Compare commits

..

3 commits

116 changed files with 1512 additions and 1222 deletions

View file

@ -1,2 +1,4 @@
# Formatted code using treefmt and alejandra # Formatted code using treefmt and alejandra
73bf158392a427d188b7aad36244b94506f57a15 73bf158392a427d188b7aad36244b94506f57a15
# nixfmt-rfc-style
03e5a0ffdaab9b1331ab95ca3e730aaec1d7c151

View file

@ -8,28 +8,17 @@ let
"x86_64-linux" "x86_64-linux"
]; ];
filterSystems = filterSystems = lib.filterAttrs (system: _: lib.elem system ciSystems);
lib.filterAttrs
(system: _: lib.elem system ciSystems);
recurseIntoAttrsRecursive = lib.mapAttrs ( recurseIntoAttrsRecursive = lib.mapAttrs (
_: v: _: v: if lib.isAttrs v then recurseIntoAttrsRecursive (lib.recurseIntoAttrs v) else v
if lib.isAttrs v
then recurseIntoAttrsRecursive (lib.recurseIntoAttrs v)
else v
); );
systemOutputs = systemOutputs = lib.filterAttrs (
lib.filterAttrs
(
name: set: name: set:
lib.isAttrs set lib.isAttrs set && lib.any (system: set ? ${system} && name != "legacyPackages") ciSystems
&& lib.any ) default.outputs;
(system: set ? ${system} && name != "legacyPackages")
ciSystems
)
default.outputs;
ciDrvs = lib.mapAttrs (_: system: filterSystems system) systemOutputs; ciDrvs = lib.mapAttrs (_: system: filterSystems system) systemOutputs;
in in
(recurseIntoAttrsRecursive ciDrvs) // {shell = import ./shell.nix;} (recurseIntoAttrsRecursive ciDrvs) // { shell = import ./shell.nix; }

View file

@ -53,7 +53,8 @@
wayland-pipewire-idle-inhibit.inputs.flake-parts.follows = "flake-parts"; wayland-pipewire-idle-inhibit.inputs.flake-parts.follows = "flake-parts";
}; };
outputs = inputs@{ self, ...}: outputs =
inputs@{ self, ... }:
inputs.flake-parts.lib.mkFlake { inherit inputs; } { inputs.flake-parts.lib.mkFlake { inherit inputs; } {
systems = [ systems = [
"x86_64-linux" "x86_64-linux"
@ -71,14 +72,19 @@
./overlays ./overlays
]; ];
perSystem = args@{ system, pkgs, config, ... }: { perSystem =
args@{
system,
pkgs,
config,
...
}:
{
_module.args = { _module.args = {
inherit inputs; inherit inputs;
pkgs = import inputs.nixpkgs { pkgs = import inputs.nixpkgs {
inherit system; inherit system;
overlays = [ overlays = [ inputs.agenix.overlays.default ];
inputs.agenix.overlays.default
];
}; };
unstable = import inputs.unstable { inherit system; }; unstable = import inputs.unstable { inherit system; };
master = import inputs.master { inherit system; }; master = import inputs.master { inherit system; };
@ -86,17 +92,18 @@
devShells.default = pkgs.mkShell { devShells.default = pkgs.mkShell {
buildInputs = with pkgs; [ buildInputs = with pkgs; [
deploy-rs
nixpkgs-fmt
agenix agenix
cachix cachix
deploy-rs
nixd
nixos-generators
nvfetcher
editorconfig-checker editorconfig-checker
nodePackages.prettier nodePackages.prettier
nvfetcher
shellcheck shellcheck
shfmt shfmt
treefmt treefmt
nixos-generators
]; ];
}; };
}; };
@ -123,7 +130,10 @@
powder = { powder = {
hostname = "80.71.153.194"; hostname = "80.71.153.194";
sshUser = "root"; sshUser = "root";
profilesOrder = ["system" "direnv"]; profilesOrder = [
"system"
"direnv"
];
profiles.direnv = { profiles.direnv = {
user = "pub-solar"; user = "pub-solar";
path = self.pkgs.x86_64-linux.nixos.deploy-rs.lib.x86_64-linux.activate.home-manager self.homeConfigurationsPortable.x86_64-linux.pub-solar; path = self.pkgs.x86_64-linux.nixos.deploy-rs.lib.x86_64-linux.activate.home-manager self.homeConfigurationsPortable.x86_64-linux.pub-solar;

View file

@ -1,15 +1,17 @@
{suites, ...}: { { suites, ... }:
{
### root password is empty by default ### ### root password is empty by default ###
### default password: pub-solar, optional: add your SSH keys ### default password: pub-solar, optional: add your SSH keys
imports = imports = suites.iso;
suites.iso;
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
networking.networkmanager.enable = true; networking.networkmanager.enable = true;
fileSystems."/" = {device = "/dev/disk/by-label/nixos";}; fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
};
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions # settings for stateful data, like file locations and database versions

View file

@ -10,15 +10,16 @@ let
# Gets hostname of host to be bundled inside iso # Gets hostname of host to be bundled inside iso
# Copied from https://github.com/divnix/digga/blob/30ffa0b02272dc56c94fd3c7d8a5a0f07ca197bf/modules/bootstrap-iso.nix#L3-L11 # Copied from https://github.com/divnix/digga/blob/30ffa0b02272dc56c94fd3c7d8a5a0f07ca197bf/modules/bootstrap-iso.nix#L3-L11
getFqdn = config: let getFqdn =
config:
let
net = config.networking; net = config.networking;
fqdn = fqdn =
if (net ? domain) && (net.domain != null) if (net ? domain) && (net.domain != null) then "${net.hostName}.${net.domain}" else net.hostName;
then "${net.hostName}.${net.domain}"
else net.hostName;
in in
fqdn; fqdn;
in { in
{
# build with: `nix build ".#nixosConfigurations.bootstrap.config.system.build.isoImage"` # build with: `nix build ".#nixosConfigurations.bootstrap.config.system.build.isoImage"`
imports = [ imports = [
# profiles.networking # profiles.networking
@ -33,7 +34,9 @@ in {
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
# will be overridden by the bootstrapIso instrumentation # will be overridden by the bootstrapIso instrumentation
fileSystems."/" = {device = "/dev/disk/by-label/nixos";}; fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
};
system.nixos.label = "PubSolarOS-" + config.system.nixos.version; system.nixos.label = "PubSolarOS-" + config.system.nixos.version;

View file

@ -1,4 +1,9 @@
{ withSystem, self, inputs, ...}: {
withSystem,
self,
inputs,
...
}:
{ {
flake = { flake = {
nixosConfigurations = { nixosConfigurations = {
@ -91,7 +96,12 @@
self.nixosModules.graphical self.nixosModules.graphical
self.nixosModules.audio self.nixosModules.audio
self.nixosModules.bluetooth self.nixosModules.bluetooth
({ ... }: { pub-solar.graphical.wayland.software-renderer.enable = true; }) (
{ ... }:
{
pub-solar.graphical.wayland.software-renderer.enable = true;
}
)
]; ];
}; };
}; };

View file

@ -1,4 +1,5 @@
{ ... }: { { ... }:
{
imports = [ imports = [
./dumpyourvms.nix ./dumpyourvms.nix
./hardware-configuration.nix ./hardware-configuration.nix

View file

@ -7,7 +7,8 @@
let let
psCfg = config.pub-solar; psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg; xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in { in
{
pub-solar = { pub-solar = {
terminal-life.full = true; terminal-life.full = true;
core.hibernation = { core.hibernation = {
@ -23,13 +24,19 @@ in {
# Explicitly set amdgpu support in place of radeon # Explicitly set amdgpu support in place of radeon
# Source: https://github.com/NixOS/nixos-hardware/blob/master/common/gpu/amd/southern-islands/default.nix # Source: https://github.com/NixOS/nixos-hardware/blob/master/common/gpu/amd/southern-islands/default.nix
# Try again after https://lists.freedesktop.org/archives/amd-gfx/2023-March/090096.html lands # Try again after https://lists.freedesktop.org/archives/amd-gfx/2023-March/090096.html lands
boot.kernelParams = ["acpi_backlight=video" "hid_apple.fnmode=2" "intel_pstate=passive" "radeon.si_support=0" "amdgpu.si_support=1"]; boot.kernelParams = [
"acpi_backlight=video"
"hid_apple.fnmode=2"
"intel_pstate=passive"
"radeon.si_support=0"
"amdgpu.si_support=1"
];
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
# Fix for Error switching console mode to 1: unsupported on startup # Fix for Error switching console mode to 1: unsupported on startup
boot.loader.systemd-boot.consoleMode = lib.mkForce "0"; boot.loader.systemd-boot.consoleMode = lib.mkForce "0";
boot.binfmt.emulatedSystems = ["aarch64-linux"]; boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
systemd.sleep.extraConfig = '' systemd.sleep.extraConfig = ''
HibernateMode=shutdown HibernateMode=shutdown
@ -39,8 +46,8 @@ in {
cpu.intel.updateMicrocode = true; cpu.intel.updateMicrocode = true;
facetimehd.enable = true; facetimehd.enable = true;
opengl = { opengl = {
extraPackages = with pkgs; [intel-vaapi-driver]; # i7-4870HQ older hardware like haswell (crystall well) extraPackages = with pkgs; [ intel-vaapi-driver ]; # i7-4870HQ older hardware like haswell (crystall well)
extraPackages32 = with pkgs.pkgsi686Linux; [intel-vaapi-driver]; extraPackages32 = with pkgs.pkgsi686Linux; [ intel-vaapi-driver ];
}; };
}; };
@ -66,15 +73,15 @@ in {
#programs.droidcam.enable = true; #programs.droidcam.enable = true;
#services.mozillavpn.enable = true; #services.mozillavpn.enable = true;
security.pki.certificateFiles = [./consul-agent-ca.pem]; security.pki.certificateFiles = [ ./consul-agent-ca.pem ];
# Power off dedicated GPU, use only integrated Intel GPU to save battery # Power off dedicated GPU, use only integrated Intel GPU to save battery
# https://github.com/NixOS/nixpkgs/pull/33915 # https://github.com/NixOS/nixpkgs/pull/33915
# https://ubuntuforums.org/showthread.php?t=2409856 # https://ubuntuforums.org/showthread.php?t=2409856
systemd.services."amd-hybrid-graphics-power-save" = { systemd.services."amd-hybrid-graphics-power-save" = {
path = [pkgs.bash]; path = [ pkgs.bash ];
description = "Power Off dedicated AMD Card to reduce power usage"; description = "Power Off dedicated AMD Card to reduce power usage";
requires = ["sys-kernel-debug.mount"]; requires = [ "sys-kernel-debug.mount" ];
enable = true; enable = true;
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
@ -82,14 +89,14 @@ in {
ExecStart = "${pkgs.bash}/bin/sh -c 'sleep 7 && if grep --quiet 'IGD:+' /sys/kernel/debug/vgaswitcheroo/switch; then echo -e \"IGD\\nOFF\" > /sys/kernel/debug/vgaswitcheroo/switch; fi'"; ExecStart = "${pkgs.bash}/bin/sh -c 'sleep 7 && if grep --quiet 'IGD:+' /sys/kernel/debug/vgaswitcheroo/switch; then echo -e \"IGD\\nOFF\" > /sys/kernel/debug/vgaswitcheroo/switch; fi'";
ExecStop = "${pkgs.bash}/bin/sh -c 'echo ON >/sys/kernel/debug/vgaswitcheroo/switch'"; ExecStop = "${pkgs.bash}/bin/sh -c 'echo ON >/sys/kernel/debug/vgaswitcheroo/switch'";
}; };
wantedBy = ["multi-user.target"]; wantedBy = [ "multi-user.target" ];
}; };
# Increase console font size for HiDPI display # Increase console font size for HiDPI display
console = { console = {
earlySetup = true; earlySetup = true;
font = lib.mkForce "ter-i32b"; font = lib.mkForce "ter-i32b";
packages = [pkgs.terminus_font]; packages = [ pkgs.terminus_font ];
}; };
# Thunderbolt tools # Thunderbolt tools
@ -113,24 +120,22 @@ in {
# to be powered on. # to be powered on.
powerUpCommands = lib.mkBefore ( powerUpCommands = lib.mkBefore (
"${pkgs.kmod}/bin/modprobe brcmfmac" "${pkgs.kmod}/bin/modprobe brcmfmac"
+ lib.optionalString + lib.optionalString (lib.versionAtLeast config.boot.kernelPackages.kernel.version "6.2") " brcmfmac_wcc"
(lib.versionAtLeast config.boot.kernelPackages.kernel.version "6.2") " brcmfmac_wcc"
); );
powerDownCommands = lib.mkBefore ( powerDownCommands = lib.mkBefore (
lib.optionalString lib.optionalString (lib.versionAtLeast config.boot.kernelPackages.kernel.version "6.2") "${pkgs.kmod}/bin/rmmod brcmfmac_wcc\n"
(lib.versionAtLeast config.boot.kernelPackages.kernel.version "6.2")
"${pkgs.kmod}/bin/rmmod brcmfmac_wcc\n"
+ '' + ''
${pkgs.kmod}/bin/rmmod brcmfmac ${pkgs.kmod}/bin/rmmod brcmfmac
${pkgs.systemd}/bin/systemctl stop amd-hybrid-graphics-power-save.service ${pkgs.systemd}/bin/systemctl stop amd-hybrid-graphics-power-save.service
'' ''
); );
resumeCommands = resumeCommands =
if config.systemd.services."amd-hybrid-graphics-power-save".enable == true if config.systemd.services."amd-hybrid-graphics-power-save".enable == true then
then '' ''
${pkgs.systemd}/bin/systemctl start amd-hybrid-graphics-power-save.service ${pkgs.systemd}/bin/systemctl start amd-hybrid-graphics-power-save.service
'' ''
else ""; else
"";
}; };
# Change lid switch behaviour # Change lid switch behaviour
@ -150,11 +155,16 @@ in {
services.udev.extraRules = services.udev.extraRules =
# Disable XHC1 wakeup signal to avoid resume getting triggered some time # Disable XHC1 wakeup signal to avoid resume getting triggered some time
# after suspend. Reboot required for this to take effect. # after suspend. Reboot required for this to take effect.
lib.optionalString lib.optionalString (lib.versionAtLeast config.boot.kernelPackages.kernel.version "3.13")
(lib.versionAtLeast config.boot.kernelPackages.kernel.version "3.13")
''SUBSYSTEM=="pci", KERNEL=="0000:00:14.0", ATTR{power/wakeup}="disabled"''; ''SUBSYSTEM=="pci", KERNEL=="0000:00:14.0", ATTR{power/wakeup}="disabled"'';
home-manager = pkgs.lib.setAttrByPath ["users" psCfg.user.name] { home-manager =
pkgs.lib.setAttrByPath
[
"users"
psCfg.user.name
]
{
# Custom device sway configs # Custom device sway configs
xdg.configFile = { xdg.configFile = {
"sway/config.d/10-applications.conf".source = ./.config/sway/config.d/applications.conf; "sway/config.d/10-applications.conf".source = ./.config/sway/config.d/applications.conf;
@ -166,7 +176,7 @@ in {
}; };
# WLAN frequency compliance (e.g. check for radar with DFS) # WLAN frequency compliance (e.g. check for radar with DFS)
hardware.firmware = with pkgs; [wireless-regdb]; hardware.firmware = with pkgs; [ wireless-regdb ];
boot.extraModprobeConfig = '' boot.extraModprobeConfig = ''
options cfg80211 ieee80211_regdom="DE" options cfg80211 ieee80211_regdom="DE"

View file

@ -7,16 +7,23 @@
pkgs, pkgs,
modulesPath, modulesPath,
... ...
}: { }:
{
imports = [ imports = [
#(modulesPath + "/hardware/network/broadcom-43xx.nix") #(modulesPath + "/hardware/network/broadcom-43xx.nix")
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod"]; boot.initrd.availableKernelModules = [
boot.initrd.kernelModules = []; "xhci_pci"
boot.kernelModules = ["kvm-intel"]; "nvme"
boot.extraModulePackages = []; "usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = { fileSystems."/" = {
device = "/dev/disk/by-uuid/17bbb016-d27c-47da-8805-58c6395891e8"; device = "/dev/disk/by-uuid/17bbb016-d27c-47da-8805-58c6395891e8";

