harald/nixcfg
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Compare commits

base: harald:900f95169fdcf43b62d77e572c24f002b8f7b6ab
Branches Tags
harald:main
harald:b24.05
..
compare: harald:5aaa1fb4176d334bfeb72e1416f43c009d9bfe2f
Branches Tags
harald:main
harald:b24.05

No commits in common. "900f95169fdcf43b62d77e572c24f002b8f7b6ab" and "5aaa1fb4176d334bfeb72e1416f43c009d9bfe2f" have entirely different histories.
900f95169f ... 5aaa1fb417

84 changed files with 710 additions and 1147 deletions
Show stats Expand all files Collapse all files

30
flake.lock
View file

@ -935,11 +935,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1726989464, "lastModified": 1720042825,
"narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=", "narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176", "rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1519,11 +1519,11 @@
}, },
"nixpkgs_4": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1731797254, "lastModified": 1722221733,
"narHash": "sha256-df3dJApLPhd11AlueuoN0Q4fHo/hagP75LlM5K1sz9g=", "narHash": "sha256-sga9SrrPb+pQJxG1ttJfMPheZvDOxApFfwXCFO0H9xw=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "e8c38b73aeb218e27163376a2d617e61a2ad9b59", "rev": "12bf09802d77264e441f48e25459c10c93eada2e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1535,11 +1535,11 @@
}, },
"nixpkgs_5": { "nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1728740863, "lastModified": 1719707984,
"narHash": "sha256-u+rxA79a0lyhG+u+oPBRtTDtzz8kvkc9a6SWSt9ekVc=", "narHash": "sha256-RoxIr/fbndtuKqulGvNCcuzC6KdAib85Q8gXnjzA1dw=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "a3f9ad65a0bf298ed5847629a57808b97e6e8077", "rev": "7dca15289a1c2990efbe4680f0923ce14139b042",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1555,11 +1555,11 @@
"snowfall-lib": "snowfall-lib" "snowfall-lib": "snowfall-lib"
}, },
"locked": { "locked": {
"lastModified": 1731604482, "lastModified": 1721741092,
"narHash": "sha256-r75GaDBrZFNHSvhcTR5e0JlgSBALvmwFpgNq58pZ4Pg=", "narHash": "sha256-ghFoP5gZpc1i4I4PiVCH00QNZ6s6ipGUcA0P1TsSSC8=",
"owner": "matter-labs", "owner": "matter-labs",
"repo": "nixsgx", "repo": "nixsgx",
"rev": "4ec107365fb8403b5dddf35f0ef940bc5657af22", "rev": "be2c19592d0d5601184c52c07ab6d88dec07ffd6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -2649,11 +2649,11 @@
}, },
"unstable": { "unstable": {
"locked": { "locked": {
"lastModified": 1731676054, "lastModified": 1722185531,
"narHash": "sha256-OZiZ3m8SCMfh3B6bfGC/Bm4x3qc1m2SVEAlkV6iY7Yg=", "narHash": "sha256-veKR07psFoJjINLC8RK4DiLniGGMgF3QMlS4tb74S6k=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "5e4fbfb6b3de1aa2872b76d49fafc942626e2add", "rev": "52ec9ac3b12395ad677e8b62106f0b98c1f8569d",
"type": "github" "type": "github"
}, },
"original": { "original": {

11
flake.nix
View file

@ -45,8 +45,7 @@
attic.inputs.nixpkgs.follows = "nixpkgs"; attic.inputs.nixpkgs.follows = "nixpkgs";
}; };
outputs = outputs = inputs:
inputs:
let let
lib = inputs.snowfall-lib.mkLib { lib = inputs.snowfall-lib.mkLib {
inherit inputs; inherit inputs;
@ -67,7 +66,9 @@
allowUnfree = true; allowUnfree = true;
}; };
homes.modules = with inputs; [ neovim-flake.homeManagerModules.default ]; homes.modules = with inputs; [
neovim-flake.homeManagerModules.default
];
systems.modules.nixos = with inputs; [ systems.modules.nixos = with inputs; [
lanzaboote.nixosModules.lanzaboote lanzaboote.nixosModules.lanzaboote
@ -78,7 +79,9 @@
attic.nixosModules.atticd attic.nixosModules.atticd
]; ];
overlays = with inputs; [ nixsgx-flake.overlays.default ]; overlays = with inputs; [
nixsgx-flake.overlays.default
];
outputs-builder = channels: { outputs-builder = channels: {
formatter = channels.nixpkgs.nixfmt-rfc-style; formatter = channels.nixpkgs.nixfmt-rfc-style;

10
homes/x86_64-darwin/harald@mpro/default.nix
View file

@ -1,8 +1,7 @@
{ { lib
lib, , pkgs
pkgs, , config
config, , ...
...
}: }:
{ {
home = { home = {
@ -30,3 +29,4 @@
}; };
}; };
} }

16
homes/x86_64-linux/harald@mx/default.nix
View file

@ -1,8 +1,7 @@
{ { lib
lib, , pkgs
pkgs, , config
config, , ...
...
}: }:
{ {
home.sessionPath = [ "$HOME/bin" ]; home.sessionPath = [ "$HOME/bin" ];
@ -33,8 +32,7 @@
xdg.enable = true; xdg.enable = true;
xdg.mime.enable = true; xdg.mime.enable = true;
/* /* *****************************************
*****************************************
systemd.user.services = { systemd.user.services = {
render_blog = { render_blog = {
Service = { Service = {
@ -71,6 +69,6 @@
Install.WantedBy = [ "timers.target" ]; Install.WantedBy = [ "timers.target" ];
}; };
}; };
***************************** ***************************** */
*/
} }

15
homes/x86_64-linux/harald@sgx-azure/default.nix
View file

@ -1,8 +1,7 @@
{ { lib
lib, , pkgs
pkgs, , config
config, , ...
...
}: }:
{ {
home = { home = {
@ -13,10 +12,7 @@
}; };
nix.settings = { nix.settings = {
substituters = [ substituters = [ "https://cache.nixos.org" "https://attic.teepot.org/tee-pot" ];
"https://cache.nixos.org"
"https://attic.teepot.org/tee-pot"
];
trusted-public-keys = [ trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"tee-pot:SS6HcrpG87S1M6HZGPsfo7d1xJccCGev7/tXc5+I4jg=" "tee-pot:SS6HcrpG87S1M6HZGPsfo7d1xJccCGev7/tXc5+I4jg="
@ -40,3 +36,4 @@
}; };
}; };
} }

6
homes/x86_64-linux/harald@sgx-nixos/default.nix
View file

@ -1,4 +1,7 @@
{ lib, config, ... }: { lib
, config
, ...
}:
{ {
home.sessionPath = [ "$HOME/bin" ]; home.sessionPath = [ "$HOME/bin" ];
@ -24,3 +27,4 @@
xdg.enable = true; xdg.enable = true;
xdg.mime.enable = true; xdg.mime.enable = true;
} }

6
homes/x86_64-linux/harald@sgx/default.nix
View file

@ -1,4 +1,7 @@
{ lib, config, ... }: { lib
, config
, ...
}:
{ {
home.sessionPath = [ "$HOME/bin" ]; home.sessionPath = [ "$HOME/bin" ];
@ -24,3 +27,4 @@
xdg.enable = true; xdg.enable = true;
xdg.mime.enable = true; xdg.mime.enable = true;
} }

6
homes/x86_64-linux/harald@t15/default.nix
View file

@ -1,4 +1,7 @@
{ lib, config, ... }: { lib
, config
, ...
}:
{ {
home.sessionPath = [ "$HOME/bin" ]; home.sessionPath = [ "$HOME/bin" ];
@ -60,3 +63,4 @@
xdg.enable = true; xdg.enable = true;
xdg.mime.enable = true; xdg.mime.enable = true;
} }

6
homes/x86_64-linux/harald@x1/default.nix
View file

@ -1,4 +1,7 @@
{ lib, config, ... }: { lib
, config
, ...
}:
{ {
home.sessionPath = [ "$HOME/bin" ]; home.sessionPath = [ "$HOME/bin" ];
@ -60,3 +63,4 @@
xdg.enable = true; xdg.enable = true;
xdg.mime.enable = true; xdg.mime.enable = true;
} }

64
lib/audio/default.nix
View file

@ -4,16 +4,10 @@ rec {
## Renames an alsa device from a given `name` using the new `description`. ## Renames an alsa device from a given `name` using the new `description`.
## ##
#@ { name: String, description: String } -> { matches: List, apply_properties: Attrs } #@ { name: String, description: String } -> { matches: List, apply_properties: Attrs }
mkAlsaRename = mkAlsaRename = { name, description }: {
{ name, description }:
{
matches = [ matches = [
[ [
[ [ "device.name" "matches" name ]
"device.name"
"matches"
name
]
] ]
]; ];
# actions = { "update-props" = { "node.description" = description; }; }; # actions = { "update-props" = { "node.description" = description; }; };
@ -25,20 +19,9 @@ rec {
## Create a pipewire audio node. ## Create a pipewire audio node.
## ##
#@ { name: String, factory: String ? "adapter", ... } -> { factory: String, args: Attrs } #@ { name: String, factory: String ? "adapter", ... } -> { factory: String, args: Attrs }
mkAudioNode = mkAudioNode = args@{ name, factory ? "adapter", ... }: {
args@{
name,
factory ? "adapter",
...
}:
{
inherit factory; inherit factory;
args = args = (builtins.removeAttrs args [ "name" "description" ]) // {
(builtins.removeAttrs args [
"name"
"description"
])
// {
"node.name" = name; "node.name" = name;
"node.description" = args.description or args."node.description"; "node.description" = args.description or args."node.description";
"factory.name" = args."factory.name" or "support.null-audio-sink"; "factory.name" = args."factory.name" or "support.null-audio-sink";
@ -48,45 +31,28 @@ rec {
## Create a virtual pipewire audio node. ## Create a virtual pipewire audio node.
## ##
#@ { name: String, ... } -> { factory: "adapter", args: Attrs } #@ { name: String, ... } -> { factory: "adapter", args: Attrs }
mkVirtualAudioNode = mkVirtualAudioNode = args@{ name, ... }:
args@{ name, ... }: mkAudioNode (args // {
mkAudioNode (
args
// {
name = "virtual-${lib.toLower name}-audio"; name = "virtual-${lib.toLower name}-audio";
description = "${name} (Virtual)"; description = "${name} (Virtual)";
"media.class" = args.class or args."media.class" or "Audio/Duplex"; "media.class" = args.class or args."media.class" or "Audio/Duplex";
"object.linger" = args."object.linger" or true; "object.linger" = args."object.linger" or true;
"audio.position" = "audio.position" = args."audio.position" or [ "FL" "FR" ];
args."audio.position" or [
"FL"
"FR"
];
"monitor.channel-volumes" = args."monitor.channel-volumes" or true; "monitor.channel-volumes" = args."monitor.channel-volumes" or true;
} });
);
## Connect two pipewire audio nodes ## Connect two pipewire audio nodes
## ##
#@ { name: String?, from: String, to: String, ... } -> { name: "libpipewire-module-loopback", args: Attrs } #@ { name: String?, from: String, to: String, ... } -> { name: "libpipewire-module-loopback", args: Attrs }
mkBridgeAudioModule = mkBridgeAudioModule = args@{ from, to, ... }: {
args@{ from, to, ... }:
{
name = "libpipewire-module-loopback"; name = "libpipewire-module-loopback";
args = args = (builtins.removeAttrs args [ "from" "to" "name" ]) // {
(builtins.removeAttrs args [
"from"
"to"
"name"
])
// {
"node.name" = "node.name" =
if args ? name then "${args.name}-bridge" else "${lib.toLower from}-to-${lib.toLower to}-bridge"; if args ? name then
"audio.position" = "${args.name}-bridge"
args."audio.position" or [ else
"FL" "${lib.toLower from}-to-${lib.toLower to}-bridge";
"FR" "audio.position" = args."audio.position" or [ "FL" "FR" ];
];
"capture.props" = { "capture.props" = {
"node.target" = from; "node.target" = from;
} // (args."capture.props" or { }); } // (args."capture.props" or { });

