steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

nix fmt

Browse source
This commit is contained in:
steveej 2024-02-08 20:53:22 +01:00
parent a9218a80e6
commit 7137e93805
49 changed files with 2034 additions and 2002 deletions
Download patch file Download diff file Expand all files Collapse all files

85
flake.nix
View file

@ -75,7 +75,6 @@
flake = false;
};
### inputs for thinkpad x13s
# see https://github.com/jhovold/linux/wiki/X13s for status updates
linux_x13s.url = "github:jhovold/linux/wip/sc8280xp-v6.7";
@ -91,26 +90,23 @@
url = "git+https://codeberg.org/adamcstephens/stop-export.git";
};
# alsa-ucm-conf = {
# flake = false;
# url = "github:alsa-project/alsa-ucm-conf/master";
# };
logseq_0_10_5_aarch64_appimage = {
flake = false;
url = "https://www.stefanjunker.de/downloads/Logseq-0.10.5.AppImage";
};
};
outputs =
inputs @ { self
, flake-parts
, nixpkgs
, ...
}:
let
outputs = inputs @ {
self,
flake-parts,
nixpkgs,
...
}: let
inherit (nixpkgs) lib;
systems = [
@ -153,16 +149,13 @@
]);
# this makes nixos-anywhere work
flake.nixosConfigurations =
let
flake.nixosConfigurations = let
colmenaHive = (inputs.colmena.lib.makeHive self.outputs.colmena).nodes;
router0-dmz0 = (inputs.get-flake ./nix/os/devices/router0-dmz0).nixosConfigurations;
retro = (inputs.get-flake ./nix/os/devices/retro).nixosConfigurations;
in
(
colmenaHive //
{
in (
colmenaHive
// {
router0-dmz0 = router0-dmz0.native;
# for now deploy directly with:
@ -179,21 +172,20 @@
inherit systems;
perSystem =
{ self'
, inputs'
, system
, config
, lib
, pkgs
, ...
perSystem = {
self',
inputs',
system,
config,
lib,
pkgs,
...
}: {
imports = [
./nix/modules/flake-parts/perSystem/default.nix
];
packages =
let
packages = let
dcpj4110dw = pkgs.callPackage (self + /nix/pkgs/dcpj4110dw) {};
craneLib =
@ -208,8 +200,7 @@
# date = "1.60.0";
# }
);
in
{
in {
dcpj4110dwDriver = dcpj4110dw.driver;
dcpj4110dwCupswrapper = dcpj4110dw.cupswrapper;
@ -239,18 +230,21 @@
];
};
prs = pkgs.callPackage
({ pkgs
, dbus
, glib
, gpgme
, gtk3
, libxcb
, libxkbcommon
, installShellFiles
, pkg-config
, python3
}: craneLib.buildPackage {
prs =
pkgs.callPackage
({
pkgs,
dbus,
glib,
gpgme,
gtk3,
libxcb,
libxkbcommon,
installShellFiles,
pkg-config,
python3,
}:
craneLib.buildPackage {
pname = "prs";
version = inputs.prs.shortRev;
src = inputs.prs;
@ -304,7 +298,8 @@
ssh root@${self.colmena.sj-vps-htz0.deployment.targetHost} -L 8385:syncthing.containers:8384
'';
logseq = pkgs.callPackage ./nix/pkgs/logseq
logseq =
pkgs.callPackage ./nix/pkgs/logseq
(lib.attrsets.optionalAttrs pkgs.stdenv.isAarch64 {
overrideSrc = self.inputs.logseq_0_10_5_aarch64_appimage;
});
@ -312,8 +307,7 @@
formatter = pkgs.alejandra;
devShells =
let
devShells = let
all = import ./nix/devShells.nix {
inherit
self'
@ -321,8 +315,7 @@
pkgs
;
};
in
(all // { default = all.develop; });
in (all // {default = all.develop;});
};
flake.nixosModules = {

9
nix/devShells.nix
View file

@ -1,9 +1,8 @@
{ self'
, inputs'
, pkgs
}:
{
self',
inputs',
pkgs,
}: {
install = pkgs.mkShell {
name = "infra-install";
packages = with pkgs; [

41
nix/home-manager/configuration/graphical-fullblown.nix
View file

@ -1,16 +1,15 @@
{ pkgs
, lib
, config
, # these come in via home-manager.extraSpecialArgs and are specific to each node
nodeFlake
, packages'
, ...
}:
let
{
pkgs,
lib,
config,
# these come in via home-manager.extraSpecialArgs and are specific to each node
nodeFlake,
packages',
...
}: let
# pkgsMaster = nodeFlake.inputs.nixpkgs-master.legacyPackages.${pkgs.system};
pkgsUnstableSmall = import nodeFlake.inputs.nixpkgs-unstable-small {inherit (pkgs) system config;};
in
{
in {
imports = [
../profiles/common.nix
# ../profiles/dotfiles.nix
@ -117,15 +116,14 @@ in
pkgsUnstableSmall.signal-desktop.overrideAttrs (old:
lib.attrsets.optionalAttrs pkgs.stdenv.isAarch64 {
inherit version;
src = builtins.fetchurl
src =
builtins.fetchurl
{
url = "https://github.com/0mniteck/Signal-Desktop-Mobian/raw/master/builds/release/signal-desktop_${version}_arm64.deb";
sha256 =
# lib.fakeSha256
"sha256:0svb5vz08n3j4lx4kdjmx5lw9619kvvxg981rs6chh83qz5y519k"
;
}
;
"sha256:0svb5vz08n3j4lx4kdjmx5lw9619kvvxg981rs6chh83qz5y519k";
};
})
)
@ -133,7 +131,6 @@ in
# gnome.cheese
# Virtualization
# virtmanager
@ -141,8 +138,6 @@ in
remmina
# freerdp
# Audio/Video Players
ffmpeg
vlc
@ -193,7 +188,6 @@ in
# mendeley
evince
# File Synchronzation
maestral
rsync
@ -208,7 +202,6 @@ in
# gparted
# smartmontools
## Python
# packages'.myPython
@ -259,7 +252,8 @@ in
++ (lib.lists.optionals (!pkgs.stdenv.targetPlatform.isAarch64) [
])
++ (lib.lists.optionals (!pkgs.stdenv.targetPlatform.isAarch64) [
(pkgs.banana-accounting.overrideDerivation
(
pkgs.banana-accounting.overrideDerivation
(attrs:
with nodeFlake.inputs'.nixpkgs-2211.legacyPackages; {
# dontWrapGApps = true;
@ -300,8 +294,7 @@ in
pkgs.discord
pkgsUnstableSmall.session-desktop
pkgsUnstableSmall.rustdesk
])
;
]);
systemd.user.startServices = true;
services.syncthing.enable = true;