View file

@ -1,8 +1,4 @@
{ { pkgs, lib, ... }:
pkgs,
lib,
...
}:
{ {
systemd.services.wg-quick-wg5.serviceConfig.Type = lib.mkForce "simple"; systemd.services.wg-quick-wg5.serviceConfig.Type = lib.mkForce "simple";
systemd.services.wg-quick-wg5.serviceConfig.Restart = "on-failure"; systemd.services.wg-quick-wg5.serviceConfig.Restart = "on-failure";
@ -16,48 +12,61 @@
#]; #];
hosts = { hosts = {
"10.0.0.42" = ["nomad.service.consul" "nomad.service.cgn-1.consul"]; "10.0.0.42" = [
"10.0.0.66" = ["consul.service.cgn-1.consul"]; "nomad.service.consul"
"10.0.1.9" = ["consul.service.lev-1.consul"]; "nomad.service.cgn-1.consul"
"10.0.0.70" = ["vault.service.consul" "vault.service.cgn-1.consul"]; ];
"10.0.0.200" = ["headnode.cgn-1"]; "10.0.0.66" = [ "consul.service.cgn-1.consul" ];
"10.0.0.201" = ["cn01.cgn-1"]; "10.0.1.9" = [ "consul.service.lev-1.consul" ];
"10.0.0.202" = ["cn02.cgn-1"]; "10.0.0.70" = [
"10.0.0.205" = ["cn05.cgn-1"]; "vault.service.consul"
"10.0.0.206" = ["cn06.cgn-1"]; "vault.service.cgn-1.consul"
"10.0.0.207" = ["cn07.cgn-1"]; ];
"10.0.0.208" = ["cn08.cgn-1"]; "10.0.0.200" = [ "headnode.cgn-1" ];
"10.0.1.200" = ["headnode.lev-1"]; "10.0.0.201" = [ "cn01.cgn-1" ];
"10.0.1.201" = ["cn01.lev-1"]; "10.0.0.202" = [ "cn02.cgn-1" ];
"10.0.1.202" = ["cn02.lev-1"]; "10.0.0.205" = [ "cn05.cgn-1" ];
"10.0.1.203" = ["cn03.lev-1"]; "10.0.0.206" = [ "cn06.cgn-1" ];
"10.0.1.204" = ["cn04.lev-1"]; "10.0.0.207" = [ "cn07.cgn-1" ];
"10.0.1.205" = ["cn05.lev-1"]; "10.0.0.208" = [ "cn08.cgn-1" ];
"10.0.1.206" = ["cn00.lev-1"]; "10.0.1.200" = [ "headnode.lev-1" ];
"10.0.1.207" = ["cn06.lev-1"]; "10.0.1.201" = [ "cn01.lev-1" ];
"10.0.1.208" = ["cn07.lev-1"]; "10.0.1.202" = [ "cn02.lev-1" ];
"10.101.64.10" = ["wifi.bahn.de"]; "10.0.1.203" = [ "cn03.lev-1" ];
"80.71.153.29" = ["eu-central.manta.greenbaum.cloud"]; "10.0.1.204" = [ "cn04.lev-1" ];
"85.88.23.37" = ["git.greenbaum.cloud"]; "10.0.1.205" = [ "cn05.lev-1" ];
"10.0.1.17" = ["drone.greenbaum.cloud"]; "10.0.1.206" = [ "cn00.lev-1" ];
"10.0.1.2" = ["lev-1.adminui.greenbaum.cloud"]; "10.0.1.207" = [ "cn06.lev-1" ];
"80.71.153.10" = ["lev-1.api.greenbaum.cloud"]; "10.0.1.208" = [ "cn07.lev-1" ];
"80.71.153.12" = ["lev-1.docker.greenbaum.cloud"]; "10.101.64.10" = [ "wifi.bahn.de" ];
"80.71.153.56" = ["lev-1.monitor.greenbaum.cloud"]; "80.71.153.29" = [ "eu-central.manta.greenbaum.cloud" ];
"192.168.13.25" = ["ryzensun.local" "cloudapi.coal-1.mnx.io"]; "85.88.23.37" = [ "git.greenbaum.cloud" ];
"10.0.1.17" = [ "drone.greenbaum.cloud" ];
"10.0.1.2" = [ "lev-1.adminui.greenbaum.cloud" ];
"80.71.153.10" = [ "lev-1.api.greenbaum.cloud" ];
"80.71.153.12" = [ "lev-1.docker.greenbaum.cloud" ];
"80.71.153.56" = [ "lev-1.monitor.greenbaum.cloud" ];
"192.168.13.25" = [
"ryzensun.local"
"cloudapi.coal-1.mnx.io"
];
}; };
wireguard.enable = true; wireguard.enable = true;
wg-quick.interfaces = { wg-quick.interfaces = {
wg0 = { wg0 = {
autostart = false; autostart = false;
address = ["10.8.8.6/32"]; address = [ "10.8.8.6/32" ];
privateKeyFile = "/etc/wireguard/wg0.privatekey"; privateKeyFile = "/etc/wireguard/wg0.privatekey";
peers = [ peers = [
{ {
publicKey = "l0DJLicCrcrixNP6zAWTXNSEaNM2jML253BXEZ1KpiU="; publicKey = "l0DJLicCrcrixNP6zAWTXNSEaNM2jML253BXEZ1KpiU=";
allowedIPs = ["10.8.8.16/32" "10.0.0.0/24" "10.88.88.0/24"]; allowedIPs = [
"10.8.8.16/32"
"10.0.0.0/24"
"10.88.88.0/24"
];
endpoint = "85.88.23.16:51820"; endpoint = "85.88.23.16:51820";
persistentKeepalive = 25; persistentKeepalive = 25;
} }
@ -65,13 +74,13 @@
}; };
wg1 = { wg1 = {
autostart = false; autostart = false;
address = ["192.168.188.203/24"]; address = [ "192.168.188.203/24" ];
privateKeyFile = "/etc/wireguard/wg1.privatekey"; privateKeyFile = "/etc/wireguard/wg1.privatekey";
peers = [ peers = [
{ {
publicKey = "iZkgeA/mFxBRclCa5SJYdqffClly/uho5krebcUloCY="; publicKey = "iZkgeA/mFxBRclCa5SJYdqffClly/uho5krebcUloCY=";
allowedIPs = ["192.168.188.0/24"]; allowedIPs = [ "192.168.188.0/24" ];
presharedKeyFile = "/etc/wireguard/wg1.presharedkey"; presharedKeyFile = "/etc/wireguard/wg1.presharedkey";
#endpoint = "85.214.70.91:50163"; #endpoint = "85.214.70.91:50163";
#endpoint = "7gwzft61sc8txc4r.myfritz.net:50163"; #endpoint = "7gwzft61sc8txc4r.myfritz.net:50163";
@ -81,21 +90,24 @@
]; ];
}; };
wg2 = { wg2 = {
address = ["10.6.6.4/32"]; address = [ "10.6.6.4/32" ];
privateKeyFile = "/etc/wireguard/wg2.privatekey"; privateKeyFile = "/etc/wireguard/wg2.privatekey";
peers = [ peers = [
{ {
publicKey = "nYMmaCIW8lZ7SokivN8HXxYDch+SS1G7ab1SC9meDAw="; publicKey = "nYMmaCIW8lZ7SokivN8HXxYDch+SS1G7ab1SC9meDAw=";
presharedKeyFile = "/etc/wireguard/wg2.presharedkey"; presharedKeyFile = "/etc/wireguard/wg2.presharedkey";
allowedIPs = ["10.6.6.1/32" "10.1.1.0/24"]; allowedIPs = [
"10.6.6.1/32"
"10.1.1.0/24"
];
endpoint = "85.88.23.127:51820"; endpoint = "85.88.23.127:51820";
persistentKeepalive = 16; persistentKeepalive = 16;
} }
]; ];
}; };
wg3 = { wg3 = {
address = ["10.11.11.2/32"]; address = [ "10.11.11.2/32" ];
privateKeyFile = "/etc/wireguard/wg3.privatekey"; privateKeyFile = "/etc/wireguard/wg3.privatekey";
mtu = 1300; mtu = 1300;
@ -103,14 +115,18 @@
{ {
publicKey = "7RRgfZSneqAtAHBeI6+aaYLqz9e1jikg/lIK8mhW928="; publicKey = "7RRgfZSneqAtAHBeI6+aaYLqz9e1jikg/lIK8mhW928=";
presharedKeyFile = "/etc/wireguard/wg3.presharedkey"; presharedKeyFile = "/etc/wireguard/wg3.presharedkey";
allowedIPs = ["10.11.11.0/24" "192.168.1.0/24" "10.0.1.0/24"]; allowedIPs = [
"10.11.11.0/24"
"192.168.1.0/24"
"10.0.1.0/24"
];
endpoint = "80.71.153.1:51820"; endpoint = "80.71.153.1:51820";
persistentKeepalive = 16; persistentKeepalive = 16;
} }
]; ];
}; };
wg4 = { wg4 = {
address = ["fdaa:1:3234:a7b:16a9:0:a:202/120"]; address = [ "fdaa:1:3234:a7b:16a9:0:a:202/120" ];
privateKeyFile = "/etc/wireguard/wg4.privatekey"; privateKeyFile = "/etc/wireguard/wg4.privatekey";
postUp = "resolvectl dns wg4 fdaa:1:3234::3; resolvectl domain wg4 ~internal"; postUp = "resolvectl dns wg4 fdaa:1:3234::3; resolvectl domain wg4 ~internal";
preDown = "resolvectl revert wg4"; preDown = "resolvectl revert wg4";
@ -121,7 +137,7 @@
peers = [ peers = [
{ {
publicKey = "yUyg63j5+17YeJ7gRhxoQuF6rvdX0JF59M6skytJFTQ="; publicKey = "yUyg63j5+17YeJ7gRhxoQuF6rvdX0JF59M6skytJFTQ=";
allowedIPs = ["fdaa:1:3234::/48"]; allowedIPs = [ "fdaa:1:3234::/48" ];
#endpoint = "ams1.gateway.6pn.dev:51820"; #endpoint = "ams1.gateway.6pn.dev:51820";
endpoint = "176.58.93.206:51820"; endpoint = "176.58.93.206:51820";
persistentKeepalive = 15; persistentKeepalive = 15;
@ -130,7 +146,7 @@
}; };
wg5 = { wg5 = {
autostart = false; autostart = false;
address = ["192.168.13.201/24"]; address = [ "192.168.13.201/24" ];
privateKeyFile = "/etc/wireguard/wg5.privatekey"; privateKeyFile = "/etc/wireguard/wg5.privatekey";
postUp = "resolvectl dnsovertls wg5 no; resolvectl dns wg5 192.168.13.1; resolvectl domain wg5 ~fritz.box"; postUp = "resolvectl dnsovertls wg5 no; resolvectl dns wg5 192.168.13.1; resolvectl domain wg5 ~fritz.box";
preDown = "resolvectl revert wg5"; preDown = "resolvectl revert wg5";
@ -147,33 +163,52 @@
]; ];
}; };
wg6 = { wg6 = {
address = ["10.7.6.201/32" "fd00:fae:fae:fae:fae:201::/96"]; address = [
"10.7.6.201/32"
"fd00:fae:fae:fae:fae:201::/96"
];
privateKeyFile = "/etc/wireguard/wg6.privatekey"; privateKeyFile = "/etc/wireguard/wg6.privatekey";
peers = [ peers = [
{ # nachtigall.pub.solar {
# nachtigall.pub.solar
publicKey = "qzNywKY9RvqTnDO8eLik75/SHveaSk9OObilDzv+xkk="; publicKey = "qzNywKY9RvqTnDO8eLik75/SHveaSk9OObilDzv+xkk=";
allowedIPs = [ "10.7.6.1/32" "fd00:fae:fae:fae:fae:1::/96" ]; allowedIPs = [
"10.7.6.1/32"
"fd00:fae:fae:fae:fae:1::/96"
];
#endpoint = "138.201.80.102:51820"; #endpoint = "138.201.80.102:51820";
endpoint = "[2a01:4f8:172:1c25::1]:51820"; endpoint = "[2a01:4f8:172:1c25::1]:51820";
persistentKeepalive = 15; persistentKeepalive = 15;
} }
{ # flora-6.pub.solar {
# flora-6.pub.solar
publicKey = "jtSR5G2P/nm9s8WrVc26Xc/SQLupRxyXE+5eIeqlsTU="; publicKey = "jtSR5G2P/nm9s8WrVc26Xc/SQLupRxyXE+5eIeqlsTU=";
allowedIPs = [ "10.7.6.2/32" "fd00:fae:fae:fae:fae:2::/96" ]; allowedIPs = [
"10.7.6.2/32"
"fd00:fae:fae:fae:fae:2::/96"
];
endpoint = "80.71.153.210:51820"; endpoint = "80.71.153.210:51820";
persistentKeepalive = 15; persistentKeepalive = 15;
} }
{ # metronom.pub.solar {
# metronom.pub.solar
publicKey = "zOSYGO7MfnOOUnzaTcWiKRQM0qqxR3JQrwx/gtEtHmo="; publicKey = "zOSYGO7MfnOOUnzaTcWiKRQM0qqxR3JQrwx/gtEtHmo=";
allowedIPs = [ "10.7.6.3/32" "fd00:fae:fae:fae:fae:3::/96" ]; allowedIPs = [
"10.7.6.3/32"
"fd00:fae:fae:fae:fae:3::/96"
];
endpoint = "49.13.236.167:51820"; endpoint = "49.13.236.167:51820";
#endpoint = "[2a01:4f8:c2c:7082::]:51820"; #endpoint = "[2a01:4f8:c2c:7082::]:51820";
persistentKeepalive = 15; persistentKeepalive = 15;
} }
{ # tankstelle.pub.solar {
# tankstelle.pub.solar
publicKey = "iRTlY1lB7nPXf2eXzX8ZZDkfMmXyGjff5/joccbP8Cg="; publicKey = "iRTlY1lB7nPXf2eXzX8ZZDkfMmXyGjff5/joccbP8Cg=";
allowedIPs = [ "10.7.6.4/32" "fd00:fae:fae:fae:fae:4::/96" ]; allowedIPs = [
"10.7.6.4/32"
"fd00:fae:fae:fae:fae:4::/96"
];
#endpoint = "80.244.242.5:51820"; #endpoint = "80.244.242.5:51820";
endpoint = "[2001:4d88:1ffa:26::5]:51820"; endpoint = "[2001:4d88:1ffa:26::5]:51820";
persistentKeepalive = 15; persistentKeepalive = 15;
@ -183,7 +218,10 @@
# mozillavpn # mozillavpn
moz0 = { moz0 = {
autostart = false; autostart = false;
address = ["10.142.131.196/32" "fc00:bbbb:bbbb:bb01:d:0:e:83c4/128"]; address = [
"10.142.131.196/32"
"fc00:bbbb:bbbb:bb01:d:0:e:83c4/128"
];
privateKeyFile = "/etc/wireguard/moz0.privatekey"; privateKeyFile = "/etc/wireguard/moz0.privatekey";
#postUp = "resolvectl dns wg4 fdaa:1:3234::3; resolvectl domain wg4 ~internal"; #postUp = "resolvectl dns wg4 fdaa:1:3234::3; resolvectl domain wg4 ~internal";
#preDown = "resolvectl revert wg4"; #preDown = "resolvectl revert wg4";
@ -194,7 +232,10 @@
peers = [ peers = [
{ {
publicKey = "ku1NYeOAGbY65YL/JKZhrqVzDJKXQiVj9USXbfkOBA0="; publicKey = "ku1NYeOAGbY65YL/JKZhrqVzDJKXQiVj9USXbfkOBA0=";
allowedIPs = ["0.0.0.0/0" "::/0"]; allowedIPs = [
"0.0.0.0/0"
"::/0"
];
endpoint = "185.254.75.3:36294"; endpoint = "185.254.75.3:36294";
} }
]; ];

View file

@ -1,4 +1,5 @@
{...}: { { ... }:
{
imports = [ imports = [
./paperless.nix ./paperless.nix
./invoiceplane.nix ./invoiceplane.nix

View file

@ -3,7 +3,8 @@
lib, lib,
pkgs, pkgs,
... ...
}: { }:
{
config = { config = {
pub-solar.core.disk-encryption-active = false; pub-solar.core.disk-encryption-active = false;
@ -11,7 +12,7 @@
"/" = { "/" = {
device = "/dev/disk/by-label/NIXOS_SD"; device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4"; fsType = "ext4";
options = ["noatime"]; options = [ "noatime" ];
}; };
}; };
@ -23,9 +24,7 @@
allowSFTP = true; allowSFTP = true;
}; };
boot.kernelParams = [ boot.kernelParams = [ "boot.shell_on_fail=1" ];
"boot.shell_on_fail=1"
];
# Would decrease closure size, but currenly broken (cairo) # Would decrease closure size, but currenly broken (cairo)
#environment.noXlibs = true; #environment.noXlibs = true;
@ -38,8 +37,11 @@
settings = { settings = {
auto-optimise-store = true; auto-optimise-store = true;
sandbox = true; sandbox = true;
allowed-users = ["@wheel"]; allowed-users = [ "@wheel" ];
trusted-users = ["root" "@wheel"]; trusted-users = [
"root"
"@wheel"
];
}; };
extraOptions = '' extraOptions = ''

View file

@ -4,13 +4,15 @@
pkgs, pkgs,
lib, lib,
... ...
}: let }:
let
psCfg = config.pub-solar; psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg; xdg = config.home-manager.users."${psCfg.user.name}".xdg;
backupDir = "/var/lib/invoiceplane/backup"; backupDir = "/var/lib/invoiceplane/backup";
in { in
{
security.acme.certs = { security.acme.certs = {
"billing.faenix.eu" = {}; "billing.faenix.eu" = { };
}; };
services.nginx.virtualHosts = { services.nginx.virtualHosts = {
@ -25,7 +27,9 @@ in {
sites."billing.faenix.eu" = { sites."billing.faenix.eu" = {
enable = true; enable = true;
invoiceTemplates = [ flake.self.inputs.invoiceplane-template.packages.${pkgs.system}.invoiceplane-template ]; invoiceTemplates = [
flake.self.inputs.invoiceplane-template.packages.${pkgs.system}.invoiceplane-template
];
settings = { settings = {
IP_URL = "https://billing.faenix.eu"; IP_URL = "https://billing.faenix.eu";
@ -49,9 +53,7 @@ in {
}; };
}; };
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [ "d '${backupDir}' 0700 root root - -" ];
"d '${backupDir}' 0700 root root - -"
];
#services.restic.backups = { #services.restic.backups = {
# invoiceplane = { # invoiceplane = {

