From 34050a14ccf3ce474458acc7101c3b05149c7544 Mon Sep 17 00:00:00 2001 From: b12f Date: Fri, 16 Aug 2024 19:03:16 +0200 Subject: [PATCH 01/19] pkgs: update nvfetcher packages --- pkgs/_sources/generated.json | 16 ++++++++-------- pkgs/_sources/generated.nix | 16 ++++++++-------- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/pkgs/_sources/generated.json b/pkgs/_sources/generated.json index fddb96d..40714d7 100644 --- a/pkgs/_sources/generated.json +++ b/pkgs/_sources/generated.json @@ -20,7 +20,7 @@ }, "blesh-nvfetcher": { "cargoLocks": null, - "date": "2024-03-11", + "date": "2024-07-01", "extract": null, "name": "blesh-nvfetcher", "passthru": null, @@ -32,11 +32,11 @@ "name": null, "owner": "akinomyoga", "repo": "ble.sh", - "rev": "b6344b3be1978695889371de83ac4d15352e4fee", - "sha256": "sha256-mKqvbwLW71NBeuP5Cqsp/dmrbodzAmFI3HYN5v07cNg=", + "rev": "fcbf1ed0e417433d0e56cf90cad111852115dbe2", + "sha256": "sha256-yduYOa5zklPprJSJazTPp/+fuH4iIchAa7n+1d5pA94=", "type": "github" }, - "version": "b6344b3be1978695889371de83ac4d15352e4fee" + "version": "fcbf1ed0e417433d0e56cf90cad111852115dbe2" }, "instant-nvim-nvfetcher": { "cargoLocks": null, @@ -160,7 +160,7 @@ }, "vimagit-nvfetcher": { "cargoLocks": null, - "date": "2024-01-04", + "date": "2024-03-28", "extract": null, "name": "vimagit-nvfetcher", "passthru": null, @@ -172,10 +172,10 @@ "name": null, "owner": "jreybert", "repo": "vimagit", - "rev": "06afe48439d0118a77d622ef06eff0f7cd7d62ab", - "sha256": "sha256-2kugFr32lZINgpmDyfTyBp5lNa2/dculKmcFGa2q/io=", + "rev": "fc7eda97da4f8182c8abbe6ea7befbd789b8b935", + "sha256": "sha256-HievBzyVZke4AyCWAL9MlOw65X460cEEeOhwAL2brzs=", "type": "github" }, - "version": "06afe48439d0118a77d622ef06eff0f7cd7d62ab" + "version": "fc7eda97da4f8182c8abbe6ea7befbd789b8b935" } } \ No newline at end of file diff --git a/pkgs/_sources/generated.nix b/pkgs/_sources/generated.nix index b4fe187..822c473 100644 --- a/pkgs/_sources/generated.nix +++ b/pkgs/_sources/generated.nix @@ -16,17 +16,17 @@ }; blesh-nvfetcher = { pname = "blesh-nvfetcher"; - version = "b6344b3be1978695889371de83ac4d15352e4fee"; + version = "fcbf1ed0e417433d0e56cf90cad111852115dbe2"; src = fetchFromGitHub { owner = "akinomyoga"; repo = "ble.sh"; - rev = "b6344b3be1978695889371de83ac4d15352e4fee"; + rev = "fcbf1ed0e417433d0e56cf90cad111852115dbe2"; fetchSubmodules = true; deepClone = false; leaveDotGit = true; - sha256 = "sha256-mKqvbwLW71NBeuP5Cqsp/dmrbodzAmFI3HYN5v07cNg="; + sha256 = "sha256-yduYOa5zklPprJSJazTPp/+fuH4iIchAa7n+1d5pA94="; }; - date = "2024-03-11"; + date = "2024-07-01"; }; instant-nvim-nvfetcher = { pname = "instant-nvim-nvfetcher"; @@ -102,14 +102,14 @@ }; vimagit-nvfetcher = { pname = "vimagit-nvfetcher"; - version = "06afe48439d0118a77d622ef06eff0f7cd7d62ab"; + version = "fc7eda97da4f8182c8abbe6ea7befbd789b8b935"; src = fetchFromGitHub { owner = "jreybert"; repo = "vimagit"; - rev = "06afe48439d0118a77d622ef06eff0f7cd7d62ab"; + rev = "fc7eda97da4f8182c8abbe6ea7befbd789b8b935"; fetchSubmodules = false; - sha256 = "sha256-2kugFr32lZINgpmDyfTyBp5lNa2/dculKmcFGa2q/io="; + sha256 = "sha256-HievBzyVZke4AyCWAL9MlOw65X460cEEeOhwAL2brzs="; }; - date = "2024-01-04"; + date = "2024-03-28"; }; } From 9439ed4c44142f1920ad1b569e5d1b229322d23c Mon Sep 17 00:00:00 2001 From: b12f Date: Fri, 16 Aug 2024 21:33:49 +0200 Subject: [PATCH 02/19] email: add mail@b12f.io and mail@hzdomain --- hosts/frikandel/email.nix | 76 ++++++++++++++++++++++--- hosts/frikandel/unbound.nix | 10 ++++ modules/printing/default.nix | 10 ++-- secrets/age-yubikey-464-identity.txt | 6 -- secrets/age-yubikey-485-identity.txt | 6 -- secrets/hzdomain-dkim-private-rsa.age | Bin 0 -> 2056 bytes secrets/mail@hzdomain-password.age | 23 ++++++++ secrets/mail@mezza.biz-password.age | Bin 0 -> 1310 bytes secrets/mezza.biz-dkim-private-rsa.age | Bin 0 -> 2056 bytes secrets/secrets.nix | 7 ++- terraform/h.net.tf | 24 ++++++++ terraform/mezza.biz.tf | 65 +++++++++++++++++++++ users/b12f/email.nix | 14 +++-- 13 files changed, 211 insertions(+), 30 deletions(-) create mode 100644 secrets/hzdomain-dkim-private-rsa.age create mode 100644 secrets/mail@hzdomain-password.age create mode 100644 secrets/mail@mezza.biz-password.age create mode 100644 secrets/mezza.biz-dkim-private-rsa.age diff --git a/hosts/frikandel/email.nix b/hosts/frikandel/email.nix index 480a8c1..bb91aba 100644 --- a/hosts/frikandel/email.nix +++ b/hosts/frikandel/email.nix @@ -5,10 +5,16 @@ lib, ... }: let - # hzDomain = lib.concatStrings [ "hw" "dz" "z." "net" ]; + hzDomain = lib.concatStrings [ "hw" "dz" "z." "net" ]; dkimDNSb12fio = '' default._domainkey IN TXT ( "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyla9hW3TvoXvZQxwzaJ4SZ9ict1HU3E6+FWlwNIgE6tIpTCyRJtiSIUDqB8TLTIBoxIs+QQBXZi+QUi3Agu6OSY2RiV0EwO8+oOOqOD9pERftc/aqe51cXuv4kPqwvpXEBwrXFWVM+VxivEubUJ7eKkFyXJpelv0LslXv/MmYbUyed6dF+reOGZCsvnbiRv74qdxbAL/25j62E8WrnxzJwhUtx/JhdBOjsHBvuw9hy6rZsVJL9eXayWyGRV6qmsLRzsRSBs+mDrgmKk4dugADd11+A03ics3i8hplRoWDkqnNKz1qy4f5TsV6v9283IANrAzRfHwX8EvNiFsBz+ZCQIDAQAB" ) ; ''; + dkimDNSmezzabiz = '' + default._domainkey IN TXT ( "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDG8iuDq0eon2k7QlBJWGxwDiEv53iJQu2uqxOjr7Ul/nfQjuR6kVKs6oOVopnyFTGRpffrpSHHW1YUN5nF76p0fJphk4l+QmJP36/xweajsNU27PAkb88xG6yRKl28MCfPdMR96+Jobpei8S0UhqcskYs1aZybm7ci9ZuAMidziwIDAQAB" ) ; + ''; + dkimDNShzDomain = '' + default._domainkey IN TXT ( "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDvVA2XZno6g6qBdmxoLgX2Qmd883M6yV4YkE/VaNH6xcR0AcTo4hEYoAOPryfKn4FE/TYvyk/k2cyBKpMBn2qbVhwUavYQh/e9bweS2FKQvdzCUUoqXk04o2MqSXb2ZFwkUCtfrPcckBgpF754PDL4HMZGPnkMSdDX7bmYe37CWQIDAQAB") ; + ''; in { age.secrets."b12f.io-dkim-private-rsa" = { file = "${flake.self}/secrets/b12f.io-dkim-private-rsa.age"; @@ -23,16 +29,44 @@ in { owner = "maddy"; }; + age.secrets."mezza.biz-dkim-private-rsa" = { + file = "${flake.self}/secrets/mezza.biz-dkim-private-rsa.age"; + path = "/var/lib/maddy/dkim_keys/mezza.biz_default.key"; + mode = "400"; + owner = "maddy"; + }; + + age.secrets."mail@mezza.biz-password" = { + file = "${flake.self}/secrets/mail@mezza.biz-password.age"; + mode = "400"; + owner = "maddy"; + }; + + age.secrets."hzdomain-dkim-private-rsa" = { + file = "${flake.self}/secrets/hzdomain-dkim-private-rsa.age"; + path = "/var/lib/maddy/dkim_keys/hzdomain_default.key"; + mode = "400"; + owner = "maddy"; + }; + + age.secrets."mail@hzdomain-password" = { + file = "${flake.self}/secrets/mail@hzdomain-password.age"; + mode = "400"; + owner = "maddy"; + }; + users.users.maddy.extraGroups = [ "nginx" ]; security.acme.certs = { - "mail.b12f.io" = { - reloadServices = [ "maddy" ]; - }; - "b12f.io" = { - reloadServices = [ "maddy" ]; - }; + "mail.b12f.io".reloadServices = [ "maddy" ]; + "b12f.io".reloadServices = [ "maddy" ]; "mta-sts.b12f.io" = {}; + "mail.mezza.biz".reloadServices = [ "maddy" ]; + "mezza.biz".reloadServices = [ "maddy" ]; + "mta-sts.mezza.biz" = {}; + "mail.${hzDomain}".reloadServices = [ "maddy" ]; + "${hzDomain}".reloadServices = [ "maddy" ]; + "mta-sts.${hzDomain}" = {}; }; services.nginx.virtualHosts = builtins.foldl' (hosts: hostName: hosts // { @@ -52,7 +86,7 @@ in { tryFiles = "$uri $uri/ =404"; }; }; - }) {} [ "b12f.io" ]; + }) {} [ "b12f.io" "mezza.biz" hzDomain ]; systemd.tmpfiles.rules = [ "d '/run/maddy' 0750 maddy maddy - -" @@ -62,6 +96,8 @@ in { mkdir -p /var/lib/maddy/dkim_keys echo '${dkimDNSb12fio}' >> /var/lib/maddy/dkim_keys/b12f.io_default.dns + echo '${dkimDNSmezzabiz}' >> /var/lib/maddy/dkim_keys/mezza.biz_default.dns + echo '${dkimDNShzDomain}' >> /var/lib/maddy/dkim_keys/${hzDomain}_default.dns chown -R maddy:maddy /var/lib/maddy ''; @@ -76,14 +112,22 @@ in { localDomains = [ "b12f.io" "mail.b12f.io" + "mezza.biz" + "mail.mezza.biz" + hzDomain + "mail.${hzDomain}" ]; ensureAccounts = [ "mail@b12f.io" + "mail@mezza.biz" + "mail@${hzDomain}" ]; ensureCredentials = { # Do not use this in production. This will make passwords world-readable # in the Nix store "mail@b12f.io".passwordFile = config.age.secrets."mail@b12f.io-password".path; + "mail@mezza.biz".passwordFile = config.age.secrets."mail@mezza.biz-password".path; + "mail@${hzDomain}".passwordFile = config.age.secrets."mail@hzdomain-password".path; }; tls = { loader = "file"; @@ -96,6 +140,22 @@ in { keyPath = "${config.security.acme.certs."b12f.io".directory}/key.pem"; certPath = "${config.security.acme.certs."b12f.io".directory}/cert.pem"; } + { + keyPath = "${config.security.acme.certs."mail.mezza.biz".directory}/key.pem"; + certPath = "${config.security.acme.certs."mail.mezza.biz".directory}/cert.pem"; + } + { + keyPath = "${config.security.acme.certs."mezza.biz".directory}/key.pem"; + certPath = "${config.security.acme.certs."mezza.biz".directory}/cert.pem"; + } + { + keyPath = "${config.security.acme.certs."mail.${hzDomain}".directory}/key.pem"; + certPath = "${config.security.acme.certs."mail.${hzDomain}".directory}/cert.pem"; + } + { + keyPath = "${config.security.acme.certs."${hzDomain}".directory}/key.pem"; + certPath = "${config.security.acme.certs."${hzDomain}".directory}/cert.pem"; + } ]; }; config = '' diff --git a/hosts/frikandel/unbound.nix b/hosts/frikandel/unbound.nix index 26ba8d1..380e325 100644 --- a/hosts/frikandel/unbound.nix +++ b/hosts/frikandel/unbound.nix @@ -96,6 +96,16 @@ "\"b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:7::\"" "\"mail.b12f.io. 10800 IN A 10.13.12.7\"" "\"mail.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:7::\"" + + "\"mezza.biz. 10800 IN A 10.13.12.7\"" + "\"mezza.biz. 10800 IN AAAA fd00:b12f:acab:1312:acab:7::\"" + "\"mail.mezza.biz. 10800 IN A 10.13.12.7\"" + "\"mail.mezza.biz. 10800 IN AAAA fd00:b12f:acab:1312:acab:7::\"" + + "\"h${"w"+"dz"+"z.n"}et. 10800 IN A 10.13.12.7\"" + "\"h${"w"+"dz"+"z.n"}et. 10800 IN AAAA fd00:b12f:acab:1312:acab:7::\"" + "\"mail.h${"w"+"dz"+"z.n"}et. 10800 IN A 10.13.12.7\"" + "\"mail.h${"w"+"dz"+"z.n"}et. 10800 IN AAAA fd00:b12f:acab:1312:acab:7::\"" ]; tls-cert-bundle = "/etc/ssl/certs/ca-certificates.crt"; diff --git a/modules/printing/default.nix b/modules/printing/default.nix index 9bb30a4..03caa88 100644 --- a/modules/printing/default.nix +++ b/modules/printing/default.nix @@ -22,9 +22,9 @@ then [ pkgs.cups-brother-hl3140cw ] else []); - environment.persistence."/persist" = { - directories = [ - "/var/lib/cups" - ]; - }; + # environment.persistence."/persist" = { + # directories = [ + # "/etc/lib/cups" + # ]; + # }; } diff --git a/secrets/age-yubikey-464-identity.txt b/secrets/age-yubikey-464-identity.txt index f12dc2f..e696507 100644 --- a/secrets/age-yubikey-464-identity.txt +++ b/secrets/age-yubikey-464-identity.txt @@ -1,7 +1 @@ -# Serial: 25473464, Slot: 1 -# Name: age identity bd1ccf37 -# Created: Fri, 02 Feb 2024 19:26:49 +0000 -# PIN policy: Once (A PIN is required once per session, if set) -# Touch policy: Cached (A physical touch is required for decryption, and is cached for 15 seconds) -# Recipient: age1yubikey1qd7szmr9ux2znl4x4hzykkwaru60nr4ufu6kdd88sm7657gjz4x5w0jy4y7 AGE-PLUGIN-YUBIKEY-1HZCCGQVZH5WV7DCL6V837 diff --git a/secrets/age-yubikey-485-identity.txt b/secrets/age-yubikey-485-identity.txt index 88b82c8..b4c90ef 100644 --- a/secrets/age-yubikey-485-identity.txt +++ b/secrets/age-yubikey-485-identity.txt @@ -1,7 +1 @@ -# Serial: 25473485, Slot: 1 -# Name: age identity ceaabf8b -# Created: Fri, 02 Feb 2024 19:28:33 +0000 -# PIN policy: Once (A PIN is required once per session, if set) -# Touch policy: Cached (A physical touch is required for decryption, and is cached for 15 seconds) -# Recipient: age1yubikey1qgxuu2x3uzw7k5pg5sp2dv43edhwdz3xuhj7kjqrnw0p8t0l67c5yz9nm6q AGE-PLUGIN-YUBIKEY-1EKCCGQVZE64TLZCKYUCW7 diff --git a/secrets/hzdomain-dkim-private-rsa.age b/secrets/hzdomain-dkim-private-rsa.age new file mode 100644 index 0000000000000000000000000000000000000000..d1bf39124f4fcfd1148586a933cbd94533b2ff01 GIT binary patch literal 2056 zcmY+?`FGQX0l;y}F@`B247P?1ic`u}$M}#f+du%{j!(%)Y#ClbmTg&M0^% zFe-uyUCiSIIK9=xm}MkVZsSQYDc})FU}+Flq6VKnnwG{Ww2V@fv96333Nr~9aY0-r z3#fn5k|~r=8gwqPnul4fZY3F&0znDkz@!Y44(l*`&?k^5as~to!a7F;5l91WB49*4 zbRcPpm=oRr4j?gtiefsRibP!Yq#?*eaE=BPM$Q>eMndTT;BtmsCfW{$NL@~wv>{&9 zYxi*?zn_Z7Wr*L0%VeAsCwN&%?eY2;$Pfopx|kl2Kv-4*G9e!v@Is_Q3{d*4FM|0{ zSw;zEG}*Wv6C{0FOUj=J;E`Z}=X9vqbQB9y<<5Ls6>w<7B21GYQI68$W=~!s)+Vwt zLDnMI`EXNO;X)*2D1nB9ZWHV9uqG*wayi0MyECR%&|VOD1hRsRO{oirP#}~x3X~`s zBn|Qao=U|$Do+?BA{LF#nL&LhY|UhK2q$I@JiFCvd|ogNP{xeX=*2k7ozD>>n1GU6 zeLNb{=940iB8B)75b>k5+iGCV9;=)X=v*WuKtLW0T4dx8?GJRu6;uAnh( zh3pwf?n$asHcJc(h?u09h5T_78q*Vu921jP7&0&h9sxKQn-W?>APF)Q0br=l8hgI^bCE*n zFs_lJZX>5NB%O92ZI3I;AZyGXR3I{qj3O~ktk<%Dj|i9ZtZ_=?cAK@VBUY}UHMSHa z5#Z_32v3~>{SG5R<}?uO2V)$h0fQD%0M2=G2Dgn+gv~}y z=J8t%VeJ1b&Y6GSldlE{tr0HM>ivY%;IYt3G3&|2=(HIT1&u+65mJ*h9yUN3yFkXv zdgO>lA&SUAHiwB5UY{CujdU_$xQ zuO9ZUeY6z>dW(jQ^!-h2YBHC1U2g6ea{~3I{@nYUR|1_sp8K|9^K7eIU7T0UwlwIw zI)r@vuHB!VyR6PWWUS*p+*v+}obCX+Z|u1^kR9=;{@%mI_uIR_ zA#QgLK5lMopKzq~k8P*mm7nhU?%EqOuNb%G`t}ZAh7QUKTcSZ#|tnVvueLADwz_i&$g0FiPBC+%TbH zuxP}hH;NX#Pkd5x+`M*HY{Ra7;!DK1>iP2eOQUbE9cn&ZsVQ!&yIuLRxutctGk6c& zkX%#V(N(>wRJ}@Fn69~lzto(1XG~4;##Z4)puW{IYfU15YQ;a+%x%70_*cQ-t9F0# zeC~#=swa<%TMXOZT~HIt{xlHn!l(9^RBs=Sc1-+i-gnEi$4LEeRh`f7&aa(&Xngig zed*zGt0q^qPW;R2&e4tMg{o&f?9D5rG`nlz$5`d08&=z}jZ?Zy*L~2_NcA0Ac%uIg zhL1PQkvV$D?p=Mbg~w!Ufu4K8nS0t^dzsw&{jz~E0~^jR>RWGk4T_ZPKQQW}rS2vv z*!jaee((6A#q2t#qGc)@9{5+$!)xk-QunLskN9&xmwZ2U@mQ>-c+?l|C9n5=amI7t z=V*P!w56TJSKF3@z|NN35?0coJzKAuST$t5S#UqRYSNi)NN7RRmRDzdxnus&54Qq+ z(#j203>r&<02kj$Y zzkHJqYFg97#yw>R=MQ~Vxg-1I4RGhC34L34)!dF-UU}!6IT!A}|MjW3*m;t=ceNSr Zz#c3 ssh-ed25519 8bHz7g B8CppVVWblUzZYe4KLZZQg1+Z9HtOZE2riG5rrj7lDc +BBNd3OpQz+QoPp6mv+P2+eYTMwKt8+ty4ERdO5+2Xtk +-> ssh-ed25519 n71/yQ 4cDMfD1yorzkNgdqrbmcI6FCDEWlFlZmdedD5O5x/3k +gvmvNFiPVGZdcIb6PacTn3IKEBEk0TnSaWv30XWX2rY +-> ssh-rsa kFDS0A +D/Wxbu8XMyCpYi3b58FKYrYlSog0yCTDV0+cKQssOPyc/NNQ39FviB6HcqahmZfi +HpXAXdgDBNwHBN+Gmcu4gSFSgogKG3U8UxGmY9kNUUbJ8mKnljGO2rdPPIEbMLEn +ZmUAK86RYOW4ctRceZ5APR24uLN5DpTnq5phLJgWjh9pvUXrI4SPawkMOq7CxylB +h2AOYXPso0Iz9SVHl/KRLV+w32US8ISlLzJSUSAMYBY/2uQd2TRDJGdw5Jz/Ih+q +f/G463YV6opFmYO9odxWPQzuEPmEBKSO7zThXnlCvsW6LDZlJ1IY0SZviPIhO4M8 +RX4jsganUDti19RmiHytDXwKkM4XPCPh5wpE/a6qTVneFhnlXUNiF0Y938dAAMNx +S1rjS2v5ezHHtofpZqspl1s3WiAmsPzb7+E10ymoyT3elvWehWkTTk8a+HP4SoM+ +QKiig8HaevLWS5Ea/8wO8h8lzEDtda65GBvlARQGTCCPyijwHBAfiivU6Xp2EJQr +YP3+hxbLO1wmV8QMxUfMrAfbJVhua+o5oDPZSImNwGfEQo4yztL2jit0bOuA3qDF +6S3Pfvg6YpLcJwKdBCI4t0sBeFCm/Wxk4JT/eh0tdnBHUaviQ0Gj+Bzz1A7J+mek +Ko/jR43KTFbIz46n/mCeYrtn2MTFl/AOsW+T/XoaOTI +-> piv-p256 zqq/iw A71bIRILKAlGedebswRMWObcmTf4o0VGarNPs0HwF7pU +EUfi118cd2/bfnwTXuYAiqx14FawWUf36n66hmpQuIM +-> piv-p256 vRzPNw Atd637HL03L8GedzPSanEXZt9V85DgGnriZnXngfKRFz +UiIUX1ADioDqckf0iT04NN5kOhmyRwf+/CG2+THAsrc +--- uajThUB7bCOg/ahzarVYOMb1c3XR0qrphQ/ehGBQztM +ehCMrbI c@sFAS29] sip]V͇5$IGk)\IWNo3y! :AS! \ No newline at end of file diff --git a/secrets/mail@mezza.biz-password.age b/secrets/mail@mezza.biz-password.age new file mode 100644 index 0000000000000000000000000000000000000000..0d622cf529286ad51ca54895cd4b40b3196b7726 GIT binary patch literal 1310 zcmZA0yX)(800r=iV?Ypba*(=R2)#+#Ji)7^N%L&eq-paS#I$)fY4UB}iGqSx!FvU9 zaug9%1UDxaXAzwI6Yd}mg5oUx931p7_#6)B_;EN7i*q%CCM}BxWfdbG2F+ic)part zg9Slg%#1!s6BW;#uqUg%XL##D_7@H;r)XrKFJVh!Cu&>wwYe3R9xjMB4FyGwCu%rI zf|^vNbzQ=I!Zu2?lsA5DYaW84=p-bO-E9A_6%>Yy#_UGdO2FPlTirauXD?0|?X&b` z5>AV_oR6#BM%kX1w<$kDW_iu&gXPiN#n~<6DotI_SxQcCt`dHaP3f*7SapR5u>7x9 z)&49KcoStIFC!5!uG4~zBbF#t${)%up=iP2BxKm|zAP+4=Zf@d9RlvUK4Dtf`pzP; z&tgo+1q7pOR$Os#%|_G$J!f&bbZoM{UR&7frxe5|pDRU6SEKs`5zK>ONYBQ`s!yy?Md;{N(o0&KX?17I*YcI}B^K~u zB-~Et5+nsefk@&|la-nT#wSd?ljlL}Qn44qFPLnofY3LP%F#X!3C>>M^AF0TNR# zaA3)kZAM?JU>Cs4TTUHZDIMxo2>YY~C_%Cqp`&~r_QZ+uvSK5NF6%Q;-mJNUlXCl= zvuD@4T%^M;KVy_rRY{u}eW##2ttrkVqm04bHO}zVnpl{f5f2*{%^+dWv3=PxfThPZ z$$EMfQAdBpGD3Xtd&6({mkFn^Z0b{)UQ4<@Wod9SPGD+&%h*}M}QMv9vI|gYt2MdCnO}878_A_?GteA~qJ;C)o0d#rv=_Fw^ zzOWfqPI0l(rBq*{5hpqj40mj(p<)3{LNnA3pSXj<7llb5yAGXzCA+b)a7up4{$q9f zN!RYI!QV?uIB18m+9Nk(eNZ*!LdMo&%wobNIxEAsn&6q)c?SWy&(sQ&{Loa-OkDu` zd^~{_tX+G_&nUWdgZI@pFh6z?CygFVz>m{^O_bZrsyPKjxmk_`|Qie(>h~FVJ^~d;R0bpa1soo4NkP F`Wt@!wbK9q literal 0 HcmV?d00001 diff --git a/secrets/mezza.biz-dkim-private-rsa.age b/secrets/mezza.biz-dkim-private-rsa.age new file mode 100644 index 0000000000000000000000000000000000000000..b4b17e6cbe40d4173aa18c832add92ce3f657ed6 GIT binary patch literal 2056 zcmX}ri+59n0S0h-P$*%v3@0K*+P$D9l-xY-O#;Zw`+f7eO>%=4^Ul3VZgQVVE&^6y zP(V0Rp}6wcD9i~sVQdsAI0_czu_{#h0E*DkItL={pgN#9wsW?>;CH_7d|x0Isf-XI zDxYDnG%+Vl#YCJ~P`RLtrsI{7uml9f$}&PO7Ui8~ZieNw5jC9kgMK-mM@_8U!|@!i z@fq>7H>QFJCkpdb2ASR@uzM^%RwI%CK@_m6$Yc(srOBK+p-u+W`7q{8f}9Z0;Cv_% z`kzM8fwF{N>jqQ;9E1#@$xRz0A(nG$Fe+y;O5;ug@A1l{KpKzfV*q3IBoGGn1$dbS zLv0zYT9Q&rTrx8e$O&|Wj+VhDwNawZ*u%MCTw<)UdsR3ow^%}$Qv}*oJf8u*R4hp& z(U?$fvIp>p(;5!vt*G0_3TO!wQwUQ~P^;&7Qel7zQ0u~#N*65@(GEFg!|XvwAt9ke zz@S1TS~CEWhz~*OJQxo!E}ekah7|^x)fQ9*`Z`5i0DL5=zP! zHrsTvgh7Yp6gCB1#h4h>BU3n(B7q070A`aD;?XcD6FGCRI3812C@G@F&?LnXQl7Qt zoD3L>I^rIRjhgAOP%ZJGIB!RiLd-5;<*+gtVKlyIP8d;>vb4cWxeTOO6XZ;iJTIlm zBq`S;DDGz^AkHNWTo}^DSxjSwc*4P11fi@ghf{9En1~~Cl%f?>4kez(wc7RmeAwVt zkSfT8!l5d&*lso8nMlH@4vFM?h1HgESj0L(1QD@nIjl$rWeTN5mvo19I;9HBV7!CF z@VqdlcIiWu%Bz8hTq>4>l@7op_ZXF0ALdb*{Z)c|Dr$y&VTZv_ zxSk9P1KyaCj0uGN-VOI(zt*WdOBHavN zwAyqjLgdN&bOCdof`Dv5gd$be|L!=0ag`Yf2$k_9DZ;X4DiYL#q>VF05v|UFAu%b4 z%kod#rCtIW3PE9An)0gH zU<4QHf&YBw{}$)s9q?0&^N9ISI!HJYMuyO&u`q4dLm}LsO6ju-$eT@7>14)~6-T6Y z0VGA>AjF_XKnF>~K{4($ru6=V2m*~6Z-$HMGCF%q%hIk4DyXciEc0ojOg4-VdIz0` z<7PZ7Q{bo_V_jk<6AV&GG*JZ@;A9{qG6|X;Yx*B9DmD!-`0XlU?ZTn{$qx^$@49rT zbJvCR^2HzcdbGPeHByG_d-4$>-Mt)XTDxfY*m_jQO!8JukFcuSLSy-TRb=X z;T_S$V*GT;;Z4or=Lq3I*C!{c->rXZb*0JdE!=PL?5mr+u{!NPF`yfNs!%y=VVXHV z(J}w-C*w88e`vV6cUt$F+tx3@qK7rJ;Rh#c6bqKV)2iqyAMEX66LlwRO$1vw<=n;E z)3I~+{&a&KrqT7Z>O%U~AhY&zcI^8<&lpXEN33stx5tw@yX55^vkS&rO56WcGHn{% ze{0#;9esQ7>A~+WPOO-_AUtNuUg{5HfBJY+{k+i*Z{MJD&mLvAb=+@O++a&jbpp_Y zMD4Py_7Ok+w(#1#!4;Zg()7*gkHqu-xo&Uo-udQZ{bz<|-+W_T@IsZk)qk`FDDg}l z{b_@(W$_<3zJCAfW}B@k-S~s6DI_ekYAV|YMje>a{rt?`^VA)^oqv~@%}W~4C0)O) zu+X3X?syKV+=Z$3Z}GdDY7X58l!_j|sruDn+wX-Pb-nv1%$&6LKycMDv~gt4FSY{> zD6MbOQ@AH1V^YWsBEj6cpRB~{8*Tm`2skbM8 z-g=;~srV!9EcDACt4BVoF1#`9{h2nrXTplU#1EU_eBa-eK1jcjJ%6{XtFiw0xd+On zSMoz2?rI;|o-b4dU+ii5$88VadgQf=x>38IS#5K_Yh3xO=1_dU^zy(t>8%mb#bebE zmRxjg-THw0tUJeTJw4Lw{Q$nS*m_Vh6H zQ2XklwXSC^H=OF>tBp?S`gVK4$}g_ Date: Sun, 18 Aug 2024 18:53:31 +0200 Subject: [PATCH 03/19] user/b12f: don't use real name for all email addresses --- users/b12f/email.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/users/b12f/email.nix b/users/b12f/email.nix index 88bb3a6..1c6cfdd 100644 --- a/users/b12f/email.nix +++ b/users/b12f/email.nix @@ -14,7 +14,7 @@ with lib; let generateMailAccount = args@{ address, ... }: rec { inherit address; - realName = psCfg.user.fullName; + realName = if (args ? "fullName") then args.fullName else psCfg.user.fullName; signature = { showSignature = "append"; text = if (args ? "emptysignature") then "" else builtins.readFile (./.config/neomutt + "/${builtins.replaceStrings ["@"] ["_"] address}.signature"); @@ -133,11 +133,13 @@ in { }; } { + fullName = "mezza"; address = mkEmailAddress "mail" "mezza.biz"; host = "mail.mezza.biz"; emptysignature = true; } { + fullname = "hwd"+ "zz"; address = mkEmailAddress "mail" "h" + "w" + "dz" + "z.net"; host = "mail.h" + "w" + "dz" + "z.net"; emptysignature = true; From d67d75eda33f720de6bb8491a9c9f9cf034d0daa Mon Sep 17 00:00:00 2001 From: b12f Date: Mon, 19 Aug 2024 00:07:22 +0200 Subject: [PATCH 04/19] terminal-life: reduce nvim config, switch to telescope --- flake.nix | 3 + modules/desktop-extended/default.nix | 8 - modules/terminal-life/default.nix | 19 +- modules/terminal-life/nvim/cmp.vim | 48 +++ modules/terminal-life/nvim/default.nix | 129 +++---- modules/terminal-life/nvim/init.vim | 33 +- modules/terminal-life/nvim/lsp.vim | 361 ++++++------------ modules/terminal-life/nvim/plugins.vim | 84 ++-- modules/terminal-life/nvim/preview-file.nix | 36 -- .../terminal-life/nvim/quickfixopenall.vim | 20 - modules/terminal-life/nvim/ui.vim | 17 - 11 files changed, 293 insertions(+), 465 deletions(-) create mode 100644 modules/terminal-life/nvim/cmp.vim delete mode 100644 modules/terminal-life/nvim/preview-file.nix delete mode 100644 modules/terminal-life/nvim/quickfixopenall.vim diff --git a/flake.nix b/flake.nix index bdd2edf..050ce81 100644 --- a/flake.nix +++ b/flake.nix @@ -81,6 +81,7 @@ devShells.default = pkgs.mkShell { packages = with pkgs; [ nix + nixd agenix age-plugin-yubikey cachix @@ -97,10 +98,12 @@ deploy-rs + terraform-ls opentofu terraform-backend-git deno + denols ]; shellHook = '' diff --git a/modules/desktop-extended/default.nix b/modules/desktop-extended/default.nix index 2d0eb55..4f1d7b2 100644 --- a/modules/desktop-extended/default.nix +++ b/modules/desktop-extended/default.nix @@ -29,14 +29,6 @@ in { element-desktop element-b12f element-mezza - - # Nix specific utilities - alejandra - manix - nix-index - nix-tree - nix-inspect - nvd ]; fonts = { diff --git a/modules/terminal-life/default.nix b/modules/terminal-life/default.nix index f5fafcf..949353d 100644 --- a/modules/terminal-life/default.nix +++ b/modules/terminal-life/default.nix @@ -22,13 +22,12 @@ in { programs.command-not-found.enable = false; users.users."${psCfg.user.name}".packages = with pkgs; [ - ack asciinema bat blesh eza fd - jump + ripgrep (nnn.overrideAttrs (o: { patches = (o.patches or []) @@ -39,9 +38,17 @@ in { p powerline screen - silver-searcher watson - ]; + jump + ] ++ (if cfg.full then [ + # Nix specific utilities + alejandra + manix + nix-index + nix-tree + nix-inspect + nvd + ] else []); home-manager.users."${psCfg.user.name}" = { xdg.dataFile."scripts/base16.sh".source = .local/share/scripts/base16.sh; @@ -79,13 +86,11 @@ in { inherit pkgs; inherit lib; }; + # Ensure nvim backup directory gets created # Workaround for E510: Can't make backup file (add ! to override) xdg.dataFile."nvim/backup/.keep".text = ""; xdg.dataFile."nvim/json-schemas/.keep".text = ""; - # Generated with: - # docker run -it --name caddy-json-schema registry.greenbaum.cloud/gc/caddy-l4:2.5.2 caddy json-schema -output /srv/caddy_schema.json - xdg.dataFile."nvim/json-schemas/caddy_schema.json".source = .local/share/nvim/json-schemas/caddy_schema.json; xdg.dataFile."nvim/templates/.keep".text = ""; programs.git = import ./git {}; diff --git a/modules/terminal-life/nvim/cmp.vim b/modules/terminal-life/nvim/cmp.vim new file mode 100644 index 0000000..b462c5f --- /dev/null +++ b/modules/terminal-life/nvim/cmp.vim @@ -0,0 +1,48 @@ +lua <'] = cmp.mapping.select_prev_item(), + [''] = cmp.mapping.select_next_item(), + [''] = cmp.mapping.scroll_docs(-4), + [''] = cmp.mapping.scroll_docs(4), + [''] = cmp.mapping.complete(), + [''] = cmp.mapping.close(), + [''] = cmp.mapping.confirm { + behavior = cmp.ConfirmBehavior.Replace, + select = true, + }, + [''] = function(fallback) + if cmp.visible() then + cmp.select_next_item() + elseif luasnip.expand_or_jumpable() then + luasnip.expand_or_jump() + else + fallback() + end + end, + [''] = function(fallback) + if cmp.visible() then + cmp.select_prev_item() + elseif luasnip.jumpable(-1) then + luasnip.jump(-1) + else + fallback() + end + end, + }, + sources = { + { name = 'nvim_lsp' }, + { name = 'luasnip' }, + }, +} + +EOF diff --git a/modules/terminal-life/nvim/default.nix b/modules/terminal-life/nvim/default.nix index 56b489e..379975f 100644 --- a/modules/terminal-life/nvim/default.nix +++ b/modules/terminal-life/nvim/default.nix @@ -7,8 +7,6 @@ psCfg = config.pub-solar; cfg = config.pub-solar.terminal-life; xdg = config.home-manager.users."