ESP";
fsType = "vfat"; fsType = "vfat";
}; };

25
systems/x86_64-linux/x1/default.nix
View file

@ -12,7 +12,10 @@ with lib.metacfg;
podman.enable = true; podman.enable = true;
secureboot.enable = true; secureboot.enable = true;
homeprinter.enable = true; homeprinter.enable = true;
user.extraGroups = [ "docker" "dialout" ]; user.extraGroups = [
"docker"
"dialout"
];
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
@ -23,6 +26,7 @@ with lib.metacfg;
kubectx kubectx
k9s k9s
attic-client attic-client
ollama
]; ];
services.resolved.enable = true; services.resolved.enable = true;
@ -50,9 +54,24 @@ with lib.metacfg;
systemd.user.extraConfig = "DefaultLimitNOFILE=32768"; systemd.user.extraConfig = "DefaultLimitNOFILE=32768";
security.pam.loginLimits = [ security.pam.loginLimits = [
{ domain = "*"; item = "nofile"; type = "-"; value = "32768"; } {
{ domain = "*"; item = "memlock"; type = "-"; value = "32768"; } domain = "*";
item = "nofile";
type = "-";
value = "32768";
}
{
domain = "*";
item = "memlock";
type = "-";
value = "32768";
}
]; ];
services.ollama = {
enable = true;
acceleration = "rocm";
};
system.stateVersion = "23.11"; system.stateVersion = "23.11";
} }

27
systems/x86_64-linux/x1/hardware-configuration.nix
View file

@ -1,14 +1,25 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: {
config,
lib,
pkgs,
modulesPath,
...
}:
{ {
imports = [ imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "uas" "usbhid" "sd_mod" ]; boot.initrd.availableKernelModules = [
"xhci_pci"
"thunderbolt"
"nvme"
"uas"
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelPackages = lib.mkOverride 0 pkgs.linuxPackages_latest; boot.kernelPackages = lib.mkOverride 0 pkgs.linuxPackages_latest;
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
@ -24,8 +35,7 @@
services.btrfs.autoScrub.enable = true; services.btrfs.autoScrub.enable = true;
fileSystems."/" = fileSystems."/" = {
{
device = "/dev/disk/by-uuid/1106202c-c3bf-4c15-b7cd-e78749e5c955"; device = "/dev/disk/by-uuid/1106202c-c3bf-4c15-b7cd-e78749e5c955";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=@" ]; options = [ "subvol=@" ];
@ -41,8 +51,7 @@
allowDiscards = true; allowDiscards = true;
}; };
fileSystems."/boot" = fileSystems."/boot" = {
{
device = "/dev/disk/by-uuid/13C4-A825"; device = "/dev/disk/by-uuid/13C4-A825";
fsType = "vfat"; fsType = "vfat";
}; };