9
lib/default.nix
View file

@ -1,8 +1,4 @@
{ { lib, inputs, snowfall-inputs }:
lib,
inputs,
snowfall-inputs,
}:
rec { rec {
## Override a package's metadata ## Override a package's metadata
@ -17,8 +13,7 @@ rec {
## ``` ## ```
## ##
#@ Attrs -> Package -> Package #@ Attrs -> Package -> Package
override-meta = override-meta = meta: package:
meta: package:
package.overrideAttrs (attrs: { package.overrideAttrs (attrs: {
meta = (attrs.meta or { }) // meta; meta = (attrs.meta or { }) // meta;
}); });

38
lib/deploy/default.nix
View file

@ -16,42 +16,36 @@ rec {
## ``` ## ```
## ##
#@ { self: Flake, overrides: Attrs ? {} } -> Attrs #@ { self: Flake, overrides: Attrs ? {} } -> Attrs
mkDeploy = mkDeploy = { self, overrides ? { } }:
{
self,
overrides ? { },
}:
let let
hosts = self.nixosConfigurations or { }; hosts = self.nixosConfigurations or { };
names = builtins.attrNames hosts; names = builtins.attrNames hosts;
nodes = lib.foldl ( nodes = lib.foldl
result: name: (result: name:
let let
host = hosts.${name}; host = hosts.${name};
user = host.config.metacfg.user.name or null; user = host.config.metacfg.user.name or null;
inherit (host.pkgs) system; inherit (host.pkgs) system;
in in
result result // {
// {
${name} = (overrides.${name} or { }) // { ${name} = (overrides.${name} or { }) // {
hostname = overrides.${name}.hostname or "${name}"; hostname = overrides.${name}.hostname or "${name}";
profiles = (overrides.${name}.profiles or { }) // { profiles = (overrides.${name}.profiles or { }) // {
system = system = (overrides.${name}.profiles.system or { }) // {
(overrides.${name}.profiles.system or { })
// {
path = deploy-rs.lib.${system}.activate.nixos host; path = deploy-rs.lib.${system}.activate.nixos host;
} } // lib.optionalAttrs (user != null) {
// lib.optionalAttrs (user != null) {
user = "root"; user = "root";
sshUser = user; sshUser = user;
} } // lib.optionalAttrs
// lib.optionalAttrs (host.config.metacfg.security.doas.enable or false) { sudo = "doas -u"; }; (host.config.metacfg.security.doas.enable or false)
};
};
}
) { } names;
in
{ {
inherit nodes; sudo = "doas -u";
}; };
};
};
})
{ }
names;
in
{ inherit nodes; };
} }

6
lib/module/default.nix
View file

@ -1,7 +1,6 @@
{ lib, ... }: { lib, ... }:
with lib; with lib; rec {
rec {
## Create a NixOS module option. ## Create a NixOS module option.
## ##
## ```nix ## ```nix
@ -9,8 +8,7 @@ rec {
## ``` ## ```
## ##
#@ Type -> Any -> String #@ Type -> Any -> String
mkOpt = mkOpt = type: default: description:
type: default: description:
mkOption { inherit type default description; }; mkOption { inherit type default description; };
## Create a NixOS module option without a description. ## Create a NixOS module option without a description.

28
lib/network/default.nix
View file

@ -1,8 +1,4 @@
{ { lib, inputs, snowfall-inputs }:
lib,
inputs,
snowfall-inputs,
}:
let let
inherit (inputs.nixpkgs.lib) assertMsg last; inherit (inputs.nixpkgs.lib) assertMsg last;
@ -13,17 +9,14 @@ in
# Type: String -> Attrs # Type: String -> Attrs
# Usage: get-address-parts "bismuth:3000" # Usage: get-address-parts "bismuth:3000"
# result: { host = "bismuth"; port = "3000"; } # result: { host = "bismuth"; port = "3000"; }
get-address-parts = get-address-parts = address:
address:
let let
address-parts = builtins.split ":" address; address-parts = builtins.split ":" address;
ip = builtins.head address-parts; ip = builtins.head address-parts;
host = if ip == "" then "127.0.0.1" else ip; host = if ip == "" then "127.0.0.1" else ip;
port = if builtins.length address-parts != 3 then "" else last address-parts; port = if builtins.length address-parts != 3 then "" else last address-parts;
in in
{ { inherit host port; };
inherit host port;
};
## Create proxy configuration for NGINX virtual hosts. ## Create proxy configuration for NGINX virtual hosts.
## ##
@ -40,19 +33,18 @@ in
## ##
#@ { port: Int ? null, host: String ? "127.0.0.1", proxy-web-sockets: Bool ? false, extra-config: Attrs ? { } } -> Attrs #@ { port: Int ? null, host: String ? "127.0.0.1", proxy-web-sockets: Bool ? false, extra-config: Attrs ? { } } -> Attrs
create-proxy = create-proxy =
{ { port ? null
port ? null, , host ? "127.0.0.1"
host ? "127.0.0.1", , proxy-web-sockets ? false
proxy-web-sockets ? false, , extra-config ? { }
extra-config ? { },
}: }:
assert assertMsg (port != "" && port != null) "port cannot be empty"; assert assertMsg (port != "" && port != null) "port cannot be empty";
assert assertMsg (host != "") "host cannot be empty"; assert assertMsg (host != "") "host cannot be empty";
extra-config extra-config // {
// {
locations = (extra-config.locations or { }) // { locations = (extra-config.locations or { }) // {
"/" = (extra-config.locations."/" or { }) // { "/" = (extra-config.locations."/" or { }) // {
proxyPass = "http://${host}${if port != null then ":${builtins.toString port}" else ""}"; proxyPass =
"http://${host}${if port != null then ":${builtins.toString port}" else ""}";
proxyWebsockets = proxy-web-sockets; proxyWebsockets = proxy-web-sockets;
}; };

15
modules/darwin/home/default.nix
View file

@ -1,11 +1,4 @@
{ { options, config, pkgs, lib, inputs, ... }:
options,
config,
pkgs,
lib,
inputs,
...
}:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
@ -18,9 +11,9 @@ in
# ]; # ];
options.metacfg.home = with types; { options.metacfg.home = with types; {
file = mkOpt attrs { } "A set of files to be managed by home-manager's <option>home.file</option>."; file = mkOpt attrs { }
configFile = "A set of files to be managed by home-manager's <option>home.file</option>.";
mkOpt attrs { } configFile = mkOpt attrs { }
"A set of files to be managed by home-manager's <option>xdg.configFile</option>."; "A set of files to be managed by home-manager's <option>xdg.configFile</option>.";
extraOptions = mkOpt attrs { } "Options to pass directly to home-manager."; extraOptions = mkOpt attrs { } "Options to pass directly to home-manager.";
homeConfig = mkOpt attrs { } "Final config for home-manager."; homeConfig = mkOpt attrs { } "Final config for home-manager.";

23
modules/darwin/nix/default.nix
View file

@ -1,13 +1,11 @@
{ { options
options, , config
config, , pkgs
pkgs, , lib
lib, , ...
...
}: }:
with lib; with lib;
with lib.metacfg; with lib.metacfg; let
let
cfg = config.metacfg.nix; cfg = config.metacfg.nix;
in in
{ {
@ -26,10 +24,7 @@ in
nix = nix =
let let
users = [ users = [ "root" config.metacfg.user.name ];
"root"
config.metacfg.user.name
];
in in
{ {
package = cfg.package; package = cfg.package;
@ -65,9 +60,7 @@ in
gc = { gc = {
automatic = true; automatic = true;
interval = { interval = { Day = 7; };
Day = 7;
};
options = "--delete-older-than 30d"; options = "--delete-older-than 30d";
user = config.metacfg.user.name; user = config.metacfg.user.name;
}; };

12
modules/darwin/security/gpg/default.nix
View file

@ -1,10 +1,4 @@
{ { lib, config, pkgs, inputs, ... }:
lib,
config,
pkgs,
inputs,
...
}:
let let
inherit (lib) types mkEnableOption mkIf; inherit (lib) types mkEnableOption mkIf;
@ -27,7 +21,9 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [ gnupg ]; environment.systemPackages = with pkgs; [
gnupg
];
environment.shellInit = '' environment.shellInit = ''
export GPG_TTY="$(tty)" export GPG_TTY="$(tty)"

16
modules/darwin/services/base/default.nix
View file

@ -1,9 +1,8 @@
{ { options
options, , config
config, , lib
lib, , pkgs
pkgs, , ...
...
}: }:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
@ -38,10 +37,7 @@ in
wget wget
starship starship
]; ];
shells = [ shells = [ pkgs.fish pkgs.bash ];
pkgs.fish
pkgs.bash
];
}; };
programs = { programs = {

