noah/dotfiles
1
0
Fork 0
mirror of https://github.com/nmasur/dotfiles synced 2025-07-07 16:00:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: noah:50e16f94138dee9015b221ba571962beec6c8c16
Branches Tags
noah:master noah:platform noah:home-manager-fix noah:immich-proxy noah:microcode noah:nixd noah:eblume-mole noah:language-checks noah:keyd-2.4.3 noah:sway noah:nixosmodules noah:unfree-predicate-by-pkgs noah:darwin-ssl
noah:pre-platform noah:begin-nixos noah:begin-nix noah:neovim-lua noah:pre-nix noah:legacy
..
compare: noah:nixosmodules
Branches Tags
noah:master noah:platform noah:home-manager-fix noah:immich-proxy noah:microcode noah:nixd noah:eblume-mole noah:language-checks noah:keyd-2.4.3 noah:sway noah:nixosmodules noah:unfree-predicate-by-pkgs noah:darwin-ssl
noah:pre-platform noah:begin-nixos noah:begin-nix noah:neovim-lua noah:pre-nix noah:legacy

1 Commits
50e16f9413 ... nixosmodul

Author SHA1 Message Date
Noah Masur
b0b9827a2e try to configure using nixosModules 
doesn't seem like there's that much benefit?
 2023-07-10 17:56:15 -06:00
154 changed files with 908 additions and 5189 deletions
Expand all files Collapse all files

20
.github/workflows/check.yml vendored
View File

@ -1,20 +0,0 @@
name: Check Build
on:
workflow_dispatch: # allows manual triggering
jobs:
check:
name: Check
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout@v3
- name: Install Nix
uses: DeterminateSystems/nix-installer-action@v4
- name: Check Nixpkgs Inputs
uses: DeterminateSystems/flake-checker-action@v5
- name: Add Nix Cache
uses: DeterminateSystems/magic-nix-cache-action@v2
- name: Check the Flake
run: nix flake check

63
.github/workflows/update.yml vendored
View File

@ -1,63 +0,0 @@
name: Update Flake
on:
workflow_dispatch: # allows manual triggering
schedule:
- cron: '33 3 * * 0' # runs weekly on Sunday at 03:33
permissions:
contents: write
pull-requests: write
checks: write
jobs:
lockfile:
name: Lockfile
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout@v3
- name: Install Nix
uses: DeterminateSystems/nix-installer-action@v4
- name: Check Nixpkgs Inputs
uses: DeterminateSystems/flake-checker-action@v5
- name: Add Nix Cache
uses: DeterminateSystems/magic-nix-cache-action@v2
- name: Update flake.lock
uses: DeterminateSystems/update-flake-lock@v19
id: update
with:
pr-title: "Update flake.lock" # Title of PR to be created
pr-labels: | # Labels to be set on the PR
dependencies
automated
- name: Check the Flake
id: check
run: nix flake check
- name: Update Check Status
uses: LouisBrunner/checks-action@v1.6.1
if: always()
with:
token: ${{ secrets.GITHUB_TOKEN }}
name: Update Flake
conclusion: ${{ job.status }}
output: |
{"summary":"${{ steps.check.outputs.stdout }}"}
- name: Enable Pull Request Automerge
if: success()
run: |
gh pr merge \
--rebase \
--auto \
${{ steps.update.outputs.pull-request-number }}
env:
GH_TOKEN: ${{ github.token }}
- name: Close Pull Request If Failed
if: failure()
run: |
gh pr close \
--comment "Auto-closing pull request" \
--delete-branch \
${{ steps.update.outputs.pull-request-number }}
env:
GH_TOKEN: ${{ github.token }}

16
README.md
View File

@ -43,22 +43,6 @@ configuration may be difficult to translate to a non-Nix system.
---
# Unique Configurations
This repo contains a few atypical choices for configuration.
- [Neovim config](./modules/common/neovim/default.nix) generated with Nix2Vim
and source-controlled plugins, differing from host to host.
- [Caddy JSON](./modules/nixos/services/caddy.nix) file (routes, etc.) based on
dynamic service metadata.
- [Grafana config](./modules/nixos/services/grafana.nix) based on dynamic
service metadata.
- Custom [secrets deployment](./modules/nixos/services/secrets.nix) similar to
agenix.
- Base16 [colorschemes](./colorscheme/) applied to multiple applications.
---
# Installation
Click [here](./docs/installation.md) for detailed installation instructions.

9
apps/README.md
View File

@ -1,9 +0,0 @@
# Apps
These are all my miscellaneous utilies and scripts to accompany this project.
They can be run with:
```
nix run github:nmasur/dotfiles#appname
```

2
apps/encrypt-secret.nix
View File

@ -11,7 +11,7 @@
tmpfile=$(mktemp)
echo "''${secret}" > ''${tmpfile}
${pkgs.age}/bin/age --encrypt --armor --recipients-file ${
builtins.toString ../misc/public-keys
builtins.toString ../public-keys
} $tmpfile
rm $tmpfile
'');

4
apps/installer.nix
View File

@ -17,8 +17,8 @@
--foreground "#fb4934" \
"Missing required parameter." \
"Usage: installer -- <disk> <host>" \
"Example: installer -- nvme0n1 tempest" \
"Flake example: nix run github:nmasur/dotfiles#installer -- nvme0n1 tempest"
"Example: installer -- nvme0n1 desktop" \
"Flake example: nix run github:nmasur/dotfiles#installer -- nvme0n1 desktop"
echo "(exiting)"
exit 1
fi

2
apps/reencrypt-secrets.nix
View File

@ -17,7 +17,7 @@
--identity ~/.ssh/id_ed25519 $encryptedfile > $tmpfile
echo "Encrypting ''${encryptedfile}..."
${pkgs.age}/bin/age --encrypt --armor --recipients-file ${
builtins.toString ../misc/public-keys
builtins.toString ../public-keys
} $tmpfile > $encryptedfile
rm $tmpfile
done

5
colorscheme/README.md
View File

@ -1,5 +0,0 @@
# Colorschemes
Color information for different themes is found here. The colors are sourced
and used with [base16](https://github.com/chriskempson/base16) format
consistently across the system.

5
disks/README.md
View File

@ -1,5 +0,0 @@
# Disks
These are my [disko](https://github.com/nix-community/disko) configurations,
which allow me to save desired disk formatting layouts as a declarative file so
I don't have to remember how to format my disks later on.

4
docs/README.md
View File

@ -1,4 +0,0 @@
# Documentation
Reference documents for some of the more complicated services and maintenance
tasks.

65
docs/repair-nextcloud.md
View File

@ -1,65 +0,0 @@
# Repairing Nextcloud
You can run the maintenance commands like this:
```
sudo -u nextcloud nextcloud-occ maintenance:mode --on
sudo -u nextcloud nextcloud-occ maintenance:repair
sudo -u nextcloud nextcloud-occ maintenance:mode --off
```
## Rescan Files
```
sudo -u nextcloud nextcloud-occ files:scan --all
```
## Converting from SQLite to MySQL (mariadb)
First: keep Nextcloud set to SQLite as its dbtype, and separately launch MySQL
as a service by copying the configuration found
[here](https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/services/web-apps/nextcloud.nix).
No password is necessary, since the user-based auth works with UNIX sockets.
You can connect to the MySQL instance like this:
```
sudo -u nextcloud mysql -S /run/mysqld/mysqld.sock
```
Create a blank database for Nextcloud:
```sql
create database nextcloud;
```
Now setup the [conversion](https://docs.nextcloud.com/server/17/admin_manual/configuration_database/db_conversion.html):
```
sudo -u nextcloud nextcloud-occ db:convert-type mysql nextcloud localhost nextcloud
```
Ignore the password prompt. Proceed with the conversion.
Now `config.php` will be updated but the override config from NixOS will not
be. Now update your NixOS configuration:
- Remove the `mysql` service you created.
- Set `dbtype` to `mysql`.
- Set `database.createLocally` to `true`.
Rebuild your configuration.
Now, make sure to enable [4-byte
support](https://docs.nextcloud.com/server/latest/admin_manual/configuration_database/mysql_4byte_support.html)
in the database.
## Backing Up MySQL Database
Use this mysqldump command:
```
sudo -u nextcloud mysqldump -S /run/mysqld/mysqld.sock --default-character-set=utf8mb4 nextcloud > backup.sql
```

43
docs/restore-nextcloud.md Normal file
View File

@ -0,0 +1,43 @@
# Restoring Nextcloud From Backup
Install the `litestream` package.
```
nix-shell --run fish -p litestream
```
Set the S3 credentials:
```
set -x AWS_ACCESS_KEY_ID (read)
set -x AWS_SECRET_ACCESS_KEY (read)
```
Restore from S3:
```
litestream restore -o nextcloud.db s3://noahmasur-backup.s3.us-west-002.backblazeb2.com/nextcloud
```
Install Nextcloud. Then copy DB:
```
sudo rm /data/nextcloud/data/nextcloud.db*
sudo mv nextcloud.db /data/nextcloud/data/
sudo chown nextcloud:nextcloud /data/nextcloud/data/nextcloud.db
sudo chmod 770 /data/nextcloud/data/nextcloud.db
```
Restart Nextcloud:
```
sudo systemctl restart phpfpm-nextcloud.service
```
Adjust Permissions and Directories:
```
sudo mkdir /data/nextcloud/data/noah/files
sudo chown nextcloud:nextcloud /data/nextcloud/data/noah/files
```

45
docs/zfs.md
View File

@ -1,45 +0,0 @@
# ZFS
Swan runs its root on ext4. The ZFS drives are managed imperatively (this
[disko configuration](../disks/zfs.nix) is an unused work-in-progress).
The basic ZFS settings are managed [here](../modules/nixos/hardware/zfs.nix).
## Creating a New Dataset
```
sudo zfs create tank/mydataset
sudo zfs set compression=zstd tank/myzstddataset
sudo zfs set mountpoint=/data/mydataset tank/mydataset
```
## Maintenance
### Get Status
```
sudo zpool status
```
### Replace Disk
```
sudo zdb
sudo zpool status -g # Show by GUID
sudo zpool offline tank <GUID>
sudo zpool status
# Remove old disk, insert new disk
sudo zdb
sudo zpool replace tank <OLD GUID> /dev/disk/by-id/<NEW PATH>
sudo zpool status
```
## Initial Setup
```
sudo zpool create tank raidz1 sda sdb sdc
sudo zpool set ashift=12 tank
sudo zpool set autoexpand=on tank
sudo zpool set compression=on tank
```

