alex/nixos-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: alex:0c0c27361ce55eecc1c36b35dff620fdfb69f529
Branches Tags
alex:main
...
compare: alex:ededfaa6753999973844070be5503b720dcadc7d
Branches Tags
alex:main

21 Commits
0c0c27361c ... ededfaa675

Author SHA1 Message Date
Alexander Heldt
ededfaa675 tadpole: Add match block for git.ppp.pm in ssh 2024-09-05 18:32:06 +02:00
Alexander Heldt
1e6f0fa4e3 backwards: Add match block for git.ppp.pm in ssh 2024-09-05 18:29:52 +02:00
Alexander Heldt
03cc3a616b tadpole: Add secrets for git.ppp.pm 2024-09-05 18:27:07 +02:00
Alexander Heldt
320f164b11 backwards: Add secrets for git.ppp.pm 2024-09-05 18:26:47 +02:00
Alexander Heldt
899b450f8c pinwheel: Don't format files named "secrets.nix" in emacs 2024-09-05 18:20:46 +02:00
Alexander Heldt
d2743436aa pinwheel: Add grpcurl to work module 2024-09-05 12:40:00 +02:00
Alexander Heldt
fb281612e8 pinwheel: Move postman to work module 2024-09-05 12:39:44 +02:00
Alexander Heldt
18bda50a13 Update flake inputs 2024-09-04 21:15:37 +02:00
Alexander Heldt
a49c49cc02 pinwheel: Add nixfmt to nix module 2024-09-02 22:36:16 +02:00
Alexander Heldt
15711a903e pinwheel: Format nix files on save in emacs 2024-09-02 21:59:10 +02:00
Alexander Heldt
fd4d1d13df pinwheel: Remove nil from nix module 2024-09-02 21:59:10 +02:00
Alexander Heldt
0dfbf16522 pinwheel: Use nixd in emacs 2024-09-02 21:59:10 +02:00
Alexander Heldt
f15701f426 Apply nixfmt 2024-09-02 21:55:41 +02:00
Alexander Heldt
bda8def5fe Add dev shell with nixfmt 2024-09-02 21:07:34 +02:00
Alexander Heldt
dd9be869d2 Remove unused self reference in flake.nix 2024-09-02 20:42:12 +02:00
Alexander Heldt
4afbe23915 pinwheel: Remove pants.nix from work module 2024-09-02 20:41:42 +02:00
Alexander Heldt
04f1bef188 sombrero: remove host sombrero 2024-09-02 20:29:48 +02:00
Alexander Heldt
395e4f8256 backwards: Enable calibre-web module 2024-09-01 17:53:36 +02:00
Alexander Heldt
1c654cc104 backwards: Add calibre-web module 2024-09-01 17:51:44 +02:00
Alexander Heldt
6142c30f4a backwards: Enable audiobookshelf module 2024-09-01 12:20:36 +02:00
Alexander Heldt
81d06fc019 backwards: Add audiobookshelf module 2024-09-01 12:20:36 +02:00
103 changed files with 948 additions and 1395 deletions
Expand all files Collapse all files

1
.envrc Normal file
View File

@@ -0,0 +1 @@
use flake

1
.gitignore vendored
View File

@@ -1,2 +1,3 @@
.direnv/
*.qcow2 *.qcow2
result result

82
config-manager/default.nix
View File

@@ -1,4 +1,10 @@
{ inputs, pkgs, lib, config, ... }: {
inputs,
pkgs,
lib,
config,
...
}:
let let
flakePath = config.config-manager.flakePath; flakePath = config.config-manager.flakePath;
nixosConfiguration = config.config-manager.nixosConfiguration; nixosConfiguration = config.config-manager.nixosConfiguration;
@@ -12,49 +18,49 @@ let
throw "'config-manager.nixosConfiguration' cannot be empty" throw "'config-manager.nixosConfiguration' cannot be empty"
else else
pkgs.writeShellScriptBin "cm" '' pkgs.writeShellScriptBin "cm" ''
help() { help() {
cat << EOF cat << EOF
Usage: Usage:
cm [flag] cm [flag]
Flags: Flags:
--update updates the flake --update updates the flake
--switch rebuilds + switches configuration (using 'nh') --switch rebuilds + switches configuration (using 'nh')
--build-test-vm, --btvm build test-vm --build-test-vm, --btvm build test-vm
--run-test-vm, --rtvm run test-vm --run-test-vm, --rtvm run test-vm
EOF EOF
} }
update() { update() {
echo -e "\033[0;31mUPDATING FLAKE\033[0m" echo -e "\033[0;31mUPDATING FLAKE\033[0m"
nix flake update ${flakePath} nix flake update ${flakePath}
} }
switch() { switch() {
nixos-rebuild dry-build --flake ${flakePath}#${nixosConfiguration} nixos-rebuild dry-build --flake ${flakePath}#${nixosConfiguration}
${nh}/bin/nh os switch --hostname ${nixosConfiguration} ${flakePath} ${nh}/bin/nh os switch --hostname ${nixosConfiguration} ${flakePath}
} }
build-test-vm() { build-test-vm() {
nixos-rebuild build-vm --flake ${flakePath}#test-vm nixos-rebuild build-vm --flake ${flakePath}#test-vm
} }
run-test-vm() { run-test-vm() {
${flakePath}/result/bin/run-test-vm-vm ${flakePath}/result/bin/run-test-vm-vm
} }
case $1 in case $1 in
--update) --update)
update ;; update ;;
--switch) --switch)
switch ;; switch ;;
--build-test-vm | --btvm) --build-test-vm | --btvm)
build-test-vm ;; build-test-vm ;;
--run-test-vm | --rtvm) --run-test-vm | --rtvm)
run-test-vm ;; run-test-vm ;;
--help | *) --help | *)
help ;; help ;;
esac esac
''; '';
in in
{ {

42
flake.lock generated
View File

@@ -54,11 +54,11 @@
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1725037990, "lastModified": 1725470024,
"narHash": "sha256-7ZwhCJQ8/BvP5UDSOe9PUzrDlDePxfyDrkEYuuZZJJ8=", "narHash": "sha256-i2iWRFWaTCahFz9B2vKqIqpPimL/yn1zX3lZ2EkBzc0=",
"owner": "nix-community", "owner": "nix-community",
"repo": "emacs-overlay", "repo": "emacs-overlay",
"rev": "45405f34d10260753298ff244a9b9c36e04b2e11", "rev": "8a94f9d557f3f8b372f03f18b2e1be3820d7da7f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -113,11 +113,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1724435763, "lastModified": 1725180166,
"narHash": "sha256-UNky3lJNGQtUEXT2OY8gMxejakSWPTfWKvpFkpFlAfM=", "narHash": "sha256-fzssXuGR/mCeGbzM1ExaTqDz7QDGta3WA4jJsZyRruo=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "c2cd2a52e02f1dfa1c88f95abeb89298d46023be", "rev": "471e3eb0a114265bcd62d11d58ba8d3421ee68eb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -133,11 +133,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1722636442, "lastModified": 1725276753,
"narHash": "sha256-+7IS0n3/F0I5j6ZbrVlLcIIPHY3o+/vLAqg/G48sG+w=", "narHash": "sha256-kcV2M7xIoQvLRIrMndysM4E0d2zGSwIDejamT4LKnDg=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "contrib", "repo": "contrib",
"rev": "9d67858b437d4a1299be496d371b66fc0d3e01f6", "rev": "ae618eafa81b596db034c5df1d75d4eddf785824",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -153,11 +153,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1724689275, "lastModified": 1725287741,
"narHash": "sha256-wpxC7XiZ9maYZA4BSLKGXc+pn2fwaiq2Ybu5kNjl1ao=", "narHash": "sha256-ZxyB7BwxQjoMz5lUnsb+KuTWfRyPtJVqEjnlOoABSUE=",
"owner": "viperML", "owner": "viperML",
"repo": "nh", "repo": "nh",
"rev": "a922eada049854019c5d1bbc82383f7095773e5c", "rev": "5dd64eb04fddeac2eb08c018212cc58978934920",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -183,11 +183,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1724878143, "lastModified": 1725470640,
"narHash": "sha256-UjpKo92iZ25M05kgSOw/Ti6VZwpgdlOa73zHj8OcaDk=", "narHash": "sha256-xaIvCE8ZP65fj2HR7DlDX+iJMBxasfjEv+zc6Cuwf3I=",
"owner": "nixos", "owner": "nixos",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "95c3dfe6ef2e96ddc1ccdd7194e3cda02ca9a8ef", "rev": "ace1cedf3ecfbac81b29522d71009878951a69eb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -199,11 +199,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1724819573, "lastModified": 1725103162,
"narHash": "sha256-GnR7/ibgIH1vhoy8cYdmXE6iyZqKqFxQSVkFgosBh6w=", "narHash": "sha256-Ym04C5+qovuQDYL/rKWSR+WESseQBbNAe5DsXNx5trY=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "71e91c409d1e654808b2621f28a327acfdad8dc2", "rev": "12228ff1752d7b7624a54e9c1af4b222b3c1073b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -215,11 +215,11 @@
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1724855419, "lastModified": 1725001927,
"narHash": "sha256-WXHSyOF4nBX0cvHN3DfmEMcLOVdKH6tnMk9FQ8wTNRc=", "narHash": "sha256-eV+63gK0Mp7ygCR0Oy4yIYSNcum2VQwnZamHxYTNi+M=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "ae2fc9e0e42caaf3f068c1bfdc11c71734125e06", "rev": "6e99f2a27d600612004fbd2c3282d614bfee6421",
"type": "github" "type": "github"
}, },
"original": { "original": {

100
flake.nix
View File

@@ -11,7 +11,7 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nix-gc-env.url= "github:Julow/nix-gc-env"; nix-gc-env.url = "github:Julow/nix-gc-env";
home-manager = { home-manager = {
url = "github:nix-community/home-manager"; url = "github:nix-community/home-manager";
@@ -39,50 +39,62 @@
}; };
}; };
outputs = { self, ... }@inputs: { outputs =
nixosConfigurations = { { ... }@inputs:
pinwheel = inputs.nixpkgs.lib.nixosSystem { {
system = "x86_64-linux"; nixosConfigurations = {
specialArgs = { inherit inputs; }; pinwheel = inputs.nixpkgs.lib.nixosSystem {
modules = [ system = "x86_64-linux";
./hosts/pinwheel/configuration.nix specialArgs = {
inputs.nixos-hardware.nixosModules.lenovo-thinkpad-x1-10th-gen inherit inputs;
./hosts/pinwheel/home.nix };
]; modules = [
./hosts/pinwheel/configuration.nix
inputs.nixos-hardware.nixosModules.lenovo-thinkpad-x1-10th-gen
./hosts/pinwheel/home.nix
];
};
backwards = inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
inherit inputs;
};
modules = [
./hosts/backwards/configuration.nix
./hosts/backwards/home.nix
];
};
tadpole = inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
inherit inputs;
};
modules = [
./hosts/tadpole/configuration.nix
./hosts/tadpole/home.nix
];
};
test-vm = inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
inherit inputs;
};
modules = [ ./hosts/test-vm/configuration.nix ];
};
}; };
backwards = inputs.nixpkgs.lib.nixosSystem { devShells =
system = "x86_64-linux"; let
specialArgs = { inherit inputs; }; system = "x86_64-linux";
modules = [ pkgs = inputs.nixpkgs.legacyPackages.${system};
./hosts/backwards/configuration.nix in
./hosts/backwards/home.nix {
]; ${system}.default = pkgs.mkShell {
}; packages = [ pkgs.nixfmt-rfc-style ];
};
sombrero = inputs.nixpkgs.lib.nixosSystem { };
system = "aarch64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/sombrero/configuration.nix
./hosts/sombrero/home.nix
];
};
tadpole = inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/tadpole/configuration.nix
./hosts/tadpole/home.nix
];
};
test-vm = inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [ ./hosts/test-vm/configuration.nix ];
};
}; };
};
} }

25
hosts/backwards/configuration.nix
View File

@@ -1,14 +1,16 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
imports = imports = [
[ ../../config-manager/default.nix
../../config-manager/default.nix ../../shared-modules/syncthing.nix
../../shared-modules/syncthing.nix ./hardware-configuration.nix
./hardware-configuration.nix ./modules
./modules ];
];
nix.settings.experimental-features = [ "nix-command" "flakes" ]; nix.settings.experimental-features = [
"nix-command"
"flakes"
];
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
console.keyMap = "sv-latin1"; console.keyMap = "sv-latin1";
@@ -25,8 +27,11 @@
users.users.alex = { users.users.alex = {
isNormalUser = true; isNormalUser = true;
description = "alex"; description = "alex";
extraGroups = [ "networkmanager" "wheel" ]; extraGroups = [
packages = []; "networkmanager"
"wheel"
];
packages = [ ];
}; };
environment.variables.EDITOR = "vim"; environment.variables.EDITOR = "vim";