${psCfg.user.name}".xdg; - - preview-file = pkgs.writeShellScriptBin "preview-file" (import ./preview-file.nix pkgs); in { enable = true; @@ -20,49 +18,35 @@ in { withRuby = true; withPython3 = true; - extraPackages = with pkgs; - lib.mkIf (cfg.full) [ - ansible-language-server - ccls - gopls - nixd - nodejs - nodePackages.bash-language-server - nodePackages.dockerfile-language-server-nodejs - nodePackages.svelte-language-server - nodePackages.typescript - nodePackages.typescript-language-server - nodePackages.vim-language-server - nodePackages.vue-language-server - nodePackages.vscode-langservers-extracted - nodePackages.yaml-language-server - python3Packages.python-lsp-server - python3Full - rust-analyzer - solargraph - terraform-ls - universal-ctags - ]; - - plugins = with pkgs.vimPlugins; lib.mkIf cfg.full [ - pkgs.vimPlugins.nvim-treesitter.withAllGrammars - - # Dependencies for nvim-lspconfig - nvim-cmp - cmp-nvim-lsp - cmp_luasnip - luasnip - - # Quickstart configs for neovim LSP - lsp_extensions-nvim - nvim-lspconfig - - # Collaborative editing in Neovim using built-in capabilities - instant-nvim-nvfetcher - - # Search functionality behind :Ack - ack-vim + extraPackages = with pkgs; [ + ripgrep + nixd + universal-ctags + # ansible-language-server + # clang-tools + # gopls + # nodePackages.bash-language-server + # nodePackages.svelte-language-server + # nodePackages.typescript + # nodePackages.typescript-language-server + # nodePackages.vue-language-server + # nodePackages.vscode-langservers-extracted + # nginx-language-server + # lua-language-server + # cmake-language-server + # vim-language-server + # yaml-language-server + # python3Packages.python-lsp-server + # nodePackages.dockerfile-language-server-nodejs + # docker-compose-language-service + # rust-analyzer + # cargo + # solargraph + # terraform-ls + # python3Full + ]; + plugins = with pkgs.vimPlugins; [ # The status bar in the bottom of the screen with the mode indication and file location vim-airline @@ -75,18 +59,9 @@ in { # Highlight characters when using f, F, t, and T quick-scope - # Get sudo in vim; :SudaWrite - vim-suda - # Undo history etc. per project vim-workspace-nvfetcher - # JSON schemas - SchemaStore-nvim - - # Work with tags files - vim-gutentags - # Neovim colorschemes / themes sonokai vim-hybrid-material @@ -103,9 +78,10 @@ in { # Ease your git workflow within Vim vimagit-nvfetcher - # FZF fuzzy finder - fzf-vim - fzfWrapper + # Telescope fuzzy finder + telescope-nvim + telescope-fzf-native-nvim + # Make the yanked region apparent vim-highlightedyank @@ -114,16 +90,33 @@ in { # Unload, delete or wipe a buffer without closing the window vim-bufkill + # Defaults everyone can agree on vim-sensible - # emmet for vim: http://emmet.io/ - emmet-vim - # Caddyfile syntax support for Vim - vim-caddyfile-nvfetcher - ]; + # Work with tags files + vim-gutentags + ] ++ (if cfg.full then [ + nvim-treesitter.withAllGrammars - extraConfig = builtins.concatStringsSep "\n" [ + # Dependencies for nvim-lspconfig + nvim-cmp + cmp-nvim-lsp + cmp_luasnip + luasnip + + # Quickstart configs for neovim LSP + lsp_extensions-nvim + nvim-lspconfig + + # Collaborative editing in Neovim using built-in capabilities + instant-nvim-nvfetcher + + # JSON schemas + SchemaStore-nvim + ] else []); + + extraConfig = builtins.concatStringsSep "\n" ([ '' " Persistent undo set undofile @@ -136,13 +129,9 @@ in { (builtins.readFile ./plugins.vim) (builtins.readFile ./clipboard.vim) (builtins.readFile ./ui.vim) - (builtins.readFile ./quickfixopenall.vim) - (builtins.readFile ./lsp.vim) (builtins.readFile ./filetypes.vim) - '' - " fzf with file preview - command! -bang -nargs=? -complete=dir Files - \ call fzf#vim#files(, { 'options': ['--keep-right', '--cycle', '--layout', 'reverse', '--preview', '${preview-file}/bin/preview-file {}'] }, 0) - '' - ]; + ] ++ (if cfg.full then [ + (builtins.readFile ./lsp.vim) + (builtins.readFile ./cmp.vim) + ] else [])); } diff --git a/modules/terminal-life/nvim/init.vim b/modules/terminal-life/nvim/init.vim index 6a89647..d84a12a 100644 --- a/modules/terminal-life/nvim/init.vim +++ b/modules/terminal-life/nvim/init.vim @@ -73,34 +73,13 @@ xnoremap p pgvy inoremap jj " Open new buffer -nmap T :enew - -" Move to the next buffer +nmap bn :enew nmap l :bnext - -" Move to the previous buffer +nmap bn :bnext nmap j :bprevious - -" Close the current buffer and move to the previous one -" This replicates the idea of closing a tab +nmap bp :bprevious nmap q :bp bd # - -" Show all open buffers and their status -nmap bl :ls - -" Mapping selecting mappings -nmap (fzf-maps-n) -xmap (fzf-maps-x) -omap (fzf-maps-o) - -nmap :Files -imap :Files - -" Insert mode completion -imap (fzf-complete-word) -imap (fzf-complete-path) -imap (fzf-complete-file) -imap (fzf-complete-line) +nmap bq :bp bd # " Clear quickfix shortcut nmap c :ccl @@ -110,7 +89,3 @@ nmap c :ccl if has("autocmd") au BufReadPost * if line("'\"") > 1 && line("'\"") <= line("$") | exe "normal! g'\"" | endif endif - -nmap - :NnnPicker % -nmap n :NnnPicker % -nmap N :NnnPicker diff --git a/modules/terminal-life/nvim/lsp.vim b/modules/terminal-life/nvim/lsp.vim index f0ffcdb..37b07a7 100644 --- a/modules/terminal-life/nvim/lsp.vim +++ b/modules/terminal-life/nvim/lsp.vim @@ -1,258 +1,149 @@ -" Set completeopt to have a better completion experience -" :help completeopt -" menuone: popup even when there's only one match -" noinsert: Do not insert text until a selection is made -" noselect: Do not select, force user to select one from the menu -set completeopt=menuone,noinsert,noselect - -" Avoid showing extra messages when using completion -set shortmess+=c - -function AddTemplate(tmpl_file) - exe "0read " . a:tmpl_file - set nomodified - 6 -endfunction - -autocmd BufNewFile shell.nix call AddTemplate("$XDG_DATA_HOME/nvim/templates/shell.nix.tmpl") - " Configure neovim 0.6+ experimental LSPs " https://github.com/neovim/nvim-lspconfig " https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md " https://github.com/neovim/nvim-lspconfig/wiki/UI-Customization " https://gitlab.com/Iron_E/dotfiles/-/blob/master/.config/nvim/lua/_config/plugin/nvim_lsp.lua + lua <e', 'lua vim.diagnostic.open_float()', opts) - vim.api.nvim_set_keymap('n', 'g[', 'lua vim.diagnostic.goto_prev()', opts) - vim.api.nvim_set_keymap('n', 'g]', 'lua vim.diagnostic.goto_next()', opts) - vim.api.nvim_set_keymap('n', 'dq', 'lua vim.diagnostic.setloclist()', opts) - vim.api.nvim_set_keymap('n', 'f', 'lua vim.lsp.buf.formatting()', opts) +-- Set completeopt to have a better completion experience +vim.o.completeopt = 'menuone,noselect,noinsert' +vim.o.shortmess = vim.o.shortmess .. 'c' +vim.o.signcolumn = 'yes:2' - -- Use an on_attach function to only map the following keys - -- after the language server attaches to the current buffer - local on_attach = function(client, bufnr) - -- Enable completion triggered by - vim.api.nvim_buf_set_option(bufnr, 'omnifunc', 'v:lua.vim.lsp.omnifunc') +local lspconfig = require('lspconfig') - -- Mappings (available if LSP is configured and attached to buffer) - -- See `:help vim.lsp.*` for documentation on any of the below functions - vim.api.nvim_buf_set_keymap(bufnr, 'n', 'gD', 'lua vim.lsp.buf.declaration()', opts) - vim.api.nvim_buf_set_keymap(bufnr, 'n', 'gd', 'lua vim.lsp.buf.definition()', opts) - vim.api.nvim_buf_set_keymap(bufnr, 'n', 'K', 'lua vim.lsp.buf.hover()', opts) - vim.api.nvim_buf_set_keymap(bufnr, 'n', 'gi', 'lua vim.lsp.buf.implementation()', opts) - vim.api.nvim_buf_set_keymap(bufnr, 'n', '', 'lua vim.lsp.buf.signature_help()', opts) - vim.api.nvim_buf_set_keymap(bufnr, 'n', 'wa', 'lua vim.lsp.buf.add_workspace_folder()', opts) - vim.api.nvim_buf_set_keymap(bufnr, 'n', 'wr', 'lua vim.lsp.buf.remove_workspace_folder()', opts) - vim.api.nvim_buf_set_keymap(bufnr, 'n', 'wl', 'lua print(vim.inspect(vim.lsp.buf.list_workspace_folders()))', opts) - vim.api.nvim_buf_set_keymap(bufnr, 'n', 'D', 'lua vim.lsp.buf.type_definition()', opts) - vim.api.nvim_buf_set_keymap(bufnr, 'n', 'rn', 'lua vim.lsp.buf.rename()', opts) - vim.api.nvim_buf_set_keymap(bufnr, 'n', 'ca', 'lua vim.lsp.buf.code_action()', opts) - vim.api.nvim_buf_set_keymap(bufnr, 'n', 'gr', 'lua vim.lsp.buf.references()', opts) +-- Mappings (global) +-- See `:help vim.diagnostic.*` for documentation on any of the below functions +local opts = { noremap=true, silent=true } +vim.api.nvim_set_keymap('n', 'e', 'lua vim.diagnostic.open_float()', opts) +vim.api.nvim_set_keymap('n', 'g[', 'lua vim.diagnostic.goto_prev()', opts) +vim.api.nvim_set_keymap('n', 'g]', 'lua vim.diagnostic.goto_next()', opts) +vim.api.nvim_set_keymap('n', 'dq', 'lua vim.diagnostic.setloclist()', opts) +vim.api.nvim_set_keymap('n', 'f', 'lua vim.lsp.buf.formatting()', opts) - -- Show diagnostic popup on cursor hold - vim.api.nvim_create_autocmd("CursorHold", { - buffer = bufnr, - callback = function() - local opts = { - focusable = false, - close_events = { "BufLeave", "CursorMoved", "InsertEnter", "FocusLost" }, - border = 'rounded', - source = 'always', - prefix = ' ', - scope = 'cursor', - } - vim.diagnostic.open_float(nil, opts) - end - }) +local on_attach = function(client, bufnr) + -- Enable completion triggered by + vim.api.nvim_buf_set_option(bufnr, 'omnifunc', 'v:lua.vim.lsp.omnifunc') - end + -- Mappings (available if LSP is configured and attached to buffer) + -- See `:help vim.lsp.*` for documentation on any of the below functions + vim.api.nvim_buf_set_keymap(bufnr, 'n', 'gD', 'lua vim.lsp.buf.declaration()', opts) + vim.api.nvim_buf_set_keymap(bufnr, 'n', 'gd', 'lua vim.lsp.buf.definition()', opts) + vim.api.nvim_buf_set_keymap(bufnr, 'n', 'gr', 'lua vim.lsp.buf.references()', opts) + vim.api.nvim_buf_set_keymap(bufnr, 'n', 'gi', 'lua vim.lsp.buf.implementation()', opts) + vim.api.nvim_buf_set_keymap(bufnr, 'n', 'K', 'lua vim.lsp.buf.hover()', opts) + vim.api.nvim_buf_set_keymap(bufnr, 'n', '', 'lua vim.lsp.buf.signature_help()', opts) + vim.api.nvim_buf_set_keymap(bufnr, 'n', 'wa', 'lua vim.lsp.buf.add_workspace_folder()', opts) + vim.api.nvim_buf_set_keymap(bufnr, 'n', 'wr', 'lua vim.lsp.buf.remove_workspace_folder()', opts) + vim.api.nvim_buf_set_keymap(bufnr, 'n', 'wl', 'lua print(vim.inspect(vim.lsp.buf.list_workspace_folders()))', opts) + vim.api.nvim_buf_set_keymap(bufnr, 'n', 'D', 'lua vim.lsp.buf.type_definition()', opts) + vim.api.nvim_buf_set_keymap(bufnr, 'n', 'rn', 'lua vim.lsp.buf.rename()', opts) + vim.api.nvim_buf_set_keymap(bufnr, 'n', 'ca', 'lua vim.lsp.buf.code_action()', opts) - -- Add additional capabilities supported by nvim-cmp - local capabilities = require('cmp_nvim_lsp').default_capabilities() - -- vscode HTML lsp needs this https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#html - capabilities.textDocument.completion.completionItem.snippetSupport = true + -- Show diagnostic popup on cursor hold + vim.api.nvim_create_autocmd("CursorHold", { + buffer = bufnr, + callback = function() + local opts = { + focusable = false, + close_events = { "BufLeave", "CursorMoved", "InsertEnter", "FocusLost" }, + border = 'rounded', + source = 'always', + prefix = ' ', + scope = 'cursor', + } + vim.diagnostic.open_float(nil, opts) + end + }) - -- vscode HTML lsp needs this https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#html - capabilities.textDocument.completion.completionItem.snippetSupport = true +end - local use_denols_for_typescript = not(os.getenv('NVIM_USE_DENOLS') == nil) +local lspconfig = require 'lspconfig' +-- Add additional capabilities supported by nvim-cmp +local CAPABILITIES = require('cmp_nvim_lsp').default_capabilities() - for lsp_key, lsp_settings in pairs({ - 'ansiblels', ---------------------------- Ansible - 'bashls', ------------------------------- Bash - 'ccls', --------------------------------- C / C++ / Objective-C - 'cssls', -------------------------------- CSS / SCSS / LESS - 'dockerls', ----------------------------- Docker - ['gopls'] = { --------------------------- Go - ['settings'] = { - ['gopls'] = { - ['analyses'] = { - ['unusedparams'] = true, - }, - ['staticcheck'] = true - }, - }, - }, - 'html', --------------------------------- HTML - ['jdtls'] = { --------------------------- Java - ['root_dir'] = nvim_lsp.util.root_pattern('.git', 'pom.xml', 'build.xml'), - ['init_options'] = { - ['jvm_args'] = {['java.format.settings.url'] = vim.fn.stdpath('config')..'/eclipse-formatter.xml'}, - ['workspace'] = vim.fn.stdpath('cache')..'/java-workspaces' - } - }, - ['jsonls'] = { -------------------------- JSON - ['settings'] = { - ['json'] = { - ['schemas' ] = vim.list_extend( - { - { - ['description'] = 'JSON schema for Caddy v2', - ['fileMatch'] = { '*caddy*.json' }, - ['name'] = 'caddy_schema.json', - ['url'] = vim.fn.stdpath('data')..'/json-schemas/caddy_schema.json', - }, - }, - require('schemastore').json.schemas() - ), - ['validate'] = { ['enable'] = true } - } - } - }, - 'nixd', --------------------------------- Nix - 'phpactor', ----------------------------- PHP - 'pylsp', -------------------------------- Python - 'solargraph', --------------------------- Ruby - 'rust_analyzer', ------------------------ Rust - ['sqlls'] = { - ['cmd'] = {vim.fn.stdpath('data')..'/nvm/versions/node/v12.19.0/bin/sql-language-server', 'up', '--method', 'stdio'} - }, - ['terraformls'] = { --------------------- Terraform - ['filetypes'] = { 'terraform', 'hcl', 'tf' } - }, +--- Event handlers +local HANDLERS = { + -- TODO: replace with vim.lsp.protocol.Methods + ["textDocument/hover"] = vim.lsp.with(vim.lsp.handlers.hover, FLOAT_CONFIG), + ["textDocument/signatureHelp"] = vim.lsp.with(vim.lsp.handlers.signature_help, FLOAT_CONFIG), +} - -- The TS/JS server is chosen depending on an environment variable, - -- since denols is nicer for Deno based projects - ------------------------ Deno TS/JS - ------------------------------------ Typescript / JavaScript - (use_denols_for_typescript and 'denols' or 'tsserver'), +-- vscode HTML lsp needs this https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#html +CAPABILITIES.textDocument.completion.completionItem.snippetSupport = true - 'vuels', -------------------------------- Vue - 'svelte', ------------------------------- Svelte - ['yamlls'] = { -------------------------- YAML - ['settings'] = { - ['yaml'] = { - ['schemas'] = { - ['https://json.schemastore.org/github-workflow'] = '.github/workflows/*.{yml,yaml}', - ['https://json.schemastore.org/github-action'] = '.github/action.{yml,yaml}', - ['https://json.schemastore.org/drone'] = '*.drone.{yml,yaml}', - ['https://json.schemastore.org/swagger-2.0'] = 'swagger.{yml,yaml}', - } - } - } - } - }) do -- Setup all of the language servers. † - if type(lsp_key) == 'number' then -- Enable the LSP with defaults. - -- The `lsp` is an index in this case. - nvim_lsp[lsp_settings].setup{ - on_attach = on_attach, - flags = { - debounce_text_changes = 150, - }, - capabilities = capabilities, - } - else -- Use the LSP's configuration. - lsp_settings.on_attach = on_attach - lsp_settings.capabilities = capabilities +local function setup(lsp, config) + if config == nil then + config = {} + end - nvim_lsp[lsp_key].setup(lsp_settings) - end - end -- ‡ + config.capabilities = CAPABILITIES + config.handlers = HANDLERS + config.on_attach = on_attach + lspconfig[lsp].setup(config) +end - -- configure floating diagnostics appearance, symbols - local signs = { Error = " ", Warn = " ", Hint = " ", Info = " " } - for type, icon in pairs(signs) do - local hl = "DiagnosticSign" .. type - vim.fn.sign_define(hl, { text = icon, texthl = hl, numhl = hl }) - end +setup('nixd') +setup('bashls') +setup('clangd') +setup('cssls') +setup('eslint') +setup('tsserver') +setup('denols') +setup('vuels') +setup('svelte') +setup('html') +setup('yamlls') +setup('jsonls', { + json = { + schemas = require('schemastore').json.schemas(), + validate = { + enable = true + } + } +}) +setup('gopls', { + settings = { + gopls = { semanticTokens = true } + } +}) +setup('phpactor') +setup('pylsp') +setup('solargraph') -- ruby +setup('rust_analyzer', { + settings = { + ['rust-analyzer'] = { + checkOnSave = { extraArgs = { "--target-dir", "/tmp/rust-analyzer-check" } }, + diagnostics = { disabled = { 'inactive-code' } }, + }, + } +}) +setup('sqlls') +setup('salt_ls') +setup('ansiblels') +setup('dockerls') +setup('docker_compose_language_service') +setup('terraformls') - -- Set completeopt to have a better completion experience - vim.o.completeopt = 'menuone,noselect' +-- https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#denols +vim.g.markdown_fenced_languages = { + "ts=typescript" +} - -- luasnip setup - local luasnip = require 'luasnip' +-- Configure diagnostics +vim.diagnostic.config({ + virtual_text = false, + signs = true, + underline = true, + update_in_insert = false, + severity_sort = false, +}) - -- nvim-cmp setup - local cmp = require 'cmp' - cmp.setup { - snippet = { - expand = function(args) - require('luasnip').lsp_expand(args.body) - end, - }, - mapping = { - [''] = cmp.mapping.select_prev_item(), - [''] = cmp.mapping.select_next_item(), - [''] = cmp.mapping.scroll_docs(-4), - [''] = cmp.mapping.scroll_docs(4), - [''] = cmp.mapping.complete(), - [''] = cmp.mapping.close(), - [''] = cmp.mapping.confirm { - behavior = cmp.ConfirmBehavior.Replace, - select = true, - }, - [''] = function(fallback) - if cmp.visible() then - cmp.select_next_item() - elseif luasnip.expand_or_jumpable() then - luasnip.expand_or_jump() - else - fallback() - end - end, - [''] = function(fallback) - if cmp.visible() then - cmp.select_prev_item() - elseif luasnip.jumpable(-1) then - luasnip.jump(-1) - else - fallback() - end - end, - }, - sources = { - { name = 'nvim_lsp' }, - { name = 'luasnip' }, - }, - } - - -- https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#denols - vim.g.markdown_fenced_languages = { - "ts=typescript" - } - - -- Configure diagnostics - vim.diagnostic.config({ - virtual_text = false, - signs = true, - underline = true, - update_in_insert = false, - severity_sort = false, - }) - - -- Change diagnostic symbols in the sign column (gutter) - local signs = { Error = " ", Warn = " ", Hint = " ", Info = " " } - for type, icon in pairs(signs) do - local hl = "DiagnosticSign" .. type - vim.fn.sign_define(hl, { text = icon, texthl = hl, numhl = hl }) - end +-- Change diagnostic symbols in the sign column (gutter) +local signs = { Error = "x ", Warn = "! ", Hint = "? ", Info = "i " } +for type, icon in pairs(signs) do + local hl = "DiagnosticSign" .. type + vim.fn.sign_define(hl, { text = icon, texthl = hl, numhl = hl }) +end EOF - -" have a fixed column for the diagnostics to appear in -" this removes the jitter when warnings/errors flow in -set signcolumn=yes:2 diff --git a/modules/terminal-life/nvim/plugins.vim b/modules/terminal-life/nvim/plugins.vim index 4d1b3d2..dd2d4a1 100644 --- a/modules/terminal-life/nvim/plugins.vim +++ b/modules/terminal-life/nvim/plugins.vim @@ -4,29 +4,9 @@ autocmd FileType yaml setlocal ts=2 sts=2 sw=2 expandtab let g:gutentags_file_list_command = 'git ls-files' -" quick-scope " https://github.com/unblevable/quick-scope let g:qs_highlight_on_keys = ['f', 'F', 't', 'T'] -" Golang -" Go test, Def, Decls shortcut -nmap got :GoTest:botright copen -autocmd FileType go nmap gd :GoDef -autocmd FileType go nmap gD :GoDecls - -" Go formatting -autocmd FileType go setlocal noexpandtab shiftwidth=4 tabstop=4 softtabstop=4 nolist - -" Caddyfile indentation -autocmd FileType caddyfile setlocal noexpandtab shiftwidth=8 tabstop=8 softtabstop=8 nolist - -" vim-go disable text-objects -let g:go_textobj_enabled = 0 - -" disable vim-go :GoDef short cut (gd) -" this is handled by LanguageClient [LC] -let g:go_def_mapping_enabled = 0 - " GitGutter and vim Magit " inspired by: https://jakobgm.com/posts/vim/git-integration/ " Don't map gitgutter keys automatically, set them ourselves @@ -43,17 +23,11 @@ nmap gu (GitGutterUndoHunk) " git undo (chunk) " Open vimagit pane nnoremap gs :Magit " git status -" Push to remote -nnoremap gP :! git push " git Push - " Quick conflict resolution in git mergetool nvim " http://vimcasts.org/episodes/fugitive-vim-resolving-merge-conflicts-with-vimdiff/ nmap [ :diffget //2 nmap ] :diffget //3 -" netrw -let g:netrw_fastbrowse=0 - " Auto-FMT rust code on save let g:rustfmt_autosave = 1 @@ -66,22 +40,46 @@ let g:highlightedyank_highlight_duration = 200 " Markdown options let g:vim_markdown_folding_disabled = 1 -" Haskell options -let g:haskell_enable_quantification = 1 " to enable highlighting of `forall` -let g:haskell_enable_recursivedo = 1 " to enable highlighting of `mdo` and `rec` -let g:haskell_enable_arrowsyntax = 1 " to enable highlighting of `proc` -let g:haskell_enable_pattern_synonyms = 1 " to enable highlighting of `pattern` -let g:haskell_enable_typeroles = 1 " to enable highlighting of type roles -let g:haskell_enable_static_pointers = 1 " to enable highlighting of `static` -let g:haskell_backpack = 1 " to enable highlighting of backpack keywords - -" Emmet -let g:user_emmet_leader_key='' - -" Ack -if executable('ag') - let g:ackprg = 'ag --hidden --vimgrep' -endif - " nnn let g:nnn#command = 'nnn -d -e -H -r' + +nmap - :NnnPicker % +nmap n :NnnPicker % +nmap N :NnnPicker + +lua <"] = actions.close, + }, + }, + }, + extensions = { + fzf = { + fuzzy = true, -- false will only do exact matching + override_generic_sorter = true, -- override the generic sorter + override_file_sorter = true, -- override the file sorter + case_mode = "smart_case", -- or "ignore_case" or "respect_case" + -- the default case_mode is "smart_case" + } + } +} + +telescope.load_extension('fzf') + +local builtin = require('telescope.builtin') +vim.keymap.set('n', 'ff', builtin.find_files, {}) +vim.keymap.set('n', 'f/', builtin.live_grep, {}) +vim.keymap.set('n', 'f?', builtin.builtin, {}) +vim.keymap.set('n', 'fb', builtin.buffers, {}) +vim.keymap.set('n', 'fc', builtin.commands, {}) +vim.keymap.set('n', 'ft', builtin.treesitter, {}) +EOF diff --git a/modules/terminal-life/nvim/preview-file.nix b/modules/terminal-life/nvim/preview-file.nix deleted file mode 100644 index 2a52bdd..0000000 --- a/modules/terminal-life/nvim/preview-file.nix +++ /dev/null @@ -1,36 +0,0 @@ -self: -with self; '' - IFS=':' read -r -a INPUT <<< "$1" - FILE=''${INPUT[0]} - CENTER=''${INPUT[1]} - - if [[ "$1" =~ ^[A-Za-z]:\\ ]]; then - FILE=$FILE:''${INPUT[1]} - CENTER=''${INPUT[2]} - fi - - if [[ -n "$CENTER" && ! "$CENTER" =~ ^[0-9] ]]; then - exit 1 - fi - CENTER=''${CENTER/[^0-9]*/} - - FILE="''${FILE/#\~\//$HOME/}" - if [ ! -r "$FILE" ]; then - echo "File not found ''${FILE}" - exit 1 - fi - - if [ -z "$CENTER" ]; then - CENTER=0 - fi - - exec cat "$FILE" \ - | sed -e '/[#|\/\/ ?]