422
flake.lock generated
View File

@ -17,52 +17,19 @@
"type": "github"
}
},
"age": {
"flake": false,
"locked": {
"lastModified": 1672087018,
"narHash": "sha256-LRxxJQLQkzoCNYGS/XBixVmYXoZ1mPHKvFicPGXYLcw=",
"owner": "FiloSottile",
"repo": "age",
"rev": "c6dcfa1efcaa27879762a934d5bea0d1b83a894c",
"type": "github"
},
"original": {
"owner": "FiloSottile",
"ref": "v1.1.1",
"repo": "age",
"type": "github"
}
},
"baleia-nvim-src": {
"flake": false,
"locked": {
"lastModified": 1681806450,
"narHash": "sha256-jxRlIzWbnSj89032msc5w+2TVt7zVyzlxdXxiH1dQqY=",
"owner": "m00qek",
"repo": "baleia.nvim",
"rev": "00bb4af31c8c3865b735d40ebefa6c3f07b2dd16",
"type": "github"
},
"original": {
"owner": "m00qek",
"repo": "baleia.nvim",
"type": "github"
}
},
"bufferline-nvim-src": {
"flake": false,
"locked": {
"lastModified": 1695205521,
"narHash": "sha256-MQMpXMgUpZA0E9TunzjXeOQxDWSCTogXbvi9VJnv4Kw=",
"lastModified": 1687763763,
"narHash": "sha256-wbOeylzjjScQXkrDbBU2HtrOZrp2YUK+wQ2aOkgxmRQ=",
"owner": "akinsho",
"repo": "bufferline.nvim",
"rev": "6ecd37e0fa8b156099daedd2191130e083fb1490",
"rev": "bf2f6b7edd0abf6b0732f5e5c0a8f30e51611c75",
"type": "github"
},
"original": {
"owner": "akinsho",
"ref": "v4.4.0",
"ref": "v4.2.0",
"repo": "bufferline.nvim",
"type": "github"
}
@ -70,11 +37,11 @@
"cmp-nvim-lsp-src": {
"flake": false,
"locked": {
"lastModified": 1702205473,
"narHash": "sha256-/0sh9vJBD9pUuD7q3tNSQ1YLvxFMNykdg5eG+LjZAA8=",
"lastModified": 1687494203,
"narHash": "sha256-mU0soCz79erJXMMqD/FyrJZ0mu2n6fE0deymPzQlxts=",
"owner": "hrsh7th",
"repo": "cmp-nvim-lsp",
"rev": "5af77f54de1b16c34b23cba810150689a3a90312",
"rev": "44b16d11215dce86f253ce0c30949813c0a90765",
"type": "github"
},
"original": {
@ -90,11 +57,11 @@
]
},
"locked": {
"lastModified": 1703990467,
"narHash": "sha256-LItEeQVwDfLnavNskwdfRnonbEdq8DYiJlWRtF+bwng=",
"lastModified": 1687517837,
"narHash": "sha256-Ea+JTy6NSf+wWIFrgC8gnOnyt01xwmtDEn2KecvaBkg=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "1a41453cba42a3a1af2fff003be455ddbd75386c",
"rev": "6460468e7a3e1290f132fee4170ebeaa127f6f32",
"type": "github"
},
"original": {
@ -111,11 +78,11 @@
]
},
"locked": {
"lastModified": 1704072400,
"narHash": "sha256-Es4zcFoCJ+Pa9TN46VoqgNlYznuhc6s50LRcDqQEATs=",
"lastModified": 1687598357,
"narHash": "sha256-70ciIe8415oQnQypawaqocEaLJcI1XtkqRNmle8vsrg=",
"owner": "nix-community",
"repo": "disko",
"rev": "59f915b45a38cb0ec0e97a713237877a06b43386",
"rev": "1e7098ee0448dc5d33df394d040f454cd42a809c",
"type": "github"
},
"original": {
@ -124,23 +91,6 @@
"type": "github"
}
},
"fidget-nvim-src": {
"flake": false,
"locked": {
"lastModified": 1702031048,
"narHash": "sha256-wbjQuOFd/2339TIrUA97PYsV8N3PZsS+xbyMsyZmki8=",
"owner": "j-hui",
"repo": "fidget.nvim",
"rev": "300018af4abd00610a345e382ca1f4b7ba420f77",
"type": "github"
},
"original": {
"owner": "j-hui",
"ref": "v1.1.0",
"repo": "fidget.nvim",
"type": "github"
}
},
"firefox-darwin": {
"inputs": {
"nixpkgs": [
@ -148,11 +98,11 @@
]
},
"locked": {
"lastModified": 1704070085,
"narHash": "sha256-bTwLbeao1cHkQpD1q/4fGbyImCFJ83b4CpBK/qgT17Y=",
"lastModified": 1688605308,
"narHash": "sha256-B9suu7dcdX4a18loO5ul237gqIJ5/+TRuheLj8fJjwM=",
"owner": "bandithedoge",
"repo": "nixpkgs-firefox-darwin",
"rev": "122138e9e07595a6712e65e47a4a9c80a19764cc",
"rev": "78d28acf685e19d353b2ecb6c38eeb3fc624fc68",
"type": "github"
},
"original": {
@ -164,11 +114,11 @@
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
@ -178,15 +128,12 @@
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1687709756,
"narHash": "sha256-Y5wKlQSkgEK2weWdOu4J3riRd+kV/VCgHsqLNTTWQ/0=",
"lastModified": 1678901627,
"narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "dbabf0ca0c0c4bce6ea5eaf65af5cb694d2082c7",
"rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6",
"type": "github"
},
"original": {
@ -197,7 +144,7 @@
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
"systems": "systems"
},
"locked": {
"lastModified": 1685518550,
@ -215,14 +162,14 @@
},
"flake-utils_3": {
"inputs": {
"systems": "systems_3"
"systems": "systems_2"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"lastModified": 1685518550,
"narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef",
"type": "github"
},
"original": {
@ -231,22 +178,6 @@
"type": "github"
}
},
"hmts-nvim-src": {
"flake": false,
"locked": {
"lastModified": 1693226725,
"narHash": "sha256-jUuztOqNBltC3axa7s3CPJz9Cmukfwkf846+Z/gAxCU=",
"owner": "calops",
"repo": "hmts.nvim",
"rev": "14fd941d7ec2bb98314a1aacaa2573d97f1629ab",
"type": "github"
},
"original": {
"owner": "calops",
"repo": "hmts.nvim",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
@ -254,11 +185,11 @@
]
},
"locked": {
"lastModified": 1704100519,
"narHash": "sha256-SgZC3cxquvwTN07vrYYT9ZkfvuhS5Y1k1F4+AMsuflc=",
"lastModified": 1687627695,
"narHash": "sha256-6Pu7nWb52PRtUmihwuDNShDmsZiXgtXR0OARtH4DSik=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "6e91c5df192395753d8e6d55a0352109cb559790",
"rev": "172d46d4b2677b32277d903bdf4cff77c2cc6477",
"type": "github"
},
"original": {
@ -268,45 +199,6 @@
"type": "github"
}
},
"nextcloud-cookbook": {
"flake": false,
"locked": {
"lastModified": 1679666795,
"narHash": "sha256-XgBwUr26qW6wvqhrnhhhhcN4wkI+eXDHnNSm1HDbP6M=",
"type": "tarball",
"url": "https://github.com/nextcloud/cookbook/releases/download/v0.10.2/Cookbook-0.10.2.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/nextcloud/cookbook/releases/download/v0.10.2/Cookbook-0.10.2.tar.gz"
}
},
"nextcloud-external": {
"flake": false,
"locked": {
"lastModified": 1699624334,
"narHash": "sha256-RCL2RP5twRDLxI/KfAX6QLYQOzqZmSWsfrC5ZQIwTD4=",
"type": "tarball",
"url": "https://github.com/nextcloud-releases/external/releases/download/v5.3.1/external-v5.3.1.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/nextcloud-releases/external/releases/download/v5.3.1/external-v5.3.1.tar.gz"
}
},
"nextcloud-news": {
"flake": false,
"locked": {
"lastModified": 1695883388,
"narHash": "sha256-cfJkKRNSz15L4E3w1tnEb+t4MrVwVzb8lb6vCOA4cK4=",
"type": "tarball",
"url": "https://github.com/nextcloud/news/releases/download/24.0.0/news.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/nextcloud/news/releases/download/24.0.0/news.tar.gz"
}
},
"nil": {
"inputs": {
"flake-utils": "flake-utils",
@ -316,16 +208,16 @@
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1691372739,
"narHash": "sha256-fZ8KfBMcIFO/R7xaWtB85SFeuUjb9SCH8fxYBnY8068=",
"lastModified": 1680544266,
"narHash": "sha256-d/TusDXmIo8IT5DNRA21lN+nOVSER8atIx9TJteR6LQ=",
"owner": "oxalica",
"repo": "nil",
"rev": "97abe7d3d48721d4e0fcc1876eea83bb4247825b",
"rev": "56a1fa87b98a9508920f4b0ab8fe36d5b54b2362",
"type": "github"
},
"original": {
"owner": "oxalica",
"ref": "2023-08-09",
"ref": "2023-04-03",
"repo": "nil",
"type": "github"
}
@ -353,11 +245,11 @@
},
"nixlib": {
"locked": {
"lastModified": 1693701915,
"narHash": "sha256-waHPLdDYUOHSEtMKKabcKIMhlUOHPOOPQ9UyFeEoovs=",
"lastModified": 1687049841,
"narHash": "sha256-FBNZQfWtA7bb/rwk92mfiWc85x4hXta2OAouDqO5W8w=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "f5af57d3ef9947a70ac86e42695231ac1ad00c25",
"rev": "908af6d1fa3643c5818ea45aa92b21d6385fbbe5",
"type": "github"
},
"original": {
@ -374,11 +266,11 @@
]
},
"locked": {
"lastModified": 1701689616,
"narHash": "sha256-ewnfgvRy73HoP5KnYmy1Rcr4m4yShvsb6TCCaKoW8pc=",
"lastModified": 1687398392,
"narHash": "sha256-T6kc3NMTpGJk1/dve8PGupeVcxboEb78xtTKhe3LL/A=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "246219bc21b943c6f6812bb7744218ba0df08600",
"rev": "649171f56a45af13ba693c156207eafbbbf7edfe",
"type": "github"
},
"original": {
@ -389,11 +281,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1703961334,
"narHash": "sha256-M1mV/Cq+pgjk0rt6VxoyyD+O8cOUiai8t9Q6Yyq4noY=",
"lastModified": 1687502512,
"narHash": "sha256-dBL/01TayOSZYxtY4cMXuNCBk8UMLoqRZA+94xiFpJA=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "b0d36bd0a420ecee3bc916c91886caca87c894e9",
"rev": "3ae20aa58a6c0d1ca95c9b11f59a2d12eebc511f",
"type": "github"
},
"original": {
@ -405,16 +297,16 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1703900474,
"narHash": "sha256-Zu+chYVYG2cQ4FCbhyo6rc5Lu0ktZCjRbSPE0fDgukI=",
"lastModified": 1686929285,
"narHash": "sha256-WGtVzn+vGMPTXDO0DMNKVFtf+zUSqeW+KKk4Y/Ae99I=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9dd7699928e26c3c00d5d46811f1358524081062",
"rev": "93fddcf640ceca0be331210ba3101cee9d91c13d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"ref": "nixos-22.11",
"repo": "nixpkgs",
"type": "github"
}
@ -422,11 +314,11 @@
"null-ls-nvim-src": {
"flake": false,
"locked": {
"lastModified": 1691810493,
"narHash": "sha256-cWA0rzkOp/ekVKaFee7iea1lhnqKtWUIU+fW5M950wI=",
"lastModified": 1686871437,
"narHash": "sha256-MxIZqyRW8jStiDNXt7Bsw8peDLKpqxKEaUuIJsXkGMI=",
"owner": "jose-elias-alvarez",
"repo": "null-ls.nvim",
"rev": "0010ea927ab7c09ef0ce9bf28c2b573fc302f5a7",
"rev": "bbaf5a96913aa92281f154b08732be2f57021c45",
"type": "github"
},
"original": {
@ -437,11 +329,11 @@
},
"nur": {
"locked": {
"lastModified": 1704142590,
"narHash": "sha256-4cFVrYDodnB1vJQ79htwm4rAYl1HwHcemiZ68izluLI=",
"lastModified": 1687625402,
"narHash": "sha256-V+vSWypmm/tGbwNXGhqzmiV7vTjV2gNCEh9N7OhNnyA=",
"owner": "nix-community",
"repo": "nur",
"rev": "0529839a62a15cda326e38353f9c10a4efa01d60",
"rev": "aeaf37c7538965e45700d39e6b5dc9c9a0e0749c",
"type": "github"
},
"original": {
@ -470,11 +362,11 @@
"nvim-tree-lua-src": {
"flake": false,
"locked": {
"lastModified": 1704073600,
"narHash": "sha256-D+wCJQuRj9mvgLd0DaiYgqghDYDwfux9zlEb/vIvaqA=",
"lastModified": 1687132855,
"narHash": "sha256-ZRUoCDBv8rO8ZUBUMLgo33EBbqD9+ZOSET9rkFsA++E=",
"owner": "kyazdani42",
"repo": "nvim-tree.lua",
"rev": "f1b3e6a7eb92da492bd693257367d9256839ed3d",
"rev": "c3c6544ee00333b0f1d6a13735d0dd302dba4f70",
"type": "github"
},
"original": {
@ -486,49 +378,29 @@
"nvim-treesitter-src": {
"flake": false,
"locked": {
"lastModified": 1703930904,
"narHash": "sha256-3G5qOgqjZMrUkM7LaI02GTpwra6w+l97cIpFh4DHbgY=",
"lastModified": 1681121236,
"narHash": "sha256-iPsPDLhVKJ14iP1/2cCgcY9SCKK/DQz9Y0mQB1DqNiM=",
"owner": "nvim-treesitter",
"repo": "nvim-treesitter",
"rev": "e49f1e8ef3e8450a8446cb1f2bbb53c919f60b6d",
"rev": "cc360a9beb1b30d172438f640e2c3450358c4086",
"type": "github"
},
"original": {
"owner": "nvim-treesitter",
"ref": "master",
"ref": "v0.9.0",
"repo": "nvim-treesitter",
"type": "github"
}
},
"proton-ge": {
"flake": false,
"locked": {
"lastModified": 1699415676,
"narHash": "sha256-3XniKYf/KDRDYhTwffkktbmoISwOtGIABF28bsp8QHA=",
"type": "tarball",
"url": "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-23/GE-Proton8-23.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-23/GE-Proton8-23.tar.gz"
}
},
"root": {
"inputs": {
"Comment-nvim-src": "Comment-nvim-src",
"age": "age",
"baleia-nvim-src": "baleia-nvim-src",
"bufferline-nvim-src": "bufferline-nvim-src",
"cmp-nvim-lsp-src": "cmp-nvim-lsp-src",
"darwin": "darwin",
"disko": "disko",
"fidget-nvim-src": "fidget-nvim-src",
"firefox-darwin": "firefox-darwin",
"hmts-nvim-src": "hmts-nvim-src",
"home-manager": "home-manager",
"nextcloud-cookbook": "nextcloud-cookbook",
"nextcloud-external": "nextcloud-external",
"nextcloud-news": "nextcloud-news",
"nil": "nil",
"nix2vim": "nix2vim",
"nixos-generators": "nixos-generators",
@ -538,20 +410,12 @@
"nvim-lspconfig-src": "nvim-lspconfig-src",
"nvim-tree-lua-src": "nvim-tree-lua-src",
"nvim-treesitter-src": "nvim-treesitter-src",
"proton-ge": "proton-ge",
"telescope-nvim-src": "telescope-nvim-src",
"telescope-project-nvim-src": "telescope-project-nvim-src",
"toggleterm-nvim-src": "toggleterm-nvim-src",
"tree-sitter-bash": "tree-sitter-bash",
"tree-sitter-ini": "tree-sitter-ini",
"tree-sitter-lua": "tree-sitter-lua",
"tree-sitter-puppet": "tree-sitter-puppet",
"tree-sitter-python": "tree-sitter-python",
"tree-sitter-rasi": "tree-sitter-rasi",
"vscode-terraform-snippets": "vscode-terraform-snippets",
"wallpapers": "wallpapers",
"wsl": "wsl",
"zenyd-mpv-scripts": "zenyd-mpv-scripts"
"wsl": "wsl"
}
},
"rust-overlay": {
@ -566,11 +430,11 @@
]
},
"locked": {
"lastModified": 1688783586,
"narHash": "sha256-HHaM2hk2azslv1kH8zmQxXo2e7i5cKgzNIuK4yftzB0=",
"lastModified": 1680488274,
"narHash": "sha256-0vYMrZDdokVmPQQXtFpnqA2wEgCCUXf5a3dDuDVshn0=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "7a29283cc242c2486fc67f60b431ef708046d176",
"rev": "7ec2ff598a172c6e8584457167575b3a1a5d80d8",
"type": "github"
},
"original": {
@ -609,34 +473,19 @@
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"telescope-nvim-src": {
"flake": false,
"locked": {
"lastModified": 1697004956,
"narHash": "sha256-7SqYFnfCjotOBhuX6Wx1IOhgMKoxaoI1a4SKz1d5RVM=",
"lastModified": 1686302912,
"narHash": "sha256-fV3LLRwAPykVGc4ImOnUSP+WTrPp9Ad9OTfBJ6wqTMk=",
"owner": "nvim-telescope",
"repo": "telescope.nvim",
"rev": "7011eaae0ac1afe036e30c95cf80200b8dc3f21a",
"rev": "776b509f80dd49d8205b9b0d94485568236d1192",
"type": "github"
},
"original": {
"owner": "nvim-telescope",
"ref": "0.1.4",
"ref": "0.1.2",
"repo": "telescope.nvim",
"type": "github"
}
@ -644,11 +493,11 @@
"telescope-project-nvim-src": {
"flake": false,
"locked": {
"lastModified": 1701464478,
"narHash": "sha256-touMCltcnqkrQYV1NtNeWLQeFVGt+WM3aIWIdKilA7w=",
"lastModified": 1682606566,
"narHash": "sha256-H6lrPjpOUVleKHB0ziI+6dthg9ymitHhEWtcgYJTrKo=",
"owner": "nvim-telescope",
"repo": "telescope-project.nvim",
"rev": "1aaf16580a614601a7f7077d9639aeb457dc5559",
"rev": "7c64b181dd4e72deddcf6f319e3bf1e95b2a2f30",
"type": "github"
},
"original": {
@ -660,119 +509,20 @@
"toggleterm-nvim-src": {
"flake": false,
"locked": {
"lastModified": 1695636777,
"narHash": "sha256-o8xzoo7OuYrPnKlfrupQ24Ja9hZy1qQVnvwO0FO+4zM=",
"lastModified": 1685434104,
"narHash": "sha256-oiCnBrvft6XxiQtQH8E4F842xhh348SaTpHzaeb+iDY=",
"owner": "akinsho",
"repo": "toggleterm.nvim",
"rev": "faee9d60428afc7857e0927fdc18daa6c409fa64",
"rev": "95204ece0f2a54c89c4395295432f9aeedca7b5f",
"type": "github"
},
"original": {
"owner": "akinsho",
"ref": "v2.8.0",
"ref": "v2.7.0",
"repo": "toggleterm.nvim",
"type": "github"
}
},
"tree-sitter-bash": {
"flake": false,
"locked": {
"lastModified": 1696959291,
"narHash": "sha256-VP7rJfE/k8KV1XN1w5f0YKjCnDMYU1go/up0zj1mabM=",
"owner": "tree-sitter",
"repo": "tree-sitter-bash",
"rev": "7331995b19b8f8aba2d5e26deb51d2195c18bc94",
"type": "github"
},
"original": {
"owner": "tree-sitter",
"ref": "master",
"repo": "tree-sitter-bash",
"type": "github"
}
},
"tree-sitter-ini": {
"flake": false,
"locked": {
"lastModified": 1699877527,
"narHash": "sha256-dYPeVTNWO4apY5dsjsKViavU7YtLeGTp6BzEemXhsEU=",
"owner": "justinmk",
"repo": "tree-sitter-ini",
"rev": "bcb84a2d4bcd6f55b911c42deade75c8f90cb0c5",
"type": "github"
},
"original": {
"owner": "justinmk",
"repo": "tree-sitter-ini",
"type": "github"
}
},
"tree-sitter-lua": {
"flake": false,
"locked": {
"lastModified": 1694072484,
"narHash": "sha256-5t5w8KqbefInNbA12/jpNzmky/uOUhsLjKdEqpl1GEc=",
"owner": "MunifTanjim",
"repo": "tree-sitter-lua",
"rev": "9668709211b2e683f27f414454a8b51bf0a6bda1",
"type": "github"
},
"original": {
"owner": "MunifTanjim",
"ref": "main",
"repo": "tree-sitter-lua",
"type": "github"
}
},
"tree-sitter-puppet": {
"flake": false,
"locked": {
"lastModified": 1690231696,
"narHash": "sha256-YEjjy9WLwITERYqoeSVrRYnwVBIAwdc4o0lvAK9wizw=",
"owner": "amaanq",
"repo": "tree-sitter-puppet",
"rev": "9ce9a5f7d64528572aaa8d59459ba869e634086b",
"type": "github"
},
"original": {
"owner": "amaanq",
"repo": "tree-sitter-puppet",
"type": "github"
}
},
"tree-sitter-python": {
"flake": false,
"locked": {
"lastModified": 1700218345,
"narHash": "sha256-hXNxa895SyNOG7PH2vAIkWbcMjZDjWYDsCafBZuvnT0=",
"owner": "tree-sitter",
"repo": "tree-sitter-python",
"rev": "4bfdd9033a2225cc95032ce77066b7aeca9e2efc",
"type": "github"
},
"original": {
"owner": "tree-sitter",
"ref": "master",
"repo": "tree-sitter-python",
"type": "github"
}
},
"tree-sitter-rasi": {
"flake": false,
"locked": {
"lastModified": 1678701563,
"narHash": "sha256-2nYZoLcrxxxiOJEySwHUm93lzMg8mU+V7LIP63ntFdA=",
"owner": "Fymyte",
"repo": "tree-sitter-rasi",
"rev": "371dac6bcce0df5566c1cfebde69d90ecbeefd2d",
"type": "github"
},
"original": {
"owner": "Fymyte",
"repo": "tree-sitter-rasi",
"type": "github"
}
},
"vscode-terraform-snippets": {
"flake": false,
"locked": {
@ -812,11 +562,11 @@
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1704091507,
"narHash": "sha256-SMtf/mgpYro3H2kGxck3W3jc3LYKnyAgNegjsEUuKfs=",
"lastModified": 1687279045,
"narHash": "sha256-LR0dsXd/A07M61jclyBUW0wRojEQteWReKM35zoJXp0=",
"owner": "nix-community",
"repo": "NixOS-WSL",
"rev": "b8d2747e2f7474e6c1ba5a63f265424c8d000257",
"rev": "a8486b5d191f11d571f15d80b6e265d1712d01cf",
"type": "github"
},
"original": {
@ -824,22 +574,6 @@
"repo": "NixOS-WSL",
"type": "github"
}
},
"zenyd-mpv-scripts": {
"flake": false,
"locked": {
"lastModified": 1650625438,
"narHash": "sha256-OBCuzCtgfSwj0i/rBNranuu4LRc47jObwQIJgQQoerg=",
"owner": "zenyd",
"repo": "mpv-scripts",
"rev": "19ea069abcb794d1bf8fac2f59b50d71ab992130",
"type": "github"
},
"original": {
"owner": "zenyd",
"repo": "mpv-scripts",
"type": "github"
}
}
},
"root": "root",