49
hosts/backwards/hardware-configuration.nix
View File

@@ -1,32 +1,47 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: {
config,
lib,
pkgs,
modulesPath,
...
}:
{ {
imports = imports = [
[ (modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-uuid/bad3d82a-7bb8-490f-bd01-a4b16fe6f33d"; device = "/dev/disk/by-uuid/bad3d82a-7bb8-490f-bd01-a4b16fe6f33d";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/boot" = fileSystems."/boot" = {
{ device = "/dev/disk/by-uuid/D049-60DD"; device = "/dev/disk/by-uuid/D049-60DD";
fsType = "vfat"; fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ]; options = [
}; "fmask=0077"
"dmask=0077"
swapDevices =
[ { device = "/dev/disk/by-uuid/ff4de0e5-2c60-4ee7-a55c-450727efb921"; }
]; ];
};
swapDevices = [
{ device = "/dev/disk/by-uuid/ff4de0e5-2c60-4ee7-a55c-450727efb921"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's

29
hosts/backwards/modules/audiobookshelf/default.nix Normal file
View File

@@ -0,0 +1,29 @@
{ lib, config, ... }:
let
enabled = config.mod.audiobookshelf.enable;
in
{
options = {
mod.audiobookshelf = {
enable = lib.mkEnableOption "Enable audiobookshelf module";
};
};
config = lib.mkIf enabled {
fileSystems."/home/alex/media" = {
device = "/dev/disk/by-uuid/ad4acc0f-172c-40f8-8473-777c957e8764";
fsType = "ext4";
options = [ "nofail" ];
};
services.audiobookshelf = {
enable = true;
user = "alex";
group = "users";
host = "0.0.0.0";
port = 8000;
};
};
}

7
hosts/backwards/modules/boot/default.nix
View File

@@ -1,4 +1,9 @@
{ inputs, lib, config, ... }: {
inputs,
lib,
config,
...
}:
let let
configurationLimit = config.mod.gc.configurationLimit; configurationLimit = config.mod.gc.configurationLimit;
in in

32
hosts/backwards/modules/calibre-web/default.nix Normal file
View File

@@ -0,0 +1,32 @@
{ lib, config, ... }:
let
enabled = config.mod.calibre-web.enable;
in
{
options = {
mod.calibre-web = {
enable = lib.mkEnableOption "add calibre-web module";
};
};
config = lib.mkIf enabled {
services = {
calibre-web = {
enable = true;
user = "alex";
group = "users";
listen = {
ip = "0.0.0.0";
port = 8083;
};
options = {
calibreLibrary = "/home/alex/sync/books";
enableBookUploading = true;
};
};
};
};
}

2
hosts/backwards/modules/default.nix
View File

@@ -15,6 +15,8 @@ in
syncthing.enable = true; syncthing.enable = true;
restic.enable = true; restic.enable = true;
transmission.enable = true; transmission.enable = true;
audiobookshelf.enable = true;
calibre-web.enable = true;
}; };
}; };
} }

7
hosts/backwards/modules/git/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
enabled = config.mod.git.enable; enabled = config.mod.git.enable;
in in

10
hosts/backwards/modules/network/default.nix
View File

@@ -12,10 +12,12 @@
wlp1s0 = { wlp1s0 = {
useDHCP = false; useDHCP = false;
ipv4 = { ipv4 = {
addresses = [{ addresses = [
address = "192.168.50.202"; {
prefixLength = 24; address = "192.168.50.202";
}]; prefixLength = 24;
}
];
}; };
}; };
}; };

3
hosts/backwards/modules/restic/default.nix
View File

@@ -45,7 +45,7 @@ in
environmentFile = config.age.secrets.restic-cloud-sync-key.path; environmentFile = config.age.secrets.restic-cloud-sync-key.path;
repositoryFile = config.age.secrets.restic-cloud-sync-repository.path; repositoryFile = config.age.secrets.restic-cloud-sync-repository.path;
paths = ["/home/alex/sync"]; paths = [ "/home/alex/sync" ];
timerConfig = { timerConfig = {
OnCalendar = "*-*-* 0/12:00:00"; # Every 12th hour, i.e. twice a day OnCalendar = "*-*-* 0/12:00:00"; # Every 12th hour, i.e. twice a day
@@ -70,4 +70,3 @@ in
}; };
}; };
} }

35
hosts/backwards/modules/ssh/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
enabled = config.mod.ssh.enable; enabled = config.mod.ssh.enable;
@@ -18,6 +23,11 @@ in
enable = true; enable = true;
matchBlocks = { matchBlocks = {
"git.ppp.pm" = {
hostname = "git.ppp.pm";
identityFile = "/home/alex/.ssh/alex.backwards-git.ppp.pm";
};
"codeberg.org" = { "codeberg.org" = {
hostname = "codeberg.org"; hostname = "codeberg.org";
identityFile = "/home/alex/.ssh/alex.backwards-codeberg.org"; identityFile = "/home/alex/.ssh/alex.backwards-codeberg.org";
@@ -41,10 +51,12 @@ in
enable = true; enable = true;
ports = [ 1122 ]; ports = [ 1122 ];
hostKeys = [{ hostKeys = [
path = "${rootSSHKeyPath}/root.backwards"; {
type = "ed25519"; path = "${rootSSHKeyPath}/root.backwards";
}]; type = "ed25519";
}
];
settings = { settings = {
PasswordAuthentication = false; PasswordAuthentication = false;
@@ -77,6 +89,19 @@ in
path = "${authorizedKeysPath}/alex.pinwheel-backwards.pub"; path = "${authorizedKeysPath}/alex.pinwheel-backwards.pub";
}; };
"alex.backwards-git.ppp.pm" = {
file = ../../../../secrets/backwards/alex.backwards-git.ppp.pm.age;
path = "/home/alex/.ssh/alex.backwards-git.ppp.pm";
owner = "alex";
group = "users";
};
"alex.backwards-git.ppp.pm.pub" = {
file = ../../../../secrets/backwards/alex.backwards-git.ppp.pm.pub.age;
path = "/home/alex/.ssh/alex.backwards-git.ppp.pm.pub";
owner = "alex";
group = "users";
};
"alex.backwards-codeberg.org" = { "alex.backwards-codeberg.org" = {
file = ../../../../secrets/backwards/alex.backwards-codeberg.org.age; file = ../../../../secrets/backwards/alex.backwards-codeberg.org.age;
path = "/home/alex/.ssh/alex.backwards-codeberg.org"; path = "/home/alex/.ssh/alex.backwards-codeberg.org";

5
hosts/backwards/modules/syncthing/default.nix
View File

@@ -39,7 +39,10 @@ in
folders = { folders = {
org = { org = {
path = "/home/alex/sync/org"; path = "/home/alex/sync/org";
devices = [ "phone" "pinwheel" ]; devices = [
"phone"
"pinwheel"
];
versioning = { versioning = {
type = "staggered"; type = "staggered";
params = { params = {

7
hosts/backwards/modules/transmission/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
enabled = config.mod.transmission.enable; enabled = config.mod.transmission.enable;
in in

20
hosts/pinwheel/configuration.nix
View File

@@ -1,15 +1,17 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
imports = imports = [
[ ../../config-manager/default.nix
../../config-manager/default.nix ../../nix-wrapper/default.nix
../../nix-wrapper/default.nix ../../shared-modules/syncthing.nix
../../shared-modules/syncthing.nix ./hardware-configuration.nix
./hardware-configuration.nix ./modules
./modules ];
];
nix.settings.experimental-features = [ "nix-command" "flakes" ]; nix.settings.experimental-features = [
"nix-command"
"flakes"
];
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
users.users.alex = { users.users.alex = {

37
hosts/pinwheel/hardware-configuration.nix
View File

@@ -1,29 +1,40 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, modulesPath, ... }: {
config,
lib,
modulesPath,
...
}:
{ {
imports = imports = [
[ (modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ]; boot.initrd.availableKernelModules = [
"xhci_pci"
"thunderbolt"
"nvme"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ]; boot.kernelModules = [ ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-uuid/9c3ef2ad-0244-4310-9984-2e548ced3e22"; device = "/dev/disk/by-uuid/9c3ef2ad-0244-4310-9984-2e548ced3e22";
fsType = "ext4"; fsType = "ext4";
}; };
boot.initrd.luks.devices."luks-f569d036-e500-4839-bc78-ce4b032840d8".device = "/dev/disk/by-uuid/f569d036-e500-4839-bc78-ce4b032840d8"; boot.initrd.luks.devices."luks-f569d036-e500-4839-bc78-ce4b032840d8".device = "/dev/disk/by-uuid/f569d036-e500-4839-bc78-ce4b032840d8";
fileSystems."/boot" = fileSystems."/boot" = {
{ device = "/dev/disk/by-uuid/FCAE-6849"; device = "/dev/disk/by-uuid/FCAE-6849";
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices = [ ]; swapDevices = [ ];

1
hosts/pinwheel/home.nix
View File

@@ -22,7 +22,6 @@
pkgs.htop pkgs.htop
pkgs.onlyoffice-bin pkgs.onlyoffice-bin
pkgs.wdisplays pkgs.wdisplays
pkgs.postman
]; ];
home.stateVersion = "23.05"; home.stateVersion = "23.05";

7
hosts/pinwheel/modules/bemenu/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
hyprlandEnabled = config.mod.hyprland.enable; hyprlandEnabled = config.mod.hyprland.enable;

131
hosts/pinwheel/modules/bluetooth/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
enabled = config.mod.bluetooth.enable; enabled = config.mod.bluetooth.enable;
in in
@@ -37,77 +42,87 @@ in
threshold = "30"; threshold = "30";
}; };
in in
{ {
timers = timers =
let let
mkTimer = device: { mkTimer = device: {
name = "notify-low-battery-for-${device.name}"; name = "notify-low-battery-for-${device.name}";
value = { value = {
unitConfig = { unitConfig = {
Description = "notify-battery-low timer for '${device.name}'"; Description = "notify-battery-low timer for '${device.name}'";
}; };
wantedBy = [ "timers.target" ]; wantedBy = [ "timers.target" ];
timerConfig = { timerConfig = {
Unit = "notify-low-battery-for-${device.name}.service"; Unit = "notify-low-battery-for-${device.name}.service";
OnCalendar = "*-*-* *:00:00"; # Every hour OnCalendar = "*-*-* *:00:00"; # Every hour
Persistent = true; Persistent = true;
};
}; };
}; };
in };
builtins.listToAttrs (builtins.map mkTimer [ trackpad headphones ]); in
builtins.listToAttrs (
builtins.map mkTimer [
trackpad
headphones
]
);
services = services =
let let
mkService = device: { mkService = device: {
name = "notify-low-battery-for-${device.name}"; name = "notify-low-battery-for-${device.name}";
value = { value = {
unitConfig = { unitConfig = {
Description = "check battery level of '${device.name}'"; Description = "check battery level of '${device.name}'";
}; };
wantedBy = [ "default.target" ]; wantedBy = [ "default.target" ];
serviceConfig = { serviceConfig = {
Type = "exec"; Type = "exec";
}; };
path = [ path = [
pkgs.upower pkgs.upower
pkgs.gawk pkgs.gawk
pkgs.bc pkgs.bc
pkgs.libnotify pkgs.libnotify
]; ];
script = '' script = ''
CONNECTED=$(upower --show-info /org/freedesktop/UPower/devices/${device.id} | grep native-path | awk '{print $2}') CONNECTED=$(upower --show-info /org/freedesktop/UPower/devices/${device.id} | grep native-path | awk '{print $2}')
[ "$CONNECTED" == "(null)" ] && exit 0 [ "$CONNECTED" == "(null)" ] && exit 0
CHECKING="/tmp/checking-dismiss-low-battery-${device.id}" CHECKING="/tmp/checking-dismiss-low-battery-${device.id}"
[ ! -f "$CHECKING" ] && touch $CHECKING || exit 0 [ ! -f "$CHECKING" ] && touch $CHECKING || exit 0
DISMISSED="/tmp/dismiss-low-battery-${device.id}" DISMISSED="/tmp/dismiss-low-battery-${device.id}"
PERCENT=$(upower --show-info /org/freedesktop/UPower/devices/${device.id} | grep percentage | grep -o '[0-9]*') PERCENT=$(upower --show-info /org/freedesktop/UPower/devices/${device.id} | grep percentage | grep -o '[0-9]*')
if (( $(echo "$PERCENT < ${device.threshold}" | bc) )); then if (( $(echo "$PERCENT < ${device.threshold}" | bc) )); then
echo "'${device.name}' is under threshold. battery = $PERCENT% - threshold = ${device.threshold}%" echo "'${device.name}' is under threshold. battery = $PERCENT% - threshold = ${device.threshold}%"
if [ ! -f "$DISMISSED" ]; then if [ ! -f "$DISMISSED" ]; then
DISMISS=$(notify-send --expire-time 0 "Low battery" "${device.name} has $PERCENT% battery" --action=dismiss=Dismiss) DISMISS=$(notify-send --expire-time 0 "Low battery" "${device.name} has $PERCENT% battery" --action=dismiss=Dismiss)
[ "$DISMISS" == "dismiss" ] && touch $DISMISSED && echo "'${device.name}' dismissed" [ "$DISMISS" == "dismiss" ] && touch $DISMISSED && echo "'${device.name}' dismissed"
fi
else
echo "'${device.name}' is over threshold. battery = $PERCENT% - threshold = ${device.threshold}%"
[ -f "$DISMISSED" ] && rm $DISMISSED && echo "'${device.name}' undismissed"
fi fi
else
echo "'${device.name}' is over threshold. battery = $PERCENT% - threshold = ${device.threshold}%"
[ -f "$DISMISSED" ] && rm $DISMISSED && echo "'${device.name}' undismissed"
fi
rm $CHECKING rm $CHECKING
''; '';
};
}; };
in };
builtins.listToAttrs (builtins.map mkService [ trackpad headphones ]); in
}; builtins.listToAttrs (
builtins.map mkService [
trackpad
headphones
]
);
};
}; };
} }

