steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

nix fmt

Browse source
This commit is contained in:
steveej 2024-02-08 20:53:22 +01:00
parent a9218a80e6
commit 7137e93805
49 changed files with 2034 additions and 2002 deletions
Download patch file Download diff file Expand all files Collapse all files

95
flake.nix
View file

@ -75,7 +75,6 @@
flake = false; flake = false;
}; };
### inputs for thinkpad x13s ### inputs for thinkpad x13s
# see https://github.com/jhovold/linux/wiki/X13s for status updates # see https://github.com/jhovold/linux/wiki/X13s for status updates
linux_x13s.url = "github:jhovold/linux/wip/sc8280xp-v6.7"; linux_x13s.url = "github:jhovold/linux/wip/sc8280xp-v6.7";
@ -91,26 +90,23 @@
url = "git+https://codeberg.org/adamcstephens/stop-export.git"; url = "git+https://codeberg.org/adamcstephens/stop-export.git";
}; };
# alsa-ucm-conf = { # alsa-ucm-conf = {
# flake = false; # flake = false;
# url = "github:alsa-project/alsa-ucm-conf/master"; # url = "github:alsa-project/alsa-ucm-conf/master";
# }; # };
logseq_0_10_5_aarch64_appimage = { logseq_0_10_5_aarch64_appimage = {
flake = false; flake = false;
url = "https://www.stefanjunker.de/downloads/Logseq-0.10.5.AppImage"; url = "https://www.stefanjunker.de/downloads/Logseq-0.10.5.AppImage";
}; };
}; };
outputs = outputs = inputs @ {
inputs @ { self self,
, flake-parts flake-parts,
, nixpkgs nixpkgs,
, ... ...
}: }: let
let
inherit (nixpkgs) lib; inherit (nixpkgs) lib;
systems = [ systems = [
@ -118,8 +114,8 @@
"aarch64-linux" "aarch64-linux"
]; ];
in in
flake-parts.lib.mkFlake { inherit inputs; } flake-parts.lib.mkFlake {inherit inputs;}
({ withSystem, ... }: { ({withSystem, ...}: {
flake.colmena = flake.colmena =
lib.lists.foldl (sum: cur: lib.attrsets.recursiveUpdate sum cur) lib.lists.foldl (sum: cur: lib.attrsets.recursiveUpdate sum cur)
{ {
@ -153,16 +149,13 @@
]); ]);
# this makes nixos-anywhere work # this makes nixos-anywhere work
flake.nixosConfigurations = flake.nixosConfigurations = let
let
colmenaHive = (inputs.colmena.lib.makeHive self.outputs.colmena).nodes; colmenaHive = (inputs.colmena.lib.makeHive self.outputs.colmena).nodes;
router0-dmz0 = (inputs.get-flake ./nix/os/devices/router0-dmz0).nixosConfigurations; router0-dmz0 = (inputs.get-flake ./nix/os/devices/router0-dmz0).nixosConfigurations;
retro = (inputs.get-flake ./nix/os/devices/retro).nixosConfigurations; retro = (inputs.get-flake ./nix/os/devices/retro).nixosConfigurations;
in in (
( colmenaHive
colmenaHive // // {
{
router0-dmz0 = router0-dmz0.native; router0-dmz0 = router0-dmz0.native;
# for now deploy directly with: # for now deploy directly with:
@ -179,22 +172,21 @@
inherit systems; inherit systems;
perSystem = perSystem = {
{ self' self',
, inputs' inputs',
, system system,
, config config,
, lib lib,
, pkgs pkgs,
, ... ...
}: { }: {
imports = [ imports = [
./nix/modules/flake-parts/perSystem/default.nix ./nix/modules/flake-parts/perSystem/default.nix
]; ];
packages = packages = let
let dcpj4110dw = pkgs.callPackage (self + /nix/pkgs/dcpj4110dw) {};
dcpj4110dw = pkgs.callPackage (self + /nix/pkgs/dcpj4110dw) { };
craneLib = craneLib =
inputs.crane.lib.${system}.overrideToolchain inputs.crane.lib.${system}.overrideToolchain
@ -208,8 +200,7 @@
# date = "1.60.0"; # date = "1.60.0";
# } # }
); );
in in {
{
dcpj4110dwDriver = dcpj4110dw.driver; dcpj4110dwDriver = dcpj4110dw.driver;
dcpj4110dwCupswrapper = dcpj4110dw.cupswrapper; dcpj4110dwCupswrapper = dcpj4110dw.cupswrapper;
@ -239,22 +230,25 @@
]; ];
}; };
prs = pkgs.callPackage prs =
({ pkgs pkgs.callPackage
, dbus ({
, glib pkgs,
, gpgme dbus,
, gtk3 glib,
, libxcb gpgme,
, libxkbcommon gtk3,
, installShellFiles libxcb,
, pkg-config libxkbcommon,
, python3 installShellFiles,
}: craneLib.buildPackage { pkg-config,
python3,
}:
craneLib.buildPackage {
pname = "prs"; pname = "prs";
version = inputs.prs.shortRev; version = inputs.prs.shortRev;
src = inputs.prs; src = inputs.prs;
nativeBuildInputs = [ gpgme installShellFiles pkg-config python3 ]; nativeBuildInputs = [gpgme installShellFiles pkg-config python3];
buildInputs = [ buildInputs = [
dbus dbus
@ -273,7 +267,7 @@
done done
''; '';
}) })
{ }; {};
nomad = inputs'.nixpkgs-unstable-small.legacyPackages.nomad_1_6; nomad = inputs'.nixpkgs-unstable-small.legacyPackages.nomad_1_6;
@ -304,7 +298,8 @@
ssh root@${self.colmena.sj-vps-htz0.deployment.targetHost} -L 8385:syncthing.containers:8384 ssh root@${self.colmena.sj-vps-htz0.deployment.targetHost} -L 8385:syncthing.containers:8384
''; '';
logseq = pkgs.callPackage ./nix/pkgs/logseq logseq =
pkgs.callPackage ./nix/pkgs/logseq
(lib.attrsets.optionalAttrs pkgs.stdenv.isAarch64 { (lib.attrsets.optionalAttrs pkgs.stdenv.isAarch64 {
overrideSrc = self.inputs.logseq_0_10_5_aarch64_appimage; overrideSrc = self.inputs.logseq_0_10_5_aarch64_appimage;
}); });
@ -312,8 +307,7 @@
formatter = pkgs.alejandra; formatter = pkgs.alejandra;
devShells = devShells = let
let
all = import ./nix/devShells.nix { all = import ./nix/devShells.nix {
inherit inherit
self' self'
@ -321,8 +315,7 @@
pkgs pkgs
; ;
}; };
in in (all // {default = all.develop;});
(all // { default = all.develop; });
}; };
flake.nixosModules = { flake.nixosModules = {

9
nix/devShells.nix
View file

@ -1,9 +1,8 @@
{ self'
, inputs'
, pkgs
}:
{ {
self',
inputs',
pkgs,
}: {
install = pkgs.mkShell { install = pkgs.mkShell {
name = "infra-install"; name = "infra-install";
packages = with pkgs; [ packages = with pkgs; [

47
nix/home-manager/configuration/graphical-fullblown.nix
View file

@ -1,16 +1,15 @@
{ pkgs
, lib
, config
, # these come in via home-manager.extraSpecialArgs and are specific to each node
nodeFlake
, packages'
, ...
}:
let
# pkgsMaster = nodeFlake.inputs.nixpkgs-master.legacyPackages.${pkgs.system};
pkgsUnstableSmall = import nodeFlake.inputs.nixpkgs-unstable-small { inherit (pkgs) system config; };
in
{ {
pkgs,
lib,
config,
# these come in via home-manager.extraSpecialArgs and are specific to each node
nodeFlake,
packages',
...
}: let
# pkgsMaster = nodeFlake.inputs.nixpkgs-master.legacyPackages.${pkgs.system};
pkgsUnstableSmall = import nodeFlake.inputs.nixpkgs-unstable-small {inherit (pkgs) system config;};
in {
imports = [ imports = [
../profiles/common.nix ../profiles/common.nix
# ../profiles/dotfiles.nix # ../profiles/dotfiles.nix
@ -37,7 +36,7 @@ in
home.sessionVariables.HM_CONFIG = "graphical-fullblown"; home.sessionVariables.HM_CONFIG = "graphical-fullblown";
home.sessionVariables.GOPATH = "$HOME/src/go"; home.sessionVariables.GOPATH = "$HOME/src/go";
home.sessionVariables.PATH = pkgs.lib.concatStringsSep ":" [ "$HOME/.local/bin" "$PATH" ]; home.sessionVariables.PATH = pkgs.lib.concatStringsSep ":" ["$HOME/.local/bin" "$PATH"];
nixpkgs.config.permittedInsecurePackages = [ nixpkgs.config.permittedInsecurePackages = [
"electron-24.8.6" "electron-24.8.6"
@ -45,7 +44,7 @@ in
]; ];
home.packages = home.packages =
[ ] []
++ (with pkgs; [ ++ (with pkgs; [
# Authentication # Authentication
# cacert # cacert
@ -117,15 +116,14 @@ in
pkgsUnstableSmall.signal-desktop.overrideAttrs (old: pkgsUnstableSmall.signal-desktop.overrideAttrs (old:
lib.attrsets.optionalAttrs pkgs.stdenv.isAarch64 { lib.attrsets.optionalAttrs pkgs.stdenv.isAarch64 {
inherit version; inherit version;
src = builtins.fetchurl src =
builtins.fetchurl
{ {
url = "https://github.com/0mniteck/Signal-Desktop-Mobian/raw/master/builds/release/signal-desktop_${version}_arm64.deb"; url = "https://github.com/0mniteck/Signal-Desktop-Mobian/raw/master/builds/release/signal-desktop_${version}_arm64.deb";
sha256 = sha256 =
# lib.fakeSha256 # lib.fakeSha256
"sha256:0svb5vz08n3j4lx4kdjmx5lw9619kvvxg981rs6chh83qz5y519k" "sha256:0svb5vz08n3j4lx4kdjmx5lw9619kvvxg981rs6chh83qz5y519k";
; };
}
;
}) })
) )
@ -133,7 +131,6 @@ in
# gnome.cheese # gnome.cheese
# Virtualization # Virtualization
# virtmanager # virtmanager
@ -141,8 +138,6 @@ in
remmina remmina
# freerdp # freerdp
# Audio/Video Players # Audio/Video Players
ffmpeg ffmpeg
vlc vlc
@ -193,7 +188,6 @@ in
# mendeley # mendeley
evince evince
# File Synchronzation # File Synchronzation
maestral maestral
rsync rsync
@ -208,7 +202,6 @@ in
# gparted # gparted
# smartmontools # smartmontools
## Python ## Python
# packages'.myPython # packages'.myPython
@ -259,7 +252,8 @@ in
++ (lib.lists.optionals (!pkgs.stdenv.targetPlatform.isAarch64) [ ++ (lib.lists.optionals (!pkgs.stdenv.targetPlatform.isAarch64) [
]) ])
++ (lib.lists.optionals (!pkgs.stdenv.targetPlatform.isAarch64) [ ++ (lib.lists.optionals (!pkgs.stdenv.targetPlatform.isAarch64) [
(pkgs.banana-accounting.overrideDerivation (
pkgs.banana-accounting.overrideDerivation
(attrs: (attrs:
with nodeFlake.inputs'.nixpkgs-2211.legacyPackages; { with nodeFlake.inputs'.nixpkgs-2211.legacyPackages; {
# dontWrapGApps = true; # dontWrapGApps = true;
@ -300,8 +294,7 @@ in
pkgs.discord pkgs.discord
pkgsUnstableSmall.session-desktop pkgsUnstableSmall.session-desktop
pkgsUnstableSmall.rustdesk pkgsUnstableSmall.rustdesk
]) ]);
;
systemd.user.startServices = true; systemd.user.startServices = true;
services.syncthing.enable = true; services.syncthing.enable = true;

10
nix/home-manager/profiles/common.nix
View file

@ -1,4 +1,8 @@
{ pkgs, lib, ... }: { {
pkgs,
lib,
...
}: {
# TODO: re-enable this with the appropriate version? # TODO: re-enable this with the appropriate version?
# programs.home-manager.enable = true; # programs.home-manager.enable = true;
# programs.home-manager.path = https://github.com/rycee/home-manager/archive/445c0b1482c38172a9f8294ee16a7ca7462388e5.tar.gz; # programs.home-manager.path = https://github.com/rycee/home-manager/archive/445c0b1482c38172a9f8294ee16a7ca7462388e5.tar.gz;
@ -8,7 +12,7 @@
allowBroken = false; allowBroken = false;
allowUnfree = true; allowUnfree = true;
permittedInsecurePackages = [ ]; permittedInsecurePackages = [];
}; };
home.keyboard = { home.keyboard = {
@ -32,7 +36,7 @@
programs.fzf.enable = true; programs.fzf.enable = true;
home.packages = home.packages =
[ ] []
++ (with pkgs; [ ++ (with pkgs; [
coreutils coreutils