View file

@ -13,7 +13,8 @@ let
backupDir = "${xdg.dataHome}/PaperlessBackup"; backupDir = "${xdg.dataHome}/PaperlessBackup";
consumptionDir = "/home/${psCfg.user.name}/.local/share/scandir"; consumptionDir = "/home/${psCfg.user.name}/.local/share/scandir";
in { in
{
services.paperless = { services.paperless = {
enable = true; enable = true;
user = psCfg.user.name; user = psCfg.user.name;
@ -43,7 +44,7 @@ in {
}; };
security.acme.certs = { security.acme.certs = {
"paperless.faenix.eu" = {}; "paperless.faenix.eu" = { };
}; };
services.nginx = { services.nginx = {
@ -81,7 +82,10 @@ in {
# }; # };
#}; #};
networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedTCPPorts = [
80
443
];
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"d /home/${psCfg.user.name}/.local 0700 ${psCfg.user.name} users - -" "d /home/${psCfg.user.name}/.local 0700 ${psCfg.user.name} users - -"

View file

@ -1,8 +1,5 @@
{ pkgs, lib, ... }:
{ {
pkgs,
lib,
...
}: {
pub-solar.core.disk-encryption-active = false; pub-solar.core.disk-encryption-active = false;
isoImage.squashfsCompression = "gzip -Xcompression-level 1"; isoImage.squashfsCompression = "gzip -Xcompression-level 1";
systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ]; systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ];

View file

@ -1,5 +1,4 @@
{...}: { { ... }:
imports = [ {
./powder.nix imports = [ ./powder.nix ];
];
} }

View file

@ -7,13 +7,20 @@
pkgs, pkgs,
modulesPath, modulesPath,
... ...
}: { }:
imports = []; {
imports = [ ];
boot.initrd.availableKernelModules = ["ahci" "virtio_pci" "xhci_pci" "sr_mod" "virtio_blk"]; boot.initrd.availableKernelModules = [
boot.initrd.kernelModules = []; "ahci"
boot.kernelModules = []; "virtio_pci"
boot.extraModulePackages = []; "xhci_pci"
"sr_mod"
"virtio_blk"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" = { fileSystems."/" = {
device = "/dev/disk/by-label/nixos"; device = "/dev/disk/by-label/nixos";
@ -35,7 +42,7 @@
]; ];
}; };
swapDevices = []; swapDevices = [ ];
networking.useDHCP = lib.mkDefault false; networking.useDHCP = lib.mkDefault false;

View file

@ -5,7 +5,8 @@
pkgs, pkgs,
profiles, profiles,
... ...
}: { }:
{
imports = [ imports = [
# Include the results of the hardware scan. # Include the results of the hardware scan.
./hardware-configuration.nix ./hardware-configuration.nix

View file

@ -1,4 +1,5 @@
{ ... }: { { ... }:
{
imports = [ imports = [
./ryzensun.nix ./ryzensun.nix
./hardware-configuration.nix ./hardware-configuration.nix

View file

@ -7,15 +7,21 @@
pkgs, pkgs,
modulesPath, modulesPath,
... ...
}: { }:
imports = [ {
(modulesPath + "/installer/scan/not-detected.nix") imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
];
boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "sd_mod" "sr_mod"]; boot.initrd.availableKernelModules = [
boot.initrd.kernelModules = []; "nvme"
boot.kernelModules = ["kvm-amd"]; "xhci_pci"
boot.extraModulePackages = []; "ahci"
"usbhid"
"sd_mod"
"sr_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = { fileSystems."/" = {
device = "/dev/disk/by-uuid/bad2e49e-c8e7-4516-a6f8-77db999d12b0"; device = "/dev/disk/by-uuid/bad2e49e-c8e7-4516-a6f8-77db999d12b0";
@ -29,5 +35,5 @@
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices = []; swapDevices = [ ];
} }

View file

@ -1,26 +1,32 @@
{ {
networking = { networking = {
hosts = { hosts = {
"10.0.0.42" = ["nomad.service.consul" "nomad.service.cgn-1.consul"]; "10.0.0.42" = [
"10.0.0.66" = ["consul.service.cgn-1.consul"]; "nomad.service.consul"
"10.0.1.9" = ["consul.service.lev-1.consul"]; "nomad.service.cgn-1.consul"
"10.0.0.70" = ["vault.service.consul" "vault.service.cgn-1.consul"]; ];
"10.0.0.200" = ["headnode.cgn-1"]; "10.0.0.66" = [ "consul.service.cgn-1.consul" ];
"10.0.0.201" = ["cn01.cgn-1"]; "10.0.1.9" = [ "consul.service.lev-1.consul" ];
"10.0.0.202" = ["cn02.cgn-1"]; "10.0.0.70" = [
"10.0.0.205" = ["cn05.cgn-1"]; "vault.service.consul"
"10.0.0.206" = ["cn06.cgn-1"]; "vault.service.cgn-1.consul"
"10.0.0.207" = ["cn07.cgn-1"]; ];
"10.0.0.208" = ["cn08.cgn-1"]; "10.0.0.200" = [ "headnode.cgn-1" ];
"10.0.1.200" = ["headnode.lev-1"]; "10.0.0.201" = [ "cn01.cgn-1" ];
"10.0.1.201" = ["cn01.lev-1"]; "10.0.0.202" = [ "cn02.cgn-1" ];
"10.0.1.202" = ["cn02.lev-1"]; "10.0.0.205" = [ "cn05.cgn-1" ];
"10.0.1.203" = ["cn03.lev-1"]; "10.0.0.206" = [ "cn06.cgn-1" ];
"10.0.1.204" = ["cn04.lev-1"]; "10.0.0.207" = [ "cn07.cgn-1" ];
"10.0.1.205" = ["cn05.lev-1"]; "10.0.0.208" = [ "cn08.cgn-1" ];
"10.0.1.206" = ["cn00.lev-1"]; "10.0.1.200" = [ "headnode.lev-1" ];
"10.0.1.207" = ["cn06.lev-1"]; "10.0.1.201" = [ "cn01.lev-1" ];
"10.0.1.208" = ["cn07.lev-1"]; "10.0.1.202" = [ "cn02.lev-1" ];
"10.0.1.203" = [ "cn03.lev-1" ];
"10.0.1.204" = [ "cn04.lev-1" ];
"10.0.1.205" = [ "cn05.lev-1" ];
"10.0.1.206" = [ "cn00.lev-1" ];
"10.0.1.207" = [ "cn06.lev-1" ];
"10.0.1.208" = [ "cn07.lev-1" ];
}; };
interfaces.enp4s0.wakeOnLan.enable = true; interfaces.enp4s0.wakeOnLan.enable = true;
@ -28,20 +34,24 @@
wireguard.enable = true; wireguard.enable = true;
wg-quick.interfaces = { wg-quick.interfaces = {
wg0 = { wg0 = {
address = ["10.8.8.7/32"]; address = [ "10.8.8.7/32" ];
privateKeyFile = "/etc/wireguard/wg0.privatekey"; privateKeyFile = "/etc/wireguard/wg0.privatekey";
peers = [ peers = [
{ {
publicKey = "l0DJLicCrcrixNP6zAWTXNSEaNM2jML253BXEZ1KpiU="; publicKey = "l0DJLicCrcrixNP6zAWTXNSEaNM2jML253BXEZ1KpiU=";
allowedIPs = ["10.8.8.16/32" "10.0.0.0/24" "10.88.88.0/24"]; allowedIPs = [
"10.8.8.16/32"
"10.0.0.0/24"
"10.88.88.0/24"
];
endpoint = "85.88.23.16:51820"; endpoint = "85.88.23.16:51820";
persistentKeepalive = 25; persistentKeepalive = 25;
} }
]; ];
}; };
wg1 = { wg1 = {
address = ["10.11.11.6/32"]; address = [ "10.11.11.6/32" ];
privateKeyFile = "/etc/wireguard/wg1.privatekey"; privateKeyFile = "/etc/wireguard/wg1.privatekey";
mtu = 1300; mtu = 1300;
@ -49,40 +59,60 @@
{ {
publicKey = "7RRgfZSneqAtAHBeI6+aaYLqz9e1jikg/lIK8mhW928="; publicKey = "7RRgfZSneqAtAHBeI6+aaYLqz9e1jikg/lIK8mhW928=";
presharedKeyFile = "/etc/wireguard/wg1.presharedkey"; presharedKeyFile = "/etc/wireguard/wg1.presharedkey";
allowedIPs = ["10.11.11.0/24" "192.168.1.0/24" "10.0.1.0/24"]; allowedIPs = [
"10.11.11.0/24"
"192.168.1.0/24"
"10.0.1.0/24"
];
endpoint = "80.71.153.1:51820"; endpoint = "80.71.153.1:51820";
#persistentKeepalive = 16; #persistentKeepalive = 16;
} }
]; ];
}; };
wg2 = { wg2 = {
address = ["10.7.6.204/32"]; address = [ "10.7.6.204/32" ];
privateKeyFile = "/etc/wireguard/wg2.privatekey"; privateKeyFile = "/etc/wireguard/wg2.privatekey";
peers = [ peers = [
{ # nachtigall.pub.solar {
# nachtigall.pub.solar
publicKey = "qzNywKY9RvqTnDO8eLik75/SHveaSk9OObilDzv+xkk="; publicKey = "qzNywKY9RvqTnDO8eLik75/SHveaSk9OObilDzv+xkk=";
allowedIPs = [ "10.7.6.1/32" "fd00:fae:fae:fae:fae:1::/96" ]; allowedIPs = [
"10.7.6.1/32"
"fd00:fae:fae:fae:fae:1::/96"
];
#endpoint = "138.201.80.102:51820"; #endpoint = "138.201.80.102:51820";
endpoint = "[2a01:4f8:172:1c25::1]:51820"; endpoint = "[2a01:4f8:172:1c25::1]:51820";
persistentKeepalive = 15; persistentKeepalive = 15;
} }
{ # flora-6.pub.solar {
# flora-6.pub.solar
publicKey = "jtSR5G2P/nm9s8WrVc26Xc/SQLupRxyXE+5eIeqlsTU="; publicKey = "jtSR5G2P/nm9s8WrVc26Xc/SQLupRxyXE+5eIeqlsTU=";
allowedIPs = [ "10.7.6.2/32" "fd00:fae:fae:fae:fae:2::/96" ]; allowedIPs = [
"10.7.6.2/32"
"fd00:fae:fae:fae:fae:2::/96"
];
endpoint = "80.71.153.210:51820"; endpoint = "80.71.153.210:51820";
persistentKeepalive = 15; persistentKeepalive = 15;
} }
{ # metronom.pub.solar {
# metronom.pub.solar
publicKey = "zOSYGO7MfnOOUnzaTcWiKRQM0qqxR3JQrwx/gtEtHmo="; publicKey = "zOSYGO7MfnOOUnzaTcWiKRQM0qqxR3JQrwx/gtEtHmo=";
allowedIPs = [ "10.7.6.3/32" "fd00:fae:fae:fae:fae:3::/96" ]; allowedIPs = [
"10.7.6.3/32"
"fd00:fae:fae:fae:fae:3::/96"
];
endpoint = "49.13.236.167:51820"; endpoint = "49.13.236.167:51820";
#endpoint = "[2a01:4f8:c2c:7082::]:51820"; #endpoint = "[2a01:4f8:c2c:7082::]:51820";
persistentKeepalive = 15; persistentKeepalive = 15;
} }
{ # tankstelle.pub.solar {
# tankstelle.pub.solar
publicKey = "iRTlY1lB7nPXf2eXzX8ZZDkfMmXyGjff5/joccbP8Cg="; publicKey = "iRTlY1lB7nPXf2eXzX8ZZDkfMmXyGjff5/joccbP8Cg=";
allowedIPs = [ "10.7.6.4/32" "fd00:fae:fae:fae:fae:4::/96" ]; allowedIPs = [
"10.7.6.4/32"
"fd00:fae:fae:fae:fae:4::/96"
];
#endpoint = "80.244.242.5:51820"; #endpoint = "80.244.242.5:51820";
endpoint = "[2001:4d88:1ffa:26::5]:51820"; endpoint = "[2001:4d88:1ffa:26::5]:51820";
persistentKeepalive = 15; persistentKeepalive = 15;

View file

@ -8,7 +8,8 @@
let let
psCfg = config.pub-solar; psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg; xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in { in
{
config = { config = {
age.secrets.docker-ci-runner-secrets = { age.secrets.docker-ci-runner-secrets = {
file = "${flake.self}/secrets/docker-ci-runner-secrets.age"; file = "${flake.self}/secrets/docker-ci-runner-secrets.age";
@ -26,7 +27,7 @@ in {
# runnerVarsFile = config.age.secrets.docker-ci-runner-secrets.path; # runnerVarsFile = config.age.secrets.docker-ci-runner-secrets.path;
#}; #};
boot.binfmt.emulatedSystems = ["aarch64-linux"]; boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
# Required for WakeOnLan # Required for WakeOnLan
boot.initrd = { boot.initrd = {

View file

@ -1,16 +1,16 @@
let let
lock = builtins.fromJSON (builtins.readFile builtins.path { lock = builtins.fromJSON (
builtins.readFile builtins.path {
path = ../../flake.lock; path = ../../flake.lock;
name = "lockPath"; name = "lockPath";
}); }
);
flake = flake =
import import
( (fetchTarball {
fetchTarball {
url = "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz"; url = "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz";
sha256 = lock.nodes.flake-compat.locked.narHash; sha256 = lock.nodes.flake-compat.locked.narHash;
} })
)
{ {
src = builtins.path { src = builtins.path {
path = ../../.; path = ../../.;
@ -18,4 +18,4 @@ let
}; };
}; };
in in
flake flake

View file

@ -1,4 +1,5 @@
{...}: let { ... }:
let
inherit (default.inputs.nixos) lib; inherit (default.inputs.nixos) lib;
host = configs.${hostname} or configs.PubSolarOS; host = configs.${hostname} or configs.PubSolarOS;
@ -6,4 +7,4 @@
default = (import ../.).defaultNix; default = (import ../.).defaultNix;
hostname = lib.fileContents /etc/hostname; hostname = lib.fileContents /etc/hostname;
in in
host host

View file

@ -1,9 +1,12 @@
{ lib, inputs, ... }: { { lib, inputs, ... }:
{
# Configuration common to all Linux systems # Configuration common to all Linux systems
flake = { flake = {
lib = let lib =
callLibs = file: import file {inherit lib;}; let
in rec { callLibs = file: import file { inherit lib; };
in
rec {
## Define your own library functions here! ## Define your own library functions here!
#id = x: x; #id = x: x;
## Or in files, containing functions that take {lib} ## Or in files, containing functions that take {lib}
@ -12,7 +15,6 @@
deploy = import ./deploy.nix { inherit inputs lib; }; deploy = import ./deploy.nix { inherit inputs lib; };
addLocalHostname = callLibs ./add-local-hostname.nix; addLocalHostname = callLibs ./add-local-hostname.nix;
recursiveMerge = callLibs ./recursive-merge.nix;
}; };
}; };
} }