8
hosts/pinwheel/modules/boot/default.nix
View File

@@ -1,4 +1,10 @@
{ inputs, pkgs, lib, config, ... }: {
inputs,
pkgs,
lib,
config,
...
}:
let let
configurationLimit = config.mod.gc.configurationLimit; configurationLimit = config.mod.gc.configurationLimit;
in in

7
hosts/pinwheel/modules/c/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
enabled = config.mod.c.enable; enabled = config.mod.c.enable;
in in

2
hosts/pinwheel/modules/chromium/default.nix
View File

@@ -1,6 +1,6 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
home-manager.users.alex= { home-manager.users.alex = {
home.packages = [ pkgs.ungoogled-chromium ]; home.packages = [ pkgs.ungoogled-chromium ];
}; };

7
hosts/pinwheel/modules/containers/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
dockerEnabled = config.mod.containers.docker.enable; dockerEnabled = config.mod.containers.docker.enable;
podmanEnabled = config.mod.containers.podman.enable; podmanEnabled = config.mod.containers.podman.enable;

1
hosts/pinwheel/modules/direnv/default.nix
View File

@@ -9,7 +9,6 @@ in
nix-direnv.enable = true; nix-direnv.enable = true;
}; };
programs.direnv.enableZshIntegration = lib.mkIf zshEnabled true; programs.direnv.enableZshIntegration = lib.mkIf zshEnabled true;
}; };
} }

6
hosts/pinwheel/modules/emacs/config.nix
View File

@@ -1,5 +1,5 @@
{ emacs, runCommand, ... }: { emacs, runCommand, ... }:
runCommand "default.el" {} '' runCommand "default.el" { } ''
cp ${./config.org} $TMPDIR/config.org cp ${./config.org} $TMPDIR/config.org
cd $TMPDIR cd $TMPDIR
${emacs}/bin/emacs --batch -Q \ ${emacs}/bin/emacs --batch -Q \
@@ -7,4 +7,4 @@ runCommand "default.el" {} ''
-f org-babel-tangle -f org-babel-tangle
mv config.el $out mv config.el $out
'' ''

11
hosts/pinwheel/modules/emacs/config.org
View File

@@ -498,8 +498,9 @@ Setup prefix for keybindings.
) )
(defun alex/format-on-save () (defun alex/format-on-save ()
(add-hook 'before-save-hook #'eglot-format-buffer -10 t) (let ((excluded-files '("secrets.nix")))
) (unless (member (file-name-nondirectory buffer-file-name) excluded-files)
(add-hook 'before-save-hook #'eglot-format-buffer -10 t))))
(use-package eglot (use-package eglot
:config :config
@@ -507,6 +508,9 @@ Setup prefix for keybindings.
'(scala-mode . '(scala-mode .
("metals" :initializationOptions (:isHttpEnabled t)))) ("metals" :initializationOptions (:isHttpEnabled t))))
(add-to-list 'eglot-server-programs
'(nix-mode . ("nixd")))
(setq-default eglot-workspace-configuration (setq-default eglot-workspace-configuration
'( '(
:metals ( :metals (
@@ -521,7 +525,10 @@ Setup prefix for keybindings.
(go-mode . alex/format-on-save) (go-mode . alex/format-on-save)
(c-mode . eglot-ensure) (c-mode . eglot-ensure)
(nix-mode . eglot-ensure) (nix-mode . eglot-ensure)
(nix-mode . alex/format-on-save)
(javascript-mode . eglot-ensure) (javascript-mode . eglot-ensure)
(js-mode . eglot-ensure) (js-mode . eglot-ensure)
(js-jsx-mode . eglot-ensure) (js-jsx-mode . eglot-ensure)

9
hosts/pinwheel/modules/emacs/default.nix
View File

@@ -3,7 +3,7 @@ let
emacs = pkgs.emacsWithPackagesFromUsePackage { emacs = pkgs.emacsWithPackagesFromUsePackage {
package = pkgs.emacs-unstable; package = pkgs.emacs-unstable;
config = ./config.org; config = ./config.org;
defaultInitFile = pkgs.callPackage ./config.nix {}; defaultInitFile = pkgs.callPackage ./config.nix { };
alwaysEnsure = true; alwaysEnsure = true;
alwaysTangle = true; alwaysTangle = true;
@@ -40,9 +40,9 @@ in
home-manager.users.alex = { home-manager.users.alex = {
home.sessionVariables = { home.sessionVariables = {
EDITOR = "${e}/bin/e $@"; EDITOR = "${e}/bin/e $@";
VISUAL = "${e}/bin/e $@"; VISUAL = "${e}/bin/e $@";
TIG_EDITOR = "${e}/bin/e $@"; TIG_EDITOR = "${e}/bin/e $@";
}; };
home.packages = [ home.packages = [
@@ -51,6 +51,7 @@ in
emacs emacs
pkgs.wl-clipboard pkgs.wl-clipboard
pkgs.emacs-lsp-booster pkgs.emacs-lsp-booster
pkgs.nixd
]; ];
}; };

10
hosts/pinwheel/modules/firefox/default.nix
View File

@@ -59,7 +59,7 @@ in
name = "alex"; name = "alex";
isDefault = true; isDefault = true;
settings = sharedSettings // {}; settings = sharedSettings // { };
}; };
work = { work = {
@@ -109,12 +109,14 @@ in
configFile."mimeapps.list".force = true; configFile."mimeapps.list".force = true;
}; };
home.packages = [
home.packages = [ ff ff-alex ]; ff
ff-alex
];
}; };
environment.variables = { environment.variables = {
MOZ_ENABLE_WAYLAND=1; MOZ_ENABLE_WAYLAND = 1;
BROWSER = "${ff-alex}/bin/ff-alex $@"; BROWSER = "${ff-alex}/bin/ff-alex $@";
}; };
} }

7
hosts/pinwheel/modules/foot/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
enabled = config.mod.foot.enable; enabled = config.mod.foot.enable;

7
hosts/pinwheel/modules/git/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
enabled = config.mod.git.enable; enabled = config.mod.git.enable;
in in

33
hosts/pinwheel/modules/go/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
enabled = config.mod.go.enable; enabled = config.mod.go.enable;
in in
@@ -10,19 +15,19 @@ in
}; };
config = lib.mkIf enabled { config = lib.mkIf enabled {
nixpkgs.overlays = let nixpkgs.overlays =
buildGo122 = pkgs: pkg: let
pkg.override { buildGoModule = pkgs.buildGo122Module; }; buildGo122 = pkgs: pkg: pkg.override { buildGoModule = pkgs.buildGo122Module; };
in in
[ [
(final: prev: { (final: prev: {
go = prev.go_1_22; go = prev.go_1_22;
gopls = buildGo122 prev prev.gopls; gopls = buildGo122 prev prev.gopls;
go-tools = buildGo122 prev prev.go-tools; go-tools = buildGo122 prev prev.go-tools;
govulncheck = buildGo122 prev prev.govulncheck; govulncheck = buildGo122 prev prev.govulncheck;
gotestsum = buildGo122 prev prev.gotestsum; gotestsum = buildGo122 prev prev.gotestsum;
}) })
]; ];
home-manager.users.alex = { home-manager.users.alex = {
programs.go = { programs.go = {

22
hosts/pinwheel/modules/greetd/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
enabled = config.mod.greetd.enable; enabled = config.mod.greetd.enable;
in in
@@ -13,16 +18,17 @@ in
services.greetd = { services.greetd = {
enable = true; enable = true;
settings = let settings =
session = { let
user = "alex"; session = {
command = "${pkgs.hyprland}/bin/Hyprland"; user = "alex";
}; command = "${pkgs.hyprland}/bin/Hyprland";
in };
in
{ {
initial_session = session; initial_session = session;
default_session = session; default_session = session;
}; };
}; };
}; };
} }

