diff --git a/flake.nix b/flake.nix index d607578..4653f20 100644 --- a/flake.nix +++ b/flake.nix @@ -311,17 +311,39 @@ in rec { + # The plan + # Import all the host configurations as modules + # Setup the modules as nixosModules, homeModules, darwinModules + # Create nixosConfigurations using the different pkgs for each system + # What to do with home config? + + nixosModules = import ./hosts/x86_64-linux nixpkgs // import ./hosts/aarch64-linux nixpkgs; + # Contains my full system builds, including home-manager # nixos-rebuild switch --flake .#tempest nixosConfigurations = - builtins.mapAttrs buildNixos { - pkgs = pkgsBySystem.x86_64-linux; - modules = import ./hosts/x86_64-linux; - } - // builtins.mapAttrs buildNixos { - pkgs = pkgsBySystem.aarch64-linux; - modules = import ./hosts/aarch64-linux; - }; + (builtins.mapAttrs ( + name: module: + buildNixos { + pkgs = pkgsBySystem.x86_64-linux; + modules = [ module ]; + } + ) nixosModules) + // (builtins.mapAttrs ( + name: module: + buildNixos { + pkgs = pkgsBySystem.aarch64-linux; + modules = [ module ]; + } + ) nixosModules); + # builtins.mapAttrs buildNixos { + # pkgs = pkgsBySystem.x86_64-linux; + # modules = import ./hosts/x86_64-linux; + # } + # // builtins.mapAttrs buildNixos { + # pkgs = pkgsBySystem.aarch64-linux; + # modules = import ./hosts/aarch64-linux; + # }; # Contains my full Mac system builds, including home-manager # darwin-rebuild switch --flake .#lookingglass diff --git a/hosts/aarch64-linux/flame/default.nix b/hosts/aarch64-linux/flame/default.nix deleted file mode 100644 index 1a6ed35..0000000 --- a/hosts/aarch64-linux/flame/default.nix +++ /dev/null @@ -1,121 +0,0 @@ -# The Flame -# System configuration for an Oracle free server - -# How to install: -# https://blog.korfuri.fr/posts/2022/08/nixos-on-an-oracle-free-tier-ampere-machine/ -# These days, probably use nixos-anywhere instead. - -{ - inputs, - globals, - overlays, - ... -}: - -inputs.nixpkgs.lib.nixosSystem rec { - system = "aarch64-linux"; - specialArgs = { - pkgs-stable = import inputs.nixpkgs-stable { inherit system; }; - pkgs-caddy = import inputs.nixpkgs-caddy { inherit system; }; - }; - modules = [ - { - # Hardware - networking.hostName = "flame"; - - # File systems must be declared in order to boot - - # This is the root filesystem containing NixOS - # I forgot to set a clean label for it - fileSystems."/" = { - device = "/dev/disk/by-uuid/e1b6bd50-306d-429a-9f45-78f57bc597c3"; - fsType = "ext4"; - }; - - # This is the boot filesystem for systemd-boot - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/D5CA-237A"; - fsType = "vfat"; - }; - - # Theming - - # Still require colors for programs like Neovim, K9S - theme = { - colors = (import ../../colorscheme/gruvbox-dark).dark; - }; - - # Programs and services - atuin.enable = true; - cloudflare.enable = true; # Proxy traffic with Cloudflare - dotfiles.enable = true; # Clone dotfiles - neovim.enable = true; - giteaRunner.enable = true; - services.actualbudget.enable = true; - services.caddy.enable = true; - services.grafana.enable = true; - services.thelounge.enable = true; - services.openssh.enable = true; - services.victoriametrics.enable = true; - services.influxdb2.enable = true; - services.gitea.enable = true; - services.vaultwarden.enable = true; - services.minecraft-server.enable = true; # Setup Minecraft server - services.n8n.enable = true; - services.ntfy-sh.enable = true; - services.postgresql.enable = true; - services.uptime-kuma.enable = true; - system.autoUpgrade.enable = true; - - # Allows private remote access over the internet - cloudflareTunnel = { - enable = true; - id = "bd250ee1-ed2e-42d2-b627-039f1eb5a4d2"; - credentialsFile = ../../private/cloudflared-flame.age; - ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK/6oyVqjFGX3Uvrc3VS8J9sphxzAnRzKC85xgkHfYgR3TK6qBGXzHrknEj21xeZrr3G2y1UsGzphWJd9ZfIcdA= open-ssh-ca@cloudflareaccess.org"; - }; - - # Nextcloud backup config - backup.s3 = { - endpoint = "s3.us-west-002.backblazeb2.com"; - bucket = "noahmasur-backup"; - accessKeyId = "0026b0e73b2e2c80000000005"; - resticBucket = "noahmasur-restic"; - }; - - # Disable passwords, only use SSH key - publicKeys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s personal" - ]; - - # # Wireguard config for Transmission - # wireguard.enable = true; - # networking.wireguard.interfaces.wg0 = { - # - # # The local IPs for this machine within the Wireguard network - # # Any inbound traffic bound for these IPs