harald/nixcfg
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: harald:900f95169fdcf43b62d77e572c24f002b8f7b6ab
Branches Tags
harald:main
harald:b24.05
..
compare: harald:5aaa1fb4176d334bfeb72e1416f43c009d9bfe2f
Branches Tags
harald:main
harald:b24.05

No commits in common. "900f95169fdcf43b62d77e572c24f002b8f7b6ab" and "5aaa1fb4176d334bfeb72e1416f43c009d9bfe2f" have entirely different histories.
900f95169f ... 5aaa1fb417

84 changed files with 710 additions and 1147 deletions
Download patch file Download diff file Expand all files Collapse all files

30
flake.lock generated
View file

@ -935,11 +935,11 @@
]
},
"locked": {
"lastModified": 1726989464,
"narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=",
"lastModified": 1720042825,
"narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176",
"rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073",
"type": "github"
},
"original": {
@ -1519,11 +1519,11 @@
},
"nixpkgs_4": {
"locked": {
"lastModified": 1731797254,
"narHash": "sha256-df3dJApLPhd11AlueuoN0Q4fHo/hagP75LlM5K1sz9g=",
"lastModified": 1722221733,
"narHash": "sha256-sga9SrrPb+pQJxG1ttJfMPheZvDOxApFfwXCFO0H9xw=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "e8c38b73aeb218e27163376a2d617e61a2ad9b59",
"rev": "12bf09802d77264e441f48e25459c10c93eada2e",
"type": "github"
},
"original": {
@ -1535,11 +1535,11 @@
},
"nixpkgs_5": {
"locked": {
"lastModified": 1728740863,
"narHash": "sha256-u+rxA79a0lyhG+u+oPBRtTDtzz8kvkc9a6SWSt9ekVc=",
"lastModified": 1719707984,
"narHash": "sha256-RoxIr/fbndtuKqulGvNCcuzC6KdAib85Q8gXnjzA1dw=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "a3f9ad65a0bf298ed5847629a57808b97e6e8077",
"rev": "7dca15289a1c2990efbe4680f0923ce14139b042",
"type": "github"
},
"original": {
@ -1555,11 +1555,11 @@
"snowfall-lib": "snowfall-lib"
},
"locked": {
"lastModified": 1731604482,
"narHash": "sha256-r75GaDBrZFNHSvhcTR5e0JlgSBALvmwFpgNq58pZ4Pg=",
"lastModified": 1721741092,
"narHash": "sha256-ghFoP5gZpc1i4I4PiVCH00QNZ6s6ipGUcA0P1TsSSC8=",
"owner": "matter-labs",
"repo": "nixsgx",
"rev": "4ec107365fb8403b5dddf35f0ef940bc5657af22",
"rev": "be2c19592d0d5601184c52c07ab6d88dec07ffd6",
"type": "github"
},
"original": {
@ -2649,11 +2649,11 @@
},
"unstable": {
"locked": {
"lastModified": 1731676054,
"narHash": "sha256-OZiZ3m8SCMfh3B6bfGC/Bm4x3qc1m2SVEAlkV6iY7Yg=",
"lastModified": 1722185531,
"narHash": "sha256-veKR07psFoJjINLC8RK4DiLniGGMgF3QMlS4tb74S6k=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "5e4fbfb6b3de1aa2872b76d49fafc942626e2add",
"rev": "52ec9ac3b12395ad677e8b62106f0b98c1f8569d",
"type": "github"
},
"original": {

11
flake.nix
View file

@ -45,8 +45,7 @@
attic.inputs.nixpkgs.follows = "nixpkgs";
};
outputs =
inputs:
outputs = inputs:
let
lib = inputs.snowfall-lib.mkLib {
inherit inputs;
@ -67,7 +66,9 @@
allowUnfree = true;
};
homes.modules = with inputs; [ neovim-flake.homeManagerModules.default ];
homes.modules = with inputs; [
neovim-flake.homeManagerModules.default
];
systems.modules.nixos = with inputs; [
lanzaboote.nixosModules.lanzaboote
@ -78,7 +79,9 @@
attic.nixosModules.atticd
];
overlays = with inputs; [ nixsgx-flake.overlays.default ];
overlays = with inputs; [
nixsgx-flake.overlays.default
];
outputs-builder = channels: {
formatter = channels.nixpkgs.nixfmt-rfc-style;

10
homes/x86_64-darwin/harald@mpro/default.nix
View file

@ -1,8 +1,7 @@
{
lib,
pkgs,
config,
...
{ lib
, pkgs
, config
, ...
}:
{
home = {
@ -30,3 +29,4 @@
};
};
}

82
homes/x86_64-linux/harald@mx/default.nix
View file

@ -1,8 +1,7 @@
{
lib,
pkgs,
config,
...
{ lib
, pkgs
, config
, ...
}:
{
home.sessionPath = [ "$HOME/bin" ];
@ -33,44 +32,43 @@
xdg.enable = true;
xdg.mime.enable = true;
/*
*****************************************
systemd.user.services = {
render_blog = {
Service = {
Type = "oneshot";
Environment = "PATH=/run/current-system/sw/bin";
ExecStart = toString (
pkgs.writeShellScript "render_blog.sh" ''
set -eou pipefail
set -x
DIR=/var/tmp/blog.$$
rm -fr $DIR
mkdir -p $DIR
cd $DIR
echo $HOME
set
git config --list
git clone --recurse-submodules https://git.hoyer.xyz/harald/blog.git
cd blog
./build.sh
cd /var/tmp
rm -fr $DIR
''
);
};
Install.WantedBy = [ "default.target" ];
};
/* *****************************************
systemd.user.services = {
render_blog = {
Service = {
Type = "oneshot";
Environment = "PATH=/run/current-system/sw/bin";
ExecStart = toString (
pkgs.writeShellScript "render_blog.sh" ''
set -eou pipefail
set -x
DIR=/var/tmp/blog.$$
rm -fr $DIR
mkdir -p $DIR
cd $DIR
echo $HOME
set
git config --list
git clone --recurse-submodules https://git.hoyer.xyz/harald/blog.git
cd blog
./build.sh
cd /var/tmp
rm -fr $DIR
''
);
};
Install.WantedBy = [ "default.target" ];
};
};
systemd.user.timers = {
render_blog = {
Timer = {
OnCalendar = "hourly";
};
Install.WantedBy = [ "timers.target" ];
systemd.user.timers = {
render_blog = {
Timer = {
OnCalendar = "hourly";
};
};
*****************************
*/
Install.WantedBy = [ "timers.target" ];
};
};
***************************** */
}

15
homes/x86_64-linux/harald@sgx-azure/default.nix
View file

@ -1,8 +1,7 @@
{
lib,
pkgs,
config,
...
{ lib
, pkgs
, config
, ...
}:
{
home = {
@ -13,10 +12,7 @@
};
nix.settings = {
substituters = [
"https://cache.nixos.org"
"https://attic.teepot.org/tee-pot"
];
substituters = [ "https://cache.nixos.org" "https://attic.teepot.org/tee-pot" ];
trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"tee-pot:SS6HcrpG87S1M6HZGPsfo7d1xJccCGev7/tXc5+I4jg="
@ -40,3 +36,4 @@
};
};
}

6
homes/x86_64-linux/harald@sgx-nixos/default.nix
View file

@ -1,4 +1,7 @@
{ lib, config, ... }:
{ lib
, config
, ...
}:
{
home.sessionPath = [ "$HOME/bin" ];
@ -24,3 +27,4 @@
xdg.enable = true;
xdg.mime.enable = true;
}

6
homes/x86_64-linux/harald@sgx/default.nix
View file

@ -1,4 +1,7 @@
{ lib, config, ... }:
{ lib
, config
, ...
}:
{
home.sessionPath = [ "$HOME/bin" ];
@ -24,3 +27,4 @@
xdg.enable = true;
xdg.mime.enable = true;
}

6
homes/x86_64-linux/harald@t15/default.nix
View file

@ -1,4 +1,7 @@
{ lib, config, ... }:
{ lib
, config
, ...
}:
{
home.sessionPath = [ "$HOME/bin" ];
@ -60,3 +63,4 @@
xdg.enable = true;
xdg.mime.enable = true;
}

6
homes/x86_64-linux/harald@x1/default.nix
View file

@ -1,4 +1,7 @@
{ lib, config, ... }:
{ lib
, config
, ...
}:
{
home.sessionPath = [ "$HOME/bin" ];
@ -60,3 +63,4 @@
xdg.enable = true;
xdg.mime.enable = true;
}