4
modules/darwin/services/nix-daemon/default.nix
View file

@ -11,5 +11,7 @@ in
enable = mkOpt types.bool true "Whether to enable the Nix daemon."; enable = mkOpt types.bool true "Whether to enable the Nix daemon.";
}; };
config = mkIf cfg.enable { services.nix-daemon = enabled; }; config = mkIf cfg.enable {
services.nix-daemon = enabled;
};
} }

8
modules/darwin/suites/common/default.nix
View file

@ -1,10 +1,4 @@
{ { options, config, lib, pkgs, ... }:
options,
config,
lib,
pkgs,
...
}:
with lib; with lib;
with lib.metacfg; with lib.metacfg;

17
modules/darwin/system/fonts/default.nix
View file

@ -1,15 +1,8 @@
{ { options, config, pkgs, lib, ... }:
options,
config,
pkgs,
lib,
...
}:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
let let cfg = config.metacfg.system.fonts;
cfg = config.metacfg.system.fonts;
in in
{ {
options.metacfg.system.fonts = with types; { options.metacfg.system.fonts = with types; {
@ -24,16 +17,14 @@ in
}; };
fonts = { fonts = {
packages = packages = with pkgs;
with pkgs;
[ [
noto-fonts noto-fonts
noto-fonts-cjk-sans noto-fonts-cjk-sans
noto-fonts-cjk-serif noto-fonts-cjk-serif
noto-fonts-emoji noto-fonts-emoji
(nerdfonts.override { fonts = [ "Hack" ]; }) (nerdfonts.override { fonts = [ "Hack" ]; })
] ] ++ cfg.fonts;
++ cfg.fonts;
}; };
}; };
} }

14
modules/darwin/system/interface/default.nix
View file

@ -1,15 +1,8 @@
{ { options, config, pkgs, lib, ... }:
options,
config,
pkgs,
lib,
...
}:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
let let cfg = config.metacfg.system.interface;
cfg = config.metacfg.system.interface;
in in
{ {
options.metacfg.system.interface = with types; { options.metacfg.system.interface = with types; {
@ -17,8 +10,7 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
system.activationScripts.applications.text = system.activationScripts.applications.text = let
let
env = pkgs.buildEnv { env = pkgs.buildEnv {
name = "system-applications"; name = "system-applications";
paths = config.environment.systemPackages; paths = config.environment.systemPackages;

9
modules/darwin/user/default.nix
View file

@ -1,8 +1,7 @@
{ { lib
lib, , config
config, , pkgs
pkgs, , ...
...
}: }:
let let
inherit (lib) types mkIf mkDefault; inherit (lib) types mkIf mkDefault;

13
modules/home/cli-apps/bash/default.nix
View file

@ -1,8 +1,7 @@
{ { lib
lib, , config
config, , pkgs
pkgs, , ...
...
}: }:
let let
inherit (lib) mkEnableOption mkIf; inherit (lib) mkEnableOption mkIf;
@ -15,7 +14,9 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
home.packages = with pkgs; [ bashInteractive ]; home.packages = with pkgs; [
bashInteractive
];
programs.bash = { programs.bash = {
enable = true; enable = true;
initExtra = '' initExtra = ''

19
modules/home/cli-apps/bat/default.nix
View file

@ -1,12 +1,10 @@
{ { lib
lib, , config
config, , pkgs
pkgs, , ...
...
}: }:
with lib; with lib;
with lib.metacfg; with lib.metacfg; let
let
cfg = config.metacfg.cli-apps.bat; cfg = config.metacfg.cli-apps.bat;
in in
{ {
@ -18,12 +16,7 @@ in
programs.bat = { programs.bat = {
enable = true; enable = true;
config.theme = "ansi"; config.theme = "ansi";
extraPackages = with pkgs.bat-extras; [ extraPackages = with pkgs.bat-extras; [ batdiff batman batgrep batwatch ];
batdiff
batman
batgrep
batwatch
];
}; };
}; };
} }

15
modules/home/cli-apps/fish/default.nix
View file

@ -1,8 +1,7 @@
{ { lib
lib, , config
config, , pkgs
pkgs, , ...
...
}: }:
let let
inherit (lib) mkEnableOption mkIf; inherit (lib) mkEnableOption mkIf;
@ -34,8 +33,7 @@ in
end end
''; '';
plugins = [ plugins = [{
{
name = "foreign-env"; name = "foreign-env";
src = pkgs.fetchFromGitHub { src = pkgs.fetchFromGitHub {
owner = "oh-my-fish"; owner = "oh-my-fish";
@ -43,8 +41,7 @@ in
rev = "dddd9213272a0ab848d474d0cbde12ad034e65bc"; rev = "dddd9213272a0ab848d474d0cbde12ad034e65bc";
sha256 = "00xqlyl3lffc5l0viin1nyp819wf81fncqyz87jx8ljjdhilmgbs"; sha256 = "00xqlyl3lffc5l0viin1nyp819wf81fncqyz87jx8ljjdhilmgbs";
}; };
} }];
];
# shellInit = # shellInit =
# '' # ''

11
modules/home/cli-apps/home-manager/default.nix
View file

@ -1,9 +1,4 @@
{ { lib, config, pkgs, ... }:
lib,
config,
pkgs,
...
}:
let let
inherit (lib) mkEnableOption mkIf; inherit (lib) mkEnableOption mkIf;
@ -29,6 +24,8 @@ in
man = "${pkgs.bat-extras.batman}/bin/batman"; man = "${pkgs.bat-extras.batman}/bin/batman";
}; };
home.packages = with pkgs; [ vim ]; home.packages = with pkgs; [
vim
];
}; };
} }

17
modules/home/cli-apps/neovim/default.nix
View file

@ -1,9 +1,4 @@
{ { lib, config, pkgs, ... }:
lib,
config,
pkgs,
...
}:
let let
inherit (lib) mkEnableOption mkIf; inherit (lib) mkEnableOption mkIf;
@ -204,10 +199,7 @@ in
nix = 110; nix = 110;
ruby = 120; ruby = 120;
java = 130; java = 130;
go = [ go = [ 90 130 ];
90
130
];
}; };
}; };
}; };
@ -231,10 +223,7 @@ in
comment-nvim.enable = true; comment-nvim.enable = true;
}; };
vim.spellChecking.languages = [ vim.spellChecking.languages = [ "en" "de" ];
"en"
"de"
];
}; };
}; };
}; };

23
modules/home/cli-apps/starship/default.nix
View file

@ -1,8 +1,7 @@
{ { lib
lib, , config
config, , pkgs
pkgs, , ...
...
}: }:
let let
inherit (lib) mkEnableOption mkIf; inherit (lib) mkEnableOption mkIf;
@ -16,22 +15,16 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
home.packages = with pkgs; [ home.packages = with pkgs; [
(pkgs.nerdfonts.override { (pkgs.nerdfonts.override { fonts = [ "FiraCode" "DroidSansMono" "JetBrainsMono" ]; })
fonts = [
"FiraCode"
"DroidSansMono"
"JetBrainsMono"
];
})
]; ];
programs.starship = { programs.starship = {
enable = true; enable = true;
settings = { settings = {
container.format = "[\\[$name\\]]($style) "; container.format = "[\\[$name\\]]($style) ";
git_status = { git_status = {
ahead = "\${count}"; ahead = "$\{count}";
diverged = "\${ahead_count}\${behind_count}"; diverged = "$\{ahead_count}$\{behind_count}";
behind = "\${count}"; behind = "$\{count}";
}; };
}; };
}; };

18
modules/home/cli-apps/tmux/default.nix
View file

@ -1,12 +1,10 @@
{ { lib
lib, , config
config, , pkgs
pkgs, , ...
...
}: }:
with lib; with lib;
with lib.metacfg; with lib.metacfg; let
let
cfg = config.metacfg.cli-apps.tmux; cfg = config.metacfg.cli-apps.tmux;
in in
{ {
@ -14,5 +12,9 @@ in
enable = mkEnableOption "Tmux"; enable = mkEnableOption "Tmux";
}; };
config = mkIf cfg.enable { home.packages = with pkgs; [ tmux ]; }; config = mkIf cfg.enable {
home.packages = with pkgs; [
tmux
];
};
} }

9
modules/home/host/default.nix
View file

@ -1,11 +1,4 @@
{ { lib, config, pkgs, host ? null, format ? "unknown", ... }:
lib,
config,
pkgs,
host ? null,
format ? "unknown",
...
}:
let let
inherit (lib) types; inherit (lib) types;

17
modules/home/tools/alacritty/default.nix
View file

@ -1,8 +1,7 @@
{ { lib
lib, , config
config, , pkgs
pkgs, , ...
...
}: }:
let let
inherit (lib) mkEnableOption mkIf; inherit (lib) mkEnableOption mkIf;
@ -17,13 +16,7 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
home.packages = with pkgs; [ home.packages = with pkgs; [
alacritty alacritty
(pkgs.nerdfonts.override { (pkgs.nerdfonts.override { fonts = [ "FiraCode" "DroidSansMono" "JetBrainsMono" ]; })
fonts = [
"FiraCode"
"DroidSansMono"
"JetBrainsMono"
];
})
]; ];
}; };
} }

11
modules/home/tools/direnv/default.nix
View file

@ -1,15 +1,8 @@
{ { options, config, lib, pkgs, ... }:
options,
config,
lib,
pkgs,
...
}:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
let let cfg = config.metacfg.tools.direnv;
cfg = config.metacfg.tools.direnv;
in in
{ {
options.metacfg.tools.direnv = with types; { options.metacfg.tools.direnv = with types; {

26
modules/home/tools/git/default.nix
View file

@ -1,9 +1,4 @@
{ { lib, config, pkgs, ... }:
lib,
config,
pkgs,
...
}:
let let
inherit (lib) types mkEnableOption mkIf; inherit (lib) types mkEnableOption mkIf;
@ -18,8 +13,7 @@ in
userName = mkOpt types.str user.fullName "The name to configure git with."; userName = mkOpt types.str user.fullName "The name to configure git with.";
userEmail = mkOpt types.str user.email "The email to configure git with."; userEmail = mkOpt types.str user.email "The email to configure git with.";
signingKey = signingKey =
mkOpt types.str "7F3D64824AC0B6B8009E50504BC0896FB5693595" mkOpt types.str "7F3D64824AC0B6B8009E50504BC0896FB5693595" "The key ID to sign commits with.";
"The key ID to sign commits with.";
signByDefault = mkOpt types.bool false "Whether to sign commits by default."; signByDefault = mkOpt types.bool false "Whether to sign commits by default.";
}; };
@ -38,18 +32,10 @@ in
inherit (cfg) signByDefault; inherit (cfg) signByDefault;
}; };
extraConfig = { extraConfig = {
init = { init = { defaultBranch = "main"; };
defaultBranch = "main"; pull = { rebase = true; };
}; push = { autoSetupRemote = true; };
pull = { core = { whitespace = "trailing-space,space-before-tab"; };
rebase = true;
};
push = {
autoSetupRemote = true;
};
core = {
whitespace = "trailing-space,space-before-tab";
};
safe = { safe = {
directory = "${user.home}/git"; directory = "${user.home}/git";
}; };

