diff --git a/common/constants.nix b/common/constants.nix index 5dc64bd..6451c25 100644 --- a/common/constants.nix +++ b/common/constants.nix @@ -1,5 +1,8 @@ -{ config, lib, ... }: - +{ + config, + lib, + ... +}: with lib; { options.constants = { domain = mkOption { @@ -50,7 +53,10 @@ with lib; { }; privateKeyFiles = mkOption { type = types.listOf types.str; - default = if config.services.openssh.enable then builtins.map (key: key.path) config.services.openssh.hostKeys else [ "/root/.ssh/${config.networking.hostName}" ]; + default = + if config.services.openssh.enable + then builtins.map (key: key.path) config.services.openssh.hostKeys + else ["/root/.ssh/${config.networking.hostName}"]; description = '' The private key files for sops. ''; diff --git a/common/default.nix b/common/default.nix index dd0cf76..d331642 100644 --- a/common/default.nix +++ b/common/default.nix @@ -1,6 +1,4 @@ -{ inputs, ... }: - -{ +{inputs, ...}: { imports = with inputs; [ home-manager.nixosModules.default sops-nix.nixosModules.default @@ -9,5 +7,5 @@ ./users.nix ]; - home-manager.sharedModules = [ inputs.plasma-manager.homeManagerModules.plasma-manager ]; + home-manager.sharedModules = [inputs.plasma-manager.homeManagerModules.plasma-manager]; } diff --git a/common/secrets.nix b/common/secrets.nix index 0f0e6cd..a6b7688 100644 --- a/common/secrets.nix +++ b/common/secrets.nix @@ -1,6 +1,4 @@ -{ config, ... }: - -{ +{config, ...}: { sops = with config.constants; { age.sshKeyPaths = privateKeyFiles; defaultSopsFile = sopsFile; diff --git a/common/users.nix b/common/users.nix index d26751e..8a58ecd 100644 --- a/common/users.nix +++ b/common/users.nix @@ -1,18 +1,19 @@ -{ config, pkgs, ... }: - -let +{ + config, + pkgs, + ... +}: let home = config.constants.homeDir; usr = config.constants.userName; usrPwdFile = "users/${usr}/password"; -in -{ +in { console.enable = false; fonts = { fontDir.enable = true; fontconfig.defaultFonts = { - sansSerif = [ "Inter" "Noto Sans CJK SC" ]; - monospace = [ "Iosevka" "Noto Sans Mono CJK SC" ]; + sansSerif = ["Inter" "Noto Sans CJK SC"]; + monospace = ["Iosevka" "Noto Sans Mono CJK SC"]; }; packages = with pkgs; [ inter @@ -24,182 +25,209 @@ in home-manager = { useGlobalPkgs = true; useUserPackages = true; - users.${usr} = { config, osConfig, pkgs, ... }: - { - home = { - file.kvantum = { - enable = config.programs.plasma.enable; - target = ".config/Kvantum/kvantum.kvconfig"; - text = '' - [General] - theme=Sweet-Ambar-Blue - ''; - }; - packages = with pkgs; [ + users.${usr} = { + config, + osConfig, + pkgs, + ... + }: { + home = { + file.kvantum = { + enable = config.programs.plasma.enable; + target = ".config/Kvantum/kvantum.kvconfig"; + text = '' + [General] + theme=Sweet-Ambar-Blue + ''; + }; + packages = with pkgs; + [ + alejandra dua fd nil - nixpkgs-fmt rclone sops - ] ++ (if config.programs.plasma.enable then [ - sweet-ambar-blue - wallpaper-engine-plasma6-plugin - yorha-sound-theme - ] ++ (with kdePackages; [ - qtmultimedia - qtstyleplugin-kvantum - qtwebchannel - qtwebengine - qtwebsockets - ]) else [ ]); - stateVersion = osConfig.system.stateVersion; - }; - programs = { - bat.enable = true; - bottom.enable = true; - direnv = { - enable = true; - nix-direnv.enable = true; - }; - eza.enable = true; - fish.enable = true; - fzf.enable = true; - git = { - enable = true; - extraConfig = { - core.autocrlf = "input"; - init.defaultBranch = "development"; - pull.rebase = false; - push.autoSetupRemote = true; - }; - ignores = [ - ".direnv" - ".envrc" - ]; - userEmail = osConfig.constants.postMaster; - userName = osConfig.constants.userName; - }; - helix = { - enable = true; - defaultEditor = true; - settings = { - editor = { - lsp.display-inlay-hints = true; - soft-wrap.enable = true; - }; - theme = "base16_transparent"; - }; - }; - plasma = { - input.touchpads = [ - { - enable = false; - name = "ASUE120A:00 04F3:319B Touchpad"; - productId = "319B"; - vendorId = "04F3"; - } - ]; - kscreenlocker = { - autoLock = true; - lockOnResume = true; - passwordRequired = true; - appearance.wallpaperPictureOfTheDay.provider = "bing"; - }; - kwin = { - effects = { - blur.enable = true; - desktopSwitching.animation = "slide"; - dimAdminMode.enable = true; - windowOpenClose.animation = "glide"; - }; - scripts.polonium = { - enable = true; - settings.layout.engine = "binaryTree"; - }; - virtualDesktops = { - number = 4; - rows = 1; - }; - }; - overrideConfig = true; - panels = [ - { - floating = false; - height = 36; - widgets = [ - { - kickoff = { - icon = "nix-snowflake-white"; - sortAlphabetically = true; - }; - } - "org.kde.plasma.pager" - { - iconTasks.launchers = []; - } - "org.kde.plasma.marginsseparator" - { - systemTray.items = { - shown = [ - "org.kde.kdeconnect" - ]; - hidden = [ - "org.kde.plasma.battery" - "org.kde.plasma.bluetooth" - "org.kde.plasma.brightness" - "org.kde.plasma.devicenotifier" - "org.kde.plasma.manage-inputmethod" - "Fcitx" - ]; - }; - } - "org.kde.plasma.digitalclock" - ]; - } - ]; - powerdevil.AC = { - autoSuspend.action = "nothing"; - dimDisplay.enable = true; - powerButtonAction = "showLogoutScreen"; - whenLaptopLidClosed = "turnOffScreen"; - whenSleepingEnter = "standby"; - }; - spectacle.shortcuts.captureRectangularRegion = "Meta+Shift+S"; - workspace = { - colorScheme = "SweetAmbarBlue"; - desktop.icons = { - alignment = "left"; - arrangement = "leftToRight"; - lockInPlace = true; - sorting = { - foldersFirst = true; - mode = "type"; - }; - }; - iconTheme = "Sweet-Rainbow"; - lookAndFeel = "Sweet-Ambar-Blue"; - soundTheme = "yorha"; - }; - }; - ripgrep.enable = true; - starship = { - enable = true; - enableTransience = true; - }; - tealdeer.enable = true; - zoxide = { - enable = true; - options = [ "--cmd cd" ]; - }; - }; - xdg.enable = true; + ] + ++ ( + if config.programs.plasma.enable + then + [ + sweet-ambar-blue + wallpaper-engine-plasma6-plugin + yorha-sound-theme + ] + ++ (with kdePackages; [ + qtmultimedia + qtstyleplugin-kvantum + qtwebchannel + qtwebengine + qtwebsockets + ]) + else [] + ); + stateVersion = osConfig.system.stateVersion; }; + programs = { + bat.enable = true; + bottom.enable = true; + direnv = { + enable = true; + nix-direnv.enable = true; + }; + eza.enable = true; + firefox.enable = config.programs.plasma.enable; + fish.enable = true; + fzf.enable = true; + git = { + enable = true; + extraConfig = { + core.autocrlf = "input"; + init.defaultBranch = "development"; + pull.rebase = false; + push.autoSetupRemote = true; + }; + ignores = [ + ".direnv" + ".envrc" + ]; + userEmail = osConfig.constants.postMaster; + userName = osConfig.constants.userName; + }; + helix = { + enable = true; + defaultEditor = true; + settings = { + editor = { + lsp.display-inlay-hints = true; + soft-wrap.enable = true; + }; + theme = "base16_transparent"; + }; + }; + kitty = { + enable = config.programs.plasma.enable; + settings = { + background_opacity = "0.96"; + remember_window_size = "no"; + }; + theme = "Tokyo Night Moon"; + }; + plasma = { + configFile = { + kded5rc.Module-browserintegrationreminder.autoload = false; + kdeglobals.General = { + TerminalApplication = "kitty"; + TerminalService = "kitty.desktop"; + }; + }; + input.touchpads = [ + { + enable = false; + name = "ASUE120A:00 04F3:319B Touchpad"; + productId = "319B"; + vendorId = "04F3"; + } + ]; + kscreenlocker = { + autoLock = true; + lockOnResume = true; + passwordRequired = true; + appearance.wallpaperPictureOfTheDay.provider = "bing"; + }; + kwin = { + effects = { + blur.enable = true; + desktopSwitching.animation = "slide"; + dimAdminMode.enable = true; + windowOpenClose.animation = "glide"; + }; + scripts.polonium = { + enable = true; + settings.layout.engine = "binaryTree"; + }; + virtualDesktops = { + number = 4; + rows = 1; + }; + }; + overrideConfig = true; + panels = [ + { + floating = false; + height = 36; + widgets = [ + { + kickoff = { + icon = "nix-snowflake-white"; + sortAlphabetically = true; + }; + } + "org.kde.plasma.pager" + { + iconTasks.launchers = []; + } + "org.kde.plasma.marginsseparator" + { + systemTray.items = { + shown = [ + "org.kde.kdeconnect" + ]; + hidden = [ + "org.kde.plasma.battery" + "org.kde.plasma.bluetooth" + "org.kde.plasma.brightness" + "org.kde.plasma.devicenotifier" + "org.kde.plasma.manage-inputmethod" + "Fcitx" + ]; + }; + } + "org.kde.plasma.digitalclock" + ]; + } + ]; + powerdevil.AC = { + autoSuspend.action = "nothing"; + dimDisplay.enable = true; + powerButtonAction = "showLogoutScreen"; + whenLaptopLidClosed = "turnOffScreen"; + whenSleepingEnter = "standby"; + }; + spectacle.shortcuts.captureRectangularRegion = "Meta+Shift+S"; + workspace = { + colorScheme = "SweetAmbarBlue"; + desktop.icons = { + alignment = "left"; + arrangement = "leftToRight"; + lockInPlace = true; + sorting = { + foldersFirst = true; + mode = "type"; + }; + }; + iconTheme = "Sweet-Rainbow"; + lookAndFeel = "Sweet-Ambar-Blue"; + soundTheme = "yorha"; + }; + }; + ripgrep.enable = true; + starship = { + enable = true; + enableTransience = true; + }; + tealdeer.enable = true; + zoxide = { + enable = true; + options = ["--cmd cd"]; + }; + }; + }; }; i18n = { defaultLocale = "zh_CN.UTF-8"; - supportedLocales = [ "all" ]; + supportedLocales = ["all"]; }; programs = { @@ -209,12 +237,14 @@ in services = { openssh = { - hostKeys = [{ - comment = "host@${config.networking.hostName}"; - path = "/etc/ssh/host"; - rounds = 100; - type = "ed25519"; - }]; + hostKeys = [ + { + comment = "host@${config.networking.hostName}"; + path = "/etc/ssh/host"; + rounds = 100; + type = "ed25519"; + } + ]; settings = { PasswordAuthentication = false; KbdInteractiveAuthentication = false; diff --git a/flake.nix b/flake.nix index 5b73ce4..75ce914 100644 --- a/flake.nix +++ b/flake.nix @@ -13,47 +13,51 @@ sops-nix.url = "github:Mic92/sops-nix"; }; - outputs = inputs@{ self, nixpkgs, nix-custom, ... }: - let - linuxCfgDir = ./linux; - templateDir = ./template; - in - { - nixosConfigurations = builtins.mapAttrs - (instance: _: - nixpkgs.lib.nixosSystem ({ - modules = [ - # Import config from folder - (linuxCfgDir + "/${instance}") - # Setup Nix - ({ pkgs, ... }: { - networking.hostName = instance; - nix = { - gc = { - automatic = true; - options = "--delete-older-than 30d"; - }; - settings = { - auto-optimise-store = true; - experimental-features = [ "nix-command" "flakes" ]; - trusted-substituters = [ "https://mirrors.tuna.tsinghua.edu.cn/nix-channels/store" ]; - }; + outputs = inputs @ { + self, + nixpkgs, + nix-custom, + ... + }: let + linuxCfgDir = ./linux; + templateDir = ./template; + in { + nixosConfigurations = + builtins.mapAttrs + (instance: _: + nixpkgs.lib.nixosSystem { + modules = [ + # Import config from folder + (linuxCfgDir + "/${instance}") + # Setup Nix + ({pkgs, ...}: { + networking.hostName = instance; + nix = { + gc = { + automatic = true; + options = "--delete-older-than 30d"; }; - nixpkgs = { - config.allowUnfree = true; - overlays = [ nix-custom.overlays.default ]; + settings = { + auto-optimise-store = true; + experimental-features = ["nix-command" "flakes"]; + trusted-substituters = ["https://mirrors.tuna.tsinghua.edu.cn/nix-channels/store"]; }; - }) - ]; - specialArgs = { inherit inputs; }; - })) - (builtins.readDir linuxCfgDir); - templates = builtins.mapAttrs - (template: _: { - path = templateDir + "/${template}"; - description = "Template flake setup: ${template}"; + }; + nixpkgs = { + config.allowUnfree = true; + overlays = [nix-custom.overlays.default]; + }; + }) + ]; + specialArgs = {inherit inputs;}; }) - (builtins.readDir templateDir); - }; - + (builtins.readDir linuxCfgDir); + templates = + builtins.mapAttrs + (template: _: { + path = templateDir + "/${template}"; + description = "Template flake setup: ${template}"; + }) + (builtins.readDir templateDir); + }; } diff --git a/linux/blitzar/configuration.nix b/linux/blitzar/configuration.nix index 9e36f26..5d1c55c 100644 --- a/linux/blitzar/configuration.nix +++ b/linux/blitzar/configuration.nix @@ -1,16 +1,15 @@ # Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). - -{ pkgs, ... }: - -{ +{pkgs, ...}: { # Configure boot boot = { initrd.systemd.enable = true; loader = { efi.canTouchEfiVariables = true; - grub = let yorha = pkgs.yorha-grub-theme; in { + grub = let + yorha = pkgs.yorha-grub-theme; + in { enable = true; device = "nodev"; efiSupport = true; @@ -22,7 +21,7 @@ enable = true; extraConfig = "DeviceScale=1"; theme = "target_2"; - themePackages = [ pkgs.adi1090x-plymouth-themes ]; + themePackages = [pkgs.adi1090x-plymouth-themes]; }; }; @@ -46,4 +45,3 @@ # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "24.05"; # Did you read the comment? } - diff --git a/linux/blitzar/default.nix b/linux/blitzar/default.nix index 9a377ca..efaa3d2 100644 --- a/linux/blitzar/default.nix +++ b/linux/blitzar/default.nix @@ -1,6 +1,4 @@ -{ inputs, ... }: - -{ +{inputs, ...