171
flake.nix
View File

@ -9,7 +9,7 @@
# Used for MacOS system config
darwin = {
url = "github:lnl7/nix-darwin/master";
url = "github:/lnl7/nix-darwin/master";
inputs.nixpkgs.follows = "nixpkgs";
};
@ -58,13 +58,12 @@
# Nix language server
nil = {
url = "github:oxalica/nil/2023-08-09";
url = "github:oxalica/nil/2023-04-03";
inputs.nixpkgs.follows = "nixpkgs";
};
# Neovim plugins
nvim-lspconfig-src = {
# https://github.com/neovim/nvim-lspconfig/tags
url = "github:neovim/nvim-lspconfig/v0.1.6";
flake = false;
};
@ -76,22 +75,16 @@
url = "github:jose-elias-alvarez/null-ls.nvim";
flake = false;
};
baleia-nvim-src = {
# https://github.com/m00qek/baleia.nvim/tags
url = "github:m00qek/baleia.nvim";
flake = false;
};
Comment-nvim-src = {
url = "github:numToStr/Comment.nvim/v0.8.0";
flake = false;
};
nvim-treesitter-src = {
# https://github.com/nvim-treesitter/nvim-treesitter/tags
url = "github:nvim-treesitter/nvim-treesitter/master";
url = "github:nvim-treesitter/nvim-treesitter/v0.9.0";
flake = false;
};
telescope-nvim-src = {
url = "github:nvim-telescope/telescope.nvim/0.1.4";
url = "github:nvim-telescope/telescope.nvim/0.1.2";
flake = false;
};
telescope-project-nvim-src = {
@ -99,11 +92,11 @@
flake = false;
};
toggleterm-nvim-src = {
url = "github:akinsho/toggleterm.nvim/v2.8.0";
url = "github:akinsho/toggleterm.nvim/v2.7.0";
flake = false;
};
bufferline-nvim-src = {
url = "github:akinsho/bufferline.nvim/v4.4.0";
url = "github:akinsho/bufferline.nvim/v4.2.0";
flake = false;
};
nvim-tree-lua-src = {
@ -114,89 +107,23 @@
url = "github:run-at-scale/vscode-terraform-doc-snippets";
flake = false;
};
hmts-nvim-src = {
url = "github:calops/hmts.nvim";
flake = false;
};
fidget-nvim-src = {
# https://github.com/j-hui/fidget.nvim/tags
url = "github:j-hui/fidget.nvim/v1.1.0";
flake = false;
};
# Tree-Sitter Grammars
tree-sitter-bash = {
url = "github:tree-sitter/tree-sitter-bash/master";
flake = false;
};
tree-sitter-python = {
url = "github:tree-sitter/tree-sitter-python/master";
flake = false;
};
tree-sitter-lua = {
url = "github:MunifTanjim/tree-sitter-lua/main";
flake = false;
};
tree-sitter-ini = {
url = "github:justinmk/tree-sitter-ini";
flake = false;
};
tree-sitter-puppet = {
url = "github:amaanq/tree-sitter-puppet";
flake = false;
};
tree-sitter-rasi = {
url = "github:Fymyte/tree-sitter-rasi";
flake = false;
};
# MPV Scripts
zenyd-mpv-scripts = {
url = "github:zenyd/mpv-scripts";
flake = false;
};
# Age encryption (pin because of failed builds)
age = {
url = "github:FiloSottile/age/v1.1.1";
flake = false;
};
# GE version of Proton for game compatibility
# Alternatively, could consider using https://github.com/fufexan/nix-gaming
proton-ge = {
# https://github.com/GloriousEggroll/proton-ge-custom/releases
url =
"https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-23/GE-Proton8-23.tar.gz";
flake = false;
};
# Nextcloud Apps
nextcloud-news = {
# https://github.com/nextcloud/news/releases
url =
"https://github.com/nextcloud/news/releases/download/24.0.0/news.tar.gz";
flake = false;
};
nextcloud-external = {
# https://github.com/nextcloud-releases/external/releases
url =
"https://github.com/nextcloud-releases/external/releases/download/v5.3.1/external-v5.3.1.tar.gz";
flake = false;
};
nextcloud-cookbook = {
# https://github.com/nextcloud/cookbook/releases
url =
"https://github.com/nextcloud/cookbook/releases/download/v0.10.2/Cookbook-0.10.2.tar.gz";
flake = false;
};
};
outputs = { nixpkgs, ... }@inputs:
outputs = { self, nixpkgs, ... }@inputs:
let
# Common overlays to always use
overlays = [
inputs.nur.overlay
inputs.nix2vim.overlay
(import ./overlays/neovim-plugins.nix inputs)
(import ./overlays/calibre-web.nix)
(import ./overlays/disko.nix inputs)
(import ./overlays/tree-sitter.nix inputs)
];
# Global configuration for my systems
globals = let baseName = "masu.rs";
in rec {
@ -207,13 +134,12 @@
mail.server = "noahmasur.com";
mail.imapHost = "imap.purelymail.com";
mail.smtpHost = "smtp.purelymail.com";
dotfilesRepo = "https://github.com/nmasur/dotfiles";
dotfilesRepo = "git@github.com:nmasur/dotfiles";
nixpkgs.overlays = overlays;
hostnames = {
git = "git.${baseName}";
influxdb = "influxdb.${baseName}";
metrics = "metrics.${baseName}";
prometheus = "prom.${baseName}";
paperless = "paper.${baseName}";
secrets = "vault.${baseName}";
stream = "stream.${baseName}";
content = "cloud.${baseName}";
@ -222,23 +148,6 @@
};
};
# Common overlays to always use
overlays = [
inputs.nur.overlay
inputs.nix2vim.overlay
(import ./overlays/neovim-plugins.nix inputs)
(import ./overlays/calibre-web.nix)
(import ./overlays/disko.nix inputs)
(import ./overlays/tree-sitter.nix inputs)
(import ./overlays/caddy.nix inputs)
(import ./overlays/mpv-scripts.nix inputs)
(import ./overlays/nextcloud-apps.nix inputs)
(import ./overlays/betterlockscreen.nix)
(import ./overlays/age.nix inputs)
(import ./overlays/proton-ge.nix inputs)
(import ./overlays/gh-collaborators.nix)
];
# System types to support.
supportedSystems =
[ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ];
@ -248,20 +157,26 @@
in rec {
nixosModules = {
globals = { config }: { config = globals; };
common = import ./modules/common;
nixos = import ./modules/nixos;
darwin = import ./modules/darwin;
};
# Contains my full system builds, including home-manager
# nixos-rebuild switch --flake .#tempest
nixosConfigurations = {
tempest = import ./hosts/tempest { inherit inputs globals overlays; };
hydra = import ./hosts/hydra { inherit inputs globals overlays; };
flame = import ./hosts/flame { inherit inputs globals overlays; };
swan = import ./hosts/swan { inherit inputs globals overlays; };
tempest = import ./hosts/tempest { inherit self; };
hydra = import ./hosts/hydra { inherit self; };
flame = import ./hosts/flame { inherit self; };
swan = import ./hosts/swan { inherit self; };
};
# Contains my full Mac system builds, including home-manager
# darwin-rebuild switch --flake .#lookingglass
darwinConfigurations = {
lookingglass =
import ./hosts/lookingglass { inherit inputs globals overlays; };
lookingglass = import ./hosts/lookingglass { inherit self; };
};
# For quickly applying home-manager settings with:
@ -277,10 +192,8 @@
diskoConfigurations = { root = import ./disks/root.nix; };
packages = let
aws = system:
import ./hosts/aws { inherit inputs globals overlays system; };
staff = system:
import ./hosts/staff { inherit inputs globals overlays system; };
aws = system: import ./hosts/aws { inherit self system; };
staff = system: import ./hosts/staff { inherit self system; };
neovim = system:
let pkgs = import nixpkgs { inherit system overlays; };
in import ./modules/common/neovim/package {
@ -315,24 +228,6 @@
});
checks = forAllSystems (system:
let pkgs = import nixpkgs { inherit system overlays; };
in {
neovim = pkgs.runCommand "neovim-check-health" {
buildInputs = [ inputs.self.packages.${system}.neovim ];
} ''
mkdir -p $out
export HOME=$TMPDIR
nvim -c "checkhealth" -c "write $out/health.log" -c "quitall"
# Check for errors inside the health log
if $(grep "ERROR" $out/health.log); then
cat $out/health.log
exit 1
fi
'';
});
# Templates for starting other projects quickly
templates = rec {
default = basic;

2
hosts/README.md
View File

@ -1,7 +1,5 @@
# Hosts
These are the individual machines managed by this flake.
| Host | Purpose |
| --- | --- |
| [aws](./aws/default.nix) | AWS AMI |

14
hosts/aws/default.nix
View File

@ -1,13 +1,14 @@
{ inputs, system, globals, overlays, ... }:
{ self, system, ... }:
inputs.nixos-generators.nixosGenerate {
self.inputs.nixos-generators.nixosGenerate {
inherit system;
format = "amazon";
modules = [
globals
inputs.home-manager.nixosModules.home-manager
self.inputs.home-manager.nixosModules.home-manager
self.nixosModules.globals
self.nixosModules.common
self.nixosModules.nixos
{
nixpkgs.overlays = overlays;
networking.hostName = "sheep";
gui.enable = false;
theme.colors = (import ../../colorscheme/gruvbox).dark;
@ -17,9 +18,6 @@ inputs.nixos-generators.nixosGenerate {
# AWS settings require this
permitRootLogin = "prohibit-password";
}
../../modules/common
../../modules/nixos
../../modules/nixos/services/sshd.nix
] ++ [
# Required to fix diskSize errors during build
({ ... }: { amazonImage.sizeMB = 16 * 1024; })

48
hosts/flame/default.nix
View File

@ -3,67 +3,56 @@
# How to install:
# https://blog.korfuri.fr/posts/2022/08/nixos-on-an-oracle-free-tier-ampere-machine/
# These days, probably use nixos-anywhere instead.
{ inputs, globals, overlays, ... }:
{ self, ... }:
inputs.nixpkgs.lib.nixosSystem {
self.inputs.nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
specialArgs = { };
modules = [
globals
inputs.home-manager.nixosModules.home-manager
../../modules/common
../../modules/nixos
self.inputs.home-manager.nixosModules.home-manager
self.nixosModules.globals
self.nixosModules.common
self.nixosModules.nixos
{
nixpkgs.overlays = overlays;
# Hardware
server = true;
networking.hostName = "flame";
# Not sure what's necessary but too afraid to remove anything
imports = [ (inputs.nixpkgs + "/nixos/modules/profiles/qemu-guest.nix") ];
imports =
[ (self.inputs.nixpkgs + "/nixos/modules/profiles/qemu-guest.nix") ];
boot.initrd.availableKernelModules = [ "xhci_pci" "virtio_pci" "usbhid" ];
# File systems must be declared in order to boot
# This is the root filesystem containing NixOS
# I forgot to set a clean label for it
fileSystems."/" = {
device = "/dev/disk/by-uuid/e1b6bd50-306d-429a-9f45-78f57bc597c3";
fsType = "ext4";
};
# This is the boot filesystem for systemd-boot
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/D5CA-237A";
fsType = "vfat";
};
# Theming
# Server doesn't require GUI
gui.enable = false;
# Still require colors for programs like Neovim, K9S
theme = { colors = (import ../../colorscheme/gruvbox).dark; };
# Disable passwords, only use SSH key
publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s";
# Programs and services
cloudflare.enable = true; # Proxy traffic with Cloudflare
dotfiles.enable = true; # Clone dotfiles
neovim.enable = true;
giteaRunner.enable = true;
services.caddy.enable = true;
services.grafana.enable = true;
services.openssh.enable = true;
services.victoriametrics.enable = true;
services.influxdb2.enable = true;
services.prometheus.enable = true;
services.gitea.enable = true;
services.vaultwarden.enable = true;
services.minecraft-server.enable = true; # Setup Minecraft server
# Allows private remote access over the internet
cloudflareTunnel = {
enable = true;
id = "bd250ee1-ed2e-42d2-b627-039f1eb5a4d2";
@ -72,6 +61,8 @@ inputs.nixpkgs.lib.nixosSystem {
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK/6oyVqjFGX3Uvrc3VS8J9sphxzAnRzKC85xgkHfYgR3TK6qBGXzHrknEj21xeZrr3G2y1UsGzphWJd9ZfIcdA= open-ssh-ca@cloudflareaccess.org";
};
giteaRunner.enable = true;
# Nextcloud backup config
backup.s3 = {
endpoint = "s3.us-west-002.backblazeb2.com";
@ -79,10 +70,6 @@ inputs.nixpkgs.lib.nixosSystem {
accessKeyId = "0026b0e73b2e2c80000000005";
};
# Disable passwords, only use SSH key
publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s";
# # Wireguard config for Transmission
# wireguard.enable = true;
# networking.wireguard.interfaces.wg0 = {
@ -112,6 +99,9 @@ inputs.nixpkgs.lib.nixosSystem {
# # VPN port forwarding
# services.transmission.settings.peer-port = 57599;
# # Grant access to Transmission directories from Jellyfin
# users.users.jellyfin.extraGroups = [ "transmission" ];
}
];
}

