Infinidoge/universe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

flake: reformat with nixfmt

Browse source
This commit is contained in:
Infinidoge 2025-01-28 20:33:04 -05:00
parent a79e641851
commit eaf4f56ac0
Signed by: Infinidoge
SSH key fingerprint: SHA256:oAMyvotlNFraMmZmr+p6AxnNfW/GioTs1pOn3V4tQ7A
117 changed files with 2667 additions and 1592 deletions
Download patch file Download diff file Expand all files Collapse all files

49
flake.nix
View file

@ -29,7 +29,10 @@
devshell.url = "github:numtide/devshell";
disko.url = "github:nix-community/disko/latest";
flake-parts.url = "github:hercules-ci/flake-parts";
flake-registry = { url = "github:NixOS/flake-registry"; flake = false; };
flake-registry = {
url = "github:NixOS/flake-registry";
flake = false;
};
home-manager.url = "github:nix-community/home-manager";
impermanence.url = "github:nix-community/impermanence";
nix-index-database.url = "github:nix-community/nix-index-database";
@ -56,7 +59,10 @@
conduwuit.url = "github:girlbossceo/conduwuit";
## Vencord
vencord = { url = "github:Vendicated/Vencord"; flake = false; };
vencord = {
url = "github:Vendicated/Vencord";
flake = false;
};
## Qtile
qtile.url = "github:qtile/qtile";
@ -130,12 +136,23 @@
universe-cli.inputs.systems.follows = "systems";
};
outputs = inputs@{ flake-parts, nixpkgs, private, ... }: flake-parts.lib.mkFlake { inherit inputs; } ({ self, lib, ... }: {
outputs =
inputs@{
flake-parts,
nixpkgs,
private,
...
}:
flake-parts.lib.mkFlake { inherit inputs; } (
{ self, lib, ... }:
{
systems = [ "x86_64-linux" ];
debug = true;
perSystem = { pkgs, system, ... }: {
perSystem =
{ pkgs, system, ... }:
{
_module.args.pkgs = import nixpkgs {
inherit system;
config.allowUnfree = true;
@ -161,13 +178,14 @@
nixosConfigurations =
let
libOverlay = (lfinal: lprev: {
libOverlay = (
lfinal: lprev: {
our = self.lib;
hm = inputs.home-manager.lib.hm;
});
}
);
in
lib.mapAttrs
(self.lib.mkHost {
lib.mapAttrs (self.lib.mkHost {
specialArgs = {
lib = nixpkgs.lib.extend libOverlay;
inherit private self inputs;
@ -223,8 +241,7 @@
inputs.hydra.nixosModules.overlayNixpkgsForThisHydra
inputs.nix-minecraft.nixosModules.minecraft-servers
] ++ (self.lib.leaves ./modules);
})
(self.lib.flattenLeaves ./hosts);
}) (self.lib.flattenLeaves ./hosts);
homeConfigurations = self.lib.mkHomeConfigurations {
inherit (self.nixosConfigurations)
@ -234,8 +251,13 @@
};
hydraJobs = {
packages = lib.mapAttrs (_: lib.filterAttrs (n: v: v ? meta -> v.meta ? broken -> !v.meta.broken)) self.packages;
nixosConfigurations.x86_64-linux = lib.flip lib.genAttrs (name: { toplevel = self.nixosConfigurations.${name}.config.system.build.toplevel; }) [
packages = lib.mapAttrs (
_: lib.filterAttrs (n: v: v ? meta -> v.meta ? broken -> !v.meta.broken)
) self.packages;
nixosConfigurations.x86_64-linux =
lib.flip lib.genAttrs
(name: { toplevel = self.nixosConfigurations.${name}.config.system.build.toplevel; })
[
"Infini-DESKTOP"
"Infini-DL360"
"Infini-FRAMEWORK"
@ -254,5 +276,6 @@
inputs.devshell.flakeModule
inputs.treefmt-nix.flakeModule
];
});
}
);
}

15
hosts/Infini-DESKTOP/default.nix
View file

@ -1,4 +1,10 @@
{ config, pkgs, lib, ... }: {
{
config,
pkgs,
lib,
...
}:
{
imports = lib.lists.flatten [
./hardware-configuration.nix
./filesystems.nix
@ -69,7 +75,6 @@
razergenie # TODO: replace with polychromatic
];
programs.ns-usbloader.enable = true;
programs.minipro.enable = true;
@ -90,11 +95,13 @@
address = [ "10.10.0.3/32" ];
listenPort = 51820;
privateKeyFile = "/home/infinidoge/tmp/bb-vpn.key";
peers = [{
peers = [
{
publicKey = "SYpnrGvxx8l4w9c7KVRVW6GyNDr/iK+maPPMw/Ua7XY=";
allowedIPs = [ "10.9.0.0/24" ];
endpoint = "66.23.193.252:55555";
persistentKeepalive = 25;
}];
}
];
};
}

12
hosts/Infini-DESKTOP/filesystems.nix
View file

@ -7,14 +7,22 @@ let
backup = uuid "dabfc36b-20d1-4b09-8f55-4f9df7499741";
hydrus = uuid "2a025f29-4058-4a76-8f38-483f0925375d";
commonOptions = [ "autodefrag" "noatime" "ssd" ];
commonOptions = [
"autodefrag"
"noatime"
"ssd"
];
in
{
fileSystems = {
"/" = {
device = "none";
fsType = "tmpfs";
options = [ "defaults" "size=28G" "mode=755" ];
options = [
"defaults"
"size=28G"
"mode=755"
];
};
"/media/main" = {

8
hosts/Infini-DESKTOP/hardware-configuration.nix
View file

@ -1,7 +1,13 @@
{ ... }:
{
boot.initrd.availableKernelModules = [ "nvme" "ahci" "xhci_pci" "usbhid" "sd_mod" ];
boot.initrd.availableKernelModules = [
"nvme"
"ahci"
"xhci_pci"
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];

12
hosts/Infini-DL360/authentik.nix
View file

@ -1,4 +1,9 @@
{ config, common, secrets, ... }:
{
config,
common,
secrets,
...
}:
let
domain = common.subdomain "auth";
ldap = common.subdomain "ldap";
@ -32,7 +37,10 @@ in
environmentFile = secrets.authentik-ldap;
};
networking.firewall.allowedTCPPorts = [ 3389 6636 ];
networking.firewall.allowedTCPPorts = [
3389
6636
];
security.acme.certs.${ldap} = {
group = "nginx";

7
hosts/Infini-DL360/conduwuit.nix
View file

@ -1,4 +1,9 @@
{ config, common, inputs, ... }:
{
config,
common,
inputs,
...
}:
let
domain = common.subdomain "matrix";
cfg = config.services.conduwuit;

51
hosts/Infini-DL360/default.nix
View file

@ -1,4 +1,11 @@
{ config, lib, pkgs, private, ... }: {
{
config,
lib,
pkgs,
private,
...
}:
{
imports = [
./hardware-configuration.nix
./disks.nix
@ -57,19 +64,39 @@
networking = {
firewall = {
allowedUDPPorts = [ 80 443 ];
allowedTCPPorts = [ 80 443 25565 ];
allowedUDPPorts = [
80
443
];
allowedTCPPorts = [
80
443
25565
];
};
bridges = {
br0 = {
interfaces = [ "eno1" "eno2" "eno3" "eno4" ];
interfaces = [
"eno1"
"eno2"
"eno3"
"eno4"
];
};
};
interfaces.br0.ipv4.addresses = [{ address = "192.168.137.11"; prefixLength = 24; }];
interfaces.br0.ipv4.addresses = [
{
address = "192.168.137.11";
prefixLength = 24;
}
];
dhcpcd.denyInterfaces = [ "eno*" ];
defaultGateway = { address = "192.168.137.1"; interface = "br0"; };
defaultGateway = {
address = "192.168.137.1";
interface = "br0";
};
nat = {
enable = true;
@ -89,10 +116,12 @@
services.fail2ban.enable = true;
environment.etc."fail2ban/filter.d/nginx-url-probe.local".text = lib.mkDefault (lib.mkAfter ''
environment.etc."fail2ban/filter.d/nginx-url-probe.local".text = lib.mkDefault (
lib.mkAfter ''
[Definition]
failregex = ^<HOST>.*GET.*(\.php|admin|wp\-).* HTTP/\d.\d\" 404.*$
'');
''
);
services.fail2ban.jails.nginx-url-probe.settings = {
enabled = true;
@ -127,7 +156,11 @@
services.minecraft-servers.servers.emd-server.autoStart = lib.mkForce false;
services.borgbackup.jobs."persist" = let tmux = lib.getExe pkgs.tmux; in {
services.borgbackup.jobs."persist" =
let
tmux = lib.getExe pkgs.tmux;
in
{
preHook = ''
${tmux} -S /run/minecraft/friend-server.sock send-keys "say Server is backing up..." Enter
${tmux} -S /run/minecraft/friend-server.sock send-keys save-off Enter

5
hosts/Infini-DL360/disks.nix
View file

@ -3,7 +3,10 @@ with lib.our.disko;
{
boot.kernelPackages = pkgs.linuxPackages;
boot.zfs.extraPools = [ "zssd" "zhdd" ];
boot.zfs.extraPools = [
"zssd"
"zhdd"
];
disko.devices = {
nodev."/" = mkTmpfs "64G";

8
hosts/Infini-DL360/forgejo.nix
View file

@ -1,4 +1,10 @@
{ config, common, secrets, pkgs, ... }:
{
config,
common,
secrets,
pkgs,
...
}:
let
cfg = config.services.forgejo;
domain = common.subdomain "git";

14
hosts/Infini-DL360/hardware-configuration.nix
View file

@ -5,12 +5,22 @@
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "uhci_hcd" "hpsa" "usb_storage" "sd_mod" ];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ehci_pci"
"uhci_hcd"
"hpsa"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.kernelParams = [ "boot.shell_on_fail" ];
boot.supportedFilesystems = [ "btrfs" "zfs" ];
boot.supportedFilesystems = [
"btrfs"
"zfs"
];
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
info.model = "HPE ProLiant DL360 Gen 9";

12
hosts/Infini-DL360/hedgedoc.nix
View file

@ -1,4 +1,9 @@
{ config, common, secrets, ... }:
{
config,
common,
secrets,
...
}:
let
cfg = config.services.hedgedoc;
domain = common.subdomain "md";
@ -12,7 +17,10 @@ in
protocolUseSSL = true;
port = 4003;
db = { dialect = "sqlite"; storage = "/srv/hedgedoc/db.sqlite"; };
db = {
dialect = "sqlite";
storage = "/srv/hedgedoc/db.sqlite";
};
uploadsPath = "/srv/hedgedoc/uploads";
allowFreeURL = true;