120
lib/audio/default.nix
View file

@ -4,96 +4,62 @@ rec {
## Renames an alsa device from a given `name` using the new `description`.
##
#@ { name: String, description: String } -> { matches: List, apply_properties: Attrs }
mkAlsaRename =
{ name, description }:
{
matches = [
[
[
"device.name"
"matches"
name
]
]
];
# actions = { "update-props" = { "node.description" = description; }; };
apply_properties = {
"device.description" = description;
};
mkAlsaRename = { name, description }: {
matches = [
[
[ "device.name" "matches" name ]
]
];
# actions = { "update-props" = { "node.description" = description; }; };
apply_properties = {
"device.description" = description;
};
};
## Create a pipewire audio node.
##
#@ { name: String, factory: String ? "adapter", ... } -> { factory: String, args: Attrs }
mkAudioNode =
args@{
name,
factory ? "adapter",
...
}:
{
inherit factory;
args =
(builtins.removeAttrs args [
"name"
"description"
])
// {
"node.name" = name;
"node.description" = args.description or args."node.description";
"factory.name" = args."factory.name" or "support.null-audio-sink";
};
mkAudioNode = args@{ name, factory ? "adapter", ... }: {
inherit factory;
args = (builtins.removeAttrs args [ "name" "description" ]) // {
"node.name" = name;
"node.description" = args.description or args."node.description";
"factory.name" = args."factory.name" or "support.null-audio-sink";
};
};
## Create a virtual pipewire audio node.
##
#@ { name: String, ... } -> { factory: "adapter", args: Attrs }
mkVirtualAudioNode =
args@{ name, ... }:
mkAudioNode (
args
// {
name = "virtual-${lib.toLower name}-audio";
description = "${name} (Virtual)";
"media.class" = args.class or args."media.class" or "Audio/Duplex";
"object.linger" = args."object.linger" or true;
"audio.position" =
args."audio.position" or [
"FL"
"FR"
];
"monitor.channel-volumes" = args."monitor.channel-volumes" or true;
}
);
mkVirtualAudioNode = args@{ name, ... }:
mkAudioNode (args // {
name = "virtual-${lib.toLower name}-audio";
description = "${name} (Virtual)";
"media.class" = args.class or args."media.class" or "Audio/Duplex";
"object.linger" = args."object.linger" or true;
"audio.position" = args."audio.position" or [ "FL" "FR" ];
"monitor.channel-volumes" = args."monitor.channel-volumes" or true;
});
## Connect two pipewire audio nodes
##
#@ { name: String?, from: String, to: String, ... } -> { name: "libpipewire-module-loopback", args: Attrs }
mkBridgeAudioModule =
args@{ from, to, ... }:
{
name = "libpipewire-module-loopback";
args =
(builtins.removeAttrs args [
"from"
"to"
"name"
])
// {
"node.name" =
if args ? name then "${args.name}-bridge" else "${lib.toLower from}-to-${lib.toLower to}-bridge";
"audio.position" =
args."audio.position" or [
"FL"
"FR"
];
"capture.props" = {
"node.target" = from;
} // (args."capture.props" or { });
"playback.props" = {
"node.target" = to;
"monitor.channel-volumes" = true;
} // (args."playback.props" or { });
};
mkBridgeAudioModule = args@{ from, to, ... }: {
name = "libpipewire-module-loopback";
args = (builtins.removeAttrs args [ "from" "to" "name" ]) // {
"node.name" =
if args ? name then
"${args.name}-bridge"
else
"${lib.toLower from}-to-${lib.toLower to}-bridge";
"audio.position" = args."audio.position" or [ "FL" "FR" ];
"capture.props" = {
"node.target" = from;
} // (args."capture.props" or { });
"playback.props" = {
"node.target" = to;
"monitor.channel-volumes" = true;
} // (args."playback.props" or { });
};
};
}

9
lib/default.nix
View file

@ -1,8 +1,4 @@
{
lib,
inputs,
snowfall-inputs,
}:
{ lib, inputs, snowfall-inputs }:
rec {
## Override a package's metadata
@ -17,8 +13,7 @@ rec {
## ```
##
#@ Attrs -> Package -> Package
override-meta =
meta: package:
override-meta = meta: package:
package.overrideAttrs (attrs: {
meta = (attrs.meta or { }) // meta;
});

54
lib/deploy/default.nix
View file

@ -16,42 +16,36 @@ rec {
## ```
##
#@ { self: Flake, overrides: Attrs ? {} } -> Attrs
mkDeploy =
{
self,
overrides ? { },
}:
mkDeploy = { self, overrides ? { } }:
let
hosts = self.nixosConfigurations or { };
names = builtins.attrNames hosts;
nodes = lib.foldl (
result: name:
let
host = hosts.${name};
user = host.config.metacfg.user.name or null;
inherit (host.pkgs) system;
in
result
// {
${name} = (overrides.${name} or { }) // {
hostname = overrides.${name}.hostname or "${name}";
profiles = (overrides.${name}.profiles or { }) // {
system =
(overrides.${name}.profiles.system or { })
// {
nodes = lib.foldl
(result: name:
let
host = hosts.${name};
user = host.config.metacfg.user.name or null;
inherit (host.pkgs) system;
in
result // {
${name} = (overrides.${name} or { }) // {
hostname = overrides.${name}.hostname or "${name}";
profiles = (overrides.${name}.profiles or { }) // {
system = (overrides.${name}.profiles.system or { }) // {
path = deploy-rs.lib.${system}.activate.nixos host;
}
// lib.optionalAttrs (user != null) {
} // lib.optionalAttrs (user != null) {
user = "root";
sshUser = user;
}
// lib.optionalAttrs (host.config.metacfg.security.doas.enable or false) { sudo = "doas -u"; };
} // lib.optionalAttrs
(host.config.metacfg.security.doas.enable or false)
{
sudo = "doas -u";
};
};
};
};
}
) { } names;
})
{ }
names;
in
{
inherit nodes;
};
{ inherit nodes; };
}

6
lib/module/default.nix
View file

@ -1,7 +1,6 @@
{ lib, ... }:
with lib;
rec {
with lib; rec {
## Create a NixOS module option.
##
## ```nix
@ -9,8 +8,7 @@ rec {
## ```
##
#@ Type -> Any -> String
mkOpt =
type: default: description:
mkOpt = type: default: description:
mkOption { inherit type default description; };
## Create a NixOS module option without a description.

40
lib/network/default.nix
View file

@ -1,8 +1,4 @@
{
lib,
inputs,
snowfall-inputs,
}:
{ lib, inputs, snowfall-inputs }:
let
inherit (inputs.nixpkgs.lib) assertMsg last;
@ -13,17 +9,14 @@ in
# Type: String -> Attrs
# Usage: get-address-parts "bismuth:3000"
# result: { host = "bismuth"; port = "3000"; }
get-address-parts =
address:
get-address-parts = address:
let
address-parts = builtins.split ":" address;
ip = builtins.head address-parts;
host = if ip == "" then "127.0.0.1" else ip;
port = if builtins.length address-parts != 3 then "" else last address-parts;
in
{
inherit host port;
};
{ inherit host port; };
## Create proxy configuration for NGINX virtual hosts.
##
@ -40,23 +33,22 @@ in
##
#@ { port: Int ? null, host: String ? "127.0.0.1", proxy-web-sockets: Bool ? false, extra-config: Attrs ? { } } -> Attrs
create-proxy =
{
port ? null,
host ? "127.0.0.1",
proxy-web-sockets ? false,
extra-config ? { },
{ port ? null
, host ? "127.0.0.1"
, proxy-web-sockets ? false
, extra-config ? { }
}:
assert assertMsg (port != "" && port != null) "port cannot be empty";
assert assertMsg (host != "") "host cannot be empty";
extra-config
// {
locations = (extra-config.locations or { }) // {
"/" = (extra-config.locations."/" or { }) // {
proxyPass = "http://${host}${if port != null then ":${builtins.toString port}" else ""}";
assert assertMsg (port != "" && port != null) "port cannot be empty";
assert assertMsg (host != "") "host cannot be empty";
extra-config // {
locations = (extra-config.locations or { }) // {
"/" = (extra-config.locations."/" or { }) // {
proxyPass =
"http://${host}${if port != null then ":${builtins.toString port}" else ""}";
proxyWebsockets = proxy-web-sockets;
proxyWebsockets = proxy-web-sockets;
};
};
};
};
};
}

17
modules/darwin/home/default.nix
View file

@ -1,11 +1,4 @@
{
options,
config,
pkgs,
lib,
inputs,
...
}:
{ options, config, pkgs, lib, inputs, ... }:
with lib;
with lib.metacfg;
@ -18,10 +11,10 @@ in
# ];
options.metacfg.home = with types; {
file = mkOpt attrs { } "A set of files to be managed by home-manager's <option>home.file</option>.";
configFile =
mkOpt attrs { }
"A set of files to be managed by home-manager's <option>xdg.configFile</option>.";
file = mkOpt attrs { }
"A set of files to be managed by home-manager's <option>home.file</option>.";
configFile = mkOpt attrs { }
"A set of files to be managed by home-manager's <option>xdg.configFile</option>.";
extraOptions = mkOpt attrs { } "Options to pass directly to home-manager.";
homeConfig = mkOpt attrs { } "Final config for home-manager.";
};

23
modules/darwin/nix/default.nix
View file

@ -1,13 +1,11 @@
{
options,
config,
pkgs,
lib,
...
{ options
, config
, pkgs
, lib
, ...
}:
with lib;
with lib.metacfg;
let
with lib.metacfg; let
cfg = config.metacfg.nix;
in
{
@ -26,10 +24,7 @@ in
nix =
let
users = [
"root"
config.metacfg.user.name
];
users = [ "root" config.metacfg.user.name ];
in
{
package = cfg.package;
@ -65,9 +60,7 @@ in
gc = {
automatic = true;
interval = {
Day = 7;
};
interval = { Day = 7; };
options = "--delete-older-than 30d";
user = config.metacfg.user.name;
};

12
modules/darwin/security/gpg/default.nix
View file

@ -1,10 +1,4 @@
{
lib,
config,
pkgs,
inputs,
...
}:
{ lib, config, pkgs, inputs, ... }:
let
inherit (lib) types mkEnableOption mkIf;
@ -27,7 +21,9 @@ in
};
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [ gnupg ];
environment.systemPackages = with pkgs; [
gnupg
];
environment.shellInit = ''
export GPG_TTY="$(tty)"

16
modules/darwin/services/base/default.nix
View file

@ -1,9 +1,8 @@
{
options,
config,
lib,
pkgs,
...
{ options
, config
, lib
, pkgs
, ...
}:
with lib;
with lib.metacfg;
@ -38,10 +37,7 @@ in
wget
starship
];
shells = [
pkgs.fish
pkgs.bash
];
shells = [ pkgs.fish pkgs.bash ];
};
programs = {