19
hosts/hydra/default.nix
View File

@ -1,28 +1,27 @@
# The Hydra
# System configuration for WSL
{ inputs, globals, overlays, ... }:
{ self, ... }:
inputs.nixpkgs.lib.nixosSystem {
self.inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { };
modules = [
../../modules/common
../../modules/nixos
../../modules/wsl
globals
inputs.wsl.nixosModules.wsl
inputs.home-manager.nixosModules.home-manager
self.inputs.wsl.nixosModules.wsl
self.inputs.home-manager.nixosModules.home-manager
self.nixosModules.globals
self.nixosModules.common
self.nixosModules.nixos
self.nixosModules.wsl
{
networking.hostName = "hydra";
nixpkgs.overlays = overlays;
identityFile = "/home/${globals.user}/.ssh/id_ed25519";
gui.enable = false;
theme = {
colors = (import ../../colorscheme/gruvbox).dark;
dark = true;
};
passwordHash = inputs.nixpkgs.lib.fileContents ../../misc/password.sha512;
passwordHash = inputs.nixpkgs.lib.fileContents ../../password.sha512;
wsl = {
enable = true;
wslConf.automount.root = "/mnt";

29
hosts/lookingglass/default.nix
View File

@ -1,24 +1,23 @@
# The Looking Glass
# System configuration for my work Macbook
{ inputs, globals, overlays, ... }:
{ self, ... }:
inputs.darwin.lib.darwinSystem {
self.inputs.darwin.lib.darwinSystem {
system = "x86_64-darwin";
specialArgs = { };
modules = [
../../modules/common
../../modules/darwin
(globals // rec {
user = "Noah.Masur";
gitName = "Noah-Masur_1701";
gitEmail = "${user}@take2games.com";
})
inputs.home-manager.darwinModules.home-manager
{
nixpkgs.overlays = [ inputs.firefox-darwin.overlay ] ++ overlays;
self.inputs.home-manager.darwinModules.home-manager
self.nixosModules.common
self.nixosModules.darwin
({ config, lib, ... }: {
config = rec {
user = lib.mkForce "Noah.Masur";
gitName = lib.mkForce "Noah-Masur_1701";
gitEmail = lib.mkForce "${user}@take2games.com";
nixpkgs.overlays = [ self.inputs.firefox-darwin.overlay ];
networking.hostName = "lookingglass";
identityFile = "/Users/Noah.Masur/.ssh/id_ed25519";
identityFile = "/Users/${user}/.ssh/id_ed25519";
gui.enable = true;
theme = {
colors = (import ../../colorscheme/gruvbox-dark).dark;
@ -37,11 +36,11 @@ inputs.darwin.lib.darwinSystem {
nixlang.enable = true;
terraform.enable = true;
python.enable = true;
rust.enable = true;
lua.enable = true;
kubernetes.enable = true;
_1password.enable = true;
slack.enable = true;
}
};
})
];
}

18
hosts/staff/default.nix
View File

@ -1,13 +1,16 @@
# The Staff
# ISO configuration for my USB drive
{ inputs, system, overlays, ... }:
{ self, system, ... }:
inputs.nixos-generators.nixosGenerate {
self.inputs.nixos-generators.nixosGenerate {
inherit system;
format = "install-iso";
modules = [{
nixpkgs.overlays = overlays;
modules = [
self.nixosModules.global
self.nixosModules.common
self.nixosModules.nixos
({ config, pkgs, ... }: {
networking.hostName = "staff";
users.extraUsers.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s"
@ -23,9 +26,7 @@ inputs.nixos-generators.nixosGenerate {
PermitRootLogin = "yes";
};
};
environment.systemPackages =
let pkgs = import inputs.nixpkgs { inherit system overlays; };
in with pkgs; [
environment.systemPackages = with pkgs; [
git
vim
wget
@ -39,5 +40,6 @@ inputs.nixos-generators.nixosGenerate {
experimental-features = nix-command flakes
warn-dirty = false
'';
}];
})
];
}

43
hosts/swan/default.nix
View File

@ -1,26 +1,22 @@
# The Swan
# System configuration for my home NAS server
{ inputs, globals, overlays, ... }:
{ self, ... }:
inputs.nixpkgs.lib.nixosSystem {
self.inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { };
modules = [
globals
inputs.home-manager.nixosModules.home-manager
inputs.disko.nixosModules.disko
../../modules/common
../../modules/nixos
self.inputs.home-manager.nixosModules.home-manager
self.inputs.disko.nixosModules.disko
self.nixosModules.globals
self.nixosModules.common
self.nixosModules.nixos
{
nixpkgs.overlays = overlays;
# Hardware
server = true;
physical = true;
networking.hostName = "swan";
# Not sure what's necessary but too afraid to remove anything
boot.initrd.availableKernelModules =
[ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" ];
@ -33,55 +29,35 @@ inputs.nixpkgs.lib.nixosSystem {
"amdgpu.cik_support=1"
"amdgpu.dc=1"
];
# Required binary blobs to boot on this machine
hardware.enableRedistributableFirmware = true;
# Prioritize efficiency over performance
powerManagement.cpuFreqGovernor = "powersave";
# Allow firmware updates
hardware.cpu.intel.updateMicrocode = true;
# ZFS
zfs.enable = true;
# Generated with: head -c 8 /etc/machine-id
networking.hostId = "600279f4"; # Random ID required for ZFS
# Sets root ext4 filesystem instead of declaring it manually
disko = {
enableConfig = true;
devices = (import ../../disks/root.nix { disk = "/dev/nvme0n1"; });
};
# Automatically load the ZFS pool on boot
boot.zfs.extraPools = [ "tank" ];
# Theming
# Server doesn't require GUI
gui.enable = false;
# Still require colors for programs like Neovim, K9S
theme = { colors = (import ../../colorscheme/gruvbox).dark; };
# Programs and services
neovim.enable = true;
cloudflare.enable = true;
dotfiles.enable = true;
arrs.enable = true;
services.bind.enable = true;
services.caddy.enable = true;
services.jellyfin.enable = true;
services.nextcloud.enable = true;
services.calibre-web.enable = true;
services.openssh.enable = true;
services.prometheus.enable = false;
services.vmagent.enable = true;
services.prometheus.enable = true;
services.samba.enable = true;
services.paperless.enable = true;
# Allows private remote access over the internet
cloudflareTunnel = {
enable = true;
id = "646754ac-2149-4a58-b51a-e1d0a1f3ade2";
@ -90,7 +66,6 @@ inputs.nixpkgs.lib.nixosSystem {
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCHF/UMtJqPFrf6f6GRY0ZFnkCW7b6sYgUTjTtNfRj1RdmNic1NoJZql7y6BrqQinZvy7nsr1UFDNWoHn6ah3tg= open-ssh-ca@cloudflareaccess.org";
};
# Send regular backups and litestream for DBs to an S3-like bucket
backup.s3 = {
endpoint = "s3.us-west-002.backblazeb2.com";
bucket = "noahmasur-backup";

54
hosts/tempest/default.nix
View File

@ -1,41 +1,28 @@
# The Tempest
# System configuration for my desktop
{ inputs, globals, overlays, ... }:
{ self, ... }:
inputs.nixpkgs.lib.nixosSystem {
self.inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
globals
inputs.home-manager.nixosModules.home-manager
../../modules/common
../../modules/nixos
self.inputs.home-manager.nixosModules.home-manager
self.nixosModules.globals
self.nixosModules.common
self.nixosModules.nixos
{
nixpkgs.overlays = overlays;
# Hardware
physical = true;
networking.hostName = "tempest";
# Not sure what's necessary but too afraid to remove anything
boot.initrd.availableKernelModules =
[ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
# Graphics and VMs
boot.initrd.kernelModules = [ "amdgpu" ];
boot.kernelModules = [ "kvm-amd" ];
services.xserver.videoDrivers = [ "amdgpu" ];
# Required binary blobs to boot on this machine
hardware.enableRedistributableFirmware = true;
# Prioritize performance over efficiency
powerManagement.cpuFreqGovernor = "performance";
# Allow firmware updates
hardware.cpu.amd.updateMicrocode = true;
# Helps reduce GPU fan noise under idle loads
hardware.fancontrol.enable = true;
hardware.fancontrol.config = ''
# Configuration file generated by pwmconfig, changes will be lost
@ -52,35 +39,28 @@ inputs.nixpkgs.lib.nixosSystem {
MAXPWM=hwmon0/pwm1=240
'';
# File systems must be declared in order to boot
# This is the root filesystem containing NixOS
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
fsType = "ext4";
};
# This is the boot filesystem for Grub
fileSystems."/boot" = {
device = "/dev/disk/by-label/boot";
fsType = "vfat";
};
# Secrets must be prepared ahead before deploying
passwordHash = inputs.nixpkgs.lib.fileContents ../../misc/password.sha512;
# Must be prepared ahead
identityFile = "/home/${globals.user}/.ssh/id_ed25519";
passwordHash = self.inputs.nixpkgs.lib.fileContents ../../password.sha512;
# Theming
# Turn on all features related to desktop and graphical applications
gui.enable = true;
# Set the system-wide theme, also used for non-graphical programs
theme = {
colors = (import ../../colorscheme/gruvbox-dark).dark;
dark = true;
};
wallpaper = "${inputs.wallpapers}/gruvbox/road.jpg";
gtk.theme.name = inputs.nixpkgs.lib.mkDefault "Adwaita-dark";
wallpaper = "${self.inputs.wallpapers}/gruvbox/road.jpg";
gtk.theme.name = self.inputs.nixpkgs.lib.mkDefault "Adwaita-dark";
# Programs and services
charm.enable = true;
@ -99,22 +79,17 @@ inputs.nixpkgs.lib.nixosSystem {
keybase.enable = true;
mullvad.enable = false;
nixlang.enable = true;
rust.enable = true;
yt-dlp.enable = true;
gaming = {
dwarf-fortress.enable = true;
enable = true;
steam.enable = true;
legendary.enable = false; # Electron marked as insecure
legendary.enable = true;
lutris.enable = true;
leagueoflegends.enable = true;
ryujinx.enable = true;
};
services.vmagent.enable = true; # Enables Prometheus metrics
services.openssh.enable =
true; # Required for Cloudflare tunnel and identity file
# Allows private remote access over the internet
cloudflareTunnel = {
enable = true;
id = "ac133a82-31fb-480c-942a-cdbcd4c58173";
@ -123,11 +98,6 @@ inputs.nixpkgs.lib.nixosSystem {
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPY6C0HmdFCaxYtJxFr3qV4/1X4Q8KrYQ1hlme3u1hJXK+xW+lc9Y9glWHrhiTKilB7carYTB80US0O47gI5yU4= open-ssh-ca@cloudflareaccess.org";
};
# Allows requests to force machine to wake up
# This network interface might change, needs to be set specifically for each machine.
# Or set usePredictableInterfaceNames = false
networking.interfaces.enp5s0.wakeOnLan.enable = true;
}
];
}

21
misc/README.md
View File

@ -1,21 +0,0 @@
# Miscellaneous
These files contain important data sourced by the configuration, or simply
information to store for safekeeping later.
---
Creating hashed password for [password.sha512](./password.sha512):
```
mkpasswd -m sha-512
```
---
Getting key for [public-keys](./public-keys):
```
ssh-keyscan -t ed25519 <hostname>
```

23
misc/libratbag-profile
View File

@ -1,23 +0,0 @@
Profile 1: (active)
Name: n/a
Report Rate: 1000Hz
Resolutions:
0: 400dpi (active) (default)
1: 800dpi
2: 1600dpi
3: 2400dpi
4: 0dpi
Button: 0 is mapped to 'button 1'
Button: 1 is mapped to 'button 2'
Button: 2 is mapped to 'button 3'
Button: 3 is mapped to 'button 4'
Button: 4 is mapped to 'button 5'
Button: 5 is mapped to macro '↕F11'
Button: 6 is mapped to macro '↕VOLUMEDOWN'
Button: 7 is mapped to macro '↕VOLUMEUP'
Button: 8 is mapped to 'unknown'
Button: 9 is mapped to 'wheel-right'
Button: 10 is mapped to 'wheel-left'
LED: 0, depth: monochrome, mode: on, color: 000000
LED: 1, depth: monochrome, mode: on, color: 000000
LED: 2, depth: monochrome, mode: on, color: 000000

1
modules/README.md
View File

@ -5,5 +5,4 @@
| [common](./common/default.nix) | User programs and OS-agnostic configuration |
| [darwin](./darwin/default.nix) | macOS-specific configuration |
| [nixos](./nixos/default.nix) | NixOS-specific configuration |
| [wsl](./wsl/default.nix) | WSL-specific configuration |

7
modules/common/applications/firefox.nix
View File

@ -16,7 +16,6 @@
unfreePackages = [
(lib.mkIf config._1password.enable "onepassword-password-manager")
"okta-browser-plugin"
"wappalyzer"
];
home-manager.users.${config.user} = {
@ -43,6 +42,7 @@
darkreader
snowflake
don-t-fuck-with-paste
i-dont-care-about-cookies
wappalyzer
];
settings = {
@ -73,9 +73,6 @@
"media.ffmpeg.vaapi.enabled" =
true; # Enable hardware video acceleration
"cookiebanners.ui.desktop.enabled" = true; # Reject cookie popups
"devtools.command-button-screenshot.enabled" =
true; # Scrolling screenshot of entire page
"svg.context-properties.content.enabled" = true; # Sidebery styling
};
userChrome = ''
:root {
@ -116,7 +113,7 @@
background-color: ${config.theme.colors.base00};
color: ${config.theme.colors.base06} !important;
}
.tab-content[selected] {
.tab-content[selected=true] {
border-bottom: 2px solid color-mix(in srgb, var(--identity-tab-color) 25%, transparent);
background-color: ${config.theme.colors.base01} !important;
color: ${config.theme.colors.base07} !important;

12
modules/common/applications/kitty.nix
View File

@ -28,22 +28,13 @@
programs.rofi.terminal =
lib.mkIf pkgs.stdenv.isLinux "${pkgs.kitty}/bin/kitty";
# Display images in the terminal
programs.fish.shellAliases = {
icat = "kitty +kitten icat";
ssh = "kitty +kitten ssh";
};
programs.kitty = {
enable = true;
environment = { };
extraConfig = "";
font.size = 14;
keybindings = {
# Use shift+enter to complete text suggestions in fish
"shift+enter" = "send_text all \\x1F";
# Easy fullscreen toggle (for macOS)
"super+f" = "toggle_fullscreen";
};
settings = {
@ -94,6 +85,7 @@
# Scrollback
scrolling_lines = 10000;
scrollback_pager_history_size = 10; # MB
scrollback_pager = "${pkgs.neovim}/bin/nvim -c 'normal G'";
# Window
window_padding_width = 6;
@ -101,7 +93,7 @@
tab_bar_edge = "top";
tab_bar_style = "slant";
# Disable audio
# Audio
enable_audio_bell = false;
};
};

