Infinidoge/universe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

flake: reformat with nixfmt

Browse source
This commit is contained in:
Infinidoge 2025-01-28 20:33:04 -05:00
parent a79e641851
commit eaf4f56ac0
Signed by: Infinidoge
SSH key fingerprint: SHA256:oAMyvotlNFraMmZmr+p6AxnNfW/GioTs1pOn3V4tQ7A
117 changed files with 2667 additions and 1592 deletions
Download patch file Download diff file Expand all files Collapse all files

259
flake.nix
View file

@ -29,7 +29,10 @@
devshell.url = "github:numtide/devshell"; devshell.url = "github:numtide/devshell";
disko.url = "github:nix-community/disko/latest"; disko.url = "github:nix-community/disko/latest";
flake-parts.url = "github:hercules-ci/flake-parts"; flake-parts.url = "github:hercules-ci/flake-parts";
flake-registry = { url = "github:NixOS/flake-registry"; flake = false; }; flake-registry = {
url = "github:NixOS/flake-registry";
flake = false;
};
home-manager.url = "github:nix-community/home-manager"; home-manager.url = "github:nix-community/home-manager";
impermanence.url = "github:nix-community/impermanence"; impermanence.url = "github:nix-community/impermanence";
nix-index-database.url = "github:nix-community/nix-index-database"; nix-index-database.url = "github:nix-community/nix-index-database";
@ -56,7 +59,10 @@
conduwuit.url = "github:girlbossceo/conduwuit"; conduwuit.url = "github:girlbossceo/conduwuit";
## Vencord ## Vencord
vencord = { url = "github:Vendicated/Vencord"; flake = false; }; vencord = {
url = "github:Vendicated/Vencord";
flake = false;
};
## Qtile ## Qtile
qtile.url = "github:qtile/qtile"; qtile.url = "github:qtile/qtile";
@ -130,129 +136,146 @@
universe-cli.inputs.systems.follows = "systems"; universe-cli.inputs.systems.follows = "systems";
}; };
outputs = inputs@{ flake-parts, nixpkgs, private, ... }: flake-parts.lib.mkFlake { inherit inputs; } ({ self, lib, ... }: { outputs =
systems = [ "x86_64-linux" ]; inputs@{
flake-parts,
nixpkgs,
private,
...
}:
flake-parts.lib.mkFlake { inherit inputs; } (
{ self, lib, ... }:
{
systems = [ "x86_64-linux" ];
debug = true; debug = true;
perSystem = { pkgs, system, ... }: { perSystem =
_module.args.pkgs = import nixpkgs { { pkgs, system, ... }:
inherit system; {
config.allowUnfree = true; _module.args.pkgs = import nixpkgs {
overlays = [ inherit system;
self.overlays.overrides config.allowUnfree = true;
self.overlays.patches overlays = [
]; self.overlays.overrides
}; self.overlays.patches
];
treefmt.projectRootFile = "flake.nix";
treefmt.programs.nixfmt.enable = true;
};
flake = {
lib = import ./lib { inherit (nixpkgs) lib; };
users = self.lib.rakeLeaves ./users;
overlays = {
overrides = import ./overlays/overrides.nix inputs;
patches = import ./overlays/patches;
};
nixosConfigurations =
let
libOverlay = (lfinal: lprev: {
our = self.lib;
hm = inputs.home-manager.lib.hm;
});
in
lib.mapAttrs
(self.lib.mkHost {
specialArgs = {
lib = nixpkgs.lib.extend libOverlay;
inherit private self inputs;
}; };
modules = [ treefmt.projectRootFile = "flake.nix";
self.users.root treefmt.programs.nixfmt.enable = true;
self.users.infinidoge };
{
nixpkgs.hostPlatform = "x86_64-linux";
system.configurationRevision = lib.mkIf (self ? rev) self.rev;
nixpkgs.overlays = [
(final: prev: {
lib = prev.lib.extend libOverlay;
inherit (inputs.home-manager.packages.${prev.system}) home-manager; flake = {
}) lib = import ./lib { inherit (nixpkgs) lib; };
self.overlays.packages
self.overlays.patches
self.overlays.overrides
# --- Domain-Specific Overlays users = self.lib.rakeLeaves ./users;
inputs.agenix.overlays.default
inputs.nix-minecraft.overlay overlays = {
inputs.qtile.overlays.default overrides = import ./overlays/overrides.nix inputs;
inputs.rust-overlay.overlays.default patches = import ./overlays/patches;
inputs.universe-cli.overlays.default };
nixosConfigurations =
let
libOverlay = (
lfinal: lprev: {
our = self.lib;
hm = inputs.home-manager.lib.hm;
}
);
in
lib.mapAttrs (self.lib.mkHost {
specialArgs = {
lib = nixpkgs.lib.extend libOverlay;
inherit private self inputs;
};
modules = [
self.users.root
self.users.infinidoge
{
nixpkgs.hostPlatform = "x86_64-linux";
system.configurationRevision = lib.mkIf (self ? rev) self.rev;
nixpkgs.overlays = [
(final: prev: {
lib = prev.lib.extend libOverlay;
inherit (inputs.home-manager.packages.${prev.system}) home-manager;
})
self.overlays.packages
self.overlays.patches
self.overlays.overrides
# --- Domain-Specific Overlays
inputs.agenix.overlays.default
inputs.nix-minecraft.overlay
inputs.qtile.overlays.default
inputs.rust-overlay.overlays.default
inputs.universe-cli.overlays.default
];
home-manager = {
sharedModules = [
inputs.impermanence.nixosModules.home-manager.impermanence
inputs.nix-index-database.hmModules.nix-index
inputs.nixvim.homeManagerModules.nixvim
] ++ (self.lib.leaves ./users/modules);
};
}
# --- Universe Modules ---
./secrets
private.nixosModules.secrets
# --- Library Modules ---
inputs.agenix.nixosModules.age
inputs.disko.nixosModules.disko
inputs.home-manager.nixosModules.home-manager
inputs.impermanence.nixosModules.impermanence
inputs.nix-index-database.nixosModules.nix-index
inputs.nixos-wsl.nixosModules.wsl
# --- Domain-Specific Modules ---
inputs.authentik-nix.nixosModules.default
inputs.lix-module.nixosModules.default
inputs.hydra.nixosModules.overlayNixpkgsForThisHydra
inputs.nix-minecraft.nixosModules.minecraft-servers
] ++ (self.lib.leaves ./modules);
}) (self.lib.flattenLeaves ./hosts);
homeConfigurations = self.lib.mkHomeConfigurations {
inherit (self.nixosConfigurations)
"data.cs.purdue.edu"
vulcan
;
};
hydraJobs = {
packages = lib.mapAttrs (
_: lib.filterAttrs (n: v: v ? meta -> v.meta ? broken -> !v.meta.broken)
) self.packages;
nixosConfigurations.x86_64-linux =
lib.flip lib.genAttrs
(name: { toplevel = self.nixosConfigurations.${name}.config.system.build.toplevel; })
[
"Infini-DESKTOP"
"Infini-DL360"
"Infini-FRAMEWORK"
"Infini-OPTIPLEX"
"Infini-SERVER"
"hermes"
"hestia"
]; ];
home-manager = { };
sharedModules = [ };
inputs.impermanence.nixosModules.home-manager.impermanence
inputs.nix-index-database.hmModules.nix-index
inputs.nixvim.homeManagerModules.nixvim
] ++ (self.lib.leaves ./users/modules);
};
}
# --- Universe Modules --- imports = [
./secrets ./pkgs
private.nixosModules.secrets ./shell
./templates
# --- Library Modules --- inputs.devshell.flakeModule
inputs.agenix.nixosModules.age inputs.treefmt-nix.flakeModule
inputs.disko.nixosModules.disko
inputs.home-manager.nixosModules.home-manager
inputs.impermanence.nixosModules.impermanence
inputs.nix-index-database.nixosModules.nix-index
inputs.nixos-wsl.nixosModules.wsl
# --- Domain-Specific Modules ---
inputs.authentik-nix.nixosModules.default
inputs.lix-module.nixosModules.default
inputs.hydra.nixosModules.overlayNixpkgsForThisHydra
inputs.nix-minecraft.nixosModules.minecraft-servers
] ++ (self.lib.leaves ./modules);
})
(self.lib.flattenLeaves ./hosts);
homeConfigurations = self.lib.mkHomeConfigurations {
inherit (self.nixosConfigurations)
"data.cs.purdue.edu"
vulcan
;
};
hydraJobs = {
packages = lib.mapAttrs (_: lib.filterAttrs (n: v: v ? meta -> v.meta ? broken -> !v.meta.broken)) self.packages;
nixosConfigurations.x86_64-linux = lib.flip lib.genAttrs (name: { toplevel = self.nixosConfigurations.${name}.config.system.build.toplevel; }) [
"Infini-DESKTOP"
"Infini-DL360"
"Infini-FRAMEWORK"
"Infini-OPTIPLEX"
"Infini-SERVER"
"hermes"
"hestia"
]; ];
}; }
}; );
imports = [
./pkgs
./shell
./templates
inputs.devshell.flakeModule
inputs.treefmt-nix.flakeModule
];
});
} }

23
hosts/Infini-DESKTOP/default.nix
View file

@ -1,4 +1,10 @@
{ config, pkgs, lib, ... }: { {
config,
pkgs,
lib,
...
}:
{
imports = lib.lists.flatten [ imports = lib.lists.flatten [
./hardware-configuration.nix ./hardware-configuration.nix
./filesystems.nix ./filesystems.nix
@ -69,7 +75,6 @@
razergenie # TODO: replace with polychromatic razergenie # TODO: replace with polychromatic
]; ];
programs.ns-usbloader.enable = true; programs.ns-usbloader.enable = true;
programs.minipro.enable = true; programs.minipro.enable = true;
@ -90,11 +95,13 @@
address = [ "10.10.0.3/32" ]; address = [ "10.10.0.3/32" ];
listenPort = 51820; listenPort = 51820;
privateKeyFile = "/home/infinidoge/tmp/bb-vpn.key"; privateKeyFile = "/home/infinidoge/tmp/bb-vpn.key";
peers = [{ peers = [
publicKey = "SYpnrGvxx8l4w9c7KVRVW6GyNDr/iK+maPPMw/Ua7XY="; {
allowedIPs = [ "10.9.0.0/24" ]; publicKey = "SYpnrGvxx8l4w9c7KVRVW6GyNDr/iK+maPPMw/Ua7XY=";
endpoint = "66.23.193.252:55555"; allowedIPs = [ "10.9.0.0/24" ];
persistentKeepalive = 25; endpoint = "66.23.193.252:55555";
}]; persistentKeepalive = 25;
}
];
}; };
} }

12
hosts/Infini-DESKTOP/filesystems.nix
View file

@ -7,14 +7,22 @@ let
backup = uuid "dabfc36b-20d1-4b09-8f55-4f9df7499741"; backup = uuid "dabfc36b-20d1-4b09-8f55-4f9df7499741";
hydrus = uuid "2a025f29-4058-4a76-8f38-483f0925375d"; hydrus = uuid "2a025f29-4058-4a76-8f38-483f0925375d";
commonOptions = [ "autodefrag" "noatime" "ssd" ]; commonOptions = [
"autodefrag"
"noatime"
"ssd"
];
in in
{ {
fileSystems = { fileSystems = {
"/" = { "/" = {
device = "none"; device = "none";
fsType = "tmpfs"; fsType = "tmpfs";
options = [ "defaults" "size=28G" "mode=755" ]; options = [
"defaults"
"size=28G"
"mode=755"
];
}; };
"/media/main" = { "/media/main" = {

8
hosts/Infini-DESKTOP/hardware-configuration.nix
View file

@ -1,7 +1,13 @@
{ ... }: { ... }:
{ {
boot.initrd.availableKernelModules = [ "nvme" "ahci" "xhci_pci" "usbhid" "sd_mod" ]; boot.initrd.availableKernelModules = [
"nvme"
"ahci"
"xhci_pci"
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];

12
hosts/Infini-DL360/authentik.nix
View file

@ -1,4 +1,9 @@
{ config, common, secrets, ... }: {
config,
common,
secrets,
...
}:
let let
domain = common.subdomain "auth"; domain = common.subdomain "auth";
ldap = common.subdomain "ldap"; ldap = common.subdomain "ldap";
@ -32,7 +37,10 @@ in
environmentFile = secrets.authentik-ldap; environmentFile = secrets.authentik-ldap;
}; };
networking.firewall.allowedTCPPorts = [ 3389 6636 ]; networking.firewall.allowedTCPPorts = [
3389
6636
];
security.acme.certs.${ldap} = { security.acme.certs.${ldap} = {
group = "nginx"; group = "nginx";

7
hosts/Infini-DL360/conduwuit.nix
View file

@ -1,4 +1,9 @@
{ config, common, inputs, ... }: {
config,
common,
inputs,
...
}:
let let
domain = common.subdomain "matrix"; domain = common.subdomain "matrix";
cfg = config.services.conduwuit; cfg = config.services.conduwuit;

85
hosts/Infini-DL360/default.nix
View file

@ -1,4 +1,11 @@
{ config, lib, pkgs, private, ... }: { {
config,
lib,
pkgs,
private,
...
}:
{
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./disks.nix ./disks.nix
@ -57,19 +64,39 @@
networking = { networking = {
firewall = { firewall = {
allowedUDPPorts = [ 80 443 ]; allowedUDPPorts = [
allowedTCPPorts = [ 80 443 25565 ]; 80
443
];
allowedTCPPorts = [
80
443
25565
];
}; };
bridges = { bridges = {
br0 = { br0 = {
interfaces = [ "eno1" "eno2" "eno3" "eno4" ]; interfaces = [
"eno1"
"eno2"
"eno3"
"eno4"
];
}; };
}; };
interfaces.br0.ipv4.addresses = [{ address = "192.168.137.11"; prefixLength = 24; }]; interfaces.br0.ipv4.addresses = [
{
address = "192.168.137.11";
prefixLength = 24;
}
];
dhcpcd.denyInterfaces = [ "eno*" ]; dhcpcd.denyInterfaces = [ "eno*" ];
defaultGateway = { address = "192.168.137.1"; interface = "br0"; }; defaultGateway = {
address = "192.168.137.1";
interface = "br0";
};
nat = { nat = {
enable = true; enable = true;
@ -89,10 +116,12 @@
services.fail2ban.enable = true; services.fail2ban.enable = true;
environment.etc."fail2ban/filter.d/nginx-url-probe.local".text = lib.mkDefault (lib.mkAfter '' environment.etc."fail2ban/filter.d/nginx-url-probe.local".text = lib.mkDefault (
[Definition] lib.mkAfter ''
failregex = ^<HOST>.*GET.*(\.php|admin|wp\-).* HTTP/\d.\d\" 404.*$ [Definition]
''); failregex = ^<HOST>.*GET.*(\.php|admin|wp\-).* HTTP/\d.\d\" 404.*$
''
);
services.fail2ban.jails.nginx-url-probe.settings = { services.fail2ban.jails.nginx-url-probe.settings = {
enabled = true; enabled = true;
@ -127,22 +156,26 @@
services.minecraft-servers.servers.emd-server.autoStart = lib.mkForce false; services.minecraft-servers.servers.emd-server.autoStart = lib.mkForce false;
services.borgbackup.jobs."persist" = let tmux = lib.getExe pkgs.tmux; in { services.borgbackup.jobs."persist" =
preHook = '' let
${tmux} -S /run/minecraft/friend-server.sock send-keys "say Server is backing up..." Enter tmux = lib.getExe pkgs.tmux;
${tmux} -S /run/minecraft/friend-server.sock send-keys save-off Enter in
${tmux} -S /run/minecraft/friend-server.sock send-keys save-all Enter {
${tmux} -S /run/minecraft/sister-server.sock send-keys "say Server is backing up..." Enter preHook = ''
${tmux} -S /run/minecraft/sister-server.sock send-keys save-off Enter ${tmux} -S /run/minecraft/friend-server.sock send-keys "say Server is backing up..." Enter
${tmux} -S /run/minecraft/sister-server.sock send-keys save-all Enter ${tmux} -S /run/minecraft/friend-server.sock send-keys save-off Enter
''; ${tmux} -S /run/minecraft/friend-server.sock send-keys save-all Enter
postHook = '' ${tmux} -S /run/minecraft/sister-server.sock send-keys "say Server is backing up..." Enter
${tmux} -S /run/minecraft/friend-server.sock send-keys save-on Enter ${tmux} -S /run/minecraft/sister-server.sock send-keys save-off Enter
${tmux} -S /run/minecraft/friend-server.sock send-keys "say Backup complete" Enter ${tmux} -S /run/minecraft/sister-server.sock send-keys save-all Enter
${tmux} -S /run/minecraft/sister-server.sock send-keys save-on Enter '';
${tmux} -S /run/minecraft/sister-server.sock send-keys "say Backup complete" Enter postHook = ''
''; ${tmux} -S /run/minecraft/friend-server.sock send-keys save-on Enter
}; ${tmux} -S /run/minecraft/friend-server.sock send-keys "say Backup complete" Enter
${tmux} -S /run/minecraft/sister-server.sock send-keys save-on Enter
${tmux} -S /run/minecraft/sister-server.sock send-keys "say Backup complete" Enter
'';
};
systemd.services.setup-infiniband = { systemd.services.setup-infiniband = {
wantedBy = [ "network.target" ]; wantedBy = [ "network.target" ];

