From 7137e93805bc101a029a4af77ccab14c984e0a3c Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 8 Feb 2024 20:53:22 +0100 Subject: [PATCH] nix fmt --- flake.nix | 419 +++--- nix/devShells.nix | 9 +- .../configuration/graphical-fullblown.nix | 65 +- nix/home-manager/profiles/common.nix | 10 +- nix/home-manager/profiles/dotfiles.nix | 30 +- nix/home-manager/profiles/sway-desktop.nix | 211 ++- nix/home-manager/profiles/wayland-desktop.nix | 88 +- nix/home-manager/programs/chromium.nix | 37 +- nix/home-manager/programs/espanso.nix | 116 +- nix/home-manager/programs/pass.nix | 6 +- nix/home-manager/programs/radicale.nix | 89 +- nix/home-manager/programs/vscode/default.nix | 24 +- nix/home-manager/programs/zsh.nix | 130 +- nix/os/devices/router0-dmz0/configuration.nix | 1206 +++++++++-------- nix/os/devices/router0-dmz0/flake.nix | 43 +- .../devices/sj-bm-hostkey0/configuration.nix | 99 +- nix/os/devices/sj-srv1/configuration.nix | 11 +- nix/os/devices/sj-srv1/hw.nix | 2 +- nix/os/devices/sj-srv1/system.nix | 93 +- nix/os/devices/sj-vps-htz0/system.nix | 30 +- nix/os/devices/steveej-t14/configuration.nix | 5 +- nix/os/devices/steveej-t14/default.nix | 19 +- nix/os/devices/steveej-t14/hw.nix | 26 +- nix/os/devices/steveej-t14/pkg.nix | 52 +- nix/os/devices/steveej-t14/system.nix | 32 +- nix/os/devices/steveej-t14/user.nix | 19 +- .../steveej-x13s-rmvbl/configuration.nix | 30 +- nix/os/devices/steveej-x13s-rmvbl/default.nix | 23 +- nix/os/devices/steveej-x13s-rmvbl/disko.nix | 10 +- nix/os/devices/steveej-x13s-rmvbl/flake.nix | 151 ++- nix/os/devices/steveej-x13s/configuration.nix | 30 +- nix/os/devices/steveej-x13s/default.nix | 23 +- nix/os/devices/steveej-x13s/disko.nix | 10 +- nix/os/devices/steveej-x13s/flake.nix | 151 ++- nix/os/devices/voodoo/flake.nix | 20 +- nix/os/lib/default.nix | 69 +- nix/os/modules/hardware.thinkpad-x13s.nix | 404 +++--- nix/os/modules/opinionatedDisk.nix | 3 +- nix/os/profiles/common/configuration.nix | 17 +- nix/os/profiles/common/system.nix | 15 +- nix/os/profiles/common/user.nix | 16 +- nix/os/profiles/graphical/system.nix | 11 +- nix/os/snippets/bluetooth.nix | 9 +- nix/os/snippets/home-manager-with-zsh.nix | 22 +- nix/os/snippets/nix-settings.nix | 10 +- nix/os/snippets/radicale.nix | 30 +- nix/os/snippets/sway-desktop.nix | 47 +- nix/os/snippets/timezone.nix | 8 +- nix/pkgs/logseq/default.nix | 56 +- 49 files changed, 2034 insertions(+), 2002 deletions(-) diff --git a/flake.nix b/flake.nix index 96acff4..2538a15 100644 --- a/flake.nix +++ b/flake.nix @@ -75,7 +75,6 @@ flake = false; }; - ### inputs for thinkpad x13s # see https://github.com/jhovold/linux/wiki/X13s for status updates linux_x13s.url = "github:jhovold/linux/wip/sc8280xp-v6.7"; @@ -91,242 +90,236 @@ url = "git+https://codeberg.org/adamcstephens/stop-export.git"; }; - # alsa-ucm-conf = { # flake = false; # url = "github:alsa-project/alsa-ucm-conf/master"; # }; - logseq_0_10_5_aarch64_appimage = { flake = false; url = "https://www.stefanjunker.de/downloads/Logseq-0.10.5.AppImage"; }; }; - outputs = - inputs @ { self - , flake-parts - , nixpkgs - , ... - }: - let - inherit (nixpkgs) lib; + outputs = inputs @ { + self, + flake-parts, + nixpkgs, + ... + }: let + inherit (nixpkgs) lib; - systems = [ - "x86_64-linux" - "aarch64-linux" - ]; - in - flake-parts.lib.mkFlake { inherit inputs; } - ({ withSystem, ... }: { - flake.colmena = - lib.lists.foldl (sum: cur: lib.attrsets.recursiveUpdate sum cur) - { - meta.nixpkgs = import inputs.nixpkgs.outPath { - system = builtins.elemAt systems 0; - }; - } - # FIXME: this doesn't seem to work to apply overlays into a node's nixpkgs import - # try this instead: https://github.com/zhaofengli/colmena/issues/60#issuecomment-1510496861 - (builtins.map - (nodeName: - import ./nix/os/devices/${nodeName} { - inherit nodeName; - repoFlake = self; - repoFlakeWithSystem = withSystem; - nodeFlake = self.inputs.get-flake ./nix/os/devices/${nodeName}; - }) [ - "steveej-t14" - "steveej-x13s" - "steveej-x13s-rmvbl" - # "elias-e525" - # "justyna-p300" + systems = [ + "x86_64-linux" + "aarch64-linux" + ]; + in + flake-parts.lib.mkFlake {inherit inputs;} + ({withSystem, ...}: { + flake.colmena = + lib.lists.foldl (sum: cur: lib.attrsets.recursiveUpdate sum cur) + { + meta.nixpkgs = import inputs.nixpkgs.outPath { + system = builtins.elemAt systems 0; + }; + } + # FIXME: this doesn't seem to work to apply overlays into a node's nixpkgs import + # try this instead: https://github.com/zhaofengli/colmena/issues/60#issuecomment-1510496861 + (builtins.map + (nodeName: + import ./nix/os/devices/${nodeName} { + inherit nodeName; + repoFlake = self; + repoFlakeWithSystem = withSystem; + nodeFlake = self.inputs.get-flake ./nix/os/devices/${nodeName}; + }) [ + "steveej-t14" + "steveej-x13s" + "steveej-x13s-rmvbl" + # "elias-e525" + # "justyna-p300" - # "srv0-dmz0" - # # "router0-dmz0" + # "srv0-dmz0" + # # "router0-dmz0" - "sj-srv1" - "sj-bm-hostkey0" + "sj-srv1" + "sj-bm-hostkey0" - # "retro" - ]); + # "retro" + ]); - # this makes nixos-anywhere work - flake.nixosConfigurations = - let - colmenaHive = (inputs.colmena.lib.makeHive self.outputs.colmena).nodes; - router0-dmz0 = (inputs.get-flake ./nix/os/devices/router0-dmz0).nixosConfigurations; - retro = (inputs.get-flake ./nix/os/devices/retro).nixosConfigurations; - in - ( - colmenaHive // + # this makes nixos-anywhere work + flake.nixosConfigurations = let + colmenaHive = (inputs.colmena.lib.makeHive self.outputs.colmena).nodes; + router0-dmz0 = (inputs.get-flake ./nix/os/devices/router0-dmz0).nixosConfigurations; + retro = (inputs.get-flake ./nix/os/devices/retro).nixosConfigurations; + in ( + colmenaHive + // { + router0-dmz0 = router0-dmz0.native; - { - router0-dmz0 = router0-dmz0.native; + # for now deploy directly with: + # nixos-rebuild switch --flake .\#router0-dmz0_cross --build-host localhost --target-host root@192.168.10.1 + router0-dmz0_cross = router0-dmz0.cross; - # for now deploy directly with: - # nixos-rebuild switch --flake .\#router0-dmz0_cross --build-host localhost --target-host root@192.168.10.1 - router0-dmz0_cross = router0-dmz0.cross; + # nixos-install --flake .\#retro_cross + retro_cross = retro.cross; - # nixos-install --flake .\#retro_cross - retro_cross = retro.cross; + steveej-x13s_cross = (inputs.get-flake ./nix/os/devices/steveej-x13s).nixosConfigurations.cross; + steveej-x13s-rmvbl_cross = (inputs.get-flake ./nix/os/devices/steveej-x13s-rmvbl).nixosConfigurations.cross; + } + ); - steveej-x13s_cross = (inputs.get-flake ./nix/os/devices/steveej-x13s).nixosConfigurations.cross; - steveej-x13s-rmvbl_cross = (inputs.get-flake ./nix/os/devices/steveej-x13s-rmvbl).nixosConfigurations.cross; - } - ); + inherit systems; - inherit systems; + perSystem = { + self', + inputs', + system, + config, + lib, + pkgs, + ... + }: { + imports = [ + ./nix/modules/flake-parts/perSystem/default.nix + ]; - perSystem = - { self' - , inputs' - , system - , config - , lib - , pkgs - , ... - }: { - imports = [ - ./nix/modules/flake-parts/perSystem/default.nix + packages = let + dcpj4110dw = pkgs.callPackage (self + /nix/pkgs/dcpj4110dw) {}; + + craneLib = + inputs.crane.lib.${system}.overrideToolchain + inputs'.fenix.packages.stable.toolchain; + + craneLibOfiPass = + inputs.crane.lib.${system}.overrideToolchain + ( + inputs'.fenix.packages.stable.toolchain + # .override { + # date = "1.60.0"; + # } + ); + in { + dcpj4110dwDriver = dcpj4110dw.driver; + dcpj4110dwCupswrapper = dcpj4110dw.cupswrapper; + + # broken as of 2023-04-27 because it doesn't load without a config + # aphorme_launcher = craneLib.buildPackage {src = inputs.aphorme_launcher;}; + # yofi = inputs'.yofi.packages.default; + # ofi-pass = craneLibOfiPass.buildPackage {src = inputs.ofi-pass;}; + + inherit (inputs'.colmena.packages) colmena; + + # jay = pkgs.callPackage (self + /nix/pkgs/jay.nix) { + # src = inputs.jay; + # rustPlatform = pkgs.makeRustPlatform { + # cargo = inputs'.fenix.packages.stable.toolchain; + # rustc = inputs'.fenix.packages.stable.toolchain; + # }; + # }; + + salut = craneLib.buildPackage { + src = inputs.salut; + nativeBuildInputs = [ + pkgs.pkg-config + ]; + buildInputs = [ + pkgs.libxkbcommon + pkgs.fontconfig ]; - - packages = - let - dcpj4110dw = pkgs.callPackage (self + /nix/pkgs/dcpj4110dw) { }; - - craneLib = - inputs.crane.lib.${system}.overrideToolchain - inputs'.fenix.packages.stable.toolchain; - - craneLibOfiPass = - inputs.crane.lib.${system}.overrideToolchain - ( - inputs'.fenix.packages.stable.toolchain - # .override { - # date = "1.60.0"; - # } - ); - in - { - dcpj4110dwDriver = dcpj4110dw.driver; - dcpj4110dwCupswrapper = dcpj4110dw.cupswrapper; - - # broken as of 2023-04-27 because it doesn't load without a config - # aphorme_launcher = craneLib.buildPackage {src = inputs.aphorme_launcher;}; - # yofi = inputs'.yofi.packages.default; - # ofi-pass = craneLibOfiPass.buildPackage {src = inputs.ofi-pass;}; - - inherit (inputs'.colmena.packages) colmena; - - # jay = pkgs.callPackage (self + /nix/pkgs/jay.nix) { - # src = inputs.jay; - # rustPlatform = pkgs.makeRustPlatform { - # cargo = inputs'.fenix.packages.stable.toolchain; - # rustc = inputs'.fenix.packages.stable.toolchain; - # }; - # }; - - salut = craneLib.buildPackage { - src = inputs.salut; - nativeBuildInputs = [ - pkgs.pkg-config - ]; - buildInputs = [ - pkgs.libxkbcommon - pkgs.fontconfig - ]; - }; - - prs = pkgs.callPackage - ({ pkgs - , dbus - , glib - , gpgme - , gtk3 - , libxcb - , libxkbcommon - , installShellFiles - , pkg-config - , python3 - }: craneLib.buildPackage { - pname = "prs"; - version = inputs.prs.shortRev; - src = inputs.prs; - nativeBuildInputs = [ gpgme installShellFiles pkg-config python3 ]; - - buildInputs = [ - dbus - glib - gpgme - gtk3 - libxcb - libxkbcommon - ]; - - cargoExtraArgs = "--features backend-gpgme"; - - postInstall = '' - for shell in bash fish zsh; do - installShellCompletion --cmd prs --$shell <($out/bin/prs internal completions $shell --stdout) - done - ''; - }) - { }; - - nomad = inputs'.nixpkgs-unstable-small.legacyPackages.nomad_1_6; - - ledger-live-desktop-wrapped = pkgs.writeShellScriptBin "ledger-live-desktop-wrapped" '' - set -x - pkill -9 wayland-proxy-v - export NIXOS_OZONE_WL="" - ${pkgs.wayland-proxy-virtwl}/bin/wayland-proxy-virtwl \ - --wayland-display=wayland-3 \ - --xwayland-binary=${pkgs.xwayland}/bin/Xwayland \ - --x-display=3 \ - & - # --x-unscale=3 \ - #--verbose \ - - export PROXYPID="$!" - - trap "kill -9 \$PROXYPID" EXIT - # trap "pkill -9 wayland-proxy-v" EXIT - - env \ - WAYLAND_DISPLAY=wayland-3 \ - DISPLAY=:3 \ - ledger-live-desktop - ''; - - syncthing-container-webui = pkgs.writeShellScriptBin "reverse-port-forward-syncthing-container" '' - ssh root@${self.colmena.sj-vps-htz0.deployment.targetHost} -L 8385:syncthing.containers:8384 - ''; - - logseq = pkgs.callPackage ./nix/pkgs/logseq - (lib.attrsets.optionalAttrs pkgs.stdenv.isAarch64 { - overrideSrc = self.inputs.logseq_0_10_5_aarch64_appimage; - }); - }; - - formatter = pkgs.alejandra; - - devShells = - let - all = import ./nix/devShells.nix { - inherit - self' - inputs' - pkgs - ; - }; - in - (all // { default = all.develop; }); }; - flake.nixosModules = { - # thinkpad-x13s = { pkgs, config, lib, options, ... } @ args: (import ./nix/os/modules/hardware.thinkpad-x13s.nix (args // { inherit self; })); + prs = + pkgs.callPackage + ({ + pkgs, + dbus, + glib, + gpgme, + gtk3, + libxcb, + libxkbcommon, + installShellFiles, + pkg-config, + python3, + }: + craneLib.buildPackage { + pname = "prs"; + version = inputs.prs.shortRev; + src = inputs.prs; + nativeBuildInputs = [gpgme installShellFiles pkg-config python3]; + + buildInputs = [ + dbus + glib + gpgme + gtk3 + libxcb + libxkbcommon + ]; + + cargoExtraArgs = "--features backend-gpgme"; + + postInstall = '' + for shell in bash fish zsh; do + installShellCompletion --cmd prs --$shell <($out/bin/prs internal completions $shell --stdout) + done + ''; + }) + {}; + + nomad = inputs'.nixpkgs-unstable-small.legacyPackages.nomad_1_6; + + ledger-live-desktop-wrapped = pkgs.writeShellScriptBin "ledger-live-desktop-wrapped" '' + set -x + pkill -9 wayland-proxy-v + export NIXOS_OZONE_WL="" + ${pkgs.wayland-proxy-virtwl}/bin/wayland-proxy-virtwl \ + --wayland-display=wayland-3 \ + --xwayland-binary=${pkgs.xwayland}/bin/Xwayland \ + --x-display=3 \ + & + # --x-unscale=3 \ + #--verbose \ + + export PROXYPID="$!" + + trap "kill -9 \$PROXYPID" EXIT + # trap "pkill -9 wayland-proxy-v" EXIT + + env \ + WAYLAND_DISPLAY=wayland-3 \ + DISPLAY=:3 \ + ledger-live-desktop + ''; + + syncthing-container-webui = pkgs.writeShellScriptBin "reverse-port-forward-syncthing-container" '' + ssh root@${self.colmena.sj-vps-htz0.deployment.targetHost} -L 8385:syncthing.containers:8384 + ''; + + logseq = + pkgs.callPackage ./nix/pkgs/logseq + (lib.attrsets.optionalAttrs pkgs.stdenv.isAarch64 { + overrideSrc = self.inputs.logseq_0_10_5_aarch64_appimage; + }); }; - }); + + formatter = pkgs.alejandra; + + devShells = let + all = import ./nix/devShells.nix { + inherit + self' + inputs' + pkgs + ; + }; + in (all // {default = all.develop;}); + }; + + flake.nixosModules = { + # thinkpad-x13s = { pkgs, config, lib, options, ... } @ args: (import ./nix/os/modules/hardware.thinkpad-x13s.nix (args // { inherit self; })); + }; + }); } diff --git a/nix/devShells.nix b/nix/devShells.nix index ebd879b..4cac540 100644 --- a/nix/devShells.nix +++ b/nix/devShells.nix @@ -1,9 +1,8 @@ -{ self' -, inputs' -, pkgs -}: - { + self', + inputs', + pkgs, +}: { install = pkgs.mkShell { name = "infra-install"; packages = with pkgs; [ diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix index 750140a..632cf0f 100644 --- a/nix/home-manager/configuration/graphical-fullblown.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -1,16 +1,15 @@ -{ pkgs -, lib -, config -, # these come in via home-manager.extraSpecialArgs and are specific to each node - nodeFlake -, packages' -, ... -}: -let - # pkgsMaster = nodeFlake.inputs.nixpkgs-master.legacyPackages.${pkgs.system}; - pkgsUnstableSmall = import nodeFlake.inputs.nixpkgs-unstable-small { inherit (pkgs) system config; }; -in { + pkgs, + lib, + config, + # these come in via home-manager.extraSpecialArgs and are specific to each node + nodeFlake, + packages', + ... +}: let + # pkgsMaster = nodeFlake.inputs.nixpkgs-master.legacyPackages.