-- copyright/,/[#\/\/]++/c\\' \ - | ${pkgs.coreutils}/bin/tr -s '\n' \ - | ${pkgs.bat}/bin/bat \ - --style="''${BAT_STYLE:-numbers}" \ - --color=always \ - --pager=never \ - --file-name="''$FILE" \ - --highlight-line=$CENTER -'' diff --git a/modules/terminal-life/nvim/quickfixopenall.vim b/modules/terminal-life/nvim/quickfixopenall.vim deleted file mode 100644 index 6b4d844..0000000 --- a/modules/terminal-life/nvim/quickfixopenall.vim +++ /dev/null @@ -1,20 +0,0 @@ -"Usage: -" 1. Perform a vimgrep search -" :vimgrep /def/ *.rb -" 2. Issue QuickFixOpenAll command -" :QuickFixOpenAll -function! QuickFixOpenAll() - if empty(getqflist()) - return - endif - let s:prev_val = "" - for d in getqflist() - let s:curr_val = bufname(d.bufnr) - if (s:curr_val != s:prev_val) - exec "edit " . s:curr_val - endif - let s:prev_val = s:curr_val - endfor -endfunction - -command! QuickFixOpenAll call QuickFixOpenAll() diff --git a/modules/terminal-life/nvim/ui.vim b/modules/terminal-life/nvim/ui.vim index 017b413..71e109e 100644 --- a/modules/terminal-life/nvim/ui.vim +++ b/modules/terminal-life/nvim/ui.vim @@ -13,20 +13,3 @@ let g:airline#extensions#tabline#fnamemod = ':t' " Show just the filename let g:airline#extensions#tabline#formatter = 'unique_tail_improved' let g:airline_powerline_fonts = 1 " Use powerline fonts let g:airline_theme = 'sonokai' - -" Customize fzf colors to match your color scheme -" - fzf#wrap translates this to a set of `--color` options -let g:fzf_colors = -\ { 'fg': ['fg', 'Normal'], - \ 'bg': ['bg', 'Normal'], - \ 'hl': ['fg', 'Comment'], - \ 'fg+': ['fg', 'CursorLine', 'CursorColumn', 'Normal'], - \ 'bg+': ['bg', 'CursorLine', 'CursorColumn'], - \ 'hl+': ['fg', 'Statement'], - \ 'info': ['fg', 'PreProc'], - \ 'border': ['fg', 'Ignore'], - \ 'prompt': ['fg', 'Conditional'], - \ 'pointer': ['fg', 'Exception'], - \ 'marker': ['fg', 'Keyword'], - \ 'spinner': ['fg', 'Label'], - \ 'header': ['fg', 'Comment'] } From a1670dcb3db2ba8fb4be7df05f553684ce2e8aa4 Mon Sep 17 00:00:00 2001 From: b12f Date: Mon, 19 Aug 2024 00:22:59 +0200 Subject: [PATCH 05/19] lint: lint nix files with alejandra --- flake.nix | 15 +- hosts/biolimo/default.nix | 2 +- hosts/chocolatebar/factorio/default.nix | 4 +- hosts/default.nix | 8 +- hosts/droppie/configuration.nix | 2 +- hosts/droppie/hardware-configuration.nix | 82 ++- hosts/droppie/jellyfin.nix | 2 +- hosts/droppie/networking.nix | 7 +- hosts/frikandel/configuration.nix | 7 +- hosts/frikandel/email.nix | 38 +- hosts/frikandel/hardware-configuration.nix | 37 +- hosts/frikandel/networking.nix | 16 +- hosts/frikandel/unbound.nix | 13 +- hosts/frikandel/wireguard.nix | 25 +- hosts/iso/default.nix | 2 +- hosts/maoam/default.nix | 8 +- hosts/maoam/hardware-configuration.nix | 6 +- hosts/pie/authelia.nix | 9 +- hosts/pie/configuration.nix | 4 +- hosts/pie/dhcpd.nix | 19 +- hosts/pie/firefly.nix | 16 +- hosts/pie/hardware-configuration.nix | 41 +- hosts/pie/invoiceplane.nix | 4 +- hosts/pie/networking.nix | 17 +- hosts/pie/paperless.nix | 49 +- hosts/pie/unbound.nix | 5 +- hosts/pie/wake-droppie.nix | 3 +- hosts/stroopwafel/configuration.nix | 6 +- hosts/stroopwafel/default.nix | 2 +- hosts/stroopwafel/hardware-configuration.nix | 76 +- hosts/stroopwafel/networking.nix | 2 +- lib/add-local-hostname.nix | 3 +- lib/default.nix | 8 +- lib/deploy.nix | 73 +- lib/recursive-merge.nix | 6 +- modules/core/networking.nix | 6 +- modules/graphical/alacritty.nix | 4 +- modules/graphical/default.nix | 2 +- .../sway/config/config.d/mode_system.conf.nix | 63 +- modules/graphical/waybar.nix | 8 +- modules/invoiceplane/default.nix | 697 +++++++++--------- modules/nix/default.nix | 19 +- modules/persistence/default.nix | 7 +- modules/portable/default.nix | 3 +- modules/printing/default.nix | 14 +- modules/proxy/default.nix | 2 +- .../terminal-life/.config/git/gitmessage.nix | 34 +- modules/terminal-life/default.nix | 62 +- modules/terminal-life/direnv/default.nix | 3 +- modules/terminal-life/git/default.nix | 3 +- modules/terminal-life/nvim/default.nix | 201 ++--- modules/user/default.nix | 190 ++--- modules/wireguard/default.nix | 2 +- modules/wireguard/ehex.nix | 11 +- modules/wireguard/private.nix | 64 +- modules/wireguard/pub.solar.nix | 11 +- modules/wireguard/service-override.nix | 26 +- modules/wireguard/tunnel.nix | 74 +- modules/wireshark/default.nix | 2 +- overlays/default.nix | 10 +- overlays/element-desktop.nix | 2 +- pkgs/_sources/generated.nix | 6 +- pkgs/check-battery.nix | 18 +- pkgs/default.nix | 10 +- pkgs/element-desktop.nix | 7 +- pkgs/fetch-hostingde-invoices/default.nix | 3 +- public-keys.nix | 3 +- users/b12f/email.nix | 425 +++++++---- users/default.nix | 3 +- users/root/default.nix | 3 +- 70 files changed, 1445 insertions(+), 1170 deletions(-) diff --git a/flake.nix b/flake.nix index 050ce81..6eb1986 100644 --- a/flake.nix +++ b/flake.nix @@ -48,8 +48,8 @@ invoiceplane-template.inputs.nixpkgs.follows = "nixpkgs"; }; - outputs = inputs@{ self, ... }: - inputs.flake-parts.lib.mkFlake { inherit inputs; } { + outputs = inputs @ {self, ...}: + inputs.flake-parts.lib.mkFlake {inherit inputs;} { systems = [ "x86_64-linux" "aarch64-linux" @@ -65,7 +65,13 @@ ./overlays ]; - perSystem = args@{ system, pkgs, lib, config, ... }: { + perSystem = args @ { + system, + pkgs, + lib, + config, + ... + }: { _module.args = { inherit inputs; pkgs = import inputs.nixpkgs { @@ -98,12 +104,11 @@ deploy-rs - terraform-ls + terraform-ls opentofu terraform-backend-git deno - denols ]; shellHook = '' diff --git a/hosts/biolimo/default.nix b/hosts/biolimo/default.nix index 8fa27a6..c5d727d 100644 --- a/hosts/biolimo/default.nix +++ b/hosts/biolimo/default.nix @@ -1,4 +1,4 @@ -{ ... }: { +{...}: { imports = [ ./configuration.nix ./hardware-configuration.nix diff --git a/hosts/chocolatebar/factorio/default.nix b/hosts/chocolatebar/factorio/default.nix index 0d16c6c..1018bf8 100644 --- a/hosts/chocolatebar/factorio/default.nix +++ b/hosts/chocolatebar/factorio/default.nix @@ -39,6 +39,6 @@ in { ]; }; - networking.firewall.allowedUDPPorts = [ 34197 ]; - networking.firewall.allowedTCPPorts = [ 34197 ]; + networking.firewall.allowedUDPPorts = [34197]; + networking.firewall.allowedTCPPorts = [34197]; } diff --git a/hosts/default.nix b/hosts/default.nix index 30bd27d..6e19e96 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -1,5 +1,9 @@ -{ withSystem, self, inputs, ...}: { + withSystem, + self, + inputs, + ... +}: { flake = { nixosConfigurations = { stroopwafel = self.nixos-flake.lib.mkLinuxSystem { @@ -137,7 +141,7 @@ self.nixosModules.graphical self.nixosModules.audio self.nixosModules.bluetooth - ({ ... }: { pub-solar.graphical.wayland.software-renderer.enable = true; }) + ({...}: {pub-solar.graphical.wayland.software-renderer.enable = true;}) ]; }; }; diff --git a/hosts/droppie/configuration.nix b/hosts/droppie/configuration.nix index 8a420cc..5d476ef 100644 --- a/hosts/droppie/configuration.nix +++ b/hosts/droppie/configuration.nix @@ -23,7 +23,7 @@ in { # Hack so that network is considered up by boot.initrd.network and postCommands gets executed. "ip=127.0.0.1:::::lo:none" ]; - boot.initrd.availableKernelModules = [ "tg3" ]; + boot.initrd.availableKernelModules = ["tg3"]; boot.initrd.network = { enable = true; ssh = { diff --git a/hosts/droppie/hardware-configuration.nix b/hosts/droppie/hardware-configuration.nix index 2283883..1ee4771 100644 --- a/hosts/droppie/hardware-configuration.nix +++ b/hosts/droppie/hardware-configuration.nix @@ -1,17 +1,21 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ehci_pci" "usbhid" "usb_storage" "uas" "sd_mod" ]; - boot.initrd.kernelModules = [ "dm-snapshot" "amdgpu" ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "ehci_pci" "usbhid" "usb_storage" "uas" "sd_mod"]; + boot.initrd.kernelModules = ["dm-snapshot" "amdgpu"]; + boot.kernelModules = ["kvm-amd"]; + boot.extraModulePackages = []; boot.initrd.luks.devices = { "cryptroot" = { @@ -21,42 +25,42 @@ "cryptdata".device = "/dev/sda1"; }; - fileSystems."/" = - { device = "none"; - fsType = "tmpfs"; - }; + fileSystems."/" = { + device = "none"; + fsType = "tmpfs"; + }; - fileSystems."/nix" = - { device = "/dev/disk/by-uuid/837cc93f-6d9a-4bfd-b089-29ac6d68127c"; - fsType = "ext4"; - neededForBoot = true; - }; + fileSystems."/nix" = { + device = "/dev/disk/by-uuid/837cc93f-6d9a-4bfd-b089-29ac6d68127c"; + fsType = "ext4"; + neededForBoot = true; + }; - fileSystems."/persist" = - { device = "/dev/disk/by-uuid/a7711118-51b0-4d84-8f18-ef2e06084e05"; - fsType = "ext4"; - neededForBoot = true; - }; + fileSystems."/persist" = { + device = "/dev/disk/by-uuid/a7711118-51b0-4d84-8f18-ef2e06084e05"; + fsType = "ext4"; + neededForBoot = true; + }; - fileSystems."/home" = - { device = "/dev/disk/by-uuid/0965d496-ffad-4a8d-9de7-28af903baf16"; - fsType = "ext4"; - }; + fileSystems."/home" = { + device = "/dev/disk/by-uuid/0965d496-ffad-4a8d-9de7-28af903baf16"; + fsType = "ext4"; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/991E-79C1"; - fsType = "vfat"; - neededForBoot = true; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/991E-79C1"; + fsType = "vfat"; + neededForBoot = true; + }; - fileSystems."/data" = - { device = "/dev/disk/by-uuid/5fc34ef4-207b-45fb-b846-dbb01080d9fe"; - fsType = "ext4"; - }; + fileSystems."/data" = { + device = "/dev/disk/by-uuid/5fc34ef4-207b-45fb-b846-dbb01080d9fe"; + fsType = "ext4"; + }; - swapDevices = - [ { device = "/dev/disk/by-uuid/0ef8dbbd-2832-4fb2-8a52-86682822f769"; } - ]; + swapDevices = [ + {device = "/dev/disk/by-uuid/0ef8dbbd-2832-4fb2-8a52-86682822f769";} + ]; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; diff --git a/hosts/droppie/jellyfin.nix b/hosts/droppie/jellyfin.nix index 29390a5..018ea06 100644 --- a/hosts/droppie/jellyfin.nix +++ b/hosts/droppie/jellyfin.nix @@ -17,7 +17,7 @@ }; # from https://jellyfin.org/docs/general/networking/index.html - networking.firewall.allowedUDPPorts = [ 1900 7359 ]; + networking.firewall.allowedUDPPorts = [1900 7359]; security.acme.certs = { "media.b12f.io" = {}; diff --git a/hosts/droppie/networking.nix b/hosts/droppie/networking.nix index 56bece7..a82cdeb 100644 --- a/hosts/droppie/networking.nix +++ b/hosts/droppie/networking.nix @@ -10,7 +10,12 @@ networking.interfaces.enp2s0f1.useDHCP = true; networking.interfaces.enp2s0f0 = { - ipv6.addresses = [ { address = "2a02:908:5b1:e3c0:3::"; prefixLength = 64; } ]; + ipv6.addresses = [ + { + address = "2a02:908:5b1:e3c0:3::"; + prefixLength = 64; + } + ]; }; # Allow pub.solar restic backups diff --git a/hosts/frikandel/configuration.nix b/hosts/frikandel/configuration.nix index fed1bcb..480a6c1 100644 --- a/hosts/frikandel/configuration.nix +++ b/hosts/frikandel/configuration.nix @@ -9,7 +9,6 @@ with lib; let psCfg = config.pub-solar; xdg = config.home-manager.users."${psCfg.user.name}".xdg; in { - # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; @@ -20,13 +19,13 @@ in { "ip=127.0.0.1:::::lo:none" ]; - boot.initrd.availableKernelModules = [ "virtio_pci" "virtio_net" ]; + boot.initrd.availableKernelModules = ["virtio_pci" "virtio_net"]; boot.initrd.network = { enable = true; ssh = { enable = true; port = 2222; - hostKeys = [ /boot/initrd-ssh-key ]; + hostKeys = [/boot/initrd-ssh-key]; authorizedKeys = flake.self.publicKeys; shell = "/bin/cryptsetup-askpass"; }; @@ -44,7 +43,7 @@ in { ''; }; - boot.supportedFilesystems = [ "zfs" ]; + boot.supportedFilesystems = ["zfs"]; # Copy the NixOS configuration file and link it from the resulting system # (/run/current-system/configuration.nix). This is useful in case you diff --git a/hosts/frikandel/email.nix b/hosts/frikandel/email.nix index bb91aba..3b54d3f 100644 --- a/hosts/frikandel/email.nix +++ b/hosts/frikandel/email.nix @@ -5,15 +5,15 @@ lib, ... }: let - hzDomain = lib.concatStrings [ "hw" "dz" "z." "net" ]; + hzDomain = lib.concatStrings ["hw" "dz" "z." "net"]; dkimDNSb12fio = '' - default._domainkey IN TXT ( "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyla9hW3TvoXvZQxwzaJ4SZ9ict1HU3E6+FWlwNIgE6tIpTCyRJtiSIUDqB8TLTIBoxIs+QQBXZi+QUi3Agu6OSY2RiV0EwO8+oOOqOD9pERftc/aqe51cXuv4kPqwvpXEBwrXFWVM+VxivEubUJ7eKkFyXJpelv0LslXv/MmYbUyed6dF+reOGZCsvnbiRv74qdxbAL/25j62E8WrnxzJwhUtx/JhdBOjsHBvuw9hy6rZsVJL9eXayWyGRV6qmsLRzsRSBs+mDrgmKk4dugADd11+A03ics3i8hplRoWDkqnNKz1qy4f5TsV6v9283IANrAzRfHwX8EvNiFsBz+ZCQIDAQAB" ) ; + default._domainkey IN TXT ( "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyla9hW3TvoXvZQxwzaJ4SZ9ict1HU3E6+FWlwNIgE6tIpTCyRJtiSIUDqB8TLTIBoxIs+QQBXZi+QUi3Agu6OSY2RiV0EwO8+oOOqOD9pERftc/aqe51cXuv4kPqwvpXEBwrXFWVM+VxivEubUJ7eKkFyXJpelv0LslXv/MmYbUyed6dF+reOGZCsvnbiRv74qdxbAL/25j62E8WrnxzJwhUtx/JhdBOjsHBvuw9hy6rZsVJL9eXayWyGRV6qmsLRzsRSBs+mDrgmKk4dugADd11+A03ics3i8hplRoWDkqnNKz1qy4f5TsV6v9283IANrAzRfHwX8EvNiFsBz+ZCQIDAQAB" ) ; ''; dkimDNSmezzabiz = '' - default._domainkey IN TXT ( "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDG8iuDq0eon2k7QlBJWGxwDiEv53iJQu2uqxOjr7Ul/nfQjuR6kVKs6oOVopnyFTGRpffrpSHHW1YUN5nF76p0fJphk4l+QmJP36/xweajsNU27PAkb88xG6yRKl28MCfPdMR96+Jobpei8S0UhqcskYs1aZybm7ci9ZuAMidziwIDAQAB" ) ; + default._domainkey IN TXT ( "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDG8iuDq0eon2k7QlBJWGxwDiEv53iJQu2uqxOjr7Ul/nfQjuR6kVKs6oOVopnyFTGRpffrpSHHW1YUN5nF76p0fJphk4l+QmJP36/xweajsNU27PAkb88xG6yRKl28MCfPdMR96+Jobpei8S0UhqcskYs1aZybm7ci9ZuAMidziwIDAQAB" ) ; ''; dkimDNShzDomain = '' - default._domainkey IN TXT ( "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDvVA2XZno6g6qBdmxoLgX2Qmd883M6yV4YkE/VaNH6xcR0AcTo4hEYoAOPryfKn4FE/TYvyk/k2cyBKpMBn2qbVhwUavYQh/e9bweS2FKQvdzCUUoqXk04o2MqSXb2ZFwkUCtfrPcckBgpF754PDL4HMZGPnkMSdDX7bmYe37CWQIDAQAB") ; + default._domainkey IN TXT ( "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDvVA2XZno6g6qBdmxoLgX2Qmd883M6yV4YkE/VaNH6xcR0AcTo4hEYoAOPryfKn4FE/TYvyk/k2cyBKpMBn2qbVhwUavYQh/e9bweS2FKQvdzCUUoqXk04o2MqSXb2ZFwkUCtfrPcckBgpF754PDL4HMZGPnkMSdDX7bmYe37CWQIDAQAB") ; ''; in { age.secrets."b12f.io-dkim-private-rsa" = { @@ -55,21 +55,23 @@ in { owner = "maddy"; }; - users.users.maddy.extraGroups = [ "nginx" ]; + users.users.maddy.extraGroups = ["nginx"]; security.acme.certs = { - "mail.b12f.io".reloadServices = [ "maddy" ]; - "b12f.io".reloadServices = [ "maddy" ]; + "mail.b12f.io".reloadServices = ["maddy"]; + "b12f.io".reloadServices = ["maddy"]; "mta-sts.b12f.io" = {}; - "mail.mezza.biz".reloadServices = [ "maddy" ]; - "mezza.biz".reloadServices = [ "maddy" ]; + "mail.mezza.biz".reloadServices = ["maddy"]; + "mezza.biz".reloadServices = ["maddy"]; "mta-sts.mezza.biz" = {}; - "mail.${hzDomain}".reloadServices = [ "maddy" ]; - "${hzDomain}".reloadServices = [ "maddy" ]; + "mail.${hzDomain}".reloadServices = ["maddy"]; + "${hzDomain}".reloadServices = ["maddy"]; "mta-sts.${hzDomain}" = {}; }; - services.nginx.virtualHosts = builtins.foldl' (hosts: hostName: hosts // { + services.nginx.virtualHosts = builtins.foldl' (hosts: hostName: + hosts + // { "mta-sts.${hostName}" = { forceSSL = true; useACMEHost = "mta-sts.${hostName}"; @@ -86,13 +88,13 @@ in { tryFiles = "$uri $uri/ =404"; }; }; - }) {} [ "b12f.io" "mezza.biz" hzDomain ]; + }) {} ["b12f.io" "mezza.biz" hzDomain]; systemd.tmpfiles.rules = [ "d '/run/maddy' 0750 maddy maddy - -" ]; - system.activationScripts.makeMaddyDKIMDNS = lib.stringAfter [ "var" ] '' + system.activationScripts.makeMaddyDKIMDNS = lib.stringAfter ["var"] '' mkdir -p /var/lib/maddy/dkim_keys echo '${dkimDNSb12fio}' >> /var/lib/maddy/dkim_keys/b12f.io_default.dns @@ -101,8 +103,8 @@ in { chown -R maddy:maddy /var/lib/maddy ''; - networking.firewall.allowedTCPPorts = [ 25 ]; - networking.firewall.interfaces.wg-private.allowedTCPPorts = [ 465 587 993 ]; + networking.firewall.allowedTCPPorts = [25]; + networking.firewall.interfaces.wg-private.allowedTCPPorts = [465 587 993]; services.maddy = { enable = true; @@ -311,7 +313,7 @@ in { ''; }; - systemd.services.rspamd.serviceConfig.SupplementaryGroups = [ "maddy" ]; + systemd.services.rspamd.serviceConfig.SupplementaryGroups = ["maddy"]; age.secrets."rclone-pubsolar.conf" = { file = "${flake.self}/secrets/rclone-pubsolar.conf.age"; @@ -325,7 +327,7 @@ in { services.restic.backups = { maddy = { - paths = [ "/var/lib/maddy" ]; + paths = ["/var/lib/maddy"]; initialize = true; passwordFile = config.age.secrets."restic-password".path; # See https://www.hosting.de/blog/verschluesselte-backups-mit-rclone-und-restic-in-nextcloud/ diff --git a/hosts/frikandel/hardware-configuration.nix b/hosts/frikandel/hardware-configuration.nix index 6892076..d7d89d4 100644 --- a/hosts/frikandel/hardware-configuration.nix +++ b/hosts/frikandel/hardware-configuration.nix @@ -1,16 +1,21 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: { + config, + lib, + pkgs, + modulesPath, + ... +}: { imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = []; + boot.extraModulePackages = []; boot.initrd.luks.devices = { cryptroot = { @@ -19,19 +24,19 @@ }; }; - fileSystems."/" = - { device = "zroot/root"; - fsType = "zfs"; - }; + fileSystems."/" = { + device = "zroot/root"; + fsType = "zfs"; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/684A-5884"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/684A-5884"; + fsType = "vfat"; + }; - swapDevices = - [ { device = "/dev/disk/by-uuid/a7d1cbb8-7c9e-4c3d-841a-add867f47389"; } - ]; + swapDevices = [ + {device = "/dev/disk/by-uuid/a7d1cbb8-7c9e-4c3d-841a-add867f47389";} + ]; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; } diff --git a/hosts/frikandel/networking.nix b/hosts/frikandel/networking.nix index e535c3d..a8efdc8 100644 --- a/hosts/frikandel/networking.nix +++ b/hosts/frikandel/networking.nix @@ -17,8 +17,18 @@ # Network configuration (Hetzner uses static IP assignments, and we don't use DHCP here) networking.useDHCP = false; networking.interfaces.enp1s0 = { - ipv4.addresses = [{ address = "128.140.109.213"; prefixLength = 32; }]; - ipv6.addresses = [{ address = "2a01:4f8:c2c:b60::"; prefixLength = 64; }]; + ipv4.addresses = [ + { + address = "128.140.109.213"; + prefixLength = 32; + } + ]; + ipv6.addresses = [ + { + address = "2a01:4f8:c2c:b60::"; + prefixLength = 64; + } + ]; }; networking.defaultGateway = { address = "172.31.1.1"; @@ -29,5 +39,5 @@ interface = "enp1s0"; }; - networking.firewall.allowedTCPPorts = [ 80 443 ]; + networking.firewall.allowedTCPPorts = [80 443]; } diff --git a/hosts/frikandel/unbound.nix b/hosts/frikandel/unbound.nix index 380e325..7cb2301 100644 --- a/hosts/frikandel/unbound.nix +++ b/hosts/frikandel/unbound.nix @@ -29,8 +29,8 @@ owner = "unbound"; }; - networking.firewall.interfaces.wg-private.allowedUDPPorts = [ 53 ]; - networking.firewall.interfaces.wg-private.allowedTCPPorts = [ 53 ]; + networking.firewall.interfaces.wg-private.allowedUDPPorts = [53]; + networking.firewall.interfaces.wg-private.allowedTCPPorts = [53]; services.resolved.enable = false; services.unbound = { @@ -102,10 +102,10 @@ "\"mail.mezza.biz. 10800 IN A 10.13.12.7\"" "\"mail.mezza.biz. 10800 IN AAAA fd00:b12f:acab:1312:acab:7::\"" - "\"h${"w"+"dz"+"z.n"}et. 10800 IN A 10.13.12.7\"" - "\"h${"w"+"dz"+"z.n"}et. 10800 IN AAAA fd00:b12f:acab:1312:acab:7::\"" - "\"mail.h${"w"+"dz"+"z.n"}et. 10800 IN A 10.13.12.7\"" - "\"mail.h${"w"+"dz"+"z.n"}et. 10800 IN AAAA fd00:b12f:acab:1312:acab:7::\"" + "\"h${"w" + "dz" + "z.n"}et. 10800 IN A 10.13.12.7\"" + "\"h${"w" + "dz" + "z.n"}et. 10800 IN AAAA fd00:b12f:acab:1312:acab:7::\"" + "\"mail.h${"w" + "dz" + "z.n"}et. 10800 IN A 10.13.12.7\"" + "\"mail.h${"w" + "dz" + "z.n"}et. 10800 IN AAAA fd00:b12f:acab:1312:acab:7::\"" ]; tls-cert-bundle = "/etc/ssl/certs/ca-certificates.crt"; @@ -133,5 +133,4 @@ }; }; }; - } diff --git a/hosts/frikandel/wireguard.nix b/hosts/frikandel/wireguard.nix index f186f61..36867c6 100644 --- a/hosts/frikandel/wireguard.nix +++ b/hosts/frikandel/wireguard.nix @@ -4,7 +4,8 @@ pkgs, lib, ... -}: with lib; { +}: +with lib; { boot.kernel.sysctl = { "net.ipv4.ip_forward" = 1; "net.ipv6.conf.wg-private.forwarding" = 1; @@ -16,10 +17,10 @@ enable = true; enableIPv6 = true; externalInterface = "enp1s0"; - internalInterfaces = [ "wg-private" ]; + internalInterfaces = ["wg-private"]; }; - networking.firewall.allowedUDPPorts = [ 51899 ]; + networking.firewall.allowedUDPPorts = [51899]; networking.firewall.extraForwardRules = [ "iifname { != wg-private } reject" @@ -57,7 +58,8 @@ ]; privateKeyFile = config.age.secrets.wg-private-key.path; peers = [ - { # pie + { + # pie publicKey = "hPTXEqQ2GYEywdPNdZBacwB9KKcoFZ/heClxnqmizyw="; allowedIPs = [ "10.13.12.2/32" @@ -66,7 +68,8 @@ persistentKeepalive = 30; dynamicEndpointRefreshSeconds = 30; } - { # droppie + { + # droppie publicKey = "qsnBMoj9Z16D8PJ5ummRtIfT5AiMpoF3SoOCo4sbyiw="; allowedIPs = [ "10.13.12.3/32" @@ -75,7 +78,8 @@ persistentKeepalive = 30; dynamicEndpointRefreshSeconds = 30; } - { # chocolatebar + { + # chocolatebar publicKey = "nk8EtGE/QsnSEm1lhLS3/w83nOBD2OGYhODIf92G91A="; allowedIPs = [ "10.13.12.5/32" @@ -84,7 +88,8 @@ persistentKeepalive = 30; dynamicEndpointRefreshSeconds = 30; } - { # biolimo + { + # biolimo publicKey = "4ymN7wwBuhF+h+5fFN0TqXmVyOe1AsWiTqRL0jJ3CDc="; allowedIPs = [ "10.13.12.6/32" @@ -93,7 +98,8 @@ persistentKeepalive = 30; dynamicEndpointRefreshSeconds = 30; } - { # stroopwafel + { + # stroopwafel publicKey = "5iNRg13utOJ30pX2Z8SjwPNUFwfH2zonlbeYW2mKFkU="; allowedIPs = [ "10.13.12.8/32" @@ -102,7 +108,8 @@ persistentKeepalive = 30; dynamicEndpointRefreshSeconds = 30; } - { # fp3 + { + # fp3 publicKey = "wQJXFibxhWkyUbRPrPt5y/YfDnH3gDQ5a/PWoyxDfDI="; allowedIPs = [ "10.13.12.9/32" diff --git a/hosts/iso/default.nix b/hosts/iso/default.nix index 89246d1..c76fdcb 100644 --- a/hosts/iso/default.nix +++ b/hosts/iso/default.nix @@ -4,7 +4,7 @@ ... }: { isoImage.squashfsCompression = "gzip -Xcompression-level 1"; - systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ]; + systemd.services.sshd.wantedBy = lib.mkForce ["multi-user.target"]; networking.networkmanager.enable = false; services.openssh.openFirewall = lib.mkForce true; } diff --git a/hosts/maoam/default.nix b/hosts/maoam/default.nix index fb4f6af..2751636 100644 --- a/hosts/maoam/default.nix +++ b/hosts/maoam/default.nix @@ -1,8 +1,12 @@ -{ flake, pkgs, ... }: { +{ + flake, + pkgs, + ... +}: { imports = [ ./configuration.nix ./hardware-configuration.nix - ((import "${flake.inputs.mobile-nixos}/lib/configuration.nix") { device = "pine64-pinephone"; }) + ((import "${flake.inputs.mobile-nixos}/lib/configuration.nix") {device = "pine64-pinephone";}) "${flake.inputs.mobile-nixos}/examples/phosh/phosh.nix" ]; } diff --git a/hosts/maoam/hardware-configuration.nix b/hosts/maoam/hardware-configuration.nix index 61ee65a..9ff3ebe 100644 --- a/hosts/maoam/hardware-configuration.nix +++ b/hosts/maoam/hardware-configuration.nix @@ -1,6 +1,10 @@ # NOTE: this file was generated by the Mobile NixOS installer. -{ config, lib, pkgs, ... }: { + config, + lib, + pkgs, + ... +}: { fileSystems = { "/" = { device = "/dev/disk/by-uuid/51a668b8-fa2e-4d3e-ac3f-73ca002d0004"; diff --git a/hosts/pie/authelia.nix b/hosts/pie/authelia.nix index 8879572..cb17727 100644 --- a/hosts/pie/authelia.nix +++ b/hosts/pie/authelia.nix @@ -81,7 +81,7 @@ in { }; authentication_backend = { refresh_interval = "disable"; - password_reset = { disable = true; }; + password_reset = {disable = true;}; file = { path = config.age.secrets."authelia-users-file".path; watch = false; @@ -93,7 +93,10 @@ in { storage.local.path = "/var/lib/authelia-b12f/db.sqlite3"; access_control.default_policy = "two_factor"; session.cookies = [ - { domain = "b12f.io"; authelia_url = "https://auth.b12f.io"; } + { + domain = "b12f.io"; + authelia_url = "https://auth.b12f.io"; + } ]; notifier.smtp = { host = "mail.b12f.io"; @@ -110,7 +113,7 @@ in { services.restic.backups = { authelia = { - paths = [ "/var/lib/authelia-b12f" ]; + paths = ["/var/lib/authelia-b12f"]; initialize = true; passwordFile = config.age.secrets."restic-password".path; # See https://www.hosting.de/blog/verschluesselte-backups-mit-rclone-und-restic-in-nextcloud/ diff --git a/hosts/pie/configuration.nix b/hosts/pie/configuration.nix index 350cf02..806b899 100644 --- a/hosts/pie/configuration.nix +++ b/hosts/pie/configuration.nix @@ -20,7 +20,7 @@ in { boot.loader.systemd-boot.enable = false; boot.loader.generic-extlinux-compatible.enable = false; - boot.supportedFilesystems = [ "zfs" ]; + boot.supportedFilesystems = ["zfs"]; boot.kernelParams = [ "boot.shell_on_fail=1" @@ -28,7 +28,7 @@ in { "ip=127.0.0.1:::::lo:none" ]; # See https://discourse.nixos.org/t/ssh-and-network-in-initrd-on-raspberry-pi-4/6289/3 - boot.initrd.availableKernelModules = [ "genet" ]; + boot.initrd.availableKernelModules = ["genet"]; boot.initrd.network = { enable = true; ssh = { diff --git a/hosts/pie/dhcpd.nix b/hosts/pie/dhcpd.nix index 5d576fb..d6149f0 100644 --- a/hosts/pie/dhcpd.nix +++ b/hosts/pie/dhcpd.nix @@ -1,6 +1,9 @@ -{ pkgs, adblock-unbound, ... }: { - networking.firewall.allowedUDPPorts = [ 67 547 ]; + pkgs, + adblock-unbound, + ... +}: { + networking.firewall.allowedUDPPorts = [67 547]; networking.firewall.extraInputRules = '' ip6 daddr ff02::1:2/128 udp dport 547 accept comment "DHCPv6 server" ''; @@ -30,7 +33,7 @@ { subnet = "192.168.178.0/24"; pools = [ - { pool = "192.168.178.2 - 192.168.178.255"; } + {pool = "192.168.178.2 - 192.168.178.255";} ]; option-data = [ @@ -100,19 +103,19 @@ subnet = "2a02:908:5b1:e3c0::/64"; pools = [ - { pool = "2a02:908:5b1:e3c0::/72"; } + {pool = "2a02:908:5b1:e3c0::/72";} ]; ddns-qualifying-suffix = "local."; option-data = [ { - name = "dns-servers"; - data = "2a02:908:5b1:e3c0:2::"; + name = "dns-servers"; + data = "2a02:908:5b1:e3c0:2::"; } { - name = "domain-search"; - data = "local"; + name = "domain-search"; + data = "local"; } ]; diff --git a/hosts/pie/firefly.nix b/hosts/pie/firefly.nix index 0c65bf0..3fc3238 100644 --- a/hosts/pie/firefly.nix +++ b/hosts/pie/firefly.nix @@ -80,14 +80,14 @@ in { volumes = [ "/var/lib/firefly/upload:/var/www/html/storage/upload" ]; - extraOptions = [ "--network=firefly" ]; + extraOptions = ["--network=firefly"]; environmentFiles = [ ./.env.firefly config.age.secrets."firefly-secrets.env".path config.age.secrets."firefly-cron-secrets.env".path ]; - ports = [ "127.0.0.1:8080:8080" ]; - dependsOn = [ "firefly-db" ]; + ports = ["127.0.0.1:8080:8080"]; + dependsOn = ["firefly-db"]; }; containers."firefly-db" = { @@ -96,7 +96,7 @@ in { volumes = [ "/var/lib/firefly/db:/var/lib/postgresql/data" ]; - extraOptions = [ "--network=firefly" ]; + extraOptions = ["--network=firefly"]; environmentFiles = [ config.age.secrets."firefly-db-secrets.env".path ]; @@ -105,8 +105,8 @@ in { containers."firefly-importer" = { image = "fireflyiii/data-importer:latest"; autoStart = true; - extraOptions = [ "--network=firefly" ]; - ports = [ "127.0.0.1:8081:8080" ]; + extraOptions = ["--network=firefly"]; + ports = ["127.0.0.1:8081:8080"]; environment = { FIREFLY_III_URL = "https://firefly.b12f.io"; }; @@ -114,7 +114,7 @@ in { ./.env.firefly-importer config.age.secrets."firefly-importer-secrets.env".path ]; - dependsOn = [ "firefly" ]; + dependsOn = ["firefly"]; }; containers."firefly-cron" = { @@ -128,7 +128,7 @@ in { environmentFiles = [ config.age.secrets."firefly-cron-secrets.env".path ]; - extraOptions = [ "--network=firefly" ]; + extraOptions = ["--network=firefly"]; }; }; }; diff --git a/hosts/pie/hardware-configuration.nix b/hosts/pie/hardware-configuration.nix index 8c09beb..ca9cfec 100644 --- a/hosts/pie/hardware-configuration.nix +++ b/hosts/pie/hardware-configuration.nix @@ -1,18 +1,22 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { + config, + lib, + pkgs, + modulesPath, + ... +}: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "usbhid" "uas" "usb_storage" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - boot.supportedFilesystems = [ "zfs" ]; + boot.initrd.availableKernelModules = ["xhci_pci" "usbhid" "uas" "usb_storage"]; + boot.initrd.kernelModules = []; + boot.kernelModules = []; + boot.extraModulePackages = []; + boot.supportedFilesystems = ["zfs"]; boot.initrd.luks.devices = { cryptroot = { @@ -21,20 +25,19 @@ }; }; - fileSystems."