Infinidoge/universe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

flake: reformat with nixfmt

Browse source
This commit is contained in:
Infinidoge 2025-01-28 20:33:04 -05:00
parent a79e641851
commit eaf4f56ac0
Signed by: Infinidoge
SSH key fingerprint: SHA256:oAMyvotlNFraMmZmr+p6AxnNfW/GioTs1pOn3V4tQ7A
117 changed files with 2667 additions and 1592 deletions
Download patch file Download diff file Expand all files Collapse all files

8
modules/functionality/soft-serve.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
with lib.our;
let
@ -88,4 +93,3 @@ in
];
};
}

19
modules/functionality/ssh-tunnel.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
let
cfg = config.services.ssh-tunnel;
@ -50,11 +55,13 @@ in
local = mkParams "-L" cfg.forwards.local;
remote = mkParams "-R" cfg.forwards.remote;
options = mkParams "-o" (mapAttrsToList (n: v: "${n}=${toString v}") {
ServerAliveInterval = 60;
ExitOnForwardFailure = "yes";
KbdInteractiveAuthentication = "no";
});
options = mkParams "-o" (
mapAttrsToList (n: v: "${n}=${toString v}") {
ServerAliveInterval = 60;
ExitOnForwardFailure = "yes";
KbdInteractiveAuthentication = "no";
}
);
in
{
script = ''

41
modules/global/backup.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
# Borg Backup public key:
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINhldH579ixPRSBtTjnzWoDCNyUxUSl1BjogWN3keYBR borg@universe
# This is used to connect to my rsync.net
@ -7,11 +12,7 @@ with lib.our;
let
append = root: path: (root + "/" + path);
excludes' = concatLists
(mapAttrsToList
(root: map (append root))
cfg.excludes
);
excludes' = concatLists (mapAttrsToList (root: map (append root)) cfg.excludes);
commonArgs = {
environment = {
@ -36,12 +37,19 @@ let
};
};
mkJob = paths: commonArgs // {
inherit paths;
inherit (cfg) repo;
exclude = map (append paths) (excludes' ++ cfg.extraExcludes);
startAt = if cfg.backupTimes ? "${config.networking.hostName}" then "*-*-* ${cfg.backupTimes.${config.networking.hostName}}" else [ ];
};
mkJob =
paths:
commonArgs
// {
inherit paths;
inherit (cfg) repo;
exclude = map (append paths) (excludes' ++ cfg.extraExcludes);
startAt =
if cfg.backupTimes ? "${config.networking.hostName}" then
"*-*-* ${cfg.backupTimes.${config.networking.hostName}}"
else
[ ];
};
cfg = config.modules.backups;
in
@ -106,11 +114,12 @@ in
(mkIf cfg.enable {
services.borgbackup.jobs = mapAttrs (_: mkJob) cfg.jobs;
systemd.timers = lib.mapAttrs'
(n: _: lib.nameValuePair "borgbackup-job-${n}" {
systemd.timers = lib.mapAttrs' (
n: _:
lib.nameValuePair "borgbackup-job-${n}" {
requires = [ "network-online.target" ];
})
cfg.jobs;
}
) cfg.jobs;
persist.directories = [
"/root/.cache/borg"

4
modules/global/caches/personal.nix
View file

@ -2,7 +2,9 @@
{
nix.settings = {
substituters = lib.flatten [
(lib.optional (config.networking.hostName != "Infini-DESKTOP" && config.info.loc.home) "ssh://infini-desktop?priority=9")
(lib.optional (
config.networking.hostName != "Infini-DESKTOP" && config.info.loc.home
) "ssh://infini-desktop?priority=9")
"https://hydra.inx.moe?priority=10"
];
trusted-public-keys = [

8
modules/global/general.nix
View file

@ -1,4 +1,10 @@
{ config, common, secrets, lib, ... }:
{
config,
common,
secrets,
lib,
...
}:
{
programs = {
# Enable dconf for programs that need it

8
modules/global/home-manager.nix
View file

@ -1,4 +1,10 @@
{ config, lib, pkgs, ... }: {
{
config,
lib,
pkgs,
...
}:
{
home-manager = {
useUserPackages = lib.mkDefault true;
useGlobalPkgs = true;

12
modules/global/networking.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, private, ... }:
{
config,
pkgs,
private,
...
}:
{
imports = [ private.nixosModules.networking ];
@ -27,7 +32,10 @@
#"100.100.100.100"
];
firewall.trustedInterfaces = [ "br-+" "tailscale0" ];
firewall.trustedInterfaces = [
"br-+"
"tailscale0"
];
nftables = {
enable = true;

36
modules/global/nix.nix
View file

@ -1,6 +1,17 @@
{ config, inputs, pkgs, lib, ... }:
{
config,
inputs,
pkgs,
lib,
...
}:
let
inherit (lib) mkIf mkDefault filterAttrs mapAttrs';
inherit (lib)
mkIf
mkDefault
filterAttrs
mapAttrs'
;
in
{
nix = {
@ -8,9 +19,19 @@ in
settings = {
allowed-users = [ "*" ];
trusted-users = [ "root" "@wheel" "remotebuild" "nix-ssh" ];
trusted-users = [
"root"
"@wheel"
"remotebuild"
"nix-ssh"
];
system-features = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
system-features = [
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
];
experimental-features = [
"flakes"
"nix-command"
@ -52,7 +73,12 @@ in
let
flakes = filterAttrs (n: v: v ? outputs) inputs;
in
(mapAttrs' (n: v: { name = if n == "self" then "universe" else n; value = { flake = v; }; }) flakes)
(mapAttrs' (n: v: {
name = if n == "self" then "universe" else n;
value = {
flake = v;
};
}) flakes)
// {
nixpkgs-git = {
exact = false;