20
nix/home-manager/profiles/dotfiles.nix
View file

@ -1,11 +1,11 @@
{ repoFlake {
, pkgs repoFlake,
, config pkgs,
, repoHttps ? "https://gitlab.com/steveeJ/dotfiles.git" config,
, repoSsh ? "git@gitlab.com:/steveeJ/dotfiles.git" repoHttps ? "https://gitlab.com/steveeJ/dotfiles.git",
, ... repoSsh ? "git@gitlab.com:/steveeJ/dotfiles.git",
}: ...
let }: let
repoBareLocal = repoBareLocal =
pkgs.runCommand "fetchbare" pkgs.runCommand "fetchbare"
{ {
@ -39,9 +39,7 @@ let
set_remotes ${repoHttps} ${repoSsh} set_remotes ${repoHttps} ${repoSsh}
fi fi
''; '';
in {
in
{
# TODO: fix the dotfiles # TODO: fix the dotfiles
# home.activation.vcsh = config.lib.dag.entryAfter["linkGeneration"] '' # home.activation.vcsh = config.lib.dag.entryAfter["linkGeneration"] ''
# $DRY_RUN_CMD ${vcshActivationScript} # $DRY_RUN_CMD ${vcshActivationScript}

31
nix/home-manager/profiles/sway-desktop.nix
View file

@ -1,19 +1,18 @@
{ pkgs {
, config pkgs,
, lib config,
, # packages', lib,
repoFlakeInputs' # packages',
, ... repoFlakeInputs',
}: ...
let }: let
inherit (import ../lib.nix { }) mkSimpleTrayService; inherit (import ../lib.nix {}) mkSimpleTrayService;
lockCmd = "${pkgs.swaylock}/bin/swaylock -efF --color '#000000'"; lockCmd = "${pkgs.swaylock}/bin/swaylock -efF --color '#000000'";
displayOffCmd = "${pkgs.sway}/bin/swaymsg 'output * power off'"; displayOffCmd = "${pkgs.sway}/bin/swaymsg 'output * power off'";
displayOnCmd = "${pkgs.sway}/bin/swaymsg 'output * power on'"; displayOnCmd = "${pkgs.sway}/bin/swaymsg 'output * power on'";
swapOutputWorkspaces = ../../../scripts/sway-swapoutputworkspaces.sh; swapOutputWorkspaces = ../../../scripts/sway-swapoutputworkspaces.sh;
in in {
{
imports = [ imports = [
../profiles/wayland-desktop.nix ../profiles/wayland-desktop.nix
../programs/waybar.nix ../programs/waybar.nix
@ -86,14 +85,12 @@ in
systemd.enable = true; systemd.enable = true;
xwayland = true; xwayland = true;
config = config = let
let
modifier = "Mod4"; modifier = "Mod4";
inherit (config.wayland.windowManager.sway.config) left right up down; inherit (config.wayland.windowManager.sway.config) left right up down;
in in {
{
inherit modifier; inherit modifier;
bars = [ ]; bars = [];
input = { input = {
"type:keyboard" = "type:keyboard" =
@ -101,7 +98,7 @@ in
xkb_layout = config.home.keyboard.layout; xkb_layout = config.home.keyboard.layout;
xkb_variant = config.home.keyboard.variant; xkb_variant = config.home.keyboard.variant;
} }
// lib.attrsets.optionalAttrs (builtins.length (config.home.keyboard.options or [ ]) > 0) { // lib.attrsets.optionalAttrs (builtins.length (config.home.keyboard.options or []) > 0) {
xkb_options = builtins.concatStringsSep "," config.home.keyboard.options; xkb_options = builtins.concatStringsSep "," config.home.keyboard.options;
}; };

30
nix/home-manager/profiles/wayland-desktop.nix
View file

@ -1,17 +1,16 @@
{ pkgs {
, config pkgs,
, lib config,
, repoFlake lib,
, nodeFlake repoFlake,
, ... nodeFlake,
}: ...
let }: let
inherit (import ../lib.nix { }) mkSimpleTrayService; inherit (import ../lib.nix {}) mkSimpleTrayService;
nixpkgs-wayland' = repoFlake.inputs.nixpkgs-wayland.packages.${pkgs.system}; nixpkgs-wayland' = repoFlake.inputs.nixpkgs-wayland.packages.${pkgs.system};
wayprompt = nixpkgs-wayland'.wayprompt; wayprompt = nixpkgs-wayland'.wayprompt;
in in {
{
fonts.fontconfig.enable = true; fonts.fontconfig.enable = true;
# services.gpg-agent.pinentryFlavor = lib.mkForce null; # services.gpg-agent.pinentryFlavor = lib.mkForce null;
@ -27,11 +26,12 @@ in
systemd.user.targets.tray = { systemd.user.targets.tray = {
Unit = { Unit = {
Description = "Home Manager System Tray"; Description = "Home Manager System Tray";
Requires = [ "graphical-session-pre.target" ]; Requires = ["graphical-session-pre.target"];
}; };
}; };
home.packages = with pkgs; [ home.packages = with pkgs;
[
# required by network-manager-applet # required by network-manager-applet
pkgs.networkmanagerapplet pkgs.networkmanagerapplet
@ -59,7 +59,9 @@ in
# probably required by flameshot # probably required by flameshot
# xdg-desktop-portal xdg-desktop-portal-wlr # xdg-desktop-portal xdg-desktop-portal-wlr
# grim # grim
] ++ (lib.lists.optionals (!pkgs.stdenv.isAarch64) ]
++ (
lib.lists.optionals (!pkgs.stdenv.isAarch64)
# TODO: broken on aarch64 # TODO: broken on aarch64
[ [
] ]

37
nix/home-manager/programs/chromium.nix
View file

@ -1,16 +1,16 @@
{ name {
, lib name,
, pkgs lib,
, ... pkgs,
}: ...
let }: let
extensions = extensions =
[ [
#undetectable adblocker #undetectable adblocker
{ id = "gcfcpohokifjldeandkfjoboemihipmb"; } {id = "gcfcpohokifjldeandkfjoboemihipmb";}
# ublock origin # ublock origin
{ id = "cjpalhdlnbpafiamejdnhcphjbkeiagm"; } {id = "cjpalhdlnbpafiamejdnhcphjbkeiagm";}
# # YT ad block # # YT ad block
# {id = "cmedhionkhpnakcndndgjdbohmhepckk";} # {id = "cmedhionkhpnakcndndgjdbohmhepckk";}
@ -19,15 +19,15 @@ let
# {id = "cfhdojbkjhnklbpkdaibdccddilifddb";} # {id = "cfhdojbkjhnklbpkdaibdccddilifddb";}
# Cookie Notice Blocker # Cookie Notice Blocker
{ id = "odhmfmnoejhihkmfebnolljiibpnednn"; } {id = "odhmfmnoejhihkmfebnolljiibpnednn";}
# i don't care about cookies # i don't care about cookies
{ id = "fihnjjcciajhdojfnbdddfaoknhalnja"; } {id = "fihnjjcciajhdojfnbdddfaoknhalnja";}
# NopeCHA # NopeCHA
{ id = "dknlfmjaanfblgfdfebhijalfmhmjjjo"; } {id = "dknlfmjaanfblgfdfebhijalfmhmjjjo";}
# h264ify # h264ify
{ id = "aleakchihdccplidncghkekgioiakgal"; } {id = "aleakchihdccplidncghkekgioiakgal";}
# clippy # clippy
# {id = "honbeilkanbghjimjoniipnnehlmhggk"} # {id = "honbeilkanbghjimjoniipnnehlmhggk"}
@ -38,20 +38,19 @@ let
} }
# cookie autodelete # cookie autodelete
{ id = "fhcgjolkccmbidfldomjliifgaodjagh"; } {id = "fhcgjolkccmbidfldomjliifgaodjagh";}
# unhook # unhook
{ id = "khncfooichmfjbepaaaebmommgaepoid"; } {id = "khncfooichmfjbepaaaebmommgaepoid";}
] ]
++ (lib.lists.optionals ((builtins.match "^steveej.*" name) != null) [ ++ (lib.lists.optionals ((builtins.match "^steveej.*" name) != null) [
# Vimium C # Vimium C
{ id = "hfjbmagddngcpeloejdejnfgbamkjaeg"; } {id = "hfjbmagddngcpeloejdejnfgbamkjaeg";}
# always right # always right
{ id = "npjpaghfnndnnmjiliibnkmdfgbojokj"; } {id = "npjpaghfnndnnmjiliibnkmdfgbojokj";}
]); ]);
in in {
{
programs.chromium = { programs.chromium = {
enable = true; enable = true;
inherit extensions; inherit extensions;
@ -63,5 +62,5 @@ in
inherit extensions; inherit extensions;
}; };
programs.browserpass = { browsers = [ "chromium" "brave" ]; }; programs.browserpass = {browsers = ["chromium" "brave"];};
} }

8
nix/home-manager/programs/espanso.nix
View file

@ -1,4 +1,4 @@
{ pkgs, ... }: { {pkgs, ...}: {
services.espanso = { services.espanso = {
# package = pkgs.espanso.overrideAttrs(_: { # package = pkgs.espanso.overrideAttrs(_: {
# # src = # # src =
@ -10,12 +10,10 @@
# backend = "Clipboard"; # backend = "Clipboard";
}; };
}; };
matches = matches = let
let
playerctl = '' playerctl = ''
${pkgs.coreutils}/bin/env DBUS_SESSION_BUS_ADDRESS="unix:path=/run/user/$(${pkgs.coreutils}/bin/id -u)/bus" ${pkgs.playerctl}/bin/playerctl''; ${pkgs.coreutils}/bin/env DBUS_SESSION_BUS_ADDRESS="unix:path=/run/user/$(${pkgs.coreutils}/bin/id -u)/bus" ${pkgs.playerctl}/bin/playerctl'';
in in {
{
default = { default = {
matches = [ matches = [
{ {

6
nix/home-manager/programs/pass.nix
View file

@ -1,4 +1,8 @@
{repoFlake, pkgs, ...}: { {
repoFlake,
pkgs,
...
}: {
# required by pass-otp # required by pass-otp
# home.sessionVariables.PASSWORD_STORE_EXTENSIONS_DIR = "$HOME/.nix-profile/lib/password-store/extensions"; # home.sessionVariables.PASSWORD_STORE_EXTENSIONS_DIR = "$HOME/.nix-profile/lib/password-store/extensions";
# home.sessionVariables.PASSWORD_STORE_ENABLE_EXTENSIONS = "true"; # home.sessionVariables.PASSWORD_STORE_ENABLE_EXTENSIONS = "true";

37
nix/home-manager/programs/radicale.nix
View file

@ -1,10 +1,10 @@
{ config {
, lib config,
, pkgs lib,
, osConfig pkgs,
, ... osConfig,
}: ...
let }: let
libdecsync = pkgs.python3Packages.buildPythonPackage rec { libdecsync = pkgs.python3Packages.buildPythonPackage rec {
pname = "libdecsync"; pname = "libdecsync";
version = "2.2.1"; version = "2.2.1";
@ -38,20 +38,18 @@ let
# pkgs.libxcrypt # pkgs.libxcrypt
]; ];
propagatedBuildInputs = [ libdecsync pkgs.python3Packages.setuptools ]; propagatedBuildInputs = [libdecsync pkgs.python3Packages.setuptools];
}; };
radicale-decsync = pkgs.radicale.overrideAttrs (old: { radicale-decsync = pkgs.radicale.overrideAttrs (old: {
propagatedBuildInputs = propagatedBuildInputs =
old.propagatedBuildInputs old.propagatedBuildInputs
++ [ radicale-storage-decsync ]; ++ [radicale-storage-decsync];
}); });
mkRadicaleService = mkRadicaleService = {
{ suffix suffix,
, port port,
, }: let
}:
let
radicale-config = pkgs.writeText "radicale-config-${suffix}" '' radicale-config = pkgs.writeText "radicale-config-${suffix}" ''
[server] [server]
hosts = localhost:${builtins.toString port} hosts = localhost:${builtins.toString port}
@ -66,19 +64,18 @@ let
filesystem_folder = ${config.xdg.dataHome}/radicale/radicale-${suffix} filesystem_folder = ${config.xdg.dataHome}/radicale/radicale-${suffix}
decsync_dir = ${config.xdg.dataHome}/decsync/decsync-${suffix} decsync_dir = ${config.xdg.dataHome}/decsync/decsync-${suffix}
''; '';
in in {
{
systemd.user.services."radicale-${suffix}" = { systemd.user.services."radicale-${suffix}" = {
Unit.Description = "Radicale with DecSync (${suffix})"; Unit.Description = "Radicale with DecSync (${suffix})";
Service = { Service = {
ExecStart = "${radicale-decsync}/bin/radicale -C ${radicale-config}"; ExecStart = "${radicale-decsync}/bin/radicale -C ${radicale-config}";
Restart = "on-failure"; Restart = "on-failure";
}; };
Install.WantedBy = [ "default.target" ]; Install.WantedBy = ["default.target"];
}; };
}; };
in in
builtins.foldl' (sum: cur: lib.recursiveUpdate sum (mkRadicaleService cur)) { } [ builtins.foldl' (sum: cur: lib.recursiveUpdate sum (mkRadicaleService cur)) {} [
{ {
suffix = "personal"; suffix = "personal";
port = 5232; port = 5232;
@ -87,4 +84,4 @@ builtins.foldl' (sum: cur: lib.recursiveUpdate sum (mkRadicaleService cur)) { }
suffix = "family"; suffix = "family";
port = 5233; port = 5233;
} }
] ]