15
hosts/Infini-DL360/hydra.nix
View file

@ -1,4 +1,10 @@
{ config, common, secrets, pkgs, ... }:
{
config,
common,
secrets,
pkgs,
...
}:
let
domain = common.subdomain "hydra";
in
@ -61,7 +67,12 @@ in
{
hostName = "localhost";
system = "x86_64-linux";
supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ];
supportedFeatures = [
"kvm"
"nixos-test"
"big-parallel"
"benchmark"
];
protocol = null;
maxJobs = 32;
speedFactor = 16;

7
hosts/Infini-DL360/immich.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, common, ... }:
{
config,
pkgs,
common,
...
}:
let
domain = common.subdomain "photos";
cfg = config.services.immich;

10
hosts/Infini-DL360/jellyfin.nix
View file

@ -25,7 +25,9 @@ in
locations."/" = {
proxyPass = jellyfin;
recommendedProxySettings = false;
extraConfig = proxyConfig + ''
extraConfig =
proxyConfig
+ ''
proxy_buffering off;
'';
};
@ -51,5 +53,9 @@ in
openFirewall = true;
};
persist.directories = with config.services.jellyfin; [ dataDir cacheDir logDir ];
persist.directories = with config.services.jellyfin; [
dataDir
cacheDir
logDir
];
}

31
hosts/Infini-DL360/jupyter.nix
View file

@ -1,11 +1,22 @@
{ config, common, pkgs, ... }:
{
config,
common,
pkgs,
...
}:
let
cfg = config.services.jupyter;
mkPythonKernel = displayName: env: {
inherit displayName;
language = "python";
argv = [ "${env.interpreter}" "-m" "ipykernel_launcher" "-f" "{connection_file}" ];
argv = [
"${env.interpreter}"
"-m"
"ipykernel_launcher"
"-f"
"{connection_file}"
];
logo32 = "${env}/${env.sitePackages}/ipykernel/resources/logo-32x32.png";
logo64 = "${env}/${env.sitePackages}/ipykernel/resources/logo-64x64.png";
};
@ -59,15 +70,21 @@ in
notebookDir = "~/Notebooks";
kernels = {
python3 = mkPythonKernel "Python 3" (pkgs.python3.withPackages (p: with p; [
python3 = mkPythonKernel "Python 3" (
pkgs.python3.withPackages (
p: with p; [
ipykernel
matplotlib
numpy
pandas
scipy
]));
vpython = mkPythonKernel "VPython" (pkgs.python3.withPackages (p: with p; [
]
)
);
vpython = mkPythonKernel "VPython" (
pkgs.python3.withPackages (
p: with p; [
ipykernel
jupyterlab-vpython
@ -76,7 +93,9 @@ in
numpy
pandas
scipy
]));
]
)
);
};
};

8
hosts/Infini-DL360/postgresql.nix
View file

@ -4,7 +4,13 @@ let
directory = "/srv/postgresql";
in
{
persist.directories = [{ inherit directory; user = "postgres"; group = "postgres"; }];
persist.directories = [
{
inherit directory;
user = "postgres";
group = "postgres";
}
];
services.postgresql = {
enable = true;

7
hosts/Infini-DL360/searx.nix
View file

@ -1,4 +1,9 @@
{ config, common, secrets, ... }:
{
config,
common,
secrets,
...
}:
let
cfg = config.services.searx;
domain = common.subdomain "search";

11
hosts/Infini-DL360/ssh.nix
View file

@ -50,8 +50,15 @@ in
security.pam.services.sshd.allowNullPassword = true;
systemd.tmpfiles.settings."30-external" = {
"/srv/external".d = { user = "root"; group = "root"; };
"/srv/external/incoming".d = { user = "incoming"; group = "incoming"; mode = "0770"; };
"/srv/external".d = {
user = "root";
group = "root";
};
"/srv/external/incoming".d = {
user = "incoming";
group = "incoming";
mode = "0770";
};
};
# https://enotacoes.wordpress.com/2021/10/05/limiting-user-to-sshfs-or-sftp-of-one-directory-only/

7
hosts/Infini-DL360/thelounge.nix
View file

@ -1,4 +1,9 @@
{ config, common, pkgs, ... }:
{
config,
common,
pkgs,
...
}:
{
services.nginx.virtualHosts."thelounge.inx.moe" = common.nginx.ssl // {

8
hosts/Infini-DL360/torrenting.nix
View file

@ -1,4 +1,10 @@
{ pkgs, private, config, lib, ... }:
{
pkgs,
private,
config,
lib,
...
}:
{
containers.torrenting = {

9
hosts/Infini-DL360/vaultwarden.nix
View file

@ -1,4 +1,11 @@
{ config, common, secrets, lib, pkgs, ... }:
{
config,
common,
secrets,
lib,
pkgs,
...
}:
let
domain = common.subdomain "bitwarden";
in

21
hosts/Infini-DL360/web.nix
View file

@ -1,4 +1,10 @@
{ config, common, pkgs, lib, ... }:
{
config,
common,
pkgs,
lib,
...
}:
let
inherit (common.nginx) ssl ssl-optional;
@ -14,7 +20,10 @@ let
location ~ "/\..+" { deny all; }
'';
mkWebsite = name: ssl // {
mkWebsite =
name:
ssl
// {
locations."/" = {
root = "/srv/web/${name}";
inherit tryFiles;
@ -27,8 +36,7 @@ let
websites = lib.genAttrs [
"inx.moe"
"stickers.inx.moe"
]
mkWebsite;
] mkWebsite;
redirects = lib.mapAttrs mkRedirect {
"nitter.inx.moe" = "twitter.com";
@ -44,7 +52,10 @@ in
}
'';
services.nginx.virtualHosts = websites // redirects // {
services.nginx.virtualHosts =
websites
// redirects
// {
"j.inx.moe" = ssl-optional // {
locations."/" = {
return = "302 $jump_link";

52
hosts/Infini-FRAMEWORK/default.nix
View file

@ -1,4 +1,10 @@
{ config, pkgs, lib, ... }: {
{
config,
pkgs,
lib,
...
}:
{
imports = [
./hardware-configuration.nix
./filesystems.nix
@ -11,7 +17,10 @@
persist = {
directories = [
{ directory = "/var/lib/dnsmasq/"; user = "dnsmasq"; }
{
directory = "/var/lib/dnsmasq/";
user = "dnsmasq";
}
];
files = [
@ -82,7 +91,10 @@
"sys-devices-pci0000:00-0000:00:02.0-drm-card0-card0\\x2deDP\\x2d1-intel_backlight.device"
"sys-devices-pci0000:00-0000:00:02.0-drm-card1-card1\\x2deDP\\x2d1-intel_backlight.device"
];
after = [ "system-systemd\\x2dbacklight.slice" "systemd-backlight@backlight:intel_backlight.service" ];
after = [
"system-systemd\\x2dbacklight.slice"
"systemd-backlight@backlight:intel_backlight.service"
];
serviceConfig.Type = "oneshot";
script = "${lib.getExe pkgs.brightnessctl} set 50%";
};
@ -99,8 +111,16 @@
#}
{
hostName = "infini-dl360";
systems = [ "x86_64-linux" "aarch64-linux" ];
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
systems = [
"x86_64-linux"
"aarch64-linux"
];
supportedFeatures = [
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
];
protocol = "ssh-ng";
maxJobs = 32;
speedFactor = 16;
@ -114,26 +134,33 @@
address = [ "10.10.0.3/32" ];
listenPort = 51820;
privateKeyFile = "/home/infinidoge/tmp/bb-vpn.key";
peers = [{
peers = [
{
publicKey = "SYpnrGvxx8l4w9c7KVRVW6GyNDr/iK+maPPMw/Ua7XY=";
allowedIPs = [ "10.9.0.0/24" ];
endpoint = "66.23.193.252:55555";
persistentKeepalive = 25;
}];
}
];
};
specialisation.router.configuration = {
networking = {
interfaces."enp0s13f0u1" = {
ipv4.addresses = [{
ipv4.addresses = [
{
address = "192.168.100.1";
prefixLength = 24;
}];
}
];
};
firewall.interfaces."enp0s13f0u1" = {
allowedTCPPorts = [ 53 ];
allowedUDPPorts = [ 53 67 ];
allowedUDPPorts = [
53
67
];
};
nat = {
@ -146,7 +173,10 @@
services.dnsmasq = {
enable = true;
settings = {
server = [ "8.8.8.8" "1.1.1.1" ];
server = [
"8.8.8.8"
"1.1.1.1"
];
domain-needed = true;
bogus-priv = true;
no-resolv = true;

79
hosts/Infini-FRAMEWORK/displays.nix
View file

@ -13,12 +13,26 @@ in
services.autorandr.profiles =
let
scale = { x = scaleFactor'; y = scaleFactor'; };
scale = {
x = scaleFactor';
y = scaleFactor';
};
config = {
framework = { mode = "2256x1504"; primary = true; inherit scale; };
portable-second = { mode = "1920x1080"; rotate = "left"; };
dock = { mode = "1280x1024"; };
dorm = { mode = "1920x1080"; };
framework = {
mode = "2256x1504";
primary = true;
inherit scale;
};
portable-second = {
mode = "1920x1080";
rotate = "left";
};
dock = {
mode = "1280x1024";
};
dorm = {
mode = "1920x1080";
};
};
fingerprints = {
framework = "00ffffffffffff0009e5ca0b000000002f200104a51c137803de50a3544c99260f505400000001010101010101010101010101010101115cd01881e02d50302036001dbe1000001aa749d01881e02d50302036001dbe1000001a000000fe00424f452043510a202020202020000000fe004e4531333546424d2d4e34310a0073";
@ -32,30 +46,57 @@ in
config = lib.mapAttrs (_: v: lib.removeAttrs v [ "fingerprint" ]) config;
};
in
lib.mapAttrs (_: mkConfig) (with config'; {
lib.mapAttrs (_: mkConfig) (
with config';
{
main = {
eDP-1 = framework // { position = "0x0"; };
eDP-1 = framework // {
position = "0x0";
};
};
portable-second = {
eDP-1 = framework // { position = "1080x716"; };
DP-4 = portable-second // { position = "0x0"; };
eDP-1 = framework // {
position = "1080x716";
};
DP-4 = portable-second // {
position = "0x0";
};
};
docked = {
eDP-1 = framework // { position = "0x210"; };
DP-1-3 = dock // { position = "1805x0"; };
eDP-1 = framework // {
position = "0x210";
};
DP-1-3 = dock // {
position = "1805x0";
};
};
docked-alt = {
eDP-1 = framework // { position = "1080x716"; };
DP-4 = portable-second // { position = "0x0"; };
DP-1-3 = dock // { position = "2885x506"; };
eDP-1 = framework // {
position = "1080x716";
};
DP-4 = portable-second // {
position = "0x0";
};
DP-1-3 = dock // {
position = "2885x506";
};
};
dorm = {
eDP-1 = framework // { position = "1920x0"; };
DP-4 = dorm // { position = "0x0"; };
eDP-1 = framework // {
position = "1920x0";
};
DP-4 = dorm // {
position = "0x0";
};
};
dorm-2 = {
eDP-1 = framework // { position = "1920x0"; };
DP-3 = dorm // { position = "0x0"; };
eDP-1 = framework // {
position = "1920x0";
};
});
DP-3 = dorm // {
position = "0x0";
};
};
}
);
}

