diff --git a/flake.lock b/flake.lock index 0c852e1..cc30b87 100644 --- a/flake.lock +++ b/flake.lock @@ -205,13 +205,16 @@ } }, "devshell_2": { - "flake": false, + "inputs": { + "flake-utils": "flake-utils_3", + "nixpkgs": "nixpkgs_2" + }, "locked": { - "lastModified": 1663445644, - "narHash": "sha256-+xVlcK60x7VY1vRJbNUEAHi17ZuoQxAIH4S4iUFUGBA=", + "lastModified": 1678957337, + "narHash": "sha256-Gw4nVbuKRdTwPngeOZQOzH/IFowmz4LryMPDiJN/ah4=", "owner": "numtide", "repo": "devshell", - "rev": "e3dc3e21594fe07bdb24bdf1c8657acaa4cb8f66", + "rev": "3e0e60ab37cd0bf7ab59888f5c32499d851edb47", "type": "github" }, "original": { @@ -221,25 +224,6 @@ } }, "devshell_3": { - "inputs": { - "flake-utils": "flake-utils_4", - "nixpkgs": "nixpkgs_5" - }, - "locked": { - "lastModified": 1678957337, - "narHash": "sha256-Gw4nVbuKRdTwPngeOZQOzH/IFowmz4LryMPDiJN/ah4=", - "owner": "numtide", - "repo": "devshell", - "rev": "3e0e60ab37cd0bf7ab59888f5c32499d851edb47", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "devshell", - "type": "github" - } - }, - "devshell_4": { "flake": false, "locked": { "lastModified": 1663445644, @@ -255,10 +239,10 @@ "type": "github" } }, - "devshell_5": { + "devshell_4": { "inputs": { - "flake-utils": "flake-utils_6", - "nixpkgs": "nixpkgs_9" + "flake-utils": "flake-utils_5", + "nixpkgs": "nixpkgs_6" }, "locked": { "lastModified": 1678957337, @@ -274,7 +258,42 @@ "type": "github" } }, + "devshell_5": { + "flake": false, + "locked": { + "lastModified": 1663445644, + "narHash": "sha256-+xVlcK60x7VY1vRJbNUEAHi17ZuoQxAIH4S4iUFUGBA=", + "owner": "numtide", + "repo": "devshell", + "rev": "e3dc3e21594fe07bdb24bdf1c8657acaa4cb8f66", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, "devshell_6": { + "inputs": { + "flake-utils": "flake-utils_7", + "nixpkgs": "nixpkgs_10" + }, + "locked": { + "lastModified": 1678957337, + "narHash": "sha256-Gw4nVbuKRdTwPngeOZQOzH/IFowmz4LryMPDiJN/ah4=", + "owner": "numtide", + "repo": "devshell", + "rev": "3e0e60ab37cd0bf7ab59888f5c32499d851edb47", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, + "devshell_7": { "flake": false, "locked": { "lastModified": 1663445644, @@ -294,7 +313,7 @@ "inputs": { "all-cabal-json": "all-cabal-json", "crane": "crane", - "devshell": "devshell_2", + "devshell": "devshell_3", "drv-parts": "drv-parts", "flake-compat": "flake-compat_2", "flake-parts": "flake-parts", @@ -303,7 +322,7 @@ "gomod2nix": "gomod2nix", "mach-nix": "mach-nix", "nix-pypi-fetcher": "nix-pypi-fetcher", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs_3", "nixpkgsV1": "nixpkgsV1", "poetry2nix": "poetry2nix", "pre-commit-hooks": "pre-commit-hooks", @@ -327,7 +346,7 @@ "inputs": { "all-cabal-json": "all-cabal-json_2", "crane": "crane_2", - "devshell": "devshell_4", + "devshell": "devshell_5", "drv-parts": "drv-parts_2", "flake-compat": "flake-compat_4", "flake-parts": "flake-parts_3", @@ -336,7 +355,7 @@ "gomod2nix": "gomod2nix_2", "mach-nix": "mach-nix_2", "nix-pypi-fetcher": "nix-pypi-fetcher_2", - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_7", "nixpkgsV1": "nixpkgsV1_2", "poetry2nix": "poetry2nix_2", "pre-commit-hooks": "pre-commit-hooks_2", @@ -360,16 +379,16 @@ "inputs": { "all-cabal-json": "all-cabal-json_3", "crane": "crane_3", - "devshell": "devshell_6", + "devshell": "devshell_7", "drv-parts": "drv-parts_3", "flake-compat": "flake-compat_6", - "flake-parts": "flake-parts_5", + "flake-parts": "flake-parts_6", "flake-utils-pre-commit": "flake-utils-pre-commit_3", "ghc-utils": "ghc-utils_3", "gomod2nix": "gomod2nix_3", "mach-nix": "mach-nix_3", "nix-pypi-fetcher": "nix-pypi-fetcher_3", - "nixpkgs": "nixpkgs_10", + "nixpkgs": "nixpkgs_11", "nixpkgsV1": "nixpkgsV1_3", "poetry2nix": "poetry2nix_3", "pre-commit-hooks": "pre-commit-hooks_3", @@ -487,7 +506,7 @@ }, "emulator-2a": { "inputs": { - "devshell": "devshell", + "devshell": "devshell_2", "dream2nix": "dream2nix", "flake-parts": "flake-parts_2", "nixpkgs": [ @@ -513,7 +532,7 @@ }, "fend": { "inputs": { - "devshell": "devshell_3", + "devshell": "devshell_4", "dream2nix": "dream2nix_2", "flake-parts": "flake-parts_4", "nixpkgs": [ @@ -766,6 +785,24 @@ } }, "flake-parts_5": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib_3" + }, + "locked": { + "lastModified": 1680392223, + "narHash": "sha256-n3g7QFr85lDODKt250rkZj2IFS3i4/8HBU2yKHO3tqw=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "dcc36e45d054d7bb554c9cdab69093debd91a0b5", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_6": { "inputs": { "nixpkgs-lib": [ "mensa", @@ -787,9 +824,9 @@ "type": "github" } }, - "flake-parts_6": { + "flake-parts_7": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib_3" + "nixpkgs-lib": "nixpkgs-lib_4" }, "locked": { "lastModified": 1680392223, @@ -805,7 +842,7 @@ "type": "github" } }, - "flake-parts_7": { + "flake-parts_8": { "inputs": { "nixpkgs-lib": [ "nixpkgs-wayland", @@ -904,11 +941,11 @@ }, "flake-utils_3": { "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "lastModified": 1642700792, + "narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=", "owner": "numtide", "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "rev": "846b2ae0fc4cc943637d3d1def4454213e203cba", "type": "github" }, "original": { @@ -919,11 +956,11 @@ }, "flake-utils_4": { "locked": { - "lastModified": 1642700792, - "narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=", + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", "owner": "numtide", "repo": "flake-utils", - "rev": "846b2ae0fc4cc943637d3d1def4454213e203cba", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", "type": "github" }, "original": { @@ -933,6 +970,21 @@ } }, "flake-utils_5": { + "locked": { + "lastModified": 1642700792, + "narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "846b2ae0fc4cc943637d3d1def4454213e203cba", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_6": { "locked": { "lastModified": 1667395993, "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", @@ -947,7 +999,7 @@ "type": "github" } }, - "flake-utils_6": { + "flake-utils_7": { "locked": { "lastModified": 1642700792, "narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=", @@ -962,7 +1014,7 @@ "type": "github" } }, - "flake-utils_7": { + "flake-utils_8": { "locked": { "lastModified": 1667395993, "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", @@ -977,7 +1029,7 @@ "type": "github" } }, - "flake-utils_8": { + "flake-utils_9": { "inputs": { "systems": "systems" }, @@ -995,21 +1047,6 @@ "type": "github" } }, - "flake-utils_9": { - "locked": { - "lastModified": 1644229661, - "narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "3cecb5b042f7f209c56ffd8371b2711a290ec797", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "ghc-utils": { "flake": false, "locked": { @@ -1300,8 +1337,8 @@ }, "lib-aggregate": { "inputs": { - "flake-utils": "flake-utils_8", - "nixpkgs-lib": "nixpkgs-lib_5" + "flake-utils": "flake-utils_9", + "nixpkgs-lib": "nixpkgs-lib_6" }, "locked": { "lastModified": 1681214977, @@ -1380,9 +1417,9 @@ }, "mensa": { "inputs": { - "devshell": "devshell_5", + "devshell": "devshell_6", "dream2nix": "dream2nix_3", - "flake-parts": "flake-parts_6", + "flake-parts": "flake-parts_7", "nixpkgs": [ "nixpkgs" ], @@ -1407,7 +1444,7 @@ "nix-colors": { "inputs": { "base16-schemes": "base16-schemes", - "nixpkgs-lib": "nixpkgs-lib_4" + "nixpkgs-lib": "nixpkgs-lib_5" }, "locked": { "lastModified": 1680875144, @@ -1425,8 +1462,8 @@ }, "nix-eval-jobs": { "inputs": { - "flake-parts": "flake-parts_7", - "nixpkgs": "nixpkgs_14" + "flake-parts": "flake-parts_8", + "nixpkgs": "nixpkgs_15" }, "locked": { "lastModified": 1681421147, @@ -1599,6 +1636,24 @@ } }, "nixpkgs-lib_4": { + "locked": { + "dir": "lib", + "lastModified": 1680213900, + "narHash": "sha256-cIDr5WZIj3EkKyCgj/6j3HBH4Jj1W296z7HTcWj1aMA=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e3652e0735fbec227f342712f180f4f21f0594f2", + "type": "github" + }, + "original": { + "dir": "lib", + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-lib_5": { "locked": { "lastModified": 1680397293, "narHash": "sha256-wBpJ73+tJ8fZSWb4tzNbAVahC4HSo2QG3nICDy4ExBQ=", @@ -1613,7 +1668,7 @@ "type": "github" } }, - "nixpkgs-lib_5": { + "nixpkgs-lib_6": { "locked": { "lastModified": 1681001314, "narHash": "sha256-5sDnCLdrKZqxLPK4KA8+f4A3YKO/u6ElpMILvX0g72c=", @@ -1713,7 +1768,7 @@ "flake-compat": "flake-compat_8", "lib-aggregate": "lib-aggregate", "nix-eval-jobs": "nix-eval-jobs", - "nixpkgs": "nixpkgs_15" + "nixpkgs": "nixpkgs_16" }, "locked": { "lastModified": 1681461427, @@ -1791,6 +1846,22 @@ } }, "nixpkgs_10": { + "locked": { + "lastModified": 1677383253, + "narHash": "sha256-UfpzWfSxkfXHnb4boXZNaKsAcUrZT9Hw+tao1oZxd08=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "9952d6bc395f5841262b006fbace8dd7e143b634", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_11": { "locked": { "lastModified": 1665580254, "narHash": "sha256-hO61XPkp1Hphl4HGNzj1VvDH5URt7LI6LaY/385Eul4=", @@ -1805,7 +1876,7 @@ "type": "indirect" } }, - "nixpkgs_11": { + "nixpkgs_12": { "locked": { "lastModified": 1681303793, "narHash": "sha256-JEdQHsYuCfRL2PICHlOiH/2ue3DwoxUX7DJ6zZxZXFk=", @@ -1821,7 +1892,7 @@ "type": "github" } }, - "nixpkgs_12": { + "nixpkgs_13": { "locked": { "lastModified": 1680945546, "narHash": "sha256-8FuaH5t/aVi/pR1XxnF0qi4WwMYC+YxlfdsA0V+TEuQ=", @@ -1837,7 +1908,7 @@ "type": "github" } }, - "nixpkgs_13": { + "nixpkgs_14": { "locked": { "lastModified": 1681303793, "narHash": "sha256-JEdQHsYuCfRL2PICHlOiH/2ue3DwoxUX7DJ6zZxZXFk=", @@ -1852,7 +1923,7 @@ "type": "indirect" } }, - "nixpkgs_14": { + "nixpkgs_15": { "locked": { "lastModified": 1681347147, "narHash": "sha256-B+hTioRc3Jdf4SJyeCiO0fW5ShIznJk2OTiW2vOV+mc=", @@ -1868,7 +1939,7 @@ "type": "github" } }, - "nixpkgs_15": { + "nixpkgs_16": { "locked": { "lastModified": 1681303793, "narHash": "sha256-JEdQHsYuCfRL2PICHlOiH/2ue3DwoxUX7DJ6zZxZXFk=", @@ -1884,7 +1955,23 @@ "type": "github" } }, - "nixpkgs_16": { + "nixpkgs_17": { + "locked": { + "lastModified": 1680945546, + "narHash": "sha256-8FuaH5t/aVi/pR1XxnF0qi4WwMYC+YxlfdsA0V+TEuQ=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "d9f759f2ea8d265d974a6e1259bd510ac5844c5d", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_18": { "locked": { "lastModified": 1680945546, "narHash": "sha256-8FuaH5t/aVi/pR1XxnF0qi4WwMYC+YxlfdsA0V+TEuQ=", @@ -1901,6 +1988,22 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1677383253, + "narHash": "sha256-UfpzWfSxkfXHnb4boXZNaKsAcUrZT9Hw+tao1oZxd08=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "9952d6bc395f5841262b006fbace8dd7e143b634", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1665580254, "narHash": "sha256-hO61XPkp1Hphl4HGNzj1VvDH5URt7LI6LaY/385Eul4=", @@ -1915,7 +2018,7 @@ "type": "indirect" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { "lastModified": 1681303793, "narHash": "sha256-JEdQHsYuCfRL2PICHlOiH/2ue3DwoxUX7DJ6zZxZXFk=", @@ -1931,23 +2034,23 @@ "type": "github" } }, - "nixpkgs_4": { - "locked": { - "lastModified": 1680945546, - "narHash": "sha256-8FuaH5t/aVi/pR1XxnF0qi4WwMYC+YxlfdsA0V+TEuQ=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "d9f759f2ea8d265d974a6e1259bd510ac5844c5d", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_5": { + "locked": { + "lastModified": 