From 9710cae7483a7edcda432cd1144f644bb025e970 Mon Sep 17 00:00:00 2001 From: macronova Date: Sat, 31 Aug 2024 21:13:43 -0700 Subject: [PATCH] Refactor configs --- common/secrets.yaml | 7 ++-- common/users.nix | 55 ++++++++++++++----------------- flake.lock | 48 +++++++++++++-------------- flake.nix | 3 +- linux/blitzar/device.nix | 6 ++-- linux/blitzar/gui.nix | 19 ++++++----- linux/nebula/conduit.nix | 26 +++++++++++---- linux/nebula/jellyfin.nix | 19 +++++------ linux/protostar/gui.nix | 7 ++-- linux/singularity/caddy.nix | 40 ++++++++++------------ linux/singularity/mailserver.nix | 15 ++++----- linux/singularity/vaultwarden.nix | 8 ++--- 12 files changed, 125 insertions(+), 128 deletions(-) diff --git a/common/secrets.yaml b/common/secrets.yaml index 3634f6e..59799d5 100644 --- a/common/secrets.yaml +++ b/common/secrets.yaml @@ -1,4 +1,5 @@ aria2: ENC[AES256_GCM,data:wXS/Qgbu3bc9YDwVLCz+EIm8yMl8Un8XPwMv,iv:6j/mRhbA+Ps/8pvfmx0CYH2/iqxcG+roi50Gr6hC3SI=,tag:TK6D/9nmM76ODPH1irbREg==,type:str] +coturn: ENC[AES256_GCM,data:JvywrYxRl9QM4+WXH3xhkl4HZwGZurVYRX+S,iv:x6qmAS+11djd2w6pRr5KZYOy7vNtaC6rIw+XXDuu2aY=,tag:fT202mZDyRknuZK27RzgbA==,type:str] users: macronova: password: ENC[AES256_GCM,data:b1ct21IrepupexfV5CZV31/HRLRbhPY8EZDAA5rkYisSkke5Z6K8IlFePkbRAEre08qastLPr8FARal+s/co6kfR+aFcqD55hMcLaXvthg4xI6K4NRX0Ifp28JaEy0c515qLbvDLiyMsHQ==,iv:uK96mBa7ewu6SjPWb5aJDPKKASSqWFNGfRt88jWhbP8=,tag:eeVXcr3JOOpqO35y0wcXIQ==,type:str] @@ -35,8 +36,8 @@ sops: TG5mYWd3MnI5TlZiNXBjb0JJY3BvN0EKUd0ldQPe0/zdHjsmKEUhH7xkpO4nLfd5 fnTk1jGonJg+t+TqLLg/YYKlcNkgExWaIZ7wrd0RVKXOeC2BtM/wzQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-05-23T18:57:00Z" - mac: ENC[AES256_GCM,data:Oc4Ull2Hk/wU+eSjqIYVuVTLIoHj9PMc+tk4V9lzKBLgkL4mNdvtrWu9Cy1mv+SVVW5l0OXngtvVyo9yAA8kTKdkIDDUHX3R1PDZ8VZQDJuN+XmilH/6EdR3JdkofYNZmFiXzmfiIK376XoLWlSUkOJaIv3cFI9ARtAQSddEwFA=,iv:pzm68rC5VTqC2zfIlqbdcPwBe4ZtE0EwFdxwR8D1FnE=,tag:cDKkcxujot7mv6ZvpcCyRQ==,type:str] + lastmodified: "2024-09-01T04:16:17Z" + mac: ENC[AES256_GCM,data:eGWeRIt35PZ09tYOFwSm5OMC/cehI8Y2W6x2zd4PXLDxZpJi1I7wdvQ1ch/sHabD9Q9SLA4YbisHdCCNEXUc2y0sjfjK9CMvQjsOKhkvtDVPtPvlpK99CthNT2EGER22FxCOr2Ozp95Xji1NQrtxEozZF1IhI2HlZ9a8hZvcue8=,iv:rtnEIZetXDS9QSlOwjWfSFWH56e1C2He0qxQjWjiYxA=,tag:rTQSKM7erUfHscW4dsJJHQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.9.0 diff --git a/common/users.nix b/common/users.nix index 955610c..3c07919 100644 --- a/common/users.nix +++ b/common/users.nix @@ -2,10 +2,9 @@ config, pkgs, ... -}: let - home = config.constants.homeDir; - usr = config.constants.userName; - usrPwdFile = "users/${usr}/password"; +}: +with config.constants; let + usrPwdFile = "users/${userName}/password"; in { console.enable = false; @@ -25,7 +24,7 @@ in { home-manager = { useGlobalPkgs = true; useUserPackages = true; - users.${usr} = { + users.${userName} = { config, osConfig, pkgs, @@ -87,8 +86,8 @@ in { ".direnv" ".envrc" ]; - userEmail = osConfig.constants.postMaster; - userName = osConfig.constants.userName; + userEmail = postMaster; + userName = userName; }; helix = { enable = true; @@ -110,6 +109,7 @@ in { theme = "Tokyo Night Moon"; }; plasma = { + enable = osConfig.services.desktopManager.plasma6.enable; configFile = { baloofilerc = { "Basic Settings".Indexing-Enabled = true; @@ -121,14 +121,16 @@ in { TerminalService = "kitty.desktop"; }; }; - input.touchpads = [ - { - enable = false; - name = "ASUE120A:00 04F3:319B Touchpad"; - productId = "319B"; - vendorId = "04F3"; - } - ]; + desktop.icons = { + alignment = "left"; + arrangement = "leftToRight"; + lockInPlace = true; + sorting = { + foldersFirst = true; + mode = "type"; + }; + }; + immutableByDefault = true; kscreenlocker = { autoLock = true; lockOnResume = true; @@ -194,15 +196,6 @@ in { spectacle.shortcuts.captureRectangularRegion = "Meta+Shift+S"; workspace = { colorScheme = "SweetAmbarBlue"; - desktop.icons = { - alignment = "left"; - arrangement = "leftToRight"; - lockInPlace = true; - sorting = { - foldersFirst = true; - mode = "type"; - }; - }; iconTheme = "Sweet-Rainbow"; lookAndFeel = "Sweet-Ambar-Blue"; soundTheme = "yorha"; @@ -249,13 +242,13 @@ in { }; resolved.enable = true; syncthing = { - configDir = "${home}/.config/syncthing"; - dataDir = "${home}/.local/share/syncthing"; + configDir = "${homeDir}/.config/syncthing"; + dataDir = "${homeDir}/.local/share/syncthing"; openDefaultPorts = true; overrideDevices = true; overrideFolders = true; - settings.devices = config.constants.syncthingDevices; - user = usr; + settings.devices = syncthingDevices; + user = userName; }; }; @@ -263,7 +256,7 @@ in { users = { mutableUsers = false; - users.${usr} = { + users.${userName} = { description = "Sicheng Pan"; extraGroups = [ "audio" @@ -273,9 +266,9 @@ in { "wheel" ]; hashedPasswordFile = config.sops.secrets.${usrPwdFile}.path; - home = config.constants.homeDir; + home = homeDir; isNormalUser = true; - openssh.authorizedKeys.keys = config.constants.publicKeys; + openssh.authorizedKeys.keys = publicKeys; shell = pkgs.fish; }; }; diff --git a/flake.lock b/flake.lock index 11cec0c..8cefcfc 100644 --- a/flake.lock +++ b/flake.lock @@ -37,11 +37,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1724163524, - "narHash": "sha256-3A06DYw47oSLYMalkWDLzTMHC0MKgm1mNfaca9sqUnI=", + "lastModified": 1724895876, + "narHash": "sha256-GSqAwa00+vRuHbq9O/yRv7Ov7W/pcMLis3HmeHv8a+Q=", "owner": "nix-community", "repo": "disko", - "rev": "c7b14da22e302e0f9d7aa4df26b61016bcedf738", + "rev": "511388d837178979de66d14ca4a2ebd5f7991cd3", "type": "github" }, "original": { @@ -141,11 +141,11 @@ }, "hardware": { "locked": { - "lastModified": 1724067415, - "narHash": "sha256-WJBAEFXAtA41RMpK8mvw0cQ62CJkNMBtzcEeNIJV7b0=", + "lastModified": 1724878143, + "narHash": "sha256-UjpKo92iZ25M05kgSOw/Ti6VZwpgdlOa73zHj8OcaDk=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "b09c46430ffcf18d575acf5c339b38ac4e1db5d2", + "rev": "95c3dfe6ef2e96ddc1ccdd7194e3cda02ca9a8ef", "type": "github" }, "original": { @@ -159,11 +159,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1723986931, - "narHash": "sha256-Fy+KEvDQ+Hc8lJAV3t6leXhZJ2ncU5/esxkgt3b8DEY=", + "lastModified": 1724435763, + "narHash": "sha256-UNky3lJNGQtUEXT2OY8gMxejakSWPTfWKvpFkpFlAfM=", "owner": "nix-community", "repo": "home-manager", - "rev": "2598861031b78aadb4da7269df7ca9ddfc3e1671", + "rev": "c2cd2a52e02f1dfa1c88f95abeb89298d46023be", "type": "github" }, "original": { @@ -199,11 +199,11 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1724128906, - "narHash": "sha256-junn8oz6yG1akc5R5b8LjcAl1epKJkAzwPlG57bB3E0=", + "lastModified": 1725153537, + "narHash": "sha256-8+BJdXM1WBAttY+C63pEMUmUtSEWXHEhXOkLK4k1s2E=", "owner": "Jovian-Experiments", "repo": "Jovian-NixOS", - "rev": "d9947d55383ece6ac396820112d34734cf47e2bb", + "rev": "b13488a1f8ab01db6a3d18629f7b22a430f03984", "type": "github" }, "original": { @@ -285,11 +285,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1723891200, - "narHash": "sha256-uljX21+D/DZgb9uEFFG2dkkQbPZN+ig4Z6+UCLWFVAk=", + "lastModified": 1724748588, + "narHash": "sha256-NlpGA4+AIf1dKNq76ps90rxowlFXUsV9x7vK/mN37JM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a0d6390cb3e82062a35d0288979c45756e481f60", + "rev": "a6292e34000dc93d43bccf78338770c1c5ec8a99", "type": "github" }, "original": { @@ -411,11 +411,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1723991338, - "narHash": "sha256-Grh5PF0+gootJfOJFenTTxDTYPidA3V28dqJ/WV7iis=", + "lastModified": 1724819573, + "narHash": "sha256-GnR7/ibgIH1vhoy8cYdmXE6iyZqKqFxQSVkFgosBh6w=", "owner": "nixos", "repo": "nixpkgs", - "rev": "8a3354191c0d7144db9756a74755672387b702ba", + "rev": "71e91c409d1e654808b2621f28a327acfdad8dc2", "type": "github" }, "original": { @@ -479,11 +479,11 @@ "nixpkgs": "nixpkgs_7" }, "locked": { - "lastModified": 1724176973, - "narHash": "sha256-k2Y26WXJQvvDf2CRXvN6KSDPWHkhisGAejJvQak+nYk=", + "lastModified": 1724556439, + "narHash": "sha256-gPR3sxkKxISUvydnqoj54znpUkK8av/HVFuFJuYUw3w=", "owner": "pjones", "repo": "plasma-manager", - "rev": "f13208d6b4cc58458168f5174f4fae463126c074", + "rev": "5c97fe8af2a2e561f14195ed357d8c451fdbff4c", "type": "github" }, "original": { @@ -500,11 +500,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1724159077, - "narHash": "sha256-AddE0u6WbA5R7uxumw1Ka0oG5dv3cTtN0ppO/M/e0cg=", + "lastModified": 1724857454, + "narHash": "sha256-Qyl9Q4QMTLZnnBb/8OuQ9LSkzWjBU1T5l5zIzTxkkhk=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "1064a45e81a4e19cda98741b71219d9f4f136900", + "rev": "4509ca64f1084e73bc7a721b20c669a8d4c5ebe6", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 8237b13..ef328ca 100644 --- a/flake.nix +++ b/flake.nix @@ -53,8 +53,7 @@ # TODO: Remove this when possible config.permittedInsecurePackages = [ - "cinny-4.1.0" - "cinny-unwrapped-4.1.0" + "fluffychat-web-1.20.0" "olm-3.2.16" ]; diff --git a/linux/blitzar/device.nix b/linux/blitzar/device.nix index df086a5..26a6a8a 100644 --- a/linux/blitzar/device.nix +++ b/linux/blitzar/device.nix @@ -3,7 +3,7 @@ pkgs, ... }: let - usr = config.constants.userName; + userName = config.constants.userName; in { hardware = { bluetooth.enable = true; @@ -11,7 +11,7 @@ in { keyboard.qmk.enable = true; openrazer = { enable = true; - users = [usr]; + users = [userName]; }; }; @@ -89,7 +89,7 @@ in { udev.packages = [pkgs.via]; }; - users.users.${usr}.extraGroups = ["adbusers" "cdrom"]; + users.users.${userName}.extraGroups = ["adbusers" "cdrom"]; virtualisation = { containers.enable = true; diff --git a/linux/blitzar/gui.nix b/linux/blitzar/gui.nix index 23d28dd..76d6b4f 100644 --- a/linux/blitzar/gui.nix +++ b/linux/blitzar/gui.nix @@ -3,9 +3,9 @@ pkgs, ... }: let - usr = config.constants.userName; + userName = config.constants.userName; in { - home-manager.users.${usr} = { + home-manager.users.