should be kept on localhost - # ips = [ "10.66.13.200/32" "fc00:bbbb:bbbb:bb01::3:dc7/128" ]; - # - # peers = [{ - # - # # Identity of Wireguard target peer (VPN) - # publicKey = "bOOP5lIjqCdDx5t+mP/kEcSbHS4cZqE0rMlBI178lyY="; - # - # # The public internet address of the target peer - # endpoint = "86.106.143.132:51820"; - # - # # Which outgoing IP ranges should be sent through Wireguard - # allowedIPs = [ "0.0.0.0/0" "::0/0" ]; - # - # # Send heartbeat signal within the network - # persistentKeepalive = 25; - # - # }]; - # - # }; - - # # VPN port forwarding - # services.transmission.settings.peer-port = 57599; - } - ]; -} diff --git a/hosts/flame/default.nix b/hosts/flame/default.nix new file mode 100644 index 0000000..01124f2 --- /dev/null +++ b/hosts/flame/default.nix @@ -0,0 +1,54 @@ +# The Flame +# System configuration for an Oracle free server + +# How to install: +# https://blog.korfuri.fr/posts/2022/08/nixos-on-an-oracle-free-tier-ampere-machine/ +# These days, probably use nixos-anywhere instead. + +rec { + # Hardware + networking.hostName = "flame"; + + nmasur.settings = { + username = "noah"; + fullName = "Noah Masur"; + }; + + nmasur.profiles = { + base.enable = true; + server.enable = true; + communications.enable = true; + }; + + home-manager.users."noah" = { + nmasur.settings = nmasur.settings; + nmasur.profiles = { + common.enable = true; + linux-base.enable = true; + }; + }; + + # File systems must be declared in order to boot + + # This is the root filesystem containing NixOS + # I forgot to set a clean label for it + fileSystems."/" = { + device = "/dev/disk/by-uuid/e1b6bd50-306d-429a-9f45-78f57bc597c3"; + fsType = "ext4"; + }; + + # This is the boot filesystem for systemd-boot + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/D5CA-237A"; + fsType = "vfat"; + }; + + # Allows private remote access over the internet + nmasur.presets.services.cloudflared = { + tunnel = { + id = "bd250ee1-ed2e-42d2-b627-039f1eb5a4d2"; + credentialsFile = ../../private/cloudflared-flame.age; + ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK/6oyVqjFGX3Uvrc3VS8J9sphxzAnRzKC85xgkHfYgR3TK6qBGXzHrknEj21xeZrr3G2y1UsGzphWJd9ZfIcdA= open-ssh-ca@cloudflareaccess.org"; + }; + }; +} diff --git a/platforms/home-manager/modules/nmasur/presets/programs/aerc.nix b/platforms/home-manager/modules/nmasur/presets/programs/aerc.nix index 9fc15b3..f4addec 100644 --- a/platforms/home-manager/modules/nmasur/presets/programs/aerc.nix +++ b/platforms/home-manager/modules/nmasur/presets/programs/aerc.nix @@ -199,20 +199,19 @@ in exec = "${config.terminalLaunchCommand} aerc %u"; }; xsession.windowManager.i3.config.keybindings = lib.mkIf pkgs.stdenv.isLinux { - "${config.home-manager.users.${config.user}.xsession.windowManager.i3.config.modifier}+Shift+e" = - "exec ${ - # Don't name the script `aerc` or it will affect grep - builtins.toString ( - pkgs.writeShellScript "focus-mail.sh" '' - count=$(ps aux | grep -c aerc) - if [ "$count" -eq 1 ]; then - i3-msg "exec --no-startup-id ${config.terminal} start --class aerc -- aerc" - sleep 0.25 - fi - i3-msg "[class=aerc] focus" - '' - ) - }"; + "${config.xsession.windowManager.i3.config.modifier}+Shift+e" = "exec ${ + # Don't name the script `aerc` or it will affect grep + builtins.toString ( + pkgs.writeShellScript "focus-mail.sh" '' + count=$(ps aux | grep -c aerc) + if [ "$count" -eq 1 ]; then + i3-msg "exec --no-startup-id ${config.terminal} start --class aerc -- aerc" + sleep 0.25 + fi + i3-msg "[class=aerc] focus" + '' + ) + }"; }; programs.fish.shellAbbrs = { diff --git a/platforms/home-manager/modules/nmasur/presets/programs/firefox.nix b/platforms/home-manager/modules/nmasur/presets/programs/firefox.nix index bdfb95e..4d8202a 100644 --- a/platforms/home-manager/modules/nmasur/presets/programs/firefox.nix +++ b/platforms/home-manager/modules/nmasur/presets/programs/firefox.nix @@ -183,20 +183,19 @@ in }; xsession.windowManager.i3.config.keybindings = lib.mkIf pkgs.stdenv.isLinux { - "${config.home-manager.users.