From 50a538c78ec3f71a37bfc9416565b11aeb105c54 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Tue, 20 Sep 2022 04:01:45 +0000
Subject: [PATCH 001/391] start generator work
---
flake.lock | 37 +++++++++++++++++++++++++++++++++++++
flake.nix | 20 +++++++++++++++++---
generators/aws.nix | 19 +++++++++++++++++++
3 files changed, 73 insertions(+), 3 deletions(-)
create mode 100644 generators/aws.nix
diff --git a/flake.lock b/flake.lock
index a3a0bac..202ceab 100644
--- a/flake.lock
+++ b/flake.lock
@@ -74,6 +74,42 @@
"type": "github"
}
},
+ "nixlib": {
+ "locked": {
+ "lastModified": 1636849918,
+ "narHash": "sha256-nzUK6dPcTmNVrgTAC1EOybSMsrcx+QrVPyqRdyKLkjA=",
+ "owner": "nix-community",
+ "repo": "nixpkgs.lib",
+ "rev": "28a5b0557f14124608db68d3ee1f77e9329e9dd5",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-community",
+ "repo": "nixpkgs.lib",
+ "type": "github"
+ }
+ },
+ "nixos-generators": {
+ "inputs": {
+ "nixlib": "nixlib",
+ "nixpkgs": [
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1660727616,
+ "narHash": "sha256-zYTIvdPMYMx/EYqXODAwIIU30RiEHqNHdgarIHuEYZc=",
+ "owner": "nix-community",
+ "repo": "nixos-generators",
+ "rev": "adccd191a0e83039d537e021f19495b7bad546a1",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-community",
+ "repo": "nixos-generators",
+ "type": "github"
+ }
+ },
"nixpkgs": {
"locked": {
"lastModified": 1663357389,
@@ -124,6 +160,7 @@
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
+ "nixos-generators": "nixos-generators",
"nixpkgs": "nixpkgs",
"nur": "nur",
"wallpapers": "wallpapers",
diff --git a/flake.nix b/flake.nix
index 6ba3749..4b95a7c 100644
--- a/flake.nix
+++ b/flake.nix
@@ -32,9 +32,15 @@
flake = false;
};
+ # Used to generate NixOS images for other platforms
+ nixos-generators = {
+ url = "github:nix-community/nixos-generators";
+ inputs.nixpkgs.follows = "nixpkgs";
+ };
+
};
- outputs = { self, nixpkgs, darwin, wsl, home-manager, nur, wallpapers }:
+ outputs = { self, nixpkgs, ... }@inputs:
let
@@ -57,14 +63,14 @@
in {
- nixosConfigurations = {
+ nixosConfigurations = with inputs; {
desktop = import ./hosts/desktop {
inherit nixpkgs home-manager nur globals wallpapers;
};
wsl = import ./hosts/wsl { inherit nixpkgs wsl home-manager globals; };
};
- darwinConfigurations = {
+ darwinConfigurations = with inputs; {
macbook = import ./hosts/macbook {
inherit nixpkgs darwin home-manager nur globals;
};
@@ -110,6 +116,14 @@
});
+ # Package servers into images with a generator
+ packages.x86_64-linux = with inputs; {
+ aws = import ./generators/aws.nix {
+ inherit nixpkgs nixos-generators home-manager globals;
+ system = "x86_64-linux";
+ };
+ };
+
# Templates for starting other projects quickly
templates = rec {
default = basic;
diff --git a/generators/aws.nix b/generators/aws.nix
new file mode 100644
index 0000000..f1f54cd
--- /dev/null
+++ b/generators/aws.nix
@@ -0,0 +1,19 @@
+{ nixpkgs, system, nixos-generators, home-manager, globals, ... }:
+
+nixos-generators.nixoGenerate {
+ inherit system;
+ imports = [
+ globals
+ home-manager.nixosModules.home-manager
+ {
+ networking.hostName = "sheep";
+ gui.enable = false;
+ colorscheme = (import ../../modules/colorscheme/gruvbox);
+ passwordHash =
+ "$6$PZYiMGmJIIHAepTM$Wx5EqTQ5GApzXx58nvi8azh16pdxrN6Qrv1wunDlzveOgawitWzcIxuj76X9V868fsPi/NOIEO8yVXqwzS9UF.";
+ }
+ ../hosts/common.nix
+ ../modules/nixos
+ ];
+ format = "aws";
+}
From 9e3345ff9bfa7142eb11936fb794f3816a5ab8fa Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Tue, 20 Sep 2022 11:50:45 +0000
Subject: [PATCH 002/391] add sshd for aws generators
---
generators/aws.nix | 3 +++
modules/services/sshd.nix | 24 ++++++++++++++++++++++++
2 files changed, 27 insertions(+)
create mode 100644 modules/services/sshd.nix
diff --git a/generators/aws.nix b/generators/aws.nix
index f1f54cd..0c7997c 100644
--- a/generators/aws.nix
+++ b/generators/aws.nix
@@ -11,9 +11,12 @@ nixos-generators.nixoGenerate {
colorscheme = (import ../../modules/colorscheme/gruvbox);
passwordHash =
"$6$PZYiMGmJIIHAepTM$Wx5EqTQ5GApzXx58nvi8azh16pdxrN6Qrv1wunDlzveOgawitWzcIxuj76X9V868fsPi/NOIEO8yVXqwzS9UF.";
+ publicKey =
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s";
}
../hosts/common.nix
../modules/nixos
+ ../modules/services/sshd.nix
];
format = "aws";
}
diff --git a/modules/services/sshd.nix b/modules/services/sshd.nix
new file mode 100644
index 0000000..8be395b
--- /dev/null
+++ b/modules/services/sshd.nix
@@ -0,0 +1,24 @@
+{ config, pkgs, lib, ... }: {
+
+ options = {
+ publicKey = lib.mkOption {
+ type = lib.types.str;
+ description = "Public SSH key authorized for this system.";
+ };
+ };
+
+ config = {
+ services.openssh = {
+ enable = true;
+ ports = [ 22 ];
+ passwordAuthentication = false;
+ gatewayPorts = "no";
+ forwardX11 = false;
+ allowSFTP = true;
+ permitRootLogin = "no";
+ };
+
+ users.users.${config.user}.authorizedKeys.keys = [ config.publicKey ];
+ };
+
+}
From 720a3cc409ee16185be14c69709ab5e10c803086 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Tue, 20 Sep 2022 12:50:04 +0000
Subject: [PATCH 003/391] additional options needed to build aws image
---
generators/aws.nix | 19 ++++++++++++++-----
modules/services/sshd.nix | 10 ++++++++--
2 files changed, 22 insertions(+), 7 deletions(-)
diff --git a/generators/aws.nix b/generators/aws.nix
index 0c7997c..f648c18 100644
--- a/generators/aws.nix
+++ b/generators/aws.nix
@@ -1,22 +1,31 @@
{ nixpkgs, system, nixos-generators, home-manager, globals, ... }:
-nixos-generators.nixoGenerate {
+nixos-generators.nixosGenerate {
inherit system;
- imports = [
- globals
+ format = "amazon";
+ modules = [
home-manager.nixosModules.home-manager
{
+ user = globals.user;
+ fullName = globals.fullName;
+ dotfilesRepo = globals.dotfilesRepo;
+ gitName = globals.gitName;
+ gitEmail = globals.gitEmail;
networking.hostName = "sheep";
gui.enable = false;
- colorscheme = (import ../../modules/colorscheme/gruvbox);
+ colorscheme = (import ../modules/colorscheme/gruvbox);
passwordHash =
"$6$PZYiMGmJIIHAepTM$Wx5EqTQ5GApzXx58nvi8azh16pdxrN6Qrv1wunDlzveOgawitWzcIxuj76X9V868fsPi/NOIEO8yVXqwzS9UF.";
publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s";
+ # AWS settings require this
+ permitRootLogin = "prohibit-password";
}
../hosts/common.nix
../modules/nixos
../modules/services/sshd.nix
+ ] ++ [
+ # Required to fix diskSize errors during build
+ ({ ... }: { amazonImage.sizeMB = 16 * 1024; })
];
- format = "aws";
}
diff --git a/modules/services/sshd.nix b/modules/services/sshd.nix
index 8be395b..0161aba 100644
--- a/modules/services/sshd.nix
+++ b/modules/services/sshd.nix
@@ -5,6 +5,11 @@
type = lib.types.str;
description = "Public SSH key authorized for this system.";
};
+ permitRootLogin = lib.mkOption {
+ type = lib.types.str;
+ description = "Root login settings.";
+ default = "no";
+ };
};
config = {
@@ -15,10 +20,11 @@
gatewayPorts = "no";
forwardX11 = false;
allowSFTP = true;
- permitRootLogin = "no";
+ permitRootLogin = config.permitRootLogin;
};
- users.users.${config.user}.authorizedKeys.keys = [ config.publicKey ];
+ users.users.${config.user}.openssh.authorizedKeys.keys =
+ [ config.publicKey ];
};
}
From f834cc20f4ae772d81ede8142d6f67603d6b0952 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Wed, 21 Sep 2022 03:49:04 +0000
Subject: [PATCH 004/391] aws generator gh workflow and terraform upload
---
flake.nix | 2 +-
generators/{aws.nix => aws/default.nix} | 0
generators/aws/main.tf | 80 ++++++++
generators/aws/workflow.yml | 260 ++++++++++++++++++++++++
4 files changed, 341 insertions(+), 1 deletion(-)
rename generators/{aws.nix => aws/default.nix} (100%)
create mode 100644 generators/aws/main.tf
create mode 100644 generators/aws/workflow.yml
diff --git a/flake.nix b/flake.nix
index 4b95a7c..b995b50 100644
--- a/flake.nix
+++ b/flake.nix
@@ -118,7 +118,7 @@
# Package servers into images with a generator
packages.x86_64-linux = with inputs; {
- aws = import ./generators/aws.nix {
+ aws = import ./generators/aws {
inherit nixpkgs nixos-generators home-manager globals;
system = "x86_64-linux";
};
diff --git a/generators/aws.nix b/generators/aws/default.nix
similarity index 100%
rename from generators/aws.nix
rename to generators/aws/default.nix
diff --git a/generators/aws/main.tf b/generators/aws/main.tf
new file mode 100644
index 0000000..4fbb2ca
--- /dev/null
+++ b/generators/aws/main.tf
@@ -0,0 +1,80 @@
+locals {
+ image_file = one(fileset(path.root, "result/nixos-amazon-image-*.vhd"))
+}
+
+# Upload to S3
+resource "aws_s3_object" "image" {
+ bucket = "your_bucket_name"
+ key = basename(local.image_file)
+ source = local.image_file
+ etag = filemd5(local.image_file)
+}
+
+# Setup IAM access for the VM Importer
+data "aws_iam_policy_document" "vmimport_trust_policy" {
+ statement {
+ actions = ["sts:AssumeRole"]
+ principals {
+ type = "Service"
+ identifiers = ["vmie.amazonaws.com"]
+ }
+ }
+}
+
+data "aws_iam_policy_document" "vmimport" {
+ statement {
+ actions = [
+ "s3:GetBucketLocation",
+ "s3:GetObject",
+ "s3:ListBucket",
+ ]
+ resources = [
+ "arn:aws:s3:::${aws_s3_object.image.bucket}",
+ "arn:aws:s3:::${aws_s3_object.image.bucket}/*",
+ ]
+ }
+ statement {
+ actions = [
+ "ec2:ModifySnapshotAttribute",
+ "ec2:CopySnapshot",
+ "ec2:RegisterImage",
+ "ec2:Describe*",
+ ]
+ resources = ["*"]
+ }
+}
+
+resource "aws_iam_role" "vmimport" {
+ name = "vmimport"
+ assume_role_policy = data.aws_iam_policy_document.vmimport_trust_policy.json
+ inline_policy {
+ name = "vmimport"
+ policy = data.aws_iam_policy_document.vmimport.json
+ }
+}
+
+# Import to EBS
+resource "aws_ebs_snapshot_import" "image" {
+ disk_container {
+ format = "VHD"
+ user_bucket {
+ s3_bucket = aws_s3_object.image.bucket
+ s3_key = aws_s3_object.image.key
+ }
+ }
+
+ role_name = aws_iam_role.vmimport.name
+}
+
+# Convert to AMI
+resource "aws_ami" "image" {
+ description = "Created with NixOS."
+ name = replace(basename(local.image_file), "/\\.vhd$/", "")
+ virtualization_type = "hvm"
+
+ ebs_block_device {
+ device_name = "/dev/xvda"
+ snapshot_id = aws_ebs_snapshot_import.image.id
+ volume_size = 8
+ }
+}
diff --git a/generators/aws/workflow.yml b/generators/aws/workflow.yml
new file mode 100644
index 0000000..c0210e2
--- /dev/null
+++ b/generators/aws/workflow.yml
@@ -0,0 +1,260 @@
+name: 'Terraform'
+env:
+
+
+ AWS_ACCOUNT_NUMBER: ''
+ AWS_PLAN_ROLE_NAME: github_actions_plan
+ AWS_APPLY_ROLE_NAME: github_actions_admin
+
+ # Always required. Used for authenticating to AWS, but can also act as your
+ # default region if you don't want to specify in the provider configuration.
+ AWS_REGION: us-east-1
+
+ # You must change these to fit your project.
+ TF_VAR_project: change-me
+ TF_VAR_label: change-me
+ TF_VAR_owner: Your Name Here
+
+ # If storing Terraform in a subdirectory, specify it here.
+ TERRAFORM_DIRECTORY: .
+
+ # Pinned versions of tools to use.
+ # Check for new releases:
+ # - https://github.com/hashicorp/terraform/releases
+ # - https://github.com/fugue/regula/releases
+ # - https://github.com/terraform-linters/tflint/releases
+ TERRAFORM_VERSION: 1.2.6
+ REGULA_VERSION: 2.9.0
+ TFLINT_VERSION: 0.39.1
+
+ # Terraform configuration options
+ TERRAFORM_PARALLELISM: 10
+
+ # These variables are passed to Terraform based on GitHub information.
+ TF_VAR_repo: ${{ github.repository }}
+
+# This workflow is triggered in the following ways.
+on:
+
+ # Any push or merge to these branches.
+ push:
+ branches:
+ - dev
+ - prod
+
+ # Any pull request targeting these branches (plan only).
+ pull_request:
+ branches:
+ - dev
+ - prod
+
+
+ # Any manual trigger on these branches.
+ workflow_dispatch:
+ branches:
+ - dev
+ - prod
+
+# -------------------------------------------------------------------
+# The rest of this workflow can operate without adjustments. Edit the
+# below content at your own risk!
+# -------------------------------------------------------------------
+
+# Used to connect to AWS IAM
+permissions:
+ id-token: write
+ contents: read
+ pull-requests: write
+
+# Only run one workflow at a time for each Terraform state. This prevents
+# lockfile conflicts, especially during PR vs push.
+concurrency: terraform-${{ github.base_ref || github.ref }}
+
+jobs:
+ terraform:
+
+ name: 'Terraform'
+
+ # Change this if you need to run your deployment on-prem.
+ runs-on: ubuntu-latest
+
+ steps:
+
+ # Downloads the current repo code to the runner.
+ - name: Checkout Repo Code
+ uses: actions/checkout@v2
+
+ # Install Nix
+ - name: Install Nix
+ uses: cachix/install-nix-action@v17
+
+ # Build the image
+ - name: Build Image
+ run: nix build .#aws
+
+ # Login to AWS
+ - name: AWS Assume Role
+ uses: aws-actions/configure-aws-credentials@v1.6.1
+ with:
+ role-to-assume: ${{ env.AWS_ROLE_ARN }}
+ aws-region: ${{ env.AWS_REGION }}
+
+ # Exports all GitHub Secrets as environment variables prefixed by
+ # "TF_VAR_", which exposes them to Terraform. The name of each GitHub
+ # Secret must match its Terraform variable name exactly.
+ - name: Export Secrets to Terraform Variables
+ env:
+ ALL_SECRETS: ${{ toJson(secrets) }}
+ run: |
+ echo "$ALL_SECRETS" \
+ | jq "to_entries | .[] | \"TF_VAR_\" + ( .key | ascii_downcase ) + \"=\" + .value" \
+ | tr -d \" >> $GITHUB_ENV
+
+ # Installs the Terraform binary and some other accessory functions.
+ - name: Setup Terraform
+ uses: hashicorp/setup-terraform@v2
+ with:
+ terraform_version: ${{ env.TERRAFORM_VERSION }}
+
+ # Checks whether Terraform is formatted properly. If this fails, you
+ # should install the pre-commit hook.
+ - name: Check Formatting
+ run: |
+ terraform fmt -no-color -check -diff -recursive
+
+ # Downloads a Terraform code lint test.
+ - uses: terraform-linters/setup-tflint@v1
+ name: Setup TFLint
+ with:
+ tflint_version: v${{ env.TFLINT_VERSION }}
+
+ # Sets up linting with this codebase.
+ - name: Init TFLint
+ working-directory: ${{ env.TERRAFORM_DIRECTORY }}
+ run: tflint --init
+
+ # Lints the current code.
+ - name: Run TFLint
+ working-directory: ${{ env.TERRAFORM_DIRECTORY }}
+ run: |
+ tflint -f compact
+ find ./modules/* -type d -maxdepth 0 | xargs -I __ tflint -f compact --disable-rule=terraform_required_providers --disable-rule=terraform_required_version __
+
+ # Connects to remote state backend and download providers.
+ - name: Terraform Init
+ working-directory: ${{ env.TERRAFORM_DIRECTORY }}
+ run: |
+ terraform init \
+ -backend-config="role_arn=${{ env.AWS_STATE_ROLE_ARN }}" \
+ -backend-config="region=us-east-1" \
+ -backend-config="workspace_key_prefix=accounts/${{ env.AWS_ACCOUNT_NUMBER }}/${{ github.repository }}" \
+ -backend-config="key=state.tfstate" \
+ -backend-config="dynamodb_table=global-tf-state-lock"
+
+ # Set the Terraform Workspace to the current branch name.
+ - name: Set Terraform Workspace
+ working-directory: ${{ env.TERRAFORM_DIRECTORY }}
+ shell: bash
+ run: |
+ export WORKSPACE=${{ github.base_ref || github.ref_name }}
+ terraform workspace select ${WORKSPACE} || terraform workspace new $WORKSPACE
+ echo "TF_WORKSPACE=$(echo ${WORKSPACE} | sed 's/\//_/g')" >> $GITHUB_ENV
+
+ # Checks differences between current code and infrastructure state.
+ - name: Terraform Plan
+ id: plan
+ working-directory: ${{ env.TERRAFORM_DIRECTORY }}
+ run: |
+ terraform plan \
+ -input=false \
+ -no-color \
+ -out=tfplan \
+ -parallelism=${TERRAFORM_PARALLELISM} \
+ -var-file=variables-${TF_WORKSPACE}.tfvars
+
+ # Gets the results of the plan for pull requests.
+ - name: Terraform Show Plan
+ id: show
+ working-directory: ${{ env.TERRAFORM_DIRECTORY }}
+ run: terraform show -no-color tfplan
+
+ # Adds the results of the plan to the pull request.
+ - name: Comment Plan
+ uses: actions/github-script@v6
+ if: github.event_name == 'pull_request'
+ env:
+ STDOUT: "```terraform\n${{ steps.show.outputs.stdout }}```"
+ with:
+ github-token: ${{ secrets.GITHUB_TOKEN }}
+ script: |
+ // 1. Retrieve existing bot comments for the PR
+ const { data: comments } = await github.rest.issues.listComments({
+ owner: context.repo.owner,
+ repo: context.repo.repo,
+ issue_number: context.issue.number,
+ })
+ const botComment = comments.find(comment => {
+ return comment.user.type === 'Bot' && comment.body.includes('Terraform Format and Style')
+ })
+
+ // 2. Prepare format of the comment
+ const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\`
+ #### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\`
+ #### Terraform Validation 🤖\`${{ steps.validate.outcome }}\`
+ Validation Output
+
+ \`\`\`\n
+ ${{ steps.validate.outputs.stdout }}
+ \`\`\`
+
+
+
+ #### Terraform Plan 📖\`${{ steps.plan.outcome }}\`
+
+ Show Plan
+
+ \`\`\`\n
+ ${process.env.PLAN}
+ \`\`\`
+
+
+
+ *Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Working Directory: \`${{ env.tf_actions_working_dir }}\`, Workflow: \`${{ github.workflow }}\`*`;
+
+ // 3. If we have a comment, update it, otherwise create a new one
+ if (botComment) {
+ github.rest.issues.updateComment({
+ owner: context.repo.owner,
+ repo: context.repo.repo,
+ comment_id: botComment.id,
+ body: output
+ })
+ } else {
+ github.rest.issues.createComment({
+ issue_number: context.issue.number,
+ owner: context.repo.owner,
+ repo: context.repo.repo,
+ body: output
+ })
+ }
+
+ # Downloads Regula and checks whether the plan meets compliance requirements.
+ - name: Regula Compliance Check
+ shell: bash
+ working-directory: ${{ env.TERRAFORM_DIRECTORY }}
+ run: |
+ REGULA_URL="https://github.com/fugue/regula/releases/download/v${REGULA_VERSION}/regula_${REGULA_VERSION}_Linux_x86_64.tar.gz"
+ curl -sL "$REGULA_URL" -o regula.tar.gz
+ tar xzf regula.tar.gz
+ terraform show -json tfplan | ./regula run
+
+ # Deploys infrastructure or changes to infrastructure.
+ - name: Terraform Apply
+ if: github.event_name == 'push' || github.event_name == 'workflow_dispatch'
+ working-directory: ${{ env.TERRAFORM_DIRECTORY }}
+ run: |
+ terraform apply \
+ -auto-approve \
+ -input=false \
+ -parallelism=${TERRAFORM_PARALLELISM} \
+ tfplan
From 4e23d677e8e5d00e7be832aed0460b6363507e94 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Fri, 30 Sep 2022 10:11:55 -0400
Subject: [PATCH 005/391] auto-formatting changes
---
hosts/common.nix | 40 +++++++++++++++++++++-------------------
1 file changed, 21 insertions(+), 19 deletions(-)
diff --git a/hosts/common.nix b/hosts/common.nix
index e50cd98..2217f62 100644
--- a/hosts/common.nix
+++ b/hosts/common.nix
@@ -55,31 +55,33 @@
};
};
- config = let stateVersion = "22.11";
- in {
+ config =
+ let stateVersion = "22.11";
+ in
+ {
- # Enable features in Nix commands
- nix.extraOptions = "experimental-features = nix-command flakes";
+ # Enable features in Nix commands
+ nix.extraOptions = "experimental-features = nix-command flakes";
- # Basic common system packages for all devices
- environment.systemPackages = with pkgs; [ git vim wget curl ];
+ # Basic common system packages for all devices
+ environment.systemPackages = with pkgs; [ git vim wget curl ];
- # Use the system-level nixpkgs instead of Home Manager's
- home-manager.useGlobalPkgs = true;
+ # Use the system-level nixpkgs instead of Home Manager's
+ home-manager.useGlobalPkgs = true;
- # Install packages to /etc/profiles instead of ~/.nix-profile, useful when
- # using multiple profiles for one user
- home-manager.useUserPackages = true;
+ # Install packages to /etc/profiles instead of ~/.nix-profile, useful when
+ # using multiple profiles for one user
+ home-manager.useUserPackages = true;
- # Allow specified unfree packages (identified elsewhere)
- # Retrieves package object based on string name
- nixpkgs.config.allowUnfreePredicate = pkg:
- builtins.elem (lib.getName pkg) config.unfreePackages;
+ # Allow specified unfree packages (identified elsewhere)
+ # Retrieves package object based on string name
+ nixpkgs.config.allowUnfreePredicate = pkg:
+ builtins.elem (lib.getName pkg) config.unfreePackages;
- # Pin a state version to prevent warnings
- home-manager.users.${config.user}.home.stateVersion = stateVersion;
- home-manager.users.root.home.stateVersion = stateVersion;
+ # Pin a state version to prevent warnings
+ home-manager.users.${config.user}.home.stateVersion = stateVersion;
+ home-manager.users.root.home.stateVersion = stateVersion;
- };
+ };
}
From 657bec0929b0f01bd27a2f52b8e3ea48e452653d Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Fri, 30 Sep 2022 11:09:58 -0400
Subject: [PATCH 006/391] browse active directory on macos
---
modules/darwin/homebrew.nix | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/modules/darwin/homebrew.nix b/modules/darwin/homebrew.nix
index 3621f3e..b6ffb64 100644
--- a/modules/darwin/homebrew.nix
+++ b/modules/darwin/homebrew.nix
@@ -29,17 +29,19 @@
];
brews = [
"trash" # Delete files and folders to trash instead of rm
+ "openjdk" # Required by Apache Directory Studio
];
casks = [
- "firefox" # Firefox packaging on Nix is broken for MacOS
- "1password" # 1Password packaging on Nix is broken for MacOS
+ "firefox" # Firefox packaging on Nix is broken for macOS
+ "1password" # 1Password packaging on Nix is broken for macOS
"scroll-reverser" # Different scroll style for mouse vs. trackpad
"meetingbar" # Show meetings in menu bar
"gitify" # Git notifications in menu bar
"logitech-g-hub" # Mouse and keyboard management
"mimestream" # Gmail client
- "obsidian" # Obsidian packaging on Nix is not available for MacOS
+ "obsidian" # Obsidian packaging on Nix is not available for macOS
"steam" # Not packaged for Nix
+ "apache-directory-studio" # Packaging on Nix is not available for macOS
];
};
From d303924f02ef13db84869ac4faeee6f8f4fe09a3 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sat, 1 Oct 2022 16:21:34 +0000
Subject: [PATCH 007/391] try adding oracle server config
---
flake.nix | 2 ++
hosts/{server => oracle}/default.nix | 11 +++++++----
2 files changed, 9 insertions(+), 4 deletions(-)
rename hosts/{server => oracle}/default.nix (58%)
diff --git a/flake.nix b/flake.nix
index 7fd9403..ccd824a 100644
--- a/flake.nix
+++ b/flake.nix
@@ -68,6 +68,8 @@
inherit nixpkgs home-manager nur globals wallpapers;
};
wsl = import ./hosts/wsl { inherit nixpkgs wsl home-manager globals; };
+ oracle =
+ import ./hosts/oracle { inherit nixpkgs home-manager globals; };
};
darwinConfigurations = with inputs; {
diff --git a/hosts/server/default.nix b/hosts/oracle/default.nix
similarity index 58%
rename from hosts/server/default.nix
rename to hosts/oracle/default.nix
index fad1431..fd90dc3 100644
--- a/hosts/server/default.nix
+++ b/hosts/oracle/default.nix
@@ -1,20 +1,23 @@
{ nixpkgs, home-manager, globals, ... }:
-# System configuration for a generic server
+# System configuration for an Oracle free server
nixpkgs.lib.nixosSystem {
- system = "x86_64-linux";
+ system = "aarch64-linux";
specialArgs = { };
modules = [
- globals
+ (removeAttrs globals [ "mailServer" ])
home-manager.nixosModules.home-manager
{
- networking.hostName = "sheep";
+ networking.hostName = "oracle";
gui.enable = false;
colorscheme = (import ../../modules/colorscheme/gruvbox);
passwordHash =
"$6$PZYiMGmJIIHAepTM$Wx5EqTQ5GApzXx58nvi8azh16pdxrN6Qrv1wunDlzveOgawitWzcIxuj76X9V868fsPi/NOIEO8yVXqwzS9UF.";
+ publicKey =
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s";
}
../common.nix
../../modules/nixos
+ ../../modules/services/sshd.nix
];
}
From 3ec1ef4394eb3789d49d8fb510e209237310bf16 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sat, 1 Oct 2022 16:24:44 +0000
Subject: [PATCH 008/391] add server bootloader
---
hosts/oracle/default.nix | 1 +
modules/hardware/server.nix | 7 +++++++
2 files changed, 8 insertions(+)
create mode 100644 modules/hardware/server.nix
diff --git a/hosts/oracle/default.nix b/hosts/oracle/default.nix
index fd90dc3..47d0e50 100644
--- a/hosts/oracle/default.nix
+++ b/hosts/oracle/default.nix
@@ -18,6 +18,7 @@ nixpkgs.lib.nixosSystem {
}
../common.nix
../../modules/nixos
+ ../../modules/hardware/server.nix
../../modules/services/sshd.nix
];
}
diff --git a/modules/hardware/server.nix b/modules/hardware/server.nix
new file mode 100644
index 0000000..7647b8e
--- /dev/null
+++ b/modules/hardware/server.nix
@@ -0,0 +1,7 @@
+{ config, ... }: {
+
+ # Servers need a bootloader or they won't start
+ boot.loader.systemd-boot.enable = true;
+ boot.loader.efi.canTouchEfiVariables = true;
+
+}
From 381e06519b13daf56086e5c9727e31b33d2fa3a4 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sat, 1 Oct 2022 16:29:16 +0000
Subject: [PATCH 009/391] add oracle hardware config
---
hosts/oracle/default.nix | 1 +
hosts/oracle/hardware-configuration.nix | 34 +++++++++++++++++++++++++
2 files changed, 35 insertions(+)
create mode 100644 hosts/oracle/hardware-configuration.nix
diff --git a/hosts/oracle/default.nix b/hosts/oracle/default.nix
index 47d0e50..c9ab134 100644
--- a/hosts/oracle/default.nix
+++ b/hosts/oracle/default.nix
@@ -16,6 +16,7 @@ nixpkgs.lib.nixosSystem {
publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s";
}
+ ./hardware-configuration.nix
../common.nix
../../modules/nixos
../../modules/hardware/server.nix
diff --git a/hosts/oracle/hardware-configuration.nix b/hosts/oracle/hardware-configuration.nix
new file mode 100644
index 0000000..ef1e850
--- /dev/null
+++ b/hosts/oracle/hardware-configuration.nix
@@ -0,0 +1,34 @@
+# Do not modify this file! It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations. Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+ imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
+
+ boot.initrd.availableKernelModules = [ "xhci_pci" "virtio_pci" "usbhid" ];
+ boot.initrd.kernelModules = [ ];
+ boot.kernelModules = [ ];
+ boot.extraModulePackages = [ ];
+
+ fileSystems."/" = {
+ device = "/dev/disk/by-uuid/e1b6bd50-306d-429a-9f45-78f57bc597c3";
+ fsType = "ext4";
+ };
+
+ fileSystems."/boot" = {
+ device = "/dev/disk/by-uuid/D5CA-237A";
+ fsType = "vfat";
+ };
+
+ swapDevices = [ ];
+
+ # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+ # (the default) this is the recommended approach. When using systemd-networkd it's
+ # still possible to use this option, but it's recommended to use it in conjunction
+ # with explicit per-interface declarations with `networking.interfaces..useDHCP`.
+ networking.useDHCP = lib.mkDefault true;
+ # networking.interfaces.eth0.useDHCP = lib.mkDefault true;
+
+ nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
+}
From f20b4ee31aafa495f078ddabd9342a461c23c87e Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sat, 1 Oct 2022 18:24:06 +0000
Subject: [PATCH 010/391] add ssh host to starship
---
modules/shell/starship.nix | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/modules/shell/starship.nix b/modules/shell/starship.nix
index 3e9443c..7fcfea6 100644
--- a/modules/shell/starship.nix
+++ b/modules/shell/starship.nix
@@ -9,6 +9,7 @@
"$git_branch"
"$git_commit"
"$git_status"
+ "$hostname"
"$cmd_duration"
"$character"
];
@@ -47,6 +48,10 @@
deleted = "✘";
style = "red";
};
+ hostname = {
+ ssh_only = true;
+ format = "on [$hostname](bold red) ";
+ };
nix_shell = {
format = "[$symbol $name]($style)";
symbol = "❄️";
From cd53060f0237a770d2acb7f4185640c0caaa6a40 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sat, 1 Oct 2022 18:28:03 +0000
Subject: [PATCH 011/391] switch to ssh for dotfiles repo
---
flake.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/flake.nix b/flake.nix
index ccd824a..3b1fac4 100644
--- a/flake.nix
+++ b/flake.nix
@@ -51,7 +51,7 @@
gitName = fullName;
gitEmail = "7386960+nmasur@users.noreply.github.com";
mailServer = "noahmasur.com";
- dotfilesRepo = "https://github.com/nmasur/dotfiles";
+ dotfilesRepo = "git@github.com:nmasur/dotfiles";
};
# System types to support.
From 034ff33e70624d3af114e4c901a30e1f6521f124 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sat, 1 Oct 2022 18:28:32 +0000
Subject: [PATCH 012/391] add more description for mkpasswd salt
---
modules/nixos/user.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/modules/nixos/user.nix b/modules/nixos/user.nix
index 9d42048..dd5b2bd 100644
--- a/modules/nixos/user.nix
+++ b/modules/nixos/user.nix
@@ -5,6 +5,7 @@
passwordHash = lib.mkOption {
type = lib.types.str;
description = "Password created with mkpasswd -m sha-512";
+ # Test it by running: mkpasswd -m sha-512 --salt "PZYiMGmJIIHAepTM"
};
};
From db0645075f91c3d31cc952fbad871dc3e8cae812 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sat, 1 Oct 2022 21:39:36 +0000
Subject: [PATCH 013/391] setup calibre server
---
hosts/oracle/default.nix | 1 +
modules/services/calibre.nix | 41 ++++++++++++++++++++++++++++++++++++
2 files changed, 42 insertions(+)
create mode 100644 modules/services/calibre.nix
diff --git a/hosts/oracle/default.nix b/hosts/oracle/default.nix
index c9ab134..2d1ce42 100644
--- a/hosts/oracle/default.nix
+++ b/hosts/oracle/default.nix
@@ -21,5 +21,6 @@ nixpkgs.lib.nixosSystem {
../../modules/nixos
../../modules/hardware/server.nix
../../modules/services/sshd.nix
+ ../../modules/services/calibre.nix
];
}
diff --git a/modules/services/calibre.nix b/modules/services/calibre.nix
new file mode 100644
index 0000000..4d5dbf9
--- /dev/null
+++ b/modules/services/calibre.nix
@@ -0,0 +1,41 @@
+{ config, pkgs, lib, ... }:
+
+let
+
+ libraryPath = "${config.homePath}/media/books";
+
+in {
+
+ options = { };
+
+ config = {
+ services.calibre-server = {
+ enable = true;
+ libraries = [ libraryPath ];
+ };
+
+ services.calibre-web = {
+ enable = true;
+ openFirewall = true;
+ options = {
+ reverseProxyAuth.enable = false;
+ enableBookConversion = true;
+ };
+ };
+
+ home-manager.users.${config.user}.home.activation = {
+
+ # Always create library directory if it doesn't exist
+ calibreLibrary =
+ config.home-manager.users.${config.user}.lib.dag.entryAfter
+ [ "writeBoundary" ] ''
+ if [ ! -d "${libraryPath}" ]; then
+ $DRY_RUN_CMD mkdir --parents $VERBOSE_ARG ${libraryPath}
+ fi
+ '';
+
+ };
+
+ };
+
+}
From 015c393274fddb28f0500993f61f623f9834d515 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sat, 1 Oct 2022 21:42:33 +0000
Subject: [PATCH 014/391] docs: deprecated nixFlakes package
---
README.md | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/README.md b/README.md
index 9387107..cc3c7a5 100644
--- a/README.md
+++ b/README.md
@@ -25,7 +25,7 @@ installer disk:
```bash
lsblk # Choose the disk you want to wipe
-nix-shell -p nixFlakes
+nix-shell -p nixVersions.stable
nix run github:nmasur/dotfiles#installer -- nvme0n1 desktop
```
@@ -35,7 +35,7 @@ If you're already running NixOS, you can switch to this configuration with the
following command:
```bash
-nix-shell -p nixFlakes
+nix-shell -p nixVersions.stable
sudo nixos-rebuild switch --flake github:nmasur/dotfiles#desktop
```
@@ -46,7 +46,7 @@ WSL](https://xeiaso.net/blog/nix-flakes-4-wsl-2022-05-01), you can switch to
the WSL configuration:
```
-nix-shell -p nixFlakes
+nix-shell -p nixVersions.stable
sudo nixos-rebuild switch --flake github:nmasur/dotfiles#wsl
```
From 8a97d9b2da59d5e7dadc66014c8c2dba554f73a9 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sun, 2 Oct 2022 02:47:10 +0000
Subject: [PATCH 015/391] calibre needs to use path it can read
---
modules/services/calibre.nix | 15 +--------------
1 file changed, 1 insertion(+), 14 deletions(-)
diff --git a/modules/services/calibre.nix b/modules/services/calibre.nix
index 4d5dbf9..bf7009d 100644
--- a/modules/services/calibre.nix
+++ b/modules/services/calibre.nix
@@ -2,7 +2,7 @@
let
- libraryPath = "${config.homePath}/media/books";
+ libraryPath = "/var/lib/calibre-server";
in {
@@ -23,19 +23,6 @@ in {
};
};
- home-manager.users.${config.user}.home.activation = {
-
- # Always create library directory if it doesn't exist
- calibreLibrary =
- config.home-manager.users.${config.user}.lib.dag.entryAfter
- [ "writeBoundary" ] ''
- if [ ! -d "${libraryPath}" ]; then
- $DRY_RUN_CMD mkdir --parents $VERBOSE_ARG ${libraryPath}
- fi
- '';
-
- };
-
};
}
From 19de5834338cbb7f6b6dfad86a15f7834fbb23f4 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sun, 2 Oct 2022 14:48:51 +0000
Subject: [PATCH 016/391] setup caddy and calibre-web
---
hosts/oracle/default.nix | 4 +--
modules/nixos/user.nix | 2 +-
modules/services/calibre.nix | 52 +++++++++++++++++++++++++++++++-----
3 files changed, 49 insertions(+), 9 deletions(-)
diff --git a/hosts/oracle/default.nix b/hosts/oracle/default.nix
index 2d1ce42..b267dc2 100644
--- a/hosts/oracle/default.nix
+++ b/hosts/oracle/default.nix
@@ -9,10 +9,10 @@ nixpkgs.lib.nixosSystem {
home-manager.nixosModules.home-manager
{
networking.hostName = "oracle";
+ bookServer = "books.masu.rs";
gui.enable = false;
colorscheme = (import ../../modules/colorscheme/gruvbox);
- passwordHash =
- "$6$PZYiMGmJIIHAepTM$Wx5EqTQ5GApzXx58nvi8azh16pdxrN6Qrv1wunDlzveOgawitWzcIxuj76X9V868fsPi/NOIEO8yVXqwzS9UF.";
+ passwordHash = null;
publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s";
}
diff --git a/modules/nixos/user.nix b/modules/nixos/user.nix
index dd5b2bd..24d0ff8 100644
--- a/modules/nixos/user.nix
+++ b/modules/nixos/user.nix
@@ -3,7 +3,7 @@
options = {
passwordHash = lib.mkOption {
- type = lib.types.str;
+ type = lib.types.nullOr lib.types.str;
description = "Password created with mkpasswd -m sha-512";
# Test it by running: mkpasswd -m sha-512 --salt "PZYiMGmJIIHAepTM"
};
diff --git a/modules/services/calibre.nix b/modules/services/calibre.nix
index bf7009d..9ca3838 100644
--- a/modules/services/calibre.nix
+++ b/modules/services/calibre.nix
@@ -2,27 +2,67 @@
let
- libraryPath = "/var/lib/calibre-server";
+ # Must set group owner to calibre-web
+ libraryPath = "/var/books";
in {
- options = { };
+ options = {
+ bookServer = lib.mkOption {
+ type = lib.types.str;
+ description = "Hostname for Calibre library";
+ };
+ };
config = {
- services.calibre-server = {
- enable = true;
- libraries = [ libraryPath ];
- };
services.calibre-web = {
enable = true;
openFirewall = true;
options = {
+ calibreLibrary = libraryPath;
reverseProxyAuth.enable = false;
enableBookConversion = true;
};
};
+ services.caddy = {
+ enable = true;
+ adapter = "''"; # Required to enable JSON
+ configFile = pkgs.writeText "Caddyfile" (builtins.toJSON {
+ apps.http.servers = {
+ calibre = {
+ listen = [ ":443" ];
+ routes = [{
+ match = [{ host = [ config.bookServer ]; }];
+ handle = [{
+ handler = "reverse_proxy";
+ upstreams = [{ dial = "localhost:8083"; }];
+ headers.request.add."X-Script-Name" = [ "/calibre-web" ];
+ }];
+ }];
+ };
+ };
+ });
+
+ };
+
+ networking.firewall.interfaces.calibre = { allowedTCPPorts = [ 80 443 ]; };
+
+ # Create directory and set permissions
+ system.activationScripts.calibreLibrary.text = ''
+ if [ ! -d "${libraryPath}" ]; then
+ $DRY_RUN_CMD mkdir --parents $VERBOSE_ARG ${libraryPath}
+ fi
+ if [ ! "$(stat -c "%G" ${libraryPath})" = "calibre-web" ]; then
+ $DRY_RUN_CMD chown $VERBOSE_ARG -R calibre-web:calibre-web ${libraryPath}
+ fi
+ if [ ! "$(stat -c "%a" ${libraryPath})" = "775" ]; then
+ $DRY_RUN_CMD chmod $VERBOSE_ARG 0775 ${libraryPath}
+ $DRY_RUN_CMD chmod $VERBOSE_ARG -R 0640 ${libraryPath}/*
+ fi
+ '';
+
};
}
From 90bc2ecd49f0e3f7a77aaf9a46b9aac108a4488b Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sun, 2 Oct 2022 15:09:54 +0000
Subject: [PATCH 017/391] add iptables settings for oracle reboot
---
hosts/oracle/default.nix | 1 +
modules/services/oracle.nix | 9 +++++++++
2 files changed, 10 insertions(+)
create mode 100644 modules/services/oracle.nix
diff --git a/hosts/oracle/default.nix b/hosts/oracle/default.nix
index b267dc2..e8dd31f 100644
--- a/hosts/oracle/default.nix
+++ b/hosts/oracle/default.nix
@@ -20,6 +20,7 @@ nixpkgs.lib.nixosSystem {
../common.nix
../../modules/nixos
../../modules/hardware/server.nix
+ ../../modules/services/oracle.nix
../../modules/services/sshd.nix
../../modules/services/calibre.nix
];
diff --git a/modules/services/oracle.nix b/modules/services/oracle.nix
new file mode 100644
index 0000000..99cee98
--- /dev/null
+++ b/modules/services/oracle.nix
@@ -0,0 +1,9 @@
+{ pkgs, ... }: {
+
+ # Needs to be run at boot for Oracle firewall
+ systemd.services.openIpTables = {
+ script = "${pkgs.iptables}/bin/iptables -I INPUT -j ACCEPT";
+ wantedBy = [ "multi-user.target" ];
+ };
+
+}
From b4ba0706c0c94e2a9b3153b132fa3b230df5b823 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sun, 2 Oct 2022 15:24:25 +0000
Subject: [PATCH 018/391] move caddy config into separate file
---
modules/services/caddy.nix | 26 ++++++++++++++++++++++++++
modules/services/calibre.nix | 31 ++++++++++++-------------------
2 files changed, 38 insertions(+), 19 deletions(-)
create mode 100644 modules/services/caddy.nix
diff --git a/modules/services/caddy.nix b/modules/services/caddy.nix
new file mode 100644
index 0000000..d788fc1
--- /dev/null
+++ b/modules/services/caddy.nix
@@ -0,0 +1,26 @@
+{ config, pkgs, lib, ... }:
+
+let
+
+in {
+
+ options = {
+ caddyServers = lib.mkOption {
+ type = lib.types.attrs;
+ description = "Caddy JSON configs for http servers";
+ };
+ };
+
+ config = {
+
+ services.caddy = {
+ enable = true;
+ adapter = "''"; # Required to enable JSON
+ configFile = pkgs.writeText "Caddyfile"
+ (builtins.toJSON { apps.http.servers = config.caddyServers; });
+
+ };
+
+ };
+
+}
diff --git a/modules/services/calibre.nix b/modules/services/calibre.nix
index 9ca3838..83b4725 100644
--- a/modules/services/calibre.nix
+++ b/modules/services/calibre.nix
@@ -7,6 +7,8 @@ let
in {
+ imports = [ ./caddy.nix ];
+
options = {
bookServer = lib.mkOption {
type = lib.types.str;
@@ -26,25 +28,16 @@ in {
};
};
- services.caddy = {
- enable = true;
- adapter = "''"; # Required to enable JSON
- configFile = pkgs.writeText "Caddyfile" (builtins.toJSON {
- apps.http.servers = {
- calibre = {
- listen = [ ":443" ];
- routes = [{
- match = [{ host = [ config.bookServer ]; }];
- handle = [{
- handler = "reverse_proxy";
- upstreams = [{ dial = "localhost:8083"; }];
- headers.request.add."X-Script-Name" = [ "/calibre-web" ];
- }];
- }];
- };
- };
- });
-
+ caddyServers.calibre = {
+ listen = [ ":443" ];
+ routes = [{
+ match = [{ host = [ config.bookServer ]; }];
+ handle = [{
+ handler = "reverse_proxy";
+ upstreams = [{ dial = "localhost:8083"; }];
+ headers.request.add."X-Script-Name" = [ "/calibre-web" ];
+ }];
+ }];
};
networking.firewall.interfaces.calibre = { allowedTCPPorts = [ 80 443 ]; };
From f196f546b8de6bc9fc1982ba7e1156f24bad841e Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sun, 2 Oct 2022 17:40:10 +0000
Subject: [PATCH 019/391] add jellyfin, switch caddy to one listener
---
hosts/oracle/default.nix | 2 ++
modules/services/caddy.nix | 14 +++++++++-----
modules/services/calibre.nix | 17 +++++++----------
modules/services/jellyfin.nix | 23 +++++++++++++++++++++++
4 files changed, 41 insertions(+), 15 deletions(-)
create mode 100644 modules/services/jellyfin.nix
diff --git a/hosts/oracle/default.nix b/hosts/oracle/default.nix
index e8dd31f..62cf364 100644
--- a/hosts/oracle/default.nix
+++ b/hosts/oracle/default.nix
@@ -10,6 +10,7 @@ nixpkgs.lib.nixosSystem {
{
networking.hostName = "oracle";
bookServer = "books.masu.rs";
+ streamServer = "stream.masu.rs";
gui.enable = false;
colorscheme = (import ../../modules/colorscheme/gruvbox);
passwordHash = null;
@@ -23,5 +24,6 @@ nixpkgs.lib.nixosSystem {
../../modules/services/oracle.nix
../../modules/services/sshd.nix
../../modules/services/calibre.nix
+ ../../modules/services/jellyfin.nix
];
}
diff --git a/modules/services/caddy.nix b/modules/services/caddy.nix
index d788fc1..eec26cc 100644
--- a/modules/services/caddy.nix
+++ b/modules/services/caddy.nix
@@ -5,9 +5,9 @@ let
in {
options = {
- caddyServers = lib.mkOption {
- type = lib.types.attrs;
- description = "Caddy JSON configs for http servers";
+ caddyRoutes = lib.mkOption {
+ type = lib.types.listOf lib.types.attrs;
+ description = "Caddy JSON routes for http servers";
};
};
@@ -16,8 +16,12 @@ in {
services.caddy = {
enable = true;
adapter = "''"; # Required to enable JSON
- configFile = pkgs.writeText "Caddyfile"
- (builtins.toJSON { apps.http.servers = config.caddyServers; });
+ configFile = pkgs.writeText "Caddyfile" (builtins.toJSON {
+ apps.http.servers.main = {
+ listen = [ ":443" ];
+ routes = config.caddyRoutes;
+ };
+ });
};
diff --git a/modules/services/calibre.nix b/modules/services/calibre.nix
index 83b4725..38b794c 100644
--- a/modules/services/calibre.nix
+++ b/modules/services/calibre.nix
@@ -28,17 +28,14 @@ in {
};
};
- caddyServers.calibre = {
- listen = [ ":443" ];
- routes = [{
- match = [{ host = [ config.bookServer ]; }];
- handle = [{
- handler = "reverse_proxy";
- upstreams = [{ dial = "localhost:8083"; }];
- headers.request.add."X-Script-Name" = [ "/calibre-web" ];
- }];
+ caddyRoutes = [{
+ match = [{ host = [ config.bookServer ]; }];
+ handle = [{
+ handler = "reverse_proxy";
+ upstreams = [{ dial = "localhost:8083"; }];
+ headers.request.add."X-Script-Name" = [ "/calibre-web" ];
}];
- };
+ }];
networking.firewall.interfaces.calibre = { allowedTCPPorts = [ 80 443 ]; };
diff --git a/modules/services/jellyfin.nix b/modules/services/jellyfin.nix
new file mode 100644
index 0000000..c866cc0
--- /dev/null
+++ b/modules/services/jellyfin.nix
@@ -0,0 +1,23 @@
+{ config, lib, ... }: {
+
+ options = {
+ streamServer = lib.mkOption {
+ type = lib.types.str;
+ description = "Hostname for Jellyfin library";
+ };
+ };
+
+ config = {
+
+ services.jellyfin.enable = true;
+
+ caddyRoutes = [{
+ match = [{ host = [ config.streamServer ]; }];
+ handle = [{
+ handler = "reverse_proxy";
+ upstreams = [{ dial = "localhost:8096"; }];
+ }];
+ }];
+ };
+
+}
From 2434376963845ac00e8836ab2d875068133fcd5f Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sun, 2 Oct 2022 20:54:26 +0000
Subject: [PATCH 020/391] working nextcloud configuration
---
apps/loadkey.nix | 9 +++
flake.nix | 3 +
hosts/oracle/default.nix | 7 +++
modules/services/nextcloud.nix | 98 +++++++++++++++++++++++++++++++++
private/nextcloud-s3.age | 6 ++
private/nextcloud.age | Bin 0 -> 246 bytes
6 files changed, 123 insertions(+)
create mode 100644 apps/loadkey.nix
create mode 100644 modules/services/nextcloud.nix
create mode 100644 private/nextcloud-s3.age
create mode 100644 private/nextcloud.age
diff --git a/apps/loadkey.nix b/apps/loadkey.nix
new file mode 100644
index 0000000..c02de30
--- /dev/null
+++ b/apps/loadkey.nix
@@ -0,0 +1,9 @@
+{ globals, pkgs, ... }: {
+
+ type = "app";
+
+ program = builtins.toString (pkgs.writeShellScript "loadkey" ''
+ ${pkgs.melt}/bin/melt restore ~/.ssh/id_ed25519
+ '');
+
+}
diff --git a/flake.nix b/flake.nix
index 3b1fac4..d1aff1c 100644
--- a/flake.nix
+++ b/flake.nix
@@ -89,6 +89,9 @@
# Display the readme for this repository
readme = import ./apps/readme.nix { inherit pkgs; };
+ # Load the SSH key for this machine
+ loadkey = import ./apps/loadkey.nix { inherit pkgs; };
+
});
devShells = forAllSystems (system:
diff --git a/hosts/oracle/default.nix b/hosts/oracle/default.nix
index 62cf364..0af38e9 100644
--- a/hosts/oracle/default.nix
+++ b/hosts/oracle/default.nix
@@ -11,11 +11,17 @@ nixpkgs.lib.nixosSystem {
networking.hostName = "oracle";
bookServer = "books.masu.rs";
streamServer = "stream.masu.rs";
+ nextcloudServer = "cloud.masu.rs";
gui.enable = false;
colorscheme = (import ../../modules/colorscheme/gruvbox);
passwordHash = null;
publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s";
+ nextcloudS3 = {
+ bucket = "noahmasur-nextcloud";
+ hostname = "s3.us-west-002.backblazeb2.com";
+ key = "0026b0e73b2e2c80000000003";
+ };
}
./hardware-configuration.nix
../common.nix
@@ -25,5 +31,6 @@ nixpkgs.lib.nixosSystem {
../../modules/services/sshd.nix
../../modules/services/calibre.nix
../../modules/services/jellyfin.nix
+ ../../modules/services/nextcloud.nix
];
}
diff --git a/modules/services/nextcloud.nix b/modules/services/nextcloud.nix
new file mode 100644
index 0000000..415a8c7
--- /dev/null
+++ b/modules/services/nextcloud.nix
@@ -0,0 +1,98 @@
+{ config, pkgs, lib, ... }:
+
+let
+ adminpassFile = "/var/lib/nextcloud/creds";
+ s3SecretFile = "/var/lib/nextcloud/creds-s3";
+
+in {
+
+ options = {
+
+ nextcloudServer = lib.mkOption {
+ type = lib.types.str;
+ description = "Hostname for Nextcloud";
+ };
+
+ nextcloudS3 = {
+ bucket = lib.mkOption {
+ type = lib.types.str;
+ description = "S3 bucket name for Nextcloud storage";
+ };
+ hostname = lib.mkOption {
+ type = lib.types.str;
+ description = "S3 endpoint for Nextcloud storage";
+ };
+ key = lib.mkOption {
+ type = lib.types.str;
+ description = "S3 access key for Nextcloud storage";
+ };
+ };
+ };
+
+ config = {
+
+ services.nextcloud = {
+ enable = true;
+ package = pkgs.nextcloud24; # Required to specify
+ https = true;
+ hostName = "localhost";
+ config = {
+ adminpassFile = adminpassFile;
+ extraTrustedDomains = [ config.nextcloudServer ];
+ objectstore.s3 = {
+ enable = true;
+ bucket = config.nextcloudS3.bucket;
+ hostname = config.nextcloudS3.hostname;
+ key = config.nextcloudS3.key;
+ autocreate = false;
+ secretFile = s3SecretFile;
+ };
+ };
+ };
+
+ # Don't let Nginx use main ports (using Caddy instead)
+ services.nginx.virtualHosts."localhost".listen = [{
+ addr = "127.0.0.1";
+ port = 8080;
+ }];
+
+ caddyRoutes = [{
+ match = [{ host = [ config.nextcloudServer ]; }];
+ handle = [{
+ handler = "reverse_proxy";
+ upstreams = [{ dial = "localhost:8080"; }];
+ }];
+ }];
+
+ # Create credentials files
+ system.activationScripts.nextcloud.text =
+ let identityFile = "${config.homePath}/.ssh/id_ed25519";
+ in ''
+ if [ ! -f "${identityFile}" ]; then
+ $DRY_RUN_CMD echo -e \nEnter the seed phrase for your SSH key...\n
+ $DRY_RUN_CMD echo -e \nThen press ^D when complete.\n\n
+ $DRY_RUN_CMD ${pkgs.melt}/bin/melt restore ${identityFile}
+ $DRY_RUN_CMD chown ${config.user}:wheel ${identityFile}*
+ $DRY_RUN_CMD echo -e \n\nContinuing activation.\n\n
+ fi
+ if [ ! -f "${adminpassFile}" ]; then
+ $DRY_RUN_CMD mkdir --parents $VERBOSE_ARG $(dirname ${adminpassFile})
+ $DRY_RUN_CMD ${pkgs.age}/bin/age --decrypt \
+ --identity ${identityFile} \
+ --output ${adminpassFile} \
+ ${builtins.toString ../../private/nextcloud.age}
+ $DRY_RUN_CMD chown nextcloud:nextcloud ${adminpassFile}
+ fi
+ if [ ! -f "${s3SecretFile}" ]; then
+ $DRY_RUN_CMD mkdir --parents $VERBOSE_ARG $(dirname ${s3SecretFile})
+ $DRY_RUN_CMD ${pkgs.age}/bin/age --decrypt \
+ --identity ${identityFile} \
+ --output ${s3SecretFile} \
+ ${builtins.toString ../../private/nextcloud-s3.age}
+ $DRY_RUN_CMD chown nextcloud:nextcloud ${s3SecretFile}
+ fi
+ '';
+
+ };
+
+}
diff --git a/private/nextcloud-s3.age b/private/nextcloud-s3.age
new file mode 100644
index 0000000..14aad0a
--- /dev/null
+++ b/private/nextcloud-s3.age
@@ -0,0 +1,6 @@
+age-encryption.org/v1
+-> ssh-ed25519 MgHaOw 6598vLOAPdLywyCHQtneJRWWVQhjP2ydv40ULRGLrFE
+KB4O8c3bcpKkyQbjsg8Hu3m3MP5HQ90YVXy8xXHOTqk
+--- mLQsxjZKwwM0jvf79WrLh1IW6mzsfuOHDYJQhjBe2Rg
+ɅXLܪrױEGUP
+ΖTHN$Z+L4
\ No newline at end of file
diff --git a/private/nextcloud.age b/private/nextcloud.age
new file mode 100644
index 0000000000000000000000000000000000000000..77526b6596398552bc8d57e1c7b76f2b79683152
GIT binary patch
literal 246
zcmV_K|*h1Ge}u^GjBOeN=i{SQ)XsoI8Rr4R99_LWqK=GFii?FMNczqOJ!kG
zT2(nQc~fd)bY^KwD?v7QVNyXsPi#U?LQYv@No6x-MNJAVEiE8tN^fCrQaEsHPjyo<
zVp>aVNJcU?S#f%1OKNmyK|ym~%Qc(&e#L$H*Wq|4w@}KwsI6eqsKL%(O
w9)AbuS8smQol&)kjaymIZ%)-gKBGgdSdg$w#39g+>lk2Ly9xs!ow8X7n=av2v;Y7A
literal 0
HcmV?d00001
From 92223a49cdbc57a3038aa0cea393f9931b9d36b8 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Mon, 3 Oct 2022 04:05:07 +0000
Subject: [PATCH 021/391] separate age ssh key setup from nextcloud
---
modules/mail/himalaya.nix | 9 +++++----
modules/services/nextcloud.nix | 20 ++++++++------------
modules/shell/age.nix | 24 ++++++++++++++++++++++--
3 files changed, 35 insertions(+), 18 deletions(-)
diff --git a/modules/mail/himalaya.nix b/modules/mail/himalaya.nix
index 4e8963a..9fe91e0 100644
--- a/modules/mail/himalaya.nix
+++ b/modules/mail/himalaya.nix
@@ -72,10 +72,11 @@
};
mu.enable = false;
notmuch.enable = false;
- passwordCommand =
- "${pkgs.age}/bin/age --decrypt --identity ${config.homePath}/.ssh/id_ed25519 ${
- builtins.toString ./mailpass.age
- }";
+ passwordCommand = ''
+ ${pkgs.age}/bin/age --decrypt \
+ --identity ${config.identityFile} \
+ ${builtins.toString ./mailpass.age}
+ '';
smtp = {
host = "smtp.purelymail.com";
port = 465;
diff --git a/modules/services/nextcloud.nix b/modules/services/nextcloud.nix
index 415a8c7..39db55d 100644
--- a/modules/services/nextcloud.nix
+++ b/modules/services/nextcloud.nix
@@ -6,6 +6,8 @@ let
in {
+ imports = [ ../shell/age.nix ];
+
options = {
nextcloudServer = lib.mkOption {
@@ -65,20 +67,13 @@ in {
}];
# Create credentials files
- system.activationScripts.nextcloud.text =
- let identityFile = "${config.homePath}/.ssh/id_ed25519";
- in ''
- if [ ! -f "${identityFile}" ]; then
- $DRY_RUN_CMD echo -e \nEnter the seed phrase for your SSH key...\n
- $DRY_RUN_CMD echo -e \nThen press ^D when complete.\n\n
- $DRY_RUN_CMD ${pkgs.melt}/bin/melt restore ${identityFile}
- $DRY_RUN_CMD chown ${config.user}:wheel ${identityFile}*
- $DRY_RUN_CMD echo -e \n\nContinuing activation.\n\n
- fi
+ system.activationScripts.nextcloud = {
+ deps = [ "age" ];
+ text = ''
if [ ! -f "${adminpassFile}" ]; then
$DRY_RUN_CMD mkdir --parents $VERBOSE_ARG $(dirname ${adminpassFile})
$DRY_RUN_CMD ${pkgs.age}/bin/age --decrypt \
- --identity ${identityFile} \
+ --identity ${config.identityFile} \
--output ${adminpassFile} \
${builtins.toString ../../private/nextcloud.age}
$DRY_RUN_CMD chown nextcloud:nextcloud ${adminpassFile}
@@ -86,12 +81,13 @@ in {
if [ ! -f "${s3SecretFile}" ]; then
$DRY_RUN_CMD mkdir --parents $VERBOSE_ARG $(dirname ${s3SecretFile})
$DRY_RUN_CMD ${pkgs.age}/bin/age --decrypt \
- --identity ${identityFile} \
+ --identity ${config.identityFile} \
--output ${s3SecretFile} \
${builtins.toString ../../private/nextcloud-s3.age}
$DRY_RUN_CMD chown nextcloud:nextcloud ${s3SecretFile}
fi
'';
+ };
};
diff --git a/modules/shell/age.nix b/modules/shell/age.nix
index 338be8e..87cf6df 100644
--- a/modules/shell/age.nix
+++ b/modules/shell/age.nix
@@ -1,5 +1,25 @@
-{ config, pkgs, ... }: {
+{ config, pkgs, lib, ... }: {
- home-manager.users.${config.user}.home.packages = with pkgs; [ age ];
+ options = {
+ identityFile = lib.mkOption {
+ type = lib.types.str;
+ description = "Path to SSH key for age";
+ default = "${config.homePath}/.ssh/id_ed25519";
+ };
+ };
+
+ config = {
+ home-manager.users.${config.user}.home.packages = with pkgs; [ age ];
+
+ system.activationScripts.age.text = ''
+ if [ ! -f "${config.identityFile}" ]; then
+ $DRY_RUN_CMD echo -e \nEnter the seed phrase for your SSH key...\n
+ $DRY_RUN_CMD echo -e \nThen press ^D when complete.\n\n
+ $DRY_RUN_CMD ${pkgs.melt}/bin/melt restore ${config.identityFile}
+ $DRY_RUN_CMD chown ${config.user}:wheel ${config.identityFile}*
+ $DRY_RUN_CMD echo -e \n\nContinuing activation.\n\n
+ fi
+ '';
+ };
}
From a0089e28aedc1ed206956b3dbcd65e8ef23c56cf Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Mon, 3 Oct 2022 12:12:50 +0000
Subject: [PATCH 022/391] move mailpass to private section
---
modules/mail/himalaya.nix | 2 +-
{modules/mail => private}/mailpass.age | 0
2 files changed, 1 insertion(+), 1 deletion(-)
rename {modules/mail => private}/mailpass.age (100%)
diff --git a/modules/mail/himalaya.nix b/modules/mail/himalaya.nix
index 9fe91e0..8e528db 100644
--- a/modules/mail/himalaya.nix
+++ b/modules/mail/himalaya.nix
@@ -75,7 +75,7 @@
passwordCommand = ''
${pkgs.age}/bin/age --decrypt \
--identity ${config.identityFile} \
- ${builtins.toString ./mailpass.age}
+ ${builtins.toString ../../private/mailpass.age}
'';
smtp = {
host = "smtp.purelymail.com";
diff --git a/modules/mail/mailpass.age b/private/mailpass.age
similarity index 100%
rename from modules/mail/mailpass.age
rename to private/mailpass.age
From 31f3cfe77c11e2191ed97e28ce9377186173aeee Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Mon, 3 Oct 2022 12:19:29 +0000