View file

@ -1,9 +1,9 @@
/* /*
* The contents of this file are adapted from digga The contents of this file are adapted from digga
* https://github.com/divnix/digga https://github.com/divnix/digga
*
* Licensed under the MIT license Licensed under the MIT license
*/ */
{ lib, inputs }: { lib, inputs }:
let let
@ -15,7 +15,8 @@ let
if (net ? domain) && (net.domain != null) then "${net.hostName}.${net.domain}" else net.hostName; if (net ? domain) && (net.domain != null) then "${net.hostName}.${net.domain}" else net.hostName;
in in
fqdn; fqdn;
in { in
{
mkDeployNodes = mkDeployNodes =
systemConfigurations: extraConfig: systemConfigurations: extraConfig:
/* /*
@ -48,7 +49,7 @@ in {
``` ```
* *
*/ */
lib.recursiveUpdate (lib.mapAttrs ( _: c: { lib.recursiveUpdate (lib.mapAttrs (_: c: {
hostname = getFqdn c; hostname = getFqdn c;
profiles.system = profiles.system =
let let

View file

@ -1,16 +0,0 @@
{ lib }:
attrList:
let
f = attrPath:
zipAttrsWith (
n: values:
if tail values == []
then head values
else if all isList values
then unique (concatLists values)
else if all isAttrs values
then f (attrPath ++ [n]) values
else last values
);
in
f [] attrList;

View file

@ -4,7 +4,8 @@
pkgs, pkgs,
lib, lib,
... ...
}: { }:
{
age.secrets."hosting-de-acme-secrets" = { age.secrets."hosting-de-acme-secrets" = {
file = "${flake.self}/secrets/hosting-de-acme-secrets.age"; file = "${flake.self}/secrets/hosting-de-acme-secrets.age";
mode = "400"; mode = "400";

View file

@ -6,10 +6,11 @@
}: }:
let let
psCfg = config.pub-solar; psCfg = config.pub-solar;
in { in
{
programs.adb.enable = true; programs.adb.enable = true;
users.users."${psCfg.user.name}" = { users.users."${psCfg.user.name}" = {
extraGroups = ["adbusers"]; extraGroups = [ "adbusers" ];
}; };
} }

View file

@ -6,9 +6,10 @@
}: }:
let let
psCfg = config.pub-solar; psCfg = config.pub-solar;
in { in
{
users.users."${psCfg.user.name}" = { users.users."${psCfg.user.name}" = {
extraGroups = ["dialout"]; extraGroups = [ "dialout" ];
packages = with pkgs; [ packages = with pkgs; [
arduino arduino
arduino-cli arduino-cli

View file

@ -7,9 +7,10 @@
let let
psCfg = config.pub-solar; psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg; xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in { in
{
users.users."${psCfg.user.name}" = { users.users."${psCfg.user.name}" = {
extraGroups = ["audio"]; extraGroups = [ "audio" ];
packages = with pkgs; [ packages = with pkgs; [
# easyeffects, e.g. for microphone noise filtering # easyeffects, e.g. for microphone noise filtering
easyeffects easyeffects
@ -42,7 +43,10 @@ in {
"context.properties" = { "context.properties" = {
default = { default = {
"clock.rate" = 48000; # Pipewire default "clock.rate" = 48000; # Pipewire default
"clock.allowed-rates" = [ 44100 48000 ]; "clock.allowed-rates" = [
44100
48000
];
}; };
}; };
}; };

View file

@ -3,15 +3,14 @@
config, config,
pkgs, pkgs,
... ...
}: { }:
{
hardware.bluetooth = { hardware.bluetooth = {
enable = true; enable = true;
# Disable bluetooth on startup to save battery # Disable bluetooth on startup to save battery
powerOnBoot = false; powerOnBoot = false;
# Disable useless SIM Access Profile plugin # Disable useless SIM Access Profile plugin
disabledPlugins = [ disabledPlugins = [ "sap" ];
"sap"
];
settings = { settings = {
General = { General = {
# Enables experimental features and interfaces. # Enables experimental features and interfaces.

View file

@ -6,7 +6,8 @@
}: }:
let let
cfg = config.pub-solar.core; cfg = config.pub-solar.core;
in { in
{
options.pub-solar.core.disk-encryption-active = lib.mkOption { options.pub-solar.core.disk-encryption-active = lib.mkOption {
type = lib.types.bool; type = lib.types.bool;
default = true; default = true;
@ -29,7 +30,7 @@ in {
kernelPackages = lib.mkDefault pkgs.linuxPackages_6_6; kernelPackages = lib.mkDefault pkgs.linuxPackages_6_6;
# Support ntfs drives # Support ntfs drives
supportedFilesystems = ["ntfs"]; supportedFilesystems = [ "ntfs" ];
}; };
}; };
} }

View file

@ -1,12 +1,9 @@
{ { config, lib, ... }:
config,
lib,
...
}:
let let
cfg = config.pub-solar.core; cfg = config.pub-solar.core;
psCfg = config.pub-solar; psCfg = config.pub-solar;
in { in
{
imports = [ imports = [
./boot.nix ./boot.nix
./hibernation.nix ./hibernation.nix
@ -32,7 +29,7 @@ in {
# Remove the complete default environment of packages like # Remove the complete default environment of packages like
# nano, perl and rsync # nano, perl and rsync
environment.defaultPackages = lib.mkForce []; environment.defaultPackages = lib.mkForce [ ];
# fileSystems."/".options = [ "noexec" ]; # fileSystems."/".options = [ "noexec" ];
} }

View file

@ -7,7 +7,8 @@
let let
cfg = config.pub-solar.core.hibernation; cfg = config.pub-solar.core.hibernation;
inherit (lib) mkOption types mkIf; inherit (lib) mkOption types mkIf;
in { in
{
options.pub-solar.core.hibernation = { options.pub-solar.core.hibernation = {
enable = mkOption { enable = mkOption {
type = types.bool; type = types.bool;
@ -31,7 +32,9 @@ in {
config = { config = {
boot = mkIf cfg.enable { boot = mkIf cfg.enable {
resumeDevice = mkIf (cfg.resumeDevice != null) cfg.resumeDevice; resumeDevice = mkIf (cfg.resumeDevice != null) cfg.resumeDevice;
kernelParams = mkIf (cfg.resumeOffset != null) ["resume_offset=${builtins.toString cfg.resumeOffset}"]; kernelParams = mkIf (cfg.resumeOffset != null) [
"resume_offset=${builtins.toString cfg.resumeOffset}"
];
}; };
}; };
} }

View file

@ -4,7 +4,8 @@
pkgs, pkgs,
lib, lib,
... ...
}: { }:
{
# disable NetworkManager and systemd-networkd -wait-online by default # disable NetworkManager and systemd-networkd -wait-online by default
systemd.services.NetworkManager-wait-online.enable = lib.mkDefault false; systemd.services.NetworkManager-wait-online.enable = lib.mkDefault false;
systemd.services.systemd-networkd-wait-online.enable = lib.mkDefault false; systemd.services.systemd-networkd-wait-online.enable = lib.mkDefault false;

View file

@ -7,7 +7,8 @@
let let
psCfg = config.pub-solar; psCfg = config.pub-solar;
cfg = config.pub-solar.core; cfg = config.pub-solar.core;
in { in
{
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
# Core unix utility packages # Core unix utility packages
coreutils-full coreutils-full

View file

@ -6,16 +6,15 @@
}: }:
let let
psCfg = config.pub-solar; psCfg = config.pub-solar;
in { in
services.udev.packages = [pkgs.yubikey-personalization]; {
services.dbus.packages = [pkgs.gcr]; services.udev.packages = [ pkgs.yubikey-personalization ];
services.dbus.packages = [ pkgs.gcr ];
services.pcscd.enable = true; services.pcscd.enable = true;
services.gnome.gnome-keyring.enable = true; services.gnome.gnome-keyring.enable = true;
users.users."${psCfg.user.name}".packages = with pkgs; [ users.users."${psCfg.user.name}".packages = with pkgs; [ libsecret ];
libsecret
];
home-manager.users."${psCfg.user.name}" = { home-manager.users."${psCfg.user.name}" = {
systemd.user.services.polkit-gnome-authentication-agent = import ./polkit-gnome-authentication-agent.service.nix pkgs; systemd.user.services.polkit-gnome-authentication-agent = import ./polkit-gnome-authentication-agent.service.nix pkgs;

View file

@ -1,15 +1,15 @@
pkgs: { pkgs: {
Unit = { Unit = {
Description = "Legacy polkit authentication agent for GNOME"; Description = "Legacy polkit authentication agent for GNOME";
Documentation = ["https://gitlab.freedesktop.org/polkit/polkit/"]; Documentation = [ "https://gitlab.freedesktop.org/polkit/polkit/" ];
BindsTo = ["sway-session.target"]; BindsTo = [ "sway-session.target" ];
After = ["sway-session.target"]; After = [ "sway-session.target" ];
}; };
Service = { Service = {
Type = "simple"; Type = "simple";
ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1"; ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
}; };
Install = { Install = {
WantedBy = ["sway-session.target"]; WantedBy = [ "sway-session.target" ];
}; };
} }

View file

@ -22,7 +22,12 @@ let
cache=${dataDir}/ddclient.cache cache=${dataDir}/ddclient.cache
foreground=yes foreground=yes
login=${cfg.username} login=${cfg.username}
password=${if cfg.protocol == "nsupdate" then "/run/${RuntimeDirectory}/ddclient.key" else "@password_placeholder@"} password=${
if cfg.protocol == "nsupdate" then
"/run/${RuntimeDirectory}/ddclient.key"
else
"@password_placeholder@"
}
protocol=${cfg.protocol} protocol=${cfg.protocol}
${lib.optionalString (cfg.script != "") "script=${cfg.script}"} ${lib.optionalString (cfg.script != "") "script=${cfg.script}"}
${lib.optionalString (cfg.server != "") "server=${cfg.server}"} ${lib.optionalString (cfg.server != "") "server=${cfg.server}"}
@ -38,26 +43,60 @@ let
preStart = '' preStart = ''
install --mode=600 --owner=$USER ${configFile} /run/${RuntimeDirectory}/ddclient.conf install --mode=600 --owner=$USER ${configFile} /run/${RuntimeDirectory}/ddclient.conf
${lib.optionalString (cfg.configFile == null) (if (cfg.protocol == "nsupdate") then '' ${lib.optionalString (cfg.configFile == null) (
if (cfg.protocol == "nsupdate") then
''
install --mode=600 --owner=$USER ${cfg.passwordFile} /run/${RuntimeDirectory}/ddclient.key install --mode=600 --owner=$USER ${cfg.passwordFile} /run/${RuntimeDirectory}/ddclient.key
'' else if (cfg.passwordFile != null) then '' ''
else if (cfg.passwordFile != null) then
''
"${pkgs.replace-secret}/bin/replace-secret" "@password_placeholder@" "${cfg.passwordFile}" "/run/${RuntimeDirectory}/ddclient.conf" "${pkgs.replace-secret}/bin/replace-secret" "@password_placeholder@" "${cfg.passwordFile}" "/run/${RuntimeDirectory}/ddclient.conf"
'' else '' ''
else
''
sed -i '/^password=@password_placeholder@$/d' /run/${RuntimeDirectory}/ddclient.conf sed -i '/^password=@password_placeholder@$/d' /run/${RuntimeDirectory}/ddclient.conf
'')} ''
)}
''; '';
in with lib; { in
disabledModules = [ with lib;
"services/networking/ddclient.nix" {
]; disabledModules = [ "services/networking/ddclient.nix" ];
imports = [ imports = [
(mkChangedOptionModule [ "services" "ddclient" "domain" ] [ "services" "ddclient" "domains" ] (mkChangedOptionModule
(config: [
let value = getAttrFromPath [ "services" "ddclient" "domain" ] config; "services"
in if value != "" then [ value ] else [])) "ddclient"
(mkRemovedOptionModule [ "services" "ddclient" "homeDir" ] "") "domain"
(mkRemovedOptionModule [ "services" "ddclient" "password" ] "Use services.ddclient.passwordFile instead.") ]
[
"services"
"ddclient"
"domains"
]
(
config:
let
value = getAttrFromPath [
"services"
"ddclient"
"domain"
] config;
in
if value != "" then [ value ] else [ ]
)
)
(mkRemovedOptionModule [
"services"
"ddclient"
"homeDir"
] "")
(mkRemovedOptionModule [
"services"
"ddclient"
"password"
] "Use services.ddclient.passwordFile instead.")
]; ];
###### interface ###### interface
@ -91,7 +130,9 @@ in with lib; {
username = mkOption { username = mkOption {
# For `nsupdate` username contains the path to the nsupdate executable # For `nsupdate` username contains the path to the nsupdate executable
default = lib.optionalString (config.services.ddclient.protocol == "nsupdate") "${pkgs.bind.dnsutils}/bin/nsupdate"; default = lib.optionalString (
config.services.ddclient.protocol == "nsupdate"
) "${pkgs.bind.dnsutils}/bin/nsupdate";
defaultText = ""; defaultText = "";
type = str; type = str;
description = lib.mdDoc '' description = lib.mdDoc ''
@ -212,7 +253,6 @@ in with lib; {
}; };
}; };
###### implementation ###### implementation
config = mkIf config.services.ddclient.enable { config = mkIf config.services.ddclient.enable {

View file

@ -1,8 +1,5 @@
{ self, inputs, ... }:
{ {
self,
inputs,
...
}: {
flake = { flake = {
nixosModules = rec { nixosModules = rec {
acme = import ./acme; acme = import ./acme;

View file

@ -1,11 +1,8 @@
{ { config, pkgs, ... }:
config,
pkgs,
...
}:
let let
psCfg = config.pub-solar; psCfg = config.pub-solar;
in { in
{
users.users."${psCfg.user.name}".packages = with pkgs; [ users.users."${psCfg.user.name}".packages = with pkgs; [
ungoogled-chromium ungoogled-chromium

View file

@ -6,14 +6,13 @@
}: }:
let let
psCfg = config.pub-solar; psCfg = config.pub-solar;
in { in
{
virtualisation.docker.enable = true; virtualisation.docker.enable = true;
users.users."${psCfg.user.name}" = { users.users."${psCfg.user.name}" = {
extraGroups = ["docker"]; extraGroups = [ "docker" ];
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [ docker-compose ];
docker-compose
];
} }

View file

@ -6,7 +6,8 @@
}: }:
let let
psCfg = config.pub-solar; psCfg = config.pub-solar;
in { in
{
users.users."${psCfg.user.name}".packages = with pkgs; [ users.users."${psCfg.user.name}".packages = with pkgs; [
w3m w3m
urlscan urlscan
@ -37,17 +38,23 @@ in {
macro index <f5> '<sync-mailbox><enter-command>source $XDG_CONFIG_HOME/mutt/admins@pub.solar.muttrc<enter><change-folder>!<enter>' macro index <f5> '<sync-mailbox><enter-command>source $XDG_CONFIG_HOME/mutt/admins@pub.solar.muttrc<enter><change-folder>!<enter>'
macro index <f6> '<sync-mailbox><enter-command>source $XDG_CONFIG_HOME/mutt/crew@pub.solar.muttrc<enter><change-folder>!<enter>' macro index <f6> '<sync-mailbox><enter-command>source $XDG_CONFIG_HOME/mutt/crew@pub.solar.muttrc<enter><change-folder>!<enter>'
''; '';
xdg.configFile."mutt/hello@benjaminbaedorf.eu.muttrc".source = ./.config/mutt + "/hello@benjaminbaedorf.eu.muttrc"; xdg.configFile."mutt/hello@benjaminbaedorf.eu.muttrc".source =
xdg.configFile."mutt/benjamin.baedorf@rwth-aachen.de.muttrc".source = ./.config/mutt + "/benjamin.baedorf@rwth-aachen.de.muttrc"; ./.config/mutt + "/hello@benjaminbaedorf.eu.muttrc";
xdg.configFile."mutt/hello@benjaminbaedorf.eu.signature".source = ./.config/mutt + "/hello@benjaminbaedorf.eu.signature"; xdg.configFile."mutt/benjamin.baedorf@rwth-aachen.de.muttrc".source =
./.config/mutt + "/benjamin.baedorf@rwth-aachen.de.muttrc";
xdg.configFile."mutt/hello@benjaminbaedorf.eu.signature".source =
./.config/mutt + "/hello@benjaminbaedorf.eu.signature";
xdg.configFile."mutt/byb@miom.space.muttrc".source = ./.config/mutt + "/byb@miom.space.muttrc"; xdg.configFile."mutt/byb@miom.space.muttrc".source = ./.config/mutt + "/byb@miom.space.muttrc";
xdg.configFile."mutt/byb@miom.space.signature".source = ./.config/mutt + "/byb@miom.space.signature"; xdg.configFile."mutt/byb@miom.space.signature".source =
./.config/mutt + "/byb@miom.space.signature";
xdg.configFile."mutt/mail@b12f.io.muttrc".source = ./.config/mutt + "/mail@b12f.io.muttrc"; xdg.configFile."mutt/mail@b12f.io.muttrc".source = ./.config/mutt + "/mail@b12f.io.muttrc";
xdg.configFile."mutt/mail@b12f.io.signature".source = ./.config/mutt + "/mail@b12f.io.signature"; xdg.configFile."mutt/mail@b12f.io.signature".source = ./.config/mutt + "/mail@b12f.io.signature";
xdg.configFile."mutt/admins@pub.solar.muttrc".source = ./.config/mutt + "/admins@pub.solar.muttrc"; xdg.configFile."mutt/admins@pub.solar.muttrc".source = ./.config/mutt + "/admins@pub.solar.muttrc";
xdg.configFile."mutt/admins@pub.solar.signature".source = ./.config/mutt + "/admins@pub.solar.signature"; xdg.configFile."mutt/admins@pub.solar.signature".source =
./.config/mutt + "/admins@pub.solar.signature";