${config.user}.xsession.windowManager.i3.config.modifier}+Shift+b" = - "exec ${ - # Don't name the script `firefox` or it will affect grep - builtins.toString ( - pkgs.writeShellScript "focus-ff.sh" '' - count=$(ps aux | grep -c firefox) - if [ "$count" -eq 1 ]; then - i3-msg "exec --no-startup-id firefox" - sleep 0.5 - fi - i3-msg "[class=firefox] focus" - '' - ) - }"; + "${config.xsession.windowManager.i3.config.modifier}+Shift+b" = "exec ${ + # Don't name the script `firefox` or it will affect grep + builtins.toString ( + pkgs.writeShellScript "focus-ff.sh" '' + count=$(ps aux | grep -c firefox) + if [ "$count" -eq 1 ]; then + i3-msg "exec --no-startup-id firefox" + sleep 0.5 + fi + i3-msg "[class=firefox] focus" + '' + ) + }"; }; }; } diff --git a/platforms/home-manager/modules/nmasur/presets/programs/fish.nix b/platforms/home-manager/modules/nmasur/presets/programs/fish.nix index 8f0daa9..26d1900 100644 --- a/platforms/home-manager/modules/nmasur/presets/programs/fish.nix +++ b/platforms/home-manager/modules/nmasur/presets/programs/fish.nix @@ -91,7 +91,6 @@ in scs = "systemctl status"; sca = "systemctl cat"; m = "make"; - t = "trash"; # Vim (overwritten by Neovim) v = "vim"; diff --git a/platforms/home-manager/modules/nmasur/presets/programs/ldapsearch.nix b/platforms/home-manager/modules/nmasur/presets/programs/ldapsearch.nix index 23f7292..3cea8ef 100644 --- a/platforms/home-manager/modules/nmasur/presets/programs/ldapsearch.nix +++ b/platforms/home-manager/modules/nmasur/presets/programs/ldapsearch.nix @@ -25,7 +25,7 @@ let -B -o ldif-wrap=no \ -E pr=5000/prompt \ -H "${ldap_scheme}://''${LDAP_HOST}:${builtins.toString ldap_port}" \ - -D "${pkgs.lib.toUpper magic_prefix}2\\${pkgs.lib.toLower config.user}" \ + -D "${pkgs.lib.toUpper magic_prefix}2\\${pkgs.lib.toLower config.home.username}" \ -w "$(${pkgs._1password-cli}/bin/op item get T2 --fields label=password --reveal)" \ -b "dc=''${LDAP_HOST//./,dc=}" \ -s "sub" -x "(cn=''${SEARCH_FILTER})" \ diff --git a/platforms/home-manager/modules/nmasur/presets/programs/nautilus.nix b/platforms/home-manager/modules/nmasur/presets/programs/nautilus.nix index ff6c241..301844d 100644 --- a/platforms/home-manager/modules/nmasur/presets/programs/nautilus.nix +++ b/platforms/home-manager/modules/nmasur/presets/programs/nautilus.nix @@ -18,7 +18,7 @@ in # Quick button for launching nautilus xsession.windowManager.i3.config.keybindings = { - "${config.home-manager.users.${config.user}.xsession.windowManager.i3.config.modifier}+n" = + "${config.xsession.windowManager.i3.config.modifier}+n" = "exec --no-startup-id ${pkgs.nautilus}/bin/nautilus"; }; diff --git a/platforms/home-manager/modules/nmasur/presets/programs/nixpkgs.nix b/platforms/home-manager/modules/nmasur/presets/programs/nixpkgs.nix index 5c646b3..8b00a96 100644 --- a/platforms/home-manager/modules/nmasur/presets/programs/nixpkgs.nix +++ b/platforms/home-manager/modules/nmasur/presets/programs/nixpkgs.nix @@ -6,6 +6,7 @@ }: let + inherit (config.nmasur.settings) username; cfg = config.nmasur.presets.programs.nixpkgs; in @@ -124,7 +125,7 @@ in # For security, only allow specific users settings.allowed-users = [ "@wheel" # Anyone in the wheel group - config.user # The current user + config.home.username # The current user ]; # Enable features in Nix commands diff --git a/platforms/home-manager/modules/nmasur/presets/programs/obsidian.nix b/platforms/home-manager/modules/nmasur/presets/programs/obsidian.nix new file mode 100644 index 0000000..4e9e24c --- /dev/null +++ b/platforms/home-manager/modules/nmasur/presets/programs/obsidian.nix @@ -0,0 +1,27 @@ +{ + config, + pkgs, + lib, + ... +}: + +let + cfg = config.nmasur.presets.programs.obsidian; +in +{ + + options = { + nmasur.presets.programs.obsidian = { + enable = lib.mkEnableOption "Obsidian markdown wiki"; + }; + }; + + config = lib.mkIf cfg.enable { + unfreePackages = [ "obsidian" ]; + home.packages = with pkgs; [ obsidian ]; + + # Broken on 2023-12-11 + # https://forum.obsidian.md/t/electron-25-is-now-eol-please-upgrade-to-a-newer-version/72878/8 + # insecurePackages = [ "electron-25.9.0" ]; + }; +} diff --git a/platforms/home-manager/modules/nmasur/presets/programs/tmux.nix b/platforms/home-manager/modules/nmasur/presets/programs/tmux.nix index ae8f27f..ce6232a 100644 --- a/platforms/home-manager/modules/nmasur/presets/programs/tmux.nix +++ b/platforms/home-manager/modules/nmasur/presets/programs/tmux.nix @@ -8,7 +8,7 @@ options.tmux.enable = lib.mkEnableOption "Tmux terminal multiplexer"; - config.home-manager.users.${config.user} = lib.mkIf config.tmux.enable { + config = lib.mkIf config.tmux.enable { programs.tmux = { enable = true; diff --git a/platforms/home-manager/modules/nmasur/presets/services/hammerspoon/default.nix b/platforms/home-manager/modules/nmasur/presets/services/hammerspoon/default.nix index 47f4ad4..5fbf9ba 100644 --- a/platforms/home-manager/modules/nmasur/presets/services/hammerspoon/default.nix +++ b/platforms/home-manager/modules/nmasur/presets/services/hammerspoon/default.nix @@ -28,13 +28,11 @@ in }; xdg.configFile."hammerspoon/Spoons/MoveWindow.spoon".source = ./Spoons/MoveWindow.spoon; - home.activation.reloadHammerspoon = - config.home-manager.users.