${pkgs.system}; + pkgsUnstableSmall = import nodeFlake.inputs.nixpkgs-unstable-small {inherit (pkgs) system config;}; +in { imports = [ ../profiles/common.nix # ../profiles/dotfiles.nix @@ -37,7 +36,7 @@ in home.sessionVariables.HM_CONFIG = "graphical-fullblown"; home.sessionVariables.GOPATH = "$HOME/src/go"; - home.sessionVariables.PATH = pkgs.lib.concatStringsSep ":" [ "$HOME/.local/bin" "$PATH" ]; + home.sessionVariables.PATH = pkgs.lib.concatStringsSep ":" ["$HOME/.local/bin" "$PATH"]; nixpkgs.config.permittedInsecurePackages = [ "electron-24.8.6" @@ -45,7 +44,7 @@ in ]; home.packages = - [ ] + [] ++ (with pkgs; [ # Authentication # cacert @@ -114,26 +113,24 @@ in let version = "6.44.0"; in - pkgsUnstableSmall.signal-desktop.overrideAttrs (old: - lib.attrsets.optionalAttrs pkgs.stdenv.isAarch64 { - inherit version; - src = builtins.fetchurl - { - url = "https://github.com/0mniteck/Signal-Desktop-Mobian/raw/master/builds/release/signal-desktop_${version}_arm64.deb"; - sha256 = - # lib.fakeSha256 - "sha256:0svb5vz08n3j4lx4kdjmx5lw9619kvvxg981rs6chh83qz5y519k" - ; - } - ; - }) + pkgsUnstableSmall.signal-desktop.overrideAttrs (old: + lib.attrsets.optionalAttrs pkgs.stdenv.isAarch64 { + inherit version; + src = + builtins.fetchurl + { + url = "https://github.com/0mniteck/Signal-Desktop-Mobian/raw/master/builds/release/signal-desktop_${version}_arm64.deb"; + sha256 = + # lib.fakeSha256 + "sha256:0svb5vz08n3j4lx4kdjmx5lw9619kvvxg981rs6chh83qz5y519k"; + }; + }) ) thunderbird # gnome.cheese - # Virtualization # virtmanager @@ -141,8 +138,6 @@ in remmina # freerdp - - # Audio/Video Players ffmpeg vlc @@ -193,7 +188,6 @@ in # mendeley evince - # File Synchronzation maestral rsync @@ -208,7 +202,6 @@ in # gparted # smartmontools - ## Python # packages'.myPython @@ -257,9 +250,10 @@ in # '') ]) ++ (lib.lists.optionals (!pkgs.stdenv.targetPlatform.isAarch64) [ - ]) + ]) ++ (lib.lists.optionals (!pkgs.stdenv.targetPlatform.isAarch64) [ - (pkgs.banana-accounting.overrideDerivation + ( + pkgs.banana-accounting.overrideDerivation (attrs: with nodeFlake.inputs'.nixpkgs-2211.legacyPackages; { # dontWrapGApps = true; @@ -300,8 +294,7 @@ in pkgs.discord pkgsUnstableSmall.session-desktop pkgsUnstableSmall.rustdesk - ]) - ; + ]); systemd.user.startServices = true; services.syncthing.enable = true; diff --git a/nix/home-manager/profiles/common.nix b/nix/home-manager/profiles/common.nix index 4ea2e6c..9df371b 100644 --- a/nix/home-manager/profiles/common.nix +++ b/nix/home-manager/profiles/common.nix @@ -1,4 +1,8 @@ -{ pkgs, lib, ... }: { +{ + pkgs, + lib, + ... +}: { # TODO: re-enable this with the appropriate version? # programs.home-manager.enable = true; # programs.home-manager.path = https://github.com/rycee/home-manager/archive/445c0b1482c38172a9f8294ee16a7ca7462388e5.tar.gz; @@ -8,7 +12,7 @@ allowBroken = false; allowUnfree = true; - permittedInsecurePackages = [ ]; + permittedInsecurePackages = []; }; home.keyboard = { @@ -32,7 +36,7 @@ programs.fzf.enable = true; home.packages = - [ ] + [] ++ (with pkgs; [ coreutils diff --git a/nix/home-manager/profiles/dotfiles.nix b/nix/home-manager/profiles/dotfiles.nix index c702f82..670ea75 100644 --- a/nix/home-manager/profiles/dotfiles.nix +++ b/nix/home-manager/profiles/dotfiles.nix @@ -1,18 +1,18 @@ -{ repoFlake -, pkgs -, config -, repoHttps ? "https://gitlab.com/steveeJ/dotfiles.git" -, repoSsh ? "git@gitlab.com:/steveeJ/dotfiles.git" -, ... -}: -let +{ + repoFlake, + pkgs, + config, + repoHttps ? "https://gitlab.com/steveeJ/dotfiles.git", + repoSsh ? "git@gitlab.com:/steveeJ/dotfiles.git", + ... +}: let repoBareLocal = pkgs.runCommand "fetchbare" - { - outputHashMode = "recursive"; - outputHashAlgo = "sha256"; - outputHash = "0000000000000000000000000000000000000000000000000000"; - } '' + { + outputHashMode = "recursive"; + outputHashAlgo = "sha256"; + outputHash = "0000000000000000000000000000000000000000000000000000"; + } '' ( set -xe export GIT_SSL_CAINFO=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt @@ -39,9 +39,7 @@ let set_remotes ${repoHttps} ${repoSsh} fi ''; - -in -{ +in { # TODO: fix the dotfiles # home.activation.vcsh = config.lib.dag.entryAfter["linkGeneration"] '' # $DRY_RUN_CMD ${vcshActivationScript} diff --git a/nix/home-manager/profiles/sway-desktop.nix b/nix/home-manager/profiles/sway-desktop.nix index a30fb64..284a8a1 100644 --- a/nix/home-manager/profiles/sway-desktop.nix +++ b/nix/home-manager/profiles/sway-desktop.nix @@ -1,19 +1,18 @@ -{ pkgs -, config -, lib -, # packages', - repoFlakeInputs' -, ... -}: -let - inherit (import ../lib.nix { }) mkSimpleTrayService; +{ + pkgs, + config, + lib, + # packages', + repoFlakeInputs', + ... +}: let + inherit (import ../lib.nix {}) mkSimpleTrayService; lockCmd = "${pkgs.swaylock}/bin/swaylock -efF --color '#000000'"; displayOffCmd = "${pkgs.sway}/bin/swaymsg 'output * power off'"; displayOnCmd = "${pkgs.sway}/bin/swaymsg 'output * power on'"; swapOutputWorkspaces = ../../../scripts/sway-swapoutputworkspaces.sh; -in -{ +in { imports = [ ../profiles/wayland-desktop.nix ../programs/waybar.nix @@ -86,106 +85,104 @@ in systemd.enable = true; xwayland = true; - config = - let - modifier = "Mod4"; - inherit (config.wayland.windowManager.sway.config) left right up down; - in - { - inherit modifier; - bars = [ ]; + config = let + modifier = "Mod4"; + inherit (config.wayland.windowManager.sway.config) left right up down; + in { + inherit modifier; + bars = []; - input = { - "type:keyboard" = - { - xkb_layout = config.home.keyboard.layout; - xkb_variant = config.home.keyboard.variant; - } - // lib.attrsets.optionalAttrs (builtins.length (config.home.keyboard.options or [ ]) > 0) { - xkb_options = builtins.concatStringsSep "," config.home.keyboard.options; - }; - - "type:touchpad" = { - natural_scroll = "enabled"; + input = { + "type:keyboard" = + { + xkb_layout = config.home.keyboard.layout; + xkb_variant = config.home.keyboard.variant; + } + // lib.attrsets.optionalAttrs (builtins.length (config.home.keyboard.options or []) > 0) { + xkb_options = builtins.concatStringsSep "," config.home.keyboard.options; }; + + "type:touchpad" = { + natural_scroll = "enabled"; }; - - keybindings = lib.mkOptionDefault { - # as of 2023-05-21 the `!!` arg parsing mode was broken for me on yofi - # "${modifier}+d" = "exec ${packages'.yofi}/bin/yofi binapps"; - "${modifier}+d" = "exec ${pkgs.fuzzel}/bin/fuzzel --show-actions"; - - # only 1-9 exist on the default config - "${modifier}+0" = "workspace number 0"; - "${modifier}+Shift+0" = "move container to workspace number 0"; - - # disable splitting for now as i sometimes trigger it accidentally and then get stuck with it - "${modifier}+b" = "nop"; - "${modifier}+v" = "nop"; - - # move workspace to output - "${modifier}+Control+Shift+${left}" = "move workspace to output left"; - "${modifier}+Control+Shift+${right}" = "move workspace to output right"; - "${modifier}+Control+Shift+${up}" = "move workspace to output up"; - "${modifier}+Control+Shift+${down}" = "move workspace to output down"; - # move workspace to output with arrow keys - "${modifier}+Control+Shift+Left" = "move workspace to output left"; - "${modifier}+Control+Shift+Right" = "move workspace to output right"; - "${modifier}+Control+Shift+Up" = "move workspace to output up"; - "${modifier}+Control+Shift+Down" = "move workspace to output down"; - - "${modifier}+Shift+e" = "exec ${pkgs.sway}/bin/swaymsg exit"; - "${modifier}+q" = "kill"; - "${modifier}+Shift+q" = "exec ${pkgs.sway}/bin/swaymsg -t get_tree | ${pkgs.jq}/bin/jq 'recurse(.nodes[], .floating_nodes[]) | select(.focused).pid' | ${pkgs.findutils}/bin/xargs -L1 kill -9"; - - "${modifier}+x" = "exec ${swapOutputWorkspaces}"; - - "${modifier}+Ctrl+l" = "exec ${lockCmd}"; - - "--locked XF86AudioPlay" = "exec ${pkgs.playerctl}/bin/playerctl play-pause"; - "XF86AudioPrev" = "exec ${pkgs.playerctl}/bin/playerctl previous"; - "XF86AudioNext" = "exec ${pkgs.playerctl}/bin/playerctl next"; - - "XF86AudioRaiseVolume" = "exec ${pkgs.pulsemixer}/bin/pulsemixer --change-volume +5"; - "XF86AudioLowerVolume" = "exec ${pkgs.pulsemixer}/bin/pulsemixer --change-volume -5"; - "--locked XF86AudioMute" = "exec ${pkgs.pulsemixer}/bin/pulsemixer --toggle-mute"; - - "Print" = "exec ${pkgs.shotman}/bin/shotman --capture region"; - }; - - terminal = "alacritty"; - startup = - [ - { - command = builtins.toString (pkgs.writeShellScript "ensure-graphical-session" '' - ( - ${pkgs.coreutils}/bin/sleep 0.2 - ${pkgs.systemd}/bin/systemctl --user restart graphical-session.target - ) & - ''); - } - ] - ++ lib.optionals config.services.swayidle.enable [ - { - command = builtins.toString (pkgs.writeShellScript "ensure-graphical-session" '' - ( - ${pkgs.coreutils}/bin/sleep 0.2 - ${pkgs.systemd}/bin/systemctl --user restart swayidle - ) & - ''); - } - ]; - - colors.focused = lib.mkOptionDefault { - childBorder = lib.mkForce "#ffa500"; - }; - - window.titlebar = false; - window.border = 4; - - # this maps to focus_on_window_activation - focus.newWindow = "urgent"; }; + + keybindings = lib.mkOptionDefault { + # as of 2023-05-21 the `!!` arg parsing mode was broken for me on yofi + # "${modifier}+d" = "exec ${packages'.yofi}/bin/yofi binapps"; + "${modifier}+d" = "exec ${pkgs.fuzzel}/bin/fuzzel --show-actions"; + + # only 1-9 exist on the default config + "${modifier}+0" = "workspace number 0"; + "${modifier}+Shift+0" = "move container to workspace number 0"; + + # disable splitting for now as i sometimes trigger it accidentally and then get stuck with it + "${modifier}+b" = "nop"; + "${modifier}+v" = "nop"; + + # move workspace to output + "${modifier}+Control+Shift+${left}" = "move workspace to output left"; + "${modifier}+Control+Shift+${right}" = "move workspace to output right"; + "${modifier}+Control+Shift+${up}" = "move workspace to output up"; + "${modifier}+Control+Shift+${down}" = "move workspace to output down"; + # move workspace to output with arrow keys + "${modifier}+Control+Shift+Left" = "move workspace to output left"; + "${modifier}+Control+Shift+Right" = "move workspace to output right"; + "${modifier}+Control+Shift+Up" = "move workspace to output up"; + "${modifier}+Control+Shift+Down" = "move workspace to output down"; + + "${modifier}+Shift+e" = "exec ${pkgs.sway}/bin/swaymsg exit"; + "${modifier}+q" = "kill"; + "${modifier}+Shift+q" = "exec ${pkgs.sway}/bin/swaymsg -t get_tree | ${pkgs.jq}/bin/jq 'recurse(.nodes[], .floating_nodes[]) | select(.focused).pid' | ${pkgs.findutils}/bin/xargs -L1 kill -9"; + + "${modifier}+x" = "exec ${swapOutputWorkspaces}"; + + "${modifier}+Ctrl+l" = "exec ${lockCmd}"; + + "--locked XF86AudioPlay" = "exec ${pkgs.playerctl}/bin/playerctl play-pause"; + "XF86AudioPrev" = "exec ${pkgs.playerctl}/bin/playerctl previous"; + "XF86AudioNext" = "exec ${pkgs.playerctl}/bin/playerctl next"; + + "XF86AudioRaiseVolume" = "exec ${pkgs.pulsemixer}/bin/pulsemixer --change-volume +5"; + "XF86AudioLowerVolume" = "exec ${pkgs.pulsemixer}/bin/pulsemixer --change-volume -5"; + "--locked XF86AudioMute" = "exec ${pkgs.pulsemixer}/bin/pulsemixer --toggle-mute"; + + "Print" = "exec ${pkgs.shotman}/bin/shotman --capture region"; + }; + + terminal = "alacritty"; + startup = + [ + { + command = builtins.toString (pkgs.writeShellScript "ensure-graphical-session" '' + ( + ${pkgs.coreutils}/bin/sleep 0.2 + ${pkgs.systemd}/bin/systemctl --user restart graphical-session.target + ) & + ''); + } + ] + ++ lib.optionals config.services.swayidle.enable [ + { + command = builtins.toString (pkgs.writeShellScript "ensure-graphical-session" '' + ( + ${pkgs.coreutils}/bin/sleep 0.2 + ${pkgs.systemd}/bin/systemctl --user restart swayidle + ) & + ''); + } + ]; + + colors.focused = lib.mkOptionDefault { + childBorder = lib.mkForce "#ffa500"; + }; + + window.titlebar = false; + window.border = 4; + + # this maps to focus_on_window_activation + focus.newWindow = "urgent"; + }; }; services.swayidle = { diff --git a/nix/home-manager/profiles/wayland-desktop.nix b/nix/home-manager/profiles/wayland-desktop.nix index 298aaf5..cf77c15 100644 --- a/nix/home-manager/profiles/wayland-desktop.nix +++ b/nix/home-manager/profiles/wayland-desktop.nix @@ -1,17 +1,16 @@ -{ pkgs -, config -, lib -, repoFlake -, nodeFlake -, ... -}: -let - inherit (import ../lib.nix { }) mkSimpleTrayService; +{ + pkgs, + config, + lib, + repoFlake, + nodeFlake, + ... +}: let + inherit (import ../lib.nix {}) mkSimpleTrayService; nixpkgs-wayland' = repoFlake.inputs.nixpkgs-wayland.packages.${pkgs.system}; wayprompt = nixpkgs-wayland'.wayprompt; -in -{ +in { fonts.fontconfig.enable = true; # services.gpg-agent.pinentryFlavor = lib.mkForce null; @@ -27,43 +26,46 @@ in systemd.user.targets.tray = { Unit = { Description = "Home Manager System Tray"; - Requires = [ "graphical-session-pre.target" ]; + Requires = ["graphical-session-pre.target"]; }; }; - home.packages = with pkgs; [ - # required by network-manager-applet - pkgs.networkmanagerapplet - - wlr-randr - wayout - wl-clipboard - wmctrl - - nixpkgs-wayland'.shotman - - # identifies key input syms - wev - - # TODO: whwat's this for? - # wltype - - pavucontrol - playerctl - pasystray - qt5.qtwayland - qt6.qtwayland - # libsForQt5.qt5.qtwayland - # libsForQt6.qt6.qtwayland - - # probably required by flameshot - # xdg-desktop-portal xdg-desktop-portal-wlr - # grim - ] ++ (lib.lists.optionals (!pkgs.stdenv.isAarch64) - # TODO: broken on aarch64 + home.packages = with pkgs; [ + # required by network-manager-applet + pkgs.networkmanagerapplet + + wlr-randr + wayout + wl-clipboard + wmctrl + + nixpkgs-wayland'.shotman + + # identifies key input syms + wev + + # TODO: whwat's this for? + # wltype + + pavucontrol + playerctl + pasystray + qt5.qtwayland + qt6.qtwayland + # libsForQt5.qt5.qtwayland + # libsForQt6.qt6.qtwayland + + # probably required by flameshot + # xdg-desktop-portal xdg-desktop-portal-wlr + # grim ] - ); + ++ ( + lib.lists.optionals (!pkgs.stdenv.isAarch64) + # TODO: broken on aarch64 + [ + ] + ); home.sessionVariables = { XDG_SESSION_TYPE = "wayland"; diff --git a/nix/home-manager/programs/chromium.nix b/nix/home-manager/programs/chromium.nix index 1119653..3552e7b 100644 --- a/nix/home-manager/programs/chromium.nix +++ b/nix/home-manager/programs/chromium.nix @@ -1,16 +1,16 @@ -{ name -, lib -, pkgs -, ... -}: -let +{ + name, + lib, + pkgs, + ... +}: let extensions = [ #undetectable adblocker - { id = "gcfcpohokifjldeandkfjoboemihipmb"; } + {id = "gcfcpohokifjldeandkfjoboemihipmb";} # ublock origin - { id = "cjpalhdlnbpafiamejdnhcphjbkeiagm"; } + {id = "cjpalhdlnbpafiamejdnhcphjbkeiagm";} # # YT ad block # {id = "cmedhionkhpnakcndndgjdbohmhepckk";} @@ -19,15 +19,15 @@ let # {id = "cfhdojbkjhnklbpkdaibdccddilifddb";} # Cookie Notice Blocker - { id = "odhmfmnoejhihkmfebnolljiibpnednn"; } + {id = "odhmfmnoejhihkmfebnolljiibpnednn";} # i don't care about cookies - { id = "fihnjjcciajhdojfnbdddfaoknhalnja"; } + {id = "fihnjjcciajhdojfnbdddfaoknhalnja";} # NopeCHA - { id = "dknlfmjaanfblgfdfebhijalfmhmjjjo"; } + {id = "dknlfmjaanfblgfdfebhijalfmhmjjjo";} # h264ify - { id = "aleakchihdccplidncghkekgioiakgal"; } + {id = "aleakchihdccplidncghkekgioiakgal";} # clippy # {id = "honbeilkanbghjimjoniipnnehlmhggk"} @@ -38,20 +38,19 @@ let } # cookie autodelete - { id = "fhcgjolkccmbidfldomjliifgaodjagh"; } + {id = "fhcgjolkccmbidfldomjliifgaodjagh";} # unhook - { id = "khncfooichmfjbepaaaebmommgaepoid"; } + {id = "khncfooichmfjbepaaaebmommgaepoid";} ] ++ (lib.lists.optionals ((builtins.match "^steveej.*" name) != null) [ # Vimium C - { id = "hfjbmagddngcpeloejdejnfgbamkjaeg"; } + {id = "hfjbmagddngcpeloejdejnfgbamkjaeg";} # always right - { id = "npjpaghfnndnnmjiliibnkmdfgbojokj"; } + {id = "npjpaghfnndnnmjiliibnkmdfgbojokj";} ]); -in -{ +in { programs.chromium = { enable = true; inherit extensions; @@ -63,5 +62,5 @@ in inherit extensions; }; - programs.browserpass = { browsers = [ "chromium" "brave" ]; }; + programs.browserpass = {browsers = ["chromium" "brave"];}; } diff --git a/nix/home-manager/programs/espanso.nix b/nix/home-manager/programs/espanso.nix index 439ced1..23f727a 100644 --- a/nix/home-manager/programs/espanso.nix +++ b/nix/home-manager/programs/espanso.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: { +{pkgs, ...}: { services.espanso = { # package = pkgs.espanso.overrideAttrs(_: { # # src = @@ -10,66 +10,64 @@ # backend = "Clipboard"; }; }; - matches = - let - playerctl = '' - ${pkgs.coreutils}/bin/env DBUS_SESSION_BUS_ADDRESS="unix:path=/run/user/$(${pkgs.coreutils}/bin/id -u)/bus" ${pkgs.playerctl}/bin/playerctl''; - in - { - default = { - matches = [ - { - trigger = ":vpos"; - replace = "{{output}}"; - vars = [ - { - name = "output"; - type = "script"; - params = { - args = [ - (pkgs.writeScript "espanso" '' - #! ${pkgs.python3}/bin/python - import subprocess, os, math, datetime + matches = let + playerctl = '' + ${pkgs.coreutils}/bin/env DBUS_SESSION_BUS_ADDRESS="unix:path=/run/user/$(${pkgs.coreutils}/bin/id -u)/bus" ${pkgs.playerctl}/bin/playerctl''; + in { + default = { + matches = [ + { + trigger = ":vpos"; + replace = "{{output}}"; + vars = [ + { + name = "output"; + type = "script"; + params = { + args = [ + (pkgs.writeScript "espanso" '' + #! ${pkgs.python3}/bin/python + import subprocess, os, math, datetime - id=str(os.getuid()) - result=subprocess.run(args=["${pkgs.playerctl}/bin/playerctl", "position"], env={"DBUS_SESSION_BUS_ADDRESS": "unix:path=/run/user/"+id+"/bus"},capture_output=True) - result.check_returncode() + id=str(os.getuid()) + result=subprocess.run(args=["${pkgs.playerctl}/bin/playerctl", "position"], env={"DBUS_SESSION_BUS_ADDRESS": "unix:path=/run/user/"+id+"/bus"},capture_output=True) + result.check_returncode() - position_secs = math.trunc(float(result.stdout)) - position_human = datetime.timedelta(seconds=position_secs) - print("%s - %s" % (position_human, position_secs)) - '') - ]; - }; - } - ]; - } - { - trigger = ":vtit"; - replace = "{{output}}"; - vars = [ - { - name = "output"; - type = "script"; - params = { - args = [ - (pkgs.writeShellScript "espanso" - "${playerctl} metadata title") - ]; - }; - } - ]; - } - { - trigger = ":dunno"; - replace = "¯\\_(ツ)_/¯"; - } - { - trigger = ":shrug"; - replace = "¯\\_(ツ)_/¯"; - } - ]; - }; + position_secs = math.trunc(float(result.stdout)) + position_human = datetime.timedelta(seconds=position_secs) + print("%s - %s" % (position_human, position_secs)) + '') + ]; + }; + } + ]; + } + { + trigger = ":vtit"; + replace = "{{output}}"; + vars = [ + { + name = "output"; + type = "script"; + params = { + args = [ + (pkgs.writeShellScript "espanso" + "${playerctl} metadata title") + ]; + }; + } + ]; + } + { + trigger = ":dunno"; + replace = "¯\\_(ツ)_/¯"; + } + { + trigger = ":shrug"; + replace = "¯\\_(ツ)_/¯"; + } + ]; }; + }; }; } diff --git a/nix/home-manager/programs/pass.nix b/nix/home-manager/programs/pass.nix index a17e9a0..7c1f221 100644 --- a/nix/home-manager/programs/pass.nix +++ b/nix/home-manager/programs/pass.nix @@ -1,4 +1,8 @@ -{repoFlake, pkgs, ...