/" = - { device = "zroot/root"; - fsType = "zfs"; - }; + fileSystems."/" = { + device = "zroot/root"; + fsType = "zfs"; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/0D5D-B809"; - fsType = "vfat"; - }; - - swapDevices = - [ { device = "/dev/disk/by-uuid/af71e930-42ce-4174-a098-4ea5753b1ea9"; } - ]; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/0D5D-B809"; + fsType = "vfat"; + }; + swapDevices = [ + {device = "/dev/disk/by-uuid/af71e930-42ce-4174-a098-4ea5753b1ea9";} + ]; nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; diff --git a/hosts/pie/invoiceplane.nix b/hosts/pie/invoiceplane.nix index 0c5d4dd..96e5dd5 100644 --- a/hosts/pie/invoiceplane.nix +++ b/hosts/pie/invoiceplane.nix @@ -44,7 +44,7 @@ in { createLocally = false; }; - invoiceTemplates = [ pkgs.invoiceplane-template ]; + invoiceTemplates = [pkgs.invoiceplane-template]; extraConfig = '' SETUP_COMPLETED=true @@ -72,7 +72,7 @@ in { containers."invoiceplane-db" = { image = "mariadb:11"; autoStart = true; - ports = [ "127.0.0.1:3306:3306" ]; + ports = ["127.0.0.1:3306:3306"]; volumes = [ "/var/lib/invoiceplane/db:/var/lib/mysql" ]; diff --git a/hosts/pie/networking.nix b/hosts/pie/networking.nix index ff0e5bf..5866af8 100644 --- a/hosts/pie/networking.nix +++ b/hosts/pie/networking.nix @@ -15,16 +15,25 @@ networking.interfaces.enabcm6e4ei0 = { ipv4.addresses = [ - { address = "192.168.178.2"; prefixLength = 32; } + { + address = "192.168.178.2"; + prefixLength = 32; + } ]; ipv6.addresses = [ - { address = "2a02:908:5b1:e3c0:2::"; prefixLength = 128; } - { address = "fe80:b12f:acab:1312:acab:2::"; prefixLength = 128; } + { + address = "2a02:908:5b1:e3c0:2::"; + prefixLength = 128; + } + { + address = "fe80:b12f:acab:1312:acab:2::"; + prefixLength = 128; + } ]; }; networking.hosts = { - "192.168.178.3" = [ "droppie-initrd.b12f.io" ]; + "192.168.178.3" = ["droppie-initrd.b12f.io"]; }; services.openssh.allowSFTP = true; diff --git a/hosts/pie/paperless.nix b/hosts/pie/paperless.nix index 6979c7f..50518d9 100644 --- a/hosts/pie/paperless.nix +++ b/hosts/pie/paperless.nix @@ -13,33 +13,34 @@ with lib; let backupDir = "/var/lib/PaperlessBackup"; consumptionDir = "/var/lib/scandir"; - scan2paperless = with pkgs; writeShellScriptBin "scan2paperless" '' - DEVICE=$1 - NUM_PAGES=$2 - NAME=$3 + scan2paperless = with pkgs; + writeShellScriptBin "scan2paperless" '' + DEVICE=$1 + NUM_PAGES=$2 + NAME=$3 - if [ -z "''${DEVICE}" ] || [ -z "''${NUM_PAGES}" ] || [ -z "''${NAME}" ]; then - echo "Usage: scan2paperless " - exit 1 - fi + if [ -z "''${DEVICE}" ] || [ -z "''${NUM_PAGES}" ] || [ -z "''${NAME}" ]; then + echo "Usage: scan2paperless " + exit 1 + fi - tmpDir=$(${coreutils}/bin/mktemp -d) - files=() + tmpDir=$(${coreutils}/bin/mktemp -d) + files=() - for i in $(seq 1 $NUM_PAGES); do - fileName=$(${openssl}/bin/openssl rand -hex 12) - file="$tmpDir/$fileName.jpg" - echo "Start scanning page $i/$NUM_PAGES"; - ${sane-backends}/bin/scanimage -d $DEVICE --format=jpeg --resolution 300 --progress -o $file - echo "Finished scanning page $i"; - files+=($file) - done + for i in $(seq 1 $NUM_PAGES); do + fileName=$(${openssl}/bin/openssl rand -hex 12) + file="$tmpDir/$fileName.jpg" + echo "Start scanning page $i/$NUM_PAGES"; + ${sane-backends}/bin/scanimage -d $DEVICE --format=jpeg --resolution 300 --progress -o $file + echo "Finished scanning page $i"; + files+=($file) + done - pdf="${consumptionDir}/$NAME.pdf" - ${python3Packages.img2pdf}/bin/img2pdf --output $pdf ''${files[@]} + pdf="${consumptionDir}/$NAME.pdf" + ${python3Packages.img2pdf}/bin/img2pdf --output $pdf ''${files[@]} - echo "PDF written to $pdf" - ''; + echo "PDF written to $pdf" + ''; in { age.secrets."paperless.env" = { file = "${flake.self}/secrets/paperless.env.age"; @@ -82,7 +83,7 @@ in { }; }; - systemd.services.paperless-web.serviceConfig.EnvironmentFile = [ config.age.secrets."paperless.env".path ]; + systemd.services.paperless-web.serviceConfig.EnvironmentFile = [config.age.secrets."paperless.env".path]; ################################# # Scanning @@ -147,7 +148,7 @@ in { services.restic.backups = { paperless = { - paths = [ backupDir ]; + paths = [backupDir]; initialize = true; passwordFile = config.age.secrets."restic-password".path; # See https://www.hosting.de/blog/verschluesselte-backups-mit-rclone-und-restic-in-nextcloud/ diff --git a/hosts/pie/unbound.nix b/hosts/pie/unbound.nix index 797baa5..a769b7a 100644 --- a/hosts/pie/unbound.nix +++ b/hosts/pie/unbound.nix @@ -29,8 +29,8 @@ owner = "unbound"; }; - networking.firewall.allowedUDPPorts = [ 53 ]; - networking.firewall.allowedTCPPorts = [ 53 ]; + networking.firewall.allowedUDPPorts = [53]; + networking.firewall.allowedTCPPorts = [53]; services.resolved.enable = false; services.unbound = { @@ -94,5 +94,4 @@ }; }; }; - } diff --git a/hosts/pie/wake-droppie.nix b/hosts/pie/wake-droppie.nix index 992ac9b..ca14ad4 100644 --- a/hosts/pie/wake-droppie.nix +++ b/hosts/pie/wake-droppie.nix @@ -1,5 +1,4 @@ -{ pkgs, ... }: -{ +{pkgs, ...}: { services.cron = { enable = true; systemCronJobs = [ diff --git a/hosts/stroopwafel/configuration.nix b/hosts/stroopwafel/configuration.nix index b5f5835..314dfc2 100644 --- a/hosts/stroopwafel/configuration.nix +++ b/hosts/stroopwafel/configuration.nix @@ -17,9 +17,9 @@ in { boot.initrd.preLVMCommands = "udevadm trigger --settle"; boot.swraid.enable = true; boot.swraid.mdadmConf = '' -DEVICE /dev/nvme0n1p2 /dev/nvme1n1p2 -ARRAY /dev/md/nixos:root metadata=1.2 name=nixos:root UUID=67d1aa81:1b348887:c17a75e8:f2edf2bd -MAILADDR ${psCfg.user.email} + DEVICE /dev/nvme0n1p2 /dev/nvme1n1p2 + ARRAY /dev/md/nixos:root metadata=1.2 name=nixos:root UUID=67d1aa81:1b348887:c17a75e8:f2edf2bd + MAILADDR ${psCfg.user.email} ''; pub-solar.core.hibernation.enable = true; diff --git a/hosts/stroopwafel/default.nix b/hosts/stroopwafel/default.nix index b7f5e9c..ab6bf98 100644 --- a/hosts/stroopwafel/default.nix +++ b/hosts/stroopwafel/default.nix @@ -1,4 +1,4 @@ -{ ... }: { +{...}: { imports = [ ./configuration.nix ./hardware-configuration.nix diff --git a/hosts/stroopwafel/hardware-configuration.nix b/hosts/stroopwafel/hardware-configuration.nix index 7a09048..a621c30 100644 --- a/hosts/stroopwafel/hardware-configuration.nix +++ b/hosts/stroopwafel/hardware-configuration.nix @@ -1,55 +1,59 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ "dm-snapshot" ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "usbhid" "usb_storage" "sd_mod"]; + boot.initrd.kernelModules = ["dm-snapshot"]; + boot.kernelModules = ["kvm-amd"]; + boot.extraModulePackages = []; boot.initrd.luks.devices."cryptroot" = { device = "/dev/disk/by-id/md-name-nixos:root"; allowDiscards = true; }; - fileSystems."/" = - { device = "none"; - fsType = "tmpfs"; - }; + fileSystems."/" = { + device = "none"; + fsType = "tmpfs"; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/EC82-67F4"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/EC82-67F4"; + fsType = "vfat"; + }; - fileSystems."/home" = - { device = "/dev/disk/by-uuid/0cc568f0-402d-4535-980a-ed3a1dc697b9"; - fsType = "ext4"; - # https://github.com/ryantm/agenix/issues/45#issuecomment-957865406 - neededForBoot = true; - }; + fileSystems."/home" = { + device = "/dev/disk/by-uuid/0cc568f0-402d-4535-980a-ed3a1dc697b9"; + fsType = "ext4"; + # https://github.com/ryantm/agenix/issues/45#issuecomment-957865406 + neededForBoot = true; + }; - fileSystems."/nix" = - { device = "/dev/disk/by-uuid/e203d629-4d34-4147-bee6-919f0bfa25de"; - fsType = "ext4"; - }; + fileSystems."/nix" = { + device = "/dev/disk/by-uuid/e203d629-4d34-4147-bee6-919f0bfa25de"; + fsType = "ext4"; + }; - fileSystems."/persist" = - { device = "/dev/disk/by-uuid/a0855aaa-76bf-445e-b0d1-ab1552e5496f"; - fsType = "ext4"; - # https://github.com/ryantm/agenix/issues/45#issuecomment-957865406 - neededForBoot = true; - }; + fileSystems."/persist" = { + device = "/dev/disk/by-uuid/a0855aaa-76bf-445e-b0d1-ab1552e5496f"; + fsType = "ext4"; + # https://github.com/ryantm/agenix/issues/45#issuecomment-957865406 + neededForBoot = true; + }; - swapDevices = - [ { device = "/dev/disk/by-uuid/761507ab-479d-414b-ac3e-2149564ca470"; } - ]; + swapDevices = [ + {device = "/dev/disk/by-uuid/761507ab-479d-414b-ac3e-2149564ca470";} + ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/hosts/stroopwafel/networking.nix b/hosts/stroopwafel/networking.nix index d194d30..2874432 100644 --- a/hosts/stroopwafel/networking.nix +++ b/hosts/stroopwafel/networking.nix @@ -46,7 +46,7 @@ pub-solar.wireguard.ehex = { ownIPs = [ - "10.42.0.135/22" + "10.42.0.135/22" ]; privateKeyFile = config.age.secrets.wg-ehex-key.path; }; diff --git a/lib/add-local-hostname.nix b/lib/add-local-hostname.nix index 6940fa8..2e15ff5 100644 --- a/lib/add-local-hostname.nix +++ b/lib/add-local-hostname.nix @@ -1,5 +1,4 @@ -{ lib }: -hostnames: { +{lib}: hostnames: { "127.0.0.1" = hostnames; "::1" = hostnames; } diff --git a/lib/default.nix b/lib/default.nix index d9cf8cf..a1717fa 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -1,4 +1,8 @@ -{ lib, inputs, ... }: { +{ + lib, + inputs, + ... +}: { # Configuration common to all Linux systems flake = { lib = let @@ -10,7 +14,7 @@ #foo = callLibs ./foo.nix; ## In configs, they can be used under "lib.our" - deploy = import ./deploy.nix { inherit inputs lib; }; + deploy = import ./deploy.nix {inherit inputs lib;}; addLocalHostname = callLibs ./add-local-hostname.nix; recursiveMerge = callLibs ./recursive-merge.nix; mkEmailAddress = account: domain: account + "@" + domain; diff --git a/lib/deploy.nix b/lib/deploy.nix index ff01300..f73e37a 100644 --- a/lib/deploy.nix +++ b/lib/deploy.nix @@ -1,11 +1,13 @@ /* - * The contents of this file are adapted from digga - * https://github.com/divnix/digga - * - * Licensed under the MIT license - */ - -{ lib, inputs }: let +* The contents of this file are adapted from digga +* https://github.com/divnix/digga +* +* Licensed under the MIT license +*/ +{ + lib, + inputs, +}: let getFqdn = c: let net = c.config.networking; fqdn = @@ -17,48 +19,53 @@ in { mkDeployNodes = systemConfigurations: extraConfig: /* - * - Synopsis: mkNodes _systemConfigurations_ _extraConfig_ + * + Synopsis: mkNodes _systemConfigurations_ _extraConfig_ - Generate the `nodes` attribute expected by deploy-rs - where _systemConfigurations_ are `nodes`. + Generate the `nodes` attribute expected by deploy-rs + where _systemConfigurations_ are `nodes`. - _systemConfigurations_ should take the form of a flake's - _nixosConfigurations_. Note that deploy-rs does not currently support - deploying to darwin hosts. + _systemConfigurations_ should take the form of a flake's + _nixosConfigurations_. Note that deploy-rs does not currently support + deploying to darwin hosts. - _extraConfig_, if specified, will be merged into each of the - nodes' configurations. + _extraConfig_, if specified, will be merged into each of the + nodes' configurations. - Example _systemConfigurations_ input: + Example _systemConfigurations_ input: - ``` - { - hostname-1 = { - fastConnection = true; - sshOpts = [ "-p" "25" ]; - }; - hostname-2 = { - sshOpts = [ "-p" "19999" ]; - sshUser = "root"; - }; - } - ``` - * - */ + ``` + { + hostname-1 = { + fastConnection = true; + sshOpts = [ "-p" "25" ]; + }; + hostname-2 = { + sshOpts = [ "-p" "19999" ]; + sshUser = "root"; + }; + } + ``` + * + */ lib.recursiveUpdate (lib.mapAttrs ( _: c: let system = c.pkgs.stdenv.hostPlatform.system; # Unmodified nixpkgs - pkgs = import inputs.nixpkgs { inherit system; }; + pkgs = import inputs.nixpkgs {inherit system;}; # nixpkgs with deploy-rs overlay but force the nixpkgs package deployPkgs = import inputs.nixpkgs { inherit system; overlays = [ inputs.deploy-rs.overlay # or deploy-rs.overlays.default - (self: super: { deploy-rs = { inherit (pkgs) deploy-rs; lib = super.deploy-rs.lib; }; }) + (self: super: { + deploy-rs = { + inherit (pkgs) deploy-rs; + lib = super.deploy-rs.lib; + }; + }) ]; }; in { diff --git a/lib/recursive-merge.nix b/lib/recursive-merge.nix index 1b2c37e..f75201e 100644 --- a/lib/recursive-merge.nix +++ b/lib/recursive-merge.nix @@ -1,6 +1,4 @@ -{ lib }: -attrList: -let +{lib}: attrList: let f = attrPath: zipAttrsWith ( n: values: @@ -13,4 +11,4 @@ let else last values ); in - f [] attrList; + f [] attrList diff --git a/modules/core/networking.nix b/modules/core/networking.nix index 5880227..62d6b37 100644 --- a/modules/core/networking.nix +++ b/modules/core/networking.nix @@ -10,8 +10,8 @@ systemd.services.systemd-networkd-wait-online.enable = lib.mkDefault false; networking.hosts = { - "128.140.109.213" = [ "vpn.b12f.io" ]; - "2a01:4f8:c2c:b60::" = [ "vpn.b12f.io" ]; + "128.140.109.213" = ["vpn.b12f.io"]; + "2a01:4f8:c2c:b60::" = ["vpn.b12f.io"]; }; networking.networkmanager = { @@ -38,7 +38,7 @@ }; # Don't expose SSH via public interfaces - networking.firewall.interfaces.wg-private.allowedTCPPorts = [ 22 ]; + networking.firewall.interfaces.wg-private.allowedTCPPorts = [22]; # For rage encryption, all hosts need a ssh key pair services.openssh = { diff --git a/modules/graphical/alacritty.nix b/modules/graphical/alacritty.nix index a743574..b80acc5 100644 --- a/modules/graphical/alacritty.nix +++ b/modules/graphical/alacritty.nix @@ -159,8 +159,8 @@ # Base16 Burn 256 - alacritty color config # Benjamin Bädorf colors = { - # When true, bold text is drawn using the bright variant of colors. - draw_bold_text_with_bright_colors = true; + # When true, bold text is drawn using the bright variant of colors. + draw_bold_text_with_bright_colors = true; # Default colors primary = { diff --git a/modules/graphical/default.nix b/modules/graphical/default.nix index fcaf192..effb1f5 100644 --- a/modules/graphical/default.nix +++ b/modules/graphical/default.nix @@ -105,7 +105,7 @@ in { toggle-kbd-layout vlc wcwd - wl-mirror + wl-mirror ]; home-manager.users."${psCfg.user.name}" = { diff --git a/modules/graphical/sway/config/config.d/mode_system.conf.nix b/modules/graphical/sway/config/config.d/mode_system.conf.nix index 411213e..7539d3f 100644 --- a/modules/graphical/sway/config/config.d/mode_system.conf.nix +++ b/modules/graphical/sway/config/config.d/mode_system.conf.nix @@ -2,39 +2,40 @@ pkgs, psCfg, ... -}: with pkgs; -'' - # Set shut down, restart and locking features -'' -+ ( - if psCfg.core.hibernation.enable - then '' - set $mode_system (e)xit, (l)ock, (h)ibernate, (r)eboot, (Shift+s)hutdown +}: +with pkgs; '' - else '' - set $mode_system (e)xit, (l)ock, (r)eboot, (Shift+s)hutdown + # Set shut down, restart and locking features '' -) -+ '' - bindsym $mod+0 mode "$mode_system" + + ( + if psCfg.core.hibernation.enable + then '' + set $mode_system (e)xit, (l)ock, (h)ibernate, (r)eboot, (Shift+s)hutdown + '' + else '' + set $mode_system (e)xit, (l)ock, (r)eboot, (Shift+s)hutdown + '' + ) + + '' + bindsym $mod+0 mode "$mode_system" - mode "$mode_system" { - bindsym e exec ${sway}/bin/swaymsg exit, mode "default" - bindsym l exec ${swaylock-bg}/bin/swaylock-bg, mode "default" -'' -+ ( - if psCfg.core.hibernation.enable - then '' - bindsym h exec ${systemd}/bin/systemctl hibernate, mode "default" + mode "$mode_system" { + bindsym e exec ${sway}/bin/swaymsg exit, mode "default" + bindsym l exec ${swaylock-bg}/bin/swaylock-bg, mode "default" '' - else "" -) -+ '' - bindsym r exec ${systemd}/bin/systemctl reboot, mode "default" - bindsym Shift+s exec ${systemd}/bin/systemctl poweroff, mode "default" + + ( + if psCfg.core.hibernation.enable + then '' + bindsym h exec ${systemd}/bin/systemctl hibernate, mode "default" + '' + else "" + ) + + '' + bindsym r exec ${systemd}/bin/systemctl reboot, mode "default" + bindsym Shift+s exec ${systemd}/bin/systemctl poweroff, mode "default" - # exit system mode: "Enter" or "Escape" - bindsym Return mode "default" - bindsym Escape mode "default" -} -'' + # exit system mode: "Enter" or "Escape" + bindsym Return mode "default" + bindsym Escape mode "default" + } + '' diff --git a/modules/graphical/waybar.nix b/modules/graphical/waybar.nix index f99cd1e..99bb0ae 100644 --- a/modules/graphical/waybar.nix +++ b/modules/graphical/waybar.nix @@ -46,10 +46,10 @@ in { on-scroll = "-1"; on-click-right = "mode"; format = { - months = "{}"; - days = "{}"; - weekdays = "{}"; - today = "{}"; + months = "{}"; + days = "{}"; + weekdays = "{}"; + today = "{}"; }; }; }; diff --git a/modules/invoiceplane/default.nix b/modules/invoiceplane/default.nix index da1747f..1fa7a48 100644 --- a/modules/invoiceplane/default.nix +++ b/modules/invoiceplane/default.nix @@ -1,215 +1,221 @@ -{ config, pkgs, lib, ... }: - -with lib; - -let +{ + config, + pkgs, + lib, + ... +}: +with lib; let cfg = config.services.invoiceplane; eachSite = cfg.sites; user = "invoiceplane"; webserver = config.services.${cfg.webserver}; - invoiceplane-config = hostName: cfg: pkgs.writeText "ipconfig.php" '' - IP_URL=http://${hostName} - ENABLE_DEBUG=false - DISABLE_SETUP=false - REMOVE_INDEXPHP=false - DB_HOSTNAME=${cfg.database.host} - DB_USERNAME=${cfg.database.user} - # NOTE: file_get_contents adds newline at the end of returned string - DB_PASSWORD=${if cfg.database.passwordFile == null then "" else "trim(file_get_contents('${cfg.database.passwordFile}'),\"\\r\\n\")"} - DB_DATABASE=${cfg.database.name} - DB_PORT=${toString cfg.database.port} - SESS_EXPIRATION=864000 - ENABLE_INVOICE_DELETION=false - DISABLE_READ_ONLY=false - ENCRYPTION_KEY= - ENCRYPTION_CIPHER=AES-256 - SETUP_COMPLETED=false - REMOVE_INDEXPHP=true - ''; - - extraConfig = hostName: cfg: pkgs.writeText "extraConfig.php" '' - ${toString cfg.extraConfig} - ''; - - pkg = hostName: cfg: pkgs.stdenv.mkDerivation rec { - pname = "invoiceplane-${hostName}"; - version = src.version; - src = pkgs.invoiceplane; - - postPhase = '' - # Patch index.php file to load additional config file - substituteInPlace index.php \ - --replace "require('vendor/autoload.php');" "require('vendor/autoload.php'); \$dotenv = Dotenv\Dotenv::createImmutable(__DIR__, 'extraConfig.php'); \$dotenv->load();"; + invoiceplane-config = hostName: cfg: + pkgs.writeText "ipconfig.php" '' + IP_URL=http://${hostName} + ENABLE_DEBUG=false + DISABLE_SETUP=false + REMOVE_INDEXPHP=false + DB_HOSTNAME=${cfg.database.host} + DB_USERNAME=${cfg.database.user} + # NOTE: file_get_contents adds newline at the end of returned string + DB_PASSWORD=${ + if cfg.database.passwordFile == null + then "" + else "trim(file_get_contents('${cfg.database.passwordFile}'),\"\\r\\n\")" + } + DB_DATABASE=${cfg.database.name} + DB_PORT=${toString cfg.database.port} + SESS_EXPIRATION=864000 + ENABLE_INVOICE_DELETION=false + DISABLE_READ_ONLY=false + ENCRYPTION_KEY= + ENCRYPTION_CIPHER=AES-256 + SETUP_COMPLETED=false + REMOVE_INDEXPHP=true ''; - installPhase = '' - mkdir -p $out - cp -r * $out/ - - # symlink uploads and log directories - rm -r $out/uploads $out/application/logs $out/vendor/mpdf/mpdf/tmp - ln -sf ${cfg.stateDir}/uploads $out/ - ln -sf ${cfg.stateDir}/logs $out/application/ - ln -sf ${cfg.stateDir}/tmp $out/vendor/mpdf/mpdf/ - - # symlink the InvoicePlane config - ln -s ${cfg.stateDir}/ipconfig.php $out/ipconfig.php - - # symlink the extraConfig file - ln -s ${extraConfig hostName cfg} $out/extraConfig.php - - # symlink additional templates - ${concatMapStringsSep "\n" (template: "cp -r ${template}/. $out/application/views/invoice_templates/pdf/") cfg.invoiceTemplates} + extraConfig = hostName: cfg: + pkgs.writeText "extraConfig.php" '' + ${toString cfg.extraConfig} ''; - }; - siteOpts = { lib, name, ... }: - { - options = { + pkg = hostName: cfg: + pkgs.stdenv.mkDerivation rec { + pname = "invoiceplane-${hostName}"; + version = src.version; + src = pkgs.invoiceplane; - enable = mkEnableOption (lib.mdDoc "InvoicePlane web application"); + postPhase = '' + # Patch index.php file to load additional config file + substituteInPlace index.php \ + --replace "require('vendor/autoload.php');" "require('vendor/autoload.php'); \$dotenv = Dotenv\Dotenv::createImmutable(__DIR__, 'extraConfig.php'); \$dotenv->load();"; + ''; - stateDir = mkOption { - type = types.path; - default = "/var/lib/invoiceplane/${name}"; - description = lib.mdDoc '' - This directory is used for uploads of attachments and cache. - The directory passed here is automatically created and permissions - adjusted as required. - ''; - }; + installPhase = '' + mkdir -p $out + cp -r * $out/ - database = { - host = mkOption { - type = types.str; - default = "localhost"; - description = lib.mdDoc "Database host address."; - }; + # symlink uploads and log directories + rm -r $out/uploads $out/application/logs $out/vendor/mpdf/mpdf/tmp + ln -sf ${cfg.stateDir}/uploads $out/ + ln -sf ${cfg.stateDir}/logs $out/application/ + ln -sf ${cfg.stateDir}/tmp $out/vendor/mpdf/mpdf/ - port = mkOption { - type = types.port; - default = 3306; - description = lib.mdDoc "Database host port."; - }; + # symlink the InvoicePlane config + ln -s ${cfg.stateDir}/ipconfig.php $out/ipconfig.php - name = mkOption { - type = types.str; - default = "invoiceplane"; - description = lib.mdDoc "Database name."; - }; + # symlink the extraConfig file + ln -s ${extraConfig hostName cfg} $out/extraConfig.php - user = mkOption { - type = types.str; - default = "invoiceplane"; - description = lib.mdDoc "Database user."; - }; + # symlink additional templates + ${concatMapStringsSep "\n" (template: "cp -r ${template}/. $out/application/views/invoice_templates/pdf/") cfg.invoiceTemplates} + ''; + }; - passwordFile = mkOption { - type = types.nullOr types.path; - default = null; - example = "/run/keys/invoiceplane-dbpassword"; - description = lib.mdDoc '' - A file containing the password corresponding to - {option}`database.user`. - ''; - }; - - createLocally = mkOption { - type = types.bool; - default = true; - description = lib.mdDoc "Create the database and database user locally."; - }; - }; - - invoiceTemplates = mkOption { - type = types.listOf types.path; - default = []; - description = lib.mdDoc '' - List of path(s) to respective template(s) which are copied from the 'invoice_templates/pdf' directory. - - ::: {.note} - These templates need to be packaged before use, see example. - ::: - ''; - example = literalExpression '' - let - # Let's package an example template - template-vtdirektmarketing = pkgs.stdenv.mkDerivation { - name = "vtdirektmarketing"; - # Download the template from a public repository - src = pkgs.fetchgit { - url = "https://git.project-insanity.org/onny/invoiceplane-vtdirektmarketing.git"; - sha256 = "1hh0q7wzsh8v8x03i82p6qrgbxr4v5fb05xylyrpp975l8axyg2z"; - }; - sourceRoot = "."; - # Installing simply means copying template php file to the output directory - installPhase = "" - mkdir -p $out - cp invoiceplane-vtdirektmarketing/vtdirektmarketing.php $out/ - ""; - }; - # And then pass this package to the template list like this: - in [ template-vtdirektmarketing ] - ''; - }; - - poolConfig = mkOption { - type = with types; attrsOf (oneOf [ str int bool ]); - default = { - "pm" = "dynamic"; - "pm.max_children" = 32; - "pm.start_servers" = 2; - "pm.min_spare_servers" = 2; - "pm.max_spare_servers" = 4; - "pm.max_requests" = 500; - }; - description = lib.mdDoc '' - Options for the InvoicePlane PHP pool. See the documentation on `php-fpm.conf` - for details on configuration directives. - ''; - }; - - extraConfig = mkOption { - type = types.nullOr types.lines; - default = null; - example = '' - SETUP_COMPLETED=true - DISABLE_SETUP=true - IP_URL=https://invoice.example.com - ''; - description = lib.mdDoc '' - InvoicePlane configuration. Refer to - - for details on supported values. - ''; - }; - - cron = { - - enable = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc '' - Enable cron service which periodically runs Invoiceplane tasks. - Requires key taken from the administration page. Refer to - - on how to configure it. - ''; - }; - - key = mkOption { - type = types.str; - description = lib.mdDoc "Cron key taken from the administration page."; - }; - - }; + siteOpts = { + lib, + name, + ... + }: { + options = { + enable = mkEnableOption (lib.mdDoc "InvoicePlane web application"); + stateDir = mkOption { + type = types.path; + default = "/var/lib/invoiceplane/${name}"; + description = lib.mdDoc '' + This directory is used for uploads of attachments and cache. + The directory passed here is automatically created and permissions + adjusted as required. + ''; }; + database = { + host = mkOption { + type = types.str; + default = "localhost"; + description = lib.mdDoc "Database host address."; + }; + + port = mkOption { + type = types.port; + default = 3306; + description = lib.mdDoc "Database host port."; + }; + + name = mkOption { + type = types.str; + default = "invoiceplane"; + description = lib.mdDoc "Database name."; + }; + + user = mkOption { + type = types.str; + default = "invoiceplane"; + description = lib.mdDoc "Database user."; + }; + + passwordFile = mkOption { + type = types.nullOr types.path; + default = null; + example = "/run/keys/invoiceplane-dbpassword"; + description = lib.mdDoc '' + A file containing the password corresponding to + {option}`database.user`. + ''; + }; + + createLocally = mkOption { + type = types.bool; + default = true; + description = lib.mdDoc "Create the database and database user locally."; + }; + }; + + invoiceTemplates = mkOption { + type = types.listOf types.path; + default = []; + description = lib.mdDoc '' + List of path(s) to respective template(s) which are copied from the 'invoice_templates/pdf' directory. + + ::: {.note} + These templates need to be packaged before use, see example. + ::: + ''; + example = literalExpression '' + let + # Let's package an example template + template-vtdirektmarketing = pkgs.stdenv.mkDerivation { + name = "vtdirektmarketing"; + # Download the template from a public repository + src = pkgs.fetchgit { + url = "https://git.project-insanity.org/onny/invoiceplane-vtdirektmarketing.git"; + sha256 = "1hh0q7wzsh8v8x03i82p6qrgbxr4v5fb05xylyrpp975l8axyg2z"; + }; + sourceRoot = "."; + # Installing simply means copying template php file to the output directory + installPhase = "" + mkdir -p $out + cp invoiceplane-vtdirektmarketing/vtdirektmarketing.php $out/ + ""; + }; + # And then pass this package to the template list like this: + in [ template-vtdirektmarketing ] + ''; + }; + + poolConfig = mkOption { + type = with types; attrsOf (oneOf [str int bool]); + default = { + "pm" = "dynamic"; + "pm.max_children" = 32; + "pm.start_servers" = 2; + "pm.min_spare_servers" = 2; + "pm.max_spare_servers" = 4; + "pm.max_requests" = 500; + }; + description = lib.mdDoc '' + Options for the InvoicePlane PHP pool. See the documentation on `php-fpm.conf` + for details on configuration directives. + ''; + }; + + extraConfig = mkOption { + type = types.nullOr types.lines; + default = null; + example = '' + SETUP_COMPLETED=true + DISABLE_SETUP=true + IP_URL=https://invoice.example.com + ''; + description = lib.mdDoc '' + InvoicePlane configuration. Refer to + + for details on supported values. + ''; + }; + + cron = { + enable = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc '' + Enable cron service which periodically runs Invoiceplane tasks. + Requires key taken from the administration page. Refer to + + on how to configure it. + ''; + }; + + key = mkOption { + type = types.str; + description = lib.mdDoc "Cron key taken from the administration page."; + }; + }; }; -in -{ + }; +in { disabledModules = [ "services/web-apps/invoiceplane.nix" ]; @@ -218,7 +224,6 @@ in options = { services.invoiceplane = mkOption { type = types.submodule { - options.sites = mkOption { type = types.attrsOf (types.submodule siteOpts); default = {}; @@ -226,7 +231,7 @@ in }; options.webserver = mkOption { - type = types.enum [ "caddy" "nginx" ]; + type = types.enum ["caddy" "nginx"]; default = "caddy"; description = lib.mdDoc '' Which webserver to use for virtual host management. Currently only @@ -237,160 +242,172 @@ in default = {}; description = lib.mdDoc "InvoicePlane configuration."; }; - }; # implementation - config = mkIf (eachSite != {}) (mkMerge [{ + config = mkIf (eachSite != {}) (mkMerge [ + { + assertions = flatten (mapAttrsToList (hostName: cfg: [ + { + assertion = cfg.database.createLocally -> cfg.database.user == user; + message = ''services.invoiceplane.sites."${hostName}".database.user must be ${user} if the database is to be automatically provisioned''; + } + { + assertion = cfg.database.createLocally -> cfg.database.passwordFile == null; + message = ''services.invoiceplane.sites."${hostName}".database.passwordFile cannot be specified if services.invoiceplane.sites."${hostName}".database.createLocally is set to true.''; + } + { + assertion = cfg.cron.enable -> cfg.cron.key != null; + message = ''services.invoiceplane.sites."${hostName}".cron.key must be set in order to use cron service.''; + } + ]) + eachSite); - assertions = flatten (mapAttrsToList (hostName: cfg: - [{ assertion = cfg.database.createLocally -> cfg.database.user == user; - message = ''services.invoiceplane.sites."${hostName}".database.user must be ${user} if the database is to be automatically provisioned''; - } - { assertion = cfg.database.createLocally -> cfg.database.passwordFile == null; - message = ''services.invoiceplane.sites."${hostName}".database.passwordFile cannot be specified if services.invoiceplane.sites."${hostName}".database.createLocally is set to true.''; - } - { assertion = cfg.cron.enable -> cfg.cron.key != null; - message = ''services.invoiceplane.sites."${hostName}".cron.key must be set in order to use cron service.''; - } - ]) eachSite); - - services.mysql = mkIf (any (v: v.database.createLocally) (attrValues eachSite)) { - enable = true; - package = mkDefault pkgs.mariadb; - ensureDatabases = mapAttrsToList (hostName: cfg: cfg.database.name) eachSite; - ensureUsers = mapAttrsToList (hostName: cfg: - { name = cfg.database.user; - ensurePermissions = { "${cfg.database.name}.*" = "ALL PRIVILEGES"; }; - } - ) eachSite; - }; - - services.phpfpm = { - phpPackage = pkgs.php81; - pools = mapAttrs' (hostName: cfg: ( - nameValuePair "invoiceplane-${hostName}" { - inherit user; - group = webserver.group; - settings = { - "listen.owner" = webserver.user; - "listen.group" = webserver.group; - } // cfg.poolConfig; - } - )) eachSite; - }; - - } - - { - - systemd.tmpfiles.rules = flatten (mapAttrsToList (hostName: cfg: [ - "d ${cfg.stateDir} 0750 ${user} ${webserver.group} - -" - "f ${cfg.stateDir}/ipconfig.php 0750 ${user} ${webserver.group} - -" - "d ${cfg.stateDir}/logs 0750 ${user} ${webserver.group} - -" - "d ${cfg.stateDir}/uploads 0750 ${user} ${webserver.group} - -" - "d ${cfg.stateDir}/uploads/archive 0750 ${user} ${webserver.group} - -" - "d ${cfg.stateDir}/uploads/customer_files 0750 ${user} ${webserver.group} - -" - "d ${cfg.stateDir}/uploads/temp 0750 ${user} ${webserver.group} - -" - "d ${cfg.stateDir}/uploads/temp/mpdf 0750 ${user} ${webserver.group} - -" - "d ${cfg.stateDir}/tmp 0750 ${user} ${webserver.group} - -" - ]) eachSite); - - systemd.services.invoiceplane-config = { - serviceConfig.Type = "oneshot"; - script = concatStrings (mapAttrsToList (hostName: cfg: - '' - mkdir -p ${cfg.stateDir}/logs \ - ${cfg.stateDir}/uploads - if ! grep -q IP_URL "${cfg.stateDir}/ipconfig.php"; then - cp "${invoiceplane-config hostName cfg}" "${cfg.stateDir}/ipconfig.php" - fi - '') eachSite); - wantedBy = [ "multi-user.target" ]; - }; - - users.users.${user} = { - group = webserver.group; - isSystemUser = true; - }; - - } - { - - # Cron service implementation - - systemd.timers = mapAttrs' (hostName: cfg: ( - nameValuePair "invoiceplane-cron-${hostName}" (mkIf cfg.cron.enable { - wantedBy = [ "timers.target" ]; - timerConfig = { - OnBootSec = "5m"; - OnUnitActiveSec = "5m"; - Unit = "invoiceplane-cron-${hostName}.service"; - }; - }) - )) eachSite; - - systemd.services = - mapAttrs' (hostName: cfg: ( - nameValuePair "invoiceplane-cron-${hostName}" (mkIf cfg.cron.enable { - serviceConfig = { - Type = "oneshot"; - User = user; - ExecStart = "${pkgs.curl}/bin/curl --header 'Host: ${hostName}' http://localhost/invoices/cron/recur/${cfg.cron.key}"; - }; - }) - )) eachSite; - - } - - (mkIf (cfg.webserver == "caddy") { - services.caddy = { - enable = true; - virtualHosts = mapAttrs' (hostName: cfg: ( - nameValuePair "http://${hostName}" { - extraConfig = '' - root * ${pkg hostName cfg} - file_server - php_fastcgi unix/${config.services.phpfpm.pools."invoiceplane-${hostName}".socket} - ''; - } - )) eachSite; - }; - }) - - (mkIf (cfg.webserver == "nginx") { - services.nginx = { - enable = true; - virtualHosts = mapAttrs' (hostName: cfg: ( - nameValuePair "${hostName}" { - root = "${pkg hostName cfg}"; - extraConfig = '' - index index.php index.html index.htm; - - if (!-e $request_filename){ - rewrite ^(.*)$ /index.php break; + services.mysql = mkIf (any (v: v.database.createLocally) (attrValues eachSite)) { + enable = true; + package = mkDefault pkgs.mariadb; + ensureDatabases = mapAttrsToList (hostName: cfg: cfg.database.name) eachSite; + ensureUsers = + mapAttrsToList ( + hostName: cfg: { + name = cfg.database.user; + ensurePermissions = {"${cfg.database.name}.*" = "ALL PRIVILEGES";}; } - ''; + ) + eachSite; + }; - locations = { - "/setup".extraConfig = '' - rewrite ^(.*)$ http://${hostName}/ redirect; - ''; + services.phpfpm = { + phpPackage = pkgs.php81; + pools = + mapAttrs' (hostName: cfg: ( + nameValuePair "invoiceplane-${hostName}" { + inherit user; + group = webserver.group; + settings = + { + "listen.owner" = webserver.user; + "listen.group" = webserver.group; + } + // cfg.poolConfig; + } + )) + eachSite; + }; + } - "~ .php$" = { - extraConfig = '' - fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass unix:${config.services.phpfpm.pools."invoiceplane-${hostName}".socket}; - include ${pkgs.nginx}/conf/fastcgi_params; - include ${pkgs.nginx}/conf/fastcgi.conf; - ''; + { + systemd.tmpfiles.rules = flatten (mapAttrsToList (hostName: cfg: [ + "d ${cfg.stateDir} 0750 ${user} ${webserver.group} - -" + "f ${cfg.stateDir}/ipconfig.php 0750 ${user} ${webserver.group} - -" + "d ${cfg.stateDir}/logs 0750 ${user} ${webserver.group} - -" + "d ${cfg.stateDir}/uploads 0750 ${user} ${webserver.group} - -" + "d ${cfg.stateDir}/uploads/archive 0750 ${user} ${webserver.group} - -" + "d ${cfg.stateDir}/uploads/customer_files 0750 ${user} ${webserver.group} - -" + "d ${cfg.stateDir}/uploads/temp 0750 ${user} ${webserver.group} - -" + "d ${cfg.stateDir}/uploads/temp/mpdf 0750 ${user} ${webserver.group} - -" + "d ${cfg.stateDir}/tmp 0750 ${user} ${webserver.group} - -" + ]) + eachSite); + + systemd.services.invoiceplane-config = { + serviceConfig.Type = "oneshot"; + script = concatStrings (mapAttrsToList (hostName: cfg: '' + mkdir -p ${cfg.stateDir}/logs \ + ${cfg.stateDir}/uploads + if ! grep -q IP_URL "${cfg.stateDir}/ipconfig.php"; then + cp "${invoiceplane-config hostName cfg}" "${cfg.stateDir}/ipconfig.php" + fi + '') + eachSite); + wantedBy = ["multi-user.target"]; + }; + + users.users.${user} = { + group = webserver.group; + isSystemUser = true; + }; + } + { + # Cron service implementation + + systemd.timers = + mapAttrs' (hostName: cfg: ( + nameValuePair "invoiceplane-cron-${hostName}" (mkIf cfg.cron.enable { + wantedBy = ["timers.target"]; + timerConfig = { + OnBootSec = "5m"; + OnUnitActiveSec = "5m"; + Unit = "invoiceplane-cron-${hostName}.service"; }; - }; - } - )) eachSite; - }; - }) + }) + )) + eachSite; + systemd.services = + mapAttrs' (hostName: cfg: ( + nameValuePair "invoiceplane-cron-${hostName}" (mkIf cfg.cron.enable { + serviceConfig = { + Type = "oneshot"; + User = user; + ExecStart = "${pkgs.curl}/bin/curl --header 'Host: ${hostName}' http://localhost/invoices/cron/recur/${cfg.cron.key}"; + }; + }) + )) + eachSite; + } + + (mkIf (cfg.webserver == "caddy") { + services.caddy = { + enable = true; + virtualHosts = + mapAttrs' (hostName: cfg: ( + nameValuePair "http://${hostName}" { + extraConfig = '' + root * ${pkg hostName cfg} + file_server + php_fastcgi unix/${config.services.phpfpm.pools."invoiceplane-${hostName}".socket} + ''; + } + )) + eachSite; + }; + }) + + (mkIf (cfg.webserver == "nginx") { + services.nginx = { + enable = true; + virtualHosts = + mapAttrs' (hostName: cfg: ( + nameValuePair "${hostName}" { + root = "${pkg hostName cfg}"; + extraConfig = '' + index index.php index.html index.htm; + + if (!-e $request_filename){ + rewrite ^(.*)$ /index.php break; + } + ''; + + locations = { + "/setup".extraConfig = '' + rewrite ^(.*)$ http://${hostName}/ redirect; + ''; + + "~ .php$" = { + extraConfig = '' + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass unix:${config.services.phpfpm.pools."invoiceplane-${hostName}".socket}; + include ${pkgs.nginx}/conf/fastcgi_params; + include ${pkgs.nginx}/conf/fastcgi.conf; + ''; + }; + }; + } + )) + eachSite; + }; + }) ]); } diff --git a/modules/nix/default.nix b/modules/nix/default.nix index fd3099b..bba8b79 100644 --- a/modules/nix/default.nix +++ b/modules/nix/default.nix @@ -5,15 +5,16 @@ flake, ... }: { - nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ - "steam" - "steam-original" - "steam-run" - "hplip" - "cups-brother-hl3140cw" - "uhk-agent" - "uhk-udev-rules" - ]; + nixpkgs.config.allowUnfreePredicate = pkg: + builtins.elem (lib.getName pkg) [ + "steam" + "steam-original" + "steam-run" + "hplip" + "cups-brother-hl3140cw" + "uhk-agent" + "uhk-udev-rules" + ]; nix = { # Use default version alias for nix package diff --git a/modules/persistence/default.nix b/modules/persistence/default.nix index 435e136..8544110 100644 --- a/modules/persistence/default.nix +++ b/modules/persistence/default.nix @@ -1,5 +1,8 @@ -{ lib, config, ... }: { + lib, + config, + ... +}: { environment.persistence."/persist" = { hideMounts = true; directories = [ @@ -17,7 +20,7 @@ fileSystems."/etc/nixos" = { device = "/home/${config.pub-solar.user.name}/Workspace/os"; - options = [ "bind" ]; + options = ["bind"]; }; systemd.tmpfiles.rules = [ diff --git a/modules/portable/default.nix b/modules/portable/default.nix index 5c7fb9d..cc63e0c 100644 --- a/modules/portable/default.nix +++ b/modules/portable/default.nix @@ -1,5 +1,4 @@ -{ pkgs, ... }: -{ +{pkgs, ...}: { services.cron = { enable = true; systemCronJobs = [ diff --git a/modules/printing/default.nix b/modules/printing/default.nix index 03caa88..fd0f112 100644 --- a/modules/printing/default.nix +++ b/modules/printing/default.nix @@ -16,11 +16,15 @@ services.printing.listenAddresses = ["localhost:631"]; services.printing.defaultShared = lib.mkDefault false; - services.printing.drivers = [ - pkgs.gutenprint - ] ++ (if (pkgs.system == "x86_64-linux") - then [ pkgs.cups-brother-hl3140cw ] - else []); + services.printing.drivers = + [ + pkgs.gutenprint + ] + ++ ( + if (pkgs.system == "x86_64-linux") + then [pkgs.cups-brother-hl3140cw] + else [] + ); # environment.persistence."/persist" = { # directories = [ diff --git a/modules/proxy/default.nix b/modules/proxy/default.nix index 6db5ee1..dcfc678 100644 --- a/modules/proxy/default.nix +++ b/modules/proxy/default.nix @@ -5,7 +5,7 @@ lib, ... }: { - networking.firewall.allowedTCPPorts = [ 80 443 ]; + networking.firewall.allowedTCPPorts = [80 443]; services.nginx = { enable = true; diff --git a/modules/terminal-life/.config/git/gitmessage.nix b/modules/terminal-life/.config/git/gitmessage.nix index 223bfc3..15f0eb7 100644 --- a/modules/terminal-life/.config/git/gitmessage.nix +++ b/modules/terminal-life/.config/git/gitmessage.nix @@ -6,27 +6,27 @@ user = config.pub-solar.user; xdg = config.home-manager.users."${user.name}".xdg; in '' -# What happened? -# -# fix feat build chore ci docs style refactor perf test -# -# type!(optional scope): --------------# -# + # What happened? + # + # fix feat build chore ci docs style refactor perf test + # + # type!(optional scope): --------------# + # -# ^\n -# What exactly was done and why? --------------------------------------# -# + # ^\n + # What exactly was done and why? --------------------------------------# + # -# ^\n -# -# Any issue numbers or links? -# -# Ref: #123 + # ^\n + # + # Any issue numbers or links? + # + # Ref: #123 -# ^\n -# -# Co-authored-by: Example Name + # ^\n + # + # Co-authored-by: Example Name '' diff --git a/modules/terminal-life/default.nix b/modules/terminal-life/default.nix index 949353d..fb4410d 100644 --- a/modules/terminal-life/default.nix +++ b/modules/terminal-life/default.nix @@ -21,34 +21,40 @@ in { config = { programs.command-not-found.enable = false; - users.users."${psCfg.user.name}".packages = with pkgs; [ - asciinema - bat - blesh - eza - fd - ripgrep - (nnn.overrideAttrs (o: { - patches = - (o.patches or []) - ++ [ - ./nnn/0001-feat-use-wasd-keybindings-for-jkli.patch - ]; - })) - p - powerline - screen - watson - jump - ] ++ (if cfg.full then [ - # Nix specific utilities - alejandra - manix - nix-index - nix-tree - nix-inspect - nvd - ] else []); + users.users."${psCfg.user.name}".packages = with pkgs; + [ + asciinema + bat + blesh + eza + fd + ripgrep + (nnn.overrideAttrs (o: { + patches = + (o.patches or []) + ++ [ + ./nnn/0001-feat-use-wasd-keybindings-for-jkli.patch + ]; + })) + p + powerline + screen + watson + jump + ] + ++ ( + if cfg.full + then [ + # Nix specific utilities + alejandra + manix + nix-index + nix-tree + nix-inspect + nvd + ] + else [] + ); home-manager.users."${psCfg.user.name}" = { xdg.dataFile."scripts/base16.sh".source = .local/share/scripts/base16.sh; diff --git a/modules/terminal-life/direnv/default.nix b/modules/terminal-life/direnv/default.nix index 0143c83..dbaa385 100644 --- a/modules/terminal-life/direnv/default.nix +++ b/modules/terminal-life/direnv/default.nix @@ -1,5 +1,4 @@ -{ ... }: -{ +{...}: { enable = true; nix-direnv = { enable = true; diff --git a/modules/terminal-life/git/default.nix b/modules/terminal-life/git/default.nix index 6533d04..13c8720 100644 --- a/modules/terminal-life/git/default.nix +++ b/modules/terminal-life/git/default.nix @@ -1,5 +1,4 @@ -{ ... }: -{ +{...