8
hosts/Infini-FRAMEWORK/hardware-configuration.nix
View file

@ -1,7 +1,13 @@
{ lib, ... }:
{
boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ];
boot.initrd.availableKernelModules = [
"xhci_pci"
"thunderbolt"
"nvme"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];

3
hosts/Infini-OPTIPLEX/default.nix
View file

@ -1,4 +1,5 @@
{ ... }: {
{ ... }:
{
imports = [
./hardware-configuration.nix
./filesystems.nix

13
hosts/Infini-OPTIPLEX/filesystems.nix
View file

@ -3,7 +3,12 @@ let
uuid = uuid: "/dev/disk/by-uuid/${uuid}";
main = uuid "9d4bf2d8-f139-42e7-937a-541a7870d806";
data = uuid "456cebd3-f800-4733-a783-90ed7c8978f7";
commonOptions = [ "autodefrag" "noatime" "ssd" "compress=zstd:1" ];
commonOptions = [
"autodefrag"
"noatime"
"ssd"
"compress=zstd:1"
];
mkMain' = options: {
device = main;
@ -26,7 +31,11 @@ in
"/" = {
device = "none";
fsType = "tmpfs";
options = [ "defaults" "size=16G" "mode=755" ];
options = [
"defaults"
"size=16G"
"mode=755"
];
};
"/media/main" = mkMain' [ ];

9
hosts/Infini-OPTIPLEX/hardware-configuration.nix
View file

@ -1,7 +1,14 @@
{ lib, ... }:
{
boot.initrd.availableKernelModules = [ "ahci" "nvme" "sd_mod" "usb_storage" "usbhid" "xhci_pci" ];
boot.initrd.availableKernelModules = [
"ahci"
"nvme"
"sd_mod"
"usb_storage"
"usbhid"
"xhci_pci"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];

18
hosts/Infini-RASPBERRY/default.nix
View file

@ -1,4 +1,10 @@
{ inputs, config, lib, pkgs, ... }:
{
inputs,
config,
lib,
pkgs,
...
}:
with lib;
{
imports = [
@ -13,8 +19,7 @@ with lib;
nixpkgs.overlays = [
(final: super: {
makeModulesClosure = x:
super.makeModulesClosure (x // { allowMissing = true; });
makeModulesClosure = x: super.makeModulesClosure (x // { allowMissing = true; });
})
];
@ -31,7 +36,12 @@ with lib;
kernelPackages = mkForce pkgs.linuxPackages_rpi4;
# Removes ZFS >:(
supportedFilesystems = mkForce [ "btrfs" "ntfs" "vfat" "ext4" ];
supportedFilesystems = mkForce [
"btrfs"
"ntfs"
"vfat"
"ext4"
];
tmp.useTmpfs = true;
# kernelParams = [

14
hosts/Infini-RASPBERRY/sd-image.nix
View file

@ -1,4 +1,10 @@
{ modulesPath, config, lib, pkgs, ... }:
{
modulesPath,
config,
lib,
pkgs,
...
}:
{
#formatAttr = "sdImage";
@ -18,7 +24,11 @@
# The serial ports listed here are:
# - ttyS0: for Tegra (Jetson TX1)
# - ttyAMA0: for QEMU's -machine virt
boot.kernelParams = [ "console=ttyS0,115200n8" "console=ttyAMA0,115200n8" "console=tty0" ];
boot.kernelParams = [
"console=ttyS0,115200n8"
"console=ttyAMA0,115200n8"
"console=tty0"
];
#sdImage = {
# populateFirmwareCommands =

9
hosts/Infini-SD/default.nix
View file

@ -1,4 +1,5 @@
{ pkgs, ... }: {
{ pkgs, ... }:
{
imports = [
./hardware-configuration.nix
./filesystems.nix
@ -20,10 +21,12 @@
networking = {
interfaces.eno4 = {
ipv4.addresses = [{
ipv4.addresses = [
{
address = "128.210.6.109";
prefixLength = 28;
}];
}
];
};
defaultGateway = {
address = "128.210.6.97";

12
hosts/Infini-SD/filesystems.nix
View file

@ -3,7 +3,11 @@
let
uuid = uuid: "/dev/disk/by-uuid/${uuid}";
main = uuid "527062b3-7a48-4456-8527-30887c6e9f52";
commonOptions = [ "autodefrag" "noatime" "compress-force=zstd:1" ];
commonOptions = [
"autodefrag"
"noatime"
"compress-force=zstd:1"
];
mkMain' = options: {
device = main;
@ -17,7 +21,11 @@ in
"/" = {
device = "none";
fsType = "tmpfs";
options = [ "defaults" "size=64G" "mode=755" ];
options = [
"defaults"
"size=64G"
"mode=755"
];
};
"/media/main" = mkMain' [ ];

19
hosts/Infini-SD/hardware-configuration.nix
View file

@ -5,12 +5,25 @@
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "ahci" "usbhid" "sd_mod" ];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"thunderbolt"
"ahci"
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = [ "usb_storage" ];
boot.kernelModules = [ "kvm-amd" "kvm-intel" ];
boot.kernelModules = [
"kvm-amd"
"kvm-intel"
];
boot.extraModulePackages = [ ];
boot.kernelParams = [ "boot.shell_on_fail" ];
boot.supportedFilesystems = [ "btrfs" "zfs" ];
boot.supportedFilesystems = [
"btrfs"
"zfs"
];
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
info.model = "SD Card Installation";

3
hosts/Infini-SERVER/default.nix
View file

@ -1,4 +1,5 @@
{ ... }: {
{ ... }:
{
imports = [
./hardware-configuration.nix
./filesystems.nix

12
hosts/Infini-SERVER/filesystems.nix
View file

@ -7,7 +7,11 @@ let
esp = uuid "A2B8-4C6E";
data = uuid "59abb0ff-fe4e-4061-87d2-b728b937656a";
commonOptions = [ "autodefrag" "noatime" "ssd" ];
commonOptions = [
"autodefrag"
"noatime"
"ssd"
];
in
{
@ -15,7 +19,11 @@ in
"/" = {
device = "tmpfs";
fsType = "tmpfs";
options = [ "defaults" "size=4G" "mode=755" ];
options = [
"defaults"
"size=4G"
"mode=755"
];
};
"/media/main" = {

14
hosts/Infini-SERVER/hardware-configuration.nix
View file

@ -1,9 +1,19 @@
{ lib, ... }:
{
boot.initrd.availableKernelModules = [ "nvme" "usb_storage" "xhci_pci" "ahci" "usbhid" "sd_mod" ];
boot.initrd.availableKernelModules = [
"nvme"
"usb_storage"
"xhci_pci"
"ahci"
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" "kvm-intel" ];
boot.kernelModules = [
"kvm-amd"
"kvm-intel"
];
boot.extraModulePackages = [ ];
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";

9
hosts/Infini-SWIFT/hardware-configuration.nix
View file

@ -1,12 +1,15 @@
{ lib, modulesPath, ... }:
{
imports =
[
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" ];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];

19
hosts/data.cs.purdue.edu/default.nix
View file

@ -1,4 +1,10 @@
{ private, config, lib, pkgs, ... }:
{
private,
config,
lib,
pkgs,
...
}:
{
modules.hardware.form.server = true;
@ -14,13 +20,18 @@
home-manager.useUserPackages = false;
home = { main, config, ... }: {
home =
{ main, config, ... }:
{
home = {
username = lib.mkForce private.variables.purdue-username;
packages = with pkgs; [
packages =
with pkgs;
[
home-manager
] ++ main.universe.packages;
]
++ main.universe.packages;
inherit (main.universe) shellAliases;

3
hosts/hermes/default.nix
View file

@ -1,4 +1,5 @@
{ pkgs, ... }: {
{ pkgs, ... }:
{
imports = [
./hardware-configuration.nix
./disks.nix

19
hosts/hermes/hardware-configuration.nix
View file

@ -5,12 +5,25 @@
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "ahci" "usbhid" "sd_mod" ];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"thunderbolt"
"ahci"
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = [ "usb_storage" ];
boot.kernelModules = [ "kvm-amd" "kvm-intel" ];
boot.kernelModules = [
"kvm-amd"
"kvm-intel"
];
boot.extraModulePackages = [ ];
boot.kernelParams = [ "boot.shell_on_fail" ];
boot.supportedFilesystems = [ "btrfs" "zfs" ];
boot.supportedFilesystems = [
"btrfs"
"zfs"
];
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
info.model = "Portable Installation";

12
hosts/hestia/hardware-configuration.nix
View file

@ -5,12 +5,20 @@
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" ];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.kernelParams = [ "boot.shell_on_fail" ];
boot.supportedFilesystems = [ "btrfs" "zfs" ];
boot.supportedFilesystems = [
"btrfs"
"zfs"
];
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
info.model = "Dell R330";

11
hosts/vulcan/default.nix
View file

@ -10,11 +10,16 @@
home-manager.useUserPackages = false;
home = { main, config, ... }: {
home =
{ main, config, ... }:
{
home = {
packages = with pkgs; [
packages =
with pkgs;
[
home-manager
] ++ main.universe.packages;
]
++ main.universe.packages;
inherit (main.universe) shellAliases;