13
modules/global/options.nix
View file

@ -1,5 +1,10 @@
# Heavily inspired by hlissner: https://github.com/hlissner/dotfiles/blob/master/modules/options.nix
{ config, options, lib, ... }:
{
config,
options,
lib,
...
}:
with lib;
with lib.our;
let
@ -40,7 +45,11 @@ in
universe = {
packages = packageListOpt;
shellAliases = mkOpt (attrsOf str) { };
variables = mkOpt (attrsOf (oneOf [ (listOf str) str path ])) { };
variables = mkOpt (attrsOf (oneOf [
(listOf str)
str
path
])) { };
media.enable = mkBoolOpt false;
minimal.enable = mkBoolOpt false;
};

169
modules/global/packages.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
{
# Use the latest Linux kernel
boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
@ -7,80 +12,96 @@
environment.defaultPackages = lib.mkForce [ ];
# Packages wanted everywhere
universe.packages = with pkgs; [
universe-cli
universe.packages =
with pkgs;
[
universe-cli
agenix
bat
cloc
cryptsetup
curl
difftastic
direnv
dnsutils
erdtree
eza
fd
fzf
gnumake
gptfdisk
gum
htop
hyfetch
iputils
jq
man-pages
man-pages-posix
nmap
openssl
parallel
parted
pciutils
perl
rhash
ripgrep
rsync
skim
sshfs
strace
tealdeer
unixtools.whereis
unrar-wrapper
unzip
util-linux
wget
whois
xxHash
yq
zip
] ++ (lib.optionals config.universe.media.enable (with pkgs; [
ghostscript
graphviz
imagemagick
pandoc
yt-dlp
]));
agenix
bat
cloc
cryptsetup
curl
difftastic
direnv
dnsutils
erdtree
eza
fd
fzf
gnumake
gptfdisk
gum
htop
hyfetch
iputils
jq
man-pages
man-pages-posix
nmap
openssl
parallel
parted
pciutils
perl
rhash
ripgrep
rsync
skim
sshfs
strace
tealdeer
unixtools.whereis
unrar-wrapper
unzip
util-linux
wget
whois
xxHash
yq
zip
]
++ (lib.optionals config.universe.media.enable (
with pkgs;
[
ghostscript
graphviz
imagemagick
pandoc
yt-dlp
]
));
environment.systemPackages = config.universe.packages ++ (with pkgs; [
binutils
btrfs-progs
bubblewrap
compsize
coreutils-doge
dosfstools
exfat # Windows drives
kitty.terminfo
ntfs3g # Windows drives
smartmontools
usbutils
environment.systemPackages =
config.universe.packages
++ (with pkgs; [
binutils
btrfs-progs
bubblewrap
compsize
coreutils-doge
dosfstools
exfat # Windows drives
kitty.terminfo
ntfs3g # Windows drives
smartmontools
usbutils
# covered by home manager
git
vim
]) ++ (lib.optionals config.info.graphical (with pkgs; [
arandr
])) ++ (lib.optionals config.universe.media.enable (with pkgs; [
ffmpeg-full
mpv
]));
# covered by home manager
git
vim
])
++ (lib.optionals config.info.graphical (
with pkgs;
[
arandr
]
))
++ (lib.optionals config.universe.media.enable (
with pkgs;
[
ffmpeg-full
mpv
]
));
}

15
modules/global/persist.nix
View file

@ -6,13 +6,22 @@ in
persist = {
directories = flatten [
"/home"
{ directory = "/etc/nixos"; user = "infinidoge"; }
{ directory = "/etc/nixos-private"; user = "infinidoge"; }
{
directory = "/etc/nixos";
user = "infinidoge";
}
{
directory = "/etc/nixos-private";
user = "infinidoge";
}
"/var/log"
"/var/lib/nixos"
"/var/lib/systemd/"
{ directory = "/var/lib/tailscale"; mode = "0700"; }
{
directory = "/var/lib/tailscale";
mode = "0700";
}
"/root/.ssh"