182
hosts/pinwheel/modules/hyprland/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
enabled = config.mod.hyprland.enable; enabled = config.mod.hyprland.enable;
in in
@@ -55,7 +60,7 @@ in
# 2 - Cursor focus will be detached from keyboard focus. Clicking on a window will move keyboard focus to that window. # 2 - Cursor focus will be detached from keyboard focus. Clicking on a window will move keyboard focus to that window.
follow_mouse = 2; follow_mouse = 2;
sensitivity = 0.30; sensitivity = 0.3;
touchpad = { touchpad = {
natural_scroll = false; natural_scroll = false;
tap-and-drag = false; tap-and-drag = false;
@@ -70,7 +75,7 @@ in
general = { general = {
layout = "dwindle"; layout = "dwindle";
gaps_in = 0; # gaps between windows gaps_in = 0; # gaps between windows
gaps_out = 0; # gaps between windows and monitor edges gaps_out = 0; # gaps between windows and monitor edges
"col.active_border" = "rgba(${config.lib.colors.foreground}ff)"; "col.active_border" = "rgba(${config.lib.colors.foreground}ff)";
@@ -82,54 +87,59 @@ in
no_gaps_when_only = 1; no_gaps_when_only = 1;
}; };
bind = let bind =
ws = x: let
let n = if (x + 1) < 10 ws =
then (x + 1) x:
else 0; let
in n = if (x + 1) < 10 then (x + 1) else 0;
in
builtins.toString n; builtins.toString n;
select = builtins.genList (x: "$mod, ${ws x}, workspace, ${builtins.toString (x + 1)}") 10; select = builtins.genList (x: "$mod, ${ws x}, workspace, ${builtins.toString (x + 1)}") 10;
move = builtins.genList (x: "$mod SHIFT, ${ws x}, movetoworkspacesilent, ${builtins.toString (x + 1)}") 10; move = builtins.genList (
x: "$mod SHIFT, ${ws x}, movetoworkspacesilent, ${builtins.toString (x + 1)}"
) 10;
magnifier = pkgs.writeShellScript "magnifier" '' magnifier = pkgs.writeShellScript "magnifier" ''
CURRENT=$(${pkgs.hyprland}/bin/hyprctl getoption cursor:zoom_factor -j | ${pkgs.jq}/bin/jq .float) CURRENT=$(${pkgs.hyprland}/bin/hyprctl getoption cursor:zoom_factor -j | ${pkgs.jq}/bin/jq .float)
DELTA=0.1 DELTA=0.1
UPDATED=1 UPDATED=1
case $1 in case $1 in
--increase) --increase)
UPDATED=$(echo $CURRENT + $DELTA | ${pkgs.bc}/bin/bc) ;; UPDATED=$(echo $CURRENT + $DELTA | ${pkgs.bc}/bin/bc) ;;
--decrease) --decrease)
UPDATED=$(echo $CURRENT - $DELTA | ${pkgs.bc}/bin/bc) ;; UPDATED=$(echo $CURRENT - $DELTA | ${pkgs.bc}/bin/bc) ;;
--reset) --reset)
UPDATED=1 UPDATED=1
esac esac
if (( $(echo "$UPDATED < 1" | bc) )); then UPDATED=1; fi if (( $(echo "$UPDATED < 1" | bc) )); then UPDATED=1; fi
${pkgs.hyprland}/bin/hyprctl keyword cursor:zoom_factor $UPDATED ${pkgs.hyprland}/bin/hyprctl keyword cursor:zoom_factor $UPDATED
''; '';
in in
select ++ move ++ [ select
"$mod, ESCAPE, killactive" ++ move
++ [
"$mod, ESCAPE, killactive"
"$mod, f, fullscreen, 1" "$mod, f, fullscreen, 1"
"$mod SHIFT, f, togglefloating, active" "$mod SHIFT, f, togglefloating, active"
"$mod, h, movefocus, l" "$mod, h, movefocus, l"
"$mod, j, movefocus, d" "$mod, j, movefocus, d"
"$mod, k, movefocus, u" "$mod, k, movefocus, u"
"$mod, l, movefocus, r" "$mod, l, movefocus, r"
"$mod CONTROL, 1, exec, ${magnifier} --increase" "$mod CONTROL, 1, exec, ${magnifier} --increase"
"$mod CONTROL, 2, exec, ${magnifier} --decrease" "$mod CONTROL, 2, exec, ${magnifier} --decrease"
"$mod CONTROL, 3, exec, ${magnifier} --reset" "$mod CONTROL, 3, exec, ${magnifier} --reset"
]; ];
bindm = [ bindm = [
# mouse movements # mouse movements
"$mod, mouse:272, movewindow" # left click "$mod, mouse:272, movewindow" # left click
"$mod, mouse:273, resizewindow" # right click "$mod, mouse:273, resizewindow" # right click
]; ];
@@ -183,62 +193,66 @@ in
pkgs.libnotify pkgs.libnotify
]; ];
script = let script =
moveWSToMonitor = monitor: first: last: let
if last < first moveWSToMonitor =
then throw "'first' has to be less than or equal to 'last'" monitor: first: last:
else if last < first then
builtins.genList (n: "dispatch moveworkspacetomonitor ${builtins.toString (first + n)} ${monitor}") (last - first + 1); throw "'first' has to be less than or equal to 'last'"
else
builtins.genList (
n: "dispatch moveworkspacetomonitor ${builtins.toString (first + n)} ${monitor}"
) (last - first + 1);
external = moveWSToMonitor "HDMI-A-1" 1 5; external = moveWSToMonitor "HDMI-A-1" 1 5;
internal = moveWSToMonitor "eDPI-1" 6 10; internal = moveWSToMonitor "eDPI-1" 6 10;
onlyInternal = moveWSToMonitor "eDPI-1" 1 10; onlyInternal = moveWSToMonitor "eDPI-1" 1 10;
in in
'' ''
update() { update() {
HDMI_STATUS=$(cat /sys/class/drm/card1-HDMI-A-1/status) HDMI_STATUS=$(cat /sys/class/drm/card1-HDMI-A-1/status)
INTERNAL_WIDTH=1920 INTERNAL_WIDTH=1920
INTERNAL_HEIGHT=1200 INTERNAL_HEIGHT=1200
if [ $HDMI_STATUS = "connected" ]; then if [ $HDMI_STATUS = "connected" ]; then
notify-send "Using external and laptop monitor" notify-send "Using external and laptop monitor"
hyprctl keyword monitor HDMI-A-1,preferred,0x0,1 hyprctl keyword monitor HDMI-A-1,preferred,0x0,1
HDMI=$(hyprctl monitors -j | jq '.[] | select(.name=="HDMI-A-1")') HDMI=$(hyprctl monitors -j | jq '.[] | select(.name=="HDMI-A-1")')
HDMI_WIDTH=$(echo $HDMI | jq .width) HDMI_WIDTH=$(echo $HDMI | jq .width)
HDMI_HEIGHT=$(echo $HDMI | jq .height) HDMI_HEIGHT=$(echo $HDMI | jq .height)
INTERNAL_POS_X=$(echo "($HDMI_WIDTH - $INTERNAL_WIDTH) / 2" | bc) INTERNAL_POS_X=$(echo "($HDMI_WIDTH - $INTERNAL_WIDTH) / 2" | bc)
if (( $(echo "$INTERNAL_POS_X < 0" | bc) )); then INTERNAL_POS_X=0; fi if (( $(echo "$INTERNAL_POS_X < 0" | bc) )); then INTERNAL_POS_X=0; fi
INTERNAL_POS_Y=$HDMI_HEIGHT INTERNAL_POS_Y=$HDMI_HEIGHT
hyprctl keyword monitor eDP-1,$INTERNAL_WIDTH"x"$INTERNAL_HEIGHT,$INTERNAL_POS_X"x"$INTERNAL_POS_Y,1 hyprctl keyword monitor eDP-1,$INTERNAL_WIDTH"x"$INTERNAL_HEIGHT,$INTERNAL_POS_X"x"$INTERNAL_POS_Y,1
hyprctl --batch "${lib.strings.concatStringsSep ";" (external ++ internal)}" hyprctl --batch "${lib.strings.concatStringsSep ";" (external ++ internal)}"
else else
notify-send "Using only laptop monitor" notify-send "Using only laptop monitor"
hyprctl --batch "keyword monitor HDMI-A,disable; keyword monitor eDP-1,$INTERNAL_WIDTH"x"$INTERNAL_HEIGHT,0x0,1" hyprctl --batch "keyword monitor HDMI-A,disable; keyword monitor eDP-1,$INTERNAL_WIDTH"x"$INTERNAL_HEIGHT,0x0,1"
hyprctl --batch "${lib.strings.concatStringsSep ";" onlyInternal}" hyprctl --batch "${lib.strings.concatStringsSep ";" onlyInternal}"
fi fi
} }
handle() { handle() {
case $1 in case $1 in
monitoradded\>\>*|monitorremoved\>\>*) monitoradded\>\>*|monitorremoved\>\>*)
echo "handling event: \"$1\"" echo "handling event: \"$1\""
update ;; update ;;
esac esac
} }
echo "Starting service with instance \"$HYPRLAND_INSTANCE_SIGNATURE\"" echo "Starting service with instance \"$HYPRLAND_INSTANCE_SIGNATURE\""
# Do initial configuration # Do initial configuration
update update
socat -U - UNIX-CONNECT:$XDG_RUNTIME_DIR/hypr/$HYPRLAND_INSTANCE_SIGNATURE/.socket2.sock | while read -r line; do handle "$line"; done socat -U - UNIX-CONNECT:$XDG_RUNTIME_DIR/hypr/$HYPRLAND_INSTANCE_SIGNATURE/.socket2.sock | while read -r line; do handle "$line"; done
''; '';
}; };
}; };
} }

2
hosts/pinwheel/modules/javascript/default.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, ...}: { pkgs, ... }:
{ {
home-manager.users.alex = { home-manager.users.alex = {
home.packages = [ pkgs.nodePackages.typescript-language-server ]; home.packages = [ pkgs.nodePackages.typescript-language-server ];

7
hosts/pinwheel/modules/keyboard/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
enabled = config.mod.keyboard.enable; enabled = config.mod.keyboard.enable;
in in

7
hosts/pinwheel/modules/light/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
hyprlandEnabled = config.mod.hyprland.enable; hyprlandEnabled = config.mod.hyprland.enable;
in in

7
hosts/pinwheel/modules/mullvad/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
enabled = config.mod.mullvad.enable; enabled = config.mod.mullvad.enable;
in in

2
hosts/pinwheel/modules/nix/default.nix
View File

@@ -2,7 +2,7 @@
{ {
home-manager.users.alex = { home-manager.users.alex = {
home.packages = [ home.packages = [
pkgs.nil pkgs.nixfmt-rfc-style
pkgs.nix-tree pkgs.nix-tree
]; ];
}; };

7
hosts/pinwheel/modules/openvpn/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
enabled = config.mod.openvpn.enable; enabled = config.mod.openvpn.enable;
in in

17
hosts/pinwheel/modules/physlock/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
enabled = config.mod.physlock.enable; enabled = config.mod.physlock.enable;
hyprlandEnabled = config.mod.hyprland.enable; hyprlandEnabled = config.mod.hyprland.enable;
@@ -31,11 +36,11 @@ in
let let
pause-music = "${pkgs.playerctl}/bin/playerctl -p spotify pause"; pause-music = "${pkgs.playerctl}/bin/playerctl -p spotify pause";
in in
[ [
# will lock the screen with `physlock`, see `lockOn.suspend # will lock the screen with `physlock`, see `lockOn.suspend
"$mod SHIFT, x, exec, ${pause-music}; systemctl suspend" "$mod SHIFT, x, exec, ${pause-music}; systemctl suspend"
"$mod, x, exec, ${pause-music}; ${config.security.wrapperDir}/physlock -d -s -m" "$mod, x, exec, ${pause-music}; ${config.security.wrapperDir}/physlock -d -s -m"
]; ];
}; };
}; };
}; };

55
hosts/pinwheel/modules/power/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
enabled = config.mod.power.enable; enabled = config.mod.power.enable;
lowbat = config.mod.lowbat; lowbat = config.mod.lowbat;
@@ -39,8 +44,8 @@ in
enable = true; enable = true;
settings = { settings = {
START_CHARGE_THRESH_BAT0=75; START_CHARGE_THRESH_BAT0 = 75;
STOP_CHARGE_THRESH_BAT0=80; STOP_CHARGE_THRESH_BAT0 = 80;
}; };
}; };
}; };
@@ -58,7 +63,7 @@ in
Persistent = true; Persistent = true;
}; };
wantedBy = ["timers.target"]; wantedBy = [ "timers.target" ];
}; };
}; };
@@ -78,28 +83,30 @@ in
pkgs.swaylock pkgs.swaylock
]; ];
script = let script =
pause-music = "${pkgs.playerctl}/bin/playerctl -p spotify pause"; let
in '' pause-music = "${pkgs.playerctl}/bin/playerctl -p spotify pause";
BATTERY_CAPACITY=$(cat /sys/class/power_supply/${lowbat.battery}/capacity) in
BATTERY_STATUS=$(cat /sys/class/power_supply/${lowbat.battery}/status) ''
echo "Battery capacity: $BATTERY_CAPACITY" BATTERY_CAPACITY=$(cat /sys/class/power_supply/${lowbat.battery}/capacity)
echo "Battery status: $BATTERY_STATUS"
if [[ $BATTERY_CAPACITY -le ${builtins.toString lowbat.notifyCapacity} && $BATTERY_STATUS = "Discharging" ]]; then
notify-send --expire-time=0 --urgency=critical "Battery Low"
fi
if [[ $BATTERY_CAPACITY -le ${builtins.toString lowbat.suspendCapacity} && $BATTERY_STATUS = "Discharging" ]]; then
notify-send --expire-time=0 --urgency=critical "Battery Critically Low" "Suspending in 60 seconds if power is not plugged in"
sleep 60s
BATTERY_STATUS=$(cat /sys/class/power_supply/${lowbat.battery}/status) BATTERY_STATUS=$(cat /sys/class/power_supply/${lowbat.battery}/status)
if [[ $BATTERY_STATUS = "Discharging" ]]; then echo "Battery capacity: $BATTERY_CAPACITY"
${pause-music}; ${pkgs.swaylock}/bin/swaylock -f; systemctl suspend echo "Battery status: $BATTERY_STATUS"
if [[ $BATTERY_CAPACITY -le ${builtins.toString lowbat.notifyCapacity} && $BATTERY_STATUS = "Discharging" ]]; then
notify-send --expire-time=0 --urgency=critical "Battery Low"
fi fi
fi
''; if [[ $BATTERY_CAPACITY -le ${builtins.toString lowbat.suspendCapacity} && $BATTERY_STATUS = "Discharging" ]]; then
notify-send --expire-time=0 --urgency=critical "Battery Critically Low" "Suspending in 60 seconds if power is not plugged in"
sleep 60s
BATTERY_STATUS=$(cat /sys/class/power_supply/${lowbat.battery}/status)
if [[ $BATTERY_STATUS = "Discharging" ]]; then
${pause-music}; ${pkgs.swaylock}/bin/swaylock -f; systemctl suspend
fi
fi
'';
}; };
}; };
}; };