22
modules/common/applications/media.nix
View File

@ -22,8 +22,8 @@
enable = true;
bindings = { };
config = {
image-display-duration = 2; # For cycling through images
hwdec = "auto-safe"; # Attempt to use GPU decoding for video
image-display-duration = 2;
hwdec = "auto-safe";
};
scripts = [
@ -31,11 +31,25 @@
pkgs.mpvScripts.autoload
# Delete current file after quitting
pkgs.mpvScripts.mpv-delete-file
(pkgs.stdenv.mkDerivation rec {
pname = "mpv-delete-file";
version = "0.1"; # made-up
src = pkgs.fetchFromGitHub {
owner = "zenyd";
repo = "mpv-scripts";
rev = "19ea069abcb794d1bf8fac2f59b50d71ab992130";
sha256 = "sha256-OBCuzCtgfSwj0i/rBNranuu4LRc47jObwQIJgQQoerg=";
} + "/delete_file.lua";
dontBuild = true;
dontUnpack = true;
installPhase =
"install -Dm644 ${src} $out/share/mpv/scripts/delete_file.lua";
passthru.scriptName = "delete_file.lua";
})
];
};
# Set default programs for opening PDFs and other media
# Set default for opening PDFs
xdg.mimeApps = {
associations.added = {
"application/pdf" = [ "pwmt.zathura-cb.desktop" ];

5
modules/common/applications/obsidian.nix
View File

@ -15,9 +15,8 @@
home.packages = with pkgs; [ obsidian ];
};
# Broken on 2023-12-11
# https://forum.obsidian.md/t/electron-25-is-now-eol-please-upgrade-to-a-newer-version/72878/8
nixpkgs.config.permittedInsecurePackages = [ "electron-25.9.0" ];
# Broken on 2023-04-16
nixpkgs.config.permittedInsecurePackages = [ "electron-21.4.0" ];
};

10
modules/common/default.nix
View File

@ -59,7 +59,7 @@
};
dotfilesRepo = lib.mkOption {
type = lib.types.str;
description = "Link to dotfiles repository HTTPS URL.";
description = "Link to dotfiles repository.";
};
unfreePackages = lib.mkOption {
type = lib.types.listOf lib.types.str;
@ -75,18 +75,10 @@
type = lib.types.str;
description = "Hostname for metrics server.";
};
paperless = lib.mkOption {
type = lib.types.str;
description = "Hostname for document server (paperless-ngx).";
};
prometheus = lib.mkOption {
type = lib.types.str;
description = "Hostname for Prometheus server.";
};
influxdb = lib.mkOption {
type = lib.types.str;
description = "Hostname for InfluxDB2 server.";
};
secrets = lib.mkOption {
type = lib.types.str;
description = "Hostname for passwords and secrets (Vaultwarden).";

38
modules/common/mail/default.nix
View File

@ -1,6 +1,6 @@
{ config, pkgs, lib, ... }: {
imports = [ ./himalaya.nix ./aerc.nix ./system.nix ];
imports = [ ./himalaya.nix ./aerc.nix ];
options = {
mail.enable = lib.mkEnableOption "Mail service.";
@ -27,32 +27,15 @@
home-manager.users.${config.user} = {
programs.mbsync = { enable = true; };
# Automatically check for mail and keep files synced locally
services.mbsync = lib.mkIf pkgs.stdenv.isLinux {
enable = true;
frequency = "*:0/5";
postExec = "${pkgs.notmuch}/bin/notmuch new";
};
# Used to watch for new mail and trigger sync
services.imapnotify.enable = pkgs.stdenv.isLinux;
# Allows sending email from CLI/sendmail
programs.msmtp.enable = true;
# Better local mail search
programs.notmuch = {
enable = true;
new.ignore =
[ ".mbsyncstate.lock" ".mbsyncstate.journal" ".mbsyncstate.new" ];
};
programs.notmuch.enable = true;
accounts.email = {
# Where email files are stored
maildirBasePath = "${config.homePath}/mail";
accounts = {
home = let address = "${config.mail.user}@${config.mail.server}";
in {
@ -65,17 +48,13 @@
"hey"
"admin"
];
# Options for contact completion
alot = { };
flavor = "plain";
imap = {
host = config.mail.imapHost;
port = 993;
tls.enable = true;
};
# Watch for mail and run notifications or sync
imapnotify = {
enable = true;
boxes = [ "Inbox" ];
@ -84,11 +63,7 @@
config.home-manager.users.${config.user}.services.dunst.enable
"${pkgs.libnotify}/bin/notify-send 'New mail arrived'";
};
# Name of the directory in maildir for this account
maildir = { path = "main"; };
# Bi-directional syncing options for local files
mbsync = {
enable = true;
create = "both";
@ -99,17 +74,12 @@
CopyArrivalDate = "yes"; # Sync time of original message
};
};
# Enable indexing
notmuch.enable = true;
# Used to login and send and receive emails
passwordCommand =
"${pkgs.age}/bin/age --decrypt --identity ~/.ssh/id_ed25519 ${
"${pkgs.age}/bin/age --decrypt --identity ${config.identityFile} ${
pkgs.writeText "mailpass.age"
(builtins.readFile ../../../private/mailpass.age)
}";
smtp = {
host = config.mail.smtpHost;
port = 465;

34
modules/common/mail/system.nix
View File

@ -1,34 +0,0 @@
{ config, pkgs, lib, ... }: {
config = lib.mkIf (config.mail.enable || config.server) {
home-manager.users.${config.user} = {
programs.msmtp.enable = true;
# The system user for sending automatic notifications
accounts.email.accounts.system =
let address = "system@${config.mail.server}";
in {
userName = address;
realName = "NixOS System";
primary = !config.mail.enable; # Only primary if mail not enabled
inherit address;
passwordCommand =
"${pkgs.age}/bin/age --decrypt --identity ${config.identityFile} ${
pkgs.writeText "mailpass-system.age"
(builtins.readFile ../../../private/mailpass-system.age)
}";
msmtp.enable = true;
smtp = {
host = config.mail.smtpHost;
port = 465;
tls.enable = true;
};
};
};
};
}

3
modules/common/neovim/config/align.nix
View File

@ -1,7 +1,4 @@
{ pkgs, ... }: {
# Plugin for aligning text programmatically
plugins = [ pkgs.vimPlugins.tabular ];
lua = ''
-- Align

3
modules/common/neovim/config/bufferline.nix
View File

@ -1,7 +1,4 @@
{ pkgs, ... }: {
# Shows buffers in a VSCode-style tab layout
plugins = [
pkgs.vimPlugins.bufferline-nvim
pkgs.vimPlugins.vim-bbye # Better closing of buffers

2
modules/common/neovim/config/colors.nix
View File

@ -1,7 +1,5 @@
{ pkgs, lib, config, ... }: {
# Sets Neovim colors based on Nix colorscheme
options.colors = lib.mkOption {
type = lib.types.attrsOf lib.types.str;
description = "Attrset of base16 colorscheme key value pairs.";

16
modules/common/neovim/config/completion.nix
View File

@ -24,14 +24,12 @@
end
'';
# Enable Luasnip snippet completion
snippet.expand = dsl.rawLua ''
function(args)
require("luasnip").lsp_expand(args.body)
end
'';
# Basic completion keybinds
mapping = {
"['<C-n>']" = dsl.rawLua
"require('cmp').mapping.select_next_item({ behavior = require('cmp').SelectBehavior.Insert })";
@ -66,26 +64,24 @@
'';
};
# These are where the completion engine gets its suggestions
sources = [
{ name = "nvim_lua"; } # Fills in common Neovim lua functions
{ name = "nvim_lsp"; } # LSP results
{ name = "luasnip"; } # Snippets
{ name = "path"; } # Shell completion from current PATH
{ name = "nvim_lua"; }
{ name = "nvim_lsp"; }
{ name = "luasnip"; }
{ name = "path"; }
{
name = "buffer"; # Grep for text from the current text buffer
name = "buffer";
keyword_length = 3;
max_item_count = 10;
}
{
name = "rg"; # Grep for text from the current directory
name = "rg";
keyword_length = 6;
max_item_count = 10;
option = { additional_arguments = "--ignore-case"; };
}
];
# Styling of the completion menu
formatting = {
fields = [ "kind" "abbr" "menu" ];
format = dsl.rawLua ''

14
modules/common/neovim/config/github.lua
View File

@ -1,14 +0,0 @@
-- Keymap to open file in GitHub web
vim.keymap.set("n", "<Leader>gr", ":!gh browse %<CR><CR>", { silent = true })
-- Pop a terminal to watch the current run
local gitwatch =
require("toggleterm.terminal").Terminal:new({ cmd = "fish --interactive --init-command 'gh run watch'" })
-- Set a toggle for this terminal
function GITWATCH_TOGGLE()
gitwatch:toggle()
end
-- Keymap to toggle the run
vim.keymap.set("n", "<Leader>gw", GITWATCH_TOGGLE)

6
modules/common/neovim/config/kubernetes.lua
View File

@ -1,6 +0,0 @@
local k9s = require("toggleterm.terminal").Terminal:new({ cmd = "k9s" })
function K9S_TOGGLE()
k9s:toggle()
end
vim.keymap.set("n", "<Leader>9", K9S_TOGGLE)

54
modules/common/neovim/config/lsp.nix
View File

@ -1,63 +1,28 @@
{ pkgs, lib, config, dsl, ... }: {
{ pkgs, dsl, ... }: {
# Terraform optional because non-free
options.terraform = lib.mkEnableOption "Whether to enable Terraform LSP";
options.github = lib.mkEnableOption "Whether to enable GitHub features";
options.kubernetes =
lib.mkEnableOption "Whether to enable Kubernetes features";
config =
let
terraformFormat = if config.terraform then ''
require("null-ls").builtins.formatting.terraform_fmt.with({
command = "${pkgs.terraform}/bin/terraform",
extra_filetypes = { "hcl" },
}),
'' else
"";
in {
plugins = [
pkgs.vimPlugins.nvim-lspconfig
pkgs.vimPlugins.lsp-colors-nvim
pkgs.vimPlugins.null-ls-nvim
pkgs.vimPlugins.fidget-nvim
];
setup.fidget = { };
use.lspconfig.lua_ls.setup = dsl.callWith {
settings = { Lua = { diagnostics = { globals = [ "vim" "hs" ]; }; }; };
capabilities =
dsl.rawLua "require('cmp_nvim_lsp').default_capabilities()";
capabilities = dsl.rawLua "require('cmp_nvim_lsp').default_capabilities()";
cmd = [ "${pkgs.lua-language-server}/bin/lua-language-server" ];
};
use.lspconfig.nil_ls.setup = dsl.callWith {
cmd = [ "${pkgs.nil}/bin/nil" ];
capabilities =
dsl.rawLua "require('cmp_nvim_lsp').default_capabilities()";
capabilities = dsl.rawLua "require('cmp_nvim_lsp').default_capabilities()";
};
use.lspconfig.pyright.setup = dsl.callWith {
cmd = [ "${pkgs.pyright}/bin/pyright-langserver" "--stdio" ];
};
use.lspconfig.terraformls.setup = dsl.callWith {
cmd = if config.terraform then [
"${pkgs.terraform-ls}/bin/terraform-ls"
"serve"
] else
[ "echo" ];
};
use.lspconfig.rust_analyzer.setup = dsl.callWith {
cmd = [ "${pkgs.rust-analyzer}/bin/rust-analyzer" ];
settings = {
"['rust-analyzer']" = { check = { command = "clippy"; }; };
};
};
use.lspconfig.terraformls.setup =
dsl.callWith { cmd = [ "${pkgs.terraform-ls}/bin/terraform-ls" "serve" ]; };
vim.api.nvim_create_augroup = dsl.callWith [ "LspFormatting" { } ];
@ -80,7 +45,10 @@
command = "${pkgs.shfmt}/bin/shfmt",
extra_args = { "-i", "4", "-ci" },
}),
${terraformFormat}
require("null-ls").builtins.formatting.terraform_fmt.with({
command = "${pkgs.terraform}/bin/terraform",
extra_filetypes = { "hcl" },
}),
},
on_attach = function(client, bufnr)
@ -105,6 +73,4 @@
})
'';
};
}

17
modules/common/neovim/config/misc.nix
View File

@ -7,14 +7,11 @@
pkgs.vimPlugins.comment-nvim # Smart comment commands
pkgs.vimPlugins.glow-nvim # Markdown preview popup
pkgs.vimPlugins.nvim-colorizer-lua # Hex color previews
pkgs.vimPlugins.which-key-nvim # Keybind helper
];
# Initialize some plugins
setup.Comment = { };
setup.colorizer = { user_default_options = { names = false; }; };
setup.colorizer = { };
setup.glow = { };
setup.which-key = { };
vim.o = {
termguicolors = true; # Set to truecolor
@ -44,17 +41,11 @@
relativenumber = true; # Relative numbers instead of absolute
};
# For which-key-nvim
vim.o.timeout = true;
vim.o.timeoutlen = 300;
# Better backup, swap and undo storage
vim.o.backup = true; # Easier to recover and more secure
vim.bo.swapfile = false; # Instead of swaps, create backups
vim.bo.undofile = true; # Keeps undos after quit
vim.o.backupdir =
dsl.rawLua ''vim.fn.expand("~/.local/state/nvim/backup//")'';
vim.o.undodir = dsl.rawLua ''vim.fn.expand("~/.local/state/nvim/undo//")'';
vim.o.backupdir = dsl.rawLua ''vim.fn.stdpath("cache") .. "/backup"'';
# Required for nvim-cmp completion
vim.opt.completeopt = [ "menu" "menuone" "noselect" ];
@ -69,6 +60,10 @@
" Remember last position when reopening file
au BufReadPost * if line("'\"") > 0 && line("'\"") <= line("$") | exe "normal! g`\"" | endif
" LaTeX options
au FileType tex inoremap ;bf \textbf{}<Esc>i
au BufWritePost *.tex silent! execute "!pdflatex -output-directory=%:p:h % >/dev/null 2>&1" | redraw!
" Flash highlight when yanking
au TextYankPost * silent! lua vim.highlight.on_yank { timeout = 250 }
'';

5
modules/common/neovim/config/syntax.nix
View File

@ -4,7 +4,6 @@
(pkgs.vimPlugins.nvim-treesitter.withPlugins (_plugins:
with pkgs.tree-sitter-grammars; [
tree-sitter-bash
# tree-sitter-c
tree-sitter-fish
tree-sitter-hcl
tree-sitter-ini
@ -23,9 +22,7 @@
pkgs.vimPlugins.playground # Tree-sitter experimenting
pkgs.vimPlugins.nginx-vim
pkgs.vimPlugins.vim-helm
pkgs.baleia-nvim # Clean ANSI from kitty scrollback
# pkgs.hmts-nvim # Tree-sitter injections for home-manager
(pkgs.vimUtils.buildVimPlugin {
(pkgs.vimUtils.buildVimPluginFrom2Nix {
pname = "nmasur";
version = "0.1";
src = ../plugin;

2
modules/common/neovim/config/telescope.nix
View File

@ -1,7 +1,5 @@
{ pkgs, dsl, ... }: {
# Telescope is a fuzzy finder that can work with different sub-plugins
plugins = [
pkgs.vimPlugins.telescope-nvim
pkgs.vimPlugins.project-nvim

14
modules/common/neovim/config/toggleterm.lua
View File

@ -12,8 +12,6 @@ vim.api.nvim_create_autocmd("TermOpen", {
end,
})
-- These are all the different types of terminals we can trigger
local terminal = require("toggleterm.terminal").Terminal
local basicterminal = terminal:new()
@ -26,5 +24,17 @@ function NIXPKGS_TOGGLE()
nixpkgs:toggle()
end
local gitwatch = terminal:new({ cmd = "fish --interactive --init-command 'gh run watch'" })
function GITWATCH_TOGGLE()
gitwatch:toggle()
end
local k9s = terminal:new({ cmd = "k9s" })
function K9S_TOGGLE()
k9s:toggle()
end
vim.keymap.set("n", "<Leader>t", TERM_TOGGLE)
vim.keymap.set("n", "<Leader>P", NIXPKGS_TOGGLE)
vim.keymap.set("n", "<Leader>gw", GITWATCH_TOGGLE)
vim.keymap.set("n", "<Leader>9", K9S_TOGGLE)