122
lib/default.nix
View file

@ -1,92 +1,120 @@
{ lib }:
lib.makeExtensible (self:
with lib;
rec {
lib.makeExtensible (
self:
with lib;
rec {
flattenListSet = imports: (flatten (concatLists (attrValues imports)));
flattenSetList = attrSet: (mapAttrs (name: value: flatten value) attrSet);
# ["/home/user/" "/.screenrc"] -> ["home" "user" ".screenrc"]
splitPath = paths:
(filter
(s: builtins.typeOf s == "string" && s != "")
(concatMap (builtins.split "/") paths)
);
splitPath =
paths:
(filter (s: builtins.typeOf s == "string" && s != "") (concatMap (builtins.split "/") paths));
# ["home" "user" ".screenrc"] -> "home/user/.screenrc"
dirListToPath = dirList: (concatStringsSep "/" dirList);
# ["/home/user/" "/.screenrc"] -> "/home/user/.screenrc"
concatPaths = paths:
concatPaths =
paths:
let
prefix = optionalString (hasPrefix "/" (head paths)) "/";
path = dirListToPath (splitPath paths);
in
prefix + path;
sanitizeName = name:
replaceStrings
[ "." ] [ "" ]
(sanitizeDerivationName (removePrefix "/" name));
sanitizeName = name: replaceStrings [ "." ] [ "" ] (sanitizeDerivationName (removePrefix "/" name));
mapGenAttrs = list: func: attrs:
mapGenAttrs =
list: func: attrs:
lib.genAttrs list (name: func (if builtins.typeOf attrs == "lambda" then attrs name else attrs));
dirsOf = dir: lib.attrNames (lib.filterAttrs (file: type: type == "directory") (builtins.readDir dir));
dirsOf =
dir: lib.attrNames (lib.filterAttrs (file: type: type == "directory") (builtins.readDir dir));
# Only useful for functors
recMap = f: list:
if list == [ ] then f
else recMap (f (head list)) (tail list)
;
recMap = f: list: if list == [ ] then f else recMap (f (head list)) (tail list);
chain = {
func = id;
__functor = self: input:
if (typeOf input) == "lambda"
then self // { func = e: input (self.func e); }
else self.func input;
__functor =
self: input:
if (typeOf input) == "lambda" then self // { func = e: input (self.func e); } else self.func input;
};
spread = function: list: if list == [ ] then function else spread (function (head list)) (tail list);
spread =
function: list: if list == [ ] then function else spread (function (head list)) (tail list);
isFunction = obj: (typeOf obj) == "lambda" || ((typeOf obj) == "set" && obj ? __functor);
# Takes a function and makes it lazy, by consuming arguments and applying it to the inner function first
# before calling the original function
# if the inner object is not actually a function, then just calls the original function
lazy = func: inner: if !(isFunction inner) then func inner else {
lazy =
func: inner:
if !(isFunction inner) then
func inner
else
{
inherit func;
app = inner;
__functor = self: input:
let app = self.app input; in
if isFunction app then self // { inherit app; }
else self.func app;
__functor =
self: input:
let
app = self.app input;
in
if isFunction app then self // { inherit app; } else self.func app;
};
toBase64 = text:
toBase64 =
text:
let
inherit (lib) sublist mod stringToCharacters concatMapStrings;
inherit (lib)
sublist
mod
stringToCharacters
concatMapStrings
;
inherit (lib.strings) charToInt;
inherit (builtins) substring foldl' genList elemAt length concatStringsSep stringLength;
inherit (builtins)
substring
foldl'
genList
elemAt
length
concatStringsSep
stringLength
;
lookup = stringToCharacters "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
sliceN = size: list: n: sublist (n * size) size list;
pows = [ (64 * 64 * 64) (64 * 64) 64 1 ];
sliceN =
size: list: n:
sublist (n * size) size list;
pows = [
(64 * 64 * 64)
(64 * 64)
64
1
];
intSextets = i: map (j: mod (i / j) 64) pows;
compose = f: g: x: f (g x);
compose =
f: g: x:
f (g x);
intToChar = elemAt lookup;
convertTripletInt = sliceInt: concatMapStrings intToChar (intSextets sliceInt);
sliceToInt = foldl' (acc: val: acc * 256 + val) 0;
convertTriplet = compose convertTripletInt sliceToInt;
join = concatStringsSep "";
convertLastSlice = slice:
convertLastSlice =
slice:
let
len = length slice;
in
if len == 1
then (substring 0 2 (convertTripletInt ((sliceToInt slice) * 256 * 256))) + "=="
else if len == 2
then (substring 0 3 (convertTripletInt ((sliceToInt slice) * 256))) + "="
else "";
if len == 1 then
(substring 0 2 (convertTripletInt ((sliceToInt slice) * 256 * 256))) + "=="
else if len == 2 then
(substring 0 3 (convertTripletInt ((sliceToInt slice) * 256))) + "="
else
"";
len = stringLength text;
nFullSlices = len / 3;
bytes = map charToInt (stringToCharacters text);
@ -98,10 +126,8 @@ rec {
disko = import ./disko.nix { inherit lib; };
filesystems = import ./filesystems.nix { inherit lib self; };
} // (
import ./digga.nix { inherit lib; }
) // (
import ./hosts.nix { inherit lib; }
) // (
import ./options.nix { inherit lib; }
))
}
// (import ./digga.nix { inherit lib; })
// (import ./hosts.nix { inherit lib; })
// (import ./options.nix { inherit lib; })
)