14
nix/home-manager/programs/vscode/default.nix
View file

@ -1,17 +1,21 @@
{ pkgs, nodeFlake, ... }:
{ {
pkgs,
nodeFlake,
...
}: {
programs.vscode = { programs.vscode = {
enable = true; enable = true;
package = pkgs.vscodium; package = pkgs.vscodium;
extensions = [ extensions =
[
# TODO: how can i install (this) vsix(s) directly? # TODO: how can i install (this) vsix(s) directly?
# (builtins.fetchurl { # (builtins.fetchurl {
# # https://open-vsx.org/extension/jeanp413/open-remote-ssh # # https://open-vsx.org/extension/jeanp413/open-remote-ssh
# url = "https://open-vsx.org/api/jeanp413/open-remote-ssh/0.0.45/file/jeanp413.open-remote-ssh-0.0.45.vsix"; # url = "https://open-vsx.org/api/jeanp413/open-remote-ssh/0.0.45/file/jeanp413.open-remote-ssh-0.0.45.vsix";
# sha256 = "1qc1qsahfx1nvznq4adplx63w5d94xhafngv76vnqjjbzhv991v2"; # sha256 = "1qc1qsahfx1nvznq4adplx63w5d94xhafngv76vnqjjbzhv991v2";
# }) # })
] ++ (with pkgs.vscode-extensions; ]
[ ++ (with pkgs.vscode-extensions; [
bbenoist.nix bbenoist.nix
eamodio.gitlens eamodio.gitlens
mkhl.direnv mkhl.direnv
@ -34,7 +38,7 @@
mutableExtensionsDir = true; mutableExtensionsDir = true;
}; };
home.packages = [ pkgs.nixpkgs-fmt pkgs.alejandra ]; home.packages = [pkgs.nixpkgs-fmt pkgs.alejandra];
} }
# TODO: automate # TODO: automate
### original list: ### original list:

26
nix/home-manager/programs/zsh.nix
View file

@ -1,11 +1,10 @@
{ config {
, lib config,
, pkgs lib,
, ... pkgs,
}: ...
let }: let
just-plugin = just-plugin = let
let
plugin_file = pkgs.writeText "_just" '' plugin_file = pkgs.writeText "_just" ''
#compdef just #compdef just
#autload #autload
@ -36,8 +35,7 @@ let
chmod --recursive a-w $out chmod --recursive a-w $out
''; '';
}; };
in in {
{
programs.zsh = { programs.zsh = {
enable = true; enable = true;
@ -48,11 +46,9 @@ in
# will be called again by oh-my-zsh # will be called again by oh-my-zsh
enableCompletion = false; enableCompletion = false;
enableAutosuggestions = true; enableAutosuggestions = true;
initExtra = initExtra = let
let
inNixShell = ''$([[ -n "$IN_NIX_SHELL" ]] && printf " 🐚")''; inNixShell = ''$([[ -n "$IN_NIX_SHELL" ]] && printf " 🐚")'';
in in ''
''
if test ! -n "$TMPDIR" -a -z "$TMPDIR"; then if test ! -n "$TMPDIR" -a -z "$TMPDIR"; then
unset TMPDIR unset TMPDIR
fi fi
@ -132,7 +128,7 @@ in
oh-my-zsh = { oh-my-zsh = {
enable = true; enable = true;
theme = "tjkirch"; theme = "tjkirch";
plugins = [ "git" "sudo" ]; plugins = ["git" "sudo"];
}; };
}; };
} }