xdg.configFile."mutt/crew@pub.solar.muttrc".source = ./.config/mutt + "/crew@pub.solar.muttrc"; xdg.configFile."mutt/crew@pub.solar.muttrc".source = ./.config/mutt + "/crew@pub.solar.muttrc";
xdg.configFile."mutt/crew@pub.solar.signature".source = ./.config/mutt + "/crew@pub.solar.signature"; xdg.configFile."mutt/crew@pub.solar.signature".source =
./.config/mutt + "/crew@pub.solar.signature";
xdg.configFile."offlineimap/config".source = ./.config/offlineimap/config; xdg.configFile."offlineimap/config".source = ./.config/offlineimap/config;
xdg.configFile."msmtp/config".source = ./.config/msmtp/config; xdg.configFile."msmtp/config".source = ./.config/msmtp/config;
}; };

View file

@ -6,11 +6,10 @@
}: }:
let let
psCfg = config.pub-solar; psCfg = config.pub-solar;
in { in
{
programs.steam.enable = true; programs.steam.enable = true;
nixpkgs.config.packageOverrides = pkgs: { nixpkgs.config.packageOverrides = pkgs: { steam = pkgs.steam.override { }; };
steam = pkgs.steam.override {};
};
users.users."${psCfg.user.name}".packages = with pkgs; [ users.users."${psCfg.user.name}".packages = with pkgs; [
playonlinux playonlinux

View file

@ -6,20 +6,16 @@
}: }:
let let
psCfg = config.pub-solar; psCfg = config.pub-solar;
tomlFormat = pkgs.formats.toml {}; tomlFormat = pkgs.formats.toml { };
sessionVariables = { sessionVariables = {
WLR_RENDERER = WLR_RENDERER = if psCfg.graphical.wayland.software-renderer.enable then "pixman" else "gles2";
if psCfg.graphical.wayland.software-renderer.enable
then "pixman"
else "gles2";
# Fix KeepassXC rendering issue # Fix KeepassXC rendering issue
# https://github.com/void-linux/void-packages/issues/23517 # https://github.com/void-linux/void-packages/issues/23517
QT_AUTO_SCREEN_SCALE_FACTOR = "0"; QT_AUTO_SCREEN_SCALE_FACTOR = "0";
}; };
in { in
imports = [ {
./sway imports = [ ./sway ];
];
options.pub-solar.graphical = { options.pub-solar.graphical = {
wayland.software-renderer.enable = lib.mkOption { wayland.software-renderer.enable = lib.mkOption {
@ -63,7 +59,7 @@ in {
style = "gtk2"; style = "gtk2";
}; };
services.udev.packages = with pkgs; [gnome3.gnome-settings-daemon]; services.udev.packages = with pkgs; [ gnome3.gnome-settings-daemon ];
# Enable Sushi, a quick previewer for nautilus # Enable Sushi, a quick previewer for nautilus
services.gnome.sushi.enable = true; services.gnome.sushi.enable = true;
# Enable GVfs, a userspace virtual filesystem # Enable GVfs, a userspace virtual filesystem
@ -79,8 +75,8 @@ in {
enableDefaultPackages = true; enableDefaultPackages = true;
fontconfig.enable = true; fontconfig.enable = true;
fontconfig.defaultFonts = { fontconfig.defaultFonts = {
monospace = ["DejaVu Sans Mono for Powerline"]; monospace = [ "DejaVu Sans Mono for Powerline" ];
sansSerif = ["DejaVu Sans"]; sansSerif = [ "DejaVu Sans" ];
}; };
}; };

View file

@ -1,15 +1,15 @@
pkgs: { pkgs: {
Unit = { Unit = {
Description = "Network Manager applet"; Description = "Network Manager applet";
BindsTo = ["sway-session.target"]; BindsTo = [ "sway-session.target" ];
After = ["sway-session.target"]; After = [ "sway-session.target" ];
# ConditionEnvironment requires systemd v247 to work correctly # ConditionEnvironment requires systemd v247 to work correctly
ConditionEnvironment = ["WAYLAND_DISPLAY"]; ConditionEnvironment = [ "WAYLAND_DISPLAY" ];
}; };
Service = { Service = {
ExecStart = "${pkgs.networkmanagerapplet}/bin/nm-applet --sm-disable --indicator"; ExecStart = "${pkgs.networkmanagerapplet}/bin/nm-applet --sm-disable --indicator";
}; };
Install = { Install = {
WantedBy = ["sway-session.target"]; WantedBy = [ "sway-session.target" ];
}; };
} }

View file

@ -1,17 +1,14 @@
{ { pkgs, psCfg, ... }:
pkgs,
psCfg,
...
}:
'' ''
# Set shut down, restart and locking features # Set shut down, restart and locking features
'' ''
+ ( + (
if psCfg.core.hibernation.enable if psCfg.core.hibernation.enable then
then '' ''
set $mode_system (e)xit, (h)ibernate, (l)ock, (s)uspend, (r)eboot, (Shift+s)hutdown set $mode_system (e)xit, (h)ibernate, (l)ock, (s)uspend, (r)eboot, (Shift+s)hutdown
'' ''
else '' else
''
set $mode_system (e)xit, (l)ock, (s)uspend, (r)eboot, (Shift+s)hutdown set $mode_system (e)xit, (l)ock, (s)uspend, (r)eboot, (Shift+s)hutdown
'' ''
) )
@ -22,11 +19,12 @@
bindsym e exec swaymsg exit, mode "default" bindsym e exec swaymsg exit, mode "default"
'' ''
+ ( + (
if psCfg.core.hibernation.enable if psCfg.core.hibernation.enable then
then '' ''
bindsym h exec systemctl hibernate, mode "default" bindsym h exec systemctl hibernate, mode "default"
'' ''
else "" else
""
) )
+ '' + ''
bindsym l exec ${pkgs.swaylock-bg}/bin/swaylock-bg, mode "default" bindsym l exec ${pkgs.swaylock-bg}/bin/swaylock-bg, mode "default"
@ -37,5 +35,5 @@
# exit system mode: "Enter" or "Escape" # exit system mode: "Enter" or "Escape"
bindsym Return mode "default" bindsym Return mode "default"
bindsym Escape mode "default" bindsym Escape mode "default"
} }
'' ''

View file

@ -1,8 +1,5 @@
{ { config, pkgs, ... }:
config, ''
pkgs,
...
}: ''
# Default config for sway # Default config for sway
# #
# Copy this to ~/.config/sway/config and edit it to your liking. # Copy this to ~/.config/sway/config and edit it to your liking.

View file

@ -1,7 +1,5 @@
{ { psCfg, pkgs }:
psCfg, "
pkgs,
}: "
address=0.0.0.0 address=0.0.0.0
enable_auth=true enable_auth=true
username=${psCfg.user.name} username=${psCfg.user.name}

View file

@ -8,7 +8,8 @@
let let
psCfg = config.pub-solar; psCfg = config.pub-solar;
inherit (lib) mkIf mkOption types; inherit (lib) mkIf mkOption types;
in { in
{
options.pub-solar.graphical = { options.pub-solar.graphical = {
v4l2loopback.enable = mkOption { v4l2loopback.enable = mkOption {
type = types.bool; type = types.bool;
@ -19,8 +20,8 @@ in {
config = { config = {
boot = mkIf psCfg.graphical.v4l2loopback.enable { boot = mkIf psCfg.graphical.v4l2loopback.enable {
extraModulePackages = with config.boot.kernelPackages; [v4l2loopback]; extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
kernelModules = ["v4l2loopback"]; kernelModules = [ "v4l2loopback" ];
extraModprobeConfig = '' extraModprobeConfig = ''
options v4l2loopback exclusive_caps=1 devices=3 options v4l2loopback exclusive_caps=1 devices=3
''; '';
@ -44,7 +45,7 @@ in {
}; };
}; };
}; };
extraPortals = with pkgs; [xdg-desktop-portal-gtk]; extraPortals = with pkgs; [ xdg-desktop-portal-gtk ];
}; };
services.pipewire.enable = true; services.pipewire.enable = true;
@ -80,9 +81,7 @@ in {
]; ];
home-manager.users."${psCfg.user.name}" = { home-manager.users."${psCfg.user.name}" = {
imports = [ imports = [ flake.self.inputs.wayland-pipewire-idle-inhibit.homeModules.default ];
flake.self.inputs.wayland-pipewire-idle-inhibit.homeModules.default
];
services.wayland-pipewire-idle-inhibit = { services.wayland-pipewire-idle-inhibit = {
enable = true; enable = true;
@ -106,18 +105,20 @@ in {
#programs.waybar.systemd.enable = true; #programs.waybar.systemd.enable = true;
systemd.user.services.swaynotificationcenter = import ./swaynotificationcenter.service.nix pkgs; systemd.user.services.swaynotificationcenter = import ./swaynotificationcenter.service.nix pkgs;
systemd.user.services.sway = import ./sway.service.nix {inherit pkgs psCfg;}; systemd.user.services.sway = import ./sway.service.nix { inherit pkgs psCfg; };
systemd.user.services.swayidle = import ./swayidle.service.nix {inherit pkgs psCfg;}; systemd.user.services.swayidle = import ./swayidle.service.nix { inherit pkgs psCfg; };
systemd.user.services.xsettingsd = import ./xsettingsd.service.nix {inherit pkgs psCfg;}; systemd.user.services.xsettingsd = import ./xsettingsd.service.nix { inherit pkgs psCfg; };
systemd.user.services.waybar = import ./waybar.service.nix {inherit pkgs psCfg;}; systemd.user.services.waybar = import ./waybar.service.nix { inherit pkgs psCfg; };
systemd.user.targets.sway-session = import ./sway-session.target.nix {inherit pkgs psCfg;}; systemd.user.targets.sway-session = import ./sway-session.target.nix { inherit pkgs psCfg; };
xdg.configFile."sway/config".text = import ./config/config.nix {inherit config pkgs;}; xdg.configFile."sway/config".text = import ./config/config.nix { inherit config pkgs; };
xdg.configFile."sway/config.d/colorscheme.conf".source = ./config/config.d/colorscheme.conf; xdg.configFile."sway/config.d/colorscheme.conf".source = ./config/config.d/colorscheme.conf;
xdg.configFile."sway/config.d/theme.conf".source = ./config/config.d/theme.conf; xdg.configFile."sway/config.d/theme.conf".source = ./config/config.d/theme.conf;
xdg.configFile."sway/config.d/gaps.conf".source = ./config/config.d/gaps.conf; xdg.configFile."sway/config.d/gaps.conf".source = ./config/config.d/gaps.conf;
xdg.configFile."sway/config.d/custom-keybindings.conf".source = ./config/config.d/custom-keybindings.conf; xdg.configFile."sway/config.d/custom-keybindings.conf".source = ./config/config.d/custom-keybindings.conf;
xdg.configFile."sway/config.d/mode_system.conf".text = import ./config/config.d/mode_system.conf.nix {inherit pkgs psCfg;}; xdg.configFile."sway/config.d/mode_system.conf".text =
import ./config/config.d/mode_system.conf.nix
{ inherit pkgs psCfg; };
xdg.configFile."sway/config.d/applications.conf".source = ./config/config.d/applications.conf; xdg.configFile."sway/config.d/applications.conf".source = ./config/config.d/applications.conf;
xdg.configFile."sway/config.d/systemd.conf".source = ./config/config.d/systemd.conf; xdg.configFile."sway/config.d/systemd.conf".source = ./config/config.d/systemd.conf;
}; };

View file

@ -1,17 +1,18 @@
{pkgs, ...}: { { pkgs, ... }:
{
Unit = { Unit = {
Description = "set color temperature of display according to time of day"; Description = "set color temperature of display according to time of day";
Documentation = ["man:gammastep(1)"]; Documentation = [ "man:gammastep(1)" ];
BindsTo = ["sway-session.target"]; BindsTo = [ "sway-session.target" ];
After = ["sway-session.target"]; After = [ "sway-session.target" ];
# ConditionEnvironment requires systemd v247 to work correctly # ConditionEnvironment requires systemd v247 to work correctly
ConditionEnvironment = ["WAYLAND_DISPLAY"]; ConditionEnvironment = [ "WAYLAND_DISPLAY" ];
}; };
Service = { Service = {
Type = "simple"; Type = "simple";
ExecStart = "${pkgs.gammastep}/bin/gammastep -l geoclue2 -m wayland -v"; ExecStart = "${pkgs.gammastep}/bin/gammastep -l geoclue2 -m wayland -v";
}; };
Install = { Install = {
WantedBy = ["sway-session.target"]; WantedBy = [ "sway-session.target" ];
}; };
} }

View file

@ -1,9 +1,10 @@
{pkgs, ...}: { { pkgs, ... }:
{
Unit = { Unit = {
Description = "Actions gestures on your touchpad using libinput"; Description = "Actions gestures on your touchpad using libinput";
Documentation = ["https://github.com/bulletmark/libinput-gestures"]; Documentation = [ "https://github.com/bulletmark/libinput-gestures" ];
BindsTo = ["sway-session.target"]; BindsTo = [ "sway-session.target" ];
After = ["sway-session.target"]; After = [ "sway-session.target" ];
}; };
Service = { Service = {
Type = "simple"; Type = "simple";
@ -13,6 +14,6 @@
TimeoutStopSec = "10"; TimeoutStopSec = "10";
}; };
Install = { Install = {
WantedBy = ["sway-session.target"]; WantedBy = [ "sway-session.target" ];
}; };
} }

View file

@ -1,10 +1,11 @@
{pkgs, ...}: { { pkgs, ... }:
{
Unit = { Unit = {
Description = "Lightweight Wayland notification daemon"; Description = "Lightweight Wayland notification daemon";
Documentation = ["man:mako(1)"]; Documentation = [ "man:mako(1)" ];
BindsTo = ["sway-session.target"]; BindsTo = [ "sway-session.target" ];
After = ["sway-session.target"]; After = [ "sway-session.target" ];
ConditionEnvironment = ["WAYLAND_DISPLAY"]; ConditionEnvironment = [ "WAYLAND_DISPLAY" ];
}; };
Service = { Service = {
Type = "dbus"; Type = "dbus";
@ -13,6 +14,6 @@
ExecReload = "${pkgs.mako}/bin/makoctl reload"; ExecReload = "${pkgs.mako}/bin/makoctl reload";
}; };
Install = { Install = {
WantedBy = ["sway-session.target"]; WantedBy = [ "sway-session.target" ];
}; };
} }

View file

@ -1,9 +1,10 @@
{pkgs, ...}: { { pkgs, ... }:
{
Unit = { Unit = {
Description = "sway compositor session"; Description = "sway compositor session";
Documentation = ["man:systemd.special(7)"]; Documentation = [ "man:systemd.special(7)" ];
BindsTo = ["graphical-session.target"]; BindsTo = [ "graphical-session.target" ];
Wants = ["graphical-session-pre.target"]; Wants = [ "graphical-session-pre.target" ];
After = ["graphical-session-pre.target"]; After = [ "graphical-session-pre.target" ];
}; };
} }

View file

@ -1,10 +1,11 @@
{pkgs, ...}: { { pkgs, ... }:
{
Unit = { Unit = {
Description = "sway - SirCmpwn's Wayland window manager"; Description = "sway - SirCmpwn's Wayland window manager";
Documentation = ["man:sway(5)"]; Documentation = [ "man:sway(5)" ];
BindsTo = ["graphical-session.target"]; BindsTo = [ "graphical-session.target" ];
Wants = ["graphical-session-pre.target"]; Wants = [ "graphical-session-pre.target" ];
After = ["graphical-session-pre.target"]; After = [ "graphical-session-pre.target" ];
}; };
Service = { Service = {
Type = "simple"; Type = "simple";

View file

@ -1,14 +1,11 @@
{ pkgs, psCfg, ... }:
{ {
pkgs,
psCfg,
...
}: {
Unit = { Unit = {
Description = "Idle manager for Wayland"; Description = "Idle manager for Wayland";
Documentation = ["man:swayidle(1)"]; Documentation = [ "man:swayidle(1)" ];
BindsTo = ["graphical-session.target"]; BindsTo = [ "graphical-session.target" ];
Wants = ["graphical-session-pre.target"]; Wants = [ "graphical-session-pre.target" ];
After = ["graphical-session-pre.target"]; After = [ "graphical-session-pre.target" ];
}; };
Service = { Service = {
Type = "simple"; Type = "simple";
@ -21,6 +18,6 @@
''; '';
}; };
Install = { Install = {
WantedBy = ["sway-session.target"]; WantedBy = [ "sway-session.target" ];
}; };
} }

View file

@ -2,11 +2,11 @@ pkgs: {
Unit = { Unit = {
Description = "Swaync notification daemon"; Description = "Swaync notification daemon";
Documentation = "https://github.com/ErikReider/SwayNotificationCenter"; Documentation = "https://github.com/ErikReider/SwayNotificationCenter";
BindsTo = ["sway-session.target"]; BindsTo = [ "sway-session.target" ];
After = ["sway-session.target"]; After = [ "sway-session.target" ];
Requisite = ["graphical-session.target"]; Requisite = [ "graphical-session.target" ];
# ConditionEnvironment requires systemd v247 to work correctly # ConditionEnvironment requires systemd v247 to work correctly
ConditionEnvironment = ["WAYLAND_DISPLAY"]; ConditionEnvironment = [ "WAYLAND_DISPLAY" ];
}; };
Service = { Service = {
Type = "dbus"; Type = "dbus";
@ -16,6 +16,6 @@ pkgs: {
Restart = "on-failure"; Restart = "on-failure";
}; };
Install = { Install = {
WantedBy = ["sway-session.target"]; WantedBy = [ "sway-session.target" ];
}; };
} }

View file

@ -1,11 +1,19 @@
{pkgs, ...}: { { pkgs, ... }:
{
Unit = { Unit = {
Description = "Highly customizable Wayland bar for Sway and Wlroots based compositors."; Description = "Highly customizable Wayland bar for Sway and Wlroots based compositors.";
Documentation = "https://github.com/Alexays/Waybar/wiki/"; Documentation = "https://github.com/Alexays/Waybar/wiki/";