61
lib/digga.nix
View file

@ -34,20 +34,17 @@ let
```
*
*/
cond:
sep:
tree:
cond: sep: tree:
let
op = sum: path: val:
op =
sum: path: val:
let
pathStr = builtins.concatStringsSep sep path; # dot-based reverse DNS notation
in
if cond val
then
if cond val then
# builtins.trace "${toString val} matches condition"
(sum // { "${pathStr}" = val; })
else if builtins.isAttrs val
then
else if builtins.isAttrs val then
# builtins.trace "${builtins.toJSON val} is an attrset"
# recurse into that attribute set
(recurse sum path val)
@ -56,11 +53,9 @@ let
# builtins.trace "${toString path} is something else"
sum;
recurse = sum: path: val:
builtins.foldl'
(sum: key: op sum (path ++ [ key ]) val.${key})
sum
(builtins.attrNames val);
recurse =
sum: path: val:
builtins.foldl' (sum: key: op sum (path ++ [ key ]) val.${key}) sum (builtins.attrNames val);
in
recurse { } [ ] tree;
@ -101,7 +96,8 @@ let
*/
dirPath:
let
seive = file: type:
seive =
file: type:
# Only rake `.nix` files or directories
(type == "regular" && lib.hasSuffix ".nix" file) || (type == "directory");
@ -111,12 +107,11 @@ let
let
path = dirPath + "/${file}";
in
if
(type == "regular")
|| (type == "directory" && builtins.pathExists (path + "/default.nix"))
then path
if (type == "regular") || (type == "directory" && builtins.pathExists (path + "/default.nix")) then
path
# recurse on directories that don't contain a `default.nix`
else rakeLeaves path;
else
rakeLeaves path;
};
files = lib.filterAttrs seive (builtins.readDir dirPath);
@ -125,22 +120,27 @@ let
flattenLeaves = dir: flattenTree (rakeLeaves dir);
getFqdn = c:
getFqdn =
c:
let
net = c.config.networking;
fqdn =
if (net ? domain) && (net.domain != null)
then "${net.hostName}.${net.domain}"
else net.hostName;
if (net ? domain) && (net.domain != null) then "${net.hostName}.${net.domain}" else net.hostName;
in
fqdn;
in
{
inherit rakeLeaves flattenTree flattenTree' flattenLeaves;
inherit
rakeLeaves
flattenTree
flattenTree'
flattenLeaves
;
leaves = dir: builtins.attrValues (flattenLeaves dir);
mkHomeConfigurations = systemConfigurations:
mkHomeConfigurations =
systemConfigurations:
/*
*
Synopsis: mkHomeConfigurations _systemConfigurations_
@ -151,16 +151,13 @@ in
*
*/
let
op = attrs: c:
op =
attrs: c:
attrs
// (
lib.mapAttrs'
(user: v: {
// (lib.mapAttrs' (user: v: {
name = "${user}@${getFqdn c}";
value = v.home;
})
c.config.home-manager.users
);
}) c.config.home-manager.users);
mkHmConfigs = lib.foldl op { };
in
mkHmConfigs (builtins.attrValues systemConfigurations);

48
lib/disko.nix
View file

@ -34,45 +34,64 @@ rec {
mkTmpfs' = mountOptions: size: mode: {
fsType = "tmpfs";
mountOptions = mountOptions ++ [ "size=${size}" "mode=${mode}" ];
mountOptions = mountOptions ++ [
"size=${size}"
"mode=${mode}"
];
};
mkTmpfs = size: mkTmpfs' defaultMountOptions size "755";
# btrfs
mkBtrfsPart' = base: mountpoint: content': {
mkBtrfsPart' =
base: mountpoint: content':
{
content = {
inherit mountpoint;
type = "btrfs";
} // content';
} // base;
}
// base;
mkBtrfsPart = size: mkBtrfsPart' { inherit size; };
mkBtrfsPartEndAt = end: mkBtrfsPart' { inherit end; };
mkBtrfsSubvols' = mountOptions: mapAttrs (n: v: {
mkBtrfsSubvols' =
mountOptions:
mapAttrs (
n: v:
{
mountpoint = n;
mountOptions = mountOptions ++ (optionals (v ? mountOptions) v.mountOptions);
} // (removeAttrs v [ "mountOptions" ]));
}
// (removeAttrs v [ "mountOptions" ])
);
mkBtrfsSubvols = mkBtrfsSubvols' defaultMountOptions;
# ZFS
mkZPart' = base: content: pool: {
mkZPart' =
base: content: pool:
{
content = {
type = "zfs";
inherit pool;
} // content;
} // base;
}
// base;
mkZPart = size: mkZPart' { inherit size; } { };
mkZPartEndAt = end: mkZPart' { inherit end; } { };
mkZDisk = id: pool: mkDisk id {
mkZDisk =
id: pool:
mkDisk id {
partitions = {
zfs = mkZPart "100%" pool;
};
};
mkZPool' = mountOptions: name: options: {
mkZPool' =
mountOptions: name: options:
{
type = "zpool";
mode = "raidz";
mountpoint = "/media/${name}";
@ -82,14 +101,17 @@ rec {
atime = "off";
};
inherit mountOptions;
} // options;
}
// options;
mkZPool = mkZPool' defaultMountOptions;
mkZPools = mapAttrs mkZPool;
mkZfs' = mountOptions: mountpoint: options: {
type = "zfs_fs";
inherit mountpoint mountOptions;
options = { mountpoint = "legacy"; } // options;
options = {
mountpoint = "legacy";
} // options;
};
mkZfs = mkZfs' defaultMountOptions;
@ -98,5 +120,7 @@ rec {
inherit size content;
};
markNeededForBoot = flip genAttrs (_: { neededForBoot = true; });
markNeededForBoot = flip genAttrs (_: {
neededForBoot = true;
});
}

24
lib/filesystems.nix
View file

@ -10,24 +10,32 @@ rec {
neededForBoot = self.lazy (fs: fs // { neededForBoot = true; });
mkFilesystemDev' = f: d: c: o:
mkFilesystemDev' =
f: d: c: o:
neededForBoot (mkFilesystemDev f d c o);
mkFilesystem = fsType: uuid:
mkFilesystemDev fsType (diskByUuid uuid);
mkFilesystem = fsType: uuid: mkFilesystemDev fsType (diskByUuid uuid);
mkFilesystem' = f: d: c: o:
mkFilesystem' =
f: d: c: o:
neededForBoot (mkFilesystemDev f d c o);
mkEFI = uuid: neededForBoot {
mkEFI =
uuid:
neededForBoot {
device = diskByUuid uuid;
fsType = "vfat";
};
mkTmpfs = name: size: neededForBoot {
mkTmpfs =
name: size:
neededForBoot {
device = name;
fsType = "tmpfs";
options = [ "defaults" "size=${size}" "mode=755" ];
options = [
"defaults"
"size=${size}"
"mode=755"
];
};
mkBtrfs' = options: uuid: extraOptions: {
device = diskByUuid uuid;

13
lib/hosts.nix
View file

@ -1,12 +1,21 @@
{ lib }:
{
mkHost = attrs@{ modules ? [ ], ... }: name: path: lib.nixosSystem (attrs // {
mkHost =
attrs@{
modules ? [ ],
...
}:
name: path:
lib.nixosSystem (
attrs
// {
modules = [
{
networking.hostName = lib.mkDefault name;
}
(import path)
] ++ attrs.modules;
});
}
);
}

25
lib/options.nix
View file

@ -3,25 +3,30 @@ let
inherit (lib) mkOption types flatten;
in
rec {
mkOpt = type: default:
mkOption { inherit type default; };
mkOpt = type: default: mkOption { inherit type default; };
mkOpt' = type: default: description:
mkOpt' =
type: default: description:
mkOption { inherit type default description; };
mkBoolOpt = default: mkOption {
mkBoolOpt =
default:
mkOption {
inherit default;
type = types.bool;
example = true;
};
mkBoolOpt' = default: description: mkOption {
mkBoolOpt' =
default: description:
mkOption {
inherit default description;
type = types.bool;
example = true;
};
coercedPackageList = with types;
coercedPackageList =
with types;
let
packageListType = listOf (either package packageListType);
in
@ -29,7 +34,11 @@ rec {
packageListOpt = mkOpt coercedPackageList [ ];
addPackageLists = lib.mapAttrs (name: value: value // {
addPackageLists = lib.mapAttrs (
name: value:
value
// {
packages = packageListOpt;
});
}
);
}

8
modules/functionality/soft-serve.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
with lib.our;
let
@ -88,4 +93,3 @@ in
];
};
}

13
modules/functionality/ssh-tunnel.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
let
cfg = config.services.ssh-tunnel;
@ -50,11 +55,13 @@ in
local = mkParams "-L" cfg.forwards.local;
remote = mkParams "-R" cfg.forwards.remote;
options = mkParams "-o" (mapAttrsToList (n: v: "${n}=${toString v}") {
options = mkParams "-o" (
mapAttrsToList (n: v: "${n}=${toString v}") {
ServerAliveInterval = 60;
ExitOnForwardFailure = "yes";
KbdInteractiveAuthentication = "no";
});
}
);
in
{
script = ''

33
modules/global/backup.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
# Borg Backup public key:
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINhldH579ixPRSBtTjnzWoDCNyUxUSl1BjogWN3keYBR borg@universe
# This is used to connect to my rsync.net
@ -7,11 +12,7 @@ with lib.our;
let
append = root: path: (root + "/" + path);
excludes' = concatLists
(mapAttrsToList
(root: map (append root))
cfg.excludes
);
excludes' = concatLists (mapAttrsToList (root: map (append root)) cfg.excludes);
commonArgs = {
environment = {
@ -36,11 +37,18 @@ let
};
};
mkJob = paths: commonArgs // {
mkJob =
paths:
commonArgs
// {
inherit paths;
inherit (cfg) repo;
exclude = map (append paths) (excludes' ++ cfg.extraExcludes);
startAt = if cfg.backupTimes ? "${config.networking.hostName}" then "*-*-* ${cfg.backupTimes.${config.networking.hostName}}" else [ ];
startAt =
if cfg.backupTimes ? "${config.networking.hostName}" then
"*-*-* ${cfg.backupTimes.${config.networking.hostName}}"
else
[ ];
};
cfg = config.modules.backups;
@ -106,11 +114,12 @@ in
(mkIf cfg.enable {
services.borgbackup.jobs = mapAttrs (_: mkJob) cfg.jobs;
systemd.timers = lib.mapAttrs'
(n: _: lib.nameValuePair "borgbackup-job-${n}" {
systemd.timers = lib.mapAttrs' (
n: _:
lib.nameValuePair "borgbackup-job-${n}" {
requires = [ "network-online.target" ];
})
cfg.jobs;
}
) cfg.jobs;
persist.directories = [
"/root/.cache/borg"

4
modules/global/caches/personal.nix
View file

@ -2,7 +2,9 @@
{
nix.settings = {
substituters = lib.flatten [
(lib.optional (config.networking.hostName != "Infini-DESKTOP" && config.info.loc.home) "ssh://infini-desktop?priority=9")
(lib.optional (
config.networking.hostName != "Infini-DESKTOP" && config.info.loc.home
) "ssh://infini-desktop?priority=9")
"https://hydra.inx.moe?priority=10"
];
trusted-public-keys = [

8
modules/global/general.nix
View file

@ -1,4 +1,10 @@
{ config, common, secrets, lib, ... }:
{
config,
common,
secrets,
lib,
...
}:
{
programs = {
# Enable dconf for programs that need it

8
modules/global/home-manager.nix
View file

@ -1,4 +1,10 @@
{ config, lib, pkgs, ... }: {
{
config,
lib,
pkgs,
...
}:
{
home-manager = {
useUserPackages = lib.mkDefault true;
useGlobalPkgs = true;

12
modules/global/networking.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, private, ... }:
{
config,
pkgs,
private,
...
}:
{
imports = [ private.nixosModules.networking ];
@ -27,7 +32,10 @@
#"100.100.100.100"
];
firewall.trustedInterfaces = [ "br-+" "tailscale0" ];
firewall.trustedInterfaces = [
"br-+"
"tailscale0"
];
nftables = {
enable = true;

36
modules/global/nix.nix
View file

@ -1,6 +1,17 @@
{ config, inputs, pkgs, lib, ... }:
{
config,