6
nix/home-manager/profiles/common.nix
View file

@ -1,4 +1,8 @@
{ pkgs, lib, ... }: {
{
pkgs,
lib,
...
}: {
# TODO: re-enable this with the appropriate version?
# programs.home-manager.enable = true;
# programs.home-manager.path = https://github.com/rycee/home-manager/archive/445c0b1482c38172a9f8294ee16a7ca7462388e5.tar.gz;

20
nix/home-manager/profiles/dotfiles.nix
View file

@ -1,11 +1,11 @@
{ repoFlake
, pkgs
, config
, repoHttps ? "https://gitlab.com/steveeJ/dotfiles.git"
, repoSsh ? "git@gitlab.com:/steveeJ/dotfiles.git"
, ...
}:
let
{
repoFlake,
pkgs,
config,
repoHttps ? "https://gitlab.com/steveeJ/dotfiles.git",
repoSsh ? "git@gitlab.com:/steveeJ/dotfiles.git",
...
}: let
repoBareLocal =
pkgs.runCommand "fetchbare"
{
@ -39,9 +39,7 @@ let
set_remotes ${repoHttps} ${repoSsh}
fi
'';
in
{
in {
# TODO: fix the dotfiles
# home.activation.vcsh = config.lib.dag.entryAfter["linkGeneration"] ''
# $DRY_RUN_CMD ${vcshActivationScript}

25
nix/home-manager/profiles/sway-desktop.nix
View file

@ -1,19 +1,18 @@
{ pkgs
, config
, lib
, # packages',
repoFlakeInputs'
, ...
}:
let
{
pkgs,
config,
lib,
# packages',
repoFlakeInputs',
...
}: let
inherit (import ../lib.nix {}) mkSimpleTrayService;
lockCmd = "${pkgs.swaylock}/bin/swaylock -efF --color '#000000'";
displayOffCmd = "${pkgs.sway}/bin/swaymsg 'output * power off'";
displayOnCmd = "${pkgs.sway}/bin/swaymsg 'output * power on'";
swapOutputWorkspaces = ../../../scripts/sway-swapoutputworkspaces.sh;
in
{
in {
imports = [
../profiles/wayland-desktop.nix
../programs/waybar.nix
@ -86,12 +85,10 @@ in
systemd.enable = true;
xwayland = true;
config =
let
config = let
modifier = "Mod4";
inherit (config.wayland.windowManager.sway.config) left right up down;
in
{
in {
inherit modifier;
bars = [];

26
nix/home-manager/profiles/wayland-desktop.nix
View file

@ -1,17 +1,16 @@
{ pkgs
, config
, lib
, repoFlake
, nodeFlake
, ...
}:
let
{
pkgs,
config,
lib,
repoFlake,
nodeFlake,
...
}: let
inherit (import ../lib.nix {}) mkSimpleTrayService;
nixpkgs-wayland' = repoFlake.inputs.nixpkgs-wayland.packages.${pkgs.system};
wayprompt = nixpkgs-wayland'.wayprompt;
in
{
in {
fonts.fontconfig.enable = true;
# services.gpg-agent.pinentryFlavor = lib.mkForce null;
@ -31,7 +30,8 @@ in
};
};
home.packages = with pkgs; [
home.packages = with pkgs;
[
# required by network-manager-applet
pkgs.networkmanagerapplet
@ -59,7 +59,9 @@ in
# probably required by flameshot
# xdg-desktop-portal xdg-desktop-portal-wlr
# grim
] ++ (lib.lists.optionals (!pkgs.stdenv.isAarch64)
]
++ (
lib.lists.optionals (!pkgs.stdenv.isAarch64)
# TODO: broken on aarch64
[
]

15
nix/home-manager/programs/chromium.nix
View file

@ -1,9 +1,9 @@
{ name
, lib
, pkgs
, ...
}:
let
{
name,
lib,
pkgs,
...
}: let
extensions =
[
#undetectable adblocker
@ -50,8 +50,7 @@ let
# always right
{id = "npjpaghfnndnnmjiliibnkmdfgbojokj";}
]);
in
{
in {
programs.chromium = {
enable = true;
inherit extensions;

6
nix/home-manager/programs/espanso.nix
View file

@ -10,12 +10,10 @@
# backend = "Clipboard";
};
};
matches =
let
matches = let
playerctl = ''
${pkgs.coreutils}/bin/env DBUS_SESSION_BUS_ADDRESS="unix:path=/run/user/$(${pkgs.coreutils}/bin/id -u)/bus" ${pkgs.playerctl}/bin/playerctl'';
in
{
in {
default = {
matches = [
{

6
nix/home-manager/programs/pass.nix
View file

@ -1,4 +1,8 @@
{repoFlake, pkgs, ...}: {
{
repoFlake,
pkgs,
...
}: {
# required by pass-otp
# home.sessionVariables.PASSWORD_STORE_EXTENSIONS_DIR = "$HOME/.nix-profile/lib/password-store/extensions";
# home.sessionVariables.PASSWORD_STORE_ENABLE_EXTENSIONS = "true";

27
nix/home-manager/programs/radicale.nix
View file

@ -1,10 +1,10 @@
{ config
, lib
, pkgs
, osConfig
, ...
}:
let
{
config,
lib,
pkgs,
osConfig,
...
}: let
libdecsync = pkgs.python3Packages.buildPythonPackage rec {
pname = "libdecsync";
version = "2.2.1";
@ -46,12 +46,10 @@ let
++ [radicale-storage-decsync];
});
mkRadicaleService =
{ suffix
, port
,
}:
let
mkRadicaleService = {
suffix,
port,
}: let
radicale-config = pkgs.writeText "radicale-config-${suffix}" ''
[server]
hosts = localhost:${builtins.toString port}
@ -66,8 +64,7 @@ let
filesystem_folder = ${config.xdg.dataHome}/radicale/radicale-${suffix}
decsync_dir = ${config.xdg.dataHome}/decsync/decsync-${suffix}
'';
in
{
in {
systemd.user.services."radicale-${suffix}" = {
Unit.Description = "Radicale with DecSync (${suffix})";
Service = {