1680945546, + "narHash": "sha256-8FuaH5t/aVi/pR1XxnF0qi4WwMYC+YxlfdsA0V+TEuQ=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "d9f759f2ea8d265d974a6e1259bd510ac5844c5d", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_6": { "locked": { "lastModified": 1677383253, "narHash": "sha256-UfpzWfSxkfXHnb4boXZNaKsAcUrZT9Hw+tao1oZxd08=", @@ -1963,7 +2066,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_7": { "locked": { "lastModified": 1665580254, "narHash": "sha256-hO61XPkp1Hphl4HGNzj1VvDH5URt7LI6LaY/385Eul4=", @@ -1978,7 +2081,7 @@ "type": "indirect" } }, - "nixpkgs_7": { + "nixpkgs_8": { "locked": { "lastModified": 1681303793, "narHash": "sha256-JEdQHsYuCfRL2PICHlOiH/2ue3DwoxUX7DJ6zZxZXFk=", @@ -1994,7 +2097,7 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_9": { "locked": { "lastModified": 1680945546, "narHash": "sha256-8FuaH5t/aVi/pR1XxnF0qi4WwMYC+YxlfdsA0V+TEuQ=", @@ -2010,22 +2113,6 @@ "type": "github" } }, - "nixpkgs_9": { - "locked": { - "lastModified": 1677383253, - "narHash": "sha256-UfpzWfSxkfXHnb4boXZNaKsAcUrZT9Hw+tao1oZxd08=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "9952d6bc395f5841262b006fbace8dd7e143b634", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "poetry2nix": { "flake": false, "locked": { @@ -2107,9 +2194,9 @@ "pre-commit-hooks-nix": { "inputs": { "flake-compat": "flake-compat_3", - "flake-utils": "flake-utils_3", + "flake-utils": "flake-utils_4", "gitignore": "gitignore", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_4", "nixpkgs-stable": "nixpkgs-stable" }, "locked": { @@ -2129,9 +2216,9 @@ "pre-commit-hooks-nix_2": { "inputs": { "flake-compat": "flake-compat_5", - "flake-utils": "flake-utils_5", + "flake-utils": "flake-utils_6", "gitignore": "gitignore_2", - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_8", "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { @@ -2151,9 +2238,9 @@ "pre-commit-hooks-nix_3": { "inputs": { "flake-compat": "flake-compat_7", - "flake-utils": "flake-utils_7", + "flake-utils": "flake-utils_8", "gitignore": "gitignore_3", - "nixpkgs": "nixpkgs_11", + "nixpkgs": "nixpkgs_12", "nixpkgs-stable": "nixpkgs-stable_3" }, "locked": { @@ -2329,9 +2416,11 @@ "cataclysm-dda": "cataclysm-dda", "colmena": "colmena", "custom-udev-rules": "custom-udev-rules", + "devshell": "devshell", "emulator-2a": "emulator-2a", "fend": "fend", "fenix": "fenix", + "flake-parts": "flake-parts_5", "home-manager": "home-manager", "hydra": "hydra", "hyprland": "hyprland", @@ -2340,14 +2429,14 @@ "nix-colors": "nix-colors", "nixForHydra": "nixForHydra", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_13", + "nixpkgs": "nixpkgs_14", "nixpkgs-wayland": "nixpkgs-wayland", "nixpkgsForNixForHydra": "nixpkgsForNixForHydra", "qmk-udev-rules": "qmk-udev-rules", "radicale_infcloud": "radicale_infcloud", "rip": "rip", "sops-nix": "sops-nix", - "utils": "utils_2", + "treefmt-nix": "treefmt-nix_4", "xdg-desktop-portal-hyprland": "xdg-desktop-portal-hyprland" } }, @@ -2422,7 +2511,7 @@ }, "treefmt-nix": { "inputs": { - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_5" }, "locked": { "lastModified": 1681486253, @@ -2440,7 +2529,7 @@ }, "treefmt-nix_2": { "inputs": { - "nixpkgs": "nixpkgs_8" + "nixpkgs": "nixpkgs_9" }, "locked": { "lastModified": 1681486253, @@ -2458,7 +2547,25 @@ }, "treefmt-nix_3": { "inputs": { - "nixpkgs": "nixpkgs_12" + "nixpkgs": "nixpkgs_13" + }, + "locked": { + "lastModified": 1681486253, + "narHash": "sha256-EjiQZvXQH9tUPCyLC6lQpfGnoq4+kI9v59bDJWPicYo=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "b25d1a3c2c7554d0462ab1dfddf2f13128638b90", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, + "treefmt-nix_4": { + "inputs": { + "nixpkgs": "nixpkgs_17" }, "locked": { "lastModified": 1681486253, @@ -2489,24 +2596,6 @@ "type": "github" } }, - "utils_2": { - "inputs": { - "flake-utils": "flake-utils_9" - }, - "locked": { - "lastModified": 1657226504, - "narHash": "sha256-GIYNjuq4mJlFgqKsZ+YrgzWm0IpA4axA3MCrdKYj7gs=", - "owner": "gytis-ivaskevicius", - "repo": "flake-utils-plus", - "rev": "2bf0f91643c2e5ae38c1b26893ac2927ac9bd82a", - "type": "github" - }, - "original": { - "owner": "gytis-ivaskevicius", - "repo": "flake-utils-plus", - "type": "github" - } - }, "wlroots": { "flake": false, "locked": { @@ -2528,7 +2617,7 @@ "xdg-desktop-portal-hyprland": { "inputs": { "hyprland-protocols": "hyprland-protocols_2", - "nixpkgs": "nixpkgs_16" + "nixpkgs": "nixpkgs_18" }, "locked": { "lastModified": 1681416853, diff --git a/flake.nix b/flake.nix index d9f6b44..0ccdb68 100644 --- a/flake.nix +++ b/flake.nix @@ -2,9 +2,12 @@ description = "Malte Tammena's system configuration"; inputs = { + flake-parts.url = "github:hercules-ci/flake-parts"; + devshell.url = "github:numtide/devshell"; + treefmt-nix.url = "github:numtide/treefmt-nix"; + nixpkgs.url = "nixpkgs/nixos-unstable"; nixos-hardware.url = "github:NixOS/nixos-hardware"; - utils.url = "github:gytis-ivaskevicius/flake-utils-plus"; custom-udev-rules.url = "github:MalteT/custom-udev-rules"; nix-colors.url = "github:Misterio77/nix-colors"; @@ -86,282 +89,152 @@ }; nixConfig = { + # Only usefull if you're part of my VPN extra-substituters = ["http://cache.home"]; }; - outputs = { - self, - utils, - nixpkgs, - nixos-hardware, - ... - } @ inputs: let - pkgs = self.pkgs.x86_64-linux.nixpkgs; - - hosts = [ - "helix-texta" - "murex-pecten" - "cornu-aspersum" - "granodomus-lima" - "trochulus-hispidus" - "radix-balthica" - "faunus-ater" - "polymita-picta" + outputs = inputs @ {flake-parts, ...}: let + # Overlays useful to most of my systems + overlaysSharedByAll = [ + inputs.fenix.overlays.default + inputs.colmena.overlay + inputs.xdg-desktop-portal-hyprland.overlays.default + (self: super: { + # Add fonts + hackNerdLigatures = super.callPackage ./pkgs/hack.nix {}; + # Add the emulator + "2a-emulator" = + inputs.emulator-2a.packages.x86_64-linux."2a-emulator"; + # Add my mensa tool + inherit (inputs.mensa.packages.x86_64-linux) mensa; + darkman = super.callPackage ./pkgs/darkman.nix {}; + # TODO: Replace with upstream + inherit (inputs.fend.packages.x86_64-linux) fend; + hydra = inputs.hydra.packages.x86_64-linux.default; + # TODO: Remove once hydra fixes these removed aliases + inherit (super.perlPackages) buildPerlPackage; + netcat-openbsd = super.libressl.nc; + }) + # Override cataclysm to use git + (import ./overlays/cataclysm-dda.nix) + (import ./overlays/qmk-udev-rules.nix) + (import ./overlays/sane-backends.nix) + (import ./overlays/logisim.nix) + (import ./overlays/fzf-kak.nix) + (import ./overlays/prometheus-fritzbox-exporter.nix) + (import ./overlays/waybar-hypr.nix) ]; - - defaultModules = [ - inputs.home-manager.nixosModules.home-manager - self.nixosModules.home-manager-config - inputs.custom-udev-rules.nixosModule + # Modules useful to most of my systems + modulesSharedByAllSystems = [ inputs.sops-nix.nixosModules.sops - self.nixosModules.nixUnstable + inputs.self.nixosModules.nixUnstable + inputs.home-manager.nixosModules.home-manager ./modules/base-system.nix - {config._module.args.flake = self;} ]; + # The list of all hosts known to me + listOfHosts = let + removeSuffix = builtins.replaceStrings [".nix"] [""]; + hostDir = builtins.readDir ./hosts; + hostFileNames = builtins.attrNames hostDir; + in + map removeSuffix hostFileNames; in - utils.lib.mkFlake { - inherit self inputs; - - supportedSystems = ["x86_64-linux"]; - nix.generateRegistryFromInputs = true; - nix.linkInputs = true; - - sharedOverlays = [ - inputs.fenix.overlays.default - inputs.colmena.overlay - inputs.xdg-desktop-portal-hyprland.overlays.default - utils.overlay - (self: super: { - # Add fonts - hackNerdLigatures = super.callPackage ./pkgs/hack.nix {}; - # Add the emulator - "2a-emulator" = - inputs.emulator-2a.packages.x86_64-linux."2a-emulator"; - # Add my mensa tool - inherit (inputs.mensa.packages.x86_64-linux) mensa; - darkman = super.callPackage ./pkgs/darkman.nix {}; - # TODO: Replace with upstream - inherit (inputs.fend.packages.x86_64-linux) fend; - hydra = inputs.hydra.packages.x86_64-linux.default; - # TODO: Remove once hydra fixes these removed aliases - inherit (super.perlPackages) buildPerlPackage; - netcat-openbsd = super.libressl.nc; - }) - # Override cataclysm to use git - (import ./overlays/cataclysm-dda.nix) - (import ./overlays/qmk-udev-rules.nix) - (import ./overlays/sane-backends.nix) - (import ./overlays/logisim.nix) - (import ./overlays/fzf-kak.nix) - (import ./overlays/prometheus-fritzbox-exporter.nix) - (import ./overlays/waybar-hypr.nix) + flake-parts.lib.mkFlake {inherit inputs;} { + # Flake-parts modules to use + imports = [ + inputs.devshell.flakeModule + inputs.treefmt-nix.flakeModule ]; - - hostDefaults.system = "x86_64-linux"; - hostDefaults.modules = defaultModules; - - hosts = builtins.listToAttrs (map (host: { - name = host; - value = {modules = [self.nixosModules.${host}];}; - }) - hosts); - - nixosModules = { - home-manager-config = _: { - home-manager.verbose = true; - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.extraSpecialArgs = {inherit (inputs) nix-colors;}; + # Available systems, only x86 for now + systems = ["x86_64-linux"]; + perSystem = { + config, + self', + inputs', + pkgs, + system, + ... + }: { + # Configure treefmt + treefmt.projectRootFile = "flake.nix"; + treefmt.programs = { + alejandra.enable = true; + shellcheck.enable = true; + shfmt.enable = true; }; - - nixUnstable = {pkgs, ...}: { - nix.registry.nixpkgs.flake = nixpkgs; - nix.package = pkgs.nixUnstable; - nix.extraOptions = '' - experimental-features = nix-command flakes - ''; - }; - - helix-texta = { - pkgs, - config, - ... - }: { - imports = [ - ./hosts/helix-texta.nix - ./modules/light-actkbd.nix - self.nixosModules.thinkpad-p1-gen3 - ]; - }; - murex-pecten = {...}: { - imports = [ - nixos-hardware.nixosModules.common-pc - nixos-hardware.nixosModules.common-pc-ssd - nixos-hardware.nixosModules.common-cpu-amd - nixos-hardware.nixosModules.common-gpu-amd - ./hosts/murex-pecten.nix - ./hardware/aorus.nix - ]; - }; - cornu-aspersum = {...}: { - imports = [ - ./hosts/cornu-aspersum.nix - ./hardware/netcup-rs-2000-g9.nix - ./modules/nginx-reverse-proxy.nix - ]; - }; - granodomus-lima = {...}: { - imports = [ - ./hosts/granodomus-lima.nix - ./hardware/netcup-vps-200-g10.nix - ./modules/nginx-reverse-proxy.nix - ]; - }; - trochulus-hispidus = {pkgs, ...}: { - imports = [ - ./hosts/trochulus-hispidus.nix - ./hardware/latitude-e7440.nix - nixos-hardware.nixosModules.common-cpu-intel - nixos-hardware.nixosModules.common-pc-laptop - nixos-hardware.nixosModules.common-pc-laptop-ssd - ]; - }; - thinkpad-p1-gen3 = {...}: { - imports = [ - nixos-hardware.nixosModules.common-cpu-intel - nixos-hardware.nixosModules.common-gpu-nvidia - nixos-hardware.nixosModules.common-pc-laptop - nixos-hardware.nixosModules.common-pc-laptop-ssd - nixos-hardware.nixosModules.common-pc-laptop-acpi_call - ./hardware/thinkpad-p1-gen3.nix - ]; - }; - radix-balthica = {...}: { - imports = [ - ./hosts/radix-balthica.nix - ]; - }; - faunus-ater = {...}: { - imports = [ - nixos-hardware.nixosModules.common-cpu-intel #-cpu-only - ./modules/nginx-reverse-proxy.nix - ./hosts/faunus-ater.nix - ./hardware/asrock-z370-i3-black-box.nix - ]; - }; - polymita-picta = {...