4
modules/darwin/services/nix-daemon/default.nix
View file

@ -11,5 +11,7 @@ in
enable = mkOpt types.bool true "Whether to enable the Nix daemon.";
};
config = mkIf cfg.enable { services.nix-daemon = enabled; };
config = mkIf cfg.enable {
services.nix-daemon = enabled;
};
}

8
modules/darwin/suites/common/default.nix
View file

@ -1,10 +1,4 @@
{
options,
config,
lib,
pkgs,
...
}:
{ options, config, lib, pkgs, ... }:
with lib;
with lib.metacfg;

17
modules/darwin/system/fonts/default.nix
View file

@ -1,15 +1,8 @@
{
options,
config,
pkgs,
lib,
...
}:
{ options, config, pkgs, lib, ... }:
with lib;
with lib.metacfg;
let
cfg = config.metacfg.system.fonts;
let cfg = config.metacfg.system.fonts;
in
{
options.metacfg.system.fonts = with types; {
@ -24,16 +17,14 @@ in
};
fonts = {
packages =
with pkgs;
packages = with pkgs;
[
noto-fonts
noto-fonts-cjk-sans
noto-fonts-cjk-serif
noto-fonts-emoji
(nerdfonts.override { fonts = [ "Hack" ]; })
]
++ cfg.fonts;
] ++ cfg.fonts;
};
};
}

48
modules/darwin/system/interface/default.nix
View file

@ -1,15 +1,8 @@
{
options,
config,
pkgs,
lib,
...
}:
{ options, config, pkgs, lib, ... }:
with lib;
with lib.metacfg;
let
cfg = config.metacfg.system.interface;
let cfg = config.metacfg.system.interface;
in
{
options.metacfg.system.interface = with types; {
@ -17,26 +10,25 @@ in
};
config = mkIf cfg.enable {
system.activationScripts.applications.text =
let
env = pkgs.buildEnv {
name = "system-applications";
paths = config.environment.systemPackages;
pathsToLink = "/Applications";
};
in
system.activationScripts.applications.text = let
env = pkgs.buildEnv {
name = "system-applications";
paths = config.environment.systemPackages;
pathsToLink = "/Applications";
};
in
lib.mkForce ''
# Set up applications.
echo "setting up /Applications..." >&2
rm -rf /Applications/Nix\ Apps
mkdir -p /Applications/Nix\ Apps
find ${env}/Applications -maxdepth 1 -type l -exec readlink '{}' + |
while read -r src; do
app_name=$(basename "$src")
echo "copying $src" >&2
${pkgs.mkalias}/bin/mkalias "$src" "/Applications/Nix Apps/$app_name"
done
'';
# Set up applications.
echo "setting up /Applications..." >&2
rm -rf /Applications/Nix\ Apps
mkdir -p /Applications/Nix\ Apps
find ${env}/Applications -maxdepth 1 -type l -exec readlink '{}' + |
while read -r src; do
app_name=$(basename "$src")
echo "copying $src" >&2
${pkgs.mkalias}/bin/mkalias "$src" "/Applications/Nix Apps/$app_name"
done
'';
system.defaults = {
dock.autohide = true;

9
modules/darwin/user/default.nix
View file

@ -1,8 +1,7 @@
{
lib,
config,
pkgs,
...
{ lib
, config
, pkgs
, ...
}:
let
inherit (lib) types mkIf mkDefault;

13
modules/home/cli-apps/bash/default.nix
View file

@ -1,8 +1,7 @@
{
lib,
config,
pkgs,
...
{ lib
, config
, pkgs
, ...
}:
let
inherit (lib) mkEnableOption mkIf;
@ -15,7 +14,9 @@ in
};
config = mkIf cfg.enable {
home.packages = with pkgs; [ bashInteractive ];
home.packages = with pkgs; [
bashInteractive
];
programs.bash = {
enable = true;
initExtra = ''

19
modules/home/cli-apps/bat/default.nix
View file

@ -1,12 +1,10 @@
{
lib,
config,
pkgs,
...
{ lib
, config
, pkgs
, ...
}:
with lib;
with lib.metacfg;
let
with lib.metacfg; let
cfg = config.metacfg.cli-apps.bat;
in
{
@ -18,12 +16,7 @@ in
programs.bat = {
enable = true;
config.theme = "ansi";
extraPackages = with pkgs.bat-extras; [
batdiff
batman
batgrep
batwatch
];
extraPackages = with pkgs.bat-extras; [ batdiff batman batgrep batwatch ];
};
};
}

29
modules/home/cli-apps/fish/default.nix
View file

@ -1,8 +1,7 @@
{
lib,
config,
pkgs,
...
{ lib
, config
, pkgs
, ...
}:
let
inherit (lib) mkEnableOption mkIf;
@ -34,17 +33,15 @@ in
end
'';
plugins = [
{
name = "foreign-env";
src = pkgs.fetchFromGitHub {
owner = "oh-my-fish";
repo = "plugin-foreign-env";
rev = "dddd9213272a0ab848d474d0cbde12ad034e65bc";
sha256 = "00xqlyl3lffc5l0viin1nyp819wf81fncqyz87jx8ljjdhilmgbs";
};
}
];
plugins = [{
name = "foreign-env";
src = pkgs.fetchFromGitHub {
owner = "oh-my-fish";
repo = "plugin-foreign-env";
rev = "dddd9213272a0ab848d474d0cbde12ad034e65bc";
sha256 = "00xqlyl3lffc5l0viin1nyp819wf81fncqyz87jx8ljjdhilmgbs";
};
}];
# shellInit =
# ''

11
modules/home/cli-apps/home-manager/default.nix
View file

@ -1,9 +1,4 @@
{
lib,
config,
pkgs,
...
}:
{ lib, config, pkgs, ... }:
let
inherit (lib) mkEnableOption mkIf;
@ -29,6 +24,8 @@ in
man = "${pkgs.bat-extras.batman}/bin/batman";
};
home.packages = with pkgs; [ vim ];
home.packages = with pkgs; [
vim
];
};
}

17
modules/home/cli-apps/neovim/default.nix
View file

@ -1,9 +1,4 @@
{
lib,
config,
pkgs,
...
}:
{ lib, config, pkgs, ... }:
let
inherit (lib) mkEnableOption mkIf;
@ -204,10 +199,7 @@ in
nix = 110;
ruby = 120;
java = 130;
go = [
90
130
];
go = [ 90 130 ];
};
};
};
@ -231,10 +223,7 @@ in
comment-nvim.enable = true;
};
vim.spellChecking.languages = [
"en"
"de"
];
vim.spellChecking.languages = [ "en" "de" ];
};
};
};

23
modules/home/cli-apps/starship/default.nix
View file

@ -1,8 +1,7 @@
{
lib,
config,
pkgs,
...
{ lib
, config
, pkgs
, ...
}:
let
inherit (lib) mkEnableOption mkIf;
@ -16,22 +15,16 @@ in
config = mkIf cfg.enable {
home.packages = with pkgs; [
(pkgs.nerdfonts.override {
fonts = [
"FiraCode"
"DroidSansMono"
"JetBrainsMono"
];
})
(pkgs.nerdfonts.override { fonts = [ "FiraCode" "DroidSansMono" "JetBrainsMono" ]; })
];
programs.starship = {
enable = true;
settings = {
container.format = "[\\[$name\\]]($style) ";
git_status = {
ahead = "\${count}";
diverged = "\${ahead_count}\${behind_count}";
behind = "\${count}";
ahead = "$\{count}";
diverged = "$\{ahead_count}$\{behind_count}";
behind = "$\{count}";
};
};
};

18
modules/home/cli-apps/tmux/default.nix
View file

@ -1,12 +1,10 @@
{
lib,
config,
pkgs,
...
{ lib
, config
, pkgs
, ...
}:
with lib;
with lib.metacfg;
let
with lib.metacfg; let
cfg = config.metacfg.cli-apps.tmux;
in
{
@ -14,5 +12,9 @@ in
enable = mkEnableOption "Tmux";
};
config = mkIf cfg.enable { home.packages = with pkgs; [ tmux ]; };
config = mkIf cfg.enable {
home.packages = with pkgs; [
tmux
];
};
}

9
modules/home/host/default.nix
View file

@ -1,11 +1,4 @@
{
lib,
config,
pkgs,
host ? null,
format ? "unknown",
...
}:
{ lib, config, pkgs, host ? null, format ? "unknown", ... }:
let
inherit (lib) types;

17
modules/home/tools/alacritty/default.nix
View file

@ -1,8 +1,7 @@
{
lib,
config,
pkgs,
...
{ lib
, config
, pkgs
, ...
}:
let
inherit (lib) mkEnableOption mkIf;
@ -17,13 +16,7 @@ in
config = mkIf cfg.enable {
home.packages = with pkgs; [
alacritty
(pkgs.nerdfonts.override {
fonts = [
"FiraCode"
"DroidSansMono"
"JetBrainsMono"
];
})
(pkgs.nerdfonts.override { fonts = [ "FiraCode" "DroidSansMono" "JetBrainsMono" ]; })
];
};
}

11
modules/home/tools/direnv/default.nix
View file

@ -1,15 +1,8 @@
{
options,
config,
lib,
pkgs,
...
}:
{ options, config, lib, pkgs, ... }:
with lib;
with lib.metacfg;
let
cfg = config.metacfg.tools.direnv;
let cfg = config.metacfg.tools.direnv;
in
{
options.metacfg.tools.direnv = with types; {