23
modules/home/tools/jetbrains/default.nix
View file

@ -1,15 +1,8 @@
{ { options, config, lib, pkgs, ... }:
options,
config,
lib,
pkgs,
...
}:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
let let cfg = config.metacfg.tools.jetbrains;
cfg = config.metacfg.tools.jetbrains;
in in
{ {
options.metacfg.tools.jetbrains = with types; { options.metacfg.tools.jetbrains = with types; {
@ -17,16 +10,12 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
home.sessionPath = [ "$HOME/.local/share/JetBrains/Toolbox/scripts" ]; home.sessionPath = [
"$HOME/.local/share/JetBrains/Toolbox/scripts"
];
home.packages = with pkgs; [ home.packages = with pkgs; [
jetbrains-toolbox jetbrains-toolbox
(pkgs.nerdfonts.override { (pkgs.nerdfonts.override { fonts = [ "FiraCode" "DroidSansMono" "JetBrainsMono" ]; })
fonts = [
"FiraCode"
"DroidSansMono"
"JetBrainsMono"
];
})
]; ];
}; };
} }

11
modules/home/tools/ssh/default.nix
View file

@ -1,9 +1,4 @@
{ { lib, config, pkgs, ... }:
lib,
config,
pkgs,
...
}:
let let
inherit (lib) types mkEnableOption mkIf; inherit (lib) types mkEnableOption mkIf;
@ -15,7 +10,9 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
home.packages = with pkgs; [ mosh ]; home.packages = with pkgs; [
mosh
];
programs.ssh = { programs.ssh = {
enable = true; enable = true;
extraConfig = '' extraConfig = ''

15
modules/home/user/default.nix
View file

@ -1,18 +1,7 @@
{ { lib, config, pkgs, osConfig ? { }, ... }:
lib,
config,
pkgs,
osConfig ? { },
...
}:
let let
inherit (lib) inherit (lib) types mkIf mkDefault mkMerge;
types
mkIf
mkDefault
mkMerge
;
inherit (lib.metacfg) mkOpt; inherit (lib.metacfg) mkOpt;
cfg = config.metacfg.user; cfg = config.metacfg.user;

23
modules/nixos/home/default.nix
View file

@ -1,23 +1,15 @@
{ { options, config, pkgs, lib, inputs, ... }:
options,
config,
pkgs,
lib,
inputs,
...
}:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
let let cfg = config.metacfg.home;
cfg = config.metacfg.home;
in in
{ {
options.metacfg.home = with types; { options.metacfg.home = with types; {
file = mkOpt attrs { } (mdDoc "A set of files to be managed by home-manager's `home.file`."); file = mkOpt attrs { }
configFile = mkOpt attrs { } ( (mdDoc "A set of files to be managed by home-manager's `home.file`.");
mdDoc "A set of files to be managed by home-manager's `xdg.configFile`." configFile = mkOpt attrs { }
); (mdDoc "A set of files to be managed by home-manager's `xdg.configFile`.");
extraOptions = mkOpt attrs { } "Options to pass directly to home-manager."; extraOptions = mkOpt attrs { } "Options to pass directly to home-manager.";
}; };
@ -33,7 +25,8 @@ in
useUserPackages = true; useUserPackages = true;
useGlobalPkgs = true; useGlobalPkgs = true;
users.${config.metacfg.user.name} = mkAliasDefinitions options.metacfg.home.extraOptions; users.${config.metacfg.user.name} =
mkAliasDefinitions options.metacfg.home.extraOptions;
}; };
}; };
} }

11
modules/nixos/nix-ld/default.nix
View file

@ -1,15 +1,8 @@
{ { options, config, lib, pkgs, ... }:
options,
config,
lib,
pkgs,
...
}:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
let let cfg = config.metacfg.nix-ld;
cfg = config.metacfg.nix-ld;
in in
{ {
options.metacfg.nix-ld = with types; { options.metacfg.nix-ld = with types; {

56
modules/nixos/nix/default.nix
View file

@ -1,25 +1,15 @@
{ { options, config, pkgs, lib, inputs, ... }:
options,
config,
pkgs,
lib,
inputs,
...
}:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
let let
cfg = config.metacfg.nix; cfg = config.metacfg.nix;
substituters-submodule = types.submodule ( substituters-submodule = types.submodule ({ name, ... }: {
{ name, ... }:
{
options = with types; { options = with types; {
key = mkOpt (nullOr str) null "The trusted public key for this substituter."; key = mkOpt (nullOr str) null "The trusted public key for this substituter.";
}; };
} });
);
in in
{ {
options.metacfg.nix = with types; { options.metacfg.nix = with types; {
@ -28,23 +18,25 @@ in
default-substituter = { default-substituter = {
url = mkOpt str "https://cache.nixos.org" "The url for the substituter."; url = mkOpt str "https://cache.nixos.org" "The url for the substituter.";
key = key = mkOpt str "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" "The trusted public key for the substituter.";
mkOpt str "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"The trusted public key for the substituter.";
}; };
extra-substituters = mkOpt (attrsOf substituters-submodule) { } "Extra substituters to configure."; extra-substituters = mkOpt (attrsOf substituters-submodule) { } "Extra substituters to configure.";
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
assertions = mapAttrsToList (name: value: { assertions = mapAttrsToList
(name: value: {
assertion = value.key != null; assertion = value.key != null;
message = "metacfg.nix.extra-substituters.${name}.key must be set"; message = "metacfg.nix.extra-substituters.${name}.key must be set";
}) cfg.extra-substituters; })
cfg.extra-substituters;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
metacfg.nixos-revision metacfg.nixos-revision
(metacfg.nixos-hosts.override { hosts = inputs.self.nixosConfigurations; }) (metacfg.nixos-hosts.override {
hosts = inputs.self.nixosConfigurations;
})
deploy-rs deploy-rs
nixfmt nixfmt
nix-index nix-index
@ -56,10 +48,8 @@ in
nix = nix =
let let
users = [ users = [ "root" config.metacfg.user.name ] ++
"root" optional config.services.hydra.enable "hydra";
config.metacfg.user.name
] ++ optional config.services.hydra.enable "hydra";
extra-substituters = cfg.extra-substituters // { extra-substituters = cfg.extra-substituters // {
"https://attic.teepot.org/tee-pot".key = "tee-pot:SS6HcrpG87S1M6HZGPsfo7d1xJccCGev7/tXc5+I4jg="; "https://attic.teepot.org/tee-pot".key = "tee-pot:SS6HcrpG87S1M6HZGPsfo7d1xJccCGev7/tXc5+I4jg=";
}; };
@ -67,8 +57,7 @@ in
{ {
package = cfg.package; package = cfg.package;
settings = settings = {
{
experimental-features = "nix-command flakes"; experimental-features = "nix-command flakes";
http-connections = 50; http-connections = 50;
warn-dirty = false; warn-dirty = false;
@ -78,15 +67,16 @@ in
trusted-users = users; trusted-users = users;
allowed-users = users; allowed-users = users;
substituters = [ substituters =
cfg.default-substituter.url [ cfg.default-substituter.url ]
] ++ (mapAttrsToList (name: value: name) extra-substituters); ++
trusted-public-keys = [ (mapAttrsToList (name: value: name) extra-substituters);
cfg.default-substituter.key trusted-public-keys =
] ++ (mapAttrsToList (name: value: value.key) extra-substituters); [ cfg.default-substituter.key ]
++
(mapAttrsToList (name: value: value.key) extra-substituters);
} } // (lib.optionalAttrs config.metacfg.tools.direnv.enable {
// (lib.optionalAttrs config.metacfg.tools.direnv.enable {
keep-outputs = true; keep-outputs = true;
keep-derivations = true; keep-derivations = true;
}); });

20
modules/nixos/services/base/default.nix
View file

@ -1,9 +1,8 @@
{ { options
options, , config
config, , lib
lib, , pkgs
pkgs, , ...
...
}: }:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
@ -40,9 +39,7 @@ in
}; };
environment = { environment = {
sessionVariables = { sessionVariables = { PATH = "$HOME/bin"; };
PATH = "$HOME/bin";
};
systemPackages = with pkgs; [ systemPackages = with pkgs; [
age age
bash bash
@ -76,10 +73,7 @@ in
"$@" "$@"
'') '')
]; ];
shells = [ shells = [ pkgs.fish pkgs.bash ];
pkgs.fish
pkgs.bash
];
}; };
hardware = { hardware = {

25
modules/nixos/services/gui/default.nix
View file

@ -1,15 +1,8 @@
{ { options, config, lib, pkgs, ... }:
options,
config,
lib,
pkgs,
...
}:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
let let cfg = config.metacfg.gui;
cfg = config.metacfg.gui;
in in
{ {
options.metacfg.gui = with types; { options.metacfg.gui = with types; {
@ -67,18 +60,12 @@ in
hardware.pulseaudio.enable = false; hardware.pulseaudio.enable = false;
hardware.opengl = { hardware.opengl = {
enable = true; enable = true;
driSupport = true;
driSupport32Bit = true;
extraPackages = with pkgs; [ extraPackages = with pkgs; [
onevpl-intel-gpu onevpl-intel-gpu
intel-compute-runtime intel-compute-runtime
intel-media-driver # LIBVA_DRIVER_NAME=iHD intel-media-driver # LIBVA_DRIVER_NAME=iHD
#intel-vaapi-driver # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium) #intel-vaapi-driver # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
libvdpau-va-gl libvdpau-va-gl
rocmPackages.clr.icd
amdvlk
]; ];
}; };
environment.sessionVariables = { environment.sessionVariables = {
@ -157,13 +144,7 @@ in
noto-fonts-emoji noto-fonts-emoji
liberation_ttf liberation_ttf
freefont_ttf freefont_ttf
(nerdfonts.override { (nerdfonts.override { fonts = [ "FiraCode" "DroidSansMono" "JetBrainsMono" ]; })
fonts = [
"FiraCode"
"DroidSansMono"
"JetBrainsMono"
];
})
]; ];
fontconfig = { fontconfig = {