BindsTo = ["sway-session.target"]; BindsTo = [ "sway-session.target" ];
After = ["sway-session.target" "network-online.target"]; After = [
Wants = ["graphical-session-pre.target" "network-online.target" "blueman-applet.service"]; "sway-session.target"
ConditionEnvironment = ["WAYLAND_DISPLAY"]; "network-online.target"
];
Wants = [
"graphical-session-pre.target"
"network-online.target"
"blueman-applet.service"
];
ConditionEnvironment = [ "WAYLAND_DISPLAY" ];
}; };
Service = { Service = {
@ -16,6 +24,6 @@
}; };
Install = { Install = {
WantedBy = ["sway-session.target"]; WantedBy = [ "sway-session.target" ];
}; };
} }

View file

@ -1,11 +1,12 @@
{pkgs, ...}: { { pkgs, ... }:
{
Unit = { Unit = {
Description = "X Settings Daemon"; Description = "X Settings Daemon";
Documentation = ["https://github.com/derat/xsettingsd/wiki/Installation"]; Documentation = [ "https://github.com/derat/xsettingsd/wiki/Installation" ];
BindsTo = ["sway-session.target"]; BindsTo = [ "sway-session.target" ];
After = ["sway-session.target"]; After = [ "sway-session.target" ];
# ConditionEnvironment requires systemd v247 to work correctly # ConditionEnvironment requires systemd v247 to work correctly
ConditionEnvironment = ["WAYLAND_DISPLAY"]; ConditionEnvironment = [ "WAYLAND_DISPLAY" ];
}; };
Service = { Service = {
Type = "simple"; Type = "simple";
@ -13,6 +14,6 @@
ExecStop = "/run/current-system/sw/bin/env pkill xsettingsd"; ExecStop = "/run/current-system/sw/bin/env pkill xsettingsd";
}; };
Install = { Install = {
WantedBy = ["sway-session.target"]; WantedBy = [ "sway-session.target" ];
}; };
} }

View file

@ -1,9 +1,10 @@
{pkgs, ...}: { { pkgs, ... }:
{
Unit = { Unit = {
Description = "ydotool - Generic command-line automation tool (no X!)"; Description = "ydotool - Generic command-line automation tool (no X!)";
Documentation = ["https://github.com/ReimuNotMoe/ydotool"]; Documentation = [ "https://github.com/ReimuNotMoe/ydotool" ];
BindsTo = ["sway-session.target"]; BindsTo = [ "sway-session.target" ];
After = ["sway-session.target"]; After = [ "sway-session.target" ];
}; };
Service = { Service = {
Type = "simple"; Type = "simple";
@ -13,6 +14,6 @@
TimeoutStopSec = "10"; TimeoutStopSec = "10";
}; };
Install = { Install = {
WantedBy = ["sway-session.target"]; WantedBy = [ "sway-session.target" ];
}; };
} }

View file

@ -1,11 +1,11 @@
{config, ...}: { { config, ... }:
{
home-manager.sharedModules = [ home-manager.sharedModules = [
{ {
home.sessionVariables = { home.sessionVariables = {
inherit (config.environment.sessionVariables) NIX_PATH; inherit (config.environment.sessionVariables) NIX_PATH;
}; };
xdg.configFile."nix/registry.json".text = xdg.configFile."nix/registry.json".text = config.environment.etc."nix/registry.json".text;
config.environment.etc."nix/registry.json".text;
} }
]; ];
} }

View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
let let
inherit (lib) inherit (lib)
@ -24,14 +29,17 @@ let
mkOption mkOption
nameValuePair nameValuePair
optionalString optionalString
types; types
;
cfg = config.services.invoiceplane; cfg = config.services.invoiceplane;
eachSite = cfg.sites; eachSite = cfg.sites;
user = "invoiceplane"; user = "invoiceplane";
webserver = config.services.${cfg.webserver}; webserver = config.services.${cfg.webserver};
invoiceplane-config = hostName: cfg: pkgs.writeText "ipconfig.php" '' invoiceplane-config =
hostName: cfg:
pkgs.writeText "ipconfig.php" ''
IP_URL=http://${hostName} IP_URL=http://${hostName}
ENABLE_DEBUG=false ENABLE_DEBUG=false
DISABLE_SETUP=false DISABLE_SETUP=false
@ -39,7 +47,11 @@ let
DB_HOSTNAME=${cfg.database.host} DB_HOSTNAME=${cfg.database.host}
DB_USERNAME=${cfg.database.user} DB_USERNAME=${cfg.database.user}
# NOTE: file_get_contents adds newline at the end of returned string # NOTE: file_get_contents adds newline at the end of returned string
DB_PASSWORD=${optionalString (cfg.database.passwordFile != null) "trim(file_get_contents('${cfg.database.passwordFile}'), \"\\r\\n\")"} DB_PASSWORD=${
optionalString (
cfg.database.passwordFile != null
) "trim(file_get_contents('${cfg.database.passwordFile}'), \"\\r\\n\")"
}
DB_DATABASE=${cfg.database.name} DB_DATABASE=${cfg.database.name}
DB_PORT=${toString cfg.database.port} DB_PORT=${toString cfg.database.port}
SESS_EXPIRATION=864000 SESS_EXPIRATION=864000
@ -51,20 +63,30 @@ let
REMOVE_INDEXPHP=true REMOVE_INDEXPHP=true
''; '';
mkPhpValue = v: mkPhpValue =
if isString v then escapeShellArg v v:
if isString v then
escapeShellArg v
# NOTE: If any value contains a , (comma) this will not get escaped # NOTE: If any value contains a , (comma) this will not get escaped
else if isList v && any lib.strings.isCoercibleToString v then escapeShellArg (concatMapStringsSep "," toString v) else if isList v && any lib.strings.isCoercibleToString v then
else if isInt v then toString v escapeShellArg (concatMapStringsSep "," toString v)
else if isBool v then boolToString v else if isInt v then
else abort "The Invoiceplane config value ${lib.generators.toPretty {} v} can not be encoded." toString v
; else if isBool v then
boolToString v
else
abort "The Invoiceplane config value ${lib.generators.toPretty { } v} can not be encoded.";
extraConfig = hostName: cfg: let extraConfig =
hostName: cfg:
let
settings = mapAttrsToList (k: v: "${k}=${mkPhpValue v}") cfg.settings; settings = mapAttrsToList (k: v: "${k}=${mkPhpValue v}") cfg.settings;
in pkgs.writeText "extraConfig.php" (concatStringsSep "\n" settings); in
pkgs.writeText "extraConfig.php" (concatStringsSep "\n" settings);
pkg = hostName: cfg: pkgs.stdenv.mkDerivation rec { pkg =
hostName: cfg:
pkgs.stdenv.mkDerivation rec {
pname = "invoiceplane-${hostName}"; pname = "invoiceplane-${hostName}";
version = src.version; version = src.version;
src = pkgs.invoiceplane; src = pkgs.invoiceplane;
@ -92,11 +114,14 @@ let
ln -s ${extraConfig hostName cfg} $out/extraConfig.php ln -s ${extraConfig hostName cfg} $out/extraConfig.php
# symlink additional templates # symlink additional templates
${concatMapStringsSep "\n" (template: "cp -r ${template}/. $out/application/views/invoice_templates/pdf/") cfg.invoiceTemplates} ${concatMapStringsSep "\n" (
template: "cp -r ${template}/. $out/application/views/invoice_templates/pdf/"
) cfg.invoiceTemplates}
''; '';
}; };
siteOpts = { name, ... }: siteOpts =
{ name, ... }:
{ {
options = { options = {
@ -156,7 +181,7 @@ let
invoiceTemplates = mkOption { invoiceTemplates = mkOption {
type = types.listOf types.path; type = types.listOf types.path;
default = []; default = [ ];
description = '' description = ''
List of path(s) to respective template(s) which are copied from the 'invoice_templates/pdf' directory. List of path(s) to respective template(s) which are copied from the 'invoice_templates/pdf' directory.
@ -187,7 +212,13 @@ let
}; };
poolConfig = mkOption { poolConfig = mkOption {
type = with types; attrsOf (oneOf [ str int bool ]); type =
with types;
attrsOf (oneOf [
str
int
bool
]);
default = { default = {
"pm" = "dynamic"; "pm" = "dynamic";
"pm.max_children" = 32; "pm.max_children" = 32;
@ -204,7 +235,7 @@ let
settings = mkOption { settings = mkOption {
type = types.attrsOf types.anything; type = types.attrsOf types.anything;
default = {}; default = { };
description = '' description = ''
Structural InvoicePlane configuration. Refer to Structural InvoicePlane configuration. Refer to
<https://github.com/InvoicePlane/InvoicePlane/blob/master/ipconfig.php.example> <https://github.com/InvoicePlane/InvoicePlane/blob/master/ipconfig.php.example>
@ -241,9 +272,7 @@ let
}; };
in in
{ {
disabledModules = [ disabledModules = [ "services/web-apps/invoiceplane.nix" ];
"services/web-apps/invoiceplane.nix"
];
# interface # interface
options = { options = {
@ -252,12 +281,15 @@ in
options.sites = mkOption { options.sites = mkOption {
type = types.attrsOf (types.submodule siteOpts); type = types.attrsOf (types.submodule siteOpts);
default = {}; default = { };
description = "Specification of one or more WordPress sites to serve"; description = "Specification of one or more WordPress sites to serve";
}; };
options.webserver = mkOption { options.webserver = mkOption {
type = types.enum [ "caddy" "nginx" ]; type = types.enum [
"caddy"
"nginx"
];
default = "caddy"; default = "caddy";
example = "nginx"; example = "nginx";
description = '' description = ''
@ -265,57 +297,66 @@ in
''; '';
}; };
}; };
default = {}; default = { };
description = "InvoicePlane configuration."; description = "InvoicePlane configuration.";
}; };
}; };
# implementation # implementation
config = mkIf (eachSite != {}) (mkMerge [{ config = mkIf (eachSite != { }) (mkMerge [
{
assertions = flatten (mapAttrsToList (hostName: cfg: [ assertions = flatten (
{ assertion = cfg.database.createLocally -> cfg.database.user == user; mapAttrsToList (hostName: cfg: [
{
assertion = cfg.database.createLocally -> cfg.database.user == user;
message = ''services.invoiceplane.sites."${hostName}".database.user must be ${user} if the database is to be automatically provisioned''; message = ''services.invoiceplane.sites."${hostName}".database.user must be ${user} if the database is to be automatically provisioned'';
} }
{ assertion = cfg.database.createLocally -> cfg.database.passwordFile == null; {
assertion = cfg.database.createLocally -> cfg.database.passwordFile == null;
message = ''services.invoiceplane.sites."${hostName}".database.passwordFile cannot be specified if services.invoiceplane.sites."${hostName}".database.createLocally is set to true.''; message = ''services.invoiceplane.sites."${hostName}".database.passwordFile cannot be specified if services.invoiceplane.sites."${hostName}".database.createLocally is set to true.'';
} }
{ assertion = cfg.cron.enable -> cfg.cron.key != null; {
assertion = cfg.cron.enable -> cfg.cron.key != null;
message = ''services.invoiceplane.sites."${hostName}".cron.key must be set in order to use cron service.''; message = ''services.invoiceplane.sites."${hostName}".cron.key must be set in order to use cron service.'';
} }
]) eachSite); ]) eachSite
);
services.mysql = mkIf (any (v: v.database.createLocally) (attrValues eachSite)) { services.mysql = mkIf (any (v: v.database.createLocally) (attrValues eachSite)) {
enable = true; enable = true;
package = mkDefault pkgs.mariadb; package = mkDefault pkgs.mariadb;
ensureDatabases = mapAttrsToList (hostName: cfg: cfg.database.name) eachSite; ensureDatabases = mapAttrsToList (hostName: cfg: cfg.database.name) eachSite;
ensureUsers = mapAttrsToList (hostName: cfg: ensureUsers = mapAttrsToList (hostName: cfg: {
{ name = cfg.database.user; name = cfg.database.user;
ensurePermissions = { "${cfg.database.name}.*" = "ALL PRIVILEGES"; }; ensurePermissions = {
} "${cfg.database.name}.*" = "ALL PRIVILEGES";
) eachSite; };
}) eachSite;
}; };
services.phpfpm = { services.phpfpm = {
phpPackage = pkgs.php81; phpPackage = pkgs.php81;
pools = mapAttrs' (hostName: cfg: ( pools = mapAttrs' (
nameValuePair "invoiceplane-${hostName}" { hostName: cfg:
(nameValuePair "invoiceplane-${hostName}" {
inherit user; inherit user;
group = webserver.group; group = webserver.group;
settings = { settings = {
"listen.owner" = webserver.user; "listen.owner" = webserver.user;
"listen.group" = webserver.group; "listen.group" = webserver.group;
} // cfg.poolConfig; } // cfg.poolConfig;
} })
)) eachSite; ) eachSite;
}; };
} }
{ {
systemd.tmpfiles.rules = flatten (mapAttrsToList (hostName: cfg: [ systemd.tmpfiles.rules = flatten (
mapAttrsToList (hostName: cfg: [
"d ${cfg.stateDir} 0750 ${user} ${webserver.group} - -" "d ${cfg.stateDir} 0750 ${user} ${webserver.group} - -"
"f ${cfg.stateDir}/ipconfig.php 0750 ${user} ${webserver.group} - -" "f ${cfg.stateDir}/ipconfig.php 0750 ${user} ${webserver.group} - -"
"d ${cfg.stateDir}/logs 0750 ${user} ${webserver.group} - -" "d ${cfg.stateDir}/logs 0750 ${user} ${webserver.group} - -"
@ -325,18 +366,20 @@ in
"d ${cfg.stateDir}/uploads/temp 0750 ${user} ${webserver.group} - -" "d ${cfg.stateDir}/uploads/temp 0750 ${user} ${webserver.group} - -"
"d ${cfg.stateDir}/uploads/temp/mpdf 0750 ${user} ${webserver.group} - -" "d ${cfg.stateDir}/uploads/temp/mpdf 0750 ${user} ${webserver.group} - -"
"d ${cfg.stateDir}/tmp 0750 ${user} ${webserver.group} - -" "d ${cfg.stateDir}/tmp 0750 ${user} ${webserver.group} - -"
]) eachSite); ]) eachSite
);
systemd.services.invoiceplane-config = { systemd.services.invoiceplane-config = {
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";
script = concatStrings (mapAttrsToList (hostName: cfg: script = concatStrings (
'' mapAttrsToList (hostName: cfg: ''
mkdir -p ${cfg.stateDir}/logs \ mkdir -p ${cfg.stateDir}/logs \
${cfg.stateDir}/uploads ${cfg.stateDir}/uploads
if ! grep -q IP_URL "${cfg.stateDir}/ipconfig.php"; then if ! grep -q IP_URL "${cfg.stateDir}/ipconfig.php"; then
cp "${invoiceplane-config hostName cfg}" "${cfg.stateDir}/ipconfig.php" cp "${invoiceplane-config hostName cfg}" "${cfg.stateDir}/ipconfig.php"
fi fi
'') eachSite); '') eachSite
);
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
}; };
@ -350,50 +393,57 @@ in
# Cron service implementation # Cron service implementation
systemd.timers = mapAttrs' (hostName: cfg: ( systemd.timers = mapAttrs' (
nameValuePair "invoiceplane-cron-${hostName}" (mkIf cfg.cron.enable { hostName: cfg:
(nameValuePair "invoiceplane-cron-${hostName}" (
mkIf cfg.cron.enable {
wantedBy = [ "timers.target" ]; wantedBy = [ "timers.target" ];
timerConfig = { timerConfig = {
OnBootSec = "5m"; OnBootSec = "5m";
OnUnitActiveSec = "5m"; OnUnitActiveSec = "5m";
Unit = "invoiceplane-cron-${hostName}.service"; Unit = "invoiceplane-cron-${hostName}.service";
}; };
}) }
)) eachSite; ))
) eachSite;
systemd.services = systemd.services = mapAttrs' (
mapAttrs' (hostName: cfg: ( hostName: cfg:
nameValuePair "invoiceplane-cron-${hostName}" (mkIf cfg.cron.enable { (nameValuePair "invoiceplane-cron-${hostName}" (
mkIf cfg.cron.enable {
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
User = user; User = user;
ExecStart = "${pkgs.curl}/bin/curl --header 'Host: ${hostName}' http://localhost/invoices/cron/recur/${cfg.cron.key}"; ExecStart = "${pkgs.curl}/bin/curl --header 'Host: ${hostName}' http://localhost/invoices/cron/recur/${cfg.cron.key}";
}; };
}) }
)) eachSite; ))
) eachSite;
} }
(mkIf (cfg.webserver == "caddy") { (mkIf (cfg.webserver == "caddy") {
services.caddy = { services.caddy = {
enable = true; enable = true;
virtualHosts = mapAttrs' (hostName: cfg: ( virtualHosts = mapAttrs' (
nameValuePair "http://${hostName}" { hostName: cfg:
(nameValuePair "http://${hostName}" {
extraConfig = '' extraConfig = ''
root * ${pkg hostName cfg} root * ${pkg hostName cfg}
file_server file_server
php_fastcgi unix/${config.services.phpfpm.pools."invoiceplane-${hostName}".socket} php_fastcgi unix/${config.services.phpfpm.pools."invoiceplane-${hostName}".socket}
''; '';
} })
)) eachSite; ) eachSite;
}; };
}) })
(mkIf (cfg.webserver == "nginx") { (mkIf (cfg.webserver == "nginx") {
services.nginx = { services.nginx = {
enable = true; enable = true;
virtualHosts = mapAttrs' (hostName: cfg: ( virtualHosts = mapAttrs' (