}: { imports = with inputs; [ disko.nixosModules.default hardware.nixosModules.asus-zephyrus-ga402 diff --git a/linux/blitzar/device.nix b/linux/blitzar/device.nix index 042fc94..30c8366 100644 --- a/linux/blitzar/device.nix +++ b/linux/blitzar/device.nix @@ -1,15 +1,16 @@ -{ config, pkgs, ... }: - -let - usr = config.constants.userName; -in { + config, + pkgs, + ... +}: let + usr = config.constants.userName; +in { hardware = { bluetooth.enable = true; graphics.enable = true; openrazer = { enable = true; - users = [ usr ]; + users = [usr]; }; }; @@ -32,7 +33,7 @@ in kanata = { enable = true; keyboards.core = { - devices = [ "/dev/input/by-id/usb-ASUSTeK_Computer_Inc._N-KEY_Device-if02-event-kbd" ]; + devices = ["/dev/input/by-id/usb-ASUSTeK_Computer_Inc._N-KEY_Device-if02-event-kbd"]; config = '' (defsrc esc f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 del @@ -46,7 +47,7 @@ in _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ - _ _ _ _ _ _ _ _ _ _ _ _ _ + _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ @li _ _ _ ) @@ -54,7 +55,7 @@ in XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX - XX XX XX XX XX XX XX XX XX XX XX XX XX + XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX @lb XX @lm XX XX XX XX XX XX XX XX XX XX XX XX XX XX ) @@ -62,7 +63,7 @@ in XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX - XX XX XX XX XX XX XX XX XX XX XX XX XX + XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX prev next XX XX XX XX XX XX pp XX @li XX XX XX ) @@ -86,7 +87,7 @@ in printing.enable = true; }; - users.users.${usr}.extraGroups = [ "adbusers" "cdrom" ]; + users.users.${usr}.extraGroups = ["adbusers" "cdrom"]; virtualisation = { containers.enable = true; diff --git a/linux/blitzar/disko.nix b/linux/blitzar/disko.nix index a4e41cb..ff23b44 100644 --- a/linux/blitzar/disko.nix +++ b/linux/blitzar/disko.nix @@ -1,6 +1,4 @@ -{ ... }: - -{ +{...}: { disko.devices = { # Partition the physical disk disk.storage = { diff --git a/linux/blitzar/gui.nix b/linux/blitzar/gui.nix index 8c15fae..d23b670 100644 --- a/linux/blitzar/gui.nix +++ b/linux/blitzar/gui.nix @@ -1,9 +1,19 @@ -{ config, pkgs, ... }: - -let usr = config.constants.userName; in { - home-manager.users.${usr} = { config, pkgs, ... }: - let xdgCfg = config.xdg; in { - home.packages = with pkgs; [ +{ + config, + pkgs, + ... +}: let + usr = config.constants.userName; +in { + home-manager.users.${usr} = { + config, + pkgs, + ... + }: let + xdgCfg = config.xdg; + in { + home.packages = with pkgs; + [ feishin hunspell hunspellDicts.en-us-large @@ -20,114 +30,106 @@ let usr = config.constants.userName; in { thunderbird winetricks wineWowPackages.stagingFull - ] ++ (with kdePackages; [ + ] + ++ (with kdePackages; [ k3b kdepim-addons merkuro ]); - programs = { - firefox.enable = true; - git.signing = { - key = "0x6A815D4CB1637AAC"; - signByDefault = true; - }; - gpg = { - enable = true; - homedir = "${xdgCfg.dataHome}/gnupg"; - }; - kitty = { - enable = true; - settings = { - background_opacity = "0.96"; - remember_window_size = "no"; - }; - theme = "Tokyo Night Moon"; - }; - mpv = { - enable = true; - config = { - osd-bar = "no"; - border = "no"; - }; - scripts = with pkgs.mpvScripts; [ - mpris - thumbfast - uosc - vr-reversal - ]; - }; - obs-studio.enable = true; - plasma.enable = true; - zathura = { - enable = true; - options = { - completion-bg = "#504945"; - completion-fg = "#ebdbb2"; - completion-group-bg = "#3c3836"; - completion-group-fg = "#928374"; - completion-highlight-bg = "#83a598"; - completion-highlight-fg = "#504945"; - default-bg = "#1d2021"; - default-fg = "#ebdbb2"; - highlight-active-color = "#fe8019"; - highlight-color = "#fabd2f"; - index-active-bg = "#83a598"; - index-active-fg = "#504945"; - index-bg = "#504945"; - index-fg = "#ebdbb2"; - inputbar-bg = "#1d2021"; - inputbar-fg = "#ebdbb2"; - notification-bg = "#1d2021"; - notification-error-bg = "#1d2021"; - notification-error-fg = "#fb4934"; - notification-fg = "#b8bb26"; - notification-warning-bg = "#1d2021"; - notification-warning-fg = "#fabd2f"; - recolor = "true"; - recolor-darkcolor = "#ebdbb2"; - recolor-keephue = "true"; - recolor-lightcolor = "#1d2021"; - render-loading = "true"; - render-loading-bg = "#1d2021"; - render-loading-fg = "#ebdbb2"; - selection-clipboard = "clipboard"; - statusbar-bg = "#504945"; - statusbar-fg = "#ebdbb2"; - }; - }; + programs = { + git.signing = { + key = "0x6A815D4CB1637AAC"; + signByDefault = true; }; - services = { - easyeffects.enable = true; - gpg-agent = { - enable = true; - pinentryPackage = pkgs.pinentry-qt; + gpg = { + enable = true; + homedir = "${xdgCfg.dataHome}/gnupg"; + }; + mpv = { + enable = true; + config = { + osd-bar = "no"; + border = "no"; }; - xsettingsd = { - enable = true; - settings = { - "Gdk/UnscaledDPI" = 98304; - "Gdk/WindowScalingFactor" = 2; - "Gtk/EnableAnimations" = 1; - "Gtk/DecorationLayout" = "icon:minimize,maximize,close"; - "Net/ThemeName" = "Sweet-Ambar-Blue"; - "Gtk/PrimaryButtonWarpsSlider" = 1; - "Gtk/ToolbarStyle" = 3; - "Gtk/MenuImages" = 1; - "Gtk/ButtonImages" = 1; - "Gtk/CursorThemeSize" = 96; - "Gtk/CursorThemeName" = "Sweet-cursors"; - "Net/SoundThemeName" = "yorha"; - "Net/IconThemeName" = "Sweet-Rainbow"; - "Gtk/FontName" = "Noto Sans, 10"; - }; + scripts = with pkgs.mpvScripts; [ + mpris + thumbfast + uosc + vr-reversal + ]; + }; + obs-studio.enable = true; + plasma.enable = true; + zathura = { + enable = true; + options = { + completion-bg = "#504945"; + completion-fg = "#ebdbb2"; + completion-group-bg = "#3c3836"; + completion-group-fg = "#928374"; + completion-highlight-bg = "#83a598"; + completion-highlight-fg = "#504945"; + default-bg = "#1d2021"; + default-fg = "#ebdbb2"; + highlight-active-color = "#fe8019"; + highlight-color = "#fabd2f"; + index-active-bg = "#83a598"; + index-active-fg = "#504945"; + index-bg = "#504945"; + index-fg = "#ebdbb2"; + inputbar-bg = "#1d2021"; + inputbar-fg = "#ebdbb2"; + notification-bg = "#1d2021"; + notification-error-bg = "#1d2021"; + notification-error-fg = "#fb4934"; + notification-fg = "#b8bb26"; + notification-warning-bg = "#1d2021"; + notification-warning-fg = "#fabd2f"; + recolor = "true"; + recolor-darkcolor = "#ebdbb2"; + recolor-keephue = "true"; + recolor-lightcolor = "#1d2021"; + render-loading = "true"; + render-loading-bg = "#1d2021"; + render-loading-fg = "#ebdbb2"; + selection-clipboard = "clipboard"; + statusbar-bg = "#504945"; + statusbar-fg = "#ebdbb2"; }; }; }; + services = { + easyeffects.enable = true; + gpg-agent = { + enable = true; + pinentryPackage = pkgs.pinentry-qt; + }; + xsettingsd = { + enable = true; + settings = { + "Gdk/UnscaledDPI" = 98304; + "Gdk/WindowScalingFactor" = 2; + "Gtk/EnableAnimations" = 1; + "Gtk/DecorationLayout" = "icon:minimize,maximize,close"; + "Net/ThemeName" = "Sweet-Ambar-Blue"; + "Gtk/PrimaryButtonWarpsSlider" = 1; + "Gtk/ToolbarStyle" = 3; + "Gtk/MenuImages" = 1; + "Gtk/ButtonImages" = 1; + "Gtk/CursorThemeSize" = 96; + "Gtk/CursorThemeName" = "Sweet-cursors"; + "Net/SoundThemeName" = "yorha"; + "Net/IconThemeName" = "Sweet-Rainbow"; + "Gtk/FontName" = "Noto Sans, 10"; + }; + }; + }; + }; i18n.inputMethod = { enable = true; type = "fcitx5"; - fcitx5.addons = with pkgs; [ fcitx5-nord fcitx5-rime ]; + fcitx5.addons = with pkgs; [fcitx5-nord fcitx5-rime]; }; programs = { @@ -148,7 +150,7 @@ let usr = config.constants.userName; in { }; xserver = { enable = true; - videoDrivers = [ "amdgpu" ]; + videoDrivers = ["amdgpu"]; }; }; } diff --git a/linux/blitzar/hardware-configuration.nix b/linux/blitzar/hardware-configuration.nix index a742e83..2811bc2 100644 --- a/linux/blitzar/hardware-configuration.nix +++ b/linux/blitzar/hardware-configuration.nix @@ -1,18 +1,21 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { - imports = - [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usbhid" "sdhci_pci" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "usbhid" "sdhci_pci"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-amd"]; + boot.extraModulePackages = []; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/linux/blitzar/network.nix b/linux/blitzar/network.nix index 5799f6c..345c2c8 100644 --- a/linux/blitzar/network.nix +++ b/linux/blitzar/network.nix @@ -1,6 +1,4 @@ -{ ... }: - -{ +{...}: { networking = { hostId = "30f8f777"; networkmanager = { diff --git a/linux/blitzar/syncthing.nix b/linux/blitzar/syncthing.nix index 6f821c6..762a1ba 100644 --- a/linux/blitzar/syncthing.nix +++ b/linux/blitzar/syncthing.nix @@ -1,24 +1,21 @@ -{ ... }: - -{ +{...}: { services.syncthing = { enable = true; settings.folders = { game-data = { - devices = [ "protostar" ]; + devices = ["protostar"]; path = "~/Game/data"; type = "sendonly"; }; game-save = { - devices = [ "protostar" ]; + devices = ["protostar"]; path = "~/Game/save"; }; music = { - devices = [ "nebula" ]; + devices = ["nebula"]; path = "~/Music"; type = "sendonly"; }; }; }; } - diff --git a/linux/blitzar/tailscale.nix b/linux/blitzar/tailscale.nix index dc0f3dc..2a86b76 100644 --- a/linux/blitzar/tailscale.nix +++ b/linux/blitzar/tailscale.nix @@ -1,6 +1,4 @@ -{ ... }: - -{ +{...}: { services.tailscale = { enable = true; port = 22276; diff --git a/linux/blitzar/zfs.nix b/linux/blitzar/zfs.nix index a8bbdc6..06f29b6 100644 --- a/linux/blitzar/zfs.nix +++ b/linux/blitzar/zfs.nix @@ -1,6 +1,8 @@ -{ config, lib, ... }: - { + config, + lib, + ... +}: { boot = { kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; loader.grub.zfsSupport = true; @@ -15,60 +17,71 @@ enable = true; settings = { global = { - logging = [{ - type = "syslog"; - level = "info"; - format = "human"; - }]; + logging = [ + { + type = "syslog"; + level = "info"; + format = "human"; + } + ]; }; jobs = [ { name = "snapshot"; type = "snap"; - filesystems = { "zroot/main/home" = true; }; + filesystems = {"zroot/main/home" = true;}; snapshotting = { type = "periodic"; prefix = "zrepl-"; interval = "1h"; }; pruning = { - keep = [{ - type = "grid"; - regex = "^zrepl-.*"; - grid = lib.concatStringsSep " | " [ "1x1h(keep=all)" "24x1h" "7x1d" "4x1w" ]; - }]; + keep = [ + { + type = "grid"; + regex = "^zrepl-.*"; + grid = lib.concatStringsSep " | " ["1x1h(keep=all)" "24x1h" "7x1d" "4x1w"]; + } + ]; }; } { name = "push-to-local-drive"; type = "push"; - send = { encrypted = true; }; + send = {encrypted = true;}; connect = { type = "local"; listener_name = "sink-to-local-drive"; client_identity = config.networking.hostName; }; - filesystems = { "zroot/main/home" = true; }; + filesystems = {"zroot/main/home" = true;}; replication = { protection = { initial = "guarantee_resumability"; incremental = "guarantee_incremental"; }; }; - snapshotting = { type = "manual"; }; + snapshotting = {type = "manual";}; pruning = { - keep_sender = [{ type = "regex"; regex = ".*"; }]; - keep_receiver = [{ - type = "grid"; - regex = "^zrepl-.*"; - grid = lib.concatStringsSep " | " [ "1x1h(keep=all)" "365x1d" "52x1w" ]; - }]; + keep_sender = [ + { + type = "regex"; + regex = ".*"; + } + ]; + keep_receiver = [ + { + type = "grid"; + regex = "^zrepl-.*"; + grid = lib.concatStringsSep " | " ["1x1h(keep=all)" "365x1d" "52x1w"]; + } + ]; }; } { name = "sink-to-local-drive"; type = "sink"; - recv = { placeholder = { encryption = "off"; }; }; + recv = {placeholder = {encryption = "off";};}; root_fs = "zbackup"; serve = { type = "local"; @@ -79,4 +92,3 @@ }; }; } - diff --git a/linux/comet/configuration.nix b/linux/comet/configuration.nix index e381964..bcc9b94 100644 --- a/linux/comet/configuration.nix +++ b/linux/comet/configuration.nix @@ -1,10 +1,7 @@ # Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). - -{ ... }: - -{ +{...}: { # Configure boot loader boot.loader = { efi.canTouchEfiVariables = true; diff --git a/linux/comet/default.nix b/linux/comet/default.nix index 6e416bb..a079293 100644 --- a/linux/comet/default.nix +++ b/linux/comet/default.nix @@ -1,6 +1,4 @@ -{ inputs, ... }: - -{ +{inputs, ...}: { imports = with inputs; [ hardware.nixosModules.common-cpu-intel ../../common diff --git a/linux/comet/hardware-configuration.nix b/linux/comet/hardware-configuration.nix index a677ed4..fc8b01c 100644 --- a/linux/comet/hardware-configuration.nix +++ b/linux/comet/hardware-configuration.nix @@ -1,32 +1,33 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { - imports = - [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "usbhid" "uas" "sd_mod" "sdhci_acpi" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "usbhid" "uas" "sd_mod" "sdhci_acpi"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; - fileSystems."