11
modules/nixos/services/homeprinter/default.nix
View file

@ -1,15 +1,8 @@
{ { options, config, lib, pkgs, ... }:
options,
config,
lib,
pkgs,
...
}:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
let let cfg = config.metacfg.homeprinter;
cfg = config.metacfg.homeprinter;
in in
{ {
options.metacfg.homeprinter = with types; { options.metacfg.homeprinter = with types; {

15
modules/nixos/services/podman/default.nix
View file

@ -1,15 +1,8 @@
{ { options, config, lib, pkgs, ... }:
options,
config,
lib,
pkgs,
...
}:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
let let cfg = config.metacfg.podman;
cfg = config.metacfg.podman;
in in
{ {
options.metacfg.podman = with types; { options.metacfg.podman = with types; {
@ -25,9 +18,7 @@ in
dockerCompat = lib.mkDefault true; dockerCompat = lib.mkDefault true;
# For Nixos version > 22.11 # For Nixos version > 22.11
defaultNetwork.settings = { defaultNetwork.settings = { dns_enabled = true; };
dns_enabled = true;
};
}; };
}; };
}; };

11
modules/nixos/services/secureboot/default.nix
View file

@ -1,15 +1,8 @@
{ { options, config, lib, pkgs, ... }:
options,
config,
lib,
pkgs,
...
}:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
let let cfg = config.metacfg.secureboot;
cfg = config.metacfg.secureboot;
in in
{ {
options.metacfg.secureboot = with types; { options.metacfg.secureboot = with types; {

23
modules/nixos/sgx/aesmd_dcap/default.nix
View file

@ -1,10 +1,4 @@
{ { options, config, lib, pkgs, ... }:
options,
config,
lib,
pkgs,
...
}:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
@ -27,15 +21,14 @@ in
quoteProviderLibrary = pkgs.nixsgx.sgx-dcap.default_qpl; quoteProviderLibrary = pkgs.nixsgx.sgx-dcap.default_qpl;
}; };
systemd.services.aesmd = { systemd.services.aesmd = {
environment.LD_LIBRARY_PATH = lib.mkForce ( environment.LD_LIBRARY_PATH = lib.mkForce (lib.makeLibraryPath [ pkgs.nixsgx.sgx-dcap.default_qpl pkgs.curl.out ]);
lib.makeLibraryPath [
pkgs.nixsgx.sgx-dcap.default_qpl
pkgs.curl.out
]
);
serviceConfig = { serviceConfig = {
BindReadOnlyPaths = [ "/etc/sgx_default_qcnl.conf" ]; BindReadOnlyPaths = [
BindPaths = [ "/dev/log" ]; "/etc/sgx_default_qcnl.conf"
];
BindPaths = [
"/dev/log"
];
}; };
}; };
}; };

12
modules/nixos/sgx/pccs/default.nix
View file

@ -1,10 +1,4 @@
{ { options, config, lib, pkgs, ... }:
options,
config,
lib,
pkgs,
...
}:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
@ -55,7 +49,8 @@ in
}; };
}; };
systemd.services.pccs-secret = { systemd.services.pccs-secret =
{
description = "Inject pccs secret"; description = "Inject pccs secret";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
before = [ "podman-pccs.service" ]; before = [ "podman-pccs.service" ];
@ -69,5 +64,6 @@ in
}; };
}; };
}; };
} }

11
modules/nixos/tools/direnv/default.nix
View file

@ -1,15 +1,8 @@
{ { options, config, lib, pkgs, ... }:
options,
config,
lib,
pkgs,
...
}:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
let let cfg = config.metacfg.tools.direnv;
cfg = config.metacfg.tools.direnv;
in in
{ {
options.metacfg.tools.direnv = with types; { options.metacfg.tools.direnv = with types; {

27
modules/nixos/tools/git/default.nix
View file

@ -1,10 +1,4 @@
{ { options, config, pkgs, lib, ... }:
options,
config,
pkgs,
lib,
...
}:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
@ -18,7 +12,8 @@ in
enable = mkBoolOpt false "Whether or not to install and configure git."; enable = mkBoolOpt false "Whether or not to install and configure git.";
userName = mkOpt types.str user.fullName "The name to configure git with."; userName = mkOpt types.str user.fullName "The name to configure git with.";
userEmail = mkOpt types.str user.email "The email to configure git with."; userEmail = mkOpt types.str user.email "The email to configure git with.";
signingKey = mkOpt types.str "9762169A1B35EA68" "The key ID to sign commits with."; signingKey =
mkOpt types.str "9762169A1B35EA68" "The key ID to sign commits with.";
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
@ -34,18 +29,10 @@ in
signByDefault = mkIf gpg.enable true; signByDefault = mkIf gpg.enable true;
}; };
extraConfig = { extraConfig = {
init = { init = { defaultBranch = "main"; };
defaultBranch = "main"; pull = { rebase = true; };
}; push = { autoSetupRemote = true; };
pull = { core = { whitespace = "trailing-space,space-before-tab"; };
rebase = true;
};
push = {
autoSetupRemote = true;
};
core = {
whitespace = "trailing-space,space-before-tab";
};
safe = { safe = {
directory = "${user.home}/git"; directory = "${user.home}/git";
}; };

46
modules/nixos/user/default.nix
View file

@ -1,13 +1,11 @@
{ { options
options, , config
config, , pkgs
pkgs, , lib
lib, , ...
...
}: }:
with lib; with lib;
with lib.metacfg; with lib.metacfg; let
let
cfg = config.metacfg.user; cfg = config.metacfg.user;
defaultIconFileName = "profile.jpg"; defaultIconFileName = "profile.jpg";
defaultIcon = pkgs.stdenvNoCC.mkDerivation { defaultIcon = pkgs.stdenvNoCC.mkDerivation {
@ -20,17 +18,11 @@ let
cp $src $out cp $src $out
''; '';
passthru = { passthru = { fileName = defaultIconFileName; };
fileName = defaultIconFileName;
};
}; };
propagatedIcon = propagatedIcon =
pkgs.runCommandNoCC "propagated-icon" pkgs.runCommandNoCC "propagated-icon"
{ { passthru = { fileName = cfg.icon.fileName; }; }
passthru = {
fileName = cfg.icon.fileName;
};
}
'' ''
local target="$out/share/metacfg-icons/user/${cfg.name}" local target="$out/share/metacfg-icons/user/${cfg.name}"
mkdir -p "$target" mkdir -p "$target"
@ -46,7 +38,9 @@ in
initialPassword = initialPassword =
mkOpt str "password" mkOpt str "password"
"The initial password to use when the user is first created."; "The initial password to use when the user is first created.";
icon = mkOpt (nullOr package) defaultIcon "The profile picture to use for the user."; icon =
mkOpt (nullOr package) defaultIcon
"The profile picture to use for the user.";
prompt-init = mkBoolOpt true "Whether or not to show an initial message when opening a new shell."; prompt-init = mkBoolOpt true "Whether or not to show an initial message when opening a new shell.";
extraGroups = mkOpt (listOf str) [ ] "Groups for the user to be assigned."; extraGroups = mkOpt (listOf str) [ ] "Groups for the user to be assigned.";
sshKeys = mkOpt (listOf str) [ sshKeys = mkOpt (listOf str) [
@ -55,11 +49,14 @@ in
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAYbUTKpy4QR3s944/hjJ1UK05asFEs/SmWeUbtS0cdA660sT4xHnRfals73FicOoz+uIucJCwn/SCM804j+wtM=" "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAYbUTKpy4QR3s944/hjJ1UK05asFEs/SmWeUbtS0cdA660sT4xHnRfals73FicOoz+uIucJCwn/SCM804j+wtM="
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNsmP15vH8BVKo7bdvIiiEjiQboPGcRPqJK0+bH4jKD harald@lenovo.fritz.box" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNsmP15vH8BVKo7bdvIiiEjiQboPGcRPqJK0+bH4jKD harald@lenovo.fritz.box"
] "ssh keys"; ] "ssh keys";
extraOptions = mkOpt attrs { } (mdDoc "Extra options passed to `users.users.<name>`."); extraOptions =
mkOpt attrs { }
(mdDoc "Extra options passed to `users.users.<name>`.");
}; };
config = { config = {
environment.systemPackages = with pkgs; [ ]; environment.systemPackages = with pkgs; [
];
metacfg.home = { metacfg.home = {
file = { file = {
@ -71,7 +68,10 @@ in
"Videos/.keep".text = ""; "Videos/.keep".text = "";
"work/.keep".text = ""; "work/.keep".text = "";
".face".source = cfg.icon; ".face".source = cfg.icon;
"Pictures/${cfg.icon.fileName or (builtins.baseNameOf cfg.icon)}".source = cfg.icon; "Pictures/${
cfg.icon.fileName or (builtins.baseNameOf cfg.icon)
}".source =
cfg.icon;
}; };
extraOptions.programs.bash.initExtra = '' extraOptions.programs.bash.initExtra = ''
@ -85,7 +85,8 @@ in
''; '';
}; };
users.users.${cfg.name} = { users.users.${cfg.name} =
{
isNormalUser = true; isNormalUser = true;
# inherit (cfg) name initialPassword; # inherit (cfg) name initialPassword;
@ -104,6 +105,7 @@ in
uid = 1000; uid = 1000;
extraGroups = [ "wheel" ] ++ cfg.extraGroups; extraGroups = [ "wheel" ] ++ cfg.extraGroups;
} // cfg.extraOptions; }
// cfg.extraOptions;
}; };
} }

6
overlays/jetbrains-toolbox/default.nix
View file

@ -1 +1,5 @@
{ channels, ... }: final: prev: { inherit (channels.unstable) jetbrains-toolbox ollama; } { channels, ... }:
final: prev:
{
inherit (channels.unstable) jetbrains-toolbox;
}

6
overlays/nixsgx/default.nix
View file

@ -1 +1,5 @@
{ channels, ... }: final: prev: { inherit (channels.nixpkgs.nixsgx) sgx-psw; } { channels, ... }:
final: prev:
{
inherit (channels.nixpkgs.nixsgx) sgx-psw;
}