7
hosts/pinwheel/modules/python/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
enabled = config.mod.python.enable; enabled = config.mod.python.enable;
in in

7
hosts/pinwheel/modules/rust/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
enabled = config.mod.rust.enable; enabled = config.mod.rust.enable;
in in

7
hosts/pinwheel/modules/scala/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
enabled = config.mod.scala.enable; enabled = config.mod.scala.enable;

8
hosts/pinwheel/modules/screenshot/default.nix
View File

@@ -1,4 +1,10 @@
{ inputs, pkgs, lib, config, ...}: {
inputs,
pkgs,
lib,
config,
...
}:
let let
hyprlandEnabled = config.mod.hyprland.enable; hyprlandEnabled = config.mod.hyprland.enable;

7
hosts/pinwheel/modules/scripts/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
enabled = config.mod.scripts.enable; enabled = config.mod.scripts.enable;

43
hosts/pinwheel/modules/sound/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
hyprlandEnabled = config.mod.hyprland.enable; hyprlandEnabled = config.mod.hyprland.enable;
in in
@@ -20,24 +25,26 @@ in
home-manager.users.alex = { home-manager.users.alex = {
wayland.windowManager.hyprland = lib.mkIf hyprlandEnabled { wayland.windowManager.hyprland = lib.mkIf hyprlandEnabled {
settings = { settings = {
bind = let bind =
toggle-output-mute = pkgs.writeShellScript "toggle-output-mute" '' let
${pkgs.wireplumber}/bin/wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle toggle-output-mute = pkgs.writeShellScript "toggle-output-mute" ''
MUTED=$(${pkgs.wireplumber}/bin/wpctl get-volume @DEFAULT_AUDIO_SINK@ | grep MUTED | wc -l) ${pkgs.wireplumber}/bin/wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle
echo $MUTED > /sys/class/leds/platform::mute/brightness MUTED=$(${pkgs.wireplumber}/bin/wpctl get-volume @DEFAULT_AUDIO_SINK@ | grep MUTED | wc -l)
''; echo $MUTED > /sys/class/leds/platform::mute/brightness
'';
toggle-input-mute = pkgs.writeShellScript "toggle-input-mute" '' toggle-input-mute = pkgs.writeShellScript "toggle-input-mute" ''
${pkgs.wireplumber}/bin/wpctl set-mute @DEFAULT_AUDIO_SOURCE@ toggle ${pkgs.wireplumber}/bin/wpctl set-mute @DEFAULT_AUDIO_SOURCE@ toggle
MUTED=$(${pkgs.wireplumber}/bin/wpctl get-volume @DEFAULT_AUDIO_SOURCE@ | grep MUTED | wc -l) MUTED=$(${pkgs.wireplumber}/bin/wpctl get-volume @DEFAULT_AUDIO_SOURCE@ | grep MUTED | wc -l)
echo $MUTED > /sys/class/leds/platform::micmute/brightness echo $MUTED > /sys/class/leds/platform::micmute/brightness
''; '';
in [ in
", XF86AudioRaiseVolume, exec, ${pkgs.wireplumber}/bin/wpctl set-volume -l 1.5 @DEFAULT_AUDIO_SINK@ 2%+" [
", XF86AudioLowerVolume, exec, ${pkgs.wireplumber}/bin/wpctl set-volume @DEFAULT_AUDIO_SINK@ 2%-" ", XF86AudioRaiseVolume, exec, ${pkgs.wireplumber}/bin/wpctl set-volume -l 1.5 @DEFAULT_AUDIO_SINK@ 2%+"
", XF86AudioMute, exec, ${toggle-output-mute}" ", XF86AudioLowerVolume, exec, ${pkgs.wireplumber}/bin/wpctl set-volume @DEFAULT_AUDIO_SINK@ 2%-"
", XF86AudioMicMute, exec, ${toggle-input-mute}" ", XF86AudioMute, exec, ${toggle-output-mute}"
]; ", XF86AudioMicMute, exec, ${toggle-input-mute}"
];
}; };
}; };

33
hosts/pinwheel/modules/spotify/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
hyprlandEnabled = config.mod.hyprland.enable; hyprlandEnabled = config.mod.hyprland.enable;
in in
@@ -6,19 +11,21 @@ in
home-manager.users.alex = { home-manager.users.alex = {
wayland.windowManager.hyprland = lib.mkIf hyprlandEnabled { wayland.windowManager.hyprland = lib.mkIf hyprlandEnabled {
settings = { settings = {
bind = let bind =
prev = "${pkgs.playerctl}/bin/playerctl -p spotify previous"; let
next = "${pkgs.playerctl}/bin/playerctl -p spotify next"; prev = "${pkgs.playerctl}/bin/playerctl -p spotify previous";
in [ next = "${pkgs.playerctl}/bin/playerctl -p spotify next";
", XF86AudioPrev, exec, ${prev}" in
", XF86AudioNext, exec, ${next}" [
", XF86AudioPlay, exec, ${pkgs.playerctl}/bin/playerctl -p spotify play-pause" ", XF86AudioPrev, exec, ${prev}"
", XF86AudioPause, exec, ${pkgs.playerctl}/bin/playerctl -p spoitfy play-pause" ", XF86AudioNext, exec, ${next}"
", XF86AudioPlay, exec, ${pkgs.playerctl}/bin/playerctl -p spotify play-pause"
", XF86AudioPause, exec, ${pkgs.playerctl}/bin/playerctl -p spoitfy play-pause"
"$mod ALT, LEFT, exec, ${prev}" "$mod ALT, LEFT, exec, ${prev}"
"$mod ALT, RIGHT, exec, ${next}" "$mod ALT, RIGHT, exec, ${next}"
"$mod ALT, DOWN, exec, ${pkgs.playerctl}/bin/playerctl -p spotify play-pause" "$mod ALT, DOWN, exec, ${pkgs.playerctl}/bin/playerctl -p spotify play-pause"
]; ];
}; };
}; };

36
hosts/pinwheel/modules/ssh/default.nix
View File

@@ -12,20 +12,6 @@
port = 1122; port = 1122;
}; };
"sombrero.local" = {
hostname = "192.168.50.200";
user = "alex";
identityFile = "/home/alex/.ssh/alex.pinwheel-sombrero";
port = 1122;
};
"sombrero" = {
hostname = "sombrero.a2x.se";
user = "alex";
identityFile = "/home/alex/.ssh/alex.pinwheel-sombrero";
port = 1122;
};
"andromeda" = { "andromeda" = {
hostname = "andromeda.a2x.se"; hostname = "andromeda.a2x.se";
user = "alex"; user = "alex";
@@ -72,18 +58,6 @@
owner = "alex"; owner = "alex";
group = "users"; group = "users";
}; };
"alex.pinwheel-sombrero" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-sombrero.age;
path = "/home/alex/.ssh/alex.pinwheel-sombrero";
owner = "alex";
group = "users";
};
"alex.pinwheel-sombrero.pub" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-sombrero.pub.age;
path = "/home/alex/.ssh/alex.pinwheel-sombrero.pub";
owner = "alex";
group = "users";
};
"alex.pinwheel-github.com" = { "alex.pinwheel-github.com" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-github.com.age; file = ../../../../secrets/pinwheel/alex.pinwheel-github.com.age;
@@ -155,9 +129,11 @@
enable = true; enable = true;
ports = [ 1122 ]; ports = [ 1122 ];
hostKeys = [{ hostKeys = [
path = "/etc/ssh/pinwheel"; {
type = "ed25519"; path = "/etc/ssh/pinwheel";
}]; type = "ed25519";
}
];
}; };
} }

28
hosts/pinwheel/modules/swaylock/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
enabled = config.mod.swaylock.enable; enabled = config.mod.swaylock.enable;
hyprlandEnabled = config.mod.hyprland.enable; hyprlandEnabled = config.mod.hyprland.enable;
@@ -30,18 +35,19 @@ in
wayland.windowManager.hyprland = lib.mkIf hyprlandEnabled { wayland.windowManager.hyprland = lib.mkIf hyprlandEnabled {
settings = { settings = {
bind = let bind =
pause-music = "${pkgs.playerctl}/bin/playerctl -p spotify pause"; let
pause-music = "${pkgs.playerctl}/bin/playerctl -p spotify pause";
dpmsTimeout = config.mod.swaylock.dpmsTimeout; dpmsTimeout = config.mod.swaylock.dpmsTimeout;
dpms-lock = pkgs.writeShellScript "dpms-lock" '' dpms-lock = pkgs.writeShellScript "dpms-lock" ''
${pkgs.swayidle}/bin/swayidle \ ${pkgs.swayidle}/bin/swayidle \
timeout ${dpmsTimeout} "${pkgs.hyprland}/bin/hyprctl dispatch dpms off" \ timeout ${dpmsTimeout} "${pkgs.hyprland}/bin/hyprctl dispatch dpms off" \
resume "${pkgs.hyprland}/bin/hyprctl dispatch dpms on" & resume "${pkgs.hyprland}/bin/hyprctl dispatch dpms on" &
${pkgs.swaylock}/bin/swaylock && ${pkgs.procps}/bin/pkill swayidle ${pkgs.swaylock}/bin/swaylock && ${pkgs.procps}/bin/pkill swayidle
''; '';
in in
[ [
"$mod, x, exec, ${pause-music}; ${dpms-lock}" "$mod, x, exec, ${pause-music}; ${dpms-lock}"
"$mod SHIFT, x, exec, ${pause-music}; ${pkgs.swaylock}/bin/swaylock -f; systemctl suspend" "$mod SHIFT, x, exec, ${pause-music}; ${pkgs.swaylock}/bin/swaylock -f; systemctl suspend"

12
hosts/pinwheel/modules/syncthing/default.nix
View File

@@ -16,13 +16,15 @@
devices = { devices = {
phone.id = config.lib.syncthing.phone; phone.id = config.lib.syncthing.phone;
backwards.id = config.lib.syncthing.backwards; backwards.id = config.lib.syncthing.backwards;
sombrero.id = config.lib.syncthing.sombrero;
}; };
folders = { folders = {
org = { org = {
path = "/home/alex/sync/org"; path = "/home/alex/sync/org";
devices = [ "sombrero" "phone" "backwards" ]; devices = [
"phone"
"backwards"
];
versioning = { versioning = {
type = "staggered"; type = "staggered";
params = { params = {
@@ -33,7 +35,7 @@
personal = { personal = {
path = "/home/alex/sync/personal"; path = "/home/alex/sync/personal";
devices = [ "sombrero" "backwards" ]; devices = [ "backwards" ];
versioning = { versioning = {
type = "staggered"; type = "staggered";
params = { params = {
@@ -44,7 +46,7 @@
work = { work = {
path = "/home/alex/sync/work"; path = "/home/alex/sync/work";
devices = [ "sombrero" "backwards" ]; devices = [ "backwards" ];
versioning = { versioning = {
type = "staggered"; type = "staggered";
params = { params = {
@@ -55,7 +57,7 @@
books = { books = {
path = "/home/alex/sync/books"; path = "/home/alex/sync/books";
devices = [ "sombrero" "backwards" ]; devices = [ "backwards" ];
versioning = { versioning = {
type = "staggered"; type = "staggered";
params = { params = {

2
hosts/pinwheel/modules/terraform/default.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, ...}: { pkgs, ... }:
{ {
home-manager.users.alex = { home-manager.users.alex = {
home.packages = [ home.packages = [

11
hosts/pinwheel/modules/vm/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
enabled = config.mod.vm.enable; enabled = config.mod.vm.enable;
in in
@@ -26,8 +31,8 @@ in
home-manager.users.alex = { home-manager.users.alex = {
dconf.settings = { dconf.settings = {
"org/virt-manager/virt-manager/connections" = { "org/virt-manager/virt-manager/connections" = {
autoconnect = ["qemu:///system"]; autoconnect = [ "qemu:///system" ];
uris = ["qemu:///system"]; uris = [ "qemu:///system" ];
}; };
}; };
}; };