26
modules/home/tools/git/default.nix
View file

@ -1,9 +1,4 @@
{
lib,
config,
pkgs,
...
}:
{ lib, config, pkgs, ... }:
let
inherit (lib) types mkEnableOption mkIf;
@ -18,8 +13,7 @@ in
userName = mkOpt types.str user.fullName "The name to configure git with.";
userEmail = mkOpt types.str user.email "The email to configure git with.";
signingKey =
mkOpt types.str "7F3D64824AC0B6B8009E50504BC0896FB5693595"
"The key ID to sign commits with.";
mkOpt types.str "7F3D64824AC0B6B8009E50504BC0896FB5693595" "The key ID to sign commits with.";
signByDefault = mkOpt types.bool false "Whether to sign commits by default.";
};
@ -38,18 +32,10 @@ in
inherit (cfg) signByDefault;
};
extraConfig = {
init = {
defaultBranch = "main";
};
pull = {
rebase = true;
};
push = {
autoSetupRemote = true;
};
core = {
whitespace = "trailing-space,space-before-tab";
};
init = { defaultBranch = "main"; };
pull = { rebase = true; };
push = { autoSetupRemote = true; };
core = { whitespace = "trailing-space,space-before-tab"; };
safe = {
directory = "${user.home}/git";
};

23
modules/home/tools/jetbrains/default.nix
View file

@ -1,15 +1,8 @@
{
options,
config,
lib,
pkgs,
...
}:
{ options, config, lib, pkgs, ... }:
with lib;
with lib.metacfg;
let
cfg = config.metacfg.tools.jetbrains;
let cfg = config.metacfg.tools.jetbrains;
in
{
options.metacfg.tools.jetbrains = with types; {
@ -17,16 +10,12 @@ in
};
config = mkIf cfg.enable {
home.sessionPath = [ "$HOME/.local/share/JetBrains/Toolbox/scripts" ];
home.sessionPath = [
"$HOME/.local/share/JetBrains/Toolbox/scripts"
];
home.packages = with pkgs; [
jetbrains-toolbox
(pkgs.nerdfonts.override {
fonts = [
"FiraCode"
"DroidSansMono"
"JetBrainsMono"
];
})
(pkgs.nerdfonts.override { fonts = [ "FiraCode" "DroidSansMono" "JetBrainsMono" ]; })
];
};
}

11
modules/home/tools/ssh/default.nix
View file

@ -1,9 +1,4 @@
{
lib,
config,
pkgs,
...
}:
{ lib, config, pkgs, ... }:
let
inherit (lib) types mkEnableOption mkIf;
@ -15,7 +10,9 @@ in
};
config = mkIf cfg.enable {
home.packages = with pkgs; [ mosh ];
home.packages = with pkgs; [
mosh
];
programs.ssh = {
enable = true;
extraConfig = ''

15
modules/home/user/default.nix
View file

@ -1,18 +1,7 @@
{
lib,
config,
pkgs,
osConfig ? { },
...
}:
{ lib, config, pkgs, osConfig ? { }, ... }:
let
inherit (lib)
types
mkIf
mkDefault
mkMerge
;
inherit (lib) types mkIf mkDefault mkMerge;
inherit (lib.metacfg) mkOpt;
cfg = config.metacfg.user;

23
modules/nixos/home/default.nix
View file

@ -1,23 +1,15 @@
{
options,
config,
pkgs,
lib,
inputs,
...
}:
{ options, config, pkgs, lib, inputs, ... }:
with lib;
with lib.metacfg;
let
cfg = config.metacfg.home;
let cfg = config.metacfg.home;
in
{
options.metacfg.home = with types; {
file = mkOpt attrs { } (mdDoc "A set of files to be managed by home-manager's `home.file`.");
configFile = mkOpt attrs { } (
mdDoc "A set of files to be managed by home-manager's `xdg.configFile`."
);
file = mkOpt attrs { }
(mdDoc "A set of files to be managed by home-manager's `home.file`.");
configFile = mkOpt attrs { }
(mdDoc "A set of files to be managed by home-manager's `xdg.configFile`.");
extraOptions = mkOpt attrs { } "Options to pass directly to home-manager.";
};
@ -33,7 +25,8 @@ in
useUserPackages = true;
useGlobalPkgs = true;
users.${config.metacfg.user.name} = mkAliasDefinitions options.metacfg.home.extraOptions;
users.${config.metacfg.user.name} =
mkAliasDefinitions options.metacfg.home.extraOptions;
};
};
}

11
modules/nixos/nix-ld/default.nix
View file

@ -1,15 +1,8 @@
{
options,
config,
lib,
pkgs,
...
}:
{ options, config, lib, pkgs, ... }:
with lib;
with lib.metacfg;
let
cfg = config.metacfg.nix-ld;
let cfg = config.metacfg.nix-ld;
in
{
options.metacfg.nix-ld = with types; {

88
modules/nixos/nix/default.nix
View file

@ -1,25 +1,15 @@
{
options,
config,
pkgs,
lib,
inputs,
...
}:
{ options, config, pkgs, lib, inputs, ... }:
with lib;
with lib.metacfg;
let
cfg = config.metacfg.nix;
substituters-submodule = types.submodule (
{ name, ... }:
{
options = with types; {
key = mkOpt (nullOr str) null "The trusted public key for this substituter.";
};
}
);
substituters-submodule = types.submodule ({ name, ... }: {
options = with types; {
key = mkOpt (nullOr str) null "The trusted public key for this substituter.";
};
});
in
{
options.metacfg.nix = with types; {
@ -28,23 +18,25 @@ in
default-substituter = {
url = mkOpt str "https://cache.nixos.org" "The url for the substituter.";
key =
mkOpt str "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"The trusted public key for the substituter.";
key = mkOpt str "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" "The trusted public key for the substituter.";
};
extra-substituters = mkOpt (attrsOf substituters-submodule) { } "Extra substituters to configure.";
};
config = mkIf cfg.enable {
assertions = mapAttrsToList (name: value: {
assertion = value.key != null;
message = "metacfg.nix.extra-substituters.${name}.key must be set";
}) cfg.extra-substituters;
assertions = mapAttrsToList
(name: value: {
assertion = value.key != null;
message = "metacfg.nix.extra-substituters.${name}.key must be set";
})
cfg.extra-substituters;
environment.systemPackages = with pkgs; [
metacfg.nixos-revision
(metacfg.nixos-hosts.override { hosts = inputs.self.nixosConfigurations; })
(metacfg.nixos-hosts.override {
hosts = inputs.self.nixosConfigurations;
})
deploy-rs
nixfmt
nix-index
@ -56,10 +48,8 @@ in
nix =
let
users = [
"root"
config.metacfg.user.name
] ++ optional config.services.hydra.enable "hydra";
users = [ "root" config.metacfg.user.name ] ++
optional config.services.hydra.enable "hydra";
extra-substituters = cfg.extra-substituters // {
"https://attic.teepot.org/tee-pot".key = "tee-pot:SS6HcrpG87S1M6HZGPsfo7d1xJccCGev7/tXc5+I4jg=";
};
@ -67,29 +57,29 @@ in
{
package = cfg.package;
settings =
{
experimental-features = "nix-command flakes";
http-connections = 50;
warn-dirty = false;
log-lines = 50;
sandbox = true;
auto-optimise-store = true;
trusted-users = users;
allowed-users = users;
settings = {
experimental-features = "nix-command flakes";
http-connections = 50;
warn-dirty = false;
log-lines = 50;
sandbox = true;
auto-optimise-store = true;
trusted-users = users;
allowed-users = users;
substituters = [
cfg.default-substituter.url
] ++ (mapAttrsToList (name: value: name) extra-substituters);
trusted-public-keys = [
cfg.default-substituter.key
] ++ (mapAttrsToList (name: value: value.key) extra-substituters);
substituters =
[ cfg.default-substituter.url ]
++
(mapAttrsToList (name: value: name) extra-substituters);
trusted-public-keys =
[ cfg.default-substituter.key ]
++
(mapAttrsToList (name: value: value.key) extra-substituters);
}
// (lib.optionalAttrs config.metacfg.tools.direnv.enable {
keep-outputs = true;
keep-derivations = true;
});
} // (lib.optionalAttrs config.metacfg.tools.direnv.enable {
keep-outputs = true;
keep-derivations = true;
});
gc = {
automatic = true;

20
modules/nixos/services/base/default.nix
View file

@ -1,9 +1,8 @@
{
options,
config,
lib,
pkgs,
...
{ options
, config
, lib
, pkgs
, ...
}:
with lib;
with lib.metacfg;
@ -40,9 +39,7 @@ in
};
environment = {
sessionVariables = {
PATH = "$HOME/bin";
};
sessionVariables = { PATH = "$HOME/bin"; };
systemPackages = with pkgs; [
age
bash
@ -76,10 +73,7 @@ in
"$@"
'')
];
shells = [
pkgs.fish
pkgs.bash
];
shells = [ pkgs.fish pkgs.bash ];
};
hardware = {

25
modules/nixos/services/gui/default.nix
View file

@ -1,15 +1,8 @@
{
options,
config,
lib,
pkgs,
...
}:
{ options, config, lib, pkgs, ... }:
with lib;
with lib.metacfg;
let
cfg = config.metacfg.gui;
let cfg = config.metacfg.gui;
in
{
options.metacfg.gui = with types; {
@ -67,18 +60,12 @@ in
hardware.pulseaudio.enable = false;
hardware.opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
extraPackages = with pkgs; [
onevpl-intel-gpu
intel-compute-runtime
intel-media-driver # LIBVA_DRIVER_NAME=iHD
#intel-vaapi-driver # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
libvdpau-va-gl
rocmPackages.clr.icd
amdvlk
];
};
environment.sessionVariables = {
@ -157,13 +144,7 @@ in
noto-fonts-emoji
liberation_ttf
freefont_ttf
(nerdfonts.override {
fonts = [
"FiraCode"
"DroidSansMono"
"JetBrainsMono"
];
})
(nerdfonts.override { fonts = [ "FiraCode" "DroidSansMono" "JetBrainsMono" ]; })
];
fontconfig = {