${config.user}.lib.dag.entryAfter [ "writeBoundary" ] - '' - $DRY_RUN_CMD /Applications/Hammerspoon.app/Contents/Frameworks/hs/hs -c "hs.reload()" - $DRY_RUN_CMD sleep 1 - $DRY_RUN_CMD /Applications/Hammerspoon.app/Contents/Frameworks/hs/hs -c "hs.console.clearConsole()" - ''; + home.activation.reloadHammerspoon = config.lib.dag.entryAfter [ "writeBoundary" ] '' + $DRY_RUN_CMD /Applications/Hammerspoon.app/Contents/Frameworks/hs/hs -c "hs.reload()" + $DRY_RUN_CMD sleep 1 + $DRY_RUN_CMD /Applications/Hammerspoon.app/Contents/Frameworks/hs/hs -c "hs.console.clearConsole()" + ''; }; } diff --git a/platforms/home-manager/modules/nmasur/presets/services/mbsync.nix b/platforms/home-manager/modules/nmasur/presets/services/mbsync.nix index 0471d7b..99088f6 100644 --- a/platforms/home-manager/modules/nmasur/presets/services/mbsync.nix +++ b/platforms/home-manager/modules/nmasur/presets/services/mbsync.nix @@ -4,119 +4,120 @@ lib, ... }: + +let + inherit (config.nmasur.settings) fullName; + cfg = config.nmasur.presets.services.mbsync; +in + { - options = { - mail.enable = lib.mkEnableOption "Mail service."; - mail.user = lib.mkOption { + options.nmasur.preset.services.mbsync = { + enable = lib.mkEnableOption "Mail service."; + user = lib.mkOption { type = lib.types.str; description = "User name for the email address."; - default = config.user; }; - mail.server = lib.mkOption { - type = lib.types.nullOr lib.types.str; + server = lib.mkOption { + type = lib.types.str; description = "Server name for the email address."; }; - mail.imapHost = lib.mkOption { - type = lib.types.nullOr lib.types.str; + imapHost = lib.mkOption { + type = lib.types.str; description = "Server host for IMAP (reading mail)."; }; - mail.smtpHost = lib.mkOption { - type = lib.types.nullOr lib.types.str; + smtpHost = lib.mkOption { + type = lib.types.str; description = "Server host for SMTP (sending mail)."; }; }; - config = lib.mkIf config.mail.enable { + config = lib.mkIf cfg.enable { - home-manager.users.${config.user} = { - programs.mbsync = { - enable = true; - }; + programs.mbsync = { + enable = true; + }; - # Automatically check for mail and keep files synced locally - services.mbsync = lib.mkIf pkgs.stdenv.isLinux { - enable = true; - frequency = "*:0/5"; - postExec = "${lib.getExe pkgs.notmuch} new"; - }; + # Automatically check for mail and keep files synced locally + services.mbsync = lib.mkIf pkgs.stdenv.isLinux { + enable = true; + frequency = "*:0/5"; + postExec = "${lib.getExe pkgs.notmuch} new"; + }; - # Used to watch for new mail and trigger sync - services.imapnotify.enable = pkgs.stdenv.isLinux; + # Used to watch for new mail and trigger sync + services.imapnotify.enable = pkgs.stdenv.isLinux; - # Allows sending email from CLI/sendmail - programs.msmtp.enable = true; + # Allows sending email from CLI/sendmail + programs.msmtp.enable = true; - accounts.email = { + accounts.email = { - # Where email files are stored - maildirBasePath = "${config.home.homeDirectory}/mail"; + # Where email files are stored + maildirBasePath = "${config.home.homeDirectory}/mail"; - accounts = { - home = - let - address = "${config.mail.user}@${config.mail.server}"; - in - { - userName = address; - realName = config.fullName; - primary = true; - inherit address; - aliases = map (user: "${user}@${config.mail.server}") [ - "me" - "hey" - "admin" - ]; + accounts = { + home = + let + address = "${cfg.user}@${cfg.server}"; + in + { + userName = address; + realName = fullName; + primary = true; + inherit address; + aliases = map (user: "${user}@${cfg.server}") [ + "me" + "hey" + "admin" + ]; - # Options for contact completion - alot = { }; + # Options for contact completion + alot = { }; - imap = { - host = config.mail.imapHost; - port = 993; - tls.enable = true; - }; + imap = { + host = cfg.imapHost; + port = 993; + tls.enable = true; + }; - # Watch for mail and run notifications or sync - imapnotify = { - enable = true; - boxes = [ "Inbox" ]; - onNotify = "${pkgs.isync}/bin/mbsync -a"; - onNotifyPost = - lib.mkIf config.home-manager.users.