60
packages/dcpl2530dw-cups/default.nix
View file

@ -1,18 +1,17 @@
{ { lib
lib, , stdenv
stdenv, , fetchurl
fetchurl, , makeWrapper
makeWrapper, , cups
cups, , dpkg
dpkg, , a2ps
a2ps, , ghostscript
ghostscript, , gnugrep
gnugrep, , gnused
gnused, , coreutils
coreutils, , file
file, , perl
perl, , which
which,
}: }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
@ -28,12 +27,7 @@ stdenv.mkDerivation rec {
}; };
nativeBuildInputs = [ makeWrapper ]; nativeBuildInputs = [ makeWrapper ];
buildInputs = [ buildInputs = [ cups ghostscript dpkg a2ps ];
cups
ghostscript
dpkg
a2ps
];
dontUnpack = true; dontUnpack = true;
@ -61,14 +55,9 @@ stdenv.mkDerivation rec {
; do ; do
#substituteInPlace $f \ #substituteInPlace $f \
wrapProgram $f \ wrapProgram $f \
--prefix PATH : ${ --prefix PATH : ${lib.makeBinPath [
lib.makeBinPath [ coreutils ghostscript gnugrep gnused
coreutils ]}
ghostscript
gnugrep
gnused
]
}
done done
mkdir -p $out/lib/cups/filter/ mkdir -p $out/lib/cups/filter/
@ -78,17 +67,7 @@ stdenv.mkDerivation rec {
ln -s $out/opt/brother/Printers/DCPL2530DW/cupswrapper/brother-DCPL2530DW-cups-en.ppd $out/share/cups/model/ ln -s $out/opt/brother/Printers/DCPL2530DW/cupswrapper/brother-DCPL2530DW-cups-en.ppd $out/share/cups/model/
wrapProgram $out/opt/brother/Printers/DCPL2530DW/lpd/lpdfilter \ wrapProgram $out/opt/brother/Printers/DCPL2530DW/lpd/lpdfilter \
--prefix PATH ":" ${ --prefix PATH ":" ${ lib.makeBinPath [ ghostscript a2ps file gnused gnugrep coreutils which ] }
lib.makeBinPath [
ghostscript
a2ps
file
gnused
gnugrep
coreutils
which
]
}
''; '';
meta = with lib; { meta = with lib; {
@ -100,3 +79,4 @@ stdenv.mkDerivation rec {
downloadPage = "https://www.brother.de/support/dcp-l2530dw/downloads"; downloadPage = "https://www.brother.de/support/dcp-l2530dw/downloads";
}; };
} }

25
packages/nixos-hosts/default.nix
View file

@ -1,12 +1,11 @@
{ { lib
lib, , writeText
writeText, , writeShellApplication
writeShellApplication, , substituteAll
substituteAll, , gum
gum, , inputs
inputs, , hosts ? { }
hosts ? { }, , ...
...
}: }:
let let
@ -15,7 +14,9 @@ let
substitute = args: builtins.readFile (substituteAll args); substitute = args: builtins.readFile (substituteAll args);
formatted-hosts = mapAttrsToList (name: host: "${name},${host.pkgs.system}") hosts; formatted-hosts = mapAttrsToList
(name: host: "${name},${host.pkgs.system}")
hosts;
hosts-csv = writeText "hosts.csv" '' hosts-csv = writeText "hosts.csv" ''
Name,System Name,System
@ -34,7 +35,9 @@ let
checkPhase = ""; checkPhase = "";
runtimeInputs = [ gum ]; runtimeInputs = [
gum
];
}; };
new-meta = with lib; { new-meta = with lib; {

12
packages/nixos-revision/default.nix
View file

@ -1,8 +1,7 @@
{ { pkgs
pkgs, , lib
lib, , gitHostCommitUrl ? "https://git.hoyer.xyz/harald/nixcfg/commit"
gitHostCommitUrl ? "https://git.hoyer.xyz/harald/nixcfg/commit", , ...
...
}: }:
let let
@ -14,7 +13,8 @@ let
maintainers = with maintainers; [ jakehamilton ]; maintainers = with maintainers; [ jakehamilton ];
}; };
package = pkgs.writeShellScriptBin "nixos-revision" '' package =
pkgs.writeShellScriptBin "nixos-revision" ''
HAS_HELP=false HAS_HELP=false
HAS_OPEN=false HAS_OPEN=false

11
packages/rot8000/default.nix
View file

@ -1,9 +1,8 @@
{ { lib
lib, , stdenv
stdenv, , rustPlatform
rustPlatform, , fetchFromGitHub
fetchFromGitHub, , ...
...
}: }:
rustPlatform.buildRustPackage rec { rustPlatform.buildRustPackage rec {
pname = "rot8000"; pname = "rot8000";

4
systems/x86_64-darwin/mpro/default.nix
View file

@ -8,7 +8,9 @@ with lib.metacfg;
}; };
}; };
environment.systemPath = [ "/usr/local/Homebrew/bin" ]; environment.systemPath = [
"/usr/local/Homebrew/bin"
];
users.users.harald.shell = pkgs.fish; users.users.harald.shell = pkgs.fish;

27
systems/x86_64-linux/mx/acme.nix
View file

@ -1,9 +1,4 @@
{ { pkgs, lib, config, ... }:
pkgs,
lib,
config,
...
}:
{ {
sops.secrets.internetbs = { sops.secrets.internetbs = {
sopsFile = ../../../.secrets/hetzner/internetbs.yaml; # bring your own password file sopsFile = ../../../.secrets/hetzner/internetbs.yaml; # bring your own password file
@ -18,19 +13,27 @@
}; };
certs = { certs = {
"surfsite.org" = { "surfsite.org" = {
extraDomainNames = [ "*.surfsite.org" ]; extraDomainNames = [
"*.surfsite.org"
];
}; };
"hartwin-hoyer.de" = { "hartwin-hoyer.de" = {
extraDomainNames = [ "*.hartwin-hoyer.de" ]; extraDomainNames = [
"*.hartwin-hoyer.de"
];
}; };
"herward-hoyer.de" = { "herward-hoyer.de" = {
extraDomainNames = [ "*.herward-hoyer.de" ]; extraDomainNames = [
"*.herward-hoyer.de"
];
}; };
"varlink.org" = { "varlink.org" = {
extraDomainNames = [ "*.varlink.org" ]; extraDomainNames = [
"*.varlink.org"
];
}; };
"meike-hoyer.de" = { }; "meike-hoyer.de" = { };
@ -68,7 +71,9 @@
}; };
"harald-hoyer.de" = { "harald-hoyer.de" = {
extraDomainNames = [ "*.harald-hoyer.de" ]; extraDomainNames = [
"*.harald-hoyer.de"
];
}; };
}; };
}; };

2
systems/x86_64-linux/mx/backup.nix
View file

@ -4,7 +4,7 @@
shell = pkgs.bash; shell = pkgs.bash;
isNormalUser = true; isNormalUser = true;
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
''restrict,command="/run/wrappers/bin/rrsync -ro /" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQGdtB6BFdXN+cRepkzWhbG5KRIM5nXmHiw1K+CEhGihwWsNVKGgU/q4rePK6PVNflTIoHUfL30jkA7H8VpSzu0XOa97Tqf+sF9VQOFrMjpf2rOWv38nc2GnKpnUu68c17KRZ+i8cnPZH0VUqRzaY/1IPMFH3OYO4qHJAEN5oAsyMFI9pbqFLqRnwNALjxf8fUvR/XB88zt3P34vFFer15FtLr4dlIzoEFGdUSOErmGJGmDzTptMqi/t0kn2AgaBKzMxwGTDUj6adU6KKBERj4ii3ekOrPwcNjsws3Mtlm5p8ycUkwUFoIiXukF6XRzCRSWMbZOgSnu2TfC6jRRrdbMNWn4QGF/jdBvvKcBoD4sChzpG6aF4m+7ue0QuHES7Kd2Rwnq0jbesGuBnRciDN+jssGvxZKX7XEialuXiaTQ4jPUA4zgWq474CR6ksuxpUDlKpH+leWPLtuKlhEZZnJHCMhz8Ewk/ZwiNSbLO97cwJciBM71orGWpFxHciT1QE= root@sgx'' "restrict,command=\"/run/wrappers/bin/rrsync -ro /\" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQGdtB6BFdXN+cRepkzWhbG5KRIM5nXmHiw1K+CEhGihwWsNVKGgU/q4rePK6PVNflTIoHUfL30jkA7H8VpSzu0XOa97Tqf+sF9VQOFrMjpf2rOWv38nc2GnKpnUu68c17KRZ+i8cnPZH0VUqRzaY/1IPMFH3OYO4qHJAEN5oAsyMFI9pbqFLqRnwNALjxf8fUvR/XB88zt3P34vFFer15FtLr4dlIzoEFGdUSOErmGJGmDzTptMqi/t0kn2AgaBKzMxwGTDUj6adU6KKBERj4ii3ekOrPwcNjsws3Mtlm5p8ycUkwUFoIiXukF6XRzCRSWMbZOgSnu2TfC6jRRrdbMNWn4QGF/jdBvvKcBoD4sChzpG6aF4m+7ue0QuHES7Kd2Rwnq0jbesGuBnRciDN+jssGvxZKX7XEialuXiaTQ4jPUA4zgWq474CR6ksuxpUDlKpH+leWPLtuKlhEZZnJHCMhz8Ewk/ZwiNSbLO97cwJciBM71orGWpFxHciT1QE= root@sgx"
]; ];
}; };

27
systems/x86_64-linux/mx/coturn.nix
View file

@ -1,9 +1,4 @@
{ { pkgs, lib, config, ... }:
pkgs,
lib,
config,
...
}:
{ {
sops.secrets."coturn/static-auth-secret" = { sops.secrets."coturn/static-auth-secret" = {
sopsFile = ../../../.secrets/hetzner/coturn.yaml; # bring your own password file sopsFile = ../../../.secrets/hetzner/coturn.yaml; # bring your own password file
@ -13,30 +8,20 @@
networking.firewall = networking.firewall =
let let
range = with config.services.coturn; [ range = with config.services.coturn; [{
{
from = min-port; from = min-port;
to = max-port; to = max-port;
} }];
];
in in
{ {
allowedUDPPortRanges = range; allowedUDPPortRanges = range;
allowedTCPPorts = [ allowedTCPPorts = [ 3478 3479 5349 ];
3478 allowedUDPPorts = [ 3478 3479 5349 ];
3479
5349
];
allowedUDPPorts = [
3478
3479
5349
];
}; };
# get a certificate # get a certificate
security.acme.certs.${config.services.coturn.realm} = { security.acme.certs.${config.services.coturn.realm} = {
# insert here the right configuration to obtain a certificate /* insert here the right configuration to obtain a certificate */
postRun = "systemctl restart coturn.service"; postRun = "systemctl restart coturn.service";
group = "turnserver"; group = "turnserver";
}; };