5
hosts/Infini-DL360/disks.nix
View file

@ -3,7 +3,10 @@ with lib.our.disko;
{ {
boot.kernelPackages = pkgs.linuxPackages; boot.kernelPackages = pkgs.linuxPackages;
boot.zfs.extraPools = [ "zssd" "zhdd" ]; boot.zfs.extraPools = [
"zssd"
"zhdd"
];
disko.devices = { disko.devices = {
nodev."/" = mkTmpfs "64G"; nodev."/" = mkTmpfs "64G";

8
hosts/Infini-DL360/forgejo.nix
View file

@ -1,4 +1,10 @@
{ config, common, secrets, pkgs, ... }: {
config,
common,
secrets,
pkgs,
...
}:
let let
cfg = config.services.forgejo; cfg = config.services.forgejo;
domain = common.subdomain "git"; domain = common.subdomain "git";

14
hosts/Infini-DL360/hardware-configuration.nix
View file

@ -5,12 +5,22 @@
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "uhci_hcd" "hpsa" "usb_storage" "sd_mod" ]; boot.initrd.availableKernelModules = [
"xhci_pci"
"ehci_pci"
"uhci_hcd"
"hpsa"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
boot.kernelParams = [ "boot.shell_on_fail" ]; boot.kernelParams = [ "boot.shell_on_fail" ];
boot.supportedFilesystems = [ "btrfs" "zfs" ]; boot.supportedFilesystems = [
"btrfs"
"zfs"
];
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
info.model = "HPE ProLiant DL360 Gen 9"; info.model = "HPE ProLiant DL360 Gen 9";

12
hosts/Infini-DL360/hedgedoc.nix
View file

@ -1,4 +1,9 @@
{ config, common, secrets, ... }: {
config,
common,
secrets,
...
}:
let let
cfg = config.services.hedgedoc; cfg = config.services.hedgedoc;
domain = common.subdomain "md"; domain = common.subdomain "md";
@ -12,7 +17,10 @@ in
protocolUseSSL = true; protocolUseSSL = true;
port = 4003; port = 4003;
db = { dialect = "sqlite"; storage = "/srv/hedgedoc/db.sqlite"; }; db = {
dialect = "sqlite";
storage = "/srv/hedgedoc/db.sqlite";
};
uploadsPath = "/srv/hedgedoc/uploads"; uploadsPath = "/srv/hedgedoc/uploads";
allowFreeURL = true; allowFreeURL = true;

15
hosts/Infini-DL360/hydra.nix
View file

@ -1,4 +1,10 @@
{ config, common, secrets, pkgs, ... }: {
config,
common,
secrets,
pkgs,
...
}:
let let
domain = common.subdomain "hydra"; domain = common.subdomain "hydra";
in in
@ -61,7 +67,12 @@ in
{ {
hostName = "localhost"; hostName = "localhost";
system = "x86_64-linux"; system = "x86_64-linux";
supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ]; supportedFeatures = [
"kvm"
"nixos-test"
"big-parallel"
"benchmark"
];
protocol = null; protocol = null;
maxJobs = 32; maxJobs = 32;
speedFactor = 16; speedFactor = 16;

7
hosts/Infini-DL360/immich.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, common, ... }: {
config,
pkgs,
common,
...
}:
let let
domain = common.subdomain "photos"; domain = common.subdomain "photos";
cfg = config.services.immich; cfg = config.services.immich;

14
hosts/Infini-DL360/jellyfin.nix
View file

@ -25,9 +25,11 @@ in
locations."/" = { locations."/" = {
proxyPass = jellyfin; proxyPass = jellyfin;
recommendedProxySettings = false; recommendedProxySettings = false;
extraConfig = proxyConfig + '' extraConfig =
proxy_buffering off; proxyConfig
''; + ''
proxy_buffering off;
'';
}; };
locations."= /web/" = { locations."= /web/" = {
@ -51,5 +53,9 @@ in
openFirewall = true; openFirewall = true;
}; };
persist.directories = with config.services.jellyfin; [ dataDir cacheDir logDir ]; persist.directories = with config.services.jellyfin; [
dataDir
cacheDir
logDir
];
} }

55
hosts/Infini-DL360/jupyter.nix
View file

@ -1,11 +1,22 @@
{ config, common, pkgs, ... }: {
config,
common,
pkgs,
...
}:
let let
cfg = config.services.jupyter; cfg = config.services.jupyter;
mkPythonKernel = displayName: env: { mkPythonKernel = displayName: env: {
inherit displayName; inherit displayName;
language = "python"; language = "python";
argv = [ "${env.interpreter}" "-m" "ipykernel_launcher" "-f" "{connection_file}" ]; argv = [
"${env.interpreter}"
"-m"
"ipykernel_launcher"
"-f"
"{connection_file}"
];
logo32 = "${env}/${env.sitePackages}/ipykernel/resources/logo-32x32.png"; logo32 = "${env}/${env.sitePackages}/ipykernel/resources/logo-32x32.png";
logo64 = "${env}/${env.sitePackages}/ipykernel/resources/logo-64x64.png"; logo64 = "${env}/${env.sitePackages}/ipykernel/resources/logo-64x64.png";
}; };
@ -59,24 +70,32 @@ in
notebookDir = "~/Notebooks"; notebookDir = "~/Notebooks";
kernels = { kernels = {
python3 = mkPythonKernel "Python 3" (pkgs.python3.withPackages (p: with p; [ python3 = mkPythonKernel "Python 3" (
ipykernel pkgs.python3.withPackages (
p: with p; [
ipykernel
matplotlib matplotlib
numpy numpy
pandas pandas
scipy scipy
])); ]
vpython = mkPythonKernel "VPython" (pkgs.python3.withPackages (p: with p; [ )
ipykernel );
jupyterlab-vpython vpython = mkPythonKernel "VPython" (
pkgs.python3.withPackages (
p: with p; [
ipykernel
jupyterlab-vpython
vpython-jupyter vpython-jupyter
matplotlib matplotlib
numpy numpy
pandas pandas
scipy scipy
])); ]
)
);
}; };
}; };

8
hosts/Infini-DL360/postgresql.nix
View file

@ -4,7 +4,13 @@ let
directory = "/srv/postgresql"; directory = "/srv/postgresql";
in in
{ {
persist.directories = [{ inherit directory; user = "postgres"; group = "postgres"; }]; persist.directories = [
{
inherit directory;
user = "postgres";
group = "postgres";
}
];
services.postgresql = { services.postgresql = {
enable = true; enable = true;

7
hosts/Infini-DL360/searx.nix
View file

@ -1,4 +1,9 @@
{ config, common, secrets, ... }: {
config,
common,
secrets,
...
}:
let let
cfg = config.services.searx; cfg = config.services.searx;
domain = common.subdomain "search"; domain = common.subdomain "search";

11
hosts/Infini-DL360/ssh.nix
View file

@ -50,8 +50,15 @@ in
security.pam.services.sshd.allowNullPassword = true; security.pam.services.sshd.allowNullPassword = true;
systemd.tmpfiles.settings."30-external" = { systemd.tmpfiles.settings."30-external" = {
"/srv/external".d = { user = "root"; group = "root"; }; "/srv/external".d = {
"/srv/external/incoming".d = { user = "incoming"; group = "incoming"; mode = "0770"; }; user = "root";
group = "root";
};
"/srv/external/incoming".d = {
user = "incoming";
group = "incoming";
mode = "0770";
};
}; };
# https://enotacoes.wordpress.com/2021/10/05/limiting-user-to-sshfs-or-sftp-of-one-directory-only/ # https://enotacoes.wordpress.com/2021/10/05/limiting-user-to-sshfs-or-sftp-of-one-directory-only/

7
hosts/Infini-DL360/thelounge.nix
View file

@ -1,4 +1,9 @@
{ config, common, pkgs, ... }: {
config,
common,
pkgs,
...
}:
{ {
services.nginx.virtualHosts."thelounge.inx.moe" = common.nginx.ssl // { services.nginx.virtualHosts."thelounge.inx.moe" = common.nginx.ssl // {

8
hosts/Infini-DL360/torrenting.nix
View file

@ -1,4 +1,10 @@
{ pkgs, private, config, lib, ... }: {
pkgs,
private,
config,
lib,
...
}:
{ {
containers.torrenting = { containers.torrenting = {

9
hosts/Infini-DL360/vaultwarden.nix
View file

@ -1,4 +1,11 @@
{ config, common, secrets, lib, pkgs, ... }: {
config,
common,
secrets,
lib,
pkgs,
...
}:
let let
domain = common.subdomain "bitwarden"; domain = common.subdomain "bitwarden";
in in

117
hosts/Infini-DL360/web.nix
View file

@ -1,4 +1,10 @@
{ config, common, pkgs, lib, ... }: {
config,
common,
pkgs,
lib,
...
}:
let let
inherit (common.nginx) ssl ssl-optional; inherit (common.nginx) ssl ssl-optional;
@ -14,21 +20,23 @@ let
location ~ "/\..+" { deny all; } location ~ "/\..+" { deny all; }
''; '';
mkWebsite = name: ssl // { mkWebsite =
locations."/" = { name:
root = "/srv/web/${name}"; ssl
inherit tryFiles; // {
extraConfig = websiteConfig; locations."/" = {
root = "/srv/web/${name}";
inherit tryFiles;
extraConfig = websiteConfig;
};
}; };
};
mkRedirect = from: to: ssl-optional // { globalRedirect = to; }; mkRedirect = from: to: ssl-optional // { globalRedirect = to; };
websites = lib.genAttrs [ websites = lib.genAttrs [
"inx.moe" "inx.moe"
"stickers.inx.moe" "stickers.inx.moe"
] ] mkWebsite;
mkWebsite;
redirects = lib.mapAttrs mkRedirect { redirects = lib.mapAttrs mkRedirect {
"nitter.inx.moe" = "twitter.com"; "nitter.inx.moe" = "twitter.com";
@ -44,52 +52,55 @@ in
} }
''; '';
services.nginx.virtualHosts = websites // redirects // { services.nginx.virtualHosts =
"j.inx.moe" = ssl-optional // { websites
locations."/" = { // redirects
return = "302 $jump_link"; // {
"j.inx.moe" = ssl-optional // {
locations."/" = {
return = "302 $jump_link";
};
};
"blahaj.inx.moe" = ssl-optional // {
locations."/" = {
tryFiles = "/Blahaj.png =404";
root = ./static;
};
locations."/buy" = {
return = "301 https://www.ikea.com/us/en/p/blahaj-soft-toy-shark-90373590/";
};
};
"swedish.fish" = ssl-optional // {
locations."/" = {
tryFiles = "/Blahaj.png =404";
root = ./static;
};
locations."/buy" = {
return = "301 https://www.ikea.com/us/en/p/blahaj-soft-toy-shark-90373590/";
};
};
"files.inx.moe" = ssl // {
locations."/" = {
root = "/srv/web/files.inx.moe";
extraConfig = ''
autoindex on;
'';
};
locations."/p/" = {
root = "/srv/web/files.inx.moe";
};
};
"old.inx.moe" = ssl-optional // {
locations."/" = {
root = "/srv/web/inx.moe";
inherit tryFiles;
extraConfig = websiteConfig;
};
};
"foxy.software" = ssl-optional // {
locations."/".return = "301 https://inx.moe";
}; };
}; };
"blahaj.inx.moe" = ssl-optional // {
locations."/" = {
tryFiles = "/Blahaj.png =404";
root = ./static;
};
locations."/buy" = {
return = "301 https://www.ikea.com/us/en/p/blahaj-soft-toy-shark-90373590/";
};
};
"swedish.fish" = ssl-optional // {
locations."/" = {
tryFiles = "/Blahaj.png =404";
root = ./static;
};
locations."/buy" = {
return = "301 https://www.ikea.com/us/en/p/blahaj-soft-toy-shark-90373590/";
};
};
"files.inx.moe" = ssl // {
locations."/" = {
root = "/srv/web/files.inx.moe";
extraConfig = ''
autoindex on;
'';
};
locations."/p/" = {
root = "/srv/web/files.inx.moe";
};
};
"old.inx.moe" = ssl-optional // {
locations."/" = {
root = "/srv/web/inx.moe";
inherit tryFiles;
extraConfig = websiteConfig;
};
};
"foxy.software" = ssl-optional // {
locations."/".return = "301 https://inx.moe";
};
};
services.uwsgi = { services.uwsgi = {
enable = true; enable = true;

64
hosts/Infini-FRAMEWORK/default.nix
View file

@ -1,4 +1,10 @@
{ config, pkgs, lib, ... }: { {
config,
pkgs,
lib,
...
}:
{
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./filesystems.nix ./filesystems.nix
@ -11,7 +17,10 @@
persist = { persist = {
directories = [ directories = [
{ directory = "/var/lib/dnsmasq/"; user = "dnsmasq"; } {
directory = "/var/lib/dnsmasq/";
user = "dnsmasq";
}
]; ];
files = [ files = [
@ -82,7 +91,10 @@
"sys-devices-pci0000:00-0000:00:02.0-drm-card0-card0\\x2deDP\\x2d1-intel_backlight.device" "sys-devices-pci0000:00-0000:00:02.0-drm-card0-card0\\x2deDP\\x2d1-intel_backlight.device"
"sys-devices-pci0000:00-0000:00:02.0-drm-card1-card1\\x2deDP\\x2d1-intel_backlight.device" "sys-devices-pci0000:00-0000:00:02.0-drm-card1-card1\\x2deDP\\x2d1-intel_backlight.device"
]; ];
after = [ "system-systemd\\x2dbacklight.slice" "systemd-backlight@backlight:intel_backlight.service" ]; after = [
"system-systemd\\x2dbacklight.slice"
"systemd-backlight@backlight:intel_backlight.service"
];
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";
script = "${lib.getExe pkgs.brightnessctl} set 50%"; script = "${lib.getExe pkgs.brightnessctl} set 50%";
}; };
@ -99,8 +111,16 @@
#} #}
{ {
hostName = "infini-dl360"; hostName = "infini-dl360";
systems = [ "x86_64-linux" "aarch64-linux" ]; systems = [
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ]; "x86_64-linux"
"aarch64-linux"
];
supportedFeatures = [
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
];
protocol = "ssh-ng"; protocol = "ssh-ng";
maxJobs = 32; maxJobs = 32;
speedFactor = 16; speedFactor = 16;
@ -114,26 +134,33 @@
address = [ "10.10.0.3/32" ]; address = [ "10.10.0.3/32" ];
listenPort = 51820; listenPort = 51820;
privateKeyFile = "/home/infinidoge/tmp/bb-vpn.key"; privateKeyFile = "/home/infinidoge/tmp/bb-vpn.key";
peers = [{ peers = [
publicKey = "SYpnrGvxx8l4w9c7KVRVW6GyNDr/iK+maPPMw/Ua7XY="; {
allowedIPs = [ "10.9.0.0/24" ]; publicKey = "SYpnrGvxx8l4w9c7KVRVW6GyNDr/iK+maPPMw/Ua7XY=";
endpoint = "66.23.193.252:55555"; allowedIPs = [ "10.9.0.0/24" ];
persistentKeepalive = 25; endpoint = "66.23.193.252:55555";
}]; persistentKeepalive = 25;
}
];
}; };
specialisation.router.configuration = { specialisation.router.configuration = {
networking = { networking = {
interfaces."enp0s13f0u1" = { interfaces."enp0s13f0u1" = {
ipv4.addresses = [{ ipv4.addresses = [
address = "192.168.100.1"; {
prefixLength = 24; address = "192.168.100.1";
}]; prefixLength = 24;
}
];
}; };
firewall.interfaces."enp0s13f0u1" = { firewall.interfaces."enp0s13f0u1" = {
allowedTCPPorts = [ 53 ]; allowedTCPPorts = [ 53 ];
allowedUDPPorts = [ 53 67 ]; allowedUDPPorts = [
53
67
];
}; };
nat = { nat = {
@ -146,7 +173,10 @@
services.dnsmasq = { services.dnsmasq = {
enable = true; enable = true;
settings = { settings = {
server = [ "8.8.8.8" "1.1.1.1" ]; server = [
"8.8.8.8"
"1.1.1.1"
];
domain-needed = true; domain-needed = true;
bogus-priv = true; bogus-priv = true;
no-resolv = true; no-resolv = true;