10
modules/common/neovim/config/toggleterm.nix
View File

@ -1,6 +1,4 @@
{ pkgs, dsl, config, ... }: {
# Toggleterm provides a floating terminal inside the editor for quick access
{ pkgs, dsl, ... }: {
plugins = [ pkgs.vimPlugins.toggleterm-nvim ];
@ -10,10 +8,6 @@
direction = "float";
};
lua = ''
${builtins.readFile ./toggleterm.lua}
${if config.github then (builtins.readFile ./github.lua) else ""}
${if config.kubernetes then (builtins.readFile ./kubernetes.lua) else ""}
'';
lua = builtins.readFile ./toggleterm.lua;
}

21
modules/common/neovim/config/tree.nix
View File

@ -1,7 +1,5 @@
{ pkgs, dsl, ... }: {
# This plugin creates a side drawer for navigating the current project
plugins = [ pkgs.vimPlugins.nvim-tree-lua pkgs.vimPlugins.nvim-web-devicons ];
# Disable netrw eagerly
@ -12,16 +10,16 @@
};
setup.nvim-tree = {
disable_netrw = true; # Disable the built-in file manager
hijack_netrw = true; # Works as the file manager
sync_root_with_cwd = true; # Change project whenever currend dir changes
respect_buf_cwd = true; # Change to exact location of focused buffer
update_focused_file = { # Change project based on the focused buffer
disable_netrw = true;
hijack_netrw = true;
sync_root_with_cwd = true;
respect_buf_cwd = true;
update_focused_file = {
enable = true;
update_root = true;
ignore_list = { };
};
diagnostics = { # Enable LSP and linter integration
diagnostics = {
enable = true;
icons = {
hint = "";
@ -30,7 +28,7 @@
error = "";
};
};
renderer = { # Show files with changes vs. current commit
renderer = {
icons = {
glyphs = {
git = {
@ -45,7 +43,6 @@
};
};
};
# Set keybinds and initialize program
on_attach = dsl.rawLua ''
function (bufnr)
local api = require('nvim-tree.api')
@ -61,15 +58,15 @@
vim.keymap.set('n', 'v', api.node.open.vertical, opts('Open: Vertical Split'))
end
'';
view = { # Set look and feel
view = {
width = 30;
hide_root_folder = false;
side = "left";
number = false;
relativenumber = false;
};
};
# Toggle the sidebar
lua = ''
vim.keymap.set("n", "<Leader>e", ":NvimTreeFindFileToggle<CR>", { silent = true })
'';

24
modules/common/neovim/default.nix
View File

@ -5,9 +5,6 @@ let
neovim = import ./package {
inherit pkgs;
colors = config.theme.colors;
terraform = config.terraform.enable;
github = true;
kubernetes = config.kubernetes.enable;
};
in {
@ -21,17 +18,11 @@ in {
home.packages = [ neovim ];
# Use Neovim as the editor for git commit messages
programs.git.extraConfig.core.editor = "nvim";
programs.jujutsu.settings.ui.editor = "nvim";
# Set Neovim as the default app for text editing and manual pages
home.sessionVariables = {
EDITOR = "nvim";
MANPAGER = "nvim +Man!";
};
# Create quick aliases for launching Neovim
programs.fish = {
shellAliases = { vim = "nvim"; };
shellAbbrs = {
@ -40,20 +31,12 @@ in {
vll = "nvim -c 'Telescope oldfiles'";
};
};
programs.kitty.settings.scrollback_pager = lib.mkForce ''
${neovim}/bin/nvim -c 'setlocal nonumber nolist showtabline=0 foldcolumn=0|Man!' -c "autocmd VimEnter * normal G" -'';
# Set Neovim as the kitty terminal "scrollback" (vi mode) option.
# Requires removing some of the ANSI escape codes that are sent to the
# scrollback using sed and baleia, as well as removing several
# unnecessary features.
programs.kitty.settings.scrollback_pager = ''
$SHELL -c 'sed -r "s/[[:cntrl:]]\]133;[AC]..//g" | ${neovim}/bin/nvim -c "setlocal nonumber norelativenumber nolist laststatus=0" -c "lua baleia = require(\"baleia\").setup({}); baleia.once(0)" -c "map <silent> q :qa!<CR>" -c "autocmd VimEnter * normal G"' '';
# Create a desktop option for launching Neovim from a file manager
# (Requires launching the terminal and then executing Neovim)
xdg.desktopEntries.nvim = lib.mkIf pkgs.stdenv.isLinux {
name = "Neovim wrapper";
exec = "kitty nvim %F";
mimeType = [ "text/plain" "text/markdown" ];
};
xdg.mimeApps.defaultApplications = lib.mkIf pkgs.stdenv.isLinux {
"text/plain" = [ "nvim.desktop" ];
@ -62,6 +45,9 @@ in {
};
# # Used for icons in Vim
# fonts.fonts = with pkgs; [ nerdfonts ];
};
}

7
modules/common/neovim/lua/keybinds.lua
View File

@ -39,6 +39,7 @@ key("n", "<Leader>fs", ":write<CR>")
key("n", "<Leader>fd", ":lcd %:p:h<CR>", { silent = true })
key("n", "<Leader>fu", ":lcd ..<CR>", { silent = true })
key("n", "<Leader><Tab>", ":b#<CR>", { silent = true })
key("n", "<Leader>gr", ":!gh repo view -w<CR><CR>", { silent = true })
key("n", "<Leader>tt", [[<Cmd>exe 'edit $NOTES_PATH/journal/'.strftime("%Y-%m-%d_%a").'.md'<CR>]])
key("n", "<Leader>jj", ":!journal<CR>:e<CR>")
@ -64,12 +65,6 @@ key("n", "<C-Down>", ":resize -2<CR>", { silent = true })
key("n", "<C-Left>", ":vertical resize -2<CR>", { silent = true })
key("n", "<C-Right>", ":vertical resize +2<CR>", { silent = true })
-- Quickfix
key("n", "]q", ":cnext<CR>")
key("n", "[q", ":cprevious<CR>")
key("n", "co", ":copen<CR>")
key("n", "cq", ":cclose<CR>")
-- Other
key("n", "<A-CR>", ":noh<CR>", { silent = true }) --- Clear search in VimWiki
key("n", "Y", "y$") --- Copy to end of line

4
modules/common/neovim/package/default.nix
View File

@ -26,13 +26,13 @@
# ] ++ extraConfig;
# }
{ pkgs, colors, terraform ? false, github ? false, kubernetes ? false, ... }:
{ pkgs, colors, ... }:
# Comes from nix2vim overlay:
# https://github.com/gytis-ivaskevicius/nix2vim/blob/master/lib/neovim-builder.nix
pkgs.neovimBuilder {
package = pkgs.neovim-unwrapped;
inherit colors terraform github kubernetes;
inherit colors;
imports = [
../config/align.nix
../config/bufferline.nix

1
modules/common/programming/default.nix
View File

@ -6,7 +6,6 @@
./lua.nix
./nix.nix
./python.nix
./rust.nix
./terraform.nix
];

17
modules/common/programming/rust.nix
View File

@ -1,17 +0,0 @@
{ config, pkgs, lib, ... }: {
options.rust.enable = lib.mkEnableOption "Rust programming language.";
config = lib.mkIf config.rust.enable {
home-manager.users.${config.user} = {
programs.fish.shellAbbrs = { ca = "cargo"; };
home.packages = with pkgs; [ cargo rustc clippy gcc ];
};
};
}

1
modules/common/programming/terraform.nix
View File

@ -3,7 +3,6 @@
options.terraform.enable = lib.mkEnableOption "Terraform tools.";
config = lib.mkIf config.terraform.enable {
unfreePackages = [ "terraform" ];
home-manager.users.${config.user} = {
programs.fish.shellAbbrs = {

11
modules/common/repositories/dotfiles.nix
View File

@ -1,7 +1,5 @@
{ config, pkgs, lib, ... }: {
# Allows me to make sure I can work on my dotfiles locally
options.dotfiles.enable = lib.mkEnableOption "Clone dotfiles.";
config = lib.mkIf config.dotfiles.enable {
@ -16,8 +14,13 @@
[ "writeBoundary" ] ''
if [ ! -d "${config.dotfilesPath}" ]; then
$DRY_RUN_CMD mkdir --parents $VERBOSE_ARG $(dirname "${config.dotfilesPath}")
$DRY_RUN_CMD ${pkgs.git}/bin/git \
clone ${config.dotfilesRepo} "${config.dotfilesPath}"
# Force HTTPS because anonymous SSH doesn't work
GIT_CONFIG_COUNT=1 \
GIT_CONFIG_KEY_0="url.https://github.com/.insteadOf" \
GIT_CONFIG_VALUE_0="git@github.com:" \
$DRY_RUN_CMD \
${pkgs.git}/bin/git clone ${config.dotfilesRepo} "${config.dotfilesPath}"
fi
'';

3
modules/common/repositories/notes.nix
View File

@ -1,8 +1,5 @@
{ config, ... }: {
# This is just a placeholder as I expect to interact with my notes in a
# certain location
home-manager.users.${config.user} = {
home.sessionVariables = {

26
modules/common/shell/bash/scripts/docker-cleanup.sh
View File

@ -1,26 +0,0 @@
#!/bin/sh
# Stop all containers
if [ "$(docker ps -a -q)" ]; then
echo "Stopping docker containers..."
docker stop "$(docker ps -a -q)"
else
echo "No running docker containers."
fi
# Remove all stopped containers
if [ "$(docker ps -a -q)" ]; then
echo "Removing docker containers..."
docker rm "$(docker ps -a -q)"
else
echo "No stopped docker containers."
fi
# Remove all untagged images
if docker images | grep -q "^<none>"; then
docker rmi "$(docker images | grep "^<none>" | awk '{print $3}')"
else
echo "No untagged docker images."
fi
echo "Cleaned up docker."

3
modules/common/shell/charm.nix
View File

@ -1,7 +1,5 @@
{ config, pkgs, lib, ... }: {
# Convenience utilities from charm.sh
options.charm.enable = lib.mkEnableOption "Charm utilities.";
config.home-manager.users.${config.user} = lib.mkIf config.charm.enable {
@ -10,7 +8,6 @@
glow # Markdown previews
skate # Key-value store
charm # Manage account and filesystem
pop # Send emails from a TUI
];
};

1
modules/common/shell/default.nix
View File

@ -7,7 +7,6 @@
./fzf.nix
./git.nix
./github.nix
./jujutsu.nix
./nixpkgs.nix
./starship.nix
./utilities.nix

17
modules/common/shell/direnv.nix
View File

@ -1,28 +1,11 @@
{ config, ... }: {
# Enables quickly entering Nix shells when changing directories
home-manager.users.${config.user}.programs.direnv = {
enable = true;
nix-direnv.enable = true;
config = { whitelist = { prefix = [ config.dotfilesPath ]; }; };
};
# programs.direnv.direnvrcExtra = ''
# layout_postgres() {
# export PGDATA="$(direnv_layout_dir)/postgres"
# export PGHOST="$PGDATA"
#
# if [[ ! -d "PGDATA" ]]; then
# initdb
# cat >> "$PGDATA/postgres.conf" <<- EOF
# listen_addresses = '''
# unix_socket_directories = '$PGHOST'
# EOF
# echo "CREATE DATABASE $USER;" | postgres --single -E postgres
# fi
# }
# '';
# Prevent garbage collection
nix.extraOptions = ''
keep-outputs = true

16
modules/common/shell/fish/default.nix
View File

@ -1,24 +1,19 @@
{ config, pkgs, lib, ... }: {
users.users.${config.user}.shell = pkgs.fish;
programs.fish.enable = true; # Needed for LightDM to remember username
programs.fish.enable =
true; # Needed for LightDM to remember username (TODO: fix)
home-manager.users.${config.user} = {
# Packages used in abbreviations and aliases
home.packages = with pkgs; [ curl ];
home.packages = with pkgs; [ curl exa ];
programs.fish = {
enable = true;
shellAliases = {
# Version of bash which works much better on the terminal
bash = "${pkgs.bashInteractive}/bin/bash";
# Use eza (exa) instead of ls for fancier output
ls = "${pkgs.eza}/bin/eza --group";
# Move files to XDG trash on the commandline
ls = "exa";
trash = lib.mkIf pkgs.stdenv.isLinux "${pkgs.trash-cli}/bin/trash-put";
};
functions = {
@ -123,6 +118,9 @@
dr = "docker run --rm -it";
db = "docker build . -t";
# Rust
ca = "cargo";
};
shellInit = "";
};

2
modules/common/shell/fzf.nix
View File

@ -1,7 +1,5 @@
{ config, ... }: {
# FZF is a fuzzy-finder for the terminal
home-manager.users.${config.user} = {
programs.fzf.enable = true;

1
modules/common/shell/git.nix
View File

@ -58,7 +58,6 @@ in {
git switch (git symbolic-ref refs/remotes/origin/HEAD | cut -d"/" -f4)'';
gcob = "git switch -c";
gb = "git branch";
gpd = "git push origin -d";
gbd = "git branch -d";
gbD = "git branch -D";
gr = "git reset";

5
modules/common/shell/github.nix
View File

@ -5,9 +5,8 @@
programs.gh =
lib.mkIf config.home-manager.users.${config.user}.programs.git.enable {
enable = true;
gitCredentialHelper.enable = true;
enableGitCredentialHelper = true;
settings.git_protocol = "https";
extensions = [ pkgs.gh-collaborators ];
};
programs.fish =
@ -15,7 +14,7 @@
shellAbbrs = {
ghr = "gh repo view -w";
gha =
"gh run list | head -1 | awk '{ print \\$\\(NF-2\\) }' | xargs gh run view";
"gh run list | head -1 | awk '{ print $(NF-2) }' | xargs gh run view";
grw = "gh run watch";
grf = "gh run view --log-failed";
grl = "gh run view --log";

21
modules/common/shell/jujutsu.nix
View File

@ -1,21 +0,0 @@
{ config, ... }: {
config = {
home-manager.users.${config.user}.programs.jujutsu = {
enable = true;
enableFishIntegration = true;
# https://github.com/martinvonz/jj/blob/main/docs/config.md
settings = {
user = {
name = config.home-manager.users.${config.user}.programs.git.userName;
email =
config.home-manager.users.${config.user}.programs.git.userEmail;
};
};
};
};
}

3
modules/common/shell/nixpkgs.nix
View File

@ -73,9 +73,6 @@
path = builtins.toString pkgs.path;
};
# For security, only allow specific users
settings.allowed-users = [ "@wheel" config.user ];
};
}

8
modules/common/shell/utilities.nix
View File

@ -23,7 +23,6 @@ in {
dig # DNS lookup
fd # find
htop # Show system processes
killall # Force quit
inetutils # Includes telnet, whois
jq # JSON manipulation
lf # File viewer
@ -35,9 +34,6 @@ in {
tree # View directory hierarchy
vimv-rs # Batch rename files
unzip # Extract zips
dua # File sizes (du)
du-dust # Disk usage tree (ncdu)
duf # Basic disk information (df)
];
programs.zoxide.enable = true; # Shortcut jump command
@ -56,6 +52,10 @@ in {
};
};
programs.fish.shellAbbrs = {
cat = "bat"; # Swap cat with bat
};
programs.fish.functions = {
ping = {
description = "Improved ping";