86
modules/global/programming.nix
View file

@ -1,33 +1,39 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
let
inherit (lib) flip;
inherit (lib.our) mkBoolOpt' addPackageLists;
cfg = config.universe.programming;
programmingOpt' = kind: flip mkBoolOpt' "Programming: ${kind}";
programmingOpt = flip programmingOpt' cfg.all.enable;
in
{
options.universe.programming = (addPackageLists {
base.enable = programmingOpt' "Base packages" true;
options.universe.programming =
(addPackageLists {
base.enable = programmingOpt' "Base packages" true;
c.enable = programmingOpt' "C" true;
csharp.enable = programmingOpt "C#";
haskell.enable = programmingOpt "Haskell";
java.enable = programmingOpt "Java";
lua.enable = programmingOpt "Lua";
nim.enable = programmingOpt "Nim";
python.enable = programmingOpt' "Python" true;
racket.enable = programmingOpt "Racket";
rust.enable = programmingOpt "Rust";
zig.enable = programmingOpt "Zig";
latex.enable = programmingOpt "LaTeX";
html.enable = programmingOpt "HTML";
}) // {
all.enable = programmingOpt' "All languages" false;
};
c.enable = programmingOpt' "C" true;
csharp.enable = programmingOpt "C#";
haskell.enable = programmingOpt "Haskell";
java.enable = programmingOpt "Java";
lua.enable = programmingOpt "Lua";
nim.enable = programmingOpt "Nim";
python.enable = programmingOpt' "Python" true;
racket.enable = programmingOpt "Racket";
rust.enable = programmingOpt "Rust";
zig.enable = programmingOpt "Zig";
latex.enable = programmingOpt "LaTeX";
html.enable = programmingOpt "HTML";
})
// {
all.enable = programmingOpt' "All languages" false;
};
config = {
universe.programming = with pkgs; {
@ -60,7 +66,6 @@ in
cabal2nix
];
java.packages = [
openjdk
clang-tools
@ -75,15 +80,17 @@ in
];
python.packages = [
(python312.withPackages (p: with p; [
black
isort
jupyter
mypy
pip
pyflakes
pytest
]))
(python312.withPackages (
p: with p; [
black
isort
jupyter
mypy
pip
pyflakes
pytest
]
))
pipenv
ruff
];
@ -93,12 +100,15 @@ in
];
rust.packages = [
(rust-bin.selectLatestNightlyWith (toolchain: toolchain.default.override {
extensions = [
"rust-src"
"rust-analyzer"
];
}))
(rust-bin.selectLatestNightlyWith (
toolchain:
toolchain.default.override {
extensions = [
"rust-src"
"rust-analyzer"
];
}
))
gcc
];
@ -142,9 +152,9 @@ in
];
};
universe.packages = lib.concatMap
(v: lib.optionals (v ? packages && v.enable) v.packages)
(lib.attrValues cfg);
universe.packages = lib.concatMap (v: lib.optionals (v ? packages && v.enable) v.packages) (
lib.attrValues cfg
);
programs.java.enable = cfg.java.enable;

15
modules/global/security.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
let
inherit (config.nixpkgs.hostPlatform) system;
@ -32,8 +37,12 @@ in
hardware = {
enableRedistributableFirmware = mkDefault true;
cpu.intel.updateMicrocode = mkDefault (config.hardware.enableRedistributableFirmware && system == "x86_64-linux");
cpu.amd.updateMicrocode = mkDefault (config.hardware.enableRedistributableFirmware && system == "x86_64-linux");
cpu.intel.updateMicrocode = mkDefault (
config.hardware.enableRedistributableFirmware && system == "x86_64-linux"
);
cpu.amd.updateMicrocode = mkDefault (
config.hardware.enableRedistributableFirmware && system == "x86_64-linux"
);
};
users.mutableUsers = false;

8
modules/global/shell.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
let
ifSudo = lib.mkIf config.security.sudo.enable;
ifSudo' = text: if config.security.sudo.enable then "sudo ${text}" else text;
@ -43,7 +48,6 @@ in
gcd = "cd $(git root || echo \".\")";
ucd = "cd $(uni cd || echo \".\")";
# grep
grep = "rg";
gi = "grep -i";

15
modules/global/ssh.nix
View file

@ -12,14 +12,19 @@ with lib;
ClientAliveInterval = 60;
TCPKeepAlive = "yes";
};
hostKeys = mkDefault [{
path = "/etc/ssh/ssh_host_ed25519_key";
type = "ed25519";
}];
hostKeys = mkDefault [
{
path = "/etc/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
];
knownHosts = {
"github.com" = {
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl";
extraHostNames = [ "ssh.github.com" "ssh.github.com:443" ];
extraHostNames = [
"ssh.github.com"
"ssh.github.com:443"
];
};
};
};

10
modules/global/virtualisation.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
with lib.our;
let
@ -16,7 +21,8 @@ in
};
programs.dconf.enable = mkIf cfg.libvirtd.enable true;
environment.systemPackages = (optional cfg.libvirtd.enable pkgs.virt-manager)
environment.systemPackages =
(optional cfg.libvirtd.enable pkgs.virt-manager)
++ (optional cfg.docker.enable pkgs.docker-compose);
persist.directories = optional cfg.libvirtd.enable "/var/lib/libvirt";
};