103
hosts/Infini-FRAMEWORK/displays.nix
View file

@ -13,12 +13,26 @@ in
services.autorandr.profiles = services.autorandr.profiles =
let let
scale = { x = scaleFactor'; y = scaleFactor'; }; scale = {
x = scaleFactor';
y = scaleFactor';
};
config = { config = {
framework = { mode = "2256x1504"; primary = true; inherit scale; }; framework = {
portable-second = { mode = "1920x1080"; rotate = "left"; }; mode = "2256x1504";
dock = { mode = "1280x1024"; }; primary = true;
dorm = { mode = "1920x1080"; }; inherit scale;
};
portable-second = {
mode = "1920x1080";
rotate = "left";
};
dock = {
mode = "1280x1024";
};
dorm = {
mode = "1920x1080";
};
}; };
fingerprints = { fingerprints = {
framework = "00ffffffffffff0009e5ca0b000000002f200104a51c137803de50a3544c99260f505400000001010101010101010101010101010101115cd01881e02d50302036001dbe1000001aa749d01881e02d50302036001dbe1000001a000000fe00424f452043510a202020202020000000fe004e4531333546424d2d4e34310a0073"; framework = "00ffffffffffff0009e5ca0b000000002f200104a51c137803de50a3544c99260f505400000001010101010101010101010101010101115cd01881e02d50302036001dbe1000001aa749d01881e02d50302036001dbe1000001a000000fe00424f452043510a202020202020000000fe004e4531333546424d2d4e34310a0073";
@ -32,30 +46,57 @@ in
config = lib.mapAttrs (_: v: lib.removeAttrs v [ "fingerprint" ]) config; config = lib.mapAttrs (_: v: lib.removeAttrs v [ "fingerprint" ]) config;
}; };
in in
lib.mapAttrs (_: mkConfig) (with config'; { lib.mapAttrs (_: mkConfig) (
main = { with config';
eDP-1 = framework // { position = "0x0"; }; {
}; main = {
portable-second = { eDP-1 = framework // {
eDP-1 = framework // { position = "1080x716"; }; position = "0x0";
DP-4 = portable-second // { position = "0x0"; }; };
}; };
docked = { portable-second = {
eDP-1 = framework // { position = "0x210"; }; eDP-1 = framework // {
DP-1-3 = dock // { position = "1805x0"; }; position = "1080x716";
}; };
docked-alt = { DP-4 = portable-second // {
eDP-1 = framework // { position = "1080x716"; }; position = "0x0";
DP-4 = portable-second // { position = "0x0"; }; };
DP-1-3 = dock // { position = "2885x506"; }; };
}; docked = {
dorm = { eDP-1 = framework // {
eDP-1 = framework // { position = "1920x0"; }; position = "0x210";
DP-4 = dorm // { position = "0x0"; }; };
}; DP-1-3 = dock // {
dorm-2 = { position = "1805x0";
eDP-1 = framework // { position = "1920x0"; }; };
DP-3 = dorm // { position = "0x0"; }; };
}; docked-alt = {
}); eDP-1 = framework // {
position = "1080x716";
};
DP-4 = portable-second // {
position = "0x0";
};
DP-1-3 = dock // {
position = "2885x506";
};
};
dorm = {
eDP-1 = framework // {
position = "1920x0";
};
DP-4 = dorm // {
position = "0x0";
};
};
dorm-2 = {
eDP-1 = framework // {
position = "1920x0";
};
DP-3 = dorm // {
position = "0x0";
};
};
}
);
} }

8
hosts/Infini-FRAMEWORK/hardware-configuration.nix
View file

@ -1,7 +1,13 @@
{ lib, ... }: { lib, ... }:
{ {
boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ]; boot.initrd.availableKernelModules = [
"xhci_pci"
"thunderbolt"
"nvme"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];

3
hosts/Infini-OPTIPLEX/default.nix
View file

@ -1,4 +1,5 @@
{ ... }: { { ... }:
{
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./filesystems.nix ./filesystems.nix

13
hosts/Infini-OPTIPLEX/filesystems.nix
View file

@ -3,7 +3,12 @@ let
uuid = uuid: "/dev/disk/by-uuid/${uuid}"; uuid = uuid: "/dev/disk/by-uuid/${uuid}";
main = uuid "9d4bf2d8-f139-42e7-937a-541a7870d806"; main = uuid "9d4bf2d8-f139-42e7-937a-541a7870d806";
data = uuid "456cebd3-f800-4733-a783-90ed7c8978f7"; data = uuid "456cebd3-f800-4733-a783-90ed7c8978f7";
commonOptions = [ "autodefrag" "noatime" "ssd" "compress=zstd:1" ]; commonOptions = [
"autodefrag"
"noatime"
"ssd"
"compress=zstd:1"
];
mkMain' = options: { mkMain' = options: {
device = main; device = main;
@ -26,7 +31,11 @@ in
"/" = { "/" = {
device = "none"; device = "none";
fsType = "tmpfs"; fsType = "tmpfs";
options = [ "defaults" "size=16G" "mode=755" ]; options = [
"defaults"
"size=16G"
"mode=755"
];
}; };
"/media/main" = mkMain' [ ]; "/media/main" = mkMain' [ ];

9
hosts/Infini-OPTIPLEX/hardware-configuration.nix
View file

@ -1,7 +1,14 @@
{ lib, ... }: { lib, ... }:
{ {
boot.initrd.availableKernelModules = [ "ahci" "nvme" "sd_mod" "usb_storage" "usbhid" "xhci_pci" ]; boot.initrd.availableKernelModules = [
"ahci"
"nvme"
"sd_mod"
"usb_storage"
"usbhid"
"xhci_pci"
];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];

18
hosts/Infini-RASPBERRY/default.nix
View file

@ -1,4 +1,10 @@
{ inputs, config, lib, pkgs, ... }: {
inputs,
config,
lib,
pkgs,
...
}:
with lib; with lib;
{ {
imports = [ imports = [
@ -13,8 +19,7 @@ with lib;
nixpkgs.overlays = [ nixpkgs.overlays = [
(final: super: { (final: super: {
makeModulesClosure = x: makeModulesClosure = x: super.makeModulesClosure (x // { allowMissing = true; });
super.makeModulesClosure (x // { allowMissing = true; });
}) })
]; ];
@ -31,7 +36,12 @@ with lib;
kernelPackages = mkForce pkgs.linuxPackages_rpi4; kernelPackages = mkForce pkgs.linuxPackages_rpi4;
# Removes ZFS >:( # Removes ZFS >:(
supportedFilesystems = mkForce [ "btrfs" "ntfs" "vfat" "ext4" ]; supportedFilesystems = mkForce [
"btrfs"
"ntfs"
"vfat"
"ext4"
];
tmp.useTmpfs = true; tmp.useTmpfs = true;
# kernelParams = [ # kernelParams = [

14
hosts/Infini-RASPBERRY/sd-image.nix
View file

@ -1,4 +1,10 @@
{ modulesPath, config, lib, pkgs, ... }: {
modulesPath,
config,
lib,
pkgs,
...
}:
{ {
#formatAttr = "sdImage"; #formatAttr = "sdImage";
@ -18,7 +24,11 @@
# The serial ports listed here are: # The serial ports listed here are:
# - ttyS0: for Tegra (Jetson TX1) # - ttyS0: for Tegra (Jetson TX1)
# - ttyAMA0: for QEMU's -machine virt # - ttyAMA0: for QEMU's -machine virt
boot.kernelParams = [ "console=ttyS0,115200n8" "console=ttyAMA0,115200n8" "console=tty0" ]; boot.kernelParams = [
"console=ttyS0,115200n8"
"console=ttyAMA0,115200n8"
"console=tty0"
];
#sdImage = { #sdImage = {
# populateFirmwareCommands = # populateFirmwareCommands =

13
hosts/Infini-SD/default.nix
View file

@ -1,4 +1,5 @@
{ pkgs, ... }: { { pkgs, ... }:
{
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./filesystems.nix ./filesystems.nix
@ -20,10 +21,12 @@
networking = { networking = {
interfaces.eno4 = { interfaces.eno4 = {
ipv4.addresses = [{ ipv4.addresses = [
address = "128.210.6.109"; {
prefixLength = 28; address = "128.210.6.109";
}]; prefixLength = 28;
}
];
}; };
defaultGateway = { defaultGateway = {
address = "128.210.6.97"; address = "128.210.6.97";

12
hosts/Infini-SD/filesystems.nix
View file

@ -3,7 +3,11 @@
let let
uuid = uuid: "/dev/disk/by-uuid/${uuid}"; uuid = uuid: "/dev/disk/by-uuid/${uuid}";
main = uuid "527062b3-7a48-4456-8527-30887c6e9f52"; main = uuid "527062b3-7a48-4456-8527-30887c6e9f52";
commonOptions = [ "autodefrag" "noatime" "compress-force=zstd:1" ]; commonOptions = [
"autodefrag"
"noatime"
"compress-force=zstd:1"
];
mkMain' = options: { mkMain' = options: {
device = main; device = main;
@ -17,7 +21,11 @@ in
"/" = { "/" = {
device = "none"; device = "none";
fsType = "tmpfs"; fsType = "tmpfs";
options = [ "defaults" "size=64G" "mode=755" ]; options = [
"defaults"
"size=64G"
"mode=755"
];
}; };
"/media/main" = mkMain' [ ]; "/media/main" = mkMain' [ ];

19
hosts/Infini-SD/hardware-configuration.nix
View file

@ -5,12 +5,25 @@
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "ahci" "usbhid" "sd_mod" ]; boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"thunderbolt"
"ahci"
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = [ "usb_storage" ]; boot.initrd.kernelModules = [ "usb_storage" ];
boot.kernelModules = [ "kvm-amd" "kvm-intel" ]; boot.kernelModules = [
"kvm-amd"
"kvm-intel"
];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
boot.kernelParams = [ "boot.shell_on_fail" ]; boot.kernelParams = [ "boot.shell_on_fail" ];
boot.supportedFilesystems = [ "btrfs" "zfs" ]; boot.supportedFilesystems = [
"btrfs"
"zfs"
];
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
info.model = "SD Card Installation"; info.model = "SD Card Installation";

3
hosts/Infini-SERVER/default.nix
View file

@ -1,4 +1,5 @@
{ ... }: { { ... }:
{
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./filesystems.nix ./filesystems.nix

12
hosts/Infini-SERVER/filesystems.nix
View file

@ -7,7 +7,11 @@ let
esp = uuid "A2B8-4C6E"; esp = uuid "A2B8-4C6E";
data = uuid "59abb0ff-fe4e-4061-87d2-b728b937656a"; data = uuid "59abb0ff-fe4e-4061-87d2-b728b937656a";
commonOptions = [ "autodefrag" "noatime" "ssd" ]; commonOptions = [
"autodefrag"
"noatime"
"ssd"
];
in in
{ {
@ -15,7 +19,11 @@ in
"/" = { "/" = {
device = "tmpfs"; device = "tmpfs";
fsType = "tmpfs"; fsType = "tmpfs";
options = [ "defaults" "size=4G" "mode=755" ]; options = [
"defaults"
"size=4G"
"mode=755"
];
}; };
"/media/main" = { "/media/main" = {

14
hosts/Infini-SERVER/hardware-configuration.nix
View file

@ -1,9 +1,19 @@
{ lib, ... }: { lib, ... }:
{ {
boot.initrd.availableKernelModules = [ "nvme" "usb_storage" "xhci_pci" "ahci" "usbhid" "sd_mod" ]; boot.initrd.availableKernelModules = [
"nvme"
"usb_storage"
"xhci_pci"
"ahci"
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" "kvm-intel" ]; boot.kernelModules = [
"kvm-amd"
"kvm-intel"
];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";

13
hosts/Infini-SWIFT/hardware-configuration.nix
View file

@ -1,12 +1,15 @@
{ lib, modulesPath, ... }: { lib, modulesPath, ... }:
{ {
imports = imports = [
[ (modulesPath + "/installer/scan/not-detected.nix")
(modulesPath + "/installer/scan/not-detected.nix") ];
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" ]; boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];

73
hosts/data.cs.purdue.edu/default.nix
View file

@ -1,4 +1,10 @@
{ private, config, lib, pkgs, ... }: {
private,
config,
lib,
pkgs,
...
}:
{ {
modules.hardware.form.server = true; modules.hardware.form.server = true;
@ -14,40 +20,45 @@
home-manager.useUserPackages = false; home-manager.useUserPackages = false;
home = { main, config, ... }: { home =
home = { { main, config, ... }:
username = lib.mkForce private.variables.purdue-username; {
home = {
username = lib.mkForce private.variables.purdue-username;
packages = with pkgs; [ packages =
home-manager with pkgs;
] ++ main.universe.packages; [
home-manager
]
++ main.universe.packages;
inherit (main.universe) shellAliases; inherit (main.universe) shellAliases;
sessionVariables = { sessionVariables = {
TMPDIR = "${config.home.homeDirectory}/scratch/tmp"; TMPDIR = "${config.home.homeDirectory}/scratch/tmp";
UNIVERSE_FLAKE_ROOT = "${config.home.homeDirectory}/universe"; UNIVERSE_FLAKE_ROOT = "${config.home.homeDirectory}/universe";
UNIVERSE_USERNAME = main.user.name; UNIVERSE_USERNAME = main.user.name;
SHELL = "zsh"; SHELL = "zsh";
};
file.".profile".target = ".profile-hm";
homeDirectory = lib.mkForce "/homes/${config.home.username}";
}; };
file.".profile".target = ".profile-hm"; nix.settings = {
inherit (main.nix.settings)
homeDirectory = lib.mkForce "/homes/${config.home.username}"; auto-optimise-store
experimental-features
fallback
flake-registry
keep-derivations
keep-outputs
min-free
sandbox
use-xdg-base-directories
;
};
}; };
nix.settings = {
inherit (main.nix.settings)
auto-optimise-store
experimental-features
fallback
flake-registry
keep-derivations
keep-outputs
min-free
sandbox
use-xdg-base-directories
;
};
};
} }

3
hosts/hermes/default.nix
View file

@ -1,4 +1,5 @@
{ pkgs, ... }: { { pkgs, ... }:
{
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./disks.nix ./disks.nix

19
hosts/hermes/hardware-configuration.nix
View file

@ -5,12 +5,25 @@
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "ahci" "usbhid" "sd_mod" ]; boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"thunderbolt"
"ahci"
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = [ "usb_storage" ]; boot.initrd.kernelModules = [ "usb_storage" ];
boot.kernelModules = [ "kvm-amd" "kvm-intel" ]; boot.kernelModules = [
"kvm-amd"
"kvm-intel"
];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
boot.kernelParams = [ "boot.shell_on_fail" ]; boot.kernelParams = [ "boot.shell_on_fail" ];
boot.supportedFilesystems = [ "btrfs" "zfs" ]; boot.supportedFilesystems = [
"btrfs"
"zfs"
];
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
info.model = "Portable Installation"; info.model = "Portable Installation";

12
hosts/hestia/hardware-configuration.nix
View file

@ -5,12 +5,20 @@
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" ]; boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
boot.kernelParams = [ "boot.shell_on_fail" ]; boot.kernelParams = [ "boot.shell_on_fail" ];
boot.supportedFilesystems = [ "btrfs" "zfs" ]; boot.supportedFilesystems = [
"btrfs"
"zfs"
];
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
info.model = "Dell R330"; info.model = "Dell R330";

31
hosts/vulcan/default.nix
View file

@ -10,21 +10,26 @@
home-manager.useUserPackages = false; home-manager.useUserPackages = false;
home = { main, config, ... }: { home =
home = { { main, config, ... }:
packages = with pkgs; [ {
home-manager home = {
] ++ main.universe.packages; packages =
with pkgs;
[
home-manager
]
++ main.universe.packages;
inherit (main.universe) shellAliases; inherit (main.universe) shellAliases;
sessionVariables = { sessionVariables = {
UNIVERSE_FLAKE_ROOT = "${config.home.homeDirectory}/universe"; UNIVERSE_FLAKE_ROOT = "${config.home.homeDirectory}/universe";
UNIVERSE_MODE = "home-manager"; UNIVERSE_MODE = "home-manager";
};
}; };
}; nix.settings.use-xdg-base-directories = true;
nix.settings.use-xdg-base-directories = true;
universe.programming.all.enable = true; universe.programming.all.enable = true;
}; };
} }