364
nix/os/devices/router0-dmz0/configuration.nix
View file

@ -1,14 +1,14 @@
{ repoFlake {
, pkgs repoFlake,
, lib pkgs,
, config lib,
, nodeFlake config,
, nodeName nodeFlake,
, localDomainName nodeName,
, system localDomainName,
, ... system,
}: ...
let }: let
inherit inherit
(nodeFlake.inputs) (nodeFlake.inputs)
bpir3 bpir3
@ -18,20 +18,23 @@ let
vlanRangeStart = builtins.head vlanRange; vlanRangeStart = builtins.head vlanRange;
vlanRangeEnd = builtins.elemAt vlanRange ((builtins.length vlanRange) - 1); vlanRangeEnd = builtins.elemAt vlanRange ((builtins.length vlanRange) - 1);
vlanRange = builtins.map (vlanid: (lib.strings.toInt vlanid)) (builtins.attrNames vlans); vlanRange = builtins.map (vlanid: (lib.strings.toInt vlanid)) (builtins.attrNames vlans);
vlanRangeWith0 = [ 0 ] ++ vlanRange; vlanRangeWith0 = [0] ++ vlanRange;
mkVlanIpv4HostAddr = { vlanid, host, thirdIpv4SegmentMin ? 20, cidr ? true }: mkVlanIpv4HostAddr = {
let vlanid,
host,
thirdIpv4SegmentMin ? 20,
cidr ? true,
}: let
# reserve the first subnet for vlanid == 0 # reserve the first subnet for vlanid == 0
# number the other subnets continously from there # number the other subnets continously from there
offset = offset =
if vlanid == 0 if vlanid == 0
then thirdIpv4SegmentMin then thirdIpv4SegmentMin
else thirdIpv4SegmentMin + 1 - vlanRangeStart; else thirdIpv4SegmentMin + 1 - vlanRangeStart;
in in
builtins.concatStringsSep "." builtins.concatStringsSep "."
[ "192" "168" (toString (vlanid + offset)) "${toString host}${lib.strings.optionalString cidr "/24"}" ]; ["192" "168" (toString (vlanid + offset)) "${toString host}${lib.strings.optionalString cidr "/24"}"];
defaultVlan = { defaultVlan = {
name = "${localDomainName}"; name = "${localDomainName}";
@ -58,32 +61,33 @@ let
"15".packet_priority = -10; "15".packet_priority = -10;
}; };
vlansByName = lib.attrsets.mapAttrs' vlansByName =
(vlanid': attrs: lib.attrsets.mapAttrs'
(
vlanid': attrs:
lib.attrsets.nameValuePair lib.attrsets.nameValuePair
attrs.name attrs.name
(attrs // { id = lib.strings.toInt vlanid'; id' = vlanid'; }) (attrs
// {
id = lib.strings.toInt vlanid';
id' = vlanid';
})
) )
vlans; vlans;
getVlanDomain = { vlanid }: getVlanDomain = {vlanid}:
if vlanid == 0 if vlanid == 0
then then defaultVlan.name
defaultVlan.name else vlans."${toString vlanid}".name + "." + defaultVlan.name;
else
vlans."${toString vlanid}".name + "." + defaultVlan.name
;
bridgeInterfaceName = "br-lan"; bridgeInterfaceName = "br-lan";
mkInterfaceName = { vlanid }: mkInterfaceName = {vlanid}:
if vlanid == 0 if vlanid == 0
then bridgeInterfaceName then bridgeInterfaceName
else "${bridgeInterfaceName}.${toString vlanid}" else "${bridgeInterfaceName}.${toString vlanid}";
;
exposedHost = "sj-srv1.dmz.internal"; exposedHost = "sj-srv1.dmz.internal";
in in {
{
imports = [ imports = [
repoFlake.inputs.sops-nix.nixosModules.sops repoFlake.inputs.sops-nix.nixosModules.sops
@ -122,8 +126,8 @@ in
sops.secrets.passwords-root.neededForUsers = true; sops.secrets.passwords-root.neededForUsers = true;
sops.secrets.wlan0_saePasswordsFile = { }; sops.secrets.wlan0_saePasswordsFile = {};
sops.secrets.wlan0_wpaPskFile = { }; sops.secrets.wlan0_wpaPskFile = {};
} }
]; ];
@ -179,17 +183,15 @@ in
# https://github.com/thelegy/nixos-nftables-firewall/tree/main # https://github.com/thelegy/nixos-nftables-firewall/tree/main
# TODO: configure packet_priority for VLANs (see https://wiki.nftables.org/wiki-nftables/index.php/Configuring_chains#Base_chain_priority, https://wiki.nftables.org/wiki-nftables/index.php/Setting_packet_metainformation#packet_priority) # TODO: configure packet_priority for VLANs (see https://wiki.nftables.org/wiki-nftables/index.php/Configuring_chains#Base_chain_priority, https://wiki.nftables.org/wiki-nftables/index.php/Setting_packet_metainformation#packet_priority)
nftables = nftables = {
{
enable = true; enable = true;
stopRuleset = ""; stopRuleset = "";
chains = { chains = {
prerouting = { prerouting = {
"exposeHost" = { "exposeHost" = {
after = [ "hook" ]; after = ["hook"];
rules = rules = let
let
wanInterfaces = builtins.concatStringsSep ", " config.networking.nftables.firewall.zones.wan.interfaces; wanInterfaces = builtins.concatStringsSep ", " config.networking.nftables.firewall.zones.wan.interfaces;
in in
# TODO: if this hostname doesn't resolve it'll break the whole ruleset # TODO: if this hostname doesn't resolve it'll break the whole ruleset
@ -203,21 +205,21 @@ in
firewall = { firewall = {
enable = true; enable = true;
zones = { zones =
lan.interfaces = [ (mkInterfaceName { vlanid = 0; }) ]; {
vlan.interfaces = builtins.map (vlanid: (mkInterfaceName { inherit vlanid; })) vlanRange; lan.interfaces = [(mkInterfaceName {vlanid = 0;})];
vlan.interfaces = builtins.map (vlanid: (mkInterfaceName {inherit vlanid;})) vlanRange;
# lan.ipv4Addresses = ["192.168.0.0/16"]; # lan.ipv4Addresses = ["192.168.0.0/16"];
wan.interfaces = [ "wan" "lan0" ]; wan.interfaces = ["wan" "lan0"];
} // }
//
# generate a zone for each vlan # generate a zone for each vlan
lib.attrsets.mapAttrs lib.attrsets.mapAttrs
(key: value: { (key: value: {
interfaces = [ (mkInterfaceName { vlanid = value.id; }) ]; interfaces = [(mkInterfaceName {vlanid = value.id;})];
}) })
vlansByName vlansByName;
; rules = let
rules =
let
ipv6IcmpTypes = [ ipv6IcmpTypes = [
"destination-unreachable" "destination-unreachable"
"echo-reply" "echo-reply"
@ -243,77 +245,95 @@ in
"ip protocol icmp icmp type { ${builtins.concatStringsSep ", " ipv4IcmpTypes} } accept" "ip protocol icmp icmp type { ${builtins.concatStringsSep ", " ipv4IcmpTypes} } accept"
"ip6 nexthdr icmpv6 icmpv6 type { ${builtins.concatStringsSep ", " ipv6IcmpTypes} } accept" "ip6 nexthdr icmpv6 icmpv6 type { ${builtins.concatStringsSep ", " ipv6IcmpTypes} } accept"
]; ];
in in {
{
fw = { fw = {
from = [ "fw" ]; from = ["fw"];
verdict = "accept"; verdict = "accept";
}; };
office-to-dmz = { office-to-dmz = {
from = [ "office" ]; from = ["office"];
to = [ "dmz" ]; to = ["dmz"];
verdict = "accept"; verdict = "accept";
}; };
lan-to-fw = { lan-to-fw = {
from = [ "lan" ]; from = ["lan"];
to = [ "fw" "lan" ]; to = ["fw" "lan"];
verdict = "accept"; verdict = "accept";
}; };
lan-to-wan = { lan-to-wan = {
from = [ "lan" ]; from = ["lan"];
to = [ "wan" ]; to = ["wan"];
verdict = "accept"; verdict = "accept";
}; };
vlan-to-wan = { vlan-to-wan = {
from = [ "vlan" ]; from = ["vlan"];
to = [ "wan" ]; to = ["wan"];
verdict = "accept"; verdict = "accept";
}; };
vlan-to-fw = { vlan-to-fw = {
allowedUDPPortRanges = [ allowedUDPPortRanges = [
{ from = 67; to = 68; } {
{ from = 53; to = 53; } from = 67;
to = 68;
}
{
from = 53;
to = 53;
}
]; ];
allowedTCPPortRanges = [ allowedTCPPortRanges = [
{ from = 22; to = 22; } {
{ from = 53; to = 53; } from = 22;
{ from = 5201; to = 5201; } to = 22;
}
{
from = 53;
to = 53;
}
{
from = 5201;
to = 5201;
}
]; ];
from = [ "vlan" ]; from = ["vlan"];
to = [ "fw" ]; to = ["fw"];
extraLines = allowIcmpLines ++ [ extraLines =
allowIcmpLines
++ [
"drop" "drop"
]; ];
}; };
to-wan-nat = { to-wan-nat = {
from = [ "lan" "vlan" ]; from = ["lan" "vlan"];
to = [ "wan" ]; to = ["wan"];
masquerade = true; masquerade = true;
verdict = "accept"; verdict = "accept";
}; };
wan-to-dmz = { wan-to-dmz = {
from = [ "wan" ]; from = ["wan"];
to = [ "dmz" ]; to = ["dmz"];
verdict = "accept"; verdict = "accept";
}; };
wan-to-fw = { wan-to-fw = {
from = [ "wan" ]; from = ["wan"];
to = [ "fw" ]; to = ["fw"];
allowedTCPPortRanges = [ allowedTCPPortRanges = [
{ {
from = 22; from = 22;
to = 22; to = 22;
} }
]; ];
extraLines = allowIcmpLines ++ [ extraLines =
allowIcmpLines
++ [
"drop" "drop"
]; ];
}; };
@ -324,7 +344,8 @@ in
systemd.network = { systemd.network = {
wait-online.anyInterface = true; wait-online.anyInterface = true;
netdevs = { netdevs =
{
# Create the bridge interface # Create the bridge interface
"20-${bridgeInterfaceName}" = { "20-${bridgeInterfaceName}" = {
netdevConfig = { netdevConfig = {
@ -340,29 +361,36 @@ in
DefaultPVID=0 DefaultPVID=0
''; '';
}; };
} }
# generate the vlan devices. these will be tagged on the main bridge # generate the vlan devices. these will be tagged on the main bridge
// builtins.foldl' // builtins.foldl'
(acc: cur: acc // cur) (acc: cur: acc // cur)
{ } {}
(builtins.map (
({ vlanid, vlanid' }: { builtins.map
"20-${mkInterfaceName { inherit vlanid; }}" = { ({
vlanid,
vlanid',
}: {
"20-${mkInterfaceName {inherit vlanid;}}" = {
netdevConfig = { netdevConfig = {
Kind = "vlan"; Kind = "vlan";
Name = "${mkInterfaceName { inherit vlanid; }}"; Name = "${mkInterfaceName {inherit vlanid;}}";
}; };
vlanConfig.Id = vlanid; vlanConfig.Id = vlanid;
}; };
}) })
(builtins.map (
(vlanid: { inherit vlanid; vlanid' = builtins.toString vlanid; }) builtins.map
(vlanid: {
inherit vlanid;
vlanid' = builtins.toString vlanid;
})
vlanRange vlanRange
) )
) );
; networks =
networks = { {
# use lan0 as secondary WAN interface # use lan0 as secondary WAN interface
"10-lan0-wan" = { "10-lan0-wan" = {
matchConfig.Name = "lan0"; matchConfig.Name = "lan0";
@ -453,9 +481,12 @@ in
# Configure the bridge for its desired function # Configure the bridge for its desired function
"40-${bridgeInterfaceName}" = { "40-${bridgeInterfaceName}" = {
matchConfig.Name = bridgeInterfaceName; matchConfig.Name = bridgeInterfaceName;
bridgeConfig = { }; bridgeConfig = {};
address = [ address = [
(mkVlanIpv4HostAddr { vlanid = 0; host = 1; }) (mkVlanIpv4HostAddr {
vlanid = 0;
host = 1;
})
]; ];
networkConfig = { networkConfig = {
ConfigureWithoutCarrier = true; ConfigureWithoutCarrier = true;
@ -472,31 +503,35 @@ in
} }
]; ];
vlan = (builtins.map vlan = (
(vlanid: (mkInterfaceName { inherit vlanid; })) builtins.map
(vlanid: (mkInterfaceName {inherit vlanid;}))
vlanRange vlanRange
); );
}; };
} }
# configuration for the hostapd dynamic interfaces # configuration for the hostapd dynamic interfaces
# * netdev type vlan # * netdev type vlan
# * host address for vlan # * host address for vlan
# * vlan config for wlan interface # * vlan config for wlan interface
// // builtins.foldl'
builtins.foldl'
(acc: cur: acc // cur) (acc: cur: acc // cur)
{ } {}
(builtins.map (builtins.map
({ vlanid, vlanid' }: { ({
vlanid,
vlanid',
}: {
# configure the tagged vlan device with an address and vlan filtering. # configure the tagged vlan device with an address and vlan filtering.
# dnsmasq is configured to serve the respective /24 range on each tagged device. # dnsmasq is configured to serve the respective /24 range on each tagged device.
# this device only receives traffic for the given vlanid and sends tagged traffic to the bridge. # this device only receives traffic for the given vlanid and sends tagged traffic to the bridge.
"41-${mkInterfaceName { inherit vlanid; }}" = { "41-${mkInterfaceName {inherit vlanid;}}" = {
matchConfig.Name = "${mkInterfaceName { inherit vlanid; }}"; matchConfig.Name = "${mkInterfaceName {inherit vlanid;}}";
address = [ address = [
(mkVlanIpv4HostAddr { inherit vlanid; host = 1; }) (mkVlanIpv4HostAddr {
inherit vlanid;
host = 1;
})
]; ];
networkConfig = { networkConfig = {
ConfigureWithoutCarrier = true; ConfigureWithoutCarrier = true;
@ -538,10 +573,13 @@ in
]; ];
}; };
"50-${mkInterfaceName { inherit vlanid; }}" = { "50-${mkInterfaceName {inherit vlanid;}}" = {
matchConfig.Name = "${mkInterfaceName { inherit vlanid; }}"; matchConfig.Name = "${mkInterfaceName {inherit vlanid;}}";
address = [ address = [
(mkVlanIpv4HostAddr { inherit vlanid; host = 1; }) (mkVlanIpv4HostAddr {
inherit vlanid;
host = 1;
})
]; ];
networkConfig = { networkConfig = {
ConfigureWithoutCarrier = true; ConfigureWithoutCarrier = true;
@ -549,23 +587,24 @@ in
linkConfig.RequiredForOnline = "no"; linkConfig.RequiredForOnline = "no";
}; };
}) })
(builtins.map (
(vlanid: { inherit vlanid; vlanid' = builtins.toString vlanid; }) builtins.map
(vlanid: {
inherit vlanid;
vlanid' = builtins.toString vlanid;
})
vlanRange vlanRange
)) ));
;
}; };
# wireless access point # wireless access point
services.hostapd = { services.hostapd = {
enable = true; enable = true;
package = nodeFlake.packages.${system}.hostapd_patched; package = nodeFlake.packages.${system}.hostapd_patched;
radios = radios = let
let
# generated with https://miniwebtool.com/mac-address-generator/ # generated with https://miniwebtool.com/mac-address-generator/
mkBssid = i: "34:56:ce:0f:ed:4${toString i}"; mkBssid = i: "34:56:ce:0f:ed:4${toString i}";
in in {
{
wlan0 = { wlan0 = {
band = "2g"; band = "2g";
countryCode = "CH"; countryCode = "CH";
@ -574,14 +613,12 @@ in
# use 'iw phy#1 info' to determine your VHT capabilities # use 'iw phy#1 info' to determine your VHT capabilities
wifi4 = { wifi4 = {
enable = true; enable = true;
capabilities = [ "HT40+" "LDPC" "SHORT-GI-20" "SHORT-GI-40" "TX-STBC" "RX-STBC1" "MAX-AMSDU-7935" ]; capabilities = ["HT40+" "LDPC" "SHORT-GI-20" "SHORT-GI-40" "TX-STBC" "RX-STBC1" "MAX-AMSDU-7935"];
}; };
networks = { networks = {
wlan0 = wlan0 = let
let
iface = "wlan0"; iface = "wlan0";
in in {
{
ssid = "mlsia"; ssid = "mlsia";
bssid = mkBssid 0; bssid = mkBssid 0;
@ -613,20 +650,20 @@ in
# this option currently requires a patch to hostapd # this option currently requires a patch to hostapd
vlan_no_bridge = 1; vlan_no_bridge = 1;
/* not used due to the above vlan_no_bridge setting /*
not used due to the above vlan_no_bridge setting
vlan_tagged_interface = bridgeInterfaceName; vlan_tagged_interface = bridgeInterfaceName;
vlan_naming = 1; vlan_naming = 1;
vlan_bridge = "br-${iface}."; vlan_bridge = "br-${iface}.";
*/ */
vlan_file = vlan_file = let
let generated =
generated = builtins.map builtins.map
(vlanid: (
"${builtins.toString vlanid} ${iface}.${builtins.toString vlanid}" vlanid: "${builtins.toString vlanid} ${iface}.${builtins.toString vlanid}"
) )
vlanRange vlanRange;
;
wildcard = [ wildcard = [
# Optional wildcard entry matching all VLAN IDs. The first # in the interface # Optional wildcard entry matching all VLAN IDs. The first # in the interface
@ -636,7 +673,8 @@ in
"* ${iface}.#" "* ${iface}.#"
]; ];
file = pkgs.writeText "hostapd.vlan" file =
pkgs.writeText "hostapd.vlan"
(builtins.concatStringsSep "\n" (generated ++ wildcard)); (builtins.concatStringsSep "\n" (generated ++ wildcard));
filePath = toString file; filePath = toString file;
in in
@ -826,21 +864,35 @@ in
local-ttl = 0; local-ttl = 0;
dhcp-ttl = 0; dhcp-ttl = 0;
dhcp-range = dhcp-range = let
let mkDhcpRange = {
mkDhcpRange = { tag, vlanid }: builtins.concatStringsSep "," [ tag,
vlanid,
}:
builtins.concatStringsSep "," [
tag tag
(mkVlanIpv4HostAddr { inherit vlanid; host = 100; cidr = false; }) (mkVlanIpv4HostAddr {
(mkVlanIpv4HostAddr { inherit vlanid; host = 199; cidr = false; }) inherit vlanid;
host = 100;
cidr = false;
})
(mkVlanIpv4HostAddr {
inherit vlanid;
host = 199;
cidr = false;
})
"12h" "12h"
]; ];
in in
builtins.map builtins.map
(vlanid: (
mkDhcpRange { tag = mkInterfaceName { inherit vlanid; }; inherit vlanid; } vlanid:
mkDhcpRange {
tag = mkInterfaceName {inherit vlanid;};
inherit vlanid;
}
) )
vlanRangeWith0 vlanRangeWith0;
;
# interface = bridgeInterfaceName; # interface = bridgeInterfaceName;
# bind-interfaces = true; # bind-interfaces = true;
@ -854,7 +906,6 @@ in
# don't use /etc/hosts as this would advertise ${nodeName} as localhost # don't use /etc/hosts as this would advertise ${nodeName} as localhost
no-hosts = true; no-hosts = true;
# address = "/${nodeName}.lan/${fwLanHostAddr}"; # address = "/${nodeName}.lan/${fwLanHostAddr}";
server = [ server = [
# upstream DNS servers # upstream DNS servers
@ -869,33 +920,40 @@ in
# "9.9.9.9" "8.8.8.8" "1.1.1.1" # "9.9.9.9" "8.8.8.8" "1.1.1.1"
]; ];
domain = [ domain =
[
"/${getVlanDomain {vlanid = 0;}}/,local" "/${getVlanDomain {vlanid = 0;}}/,local"
] ++ builtins.map ]
(vlanid: ++ builtins.map
"${getVlanDomain {inherit vlanid;}},${mkVlanIpv4HostAddr { inherit vlanid; host = 0; cidr = true; }},local" (
vlanid: "${getVlanDomain {inherit vlanid;}},${mkVlanIpv4HostAddr {
inherit vlanid;
host = 0;
cidr = true;
}},local"
) )
vlanRangeWith0 vlanRangeWith0;
;
# TODO: compare this to using `interface-name` # TODO: compare this to using `interface-name`
dynamic-host = [ dynamic-host =
] ++ builtins.map [
(vlanid: ]
++ builtins.map
(
vlanid:
builtins.concatStringsSep "," [ builtins.concatStringsSep "," [
# "${getVlanDomain{inherit vlanid;}}" "0.0.0.1" (mkInterfaceName {inherit vlanid;}) # "${getVlanDomain{inherit vlanid;}}" "0.0.0.1" (mkInterfaceName {inherit vlanid;})
"${nodeName}.${getVlanDomain{inherit vlanid;}}" "${nodeName}.${getVlanDomain {inherit vlanid;}}"
"0.0.0.1" "0.0.0.1"
(mkInterfaceName { inherit vlanid; }) (mkInterfaceName {inherit vlanid;})
] ]
) )
vlanRangeWith0 vlanRangeWith0;
;
dhcp-option-force = builtins.map dhcp-option-force =
(vlanid: "${mkInterfaceName {inherit vlanid;}},option:domain-search,${getVlanDomain{inherit vlanid;}}") builtins.map
vlanRangeWith0 (vlanid: "${mkInterfaceName {inherit vlanid;}},option:domain-search,${getVlanDomain {inherit vlanid;}}")
; vlanRangeWith0;
# auth-server = [ # auth-server = [
# (builtins.concatStringsSep "," [ # (builtins.concatStringsSep "," [
@ -928,10 +986,10 @@ in
# They fail to load properly, leaving the system without working ethernet, they'll oops on # They fail to load properly, leaving the system without working ethernet, they'll oops on
# remove. MTK-DSA parts and PCIe were observed to do this. # remove. MTK-DSA parts and PCIe were observed to do this.
boot.initrd.includeDefaultModules = false; boot.initrd.includeDefaultModules = false;
boot.initrd.kernelModules = [ "rfkill" "cfg80211" "mt7915e" ]; boot.initrd.kernelModules = ["rfkill" "cfg80211" "mt7915e"];
boot.initrd.availableKernelModules = [ "nvme" ]; boot.initrd.availableKernelModules = ["nvme"];
boot.kernelParams = [ "console=ttyS0,115200" ]; boot.kernelParams = ["console=ttyS0,115200"];
hardware.enableRedistributableFirmware = true; hardware.enableRedistributableFirmware = true;
# Wireless hardware exists, regulatory database is essential. # Wireless hardware exists, regulatory database is essential.
hardware.wirelessRegulatoryDatabase = true; hardware.wirelessRegulatoryDatabase = true;