12
nix/home-manager/programs/vscode/default.nix
View file

@ -1,17 +1,21 @@
{ pkgs, nodeFlake, ... }:
{
pkgs,
nodeFlake,
...
}: {
programs.vscode = {
enable = true;
package = pkgs.vscodium;
extensions = [
extensions =
[
# TODO: how can i install (this) vsix(s) directly?
# (builtins.fetchurl {
# # https://open-vsx.org/extension/jeanp413/open-remote-ssh
# url = "https://open-vsx.org/api/jeanp413/open-remote-ssh/0.0.45/file/jeanp413.open-remote-ssh-0.0.45.vsix";
# sha256 = "1qc1qsahfx1nvznq4adplx63w5d94xhafngv76vnqjjbzhv991v2";
# })
] ++ (with pkgs.vscode-extensions;
[
]
++ (with pkgs.vscode-extensions; [
bbenoist.nix
eamodio.gitlens
mkhl.direnv

24
nix/home-manager/programs/zsh.nix
View file

@ -1,11 +1,10 @@
{ config
, lib
, pkgs
, ...
}:
let
just-plugin =
let
{
config,
lib,
pkgs,
...
}: let
just-plugin = let
plugin_file = pkgs.writeText "_just" ''
#compdef just
#autload
@ -36,8 +35,7 @@ let
chmod --recursive a-w $out
'';
};
in
{
in {
programs.zsh = {
enable = true;
@ -48,11 +46,9 @@ in
# will be called again by oh-my-zsh
enableCompletion = false;
enableAutosuggestions = true;
initExtra =
let
initExtra = let
inNixShell = ''$([[ -n "$IN_NIX_SHELL" ]] && printf " 🐚")'';
in
''
in ''
if test ! -n "$TMPDIR" -a -z "$TMPDIR"; then
unset TMPDIR
fi