${config.user}.services.dunst.enable - "${lib.getExe pkgs.libnotify} 'New mail arrived'"; - }; + # Watch for mail and run notifications or sync + imapnotify = { + enable = true; + boxes = [ "Inbox" ]; + onNotify = "${pkgs.isync}/bin/mbsync -a"; + onNotifyPost = lib.mkIf config.services.dunst.enable "${lib.getExe pkgs.libnotify} 'New mail arrived'"; + }; - # Name of the directory in maildir for this account - maildir = { - path = "main"; - }; + # Name of the directory in maildir for this account + maildir = { + path = "main"; + }; - # Bi-directional syncing options for local files - mbsync = { - enable = true; - create = "both"; - expunge = "both"; - remove = "both"; - patterns = [ "*" ]; - extraConfig.channel = { - CopyArrivalDate = "yes"; # Sync time of original message - }; - }; - - # Enable indexing - notmuch.enable = true; - - # Used to login and send and receive emails - passwordCommand = "${pkgs.age}/bin/age --decrypt --identity ~/.ssh/id_ed25519 ${pkgs.writeText "mailpass.age" (builtins.readFile ../../../private/mailpass.age)}"; - - smtp = { - host = config.mail.smtpHost; - port = 465; - tls.enable = true; + # Bi-directional syncing options for local files + mbsync = { + enable = true; + create = "both"; + expunge = "both"; + remove = "both"; + patterns = [ "*" ]; + extraConfig.channel = { + CopyArrivalDate = "yes"; # Sync time of original message }; }; - }; + + # Enable indexing + notmuch.enable = true; + + # Used to login and send and receive emails + passwordCommand = "${lib.getExe pkgs.age} --decrypt --identity ~/.ssh/id_ed25519 ${pkgs.writeText "mailpass.age" (builtins.readFile ../../../private/mailpass.age)}"; + + smtp = { + host = cfg.smtpHost; + port = 465; + tls.enable = true; + }; + }; }; }; }; diff --git a/platforms/home-manager/modules/nmasur/profiles/linux-base.nix b/platforms/home-manager/modules/nmasur/profiles/linux-base.nix index 19026e0..cb38d2e 100644 --- a/platforms/home-manager/modules/nmasur/profiles/linux-base.nix +++ b/platforms/home-manager/modules/nmasur/profiles/linux-base.nix @@ -35,9 +35,14 @@ in }; }; - programs.fish.shellAliases = { - # Move files to XDG trash on the commandline - trash = lib.mkDefault "${pkgs.trash-cli}/bin/trash-put"; + programs.fish = { + shellAliases = { + # Move files to XDG trash on the commandline + trash = lib.mkDefault "${pkgs.trash-cli}/bin/trash-put"; + }; + shellAbbrs = { + t = "trash"; + }; }; }; } diff --git a/platforms/home-manager/modules/nmasur/profiles/power-user.nix b/platforms/home-manager/modules/nmasur/profiles/power-user.nix index 01fd9a7..8cf98a7 100644 --- a/platforms/home-manager/modules/nmasur/profiles/power-user.nix +++ b/platforms/home-manager/modules/nmasur/profiles/power-user.nix @@ -21,8 +21,8 @@ in pkgs.jo # JSON output pkgs.osc # Clipboard over SSH pkgs.qrencode # Generate qr codes - # pkgs.ren # Rename files - # pkgs.rep # Replace text in files + pkgs.ren # Rename files + pkgs.rep # Replace text in files pkgs.spacer # Output lines in terminal pkgs.tealdeer # Cheatsheets pkgs.vimv-rs # Batch rename files diff --git a/platforms/home-manager/modules/nmasur/profiles/work.nix b/platforms/home-manager/modules/nmasur/profiles/work.nix index ea3c5e2..7f578e5 100644 --- a/platforms/home-manager/modules/nmasur/profiles/work.nix +++ b/platforms/home-manager/modules/nmasur/profiles/work.nix @@ -58,6 +58,7 @@ in k9s.enable = lib.mkDefault true; kubectl.enable = lib.mkDefault true; ldapsearch.enable = lib.mkDefault true; + obsidian.enable = lib.mkDefault true; ripgrep.enable = lib.mkDefault true; starship.enable = lib.mkDefault true; terraform.enable = lib.mkDefault true; diff --git a/platforms/home-manager/theme.nix b/platforms/home-manager/theme.nix index b952f76..6c2c43d 100644 --- a/platforms/home-manager/theme.nix +++ b/platforms/home-manager/theme.nix @@ -6,7 +6,7 @@ name = lib.mkOption { type = lib.types.nullOr lib.types.str; description = "Color palette name (fallback when individual colors aren't specified)"; - default = null; + default = "gruvbox"; }; colors = lib.mkOption { type = lib.types.attrs; diff --git a/platforms/nix-darwin/modules/nmasur/presets/services/user.nix b/platforms/nix-darwin/modules/nmasur/presets/services/user.nix index 2ad2e5c..384a518 100644 --- a/platforms/nix-darwin/modules/nmasur/presets/services/user.nix +++ b/platforms/nix-darwin/modules/nmasur/presets/services/user.nix @@ -5,6 +5,7 @@ }: let + inherit (config.nmasur.settings) username; cfg = config.nmasur.presets.services.user; in @@ -13,14 +14,14 @@ in options.nmasur.presets.services.user.enable = lib.mkEnableOption "macoS user settings"; config = lib.mkIf cfg.enable { - users.users."