}: { +{ + repoFlake, + pkgs, + ... +}: { # required by pass-otp # home.sessionVariables.PASSWORD_STORE_EXTENSIONS_DIR = "$HOME/.nix-profile/lib/password-store/extensions"; # home.sessionVariables.PASSWORD_STORE_ENABLE_EXTENSIONS = "true"; diff --git a/nix/home-manager/programs/radicale.nix b/nix/home-manager/programs/radicale.nix index 1a89d95..207b9e6 100644 --- a/nix/home-manager/programs/radicale.nix +++ b/nix/home-manager/programs/radicale.nix @@ -1,10 +1,10 @@ -{ config -, lib -, pkgs -, osConfig -, ... -}: -let +{ + config, + lib, + pkgs, + osConfig, + ... +}: let libdecsync = pkgs.python3Packages.buildPythonPackage rec { pname = "libdecsync"; version = "2.2.1"; @@ -38,53 +38,50 @@ let # pkgs.libxcrypt ]; - propagatedBuildInputs = [ libdecsync pkgs.python3Packages.setuptools ]; + propagatedBuildInputs = [libdecsync pkgs.python3Packages.setuptools]; }; radicale-decsync = pkgs.radicale.overrideAttrs (old: { propagatedBuildInputs = old.propagatedBuildInputs - ++ [ radicale-storage-decsync ]; + ++ [radicale-storage-decsync]; }); - mkRadicaleService = - { suffix - , port - , - }: - let - radicale-config = pkgs.writeText "radicale-config-${suffix}" '' - [server] - hosts = localhost:${builtins.toString port} + mkRadicaleService = { + suffix, + port, + }: let + radicale-config = pkgs.writeText "radicale-config-${suffix}" '' + [server] + hosts = localhost:${builtins.toString port} - [auth] - type = htpasswd - htpasswd_filename = ${osConfig.sops.secrets.radicale_htpasswd.path} - htpasswd_encryption = bcrypt + [auth] + type = htpasswd + htpasswd_filename = ${osConfig.sops.secrets.radicale_htpasswd.path} + htpasswd_encryption = bcrypt - [storage] - type = radicale_storage_decsync - filesystem_folder = ${config.xdg.dataHome}/radicale/radicale-${suffix} - decsync_dir = ${config.xdg.dataHome}/decsync/decsync-${suffix} - ''; - in - { - systemd.user.services."radicale-${suffix}" = { - Unit.Description = "Radicale with DecSync (${suffix})"; - Service = { - ExecStart = "${radicale-decsync}/bin/radicale -C ${radicale-config}"; - Restart = "on-failure"; - }; - Install.WantedBy = [ "default.target" ]; + [storage] + type = radicale_storage_decsync + filesystem_folder = ${config.xdg.dataHome}/radicale/radicale-${suffix} + decsync_dir = ${config.xdg.dataHome}/decsync/decsync-${suffix} + ''; + in { + systemd.user.services."radicale-${suffix}" = { + Unit.Description = "Radicale with DecSync (${suffix})"; + Service = { + ExecStart = "${radicale-decsync}/bin/radicale -C ${radicale-config}"; + Restart = "on-failure"; }; + Install.WantedBy = ["default.target"]; }; + }; in -builtins.foldl' (sum: cur: lib.recursiveUpdate sum (mkRadicaleService cur)) { } [ - { - suffix = "personal"; - port = 5232; - } - { - suffix = "family"; - port = 5233; - } -] + builtins.foldl' (sum: cur: lib.recursiveUpdate sum (mkRadicaleService cur)) {} [ + { + suffix = "personal"; + port = 5232; + } + { + suffix = "family"; + port = 5233; + } + ] diff --git a/nix/home-manager/programs/vscode/default.nix b/nix/home-manager/programs/vscode/default.nix index 417db07..a0c0d76 100644 --- a/nix/home-manager/programs/vscode/default.nix +++ b/nix/home-manager/programs/vscode/default.nix @@ -1,17 +1,21 @@ -{ pkgs, nodeFlake, ... }: { + pkgs, + nodeFlake, + ... +}: { programs.vscode = { enable = true; package = pkgs.vscodium; - extensions = [ - # TODO: how can i install (this) vsix(s) directly? - # (builtins.fetchurl { - # # https://open-vsx.org/extension/jeanp413/open-remote-ssh - # url = "https://open-vsx.org/api/jeanp413/open-remote-ssh/0.0.45/file/jeanp413.open-remote-ssh-0.0.45.vsix"; - # sha256 = "1qc1qsahfx1nvznq4adplx63w5d94xhafngv76vnqjjbzhv991v2"; - # }) - ] ++ (with pkgs.vscode-extensions; + extensions = [ + # TODO: how can i install (this) vsix(s) directly? + # (builtins.fetchurl { + # # https://open-vsx.org/extension/jeanp413/open-remote-ssh + # url = "https://open-vsx.org/api/jeanp413/open-remote-ssh/0.0.45/file/jeanp413.open-remote-ssh-0.0.45.vsix"; + # sha256 = "1qc1qsahfx1nvznq4adplx63w5d94xhafngv76vnqjjbzhv991v2"; + # }) + ] + ++ (with pkgs.vscode-extensions; [ bbenoist.nix eamodio.gitlens mkhl.direnv @@ -34,7 +38,7 @@ mutableExtensionsDir = true; }; - home.packages = [ pkgs.nixpkgs-fmt pkgs.alejandra ]; + home.packages = [pkgs.nixpkgs-fmt pkgs.alejandra]; } # TODO: automate ### original list: diff --git a/nix/home-manager/programs/zsh.nix b/nix/home-manager/programs/zsh.nix index abe7a5c..40e603d 100644 --- a/nix/home-manager/programs/zsh.nix +++ b/nix/home-manager/programs/zsh.nix @@ -1,30 +1,29 @@ -{ config -, lib -, pkgs -, ... -}: -let - just-plugin = - let - plugin_file = pkgs.writeText "_just" '' - #compdef just - #autload +{ + config, + lib, + pkgs, + ... +}: let + just-plugin = let + plugin_file = pkgs.writeText "_just" '' + #compdef just + #autload - alias justl="\just --list" - alias juste="\just --evaluate" + alias justl="\just --list" + alias juste="\just --evaluate" - local subcmds=() + local subcmds=() - while read -r line ; do - if [[ ! $line == Available* ]] ; - then - subcmds+=(''${line/[[:space:]]*\#/:}) - fi - done < <(just --list) + while read -r line ; do + if [[ ! $line == Available* ]] ; + then + subcmds+=(''${line/[[:space:]]*\#/:}) + fi + done < <(just --list) - _describe 'command' subcmds - ''; - in + _describe 'command' subcmds + ''; + in pkgs.stdenv.mkDerivation { name = "just-completions"; version = "0.1.0"; @@ -36,8 +35,7 @@ let chmod --recursive a-w $out ''; }; -in -{ +in { programs.zsh = { enable = true; @@ -48,58 +46,56 @@ in # will be called again by oh-my-zsh enableCompletion = false; enableAutosuggestions = true; - initExtra = - let - inNixShell = ''$([[ -n "$IN_NIX_SHELL" ]] && printf " 🐚")''; - in - '' - if test ! -n "$TMPDIR" -a -z "$TMPDIR"; then - unset TMPDIR - fi + initExtra = let + inNixShell = ''$([[ -n "$IN_NIX_SHELL" ]] && printf " 🐚")''; + in '' + if test ! -n "$TMPDIR" -a -z "$TMPDIR"; then + unset TMPDIR + fi - if test ! -n "$TMP" -a -z "$TMP"; then - unset TMP - fi + if test ! -n "$TMP" -a -z "$TMP"; then + unset TMP + fi - PROMPT='%F{%(!.red.green)}%n%f@%m %(?.%F{green}✓%f.%F{red}✗ ($?%))%f %F{blue}%~%f${inNixShell}%F{magenta}$(git_prompt_info)%f$prompt_newline%_%F{%(!.red.green)}$(prompt_char)%f ' - RPROMPT="" + PROMPT='%F{%(!.red.green)}%n%f@%m %(?.%F{green}✓%f.%F{red}✗ ($?%))%f %F{blue}%~%f${inNixShell}%F{magenta}$(git_prompt_info)%f$prompt_newline%_%F{%(!.red.green)}$(prompt_char)%f ' + RPROMPT="" - # Automatic rehash - zstyle ':completion:*' rehash true + # Automatic rehash + zstyle ':completion:*' rehash true - if [ -f $HOME/.shrc.d/sh_aliases ]; then - . $HOME/.shrc.d/sh_aliases - fi + if [ -f $HOME/.shrc.d/sh_aliases ]; then + . $HOME/.shrc.d/sh_aliases + fi - ${ - if builtins.hasAttr "homeshick" pkgs - then '' - source ${pkgs.homeshick}/homeshick.sh - fpath=(${pkgs.homeshick}/completions $fpath) - '' - else "" - } + ${ + if builtins.hasAttr "homeshick" pkgs + then '' + source ${pkgs.homeshick}/homeshick.sh + fpath=(${pkgs.homeshick}/completions $fpath) + '' + else "" + } - # Disable intercepting of ctrl-s and ctrl-q as flow control. - stty stop ''' -ixoff -ixon + # Disable intercepting of ctrl-s and ctrl-q as flow control. + stty stop ''' -ixoff -ixon - # don't cd into directories when executed - unsetopt AUTO_CD + # don't cd into directories when executed + unsetopt AUTO_CD - # print lines without termination - setopt PROMPT_CR - setopt PROMPT_SP - export PROMPT_EOL_MARK="" + # print lines without termination + setopt PROMPT_CR + setopt PROMPT_SP + export PROMPT_EOL_MARK="" - ${lib.optionalString config.services.gpg-agent.enable '' - export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/gnupg/S.gpg-agent.ssh" - ''} + ${lib.optionalString config.services.gpg-agent.enable '' + export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/gnupg/S.gpg-agent.ssh" + ''} - ${lib.optionalString config.programs.neovim.enable '' - export EDITOR="nvim" - ''} - ''; + ${lib.optionalString config.programs.neovim.enable '' + export EDITOR="nvim" + ''} + ''; plugins = [ { @@ -132,7 +128,7 @@ in oh-my-zsh = { enable = true; theme = "tjkirch"; - plugins = [ "git" "sudo" ]; + plugins = ["git" "sudo"]; }; }; } diff --git a/nix/os/devices/router0-dmz0/configuration.nix b/nix/os/devices/router0-dmz0/configuration.nix index 9256425..366c640 100644 --- a/nix/os/devices/router0-dmz0/configuration.nix +++ b/nix/os/devices/router0-dmz0/configuration.nix @@ -1,14 +1,14 @@ -{ repoFlake -, pkgs -, lib -, config -, nodeFlake -, nodeName -, localDomainName -, system -, ... -}: -let +{ + repoFlake, + pkgs, + lib, + config, + nodeFlake, + nodeName, + localDomainName, + system, + ... +}: let inherit (nodeFlake.inputs) bpir3 @@ -18,20 +18,23 @@ let vlanRangeStart = builtins.head vlanRange; vlanRangeEnd = builtins.elemAt vlanRange ((builtins.length vlanRange) - 1); vlanRange = builtins.map (vlanid: (lib.strings.toInt vlanid)) (builtins.attrNames vlans); - vlanRangeWith0 = [ 0 ] ++ vlanRange; + vlanRangeWith0 = [0] ++ vlanRange; - mkVlanIpv4HostAddr = { vlanid, host, thirdIpv4SegmentMin ? 20, cidr ? true }: - let - # reserve the first subnet for vlanid == 0 - # number the other subnets continously from there - offset = - if vlanid == 0 - then thirdIpv4SegmentMin - else thirdIpv4SegmentMin + 1 - vlanRangeStart; - - in + mkVlanIpv4HostAddr = { + vlanid, + host, + thirdIpv4SegmentMin ? 20, + cidr ? true, + }: let + # reserve the first subnet for vlanid == 0 + # number the other subnets continously from there + offset = + if vlanid == 0 + then thirdIpv4SegmentMin + else thirdIpv4SegmentMin + 1 - vlanRangeStart; + in builtins.concatStringsSep "." - [ "192" "168" (toString (vlanid + offset)) "${toString host}${lib.strings.optionalString cidr "/24"}" ]; + ["192" "168" (toString (vlanid + offset)) "${toString host}${lib.strings.optionalString cidr "/24"}"]; defaultVlan = { name = "${localDomainName}"; @@ -58,32 +61,33 @@ let "15".packet_priority = -10; }; - vlansByName = lib.attrsets.mapAttrs' - (vlanid': attrs: - lib.attrsets.nameValuePair + vlansByName = + lib.attrsets.mapAttrs' + ( + vlanid': attrs: + lib.attrsets.nameValuePair attrs.name - (attrs // { id = lib.strings.toInt vlanid'; id' = vlanid'; }) + (attrs + // { + id = lib.strings.toInt vlanid'; + id' = vlanid'; + }) ) vlans; - getVlanDomain = { vlanid }: + getVlanDomain = {vlanid}: if vlanid == 0 - then - defaultVlan.name - else - vlans."${toString vlanid}".name + "." + defaultVlan.name - ; + then defaultVlan.name + else vlans."${toString vlanid}".name + "." + defaultVlan.name; bridgeInterfaceName = "br-lan"; - mkInterfaceName = { vlanid }: + mkInterfaceName = {vlanid}: if vlanid == 0 then bridgeInterfaceName - else "${bridgeInterfaceName}.${toString vlanid}" - ; + else "${bridgeInterfaceName}.${toString vlanid}"; exposedHost = "sj-srv1.dmz.internal"; -in -{ +in { imports = [ repoFlake.inputs.sops-nix.nixosModules.sops @@ -122,8 +126,8 @@ in sops.secrets.passwords-root.neededForUsers = true; - sops.secrets.wlan0_saePasswordsFile = { }; - sops.secrets.wlan0_wpaPskFile = { }; + sops.secrets.wlan0_saePasswordsFile = {}; + sops.secrets.wlan0_wpaPskFile = {}; } ]; @@ -179,324 +183,355 @@ in # https://github.com/thelegy/nixos-nftables-firewall/tree/main # TODO: configure packet_priority for VLANs (see https://wiki.nftables.org/wiki-nftables/index.php/Configuring_chains#Base_chain_priority, https://wiki.nftables.org/wiki-nftables/index.php/Setting_packet_metainformation#packet_priority) - nftables = - { - enable = true; - stopRuleset = ""; + nftables = { + enable = true; + stopRuleset = ""; - chains = { - prerouting = { - "exposeHost" = { - after = [ "hook" ]; - rules = - let - wanInterfaces = builtins.concatStringsSep ", " config.networking.nftables.firewall.zones.wan.interfaces; - in - # TODO: if this hostname doesn't resolve it'll break the whole ruleset - [ - "iifname { ${wanInterfaces} } tcp dport 220 redirect to 22" - "iifname { ${wanInterfaces} } dnat ip to ${exposedHost}" - ]; - }; + chains = { + prerouting = { + "exposeHost" = { + after = ["hook"]; + rules = let + wanInterfaces = builtins.concatStringsSep ", " config.networking.nftables.firewall.zones.wan.interfaces; + in + # TODO: if this hostname doesn't resolve it'll break the whole ruleset + [ + "iifname { ${wanInterfaces} } tcp dport 220 redirect to 22" + "iifname { ${wanInterfaces} } dnat ip to ${exposedHost}" + ]; }; }; + }; - firewall = { - enable = true; - zones = { - lan.interfaces = [ (mkInterfaceName { vlanid = 0; }) ]; - vlan.interfaces = builtins.map (vlanid: (mkInterfaceName { inherit vlanid; })) vlanRange; + firewall = { + enable = true; + zones = + { + lan.interfaces = [(mkInterfaceName {vlanid = 0;})]; + vlan.interfaces = builtins.map (vlanid: (mkInterfaceName {inherit vlanid;})) vlanRange; # lan.ipv4Addresses = ["192.168.0.0/16"]; - wan.interfaces = [ "wan" "lan0" ]; - } // + wan.interfaces = ["wan" "lan0"]; + } + // # generate a zone for each vlan lib.attrsets.mapAttrs - (key: value: { - interfaces = [ (mkInterfaceName { vlanid = value.id; }) ]; - }) - vlansByName - ; - rules = - let - ipv6IcmpTypes = [ - "destination-unreachable" - "echo-reply" - "echo-request" - "packet-too-big" - "parameter-problem" - "time-exceeded" + (key: value: { + interfaces = [(mkInterfaceName {vlanid = value.id;})]; + }) + vlansByName; + rules = let + ipv6IcmpTypes = [ + "destination-unreachable" + "echo-reply" + "echo-request" + "packet-too-big" + "parameter-problem" + "time-exceeded" - # Without the nd-* ones ipv6 will not work. - "nd-neighbor-solicit" - "nd-router-advert" - "nd-neighbor-advert" + # Without the nd-* ones ipv6 will not work. + "nd-neighbor-solicit" + "nd-router-advert" + "nd-neighbor-advert" + ]; + ipv4IcmpTypes = [ + "destination-unreachable" + "echo-reply" + "echo-request" + "source-quench" + "time-exceeded" + "router-advertisement" + ]; + allowIcmpLines = [ + "ip protocol icmp icmp type { ${builtins.concatStringsSep ", " ipv4IcmpTypes} } accept" + "ip6 nexthdr icmpv6 icmpv6 type { ${builtins.concatStringsSep ", " ipv6IcmpTypes} } accept" + ]; + in { + fw = { + from = ["fw"]; + verdict = "accept"; + }; + + office-to-dmz = { + from = ["office"]; + to = ["dmz"]; + verdict = "accept"; + }; + + lan-to-fw = { + from = ["lan"]; + to = ["fw" "lan"]; + verdict = "accept"; + }; + + lan-to-wan = { + from = ["lan"]; + to = ["wan"]; + verdict = "accept"; + }; + + vlan-to-wan = { + from = ["vlan"]; + to = ["wan"]; + verdict = "accept"; + }; + + vlan-to-fw = { + allowedUDPPortRanges = [ + { + from = 67; + to = 68; + } + { + from = 53; + to = 53; + } + ]; + allowedTCPPortRanges = [ + { + from = 22; + to = 22; + } + { + from = 53; + to = 53; + } + { + from = 5201; + to = 5201; + } + ]; + from = ["vlan"]; + to = ["fw"]; + extraLines = + allowIcmpLines + ++ [ + "drop" ]; - ipv4IcmpTypes = [ - "destination-unreachable" - "echo-reply" - "echo-request" - "source-quench" - "time-exceeded" - "router-advertisement" + }; + + to-wan-nat = { + from = ["lan" "vlan"]; + to = ["wan"]; + masquerade = true; + verdict = "accept"; + }; + + wan-to-dmz = { + from = ["wan"]; + to = ["dmz"]; + verdict = "accept"; + }; + + wan-to-fw = { + from = ["wan"]; + to = ["fw"]; + allowedTCPPortRanges = [ + { + from = 22; + to = 22; + } + ]; + extraLines = + allowIcmpLines + ++ [ + "drop" ]; - allowIcmpLines = [ - "ip protocol icmp icmp type { ${builtins.concatStringsSep ", " ipv4IcmpTypes} } accept" - "ip6 nexthdr icmpv6 icmpv6 type { ${builtins.concatStringsSep ", " ipv6IcmpTypes} } accept" - ]; - in - { - fw = { - from = [ "fw" ]; - verdict = "accept"; - }; - - office-to-dmz = { - from = [ "office" ]; - to = [ "dmz" ]; - verdict = "accept"; - }; - - lan-to-fw = { - from = [ "lan" ]; - to = [ "fw" "lan" ]; - verdict = "accept"; - }; - - lan-to-wan = { - from = [ "lan" ]; - to = [ "wan" ]; - verdict = "accept"; - }; - - vlan-to-wan = { - from = [ "vlan" ]; - to = [ "wan" ]; - verdict = "accept"; - }; - - vlan-to-fw = { - allowedUDPPortRanges = [ - { from = 67; to = 68; } - { from = 53; to = 53; } - ]; - allowedTCPPortRanges = [ - { from = 22; to = 22; } - { from = 53; to = 53; } - { from = 5201; to = 5201; } - ]; - from = [ "vlan" ]; - to = [ "fw" ]; - extraLines = allowIcmpLines ++ [ - "drop" - ]; - }; - - to-wan-nat = { - from = [ "lan" "vlan" ]; - to = [ "wan" ]; - masquerade = true; - verdict = "accept"; - }; - - wan-to-dmz = { - from = [ "wan" ]; - to = [ "dmz" ]; - verdict = "accept"; - }; - - wan-to-fw = { - from = [ "wan" ]; - to = [ "fw" ]; - allowedTCPPortRanges = [ - { - from = 22; - to = 22; - } - ]; - extraLines = allowIcmpLines ++ [ - "drop" - ]; - }; - }; + }; }; }; + }; }; systemd.network = { wait-online.anyInterface = true; - netdevs = { - # Create the bridge interface - "20-${bridgeInterfaceName}" = { - netdevConfig = { - Kind = "bridge"; - Name = bridgeInterfaceName; + netdevs = + { + # Create the bridge interface + "20-${bridgeInterfaceName}" = { + netdevConfig = { + Kind = "bridge"; + Name = bridgeInterfaceName; + }; + + extraConfig = '' + [Bridge] + STP=yes + VLANFiltering=yes + VLANProtocol=802.1q + DefaultPVID=0 + ''; }; - - extraConfig = '' - [Bridge] - STP=yes - VLANFiltering=yes - VLANProtocol=802.1q - DefaultPVID=0 - ''; - }; - - } - # generate the vlan devices. these will be tagged on the main bridge - // builtins.foldl' + } + # generate the vlan devices. these will be tagged on the main bridge + // builtins.foldl' (acc: cur: acc // cur) - { } - (builtins.map - ({ vlanid, vlanid' }: { - "20-${mkInterfaceName { inherit vlanid; }}" = { + {} + ( + builtins.map + ({ + vlanid, + vlanid', + }: { + "20-${mkInterfaceName {inherit vlanid;}}" = { netdevConfig = { Kind = "vlan"; - Name = "${mkInterfaceName { inherit vlanid; }}"; + Name = "${mkInterfaceName {inherit vlanid;}}"; }; vlanConfig.Id = vlanid; }; }) - (builtins.map - (vlanid: { inherit vlanid; vlanid' = builtins.toString vlanid; }) + ( + builtins.map + (vlanid: { + inherit vlanid; + vlanid' = builtins.toString vlanid; + }) vlanRange ) - ) - ; - networks = { - # use lan0 as secondary WAN interface - "10-lan0-wan" = { - matchConfig.Name = "lan0"; - networkConfig = { - # start a DHCP Client for IPv4 Addressing/Routing - DHCP = "ipv4"; - # accept Router Advertisements for Stateless IPv6 Autoconfiguraton (SLAAC) - IPv6AcceptRA = true; - DNSOverTLS = true; - DNSSEC = true; - IPv6PrivacyExtensions = false; - IPForward = true; + ); + networks = + { + # use lan0 as secondary WAN interface + "10-lan0-wan" = { + matchConfig.Name = "lan0"; + networkConfig = { + # start a DHCP Client for IPv4 Addressing/Routing + DHCP = "ipv4"; + # accept Router Advertisements for Stateless IPv6 Autoconfiguraton (SLAAC) + IPv6AcceptRA = true; + DNSOverTLS = true; + DNSSEC = true; + IPv6PrivacyExtensions = false; + IPForward = true; + }; + # Don't wait for it as it also would wait for wlan and DFS which takes around 5 min + linkConfig.RequiredForOnline = "no"; }; - # Don't wait for it as it also would wait for wlan and DFS which takes around 5 min - linkConfig.RequiredForOnline = "no"; - }; - "10-wan" = { - matchConfig.Name = "wan"; - networkConfig = { - # start a DHCP Client for IPv4 Addressing/Routing - DHCP = "ipv4"; - # accept Router Advertisements for Stateless IPv6 Autoconfiguraton (SLAAC) - IPv6AcceptRA = true; - DNSOverTLS = true; - DNSSEC = true; - IPv6PrivacyExtensions = false; - IPForward = true; + "10-wan" = { + matchConfig.Name = "wan"; + networkConfig = { + # start a DHCP Client for IPv4 Addressing/Routing + DHCP = "ipv4"; + # accept Router Advertisements for Stateless IPv6 Autoconfiguraton (SLAAC) + IPv6AcceptRA = true; + DNSOverTLS = true; + DNSSEC = true; + IPv6PrivacyExtensions = false; + IPForward = true; + }; + # make routing on this interface a dependency for network-online.target + linkConfig.RequiredForOnline = "routable"; }; - # make routing on this interface a dependency for network-online.target - linkConfig.RequiredForOnline = "routable"; - }; - # Connect the bridge ports to the bridge - "30-lan1" = { - matchConfig.Name = "lan1"; - networkConfig = { - Bridge = bridgeInterfaceName; - ConfigureWithoutCarrier = true; + # Connect the bridge ports to the bridge + "30-lan1" = { + matchConfig.Name = "lan1"; + networkConfig = { + Bridge = bridgeInterfaceName; + ConfigureWithoutCarrier = true; + }; + linkConfig.RequiredForOnline = "enslaved"; + + bridgeVLANs = [ + { + bridgeVLANConfig = { + VLAN = vlansByName.dmz.id; + PVID = vlansByName.dmz.id; + EgressUntagged = vlansByName.dmz.id; + }; + } + ]; }; - linkConfig.RequiredForOnline = "enslaved"; - bridgeVLANs = [ - { - bridgeVLANConfig = { - VLAN = vlansByName.dmz.id; - PVID = vlansByName.dmz.id; - EgressUntagged = vlansByName.dmz.id; - }; - } - ]; - }; + "30-lan2" = { + matchConfig.Name = "lan2"; + networkConfig = { + Bridge = bridgeInterfaceName; + ConfigureWithoutCarrier = true; + }; + linkConfig.RequiredForOnline = "enslaved"; - "30-lan2" = { - matchConfig.Name = "lan2"; - networkConfig = { - Bridge = bridgeInterfaceName; - ConfigureWithoutCarrier = true; + bridgeVLANs = [ + { + bridgeVLANConfig = { + VLAN = vlansByName.office.id; + PVID = vlansByName.office.id; + EgressUntagged = vlansByName.office.id; + }; + } + ]; }; - linkConfig.RequiredForOnline = "enslaved"; - bridgeVLANs = [ - { - bridgeVLANConfig = { - VLAN = vlansByName.office.id; - PVID = vlansByName.office.id; - EgressUntagged = vlansByName.office.id; - }; - } - ]; - }; + "30-lan3" = { + matchConfig.Name = "lan3"; + networkConfig = { + Bridge = bridgeInterfaceName; + ConfigureWithoutCarrier = true; + }; + linkConfig.RequiredForOnline = "enslaved"; - "30-lan3" = { - matchConfig.Name = "lan3"; - networkConfig = { - Bridge = bridgeInterfaceName; - ConfigureWithoutCarrier = true; + bridgeVLANs = [ + { + bridgeVLANConfig = { + VLAN = "${toString vlanRangeStart}-${toString vlanRangeEnd}"; + }; + } + ]; }; - linkConfig.RequiredForOnline = "enslaved"; + # Configure the bridge for its desired function + "40-${bridgeInterfaceName}" = { + matchConfig.Name = bridgeInterfaceName; + bridgeConfig = {}; + address = [ + (mkVlanIpv4HostAddr { + vlanid = 0; + host = 1; + }) + ]; + networkConfig = { + ConfigureWithoutCarrier = true; + }; + # Don't wait for it as it also would wait for wlan and DFS which takes around 5 min + linkConfig.RequiredForOnline = "no"; + linkConfig.ActivationPolicy = "always-up"; - bridgeVLANs = [ - { - bridgeVLANConfig = { - VLAN = "${toString vlanRangeStart}-${toString vlanRangeEnd}"; - }; - } - ]; - }; - # Configure the bridge for its desired function - "40-${bridgeInterfaceName}" = { - matchConfig.Name = bridgeInterfaceName; - bridgeConfig = { }; - address = [ - (mkVlanIpv4HostAddr { vlanid = 0; host = 1; }) - ]; - networkConfig = { - ConfigureWithoutCarrier = true; + bridgeVLANs = [ + { + bridgeVLANConfig = { + VLAN = "${toString vlanRangeStart}-${toString vlanRangeEnd}"; + }; + } + ]; + + vlan = ( + builtins.map + (vlanid: (mkInterfaceName {inherit vlanid;})) + vlanRange + ); }; - # Don't wait for it as it also would wait for wlan and DFS which takes around 5 min - linkConfig.RequiredForOnline = "no"; - linkConfig.ActivationPolicy = "always-up"; - - bridgeVLANs = [ - { - bridgeVLANConfig = { - VLAN = "${toString vlanRangeStart}-${toString vlanRangeEnd}"; - }; - } - ]; - - vlan = (builtins.map - (vlanid: (mkInterfaceName { inherit vlanid; })) - vlanRange - ); - }; - - } - - # configuration for the hostapd dynamic interfaces - # * netdev type vlan - # * host address for vlan - # * vlan config for wlan interface - // - builtins.foldl' + } + # configuration for the hostapd dynamic interfaces + # * netdev type vlan + # * host address for vlan + # * vlan config for wlan interface + // builtins.foldl' (acc: cur: acc // cur) - { } + {} (builtins.map - ({ vlanid, vlanid' }: { + ({ + vlanid, + vlanid', + }: { # configure the tagged vlan device with an address and vlan filtering. # dnsmasq is configured to serve the respective /24 range on each tagged device. # this device only receives traffic for the given vlanid and sends tagged traffic to the bridge. - "41-${mkInterfaceName { inherit vlanid; }}" = { - matchConfig.Name = "${mkInterfaceName { inherit vlanid; }}"; + "41-${mkInterfaceName {inherit vlanid;}}" = { + matchConfig.Name = "${mkInterfaceName {inherit vlanid;}}"; address = [ - (mkVlanIpv4HostAddr { inherit vlanid; host = 1; }) + (mkVlanIpv4HostAddr { + inherit vlanid; + host = 1; + }) ]; networkConfig = { ConfigureWithoutCarrier = true; @@ -538,10 +573,13 @@ in ]; }; - "50-${mkInterfaceName { inherit vlanid; }}" = { - matchConfig.Name = "${mkInterfaceName { inherit vlanid; }}"; + "50-${mkInterfaceName {inherit vlanid;}}" = { + matchConfig.Name = "${mkInterfaceName {inherit vlanid;}}"; address = [ - (mkVlanIpv4HostAddr { inherit vlanid; host = 1; }) + (mkVlanIpv4HostAddr { + inherit vlanid; + host = 1; + }) ]; networkConfig = { ConfigureWithoutCarrier = true; @@ -549,259 +587,259 @@ in linkConfig.RequiredForOnline = "no"; }; }) - (builtins.map - (vlanid: { inherit vlanid; vlanid' = builtins.toString vlanid; }) + ( + builtins.map + (vlanid: { + inherit vlanid; + vlanid' = builtins.toString vlanid; + }) vlanRange - )) - ; + )); }; # wireless access point services.hostapd = { enable = true; package = nodeFlake.packages.${system}.hostapd_patched; - radios = - let - # generated with https://miniwebtool.com/mac-address-generator/ - mkBssid = i: "34:56:ce:0f:ed:4${toString i}"; - in - { - wlan0 = { - band = "2g"; - countryCode = "CH"; - channel = 0; # ACS + radios = let + # generated with https://miniwebtool.com/mac-address-generator/ + mkBssid = i: "34:56:ce:0f:ed:4${toString i}"; + in { + wlan0 = { + band = "2g"; + countryCode = "CH"; + channel = 0; # ACS - # use 'iw phy#1 info' to determine your VHT capabilities - wifi4 = { - enable = true; - capabilities = [ "HT40+" "LDPC" "SHORT-GI-20" "SHORT-GI-40" "TX-STBC" "RX-STBC1" "MAX-AMSDU-7935" ]; - }; - networks = { - wlan0 = - let - iface = "wlan0"; - in - { - ssid = "mlsia"; - bssid = mkBssid 0; + # use 'iw phy#1 info' to determine your VHT capabilities + wifi4 = { + enable = true; + capabilities = ["HT40+" "LDPC" "SHORT-GI-20" "SHORT-GI-40" "TX-STBC" "RX-STBC1" "MAX-AMSDU-7935"]; + }; + networks = { + wlan0 = let + iface = "wlan0"; + in { + ssid = "mlsia"; + bssid = mkBssid 0; - # authentication.mode = "wpa3-sae"; - authentication.mode = "wpa3-sae-transition"; + # authentication.mode = "wpa3-sae"; + authentication.mode = "wpa3-sae-transition"; - authentication.wpaPskFile = config.sops.secrets."${iface}_wpaPskFile".path; - authentication.saePasswordsFile = config.sops.secrets."${iface}_saePasswordsFile".path; + authentication.wpaPskFile = config.sops.secrets."${iface}_wpaPskFile".path; + authentication.saePasswordsFile = config.sops.secrets."${iface}_saePasswordsFile".path; - # see https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf for reference - settings = { - # bridge = bridgeInterfaceName; + # see https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf for reference + settings = { + # bridge = bridgeInterfaceName; - # wpa_psk_file = config.sops.secrets.wlan0_wpaPskFile.path; - # not yet supported on hostapd 2.10 - # sae_password_file = config.sops.secrets.wlan0_saePasswordsFile.path; + # wpa_psk_file = config.sops.secrets.wlan0_wpaPskFile.path; + # not yet supported on hostapd 2.10 + # sae_password_file = config.sops.secrets.wlan0_saePasswordsFile.path; - # enables debug logging - logger_stdout_level = lib.mkForce 0; - logger_stdout = -1; - # logger_syslog_level= lib.mkForce 0; + # enables debug logging + logger_stdout_level = lib.mkForce 0; + logger_stdout = -1; + # logger_syslog_level= lib.mkForce 0; - # resources on vlan tagging - # https://wireless.wiki.kernel.org/en/users/Documentation/hostapd#dynamic_vlan_tagging - # https://forum.openwrt.org/t/individual-per-passphrase-wifi-vlans-using-wpa-psk-file-no-radius-required/161696/4 + # resources on vlan tagging + # https://wireless.wiki.kernel.org/en/users/Documentation/hostapd#dynamic_vlan_tagging + # https://forum.openwrt.org/t/individual-per-passphrase-wifi-vlans-using-wpa-psk-file-no-radius-required/161696/4 - dynamic_vlan = 1; + dynamic_vlan = 1; - # this option currently requires a patch to hostapd - vlan_no_bridge = 1; + # this option currently requires a patch to hostapd + vlan_no_bridge = 1; - /* not used due to the above vlan_no_bridge setting + /* + not used due to the above vlan_no_bridge setting vlan_tagged_interface = bridgeInterfaceName; vlan_naming = 1; vlan_bridge = "br-${iface}."; - */ + */ - vlan_file = - let - generated = builtins.map - (vlanid: - "${builtins.toString vlanid} ${iface}.${builtins.toString vlanid}" - ) - vlanRange - ; + vlan_file = let + generated = + builtins.map + ( + vlanid: "${builtins.toString vlanid} ${iface}.${builtins.toString vlanid}" + ) + vlanRange; - wildcard = [ - # Optional wildcard entry matching all VLAN IDs. The first # in the interface - # name will be replaced with the VLAN ID. The network interfaces are created - # (and removed) dynamically based on the use. - # see https://w1.fi/cgit/hostap/tree/hostapd/hostapd.vlan - "* ${iface}.#" - ]; + wildcard = [ + # Optional wildcard entry matching all VLAN IDs. The first # in the interface + # name will be replaced with the VLAN ID. The network interfaces are created + # (and removed) dynamically based on the use. + # see https://w1.fi/cgit/hostap/tree/hostapd/hostapd.vlan + "* ${iface}.#" + ]; - file = pkgs.writeText "hostapd.vlan" - (builtins.concatStringsSep "\n" (generated ++ wildcard)); - filePath = toString file; - in - filePath; + file = + pkgs.writeText "hostapd.vlan" + (builtins.concatStringsSep "\n" (generated ++ wildcard)); + filePath = toString file; + in + filePath; - wpa_key_mgmt = lib.mkForce (builtins.concatStringsSep " " [ - "WPA-PSK" + wpa_key_mgmt = lib.mkForce (builtins.concatStringsSep " " [ + "WPA-PSK" - # TODO: the printer can't connect when this is on - # "WPA-PSK-SHA256" + # TODO: the printer can't connect when this is on + # "WPA-PSK-SHA256" - # unfortunately SAE doesn't support VLAN passwords in the way i'd like to use them - # "SAE" - ]); + # unfortunately SAE doesn't support VLAN passwords in the way i'd like to use them + # "SAE" + ]); - # wpa_psk_radius = 0; - wpa_pairwise = "CCMP"; - wmm_enabled = 1; + # wpa_psk_radius = 0; + wpa_pairwise = "CCMP"; + wmm_enabled = 1; - # IEEE 802.11i (authentication) related configuration - # Encrypt management frames to protect against deauthentication and similar attacks - ieee80211w = 1; - sae_require_mfp = 1; - sae_groups = "19 20 21"; + # IEEE 802.11i (authentication) related configuration + # Encrypt management frames to protect against deauthentication and similar attacks + ieee80211w = 1; + sae_require_mfp = 1; + sae_groups = "19 20 21"; - # [ENABLE-TLSv1.3] = enable TLSv1.3 (experimental - disabled by default) - tls_flags = "[ENABLE-TLSv1.3]"; + # [ENABLE-TLSv1.3] = enable TLSv1.3 (experimental - disabled by default) + tls_flags = "[ENABLE-TLSv1.3]"; - ieee8021x = 0; - eap_server = 0; - }; - }; - - # wlan0-1 = { - # ssid = "mlsia-testing"; - # authentication = { - # mode = "wpa3-sae-transition"; - # }; - - # bssid = mkBssid 1; - # settings = { - # bridge = bridgeInterfaceName; - # }; - # }; - - # wlan0-1 = { - # ssid = "justtestingwifi-wpa3"; - # authentication = { - # mode = "wpa3-sae"; - # saePasswordsFile = config.sops.secrets.wlan0_1_saePasswordFile.path; - # }; - - # bssid = mkBssid 1; - # settings = { - # bridge = bridgeInterfaceName; - # }; - # }; - - # Uncomment when needed otherwise remove - # wlan0-1 = { - # ssid = "koteczkowo3"; - # authentication = { - # mode = "none"; # this is overriden by settings - # }; - # managementFrameProtection = "optional"; - # bssid = "e6:02:43:07:00:00"; - # settings = { - # bridge = bridgeInterfaceName; - # wpa = lib.mkForce 2; - # wpa_key_mgmt = "WPA-PSK"; - # wpa_pairwise = "CCMP"; - # wpa_psk_file = config.sops.secrets.legacyWifiPassword.path; - # }; - # }; + ieee8021x = 0; + eap_server = 0; + }; }; + + # wlan0-1 = { + # ssid = "mlsia-testing"; + # authentication = { + # mode = "wpa3-sae-transition"; + # }; + + # bssid = mkBssid 1; + # settings = { + # bridge = bridgeInterfaceName; + # }; + # }; + + # wlan0-1 = { + # ssid = "justtestingwifi-wpa3"; + # authentication = { + # mode = "wpa3-sae"; + # saePasswordsFile = config.sops.secrets.wlan0_1_saePasswordFile.path; + # }; + + # bssid = mkBssid 1; + # settings = { + # bridge = bridgeInterfaceName; + # }; + # }; + + # Uncomment when needed otherwise remove + # wlan0-1 = { + # ssid = "koteczkowo3"; + # authentication = { + # mode = "none"; # this is overriden by settings + # }; + # managementFrameProtection = "optional"; + # bssid = "e6:02:43:07:00:00"; + # settings = { + # bridge = bridgeInterfaceName; + # wpa = lib.mkForce 2; + # wpa_key_mgmt = "WPA-PSK"; + # wpa_pairwise = "CCMP"; + # wpa_psk_file = config.sops.secrets.legacyWifiPassword.path; + # }; + # }; }; - - # wlan1 = { - # band = "5g"; - # # channels with 160 MHz width in Poland: 36, 52, 100 i 116 - # channel = 0; # ACS - # countryCode = "PL"; - - # # use 'iw phy#1 info' to determine your VHT capabilities - # wifi4 = { - # enable = true; - # capabilities = ["HT40+" "LDPC" "SHORT-GI-20" "SHORT-GI-40" "TX-STBC" "RX-STBC1" "MAX-AMSDU-7935"]; - # }; - # wifi5 = { - # enable = true; - # operatingChannelWidth = "160"; - # capabilities = ["RXLDPC" "SHORT-GI-80" "SHORT-GI-160" "TX-STBC-2BY1" "SU-BEAMFORMER" "SU-BEAMFORMEE" "MU-BEAMFORMER" "MU-BEAMFORMEE" "RX-ANTENNA-PATTERN" "TX-ANTENNA-PATTERN" "RX-STBC-1" "SOUNDING-DIMENSION-4" "BF-ANTENNA-4" "VHT160" "MAX-MPDU-11454" "MAX-A-MPDU-LEN-EXP7"]; - # }; - # wifi6 = { - # enable = true; - # singleUserBeamformer = true; - # singleUserBeamformee = true; - # multiUserBeamformer = true; - # operatingChannelWidth = "160"; - # }; - # settings = { - # # these two are mandatory for wifi 5 & 6 to work - # vht_oper_centr_freq_seg0_idx = 50; - # he_oper_centr_freq_seg0_idx = 50; - - # # The "tx_queue_data2_burst" parameter in Linux refers to the burst size for - # # transmitting data packets from the second data queue of a network interface. - # # It determines the number of packets that can be sent in a burst. - # # Adjusting this parameter can impact network throughput and latency. - # tx_queue_data2_burst = 2; - - # # The "he_bss_color" parameter in Wi-Fi 6 (802.11ax) refers to the BSS Color field in the HE (High Efficiency) MAC header. - # # BSS Color is a mechanism introduced in Wi-Fi 6 to mitigate interference and improve network efficiency in dense deployment scenarios. - # # It allows multiple overlapping Basic Service Sets (BSS) to differentiate and coexist in the same area without causing excessive interference. - # he_bss_color = 63; # was set to 128 by openwrt but range of possible values in 2.10 is 1-63 - - # # Magic values that were set by openwrt but I didn't bother inspecting every single one - # he_spr_sr_control = 3; - # he_default_pe_duration = 4; - # he_rts_threshold = 1023; - - # he_mu_edca_qos_info_param_count = 0; - # he_mu_edca_qos_info_q_ack = 0; - # he_mu_edca_qos_info_queue_request = 0; - # he_mu_edca_qos_info_txop_request = 0; - - # # he_mu_edca_ac_be_aci=0; missing in 2.10 - # he_mu_edca_ac_be_aifsn = 8; - # he_mu_edca_ac_be_ecwmin = 9; - # he_mu_edca_ac_be_ecwmax = 10; - # he_mu_edca_ac_be_timer = 255; - - # he_mu_edca_ac_bk_aifsn = 15; - # he_mu_edca_ac_bk_aci = 1; - # he_mu_edca_ac_bk_ecwmin = 9; - # he_mu_edca_ac_bk_ecwmax = 10; - # he_mu_edca_ac_bk_timer = 255; - - # he_mu_edca_ac_vi_ecwmin = 5; - # he_mu_edca_ac_vi_ecwmax = 7; - # he_mu_edca_ac_vi_aifsn = 5; - # he_mu_edca_ac_vi_aci = 2; - # he_mu_edca_ac_vi_timer = 255; - - # he_mu_edca_ac_vo_aifsn = 5; - # he_mu_edca_ac_vo_aci = 3; - # he_mu_edca_ac_vo_ecwmin = 5; - # he_mu_edca_ac_vo_ecwmax = 7; - # he_mu_edca_ac_vo_timer = 255; - # }; - # networks = { - # wlan1 = { - # ssid = "koteczkowo5"; - # authentication = { - # mode = "wpa3-sae"; - # saePasswordsFile = config.sops.secrets.wifiPassword.path; # Use saePasswordsFile if possible. - # }; - # bssid = "36:b9:02:21:08:a2"; - # settings = { - # bridge = bridgeInterfaceName; - # }; - # }; - # }; - # }; }; + + # wlan1 = { + # band = "5g"; + # # channels with 160 MHz width in Poland: 36, 52, 100 i 116 + # channel = 0; # ACS + # countryCode = "PL"; + + # # use 'iw phy#1 info' to determine your VHT capabilities + # wifi4 = { + # enable = true; + # capabilities = ["HT40+" "LDPC" "SHORT-GI-20" "SHORT-GI-40" "TX-STBC" "RX-STBC1" "MAX-AMSDU-7935"]; + # }; + # wifi5 = { + # enable = true; + # operatingChannelWidth = "160"; + # capabilities = ["RXLDPC" "SHORT-GI-80" "SHORT-GI-160" "TX-STBC-2BY1" "SU-BEAMFORMER" "SU-BEAMFORMEE" "MU-BEAMFORMER" "MU-BEAMFORMEE" "RX-ANTENNA-PATTERN" "TX-ANTENNA-PATTERN" "RX-STBC-1" "SOUNDING-DIMENSION-4" "BF-ANTENNA-4" "VHT160" "MAX-MPDU-11454" "MAX-A-MPDU-LEN-EXP7"]; + # }; + # wifi6 = { + # enable = true; + # singleUserBeamformer = true; + # singleUserBeamformee = true; + # multiUserBeamformer = true; + # operatingChannelWidth = "160"; + # }; + # settings = { + # # these two are mandatory for wifi 5 & 6 to work + # vht_oper_centr_freq_seg0_idx = 50; + # he_oper_centr_freq_seg0_idx = 50; + + # # The "tx_queue_data2_burst" parameter in Linux refers to the burst size for + # # transmitting data packets from the second data queue of a network interface. + # # It determines the number of packets that can be sent in a burst. + # # Adjusting this parameter can impact network throughput and latency. + # tx_queue_data2_burst = 2; + + # # The "he_bss_color" parameter in Wi-Fi 6 (802.11ax) refers to the BSS Color field in the HE (High Efficiency) MAC header. + # # BSS Color is a mechanism introduced in Wi-Fi 6 to mitigate interference and improve network efficiency in dense deployment scenarios. + # # It allows multiple overlapping Basic Service Sets (BSS) to differentiate and coexist in the same area without causing excessive interference. + # he_bss_color = 63; # was set to 128 by openwrt but range of possible values in 2.10 is 1-63 + + # # Magic values that were set by openwrt but I didn't bother inspecting every single one + # he_spr_sr_control = 3; + # he_default_pe_duration = 4; + # he_rts_threshold = 1023; + + # he_mu_edca_qos_info_param_count = 0; + # he_mu_edca_qos_info_q_ack = 0; + # he_mu_edca_qos_info_queue_request = 0; + # he_mu_edca_qos_info_txop_request = 0; + + # # he_mu_edca_ac_be_aci=0; missing in 2.10 + # he_mu_edca_ac_be_aifsn = 8; + # he_mu_edca_ac_be_ecwmin = 9; + # he_mu_edca_ac_be_ecwmax = 10; + # he_mu_edca_ac_be_timer = 255; + + # he_mu_edca_ac_bk_aifsn = 15; + # he_mu_edca_ac_bk_aci = 1; + # he_mu_edca_ac_bk_ecwmin = 9; + # he_mu_edca_ac_bk_ecwmax = 10; + # he_mu_edca_ac_bk_timer = 255; + + # he_mu_edca_ac_vi_ecwmin = 5; + # he_mu_edca_ac_vi_ecwmax = 7; + # he_mu_edca_ac_vi_aifsn = 5; + # he_mu_edca_ac_vi_aci = 2; + # he_mu_edca_ac_vi_timer = 255; + + # he_mu_edca_ac_vo_aifsn = 5; + # he_mu_edca_ac_vo_aci = 3; + # he_mu_edca_ac_vo_ecwmin = 5; + # he_mu_edca_ac_vo_ecwmax = 7; + # he_mu_edca_ac_vo_timer = 255; + # }; + # networks = { + # wlan1 = { + # ssid = "koteczkowo5"; + # authentication = { + # mode = "wpa3-sae"; + # saePasswordsFile = config.sops.secrets.wifiPassword.path; # Use saePasswordsFile if possible. + # }; + # bssid = "36:b9:02:21:08:a2"; + # settings = { + # bridge = bridgeInterfaceName; + # }; + # }; + # }; + # }; + }; }; services.resolved.enable = false; @@ -826,21 +864,35 @@ in local-ttl = 0; dhcp-ttl = 0; - dhcp-range = - let - mkDhcpRange = { tag, vlanid }: builtins.concatStringsSep "," [ + dhcp-range = let + mkDhcpRange = { + tag, + vlanid, + }: + builtins.concatStringsSep "," [ tag - (mkVlanIpv4HostAddr { inherit vlanid; host = 100; cidr = false; }) - (mkVlanIpv4HostAddr { inherit vlanid; host = 199; cidr = false; }) + (mkVlanIpv4HostAddr { + inherit vlanid; + host = 100; + cidr = false; + }) + (mkVlanIpv4HostAddr { + inherit vlanid; + host = 199; + cidr = false; + }) "12h" ]; - in + in builtins.map - (vlanid: - mkDhcpRange { tag = mkInterfaceName { inherit vlanid; }; inherit vlanid; } - ) - vlanRangeWith0 - ; + ( + vlanid: + mkDhcpRange { + tag = mkInterfaceName {inherit vlanid;}; + inherit vlanid; + } + ) + vlanRangeWith0; # interface = bridgeInterfaceName; # bind-interfaces = true; @@ -854,7 +906,6 @@ in # don't use /etc/hosts as this would advertise ${nodeName} as localhost no-hosts = true; - # address = "/${nodeName}.lan/${fwLanHostAddr}"; server = [ # upstream DNS servers @@ -869,33 +920,40 @@ in # "9.9.9.9" "8.8.8.8" "1.1.1.1" ]; - domain = [ - "/${getVlanDomain {vlanid = 0;}}/,local" - ] ++ builtins.map - (vlanid: - "${getVlanDomain {inherit vlanid;}},${mkVlanIpv4HostAddr { inherit vlanid; host = 0; cidr = true; }},local" + domain = + [ + "/${getVlanDomain {vlanid = 0;}}/,local" + ] + ++ builtins.map + ( + vlanid: "${getVlanDomain {inherit vlanid;}},${mkVlanIpv4HostAddr { + inherit vlanid; + host = 0; + cidr = true; + }},local" ) - vlanRangeWith0 - ; + vlanRangeWith0; # TODO: compare this to using `interface-name` - dynamic-host = [ - ] ++ builtins.map - (vlanid: - builtins.concatStringsSep "," [ - # "${getVlanDomain{inherit vlanid;}}" "0.0.0.1" (mkInterfaceName {inherit vlanid;}) - "${nodeName}.${getVlanDomain{inherit vlanid;}}" - "0.0.0.1" - (mkInterfaceName { inherit vlanid; }) - ] + dynamic-host = + [ + ] + ++ builtins.map + ( + vlanid: + builtins.concatStringsSep "," [ + # "${getVlanDomain{inherit vlanid;}}" "0.0.0.1" (mkInterfaceName {inherit vlanid;}) + "${nodeName}.${getVlanDomain {inherit vlanid;}}" + "0.0.0.1" + (mkInterfaceName {inherit vlanid;}) + ] ) - vlanRangeWith0 - ; + vlanRangeWith0; - dhcp-option-force = builtins.map - (vlanid: "${mkInterfaceName {inherit vlanid;}},option:domain-search,${getVlanDomain{inherit vlanid;}}") - vlanRangeWith0 - ; + dhcp-option-force = + builtins.map + (vlanid: "${mkInterfaceName {inherit vlanid;}},option:domain-search,${getVlanDomain {inherit vlanid;}}") + vlanRangeWith0; # auth-server = [ # (builtins.concatStringsSep "," [ @@ -928,10 +986,10 @@ in # They fail to load properly, leaving the system without working ethernet, they'll oops on # remove. MTK-DSA parts and PCIe were observed to do this. boot.initrd.includeDefaultModules = false; - boot.initrd.kernelModules = [ "rfkill" "cfg80211" "mt7915e" ]; - boot.initrd.availableKernelModules = [ "nvme" ]; + boot.initrd.kernelModules = ["rfkill" "cfg80211" "mt7915e"]; + boot.initrd.availableKernelModules = ["nvme"]; - boot.kernelParams = [ "console=ttyS0,115200" ]; + boot.kernelParams = ["console=ttyS0,115200"]; hardware.enableRedistributableFirmware = true; # Wireless hardware exists, regulatory database is essential. hardware.wirelessRegulatoryDatabase = true; diff --git a/nix/os/devices/router0-dmz0/flake.nix b/nix/os/devices/router0-dmz0/flake.nix index 494551e..22c71ae 100644 --- a/nix/os/devices/router0-dmz0/flake.nix +++ b/nix/os/devices/router0-dmz0/flake.nix @@ -19,7 +19,6 @@ bpir3.inputs.nixpkgs.follows = "nixpkgs"; - nixos-nftables-firewall.url = "github:thelegy/nixos-nftables-firewall"; nixos-nftables-firewall.inputs.nixpkgs.follows = "nixpkgs"; @@ -60,13 +59,17 @@ nixpkgs.lib.attrsets.recursiveUpdate attrs { - specialArgs = (import ./default.nix { - system = nativeSystem; - inherit nodeName; + specialArgs = + (import ./default.nix { + system = nativeSystem; + inherit nodeName; - repoFlake = get-flake ../../../..; - nodeFlake = self; - }).meta.nodeSpecialArgs.${nodeName}; + repoFlake = get-flake ../../../..; + nodeFlake = self; + }) + .meta + .nodeSpecialArgs + .${nodeName}; modules = [ @@ -88,7 +91,6 @@ linuxPackages_bpir3_latest ; }) - ]; } ] @@ -112,19 +114,22 @@ }; packages = let - mkPatchedHostapd = pkgs: pkgs.hostapd.overrideDerivation(attrs: { - patches = attrs.patches ++ [ - "${self.inputs.openwrt}/package/network/services/hostapd/patches/710-vlan_no_bridge.patch" - ]; - }); + mkPatchedHostapd = pkgs: + pkgs.hostapd.overrideDerivation (attrs: { + patches = + attrs.patches + ++ [ + "${self.inputs.openwrt}/package/network/services/hostapd/patches/710-vlan_no_bridge.patch" + ]; + }); in { - "${nativeSystem}" = { - hostapd_patched = mkPatchedHostapd pkgs; - }; + "${nativeSystem}" = { + hostapd_patched = mkPatchedHostapd pkgs; + }; - cross = { - hostapd_patched = mkPatchedHostapd pkgsCross; - }; + cross = { + hostapd_patched = mkPatchedHostapd pkgsCross; + }; }; }; } diff --git a/nix/os/devices/sj-bm-hostkey0/configuration.nix b/nix/os/devices/sj-bm-hostkey0/configuration.nix index f2dd56d..5c32ea3 100644 --- a/nix/os/devices/sj-bm-hostkey0/configuration.nix +++ b/nix/os/devices/sj-bm-hostkey0/configuration.nix @@ -1,13 +1,14 @@ -{ modulesPath -, repoFlake -, packages' -, pkgs -, lib -, config -, nodeFlake -, nodeName -, system -, ... +{ + modulesPath, + repoFlake, + packages', + pkgs, + lib, + config, + nodeFlake, + nodeName, + system, + ... }: { disabledModules = [ ]; @@ -34,7 +35,7 @@ inherit pkgs; }; - home-manager.users.steveej = { pkgs, ... }: { + home-manager.users.steveej = {pkgs, ...}: { imports = [ ../../../home-manager/configuration/text-minimal.nix ]; @@ -51,7 +52,7 @@ programs.zsh.enable = true; users.defaultUserShell = pkgs.zsh; - environment.pathsToLink = [ "/share/zsh" ]; + environment.pathsToLink = ["/share/zsh"]; } ]; @@ -82,54 +83,52 @@ firewall.enable = false; }; - disko.devices = - let - disk = id: { - type = "disk"; - device = "/dev/${id}"; - content = { - type = "gpt"; - partitions = { - boot = { - size = "1M"; - type = "EF02"; # for grub MBR - }; - mdadm = { - size = "100%"; - content = { - type = "mdraid"; - name = "raid0"; - }; + disko.devices = let + disk = id: { + type = "disk"; + device = "/dev/${id}"; + content = { + type = "gpt"; + partitions = { + boot = { + size = "1M"; + type = "EF02"; # for grub MBR + }; + mdadm = { + size = "100%"; + content = { + type = "mdraid"; + name = "raid0"; }; }; }; }; - in - { - disk = { - sda = disk "sda"; - sdb = disk "sdb"; - }; - mdadm = { - raid0 = { - type = "mdadm"; - level = 0; - content = { - type = "gpt"; - partitions = { - primary = { - size = "100%"; - content = { - type = "filesystem"; - format = "btrfs"; - mountpoint = "/"; - }; + }; + in { + disk = { + sda = disk "sda"; + sdb = disk "sdb"; + }; + mdadm = { + raid0 = { + type = "mdadm"; + level = 0; + content = { + type = "gpt"; + partitions = { + primary = { + size = "100%"; + content = { + type = "filesystem"; + format = "btrfs"; + mountpoint = "/"; }; }; }; }; }; }; + }; system.stateVersion = "23.11"; diff --git a/nix/os/devices/sj-srv1/configuration.nix b/nix/os/devices/sj-srv1/configuration.nix index ff7d0a1..bada0c3 100644 --- a/nix/os/devices/sj-srv1/configuration.nix +++ b/nix/os/devices/sj-srv1/configuration.nix @@ -1,9 +1,10 @@ -{ nodeName -, config -, pkgs -, ... +{ + nodeName, + config, + pkgs, + ... }: { - disabledModules = [ ]; + disabledModules = []; imports = [ ../../profiles/common/configuration.nix { diff --git a/nix/os/devices/sj-srv1/hw.nix b/nix/os/devices/sj-srv1/hw.nix index 226275c..65a001d 100644 --- a/nix/os/devices/sj-srv1/hw.nix +++ b/nix/os/devices/sj-srv1/hw.nix @@ -43,7 +43,7 @@ in { enable = true; encrypted = false; diskId = "virtio-virtio-paeNi8Fof9Oe"; - earlyDiskIdOverride = "ata-INTEL_SSDSC2KB019TZ_PHYI315001FW1P9DGN"; + earlyDiskIdOverride = "ata-INTEL_SSDSC2KB019TZ_PHYI315001FW1P9DGN"; }; boot.initrd.kernelModules = stage1Modules; diff --git a/nix/os/devices/sj-srv1/system.nix b/nix/os/devices/sj-srv1/system.nix index d1f9774..c481d5d 100644 --- a/nix/os/devices/sj-srv1/system.nix +++ b/nix/os/devices/sj-srv1/system.nix @@ -1,12 +1,11 @@ -{ pkgs -, lib -, config -, repoFlake -, nodeName -, ... -}: - { + pkgs, + lib, + config, + repoFlake, + nodeName, + ... +}: { imports = [ ../../snippets/systemd-resolved.nix ]; @@ -28,52 +27,50 @@ networking.nat = { enable = true; - internalInterfaces = [ "ve-*" ]; + internalInterfaces = ["ve-*"]; externalInterface = "eth0"; }; # virtualization - virtualisation = { docker.enable = false; }; + virtualisation = {docker.enable = false;}; - nix.gc = { automatic = true; }; + nix.gc = {automatic = true;}; sops.secrets.restic-password.sopsFile = ../../../../secrets/${nodeName}/secrets.yaml; # adapted from https://github.com/lilyinstarlight/foosteros/blob/5c75ded111878970fd4f600c7adc013f971d5e71/config/restic.nix - services.restic.backups.