}: { - imports = [ - ./hosts/polymita-picta.nix - ./hardware/steam-deck.nix - (inputs.jovian-nixos + "/modules") + # Load all packages from ./pkgs + packages = let + pkgFiles = builtins.attrNames (builtins.readDir ./pkgs); + toPackage = file: { + name = builtins.replaceStrings [".nix"] [""] file; + value = pkgs.callPackage ./pkgs/${file} {}; + }; + in + builtins.listToAttrs (builtins.map toPackage pkgFiles); + # Create a useable devshell for me + devshells.default = { + name = "dev"; + packages = [ + pkgs.nil + self'.packages.rebuild + self'.packages.personal-cache + self'.packages.all-hosts + self'.packages.option + self'.packages.test-config ]; }; }; - - colmena = + # Useful modules and all those from ./modules + flake.nixosModules = { - meta = {nixpkgs = pkgs;}; - defaults = {...}: {imports = defaultModules;}; + homeManagerConfig = _: { + home-manager.verbose = true; + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.extraSpecialArgs = {inherit (inputs) nix-colors;}; + }; + nixUnstable = {pkgs, ...}: { + nix.registry.nixpkgs.flake = inputs.nixpkgs; + nix.package = pkgs.nixUnstable; + nix.extraOptions = '' + experimental-features = nix-command flakes + ''; + }; } - // (builtins.listToAttrs (map ( - host: { - name = host; - value = { - imports = [self.nixosModules.${host}]; - config.deployment = { - targetHost = host; - targetUser = "root"; - }; - }; - } - ) - hosts)); - - hydraJobs = { - shell.x86_64-linux = self.devShell.x86_64-linux; - packages = self.packages; - nixosConfigurations.x86_64-linux = builtins.listToAttrs (map (host: { - name = host; - value = self.nixosConfigurations.${host}.config.system.build.toplevel; - }) - hosts); - }; - - packages.x86_64-linux.iso = self.nixosConfigurations.radix-balthica.config.system.build.isoImage; - packages.x86_64-linux.vm = self.nixosConfigurations.radix-balthica.config.system.build.vm; - - outputsBuilder = channels: { - devShell = channels.nixpkgs.mkShell { - name = "system config devshell"; - packages = let - personalCache = pkgs.writeShellApplication { - name = "personal-cache"; - runtimeInputs = with pkgs; [ - coreutils - nix - ]; - text = builtins.readFile ./scripts/personal-cache.sh; - }; - - rebuild = pkgs.writeShellApplication { - name = "rebuild"; - runtimeInputs = with pkgs; [ - coreutils - git - personalCache - nixos-rebuild - ]; - text = builtins.readFile ./scripts/rebuild.sh; - }; - - allHosts = pkgs.writeShellApplication { - name = "all-hosts"; - runtimeInputs = with pkgs; [ - jq - nix - ]; - text = '' - nix eval --json .#nixosConfigurations --apply builtins.attrNames 2>/dev/null | jq -r .[] - ''; - }; - - option = pkgs.writeShellApplication { - name = "option"; - runtimeInputs = with pkgs; [ - coreutils - nix - ]; - text = builtins.readFile ./scripts/option.sh; - }; - - testConfig = pkgs.writeShellApplication { - name = "test-config"; - runtimeInputs = with pkgs; [ - coreutils - nix - allHosts - nixos-rebuild - bat - ]; - text = builtins.readFile ./scripts/test-config.sh; - }; - - git = "${pkgs.git}/bin/git"; - nixos-rebuild = "${pkgs.nixos-rebuild}/bin/nixos-rebuild"; - bat = "${pkgs.bat}/bin/bat"; - in - with pkgs; [ - rebuild - personalCache - allHosts - option - testConfig - inputs.colmena.packages.x86_64-linux.colmena - fup-repl - alejandra - nil - ]; + // (let + removeSuffix = builtins.replaceStrings [".nix"] [""]; + moduleFiles = builtins.attrNames (builtins.readDir ./modules); + listOfModules = builtins.map removeSuffix moduleFiles; + toModule = name: { + inherit name; + value = builtins.readFile ./modules/${name}; + }; + in + builtins.listToAttrs (builtins.map toModule listOfModules)); + # All my system's configurations + flake.nixosConfigurations = let + genSystem = name: { + inherit name; + value = inputs.nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = {inherit inputs;}; + modules = modulesSharedByAllSystems ++ [{nixpkgs.overlays = overlaysSharedByAll;} ./hosts/${name}.nix]; + }; }; + in + builtins.listToAttrs (builtins.map genSystem listOfHosts); + # Iso for USB + flake.packages.x86_64-linux.iso = inputs.self.nixosConfigurations.radix-balthica.config.system.build.isoImage; + # VM for testing + flake.packages.x86_64-linux.vm = inputs.self.nixosConfigurations.radix-balthica.config.system.build.vm; + # Copy most things to hydraJobs so hydra evaluates and builds them + flake.hydraJobs = { + inherit (inputs.self) packages devShells; + nixosConfigurations.x86_64-linux = builtins.listToAttrs (builtins.map (name: { + inherit name; + value = inputs.self.nixosConfigurations.${name}.config.system.build.toplevel; + }) + listOfHosts); }; }; } diff --git a/hosts/cornu-aspersum.nix b/hosts/cornu-aspersum.nix index bd2d856..1ce0157 100644 --- a/hosts/cornu-aspersum.nix +++ b/hosts/cornu-aspersum.nix @@ -1,80 +1,92 @@ -{pkgs, ...}: { - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.device = "/dev/sda"; +{ + pkgs, + inputs, + ... +}: { + imports = [ + inputs.self.nixosModules.homeManagerConfig + ../hardware/netcup-rs-2000-g9.nix + ../modules/nginx-reverse-proxy.nix + ]; - networking.hostId = "94d2a920"; - networking.hostName = "cornu-aspersum"; - networking.interfaces.ens3.useDHCP = true; + config = { + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.device = "/dev/sda"; - settings.ssh.openOutsideVPN = true; + networking.hostId = "94d2a920"; + networking.hostName = "cornu-aspersum"; + networking.interfaces.ens3.useDHCP = true; - users.users = { - root = { - hashedPassword = "$6$Yb1gdlKIpY1hRW1X$uUcNFuNnK2JFFN55Tkc.fPV.4I7RJvIfLEQayVP1utfkmjF0f/EHjtypxq11jR5NUUIJFQLW6ffajjduA2689."; - }; - }; + settings.ssh.openOutsideVPN = true; - sops.defaultSopsFile = ../secrets/hosts/cornu-aspersum/secrets.yaml; - sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; - - # Run radicale with infcloud interface for me and Marie - services.radicaleWithInfcloud.enable = true; - - services.qemuGuest.enable = true; - - services.bind = { - enable = true; - cacheNetworks = ["any"]; - forwarders = ["100.100.100.100"]; - listenOn = ["any"]; - listenOnIpv6 = ["any"]; - zones."home" = let - cornu-aspersum = { - v4 = "100.86.42.110"; - v6 = "fd7a:115c:a1e0:ab12:4843:cd96:6256:2a6e"; + users.users = { + root = { + hashedPassword = "$6$Yb1gdlKIpY1hRW1X$uUcNFuNnK2JFFN55Tkc.fPV.4I7RJvIfLEQayVP1utfkmjF0f/EHjtypxq11jR5NUUIJFQLW6ffajjduA2689."; }; - faunus-ater = { - v4 = "100.108.135.4"; - v6 = "fd7a:115c:a1e0:ab12:4843:cd96:626c:8704"; - }; - point = domain: host: '' - ${domain} AAAA ${host.v6} - ${domain} A ${host.v4} - ''; - in { - master = true; - # TODO: Fix TTLs - file = pkgs.writeText "home-zone" '' - $TTL 1 - @ IN SOA home. malte.home. ( - 5 ; Serial - 1 ; Refresh - 1 ; Retry - 1 ; Expire - 1) ; Negative Cache TTL - @ NS home. - ${point "home." cornu-aspersum} - ${point "foto" faunus-ater} - ${point "mc" cornu-aspersum} - ${point "doc" faunus-ater} - ${point "sheet" faunus-ater} - ${point "media" faunus-ater} - ${point "file" faunus-ater} - ${point "stats" faunus-ater} - ${point "cache" faunus-ater} - ${point "hydra" faunus-ater} - ''; }; - }; - networking.firewall.allowedTCPPorts = [53]; - networking.firewall.allowedUDPPorts = [53]; - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "21.05"; # Did you read the comment? + sops.defaultSopsFile = ../secrets/hosts/cornu-aspersum/secrets.yaml; + sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; + + # Run radicale with infcloud interface for me and Marie + services.radicaleWithInfcloud.enable = true; + + services.qemuGuest.enable = true; + + services.bind = { + enable = true; + cacheNetworks = ["any"]; + forwarders = ["100.100.100.100"]; + listenOn = ["any"]; + listenOnIpv6 = ["any"]; + zones."home" = let + cornu-aspersum = { + v4 = "100.86.42.110"; + v6 = "fd7a:115c:a1e0:ab12:4843:cd96:6256:2a6e"; + }; + faunus-ater = { + v4 = "100.108.135.4"; + v6 = "fd7a:115c:a1e0:ab12:4843:cd96:626c:8704"; + }; + point = domain: host: '' + ${domain} AAAA ${host.v6} + ${domain} A ${host.v4} + ''; + in { + master = true; + # TODO: Fix TTLs + file = pkgs.writeText "home-zone" '' + $TTL 1 + @ IN SOA home. malte.home. ( + 5 ; Serial + 1 ; Refresh + 1 ; Retry + 1 ; Expire + 1) ; Negative Cache TTL + @ NS home. + ${point "home." cornu-aspersum} + ${point "foto" faunus-ater} + ${point "mc" cornu-aspersum} + ${point "doc" faunus-ater} + ${point "sheet" faunus-ater} + ${point "media" faunus-ater} + ${point "file" faunus-ater} + ${point "stats" faunus-ater} + ${point "cache" faunus-ater} + ${point "hydra" faunus-ater} + ''; + }; + }; + networking.firewall.allowedTCPPorts = [53]; + networking.firewall.allowedUDPPorts = [53]; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "21.05"; # Did you read the comment? + }; } diff --git a/hosts/faunus-ater.nix b/hosts/faunus-ater.nix index 443bbe8..490ece2 100644 --- a/hosts/faunus-ater.nix +++ b/hosts/faunus-ater.nix @@ -2,6 +2,7 @@ pkgs, lib, config, + inputs, ... }: let sopsPath = key: config.sops.secrets.${key}.path; @@ -25,491 +26,498 @@ vpnIPv4 = "100.108.135.4"; vpnIPv6 = "fd7a:115c:a1e0:ab12:4843:cd96:626c:8704"; in { - networking.hostName = "faunus-ater"; - networking.hostId = "a4d7bec4"; - networking.interfaces.eno1.useDHCP = true; - - # === Make sure ZFS works === - # TODO: Update and think of some automatic way of keeping this up to date. - boot.kernelPackages = pkgs.linuxPackages_5_15; - - # === Can't handle this === - systemd.enableEmergencyMode = false; - - # === Settings === - settings.ssh.openOutsideVPN = true; - settings.printing.enable = true; - - # === ZFS services === - services.zfs.trim.enable = true; - services.zfs.autoScrub.enable = true; - services.zfs.autoScrub.pools = ["rpool"]; - - # === Additional services === - services.fwupd.enable = true; - powerManagement = { - enable = true; - powertop.enable = true; - cpuFreqGovernor = "powersave"; - }; - - # === Git.home, because everything else sucks === - services.gogsHome = { - enable = true; - passwordFile = sopsPath "gogs-database-password"; - addr = { - v4 = vpnIPv4; - v6 = vpnIPv6; - }; - stateDir = "/data/dirty/gogs"; - }; - sops.secrets.gogs-database-password = { - owner = config.users.users.gogs.name; - mode = "0400"; - }; - - # === Extend printing settings because sharing is caring === - services.printing = { - listenAddresses = ["*:631"]; - allowFrom = ["all" "@IF(${vpnInterface})"]; - defaultShared = true; - browsing = true; - logLevel = "debug"; - }; - networking.firewall.interfaces.${vpnInterface} = { - allowedUDPPorts = [631]; - allowedTCPPorts = [631 config.services.hydra.port]; - }; - hardware.printers = { - ensureDefaultPrinter = "Local"; - ensurePrinters = lib.singleton { - description = "The fastest Boi in town!"; - deviceUri = "usb://Samsung/ML-1640%20Series?serial=144QBAHS600499T."; - location = "@Home"; - model = "samsung/ML-1640.ppd"; - name = "Local"; - ppdOptions = { - PageSize = "A4"; - Resolution = "600dpi"; - }; - }; - }; - - virtualisation.oci-containers.backend = "podman"; - virtualisation.podman = { - enable = true; - dockerCompat = true; - extraPackages = with pkgs; [zfs]; - }; - # Override storage driver - virtualisation.containers.storage.settings = { - storage = { - driver = "zfs"; - graphroot = "/var/lib/containers/storage"; - runroot = "/run/containers/storage"; - }; - }; - - virtualisation.oci-containers.containers."timetagger" = { - image = "ghcr.io/almarklein/timetagger:v23.2.1"; - ports = ["5873:5873"]; - environment = { - TIMETAGGER_BIND = "0.0.0.0:5873"; - TIMETAGGER_DATADIR = "/root/_timetagger"; - TIMETAGGER_LOG_LEVEL = "info"; - TIMETAGGER_CREDENTIALS = "malte:$2a$08$P.e3SD0cnPK0P4mFYShELuoa37.1e1dEqE8MWa6LJ/kSJfje1BdBi,marie:$2a$08$ubOZWO510y5bgwIl0O4Ne.dKZdWoHqEMzvs56L6esqvLfBJ/6OgYm"; - }; - volumes = [ - "/data/dirty/timetagger:/root/_timetagger" - ]; - }; - services.nginx.virtualHosts."time.home" = mkVirtHost { - locations."