18
hosts/pinwheel/modules/waybar/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
hyprlandEnabled = config.mod.hyprland.enable; hyprlandEnabled = config.mod.hyprland.enable;
@@ -194,8 +199,15 @@ in
"interval" = 60; "interval" = 60;
"format" = "<span font='10' rise='1000'>{icon}</span> {capacity}%"; "format" = "<span font='10' rise='1000'>{icon}</span> {capacity}%";
"format-time" = "{H}h {M}min"; "format-time" = "{H}h {M}min";
"format-charging" ="󰂄 {capacity}%"; "format-charging" = "󰂄 {capacity}%";
"format-icons" = ["󰁺" "󰁻" "󰁽" "󰁿" "󰂁" "󰁹" ]; "format-icons" = [
"󰁺"
"󰁻"
"󰁽"
"󰁿"
"󰂁"
"󰁹"
];
}; };
"clock" = { "clock" = {

7
hosts/pinwheel/modules/wezterm/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
enabled = config.mod.wezterm.enable; enabled = config.mod.wezterm.enable;

23
hosts/pinwheel/modules/work/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
gitEnabled = config.mod.git.enable; gitEnabled = config.mod.git.enable;
goEnabled = config.mod.go.enable; goEnabled = config.mod.go.enable;
@@ -7,21 +12,25 @@ in
{ {
home-manager.users.alex = { home-manager.users.alex = {
home.sessionVariables = { home.sessionVariables = {
GITHUB_ACTOR="Alexander Heldt"; GITHUB_ACTOR = "Alexander Heldt";
GITHUB_TOKEN="$(${pkgs.coreutils}/bin/cat ${config.age.secrets.work-github-token.path})"; GITHUB_TOKEN = "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.work-github-token.path})";
}; };
home.packages = [ home.packages = [
(pkgs.callPackage ./syb-cli.nix {}) (pkgs.callPackage ./syb-cli.nix { })
(pkgs.callPackage ./pants.nix {})
(pkgs.jetbrains.plugins.addPlugins pkgs.jetbrains.idea-ultimate [ "ideavim" ]) (pkgs.jetbrains.plugins.addPlugins pkgs.jetbrains.idea-ultimate [ "ideavim" ])
(pkgs.google-cloud-sdk.withExtraComponents [ pkgs.google-cloud-sdk.components.gke-gcloud-auth-plugin ]) (pkgs.google-cloud-sdk.withExtraComponents [
(pkgs.graphite-cli.overrideAttrs(_: { pkgs.google-cloud-sdk.components.gke-gcloud-auth-plugin
])
(pkgs.graphite-cli.overrideAttrs (_: {
version = "1.4.3"; version = "1.4.3";
})) }))
pkgs.xdg-utils # needed by graphite-cli pkgs.xdg-utils # needed by graphite-cli
pkgs.postman
pkgs.grpcurl
# for `radio` # for `radio`
pkgs.go-mockery pkgs.go-mockery
pkgs.golangci-lint pkgs.golangci-lint

47
hosts/pinwheel/modules/work/pants.nix
View File

@@ -1,47 +0,0 @@
{
fetchurl,
pkgs,
lib,
}:
let
pname = "pants";
version = "0.12.0";
scie-pants = pkgs.stdenv.mkDerivation {
inherit pname version;
src = fetchurl {
url = "https://github.com/pantsbuild/scie-pants/releases/download/v${version}/scie-${pname}-linux-x86_64";
hash = "sha256-9PjgobndxVqDTYGtw1HESrtzwzH2qE9zFwR26xtwZrM=";
};
phases = ["installPhase" "patchPhase"];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/pants
chmod +x $out/bin/pants
'';
};
in
pkgs.buildFHSUserEnv {
name = "pants";
targetPackages = with pkgs; [
python39
];
runScript = "${scie-pants}/bin/pants";
profile = ''
export NIX_SSL_CERT_FILE="/etc/ssl/certs/ca-certificates.crt"
export SSL_CERT_FILE="/etc/ssl/certs/ca-bundle.crt"
'';
meta = with lib; {
description = "Protects your Pants from the elements";
homepage = "https://github.com/pantsbuild/scie-pants";
license = licenses.asl20;
maintainers = [];
platforms = [ "x86_64-linux" ];
mainProgram = "pants";
};
}

7
hosts/pinwheel/modules/zsh/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
enabled = config.mod.zsh.enable; enabled = config.mod.zsh.enable;
in in

79
hosts/sombrero/configuration.nix
View File

@@ -1,79 +0,0 @@
{ pkgs, ... }:
{
imports =
[
../../config-manager/default.nix
../../shared-modules/syncthing.nix
./hardware-configuration.nix
./modules
];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nixpkgs.config.allowUnfree = true;
environment.variables.EDITOR = "vim";
hardware.enableRedistributableFirmware = true;
# Set your time zone.
time.timeZone = "Europe/Stockholm";
# Select internationalisation properties.
# i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# useXkbConfig = true; # use xkbOptions in tty.
# };
users = {
mutableUsers = false;
users.root = {
hashedPassword = "$6$3mkwaUWd8NA6XuEb$x80tETKGz6FEG.kej3v5Vh6hRNoC6bikhXogTP.zZwYtISA46JaN3RMK3ckbqt8Aj52d3krSLOfBaAR1qzuJ2/";
};
users."alex" = {
isNormalUser = true;
hashedPassword = "$6$3mkwaUWd8NA6XuEb$x80tETKGz6FEG.kej3v5Vh6hRNoC6bikhXogTP.zZwYtISA46JaN3RMK3ckbqt8Aj52d3krSLOfBaAR1qzuJ2/";
extraGroups = [ "wheel" ];
};
};
environment.systemPackages = with pkgs; [
gnumake
mkpasswd
vim
];
config-manager = {
flakePath = "/home/alex/config";
};
mod = {
git.enable = true;
ssh.enable = true;
docker.enable = true;
nginx.enable = true;
syncthing.enable = true;
plex.enable = true;
calibre-web.enable = true;
transmission.enable = true;
restic.enable = true;
pppdotpm-site.enable = false;
};
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.11"; # Did you read the comment?
}

52
hosts/sombrero/hardware-configuration.nix
View File

@@ -1,52 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ lib, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "usb_storage" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/15329cb1-655e-475d-96f0-bfb8ccd05167";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/AD29-0697";
fsType = "vfat";
};
fileSystems."/home/alex/media" =
{ device = "/dev/disk/by-uuid/ad4acc0f-172c-40f8-8473-777c957e8764";
fsType = "ext4";
options = [ "nofail" ];
};
fileSystems."/home/alex/backup" =
{ device = "/dev/disk/by-uuid/34601701-65e6-4b2c-ac4d-8bef3dfd743f";
fsType = "ext4";
options = [ "nofail" ];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/98c46b15-7efe-43fd-8812-7e2c01f5a40a"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eth0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
}

25
hosts/sombrero/home.nix
View File

@@ -1,25 +0,0 @@
{ inputs, pkgs, ... }:
{
imports = [ inputs.home-manager.nixosModules.home-manager ];
config = {
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
users.alex = {
programs.home-manager.enable = true;
home.username = "alex";
home.homeDirectory = "/home/alex";
home.packages = [
pkgs.unar
];
home.stateVersion = "22.11";
};
};
};
}

14
hosts/sombrero/modules/age/default.nix
View File

@@ -1,14 +0,0 @@
{ inputs, pkgs, ... }:
{
imports = [ inputs.agenix.nixosModules.default ];
config = {
age = {
identityPaths = [ "/etc/ssh/sombrero" ];
};
environment.systemPackages = [
inputs.agenix.packages."${pkgs.system}".default
];
};
}

25
hosts/sombrero/modules/boot/default.nix
View File

@@ -1,25 +0,0 @@
{ pkgs, ... }: {
boot = {
loader = {
grub.enable = false;
efi.canTouchEfiVariables = true;
raspberryPi = {
enable = true;
version = 4;
};
};
tmp = {
useTmpfs = true;
};
kernelPackages = pkgs.linuxPackages_rpi4;
kernelParams = [
"8250.nr_uarts=1"
"console=ttyAMA0,115200"
"console=tty1"
"cma=128M"
];
};
}

52
hosts/sombrero/modules/calibre-web/default.nix
View File

@@ -1,52 +0,0 @@
{ lib, config, ... }:
let
enabled = config.mod.calibre-web.enable;
nginxEnabled = config.mod.nginx.enable;
in
{
options = {
mod.calibre-web = {
enable = lib.mkEnableOption "add calibre-web module";
};
};
config = lib.mkIf (enabled && nginxEnabled) {
services = {
calibre-web = {
enable = true;
user = "alex";
group = "users";
listen = {
ip = "127.0.0.1";
port = 8083;
};
options = {
calibreLibrary = "/home/alex/backup/books";
enableBookUploading = true;
};
};
};
networking = {
firewall = {
allowedTCPPorts = [ 8083 ];
};
};
services = {
nginx = {
virtualHosts."books.sombrero.a2x.se" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8083";
};
};
};
};
};
}

8
hosts/sombrero/modules/default.nix
View File

@@ -1,8 +0,0 @@
{ lib, ... }:
let
toModulePath = dir: _: ./. + "/${dir}";
filterDirs = dirs: lib.attrsets.filterAttrs (_: type: type == "directory") dirs;
in
{
imports = lib.mapAttrsToList toModulePath (filterDirs (builtins.readDir ./.));
}

29
hosts/sombrero/modules/docker/default.nix
View File

@@ -1,29 +0,0 @@
{ pkgs, lib, config, ... }:
let
enabled = config.mod.docker.enable;
in
{
options = {
mod.docker = {
enable = lib.mkEnableOption "enable docker module";
};
};
config = lib.mkIf enabled {
virtualisation = {
docker = {
enable = true;
};
oci-containers = {
backend = "docker";
};
};
users.users.alex.extraGroups = [ "docker" ];
home-manager.users.alex = {
home.packages = [ pkgs.docker-compose ];
};
};
}

30
hosts/sombrero/modules/git/default.nix
View File

@@ -1,30 +0,0 @@
{ pkgs, lib, config, ... }:
let
enabled = config.mod.git.enable;
in
{
options = {
mod.git = {
enable = lib.mkEnableOption "enable git module";
};
};
config = lib.mkIf enabled {
home-manager.users.alex = {
programs.git = {
enable = true;
includes = [
{ path = ./gitconfig; }
];
};
home.packages = [ pkgs.tig ];
home.file.".tigrc".text = ''
set main-view-line-number = yes
set main-view-line-number-interval = 1
'';
};
};
}

10
hosts/sombrero/modules/git/gitconfig
View File

@@ -1,10 +0,0 @@
[user]
name = Alexander Heldt
email = me@alexanderheldt.se
[url "git@github.com:"]
insteadOf = https://github.com/
[url "git@codeberg.org:"]
insteadOf = https://codeberg.org/

6
hosts/sombrero/modules/mullvad/default.nix
View File

@@ -1,6 +0,0 @@
{ ... }:
{
services.mullvad-vpn = {
enable = true;
};
}

18
hosts/sombrero/modules/network/default.nix
View File

@@ -1,18 +0,0 @@
{
networking = {
hostName = "sombrero";
defaultGateway = "192.168.50.1";
nameservers = [ "8.8.8.8" ];
interfaces = {
eth0 = {
ipv4 = {
addresses = [{
address = "192.168.50.200";
prefixLength = 24;
}];
};
};
};
};
}

38
hosts/sombrero/modules/nginx/default.nix
View File

@@ -1,38 +0,0 @@
{ lib, config, ... }:
let
enabled = config.mod.nginx.enable;
in
{
options = {
mod.nginx = {
enable = lib.mkEnableOption "add nginx module";
};
};
config = lib.mkIf enabled {
security = {
acme = {
acceptTerms = true;
defaults = {
email = "p@ppp.pm";
};
};
};
services = {
nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
};
};
networking = {
firewall = {
allowedTCPPorts = [ 80 443 ];
};
};
};
}

42
hosts/sombrero/modules/plex/default.nix
View File

@@ -1,42 +0,0 @@
{ lib, config, ... }:
let
enable = config.mod.plex.enable;
dockerEnabled = config.mod.docker.enable;
in
{
options = {
mod.plex = {
enable = lib.mkEnableOption "enable plex module";
};
};
config = lib.mkIf (enable && dockerEnabled) {
virtualisation = {
oci-containers.containers = {
plex = {
image = "linuxserver/plex";
autoStart = true;
environment = {
TZ = "Europe/Stockholm";
VERSION = "latest";
};
extraOptions = [ "--network=host" ];
volumes = [
"/home/alex/media/plex/db:/config"
"/home/alex/media/movies:/movies"
"/home/alex/media/tv:/tv"
];
};
};
};
networking = {
firewall = {
allowedTCPPorts = [ 32400 ];
};
};
};
}