inputs,
pkgs,
lib,
...
}:
let
inherit (lib) mkIf mkDefault filterAttrs mapAttrs';
inherit (lib)
mkIf
mkDefault
filterAttrs
mapAttrs'
;
in
{
nix = {
@ -8,9 +19,19 @@ in
settings = {
allowed-users = [ "*" ];
trusted-users = [ "root" "@wheel" "remotebuild" "nix-ssh" ];
trusted-users = [
"root"
"@wheel"
"remotebuild"
"nix-ssh"
];
system-features = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
system-features = [
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
];
experimental-features = [
"flakes"
"nix-command"
@ -52,7 +73,12 @@ in
let
flakes = filterAttrs (n: v: v ? outputs) inputs;
in
(mapAttrs' (n: v: { name = if n == "self" then "universe" else n; value = { flake = v; }; }) flakes)
(mapAttrs' (n: v: {
name = if n == "self" then "universe" else n;
value = {
flake = v;
};
}) flakes)
// {
nixpkgs-git = {
exact = false;

13
modules/global/options.nix
View file

@ -1,5 +1,10 @@
# Heavily inspired by hlissner: https://github.com/hlissner/dotfiles/blob/master/modules/options.nix
{ config, options, lib, ... }:
{
config,
options,
lib,
...
}:
with lib;
with lib.our;
let
@ -40,7 +45,11 @@ in
universe = {
packages = packageListOpt;
shellAliases = mkOpt (attrsOf str) { };
variables = mkOpt (attrsOf (oneOf [ (listOf str) str path ])) { };
variables = mkOpt (attrsOf (oneOf [
(listOf str)
str
path
])) { };
media.enable = mkBoolOpt false;
minimal.enable = mkBoolOpt false;
};

37
modules/global/packages.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
{
# Use the latest Linux kernel
boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
@ -7,7 +12,9 @@
environment.defaultPackages = lib.mkForce [ ];
# Packages wanted everywhere
universe.packages = with pkgs; [
universe.packages =
with pkgs;
[
universe-cli
agenix
@ -53,15 +60,21 @@
xxHash
yq
zip
] ++ (lib.optionals config.universe.media.enable (with pkgs; [
]
++ (lib.optionals config.universe.media.enable (
with pkgs;
[
ghostscript
graphviz
imagemagick
pandoc
yt-dlp
]));
]
));
environment.systemPackages = config.universe.packages ++ (with pkgs; [
environment.systemPackages =
config.universe.packages
++ (with pkgs; [
binutils
btrfs-progs
bubblewrap
@ -77,10 +90,18 @@
# covered by home manager
git
vim
]) ++ (lib.optionals config.info.graphical (with pkgs; [
])
++ (lib.optionals config.info.graphical (
with pkgs;
[
arandr
])) ++ (lib.optionals config.universe.media.enable (with pkgs; [
]
))
++ (lib.optionals config.universe.media.enable (
with pkgs;
[
ffmpeg-full
mpv
]));
]
));
}

15
modules/global/persist.nix
View file

@ -6,13 +6,22 @@ in
persist = {
directories = flatten [
"/home"
{ directory = "/etc/nixos"; user = "infinidoge"; }
{ directory = "/etc/nixos-private"; user = "infinidoge"; }
{
directory = "/etc/nixos";
user = "infinidoge";
}
{
directory = "/etc/nixos-private";
user = "infinidoge";
}
"/var/log"
"/var/lib/nixos"
"/var/lib/systemd/"
{ directory = "/var/lib/tailscale"; mode = "0700"; }
{
directory = "/var/lib/tailscale";
mode = "0700";
}
"/root/.ssh"

34
modules/global/programming.nix
View file

@ -1,16 +1,21 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
let
inherit (lib) flip;
inherit (lib.our) mkBoolOpt' addPackageLists;
cfg = config.universe.programming;
programmingOpt' = kind: flip mkBoolOpt' "Programming: ${kind}";
programmingOpt = flip programmingOpt' cfg.all.enable;
in
{
options.universe.programming = (addPackageLists {
options.universe.programming =
(addPackageLists {
base.enable = programmingOpt' "Base packages" true;
c.enable = programmingOpt' "C" true;
@ -25,7 +30,8 @@ in
zig.enable = programmingOpt "Zig";
latex.enable = programmingOpt "LaTeX";
html.enable = programmingOpt "HTML";
}) // {
})
// {
all.enable = programmingOpt' "All languages" false;
};
@ -60,7 +66,6 @@ in
cabal2nix
];
java.packages = [
openjdk
clang-tools
@ -75,7 +80,8 @@ in
];
python.packages = [
(python312.withPackages (p: with p; [
(python312.withPackages (
p: with p; [
black
isort
jupyter
@ -83,7 +89,8 @@ in
pip
pyflakes
pytest
]))
]
))
pipenv
ruff
];
@ -93,12 +100,15 @@ in
];
rust.packages = [
(rust-bin.selectLatestNightlyWith (toolchain: toolchain.default.override {
(rust-bin.selectLatestNightlyWith (
toolchain:
toolchain.default.override {
extensions = [
"rust-src"
"rust-analyzer"
];
}))
}
))
gcc
];
@ -142,9 +152,9 @@ in
];
};
universe.packages = lib.concatMap
(v: lib.optionals (v ? packages && v.enable) v.packages)
(lib.attrValues cfg);
universe.packages = lib.concatMap (v: lib.optionals (v ? packages && v.enable) v.packages) (
lib.attrValues cfg
);
programs.java.enable = cfg.java.enable;

15
modules/global/security.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
let
inherit (config.nixpkgs.hostPlatform) system;
@ -32,8 +37,12 @@ in
hardware = {
enableRedistributableFirmware = mkDefault true;
cpu.intel.updateMicrocode = mkDefault (config.hardware.enableRedistributableFirmware && system == "x86_64-linux");
cpu.amd.updateMicrocode = mkDefault (config.hardware.enableRedistributableFirmware && system == "x86_64-linux");
cpu.intel.updateMicrocode = mkDefault (
config.hardware.enableRedistributableFirmware && system == "x86_64-linux"
);
cpu.amd.updateMicrocode = mkDefault (
config.hardware.enableRedistributableFirmware && system == "x86_64-linux"
);
};
users.mutableUsers = false;

8
modules/global/shell.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
let
ifSudo = lib.mkIf config.security.sudo.enable;
ifSudo' = text: if config.security.sudo.enable then "sudo ${text}" else text;
@ -43,7 +48,6 @@ in
gcd = "cd $(git root || echo \".\")";
ucd = "cd $(uni cd || echo \".\")";
# grep
grep = "rg";
gi = "grep -i";

11
modules/global/ssh.nix
View file

@ -12,14 +12,19 @@ with lib;
ClientAliveInterval = 60;
TCPKeepAlive = "yes";
};
hostKeys = mkDefault [{
hostKeys = mkDefault [
{
path = "/etc/ssh/ssh_host_ed25519_key";
type = "ed25519";
}];
}
];
knownHosts = {
"github.com" = {
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl";
extraHostNames = [ "ssh.github.com" "ssh.github.com:443" ];
extraHostNames = [
"ssh.github.com"
"ssh.github.com:443"
];
};
};
};

10
modules/global/virtualisation.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
with lib.our;
let
@ -16,7 +21,8 @@ in
};
programs.dconf.enable = mkIf cfg.libvirtd.enable true;
environment.systemPackages = (optional cfg.libvirtd.enable pkgs.virt-manager)
environment.systemPackages =
(optional cfg.libvirtd.enable pkgs.virt-manager)
++ (optional cfg.docker.enable pkgs.docker-compose);
persist.directories = optional cfg.libvirtd.enable "/var/lib/libvirt";
};

29
modules/modules/desktop/gaming.nix
View file

@ -1,4 +1,10 @@
{ config, options, lib, pkgs, ... }:
{
config,
options,
lib,
pkgs,
...
}:
with lib;
with lib.our;
let
@ -32,16 +38,23 @@ in
config = mkMerge [
{
assertions = [{
assertion = (any id (with cfg; [
assertions = [
{
assertion =
(any id (
with cfg;
[
steam.enable
prismlauncher.enable
lutris.enable
olympus.enable
puzzles.enable
])) -> config.info.graphical;
]
))
-> config.info.graphical;
message = "Games cannot be enabled in a non-graphical environment";
}];
}
];
home.home.packages = with pkgs; [
(mkIf cfg.prismlauncher.enable cfg.prismlauncher.package)
@ -56,12 +69,14 @@ in
programs.steam = {
enable = mkAliasDefinitions opt.steam.enable;
package = cfg.steam.package.override (optionalAttrs config.modules.hardware.gpu.nvidia {
package = cfg.steam.package.override (
optionalAttrs config.modules.hardware.gpu.nvidia {
extraProfile = ''
unset VK_ICD_FILENAMES
export VK_ICD_FILENAMES=${config.hardware.nvidia.package}/share/vulkan/icd.d/nvidia_icd.json:${config.hardware.nvidia.package.lib32}/share/vulkan/icd.d/nvidia_icd32.json
'';
});
}
);
extraCompatPackages = with pkgs; [
proton-ge-bin
];

21
modules/modules/desktop/wm.nix
View file

@ -1,4 +1,10 @@
{ config, common, pkgs, lib, ... }:
{
config,
common,
pkgs,
lib,
...
}:
with lib;
with lib.our;
let
@ -50,11 +56,15 @@ in
'';
};
home-manager.sharedModules = [{
home-manager.sharedModules = [
{
xsession.enable = true;
}];
}
];
environment.systemPackages = with pkgs; flatten [
environment.systemPackages =
with pkgs;
flatten [
(with xorg; [
xwininfo
xprop
@ -70,7 +80,8 @@ in
(mkIf cfg.qtile.enable {
services.xserver.windowManager.qtile = {
enable = true;
extraPackages = p: with p; [
extraPackages =
p: with p; [
qtile-extras
];
};

7
modules/modules/hardware/audio.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
with lib.our;

15
modules/modules/hardware/form.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
with lib.our;
let
@ -58,7 +63,13 @@ in
environment = {
variables.LAPTOP = "True";
systemPackages = with pkgs; [ acpi brightnessctl ] ++ optional config.powerManagement.powertop.enable pkgs.powertop;
systemPackages =
with pkgs;
[
acpi
brightnessctl
]
++ optional config.powerManagement.powertop.enable pkgs.powertop;
};
})

25
modules/modules/hardware/gpu.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
with lib.our;
let
@ -13,12 +18,23 @@ in
};
config = mkMerge [
(mkIf (any' (with cfg; [ amdgpu nvidia intel ])) {
(mkIf
(any' (
with cfg;
[
amdgpu
nvidia
intel
]
))
{
hardware.graphics = {
enable = true;
enable32Bit = true;
extraPackages = with pkgs; flatten [
extraPackages =
with pkgs;
flatten [
libvdpau-va-gl
vaapiVdpau
@ -33,7 +49,8 @@ in
])
];
};
})
}
)
(mkIf cfg.amdgpu {
boot.initrd.kernelModules = [ "amdgpu" ];

7
modules/modules/hardware/peripherals/printing.nix
View file

@ -1,4 +1,9 @@
{ config, lib, private, ... }:
{
config,
lib,
private,
...
}:
with lib;
with lib.our;
let

7
modules/modules/hardware/peripherals/yubikey.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
with lib.our;
let

8
modules/modules/hardware/wireless.nix
View file

@ -1,4 +1,10 @@
{ config, lib, private, pkgs, ... }:
{
config,
lib,
private,
pkgs,
...
}:
with lib;
with lib.our;
let

16
modules/modules/services/apcupsd.nix
View file

@ -20,7 +20,8 @@ in
config = mkIf cfg.enable {
services.apcupsd = {
enable = true;
configText = ''
configText =
''
UPSNAME UPS
UPSCLASS standalone
UPSMODE disable
@ -29,17 +30,22 @@ in