/" = { - proxyPass = "http://127.0.0.1:5873"; - proxyWebsockets = true; - }; - }; - - # === Dim === - # virtualisation.oci-containers.containers."dim" = { - # environment = {}; - # image = "ghcr.io/dusk-labs/dim:dev"; - # ports = lib.singleton "7999:8000"; - # volumes = [ - # # TODO: https://github.com/Dusk-Labs/dim/blob/master/docker-compose-template.yml - # "/srv/media.deletemesoon:/media:ro" - # ]; - # #user = "${config.users.users.dim.name}:${config.users.groups.dim.name}"; - # }; - - # === SheetAble === - # virtualisation.oci-containers.containers."sheetable" = { - # environment = { - # CONFIG_PATH = "/app/config/"; - # }; - # image = "vallezw/sheetable"; - # ports = lib.singleton "7998:8080"; - # volumes = [ - # # TODO: https://sheetable.net/docs/Installation/installation-docker - # ]; - # }; - - # === Seafile === - # services.seafile = { - # enable = true; - # adminEmail = "malte.tammena@pm.me"; - # initialAdminPassword = "test"; - # seafileSettings = { - # fileserver.host = "::1"; - # }; - # ccnetSettings.General.SERVICE_URL = "http://file.home"; - # }; - - # === HYDRA & Friends. === - services.hydra = { - enable = true; - package = pkgs.hydra; - notificationSender = "hydra@home"; - hydraURL = "http://faunus-ater:${builtins.toString config.services.hydra.port}"; - minimumDiskFree = 10; - useSubstitutes = true; - }; - services.nix-serve = { - enable = true; - secretKeyFile = sopsPath "nix-store-signing-key"; - # FIXME: Remove once fixed upstream - package = pkgs.nix-serve.override { - nix = pkgs.nixVersions.nix_2_12; - }; - }; - # Build on other machines aswell if possible - nix.buildMachines = [ - { - hostName = "localhost"; - maxJobs = 4; - speedFactor = 1; - sshKey = sopsPath "hydra-overseer-key"; - sshUser = "hydra-minion"; - systems = ["x86_64-linux" "i686-linux"]; - } - { - hostName = "helix-texta"; - maxJobs = 4; - speedFactor = 2; - sshKey = sopsPath "hydra-overseer-key"; - sshUser = "hydra-minion"; - supportedFeatures = ["kvm" "big-parallel"]; - systems = ["x86_64-linux" "i686-linux"]; - } - { - hostName = "murex-pecten"; - maxJobs = 4; - speedFactor = 4; - sshKey = sopsPath "hydra-overseer-key"; - sshUser = "hydra-minion"; - supportedFeatures = ["kvm" "big-parallel"]; - systems = ["x86_64-linux" "i686-linux"]; - } + imports = [ + inputs.nixos-hardware.nixosModules.common-cpu-intel #-cpu-only + ../modules/nginx-reverse-proxy.nix + ../hardware/asrock-z370-i3-black-box.nix ]; - # TODO: This doesn't seem to work - programs.ssh.extraConfig = '' - Host * - StrictHostKeyChecking accept-new - ''; - nix.extraOptions = '' - allowed-uris = http:// https:// - ''; - systemd.services."hydra-initial-setup" = { - description = "Setup hydra admin password once"; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - LoadCredential = "USER_PW:${sopsPath "hydra-admin-password"}"; + config = { + networking.hostName = "faunus-ater"; + networking.hostId = "a4d7bec4"; + networking.interfaces.eno1.useDHCP = true; + + # === Make sure ZFS works === + # TODO: Update and think of some automatic way of keeping this up to date. + boot.kernelPackages = pkgs.linuxPackages_5_15; + + # === Can't handle this === + systemd.enableEmergencyMode = false; + + # === Settings === + settings.ssh.openOutsideVPN = true; + settings.printing.enable = true; + + # === ZFS services === + services.zfs.trim.enable = true; + services.zfs.autoScrub.enable = true; + services.zfs.autoScrub.pools = ["rpool"]; + + # === Additional services === + services.fwupd.enable = true; + powerManagement = { + enable = true; + powertop.enable = true; + cpuFreqGovernor = "powersave"; }; - wantedBy = lib.singleton "multi-user.target"; - requires = lib.singleton "hydra-init.service"; - after = lib.singleton "hydra-init.service"; - environment = { - inherit (config.systemd.services.hydra-init.environment) HYDRA_DBI; + + # === Git.home, because everything else sucks === + services.gogsHome = { + enable = true; + passwordFile = sopsPath "gogs-database-password"; + addr = { + v4 = vpnIPv4; + v6 = vpnIPv6; + }; + stateDir = "/data/dirty/gogs"; }; - script = let - hydra-create-user = "${pkgs.hydra}/bin/hydra-create-user"; - in '' - if [ ! -e ~hydra/.setup-is-complete ]; then - # create admin user - ${hydra-create-user} admin --full-name 'Admin Mc. Admining' --email-address 'admin@faunus-ater' --password "$USER_PW" --role admin || exit 1 - # done - touch ~hydra/.setup-is-complete - fi - ''; - }; - services.nginx.virtualHosts = { - "hydra.home" = mkVirtHost { - locations."/" = { - proxyPass = "http://localhost:${builtins.toString config.services.hydra.port}"; + sops.secrets.gogs-database-password = { + owner = config.users.users.gogs.name; + mode = "0400"; + }; + + # === Extend printing settings because sharing is caring === + services.printing = { + listenAddresses = ["*:631"]; + allowFrom = ["all" "@IF(${vpnInterface})"]; + defaultShared = true; + browsing = true; + logLevel = "debug"; + }; + networking.firewall.interfaces.${vpnInterface} = { + allowedUDPPorts = [631]; + allowedTCPPorts = [631 config.services.hydra.port]; + }; + hardware.printers = { + ensureDefaultPrinter = "Local"; + ensurePrinters = lib.singleton { + description = "The fastest Boi in town!"; + deviceUri = "usb://Samsung/ML-1640%20Series?serial=144QBAHS600499T."; + location = "@Home"; + model = "samsung/ML-1640.ppd"; + name = "Local"; + ppdOptions = { + PageSize = "A4"; + Resolution = "600dpi"; + }; }; }; - "cache.home" = mkVirtHost { - locations."/" = { - proxyPass = "http://localhost:${builtins.toString config.services.nix-serve.port}"; + + virtualisation.oci-containers.backend = "podman"; + virtualisation.podman = { + enable = true; + dockerCompat = true; + extraPackages = with pkgs; [zfs]; + }; + # Override storage driver + virtualisation.containers.storage.settings = { + storage = { + driver = "zfs"; + graphroot = "/var/lib/containers/storage"; + runroot = "/run/containers/storage"; }; }; - }; - # === PAPERLESS service, save me! === - services.paperless = { - enable = true; - address = "[::1]"; - passwordFile = sopsPath "paperless-admin-password"; - dataDir = "/data/dirty/paperless"; - extraConfig = { - PAPERLESS_OCR_LANGUAGE = "deu"; - PAPERLESS_CONSUMER_RECURSIVE = true; - PAPERLESS_CONSUMER_SUBDIRS_AS_TAGS = true; - PAPERLESS_URL = "https://doc.home"; - }; - }; - services.nginx.virtualHosts."doc.home" = mkVirtHost { - locations."/" = { - proxyPass = "http://[::1]:${builtins.toString config.services.paperless.port}"; - proxyWebsockets = true; - }; - }; - - # === Komga, for my reading needs === - services.komga = { - enable = true; - stateDir = "/data/dirty/komga"; - }; - services.nginx.virtualHosts."read.home" = mkVirtHost { - locations."/" = { - proxyPass = "http://[::1]:${builtins.toString config.services.komga.port}"; - proxyWebsockets = true; - }; - }; - - # === Trilium === - services.trilium-server = { - enable = true; - port = 10302; - dataDir = "/data/dirty/trilium"; - }; - services.nginx.virtualHosts."note.home" = mkVirtHost { - locations."/" = { - proxyPass = "http://${config.services.trilium-server.host}:${builtins.toString config.services.trilium-server.port}"; - proxyWebsockets = true; - }; - }; - - # === Photoprism === - services.photoprism = { - enable = true; - port = 2342; - storagePath = "/data/dirty/photoprism/storage"; - originalsPath = "/data/dirty/photoprism/originals"; - importPath = "/data/dirty/photoprism/import"; - passwordFile = sopsPath "photoprism-admin-password"; - settings = { - PHOTOPRISM_SESSION_MAXAGE = "31536000"; - PHOTOPRISM_SESSION_TIMEOUT = "31536000"; - PHOTOPRISM_UPLOAD_NSFW = "true"; - PHOTOPRISM_DETECT_NSFW = "true"; - PHOTOPRISM_SITE_URL = "https://foto.home"; - PHOTOPRISM_SITE_TITLE = "PhotoPrism"; - PHOTOPRISM_SITE_CAPTION = "All the pictures!"; - PHOTOPRISM_SITE_DESCRIPTION = ""; - PHOTOPRISM_SITE_AUTHOR = ""; - }; - }; - # TODO: Why does it not work without these? :/ - systemd.services.photoprism.serviceConfig.User = lib.mkForce null; - systemd.services.photoprism.serviceConfig.Group = lib.mkForce null; - systemd.services.photoprism.serviceConfig.DynamicUser = lib.mkForce false; - systemd.services.photoprism.serviceConfig.SystemCallFilter = lib.mkForce []; - services.nginx.virtualHosts."foto.home" = mkVirtHost { - locations."/" = { - proxyPass = "http://localhost:${builtins.toString config.services.photoprism.port}"; - proxyWebsockets = true; - }; - extraConfig = '' - client_max_body_size 500M; - ''; - }; - - # === Restic User Backup === - services.resticConfigured = { - enable = true; - rootDir = "/data/dirty/restic"; - openFirewall = true; - }; - - # === Grafana === - services.grafanaHome = { - enable = true; - nginx.listenAddresses = [vpnIPv4 "[${vpnIPv6}]"]; - nginx.sslCertificate = sopsPath "nginx-cert-crt"; - nginx.sslCertificateKey = sopsPath "nginx-cert-key"; - grafana.adminPasswordFile = sopsPath "grafana-admin-password"; - }; - - # === Prometheus === - services.prometheus = { - enable = true; - enableReload = true; - exporters = { - fritzbox = { - enable = true; - gatewayAddress = "spof"; + virtualisation.oci-containers.containers."timetagger" = { + image = "ghcr.io/almarklein/timetagger:v23.2.1"; + ports = ["5873:5873"]; + environment = { + TIMETAGGER_BIND = "0.0.0.0:5873"; + TIMETAGGER_DATADIR = "/root/_timetagger"; + TIMETAGGER_LOG_LEVEL = "info"; + TIMETAGGER_CREDENTIALS = "malte:$2a$08$P.e3SD0cnPK0P4mFYShELuoa37.1e1dEqE8MWa6LJ/kSJfje1BdBi,marie:$2a$08$ubOZWO510y5bgwIl0O4Ne.dKZdWoHqEMzvs56L6esqvLfBJ/6OgYm"; }; - node = { - enable = true; - enabledCollectors = ["systemd"]; - disabledCollectors = ["diskstats"]; - }; - }; - scrapeConfigs = scrapedExporters {inherit (config.services.prometheus.exporters) fritzbox node;}; - }; - systemd.services."prometheus-fritzbox-exporter".serviceConfig.EnvironmentFile = sopsPath "fritzbox-exporter-env"; - # TODO: Yikes - systemd.services."prometheus-fritzbox-exporter".serviceConfig.ExecStart = let - cfg = config.services.prometheus.exporters.fritzbox; - in - lib.mkForce '' - ${pkgs.prometheus-fritzbox-exporter}/bin/fritzbox_exporter \ - -listen-address ${cfg.listenAddress}:${toString cfg.port} \ - -gateway-url http://${cfg.gatewayAddress}:${toString cfg.gatewayPort} \ - -gateway-luaurl http://${cfg.gatewayAddress} \ - -metrics-file ${pkgs.prometheus-fritzbox-exporter}/share/metrics.json \ - -lua-metrics-file ${pkgs.prometheus-fritzbox-exporter}/share/metrics-lua_cable.json - ''; - - # services.nginx.virtualHosts."media.home" = { - # locations."/" = { - # proxyPass = "http://127.0.0.1:7999"; - # proxyWebsockets = true; - # }; - # }; - - # services.nginx.virtualHosts."file.home" = { - # locations."