11
modules/nixos/services/homeprinter/default.nix
View file

@ -1,15 +1,8 @@
{
options,
config,
lib,
pkgs,
...
}:
{ options, config, lib, pkgs, ... }:
with lib;
with lib.metacfg;
let
cfg = config.metacfg.homeprinter;
let cfg = config.metacfg.homeprinter;
in
{
options.metacfg.homeprinter = with types; {

15
modules/nixos/services/podman/default.nix
View file

@ -1,15 +1,8 @@
{
options,
config,
lib,
pkgs,
...
}:
{ options, config, lib, pkgs, ... }:
with lib;
with lib.metacfg;
let
cfg = config.metacfg.podman;
let cfg = config.metacfg.podman;
in
{
options.metacfg.podman = with types; {
@ -25,9 +18,7 @@ in
dockerCompat = lib.mkDefault true;
# For Nixos version > 22.11
defaultNetwork.settings = {
dns_enabled = true;
};
defaultNetwork.settings = { dns_enabled = true; };
};
};
};

11
modules/nixos/services/secureboot/default.nix
View file

@ -1,15 +1,8 @@
{
options,
config,
lib,
pkgs,
...
}:
{ options, config, lib, pkgs, ... }:
with lib;
with lib.metacfg;
let
cfg = config.metacfg.secureboot;
let cfg = config.metacfg.secureboot;
in
{
options.metacfg.secureboot = with types; {

23
modules/nixos/sgx/aesmd_dcap/default.nix
View file

@ -1,10 +1,4 @@
{
options,
config,
lib,
pkgs,
...
}:
{ options, config, lib, pkgs, ... }:
with lib;
with lib.metacfg;
@ -27,15 +21,14 @@ in
quoteProviderLibrary = pkgs.nixsgx.sgx-dcap.default_qpl;
};
systemd.services.aesmd = {
environment.LD_LIBRARY_PATH = lib.mkForce (
lib.makeLibraryPath [
pkgs.nixsgx.sgx-dcap.default_qpl
pkgs.curl.out
]
);
environment.LD_LIBRARY_PATH = lib.mkForce (lib.makeLibraryPath [ pkgs.nixsgx.sgx-dcap.default_qpl pkgs.curl.out ]);
serviceConfig = {
BindReadOnlyPaths = [ "/etc/sgx_default_qcnl.conf" ];
BindPaths = [ "/dev/log" ];
BindReadOnlyPaths = [
"/etc/sgx_default_qcnl.conf"
];
BindPaths = [
"/dev/log"
];
};
};
};

32
modules/nixos/sgx/pccs/default.nix
View file

@ -1,10 +1,4 @@
{
options,
config,
lib,
pkgs,
...
}:
{ options, config, lib, pkgs, ... }:
with lib;
with lib.metacfg;
@ -55,19 +49,21 @@ in
};
};
systemd.services.pccs-secret = {
description = "Inject pccs secret";
wantedBy = [ "multi-user.target" ];
before = [ "podman-pccs.service" ];
systemd.services.pccs-secret =
{
description = "Inject pccs secret";
wantedBy = [ "multi-user.target" ];
before = [ "podman-pccs.service" ];
serviceConfig = {
EnvironmentFile = cfg.secret;
ExecStart = ''
-${pkgs.podman}/bin/podman secret create --env PCCS_CONFIG PCCS_CONFIG
'';
RemainAfterExit = true;
serviceConfig = {
EnvironmentFile = cfg.secret;
ExecStart = ''
-${pkgs.podman}/bin/podman secret create --env PCCS_CONFIG PCCS_CONFIG
'';
RemainAfterExit = true;
};
};
};
};
}

11
modules/nixos/tools/direnv/default.nix
View file

@ -1,15 +1,8 @@
{
options,
config,
lib,
pkgs,
...
}:
{ options, config, lib, pkgs, ... }:
with lib;
with lib.metacfg;
let
cfg = config.metacfg.tools.direnv;
let cfg = config.metacfg.tools.direnv;
in
{
options.metacfg.tools.direnv = with types; {

27
modules/nixos/tools/git/default.nix
View file

@ -1,10 +1,4 @@
{
options,
config,
pkgs,
lib,
...
}:
{ options, config, pkgs, lib, ... }:
with lib;
with lib.metacfg;
@ -18,7 +12,8 @@ in
enable = mkBoolOpt false "Whether or not to install and configure git.";
userName = mkOpt types.str user.fullName "The name to configure git with.";
userEmail = mkOpt types.str user.email "The email to configure git with.";
signingKey = mkOpt types.str "9762169A1B35EA68" "The key ID to sign commits with.";
signingKey =
mkOpt types.str "9762169A1B35EA68" "The key ID to sign commits with.";
};
config = mkIf cfg.enable {
@ -34,18 +29,10 @@ in
signByDefault = mkIf gpg.enable true;
};
extraConfig = {
init = {
defaultBranch = "main";
};
pull = {
rebase = true;
};
push = {
autoSetupRemote = true;
};
core = {
whitespace = "trailing-space,space-before-tab";
};
init = { defaultBranch = "main"; };
pull = { rebase = true; };
push = { autoSetupRemote = true; };
core = { whitespace = "trailing-space,space-before-tab"; };
safe = {
directory = "${user.home}/git";
};

72
modules/nixos/user/default.nix
View file

@ -1,13 +1,11 @@
{
options,
config,
pkgs,
lib,
...
{ options
, config
, pkgs
, lib
, ...
}:
with lib;
with lib.metacfg;
let
with lib.metacfg; let
cfg = config.metacfg.user;
defaultIconFileName = "profile.jpg";
defaultIcon = pkgs.stdenvNoCC.mkDerivation {
@ -20,17 +18,11 @@ let
cp $src $out
'';
passthru = {
fileName = defaultIconFileName;
};
passthru = { fileName = defaultIconFileName; };
};
propagatedIcon =
pkgs.runCommandNoCC "propagated-icon"
{
passthru = {
fileName = cfg.icon.fileName;
};
}
{ passthru = { fileName = cfg.icon.fileName; }; }
''
local target="$out/share/metacfg-icons/user/${cfg.name}"
mkdir -p "$target"
@ -46,7 +38,9 @@ in
initialPassword =
mkOpt str "password"
"The initial password to use when the user is first created.";
icon = mkOpt (nullOr package) defaultIcon "The profile picture to use for the user.";
icon =
mkOpt (nullOr package) defaultIcon
"The profile picture to use for the user.";
prompt-init = mkBoolOpt true "Whether or not to show an initial message when opening a new shell.";
extraGroups = mkOpt (listOf str) [ ] "Groups for the user to be assigned.";
sshKeys = mkOpt (listOf str) [
@ -55,11 +49,14 @@ in
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAYbUTKpy4QR3s944/hjJ1UK05asFEs/SmWeUbtS0cdA660sT4xHnRfals73FicOoz+uIucJCwn/SCM804j+wtM="
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNsmP15vH8BVKo7bdvIiiEjiQboPGcRPqJK0+bH4jKD harald@lenovo.fritz.box"
] "ssh keys";
extraOptions = mkOpt attrs { } (mdDoc "Extra options passed to `users.users.<name>`.");
extraOptions =
mkOpt attrs { }
(mdDoc "Extra options passed to `users.users.<name>`.");
};
config = {
environment.systemPackages = with pkgs; [ ];
environment.systemPackages = with pkgs; [
];
metacfg.home = {
file = {
@ -71,7 +68,10 @@ in
"Videos/.keep".text = "";
"work/.keep".text = "";
".face".source = cfg.icon;
"Pictures/${cfg.icon.fileName or (builtins.baseNameOf cfg.icon)}".source = cfg.icon;
"Pictures/${
cfg.icon.fileName or (builtins.baseNameOf cfg.icon)
}".source =
cfg.icon;
};
extraOptions.programs.bash.initExtra = ''
@ -85,25 +85,27 @@ in
'';
};
users.users.${cfg.name} = {
isNormalUser = true;
users.users.${cfg.name} =
{
isNormalUser = true;
# inherit (cfg) name initialPassword;
# inherit (cfg) name initialPassword;
openssh.authorizedKeys.keys = cfg.sshKeys;
home = "/home/${cfg.name}";
group = "users";
openssh.authorizedKeys.keys = cfg.sshKeys;
home = "/home/${cfg.name}";
group = "users";
shell = pkgs.bash;
shell = pkgs.bash;
# Arbitrary user ID to use for the user. Since I only
# have a single user on my machines this won't ever collide.
# However, if you add multiple users you'll need to change this
# so each user has their own unique uid (or leave it out for the
# system to select).
uid = 1000;
# Arbitrary user ID to use for the user. Since I only
# have a single user on my machines this won't ever collide.
# However, if you add multiple users you'll need to change this
# so each user has their own unique uid (or leave it out for the
# system to select).
uid = 1000;
extraGroups = [ "wheel" ] ++ cfg.extraGroups;
} // cfg.extraOptions;
extraGroups = [ "wheel" ] ++ cfg.extraGroups;
}
// cfg.extraOptions;
};
}

6
overlays/jetbrains-toolbox/default.nix
View file

@ -1 +1,5 @@
{ channels, ... }: final: prev: { inherit (channels.unstable) jetbrains-toolbox ollama; }
{ channels, ... }:
final: prev:
{
inherit (channels.unstable) jetbrains-toolbox;
}