7
systems/x86_64-linux/mx/forgejo.nix
View file

@ -1,9 +1,4 @@
{ { pkgs, lib, config, ... }:
pkgs,
lib,
config,
...
}:
{ {
sops.secrets."postgres/gitea_dbpass" = { sops.secrets."postgres/gitea_dbpass" = {
sopsFile = ../../../.secrets/hetzner/postgres.yaml; # bring your own password file sopsFile = ../../../.secrets/hetzner/postgres.yaml; # bring your own password file

17
systems/x86_64-linux/mx/hardware-configuration.nix
View file

@ -1,15 +1,12 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ { lib, pkgs, modulesPath, ... }:
lib,
pkgs,
modulesPath,
...
}:
{ {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.kernelPackages = lib.mkForce pkgs.linuxPackages; boot.kernelPackages = lib.mkForce pkgs.linuxPackages;
@ -31,16 +28,14 @@
"rng_core" "rng_core"
]; ];
boot.swraid.enable = true; boot.swraid.enable = true;
boot.swraid.mdadmConf = '' boot.swraid.mdadmConf = ''
MAILADDR admin@hoyer.xyz MAILADDR admin@hoyer.xyz
''; '';
disko.devices = import ./server-raid.nix { disko.devices = import ./server-raid.nix {
inherit lib; inherit lib;
disks = [ disks = [ "/dev/sda" "/dev/sdb" ];
"/dev/sda"
"/dev/sdb"
];
}; };
swapDevices = [{ device = "/swapfile"; }]; swapDevices = [{ device = "/swapfile"; }];

4
systems/x86_64-linux/mx/kicker.nix
View file

@ -9,7 +9,9 @@
"/home/hartwin/kicker/.htpasswd:/app/public/.htpasswd" "/home/hartwin/kicker/.htpasswd:/app/public/.htpasswd"
"/home/hartwin/kicker/live.db:/app/db/data/current.db" "/home/hartwin/kicker/live.db:/app/db/data/current.db"
]; ];
extraOptions = [ "--pull=always" ]; extraOptions = [
"--pull=always"
];
}; };
}; };
} }

7
systems/x86_64-linux/mx/mailserver.nix
View file

@ -1,9 +1,4 @@
{ { pkgs, lib, config, ... }:
pkgs,
lib,
config,
...
}:
{ {
# email addresses git smudged # email addresses git smudged
mailserver = { mailserver = {

23
systems/x86_64-linux/mx/network.nix
View file

@ -8,10 +8,7 @@
services.resolved.extraConfig = "ReadEtcHosts=no"; services.resolved.extraConfig = "ReadEtcHosts=no";
services.nscd.enableNsncd = false; services.nscd.enableNsncd = false;
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [ 80 443 ];
80
443
];
networking.firewall.allowPing = true; networking.firewall.allowPing = true;
networking.hostName = "mx"; # Define your hostname. networking.hostName = "mx"; # Define your hostname.
@ -29,26 +26,20 @@
networking.interfaces.enp0s31f6 = { networking.interfaces.enp0s31f6 = {
ipv6 = { ipv6 = {
addresses = [ addresses = [{
{
address = "2a01:4f9:2b:2e3::2"; # Your IPv6 here address = "2a01:4f9:2b:2e3::2"; # Your IPv6 here
prefixLength = 64; prefixLength = 64;
} }];
];
# Default IPv6 route # Default IPv6 route
routes = [ routes = [{
{
address = "::"; address = "::";
prefixLength = 0; prefixLength = 0;
via = "fe80::1"; via = "fe80::1";
} }];
];
}; };
ipv4.addresses = [ ipv4.addresses = [{
{
address = "95.216.66.178"; address = "95.216.66.178";
prefixLength = 26; prefixLength = 26;
} }];
];
}; };
} }

4
systems/x86_64-linux/mx/nextcloud.nix
View file

@ -49,7 +49,9 @@
}; };
services.postgresql = { services.postgresql = {
ensureDatabases = [ "nextcloud" ]; ensureDatabases = [
"nextcloud"
];
ensureUsers = [ ensureUsers = [
{ {
name = "nextcloud"; name = "nextcloud";

17
systems/x86_64-linux/mx/nginx.nix
View file

@ -30,6 +30,7 @@
root = "/var/www/hoyer.xyz/html"; root = "/var/www/hoyer.xyz/html";
}; };
"hoyer.world" = { "hoyer.world" = {
enableACME = false; enableACME = false;
useACMEHost = "hoyer.world"; useACMEHost = "hoyer.world";
@ -46,7 +47,9 @@
"hoyer.xyz" = { "hoyer.xyz" = {
# serverName = "hoyer.xyz"; # serverName = "hoyer.xyz";
serverAliases = [ "www.hoyer.xyz" ]; serverAliases = [
"www.hoyer.xyz"
];
useACMEHost = "hoyer.xyz"; useACMEHost = "hoyer.xyz";
enableACME = false; enableACME = false;
forceSSL = true; forceSSL = true;
@ -105,13 +108,17 @@
}; };
"harald-hoyer.de" = { "harald-hoyer.de" = {
serverAliases = [ "www.harald-hoyer.de" ]; serverAliases = [
"www.harald-hoyer.de"
];
useACMEHost = "harald-hoyer.de"; useACMEHost = "harald-hoyer.de";
globalRedirect = "harald.hoyer.xyz"; globalRedirect = "harald.hoyer.xyz";
forceSSL = true; forceSSL = true;
}; };
"harald.hoyer.xyz" = { "harald.hoyer.xyz" = {
serverAliases = [ "www.harald.hoyer.xyz" ]; serverAliases = [
"www.harald.hoyer.xyz"
];
useACMEHost = "hoyer.xyz"; useACMEHost = "hoyer.xyz";
root = "/var/www/harald.hoyer.xyz/html/"; root = "/var/www/harald.hoyer.xyz/html/";
extraConfig = '' extraConfig = ''
@ -134,7 +141,9 @@
}; };
"hartwin-hoyer.de" = { "hartwin-hoyer.de" = {
serverAliases = [ "www.hartwin-hoyer.de" ]; serverAliases = [
"www.hartwin-hoyer.de"
];
useACMEHost = "hartwin-hoyer.de"; useACMEHost = "hartwin-hoyer.de";
globalRedirect = "hartwin.hoyer.xyz"; globalRedirect = "hartwin.hoyer.xyz";
forceSSL = true; forceSSL = true;

7
systems/x86_64-linux/mx/postgresql.nix
View file

@ -1,9 +1,4 @@
{ { pkgs, lib, config, ... }:
pkgs,
lib,
config,
...
}:
{ {
services.postgresql = { services.postgresql = {
package = pkgs.postgresql_14; package = pkgs.postgresql_14;

6
systems/x86_64-linux/mx/rspamd.nix
View file

@ -10,12 +10,10 @@ let
''; '';
in in
{ {
services.rspamd.workers.controller.bindSockets = [ services.rspamd.workers.controller.bindSockets = [{
{
socket = "/run/rspamd/worker-controller.sock"; socket = "/run/rspamd/worker-controller.sock";
mode = "0660"; mode = "0660";
} }];
];
services.rspamd.locals = { services.rspamd.locals = {
"settings.conf".text = '' "settings.conf".text = ''
bogenschiessen { bogenschiessen {

9
systems/x86_64-linux/mx/server-raid.nix
View file

@ -1,11 +1,4 @@
{ { disks ? [ "/dev/sda" "/dev/sdb" ], ... }: {
disks ? [
"/dev/sda"
"/dev/sdb"
],
...
}:
{
disk = { disk = {
one = { one = {
type = "disk"; type = "disk";

11
systems/x86_64-linux/sgx-attic/atticd.nix
View file

@ -1,9 +1,4 @@
{ { pkgs, lib, config, ... }:
pkgs,
lib,
config,
...
}:
{ {
services.postgresql = { services.postgresql = {
enable = true; enable = true;
@ -15,7 +10,9 @@
$PSQL -tAc 'ALTER DATABASE "attic" OWNER TO "atticd"' $PSQL -tAc 'ALTER DATABASE "attic" OWNER TO "atticd"'
''; '';
environment.systemPackages = with pkgs; [ attic-client ]; environment.systemPackages = with pkgs; [
attic-client
];
services.atticd = { services.atticd = {
enable = true; enable = true;

7
systems/x86_64-linux/sgx-attic/default.nix
View file

@ -1,9 +1,4 @@
{ { pkgs, lib, config, ... }:
pkgs,
lib,
config,
...
}:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
{ {

19
systems/x86_64-linux/sgx-attic/hardware-configuration.nix
View file

@ -1,28 +1,17 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ { config, lib, pkgs, modulesPath, ... }:
config,
lib,
pkgs,
modulesPath,
...
}:
{ {
imports = [ imports =
[
./disko.nix ./disko.nix
(modulesPath + "/profiles/qemu-guest.nix") (modulesPath + "/profiles/qemu-guest.nix")
]; ];
disko.devices.disk.main.device = "/dev/vda"; disko.devices.disk.main.device = "/dev/vda";
boot.initrd.availableKernelModules = [ boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
"ahci"
"xhci_pci"
"virtio_pci"
"sr_mod"
"virtio_blk"
];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];

30
systems/x86_64-linux/sgx-nixos/default.nix
View file

@ -1,13 +1,10 @@
{ { pkgs, lib, config, ... }:
pkgs,
lib,
config,
...
}:
with lib; with lib;
with lib.metacfg; with lib.metacfg;
{ {
imports = [ ./hardware-configuration.nix ]; imports = [
./hardware-configuration.nix
];
boot.kernel.sysctl."net.ipv4.conf.all.route_localnet" = 1; boot.kernel.sysctl."net.ipv4.conf.all.route_localnet" = 1;
boot.kernelPackages = lib.mkOverride 0 pkgs.linuxPackages_latest; boot.kernelPackages = lib.mkOverride 0 pkgs.linuxPackages_latest;
@ -23,10 +20,7 @@ with lib.metacfg;
nix.enable = true; nix.enable = true;
aesmd_dcap.enable = true; aesmd_dcap.enable = true;
podman.enable = true; podman.enable = true;
user.extraGroups = [ user.extraGroups = [ "docker" "sgx" ];
"docker"
"sgx"
];
}; };
environment.etc."sgx_default_qcnl.conf".text = '' environment.etc."sgx_default_qcnl.conf".text = ''
@ -65,18 +59,8 @@ with lib.metacfg;
systemd.user.extraConfig = "DefaultLimitNOFILE=32768"; systemd.user.extraConfig = "DefaultLimitNOFILE=32768";
security.pam.loginLimits = [ security.pam.loginLimits = [
{ { domain = "*"; item = "nofile"; type = "-"; value = "32768"; }
domain = "*"; { domain = "*"; item = "memlock"; type = "-"; value = "32768"; }
item = "nofile";
type = "-";
value = "32768";
}
{
domain = "*";
item = "memlock";
type = "-";
value = "32768";
}
]; ];
system.stateVersion = "23.11"; system.stateVersion = "23.11";