274
nix/os/devices/router0-dmz0/configuration.nix
View file

@ -1,14 +1,14 @@
{ repoFlake
, pkgs
, lib
, config
, nodeFlake
, nodeName
, localDomainName
, system
, ...
}:
let
{
repoFlake,
pkgs,
lib,
config,
nodeFlake,
nodeName,
localDomainName,
system,
...
}: let
inherit
(nodeFlake.inputs)
bpir3
@ -20,15 +20,18 @@ let
vlanRange = builtins.map (vlanid: (lib.strings.toInt vlanid)) (builtins.attrNames vlans);
vlanRangeWith0 = [0] ++ vlanRange;
mkVlanIpv4HostAddr = { vlanid, host, thirdIpv4SegmentMin ? 20, cidr ? true }:
let
mkVlanIpv4HostAddr = {
vlanid,
host,
thirdIpv4SegmentMin ? 20,
cidr ? true,
}: let
# reserve the first subnet for vlanid == 0
# number the other subnets continously from there
offset =
if vlanid == 0
then thirdIpv4SegmentMin
else thirdIpv4SegmentMin + 1 - vlanRangeStart;
in
builtins.concatStringsSep "."
["192" "168" (toString (vlanid + offset)) "${toString host}${lib.strings.optionalString cidr "/24"}"];
@ -58,32 +61,33 @@ let
"15".packet_priority = -10;
};
vlansByName = lib.attrsets.mapAttrs'
(vlanid': attrs:
vlansByName =
lib.attrsets.mapAttrs'
(
vlanid': attrs:
lib.attrsets.nameValuePair
attrs.name
(attrs // { id = lib.strings.toInt vlanid'; id' = vlanid'; })
(attrs
// {
id = lib.strings.toInt vlanid';
id' = vlanid';
})
)
vlans;
getVlanDomain = {vlanid}:
if vlanid == 0
then
defaultVlan.name
else
vlans."${toString vlanid}".name + "." + defaultVlan.name
;
then defaultVlan.name
else vlans."${toString vlanid}".name + "." + defaultVlan.name;
bridgeInterfaceName = "br-lan";
mkInterfaceName = {vlanid}:
if vlanid == 0
then bridgeInterfaceName
else "${bridgeInterfaceName}.${toString vlanid}"
;
else "${bridgeInterfaceName}.${toString vlanid}";
exposedHost = "sj-srv1.dmz.internal";
in
{
in {
imports = [
repoFlake.inputs.sops-nix.nixosModules.sops
@ -179,8 +183,7 @@ in
# https://github.com/thelegy/nixos-nftables-firewall/tree/main
# TODO: configure packet_priority for VLANs (see https://wiki.nftables.org/wiki-nftables/index.php/Configuring_chains#Base_chain_priority, https://wiki.nftables.org/wiki-nftables/index.php/Setting_packet_metainformation#packet_priority)
nftables =
{
nftables = {
enable = true;
stopRuleset = "";
@ -188,8 +191,7 @@ in
prerouting = {
"exposeHost" = {
after = ["hook"];
rules =
let
rules = let
wanInterfaces = builtins.concatStringsSep ", " config.networking.nftables.firewall.zones.wan.interfaces;
in
# TODO: if this hostname doesn't resolve it'll break the whole ruleset
@ -203,21 +205,21 @@ in
firewall = {
enable = true;
zones = {
zones =
{
lan.interfaces = [(mkInterfaceName {vlanid = 0;})];
vlan.interfaces = builtins.map (vlanid: (mkInterfaceName {inherit vlanid;})) vlanRange;
# lan.ipv4Addresses = ["192.168.0.0/16"];
wan.interfaces = ["wan" "lan0"];
} //
}
//
# generate a zone for each vlan
lib.attrsets.mapAttrs
(key: value: {
interfaces = [(mkInterfaceName {vlanid = value.id;})];
})
vlansByName
;
rules =
let
vlansByName;
rules = let
ipv6IcmpTypes = [
"destination-unreachable"
"echo-reply"
@ -243,8 +245,7 @@ in
"ip protocol icmp icmp type { ${builtins.concatStringsSep ", " ipv4IcmpTypes} } accept"
"ip6 nexthdr icmpv6 icmpv6 type { ${builtins.concatStringsSep ", " ipv6IcmpTypes} } accept"
];
in
{
in {
fw = {
from = ["fw"];
verdict = "accept";
@ -276,17 +277,34 @@ in
vlan-to-fw = {
allowedUDPPortRanges = [
{ from = 67; to = 68; }
{ from = 53; to = 53; }
{
from = 67;
to = 68;
}
{
from = 53;
to = 53;
}
];
allowedTCPPortRanges = [
{ from = 22; to = 22; }
{ from = 53; to = 53; }
{ from = 5201; to = 5201; }
{
from = 22;
to = 22;
}
{
from = 53;
to = 53;
}
{
from = 5201;
to = 5201;
}
];
from = ["vlan"];
to = ["fw"];
extraLines = allowIcmpLines ++ [
extraLines =
allowIcmpLines
++ [
"drop"
];
};
@ -313,7 +331,9 @@ in
to = 22;
}
];
extraLines = allowIcmpLines ++ [
extraLines =
allowIcmpLines
++ [
"drop"
];
};
@ -324,7 +344,8 @@ in
systemd.network = {
wait-online.anyInterface = true;
netdevs = {
netdevs =
{
# Create the bridge interface
"20-${bridgeInterfaceName}" = {
netdevConfig = {
@ -340,14 +361,17 @@ in
DefaultPVID=0
'';
};
}
# generate the vlan devices. these will be tagged on the main bridge
// builtins.foldl'
(acc: cur: acc // cur)
{}
(builtins.map
({ vlanid, vlanid' }: {
(
builtins.map
({
vlanid,
vlanid',
}: {
"20-${mkInterfaceName {inherit vlanid;}}" = {
netdevConfig = {
Kind = "vlan";
@ -356,13 +380,17 @@ in
vlanConfig.Id = vlanid;
};
})
(builtins.map
(vlanid: { inherit vlanid; vlanid' = builtins.toString vlanid; })
(
builtins.map
(vlanid: {
inherit vlanid;
vlanid' = builtins.toString vlanid;
})
vlanRange
)
)
;
networks = {
);
networks =
{
# use lan0 as secondary WAN interface
"10-lan0-wan" = {
matchConfig.Name = "lan0";
@ -455,7 +483,10 @@ in
matchConfig.Name = bridgeInterfaceName;
bridgeConfig = {};
address = [
(mkVlanIpv4HostAddr { vlanid = 0; host = 1; })
(mkVlanIpv4HostAddr {
vlanid = 0;
host = 1;
})
];
networkConfig = {
ConfigureWithoutCarrier = true;
@ -472,31 +503,35 @@ in
}
];
vlan = (builtins.map
vlan = (
builtins.map
(vlanid: (mkInterfaceName {inherit vlanid;}))
vlanRange
);
};
}
# configuration for the hostapd dynamic interfaces
# * netdev type vlan
# * host address for vlan
# * vlan config for wlan interface
//
builtins.foldl'
// builtins.foldl'
(acc: cur: acc // cur)
{}
(builtins.map
({ vlanid, vlanid' }: {
({
vlanid,
vlanid',
}: {
# configure the tagged vlan device with an address and vlan filtering.
# dnsmasq is configured to serve the respective /24 range on each tagged device.
# this device only receives traffic for the given vlanid and sends tagged traffic to the bridge.
"41-${mkInterfaceName {inherit vlanid;}}" = {
matchConfig.Name = "${mkInterfaceName {inherit vlanid;}}";
address = [
(mkVlanIpv4HostAddr { inherit vlanid; host = 1; })
(mkVlanIpv4HostAddr {
inherit vlanid;
host = 1;
})
];
networkConfig = {
ConfigureWithoutCarrier = true;
@ -541,7 +576,10 @@ in
"50-${mkInterfaceName {inherit vlanid;}}" = {
matchConfig.Name = "${mkInterfaceName {inherit vlanid;}}";
address = [
(mkVlanIpv4HostAddr { inherit vlanid; host = 1; })
(mkVlanIpv4HostAddr {
inherit vlanid;
host = 1;
})
];
networkConfig = {
ConfigureWithoutCarrier = true;
@ -549,23 +587,24 @@ in
linkConfig.RequiredForOnline = "no";
};
})
(builtins.map
(vlanid: { inherit vlanid; vlanid' = builtins.toString vlanid; })
(
builtins.map
(vlanid: {
inherit vlanid;
vlanid' = builtins.toString vlanid;
})
vlanRange
))
;
));
};
# wireless access point
services.hostapd = {
enable = true;
package = nodeFlake.packages.${system}.hostapd_patched;
radios =
let
radios = let
# generated with https://miniwebtool.com/mac-address-generator/
mkBssid = i: "34:56:ce:0f:ed:4${toString i}";
in
{
in {
wlan0 = {
band = "2g";
countryCode = "CH";
@ -577,11 +616,9 @@ in
capabilities = ["HT40+" "LDPC" "SHORT-GI-20" "SHORT-GI-40" "TX-STBC" "RX-STBC1" "MAX-AMSDU-7935"];
};
networks = {
wlan0 =
let
wlan0 = let
iface = "wlan0";
in
{
in {
ssid = "mlsia";
bssid = mkBssid 0;
@ -613,20 +650,20 @@ in
# this option currently requires a patch to hostapd
vlan_no_bridge = 1;
/* not used due to the above vlan_no_bridge setting
/*
not used due to the above vlan_no_bridge setting
vlan_tagged_interface = bridgeInterfaceName;
vlan_naming = 1;
vlan_bridge = "br-${iface}.";
*/
vlan_file =
let
generated = builtins.map
(vlanid:
"${builtins.toString vlanid} ${iface}.${builtins.toString vlanid}"
vlan_file = let
generated =
builtins.map
(
vlanid: "${builtins.toString vlanid} ${iface}.${builtins.toString vlanid}"
)
vlanRange
;
vlanRange;
wildcard = [
# Optional wildcard entry matching all VLAN IDs. The first # in the interface
@ -636,7 +673,8 @@ in
"* ${iface}.#"
];
file = pkgs.writeText "hostapd.vlan"
file =
pkgs.writeText "hostapd.vlan"
(builtins.concatStringsSep "\n" (generated ++ wildcard));
filePath = toString file;
in
@ -826,21 +864,35 @@ in
local-ttl = 0;
dhcp-ttl = 0;
dhcp-range =
let
mkDhcpRange = { tag, vlanid }: builtins.concatStringsSep "," [
dhcp-range = let
mkDhcpRange = {
tag,
vlanid,
}:
builtins.concatStringsSep "," [
tag
(mkVlanIpv4HostAddr { inherit vlanid; host = 100; cidr = false; })
(mkVlanIpv4HostAddr { inherit vlanid; host = 199; cidr = false; })
(mkVlanIpv4HostAddr {
inherit vlanid;
host = 100;
cidr = false;
})
(mkVlanIpv4HostAddr {
inherit vlanid;
host = 199;
cidr = false;
})
"12h"
];
in
builtins.map
(vlanid:
mkDhcpRange { tag = mkInterfaceName { inherit vlanid; }; inherit vlanid; }
(
vlanid:
mkDhcpRange {
tag = mkInterfaceName {inherit vlanid;};
inherit vlanid;
}
)
vlanRangeWith0
;
vlanRangeWith0;
# interface = bridgeInterfaceName;
# bind-interfaces = true;
@ -854,7 +906,6 @@ in
# don't use /etc/hosts as this would advertise ${nodeName} as localhost
no-hosts = true;
# address = "/${nodeName}.lan/${fwLanHostAddr}";
server = [
# upstream DNS servers
@ -869,19 +920,27 @@ in
# "9.9.9.9" "8.8.8.8" "1.1.1.1"
];
domain = [
domain =
[
"/${getVlanDomain {vlanid = 0;}}/,local"
] ++ builtins.map
(vlanid:
"${getVlanDomain {inherit vlanid;}},${mkVlanIpv4HostAddr { inherit vlanid; host = 0; cidr = true; }},local"
]
++ builtins.map
(
vlanid: "${getVlanDomain {inherit vlanid;}},${mkVlanIpv4HostAddr {
inherit vlanid;
host = 0;
cidr = true;
}},local"
)
vlanRangeWith0
;
vlanRangeWith0;
# TODO: compare this to using `interface-name`
dynamic-host = [
] ++ builtins.map
(vlanid:
dynamic-host =
[
]
++ builtins.map
(
vlanid:
builtins.concatStringsSep "," [
# "${getVlanDomain{inherit vlanid;}}" "0.0.0.1" (mkInterfaceName {inherit vlanid;})
"${nodeName}.${getVlanDomain {inherit vlanid;}}"
@ -889,13 +948,12 @@ in
(mkInterfaceName {inherit vlanid;})
]
)
vlanRangeWith0
;
vlanRangeWith0;
dhcp-option-force = builtins.map
dhcp-option-force =
builtins.map
(vlanid: "${mkInterfaceName {inherit vlanid;}},option:domain-search,${getVlanDomain {inherit vlanid;}}")
vlanRangeWith0
;
vlanRangeWith0;
# auth-server = [
# (builtins.concatStringsSep "," [