BATTERYLEVEL ${toString cfg.config.battery_level}
MINUTES ${toString cfg.config.minutes}
'' +
(if cfg.primary then ''
''
+ (
if cfg.primary then
''
UPSTYPE usb
UPSCABLE usb
NISIP ${cfg.config.address}
'' else ''
''
else
''
UPSCABLE ether
UPSTYPE net
DEVICE ${cfg.config.address}:${toString port}
POLLTIME 10
'');
''
);
hooks = cfg.config.hooks;
};
networking.firewall.allowedTCPPorts = mkIf cfg.primary [ port ];

46
modules/vendored/factorio.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
@ -48,7 +53,10 @@ let
savePath = "${cfg.stateDir}/saves/${cfg.saveName}.zip";
mkCmd = options: toString ([
mkCmd =
options:
toString (
[
"${lib.getExe cfg.package}"
"--config=${cfg.configFile}"
(optionalString (cfg.mods != [ ]) "--mod-directory=${modDir}")
@ -56,11 +64,14 @@ let
(optionalString (cfg.mapGenSettings != { }) "--map-gen-settings=${mapGenSettingsFile}")
(optionalString (cfg.mapSettings != { }) "--map-settings=${mapSettingsFile}")
"--server-settings=${
if (cfg.extraSettingsFile != null)
then "${cfg.stateDir}/server-settings.json"
else serverSettingsFile
if (cfg.extraSettingsFile != null) then
"${cfg.stateDir}/server-settings.json"
else
serverSettingsFile
}"
] ++ options);
]
++ options
);
in
{
disabledModules = [ "services/games/factorio.nix" ];
@ -234,7 +245,9 @@ in
extraSettings = mkOption {
type = types.attrs;
default = { };
example = { admins = [ "username" ]; };
example = {
admins = [ "username" ];
};
description = lib.mdDoc ''
Extra game configuration that will go into server-settings.json
'';
@ -338,13 +351,15 @@ in
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
preStart = ''
preStart =
''
if [[ ! -e "${savePath}" ]]; then
${mkCmd [
"--create=${savePath}"
]}
fi
'' + (optionalString (cfg.extraSettingsFile != null) ''
''
+ (optionalString (cfg.extraSettingsFile != null) ''
echo ${lib.strings.escapeShellArg serverSettingsString} \
"$(cat ${cfg.extraSettingsFile})" \
| ${lib.getExe pkgs.jq} -s add \
@ -362,11 +377,7 @@ in
ExecStart = mkCmd [
"--port=${toString cfg.port}"
"--bind=${cfg.bind}"
(
if cfg.loadLatestSave
then "--start-server-load-latest"
else "--start-server=${savePath}"
)
(if cfg.loadLatestSave then "--start-server-load-latest" else "--start-server=${savePath}")
(optionalString (cfg.admins != [ ]) "--server-adminlist=${serverAdminsFile}")
];
@ -379,7 +390,12 @@ in
ProtectControlGroups = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" "AF_NETLINK" ];
RestrictAddressFamilies = [
"AF_UNIX"
"AF_INET"
"AF_INET6"
"AF_NETLINK"
];
RestrictRealtime = true;
RestrictNamespaces = true;
MemoryDenyWriteExecute = true;

70
modules/vendored/hydra.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with lib;
@ -16,22 +21,29 @@ let
HYDRA_DATA = "${baseDir}";
};
env = {
env =
{
NIX_REMOTE = "daemon";
SSL_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt"; # Remove in 16.03
PGPASSFILE = "${baseDir}/pgpass";
NIX_REMOTE_SYSTEMS = concatStringsSep ":" cfg.buildMachinesFiles;
} // optionalAttrs (cfg.smtpHost != null) {
}
// optionalAttrs (cfg.smtpHost != null) {
EMAIL_SENDER_TRANSPORT = "SMTP";
EMAIL_SENDER_TRANSPORT_host = cfg.smtpHost;
} // hydraEnv // cfg.extraEnv;
}
// hydraEnv
// cfg.extraEnv;
serverEnv = env // {
serverEnv =
env
// {
HYDRA_TRACKER = cfg.tracker;
XDG_CACHE_HOME = "${baseDir}/www/.cache";
COLUMNS = "80";
PGPASSFILE = "${baseDir}/pgpass-www"; # grrr
} // (optionalAttrs cfg.debugServer { DBIC_TRACE = "1"; });
}
// (optionalAttrs cfg.debugServer { DBIC_TRACE = "1"; });
localDB = "dbi:Pg:dbname=hydra;user=hydra;";
@ -39,7 +51,9 @@ let
hydra-package =
let
makeWrapperArgs = concatStringsSep " " (mapAttrsToList (key: value: "--set-default \"${key}\" \"${value}\"") hydraEnv);
makeWrapperArgs = concatStringsSep " " (
mapAttrsToList (key: value: "--set-default \"${key}\" \"${value}\"") hydraEnv
);
in
pkgs.buildEnv rec {
name = "hydra-env";
@ -236,7 +250,10 @@ in
type = types.listOf types.path;
default = optional (config.nix.buildMachines != [ ]) "/etc/nix/machines";
defaultText = literalExpression ''optional (config.nix.buildMachines != []) "/etc/nix/machines"'';
example = [ "/etc/nix/machines" "/var/lib/hydra/provisioner/machines" ];
example = [
"/etc/nix/machines"
"/var/lib/hydra/provisioner/machines"
];
description = "List of files containing build machines.";
};
@ -257,7 +274,6 @@ in
};
###### implementation
config = mkIf cfg.enable {
@ -312,7 +328,10 @@ in
use-substitutes = ${if cfg.useSubstitutes then "1" else "0"}
'';
environment.systemPackages = [ hydra-package pkgs.git ];
environment.systemPackages = [
hydra-package
pkgs.git
];
environment.variables = hydraEnv;
@ -320,7 +339,11 @@ in
{
keep-outputs = true;
keep-derivations = true;
extra-trusted-users = [ "hydra" "hydra-queue-runner" "hydra-www" ];
extra-trusted-users = [
"hydra"
"hydra-queue-runner"
"hydra-www"
];
}
(mkIf (versionOlder (getVersion config.nix.package.out) "2.4pre") {
@ -419,8 +442,17 @@ in
wantedBy = [ "multi-user.target" ];
requires = [ "hydra-init.service" ];
wants = [ "network-online.target" ];
after = [ "hydra-init.service" "network.target" ];
path = [ hydra-package pkgs.nettools pkgs.openssh pkgs.bzip2 config.nix.package ];
after = [
"hydra-init.service"
"network.target"
];
path = [
hydra-package
pkgs.nettools
pkgs.openssh
pkgs.bzip2
config.nix.package
];
restartTriggers = [ hydraConf ];
environment = env // {
PGPASSFILE = "${baseDir}/pgpass-queue-runner"; # grrr
@ -444,8 +476,16 @@ in
wantedBy = [ "multi-user.target" ];
requires = [ "hydra-init.service" ];
wants = [ "network-online.target" ];
after = [ "hydra-init.service" "network.target" "network-online.target" ];
path = with pkgs; [ hydra-package nettools jq ];
after = [
"hydra-init.service"
"network.target"
"network-online.target"
];
path = with pkgs; [
hydra-package
nettools
jq
];
restartTriggers = [ hydraConf ];
environment = env // {
HYDRA_DBI = "${env.HYDRA_DBI};application_name=hydra-evaluator";

72
modules/vendored/steam.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
let
cfg = config.programs.steam;
@ -8,7 +13,9 @@ let
steam-gamescope =
let
exports = builtins.attrValues (builtins.mapAttrs (n: v: "export ${n}=${v}") cfg.gamescopeSession.env);
exports = builtins.attrValues (
builtins.mapAttrs (n: v: "export ${n}=${v}") cfg.gamescopeSession.env
);
in
pkgs.writeShellScriptBin "steam-gamescope" ''
${builtins.concatStringsSep "\n" exports}
@ -22,7 +29,10 @@ let
Comment=A digital distribution platform
Exec=${steam-gamescope}/bin/steam-gamescope
Type=Application
'').overrideAttrs (_: { passthru.providedSessions = [ "steam" ]; });
'').overrideAttrs
(_: {
passthru.providedSessions = [ "steam" ];
});
in
{
disabledModules = [ "programs/steam.nix" ];
@ -46,29 +56,40 @@ in
];
}
'';
apply = steam: steam.override (prev: {
extraEnv = (lib.optionalAttrs (cfg.extraCompatPackages != [ ]) {
apply =
steam:
steam.override (
prev:
{
extraEnv =
(lib.optionalAttrs (cfg.extraCompatPackages != [ ]) {
STEAM_EXTRA_COMPAT_TOOLS_PATHS = extraCompatPaths;
}) // (lib.optionalAttrs cfg.extest.enable {
})
// (lib.optionalAttrs cfg.extest.enable {
LD_PRELOAD = "${pkgs.pkgsi686Linux.extest}/lib/libextest.so";
}) // (prev.extraEnv or { });
extraLibraries = pkgs:
})
// (prev.extraEnv or { });
extraLibraries =
pkgs:
let
prevLibs = if prev ? extraLibraries then prev.extraLibraries pkgs else [ ];
additionalLibs = with config.hardware.graphics;
if pkgs.stdenv.hostPlatform.is64bit
then [ package ] ++ extraPackages
else [ package32 ] ++ extraPackages32;
additionalLibs =
with config.hardware.graphics;
if pkgs.stdenv.hostPlatform.is64bit then
[ package ] ++ extraPackages
else
[ package32 ] ++ extraPackages32;
in
prevLibs ++ additionalLibs;
extraPkgs = p: (cfg.extraPackages ++ lib.optionals (prev ? extraPkgs) (prev.extraPkgs p));
} // lib.optionalAttrs (cfg.gamescopeSession.enable && gamescopeCfg.capSysNice)
{
}
// lib.optionalAttrs (cfg.gamescopeSession.enable && gamescopeCfg.capSysNice) {
buildFHSEnv = pkgs.buildFHSEnv.override {
# use the setuid wrapped bubblewrap
bubblewrap = "${config.security.wrapperDir}/..";
};
});
}
);
description = ''
The Steam package to use. Additional libraries are added from the system
configuration to ensure graphics work properly.
@ -201,18 +222,24 @@ in
programs.steam.extraPackages = cfg.fontPackages;
programs.gamescope.enable = lib.mkDefault cfg.gamescopeSession.enable;
services.displayManager.sessionPackages = lib.mkIf cfg.gamescopeSession.enable [ gamescopeSessionFile ];
services.displayManager.sessionPackages = lib.mkIf cfg.gamescopeSession.enable [
gamescopeSessionFile
];
# optionally enable 32bit pulseaudio support if pulseaudio is enabled
services.pulseaudio.support32Bit = config.services.pulseaudio.enable;
hardware.steam-hardware.enable = true;
home.home.packages = [
home.home.packages =
[
cfg.package
cfg.package.run
] ++ lib.optional cfg.gamescopeSession.enable steam-gamescope
++ lib.optional cfg.protontricks.enable (cfg.protontricks.package.override { inherit extraCompatPaths; });
]
++ lib.optional cfg.gamescopeSession.enable steam-gamescope
++ lib.optional cfg.protontricks.enable (
cfg.protontricks.package.override { inherit extraCompatPaths; }
);
networking.firewall = lib.mkMerge [
(lib.mkIf (cfg.remotePlay.openFirewall || cfg.localNetworkGameTransfers.openFirewall) {
@ -221,7 +248,12 @@ in
(lib.mkIf cfg.remotePlay.openFirewall {
allowedTCPPorts = [ 27036 ];
allowedUDPPortRanges = [{ from = 27031; to = 27035; }];
allowedUDPPortRanges = [
{
from = 27031;
to = 27035;
}
];
})
(lib.mkIf cfg.dedicatedServer.openFirewall {

27
modules/vendored/thelounge.nix
View file

@ -1,14 +1,23 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with lib;
let
cfg = config.services.thelounge;
configJsData = "module.exports = " + builtins.toJSON (
{ inherit (cfg) public port; } // cfg.extraConfig
);
configJsData =
"module.exports = " + builtins.toJSON ({ inherit (cfg) public port; } // cfg.extraConfig);
pluginManifest = {
dependencies = builtins.listToAttrs (builtins.map (pkg: { name = getName pkg; value = getVersion pkg; }) cfg.plugins);