49
modules/modules/desktop/gaming.nix
View file

@ -1,4 +1,10 @@
{ config, options, lib, pkgs, ... }:
{
config,
options,
lib,
pkgs,
...
}:
with lib;
with lib.our;
let
@ -32,16 +38,23 @@ in
config = mkMerge [
{
assertions = [{
assertion = (any id (with cfg; [
steam.enable
prismlauncher.enable
lutris.enable
olympus.enable
puzzles.enable
])) -> config.info.graphical;
message = "Games cannot be enabled in a non-graphical environment";
}];
assertions = [
{
assertion =
(any id (
with cfg;
[
steam.enable
prismlauncher.enable
lutris.enable
olympus.enable
puzzles.enable
]
))
-> config.info.graphical;
message = "Games cannot be enabled in a non-graphical environment";
}
];
home.home.packages = with pkgs; [
(mkIf cfg.prismlauncher.enable cfg.prismlauncher.package)
@ -56,12 +69,14 @@ in
programs.steam = {
enable = mkAliasDefinitions opt.steam.enable;
package = cfg.steam.package.override (optionalAttrs config.modules.hardware.gpu.nvidia {
extraProfile = ''
unset VK_ICD_FILENAMES
export VK_ICD_FILENAMES=${config.hardware.nvidia.package}/share/vulkan/icd.d/nvidia_icd.json:${config.hardware.nvidia.package.lib32}/share/vulkan/icd.d/nvidia_icd32.json
'';
});
package = cfg.steam.package.override (
optionalAttrs config.modules.hardware.gpu.nvidia {
extraProfile = ''
unset VK_ICD_FILENAMES
export VK_ICD_FILENAMES=${config.hardware.nvidia.package}/share/vulkan/icd.d/nvidia_icd.json:${config.hardware.nvidia.package.lib32}/share/vulkan/icd.d/nvidia_icd32.json
'';
}
);
extraCompatPackages = with pkgs; [
proton-ge-bin
];

49
modules/modules/desktop/wm.nix
View file

@ -1,4 +1,10 @@
{ config, common, pkgs, lib, ... }:
{
config,
common,
pkgs,
lib,
...
}:
with lib;
with lib.our;
let
@ -50,29 +56,34 @@ in
'';
};
home-manager.sharedModules = [{
xsession.enable = true;
}];
environment.systemPackages = with pkgs; flatten [
(with xorg; [
xwininfo
xprop
])
xclip
xdotool
pavucontrol
common.wm.locker
home-manager.sharedModules = [
{
xsession.enable = true;
}
];
environment.systemPackages =
with pkgs;
flatten [
(with xorg; [
xwininfo
xprop
])
xclip
xdotool
pavucontrol
common.wm.locker
];
}
(mkIf cfg.qtile.enable {
services.xserver.windowManager.qtile = {
enable = true;
extraPackages = p: with p; [
qtile-extras
];
extraPackages =
p: with p; [
qtile-extras
];
};
info.env.wm = "qtile";

7
modules/modules/hardware/audio.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
with lib.our;

15
modules/modules/hardware/form.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
with lib.our;
let
@ -58,7 +63,13 @@ in
environment = {
variables.LAPTOP = "True";
systemPackages = with pkgs; [ acpi brightnessctl ] ++ optional config.powerManagement.powertop.enable pkgs.powertop;
systemPackages =
with pkgs;
[
acpi
brightnessctl
]
++ optional config.powerManagement.powertop.enable pkgs.powertop;
};
})

55
modules/modules/hardware/gpu.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
with lib.our;
let
@ -13,27 +18,39 @@ in
};
config = mkMerge [
(mkIf (any' (with cfg; [ amdgpu nvidia intel ])) {
hardware.graphics = {
enable = true;
enable32Bit = true;
(mkIf
(any' (
with cfg;
[
amdgpu
nvidia
intel
]
))
{
hardware.graphics = {
enable = true;
enable32Bit = true;
extraPackages = with pkgs; flatten [
libvdpau-va-gl
vaapiVdpau
extraPackages =
with pkgs;
flatten [
libvdpau-va-gl
vaapiVdpau
(optionals cfg.intel [
intel-compute-runtime
intel-media-driver
vaapiIntel
])
(optionals cfg.intel [
intel-compute-runtime
intel-media-driver
vaapiIntel
])
(optionals cfg.nvidia [
nvidia-vaapi-driver
])
];
};
})
(optionals cfg.nvidia [
nvidia-vaapi-driver
])
];
};
}
)
(mkIf cfg.amdgpu {
boot.initrd.kernelModules = [ "amdgpu" ];

7
modules/modules/hardware/peripherals/printing.nix
View file

@ -1,4 +1,9 @@
{ config, lib, private, ... }:
{
config,
lib,
private,
...
}:
with lib;
with lib.our;
let

7
modules/modules/hardware/peripherals/yubikey.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
with lib.our;
let

8
modules/modules/hardware/wireless.nix
View file

@ -1,4 +1,10 @@
{ config, lib, private, pkgs, ... }:
{
config,
lib,
private,
pkgs,
...
}:
with lib;
with lib.our;
let