17
nix/os/devices/router0-dmz0/flake.nix
View file

@ -19,7 +19,6 @@
bpir3.inputs.nixpkgs.follows = "nixpkgs"; bpir3.inputs.nixpkgs.follows = "nixpkgs";
nixos-nftables-firewall.url = "github:thelegy/nixos-nftables-firewall"; nixos-nftables-firewall.url = "github:thelegy/nixos-nftables-firewall";
nixos-nftables-firewall.inputs.nixpkgs.follows = "nixpkgs"; nixos-nftables-firewall.inputs.nixpkgs.follows = "nixpkgs";
@ -60,13 +59,17 @@
nixpkgs.lib.attrsets.recursiveUpdate nixpkgs.lib.attrsets.recursiveUpdate
attrs attrs
{ {
specialArgs = (import ./default.nix { specialArgs =
(import ./default.nix {
system = nativeSystem; system = nativeSystem;
inherit nodeName; inherit nodeName;
repoFlake = get-flake ../../../..; repoFlake = get-flake ../../../..;
nodeFlake = self; nodeFlake = self;
}).meta.nodeSpecialArgs.${nodeName}; })
.meta
.nodeSpecialArgs
.${nodeName};
modules = modules =
[ [
@ -88,7 +91,6 @@
linuxPackages_bpir3_latest linuxPackages_bpir3_latest
; ;
}) })
]; ];
} }
] ]
@ -112,8 +114,11 @@
}; };
packages = let packages = let
mkPatchedHostapd = pkgs: pkgs.hostapd.overrideDerivation(attrs: { mkPatchedHostapd = pkgs:
patches = attrs.patches ++ [ pkgs.hostapd.overrideDerivation (attrs: {
patches =
attrs.patches
++ [
"${self.inputs.openwrt}/package/network/services/hostapd/patches/710-vlan_no_bridge.patch" "${self.inputs.openwrt}/package/network/services/hostapd/patches/710-vlan_no_bridge.patch"
]; ];
}); });

31
nix/os/devices/sj-bm-hostkey0/configuration.nix
View file

@ -1,13 +1,14 @@
{ modulesPath {
, repoFlake modulesPath,
, packages' repoFlake,
, pkgs packages',
, lib pkgs,
, config lib,
, nodeFlake config,
, nodeName nodeFlake,
, system nodeName,
, ... system,
...
}: { }: {
disabledModules = [ disabledModules = [
]; ];
@ -34,7 +35,7 @@
inherit pkgs; inherit pkgs;
}; };
home-manager.users.steveej = { pkgs, ... }: { home-manager.users.steveej = {pkgs, ...}: {
imports = [ imports = [
../../../home-manager/configuration/text-minimal.nix ../../../home-manager/configuration/text-minimal.nix
]; ];
@ -51,7 +52,7 @@
programs.zsh.enable = true; programs.zsh.enable = true;
users.defaultUserShell = pkgs.zsh; users.defaultUserShell = pkgs.zsh;
environment.pathsToLink = [ "/share/zsh" ]; environment.pathsToLink = ["/share/zsh"];
} }
]; ];
@ -82,8 +83,7 @@
firewall.enable = false; firewall.enable = false;
}; };
disko.devices = disko.devices = let
let
disk = id: { disk = id: {
type = "disk"; type = "disk";
device = "/dev/${id}"; device = "/dev/${id}";
@ -104,8 +104,7 @@
}; };
}; };
}; };
in in {
{
disk = { disk = {
sda = disk "sda"; sda = disk "sda";
sdb = disk "sdb"; sdb = disk "sdb";

11
nix/os/devices/sj-srv1/configuration.nix
View file

@ -1,9 +1,10 @@
{ nodeName {
, config nodeName,
, pkgs config,
, ... pkgs,
...
}: { }: {
disabledModules = [ ]; disabledModules = [];
imports = [ imports = [
../../profiles/common/configuration.nix ../../profiles/common/configuration.nix
{ {

27
nix/os/devices/sj-srv1/system.nix
View file

@ -1,12 +1,11 @@
{ pkgs
, lib
, config
, repoFlake
, nodeName
, ...
}:
{ {
pkgs,
lib,
config,
repoFlake,
nodeName,
...
}: {
imports = [ imports = [
../../snippets/systemd-resolved.nix ../../snippets/systemd-resolved.nix
]; ];
@ -28,23 +27,21 @@
networking.nat = { networking.nat = {
enable = true; enable = true;
internalInterfaces = [ "ve-*" ]; internalInterfaces = ["ve-*"];
externalInterface = "eth0"; externalInterface = "eth0";
}; };
# virtualization # virtualization
virtualisation = { docker.enable = false; }; virtualisation = {docker.enable = false;};
nix.gc = { automatic = true; }; nix.gc = {automatic = true;};
sops.secrets.restic-password.sopsFile = ../../../../secrets/${nodeName}/secrets.yaml; sops.secrets.restic-password.sopsFile = ../../../../secrets/${nodeName}/secrets.yaml;
# adapted from https://github.com/lilyinstarlight/foosteros/blob/5c75ded111878970fd4f600c7adc013f971d5e71/config/restic.nix # adapted from https://github.com/lilyinstarlight/foosteros/blob/5c75ded111878970fd4f600c7adc013f971d5e71/config/restic.nix
services.restic.backups.${nodeName} = services.restic.backups.${nodeName} = let
let
btrfs = "${pkgs.btrfs-progs}/bin/btrfs"; btrfs = "${pkgs.btrfs-progs}/bin/btrfs";
in in {
{
initialize = true; initialize = true;
repository = "sftp://u217879-sub3@u217879-sub3.your-storagebox.de:23/restic/${nodeName}"; repository = "sftp://u217879-sub3@u217879-sub3.your-storagebox.de:23/restic/${nodeName}";

30
nix/os/devices/sj-vps-htz0/system.nix
View file

@ -1,14 +1,13 @@
{ pkgs
, lib
, config
, repoFlake
, nodeName
, ...
}:
let
wireguardPort = 51820;
in
{ {
pkgs,
lib,
config,
repoFlake,
nodeName,
...
}: let
wireguardPort = 51820;
in {
imports = [ imports = [
../../snippets/systemd-resolved.nix ../../snippets/systemd-resolved.nix
]; ];
@ -39,7 +38,7 @@ in
"prefixLength" = 29; "prefixLength" = 29;
} }
]; ];
ipv6.addresses = [ ]; ipv6.addresses = [];
}; };
networking.defaultGateway = { networking.defaultGateway = {
@ -54,7 +53,7 @@ in
networking.nat = { networking.nat = {
enable = true; enable = true;
internalInterfaces = [ "ve-*" "wg*" ]; internalInterfaces = ["ve-*" "wg*"];
externalInterface = "eth0"; externalInterface = "eth0";
}; };
@ -79,7 +78,7 @@ in
privateKeyFile = config.sops.secrets.wg0-private.path; privateKeyFile = config.sops.secrets.wg0-private.path;
peers = [ peers = [
{ {
allowedIPs = [ "192.168.99.2/32" ]; allowedIPs = ["192.168.99.2/32"];
publicKey = "O3k4jEdX6jkV1fHP/J8KSH5tvi+n1VvnBTD5na6Naw0="; publicKey = "O3k4jEdX6jkV1fHP/J8KSH5tvi+n1VvnBTD5na6Naw0=";
presharedKeyFile = config.sops.secrets.wg0-psk-steveej-psk.path; presharedKeyFile = config.sops.secrets.wg0-psk-steveej-psk.path;
} }
@ -87,15 +86,14 @@ in
}; };
# virtualization # virtualization
virtualisation = { docker.enable = false; }; virtualisation = {docker.enable = false;};
services.spice-vdagentd.enable = true; services.spice-vdagentd.enable = true;
services.qemuGuest.enable = true; services.qemuGuest.enable = true;
nix.gc = { automatic = true; }; nix.gc = {automatic = true;};
containers = { containers = {
}; };
home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix { home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix {

5
nix/os/devices/steveej-t14/configuration.nix
View file

@ -1,4 +1,4 @@
{ ... }: { {...}: {
imports = [ imports = [
../../snippets/home-manager-with-zsh.nix ../../snippets/home-manager-with-zsh.nix
../../snippets/nix-settings-holo-chain.nix ../../snippets/nix-settings-holo-chain.nix
@ -19,8 +19,7 @@
./boot.nix ./boot.nix
# samba seerver # samba seerver
({ lib, ... }: { ({lib, ...}: {
# networking.firewall.enable = lib.mkForce false; # networking.firewall.enable = lib.mkForce false;
services.samba-wsdd.enable = true; # make shares visible for windows 10 clients services.samba-wsdd.enable = true; # make shares visible for windows 10 clients
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [

19
nix/os/devices/steveej-t14/default.nix
View file

@ -1,17 +1,16 @@
{ nodeName
, repoFlake
, repoFlakeWithSystem
, nodeFlake
, ...
}:
let
system = "x86_64-linux";
in
{ {
nodeName,
repoFlake,
repoFlakeWithSystem,
nodeFlake,
...
}: let
system = "x86_64-linux";
in {
meta.nodeSpecialArgs.${nodeName} = { meta.nodeSpecialArgs.${nodeName} = {
inherit repoFlake nodeName nodeFlake; inherit repoFlake nodeName nodeFlake;
packages' = repoFlake.packages.${system}; packages' = repoFlake.packages.${system};
repoFlakeInputs' = repoFlakeWithSystem system ({ inputs', ... }: inputs'); repoFlakeInputs' = repoFlakeWithSystem system ({inputs', ...}: inputs');
}; };
meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath { meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath {

26
nix/os/devices/steveej-t14/hw.nix
View file

@ -1,7 +1,5 @@
{ lib, ... }: {lib, ...}: let
let in {
in
{
# TASK: new device # TASK: new device
hardware.opinionatedDisk = { hardware.opinionatedDisk = {
enable = true; enable = true;
@ -68,16 +66,16 @@ in
enable = false; enable = false;
levels = [ levels = [
# ["level auto" 0 60] # ["level auto" 0 60]
[ 0 0 60 ] [0 0 60]
[ 1 60 65 ] [1 60 65]
[ 1 65 75 ] [1 65 75]
[ 2 75 78 ] [2 75 78]
[ 3 78 80 ] [3 78 80]
[ 4 80 82 ] [4 80 82]
[ 5 82 84 ] [5 82 84]
[ 6 84 86 ] [6 84 86]
[ 7 86 88 ] [7 86 88]
[ "level full-speed" 88 999 ] ["level full-speed" 88 999]
]; ];
extraArgs = [ extraArgs = [

20
nix/os/devices/steveej-t14/pkg.nix
View file

@ -1,8 +1,9 @@
{ pkgs {
, lib pkgs,
, repoFlake lib,
, nodeFlake repoFlake,
, ... nodeFlake,
...
}: { }: {
system.stateVersion = "23.05"; system.stateVersion = "23.05";
home-manager.users.root = _: { home-manager.users.root = _: {
@ -20,7 +21,7 @@
}) })
]; ];
home.sessionVariables = { }; home.sessionVariables = {};
home.packages = with pkgs; [ home.packages = with pkgs; [
]; ];
@ -37,8 +38,7 @@
# #
# (regreet:505614): Gtk-WARNING **: 10:31:42.532: Theme parser warning: <data>:6:17-18: Empty declaration # (regreet:505614): Gtk-WARNING **: 10:31:42.532: Theme parser warning: <data>:6:17-18: Empty declaration
# Failed to create /var/empty/.cache for shader cache (Operation not permitted)---disabling. # Failed to create /var/empty/.cache for shader cache (Operation not permitted)---disabling.
services.greetd = services.greetd = let
let
# exec "${pkgs.greetd.gtkgreet}/bin/gtkgreet -l; swaymsg exit" # exec "${pkgs.greetd.gtkgreet}/bin/gtkgreet -l; swaymsg exit"
swayConfig = pkgs.writeText "greetd-sway-config" '' swayConfig = pkgs.writeText "greetd-sway-config" ''
# `-l` activates layer-shell mode. Notice that `swaymsg exit` will run after gtkgreet. # `-l` activates layer-shell mode. Notice that `swaymsg exit` will run after gtkgreet.
@ -49,8 +49,7 @@
-b 'Poweroff' 'systemctl poweroff' \ -b 'Poweroff' 'systemctl poweroff' \
-b 'Reboot' 'systemctl reboot' -b 'Reboot' 'systemctl reboot'
''; '';
in in {
{
enable = false; enable = false;
settings = { settings = {
vt = 1; vt = 1;
@ -107,5 +106,4 @@
# # }; # # };
# # }; # # };
# }; # };
} }