Subject: [PATCH 023/391] fix firewall issues with oracle
---
apps/loadkey.nix | 2 +-
hosts/oracle/default.nix | 1 -
modules/services/caddy.nix | 3 +++
modules/services/calibre.nix | 2 --
modules/services/oracle.nix | 9 ---------
5 files changed, 4 insertions(+), 13 deletions(-)
delete mode 100644 modules/services/oracle.nix
diff --git a/apps/loadkey.nix b/apps/loadkey.nix
index c02de30..0b2fad1 100644
--- a/apps/loadkey.nix
+++ b/apps/loadkey.nix
@@ -1,4 +1,4 @@
-{ globals, pkgs, ... }: {
+{ pkgs, ... }: {
type = "app";
diff --git a/hosts/oracle/default.nix b/hosts/oracle/default.nix
index 0af38e9..7e0d90b 100644
--- a/hosts/oracle/default.nix
+++ b/hosts/oracle/default.nix
@@ -27,7 +27,6 @@ nixpkgs.lib.nixosSystem {
../common.nix
../../modules/nixos
../../modules/hardware/server.nix
- ../../modules/services/oracle.nix
../../modules/services/sshd.nix
../../modules/services/calibre.nix
../../modules/services/jellyfin.nix
diff --git a/modules/services/caddy.nix b/modules/services/caddy.nix
index eec26cc..d737f34 100644
--- a/modules/services/caddy.nix
+++ b/modules/services/caddy.nix
@@ -25,6 +25,9 @@ in {
};
+ networking.firewall.allowedTCPPorts = [ 80 443 ];
+ networking.firewall.allowedUDPPorts = [ 443 ];
+
};
}
diff --git a/modules/services/calibre.nix b/modules/services/calibre.nix
index 38b794c..b21c3de 100644
--- a/modules/services/calibre.nix
+++ b/modules/services/calibre.nix
@@ -37,8 +37,6 @@ in {
}];
}];
- networking.firewall.interfaces.calibre = { allowedTCPPorts = [ 80 443 ]; };
-
# Create directory and set permissions
system.activationScripts.calibreLibrary.text = ''
if [ ! -d "${libraryPath}" ]; then
diff --git a/modules/services/oracle.nix b/modules/services/oracle.nix
deleted file mode 100644
index 99cee98..0000000
--- a/modules/services/oracle.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ pkgs, ... }: {
-
- # Needs to be run at boot for Oracle firewall
- systemd.services.openIpTables = {
- script = "${pkgs.iptables}/bin/iptables -I INPUT -j ACCEPT";
- wantedBy = [ "multi-user.target" ];
- };
-
-}
From f38f782b632b55da8b7ea8b19a9f2272c35a3340 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Mon, 3 Oct 2022 12:32:09 +0000
Subject: [PATCH 024/391] add helper statements for loadkeys app
---
apps/loadkey.nix | 3 +++
1 file changed, 3 insertions(+)
diff --git a/apps/loadkey.nix b/apps/loadkey.nix
index 0b2fad1..a1e03ba 100644
--- a/apps/loadkey.nix
+++ b/apps/loadkey.nix
@@ -3,7 +3,10 @@
type = "app";
program = builtins.toString (pkgs.writeShellScript "loadkey" ''
+ printf "\nEnter the seed phrase for your SSH key...\n"
+ printf "\nThen press ^D when complete.\n\n"
${pkgs.melt}/bin/melt restore ~/.ssh/id_ed25519
+ printf "\n\nContinuing activation.\n\n"
'');
}
From 84ecbf99742b471db484214840b575c8f3d4d419 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Tue, 4 Oct 2022 00:45:05 +0000
Subject: [PATCH 025/391] grant nextcloud access to jellyfin
---
hosts/oracle/default.nix | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)
diff --git a/hosts/oracle/default.nix b/hosts/oracle/default.nix
index 7e0d90b..43cd48e 100644
--- a/hosts/oracle/default.nix
+++ b/hosts/oracle/default.nix
@@ -1,6 +1,10 @@
{ nixpkgs, home-manager, globals, ... }:
# System configuration for an Oracle free server
+
+# How to install:
+# https://blog.korfuri.fr/posts/2022/08/nixos-on-an-oracle-free-tier-ampere-machine/
+
nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
specialArgs = { };
@@ -8,20 +12,29 @@ nixpkgs.lib.nixosSystem {
(removeAttrs globals [ "mailServer" ])
home-manager.nixosModules.home-manager
{
+ gui.enable = false;
+ colorscheme = (import ../../modules/colorscheme/gruvbox);
+
+ # FQDNs for various services
networking.hostName = "oracle";
bookServer = "books.masu.rs";
streamServer = "stream.masu.rs";
nextcloudServer = "cloud.masu.rs";
- gui.enable = false;
- colorscheme = (import ../../modules/colorscheme/gruvbox);
+
+ # Disable passwords, only use SSH key
passwordHash = null;
publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s";
+
+ # Store Nextcloud data in cloud object storage
nextcloudS3 = {
bucket = "noahmasur-nextcloud";
hostname = "s3.us-west-002.backblazeb2.com";
key = "0026b0e73b2e2c80000000003";
};
+
+ # Grant access to Jellyfin directories from nextcloud
+ users.users.nextcloud.extraGroups = [ "jellyfin" ];
}
./hardware-configuration.nix
../common.nix
From c2b570b2afe09c39d513331fa566f04085f75267 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Tue, 4 Oct 2022 03:06:55 +0000
Subject: [PATCH 026/391] don't use s3 as primary nextcloud storage
---
hosts/oracle/default.nix | 7 -------
modules/services/nextcloud.nix | 36 ++--------------------------------
private/nextcloud-s3.age | 6 ------
3 files changed, 2 insertions(+), 47 deletions(-)
delete mode 100644 private/nextcloud-s3.age
diff --git a/hosts/oracle/default.nix b/hosts/oracle/default.nix
index 43cd48e..8da7180 100644
--- a/hosts/oracle/default.nix
+++ b/hosts/oracle/default.nix
@@ -26,13 +26,6 @@ nixpkgs.lib.nixosSystem {
publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s";
- # Store Nextcloud data in cloud object storage
- nextcloudS3 = {
- bucket = "noahmasur-nextcloud";
- hostname = "s3.us-west-002.backblazeb2.com";
- key = "0026b0e73b2e2c80000000003";
- };
-
# Grant access to Jellyfin directories from nextcloud
users.users.nextcloud.extraGroups = [ "jellyfin" ];
}
diff --git a/modules/services/nextcloud.nix b/modules/services/nextcloud.nix
index 39db55d..5fad953 100644
--- a/modules/services/nextcloud.nix
+++ b/modules/services/nextcloud.nix
@@ -1,12 +1,10 @@
{ config, pkgs, lib, ... }:
-let
- adminpassFile = "/var/lib/nextcloud/creds";
- s3SecretFile = "/var/lib/nextcloud/creds-s3";
+let adminpassFile = "/var/lib/nextcloud/creds";
in {
- imports = [ ../shell/age.nix ];
+ imports = [ ./caddy.nix ../shell/age.nix ];
options = {
@@ -15,20 +13,6 @@ in {
description = "Hostname for Nextcloud";
};
- nextcloudS3 = {
- bucket = lib.mkOption {
- type = lib.types.str;
- description = "S3 bucket name for Nextcloud storage";
- };
- hostname = lib.mkOption {
- type = lib.types.str;
- description = "S3 endpoint for Nextcloud storage";
- };
- key = lib.mkOption {
- type = lib.types.str;
- description = "S3 access key for Nextcloud storage";
- };
- };
};
config = {
@@ -41,14 +25,6 @@ in {
config = {
adminpassFile = adminpassFile;
extraTrustedDomains = [ config.nextcloudServer ];
- objectstore.s3 = {
- enable = true;
- bucket = config.nextcloudS3.bucket;
- hostname = config.nextcloudS3.hostname;
- key = config.nextcloudS3.key;
- autocreate = false;
- secretFile = s3SecretFile;
- };
};
};
@@ -78,14 +54,6 @@ in {
${builtins.toString ../../private/nextcloud.age}
$DRY_RUN_CMD chown nextcloud:nextcloud ${adminpassFile}
fi
- if [ ! -f "${s3SecretFile}" ]; then
- $DRY_RUN_CMD mkdir --parents $VERBOSE_ARG $(dirname ${s3SecretFile})
- $DRY_RUN_CMD ${pkgs.age}/bin/age --decrypt \
- --identity ${config.identityFile} \
- --output ${s3SecretFile} \
- ${builtins.toString ../../private/nextcloud-s3.age}
- $DRY_RUN_CMD chown nextcloud:nextcloud ${s3SecretFile}
- fi
'';
};
diff --git a/private/nextcloud-s3.age b/private/nextcloud-s3.age
deleted file mode 100644
index 14aad0a..0000000
--- a/private/nextcloud-s3.age
+++ /dev/null
@@ -1,6 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 MgHaOw 6598vLOAPdLywyCHQtneJRWWVQhjP2ydv40ULRGLrFE
-KB4O8c3bcpKkyQbjsg8Hu3m3MP5HQ90YVXy8xXHOTqk
---- mLQsxjZKwwM0jvf79WrLh1IW6mzsfuOHDYJQhjBe2Rg
-ɅXLܪrױEGUP
-ΖTHN$Z+L4
\ No newline at end of file
From a7117fe4e976f4b466ad53fea311bfc31359df4f Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Tue, 4 Oct 2022 12:29:29 +0000
Subject: [PATCH 027/391] fix: max upload size for nextcloud
---
modules/services/nextcloud.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/modules/services/nextcloud.nix b/modules/services/nextcloud.nix
index 5fad953..3f14acc 100644
--- a/modules/services/nextcloud.nix
+++ b/modules/services/nextcloud.nix
@@ -22,6 +22,7 @@ in {
package = pkgs.nextcloud24; # Required to specify
https = true;
hostName = "localhost";
+ maxUploadSize = "50G";
config = {
adminpassFile = adminpassFile;
extraTrustedDomains = [ config.nextcloudServer ];
From da01f3be9b14866c331cade6da1d7b74393c2f52 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Tue, 4 Oct 2022 22:43:04 +0000
Subject: [PATCH 028/391] add cloudflare IPs as nextcloud trusted proxies
---
modules/services/nextcloud.nix | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+)
diff --git a/modules/services/nextcloud.nix b/modules/services/nextcloud.nix
index 3f14acc..296b352 100644
--- a/modules/services/nextcloud.nix
+++ b/modules/services/nextcloud.nix
@@ -26,6 +26,35 @@ in {
config = {
adminpassFile = adminpassFile;
extraTrustedDomains = [ config.nextcloudServer ];
+ trustedProxies = [
+
+ # Cloudflare IPv4: https://www.cloudflare.com/ips-v4
+ "173.245.48.0/20"
+ "103.21.244.0/22"
+ "103.22.200.0/22"
+ "103.31.4.0/22"
+ "141.101.64.0/18"
+ "108.162.192.0/18"
+ "190.93.240.0/20"
+ "188.114.96.0/20"
+ "197.234.240.0/22"
+ "198.41.128.0/17"
+ "162.158.0.0/15"
+ "104.16.0.0/13"
+ "104.24.0.0/14"
+ "172.64.0.0/13"
+ "131.0.72.0/22"
+
+ # Cloudflare IPv6: https://www.cloudflare.com/ips-v6
+ "2400:cb00::/32"
+ "2606:4700::/32"
+ "2803:f800::/32"
+ "2405:b500::/32"
+ "2405:8100::/32"
+ "2a06:98c0::/29"
+ "2c0f:f248::/32"
+
+ ];
};
};
From a9ae0c8858495b836c6871ed380b79559dfefacc Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Tue, 4 Oct 2022 22:59:28 +0000
Subject: [PATCH 029/391] add activationscript for jellyfin directory
---
modules/services/jellyfin.nix | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/modules/services/jellyfin.nix b/modules/services/jellyfin.nix
index c866cc0..33828d9 100644
--- a/modules/services/jellyfin.nix
+++ b/modules/services/jellyfin.nix
@@ -18,6 +18,18 @@
upstreams = [{ dial = "localhost:8096"; }];
}];
}];
+
+ # Create videos directory, allow anyone in Jellyfin group to manage it
+ system.activationScripts.jellyfin = let videosDirectory = "/var/videos";
+ in {
+ text = ''
+ if [ ! -d "${videosDirectory}" ]; then
+ $DRY_RUN_CMD mkdir --parents $VERBOSE_ARG ${videosDirectory}
+ $DRY_RUN_CMD chmod 775 $VERBOSE_ARG ${videosDirectory}
+ fi
+ '';
+ };
+
};
}
From 0637cc693b778d4c439b6d267939b04b3d6673d8 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Wed, 5 Oct 2022 03:59:13 +0000
Subject: [PATCH 030/391] fix: patch calibre-web cloudflare login issues
---
modules/services/calibre-web-cloudflare.patch | 25 +++++++++++++++++++
modules/services/calibre.nix | 10 ++++++++
2 files changed, 35 insertions(+)
create mode 100644 modules/services/calibre-web-cloudflare.patch
diff --git a/modules/services/calibre-web-cloudflare.patch b/modules/services/calibre-web-cloudflare.patch
new file mode 100644
index 0000000..1e1363d
--- /dev/null
+++ b/modules/services/calibre-web-cloudflare.patch
@@ -0,0 +1,25 @@
+diff --git a/cps/__init__.py b/cps/__init__.py
+index 0b912d23..ad5d1fa9 100644
+--- a/cps/__init__.py
++++ b/cps/__init__.py
+@@ -83,7 +83,6 @@ app.config.update(
+ lm = MyLoginManager()
+ lm.login_view = 'web.login'
+ lm.anonymous_user = ub.Anonymous
+-lm.session_protection = 'strong'
+
+ if wtf_present:
+ csrf = CSRFProtect()
+diff --git a/cps/admin.py b/cps/admin.py
+index 1004ee78..e295066e 100644
+--- a/cps/admin.py
++++ b/cps/admin.py
+@@ -98,8 +98,6 @@ def before_request():
+ # make remember me function work
+ if current_user.is_authenticated:
+ confirm_login()
+- if not ub.check_user_session(current_user.id, flask_session.get('_id')) and 'opds' not in request.path:
+- logout_user()
+ g.constants = constants
+ g.user = current_user
+ g.allow_registration = config.config_public_reg
diff --git a/modules/services/calibre.nix b/modules/services/calibre.nix
index b21c3de..8a72a24 100644
--- a/modules/services/calibre.nix
+++ b/modules/services/calibre.nix
@@ -25,9 +25,19 @@ in {
calibreLibrary = libraryPath;
reverseProxyAuth.enable = false;
enableBookConversion = true;
+ enableBookUploading = true;
};
};
+ # Fix: https://github.com/janeczku/calibre-web/issues/2422
+ nixpkgs.overlays = [
+ (final: prev: {
+ calibre-web = prev.calibre-web.overrideAttrs (old: {
+ patches = (old.patches or [ ]) ++ [ ./calibre-web-cloudflare.patch ];
+ });
+ })
+ ];
+
caddyRoutes = [{
match = [{ host = [ config.bookServer ]; }];
handle = [{
From 4044721606b66b954700f003f19c1fdbe2a24787 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Fri, 7 Oct 2022 00:44:06 +0000
Subject: [PATCH 031/391] add vaultwarden, not activated
---
modules/services/vaultwarden.nix | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
create mode 100644 modules/services/vaultwarden.nix
diff --git a/modules/services/vaultwarden.nix b/modules/services/vaultwarden.nix
new file mode 100644
index 0000000..e452281
--- /dev/null
+++ b/modules/services/vaultwarden.nix
@@ -0,0 +1,24 @@
+{ config, pkgs, lib, ... }: {
+
+ options = {
+
+ vaultwardenServer = lib.mkOption {
+ description = "Hostname for Vaultwarden.";
+ type = lib.types.str;
+ };
+
+ };
+
+ config = {
+ services.vaultwarden = {
+ enable = true;
+ config = {
+ DOMAIN = config.vaultwardenServer;
+ SIGNUPS_ALLOWED = false;
+ };
+ environmentFile = null;
+ dbBackend = "sqlite";
+ };
+ };
+
+}
From e89db82e7fc355380576e1195da8a3426fbeb64e Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Fri, 7 Oct 2022 03:31:14 +0000
Subject: [PATCH 032/391] make whois core utility
---
modules/darwin/utilities.nix | 3 ++-
modules/shell/utilities.nix | 1 +
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/modules/darwin/utilities.nix b/modules/darwin/utilities.nix
index ad50645..d73a6c3 100644
--- a/modules/darwin/utilities.nix
+++ b/modules/darwin/utilities.nix
@@ -16,7 +16,8 @@
vault
consul
noti # Create notifications programmatically
- ipcalc
+ ipcalc # Make IP network calculations
+ whois # Lookup IPs
(pkgs.writeScriptBin "ocr"
(builtins.readFile ../shell/bash/scripts/ocr.sh))
];
diff --git a/modules/shell/utilities.nix b/modules/shell/utilities.nix
index 5e4a8b3..68c4583 100644
--- a/modules/shell/utilities.nix
+++ b/modules/shell/utilities.nix
@@ -31,6 +31,7 @@ in {
vimv-rs # Batch rename files
dig # DNS lookup
lf # File viewer
+ whois # Lookup IPs
];
programs.zoxide.enable = true; # Shortcut jump command
From 8dba2ef88b8126873c43e5ea0aec5405d9358e7e Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sat, 8 Oct 2022 15:52:05 +0000
Subject: [PATCH 033/391] litestream backups for nextcloud
---
hosts/oracle/default.nix | 7 +++
modules/services/nextcloud.nix | 97 +++++++++++++++++++++++++++++-----
private/backup.age | 6 +++
3 files changed, 98 insertions(+), 12 deletions(-)
create mode 100644 private/backup.age
diff --git a/hosts/oracle/default.nix b/hosts/oracle/default.nix
index 8da7180..096185a 100644
--- a/hosts/oracle/default.nix
+++ b/hosts/oracle/default.nix
@@ -26,6 +26,13 @@ nixpkgs.lib.nixosSystem {
publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s";
+ # Backup config
+ backupS3 = {
+ endpoint = "s3.us-west-002.backblazeb2.com";
+ bucket = "noahmasur-backup";
+ accessKeyId = "0026b0e73b2e2c80000000004";
+ };
+
# Grant access to Jellyfin directories from nextcloud
users.users.nextcloud.extraGroups = [ "jellyfin" ];
}
diff --git a/modules/services/nextcloud.nix b/modules/services/nextcloud.nix
index 296b352..c9ffa1e 100644
--- a/modules/services/nextcloud.nix
+++ b/modules/services/nextcloud.nix
@@ -1,6 +1,8 @@
{ config, pkgs, lib, ... }:
-let adminpassFile = "/var/lib/nextcloud/creds";
+let
+ adminpassFile = "/var/lib/nextcloud/creds";
+ backupS3File = "/var/lib/nextcloud/backup-creds";
in {
@@ -13,6 +15,22 @@ in {
description = "Hostname for Nextcloud";
};
+ # Options for backup
+ backupS3 = {
+ endpoint = lib.mkOption {
+ type = lib.types.str;
+ description = "S3 endpoint for backups";
+ };
+ bucket = lib.mkOption {
+ type = lib.types.str;
+ description = "S3 bucket for backups";
+ };
+ accessKeyId = lib.mkOption {
+ type = lib.types.str;
+ description = "S3 access key ID for backups";
+ };
+ };
+
};
config = {
@@ -72,18 +90,73 @@ in {
}];
}];
- # Create credentials files
- system.activationScripts.nextcloud = {
- deps = [ "age" ];
- text = ''
- if [ ! -f "${adminpassFile}" ]; then
- $DRY_RUN_CMD mkdir --parents $VERBOSE_ARG $(dirname ${adminpassFile})
- $DRY_RUN_CMD ${pkgs.age}/bin/age --decrypt \
+ # Create credentials file for nextcloud
+ systemd.services.nextcloud-creds = {
+ requiredBy = [ "nextcloud-setup.service" ];
+ before = [ "nextcloud-setup.service" ];
+ serviceConfig = {
+ Type = "oneshot";
+ User = "root";
+ };
+ script = ''
+ mkdir --parents $(dirname ${adminpassFile})
+ ${pkgs.age}/bin/age --decrypt \
+ --identity ${config.identityFile} \
+ --output ${adminpassFile} \
+ ${builtins.toString ../../private/nextcloud.age}
+ chown nextcloud:nextcloud ${adminpassFile}
+ chmod 0700 ${adminpassFile}
+ '';
+ };
+
+ ## Backup config
+
+ # Open to groups, allowing for backups
+ systemd.services.phpfpm-nextcloud.serviceConfig.StateDirectoryMode =
+ lib.mkForce "0770";
+
+ # Allow litestream and nextcloud to share a sqlite database
+ users.users.litestream.extraGroups = [ "nextcloud" ];
+ users.users.nextcloud.extraGroups = [ "litestream" ];
+
+ # Backup sqlite database with litestream
+ services.litestream = {
+ enable = true;
+ settings = {
+ dbs = [{
+ path = "/var/lib/nextcloud/data/nextcloud.db";
+ replicas = [{
+ url =
+ "s3://${config.backupS3.bucket}.${config.backupS3.endpoint}/nextcloud";
+ }];
+ }];
+ };
+ environmentFile = backupS3File;
+ };
+
+ # Don't start litestream unless nextcloud is up
+ systemd.services.litestream = {
+ after = [ "phpfpm-nextcloud.service" ];
+ requires = [ "phpfpm-nextcloud.service" ];
+ environment.LITESTREAM_ACCESS_KEY_ID = config.backupS3.accessKeyId;
+ };
+
+ # Create credentials file for litestream
+ systemd.services.litestream-s3 = {
+ requiredBy = [ "litestream.service" ];
+ before = [ "litestream.service" ];
+ serviceConfig = {
+ Type = "oneshot";
+ User = "root";
+ };
+ script = ''
+ echo \
+ LITESTREAM_SECRET_ACCESS_KEY=$(${pkgs.age}/bin/age --decrypt \
--identity ${config.identityFile} \
- --output ${adminpassFile} \
- ${builtins.toString ../../private/nextcloud.age}
- $DRY_RUN_CMD chown nextcloud:nextcloud ${adminpassFile}
- fi
+ ${builtins.toString ../../private/backup.age} \
+ ) > ${backupS3File}
+ chown litestream:litestream ${backupS3File}
+ chmod 0700 ${backupS3File}
'';
};
diff --git a/private/backup.age b/private/backup.age
new file mode 100644
index 0000000..bc1483a
--- /dev/null
+++ b/private/backup.age
@@ -0,0 +1,6 @@
+age-encryption.org/v1
+-> ssh-ed25519 MgHaOw 2y5C1sRq3NZqmfGBiPgMS7qcU5v+70wri5xkXbceaHM
+zyd7b+OuVi3rxxUEm+QW/80M80SSKaebOwOioRjnYak
+--- yZQxxjYYNouD5wnEj+qNjUSrRU01hXvWUuax4C252i8
+/2*MD^ӜOQ
+5
Date: Sat, 8 Oct 2022 15:52:43 +0000
Subject: [PATCH 034/391] remember to require age for mail
---
modules/mail/himalaya.nix | 3 +++
1 file changed, 3 insertions(+)
diff --git a/modules/mail/himalaya.nix b/modules/mail/himalaya.nix
index 8e528db..7e7363b 100644
--- a/modules/mail/himalaya.nix
+++ b/modules/mail/himalaya.nix
@@ -1,5 +1,8 @@
{ config, pkgs, lib, ... }: {
+ # Required to place identity file on machine
+ imports = [ ../shell/age.nix ];
+
options = {
mailUser = lib.mkOption {
type = lib.types.str;
From 5872abcc330384a562f33262074e4ce294e9d501 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sat, 8 Oct 2022 15:57:52 +0000
Subject: [PATCH 035/391] move calibre perms out of activations
---
modules/services/calibre.nix | 26 ++++++++++++++------------
1 file changed, 14 insertions(+), 12 deletions(-)
diff --git a/modules/services/calibre.nix b/modules/services/calibre.nix
index 8a72a24..21c9707 100644
--- a/modules/services/calibre.nix
+++ b/modules/services/calibre.nix
@@ -48,18 +48,20 @@ in {
}];
# Create directory and set permissions
- system.activationScripts.calibreLibrary.text = ''
- if [ ! -d "${libraryPath}" ]; then
- $DRY_RUN_CMD mkdir --parents $VERBOSE_ARG ${libraryPath}
- fi
- if [ ! "$(stat -c "%G" ${libraryPath})" = "calibre-web" ]; then
- $DRY_RUN_CMD chown $VERBOSE_ARG -R calibre-web:calibre-web ${libraryPath}
- fi
- if [ ! "$(stat -c "%a" ${libraryPath})" = "775" ]; then
- $DRY_RUN_CMD chmod $VERBOSE_ARG 0775 ${libraryPath}
- $DRY_RUN_CMD chmod $VERBOSE_ARG -R 0640 ${libraryPath}/*
- fi
- '';
+ systemd.services.calibre-library = {
+ requiredBy = [ "calibre-web.service" ];
+ before = [ "calibre-web.service" ];
+ serviceConfig = {
+ Type = "oneshot";
+ User = "root";
+ };
+ script = ''
+ mkdir --parents ${libraryPath}
+ chown -R calibre-web:calibre-web ${libraryPath}
+ chmod 0775 ${libraryPath}
+ chmod -R 0640 ${libraryPath}/*
+ '';
+ };
};
From e309889b0bbe3a7358343151a4d05b71614c2a4b Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sun, 9 Oct 2022 03:51:25 +0000
Subject: [PATCH 036/391] replace activationscripts with systemd
---
modules/services/jellyfin.nix | 19 ++++++++++++-------
modules/services/nextcloud.nix | 3 ++-
2 files changed, 14 insertions(+), 8 deletions(-)
diff --git a/modules/services/jellyfin.nix b/modules/services/jellyfin.nix
index 33828d9..0f69c85 100644
--- a/modules/services/jellyfin.nix
+++ b/modules/services/jellyfin.nix
@@ -20,13 +20,18 @@
}];
# Create videos directory, allow anyone in Jellyfin group to manage it
- system.activationScripts.jellyfin = let videosDirectory = "/var/videos";
- in {
- text = ''
- if [ ! -d "${videosDirectory}" ]; then
- $DRY_RUN_CMD mkdir --parents $VERBOSE_ARG ${videosDirectory}
- $DRY_RUN_CMD chmod 775 $VERBOSE_ARG ${videosDirectory}
- fi
+ systemd.services.videos-library = {
+ wantedBy = [ "jellyfin.service" ];
+ requiredBy = [ "jellyfin.service" ];
+ before = [ "jellyfin.service" ];
+ serviceConfig = {
+ Type = "oneshot";
+ RemainAfterExit = true;
+ };
+ script = let videosDirectory = "/var/videos";
+ in ''
+ mkdir --parents --mode 0755 ${videosDirectory}
+ chown jellyfin:jellyfin ${videosDirectory}
'';
};
diff --git a/modules/services/nextcloud.nix b/modules/services/nextcloud.nix
index c9ffa1e..7c8e270 100644
--- a/modules/services/nextcloud.nix
+++ b/modules/services/nextcloud.nix
@@ -1,6 +1,7 @@
{ config, pkgs, lib, ... }:
let
+
adminpassFile = "/var/lib/nextcloud/creds";
backupS3File = "/var/lib/nextcloud/backup-creds";
@@ -147,7 +148,7 @@ in {
before = [ "litestream.service" ];
serviceConfig = {
Type = "oneshot";
- User = "root";
+ RemainAfterExit = true;
};
script = ''
echo \
From 129e4bba4bb88d5520ce682014c6b0b37fe6c177 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sun, 9 Oct 2022 14:12:31 +0000
Subject: [PATCH 037/391] wireguard working but not transmission
---
hosts/oracle/default.nix | 2 +
modules/services/transmission.nix | 92 +++++++++++++++++++++++++++++++
modules/services/wireguard.nix | 71 ++++++++++++++++++++++--
private/transmission.json.age | 5 ++
private/wireguard.age | 5 ++
5 files changed, 169 insertions(+), 6 deletions(-)
create mode 100644 modules/services/transmission.nix
create mode 100644 private/transmission.json.age
create mode 100644 private/wireguard.age
diff --git a/hosts/oracle/default.nix b/hosts/oracle/default.nix
index 096185a..fb22aa8 100644
--- a/hosts/oracle/default.nix
+++ b/hosts/oracle/default.nix
@@ -20,6 +20,7 @@ nixpkgs.lib.nixosSystem {
bookServer = "books.masu.rs";
streamServer = "stream.masu.rs";
nextcloudServer = "cloud.masu.rs";
+ transmissionServer = "download.masu.rs";
# Disable passwords, only use SSH key
passwordHash = null;
@@ -44,5 +45,6 @@ nixpkgs.lib.nixosSystem {
../../modules/services/calibre.nix
../../modules/services/jellyfin.nix
../../modules/services/nextcloud.nix
+ ../../modules/services/transmission.nix
];
}
diff --git a/modules/services/transmission.nix b/modules/services/transmission.nix
new file mode 100644
index 0000000..d224ba6
--- /dev/null
+++ b/modules/services/transmission.nix
@@ -0,0 +1,92 @@
+{ config, pkgs, lib, ... }:
+
+let credentialsFile = "/var/lib/private/transmission.json";
+
+in {
+
+ imports = [ ./wireguard.nix ];
+
+ options = {
+ transmissionServer = lib.mkOption {
+ type = lib.types.str;
+ description = "Hostname for Transmission";
+ };
+ };
+
+ config = {
+
+ # Setup transmission
+ services.transmission = {
+ enable = true;
+ settings = {
+ port-forwarding-enabled = false;
+ rpc-authentication-required = true;
+ rpc-port = 9091;
+ rpc-bind-address = "0.0.0.0";
+ rpc-username = config.user;
+ rpc-host-whitelist = config.transmissionServer;
+ rpc-host-whitelist-enabled = true;
+ rpc-whitelist-enabled = false;
+ };
+ credentialsFile = credentialsFile;
+ };
+
+ # Bind transmission to wireguard namespace
+ systemd.services.transmission = {
+ bindsTo = [ "netns@wg.service" ];
+ requires = [ "network-online.target" ];
+ after = [ "wireguard-wg0.service" ];
+ unitConfig.JoinsNamespaceOf = "netns@wg.service";
+ serviceConfig = { PrivateNetwork = true; };
+ };
+
+ # Create reverse proxy for web UI
+ caddyRoutes = [{
+ match = [{ host = [ config.transmissionServer ]; }];
+ handle = [{
+ handler = "reverse_proxy";
+ upstreams = [{ dial = "localhost:9091"; }];
+ }];
+ }];
+
+ # Allow inbound connections to reach namespace
+ systemd.services.transmission-web-netns = {
+ description = "Forward to transmission in netns";
+ requires = [ "transmission.service" ];
+ after = [ "transmission.service" ];
+ serviceConfig = {
+ User = "transmission";
+ Group = "transmission";
+ Restart = "on-failure";
+ TimeoutStopSec = 300;
+ };
+ wantedBy = [ "multi-user.target" ];
+ script = ''
+ ${pkgs.socat}/bin/socat tcp-listen:9091,fork,reuseaddr exec:'${pkgs.iproute2}/bin/ip netns exec wg ${pkgs.socat}/bin/socat STDIO "tcp-connect:10.66.13.200:9091"',nofork
+ '';
+ };
+
+ # Create credentials file for transmission
+ systemd.services.transmission-creds = {
+ requiredBy = [ "transmission.service" ];
+ before = [ "transmission.service" ];
+ serviceConfig = {
+ Type = "oneshot";
+ RemainAfterExit = true;
+ };
+ script = ''
+ if [ ! -f "${credentialsFile}" ]; then
+ mkdir --parents ${builtins.dirOf credentialsFile}
+ ${pkgs.age}/bin/age --decrypt \
+ --identity ${config.identityFile} \
+ --output ${credentialsFile} \
+ ${builtins.toString ../../private/transmission.json.age}
+ chown transmission:transmission ${credentialsFile}
+ chmod 0700 ${credentialsFile}
+ fi
+ '';
+ };
+
+ };
+
+}
diff --git a/modules/services/wireguard.nix b/modules/services/wireguard.nix
index 34af565..e6eba2e 100644
--- a/modules/services/wireguard.nix
+++ b/modules/services/wireguard.nix
@@ -1,18 +1,77 @@
-{ ... }: {
+{ config, pkgs, ... }:
+
+let privateKeyFile = "/private/wireguard/wg0";
+
+in {
+
networking.wireguard = {
enable = true;
interfaces = {
wg0 = {
- ips = [ "10.66.127.235/32" "fc00:bbbb:bbbb:bb01::3:7fea/128" ];
- generatePrivateKeyFile = true;
- privateKeyFile = "/private/wireguard/wg0";
+
+ # The local IPs for this machine within the Wireguard network
+ # Any inbound traffic bound for these IPs should be kept on localhost
+ ips = [ "10.66.13.200/32" "fc00:bbbb:bbbb:bb01::3:dc7/128" ];
+
+ # Establishes identity of this machine
+ generatePrivateKeyFile = false;
+ privateKeyFile = privateKeyFile;
+
peers = [{
- publicKey = "cVDIYPzNChIeANp+0jE12kWM5Ga1MbmNErT1Pmaf12A=";
+
+ # Identity of Wireguard target peer (VPN)
+ publicKey = "bOOP5lIjqCdDx5t+mP/kEcSbHS4cZqE0rMlBI178lyY=";
+
+ # Which outgoing IP ranges should be sent through Wireguard
allowedIPs = [ "0.0.0.0/0" "::0/0" ];
- endpoint = "89.46.62.197:51820";
+
+ # The public internet address of the target peer
+ endpoint = "86.106.143.132:51820";
+
+ # Send heartbeat signal within the network
persistentKeepalive = 25;
+
}];
+
+ # Namespaces
+ interfaceNamespace = "wg";
+ # socketNamespace = "wg";
+
};
};
};
+
+ # Create namespace for Wireguard
+ systemd.services."netns@" = {
+ description = "%I network namespace";
+ before = [ "network.target" ];
+ serviceConfig = {
+ Type = "oneshot";
+ RemainAfterExit = true;
+ ExecStart = "${pkgs.iproute2}/bin/ip netns add %I";
+ ExecStop = "${pkgs.iproute2}/bin/ip netns del %I";
+ };
+ };
+
+ # Private key file for wireguard
+ systemd.services.wireguard-private-key = {
+ wantedBy = [ "wireguard-wg0.service" ];
+ requiredBy = [ "wireguard-wg0.service" ];
+ before = [ "wireguard-wg0.service" ];
+ serviceConfig = {
+ Type = "oneshot";
+ RemainAfterExit = true;
+ };
+ script = ''
+ mkdir --parents --mode 0755 ${builtins.dirOf privateKeyFile}
+ if [ ! -f "${privateKeyFile}" ]; then
+ ${pkgs.age}/bin/age --decrypt \
+ --identity ${config.identityFile} \
+ --output ${privateKeyFile} \
+ ${builtins.toString ../../private/wireguard.age}
+ chmod 0700 ${privateKeyFile}
+ fi
+ '';
+ };
+
}
diff --git a/private/transmission.json.age b/private/transmission.json.age
new file mode 100644
index 0000000..a98cddd
--- /dev/null
+++ b/private/transmission.json.age
@@ -0,0 +1,5 @@
+age-encryption.org/v1
+-> ssh-ed25519 MgHaOw PAAWnpc5bJ5S972U+L6YgHpI2a7aqwxWaNZrvQIODVg
+A6zRWD6TmlVb8b5J3gdMf3JAeHIHgUQA3C8PpR8GveQ
+--- xP8vbUGtTlvaZ0K2J0+J0ICoL9gvCbhQg6GxG8ZYCS0
+75L2cJĀe,ݝTn$Mi4Yi[!ŁL%(iF;6ԊjO
\ No newline at end of file
diff --git a/private/wireguard.age b/private/wireguard.age
new file mode 100644
index 0000000..a055a02
--- /dev/null
+++ b/private/wireguard.age
@@ -0,0 +1,5 @@
+age-encryption.org/v1
+-> ssh-ed25519 MgHaOw lG6VtLpEU/33egpB9WqJiulVdL3K5a2IGjekIu6HtSI
+VsAfCbtQuHU9tptKQR4buD3ydwb89aSbUVdEoetU1gc
+--- kts74pY8NdQh4pTlMT3NTHxU0qnA0txwQKH5FkQCdXA
+S8A0`0$,1*/HVZtWBC[
Date: Sun, 9 Oct 2022 18:32:43 +0000
Subject: [PATCH 038/391] transmission reaches internet through vpn
---
modules/services/transmission.nix | 6 ++----
modules/services/wireguard.nix | 6 +++---
2 files changed, 5 insertions(+), 7 deletions(-)
diff --git a/modules/services/transmission.nix b/modules/services/transmission.nix
index d224ba6..cb9e827 100644
--- a/modules/services/transmission.nix
+++ b/modules/services/transmission.nix
@@ -37,7 +37,7 @@ in {
requires = [ "network-online.target" ];
after = [ "wireguard-wg0.service" ];
unitConfig.JoinsNamespaceOf = "netns@wg.service";
- serviceConfig = { PrivateNetwork = true; };
+ serviceConfig.NetworkNamespacePath = "/var/run/netns/wg";
};
# Create reverse proxy for web UI
@@ -51,12 +51,10 @@ in {
# Allow inbound connections to reach namespace
systemd.services.transmission-web-netns = {
- description = "Forward to transmission in netns";
+ description = "Forward to transmission in wireguard namespace";
requires = [ "transmission.service" ];
after = [ "transmission.service" ];
serviceConfig = {
- User = "transmission";
- Group = "transmission";
Restart = "on-failure";
TimeoutStopSec = 300;
};
diff --git a/modules/services/wireguard.nix b/modules/services/wireguard.nix
index e6eba2e..40fb6e7 100644
--- a/modules/services/wireguard.nix
+++ b/modules/services/wireguard.nix
@@ -33,15 +33,15 @@ in {
}];
- # Namespaces
+ # Move to network namespace for isolating programs
interfaceNamespace = "wg";
- # socketNamespace = "wg";
};
};
};
# Create namespace for Wireguard
+ # This allows us to isolate specific programs to Wireguard
systemd.services."netns@" = {
description = "%I network namespace";
before = [ "network.target" ];
@@ -53,7 +53,7 @@ in {
};
};
- # Private key file for wireguard
+ # Create private key file for wireguard
systemd.services.wireguard-private-key = {
wantedBy = [ "wireguard-wg0.service" ];
requiredBy = [ "wireguard-wg0.service" ];
From 7aacfe7887fc49b9e4acd2cc497bd25a50f3a865 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sun, 9 Oct 2022 20:41:04 +0000
Subject: [PATCH 039/391] fix issues reaching transmission web
---
modules/services/transmission.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/modules/services/transmission.nix b/modules/services/transmission.nix
index cb9e827..2defc89 100644
--- a/modules/services/transmission.nix
+++ b/modules/services/transmission.nix
@@ -60,6 +60,7 @@ in {
};
wantedBy = [ "multi-user.target" ];
script = ''
+ ${pkgs.iproute2}/bin/ip netns exec wg ${pkgs.iproute2}/bin/ip link set dev lo up
${pkgs.socat}/bin/socat tcp-listen:9091,fork,reuseaddr exec:'${pkgs.iproute2}/bin/ip netns exec wg ${pkgs.socat}/bin/socat STDIO "tcp-connect:10.66.13.200:9091"',nofork
'';
};
From b0aa82e7d0713394de49275cdbd84b169b2c0e52 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Mon, 10 Oct 2022 03:13:16 +0000
Subject: [PATCH 040/391] refactor wireguard and add port forwarding
---
hosts/oracle/default.nix | 35 ++++++++-
modules/services/transmission.nix | 14 ++--
modules/services/wireguard.nix | 114 ++++++++++++++----------------
3 files changed, 95 insertions(+), 68 deletions(-)
diff --git a/hosts/oracle/default.nix b/hosts/oracle/default.nix
index fb22aa8..5b1f3ba 100644
--- a/hosts/oracle/default.nix
+++ b/hosts/oracle/default.nix
@@ -27,15 +27,46 @@ nixpkgs.lib.nixosSystem {
publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s";
- # Backup config
+ # Nextcloud backup config
backupS3 = {
endpoint = "s3.us-west-002.backblazeb2.com";
bucket = "noahmasur-backup";
accessKeyId = "0026b0e73b2e2c80000000004";
};
- # Grant access to Jellyfin directories from nextcloud
+ # Grant access to Jellyfin directories from Nextcloud
users.users.nextcloud.extraGroups = [ "jellyfin" ];
+
+ # Wireguard config for Transmission
+ networking.wireguard.interfaces.wg0 = {
+
+ # The local IPs for this machine within the Wireguard network
+ # Any inbound traffic bound for these IPs should be kept on localhost
+ ips = [ "10.66.13.200/32" "fc00:bbbb:bbbb:bb01::3:dc7/128" ];
+
+ peers = [{
+
+ # Identity of Wireguard target peer (VPN)
+ publicKey = "bOOP5lIjqCdDx5t+mP/kEcSbHS4cZqE0rMlBI178lyY=";
+
+ # The public internet address of the target peer
+ endpoint = "86.106.143.132:51820";
+
+ # Which outgoing IP ranges should be sent through Wireguard
+ allowedIPs = [ "0.0.0.0/0" "::0/0" ];
+
+ # Send heartbeat signal within the network
+ persistentKeepalive = 25;
+
+ }];
+
+ };
+
+ # VPN port forwarding
+ services.transmission.settings.peer-port = 57599;
+
+ # Grant access to Transmission directories from Jellyfin
+ users.users.jellyfin.extraGroups = [ "transmission" ];
}
./hardware-configuration.nix
../common.nix
diff --git a/modules/services/transmission.nix b/modules/services/transmission.nix
index 2defc89..00bcfec 100644
--- a/modules/services/transmission.nix
+++ b/modules/services/transmission.nix
@@ -13,7 +13,9 @@ in {
};
};
- config = {
+ config = let
+ namespace = config.networking.wireguard.interfaces.wg0.interfaceNamespace;
+ in {
# Setup transmission
services.transmission = {
@@ -33,11 +35,11 @@ in {
# Bind transmission to wireguard namespace
systemd.services.transmission = {
- bindsTo = [ "netns@wg.service" ];
+ bindsTo = [ "netns@${namespace}.service" ];
requires = [ "network-online.target" ];
after = [ "wireguard-wg0.service" ];
- unitConfig.JoinsNamespaceOf = "netns@wg.service";
- serviceConfig.NetworkNamespacePath = "/var/run/netns/wg";
+ unitConfig.JoinsNamespaceOf = "netns@${namespace}.service";
+ serviceConfig.NetworkNamespacePath = "/var/run/netns/${namespace}";
};
# Create reverse proxy for web UI
@@ -60,8 +62,8 @@ in {
};
wantedBy = [ "multi-user.target" ];
script = ''
- ${pkgs.iproute2}/bin/ip netns exec wg ${pkgs.iproute2}/bin/ip link set dev lo up
- ${pkgs.socat}/bin/socat tcp-listen:9091,fork,reuseaddr exec:'${pkgs.iproute2}/bin/ip netns exec wg ${pkgs.socat}/bin/socat STDIO "tcp-connect:10.66.13.200:9091"',nofork
+ ${pkgs.iproute2}/bin/ip netns exec ${namespace} ${pkgs.iproute2}/bin/ip link set dev lo up
+ ${pkgs.socat}/bin/socat tcp-listen:9091,fork,reuseaddr exec:'${pkgs.iproute2}/bin/ip netns exec ${namespace} ${pkgs.socat}/bin/socat STDIO "tcp-connect:10.66.13.200:9091"',nofork
'';
};
diff --git a/modules/services/wireguard.nix b/modules/services/wireguard.nix
index 40fb6e7..96bb196 100644
--- a/modules/services/wireguard.nix
+++ b/modules/services/wireguard.nix
@@ -1,77 +1,71 @@
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }: {
-let privateKeyFile = "/private/wireguard/wg0";
+ options.networking.wireguard = {
-in {
+ encryptedPrivateKey = lib.mkOption {
+ type = lib.types.path;
+ description = "Nix path to age-encrypted client private key";
+ default = ../../private/wireguard.age;
+ };
- networking.wireguard = {
- enable = true;
- interfaces = {
- wg0 = {
+ };
- # The local IPs for this machine within the Wireguard network
- # Any inbound traffic bound for these IPs should be kept on localhost
- ips = [ "10.66.13.200/32" "fc00:bbbb:bbbb:bb01::3:dc7/128" ];
+ config = {
- # Establishes identity of this machine
- generatePrivateKeyFile = false;
- privateKeyFile = privateKeyFile;
+ networking.wireguard = {
+ enable = true;
+ interfaces = {
+ wg0 = {
- peers = [{
+ # Establishes identity of this machine
+ generatePrivateKeyFile = false;
+ privateKeyFile = "/private/wireguard/wg0";
- # Identity of Wireguard target peer (VPN)
- publicKey = "bOOP5lIjqCdDx5t+mP/kEcSbHS4cZqE0rMlBI178lyY=";
-
- # Which outgoing IP ranges should be sent through Wireguard
- allowedIPs = [ "0.0.0.0/0" "::0/0" ];
-
- # The public internet address of the target peer
- endpoint = "86.106.143.132:51820";
-
- # Send heartbeat signal within the network
- persistentKeepalive = 25;
-
- }];
-
- # Move to network namespace for isolating programs
- interfaceNamespace = "wg";
+ # Move to network namespace for isolating programs
+ interfaceNamespace = "wg";
+ };
};
};
- };
- # Create namespace for Wireguard
- # This allows us to isolate specific programs to Wireguard
- systemd.services."netns@" = {
- description = "%I network namespace";
- before = [ "network.target" ];
- serviceConfig = {
- Type = "oneshot";
- RemainAfterExit = true;
- ExecStart = "${pkgs.iproute2}/bin/ip netns add %I";
- ExecStop = "${pkgs.iproute2}/bin/ip netns del %I";
+ # Create namespace for Wireguard
+ # This allows us to isolate specific programs to Wireguard
+ systemd.services."netns@" = {
+ description = "%I network namespace";
+ before = [ "network.target" ];
+ serviceConfig = {
+ Type = "oneshot";
+ RemainAfterExit = true;
+ ExecStart = "${pkgs.iproute2}/bin/ip netns add %I";
+ ExecStop = "${pkgs.iproute2}/bin/ip netns del %I";
+ };
};
- };
- # Create private key file for wireguard
- systemd.services.wireguard-private-key = {
- wantedBy = [ "wireguard-wg0.service" ];
- requiredBy = [ "wireguard-wg0.service" ];
- before = [ "wireguard-wg0.service" ];
- serviceConfig = {
- Type = "oneshot";
- RemainAfterExit = true;
+ # Create private key file for wireguard
+ systemd.services.wireguard-private-key = {
+ wantedBy = [ "wireguard-wg0.service" ];
+ requiredBy = [ "wireguard-wg0.service" ];
+ before = [ "wireguard-wg0.service" ];
+ serviceConfig = {
+ Type = "oneshot";
+ RemainAfterExit = true;
+ };
+ script = let
+ encryptedPrivateKey = config.networking.wireguard.encryptedPrivateKey;
+ privateKeyFile =
+ config.networking.wireguard.interfaces.wg0.privateKeyFile;
+ in ''
+ mkdir --parents --mode 0755 ${builtins.dirOf privateKeyFile}
+ if [ ! -f "${privateKeyFile}" ]; then
+ ${pkgs.age}/bin/age --decrypt \
+ --identity ${config.identityFile} \
+ --output ${privateKeyFile} \
+ ${builtins.toString encryptedPrivateKey}
+ chmod 0700 ${privateKeyFile}
+ fi
+ '';
};
- script = ''
- mkdir --parents --mode 0755 ${builtins.dirOf privateKeyFile}
- if [ ! -f "${privateKeyFile}" ]; then
- ${pkgs.age}/bin/age --decrypt \
- --identity ${config.identityFile} \
- --output ${privateKeyFile} \
- ${builtins.toString ../../private/wireguard.age}
- chmod 0700 ${privateKeyFile}
- fi
- '';
+
};
}
From 170f8c67de0646a7e3c1b24728a3b2490d942d21 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Mon, 10 Oct 2022 03:25:28 +0000
Subject: [PATCH 041/391] enable transmission web allowlist
---
modules/services/transmission.nix | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/modules/services/transmission.nix b/modules/services/transmission.nix
index 00bcfec..89f2a00 100644
--- a/modules/services/transmission.nix
+++ b/modules/services/transmission.nix
@@ -15,6 +15,8 @@ in {
config = let
namespace = config.networking.wireguard.interfaces.wg0.interfaceNamespace;
+ vpnIp = lib.strings.removeSuffix "/32"
+ (builtins.head config.networking.wireguard.interfaces.wg0.ips);
in {
# Setup transmission
@@ -28,7 +30,8 @@ in {
rpc-username = config.user;
rpc-host-whitelist = config.transmissionServer;
rpc-host-whitelist-enabled = true;
- rpc-whitelist-enabled = false;
+ rpc-whitelist = "127.0.0.1,${vpnIp}";
+ rpc-whitelist-enabled = true;
};
credentialsFile = credentialsFile;
};
@@ -63,7 +66,7 @@ in {
wantedBy = [ "multi-user.target" ];
script = ''
${pkgs.iproute2}/bin/ip netns exec ${namespace} ${pkgs.iproute2}/bin/ip link set dev lo up
- ${pkgs.socat}/bin/socat tcp-listen:9091,fork,reuseaddr exec:'${pkgs.iproute2}/bin/ip netns exec ${namespace} ${pkgs.socat}/bin/socat STDIO "tcp-connect:10.66.13.200:9091"',nofork
+ ${pkgs.socat}/bin/socat tcp-listen:9091,fork,reuseaddr exec:'${pkgs.iproute2}/bin/ip netns exec ${namespace} ${pkgs.socat}/bin/socat STDIO "tcp-connect:${vpnIp}:9091"',nofork
'';
};
From a5e186ee87c3821c34b103c1ba9c3e1291935de8 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Mon, 10 Oct 2022 18:11:08 +0000
Subject: [PATCH 042/391] netdata metrics with basic auth
seems to have performance problems with caddy
---
hosts/oracle/default.nix | 6 +++++
modules/services/metrics.nix | 43 ++++++++++++++++++++++++++++++++++++
2 files changed, 49 insertions(+)
create mode 100644 modules/services/metrics.nix
diff --git a/hosts/oracle/default.nix b/hosts/oracle/default.nix
index 5b1f3ba..73653e8 100644
--- a/hosts/oracle/default.nix
+++ b/hosts/oracle/default.nix
@@ -21,12 +21,17 @@ nixpkgs.lib.nixosSystem {
streamServer = "stream.masu.rs";
nextcloudServer = "cloud.masu.rs";
transmissionServer = "download.masu.rs";
+ metricsServer = "metrics.masu.rs";
# Disable passwords, only use SSH key
passwordHash = null;
publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s";
+ # Password for metrics server
+ metricsPasswordHashed =
+ "$2a$14$rr.lPIF8ktl5bepks1iD3OXu5Se11/uAog01wlFMwgk0MCb1Rm3PG";
+
# Nextcloud backup config
backupS3 = {
endpoint = "s3.us-west-002.backblazeb2.com";
@@ -77,5 +82,6 @@ nixpkgs.lib.nixosSystem {
../../modules/services/jellyfin.nix
../../modules/services/nextcloud.nix
../../modules/services/transmission.nix
+ ../../modules/services/metrics.nix
];
}
diff --git a/modules/services/metrics.nix b/modules/services/metrics.nix
new file mode 100644
index 0000000..8239fdd
--- /dev/null
+++ b/modules/services/metrics.nix
@@ -0,0 +1,43 @@
+{ config, lib, ... }: {
+
+ options = {
+ metricsServer = lib.mkOption {
+ type = lib.types.str;
+ description = "Hostname for Metrics server";
+ };
+ metricsPasswordHashed = lib.mkOption {
+ type = lib.types.str;
+ description = "Metrics password hashed with `caddy hash-password`";
+ };
+ };
+
+ imports = [ ./caddy.nix ];
+
+ config = {
+
+ services.netdata.enable = true;
+
+ caddyRoutes = [{
+ match = [{ host = [ config.metricsServer ]; }];
+ handle = [
+ {
+ handler = "authentication";
+ providers = {
+ http_basic = {
+ accounts = [{
+ username = config.user;
+ password = config.metricsPasswordHashed;
+ }];
+ };
+ };
+ }
+ {
+ handler = "reverse_proxy";
+ upstreams = [{ dial = "localhost:19999"; }];
+ }
+ ];
+ }];
+
+ };
+
+}
From c4c75cd58701307f3ec0e068341b163462cec585 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Mon, 10 Oct 2022 19:22:39 +0000
Subject: [PATCH 043/391] switch to netdata cloud
fix performance issues with caddy mostly
---
apps/netdata-cloud.nix | 19 ++++++++++++++++
flake.nix | 3 +++
hosts/oracle/default.nix | 5 -----
modules/services/metrics.nix | 41 +++++-----------------------------
modules/services/nextcloud.nix | 5 +----
5 files changed, 29 insertions(+), 44 deletions(-)
create mode 100644 apps/netdata-cloud.nix
diff --git a/apps/netdata-cloud.nix b/apps/netdata-cloud.nix
new file mode 100644
index 0000000..f98dbd7
--- /dev/null
+++ b/apps/netdata-cloud.nix
@@ -0,0 +1,19 @@
+{ pkgs, ... }: {
+
+ type = "app";
+
+ program = builtins.toString (pkgs.writeShellScript "netdata-cloud" ''
+ if [ "$EUID" -ne 0 ]; then
+ echo "Please run as root"
+ exit 1
+ fi
+ mkdir --parents --mode 0750 /var/lib/netdata/cloud.d
+ printf "\nEnter the claim token for netdata cloud...\n\n"
+ read -p "Token: " token
+ echo "''${token}" > /var/lib/netdata/cloud.d/token
+ chown -R netdata:netdata /var/lib/netdata
+ ${pkgs.netdata}/bin/netdata-claim.sh -id=$(uuidgen)
+ printf "\n\nNow restart netdata service.\n\n"
+ '');
+
+}
diff --git a/flake.nix b/flake.nix
index d1aff1c..04c5811 100644
--- a/flake.nix
+++ b/flake.nix
@@ -92,6 +92,9 @@
# Load the SSH key for this machine
loadkey = import ./apps/loadkey.nix { inherit pkgs; };
+ # Connect machine metrics to Netdata Cloud
+ netdata = import ./apps/netdata-cloud.nix { inherit pkgs; };
+
});
devShells = forAllSystems (system:
diff --git a/hosts/oracle/default.nix b/hosts/oracle/default.nix
index 73653e8..f34d32a 100644
--- a/hosts/oracle/default.nix
+++ b/hosts/oracle/default.nix
@@ -21,17 +21,12 @@ nixpkgs.lib.nixosSystem {
streamServer = "stream.masu.rs";
nextcloudServer = "cloud.masu.rs";
transmissionServer = "download.masu.rs";
- metricsServer = "metrics.masu.rs";
# Disable passwords, only use SSH key
passwordHash = null;
publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s";
- # Password for metrics server
- metricsPasswordHashed =
- "$2a$14$rr.lPIF8ktl5bepks1iD3OXu5Se11/uAog01wlFMwgk0MCb1Rm3PG";
-
# Nextcloud backup config
backupS3 = {
endpoint = "s3.us-west-002.backblazeb2.com";
diff --git a/modules/services/metrics.nix b/modules/services/metrics.nix
index 8239fdd..cc14d8d 100644
--- a/modules/services/metrics.nix
+++ b/modules/services/metrics.nix
@@ -1,42 +1,13 @@
-{ config, lib, ... }: {
-
- options = {
- metricsServer = lib.mkOption {
- type = lib.types.str;
- description = "Hostname for Metrics server";
- };
- metricsPasswordHashed = lib.mkOption {
- type = lib.types.str;
- description = "Metrics password hashed with `caddy hash-password`";
- };
- };
-
- imports = [ ./caddy.nix ];
+{ config, pkgs, lib, ... }: {
config = {
- services.netdata.enable = true;
+ services.netdata = {
+ enable = true;
- caddyRoutes = [{
- match = [{ host = [ config.metricsServer ]; }];
- handle = [
- {
- handler = "authentication";
- providers = {
- http_basic = {
- accounts = [{
- username = config.user;
- password = config.metricsPasswordHashed;
- }];
- };
- };
- }
- {
- handler = "reverse_proxy";
- upstreams = [{ dial = "localhost:19999"; }];
- }
- ];
- }];
+ # Disable local dashboard (unsecured)
+ config = { web.mode = "none"; };
+ };
};
diff --git a/modules/services/nextcloud.nix b/modules/services/nextcloud.nix
index 7c8e270..40a3a2c 100644
--- a/modules/services/nextcloud.nix
+++ b/modules/services/nextcloud.nix
@@ -146,10 +146,7 @@ in {
systemd.services.litestream-s3 = {
requiredBy = [ "litestream.service" ];
before = [ "litestream.service" ];
- serviceConfig = {
- Type = "oneshot";
- RemainAfterExit = true;
- };
+ serviceConfig = { Type = "oneshot"; };
script = ''
echo \
LITESTREAM_SECRET_ACCESS_KEY=$(${pkgs.age}/bin/age --decrypt \
From 01e71e5810d12c5bee6ab0d754c09c421670cf39 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Mon, 10 Oct 2022 23:09:32 +0000
Subject: [PATCH 044/391] add minecraft server
---
hosts/oracle/default.nix | 1 +
modules/gaming/minecraft-server.nix | 32 +++++++++++++++++++++++++++++
2 files changed, 33 insertions(+)
create mode 100644 modules/gaming/minecraft-server.nix
diff --git a/hosts/oracle/default.nix b/hosts/oracle/default.nix
index f34d32a..9758d53 100644
--- a/hosts/oracle/default.nix
+++ b/hosts/oracle/default.nix
@@ -78,5 +78,6 @@ nixpkgs.lib.nixosSystem {
../../modules/services/nextcloud.nix
../../modules/services/transmission.nix
../../modules/services/metrics.nix
+ ../../modules/gaming/minecraft-server.nix
];
}
diff --git a/modules/gaming/minecraft-server.nix b/modules/gaming/minecraft-server.nix
new file mode 100644
index 0000000..3da55a3
--- /dev/null
+++ b/modules/gaming/minecraft-server.nix
@@ -0,0 +1,32 @@
+{ ... }: {
+
+ unfreePackages = [ "minecraft-server" ];
+
+ services.minecraft-server = {
+ enable = true;
+ eula = true;
+ declarative = true;
+ whitelist = { };
+ openFirewall = true;
+ serverProperties = {
+ server-port = 25565;
+ difficulty = "normal";
+ gamemode = "survival";
+ white-list = false;
+ enforce-whitelist = false;
+ level-name = "world";
+ motd = "Welcome!";
+ pvp = true;
+ player-idle-timeout = 30;
+ generate-structures = true;
+ max-players = 20;
+ snooper-enabled = false;
+ spawn-npcs = true;
+ spawn-animals = true;
+ spawn-monsters = true;
+ allow-nether = true;
+ allow-flight = false;
+ };
+ };
+
+}
From e2af159c26347afd0926a4343fdc8f2101ff42ff Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Thu, 13 Oct 2022 23:40:30 +0000
Subject: [PATCH 045/391] lockdown caddy and ssh connections
---
modules/services/caddy.nix | 45 +++++++++++++++++++++++++++++++++-----
modules/services/sshd.nix | 3 +++
2 files changed, 43 insertions(+), 5 deletions(-)
diff --git a/modules/services/caddy.nix b/modules/services/caddy.nix
index d737f34..02c8f00 100644
--- a/modules/services/caddy.nix
+++ b/modules/services/caddy.nix
@@ -1,8 +1,4 @@
-{ config, pkgs, lib, ... }:
-
-let
-
-in {
+{ config, pkgs, lib, ... }: {
options = {
caddyRoutes = lib.mkOption {
@@ -20,6 +16,45 @@ in {
apps.http.servers.main = {
listen = [ ":443" ];
routes = config.caddyRoutes;
+ errors.routes = [{
+ match = [{
+ not = [{
+ remote_ip.ranges = [
+
+ # Cloudflare IPv4: https://www.cloudflare.com/ips-v4
+ "173.245.48.0/20"
+ "103.21.244.0/22"
+ "103.22.200.0/22"
+ "103.31.4.0/22"
+ "141.101.64.0/18"
+ "108.162.192.0/18"
+ "190.93.240.0/20"
+ "188.114.96.0/20"
+ "197.234.240.0/22"
+ "198.41.128.0/17"
+ "162.158.0.0/15"
+ "104.16.0.0/13"
+ "104.24.0.0/14"
+ "172.64.0.0/13"
+ "131.0.72.0/22"
+
+ # Cloudflare IPv6: https://www.cloudflare.com/ips-v6
+ "2400:cb00::/32"
+ "2606:4700::/32"
+ "2803:f800::/32"
+ "2405:b500::/32"
+ "2405:8100::/32"
+ "2a06:98c0::/29"
+ "2c0f:f248::/32"
+
+ ];
+ }];
+ }];
+ handle = [{
+ handler = "static_response";
+ abort = true;
+ }];
+ }];
};
});
diff --git a/modules/services/sshd.nix b/modules/services/sshd.nix
index 0161aba..094d624 100644
--- a/modules/services/sshd.nix
+++ b/modules/services/sshd.nix
@@ -25,6 +25,9 @@
users.users.${config.user}.openssh.authorizedKeys.keys =
[ config.publicKey ];
+
+ # Implement a simple fail2ban service for sshd
+ services.sshguard.enable = true;
};
}
From c2d0037bab3107cefa919831594c9a4c61ca6317 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Fri, 14 Oct 2022 01:34:35 +0000
Subject: [PATCH 046/391] autostart and stop minecraft server
---
modules/gaming/minecraft-server.nix | 120 +++++++++++++++++++++++++++-
1 file changed, 117 insertions(+), 3 deletions(-)
diff --git a/modules/gaming/minecraft-server.nix b/modules/gaming/minecraft-server.nix
index 3da55a3..f27b6f0 100644
--- a/modules/gaming/minecraft-server.nix
+++ b/modules/gaming/minecraft-server.nix
@@ -1,4 +1,13 @@
-{ ... }: {
+{ pkgs, ... }:
+
+let
+
+ localPort = 25564;
+ publicPort = 25565;
+ rconPort = 25575;
+ rconPassword = "thiscanbeanything";
+
+in {
unfreePackages = [ "minecraft-server" ];
@@ -7,9 +16,9 @@
eula = true;
declarative = true;
whitelist = { };
- openFirewall = true;
+ openFirewall = false;
serverProperties = {
- server-port = 25565;
+ server-port = localPort;
difficulty = "normal";
gamemode = "survival";
white-list = false;
@@ -26,7 +35,112 @@
spawn-monsters = true;
allow-nether = true;
allow-flight = false;
+ enable-rcon = true;
+ "rcon.port" = rconPort;
+ "rcon.password" = rconPassword;
};
};
+ networking.firewall.allowedTCPPorts = [ publicPort ];
+
+ ## Automatically start and stop Minecraft server based on player connections
+
+ # Adapted shamelessly from:
+ # https://dataswamp.org/~solene/2022-08-20-on-demand-minecraft-with-systemd.html
+
+ # Prevent Minecraft from starting by default
+ systemd.services.minecraft-server = { wantedBy = pkgs.lib.mkForce [ ]; };
+
+ # Listen for connections on the public port, to trigger the actual
+ # listen-minecraft service.