44
modules/modules/services/apcupsd.nix
View file

@ -20,26 +20,32 @@ in
config = mkIf cfg.enable {
services.apcupsd = {
enable = true;
configText = ''
UPSNAME UPS
UPSCLASS standalone
UPSMODE disable
NETSERVER on
NISPORT ${toString port}
configText =
''
UPSNAME UPS
UPSCLASS standalone
UPSMODE disable
NETSERVER on
NISPORT ${toString port}
BATTERYLEVEL ${toString cfg.config.battery_level}
MINUTES ${toString cfg.config.minutes}
'' +
(if cfg.primary then ''
UPSTYPE usb
UPSCABLE usb
NISIP ${cfg.config.address}
'' else ''
UPSCABLE ether
UPSTYPE net
DEVICE ${cfg.config.address}:${toString port}
POLLTIME 10
'');
BATTERYLEVEL ${toString cfg.config.battery_level}
MINUTES ${toString cfg.config.minutes}
''
+ (
if cfg.primary then
''
UPSTYPE usb
UPSCABLE usb
NISIP ${cfg.config.address}
''
else
''
UPSCABLE ether
UPSTYPE net
DEVICE ${cfg.config.address}:${toString port}
POLLTIME 10
''
);
hooks = cfg.config.hooks;
};
networking.firewall.allowedTCPPorts = mkIf cfg.primary [ port ];

82
modules/vendored/factorio.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
@ -48,19 +53,25 @@ let
savePath = "${cfg.stateDir}/saves/${cfg.saveName}.zip";
mkCmd = options: toString ([
"${lib.getExe cfg.package}"
"--config=${cfg.configFile}"
(optionalString (cfg.mods != [ ]) "--mod-directory=${modDir}")
(optionalString (cfg.mods != [ ]) "--mod-directory=${modDir}")
(optionalString (cfg.mapGenSettings != { }) "--map-gen-settings=${mapGenSettingsFile}")
(optionalString (cfg.mapSettings != { }) "--map-settings=${mapSettingsFile}")
"--server-settings=${
if (cfg.extraSettingsFile != null)
then "${cfg.stateDir}/server-settings.json"
else serverSettingsFile
}"
] ++ options);
mkCmd =
options:
toString (
[
"${lib.getExe cfg.package}"
"--config=${cfg.configFile}"
(optionalString (cfg.mods != [ ]) "--mod-directory=${modDir}")
(optionalString (cfg.mods != [ ]) "--mod-directory=${modDir}")
(optionalString (cfg.mapGenSettings != { }) "--map-gen-settings=${mapGenSettingsFile}")
(optionalString (cfg.mapSettings != { }) "--map-settings=${mapSettingsFile}")
"--server-settings=${
if (cfg.extraSettingsFile != null) then
"${cfg.stateDir}/server-settings.json"
else
serverSettingsFile
}"
]
++ options
);
in
{
disabledModules = [ "services/games/factorio.nix" ];
@ -234,7 +245,9 @@ in
extraSettings = mkOption {
type = types.attrs;
default = { };
example = { admins = [ "username" ]; };
example = {
admins = [ "username" ];
};
description = lib.mdDoc ''
Extra game configuration that will go into server-settings.json
'';
@ -338,18 +351,20 @@ in
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
preStart = ''
if [[ ! -e "${savePath}" ]]; then
${mkCmd [
"--create=${savePath}"
]}
fi
'' + (optionalString (cfg.extraSettingsFile != null) ''
echo ${lib.strings.escapeShellArg serverSettingsString} \
"$(cat ${cfg.extraSettingsFile})" \
| ${lib.getExe pkgs.jq} -s add \
> ${cfg.stateDir}/server-settings.json
'');
preStart =
''
if [[ ! -e "${savePath}" ]]; then
${mkCmd [
"--create=${savePath}"
]}
fi
''
+ (optionalString (cfg.extraSettingsFile != null) ''
echo ${lib.strings.escapeShellArg serverSettingsString} \
"$(cat ${cfg.extraSettingsFile})" \
| ${lib.getExe pkgs.jq} -s add \
> ${cfg.stateDir}/server-settings.json
'');
serviceConfig = {
User = cfg.user;
@ -362,11 +377,7 @@ in
ExecStart = mkCmd [
"--port=${toString cfg.port}"
"--bind=${cfg.bind}"
(
if cfg.loadLatestSave
then "--start-server-load-latest"
else "--start-server=${savePath}"
)
(if cfg.loadLatestSave then "--start-server-load-latest" else "--start-server=${savePath}")
(optionalString (cfg.admins != [ ]) "--server-adminlist=${serverAdminsFile}")
];
@ -379,7 +390,12 @@ in
ProtectControlGroups = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" "AF_NETLINK" ];
RestrictAddressFamilies = [
"AF_UNIX"
"AF_INET"
"AF_INET6"
"AF_NETLINK"
];
RestrictRealtime = true;
RestrictNamespaces = true;
MemoryDenyWriteExecute = true;