6
overlays/nixsgx/default.nix
View file

@ -1 +1,5 @@
{ channels, ... }: final: prev: { inherit (channels.nixpkgs.nixsgx) sgx-psw; }
{ channels, ... }:
final: prev:
{
inherit (channels.nixpkgs.nixsgx) sgx-psw;
}

60
packages/dcpl2530dw-cups/default.nix
View file

@ -1,18 +1,17 @@
{
lib,
stdenv,
fetchurl,
makeWrapper,
cups,
dpkg,
a2ps,
ghostscript,
gnugrep,
gnused,
coreutils,
file,
perl,
which,
{ lib
, stdenv
, fetchurl
, makeWrapper
, cups
, dpkg
, a2ps
, ghostscript
, gnugrep
, gnused
, coreutils
, file
, perl
, which
}:
stdenv.mkDerivation rec {
@ -28,12 +27,7 @@ stdenv.mkDerivation rec {
};
nativeBuildInputs = [ makeWrapper ];
buildInputs = [
cups
ghostscript
dpkg
a2ps
];
buildInputs = [ cups ghostscript dpkg a2ps ];
dontUnpack = true;
@ -61,14 +55,9 @@ stdenv.mkDerivation rec {
; do
#substituteInPlace $f \
wrapProgram $f \
--prefix PATH : ${
lib.makeBinPath [
coreutils
ghostscript
gnugrep
gnused
]
}
--prefix PATH : ${lib.makeBinPath [
coreutils ghostscript gnugrep gnused
]}
done
mkdir -p $out/lib/cups/filter/
@ -78,17 +67,7 @@ stdenv.mkDerivation rec {
ln -s $out/opt/brother/Printers/DCPL2530DW/cupswrapper/brother-DCPL2530DW-cups-en.ppd $out/share/cups/model/
wrapProgram $out/opt/brother/Printers/DCPL2530DW/lpd/lpdfilter \
--prefix PATH ":" ${
lib.makeBinPath [
ghostscript
a2ps
file
gnused
gnugrep
coreutils
which
]
}
--prefix PATH ":" ${ lib.makeBinPath [ ghostscript a2ps file gnused gnugrep coreutils which ] }
'';
meta = with lib; {
@ -100,3 +79,4 @@ stdenv.mkDerivation rec {
downloadPage = "https://www.brother.de/support/dcp-l2530dw/downloads";
};
}

25
packages/nixos-hosts/default.nix
View file

@ -1,12 +1,11 @@
{
lib,
writeText,
writeShellApplication,
substituteAll,
gum,
inputs,
hosts ? { },
...
{ lib
, writeText
, writeShellApplication
, substituteAll
, gum
, inputs
, hosts ? { }
, ...
}:
let
@ -15,7 +14,9 @@ let
substitute = args: builtins.readFile (substituteAll args);
formatted-hosts = mapAttrsToList (name: host: "${name},${host.pkgs.system}") hosts;
formatted-hosts = mapAttrsToList
(name: host: "${name},${host.pkgs.system}")
hosts;
hosts-csv = writeText "hosts.csv" ''
Name,System
@ -34,7 +35,9 @@ let
checkPhase = "";
runtimeInputs = [ gum ];
runtimeInputs = [
gum
];
};
new-meta = with lib; {

98
packages/nixos-revision/default.nix
View file

@ -1,8 +1,7 @@
{
pkgs,
lib,
gitHostCommitUrl ? "https://git.hoyer.xyz/harald/nixcfg/commit",
...
{ pkgs
, lib
, gitHostCommitUrl ? "https://git.hoyer.xyz/harald/nixcfg/commit"
, ...
}:
let
@ -14,60 +13,61 @@ let
maintainers = with maintainers; [ jakehamilton ];
};
package = pkgs.writeShellScriptBin "nixos-revision" ''
HAS_HELP=false
HAS_OPEN=false
package =
pkgs.writeShellScriptBin "nixos-revision" ''
HAS_HELP=false
HAS_OPEN=false
while [[ $# -gt 0 ]]; do
case $1 in
-h|--help)
HAS_HELP=true
shift
;;
-o|--open)
HAS_OPEN=true
shift
;;
*)
shift
;;
esac
done
while [[ $# -gt 0 ]]; do
case $1 in
-h|--help)
HAS_HELP=true
shift
;;
-o|--open)
HAS_OPEN=true
shift
;;
*)
shift
;;
esac
done
if [ $HAS_HELP == true ]; then
HELP_MSG="
nixos-revision
if [ $HAS_HELP == true ]; then
HELP_MSG="
nixos-revision
USAGE
USAGE
nixos-revision [options]
nixos-revision [options]
OPTIONS
OPTIONS
-h, --help Show this help message
-o, --open Open the revision on GitHub
-h, --help Show this help message
-o, --open Open the revision on GitHub
EXAMPLES
EXAMPLES
$ # Print the current revision
$ nixos-revision
$ # Print the current revision
$ nixos-revision
$ # Open the current revision on GitHub
$ nixos-revision --open
"
echo "$HELP_MSG"
exit 0
fi
$ # Open the current revision on GitHub
$ nixos-revision --open
"
echo "$HELP_MSG"
exit 0
fi
REVISION=$(nixos-version --json | ${pkgs.jq}/bin/jq -r .configurationRevision)
REVISION=$(nixos-version --json | ${pkgs.jq}/bin/jq -r .configurationRevision)
if [ $HAS_OPEN == true ]; then
GITHUB_URL="${gitHostCommitUrl}/$REVISION"
echo "Opening URL: $GITHUB_URL"
${pkgs.xdg-utils}/bin/xdg-open $GITHUB_URL
else
echo $REVISION
fi
'';
if [ $HAS_OPEN == true ]; then
GITHUB_URL="${gitHostCommitUrl}/$REVISION"
echo "Opening URL: $GITHUB_URL"
${pkgs.xdg-utils}/bin/xdg-open $GITHUB_URL
else
echo $REVISION
fi
'';
in
override-meta new-meta package

11
packages/rot8000/default.nix
View file

@ -1,9 +1,8 @@
{
lib,
stdenv,
rustPlatform,
fetchFromGitHub,
...
{ lib
, stdenv
, rustPlatform
, fetchFromGitHub
, ...
}:
rustPlatform.buildRustPackage rec {
pname = "rot8000";

4
systems/x86_64-darwin/mpro/default.nix
View file

@ -8,7 +8,9 @@ with lib.metacfg;
};
};
environment.systemPath = [ "/usr/local/Homebrew/bin" ];
environment.systemPath = [
"/usr/local/Homebrew/bin"
];
users.users.harald.shell = pkgs.fish;

27
systems/x86_64-linux/mx/acme.nix
View file

@ -1,9 +1,4 @@
{
pkgs,
lib,
config,
...
}:
{ pkgs, lib, config, ... }:
{
sops.secrets.internetbs = {
sopsFile = ../../../.secrets/hetzner/internetbs.yaml; # bring your own password file
@ -18,19 +13,27 @@
};
certs = {
"surfsite.org" = {
extraDomainNames = [ "*.surfsite.org" ];
extraDomainNames = [
"*.surfsite.org"
];
};
"hartwin-hoyer.de" = {
extraDomainNames = [ "*.hartwin-hoyer.de" ];
extraDomainNames = [
"*.hartwin-hoyer.de"
];
};
"herward-hoyer.de" = {
extraDomainNames = [ "*.herward-hoyer.de" ];
extraDomainNames = [
"*.herward-hoyer.de"
];
};
"varlink.org" = {
extraDomainNames = [ "*.varlink.org" ];
extraDomainNames = [
"*.varlink.org"
];
};
"meike-hoyer.de" = { };
@ -68,7 +71,9 @@
};
"harald-hoyer.de" = {
extraDomainNames = [ "*.harald-hoyer.de" ];
extraDomainNames = [
"*.harald-hoyer.de"
];
};
};
};

2
systems/x86_64-linux/mx/backup.nix
View file

@ -4,7 +4,7 @@
shell = pkgs.bash;
isNormalUser = true;
openssh.authorizedKeys.keys = [
''restrict,command="/run/wrappers/bin/rrsync -ro /" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQGdtB6BFdXN+cRepkzWhbG5KRIM5nXmHiw1K+CEhGihwWsNVKGgU/q4rePK6PVNflTIoHUfL30jkA7H8VpSzu0XOa97Tqf+sF9VQOFrMjpf2rOWv38nc2GnKpnUu68c17KRZ+i8cnPZH0VUqRzaY/1IPMFH3OYO4qHJAEN5oAsyMFI9pbqFLqRnwNALjxf8fUvR/XB88zt3P34vFFer15FtLr4dlIzoEFGdUSOErmGJGmDzTptMqi/t0kn2AgaBKzMxwGTDUj6adU6KKBERj4ii3ekOrPwcNjsws3Mtlm5p8ycUkwUFoIiXukF6XRzCRSWMbZOgSnu2TfC6jRRrdbMNWn4QGF/jdBvvKcBoD4sChzpG6aF4m+7ue0QuHES7Kd2Rwnq0jbesGuBnRciDN+jssGvxZKX7XEialuXiaTQ4jPUA4zgWq474CR6ksuxpUDlKpH+leWPLtuKlhEZZnJHCMhz8Ewk/ZwiNSbLO97cwJciBM71orGWpFxHciT1QE= root@sgx''
"restrict,command=\"/run/wrappers/bin/rrsync -ro /\" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQGdtB6BFdXN+cRepkzWhbG5KRIM5nXmHiw1K+CEhGihwWsNVKGgU/q4rePK6PVNflTIoHUfL30jkA7H8VpSzu0XOa97Tqf+sF9VQOFrMjpf2rOWv38nc2GnKpnUu68c17KRZ+i8cnPZH0VUqRzaY/1IPMFH3OYO4qHJAEN5oAsyMFI9pbqFLqRnwNALjxf8fUvR/XB88zt3P34vFFer15FtLr4dlIzoEFGdUSOErmGJGmDzTptMqi/t0kn2AgaBKzMxwGTDUj6adU6KKBERj4ii3ekOrPwcNjsws3Mtlm5p8ycUkwUFoIiXukF6XRzCRSWMbZOgSnu2TfC6jRRrdbMNWn4QGF/jdBvvKcBoD4sChzpG6aF4m+7ue0QuHES7Kd2Rwnq0jbesGuBnRciDN+jssGvxZKX7XEialuXiaTQ4jPUA4zgWq474CR6ksuxpUDlKpH+leWPLtuKlhEZZnJHCMhz8Ewk/ZwiNSbLO97cwJciBM71orGWpFxHciT1QE= root@sgx"
];
};