/" = - { - device = "/dev/disk/by-uuid/9f65c4b3-1c87-42a0-8c1d-f3c1ff2e71b1"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/9f65c4b3-1c87-42a0-8c1d-f3c1ff2e71b1"; + fsType = "ext4"; + }; - fileSystems."/boot" = - { - device = "/dev/disk/by-uuid/1C5A-E5B5"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/1C5A-E5B5"; + fsType = "vfat"; + }; - swapDevices = [ ]; + swapDevices = []; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/linux/comet/network.nix b/linux/comet/network.nix index 45a2435..d13efdc 100644 --- a/linux/comet/network.nix +++ b/linux/comet/network.nix @@ -1,6 +1,4 @@ -{ ... }: - -{ +{...}: { networking = { hostId = "3ddd2ad2"; nftables.enable = true; diff --git a/linux/comet/tailscale.nix b/linux/comet/tailscale.nix index e175a8d..add5c79 100644 --- a/linux/comet/tailscale.nix +++ b/linux/comet/tailscale.nix @@ -1,6 +1,4 @@ -{ ... }: - -{ +{...}: { services.tailscale = { enable = true; port = 12765; diff --git a/linux/nebula/conduit.nix b/linux/nebula/conduit.nix index 029efc7..9e9b529 100644 --- a/linux/nebula/conduit.nix +++ b/linux/nebula/conduit.nix @@ -1,6 +1,4 @@ -{ config, ... }: - -{ +{config, ...}: { services.matrix-conduit = { enable = true; settings.global = with config.constants; { diff --git a/linux/nebula/configuration.nix b/linux/nebula/configuration.nix index dd19774..c25ba35 100644 --- a/linux/nebula/configuration.nix +++ b/linux/nebula/configuration.nix @@ -1,10 +1,7 @@ # Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running `nixos-help`). - -{ ... }: - -{ +{...}: { # Configure boot loader boot.loader = { efi.canTouchEfiVariables = true; @@ -22,4 +19,3 @@ # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "24.05"; # Did you read the comment? } - diff --git a/linux/nebula/default.nix b/linux/nebula/default.nix index a719bdf..63031c3 100644 --- a/linux/nebula/default.nix +++ b/linux/nebula/default.nix @@ -1,6 +1,4 @@ -{ inputs, ... }: - -{ +{inputs, ...}: { imports = with inputs; [ disko.nixosModules.default hardware.nixosModules.common-cpu-amd diff --git a/linux/nebula/disko.nix b/linux/nebula/disko.nix index 4a28119..1dcc0f5 100644 --- a/linux/nebula/disko.nix +++ b/linux/nebula/disko.nix @@ -1,6 +1,4 @@ -{ ... }: - -{ +{...}: { disko.devices = { # Partition the physical disk disk.storage = { @@ -77,5 +75,4 @@ }; }; }; - } diff --git a/linux/nebula/forgejo.nix b/linux/nebula/forgejo.nix index c9f6f0e..f645230 100644 --- a/linux/nebula/forgejo.nix +++ b/linux/nebula/forgejo.nix @@ -1,6 +1,4 @@ -{ config, ... }: - -{ +{config, ...}: { services.forgejo = { enable = true; settings = { diff --git a/linux/nebula/hardware-configuration.nix b/linux/nebula/hardware-configuration.nix index 53c759a..3814aa6 100644 --- a/linux/nebula/hardware-configuration.nix +++ b/linux/nebula/hardware-configuration.nix @@ -1,18 +1,21 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { - imports = - [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usbhid" "uas" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "usbhid" "uas" "sd_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-amd"]; + boot.extraModulePackages = []; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/linux/nebula/jellyfin.nix b/linux/nebula/jellyfin.nix index 6cf60b9..c2df1c9 100644 --- a/linux/nebula/jellyfin.nix +++ b/linux/nebula/jellyfin.nix @@ -1,11 +1,12 @@ -{ config, pkgs, ... }: - -let +{ + config, + pkgs, + ... +}: let const = config.constants; ports = const.port; usr = const.userName; -in -{ +in { hardware.graphics.enable = true; services = { @@ -38,7 +39,7 @@ in }; }; - sops.secrets.aria2 = { }; + sops.secrets.aria2 = {}; - users.users.${usr}.extraGroups = [ config.systemd.services.aria2.serviceConfig.Group ]; + users.users.${usr}.extraGroups = [config.systemd.services.aria2.serviceConfig.Group]; } diff --git a/linux/nebula/network.nix b/linux/nebula/network.nix index c40df04..d25857c 100644 --- a/linux/nebula/network.nix +++ b/linux/nebula/network.nix @@ -1,8 +1,6 @@ -{ config, ... }: - -{ +{config, ...}: { networking = { - firewall.trustedInterfaces = [ config.services.tailscale.interfaceName ]; + firewall.trustedInterfaces = [config.services.tailscale.interfaceName]; hostId = "e6449321"; networkmanager = { enable = true; diff --git a/linux/nebula/syncthing.nix b/linux/nebula/syncthing.nix index 66f5ebc..0e71e47 100644 --- a/linux/nebula/syncthing.nix +++ b/linux/nebula/syncthing.nix @@ -1,10 +1,8 @@ -{ ... }: - -{ +{...}: { services.syncthing = { enable = true; settings.folders.music = { - devices = [ "blitzar" ]; + devices = ["blitzar"]; path = "~/Music"; type = "receiveonly"; }; diff --git a/linux/nebula/tailscale.nix b/linux/nebula/tailscale.nix index ceab916..4175495 100644 --- a/linux/nebula/tailscale.nix +++ b/linux/nebula/tailscale.nix @@ -1,6 +1,4 @@ -{ ... }: - -{ +{...}: { services.tailscale = { enable = true; port = 25555; diff --git a/linux/nebula/writefreely.nix b/linux/nebula/writefreely.nix index 2928c3d..cced1ab 100644 --- a/linux/nebula/writefreely.nix +++ b/linux/nebula/writefreely.nix @@ -1,6 +1,4 @@ -{ config, ... }: - -{ +{config, ...}: { services.writefreely = with config.constants; { enable = true; host = "writefreely.${domain}"; diff --git a/linux/nebula/zfs.nix b/linux/nebula/zfs.nix index 1f77169..52850f8 100644 --- a/linux/nebula/zfs.nix +++ b/linux/nebula/zfs.nix @@ -1,7 +1,4 @@ -{ config, ... }: - -{ - +{config, ...}: { boot = { kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; loader.grub.zfsSupport = true; @@ -11,6 +8,4 @@ autoScrub.enable = true; trim.enable = true; }; - } - diff --git a/linux/protostar/configuration.nix b/linux/protostar/configuration.nix index b6aed62..c553789 100644 --- a/linux/protostar/configuration.nix +++ b/linux/protostar/configuration.nix @@ -1,10 +1,7 @@ # Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running `nixos-help`). - -{ ... }: - -{ +{...}: { # Configuration boot boot.loader = { efi.canTouchEfiVariables = true; @@ -27,6 +24,4 @@ # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "24.05"; # Did you read the comment? - } - diff --git a/linux/protostar/default.nix b/linux/protostar/default.nix index b3f447e..1e51006 100644 --- a/linux/protostar/default.nix +++ b/linux/protostar/default.nix @@ -1,6 +1,4 @@ -{ inputs, ... }: - -{ +{inputs, ...