+ systemd.sockets.listen-minecraft = {
+ wantedBy = [ "sockets.target" ];
+ requires = [ "network.target" ];
+ listenStreams = [ "${toString publicPort}" ];
+ };
+
+ # Proxy traffic to local port, and trigger hook-minecraft
+ systemd.services.listen-minecraft = {
+ path = [ pkgs.systemd ];
+ requires = [ "hook-minecraft.service" "listen-minecraft.socket" ];
+ after = [ "hook-minecraft.service" "listen-minecraft.socket" ];
+ serviceConfig.ExecStart =
+ "${pkgs.systemd.out}/lib/systemd/systemd-socket-proxyd 127.0.0.1:${
+ toString localPort
+ }";
+ };
+
+ # Start Minecraft if required and wait for it to be available
+ # Then unlock the listen-minecraft.service
+ systemd.services.hook-minecraft = {
+ path = with pkgs; [ systemd libressl busybox ];
+
+ # Start Minecraft and the auto-shutdown timer
+ script = ''
+ systemctl start minecraft-server.service
+ systemctl start stop-minecraft.timer
+ '';
+
+ # Keep checking until the service is available
+ postStart = ''
+ for i in $(seq 60); do
+ if ${pkgs.libressl.nc}/bin/nc -z 127.0.0.1 ${
+ toString localPort
+ } > /dev/null ; then
+ exit 0
+ fi
+ ${pkgs.busybox.out}/bin/sleep 1
+ done
+ exit 1
+ '';
+ };
+
+ # Run a player check on a schedule for auto-shutdown
+ systemd.timers.stop-minecraft = {
+ timerConfig = {
+ OnCalendar = "*-*-* *:*:0/20"; # Every 20 seconds
+ Unit = "stop-minecraft.service";
+ };
+ wantedBy = [ "timers.target" ];
+ };
+
+ # If no players are connected, then stop services and prepare to resume again
+ systemd.services.stop-minecraft = {
+ serviceConfig.Type = "oneshot";
+ script = ''
+ # Check when service was launched
+ servicestartsec=$(
+ date -d \
+ "$(systemctl show \
+ --property=ActiveEnterTimestamp \
+ minecraft-server.service \
+ | cut -d= -f2)" \
+ +%s)
+
+ # Calculate elapsed time
+ serviceelapsedsec=$(( $(date +%s) - servicestartsec))
+
+ # Ignore if service just started
+ if [ $serviceelapsedsec -lt 180 ]
+ then
+ echo "Server was just started"
+ exit 0
+ fi
+
+ PLAYERS=$(
+ printf "list\n" \
+ | ${pkgs.rcon.out}/bin/rcon -m \
+ -H 127.0.0.1 -p ${builtins.toString rconPort} -P ${rconPassword} \
+ )
+
+ if echo "$PLAYERS" | grep "are 0 of a"
+ then
+ echo "Stopping server"
+ systemctl stop minecraft-server.service
+ systemctl stop hook-minecraft.service
+ systemctl stop stop-minecraft.timer
+ fi
+ '';
+ };
+
}
From a17a048d9db1d4de1437f87e0e5a21ff5c46c685 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Fri, 14 Oct 2022 01:35:14 +0000
Subject: [PATCH 047/391] set credentials oneshots to stop after launch
---
modules/services/transmission.nix | 5 +----
modules/services/wireguard.nix | 5 +----
2 files changed, 2 insertions(+), 8 deletions(-)
diff --git a/modules/services/transmission.nix b/modules/services/transmission.nix
index 89f2a00..0a6f9dd 100644
--- a/modules/services/transmission.nix
+++ b/modules/services/transmission.nix
@@ -74,10 +74,7 @@ in {
systemd.services.transmission-creds = {
requiredBy = [ "transmission.service" ];
before = [ "transmission.service" ];
- serviceConfig = {
- Type = "oneshot";
- RemainAfterExit = true;
- };
+ serviceConfig = { Type = "oneshot"; };
script = ''
if [ ! -f "${credentialsFile}" ]; then
mkdir --parents ${builtins.dirOf credentialsFile}
diff --git a/modules/services/wireguard.nix b/modules/services/wireguard.nix
index 96bb196..4b437b9 100644
--- a/modules/services/wireguard.nix
+++ b/modules/services/wireguard.nix
@@ -46,10 +46,7 @@
wantedBy = [ "wireguard-wg0.service" ];
requiredBy = [ "wireguard-wg0.service" ];
before = [ "wireguard-wg0.service" ];
- serviceConfig = {
- Type = "oneshot";
- RemainAfterExit = true;
- };
+ serviceConfig = { Type = "oneshot"; };
script = let
encryptedPrivateKey = config.networking.wireguard.encryptedPrivateKey;
privateKeyFile =
From 595eac9367202ad8bdba2e9e3642e1e5ab3aee5d Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Fri, 14 Oct 2022 04:01:41 +0000
Subject: [PATCH 048/391] switch from netdata to grafana
---
hosts/oracle/default.nix | 2 +-
modules/services/{metrics.nix => netdata.nix} | 0
modules/services/prometheus.nix | 31 +++++++++++++++++++
3 files changed, 32 insertions(+), 1 deletion(-)
rename modules/services/{metrics.nix => netdata.nix} (100%)
create mode 100644 modules/services/prometheus.nix
diff --git a/hosts/oracle/default.nix b/hosts/oracle/default.nix
index 9758d53..1f1d730 100644
--- a/hosts/oracle/default.nix
+++ b/hosts/oracle/default.nix
@@ -77,7 +77,7 @@ nixpkgs.lib.nixosSystem {
../../modules/services/jellyfin.nix
../../modules/services/nextcloud.nix
../../modules/services/transmission.nix
- ../../modules/services/metrics.nix
+ ../../modules/services/prometheus.nix
../../modules/gaming/minecraft-server.nix
];
}
diff --git a/modules/services/metrics.nix b/modules/services/netdata.nix
similarity index 100%
rename from modules/services/metrics.nix
rename to modules/services/netdata.nix
diff --git a/modules/services/prometheus.nix b/modules/services/prometheus.nix
new file mode 100644
index 0000000..01ae122
--- /dev/null
+++ b/modules/services/prometheus.nix
@@ -0,0 +1,31 @@
+{ config, pkgs, lib, ... }: {
+
+ options.metricsServer = lib.mkOption {
+ type = lib.types.str;
+ description = "Hostname of the Grafana server.";
+ default = "grafana.masu.rs";
+ };
+
+ config = {
+
+ services.grafana.enable = true;
+ services.prometheus = {
+ enable = true;
+ exporters.node.enable = true;
+ scrapeConfigs = [{
+ job_name = "local";
+ static_configs = [{ targets = [ "127.0.0.1:9100" ]; }];
+ }];
+ };
+
+ caddyRoutes = [{
+ match = [{ host = [ config.metricsServer ]; }];
+ handle = [{
+ handler = "reverse_proxy";
+ upstreams = [{ dial = "localhost:3000"; }];
+ }];
+ }];
+
+ };
+
+}
From 8cce61f4a850190e6a10a297f7d480540362b63c Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Fri, 14 Oct 2022 13:08:13 +0000
Subject: [PATCH 049/391] change metrics server hostname
---
hosts/oracle/default.nix | 1 +
modules/services/prometheus.nix | 1 -
2 files changed, 1 insertion(+), 1 deletion(-)
diff --git a/hosts/oracle/default.nix b/hosts/oracle/default.nix
index 1f1d730..cb6f239 100644
--- a/hosts/oracle/default.nix
+++ b/hosts/oracle/default.nix
@@ -21,6 +21,7 @@ nixpkgs.lib.nixosSystem {
streamServer = "stream.masu.rs";
nextcloudServer = "cloud.masu.rs";
transmissionServer = "download.masu.rs";
+ metricsServer = "metrics.masu.rs";
# Disable passwords, only use SSH key
passwordHash = null;
diff --git a/modules/services/prometheus.nix b/modules/services/prometheus.nix
index 01ae122..543540a 100644
--- a/modules/services/prometheus.nix
+++ b/modules/services/prometheus.nix
@@ -3,7 +3,6 @@
options.metricsServer = lib.mkOption {
type = lib.types.str;
description = "Hostname of the Grafana server.";
- default = "grafana.masu.rs";
};
config = {
From bc83c818db3f5dfa0161cf6bd736c40a8bdc8a56 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sat, 15 Oct 2022 12:16:05 +0000
Subject: [PATCH 050/391] honeypot for banning port scanners
---
modules/gaming/minecraft-server.nix | 2 +-
modules/services/honeypot.nix | 75 +++++++++++++++++++++++++++++
2 files changed, 76 insertions(+), 1 deletion(-)
create mode 100644 modules/services/honeypot.nix
diff --git a/modules/gaming/minecraft-server.nix b/modules/gaming/minecraft-server.nix
index f27b6f0..296f858 100644
--- a/modules/gaming/minecraft-server.nix
+++ b/modules/gaming/minecraft-server.nix
@@ -3,7 +3,7 @@
let
localPort = 25564;
- publicPort = 25565;
+ publicPort = 49732;
rconPort = 25575;
rconPassword = "thiscanbeanything";
diff --git a/modules/services/honeypot.nix b/modules/services/honeypot.nix
new file mode 100644
index 0000000..b8e79b6
--- /dev/null
+++ b/modules/services/honeypot.nix
@@ -0,0 +1,75 @@
+{ lib, pkgs, ... }:
+
+# Currently has some issues that don't make this viable.
+
+# Taken from:
+# https://dataswamp.org/~solene/2022-09-29-iblock-implemented-in-nixos.html
+
+# You will need to flush all rules when removing:
+# https://serverfault.com/questions/200635/best-way-to-clear-all-iptables-rules
+
+let
+
+ portsToBlock = [ 25545 25565 25570 ];
+ portsString =
+ builtins.concatStringsSep "," (builtins.map builtins.toString portsToBlock);
+
+ # Block IPs for 20 days
+ expire = 60 * 60 * 24 * 20;
+
+ rules = table: [
+ "INPUT -i eth0 -p tcp -m multiport --dports ${portsString} -m state --state NEW -m recent --set"
+ "INPUT -i eth0 -p tcp -m multiport --dports ${portsString} -m state --state NEW -m recent --update --seconds 10 --hitcount 1 -j SET --add-set ${table} src"
+ "INPUT -i eth0 -p tcp -m set --match-set ${table} src -j nixos-fw-refuse"
+ "INPUT -i eth0 -p udp -m set --match-set ${table} src -j nixos-fw-refuse"
+ ];
+
+ create-rules = lib.concatStringsSep "\n"
+ (builtins.map (rule: "iptables -C " + rule + " || iptables -A " + rule)
+ (rules "blocked") ++ builtins.map
+ (rule: "ip6tables -C " + rule + " || ip6tables -A " + rule)
+ (rules "blocked6"));
+
+ delete-rules = lib.concatStringsSep "\n"
+ (builtins.map (rule: "iptables -C " + rule + " && iptables -D " + rule)
+ (rules "blocked") ++ builtins.map
+ (rule: "ip6tables -C " + rule + " && ip6tables -D " + rule)
+ (rules "blocked6"));
+
+in {
+
+ networking.firewall = {
+
+ extraPackages = [ pkgs.ipset ];
+ # allowedTCPPorts = portsToBlock;
+
+ # Restore ban list when starting up
+ extraCommands = ''
+ if test -f /var/lib/ipset.conf
+ then
+ ipset restore -! < /var/lib/ipset.conf
+ else
+ ipset -exist create blocked hash:ip ${
+ if expire > 0 then "timeout ${toString expire}" else ""
+ }
+ ipset -exist create blocked6 hash:ip family inet6 ${
+ if expire > 0 then "timeout ${toString expire}" else ""
+ }
+ fi
+ ${create-rules}
+ '';
+
+ # Save list when shutting down
+ extraStopCommands = ''
+ ipset -exist create blocked hash:ip ${
+ if expire > 0 then "timeout ${toString expire}" else ""
+ }
+ ipset -exist create blocked6 hash:ip family inet6 ${
+ if expire > 0 then "timeout ${toString expire}" else ""
+ }
+ ipset save > /var/lib/ipset.conf
+ ${delete-rules}
+ '';
+ };
+
+}
From 5410afb45bb1ee30985b0b2b5d3cc41b1e5e64a3 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sat, 15 Oct 2022 15:29:21 +0000
Subject: [PATCH 051/391] switch to /var/lib for calibre-web
---
modules/services/calibre.nix | 26 +-------------------------
1 file changed, 1 insertion(+), 25 deletions(-)
diff --git a/modules/services/calibre.nix b/modules/services/calibre.nix
index 21c9707..d43b9b5 100644
--- a/modules/services/calibre.nix
+++ b/modules/services/calibre.nix
@@ -1,11 +1,4 @@
-{ config, pkgs, lib, ... }:
-
-let
-
- # Must set group owner to calibre-web
- libraryPath = "/var/books";
-
-in {
+{ config, pkgs, lib, ... }: {
imports = [ ./caddy.nix ];
@@ -22,7 +15,6 @@ in {
enable = true;
openFirewall = true;
options = {
- calibreLibrary = libraryPath;
reverseProxyAuth.enable = false;
enableBookConversion = true;
enableBookUploading = true;
@@ -47,22 +39,6 @@ in {
}];
}];
- # Create directory and set permissions
- systemd.services.calibre-library = {
- requiredBy = [ "calibre-web.service" ];
- before = [ "calibre-web.service" ];
- serviceConfig = {
- Type = "oneshot";
- User = "root";
- };
- script = ''
- mkdir --parents ${libraryPath}
- chown -R calibre-web:calibre-web ${libraryPath}
- chmod 0775 ${libraryPath}
- chmod -R 0640 ${libraryPath}/*
- '';
- };
-
};
}
From e2c351098b8af887bc42b8d4bdd1fb7094cfa3c2 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sat, 15 Oct 2022 19:00:37 +0000
Subject: [PATCH 052/391] move cloudflare to separate file
---
hosts/oracle/default.nix | 1 +
modules/services/caddy.nix | 45 ++++----------------------
modules/services/cloudflare.nix | 56 +++++++++++++++++++++++++++++++++
modules/services/jellyfin.nix | 16 ++--------
modules/services/nextcloud.nix | 35 ++-------------------
5 files changed, 68 insertions(+), 85 deletions(-)
create mode 100644 modules/services/cloudflare.nix
diff --git a/hosts/oracle/default.nix b/hosts/oracle/default.nix
index cb6f239..977b2c9 100644
--- a/hosts/oracle/default.nix
+++ b/hosts/oracle/default.nix
@@ -77,6 +77,7 @@ nixpkgs.lib.nixosSystem {
../../modules/services/calibre.nix
../../modules/services/jellyfin.nix
../../modules/services/nextcloud.nix
+ ../../modules/services/cloudflare.nix
../../modules/services/transmission.nix
../../modules/services/prometheus.nix
../../modules/gaming/minecraft-server.nix
diff --git a/modules/services/caddy.nix b/modules/services/caddy.nix
index 02c8f00..017abd8 100644
--- a/modules/services/caddy.nix
+++ b/modules/services/caddy.nix
@@ -5,6 +5,11 @@
type = lib.types.listOf lib.types.attrs;
description = "Caddy JSON routes for http servers";
};
+ caddyBlocks = lib.mkOption {
+ type = lib.types.listOf lib.types.attrs;
+ description = "Caddy JSON error blocks for http servers";
+ default = [ ];
+ };
};
config = {
@@ -16,45 +21,7 @@
apps.http.servers.main = {
listen = [ ":443" ];
routes = config.caddyRoutes;
- errors.routes = [{
- match = [{
- not = [{
- remote_ip.ranges = [
-
- # Cloudflare IPv4: https://www.cloudflare.com/ips-v4
- "173.245.48.0/20"
- "103.21.244.0/22"
- "103.22.200.0/22"
- "103.31.4.0/22"
- "141.101.64.0/18"
- "108.162.192.0/18"
- "190.93.240.0/20"
- "188.114.96.0/20"
- "197.234.240.0/22"
- "198.41.128.0/17"
- "162.158.0.0/15"
- "104.16.0.0/13"
- "104.24.0.0/14"
- "172.64.0.0/13"
- "131.0.72.0/22"
-
- # Cloudflare IPv6: https://www.cloudflare.com/ips-v6
- "2400:cb00::/32"
- "2606:4700::/32"
- "2803:f800::/32"
- "2405:b500::/32"
- "2405:8100::/32"
- "2a06:98c0::/29"
- "2c0f:f248::/32"
-
- ];
- }];
- }];
- handle = [{
- handler = "static_response";
- abort = true;
- }];
- }];
+ errors.routes = config.caddyBlocks;
};
});
diff --git a/modules/services/cloudflare.nix b/modules/services/cloudflare.nix
new file mode 100644
index 0000000..a743886
--- /dev/null
+++ b/modules/services/cloudflare.nix
@@ -0,0 +1,56 @@
+# This module is necessary for hosts that are serving through Cloudflare.
+
+{ ... }:
+
+let
+
+ cloudflareIpRanges = [
+
+ # Cloudflare IPv4: https://www.cloudflare.com/ips-v4
+ "173.245.48.0/20"
+ "103.21.244.0/22"
+ "103.22.200.0/22"
+ "103.31.4.0/22"
+ "141.101.64.0/18"
+ "108.162.192.0/18"
+ "190.93.240.0/20"
+ "188.114.96.0/20"
+ "197.234.240.0/22"
+ "198.41.128.0/17"
+ "162.158.0.0/15"
+ "104.16.0.0/13"
+ "104.24.0.0/14"
+ "172.64.0.0/13"
+ "131.0.72.0/22"
+
+ # Cloudflare IPv6: https://www.cloudflare.com/ips-v6
+ "2400:cb00::/32"
+ "2606:4700::/32"
+ "2803:f800::/32"
+ "2405:b500::/32"
+ "2405:8100::/32"
+ "2a06:98c0::/29"
+ "2c0f:f248::/32"
+
+ ];
+
+in {
+
+ imports = [ ./caddy.nix ];
+
+ config = {
+
+ # Forces Caddy to error if coming from a non-Cloudflare IP
+ caddyBlocks = [{
+ match = [{ not = [{ remote_ip.ranges = cloudflareIpRanges; }]; }];
+ handle = [{
+ handler = "static_response";
+ abort = true;
+ }];
+ }];
+
+ # Allows Nextcloud to trust Cloudflare IPs
+ services.nextcloud.config.trustedProxies = cloudflareIpRanges;
+
+ };
+}
diff --git a/modules/services/jellyfin.nix b/modules/services/jellyfin.nix
index 0f69c85..b09d36b 100644
--- a/modules/services/jellyfin.nix
+++ b/modules/services/jellyfin.nix
@@ -20,20 +20,8 @@
}];
# Create videos directory, allow anyone in Jellyfin group to manage it
- systemd.services.videos-library = {
- wantedBy = [ "jellyfin.service" ];
- requiredBy = [ "jellyfin.service" ];
- before = [ "jellyfin.service" ];
- serviceConfig = {
- Type = "oneshot";
- RemainAfterExit = true;
- };
- script = let videosDirectory = "/var/videos";
- in ''
- mkdir --parents --mode 0755 ${videosDirectory}
- chown jellyfin:jellyfin ${videosDirectory}
- '';
- };
+ systemd.tmpfiles.rules =
+ [ "d /var/lib/jellyfin/library 0775 jellyfin jellyfin" ];
};
diff --git a/modules/services/nextcloud.nix b/modules/services/nextcloud.nix
index 40a3a2c..9288d24 100644
--- a/modules/services/nextcloud.nix
+++ b/modules/services/nextcloud.nix
@@ -2,8 +2,8 @@
let
- adminpassFile = "/var/lib/nextcloud/creds";
- backupS3File = "/var/lib/nextcloud/backup-creds";
+ adminpassFile = "${config.services.nextcloud.datadir}/creds";
+ backupS3File = "${config.services.nextcloud.datadir}/backup-creds";
in {
@@ -45,35 +45,6 @@ in {
config = {
adminpassFile = adminpassFile;
extraTrustedDomains = [ config.nextcloudServer ];
- trustedProxies = [
-
- # Cloudflare IPv4: https://www.cloudflare.com/ips-v4
- "173.245.48.0/20"
- "103.21.244.0/22"
- "103.22.200.0/22"
- "103.31.4.0/22"
- "141.101.64.0/18"
- "108.162.192.0/18"
- "190.93.240.0/20"
- "188.114.96.0/20"
- "197.234.240.0/22"
- "198.41.128.0/17"
- "162.158.0.0/15"
- "104.16.0.0/13"
- "104.24.0.0/14"
- "172.64.0.0/13"
- "131.0.72.0/22"
-
- # Cloudflare IPv6: https://www.cloudflare.com/ips-v6
- "2400:cb00::/32"
- "2606:4700::/32"
- "2803:f800::/32"
- "2405:b500::/32"
- "2405:8100::/32"
- "2a06:98c0::/29"
- "2c0f:f248::/32"
-
- ];
};
};
@@ -125,7 +96,7 @@ in {
enable = true;
settings = {
dbs = [{
- path = "/var/lib/nextcloud/data/nextcloud.db";
+ path = "${config.services.nextcloud.datadir}/data/nextcloud.db";
replicas = [{
url =
"s3://${config.backupS3.bucket}.${config.backupS3.endpoint}/nextcloud";
From 69a54b99c85e725dc084f872c2fe9f371a79b047 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sun, 16 Oct 2022 01:32:39 +0000
Subject: [PATCH 053/391] new secrets management system
---
apps/encrypt-secret.nix | 19 ++++++
apps/reencrypt-secrets.nix | 27 +++++++++
flake.nix | 7 +++
hosts/public-keys | 4 ++
modules/services/secrets.nix | 97 +++++++++++++++++++++++++++++++
modules/services/transmission.nix | 34 ++++-------
modules/shell/age.nix | 28 ++++-----
private/transmission.json.age | 15 +++--
8 files changed, 188 insertions(+), 43 deletions(-)
create mode 100644 apps/encrypt-secret.nix
create mode 100644 apps/reencrypt-secrets.nix
create mode 100644 hosts/public-keys
create mode 100644 modules/services/secrets.nix
diff --git a/apps/encrypt-secret.nix b/apps/encrypt-secret.nix
new file mode 100644
index 0000000..325d942
--- /dev/null
+++ b/apps/encrypt-secret.nix
@@ -0,0 +1,19 @@
+{ pkgs, ... }: {
+
+ # nix run github:nmasur/dotfiles#encrypt-secret > private/mysecret.age
+
+ type = "app";
+
+ program = builtins.toString (pkgs.writeShellScript "encrypt-secret" ''
+ printf "\nEnter the secret data to encrypt for all hosts...\n\n" 1>&2
+ read -p "Secret: " secret
+ printf "\nEncrypting...\n\n" 1>&2
+ tmpfile=$(mktemp)
+ echo "''${secret}" > ''${tmpfile}
+ ${pkgs.age}/bin/age --encrypt --armor --recipients-file ${
+ builtins.toString ../hosts/public-keys
+ } $tmpfile
+ rm $tmpfile
+ '');
+
+}
diff --git a/apps/reencrypt-secrets.nix b/apps/reencrypt-secrets.nix
new file mode 100644
index 0000000..f1c2c2d
--- /dev/null
+++ b/apps/reencrypt-secrets.nix
@@ -0,0 +1,27 @@
+{ pkgs, ... }: {
+
+ # nix run github:nmasur/dotfiles#reencrypt-secrets ./private
+
+ type = "app";
+
+ program = builtins.toString (pkgs.writeShellScript "reencrypt-secrets" ''
+ if [ $# -eq 0 ]; then
+ echo "Must provide directory to reencrypt."
+ exit 1
+ fi
+ encrypted=$1
+ for encryptedfile in ''${1}/*; do
+ tmpfile=$(mktemp)
+ echo "Decrypting ''${encryptedfile}..."
+ ${pkgs.age}/bin/age --decrypt \
+ --identity ~/.ssh/id_ed25519 $encryptedfile > $tmpfile
+ echo "Encrypting ''${encryptedfile}..."
+ ${pkgs.age}/bin/age --encrypt --armor --recipients-file ${
+ builtins.toString ../hosts/public-keys
+ } $tmpfile > $encryptedfile
+ rm $tmpfile
+ done
+ echo "Finished."
+ '');
+
+}
diff --git a/flake.nix b/flake.nix
index 04c5811..1a9709c 100644
--- a/flake.nix
+++ b/flake.nix
@@ -92,6 +92,13 @@
# Load the SSH key for this machine
loadkey = import ./apps/loadkey.nix { inherit pkgs; };
+ # Encrypt secret for all machines
+ encrypt-secret = import ./apps/encrypt-secret.nix { inherit pkgs; };
+
+ # Re-encrypt secrets for all machines
+ reencrypt-secrets =
+ import ./apps/reencrypt-secrets.nix { inherit pkgs; };
+
# Connect machine metrics to Netdata Cloud
netdata = import ./apps/netdata-cloud.nix { inherit pkgs; };
diff --git a/hosts/public-keys b/hosts/public-keys
new file mode 100644
index 0000000..74beb04
--- /dev/null
+++ b/hosts/public-keys
@@ -0,0 +1,4 @@
+# Scan hosts: ssh-keyscan -t ed25519
+
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s noah
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHVknmPi7sG6ES0G0jcsvebzKGWWaMfJTYgvOue6EULI oracle.masu.rs
diff --git a/modules/services/secrets.nix b/modules/services/secrets.nix
new file mode 100644
index 0000000..79187b6
--- /dev/null
+++ b/modules/services/secrets.nix
@@ -0,0 +1,97 @@
+# Secrets management method taken from here:
+# https://xeiaso.net/blog/nixos-encrypted-secrets-2021-01-20
+
+# In my case, I pre-encrypt my secrets and commit them to git.
+
+{ config, pkgs, lib, ... }: {
+
+ options = {
+
+ identityFile = lib.mkOption {
+ type = lib.types.str;
+ description = "Path to existing identity file.";
+ default = "/etc/ssh/ssh_host_ed25519_key";
+ };
+
+ # secretsDirectory = lib.mkOption {
+ # type = lib.types.str;
+ # description = "Default path to place secrets.";
+ # default = "/var/lib/private";
+ # };
+
+ secrets = lib.mkOption {
+ type = lib.types.attrsOf (lib.types.submodule {
+ options = {
+ source = lib.mkOption {
+ type = lib.types.path;
+ description = "Path to encrypted secret.";
+ };
+ dest = lib.mkOption {
+ type = lib.types.str;
+ description = "Resulting path for decrypted secret.";
+ };
+ owner = lib.mkOption {
+ default = "root";
+ type = lib.types.str;
+ description = "User to own the secret.";
+ };
+ group = lib.mkOption {
+ default = "root";
+ type = lib.types.str;
+ description = "Group to own the secret.";
+ };
+ permissions = lib.mkOption {
+ default = "0400";
+ type = lib.types.str;
+ description = "Permissions expressed as octal.";
+ };
+ };
+ });
+ description = "Set of secrets to decrypt to disk.";
+ default = { };
+ };
+
+ };
+
+ config = {
+
+ # Create a default directory to place secrets
+
+ # systemd.tmpfiles.rules = [ "d ${config.secretsDirectory} 0750 root wheel" ];
+
+ # Declare oneshot service to decrypt secret using SSH host key
+ # - Requires that the secret is already encrypted for the host
+ # - Encrypt secrets: nix run github:nmasur/dotfiles#encrypt-secret
+
+ systemd.services = lib.mapAttrs' (name: attrs: {
+ name = "${name}-secret";
+ value = {
+
+ description = "Decrypt secret for ${name}";
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig.Type = "oneshot";
+ script = ''
+ ${pkgs.age}/bin/age --decrypt \
+ --identity ${config.identityFile} \
+ --output ${attrs.dest} \
+ ${attrs.source}
+
+ chown '${attrs.owner}':'${attrs.group}' '${attrs.dest}'
+ chmod '${attrs.permissions}' '${attrs.dest}'
+ '';
+
+ };
+ }) config.secrets;
+
+ # Example declaration
+ # config.secrets.my-secret = {
+ # source = ../../private/my-secret.age;
+ # dest = "/var/lib/private/my-secret";
+ # owner = "my-app";
+ # group = "my-app";
+ # permissions = "0440";
+ # };
+
+ };
+
+}
diff --git a/modules/services/transmission.nix b/modules/services/transmission.nix
index 0a6f9dd..f35088d 100644
--- a/modules/services/transmission.nix
+++ b/modules/services/transmission.nix
@@ -1,10 +1,6 @@
-{ config, pkgs, lib, ... }:
+{ config, pkgs, lib, ... }: {
-let credentialsFile = "/var/lib/private/transmission.json";
-
-in {
-
- imports = [ ./wireguard.nix ];
+ imports = [ ./wireguard.nix ./secrets.nix ];
options = {
transmissionServer = lib.mkOption {
@@ -33,14 +29,14 @@ in {
rpc-whitelist = "127.0.0.1,${vpnIp}";
rpc-whitelist-enabled = true;
};
- credentialsFile = credentialsFile;
+ credentialsFile = config.secrets.transmission.dest;
};
# Bind transmission to wireguard namespace
systemd.services.transmission = {
bindsTo = [ "netns@${namespace}.service" ];
- requires = [ "network-online.target" ];
- after = [ "wireguard-wg0.service" ];
+ requires = [ "network-online.target" "transmission-secret.service" ];
+ after = [ "wireguard-wg0.service" "transmission-secret.service" ];
unitConfig.JoinsNamespaceOf = "netns@${namespace}.service";
serviceConfig.NetworkNamespacePath = "/var/run/netns/${namespace}";
};
@@ -71,21 +67,11 @@ in {
};
# Create credentials file for transmission
- systemd.services.transmission-creds = {
- requiredBy = [ "transmission.service" ];
- before = [ "transmission.service" ];
- serviceConfig = { Type = "oneshot"; };
- script = ''
- if [ ! -f "${credentialsFile}" ]; then
- mkdir --parents ${builtins.dirOf credentialsFile}
- ${pkgs.age}/bin/age --decrypt \
- --identity ${config.identityFile} \
- --output ${credentialsFile} \
- ${builtins.toString ../../private/transmission.json.age}
- chown transmission:transmission ${credentialsFile}
- chmod 0700 ${credentialsFile}
- fi
- '';
+ secrets.transmission = {
+ source = ../../private/transmission.json.age;
+ dest = "/var/lib/private/transmission.json";
+ owner = "transmission";
+ group = "transmission";
};
};
diff --git a/modules/shell/age.nix b/modules/shell/age.nix
index 87cf6df..7dcc33b 100644
--- a/modules/shell/age.nix
+++ b/modules/shell/age.nix
@@ -1,25 +1,25 @@
{ config, pkgs, lib, ... }: {
options = {
- identityFile = lib.mkOption {
- type = lib.types.str;
- description = "Path to SSH key for age";
- default = "${config.homePath}/.ssh/id_ed25519";
- };
+ # identityFile = lib.mkOption {
+ # type = lib.types.str;
+ # description = "Path to SSH key for age";
+ # default = "${config.homePath}/.ssh/id_ed25519";
+ # };
};
config = {
home-manager.users.${config.user}.home.packages = with pkgs; [ age ];
- system.activationScripts.age.text = ''
- if [ ! -f "${config.identityFile}" ]; then
- $DRY_RUN_CMD echo -e \nEnter the seed phrase for your SSH key...\n
- $DRY_RUN_CMD echo -e \nThen press ^D when complete.\n\n
- $DRY_RUN_CMD ${pkgs.melt}/bin/melt restore ${config.identityFile}
- $DRY_RUN_CMD chown ${config.user}:wheel ${config.identityFile}*
- $DRY_RUN_CMD echo -e \n\nContinuing activation.\n\n
- fi
- '';
+ # system.activationScripts.age.text = ''
+ # if [ ! -f "${config.identityFile}" ]; then
+ # $DRY_RUN_CMD echo -e \nEnter the seed phrase for your SSH key...\n
+ # $DRY_RUN_CMD echo -e \nThen press ^D when complete.\n\n
+ # $DRY_RUN_CMD ${pkgs.melt}/bin/melt restore ${config.identityFile}
+ # $DRY_RUN_CMD chown ${config.user}:wheel ${config.identityFile}*
+ # $DRY_RUN_CMD echo -e \n\nContinuing activation.\n\n
+ # fi
+ # '';
};
}
diff --git a/private/transmission.json.age b/private/transmission.json.age
index a98cddd..091ed0c 100644
--- a/private/transmission.json.age
+++ b/private/transmission.json.age
@@ -1,5 +1,10 @@
-age-encryption.org/v1
--> ssh-ed25519 MgHaOw PAAWnpc5bJ5S972U+L6YgHpI2a7aqwxWaNZrvQIODVg
-A6zRWD6TmlVb8b5J3gdMf3JAeHIHgUQA3C8PpR8GveQ
---- xP8vbUGtTlvaZ0K2J0+J0ICoL9gvCbhQg6GxG8ZYCS0
-75L2cJĀe,ݝTn$Mi4Yi[!ŁL%(iF;6ԊjO
\ No newline at end of file
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBSYUU2
+OWp1ZDRLVTJrR1k3SVdXZnRPN3RUNDY5RFM2WEZaTzRmdU1zSWdrCjV1VHpNMG81
+VHA4LzdsN3FpOUNoTGNlWmlHS3E4dTVvWTVoZHJMSlNYTHMKLT4gc3NoLWVkMjU1
+MTkgWXlTVU1RIDVjM1JmclgxQThKcU1XQWptWmN0MjlKU1NvMEpwMnYyd3Y4czBT
+RTVkQ0UKc0pOYkRxZldsWnloQnBYMWk1eFU0M3R5SkZVTUYyaldIcENONE1PWVJv
+NAotLS0gclZDQndaREZpZ2Z0R0d0alBPeW1tZFVOVHhSaHNlQTRXdTRoZmFDUFFK
+SQqueOUzTFuhSryWW4Do+NAUcq2YdOtN8gmP5Zcp1oMe/9+JIs6Upjsc3eWn+dSA
+7QwbGlTyd6D0+PLJxHA18Xfgpj5owGeTDtwykFPgdO1BjE8C3KlgzUfN
+-----END AGE ENCRYPTED FILE-----
From 0f112ea16b4f4a3afe3a9fe7f4919995785dbe63 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sun, 16 Oct 2022 03:18:58 +0000
Subject: [PATCH 054/391] reencrypt secrets and fix nextcloud backups
---
modules/services/backups.nix | 46 ++++++++++++++++++
modules/services/nextcloud.nix | 76 +++++++-----------------------
modules/services/secrets.nix | 12 ++---
modules/services/transmission.nix | 2 +-
modules/services/wireguard.nix | 34 ++-----------
private/backup.age | 16 ++++---
private/mailpass.age | 15 ++++--
private/nextcloud.age | Bin 246 -> 552 bytes
private/wireguard.age | 15 ++++--
9 files changed, 104 insertions(+), 112 deletions(-)
create mode 100644 modules/services/backups.nix
diff --git a/modules/services/backups.nix b/modules/services/backups.nix
new file mode 100644
index 0000000..373387c
--- /dev/null
+++ b/modules/services/backups.nix
@@ -0,0 +1,46 @@
+{ config, pkgs, lib, ... }: {
+
+ options = {
+
+ backupS3 = {
+ endpoint = lib.mkOption {
+ type = lib.types.str;
+ description = "S3 endpoint for backups";
+ };
+ bucket = lib.mkOption {
+ type = lib.types.str;
+ description = "S3 bucket for backups";
+ };
+ accessKeyId = lib.mkOption {
+ type = lib.types.str;
+ description = "S3 access key ID for backups";
+ };
+ };
+
+ };
+
+ config = {
+
+ secrets.backup = {
+ source = ../../private/backup.age;
+ dest = "${config.secretsDirectory}/backup";
+ };
+
+ # # Backup library to object storage
+ # services.restic.backups.calibre = {
+ # user = "calibre-web";
+ # repository =
+ # "s3://${config.backupS3.endpoint}/${config.backupS3.bucket}/calibre";
+ # paths = [
+ # "/var/books"
+ # "/var/lib/calibre-web/app.db"
+ # "/var/lib/calibre-web/gdrive.db"
+ # ];
+ # initialize = true;
+ # timerConfig = { OnCalendar = "00:05:00"; };
+ # environmentFile = backupS3File;
+ # };
+
+ };
+
+}
diff --git a/modules/services/nextcloud.nix b/modules/services/nextcloud.nix
index 9288d24..60bcbdd 100644
--- a/modules/services/nextcloud.nix
+++ b/modules/services/nextcloud.nix
@@ -1,13 +1,6 @@
-{ config, pkgs, lib, ... }:
+{ config, pkgs, lib, ... }: {
-let
-
- adminpassFile = "${config.services.nextcloud.datadir}/creds";
- backupS3File = "${config.services.nextcloud.datadir}/backup-creds";
-
-in {
-
- imports = [ ./caddy.nix ../shell/age.nix ];
+ imports = [ ./caddy.nix ./secrets.nix ./backups.nix ];
options = {
@@ -16,22 +9,6 @@ in {
description = "Hostname for Nextcloud";
};
- # Options for backup
- backupS3 = {
- endpoint = lib.mkOption {
- type = lib.types.str;
- description = "S3 endpoint for backups";
- };
- bucket = lib.mkOption {
- type = lib.types.str;
- description = "S3 bucket for backups";
- };
- accessKeyId = lib.mkOption {
- type = lib.types.str;
- description = "S3 access key ID for backups";
- };
- };
-
};
config = {
@@ -43,7 +20,7 @@ in {
hostName = "localhost";
maxUploadSize = "50G";
config = {
- adminpassFile = adminpassFile;
+ adminpassFile = config.secrets.nextcloud.dest;
extraTrustedDomains = [ config.nextcloudServer ];
};
};
@@ -54,6 +31,7 @@ in {
port = 8080;
}];
+ # Point Caddy to Nginx
caddyRoutes = [{
match = [{ host = [ config.nextcloudServer ]; }];
handle = [{
@@ -63,22 +41,16 @@ in {
}];
# Create credentials file for nextcloud
- systemd.services.nextcloud-creds = {
+ secrets.nextcloud = {
+ source = ../../private/nextcloud.age;
+ dest = "${config.secretsDirectory}/nextcloud";
+ owner = "nextcloud";
+ group = "nextcloud";
+ permissions = "0440";
+ };
+ systemd.services.nextcloud-secret = {
requiredBy = [ "nextcloud-setup.service" ];
before = [ "nextcloud-setup.service" ];
- serviceConfig = {
- Type = "oneshot";
- User = "root";
- };
- script = ''
- mkdir --parents $(dirname ${adminpassFile})
- ${pkgs.age}/bin/age --decrypt \
- --identity ${config.identityFile} \
- --output ${adminpassFile} \
- ${builtins.toString ../../private/nextcloud.age}
- chown nextcloud:nextcloud ${adminpassFile}
- chmod 0700 ${adminpassFile}
- '';
};
## Backup config
@@ -103,30 +75,14 @@ in {
}];
}];
};
- environmentFile = backupS3File;
+ environmentFile = config.secrets.backup.dest;
};
# Don't start litestream unless nextcloud is up
systemd.services.litestream = {
- after = [ "phpfpm-nextcloud.service" ];
- requires = [ "phpfpm-nextcloud.service" ];
- environment.LITESTREAM_ACCESS_KEY_ID = config.backupS3.accessKeyId;
- };
-
- # Create credentials file for litestream
- systemd.services.litestream-s3 = {
- requiredBy = [ "litestream.service" ];
- before = [ "litestream.service" ];
- serviceConfig = { Type = "oneshot"; };
- script = ''
- echo \
- LITESTREAM_SECRET_ACCESS_KEY=$(${pkgs.age}/bin/age --decrypt \
- --identity ${config.identityFile} \
- ${builtins.toString ../../private/backup.age} \
- ) > ${backupS3File}
- chown litestream:litestream ${backupS3File}
- chmod 0700 ${backupS3File}
- '';
+ after = [ "phpfpm-nextcloud.service" "backup-secret.service" ];
+ requires = [ "phpfpm-nextcloud.service" "backup-secret.service" ];
+ environment.AWS_ACCESS_KEY_ID = config.backupS3.accessKeyId;
};
};
diff --git a/modules/services/secrets.nix b/modules/services/secrets.nix
index 79187b6..2583c65 100644
--- a/modules/services/secrets.nix
+++ b/modules/services/secrets.nix
@@ -13,11 +13,11 @@
default = "/etc/ssh/ssh_host_ed25519_key";
};
- # secretsDirectory = lib.mkOption {
- # type = lib.types.str;
- # description = "Default path to place secrets.";
- # default = "/var/lib/private";
- # };
+ secretsDirectory = lib.mkOption {
+ type = lib.types.str;
+ description = "Default path to place secrets.";
+ default = "/var/private";
+ };
secrets = lib.mkOption {
type = lib.types.attrsOf (lib.types.submodule {
@@ -57,7 +57,7 @@
# Create a default directory to place secrets
- # systemd.tmpfiles.rules = [ "d ${config.secretsDirectory} 0750 root wheel" ];
+ systemd.tmpfiles.rules = [ "d ${config.secretsDirectory} 0755 root wheel" ];
# Declare oneshot service to decrypt secret using SSH host key
# - Requires that the secret is already encrypted for the host
diff --git a/modules/services/transmission.nix b/modules/services/transmission.nix
index f35088d..7fd56ad 100644
--- a/modules/services/transmission.nix
+++ b/modules/services/transmission.nix
@@ -69,7 +69,7 @@
# Create credentials file for transmission
secrets.transmission = {
source = ../../private/transmission.json.age;
- dest = "/var/lib/private/transmission.json";
+ dest = "${config.secretsDirectory}/transmission.json";
owner = "transmission";
group = "transmission";
};
diff --git a/modules/services/wireguard.nix b/modules/services/wireguard.nix
index 4b437b9..9b1003d 100644
--- a/modules/services/wireguard.nix
+++ b/modules/services/wireguard.nix
@@ -1,14 +1,6 @@
{ config, pkgs, lib, ... }: {
- options.networking.wireguard = {
-
- encryptedPrivateKey = lib.mkOption {
- type = lib.types.path;
- description = "Nix path to age-encrypted client private key";
- default = ../../private/wireguard.age;
- };
-
- };
+ imports = [ ./secrets.nix ];
config = {
@@ -19,7 +11,7 @@
# Establishes identity of this machine
generatePrivateKeyFile = false;
- privateKeyFile = "/private/wireguard/wg0";
+ privateKeyFile = config.secrets.wireguard.dest;
# Move to network namespace for isolating programs
interfaceNamespace = "wg";
@@ -42,25 +34,9 @@
};
# Create private key file for wireguard
- systemd.services.wireguard-private-key = {
- wantedBy = [ "wireguard-wg0.service" ];
- requiredBy = [ "wireguard-wg0.service" ];
- before = [ "wireguard-wg0.service" ];
- serviceConfig = { Type = "oneshot"; };
- script = let
- encryptedPrivateKey = config.networking.wireguard.encryptedPrivateKey;
- privateKeyFile =
- config.networking.wireguard.interfaces.wg0.privateKeyFile;
- in ''
- mkdir --parents --mode 0755 ${builtins.dirOf privateKeyFile}
- if [ ! -f "${privateKeyFile}" ]; then
- ${pkgs.age}/bin/age --decrypt \
- --identity ${config.identityFile} \
- --output ${privateKeyFile} \
- ${builtins.toString encryptedPrivateKey}
- chmod 0700 ${privateKeyFile}
- fi
- '';
+ secrets.wireguard = {
+ source = ../../private/wireguard.age;
+ dest = "${config.secretsDirectory}/wireguard";
};
};
diff --git a/private/backup.age b/private/backup.age
index bc1483a..497ddf6 100644
--- a/private/backup.age
+++ b/private/backup.age
@@ -1,6 +1,10 @@
-age-encryption.org/v1
--> ssh-ed25519 MgHaOw 2y5C1sRq3NZqmfGBiPgMS7qcU5v+70wri5xkXbceaHM
-zyd7b+OuVi3rxxUEm+QW/80M80SSKaebOwOioRjnYak
---- yZQxxjYYNouD5wnEj+qNjUSrRU01hXvWUuax4C252i8
-/2*MD^ӜOQ
-5 ssh-ed25519 MgHaOw 8h/ESNjn0gknNXoHM34UobHzPgmRunoP97H+KHOuGQM
-qowH+6TlCRECGCscRgKx6kswY+PZezYUD6E+x9e+5pM
---- kFj1JzRdh/D13Uq9aNTzMJIFysEE+kzzthjewOIR2+o
-Ȳ6}rCz
>&=jW^Wl!"}MS8=xm =ЇL
\ No newline at end of file
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBIRnEy
+am1HTXptMmpSTjZQa2hQSUxNUU1rdXlod3U3bVZ0VGxQVlE2WldBClg0K3k5MDZH
+NFlPdHI0VnZSZE9DTTNMeDdldUpFQ3V0V0k0RnRIZHFhdzAKLT4gc3NoLWVkMjU1
+MTkgWXlTVU1RIFlxZFpqNU5kNVY2VUk0Um0zZ1d1M2FlRkYvV1BoTEFSNjZ2Vk9I
+QTVHM0UKY2gvVU9wckVUNEFwdUwyVFJZUGwxOFFKYm12cUlFTEVrb3IvcXI3TnND
+UQotLS0gMHdaajFjV2ozd0g5dWN5YkhiU2NBVWZVSU00aVIzY0VKYjJleVlQTUdX
+QQo7rH6kOTRFP43U/qiBOCHx+hBGlaODFRS1CgzkuqfMOq8PM28RsIN+l3sbwjxE
+W8chE/A0EChjIDtfYTMgsN3cYg==
+-----END AGE ENCRYPTED FILE-----
diff --git a/private/nextcloud.age b/private/nextcloud.age
index 77526b6596398552bc8d57e1c7b76f2b79683152..e0d8ca807bb1ab6e10f098168c52f6fed95dcc98 100644
GIT binary patch
literal 552
zcmZ{iyLO{607QGf!hMdDVv7LcWl(~Ughhve#YVhhL%@7}yxZ@z)6CqN{r)Kv
zxjx>#yJ&~7MZ_mX_RjG`^w--fA}!l6<+IQNqwvUhR`vO;1%0TA)w+Tg-@{vO!8Wsf
zh$%9B1pCBwKFfzWmvZfuY-3PxeibY;Q_iXAU{ZPGcizWF1jNGKK^1M;VwEfcO!p!k
zO{*zE)=goiP8X#_(Jhun%mLacAS0Kxadrn-cqPRf7hGl|-;kbr1ms(N45?lh8Xlgh
zWz;aJL{!%4simAj;ydkEj(jy{xQ`kFDR2-z1%8Br^n*D8J7s#(2J4wQeJrPxrH4gf
zPTMgik0B&Wo~{FSB0Z5~UZ&FnKUt(+**uHg;%)#XI|QsBLDXQQ>iL~@he64fVG0va
zr>s;fN>uL3M@6$IP(0^-bW7Uo$h$(PF#8~A?O1=YlLiBf0*M>BDaCTT&JSVL-$C_C
z$yMur1_K|*h1Ge}u^GjBOeN=i{SQ)XsoI8Rr4R99_LWqK=GFii?FMNczqOJ!kG
zT2(nQc~fd)bY^KwD?v7QVNyXsPi#U?LQYv@No6x-MNJAVEiE8tN^fCrQaEsHPjyo<
zVp>aVNJcU?S#f%1OKNmyK|ym~%Qc(&e#L$H*Wq|4w@}KwsI6eqsKL%(O
w9)AbuS8smQol&)kjaymIZ%)-gKBGgdSdg$w#39g+>lk2Ly9xs!ow8X7n=av2v;Y7A
diff --git a/private/wireguard.age b/private/wireguard.age
index a055a02..17f8112 100644
--- a/private/wireguard.age
+++ b/private/wireguard.age
@@ -1,5 +1,10 @@
-age-encryption.org/v1
--> ssh-ed25519 MgHaOw lG6VtLpEU/33egpB9WqJiulVdL3K5a2IGjekIu6HtSI
-VsAfCbtQuHU9tptKQR4buD3ydwb89aSbUVdEoetU1gc
---- kts74pY8NdQh4pTlMT3NTHxU0qnA0txwQKH5FkQCdXA
-S8A0`0$,1*/HVZtWBC[
Date: Sun, 16 Oct 2022 03:19:41 +0000
Subject: [PATCH 055/391] backups requires secrets
---
modules/services/backups.nix | 2 ++
1 file changed, 2 insertions(+)
diff --git a/modules/services/backups.nix b/modules/services/backups.nix
index 373387c..57503b6 100644
--- a/modules/services/backups.nix
+++ b/modules/services/backups.nix
@@ -1,5 +1,7 @@
{ config, pkgs, lib, ... }: {
+ imports = [ ./secrets.nix ];
+
options = {
backupS3 = {
From e1e27ca065bb4178b8d561648f85087779d328bb Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sun, 16 Oct 2022 03:47:21 +0000
Subject: [PATCH 056/391] backup calibre data
---
hosts/oracle/default.nix | 2 +-
modules/services/backups.nix | 4 ++++
modules/services/calibre.nix | 31 ++++++++++++++++++++++++++++++-
modules/services/nextcloud.nix | 2 +-
private/backup.age | 16 ++++++++--------
5 files changed, 44 insertions(+), 11 deletions(-)