212
lib/default.nix
View file

@ -1,107 +1,133 @@
{ lib }: { lib }:
lib.makeExtensible (self: lib.makeExtensible (
with lib; self:
rec { with lib;
flattenListSet = imports: (flatten (concatLists (attrValues imports))); rec {
flattenSetList = attrSet: (mapAttrs (name: value: flatten value) attrSet); flattenListSet = imports: (flatten (concatLists (attrValues imports)));
flattenSetList = attrSet: (mapAttrs (name: value: flatten value) attrSet);
# ["/home/user/" "/.screenrc"] -> ["home" "user" ".screenrc"] # ["/home/user/" "/.screenrc"] -> ["home" "user" ".screenrc"]
splitPath = paths: splitPath =
(filter paths:
(s: builtins.typeOf s == "string" && s != "") (filter (s: builtins.typeOf s == "string" && s != "") (concatMap (builtins.split "/") paths));
(concatMap (builtins.split "/") paths)
);
# ["home" "user" ".screenrc"] -> "home/user/.screenrc" # ["home" "user" ".screenrc"] -> "home/user/.screenrc"
dirListToPath = dirList: (concatStringsSep "/" dirList); dirListToPath = dirList: (concatStringsSep "/" dirList);
# ["/home/user/" "/.screenrc"] -> "/home/user/.screenrc" # ["/home/user/" "/.screenrc"] -> "/home/user/.screenrc"
concatPaths = paths: concatPaths =
let paths:
prefix = optionalString (hasPrefix "/" (head paths)) "/"; let
path = dirListToPath (splitPath paths); prefix = optionalString (hasPrefix "/" (head paths)) "/";
in path = dirListToPath (splitPath paths);
prefix + path; in
prefix + path;
sanitizeName = name: sanitizeName = name: replaceStrings [ "." ] [ "" ] (sanitizeDerivationName (removePrefix "/" name));
replaceStrings
[ "." ] [ "" ]
(sanitizeDerivationName (removePrefix "/" name));
mapGenAttrs = list: func: attrs: mapGenAttrs =
lib.genAttrs list (name: func (if builtins.typeOf attrs == "lambda" then attrs name else attrs)); list: func: attrs:
lib.genAttrs list (name: func (if builtins.typeOf attrs == "lambda" then attrs name else attrs));
dirsOf = dir: lib.attrNames (lib.filterAttrs (file: type: type == "directory") (builtins.readDir dir)); dirsOf =
dir: lib.attrNames (lib.filterAttrs (file: type: type == "directory") (builtins.readDir dir));
# Only useful for functors # Only useful for functors
recMap = f: list: recMap = f: list: if list == [ ] then f else recMap (f (head list)) (tail list);
if list == [ ] then f
else recMap (f (head list)) (tail list)
;
chain = { chain = {
func = id; func = id;
__functor = self: input: __functor =
if (typeOf input) == "lambda" self: input:
then self // { func = e: input (self.func e); } if (typeOf input) == "lambda" then self // { func = e: input (self.func e); } else self.func input;
else self.func input; };
};
spread = function: list: if list == [ ] then function else spread (function (head list)) (tail list); spread =
function: list: if list == [ ] then function else spread (function (head list)) (tail list);
isFunction = obj: (typeOf obj) == "lambda" || ((typeOf obj) == "set" && obj ? __functor); isFunction = obj: (typeOf obj) == "lambda" || ((typeOf obj) == "set" && obj ? __functor);
# Takes a function and makes it lazy, by consuming arguments and applying it to the inner function first # Takes a function and makes it lazy, by consuming arguments and applying it to the inner function first
# before calling the original function # before calling the original function
# if the inner object is not actually a function, then just calls the original function # if the inner object is not actually a function, then just calls the original function
lazy = func: inner: if !(isFunction inner) then func inner else { lazy =
inherit func; func: inner:
app = inner; if !(isFunction inner) then
__functor = self: input: func inner
let app = self.app input; in else
if isFunction app then self // { inherit app; } {
else self.func app; inherit func;
}; app = inner;
__functor =
self: input:
let
app = self.app input;
in
if isFunction app then self // { inherit app; } else self.func app;
};
toBase64 = text: toBase64 =
let text:
inherit (lib) sublist mod stringToCharacters concatMapStrings; let
inherit (lib.strings) charToInt; inherit (lib)
inherit (builtins) substring foldl' genList elemAt length concatStringsSep stringLength; sublist
lookup = stringToCharacters "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; mod
sliceN = size: list: n: sublist (n * size) size list; stringToCharacters
pows = [ (64 * 64 * 64) (64 * 64) 64 1 ]; concatMapStrings
intSextets = i: map (j: mod (i / j) 64) pows; ;
compose = f: g: x: f (g x); inherit (lib.strings) charToInt;
intToChar = elemAt lookup; inherit (builtins)
convertTripletInt = sliceInt: concatMapStrings intToChar (intSextets sliceInt); substring
sliceToInt = foldl' (acc: val: acc * 256 + val) 0; foldl'
convertTriplet = compose convertTripletInt sliceToInt; genList
join = concatStringsSep ""; elemAt
convertLastSlice = slice: length
let concatStringsSep
len = length slice; stringLength
in ;
if len == 1 lookup = stringToCharacters "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
then (substring 0 2 (convertTripletInt ((sliceToInt slice) * 256 * 256))) + "==" sliceN =
else if len == 2 size: list: n:
then (substring 0 3 (convertTripletInt ((sliceToInt slice) * 256))) + "=" sublist (n * size) size list;
else ""; pows = [
len = stringLength text; (64 * 64 * 64)
nFullSlices = len / 3; (64 * 64)
bytes = map charToInt (stringToCharacters text); 64
tripletAt = sliceN 3 bytes; 1
head = genList (compose convertTriplet tripletAt) nFullSlices; ];
tail = convertLastSlice (tripletAt nFullSlices); intSextets = i: map (j: mod (i / j) 64) pows;
in compose =
join (head ++ [ tail ]); f: g: x:
f (g x);
intToChar = elemAt lookup;
convertTripletInt = sliceInt: concatMapStrings intToChar (intSextets sliceInt);
sliceToInt = foldl' (acc: val: acc * 256 + val) 0;
convertTriplet = compose convertTripletInt sliceToInt;
join = concatStringsSep "";
convertLastSlice =
slice:
let
len = length slice;
in
if len == 1 then
(substring 0 2 (convertTripletInt ((sliceToInt slice) * 256 * 256))) + "=="
else if len == 2 then
(substring 0 3 (convertTripletInt ((sliceToInt slice) * 256))) + "="
else
"";
len = stringLength text;
nFullSlices = len / 3;
bytes = map charToInt (stringToCharacters text);
tripletAt = sliceN 3 bytes;
head = genList (compose convertTriplet tripletAt) nFullSlices;
tail = convertLastSlice (tripletAt nFullSlices);
in
join (head ++ [ tail ]);
disko = import ./disko.nix { inherit lib; }; disko = import ./disko.nix { inherit lib; };
filesystems = import ./filesystems.nix { inherit lib self; }; filesystems = import ./filesystems.nix { inherit lib self; };
} // ( }
import ./digga.nix { inherit lib; } // (import ./digga.nix { inherit lib; })
) // ( // (import ./hosts.nix { inherit lib; })
import ./hosts.nix { inherit lib; } // (import ./options.nix { inherit lib; })
) // ( )
import ./options.nix { inherit lib; }
))

195
lib/digga.nix
View file

@ -4,63 +4,58 @@
let let
flattenTree' = flattenTree' =
/* /*
* *
Synopsis: flattenTree' _cond_ _sep_ _tree_ Synopsis: flattenTree' _cond_ _sep_ _tree_
Flattens a _tree_ of the shape that is produced by rakeLeaves. Flattens a _tree_ of the shape that is produced by rakeLeaves.
_cond_ determines when to stop recursing _cond_ determines when to stop recursing
_sep_ is the separator to join the path with _sep_ is the separator to join the path with
Output Format: Output Format:
An attrset with names in the spirit of the Reverse DNS Notation form An attrset with names in the spirit of the Reverse DNS Notation form
that fully preserve information about grouping from nesting. that fully preserve information about grouping from nesting.
Example input: Example input:
``` ```
{ {
a = { a = {
b = { b = {
c = <path>; c = <path>;
}; };
}; };
} }
``` ```
Example output: Example output:
``` ```
{ {
"a.b.c" = <path>; "a.b.c" = <path>;
} }
``` ```
* *
*/ */
cond: cond: sep: tree:
sep:
tree:
let let
op = sum: path: val: op =
sum: path: val:
let let
pathStr = builtins.concatStringsSep sep path; # dot-based reverse DNS notation pathStr = builtins.concatStringsSep sep path; # dot-based reverse DNS notation
in in
if cond val if cond val then
then # builtins.trace "${toString val} matches condition"
# builtins.trace "${toString val} matches condition"
(sum // { "${pathStr}" = val; }) (sum // { "${pathStr}" = val; })
else if builtins.isAttrs val else if builtins.isAttrs val then
then # builtins.trace "${builtins.toJSON val} is an attrset"
# builtins.trace "${builtins.toJSON val} is an attrset" # recurse into that attribute set
# recurse into that attribute set
(recurse sum path val) (recurse sum path val)
else else
# ignore that value # ignore that value
# builtins.trace "${toString path} is something else" # builtins.trace "${toString path} is something else"
sum; sum;
recurse = sum: path: val: recurse =
builtins.foldl' sum: path: val:
(sum: key: op sum (path ++ [ key ]) val.${key}) builtins.foldl' (sum: key: op sum (path ++ [ key ]) val.${key}) sum (builtins.attrNames val);
sum
(builtins.attrNames val);
in in
recurse { } [ ] tree; recurse { } [ ] tree;
@ -68,40 +63,41 @@ let
rakeLeaves = rakeLeaves =
/* /*
* *
Synopsis: rakeLeaves _path_ Synopsis: rakeLeaves _path_
Recursively collect the nix files of _path_ into attrs. Recursively collect the nix files of _path_ into attrs.
Output Format: Output Format:
An attribute set where all `.nix` files and directories with `default.nix` in them An attribute set where all `.nix` files and directories with `default.nix` in them
are mapped to keys that are either the file with .nix stripped or the folder name. are mapped to keys that are either the file with .nix stripped or the folder name.
All other directories are recursed further into nested attribute sets with the same format. All other directories are recursed further into nested attribute sets with the same format.
Example file structure: Example file structure:
``` ```
./core/default.nix ./core/default.nix
./base.nix ./base.nix
./main/dev.nix ./main/dev.nix
./main/os/default.nix ./main/os/default.nix
``` ```
Example output: Example output:
``` ```
{ {
core = ./core; core = ./core;
base = base.nix; base = base.nix;
main = { main = {
dev = ./main/dev.nix; dev = ./main/dev.nix;
os = ./main/os; os = ./main/os;
}; };
} }
``` ```
* *
*/ */
dirPath: dirPath:
let let
seive = file: type: seive =
file: type:
# Only rake `.nix` files or directories # Only rake `.nix` files or directories
(type == "regular" && lib.hasSuffix ".nix" file) || (type == "directory"); (type == "regular" && lib.hasSuffix ".nix" file) || (type == "directory");
@ -111,12 +107,11 @@ let
let let
path = dirPath + "/${file}"; path = dirPath + "/${file}";
in in
if if (type == "regular") || (type == "directory" && builtins.pathExists (path + "/default.nix")) then
(type == "regular") path
|| (type == "directory" && builtins.pathExists (path + "/default.nix"))
then path
# recurse on directories that don't contain a `default.nix` # recurse on directories that don't contain a `default.nix`
else rakeLeaves path; else
rakeLeaves path;
}; };
files = lib.filterAttrs seive (builtins.readDir dirPath); files = lib.filterAttrs seive (builtins.readDir dirPath);
@ -125,42 +120,44 @@ let
flattenLeaves = dir: flattenTree (rakeLeaves dir); flattenLeaves = dir: flattenTree (rakeLeaves dir);
getFqdn = c: getFqdn =
c:
let let
net = c.config.networking; net = c.config.networking;
fqdn = fqdn =
if (net ? domain) && (net.domain != null) if (net ? domain) && (net.domain != null) then "${net.hostName}.${net.domain}" else net.hostName;
then "${net.hostName}.${net.domain}"
else net.hostName;
in in
fqdn; fqdn;
in in
{ {
inherit rakeLeaves flattenTree flattenTree' flattenLeaves; inherit
rakeLeaves
flattenTree
flattenTree'
flattenLeaves
;
leaves = dir: builtins.attrValues (flattenLeaves dir); leaves = dir: builtins.attrValues (flattenLeaves dir);
mkHomeConfigurations = systemConfigurations: mkHomeConfigurations =
systemConfigurations:
/* /*
* *
Synopsis: mkHomeConfigurations _systemConfigurations_ Synopsis: mkHomeConfigurations _systemConfigurations_
Generate the `homeConfigurations` attribute expected by `home-manager` cli Generate the `homeConfigurations` attribute expected by `home-manager` cli
from _nixosConfigurations_ or _darwinConfigurations_ in the form from _nixosConfigurations_ or _darwinConfigurations_ in the form
_user@hostname_. _user@hostname_.
* *
*/ */
let let
op = attrs: c: op =
attrs: c:
attrs attrs
// ( // (lib.mapAttrs' (user: v: {
lib.mapAttrs' name = "${user}@${getFqdn c}";
(user: v: { value = v.home;
name = "${user}@${getFqdn c}"; }) c.config.home-manager.users);
value = v.home;
})
c.config.home-manager.users
);
mkHmConfigs = lib.foldl op { }; mkHmConfigs = lib.foldl op { };
in in
mkHmConfigs (builtins.attrValues systemConfigurations); mkHmConfigs (builtins.attrValues systemConfigurations);

92
lib/disko.nix
View file

@ -34,62 +34,84 @@ rec {
mkTmpfs' = mountOptions: size: mode: { mkTmpfs' = mountOptions: size: mode: {
fsType = "tmpfs"; fsType = "tmpfs";
mountOptions = mountOptions ++ [ "size=${size}" "mode=${mode}" ]; mountOptions = mountOptions ++ [
"size=${size}"
"mode=${mode}"
];
}; };
mkTmpfs = size: mkTmpfs' defaultMountOptions size "755"; mkTmpfs = size: mkTmpfs' defaultMountOptions size "755";
# btrfs # btrfs
mkBtrfsPart' = base: mountpoint: content': { mkBtrfsPart' =
content = { base: mountpoint: content':
inherit mountpoint; {
type = "btrfs"; content = {
} // content'; inherit mountpoint;
} // base; type = "btrfs";
} // content';
}
// base;
mkBtrfsPart = size: mkBtrfsPart' { inherit size; }; mkBtrfsPart = size: mkBtrfsPart' { inherit size; };
mkBtrfsPartEndAt = end: mkBtrfsPart' { inherit end; }; mkBtrfsPartEndAt = end: mkBtrfsPart' { inherit end; };
mkBtrfsSubvols' = mountOptions: mapAttrs (n: v: { mkBtrfsSubvols' =
mountpoint = n; mountOptions:
mountOptions = mountOptions ++ (optionals (v ? mountOptions) v.mountOptions); mapAttrs (
} // (removeAttrs v [ "mountOptions" ])); n: v:
{
mountpoint = n;
mountOptions = mountOptions ++ (optionals (v ? mountOptions) v.mountOptions);
}
// (removeAttrs v [ "mountOptions" ])
);
mkBtrfsSubvols = mkBtrfsSubvols' defaultMountOptions; mkBtrfsSubvols = mkBtrfsSubvols' defaultMountOptions;
# ZFS # ZFS
mkZPart' = base: content: pool: { mkZPart' =
content = { base: content: pool:
type = "zfs"; {
inherit pool; content = {
} // content; type = "zfs";
} // base; inherit pool;
} // content;
}
// base;
mkZPart = size: mkZPart' { inherit size; } { }; mkZPart = size: mkZPart' { inherit size; } { };
mkZPartEndAt = end: mkZPart' { inherit end; } { }; mkZPartEndAt = end: mkZPart' { inherit end; } { };
mkZDisk = id: pool: mkDisk id { mkZDisk =
partitions = { id: pool:
zfs = mkZPart "100%" pool; mkDisk id {
partitions = {
zfs = mkZPart "100%" pool;
};
}; };
};
mkZPool' = mountOptions: name: options: { mkZPool' =
type = "zpool"; mountOptions: name: options:
mode = "raidz"; {
mountpoint = "/media/${name}"; type = "zpool";
rootFsOptions = { mode = "raidz";
mountpoint = "legacy"; mountpoint = "/media/${name}";
compression = "zstd"; rootFsOptions = {
atime = "off"; mountpoint = "legacy";
}; compression = "zstd";
inherit mountOptions; atime = "off";
} // options; };
inherit mountOptions;
}
// options;
mkZPool = mkZPool' defaultMountOptions; mkZPool = mkZPool' defaultMountOptions;
mkZPools = mapAttrs mkZPool; mkZPools = mapAttrs mkZPool;
mkZfs' = mountOptions: mountpoint: options: { mkZfs' = mountOptions: mountpoint: options: {
type = "zfs_fs"; type = "zfs_fs";
inherit mountpoint mountOptions; inherit mountpoint mountOptions;
options = { mountpoint = "legacy"; } // options; options = {
mountpoint = "legacy";
} // options;
}; };
mkZfs = mkZfs' defaultMountOptions; mkZfs = mkZfs' defaultMountOptions;
@ -98,5 +120,7 @@ rec {
inherit size content; inherit size content;
}; };
markNeededForBoot = flip genAttrs (_: { neededForBoot = true; }); markNeededForBoot = flip genAttrs (_: {
neededForBoot = true;
});
} }