/" = { - # proxyPass = "http://[::1]:${builtins.toString config.services.seafile.seafileSettings.fileserver.port}"; - # proxyWebsockets = true; - # }; - # }; - # networking.firewall.allowedTCPPorts = [config.services.seafile.seafileSettings.fileserver.port]; - - # === Print Service === - systemd.paths."print-all-files" = { - requires = ["printer.target"]; - after = ["printer.target"]; - wantedBy = ["default.target"]; - pathConfig = { - DirectoryNotEmpty = "/srv/to-be-printed"; - MakeDirectory = true; - DirectoryMode = "777"; - Unit = "print-all-files.service"; - }; - }; - systemd.services."print-all-files" = let - printAndDeleteFile = pkgs.writeShellApplication { - name = "print-and-delete-file"; - runtimeInputs = [ - pkgs.coreutils - pkgs.cups + volumes = [ + "/data/dirty/timetagger:/root/_timetagger" ]; - text = '' - echo Printing "$1" - lp -- "$1" - rm "$1" - ''; }; - script = pkgs.writeShellApplication { - name = "print-all-files-script"; - runtimeInputs = [ - pkgs.coreutils - printAndDeleteFile - ]; - text = '' - find . -type f -exec print-and-delete-file "{}" \; - ''; + services.nginx.virtualHosts."time.home" = mkVirtHost { + locations."/" = { + proxyPass = "http://127.0.0.1:5873"; + proxyWebsockets = true; + }; }; - in { - requires = ["printer.target"]; - after = ["printer.target"]; - serviceConfig = { - WorkingDirectory = "/srv/to-be-printed"; - ExecStart = "${script}/bin/print-all-files-script"; - # Wait 15 seconds before restart to let the file load, if not present yet - RestartSec = "15"; + + # === Dim === + # virtualisation.oci-containers.containers."dim" = { + # environment = {}; + # image = "ghcr.io/dusk-labs/dim:dev"; + # ports = lib.singleton "7999:8000"; + # volumes = [ + # # TODO: https://github.com/Dusk-Labs/dim/blob/master/docker-compose-template.yml + # "/srv/media.deletemesoon:/media:ro" + # ]; + # #user = "${config.users.users.dim.name}:${config.users.groups.dim.name}"; + # }; + + # === SheetAble === + # virtualisation.oci-containers.containers."sheetable" = { + # environment = { + # CONFIG_PATH = "/app/config/"; + # }; + # image = "vallezw/sheetable"; + # ports = lib.singleton "7998:8080"; + # volumes = [ + # # TODO: https://sheetable.net/docs/Installation/installation-docker + # ]; + # }; + + # === Seafile === + # services.seafile = { + # enable = true; + # adminEmail = "malte.tammena@pm.me"; + # initialAdminPassword = "test"; + # seafileSettings = { + # fileserver.host = "::1"; + # }; + # ccnetSettings.General.SERVICE_URL = "http://file.home"; + # }; + + # === HYDRA & Friends. === + services.hydra = { + enable = true; + package = pkgs.hydra; + notificationSender = "hydra@home"; + hydraURL = "http://faunus-ater:${builtins.toString config.services.hydra.port}"; + minimumDiskFree = 10; + useSubstitutes = true; }; - }; - users.users.sftp = { - description = "User used for all sftp stuff"; - isNormalUser = true; - group = "sftp"; - openssh.authorizedKeys.keyFiles = [ - ../secrets/users/malte/sftp-key.pub - ../secrets/users/marie/sftp-key.pub + services.nix-serve = { + enable = true; + secretKeyFile = sopsPath "nix-store-signing-key"; + # FIXME: Remove once fixed upstream + package = pkgs.nix-serve.override { + nix = pkgs.nixVersions.nix_2_12; + }; + }; + # Build on other machines aswell if possible + nix.buildMachines = [ + { + hostName = "localhost"; + maxJobs = 4; + speedFactor = 1; + sshKey = sopsPath "hydra-overseer-key"; + sshUser = "hydra-minion"; + systems = ["x86_64-linux" "i686-linux"]; + } + { + hostName = "helix-texta"; + maxJobs = 4; + speedFactor = 2; + sshKey = sopsPath "hydra-overseer-key"; + sshUser = "hydra-minion"; + supportedFeatures = ["kvm" "big-parallel"]; + systems = ["x86_64-linux" "i686-linux"]; + } + { + hostName = "murex-pecten"; + maxJobs = 4; + speedFactor = 4; + sshKey = sopsPath "hydra-overseer-key"; + sshUser = "hydra-minion"; + supportedFeatures = ["kvm" "big-parallel"]; + systems = ["x86_64-linux" "i686-linux"]; + } ]; - }; - users.groups.sftp = {}; + # TODO: This doesn't seem to work + programs.ssh.extraConfig = '' + Host * + StrictHostKeyChecking accept-new + ''; + nix.extraOptions = '' + allowed-uris = http:// https:// + ''; + systemd.services."hydra-initial-setup" = { + description = "Setup hydra admin password once"; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + LoadCredential = "USER_PW:${sopsPath "hydra-admin-password"}"; + }; + wantedBy = lib.singleton "multi-user.target"; + requires = lib.singleton "hydra-init.service"; + after = lib.singleton "hydra-init.service"; + environment = { + inherit (config.systemd.services.hydra-init.environment) HYDRA_DBI; + }; + script = let + hydra-create-user = "${pkgs.hydra}/bin/hydra-create-user"; + in '' + if [ ! -e ~hydra/.setup-is-complete ]; then + # create admin user + ${hydra-create-user} admin --full-name 'Admin Mc. Admining' --email-address 'admin@faunus-ater' --password "$USER_PW" --role admin || exit 1 + # done + touch ~hydra/.setup-is-complete + fi + ''; + }; + services.nginx.virtualHosts = { + "hydra.home" = mkVirtHost { + locations."/" = { + proxyPass = "http://localhost:${builtins.toString config.services.hydra.port}"; + }; + }; + "cache.home" = mkVirtHost { + locations."/" = { + proxyPass = "http://localhost:${builtins.toString config.services.nix-serve.port}"; + }; + }; + }; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + # === PAPERLESS service, save me! === + services.paperless = { + enable = true; + address = "[::1]"; + passwordFile = sopsPath "paperless-admin-password"; + dataDir = "/data/dirty/paperless"; + extraConfig = { + PAPERLESS_OCR_LANGUAGE = "deu"; + PAPERLESS_CONSUMER_RECURSIVE = true; + PAPERLESS_CONSUMER_SUBDIRS_AS_TAGS = true; + PAPERLESS_URL = "https://doc.home"; + }; + }; + services.nginx.virtualHosts."doc.home" = mkVirtHost { + locations."/" = { + proxyPass = "http://[::1]:${builtins.toString config.services.paperless.port}"; + proxyWebsockets = true; + }; + }; - # === BACKUPS === - services.restic.backups = { - # Make sure my 'active IO' disk get's saved once a day - zdirty = { - initialize = true; - repository = "/data/archive/dirty.bak"; - timerConfig.OnCalendar = "daily"; - paths = lib.singleton "/data/dirty"; - pruneOpts = [ - "--keep-daily 1" - "--keep-weekly 1" - "--keep-monthly 1" - "--keep-yearly 5" + # === Komga, for my reading needs === + services.komga = { + enable = true; + stateDir = "/data/dirty/komga"; + }; + services.nginx.virtualHosts."read.home" = mkVirtHost { + locations."/" = { + proxyPass = "http://[::1]:${builtins.toString config.services.komga.port}"; + proxyWebsockets = true; + }; + }; + + # === Trilium === + services.trilium-server = { + enable = true; + port = 10302; + dataDir = "/data/dirty/trilium"; + }; + services.nginx.virtualHosts."note.home" = mkVirtHost { + locations."/" = { + proxyPass = "http://${config.services.trilium-server.host}:${builtins.toString config.services.trilium-server.port}"; + proxyWebsockets = true; + }; + }; + + # === Photoprism === + services.photoprism = { + enable = true; + port = 2342; + storagePath = "/data/dirty/photoprism/storage"; + originalsPath = "/data/dirty/photoprism/originals"; + importPath = "/data/dirty/photoprism/import"; + passwordFile = sopsPath "photoprism-admin-password"; + settings = { + PHOTOPRISM_SESSION_MAXAGE = "31536000"; + PHOTOPRISM_SESSION_TIMEOUT = "31536000"; + PHOTOPRISM_UPLOAD_NSFW = "true"; + PHOTOPRISM_DETECT_NSFW = "true"; + PHOTOPRISM_SITE_URL = "https://foto.home"; + PHOTOPRISM_SITE_TITLE = "PhotoPrism"; + PHOTOPRISM_SITE_CAPTION = "All the pictures!"; + PHOTOPRISM_SITE_DESCRIPTION = ""; + PHOTOPRISM_SITE_AUTHOR = ""; + }; + }; + # TODO: Why does it not work without these? :/ + systemd.services.photoprism.serviceConfig.User = lib.mkForce null; + systemd.services.photoprism.serviceConfig.Group = lib.mkForce null; + systemd.services.photoprism.serviceConfig.DynamicUser = lib.mkForce false; + systemd.services.photoprism.serviceConfig.SystemCallFilter = lib.mkForce []; + services.nginx.virtualHosts."foto.home" = mkVirtHost { + locations."/" = { + proxyPass = "http://localhost:${builtins.toString config.services.photoprism.port}"; + proxyWebsockets = true; + }; + extraConfig = '' + client_max_body_size 500M; + ''; + }; + + # === Restic User Backup === + services.resticConfigured = { + enable = true; + rootDir = "/data/dirty/restic"; + openFirewall = true; + }; + + # === Grafana === + services.grafanaHome = { + enable = true; + nginx.listenAddresses = [vpnIPv4 "[${vpnIPv6}]"]; + nginx.sslCertificate = sopsPath "nginx-cert-crt"; + nginx.sslCertificateKey = sopsPath "nginx-cert-key"; + grafana.adminPasswordFile = sopsPath "grafana-admin-password"; + }; + + # === Prometheus === + services.prometheus = { + enable = true; + enableReload = true; + exporters = { + fritzbox = { + enable = true; + gatewayAddress = "spof"; + }; + node = { + enable = true; + enabledCollectors = ["systemd"]; + disabledCollectors = ["diskstats"]; + }; + }; + scrapeConfigs = scrapedExporters {inherit (config.services.prometheus.exporters) fritzbox node;}; + }; + systemd.services."prometheus-fritzbox-exporter".serviceConfig.EnvironmentFile = sopsPath "fritzbox-exporter-env"; + # TODO: Yikes + systemd.services."prometheus-fritzbox-exporter".serviceConfig.ExecStart = let + cfg = config.services.prometheus.exporters.fritzbox; + in + lib.mkForce '' + ${pkgs.prometheus-fritzbox-exporter}/bin/fritzbox_exporter \ + -listen-address ${cfg.listenAddress}:${toString cfg.port} \ + -gateway-url http://${cfg.gatewayAddress}:${toString cfg.gatewayPort} \ + -gateway-luaurl http://${cfg.gatewayAddress} \ + -metrics-file ${pkgs.prometheus-fritzbox-exporter}/share/metrics.json \ + -lua-metrics-file ${pkgs.prometheus-fritzbox-exporter}/share/metrics-lua_cable.json + ''; + + # services.nginx.virtualHosts."media.home" = { + # locations."/" = { + # proxyPass = "http://127.0.0.1:7999"; + # proxyWebsockets = true; + # }; + # }; + + # services.nginx.virtualHosts."file.home" = { + # locations."/" = { + # proxyPass = "http://[::1]:${builtins.toString config.services.seafile.seafileSettings.fileserver.port}"; + # proxyWebsockets = true; + # }; + # }; + # networking.firewall.allowedTCPPorts = [config.services.seafile.seafileSettings.fileserver.port]; + + # === Print Service === + systemd.paths."print-all-files" = { + requires = ["printer.target"]; + after = ["printer.target"]; + wantedBy = ["default.target"]; + pathConfig = { + DirectoryNotEmpty = "/srv/to-be-printed"; + MakeDirectory = true; + DirectoryMode = "777"; + Unit = "print-all-files.service"; + }; + }; + systemd.services."print-all-files" = let + printAndDeleteFile = pkgs.writeShellApplication { + name = "print-and-delete-file"; + runtimeInputs = [ + pkgs.coreutils + pkgs.cups + ]; + text = '' + echo Printing "$1" + lp -- "$1" + rm "$1" + ''; + }; + script = pkgs.writeShellApplication { + name = "print-all-files-script"; + runtimeInputs = [ + pkgs.coreutils + printAndDeleteFile + ]; + text = '' + find . -type f -exec print-and-delete-file "{}" \; + ''; + }; + in { + requires = ["printer.target"]; + after = ["printer.target"]; + serviceConfig = { + WorkingDirectory = "/srv/to-be-printed"; + ExecStart = "${script}/bin/print-all-files-script"; + # Wait 15 seconds before restart to let the file load, if not present yet + RestartSec = "15"; + }; + }; + users.users.sftp = { + description = "User used for all sftp stuff"; + isNormalUser = true; + group = "sftp"; + openssh.authorizedKeys.keyFiles = [ + ../secrets/users/malte/sftp-key.pub + ../secrets/users/marie/sftp-key.pub ]; - passwordFile = sopsPath "internal-restic-password"; }; - }; + users.groups.sftp = {}; - # === RUNTIME SECRETS === - sops.defaultSopsFile = ../secrets/hosts/faunus-ater/secrets.yaml; - sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; - sops.secrets = { - "paperless-admin-password" = {}; - "photoprism-admin-password" = {}; - "grafana-admin-password" = { - owner = config.users.users.grafana.name; - mode = "0400"; - }; - "nginx-cert-key" = { - owner = config.users.users.nginx.name; - mode = "0400"; - }; - "nginx-cert-crt" = { - owner = config.users.users.nginx.name; - mode = "0400"; - }; - "fritzbox-exporter-env" = {}; - "internal-restic-password" = {}; - "nix-store-signing-key" = {}; - "hydra-admin-password" = { - owner = config.users.users.hydra.name; - mode = "0400"; - }; - "hydra-overseer-key" = { - owner = config.users.users.hydra.name; - mode = "0440"; - }; - }; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "22.05"; # Did you read the comment? + # === BACKUPS === + services.restic.backups = { + # Make sure my 'active IO' disk get's saved once a day + zdirty = { + initialize = true; + repository = "/data/archive/dirty.bak"; + timerConfig.OnCalendar = "daily"; + paths = lib.singleton "/data/dirty"; + pruneOpts = [ + "--keep-daily 1" + "--keep-weekly 1" + "--keep-monthly 1" + "--keep-yearly 5" + ]; + passwordFile = sopsPath "internal-restic-password"; + }; + }; + + # === RUNTIME SECRETS === + sops.defaultSopsFile = ../secrets/hosts/faunus-ater/secrets.yaml; + sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; + sops.secrets = { + "paperless-admin-password" = {}; + "photoprism-admin-password" = {}; + "grafana-admin-password" = { + owner = config.users.users.grafana.name; + mode = "0400"; + }; + "nginx-cert-key" = { + owner = config.users.users.nginx.name; + mode = "0400"; + }; + "nginx-cert-crt" = { + owner = config.users.users.nginx.name; + mode = "0400"; + }; + "fritzbox-exporter-env" = {}; + "internal-restic-password" = {}; + "nix-store-signing-key" = {}; + "hydra-admin-password" = { + owner = config.users.users.hydra.name; + mode = "0400"; + }; + "hydra-overseer-key" = { + owner = config.users.users.hydra.name; + mode = "0440"; + }; + }; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "22.05"; # Did you read the comment? + }; } diff --git a/hosts/granodomus-lima.nix b/hosts/granodomus-lima.nix index 18e8a2d..9ccf237 100644 --- a/hosts/granodomus-lima.nix +++ b/hosts/granodomus-lima.nix @@ -1,89 +1,91 @@ -{ - config, - pkgs, - ... -}: { - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.device = "/dev/sda"; +{pkgs, ...}: { + imports = [ + ../hardware/netcup-vps-200-g10.nix + ../modules/nginx-reverse-proxy.nix + ]; + config = { + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.device = "/dev/sda"; - networking.hostId = "94d74a20"; - networking.hostName = "granodomus-lima"; - networking.interfaces.ens3.useDHCP = true; + networking.hostId = "94d74a20"; + networking.hostName = "granodomus-lima"; + networking.interfaces.ens3.useDHCP = true; - settings.ssh.openOutsideVPN = true; + settings.ssh.openOutsideVPN = true; - users.users = { - root = { - hashedPassword = "$6$Yb1gdlKIpY1hRW1X$uUcNFuNnK2JFFN55Tkc.fPV.4I7RJvIfLEQayVP1utfkmjF0f/EHjtypxq11jR5NUUIJFQLW6ffajjduA2689."; - }; - }; - - sops.defaultSopsFile = ../secrets/hosts/granodomus-lima/secrets.yaml; - sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; - - # Run radicale with infcloud interface for me and Marie - services.radicaleWithInfcloud.enable = true; - - services.qemuGuest.enable = true; - - services.bind = { - enable = true; - cacheNetworks = ["any"]; - forwarders = ["100.100.100.100"]; - listenOn = ["any"]; - listenOnIpv6 = ["any"]; - zones."home" = let - granodomus-lima = { - v4 = "100.66.69.111"; - v6 = "fd7a:115c:a1e0:ab12:4843:cd96:6242:456f"; + users.users = { + root = { + hashedPassword = "$6$Yb1gdlKIpY1hRW1X$uUcNFuNnK2JFFN55Tkc.fPV.4I7RJvIfLEQayVP1utfkmjF0f/EHjtypxq11jR5NUUIJFQLW6ffajjduA2689."; }; - faunus-ater = { - v4 = "100.108.135.4"; - v6 = "fd7a:115c:a1e0:ab12:4843:cd96:626c:8704"; - }; - point = domain: host: '' - ${domain} AAAA ${host.v6} - ${domain} A ${host.v4} - ''; - in { - master = true; - # TODO: Fix TTLs - file = pkgs.writeText "home-zone" '' - $TTL 1 - @ IN SOA home. malte.home. ( - 5 ; Serial - 1 ; Refresh - 1 ; Retry - 1 ; Expire - 1) ; Negative Cache TTL - @ NS home. - ${point "home." granodomus-lima} - ${point "cal" granodomus-lima} - ${point "mc" granodomus-lima} - ${point "foto" faunus-ater} - ${point "doc" faunus-ater} - ${point "sheet" faunus-ater} - ${point "media" faunus-ater} - ${point "file" faunus-ater} - ${point "stats" faunus-ater} - ${point "cache" faunus-ater} - ${point "hydra" faunus-ater} - ${point "git" faunus-ater} - ${point "read" faunus-ater} - ${point "note" faunus-ater} - ${point "time" faunus-ater} - ''; }; - }; - networking.firewall.allowedTCPPorts = [53]; - networking.firewall.allowedUDPPorts = [53]; - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "21.05"; # Did you read the comment? + sops.defaultSopsFile = ../secrets/hosts/granodomus-lima/secrets.yaml; + sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; + + # Run radicale with infcloud interface for me and Marie + services.radicaleWithInfcloud.enable = true; + + services.qemuGuest.enable = true; + + services.bind = { + enable = true; + cacheNetworks = ["any"]; + forwarders = ["100.100.100.100"]; + listenOn = ["any"]; + listenOnIpv6 = ["any"]; + zones."home" = let + granodomus-lima = { + v4 = "100.66.69.111"; + v6 = "fd7a:115c:a1e0:ab12:4843:cd96:6242:456f"; + }; + faunus-ater = { + v4 = "100.108.135.4"; + v6 = "fd7a:115c:a1e0:ab12:4843:cd96:626c:8704"; + }; + point = domain: host: '' + ${domain} AAAA ${host.v6} + ${domain} A ${host.v4} + ''; + in { + master = true; + # TODO: Fix TTLs + file = pkgs.writeText "home-zone" '' + $TTL 1 + @ IN SOA home. malte.home. ( + 5 ; Serial + 1 ; Refresh + 1 ; Retry + 1 ; Expire + 1) ; Negative Cache TTL + @ NS home. + ${point "home." granodomus-lima} + ${point "cal" granodomus-lima} + ${point "mc" granodomus-lima} + ${point "foto" faunus-ater} + ${point "doc" faunus-ater} + ${point "sheet" faunus-ater} + ${point "media" faunus-ater} + ${point "file" faunus-ater} + ${point "stats" faunus-ater} + ${point "cache" faunus-ater} + ${point "hydra" faunus-ater} + ${point "git" faunus-ater} + ${point "read" faunus-ater} + ${point "note" faunus-ater} + ${point "time" faunus-ater} + ''; + }; + }; + networking.firewall.allowedTCPPorts = [53]; + networking.firewall.allowedUDPPorts = [53]; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "21.05"; # Did you read the comment? + }; } diff --git a/hosts/helix-texta.nix b/hosts/helix-texta.nix index b6eae57..12ca364 100644 --- a/hosts/helix-texta.nix +++ b/hosts/helix-texta.nix @@ -1,166 +1,177 @@ { - config, pkgs, - lib, - options, - flake, + inputs, ... }: { - boot = { - # Use the systemd-boot EFI boot loader. - loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - }; - }; - - networking = { - hostName = "helix-texta"; - networkmanager.enable = true; - }; - - nixpkgs.overlays = [ - flake.inputs.nixpkgs-wayland.overlay + imports = [ + inputs.nixos-hardware.nixosModules.common-cpu-intel + inputs.nixos-hardware.nixosModules.common-gpu-nvidia + inputs.nixos-hardware.nixosModules.common-pc-laptop + inputs.nixos-hardware.nixosModules.common-pc-laptop-ssd + inputs.nixos-hardware.nixosModules.common-pc-laptop-acpi_call + inputs.self.nixosModules.homeManagerConfig + inputs.custom-udev-rules.nixosModule + ../hardware/thinkpad-p1-gen3.nix + ../modules/light-actkbd.nix ]; - system.fsPackages = [pkgs.sshfs]; - - settings.minimalGnome.enable = true; - settings.printing.enable = true; - settings.batteryStuff.enable = true; - - # Pipewire for my wayland - sound.enable = false; - security.rtkit.enable = true; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - jack.enable = true; - - # config.pipewire-pulse."stream.properties" = { - # "channelmix.upmix" = true; - # "channelmix.lfe-cutoff" = 150; - # }; - - # config.pipewire = {"default.clock.allowed-rates" = [48000 44100];}; - - # media-session.config.media-session = lib.recursiveUpdate options.services.pipewire.media-session.config.media-session.default { - # "session.modules".default = options.services.pipewire.media-session.config.media-session.default."session.modules".default ++ ["default-profile"]; - # }; - - # media-session.config.alsa-monitor = { - # rules = [ - # { - # matches = [ - # { - # "node.name" = "alsa_output.usb-Focusrite_Scarlett_Solo_USB_Y7ENM550A6399B-00.pro-output-0"; - # } - # ]; - # actions = { - # update-props = { - # #"audio.rate" = 96000; - # "api.alsa.headroom" = 1024; - # }; - # }; - # } - # ]; - # }; - }; - xdg.portal = { - enable = true; - extraPortals = with pkgs; [xdg-desktop-portal-gtk xdg-desktop-portal-hyprland]; - }; - - services.udev.customRules = [ - # Rename the Scarlett Solo using udev - { - name = "85-scarlett-solo"; - rules = '' - SUBSYSTEM=="usb", ENV{ID_MODEL_ID}=="8211", ENV{ID_VENDOR_ID}=="1235", TAG+="systemd", SYMLINK+="scarlett_solo" - ''; - } - { - name = "85-yubikey"; - rules = '' - SUBSYSTEM=="usb", ENV{ID_MODEL_ID}=="0407", ENV{ID_VENDOR_ID}=="1050", TAG+="systemd", SYMLINK+="yubikey" - ''; - } - ]; - - security.pam = { - yubico = { - control = "sufficient"; - mode = "challenge-response"; - debug = false; + config = { + boot = { + # Use the systemd-boot EFI boot loader. + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; }; - # TODO: Update once my PR lands - services.login.yubicoAuth = true; - services.login.fprintAuth = true; - services.sshd.fprintAuth = false; - }; - # TODO: This is not good - services.fprintd.enable = true; - users.mutableUsers = false; - users.custom.malte.enable = true; + networking = { + hostName = "helix-texta"; + networkmanager.enable = true; + }; - # Use some fonts - fonts = { - enableDefaultFonts = true; - fonts = with pkgs; [hackNerdLigatures noto-fonts noto-fonts-cjk joypixels]; - fontconfig = { + nixpkgs.overlays = [ + inputs.nixpkgs-wayland.overlay + ]; + + system.fsPackages = [pkgs.sshfs]; + + settings.minimalGnome.enable = true; + settings.printing.enable = true; + settings.batteryStuff.enable = true; + + # Pipewire for my wayland + sound.enable = false; + security.rtkit.enable = true; + services.pipewire = { enable = true; - defaultFonts.monospace = ["Hack NF FC Ligatured"]; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + jack.enable = true; + + # config.pipewire-pulse."stream.properties" = { + # "channelmix.upmix" = true; + # "channelmix.lfe-cutoff" = 150; + # }; + + # config.pipewire = {"default.clock.allowed-rates" = [48000 44100];}; + + # media-session.config.media-session = lib.recursiveUpdate options.services.pipewire.media-session.config.media-session.default { + # "session.modules".default = options.services.pipewire.media-session.config.media-session.default."session.modules".default ++ ["default-profile"]; + # }; + + # media-session.config.alsa-monitor = { + # rules = [ + # { + # matches = [ + # { + # "node.name" = "alsa_output.usb-Focusrite_Scarlett_Solo_USB_Y7ENM550A6399B-00.pro-output-0"; + # } + # ]; + # actions = { + # update-props = { + # #"audio.rate" = 96000; + # "api.alsa.headroom" = 1024; + # }; + # }; + # } + # ]; + # }; }; - }; - - # Configure GPG with SSH support and enable the yubikey - programs.gnupg.agent = { - enable = true; - enableSSHSupport = true; - pinentryFlavor = "qt"; - }; - - # TODO: This defaults to true, why does it not work with virtualisation.containers.enable? - boot.enableContainers = false; - virtualisation = { - podman = { + xdg.portal = { enable = true; - # Create a `docker` alias for podman, to use it as a drop-in replacement - dockerCompat = true; - dockerSocket.enable = true; - defaultNetwork.settings.dns_enabled = true; + extraPortals = with pkgs; [xdg-desktop-portal-gtk xdg-desktop-portal-hyprland]; }; + + services.udev.customRules = [ + # Rename the Scarlett Solo using udev + { + name = "85-scarlett-solo"; + rules = '' + SUBSYSTEM=="usb", ENV{ID_MODEL_ID}=="8211", ENV{ID_VENDOR_ID}=="1235", TAG+="systemd", SYMLINK+="scarlett_solo" + ''; + } + { + name = "85-yubikey"; + rules = '' + SUBSYSTEM=="usb", ENV{ID_MODEL_ID}=="0407", ENV{ID_VENDOR_ID}=="1050", TAG+="systemd", SYMLINK+="yubikey" + ''; + } + ]; + + security.pam = { + yubico = { + control = "sufficient"; + mode = "challenge-response"; + debug = false; + }; + # TODO: Update once my PR lands + services.login.yubicoAuth = true; + services.login.fprintAuth = true; + services.sshd.fprintAuth = false; + }; + # TODO: This is not good + services.fprintd.enable = true; + + users.mutableUsers = false; + users.custom.malte.enable = true; + + # Use some fonts + fonts = { + enableDefaultFonts = true; + fonts = with pkgs; [hackNerdLigatures noto-fonts noto-fonts-cjk joypixels]; + fontconfig = { + enable = true; + defaultFonts.monospace = ["Hack NF FC Ligatured"]; + }; + }; + + # Configure GPG with SSH support and enable the yubikey + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + pinentryFlavor = "qt"; + }; + + # TODO: This defaults to true, why does it not work with virtualisation.containers.enable? + boot.enableContainers = false; + virtualisation = { + podman = { + enable = true; + # Create a `docker` alias for podman, to use it as a drop-in replacement + dockerCompat = true; + dockerSocket.enable = true; + defaultNetwork.settings.dns_enabled = true; + }; + }; + + programs.steam.enable = true; + nixpkgs.config.packageOverrides = pkgs: { + steam = pkgs.steam.override {extraPkgs = pkgs: [pkgs.openssl];}; + }; + + services.udev.packages = with pkgs; [yubikey-personalization chrysalis]; + + environment.systemPackages = with pkgs; [ + thunderbolt + qt5.qtwayland + chrysalis + ]; + # TODO: Remove when firefox' RDD is fixed (allows libva) + environment.variables."MOZ_DISABLE_RDD_SANDBOX" = "1"; + + services.fwupd.enable = true; + services.devmon.enable = true; + + sops.defaultSopsFile = ../secrets/hosts/helix-texta/secrets.yaml; + sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "20.09"; # Did you read the comment? }; - - programs.steam.enable = true; - nixpkgs.config.packageOverrides = pkgs: { - steam = pkgs.steam.override {extraPkgs = pkgs: [pkgs.openssl];}; - }; - - services.udev.packages = with pkgs; [yubikey-personalization chrysalis]; - - environment.systemPackages = with pkgs; [ - thunderbolt - qt5.qtwayland - chrysalis - ]; - # TODO: Remove when firefox' RDD is fixed (allows libva) - environment.variables."MOZ_DISABLE_RDD_SANDBOX" = "1"; - - services.fwupd.enable = true; - services.devmon.enable = true; - - sops.defaultSopsFile = ../secrets/hosts/helix-texta/secrets.yaml; - sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "20.09"; # Did you read the comment? } diff --git a/hosts/murex-pecten.nix b/hosts/murex-pecten.nix index b3e426f..81940a7 100644 --- a/hosts/murex-pecten.nix +++ b/hosts/murex-pecten.nix @@ -1,174 +1,186 @@ { pkgs, - flake, + inputs, ... }: { - # Use the systemd-boot EFI boot loader. - boot.loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - }; - - networking = { - hostName = "murex-pecten"; - networkmanager.enable = true; - }; - - system.fsPackages = [pkgs.sshfs]; - - nixpkgs.overlays = [ - flake.inputs.nixpkgs-wayland.overlay + imports = [ + inputs.nixos-hardware.nixosModules.common-pc + inputs.nixos-hardware.nixosModules.common-pc-ssd + inputs.nixos-hardware.nixosModules.common-cpu-amd + inputs.nixos-hardware.nixosModules.common-gpu-amd + inputs.self.nixosModules.homeManagerConfig + inputs.custom-udev-rules.nixosModule + ../hardware/aorus.nix ]; - settings.minimalGnome.enable = true; - settings.printing.enable = true; + config = { + # Use the systemd-boot EFI boot loader. + boot.loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; - sound.enable = true; - security.rtkit.enable = true; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - jack.enable = true; + networking = { + hostName = "murex-pecten"; + networkmanager.enable = true; + }; - # config.pipewire-pulse."stream.properties" = { - # "channelmix.upmix" = true; - # "channelmix.lfe-cutoff" = 150; - # }; + system.fsPackages = [pkgs.sshfs]; - # config.pipewire."default.clock.allowed-rates" = [48000 44100]; + nixpkgs.overlays = [ + inputs.nixpkgs-wayland.overlay + ]; - # media-session.config.alsa-monitor = { - # rules = [ - # { - # matches = [ - # { - # "node.name" = "alsa_output.usb-Focusrite_Scarlett_Solo_USB_Y7ENM550A6399B-00.pro-output-0"; - # } - # ]; - # actions = { - # update-props = { - # #"audio.rate" = 96000; - # "api.alsa.headroom" = 1024; - # }; - # }; - # } - # ]; - # }; - }; + settings.minimalGnome.enable = true; + settings.printing.enable = true; - xdg.portal = { - enable = true; - extraPortals = with pkgs; [xdg-desktop-portal-gtk xdg-desktop-portal-hyprland]; - }; - - hardware = { - opengl = { + sound.enable = true; + security.rtkit.enable = true; + services.pipewire = { enable = true; - driSupport = true; - driSupport32Bit = true; - extraPackages = with pkgs; [amdvlk]; - extraPackages32 = with pkgs; [driversi686Linux.amdvlk]; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + jack.enable = true; + + # config.pipewire-pulse."stream.properties" = { + # "channelmix.upmix" = true; + # "channelmix.lfe-cutoff" = 150; + # }; + + # config.pipewire."default.clock.allowed-rates" = [48000 44100]; + + # media-session.config.alsa-monitor = { + # rules = [ + # { + # matches = [ + # { + # "node.name" = "alsa_output.usb-Focusrite_Scarlett_Solo_USB_Y7ENM550A6399B-00.pro-output-0"; + # } + # ]; + # actions = { + # update-props = { + # #"audio.rate" = 96000; + # "api.alsa.headroom" = 1024; + # }; + # }; + # } + # ]; + # }; }; - }; - users.mutableUsers = false; - users.custom.marie.enable = false; - users.custom.malte.enable = true; - - fonts = { - enableDefaultFonts = true; - fonts = with pkgs; [hackNerdLigatures noto-fonts noto-fonts-cjk joypixels]; - fontconfig = { + xdg.portal = { enable = true; - defaultFonts.monospace = ["Hack NF FC Ligatured"]; + extraPortals = with pkgs; [xdg-desktop-portal-gtk xdg-desktop-portal-hyprland]; }; - }; - # Configure GPG with SSH support and enable the yubikey - programs.gnupg.agent = { - enable = true; - enableSSHSupport = true; - pinentryFlavor = "qt"; - }; - - security.pam = { - yubico = { - enable = false; - mode = "challenge-response"; - control = "sufficient"; + hardware = { + opengl = { + enable = true; + driSupport = true; + driSupport32Bit = true; + extraPackages = with pkgs; [amdvlk]; + extraPackages32 = with pkgs; [driversi686Linux.amdvlk]; + }; }; - services.login.yubicoAuth = true; - }; - # TODO: Remove/Move - services.mysql.enable = true; - services.mysql.package = pkgs.mariadb; + users.mutableUsers = false; + users.custom.marie.enable = false; + users.custom.malte.enable = true; - services.udev.customRules = [ - # Rename the Scarlett Solo using udev - { - name = "85-scarlett-solo"; - rules = '' - SUBSYSTEM=="usb", ENV{ID_MODEL_ID}=="8211", ENV{ID_VENDOR_ID}=="1235", TAG+="systemd", SYMLINK+="scarlett_solo" - ''; - } - { - name = "85-yubikey"; - rules = '' - SUBSYSTEM=="usb", ENV{ID_MODEL_ID}=="0407", ENV{ID_VENDOR_ID}=="1050", TAG+="systemd", SYMLINK+="yubikey" - ''; - } - ]; + fonts = { + enableDefaultFonts = true; + fonts = with pkgs; [hackNerdLigatures noto-fonts noto-fonts-cjk joypixels]; + fontconfig = { + enable = true; + defaultFonts.monospace = ["Hack NF FC Ligatured"]; + }; + }; - # TODO: This defaults to true, why does it not work with virtualisation.containers.enable? - boot.enableContainers = false; - virtualisation = { - podman = { + # Configure GPG with SSH support and enable the yubikey + programs.gnupg.agent = { enable = true; - # Create a `docker` alias for podman, to use it as a drop-in replacement - dockerCompat = true; - dockerSocket.enable = true; + enableSSHSupport = true; + pinentryFlavor = "qt"; }; + + security.pam = { + yubico = { + enable = false; + mode = "challenge-response"; + control = "sufficient"; + }; + services.login.yubicoAuth = true; + }; + + # TODO: Remove/Move + services.mysql.enable = true; + services.mysql.package = pkgs.mariadb; + + services.udev.customRules = [ + # Rename the Scarlett Solo using udev + { + name = "85-scarlett-solo"; + rules = '' + SUBSYSTEM=="usb", ENV{ID_MODEL_ID}=="8211", ENV{ID_VENDOR_ID}=="1235", TAG+="systemd", SYMLINK+="scarlett_solo" + ''; + } + { + name = "85-yubikey"; + rules = '' + SUBSYSTEM=="usb", ENV{ID_MODEL_ID}=="0407", ENV{ID_VENDOR_ID}=="1050", TAG+="systemd", SYMLINK+="yubikey" + ''; + } + ]; + + # TODO: This defaults to true, why does it not work with virtualisation.containers.enable? + boot.enableContainers = false; + virtualisation = { + podman = { + enable = true; + # Create a `docker` alias for podman, to use it as a drop-in replacement + dockerCompat = true; + dockerSocket.enable = true; + }; + }; + + programs.steam.enable = true; + programs.corectrl.enable = true; + + services.dbus.packages = with pkgs; [openrgb]; + services.udev.packages = with pkgs; [ + yubikey-personalization + chrysalis + openrgb + i2c-tools + gnome3.gnome-settings-daemon + qmk-udev-rules + vial + ]; + + sops.defaultSopsFile = ../secrets/hosts/murex-pecten/secrets.yaml; + sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; + + environment.systemPackages = with pkgs; [ + qt5.qtwayland + thunderbolt + chrysalis + openrgb + gnomeExtensions.appindicator + qmk + vial + ]; + + services.fwupd.enable = true; + services.devmon.enable = true; + services.ratbagd.enable = true; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "21.11"; # Did you read the comment? }; - - programs.steam.enable = true; - programs.corectrl.enable = true; - - services.dbus.packages = with pkgs; [openrgb]; - services.udev.packages = with pkgs; [ - yubikey-personalization - chrysalis - openrgb - i2c-tools - gnome3.gnome-settings-daemon - qmk-udev-rules - vial - ]; - - sops.defaultSopsFile = ../secrets/hosts/murex-pecten/secrets.yaml; - sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; - - environment.systemPackages = with pkgs; [ - qt5.qtwayland - thunderbolt - chrysalis - openrgb - gnomeExtensions.appindicator - qmk - vial - ]; - - services.fwupd.enable = true; - services.devmon.enable = true; - services.ratbagd.enable = true; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "21.11"; # Did you read the comment? } diff --git a/hosts/polymita-picta.nix b/hosts/polymita-picta.nix index eb318c7..bbc959f 100644 --- a/hosts/polymita-picta.nix +++ b/hosts/polymita-picta.nix @@ -1,64 +1,75 @@ -{pkgs, ...