10
modules/darwin/hammerspoon.nix
View File

@ -20,22 +20,12 @@
};
xdg.configFile."hammerspoon/Spoons/MoveWindow.spoon".source =
./hammerspoon/Spoons/MoveWindow.spoon;
home.activation.reloadHammerspoon =
config.home-manager.users.${config.user}.lib.dag.entryAfter
[ "writeBoundary" ] ''
$DRY_RUN_CMD /usr/local/bin/hs -c "hs.reload()"
$DRY_RUN_CMD sleep 1
$DRY_RUN_CMD /usr/local/bin/hs -c "hs.console.clearConsole()"
'';
};
homebrew.casks = [ "hammerspoon" ];
system.activationScripts.postUserActivation.text = ''
defaults write org.hammerspoon.Hammerspoon MJConfigFile "~/.config/hammerspoon/init.lua"
sudo killall Dock
'';
};

15
modules/darwin/hammerspoon/Spoons/Launcher.spoon/init.lua
View File

@ -54,19 +54,14 @@ function obj:init()
end)
-- Launcher shortcuts
self.launcher:bind("ctrl", "space", function() end)
self.launcher:bind("ctrl", "space", function()
end)
self.launcher:bind("", "return", function()
self:switch("@kitty@")
end)
self.launcher:bind("", "C", function()
self:switch("Calendar.app")
end)
self.launcher:bind("shift", "D", function()
hs.execute("launchctl remove com.paloaltonetworks.gp.pangps")
hs.execute("launchctl remove com.paloaltonetworks.gp.pangpa")
hs.alert.show("Disconnected from GlobalProtect", nil, nil, 4)
self.launcher:exit()
end)
self.launcher:bind("", "E", function()
self:switch("Mail.app")
end)
@ -85,12 +80,6 @@ function obj:init()
self.launcher:bind("", "P", function()
self:switch("System Preferences.app")
end)
self.launcher:bind("shift", "P", function()
hs.execute("launchctl load /Library/LaunchAgents/com.paloaltonetworks.gp.pangps.plist")
hs.execute("launchctl load /Library/LaunchAgents/com.paloaltonetworks.gp.pangpa.plist")
hs.alert.show("Reconnecting to GlobalProtect", nil, nil, 4)
self.launcher:exit()
end)
self.launcher:bind("", "R", function()
hs.console.clearConsole()
hs.reload()

9
modules/darwin/hammerspoon/Spoons/MoveWindow.spoon/worklayout.lua
View File

@ -55,15 +55,6 @@ local function worklayout()
local layout = concat(left, right, laptop)
hs.layout.apply(layout)
end)
-- Reload Hammerspoon whenever layout changes
hs.screen.watcher.new(function()
-- Pause for 5 seconds to give time for layout to change
hs.timer.doAfter(5, function()
-- Perform the actual reload
hs.reload()
end)
end)
end
return worklayout

1
modules/darwin/hammerspoon/init.lua
View File

@ -2,4 +2,3 @@ hs.loadSpoon("ControlEscape"):start() -- Load Hammerspoon bits from https://gith
hs.loadSpoon("Launcher"):init()
hs.loadSpoon("DismissAlerts"):init()
hs.loadSpoon("MoveWindow"):init()
hs.ipc.cliInstall() -- Install Hammerspoon CLI program

1
modules/darwin/homebrew.nix
View File

@ -42,7 +42,6 @@
"obsidian" # Obsidian packaging on Nix is not available for macOS
"scroll-reverser" # Different scroll style for mouse vs. trackpad
"steam" # Not packaged for Nix
"epic-games" # Not packaged for Nix
];
};

3
modules/darwin/utilities.nix
View File

@ -11,12 +11,11 @@
youtube-dl # Convert web videos
pandoc # Convert text documents
mpd # TUI slideshows
mpv # Video player
awscli2
awslogs
google-cloud-sdk
ansible
vault-bin
vault
consul
noti # Create notifications programmatically
ipcalc # Make IP network calculations

2
modules/nixos/applications/calibre.nix
View File

@ -14,8 +14,6 @@
home.packages = with pkgs; [ calibre ];
# home.sessionVariables = { CALIBRE_USE_DARK_PALETTE = 1; };
};
# Forces Calibre to use dark mode
environment.sessionVariables = { CALIBRE_USE_DARK_PALETTE = "1"; };
};
}

12
modules/nixos/applications/nautilus.nix
View File

@ -18,14 +18,12 @@
home-manager.users.${config.user} = {
# Quick button for launching nautilus
xsession.windowManager.i3.config.keybindings = {
"${
config.home-manager.users.${config.user}.xsession.windowManager.i3.config.modifier
}+n" = "exec --no-startup-id ${pkgs.gnome.nautilus}/bin/nautilus";
};
# Generates a QR code and previews it with sushi
programs.fish.functions = {
qr = {
body =
@ -33,7 +31,7 @@
};
};
# Set Nautilus as default for opening directories
# Set default for opening directories
xdg.mimeApps = {
associations.added."inode/directory" = [ "org.gnome.Nautilus.desktop" ];
# associations.removed = {
@ -42,7 +40,6 @@
defaultApplications."inode/directory" =
lib.mkBefore [ "org.gnome.Nautilus.desktop" ];
};
};
# # Set default for opening directories
@ -53,13 +50,6 @@
# lib.mkForce [ "org.gnome.Nautilus.desktop" ];
# };
# Delete Trash files older than 1 week
systemd.user.services.empty-trash = {
description = "Empty Trash on a regular basis";
wantedBy = [ "default.target" ];
script = "${pkgs.trash-cli}/bin/trash-empty 7";
};
};
}

9
modules/nixos/gaming/steam.nix
View File

@ -22,15 +22,6 @@
];
# Adapted in part from: https://github.com/Shawn8901/nix-configuration/blob/1c48be94238a9f463cf0bbd1e1842a4454286514/modules/nixos/steam-compat-tools/default.nix
# Based on: https://github.com/NixOS/nixpkgs/issues/73323
environment.sessionVariables.STEAM_EXTRA_COMPAT_TOOLS_PATHS =
lib.makeBinPath [ pkgs.proton-ge-custom ];
# Seems like NetworkManager can help speed up Steam launch
# https://www.reddit.com/r/archlinux/comments/qguhco/steam_startup_time_arch_1451_seconds_fedora_34/hi8opet/
networking.networkmanager.enable = true;
};
}

1
modules/nixos/graphical/default.nix
View File

@ -3,7 +3,6 @@
imports = [
./dunst.nix
./fonts.nix
./gtk.nix
./i3.nix
./picom.nix
./polybar.nix

2
modules/nixos/graphical/fonts.nix
View File

@ -6,7 +6,7 @@ in {
config = lib.mkIf (config.gui.enable && pkgs.stdenv.isLinux) {
fonts.packages = with pkgs; [
fonts.fonts = with pkgs; [
victor-mono # Used for Vim and Terminal
(nerdfonts.override { fonts = [ "Hack" ]; }) # For Polybar, Rofi
];

51
modules/nixos/graphical/gtk.nix
View File

@ -1,51 +0,0 @@
{ config, pkgs, lib, ... }: {
options = {
gtk.theme = {
name = lib.mkOption {
type = lib.types.str;
description = "Theme name for GTK applications";
};
package = lib.mkOption {
type = lib.types.package;
description = "Theme package for GTK applications";
default = pkgs.gnome-themes-extra;
};
};
};
config = lib.mkIf config.gui.enable {
home-manager.users.${config.user} = {
gtk = let
gtkExtraConfig = {
gtk-application-prefer-dark-theme = config.theme.dark;
};
in {
enable = true;
theme = {
name = config.gtk.theme.name;
package = config.gtk.theme.package;
};
gtk3.extraConfig = gtkExtraConfig;
gtk4.extraConfig = gtkExtraConfig;
};
};
# Required for setting GTK theme (for preferred-color-scheme in browser)
services.dbus.packages = [ pkgs.dconf ];
programs.dconf.enable = true;
# Make the login screen dark
services.xserver.displayManager.lightdm.greeters.gtk.theme = {
name = config.gtk.theme.name;
package = config.gtk.theme.package;
};
environment.sessionVariables = { GTK_THEME = config.gtk.theme.name; };
};
}

2
modules/nixos/graphical/i3.nix
View File

@ -45,7 +45,7 @@ in {
{ class = "obsidian"; }
];
"${ws3}" = [{ class = "discord"; }];
"${ws4}" = [ { class = "steam"; } { class = "Steam"; } ];
"${ws4}" = [{ class = "Steam"; }];
};
bars = [{ command = "echo"; }]; # Disable i3bar
colors = let

33
modules/nixos/graphical/polybar.nix
View File

@ -36,7 +36,7 @@
module-margin = 1;
modules-left = "i3";
modules-center = "xwindow";
modules-right = "mailcount network pulseaudio date keyboard power";
modules-right = "mailcount pulseaudio date power";
cursor-click = "pointer";
cursor-scroll = "ns-resize";
enable-ipc = true;
@ -106,14 +106,8 @@
interval = 10;
format = "<label>";
exec = builtins.toString (pkgs.writeShellScript "mailcount.sh" ''
${pkgs.notmuch}/bin/notmuch new --quiet 2>&1>/dev/null
UNREAD=$(
${pkgs.notmuch}/bin/notmuch count \
is:inbox and \
is:unread and \
folder:main/Inbox \
2>/dev/null
)
${pkgs.notmuch}/bin/notmuch new > /dev/null
UNREAD=$(${pkgs.notmuch}/bin/notmuch count is:inbox and is:unread and folder:main/Inbox)
if [ $UNREAD = "0" ]; then
echo ""
else
@ -124,16 +118,6 @@
"i3-msg 'exec --no-startup-id kitty --class aerc aerc'; sleep 0.15; i3-msg '[class=aerc] focus'";
};
"module/network" = {
type = "internal/network";
interface-type = "wired";
interval = 3;
accumulate-stats = true;
format-connected = "<label-connected>";
format-disconnected = "<label-disconnected>";
label-connected = "";
label-disconnected = "";
};
"module/pulseaudio" = {
type = "internal/pulseaudio";
# format-volume-prefix = "VOL ";
@ -143,10 +127,10 @@
# label-volume-background = colors.background;
format-volume-foreground = config.theme.colors.base0B;
label-volume = "%percentage%%";
label-muted = "󰝟 ---";
label-muted = " ---";
label-muted-foreground = config.theme.colors.base03;
ramp-volume-0 = "";
ramp-volume-1 = "󰕾";
ramp-volume-1 = "";
ramp-volume-2 = "";
click-right = config.audioSwitchCommand;
};
@ -200,17 +184,10 @@
label-foreground = config.theme.colors.base0A;
# format-background = colors.background;
};
"module/keyboard" = {
type = "custom/text";
content = "󰌌";
click-left = "doas systemctl restart keyd";
content-foreground = config.theme.colors.base04;
};
"module/power" = {
type = "custom/text";
content = " ";
click-left = config.powerCommand;
click-right = "polybar-msg cmd restart";
content-foreground = config.theme.colors.base04;
};
"settings" = {

2
modules/nixos/graphical/rofi.nix
View File

@ -59,7 +59,7 @@ in {
border = mkLiteral "0px";
border-radius = mkLiteral "0px";
border-color = mkLiteral config.theme.colors.base04;
children = map mkLiteral [ "inputbar" "message" "listview" ];
children = map mkLiteral [ "inputbar" "listview" ];
spacing = mkLiteral "10px";
padding = mkLiteral "10px";
};

2
modules/nixos/graphical/rofi/power.nix
View File

@ -25,7 +25,7 @@ in {
| ${rofi}/bin/rofi \
-theme-str '@import "power.rasi"' \
-hover-select \
-me-select-entry "" \
-me-select-entry ''' \
-me-accept-entry MousePrimary \
-dmenu \
-sep ';' \

2
modules/nixos/graphical/rofi/rofi-prompt.sh
View File

@ -32,7 +32,7 @@ done
chosen=$(printf '%s;%s\n' "$yes" "$no" |
rofi -theme-str '@import "prompt.rasi"' \
-hover-select \
-me-select-entry "" \
-me-select-entry '' \
-me-accept-entry MousePrimary \
-p "$query" \
-dmenu \

21
modules/nixos/graphical/rofi/themes/prompt.rasi
View File

@ -4,13 +4,14 @@
*/
@import "common.rasi"
* {
font: @prompt-text-font;
font: @text-font;
}
#window {
height: @prompt-window-height;
width: @prompt-window-width;
children: [ inputbar, horibox ];
border: @prompt-window-border;
border-color: @accent;
}
#inputbar {
enabled: false;
@ -18,6 +19,8 @@
#prompt {
padding: @prompt-prompt-padding;
margin: @prompt-prompt-margin;
background-color: @accent;
text-color: @background-light;
}
#listview {
padding: @prompt-listview-padding;
@ -28,3 +31,19 @@
font: @prompt-text-font;
padding: @prompt-element-padding;
}
element.alternate.active,
element.normal.active,
element.alternate.urgent,
element.normal.urgent {
background-color: @background-light;
text-color: @foreground;
}
element.selected.urgent {
background-color: @off;
text-color: @background;
}
element.selected.active {
background-color: @on;
text-color: @background;
}

44
modules/nixos/graphical/xorg.nix
View File

@ -1,6 +1,27 @@
{ config, pkgs, lib, ... }: {
config = lib.mkIf config.gui.enable {
options = {
gtk.theme = {
name = lib.mkOption {
type = lib.types.str;
description = "Theme name for GTK applications";
};
package = lib.mkOption {
type = lib.types.str;
description = "Theme package name for GTK applications";
default = "gnome-themes-extra";
};
};
};
config = let
gtkTheme = {
name = config.gtk.theme.name;
package = pkgs."${config.gtk.theme.package}";
};
in lib.mkIf config.gui.enable {
# Enable the X11 windowing system.
services.xserver = {
@ -15,8 +36,10 @@
enable = config.services.xserver.enable;
background = config.wallpaper;
# Make the login screen dark
greeters.gtk.theme = gtkTheme;
# Show default user
# Also make sure /var/lib/AccountsService/users/<user> has SystemAccount=false
extraSeatDefaults = ''
greeter-hide-users = false
'';
@ -31,6 +54,12 @@
xclip # Clipboard
];
# Required for setting GTK theme (for preferred-color-scheme in browser)
services.dbus.packages = [ pkgs.dconf ];
programs.dconf.enable = true;
environment.sessionVariables = { GTK_THEME = config.gtk.theme.name; };
home-manager.users.${config.user} = {
programs.fish.shellAliases = {
@ -38,6 +67,17 @@
pbpaste = "xclip -selection clipboard -out";
};
gtk = let
gtkExtraConfig = {
gtk-application-prefer-dark-theme = config.theme.dark;
};
in {
enable = true;
theme = gtkTheme;
gtk3.extraConfig = gtkExtraConfig;
gtk4.extraConfig = gtkExtraConfig;
};
};
};

2
modules/nixos/hardware/boot.nix
View File

@ -1,6 +1,6 @@
{ config, pkgs, lib, ... }: {
boot.loader = lib.mkIf (config.physical && !config.server) {
boot.loader = lib.mkIf config.physical {
grub = {
enable = true;

11
modules/nixos/hardware/keyboard.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, ... }: {
{ config, ... }: {
config = {
@ -15,17 +15,8 @@
# Use capslock as escape and/or control
services.keyd = {
enable = true;
keyboards = {
default = {
ids = [ "*" ];
settings = { main = { capslock = "overload(control, esc)"; }; };
};
};
};
# For some reason, keyd doesn't restart properly when updating
system.activationScripts.keyd.text =
"${pkgs.systemd}/bin/systemctl restart keyd.service";
# Enable num lock on login
home-manager.users.${config.user}.xsession.numlock.enable = true;