diff --git a/hosts/oracle/default.nix b/hosts/oracle/default.nix
index 977b2c9..382e7cc 100644
--- a/hosts/oracle/default.nix
+++ b/hosts/oracle/default.nix
@@ -32,7 +32,7 @@ nixpkgs.lib.nixosSystem {
backupS3 = {
endpoint = "s3.us-west-002.backblazeb2.com";
bucket = "noahmasur-backup";
- accessKeyId = "0026b0e73b2e2c80000000004";
+ accessKeyId = "0026b0e73b2e2c80000000005";
};
# Grant access to Jellyfin directories from Nextcloud
diff --git a/modules/services/backups.nix b/modules/services/backups.nix
index 57503b6..d63e3dd 100644
--- a/modules/services/backups.nix
+++ b/modules/services/backups.nix
@@ -23,9 +23,13 @@
config = {
+ users.groups.backup = { };
+
secrets.backup = {
source = ../../private/backup.age;
dest = "${config.secretsDirectory}/backup";
+ group = "backup";
+ permissions = "0440";
};
# # Backup library to object storage
diff --git a/modules/services/calibre.nix b/modules/services/calibre.nix
index d43b9b5..dc29b8d 100644
--- a/modules/services/calibre.nix
+++ b/modules/services/calibre.nix
@@ -1,6 +1,6 @@
{ config, pkgs, lib, ... }: {
- imports = [ ./caddy.nix ];
+ imports = [ ./caddy.nix ./backups.nix ];
options = {
bookServer = lib.mkOption {
@@ -39,6 +39,35 @@
}];
}];
+ # Run a backup on a schedule
+ systemd.timers.calibre-backup = {
+ timerConfig = {
+ OnCalendar = "*-*-* 00:00:00"; # Once per day
+ Unit = "calibre-backup.service";
+ };
+ wantedBy = [ "timers.target" ];
+ };
+
+ # Backup Calibre data to object storage
+ systemd.services.calibre-backup =
+ let libraryPath = "/var/lib/calibre-web"; # Default location
+ in {
+ description = "Backup Calibre data";
+ environment.AWS_ACCESS_KEY_ID = config.backupS3.accessKeyId;
+ serviceConfig = {
+ Type = "oneshot";
+ User = "calibre-web";
+ Group = "backup";
+ EnvironmentFile = config.secrets.backup.dest;
+ };
+ script = ''
+ ${pkgs.awscli2}/bin/aws s3 sync \
+ ${libraryPath}/ \
+ s3://${config.backupS3.bucket}/calibre/ \
+ --endpoint-url=https://${config.backupS3.endpoint}
+ '';
+ };
+
};
}
diff --git a/modules/services/nextcloud.nix b/modules/services/nextcloud.nix
index 60bcbdd..13f6aeb 100644
--- a/modules/services/nextcloud.nix
+++ b/modules/services/nextcloud.nix
@@ -60,7 +60,7 @@
lib.mkForce "0770";
# Allow litestream and nextcloud to share a sqlite database
- users.users.litestream.extraGroups = [ "nextcloud" ];
+ users.users.litestream.extraGroups = [ "nextcloud" "backup" ];
users.users.nextcloud.extraGroups = [ "litestream" ];
# Backup sqlite database with litestream
diff --git a/private/backup.age b/private/backup.age
index 497ddf6..0a9a7e8 100644
--- a/private/backup.age
+++ b/private/backup.age
@@ -1,10 +1,10 @@
-----BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBuMUg4
-TG5Oa1U5WERGOWJibkRZRVJwZGdEZmRsSVBraHdVYTJwbGpNL1VnCjRYaW1nTUR0
-cjR2NHJ1V1lhRHp4a2VOekVTZVl5Rk5CcG1heHhsR2M5SHMKLT4gc3NoLWVkMjU1
-MTkgWXlTVU1RIHhEN3o1NzNTTVIvZG1VcERJQitkRk4vTmtFQk9SVUVJQUVOdVY2
-YWoxM1UKVVVMWTYzKzE4ZjVDWitGNkUvR2U1Z1VJdVdqOWhWZVAxNWFOaFZvZGpS
-OAotLS0gWlU2TEY0TFZiM3VCM0hWcDAvQlQzTjE3MkZSOGNXaUhDdVQzL2pVRzlT
-VQoP0xMzUx0ozRvXFrNfFNyqwzUoHl7GM1P6VFjjDjuMkuWtQ/+V6DV/rGlXDKJ9
-jidhm8Y0hbjL6cbQrolUSgHSzG5CPD/4pb3zmxTZ9ol7cQuR4PbnPQ==
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBmVEo2
+bExsZERhYi9vVXMxVThRK2w3dFR4UlZVcGlsWUFPM3pReTQwaW5ZCjQ5Z3g3amZC
+bWUwWkdKTStVbFpwMmdwK3pQQU5CeE5tMVNHbXI1UkdCTFUKLT4gc3NoLWVkMjU1
+MTkgWXlTVU1RIE9sTG1lOHIyVGdLNWtJRTZtdGNWWEFsTTJ5bE1HS1V2MEdKeGNN
+WFMyV28KVlRHdDg5SGFadVlJempKWkp6eEp6TkhINnl0R0xDL0J0WXByclpFWE5I
+VQotLS0gVVhaUDZLTy8xS3hKOVliSlpuTEY2Q2xOQUEvblBtUG9Vb0I5ZE1oOUZ1
+VQr18Jwx6XDa7bwq0QWT6NdIFzqNUHWhDyUvS9twncFsr0yEAUDQd2XLtE+Vc8T9
+Z7y/C8Ct5+duqd6YaeqROJz5zVj0NnI0lshirBl89PQWF9ihp4V4Hw==
-----END AGE ENCRYPTED FILE-----
From 084e832039191d026871174a4d190b8f5caa8226 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sun, 16 Oct 2022 14:20:50 +0000
Subject: [PATCH 057/391] wsl fixes
---
hosts/common.nix | 46 +++++++++++++++++--------------
hosts/desktop/default.nix | 1 +
hosts/macbook/default.nix | 1 +
hosts/wsl/default.nix | 1 +
modules/mail/himalaya.nix | 9 +++---
modules/neovim/lua/packer/lsp.lua | 3 +-
modules/services/secrets.nix | 6 ----
7 files changed, 33 insertions(+), 34 deletions(-)
diff --git a/hosts/common.nix b/hosts/common.nix
index 2217f62..2beb87b 100644
--- a/hosts/common.nix
+++ b/hosts/common.nix
@@ -21,6 +21,11 @@
if pkgs.stdenv.isDarwin then "$HOME/Downloads" else "$HOME/downloads";
};
};
+ identityFile = lib.mkOption {
+ type = lib.types.str;
+ description = "Path to existing identity file.";
+ default = "/etc/ssh/ssh_host_ed25519_key";
+ };
gui = {
enable = mkEnableOption {
description = "Enable graphics";
@@ -39,6 +44,7 @@
else
"/home/${config.user}");
};
+
dotfilesPath = mkOption {
type = types.path;
description = "Path of dotfiles repository.";
@@ -55,33 +61,31 @@
};
};
- config =
- let stateVersion = "22.11";
- in
- {
+ config = let stateVersion = "22.11";
+ in {
- # Enable features in Nix commands
- nix.extraOptions = "experimental-features = nix-command flakes";
+ # Enable features in Nix commands
+ nix.extraOptions = "experimental-features = nix-command flakes";
- # Basic common system packages for all devices
- environment.systemPackages = with pkgs; [ git vim wget curl ];
+ # Basic common system packages for all devices
+ environment.systemPackages = with pkgs; [ git vim wget curl ];
- # Use the system-level nixpkgs instead of Home Manager's
- home-manager.useGlobalPkgs = true;
+ # Use the system-level nixpkgs instead of Home Manager's
+ home-manager.useGlobalPkgs = true;
- # Install packages to /etc/profiles instead of ~/.nix-profile, useful when
- # using multiple profiles for one user
- home-manager.useUserPackages = true;
+ # Install packages to /etc/profiles instead of ~/.nix-profile, useful when
+ # using multiple profiles for one user
+ home-manager.useUserPackages = true;
- # Allow specified unfree packages (identified elsewhere)
- # Retrieves package object based on string name
- nixpkgs.config.allowUnfreePredicate = pkg:
- builtins.elem (lib.getName pkg) config.unfreePackages;
+ # Allow specified unfree packages (identified elsewhere)
+ # Retrieves package object based on string name
+ nixpkgs.config.allowUnfreePredicate = pkg:
+ builtins.elem (lib.getName pkg) config.unfreePackages;
- # Pin a state version to prevent warnings
- home-manager.users.${config.user}.home.stateVersion = stateVersion;
- home-manager.users.root.home.stateVersion = stateVersion;
+ # Pin a state version to prevent warnings
+ home-manager.users.${config.user}.home.stateVersion = stateVersion;
+ home-manager.users.root.home.stateVersion = stateVersion;
- };
+ };
}
diff --git a/hosts/desktop/default.nix b/hosts/desktop/default.nix
index 35d821a..ace5cad 100644
--- a/hosts/desktop/default.nix
+++ b/hosts/desktop/default.nix
@@ -12,6 +12,7 @@ nixpkgs.lib.nixosSystem {
nixpkgs.overlays = [ nur.overlay ];
# Set registry to flake packages, used for nix X commands
nix.registry.nixpkgs.flake = nixpkgs;
+ identityFile = "/home/${globals.user}/.ssh/id_ed25519";
gaming.steam = true;
gaming.leagueoflegends = true;
gaming.legendary = true;
diff --git a/hosts/macbook/default.nix b/hosts/macbook/default.nix
index 8d58f1e..8d3dcf4 100644
--- a/hosts/macbook/default.nix
+++ b/hosts/macbook/default.nix
@@ -12,6 +12,7 @@ darwin.lib.darwinSystem {
})
home-manager.darwinModules.home-manager
{
+ identityFile = "/home/${globals.user}/.ssh/id_ed25519";
gui.enable = true;
colorscheme = (import ../../modules/colorscheme/gruvbox);
mailUser = globals.user;
diff --git a/hosts/wsl/default.nix b/hosts/wsl/default.nix
index a2e37a5..95cc9f3 100644
--- a/hosts/wsl/default.nix
+++ b/hosts/wsl/default.nix
@@ -12,6 +12,7 @@ nixpkgs.lib.nixosSystem {
networking.hostName = "wsl";
# Set registry to flake packages, used for nix X commands
nix.registry.nixpkgs.flake = nixpkgs;
+ identityFile = "/home/${globals.user}/.ssh/id_ed25519";
gui.enable = false;
colorscheme = (import ../../modules/colorscheme/gruvbox);
passwordHash =
diff --git a/modules/mail/himalaya.nix b/modules/mail/himalaya.nix
index 7e7363b..bca7cbf 100644
--- a/modules/mail/himalaya.nix
+++ b/modules/mail/himalaya.nix
@@ -75,11 +75,10 @@
};
mu.enable = false;
notmuch.enable = false;
- passwordCommand = ''
- ${pkgs.age}/bin/age --decrypt \
- --identity ${config.identityFile} \
- ${builtins.toString ../../private/mailpass.age}
- '';
+ passwordCommand =
+ "${pkgs.age}/bin/age --decrypt --identity ${config.identityFile} ${
+ builtins.toString ../../private/mailpass.age
+ }";
smtp = {
host = "smtp.purelymail.com";
port = 465;
diff --git a/modules/neovim/lua/packer/lsp.lua b/modules/neovim/lua/packer/lsp.lua
index 991f2bd..9316d49 100644
--- a/modules/neovim/lua/packer/lsp.lua
+++ b/modules/neovim/lua/packer/lsp.lua
@@ -14,8 +14,7 @@ M.packer = function(use)
return vim.fn.executable(program) == 1
end
- local capabilities =
- require("cmp_nvim_lsp").update_capabilities(vim.lsp.protocol.make_client_capabilities())
+ local capabilities = require("cmp_nvim_lsp").default_capabilities()
if on_path("lua-language-server") then
require("lspconfig").sumneko_lua.setup({
capabilities = capabilities,
diff --git a/modules/services/secrets.nix b/modules/services/secrets.nix
index 2583c65..d596c70 100644
--- a/modules/services/secrets.nix
+++ b/modules/services/secrets.nix
@@ -7,12 +7,6 @@
options = {
- identityFile = lib.mkOption {
- type = lib.types.str;
- description = "Path to existing identity file.";
- default = "/etc/ssh/ssh_host_ed25519_key";
- };
-
secretsDirectory = lib.mkOption {
type = lib.types.str;
description = "Default path to place secrets.";
From 89a95445e1b321d0455c7c0d3f71a60c89174401 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sun, 16 Oct 2022 14:25:47 +0000
Subject: [PATCH 058/391] remove age and loadkey module
---
modules/shell/age.nix | 25 -------------------------
modules/shell/default.nix | 1 -
modules/shell/utilities.nix | 1 +
3 files changed, 1 insertion(+), 26 deletions(-)
delete mode 100644 modules/shell/age.nix
diff --git a/modules/shell/age.nix b/modules/shell/age.nix
deleted file mode 100644
index 7dcc33b..0000000
--- a/modules/shell/age.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-{ config, pkgs, lib, ... }: {
-
- options = {
- # identityFile = lib.mkOption {
- # type = lib.types.str;
- # description = "Path to SSH key for age";
- # default = "${config.homePath}/.ssh/id_ed25519";
- # };
- };
-
- config = {
- home-manager.users.${config.user}.home.packages = with pkgs; [ age ];
-
- # system.activationScripts.age.text = ''
- # if [ ! -f "${config.identityFile}" ]; then
- # $DRY_RUN_CMD echo -e \nEnter the seed phrase for your SSH key...\n
- # $DRY_RUN_CMD echo -e \nThen press ^D when complete.\n\n
- # $DRY_RUN_CMD ${pkgs.melt}/bin/melt restore ${config.identityFile}
- # $DRY_RUN_CMD chown ${config.user}:wheel ${config.identityFile}*
- # $DRY_RUN_CMD echo -e \n\nContinuing activation.\n\n
- # fi
- # '';
- };
-
-}
diff --git a/modules/shell/default.nix b/modules/shell/default.nix
index ac60e9b..9359d15 100644
--- a/modules/shell/default.nix
+++ b/modules/shell/default.nix
@@ -1,6 +1,5 @@
{ ... }: {
imports = [
- ./age.nix
./charm.nix
./direnv.nix
./fish
diff --git a/modules/shell/utilities.nix b/modules/shell/utilities.nix
index 68c4583..d5d09e2 100644
--- a/modules/shell/utilities.nix
+++ b/modules/shell/utilities.nix
@@ -32,6 +32,7 @@ in {
dig # DNS lookup
lf # File viewer
whois # Lookup IPs
+ age # Encryption
];
programs.zoxide.enable = true; # Shortcut jump command
From 7bca2775d1017edced97b64dda026f85e29ba30f Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sun, 16 Oct 2022 14:44:42 +0000
Subject: [PATCH 059/391] don't start stop-minecraft timer on rebuild
---
modules/gaming/minecraft-server.nix | 1 -
1 file changed, 1 deletion(-)
diff --git a/modules/gaming/minecraft-server.nix b/modules/gaming/minecraft-server.nix
index 296f858..822cdab 100644
--- a/modules/gaming/minecraft-server.nix
+++ b/modules/gaming/minecraft-server.nix
@@ -101,7 +101,6 @@ in {
OnCalendar = "*-*-* *:*:0/20"; # Every 20 seconds
Unit = "stop-minecraft.service";
};
- wantedBy = [ "timers.target" ];
};
# If no players are connected, then stop services and prepare to resume again
From 6f67e31723e439cdb320d11a31ed4de08ec8ecba Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sun, 16 Oct 2022 18:10:11 +0000
Subject: [PATCH 060/391] working vaultwarden
haven't tested websockets
---
hosts/oracle/default.nix | 2 ++
modules/services/vaultwarden.nix | 36 ++++++++++++++++++++++++++++----
private/vaultwarden.age | 11 ++++++++++
3 files changed, 45 insertions(+), 4 deletions(-)
create mode 100644 private/vaultwarden.age
diff --git a/hosts/oracle/default.nix b/hosts/oracle/default.nix
index 382e7cc..8f48abf 100644
--- a/hosts/oracle/default.nix
+++ b/hosts/oracle/default.nix
@@ -22,6 +22,7 @@ nixpkgs.lib.nixosSystem {
nextcloudServer = "cloud.masu.rs";
transmissionServer = "download.masu.rs";
metricsServer = "metrics.masu.rs";
+ vaultwardenServer = "vault.masu.rs";
# Disable passwords, only use SSH key
passwordHash = null;
@@ -80,6 +81,7 @@ nixpkgs.lib.nixosSystem {
../../modules/services/cloudflare.nix
../../modules/services/transmission.nix
../../modules/services/prometheus.nix
+ ../../modules/services/vaultwarden.nix
../../modules/gaming/minecraft-server.nix
];
}
diff --git a/modules/services/vaultwarden.nix b/modules/services/vaultwarden.nix
index e452281..8acb438 100644
--- a/modules/services/vaultwarden.nix
+++ b/modules/services/vaultwarden.nix
@@ -1,4 +1,4 @@
-{ config, pkgs, lib, ... }: {
+{ config, lib, ... }: {
options = {
@@ -13,12 +13,40 @@
services.vaultwarden = {
enable = true;
config = {
- DOMAIN = config.vaultwardenServer;
+ DOMAIN = "https://${config.vaultwardenServer}";
SIGNUPS_ALLOWED = false;
+ SIGNUPS_VERIFY = true;
+ INVITATIONS_ALLOWED = true;
+ WEB_VAULT_ENABLED = true;
+ ROCKET_ADDRESS = "127.0.0.1";
+ ROCKET_PORT = 8222;
+ WEBSOCKET_ENABLED = true;
+ WEBSOCKET_ADDRESS = "0.0.0.0";
+ WEBSOCKET_PORT = 3012;
+ LOGIN_RATELIMIT_SECONDS = 60;
+ LOGIN_RATELIMIT_MAX_BURST = 10;
+ ADMIN_RATELIMIT_SECONDS = 300;
+ ADMIN_RATELIMIT_MAX_BURST = 3;
};
- environmentFile = null;
+ environmentFile = config.secrets.vaultwarden.dest;
dbBackend = "sqlite";
};
- };
+
+ secrets.vaultwarden = {
+ source = ../../private/vaultwarden.age;
+ dest = "${config.secretsDirectory}/vaultwarden";
+ owner = "vaultwarden";
+ group = "vaultwarden";
+ };
+
+ networking.firewall.allowedTCPPorts = [ 3012 ];
+
+ caddyRoutes = [{
+ match = [{ host = [ config.vaultwardenServer ]; }];
+ handle = [{
+ handler = "reverse_proxy";
+ upstreams = [{ dial = "localhost:8222"; }];
+ }];
+ }];
}
diff --git a/private/vaultwarden.age b/private/vaultwarden.age
new file mode 100644
index 0000000..523b1bd
--- /dev/null
+++ b/private/vaultwarden.age
@@ -0,0 +1,11 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBqNm0x
+YVc0bXp6eldNdkp1QWk2cEI0WFBhVVd3cHhDODNwMS9UUTBPN25JCmxXZnRIcFZr
+SFJrQnI3R1BTUk1BcVl3RjlUaXMzSXpqaGdTMi9reno1eHcKLT4gc3NoLWVkMjU1
+MTkgWXlTVU1RIFlKWCtsWGtWdTI4L0ZFTVRHNFN5by9vTE95MXFoMVZGYlYrM1I2
+alREaE0Kd251SGRDdE96VmZqblhEWXFkZDhvRUZsZ1pnZ3NqdEdJSlBvaXhoOHVB
+WQotLS0gaGJNRm14SkdXcTFmYlJUell1WUZUeEllT3ZwMkNaejF3eWJ5U1ZSdno1
+MAqQIT8vvUro+C+avm6lCPfrX9yigKzx/gtKfMB//1Ie7BUo1+o5iYoA+R0luMU8
+/zVX1yGAzDPqas/HfYclIPg3bdjm2dnpz0ltOrOvjA4x3nEzzrmS96zo3Fy1d8oX
+oAMw2l/p2QDHI60cyhvC
+-----END AGE ENCRYPTED FILE-----
From 41d8e30990a013dd004c4ac00ef45032f500358b Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sun, 16 Oct 2022 19:06:56 +0000
Subject: [PATCH 061/391] vaultwarden automated backups
---
modules/services/backups.nix | 14 ++++++
modules/services/nextcloud.nix | 9 ++--
modules/services/vaultwarden.nix | 73 +++++++++++++++++++++++++++++++-
3 files changed, 89 insertions(+), 7 deletions(-)
diff --git a/modules/services/backups.nix b/modules/services/backups.nix
index d63e3dd..f07539b 100644
--- a/modules/services/backups.nix
+++ b/modules/services/backups.nix
@@ -32,6 +32,20 @@
permissions = "0440";
};
+ users.users.litestream.extraGroups = [ "backup" ];
+
+ services.litestream = {
+ enable = true;
+ environmentFile = config.secrets.backup.dest;
+ };
+
+ # Wait for secret to exist
+ systemd.services.litestream = {
+ after = [ "backup-secret.service" ];
+ requires = [ "backup-secret.service" ];
+ environment.AWS_ACCESS_KEY_ID = config.backupS3.accessKeyId;
+ };
+
# # Backup library to object storage
# services.restic.backups.calibre = {
# user = "calibre-web";
diff --git a/modules/services/nextcloud.nix b/modules/services/nextcloud.nix
index 13f6aeb..55d18eb 100644
--- a/modules/services/nextcloud.nix
+++ b/modules/services/nextcloud.nix
@@ -60,12 +60,11 @@
lib.mkForce "0770";
# Allow litestream and nextcloud to share a sqlite database
- users.users.litestream.extraGroups = [ "nextcloud" "backup" ];
+ users.users.litestream.extraGroups = [ "nextcloud" ];
users.users.nextcloud.extraGroups = [ "litestream" ];
# Backup sqlite database with litestream
services.litestream = {
- enable = true;
settings = {
dbs = [{
path = "${config.services.nextcloud.datadir}/data/nextcloud.db";
@@ -75,14 +74,12 @@
}];
}];
};
- environmentFile = config.secrets.backup.dest;
};
# Don't start litestream unless nextcloud is up
systemd.services.litestream = {
- after = [ "phpfpm-nextcloud.service" "backup-secret.service" ];
- requires = [ "phpfpm-nextcloud.service" "backup-secret.service" ];
- environment.AWS_ACCESS_KEY_ID = config.backupS3.accessKeyId;
+ after = [ "phpfpm-nextcloud.service" ];
+ requires = [ "phpfpm-nextcloud.service" ];
};
};
diff --git a/modules/services/vaultwarden.nix b/modules/services/vaultwarden.nix
index 8acb438..e80ab8d 100644
--- a/modules/services/vaultwarden.nix
+++ b/modules/services/vaultwarden.nix
@@ -1,4 +1,10 @@
-{ config, lib, ... }: {
+{ config, pkgs, lib, ... }:
+
+let vaultwardenPath = "/var/lib/bitwarden_rs"; # Default service directory
+
+in {
+
+ imports = [ ./caddy.nix ./secrets.nix ./backups.nix ];
options = {
@@ -49,4 +55,69 @@
}];
}];
+ ## Backup config
+
+ # Open to groups, allowing for backups
+ systemd.services.vaultwarden.serviceConfig.StateDirectoryMode =
+ lib.mkForce "0770";
+ systemd.tmpfiles.rules = [
+ "f ${vaultwardenPath}/db.sqlite3 0660 vaultwarden vaultwarden"
+ "f ${vaultwardenPath}/db.sqlite3-shm 0660 vaultwarden vaultwarden"
+ "f ${vaultwardenPath}/db.sqlite3-wal 0660 vaultwarden vaultwarden"
+ ];
+
+ # Allow litestream and nextcloud to share a sqlite database
+ users.users.litestream.extraGroups = [ "vaultwarden" ];
+ users.users.vaultwarden.extraGroups = [ "litestream" ];
+
+ # Backup sqlite database with litestream
+ services.litestream = {
+ settings = {
+ dbs = [{
+ path = "${vaultwardenPath}/db.sqlite3";
+ replicas = [{
+ url =
+ "s3://${config.backupS3.bucket}.${config.backupS3.endpoint}/vaultwarden";
+ }];
+ }];
+ };
+ };
+
+ # Don't start litestream unless vaultwarden is up
+ systemd.services.litestream = {
+ after = [ "vaultwarden.service" ];
+ requires = [ "vaultwarden.service" ];
+ };
+
+ # Run a separate file backup on a schedule
+ systemd.timers.vaultwarden-backup = {
+ timerConfig = {
+ OnCalendar = "*-*-* 06:00:00"; # Once per day
+ Unit = "vaultwarden-backup.service";
+ };
+ wantedBy = [ "timers.target" ];
+ };
+
+ # Backup other Vaultwarden data to object storage
+ systemd.services.vaultwarden-backup = {
+ description = "Backup Vaultwarden files";
+ environment.AWS_ACCESS_KEY_ID = config.backupS3.accessKeyId;
+ serviceConfig = {
+ Type = "oneshot";
+ User = "vaultwarden";
+ Group = "backup";
+ EnvironmentFile = config.secrets.backup.dest;
+ };
+ script = ''
+ ${pkgs.awscli2}/bin/aws s3 sync \
+ ${vaultwardenPath}/ \
+ s3://${config.backupS3.bucket}/vaultwarden/ \
+ --endpoint-url=https://${config.backupS3.endpoint} \
+ --exclude "*db.sqlite3*" \
+ --exclude ".db.sqlite3*"
+ '';
+ };
+
+ };
+
}
From 27e2a42e460f7724626d9527aa2fd46a3c0cb4d5 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sun, 16 Oct 2022 20:21:25 +0000
Subject: [PATCH 062/391] fix: typo in copy
---
modules/services/vaultwarden.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/modules/services/vaultwarden.nix b/modules/services/vaultwarden.nix
index e80ab8d..c8da296 100644
--- a/modules/services/vaultwarden.nix
+++ b/modules/services/vaultwarden.nix
@@ -66,7 +66,7 @@ in {
"f ${vaultwardenPath}/db.sqlite3-wal 0660 vaultwarden vaultwarden"
];
- # Allow litestream and nextcloud to share a sqlite database
+ # Allow litestream and vaultwarden to share a sqlite database
users.users.litestream.extraGroups = [ "vaultwarden" ];
users.users.vaultwarden.extraGroups = [ "litestream" ];
From 982566a92eb9c8f93a9ab441b8c1f9ecf41474f0 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sun, 16 Oct 2022 20:34:28 +0000
Subject: [PATCH 063/391] add gitea service
---
hosts/oracle/default.nix | 2 +
modules/services/gitea.nix | 89 ++++++++++++++++++++++++++++++++++++++
2 files changed, 91 insertions(+)
create mode 100644 modules/services/gitea.nix
diff --git a/hosts/oracle/default.nix b/hosts/oracle/default.nix
index 8f48abf..fe13e85 100644
--- a/hosts/oracle/default.nix
+++ b/hosts/oracle/default.nix
@@ -23,6 +23,7 @@ nixpkgs.lib.nixosSystem {
transmissionServer = "download.masu.rs";
metricsServer = "metrics.masu.rs";
vaultwardenServer = "vault.masu.rs";
+ giteaServer = "git.masu.rs";
# Disable passwords, only use SSH key
passwordHash = null;
@@ -82,6 +83,7 @@ nixpkgs.lib.nixosSystem {
../../modules/services/transmission.nix
../../modules/services/prometheus.nix
../../modules/services/vaultwarden.nix
+ ../../modules/services/gitea.nix
../../modules/gaming/minecraft-server.nix
];
}
diff --git a/modules/services/gitea.nix b/modules/services/gitea.nix
new file mode 100644
index 0000000..e2d01bf
--- /dev/null
+++ b/modules/services/gitea.nix
@@ -0,0 +1,89 @@
+{ config, lib, ... }:
+
+let giteaPath = "/var/lib/gitea"; # Default service directory
+
+in {
+
+ imports = [ ./caddy.nix ./backups.nix ];
+
+ options = {
+
+ giteaServer = lib.mkOption {
+ description = "Hostname for Gitea.";
+ type = lib.types.str;
+ };
+
+ };
+
+ config = {
+ services.gitea = {
+ enable = true;
+ httpPort = 3001;
+ httpAddress = "127.0.0.1";
+ rootUrl = "https://${config.giteaServer}/";
+ database.type = "sqlite3";
+ settings = {
+ repository = {
+ DEFAULT_PUSH_CREATE_PRIVATE = true;
+ DISABLE_HTTP_GIT = false;
+ ACCESS_CONTROL_ALLOW_ORIGIN = config.giteaServer;
+ ENABLE_PUSH_CREATE_USER = true;
+ ENABLE_PUSH_CREATE_ORG = true;
+ DEFAULT_BRANCH = "main";
+ };
+ server = {
+ SSH_PORT = 22;
+ START_SSH_SERVER = false; # Use sshd instead
+ DISABLE_SSH = false;
+ # SSH_LISTEN_HOST = "0.0.0.0";
+ # SSH_LISTEN_PORT = 122;
+ };
+ service.DISABLE_REGISTRATION = true;
+ session.COOKIE_SECURE = true;
+ ui.SHOW_USER_EMAIL = false;
+ };
+ extraConfig = null;
+ };
+
+ networking.firewall.allowedTCPPorts = [ 122 ];
+
+ caddyRoutes = [{
+ match = [{ host = [ config.giteaServer ]; }];
+ handle = [{
+ handler = "reverse_proxy";
+ upstreams = [{ dial = "localhost:3001"; }];
+ }];
+ }];
+
+ ## Backup config
+
+ # Open to groups, allowing for backups
+ systemd.services.gitea.serviceConfig.StateDirectoryMode =
+ lib.mkForce "0770";
+
+ # Allow litestream and gitea to share a sqlite database
+ users.users.litestream.extraGroups = [ "gitea" ];
+ users.users.gitea.extraGroups = [ "litestream" ];
+
+ # Backup sqlite database with litestream
+ services.litestream = {
+ settings = {
+ dbs = [{
+ path = "${giteaPath}/data/gitea.db";
+ replicas = [{
+ url =
+ "s3://${config.backupS3.bucket}.${config.backupS3.endpoint}/gitea";
+ }];
+ }];
+ };
+ };
+
+ # Don't start litestream unless gitea is up
+ systemd.services.litestream = {
+ after = [ "gitea.service" ];
+ requires = [ "gitea.service" ];
+ };
+
+ };
+
+}
From d97e3fda075cd87d1a6ade2457090ee7870d6edc Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sun, 16 Oct 2022 20:39:04 +0000
Subject: [PATCH 064/391] gitea litestream permissions fixes
---
modules/services/gitea.nix | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/modules/services/gitea.nix b/modules/services/gitea.nix
index e2d01bf..abdee2d 100644
--- a/modules/services/gitea.nix
+++ b/modules/services/gitea.nix
@@ -60,6 +60,10 @@ in {
# Open to groups, allowing for backups
systemd.services.gitea.serviceConfig.StateDirectoryMode =
lib.mkForce "0770";
+ systemd.tmpfiles.rules = [
+ "d ${giteaPath}/data 0775 gitea gitea"
+ "f ${giteaPath}/data/gitea.db 0660 gitea gitea"
+ ];
# Allow litestream and gitea to share a sqlite database
users.users.litestream.extraGroups = [ "gitea" ];
From ef6c920c48be557745cdbed08ebc8de50b102cca Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Tue, 18 Oct 2022 03:19:23 +0000
Subject: [PATCH 065/391] move calibre-web patch to patches directory
still requires overlay because there is no package option
---
modules/services/calibre.nix | 3 ++-
{modules/services => patches}/calibre-web-cloudflare.patch | 0
2 files changed, 2 insertions(+), 1 deletion(-)
rename {modules/services => patches}/calibre-web-cloudflare.patch (100%)
diff --git a/modules/services/calibre.nix b/modules/services/calibre.nix
index dc29b8d..fdb9b61 100644
--- a/modules/services/calibre.nix
+++ b/modules/services/calibre.nix
@@ -25,7 +25,8 @@
nixpkgs.overlays = [
(final: prev: {
calibre-web = prev.calibre-web.overrideAttrs (old: {
- patches = (old.patches or [ ]) ++ [ ./calibre-web-cloudflare.patch ];
+ patches = (old.patches or [ ])
+ ++ [ ../../patches/calibre-web-cloudflare.patch ];
});
})
];
diff --git a/modules/services/calibre-web-cloudflare.patch b/patches/calibre-web-cloudflare.patch
similarity index 100%
rename from modules/services/calibre-web-cloudflare.patch
rename to patches/calibre-web-cloudflare.patch
From af31c6578880c7a5f3c12318649c01bb24dc36e5 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Tue, 18 Oct 2022 12:17:58 +0000
Subject: [PATCH 066/391] fix: generator module references
---
generators/aws/default.nix | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/generators/aws/default.nix b/generators/aws/default.nix
index f648c18..6077930 100644
--- a/generators/aws/default.nix
+++ b/generators/aws/default.nix
@@ -21,9 +21,9 @@ nixos-generators.nixosGenerate {
# AWS settings require this
permitRootLogin = "prohibit-password";
}
- ../hosts/common.nix
- ../modules/nixos
- ../modules/services/sshd.nix
+ ../../hosts/common.nix
+ ../../modules/nixos
+ ../../modules/services/sshd.nix
] ++ [
# Required to fix diskSize errors during build
({ ... }: { amazonImage.sizeMB = 16 * 1024; })
From 2694e3288cb16aef55428b1898700b814003fc15 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Tue, 18 Oct 2022 12:21:22 +0000
Subject: [PATCH 067/391] move generators to hosts directory
---
flake.nix | 16 ++++++++--------
{generators => hosts}/aws/default.nix | 3 +--
{generators => hosts}/aws/main.tf | 0
{generators => hosts}/aws/workflow.yml | 0
4 files changed, 9 insertions(+), 10 deletions(-)
rename {generators => hosts}/aws/default.nix (86%)
rename {generators => hosts}/aws/main.tf (100%)
rename {generators => hosts}/aws/workflow.yml (100%)
diff --git a/flake.nix b/flake.nix
index 1a9709c..258bc58 100644
--- a/flake.nix
+++ b/flake.nix
@@ -78,6 +78,14 @@
};
};
+ # Package servers into images with a generator
+ packages.x86_64-linux = with inputs; {
+ aws = import ./hosts/aws {
+ inherit nixpkgs nixos-generators home-manager globals;
+ system = "x86_64-linux";
+ };
+ };
+
apps = forAllSystems (system:
let pkgs = import nixpkgs { inherit system; };
in rec {
@@ -132,14 +140,6 @@
});
- # Package servers into images with a generator
- packages.x86_64-linux = with inputs; {
- aws = import ./generators/aws {
- inherit nixpkgs nixos-generators home-manager globals;
- system = "x86_64-linux";
- };
- };
-
# Templates for starting other projects quickly
templates = rec {
default = basic;
diff --git a/generators/aws/default.nix b/hosts/aws/default.nix
similarity index 86%
rename from generators/aws/default.nix
rename to hosts/aws/default.nix
index 6077930..69bf62c 100644
--- a/generators/aws/default.nix
+++ b/hosts/aws/default.nix
@@ -14,8 +14,7 @@ nixos-generators.nixosGenerate {
networking.hostName = "sheep";
gui.enable = false;
colorscheme = (import ../modules/colorscheme/gruvbox);
- passwordHash =
- "$6$PZYiMGmJIIHAepTM$Wx5EqTQ5GApzXx58nvi8azh16pdxrN6Qrv1wunDlzveOgawitWzcIxuj76X9V868fsPi/NOIEO8yVXqwzS9UF.";
+ passwordHash = null;
publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s";
# AWS settings require this
diff --git a/generators/aws/main.tf b/hosts/aws/main.tf
similarity index 100%
rename from generators/aws/main.tf
rename to hosts/aws/main.tf
diff --git a/generators/aws/workflow.yml b/hosts/aws/workflow.yml
similarity index 100%
rename from generators/aws/workflow.yml
rename to hosts/aws/workflow.yml
From 4c685eb8ddbbb972bc6edcb55e9e79bc047a05ab Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Tue, 18 Oct 2022 12:25:06 +0000
Subject: [PATCH 068/391] ignore non-age files in private dir
---
.gitignore | 2 ++
1 file changed, 2 insertions(+)
diff --git a/.gitignore b/.gitignore
index 1afbbd8..64113bc 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,3 +4,5 @@
**/.direnv/**
result
.luarc.json
+private/**
+!private/**.age
From cd204f5ac3fbd61decbefa95941e8a5c7f88b140 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Tue, 18 Oct 2022 12:31:42 +0000
Subject: [PATCH 069/391] move apps declaration to apps directory
---
apps/default.nix | 23 +++++++++++++++++++++++
flake.nix | 24 +-----------------------
2 files changed, 24 insertions(+), 23 deletions(-)
create mode 100644 apps/default.nix
diff --git a/apps/default.nix b/apps/default.nix
new file mode 100644
index 0000000..f0076ff
--- /dev/null
+++ b/apps/default.nix
@@ -0,0 +1,23 @@
+{ pkgs, ... }: rec {
+
+ default = readme;
+
+ # Format and install from nothing
+ installer = import ./installer.nix { inherit pkgs; };
+
+ # Display the readme for this repository
+ readme = import ./readme.nix { inherit pkgs; };
+
+ # Load the SSH key for this machine
+ loadkey = import ./loadkey.nix { inherit pkgs; };
+
+ # Encrypt secret for all machines
+ encrypt-secret = import ./encrypt-secret.nix { inherit pkgs; };
+
+ # Re-encrypt secrets for all machines
+ reencrypt-secrets = import ./reencrypt-secrets.nix { inherit pkgs; };
+
+ # Connect machine metrics to Netdata Cloud
+ netdata = import ./netdata-cloud.nix { inherit pkgs; };
+
+}
diff --git a/flake.nix b/flake.nix
index 258bc58..09b8e3c 100644
--- a/flake.nix
+++ b/flake.nix
@@ -88,29 +88,7 @@
apps = forAllSystems (system:
let pkgs = import nixpkgs { inherit system; };
- in rec {
- default = readme;
-
- # Format and install from nothing
- installer = import ./apps/installer.nix { inherit pkgs; };
-
- # Display the readme for this repository
- readme = import ./apps/readme.nix { inherit pkgs; };
-
- # Load the SSH key for this machine
- loadkey = import ./apps/loadkey.nix { inherit pkgs; };
-
- # Encrypt secret for all machines
- encrypt-secret = import ./apps/encrypt-secret.nix { inherit pkgs; };
-
- # Re-encrypt secrets for all machines
- reencrypt-secrets =
- import ./apps/reencrypt-secrets.nix { inherit pkgs; };
-
- # Connect machine metrics to Netdata Cloud
- netdata = import ./apps/netdata-cloud.nix { inherit pkgs; };
-
- });
+ in import ./apps { inherit pkgs; });
devShells = forAllSystems (system:
let pkgs = import nixpkgs { inherit system; };
From f6096e347234be8d11f330e15d7a0cd0575ad760 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sat, 22 Oct 2022 14:29:50 +0000
Subject: [PATCH 070/391] replace vimwiki with mkdnflow
---
modules/mail/himalaya.nix | 3 ---
modules/neovim/lua/packer/misc.lua | 32 +++++++++++++++++++++++++++++-
modules/neovim/lua/settings.lua | 31 -----------------------------
modules/repositories/notes.nix | 2 +-
4 files changed, 32 insertions(+), 36 deletions(-)
diff --git a/modules/mail/himalaya.nix b/modules/mail/himalaya.nix
index bca7cbf..90dc298 100644
--- a/modules/mail/himalaya.nix
+++ b/modules/mail/himalaya.nix
@@ -1,8 +1,5 @@
{ config, pkgs, lib, ... }: {
- # Required to place identity file on machine
- imports = [ ../shell/age.nix ];
-
options = {
mailUser = lib.mkOption {
type = lib.types.str;
diff --git a/modules/neovim/lua/packer/misc.lua b/modules/neovim/lua/packer/misc.lua
index 5b015a4..014f839 100644
--- a/modules/neovim/lua/packer/misc.lua
+++ b/modules/neovim/lua/packer/misc.lua
@@ -29,7 +29,37 @@ M.packer = function(use)
})
-- Markdown renderer / wiki notes
- use("vimwiki/vimwiki")
+ -- use("vimwiki/vimwiki")
+ use({
+ "jakewvincent/mkdnflow.nvim",
+ config = function()
+ require("mkdnflow").setup({
+ modules = {
+ bib = false,
+ conceal = true,
+ folds = false,
+ },
+ perspective = {
+ priority = "current",
+ fallback = "first",
+ nvim_wd_heel = false, -- Don't change working dir
+ },
+ links = {
+ style = "markdown",
+ conceal = true,
+ },
+ wrap = true,
+ to_do = {
+ symbols = { " ", "-", "x" },
+ },
+ })
+ -- Save when moving to new buffer
+ vim.api.nvim_create_autocmd("FileType", {
+ pattern = "markdown",
+ command = "set autowriteall",
+ })
+ end,
+ })
end
return M
diff --git a/modules/neovim/lua/settings.lua b/modules/neovim/lua/settings.lua
index 913be33..130d8e2 100644
--- a/modules/neovim/lua/settings.lua
+++ b/modules/neovim/lua/settings.lua
@@ -83,34 +83,3 @@ vim.g.netrw_banner = 0 -- Remove useless banner
vim.g.netrw_winsize = 15 -- Explore window takes % of page
vim.g.netrw_browse_split = 4 -- Open in previous window
vim.g.netrw_altv = 1 -- Always split left
-
--- VimWiki
-vim.g.vimwiki_list = {
- {
- ["path"] = "$NOTES_PATH",
- ["syntax"] = "markdown",
- ["index"] = "home",
- ["ext"] = ".md",
- },
-}
-vim.g.vimwiki_key_mappings = {
- ["all_maps"] = 1,
- ["mouse"] = 1,
-}
-vim.g.vimwiki_auto_chdir = 1 -- Set local dir to Wiki when open
-vim.g.vimwiki_create_link = 0 -- Don't automatically create new links
-vim.g.vimwiki_listsyms = " x" -- Set checkbox symbol progression
-vim.g.vimwiki_table_mappings = 0 -- VimWiki table keybinds interfere with tab completion
-vim.api.nvim_exec(
- [[
- au FileType markdown inoremap ;tt :AddTag
-
- function! PInsert(item)
- let @z=a:item
- norm "zpx
- endfunction
-
- command! AddTag call fzf#run({'source': 'rg "#[A-Za-z/]+[ |\$]" -o --no-filename --no-line-number | sort | uniq', 'sink': function('PInsert')})
-]],
- false
-)
diff --git a/modules/repositories/notes.nix b/modules/repositories/notes.nix
index c357723..47e521b 100644
--- a/modules/repositories/notes.nix
+++ b/modules/repositories/notes.nix
@@ -3,7 +3,7 @@
home-manager.users.${config.user} = {
home.sessionVariables = {
- NOTES_PATH = "${config.homePath}/dev/personal/notes";
+ NOTES_PATH = "${config.homePath}/dev/personal/notes/content";
};
};
From 941fa359d9ccdaff5482e833878e7f5c1551c22b Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sat, 22 Oct 2022 15:10:30 +0000
Subject: [PATCH 071/391] add windows app plaintext list
---
windows/windows-programs.md | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
create mode 100644 windows/windows-programs.md
diff --git a/windows/windows-programs.md b/windows/windows-programs.md
new file mode 100644
index 0000000..088575e
--- /dev/null
+++ b/windows/windows-programs.md
@@ -0,0 +1,20 @@
+# Windows Programs
+
+- Monitorian (monitor brightness)
+- Firefox
+- Alacritty
+- Mullvad
+- Keybase (dokan)
+- qBittorrent
+- 1Password
+- Authy Desktop
+- Autohotkey
+- 7zip
+- Audacity
+- Calibre
+- Discord
+- Git
+- Netflix
+- Obsidian
+- Realtek HD Audio
+- AMD Software
From be581dba1f37033963ad3d75654f7330b6c63606 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sun, 23 Oct 2022 04:16:42 +0000
Subject: [PATCH 072/391] fix: jellyfin dir permissions for nextcloud
---
modules/services/jellyfin.nix | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/modules/services/jellyfin.nix b/modules/services/jellyfin.nix
index b09d36b..eaf62bc 100644
--- a/modules/services/jellyfin.nix
+++ b/modules/services/jellyfin.nix
@@ -20,8 +20,10 @@
}];
# Create videos directory, allow anyone in Jellyfin group to manage it
- systemd.tmpfiles.rules =
- [ "d /var/lib/jellyfin/library 0775 jellyfin jellyfin" ];
+ systemd.tmpfiles.rules = [
+ "d /var/lib/jellyfin 0775 jellyfin jellyfin"
+ "d /var/lib/jellyfin/library 0775 jellyfin jellyfin"
+ ];
};
From 3dcafb8c25373edc78406e98b7737ca22ac6ffb9 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Tue, 25 Oct 2022 20:22:17 -0400
Subject: [PATCH 073/391] package ocr script with dependencies
---
modules/darwin/utilities.nix | 25 +++++++++++++++++++++----
modules/shell/bash/scripts/ocr.sh | 9 ++++-----
modules/shell/utilities.nix | 2 +-
3 files changed, 26 insertions(+), 10 deletions(-)
diff --git a/modules/darwin/utilities.nix b/modules/darwin/utilities.nix
index d73a6c3..30b509b 100644
--- a/modules/darwin/utilities.nix
+++ b/modules/darwin/utilities.nix
@@ -1,4 +1,19 @@
-{ config, pkgs, lib, ... }: {
+{ config, pkgs, lib, ... }:
+
+let
+
+ # Quickly package shell scripts with their dependencies
+ # From https://discourse.nixos.org/t/how-to-create-a-script-with-dependencies/7970/6
+ mkScript = { name, file, env ? [ ] }:
+ pkgs.writeScriptBin name ''
+ for i in ${lib.concatStringsSep " " env}; do
+ export PATH="$i/bin:$PATH"
+ done
+
+ exec ${pkgs.bash}/bin/bash ${file} $@
+ '';
+
+in {
home-manager.users.${config.user} = {
@@ -17,9 +32,11 @@
consul
noti # Create notifications programmatically
ipcalc # Make IP network calculations
- whois # Lookup IPs
- (pkgs.writeScriptBin "ocr"
- (builtins.readFile ../shell/bash/scripts/ocr.sh))
+ (mkScript {
+ name = "ocr";
+ file = ../shell/bash/scripts/ocr.sh;
+ env = [ tesseract ];
+ })
];
programs.fish.shellAbbrs = {
diff --git a/modules/shell/bash/scripts/ocr.sh b/modules/shell/bash/scripts/ocr.sh
index 1a6b0c7..313a069 100755
--- a/modules/shell/bash/scripts/ocr.sh
+++ b/modules/shell/bash/scripts/ocr.sh
@@ -1,5 +1,4 @@
-#!/usr/bin/env nix-shell
-#!nix-shell -i bash -p tesseract
+#!/usr/bin/env bash
# Yoinked from https://github.com/JJGO/dotfiles
# Adapted from https://github.com/sdushantha/bin
@@ -9,13 +8,13 @@ TEXT_FILE="/tmp/ocr.txt"
IMAGE_FILE="/tmp/ocr.png"
function notify-send() {
- osascript -e "display notification \"$2\" with title \"OCR\""
+ /usr/bin/osascript -e "display notification \"$2\" with title \"OCR\""
}
PATH="/usr/local/bin/:$PATH"
# Take screenshot by selecting the area
-screencapture -i "$IMAGE_FILE"
+/usr/sbin/screencapture -i "$IMAGE_FILE"