33
hosts/sombrero/modules/ppp.pm-site/default.nix
View File

@@ -1,33 +0,0 @@
{ inputs, lib, config, ... }:
let
enabled = config.mod.pppdotpm-site.enable;
nginxEnabled = config.mod.nginx.enable;
in
{
imports = [ inputs.pppdotpm-site.nixosModules.default ];
options = {
mod.pppdotpm-site = {
enable = lib.mkEnableOption "enable ppp.pm site";
};
};
config = lib.mkIf (enabled && nginxEnabled) {
security.acme = {
certs = {
"ppp.pm" = {
webroot = "/var/lib/acme/acme-challenge/";
email = "p@ppp.pm";
group = "nginx";
};
};
};
services.pppdotpm-site = {
enable = true;
domain = "ppp.pm";
useACMEHost = "ppp.pm";
};
};
}

43
hosts/sombrero/modules/restic/default.nix
View File

@@ -1,43 +0,0 @@
{ pkgs, lib, config, ... }:
let
enabled = config.mod.restic.enable;
in
{
options = {
mod.restic = {
enable = lib.mkEnableOption "enable restic module";
};
};
config = lib.mkIf enabled {
services = {
restic.backups = {
"sync" = {
initialize = true;
user = "alex";
passwordFile = "/home/alex/backup/restic/password.file";
environmentFile = "/home/alex/backup/restic/aws.env";
repository = "s3:https://s3.eu-north-1.amazonaws.com/restic-sync-backup";
paths = ["/home/alex/backup/sync"];
timerConfig = {
OnCalendar = "daily";
Persistent = true;
};
pruneOpts = [
"--keep-daily 2"
"--keep-weekly 7"
"--keep-yearly 12"
];
};
};
};
environment.systemPackages = [ pkgs.restic ];
};
}

102
hosts/sombrero/modules/ssh/default.nix
View File

@@ -1,102 +0,0 @@
{ pkgs, lib, config, ... }:
let
enabled = config.mod.ssh.enable;
authorizedKeysPath = "/home/alex/.ssh/authorized-keys";
in
{
options = {
mod.ssh = {
enable = lib.mkEnableOption "enable ssh module";
};
};
config = lib.mkIf enabled {
home-manager.users.alex = {
programs.ssh = {
enable = true;
matchBlocks = {
"codeberg.org" = {
hostname = "codeberg.org";
identityFile = "/home/alex/.ssh/alex.sombrero-codeberg.org";
};
"github.com" = {
hostname = "github.com";
identityFile = "/home/alex/.ssh/alex.sombrero-github.com";
};
};
};
};
environment.etc."ssh/authorized_keys_command" = {
mode = "0755";
text = ''
#!${pkgs.bash}/bin/bash
for file in ${authorizedKeysPath}/*; do
${pkgs.coreutils}/bin/cat "$file"
done
'';
};
services = {
openssh = {
enable = true;
ports = [ 1122 ];
hostKeys = [{
path = "/etc/ssh/sombrero";
type = "ed25519";
}];
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
authorizedKeysCommand = "/etc/ssh/authorized_keys_command";
authorizedKeysCommandUser = "root";
};
};
networking = {
firewall = {
allowedTCPPorts = [ 1122 ];
};
};
age.secrets = {
"alex.pinwheel-sombrero.pub" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-sombrero.pub.age;
path = "${authorizedKeysPath}/alex.pinwheel-sombrero.pub";
};
"alex.sombrero-codeberg.org" = {
file = ../../../../secrets/sombrero/alex.sombrero-codeberg.org.age;
path = "/home/alex/.ssh/alex.sombrero-codeberg.org";
owner = "alex";
group = "users";
};
"alex.sombrero-codeberg.org.pub" = {
file = ../../../../secrets/sombrero/alex.sombrero-codeberg.org.pub.age;
path = "/home/alex/.ssh/alex.sombrero-codeberg.org.pub";
owner = "alex";
group = "users";
};
"alex.sombrero-github.com" = {
file = ../../../../secrets/sombrero/alex.sombrero-github.com.age;
path = "/home/alex/.ssh/alex.sombrero-github.com";
owner = "alex";
group = "users";
};
"alex.sombrero-github.com.pub" = {
file = ../../../../secrets/sombrero/alex.sombrero-github.com.pub.age;
path = "/home/alex/.ssh/alex.sombrero-github.com.pub";
owner = "alex";
group = "users";
};
};
};
}

130
hosts/sombrero/modules/syncthing/default.nix
View File

@@ -1,130 +0,0 @@
{ pkgs, lib, config, ... }:
let
enabled = config.mod.syncthing.enable;
nginxEnabled = config.mod.nginx.enable;
in
{
options = {
mod.syncthing = {
enable = lib.mkEnableOption "add syncthing module";
};
};
config = lib.mkIf (enabled && nginxEnabled) {
networking = {
firewall = {
allowedTCPPorts = [ 8384 ];
};
};
services = {
syncthing = {
enable = true;
openDefaultPorts = true;
user = "alex";
group = "users";
dataDir = "/home/alex/backup/sync";
cert = config.age.secrets.syncthing-cert.path;
key = config.age.secrets.syncthing-key.path;
guiAddress = "0.0.0.0:8384";
settings = {
gui = {
user = "syncthing";
password = "$2a$12$J/h/JOUiW24ZXsLYLEl2kOZUS1LftxANi0OlZxLy8Dst3/jpBd0v2";
insecureSkipHostcheck = false;
};
devices = {
phone.id = config.lib.syncthing.phone;
pinwheel.id = config.lib.syncthing.pinwheel;
};
folders = {
"org" = {
path = "/home/alex/backup/sync/org";
devices = [ "phone" "pinwheel" ];
versioning = {
type = "staggered";
params = {
maxAge = "2592000"; # 30 days
};
};
};
"phone-gps" = {
path = "/home/alex/backup/sync/gps";
devices = [ "phone" ];
versioning = {
type = "staggered";
params = {
maxAge = "2592000"; # 30 days
};
};
};
"personal" = {
path = "/home/alex/backup/sync/personal";
devices = [ "pinwheel" ];
versioning = {
type = "staggered";
params = {
maxAge = "2592000"; # 30 days
};
};
};
"work" = {
path = "/home/alex/backup/sync/work";
devices = [ "pinwheel" ];
versioning = {
type = "staggered";
params = {
maxAge = "2592000"; # 30 days
};
};
};
"books" = {
path = "/home/alex/backup/books";
devices = [ "pinwheel" ];
versioning = {
type = "staggered";
params = {
maxAge = "2592000"; # 30 days
};
};
};
"audiobooks" = {
path = "/home/alex/media/sync/audiobooks";
devices = [ "phone" ];
};
};
};
};
nginx = {
virtualHosts."syncthing.sombrero.a2x.se" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://0.0.0.0:8384";
};
};
};
};
age = {
secrets = {
"syncthing-cert".file = ../../../../secrets/sombrero/syncthing-cert.age;
"syncthing-key".file = ../../../../secrets/sombrero/syncthing-key.age;
};
};
};
}

9
hosts/sombrero/modules/tailscale/default.nix
View File

@@ -1,9 +0,0 @@
{ ... }:
{
services.tailscale.enable = true;
networking.firewall = {
checkReversePath = "loose";
allowedUDPPorts = [ 41641 ];
};
}

40
hosts/sombrero/modules/transmission/default.nix
View File

@@ -1,40 +0,0 @@
{ pkgs, lib, config, ... }:
let
enabled = config.mod.transmission.enable;
in
{
options = {
mod.transmission = {
enable = lib.mkEnableOption "enable transmission module";
};
};
config = lib.mkIf enabled {
services = {
transmission = {
enable = true;
package = pkgs.transmission_4;
openFirewall = true;
openRPCPort = true;
settings.rpc-port = 9191;
settings.rpc-bind-address = "0.0.0.0";
user = "alex";
group = "users";
home = "/home/alex/media/ts-home";
downloadDirPermissions = "775";
settings = {
incomplete-dir-enabled = false;
download-dir = "/home/alex/media";
rpc-authentication-required = true;
rpc-whitelist-enabled = false;
rpc-username = "transmission";
rpc-password = "{55d884e4042db67313da49e05d7089a368eb64b3Br.3X.Xi";
};
};
};
};
}

18
hosts/tadpole/configuration.nix
View File

@@ -1,20 +1,22 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
imports = imports = [
[ ../../config-manager/default.nix
../../config-manager/default.nix ./hardware-configuration.nix
./hardware-configuration.nix ./modules
./modules ];
];
nix.settings.experimental-features = [ "nix-command" "flakes" ]; nix.settings.experimental-features = [
"nix-command"
"flakes"
];
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
users.users.alex = { users.users.alex = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" ]; extraGroups = [ "wheel" ];
packages = []; packages = [ ];
}; };
environment.variables.EDITOR = "vim"; environment.variables.EDITOR = "vim";

37
hosts/tadpole/hardware-configuration.nix
View File

@@ -1,26 +1,39 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: {
config,
lib,
pkgs,
modulesPath,
...
}:
{ {
imports = imports = [
[ (modulesPath + "/profiles/qemu-guest.nix") (modulesPath + "/profiles/qemu-guest.nix")
]; ];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; boot.initrd.availableKernelModules = [
"ahci"
"xhci_pci"
"virtio_pci"
"virtio_scsi"
"sd_mod"
"sr_mod"
];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ]; boot.kernelModules = [ ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-uuid/7a2b1179-6582-4ef1-b094-0f11449373ed"; device = "/dev/disk/by-uuid/7a2b1179-6582-4ef1-b094-0f11449373ed";
fsType = "ext4"; fsType = "ext4";
}; };
swapDevices = swapDevices = [
[ { device = "/dev/disk/by-uuid/aa0634e1-a1c2-4461-978a-cf1768f38b0c"; } { device = "/dev/disk/by-uuid/aa0634e1-a1c2-4461-978a-cf1768f38b0c"; }
]; ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's

2
hosts/tadpole/home.nix
View File

@@ -17,7 +17,7 @@
pkgs.git pkgs.git
pkgs.tig pkgs.tig
pkgs.vim pkgs.vim
]; ];
home.stateVersion = "24.05"; home.stateVersion = "24.05";
}; };

7
hosts/tadpole/modules/boot/default.nix
View File

@@ -1,4 +1,9 @@
{ inputs, lib, config, ... }: {
inputs,
lib,
config,
...
}:
let let
configurationLimit = config.mod.gc.configurationLimit; configurationLimit = config.mod.gc.configurationLimit;
in in

62
hosts/tadpole/modules/gitea/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
conf = config.mod.gitea; conf = config.mod.gitea;
gitDomain = "git.${conf.baseDomain}"; gitDomain = "git.${conf.baseDomain}";
@@ -26,7 +31,7 @@ in
webfingerAccounts = lib.mkOption { webfingerAccounts = lib.mkOption {
type = lib.types.listOf lib.types.str; type = lib.types.listOf lib.types.str;
default = []; default = [ ];
description = "The accounts that should be listed"; description = "The accounts that should be listed";
}; };
}; };
@@ -47,7 +52,7 @@ in
message = "There is no cert configured for ${conf.baseDomain} used by webfinger"; message = "There is no cert configured for ${conf.baseDomain} used by webfinger";
} }
{ {
assertion = conf.webfingerEnable && conf.webfingerAccounts != []; assertion = conf.webfingerEnable && conf.webfingerAccounts != [ ];
message = "Option 'mod.gitea.webfingerAccounts' cannot be empty"; message = "Option 'mod.gitea.webfingerAccounts' cannot be empty";
} }
]; ];
@@ -81,38 +86,43 @@ in
services.nginx = { services.nginx = {
virtualHosts."${conf.baseDomain}" = virtualHosts."${conf.baseDomain}" =
let let
mkWebfinger = account: mkWebfinger =
pkgs.writeTextDir (lib.escapeURL "acct:${account}") (lib.generators.toJSON {} { account:
subject = "acct:${account}"; pkgs.writeTextDir (lib.escapeURL "acct:${account}") (
links = [{ lib.generators.toJSON { } {
rel = "http://openid.net/specs/connect/1.0/issuer"; subject = "acct:${account}";
href = "https://${gitDomain}"; links = [
}]; {
}); rel = "http://openid.net/specs/connect/1.0/issuer";
href = "https://${gitDomain}";
}
];
}
);
webfingerRoot = pkgs.symlinkJoin { webfingerRoot = pkgs.symlinkJoin {
name = "${gitDomain}-webfinger"; name = "${gitDomain}-webfinger";
paths = builtins.map mkWebfinger conf.webfingerAccounts; paths = builtins.map mkWebfinger conf.webfingerAccounts;
}; };
in in
lib.mkIf conf.webfingerEnable { lib.mkIf conf.webfingerEnable {
forceSSL = true; forceSSL = true;
useACMEHost = conf.baseDomain; useACMEHost = conf.baseDomain;
locations."/.well-known/webfinger" = { locations."/.well-known/webfinger" = {
root = webfingerRoot; root = webfingerRoot;
extraConfig = '' extraConfig = ''
add_header Access-Control-Allow-Origin "*"; add_header Access-Control-Allow-Origin "*";
default_type "application/jrd+json"; default_type "application/jrd+json";
types { application/jrd+json json; } types { application/jrd+json json; }
if ($arg_resource) { if ($arg_resource) {
rewrite ^(.*)$ /$arg_resource break; rewrite ^(.*)$ /$arg_resource break;
} }
return 400; return 400;
''; '';
};
}; };
};
virtualHosts."${gitDomain}" = { virtualHosts."${gitDomain}" = {
forceSSL = true; forceSSL = true;