${config.user}" = { + users.users."${username}" = { # macOS user - home = config.home-manager.users.${config.user}.home.homeDirectory; + home = config.home-manager.users.${username}.home.homeDirectory; uid = 502; # shell = pkgs.fish; # Default shell }; # This might fix the shell issues - users.knownUsers = [ config.user ]; + users.knownUsers = [ username ]; }; } diff --git a/platforms/nixos/modules/nmasur/presets/services/calibre-web.nix b/platforms/nixos/modules/nmasur/presets/services/calibre-web.nix index 032d846..27239c9 100644 --- a/platforms/nixos/modules/nmasur/presets/services/calibre-web.nix +++ b/platforms/nixos/modules/nmasur/presets/services/calibre-web.nix @@ -13,7 +13,7 @@ let - inherit (config.nmasur.settings) hostnames; + inherit (config.nmasur.settings) hostnames username; cfg = config.nmasur.presets.services.calibre-web; libraryPath = "/data/books"; in @@ -58,7 +58,7 @@ in services.cloudflare-dyndns.domains = [ hostnames.books ]; # Grant user access to Calibre directories - users.users.${config.user}.extraGroups = [ "calibre-web" ]; + users.users.${username}.extraGroups = [ "calibre-web" ]; # Run a backup on a schedule systemd.timers.calibre-backup = { diff --git a/platforms/nixos/modules/nmasur/presets/services/cloudflared.nix b/platforms/nixos/modules/nmasur/presets/services/cloudflared.nix index f3de925..857c196 100644 --- a/platforms/nixos/modules/nmasur/presets/services/cloudflared.nix +++ b/platforms/nixos/modules/nmasur/presets/services/cloudflared.nix @@ -25,6 +25,7 @@ # Set ca = "" let + inherit (config.nmasur.settings) username; cfg = config.nmasur.presets.services.cloudflared; in @@ -74,7 +75,7 @@ in # Must match the username portion of the email address in Cloudflare # Access "ssh/authorized_principals".text = '' - ${config.user} + ${username} ''; }; @@ -82,7 +83,7 @@ in services.openssh.extraConfig = '' PubkeyAuthentication yes TrustedUserCAKeys /etc/ssh/ca.pub - Match User '${config.user}' + Match User '${username}' AuthorizedPrincipalsFile /etc/ssh/authorized_principals # if there is no existing AuthenticationMethods AuthenticationMethods publickey diff --git a/platforms/nixos/modules/nmasur/presets/services/gitea.nix b/platforms/nixos/modules/nmasur/presets/services/gitea.nix index 0469cb8..185dc4e 100644 --- a/platforms/nixos/modules/nmasur/presets/services/gitea.nix +++ b/platforms/nixos/modules/nmasur/presets/services/gitea.nix @@ -6,7 +6,7 @@ }: let - inherit (config.nmasur.settings) hostnames; + inherit (config.nmasur.settings) hostnames username; cfg = config.nmasur.presets.services.gitea; giteaPath = "/var/lib/gitea"; # Default service directory in @@ -59,7 +59,7 @@ in extraConfig = null; }; - users.users.${config.user}.extraGroups = [ "gitea" ]; + users.users.${username}.extraGroups = [ "gitea" ]; caddy.routes = [ # Prevent public access to Prometheus metrics. diff --git a/platforms/nixos/modules/nmasur/presets/services/litestream.nix b/platforms/nixos/modules/nmasur/presets/services/litestream.nix index 24145d1..be19c23 100644 --- a/platforms/nixos/modules/nmasur/presets/services/litestream.nix +++ b/platforms/nixos/modules/nmasur/presets/services/litestream.nix @@ -14,17 +14,17 @@ in endpoint = lib.mkOption { type = lib.types.nullOr lib.types.str; description = "S3 endpoint for Litestream backups"; - # default = null; + default = "s3.us-west-002.backblazeb2.com"; }; bucket = lib.mkOption { type = lib.types.nullOr lib.types.str; description = "S3 bucket for Litestream backups"; - # default = null; + default = "noahmasur-backup"; }; accessKeyId = lib.mkOption { type = lib.types.nullOr lib.types.str; description = "S3 access key ID for Litestream backups"; - # default = null; + default = "0026b0e73b2e2c80000000005"; }; accessKeySecret = lib.mkOption { type = lib.types.nullOr lib.types.path; diff --git a/platforms/nixos/modules/nmasur/presets/services/nextcloud.nix b/platforms/nixos/modules/nmasur/presets/services/nextcloud.nix index 9e85d5f..48ce05c 100644 --- a/platforms/nixos/modules/nmasur/presets/services/nextcloud.nix +++ b/platforms/nixos/modules/nmasur/presets/services/nextcloud.nix @@ -6,7 +6,7 @@ }: let - inherit (config.nmasur.settings) hostnames; + inherit (config.nmasur.settings) hostnames username; cfg = config.nmasur.presets.services.nextcloud; in { @@ -212,7 +212,7 @@ in }; # Grant user access to Nextcloud directories - users.users.${config.user}.extraGroups = [ "nextcloud" ]; + users.users.