# Get the exit code of the previous command.
# So in this case, it is the screenshot command. If it did not exit with an
@@ -44,7 +43,7 @@ fi
# Copy text to clipboard
# xclip -selection clip < "$TEXT_FILE"
-pbcopy <"$TEXT_FILE"
+/usr/bin/pbcopy <"$TEXT_FILE"
# Send a notification with the text that was grabbed using OCR
notify-send "ocr" "$(cat $TEXT_FILE)"
diff --git a/modules/shell/utilities.nix b/modules/shell/utilities.nix
index d5d09e2..33d9c49 100644
--- a/modules/shell/utilities.nix
+++ b/modules/shell/utilities.nix
@@ -31,7 +31,7 @@ in {
vimv-rs # Batch rename files
dig # DNS lookup
lf # File viewer
- whois # Lookup IPs
+ # whois # Lookup IPs
age # Encryption
];
From bf09e166a9f668080b8e651e5b339072ebd7f1d9 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Fri, 28 Oct 2022 23:58:25 -0400
Subject: [PATCH 074/391] fix: grub wrong monitor
---
modules/hardware/boot.nix | 3 +++
1 file changed, 3 insertions(+)
diff --git a/modules/hardware/boot.nix b/modules/hardware/boot.nix
index 7d5a852..d92941f 100644
--- a/modules/hardware/boot.nix
+++ b/modules/hardware/boot.nix
@@ -10,6 +10,9 @@
# Check for other OSes and make them available
useOSProber = true;
+ # Attempt to display GRUB on widescreen monitor
+ gfxmodeEfi = "1920x1080";
+
# Install GRUB onto the boot disk
# device = config.fileSystems."/boot".device;
From e16674c81787227f1658fc24a14dea1a4cd8c960 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Fri, 28 Oct 2022 23:58:33 -0400
Subject: [PATCH 075/391] tweaks for i3 and common
---
hosts/common.nix | 2 +-
hosts/desktop/default.nix | 1 -
modules/graphical/i3.nix | 22 ++++++++++++----------
3 files changed, 13 insertions(+), 12 deletions(-)
diff --git a/hosts/common.nix b/hosts/common.nix
index 2beb87b..5143bce 100644
--- a/hosts/common.nix
+++ b/hosts/common.nix
@@ -23,7 +23,7 @@
};
identityFile = lib.mkOption {
type = lib.types.str;
- description = "Path to existing identity file.";
+ description = "Path to existing private key file.";
default = "/etc/ssh/ssh_host_ed25519_key";
};
gui = {
diff --git a/hosts/desktop/default.nix b/hosts/desktop/default.nix
index ace5cad..2244179 100644
--- a/hosts/desktop/default.nix
+++ b/hosts/desktop/default.nix
@@ -14,7 +14,6 @@ nixpkgs.lib.nixosSystem {
nix.registry.nixpkgs.flake = nixpkgs;
identityFile = "/home/${globals.user}/.ssh/id_ed25519";
gaming.steam = true;
- gaming.leagueoflegends = true;
gaming.legendary = true;
gui = {
enable = true;
diff --git a/modules/graphical/i3.nix b/modules/graphical/i3.nix
index 6c01f65..ff9891d 100644
--- a/modules/graphical/i3.nix
+++ b/modules/graphical/i3.nix
@@ -9,11 +9,11 @@ let
in {
- config = lib.mkIf config.services.xserver.enable {
+ config = {
services.xserver.windowManager = {
i3 = {
- enable = true;
+ enable = config.services.xserver.enable;
package = pkgs.i3-gaps;
};
};
@@ -25,7 +25,7 @@ in {
home-manager.users.${config.user} = {
xsession.windowManager.i3 = {
- enable = true;
+ enable = config.services.xserver.enable;
package = pkgs.i3-gaps;
config = let
modifier = "Mod4"; # Super key
@@ -238,7 +238,7 @@ in {
};
programs.fish.functions = {
- update-lock-screen = {
+ update-lock-screen = lib.mkIf config.services.xserver.enable {
description = "Update lockscreen with wallpaper";
body = lockUpdate;
};
@@ -247,17 +247,19 @@ in {
# Update lock screen cache only if cache is empty
home.activation.updateLockScreenCache =
let cacheDir = "${config.homePath}/.cache/betterlockscreen/current";
- in config.home-manager.users.${config.user}.lib.dag.entryAfter
- [ "writeBoundary" ] ''
- if [ ! -d ${cacheDir} ] || [ -z "$(ls ${cacheDir})" ]; then
- $DRY_RUN_CMD ${lockUpdate}
- fi
- '';
+ in lib.mkIf config.services.xserver.enable
+ (config.home-manager.users.${config.user}.lib.dag.entryAfter
+ [ "writeBoundary" ] ''
+ if [ ! -d ${cacheDir} ] || [ -z "$(ls ${cacheDir})" ]; then
+ $DRY_RUN_CMD ${lockUpdate}
+ fi
+ '');
};
# Ref: https://github.com/betterlockscreen/betterlockscreen/blob/next/system/betterlockscreen%40.service
systemd.services.lock = {
+ enable = config.services.xserver.enable;
description = "Lock the screen on resume from suspend";
before = [ "sleep.target" "suspend.target" ];
serviceConfig = {
From b718a01dc4ba4211d96a4c13481bd8317b0b9d4f Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sat, 29 Oct 2022 08:57:14 -0400
Subject: [PATCH 076/391] i think i fixed picom screen tearing
---
modules/graphical/picom.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/modules/graphical/picom.nix b/modules/graphical/picom.nix
index 6c555b4..c9ad371 100644
--- a/modules/graphical/picom.nix
+++ b/modules/graphical/picom.nix
@@ -6,6 +6,7 @@
services.picom = {
enable = true;
+ backend = "glx";
settings = {
blur = false;
blurExclude = [ ];
From 2af30faf7c87cc797dff05017860e469b2883090 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sat, 29 Oct 2022 14:42:37 -0400
Subject: [PATCH 077/391] update system and fix nvim
---
flake.lock | 36 ++++++++++++++--------------
modules/gaming/steam.nix | 2 +-
modules/neovim/lua/packer/lsp.lua | 4 ++--
modules/neovim/lua/packer/syntax.lua | 2 +-
4 files changed, 22 insertions(+), 22 deletions(-)
diff --git a/flake.lock b/flake.lock
index a560b71..5a442fc 100644
--- a/flake.lock
+++ b/flake.lock
@@ -7,11 +7,11 @@
]
},
"locked": {
- "lastModified": 1664210064,
- "narHash": "sha256-df6nKVZe/yAhmJ9csirTPahc0dldwm3HBhCVNA6qWr0=",
+ "lastModified": 1666776005,
+ "narHash": "sha256-HwSMF19PpczfqNHKcFsA6cF4PVbG00uUSdbq6q3jB5o=",
"owner": "lnl7",
"repo": "nix-darwin",
- "rev": "02d2551c927b7d65ded1b3c7cd13da5cc7ae3fcf",
+ "rev": "f6648ca0698d1611d7eadfa72b122252b833f86c",
"type": "github"
},
"original": {
@@ -60,11 +60,11 @@
"utils": "utils"
},
"locked": {
- "lastModified": 1664273942,
- "narHash": "sha256-PFQR1UJQs7a7eaH5YoCZky5dmxR5cjaKRK+MpPbR7YE=",
+ "lastModified": 1666903647,
+ "narHash": "sha256-sFI1Gh9DTGzHnBINondupUGYbe+T0wZcpcZjkW0qffM=",
"owner": "nix-community",
"repo": "home-manager",
- "rev": "1f5ef2bb419a327fae28a83b50fab50959132c24",
+ "rev": "213a06295dff96668a1d673b9fd1c03ce1de6745",
"type": "github"
},
"original": {
@@ -97,11 +97,11 @@
]
},
"locked": {
- "lastModified": 1660727616,
- "narHash": "sha256-zYTIvdPMYMx/EYqXODAwIIU30RiEHqNHdgarIHuEYZc=",
+ "lastModified": 1666812839,
+ "narHash": "sha256-0nBDgjPU+iDsvz89W+cDEyhnFGSwCJmwDl/gMGqYiU0=",
"owner": "nix-community",
"repo": "nixos-generators",
- "rev": "adccd191a0e83039d537e021f19495b7bad546a1",
+ "rev": "41f3518bc194389df22a3d198215eae75e6b5ab9",
"type": "github"
},
"original": {
@@ -112,11 +112,11 @@
},
"nixpkgs": {
"locked": {
- "lastModified": 1664195620,
- "narHash": "sha256-/0V1a1gAR+QbiQe4aCxBoivhkxss0xyt2mBD6yDrgjw=",
+ "lastModified": 1666959691,
+ "narHash": "sha256-TRpWA3t8ata79HOGtFd5dDCl1kJQmIE16PDF53/Hcxo=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "62228ccc672ed000f35b1e5c82e4183e46767e52",
+ "rev": "448a599c49978c2794401bfc3a2e1fba1a8663be",
"type": "github"
},
"original": {
@@ -143,11 +143,11 @@
},
"nur": {
"locked": {
- "lastModified": 1664282944,
- "narHash": "sha256-PrID+Tc90HWhkbO4b2kk3MFgjK+iBDWtDd534Y2D2Zs=",
+ "lastModified": 1667025500,
+ "narHash": "sha256-88akaieCIrqta3Uyha7Zv3FJWzKJebb2BrOdZba1zdI=",
"owner": "nix-community",
"repo": "nur",
- "rev": "dcc2af3d2504af6726c5cf40eb5e1165d5700721",
+ "rev": "21dd192519af12a01f1348bbfa86cde47f7aa392",
"type": "github"
},
"original": {
@@ -205,11 +205,11 @@
"nixpkgs": "nixpkgs_2"
},
"locked": {
- "lastModified": 1661772734,
- "narHash": "sha256-DkvAaLDg9D6O0i2MzUknaf/U078K4KWAZaJQmNC/tL8=",
+ "lastModified": 1666720338,
+ "narHash": "sha256-7V91ZtTz7zDXb6hivktQ9RlBglP+WEkYFSciPJHwMJw=",
"owner": "nix-community",
"repo": "NixOS-WSL",
- "rev": "c1b0259313f661cf74051c916cf3bb4f061ce11f",
+ "rev": "7bfb8f5aa91fee30a189eae32cda8ddc465076df",
"type": "github"
},
"original": {
diff --git a/modules/gaming/steam.nix b/modules/gaming/steam.nix
index b23bd7c..6e1996b 100644
--- a/modules/gaming/steam.nix
+++ b/modules/gaming/steam.nix
@@ -4,7 +4,7 @@
config = lib.mkIf config.gaming.steam {
hardware.steam-hardware.enable = true;
- unfreePackages = [ "steam" "steam-original" "steamcmd" ];
+ unfreePackages = [ "steam" "steam-original" "steamcmd" "steam-run" ];
environment.systemPackages = with pkgs; [
steam
diff --git a/modules/neovim/lua/packer/lsp.lua b/modules/neovim/lua/packer/lsp.lua
index 9316d49..74ae245 100644
--- a/modules/neovim/lua/packer/lsp.lua
+++ b/modules/neovim/lua/packer/lsp.lua
@@ -133,14 +133,14 @@ M.packer = function(use)
},
-- Format on save
on_attach = function(client)
- if client.resolved_capabilities.document_formatting then
+ if client.server_capabilities.document_formatting then
local id = vim.api.nvim_create_augroup("LspFormatting", {
clear = true,
})
vim.api.nvim_create_autocmd("BufWritePre", {
group = id,
pattern = "*",
- callback = vim.lsp.buf.formatting_seq_sync,
+ callback = vim.lsp.buf.format,
})
end
end,
diff --git a/modules/neovim/lua/packer/syntax.lua b/modules/neovim/lua/packer/syntax.lua
index 4ee4ade..434c137 100644
--- a/modules/neovim/lua/packer/syntax.lua
+++ b/modules/neovim/lua/packer/syntax.lua
@@ -8,7 +8,7 @@ M.packer = function(use)
-- Syntax engine
use({
"nvim-treesitter/nvim-treesitter",
- commit = "989c75046c46d2ed96bb65c5badd6b8f785e7f09",
+ commit = "9ada5f70f98d51e9e3e76018e783b39fd1cd28f7",
run = ":TSUpdate",
config = function()
require("nvim-treesitter.configs").setup({
From dfd903d3c94e96aeab98e6d3e1612c6e47838be5 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sun, 30 Oct 2022 13:57:14 -0400
Subject: [PATCH 078/391] add aerc and fix nvim 0.8
---
hosts/desktop/default.nix | 2 +-
modules/mail/aerc.nix | 186 ++++++++++++++++++++++++++++
modules/mail/default.nix | 83 +++++++++++++
modules/mail/himalaya.nix | 84 ++-----------
modules/neovim/lua/packer/lsp.lua | 17 +--
modules/neovim/lua/packer/misc.lua | 6 +-
modules/neovim/lua/packer/speed.lua | 43 -------
modules/neovim/lua/settings.lua | 9 +-
8 files changed, 297 insertions(+), 133 deletions(-)
create mode 100644 modules/mail/aerc.nix
create mode 100644 modules/mail/default.nix
diff --git a/hosts/desktop/default.nix b/hosts/desktop/default.nix
index 2244179..bc771e4 100644
--- a/hosts/desktop/default.nix
+++ b/hosts/desktop/default.nix
@@ -33,7 +33,7 @@ nixpkgs.lib.nixosSystem {
../../modules/graphical
../../modules/gaming
../../modules/applications
- ../../modules/mail/himalaya.nix
+ ../../modules/mail/default.nix
../../modules/repositories/notes.nix
../../modules/services/keybase.nix
../../modules/services/gnupg.nix
diff --git a/modules/mail/aerc.nix b/modules/mail/aerc.nix
new file mode 100644
index 0000000..348fe75
--- /dev/null
+++ b/modules/mail/aerc.nix
@@ -0,0 +1,186 @@
+{ config, pkgs, ... }: {
+
+ config = {
+
+ home-manager.users.${config.user} = {
+
+ home.packages = with pkgs; [
+ w3m # Render HTML
+ dante # Socksify for rendering HTML
+ ];
+
+ programs.aerc = {
+ enable = true;
+ extraBinds = {
+ # Binds are of the form =
+ # To use '=' in a key sequence, substitute it with "Eq": ""
+ # If you wish to bind #, you can wrap the key sequence in quotes: "#" = quit
+ global = {
+ "" = ":prev-tab";
+ "" = ":next-tab ";
+ "" = ":term";
+ "?" = ":help keys";
+ };
+
+ messages = {
+ q = ":quit";
+
+ j = ":next ";
+ "" = ":next";
+ "" = ":next 50%";
+ "" = ":next 100%";
+ "" = ":next 100%";
+
+ k = ":prev ";
+ "" = ":prev";
+ "" = ":prev 50%";
+ "" = ":prev 100%";
+ "" = ":prev 100%";
+ g = ":select 0 ";
+ G = ":select -1";
+
+ J = ":next-folder ";
+ K = ":prev-folder";
+ H = ":collapse-folder";
+ L = ":expand-folder";
+
+ v = ":mark -t";
+ V = ":mark -v";
+
+ T = ":toggle-threads";
+
+ "" = ":view";
+ d = ":prompt 'Really delete this message?' 'delete-message'";
+ D = ":delete";
+ A = ":archive flat";
+
+ C = ":compose";
+
+ rr = ":reply -a";
+ rq = ":reply -aq";
+ Rr = ":reply";
+ Rq = ":reply -q";
+
+ c = ":cf";
+ "$" = ":term";
+ "!" = ":term";
+ "|" = ":pipe";
+
+ "/" = ":search";
+ "\\" = ":filter ";
+ n = ":next-result";
+ N = ":prev-result";
+ "" = ":clear";
+ };
+
+ "messages:folder=Drafts" = { "" = ":recall"; };
+
+ view = {
+ "/" = ":toggle-key-passthrough /";
+ q = ":close";
+ O = ":open";
+ S = ":save";
+ "|" = ":pipe";
+ D = ":delete";
+ A = ":archive flat";
+
+ "" = ":open-link ";
+
+ f = ":forward ";
+ rr = ":reply -a";
+ rq = ":reply -aq";
+ Rr = ":reply";
+ Rq = ":reply -q";
+
+ H = ":toggle-headers";
+ "" = ":prev-part";
+ "" = ":next-part";
+ J = ":next ";
+ K = ":prev";
+ };
+
+ "view::passthrough" = {
+ "$noinherit" = "true";
+ "$ex" = "";
+ "" = ":toggle-key-passthrough";
+ };
+
+ compose = {
+ # Keybindings used when the embedded terminal is not selected in the compose
+ # view
+ "$noinherit" = "true";
+ "$ex" = "";
+ "" = ":prev-field";
+ "" = ":next-field";
+ "" = ":switch-account -p";
+ "" = ":switch-account -n";
+ "" = ":next-field";
+ "" = ":prev-tab";
+ "" = ":next-tab";
+ };
+
+ "compose::editor" = {
+ # Keybindings used when the embedded terminal is selected in the compose view
+ "$noinherit" = "true";
+ "$ex" = "";
+ "" = ":prev-field";
+ "" = ":next-field";
+ "" = ":prev-tab";
+ "" = ":next-tab";
+ };
+
+ "compose::review" = {
+ # Keybindings used when reviewing a message to be sent
+ y = ":send ";
+ n = ":abort";
+ p = ":postpone";
+ q = ":choose -o d discard abort -o p postpone postpone";
+ e = ":edit";
+ a = ":attach";
+ d = ":detach";
+ };
+
+ terminal = {
+ "$noinherit" = "true";
+ "$ex" = "";
+ "" = ":prev-tab";
+ "" = ":next-tab";
+ };
+
+ };
+ extraConfig = {
+ general.unsafe-accounts-conf = true;
+ viewer = { pager = "${pkgs.less}/bin/less -R"; };
+ filters = {
+ "text/plain" =
+ "${pkgs.gawk}/bin/awk -f ${pkgs.aerc}/share/aerc/filters/colorize";
+ "text/calendar" =
+ "${pkgs.gawk}/bin/awk -f ${pkgs.aerc}/share/aerc/filters/calendar";
+ "text/html" =
+ "${pkgs.aerc}/share/aerc/filters/html"; # Requires w3m, dante
+ # "text/html" =
+ # "${pkgs.aerc}/share/aerc/filters/html | ${pkgs.aerc}/share/aerc/filters/colorize";
+ # "text/*" =
+ # ''${pkgs.bat}/bin/bat -fP --file-name="$AERC_FILENAME "'';
+ "message/delivery-status" =
+ "${pkgs.gawk}/bin/awk -f ${pkgs.aerc}/share/aerc/filters/colorize";
+ "message/rfc822" =
+ "${pkgs.gawk}/bin/awk -f ${pkgs.aerc}/share/aerc/filters/colorize";
+ "application/x-sh" = "${pkgs.bat}/bin/bat -fP -l sh";
+ };
+ };
+ };
+ accounts.email.accounts.home.aerc = {
+ enable = true;
+ extraAccounts = {
+ check-mail = "1m";
+ check-mail-cmd = "${pkgs.isync}/bin/mbsync -a";
+ };
+ };
+
+ programs.fish.shellAbbrs = { ae = "aerc"; };
+
+ };
+
+ };
+}
diff --git a/modules/mail/default.nix b/modules/mail/default.nix
new file mode 100644
index 0000000..61a7117
--- /dev/null
+++ b/modules/mail/default.nix
@@ -0,0 +1,83 @@
+{ config, pkgs, lib, ... }: {
+
+ imports = [ ./himalaya.nix ./aerc.nix ];
+
+ options = {
+ mailUser = lib.mkOption {
+ type = lib.types.str;
+ description = "User name for the email address.";
+ default = config.user;
+ };
+ mailServer = lib.mkOption {
+ type = lib.types.str;
+ description = "Server name for the email address.";
+ };
+ };
+
+ config = {
+
+ home-manager.users.${config.user} = {
+ programs.mbsync = { enable = true; };
+ services.mbsync = lib.mkIf pkgs.stdenv.isLinux {
+ enable = true;
+ frequency = "*:0/5";
+ };
+ accounts.email = {
+ maildirBasePath = "${config.homePath}/mail";
+ accounts = {
+ home = let address = "${config.mailUser}@${config.mailServer}";
+ in {
+ userName = address;
+ realName = config.fullName;
+ primary = true;
+ inherit address;
+ aliases = map (mailUser: "${mailUser}@${config.mailServer}") [
+ "me"
+ "hey"
+ "admin"
+ ];
+ alot = { };
+ flavor = "plain";
+ folders = { };
+ getmail = { };
+ imap = {
+ host = "imap.purelymail.com";
+ port = 993;
+ tls.enable = true;
+ };
+ imapnotify = {
+ enable = false;
+ boxes = [ ];
+ onNotify = "";
+ onNotifyPost = "";
+ };
+ maildir = { path = "main"; };
+ mbsync = {
+ enable = true;
+ create = "maildir";
+ expunge = "none";
+ remove = "none";
+ patterns = [ "*" ];
+ extraConfig.channel = {
+ CopyArrivalDate = "yes"; # Sync time of original message
+ };
+ };
+ mu.enable = false;
+ notmuch.enable = false;
+ passwordCommand =
+ "${pkgs.age}/bin/age --decrypt --identity ${config.identityFile} ${
+ builtins.toString ../../private/mailpass.age
+ }";
+ smtp = {
+ host = "smtp.purelymail.com";
+ port = 465;
+ tls.enable = true;
+ };
+ };
+ };
+ };
+
+ };
+
+ };
+}
diff --git a/modules/mail/himalaya.nix b/modules/mail/himalaya.nix
index 90dc298..12748d3 100644
--- a/modules/mail/himalaya.nix
+++ b/modules/mail/himalaya.nix
@@ -1,87 +1,17 @@
-{ config, pkgs, lib, ... }: {
-
- options = {
- mailUser = lib.mkOption {
- type = lib.types.str;
- description = "User name for the email address.";
- default = config.user;
- };
- mailServer = lib.mkOption {
- type = lib.types.str;
- description = "Server name for the email address.";
- };
- };
+{ config, ... }: {
config = {
home-manager.users.${config.user} = {
programs.himalaya = { enable = true; };
- programs.mbsync = { enable = true; };
- services.mbsync = lib.mkIf pkgs.stdenv.isLinux {
+ accounts.email.accounts.home.himalaya = {
enable = true;
- frequency = "*:0/5";
- };
-
- accounts.email = {
- maildirBasePath = "${config.homePath}/mail";
- accounts = {
- home = let address = "${config.mailUser}@${config.mailServer}";
- in {
- userName = address;
- realName = config.fullName;
- primary = true;
- inherit address;
- aliases = map (mailUser: "${mailUser}@${config.mailServer}") [
- "me"
- "hey"
- "admin"
- ];
- alot = { };
- flavor = "plain";
- folders = { };
- getmail = { };
- himalaya = {
- enable = true;
- settings = {
- downloads-dir = config.userDirs.download;
- smtp-insecure = true;
- };
- };
- imap = {
- host = "imap.purelymail.com";
- port = 993;
- tls.enable = true;
- };
- imapnotify = {
- enable = false;
- boxes = [ ];
- onNotify = "";
- onNotifyPost = "";
- };
- maildir = { path = "main"; };
- mbsync = {
- enable = true;
- create = "maildir";
- expunge = "none";
- remove = "none";
- patterns = [ "*" ];
- extraConfig.channel = {
- CopyArrivalDate = "yes"; # Sync time of original message
- };
- };
- mu.enable = false;
- notmuch.enable = false;
- passwordCommand =
- "${pkgs.age}/bin/age --decrypt --identity ${config.identityFile} ${
- builtins.toString ../../private/mailpass.age
- }";
- smtp = {
- host = "smtp.purelymail.com";
- port = 465;
- tls.enable = true;
- };
- };
+ settings = {
+ backend = "imap";
+ sender = "smtp";
+ downloads-dir = config.userDirs.download;
+ smtp-insecure = true;
};
};
diff --git a/modules/neovim/lua/packer/lsp.lua b/modules/neovim/lua/packer/lsp.lua
index 74ae245..1a4ccc2 100644
--- a/modules/neovim/lua/packer/lsp.lua
+++ b/modules/neovim/lua/packer/lsp.lua
@@ -79,6 +79,7 @@ M.packer = function(use)
return vim.fn.executable(program) == 1
end
+ local augroup = vim.api.nvim_create_augroup("LspFormatting", {})
require("null-ls").setup({
sources = {
require("null-ls").builtins.formatting.stylua.with({
@@ -132,15 +133,15 @@ M.packer = function(use)
-- require("null-ls").builtins.diagnostics.pylint,
},
-- Format on save
- on_attach = function(client)
- if client.server_capabilities.document_formatting then
- local id = vim.api.nvim_create_augroup("LspFormatting", {
- clear = true,
- })
+ on_attach = function(client, bufnr)
+ if client.supports_method("textDocument/formatting") then
+ vim.api.nvim_clear_autocmds({ group = augroup, buffer = bufnr })
vim.api.nvim_create_autocmd("BufWritePre", {
- group = id,
- pattern = "*",
- callback = vim.lsp.buf.format,
+ group = augroup,
+ buffer = bufnr,
+ callback = function()
+ vim.lsp.buf.format({ bufnr = bufnr })
+ end,
})
end
end,
diff --git a/modules/neovim/lua/packer/misc.lua b/modules/neovim/lua/packer/misc.lua
index 014f839..017fef1 100644
--- a/modules/neovim/lua/packer/misc.lua
+++ b/modules/neovim/lua/packer/misc.lua
@@ -53,10 +53,12 @@ M.packer = function(use)
symbols = { " ", "-", "x" },
},
})
- -- Save when moving to new buffer
vim.api.nvim_create_autocmd("FileType", {
pattern = "markdown",
- command = "set autowriteall",
+ callback = function()
+ vim.o.autowriteall = true -- Save in new buffer
+ vim.o.wrapmargin = 79 -- Wrap text automatically
+ end,
})
end,
})
diff --git a/modules/neovim/lua/packer/speed.lua b/modules/neovim/lua/packer/speed.lua
index 414715e..57222e2 100644
--- a/modules/neovim/lua/packer/speed.lua
+++ b/modules/neovim/lua/packer/speed.lua
@@ -8,49 +8,6 @@ M.packer = function(use)
require("impatient")
end,
})
-
- -- Improve speed and filetype detection
- use({
- "nathom/filetype.nvim",
- config = function()
- -- Filetype for .env files
- local envfiletype = function()
- vim.bo.filetype = "text"
- vim.bo.syntax = "sh"
- end
- -- Force filetype patterns that Vim doesn't know about
- require("filetype").setup({
- overrides = {
- extensions = {
- Brewfile = "brewfile",
- muttrc = "muttrc",
- tfvars = "terraform",
- tf = "terraform",
- },
- literal = {
- Caskfile = "brewfile",
- [".gitignore"] = "gitignore",
- config = "config",
- },
- complex = {
- [".*git/config"] = "gitconfig",
- ["tmux.conf%..*link"] = "tmux",
- ["gitconfig%..*link"] = "gitconfig",
- [".*ignore%..*link"] = "gitignore",
- [".*%.toml%..*link"] = "toml",
- },
- function_extensions = {},
- function_literal = {
- [".envrc"] = envfiletype,
- [".env"] = envfiletype,
- [".env.dev"] = envfiletype,
- [".env.prod"] = envfiletype,
- [".env.example"] = envfiletype,
- },
- },
- })
- end,
- })
end
return M
diff --git a/modules/neovim/lua/settings.lua b/modules/neovim/lua/settings.lua
index 130d8e2..ef2cec6 100644
--- a/modules/neovim/lua/settings.lua
+++ b/modules/neovim/lua/settings.lua
@@ -32,8 +32,6 @@ vim.opt.completeopt = {
"menuone",
"noselect",
}
--- Required until 0.6.0: do not source the default filetype.vim
-vim.g.did_load_filetypes = 1
-- Remember last position when reopening file
vim.api.nvim_exec(
@@ -77,6 +75,13 @@ vim.api.nvim_exec(
false
)
+vim.api.nvim_create_autocmd("FileType", {
+ pattern = "*.eml",
+ callback = function()
+ vim.o.wrapmargin = 79 -- Wrap text automatically
+ end,
+})
+
-- Netrw
vim.g.netrw_liststyle = 3 -- Change style to 'tree' view
vim.g.netrw_banner = 0 -- Remove useless banner
From b15cd8c0b653c95ce42097105c91a6c33e400456 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sun, 30 Oct 2022 20:13:32 -0400
Subject: [PATCH 079/391] add basic kitty config
closes #7
---
modules/applications/kitty.nix | 73 ++++++++++++++++++++++++++++++++++
1 file changed, 73 insertions(+)
create mode 100644 modules/applications/kitty.nix
diff --git a/modules/applications/kitty.nix b/modules/applications/kitty.nix
new file mode 100644
index 0000000..c41201a
--- /dev/null
+++ b/modules/applications/kitty.nix
@@ -0,0 +1,73 @@
+{ config, pkgs, lib, ... }: {
+
+ config = lib.mkIf config.gui.enable {
+ home-manager.users.${config.user} = {
+ # xsession.windowManager.i3.config.terminal = "kitty";
+ # programs.rofi.terminal = "${pkgs.kitty}/bin/kitty";
+ programs.kitty = {
+ enable = true;
+ darwinLaunchOptions = null;
+ environment = { };
+ extraConfig = "";
+ font.size = 14;
+ keybindings = { };
+ settings = {
+
+ # Colors (adapted from: https://github.com/kdrag0n/base16-kitty/blob/master/templates/default-256.mustache)
+ background = config.colorscheme.base00;
+ foreground = config.colorscheme.base05;
+ selection_background = config.colorscheme.base05;
+ selection_foreground = config.colorscheme.base00;
+ url_color = config.colorscheme.base04;
+ cursor = config.colorscheme.base05;
+ active_border_color = config.colorscheme.base03;
+ inactive_border_color = config.colorscheme.base01;
+ active_tab_background = config.colorscheme.base00;
+ active_tab_foreground = config.colorscheme.base05;
+ inactive_tab_background = config.colorscheme.base01;
+ inactive_tab_foreground = config.colorscheme.base04;
+ tab_bar_background = config.colorscheme.base01;
+
+ # normal
+ color0 = config.colorscheme.base00;
+ color1 = config.colorscheme.base08;
+ color2 = config.colorscheme.base0B;
+ color3 = config.colorscheme.base0A;
+ color4 = config.colorscheme.base0D;
+ color5 = config.colorscheme.base0E;
+ color6 = config.colorscheme.base0C;
+ color7 = config.colorscheme.base05;
+
+ # bright
+ color8 = config.colorscheme.base03;
+ color9 = config.colorscheme.base08;
+ color10 = config.colorscheme.base0B;
+ color11 = config.colorscheme.base0A;
+ color12 = config.colorscheme.base0D;
+ color13 = config.colorscheme.base0E;
+ color14 = config.colorscheme.base0C;
+ color15 = config.colorscheme.base07;
+
+ # extended base16 colors
+ color16 = config.colorscheme.base09;
+ color17 = config.colorscheme.base0F;
+ color18 = config.colorscheme.base01;
+ color19 = config.colorscheme.base02;
+ color20 = config.colorscheme.base04;
+ color21 = config.colorscheme.base06;
+
+ # Scrollback
+ scrolling_lines = 10000;
+ scrollback_pager_history_size = 10; # MB
+ scrollback_pager = ''
+ ${pkgs.neovim}/bin/nvim -c 'setlocal nonumber nolist showtabline=0 foldcolumn=0|Man!' -c "autocmd VimEnter * normal G" -'';
+
+ # Window
+ window_padding_width = 4;
+
+ # macos_traditional_fullscreen = true;
+ };
+ };
+ };
+ };
+}
From 2d10939285f4c9ffb3858d42896592c0c14b3fb9 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sun, 30 Oct 2022 20:14:41 -0400
Subject: [PATCH 080/391] clean up flake inputs and allow standalone
home-manager
closes #11
---
flake.nix | 30 +++++++++++++++++-------------
hosts/aws/default.nix | 4 +++-
hosts/desktop/default.nix | 4 +++-
hosts/macbook/default.nix | 4 +++-
hosts/oracle/default.nix | 4 +++-
hosts/wsl/default.nix | 4 +++-
modules/darwin/nixpkgs.nix | 7 +++++++
modules/shell/nixpkgs.nix | 8 ++++++++
8 files changed, 47 insertions(+), 18 deletions(-)
diff --git a/flake.nix b/flake.nix
index 09b8e3c..d588a57 100644
--- a/flake.nix
+++ b/flake.nix
@@ -61,27 +61,31 @@
# Helper function to generate an attrset '{ x86_64-linux = f "x86_64-linux"; ... }'.
forAllSystems = nixpkgs.lib.genAttrs supportedSystems;
- in {
+ in rec {
- nixosConfigurations = with inputs; {
- desktop = import ./hosts/desktop {
- inherit nixpkgs home-manager nur globals wallpapers;
- };
- wsl = import ./hosts/wsl { inherit nixpkgs wsl home-manager globals; };
- oracle =
- import ./hosts/oracle { inherit nixpkgs home-manager globals; };
+ nixosConfigurations = {
+ desktop = import ./hosts/desktop { inherit inputs globals; };
+ wsl = import ./hosts/wsl { inherit inputs globals; };
+ oracle = import ./hosts/oracle { inherit inputs globals; };
};
- darwinConfigurations = with inputs; {
- macbook = import ./hosts/macbook {
- inherit nixpkgs darwin home-manager nur globals;
- };
+ darwinConfigurations = {
+ macbook = import ./hosts/macbook { inherit inputs globals; };
+ };
+
+ # For quickly applying local settings with:
+ # home-manager switch --flake .#desktop
+ homeConfigurations = {
+ desktop =
+ nixosConfigurations.desktop.config.home-manager.users.${globals.user}.home;
+ macbook =
+ darwinConfigurations.macbook.config.home-manager.users."Noah.Masur".home;
};
# Package servers into images with a generator
packages.x86_64-linux = with inputs; {
aws = import ./hosts/aws {
- inherit nixpkgs nixos-generators home-manager globals;
+ inherit inputs globals;
system = "x86_64-linux";
};
};
diff --git a/hosts/aws/default.nix b/hosts/aws/default.nix
index 69bf62c..036679f 100644
--- a/hosts/aws/default.nix
+++ b/hosts/aws/default.nix
@@ -1,4 +1,6 @@
-{ nixpkgs, system, nixos-generators, home-manager, globals, ... }:
+{ inputs, globals, ... }:
+
+with inputs;
nixos-generators.nixosGenerate {
inherit system;
diff --git a/hosts/desktop/default.nix b/hosts/desktop/default.nix
index bc771e4..198e910 100644
--- a/hosts/desktop/default.nix
+++ b/hosts/desktop/default.nix
@@ -1,4 +1,6 @@
-{ nixpkgs, home-manager, nur, globals, wallpapers, ... }:
+{ inputs, globals, ... }:
+
+with inputs;
# System configuration for my desktop
nixpkgs.lib.nixosSystem {
diff --git a/hosts/macbook/default.nix b/hosts/macbook/default.nix
index 8d3dcf4..828c732 100644
--- a/hosts/macbook/default.nix
+++ b/hosts/macbook/default.nix
@@ -1,4 +1,6 @@
-{ nixpkgs, darwin, home-manager, nur, globals, ... }:
+{ inputs, globals, ... }:
+
+with inputs;
# System configuration for my work MacBook
darwin.lib.darwinSystem {
diff --git a/hosts/oracle/default.nix b/hosts/oracle/default.nix
index fe13e85..25fa460 100644
--- a/hosts/oracle/default.nix
+++ b/hosts/oracle/default.nix
@@ -1,4 +1,6 @@
-{ nixpkgs, home-manager, globals, ... }:
+{ inputs, globals, ... }:
+
+with inputs;
# System configuration for an Oracle free server
diff --git a/hosts/wsl/default.nix b/hosts/wsl/default.nix
index 95cc9f3..2c700b4 100644
--- a/hosts/wsl/default.nix
+++ b/hosts/wsl/default.nix
@@ -1,4 +1,6 @@
-{ nixpkgs, wsl, home-manager, globals, ... }:
+{ inputs, globals, ... }:
+
+with inputs;
# System configuration for WSL
nixpkgs.lib.nixosSystem {
diff --git a/modules/darwin/nixpkgs.nix b/modules/darwin/nixpkgs.nix
index 3f8fbc1..b3e69ce 100644
--- a/modules/darwin/nixpkgs.nix
+++ b/modules/darwin/nixpkgs.nix
@@ -18,6 +18,13 @@
commandline --function execute
'';
};
+ rebuild-home = lib.mkForce {
+ body = ''
+ git -C ${config.dotfilesPath} add --intent-to-add --all
+ commandline -r ${pkgs.home-manager}/bin/home-manager switch --flake ${config.dotfilesPath}#${config.networking.hostName}";
+ commandline --function execute
+ '';
+ };
};
};
diff --git a/modules/shell/nixpkgs.nix b/modules/shell/nixpkgs.nix
index bb2096f..e6a1840 100644
--- a/modules/shell/nixpkgs.nix
+++ b/modules/shell/nixpkgs.nix
@@ -12,6 +12,7 @@
nixh = "man home-configuration.nix";
nr = "rebuild-nixos";
nro = "rebuild-nixos offline";
+ hm = "rebuild-home";
};
functions = {
nix-shell-run = {
@@ -43,6 +44,13 @@
commandline --function execute
'';
};
+ rebuild-home = {
+ body = ''
+ git -C ${config.dotfilesPath} add --intent-to-add --all
+ commandline -r "${pkgs.home-manager}/bin/home-manager switch --flake ${config.dotfilesPath}#${config.networking.hostName}";
+ commandline --function execute
+ '';
+ };
};
};
From c74d003a57fe2b9f7ede34e3abcebb67b47be076 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sun, 30 Oct 2022 20:15:32 -0400
Subject: [PATCH 081/391] change alacritty scrollback keybind to match kitty
add fonts for kitty
---
modules/applications/alacritty.nix | 4 ++--
modules/applications/default.nix | 1 +
modules/darwin/fonts.nix | 5 +++++
modules/graphical/fonts.nix | 1 +
windows/alacritty.yml | 2 +-
5 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/modules/applications/alacritty.nix b/modules/applications/alacritty.nix
index 8f95551..2c93b60 100644
--- a/modules/applications/alacritty.nix
+++ b/modules/applications/alacritty.nix
@@ -34,8 +34,8 @@
chars = "\\x11F";
}
{
- key = "K";
- mods = "Control";
+ key = "H";
+ mods = "Control|Shift";
mode = "~Vi";
action = "ToggleViMode";
}
diff --git a/modules/applications/default.nix b/modules/applications/default.nix
index 6d0ca0a..ee01e55 100644
--- a/modules/applications/default.nix
+++ b/modules/applications/default.nix
@@ -6,6 +6,7 @@
./calibre.nix
./discord.nix
./firefox.nix
+ ./kitty.nix
./media.nix
./obsidian.nix
./qbittorrent.nix
diff --git a/modules/darwin/fonts.nix b/modules/darwin/fonts.nix
index 20ea0dc..874457a 100644
--- a/modules/darwin/fonts.nix
+++ b/modules/darwin/fonts.nix
@@ -9,6 +9,11 @@
font.normal.family = "FiraCode Nerd Font Mono";
};
+ programs.kitty.font = {
+ package = pkgs.nerdfonts;
+ name = "FiraCode";
+ };
+
};
}
diff --git a/modules/graphical/fonts.nix b/modules/graphical/fonts.nix
index ae81955..55d6245 100644
--- a/modules/graphical/fonts.nix
+++ b/modules/graphical/fonts.nix
@@ -21,6 +21,7 @@ in {
services.polybar.config."bar/main".font-0 = "Hack Nerd Font:size=10;2";
programs.rofi.font = "Hack Nerd Font 14";
programs.alacritty.settings.font.normal.family = fontName;
+ programs.kitty.font.name = fontName;
};
};
diff --git a/windows/alacritty.yml b/windows/alacritty.yml
index fedf71d..4edb4d4 100644
--- a/windows/alacritty.yml
+++ b/windows/alacritty.yml
@@ -723,7 +723,7 @@ key_bindings:
- { key: L, mods: Control|Shift, chars: "\x1F" }
# Used for searching nixpkgs in fish_user_key_bindings
- { key: N, mods: Control|Shift, chars: "\x11F" }
- - { key: K, mods: Control, mode: ~Vi, action: ToggleViMode }
+ - { key: H, mods: Control|Shift, mode: ~Vi, action: ToggleViMode }
- { key: Return, mode: Vi, action: ToggleViMode }
# Used to enable $ keybind in Vi mode
- { key: 5, mods: Shift, mode: Vi|~Search, action: Last }
From 52edaa7d9ca0246d1a14fcaffb9b615124380366 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sun, 30 Oct 2022 20:16:01 -0400
Subject: [PATCH 082/391] prevent ctrl-q from quitting firefox
will this affect macos?
---
modules/applications/firefox.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/modules/applications/firefox.nix b/modules/applications/firefox.nix
index 4d18594..eb39b8e 100644
--- a/modules/applications/firefox.nix
+++ b/modules/applications/firefox.nix
@@ -33,6 +33,7 @@
settings = {
"browser.aboutConfig.showWarning" = false;
"browser.warnOnQuit" = false;
+ "browser.quitShortcut.disabled" = true;
"browser.theme.dark-private-windows" = true;
"browser.toolbars.bookmarks.visibility" = "newtab";
"browser.startup.page" = 3; # Restore previous session
From 22885f1b27ec274b206980e7f0a606a4e3b25b42 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sun, 30 Oct 2022 20:16:37 -0400
Subject: [PATCH 083/391] temp: try to show users in lightdm greeter
still isn't working unfortunately
---
modules/graphical/xorg.nix | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/modules/graphical/xorg.nix b/modules/graphical/xorg.nix
index cf3c070..353beab 100644
--- a/modules/graphical/xorg.nix
+++ b/modules/graphical/xorg.nix
@@ -27,6 +27,11 @@ in {
# Make the login screen dark
greeters.gtk.theme = gtkTheme;
+ # Show default user
+ extraSeatDefaults = ''
+ greeter-hide-users = false
+ '';
+
};
};
From 7075371b11cdbac0bde2e0b1dcdb84ba26e492f6 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sun, 30 Oct 2022 20:42:32 -0400
Subject: [PATCH 084/391] remove warning about dirty git tree
---
hosts/common.nix | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/hosts/common.nix b/hosts/common.nix
index 5143bce..57451c9 100644
--- a/hosts/common.nix
+++ b/hosts/common.nix
@@ -65,7 +65,10 @@
in {
# Enable features in Nix commands
- nix.extraOptions = "experimental-features = nix-command flakes";
+ nix.extraOptions = ''
+ experimental-features = nix-command flakes
+ warn-dirty = false
+ '';
# Basic common system packages for all devices
environment.systemPackages = with pkgs; [ git vim wget curl ];
From 0448037a6b608b1c6dc99822f822210af78303ad Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sun, 30 Oct 2022 20:43:34 -0400
Subject: [PATCH 085/391] set kitty tab style to slant
---
modules/applications/kitty.nix | 3 +++
1 file changed, 3 insertions(+)
diff --git a/modules/applications/kitty.nix b/modules/applications/kitty.nix
index c41201a..41cfd6f 100644
--- a/modules/applications/kitty.nix
+++ b/modules/applications/kitty.nix
@@ -65,6 +65,9 @@
# Window
window_padding_width = 4;
+ tab_bar_edge = "top";
+ tab_bar_style = "slant";
+
# macos_traditional_fullscreen = true;
};
};
From 7bd21254384824547a49f0dbdb181491b4174186 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sun, 30 Oct 2022 20:43:49 -0400
Subject: [PATCH 086/391] fix: actually use exa for ls
---
modules/shell/fish/default.nix | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/modules/shell/fish/default.nix b/modules/shell/fish/default.nix
index d4dd300..55e00e0 100644
--- a/modules/shell/fish/default.nix
+++ b/modules/shell/fish/default.nix
@@ -7,10 +7,11 @@
home-manager.users.${config.user} = {
# Packages used in abbreviations and aliases
- home.packages = with pkgs; [ curl ];
+ home.packages = with pkgs; [ curl exa ];
programs.fish = {
enable = true;
+ shellAliases = { ls = "exa"; };
functions = {
commandline-git-commits = {
description = "Insert commit into commandline";
@@ -41,7 +42,6 @@
description = "Tidy up JSON using jq";
body = "pbpaste | jq '.' | pbcopy"; # Need to fix for non-macOS
};
- ls = { body = "${pkgs.exa}/bin/exa $argv"; };
note = {
description = "Edit or create a note";
argumentNames = "filename";
From d7b711ff027ed563f219c6cdf57e38c68ebb6d0d Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Mon, 31 Oct 2022 14:45:51 -0400
Subject: [PATCH 087/391] replace alacritty with kitty on macos
---
hosts/macbook/default.nix | 3 ++-
modules/applications/kitty.nix | 5 +----
modules/darwin/default.nix | 1 +
.../hammerspoon/Spoons/Launcher.spoon/init.lua | 2 +-
modules/darwin/kitty.nix | 16 ++++++++++++++++
modules/darwin/nixpkgs.nix | 4 ++--
modules/darwin/user.nix | 5 +++--
7 files changed, 26 insertions(+), 10 deletions(-)
create mode 100644 modules/darwin/kitty.nix
diff --git a/hosts/macbook/default.nix b/hosts/macbook/default.nix
index 828c732..21132b9 100644
--- a/hosts/macbook/default.nix
+++ b/hosts/macbook/default.nix
@@ -25,9 +25,10 @@ darwin.lib.darwinSystem {
}
../common.nix
../../modules/darwin
+ ../../modules/mail
../../modules/applications/alacritty.nix
+ ../../modules/applications/kitty.nix
../../modules/applications/discord.nix
- ../../modules/mail/himalaya.nix
../../modules/repositories/notes.nix
../../modules/programming/nix.nix
../../modules/programming/terraform.nix
diff --git a/modules/applications/kitty.nix b/modules/applications/kitty.nix
index 41cfd6f..cf5e2bb 100644
--- a/modules/applications/kitty.nix
+++ b/modules/applications/kitty.nix
@@ -6,7 +6,6 @@
# programs.rofi.terminal = "${pkgs.kitty}/bin/kitty";
programs.kitty = {
enable = true;
- darwinLaunchOptions = null;
environment = { };
extraConfig = "";
font.size = 14;
@@ -63,12 +62,10 @@
${pkgs.neovim}/bin/nvim -c 'setlocal nonumber nolist showtabline=0 foldcolumn=0|Man!' -c "autocmd VimEnter * normal G" -'';
# Window
- window_padding_width = 4;
+ window_padding_width = 6;
tab_bar_edge = "top";
tab_bar_style = "slant";
-
- # macos_traditional_fullscreen = true;
};
};
};
diff --git a/modules/darwin/default.nix b/modules/darwin/default.nix
index dce21ae..3ce9ed2 100644
--- a/modules/darwin/default.nix
+++ b/modules/darwin/default.nix
@@ -5,6 +5,7 @@
./fonts.nix
./hammerspoon.nix
./homebrew.nix
+ ./kitty.nix
./networking.nix
./nixpkgs.nix
./system.nix
diff --git a/modules/darwin/hammerspoon/Spoons/Launcher.spoon/init.lua b/modules/darwin/hammerspoon/Spoons/Launcher.spoon/init.lua
index fa27215..2be1b5a 100644
--- a/modules/darwin/hammerspoon/Spoons/Launcher.spoon/init.lua
+++ b/modules/darwin/hammerspoon/Spoons/Launcher.spoon/init.lua
@@ -56,7 +56,7 @@ function obj:init()
-- Launcher shortcuts
self.launcher:bind("ctrl", "space", function() end)
self.launcher:bind("", "return", function()
- self:switch("Alacritty.app")
+ self:switch("kitty.app")
end)
self.launcher:bind("", "C", function()
self:switch("Calendar.app")
diff --git a/modules/darwin/kitty.nix b/modules/darwin/kitty.nix
new file mode 100644
index 0000000..5191927
--- /dev/null
+++ b/modules/darwin/kitty.nix
@@ -0,0 +1,16 @@
+{ config, pkgs, lib, ... }: {
+
+ # MacOS-specific settings for Kitty
+ home-manager.users.${config.user} = {
+ programs.kitty = {
+ darwinLaunchOptions = [ "--start-as=fullscreen" ];
+ font.size = lib.mkForce 20;
+ settings = {
+ shell = "${pkgs.fish}/bin/fish";
+ macos_traditional_fullscreen = true;
+ macos_quit_when_last_window_closed = true;
+ };
+ };
+ };
+
+}
diff --git a/modules/darwin/nixpkgs.nix b/modules/darwin/nixpkgs.nix
index b3e69ce..cde96ce 100644
--- a/modules/darwin/nixpkgs.nix
+++ b/modules/darwin/nixpkgs.nix
@@ -1,4 +1,4 @@
-{ config, lib, ... }: {
+{ config, pkgs, lib, ... }: {
home-manager.users.${config.user} = {
@@ -21,7 +21,7 @@
rebuild-home = lib.mkForce {
body = ''
git -C ${config.dotfilesPath} add --intent-to-add --all
- commandline -r ${pkgs.home-manager}/bin/home-manager switch --flake ${config.dotfilesPath}#${config.networking.hostName}";
+ commandline -r "${pkgs.home-manager}/bin/home-manager switch --flake ${config.dotfilesPath}#${config.networking.hostName}";
commandline --function execute
'';
};
diff --git a/modules/darwin/user.nix b/modules/darwin/user.nix
index 278325f..d3bfbc0 100644
--- a/modules/darwin/user.nix
+++ b/modules/darwin/user.nix
@@ -1,8 +1,9 @@
{ config, pkgs, lib, ... }: {
- users.users."${config.user}" = { # macOS user
+ users.users."${config.user}" = {
+ # macOS user
home = config.homePath;
- shell = pkgs.zsh; # Default shell
+ shell = pkgs.fish; # Default shell
};
}
From 40424a01027fb85a06a1b3a4749508fc2d8c4191 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Mon, 31 Oct 2022 14:46:04 -0400
Subject: [PATCH 088/391] temp: disable visidata bc of python errors
---
modules/darwin/utilities.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/modules/darwin/utilities.nix b/modules/darwin/utilities.nix
index 30b509b..07d0a80 100644
--- a/modules/darwin/utilities.nix
+++ b/modules/darwin/utilities.nix
@@ -18,7 +18,7 @@ in {
home-manager.users.${config.user} = {
home.packages = with pkgs; [
- visidata # CSV inspector
+ # visidata # CSV inspector
dos2unix # Convert Windows text files
inetutils # Includes telnet
youtube-dl # Convert web videos
From 38695b29bd3d0317092bc4d414c8c73c1bc4e79c Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Mon, 31 Oct 2022 20:47:33 -0400
Subject: [PATCH 089/391] use shift+enter for completion in terminal
---
modules/applications/alacritty.nix | 4 ++--
modules/applications/kitty.nix | 5 ++++-
windows/alacritty.yml | 2 +-
3 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/modules/applications/alacritty.nix b/modules/applications/alacritty.nix
index 2c93b60..03f7393 100644
--- a/modules/applications/alacritty.nix
+++ b/modules/applications/alacritty.nix
@@ -23,8 +23,8 @@
key_bindings = [
# Used for word completion in fish_user_key_bindings
{
- key = "L";
- mods = "Control|Shift";
+ key = "Return";
+ mods = "Shift";
chars = "\\x1F";
}
# Used for searching nixpkgs in fish_user_key_bindings
diff --git a/modules/applications/kitty.nix b/modules/applications/kitty.nix
index cf5e2bb..87e66af 100644
--- a/modules/applications/kitty.nix
+++ b/modules/applications/kitty.nix
@@ -9,7 +9,10 @@
environment = { };
extraConfig = "";
font.size = 14;
- keybindings = { };
+ keybindings = {
+ "shift+enter" = "send_text all \\x1F";
+ "super+f" = "toggle_fullscreen";
+ };
settings = {
# Colors (adapted from: https://github.com/kdrag0n/base16-kitty/blob/master/templates/default-256.mustache)
diff --git a/windows/alacritty.yml b/windows/alacritty.yml
index 4edb4d4..c030789 100644
--- a/windows/alacritty.yml
+++ b/windows/alacritty.yml
@@ -720,7 +720,7 @@ shell:
# in the order they were defined in.
key_bindings:
# Used for word completion in fish_user_key_bindings
- - { key: L, mods: Control|Shift, chars: "\x1F" }
+ - { key: Return, mods: Shift, chars: "\x1F" }
# Used for searching nixpkgs in fish_user_key_bindings
- { key: N, mods: Control|Shift, chars: "\x11F" }
- { key: H, mods: Control|Shift, mode: ~Vi, action: ToggleViMode }
From 969e89cda34dbd0c4b6db868b4ca8378fe08d336 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Mon, 31 Oct 2022 20:47:42 -0400
Subject: [PATCH 090/391] set kitty to default in i3
---
modules/graphical/i3.nix | 424 ++++++++++++++++++++-------------------
1 file changed, 218 insertions(+), 206 deletions(-)
diff --git a/modules/graphical/i3.nix b/modules/graphical/i3.nix
index ff9891d..86a7157 100644
--- a/modules/graphical/i3.nix
+++ b/modules/graphical/i3.nix
@@ -7,7 +7,8 @@ let
lockUpdate =
"${pkgs.betterlockscreen}/bin/betterlockscreen --update ${config.gui.wallpaper} --display 1 --span";
-in {
+in
+{
config = {
@@ -27,213 +28,223 @@ in {
xsession.windowManager.i3 = {
enable = config.services.xserver.enable;
package = pkgs.i3-gaps;
- config = let
- modifier = "Mod4"; # Super key
- ws1 = "1:I";
- ws2 = "2:II";
- ws3 = "3:III";
- ws4 = "4:IV";
- ws5 = "5:V";
- ws6 = "6:VI";
- ws7 = "7:VII";
- ws8 = "8:VIII";
- ws9 = "9:IX";
- ws10 = "10:X";
- in {
- modifier = modifier;
- assigns = {
- "${ws1}" = [{ class = "Firefox"; }];
- "${ws2}" = [{ class = "Alacritty"; }];
- "${ws3}" = [{ class = "discord"; }];
- "${ws4}" = [{ class = "Steam"; }];
- };
- bars = [{ command = "echo"; }]; # Disable i3bar
- colors = let
- background = config.colorscheme.base00;
- inactiveBackground = config.colorscheme.base01;
- border = config.colorscheme.base01;
- inactiveBorder = config.colorscheme.base01;
- text = config.colorscheme.base07;
- inactiveText = config.colorscheme.base04;
- urgentBackground = config.colorscheme.base08;
- indicator = "#00000000";
- in {
- background = config.colorscheme.base00;
- focused = {
- inherit background indicator text border;
- childBorder = background;
+ config =
+ let
+ modifier = "Mod4"; # Super key
+ ws1 = "1:I";
+ ws2 = "2:II";
+ ws3 = "3:III";
+ ws4 = "4:IV";
+ ws5 = "5:V";
+ ws6 = "6:VI";
+ ws7 = "7:VII";
+ ws8 = "8:VIII";
+ ws9 = "9:IX";
+ ws10 = "10:X";
+ in
+ {
+ modifier = modifier;
+ assigns = {
+ "${ws1}" = [{ class = "Firefox"; }];
+ "${ws2}" = [{ class = "kitty"; }];
+ "${ws3}" = [{ class = "discord"; }];
+ "${ws4}" = [{ class = "Steam"; }];
};
- focusedInactive = {
- inherit indicator;
- background = inactiveBackground;
- border = inactiveBorder;
- childBorder = inactiveBackground;
- text = inactiveText;
+ bars = [{ command = "echo"; }]; # Disable i3bar
+ colors =
+ let
+ background = config.colorscheme.base00;
+ inactiveBackground = config.colorscheme.base01;
+ border = config.colorscheme.base01;
+ inactiveBorder = config.colorscheme.base01;
+ text = config.colorscheme.base07;
+ inactiveText = config.colorscheme.base04;
+ urgentBackground = config.colorscheme.base08;
+ indicator = "#00000000";
+ in
+ {
+ background = config.colorscheme.base00;
+ focused = {
+ inherit background indicator text border;
+ childBorder = background;
+ };
+ focusedInactive = {
+ inherit indicator;
+ background = inactiveBackground;
+ border = inactiveBorder;
+ childBorder = inactiveBackground;
+ text = inactiveText;
+ };
+ # placeholder = { };
+ unfocused = {
+ inherit indicator;
+ background = inactiveBackground;
+ border = inactiveBorder;
+ childBorder = inactiveBackground;
+ text = inactiveText;
+ };
+ urgent = {
+ inherit text indicator;
+ background = urgentBackground;
+ border = urgentBackground;
+ childBorder = urgentBackground;
+ };
+ };
+ floating.modifier = modifier;
+ focus = {
+ mouseWarping = true;
+ newWindow = "urgent";
+ followMouse = false;
};
- # placeholder = { };
- unfocused = {
- inherit indicator;
- background = inactiveBackground;
- border = inactiveBorder;
- childBorder = inactiveBackground;
- text = inactiveText;
+ keybindings = {
+
+ # Adjust screen brightness
+ "Shift+F12" =
+ "exec ${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 + 30 && sleep 1; exec ${pkgs.ddcutil}/bin/ddcutil --display 2 setvcp 10 + 30";
+ "Shift+F11" =
+ "exec ${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 - 30 && sleep 1; exec ${pkgs.ddcutil}/bin/ddcutil --display 2 setvcp 10 - 30";
+ "XF86MonBrightnessUp" =
+ "exec ${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 + 30 && sleep 1; exec ${pkgs.ddcutil}/bin/ddcutil --display 2 setvcp 10 + 30";
+ "XF86MonBrightnessDown" =
+ "exec ${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 - 30 && sleep 1; exec ${pkgs.ddcutil}/bin/ddcutil --display 2 setvcp 10 - 30";
+
+ # Media player controls
+ "XF86AudioPlay" = "exec ${pkgs.playerctl}/bin/playerctl play-pause";
+ "XF86AudioStop" = "exec ${pkgs.playerctl}/bin/playerctl stop";
+ "XF86AudioNext" = "exec ${pkgs.playerctl}/bin/playerctl next";
+ "XF86AudioPrev" = "exec ${pkgs.playerctl}/bin/playerctl previous";
+
+ # Launchers
+ "${modifier}+Return" =
+ "exec --no-startup-id kitty; workspace ${ws2}; layout tabbed";
+ "${modifier}+space" =
+ "exec --no-startup-id ${config.gui.launcherCommand}";
+ "${modifier}+Shift+s" =
+ "exec --no-startup-id ${config.gui.systemdSearch}";
+ "Mod1+Tab" = "exec --no-startup-id ${config.gui.altTabCommand}";
+ "${modifier}+Shift+c" = "reload";
+ "${modifier}+Shift+r" = "restart";
+ "${modifier}+Shift+q" = ''
+ exec "i3-nagbar -t warning -m 'You pressed the exit shortcut. Do you really want to exit i3? This will end your X session.' -B 'Yes, exit i3' 'i3-msg exit'"'';
+ "${modifier}+Shift+x" = "exec ${lockCmd}";
+
+ # Window options
+ "${modifier}+q" = "kill";
+ "${modifier}+b" = "exec ${config.gui.toggleBarCommand}";
+ "${modifier}+f" = "fullscreen toggle";
+ "${modifier}+h" = "focus left";
+ "${modifier}+j" = "focus down";
+ "${modifier}+k" = "focus up";
+ "${modifier}+l" = "focus right";
+ "${modifier}+Left" = "focus left";
+ "${modifier}+Down" = "focus down";
+ "${modifier}+Up" = "focus up";
+ "${modifier}+Right" = "focus right";
+ "${modifier}+Shift+h" = "move left";
+ "${modifier}+Shift+j" = "move down";
+ "${modifier}+Shift+k" = "move up";
+ "${modifier}+Shift+l" = "move right";
+ "${modifier}+Shift+Left" = "move left";
+ "${modifier}+Shift+Down" = "move down";
+ "${modifier}+Shift+Up" = "move up";
+ "${modifier}+Shift+Right" = "move right";
+
+ # Tiling
+ "${modifier}+i" = "split h";
+ "${modifier}+v" = "split v";
+ "${modifier}+s" = "layout stacking";
+ "${modifier}+t" = "layout tabbed";
+ "${modifier}+e" = "layout toggle split";
+ "${modifier}+Shift+space" = "floating toggle";
+ "${modifier}+Control+space" = "focus mode_toggle";
+ "${modifier}+a" = "focus parent";
+
+ # Workspaces
+ "${modifier}+1" = "workspace ${ws1}";
+ "${modifier}+2" = "workspace ${ws2}";
+ "${modifier}+3" = "workspace ${ws3}";
+ "${modifier}+4" = "workspace ${ws4}";
+ "${modifier}+5" = "workspace ${ws5}";
+ "${modifier}+6" = "workspace ${ws6}";
+ "${modifier}+7" = "workspace ${ws7}";
+ "${modifier}+8" = "workspace ${ws8}";
+ "${modifier}+9" = "workspace ${ws9}";
+ "${modifier}+0" = "workspace ${ws10}";
+
+ # Move windows
+ "${modifier}+Shift+1" =
+ "move container to workspace ${ws1}; workspace ${ws1}";
+ "${modifier}+Shift+2" =
+ "move container to workspace ${ws2}; workspace ${ws2}";
+ "${modifier}+Shift+3" =
+ "move container to workspace ${ws3}; workspace ${ws3}";
+ "${modifier}+Shift+4" =
+ "move container to workspace ${ws4}; workspace ${ws4}";
+ "${modifier}+Shift+5" =
+ "move container to workspace ${ws5}; workspace ${ws5}";
+ "${modifier}+Shift+6" =
+ "move container to workspace ${ws6}; workspace ${ws6}";
+ "${modifier}+Shift+7" =
+ "move container to workspace ${ws7}; workspace ${ws7}";
+ "${modifier}+Shift+8" =
+ "move container to workspace ${ws8}; workspace ${ws8}";
+ "${modifier}+Shift+9" =
+ "move container to workspace ${ws9}; workspace ${ws9}";
+ "${modifier}+Shift+0" =
+ "move container to workspace ${ws10}; workspace ${ws10}";
+
+ # Move screens
+ "${modifier}+Control+l" = "move workspace to output right";
+ "${modifier}+Control+h" = "move workspace to output left";
+
+ # Resizing
+ "${modifier}+r" = ''mode "resize"'';
+ "${modifier}+Control+Shift+h" =
+ "resize shrink width 10 px or 10 ppt";
+ "${modifier}+Control+Shift+j" =
+ "resize grow height 10 px or 10 ppt";
+ "${modifier}+Control+Shift+k" =
+ "resize shrink height 10 px or 10 ppt";
+ "${modifier}+Control+Shift+l" = "resize grow width 10 px or 10 ppt";
};
- urgent = {
- inherit text indicator;
- background = urgentBackground;
- border = urgentBackground;
- childBorder = urgentBackground;
+ modes = { };
+ startup = [
+ {
+ command = "feh --bg-fill ${config.gui.wallpaper}";
+ always = true;
+ notification = false;
+ }
+ {
+ command =
+ "i3-msg workspace ${ws2}, move workspace to output right";
+ notification = false;
+ }
+ {
+ command =
+ "i3-msg workspace ${ws1}, move workspace to output left";
+ notification = false;
+ }
+ ];
+ window = {
+ border = 0;
+ hideEdgeBorders = "smart";
+ titlebar = false;
};
+ workspaceAutoBackAndForth = false;
+ workspaceOutputAssign = [ ];
+ # gaps = {
+ # bottom = 8;
+ # top = 8;
+ # left = 8;
+ # right = 8;
+ # horizontal = 15;
+ # vertical = 15;
+ # inner = 15;
+ # outer = 0;
+ # smartBorders = "off";
+ # smartGaps = false;
+ # };
};
- floating.modifier = modifier;
- focus = {
- mouseWarping = true;
- newWindow = "urgent";
- followMouse = false;
- };
- keybindings = {
-
- # Adjust screen brightness
- "Shift+F12" =
- "exec ${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 + 30 && sleep 1; exec ${pkgs.ddcutil}/bin/ddcutil --display 2 setvcp 10 + 30";
- "Shift+F11" =
- "exec ${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 - 30 && sleep 1; exec ${pkgs.ddcutil}/bin/ddcutil --display 2 setvcp 10 - 30";
- "XF86MonBrightnessUp" =
- "exec ${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 + 30 && sleep 1; exec ${pkgs.ddcutil}/bin/ddcutil --display 2 setvcp 10 + 30";
- "XF86MonBrightnessDown" =
- "exec ${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 - 30 && sleep 1; exec ${pkgs.ddcutil}/bin/ddcutil --display 2 setvcp 10 - 30";
-
- # Media player controls
- "XF86AudioPlay" = "exec ${pkgs.playerctl}/bin/playerctl play-pause";
- "XF86AudioStop" = "exec ${pkgs.playerctl}/bin/playerctl stop";
- "XF86AudioNext" = "exec ${pkgs.playerctl}/bin/playerctl next";
- "XF86AudioPrev" = "exec ${pkgs.playerctl}/bin/playerctl previous";
-
- # Launchers
- "${modifier}+Return" =
- "exec --no-startup-id alacritty; workspace ${ws2}; layout tabbed";
- "${modifier}+space" =
- "exec --no-startup-id ${config.gui.launcherCommand}";
- "${modifier}+Shift+s" =
- "exec --no-startup-id ${config.gui.systemdSearch}";
- "Mod1+Tab" = "exec --no-startup-id ${config.gui.altTabCommand}";
- "${modifier}+Shift+c" = "reload";
- "${modifier}+Shift+r" = "restart";
- "${modifier}+Shift+q" = ''
- exec "i3-nagbar -t warning -m 'You pressed the exit shortcut. Do you really want to exit i3? This will end your X session.' -B 'Yes, exit i3' 'i3-msg exit'"'';
- "${modifier}+Shift+x" = "exec ${lockCmd}";
-
- # Window options
- "${modifier}+q" = "kill";
- "${modifier}+b" = "exec ${config.gui.toggleBarCommand}";
- "${modifier}+f" = "fullscreen toggle";
- "${modifier}+h" = "focus left";
- "${modifier}+j" = "focus down";
- "${modifier}+k" = "focus up";
- "${modifier}+l" = "focus right";
- "${modifier}+Left" = "focus left";
- "${modifier}+Down" = "focus down";
- "${modifier}+Up" = "focus up";
- "${modifier}+Right" = "focus right";
- "${modifier}+Shift+h" = "move left";
- "${modifier}+Shift+j" = "move down";
- "${modifier}+Shift+k" = "move up";
- "${modifier}+Shift+l" = "move right";
- "${modifier}+Shift+Left" = "move left";
- "${modifier}+Shift+Down" = "move down";
- "${modifier}+Shift+Up" = "move up";
- "${modifier}+Shift+Right" = "move right";
-
- # Tiling
- "${modifier}+i" = "split h";
- "${modifier}+v" = "split v";
- "${modifier}+s" = "layout stacking";