}: { imports = with inputs; [ disko.nixosModules.default jovian.nixosModules.default diff --git a/linux/protostar/disko.nix b/linux/protostar/disko.nix index 0931f14..296335d 100644 --- a/linux/protostar/disko.nix +++ b/linux/protostar/disko.nix @@ -1,6 +1,4 @@ -{ ... }: - -{ +{...}: { disko.devices = { # Partition the physical disk disk.storage = { @@ -69,5 +67,4 @@ }; }; }; - } diff --git a/linux/protostar/gui.nix b/linux/protostar/gui.nix index 42185f1..069e8a6 100644 --- a/linux/protostar/gui.nix +++ b/linux/protostar/gui.nix @@ -1,10 +1,12 @@ -{ config, inputs, pkgs, ... }: - -let +{ + config, + inputs, + pkgs, + ... +}: let usr = config.constants.userName; jovianPkgs = pkgs.extend inputs.jovian.overlays.default; -in -{ +in { home-manager.users.${usr} = { home.packages = with jovianPkgs; [ feishin @@ -20,10 +22,7 @@ in winetricks wineWowPackages.stagingFull ]; - programs = { - firefox.enable = true; - plasma.enable = true; - }; + programs.plasma.enable = true; }; jovian = { devices.steamdeck = { diff --git a/linux/protostar/hardware-configuration.nix b/linux/protostar/hardware-configuration.nix index 8bb369f..fe6f3dc 100644 --- a/linux/protostar/hardware-configuration.nix +++ b/linux/protostar/hardware-configuration.nix @@ -1,18 +1,21 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { - imports = - [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usbhid" "sdhci_pci" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "usbhid" "sdhci_pci"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-amd"]; + boot.extraModulePackages = []; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/linux/protostar/network.nix b/linux/protostar/network.nix index d132fa3..f49ac4b 100644 --- a/linux/protostar/network.nix +++ b/linux/protostar/network.nix @@ -1,8 +1,6 @@ -{ config, ... }: - -{ +{config, ...}: { networking = { - firewall.trustedInterfaces = [ config.services.tailscale.interfaceName ]; + firewall.trustedInterfaces = [config.services.tailscale.interfaceName]; hostId = "74247225"; networkmanager.enable = true; nftables.enable = true; diff --git a/linux/protostar/syncthing.nix b/linux/protostar/syncthing.nix index 55bbdb9..b08bdcf 100644 --- a/linux/protostar/syncthing.nix +++ b/linux/protostar/syncthing.nix @@ -1,16 +1,14 @@ -{ ... }: - -{ +{...}: { services.syncthing = { enable = true; settings.folders = { game-data = { - devices = [ "blitzar" ]; + devices = ["blitzar"]; path = "~/Game/data"; type = "receiveonly"; }; game-save = { - devices = [ "blitzar" ]; + devices = ["blitzar"]; path = "~/Game/save"; }; }; diff --git a/linux/protostar/tailscale.nix b/linux/protostar/tailscale.nix index 9213f67..e849749 100644 --- a/linux/protostar/tailscale.nix +++ b/linux/protostar/tailscale.nix @@ -1,6 +1,4 @@ -{ ... }: - -{ +{...}: { services.tailscale = { enable = true; port = 25172; diff --git a/linux/protostar/zfs.nix b/linux/protostar/zfs.nix index 8c6491b..5a32691 100644 --- a/linux/protostar/zfs.nix +++ b/linux/protostar/zfs.nix @@ -1,9 +1,6 @@ -{ ... }: - -{ +{...}: { services.zfs = { autoScrub.enable = true; trim.enable = true; }; } - diff --git a/linux/singularity/caddy.nix b/linux/singularity/caddy.nix index 6c469a5..7006105 100644 --- a/linux/singularity/caddy.nix +++ b/linux/singularity/caddy.nix @@ -1,70 +1,72 @@ -{ config, pkgs, ... }: - { + config, + pkgs, + ... +}: { services.caddy = { enable = true; email = config.constants.postMaster; - virtualHosts = - let - dn = config.constants.domain; - homeSrv = s: "nebula:${portStr.${s}}"; - localSrv = s: "${config.constants.localhost}:${portStr.${s}}"; - msfqdn = config.mailserver.fqdn; - mtfqdn = "matrix.${dn}"; - portStr = builtins.mapAttrs (n: v: toString v) config.constants.port; - wn = s: "/.well-known/${s}"; - in - { - "${dn}".extraConfig = let wnm = wn "matrix"; in '' - header ${wnm}/* Content-Type application/json - header ${wnm}/* Access-Control-Allow-Origin * - respond ${wnm}/server `{ "m.server": "${mtfqdn}:${portStr.https}" }` - respond ${wnm}/client `{ - "m.homeserver": { "base_url": "https://${mtfqdn}" }, - "m.identity_server": { "base_url": "https://${mtfqdn}" } - }` - ''; - "aria2.${dn}".extraConfig = '' - reverse_proxy /jsonrpc ${homeSrv "aria2"} - file_server { - root ${pkgs.ariang}/share/ariang + virtualHosts = let + dn = config.constants.domain; + homeSrv = s: "nebula:${portStr.${s}}"; + localSrv = s: "${config.constants.localhost}:${portStr.${s}}"; + msfqdn = config.mailserver.fqdn; + mtfqdn = "matrix.${dn}"; + portStr = builtins.mapAttrs (n: v: toString v) config.constants.port; + wn = s: "/.well-known/${s}"; + in { + "${dn}".extraConfig = let + wnm = wn "matrix"; + in '' + header ${wnm}/* Content-Type application/json + header ${wnm}/* Access-Control-Allow-Origin * + respond ${wnm}/server `{ "m.server": "${mtfqdn}:${portStr.https}" }` + respond ${wnm}/client `{ + "m.homeserver": { "base_url": "https://${mtfqdn}" }, + "m.identity_server": { "base_url": "https://${mtfqdn}" } + }` + ''; + "aria2.${dn}".extraConfig = '' + reverse_proxy /jsonrpc ${homeSrv "aria2"} + file_server { + root ${pkgs.ariang}/share/ariang + } + ''; + "forgejo.${dn}".extraConfig = '' + reverse_proxy ${homeSrv "forgejo"} + ''; + "headscale.${dn}".extraConfig = '' + reverse_proxy ${localSrv "headscale"} + ''; + "jellyfin.${dn}".extraConfig = '' + reverse_proxy ${homeSrv "jellyfin"} + ''; + "jellyseerr.${dn}".extraConfig = '' + reverse_proxy ${homeSrv "jellyseerr"} + ''; + ${msfqdn} = { + extraConfig = '' + file_server ${wn "acme-challenge"}/* { + root ${config.security.acme.defaults.webroot}/ } ''; - "forgejo.${dn}".extraConfig = '' - reverse_proxy ${homeSrv "forgejo"} - ''; - "headscale.${dn}".extraConfig = '' - reverse_proxy ${localSrv "headscale"} - ''; - "jellyfin.${dn}".extraConfig = '' - reverse_proxy ${homeSrv "jellyfin"} - ''; - "jellyseerr.${dn}".extraConfig = '' - reverse_proxy ${homeSrv "jellyseerr"} - ''; - ${msfqdn} = { - extraConfig = '' - file_server ${wn "acme-challenge"}/* { - root ${config.security.acme.defaults.webroot}/ - } - ''; - useACMEHost = msfqdn; - }; - "matrix.${dn}".extraConfig = '' - reverse_proxy /_matrix/* ${homeSrv "conduit"} - file_server { - root ${pkgs.cinny} - } - ''; - "vault.${dn}".extraConfig = '' - reverse_proxy ${localSrv "vault"} { - header_up X-Real-IP {remote_host} - } - ''; - "writefreely.