${nodeName} = - let - btrfs = "${pkgs.btrfs-progs}/bin/btrfs"; - in - { - initialize = true; - repository = "sftp://u217879-sub3@u217879-sub3.your-storagebox.de:23/restic/${nodeName}"; + services.restic.backups.${nodeName} = let + btrfs = "${pkgs.btrfs-progs}/bin/btrfs"; + in { + initialize = true; + repository = "sftp://u217879-sub3@u217879-sub3.your-storagebox.de:23/restic/${nodeName}"; - paths = [ - "/backup" - ]; + paths = [ + "/backup" + ]; - pruneOpts = [ - "--keep-daily 7" - "--keep-weekly 5" - "--keep-monthly 12" - "--keep-yearly 2" - ]; + pruneOpts = [ + "--keep-daily 7" + "--keep-weekly 5" + "--keep-monthly 12" + "--keep-yearly 2" + ]; - timerConfig = { - OnCalendar = lib.mkDefault "daily"; - Persistent = true; - }; - - passwordFile = config.sops.secrets.restic-password.path; - - backupPrepareCommand = '' - ${btrfs} su snapshot -r /var/lib/container-volumes /backup/container-volumes - ''; - backupCleanupCommand = '' - ${btrfs} su delete /backup/container-volumes - ''; + timerConfig = { + OnCalendar = lib.mkDefault "daily"; + Persistent = true; }; + passwordFile = config.sops.secrets.restic-password.path; + + backupPrepareCommand = '' + ${btrfs} su snapshot -r /var/lib/container-volumes /backup/container-volumes + ''; + backupCleanupCommand = '' + ${btrfs} su delete /backup/container-volumes + ''; + }; + containers = { mailserver = import ../../containers/mailserver.nix { inherit repoFlake; @@ -89,17 +86,17 @@ webserver = import ../../containers/webserver.nix - { - inherit repoFlake; + { + inherit repoFlake; - autoStart = true; + autoStart = true; - hostAddress = "192.168.100.12"; - localAddress = "192.168.100.13"; + hostAddress = "192.168.100.12"; + localAddress = "192.168.100.13"; - httpPort = 80; - httpsPort = 443; - }; + httpPort = 80; + httpsPort = 443; + }; syncthing = import ../../containers/syncthing.nix { autoStart = true; diff --git a/nix/os/devices/sj-vps-htz0/system.nix b/nix/os/devices/sj-vps-htz0/system.nix index 43eca83..2bb6048 100644 --- a/nix/os/devices/sj-vps-htz0/system.nix +++ b/nix/os/devices/sj-vps-htz0/system.nix @@ -1,14 +1,13 @@ -{ pkgs -, lib -, config -, repoFlake -, nodeName -, ... -}: -let - wireguardPort = 51820; -in { + pkgs, + lib, + config, + repoFlake, + nodeName, + ... +}: let + wireguardPort = 51820; +in { imports = [ ../../snippets/systemd-resolved.nix ]; @@ -39,7 +38,7 @@ in "prefixLength" = 29; } ]; - ipv6.addresses = [ ]; + ipv6.addresses = []; }; networking.defaultGateway = { @@ -54,7 +53,7 @@ in networking.nat = { enable = true; - internalInterfaces = [ "ve-*" "wg*" ]; + internalInterfaces = ["ve-*" "wg*"]; externalInterface = "eth0"; }; @@ -79,7 +78,7 @@ in privateKeyFile = config.sops.secrets.wg0-private.path; peers = [ { - allowedIPs = [ "192.168.99.2/32" ]; + allowedIPs = ["192.168.99.2/32"]; publicKey = "O3k4jEdX6jkV1fHP/J8KSH5tvi+n1VvnBTD5na6Naw0="; presharedKeyFile = config.sops.secrets.wg0-psk-steveej-psk.path; } @@ -87,15 +86,14 @@ in }; # virtualization - virtualisation = { docker.enable = false; }; + virtualisation = {docker.enable = false;}; services.spice-vdagentd.enable = true; services.qemuGuest.enable = true; - nix.gc = { automatic = true; }; + nix.gc = {automatic = true;}; containers = { - }; home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix { diff --git a/nix/os/devices/steveej-t14/configuration.nix b/nix/os/devices/steveej-t14/configuration.nix index 0b199cc..a094278 100644 --- a/nix/os/devices/steveej-t14/configuration.nix +++ b/nix/os/devices/steveej-t14/configuration.nix @@ -1,4 +1,4 @@ -{ ... }: { +{...}: { imports = [ ../../snippets/home-manager-with-zsh.nix ../../snippets/nix-settings-holo-chain.nix @@ -19,8 +19,7 @@ ./boot.nix # samba seerver - ({ lib, ... }: { - + ({lib, ...}: { # networking.firewall.enable = lib.mkForce false; services.samba-wsdd.enable = true; # make shares visible for windows 10 clients networking.firewall.allowedTCPPorts = [ diff --git a/nix/os/devices/steveej-t14/default.nix b/nix/os/devices/steveej-t14/default.nix index 430b017..bcb5e94 100644 --- a/nix/os/devices/steveej-t14/default.nix +++ b/nix/os/devices/steveej-t14/default.nix @@ -1,17 +1,16 @@ -{ nodeName -, repoFlake -, repoFlakeWithSystem -, nodeFlake -, ... -}: -let - system = "x86_64-linux"; -in { + nodeName, + repoFlake, + repoFlakeWithSystem, + nodeFlake, + ... +}: let + system = "x86_64-linux"; +in { meta.nodeSpecialArgs.${nodeName} = { inherit repoFlake nodeName nodeFlake; packages' = repoFlake.packages.${system}; - repoFlakeInputs' = repoFlakeWithSystem system ({ inputs', ... }: inputs'); + repoFlakeInputs' = repoFlakeWithSystem system ({inputs', ...}: inputs'); }; meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath { diff --git a/nix/os/devices/steveej-t14/hw.nix b/nix/os/devices/steveej-t14/hw.nix index ea1352c..1b905e0 100644 --- a/nix/os/devices/steveej-t14/hw.nix +++ b/nix/os/devices/steveej-t14/hw.nix @@ -1,7 +1,5 @@ -{ lib, ... }: -let -in -{ +{lib, ...}: let +in { # TASK: new device hardware.opinionatedDisk = { enable = true; @@ -68,16 +66,16 @@ in enable = false; levels = [ # ["level auto" 0 60] - [ 0 0 60 ] - [ 1 60 65 ] - [ 1 65 75 ] - [ 2 75 78 ] - [ 3 78 80 ] - [ 4 80 82 ] - [ 5 82 84 ] - [ 6 84 86 ] - [ 7 86 88 ] - [ "level full-speed" 88 999 ] + [0 0 60] + [1 60 65] + [1 65 75] + [2 75 78] + [3 78 80] + [4 80 82] + [5 82 84] + [6 84 86] + [7 86 88] + ["level full-speed" 88 999] ]; extraArgs = [ diff --git a/nix/os/devices/steveej-t14/pkg.nix b/nix/os/devices/steveej-t14/pkg.nix index 806de3c..0cc3c04 100644 --- a/nix/os/devices/steveej-t14/pkg.nix +++ b/nix/os/devices/steveej-t14/pkg.nix @@ -1,8 +1,9 @@ -{ pkgs -, lib -, repoFlake -, nodeFlake -, ... +{ + pkgs, + lib, + repoFlake, + nodeFlake, + ... }: { system.stateVersion = "23.05"; home-manager.users.root = _: { @@ -20,7 +21,7 @@ }) ]; - home.sessionVariables = { }; + home.sessionVariables = {}; home.packages = with pkgs; [ ]; @@ -37,28 +38,26 @@ # # (regreet:505614): Gtk-WARNING **: 10:31:42.532: Theme parser warning: :6:17-18: Empty declaration # Failed to create /var/empty/.cache for shader cache (Operation not permitted)---disabling. - services.greetd = - let - # exec "${pkgs.greetd.gtkgreet}/bin/gtkgreet -l; swaymsg exit" - swayConfig = pkgs.writeText "greetd-sway-config" '' - # `-l` activates layer-shell mode. Notice that `swaymsg exit` will run after gtkgreet. - exec "dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK; ${pkgs.greetd.regreet}/bin/regreet; swaymsg exit" - bindsym Mod4+shift+e exec swaynag \ - -t warning \ - -m 'What do you want to do?' \ - -b 'Poweroff' 'systemctl poweroff' \ - -b 'Reboot' 'systemctl reboot' - ''; - in - { - enable = false; - settings = { - vt = 1; - default_session = { - command = "${pkgs.sway}/bin/sway --config ${swayConfig}"; - }; + services.greetd = let + # exec "${pkgs.greetd.gtkgreet}/bin/gtkgreet -l; swaymsg exit" + swayConfig = pkgs.writeText "greetd-sway-config" '' + # `-l` activates layer-shell mode. Notice that `swaymsg exit` will run after gtkgreet. + exec "dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK; ${pkgs.greetd.regreet}/bin/regreet; swaymsg exit" + bindsym Mod4+shift+e exec swaynag \ + -t warning \ + -m 'What do you want to do?' \ + -b 'Poweroff' 'systemctl poweroff' \ + -b 'Reboot' 'systemctl reboot' + ''; + in { + enable = false; + settings = { + vt = 1; + default_session = { + command = "${pkgs.sway}/bin/sway --config ${swayConfig}"; }; }; + }; environment.etc."greetd/environments".text = '' sway @@ -107,5 +106,4 @@ # # }; # # }; # }; - } diff --git a/nix/os/devices/steveej-t14/system.nix b/nix/os/devices/steveej-t14/system.nix index 9dc6590..4d43885 100644 --- a/nix/os/devices/steveej-t14/system.nix +++ b/nix/os/devices/steveej-t14/system.nix @@ -1,11 +1,11 @@ -{ pkgs -, lib -, config -, nodeName -, repoFlake -, ... -}: -let +{ + pkgs, + lib, + config, + nodeName, + repoFlake, + ... +}: let localTcpPorts = [ 22 @@ -21,9 +21,7 @@ let 22000 21027 ]; - -in -{ +in { nix.settings = { substituters = [ ]; @@ -41,7 +39,7 @@ in system = "x86_64-linux"; maxJobs = 32; speedFactor = 100; - supportedFeatures = repoFlake.nixosConfigurations.steveej-t14.config.nix.settings.system-features ++ [ ]; + supportedFeatures = repoFlake.nixosConfigurations.steveej-t14.config.nix.settings.system-features ++ []; } { @@ -52,7 +50,7 @@ in system = "aarch64-linux"; maxJobs = 32; speedFactor = 100; - supportedFeatures = repoFlake.nixosConfigurations.router0-dmz0.config.nix.settings.system-features ++ [ ]; + supportedFeatures = repoFlake.nixosConfigurations.router0-dmz0.config.nix.settings.system-features ++ []; } ]; @@ -61,7 +59,7 @@ in networking.extraHosts = '' ''; - networking.bridges."virbr1".interfaces = [ ]; + networking.bridges."virbr1".interfaces = []; networking.interfaces."virbr1".ipv4.addresses = [ { address = "10.254.254.254"; @@ -94,7 +92,7 @@ in # virtualization virtualisation = { - libvirtd = { enable = true; }; + libvirtd = {enable = true;}; virtualbox.host = { enable = false; @@ -112,9 +110,9 @@ in # client min protocol = NT1 ''; - security.pki.certificateFiles = [ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ]; + security.pki.certificateFiles = ["${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"]; - services.xserver.videoDrivers = lib.mkForce [ "amdgpu" ]; + services.xserver.videoDrivers = lib.mkForce ["amdgpu"]; hardware.ledger.enable = true; diff --git a/nix/os/devices/steveej-t14/user.nix b/nix/os/devices/steveej-t14/user.nix index 2a83802..6068f93 100644 --- a/nix/os/devices/steveej-t14/user.nix +++ b/nix/os/devices/steveej-t14/user.nix @@ -1,20 +1,19 @@ -{ config -, pkgs -, lib -, ... -}: -let - keys = import ../../../variables/keys.nix; - inherit (pkgs.callPackage ../../lib/default.nix { }) mkUser; -in { + config, + pkgs, + lib, + ... +}: let + keys = import ../../../variables/keys.nix; + inherit (pkgs.callPackage ../../lib/default.nix {}) mkUser; +in { users.users.steveej2 = mkUser { uid = 1001; openssh.authorizedKeys.keys = keys.users.steveej.openssh; hashedPasswordFile = config.sops.secrets.sharedUsers-steveej.path; }; - nix.settings.trusted-users = [ "steveej" ]; + nix.settings.trusted-users = ["steveej"]; security.pam.u2f.enable = true; security.pam.services.steveej.u2fAuth = true; diff --git a/nix/os/devices/steveej-x13s-rmvbl/configuration.nix b/nix/os/devices/steveej-x13s-rmvbl/configuration.nix index eae1137..6f31bc9 100644 --- a/nix/os/devices/steveej-x13s-rmvbl/configuration.nix +++ b/nix/os/devices/steveej-x13s-rmvbl/configuration.nix @@ -1,15 +1,14 @@ -{ repoFlake -, nodeFlake -, pkgs -, lib -, config -, nodeName -, localDomainName -, system -, ... -}: - { + repoFlake, + nodeFlake, + pkgs, + lib, + config, + nodeName, + localDomainName, + system, + ... +}: { nixos-x13s = { enable = true; # TODO: use hardware address @@ -42,8 +41,8 @@ echo $? ) ''; - requiredBy = [ "bluetooth.service" ]; - before = [ "bluetooth.service" ]; + requiredBy = ["bluetooth.service"]; + before = ["bluetooth.service"]; serviceConfig = { Type = "oneshot"; RemainAfterExit = true; @@ -80,7 +79,6 @@ }; } - ../../snippets/home-manager-with-zsh.nix ../../snippets/sway-desktop.nix ../../snippets/bluetooth.nix @@ -115,7 +113,7 @@ ../../../home-manager/configuration/graphical-fullblown.nix ]; - home.sessionVariables = { }; + home.sessionVariables = {}; home.packages = with pkgs; [ ]; @@ -129,7 +127,7 @@ loader.systemd-boot.enable = true; loader.efi.canTouchEfiVariables = lib.mkForce false; loader.efi.efiSysMountPoint = "/boot"; - blacklistedKernelModules = [ "wwan" ]; + blacklistedKernelModules = ["wwan"]; initrd.kernelModules = [ "phy_qcom_qmp_usb" diff --git a/nix/os/devices/steveej-x13s-rmvbl/default.nix b/nix/os/devices/steveej-x13s-rmvbl/default.nix index fc3933e..fa66cf4 100644 --- a/nix/os/devices/steveej-x13s-rmvbl/default.nix +++ b/nix/os/devices/steveej-x13s-rmvbl/default.nix @@ -1,25 +1,26 @@ -{ system ? "aarch64-linux" -, nodeName -, repoFlake -, repoFlakeWithSystem -, nodeFlake -, localDomainName ? "internal" -, ... +{ + system ? "aarch64-linux", + nodeName, + repoFlake, + repoFlakeWithSystem, + nodeFlake, + localDomainName ? "internal", + ... }: { meta.nodeSpecialArgs.${nodeName} = { inherit repoFlake nodeName nodeFlake system; packages' = repoFlake.packages.${system}; nodePackages' = nodeFlake.packages.${system}; - repoFlakeInputs' = repoFlakeWithSystem system ({ inputs', ... }: inputs'); + repoFlakeInputs' = repoFlakeWithSystem system ({inputs', ...}: inputs'); inherit localDomainName; }; meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath - { - inherit system; - }; + { + inherit system; + }; ${nodeName} = { deployment.targetHost = "${nodeName}.${localDomainName}"; diff --git a/nix/os/devices/steveej-x13s-rmvbl/disko.nix b/nix/os/devices/steveej-x13s-rmvbl/disko.nix index e7e0391..e56b0d1 100644 --- a/nix/os/devices/steveej-x13s-rmvbl/disko.nix +++ b/nix/os/devices/steveej-x13s-rmvbl/disko.nix @@ -24,7 +24,7 @@ content = { type = "luks"; name = "x13s-usb-crypt"; - extraOpenArgs = [ ]; + extraOpenArgs = []; # disable settings.keyFile if you want to use interactive password entry #passwordFile = "/tmp/secret.key"; # Interactive settings = { @@ -36,19 +36,19 @@ # additionalKeyFiles = [ "/tmp/additionalSecret.key" ]; content = { type = "btrfs"; - extraArgs = [ "-f" ]; + extraArgs = ["-f"]; subvolumes = { "/root" = { mountpoint = "/"; - mountOptions = [ "compress=zstd" "noatime" ]; + mountOptions = ["compress=zstd" "noatime"]; }; "/home" = { mountpoint = "/home"; - mountOptions = [ "compress=zstd" "noatime" ]; + mountOptions = ["compress=zstd" "noatime"]; }; "/nix" = { mountpoint = "/nix"; - mountOptions = [ "compress=zstd" "noatime" ]; + mountOptions = ["compress=zstd" "noatime"]; }; "/swap" = { mountpoint = "/.swapvol"; diff --git a/nix/os/devices/steveej-x13s-rmvbl/flake.nix b/nix/os/devices/steveej-x13s-rmvbl/flake.nix index cf5a06e..bcc82bb 100644 --- a/nix/os/devices/steveej-x13s-rmvbl/flake.nix +++ b/nix/os/devices/steveej-x13s-rmvbl/flake.nix @@ -1,89 +1,92 @@ { - inputs = - { - nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; - # required for home-manager modules - nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small"; - nixpkgs-2211.url = "github:nixos/nixpkgs/nixos-22.11"; + # required for home-manager modules + nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small"; + nixpkgs-2211.url = "github:nixos/nixpkgs/nixos-22.11"; - get-flake.url = "github:ursi/get-flake"; + get-flake.url = "github:ursi/get-flake"; - disko.inputs.nixpkgs.follows = "nixpkgs"; + disko.inputs.nixpkgs.follows = "nixpkgs"; - mobile-nixos.url = "github:NixOS/mobile-nixos"; - mobile-nixos.flake = false; + mobile-nixos.url = "github:NixOS/mobile-nixos"; + mobile-nixos.flake = false; - home-manager = { - url = "github:nix-community/home-manager/release-23.11"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - - nixos-x13s.url = "git+https://codeberg.org/steveej/nixos-x13s"; - nixos-x13s.inputs.nixpkgs.follows = "nixpkgs"; + home-manager = { + url = "github:nix-community/home-manager/release-23.11"; + inputs.nixpkgs.follows = "nixpkgs"; }; - outputs = - { self - , get-flake - , nixpkgs - , ... - }: - let - system = "aarch64-linux"; - buildPlatform = "x86_64-linux"; - repoFlake = get-flake ../../../..; - in - { - lib = { - mkNixosConfiguration = { nodeName, extraModules ? [ ], ... } @ attrs: - nixpkgs.lib.nixosSystem ( - nixpkgs.lib.attrsets.recursiveUpdate - attrs - { - specialArgs = (import ./default.nix { - inherit system; - inherit nodeName repoFlake; + nixos-x13s.url = "git+https://codeberg.org/steveej/nixos-x13s"; + nixos-x13s.inputs.nixpkgs.follows = "nixpkgs"; + }; - nodeFlake = self; - }).meta.nodeSpecialArgs.${nodeName}; + outputs = { + self, + get-flake, + nixpkgs, + ... + }: let + system = "aarch64-linux"; + buildPlatform = "x86_64-linux"; + repoFlake = get-flake ../../../..; + in { + lib = { + mkNixosConfiguration = { + nodeName, + extraModules ? [], + ... + } @ attrs: + nixpkgs.lib.nixosSystem ( + nixpkgs.lib.attrsets.recursiveUpdate + attrs + { + specialArgs = + (import ./default.nix { + inherit system; + inherit nodeName repoFlake; - modules = - [ - # repoFlake.nixosModules.hardware-x13s - ] - ++ extraModules; - } - ); + nodeFlake = self; + }) + .meta + .nodeSpecialArgs + .