${userName} = { config, pkgs, ... @@ -14,11 +14,8 @@ in { in { home.packages = with pkgs; [ feishin - hunspell - hunspellDicts.en-us-large jellyfin-mpv-shim joplin-desktop - libreoffice-qt6-fresh lutris nheko nvtopPackages.amd @@ -55,7 +52,14 @@ in { ]; }; obs-studio.enable = true; - plasma.enable = true; + plasma.input.touchpads = [ + { + enable = false; + name = "ASUE120A:00 04F3:319B Touchpad"; + productId = "319B"; + vendorId = "04F3"; + } + ]; zathura = { enable = true; options = { @@ -140,10 +144,9 @@ in { }; services = { - colord.enable = true; desktopManager.plasma6.enable = true; displayManager = { - autoLogin.user = usr; + autoLogin.user = userName; sddm = { enable = true; wayland.enable = true; diff --git a/linux/nebula/conduit.nix b/linux/nebula/conduit.nix index 9e9b529..3ca84a0 100644 --- a/linux/nebula/conduit.nix +++ b/linux/nebula/conduit.nix @@ -1,10 +1,24 @@ {config, ...}: { - services.matrix-conduit = { - enable = true; - settings.global = with config.constants; { - address = wildcard; - port = port.conduit; - server_name = domain; + services = with config.constants; { + coturn = { + enable = true; + realm = localhost; + static-auth-secret-file = config.sops.secrets.coturn.path; + use-auth-secret = true; + }; + matrix-conduit = { + enable = true; + settings.global = { + address = wildcard; + port = port.conduit; + turn_secret = "TbbL8a4tsv6HkR9esjkPa4$fTKX"; + turn_uris = [ + "turn:${localhost}?transport=udp" + "turn:${localhost}?transport=tcp" + ]; + server_name = domain; + }; }; }; + sops.secrets.coturn = {}; } diff --git a/linux/nebula/jellyfin.nix b/linux/nebula/jellyfin.nix index c2df1c9..4076f37 100644 --- a/linux/nebula/jellyfin.nix +++ b/linux/nebula/jellyfin.nix @@ -2,11 +2,8 @@ config, pkgs, ... -}: let - const = config.constants; - ports = const.port; - usr = const.userName; -in { +}: +with config.constants; { hardware.graphics.enable = true; services = { @@ -17,29 +14,29 @@ in { check-integrity = true; max-concurrent-downloads = 16; rpc-listen-all = true; - rpc-listen-port = ports.aria2; + rpc-listen-port = port.aria2; }; }; jellyfin = { enable = true; - user = usr; + user = userName; }; jellyseerr = { enable = true; - port = ports.jellyseerr; + port = port.jellyseerr; }; prowlarr.enable = true; radarr = { enable = true; - user = usr; + user = userName; }; sonarr = { enable = true; - user = usr; + user = userName; }; }; sops.secrets.aria2 = {}; - users.users.${usr}.extraGroups = [config.systemd.services.aria2.serviceConfig.Group]; + users.users.${userName}.extraGroups = [config.systemd.services.aria2.serviceConfig.Group]; } diff --git a/linux/protostar/gui.nix b/linux/protostar/gui.nix index 069e8a6..4ea1861 100644 --- a/linux/protostar/gui.nix +++ b/linux/protostar/gui.nix @@ -4,10 +4,10 @@ pkgs, ... }: let - usr = config.constants.userName; + userName = config.constants.userName; jovianPkgs = pkgs.extend inputs.jovian.overlays.default; in { - home-manager.users.${usr} = { + home-manager.users.${userName} = { home.packages = with jovianPkgs; [ feishin lutris @@ -22,7 +22,6 @@ in { winetricks wineWowPackages.stagingFull ]; - programs.plasma.enable = true; }; jovian = { devices.steamdeck = { @@ -33,7 +32,7 @@ in { enable = true; autoStart = true; desktopSession = "plasma"; - user = usr; + user = userName; }; }; diff --git a/linux/singularity/caddy.nix b/linux/singularity/caddy.nix index 77e0866..3478209 100644 --- a/linux/singularity/caddy.nix +++ b/linux/singularity/caddy.nix @@ -2,20 +2,20 @@ config, pkgs, ... -}: { +}: +with config.constants; { services.caddy = { enable = true; - email = config.constants.postMaster; + email = postMaster; virtualHosts = let - dn = config.constants.domain; homeSrv = s: "nebula:${portStr.