17
nix/os/devices/router0-dmz0/flake.nix
View file

@ -19,7 +19,6 @@
bpir3.inputs.nixpkgs.follows = "nixpkgs";
nixos-nftables-firewall.url = "github:thelegy/nixos-nftables-firewall";
nixos-nftables-firewall.inputs.nixpkgs.follows = "nixpkgs";
@ -60,13 +59,17 @@
nixpkgs.lib.attrsets.recursiveUpdate
attrs
{
specialArgs = (import ./default.nix {
specialArgs =
(import ./default.nix {
system = nativeSystem;
inherit nodeName;
repoFlake = get-flake ../../../..;
nodeFlake = self;
}).meta.nodeSpecialArgs.${nodeName};
})
.meta
.nodeSpecialArgs
.${nodeName};
modules =
[
@ -88,7 +91,6 @@
linuxPackages_bpir3_latest
;
})
];
}
]
@ -112,8 +114,11 @@
};
packages = let
mkPatchedHostapd = pkgs: pkgs.hostapd.overrideDerivation(attrs: {
patches = attrs.patches ++ [
mkPatchedHostapd = pkgs:
pkgs.hostapd.overrideDerivation (attrs: {
patches =
attrs.patches
++ [
"${self.inputs.openwrt}/package/network/services/hostapd/patches/710-vlan_no_bridge.patch"
];
});

27
nix/os/devices/sj-bm-hostkey0/configuration.nix
View file

@ -1,13 +1,14 @@
{ modulesPath
, repoFlake
, packages'
, pkgs
, lib
, config
, nodeFlake
, nodeName
, system
, ...
{
modulesPath,
repoFlake,
packages',
pkgs,
lib,
config,
nodeFlake,
nodeName,
system,
...
}: {
disabledModules = [
];
@ -82,8 +83,7 @@
firewall.enable = false;
};
disko.devices =
let
disko.devices = let
disk = id: {
type = "disk";
device = "/dev/${id}";
@ -104,8 +104,7 @@
};
};
};
in
{
in {
disk = {
sda = disk "sda";
sdb = disk "sdb";

9
nix/os/devices/sj-srv1/configuration.nix
View file

@ -1,7 +1,8 @@
{ nodeName
, config
, pkgs
, ...
{
nodeName,
config,
pkgs,
...
}: {
disabledModules = [];
imports = [

21
nix/os/devices/sj-srv1/system.nix
View file

@ -1,12 +1,11 @@
{ pkgs
, lib
, config
, repoFlake
, nodeName
, ...
}:
{
pkgs,
lib,
config,
repoFlake,
nodeName,
...
}: {
imports = [
../../snippets/systemd-resolved.nix
];
@ -40,11 +39,9 @@
sops.secrets.restic-password.sopsFile = ../../../../secrets/${nodeName}/secrets.yaml;
# adapted from https://github.com/lilyinstarlight/foosteros/blob/5c75ded111878970fd4f600c7adc013f971d5e71/config/restic.nix
services.restic.backups.${nodeName} =
let
services.restic.backups.${nodeName} = let
btrfs = "${pkgs.btrfs-progs}/bin/btrfs";
in
{
in {
initialize = true;
repository = "sftp://u217879-sub3@u217879-sub3.your-storagebox.de:23/restic/${nodeName}";