${nodeName}; + + modules = + [ + # repoFlake.nixosModules.hardware-x13s + ] + ++ extraModules; + } + ); + }; + + nixosConfigurations = let + nodeName = "steveej-x13s-rmvbl"; + in { + native = self.lib.mkNixosConfiguration { + inherit system nodeName; + extraModules = [ + ./configuration.nix + + { + users.commonUsers.installPassword = "install"; + } + ]; }; - nixosConfigurations = - let - nodeName = "steveej-x13s-rmvbl"; - in - { - native = self.lib.mkNixosConfiguration { - inherit system nodeName; - extraModules = [ - ./configuration.nix + cross = self.lib.mkNixosConfiguration { + inherit nodeName; + extraModules = [ + ./configuration.nix - { - users.commonUsers.installPassword = "install"; - } - ]; - }; - - cross = self.lib.mkNixosConfiguration { - inherit nodeName; - extraModules = [ - ./configuration.nix - - { - nixpkgs.buildPlatform.system = buildPlatform; - nixpkgs.hostPlatform.system = system; - } - ]; - }; - }; + { + nixpkgs.buildPlatform.system = buildPlatform; + nixpkgs.hostPlatform.system = system; + } + ]; + }; }; + }; } diff --git a/nix/os/devices/steveej-x13s/configuration.nix b/nix/os/devices/steveej-x13s/configuration.nix index e45fc83..6d90f3d 100644 --- a/nix/os/devices/steveej-x13s/configuration.nix +++ b/nix/os/devices/steveej-x13s/configuration.nix @@ -1,15 +1,14 @@ -{ repoFlake -, nodeFlake -, pkgs -, lib -, config -, nodeName -, localDomainName -, system -, ... -}: - { + repoFlake, + nodeFlake, + pkgs, + lib, + config, + nodeName, + localDomainName, + system, + ... +}: { nixos-x13s = { enable = true; # TODO: use hardware address @@ -44,8 +43,8 @@ echo $? ) ''; - requiredBy = [ "bluetooth.service" ]; - before = [ "bluetooth.service" ]; + requiredBy = ["bluetooth.service"]; + before = ["bluetooth.service"]; serviceConfig = { Type = "oneshot"; RemainAfterExit = true; @@ -82,7 +81,6 @@ }; } - ../../snippets/home-manager-with-zsh.nix ../../snippets/sway-desktop.nix ../../snippets/bluetooth.nix @@ -117,7 +115,7 @@ ../../../home-manager/configuration/graphical-fullblown.nix ]; - home.sessionVariables = { }; + home.sessionVariables = {}; home.packages = with pkgs; [ ]; @@ -131,7 +129,7 @@ loader.systemd-boot.enable = true; loader.efi.canTouchEfiVariables = lib.mkForce false; loader.efi.efiSysMountPoint = "/boot"; - blacklistedKernelModules = [ "wwan" ]; + blacklistedKernelModules = ["wwan"]; }; # see https://linrunner.de/tlp/ diff --git a/nix/os/devices/steveej-x13s/default.nix b/nix/os/devices/steveej-x13s/default.nix index fc3933e..fa66cf4 100644 --- a/nix/os/devices/steveej-x13s/default.nix +++ b/nix/os/devices/steveej-x13s/default.nix @@ -1,25 +1,26 @@ -{ system ? "aarch64-linux" -, nodeName -, repoFlake -, repoFlakeWithSystem -, nodeFlake -, localDomainName ? "internal" -, ... +{ + system ? "aarch64-linux", + nodeName, + repoFlake, + repoFlakeWithSystem, + nodeFlake, + localDomainName ? "internal", + ... }: { meta.nodeSpecialArgs.${nodeName} = { inherit repoFlake nodeName nodeFlake system; packages' = repoFlake.packages.${system}; nodePackages' = nodeFlake.packages.${system}; - repoFlakeInputs' = repoFlakeWithSystem system ({ inputs', ... }: inputs'); + repoFlakeInputs' = repoFlakeWithSystem system ({inputs', ...}: inputs'); inherit localDomainName; }; meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath - { - inherit system; - }; + { + inherit system; + }; ${nodeName} = { deployment.targetHost = "${nodeName}.${localDomainName}"; diff --git a/nix/os/devices/steveej-x13s/disko.nix b/nix/os/devices/steveej-x13s/disko.nix index 39eb9e1..973c2a4 100644 --- a/nix/os/devices/steveej-x13s/disko.nix +++ b/nix/os/devices/steveej-x13s/disko.nix @@ -24,7 +24,7 @@ content = { type = "luks"; name = "x13s-nvme-crypt"; - extraOpenArgs = [ ]; + extraOpenArgs = []; # disable settings.keyFile if you want to use interactive password entry #passwordFile = "/tmp/secret.key"; # Interactive settings = { @@ -36,19 +36,19 @@ # additionalKeyFiles = [ "/tmp/additionalSecret.key" ]; content = { type = "btrfs"; - extraArgs = [ "-f" ]; + extraArgs = ["-f"]; subvolumes = { "/root" = { mountpoint = "/"; - mountOptions = [ "compress=zstd" "noatime" ]; + mountOptions = ["compress=zstd" "noatime"]; }; "/home" = { mountpoint = "/home"; - mountOptions = [ "compress=zstd" "noatime" ]; + mountOptions = ["compress=zstd" "noatime"]; }; "/nix" = { mountpoint = "/nix"; - mountOptions = [ "compress=zstd" "noatime" ]; + mountOptions = ["compress=zstd" "noatime"]; }; "/swap" = { mountpoint = "/.swapvol"; diff --git a/nix/os/devices/steveej-x13s/flake.nix b/nix/os/devices/steveej-x13s/flake.nix index 0201bb9..b0cdc09 100644 --- a/nix/os/devices/steveej-x13s/flake.nix +++ b/nix/os/devices/steveej-x13s/flake.nix @@ -1,89 +1,92 @@ { - inputs = - { - nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; - # required for home-manager modules - nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small"; - nixpkgs-2211.url = "github:nixos/nixpkgs/nixos-22.11"; + # required for home-manager modules + nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small"; + nixpkgs-2211.url = "github:nixos/nixpkgs/nixos-22.11"; - get-flake.url = "github:ursi/get-flake"; + get-flake.url = "github:ursi/get-flake"; - disko.inputs.nixpkgs.follows = "nixpkgs"; + disko.inputs.nixpkgs.follows = "nixpkgs"; - mobile-nixos.url = "github:NixOS/mobile-nixos"; - mobile-nixos.flake = false; + mobile-nixos.url = "github:NixOS/mobile-nixos"; + mobile-nixos.flake = false; - home-manager = { - url = "github:nix-community/home-manager/release-23.11"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - - # nixos-x13s.url = "git+https://codeberg.org/adamcstephens/nixos-x13s?rev=5044811f7804e7cf83923908d1b35322f34fb3fc"; # 6.7.0-1 - nixos-x13s.url = "git+https://codeberg.org/adamcstephens/nixos-x13s"; - nixos-x13s.inputs.nixpkgs.follows = "nixpkgs"; + home-manager = { + url = "github:nix-community/home-manager/release-23.11"; + inputs.nixpkgs.follows = "nixpkgs"; }; - outputs = - { self - , get-flake - , nixpkgs - , ... - }: - let - targetPlatform = "aarch64-linux"; - buildPlatform = "x86_64-linux"; - repoFlake = get-flake ../../../..; + # nixos-x13s.url = "git+https://codeberg.org/adamcstephens/nixos-x13s?rev=5044811f7804e7cf83923908d1b35322f34fb3fc"; # 6.7.0-1 + nixos-x13s.url = "git+https://codeberg.org/adamcstephens/nixos-x13s"; + nixos-x13s.inputs.nixpkgs.follows = "nixpkgs"; + }; - mkNixosConfiguration = { nodeName, extraModules ? [ ], ... } @ attrs: - nixpkgs.lib.nixosSystem ( - nixpkgs.lib.attrsets.recursiveUpdate - attrs - { - specialArgs = (import ./default.nix { - system = targetPlatform; - inherit nodeName repoFlake; + outputs = { + self, + get-flake, + nixpkgs, + ... + }: let + targetPlatform = "aarch64-linux"; + buildPlatform = "x86_64-linux"; + repoFlake = get-flake ../../../..; - nodeFlake = self; - }).meta.nodeSpecialArgs.${nodeName}; - - modules = - [ - # repoFlake.nixosModules.hardware-x13s - ] - ++ extraModules; - } - ); - in - { - lib = { - inherit mkNixosConfiguration; - }; - - nixosConfigurations = - let - nodeName = "steveej-x13s"; - in + mkNixosConfiguration = { + nodeName, + extraModules ? [], + ... + } @ attrs: + nixpkgs.lib.nixosSystem ( + nixpkgs.lib.attrsets.recursiveUpdate + attrs { - native = mkNixosConfiguration { - inherit nodeName; - system = targetPlatform; - extraModules = [ - ./configuration.nix - ]; - }; + specialArgs = + (import ./default.nix { + system = targetPlatform; + inherit nodeName repoFlake; - cross = mkNixosConfiguration { - inherit nodeName; - extraModules = [ - ./configuration.nix + nodeFlake = self; + }) + .meta + .nodeSpecialArgs + .${nodeName}; - { - nixpkgs.buildPlatform.system = buildPlatform; - nixpkgs.hostPlatform.system = targetPlatform; - } - ]; - }; - }; + modules = + [ + # repoFlake.nixosModules.hardware-x13s + ] + ++ extraModules; + } + ); + in { + lib = { + inherit mkNixosConfiguration; }; + + nixosConfigurations = let + nodeName = "steveej-x13s"; + in { + native = mkNixosConfiguration { + inherit nodeName; + system = targetPlatform; + extraModules = [ + ./configuration.nix + ]; + }; + + cross = mkNixosConfiguration { + inherit nodeName; + extraModules = [ + ./configuration.nix + + { + nixpkgs.buildPlatform.system = buildPlatform; + nixpkgs.hostPlatform.system = targetPlatform; + } + ]; + }; + }; + }; } diff --git a/nix/os/devices/voodoo/flake.nix b/nix/os/devices/voodoo/flake.nix index 6282785..a926349 100644 --- a/nix/os/devices/voodoo/flake.nix +++ b/nix/os/devices/voodoo/flake.nix @@ -32,13 +32,17 @@ nixpkgs.lib.attrsets.recursiveUpdate attrs { - specialArgs = (import ./default.nix { - system = targetPlatform; - inherit nodeName; + specialArgs = + (import ./default.nix { + system = targetPlatform; + inherit nodeName; - repoFlake = get-flake ../../../..; - nodeFlake = self; - }).meta.nodeSpecialArgs.${nodeName}; + repoFlake = get-flake ../../../..; + nodeFlake = self; + }) + .meta + .nodeSpecialArgs + .${nodeName}; modules = [ @@ -51,10 +55,8 @@ { nixpkgs.overlays = [ - (final: previous: - { + (final: previous: { }) - ]; } ] diff --git a/nix/os/lib/default.nix b/nix/os/lib/default.nix index 38930fe..a4dbcff 100644 --- a/nix/os/lib/default.nix +++ b/nix/os/lib/default.nix @@ -1,39 +1,38 @@ -{ lib -, config -, -}: -let - keys = import ../../variables/keys.nix; -in { - mkUser = args: lib.mkMerge [ - { - isNormalUser = true; - extraGroups = [ - "docker" - "wheel" - "libvirtd" - "networkmanager" - "vboxusers" - "users" - "input" - "audio" - "video" - "cdrom" - "adbusers" - "dialout" - "cdrom" - "fuse" - ]; - openssh.authorizedKeys.keys = keys.users.steveej.openssh; + lib, + config, +}: let + keys = import ../../variables/keys.nix; +in { + mkUser = args: + lib.mkMerge [ + { + isNormalUser = true; + extraGroups = [ + "docker" + "wheel" + "libvirtd" + "networkmanager" + "vboxusers" + "users" + "input" + "audio" + "video" + "cdrom" + "adbusers" + "dialout" + "cdrom" + "fuse" + ]; + openssh.authorizedKeys.keys = keys.users.steveej.openssh; - # TODO: investigate why this secret cannot be found - # openssh.authorizedKeys.keyFiles = [ - # config.sops.secrets.sharedSshKeys-steveej.path - # ]; - } - args - ]; + # TODO: investigate why this secret cannot be found + # openssh.authorizedKeys.keyFiles = [ + # config.sops.secrets.sharedSshKeys-steveej.path + # ]; + } + args + ]; disk = rec { # TODO: verify the GPT PARTLABEL cap at 36 chars @@ -41,7 +40,7 @@ in # LVM doesn't allow most characters in VG names # TODO: replace this with a whitelist for: [a-zA-Z0-9.-_+] - volumeGroup = diskId: builtins.replaceStrings [ ":" ] [ "" ] diskId; + volumeGroup = diskId: builtins.replaceStrings [":"] [""] diskId; # This is important at install-time bootGrubDevice = diskId: "/dev/disk/by-id/" + diskId; diff --git a/nix/os/modules/hardware.thinkpad-x13s.nix b/nix/os/modules/hardware.thinkpad-x13s.nix index df69d6c..1e7223d 100644 --- a/nix/os/modules/hardware.thinkpad-x13s.nix +++ b/nix/os/modules/hardware.thinkpad-x13s.nix @@ -1,10 +1,15 @@ -{ self, pkgs, config, lib, options, ... }: -let +{ + self, + pkgs, + config, + lib, + options, + ... +}: let # TODO: introduce options for these kernelPdMapper = true; cfg = config.hardware.thinkpad-x13s; -in -{ +in { options.hardware.thinkpad-x13s = { # TODO: respect this enable = lib.mkEnableOption "x13s hardware support"; @@ -14,223 +19,222 @@ in description = "mac address to set on boot"; }; }; - config = - let - inherit (config.boot.loader) efi; - kp = [ - { - name = "x13s-cfg"; - patch = null; - extraStructuredConfig = with lib.kernel; { - EFI_ARMSTUB_DTB_LOADER = lib.mkForce yes; - OF_OVERLAY = lib.mkForce yes; - BTRFS_FS = lib.mkForce yes; - BTRFS_FS_POSIX_ACL = lib.mkForce yes; - MEDIA_CONTROLLER = lib.mkForce yes; - SND_USB_AUDIO_USE_MEDIA_CONTROLLER = lib.mkForce yes; - SND_USB = lib.mkForce yes; - SND_USB_AUDIO = lib.mkForce module; - USB_XHCI_PCI = lib.mkForce module; - NO_HZ_FULL = lib.mkForce yes; - HZ_100 = lib.mkForce yes; - HZ_250 = lib.mkForce no; - DRM_AMDGPU = lib.mkForce no; - DRM_NOUVEAU = lib.mkForce no; - QCOM_TSENS = lib.mkForce yes; - NVMEM_QCOM_QFPROM = lib.mkForce yes; - ARM_QCOM_CPUFREQ_NVMEM = lib.mkForce yes; - VIRTIO_PCI = lib.mkForce module; - # forthcoming kernel work: QCOM_PD_MAPPER = lib.mkForce module; - }; - } - ]; + config = let + inherit (config.boot.loader) efi; + kp = [ + { + name = "x13s-cfg"; + patch = null; + extraStructuredConfig = with lib.kernel; { + EFI_ARMSTUB_DTB_LOADER = lib.mkForce yes; + OF_OVERLAY = lib.mkForce yes; + BTRFS_FS = lib.mkForce yes; + BTRFS_FS_POSIX_ACL = lib.mkForce yes; + MEDIA_CONTROLLER = lib.mkForce yes; + SND_USB_AUDIO_USE_MEDIA_CONTROLLER = lib.mkForce yes; + SND_USB = lib.mkForce yes; + SND_USB_AUDIO = lib.mkForce module; + USB_XHCI_PCI = lib.mkForce module; + NO_HZ_FULL = lib.mkForce yes; + HZ_100 = lib.mkForce yes; + HZ_250 = lib.mkForce no; + DRM_AMDGPU = lib.mkForce no; + DRM_NOUVEAU = lib.mkForce no; + QCOM_TSENS = lib.mkForce yes; + NVMEM_QCOM_QFPROM = lib.mkForce yes; + ARM_QCOM_CPUFREQ_NVMEM = lib.mkForce yes; + VIRTIO_PCI = lib.mkForce module; + # forthcoming kernel work: QCOM_PD_MAPPER = lib.mkForce module; + }; + } + ]; - qrtr = pkgs.callPackage "${self.inputs.adamcstephens_stop-export}/hardware/x13s/qrtr/qrtr.nix" { }; - pd-mapper = pkgs.callPackage "${self.inputs.adamcstephens_stop-export}/hardware/x13s/qrtr/pd-mapper.nix" { - inherit qrtr; - }; + qrtr = pkgs.callPackage "${self.inputs.adamcstephens_stop-export}/hardware/x13s/qrtr/qrtr.nix" {}; + pd-mapper = pkgs.callPackage "${self.inputs.adamcstephens_stop-export}/hardware/x13s/qrtr/pd-mapper.nix" { + inherit qrtr; + }; - - # We can't quite move to mainline linux - linux_x13s_pkg = { buildLinux, ... } @ args: - buildLinux (args // rec { + # We can't quite move to mainline linux + linux_x13s_pkg = {buildLinux, ...} @ args: + buildLinux (args + // rec { version = "6.7.0"; modDirVersion = lib.versions.pad 3 version; extraMeta.branch = lib.versions.majorMinor version; src = self.inputs.linux_x13s; - kernelPatches = (args.kernelPatches or [ ]) ++ kp; - } // (args.argsOverride or { })); + kernelPatches = (args.kernelPatches or []) ++ kp; + } + // (args.argsOverride or {})); - # we add additional configuration on top of te normal configuration above - # using the extraStructuredConfig option on the kernel patch - linux_x13s = pkgs.callPackage linux_x13s_pkg { - defconfig = "johan_defconfig"; - }; + # we add additional configuration on top of te normal configuration above + # using the extraStructuredConfig option on the kernel patch + linux_x13s = pkgs.callPackage linux_x13s_pkg { + defconfig = "johan_defconfig"; + }; - linuxPackages_x13s = pkgs.linuxPackagesFor linux_x13s; - dtbName = "sc8280xp-lenovo-thinkpad-x13s.dtb"; - dtb = "${linuxPackages_x13s.kernel}/dtbs/qcom/${dtbName}"; + linuxPackages_x13s = pkgs.linuxPackagesFor linux_x13s; + dtbName = "sc8280xp-lenovo-thinkpad-x13s.dtb"; + dtb = "${linuxPackages_x13s.kernel}/dtbs/qcom/${dtbName}"; - x13s_alsa-ucm-conf = pkgs.alsa-ucm-conf.overrideAttrs (prev: { - src = self.inputs.alsa-ucm-conf; - }); - alsa-ucm-conf-env.ALSA_CONFIG_UCM2 = "${x13s_alsa-ucm-conf}/share/alsa/ucm2"; - - in + x13s_alsa-ucm-conf = pkgs.alsa-ucm-conf.overrideAttrs (prev: { + src = self.inputs.alsa-ucm-conf; + }); + alsa-ucm-conf-env.ALSA_CONFIG_UCM2 = "${x13s_alsa-ucm-conf}/share/alsa/ucm2"; + in lib.mkIf cfg.enable - { - nixpkgs.overlays = [ - (final: prev: - { - x13s_extra-firmware = pkgs.callPackage - "${self.inputs.adamcstephens_stop-export}/hardware/x13s/extra-firmware.nix" - { }; + { + nixpkgs.overlays = [ + ( + final: prev: { + x13s_extra-firmware = + pkgs.callPackage + "${self.inputs.adamcstephens_stop-export}/hardware/x13s/extra-firmware.nix" + {}; - inherit qrtr pd-mapper; - } - ) + inherit qrtr pd-mapper; + } + ) + ]; + + # ensure the x13s' dtb file is in the boot partition + # TODO:: is this needed for the VT display somehow? + system.activationScripts.x13s-dtb = '' + in_package="${dtb}" + esp_tool_folder="${efi.efiSysMountPoint}/" + in_esp="''${esp_tool_folder}${dtbName}" + >&2 echo "Ensuring $in_esp in EFI System Partition" + if ! ${pkgs.diffutils}/bin/cmp --silent "$in_package" "$in_esp"; then + >&2 echo "Copying $in_package -> $in_esp" + mkdir -p "$esp_tool_folder" + cp "$in_package" "$in_esp" + sync + fi + ''; + + boot = { + loader.systemd-boot.enable = true; + loader.systemd-boot.extraFiles = { + "${dtbName}" = dtb; + }; + loader.efi.canTouchEfiVariables = false; + loader.efi.efiSysMountPoint = "/boot"; + + blacklistedKernelModules = ["wwan"]; + + kernelPackages = linuxPackages_x13s; + + kernelParams = [ + "dtb=${dtbName}" + + "boot.shell_on_fail" + + # jhovold recommended + "efi=noruntime" + "clk_ignore_unused" + "pd_ignore_unused" + "arm64.nopauth" + + # blacklist graphics in initrd so the firmware can load from disk + "rd.driver.blacklist=msm" ]; - # ensure the x13s' dtb file is in the boot partition - # TODO:: is this needed for the VT display somehow? - system.activationScripts.x13s-dtb = '' - in_package="${dtb}" - esp_tool_folder="${efi.efiSysMountPoint}/" - in_esp="''${esp_tool_folder}${dtbName}" - >&2 echo "Ensuring $in_esp in EFI System Partition" - if ! ${pkgs.diffutils}/bin/cmp --silent "$in_package" "$in_esp"; then - >&2 echo "Copying $in_package -> $in_esp" - mkdir -p "$esp_tool_folder" - cp "$in_package" "$in_esp" - sync - fi - ''; + initrd = { + includeDefaultModules = false; - boot = { - loader.systemd-boot.enable = true; - loader.systemd-boot.extraFiles = { - "${dtbName}" = dtb; - }; - loader.efi.canTouchEfiVariables = false; - loader.efi.efiSysMountPoint = "/boot"; + # kernelModules = [ + # "nvme" + # "phy_qcom_qmp_pcie" + # "pcie_qcom" - blacklistedKernelModules = [ "wwan" ]; + # "i2c_core" + # "i2c_hid" + # "i2c_hid_of" + # "i2c_qcom_geni" - kernelPackages = linuxPackages_x13s; + # "leds_qcom_lpg" + # "pwm_bl" + # "qrtr" + # "pmic_glink_altmode" + # "gpio_sbu_mux" + # "phy_qcom_qmp_combo" + # "gpucc_sc8280xp" + # "dispcc_sc8280xp" + # "phy_qcom_edp" + # "panel_edp" + # # "msm" - kernelParams = [ - "dtb=${dtbName}" + # ]; - "boot.shell_on_fail" + availableKernelModules = [ + "i2c_hid" + "i2c_hid_of" + "i2c_qcom_geni" + "leds_qcom_lpg" + "pwm_bl" + "qrtr" + "pmic_glink_altmode" + "gpio_sbu_mux" + "phy_qcom_qmp_combo" + "panel_edp" + # "msm" + "phy_qcom_edp" + "i2c_core" + "i2c_hid" + "i2c_hid_of" + "i2c_qcom_geni" + "pcie_qcom" + "phy_qcom_qmp_combo" + "phy_qcom_qmp_pcie" + "phy_qcom_qmp_usb" + "phy_qcom_snps_femto_v2" + "phy_qcom_usb_hs" + "nvme" - # jhovold recommended - "efi=noruntime" - "clk_ignore_unused" - "pd_ignore_unused" - "arm64.nopauth" - - # blacklist graphics in initrd so the firmware can load from disk - "rd.driver.blacklist=msm" + "usbcore" + "xhci_hcd" + "usbhid" + "usb_storage" + "uas" ]; - - initrd = { - includeDefaultModules = false; - - # kernelModules = [ - # "nvme" - # "phy_qcom_qmp_pcie" - # "pcie_qcom" - - # "i2c_core" - # "i2c_hid" - # "i2c_hid_of" - # "i2c_qcom_geni" - - # "leds_qcom_lpg" - # "pwm_bl" - # "qrtr" - # "pmic_glink_altmode" - # "gpio_sbu_mux" - # "phy_qcom_qmp_combo" - # "gpucc_sc8280xp" - # "dispcc_sc8280xp" - # "phy_qcom_edp" - # "panel_edp" - # # "msm" - - # ]; - - availableKernelModules = [ - "i2c_hid" - "i2c_hid_of" - "i2c_qcom_geni" - "leds_qcom_lpg" - "pwm_bl" - "qrtr" - "pmic_glink_altmode" - "gpio_sbu_mux" - "phy_qcom_qmp_combo" - "panel_edp" - # "msm" - "phy_qcom_edp" - "i2c_core" - "i2c_hid" - "i2c_hid_of" - "i2c_qcom_geni" - "pcie_qcom" - "phy_qcom_qmp_combo" - "phy_qcom_qmp_pcie" - "phy_qcom_qmp_usb" - "phy_qcom_snps_femto_v2" - "phy_qcom_usb_hs" - "nvme" - - "usbcore" - "xhci_hcd" - "usbhid" - "usb_storage" - "uas" - ]; - }; - }; - - - # default is performance - powerManagement.cpuFreqGovernor = "ondemand"; - - hardware.enableAllFirmware = true; - hardware.firmware = [ - # pkgs.linux-firmware - - pkgs.x13s_extra-firmware - ]; - - systemd.services.pd-mapper = { - wantedBy = [ "multi-user.target" ]; - - serviceConfig = { - ExecStart = "${lib.getExe pd-mapper}"; - Restart = "always"; - }; - }; - - environment.sessionVariables = alsa-ucm-conf-env; - systemd.user.services.pipewire.environment = alsa-ucm-conf-env; - systemd.user.services.wireplumber.environment = alsa-ucm-conf-env; - - systemd.services.bluetooth = { - serviceConfig = { - # disabled because btmgmt call hangs - ExecStartPre = [ - "" - "${pkgs.util-linux}/bin/rfkill block bluetooth" - "${pkgs.bluez5-experimental}/bin/btmgmt public-addr ${cfg.bluetoothMac}" - "${pkgs.util-linux}/bin/rfkill unblock bluetooth" - ]; - RestartSec = 5; - Restart = "on-failure"; - }; }; }; + + # default is performance + powerManagement.cpuFreqGovernor = "ondemand"; + + hardware.enableAllFirmware = true; + hardware.firmware = [ + # pkgs.linux-firmware + + pkgs.x13s_extra-firmware + ]; + + systemd.services.pd-mapper = { + wantedBy = ["multi-user.target"]; + + serviceConfig = { + ExecStart = "${lib.getExe pd-mapper}"; + Restart = "always"; + }; + }; + + environment.sessionVariables = alsa-ucm-conf-env; + systemd.user.services.pipewire.environment = alsa-ucm-conf-env; + systemd.user.services.wireplumber.environment = alsa-ucm-conf-env; + + systemd.services.bluetooth = { + serviceConfig = { + # disabled because btmgmt call hangs + ExecStartPre = [ + "" + "${pkgs.util-linux}/bin/rfkill block bluetooth" + "${pkgs.bluez5-experimental}/bin/btmgmt public-addr ${cfg.bluetoothMac}" + "${pkgs.util-linux}/bin/rfkill unblock bluetooth" + ]; + RestartSec = 5; + Restart = "on-failure"; + }; + }; + }; } diff --git a/nix/os/modules/opinionatedDisk.nix b/nix/os/modules/opinionatedDisk.nix index 5dea719..dbe449b 100644 --- a/nix/os/modules/opinionatedDisk.nix +++ b/nix/os/modules/opinionatedDisk.nix @@ -11,8 +11,7 @@ with lib; let earlyDiskId = cfg: if cfg.earlyDiskIdOverride != "" then cfg.earlyDiskIdOverride - else cfg.diskId - ; + else cfg.diskId; in { options.hardware.opinionatedDisk = { enable = mkEnableOption "Enable opinionated filesystem layout"; diff --git a/nix/os/profiles/common/configuration.nix b/nix/os/profiles/common/configuration.nix index c6ed9fb..7c1f786 100644 --- a/nix/os/profiles/common/configuration.nix +++ b/nix/os/profiles/common/configuration.nix @@ -1,10 +1,11 @@ -{ config -, pkgs -, repoFlake -, nodeFlake -, repoFlakeInputs' -, packages' -, ... +{ + config, + pkgs, + repoFlake, + nodeFlake, + repoFlakeInputs', + packages', + ... }: { imports = [ repoFlake.inputs.sops-nix.nixosModules.sops @@ -29,7 +30,7 @@ boot.tmp.useTmpfs = true; # Workaround for nm-pptp to enforce module load - boot.kernelModules = [ "nf_conntrack_proto_gre" "nf_conntrack_pptp" ]; + boot.kernelModules = ["nf_conntrack_proto_gre" "nf_conntrack_pptp"]; nixpkgs.config = { allowBroken = false; diff --git a/nix/os/profiles/common/system.nix b/nix/os/profiles/common/system.nix index 9c25dbc..f576a28 100644 --- a/nix/os/profiles/common/system.nix +++ b/nix/os/profiles/common/system.nix @@ -1,8 +1,9 @@ -{ config -, pkgs -, lib -, nodeName -, ... +{ + config, + pkgs, + lib, + nodeName, + ... }: { networking.hostName = builtins.elemAt (builtins.split "\\." nodeName) 0; # Define your hostname. networking.domain = builtins.elemAt (builtins.split "(^[^\\.]+\.)" nodeName) 2; @@ -14,11 +15,11 @@ ''; # Fonts, I18N, Date ... - fonts.packages = [ pkgs.corefonts ]; + fonts.packages = [pkgs.corefonts]; console.font = "lat9w-16"; - i18n = { defaultLocale = "en_US.UTF-8"; }; + i18n = {defaultLocale = "en_US.UTF-8";}; time.timeZone = "Etc/UTC"; services.gpm.enable = true; diff --git a/nix/os/profiles/common/user.nix b/nix/os/profiles/common/user.nix index 1b6afbd..3d74166 100644 --- a/nix/os/profiles/common/user.nix +++ b/nix/os/profiles/common/user.nix @@ -1,9 +1,9 @@ -{ config -, pkgs -, lib -, ... -}: -let +{ + config, + pkgs, + lib, + ... +}: let keys = import ../../../variables/keys.nix; inherit (import ../../lib/default.nix { @@ -16,8 +16,7 @@ let inherit (lib) types; cfg = config.users.commonUsers; -in -{ +in { options.users.commonUsers = { enable = lib.mkOption { default = true; @@ -77,7 +76,6 @@ in }) ]; - users.users.steveej = lib.mkIf cfg.enableNonRoot (mkUser (lib.mkMerge [ { uid = 1000; diff --git a/nix/os/profiles/graphical/system.nix b/nix/os/profiles/graphical/system.nix index a90c1e8..ce49500 100644 --- a/nix/os/profiles/graphical/system.nix +++ b/nix/os/profiles/graphical/system.nix @@ -1,6 +1,7 @@ -{ pkgs -, lib -, ... +{ + pkgs, + lib, + ... }: { imports = [ ../../snippets/bluetooth.nix @@ -25,7 +26,7 @@ services.pcscd.enable = true; hardware.opengl.enable = true; - services.udev.packages = [ pkgs.libu2f-host pkgs.yubikey-personalization pkgs.android-udev-rules ]; + services.udev.packages = [pkgs.libu2f-host pkgs.yubikey-personalization pkgs.android-udev-rules]; services.udev.extraRules = '' # OnePlusOne ATTR{idVendor}=="05c6", ATTR{idProduct}=="6764", SYMLINK+="libmtp-%k", MODE="660", GROUP="audio", ENV{ID_MTP_DEVICE}="1", ENV{ID_MEDIA_PLAYER}="1", TAG+="uaccess" @@ -52,6 +53,6 @@ services.printing = { enable = true; - drivers = with pkgs; [ mfcl3770cdwlpr mfcl3770cdwcupswrapper ]; + drivers = with pkgs; [mfcl3770cdwlpr mfcl3770cdwcupswrapper]; }; } diff --git a/nix/os/snippets/bluetooth.nix b/nix/os/snippets/bluetooth.nix index 47c5ab5..a4cfeca 100644 --- a/nix/os/snippets/bluetooth.nix +++ b/nix/os/snippets/bluetooth.nix @@ -1,9 +1,10 @@ -{ pkgs -, lib -, ... +{ + pkgs, + lib, + ... }: { # required for running blueman-applet in user sessions - services.dbus.packages = with pkgs; [ blueman ]; + services.dbus.packages = with pkgs; [blueman]; hardware.bluetooth.enable = true; services.blueman.enable = true; } diff --git a/nix/os/snippets/home-manager-with-zsh.nix b/nix/os/snippets/home-manager-with-zsh.nix index 5bbb1e5..63f4962 100644 --- a/nix/os/snippets/home-manager-with-zsh.nix +++ b/nix/os/snippets/home-manager-with-zsh.nix @@ -1,12 +1,11 @@ -{ nodeFlake -, repoFlake -, repoFlakeInputs' -, packages' -, pkgs -, ... -}: - -let +{ + nodeFlake, + repoFlake, + repoFlakeInputs', + packages', + pkgs, + ... +}: let # TODO: make this configurable homeUser = "steveej"; commonHomeImports = [ @@ -14,8 +13,7 @@ let ../../home-manager/programs/neovim.nix ../../home-manager/programs/zsh.nix ]; -in -{ +in { imports = [ nodeFlake.inputs.home-manager.nixosModules.home-manager ]; @@ -45,5 +43,5 @@ in programs.zsh.enable = true; users.defaultUserShell = pkgs.zsh; - environment.pathsToLink = [ "/share/zsh" ]; + environment.pathsToLink = ["/share/zsh"]; } diff --git a/nix/os/snippets/nix-settings.nix b/nix/os/snippets/nix-settings.nix index f3f577b..704d69a 100644 --- a/nix/os/snippets/nix-settings.nix +++ b/nix/os/snippets/nix-settings.nix @@ -1,7 +1,8 @@ -{ nodeFlake -, pkgs -, lib -, ... +{ + nodeFlake, + pkgs, + lib, + ... }: { nix.daemonCPUSchedPolicy = "idle"; nix.daemonIOSchedClass = "idle"; @@ -25,5 +26,4 @@ ]; nix.registry.nixpkgs.flake = nodeFlake.inputs.nixpkgs; - } diff --git a/nix/os/snippets/radicale.nix b/nix/os/snippets/radicale.nix index 74edd68..69628bf 100644 --- a/nix/os/snippets/radicale.nix +++ b/nix/os/snippets/radicale.nix @@ -1,15 +1,13 @@ -{ config -, lib -, pkgs -, repoFlakeInputs' -, ... -}: - -let +{ + config, + lib, + pkgs, + repoFlakeInputs', + ... +}: let # TODO: make configurable homeUser = "steveej"; -in -{ +in { sops.secrets.radicale_htpasswd = { sopsFile = ../../../secrets/desktop/radicale_htpasswd; format = "binary"; @@ -19,11 +17,13 @@ in home-manager.users.${homeUser} = _: { imports = [ # TODO: bump these to latest and make it work - (args: - import ../../home-manager/programs/radicale.nix (args // { - osConfig = config; - pkgs = repoFlakeInputs'.radicalePkgs.legacyPackages; - }) + ( + args: + import ../../home-manager/programs/radicale.nix (args + // { + osConfig = config; + pkgs = repoFlakeInputs'.radicalePkgs.legacyPackages; + }) ) ]; }; diff --git a/nix/os/snippets/sway-desktop.nix b/nix/os/snippets/sway-desktop.nix index 4c51002..46c2bc0 100644 --- a/nix/os/snippets/sway-desktop.nix +++ b/nix/os/snippets/sway-desktop.nix @@ -1,14 +1,12 @@ -{ pkgs -, lib -, config -, ... -}: - -let +{ + pkgs, + lib, + config, + ... +}: let # TODO: make this configurable homeUser = "steveej"; -in -{ +in { services.xserver.serverFlagsSection = '' Option "BlankTime" "0" Option "StandbyTime" "0" @@ -30,7 +28,7 @@ in # required by swaywm security.polkit.enable = true; - security.pam.services.swaylock = { }; + security.pam.services.swaylock = {}; # test these on https://mozilla.github.io/webrtc-landing/gum_test.html xdg.portal = { @@ -54,7 +52,6 @@ in ]; }; - # rtkit is optional but recommended security.rtkit.enable = true; services.pipewire = { @@ -74,8 +71,8 @@ in # autologin steveej on tty1 # TODO: make user configurable systemd.services."autovt@tty1".description = "Autologin at the TTY1"; - systemd.services."autovt@tty1".after = [ "systemd-logind.service" ]; # without it user session not started and xorg can't be run from this tty - systemd.services."autovt@tty1".wantedBy = [ "multi-user.target" ]; + systemd.services."autovt@tty1".after = ["systemd-logind.service"]; # without it user session not started and xorg can't be run from this tty + systemd.services."autovt@tty1".wantedBy = ["multi-user.target"]; systemd.services."autovt@tty1".serviceConfig = { ExecStart = [ "" # override upstream default with an empty ExecStart @@ -85,19 +82,17 @@ in Type = "idle"; }; - programs = - let - steveejSwayOnTty1 = '' - if test $(id --user steveej) = $(id -u) && test $(tty) = "/dev/tty1"; then - exec sway - fi - ''; - in - { - bash.loginShellInit = steveejSwayOnTty1; - # TODO: only do this when zsh is enabled. first naiv attempt lead infinite recursion - zsh.loginShellInit = steveejSwayOnTty1; - }; + programs = let + steveejSwayOnTty1 = '' + if test $(id --user steveej) = $(id -u) && test $(tty) = "/dev/tty1"; then + exec sway + fi + ''; + in { + bash.loginShellInit = steveejSwayOnTty1; + # TODO: only do this when zsh is enabled. first naiv attempt lead infinite recursion + zsh.loginShellInit = steveejSwayOnTty1; + }; home-manager.users."${homeUser}" = _: { imports = [ diff --git a/nix/os/snippets/timezone.nix b/nix/os/snippets/timezone.nix index a3ebd92..25aee48 100644 --- a/nix/os/snippets/timezone.nix +++ b/nix/os/snippets/timezone.nix @@ -1,9 +1,5 @@ -{ lib, ... }: - -let +{lib, ...}: let passwords = import ../../variables/passwords.crypt.nix; - -in -{ +in { time.timeZone = lib.mkDefault passwords.timeZone.stefan; } diff --git a/nix/pkgs/logseq/default.nix b/nix/pkgs/logseq/default.nix index 40cc9cd..c1dffd0 100644 --- a/nix/pkgs/logseq/default.nix +++ b/nix/pkgs/logseq/default.nix @@ -1,30 +1,30 @@ -{ lib -, stdenv -, fetchurl -, appimageTools -, makeWrapper - # graphs will not sync without matching upstream's major electron version -, electron_27 -, git -, nix-update-script -, overrideSrc ? null -}: - -stdenv.mkDerivation (finalAttrs: -let - inherit (finalAttrs) pname version src appimageContents; - -in { + lib, + stdenv, + fetchurl, + appimageTools, + makeWrapper, + # graphs will not sync without matching upstream's major electron version + electron_27, + git, + nix-update-script, + overrideSrc ? null, +}: +stdenv.mkDerivation (finalAttrs: let + inherit (finalAttrs) pname version src appimageContents; +in { pname = "logseq"; version = "0.10.5"; - src = if overrideSrc != null then overrideSrc else - (fetchurl { - url = "https://github.com/logseq/logseq/releases/download/${version}/logseq-linux-x64-${version}.AppImage"; - hash = "sha256-F3YbqgvL04P0nXaIVkJlCq/z8hUE0M0UutkBs2omuBE="; - name = "${pname}-${version}.AppImage"; - }); + src = + if overrideSrc != null + then overrideSrc + else + (fetchurl { + url = "https://github.com/logseq/logseq/releases/download/${version}/logseq-linux-x64-${version}.AppImage"; + hash = "sha256-F3YbqgvL04P0nXaIVkJlCq/z8hUE0M0UutkBs2omuBE="; + name = "${pname}-${version}.AppImage"; + }); appimageContents = appimageTools.extract { inherit pname src version; @@ -34,7 +34,7 @@ in dontConfigure = true; dontBuild = true; - nativeBuildInputs = [ makeWrapper ]; + nativeBuildInputs = [makeWrapper]; installPhase = '' runHook preInstall @@ -67,17 +67,17 @@ in --set "LOCAL_GIT_DIRECTORY" ${git} \ --add-flags $out/share/${pname}/resources/app \ --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations}}" \ - --prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [ stdenv.cc.cc.lib ]}" + --prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [stdenv.cc.cc.lib]}" ''; - passthru.updateScript = nix-update-script { }; + passthru.updateScript = nix-update-script {}; meta = { description = "A local-first, non-linear, outliner notebook for organizing and sharing your personal knowledge base"; homepage = "https://github.com/logseq/logseq"; changelog = "https://github.com/logseq/logseq/releases/tag/${version}"; license = lib.licenses.agpl3Plus; - maintainers = with lib.maintainers; [ ]; - platforms = [ "x86_64-linux" "aarch64-linux" ]; + maintainers = with lib.maintainers; []; + platforms = ["x86_64-linux" "aarch64-linux"]; }; })