90
modules/vendored/hydra.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with lib;
@ -16,22 +21,29 @@ let
HYDRA_DATA = "${baseDir}";
};
env = {
NIX_REMOTE = "daemon";
SSL_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt"; # Remove in 16.03
PGPASSFILE = "${baseDir}/pgpass";
NIX_REMOTE_SYSTEMS = concatStringsSep ":" cfg.buildMachinesFiles;
} // optionalAttrs (cfg.smtpHost != null) {
EMAIL_SENDER_TRANSPORT = "SMTP";
EMAIL_SENDER_TRANSPORT_host = cfg.smtpHost;
} // hydraEnv // cfg.extraEnv;
env =
{
NIX_REMOTE = "daemon";
SSL_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt"; # Remove in 16.03
PGPASSFILE = "${baseDir}/pgpass";
NIX_REMOTE_SYSTEMS = concatStringsSep ":" cfg.buildMachinesFiles;
}
// optionalAttrs (cfg.smtpHost != null) {
EMAIL_SENDER_TRANSPORT = "SMTP";
EMAIL_SENDER_TRANSPORT_host = cfg.smtpHost;
}
// hydraEnv
// cfg.extraEnv;
serverEnv = env // {
HYDRA_TRACKER = cfg.tracker;
XDG_CACHE_HOME = "${baseDir}/www/.cache";
COLUMNS = "80";
PGPASSFILE = "${baseDir}/pgpass-www"; # grrr
} // (optionalAttrs cfg.debugServer { DBIC_TRACE = "1"; });
serverEnv =
env
// {
HYDRA_TRACKER = cfg.tracker;
XDG_CACHE_HOME = "${baseDir}/www/.cache";
COLUMNS = "80";
PGPASSFILE = "${baseDir}/pgpass-www"; # grrr
}
// (optionalAttrs cfg.debugServer { DBIC_TRACE = "1"; });
localDB = "dbi:Pg:dbname=hydra;user=hydra;";
@ -39,7 +51,9 @@ let
hydra-package =
let
makeWrapperArgs = concatStringsSep " " (mapAttrsToList (key: value: "--set-default \"${key}\" \"${value}\"") hydraEnv);
makeWrapperArgs = concatStringsSep " " (
mapAttrsToList (key: value: "--set-default \"${key}\" \"${value}\"") hydraEnv
);
in
pkgs.buildEnv rec {
name = "hydra-env";
@ -236,7 +250,10 @@ in
type = types.listOf types.path;
default = optional (config.nix.buildMachines != [ ]) "/etc/nix/machines";
defaultText = literalExpression ''optional (config.nix.buildMachines != []) "/etc/nix/machines"'';
example = [ "/etc/nix/machines" "/var/lib/hydra/provisioner/machines" ];
example = [
"/etc/nix/machines"
"/var/lib/hydra/provisioner/machines"
];
description = "List of files containing build machines.";
};
@ -257,7 +274,6 @@ in
};
###### implementation
config = mkIf cfg.enable {
@ -312,7 +328,10 @@ in
use-substitutes = ${if cfg.useSubstitutes then "1" else "0"}
'';
environment.systemPackages = [ hydra-package pkgs.git ];
environment.systemPackages = [
hydra-package
pkgs.git
];
environment.variables = hydraEnv;
@ -320,7 +339,11 @@ in
{
keep-outputs = true;
keep-derivations = true;
extra-trusted-users = [ "hydra" "hydra-queue-runner" "hydra-www" ];
extra-trusted-users = [
"hydra"
"hydra-queue-runner"
"hydra-www"
];
}
(mkIf (versionOlder (getVersion config.nix.package.out) "2.4pre") {
@ -419,8 +442,17 @@ in
wantedBy = [ "multi-user.target" ];
requires = [ "hydra-init.service" ];
wants = [ "network-online.target" ];
after = [ "hydra-init.service" "network.target" ];
path = [ hydra-package pkgs.nettools pkgs.openssh pkgs.bzip2 config.nix.package ];
after = [
"hydra-init.service"
"network.target"
];
path = [
hydra-package
pkgs.nettools
pkgs.openssh
pkgs.bzip2
config.nix.package
];
restartTriggers = [ hydraConf ];
environment = env // {
PGPASSFILE = "${baseDir}/pgpass-queue-runner"; # grrr
@ -444,8 +476,16 @@ in
wantedBy = [ "multi-user.target" ];
requires = [ "hydra-init.service" ];
wants = [ "network-online.target" ];
after = [ "hydra-init.service" "network.target" "network-online.target" ];
path = with pkgs; [ hydra-package nettools jq ];
after = [
"hydra-init.service"
"network.target"
"network-online.target"
];
path = with pkgs; [
hydra-package
nettools
jq
];
restartTriggers = [ hydraConf ];
environment = env // {
HYDRA_DBI = "${env.HYDRA_DBI};application_name=hydra-evaluator";