20
nix/os/devices/sj-vps-htz0/system.nix
View file

@ -1,14 +1,13 @@
{ pkgs
, lib
, config
, repoFlake
, nodeName
, ...
}:
let
wireguardPort = 51820;
in
{
pkgs,
lib,
config,
repoFlake,
nodeName,
...
}: let
wireguardPort = 51820;
in {
imports = [
../../snippets/systemd-resolved.nix
];
@ -95,7 +94,6 @@ in
nix.gc = {automatic = true;};
containers = {
};
home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix {

1
nix/os/devices/steveej-t14/configuration.nix
View file

@ -20,7 +20,6 @@
# samba seerver
({lib, ...}: {
# networking.firewall.enable = lib.mkForce false;
services.samba-wsdd.enable = true; # make shares visible for windows 10 clients
networking.firewall.allowedTCPPorts = [

17
nix/os/devices/steveej-t14/default.nix
View file

@ -1,13 +1,12 @@
{ nodeName
, repoFlake
, repoFlakeWithSystem
, nodeFlake
, ...
}:
let
system = "x86_64-linux";
in
{
nodeName,
repoFlake,
repoFlakeWithSystem,
nodeFlake,
...
}: let
system = "x86_64-linux";
in {
meta.nodeSpecialArgs.${nodeName} = {
inherit repoFlake nodeName nodeFlake;
packages' = repoFlake.packages.${system};

6
nix/os/devices/steveej-t14/hw.nix
View file

@ -1,7 +1,5 @@
{ lib, ... }:
let
in
{
{lib, ...}: let
in {
# TASK: new device
hardware.opinionatedDisk = {
enable = true;

18
nix/os/devices/steveej-t14/pkg.nix
View file

@ -1,8 +1,9 @@
{ pkgs
, lib
, repoFlake
, nodeFlake
, ...
{
pkgs,
lib,
repoFlake,
nodeFlake,
...
}: {
system.stateVersion = "23.05";
home-manager.users.root = _: {
@ -37,8 +38,7 @@
#
# (regreet:505614): Gtk-WARNING **: 10:31:42.532: Theme parser warning: <data>:6:17-18: Empty declaration
# Failed to create /var/empty/.cache for shader cache (Operation not permitted)---disabling.
services.greetd =
let
services.greetd = let
# exec "${pkgs.greetd.gtkgreet}/bin/gtkgreet -l; swaymsg exit"
swayConfig = pkgs.writeText "greetd-sway-config" ''
# `-l` activates layer-shell mode. Notice that `swaymsg exit` will run after gtkgreet.
@ -49,8 +49,7 @@
-b 'Poweroff' 'systemctl poweroff' \
-b 'Reboot' 'systemctl reboot'
'';
in
{
in {
enable = false;
settings = {
vt = 1;
@ -107,5 +106,4 @@
# # };
# # };
# };
}

20
nix/os/devices/steveej-t14/system.nix
View file

@ -1,11 +1,11 @@
{ pkgs
, lib
, config
, nodeName
, repoFlake
, ...
}:
let
{
pkgs,
lib,
config,
nodeName,
repoFlake,
...
}: let
localTcpPorts = [
22
@ -21,9 +21,7 @@ let
22000
21027
];
in
{
in {
nix.settings = {
substituters = [
];

15
nix/os/devices/steveej-t14/user.nix
View file

@ -1,13 +1,12 @@
{ config
, pkgs
, lib
, ...
}:
let
{
config,
pkgs,
lib,
...
}: let
keys = import ../../../variables/keys.nix;
inherit (pkgs.callPackage ../../lib/default.nix {}) mkUser;
in
{
in {
users.users.steveej2 = mkUser {
uid = 1001;
openssh.authorizedKeys.keys = keys.users.steveej.openssh;

22
nix/os/devices/steveej-x13s-rmvbl/configuration.nix
View file

@ -1,15 +1,14 @@
{ repoFlake
, nodeFlake
, pkgs
, lib
, config
, nodeName
, localDomainName
, system
, ...
}:
{
repoFlake,
nodeFlake,
pkgs,
lib,
config,
nodeName,
localDomainName,
system,
...
}: {
nixos-x13s = {
enable = true;
# TODO: use hardware address
@ -80,7 +79,6 @@
};
}
../../snippets/home-manager-with-zsh.nix
../../snippets/sway-desktop.nix
../../snippets/bluetooth.nix

15
nix/os/devices/steveej-x13s-rmvbl/default.nix
View file

@ -1,10 +1,11 @@
{ system ? "aarch64-linux"
, nodeName
, repoFlake
, repoFlakeWithSystem
, nodeFlake
, localDomainName ? "internal"
, ...
{
system ? "aarch64-linux",
nodeName,
repoFlake,
repoFlakeWithSystem,
nodeFlake,
localDomainName ? "internal",
...
}: {
meta.nodeSpecialArgs.${nodeName} = {
inherit repoFlake nodeName nodeFlake system;

39
nix/os/devices/steveej-x13s-rmvbl/flake.nix
View file

@ -1,6 +1,5 @@
{
inputs =
{
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
# required for home-manager modules
@ -23,30 +22,36 @@
nixos-x13s.inputs.nixpkgs.follows = "nixpkgs";
};
outputs =
{ self
, get-flake
, nixpkgs
, ...
}:
let
outputs = {
self,
get-flake,
nixpkgs,
...
}: let
system = "aarch64-linux";
buildPlatform = "x86_64-linux";
repoFlake = get-flake ../../../..;
in
{
in {
lib = {
mkNixosConfiguration = { nodeName, extraModules ? [ ], ... } @ attrs:
mkNixosConfiguration = {
nodeName,
extraModules ? [],
...
} @ attrs:
nixpkgs.lib.nixosSystem (
nixpkgs.lib.attrsets.recursiveUpdate
attrs
{
specialArgs = (import ./default.nix {
specialArgs =
(import ./default.nix {
inherit system;
inherit nodeName repoFlake;
nodeFlake = self;
}).meta.nodeSpecialArgs.${nodeName};
})
.meta
.nodeSpecialArgs
.${nodeName};
modules =
[
@ -57,11 +62,9 @@
);
};
nixosConfigurations =
let
nixosConfigurations = let
nodeName = "steveej-x13s-rmvbl";
in
{
in {
native = self.lib.mkNixosConfiguration {
inherit system nodeName;
extraModules = [