}: { - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = false; - networking.hostName = "polymita-picta"; - networking.networkmanager.enable = true; +{ + pkgs, + inputs, + ... +}: { + imports = [ + inputs.self.nixosModules.homeManagerConfig + (inputs.jovian-nixos + "/modules") + ../hardware/steam-deck.nix + ]; + config = { + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = false; + networking.hostName = "polymita-picta"; + networking.networkmanager.enable = true; - # === Settings === - settings.ssh.openOutsideVPN = true; + # === Settings === + settings.ssh.openOutsideVPN = true; - hardware.pulseaudio.enable = false; + hardware.pulseaudio.enable = false; - services.xserver.enable = true; - services.xserver.desktopManager.plasma5.enable = true; - services.xserver.displayManager = { - lightdm.enable = true; - autoLogin = { - enable = true; - user = "malte"; + services.xserver.enable = true; + services.xserver.desktopManager.plasma5.enable = true; + services.xserver.displayManager = { + lightdm.enable = true; + autoLogin = { + enable = true; + user = "malte"; + }; }; + + services.openssh = { + enable = true; + settings.PasswordAuthentication = false; + settings.KbdInteractiveAuthentication = false; + }; + + programs.dconf.enable = true; + + users = { + mutableUsers = false; + defaultUserShell = pkgs.fish; + custom.malte.enable = true; + custom.malte.steamDeck = true; + }; + + environment.systemPackages = with pkgs; [ + steam-rom-manager + ]; + + security.sudo.extraRules = [ + { + users = ["malte"]; + commands = [ + { + command = "ALL"; + options = ["NOPASSWD"]; + } + ]; + } + ]; + + jovian.devices.steamdeck.enable = true; + jovian.steam.enable = true; + jovian.devices.steamdeck.enableVendorRadv = false; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "22.11"; # Did you read the comment? }; - - services.openssh = { - enable = true; - settings.PasswordAuthentication = false; - settings.KbdInteractiveAuthentication = false; - }; - - programs.dconf.enable = true; - - users = { - mutableUsers = false; - defaultUserShell = pkgs.fish; - custom.malte.enable = true; - custom.malte.steamDeck = true; - }; - - environment.systemPackages = with pkgs; [ - steam-rom-manager - ]; - - security.sudo.extraRules = [ - { - users = ["malte"]; - commands = [ - { - command = "ALL"; - options = ["NOPASSWD"]; - } - ]; - } - ]; - - jovian.devices.steamdeck.enable = true; - jovian.steam.enable = true; - jovian.devices.steamdeck.enableVendorRadv = false; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "22.11"; # Did you read the comment? } diff --git a/hosts/trochulus-hispidus.nix b/hosts/trochulus-hispidus.nix index 30c0c87..313a350 100644 --- a/hosts/trochulus-hispidus.nix +++ b/hosts/trochulus-hispidus.nix @@ -1,96 +1,105 @@ { - config, pkgs, + inputs, ... }: { - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; + imports = [ + inputs.nixos-hardware.nixosModules.common-cpu-intel + inputs.nixos-hardware.nixosModules.common-pc-laptop + inputs.nixos-hardware.nixosModules.common-pc-laptop-ssd + inputs.self.nixosModules.homeManagerConfig + ../hardware/latitude-e7440.nix + ]; + config = { + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; - networking.hostName = "trochulus-hispidus"; + networking.hostName = "trochulus-hispidus"; - networking.interfaces.eno1.useDHCP = true; - networking.interfaces.wlp2s0.useDHCP = true; + networking.interfaces.eno1.useDHCP = true; + networking.interfaces.wlp2s0.useDHCP = true; - settings.minimalGnome.enable = true; - settings.printing.enable = true; + settings.minimalGnome.enable = true; + settings.printing.enable = true; - hardware = { - opengl = { - enable = true; - driSupport = true; - driSupport32Bit = true; - extraPackages = with pkgs; [ - intel-media-driver - vaapiIntel - vaapiVdpau - libvdpau-va-gl - ]; + hardware = { + opengl = { + enable = true; + driSupport = true; + driSupport32Bit = true; + extraPackages = with pkgs; [ + intel-media-driver + vaapiIntel + vaapiVdpau + libvdpau-va-gl + ]; - extraPackages32 = with pkgs.pkgsi686Linux; [vaapiIntel]; + extraPackages32 = with pkgs.pkgsi686Linux; [vaapiIntel]; + }; }; + + # Make sure her settings are all in German since she prefers it that way! + i18n.defaultLocale = "de_DE.UTF-8"; + console = { + font = "Lat2-Terminus16"; + keyMap = "de"; + }; + services.xserver.layout = "de"; + + # TODO: Remove when firefox' RDD is fixed (allows libva) + environment.variables."MOZ_DISABLE_RDD_SANDBOX" = "1"; + + # Enable the X11 windowing system. + services.xserver = { + enable = true; + # Enable the GNOME Desktop Environment. + displayManager.gdm.enable = true; + desktopManager.gnome.enable = true; + + libinput.enable = true; + libinput.mouse.accelProfile = "flat"; + libinput.touchpad.accelProfile = "flat"; + }; + # But disable geary in favour of evolution + programs.geary.enable = false; + programs.evolution.enable = true; + + services.fprintd.enable = true; + services.fwupd.enable = true; + services.devmon.enable = true; + + # Enable sound. + sound.enable = true; + hardware.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + }; + xdg.portal = { + enable = true; + extraPortals = [pkgs.xdg-desktop-portal-wlr]; + }; + + users = { + mutableUsers = false; + custom.marie.enable = true; + }; + + fonts = { + enableDefaultFonts = true; + fonts = with pkgs; [hackNerdLigatures noto-fonts noto-fonts-cjk joypixels]; + fontconfig = {enable = true;}; + }; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "21.11"; # Did you read the comment? }; - - # Make sure her settings are all in German since she prefers it that way! - i18n.defaultLocale = "de_DE.UTF-8"; - console = { - font = "Lat2-Terminus16"; - keyMap = "de"; - }; - services.xserver.layout = "de"; - - # TODO: Remove when firefox' RDD is fixed (allows libva) - environment.variables."MOZ_DISABLE_RDD_SANDBOX" = "1"; - - # Enable the X11 windowing system. - services.xserver = { - enable = true; - # Enable the GNOME Desktop Environment. - displayManager.gdm.enable = true; - desktopManager.gnome.enable = true; - - libinput.enable = true; - libinput.mouse.accelProfile = "flat"; - libinput.touchpad.accelProfile = "flat"; - }; - # But disable geary in favour of evolution - programs.geary.enable = false; - programs.evolution.enable = true; - - services.fprintd.enable = true; - services.fwupd.enable = true; - services.devmon.enable = true; - - # Enable sound. - sound.enable = true; - hardware.pulseaudio.enable = false; - security.rtkit.enable = true; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - }; - xdg.portal = { - enable = true; - extraPortals = [pkgs.xdg-desktop-portal-wlr]; - }; - - users = { - mutableUsers = false; - custom.marie.enable = true; - }; - - fonts = { - enableDefaultFonts = true; - fonts = with pkgs; [hackNerdLigatures noto-fonts noto-fonts-cjk joypixels]; - fontconfig = {enable = true;}; - }; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "21.11"; # Did you read the comment? } diff --git a/modules/malte.nix b/modules/malte.nix index 45bdb9c..acc890c 100644 --- a/modules/malte.nix +++ b/modules/malte.nix @@ -2,7 +2,7 @@ pkgs, lib, config, - flake, + inputs, ... }: let cfg = config.users.custom.malte; @@ -38,7 +38,7 @@ in { openssh.authorizedKeys.keyFiles = [../users/malte/yubikey.pub]; }; - home-manager.users.malte.imports = [../users/malte/home.nix flake.inputs.nix-colors.homeManagerModule flake.inputs.hyprland.homeManagerModules.default]; + home-manager.users.malte.imports = [../users/malte/home.nix inputs.nix-colors.homeManagerModule inputs.hyprland.homeManagerModules.default]; programs.fish.enable = true; services.darkman.enable = !cfg.steamDeck; diff --git a/pkgs/all-hosts.nix b/pkgs/all-hosts.nix new file mode 100644 index 0000000..1a8d103 --- /dev/null +++ b/pkgs/all-hosts.nix @@ -0,0 +1,16 @@ +{ + writeShellApplication, + jq, + nix, + ... +}: +writeShellApplication { + name = "all-hosts"; + runtimeInputs = [ + jq + nix + ]; + text = '' + nix eval --json .#nixosConfigurations --apply builtins.attrNames 2>/dev/null | jq -r .[] + ''; +} diff --git a/pkgs/option.nix b/pkgs/option.nix new file mode 100644 index 0000000..ba64252 --- /dev/null +++ b/pkgs/option.nix @@ -0,0 +1,14 @@ +{ + writeShellApplication, + coreutils, + nix, + ... +}: +writeShellApplication { + name = "option"; + runtimeInputs = [ + coreutils + nix + ]; + text = builtins.readFile ../scripts/option.sh; +} diff --git a/pkgs/personal-cache.nix b/pkgs/personal-cache.nix new file mode 100644 index 0000000..b999747 --- /dev/null +++ b/pkgs/personal-cache.nix @@ -0,0 +1,14 @@ +{ + writeShellApplication, + coreutils, + nix, + ... +}: +writeShellApplication { + name = "personal-cache"; + runtimeInputs = [ + coreutils + nix + ]; + text = builtins.readFile ../scripts/personal-cache.sh; +} diff --git a/pkgs/rebuild.nix b/pkgs/rebuild.nix new file mode 100644 index 0000000..dff7440 --- /dev/null +++ b/pkgs/rebuild.nix @@ -0,0 +1,18 @@ +{ + writeShellApplication, + coreutils, + git, + nixos-rebuild, + callPackage, + ... +}: +writeShellApplication { + name = "rebuild"; + runtimeInputs = [ + coreutils + git + (callPackage ./personal-cache.nix {}) + nixos-rebuild + ]; + text = builtins.readFile ../scripts/rebuild.sh; +} diff --git a/pkgs/test-config.nix b/pkgs/test-config.nix new file mode 100644 index 0000000..6a1b79e --- /dev/null +++ b/pkgs/test-config.nix @@ -0,0 +1,20 @@ +{ + writeShellApplication, + coreutils, + nix, + nixos-rebuild, + bat, + callPackage, + ... +}: +writeShellApplication { + name = "test-config"; + runtimeInputs = [ + coreutils + nix + (callPackage ./all-hosts.nix {}) + nixos-rebuild + bat + ]; + text = builtins.readFile ../scripts/test-config.sh; +} diff --git a/scripts/notmuch-new.sh b/scripts/notmuch-new.sh index 5311c67..d6677f1 100644 --- a/scripts/notmuch-new.sh +++ b/scripts/notmuch-new.sh @@ -1,3 +1,5 @@ +#!/bin/sh + # Script to be run after mailboxes have been synchronized # Expects `notmuch` in the PATH diff --git a/scripts/option.sh b/scripts/option.sh index 89e01fa..c107b8d 100644 --- a/scripts/option.sh +++ b/scripts/option.sh @@ -1,3 +1,4 @@ +#!/bin/bash function print_help() { printf "Usage:" diff --git a/scripts/personal-cache.sh b/scripts/personal-cache.sh index cd4fd5d..db7981b 100644 --- a/scripts/personal-cache.sh +++ b/scripts/personal-cache.sh @@ -1,3 +1,4 @@ +#!/bin/bash store="http://cache.home" diff --git a/scripts/rebuild.sh b/scripts/rebuild.sh index 348ea16..f7ba75f 100644 --- a/scripts/rebuild.sh +++ b/scripts/rebuild.sh @@ -1,3 +1,4 @@ +#!/bin/bash function print_help() { printf "Usage:" @@ -13,17 +14,17 @@ action=$1 case "$action" in "switch" | "boot" | "test") - optSudo=sudo - ;; + optSudo=sudo + ;; *) - optSudo= - ;; + optSudo= + ;; esac -ARGS=( "$action" ) +ARGS=("$action") if personal-cache --ping; then - ARGS+=( "--option" "extra-substituters" "$(personal-cache --url)" ) + ARGS+=("--option" "extra-substituters" "$(personal-cache --url)") printf "Cache is up and running!\n" else printf "Cache is down!\n" @@ -31,10 +32,10 @@ fi if [ -n "${2+x}" ]; then host=$2 - ARGS+=( "--build-host" "root@$host" "--target-host" "root@$host" "--flake" ".#${host}" ) + ARGS+=("--build-host" "root@$host" "--target-host" "root@$host" "--flake" ".#${host}") printf "Building on %s!\n" "$host" else - ARGS+=( "--flake" "." ) + ARGS+=("--flake" "." "--show-trace") printf "Building on localhost!\n" fi diff --git a/scripts/test-config.sh b/scripts/test-config.sh index 0f3e580..e8d7d69 100644 --- a/scripts/test-config.sh +++ b/scripts/test-config.sh @@ -1,8 +1,9 @@ +#!/bin/bash for host in $(all-hosts); do printf -- "-> Checking %s.. " "$host" - if nixos-rebuild --flake ".#$host" dry-build 2> /tmp/build-output; then + if nixos-rebuild --show-trace --flake ".#$host" dry-build 2>/tmp/build-output; then printf "ok\n" else printf "failed!\n"