36
lib/filesystems.nix
View file

@ -10,25 +10,33 @@ rec {
neededForBoot = self.lazy (fs: fs // { neededForBoot = true; }); neededForBoot = self.lazy (fs: fs // { neededForBoot = true; });
mkFilesystemDev' = f: d: c: o: mkFilesystemDev' =
f: d: c: o:
neededForBoot (mkFilesystemDev f d c o); neededForBoot (mkFilesystemDev f d c o);
mkFilesystem = fsType: uuid: mkFilesystem = fsType: uuid: mkFilesystemDev fsType (diskByUuid uuid);
mkFilesystemDev fsType (diskByUuid uuid);
mkFilesystem' = f: d: c: o: mkFilesystem' =
f: d: c: o:
neededForBoot (mkFilesystemDev f d c o); neededForBoot (mkFilesystemDev f d c o);
mkEFI =
mkEFI = uuid: neededForBoot { uuid:
device = diskByUuid uuid; neededForBoot {
fsType = "vfat"; device = diskByUuid uuid;
}; fsType = "vfat";
mkTmpfs = name: size: neededForBoot { };
device = name; mkTmpfs =
fsType = "tmpfs"; name: size:
options = [ "defaults" "size=${size}" "mode=755" ]; neededForBoot {
}; device = name;
fsType = "tmpfs";
options = [
"defaults"
"size=${size}"
"mode=755"
];
};
mkBtrfs' = options: uuid: extraOptions: { mkBtrfs' = options: uuid: extraOptions: {
device = diskByUuid uuid; device = diskByUuid uuid;
fsType = "btrfs"; fsType = "btrfs";

23
lib/hosts.nix
View file

@ -1,12 +1,21 @@
{ lib }: { lib }:
{ {
mkHost = attrs@{ modules ? [ ], ... }: name: path: lib.nixosSystem (attrs // { mkHost =
modules = [ attrs@{
{ modules ? [ ],
networking.hostName = lib.mkDefault name; ...
}:
name: path:
lib.nixosSystem (
attrs
// {
modules = [
{
networking.hostName = lib.mkDefault name;
}
(import path)
] ++ attrs.modules;
} }
(import path) );
] ++ attrs.modules;
});
} }

43
lib/options.nix
View file

@ -3,25 +3,30 @@ let
inherit (lib) mkOption types flatten; inherit (lib) mkOption types flatten;
in in
rec { rec {
mkOpt = type: default: mkOpt = type: default: mkOption { inherit type default; };
mkOption { inherit type default; };
mkOpt' = type: default: description: mkOpt' =
type: default: description:
mkOption { inherit type default description; }; mkOption { inherit type default description; };
mkBoolOpt = default: mkOption { mkBoolOpt =
inherit default; default:
type = types.bool; mkOption {
example = true; inherit default;
}; type = types.bool;
example = true;
};
mkBoolOpt' = default: description: mkOption { mkBoolOpt' =
inherit default description; default: description:
type = types.bool; mkOption {
example = true; inherit default description;
}; type = types.bool;
example = true;
};
coercedPackageList = with types; coercedPackageList =
with types;
let let
packageListType = listOf (either package packageListType); packageListType = listOf (either package packageListType);
in in
@ -29,7 +34,11 @@ rec {
packageListOpt = mkOpt coercedPackageList [ ]; packageListOpt = mkOpt coercedPackageList [ ];
addPackageLists = lib.mapAttrs (name: value: value // { addPackageLists = lib.mapAttrs (
packages = packageListOpt; name: value:
}); value
// {
packages = packageListOpt;
}
);
} }

8
modules/functionality/soft-serve.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
with lib.our; with lib.our;
let let
@ -88,4 +93,3 @@ in
]; ];
}; };
} }

19
modules/functionality/ssh-tunnel.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
let let
cfg = config.services.ssh-tunnel; cfg = config.services.ssh-tunnel;
@ -50,11 +55,13 @@ in
local = mkParams "-L" cfg.forwards.local; local = mkParams "-L" cfg.forwards.local;
remote = mkParams "-R" cfg.forwards.remote; remote = mkParams "-R" cfg.forwards.remote;
options = mkParams "-o" (mapAttrsToList (n: v: "${n}=${toString v}") { options = mkParams "-o" (
ServerAliveInterval = 60; mapAttrsToList (n: v: "${n}=${toString v}") {
ExitOnForwardFailure = "yes"; ServerAliveInterval = 60;
KbdInteractiveAuthentication = "no"; ExitOnForwardFailure = "yes";
}); KbdInteractiveAuthentication = "no";
}
);
in in
{ {
script = '' script = ''

41
modules/global/backup.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
# Borg Backup public key: # Borg Backup public key:
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINhldH579ixPRSBtTjnzWoDCNyUxUSl1BjogWN3keYBR borg@universe # ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINhldH579ixPRSBtTjnzWoDCNyUxUSl1BjogWN3keYBR borg@universe
# This is used to connect to my rsync.net # This is used to connect to my rsync.net
@ -7,11 +12,7 @@ with lib.our;
let let
append = root: path: (root + "/" + path); append = root: path: (root + "/" + path);
excludes' = concatLists excludes' = concatLists (mapAttrsToList (root: map (append root)) cfg.excludes);
(mapAttrsToList
(root: map (append root))
cfg.excludes
);
commonArgs = { commonArgs = {
environment = { environment = {
@ -36,12 +37,19 @@ let
}; };
}; };
mkJob = paths: commonArgs // { mkJob =
inherit paths; paths:
inherit (cfg) repo; commonArgs
exclude = map (append paths) (excludes' ++ cfg.extraExcludes); // {
startAt = if cfg.backupTimes ? "${config.networking.hostName}" then "*-*-* ${cfg.backupTimes.${config.networking.hostName}}" else [ ]; inherit paths;
}; inherit (cfg) repo;
exclude = map (append paths) (excludes' ++ cfg.extraExcludes);
startAt =
if cfg.backupTimes ? "${config.networking.hostName}" then
"*-*-* ${cfg.backupTimes.${config.networking.hostName}}"
else
[ ];
};
cfg = config.modules.backups; cfg = config.modules.backups;
in in
@ -106,11 +114,12 @@ in
(mkIf cfg.enable { (mkIf cfg.enable {
services.borgbackup.jobs = mapAttrs (_: mkJob) cfg.jobs; services.borgbackup.jobs = mapAttrs (_: mkJob) cfg.jobs;
systemd.timers = lib.mapAttrs' systemd.timers = lib.mapAttrs' (
(n: _: lib.nameValuePair "borgbackup-job-${n}" { n: _:
lib.nameValuePair "borgbackup-job-${n}" {
requires = [ "network-online.target" ]; requires = [ "network-online.target" ];
}) }
cfg.jobs; ) cfg.jobs;
persist.directories = [ persist.directories = [
"/root/.cache/borg" "/root/.cache/borg"

4
modules/global/caches/personal.nix
View file

@ -2,7 +2,9 @@
{ {
nix.settings = { nix.settings = {
substituters = lib.flatten [ substituters = lib.flatten [
(lib.optional (config.networking.hostName != "Infini-DESKTOP" && config.info.loc.home) "ssh://infini-desktop?priority=9") (lib.optional (
config.networking.hostName != "Infini-DESKTOP" && config.info.loc.home
) "ssh://infini-desktop?priority=9")
"https://hydra.inx.moe?priority=10" "https://hydra.inx.moe?priority=10"
]; ];
trusted-public-keys = [ trusted-public-keys = [

8
modules/global/general.nix
View file

@ -1,4 +1,10 @@
{ config, common, secrets, lib, ... }: {
config,
common,
secrets,
lib,
...
}:
{ {
programs = { programs = {
# Enable dconf for programs that need it # Enable dconf for programs that need it

8
modules/global/home-manager.nix
View file

@ -1,4 +1,10 @@
{ config, lib, pkgs, ... }: { {
config,
lib,
pkgs,
...
}:
{
home-manager = { home-manager = {
useUserPackages = lib.mkDefault true; useUserPackages = lib.mkDefault true;
useGlobalPkgs = true; useGlobalPkgs = true;

12
modules/global/networking.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, private, ... }: {
config,
pkgs,
private,
...
}:
{ {
imports = [ private.nixosModules.networking ]; imports = [ private.nixosModules.networking ];
@ -27,7 +32,10 @@
#"100.100.100.100" #"100.100.100.100"
]; ];
firewall.trustedInterfaces = [ "br-+" "tailscale0" ]; firewall.trustedInterfaces = [
"br-+"
"tailscale0"
];
nftables = { nftables = {
enable = true; enable = true;

36
modules/global/nix.nix
View file

@ -1,6 +1,17 @@
{ config, inputs, pkgs, lib, ... }: {
config,
inputs,
pkgs,
lib,
...
}:
let let
inherit (lib) mkIf mkDefault filterAttrs mapAttrs'; inherit (lib)
mkIf
mkDefault
filterAttrs
mapAttrs'
;
in in
{ {
nix = { nix = {
@ -8,9 +19,19 @@ in
settings = { settings = {
allowed-users = [ "*" ]; allowed-users = [ "*" ];
trusted-users = [ "root" "@wheel" "remotebuild" "nix-ssh" ]; trusted-users = [
"root"
"@wheel"
"remotebuild"
"nix-ssh"
];
system-features = [ "nixos-test" "benchmark" "big-parallel" "kvm" ]; system-features = [
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
];
experimental-features = [ experimental-features = [
"flakes" "flakes"
"nix-command" "nix-command"
@ -52,7 +73,12 @@ in
let let
flakes = filterAttrs (n: v: v ? outputs) inputs; flakes = filterAttrs (n: v: v ? outputs) inputs;
in in
(mapAttrs' (n: v: { name = if n == "self" then "universe" else n; value = { flake = v; }; }) flakes) (mapAttrs' (n: v: {
name = if n == "self" then "universe" else n;
value = {
flake = v;
};
}) flakes)
// { // {
nixpkgs-git = { nixpkgs-git = {
exact = false; exact = false;

13
modules/global/options.nix
View file

@ -1,5 +1,10 @@
# Heavily inspired by hlissner: https://github.com/hlissner/dotfiles/blob/master/modules/options.nix # Heavily inspired by hlissner: https://github.com/hlissner/dotfiles/blob/master/modules/options.nix
{ config, options, lib, ... }: {
config,
options,
lib,
...
}:
with lib; with lib;
with lib.our; with lib.our;
let let
@ -40,7 +45,11 @@ in
universe = { universe = {
packages = packageListOpt; packages = packageListOpt;
shellAliases = mkOpt (attrsOf str) { }; shellAliases = mkOpt (attrsOf str) { };
variables = mkOpt (attrsOf (oneOf [ (listOf str) str path ])) { }; variables = mkOpt (attrsOf (oneOf [
(listOf str)
str
path
])) { };
media.enable = mkBoolOpt false; media.enable = mkBoolOpt false;
minimal.enable = mkBoolOpt false; minimal.enable = mkBoolOpt false;
}; };

169
modules/global/packages.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
{ {
# Use the latest Linux kernel # Use the latest Linux kernel
boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
@ -7,80 +12,96 @@
environment.defaultPackages = lib.mkForce [ ]; environment.defaultPackages = lib.mkForce [ ];
# Packages wanted everywhere # Packages wanted everywhere
universe.packages = with pkgs; [ universe.packages =
universe-cli with pkgs;
[
universe-cli
agenix agenix
bat bat
cloc cloc
cryptsetup cryptsetup
curl curl
difftastic difftastic
direnv direnv
dnsutils dnsutils
erdtree erdtree
eza eza
fd fd
fzf fzf
gnumake gnumake
gptfdisk gptfdisk
gum gum
htop htop
hyfetch hyfetch
iputils iputils
jq jq
man-pages man-pages
man-pages-posix man-pages-posix
nmap nmap
openssl openssl
parallel parallel
parted parted
pciutils pciutils
perl perl
rhash rhash
ripgrep ripgrep
rsync rsync
skim skim
sshfs sshfs
strace strace
tealdeer tealdeer
unixtools.whereis unixtools.whereis
unrar-wrapper unrar-wrapper
unzip unzip
util-linux util-linux
wget wget
whois whois
xxHash xxHash
yq yq
zip zip
] ++ (lib.optionals config.universe.media.enable (with pkgs; [ ]
ghostscript ++ (lib.optionals config.universe.media.enable (
graphviz with pkgs;
imagemagick [
pandoc ghostscript
yt-dlp graphviz
])); imagemagick
pandoc
yt-dlp
]
));
environment.systemPackages = config.universe.packages ++ (with pkgs; [ environment.systemPackages =
binutils config.universe.packages
btrfs-progs ++ (with pkgs; [
bubblewrap binutils
compsize btrfs-progs
coreutils-doge bubblewrap
dosfstools compsize
exfat # Windows drives coreutils-doge
kitty.terminfo dosfstools
ntfs3g # Windows drives exfat # Windows drives
smartmontools kitty.terminfo
usbutils ntfs3g # Windows drives
smartmontools
usbutils
# covered by home manager # covered by home manager
git git
vim vim
]) ++ (lib.optionals config.info.graphical (with pkgs; [ ])
arandr ++ (lib.optionals config.info.graphical (
])) ++ (lib.optionals config.universe.media.enable (with pkgs; [ with pkgs;
ffmpeg-full [
mpv arandr
])); ]
))
++ (lib.optionals config.universe.media.enable (
with pkgs;
[
ffmpeg-full
mpv
]
));
} }

15
modules/global/persist.nix
View file

@ -6,13 +6,22 @@ in
persist = { persist = {
directories = flatten [ directories = flatten [
"/home" "/home"
{ directory = "/etc/nixos"; user = "infinidoge"; } {
{ directory = "/etc/nixos-private"; user = "infinidoge"; } directory = "/etc/nixos";
user = "infinidoge";
}
{
directory = "/etc/nixos-private";
user = "infinidoge";
}
"/var/log" "/var/log"
"/var/lib/nixos" "/var/lib/nixos"
"/var/lib/systemd/" "/var/lib/systemd/"
{ directory = "/var/lib/tailscale"; mode = "0700"; } {
directory = "/var/lib/tailscale";
mode = "0700";
}
"/root/.ssh" "/root/.ssh"

86
modules/global/programming.nix
View file

@ -1,33 +1,39 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
let let
inherit (lib) flip; inherit (lib) flip;
inherit (lib.our) mkBoolOpt' addPackageLists; inherit (lib.our) mkBoolOpt' addPackageLists;
cfg = config.universe.programming; cfg = config.universe.programming;
programmingOpt' = kind: flip mkBoolOpt' "Programming: ${kind}"; programmingOpt' = kind: flip mkBoolOpt' "Programming: ${kind}";
programmingOpt = flip programmingOpt' cfg.all.enable; programmingOpt = flip programmingOpt' cfg.all.enable;
in in
{ {
options.universe.programming = (addPackageLists { options.universe.programming =
base.enable = programmingOpt' "Base packages" true; (addPackageLists {
base.enable = programmingOpt' "Base packages" true;
c.enable = programmingOpt' "C" true; c.enable = programmingOpt' "C" true;
csharp.enable = programmingOpt "C#"; csharp.enable = programmingOpt "C#";
haskell.enable = programmingOpt "Haskell"; haskell.enable = programmingOpt "Haskell";
java.enable = programmingOpt "Java"; java.enable = programmingOpt "Java";
lua.enable = programmingOpt "Lua"; lua.enable = programmingOpt "Lua";
nim.enable = programmingOpt "Nim"; nim.enable = programmingOpt "Nim";
python.enable = programmingOpt' "Python" true; python.enable = programmingOpt' "Python" true;
racket.enable = programmingOpt "Racket"; racket.enable = programmingOpt "Racket";
rust.enable = programmingOpt "Rust"; rust.enable = programmingOpt "Rust";
zig.enable = programmingOpt "Zig"; zig.enable = programmingOpt "Zig";
latex.enable = programmingOpt "LaTeX"; latex.enable = programmingOpt "LaTeX";
html.enable = programmingOpt "HTML"; html.enable = programmingOpt "HTML";
}) // { })
all.enable = programmingOpt' "All languages" false; // {
}; all.enable = programmingOpt' "All languages" false;
};
config = { config = {
universe.programming = with pkgs; { universe.programming = with pkgs; {
@ -60,7 +66,6 @@ in
cabal2nix cabal2nix
]; ];
java.packages = [ java.packages = [
openjdk openjdk
clang-tools clang-tools
@ -75,15 +80,17 @@ in
]; ];
python.packages = [ python.packages = [
(python312.withPackages (p: with p; [ (python312.withPackages (
black p: with p; [
isort black
jupyter isort
mypy jupyter
pip mypy
pyflakes pip
pytest pyflakes
])) pytest
]
))
pipenv pipenv
ruff ruff
]; ];
@ -93,12 +100,15 @@ in
]; ];
rust.packages = [ rust.packages = [
(rust-bin.selectLatestNightlyWith (toolchain: toolchain.default.override { (rust-bin.selectLatestNightlyWith (
extensions = [ toolchain:
"rust-src" toolchain.default.override {
"rust-analyzer" extensions = [
]; "rust-src"
})) "rust-analyzer"
];
}
))
gcc gcc
]; ];
@ -142,9 +152,9 @@ in
]; ];
}; };
universe.packages = lib.concatMap universe.packages = lib.concatMap (v: lib.optionals (v ? packages && v.enable) v.packages) (
(v: lib.optionals (v ? packages && v.enable) v.packages) lib.attrValues cfg
(lib.attrValues cfg); );
programs.java.enable = cfg.java.enable; programs.java.enable = cfg.java.enable;