31
systems/x86_64-linux/mx/coturn.nix
View file

@ -1,9 +1,4 @@
{
pkgs,
lib,
config,
...
}:
{ pkgs, lib, config, ... }:
{
sops.secrets."coturn/static-auth-secret" = {
sopsFile = ../../../.secrets/hetzner/coturn.yaml; # bring your own password file
@ -13,30 +8,20 @@
networking.firewall =
let
range = with config.services.coturn; [
{
from = min-port;
to = max-port;
}
];
range = with config.services.coturn; [{
from = min-port;
to = max-port;
}];
in
{
allowedUDPPortRanges = range;
allowedTCPPorts = [
3478
3479
5349
];
allowedUDPPorts = [
3478
3479
5349
];
allowedTCPPorts = [ 3478 3479 5349 ];
allowedUDPPorts = [ 3478 3479 5349 ];
};
# get a certificate
security.acme.certs.${config.services.coturn.realm} = {
# insert here the right configuration to obtain a certificate
/* insert here the right configuration to obtain a certificate */
postRun = "systemctl restart coturn.service";
group = "turnserver";
};

7
systems/x86_64-linux/mx/forgejo.nix
View file

@ -1,9 +1,4 @@
{
pkgs,
lib,
config,
...
}:
{ pkgs, lib, config, ... }:
{
sops.secrets."postgres/gitea_dbpass" = {
sopsFile = ../../../.secrets/hetzner/postgres.yaml; # bring your own password file

19
systems/x86_64-linux/mx/hardware-configuration.nix
View file

@ -1,15 +1,12 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
lib,
pkgs,
modulesPath,
...
}:
{ lib, pkgs, modulesPath, ... }:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.kernelPackages = lib.mkForce pkgs.linuxPackages;
@ -31,17 +28,15 @@
"rng_core"
];
boot.swraid.enable = true;
boot.swraid.mdadmConf = ''
MAILADDR admin@hoyer.xyz
'';
disko.devices = import ./server-raid.nix {
inherit lib;
disks = [
"/dev/sda"
"/dev/sdb"
];
disks = [ "/dev/sda" "/dev/sdb" ];
};
swapDevices = [ { device = "/swapfile"; } ];
swapDevices = [{ device = "/swapfile"; }];
}

4
systems/x86_64-linux/mx/kicker.nix
View file

@ -9,7 +9,9 @@
"/home/hartwin/kicker/.htpasswd:/app/public/.htpasswd"
"/home/hartwin/kicker/live.db:/app/db/data/current.db"
];
extraOptions = [ "--pull=always" ];
extraOptions = [
"--pull=always"
];
};
};
}

7
systems/x86_64-linux/mx/mailserver.nix
View file

@ -1,9 +1,4 @@
{
pkgs,
lib,
config,
...
}:
{ pkgs, lib, config, ... }:
{
# email addresses git smudged
mailserver = {

37
systems/x86_64-linux/mx/network.nix
View file

@ -8,10 +8,7 @@
services.resolved.extraConfig = "ReadEtcHosts=no";
services.nscd.enableNsncd = false;
networking.firewall.allowedTCPPorts = [
80
443
];
networking.firewall.allowedTCPPorts = [ 80 443 ];
networking.firewall.allowPing = true;
networking.hostName = "mx"; # Define your hostname.
@ -29,26 +26,20 @@
networking.interfaces.enp0s31f6 = {
ipv6 = {
addresses = [
{
address = "2a01:4f9:2b:2e3::2"; # Your IPv6 here
prefixLength = 64;
}
];
addresses = [{
address = "2a01:4f9:2b:2e3::2"; # Your IPv6 here
prefixLength = 64;
}];
# Default IPv6 route
routes = [
{
address = "::";
prefixLength = 0;
via = "fe80::1";
}
];
routes = [{
address = "::";
prefixLength = 0;
via = "fe80::1";
}];
};
ipv4.addresses = [
{
address = "95.216.66.178";
prefixLength = 26;
}
];
ipv4.addresses = [{
address = "95.216.66.178";
prefixLength = 26;
}];
};
}

4
systems/x86_64-linux/mx/nextcloud.nix
View file

@ -49,7 +49,9 @@
};
services.postgresql = {
ensureDatabases = [ "nextcloud" ];
ensureDatabases = [
"nextcloud"
];
ensureUsers = [
{
name = "nextcloud";

17
systems/x86_64-linux/mx/nginx.nix
View file

@ -30,6 +30,7 @@
root = "/var/www/hoyer.xyz/html";
};
"hoyer.world" = {
enableACME = false;
useACMEHost = "hoyer.world";
@ -46,7 +47,9 @@
"hoyer.xyz" = {
# serverName = "hoyer.xyz";
serverAliases = [ "www.hoyer.xyz" ];
serverAliases = [
"www.hoyer.xyz"
];
useACMEHost = "hoyer.xyz";
enableACME = false;
forceSSL = true;
@ -105,13 +108,17 @@
};
"harald-hoyer.de" = {
serverAliases = [ "www.harald-hoyer.de" ];
serverAliases = [
"www.harald-hoyer.de"
];
useACMEHost = "harald-hoyer.de";
globalRedirect = "harald.hoyer.xyz";
forceSSL = true;
};
"harald.hoyer.xyz" = {
serverAliases = [ "www.harald.hoyer.xyz" ];
serverAliases = [
"www.harald.hoyer.xyz"
];
useACMEHost = "hoyer.xyz";
root = "/var/www/harald.hoyer.xyz/html/";
extraConfig = ''
@ -134,7 +141,9 @@
};
"hartwin-hoyer.de" = {
serverAliases = [ "www.hartwin-hoyer.de" ];
serverAliases = [
"www.hartwin-hoyer.de"
];
useACMEHost = "hartwin-hoyer.de";
globalRedirect = "hartwin.hoyer.xyz";
forceSSL = true;

7
systems/x86_64-linux/mx/postgresql.nix
View file

@ -1,9 +1,4 @@
{
pkgs,
lib,
config,
...
}:
{ pkgs, lib, config, ... }:
{
services.postgresql = {
package = pkgs.postgresql_14;

10
systems/x86_64-linux/mx/rspamd.nix
View file

@ -10,12 +10,10 @@ let
'';
in
{
services.rspamd.workers.controller.bindSockets = [
{
socket = "/run/rspamd/worker-controller.sock";
mode = "0660";
}
];
services.rspamd.workers.controller.bindSockets = [{
socket = "/run/rspamd/worker-controller.sock";
mode = "0660";
}];
services.rspamd.locals = {
"settings.conf".text = ''
bogenschiessen {

9
systems/x86_64-linux/mx/server-raid.nix
View file

@ -1,11 +1,4 @@
{
disks ? [
"/dev/sda"
"/dev/sdb"
],
...
}:
{
{ disks ? [ "/dev/sda" "/dev/sdb" ], ... }: {
disk = {
one = {
type = "disk";

13
systems/x86_64-linux/sgx-attic/atticd.nix
View file

@ -1,21 +1,18 @@
{
pkgs,
lib,
config,
...
}:
{ pkgs, lib, config, ... }:
{
services.postgresql = {
enable = true;
ensureDatabases = [ "attic" ];
ensureUsers = [ { name = "atticd"; } ];
ensureUsers = [{ name = "atticd"; }];
};
systemd.services.postgresql.postStart = lib.mkAfter ''
$PSQL -tAc 'ALTER DATABASE "attic" OWNER TO "atticd"'
'';
environment.systemPackages = with pkgs; [ attic-client ];
environment.systemPackages = with pkgs; [
attic-client
];
services.atticd = {
enable = true;

7
systems/x86_64-linux/sgx-attic/default.nix
View file

@ -1,9 +1,4 @@
{
pkgs,
lib,
config,
...
}:
{ pkgs, lib, config, ... }:
with lib;
with lib.metacfg;
{

25
systems/x86_64-linux/sgx-attic/hardware-configuration.nix
View file

@ -1,28 +1,17 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [
./disko.nix
(modulesPath + "/profiles/qemu-guest.nix")
];
imports =
[
./disko.nix
(modulesPath + "/profiles/qemu-guest.nix")
];
disko.devices.disk.main.device = "/dev/vda";
boot.initrd.availableKernelModules = [
"ahci"
"xhci_pci"
"virtio_pci"
"sr_mod"
"virtio_blk"
];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];