}: { enable = true; extraConfig = { diff --git a/modules/terminal-life/nvim/default.nix b/modules/terminal-life/nvim/default.nix index 379975f..394ee69 100644 --- a/modules/terminal-life/nvim/default.nix +++ b/modules/terminal-life/nvim/default.nix @@ -19,119 +19,130 @@ in { withPython3 = true; extraPackages = with pkgs; [ - ripgrep - nixd - universal-ctags - # ansible-language-server - # clang-tools - # gopls - # nodePackages.bash-language-server - # nodePackages.svelte-language-server - # nodePackages.typescript - # nodePackages.typescript-language-server - # nodePackages.vue-language-server - # nodePackages.vscode-langservers-extracted - # nginx-language-server - # lua-language-server - # cmake-language-server - # vim-language-server - # yaml-language-server - # python3Packages.python-lsp-server - # nodePackages.dockerfile-language-server-nodejs - # docker-compose-language-service - # rust-analyzer - # cargo - # solargraph - # terraform-ls - # python3Full - ]; + ripgrep + nixd + universal-ctags + # ansible-language-server + # clang-tools + # gopls + # nodePackages.bash-language-server + # nodePackages.svelte-language-server + # nodePackages.typescript + # nodePackages.typescript-language-server + # nodePackages.vue-language-server + # nodePackages.vscode-langservers-extracted + # nginx-language-server + # lua-language-server + # cmake-language-server + # vim-language-server + # yaml-language-server + # python3Packages.python-lsp-server + # nodePackages.dockerfile-language-server-nodejs + # docker-compose-language-service + # rust-analyzer + # cargo + # solargraph + # terraform-ls + # python3Full + ]; - plugins = with pkgs.vimPlugins; [ - # The status bar in the bottom of the screen with the mode indication and file location - vim-airline + plugins = with pkgs.vimPlugins; + [ + # The status bar in the bottom of the screen with the mode indication and file location + vim-airline - # Automatically load editorconfig files in repos to configure nvim settings - editorconfig-vim + # Automatically load editorconfig files in repos to configure nvim settings + editorconfig-vim - # File browser. Use n to access - nnn-vim + # File browser. Use n to access + nnn-vim - # Highlight characters when using f, F, t, and T - quick-scope + # Highlight characters when using f, F, t, and T + quick-scope - # Undo history etc. per project - vim-workspace-nvfetcher + # Undo history etc. per project + vim-workspace-nvfetcher - # Neovim colorschemes / themes - sonokai - vim-hybrid-material - vim-airline-themes - vim-apprentice-nvfetcher + # Neovim colorschemes / themes + sonokai + vim-hybrid-material + vim-airline-themes + vim-apprentice-nvfetcher - # Git integrations - # A Git wrapper so awesome, it should be illegal - fugitive - # Shows git diff markers in the sign column - vim-gitgutter - # GitHub extension for fugitive - vim-rhubarb - # Ease your git workflow within Vim - vimagit-nvfetcher + # Git integrations + # A Git wrapper so awesome, it should be illegal + fugitive + # Shows git diff markers in the sign column + vim-gitgutter + # GitHub extension for fugitive + vim-rhubarb + # Ease your git workflow within Vim + vimagit-nvfetcher - # Telescope fuzzy finder - telescope-nvim - telescope-fzf-native-nvim + # Telescope fuzzy finder + telescope-nvim + telescope-fzf-native-nvim - # Make the yanked region apparent - vim-highlightedyank + # Make the yanked region apparent + vim-highlightedyank - # :Beautify Code beautifier - vim-beautify-nvfetcher + # :Beautify Code beautifier + vim-beautify-nvfetcher - # Unload, delete or wipe a buffer without closing the window - vim-bufkill + # Unload, delete or wipe a buffer without closing the window + vim-bufkill - # Defaults everyone can agree on - vim-sensible + # Defaults everyone can agree on + vim-sensible - # Work with tags files - vim-gutentags - ] ++ (if cfg.full then [ - nvim-treesitter.withAllGrammars + # Work with tags files + vim-gutentags + ] + ++ ( + if cfg.full + then [ + nvim-treesitter.withAllGrammars - # Dependencies for nvim-lspconfig - nvim-cmp - cmp-nvim-lsp - cmp_luasnip - luasnip + # Dependencies for nvim-lspconfig + nvim-cmp + cmp-nvim-lsp + cmp_luasnip + luasnip - # Quickstart configs for neovim LSP - lsp_extensions-nvim - nvim-lspconfig + # Quickstart configs for neovim LSP + lsp_extensions-nvim + nvim-lspconfig - # Collaborative editing in Neovim using built-in capabilities - instant-nvim-nvfetcher + # Collaborative editing in Neovim using built-in capabilities + instant-nvim-nvfetcher - # JSON schemas - SchemaStore-nvim - ] else []); + # JSON schemas + SchemaStore-nvim + ] + else [] + ); extraConfig = builtins.concatStringsSep "\n" ([ - '' - " Persistent undo - set undofile - set undodir=${xdg.cacheHome}/nvim/undo + '' + " Persistent undo + set undofile + set undodir=${xdg.cacheHome}/nvim/undo - set backupdir=${xdg.dataHome}/nvim/backup - set directory=${xdg.dataHome}/nvim/swap/ - '' - (builtins.readFile ./init.vim) - (builtins.readFile ./plugins.vim) - (builtins.readFile ./clipboard.vim) - (builtins.readFile ./ui.vim) - (builtins.readFile ./filetypes.vim) - ] ++ (if cfg.full then [ - (builtins.readFile ./lsp.vim) - (builtins.readFile ./cmp.vim) - ] else [])); + set backupdir=${xdg.dataHome}/nvim/backup + set directory=${xdg.dataHome}/nvim/swap/ + '' + (builtins.readFile ./init.vim) + (builtins.readFile ./plugins.vim) + (builtins.readFile ./clipboard.vim) + (builtins.readFile ./ui.vim) + (builtins.readFile ./filetypes.vim) + ] + ++ ( + if cfg.full + then [ + (builtins.readFile ./lsp.vim) + (builtins.readFile ./cmp.vim) + ] + else [] + )); } diff --git a/modules/user/default.nix b/modules/user/default.nix index 8dc7b65..5c92ab4 100644 --- a/modules/user/default.nix +++ b/modules/user/default.nix @@ -7,98 +7,100 @@ }: let psCfg = config.pub-solar; in -with lib; { - imports = [ - ./home.nix - ]; - - options.pub-solar = { - user = { - name = mkOption { - description = "User login name"; - type = types.nullOr types.str; - default = "nixos"; - }; - description = mkOption { - description = "User description"; - type = types.nullOr types.str; - default = "The main PubSolarOS user"; - }; - password = mkOption { - description = "User password"; - type = types.nullOr types.str; - default = null; - }; - passwordlessSudo = mkOption { - description = "Whether this user can use sudo without entering a password"; - type = types.bool; - default = false; - }; - publicKeys = mkOption { - description = "User SSH public keys"; - type = types.listOf types.str; - default = []; - }; - fullName = mkOption { - description = "User full name"; - type = types.nullOr types.str; - default = null; - }; - email = mkOption { - description = "User email address"; - type = types.nullOr types.str; - default = null; - }; - gpgKeyId = mkOption { - description = "GPG Key ID"; - type = types.nullOr types.str; - default = null; - }; - }; - }; - - config = { - users = { - mutableUsers = false; - - users."${psCfg.user.name}" = { - # Indicates whether this is an account for a “real” user. - # This automatically sets group to users, createHome to true, - # home to /home/username, useDefaultShell to true, and isSystemUser to false. - isNormalUser = true; - description = psCfg.user.description; - extraGroups = [ - "input" - "lp" - "networkmanager" - "scanner" - "video" - "dialout" - "wheel" - ]; - shell = pkgs.bash; - initialHashedPassword = - if psCfg.user.password != null - then psCfg.user.password - else ""; - openssh.authorizedKeys.keys = - flake.self.publicKeys ++ - (if psCfg.user.publicKeys != null - then psCfg.user.publicKeys - else []); - }; - }; - - security.sudo.extraRules = mkIf psCfg.user.passwordlessSudo [ - { - users = ["${psCfg.user.name}"]; - commands = [ - { - command = "ALL"; - options = ["NOPASSWD"]; - } - ]; - } + with lib; { + imports = [ + ./home.nix ]; - }; -} + + options.pub-solar = { + user = { + name = mkOption { + description = "User login name"; + type = types.nullOr types.str; + default = "nixos"; + }; + description = mkOption { + description = "User description"; + type = types.nullOr types.str; + default = "The main PubSolarOS user"; + }; + password = mkOption { + description = "User password"; + type = types.nullOr types.str; + default = null; + }; + passwordlessSudo = mkOption { + description = "Whether this user can use sudo without entering a password"; + type = types.bool; + default = false; + }; + publicKeys = mkOption { + description = "User SSH public keys"; + type = types.listOf types.str; + default = []; + }; + fullName = mkOption { + description = "User full name"; + type = types.nullOr types.str; + default = null; + }; + email = mkOption { + description = "User email address"; + type = types.nullOr types.str; + default = null; + }; + gpgKeyId = mkOption { + description = "GPG Key ID"; + type = types.nullOr types.str; + default = null; + }; + }; + }; + + config = { + users = { + mutableUsers = false; + + users."${psCfg.user.name}" = { + # Indicates whether this is an account for a “real” user. + # This automatically sets group to users, createHome to true, + # home to /home/username, useDefaultShell to true, and isSystemUser to false. + isNormalUser = true; + description = psCfg.user.description; + extraGroups = [ + "input" + "lp" + "networkmanager" + "scanner" + "video" + "dialout" + "wheel" + ]; + shell = pkgs.bash; + initialHashedPassword = + if psCfg.user.password != null + then psCfg.user.password + else ""; + openssh.authorizedKeys.keys = + flake.self.publicKeys + ++ ( + if psCfg.user.publicKeys != null + then psCfg.user.publicKeys + else [] + ); + }; + }; + + security.sudo.extraRules = mkIf psCfg.user.passwordlessSudo [ + { + users = ["${psCfg.user.name}"]; + commands = [ + { + command = "ALL"; + options = ["NOPASSWD"]; + } + ]; + } + ]; + }; + } diff --git a/modules/wireguard/default.nix b/modules/wireguard/default.nix index f4f4948..6d920b0 100644 --- a/modules/wireguard/default.nix +++ b/modules/wireguard/default.nix @@ -1,4 +1,4 @@ -{ ... }: { +{...}: { imports = [ ./private.nix ./tunnel.nix diff --git a/modules/wireguard/ehex.nix b/modules/wireguard/ehex.nix index 8119c92..b3e5ce6 100644 --- a/modules/wireguard/ehex.nix +++ b/modules/wireguard/ehex.nix @@ -2,8 +2,7 @@ lib, config, ... -}: -let +}: let cfg = config.pub-solar.wireguard.ehex; in { options.pub-solar.wireguard.ehex = { @@ -19,10 +18,10 @@ in { }; }; - config = lib.mkIf (lib.length cfg.ownIPs != 0){ + config = lib.mkIf (lib.length cfg.ownIPs != 0) { networking.firewall.allowedUDPPorts = [51822]; - systemd.network.wait-online.ignoredInterfaces = [ "wg-ehex" ]; + systemd.network.wait-online.ignoredInterfaces = ["wg-ehex"]; systemd.services.wireguard-wg-ehex = import ./service-override.nix lib; @@ -42,8 +41,8 @@ in { { endpoint = "vpn-gateway.ehex.de:4242"; publicKey = "Fsg4KEyDEvQEt/1cVWU9xa/k9x/3UhONDj61aXZ7tys="; - presharedKey = "tQy7B5R3wOgWwIKFDcEr4WZIqCrwG+9UgPRIQx/5xso="; - allowedIPs = [ "10.42.0.0/22" "10.0.66.0/24" ]; + presharedKey = "tQy7B5R3wOgWwIKFDcEr4WZIqCrwG+9UgPRIQx/5xso="; + allowedIPs = ["10.42.0.0/22" "10.0.66.0/24"]; persistentKeepalive = 15; dynamicEndpointRefreshSeconds = 30; } diff --git a/modules/wireguard/private.nix b/modules/wireguard/private.nix index 407b3dd..ce960ac 100644 --- a/modules/wireguard/private.nix +++ b/modules/wireguard/private.nix @@ -3,8 +3,7 @@ config, pkgs, ... -}: -let +}: let cfg = config.pub-solar.wireguard.private; in { options.pub-solar.wireguard.private = { @@ -43,7 +42,7 @@ in { config = lib.mkIf (builtins.length cfg.ownIPs != 0) { networking.firewall.allowedUDPPorts = [51899]; - systemd.network.wait-online.ignoredInterfaces = [ "wg-private" ]; + systemd.network.wait-online.ignoredInterfaces = ["wg-private"]; systemd.services.wireguard-wg-private = import ./service-override.nix lib; @@ -53,21 +52,30 @@ in { mtu = 1300; ips = cfg.ownIPs; privateKeyFile = cfg.privateKeyFile; - postSetup = "" - + (if cfg.useDNS then '' - printf "nameserver 10.13.12.7\nnameserver fd00:b12f:acab:1312:acab:7::" | resolvconf -a wg-private -m 0 -x - '' else "") - + (if cfg.fullTunnel then '' - defaultRoute=$(${pkgs.iproute2}/bin/ip r | ${pkgs.gnugrep}/bin/grep "default via" | head -n 1 | ${pkgs.gawk}/bin/awk '{ print $3 " " $4 " " $5 }') - ipv4=$(${pkgs.dnsutils}/bin/dig +short A vpn.b12f.io) - ${pkgs.iproute2}/bin/ip route add $ipv4 metric 256 via $defaultRoute - ipv6=$(${pkgs.dnsutils}/bin/dig +short AAAA vpn.b12f.io) - ${pkgs.iproute2}/bin/ip route add $ipv6 metric 256 via $defaultRoute - ip -4 route delete default dev wg-private || true - ip -4 route replace default dev wg-private metric 512 - ip -6 route delete default dev wg-private || true - ip -6 route replace default dev wg-private metric 512 - '' else ""); + postSetup = + "" + + ( + if cfg.useDNS + then '' + printf "nameserver 10.13.12.7\nnameserver fd00:b12f:acab:1312:acab:7::" | resolvconf -a wg-private -m 0 -x + '' + else "" + ) + + ( + if cfg.fullTunnel + then '' + defaultRoute=$(${pkgs.iproute2}/bin/ip r | ${pkgs.gnugrep}/bin/grep "default via" | head -n 1 | ${pkgs.gawk}/bin/awk '{ print $3 " " $4 " " $5 }') + ipv4=$(${pkgs.dnsutils}/bin/dig +short A vpn.b12f.io) + ${pkgs.iproute2}/bin/ip route add $ipv4 metric 256 via $defaultRoute + ipv6=$(${pkgs.dnsutils}/bin/dig +short AAAA vpn.b12f.io) + ${pkgs.iproute2}/bin/ip route add $ipv6 metric 256 via $defaultRoute + ip -4 route delete default dev wg-private || true + ip -4 route replace default dev wg-private metric 512 + ip -6 route delete default dev wg-private || true + ip -6 route replace default dev wg-private metric 512 + '' + else "" + ); postShutdown = lib.mkIf cfg.useDNS '' resolvconf -d wg-private -f ''; @@ -75,13 +83,19 @@ in { { # frikandel publicKey = "p6YKNYBlySKfhTN+wbSsKdoNjzko/XSAiTAlCJzP1jA="; - allowedIPs = [ - "10.13.12.0/24" - "fd00:b12f:acab:1312::/64" - ] ++ (if cfg.fullTunnel then [ - "0.0.0.0/0" - "::/0" - ] else []); + allowedIPs = + [ + "10.13.12.0/24" + "fd00:b12f:acab:1312::/64" + ] + ++ ( + if cfg.fullTunnel + then [ + "0.0.0.0/0" + "::/0" + ] + else [] + ); endpoint = "vpn.b12f.io:51899"; dynamicEndpointRefreshSeconds = 30; } diff --git a/modules/wireguard/pub.solar.nix b/modules/wireguard/pub.solar.nix index d28fb8d..ba1913a 100644 --- a/modules/wireguard/pub.solar.nix +++ b/modules/wireguard/pub.solar.nix @@ -2,8 +2,7 @@ lib, config, ... -}: -let +}: let cfg = config.pub-solar.wireguard.pub-solar; in { options.pub-solar.wireguard.pub-solar = { @@ -19,10 +18,10 @@ in { }; }; - config = lib.mkIf (lib.length cfg.ownIPs != 0){ + config = lib.mkIf (lib.length cfg.ownIPs != 0) { networking.firewall.allowedUDPPorts = [51821]; - systemd.network.wait-online.ignoredInterfaces = [ "wg-pub-solar" ]; + systemd.network.wait-online.ignoredInterfaces = ["wg-pub-solar"]; systemd.services.wireguard-wg-pub-solar = import ./service-override.nix lib; @@ -36,14 +35,14 @@ in { { endpoint = "flora-6.pub.solar:51820"; publicKey = "jtSR5G2P/nm9s8WrVc26Xc/SQLupRxyXE+5eIeqlsTU="; - allowedIPs = [ "10.7.6.2/32" "fd00:fae:fae:fae:fae:2::/96" ]; + allowedIPs = ["10.7.6.2/32" "fd00:fae:fae:fae:fae:2::/96"]; persistentKeepalive = 15; dynamicEndpointRefreshSeconds = 30; } { endpoint = "nachtigall.pub.solar:51820"; publicKey = "qzNywKY9RvqTnDO8eLik75/SHveaSk9OObilDzv+xkk="; - allowedIPs = [ "10.7.6.1/32" "fd00:fae:fae:fae:fae:1::/96" ]; + allowedIPs = ["10.7.6.1/32" "fd00:fae:fae:fae:fae:1::/96"]; persistentKeepalive = 15; dynamicEndpointRefreshSeconds = 30; } diff --git a/modules/wireguard/service-override.nix b/modules/wireguard/service-override.nix index a010b5a..593d9d6 100644 --- a/modules/wireguard/service-override.nix +++ b/modules/wireguard/service-override.nix @@ -1,17 +1,17 @@ lib: { - wantedBy = [ - "network.target" - "network-online.target" - "nss-lookup.target" - ]; + wantedBy = [ + "network.target" + "network-online.target" + "nss-lookup.target" + ]; - serviceConfig = { - Type = lib.mkForce "simple"; - Restart = "on-failure"; - RestartSec = "15"; - }; + serviceConfig = { + Type = lib.mkForce "simple"; + Restart = "on-failure"; + RestartSec = "15"; + }; - environment = { - WG_ENDPOINT_RESOLUTION_RETRIES = "infinity"; - }; + environment = { + WG_ENDPOINT_RESOLUTION_RETRIES = "infinity"; + }; } diff --git a/modules/wireguard/tunnel.nix b/modules/wireguard/tunnel.nix index 2bfe943..08f10be 100644 --- a/modules/wireguard/tunnel.nix +++ b/modules/wireguard/tunnel.nix @@ -3,8 +3,7 @@ config, pkgs, ... -}: -let +}: let cfg = config.pub-solar.wireguard.tunnel; in { options.pub-solar.wireguard.tunnel = { @@ -37,10 +36,10 @@ in { }; }; - config = lib.mkIf (lib.length cfg.ownIPs != 0){ + config = lib.mkIf (lib.length cfg.ownIPs != 0) { networking.firewall.allowedUDPPorts = [51820]; - systemd.network.wait-online.ignoredInterfaces = [ "wg-tunnel" ]; + systemd.network.wait-online.ignoredInterfaces = ["wg-tunnel"]; systemd.targets.wireguard-wg-tunnel = { wantedBy = lib.mkForce []; @@ -73,11 +72,22 @@ in { }; networking.wireguard.interfaces = let - splitEndpoint = (lib.strings.splitString ":" cfg.peer.endpoint); - joinIPV6 = p: ip: p + (if (lib.stringLength ip > 0) then ":" else "") + ip; + splitEndpoint = lib.strings.splitString ":" cfg.peer.endpoint; + joinIPV6 = p: ip: + p + + ( + if (lib.stringLength ip > 0) + then ":" + else "" + ) + + ip; isIPV4 = lib.length splitEndpoint < 3; - ipFlag = if isIPV4 then "-4" else "-6"; - endpointIP = (if isIPV4 + ipFlag = + if isIPV4 + then "-4" + else "-6"; + endpointIP = ( + if isIPV4 then lib.elemAt splitEndpoint 0 else lib.lists.fold joinIPV6 "" ((lib.lists.take ((lib.length splitEndpoint) - 1)) splitEndpoint) ); @@ -87,24 +97,36 @@ in { listenPort = 51820; ips = cfg.ownIPs; privateKeyFile = cfg.privateKeyFile; - postSetup = '' - defaultRoute=$(${pkgs.iproute2}/bin/ip ${ipFlag} r | ${pkgs.gnugrep}/bin/grep "default via" | head -n 1 | ${pkgs.gawk}/bin/awk '{ print $3 " " $4 " " $5 }') - ${pkgs.iproute2}/bin/ip ${ipFlag} route add "${endpointIPStripped}${if isIPV4 then "/32" else "/128"}" metric 256 via $defaultRoute - ip -4 route delete default dev wg-tunnel || true - ip -4 route add default dev wg-tunnel metric 512 - ip -6 route delete default dev wg-tunnel || true - ip -6 route add default dev wg-tunnel metric 512 - '' + (if cfg.useDNS - then ''printf "nameserver 10.64.0.1" | resolvconf -a wg-tunnel -m 0 -x'' - else ""); - postShutdown = '' - addedRoute=$(${pkgs.iproute2}/bin/ip ${ipFlag} r | ${pkgs.gnugrep}/bin/grep "${endpointIPStripped}" | head -n 1 | ${pkgs.gawk}/bin/awk '{ print $1 " " $2 " " $3 " " $4 " " $5 }') - if [ -n "$addedRoute" ]; then - ${pkgs.iproute2}/bin/ip ${ipFlag} route delete $addedRoute - fi - '' + (if cfg.useDNS - then ''resolvconf -d wg-tunnel -f'' - else ""); + postSetup = + '' + defaultRoute=$(${pkgs.iproute2}/bin/ip ${ipFlag} r | ${pkgs.gnugrep}/bin/grep "default via" | head -n 1 | ${pkgs.gawk}/bin/awk '{ print $3 " " $4 " " $5 }') + ${pkgs.iproute2}/bin/ip ${ipFlag} route add "${endpointIPStripped}${ + if isIPV4 + then "/32" + else "/128" + }" metric 256 via $defaultRoute + ip -4 route delete default dev wg-tunnel || true + ip -4 route add default dev wg-tunnel metric 512 + ip -6 route delete default dev wg-tunnel || true + ip -6 route add default dev wg-tunnel metric 512 + '' + + ( + if cfg.useDNS + then ''printf "nameserver 10.64.0.1" | resolvconf -a wg-tunnel -m 0 -x'' + else "" + ); + postShutdown = + '' + addedRoute=$(${pkgs.iproute2}/bin/ip ${ipFlag} r | ${pkgs.gnugrep}/bin/grep "${endpointIPStripped}" | head -n 1 | ${pkgs.gawk}/bin/awk '{ print $1 " " $2 " " $3 " " $4 " " $5 }') + if [ -n "$addedRoute" ]; then + ${pkgs.iproute2}/bin/ip ${ipFlag} route delete $addedRoute + fi + '' + + ( + if cfg.useDNS + then ''resolvconf -d wg-tunnel -f'' + else "" + ); peers = [ { publicKey = cfg.peer.publicKey; diff --git a/modules/wireshark/default.nix b/modules/wireshark/default.nix index e04b232..b0487a7 100644 --- a/modules/wireshark/default.nix +++ b/modules/wireshark/default.nix @@ -12,6 +12,6 @@ in { users.users."${psCfg.user.name}" = { extraGroups = ["wireshark"]; - packages = [ pkgs.wireshark ]; + packages = [pkgs.wireshark]; }; } diff --git a/overlays/default.nix b/overlays/default.nix index deb84f5..7a5baa1 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -5,16 +5,16 @@ }: { flake = { nixosModules = rec { - overlays = ({ ... }: { + overlays = {...}: { nixpkgs.overlays = [ inputs.deno2nix.overlays.default inputs.nixd.overlays.default inputs.invoiceplane-template.overlays.default (final: prev: let - unstable = import inputs.nixpkgs-unstable { system = prev.system; }; - master = import inputs.nixpkgs-master { system = prev.system; }; - authelia-438 = import inputs.authelia-438 { system = prev.system; }; + unstable = import inputs.nixpkgs-unstable {system = prev.system;}; + master = import inputs.nixpkgs-master {system = prev.system;}; + authelia-438 = import inputs.authelia-438 {system = prev.system;}; in { factorio-headless = master.factorio-headless; paperless-ngx = unstable.paperless-ngx; @@ -59,7 +59,7 @@ }; }) ]; - }); + }; }; }; } diff --git a/overlays/element-desktop.nix b/overlays/element-desktop.nix index c6c39c7..35dbc7d 100644 --- a/overlays/element-desktop.nix +++ b/overlays/element-desktop.nix @@ -1,3 +1,3 @@ final: prev: { - element-desktop = prev.element-desktop.override { electron = prev.electron_28; }; + element-desktop = prev.element-desktop.override {electron = prev.electron_28;}; } diff --git a/pkgs/_sources/generated.nix b/pkgs/_sources/generated.nix index 822c473..b8a311a 100644 --- a/pkgs/_sources/generated.nix +++ b/pkgs/_sources/generated.nix @@ -1,6 +1,10 @@ # This file was generated by nvfetcher, please do not modify it manually. -{ fetchgit, fetchurl, fetchFromGitHub, dockerTools }: { + fetchgit, + fetchurl, + fetchFromGitHub, + dockerTools, +}: { b12f-io-nvfetcher = { pname = "b12f-io-nvfetcher"; version = "38adb94ce69d8807ea2e36f57abe08091192b31c"; diff --git a/pkgs/check-battery.nix b/pkgs/check-battery.nix index 28f6e06..115eeb2 100644 --- a/pkgs/check-battery.nix +++ b/pkgs/check-battery.nix @@ -1,13 +1,13 @@ self: with self; '' -status=$(cat /sys/class/power_supply/BAT0/status) -if [ $status != "Discharging" ]; then - exit 0 -fi + status=$(cat /sys/class/power_supply/BAT0/status) + if [ $status != "Discharging" ]; then + exit 0 + fi -capacity=$(cat /sys/class/power_supply/BAT0/capacity) -if [ $capacity -lt 20 ]; then - export DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/$(id -u)/bus - ${libnotify}/bin/notify-send -u critical "Battery ''${capacity}%" -fi + capacity=$(cat /sys/class/power_supply/BAT0/capacity) + if [ $capacity -lt 20 ]; then + export DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/$(id -u)/bus + ${libnotify}/bin/notify-send -u critical "Battery ''${capacity}%" + fi '' diff --git a/pkgs/default.nix b/pkgs/default.nix index 24b7e37..6ef3b2a 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -5,8 +5,14 @@ with prev; { # then, call packages with `final.callPackage` check-battery = writeShellScriptBin "check-battery" (import ./check-battery.nix final); concourse = import ./concourse.nix final; - element-b12f = writeShellScriptBin "element-b12f" (import ./element-desktop.nix { inherit final; profile = "b12f"; }); - element-mezza = writeShellScriptBin "element-mezza" (import ./element-desktop.nix { inherit final; profile = "mezza"; }); + element-b12f = writeShellScriptBin "element-b12f" (import ./element-desktop.nix { + inherit final; + profile = "b12f"; + }); + element-mezza = writeShellScriptBin "element-mezza" (import ./element-desktop.nix { + inherit final; + profile = "mezza"; + }); fetch-hostingde-invoices = import ./fetch-hostingde-invoices final; import-gtk-settings = writeShellScriptBin "import-gtk-settings" (import ./import-gtk-settings.nix final); lgcl = writeShellScriptBin "lgcl" (import ./lgcl.nix final); diff --git a/pkgs/element-desktop.nix b/pkgs/element-desktop.nix index 2a04ab1..4286cbe 100644 --- a/pkgs/element-desktop.nix +++ b/pkgs/element-desktop.nix @@ -1,4 +1,7 @@ -{ final, profile }: +{ + final, + profile, +}: with final; '' -${element-desktop}/bin/element-desktop --profile=${profile} + ${element-desktop}/bin/element-desktop --profile=${profile} '' diff --git a/pkgs/fetch-hostingde-invoices/default.nix b/pkgs/fetch-hostingde-invoices/default.nix index cf710bd..97c86db 100644 --- a/pkgs/fetch-hostingde-invoices/default.nix +++ b/pkgs/fetch-hostingde-invoices/default.nix @@ -1,4 +1,5 @@ -self: self.deno2nix.mkExecutable { +self: +self.deno2nix.mkExecutable { pname = "fetch-hostingde-invoices"; version = "0.1.0"; diff --git a/public-keys.nix b/public-keys.nix index 74af8a1..0bc38cb 100644 --- a/public-keys.nix +++ b/public-keys.nix @@ -1,5 +1,4 @@ -{ lib, ... }: -{ +{lib, ...}: { flake = { publicKeys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCmXpOU6vzQiVSSYCoxHYv7wDxC63Qg3dxlAMR6AOzwIABCU5PFFNcO0NWYms/YR7MOViorl+19LCLRABar9JgHU1n+uqxKV6eGph3OPeMp5sN8LAh7C9N+TZj8iJzBxQ3ch+Z/LdmLRwYNJ7KSUI+gwGK6xRS3+z1022Y4P0G0sx7IeCBl4lealQEIIF10ZOfjUdBcLQar7XTc5AxyGKnHCerXHRtccCoadLQujk0AvPXbv3Ma4JwX9X++AnCWRWakqS5UInu2tGuZ/6Hrjd2a9AKWjTaBVDcbYqCvY4XVuMj2/A2bCceFBaoi41apybSk26FSFTU4qiEUNQ6lxeOwG4+1NCXyHe2bGI4VyoxinDYa8vLLzXIRfTRA0qoGfCweXNeWPf0jMqASkUKaSOH5Ot7O5ps34r0j9pWzavDid8QeKJPyhxKuF1a5G4iBEZ0O9vuti60dPSjJPci9oTxbune2/jb7Sa0yO06DtLFJ2ncr5f70s/BDxKk4XIwQLy+KsvzlQEGdY8yA6xv28bOGxL3sQ0HE2pDTsvIbAisVOKzdJeolStL9MM5W8Hg0r/KkGj2bg0TfoRp1xHV9hjKkvJrsQ6okaPvNFeZq0HXzPhWMOVQ+/46z80uaQ1ByRLr3FTwuWJ7F/73ndfxiq6bDE4z2Ji0vOjeWJm6HCxTdGw== id_bbcom" diff --git a/users/b12f/email.nix b/users/b12f/email.nix index 1c6cfdd..df376f3 100644 --- a/users/b12f/email.nix +++ b/users/b12f/email.nix @@ -12,59 +12,71 @@ with lib; let cacheHome = xdg.cacheHome; maildirBasePath = "/home/${psCfg.user.name}/Mail"; - generateMailAccount = args@{ address, ... }: rec { - inherit address; - realName = if (args ? "fullName") then args.fullName else psCfg.user.fullName; - signature = { - showSignature = "append"; - text = if (args ? "emptysignature") then "" else builtins.readFile (./.config/neomutt + "/${builtins.replaceStrings ["@"] ["_"] address}.signature"); - }; + generateMailAccount = args @ {address, ...