32
nix/os/devices/steveej-t14/system.nix
View file

@ -1,11 +1,11 @@
{ pkgs {
, lib pkgs,
, config lib,
, nodeName config,
, repoFlake nodeName,
, ... repoFlake,
}: ...
let }: let
localTcpPorts = [ localTcpPorts = [
22 22
@ -21,9 +21,7 @@ let
22000 22000
21027 21027
]; ];
in {
in
{
nix.settings = { nix.settings = {
substituters = [ substituters = [
]; ];
@ -41,7 +39,7 @@ in
system = "x86_64-linux"; system = "x86_64-linux";
maxJobs = 32; maxJobs = 32;
speedFactor = 100; speedFactor = 100;
supportedFeatures = repoFlake.nixosConfigurations.steveej-t14.config.nix.settings.system-features ++ [ ]; supportedFeatures = repoFlake.nixosConfigurations.steveej-t14.config.nix.settings.system-features ++ [];
} }
{ {
@ -52,7 +50,7 @@ in
system = "aarch64-linux"; system = "aarch64-linux";
maxJobs = 32; maxJobs = 32;
speedFactor = 100; speedFactor = 100;
supportedFeatures = repoFlake.nixosConfigurations.router0-dmz0.config.nix.settings.system-features ++ [ ]; supportedFeatures = repoFlake.nixosConfigurations.router0-dmz0.config.nix.settings.system-features ++ [];
} }
]; ];
@ -61,7 +59,7 @@ in
networking.extraHosts = '' networking.extraHosts = ''
''; '';
networking.bridges."virbr1".interfaces = [ ]; networking.bridges."virbr1".interfaces = [];
networking.interfaces."virbr1".ipv4.addresses = [ networking.interfaces."virbr1".ipv4.addresses = [
{ {
address = "10.254.254.254"; address = "10.254.254.254";
@ -94,7 +92,7 @@ in
# virtualization # virtualization
virtualisation = { virtualisation = {
libvirtd = { enable = true; }; libvirtd = {enable = true;};
virtualbox.host = { virtualbox.host = {
enable = false; enable = false;
@ -112,9 +110,9 @@ in
# client min protocol = NT1 # client min protocol = NT1
''; '';
security.pki.certificateFiles = [ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ]; security.pki.certificateFiles = ["${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"];
services.xserver.videoDrivers = lib.mkForce [ "amdgpu" ]; services.xserver.videoDrivers = lib.mkForce ["amdgpu"];
hardware.ledger.enable = true; hardware.ledger.enable = true;

19
nix/os/devices/steveej-t14/user.nix
View file

@ -1,20 +1,19 @@
{ config
, pkgs
, lib
, ...
}:
let
keys = import ../../../variables/keys.nix;
inherit (pkgs.callPackage ../../lib/default.nix { }) mkUser;
in
{ {
config,
pkgs,
lib,
...
}: let
keys = import ../../../variables/keys.nix;
inherit (pkgs.callPackage ../../lib/default.nix {}) mkUser;
in {
users.users.steveej2 = mkUser { users.users.steveej2 = mkUser {
uid = 1001; uid = 1001;
openssh.authorizedKeys.keys = keys.users.steveej.openssh; openssh.authorizedKeys.keys = keys.users.steveej.openssh;
hashedPasswordFile = config.sops.secrets.sharedUsers-steveej.path; hashedPasswordFile = config.sops.secrets.sharedUsers-steveej.path;
}; };
nix.settings.trusted-users = [ "steveej" ]; nix.settings.trusted-users = ["steveej"];
security.pam.u2f.enable = true; security.pam.u2f.enable = true;
security.pam.services.steveej.u2fAuth = true; security.pam.services.steveej.u2fAuth = true;

30
nix/os/devices/steveej-x13s-rmvbl/configuration.nix
View file

@ -1,15 +1,14 @@
{ repoFlake
, nodeFlake
, pkgs
, lib
, config
, nodeName
, localDomainName
, system
, ...
}:
{ {
repoFlake,
nodeFlake,
pkgs,
lib,
config,
nodeName,
localDomainName,
system,
...
}: {
nixos-x13s = { nixos-x13s = {
enable = true; enable = true;
# TODO: use hardware address # TODO: use hardware address
@ -42,8 +41,8 @@
echo $? echo $?
) )
''; '';
requiredBy = [ "bluetooth.service" ]; requiredBy = ["bluetooth.service"];
before = [ "bluetooth.service" ]; before = ["bluetooth.service"];
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
RemainAfterExit = true; RemainAfterExit = true;
@ -80,7 +79,6 @@
}; };
} }
../../snippets/home-manager-with-zsh.nix ../../snippets/home-manager-with-zsh.nix
../../snippets/sway-desktop.nix ../../snippets/sway-desktop.nix
../../snippets/bluetooth.nix ../../snippets/bluetooth.nix
@ -115,7 +113,7 @@
../../../home-manager/configuration/graphical-fullblown.nix ../../../home-manager/configuration/graphical-fullblown.nix
]; ];
home.sessionVariables = { }; home.sessionVariables = {};
home.packages = with pkgs; [ home.packages = with pkgs; [
]; ];
@ -129,7 +127,7 @@
loader.systemd-boot.enable = true; loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = lib.mkForce false; loader.efi.canTouchEfiVariables = lib.mkForce false;
loader.efi.efiSysMountPoint = "/boot"; loader.efi.efiSysMountPoint = "/boot";
blacklistedKernelModules = [ "wwan" ]; blacklistedKernelModules = ["wwan"];
initrd.kernelModules = [ initrd.kernelModules = [
"phy_qcom_qmp_usb" "phy_qcom_qmp_usb"

17
nix/os/devices/steveej-x13s-rmvbl/default.nix
View file

@ -1,16 +1,17 @@
{ system ? "aarch64-linux" {
, nodeName system ? "aarch64-linux",
, repoFlake nodeName,
, repoFlakeWithSystem repoFlake,
, nodeFlake repoFlakeWithSystem,
, localDomainName ? "internal" nodeFlake,
, ... localDomainName ? "internal",
...
}: { }: {
meta.nodeSpecialArgs.${nodeName} = { meta.nodeSpecialArgs.${nodeName} = {
inherit repoFlake nodeName nodeFlake system; inherit repoFlake nodeName nodeFlake system;
packages' = repoFlake.packages.${system}; packages' = repoFlake.packages.${system};
nodePackages' = nodeFlake.packages.${system}; nodePackages' = nodeFlake.packages.${system};
repoFlakeInputs' = repoFlakeWithSystem system ({ inputs', ... }: inputs'); repoFlakeInputs' = repoFlakeWithSystem system ({inputs', ...}: inputs');
inherit localDomainName; inherit localDomainName;
}; };

10
nix/os/devices/steveej-x13s-rmvbl/disko.nix
View file

@ -24,7 +24,7 @@
content = { content = {
type = "luks"; type = "luks";
name = "x13s-usb-crypt"; name = "x13s-usb-crypt";
extraOpenArgs = [ ]; extraOpenArgs = [];
# disable settings.keyFile if you want to use interactive password entry # disable settings.keyFile if you want to use interactive password entry
#passwordFile = "/tmp/secret.key"; # Interactive #passwordFile = "/tmp/secret.key"; # Interactive
settings = { settings = {
@ -36,19 +36,19 @@
# additionalKeyFiles = [ "/tmp/additionalSecret.key" ]; # additionalKeyFiles = [ "/tmp/additionalSecret.key" ];
content = { content = {
type = "btrfs"; type = "btrfs";
extraArgs = [ "-f" ]; extraArgs = ["-f"];
subvolumes = { subvolumes = {
"/root" = { "/root" = {
mountpoint = "/"; mountpoint = "/";
mountOptions = [ "compress=zstd" "noatime" ]; mountOptions = ["compress=zstd" "noatime"];
}; };
"/home" = { "/home" = {
mountpoint = "/home"; mountpoint = "/home";
mountOptions = [ "compress=zstd" "noatime" ]; mountOptions = ["compress=zstd" "noatime"];
}; };
"/nix" = { "/nix" = {
mountpoint = "/nix"; mountpoint = "/nix";
mountOptions = [ "compress=zstd" "noatime" ]; mountOptions = ["compress=zstd" "noatime"];
}; };
"/swap" = { "/swap" = {
mountpoint = "/.swapvol"; mountpoint = "/.swapvol";

39
nix/os/devices/steveej-x13s-rmvbl/flake.nix
View file

@ -1,6 +1,5 @@
{ {
inputs = inputs = {
{
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
# required for home-manager modules # required for home-manager modules
@ -23,30 +22,36 @@
nixos-x13s.inputs.nixpkgs.follows = "nixpkgs"; nixos-x13s.inputs.nixpkgs.follows = "nixpkgs";
}; };
outputs = outputs = {
{ self self,
, get-flake get-flake,
, nixpkgs nixpkgs,
, ... ...
}: }: let
let
system = "aarch64-linux"; system = "aarch64-linux";
buildPlatform = "x86_64-linux"; buildPlatform = "x86_64-linux";
repoFlake = get-flake ../../../..; repoFlake = get-flake ../../../..;
in in {
{
lib = { lib = {
mkNixosConfiguration = { nodeName, extraModules ? [ ], ... } @ attrs: mkNixosConfiguration = {
nodeName,
extraModules ? [],
...
} @ attrs:
nixpkgs.lib.nixosSystem ( nixpkgs.lib.nixosSystem (
nixpkgs.lib.attrsets.recursiveUpdate nixpkgs.lib.attrsets.recursiveUpdate
attrs attrs
{ {
specialArgs = (import ./default.nix { specialArgs =
(import ./default.nix {
inherit system; inherit system;
inherit nodeName repoFlake; inherit nodeName repoFlake;
nodeFlake = self; nodeFlake = self;
}).meta.nodeSpecialArgs.${nodeName}; })
.meta
.nodeSpecialArgs
.${nodeName};
modules = modules =
[ [
@ -57,11 +62,9 @@
); );
}; };
nixosConfigurations = nixosConfigurations = let
let
nodeName = "steveej-x13s-rmvbl"; nodeName = "steveej-x13s-rmvbl";
in in {
{
native = self.lib.mkNixosConfiguration { native = self.lib.mkNixosConfiguration {
inherit system nodeName; inherit system nodeName;
extraModules = [ extraModules = [

30
nix/os/devices/steveej-x13s/configuration.nix
View file

@ -1,15 +1,14 @@
{ repoFlake
, nodeFlake
, pkgs
, lib
, config
, nodeName
, localDomainName
, system
, ...
}:
{ {
repoFlake,
nodeFlake,
pkgs,
lib,
config,
nodeName,
localDomainName,
system,
...
}: {
nixos-x13s = { nixos-x13s = {
enable = true; enable = true;
# TODO: use hardware address # TODO: use hardware address
@ -44,8 +43,8 @@
echo $? echo $?
) )
''; '';
requiredBy = [ "bluetooth.service" ]; requiredBy = ["bluetooth.service"];
before = [ "bluetooth.service" ]; before = ["bluetooth.service"];
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
RemainAfterExit = true; RemainAfterExit = true;
@ -82,7 +81,6 @@
}; };
} }
../../snippets/home-manager-with-zsh.nix ../../snippets/home-manager-with-zsh.nix
../../snippets/sway-desktop.nix ../../snippets/sway-desktop.nix
../../snippets/bluetooth.nix ../../snippets/bluetooth.nix
@ -117,7 +115,7 @@
../../../home-manager/configuration/graphical-fullblown.nix ../../../home-manager/configuration/graphical-fullblown.nix
]; ];
home.sessionVariables = { }; home.sessionVariables = {};
home.packages = with pkgs; [ home.packages = with pkgs; [
]; ];
@ -131,7 +129,7 @@
loader.systemd-boot.enable = true; loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = lib.mkForce false; loader.efi.canTouchEfiVariables = lib.mkForce false;
loader.efi.efiSysMountPoint = "/boot"; loader.efi.efiSysMountPoint = "/boot";
blacklistedKernelModules = [ "wwan" ]; blacklistedKernelModules = ["wwan"];
}; };
# see https://linrunner.de/tlp/ # see https://linrunner.de/tlp/