22
nix/os/devices/steveej-x13s/configuration.nix
View file

@ -1,15 +1,14 @@
{ repoFlake
, nodeFlake
, pkgs
, lib
, config
, nodeName
, localDomainName
, system
, ...
}:
{
repoFlake,
nodeFlake,
pkgs,
lib,
config,
nodeName,
localDomainName,
system,
...
}: {
nixos-x13s = {
enable = true;
# TODO: use hardware address
@ -82,7 +81,6 @@
};
}
../../snippets/home-manager-with-zsh.nix
../../snippets/sway-desktop.nix
../../snippets/bluetooth.nix

15
nix/os/devices/steveej-x13s/default.nix
View file

@ -1,10 +1,11 @@
{ system ? "aarch64-linux"
, nodeName
, repoFlake
, repoFlakeWithSystem
, nodeFlake
, localDomainName ? "internal"
, ...
{
system ? "aarch64-linux",
nodeName,
repoFlake,
repoFlakeWithSystem,
nodeFlake,
localDomainName ? "internal",
...
}: {
meta.nodeSpecialArgs.${nodeName} = {
inherit repoFlake nodeName nodeFlake system;

39
nix/os/devices/steveej-x13s/flake.nix
View file

@ -1,6 +1,5 @@
{
inputs =
{
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
# required for home-manager modules
@ -24,28 +23,35 @@
nixos-x13s.inputs.nixpkgs.follows = "nixpkgs";
};
outputs =
{ self
, get-flake
, nixpkgs
, ...
}:
let
outputs = {
self,
get-flake,
nixpkgs,
...
}: let
targetPlatform = "aarch64-linux";
buildPlatform = "x86_64-linux";
repoFlake = get-flake ../../../..;
mkNixosConfiguration = { nodeName, extraModules ? [ ], ... } @ attrs:
mkNixosConfiguration = {
nodeName,
extraModules ? [],
...
} @ attrs:
nixpkgs.lib.nixosSystem (
nixpkgs.lib.attrsets.recursiveUpdate
attrs
{
specialArgs = (import ./default.nix {
specialArgs =
(import ./default.nix {
system = targetPlatform;
inherit nodeName repoFlake;
nodeFlake = self;
}).meta.nodeSpecialArgs.${nodeName};
})
.meta
.nodeSpecialArgs
.${nodeName};
modules =
[
@ -54,17 +60,14 @@
++ extraModules;
}
);
in
{
in {
lib = {
inherit mkNixosConfiguration;
};
nixosConfigurations =
let
nixosConfigurations = let
nodeName = "steveej-x13s";
in
{
in {
native = mkNixosConfiguration {
inherit nodeName;
system = targetPlatform;

12
nix/os/devices/voodoo/flake.nix
View file

@ -32,13 +32,17 @@
nixpkgs.lib.attrsets.recursiveUpdate
attrs
{
specialArgs = (import ./default.nix {
specialArgs =
(import ./default.nix {
system = targetPlatform;
inherit nodeName;
repoFlake = get-flake ../../../..;
nodeFlake = self;
}).meta.nodeSpecialArgs.${nodeName};
})
.meta
.nodeSpecialArgs
.${nodeName};
modules =
[
@ -51,10 +55,8 @@
{
nixpkgs.overlays = [
(final: previous:
{
(final: previous: {
})
];
}
]

15
nix/os/lib/default.nix
View file

@ -1,12 +1,11 @@
{ lib
, config
,
}:
let
keys = import ../../variables/keys.nix;
in
{
mkUser = args: lib.mkMerge [
lib,
config,
}: let
keys = import ../../variables/keys.nix;
in {
mkUser = args:
lib.mkMerge [
{
isNormalUser = true;
extraGroups = [

32
nix/os/modules/hardware.thinkpad-x13s.nix
View file

@ -1,10 +1,15 @@
{ self, pkgs, config, lib, options, ... }:
let
{
self,
pkgs,
config,
lib,
options,
...
}: let
# TODO: introduce options for these
kernelPdMapper = true;
cfg = config.hardware.thinkpad-x13s;
in
{
in {
options.hardware.thinkpad-x13s = {
# TODO: respect this
enable = lib.mkEnableOption "x13s hardware support";
@ -14,8 +19,7 @@ in
description = "mac address to set on boot";
};
};
config =
let
config = let
inherit (config.boot.loader) efi;
kp = [
{
@ -50,17 +54,18 @@ in
inherit qrtr;
};
# We can't quite move to mainline linux
linux_x13s_pkg = {buildLinux, ...} @ args:
buildLinux (args // rec {
buildLinux (args
// rec {
version = "6.7.0";
modDirVersion = lib.versions.pad 3 version;
extraMeta.branch = lib.versions.majorMinor version;
src = self.inputs.linux_x13s;
kernelPatches = (args.kernelPatches or []) ++ kp;
} // (args.argsOverride or { }));
}
// (args.argsOverride or {}));
# we add additional configuration on top of te normal configuration above
# using the extraStructuredConfig option on the kernel patch
@ -76,14 +81,14 @@ in
src = self.inputs.alsa-ucm-conf;
});
alsa-ucm-conf-env.ALSA_CONFIG_UCM2 = "${x13s_alsa-ucm-conf}/share/alsa/ucm2";
in
lib.mkIf cfg.enable
{
nixpkgs.overlays = [
(final: prev:
{
x13s_extra-firmware = pkgs.callPackage
(
final: prev: {
x13s_extra-firmware =
pkgs.callPackage
"${self.inputs.adamcstephens_stop-export}/hardware/x13s/extra-firmware.nix"
{};
@ -195,7 +200,6 @@ in
};
};
# default is performance
powerManagement.cpuFreqGovernor = "ondemand";

3
nix/os/modules/opinionatedDisk.nix
View file

@ -11,8 +11,7 @@ with lib; let
earlyDiskId = cfg:
if cfg.earlyDiskIdOverride != ""
then cfg.earlyDiskIdOverride
else cfg.diskId
;
else cfg.diskId;
in {
options.hardware.opinionatedDisk = {
enable = mkEnableOption "Enable opinionated filesystem layout";