${username}.extraGroups = [ "nextcloud" ]; # Open to groups, allowing for backups systemd.services.phpfpm-nextcloud.serviceConfig.StateDirectoryMode = lib.mkForce "0770"; diff --git a/platforms/nixos/modules/nmasur/presets/services/nix-autoupgrade.nix b/platforms/nixos/modules/nmasur/presets/services/nix-autoupgrade.nix index e49ae26..2a3c4e6 100644 --- a/platforms/nixos/modules/nmasur/presets/services/nix-autoupgrade.nix +++ b/platforms/nixos/modules/nmasur/presets/services/nix-autoupgrade.nix @@ -6,6 +6,7 @@ }: let + inherit (config.nmasur.settings) username; cfg = config.nmasur.presets.services.nix-autoupgrade; in @@ -54,7 +55,7 @@ in systemctl status $SERVICE_ID >> $TEMPFILE set -e ${lib.getExe pkgs.msmtp} \ - --file=${config.home-manager.users.${config.user}.xdg.configDir}/msmtp/config \ + --file=${config.home-manager.users.${username}.xdg.configDir}/msmtp/config \ --account=system \ ${address} < $TEMPFILE ''; diff --git a/platforms/nixos/modules/nmasur/presets/services/notes-git-sync.nix b/platforms/nixos/modules/nmasur/presets/services/notes-git-sync.nix index a6bdb0e..74f6827 100644 --- a/platforms/nixos/modules/nmasur/presets/services/notes-git-sync.nix +++ b/platforms/nixos/modules/nmasur/presets/services/notes-git-sync.nix @@ -6,6 +6,7 @@ }: let + inherit (config.nmasur.settings) username; cfg = config.nmasur.presets.services.notes-git-sync; in @@ -27,7 +28,7 @@ in Type = "oneshot"; ExecStartPre = "${lib.getExe pkgs.git} -C /data/git/notes reset --hard master"; ExecStart = "${lib.getExe pkgs.git} -C /data/git/notes pull"; - WorkingDirectory = config.home-manager.users.${config.user}.home.homeDirectory; + WorkingDirectory = config.home-manager.users.${username}.home.homeDirectory; Environment = "PATH=${pkgs.openssh}/bin"; }; }; diff --git a/platforms/nixos/modules/nmasur/presets/services/openssh.nix b/platforms/nixos/modules/nmasur/presets/services/openssh.nix index 09de76a..9025193 100644 --- a/platforms/nixos/modules/nmasur/presets/services/openssh.nix +++ b/platforms/nixos/modules/nmasur/presets/services/openssh.nix @@ -7,6 +7,7 @@ }: let + inherit (config.nmasur.settings) username; cfg = config.nmasur.presets.services.openssh; in { @@ -16,7 +17,9 @@ in publicKeys = lib.mkOption { type = lib.types.nullOr (lib.types.listOf lib.types.str); description = "Public SSH keys authorized for this system."; - default = null; + default = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s personal" + ]; }; # permitRootLogin = lib.mkOption { # type = lib.types.str; @@ -38,7 +41,7 @@ in }; }; - users.users.${config.user}.openssh.authorizedKeys.keys = lib.mkIf ( + users.users.${username}.openssh.authorizedKeys.keys = lib.mkIf ( cfg.publicKeys != null ) cfg.publicKeys; diff --git a/platforms/nixos/modules/nmasur/presets/services/paperless.nix b/platforms/nixos/modules/nmasur/presets/services/paperless.nix index 754df70..b362456 100644 --- a/platforms/nixos/modules/nmasur/presets/services/paperless.nix +++ b/platforms/nixos/modules/nmasur/presets/services/paperless.nix @@ -3,7 +3,7 @@ { config, lib, ... }: let - inherit (config.nmasur.settings) hostnames; + inherit (config.nmasur.settings) hostnames username; cfg = config.nmasur.presets.services.paperless; in { @@ -28,7 +28,7 @@ in # Allow Nextcloud and user to see files users.users.nextcloud.extraGroups = lib.mkIf config.services.nextcloud.enable [ "paperless" ]; - users.users.${config.user}.extraGroups = [ "paperless" ]; + users.users.${username}.extraGroups = [ "paperless" ]; caddy.routes = [ { diff --git a/platforms/nixos/modules/nmasur/presets/services/postgresql.nix b/platforms/nixos/modules/nmasur/presets/services/postgresql.nix index e2938a6..bb3dba0 100644 --- a/platforms/nixos/modules/nmasur/presets/services/postgresql.nix +++ b/platforms/nixos/modules/nmasur/presets/services/postgresql.nix @@ -6,6 +6,7 @@ }: let + inherit (config.nmasur.settings) username; cfg = config.nmasur.presets.services.postgresql; in { @@ -23,7 +24,7 @@ in identMap = '' root postgres postgres root root postgres - admin ${config.user} admin + admin ${username} admin ''; ensureUsers = [ { diff --git a/platforms/nixos/modules/nmasur/presets/services/restic.nix b/platforms/nixos/modules/nmasur/presets/services/restic.nix index d4ad3b8..ae7c270 100644 --- a/platforms/nixos/modules/nmasur/presets/services/restic.nix +++ b/platforms/nixos/modules/nmasur/presets/services/restic.nix @@ -21,7 +21,7 @@ in bucket = lib.mkOption { type = lib.types.nullOr lib.types.str; description = "S3 bucket for Restic backups"; - default = null; + default = "noahmasur-restic"; }; accessKeySecretPair = lib.mkOption { type = lib.types.nullOr lib.types.path; diff --git a/platforms/nixos/modules/nmasur/presets/services/transmission.nix b/platforms/nixos/modules/nmasur/presets/services/transmission.nix index e742aed..5963b37 100644 --- a/platforms/nixos/modules/nmasur/presets/services/transmission.nix +++ b/platforms/nixos/modules/nmasur/presets/services/transmission.nix @@ -9,7 +9,7 @@ }: let - inherit (config.nmasur.settings) hostnames; + inherit (config.nmasur.settings) hostnames username; cfg = config.nmasur.presets.services.transmission; in { @@ -34,7 +34,7 @@ in rpc-authentication-required = true; rpc-port = 9091; rpc-bind-address = "0.0.0.0"; - rpc-username = config.user; + rpc-username = username; # This is a salted hash of the real password # https://github.com/tomwijnroks/transmission-pwgen rpc-password = "{c4c5145f6e18bcd3c7429214a832440a45285ce26jDOBGVW"; diff --git a/platforms/nixos/modules/nmasur/profiles/base.nix b/platforms/nixos/modules/nmasur/profiles/base.nix index 2030c4c..332d1be 100644 --- a/platforms/nixos/modules/nmasur/profiles/base.nix +++ b/platforms/nixos/modules/nmasur/profiles/base.nix @@ -6,6 +6,7 @@ }: let + inherit (config.nmasur.settings) username; cfg = config.nmasur.profiles.base; in @@ -19,7 +20,7 @@ in users.mutableUsers = lib.mkDefault false; # Define a user account. Don't forget to set a password with ‘passwd’. - users.users.${config.user} = { + users.users.${username} = { # Create a home directory for human user isNormalUser = lib.mkDefault true; diff --git a/platforms/nixos/modules/nmasur/profiles/gui.nix b/platforms/nixos/modules/nmasur/profiles/gui.nix index 9d3871f..890c7c8 100644 --- a/platforms/nixos/modules/nmasur/profiles/gui.nix +++ b/platforms/nixos/modules/nmasur/profiles/gui.nix @@ -6,6 +6,7 @@ }: let + inherit (config.nmasur.settings) username; cfg = config.nmasur.profiles.gui; in @@ -53,7 +54,7 @@ in hardware.i2c.enable = lib.mkDefault true; # Grant main user access to external monitors - users.users.${config.user}.extraGroups = lib.mkDefault [ "i2c" ]; + users.users.${username}.extraGroups = lib.mkDefault [ "i2c" ]; services.xserver.displayManager = { diff --git a/platforms/nixos/modules/nmasur/profiles/shared-media.nix b/platforms/nixos/modules/nmasur/profiles/shared-media.nix index 088c089..1280a0a 100644 --- a/platforms/nixos/modules/nmasur/profiles/shared-media.nix +++ b/platforms/nixos/modules/nmasur/profiles/shared-media.nix @@ -5,6 +5,7 @@ }: let + inherit (config.nmasur.settings) username; cfg = config.nmasur.profiles.shared-media; in @@ -18,7 +19,7 @@ in users.groups.shared = { }; # Give the human user access to the shared group - users.users.${config.user}.extraGroups = [ config.users.groups.shared.name ]; + users.users.${username}.extraGroups = [ config.users.groups.shared.name ]; }; } diff --git a/platforms/nixos/modules/nmasur/settings.nix b/platforms/nixos/modules/nmasur/settings.nix index 966c139..03ec2ec 100644 --- a/platforms/nixos/modules/nmasur/settings.nix +++ b/platforms/nixos/modules/nmasur/settings.nix @@ -10,7 +10,7 @@ type = lib.types.str; description = "Human readable name of the user"; }; - options.hostnames = lib.mkOption { + hostnames = lib.mkOption { type = lib.types.attrsOf lib.types.str; description = "Map of service names to FQDNs"; default = { }; diff --git a/platforms/nixos/modules/services/filebrowser.nix b/platforms/nixos/modules/services/filebrowser.nix index 6a11b29..9795119 100644 --- a/platforms/nixos/modules/services/filebrowser.nix +++ b/platforms/nixos/modules/services/filebrowser.nix @@ -5,7 +5,7 @@ ... }: let - inherit (config.nmasur.settings) hostnames; + inherit (config.nmasur.settings) hostnames username; cfg = config.services.filebrowser; dataDir = "/var/lib/filebrowser"; @@ -18,7 +18,7 @@ let database = "${dataDir}/filebrowser.db"; root = ""; "auth.method" = "json"; - username = config.user; + username = username; # Generate password: htpasswd -nBC 10 "" | tr -d ':\n' password = "$2y$10$ze1cMob0k6pnXRjLowYfZOVZWg4G.dsPtH3TohbUeEbI0sdkG9.za"; }; diff --git a/platforms/nixos/modules/services/identity.nix b/platforms/nixos/modules/services/identity.nix index 870b8ff..2880fa7 100644 --- a/platforms/nixos/modules/services/identity.nix +++ b/platforms/nixos/modules/services/identity.nix @@ -9,6 +9,7 @@ in enable = lib.mkEnableOption "Wait for identity file oneshot"; identityFile = lib.mkOption { type = lib.types.path; + default = config.identityFile; }; };