17
nix/os/devices/steveej-x13s/default.nix
View file

@ -1,16 +1,17 @@
{ system ? "aarch64-linux" {
, nodeName system ? "aarch64-linux",
, repoFlake nodeName,
, repoFlakeWithSystem repoFlake,
, nodeFlake repoFlakeWithSystem,
, localDomainName ? "internal" nodeFlake,
, ... localDomainName ? "internal",
...
}: { }: {
meta.nodeSpecialArgs.${nodeName} = { meta.nodeSpecialArgs.${nodeName} = {
inherit repoFlake nodeName nodeFlake system; inherit repoFlake nodeName nodeFlake system;
packages' = repoFlake.packages.${system}; packages' = repoFlake.packages.${system};
nodePackages' = nodeFlake.packages.${system}; nodePackages' = nodeFlake.packages.${system};
repoFlakeInputs' = repoFlakeWithSystem system ({ inputs', ... }: inputs'); repoFlakeInputs' = repoFlakeWithSystem system ({inputs', ...}: inputs');
inherit localDomainName; inherit localDomainName;
}; };

10
nix/os/devices/steveej-x13s/disko.nix
View file

@ -24,7 +24,7 @@
content = { content = {
type = "luks"; type = "luks";
name = "x13s-nvme-crypt"; name = "x13s-nvme-crypt";
extraOpenArgs = [ ]; extraOpenArgs = [];
# disable settings.keyFile if you want to use interactive password entry # disable settings.keyFile if you want to use interactive password entry
#passwordFile = "/tmp/secret.key"; # Interactive #passwordFile = "/tmp/secret.key"; # Interactive
settings = { settings = {
@ -36,19 +36,19 @@
# additionalKeyFiles = [ "/tmp/additionalSecret.key" ]; # additionalKeyFiles = [ "/tmp/additionalSecret.key" ];
content = { content = {
type = "btrfs"; type = "btrfs";
extraArgs = [ "-f" ]; extraArgs = ["-f"];
subvolumes = { subvolumes = {
"/root" = { "/root" = {
mountpoint = "/"; mountpoint = "/";
mountOptions = [ "compress=zstd" "noatime" ]; mountOptions = ["compress=zstd" "noatime"];
}; };
"/home" = { "/home" = {
mountpoint = "/home"; mountpoint = "/home";
mountOptions = [ "compress=zstd" "noatime" ]; mountOptions = ["compress=zstd" "noatime"];
}; };
"/nix" = { "/nix" = {
mountpoint = "/nix"; mountpoint = "/nix";
mountOptions = [ "compress=zstd" "noatime" ]; mountOptions = ["compress=zstd" "noatime"];
}; };
"/swap" = { "/swap" = {
mountpoint = "/.swapvol"; mountpoint = "/.swapvol";

39
nix/os/devices/steveej-x13s/flake.nix
View file

@ -1,6 +1,5 @@
{ {
inputs = inputs = {
{
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
# required for home-manager modules # required for home-manager modules
@ -24,28 +23,35 @@
nixos-x13s.inputs.nixpkgs.follows = "nixpkgs"; nixos-x13s.inputs.nixpkgs.follows = "nixpkgs";
}; };
outputs = outputs = {
{ self self,
, get-flake get-flake,
, nixpkgs nixpkgs,
, ... ...
}: }: let
let
targetPlatform = "aarch64-linux"; targetPlatform = "aarch64-linux";
buildPlatform = "x86_64-linux"; buildPlatform = "x86_64-linux";
repoFlake = get-flake ../../../..; repoFlake = get-flake ../../../..;
mkNixosConfiguration = { nodeName, extraModules ? [ ], ... } @ attrs: mkNixosConfiguration = {
nodeName,
extraModules ? [],
...
} @ attrs:
nixpkgs.lib.nixosSystem ( nixpkgs.lib.nixosSystem (
nixpkgs.lib.attrsets.recursiveUpdate nixpkgs.lib.attrsets.recursiveUpdate
attrs attrs
{ {
specialArgs = (import ./default.nix { specialArgs =
(import ./default.nix {
system = targetPlatform; system = targetPlatform;
inherit nodeName repoFlake; inherit nodeName repoFlake;
nodeFlake = self; nodeFlake = self;
}).meta.nodeSpecialArgs.${nodeName}; })
.meta
.nodeSpecialArgs
.${nodeName};
modules = modules =
[ [
@ -54,17 +60,14 @@
++ extraModules; ++ extraModules;
} }
); );
in in {
{
lib = { lib = {
inherit mkNixosConfiguration; inherit mkNixosConfiguration;
}; };
nixosConfigurations = nixosConfigurations = let
let
nodeName = "steveej-x13s"; nodeName = "steveej-x13s";
in in {
{
native = mkNixosConfiguration { native = mkNixosConfiguration {
inherit nodeName; inherit nodeName;
system = targetPlatform; system = targetPlatform;

12
nix/os/devices/voodoo/flake.nix
View file

@ -32,13 +32,17 @@
nixpkgs.lib.attrsets.recursiveUpdate nixpkgs.lib.attrsets.recursiveUpdate
attrs attrs
{ {
specialArgs = (import ./default.nix { specialArgs =
(import ./default.nix {
system = targetPlatform; system = targetPlatform;
inherit nodeName; inherit nodeName;
repoFlake = get-flake ../../../..; repoFlake = get-flake ../../../..;
nodeFlake = self; nodeFlake = self;
}).meta.nodeSpecialArgs.${nodeName}; })
.meta
.nodeSpecialArgs
.${nodeName};
modules = modules =
[ [
@ -51,10 +55,8 @@
{ {
nixpkgs.overlays = [ nixpkgs.overlays = [
(final: previous: (final: previous: {
{
}) })
]; ];
} }
] ]

17
nix/os/lib/default.nix
View file

@ -1,12 +1,11 @@
{ lib
, config
,
}:
let
keys = import ../../variables/keys.nix;
in
{ {
mkUser = args: lib.mkMerge [ lib,
config,
}: let
keys = import ../../variables/keys.nix;
in {
mkUser = args:
lib.mkMerge [
{ {
isNormalUser = true; isNormalUser = true;
extraGroups = [ extraGroups = [
@ -41,7 +40,7 @@ in
# LVM doesn't allow most characters in VG names # LVM doesn't allow most characters in VG names
# TODO: replace this with a whitelist for: [a-zA-Z0-9.-_+] # TODO: replace this with a whitelist for: [a-zA-Z0-9.-_+]
volumeGroup = diskId: builtins.replaceStrings [ ":" ] [ "" ] diskId; volumeGroup = diskId: builtins.replaceStrings [":"] [""] diskId;
# This is important at install-time # This is important at install-time
bootGrubDevice = diskId: "/dev/disk/by-id/" + diskId; bootGrubDevice = diskId: "/dev/disk/by-id/" + diskId;

44
nix/os/modules/hardware.thinkpad-x13s.nix
View file

@ -1,10 +1,15 @@
{ self, pkgs, config, lib, options, ... }: {
let self,
pkgs,
config,
lib,
options,
...
}: let
# TODO: introduce options for these # TODO: introduce options for these
kernelPdMapper = true; kernelPdMapper = true;
cfg = config.hardware.thinkpad-x13s; cfg = config.hardware.thinkpad-x13s;
in in {
{
options.hardware.thinkpad-x13s = { options.hardware.thinkpad-x13s = {
# TODO: respect this # TODO: respect this
enable = lib.mkEnableOption "x13s hardware support"; enable = lib.mkEnableOption "x13s hardware support";
@ -14,8 +19,7 @@ in
description = "mac address to set on boot"; description = "mac address to set on boot";
}; };
}; };
config = config = let
let
inherit (config.boot.loader) efi; inherit (config.boot.loader) efi;
kp = [ kp = [
{ {
@ -45,22 +49,23 @@ in
} }
]; ];
qrtr = pkgs.callPackage "${self.inputs.adamcstephens_stop-export}/hardware/x13s/qrtr/qrtr.nix" { }; qrtr = pkgs.callPackage "${self.inputs.adamcstephens_stop-export}/hardware/x13s/qrtr/qrtr.nix" {};
pd-mapper = pkgs.callPackage "${self.inputs.adamcstephens_stop-export}/hardware/x13s/qrtr/pd-mapper.nix" { pd-mapper = pkgs.callPackage "${self.inputs.adamcstephens_stop-export}/hardware/x13s/qrtr/pd-mapper.nix" {
inherit qrtr; inherit qrtr;
}; };
# We can't quite move to mainline linux # We can't quite move to mainline linux
linux_x13s_pkg = { buildLinux, ... } @ args: linux_x13s_pkg = {buildLinux, ...} @ args:
buildLinux (args // rec { buildLinux (args
// rec {
version = "6.7.0"; version = "6.7.0";
modDirVersion = lib.versions.pad 3 version; modDirVersion = lib.versions.pad 3 version;
extraMeta.branch = lib.versions.majorMinor version; extraMeta.branch = lib.versions.majorMinor version;
src = self.inputs.linux_x13s; src = self.inputs.linux_x13s;
kernelPatches = (args.kernelPatches or [ ]) ++ kp; kernelPatches = (args.kernelPatches or []) ++ kp;
} // (args.argsOverride or { })); }
// (args.argsOverride or {}));
# we add additional configuration on top of te normal configuration above # we add additional configuration on top of te normal configuration above
# using the extraStructuredConfig option on the kernel patch # using the extraStructuredConfig option on the kernel patch
@ -76,16 +81,16 @@ in
src = self.inputs.alsa-ucm-conf; src = self.inputs.alsa-ucm-conf;
}); });
alsa-ucm-conf-env.ALSA_CONFIG_UCM2 = "${x13s_alsa-ucm-conf}/share/alsa/ucm2"; alsa-ucm-conf-env.ALSA_CONFIG_UCM2 = "${x13s_alsa-ucm-conf}/share/alsa/ucm2";
in in
lib.mkIf cfg.enable lib.mkIf cfg.enable
{ {
nixpkgs.overlays = [ nixpkgs.overlays = [
(final: prev: (
{ final: prev: {
x13s_extra-firmware = pkgs.callPackage x13s_extra-firmware =
pkgs.callPackage
"${self.inputs.adamcstephens_stop-export}/hardware/x13s/extra-firmware.nix" "${self.inputs.adamcstephens_stop-export}/hardware/x13s/extra-firmware.nix"
{ }; {};
inherit qrtr pd-mapper; inherit qrtr pd-mapper;
} }
@ -115,7 +120,7 @@ in
loader.efi.canTouchEfiVariables = false; loader.efi.canTouchEfiVariables = false;
loader.efi.efiSysMountPoint = "/boot"; loader.efi.efiSysMountPoint = "/boot";
blacklistedKernelModules = [ "wwan" ]; blacklistedKernelModules = ["wwan"];
kernelPackages = linuxPackages_x13s; kernelPackages = linuxPackages_x13s;
@ -195,7 +200,6 @@ in
}; };
}; };
# default is performance # default is performance
powerManagement.cpuFreqGovernor = "ondemand"; powerManagement.cpuFreqGovernor = "ondemand";
@ -207,7 +211,7 @@ in
]; ];
systemd.services.pd-mapper = { systemd.services.pd-mapper = {
wantedBy = [ "multi-user.target" ]; wantedBy = ["multi-user.target"];
serviceConfig = { serviceConfig = {
ExecStart = "${lib.getExe pd-mapper}"; ExecStart = "${lib.getExe pd-mapper}";

3
nix/os/modules/opinionatedDisk.nix
View file

@ -11,8 +11,7 @@ with lib; let
earlyDiskId = cfg: earlyDiskId = cfg:
if cfg.earlyDiskIdOverride != "" if cfg.earlyDiskIdOverride != ""
then cfg.earlyDiskIdOverride then cfg.earlyDiskIdOverride
else cfg.diskId else cfg.diskId;
;
in { in {
options.hardware.opinionatedDisk = { options.hardware.opinionatedDisk = {
enable = mkEnableOption "Enable opinionated filesystem layout"; enable = mkEnableOption "Enable opinionated filesystem layout";

17
nix/os/profiles/common/configuration.nix
View file

@ -1,10 +1,11 @@
{ config {
, pkgs config,
, repoFlake pkgs,
, nodeFlake repoFlake,
, repoFlakeInputs' nodeFlake,
, packages' repoFlakeInputs',
, ... packages',
...
}: { }: {
imports = [ imports = [
repoFlake.inputs.sops-nix.nixosModules.sops repoFlake.inputs.sops-nix.nixosModules.sops
@ -29,7 +30,7 @@
boot.tmp.useTmpfs = true; boot.tmp.useTmpfs = true;
# Workaround for nm-pptp to enforce module load # Workaround for nm-pptp to enforce module load
boot.kernelModules = [ "nf_conntrack_proto_gre" "nf_conntrack_pptp" ]; boot.kernelModules = ["nf_conntrack_proto_gre" "nf_conntrack_pptp"];
nixpkgs.config = { nixpkgs.config = {
allowBroken = false; allowBroken = false;