${s}}"; - localSrv = s: "${config.constants.localhost}:${portStr.${s}}"; + localSrv = s: "${localhost}:${portStr.${s}}"; msfqdn = config.mailserver.fqdn; - mtfqdn = "matrix.${dn}"; - portStr = builtins.mapAttrs (n: v: toString v) config.constants.port; + mtfqdn = "matrix.${domain}"; + portStr = builtins.mapAttrs (n: v: toString v) port; wn = s: "/.well-known/${s}"; in { - "${dn}".extraConfig = let + "${domain}".extraConfig = let wnm = wn "matrix"; in '' header ${wnm}/* Content-Type application/json @@ -26,22 +26,22 @@ "m.identity_server": { "base_url": "https://${mtfqdn}" } }` ''; - "aria2.${dn}".extraConfig = '' + "aria2.${domain}".extraConfig = '' reverse_proxy /jsonrpc ${homeSrv "aria2"} file_server { root ${pkgs.ariang}/share/ariang } ''; - "forgejo.${dn}".extraConfig = '' + "forgejo.${domain}".extraConfig = '' reverse_proxy ${homeSrv "forgejo"} ''; - "headscale.${dn}".extraConfig = '' + "headscale.${domain}".extraConfig = '' reverse_proxy ${localSrv "headscale"} ''; - "jellyfin.${dn}".extraConfig = '' + "jellyfin.${domain}".extraConfig = '' reverse_proxy ${homeSrv "jellyfin"} ''; - "jellyseerr.${dn}".extraConfig = '' + "jellyseerr.${domain}".extraConfig = '' reverse_proxy ${homeSrv "jellyseerr"} ''; ${msfqdn} = { @@ -52,24 +52,18 @@ ''; useACMEHost = msfqdn; }; - "matrix.${dn}".extraConfig = '' + "matrix.${domain}".extraConfig = '' reverse_proxy /_matrix/* ${homeSrv "conduit"} file_server { - root ${pkgs.cinny.override { - conf = { - defaultHomeserver = 0; - hashRouter.enabled = true; - homeserverList = [dn]; - }; - }} + root ${pkgs.fluffychat-web} } ''; - "vault.${dn}".extraConfig = '' + "vault.${domain}".extraConfig = '' reverse_proxy ${localSrv "vault"} { header_up X-Real-IP {remote_host} } ''; - "writefreely.${dn}".extraConfig = '' + "writefreely.${domain}".extraConfig = '' reverse_proxy ${homeSrv "writefreely"} ''; }; @@ -78,7 +72,7 @@ security.acme = { acceptTerms = true; defaults = { - email = config.constants.postMaster; + email = postMaster; webroot = "/var/lib/acme/acme-challenge"; }; }; diff --git a/linux/singularity/mailserver.nix b/linux/singularity/mailserver.nix index 93a4098..de9a53a 100644 --- a/linux/singularity/mailserver.nix +++ b/linux/singularity/mailserver.nix @@ -1,16 +1,15 @@ -{config, ...}: let - dn = config.constants.domain; - usr = config.constants.userName; - mailSecret = "mail/${usr}/password"; +{config, ...}: +with config.constants; let + mailSecret = "mail/${userName}/password"; in { mailserver = { enable = true; - fqdn = "mail.${dn}"; - domains = [dn]; + fqdn = "mail.${domain}"; + domains = [domain]; loginAccounts = { - "${usr}@${dn}" = { - aliases = [config.constants.postMaster]; + "${userName}@${domain}" = { + aliases = [postMaster]; hashedPasswordFile = config.sops.secrets.${mailSecret}.path; }; }; diff --git a/linux/singularity/vaultwarden.nix b/linux/singularity/vaultwarden.nix index 8db7b7b..70883a0 100644 --- a/linux/singularity/vaultwarden.nix +++ b/linux/singularity/vaultwarden.nix @@ -1,14 +1,12 @@ {config, ...}: { services.vaultwarden = { enable = true; - config = let - const = config.constants; - in { + config = with config.constants; { # Disable signup SIGNUPS_ALLOWED = false; # Specify service port - ROCKET_ADDRESS = const.localhost; - ROCKET_PORT = const.port.vault; + ROCKET_ADDRESS = localhost; + ROCKET_PORT = port.vault; }; }; }