15
modules/global/security.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
let let
inherit (config.nixpkgs.hostPlatform) system; inherit (config.nixpkgs.hostPlatform) system;
@ -32,8 +37,12 @@ in
hardware = { hardware = {
enableRedistributableFirmware = mkDefault true; enableRedistributableFirmware = mkDefault true;
cpu.intel.updateMicrocode = mkDefault (config.hardware.enableRedistributableFirmware && system == "x86_64-linux"); cpu.intel.updateMicrocode = mkDefault (
cpu.amd.updateMicrocode = mkDefault (config.hardware.enableRedistributableFirmware && system == "x86_64-linux"); config.hardware.enableRedistributableFirmware && system == "x86_64-linux"
);
cpu.amd.updateMicrocode = mkDefault (
config.hardware.enableRedistributableFirmware && system == "x86_64-linux"
);
}; };
users.mutableUsers = false; users.mutableUsers = false;

8
modules/global/shell.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
ifSudo = lib.mkIf config.security.sudo.enable; ifSudo = lib.mkIf config.security.sudo.enable;
ifSudo' = text: if config.security.sudo.enable then "sudo ${text}" else text; ifSudo' = text: if config.security.sudo.enable then "sudo ${text}" else text;
@ -43,7 +48,6 @@ in
gcd = "cd $(git root || echo \".\")"; gcd = "cd $(git root || echo \".\")";
ucd = "cd $(uni cd || echo \".\")"; ucd = "cd $(uni cd || echo \".\")";
# grep # grep
grep = "rg"; grep = "rg";
gi = "grep -i"; gi = "grep -i";

15
modules/global/ssh.nix
View file

@ -12,14 +12,19 @@ with lib;
ClientAliveInterval = 60; ClientAliveInterval = 60;
TCPKeepAlive = "yes"; TCPKeepAlive = "yes";
}; };
hostKeys = mkDefault [{ hostKeys = mkDefault [
path = "/etc/ssh/ssh_host_ed25519_key"; {
type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key";
}]; type = "ed25519";
}
];
knownHosts = { knownHosts = {
"github.com" = { "github.com" = {
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl"; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl";
extraHostNames = [ "ssh.github.com" "ssh.github.com:443" ]; extraHostNames = [
"ssh.github.com"
"ssh.github.com:443"
];
}; };
}; };
}; };

10
modules/global/virtualisation.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
with lib.our; with lib.our;
let let
@ -16,7 +21,8 @@ in
}; };
programs.dconf.enable = mkIf cfg.libvirtd.enable true; programs.dconf.enable = mkIf cfg.libvirtd.enable true;
environment.systemPackages = (optional cfg.libvirtd.enable pkgs.virt-manager) environment.systemPackages =
(optional cfg.libvirtd.enable pkgs.virt-manager)
++ (optional cfg.docker.enable pkgs.docker-compose); ++ (optional cfg.docker.enable pkgs.docker-compose);
persist.directories = optional cfg.libvirtd.enable "/var/lib/libvirt"; persist.directories = optional cfg.libvirtd.enable "/var/lib/libvirt";
}; };

49
modules/modules/desktop/gaming.nix
View file

@ -1,4 +1,10 @@
{ config, options, lib, pkgs, ... }: {
config,
options,
lib,
pkgs,
...
}:
with lib; with lib;
with lib.our; with lib.our;
let let
@ -32,16 +38,23 @@ in
config = mkMerge [ config = mkMerge [
{ {
assertions = [{ assertions = [
assertion = (any id (with cfg; [ {
steam.enable assertion =
prismlauncher.enable (any id (
lutris.enable with cfg;
olympus.enable [
puzzles.enable steam.enable
])) -> config.info.graphical; prismlauncher.enable
message = "Games cannot be enabled in a non-graphical environment"; lutris.enable
}]; olympus.enable
puzzles.enable
]
))
-> config.info.graphical;
message = "Games cannot be enabled in a non-graphical environment";
}
];
home.home.packages = with pkgs; [ home.home.packages = with pkgs; [
(mkIf cfg.prismlauncher.enable cfg.prismlauncher.package) (mkIf cfg.prismlauncher.enable cfg.prismlauncher.package)
@ -56,12 +69,14 @@ in
programs.steam = { programs.steam = {
enable = mkAliasDefinitions opt.steam.enable; enable = mkAliasDefinitions opt.steam.enable;
package = cfg.steam.package.override (optionalAttrs config.modules.hardware.gpu.nvidia { package = cfg.steam.package.override (
extraProfile = '' optionalAttrs config.modules.hardware.gpu.nvidia {
unset VK_ICD_FILENAMES extraProfile = ''
export VK_ICD_FILENAMES=${config.hardware.nvidia.package}/share/vulkan/icd.d/nvidia_icd.json:${config.hardware.nvidia.package.lib32}/share/vulkan/icd.d/nvidia_icd32.json unset VK_ICD_FILENAMES
''; export VK_ICD_FILENAMES=${config.hardware.nvidia.package}/share/vulkan/icd.d/nvidia_icd.json:${config.hardware.nvidia.package.lib32}/share/vulkan/icd.d/nvidia_icd32.json
}); '';
}
);
extraCompatPackages = with pkgs; [ extraCompatPackages = with pkgs; [
proton-ge-bin proton-ge-bin
]; ];

49
modules/modules/desktop/wm.nix
View file

@ -1,4 +1,10 @@
{ config, common, pkgs, lib, ... }: {
config,
common,
pkgs,
lib,
...
}:
with lib; with lib;
with lib.our; with lib.our;
let let
@ -50,29 +56,34 @@ in
''; '';
}; };
home-manager.sharedModules = [{ home-manager.sharedModules = [
xsession.enable = true; {
}]; xsession.enable = true;
}
environment.systemPackages = with pkgs; flatten [
(with xorg; [
xwininfo
xprop
])
xclip
xdotool
pavucontrol
common.wm.locker
]; ];
environment.systemPackages =
with pkgs;
flatten [
(with xorg; [
xwininfo
xprop
])
xclip
xdotool
pavucontrol
common.wm.locker
];
} }
(mkIf cfg.qtile.enable { (mkIf cfg.qtile.enable {
services.xserver.windowManager.qtile = { services.xserver.windowManager.qtile = {
enable = true; enable = true;
extraPackages = p: with p; [ extraPackages =
qtile-extras p: with p; [
]; qtile-extras
];
}; };
info.env.wm = "qtile"; info.env.wm = "qtile";

7
modules/modules/hardware/audio.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
with lib.our; with lib.our;

15
modules/modules/hardware/form.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
with lib.our; with lib.our;
let let
@ -58,7 +63,13 @@ in
environment = { environment = {
variables.LAPTOP = "True"; variables.LAPTOP = "True";
systemPackages = with pkgs; [ acpi brightnessctl ] ++ optional config.powerManagement.powertop.enable pkgs.powertop; systemPackages =
with pkgs;
[
acpi
brightnessctl
]
++ optional config.powerManagement.powertop.enable pkgs.powertop;
}; };
}) })

55
modules/modules/hardware/gpu.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
with lib.our; with lib.our;
let let
@ -13,27 +18,39 @@ in
}; };
config = mkMerge [ config = mkMerge [
(mkIf (any' (with cfg; [ amdgpu nvidia intel ])) { (mkIf
hardware.graphics = { (any' (
enable = true; with cfg;
enable32Bit = true; [
amdgpu
nvidia
intel
]
))
{
hardware.graphics = {
enable = true;
enable32Bit = true;
extraPackages = with pkgs; flatten [ extraPackages =
libvdpau-va-gl with pkgs;
vaapiVdpau flatten [
libvdpau-va-gl
vaapiVdpau
(optionals cfg.intel [ (optionals cfg.intel [
intel-compute-runtime intel-compute-runtime
intel-media-driver intel-media-driver
vaapiIntel vaapiIntel
]) ])
(optionals cfg.nvidia [ (optionals cfg.nvidia [
nvidia-vaapi-driver nvidia-vaapi-driver
]) ])
]; ];
}; };
}) }
)
(mkIf cfg.amdgpu { (mkIf cfg.amdgpu {
boot.initrd.kernelModules = [ "amdgpu" ]; boot.initrd.kernelModules = [ "amdgpu" ];

7
modules/modules/hardware/peripherals/printing.nix
View file

@ -1,4 +1,9 @@
{ config, lib, private, ... }: {
config,
lib,
private,
...
}:
with lib; with lib;
with lib.our; with lib.our;
let let

7
modules/modules/hardware/peripherals/yubikey.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
with lib.our; with lib.our;
let let

8
modules/modules/hardware/wireless.nix
View file

@ -1,4 +1,10 @@
{ config, lib, private, pkgs, ... }: {
config,
lib,
private,
pkgs,
...
}:
with lib; with lib;
with lib.our; with lib.our;
let let

44
modules/modules/services/apcupsd.nix
View file

@ -20,26 +20,32 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.apcupsd = { services.apcupsd = {
enable = true; enable = true;
configText = '' configText =
UPSNAME UPS ''
UPSCLASS standalone UPSNAME UPS
UPSMODE disable UPSCLASS standalone
NETSERVER on UPSMODE disable
NISPORT ${toString port} NETSERVER on
NISPORT ${toString port}
BATTERYLEVEL ${toString cfg.config.battery_level} BATTERYLEVEL ${toString cfg.config.battery_level}
MINUTES ${toString cfg.config.minutes} MINUTES ${toString cfg.config.minutes}
'' + ''
(if cfg.primary then '' + (
UPSTYPE usb if cfg.primary then
UPSCABLE usb ''
NISIP ${cfg.config.address} UPSTYPE usb
'' else '' UPSCABLE usb
UPSCABLE ether NISIP ${cfg.config.address}
UPSTYPE net ''
DEVICE ${cfg.config.address}:${toString port} else
POLLTIME 10 ''
''); UPSCABLE ether
UPSTYPE net
DEVICE ${cfg.config.address}:${toString port}
POLLTIME 10
''
);
hooks = cfg.config.hooks; hooks = cfg.config.hooks;
}; };
networking.firewall.allowedTCPPorts = mkIf cfg.primary [ port ]; networking.firewall.allowedTCPPorts = mkIf cfg.primary [ port ];

82
modules/vendored/factorio.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
@ -48,19 +53,25 @@ let
savePath = "${cfg.stateDir}/saves/${cfg.saveName}.zip"; savePath = "${cfg.stateDir}/saves/${cfg.saveName}.zip";
mkCmd = options: toString ([ mkCmd =
"${lib.getExe cfg.package}" options:
"--config=${cfg.configFile}" toString (
(optionalString (cfg.mods != [ ]) "--mod-directory=${modDir}") [
(optionalString (cfg.mods != [ ]) "--mod-directory=${modDir}") "${lib.getExe cfg.package}"
(optionalString (cfg.mapGenSettings != { }) "--map-gen-settings=${mapGenSettingsFile}") "--config=${cfg.configFile}"
(optionalString (cfg.mapSettings != { }) "--map-settings=${mapSettingsFile}") (optionalString (cfg.mods != [ ]) "--mod-directory=${modDir}")
"--server-settings=${ (optionalString (cfg.mods != [ ]) "--mod-directory=${modDir}")
if (cfg.extraSettingsFile != null) (optionalString (cfg.mapGenSettings != { }) "--map-gen-settings=${mapGenSettingsFile}")
then "${cfg.stateDir}/server-settings.json" (optionalString (cfg.mapSettings != { }) "--map-settings=${mapSettingsFile}")
else serverSettingsFile "--server-settings=${
}" if (cfg.extraSettingsFile != null) then
] ++ options); "${cfg.stateDir}/server-settings.json"
else
serverSettingsFile
}"
]
++ options
);
in in
{ {
disabledModules = [ "services/games/factorio.nix" ]; disabledModules = [ "services/games/factorio.nix" ];
@ -234,7 +245,9 @@ in
extraSettings = mkOption { extraSettings = mkOption {
type = types.attrs; type = types.attrs;
default = { }; default = { };
example = { admins = [ "username" ]; }; example = {
admins = [ "username" ];
};
description = lib.mdDoc '' description = lib.mdDoc ''
Extra game configuration that will go into server-settings.json Extra game configuration that will go into server-settings.json
''; '';
@ -338,18 +351,20 @@ in
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
after = [ "network.target" ]; after = [ "network.target" ];
preStart = '' preStart =
if [[ ! -e "${savePath}" ]]; then ''
${mkCmd [ if [[ ! -e "${savePath}" ]]; then
"--create=${savePath}" ${mkCmd [
]} "--create=${savePath}"
fi ]}
'' + (optionalString (cfg.extraSettingsFile != null) '' fi
echo ${lib.strings.escapeShellArg serverSettingsString} \ ''
"$(cat ${cfg.extraSettingsFile})" \ + (optionalString (cfg.extraSettingsFile != null) ''
| ${lib.getExe pkgs.jq} -s add \ echo ${lib.strings.escapeShellArg serverSettingsString} \
> ${cfg.stateDir}/server-settings.json "$(cat ${cfg.extraSettingsFile})" \
''); | ${lib.getExe pkgs.jq} -s add \
> ${cfg.stateDir}/server-settings.json
'');
serviceConfig = { serviceConfig = {
User = cfg.user; User = cfg.user;
@ -362,11 +377,7 @@ in
ExecStart = mkCmd [ ExecStart = mkCmd [
"--port=${toString cfg.port}" "--port=${toString cfg.port}"
"--bind=${cfg.bind}" "--bind=${cfg.bind}"
( (if cfg.loadLatestSave then "--start-server-load-latest" else "--start-server=${savePath}")
if cfg.loadLatestSave
then "--start-server-load-latest"
else "--start-server=${savePath}"
)
(optionalString (cfg.admins != [ ]) "--server-adminlist=${serverAdminsFile}") (optionalString (cfg.admins != [ ]) "--server-adminlist=${serverAdminsFile}")
]; ];
@ -379,7 +390,12 @@ in
ProtectControlGroups = true; ProtectControlGroups = true;
ProtectKernelModules = true; ProtectKernelModules = true;
ProtectKernelTunables = true; ProtectKernelTunables = true;
RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" "AF_NETLINK" ]; RestrictAddressFamilies = [
"AF_UNIX"
"AF_INET"
"AF_INET6"
"AF_NETLINK"
];
RestrictRealtime = true; RestrictRealtime = true;
RestrictNamespaces = true; RestrictNamespaces = true;
MemoryDenyWriteExecute = true; MemoryDenyWriteExecute = true;