nameValuePair hostName { hostName: cfg:
(nameValuePair hostName {
root = pkg hostName cfg; root = pkg hostName cfg;
extraConfig = '' extraConfig = ''
index index.php index.html index.htm; index index.php index.html index.htm;
@ -422,8 +472,8 @@ in
''; '';
}; };
}; };
} })
)) eachSite; ) eachSite;
}; };
}) })

View file

@ -6,7 +6,8 @@
}: }:
let let
psCfg = config.pub-solar; psCfg = config.pub-solar;
in { in
{
home-manager.users."${psCfg.user.name}" = { home-manager.users."${psCfg.user.name}" = {
systemd.user.services.nextcloud-client = import ./nextcloud.service.nix pkgs; systemd.user.services.nextcloud-client = import ./nextcloud.service.nix pkgs;
}; };

View file

@ -1,11 +1,11 @@
pkgs: { pkgs: {
Unit = { Unit = {
Description = "Nextcloud Client"; Description = "Nextcloud Client";
BindsTo = ["sway-session.target"]; BindsTo = [ "sway-session.target" ];
Wants = ["graphical-session-pre.target"]; Wants = [ "graphical-session-pre.target" ];
After = ["graphical-session-pre.target"]; After = [ "graphical-session-pre.target" ];
# ConditionEnvironment requires systemd v247 to work correctly # ConditionEnvironment requires systemd v247 to work correctly
ConditionEnvironment = ["WAYLAND_DISPLAY"]; ConditionEnvironment = [ "WAYLAND_DISPLAY" ];
}; };
Service = { Service = {
Type = "simple"; Type = "simple";
@ -15,6 +15,6 @@ pkgs: {
Restart = "on-failure"; Restart = "on-failure";
}; };
Install = { Install = {
WantedBy = ["sway-session.target"]; WantedBy = [ "sway-session.target" ];
}; };
} }

View file

@ -4,8 +4,11 @@
lib, lib,
flake, flake,
... ...
}: { }:
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ {
nixpkgs.config.allowUnfreePredicate =
pkg:
builtins.elem (lib.getName pkg) [
"1password" "1password"
"1password-cli" "1password-cli"
"brscan5" "brscan5"
@ -19,7 +22,7 @@
]; ];
system.activationScripts.diff-closures = { system.activationScripts.diff-closures = {
text ='' text = ''
if [[ -e /run/current-system ]]; then if [[ -e /run/current-system ]]; then
${config.nix.package}/bin/nix store diff-closures \ ${config.nix.package}/bin/nix store diff-closures \
/run/current-system "$systemConfig" \ /run/current-system "$systemConfig" \
@ -42,24 +45,22 @@
system.flake = flake.self; system.flake = flake.self;
}; };
settings = { settings = {
# Improve nix store disk usage # Improve nix store disk usage
auto-optimise-store = true; auto-optimise-store = true;
# Prevents impurities in builds # Prevents impurities in builds
sandbox = true; sandbox = true;
# Give root and @wheel special privileges with nix # Give root and @wheel special privileges with nix
trusted-users = ["root" "@wheel"]; trusted-users = [
"root"
"@wheel"
];
# Allow only group wheel to connect to the nix daemon # Allow only group wheel to connect to the nix daemon
allowed-users = ["@wheel"]; allowed-users = [ "@wheel" ];
substituters = [ substituters = [ "https://pub-solar.cachix.org/" ];
"https://pub-solar.cachix.org/"
];
trusted-public-keys = [ trusted-public-keys = [ "pub-solar.cachix.org-1:ZicXIxKgdxMtgSJECWR8iihZxHRvu8ObL4n2cuBmtos=" ];
"pub-solar.cachix.org-1:ZicXIxKgdxMtgSJECWR8iihZxHRvu8ObL4n2cuBmtos="
];
}; };
# Generally useful nix option defaults # Generally useful nix option defaults

View file

@ -6,7 +6,8 @@
}: }:
let let
psCfg = config.pub-solar; psCfg = config.pub-solar;
in { in
{
programs.evince.enable = true; programs.evince.enable = true;
users.users."${psCfg.user.name}".packages = with pkgs; [ users.users."${psCfg.user.name}".packages = with pkgs; [

View file

@ -7,7 +7,8 @@
}: }:
let let
psCfg = config.pub-solar; psCfg = config.pub-solar;
in { in
{
services.avahi.enable = true; services.avahi.enable = true;
services.avahi.ipv6 = true; services.avahi.ipv6 = true;
services.avahi.nssmdns4 = true; services.avahi.nssmdns4 = true;
@ -16,7 +17,7 @@ in {
services.printing.enable = true; services.printing.enable = true;
services.printing.browsing = true; services.printing.browsing = true;
services.printing.listenAddresses = ["localhost:631"]; services.printing.listenAddresses = [ "localhost:631" ];
services.printing.defaultShared = lib.mkDefault false; services.printing.defaultShared = lib.mkDefault false;
services.printing.drivers = [ services.printing.drivers = [
@ -30,10 +31,13 @@ in {
}; };
users.users."${psCfg.user.name}" = { users.users."${psCfg.user.name}" = {
extraGroups = ["lp" "scanner"]; extraGroups = [
"lp"
"scanner"
];
}; };
networking.hosts = flake.self.lib.addLocalHostname ["cups.local"]; networking.hosts = flake.self.lib.addLocalHostname [ "cups.local" ];
# Allow port 8612, used by sane-pixma(5) for scanner detection # Allow port 8612, used by sane-pixma(5) for scanner detection
networking.firewall.allowedTCPPorts = [ 8612 ]; networking.firewall.allowedTCPPorts = [ 8612 ];

View file

@ -3,19 +3,28 @@
flake, flake,
pkgs, pkgs,
... ...
}: let }:
let
psCfg = config.pub-solar; psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg; xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in { in
{
enable = true; enable = true;
historyControl = ["ignoredups" "ignorespace"]; historyControl = [
"ignoredups"
"ignorespace"
];
historyFileSize = 300000; historyFileSize = 300000;
# Run when initializing a login shell # Run when initializing a login shell
profileExtra = if config.programs.sway.enable then '' profileExtra =
if config.programs.sway.enable then
''
[ "$(tty)" = "/dev/tty1" ] && exec systemd-cat --identifier=sway ${pkgs.sway}/bin/sway [ "$(tty)" = "/dev/tty1" ] && exec systemd-cat --identifier=sway ${pkgs.sway}/bin/sway
'' else ""; ''
else
"";
# Run when initializing an interactive shell # Run when initializing an interactive shell
initExtra = '' initExtra = ''

View file

@ -8,7 +8,8 @@
let let
psCfg = config.pub-solar; psCfg = config.pub-solar;
cfg = config.pub-solar.terminal-life; cfg = config.pub-solar.terminal-life;
in { in
{
options.pub-solar.terminal-life = { options.pub-solar.terminal-life = {
full = lib.mkOption { full = lib.mkOption {
description = '' description = ''
@ -26,7 +27,9 @@ in {
# until https://github.com/nix-community/nix-index/pull/227 is merged # until https://github.com/nix-community/nix-index/pull/227 is merged
programs.nix-index.enableBashIntegration = false; programs.nix-index.enableBashIntegration = false;
users.users."${psCfg.user.name}".packages = with pkgs; [ users.users."${psCfg.user.name}".packages =
with pkgs;
[
asciinema asciinema
bat bat
blesh blesh
@ -35,17 +38,16 @@ in {
fd fd
jump jump
(nnn.overrideAttrs (o: { (nnn.overrideAttrs (o: {
patches = patches = (o.patches or [ ]) ++ [ ./nnn/0001-feat-use-wasd-keybindings-for-jkli.patch ];
(o.patches or [])
++ [
./nnn/0001-feat-use-wasd-keybindings-for-jkli.patch
];
})) }))
powerline powerline
ripgrep ripgrep
screen screen
watson watson
] ++ (if cfg.full then [ ]
++ (
if cfg.full then
[
binutils binutils
jq jq
@ -58,7 +60,10 @@ in {
nixpkgs-review nixpkgs-review
nix-update nix-update
nix-search-cli nix-search-cli
] else []); ]
else
[ ]
);
# Get completion for system packages # Get completion for system packages
# https://nix-community.github.io/home-manager/options.xhtml#opt-programs.bash.enableCompletion # https://nix-community.github.io/home-manager/options.xhtml#opt-programs.bash.enableCompletion
@ -111,7 +116,7 @@ in {
xdg.dataFile."nvim/json-schemas/caddy_schema.json".source = .local/share/nvim/json-schemas/caddy_schema.json; xdg.dataFile."nvim/json-schemas/caddy_schema.json".source = .local/share/nvim/json-schemas/caddy_schema.json;
xdg.dataFile."nvim/templates/.keep".text = ""; xdg.dataFile."nvim/templates/.keep".text = "";
programs.git = import ./git {}; programs.git = import ./git { };
xdg.configFile."git/config".text = import ./.config/git/config.nix { xdg.configFile."git/config".text = import ./.config/git/config.nix {
inherit config; inherit config;
inherit pkgs; inherit pkgs;
@ -125,7 +130,7 @@ in {
inherit pkgs; inherit pkgs;
}; };
programs.direnv = import ./direnv {}; programs.direnv = import ./direnv { };
}; };
}; };
} }

View file

@ -1,8 +1,5 @@
{ config, pkgs, ... }:
{ {
config,
pkgs,
...
}: {
enable = true; enable = true;
defaultCommand = "fd --hidden --type f --exclude .git"; defaultCommand = "fd --hidden --type f --exclude .git";
defaultOptions = [ defaultOptions = [

View file

@ -3,11 +3,13 @@
pkgs, pkgs,
lib, lib,
... ...
}: let }:
let
psCfg = config.pub-solar; psCfg = config.pub-solar;
cfg = config.pub-solar.terminal-life; cfg = config.pub-solar.terminal-life;
xdg = config.home-manager.users."${psCfg.user.name}".xdg; xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in { in
{
enable = true; enable = true;
viAlias = true; viAlias = true;
@ -25,7 +27,7 @@ in {
# ansible-language-server # ansible-language-server
# clang-tools # clang-tools
# gopls # gopls
# nodePackages.bash-language-server nodePackages.bash-language-server
# nodePackages.svelte-language-server # nodePackages.svelte-language-server
# nodePackages.typescript # nodePackages.typescript
# nodePackages.typescript-language-server # nodePackages.typescript-language-server
@ -35,18 +37,18 @@ in {
# lua-language-server # lua-language-server
# cmake-language-server # cmake-language-server
# vim-language-server # vim-language-server
# yaml-language-server yaml-language-server
# python3Packages.python-lsp-server nodePackages.dockerfile-language-server-nodejs
# nodePackages.dockerfile-language-server-nodejs docker-compose-language-service
# docker-compose-language-service
# rust-analyzer # rust-analyzer
# cargo # cargo
# solargraph # solargraph
# terraform-ls # terraform-ls
# python3Full
]; ];
plugins = with pkgs.vimPlugins; [ plugins =
with pkgs.vimPlugins;
[
# The status bar in the bottom of the screen with the mode indication and file location # The status bar in the bottom of the screen with the mode indication and file location
vim-airline vim-airline
@ -99,7 +101,10 @@ in {
# Work with tags files # Work with tags files
vim-gutentags vim-gutentags
] ++ (if cfg.full then [ ]
++ (
if cfg.full then
[
nvim-treesitter.withAllGrammars nvim-treesitter.withAllGrammars
# Dependencies for nvim-lspconfig # Dependencies for nvim-lspconfig
@ -120,9 +125,13 @@ in {
# JSON schemas # JSON schemas
SchemaStore-nvim SchemaStore-nvim
] else []); ]
else
[ ]
);
extraConfig = builtins.concatStringsSep "\n" ([ extraConfig = builtins.concatStringsSep "\n" (
[
'' ''
" Persistent undo " Persistent undo
set undofile set undofile
@ -136,8 +145,15 @@ in {
(builtins.readFile ./clipboard.vim) (builtins.readFile ./clipboard.vim)
(builtins.readFile ./ui.vim) (builtins.readFile ./ui.vim)
(builtins.readFile ./lastplace.lua) (builtins.readFile ./lastplace.lua)
] ++ (if cfg.full then [ ]
++ (
if cfg.full then
[
(builtins.readFile ./lsp.vim) (builtins.readFile ./lsp.vim)
(builtins.readFile ./cmp.vim) (builtins.readFile ./cmp.vim)
] else [])); ]
else
[ ]
)
);
} }

View file

@ -3,14 +3,13 @@
pkgs, pkgs,
lib, lib,
... ...
}: let }:
let
psCfg = config.pub-solar; psCfg = config.pub-solar;
inherit (lib) mkIf mkOption types; inherit (lib) mkIf mkOption types;
in in
{ {
imports = [ imports = [ ./home.nix ];
./home.nix
];
options.pub-solar = { options.pub-solar = {
user = { user = {
@ -37,7 +36,7 @@ in
publicKeys = mkOption { publicKeys = mkOption {
description = "User SSH public keys"; description = "User SSH public keys";
type = types.listOf types.str; type = types.listOf types.str;
default = []; default = [ ];
}; };
fullName = mkOption { fullName = mkOption {
description = "User full name"; description = "User full name";
@ -74,24 +73,18 @@ in
"wheel" "wheel"
]; ];
shell = pkgs.bash; shell = pkgs.bash;
initialHashedPassword = initialHashedPassword = if psCfg.user.password != null then psCfg.user.password else "";
if psCfg.user.password != null openssh.authorizedKeys.keys = if psCfg.user.publicKeys != null then psCfg.user.publicKeys else [ ];
then psCfg.user.password
else "";
openssh.authorizedKeys.keys =
if psCfg.user.publicKeys != null
then psCfg.user.publicKeys
else [];
}; };
}; };
security.sudo.extraRules = mkIf psCfg.user.passwordlessSudo [ security.sudo.extraRules = mkIf psCfg.user.passwordlessSudo [
{ {
users = ["${psCfg.user.name}"]; users = [ "${psCfg.user.name}" ];
commands = [ commands = [
{ {
command = "ALL"; command = "ALL";
options = ["NOPASSWD"]; options = [ "NOPASSWD" ];
} }
]; ];
} }

View file

@ -7,10 +7,9 @@
let let
psCfg = config.pub-solar; psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg; xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in { in
imports = [ {
./session-variables.nix imports = [ ./session-variables.nix ];
];
home-manager.users."${psCfg.user.name}" = { home-manager.users."${psCfg.user.name}" = {
# Let Home Manager install and manage itself. # Let Home Manager install and manage itself.

View file

@ -1,27 +1,27 @@
{ {
enable = true; enable = true;
defaultApplications = { defaultApplications = {
"application/octet-stream" = ["firefox.desktop"]; "application/octet-stream" = [ "firefox.desktop" ];
"application/pdf" = ["org.gnome.Evince.desktop"]; "application/pdf" = [ "org.gnome.Evince.desktop" ];
"application/x-bittorrent" = ["deluge.desktop"]; "application/x-bittorrent" = [ "deluge.desktop" ];
"application/x-extension-htm" = ["firefox.desktop"]; "application/x-extension-htm" = [ "firefox.desktop" ];
"application/x-extension-html" = ["firefox.desktop"]; "application/x-extension-html" = [ "firefox.desktop" ];
"application/x-extension-shtml" = ["firefox.desktop"]; "application/x-extension-shtml" = [ "firefox.desktop" ];
"application/x-extension-xhtml" = ["firefox.desktop"]; "application/x-extension-xhtml" = [ "firefox.desktop" ];
"application/x-extension-xht" = ["firefox.desktop"]; "application/x-extension-xht" = [ "firefox.desktop" ];
"application/xhtml+xml" = ["firefox.desktop"]; "application/xhtml+xml" = [ "firefox.desktop" ];
"image/jpeg" = ["org.gnome.eog.desktop"]; "image/jpeg" = [ "org.gnome.eog.desktop" ];
"image/png" = ["org.gnome.eog.desktop"]; "image/png" = [ "org.gnome.eog.desktop" ];
"message/rfc822" = ["userapp-Thunderbird.desktop"]; "message/rfc822" = [ "userapp-Thunderbird.desktop" ];
"text/html" = ["firefox.desktop"]; "text/html" = [ "firefox.desktop" ];
"text/plain" = ["firefox.desktop"]; "text/plain" = [ "firefox.desktop" ];
"video/mp4" = ["vlc.desktop"]; "video/mp4" = [ "vlc.desktop" ];
"x-scheme-handler/chrome" = ["firefox.desktop"]; "x-scheme-handler/chrome" = [ "firefox.desktop" ];
"x-scheme-handler/ftp" = ["firefox.desktop"]; "x-scheme-handler/ftp" = [ "firefox.desktop" ];
"x-scheme-handler/http" = ["firefox.desktop"]; "x-scheme-handler/http" = [ "firefox.desktop" ];
"x-scheme-handler/https" = ["firefox.desktop"]; "x-scheme-handler/https" = [ "firefox.desktop" ];
"x-scheme-handler/mailto" = ["userapp-Thunderbird.desktop"]; "x-scheme-handler/mailto" = [ "userapp-Thunderbird.desktop" ];
"x-scheme-handler/msteams" = ["teams.desktop"]; "x-scheme-handler/msteams" = [ "teams.desktop" ];
"x-scheme-handler/tg" = ["userapp-Telegram Desktop-JBKFU0.desktop"]; "x-scheme-handler/tg" = [ "userapp-Telegram Desktop-JBKFU0.desktop" ];
}; };
} }

View file

@ -3,7 +3,8 @@
pkgs, pkgs,
lib, lib,
... ...
}: let }:
let