5
hosts/tadpole/modules/nginx/default.nix
View File

@@ -31,7 +31,10 @@ in
networking = { networking = {
firewall = { firewall = {
allowedTCPPorts = [ 80 443 ]; allowedTCPPorts = [
80
443
];
}; };
}; };
}; };

7
hosts/tadpole/modules/ppp.pm-site/default.nix
View File

@@ -1,4 +1,9 @@
{ inputs, lib, config, ... }: {
inputs,
lib,
config,
...
}:
let let
enabled = config.mod.pppdotpm-site.enable; enabled = config.mod.pppdotpm-site.enable;

35
hosts/tadpole/modules/ssh/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
enabled = config.mod.ssh.enable; enabled = config.mod.ssh.enable;
@@ -18,6 +23,11 @@ in
enable = true; enable = true;
matchBlocks = { matchBlocks = {
"git.ppp.pm" = {
hostname = "git.ppp.pm";
identityFile = "/home/alex/.ssh/alex.tadpole-git.ppp.pm";
};
"codeberg.org" = { "codeberg.org" = {
hostname = "codeberg.org"; hostname = "codeberg.org";
identityFile = "/home/alex/.ssh/alex.tadpole-codeberg.org"; identityFile = "/home/alex/.ssh/alex.tadpole-codeberg.org";
@@ -41,10 +51,12 @@ in
enable = true; enable = true;
ports = [ 1122 ]; ports = [ 1122 ];
hostKeys = [{ hostKeys = [
path = "${rootSSHKeyPath}/root.tadpole"; {
type = "ed25519"; path = "${rootSSHKeyPath}/root.tadpole";
}]; type = "ed25519";
}
];
settings = { settings = {
PasswordAuthentication = false; PasswordAuthentication = false;
@@ -77,6 +89,19 @@ in
path = "${authorizedKeysPath}/alex.pinwheel-tadpole.pub"; path = "${authorizedKeysPath}/alex.pinwheel-tadpole.pub";
}; };
"alex.tadpole-git.ppp.pm" = {
file = ../../../../secrets/tadpole/alex.tadpole-git.ppp.pm.age;
path = "/home/alex/.ssh/alex.tadpole-git.ppp.pm";
owner = "alex";
group = "users";
};
"alex.tadpole-git.ppp.pm.pub" = {
file = ../../../../secrets/tadpole/alex.tadpole-git.ppp.pm.pub.age;
path = "/home/alex/.ssh/alex.tadpole-git.ppp.pm.pub";
owner = "alex";
group = "users";
};
"alex.tadpole-codeberg.org" = { "alex.tadpole-codeberg.org" = {
file = ../../../../secrets/tadpole/alex.tadpole-codeberg.org.age; file = ../../../../secrets/tadpole/alex.tadpole-codeberg.org.age;
path = "/home/alex/.ssh/alex.tadpole-codeberg.org"; path = "/home/alex/.ssh/alex.tadpole-codeberg.org";

4
hosts/test-vm/configuration.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
imports = [ imports = [
./ppp.pm-site.nix ./ppp.pm-site.nix
@@ -28,7 +28,7 @@
}; };
}; };
environment.systemPackages = []; environment.systemPackages = [ ];
system.stateVersion = "24.05"; system.stateVersion = "24.05";
}; };

7
hosts/test-vm/ppp.pm-site.nix
View File

@@ -1,4 +1,9 @@
{ inputs, lib, config, ... }: {
inputs,
lib,
config,
...
}:
let let
enabled = config.mod.pppdotpm-site.enable; enabled = config.mod.pppdotpm-site.enable;
in in

BIN
secrets/backwards/alex.backwards-git.ppp.pm.age Normal file
View File

Binary file not shown.

BIN
secrets/backwards/alex.backwards-git.ppp.pm.pub.age Normal file
View File

Binary file not shown.

14
secrets/secrets.nix
View File

@@ -2,7 +2,6 @@ let
# see `modules/age/default.nix` where these are defined # see `modules/age/default.nix` where these are defined
pinwheel = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMoI7Q4zT2AGXU+i8fLmzcNLdfMkEnfHYh4PmaEmo2QW root@pinwheel"; pinwheel = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMoI7Q4zT2AGXU+i8fLmzcNLdfMkEnfHYh4PmaEmo2QW root@pinwheel";
backwards = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBcTK3CUtTsgavuLlbfOqCbHYLtUrIKqnSqYmtzGCZnv root.backwards"; backwards = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBcTK3CUtTsgavuLlbfOqCbHYLtUrIKqnSqYmtzGCZnv root.backwards";
sombrero = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO/NltCo1L+X1OIBfIKzfrbxLpCOerQ4vTIs+QPTXkf/ root@sombrero";
tadpole = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDbyj/vYafqpJH33jFz5HV+gwCiEIJTpxKrEFrBWx73A root@tadpole"; tadpole = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDbyj/vYafqpJH33jFz5HV+gwCiEIJTpxKrEFrBWx73A root@tadpole";
alex = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTgiHYcdhS87pPnduLunZVEgLVj4EtbG9XVSZP1l5s5 alex"; alex = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTgiHYcdhS87pPnduLunZVEgLVj4EtbG9XVSZP1l5s5 alex";
in { in {
@@ -12,8 +11,6 @@ in {
"pinwheel/mullvad-account-history.age".publicKeys = [ pinwheel alex ]; "pinwheel/mullvad-account-history.age".publicKeys = [ pinwheel alex ];
"pinwheel/alex.pinwheel-backwards.age".publicKeys = [ pinwheel alex ]; "pinwheel/alex.pinwheel-backwards.age".publicKeys = [ pinwheel alex ];
"pinwheel/alex.pinwheel-backwards.pub.age".publicKeys = [ pinwheel backwards alex ]; "pinwheel/alex.pinwheel-backwards.pub.age".publicKeys = [ pinwheel backwards alex ];
"pinwheel/alex.pinwheel-sombrero.age".publicKeys = [ pinwheel alex ];
"pinwheel/alex.pinwheel-sombrero.pub.age".publicKeys = [ pinwheel sombrero alex ];
"pinwheel/alex.pinwheel-tadpole.age".publicKeys = [ pinwheel alex ]; "pinwheel/alex.pinwheel-tadpole.age".publicKeys = [ pinwheel alex ];
"pinwheel/alex.pinwheel-tadpole.pub.age".publicKeys = [ pinwheel tadpole alex ]; "pinwheel/alex.pinwheel-tadpole.pub.age".publicKeys = [ pinwheel tadpole alex ];
"pinwheel/alex.pinwheel-github.com.age".publicKeys = [ pinwheel alex ]; "pinwheel/alex.pinwheel-github.com.age".publicKeys = [ pinwheel alex ];
@@ -40,18 +37,15 @@ in {
"backwards/restic-cloud-sync-repository.age".publicKeys = [ backwards alex ]; "backwards/restic-cloud-sync-repository.age".publicKeys = [ backwards alex ];
"backwards/alex.backwards-codeberg.org.age".publicKeys = [ backwards alex ]; "backwards/alex.backwards-codeberg.org.age".publicKeys = [ backwards alex ];
"backwards/alex.backwards-codeberg.org.pub.age".publicKeys = [ backwards alex ]; "backwards/alex.backwards-codeberg.org.pub.age".publicKeys = [ backwards alex ];
"backwards/alex.backwards-git.ppp.pm.age".publicKeys = [ backwards alex ];
"backwards/alex.backwards-git.ppp.pm.pub.age".publicKeys = [ backwards alex ];
"backwards/wpa_supplicant.conf.age".publicKeys = [ backwards alex ]; "backwards/wpa_supplicant.conf.age".publicKeys = [ backwards alex ];
"sombrero/syncthing-cert.age".publicKeys = [ sombrero alex ];
"sombrero/syncthing-key.age".publicKeys = [ sombrero alex ];
"sombrero/alex.sombrero-github.com.age".publicKeys = [ sombrero alex ];
"sombrero/alex.sombrero-github.com.pub.age".publicKeys = [ sombrero alex ];
"sombrero/alex.sombrero-codeberg.org.age".publicKeys = [ sombrero alex ];
"sombrero/alex.sombrero-codeberg.org.pub.age".publicKeys = [ sombrero alex ];
"tadpole/root.tadpole.age".publicKeys = [ tadpole alex ]; "tadpole/root.tadpole.age".publicKeys = [ tadpole alex ];
"tadpole/root.tadpole.pub.age".publicKeys = [ tadpole alex ]; "tadpole/root.tadpole.pub.age".publicKeys = [ tadpole alex ];
"tadpole/alex.tadpole-codeberg.org.age".publicKeys = [ tadpole alex ]; "tadpole/alex.tadpole-codeberg.org.age".publicKeys = [ tadpole alex ];
"tadpole/alex.tadpole-codeberg.org.pub.age".publicKeys = [ tadpole alex ]; "tadpole/alex.tadpole-codeberg.org.pub.age".publicKeys = [ tadpole alex ];
"tadpole/alex.tadpole-git.ppp.pm.age".publicKeys = [ tadpole alex ];
"tadpole/alex.tadpole-git.ppp.pm.pub.age".publicKeys = [ tadpole alex ];
"tadpole/gitea-dbpassword.age".publicKeys = [ tadpole alex ]; "tadpole/gitea-dbpassword.age".publicKeys = [ tadpole alex ];
} }

BIN
secrets/sombrero/alex.sombrero-codeberg.org.age
View File

Binary file not shown.

7
secrets/sombrero/alex.sombrero-codeberg.org.pub.age
View File

@@ -1,7 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 MxZlmA NNDIdpcC5ad2zy6SNwiLbowPBahLGKnv/W6LI4rp0Bk
78Alin5dlkRgliZkL7iLSY6MRtdZPjgtz+Z70CA+aQ8
-> ssh-ed25519 +oNaHQ i5i36kNiCMMsePFyaLHOvzMPee5RuE+yHtlh7bHq0no
B4fpYax3fzgOUGYwL4E0V9cqyvDbF5iYo/haUyR34gw
--- jBxmbEHiLGLglJDbeYDbfDrgc2DPsVIoISNj7stw8pc
MJ<><4A>|.<2E>T<1B>j<EFBFBD><6A><EFBFBD><EFBFBD><EFBFBD> w9v<39><76><EFBFBD><08><>kuY0B櫼D-<2D>O<EFBFBD><4F>-]<5D>D<EFBFBD>y]a<>j<EFBFBD>(<28>(<28>G<EFBFBD>y <1F><><EFBFBD>Š<EFBFBD> <20>W8<57><38><EFBFBD>-i<><69><EFBFBD><EFBFBD>/<03><17>=i}D=ȟ<1B><><EFBFBD>,U<><17>z<EFBFBD><1C><>ݲ'<27>P<EFBFBD>Yo<59><6F>7<EFBFBD><37>se i;

BIN
secrets/sombrero/alex.sombrero-github.com.age
View File

Binary file not shown.

BIN
secrets/sombrero/alex.sombrero-github.com.pub.age
View File

Binary file not shown.

BIN
secrets/sombrero/syncthing-cert.age
View File

Binary file not shown.

BIN
secrets/sombrero/syncthing-key.age
View File

Binary file not shown.

Some files were not shown because too many files have changed in this diff Show More