15
nix/os/profiles/common/system.nix
View file

@ -1,8 +1,9 @@
{ config {
, pkgs config,
, lib pkgs,
, nodeName lib,
, ... nodeName,
...
}: { }: {
networking.hostName = builtins.elemAt (builtins.split "\\." nodeName) 0; # Define your hostname. networking.hostName = builtins.elemAt (builtins.split "\\." nodeName) 0; # Define your hostname.
networking.domain = builtins.elemAt (builtins.split "(^[^\\.]+\.)" nodeName) 2; networking.domain = builtins.elemAt (builtins.split "(^[^\\.]+\.)" nodeName) 2;
@ -14,11 +15,11 @@
''; '';
# Fonts, I18N, Date ... # Fonts, I18N, Date ...
fonts.packages = [ pkgs.corefonts ]; fonts.packages = [pkgs.corefonts];
console.font = "lat9w-16"; console.font = "lat9w-16";
i18n = { defaultLocale = "en_US.UTF-8"; }; i18n = {defaultLocale = "en_US.UTF-8";};
time.timeZone = "Etc/UTC"; time.timeZone = "Etc/UTC";
services.gpm.enable = true; services.gpm.enable = true;

16
nix/os/profiles/common/user.nix
View file

@ -1,9 +1,9 @@
{ config {
, pkgs config,
, lib pkgs,
, ... lib,
}: ...
let }: let
keys = import ../../../variables/keys.nix; keys = import ../../../variables/keys.nix;
inherit inherit
(import ../../lib/default.nix { (import ../../lib/default.nix {
@ -16,8 +16,7 @@ let
inherit (lib) types; inherit (lib) types;
cfg = config.users.commonUsers; cfg = config.users.commonUsers;
in in {
{
options.users.commonUsers = { options.users.commonUsers = {
enable = lib.mkOption { enable = lib.mkOption {
default = true; default = true;
@ -77,7 +76,6 @@ in
}) })
]; ];
users.users.steveej = lib.mkIf cfg.enableNonRoot (mkUser (lib.mkMerge [ users.users.steveej = lib.mkIf cfg.enableNonRoot (mkUser (lib.mkMerge [
{ {
uid = 1000; uid = 1000;

11
nix/os/profiles/graphical/system.nix
View file

@ -1,6 +1,7 @@
{ pkgs {
, lib pkgs,
, ... lib,
...
}: { }: {
imports = [ imports = [
../../snippets/bluetooth.nix ../../snippets/bluetooth.nix
@ -25,7 +26,7 @@
services.pcscd.enable = true; services.pcscd.enable = true;
hardware.opengl.enable = true; hardware.opengl.enable = true;
services.udev.packages = [ pkgs.libu2f-host pkgs.yubikey-personalization pkgs.android-udev-rules ]; services.udev.packages = [pkgs.libu2f-host pkgs.yubikey-personalization pkgs.android-udev-rules];
services.udev.extraRules = '' services.udev.extraRules = ''
# OnePlusOne # OnePlusOne
ATTR{idVendor}=="05c6", ATTR{idProduct}=="6764", SYMLINK+="libmtp-%k", MODE="660", GROUP="audio", ENV{ID_MTP_DEVICE}="1", ENV{ID_MEDIA_PLAYER}="1", TAG+="uaccess" ATTR{idVendor}=="05c6", ATTR{idProduct}=="6764", SYMLINK+="libmtp-%k", MODE="660", GROUP="audio", ENV{ID_MTP_DEVICE}="1", ENV{ID_MEDIA_PLAYER}="1", TAG+="uaccess"
@ -52,6 +53,6 @@
services.printing = { services.printing = {
enable = true; enable = true;
drivers = with pkgs; [ mfcl3770cdwlpr mfcl3770cdwcupswrapper ]; drivers = with pkgs; [mfcl3770cdwlpr mfcl3770cdwcupswrapper];
}; };
} }

9
nix/os/snippets/bluetooth.nix
View file

@ -1,9 +1,10 @@
{ pkgs {
, lib pkgs,
, ... lib,
...
}: { }: {
# required for running blueman-applet in user sessions # required for running blueman-applet in user sessions
services.dbus.packages = with pkgs; [ blueman ]; services.dbus.packages = with pkgs; [blueman];
hardware.bluetooth.enable = true; hardware.bluetooth.enable = true;
services.blueman.enable = true; services.blueman.enable = true;
} }

22
nix/os/snippets/home-manager-with-zsh.nix
View file

@ -1,12 +1,11 @@
{ nodeFlake {
, repoFlake nodeFlake,
, repoFlakeInputs' repoFlake,
, packages' repoFlakeInputs',
, pkgs packages',
, ... pkgs,
}: ...
}: let
let
# TODO: make this configurable # TODO: make this configurable
homeUser = "steveej"; homeUser = "steveej";
commonHomeImports = [ commonHomeImports = [
@ -14,8 +13,7 @@ let
../../home-manager/programs/neovim.nix ../../home-manager/programs/neovim.nix
../../home-manager/programs/zsh.nix ../../home-manager/programs/zsh.nix
]; ];
in in {
{
imports = [ imports = [
nodeFlake.inputs.home-manager.nixosModules.home-manager nodeFlake.inputs.home-manager.nixosModules.home-manager
]; ];
@ -45,5 +43,5 @@ in
programs.zsh.enable = true; programs.zsh.enable = true;
users.defaultUserShell = pkgs.zsh; users.defaultUserShell = pkgs.zsh;
environment.pathsToLink = [ "/share/zsh" ]; environment.pathsToLink = ["/share/zsh"];
} }

10
nix/os/snippets/nix-settings.nix
View file

@ -1,7 +1,8 @@
{ nodeFlake {
, pkgs nodeFlake,
, lib pkgs,
, ... lib,
...
}: { }: {
nix.daemonCPUSchedPolicy = "idle"; nix.daemonCPUSchedPolicy = "idle";
nix.daemonIOSchedClass = "idle"; nix.daemonIOSchedClass = "idle";
@ -25,5 +26,4 @@
]; ];
nix.registry.nixpkgs.flake = nodeFlake.inputs.nixpkgs; nix.registry.nixpkgs.flake = nodeFlake.inputs.nixpkgs;
} }

24
nix/os/snippets/radicale.nix
View file

@ -1,15 +1,13 @@
{ config {
, lib config,
, pkgs lib,
, repoFlakeInputs' pkgs,
, ... repoFlakeInputs',
}: ...
}: let
let
# TODO: make configurable # TODO: make configurable
homeUser = "steveej"; homeUser = "steveej";
in in {
{
sops.secrets.radicale_htpasswd = { sops.secrets.radicale_htpasswd = {
sopsFile = ../../../secrets/desktop/radicale_htpasswd; sopsFile = ../../../secrets/desktop/radicale_htpasswd;
format = "binary"; format = "binary";
@ -19,8 +17,10 @@ in
home-manager.users.${homeUser} = _: { home-manager.users.${homeUser} = _: {
imports = [ imports = [
# TODO: bump these to latest and make it work # TODO: bump these to latest and make it work
(args: (
import ../../home-manager/programs/radicale.nix (args // { args:
import ../../home-manager/programs/radicale.nix (args
// {
osConfig = config; osConfig = config;
pkgs = repoFlakeInputs'.radicalePkgs.legacyPackages; pkgs = repoFlakeInputs'.radicalePkgs.legacyPackages;
}) })

29
nix/os/snippets/sway-desktop.nix
View file

@ -1,14 +1,12 @@
{ pkgs {
, lib pkgs,
, config lib,
, ... config,
}: ...
}: let
let
# TODO: make this configurable # TODO: make this configurable
homeUser = "steveej"; homeUser = "steveej";
in in {
{
services.xserver.serverFlagsSection = '' services.xserver.serverFlagsSection = ''
Option "BlankTime" "0" Option "BlankTime" "0"
Option "StandbyTime" "0" Option "StandbyTime" "0"
@ -30,7 +28,7 @@ in
# required by swaywm # required by swaywm
security.polkit.enable = true; security.polkit.enable = true;
security.pam.services.swaylock = { }; security.pam.services.swaylock = {};
# test these on https://mozilla.github.io/webrtc-landing/gum_test.html # test these on https://mozilla.github.io/webrtc-landing/gum_test.html
xdg.portal = { xdg.portal = {
@ -54,7 +52,6 @@ in
]; ];
}; };
# rtkit is optional but recommended # rtkit is optional but recommended
security.rtkit.enable = true; security.rtkit.enable = true;
services.pipewire = { services.pipewire = {
@ -74,8 +71,8 @@ in
# autologin steveej on tty1 # autologin steveej on tty1
# TODO: make user configurable # TODO: make user configurable
systemd.services."autovt@tty1".description = "Autologin at the TTY1"; systemd.services."autovt@tty1".description = "Autologin at the TTY1";
systemd.services."autovt@tty1".after = [ "systemd-logind.service" ]; # without it user session not started and xorg can't be run from this tty systemd.services."autovt@tty1".after = ["systemd-logind.service"]; # without it user session not started and xorg can't be run from this tty
systemd.services."autovt@tty1".wantedBy = [ "multi-user.target" ]; systemd.services."autovt@tty1".wantedBy = ["multi-user.target"];
systemd.services."autovt@tty1".serviceConfig = { systemd.services."autovt@tty1".serviceConfig = {
ExecStart = [ ExecStart = [
"" # override upstream default with an empty ExecStart "" # override upstream default with an empty ExecStart
@ -85,15 +82,13 @@ in
Type = "idle"; Type = "idle";
}; };
programs = programs = let
let
steveejSwayOnTty1 = '' steveejSwayOnTty1 = ''
if test $(id --user steveej) = $(id -u) && test $(tty) = "/dev/tty1"; then if test $(id --user steveej) = $(id -u) && test $(tty) = "/dev/tty1"; then
exec sway exec sway
fi fi
''; '';
in in {
{
bash.loginShellInit = steveejSwayOnTty1; bash.loginShellInit = steveejSwayOnTty1;
# TODO: only do this when zsh is enabled. first naiv attempt lead infinite recursion # TODO: only do this when zsh is enabled. first naiv attempt lead infinite recursion
zsh.loginShellInit = steveejSwayOnTty1; zsh.loginShellInit = steveejSwayOnTty1;

8
nix/os/snippets/timezone.nix
View file

@ -1,9 +1,5 @@
{ lib, ... }: {lib, ...}: let
let
passwords = import ../../variables/passwords.crypt.nix; passwords = import ../../variables/passwords.crypt.nix;
in {
in
{
time.timeZone = lib.mkDefault passwords.timeZone.stefan; time.timeZone = lib.mkDefault passwords.timeZone.stefan;
} }

46
nix/pkgs/logseq/default.nix
View file

@ -1,25 +1,25 @@
{ lib
, stdenv
, fetchurl
, appimageTools
, makeWrapper
# graphs will not sync without matching upstream's major electron version
, electron_27
, git
, nix-update-script
, overrideSrc ? null
}:
stdenv.mkDerivation (finalAttrs:
let
inherit (finalAttrs) pname version src appimageContents;
in
{ {
lib,
stdenv,
fetchurl,
appimageTools,
makeWrapper,
# graphs will not sync without matching upstream's major electron version
electron_27,
git,
nix-update-script,
overrideSrc ? null,
}:
stdenv.mkDerivation (finalAttrs: let
inherit (finalAttrs) pname version src appimageContents;
in {
pname = "logseq"; pname = "logseq";
version = "0.10.5"; version = "0.10.5";
src = if overrideSrc != null then overrideSrc else src =
if overrideSrc != null
then overrideSrc
else
(fetchurl { (fetchurl {
url = "https://github.com/logseq/logseq/releases/download/${version}/logseq-linux-x64-${version}.AppImage"; url = "https://github.com/logseq/logseq/releases/download/${version}/logseq-linux-x64-${version}.AppImage";
hash = "sha256-F3YbqgvL04P0nXaIVkJlCq/z8hUE0M0UutkBs2omuBE="; hash = "sha256-F3YbqgvL04P0nXaIVkJlCq/z8hUE0M0UutkBs2omuBE=";
@ -34,7 +34,7 @@ in
dontConfigure = true; dontConfigure = true;
dontBuild = true; dontBuild = true;
nativeBuildInputs = [ makeWrapper ]; nativeBuildInputs = [makeWrapper];
installPhase = '' installPhase = ''
runHook preInstall runHook preInstall
@ -67,17 +67,17 @@ in
--set "LOCAL_GIT_DIRECTORY" ${git} \ --set "LOCAL_GIT_DIRECTORY" ${git} \
--add-flags $out/share/${pname}/resources/app \ --add-flags $out/share/${pname}/resources/app \
--add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations}}" \ --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations}}" \
--prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [ stdenv.cc.cc.lib ]}" --prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [stdenv.cc.cc.lib]}"
''; '';
passthru.updateScript = nix-update-script { }; passthru.updateScript = nix-update-script {};
meta = { meta = {
description = "A local-first, non-linear, outliner notebook for organizing and sharing your personal knowledge base"; description = "A local-first, non-linear, outliner notebook for organizing and sharing your personal knowledge base";
homepage = "https://github.com/logseq/logseq"; homepage = "https://github.com/logseq/logseq";
changelog = "https://github.com/logseq/logseq/releases/tag/${version}"; changelog = "https://github.com/logseq/logseq/releases/tag/${version}";
license = lib.licenses.agpl3Plus; license = lib.licenses.agpl3Plus;
maintainers = with lib.maintainers; [ ]; maintainers = with lib.maintainers; [];
platforms = [ "x86_64-linux" "aarch64-linux" ]; platforms = ["x86_64-linux" "aarch64-linux"];
}; };
}) })