- "${modifier}+t" = "layout tabbed";
- "${modifier}+e" = "layout toggle split";
- "${modifier}+Shift+space" = "floating toggle";
- "${modifier}+Control+space" = "focus mode_toggle";
- "${modifier}+a" = "focus parent";
-
- # Workspaces
- "${modifier}+1" = "workspace ${ws1}";
- "${modifier}+2" = "workspace ${ws2}";
- "${modifier}+3" = "workspace ${ws3}";
- "${modifier}+4" = "workspace ${ws4}";
- "${modifier}+5" = "workspace ${ws5}";
- "${modifier}+6" = "workspace ${ws6}";
- "${modifier}+7" = "workspace ${ws7}";
- "${modifier}+8" = "workspace ${ws8}";
- "${modifier}+9" = "workspace ${ws9}";
- "${modifier}+0" = "workspace ${ws10}";
-
- # Move windows
- "${modifier}+Shift+1" =
- "move container to workspace ${ws1}; workspace ${ws1}";
- "${modifier}+Shift+2" =
- "move container to workspace ${ws2}; workspace ${ws2}";
- "${modifier}+Shift+3" =
- "move container to workspace ${ws3}; workspace ${ws3}";
- "${modifier}+Shift+4" =
- "move container to workspace ${ws4}; workspace ${ws4}";
- "${modifier}+Shift+5" =
- "move container to workspace ${ws5}; workspace ${ws5}";
- "${modifier}+Shift+6" =
- "move container to workspace ${ws6}; workspace ${ws6}";
- "${modifier}+Shift+7" =
- "move container to workspace ${ws7}; workspace ${ws7}";
- "${modifier}+Shift+8" =
- "move container to workspace ${ws8}; workspace ${ws8}";
- "${modifier}+Shift+9" =
- "move container to workspace ${ws9}; workspace ${ws9}";
- "${modifier}+Shift+0" =
- "move container to workspace ${ws10}; workspace ${ws10}";
-
- # Move screens
- "${modifier}+Control+l" = "move workspace to output right";
- "${modifier}+Control+h" = "move workspace to output left";
-
- # Resizing
- "${modifier}+r" = ''mode "resize"'';
- "${modifier}+Control+Shift+h" =
- "resize shrink width 10 px or 10 ppt";
- "${modifier}+Control+Shift+j" =
- "resize grow height 10 px or 10 ppt";
- "${modifier}+Control+Shift+k" =
- "resize shrink height 10 px or 10 ppt";
- "${modifier}+Control+Shift+l" = "resize grow width 10 px or 10 ppt";
- };
- modes = { };
- startup = [
- {
- command = "feh --bg-fill ${config.gui.wallpaper}";
- always = true;
- notification = false;
- }
- {
- command = "i3-msg workspace ${ws1}";
- notification = false;
- }
- ];
- window = {
- border = 0;
- hideEdgeBorders = "smart";
- titlebar = false;
- };
- workspaceAutoBackAndForth = false;
- workspaceOutputAssign = [ ];
- # gaps = {
- # bottom = 8;
- # top = 8;
- # left = 8;
- # right = 8;
- # horizontal = 15;
- # vertical = 15;
- # inner = 15;
- # outer = 0;
- # smartBorders = "off";
- # smartGaps = false;
- # };
- };
extraConfig = "";
};
@@ -247,9 +258,10 @@ in {
# Update lock screen cache only if cache is empty
home.activation.updateLockScreenCache =
let cacheDir = "${config.homePath}/.cache/betterlockscreen/current";
- in lib.mkIf config.services.xserver.enable
- (config.home-manager.users.${config.user}.lib.dag.entryAfter
- [ "writeBoundary" ] ''
+ in
+ lib.mkIf config.services.xserver.enable
+ (config.home-manager.users.${config.user}.lib.dag.entryAfter
+ [ "writeBoundary" ] ''
if [ ! -d ${cacheDir} ] || [ -z "$(ls ${cacheDir})" ]; then
$DRY_RUN_CMD ${lockUpdate}
fi
From d73ccab00830ec5357a8ed1bd63dda7b8cda13d1 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Mon, 31 Oct 2022 23:40:53 -0400
Subject: [PATCH 091/391] replace pulseaudio with pipewire
closes #8
---
modules/hardware/audio.nix | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/modules/hardware/audio.nix b/modules/hardware/audio.nix
index 31b036b..25e0012 100644
--- a/modules/hardware/audio.nix
+++ b/modules/hardware/audio.nix
@@ -33,8 +33,11 @@ in {
config = lib.mkIf config.gui.enable {
sound.enable = true;
- # Enable PulseAudio
- hardware.pulseaudio.enable = true;
+ # Enable PipeWire
+ services.pipewire = {
+ enable = true;
+ pulse.enable = true;
+ };
# These aren't necessary, but helpful for the user
environment.systemPackages = with pkgs; [
From afd44279d27cefb6030efb9e1b4cf06447ff6c16 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Mon, 31 Oct 2022 23:43:14 -0400
Subject: [PATCH 092/391] tweaks to aerc, replace delete with move to trash
---
modules/applications/media.nix | 1 +
modules/mail/aerc.nix | 7 ++++---
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/modules/applications/media.nix b/modules/applications/media.nix
index 1c8eb7a..c7e69a4 100644
--- a/modules/applications/media.nix
+++ b/modules/applications/media.nix
@@ -5,6 +5,7 @@
mpv # Video viewer
sxiv # Image viewer
mupdf # PDF viewer
+ zathura # PDF viewer
];
};
diff --git a/modules/mail/aerc.nix b/modules/mail/aerc.nix
index 348fe75..39ca79a 100644
--- a/modules/mail/aerc.nix
+++ b/modules/mail/aerc.nix
@@ -51,7 +51,7 @@
"" = ":view";
d = ":prompt 'Really delete this message?' 'delete-message'";
- D = ":delete";
+ D = ":move Trash";
A = ":archive flat";
C = ":compose";
@@ -81,7 +81,7 @@
O = ":open";
S = ":save";
"|" = ":pipe";
- D = ":delete";
+ D = ":move Trash";
A = ":archive flat";
"" = ":open-link ";
@@ -167,13 +167,14 @@
"message/rfc822" =
"${pkgs.gawk}/bin/awk -f ${pkgs.aerc}/share/aerc/filters/colorize";
"application/x-sh" = "${pkgs.bat}/bin/bat -fP -l sh";
+ "application/pdf" = "${pkgs.zathura}/bin/zathura -";
};
};
};
accounts.email.accounts.home.aerc = {
enable = true;
extraAccounts = {
- check-mail = "1m";
+ check-mail = "5m";
check-mail-cmd = "${pkgs.isync}/bin/mbsync -a";
};
};
From b2850e8b79155b6e067c15f693a0d0dbf59ae5ab Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Mon, 31 Oct 2022 23:54:29 -0400
Subject: [PATCH 093/391] improve visuals of volume notification
---
modules/hardware/audio.nix | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/modules/hardware/audio.nix b/modules/hardware/audio.nix
index 25e0012..3007b6f 100644
--- a/modules/hardware/audio.nix
+++ b/modules/hardware/audio.nix
@@ -55,7 +55,8 @@ in {
# Make sure that Volnoti actually starts (home-manager doesn't start
# user daemon's automatically)
startup = [{
- command = "systemctl --user restart volnoti";
+ command =
+ "systemctl --user restart volnoti --alpha 0.15 --radius 40 --timeout 0.2";
always = true;
notification = false;
}];
From 41d289c5dbd1a3a2409b7f211d2f8c8b24fd49eb Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Wed, 2 Nov 2022 21:29:14 -0400
Subject: [PATCH 094/391] refactor colors and options
preparing for light mode, even though specializations aren't working
---
modules/neovim/.stylua.toml => .stylua.toml | 0
hosts/common.nix | 45 +-
hosts/desktop/default.nix | 25 +-
modules/applications/alacritty.nix | 36 +-
modules/applications/firefox.nix | 42 +-
modules/applications/kitty.nix | 70 ++--
modules/colorscheme/gruvbox/default.nix | 55 ++-
modules/colorscheme/gruvbox/neovim.lua | 1 +
modules/gaming/default.nix | 2 -
modules/gaming/legendary.nix | 5 +-
modules/gaming/steam.nix | 4 +-
modules/graphical/default.nix | 68 +--
modules/graphical/i3.nix | 440 ++++++++++----------
modules/graphical/picom.nix | 83 ++--
modules/graphical/polybar.nix | 38 +-
modules/graphical/rofi.nix | 46 +-
modules/graphical/xorg.nix | 37 +-
modules/neovim/default.nix | 7 +-
modules/neovim/init.lua | 1 +
19 files changed, 513 insertions(+), 492 deletions(-)
rename modules/neovim/.stylua.toml => .stylua.toml (100%)
diff --git a/modules/neovim/.stylua.toml b/.stylua.toml
similarity index 100%
rename from modules/neovim/.stylua.toml
rename to .stylua.toml
diff --git a/hosts/common.nix b/hosts/common.nix
index 57451c9..a28916a 100644
--- a/hosts/common.nix
+++ b/hosts/common.nix
@@ -3,9 +3,9 @@
imports =
[ ../modules/shell ../modules/neovim ../modules/repositories/dotfiles.nix ];
- options = with lib; {
- user = mkOption {
- type = types.str;
+ options = rec {
+ user = lib.mkOption {
+ type = lib.types.str;
description = "Primary user of the system";
};
fullName = lib.mkOption {
@@ -27,17 +27,30 @@
default = "/etc/ssh/ssh_host_ed25519_key";
};
gui = {
- enable = mkEnableOption {
- description = "Enable graphics";
+ enable = lib.mkEnableOption {
+ description = "Enable graphics.";
default = false;
};
};
- colorscheme = mkOption {
- type = types.attrs;
- description = "Base16 color scheme";
+ theme = {
+ colors = lib.mkOption {
+ type = lib.types.attrs;
+ description = "Base16 color scheme.";
+ default = (import ../modules/colorscheme/gruvbox).dark;
+ };
+ dark = lib.mkOption {
+ type = lib.types.bool;
+ description = "Enable dark mode.";
+ default = true;
+ };
};
- homePath = mkOption {
- type = types.path;
+
+ # colorscheme = lib.mkOption {
+ # type = types.attrs;
+ # description = "Base16 color scheme";
+ # };
+ homePath = lib.mkOption {
+ type = lib.types.path;
description = "Path of user's home directory.";
default = builtins.toPath (if pkgs.stdenv.isDarwin then
"/Users/${config.user}"
@@ -45,17 +58,17 @@
"/home/${config.user}");
};
- dotfilesPath = mkOption {
- type = types.path;
+ dotfilesPath = lib.mkOption {
+ type = lib.types.path;
description = "Path of dotfiles repository.";
default = config.homePath + "/dev/personal/dotfiles";
};
- dotfilesRepo = mkOption {
- type = types.str;
+ dotfilesRepo = lib.mkOption {
+ type = lib.types.str;
description = "Link to dotfiles repository.";
};
- unfreePackages = mkOption {
- type = types.listOf types.str;
+ unfreePackages = lib.mkOption {
+ type = lib.types.listOf lib.types.str;
description = "List of unfree packages to allow.";
default = [ ];
};
diff --git a/hosts/desktop/default.nix b/hosts/desktop/default.nix
index 198e910..e351306 100644
--- a/hosts/desktop/default.nix
+++ b/hosts/desktop/default.nix
@@ -15,15 +15,13 @@ nixpkgs.lib.nixosSystem {
# Set registry to flake packages, used for nix X commands
nix.registry.nixpkgs.flake = nixpkgs;
identityFile = "/home/${globals.user}/.ssh/id_ed25519";
- gaming.steam = true;
- gaming.legendary = true;
- gui = {
- enable = true;
- compositor.enable = true;
- wallpaper = "${wallpapers}/gruvbox/road.jpg";
- gtk.theme = { name = "Adwaita-dark"; };
+ gui.enable = true;
+ theme = {
+ colors = (import ../../modules/colorscheme/gruvbox).dark;
+ dark = true;
};
- colorscheme = (import ../../modules/colorscheme/gruvbox);
+ wallpaper = "${wallpapers}/gruvbox/road.jpg";
+ gtk.theme.name = nixpkgs.lib.mkDefault "Adwaita-dark";
passwordHash =
"$6$PZYiMGmJIIHAepTM$Wx5EqTQ5GApzXx58nvi8azh16pdxrN6Qrv1wunDlzveOgawitWzcIxuj76X9V868fsPi/NOIEO8yVXqwzS9UF.";
}
@@ -33,14 +31,17 @@ nixpkgs.lib.nixosSystem {
../../modules/hardware
../../modules/nixos
../../modules/graphical
- ../../modules/gaming
- ../../modules/applications
+ ../../modules/gaming/steam.nix
+ ../../modules/gaming/legendary.nix
+ ../../modules/applications/media.nix
+ ../../modules/applications/firefox.nix
+ ../../modules/applications/kitty.nix
+ ../../modules/applications/discord.nix
+ ../../modules/applications/nautilus.nix
../../modules/mail/default.nix
../../modules/repositories/notes.nix
../../modules/services/keybase.nix
- ../../modules/services/gnupg.nix
../../modules/services/mullvad.nix
../../modules/programming/nix.nix
- ../../modules/programming/haskell.nix
];
}
diff --git a/modules/applications/alacritty.nix b/modules/applications/alacritty.nix
index 03f7393..ab6302e 100644
--- a/modules/applications/alacritty.nix
+++ b/modules/applications/alacritty.nix
@@ -54,32 +54,32 @@
];
colors = {
primary = {
- background = config.colorscheme.base00;
- foreground = config.colorscheme.base05;
+ background = config.theme.colors.base00;
+ foreground = config.theme.colors.base05;
};
cursor = {
text = "#1d2021";
- cursor = config.colorscheme.base05;
+ cursor = config.theme.colors.base05;
};
normal = {
black = "#1d2021";
- red = config.colorscheme.base08;
- green = config.colorscheme.base0B;
- yellow = config.colorscheme.base0A;
- blue = config.colorscheme.base0D;
- magenta = config.colorscheme.base0E;
- cyan = config.colorscheme.base0C;
- white = config.colorscheme.base05;
+ red = config.theme.colors.base08;
+ green = config.theme.colors.base0B;
+ yellow = config.theme.colors.base0A;
+ blue = config.theme.colors.base0D;
+ magenta = config.theme.colors.base0E;
+ cyan = config.theme.colors.base0C;
+ white = config.theme.colors.base05;
};
bright = {
- black = config.colorscheme.base03;
- red = config.colorscheme.base09;
- green = config.colorscheme.base01;
- yellow = config.colorscheme.base02;
- blue = config.colorscheme.base04;
- magenta = config.colorscheme.base06;
- cyan = config.colorscheme.base0F;
- white = config.colorscheme.base07;
+ black = config.theme.colors.base03;
+ red = config.theme.colors.base09;
+ green = config.theme.colors.base01;
+ yellow = config.theme.colors.base02;
+ blue = config.theme.colors.base04;
+ magenta = config.theme.colors.base06;
+ cyan = config.theme.colors.base0F;
+ white = config.theme.colors.base07;
};
};
draw_bold_text_with_bright_colors = false;
diff --git a/modules/applications/firefox.nix b/modules/applications/firefox.nix
index eb39b8e..723d8d6 100644
--- a/modules/applications/firefox.nix
+++ b/modules/applications/firefox.nix
@@ -48,65 +48,65 @@
};
userChrome = ''
:root {
- --focus-outline-color: ${config.colorscheme.base04} !important;
- --toolbar-color: ${config.colorscheme.base07} !important;
+ --focus-outline-color: ${config.theme.colors.base04} !important;
+ --toolbar-color: ${config.theme.colors.base07} !important;
--tab-min-height: 30px !important;
}
/* Background of tab bar */
.toolbar-items {
- background-color: ${config.colorscheme.base00} !important;
+ background-color: ${config.theme.colors.base00} !important;
}
/* Tabs themselves */
.tabbrowser-tab .tab-stack {
border-radius: 5px 5px 0 0;
overflow: hidden;
- background-color: ${config.colorscheme.base00};
- color: ${config.colorscheme.base06} !important;
+ background-color: ${config.theme.colors.base00};
+ color: ${config.theme.colors.base06} !important;
}
.tab-content {
border-bottom: 2px solid color-mix(in srgb, var(--identity-tab-color) 40%, transparent);
border-radius: 5px 5px 0 0;
- background-color: ${config.colorscheme.base00};
- color: ${config.colorscheme.base06} !important;
+ background-color: ${config.theme.colors.base00};
+ color: ${config.theme.colors.base06} !important;
}
.tab-content[selected=true] {
border-bottom: 2px solid color-mix(in srgb, var(--identity-tab-color) 25%, transparent);
- background-color: ${config.colorscheme.base01} !important;
- color: ${config.colorscheme.base07} !important;
+ background-color: ${config.theme.colors.base01} !important;
+ color: ${config.theme.colors.base07} !important;
}
/* Below tab bar */
#nav-bar {
- background: ${config.colorscheme.base01} !important;
+ background: ${config.theme.colors.base01} !important;
}
/* URL bar in nav bar */
#urlbar[focused=true] {
- color: ${config.colorscheme.base07} !important;
- background: ${config.colorscheme.base02} !important;
- caret-color: ${config.colorscheme.base05} !important;
+ color: ${config.theme.colors.base07} !important;
+ background: ${config.theme.colors.base02} !important;
+ caret-color: ${config.theme.colors.base05} !important;
}
#urlbar:not([focused=true]) {
- color: ${config.colorscheme.base04} !important;
- background: ${config.colorscheme.base02} !important;
+ color: ${config.theme.colors.base04} !important;
+ background: ${config.theme.colors.base02} !important;
}
#urlbar ::-moz-selection {
- color: ${config.colorscheme.base07} !important;
- background: ${config.colorscheme.base02} !important;
+ color: ${config.theme.colors.base07} !important;
+ background: ${config.theme.colors.base02} !important;
}
#urlbar-input-container {
- border: 1px solid ${config.colorscheme.base01} !important;
+ border: 1px solid ${config.theme.colors.base01} !important;
}
#urlbar-background {
- background: ${config.colorscheme.base01} !important;
+ background: ${config.theme.colors.base01} !important;
}
/* Text in URL bar */
#urlbar-input, #urlbar-scheme, .searchbar-textbox {
- color: ${config.colorscheme.base07} !important;
+ color: ${config.theme.colors.base07} !important;
}
'';
userContent = ''
@-moz-document url-prefix(about:blank) {
* {
- background-color:${config.colorscheme.base01} !important;
+ background-color:${config.theme.colors.base01} !important;
}
}
'';
diff --git a/modules/applications/kitty.nix b/modules/applications/kitty.nix
index 87e66af..82e4cf7 100644
--- a/modules/applications/kitty.nix
+++ b/modules/applications/kitty.nix
@@ -16,47 +16,47 @@
settings = {
# Colors (adapted from: https://github.com/kdrag0n/base16-kitty/blob/master/templates/default-256.mustache)
- background = config.colorscheme.base00;
- foreground = config.colorscheme.base05;
- selection_background = config.colorscheme.base05;
- selection_foreground = config.colorscheme.base00;
- url_color = config.colorscheme.base04;
- cursor = config.colorscheme.base05;
- active_border_color = config.colorscheme.base03;
- inactive_border_color = config.colorscheme.base01;
- active_tab_background = config.colorscheme.base00;
- active_tab_foreground = config.colorscheme.base05;
- inactive_tab_background = config.colorscheme.base01;
- inactive_tab_foreground = config.colorscheme.base04;
- tab_bar_background = config.colorscheme.base01;
+ background = config.theme.colors.base00;
+ foreground = config.theme.colors.base05;
+ selection_background = config.theme.colors.base05;
+ selection_foreground = config.theme.colors.base00;
+ url_color = config.theme.colors.base04;
+ cursor = config.theme.colors.base05;
+ active_border_color = config.theme.colors.base03;
+ inactive_border_color = config.theme.colors.base01;
+ active_tab_background = config.theme.colors.base00;
+ active_tab_foreground = config.theme.colors.base05;
+ inactive_tab_background = config.theme.colors.base01;
+ inactive_tab_foreground = config.theme.colors.base04;
+ tab_bar_background = config.theme.colors.base01;
# normal
- color0 = config.colorscheme.base00;
- color1 = config.colorscheme.base08;
- color2 = config.colorscheme.base0B;
- color3 = config.colorscheme.base0A;
- color4 = config.colorscheme.base0D;
- color5 = config.colorscheme.base0E;
- color6 = config.colorscheme.base0C;
- color7 = config.colorscheme.base05;
+ color0 = config.theme.colors.base00;
+ color1 = config.theme.colors.base08;
+ color2 = config.theme.colors.base0B;
+ color3 = config.theme.colors.base0A;
+ color4 = config.theme.colors.base0D;
+ color5 = config.theme.colors.base0E;
+ color6 = config.theme.colors.base0C;
+ color7 = config.theme.colors.base05;
# bright
- color8 = config.colorscheme.base03;
- color9 = config.colorscheme.base08;
- color10 = config.colorscheme.base0B;
- color11 = config.colorscheme.base0A;
- color12 = config.colorscheme.base0D;
- color13 = config.colorscheme.base0E;
- color14 = config.colorscheme.base0C;
- color15 = config.colorscheme.base07;
+ color8 = config.theme.colors.base03;
+ color9 = config.theme.colors.base08;
+ color10 = config.theme.colors.base0B;
+ color11 = config.theme.colors.base0A;
+ color12 = config.theme.colors.base0D;
+ color13 = config.theme.colors.base0E;
+ color14 = config.theme.colors.base0C;
+ color15 = config.theme.colors.base07;
# extended base16 colors
- color16 = config.colorscheme.base09;
- color17 = config.colorscheme.base0F;
- color18 = config.colorscheme.base01;
- color19 = config.colorscheme.base02;
- color20 = config.colorscheme.base04;
- color21 = config.colorscheme.base06;
+ color16 = config.theme.colors.base09;
+ color17 = config.theme.colors.base0F;
+ color18 = config.theme.colors.base01;
+ color19 = config.theme.colors.base02;
+ color20 = config.theme.colors.base04;
+ color21 = config.theme.colors.base06;
# Scrollback
scrolling_lines = 10000;
diff --git a/modules/colorscheme/gruvbox/default.nix b/modules/colorscheme/gruvbox/default.nix
index 70fcd26..3567f00 100644
--- a/modules/colorscheme/gruvbox/default.nix
+++ b/modules/colorscheme/gruvbox/default.nix
@@ -2,21 +2,42 @@
name = "gruvbox"; # Dark, Medium
author =
"Dawid Kurek (dawikur@gmail.com), morhetz (https://github.com/morhetz/gruvbox)";
- base00 = "#282828"; # ----
- base01 = "#3c3836"; # ---
- base02 = "#504945"; # --
- base03 = "#665c54"; # -
- base04 = "#bdae93"; # +
- base05 = "#d5c4a1"; # ++
- base06 = "#ebdbb2"; # +++
- base07 = "#fbf1c7"; # ++++
- base08 = "#fb4934"; # red
- base09 = "#fe8019"; # orange
- base0A = "#fabd2f"; # yellow
- base0B = "#b8bb26"; # green
- base0C = "#8ec07c"; # aqua/cyan
- base0D = "#83a598"; # blue
- base0E = "#d3869b"; # purple
- base0F = "#d65d0e"; # brown
- neovimConfig = ./neovim.lua;
+ dark = {
+ base00 = "#282828"; # ----
+ base01 = "#3c3836"; # ---
+ base02 = "#504945"; # --
+ base03 = "#665c54"; # -
+ base04 = "#bdae93"; # +
+ base05 = "#d5c4a1"; # ++
+ base06 = "#ebdbb2"; # +++
+ base07 = "#fbf1c7"; # ++++
+ base08 = "#fb4934"; # red
+ base09 = "#fe8019"; # orange
+ base0A = "#fabd2f"; # yellow
+ base0B = "#b8bb26"; # green
+ base0C = "#8ec07c"; # aqua/cyan
+ base0D = "#83a598"; # blue
+ base0E = "#d3869b"; # purple
+ base0F = "#d65d0e"; # brown
+ neovimConfig = ./neovim.lua;
+ };
+ light = {
+ base00 = "#fbf1c7"; # ----
+ base01 = "#ebdbb2"; # ---
+ base02 = "#d5c4a1"; # --
+ base03 = "#bdae93"; # -
+ base04 = "#665c54"; # +
+ base05 = "#504945"; # ++
+ base06 = "#3c3836"; # +++
+ base07 = "#282828"; # ++++
+ base08 = "#9d0006"; # red
+ base09 = "#af3a03"; # orange
+ base0A = "#b57614"; # yellow
+ base0B = "#79740e"; # green
+ base0C = "#427b58"; # aqua/cyan
+ base0D = "#076678"; # blue
+ base0E = "#8f3f71"; # purple
+ base0F = "#d65d0e"; # brown
+ neovimConfig = ./neovim-light.lua;
+ };
}
diff --git a/modules/colorscheme/gruvbox/neovim.lua b/modules/colorscheme/gruvbox/neovim.lua
index 086b0cb..db3f77c 100644
--- a/modules/colorscheme/gruvbox/neovim.lua
+++ b/modules/colorscheme/gruvbox/neovim.lua
@@ -6,6 +6,7 @@ M.packer = function(use)
config = function()
vim.g.gruvbox_italicize_strings = 0
vim.cmd("colorscheme gruvbox8")
+ vim.cmd("set background=dark")
end,
})
end
diff --git a/modules/gaming/default.nix b/modules/gaming/default.nix
index 7b26dc6..e074730 100644
--- a/modules/gaming/default.nix
+++ b/modules/gaming/default.nix
@@ -1,7 +1,5 @@
{ config, ... }: {
- imports = [ ./leagueoflegends.nix ./lutris.nix ./steam.nix ./legendary.nix ];
-
config = {
hardware.opengl = {
enable = true;
diff --git a/modules/gaming/legendary.nix b/modules/gaming/legendary.nix
index 11269bc..f8ce849 100644
--- a/modules/gaming/legendary.nix
+++ b/modules/gaming/legendary.nix
@@ -4,10 +4,9 @@ let home-packages = config.home-manager.users.${config.user}.home.packages;
in {
- options.gaming.legendary =
- lib.mkEnableOption "Legendary - Epic Games Launcher";
+ imports = [ ./. ];
- config = lib.mkIf config.gaming.legendary {
+ config = {
environment.systemPackages = with pkgs; [
legendary-gl
rare # GUI for Legendary (not working)
diff --git a/modules/gaming/steam.nix b/modules/gaming/steam.nix
index 6e1996b..61cf5c5 100644
--- a/modules/gaming/steam.nix
+++ b/modules/gaming/steam.nix
@@ -1,8 +1,8 @@
{ config, pkgs, lib, ... }: {
- options.gaming.steam = lib.mkEnableOption "Steam";
+ imports = [ ./. ];
- config = lib.mkIf config.gaming.steam {
+ config = {
hardware.steam-hardware.enable = true;
unfreePackages = [ "steam" "steam-original" "steamcmd" "steam-run" ];
environment.systemPackages = with pkgs; [
diff --git a/modules/graphical/default.nix b/modules/graphical/default.nix
index ea6a7a8..9d6c8e6 100644
--- a/modules/graphical/default.nix
+++ b/modules/graphical/default.nix
@@ -1,53 +1,29 @@
{ lib, ... }: {
- imports = [
- ./xorg.nix
- ./fonts.nix
- ./i3.nix
- ./polybar.nix
- ./picom.nix
- # ./dmenu.nix
- ./rofi.nix
- ];
+ imports =
+ [ ./xorg.nix ./fonts.nix ./i3.nix ./polybar.nix ./picom.nix ./rofi.nix ];
- options = with lib; {
+ options = {
- gui = {
- compositor.enable = mkEnableOption {
- description = "Enable transparency, blur, shadows";
- default = false;
- };
- launcherCommand = mkOption {
- type = types.str;
- description = "Command to use for launching";
- };
- systemdSearch = mkOption {
- type = types.str;
- description = "Command to use for interacting with systemd";
- };
- altTabCommand = mkOption {
- type = types.str;
- description = "Command to use for choosing windows";
- };
- toggleBarCommand = lib.mkOption {
- type = lib.types.str;
- description = "Command to hide and show the status bar.";
- };
- gtk.theme = {
- name = mkOption {
- type = types.str;
- description = "Theme name for GTK applications";
- };
- package = mkOption {
- type = types.str;
- description = "Theme package name for GTK applications";
- default = "gnome-themes-extra";
- };
- };
- wallpaper = mkOption {
- type = types.path;
- description = "Wallpaper background image file";
- };
+ launcherCommand = lib.mkOption {
+ type = lib.types.str;
+ description = "Command to use for launching";
+ };
+ systemdSearch = lib.mkOption {
+ type = lib.types.str;
+ description = "Command to use for interacting with systemd";
+ };
+ altTabCommand = lib.mkOption {
+ type = lib.types.str;
+ description = "Command to use for choosing windows";
+ };
+ toggleBarCommand = lib.mkOption {
+ type = lib.types.str;
+ description = "Command to hide and show the status bar.";
+ };
+ wallpaper = lib.mkOption {
+ type = lib.types.path;
+ description = "Wallpaper background image file";
};
};
diff --git a/modules/graphical/i3.nix b/modules/graphical/i3.nix
index 86a7157..a7d368b 100644
--- a/modules/graphical/i3.nix
+++ b/modules/graphical/i3.nix
@@ -5,10 +5,9 @@ let
lockCmd =
"${pkgs.betterlockscreen}/bin/betterlockscreen --lock --display 1 --blur 0.5 --span";
lockUpdate =
- "${pkgs.betterlockscreen}/bin/betterlockscreen --update ${config.gui.wallpaper} --display 1 --span";
+ "${pkgs.betterlockscreen}/bin/betterlockscreen --update ${config.wallpaper} --display 1 --span";
-in
-{
+in {
config = {
@@ -28,223 +27,219 @@ in
xsession.windowManager.i3 = {
enable = config.services.xserver.enable;
package = pkgs.i3-gaps;
- config =
- let
- modifier = "Mod4"; # Super key
- ws1 = "1:I";
- ws2 = "2:II";
- ws3 = "3:III";
- ws4 = "4:IV";
- ws5 = "5:V";
- ws6 = "6:VI";
- ws7 = "7:VII";
- ws8 = "8:VIII";
- ws9 = "9:IX";
- ws10 = "10:X";
- in
- {
- modifier = modifier;
- assigns = {
- "${ws1}" = [{ class = "Firefox"; }];
- "${ws2}" = [{ class = "kitty"; }];
- "${ws3}" = [{ class = "discord"; }];
- "${ws4}" = [{ class = "Steam"; }];
- };
- bars = [{ command = "echo"; }]; # Disable i3bar
- colors =
- let
- background = config.colorscheme.base00;
- inactiveBackground = config.colorscheme.base01;
- border = config.colorscheme.base01;
- inactiveBorder = config.colorscheme.base01;
- text = config.colorscheme.base07;
- inactiveText = config.colorscheme.base04;
- urgentBackground = config.colorscheme.base08;
- indicator = "#00000000";
- in
- {
- background = config.colorscheme.base00;
- focused = {
- inherit background indicator text border;
- childBorder = background;
- };
- focusedInactive = {
- inherit indicator;
- background = inactiveBackground;
- border = inactiveBorder;
- childBorder = inactiveBackground;
- text = inactiveText;
- };
- # placeholder = { };
- unfocused = {
- inherit indicator;
- background = inactiveBackground;
- border = inactiveBorder;
- childBorder = inactiveBackground;
- text = inactiveText;
- };
- urgent = {
- inherit text indicator;
- background = urgentBackground;
- border = urgentBackground;
- childBorder = urgentBackground;
- };
- };
- floating.modifier = modifier;
- focus = {
- mouseWarping = true;
- newWindow = "urgent";
- followMouse = false;
- };
- keybindings = {
-
- # Adjust screen brightness
- "Shift+F12" =
- "exec ${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 + 30 && sleep 1; exec ${pkgs.ddcutil}/bin/ddcutil --display 2 setvcp 10 + 30";
- "Shift+F11" =
- "exec ${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 - 30 && sleep 1; exec ${pkgs.ddcutil}/bin/ddcutil --display 2 setvcp 10 - 30";
- "XF86MonBrightnessUp" =
- "exec ${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 + 30 && sleep 1; exec ${pkgs.ddcutil}/bin/ddcutil --display 2 setvcp 10 + 30";
- "XF86MonBrightnessDown" =
- "exec ${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 - 30 && sleep 1; exec ${pkgs.ddcutil}/bin/ddcutil --display 2 setvcp 10 - 30";
-
- # Media player controls
- "XF86AudioPlay" = "exec ${pkgs.playerctl}/bin/playerctl play-pause";
- "XF86AudioStop" = "exec ${pkgs.playerctl}/bin/playerctl stop";
- "XF86AudioNext" = "exec ${pkgs.playerctl}/bin/playerctl next";
- "XF86AudioPrev" = "exec ${pkgs.playerctl}/bin/playerctl previous";
-
- # Launchers
- "${modifier}+Return" =
- "exec --no-startup-id kitty; workspace ${ws2}; layout tabbed";
- "${modifier}+space" =
- "exec --no-startup-id ${config.gui.launcherCommand}";
- "${modifier}+Shift+s" =
- "exec --no-startup-id ${config.gui.systemdSearch}";
- "Mod1+Tab" = "exec --no-startup-id ${config.gui.altTabCommand}";
- "${modifier}+Shift+c" = "reload";
- "${modifier}+Shift+r" = "restart";
- "${modifier}+Shift+q" = ''
- exec "i3-nagbar -t warning -m 'You pressed the exit shortcut. Do you really want to exit i3? This will end your X session.' -B 'Yes, exit i3' 'i3-msg exit'"'';
- "${modifier}+Shift+x" = "exec ${lockCmd}";
-
- # Window options
- "${modifier}+q" = "kill";
- "${modifier}+b" = "exec ${config.gui.toggleBarCommand}";
- "${modifier}+f" = "fullscreen toggle";
- "${modifier}+h" = "focus left";
- "${modifier}+j" = "focus down";
- "${modifier}+k" = "focus up";
- "${modifier}+l" = "focus right";
- "${modifier}+Left" = "focus left";
- "${modifier}+Down" = "focus down";
- "${modifier}+Up" = "focus up";
- "${modifier}+Right" = "focus right";
- "${modifier}+Shift+h" = "move left";
- "${modifier}+Shift+j" = "move down";
- "${modifier}+Shift+k" = "move up";
- "${modifier}+Shift+l" = "move right";
- "${modifier}+Shift+Left" = "move left";
- "${modifier}+Shift+Down" = "move down";
- "${modifier}+Shift+Up" = "move up";
- "${modifier}+Shift+Right" = "move right";
-
- # Tiling
- "${modifier}+i" = "split h";
- "${modifier}+v" = "split v";
- "${modifier}+s" = "layout stacking";
- "${modifier}+t" = "layout tabbed";
- "${modifier}+e" = "layout toggle split";
- "${modifier}+Shift+space" = "floating toggle";
- "${modifier}+Control+space" = "focus mode_toggle";
- "${modifier}+a" = "focus parent";
-
- # Workspaces
- "${modifier}+1" = "workspace ${ws1}";
- "${modifier}+2" = "workspace ${ws2}";
- "${modifier}+3" = "workspace ${ws3}";
- "${modifier}+4" = "workspace ${ws4}";
- "${modifier}+5" = "workspace ${ws5}";
- "${modifier}+6" = "workspace ${ws6}";
- "${modifier}+7" = "workspace ${ws7}";
- "${modifier}+8" = "workspace ${ws8}";
- "${modifier}+9" = "workspace ${ws9}";
- "${modifier}+0" = "workspace ${ws10}";
-
- # Move windows
- "${modifier}+Shift+1" =
- "move container to workspace ${ws1}; workspace ${ws1}";
- "${modifier}+Shift+2" =
- "move container to workspace ${ws2}; workspace ${ws2}";
- "${modifier}+Shift+3" =
- "move container to workspace ${ws3}; workspace ${ws3}";
- "${modifier}+Shift+4" =
- "move container to workspace ${ws4}; workspace ${ws4}";
- "${modifier}+Shift+5" =
- "move container to workspace ${ws5}; workspace ${ws5}";
- "${modifier}+Shift+6" =
- "move container to workspace ${ws6}; workspace ${ws6}";
- "${modifier}+Shift+7" =
- "move container to workspace ${ws7}; workspace ${ws7}";
- "${modifier}+Shift+8" =
- "move container to workspace ${ws8}; workspace ${ws8}";
- "${modifier}+Shift+9" =
- "move container to workspace ${ws9}; workspace ${ws9}";
- "${modifier}+Shift+0" =
- "move container to workspace ${ws10}; workspace ${ws10}";
-
- # Move screens
- "${modifier}+Control+l" = "move workspace to output right";
- "${modifier}+Control+h" = "move workspace to output left";
-
- # Resizing
- "${modifier}+r" = ''mode "resize"'';
- "${modifier}+Control+Shift+h" =
- "resize shrink width 10 px or 10 ppt";
- "${modifier}+Control+Shift+j" =
- "resize grow height 10 px or 10 ppt";
- "${modifier}+Control+Shift+k" =
- "resize shrink height 10 px or 10 ppt";
- "${modifier}+Control+Shift+l" = "resize grow width 10 px or 10 ppt";
- };
- modes = { };
- startup = [
- {
- command = "feh --bg-fill ${config.gui.wallpaper}";
- always = true;
- notification = false;
- }
- {
- command =
- "i3-msg workspace ${ws2}, move workspace to output right";
- notification = false;
- }
- {
- command =
- "i3-msg workspace ${ws1}, move workspace to output left";
- notification = false;
- }
- ];
- window = {
- border = 0;
- hideEdgeBorders = "smart";
- titlebar = false;
- };
- workspaceAutoBackAndForth = false;
- workspaceOutputAssign = [ ];
- # gaps = {
- # bottom = 8;
- # top = 8;
- # left = 8;
- # right = 8;
- # horizontal = 15;
- # vertical = 15;
- # inner = 15;
- # outer = 0;
- # smartBorders = "off";
- # smartGaps = false;
- # };
+ config = let
+ modifier = "Mod4"; # Super key
+ ws1 = "1:I";
+ ws2 = "2:II";
+ ws3 = "3:III";
+ ws4 = "4:IV";
+ ws5 = "5:V";
+ ws6 = "6:VI";
+ ws7 = "7:VII";
+ ws8 = "8:VIII";
+ ws9 = "9:IX";
+ ws10 = "10:X";
+ in {
+ modifier = modifier;
+ assigns = {
+ "${ws1}" = [{ class = "Firefox"; }];
+ "${ws2}" = [{ class = "kitty"; }];
+ "${ws3}" = [{ class = "discord"; }];
+ "${ws4}" = [{ class = "Steam"; }];
};
+ bars = [{ command = "echo"; }]; # Disable i3bar
+ colors = let
+ background = config.theme.colors.base00;
+ inactiveBackground = config.theme.colors.base01;
+ border = config.theme.colors.base01;
+ inactiveBorder = config.theme.colors.base01;
+ text = config.theme.colors.base07;
+ inactiveText = config.theme.colors.base04;
+ urgentBackground = config.theme.colors.base08;
+ indicator = "#00000000";
+ in {
+ background = config.theme.colors.base00;
+ focused = {
+ inherit background indicator text border;
+ childBorder = background;
+ };
+ focusedInactive = {
+ inherit indicator;
+ background = inactiveBackground;
+ border = inactiveBorder;
+ childBorder = inactiveBackground;
+ text = inactiveText;
+ };
+ # placeholder = { };
+ unfocused = {
+ inherit indicator;
+ background = inactiveBackground;
+ border = inactiveBorder;
+ childBorder = inactiveBackground;
+ text = inactiveText;
+ };
+ urgent = {
+ inherit text indicator;
+ background = urgentBackground;
+ border = urgentBackground;
+ childBorder = urgentBackground;
+ };
+ };
+ floating.modifier = modifier;
+ focus = {
+ mouseWarping = true;
+ newWindow = "urgent";
+ followMouse = false;
+ };
+ keybindings = {
+
+ # Adjust screen brightness
+ "Shift+F12" =
+ "exec ${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 + 30 && sleep 1; exec ${pkgs.ddcutil}/bin/ddcutil --display 2 setvcp 10 + 30";
+ "Shift+F11" =
+ "exec ${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 - 30 && sleep 1; exec ${pkgs.ddcutil}/bin/ddcutil --display 2 setvcp 10 - 30";
+ "XF86MonBrightnessUp" =
+ "exec ${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 + 30 && sleep 1; exec ${pkgs.ddcutil}/bin/ddcutil --display 2 setvcp 10 + 30";
+ "XF86MonBrightnessDown" =
+ "exec ${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 - 30 && sleep 1; exec ${pkgs.ddcutil}/bin/ddcutil --display 2 setvcp 10 - 30";
+
+ # Media player controls
+ "XF86AudioPlay" = "exec ${pkgs.playerctl}/bin/playerctl play-pause";
+ "XF86AudioStop" = "exec ${pkgs.playerctl}/bin/playerctl stop";
+ "XF86AudioNext" = "exec ${pkgs.playerctl}/bin/playerctl next";
+ "XF86AudioPrev" = "exec ${pkgs.playerctl}/bin/playerctl previous";
+
+ # Launchers
+ "${modifier}+Return" =
+ "exec --no-startup-id kitty; workspace ${ws2}; layout tabbed";
+ "${modifier}+space" =
+ "exec --no-startup-id ${config.launcherCommand}";
+ "${modifier}+Shift+s" =
+ "exec --no-startup-id ${config.systemdSearch}";
+ "Mod1+Tab" = "exec --no-startup-id ${config.altTabCommand}";
+ "${modifier}+Shift+c" = "reload";
+ "${modifier}+Shift+r" = "restart";
+ "${modifier}+Shift+q" = ''
+ exec "i3-nagbar -t warning -m 'You pressed the exit shortcut. Do you really want to exit i3? This will end your X session.' -B 'Yes, exit i3' 'i3-msg exit'"'';
+ "${modifier}+Shift+x" = "exec ${lockCmd}";
+
+ # Window options
+ "${modifier}+q" = "kill";
+ "${modifier}+b" = "exec ${config.toggleBarCommand}";
+ "${modifier}+f" = "fullscreen toggle";
+ "${modifier}+h" = "focus left";
+ "${modifier}+j" = "focus down";
+ "${modifier}+k" = "focus up";
+ "${modifier}+l" = "focus right";
+ "${modifier}+Left" = "focus left";
+ "${modifier}+Down" = "focus down";
+ "${modifier}+Up" = "focus up";
+ "${modifier}+Right" = "focus right";
+ "${modifier}+Shift+h" = "move left";
+ "${modifier}+Shift+j" = "move down";
+ "${modifier}+Shift+k" = "move up";
+ "${modifier}+Shift+l" = "move right";
+ "${modifier}+Shift+Left" = "move left";
+ "${modifier}+Shift+Down" = "move down";
+ "${modifier}+Shift+Up" = "move up";
+ "${modifier}+Shift+Right" = "move right";
+
+ # Tiling
+ "${modifier}+i" = "split h";
+ "${modifier}+v" = "split v";
+ "${modifier}+s" = "layout stacking";
+ "${modifier}+t" = "layout tabbed";
+ "${modifier}+e" = "layout toggle split";
+ "${modifier}+Shift+space" = "floating toggle";
+ "${modifier}+Control+space" = "focus mode_toggle";
+ "${modifier}+a" = "focus parent";
+
+ # Workspaces
+ "${modifier}+1" = "workspace ${ws1}";
+ "${modifier}+2" = "workspace ${ws2}";
+ "${modifier}+3" = "workspace ${ws3}";
+ "${modifier}+4" = "workspace ${ws4}";
+ "${modifier}+5" = "workspace ${ws5}";
+ "${modifier}+6" = "workspace ${ws6}";
+ "${modifier}+7" = "workspace ${ws7}";
+ "${modifier}+8" = "workspace ${ws8}";
+ "${modifier}+9" = "workspace ${ws9}";
+ "${modifier}+0" = "workspace ${ws10}";
+
+ # Move windows
+ "${modifier}+Shift+1" =
+ "move container to workspace ${ws1}; workspace ${ws1}";
+ "${modifier}+Shift+2" =
+ "move container to workspace ${ws2}; workspace ${ws2}";
+ "${modifier}+Shift+3" =
+ "move container to workspace ${ws3}; workspace ${ws3}";
+ "${modifier}+Shift+4" =
+ "move container to workspace ${ws4}; workspace ${ws4}";
+ "${modifier}+Shift+5" =
+ "move container to workspace ${ws5}; workspace ${ws5}";
+ "${modifier}+Shift+6" =
+ "move container to workspace ${ws6}; workspace ${ws6}";
+ "${modifier}+Shift+7" =
+ "move container to workspace ${ws7}; workspace ${ws7}";
+ "${modifier}+Shift+8" =
+ "move container to workspace ${ws8}; workspace ${ws8}";
+ "${modifier}+Shift+9" =
+ "move container to workspace ${ws9}; workspace ${ws9}";
+ "${modifier}+Shift+0" =
+ "move container to workspace ${ws10}; workspace ${ws10}";
+
+ # Move screens
+ "${modifier}+Control+l" = "move workspace to output right";
+ "${modifier}+Control+h" = "move workspace to output left";
+
+ # Resizing
+ "${modifier}+r" = ''mode "resize"'';
+ "${modifier}+Control+Shift+h" =
+ "resize shrink width 10 px or 10 ppt";
+ "${modifier}+Control+Shift+j" =
+ "resize grow height 10 px or 10 ppt";
+ "${modifier}+Control+Shift+k" =
+ "resize shrink height 10 px or 10 ppt";
+ "${modifier}+Control+Shift+l" = "resize grow width 10 px or 10 ppt";
+ };
+ modes = { };
+ startup = [
+ {
+ command = "feh --bg-fill ${config.wallpaper}";
+ always = true;
+ notification = false;
+ }
+ {
+ command =
+ "i3-msg workspace ${ws2}, move workspace to output right";
+ notification = false;
+ }
+ {
+ command =
+ "i3-msg workspace ${ws1}, move workspace to output left";
+ notification = false;
+ }
+ ];
+ window = {
+ border = 0;
+ hideEdgeBorders = "smart";
+ titlebar = false;
+ };
+ workspaceAutoBackAndForth = false;
+ workspaceOutputAssign = [ ];
+ # gaps = {
+ # bottom = 8;
+ # top = 8;
+ # left = 8;
+ # right = 8;
+ # horizontal = 15;
+ # vertical = 15;
+ # inner = 15;
+ # outer = 0;
+ # smartBorders = "off";
+ # smartGaps = false;
+ # };
+ };
extraConfig = "";
};
@@ -258,10 +253,9 @@ in
# Update lock screen cache only if cache is empty
home.activation.updateLockScreenCache =
let cacheDir = "${config.homePath}/.cache/betterlockscreen/current";
- in
- lib.mkIf config.services.xserver.enable
- (config.home-manager.users.${config.user}.lib.dag.entryAfter
- [ "writeBoundary" ] ''
+ in lib.mkIf config.services.xserver.enable
+ (config.home-manager.users.${config.user}.lib.dag.entryAfter
+ [ "writeBoundary" ] ''
if [ ! -d ${cacheDir} ] || [ -z "$(ls ${cacheDir})" ]; then
$DRY_RUN_CMD ${lockUpdate}
fi
diff --git a/modules/graphical/picom.nix b/modules/graphical/picom.nix
index c9ad371..47db1fa 100644
--- a/modules/graphical/picom.nix
+++ b/modules/graphical/picom.nix
@@ -1,50 +1,49 @@
{ config, lib, ... }: {
- config =
- lib.mkIf (config.services.xserver.enable && config.gui.compositor.enable) {
- home-manager.users.${config.user} = {
+ config = lib.mkIf (config.services.xserver.enable) {
+ home-manager.users.${config.user} = {
- services.picom = {
- enable = true;
- backend = "glx";
- settings = {
- blur = false;
- blurExclude = [ ];
- inactiveDim = "0.05";
- noDNDShadow = false;
- noDockShadow = false;
- # shadow-radius = 20
- # '';
- # shadow-radius = 20
- # corner-radius = 10
- # blur-size = 20
- # rounded-corners-exclude = [
- # "window_type = 'dock'",
- # "class_g = 'i3-frame'"
- # ]
- # '';
- };
- fade = false;
- experimentalBackends = true;
- inactiveOpacity = 1.0;
- menuOpacity = 1.0;
- opacityRules = [
- "0:_NET_WM_STATE@[0]:32a = '_NET_WM_STATE_HIDDEN'" # Hide tabbed windows
- ];
- shadow = false;
- shadowExclude = [ ];
- shadowOffsets = [ (-10) (-10) ];
- shadowOpacity = 0.5;
- vSync = true;
+ services.picom = {
+ enable = true;
+ backend = "glx";
+ settings = {
+ blur = false;
+ blurExclude = [ ];
+ inactiveDim = "0.05";
+ noDNDShadow = false;
+ noDockShadow = false;
+ # shadow-radius = 20
+ # '';
+ # shadow-radius = 20
+ # corner-radius = 10
+ # blur-size = 20
+ # rounded-corners-exclude = [
+ # "window_type = 'dock'",
+ # "class_g = 'i3-frame'"
+ # ]
+ # '';
};
-
- xsession.windowManager.i3.config.startup = [{
- command = "systemctl --user restart picom";
- always = true;
- notification = false;
- }];
-
+ fade = false;
+ experimentalBackends = true;
+ inactiveOpacity = 1.0;
+ menuOpacity = 1.0;
+ opacityRules = [
+ "0:_NET_WM_STATE@[0]:32a = '_NET_WM_STATE_HIDDEN'" # Hide tabbed windows
+ ];
+ shadow = false;
+ shadowExclude = [ ];
+ shadowOffsets = [ (-10) (-10) ];
+ shadowOpacity = 0.5;
+ vSync = true;
};
+
+ xsession.windowManager.i3.config.startup = [{
+ command = "systemctl --user restart picom";
+ always = true;
+ notification = false;
+ }];
+
};
+ };
}
diff --git a/modules/graphical/polybar.nix b/modules/graphical/polybar.nix
index 761d2e7..9098326 100644
--- a/modules/graphical/polybar.nix
+++ b/modules/graphical/polybar.nix
@@ -2,7 +2,7 @@
config = lib.mkIf config.services.xserver.enable {
- gui.toggleBarCommand = "polybar-msg cmd toggle";
+ toggleBarCommand = "polybar-msg cmd toggle";
home-manager.users.${config.user} = {
@@ -23,14 +23,14 @@
# offset-y = -5;
# offset-y = "5%";
# dpi = 96;
- background = config.colorscheme.base01;
- foreground = config.colorscheme.base05;
+ background = config.theme.colors.base01;
+ foreground = config.theme.colors.base05;
line-size = "3pt";
border-top-size = 0;
border-right-size = 0;
border-left-size = 0;
border-bottom-size = "4pt";
- border-color = config.colorscheme.base00;
+ border-color = config.theme.colors.base00;
padding-left = 2;
padding-right = 2;
module-margin = 1;
@@ -58,35 +58,35 @@
fuzzy-match = true;
format = " ";
label-focused = "%name%";
- label-focused-foreground = config.colorscheme.base01;
- label-focused-background = config.colorscheme.base05;
- label-focused-underline = config.colorscheme.base03;
+ label-focused-foreground = config.theme.colors.base01;
+ label-focused-background = config.theme.colors.base05;
+ label-focused-underline = config.theme.colors.base03;
label-focused-padding = padding;
label-unfocused = "%name%";
label-unfocused-padding = padding;
label-visible = "%name%";
- label-visible-underline = config.colorscheme.base01;
+ label-visible-underline = config.theme.colors.base01;
label-visible-padding = padding;
label-urgent = "%name%";
- label-urgent-foreground = config.colorscheme.base00;
- label-urgent-background = config.colorscheme.base08;
- label-urgent-underline = config.colorscheme.base0F;
+ label-urgent-foreground = config.theme.colors.base00;
+ label-urgent-background = config.theme.colors.base08;
+ label-urgent-underline = config.theme.colors.base0F;
label-urgent-padding = padding;
};
"module/xworkspaces" = {
type = "internal/xworkspaces";
label-active = "%name%";
- label-active-background = config.colorscheme.base05;
- label-active-foreground = config.colorscheme.base01;
- label-active-underline = config.colorscheme.base03;
+ label-active-background = config.theme.colors.base05;
+ label-active-foreground = config.theme.colors.base01;
+ label-active-underline = config.theme.colors.base03;
label-active-padding = 1;
label-occupied = "%name%";
label-occupied-padding = 1;
label-urgent = "%name%";
- label-urgent-background = config.colorscheme.base08;
+ label-urgent-background = config.theme.colors.base08;
label-urgent-padding = 1;
label-empty = "%name%";
- label-empty-foreground = config.colorscheme.base06;
+ label-empty-foreground = config.theme.colors.base06;
label-empty-padding = 1;
};
"module/xwindow" = {
@@ -108,10 +108,10 @@
format-volume = " ";
# format-volume-background = colors.background;
# label-volume-background = colors.background;
- format-volume-foreground = config.colorscheme.base0B;
+ format-volume-foreground = config.theme.colors.base0B;
label-volume = "%percentage%%";
label-muted = "ﱝ ---";
- label-muted-foreground = config.colorscheme.base03;
+ label-muted-foreground = config.theme.colors.base03;
ramp-volume-0 = "";
ramp-volume-1 = "墳";
ramp-volume-2 = "";
@@ -163,7 +163,7 @@
date = "%d %b %l:%M %p";
date-alt = "%Y-%m-%d %H:%M:%S";
label = "%date%";
- label-foreground = config.colorscheme.base0A;
+ label-foreground = config.theme.colors.base0A;
# format-background = colors.background;
};
"settings" = {
diff --git a/modules/graphical/rofi.nix b/modules/graphical/rofi.nix
index 471d8ae..5a8674a 100644
--- a/modules/graphical/rofi.nix
+++ b/modules/graphical/rofi.nix
@@ -25,19 +25,19 @@
# Inspired by https://github.com/sherubthakur/dotfiles/blob/master/users/modules/desktop-environment/rofi/launcher.rasi
"*" = {
- background-color = mkLiteral config.colorscheme.base00;
- foreground-color = mkLiteral config.colorscheme.base07;
- text-color = mkLiteral config.colorscheme.base07;
- border-color = mkLiteral config.colorscheme.base04;
+ background-color = mkLiteral config.theme.colors.base00;
+ foreground-color = mkLiteral config.theme.colors.base07;
+ text-color = mkLiteral config.theme.colors.base07;
+ border-color = mkLiteral config.theme.colors.base04;
};
# Holds the entire window
"#window" = {
transparency = "real";
- background-color = mkLiteral config.colorscheme.base00;
- text-color = mkLiteral config.colorscheme.base07;
+ background-color = mkLiteral config.theme.colors.base00;
+ text-color = mkLiteral config.theme.colors.base07;
border = mkLiteral "4px";
- border-color = mkLiteral config.colorscheme.base04;
+ border-color = mkLiteral config.theme.colors.base04;
border-radius = mkLiteral "4px";
width = mkLiteral "850px";
padding = mkLiteral "15px";
@@ -45,10 +45,10 @@
# Wrapper around bar and results
"#mainbox" = {
- background-color = mkLiteral config.colorscheme.base00;
+ background-color = mkLiteral config.theme.colors.base00;
border = mkLiteral "0px";
border-radius = mkLiteral "0px";
- border-color = mkLiteral config.colorscheme.base04;
+ border-color = mkLiteral config.theme.colors.base04;
children = map mkLiteral [ "inputbar" "listview" ];
spacing = mkLiteral "10px";
padding = mkLiteral "10px";
@@ -59,7 +59,7 @@
expand = false;
str = ":";
margin = mkLiteral "0px 0.3em 0em 0em";
- text-color = mkLiteral config.colorscheme.base07;
+ text-color = mkLiteral config.theme.colors.base07;
};
# Command prompt left of the input
@@ -67,7 +67,7 @@
# Actual text box
"#entry" = {
- placeholder-color = mkLiteral config.colorscheme.base03;
+ placeholder-color = mkLiteral config.theme.colors.base03;
expand = true;
horizontal-align = "0";
placeholder = "Launch Program";
@@ -85,7 +85,7 @@
# Results
"#listview" = {
- background-color = mkLiteral config.colorscheme.base00;
+ background-color = mkLiteral config.theme.colors.base00;
padding = mkLiteral "0px";
columns = 1;
lines = 12;
@@ -104,9 +104,9 @@
"#element.selected" = {
border = mkLiteral "1px";
border-radius = mkLiteral "4px";
- border-color = mkLiteral config.colorscheme.base07;
- background-color = mkLiteral config.colorscheme.base04;
- text-color = mkLiteral config.colorscheme.base00;
+ border-color = mkLiteral config.theme.colors.base07;
+ background-color = mkLiteral config.theme.colors.base04;
+ text-color = mkLiteral config.theme.colors.base00;
};
"#element-text" = {
@@ -116,8 +116,8 @@
margin = mkLiteral "0px 2.5px 0px 2.5px";
};
"#element-text.selected" = {
- background-color = mkLiteral config.colorscheme.base04;
- text-color = mkLiteral config.colorscheme.base00;
+ background-color = mkLiteral config.theme.colors.base04;
+ text-color = mkLiteral config.theme.colors.base00;
};
# Not sure how to get icons
@@ -125,11 +125,11 @@
size = mkLiteral "18px";
border = mkLiteral "0px";
padding = mkLiteral "2px 5px 2px 2px";
- background-color = mkLiteral config.colorscheme.base00;
+ background-color = mkLiteral config.theme.colors.base00;
};
"#element-icon.selected" = {
- background-color = mkLiteral config.colorscheme.base04;
- text-color = mkLiteral config.colorscheme.base00;
+ background-color = mkLiteral config.theme.colors.base04;
+ text-color = mkLiteral config.theme.colors.base00;
};
};
@@ -144,9 +144,9 @@
};
- gui.launcherCommand = "${pkgs.rofi}/bin/rofi -show run -modi run";
- gui.systemdSearch = "${pkgs.rofi-systemd}/bin/rofi-systemd";
- gui.altTabCommand = "${pkgs.rofi}/bin/rofi -show window -modi window";
+ launcherCommand = "${pkgs.rofi}/bin/rofi -show run -modi run";
+ systemdSearch = "${pkgs.rofi-systemd}/bin/rofi-systemd";
+ altTabCommand = "${pkgs.rofi}/bin/rofi -show window -modi window";
};
diff --git a/modules/graphical/xorg.nix b/modules/graphical/xorg.nix
index 353beab..868a299 100644
--- a/modules/graphical/xorg.nix
+++ b/modules/graphical/xorg.nix
@@ -1,15 +1,25 @@
-{ config, pkgs, lib, ... }:
+{ config, pkgs, lib, ... }: {
-let
-
- gtkTheme = {
- name = config.gui.gtk.theme.name;
- package = pkgs.${config.gui.gtk.theme.package};
+ options = {
+ gtk.theme = {
+ name = lib.mkOption {
+ type = lib.types.str;
+ description = "Theme name for GTK applications";
+ };
+ package = lib.mkOption {
+ type = lib.types.str;
+ description = "Theme package name for GTK applications";
+ default = "gnome-themes-extra";
+ };
+ };
};
-in {
-
- config = lib.mkIf config.gui.enable {
+ config = let
+ gtkTheme = {
+ name = config.gtk.theme.name;
+ package = pkgs."${config.gtk.theme.package}";
+ };
+ in lib.mkIf config.gui.enable {
# Enable the X11 windowing system.
services.xserver = {
@@ -22,7 +32,7 @@ in {
displayManager = {
lightdm = {
enable = config.services.xserver.enable;
- background = config.gui.wallpaper;
+ background = config.wallpaper;
# Make the login screen dark
greeters.gtk.theme = gtkTheme;
@@ -46,7 +56,7 @@ in {
services.dbus.packages = [ pkgs.dconf ];
programs.dconf.enable = true;
- environment.sessionVariables = { GTK_THEME = config.gui.gtk.theme.name; };
+ environment.sessionVariables = { GTK_THEME = config.gtk.theme.name; };
home-manager.users.${config.user} = {
@@ -55,7 +65,10 @@ in {
pbpaste = "xclip -selection clipboard -out";
};
- gtk = let gtkExtraConfig = { gtk-application-prefer-dark-theme = true; };
+ gtk = let
+ gtkExtraConfig = {
+ gtk-application-prefer-dark-theme = config.theme.dark;
+ };
in {
enable = true;
theme = gtkTheme;
diff --git a/modules/neovim/default.nix b/modules/neovim/default.nix
index cbb51dd..a7cebcc 100644
--- a/modules/neovim/default.nix
+++ b/modules/neovim/default.nix
@@ -15,7 +15,12 @@
source = ./lua;
recursive = true; # Allows adding more files
};
- "nvim/lua/packer/colors.lua".source = config.colorscheme.neovimConfig;
+ "nvim/lua/packer/colors.lua".source = config.theme.colors.neovimConfig;
+ "nvim/lua/background.lua".text = ''
+ vim.cmd("set background=${
+ if config.theme.dark == true then "dark" else "light"
+ }")
+ '';
};
programs.git.extraConfig.core.editor = "nvim";
diff --git a/modules/neovim/init.lua b/modules/neovim/init.lua
index 8267993..d3d3ec6 100644
--- a/modules/neovim/init.lua
+++ b/modules/neovim/init.lua
@@ -1,3 +1,4 @@
require("packer_init")
require("settings")
require("keybinds")
+require("background")
From 07fec71ba4cb8a1bab656415265a009ac3d212d4 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Wed, 2 Nov 2022 21:47:11 -0400
Subject: [PATCH 095/391] put hashed pass in a separate file
---
.gitignore | 1 +
hosts/desktop/default.nix | 3 +--
hosts/oracle/default.nix | 1 -
hosts/wsl/default.nix | 3 +--
private/password.sha512 | 1 +
5 files changed, 4 insertions(+), 5 deletions(-)
create mode 100644 private/password.sha512
diff --git a/.gitignore b/.gitignore
index 64113bc..fcaeac4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,3 +6,4 @@ result
.luarc.json
private/**
!private/**.age
+!private/**.sha512
diff --git a/hosts/desktop/default.nix b/hosts/desktop/default.nix
index e351306..24d7ea9 100644
--- a/hosts/desktop/default.nix
+++ b/hosts/desktop/default.nix
@@ -22,8 +22,7 @@ nixpkgs.lib.nixosSystem {
};
wallpaper = "${wallpapers}/gruvbox/road.jpg";
gtk.theme.name = nixpkgs.lib.mkDefault "Adwaita-dark";
- passwordHash =
- "$6$PZYiMGmJIIHAepTM$Wx5EqTQ5GApzXx58nvi8azh16pdxrN6Qrv1wunDlzveOgawitWzcIxuj76X9V868fsPi/NOIEO8yVXqwzS9UF.";
+ passwordHash = nixpkgs.lib.fileContents ../../private/password.sha512;
}
./hardware-configuration.nix
diff --git a/hosts/oracle/default.nix b/hosts/oracle/default.nix
index 25fa460..c8a9163 100644
--- a/hosts/oracle/default.nix
+++ b/hosts/oracle/default.nix
@@ -28,7 +28,6 @@ nixpkgs.lib.nixosSystem {
giteaServer = "git.masu.rs";
# Disable passwords, only use SSH key
- passwordHash = null;
publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s";
diff --git a/hosts/wsl/default.nix b/hosts/wsl/default.nix
index 2c700b4..1e9ec18 100644
--- a/hosts/wsl/default.nix
+++ b/hosts/wsl/default.nix
@@ -17,8 +17,7 @@ nixpkgs.lib.nixosSystem {
identityFile = "/home/${globals.user}/.ssh/id_ed25519";
gui.enable = false;
colorscheme = (import ../../modules/colorscheme/gruvbox);
- passwordHash =
- "$6$PZYiMGmJIIHAepTM$Wx5EqTQ5GApzXx58nvi8azh16pdxrN6Qrv1wunDlzveOgawitWzcIxuj76X9V868fsPi/NOIEO8yVXqwzS9UF.";
+ passwordHash = nixpkgs.lib.fileContents ../../private/password.sha512;
wsl = {
enable = true;
automountPath = "/mnt";
diff --git a/private/password.sha512 b/private/password.sha512
new file mode 100644
index 0000000..354b39e
--- /dev/null
+++ b/private/password.sha512
@@ -0,0 +1 @@
+$6$PZYiMGmJIIHAepTM$Wx5EqTQ5GApzXx58nvi8azh16pdxrN6Qrv1wunDlzveOgawitWzcIxuj76X9V868fsPi/NOIEO8yVXqwzS9UF.