${dn}".extraConfig = '' - reverse_proxy ${homeSrv "writefreely"} - ''; + useACMEHost = msfqdn; }; + "matrix.${dn}".extraConfig = '' + reverse_proxy /_matrix/* ${homeSrv "conduit"} + file_server { + root ${pkgs.cinny} + } + ''; + "vault.${dn}".extraConfig = '' + reverse_proxy ${localSrv "vault"} { + header_up X-Real-IP {remote_host} + } + ''; + "writefreely.${dn}".extraConfig = '' + reverse_proxy ${homeSrv "writefreely"} + ''; + }; }; security.acme = { @@ -74,5 +76,4 @@ webroot = "/var/lib/acme/acme-challenge"; }; }; - } diff --git a/linux/singularity/configuration.nix b/linux/singularity/configuration.nix index 51b498c..c9e29cd 100644 --- a/linux/singularity/configuration.nix +++ b/linux/singularity/configuration.nix @@ -1,7 +1,4 @@ -{ ... }: - -{ - +{...}: { boot = { tmp.cleanOnBoot = true; loader.grub.device = "/dev/sda"; diff --git a/linux/singularity/default.nix b/linux/singularity/default.nix index 4ed99a0..405b2eb 100644 --- a/linux/singularity/default.nix +++ b/linux/singularity/default.nix @@ -1,6 +1,4 @@ -{ inputs, ... }: - -{ +{inputs, ...}: { imports = with inputs; [ mailserver.nixosModules.default ../../common diff --git a/linux/singularity/hardware-configuration.nix b/linux/singularity/hardware-configuration.nix index 9b46b67..ed40af4 100644 --- a/linux/singularity/hardware-configuration.nix +++ b/linux/singularity/hardware-configuration.nix @@ -1,28 +1,34 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { - imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [(modulesPath + "/profiles/qemu-guest.nix")]; # boot.initrd.availableKernelModules = # [ "ata_piix" "virtio_pci" "virtio_scsi" "sd_mod" ]; # boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; + boot.kernelModules = []; + boot.extraModulePackages = []; # fileSystems."/" = { # device = "/dev/disk/by-uuid/6d3bf8cd-1996-45fb-"; # fsType = "ext4"; # }; - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ]; - boot.initrd.kernelModules = [ "nvme" ]; - fileSystems."/" = { device = "/dev/sda3"; fsType = "ext4"; }; + boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi"]; + boot.initrd.kernelModules = ["nvme"]; + fileSystems."/" = { + device = "/dev/sda3"; + fsType = "ext4"; + }; - - swapDevices = [ ]; + swapDevices = []; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/linux/singularity/headscale.nix b/linux/singularity/headscale.nix index c13f64c..e4ed077 100644 --- a/linux/singularity/headscale.nix +++ b/linux/singularity/headscale.nix @@ -1,6 +1,4 @@ -{ config, ... }: - -{ +{config, ...}: { services = { headscale = with config.constants; { enable = true; diff --git a/linux/singularity/mailserver.nix b/linux/singularity/mailserver.nix index 8dcafd8..93a4098 100644 --- a/linux/singularity/mailserver.nix +++ b/linux/singularity/mailserver.nix @@ -1,24 +1,21 @@ -{ config, ... }: - -let +{config, ...}: let dn = config.constants.domain; usr = config.constants.userName; mailSecret = "mail/${usr}/password"; -in -{ +in { mailserver = { enable = true; fqdn = "mail.${dn}"; - domains = [ dn ]; + domains = [dn]; loginAccounts = { "${usr}@${dn}" = { - aliases = [ config.constants.postMaster ]; + aliases = [config.constants.postMaster]; hashedPasswordFile = config.sops.secrets.${mailSecret}.path; }; }; certificateScheme = "acme"; }; - sops.secrets.${mailSecret} = { }; + sops.secrets.${mailSecret} = {}; } diff --git a/linux/singularity/network.nix b/linux/singularity/network.nix index b1d96e1..502060e 100644 --- a/linux/singularity/network.nix +++ b/linux/singularity/network.nix @@ -1,8 +1,8 @@ -{ config, ... }: - -let hn = config.networking.hostName; in { +{config, ...}: let + hn = config.networking.hostName; +in { networking = { - firewall.allowedTCPPorts = with config.constants.port; [ http https ]; + firewall.allowedTCPPorts = with config.constants.port; [http https]; hostId = "2cadb253"; nftables.enable = true; }; @@ -16,5 +16,5 @@ let hn = config.networking.hostName; in { openssh.enable = true; }; - sops.secrets."cloudflare/${hn}" = { }; + sops.secrets."cloudflare/${hn}" = {}; } diff --git a/linux/singularity/vaultwarden.nix b/linux/singularity/vaultwarden.nix index 482f150..8db7b7b 100644 --- a/linux/singularity/vaultwarden.nix +++ b/linux/singularity/vaultwarden.nix @@ -1,9 +1,9 @@ -{ config, ... }: - -{ +{config, ...}: { services.vaultwarden = { enable = true; - config = let const = config.constants; in { + config = let + const = config.constants; + in { # Disable signup SIGNUPS_ALLOWED = false; # Specify service port diff --git a/template/context/flake.nix b/template/context/flake.nix index 2497136..d43b4b9 100644 --- a/template/context/flake.nix +++ b/template/context/flake.nix @@ -4,15 +4,19 @@ flake-utils.url = "github:numtide/flake-utils"; }; - outputs = { self, flake-utils, nixpkgs }: - flake-utils.lib.eachDefaultSystem (system: - let pkgs = nixpkgs.legacyPackages.${system}; - in { - devShells.default = pkgs.mkShell { - packages = with pkgs; [ texlive.combined.scheme-full ]; - TEXMFHOME = "$XDG_DATA_HOME/texmf"; - TEXMFVAR = "$XDG_CACHE_HOME/texlive/texmf-var"; - EXMFCONFIG = "$XDG_CONFIG_HOME/texlive/texmf-config"; - }; - }); + outputs = { + self, + flake-utils, + nixpkgs, + }: + flake-utils.lib.eachDefaultSystem (system: let + pkgs = nixpkgs.legacyPackages.${system}; + in { + devShells.default = pkgs.mkShell { + packages = with pkgs; [texlive.combined.scheme-full]; + TEXMFHOME = "$XDG_DATA_HOME/texmf"; + TEXMFVAR = "$XDG_CACHE_HOME/texlive/texmf-var"; + EXMFCONFIG = "$XDG_CONFIG_HOME/texlive/texmf-config"; + }; + }); } diff --git a/template/r/flake.nix b/template/r/flake.nix index 91255ed..11ec37b 100644 --- a/template/r/flake.nix +++ b/template/r/flake.nix @@ -4,16 +4,20 @@ flake-utils.url = "github:numtide/flake-utils"; }; - outputs = { self, flake-utils, nixpkgs }: - flake-utils.lib.eachDefaultSystem (system: - let pkgs = nixpkgs.legacyPackages.${system}; - in { - devShells.default = pkgs.mkShell { - packages = with pkgs; [ - (rWrapper.override { - packages = with rPackages; [ tidyverse ]; - }) - ]; - }; - }); + outputs = { + self, + flake-utils, + nixpkgs, + }: + flake-utils.lib.eachDefaultSystem (system: let + pkgs = nixpkgs.legacyPackages.