27
systems/x86_64-linux/sgx-nixos/hardware-configuration.nix
View file

@ -1,34 +1,27 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ { config, lib, pkgs, modulesPath, ... }:
config,
lib,
pkgs,
modulesPath,
...
}:
{ {
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; imports =
[
boot.initrd.availableKernelModules = [ (modulesPath + "/profiles/qemu-guest.nix")
"ahci"
"xhci_pci"
"virtio_pci"
"sr_mod"
"virtio_blk"
]; ];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = { fileSystems."/" =
{
device = "/dev/disk/by-uuid/ebb90474-ddcb-484b-9663-d71863827af4"; device = "/dev/disk/by-uuid/ebb90474-ddcb-484b-9663-d71863827af4";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/boot" = { fileSystems."/boot" =
{
device = "/dev/disk/by-uuid/941C-7B02"; device = "/dev/disk/by-uuid/941C-7B02";
fsType = "vfat"; fsType = "vfat";
}; };

10
systems/x86_64-linux/sgx/backup.nix
View file

@ -1,9 +1,4 @@
{ { pkgs, lib, config, ... }:
pkgs,
lib,
config,
...
}:
let let
backup_new_path = "/mnt/raid/backup/hoyer/new/"; backup_new_path = "/mnt/raid/backup/hoyer/new/";
restic_repo = "/mnt/backup/restic-repo"; restic_repo = "/mnt/backup/restic-repo";
@ -66,7 +61,8 @@ in
".log" ".log"
".Trash" ".Trash"
]; ];
ignoreFile = builtins.toFile "ignore" (lib.foldl (a: b: a + "\n" + b) "" ignorePatterns); ignoreFile = builtins.toFile "ignore"
(lib.foldl (a: b: a + "\n" + b) "" ignorePatterns);
in in
[ "--exclude-file=${ignoreFile}" ]; [ "--exclude-file=${ignoreFile}" ];
pruneOpts = [ pruneOpts = [

7
systems/x86_64-linux/sgx/default.nix
View file

@ -1,9 +1,4 @@
{ { pkgs, lib, config, ... }:
pkgs,
lib,
config,
...
}:
{ {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix

7
systems/x86_64-linux/sgx/fileserver.nix
View file

@ -1,9 +1,4 @@
{ { pkgs, lib, config, ... }:
pkgs,
lib,
config,
...
}:
{ {
services.netatalk = { services.netatalk = {
enable = true; enable = true;

35
systems/x86_64-linux/sgx/hardware-configuration.nix
View file

@ -1,16 +1,12 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ { pkgs, config, lib, modulesPath, ... }:
pkgs,
config,
lib,
modulesPath,
...
}:
{ {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ boot.initrd.availableKernelModules = [
"xhci_pci" "xhci_pci"
@ -47,33 +43,18 @@
"/mnt/raid" = { "/mnt/raid" = {
fsType = "btrfs"; fsType = "btrfs";
device = "/dev/disk/by-uuid/11727be7-bf9b-4888-8b02-d7eb1f898712"; device = "/dev/disk/by-uuid/11727be7-bf9b-4888-8b02-d7eb1f898712";
options = [ options = [ "defaults" "compress=zstd" "subvol=root" "autodefrag" "noatime" "nofail" "x-systemd.device-timeout=60" ];
"defaults"
"compress=zstd"
"subvol=root"
"autodefrag"
"noatime"
"nofail"
"x-systemd.device-timeout=60"
];
}; };
"/mnt/backup" = { "/mnt/backup" = {
fsType = "btrfs"; fsType = "btrfs";
device = "/dev/disk/by-uuid/c29e7eac-26ba-41b1-ac3e-11123476b7c5"; device = "/dev/disk/by-uuid/c29e7eac-26ba-41b1-ac3e-11123476b7c5";
options = [ options = [ "defaults" "compress=zstd" "subvol=root" "autodefrag" "noatime" "nofail" "x-systemd.device-timeout=60" ];
"defaults"
"compress=zstd"
"subvol=root"
"autodefrag"
"noatime"
"nofail"
"x-systemd.device-timeout=60"
];
}; };
}; };
swapDevices = [ { device = "/dev/disk/by-uuid/72d061d7-ab18-47b9-beb1-1c465dda1be9"; } ]; swapDevices =
[{ device = "/dev/disk/by-uuid/72d061d7-ab18-47b9-beb1-1c465dda1be9"; }];
environment.etc."crypttab".text = '' environment.etc."crypttab".text = ''
a16 /dev/disk/by-uuid/6f1c1b24-3c94-44be-8d1b-70db562079c1 /dev/disk/by-id/usb-Ut165_USB2FlashStorage_08050508d213e6-0:0-part1 luks,keyfile-size=256 a16 /dev/disk/by-uuid/6f1c1b24-3c94-44be-8d1b-70db562079c1 /dev/disk/by-id/usb-Ut165_USB2FlashStorage_08050508d213e6-0:0-part1 luks,keyfile-size=256

18
systems/x86_64-linux/sgx/network.nix
View file

@ -1,9 +1,4 @@
{ { pkgs, lib, config, ... }:
pkgs,
lib,
config,
...
}:
{ {
networking.hostName = "sgx"; # Define your hostname. networking.hostName = "sgx"; # Define your hostname.
networking.useDHCP = false; networking.useDHCP = false;
@ -42,14 +37,7 @@
}; };
}; };
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [ 8384 22000 config.services.netatalk.port ];
8384 networking.firewall.allowedUDPPorts = [ 22000 21027 ];
22000
config.services.netatalk.port
];
networking.firewall.allowedUDPPorts = [
22000
21027
];
networking.firewall.allowPing = true; networking.firewall.allowPing = true;
} }

5
systems/x86_64-linux/t15/default.nix
View file

@ -10,10 +10,7 @@
podman.enable = true; podman.enable = true;
secureboot.enable = true; secureboot.enable = true;
homeprinter.enable = true; homeprinter.enable = true;
user.extraGroups = [ user.extraGroups = [ "docker" "dialout" ];
"docker"
"dialout"
];
}; };
system.autoUpgrade = { system.autoUpgrade = {

18
systems/x86_64-linux/t15/hardware-configuration.nix
View file

@ -1,16 +1,12 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ { config, lib, pkgs, modulesPath, ... }:
config,
lib,
pkgs,
modulesPath,
...
}:
{ {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.initrd.availableKernelModules = [ boot.initrd.availableKernelModules = [
@ -52,7 +48,8 @@
}; };
fileSystems = { fileSystems = {
"/" = { "/" =
{
device = "/dev/mapper/crypted"; device = "/dev/mapper/crypted";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=/rootfs" ]; options = [ "subvol=/rootfs" ];
@ -75,7 +72,8 @@
options = [ "subvol=/persist" ]; options = [ "subvol=/persist" ];
neededForBoot = true; neededForBoot = true;
}; };
"/boot" = { "/boot" =
{
device = "/dev/disk/by-partlabel/disk-one-ESP"; device = "/dev/disk/by-partlabel/disk-one-ESP";
fsType = "vfat"; fsType = "vfat";
}; };

25
systems/x86_64-linux/x1/default.nix
View file

@ -12,10 +12,7 @@ with lib.metacfg;
podman.enable = true; podman.enable = true;
secureboot.enable = true; secureboot.enable = true;
homeprinter.enable = true; homeprinter.enable = true;
user.extraGroups = [ user.extraGroups = [ "docker" "dialout" ];
"docker"
"dialout"
];
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
@ -26,7 +23,6 @@ with lib.metacfg;
kubectx kubectx
k9s k9s
attic-client attic-client
ollama
]; ];
services.resolved.enable = true; services.resolved.enable = true;
@ -54,24 +50,9 @@ with lib.metacfg;
systemd.user.extraConfig = "DefaultLimitNOFILE=32768"; systemd.user.extraConfig = "DefaultLimitNOFILE=32768";
security.pam.loginLimits = [ security.pam.loginLimits = [
{ { domain = "*"; item = "nofile"; type = "-"; value = "32768"; }
domain = "*"; { domain = "*"; item = "memlock"; type = "-"; value = "32768"; }
item = "nofile";
type = "-";
value = "32768";
}
{
domain = "*";
item = "memlock";
type = "-";
value = "32768";
}
]; ];
services.ollama = {
enable = true;
acceleration = "rocm";
};
system.stateVersion = "23.11"; system.stateVersion = "23.11";
} }

27
systems/x86_64-linux/x1/hardware-configuration.nix
View file

@ -1,25 +1,14 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ { config, lib, pkgs, modulesPath, ... }:
config,
lib,
pkgs,
modulesPath,
...
}:
{ {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; imports = [
(modulesPath + "/installer/scan/not-detected.nix")
boot.initrd.availableKernelModules = [
"xhci_pci"
"thunderbolt"
"nvme"
"uas"
"usbhid"
"sd_mod"
]; ];
boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "uas" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelPackages = lib.mkOverride 0 pkgs.linuxPackages_latest; boot.kernelPackages = lib.mkOverride 0 pkgs.linuxPackages_latest;
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
@ -35,7 +24,8 @@
services.btrfs.autoScrub.enable = true; services.btrfs.autoScrub.enable = true;
fileSystems."/" = { fileSystems."/" =
{
device = "/dev/disk/by-uuid/1106202c-c3bf-4c15-b7cd-e78749e5c955"; device = "/dev/disk/by-uuid/1106202c-c3bf-4c15-b7cd-e78749e5c955";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=@" ]; options = [ "subvol=@" ];
@ -51,7 +41,8 @@
allowDiscards = true; allowDiscards = true;
}; };
fileSystems."/boot" = { fileSystems."/boot" =
{
device = "/dev/disk/by-uuid/13C4-A825"; device = "/dev/disk/by-uuid/13C4-A825";
fsType = "vfat"; fsType = "vfat";
}; };