From 77413943066e41688fc7a308aadb1293fe04abe4 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Wed, 2 Nov 2022 22:15:29 -0400
Subject: [PATCH 096/391] add back removed applications
---
hosts/desktop/default.nix | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/hosts/desktop/default.nix b/hosts/desktop/default.nix
index 24d7ea9..64a1b52 100644
--- a/hosts/desktop/default.nix
+++ b/hosts/desktop/default.nix
@@ -30,14 +30,16 @@ nixpkgs.lib.nixosSystem {
../../modules/hardware
../../modules/nixos
../../modules/graphical
- ../../modules/gaming/steam.nix
- ../../modules/gaming/legendary.nix
../../modules/applications/media.nix
../../modules/applications/firefox.nix
../../modules/applications/kitty.nix
+ ../../modules/applications/1password.nix
../../modules/applications/discord.nix
../../modules/applications/nautilus.nix
+ ../../modules/applications/obsidian.nix
../../modules/mail/default.nix
+ ../../modules/gaming/steam.nix
+ ../../modules/gaming/legendary.nix
../../modules/repositories/notes.nix
../../modules/services/keybase.nix
../../modules/services/mullvad.nix
From 6241b8e624c21a3278cbdbf2c6d71069f0e590a9 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Thu, 3 Nov 2022 08:30:28 -0400
Subject: [PATCH 097/391] fix neovim tree-sitter bug
requires installing tree-sitter and nodejs to environment :(
---
modules/neovim/default.nix | 2 ++
1 file changed, 2 insertions(+)
diff --git a/modules/neovim/default.nix b/modules/neovim/default.nix
index a7cebcc..8d48f02 100644
--- a/modules/neovim/default.nix
+++ b/modules/neovim/default.nix
@@ -5,6 +5,8 @@
home.packages = with pkgs; [
neovim
gcc # for tree-sitter
+ tree-sitter # for tree-sitter-gitignore parser
+ nodejs # for tree-sitter-gitignore parser
shfmt # used everywhere
shellcheck # used everywhere
];
From 920ec8b43e088e55a66d46c22f48e8ff00eafa91 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Thu, 3 Nov 2022 08:51:51 -0400
Subject: [PATCH 098/391] add terminfo to openssh devices
---
modules/services/sshd.nix | 3 +++
1 file changed, 3 insertions(+)
diff --git a/modules/services/sshd.nix b/modules/services/sshd.nix
index 094d624..099589e 100644
--- a/modules/services/sshd.nix
+++ b/modules/services/sshd.nix
@@ -28,6 +28,9 @@
# Implement a simple fail2ban service for sshd
services.sshguard.enable = true;
+
+ # Add terminfo for SSH from popular terminal emulators
+ environment.enableAllTerminfo = true;
};
}
From 9386008fa246f6a3f23d8c65dd0257da2d2577f7 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Thu, 3 Nov 2022 11:24:03 -0400
Subject: [PATCH 099/391] fix: identity file wrong path on macos
---
hosts/macbook/default.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hosts/macbook/default.nix b/hosts/macbook/default.nix
index 21132b9..654ad21 100644
--- a/hosts/macbook/default.nix
+++ b/hosts/macbook/default.nix
@@ -14,7 +14,7 @@ darwin.lib.darwinSystem {
})
home-manager.darwinModules.home-manager
{
- identityFile = "/home/${globals.user}/.ssh/id_ed25519";
+ identityFile = "/Users/Noah.Masur/.ssh/id_ed25519";
gui.enable = true;
colorscheme = (import ../../modules/colorscheme/gruvbox);
mailUser = globals.user;
From 15f411617882c27020d5f637f408c332c7c956b7 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Thu, 3 Nov 2022 11:25:36 -0400
Subject: [PATCH 100/391] fixes for kitty on macos
---
modules/darwin/fonts.nix | 8 ++---
.../Spoons/MoveWindow.spoon/worklayout.lua | 35 ++++++++++---------
modules/darwin/system.nix | 4 ++-
3 files changed, 24 insertions(+), 23 deletions(-)
diff --git a/modules/darwin/fonts.nix b/modules/darwin/fonts.nix
index 874457a..30925a9 100644
--- a/modules/darwin/fonts.nix
+++ b/modules/darwin/fonts.nix
@@ -3,15 +3,13 @@
home-manager.users.${config.user} = {
home.packages = with pkgs;
- [ (nerdfonts.override { fonts = [ "FiraCode" ]; }) ];
+ [ (nerdfonts.override { fonts = [ "Victor Mono" ]; }) ];
- programs.alacritty.settings = {
- font.normal.family = "FiraCode Nerd Font Mono";
- };
+ programs.alacritty.settings = { font.normal.family = "Victor Mono"; };
programs.kitty.font = {
package = pkgs.nerdfonts;
- name = "FiraCode";
+ name = "Victor Mono";
};
};
diff --git a/modules/darwin/hammerspoon/Spoons/MoveWindow.spoon/worklayout.lua b/modules/darwin/hammerspoon/Spoons/MoveWindow.spoon/worklayout.lua
index 7161ad9..ea5a46d 100644
--- a/modules/darwin/hammerspoon/Spoons/MoveWindow.spoon/worklayout.lua
+++ b/modules/darwin/hammerspoon/Spoons/MoveWindow.spoon/worklayout.lua
@@ -9,24 +9,25 @@ WORK_RIGHT_MONITOR = "DELL U2415 (1)"
LAPTOP_MONITOR = "Built-in Retina Display"
-- Used to find out the name of the monitor in Hammerspoon
-function dump(o)
- if type(o) == "table" then
- local s = "{ "
- for k, v in pairs(o) do
- if type(k) ~= "number" then
- k = '"' .. k .. '"'
- end
- s = s .. "[" .. k .. "] = " .. dump(v) .. ","
- end
- return s .. "} "
- else
- return tostring(o)
- end
-end
+-- local function dump(o)
+-- if type(o) == "table" then
+-- local s = "{ "
+-- for k, v in pairs(o) do
+-- if type(k) ~= "number" then
+-- k = '"' .. k .. '"'
+-- end
+-- s = s .. "[" .. k .. "] = " .. dump(v) .. ","
+-- end
+-- return s .. "} "
+-- else
+-- return tostring(o)
+-- end
+-- end
+
-- Turn on when looking for the monitor name
-- print(dump(hs.screen.allScreens()))
-function concat(...)
+local function concat(...)
local res = {}
for _, tab in ipairs({ ... }) do
for _, elem in ipairs(tab) do
@@ -36,12 +37,12 @@ function concat(...)
return res
end
-function worklayout()
+local function worklayout()
hs.hotkey.bind({ "alt", "ctrl", "cmd" }, "l", function()
local u = hs.geometry.unitrect
-- set the layout
local left = {
- -- { "Alacritty", nil, WORK_LEFT_MONITOR, u(0, 0, 1, 1), nil, nil, visible = true },
+ { "kitty", nil, WORK_LEFT_MONITOR, u(0, 0, 1, 1), nil, nil, visible = true },
}
local right = {
{ "Slack", nil, WORK_RIGHT_MONITOR, u(0, 0, 1, 1), nil, nil, visible = true },
diff --git a/modules/darwin/system.nix b/modules/darwin/system.nix
index 4c2eaa1..aae8eb8 100644
--- a/modules/darwin/system.nix
+++ b/modules/darwin/system.nix
@@ -1,7 +1,9 @@
-{ ... }: {
+{ pkgs, ... }: {
services.nix-daemon.enable = true;
+ environment.shells = [ pkgs.fish ];
+
security.pam.enableSudoTouchIdAuth = true;
system = {
From 660ea997df59bc2d7bf54aaa2d89f57b19c05608 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Thu, 3 Nov 2022 11:25:58 -0400
Subject: [PATCH 101/391] fix standalone home-manager on macos
---
modules/darwin/nixpkgs.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/modules/darwin/nixpkgs.nix b/modules/darwin/nixpkgs.nix
index cde96ce..7330c27 100644
--- a/modules/darwin/nixpkgs.nix
+++ b/modules/darwin/nixpkgs.nix
@@ -21,7 +21,7 @@
rebuild-home = lib.mkForce {
body = ''
git -C ${config.dotfilesPath} add --intent-to-add --all
- commandline -r "${pkgs.home-manager}/bin/home-manager switch --flake ${config.dotfilesPath}#${config.networking.hostName}";
+ commandline -r "${pkgs.home-manager}/bin/home-manager switch --flake ${config.dotfilesPath}#macbook";
commandline --function execute
'';
};
From 7ae06494568c3c61425310e1b86fc25644db2d9c Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Thu, 3 Nov 2022 11:26:31 -0400
Subject: [PATCH 102/391] nixpkgs shortcut registries
---
modules/shell/fish/functions/fish_user_key_bindings.fish | 4 ++--
modules/shell/nixpkgs.nix | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/modules/shell/fish/functions/fish_user_key_bindings.fish b/modules/shell/fish/functions/fish_user_key_bindings.fish
index 04a2915..4c1e991 100644
--- a/modules/shell/fish/functions/fish_user_key_bindings.fish
+++ b/modules/shell/fish/functions/fish_user_key_bindings.fish
@@ -14,7 +14,7 @@ bind -M insert \cp projects
bind -M default \cp projects
bind -M insert \x1F accept-autosuggestion
bind -M default \x1F accept-autosuggestion
-bind -M insert \cn 'commandline -r "nix run github:NixOS/nixpkgs/nixpkgs-unstable#"'
-bind -M default \cn 'commandline -r "nix run github:NixOS/nixpkgs/nixpkgs-unstable#"'
+bind -M insert \cn 'commandline -r "nix run nixpkgs#"'
+bind -M default \cn 'commandline -r "nix run nixpkgs#"'
bind -M insert \x11F nix-fzf
bind -M default \x11F nix-fzf
diff --git a/modules/shell/nixpkgs.nix b/modules/shell/nixpkgs.nix
index e6a1840..0a8358c 100644
--- a/modules/shell/nixpkgs.nix
+++ b/modules/shell/nixpkgs.nix
@@ -19,9 +19,9 @@
body = ''
set program $argv[1]
if test (count $argv) -ge 2
- commandline -r "nix run github:NixOS/nixpkgs/nixpkgs-unstable#$program -- $argv[2..-1]"
+ commandline -r "nix run nixpkgs#$program -- $argv[2..-1]"
else
- commandline -r "nix run github:NixOS/nixpkgs/nixpkgs-unstable#$program"
+ commandline -r "nix run nixpkgs#$program"
end
commandline -f execute
'';
From 4ea56b0aab09cb76018a5b203fa732e8acdebad0 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Thu, 3 Nov 2022 21:20:29 -0400
Subject: [PATCH 103/391] fix: remove bell sounds from kitty
---
modules/applications/kitty.nix | 3 +++
1 file changed, 3 insertions(+)
diff --git a/modules/applications/kitty.nix b/modules/applications/kitty.nix
index 82e4cf7..dd4d727 100644
--- a/modules/applications/kitty.nix
+++ b/modules/applications/kitty.nix
@@ -69,6 +69,9 @@
tab_bar_edge = "top";
tab_bar_style = "slant";
+
+ # Audio
+ enable_audio_bell = false;
};
};
};
From c871f59791ecfdcb8c31a48196b46834c802e690 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sat, 5 Nov 2022 13:41:09 -0400
Subject: [PATCH 104/391] fixes for light mode
---
hosts/desktop/default.nix | 4 +-
modules/applications/firefox.nix | 2 +
modules/colorscheme/gruvbox/default.nix | 4 +-
modules/colorscheme/gruvbox/neovim.lua | 1 -
modules/neovim/default.nix | 4 +-
modules/shell/utilities.nix | 85 ++++++++++++++-----------
6 files changed, 56 insertions(+), 44 deletions(-)
diff --git a/hosts/desktop/default.nix b/hosts/desktop/default.nix
index 64a1b52..022539a 100644
--- a/hosts/desktop/default.nix
+++ b/hosts/desktop/default.nix
@@ -17,8 +17,8 @@ nixpkgs.lib.nixosSystem {
identityFile = "/home/${globals.user}/.ssh/id_ed25519";
gui.enable = true;
theme = {
- colors = (import ../../modules/colorscheme/gruvbox).dark;
- dark = true;
+ colors = (import ../../modules/colorscheme/gruvbox).light;
+ dark = false;
};
wallpaper = "${wallpapers}/gruvbox/road.jpg";
gtk.theme.name = nixpkgs.lib.mkDefault "Adwaita-dark";
diff --git a/modules/applications/firefox.nix b/modules/applications/firefox.nix
index 723d8d6..6ef36ab 100644
--- a/modules/applications/firefox.nix
+++ b/modules/applications/firefox.nix
@@ -45,6 +45,8 @@
"toolkit.legacyUserProfileCustomizations.stylesheets" =
true; # Allow userChrome.css
"layout.css.color-mix.enabled" = true;
+ "ui.systemUsesDarkTheme" =
+ if config.theme.dark == true then 1 else 0;
};
userChrome = ''
:root {
diff --git a/modules/colorscheme/gruvbox/default.nix b/modules/colorscheme/gruvbox/default.nix
index 3567f00..07441ed 100644
--- a/modules/colorscheme/gruvbox/default.nix
+++ b/modules/colorscheme/gruvbox/default.nix
@@ -20,6 +20,7 @@
base0E = "#d3869b"; # purple
base0F = "#d65d0e"; # brown
neovimConfig = ./neovim.lua;
+ batTheme = "gruvbox-dark";
};
light = {
base00 = "#fbf1c7"; # ----
@@ -38,6 +39,7 @@
base0D = "#076678"; # blue
base0E = "#8f3f71"; # purple
base0F = "#d65d0e"; # brown
- neovimConfig = ./neovim-light.lua;
+ neovimConfig = ./neovim.lua;
+ batTheme = "gruvbox-light";
};
}
diff --git a/modules/colorscheme/gruvbox/neovim.lua b/modules/colorscheme/gruvbox/neovim.lua
index db3f77c..086b0cb 100644
--- a/modules/colorscheme/gruvbox/neovim.lua
+++ b/modules/colorscheme/gruvbox/neovim.lua
@@ -6,7 +6,6 @@ M.packer = function(use)
config = function()
vim.g.gruvbox_italicize_strings = 0
vim.cmd("colorscheme gruvbox8")
- vim.cmd("set background=dark")
end,
})
end
diff --git a/modules/neovim/default.nix b/modules/neovim/default.nix
index 8d48f02..a52b63e 100644
--- a/modules/neovim/default.nix
+++ b/modules/neovim/default.nix
@@ -19,9 +19,9 @@
};
"nvim/lua/packer/colors.lua".source = config.theme.colors.neovimConfig;
"nvim/lua/background.lua".text = ''
- vim.cmd("set background=${
+ vim.o.background = "${
if config.theme.dark == true then "dark" else "light"
- }")
+ }"
'';
};
diff --git a/modules/shell/utilities.nix b/modules/shell/utilities.nix
index 33d9c49..c32d6d2 100644
--- a/modules/shell/utilities.nix
+++ b/modules/shell/utilities.nix
@@ -13,50 +13,59 @@ let
in {
- home-manager.users.${config.user} = {
+ config = {
- home.packages = with pkgs; [
- unzip # Extract zips
- rsync # Copy folders
- ripgrep # grep
- bat # cat
- fd # find
- sd # sed
- jq # JSON manipulation
- tealdeer # Cheatsheets
- tree # View directory hierarchy
- htop # Show system processes
- glow # Pretty markdown previews
- qrencode # Generate qr codes
- vimv-rs # Batch rename files
- dig # DNS lookup
- lf # File viewer
- # whois # Lookup IPs
- age # Encryption
- ];
+ home-manager.users.${config.user} = {
- programs.zoxide.enable = true; # Shortcut jump command
+ home.packages = with pkgs; [
+ unzip # Extract zips
+ rsync # Copy folders
+ ripgrep # grep
+ fd # find
+ sd # sed
+ jq # JSON manipulation
+ tealdeer # Cheatsheets
+ tree # View directory hierarchy
+ htop # Show system processes
+ glow # Pretty markdown previews
+ qrencode # Generate qr codes
+ vimv-rs # Batch rename files
+ dig # DNS lookup
+ lf # File viewer
+ inetutils # Includes telnet, whois
+ age # Encryption
+ ];
- home.file = {
- ".rgignore".text = ignorePatterns;
- ".fdignore".text = ignorePatterns;
- ".digrc".text = "+noall +answer"; # Cleaner dig commands
- };
+ programs.zoxide.enable = true; # Shortcut jump command
- programs.fish.shellAbbrs = {
- cat = "bat"; # Swap cat with bat
- };
-
- programs.fish.functions = {
- ping = {
- description = "Improved ping";
- argumentNames = "target";
- body = "${pkgs.prettyping}/bin/prettyping --nolegend $target";
+ home.file = {
+ ".rgignore".text = ignorePatterns;
+ ".fdignore".text = ignorePatterns;
+ ".digrc".text = "+noall +answer"; # Cleaner dig commands
};
- qr = {
- body =
- "${pkgs.qrencode}/bin/qrencode $argv[1] -o /tmp/qr.png | open /tmp/qr.png"; # Fix for non-macOS
+
+ programs.bat = {
+ enable = true; # cat replacement
+ config = { theme = config.theme.colors.batTheme; };
};
+
+ programs.fish.shellAbbrs = {
+ cat = "bat"; # Swap cat with bat
+ };
+
+ programs.fish.functions = {
+ ping = {
+ description = "Improved ping";
+ argumentNames = "target";
+ body = "${pkgs.prettyping}/bin/prettyping --nolegend $target";
+ };
+ qr = {
+ # Fix for non-macOS
+ body =
+ "${pkgs.qrencode}/bin/qrencode $argv[1] -o /tmp/qr.png | ${pkgs.gnome.sushi}/bin/sushi /tmp/qr.png";
+ };
+ };
+
};
};
From 5bbba2be396dd639587a87883f4a52ca12ac1668 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sat, 5 Nov 2022 19:38:43 -0400
Subject: [PATCH 105/391] set back to dark mode default
---
hosts/desktop/default.nix | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/hosts/desktop/default.nix b/hosts/desktop/default.nix
index 022539a..64a1b52 100644
--- a/hosts/desktop/default.nix
+++ b/hosts/desktop/default.nix
@@ -17,8 +17,8 @@ nixpkgs.lib.nixosSystem {
identityFile = "/home/${globals.user}/.ssh/id_ed25519";
gui.enable = true;
theme = {
- colors = (import ../../modules/colorscheme/gruvbox).light;
- dark = false;
+ colors = (import ../../modules/colorscheme/gruvbox).dark;
+ dark = true;
};
wallpaper = "${wallpapers}/gruvbox/road.jpg";
gtk.theme.name = nixpkgs.lib.mkDefault "Adwaita-dark";
From b04c442c874ab07c5c5f75f25a12898dddfc3dfe Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Mon, 7 Nov 2022 08:04:29 -0500
Subject: [PATCH 106/391] replace rnix lsp with nil
---
modules/neovim/lua/packer/lsp.lua | 4 ++--
modules/programming/nix.nix | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/modules/neovim/lua/packer/lsp.lua b/modules/neovim/lua/packer/lsp.lua
index 1a4ccc2..82dd205 100644
--- a/modules/neovim/lua/packer/lsp.lua
+++ b/modules/neovim/lua/packer/lsp.lua
@@ -46,8 +46,8 @@ M.packer = function(use)
capabilities = capabilities,
})
end
- if on_path("rnix-lsp") then
- require("lspconfig").rnix.setup({ capabilities = capabilities })
+ if on_path("nil") then
+ require("lspconfig").nil_ls.setup({ capabilities = capabilities })
end
vim.keymap.set("n", "gd", vim.lsp.buf.definition)
diff --git a/modules/programming/nix.nix b/modules/programming/nix.nix
index f928118..272b227 100644
--- a/modules/programming/nix.nix
+++ b/modules/programming/nix.nix
@@ -4,7 +4,7 @@
home.packages = with pkgs; [
nixfmt # Nix file formatter
- rnix-lsp # Nix language server
+ nil # Nix language server
];
};
From 2340b862e52b35ae539585cb47ceb15df4a323b6 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Mon, 7 Nov 2022 20:54:01 -0500
Subject: [PATCH 107/391] add noisetorch for mic noise suppression
---
modules/applications/discord.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/modules/applications/discord.nix b/modules/applications/discord.nix
index 91d7783..0d30622 100644
--- a/modules/applications/discord.nix
+++ b/modules/applications/discord.nix
@@ -15,5 +15,6 @@
}
'';
};
+ programs.noisetorch.enable = true;
};
}
From 8342746b693e79e126d4c05b54bb5f66285d759c Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Thu, 10 Nov 2022 04:26:38 +0000
Subject: [PATCH 108/391] fix wsl with new theme
---
hosts/desktop/default.nix | 2 +-
hosts/wsl/default.nix | 7 +++++--
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/hosts/desktop/default.nix b/hosts/desktop/default.nix
index 64a1b52..89d134c 100644
--- a/hosts/desktop/default.nix
+++ b/hosts/desktop/default.nix
@@ -37,7 +37,7 @@ nixpkgs.lib.nixosSystem {
../../modules/applications/discord.nix
../../modules/applications/nautilus.nix
../../modules/applications/obsidian.nix
- ../../modules/mail/default.nix
+ ../../modules/mail
../../modules/gaming/steam.nix
../../modules/gaming/legendary.nix
../../modules/repositories/notes.nix
diff --git a/hosts/wsl/default.nix b/hosts/wsl/default.nix
index 1e9ec18..3c428c4 100644
--- a/hosts/wsl/default.nix
+++ b/hosts/wsl/default.nix
@@ -16,7 +16,10 @@ nixpkgs.lib.nixosSystem {
nix.registry.nixpkgs.flake = nixpkgs;
identityFile = "/home/${globals.user}/.ssh/id_ed25519";
gui.enable = false;
- colorscheme = (import ../../modules/colorscheme/gruvbox);
+ theme = {
+ colors = (import ../../modules/colorscheme/gruvbox).dark;
+ dark = true;
+ };
passwordHash = nixpkgs.lib.fileContents ../../private/password.sha512;
wsl = {
enable = true;
@@ -31,7 +34,7 @@ nixpkgs.lib.nixosSystem {
../common.nix
../../modules/wsl
../../modules/nixos
- ../../modules/mail/himalaya.nix
+ ../../modules/mail
../../modules/repositories/notes.nix
../../modules/programming/nix.nix
../../modules/programming/lua.nix
From 0176b14350931dce20a1cf64f586991681bbd945 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Mon, 14 Nov 2022 10:35:16 -0500
Subject: [PATCH 109/391] move qr to nautilusg
---
modules/applications/nautilus.nix | 7 +++++++
modules/shell/utilities.nix | 5 -----
2 files changed, 7 insertions(+), 5 deletions(-)
diff --git a/modules/applications/nautilus.nix b/modules/applications/nautilus.nix
index 28cfb3a..7406a4c 100644
--- a/modules/applications/nautilus.nix
+++ b/modules/applications/nautilus.nix
@@ -7,6 +7,13 @@
gnome.nautilus
gnome.sushi # Quick preview with spacebar
];
+
+ programs.fish.functions = {
+ qr = {
+ body =
+ "${pkgs.qrencode}/bin/qrencode $argv[1] -o /tmp/qr.png | ${pkgs.gnome.sushi}/bin/sushi /tmp/qr.png";
+ };
+ };
};
};
diff --git a/modules/shell/utilities.nix b/modules/shell/utilities.nix
index c32d6d2..30d6741 100644
--- a/modules/shell/utilities.nix
+++ b/modules/shell/utilities.nix
@@ -59,11 +59,6 @@ in {
argumentNames = "target";
body = "${pkgs.prettyping}/bin/prettyping --nolegend $target";
};
- qr = {
- # Fix for non-macOS
- body =
- "${pkgs.qrencode}/bin/qrencode $argv[1] -o /tmp/qr.png | ${pkgs.gnome.sushi}/bin/sushi /tmp/qr.png";
- };
};
};
From 2ab37d3298299f93cf22c3ebb9e3c643f3b0446c Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Mon, 14 Nov 2022 10:35:36 -0500
Subject: [PATCH 110/391] move noisetorch to linux audio
---
modules/applications/discord.nix | 1 -
modules/hardware/audio.nix | 3 +++
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/modules/applications/discord.nix b/modules/applications/discord.nix
index 0d30622..91d7783 100644
--- a/modules/applications/discord.nix
+++ b/modules/applications/discord.nix
@@ -15,6 +15,5 @@
}
'';
};
- programs.noisetorch.enable = true;
};
}
diff --git a/modules/hardware/audio.nix b/modules/hardware/audio.nix
index 3007b6f..6d0f234 100644
--- a/modules/hardware/audio.nix
+++ b/modules/hardware/audio.nix
@@ -39,6 +39,9 @@ in {
pulse.enable = true;
};
+ # Provides audio source with background noise filtered
+ programs.noisetorch.enable = true;
+
# These aren't necessary, but helpful for the user
environment.systemPackages = with pkgs; [
pamixer # Audio control
From 5178c9f458d065c32b798c9a461a923438f9c857 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Wed, 16 Nov 2022 15:52:00 -0500
Subject: [PATCH 111/391] fix colorscheme for macbook
---
hosts/macbook/default.nix | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/hosts/macbook/default.nix b/hosts/macbook/default.nix
index 654ad21..ed6c624 100644
--- a/hosts/macbook/default.nix
+++ b/hosts/macbook/default.nix
@@ -16,7 +16,10 @@ darwin.lib.darwinSystem {
{
identityFile = "/Users/Noah.Masur/.ssh/id_ed25519";
gui.enable = true;
- colorscheme = (import ../../modules/colorscheme/gruvbox);
+ theme = {
+ colors = (import ../../modules/colorscheme/gruvbox).dark;
+ dark = true;
+ };
mailUser = globals.user;
networking.hostName = "noah-masur-mac";
nixpkgs.overlays = [ nur.overlay ];
From 07b5f855a613d91b8b0335635375763b7d5f6b2e Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Wed, 16 Nov 2022 15:52:24 -0500
Subject: [PATCH 112/391] disable firefox autofill
---
modules/applications/firefox.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/modules/applications/firefox.nix b/modules/applications/firefox.nix
index 6ef36ab..570e890 100644
--- a/modules/applications/firefox.nix
+++ b/modules/applications/firefox.nix
@@ -38,6 +38,7 @@
"browser.toolbars.bookmarks.visibility" = "newtab";
"browser.startup.page" = 3; # Restore previous session
"browser.newtabpage.enabled" = false; # Make new tabs blank
+ "dom.forms.autocomplete.formautofill" = false; # Disable autofill
"general.autoScroll" = true; # Drag middle-mouse to scroll
"services.sync.prefs.sync.general.autoScroll" =
false; # Prevent disabling autoscroll
From e1fc3317b54d3fae1feae97e677b1f7da641211a Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Fri, 18 Nov 2022 22:35:00 -0500
Subject: [PATCH 113/391] adjust aws package layout
---
flake.nix | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/flake.nix b/flake.nix
index d588a57..76be6fb 100644
--- a/flake.nix
+++ b/flake.nix
@@ -83,12 +83,10 @@
};
# Package servers into images with a generator
- packages.x86_64-linux = with inputs; {
- aws = import ./hosts/aws {
- inherit inputs globals;
- system = "x86_64-linux";
- };
- };
+ packages.aws = nixpkgs.lib.genAttrs [ "x86_64-linux" "aarch64-linux" ]
+ (system: {
+ "${system}" = import ./hosts/aws { inherit inputs globals system; };
+ });
apps = forAllSystems (system:
let pkgs = import nixpkgs { inherit system; };
From 30f9f869a78d4b4c463fce728a8deada1ee9d8c3 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sat, 19 Nov 2022 19:11:26 -0700
Subject: [PATCH 114/391] force fish shell for kitty
---
modules/darwin/kitty.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/modules/darwin/kitty.nix b/modules/darwin/kitty.nix
index 5191927..85e18e3 100644
--- a/modules/darwin/kitty.nix
+++ b/modules/darwin/kitty.nix
@@ -6,7 +6,7 @@
darwinLaunchOptions = [ "--start-as=fullscreen" ];
font.size = lib.mkForce 20;
settings = {
- shell = "${pkgs.fish}/bin/fish";
+ shell = "/run/current-system/sw/bin/fish";
macos_traditional_fullscreen = true;
macos_quit_when_last_window_closed = true;
};
From d1f12671b04e16313739d850f1b969a5f025f16a Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sat, 19 Nov 2022 19:12:01 -0700
Subject: [PATCH 115/391] force neovim fish shell in toggleterm
---
modules/neovim/lua/packer/toggleterm.lua | 1 +
1 file changed, 1 insertion(+)
diff --git a/modules/neovim/lua/packer/toggleterm.lua b/modules/neovim/lua/packer/toggleterm.lua
index 88da4e7..575e652 100644
--- a/modules/neovim/lua/packer/toggleterm.lua
+++ b/modules/neovim/lua/packer/toggleterm.lua
@@ -9,6 +9,7 @@ M.packer = function(use)
open_mapping = [[]],
hide_numbers = true,
direction = "float",
+ shell = "fish", -- Force fish for everything
})
vim.keymap.set("t", "", "") --- Exit terminal mode
From a6f9b985fc072e6a0fa2950bfd29612deb9ed83b Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sat, 19 Nov 2022 19:12:04 -0700
Subject: [PATCH 116/391] Revert "force neovim fish shell in toggleterm"
This reverts commit d1f12671b04e16313739d850f1b969a5f025f16a.
---
modules/neovim/lua/packer/toggleterm.lua | 1 -
1 file changed, 1 deletion(-)
diff --git a/modules/neovim/lua/packer/toggleterm.lua b/modules/neovim/lua/packer/toggleterm.lua
index 575e652..88da4e7 100644
--- a/modules/neovim/lua/packer/toggleterm.lua
+++ b/modules/neovim/lua/packer/toggleterm.lua
@@ -9,7 +9,6 @@ M.packer = function(use)
open_mapping = [[]],
hide_numbers = true,
direction = "float",
- shell = "fish", -- Force fish for everything
})
vim.keymap.set("t", "", "") --- Exit terminal mode
From 2848ae94240b3e9f38b3e63e6f99d4c908a77f5b Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sat, 19 Nov 2022 19:40:04 -0700
Subject: [PATCH 117/391] switch kitty to victormono font
---
modules/darwin/fonts.nix | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/modules/darwin/fonts.nix b/modules/darwin/fonts.nix
index 30925a9..09892c1 100644
--- a/modules/darwin/fonts.nix
+++ b/modules/darwin/fonts.nix
@@ -3,13 +3,13 @@
home-manager.users.${config.user} = {
home.packages = with pkgs;
- [ (nerdfonts.override { fonts = [ "Victor Mono" ]; }) ];
+ [ (nerdfonts.override { fonts = [ "VictorMono" ]; }) ];
- programs.alacritty.settings = { font.normal.family = "Victor Mono"; };
+ programs.alacritty.settings = { font.normal.family = "VictorMono"; };
programs.kitty.font = {
- package = pkgs.nerdfonts;
- name = "Victor Mono";
+ package = (pkgs.nerdfonts.override { fonts = [ "VictorMono" ]; });
+ name = "VictorMono Nerd Font Mono";
};
};
From 42237eab13464df361fb3ced8fd61d3e1698bffe Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sun, 20 Nov 2022 11:38:10 -0700
Subject: [PATCH 118/391] fix: aerc doesn't recognize config file
---
modules/darwin/user.nix | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/modules/darwin/user.nix b/modules/darwin/user.nix
index d3bfbc0..a5dc1cb 100644
--- a/modules/darwin/user.nix
+++ b/modules/darwin/user.nix
@@ -4,6 +4,12 @@
# macOS user
home = config.homePath;
shell = pkgs.fish; # Default shell
+
+ };
+
+ # Used for aerc
+ home-manager.users.${config.user} = {
+ home.sessionVariables = { XDG_CONFIG_HOME = "${config.homePath}/.config"; };
};
}
From 44c4084b57cecffa49f8af53b4dcd1dd7d83d227 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sun, 20 Nov 2022 11:51:46 -0700
Subject: [PATCH 119/391] fix: tfvars recognized as terraform
---
modules/neovim/lua/settings.lua | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/modules/neovim/lua/settings.lua b/modules/neovim/lua/settings.lua
index ef2cec6..b54e05a 100644
--- a/modules/neovim/lua/settings.lua
+++ b/modules/neovim/lua/settings.lua
@@ -75,6 +75,11 @@ vim.api.nvim_exec(
false
)
+vim.filetype.add({
+ pattern = {
+ [".*%.tfvars"] = "terraform",
+ },
+})
vim.api.nvim_create_autocmd("FileType", {
pattern = "*.eml",
callback = function()
From 3beacf9f3cf54693a259285d1022f08c6621f47a Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sun, 20 Nov 2022 11:52:33 -0700
Subject: [PATCH 120/391] adjust k9s toggleterm keybind
---
modules/neovim/lua/packer/toggleterm.lua | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/modules/neovim/lua/packer/toggleterm.lua b/modules/neovim/lua/packer/toggleterm.lua
index 88da4e7..a185e94 100644
--- a/modules/neovim/lua/packer/toggleterm.lua
+++ b/modules/neovim/lua/packer/toggleterm.lua
@@ -50,7 +50,7 @@ M.packer = function(use)
vim.keymap.set("n", "t", TERM_TOGGLE)
vim.keymap.set("n", "P", NIXPKGS_TOGGLE)
vim.keymap.set("n", "gw", GITWATCH_TOGGLE)
- vim.keymap.set("n", "", K9S_TOGGLE)
+ vim.keymap.set("n", "9", K9S_TOGGLE)
end,
})
From f304392d58c6b043a35016094f65d60d88c5b343 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sun, 20 Nov 2022 11:55:11 -0700
Subject: [PATCH 121/391] fix: victormono italic glitch on macos
---
modules/darwin/kitty.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/modules/darwin/kitty.nix b/modules/darwin/kitty.nix
index 85e18e3..2e1121a 100644
--- a/modules/darwin/kitty.nix
+++ b/modules/darwin/kitty.nix
@@ -9,6 +9,7 @@
shell = "/run/current-system/sw/bin/fish";
macos_traditional_fullscreen = true;
macos_quit_when_last_window_closed = true;
+ disable_ligatures = "always";
};
};
};
From b9ddaf095c200810393d54f0a7e5c7bf7d4c3978 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sun, 20 Nov 2022 12:09:03 -0700
Subject: [PATCH 122/391] replace alacritty with kitty in macos dock
---
modules/darwin/system.nix | 20 ++++++++++++--------
1 file changed, 12 insertions(+), 8 deletions(-)
diff --git a/modules/darwin/system.nix b/modules/darwin/system.nix
index aae8eb8..853d022 100644
--- a/modules/darwin/system.nix
+++ b/modules/darwin/system.nix
@@ -132,6 +132,16 @@
defaults write com.apple.screensaver askForPassword -int 1
defaults write com.apple.screensaver askForPasswordDelay -int 0
+ echo "Allow apps from anywhere"
+ SPCTL=$(spctl --status)
+ if ! [ "$SPCTL" = "assessments disabled" ]; then
+ sudo spctl --master-disable
+ fi
+
+ '';
+
+ # User-level settings
+ activationScripts.postUserActivation.text = ''
echo "Show the ~/Library folder"
chflags nohidden ~/Library
@@ -162,16 +172,10 @@
"$(__dock_item /Applications/Mimestream.app)" \
"$(__dock_item /Applications/zoom.us.app)" \
"$(__dock_item /Applications/Obsidian.app)" \
- "$(__dock_item /Applications/Alacritty.app)" \
+ "$(__dock_item ${pkgs.kitty}/Applications/kitty.app)" \
"$(__dock_item /System/Applications/System\ Preferences.app)"
-
- echo "Allow apps from anywhere"
- SPCTL=$(spctl --status)
- if ! [ "$SPCTL" = "assessments disabled" ]; then
- sudo spctl --master-disable
- fi
-
'';
+
};
}
From 7ddd9d9aa4fe1516d815a1b265f0a33b9fef1c2e Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sun, 20 Nov 2022 12:12:18 -0700
Subject: [PATCH 123/391] add discord to macos dock
---
modules/darwin/system.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/modules/darwin/system.nix b/modules/darwin/system.nix
index 853d022..ff474a2 100644
--- a/modules/darwin/system.nix
+++ b/modules/darwin/system.nix
@@ -171,6 +171,7 @@
"$(__dock_item /System/Applications/Mail.app)" \
"$(__dock_item /Applications/Mimestream.app)" \
"$(__dock_item /Applications/zoom.us.app)" \
+ "$(__dock_item ${pkgs.discord}/Applications/Discord.app)" \
"$(__dock_item /Applications/Obsidian.app)" \
"$(__dock_item ${pkgs.kitty}/Applications/kitty.app)" \
"$(__dock_item /System/Applications/System\ Preferences.app)"
From 52f9057ee59601193d9424d981fd353d1cc4b57c Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Mon, 21 Nov 2022 01:04:22 +0000
Subject: [PATCH 124/391] unused n8n setup
---
modules/services/n8n.nix | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
create mode 100644 modules/services/n8n.nix
diff --git a/modules/services/n8n.nix b/modules/services/n8n.nix
new file mode 100644
index 0000000..fe0c5ea
--- /dev/null
+++ b/modules/services/n8n.nix
@@ -0,0 +1,21 @@
+{ ... }: {
+
+ services.n8n = {
+ enable = true;
+ settings = {
+ n8n = {
+ listenAddress = "127.0.0.1";
+ port = 5678;
+ };
+ };
+ };
+
+ caddyRoutes = [{
+ match = [{ host = [ config.n8nServer ]; }];
+ handle = [{
+ handler = "reverse_proxy";
+ upstreams = [{ dial = "localhost:5678"; }];
+ }];
+ }];
+
+}
From d672a77ddb65eb8c06e191ba046eee66efdb60e5 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Wed, 23 Nov 2022 14:37:57 -0700
Subject: [PATCH 125/391] fix alt-e in fish for kitty
---
modules/darwin/kitty.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/modules/darwin/kitty.nix b/modules/darwin/kitty.nix
index 2e1121a..7fb840a 100644
--- a/modules/darwin/kitty.nix
+++ b/modules/darwin/kitty.nix
@@ -10,6 +10,7 @@
macos_traditional_fullscreen = true;
macos_quit_when_last_window_closed = true;
disable_ligatures = "always";
+ macos_option_as_alt = true;
};
};
};
From 97ed5eb33b72902e94a5548cf866e9e24a627697 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Wed, 23 Nov 2022 15:46:30 -0700
Subject: [PATCH 126/391] switch from homebrew to firefox overlay for macos
---
flake.lock | 41 +++++++++++++++++++++++++++++---
flake.nix | 3 +++
hosts/macbook/default.nix | 3 ++-
modules/applications/firefox.nix | 1 +
modules/darwin/homebrew.nix | 1 -
modules/darwin/system.nix | 2 +-
6 files changed, 45 insertions(+), 6 deletions(-)
diff --git a/flake.lock b/flake.lock
index 5a442fc..6de5404 100644
--- a/flake.lock
+++ b/flake.lock
@@ -21,6 +21,24 @@
"type": "github"
}
},
+ "firefox-darwin": {
+ "inputs": {
+ "nixpkgs": "nixpkgs"
+ },
+ "locked": {
+ "lastModified": 1668992358,
+ "narHash": "sha256-24iH+wIbE1bKCFmqslwOpfrDypJ40mk1uGIqRUxDXxY=",
+ "owner": "bandithedoge",
+ "repo": "nixpkgs-firefox-darwin",
+ "rev": "066d4fd658acd075b45405eda9e3bca6a71a47b1",
+ "type": "github"
+ },
+ "original": {
+ "owner": "bandithedoge",
+ "repo": "nixpkgs-firefox-darwin",
+ "type": "github"
+ }
+ },
"flake-compat": {
"flake": false,
"locked": {
@@ -111,6 +129,22 @@
}
},
"nixpkgs": {
+ "locked": {
+ "lastModified": 1639237670,
+ "narHash": "sha256-RTdL4rEQcgaZGpvtDgkp3oK/V+1LM3I53n0ACPSroAQ=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "edfb969386ebe6c3cf8f878775a7975cd88f926d",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "master",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_2": {
"locked": {
"lastModified": 1666959691,
"narHash": "sha256-TRpWA3t8ata79HOGtFd5dDCl1kJQmIE16PDF53/Hcxo=",
@@ -126,7 +160,7 @@
"type": "github"
}
},
- "nixpkgs_2": {
+ "nixpkgs_3": {
"locked": {
"lastModified": 1660318005,
"narHash": "sha256-g9WCa9lVUmOV6dYRbEPjv/TLOR5hamjeCcKExVGS3OQ=",
@@ -159,9 +193,10 @@
"root": {
"inputs": {
"darwin": "darwin",
+ "firefox-darwin": "firefox-darwin",
"home-manager": "home-manager",
"nixos-generators": "nixos-generators",
- "nixpkgs": "nixpkgs",
+ "nixpkgs": "nixpkgs_2",
"nur": "nur",
"wallpapers": "wallpapers",
"wsl": "wsl"
@@ -202,7 +237,7 @@
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
- "nixpkgs": "nixpkgs_2"
+ "nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1666720338,
diff --git a/flake.nix b/flake.nix
index 76be6fb..f8aa770 100644
--- a/flake.nix
+++ b/flake.nix
@@ -26,6 +26,9 @@
# Community packages; used for Firefox extensions
nur.url = "github:nix-community/nur";
+ # Use official Firefox binary for macOS
+ firefox-darwin.url = "github:bandithedoge/nixpkgs-firefox-darwin";
+
# Wallpapers
wallpapers = {
url = "gitlab:exorcist365/wallpapers";
diff --git a/hosts/macbook/default.nix b/hosts/macbook/default.nix
index ed6c624..74e2f90 100644
--- a/hosts/macbook/default.nix
+++ b/hosts/macbook/default.nix
@@ -22,7 +22,7 @@ darwin.lib.darwinSystem {
};
mailUser = globals.user;
networking.hostName = "noah-masur-mac";
- nixpkgs.overlays = [ nur.overlay ];
+ nixpkgs.overlays = [ nur.overlay firefox-darwin.overlay ];
# Set registry to flake packages, used for nix X commands
nix.registry.nixpkgs.flake = nixpkgs;
}
@@ -32,6 +32,7 @@ darwin.lib.darwinSystem {
../../modules/applications/alacritty.nix
../../modules/applications/kitty.nix
../../modules/applications/discord.nix
+ ../../modules/applications/firefox.nix
../../modules/repositories/notes.nix
../../modules/programming/nix.nix
../../modules/programming/terraform.nix
diff --git a/modules/applications/firefox.nix b/modules/applications/firefox.nix
index 570e890..3b1a246 100644
--- a/modules/applications/firefox.nix
+++ b/modules/applications/firefox.nix
@@ -9,6 +9,7 @@
programs.firefox = {
enable = true;
+ package = lib.mkIf pkgs.stdenv.isDarwin pkgs.firefox-bin;
extensions = with pkgs.nur.repos.rycee.firefox-addons; [
ublock-origin
vimium
diff --git a/modules/darwin/homebrew.nix b/modules/darwin/homebrew.nix
index b6ffb64..317cd27 100644
--- a/modules/darwin/homebrew.nix
+++ b/modules/darwin/homebrew.nix
@@ -32,7 +32,6 @@
"openjdk" # Required by Apache Directory Studio
];
casks = [
- "firefox" # Firefox packaging on Nix is broken for macOS
"1password" # 1Password packaging on Nix is broken for macOS
"scroll-reverser" # Different scroll style for mouse vs. trackpad
"meetingbar" # Show meetings in menu bar
diff --git a/modules/darwin/system.nix b/modules/darwin/system.nix
index ff474a2..0294446 100644
--- a/modules/darwin/system.nix
+++ b/modules/darwin/system.nix
@@ -166,7 +166,7 @@
"$(__dock_item /Applications/1Password.app)" \
"$(__dock_item /Applications/Slack.app)" \
"$(__dock_item /System/Applications/Calendar.app)" \
- "$(__dock_item /Applications/Firefox.app)" \
+ "$(__dock_item ${pkgs.firefox-bin}/Applications/Firefox.app)" \
"$(__dock_item /System/Applications/Messages.app)" \
"$(__dock_item /System/Applications/Mail.app)" \
"$(__dock_item /Applications/Mimestream.app)" \
From cf62184744638413aa3b715ab8212eaf01009687 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sun, 27 Nov 2022 12:29:45 -0700
Subject: [PATCH 127/391] first neovim build package
---
flake.lock | 445 ++++++++++++++++++++++++++++-
flake.nix | 106 ++++++-
modules/neovim/plugins-overlay.nix | 53 ++++
3 files changed, 597 insertions(+), 7 deletions(-)
create mode 100644 modules/neovim/plugins-overlay.nix
diff --git a/flake.lock b/flake.lock
index 6de5404..d671881 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1,5 +1,69 @@
{
"nodes": {
+ "Comment-nvim-src": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1668781964,
+ "narHash": "sha256-po1MyuuOH3e8yJTAtkxnusFSJuNpQnjpe+zfWPoO62E=",
+ "owner": "numToStr",
+ "repo": "Comment.nvim",
+ "rev": "5f01c1a89adafc52bf34e3bf690f80d9d726715d",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numToStr",
+ "repo": "Comment.nvim",
+ "type": "github"
+ }
+ },
+ "bufferline-nvim-src": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1668632062,
+ "narHash": "sha256-qGl1jwBaMFWsrth7F20KrfJpyVENF8GEOJsVBBcSTVA=",
+ "owner": "akinsho",
+ "repo": "bufferline.nvim",
+ "rev": "4ecfa81e470a589e74adcde3d5bb1727dd407363",
+ "type": "github"
+ },
+ "original": {
+ "owner": "akinsho",
+ "repo": "bufferline.nvim",
+ "type": "github"
+ }
+ },
+ "cmp-buffer-src": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1660101488,
+ "narHash": "sha256-dG4U7MtnXThoa/PD+qFtCt76MQ14V1wX8GMYcvxEnbM=",
+ "owner": "hrsh7th",
+ "repo": "cmp-buffer",
+ "rev": "3022dbc9166796b644a841a02de8dd1cc1d311fa",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hrsh7th",
+ "repo": "cmp-buffer",
+ "type": "github"
+ }
+ },
+ "cmp-nvim-lsp-src": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1668566979,
+ "narHash": "sha256-Mqkp8IH/laUx0cK7S0BjusTT+OtOOJOamZM4+93RHdU=",
+ "owner": "hrsh7th",
+ "repo": "cmp-nvim-lsp",
+ "rev": "59224771f91b86d1de12570b4070fe4ad7cd1eeb",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hrsh7th",
+ "repo": "cmp-nvim-lsp",
+ "type": "github"
+ }
+ },
"darwin": {
"inputs": {
"nixpkgs": [
@@ -56,6 +120,21 @@
}
},
"flake-utils": {
+ "locked": {
+ "lastModified": 1667395993,
+ "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "flake-utils_2": {
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
@@ -70,6 +149,37 @@
"type": "github"
}
},
+ "flake-utils_3": {
+ "locked": {
+ "lastModified": 1659877975,
+ "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "gitsigns-nvim-src": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1668016276,
+ "narHash": "sha256-u8nHB4QwP1hkfI64MGF5luTof88hTdpF5s1KBr3X2jE=",
+ "owner": "lewis6991",
+ "repo": "gitsigns.nvim",
+ "rev": "9ff7dfb051e5104088ff80556203634fc8f8546d",
+ "type": "github"
+ },
+ "original": {
+ "owner": "lewis6991",
+ "repo": "gitsigns.nvim",
+ "type": "github"
+ }
+ },
"home-manager": {
"inputs": {
"nixpkgs": [
@@ -92,6 +202,79 @@
"type": "github"
}
},
+ "impatient-nvim-src": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1668271823,
+ "narHash": "sha256-tsdTHbUC0kYOGonJ1TLIsHnv/RgWGTqHKY3xVj80mxM=",
+ "owner": "lewis6991",
+ "repo": "impatient.nvim",
+ "rev": "d3dd30ff0b811756e735eb9020609fa315bfbbcc",
+ "type": "github"
+ },
+ "original": {
+ "owner": "lewis6991",
+ "repo": "impatient.nvim",
+ "type": "github"
+ }
+ },
+ "lualine-nvim-src": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1669435324,
+ "narHash": "sha256-nbvFpC6/QEIwbnw1Zy4mEutpfI/lFKfPeTXUJmRIODc=",
+ "owner": "hoob3rt",
+ "repo": "lualine.nvim",
+ "rev": "b6314ac556098d7abea9bb8cf896d2e3500eca41",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hoob3rt",
+ "repo": "lualine.nvim",
+ "type": "github"
+ }
+ },
+ "nil": {
+ "inputs": {
+ "flake-utils": "flake-utils",
+ "nixpkgs": "nixpkgs_2",
+ "rust-overlay": "rust-overlay"
+ },
+ "locked": {
+ "lastModified": 1669391194,
+ "narHash": "sha256-4oWcXqyBYPHF+Wt8AxRhWk70O1qVJPkyBw2IhxJtj6k=",
+ "owner": "oxalica",
+ "repo": "nil",
+ "rev": "afec5fed829ee193de7e8c62e1fb4bd55140f4ac",
+ "type": "github"
+ },
+ "original": {
+ "owner": "oxalica",
+ "repo": "nil",
+ "type": "github"
+ }
+ },
+ "nix2vim": {
+ "inputs": {
+ "flake-utils": "flake-utils_2",
+ "nixpkgs": [
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1666021730,
+ "narHash": "sha256-eXd9bqYleh+BZsUybKCj7rNhnwoV0tzsuGGXKmW/+NA=",
+ "owner": "gytis-ivaskevicius",
+ "repo": "nix2vim",
+ "rev": "f3b56da72278cd720fe7fb4b6d001047b7179669",
+ "type": "github"
+ },
+ "original": {
+ "owner": "gytis-ivaskevicius",
+ "repo": "nix2vim",
+ "type": "github"
+ }
+ },
"nixlib": {
"locked": {
"lastModified": 1636849918,
@@ -145,6 +328,22 @@
}
},
"nixpkgs_2": {
+ "locked": {
+ "lastModified": 1669165918,
+ "narHash": "sha256-hIVruk2+0wmw/Kfzy11rG3q7ev3VTi/IKVODeHcVjFo=",
+ "owner": "nixos",
+ "repo": "nixpkgs",
+ "rev": "3b400a525d92e4085e46141ff48cbf89fd89739e",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nixos",
+ "ref": "nixpkgs-unstable",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_3": {
"locked": {
"lastModified": 1666959691,
"narHash": "sha256-TRpWA3t8ata79HOGtFd5dDCl1kJQmIE16PDF53/Hcxo=",
@@ -160,7 +359,7 @@
"type": "github"
}
},
- "nixpkgs_3": {
+ "nixpkgs_4": {
"locked": {
"lastModified": 1660318005,
"narHash": "sha256-g9WCa9lVUmOV6dYRbEPjv/TLOR5hamjeCcKExVGS3OQ=",
@@ -175,6 +374,22 @@
"type": "indirect"
}
},
+ "null-ls-nvim-src": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1669235424,
+ "narHash": "sha256-po66LOeGuBHi3MZsn5+/gYdgU+oFTZUPfPWx2norc3I=",
+ "owner": "jose-elias-alvarez",
+ "repo": "null-ls.nvim",
+ "rev": "c51978f546a86a653f4a492b86313f4616412cec",
+ "type": "github"
+ },
+ "original": {
+ "owner": "jose-elias-alvarez",
+ "repo": "null-ls.nvim",
+ "type": "github"
+ }
+ },
"nur": {
"locked": {
"lastModified": 1667025500,
@@ -190,18 +405,192 @@
"type": "github"
}
},
+ "nvim-lspconfig-src": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1669447443,
+ "narHash": "sha256-ikrkXhzkn4nYqJd9WaG61UGYWRdY2cbzKQIR+kDcYqE=",
+ "owner": "neovim",
+ "repo": "nvim-lspconfig",
+ "rev": "abe6c99c7489de2c317869cf5dea57a9595a0cca",
+ "type": "github"
+ },
+ "original": {
+ "owner": "neovim",
+ "repo": "nvim-lspconfig",
+ "type": "github"
+ }
+ },
+ "nvim-tree-lua-src": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1669432749,
+ "narHash": "sha256-YQix8eYrruuyH5pzjFvxb6hbMLhu1X/hnymO9dmbCqs=",
+ "owner": "kyazdani42",
+ "repo": "nvim-tree.lua",
+ "rev": "b17358ff4d822deeb42b97919065800f8f91cb55",
+ "type": "github"
+ },
+ "original": {
+ "owner": "kyazdani42",
+ "repo": "nvim-tree.lua",
+ "type": "github"
+ }
+ },
+ "nvim-treesitter-src": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1669484329,
+ "narHash": "sha256-aAzVCRoqa2TDMsDKuxFRJHleR4ubA0bLaCVYk96/su8=",
+ "owner": "nvim-treesitter",
+ "repo": "nvim-treesitter",
+ "rev": "5aacb06135a952190933f9bfff923957db8965db",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nvim-treesitter",
+ "repo": "nvim-treesitter",
+ "type": "github"
+ }
+ },
+ "nvim-web-devicons-src": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1669423115,
+ "narHash": "sha256-Wyd4HnV+aQrh4Z2KdwCdi84glzIbQt8/y7NRGf67hcw=",
+ "owner": "kyazdani42",
+ "repo": "nvim-web-devicons",
+ "rev": "189ad3790d57c548896a78522fd8b0d0fc11be31",
+ "type": "github"
+ },
+ "original": {
+ "owner": "kyazdani42",
+ "repo": "nvim-web-devicons",
+ "type": "github"
+ }
+ },
+ "plenary-nvim-src": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1664607953,
+ "narHash": "sha256-lIdBrVpi+vUudeotjFAuw4C0VT8TPoFE9cVVAQEsAYU=",
+ "owner": "nvim-lua",
+ "repo": "plenary.nvim",
+ "rev": "4b7e52044bbb84242158d977a50c4cbcd85070c7",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nvim-lua",
+ "repo": "plenary.nvim",
+ "type": "github"
+ }
+ },
"root": {
"inputs": {
+ "Comment-nvim-src": "Comment-nvim-src",
+ "bufferline-nvim-src": "bufferline-nvim-src",
+ "cmp-buffer-src": "cmp-buffer-src",
+ "cmp-nvim-lsp-src": "cmp-nvim-lsp-src",
"darwin": "darwin",
"firefox-darwin": "firefox-darwin",
+ "gitsigns-nvim-src": "gitsigns-nvim-src",
"home-manager": "home-manager",
+ "impatient-nvim-src": "impatient-nvim-src",
+ "lualine-nvim-src": "lualine-nvim-src",
+ "nil": "nil",
+ "nix2vim": "nix2vim",
"nixos-generators": "nixos-generators",
- "nixpkgs": "nixpkgs_2",
+ "nixpkgs": "nixpkgs_3",
+ "null-ls-nvim-src": "null-ls-nvim-src",
"nur": "nur",
+ "nvim-lspconfig-src": "nvim-lspconfig-src",
+ "nvim-tree-lua-src": "nvim-tree-lua-src",
+ "nvim-treesitter-src": "nvim-treesitter-src",
+ "nvim-web-devicons-src": "nvim-web-devicons-src",
+ "plenary-nvim-src": "plenary-nvim-src",
+ "telescope-nvim-src": "telescope-nvim-src",
+ "telescope-project-nvim-src": "telescope-project-nvim-src",
+ "toggleterm-nvim-src": "toggleterm-nvim-src",
+ "vim-bbye-src": "vim-bbye-src",
+ "vim-repeat-src": "vim-repeat-src",
+ "vim-surround-src": "vim-surround-src",
"wallpapers": "wallpapers",
"wsl": "wsl"
}
},
+ "rust-overlay": {
+ "inputs": {
+ "flake-utils": [
+ "nil",
+ "flake-utils"
+ ],
+ "nixpkgs": [
+ "nil",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1669170936,
+ "narHash": "sha256-TKPH4Pzkjw5gAPo9hejs3O4mWJW6V/RSiOj8UuSFRTs=",
+ "owner": "oxalica",
+ "repo": "rust-overlay",
+ "rev": "c90c223c4aef334356029b89c72bb65e26f7efe6",
+ "type": "github"
+ },
+ "original": {
+ "owner": "oxalica",
+ "repo": "rust-overlay",
+ "type": "github"
+ }
+ },
+ "telescope-nvim-src": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1669224375,
+ "narHash": "sha256-NqMtFHgYO031WLDHb7AuVRUFMA72LHYVjbD0bt26O6I=",
+ "owner": "nvim-telescope",
+ "repo": "telescope.nvim",
+ "rev": "cea9c75c19d172d2c6f089f21656019734a615cf",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nvim-telescope",
+ "repo": "telescope.nvim",
+ "type": "github"
+ }
+ },
+ "telescope-project-nvim-src": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1665406281,
+ "narHash": "sha256-ZBFgUlW+h7vndazZ0lZux8i7yQHKJNDPQPZ2z96Rfpk=",
+ "owner": "nvim-telescope",
+ "repo": "telescope-project.nvim",
+ "rev": "ff4d3cea905383a67d1a47b9dd210c4907d858c2",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nvim-telescope",
+ "repo": "telescope-project.nvim",
+ "type": "github"
+ }
+ },
+ "toggleterm-nvim-src": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1667475764,
+ "narHash": "sha256-gazqaTsK5hAFqk6OONqTsR/zmjN3P8fPKsYufBhkeRA=",
+ "owner": "akinsho",
+ "repo": "toggleterm.nvim",
+ "rev": "3ba683827c623affb4d9aa518e97b34db2623093",
+ "type": "github"
+ },
+ "original": {
+ "owner": "akinsho",
+ "repo": "toggleterm.nvim",
+ "type": "github"
+ }
+ },
"utils": {
"locked": {
"lastModified": 1659877975,
@@ -217,6 +606,54 @@
"type": "github"
}
},
+ "vim-bbye-src": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1520078493,
+ "narHash": "sha256-xJMZQ/27TgwAnvPVH1fjF6SLOA9jvXmbfcwV0NZ1kTY=",
+ "owner": "moll",
+ "repo": "vim-bbye",
+ "rev": "25ef93ac5a87526111f43e5110675032dbcacf56",
+ "type": "github"
+ },
+ "original": {
+ "owner": "moll",
+ "repo": "vim-bbye",
+ "type": "github"
+ }
+ },
+ "vim-repeat-src": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1611544268,
+ "narHash": "sha256-8rfZa3uKXB3TRCqaDHZ6DfzNbm7WaYnLvmTNzYtnKHg=",
+ "owner": "tpope",
+ "repo": "vim-repeat",
+ "rev": "24afe922e6a05891756ecf331f39a1f6743d3d5a",
+ "type": "github"
+ },
+ "original": {
+ "owner": "tpope",
+ "repo": "vim-repeat",
+ "type": "github"
+ }
+ },
+ "vim-surround-src": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1666730476,
+ "narHash": "sha256-DZE5tkmnT+lAvx/RQHaDEgEJXRKsy56KJY919xiH1lE=",
+ "owner": "tpope",
+ "repo": "vim-surround",
+ "rev": "3d188ed2113431cf8dac77be61b842acb64433d9",
+ "type": "github"
+ },
+ "original": {
+ "owner": "tpope",
+ "repo": "vim-surround",
+ "type": "github"
+ }
+ },
"wallpapers": {
"flake": false,
"locked": {
@@ -236,8 +673,8 @@
"wsl": {
"inputs": {
"flake-compat": "flake-compat",
- "flake-utils": "flake-utils",
- "nixpkgs": "nixpkgs_3"
+ "flake-utils": "flake-utils_3",
+ "nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1666720338,
diff --git a/flake.nix b/flake.nix
index f8aa770..6cc5f03 100644
--- a/flake.nix
+++ b/flake.nix
@@ -41,6 +41,93 @@
inputs.nixpkgs.follows = "nixpkgs";
};
+ # Convert Nix to Neovim config
+ nix2vim = {
+ url = "github:gytis-ivaskevicius/nix2vim";
+ inputs.nixpkgs.follows = "nixpkgs";
+ };
+
+ # Nix language server
+ nil.url = "github:oxalica/nil";
+
+ # Neovim plugins
+ nvim-lspconfig-src = {
+ url = "github:neovim/nvim-lspconfig";
+ flake = false;
+ };
+ cmp-nvim-lsp-src = {
+ url = "github:hrsh7th/cmp-nvim-lsp";
+ flake = false;
+ };
+ cmp-buffer-src = {
+ url = "github:hrsh7th/cmp-buffer";
+ flake = false;
+ };
+ plenary-nvim-src = {
+ url = "github:nvim-lua/plenary.nvim";
+ flake = false;
+ };
+ null-ls-nvim-src = {
+ url = "github:jose-elias-alvarez/null-ls.nvim";
+ flake = false;
+ };
+ vim-surround-src = {
+ url = "github:tpope/vim-surround";
+ flake = false;
+ };
+ vim-repeat-src = {
+ url = "github:tpope/vim-repeat";
+ flake = false;
+ };
+ Comment-nvim-src = {
+ url = "github:numToStr/Comment.nvim";
+ flake = false;
+ };
+ impatient-nvim-src = {
+ url = "github:lewis6991/impatient.nvim";
+ flake = false;
+ };
+ nvim-treesitter-src = {
+ url = "github:nvim-treesitter/nvim-treesitter";
+ flake = false;
+ };
+ telescope-nvim-src = {
+ url = "github:nvim-telescope/telescope.nvim";
+ flake = false;
+ };
+ telescope-project-nvim-src = {
+ url = "github:nvim-telescope/telescope-project.nvim";
+ flake = false;
+ };
+ toggleterm-nvim-src = {
+ url = "github:akinsho/toggleterm.nvim";
+ flake = false;
+ };
+ gitsigns-nvim-src = {
+ url = "github:lewis6991/gitsigns.nvim";
+ flake = false;
+ };
+ lualine-nvim-src = {
+ url = "github:hoob3rt/lualine.nvim";
+ flake = false;
+ };
+ nvim-web-devicons-src = {
+ url = "github:kyazdani42/nvim-web-devicons";
+ flake = false;
+ };
+ bufferline-nvim-src = {
+ url = "github:akinsho/bufferline.nvim";
+ flake = false;
+ };
+ vim-bbye-src = {
+ url = "github:moll/vim-bbye";
+ flake = false;
+ };
+ nvim-tree-lua-src = {
+ url = "github:kyazdani42/nvim-tree.lua";
+ flake = false;
+ };
+
};
outputs = { self, nixpkgs, ... }@inputs:
@@ -86,10 +173,23 @@
};
# Package servers into images with a generator
- packages.aws = nixpkgs.lib.genAttrs [ "x86_64-linux" "aarch64-linux" ]
- (system: {
+ packages = forAllSystems (system: {
+
+ aws = {
"${system}" = import ./hosts/aws { inherit inputs globals system; };
- });
+ };
+
+ neovim = let
+ pkgs = import nixpkgs {
+ inherit system;
+ overlays = [
+ (import ./modules/neovim/plugins-overlay.nix inputs)
+ inputs.nix2vim.overlay
+ ];
+ };
+ in pkgs.neovimBuilder { package = pkgs.neovim-unwrapped; };
+
+ });
apps = forAllSystems (system:
let pkgs = import nixpkgs { inherit system; };
diff --git a/modules/neovim/plugins-overlay.nix b/modules/neovim/plugins-overlay.nix
new file mode 100644
index 0000000..5296426
--- /dev/null
+++ b/modules/neovim/plugins-overlay.nix
@@ -0,0 +1,53 @@
+# Adopted from here: https://github.com/DieracDelta/vimconfig/blob/801b62dd56cfee59574639904a6c95b525725f66/plugins.nix
+
+inputs: final: prev:
+
+let
+
+ # Use nixpkgs vimPlugin but with source directly from plugin author
+ withSrc = pkg: src: pkg.overrideAttrs (_: { inherit src; });
+
+ # Package plugin
+ plugin = pname: src:
+ prev.vimUtils.buildVimPluginFrom2Nix {
+ inherit pname src;
+ version = "master";
+ };
+
+in {
+
+ nil = inputs.nil.packages.${prev.system}.nil;
+
+ nvim-lspconfig =
+ (withSrc prev.vimPlugins.nvim-lspconfig inputs.nvim-lspconfig);
+ cmp-nvim-lsp = (withSrc prev.vimPlugins.cmp-nvim-lsp inputs.cmp-nvim-lsp);
+ cmp-buffer = (withSrc prev.vimPlugins.cmp-buffer inputs.cmp-buffer);
+ plenary-nvim = (withSrc prev.vimPlugins.plenary-nvim inputs.plenary-nvim);
+ null-ls-nvim = (withSrc prev.vimPlugins.null-ls-nvim inputs.null-ls-nvim);
+ vim-surround = (withSrc prev.vimPlugins.vim-surround inputs.vim-surround);
+ vim-repeat = (withSrc prev.vimPlugins.vim-repeat inputs.vim-repeat);
+ comment-nvim = (withSrc prev.vimPlugins.comment-nvim inputs.comment-nvim);
+ impatient-nvim =
+ (withSrc prev.vimPlugins.impatient-nvim inputs.impatient-nvim);
+ nvim-treesitter =
+ (withSrc prev.vimPlugins.nvim-treesitter inputs.nvim-treesitter);
+ telescope-nvim =
+ (withSrc prev.vimPlugins.telescope-nvim inputs.telescope-nvim);
+ telescope-project-nvim = (withSrc prev.vimPlugins.telescope-project-nvim
+ inputs.telescope-project-nvim);
+ toggleterm-nvim =
+ (withSrc prev.vimPlugins.toggleterm-nvim inputs.toggleterm-nvim);
+ gitsigns-nvim = (withSrc prev.vimPlugins.gitsigns-nvim inputs.gitsigns-nvim);
+ lualine-nvim = (withSrc prev.vimPlugins.lualine-nvim inputs.lualine-nvim);
+ nvim-web-devicons =
+ (withSrc prev.vimPlugins.nvim-web-devicons inputs.nvim-web-devicons);
+ bufferline-nvim =
+ (withSrc prev.vimPlugins.bufferline-nvim inputs.bufferline-nvim);
+ vim-bbye = (withSrc prev.vimPlugins.vim-bbye inputs.vim-bbye);
+ nvim-tree-lua = (withSrc prev.vimPlugins.nvim-tree-lua inputs.nvim-tree-lua);
+
+ # Packaging plugins with Nix
+ # comment-nvim = plugin "comment-nvim" comment-nvim-src;
+ # plenary-nvim = plugin "plenary-nvim" plenary-nvim-src;
+
+}
From dc00ef26b51dec80a7482134b268f34226216824 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sun, 27 Nov 2022 13:08:33 -0700
Subject: [PATCH 128/391] some working stuff
---
flake.nix | 50 ++++++++++++++++++++++++++++-
modules/neovim/plugins/gitsigns.lua | 35 ++++++++++++++++++++
modules/neovim/plugins/gitsigns.nix | 7 ++++
modules/neovim/plugins/misc.nix | 17 ++++++++++
4 files changed, 108 insertions(+), 1 deletion(-)
create mode 100644 modules/neovim/plugins/gitsigns.lua
create mode 100644 modules/neovim/plugins/gitsigns.nix
create mode 100644 modules/neovim/plugins/misc.nix
diff --git a/flake.nix b/flake.nix
index 6cc5f03..99db524 100644
--- a/flake.nix
+++ b/flake.nix
@@ -187,7 +187,55 @@
inputs.nix2vim.overlay
];
};
- in pkgs.neovimBuilder { package = pkgs.neovim-unwrapped; };
+ in pkgs.neovimBuilder {
+ package = pkgs.neovim-unwrapped;
+ imports = [
+ ./modules/neovim/plugins/gitsigns.nix
+ ./modules/neovim/plugins/misc.nix
+ # ({ pkgs, dsl, ... }:
+ # # with dsl;
+ # {
+ # plugins = [ pkgs.vimPlugins.gitsigns-nvim ];
+ # setup.gitsigns = { };
+ # lua = ''
+ # vim.keymap.set("", "", "", { silent = true })
+ # vim.g.mapleader = " "
+ # vim.g.maplocalleader = " "
+ # local gitsigns = require("gitsigns")
+ # vim.keymap.set("n", "gB", gitsigns.blame_line)
+ # vim.keymap.set("n", "gp", gitsigns.preview_hunk)
+ # vim.keymap.set("v", "gp", gitsigns.preview_hunk)
+ # vim.keymap.set("n", "gd", gitsigns.diffthis)
+ # vim.keymap.set("v", "gd", gitsigns.diffthis)
+ # vim.keymap.set("n", "rgf", gitsigns.reset_buffer)
+ # vim.keymap.set("v", "hs", gitsigns.stage_hunk)
+ # vim.keymap.set("v", "hr", gitsigns.reset_hunk)
+ # vim.keymap.set("v", "hr", gitsigns.reset_hunk)
+ #
+ # -- Navigation
+ # vim.keymap.set("n", "]g", function()
+ # if vim.wo.diff then
+ # return "]g"
+ # end
+ # vim.schedule(function()
+ # gitsigns.next_hunk()
+ # end)
+ # return ""
+ # end, { expr = true })
+ #
+ # vim.keymap.set("n", "[g", function()
+ # if vim.wo.diff then
+ # return "[g"
+ # end
+ # vim.schedule(function()
+ # gitsigns.prev_hunk()
+ # end)
+ # return ""
+ # end, { expr = true })
+ # '';
+ # })
+ ];
+ };
});
diff --git a/modules/neovim/plugins/gitsigns.lua b/modules/neovim/plugins/gitsigns.lua
new file mode 100644
index 0000000..d38efe9
--- /dev/null
+++ b/modules/neovim/plugins/gitsigns.lua
@@ -0,0 +1,35 @@
+vim.keymap.set("", "", "", { silent = true })
+vim.g.mapleader = " "
+vim.g.maplocalleader = " "
+
+local gitsigns = require("gitsigns")
+vim.keymap.set("n", "gB", gitsigns.blame_line)
+vim.keymap.set("n", "gp", gitsigns.preview_hunk)
+vim.keymap.set("v", "gp", gitsigns.preview_hunk)
+vim.keymap.set("n", "gd", gitsigns.diffthis)
+vim.keymap.set("v", "gd", gitsigns.diffthis)
+vim.keymap.set("n", "rgf", gitsigns.reset_buffer)
+vim.keymap.set("v", "hs", gitsigns.stage_hunk)
+vim.keymap.set("v", "hr", gitsigns.reset_hunk)
+vim.keymap.set("v", "hr", gitsigns.reset_hunk)
+
+-- Navigation
+vim.keymap.set("n", "]g", function()
+ if vim.wo.diff then
+ return "]g"
+ end
+ vim.schedule(function()
+ gitsigns.next_hunk()
+ end)
+ return ""
+end, { expr = true })
+
+vim.keymap.set("n", "[g", function()
+ if vim.wo.diff then
+ return "[g"
+ end
+ vim.schedule(function()
+ gitsigns.prev_hunk()
+ end)
+ return ""
+end, { expr = true })
diff --git a/modules/neovim/plugins/gitsigns.nix b/modules/neovim/plugins/gitsigns.nix
new file mode 100644
index 0000000..3e64083
--- /dev/null
+++ b/modules/neovim/plugins/gitsigns.nix
@@ -0,0 +1,7 @@
+{ pkgs, dsl, ... }:
+# with dsl;
+{
+ plugins = [ pkgs.vimPlugins.gitsigns-nvim ];
+ setup.gitsigns = { };
+ lua = builtins.readFile ./gitsigns.lua;
+}
diff --git a/modules/neovim/plugins/misc.nix b/modules/neovim/plugins/misc.nix
new file mode 100644
index 0000000..154d179
--- /dev/null
+++ b/modules/neovim/plugins/misc.nix
@@ -0,0 +1,17 @@
+{ pkgs, dsl, ... }:
+# with dsl;
+{
+ plugins = [
+ pkgs.vimPlugins.vim-surround
+ pkgs.vimPlugins.vim-eunuch
+ pkgs.vimPlugins.vim-vinegar
+ pkgs.vimPlugins.vim-fugitive
+ pkgs.vimPlugins.vim-repeat
+ pkgs.vimPlugins.comment-nvim
+ ];
+ setup.Comment = { };
+ lua = ''
+ ${builtins.readFile ../lua/keybinds.lua};
+ ${builtins.readFile ../lua/settings.lua};
+ '';
+}
From bb200016cbc900362ec31f64d30a27fc21a4dc59 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sun, 27 Nov 2022 13:09:34 -0700
Subject: [PATCH 129/391] note about necessary plugins
---
neovim-plugins.md | 64 +++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 64 insertions(+)
create mode 100644 neovim-plugins.md
diff --git a/neovim-plugins.md b/neovim-plugins.md
new file mode 100644
index 0000000..c35f1a9
--- /dev/null
+++ b/neovim-plugins.md
@@ -0,0 +1,64 @@
+# Neovim Plugins
+
+## Must-haves
+
+- neovim/nvim-lspconfig: enable LSP
+- hrsh7th/cmp-nvim-lsp: connect LSP to nvim-cmp
+- hrsh7th/cmp-buffer: completion from current buffer
+- nvim-lua/plenary.nvim: utility functions for other plugins
+- jose-elias-alvarez/null-ls.nvim: auto-trigger linting, formatting
+- tpope/vim-surround: surround shortcuts
+- tpope/vim-repeat: better repeat with .