${system}; + in { + devShells.default = pkgs.mkShell { + packages = with pkgs; [ + (rWrapper.override { + packages = with rPackages; [tidyverse]; + }) + ]; + }; + }); } diff --git a/template/rust/flake.nix b/template/rust/flake.nix index f109b61..4a2c287 100644 --- a/template/rust/flake.nix +++ b/template/rust/flake.nix @@ -10,114 +10,129 @@ }; }; - outputs = { self, crane, fenix, flake-utils, nixpkgs, advisory-db }: - flake-utils.lib.eachDefaultSystem (system: - let - pkgs = nixpkgs.legacyPackages.${system}; - fenixPkgs = fenix.packages.${system}; - craneLib = crane.mkLib pkgs; - src = craneLib.path ./.; + outputs = { + self, + crane, + fenix, + flake-utils, + nixpkgs, + advisory-db, + }: + flake-utils.lib.eachDefaultSystem (system: let + pkgs = nixpkgs.legacyPackages.${system}; + fenixPkgs = fenix.packages.${system}; + craneLib = crane.mkLib pkgs; + src = craneLib.path ./.; - # Common arguments can be set here to avoid repeating them later - commonArgs = with pkgs; { - inherit src; - strictDeps = true; - buildInputs = [ + # Common arguments can be set here to avoid repeating them later + commonArgs = with pkgs; { + inherit src; + strictDeps = true; + buildInputs = + [ # Add additional build inputs here - ] ++ lib.optionals stdenv.isDarwin [ + ] + ++ lib.optionals stdenv.isDarwin [ # Additional darwin specific inputs can be set here libiconv ]; - # Additional environment variables can be set directly - # MY_CUSTOM_VAR = "some value"; - }; + # Additional environment variables can be set directly + # MY_CUSTOM_VAR = "some value"; + }; - craneLibLLvmTools = craneLib.overrideToolchain - (fenixPkgs.complete.withComponents [ - "cargo" - "llvm-tools" - "rustc" - ]); + craneLibLLvmTools = + craneLib.overrideToolchain + (fenixPkgs.complete.withComponents [ + "cargo" + "llvm-tools" + "rustc" + ]); - # Build *just* the cargo dependencies, so we can reuse - # all of that work (e.g. via cachix) when running in CI - cargoArtifacts = craneLib.buildDepsOnly commonArgs; + # Build *just* the cargo dependencies, so we can reuse + # all of that work (e.g. via cachix) when running in CI + cargoArtifacts = craneLib.buildDepsOnly commonArgs; - # Build the actual crate itself, reusing the dependency - # artifacts from above. - crate = craneLib.buildPackage (commonArgs // { + # Build the actual crate itself, reusing the dependency + # artifacts from above. + crate = craneLib.buildPackage (commonArgs + // { inherit cargoArtifacts; }); - in - { - checks = { - # Build the crate as part of `nix flake check` for convenience - inherit crate; + in { + checks = { + # Build the crate as part of `nix flake check` for convenience + inherit crate; - # Run clippy (and deny all warnings) on the crate source, - # again, resuing the dependency artifacts from above. - # - # Note that this is done as a separate derivation so that - # we can block the CI if there are issues here, but not - # prevent downstream consumers from building our crate by itself. - clippy = craneLib.cargoClippy (commonArgs // { + # Run clippy (and deny all warnings) on the crate source, + # again, resuing the dependency artifacts from above. + # + # Note that this is done as a separate derivation so that + # we can block the CI if there are issues here, but not + # prevent downstream consumers from building our crate by itself. + clippy = craneLib.cargoClippy (commonArgs + // { inherit cargoArtifacts; cargoClippyExtraArgs = "--all-targets -- --deny warnings"; }); - doc = craneLib.cargoDoc (commonArgs // { + doc = craneLib.cargoDoc (commonArgs + // { inherit cargoArtifacts; }); - # Check formatting - fmt = craneLib.cargoFmt { - inherit src; - }; + # Check formatting + fmt = craneLib.cargoFmt { + inherit src; + }; - # Audit dependencies - audit = craneLib.cargoAudit { - inherit src advisory-db; - }; + # Audit dependencies + audit = craneLib.cargoAudit { + inherit src advisory-db; + }; - # Audit licenses - deny = craneLib.cargoDeny { - inherit src; - }; + # Audit licenses + deny = craneLib.cargoDeny { + inherit src; + }; - # Run tests with cargo-nextest - # Consider setting `doCheck = false` on `my-crate` if you do not want - # the tests to run twice - nextest = craneLib.cargoNextest (commonArgs // { + # Run tests with cargo-nextest + # Consider setting `doCheck = false` on `my-crate` if you do not want + # the tests to run twice + nextest = craneLib.cargoNextest (commonArgs + // { inherit cargoArtifacts; partitions = 1; partitionType = "count"; }); - }; + }; - packages = { + packages = + { default = crate; - } // pkgs.lib.optionalAttrs (!pkgs.stdenv.isDarwin) { - my-crate-llvm-coverage = craneLibLLvmTools.cargoLlvmCov (commonArgs // { - inherit cargoArtifacts; - }); + } + // pkgs.lib.optionalAttrs (!pkgs.stdenv.isDarwin) { + my-crate-llvm-coverage = craneLibLLvmTools.cargoLlvmCov (commonArgs + // { + inherit cargoArtifacts; + }); }; - apps.default = flake-utils.lib.mkApp { - drv = crate; - }; + apps.default = flake-utils.lib.mkApp { + drv = crate; + }; - devShells.default = craneLib.devShell { - # Inherit inputs from checks. - # Enable after Cargo.toml and Cargo.lock are present - # Consider customizing deny.toml - # checks = self.checks.${system}; + devShells.default = craneLib.devShell { + # Inherit inputs from checks. + # Enable after Cargo.toml and Cargo.lock are present + # Consider customizing deny.toml + # checks = self.checks.${system}; - # Extra inputs can be added here; cargo and rustc are provided by default - packages = [ - fenixPkgs.rust-analyzer - ]; - RUST_SRC_PATH = "${fenixPkgs.complete.rust-src}/lib/rustlib/src/rust/library"; - }; - }); + # Extra inputs can be added here; cargo and rustc are provided by default + packages = [ + fenixPkgs.rust-analyzer + ]; + RUST_SRC_PATH = "${fenixPkgs.complete.rust-src}/lib/rustlib/src/rust/library"; + }; + }); } diff --git a/template/typst/flake.nix b/template/typst/flake.nix index 7225a26..0f0e4f8 100644 --- a/template/typst/flake.nix +++ b/template/typst/flake.nix @@ -4,12 +4,16 @@ flake-utils.url = "github:numtide/flake-utils"; }; - outputs = { self, flake-utils, nixpkgs }: - flake-utils.lib.eachDefaultSystem (system: - let pkgs = nixpkgs.legacyPackages.${system}; - in { - devShells.default = pkgs.mkShell { - packages = with pkgs; [ typst ]; - }; - }); + outputs = { + self, + flake-utils, + nixpkgs, + }: + flake-utils.lib.eachDefaultSystem (system: let + pkgs = nixpkgs.legacyPackages.${system}; + in { + devShells.default = pkgs.mkShell { + packages = with pkgs; [typst]; + }; + }); }