90
modules/vendored/hydra.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
@ -16,22 +21,29 @@ let
HYDRA_DATA = "${baseDir}"; HYDRA_DATA = "${baseDir}";
}; };
env = { env =
NIX_REMOTE = "daemon"; {
SSL_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt"; # Remove in 16.03 NIX_REMOTE = "daemon";
PGPASSFILE = "${baseDir}/pgpass"; SSL_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt"; # Remove in 16.03
NIX_REMOTE_SYSTEMS = concatStringsSep ":" cfg.buildMachinesFiles; PGPASSFILE = "${baseDir}/pgpass";
} // optionalAttrs (cfg.smtpHost != null) { NIX_REMOTE_SYSTEMS = concatStringsSep ":" cfg.buildMachinesFiles;
EMAIL_SENDER_TRANSPORT = "SMTP"; }
EMAIL_SENDER_TRANSPORT_host = cfg.smtpHost; // optionalAttrs (cfg.smtpHost != null) {
} // hydraEnv // cfg.extraEnv; EMAIL_SENDER_TRANSPORT = "SMTP";
EMAIL_SENDER_TRANSPORT_host = cfg.smtpHost;
}
// hydraEnv
// cfg.extraEnv;
serverEnv = env // { serverEnv =
HYDRA_TRACKER = cfg.tracker; env
XDG_CACHE_HOME = "${baseDir}/www/.cache"; // {
COLUMNS = "80"; HYDRA_TRACKER = cfg.tracker;
PGPASSFILE = "${baseDir}/pgpass-www"; # grrr XDG_CACHE_HOME = "${baseDir}/www/.cache";
} // (optionalAttrs cfg.debugServer { DBIC_TRACE = "1"; }); COLUMNS = "80";
PGPASSFILE = "${baseDir}/pgpass-www"; # grrr
}
// (optionalAttrs cfg.debugServer { DBIC_TRACE = "1"; });
localDB = "dbi:Pg:dbname=hydra;user=hydra;"; localDB = "dbi:Pg:dbname=hydra;user=hydra;";
@ -39,7 +51,9 @@ let
hydra-package = hydra-package =
let let
makeWrapperArgs = concatStringsSep " " (mapAttrsToList (key: value: "--set-default \"${key}\" \"${value}\"") hydraEnv); makeWrapperArgs = concatStringsSep " " (
mapAttrsToList (key: value: "--set-default \"${key}\" \"${value}\"") hydraEnv
);
in in
pkgs.buildEnv rec { pkgs.buildEnv rec {
name = "hydra-env"; name = "hydra-env";
@ -236,7 +250,10 @@ in
type = types.listOf types.path; type = types.listOf types.path;
default = optional (config.nix.buildMachines != [ ]) "/etc/nix/machines"; default = optional (config.nix.buildMachines != [ ]) "/etc/nix/machines";
defaultText = literalExpression ''optional (config.nix.buildMachines != []) "/etc/nix/machines"''; defaultText = literalExpression ''optional (config.nix.buildMachines != []) "/etc/nix/machines"'';
example = [ "/etc/nix/machines" "/var/lib/hydra/provisioner/machines" ]; example = [
"/etc/nix/machines"
"/var/lib/hydra/provisioner/machines"
];
description = "List of files containing build machines."; description = "List of files containing build machines.";
}; };
@ -257,7 +274,6 @@ in
}; };
###### implementation ###### implementation
config = mkIf cfg.enable { config = mkIf cfg.enable {
@ -312,7 +328,10 @@ in
use-substitutes = ${if cfg.useSubstitutes then "1" else "0"} use-substitutes = ${if cfg.useSubstitutes then "1" else "0"}
''; '';
environment.systemPackages = [ hydra-package pkgs.git ]; environment.systemPackages = [
hydra-package
pkgs.git
];
environment.variables = hydraEnv; environment.variables = hydraEnv;
@ -320,7 +339,11 @@ in
{ {
keep-outputs = true; keep-outputs = true;
keep-derivations = true; keep-derivations = true;
extra-trusted-users = [ "hydra" "hydra-queue-runner" "hydra-www" ]; extra-trusted-users = [
"hydra"
"hydra-queue-runner"
"hydra-www"
];
} }
(mkIf (versionOlder (getVersion config.nix.package.out) "2.4pre") { (mkIf (versionOlder (getVersion config.nix.package.out) "2.4pre") {
@ -419,8 +442,17 @@ in
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
requires = [ "hydra-init.service" ]; requires = [ "hydra-init.service" ];
wants = [ "network-online.target" ]; wants = [ "network-online.target" ];
after = [ "hydra-init.service" "network.target" ]; after = [
path = [ hydra-package pkgs.nettools pkgs.openssh pkgs.bzip2 config.nix.package ]; "hydra-init.service"
"network.target"
];
path = [
hydra-package
pkgs.nettools
pkgs.openssh
pkgs.bzip2
config.nix.package
];
restartTriggers = [ hydraConf ]; restartTriggers = [ hydraConf ];
environment = env // { environment = env // {
PGPASSFILE = "${baseDir}/pgpass-queue-runner"; # grrr PGPASSFILE = "${baseDir}/pgpass-queue-runner"; # grrr
@ -444,8 +476,16 @@ in
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
requires = [ "hydra-init.service" ]; requires = [ "hydra-init.service" ];
wants = [ "network-online.target" ]; wants = [ "network-online.target" ];
after = [ "hydra-init.service" "network.target" "network-online.target" ]; after = [
path = with pkgs; [ hydra-package nettools jq ]; "hydra-init.service"
"network.target"
"network-online.target"
];
path = with pkgs; [
hydra-package
nettools
jq
];
restartTriggers = [ hydraConf ]; restartTriggers = [ hydraConf ];
environment = env // { environment = env // {
HYDRA_DBI = "${env.HYDRA_DBI};application_name=hydra-evaluator"; HYDRA_DBI = "${env.HYDRA_DBI};application_name=hydra-evaluator";

98
modules/vendored/steam.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.programs.steam; cfg = config.programs.steam;
@ -8,7 +13,9 @@ let
steam-gamescope = steam-gamescope =
let let
exports = builtins.attrValues (builtins.mapAttrs (n: v: "export ${n}=${v}") cfg.gamescopeSession.env); exports = builtins.attrValues (
builtins.mapAttrs (n: v: "export ${n}=${v}") cfg.gamescopeSession.env
);
in in
pkgs.writeShellScriptBin "steam-gamescope" '' pkgs.writeShellScriptBin "steam-gamescope" ''
${builtins.concatStringsSep "\n" exports} ${builtins.concatStringsSep "\n" exports}
@ -22,7 +29,10 @@ let
Comment=A digital distribution platform Comment=A digital distribution platform
Exec=${steam-gamescope}/bin/steam-gamescope Exec=${steam-gamescope}/bin/steam-gamescope
Type=Application Type=Application
'').overrideAttrs (_: { passthru.providedSessions = [ "steam" ]; }); '').overrideAttrs
(_: {
passthru.providedSessions = [ "steam" ];
});
in in
{ {
disabledModules = [ "programs/steam.nix" ]; disabledModules = [ "programs/steam.nix" ];
@ -46,29 +56,40 @@ in
]; ];
} }
''; '';
apply = steam: steam.override (prev: { apply =
extraEnv = (lib.optionalAttrs (cfg.extraCompatPackages != [ ]) { steam:
STEAM_EXTRA_COMPAT_TOOLS_PATHS = extraCompatPaths; steam.override (
}) // (lib.optionalAttrs cfg.extest.enable { prev:
LD_PRELOAD = "${pkgs.pkgsi686Linux.extest}/lib/libextest.so"; {
}) // (prev.extraEnv or { }); extraEnv =
extraLibraries = pkgs: (lib.optionalAttrs (cfg.extraCompatPackages != [ ]) {
let STEAM_EXTRA_COMPAT_TOOLS_PATHS = extraCompatPaths;
prevLibs = if prev ? extraLibraries then prev.extraLibraries pkgs else [ ]; })
additionalLibs = with config.hardware.graphics; // (lib.optionalAttrs cfg.extest.enable {
if pkgs.stdenv.hostPlatform.is64bit LD_PRELOAD = "${pkgs.pkgsi686Linux.extest}/lib/libextest.so";
then [ package ] ++ extraPackages })
else [ package32 ] ++ extraPackages32; // (prev.extraEnv or { });
in extraLibraries =
prevLibs ++ additionalLibs; pkgs:
extraPkgs = p: (cfg.extraPackages ++ lib.optionals (prev ? extraPkgs) (prev.extraPkgs p)); let
} // lib.optionalAttrs (cfg.gamescopeSession.enable && gamescopeCfg.capSysNice) prevLibs = if prev ? extraLibraries then prev.extraLibraries pkgs else [ ];
{ additionalLibs =
buildFHSEnv = pkgs.buildFHSEnv.override { with config.hardware.graphics;
# use the setuid wrapped bubblewrap if pkgs.stdenv.hostPlatform.is64bit then
bubblewrap = "${config.security.wrapperDir}/.."; [ package ] ++ extraPackages
}; else
}); [ package32 ] ++ extraPackages32;
in
prevLibs ++ additionalLibs;
extraPkgs = p: (cfg.extraPackages ++ lib.optionals (prev ? extraPkgs) (prev.extraPkgs p));
}
// lib.optionalAttrs (cfg.gamescopeSession.enable && gamescopeCfg.capSysNice) {
buildFHSEnv = pkgs.buildFHSEnv.override {
# use the setuid wrapped bubblewrap
bubblewrap = "${config.security.wrapperDir}/..";
};
}
);
description = '' description = ''
The Steam package to use. Additional libraries are added from the system The Steam package to use. Additional libraries are added from the system
configuration to ensure graphics work properly. configuration to ensure graphics work properly.
@ -201,18 +222,24 @@ in
programs.steam.extraPackages = cfg.fontPackages; programs.steam.extraPackages = cfg.fontPackages;
programs.gamescope.enable = lib.mkDefault cfg.gamescopeSession.enable; programs.gamescope.enable = lib.mkDefault cfg.gamescopeSession.enable;
services.displayManager.sessionPackages = lib.mkIf cfg.gamescopeSession.enable [ gamescopeSessionFile ]; services.displayManager.sessionPackages = lib.mkIf cfg.gamescopeSession.enable [
gamescopeSessionFile
];
# optionally enable 32bit pulseaudio support if pulseaudio is enabled # optionally enable 32bit pulseaudio support if pulseaudio is enabled
services.pulseaudio.support32Bit = config.services.pulseaudio.enable; services.pulseaudio.support32Bit = config.services.pulseaudio.enable;
hardware.steam-hardware.enable = true; hardware.steam-hardware.enable = true;
home.home.packages = [ home.home.packages =
cfg.package [
cfg.package.run cfg.package
] ++ lib.optional cfg.gamescopeSession.enable steam-gamescope cfg.package.run
++ lib.optional cfg.protontricks.enable (cfg.protontricks.package.override { inherit extraCompatPaths; }); ]
++ lib.optional cfg.gamescopeSession.enable steam-gamescope
++ lib.optional cfg.protontricks.enable (
cfg.protontricks.package.override { inherit extraCompatPaths; }
);
networking.firewall = lib.mkMerge [ networking.firewall = lib.mkMerge [
(lib.mkIf (cfg.remotePlay.openFirewall || cfg.localNetworkGameTransfers.openFirewall) { (lib.mkIf (cfg.remotePlay.openFirewall || cfg.localNetworkGameTransfers.openFirewall) {
@ -221,7 +248,12 @@ in
(lib.mkIf cfg.remotePlay.openFirewall { (lib.mkIf cfg.remotePlay.openFirewall {
allowedTCPPorts = [ 27036 ]; allowedTCPPorts = [ 27036 ];
allowedUDPPortRanges = [{ from = 27031; to = 27035; }]; allowedUDPPortRanges = [
{
from = 27031;
to = 27035;
}
];
}) })
(lib.mkIf cfg.dedicatedServer.openFirewall { (lib.mkIf cfg.dedicatedServer.openFirewall {

29
modules/vendored/thelounge.nix
View file

@ -1,27 +1,42 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
cfg = config.services.thelounge; cfg = config.services.thelounge;
configJsData = "module.exports = " + builtins.toJSON ( configJsData =
{ inherit (cfg) public port; } // cfg.extraConfig "module.exports = " + builtins.toJSON ({ inherit (cfg) public port; } // cfg.extraConfig);
);
pluginManifest = { pluginManifest = {
dependencies = builtins.listToAttrs (builtins.map (pkg: { name = getName pkg; value = getVersion pkg; }) cfg.plugins); dependencies = builtins.listToAttrs (
builtins.map (pkg: {
name = getName pkg;
value = getVersion pkg;
}) cfg.plugins
);
}; };
plugins = pkgs.runCommandLocal "thelounge-plugins" { } '' plugins = pkgs.runCommandLocal "thelounge-plugins" { } ''
mkdir -p $out/node_modules mkdir -p $out/node_modules
echo ${escapeShellArg (builtins.toJSON pluginManifest)} >> $out/package.json echo ${escapeShellArg (builtins.toJSON pluginManifest)} >> $out/package.json
${concatMapStringsSep "\n" (pkg: '' ${concatMapStringsSep "\n" (pkg: ''
ln -s ${pkg}/lib/node_modules/${getName pkg} $out/node_modules/${getName pkg} ln -s ${pkg}/lib/node_modules/${getName pkg} $out/node_modules/${getName pkg}
'') cfg.plugins} '') cfg.plugins}
''; '';
in in
{ {
disabledModules = [ "services/networking/thelounge.nix" ]; disabledModules = [ "services/networking/thelounge.nix" ];
imports = [ (mkRemovedOptionModule [ "services" "thelounge" "private" ] "The option was renamed to `services.thelounge.public` to follow upstream changes.") ]; imports = [
(mkRemovedOptionModule [
"services"
"thelounge"
"private"
] "The option was renamed to `services.thelounge.public` to follow upstream changes.")
];
options.services.thelounge = { options.services.thelounge = {
enable = mkEnableOption (lib.mdDoc "The Lounge web IRC client"); enable = mkEnableOption (lib.mdDoc "The Lounge web IRC client");

96
modules/vendored/vaultwarden.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
@ -8,17 +13,27 @@ let
group = config.users.groups.vaultwarden.name; group = config.users.groups.vaultwarden.name;
# Convert name from camel case (e.g. disable2FARemember) to upper case snake case (e.g. DISABLE_2FA_REMEMBER). # Convert name from camel case (e.g. disable2FARemember) to upper case snake case (e.g. DISABLE_2FA_REMEMBER).
nameToEnvVar = name: nameToEnvVar =
name:
let let
parts = builtins.split "([A-Z0-9]+)" name; parts = builtins.split "([A-Z0-9]+)" name;
partsToEnvVar = parts: foldl' partsToEnvVar =
(key: x: parts:
let last = stringLength key - 1; in foldl' (
if isList x then key + optionalString (key != "" && substring last 1 key != "_") "_" + head x key: x:
let
last = stringLength key - 1;
in
if isList x then
key + optionalString (key != "" && substring last 1 key != "_") "_" + head x
else if key != "" && elem (substring 0 1 x) lowerChars then # to handle e.g. [ "disable" [ "2FAR" ] "emember" ] else if key != "" && elem (substring 0 1 x) lowerChars then # to handle e.g. [ "disable" [ "2FAR" ] "emember" ]
substring 0 last key + optionalString (substring (last - 1) 1 key != "_") "_" + substring last 1 key + toUpper x substring 0 last key
else key + toUpper x) "" + optionalString (substring (last - 1) 1 key != "_") "_"
parts; + substring last 1 key
+ toUpper x
else
key + toUpper x
) "" parts;
in in
if builtins.match "[A-Z0-9_]+" name != null then name else partsToEnvVar parts; if builtins.match "[A-Z0-9_]+" name != null then name else partsToEnvVar parts;
@ -26,17 +41,24 @@ let
# we can only check for values consistently after converting them to their corresponding environment variable name. # we can only check for values consistently after converting them to their corresponding environment variable name.
configEnv = configEnv =
let let
configEnv = concatMapAttrs configEnv = concatMapAttrs (
(name: value: optionalAttrs (value != null) { name: value:
optionalAttrs (value != null) {
${nameToEnvVar name} = if isBool value then boolToString value else toString value; ${nameToEnvVar name} = if isBool value then boolToString value else toString value;
}) }
cfg.config; ) cfg.config;
in in
{ DATA_FOLDER = cfg.dataDir; } // optionalAttrs (!(configEnv ? WEB_VAULT_ENABLED) || configEnv.WEB_VAULT_ENABLED == "true") { {
DATA_FOLDER = cfg.dataDir;
}
// optionalAttrs (!(configEnv ? WEB_VAULT_ENABLED) || configEnv.WEB_VAULT_ENABLED == "true") {
WEB_VAULT_FOLDER = "${cfg.webVaultPackage}/share/vaultwarden/vault"; WEB_VAULT_FOLDER = "${cfg.webVaultPackage}/share/vaultwarden/vault";
} // configEnv; }
// configEnv;
configFile = pkgs.writeText "vaultwarden.env" (concatStrings (mapAttrsToList (name: value: "${name}=${value}\n") configEnv)); configFile = pkgs.writeText "vaultwarden.env" (
concatStrings (mapAttrsToList (name: value: "${name}=${value}\n") configEnv)
);
vaultwarden = cfg.package.override { inherit (cfg) dbBackend; }; vaultwarden = cfg.package.override { inherit (cfg) dbBackend; };
@ -52,7 +74,11 @@ in
enable = mkEnableOption (lib.mdDoc "vaultwarden"); enable = mkEnableOption (lib.mdDoc "vaultwarden");
dbBackend = mkOption { dbBackend = mkOption {
type = enum [ "sqlite" "mysql" "postgresql" ]; type = enum [
"sqlite"
"mysql"
"postgresql"
];
default = "sqlite"; default = "sqlite";
description = lib.mdDoc '' description = lib.mdDoc ''
Which database backend vaultwarden will be using. Which database backend vaultwarden will be using.
@ -77,7 +103,13 @@ in
}; };
config = mkOption { config = mkOption {
type = attrsOf (nullOr (oneOf [ bool int str ])); type = attrsOf (
nullOr (oneOf [
bool
int
str
])
);
default = { default = {
ROCKET_ADDRESS = "::1"; # default to localhost ROCKET_ADDRESS = "::1"; # default to localhost
ROCKET_PORT = 8222; ROCKET_PORT = 8222;
@ -186,10 +218,12 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
assertions = [{ assertions = [
assertion = cfg.backupDir != null -> cfg.dbBackend == "sqlite"; {
message = "Backups for database backends other than sqlite will need customization"; assertion = cfg.backupDir != null -> cfg.dbBackend == "sqlite";
}]; message = "Backups for database backends other than sqlite will need customization";
}
];
users.users.vaultwarden = { users.users.vaultwarden = {
inherit group; inherit group;
@ -218,11 +252,19 @@ in
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
}; };
systemd.tmpfiles.settings."10-vaultwarden" = { systemd.tmpfiles.settings."10-vaultwarden" =
${cfg.dataDir}.d = { inherit user group; mode = "0700"; }; {
} // optionalAttrs (cfg.backupDir != null) { ${cfg.dataDir}.d = {
${cfg.backupDir}.d = { inherit user group; mode = "0770"; }; inherit user group;
}; mode = "0700";
};
}
// optionalAttrs (cfg.backupDir != null) {
${cfg.backupDir}.d = {
inherit user group;
mode = "0770";
};
};
systemd.services.backup-vaultwarden = mkIf (cfg.backupDir != null) { systemd.services.backup-vaultwarden = mkIf (cfg.backupDir != null) {
aliases = [ "backup-bitwarden_rs.service" ]; aliases = [ "backup-bitwarden_rs.service" ];