}: + rec { + inherit address; + realName = + if (args ? "fullName") + then args.fullName + else psCfg.user.fullName; + signature = { + showSignature = "append"; + text = + if (args ? "emptysignature") + then "" + else builtins.readFile (./.config/neomutt + "/${builtins.replaceStrings ["@"] ["_"] address}.signature"); + }; - folders = { - inbox = "INBOX"; - drafts = "Drafts"; - sent = "Sent"; - trash = "Trash"; - }; + folders = { + inbox = "INBOX"; + drafts = "Drafts"; + sent = "Sent"; + trash = "Trash"; + }; - gpg.key = psCfg.user.gpgKeyId; + gpg.key = psCfg.user.gpgKeyId; - userName = address; - passwordCommand = "secret-tool lookup email ${address}"; - imap = { - host = mkIf (args ? "host") args.host; - port = 993; - }; - smtp = { - host = mkIf (args ? "host") args.host; - port = 587; - tls.useStartTls = true; - }; + userName = address; + passwordCommand = "secret-tool lookup email ${address}"; + imap = { + host = mkIf (args ? "host") args.host; + port = 993; + }; + smtp = { + host = mkIf (args ? "host") args.host; + port = 587; + tls.useStartTls = true; + }; - offlineimap.enable = true; - imapnotify = { - enable = true; - boxes = [ "INBOX" ]; - onNotify = "${pkgs.offlineimap}/bin/offlineimap -a ${address}"; - onNotifyPost = "${pkgs.libnotify}/bin/notify-send '${address} has new mail'"; - }; - msmtp.enable = true; - neomutt = { - enable = true; - sendMailCommand = "msmtp -a ${address}"; - extraConfig = '' - set pgp_default_key="${gpg.key}" + offlineimap.enable = true; + imapnotify = { + enable = true; + boxes = ["INBOX"]; + onNotify = "${pkgs.offlineimap}/bin/offlineimap -a ${address}"; + onNotifyPost = "${pkgs.libnotify}/bin/notify-send '${address} has new mail'"; + }; + msmtp.enable = true; + neomutt = { + enable = true; + sendMailCommand = "msmtp -a ${address}"; + extraConfig = '' + set pgp_default_key="${gpg.key}" - unmailboxes * + unmailboxes * - mailboxes +INBOX \ - +Drafts \ - +Sent \ - +Archive \ - +Trash - ''; - }; - } // (if args ? "config" then args.config else {}); + mailboxes +INBOX \ + +Drafts \ + +Sent \ + +Archive \ + +Trash + ''; + }; + } + // ( + if args ? "config" + then args.config + else {} + ); in { users.users."${psCfg.user.name}".packages = with pkgs; [ w3m @@ -86,65 +98,66 @@ in { accounts.email = { inherit maildirBasePath; - accounts = with flake.self.lib; lib.lists.foldr (item: set: (set // { "${item.address}" = generateMailAccount item; })) {} [ - { - address = mkEmailAddress "hello" "benjaminbaedorf.eu"; - host = "mail.hosting.de"; - config.primary = true; - } - { - address = mkEmailAddress "mail" "b12f.io"; - host = "mail.b12f.io"; - } - { - address = mkEmailAddress "benjamin.baedorf" "rwth-aachen.de"; - host = "mail.rwth-aachen.de"; - config.userName = mkEmailAddress "bb564306" "rwth-aachen.de"; - } - { - address = mkEmailAddress "byb" "miom.space"; - host = "mail.hosting.de"; - } - { - address = mkEmailAddress "contact" "miom.space"; - host = "mail.hosting.de"; - } - { - address = mkEmailAddress "admins" "pub.solar"; - host = "mail.pub.solar"; - } - { - address = mkEmailAddress "crew" "pub.solar"; - host = "mail.pub.solar"; - } - # { - # address = mkEmailAddress "benjamin.yule.baedorf" "verkstedt.com"; - # flavor = "gmail"; - # config = { - # smtp.host = "smtp.gmail.com"; - # imap.host = "imap.gmail.com"; - # }; - # } - { - address = mkEmailAddress "benjamin-yule.baedorf" "ext.ehealthexperts.de"; - config = { - smtp.host = "smtp.mailbox.org"; - imap.host = "imap.mailbox.org"; - }; - } - { - fullName = "mezza"; - address = mkEmailAddress "mail" "mezza.biz"; - host = "mail.mezza.biz"; - emptysignature = true; - } - { - fullname = "hwd"+ "zz"; - address = mkEmailAddress "mail" "h" + "w" + "dz" + "z.net"; - host = "mail.h" + "w" + "dz" + "z.net"; - emptysignature = true; - } - ]; + accounts = with flake.self.lib; + lib.lists.foldr (item: set: (set // {"${item.address}" = generateMailAccount item;})) {} [ + { + address = mkEmailAddress "hello" "benjaminbaedorf.eu"; + host = "mail.hosting.de"; + config.primary = true; + } + { + address = mkEmailAddress "mail" "b12f.io"; + host = "mail.b12f.io"; + } + { + address = mkEmailAddress "benjamin.baedorf" "rwth-aachen.de"; + host = "mail.rwth-aachen.de"; + config.userName = mkEmailAddress "bb564306" "rwth-aachen.de"; + } + { + address = mkEmailAddress "byb" "miom.space"; + host = "mail.hosting.de"; + } + { + address = mkEmailAddress "contact" "miom.space"; + host = "mail.hosting.de"; + } + { + address = mkEmailAddress "admins" "pub.solar"; + host = "mail.pub.solar"; + } + { + address = mkEmailAddress "crew" "pub.solar"; + host = "mail.pub.solar"; + } + # { + # address = mkEmailAddress "benjamin.yule.baedorf" "verkstedt.com"; + # flavor = "gmail"; + # config = { + # smtp.host = "smtp.gmail.com"; + # imap.host = "imap.gmail.com"; + # }; + # } + { + address = mkEmailAddress "benjamin-yule.baedorf" "ext.ehealthexperts.de"; + config = { + smtp.host = "smtp.mailbox.org"; + imap.host = "imap.mailbox.org"; + }; + } + { + fullName = "mezza"; + address = mkEmailAddress "mail" "mezza.biz"; + host = "mail.mezza.biz"; + emptysignature = true; + } + { + fullname = "hwd" + "zz"; + address = mkEmailAddress "mail" "h" + "w" + "dz" + "z.net"; + host = "mail.h" + "w" + "dz" + "z.net"; + emptysignature = true; + } + ]; }; services.imapnotify.enable = true; @@ -154,69 +167,167 @@ in { enable = true; binds = [ # Moving around - { map = ["generic"]; key = "g"; action = "noop"; } - { map = ["generic"]; key = "gg"; action = "first-entry"; } - { map = ["generic" "index"]; key = "G"; action = "last-entry"; } - { map = ["generic" "index"]; key = "i"; action = "previous-entry"; } - { map = ["generic" "index"]; key = "k"; action = "next-entry"; } - { map = ["pager" "index"]; key = "d"; action = "noop"; } - { map = ["pager" "index"]; key = "dd"; action = "delete-message"; } - { map = ["pager"]; key = "i"; action = "previous-line"; } - { map = ["pager"]; key = "k"; action = "next-line"; } - { map = ["pager"]; key = "I"; action = "previous-entry"; } - { map = ["pager"]; key = "K"; action = "next-entry"; } + { + map = ["generic"]; + key = "g"; + action = "noop"; + } + { + map = ["generic"]; + key = "gg"; + action = "first-entry"; + } + { + map = ["generic" "index"]; + key = "G"; + action = "last-entry"; + } + { + map = ["generic" "index"]; + key = "i"; + action = "previous-entry"; + } + { + map = ["generic" "index"]; + key = "k"; + action = "next-entry"; + } + { + map = ["pager" "index"]; + key = "d"; + action = "noop"; + } + { + map = ["pager" "index"]; + key = "dd"; + action = "delete-message"; + } + { + map = ["pager"]; + key = "i"; + action = "previous-line"; + } + { + map = ["pager"]; + key = "k"; + action = "next-line"; + } + { + map = ["pager"]; + key = "I"; + action = "previous-entry"; + } + { + map = ["pager"]; + key = "K"; + action = "next-entry"; + } - { map = ["pager"]; key = "r"; action = "noop"; } - { map = ["pager"]; key = "rr"; action = "reply"; } - { map = ["pager"]; key = "ra"; action = "group-reply"; } - { map = ["pager"]; key = "rn"; action = "group-chat-reply"; } - { map = ["pager"]; key = "rl"; action = "list-reply"; } + { + map = ["pager"]; + key = "r"; + action = "noop"; + } + { + map = ["pager"]; + key = "rr"; + action = "reply"; + } + { + map = ["pager"]; + key = "ra"; + action = "group-reply"; + } + { + map = ["pager"]; + key = "rn"; + action = "group-chat-reply"; + } + { + map = ["pager"]; + key = "rl"; + action = "list-reply"; + } # Threads - { map = ["browser" "pager" "index"]; key = "N"; action = "search-opposite"; } - { map = ["pager" "index"]; key = "dT"; action = "delete-thread"; } - { map = ["pager" "index"]; key = "dt"; action = "delete-subthread"; } - { map = ["pager" "index"]; key = "g"; action = "noop"; } - { map = ["pager" "index"]; key = "gt"; action = "next-thread"; } - { map = ["pager" "index"]; key = "gT"; action = "previous-thread"; } - { map = ["index"]; key = "za"; action = "collapse-thread"; } - { map = ["index"]; key = "zA"; action = "collapse-all"; } - ]; - - macros = [ - # Enable URL opening { - map = ["index" "pager"]; - key = "\\Cb"; - action = '' ${pkgs.urlscan}/bin/urlscan" "call urlscan to extract URLs out of a message''; + map = ["browser" "pager" "index"]; + key = "N"; + action = "search-opposite"; } { - map = ["attach" "compose"]; - key = "\\Cb"; - action = '' ${pkgs.urlscan}/bin/urlscan" "call urlscan to extract URLs out of a message''; + map = ["pager" "index"]; + key = "dT"; + action = "delete-thread"; } - # Translate markdown to html { - map = ["compose"]; - key = "\\Cm"; - action = ''F ${pkgs.pandoc}/bin/pandoc -s -f markdown -t html \ny^T^Utext/html; charset=utf-8\n" "Convert to HTML''; + map = ["pager" "index"]; + key = "dt"; + action = "delete-subthread"; } - # Save to ~/Downloads by default { - map = ["attach"]; - key = "S"; - action = ''~/Downloads/" "Save to Downloads''; + map = ["pager" "index"]; + key = "g"; + action = "noop"; + } + { + map = ["pager" "index"]; + key = "gt"; + action = "next-thread"; + } + { + map = ["pager" "index"]; + key = "gT"; + action = "previous-thread"; } { map = ["index"]; - key = "\\Ca"; - action = ''~NN." "Mark all as read''; + key = "za"; + action = "collapse-thread"; } - ] ++ lib.lists.imap1 (i: address: { - map = ["index" "pager"]; - key = ""; - action = ''source ${configHome}/neomutt/${address}!''; - }) (builtins.attrNames accounts.email.accounts); + { + map = ["index"]; + key = "zA"; + action = "collapse-all"; + } + ]; + + macros = + [ + # Enable URL opening + { + map = ["index" "pager"]; + key = "\\Cb"; + action = '' ${pkgs.urlscan}/bin/urlscan" "call urlscan to extract URLs out of a message''; + } + { + map = ["attach" "compose"]; + key = "\\Cb"; + action = '' ${pkgs.urlscan}/bin/urlscan" "call urlscan to extract URLs out of a message''; + } + # Translate markdown to html + { + map = ["compose"]; + key = "\\Cm"; + action = ''F ${pkgs.pandoc}/bin/pandoc -s -f markdown -t html \ny^T^Utext/html; charset=utf-8\n" "Convert to HTML''; + } + # Save to ~/Downloads by default + { + map = ["attach"]; + key = "S"; + action = ''~/Downloads/" "Save to Downloads''; + } + { + map = ["index"]; + key = "\\Ca"; + action = ''~NN." "Mark all as read''; + } + ] + ++ lib.lists.imap1 (i: address: { + map = ["index" "pager"]; + key = ""; + action = ''source ${configHome}/neomutt/${address}!''; + }) (builtins.attrNames accounts.email.accounts); # unmailboxes = true; extraConfig = '' @@ -234,7 +345,7 @@ in { imap_check_subscribed = "yes"; date_format = ''"!%d.%m.%Y %H:%M"''; index_format = ''"%4C %Z %D %4c %20.20L %s"''; - mailcap_path = "${configHome}/neomutt/mailcap"; + mailcap_path = "${configHome}/neomutt/mailcap"; }; }; }; @@ -251,7 +362,7 @@ in { services.restic.backups = { email = { - paths = [ maildirBasePath ]; + paths = [maildirBasePath]; initialize = true; passwordFile = config.age.secrets."restic-password".path; # See https://www.hosting.de/blog/verschluesselte-backups-mit-rclone-und-restic-in-nextcloud/ diff --git a/users/default.nix b/users/default.nix index 888811f..b1dccc0 100644 --- a/users/default.nix +++ b/users/default.nix @@ -1,5 +1,4 @@ -{ self, ... }: -{ +{self, ...}: { flake = { nixosModules = rec { root = import ./root; diff --git a/users/root/default.nix b/users/root/default.nix index fc783cb..465a813 100644 --- a/users/root/default.nix +++ b/users/root/default.nix @@ -1,4 +1,3 @@ -{...}: -{ +{...}: { users.users.root.hashedPassword = "$y$j9T$HihsChALx5fotahvDVhdC/$iQCGUr35quGDDEFg0SGjDBxWzU/kokgOVDX.weRvL80"; } From 50c182d827446e54a6bbad20ac00675c2ba02ceb Mon Sep 17 00:00:00 2001 From: b12f Date: Mon, 19 Aug 2024 00:23:24 +0200 Subject: [PATCH 06/19] terminal-life/nvim: lint vim files, add recent command telescope --- .editorconfig | 7 +- modules/terminal-life/nvim/cmp.vim | 78 +++++++-------- modules/terminal-life/nvim/lsp.vim | 128 ++++++++++++------------- modules/terminal-life/nvim/plugins.vim | 18 ++-- 4 files changed, 119 insertions(+), 112 deletions(-) diff --git a/.editorconfig b/.editorconfig index c53484c..f1969cc 100644 --- a/.editorconfig +++ b/.editorconfig @@ -6,7 +6,8 @@ end_of_line = lf insert_final_newline = true trim_trailing_whitespace = true charset = utf-8 -indent_style = tab +indent_style = space +indent_size = 2 # Ignore diffs/patches [*.{diff,patch}] @@ -19,8 +20,8 @@ indent_style = unset indent_size = unset [{.*,secrets}/**] -end_of_line = unset -insert_final_newline = unset +end_of_line = false +insert_final_newline = false trim_trailing_whitespace = unset charset = unset indent_style = unset diff --git a/modules/terminal-life/nvim/cmp.vim b/modules/terminal-life/nvim/cmp.vim index b462c5f..fc44123 100644 --- a/modules/terminal-life/nvim/cmp.vim +++ b/modules/terminal-life/nvim/cmp.vim @@ -4,45 +4,45 @@ local luasnip = require 'luasnip' local cmp = require 'cmp' cmp.setup { - snippet = { - expand = function(args) - require('luasnip').lsp_expand(args.body) - end, - }, - mapping = { - [''] = cmp.mapping.select_prev_item(), - [''] = cmp.mapping.select_next_item(), - [''] = cmp.mapping.scroll_docs(-4), - [''] = cmp.mapping.scroll_docs(4), - [''] = cmp.mapping.complete(), - [''] = cmp.mapping.close(), - [''] = cmp.mapping.confirm { - behavior = cmp.ConfirmBehavior.Replace, - select = true, - }, - [''] = function(fallback) - if cmp.visible() then - cmp.select_next_item() - elseif luasnip.expand_or_jumpable() then - luasnip.expand_or_jump() - else - fallback() - end - end, - [''] = function(fallback) - if cmp.visible() then - cmp.select_prev_item() - elseif luasnip.jumpable(-1) then - luasnip.jump(-1) - else - fallback() - end - end, - }, - sources = { - { name = 'nvim_lsp' }, - { name = 'luasnip' }, - }, + snippet = { + expand = function(args) + require('luasnip').lsp_expand(args.body) + end, + }, + mapping = { + [''] = cmp.mapping.select_prev_item(), + [''] = cmp.mapping.select_next_item(), + [''] = cmp.mapping.scroll_docs(-4), + [''] = cmp.mapping.scroll_docs(4), + [''] = cmp.mapping.complete(), + [''] = cmp.mapping.close(), + [''] = cmp.mapping.confirm { + behavior = cmp.ConfirmBehavior.Replace, + select = true, + }, + [''] = function(fallback) + if cmp.visible() then + cmp.select_next_item() + elseif luasnip.expand_or_jumpable() then + luasnip.expand_or_jump() + else + fallback() + end + end, + [''] = function(fallback) + if cmp.visible() then + cmp.select_prev_item() + elseif luasnip.jumpable(-1) then + luasnip.jump(-1) + else + fallback() + end + end, + }, + sources = { + { name = 'nvim_lsp' }, + { name = 'luasnip' }, + }, } EOF diff --git a/modules/terminal-life/nvim/lsp.vim b/modules/terminal-life/nvim/lsp.vim index 37b07a7..8d806dd 100644 --- a/modules/terminal-life/nvim/lsp.vim +++ b/modules/terminal-life/nvim/lsp.vim @@ -23,39 +23,39 @@ vim.api.nvim_set_keymap('n', 'dq', 'lua vim.diagnostic.setloclist() vim.api.nvim_set_keymap('n', 'f', 'lua vim.lsp.buf.formatting()', opts) local on_attach = function(client, bufnr) - -- Enable completion triggered by - vim.api.nvim_buf_set_option(bufnr, 'omnifunc', 'v:lua.vim.lsp.omnifunc') + -- Enable completion triggered by + vim.api.nvim_buf_set_option(bufnr, 'omnifunc', 'v:lua.vim.lsp.omnifunc') - -- Mappings (available if LSP is configured and attached to buffer) - -- See `:help vim.lsp.*` for documentation on any of the below functions - vim.api.nvim_buf_set_keymap(bufnr, 'n', 'gD', 'lua vim.lsp.buf.declaration()', opts) - vim.api.nvim_buf_set_keymap(bufnr, 'n', 'gd', 'lua vim.lsp.buf.definition()', opts) - vim.api.nvim_buf_set_keymap(bufnr, 'n', 'gr', 'lua vim.lsp.buf.references()', opts) - vim.api.nvim_buf_set_keymap(bufnr, 'n', 'gi', 'lua vim.lsp.buf.implementation()', opts) - vim.api.nvim_buf_set_keymap(bufnr, 'n', 'K', 'lua vim.lsp.buf.hover()', opts) - vim.api.nvim_buf_set_keymap(bufnr, 'n', '', 'lua vim.lsp.buf.signature_help()', opts) - vim.api.nvim_buf_set_keymap(bufnr, 'n', 'wa', 'lua vim.lsp.buf.add_workspace_folder()', opts) - vim.api.nvim_buf_set_keymap(bufnr, 'n', 'wr', 'lua vim.lsp.buf.remove_workspace_folder()', opts) - vim.api.nvim_buf_set_keymap(bufnr, 'n', 'wl', 'lua print(vim.inspect(vim.lsp.buf.list_workspace_folders()))', opts) - vim.api.nvim_buf_set_keymap(bufnr, 'n', 'D', 'lua vim.lsp.buf.type_definition()', opts) - vim.api.nvim_buf_set_keymap(bufnr, 'n', 'rn', 'lua vim.lsp.buf.rename()', opts) - vim.api.nvim_buf_set_keymap(bufnr, 'n', 'ca', 'lua vim.lsp.buf.code_action()', opts) + -- Mappings (available if LSP is configured and attached to buffer) + -- See `:help vim.lsp.*` for documentation on any of the below functions + vim.api.nvim_buf_set_keymap(bufnr, 'n', 'gD', 'lua vim.lsp.buf.declaration()', opts) + vim.api.nvim_buf_set_keymap(bufnr, 'n', 'gd', 'lua vim.lsp.buf.definition()', opts) + vim.api.nvim_buf_set_keymap(bufnr, 'n', 'gr', 'lua vim.lsp.buf.references()', opts) + vim.api.nvim_buf_set_keymap(bufnr, 'n', 'gi', 'lua vim.lsp.buf.implementation()', opts) + vim.api.nvim_buf_set_keymap(bufnr, 'n', 'K', 'lua vim.lsp.buf.hover()', opts) + vim.api.nvim_buf_set_keymap(bufnr, 'n', '', 'lua vim.lsp.buf.signature_help()', opts) + vim.api.nvim_buf_set_keymap(bufnr, 'n', 'wa', 'lua vim.lsp.buf.add_workspace_folder()', opts) + vim.api.nvim_buf_set_keymap(bufnr, 'n', 'wr', 'lua vim.lsp.buf.remove_workspace_folder()', opts) + vim.api.nvim_buf_set_keymap(bufnr, 'n', 'wl', 'lua print(vim.inspect(vim.lsp.buf.list_workspace_folders()))', opts) + vim.api.nvim_buf_set_keymap(bufnr, 'n', 'D', 'lua vim.lsp.buf.type_definition()', opts) + vim.api.nvim_buf_set_keymap(bufnr, 'n', 'rn', 'lua vim.lsp.buf.rename()', opts) + vim.api.nvim_buf_set_keymap(bufnr, 'n', 'ca', 'lua vim.lsp.buf.code_action()', opts) - -- Show diagnostic popup on cursor hold - vim.api.nvim_create_autocmd("CursorHold", { - buffer = bufnr, - callback = function() - local opts = { - focusable = false, - close_events = { "BufLeave", "CursorMoved", "InsertEnter", "FocusLost" }, - border = 'rounded', - source = 'always', - prefix = ' ', - scope = 'cursor', - } - vim.diagnostic.open_float(nil, opts) - end - }) + -- Show diagnostic popup on cursor hold + vim.api.nvim_create_autocmd("CursorHold", { + buffer = bufnr, + callback = function() + local opts = { + focusable = false, + close_events = { "BufLeave", "CursorMoved", "InsertEnter", "FocusLost" }, + border = 'rounded', + source = 'always', + prefix = ' ', + scope = 'cursor', + } + vim.diagnostic.open_float(nil, opts) + end + }) end @@ -65,23 +65,23 @@ local CAPABILITIES = require('cmp_nvim_lsp').default_capabilities() --- Event handlers local HANDLERS = { - -- TODO: replace with vim.lsp.protocol.Methods - ["textDocument/hover"] = vim.lsp.with(vim.lsp.handlers.hover, FLOAT_CONFIG), - ["textDocument/signatureHelp"] = vim.lsp.with(vim.lsp.handlers.signature_help, FLOAT_CONFIG), + -- TODO: replace with vim.lsp.protocol.Methods + ["textDocument/hover"] = vim.lsp.with(vim.lsp.handlers.hover, FLOAT_CONFIG), + ["textDocument/signatureHelp"] = vim.lsp.with(vim.lsp.handlers.signature_help, FLOAT_CONFIG), } -- vscode HTML lsp needs this https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#html CAPABILITIES.textDocument.completion.completionItem.snippetSupport = true local function setup(lsp, config) - if config == nil then - config = {} - end + if config == nil then + config = {} + end - config.capabilities = CAPABILITIES - config.handlers = HANDLERS - config.on_attach = on_attach - lspconfig[lsp].setup(config) + config.capabilities = CAPABILITIES + config.handlers = HANDLERS + config.on_attach = on_attach + lspconfig[lsp].setup(config) end setup('nixd') @@ -96,28 +96,28 @@ setup('svelte') setup('html') setup('yamlls') setup('jsonls', { - json = { - schemas = require('schemastore').json.schemas(), - validate = { - enable = true - } - } + json = { + schemas = require('schemastore').json.schemas(), + validate = { + enable = true + } + } }) setup('gopls', { - settings = { - gopls = { semanticTokens = true } - } + settings = { + gopls = { semanticTokens = true } + } }) setup('phpactor') setup('pylsp') setup('solargraph') -- ruby setup('rust_analyzer', { - settings = { - ['rust-analyzer'] = { - checkOnSave = { extraArgs = { "--target-dir", "/tmp/rust-analyzer-check" } }, - diagnostics = { disabled = { 'inactive-code' } }, - }, - } + settings = { + ['rust-analyzer'] = { + checkOnSave = { extraArgs = { "--target-dir", "/tmp/rust-analyzer-check" } }, + diagnostics = { disabled = { 'inactive-code' } }, + }, + } }) setup('sqlls') setup('salt_ls') @@ -128,22 +128,22 @@ setup('terraformls') -- https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#denols vim.g.markdown_fenced_languages = { - "ts=typescript" + "ts=typescript" } -- Configure diagnostics vim.diagnostic.config({ - virtual_text = false, - signs = true, - underline = true, - update_in_insert = false, - severity_sort = false, + virtual_text = false, + signs = true, + underline = true, + update_in_insert = false, + severity_sort = false, }) -- Change diagnostic symbols in the sign column (gutter) local signs = { Error = "x ", Warn = "! ", Hint = "? ", Info = "i " } for type, icon in pairs(signs) do - local hl = "DiagnosticSign" .. type - vim.fn.sign_define(hl, { text = icon, texthl = hl, numhl = hl }) + local hl = "DiagnosticSign" .. type + vim.fn.sign_define(hl, { text = icon, texthl = hl, numhl = hl }) end EOF diff --git a/modules/terminal-life/nvim/plugins.vim b/modules/terminal-life/nvim/plugins.vim index dd2d4a1..b0ff194 100644 --- a/modules/terminal-life/nvim/plugins.vim +++ b/modules/terminal-life/nvim/plugins.vim @@ -54,21 +54,26 @@ telescope.setup{ defaults = { mappings = { n = { - ["k"] = actions.move_selection_next, - ["i"] = actions.move_selection_previous, - ["I"] = actions.move_to_top, - ["K"] = actions.move_to_bottom, - [""] = actions.close, + ["k"] = actions.move_selection_next, + ["i"] = actions.move_selection_previous, + ["I"] = actions.move_to_top, + ["K"] = actions.move_to_bottom, + [""] = actions.close, }, }, }, + pickers = { + find_files = { + -- `hidden = true` will still show the inside of `.git/` as it's not `.gitignore`d. + find_command = { "rg", "--files", "--hidden", "--glob", "!