18
modules/nixos/hardware/networking.nix
View File

@ -1,8 +1,13 @@
{ config, pkgs, lib, ... }: {
{ config, lib, ... }: {
config = lib.mkIf config.physical {
networking.useDHCP = !config.networking.networkmanager.enable;
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config
# replicates the default behaviour.
networking.useDHCP = false;
networking.interfaces.enp5s0.useDHCP = true;
networking.interfaces.wlp4s0.useDHCP = true;
networking.firewall.allowPing = lib.mkIf config.server true;
@ -10,9 +15,6 @@
services.avahi = {
enable = true;
domainName = "local";
ipv6 = false; # Should work either way
# Resolve local hostnames using Avahi DNS
nssmdns4 = true;
publish = {
enable = true;
addresses = true;
@ -21,10 +23,8 @@
};
};
environment.systemPackages = [
(pkgs.writeShellScriptBin "wake-tempest"
"${pkgs.wakeonlan}/bin/wakeonlan --ip=192.168.1.255 74:56:3C:40:37:5D")
];
# Resolve local hostnames using Avahi DNS
services.avahi.nssmdns = true;
};

4
modules/nixos/hardware/server.nix
View File

@ -1,6 +1,6 @@
{ config, lib, ... }: {
{ config, pkgs, lib, ... }: {
config = lib.mkIf config.server {
config = lib.mkIf (pkgs.stdenv.isLinux && config.server) {
# Servers need a bootloader or they won't start
boot.loader.systemd-boot.enable = true;

2
modules/nixos/hardware/sleep.nix
View File

@ -1,6 +1,6 @@
{ config, pkgs, lib, ... }: {
config = lib.mkIf (config.physical && !config.server) {
config = lib.mkIf config.physical {
# Prevent wake from keyboard
powerManagement.powerDownCommands = ''

2
modules/nixos/hardware/wifi.nix
View File

@ -3,7 +3,7 @@
config = lib.mkIf (config.physical && pkgs.stdenv.isLinux) {
# Enables wireless support via wpa_supplicant.
networking.wireless.enable = !config.networking.networkmanager.enable;
networking.wireless.enable = true;
# Allows the user to control the WiFi settings.
networking.wireless.userControlled.enable = true;

15
modules/nixos/hardware/zfs.nix
View File

@ -1,20 +1,15 @@
{ config, lib, ... }: {
{ config, pkgs, lib, ... }: {
options = { zfs.enable = lib.mkEnableOption "ZFS file system."; };
config = lib.mkIf (config.server && config.zfs.enable) {
config =
lib.mkIf (pkgs.stdenv.isLinux && config.server && config.zfs.enable) {
# Only use compatible Linux kernel, since ZFS can be behind
boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
boot.kernelPackages =
config.boot.zfs.package.latestCompatibleLinuxPackages;
boot.kernelParams = [ "nohibernate" ];
boot.supportedFilesystems = [ "zfs" ];
services.prometheus.exporters.zfs.enable =
config.prometheus.exporters.enable;
prometheus.scrapeTargets = [
"127.0.0.1:${
builtins.toString config.services.prometheus.exporters.zfs.port
}"
];
};

115
modules/nixos/services/arr.nix
View File

@ -1,31 +1,4 @@
{ config, pkgs, lib, ... }:
let
arrConfig = {
radarr = {
exportarrPort = "9707";
url = "localhost:7878";
apiKey = config.secrets.radarrApiKey.dest;
};
sonarr = {
exportarrPort = "9708";
url = "localhost:8989";
apiKey = config.secrets.sonarrApiKey.dest;
};
prowlarr = {
exportarrPort = "9709";
url = "localhost:9696";
apiKey = config.secrets.prowlarrApiKey.dest;
};
sabnzbd = {
exportarrPort = "9710";
url = "localhost:8085";
apiKey = config.secrets.sabnzbdApiKey.dest;
};
};
in {
{ config, lib, ... }: {
options = { arrs.enable = lib.mkEnableOption "Arr services"; };
@ -70,7 +43,7 @@ in {
}];
handle = [{
handler = "reverse_proxy";
upstreams = [{ dial = arrConfig.sonarr.url; }];
upstreams = [{ dial = "localhost:8989"; }];
}];
}
{
@ -81,7 +54,7 @@ in {
}];
handle = [{
handler = "reverse_proxy";
upstreams = [{ dial = arrConfig.radarr.url; }];
upstreams = [{ dial = "localhost:7878"; }];
}];
}
{
@ -103,11 +76,7 @@ in {
}];
handle = [{
handler = "reverse_proxy";
upstreams = [{
dial = "localhost:${
builtins.toString config.services.bazarr.listenPort
}";
}];
upstreams = [{ dial = "localhost:6767"; }];
}];
}
{
@ -118,7 +87,7 @@ in {
}];
handle = [{
handler = "reverse_proxy";
upstreams = [{ dial = arrConfig.sabnzbd.url; }];
upstreams = [{ dial = "localhost:8085"; }];
}];
}
{
@ -126,83 +95,11 @@ in {
match = [{ host = [ config.hostnames.download ]; }];
handle = [{
handler = "reverse_proxy";
upstreams = [{
dial =
"localhost:${builtins.toString config.services.jellyseerr.port}";
}];
upstreams = [{ dial = "localhost:5055"; }];
}];
}
];
# Enable Prometheus exporters
systemd.services = lib.mapAttrs' (name: attrs: {
name = "prometheus-${name}-exporter";
value = {
description = "Export Prometheus metrics for ${name}";
after = [ "network.target" ];
wantedBy = [ "${name}.service" ];
serviceConfig = {
Type = "simple";
DynamicUser = true;
ExecStart = let
url = if name != "sabnzbd" then
"http://${attrs.url}/${name}"
else
"http://${attrs.url}";
in ''
${pkgs.exportarr}/bin/exportarr ${name} \
--url ${url} \
--port ${attrs.exportarrPort}'';
EnvironmentFile =
lib.mkIf (builtins.hasAttr "apiKey" attrs) attrs.apiKey;
Restart = "on-failure";
ProtectHome = true;
ProtectSystem = "strict";
PrivateTmp = true;
PrivateDevices = true;
ProtectHostname = true;
ProtectClock = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectKernelLogs = true;
ProtectControlGroups = true;
NoNewPrivileges = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RemoveIPC = true;
PrivateMounts = true;
};
};
}) arrConfig;
# Secrets for Prometheus exporters
secrets.radarrApiKey = {
source = ../../../private/radarr-api-key.age;
dest = "/var/private/radarr-api";
prefix = "API_KEY=";
};
secrets.sonarrApiKey = {
source = ../../../private/sonarr-api-key.age;
dest = "/var/private/sonarr-api";
prefix = "API_KEY=";
};
secrets.prowlarrApiKey = {
source = ../../../private/prowlarr-api-key.age;
dest = "/var/private/prowlarr-api";
prefix = "API_KEY=";
};
secrets.sabnzbdApiKey = {
source = ../../../private/sabnzbd-api-key.age;
dest = "/var/private/sabnzbd-api";
prefix = "API_KEY=";
};
# Prometheus scrape targets
prometheus.scrapeTargets = map (key:
"127.0.0.1:${
lib.attrsets.getAttrFromPath [ key "exportarrPort" ] arrConfig
}") (builtins.attrNames arrConfig);
};
}

55
modules/nixos/services/bind.nix
View File

@ -1,55 +0,0 @@
{ config, pkgs, lib, ... }:
let
localIp = "192.168.1.218";
localServices = [
config.hostnames.stream
config.hostnames.content
config.hostnames.books
config.hostnames.download
];
mkRecord = service: "${service} A ${localIp}";
localRecords = lib.concatLines (map mkRecord localServices);
in {
config = lib.mkIf config.services.bind.enable {
caddy.cidrAllowlist = [ "192.168.0.0/16" ];
services.bind = {
cacheNetworks = [ "127.0.0.0/24" "192.168.0.0/16" ];
forwarders = [ "1.1.1.1" "1.0.0.1" ];
ipv4Only = true;
# Use rpz zone as an override
extraOptions = ''response-policy { zone "rpz"; };'';
zones = {
rpz = {
master = true;
file = pkgs.writeText "db.rpz" ''
$TTL 60 ; 1 minute
@ IN SOA localhost. root.localhost. (
2023071800 ; serial
1h ; refresh
30m ; retry
1w ; expire
30m ; minimum ttl
)
IN NS localhost.
localhost A 127.0.0.1
${localRecords}
'';
};
};
};
networking.firewall.allowedTCPPorts = [ 53 ];
networking.firewall.allowedUDPPorts = [ 53 ];
};
}

32
modules/nixos/services/caddy.nix
View File

@ -1,41 +1,25 @@
{ config, pkgs, lib, ... }: {
options = {
caddy = {
tlsPolicies = lib.mkOption {
caddy.tlsPolicies = lib.mkOption {
type = lib.types.listOf lib.types.attrs;
description = "Caddy JSON TLS policies";
default = [ ];
};
routes = lib.mkOption {
caddy.routes = lib.mkOption {
type = lib.types.listOf lib.types.attrs;
description = "Caddy JSON routes for http servers";
default = [ ];
};
blocks = lib.mkOption {
caddy.blocks = lib.mkOption {
type = lib.types.listOf lib.types.attrs;
description = "Caddy JSON error blocks for http servers";
default = [ ];
};
cidrAllowlist = lib.mkOption {
type = lib.types.listOf lib.types.str;
description = "CIDR blocks to allow for requests";
default = [ ];
};
};
};
config = lib.mkIf config.services.caddy.enable {
# Force Caddy to 403 if not coming from allowlisted source
caddy.cidrAllowlist = [ "127.0.0.1/32" ];
caddy.routes = [{
match = [{ not = [{ remote_ip.ranges = config.caddy.cidrAllowlist; }]; }];
handle = [{
handler = "static_response";
status_code = "403";
}];
}];
config =
lib.mkIf (config.services.caddy.enable && config.caddy.routes != [ ]) {
services.caddy = {
adapter = "''"; # Required to enable JSON
@ -44,9 +28,8 @@
listen = [ ":443" ];
routes = config.caddy.routes;
errors.routes = config.caddy.blocks;
logs = { }; # Uncomment to collect access logs
# logs = { }; # Uncomment to collect access logs
};
apps.http.servers.metrics = { }; # Enables Prometheus metrics
apps.tls.automation.policies = config.caddy.tlsPolicies;
logging.logs.main = {
encoder = { format = "console"; };
@ -54,7 +37,6 @@
output = "file";
filename = "${config.services.caddy.logDir}/caddy.log";
roll = true;
roll_size_mb = 1;
};
level = "INFO";
};
@ -65,8 +47,6 @@
networking.firewall.allowedTCPPorts = [ 80 443 ];
networking.firewall.allowedUDPPorts = [ 443 ];
prometheus.scrapeTargets = [ "127.0.0.1:2019" ];
};
}

6
modules/nixos/services/calibre.nix
View File

@ -30,11 +30,7 @@ in {
match = [{ host = [ config.hostnames.books ]; }];
handle = [{
handler = "reverse_proxy";
upstreams = [{
dial = "localhost:${
builtins.toString config.services.calibre-web.listen.port
}";
}];
upstreams = [{ dial = "localhost:8083"; }];
headers.request.add."X-Script-Name" = [ "/calibre-web" ];
}];
}];

13
modules/nixos/services/cloudflare.nix
View File

@ -41,10 +41,19 @@ in {
config = lib.mkIf config.cloudflare.enable {
# Forces Caddy to error if coming from a non-Cloudflare IP
caddy.cidrAllowlist = cloudflareIpRanges;
caddy.blocks = [{
match = [{ not = [{ remote_ip.ranges = cloudflareIpRanges; }]; }];
handle = [{
handler = "static_response";
abort = true;
}];
}];
# Tell Caddy to use Cloudflare DNS for ACME challenge validation
services.caddy.package = pkgs.caddy-cloudflare; # Patched overlay
services.caddy.package = (pkgs.callPackage ../../../overlays/caddy.nix {
plugins = [ "github.com/caddy-dns/cloudflare" ];
# vendorSha256 = "sha256-K9HPZnr+hMcK5aEd1H4gEg6PXAaNrNWFvaHYm5m62JY=";
});
caddy.tlsPolicies = [{
issuers = [{
module = "acme";

4
modules/nixos/services/default.nix
View File

@ -3,7 +3,6 @@
imports = [
./arr.nix
./backups.nix
./bind.nix
./caddy.nix
./calibre.nix
./cloudflare-tunnel.nix
@ -13,21 +12,18 @@
./gnupg.nix
./grafana.nix
./honeypot.nix
./influxdb2.nix
./jellyfin.nix
./keybase.nix
./mullvad.nix
./n8n.nix
./netdata.nix
./nextcloud.nix
./paperless.nix
./prometheus.nix
./samba.nix
./secrets.nix
./sshd.nix
./transmission.nix
./vaultwarden.nix
./victoriametrics.nix
./wireguard.nix
];

26
modules/nixos/services/gitea-runner.nix
View File

@ -10,9 +10,9 @@
enable = true;
labels = [
# Provide a Debian base with NodeJS for actions
# "debian-latest:docker://node:18-bullseye"
"debian-latest:docker://node:18-bullseye"
# Fake the Ubuntu name, because Node provides no Ubuntu builds
# "ubuntu-latest:docker://node:18-bullseye"
"ubuntu-latest:docker://node:18-bullseye"
# Provide native execution on the host using below packages
"native:host"
];
@ -31,28 +31,6 @@
tokenFile = config.secrets.giteaRunnerToken.dest;
};
# Make sure the runner doesn't start until after Gitea
systemd.services."gitea-runner-${config.networking.hostName}".after =
[ "gitea.service" ];
# API key needed to connect to Gitea
secrets.giteaRunnerToken = {
source = ../../../private/gitea-runner-token.age; # TOKEN=xyz
dest = "${config.secretsDirectory}/gitea-runner-token";
};
systemd.services.giteaRunnerToken-secret = {
requiredBy = [
"gitea-runner-${
config.services.gitea-actions-runner.instances.${config.networking.hostName}.name
}.service"
];
before = [
"gitea-runner-${
config.services.gitea-actions-runner.instances.${config.networking.hostName}.name
}.service"
];
};
};
}

28
modules/nixos/services/gitea.nix
View File

@ -9,7 +9,6 @@ in {
database.type = "sqlite3";
settings = {
actions.ENABLED = true;
metrics.ENABLED = true;
repository = {
DEFAULT_PUSH_CREATE_PRIVATE = true;
DISABLE_HTTP_GIT = false;
@ -38,36 +37,13 @@ in {
networking.firewall.allowedTCPPorts = [ 122 ];
users.users.${config.user}.extraGroups = [ "gitea" ];
caddy.routes = [
{
match = [{
host = [ config.hostnames.git ];
path = [ "/metrics*" ];
}];
handle = [{
handler = "static_response";
status_code = "403";
}];
}
{
caddy.routes = [{
match = [{ host = [ config.hostnames.git ]; }];
handle = [{
handler = "reverse_proxy";
upstreams = [{
dial = "localhost:${
builtins.toString
config.services.gitea.settings.server.HTTP_PORT
}";
upstreams = [{ dial = "localhost:3001"; }];
}];
}];
}
];
prometheus.scrapeTargets = [
"127.0.0.1:${
builtins.toString config.services.gitea.settings.server.HTTP_PORT
}"
];
## Backup config

2317
modules/nixos/services/grafana.nix
View File

File diff suppressed because it is too large Load Diff

Some files were not shown because too many files have changed in this diff Show More