psCfg = config.pub-solar; psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg; xdg = config.home-manager.users."${psCfg.user.name}".xdg;
variables = { variables = {
@ -84,7 +85,8 @@
FZF_DEFAULT_OPTS = lib.mkForce "--color=bg+:#2d2a2e,bg:#1a181a,spinner:#ef9062,hl:#7accd7 --color=fg:#d3d1d4,header:#7accd7,info:#e5c463,pointer:#ef9062 --color=marker:#ef9062,fg+:#d3d1d4,prompt:#e5c463,hl+:#7accd7"; FZF_DEFAULT_OPTS = lib.mkForce "--color=bg+:#2d2a2e,bg:#1a181a,spinner:#ef9062,hl:#7accd7 --color=fg:#d3d1d4,header:#7accd7,info:#e5c463,pointer:#ef9062 --color=marker:#ef9062,fg+:#d3d1d4,prompt:#e5c463,hl+:#7accd7";
# nnn theme colors # nnn theme colors
NNN_FCOLORS = let NNN_FCOLORS =
let
BLK = "04"; BLK = "04";
CHR = "04"; CHR = "04";
DIR = "04"; DIR = "04";
@ -100,7 +102,8 @@
in in
BLK + CHR + DIR + EXE + REG + HARDLINK + SYMLINK + MISSING + ORPHAN + FIFO + SOCK + OTHER; BLK + CHR + DIR + EXE + REG + HARDLINK + SYMLINK + MISSING + ORPHAN + FIFO + SOCK + OTHER;
}; };
in { in
{
environment.variables = variables; environment.variables = variables;
home-manager.users."${psCfg.user.name}" = { home-manager.users."${psCfg.user.name}" = {

View file

@ -6,7 +6,8 @@
}: }:
let let
psCfg = config.pub-solar; psCfg = config.pub-solar;
in { in
{
boot.kernelParams = [ boot.kernelParams = [
"amd_iommu=on" "amd_iommu=on"
"intel_iommu=on" "intel_iommu=on"
@ -18,7 +19,7 @@ in {
qemu.ovmf.enable = true; qemu.ovmf.enable = true;
}; };
users.users."${psCfg.user.name}" = { users.users."${psCfg.user.name}" = {
extraGroups = ["libvirtd"]; extraGroups = [ "libvirtd" ];
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
@ -37,12 +38,10 @@ in {
home-manager.users."${psCfg.user.name}" = { home-manager.users."${psCfg.user.name}" = {
xdg.dataFile."libvirt/.keep".text = "# this file is here to generate the directory"; xdg.dataFile."libvirt/.keep".text = "# this file is here to generate the directory";
home.packages = [pkgs.obs-studio-plugins.looking-glass-obs]; home.packages = [ pkgs.obs-studio-plugins.looking-glass-obs ];
}; };
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [ "f /dev/shm/looking-glass 0660 ${psCfg.user.name} kvm" ];
"f /dev/shm/looking-glass 0660 ${psCfg.user.name} kvm"
];
#networking.bridges.virbr1.interfaces = []; #networking.bridges.virbr1.interfaces = [];
#networking.interfaces.virbr1 = { #networking.interfaces.virbr1 = {
# ipv4.addresses = [ # ipv4.addresses = [

View file

@ -8,7 +8,8 @@ let
psCfg = config.pub-solar; psCfg = config.pub-solar;
cfg = config.pub-solar.wireguard-client; cfg = config.pub-solar.wireguard-client;
inherit (lib) mkOption types; inherit (lib) mkOption types;
in { in
{
options.pub-solar.wireguard-client = { options.pub-solar.wireguard-client = {
ownIPs = mkOption { ownIPs = mkOption {
description = '' description = ''
@ -26,7 +27,7 @@ in {
}; };
config = { config = {
networking.firewall.allowedUDPPorts = [51899]; networking.firewall.allowedUDPPorts = [ 51899 ];
networking.wg-quick.interfaces = { networking.wg-quick.interfaces = {
wg0 = { wg0 = {

View file

@ -3,18 +3,14 @@ final: prev: {
inherit (prev.sources.blesh-nvfetcher) version src; inherit (prev.sources.blesh-nvfetcher) version src;
dontBuild = false; dontBuild = false;
buildInputs = [ buildInputs = [ prev.gitMinimal ];
prev.gitMinimal
];
patchPhase = '' patchPhase = ''
substituteInPlace GNUmakefile \ substituteInPlace GNUmakefile \
--replace "git submodule update --init --recursive" "" --replace "git submodule update --init --recursive" ""
''; '';
installFlags = [ installFlags = [ "PREFIX=$(out)" ];
"PREFIX=$(out)"
];
installPhase = '' installPhase = ''
source $stdenv/setup source $stdenv/setup

View file

@ -3,16 +3,22 @@
lib, lib,
inputs, inputs,
... ...
}: { }:
{
flake = { flake = {
nixosModules = rec { nixosModules = rec {
overlays = ({ ... }: { overlays = (
{ ... }:
{
nixpkgs.overlays = [ nixpkgs.overlays = [
(final: prev: (
final: prev:
let let
unstable = import inputs.unstable { unstable = import inputs.unstable {
system = prev.system; system = prev.system;
config.allowUnfreePredicate = pkg: builtins.elem (prev.lib.getName pkg) [ config.allowUnfreePredicate =
pkg:
builtins.elem (prev.lib.getName pkg) [
"1password" "1password"
"1password-cli" "1password-cli"
"slack" "slack"
@ -23,7 +29,8 @@
neovim-unwrapped = unstable.neovim-unwrapped; neovim-unwrapped = unstable.neovim-unwrapped;
vimPlugins = unstable.vimPlugins; vimPlugins = unstable.vimPlugins;
#vimPlugins = prev.vimPlugins // {inherit (unstable.vimPlugins) nvim-lspconfig;}; #vimPlugins = prev.vimPlugins // {inherit (unstable.vimPlugins) nvim-lspconfig;};
}) }
)
(import ../pkgs) (import ../pkgs)
(import ./blesh.nix) (import ./blesh.nix)
(import ./mdbook-multilang.nix inputs) (import ./mdbook-multilang.nix inputs)
@ -31,7 +38,8 @@
(import ./prr.nix) (import ./prr.nix)
(import ./neovim-plugins.nix) (import ./neovim-plugins.nix)
]; ];
}); }
);
}; };
}; };
} }

View file

@ -11,10 +11,12 @@ inputs: final: prev: {
sha256 = "sha256-gJnQKHssO2ChiT4d037Lncd7hiOa5uh756p8TzPzbgQ="; sha256 = "sha256-gJnQKHssO2ChiT4d037Lncd7hiOa5uh756p8TzPzbgQ=";
}; };
cargoDeps = oldAttrs.cargoDeps.overrideAttrs (prev.lib.const { cargoDeps = oldAttrs.cargoDeps.overrideAttrs (
prev.lib.const {
name = "${pname}-vendor.tar.gz"; name = "${pname}-vendor.tar.gz";
inherit src; inherit src;
outputHash = "sha256-QCEyl5FZqECYYb5eRm8mn+R6owt+CLQwCq/AMMPygE0="; outputHash = "sha256-QCEyl5FZqECYYb5eRm8mn+R6owt+CLQwCq/AMMPygE0=";
}); }
);
}); });
} }

View file

@ -1,7 +1,5 @@
final: prev: { final: prev: {
vimPlugins = vimPlugins = prev.vimPlugins // {
prev.vimPlugins
// {
instant-nvim-nvfetcher = prev.vimUtils.buildVimPlugin { instant-nvim-nvfetcher = prev.vimUtils.buildVimPlugin {
inherit (prev.sources.instant-nvim-nvfetcher) pname version src; inherit (prev.sources.instant-nvim-nvfetcher) pname version src;
}; };

View file

@ -9,11 +9,13 @@ final: prev: {
}; };
version = "unstable-2024-06-12"; version = "unstable-2024-06-12";
cargoDeps = oldAttrs.cargoDeps.overrideAttrs (prev.lib.const { cargoDeps = oldAttrs.cargoDeps.overrideAttrs (
prev.lib.const {
name = "${pname}-vendor.tar.gz"; name = "${pname}-vendor.tar.gz";
inherit src; inherit src;
outputHash = "sha256-pZCGeZK5AJrxcrqXC5NZhGDda+90rRdWXy00CYD8SYY="; outputHash = "sha256-pZCGeZK5AJrxcrqXC5NZhGDda+90rRdWXy00CYD8SYY=";
}); }
);
postInstall = '' postInstall = ''
substituteInPlace etc/command-not-found.* \ substituteInPlace etc/command-not-found.* \

View file

@ -23,8 +23,8 @@ final: prev: {
meta = with prev.lib; { meta = with prev.lib; {
homepage = "https://github.com/TritonDataCenter/prr"; homepage = "https://github.com/TritonDataCenter/prr";
description = "Tooling to assist with GitHub pull requests"; description = "Tooling to assist with GitHub pull requests";
platforms = ["x86_64-linux"]; platforms = [ "x86_64-linux" ];
maintainers = with maintainers; [teutat3s]; maintainers = with maintainers; [ teutat3s ];
}; };
}; };
} }

View file

@ -1,6 +1,6 @@
self: self:
with self; with self;
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "cockroachdb"; pname = "cockroachdb";
version = "22.2.7"; version = "22.2.7";
@ -8,8 +8,8 @@ with self;
url = "https://binaries.cockroachdb.com/cockroach-v${version}.linux-amd64.tgz"; url = "https://binaries.cockroachdb.com/cockroach-v${version}.linux-amd64.tgz";
sha256 = "sha256-do426BaZdPqXcc/aQnRAgVTBCJ/OiNbSuCpwVTM2m0I="; sha256 = "sha256-do426BaZdPqXcc/aQnRAgVTBCJ/OiNbSuCpwVTM2m0I=";
}; };
buildInputs = [stdenv.cc.cc]; buildInputs = [ stdenv.cc.cc ];
nativeBuildInputs = [autoPatchelfHook]; nativeBuildInputs = [ autoPatchelfHook ];
installPhase = '' installPhase = ''
install -D -m755 cockroach $out/bin/cockroach install -D -m755 cockroach $out/bin/cockroach
@ -18,7 +18,7 @@ with self;
meta = { meta = {
homepage = "https://www.cockroachlabs.com"; homepage = "https://www.cockroachlabs.com";
description = "A scalable, survivable, strongly-consistent SQL database"; description = "A scalable, survivable, strongly-consistent SQL database";
platforms = ["x86_64-linux"]; platforms = [ "x86_64-linux" ];
maintainers = [ lib.maintainers.mic92 ]; maintainers = [ lib.maintainers.mic92 ];
}; };
} }

View file

@ -1,10 +1,11 @@
final: prev: final: prev: with prev; {
with prev; {
# keep sources this first # keep sources this first
sources = callPackage (import ./_sources/generated.nix) {}; sources = callPackage (import ./_sources/generated.nix) { };
# then, call packages with `final.callPackage` # then, call packages with `final.callPackage`
gpu-switch = writeShellScriptBin "gpu-switch" (import ./gpu-switch.nix final); gpu-switch = writeShellScriptBin "gpu-switch" (import ./gpu-switch.nix final);
import-gtk-settings = writeShellScriptBin "import-gtk-settings" (import ./import-gtk-settings.nix final); import-gtk-settings = writeShellScriptBin "import-gtk-settings" (
import ./import-gtk-settings.nix final
);
lgcl = writeShellScriptBin "lgcl" (import ./lgcl.nix final); lgcl = writeShellScriptBin "lgcl" (import ./lgcl.nix final);
mailto-mutt = writeShellScriptBin "mailto-mutt" (import ./mailto-mutt.nix final); mailto-mutt = writeShellScriptBin "mailto-mutt" (import ./mailto-mutt.nix final);
mopidy-jellyfin = import ./mopidy-jellyfin.nix final; mopidy-jellyfin = import ./mopidy-jellyfin.nix final;
@ -18,7 +19,9 @@ with prev; {
swaylock-bg = writeShellScriptBin "swaylock-bg" (import ./swaylock-bg.nix final); swaylock-bg = writeShellScriptBin "swaylock-bg" (import ./swaylock-bg.nix final);
toggle-kbd-layout = writeShellScriptBin "toggle-kbd-layout" (import ./toggle-kbd-layout.nix final); toggle-kbd-layout = writeShellScriptBin "toggle-kbd-layout" (import ./toggle-kbd-layout.nix final);
wcwd = writeShellScriptBin "wcwd" (import ./wcwd.nix final); wcwd = writeShellScriptBin "wcwd" (import ./wcwd.nix final);
drone-docker-runner = writeShellScriptBin "drone-docker-runner" (import ./drone-docker-runner.nix final); drone-docker-runner = writeShellScriptBin "drone-docker-runner" (
import ./drone-docker-runner.nix final
);
record-screen = writeShellScriptBin "record-screen" (import ./record-screen.nix final); record-screen = writeShellScriptBin "record-screen" (import ./record-screen.nix final);
cockroach-bin = import ./cockroach.nix final; cockroach-bin = import ./cockroach.nix final;
prison-break = import ./prison-break.nix final; prison-break = import ./prison-break.nix final;

View file

@ -1,5 +1,4 @@
self: self: with self; ''
with self; ''
case $1 in case $1 in
start) start)
${self.docker}/bin/docker run --detach \ ${self.docker}/bin/docker run --detach \

View file

@ -1,5 +1,4 @@
self: self: with self; ''
with self; ''
# Copyright (c) 2014-2015 Bruno Bierbaumer, Andreas Heider # Copyright (c) 2014-2015 Bruno Bierbaumer, Andreas Heider
readonly sysfs_efi_vars='/sys/firmware/efi/efivars' readonly sysfs_efi_vars='/sys/firmware/efi/efivars'

View file

@ -1,5 +1,4 @@
self: self: with self; ''
with self; ''
# usage: import-gsettings <gsettings key>:<settings.ini key> <gsettings key>:<settings.ini key> ... # usage: import-gsettings <gsettings key>:<settings.ini key> <gsettings key>:<settings.ini key> ...
expression="" expression=""

View file

@ -1,8 +1,13 @@
self: self:
with self; let with self;
let
looking-glass-client = self.looking-glass-client.overrideAttrs (old: { looking-glass-client = self.looking-glass-client.overrideAttrs (old: {
meta.platforms = ["x86_64-linux" "aarch64-linux"]; meta.platforms = [
"x86_64-linux"
"aarch64-linux"
];
}); });
in '' in
''
${looking-glass-client}/bin/looking-glass-client -f /dev/shm/looking-glass input:ignoreWindowsKeys=yes input:grabKeyboardOnFocus=no ${looking-glass-client}/bin/looking-glass-client -f /dev/shm/looking-glass input:ignoreWindowsKeys=yes input:grabKeyboardOnFocus=no
'' ''

View file

@ -1,5 +1,4 @@
self: self: with self; ''
with self; ''
mkdir -p $XDG_CACHE_HOME/log mkdir -p $XDG_CACHE_HOME/log
LOGFILE=$XDG_CACHE_HOME/log/mailto.log LOGFILE=$XDG_CACHE_HOME/log/mailto.log

View file

@ -1,5 +1,6 @@
self: self:
with self; let with self;
let
websocket-client = python3.pkgs.buildPythonPackage rec { websocket-client = python3.pkgs.buildPythonPackage rec {
pname = "websocket-client"; pname = "websocket-client";
version = "1.2.1"; version = "1.2.1";
@ -10,7 +11,7 @@ with self; let
}; };
}; };
in in
python3.pkgs.buildPythonPackage rec { python3.pkgs.buildPythonPackage rec {
pname = "Mopidy-Jellyfin"; pname = "Mopidy-Jellyfin";
version = "1.0.2"; version = "1.0.2";
doCheck = false; doCheck = false;
@ -26,4 +27,4 @@ in
inherit pname version; inherit pname version;
sha256 = "sha256-5XimIIQSpvNyQbSOFtSTkA0jhA0V68BbyQEQNnov+0g="; sha256 = "sha256-5XimIIQSpvNyQbSOFtSTkA0jhA0V68BbyQEQNnov+0g=";
}; };
} }

View file

@ -1,4 +1,3 @@
self: self: with self; ''
with self; ''
exec ${alacritty}/bin/alacritty --class mu_vimpc --option dimensions.columns=120 --option dimensions.lines=80 -e vimpc -- "$@" exec ${alacritty}/bin/alacritty --class mu_vimpc --option dimensions.columns=120 --option dimensions.lines=80 -e vimpc -- "$@"
'' ''

View file

@ -1,5 +1,4 @@
self: self: with self; ''
with self; ''
# #
# ack recursively through notes # ack recursively through notes
# #

View file

@ -27,15 +27,13 @@ python3.pkgs.buildPythonPackage {
rev = "15079bb094d37eeba92e17abfb98523076c5800c"; rev = "15079bb094d37eeba92e17abfb98523076c5800c";
sha256 = "sha256-MDzAmeJ6wsTm5+unIsYAZmErVN4sEAfih3YwbXkVIPg="; sha256 = "sha256-MDzAmeJ6wsTm5+unIsYAZmErVN4sEAfih3YwbXkVIPg=";
}; };
propagatedBuildInputs = with python3.pkgs;[ propagatedBuildInputs = with python3.pkgs; [
docopt docopt
requests requests
beautifulsoup4 beautifulsoup4
notify2 notify2
straight-plugin straight-plugin
]; ];
patches = [ patches = [ ./prison-break-url.patch ];
./prison-break-url.patch
];
checkInputs = [ python3.pkgs.black ]; checkInputs = [ python3.pkgs.black ];
} }

View file

@ -1,6 +1,6 @@
self: self:
with self; with self;
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "psos-docs"; pname = "psos-docs";
version = "0.0.1"; version = "0.0.1";
buildInputs = [ buildInputs = [
@ -10,7 +10,10 @@ with self;
src = ../docs/..; # wut src = ../docs/..; # wut
phases = ["buildPhase" "installPhase"]; phases = [
"buildPhase"
"installPhase"
];
buildPhase = '' buildPhase = ''
cp -r $src/doc ./doc cp -r $src/doc ./doc
@ -24,4 +27,4 @@ with self;
mkdir -p $out/lib/ mkdir -p $out/lib/
cp -r doc/book $out/lib/html cp -r doc/book $out/lib/html
''; '';
} }

View file

@ -1,5 +1,4 @@
self: self: with self; ''
with self; ''
case $1 in case $1 in
rebuild) rebuild)
shift; shift;

View file

@ -1,5 +1,4 @@
self: self: with self; ''
with self; ''
mkdir -p "$HOME/Videos/Screenrecordings" mkdir -p "$HOME/Videos/Screenrecordings"
GEOMETRY="$(slurp -d -b \#ffffff11)" GEOMETRY="$(slurp -d -b \#ffffff11)"
RESOLUTION="$(echo $GEOMETRY | awk '{print $2}')" RESOLUTION="$(echo $GEOMETRY | awk '{print $2}')"

View file

@ -1,5 +1,4 @@
self: self: with self; ''
with self; ''
case $1 in case $1 in
d) d)
shift; shift;

View file

@ -1,5 +1,4 @@
self: self: with self; ''
with self; ''
echo "$@" echo "$@"
DUPLEX=,Duplex DUPLEX=,Duplex
removeempty="true" removeempty="true"

Some files were not shown because too many files have changed in this diff Show more