**/.git/*" }, + }, + }, extensions = { fzf = { fuzzy = true, -- false will only do exact matching override_generic_sorter = true, -- override the generic sorter override_file_sorter = true, -- override the file sorter case_mode = "smart_case", -- or "ignore_case" or "respect_case" - -- the default case_mode is "smart_case" } } } @@ -80,6 +85,7 @@ vim.keymap.set('n', 'ff', builtin.find_files, {}) vim.keymap.set('n', 'f/', builtin.live_grep, {}) vim.keymap.set('n', 'f?', builtin.builtin, {}) vim.keymap.set('n', 'fb', builtin.buffers, {}) +vim.keymap.set('n', 'fr', builtin.command_history, {}) vim.keymap.set('n', 'fc', builtin.commands, {}) vim.keymap.set('n', 'ft', builtin.treesitter, {}) EOF From ff4af10e15833b1367e0b97b140b631f1165aa95 Mon Sep 17 00:00:00 2001 From: b12f Date: Mon, 19 Aug 2024 09:18:59 +0200 Subject: [PATCH 07/19] pkgs: update nvfetcher sources --- pkgs/_sources/generated.json | 16 ++++++++-------- pkgs/_sources/generated.nix | 22 +++++++++------------- 2 files changed, 17 insertions(+), 21 deletions(-) diff --git a/pkgs/_sources/generated.json b/pkgs/_sources/generated.json index 40714d7..85996ab 100644 --- a/pkgs/_sources/generated.json +++ b/pkgs/_sources/generated.json @@ -20,7 +20,7 @@ }, "blesh-nvfetcher": { "cargoLocks": null, - "date": "2024-07-01", + "date": "2024-08-15", "extract": null, "name": "blesh-nvfetcher", "passthru": null, @@ -32,11 +32,11 @@ "name": null, "owner": "akinomyoga", "repo": "ble.sh", - "rev": "fcbf1ed0e417433d0e56cf90cad111852115dbe2", - "sha256": "sha256-yduYOa5zklPprJSJazTPp/+fuH4iIchAa7n+1d5pA94=", + "rev": "75c4a8483e506ec130054dd61273b4ef72aabd4d", + "sha256": "sha256-wQRDnc8EM6M7gSaVy/YpjElVn2RLJFTiIbg6itefciU=", "type": "github" }, - "version": "fcbf1ed0e417433d0e56cf90cad111852115dbe2" + "version": "75c4a8483e506ec130054dd61273b4ef72aabd4d" }, "instant-nvim-nvfetcher": { "cargoLocks": null, @@ -80,7 +80,7 @@ }, "vim-apprentice-nvfetcher": { "cargoLocks": null, - "date": "2023-02-15", + "date": "2024-07-30", "extract": null, "name": "vim-apprentice-nvfetcher", "passthru": null, @@ -92,11 +92,11 @@ "name": null, "owner": "romainl", "repo": "Apprentice", - "rev": "59ad13661fa15edaf72c62218903c7817b5a3691", - "sha256": "sha256-03B9tmU9+6t2hxhOgZxBqJr9r41CAqhHLUkHYvFdcks=", + "rev": "cb051ec95d12fa34169bb384142b8e50e328cd97", + "sha256": "sha256-rMaF8jeMA5DDTDAAUuCXTQrQcb9Ce8wMiFxUyQZMz6Q=", "type": "github" }, - "version": "59ad13661fa15edaf72c62218903c7817b5a3691" + "version": "cb051ec95d12fa34169bb384142b8e50e328cd97" }, "vim-beautify-nvfetcher": { "cargoLocks": null, diff --git a/pkgs/_sources/generated.nix b/pkgs/_sources/generated.nix index b8a311a..3a80071 100644 --- a/pkgs/_sources/generated.nix +++ b/pkgs/_sources/generated.nix @@ -1,10 +1,6 @@ # This file was generated by nvfetcher, please do not modify it manually. +{ fetchgit, fetchurl, fetchFromGitHub, dockerTools }: { - fetchgit, - fetchurl, - fetchFromGitHub, - dockerTools, -}: { b12f-io-nvfetcher = { pname = "b12f-io-nvfetcher"; version = "38adb94ce69d8807ea2e36f57abe08091192b31c"; @@ -20,17 +16,17 @@ }; blesh-nvfetcher = { pname = "blesh-nvfetcher"; - version = "fcbf1ed0e417433d0e56cf90cad111852115dbe2"; + version = "75c4a8483e506ec130054dd61273b4ef72aabd4d"; src = fetchFromGitHub { owner = "akinomyoga"; repo = "ble.sh"; - rev = "fcbf1ed0e417433d0e56cf90cad111852115dbe2"; + rev = "75c4a8483e506ec130054dd61273b4ef72aabd4d"; fetchSubmodules = true; deepClone = false; leaveDotGit = true; - sha256 = "sha256-yduYOa5zklPprJSJazTPp/+fuH4iIchAa7n+1d5pA94="; + sha256 = "sha256-wQRDnc8EM6M7gSaVy/YpjElVn2RLJFTiIbg6itefciU="; }; - date = "2024-07-01"; + date = "2024-08-15"; }; instant-nvim-nvfetcher = { pname = "instant-nvim-nvfetcher"; @@ -58,15 +54,15 @@ }; vim-apprentice-nvfetcher = { pname = "vim-apprentice-nvfetcher"; - version = "59ad13661fa15edaf72c62218903c7817b5a3691"; + version = "cb051ec95d12fa34169bb384142b8e50e328cd97"; src = fetchFromGitHub { owner = "romainl"; repo = "Apprentice"; - rev = "59ad13661fa15edaf72c62218903c7817b5a3691"; + rev = "cb051ec95d12fa34169bb384142b8e50e328cd97"; fetchSubmodules = false; - sha256 = "sha256-03B9tmU9+6t2hxhOgZxBqJr9r41CAqhHLUkHYvFdcks="; + sha256 = "sha256-rMaF8jeMA5DDTDAAUuCXTQrQcb9Ce8wMiFxUyQZMz6Q="; }; - date = "2023-02-15"; + date = "2024-07-30"; }; vim-beautify-nvfetcher = { pname = "vim-beautify-nvfetcher"; From 4ce7b4490c6f7769a60696dc06350eb74a20754c Mon Sep 17 00:00:00 2001 From: b12f Date: Mon, 19 Aug 2024 10:02:20 +0200 Subject: [PATCH 08/19] cat: update hosts in ssh settings --- users/b12f/concepts-and-training.nix | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/users/b12f/concepts-and-training.nix b/users/b12f/concepts-and-training.nix index 0d6f0fe..cee5096 100644 --- a/users/b12f/concepts-and-training.nix +++ b/users/b12f/concepts-and-training.nix @@ -34,46 +34,55 @@ in { "salt.base.test" = { hostname = "10.0.0.2"; user = "root"; + proxyJump = "gateway.base.test"; }; "gateway.base.test" = { - hostname = "10.0.0.3"; + # hostname = "10.0.0.3"; + hostname = "gateway.base.cate-infra-test.de"; user = "root"; }; "monitor.base.test" = { hostname = "10.0.0.4"; user = "root"; + proxyJump = "gateway.base.test"; }; "proxy1.prod.test" = { hostname = "10.0.0.6"; user = "root"; + proxyJump = "gateway.base.test"; }; "proxy2.prod.test" = { hostname = "10.0.0.7"; user = "root"; + proxyJump = "gateway.base.test"; }; "demo1.prod.test" = { hostname = "10.0.0.5"; user = "root"; + proxyJump = "gateway.base.test"; }; "demo2.prod.test" = { hostname = "10.0.0.5"; user = "root"; + proxyJump = "gateway.base.test"; }; "proxy1.test.test" = { hostname = "10.0.0.8"; user = "root"; + proxyJump = "gateway.base.test"; }; "proxy2.test.test" = { hostname = "10.0.0.9"; user = "root"; + proxyJump = "gateway.base.test"; }; }; }; From 8b860a48781c1f1a24c6f958aca621158227fd1c Mon Sep 17 00:00:00 2001 From: b12f Date: Mon, 19 Aug 2024 10:02:42 +0200 Subject: [PATCH 09/19] flake: update nixpkgs inputs --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 23f19c5..12636e2 100644 --- a/flake.lock +++ b/flake.lock @@ -524,11 +524,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1723210907, - "narHash": "sha256-bDREVGFdYVZDhkipgFSJSTxZMzsNl1wg1EM6Li5eWlk=", + "lastModified": 1724053136, + "narHash": "sha256-INFq3ENfz0dtIFohPkMiIeX9yBcGV/Xzl1sTK/268fg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "d6037c7090df9b7fb9f8d421570d25553713e264", + "rev": "815d5589d958531af840d7e29424c8525aeff441", "type": "github" }, "original": { @@ -540,11 +540,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1722813957, - "narHash": "sha256-IAoYyYnED7P8zrBFMnmp7ydaJfwTnwcnqxUElC1I26Y=", + "lastModified": 1723637854, + "narHash": "sha256-med8+5DSWa2UnOqtdICndjDAEjxr5D7zaIiK4pn0Q7c=", "owner": "nixos", "repo": "nixpkgs", - "rev": "cb9a96f23c491c081b38eab96d22fa958043c9fa", + "rev": "c3aa7b8938b17aebd2deecf7be0636000d62a2b9", "type": "github" }, "original": { @@ -588,11 +588,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1722987190, - "narHash": "sha256-68hmex5efCiM2aZlAAEcQgmFI4ZwWt8a80vOeB/5w3A=", + "lastModified": 1723938990, + "narHash": "sha256-9tUadhnZQbWIiYVXH8ncfGXGvkNq3Hag4RCBEMUk7MI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "21cc704b5e918c5fbf4f9fff22b4ac2681706d90", + "rev": "c42fcfbdfeae23e68fc520f9182dde9f38ad1890", "type": "github" }, "original": { From e630def7b6454f7f8e55ea81bca09011d325f0e9 Mon Sep 17 00:00:00 2001 From: b12f Date: Mon, 19 Aug 2024 10:03:03 +0200 Subject: [PATCH 10/19] overlays: use blesh from nixpkgs & lix instead of nix --- overlays/default.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/overlays/default.nix b/overlays/default.nix index 7a5baa1..dc50b09 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -4,7 +4,7 @@ ... }: { flake = { - nixosModules = rec { + nixosModules = { overlays = {...}: { nixpkgs.overlays = [ inputs.deno2nix.overlays.default @@ -20,6 +20,7 @@ paperless-ngx = unstable.paperless-ngx; waybar = master.waybar; nix-inspect = unstable.nix-inspect; + nix = unstable.lix; authelia = authelia-438.authelia; adlist = inputs.adblock-unbound.packages.${prev.system}; @@ -43,7 +44,7 @@ (import ./element-desktop.nix) (import ../pkgs) - (import ./blesh.nix) + # (import ./blesh.nix) (import ./rnix-lsp.nix) (import ./neovim-plugins.nix) From ddeed05da69de169e2e18c4bdb87fb6810f88662 Mon Sep 17 00:00:00 2001 From: b12f Date: Mon, 19 Aug 2024 10:03:17 +0200 Subject: [PATCH 11/19] lint: lint with alejandra --- pkgs/_sources/generated.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/pkgs/_sources/generated.nix b/pkgs/_sources/generated.nix index 3a80071..03b3c19 100644 --- a/pkgs/_sources/generated.nix +++ b/pkgs/_sources/generated.nix @@ -1,6 +1,10 @@ # This file was generated by nvfetcher, please do not modify it manually. -{ fetchgit, fetchurl, fetchFromGitHub, dockerTools }: { + fetchgit, + fetchurl, + fetchFromGitHub, + dockerTools, +}: { b12f-io-nvfetcher = { pname = "b12f-io-nvfetcher"; version = "38adb94ce69d8807ea2e36f57abe08091192b31c"; From 091767fbae753d8e0caa0b445725cb147c124cf2 Mon Sep 17 00:00:00 2001 From: b12f Date: Mon, 19 Aug 2024 17:09:01 +0200 Subject: [PATCH 12/19] frikandel/email: make sure emails reach the right catch-all --- hosts/frikandel/email.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/frikandel/email.nix b/hosts/frikandel/email.nix index 3b54d3f..9f92a1a 100644 --- a/hosts/frikandel/email.nix +++ b/hosts/frikandel/email.nix @@ -207,7 +207,7 @@ in { # replace rcpt to catchall and deliver it there destination $(local_domains) { modify { - replace_rcpt regexp ".*" "mail@$(primary_domain)" + replace_rcpt regexp "(.+)@(.+)" "mail@$2" } deliver_to &local_mailboxes } From 483c48635939854a5ac426abff3fe2bf8706a4a6 Mon Sep 17 00:00:00 2001 From: b12f Date: Fri, 23 Aug 2024 18:59:52 +0200 Subject: [PATCH 13/19] modules/terminal-life: update nvim keybindings --- modules/terminal-life/nvim/init.vim | 4 ---- modules/terminal-life/nvim/lsp.vim | 6 +++--- modules/terminal-life/nvim/plugins.vim | 1 - treefmt.toml | 5 +++-- 4 files changed, 6 insertions(+), 10 deletions(-) diff --git a/modules/terminal-life/nvim/init.vim b/modules/terminal-life/nvim/init.vim index d84a12a..4070cba 100644 --- a/modules/terminal-life/nvim/init.vim +++ b/modules/terminal-life/nvim/init.vim @@ -58,10 +58,6 @@ map wJ :wincmd H map wK :wincmd J map wL :wincmd L -map tj :tabprevious -map tl :tabnext -map tq :tabclose - " replay macro for each line of a visual selection xnoremap @q :normal @q xnoremap @@ :normal @@ diff --git a/modules/terminal-life/nvim/lsp.vim b/modules/terminal-life/nvim/lsp.vim index 8d806dd..2e7f25a 100644 --- a/modules/terminal-life/nvim/lsp.vim +++ b/modules/terminal-life/nvim/lsp.vim @@ -16,11 +16,11 @@ local lspconfig = require('lspconfig') -- Mappings (global) -- See `:help vim.diagnostic.*` for documentation on any of the below functions local opts = { noremap=true, silent=true } -vim.api.nvim_set_keymap('n', 'e', 'lua vim.diagnostic.open_float()', opts) vim.api.nvim_set_keymap('n', 'g[', 'lua vim.diagnostic.goto_prev()', opts) vim.api.nvim_set_keymap('n', 'g]', 'lua vim.diagnostic.goto_next()', opts) vim.api.nvim_set_keymap('n', 'dq', 'lua vim.diagnostic.setloclist()', opts) -vim.api.nvim_set_keymap('n', 'f', 'lua vim.lsp.buf.formatting()', opts) +vim.api.nvim_set_keymap('n', 'do', 'lua vim.diagnostic.open_float()', opts) +vim.api.nvim_set_keymap('n', 'bf', 'lua vim.lsp.buf.formatting()', opts) local on_attach = function(client, bufnr) -- Enable completion triggered by @@ -32,12 +32,12 @@ local on_attach = function(client, bufnr) vim.api.nvim_buf_set_keymap(bufnr, 'n', 'gd', 'lua vim.lsp.buf.definition()', opts) vim.api.nvim_buf_set_keymap(bufnr, 'n', 'gr', 'lua vim.lsp.buf.references()', opts) vim.api.nvim_buf_set_keymap(bufnr, 'n', 'gi', 'lua vim.lsp.buf.implementation()', opts) + vim.api.nvim_buf_set_keymap(bufnr, 'n', 'gT', 'lua vim.lsp.buf.type_definition()', opts) vim.api.nvim_buf_set_keymap(bufnr, 'n', 'K', 'lua vim.lsp.buf.hover()', opts) vim.api.nvim_buf_set_keymap(bufnr, 'n', '', 'lua vim.lsp.buf.signature_help()', opts) vim.api.nvim_buf_set_keymap(bufnr, 'n', 'wa', 'lua vim.lsp.buf.add_workspace_folder()', opts) vim.api.nvim_buf_set_keymap(bufnr, 'n', 'wr', 'lua vim.lsp.buf.remove_workspace_folder()', opts) vim.api.nvim_buf_set_keymap(bufnr, 'n', 'wl', 'lua print(vim.inspect(vim.lsp.buf.list_workspace_folders()))', opts) - vim.api.nvim_buf_set_keymap(bufnr, 'n', 'D', 'lua vim.lsp.buf.type_definition()', opts) vim.api.nvim_buf_set_keymap(bufnr, 'n', 'rn', 'lua vim.lsp.buf.rename()', opts) vim.api.nvim_buf_set_keymap(bufnr, 'n', 'ca', 'lua vim.lsp.buf.code_action()', opts) diff --git a/modules/terminal-life/nvim/plugins.vim b/modules/terminal-life/nvim/plugins.vim index b0ff194..a2bffce 100644 --- a/modules/terminal-life/nvim/plugins.vim +++ b/modules/terminal-life/nvim/plugins.vim @@ -84,7 +84,6 @@ local builtin = require('telescope.builtin') vim.keymap.set('n', 'ff', builtin.find_files, {}) vim.keymap.set('n', 'f/', builtin.live_grep, {}) vim.keymap.set('n', 'f?', builtin.builtin, {}) -vim.keymap.set('n', 'fb', builtin.buffers, {}) vim.keymap.set('n', 'fr', builtin.command_history, {}) vim.keymap.set('n', 'fc', builtin.commands, {}) vim.keymap.set('n', 'ft', builtin.treesitter, {}) diff --git a/treefmt.toml b/treefmt.toml index 41ee305..0186e6a 100644 --- a/treefmt.toml +++ b/treefmt.toml @@ -1,7 +1,8 @@ [formatter.nix] -command = "alejandra" +command = "nix" +options = ["fmt"] includes = ["*.nix"] -excludes = ["pkgs/_sources/generated.nix"] +excludes = [] [formatter.prettier] command = "prettier" From b02770adea559d802440a420726deac33ed231b7 Mon Sep 17 00:00:00 2001 From: b12f Date: Fri, 23 Aug 2024 19:00:12 +0200 Subject: [PATCH 14/19] modules/terminal-life: add nvim filetype handling for age secrets --- modules/terminal-life/nvim/filetypes.vim | 7 +++++++ modules/terminal-life/nvim/plugins.vim | 4 ---- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/modules/terminal-life/nvim/filetypes.vim b/modules/terminal-life/nvim/filetypes.vim index ecd7769..f1f9933 100644 --- a/modules/terminal-life/nvim/filetypes.vim +++ b/modules/terminal-life/nvim/filetypes.vim @@ -1,3 +1,10 @@ au BufRead,BufNewFile *.html.twig set filetype=html au BufRead,BufNewFile *.vto set filetype=html au BufRead,BufNewFile *.njk set filetype=html + +au BufRead,BufNewFile *.age set filetype=age +autocmd FileType age setlocal noeol nofixeol + +au! BufNewFile,BufReadPost *.{yaml,yml} set filetype=yaml +autocmd FileType yaml setlocal ts=2 sts=2 sw=2 expandtab + diff --git a/modules/terminal-life/nvim/plugins.vim b/modules/terminal-life/nvim/plugins.vim index a2bffce..833b105 100644 --- a/modules/terminal-life/nvim/plugins.vim +++ b/modules/terminal-life/nvim/plugins.vim @@ -1,7 +1,3 @@ -" Happy yaml configuration -au! BufNewFile,BufReadPost *.{yaml,yml} set filetype=yaml -autocmd FileType yaml setlocal ts=2 sts=2 sw=2 expandtab - let g:gutentags_file_list_command = 'git ls-files' " https://github.com/unblevable/quick-scope From 5d589621e870a2f9981aa20f3f48cfe92172ff0f Mon Sep 17 00:00:00 2001 From: b12f Date: Sat, 24 Aug 2024 21:12:05 +0200 Subject: [PATCH 15/19] graphical: add xbacklight --- modules/graphical/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/graphical/default.nix b/modules/graphical/default.nix index effb1f5..aca4256 100644 --- a/modules/graphical/default.nix +++ b/modules/graphical/default.nix @@ -45,6 +45,7 @@ in { glib xdg-utils + xorg.xbacklight ]; etc = { From b0373ff19d0655281ac85a44af4ca41d68a046e3 Mon Sep 17 00:00:00 2001 From: b12f Date: Sat, 24 Aug 2024 21:39:20 +0200 Subject: [PATCH 16/19] frikandel: deploy mezza.biz, update nixpkgs inputs --- flake.lock | 94 +++++++++++++++++++++++++++++++++---- flake.nix | 3 ++ hosts/frikandel/website.nix | 12 +++++ overlays/default.nix | 1 + 4 files changed, 100 insertions(+), 10 deletions(-) diff --git a/flake.lock b/flake.lock index 12636e2..67a3ff7 100644 --- a/flake.lock +++ b/flake.lock @@ -169,6 +169,27 @@ "type": "github" } }, + "devshell_2": { + "inputs": { + "nixpkgs": [ + "mezza-biz", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1722113426, + "narHash": "sha256-Yo/3loq572A8Su6aY5GP56knpuKYRvM2a1meP9oJZCw=", + "owner": "numtide", + "repo": "devshell", + "rev": "67cce7359e4cd3c45296fb4aaf6a19e2a9c757ae", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, "flake-compat": { "flake": false, "locked": { @@ -241,6 +262,24 @@ "inputs": { "nixpkgs-lib": "nixpkgs-lib_3" }, + "locked": { + "lastModified": 1722555600, + "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "8471fe90ad337a8074e957b69ca4d0089218391d", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_4": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib_4" + }, "locked": { "lastModified": 1714606777, "narHash": "sha256-bMkNmAXLj8iyTvxaaD/StcLSadbj1chPcJOjtuVnLmA=", @@ -379,6 +418,28 @@ "type": "github" } }, + "mezza-biz": { + "inputs": { + "devshell": "devshell_2", + "flake-parts": "flake-parts_3", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1724528276, + "narHash": "sha256-wtHptA26y0lmQb8gLcrrsTuP2E+kIC9mLtXHj9y5J6Y=", + "ref": "refs/heads/main", + "rev": "b977e92f281897aa26fc5d7514bb8be1ff75517f", + "revCount": 7, + "type": "git", + "url": "https://git.pub.solar/b12f/mezza.biz.git" + }, + "original": { + "type": "git", + "url": "https://git.pub.solar/b12f/mezza.biz.git" + } + }, "mobile-nixos": { "flake": false, "locked": { @@ -415,7 +476,7 @@ }, "nixd": { "inputs": { - "flake-parts": "flake-parts_3", + "flake-parts": "flake-parts_4", "flake-root": "flake-root", "nixpkgs": "nixpkgs_3" }, @@ -505,6 +566,18 @@ } }, "nixpkgs-lib_3": { + "locked": { + "lastModified": 1722555339, + "narHash": "sha256-uFf2QeW7eAHlYXuDktm9c25OxOyCoUOQmh5SZ9amE5Q=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz" + } + }, + "nixpkgs-lib_4": { "locked": { "dir": "lib", "lastModified": 1714253743, @@ -524,11 +597,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1724053136, - "narHash": "sha256-INFq3ENfz0dtIFohPkMiIeX9yBcGV/Xzl1sTK/268fg=", + "lastModified": 1724505469, + "narHash": "sha256-U0KAINJreo0RbZ2QbA4Y5EhWO7XERFRlkJdrRIncjn8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "815d5589d958531af840d7e29424c8525aeff441", + "rev": "59fbe04a3baa1011fe9f6eb00a1afb7db5179933", "type": "github" }, "original": { @@ -540,11 +613,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1723637854, - "narHash": "sha256-med8+5DSWa2UnOqtdICndjDAEjxr5D7zaIiK4pn0Q7c=", + "lastModified": 1724224976, + "narHash": "sha256-Z/ELQhrSd7bMzTO8r7NZgi9g5emh+aRKoCdaAv5fiO0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c3aa7b8938b17aebd2deecf7be0636000d62a2b9", + "rev": "c374d94f1536013ca8e92341b540eba4c22f9c62", "type": "github" }, "original": { @@ -588,11 +661,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1723938990, - "narHash": "sha256-9tUadhnZQbWIiYVXH8ncfGXGvkNq3Hag4RCBEMUk7MI=", + "lastModified": 1724316499, + "narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c42fcfbdfeae23e68fc520f9182dde9f38ad1890", + "rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841", "type": "github" }, "original": { @@ -634,6 +707,7 @@ "home-manager": "home-manager_2", "impermanence": "impermanence", "invoiceplane-template": "invoiceplane-template", + "mezza-biz": "mezza-biz", "mobile-nixos": "mobile-nixos", "musnix": "musnix", "nixd": "nixd", diff --git a/flake.nix b/flake.nix index 6eb1986..7c491b4 100644 --- a/flake.nix +++ b/flake.nix @@ -46,6 +46,9 @@ invoiceplane-template.url = "git+https://git.pub.solar/b12f/invoiceplane-templates.git"; invoiceplane-template.inputs.nixpkgs.follows = "nixpkgs"; + + mezza-biz.url = "git+https://git.pub.solar/b12f/mezza.biz.git"; + mezza-biz.inputs.nixpkgs.follows = "nixpkgs"; }; outputs = inputs @ {self, ...}: diff --git a/hosts/frikandel/website.nix b/hosts/frikandel/website.nix index 599dc4a..26def07 100644 --- a/hosts/frikandel/website.nix +++ b/hosts/frikandel/website.nix @@ -6,6 +6,7 @@ security.acme.certs = { "benjaminbaedorf.eu" = {}; "b12f.io" = {}; + "mezza.biz" = {}; }; services.nginx.virtualHosts = { @@ -25,5 +26,16 @@ tryFiles = "$uri $uri/ =404"; }; }; + + "mezza.biz" = { + forceSSL = true; + useACMEHost = "mezza.biz"; + + locations."/" = { + root = pkgs.mezza-biz; + index = "index.html"; + tryFiles = "$uri $uri/ =404"; + }; + }; }; } diff --git a/overlays/default.nix b/overlays/default.nix index dc50b09..dd9e9fc 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -10,6 +10,7 @@ inputs.deno2nix.overlays.default inputs.nixd.overlays.default inputs.invoiceplane-template.overlays.default + inputs.mezza-biz.overlays.default (final: prev: let unstable = import inputs.nixpkgs-unstable {system = prev.system;}; From e3c1dca056aba5520458de3f05abc516e72a902c Mon Sep 17 00:00:00 2001 From: b12f Date: Fri, 30 Aug 2024 14:06:04 +0200 Subject: [PATCH 17/19] modules/wireguard: add new pub.solar hosts --- modules/wireguard/pub.solar.nix | 70 ++++++++++++++++++++++++++++++--- users/b12f/ssh.nix | 25 ++++++++++++ 2 files changed, 89 insertions(+), 6 deletions(-) diff --git a/modules/wireguard/pub.solar.nix b/modules/wireguard/pub.solar.nix index ba1913a..270c936 100644 --- a/modules/wireguard/pub.solar.nix +++ b/modules/wireguard/pub.solar.nix @@ -33,19 +33,77 @@ in { privateKeyFile = cfg.privateKeyFile; peers = [ { - endpoint = "flora-6.pub.solar:51820"; - publicKey = "jtSR5G2P/nm9s8WrVc26Xc/SQLupRxyXE+5eIeqlsTU="; - allowedIPs = ["10.7.6.2/32" "fd00:fae:fae:fae:fae:2::/96"]; + endpoint = "nachtigall.pub.solar:51820"; + publicKey = "qzNywKY9RvqTnDO8eLik75/SHveaSk9OObilDzv+xkk="; + allowedIPs = [ + "10.7.6.1/32" + "fd00:fae:fae:fae:fae:1::/96" + ]; persistentKeepalive = 15; dynamicEndpointRefreshSeconds = 30; } { - endpoint = "nachtigall.pub.solar:51820"; - publicKey = "qzNywKY9RvqTnDO8eLik75/SHveaSk9OObilDzv+xkk="; - allowedIPs = ["10.7.6.1/32" "fd00:fae:fae:fae:fae:1::/96"]; + endpoint = "flora-6.pub.solar:51820"; + publicKey = "jtSR5G2P/nm9s8WrVc26Xc/SQLupRxyXE+5eIeqlsTU="; + allowedIPs = [ + "10.7.6.2/32" + "fd00:fae:fae:fae:fae:2::/96" + ]; persistentKeepalive = 15; dynamicEndpointRefreshSeconds = 30; } + { + # metronom.pub.solar + endpoint = "49.13.236.167:51820"; + publicKey = "zOSYGO7MfnOOUnzaTcWiKRQM0qqxR3JQrwx/gtEtHmo="; + allowedIPs = [ + "10.7.6.3/32" + "fd00:fae:fae:fae:fae:3::/96" + ]; + persistentKeepalive = 15; + } + { + # tankstelle.pub.solar + endpoint = "80.244.242.5:51820"; + publicKey = "iRTlY1lB7nPXf2eXzX8ZZDkfMmXyGjff5/joccbP8Cg="; + allowedIPs = [ + "10.7.6.4/32" + "fd00:fae:fae:fae:fae:4::/96" + ]; + } + { + # trinkgenossin.pub.solar + publicKey = "QWgHovHxtqiQhnHLouSWiT6GIoQDmuvnThYL5c/rvU4="; + allowedIPs = [ + "10.7.6.5/32" + "fd00:fae:fae:fae:fae:5::/96" + ]; + #endpoint = "80.244.242.5:51820"; + endpoint = "[2a01:239:35d:f500::1]:51820"; + persistentKeepalive = 15; + } + { + # delite.pub.solar + publicKey = "ZT2qGWgMPwHRUOZmTQHWCRX4m14YwOsiszjsA5bpc2k="; + allowedIPs = [ + "10.7.6.6/32" + "fd00:fae:fae:fae:fae:6::/96" + ]; + #endpoint = "80.244.242.5:51820"; + endpoint = "[2a04:52c0:124:9d8c::2]:51820"; + persistentKeepalive = 15; + } + { + # blue-shell.pub.solar + publicKey = "bcrIpWrKc1M+Hq4ds3aN1lTaKE26f2rvXhd+93QrzR8="; + allowedIPs = [ + "10.7.6.7/32" + "fd00:fae:fae:fae:fae:7::/96" + ]; + #endpoint = "80.244.242.5:51820"; + endpoint = "[2a03:4000:43:24e::1]:51820"; + persistentKeepalive = 15; + } ]; }; }; diff --git a/users/b12f/ssh.nix b/users/b12f/ssh.nix index 43b78b4..f1afba5 100644 --- a/users/b12f/ssh.nix +++ b/users/b12f/ssh.nix @@ -127,6 +127,31 @@ in { user = "barkeeper"; hostname = "10.7.6.2"; }; + + "metronom.pub.solar" = { + user = "barkeeper"; + hostname = "10.7.6.3"; + }; + + "tankstelle.pub.solar" = { + user = "barkeeper"; + hostname = "10.7.6.4"; + }; + + "trinkgenossin.pub.solar" = { + user = "barkeeper"; + hostname = "10.7.6.5"; + }; + + "delite.pub.solar" = { + user = "barkeeper"; + hostname = "10.7.6.6"; + }; + + "blue-shell.pub.solar" = { + user = "barkeeper"; + hostname = "10.7.6.7"; + }; }; }; }; From 286a0b32d17126f89a5f8063a139a5a953c727c9 Mon Sep 17 00:00:00 2001 From: b12f Date: Fri, 30 Aug 2024 14:07:20 +0200 Subject: [PATCH 18/19] mezza.biz: update website --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 67a3ff7..d806604 100644 --- a/flake.lock +++ b/flake.lock @@ -427,11 +427,11 @@ ] }, "locked": { - "lastModified": 1724528276, - "narHash": "sha256-wtHptA26y0lmQb8gLcrrsTuP2E+kIC9mLtXHj9y5J6Y=", + "lastModified": 1724541053, + "narHash": "sha256-bQiwF08H8GEi7lxNiJKc4Gu42K7zYeDPPqRCNYVnp7U=", "ref": "refs/heads/main", - "rev": "b977e92f281897aa26fc5d7514bb8be1ff75517f", - "revCount": 7, + "rev": "0ee615488dec2685cee6ed558cbfcf9840e92b94", + "revCount": 10, "type": "git", "url": "https://git.pub.solar/b12f/mezza.biz.git" }, From 9fc9b6b5c86cdd5dd3c8c6a316bfa2cfc835325d Mon Sep 17 00:00:00 2001 From: b12f Date: Fri, 30 Aug 2024 14:07:40 +0200 Subject: [PATCH 19/19] modules/graphical: increase swaylock timings --- modules/graphical/sway/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/graphical/sway/default.nix b/modules/graphical/sway/default.nix index 7a5a336..216edac 100644 --- a/modules/graphical/sway/default.nix +++ b/modules/graphical/sway/default.nix @@ -96,16 +96,16 @@ in { ]; timeouts = [ { - timeout = 120; + timeout = 300; command = "${swaylock-bg}/bin/swaylock-bg"; } { - timeout = 130; + timeout = 180; command = "${sway}/bin/swaymsg \"output * dpms off\""; resumeCommand = "${sway}/bin/swaymsg \"output * dpms on\""; } { - timeout = 300; + timeout = 600; command = "${systemd}/bin/systemctl hibernate"; } ];