13
overlays/overrides.nix
View file

@ -1,17 +1,20 @@
inputs: final: prev: inputs: final: prev:
let let
mkPkgs = channel: channel.legacyPackages.${final.system}; mkPkgs = channel: channel.legacyPackages.${final.system};
mkPkgsUnfree = channel: import channel { mkPkgsUnfree =
inherit (final) system; channel:
config.allowUnfree = true; import channel {
}; inherit (final) system;
config.allowUnfree = true;
};
latest = mkPkgsUnfree inputs.latest; latest = mkPkgsUnfree inputs.latest;
fork = mkPkgsUnfree inputs.fork; fork = mkPkgsUnfree inputs.fork;
stable = mkPkgs inputs.stable; stable = mkPkgs inputs.stable;
old-stable = mkPkgs inputs.old-stable; old-stable = mkPkgs inputs.old-stable;
versionFromInput = input: versionFromInput =
input:
let let
slice = a: b: builtins.substring a b input.lastModifiedDate; slice = a: b: builtins.substring a b input.lastModifiedDate;
in in

12
overlays/patches/default.nix
View file

@ -1,9 +1,11 @@
final: prev: final: prev:
let let
addPatches = package: patches: package.overrideAttrs (old: { addPatches =
patches = (old.patches or [ ]) ++ patches; package: patches:
}); package.overrideAttrs (old: {
patches = (old.patches or [ ]) ++ patches;
});
in in
{ {
# coreutils-doge = addPatches prev.coreutils [ ./coreutils.patch ]; # coreutils-doge = addPatches prev.coreutils [ ./coreutils.patch ];
@ -20,7 +22,9 @@ in
# }) # })
#]; #];
hydra_unstable = addPatches prev.hydra_unstable [ ./hydra-force-allow-import-from-derivation.patch ]; hydra_unstable = addPatches prev.hydra_unstable [
./hydra-force-allow-import-from-derivation.patch
];
openssh-srv = addPatches prev.openssh [ ./srv-records.patch ]; openssh-srv = addPatches prev.openssh [ ./srv-records.patch ];

8
pkgs/all-packages.nix
View file

@ -14,8 +14,12 @@ rec {
tmx-cups-ppd = pkgs.callPackage ./tmx-cups-ppd.nix { }; tmx-cups-ppd = pkgs.callPackage ./tmx-cups-ppd.nix { };
unbted = pkgs.callPackage ./unbted.nix { }; unbted = pkgs.callPackage ./unbted.nix { };
unmap = pkgs.callPackage ./unmap { }; unmap = pkgs.callPackage ./unmap { };
vpython-jupyter = pkgs.python3Packages.callPackage ./vpython-jupyter.nix { inherit jupyterlab-vpython; }; vpython-jupyter = pkgs.python3Packages.callPackage ./vpython-jupyter.nix {
inherit jupyterlab-vpython;
};
jupyterlab-vpython = pkgs.python3Packages.callPackage ./jupyterlab-vpython { }; jupyterlab-vpython = pkgs.python3Packages.callPackage ./jupyterlab-vpython { };
jupyter-server-proxy = pkgs.python3Packages.callPackage ./jupyter-server-proxy { inherit simpervisor; }; jupyter-server-proxy = pkgs.python3Packages.callPackage ./jupyter-server-proxy {
inherit simpervisor;
};
simpervisor = pkgs.python3Packages.callPackage ./simpervisor.nix { }; simpervisor = pkgs.python3Packages.callPackage ./simpervisor.nix { };
} }

13
pkgs/bytecode-viewer.nix
View file

@ -1,9 +1,10 @@
{ stdenv {
, lib stdenv,
, fetchFromGitHub lib,
, jre fetchFromGitHub,
, makeWrapper jre,
, maven makeWrapper,
maven,
}: }:
maven.buildMavenPackage rec { maven.buildMavenPackage rec {

3
pkgs/default.nix
View file

@ -1,6 +1,7 @@
{ self, lib, ... }: { self, lib, ... }:
{ {
perSystem = { pkgs, ... }: perSystem =
{ pkgs, ... }:
let let
allPackages = import ./all-packages.nix { inherit pkgs; }; allPackages = import ./all-packages.nix { inherit pkgs; };
in in

16
pkgs/ears-cli.nix
View file

@ -1,8 +1,9 @@
{ lib {
, stdenvNoCC lib,
, fetchFromGitea stdenvNoCC,
, makeWrapper fetchFromGitea,
, jdk makeWrapper,
jdk,
}: }:
stdenvNoCC.mkDerivation rec { stdenvNoCC.mkDerivation rec {
pname = "ears-cli"; pname = "ears-cli";
@ -16,7 +17,10 @@ stdenvNoCC.mkDerivation rec {
sha256 = "sha256-3ov7wjw8nxjwrNRH0wHICbZjXR4j2DPkUl5WlxJZsLA="; sha256 = "sha256-3ov7wjw8nxjwrNRH0wHICbZjXR4j2DPkUl5WlxJZsLA=";
}; };
nativeBuildInputs = [ jdk makeWrapper ]; nativeBuildInputs = [
jdk
makeWrapper
];
buildPhase = '' buildPhase = ''
bash ./build.sh bash ./build.sh

17
pkgs/fw-ectool.nix
View file

@ -1,11 +1,12 @@
{ stdenv {
, lib stdenv,
, fetchFromGitLab lib,
, pkg-config fetchFromGitLab,
, cmake pkg-config,
, hostname cmake,
, libusb1 hostname,
, libftdi1 libusb1,
libftdi1,
}: }:
stdenv.mkDerivation { stdenv.mkDerivation {

6
pkgs/hexagon.nix
View file

@ -1,4 +1,8 @@
{ lib, fetchFromGitHub, rustPlatform }: {
lib,
fetchFromGitHub,
rustPlatform,
}:
rustPlatform.buildRustPackage rec { rustPlatform.buildRustPackage rec {
pname = "hexagon"; pname = "hexagon";

29
pkgs/jupyter-server-proxy/default.nix
View file

@ -1,19 +1,20 @@
{ buildPythonPackage {
, fetchFromGitHub buildPythonPackage,
fetchFromGitHub,
, yarnConfigHook yarnConfigHook,
, fetchYarnDeps fetchYarnDeps,
, hatchling hatchling,
, hatch-jupyter-builder hatch-jupyter-builder,
, nodejs nodejs,
, jupyterlab jupyterlab,
, aiohttp aiohttp,
, importlib-metadata importlib-metadata,
, jupyter-server jupyter-server,
, simpervisor simpervisor,
, tornado tornado,
, traitlets traitlets,
}: }:
buildPythonPackage { buildPythonPackage {

28
pkgs/jupyterlab-myst/default.nix
View file

@ -1,16 +1,17 @@
{ lib {
, buildPythonPackage lib,
, fetchFromGitHub buildPythonPackage,
, yarnConfigHook fetchFromGitHub,
, fetchYarnDeps yarnConfigHook,
fetchYarnDeps,
, jupyterlab jupyterlab,
, jupyter jupyter,
, jupyter-packaging jupyter-packaging,
, hatchling hatchling,
, hatch-jupyter-builder hatch-jupyter-builder,
, hatch-nodejs-version hatch-nodejs-version,
, nodejs nodejs,
}: }:
buildPythonPackage rec { buildPythonPackage rec {
@ -35,7 +36,6 @@ buildPythonPackage rec {
--replace-fail '"@myst-theme/frontmatter": "^0.9.0"' '"@myst-theme/frontmatter": "^0.13.2"' --replace-fail '"@myst-theme/frontmatter": "^0.9.0"' '"@myst-theme/frontmatter": "^0.13.2"'
''; '';
yarnOfflineCache = fetchYarnDeps { yarnOfflineCache = fetchYarnDeps {
yarnLock = ./yarn.lock; yarnLock = ./yarn.lock;
hash = "sha256-ou3Tjml5VU1O14k/oIDufj3QV2sQYD8EzVGAPhF9RZI="; hash = "sha256-ou3Tjml5VU1O14k/oIDufj3QV2sQYD8EzVGAPhF9RZI=";
@ -46,7 +46,6 @@ buildPythonPackage rec {
nodejs nodejs
]; ];
build-system = [ build-system = [
hatchling hatchling
hatch-jupyter-builder hatch-jupyter-builder
@ -86,4 +85,3 @@ buildPythonPackage rec {
maintainers = [ ]; maintainers = [ ];
}; };
} }

29
pkgs/jupyterlab-vim/default.nix
View file

@ -1,16 +1,17 @@
{ lib {
, buildPythonPackage lib,
, fetchFromGitHub buildPythonPackage,
, yarnConfigHook fetchFromGitHub,
, fetchYarnDeps yarnConfigHook,
fetchYarnDeps,
, jupyterlab jupyterlab,
, jupyter jupyter,
, jupyter-packaging jupyter-packaging,
, hatchling hatchling,
, hatch-jupyter-builder hatch-jupyter-builder,
, hatch-nodejs-version hatch-nodejs-version,
, nodejs nodejs,
}: }:
buildPythonPackage rec { buildPythonPackage rec {
@ -29,7 +30,6 @@ buildPythonPackage rec {
cp ${./yarn.lock} yarn.lock cp ${./yarn.lock} yarn.lock
''; '';
yarnOfflineCache = fetchYarnDeps { yarnOfflineCache = fetchYarnDeps {
yarnLock = ./yarn.lock; yarnLock = ./yarn.lock;
hash = "sha256-z82r763EG+QGu2KbZ2PaKueAs9wrpTYul/O/O7It7lY="; hash = "sha256-z82r763EG+QGu2KbZ2PaKueAs9wrpTYul/O/O7It7lY=";
@ -40,7 +40,6 @@ buildPythonPackage rec {
nodejs nodejs
]; ];
build-system = [ build-system = [
hatchling hatchling
hatch-jupyter-builder hatch-jupyter-builder
@ -65,7 +64,6 @@ buildPythonPackage rec {
yarn --offline run build:prod yarn --offline run build:prod
''; '';
# has no tests # has no tests
doCheck = false; doCheck = false;
@ -78,4 +76,3 @@ buildPythonPackage rec {
maintainers = [ ]; maintainers = [ ];
}; };
} }

23
pkgs/jupyterlab-vpython/default.nix
View file

@ -1,16 +1,17 @@
{ buildPythonPackage {
, fetchFromGitHub buildPythonPackage,
fetchFromGitHub,
, yarnConfigHook yarnConfigHook,
, fetchYarnDeps fetchYarnDeps,
, jupyterlab jupyterlab,
, jupyter jupyter,
, jupyter-packaging jupyter-packaging,
, hatchling hatchling,
, hatch-jupyter-builder hatch-jupyter-builder,
, hatch-nodejs-version hatch-nodejs-version,
, nodejs nodejs,
}: }:
buildPythonPackage rec { buildPythonPackage rec {

15
pkgs/mcaselector.nix
View file

@ -1,10 +1,11 @@
{ stdenv {
, lib stdenv,
, fetchurl lib,
, jre fetchurl,
, gtk3 jre,
, makeWrapper gtk3,
, wrapGAppsHook makeWrapper,
wrapGAppsHook,
}: }:
let let

8
pkgs/nix-modrinth-prefetch.nix
View file

@ -1,4 +1,10 @@
{ runtimeShell, writeShellScriptBin, curl, jq, gnused }: {
runtimeShell,
writeShellScriptBin,
curl,
jq,
gnused,
}:
writeShellScriptBin "nix-modrinth-prefetch" '' writeShellScriptBin "nix-modrinth-prefetch" ''
input=$(${curl}/bin/curl --no-progress-meter https://api.modrinth.com/v2/version/$1) input=$(${curl}/bin/curl --no-progress-meter https://api.modrinth.com/v2/version/$1)

13
pkgs/olympus.nix
View file

@ -1,10 +1,11 @@
# Taken from https://github.com/VergeDX/config-nixpkgs/blob/899f13750c9c1795d455eeee9cb28d3aa74a0866/packages/gui/olympus.nix # Taken from https://github.com/VergeDX/config-nixpkgs/blob/899f13750c9c1795d455eeee9cb28d3aa74a0866/packages/gui/olympus.nix
{ stdenv {
, lib stdenv,
, fetchzip lib,
, unzip fetchzip,
, makeDesktopItem unzip,
, buildFHSEnv makeDesktopItem,
buildFHSEnv,
}: }:
let let
olympus = stdenv.mkDerivation rec { olympus = stdenv.mkDerivation rec {

9
pkgs/sim65.nix
View file

@ -1,7 +1,8 @@
{ stdenv {
, fetchFromGitHub stdenv,
, lib fetchFromGitHub,
, wxGTK32 lib,
wxGTK32,
}: }:
stdenv.mkDerivation { stdenv.mkDerivation {

6
pkgs/simpervisor.nix
View file

@ -1,4 +1,8 @@
{ buildPythonPackage, fetchFromGitHub, hatchling }: {
buildPythonPackage,
fetchFromGitHub,
hatchling,
}:
buildPythonPackage { buildPythonPackage {
pname = "simpervisor"; pname = "simpervisor";

39
pkgs/substitute-subset.nix
View file

@ -2,26 +2,29 @@
args: args:
stdenv.mkDerivation ({ stdenv.mkDerivation (
name = if args ? name then args.name else baseNameOf (toString args.src); {
builder = builtins.toFile "builder.sh" '' name = if args ? name then args.name else baseNameOf (toString args.src);
source $stdenv/setup builder = builtins.toFile "builder.sh" ''
set -o pipefail source $stdenv/setup
set -o pipefail
eval "$preInstall" eval "$preInstall"
args= args=
cp -r "$src" "$out" cp -r "$src" "$out"
pushd "$out" pushd "$out"
echo -ne "${lib.concatStringsSep "\\0" args.files}" | xargs -0 -n1 -I {} -- find {} -type f -print0 | while read -d "" line; do echo -ne "${lib.concatStringsSep "\\0" args.files}" | xargs -0 -n1 -I {} -- find {} -type f -print0 | while read -d "" line; do
substituteAllInPlace "$line" substituteAllInPlace "$line"
done done
popd popd
eval "$postInstall" eval "$postInstall"
''; '';
preferLocalBuild = true; preferLocalBuild = true;
allowSubstitutes = false; allowSubstitutes = false;
} // args) }
// args
)

17
pkgs/tmx-cups-ppd.nix
View file

@ -1,8 +1,9 @@
{ stdenv {
, fetchurl stdenv,
, bintools fetchurl,
, cups bintools,
, autoPatchelfHook cups,
autoPatchelfHook,
}: }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
@ -14,7 +15,11 @@ stdenv.mkDerivation rec {
sha256 = "sha256-8WA6Q5z9//UJj20VHOsPA/nCCd50CcaHRVArtmTjeiQ="; sha256 = "sha256-8WA6Q5z9//UJj20VHOsPA/nCCd50CcaHRVArtmTjeiQ=";
}; };
buildInputs = [ bintools cups autoPatchelfHook ]; buildInputs = [
bintools
cups
autoPatchelfHook
];
buildPhase = '' buildPhase = ''
ar p filter/tmx-cups_*_amd64.deb data.tar.gz \ ar p filter/tmx-cups_*_amd64.deb data.tar.gz \

11
pkgs/unbted.nix
View file

@ -1,9 +1,10 @@
# Based on this example: https://git.marvid.fr/scolobb/nix-GINsim # Based on this example: https://git.marvid.fr/scolobb/nix-GINsim
{ stdenv {
, fetchurl stdenv,
, makeWrapper fetchurl,
, lib makeWrapper,
, jre lib,
jre,
}: }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "unbted"; pname = "unbted";

7
pkgs/unmap/default.nix
View file

@ -1,6 +1,7 @@
{ lib {
, buildNpmPackage lib,
, fetchFromGitHub buildNpmPackage,
fetchFromGitHub,
}: }:
buildNpmPackage rec { buildNpmPackage rec {

23
pkgs/vpython-jupyter.nix
View file

@ -1,16 +1,17 @@
{ buildPythonPackage {
, fetchFromGitHub buildPythonPackage,
fetchFromGitHub,
, cython cython,
, setuptools setuptools,
, setuptools_scm setuptools_scm,
, autobahn autobahn,
, ipykernel ipykernel,
, jupyter jupyter,
, notebook notebook,
, numpy numpy,
, jupyterlab-vpython jupyterlab-vpython,
}: }:
buildPythonPackage { buildPythonPackage {

Some files were not shown because too many files have changed in this diff Show more