98
modules/vendored/steam.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
let
cfg = config.programs.steam;
@ -8,7 +13,9 @@ let
steam-gamescope =
let
exports = builtins.attrValues (builtins.mapAttrs (n: v: "export ${n}=${v}") cfg.gamescopeSession.env);
exports = builtins.attrValues (
builtins.mapAttrs (n: v: "export ${n}=${v}") cfg.gamescopeSession.env
);
in
pkgs.writeShellScriptBin "steam-gamescope" ''
${builtins.concatStringsSep "\n" exports}
@ -22,7 +29,10 @@ let
Comment=A digital distribution platform
Exec=${steam-gamescope}/bin/steam-gamescope
Type=Application
'').overrideAttrs (_: { passthru.providedSessions = [ "steam" ]; });
'').overrideAttrs
(_: {
passthru.providedSessions = [ "steam" ];
});
in
{
disabledModules = [ "programs/steam.nix" ];
@ -46,29 +56,40 @@ in
];
}
'';
apply = steam: steam.override (prev: {
extraEnv = (lib.optionalAttrs (cfg.extraCompatPackages != [ ]) {
STEAM_EXTRA_COMPAT_TOOLS_PATHS = extraCompatPaths;
}) // (lib.optionalAttrs cfg.extest.enable {
LD_PRELOAD = "${pkgs.pkgsi686Linux.extest}/lib/libextest.so";
}) // (prev.extraEnv or { });
extraLibraries = pkgs:
let
prevLibs = if prev ? extraLibraries then prev.extraLibraries pkgs else [ ];
additionalLibs = with config.hardware.graphics;
if pkgs.stdenv.hostPlatform.is64bit
then [ package ] ++ extraPackages
else [ package32 ] ++ extraPackages32;
in
prevLibs ++ additionalLibs;
extraPkgs = p: (cfg.extraPackages ++ lib.optionals (prev ? extraPkgs) (prev.extraPkgs p));
} // lib.optionalAttrs (cfg.gamescopeSession.enable && gamescopeCfg.capSysNice)
{
buildFHSEnv = pkgs.buildFHSEnv.override {
# use the setuid wrapped bubblewrap
bubblewrap = "${config.security.wrapperDir}/..";
};
});
apply =
steam:
steam.override (
prev:
{
extraEnv =
(lib.optionalAttrs (cfg.extraCompatPackages != [ ]) {
STEAM_EXTRA_COMPAT_TOOLS_PATHS = extraCompatPaths;
})
// (lib.optionalAttrs cfg.extest.enable {
LD_PRELOAD = "${pkgs.pkgsi686Linux.extest}/lib/libextest.so";
})
// (prev.extraEnv or { });
extraLibraries =
pkgs:
let
prevLibs = if prev ? extraLibraries then prev.extraLibraries pkgs else [ ];
additionalLibs =
with config.hardware.graphics;
if pkgs.stdenv.hostPlatform.is64bit then
[ package ] ++ extraPackages
else
[ package32 ] ++ extraPackages32;
in
prevLibs ++ additionalLibs;
extraPkgs = p: (cfg.extraPackages ++ lib.optionals (prev ? extraPkgs) (prev.extraPkgs p));
}
// lib.optionalAttrs (cfg.gamescopeSession.enable && gamescopeCfg.capSysNice) {
buildFHSEnv = pkgs.buildFHSEnv.override {
# use the setuid wrapped bubblewrap
bubblewrap = "${config.security.wrapperDir}/..";
};
}
);
description = ''
The Steam package to use. Additional libraries are added from the system
configuration to ensure graphics work properly.
@ -201,18 +222,24 @@ in
programs.steam.extraPackages = cfg.fontPackages;
programs.gamescope.enable = lib.mkDefault cfg.gamescopeSession.enable;
services.displayManager.sessionPackages = lib.mkIf cfg.gamescopeSession.enable [ gamescopeSessionFile ];
services.displayManager.sessionPackages = lib.mkIf cfg.gamescopeSession.enable [
gamescopeSessionFile
];
# optionally enable 32bit pulseaudio support if pulseaudio is enabled
services.pulseaudio.support32Bit = config.services.pulseaudio.enable;
hardware.steam-hardware.enable = true;
home.home.packages = [
cfg.package
cfg.package.run
] ++ lib.optional cfg.gamescopeSession.enable steam-gamescope
++ lib.optional cfg.protontricks.enable (cfg.protontricks.package.override { inherit extraCompatPaths; });
home.home.packages =
[
cfg.package
cfg.package.run
]
++ lib.optional cfg.gamescopeSession.enable steam-gamescope
++ lib.optional cfg.protontricks.enable (
cfg.protontricks.package.override { inherit extraCompatPaths; }
);
networking.firewall = lib.mkMerge [
(lib.mkIf (cfg.remotePlay.openFirewall || cfg.localNetworkGameTransfers.openFirewall) {
@ -221,7 +248,12 @@ in
(lib.mkIf cfg.remotePlay.openFirewall {
allowedTCPPorts = [ 27036 ];
allowedUDPPortRanges = [{ from = 27031; to = 27035; }];
allowedUDPPortRanges = [
{
from = 27031;
to = 27035;
}
];
})
(lib.mkIf cfg.dedicatedServer.openFirewall {

29
modules/vendored/thelounge.nix
View file

@ -1,27 +1,42 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with lib;
let
cfg = config.services.thelounge;
configJsData = "module.exports = " + builtins.toJSON (
{ inherit (cfg) public port; } // cfg.extraConfig
);
configJsData =
"module.exports = " + builtins.toJSON ({ inherit (cfg) public port; } // cfg.extraConfig);
pluginManifest = {
dependencies = builtins.listToAttrs (builtins.map (pkg: { name = getName pkg; value = getVersion pkg; }) cfg.plugins);
dependencies = builtins.listToAttrs (
builtins.map (pkg: {
name = getName pkg;
value = getVersion pkg;
}) cfg.plugins
);
};
plugins = pkgs.runCommandLocal "thelounge-plugins" { } ''
mkdir -p $out/node_modules
echo ${escapeShellArg (builtins.toJSON pluginManifest)} >> $out/package.json
${concatMapStringsSep "\n" (pkg: ''
ln -s ${pkg}/lib/node_modules/${getName pkg} $out/node_modules/${getName pkg}
ln -s ${pkg}/lib/node_modules/${getName pkg} $out/node_modules/${getName pkg}
'') cfg.plugins}
'';
in
{
disabledModules = [ "services/networking/thelounge.nix" ];
imports = [ (mkRemovedOptionModule [ "services" "thelounge" "private" ] "The option was renamed to `services.thelounge.public` to follow upstream changes.") ];
imports = [
(mkRemovedOptionModule [
"services"
"thelounge"
"private"
] "The option was renamed to `services.thelounge.public` to follow upstream changes.")
];
options.services.thelounge = {
enable = mkEnableOption (lib.mdDoc "The Lounge web IRC client");