15
nix/os/profiles/common/configuration.nix
View file

@ -1,10 +1,11 @@
{ config
, pkgs
, repoFlake
, nodeFlake
, repoFlakeInputs'
, packages'
, ...
{
config,
pkgs,
repoFlake,
nodeFlake,
repoFlakeInputs',
packages',
...
}: {
imports = [
repoFlake.inputs.sops-nix.nixosModules.sops

11
nix/os/profiles/common/system.nix
View file

@ -1,8 +1,9 @@
{ config
, pkgs
, lib
, nodeName
, ...
{
config,
pkgs,
lib,
nodeName,
...
}: {
networking.hostName = builtins.elemAt (builtins.split "\\." nodeName) 0; # Define your hostname.
networking.domain = builtins.elemAt (builtins.split "(^[^\\.]+\.)" nodeName) 2;

16
nix/os/profiles/common/user.nix
View file

@ -1,9 +1,9 @@
{ config
, pkgs
, lib
, ...
}:
let
{
config,
pkgs,
lib,
...
}: let
keys = import ../../../variables/keys.nix;
inherit
(import ../../lib/default.nix {
@ -16,8 +16,7 @@ let
inherit (lib) types;
cfg = config.users.commonUsers;
in
{
in {
options.users.commonUsers = {
enable = lib.mkOption {
default = true;
@ -77,7 +76,6 @@ in
})
];
users.users.steveej = lib.mkIf cfg.enableNonRoot (mkUser (lib.mkMerge [
{
uid = 1000;

7
nix/os/profiles/graphical/system.nix
View file

@ -1,6 +1,7 @@
{ pkgs
, lib
, ...
{
pkgs,
lib,
...
}: {
imports = [
../../snippets/bluetooth.nix

7
nix/os/snippets/bluetooth.nix
View file

@ -1,6 +1,7 @@
{ pkgs
, lib
, ...
{
pkgs,
lib,
...
}: {
# required for running blueman-applet in user sessions
services.dbus.packages = with pkgs; [blueman];

20
nix/os/snippets/home-manager-with-zsh.nix
View file

@ -1,12 +1,11 @@
{ nodeFlake
, repoFlake
, repoFlakeInputs'
, packages'
, pkgs
, ...
}:
let
{
nodeFlake,
repoFlake,
repoFlakeInputs',
packages',
pkgs,
...
}: let
# TODO: make this configurable
homeUser = "steveej";
commonHomeImports = [
@ -14,8 +13,7 @@ let
../../home-manager/programs/neovim.nix
../../home-manager/programs/zsh.nix
];
in
{
in {
imports = [
nodeFlake.inputs.home-manager.nixosModules.home-manager
];

10
nix/os/snippets/nix-settings.nix
View file

@ -1,7 +1,8 @@
{ nodeFlake
, pkgs
, lib
, ...
{
nodeFlake,
pkgs,
lib,
...
}: {
nix.daemonCPUSchedPolicy = "idle";
nix.daemonIOSchedClass = "idle";
@ -25,5 +26,4 @@
];
nix.registry.nixpkgs.flake = nodeFlake.inputs.nixpkgs;
}

24
nix/os/snippets/radicale.nix
View file

@ -1,15 +1,13 @@
{ config
, lib
, pkgs
, repoFlakeInputs'
, ...
}:
let
{
config,
lib,
pkgs,
repoFlakeInputs',
...
}: let
# TODO: make configurable
homeUser = "steveej";
in
{
in {
sops.secrets.radicale_htpasswd = {
sopsFile = ../../../secrets/desktop/radicale_htpasswd;
format = "binary";
@ -19,8 +17,10 @@ in
home-manager.users.${homeUser} = _: {
imports = [
# TODO: bump these to latest and make it work
(args:
import ../../home-manager/programs/radicale.nix (args // {
(
args:
import ../../home-manager/programs/radicale.nix (args
// {
osConfig = config;
pkgs = repoFlakeInputs'.radicalePkgs.legacyPackages;
})

23
nix/os/snippets/sway-desktop.nix
View file

@ -1,14 +1,12 @@
{ pkgs
, lib
, config
, ...
}:
let
{
pkgs,
lib,
config,
...
}: let
# TODO: make this configurable
homeUser = "steveej";
in
{
in {
services.xserver.serverFlagsSection = ''
Option "BlankTime" "0"
Option "StandbyTime" "0"
@ -54,7 +52,6 @@ in
];
};
# rtkit is optional but recommended
security.rtkit.enable = true;
services.pipewire = {
@ -85,15 +82,13 @@ in
Type = "idle";
};
programs =
let
programs = let
steveejSwayOnTty1 = ''
if test $(id --user steveej) = $(id -u) && test $(tty) = "/dev/tty1"; then
exec sway
fi
'';
in
{
in {
bash.loginShellInit = steveejSwayOnTty1;
# TODO: only do this when zsh is enabled. first naiv attempt lead infinite recursion
zsh.loginShellInit = steveejSwayOnTty1;

8
nix/os/snippets/timezone.nix
View file

@ -1,9 +1,5 @@
{ lib, ... }:
let
{lib, ...}: let
passwords = import ../../variables/passwords.crypt.nix;
in
{
in {
time.timeZone = lib.mkDefault passwords.timeZone.stefan;
}

36
nix/pkgs/logseq/default.nix
View file

@ -1,25 +1,25 @@
{ lib
, stdenv
, fetchurl
, appimageTools
, makeWrapper
# graphs will not sync without matching upstream's major electron version
, electron_27
, git
, nix-update-script
, overrideSrc ? null
}:
stdenv.mkDerivation (finalAttrs:
let
inherit (finalAttrs) pname version src appimageContents;
in
{
lib,
stdenv,
fetchurl,
appimageTools,
makeWrapper,
# graphs will not sync without matching upstream's major electron version
electron_27,
git,
nix-update-script,
overrideSrc ? null,
}:
stdenv.mkDerivation (finalAttrs: let
inherit (finalAttrs) pname version src appimageContents;
in {
pname = "logseq";
version = "0.10.5";
src = if overrideSrc != null then overrideSrc else
src =
if overrideSrc != null
then overrideSrc
else
(fetchurl {
url = "https://github.com/logseq/logseq/releases/download/${version}/logseq-linux-x64-${version}.AppImage";
hash = "sha256-F3YbqgvL04P0nXaIVkJlCq/z8hUE0M0UutkBs2omuBE=";