+- numToStr/Comment.nvim: smart comment shortcut
+- lewis6991/impatient.nvim: faster start time
+- nvim-treesitter/nvim-treesitter: language parsers
+- nvim-telescope/telescope.nvim: fuzzy finder
+- nvim-telescope/telescope-project.nvim: jump projects
+- akinsho/toggleterm.nvim: embedded floating terminal
+- lewis6991/gitsigns.nvim: git in sidebar
+- hoob3rt/lualine.nvim: status bar
+- kyazdani42/nvim-web-devicons: icons in status bar
+- akinsho/bufferline.nvim: tab view for buffers
+- moll/vim-bbye: fixes for buffer closing
+- kyazdani42/nvim-tree.lua: better sidebar explorer
+
+## Optional
+
+- hrsh7th/cmp-path: completion of file path
+- hrsh7th/cmp-cmdline: completion of shell commands
+- hrsh7th/cmp-nvim-lua: completion of neovim commands
+- L3MON4D3/LuaSnip: snippet engine
+- saadparwaiz1/cmp_luasnip: completion of luasnip snippets
+- lukas-reineke/cmp-rg: completion of ripgrep search
+- rafamadriz/friendly-snippets: pre-generated snippets
+- folke/lsp-colors.nvim: LSP error highlights
+- tpope/vim-eunuch: file manipulation
+- tpope/vim-vinegar: better netrw file explorer
+- tpope/vim-fugitive: git commands
+- godlygeek/tabular: alignment commands
+- jakewvincent/mkdnflow.nvim: markdown notes
+- nvim-treesitter/nvim-treesitter-textobjects: syntax-aware textobjects
+- chr4/nginx.vim: nginx syntax
+- towolf/vim-helm: helm syntax
+- rodjek/vim-puppet: puppet syntax
+- nvim-telescope/telescope-fzy-native.nvim: faster sorting
+- jvgrootveld/telescope-zoxide: jump directories
+- nvim-telescope/telescope-file-browser.nvim: view files
+- ellisonleao/glow.nvim: view markdown with glow
+- norcalli/nvim-colorizer.lua: preview hex colors
+
+# Other Tools
+
+- git
+- stylua
+- black
+- flake8
+- fish_indent
+- nixfmt
+- rustfmt
+- shellcheck
+- shfmt
+- terraform
+- luacheck
+- markdownlint
+- pylint
From 13e5b9ddc5e83b35242aa25451be652913ca303b Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sun, 27 Nov 2022 13:10:01 -0700
Subject: [PATCH 130/391] brewfile syntax no longer needed
---
modules/neovim/lua/packer/syntax.lua | 1 -
1 file changed, 1 deletion(-)
diff --git a/modules/neovim/lua/packer/syntax.lua b/modules/neovim/lua/packer/syntax.lua
index 434c137..1a28bc7 100644
--- a/modules/neovim/lua/packer/syntax.lua
+++ b/modules/neovim/lua/packer/syntax.lua
@@ -64,7 +64,6 @@ M.packer = function(use)
})
-- Additional syntax sources
- use("bfontaine/Brewfile.vim") --- Brewfile syntax
use("chr4/nginx.vim") --- Nginx syntax
use("towolf/vim-helm") --- Helm syntax
use("rodjek/vim-puppet") --- Puppet syntax
From d86534727e17cd0def712ffb02d8c24db926f391 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sun, 27 Nov 2022 13:10:22 -0700
Subject: [PATCH 131/391] start of a WIP rebuild app
---
apps/default.nix | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/apps/default.nix b/apps/default.nix
index f0076ff..f390eee 100644
--- a/apps/default.nix
+++ b/apps/default.nix
@@ -8,6 +8,15 @@
# Display the readme for this repository
readme = import ./readme.nix { inherit pkgs; };
+ # Rebuild
+ rebuild = {
+ type = "app";
+ program = builtins.toString (pkgs.writeShellScript "rebuild" ''
+ echo ${pkgs.system}
+ echo ${if pkgs.stdenv.isDarwin then "darwin" else "linux"}
+ '');
+ };
+
# Load the SSH key for this machine
loadkey = import ./loadkey.nix { inherit pkgs; };
From 47a1823af4f9a1545fd80495c31dd305f81345f1 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sun, 27 Nov 2022 17:21:18 -0700
Subject: [PATCH 132/391] more working plugins
---
flake.lock | 103 +++---------------------
flake.nix | 74 ++----------------
modules/neovim/lua/settings.lua | 39 +---------
modules/neovim/plugins-overlay.nix | 8 +-
modules/neovim/plugins/bufferline.nix | 22 ++++++
modules/neovim/plugins/misc.nix | 35 ++++++++-
modules/neovim/plugins/statusline.nix | 9 +++
modules/neovim/plugins/syntax.nix | 52 +++++++++++++
modules/neovim/plugins/telescope.nix | 108 ++++++++++++++++++++++++++
9 files changed, 244 insertions(+), 206 deletions(-)
create mode 100644 modules/neovim/plugins/bufferline.nix
create mode 100644 modules/neovim/plugins/statusline.nix
create mode 100644 modules/neovim/plugins/syntax.nix
create mode 100644 modules/neovim/plugins/telescope.nix
diff --git a/flake.lock b/flake.lock
index d671881..2116ff4 100644
--- a/flake.lock
+++ b/flake.lock
@@ -202,22 +202,6 @@
"type": "github"
}
},
- "impatient-nvim-src": {
- "flake": false,
- "locked": {
- "lastModified": 1668271823,
- "narHash": "sha256-tsdTHbUC0kYOGonJ1TLIsHnv/RgWGTqHKY3xVj80mxM=",
- "owner": "lewis6991",
- "repo": "impatient.nvim",
- "rev": "d3dd30ff0b811756e735eb9020609fa315bfbbcc",
- "type": "github"
- },
- "original": {
- "owner": "lewis6991",
- "repo": "impatient.nvim",
- "type": "github"
- }
- },
"lualine-nvim-src": {
"flake": false,
"locked": {
@@ -453,38 +437,6 @@
"type": "github"
}
},
- "nvim-web-devicons-src": {
- "flake": false,
- "locked": {
- "lastModified": 1669423115,
- "narHash": "sha256-Wyd4HnV+aQrh4Z2KdwCdi84glzIbQt8/y7NRGf67hcw=",
- "owner": "kyazdani42",
- "repo": "nvim-web-devicons",
- "rev": "189ad3790d57c548896a78522fd8b0d0fc11be31",
- "type": "github"
- },
- "original": {
- "owner": "kyazdani42",
- "repo": "nvim-web-devicons",
- "type": "github"
- }
- },
- "plenary-nvim-src": {
- "flake": false,
- "locked": {
- "lastModified": 1664607953,
- "narHash": "sha256-lIdBrVpi+vUudeotjFAuw4C0VT8TPoFE9cVVAQEsAYU=",
- "owner": "nvim-lua",
- "repo": "plenary.nvim",
- "rev": "4b7e52044bbb84242158d977a50c4cbcd85070c7",
- "type": "github"
- },
- "original": {
- "owner": "nvim-lua",
- "repo": "plenary.nvim",
- "type": "github"
- }
- },
"root": {
"inputs": {
"Comment-nvim-src": "Comment-nvim-src",
@@ -495,7 +447,6 @@
"firefox-darwin": "firefox-darwin",
"gitsigns-nvim-src": "gitsigns-nvim-src",
"home-manager": "home-manager",
- "impatient-nvim-src": "impatient-nvim-src",
"lualine-nvim-src": "lualine-nvim-src",
"nil": "nil",
"nix2vim": "nix2vim",
@@ -506,14 +457,10 @@
"nvim-lspconfig-src": "nvim-lspconfig-src",
"nvim-tree-lua-src": "nvim-tree-lua-src",
"nvim-treesitter-src": "nvim-treesitter-src",
- "nvim-web-devicons-src": "nvim-web-devicons-src",
- "plenary-nvim-src": "plenary-nvim-src",
"telescope-nvim-src": "telescope-nvim-src",
"telescope-project-nvim-src": "telescope-project-nvim-src",
"toggleterm-nvim-src": "toggleterm-nvim-src",
- "vim-bbye-src": "vim-bbye-src",
- "vim-repeat-src": "vim-repeat-src",
- "vim-surround-src": "vim-surround-src",
+ "vim-matchup-src": "vim-matchup-src",
"wallpapers": "wallpapers",
"wsl": "wsl"
}
@@ -606,51 +553,19 @@
"type": "github"
}
},
- "vim-bbye-src": {
+ "vim-matchup-src": {
"flake": false,
"locked": {
- "lastModified": 1520078493,
- "narHash": "sha256-xJMZQ/27TgwAnvPVH1fjF6SLOA9jvXmbfcwV0NZ1kTY=",
- "owner": "moll",
- "repo": "vim-bbye",
- "rev": "25ef93ac5a87526111f43e5110675032dbcacf56",
+ "lastModified": 1668349349,
+ "narHash": "sha256-Btpninxq1B7/iIsn106hvPx1v5BPyLwADd2YcmliEZw=",
+ "owner": "andymass",
+ "repo": "vim-matchup",
+ "rev": "55e3330436784fb8ccc35a5cfeb13e48bab9dcd2",
"type": "github"
},
"original": {
- "owner": "moll",
- "repo": "vim-bbye",
- "type": "github"
- }
- },
- "vim-repeat-src": {
- "flake": false,
- "locked": {
- "lastModified": 1611544268,
- "narHash": "sha256-8rfZa3uKXB3TRCqaDHZ6DfzNbm7WaYnLvmTNzYtnKHg=",
- "owner": "tpope",
- "repo": "vim-repeat",
- "rev": "24afe922e6a05891756ecf331f39a1f6743d3d5a",
- "type": "github"
- },
- "original": {
- "owner": "tpope",
- "repo": "vim-repeat",
- "type": "github"
- }
- },
- "vim-surround-src": {
- "flake": false,
- "locked": {
- "lastModified": 1666730476,
- "narHash": "sha256-DZE5tkmnT+lAvx/RQHaDEgEJXRKsy56KJY919xiH1lE=",
- "owner": "tpope",
- "repo": "vim-surround",
- "rev": "3d188ed2113431cf8dac77be61b842acb64433d9",
- "type": "github"
- },
- "original": {
- "owner": "tpope",
- "repo": "vim-surround",
+ "owner": "andymass",
+ "repo": "vim-matchup",
"type": "github"
}
},
diff --git a/flake.nix b/flake.nix
index 99db524..93cd82f 100644
--- a/flake.nix
+++ b/flake.nix
@@ -63,34 +63,22 @@
url = "github:hrsh7th/cmp-buffer";
flake = false;
};
- plenary-nvim-src = {
- url = "github:nvim-lua/plenary.nvim";
- flake = false;
- };
null-ls-nvim-src = {
url = "github:jose-elias-alvarez/null-ls.nvim";
flake = false;
};
- vim-surround-src = {
- url = "github:tpope/vim-surround";
- flake = false;
- };
- vim-repeat-src = {
- url = "github:tpope/vim-repeat";
- flake = false;
- };
Comment-nvim-src = {
url = "github:numToStr/Comment.nvim";
flake = false;
};
- impatient-nvim-src = {
- url = "github:lewis6991/impatient.nvim";
- flake = false;
- };
nvim-treesitter-src = {
url = "github:nvim-treesitter/nvim-treesitter";
flake = false;
};
+ vim-matchup-src = {
+ url = "github:andymass/vim-matchup";
+ flake = false;
+ };
telescope-nvim-src = {
url = "github:nvim-telescope/telescope.nvim";
flake = false;
@@ -111,18 +99,10 @@
url = "github:hoob3rt/lualine.nvim";
flake = false;
};
- nvim-web-devicons-src = {
- url = "github:kyazdani42/nvim-web-devicons";
- flake = false;
- };
bufferline-nvim-src = {
url = "github:akinsho/bufferline.nvim";
flake = false;
};
- vim-bbye-src = {
- url = "github:moll/vim-bbye";
- flake = false;
- };
nvim-tree-lua-src = {
url = "github:kyazdani42/nvim-tree.lua";
flake = false;
@@ -192,48 +172,10 @@
imports = [
./modules/neovim/plugins/gitsigns.nix
./modules/neovim/plugins/misc.nix
- # ({ pkgs, dsl, ... }:
- # # with dsl;
- # {
- # plugins = [ pkgs.vimPlugins.gitsigns-nvim ];
- # setup.gitsigns = { };
- # lua = ''
- # vim.keymap.set("", "", "", { silent = true })
- # vim.g.mapleader = " "
- # vim.g.maplocalleader = " "
- # local gitsigns = require("gitsigns")
- # vim.keymap.set("n", "gB", gitsigns.blame_line)
- # vim.keymap.set("n", "gp", gitsigns.preview_hunk)
- # vim.keymap.set("v", "gp", gitsigns.preview_hunk)
- # vim.keymap.set("n", "gd", gitsigns.diffthis)
- # vim.keymap.set("v", "gd", gitsigns.diffthis)
- # vim.keymap.set("n", "rgf", gitsigns.reset_buffer)
- # vim.keymap.set("v", "hs", gitsigns.stage_hunk)
- # vim.keymap.set("v", "hr", gitsigns.reset_hunk)
- # vim.keymap.set("v", "hr", gitsigns.reset_hunk)
- #
- # -- Navigation
- # vim.keymap.set("n", "]g", function()
- # if vim.wo.diff then
- # return "]g"
- # end
- # vim.schedule(function()
- # gitsigns.next_hunk()
- # end)
- # return ""
- # end, { expr = true })
- #
- # vim.keymap.set("n", "[g", function()
- # if vim.wo.diff then
- # return "[g"
- # end
- # vim.schedule(function()
- # gitsigns.prev_hunk()
- # end)
- # return ""
- # end, { expr = true })
- # '';
- # })
+ ./modules/neovim/plugins/syntax.nix
+ ./modules/neovim/plugins/statusline.nix
+ ./modules/neovim/plugins/bufferline.nix
+ ./modules/neovim/plugins/telescope.nix
];
};
diff --git a/modules/neovim/lua/settings.lua b/modules/neovim/lua/settings.lua
index b54e05a..ef447f7 100644
--- a/modules/neovim/lua/settings.lua
+++ b/modules/neovim/lua/settings.lua
@@ -2,42 +2,11 @@
-- Settings
-- ===========================================================================
-vim.o.termguicolors = true --- Set to truecolor
-vim.o.hidden = true --- Don't unload buffers when leaving them
-vim.wo.number = true --- Show line numbers
-vim.wo.relativenumber = true --- Relative numbers instead of absolute
-vim.o.list = true --- Reveal whitespace with dashes
-vim.o.expandtab = true --- Tabs into spaces
-vim.o.shiftwidth = 4 --- Amount to shift with > key
-vim.o.softtabstop = 4 --- Amount to shift with key
-vim.o.ignorecase = true --- Ignore case when searching
-vim.o.smartcase = true --- Check case when using capitals in search
-vim.o.infercase = true --- Don't match cases when completing suggestions
-vim.o.incsearch = true --- Search while typing
-vim.o.visualbell = true --- No sounds
-vim.o.scrolljump = 1 --- Number of lines to scroll
-vim.o.scrolloff = 3 --- Margin of lines to see while scrolling
-vim.o.splitright = true --- Vertical splits on the right side
-vim.o.splitbelow = true --- Horizontal splits on the bottom side
-vim.o.pastetoggle = "" --- Use F3 to enter raw paste mode
-vim.o.clipboard = "unnamedplus" --- Uses system clipboard for yanking
-vim.o.updatetime = 300 --- Faster diagnostics
-vim.o.mouse = "nv" --- Mouse interaction / scrolling
-
--- Neovim features
-vim.o.inccommand = "split" --- Live preview search and replace
---- Required for nvim-cmp completion
-vim.opt.completeopt = {
- "menu",
- "menuone",
- "noselect",
-}
-
-- Remember last position when reopening file
vim.api.nvim_exec(
[[
au BufReadPost * if line("'\"") > 0 && line("'\"") <= line("$") | exe "normal! g`\"" | endif
-]],
+]] ,
false
)
@@ -54,7 +23,7 @@ vim.api.nvim_exec(
if !isdirectory(&backupdir)
call mkdir(&backupdir, "p")
endif
-]],
+]] ,
false
)
@@ -63,7 +32,7 @@ vim.api.nvim_exec(
[[
au FileType tex inoremap ;bf \textbf{}i
au BufWritePost *.tex silent! execute "!pdflatex -output-directory=%:p:h % >/dev/null 2>&1" | redraw!
-]],
+]] ,
false
)
@@ -71,7 +40,7 @@ vim.api.nvim_exec(
vim.api.nvim_exec(
[[
au TextYankPost * silent! lua vim.highlight.on_yank { timeout = 250 }
-]],
+]] ,
false
)
diff --git a/modules/neovim/plugins-overlay.nix b/modules/neovim/plugins-overlay.nix
index 5296426..274ad5b 100644
--- a/modules/neovim/plugins-overlay.nix
+++ b/modules/neovim/plugins-overlay.nix
@@ -24,13 +24,10 @@ in {
cmp-buffer = (withSrc prev.vimPlugins.cmp-buffer inputs.cmp-buffer);
plenary-nvim = (withSrc prev.vimPlugins.plenary-nvim inputs.plenary-nvim);
null-ls-nvim = (withSrc prev.vimPlugins.null-ls-nvim inputs.null-ls-nvim);
- vim-surround = (withSrc prev.vimPlugins.vim-surround inputs.vim-surround);
- vim-repeat = (withSrc prev.vimPlugins.vim-repeat inputs.vim-repeat);
comment-nvim = (withSrc prev.vimPlugins.comment-nvim inputs.comment-nvim);
- impatient-nvim =
- (withSrc prev.vimPlugins.impatient-nvim inputs.impatient-nvim);
nvim-treesitter =
(withSrc prev.vimPlugins.nvim-treesitter inputs.nvim-treesitter);
+ vim-matchup = (withSrc prev.vimPlugins.vim-matchup inputs.vim-matchup);
telescope-nvim =
(withSrc prev.vimPlugins.telescope-nvim inputs.telescope-nvim);
telescope-project-nvim = (withSrc prev.vimPlugins.telescope-project-nvim
@@ -39,11 +36,8 @@ in {
(withSrc prev.vimPlugins.toggleterm-nvim inputs.toggleterm-nvim);
gitsigns-nvim = (withSrc prev.vimPlugins.gitsigns-nvim inputs.gitsigns-nvim);
lualine-nvim = (withSrc prev.vimPlugins.lualine-nvim inputs.lualine-nvim);
- nvim-web-devicons =
- (withSrc prev.vimPlugins.nvim-web-devicons inputs.nvim-web-devicons);
bufferline-nvim =
(withSrc prev.vimPlugins.bufferline-nvim inputs.bufferline-nvim);
- vim-bbye = (withSrc prev.vimPlugins.vim-bbye inputs.vim-bbye);
nvim-tree-lua = (withSrc prev.vimPlugins.nvim-tree-lua inputs.nvim-tree-lua);
# Packaging plugins with Nix
diff --git a/modules/neovim/plugins/bufferline.nix b/modules/neovim/plugins/bufferline.nix
new file mode 100644
index 0000000..73a6514
--- /dev/null
+++ b/modules/neovim/plugins/bufferline.nix
@@ -0,0 +1,22 @@
+{ pkgs, ... }: {
+ plugins = [
+ pkgs.vimPlugins.bufferline-nvim
+ pkgs.vimPlugins.vim-bbye # Better closing of buffers
+ ];
+ setup.bufferline = {
+ options = {
+ diagnostics = "nvim_lsp";
+ always_show_bufferline = false;
+ separator_style = "slant";
+ offsets = [{ filetype = "NvimTree"; }];
+ };
+ };
+ lua = ''
+ -- Move buffers
+ vim.keymap.set("n", "L", ":BufferLineCycleNext", { silent = true })
+ vim.keymap.set("n", "H", ":BufferLineCyclePrev", { silent = true })
+
+ -- Kill buffer
+ vim.keymap.set("n", "x", " :Bdelete", { silent = true })
+ '';
+}
diff --git a/modules/neovim/plugins/misc.nix b/modules/neovim/plugins/misc.nix
index 154d179..3223e7e 100644
--- a/modules/neovim/plugins/misc.nix
+++ b/modules/neovim/plugins/misc.nix
@@ -1,6 +1,4 @@
-{ pkgs, dsl, ... }:
-# with dsl;
-{
+{ pkgs, lib, ... }: {
plugins = [
pkgs.vimPlugins.vim-surround
pkgs.vimPlugins.vim-eunuch
@@ -8,9 +6,38 @@
pkgs.vimPlugins.vim-fugitive
pkgs.vimPlugins.vim-repeat
pkgs.vimPlugins.comment-nvim
+ pkgs.vimPlugins.impatient-nvim
];
setup.Comment = { };
- lua = ''
+
+ vim.o.termguicolors = true; # Set to truecolor
+ vim.o.hidden = true; # Don't unload buffers when leaving them
+ vim.wo.number = true; # Show line numbers
+ vim.wo.relativenumber = true; # Relative numbers instead of absolute
+ vim.o.list = true; # Reveal whitespace with dashes
+ vim.o.expandtab = true; # Tabs into spaces
+ vim.o.shiftwidth = 4; # Amount to shift with > key
+ vim.o.softtabstop = 4; # Amount to shift with key
+ vim.o.ignorecase = true; # Ignore case when searching
+ vim.o.smartcase = true; # Check case when using capitals in search
+ vim.o.infercase = true; # Don't match cases when completing suggestions
+ vim.o.incsearch = true; # Search while typing
+ vim.o.visualbell = true; # No sounds
+ vim.o.scrolljump = 1; # Number of lines to scroll
+ vim.o.scrolloff = 3; # Margin of lines to see while scrolling
+ vim.o.splitright = true; # Vertical splits on the right side
+ vim.o.splitbelow = true; # Horizontal splits on the bottom side
+ vim.o.pastetoggle = ""; # Use F3 to enter raw paste mode
+ vim.o.clipboard = "unnamedplus"; # Uses system clipboard for yanking
+ vim.o.updatetime = 300; # Faster diagnostics
+ vim.o.mouse = "nv"; # Mouse interaction / scrolling
+ vim.o.inccommand = "split"; # Live preview search and replace
+
+ # Required for nvim-cmp completion
+ vim.opt.completeopt = [ "menu" "menuone" "noselect" ];
+
+ lua = lib.mkBefore ''
+ require("impatient")
${builtins.readFile ../lua/keybinds.lua};
${builtins.readFile ../lua/settings.lua};
'';
diff --git a/modules/neovim/plugins/statusline.nix b/modules/neovim/plugins/statusline.nix
new file mode 100644
index 0000000..96c8bf7
--- /dev/null
+++ b/modules/neovim/plugins/statusline.nix
@@ -0,0 +1,9 @@
+{ pkgs, ... }: {
+ plugins = [ pkgs.vimPlugins.lualine-nvim ];
+ setup.lualine = {
+ options = {
+ theme = "gruvbox";
+ icons_enabled = true;
+ };
+ };
+}
diff --git a/modules/neovim/plugins/syntax.nix b/modules/neovim/plugins/syntax.nix
new file mode 100644
index 0000000..0f223e5
--- /dev/null
+++ b/modules/neovim/plugins/syntax.nix
@@ -0,0 +1,52 @@
+{ pkgs, ... }: {
+
+ plugins = [
+ (pkgs.vimPlugins.nvim-treesitter.withPlugins (plugins:
+ with pkgs.tree-sitter-grammars; [
+ tree-sitter-hcl
+ tree-sitter-python
+ tree-sitter-lua
+ tree-sitter-nix
+ tree-sitter-fish
+ tree-sitter-toml
+ tree-sitter-yaml
+ tree-sitter-json
+ ]))
+ pkgs.vimPlugins.vim-matchup # Better % jumping in languages
+ pkgs.vimPlugins.nginx-vim
+ pkgs.vimPlugins.vim-helm
+ pkgs.vimPlugins.vim-puppet
+ ];
+
+ setup."nvim-treesitter.configs" = {
+ highlight = { enable = true; };
+ indent = { enable = true; };
+
+ textobjects = {
+ select = {
+ enable = true;
+ lookahead = true; # Jump forward automatically
+
+ keymaps = {
+ "['af']" = "@function.outer";
+ "['if']" = "@function.inner";
+ "['ac']" = "@class.outer";
+ "['ic']" = "@class.inner";
+ "['al']" = "@loop.outer";
+ "['il']" = "@loop.inner";
+ "['aa']" = "@call.outer";
+ "['ia']" = "@call.inner";
+ "['ar']" = "@parameter.outer";
+ "['ir']" = "@parameter.inner";
+ "['aC']" = "@comment.outer";
+ "['iC']" = "@comment.outer";
+ "['a/']" = "@comment.outer";
+ "['i/']" = "@comment.outer";
+ "['a;']" = "@statement.outer";
+ "['i;']" = "@statement.outer";
+ };
+ };
+ };
+ };
+
+}
diff --git a/modules/neovim/plugins/telescope.nix b/modules/neovim/plugins/telescope.nix
new file mode 100644
index 0000000..7fad646
--- /dev/null
+++ b/modules/neovim/plugins/telescope.nix
@@ -0,0 +1,108 @@
+{ pkgs, dsl, ... }:
+
+with dsl;
+
+{
+
+ plugins = [
+ pkgs.vimPlugins.telescope-nvim
+ pkgs.vimPlugins.telescope-project-nvim
+ pkgs.vimPlugins.telescope-fzy-native-nvim
+ pkgs.vimPlugins.telescope-file-browser-nvim
+ pkgs.vimPlugins.telescope-zoxide
+ ];
+
+ setup.telescope = {
+ defaults = {
+ mappings = {
+ i = {
+ "['']" = rawLua "require('telescope.actions').close";
+ "['']" = "which_key";
+ };
+ };
+ };
+ pickers = {
+ find_files = { theme = "ivy"; };
+ oldfiles = { theme = "ivy"; };
+ buffers = { theme = "dropdown"; };
+ };
+ extensions = {
+ fzy_native = { };
+ zoxide = { };
+ project = { base_dirs = [ "~/dev" ]; };
+ };
+ };
+
+ lua = ''
+ local telescope = require("telescope.builtin")
+ vim.keymap.set("n", "k", telescope.keymaps)
+ vim.keymap.set("n", "/", telescope.live_grep)
+ vim.keymap.set("n", "ff", telescope.find_files)
+ vim.keymap.set("n", "fp", telescope.git_files)
+ vim.keymap.set("n", "fw", telescope.grep_string)
+ vim.keymap.set("n", "b", telescope.buffers)
+ vim.keymap.set("n", "hh", telescope.help_tags)
+ vim.keymap.set("n", "fr", telescope.oldfiles)
+ vim.keymap.set("n", "cc", telescope.commands)
+ vim.keymap.set("n", "gc", telescope.git_commits)
+ vim.keymap.set("n", "gf", telescope.git_bcommits)
+ vim.keymap.set("n", "gb", telescope.git_branches)
+ vim.keymap.set("n", "gs", telescope.git_status)
+ vim.keymap.set("n", "s", telescope.current_buffer_fuzzy_find)
+
+ vim.keymap.set("n", "N", function()
+ local opts = {
+ prompt_title = "Search Notes",
+ cwd = "$NOTES_PATH",
+ }
+ telescope.live_grep(opts)
+ end)
+
+ vim.keymap.set("n", "fN", function()
+ local opts = {
+ prompt_title = "Find Notes",
+ cwd = "$NOTES_PATH",
+ }
+ telescope.find_files(opts)
+ end)
+
+ vim.keymap.set("n", "cr", function()
+ local opts = require("telescope.themes").get_ivy({
+ layout_config = {
+ bottom_pane = {
+ height = 15,
+ },
+ },
+ })
+ telescope.command_history(opts)
+ end)
+
+ -- zoxide
+ vim.keymap.set("n", "fz", require("telescope").extensions.zoxide.list)
+
+ -- project
+ require("telescope").load_extension("project")
+ vim.keymap.set("n", "", function()
+ local opts = require("telescope.themes").get_ivy({
+ layout_config = {
+ bottom_pane = {
+ height = 10,
+ },
+ },
+ })
+ require("telescope").extensions.project.project(opts)
+ end)
+
+ -- file browser
+ require("telescope").load_extension("file_browser")
+ vim.keymap.set("n", "fa", require("telescope").extensions.file_browser.file_browser)
+ vim.keymap.set("n", "fD", function()
+ local opts = {
+ prompt_title = "Find Downloads",
+ cwd = "~/downloads",
+ }
+ require("telescope").extensions.file_browser.file_browser(opts)
+ end)
+ '';
+
+}
From 96c64c4da11ee83bb9bce64a4706afe904530351 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sun, 27 Nov 2022 19:11:41 -0700
Subject: [PATCH 133/391] add lsp to neovim flake
---
flake.nix | 1 +
modules/neovim/lua/settings.lua | 50 +-------------
modules/neovim/plugins/gitsigns.nix | 4 +-
modules/neovim/plugins/lsp.nix | 97 ++++++++++++++++++++++++++++
modules/neovim/plugins/misc.nix | 34 +++++++---
modules/neovim/plugins/telescope.nix | 8 +--
6 files changed, 128 insertions(+), 66 deletions(-)
create mode 100644 modules/neovim/plugins/lsp.nix
diff --git a/flake.nix b/flake.nix
index 93cd82f..f4d25e8 100644
--- a/flake.nix
+++ b/flake.nix
@@ -176,6 +176,7 @@
./modules/neovim/plugins/statusline.nix
./modules/neovim/plugins/bufferline.nix
./modules/neovim/plugins/telescope.nix
+ ./modules/neovim/plugins/lsp.nix
];
};
diff --git a/modules/neovim/lua/settings.lua b/modules/neovim/lua/settings.lua
index ef447f7..a6896c9 100644
--- a/modules/neovim/lua/settings.lua
+++ b/modules/neovim/lua/settings.lua
@@ -2,63 +2,15 @@
-- Settings
-- ===========================================================================
--- Remember last position when reopening file
-vim.api.nvim_exec(
- [[
- au BufReadPost * if line("'\"") > 0 && line("'\"") <= line("$") | exe "normal! g`\"" | endif
-]] ,
- false
-)
-
--- Better backup, swap and undo storage
-vim.o.backup = true --- Easier to recover and more secure
-vim.bo.swapfile = false --- Instead of swaps, create backups
-vim.bo.undofile = true --- Keeps undos after quit
-
--- Create backup directories if they don't exist
--- Should be fixed in 0.6 by https://github.com/neovim/neovim/pull/15433
-vim.o.backupdir = vim.fn.stdpath("cache") .. "/backup"
-vim.api.nvim_exec(
- [[
- if !isdirectory(&backupdir)
- call mkdir(&backupdir, "p")
- endif
-]] ,
- false
-)
-
--- LaTeX options
-vim.api.nvim_exec(
- [[
- au FileType tex inoremap ;bf \textbf{}i
- au BufWritePost *.tex silent! execute "!pdflatex -output-directory=%:p:h % >/dev/null 2>&1" | redraw!
-]] ,
- false
-)
-
--- Highlight when yanking
-vim.api.nvim_exec(
- [[
- au TextYankPost * silent! lua vim.highlight.on_yank { timeout = 250 }
-]] ,
- false
-)
-
vim.filetype.add({
pattern = {
[".*%.tfvars"] = "terraform",
},
})
+
vim.api.nvim_create_autocmd("FileType", {
pattern = "*.eml",
callback = function()
vim.o.wrapmargin = 79 -- Wrap text automatically
end,
})
-
--- Netrw
-vim.g.netrw_liststyle = 3 -- Change style to 'tree' view
-vim.g.netrw_banner = 0 -- Remove useless banner
-vim.g.netrw_winsize = 15 -- Explore window takes % of page
-vim.g.netrw_browse_split = 4 -- Open in previous window
-vim.g.netrw_altv = 1 -- Always split left
diff --git a/modules/neovim/plugins/gitsigns.nix b/modules/neovim/plugins/gitsigns.nix
index 3e64083..06777cf 100644
--- a/modules/neovim/plugins/gitsigns.nix
+++ b/modules/neovim/plugins/gitsigns.nix
@@ -1,6 +1,4 @@
-{ pkgs, dsl, ... }:
-# with dsl;
-{
+{ pkgs, ... }: {
plugins = [ pkgs.vimPlugins.gitsigns-nvim ];
setup.gitsigns = { };
lua = builtins.readFile ./gitsigns.lua;
diff --git a/modules/neovim/plugins/lsp.nix b/modules/neovim/plugins/lsp.nix
new file mode 100644
index 0000000..5f0e5e0
--- /dev/null
+++ b/modules/neovim/plugins/lsp.nix
@@ -0,0 +1,97 @@
+{ pkgs, dsl, ... }: {
+
+ plugins = [
+ pkgs.vimPlugins.nvim-lspconfig
+ pkgs.vimPlugins.lsp-colors-nvim
+ pkgs.vimPlugins.null-ls-nvim
+ ];
+
+ use.lspconfig.sumneko_lua.setup = dsl.callWith {
+ settings = { Lua = { diagnostics = { globals = [ "vim" "hs" ]; }; }; };
+ capabilities = dsl.rawLua "require('cmp_nvim_lsp').default_capabilities()";
+ cmd = [ "${pkgs.sumneko-lua-language-server}/bin/lua-language-server" ];
+ };
+
+ use.lspconfig.nil_ls.setup = dsl.callWith {
+ cmd = [ "${pkgs.nil}/bin/nil" ];
+ capabilities = dsl.rawLua "require('cmp_nvim_lsp').default_capabilities()";
+ };
+
+ use.lspconfig.pyright.setup = dsl.callWith {
+ cmd = [ "${pkgs.pyright}/bin/pyright-langserver" "--stdio" ];
+ };
+
+ use.lspconfig.terraformls.setup =
+ dsl.callWith { cmd = [ "${pkgs.terraform-ls}/bin/terraform-lsp" ]; };
+
+ vim.api.nvim_create_augroup = dsl.callWith [ "LspFormatting" { } ];
+
+ # setup."null-ls" = {
+ # sources = [
+ # (dsl.rawLua
+ # "require('null-ls').builtins.formatting.black.with({ command = ${pkgs.black}/bin/black })")
+ # (dsl.rawLua
+ # "require('null-ls').builtins.formatting.flake8.with({ command = ${pkgs.python310Packages.flake8}/bin/flake8 })")
+ # (dsl.rawLua
+ # "require('null-ls').builtins.formatting.fish_indent.with({ command = ${pkgs.fish}/bin/fish_indent })")
+ # (dsl.rawLua
+ # "require('null-ls').builtins.formatting.nixfmt.with({ command = ${pkgs.nixfmt}/bin/nixfmt })")
+ # (dsl.rawLua
+ # "require('null-ls').builtins.formatting.rustfmt.with({ command = ${pkgs.rustfmt}/bin/rustfmt })")
+ # (dsl.rawLua
+ # "require('null-ls').builtins.diagnostics.shellcheck.with({ command = ${pkgs.shellcheck}/bin/shellcheck })")
+ # (dsl.rawLua ''
+ # require('null-ls').builtins.formatting.shfmt.with(
+ # command = {${pkgs.shfmt}/bin/shfmt },
+ # extra_args = { '-i', '4', '-ci' },
+ # )'')
+ # (dsl.rawLua
+ # "require('null-ls').builtins.formatting.terraform_fmt.with({ command = ${pkgs.terraform}/bin/terraform })")
+ # ];
+ # };
+
+ lua = ''
+ vim.keymap.set("n", "gd", vim.lsp.buf.definition)
+ vim.keymap.set("n", "gT", vim.lsp.buf.type_definition)
+ vim.keymap.set("n", "gi", vim.lsp.buf.implementation)
+ vim.keymap.set("n", "gh", vim.lsp.buf.hover)
+ -- vim.keymap.set("n", "gr", telescope.lsp_references)
+ vim.keymap.set("n", "R", vim.lsp.buf.rename)
+ vim.keymap.set("n", "]e", vim.diagnostic.goto_next)
+ vim.keymap.set("n", "[e", vim.diagnostic.goto_prev)
+ vim.keymap.set("n", "de", vim.diagnostic.open_float)
+ vim.keymap.set("n", "E", vim.lsp.buf.code_action)
+
+
+ require("null-ls").setup({
+ sources = {
+ require('null-ls').builtins.formatting.stylua.with({ command = "${pkgs.stylua}/bin/stylua" }),
+ require('null-ls').builtins.formatting.black.with({ command = "${pkgs.black}/bin/black" }),
+ require('null-ls').builtins.diagnostics.flake8.with({ command = "${pkgs.python310Packages.flake8}/bin/flake8" }),
+ require('null-ls').builtins.formatting.fish_indent.with({ command = "${pkgs.fish}/bin/fish_indent" }),
+ require('null-ls').builtins.formatting.nixfmt.with({ command = "${pkgs.nixfmt}/bin/nixfmt" }),
+ require('null-ls').builtins.formatting.rustfmt.with({ command = "${pkgs.rustfmt}/bin/rustfmt" }),
+ require('null-ls').builtins.diagnostics.shellcheck.with({ command = "${pkgs.shellcheck}/bin/shellcheck" }),
+ require('null-ls').builtins.formatting.shfmt.with({
+ command = "${pkgs.shfmt}/bin/shfmt",
+ extra_args = { '-i', '4', '-ci' },
+ }),
+ require('null-ls').builtins.formatting.terraform_fmt.with({ command = "${pkgs.terraform}/bin/terraform" }),
+ },
+
+ on_attach = function(client, bufnr)
+ if client.supports_method("textDocument/formatting") then
+ vim.api.nvim_clear_autocmds({ group = augroup, buffer = bufnr })
+ vim.api.nvim_create_autocmd("BufWritePre", {
+ group = augroup,
+ buffer = bufnr,
+ callback = function()
+ vim.lsp.buf.format({ bufnr = bufnr })
+ end,
+ })
+ end
+ end
+ })
+ '';
+
+}
diff --git a/modules/neovim/plugins/misc.nix b/modules/neovim/plugins/misc.nix
index 3223e7e..a8f632b 100644
--- a/modules/neovim/plugins/misc.nix
+++ b/modules/neovim/plugins/misc.nix
@@ -1,13 +1,13 @@
-{ pkgs, lib, ... }: {
+{ pkgs, dsl, lib, ... }: {
plugins = [
- pkgs.vimPlugins.vim-surround
- pkgs.vimPlugins.vim-eunuch
- pkgs.vimPlugins.vim-vinegar
- pkgs.vimPlugins.vim-fugitive
- pkgs.vimPlugins.vim-repeat
- pkgs.vimPlugins.comment-nvim
- pkgs.vimPlugins.impatient-nvim
+ pkgs.vimPlugins.vim-surround # Keybinds for surround characters
+ pkgs.vimPlugins.vim-eunuch # File manipulation commands
+ pkgs.vimPlugins.vim-fugitive # Git commands
+ pkgs.vimPlugins.vim-repeat # Better repeat using .
+ pkgs.vimPlugins.comment-nvim # Smart comment commands
+ pkgs.vimPlugins.impatient-nvim # Faster load times
];
+
setup.Comment = { };
vim.o.termguicolors = true; # Set to truecolor
@@ -33,6 +33,12 @@
vim.o.mouse = "nv"; # Mouse interaction / scrolling
vim.o.inccommand = "split"; # Live preview search and replace
+ # Better backup, swap and undo storage
+ vim.o.backup = true; # Easier to recover and more secure
+ vim.bo.swapfile = false; # Instead of swaps, create backups
+ vim.bo.undofile = true; # Keeps undos after quit
+ vim.o.backupdir = dsl.rawLua ''vim.fn.stdpath("cache") .. "/backup"'';
+
# Required for nvim-cmp completion
vim.opt.completeopt = [ "menu" "menuone" "noselect" ];
@@ -41,4 +47,16 @@
${builtins.readFile ../lua/keybinds.lua};
${builtins.readFile ../lua/settings.lua};
'';
+
+ vimscript = ''
+ " Remember last position when reopening file
+ au BufReadPost * if line("'\"") > 0 && line("'\"") <= line("$") | exe "normal! g`\"" | endif
+
+ " LaTeX options
+ au FileType tex inoremap ;bf \textbf{}i
+ au BufWritePost *.tex silent! execute "!pdflatex -output-directory=%:p:h % >/dev/null 2>&1" | redraw!
+
+ " Flash highlight when yanking
+ au TextYankPost * silent! lua vim.highlight.on_yank { timeout = 250 }
+ '';
}
diff --git a/modules/neovim/plugins/telescope.nix b/modules/neovim/plugins/telescope.nix
index 7fad646..efcfe72 100644
--- a/modules/neovim/plugins/telescope.nix
+++ b/modules/neovim/plugins/telescope.nix
@@ -1,8 +1,4 @@
-{ pkgs, dsl, ... }:
-
-with dsl;
-
-{
+{ pkgs, dsl, ... }: {
plugins = [
pkgs.vimPlugins.telescope-nvim
@@ -16,7 +12,7 @@ with dsl;
defaults = {
mappings = {
i = {
- "['']" = rawLua "require('telescope.actions').close";
+ "['']" = dsl.rawLua "require('telescope.actions').close";
"['']" = "which_key";
};
};
From 8b98b8f29d3cf6772cc954a19c07e3b6ff83cc05 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sun, 27 Nov 2022 22:31:17 -0700
Subject: [PATCH 134/391] working completion
---
flake.nix | 1 +
modules/neovim/plugins/completion.nix | 155 ++++++++++++++++++++++++++
2 files changed, 156 insertions(+)
create mode 100644 modules/neovim/plugins/completion.nix
diff --git a/flake.nix b/flake.nix
index f4d25e8..e8f414f 100644
--- a/flake.nix
+++ b/flake.nix
@@ -177,6 +177,7 @@
./modules/neovim/plugins/bufferline.nix
./modules/neovim/plugins/telescope.nix
./modules/neovim/plugins/lsp.nix
+ ./modules/neovim/plugins/completion.nix
];
};
diff --git a/modules/neovim/plugins/completion.nix b/modules/neovim/plugins/completion.nix
new file mode 100644
index 0000000..d38aac5
--- /dev/null
+++ b/modules/neovim/plugins/completion.nix
@@ -0,0 +1,155 @@
+{ pkgs, dsl, ... }: {
+
+ plugins = [
+ pkgs.vimPlugins.cmp-nvim-lsp
+ pkgs.vimPlugins.cmp-buffer
+ pkgs.vimPlugins.cmp-path
+ pkgs.vimPlugins.cmp-cmdline
+ pkgs.vimPlugins.cmp-nvim-lua
+ pkgs.vimPlugins.luasnip
+ pkgs.vimPlugins.cmp_luasnip
+ pkgs.vimPlugins.cmp-rg
+ pkgs.vimPlugins.friendly-snippets
+ ];
+
+ use.cmp.setup = dsl.callWith {
+
+ # Disable in telescope buffers
+ enabled = dsl.rawLua ''
+ function()
+ if vim.bo.buftype == "prompt" then
+ return false
+ end
+ return true
+ end
+ '';
+
+ snippet.expand = dsl.rawLua ''
+ function(args)
+ require("luasnip").lsp_expand(args.body)
+ end
+ '';
+
+ mapping = {
+ "['']" = dsl.rawLua
+ "require('cmp').mapping.select_next_item({ behavior = require('cmp').SelectBehavior.Insert })";
+ "['']" = dsl.rawLua
+ "require('cmp').mapping.select_prev_item({ behavior = require('cmp').SelectBehavior.Insert })";
+ "['']" = dsl.rawLua
+ "require('cmp').mapping.select_next_item({ behavior = require('cmp').SelectBehavior.Select })";
+ "['']" = dsl.rawLua
+ "require('cmp').mapping.select_prev_item({ behavior = require('cmp').SelectBehavior.Select })";
+ "['']" = dsl.rawLua "require('cmp').mapping.scroll_docs(-4)";
+ "['']" = dsl.rawLua "require('cmp').mapping.scroll_docs(4)";
+ "['']" = dsl.rawLua "require('cmp').mapping.abort()";
+ "['']" = dsl.rawLua
+ "require('cmp').mapping.confirm({ behavior = require('cmp').ConfirmBehavior.Replace, select = true, })";
+ "['']" = dsl.rawLua
+ "require('cmp').mapping.confirm({ behavior = require('cmp').ConfirmBehavior.Replace, select = true, })";
+ "['']" = dsl.rawLua ''
+ function(_)
+ cmp.mapping({
+ i = cmp.mapping.abort(),
+ c = cmp.mapping.close(),
+ })
+ vim.cmd("stopinsert") --- Abort and leave insert mode
+ end
+ '';
+ "['