96
modules/vendored/vaultwarden.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
@ -8,17 +13,27 @@ let
group = config.users.groups.vaultwarden.name;
# Convert name from camel case (e.g. disable2FARemember) to upper case snake case (e.g. DISABLE_2FA_REMEMBER).
nameToEnvVar = name:
nameToEnvVar =
name:
let
parts = builtins.split "([A-Z0-9]+)" name;
partsToEnvVar = parts: foldl'
(key: x:
let last = stringLength key - 1; in
if isList x then key + optionalString (key != "" && substring last 1 key != "_") "_" + head x
partsToEnvVar =
parts:
foldl' (
key: x:
let
last = stringLength key - 1;
in
if isList x then
key + optionalString (key != "" && substring last 1 key != "_") "_" + head x
else if key != "" && elem (substring 0 1 x) lowerChars then # to handle e.g. [ "disable" [ "2FAR" ] "emember" ]
substring 0 last key + optionalString (substring (last - 1) 1 key != "_") "_" + substring last 1 key + toUpper x
else key + toUpper x) ""
parts;
substring 0 last key
+ optionalString (substring (last - 1) 1 key != "_") "_"
+ substring last 1 key
+ toUpper x
else
key + toUpper x
) "" parts;
in
if builtins.match "[A-Z0-9_]+" name != null then name else partsToEnvVar parts;
@ -26,17 +41,24 @@ let
# we can only check for values consistently after converting them to their corresponding environment variable name.
configEnv =
let
configEnv = concatMapAttrs
(name: value: optionalAttrs (value != null) {
configEnv = concatMapAttrs (
name: value:
optionalAttrs (value != null) {
${nameToEnvVar name} = if isBool value then boolToString value else toString value;
})
cfg.config;
}
) cfg.config;
in
{ DATA_FOLDER = cfg.dataDir; } // optionalAttrs (!(configEnv ? WEB_VAULT_ENABLED) || configEnv.WEB_VAULT_ENABLED == "true") {
{
DATA_FOLDER = cfg.dataDir;
}
// optionalAttrs (!(configEnv ? WEB_VAULT_ENABLED) || configEnv.WEB_VAULT_ENABLED == "true") {
WEB_VAULT_FOLDER = "${cfg.webVaultPackage}/share/vaultwarden/vault";
} // configEnv;
}
// configEnv;
configFile = pkgs.writeText "vaultwarden.env" (concatStrings (mapAttrsToList (name: value: "${name}=${value}\n") configEnv));
configFile = pkgs.writeText "vaultwarden.env" (
concatStrings (mapAttrsToList (name: value: "${name}=${value}\n") configEnv)
);
vaultwarden = cfg.package.override { inherit (cfg) dbBackend; };
@ -52,7 +74,11 @@ in
enable = mkEnableOption (lib.mdDoc "vaultwarden");
dbBackend = mkOption {
type = enum [ "sqlite" "mysql" "postgresql" ];
type = enum [
"sqlite"
"mysql"
"postgresql"
];
default = "sqlite";
description = lib.mdDoc ''
Which database backend vaultwarden will be using.
@ -77,7 +103,13 @@ in
};
config = mkOption {
type = attrsOf (nullOr (oneOf [ bool int str ]));
type = attrsOf (
nullOr (oneOf [
bool
int
str
])
);
default = {
ROCKET_ADDRESS = "::1"; # default to localhost
ROCKET_PORT = 8222;
@ -186,10 +218,12 @@ in
};
config = mkIf cfg.enable {
assertions = [{
assertion = cfg.backupDir != null -> cfg.dbBackend == "sqlite";
message = "Backups for database backends other than sqlite will need customization";
}];
assertions = [
{
assertion = cfg.backupDir != null -> cfg.dbBackend == "sqlite";
message = "Backups for database backends other than sqlite will need customization";
}
];
users.users.vaultwarden = {
inherit group;
@ -218,11 +252,19 @@ in
wantedBy = [ "multi-user.target" ];
};
systemd.tmpfiles.settings."10-vaultwarden" = {
${cfg.dataDir}.d = { inherit user group; mode = "0700"; };
} // optionalAttrs (cfg.backupDir != null) {
${cfg.backupDir}.d = { inherit user group; mode = "0770"; };
};
systemd.tmpfiles.settings."10-vaultwarden" =
{
${cfg.dataDir}.d = {
inherit user group;
mode = "0700";
};
}
// optionalAttrs (cfg.backupDir != null) {
${cfg.backupDir}.d = {
inherit user group;
mode = "0770";
};
};
systemd.services.backup-vaultwarden = mkIf (cfg.backupDir != null) {
aliases = [ "backup-bitwarden_rs.service" ];