30
systems/x86_64-linux/sgx-nixos/default.nix
View file

@ -1,13 +1,10 @@
{
pkgs,
lib,
config,
...
}:
{ pkgs, lib, config, ... }:
with lib;
with lib.metacfg;
{
imports = [ ./hardware-configuration.nix ];
imports = [
./hardware-configuration.nix
];
boot.kernel.sysctl."net.ipv4.conf.all.route_localnet" = 1;
boot.kernelPackages = lib.mkOverride 0 pkgs.linuxPackages_latest;
@ -23,10 +20,7 @@ with lib.metacfg;
nix.enable = true;
aesmd_dcap.enable = true;
podman.enable = true;
user.extraGroups = [
"docker"
"sgx"
];
user.extraGroups = [ "docker" "sgx" ];
};
environment.etc."sgx_default_qcnl.conf".text = ''
@ -65,18 +59,8 @@ with lib.metacfg;
systemd.user.extraConfig = "DefaultLimitNOFILE=32768";
security.pam.loginLimits = [
{
domain = "*";
item = "nofile";
type = "-";
value = "32768";
}
{
domain = "*";
item = "memlock";
type = "-";
value = "32768";
}
{ domain = "*"; item = "nofile"; type = "-"; value = "32768"; }
{ domain = "*"; item = "memlock"; type = "-"; value = "32768"; }
];
system.stateVersion = "23.11";

39
systems/x86_64-linux/sgx-nixos/hardware-configuration.nix
View file

@ -1,37 +1,30 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
imports =
[
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [
"ahci"
"xhci_pci"
"virtio_pci"
"sr_mod"
"virtio_blk"
];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/ebb90474-ddcb-484b-9663-d71863827af4";
fsType = "ext4";
};
fileSystems."/" =
{
device = "/dev/disk/by-uuid/ebb90474-ddcb-484b-9663-d71863827af4";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/941C-7B02";
fsType = "vfat";
};
fileSystems."/boot" =
{
device = "/dev/disk/by-uuid/941C-7B02";
fsType = "vfat";
};
swapDevices = [ ];

10
systems/x86_64-linux/sgx/backup.nix
View file

@ -1,9 +1,4 @@
{
pkgs,
lib,
config,
...
}:
{ pkgs, lib, config, ... }:
let
backup_new_path = "/mnt/raid/backup/hoyer/new/";
restic_repo = "/mnt/backup/restic-repo";
@ -66,7 +61,8 @@ in
".log"
".Trash"
];
ignoreFile = builtins.toFile "ignore" (lib.foldl (a: b: a + "\n" + b) "" ignorePatterns);
ignoreFile = builtins.toFile "ignore"
(lib.foldl (a: b: a + "\n" + b) "" ignorePatterns);
in
[ "--exclude-file=${ignoreFile}" ];
pruneOpts = [

7
systems/x86_64-linux/sgx/default.nix
View file

@ -1,9 +1,4 @@
{
pkgs,
lib,
config,
...
}:
{ pkgs, lib, config, ... }:
{
imports = [
./hardware-configuration.nix

7
systems/x86_64-linux/sgx/fileserver.nix
View file

@ -1,9 +1,4 @@
{
pkgs,
lib,
config,
...
}:
{ pkgs, lib, config, ... }:
{
services.netatalk = {
enable = true;

35
systems/x86_64-linux/sgx/hardware-configuration.nix
View file

@ -1,16 +1,12 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
pkgs,
config,
lib,
modulesPath,
...
}:
{ pkgs, config, lib, modulesPath, ... }:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
@ -47,33 +43,18 @@
"/mnt/raid" = {
fsType = "btrfs";
device = "/dev/disk/by-uuid/11727be7-bf9b-4888-8b02-d7eb1f898712";
options = [
"defaults"
"compress=zstd"
"subvol=root"
"autodefrag"
"noatime"
"nofail"
"x-systemd.device-timeout=60"
];
options = [ "defaults" "compress=zstd" "subvol=root" "autodefrag" "noatime" "nofail" "x-systemd.device-timeout=60" ];
};
"/mnt/backup" = {
fsType = "btrfs";
device = "/dev/disk/by-uuid/c29e7eac-26ba-41b1-ac3e-11123476b7c5";
options = [
"defaults"
"compress=zstd"
"subvol=root"
"autodefrag"
"noatime"
"nofail"
"x-systemd.device-timeout=60"
];
options = [ "defaults" "compress=zstd" "subvol=root" "autodefrag" "noatime" "nofail" "x-systemd.device-timeout=60" ];
};
};
swapDevices = [ { device = "/dev/disk/by-uuid/72d061d7-ab18-47b9-beb1-1c465dda1be9"; } ];
swapDevices =
[{ device = "/dev/disk/by-uuid/72d061d7-ab18-47b9-beb1-1c465dda1be9"; }];
environment.etc."crypttab".text = ''
a16 /dev/disk/by-uuid/6f1c1b24-3c94-44be-8d1b-70db562079c1 /dev/disk/by-id/usb-Ut165_USB2FlashStorage_08050508d213e6-0:0-part1 luks,keyfile-size=256

18
systems/x86_64-linux/sgx/network.nix
View file

@ -1,9 +1,4 @@
{
pkgs,
lib,
config,
...
}:
{ pkgs, lib, config, ... }:
{
networking.hostName = "sgx"; # Define your hostname.
networking.useDHCP = false;
@ -42,14 +37,7 @@
};
};
networking.firewall.allowedTCPPorts = [
8384
22000
config.services.netatalk.port
];
networking.firewall.allowedUDPPorts = [
22000
21027
];
networking.firewall.allowedTCPPorts = [ 8384 22000 config.services.netatalk.port ];
networking.firewall.allowedUDPPorts = [ 22000 21027 ];
networking.firewall.allowPing = true;
}

5
systems/x86_64-linux/t15/default.nix
View file

@ -10,10 +10,7 @@
podman.enable = true;
secureboot.enable = true;
homeprinter.enable = true;
user.extraGroups = [
"docker"
"dialout"
];
user.extraGroups = [ "docker" "dialout" ];
};
system.autoUpgrade = {

36
systems/x86_64-linux/t15/hardware-configuration.nix
View file

@ -1,16 +1,12 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.kernelModules = [ "kvm-intel" ];
boot.initrd.availableKernelModules = [
@ -44,7 +40,7 @@
boot.extraModulePackages = [ ];
services.btrfs.autoScrub.enable = true;
swapDevices = [ { device = "/swapfile"; } ];
swapDevices = [{ device = "/swapfile"; }];
boot.initrd.luks.devices.crypted = {
device = "/dev/nvme0n1p2";
@ -52,12 +48,13 @@
};
fileSystems = {
"/" = {
device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "subvol=/rootfs" ];
neededForBoot = true;
};
"/" =
{
device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "subvol=/rootfs" ];
neededForBoot = true;
};
"/nix" = {
device = "/dev/mapper/crypted";
fsType = "btrfs";
@ -75,10 +72,11 @@
options = [ "subvol=/persist" ];
neededForBoot = true;
};
"/boot" = {
device = "/dev/disk/by-partlabel/disk-one-ESP";
fsType = "vfat";
};
"/boot" =
{
device = "/dev/disk/by-partlabel/disk-one-ESP";
fsType = "vfat";
};
};
console.keyMap = "de-latin1-nodeadkeys";

25
systems/x86_64-linux/x1/default.nix
View file

@ -12,10 +12,7 @@ with lib.metacfg;
podman.enable = true;
secureboot.enable = true;
homeprinter.enable = true;
user.extraGroups = [
"docker"
"dialout"
];
user.extraGroups = [ "docker" "dialout" ];
};
environment.systemPackages = with pkgs; [
@ -26,7 +23,6 @@ with lib.metacfg;
kubectx
k9s
attic-client
ollama
];
services.resolved.enable = true;
@ -54,24 +50,9 @@ with lib.metacfg;
systemd.user.extraConfig = "DefaultLimitNOFILE=32768";
security.pam.loginLimits = [
{
domain = "*";
item = "nofile";
type = "-";
value = "32768";
}
{
domain = "*";
item = "memlock";
type = "-";
value = "32768";
}
{ domain = "*"; item = "nofile"; type = "-"; value = "32768"; }
{ domain = "*"; item = "memlock"; type = "-"; value = "32768"; }
];
services.ollama = {
enable = true;
acceleration = "rocm";
};
system.stateVersion = "23.11";
}

43
systems/x86_64-linux/x1/hardware-configuration.nix
View file

@ -1,25 +1,14 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [
"xhci_pci"
"thunderbolt"
"nvme"
"uas"
"usbhid"
"sd_mod"
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "uas" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelPackages = lib.mkOverride 0 pkgs.linuxPackages_latest;
boot.kernelModules = [ "kvm-intel" ];
@ -35,11 +24,12 @@
services.btrfs.autoScrub.enable = true;
fileSystems."/" = {
device = "/dev/disk/by-uuid/1106202c-c3bf-4c15-b7cd-e78749e5c955";
fsType = "btrfs";
options = [ "subvol=@" ];
};
fileSystems."/" =
{
device = "/dev/disk/by-uuid/1106202c-c3bf-4c15-b7cd-e78749e5c955";
fsType = "btrfs";
options = [ "subvol=@" ];
};
boot.initrd.luks.devices."luks-0e2792db-1b80-49a7-b2eb-54e4b5fc3502" = {
device = "/dev/disk/by-uuid/0e2792db-1b80-49a7-b2eb-54e4b5fc3502";
@ -51,12 +41,13 @@
allowDiscards = true;
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/13C4-A825";
fsType = "vfat";
};
fileSystems."/boot" =
{
device = "/dev/disk/by-uuid/13C4-A825";
fsType = "vfat";
};
swapDevices = [ { device = "/dev/mapper/luks-280f2e07-e5fc-478e-b7ee-445c99bea415"; } ];
swapDevices = [{ device = "/dev/mapper/luks-280f2e07-e5fc-478e-b7ee-445c99bea415"; }];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's