dependencies = builtins.listToAttrs (
builtins.map (pkg: {
name = getName pkg;
value = getVersion pkg;
}) cfg.plugins
);
};
plugins = pkgs.runCommandLocal "thelounge-plugins" { } ''
mkdir -p $out/node_modules
@ -21,7 +30,13 @@ in
{
disabledModules = [ "services/networking/thelounge.nix" ];
imports = [ (mkRemovedOptionModule [ "services" "thelounge" "private" ] "The option was renamed to `services.thelounge.public` to follow upstream changes.") ];
imports = [
(mkRemovedOptionModule [
"services"
"thelounge"
"private"
] "The option was renamed to `services.thelounge.public` to follow upstream changes.")
];
options.services.thelounge = {
enable = mkEnableOption (lib.mdDoc "The Lounge web IRC client");

90
modules/vendored/vaultwarden.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
@ -8,17 +13,27 @@ let
group = config.users.groups.vaultwarden.name;
# Convert name from camel case (e.g. disable2FARemember) to upper case snake case (e.g. DISABLE_2FA_REMEMBER).
nameToEnvVar = name:
nameToEnvVar =
name:
let
parts = builtins.split "([A-Z0-9]+)" name;
partsToEnvVar = parts: foldl'
(key: x:
let last = stringLength key - 1; in
if isList x then key + optionalString (key != "" && substring last 1 key != "_") "_" + head x
partsToEnvVar =
parts:
foldl' (
key: x:
let
last = stringLength key - 1;
in
if isList x then
key + optionalString (key != "" && substring last 1 key != "_") "_" + head x
else if key != "" && elem (substring 0 1 x) lowerChars then # to handle e.g. [ "disable" [ "2FAR" ] "emember" ]
substring 0 last key + optionalString (substring (last - 1) 1 key != "_") "_" + substring last 1 key + toUpper x
else key + toUpper x) ""
parts;
substring 0 last key
+ optionalString (substring (last - 1) 1 key != "_") "_"
+ substring last 1 key
+ toUpper x
else
key + toUpper x
) "" parts;
in
if builtins.match "[A-Z0-9_]+" name != null then name else partsToEnvVar parts;
@ -26,17 +41,24 @@ let
# we can only check for values consistently after converting them to their corresponding environment variable name.
configEnv =
let
configEnv = concatMapAttrs
(name: value: optionalAttrs (value != null) {
configEnv = concatMapAttrs (
name: value:
optionalAttrs (value != null) {
${nameToEnvVar name} = if isBool value then boolToString value else toString value;
})
cfg.config;
}
) cfg.config;
in
{ DATA_FOLDER = cfg.dataDir; } // optionalAttrs (!(configEnv ? WEB_VAULT_ENABLED) || configEnv.WEB_VAULT_ENABLED == "true") {
{
DATA_FOLDER = cfg.dataDir;
}
// optionalAttrs (!(configEnv ? WEB_VAULT_ENABLED) || configEnv.WEB_VAULT_ENABLED == "true") {
WEB_VAULT_FOLDER = "${cfg.webVaultPackage}/share/vaultwarden/vault";
} // configEnv;
}
// configEnv;
configFile = pkgs.writeText "vaultwarden.env" (concatStrings (mapAttrsToList (name: value: "${name}=${value}\n") configEnv));
configFile = pkgs.writeText "vaultwarden.env" (
concatStrings (mapAttrsToList (name: value: "${name}=${value}\n") configEnv)
);
vaultwarden = cfg.package.override { inherit (cfg) dbBackend; };
@ -52,7 +74,11 @@ in
enable = mkEnableOption (lib.mdDoc "vaultwarden");
dbBackend = mkOption {
type = enum [ "sqlite" "mysql" "postgresql" ];
type = enum [
"sqlite"
"mysql"
"postgresql"
];
default = "sqlite";
description = lib.mdDoc ''
Which database backend vaultwarden will be using.
@ -77,7 +103,13 @@ in
};
config = mkOption {
type = attrsOf (nullOr (oneOf [ bool int str ]));
type = attrsOf (
nullOr (oneOf [
bool
int
str
])
);
default = {
ROCKET_ADDRESS = "::1"; # default to localhost
ROCKET_PORT = 8222;
@ -186,10 +218,12 @@ in
};
config = mkIf cfg.enable {
assertions = [{
assertions = [
{
assertion = cfg.backupDir != null -> cfg.dbBackend == "sqlite";
message = "Backups for database backends other than sqlite will need customization";
}];
}
];
users.users.vaultwarden = {
inherit group;
@ -218,10 +252,18 @@ in
wantedBy = [ "multi-user.target" ];
};
systemd.tmpfiles.settings."10-vaultwarden" = {
${cfg.dataDir}.d = { inherit user group; mode = "0700"; };
} // optionalAttrs (cfg.backupDir != null) {
${cfg.backupDir}.d = { inherit user group; mode = "0770"; };
systemd.tmpfiles.settings."10-vaultwarden" =
{
${cfg.dataDir}.d = {
inherit user group;
mode = "0700";
};
}
// optionalAttrs (cfg.backupDir != null) {
${cfg.backupDir}.d = {
inherit user group;
mode = "0770";
};
};
systemd.services.backup-vaultwarden = mkIf (cfg.backupDir != null) {

7
overlays/overrides.nix
View file

@ -1,7 +1,9 @@
inputs: final: prev:
let
mkPkgs = channel: channel.legacyPackages.${final.system};
mkPkgsUnfree = channel: import channel {
mkPkgsUnfree =
channel:
import channel {
inherit (final) system;
config.allowUnfree = true;
};
@ -11,7 +13,8 @@ let
stable = mkPkgs inputs.stable;
old-stable = mkPkgs inputs.old-stable;
versionFromInput = input:
versionFromInput =
input:
let
slice = a: b: builtins.substring a b input.lastModifiedDate;
in

8
overlays/patches/default.nix
View file

@ -1,7 +1,9 @@
final: prev:
let
addPatches = package: patches: package.overrideAttrs (old: {
addPatches =
package: patches:
package.overrideAttrs (old: {
patches = (old.patches or [ ]) ++ patches;
});
in
@ -20,7 +22,9 @@ in
# })
#];
hydra_unstable = addPatches prev.hydra_unstable [ ./hydra-force-allow-import-from-derivation.patch ];
hydra_unstable = addPatches prev.hydra_unstable [
./hydra-force-allow-import-from-derivation.patch
];
openssh-srv = addPatches prev.openssh [ ./srv-records.patch ];

8
pkgs/all-packages.nix
View file

@ -14,8 +14,12 @@ rec {
tmx-cups-ppd = pkgs.callPackage ./tmx-cups-ppd.nix { };
unbted = pkgs.callPackage ./unbted.nix { };
unmap = pkgs.callPackage ./unmap { };
vpython-jupyter = pkgs.python3Packages.callPackage ./vpython-jupyter.nix { inherit jupyterlab-vpython; };
vpython-jupyter = pkgs.python3Packages.callPackage ./vpython-jupyter.nix {
inherit jupyterlab-vpython;
};
jupyterlab-vpython = pkgs.python3Packages.callPackage ./jupyterlab-vpython { };
jupyter-server-proxy = pkgs.python3Packages.callPackage ./jupyter-server-proxy { inherit simpervisor; };
jupyter-server-proxy = pkgs.python3Packages.callPackage ./jupyter-server-proxy {
inherit simpervisor;
};
simpervisor = pkgs.python3Packages.callPackage ./simpervisor.nix { };
}

13
pkgs/bytecode-viewer.nix
View file

@ -1,9 +1,10 @@
{ stdenv
, lib
, fetchFromGitHub
, jre
, makeWrapper
, maven
{
stdenv,
lib,
fetchFromGitHub,
jre,
makeWrapper,
maven,
}:
maven.buildMavenPackage rec {

3
pkgs/default.nix
View file

@ -1,6 +1,7 @@
{ self, lib, ... }:
{
perSystem = { pkgs, ... }:
perSystem =
{ pkgs, ... }:
let
allPackages = import ./all-packages.nix { inherit pkgs; };
in

16
pkgs/ears-cli.nix
View file

@ -1,8 +1,9 @@
{ lib
, stdenvNoCC
, fetchFromGitea
, makeWrapper
, jdk
{
lib,
stdenvNoCC,
fetchFromGitea,
makeWrapper,
jdk,
}:
stdenvNoCC.mkDerivation rec {
pname = "ears-cli";
@ -16,7 +17,10 @@ stdenvNoCC.mkDerivation rec {
sha256 = "sha256-3ov7wjw8nxjwrNRH0wHICbZjXR4j2DPkUl5WlxJZsLA=";
};
nativeBuildInputs = [ jdk makeWrapper ];
nativeBuildInputs = [
jdk
makeWrapper
];
buildPhase = ''
bash ./build.sh

17
pkgs/fw-ectool.nix
View file

@ -1,11 +1,12 @@
{ stdenv
, lib
, fetchFromGitLab
, pkg-config
, cmake
, hostname
, libusb1
, libftdi1
{
stdenv,
lib,
fetchFromGitLab,
pkg-config,
cmake,
hostname,
libusb1,
libftdi1,
}:
stdenv.mkDerivation {

6
pkgs/hexagon.nix
View file

@ -1,4 +1,8 @@
{ lib, fetchFromGitHub, rustPlatform }:
{
lib,
fetchFromGitHub,
rustPlatform,
}:
rustPlatform.buildRustPackage rec {
pname = "hexagon";

29
pkgs/jupyter-server-proxy/default.nix
View file

@ -1,19 +1,20 @@
{ buildPythonPackage
, fetchFromGitHub
{
buildPythonPackage,
fetchFromGitHub,
, yarnConfigHook
, fetchYarnDeps
, hatchling
, hatch-jupyter-builder
, nodejs
yarnConfigHook,
fetchYarnDeps,
hatchling,
hatch-jupyter-builder,
nodejs,
, jupyterlab
, aiohttp
, importlib-metadata
, jupyter-server
, simpervisor
, tornado
, traitlets
jupyterlab,
aiohttp,
importlib-metadata,
jupyter-server,
simpervisor,
tornado,
traitlets,
}:
buildPythonPackage {

28
pkgs/jupyterlab-myst/default.nix
View file

@ -1,16 +1,17 @@
{ lib
, buildPythonPackage
, fetchFromGitHub
, yarnConfigHook
, fetchYarnDeps
{
lib,
buildPythonPackage,
fetchFromGitHub,
yarnConfigHook,
fetchYarnDeps,
, jupyterlab
, jupyter
, jupyter-packaging
, hatchling
, hatch-jupyter-builder
, hatch-nodejs-version
, nodejs
jupyterlab,
jupyter,
jupyter-packaging,
hatchling,
hatch-jupyter-builder,
hatch-nodejs-version,
nodejs,
}:
buildPythonPackage rec {
@ -35,7 +36,6 @@ buildPythonPackage rec {
--replace-fail '"@myst-theme/frontmatter": "^0.9.0"' '"@myst-theme/frontmatter": "^0.13.2"'
'';
yarnOfflineCache = fetchYarnDeps {
yarnLock = ./yarn.lock;
hash = "sha256-ou3Tjml5VU1O14k/oIDufj3QV2sQYD8EzVGAPhF9RZI=";
@ -46,7 +46,6 @@ buildPythonPackage rec {
nodejs
];
build-system = [
hatchling
hatch-jupyter-builder
@ -86,4 +85,3 @@ buildPythonPackage rec {
maintainers = [ ];
};
}

29
pkgs/jupyterlab-vim/default.nix
View file

@ -1,16 +1,17 @@
{ lib
, buildPythonPackage
, fetchFromGitHub
, yarnConfigHook
, fetchYarnDeps
{
lib,
buildPythonPackage,
fetchFromGitHub,
yarnConfigHook,
fetchYarnDeps,
, jupyterlab
, jupyter
, jupyter-packaging
, hatchling
, hatch-jupyter-builder
, hatch-nodejs-version
, nodejs
jupyterlab,
jupyter,
jupyter-packaging,
hatchling,
hatch-jupyter-builder,
hatch-nodejs-version,
nodejs,
}:
buildPythonPackage rec {
@ -29,7 +30,6 @@ buildPythonPackage rec {
cp ${./yarn.lock} yarn.lock
'';
yarnOfflineCache = fetchYarnDeps {
yarnLock = ./yarn.lock;
hash = "sha256-z82r763EG+QGu2KbZ2PaKueAs9wrpTYul/O/O7It7lY=";
@ -40,7 +40,6 @@ buildPythonPackage rec {
nodejs
];
build-system = [
hatchling
hatch-jupyter-builder
@ -65,7 +64,6 @@ buildPythonPackage rec {
yarn --offline run build:prod
'';
# has no tests
doCheck = false;
@ -78,4 +76,3 @@ buildPythonPackage rec {
maintainers = [ ];
};
}

23
pkgs/jupyterlab-vpython/default.nix
View file

@ -1,16 +1,17 @@
{ buildPythonPackage
, fetchFromGitHub
{
buildPythonPackage,
fetchFromGitHub,
, yarnConfigHook
, fetchYarnDeps
yarnConfigHook,
fetchYarnDeps,
, jupyterlab
, jupyter
, jupyter-packaging
, hatchling
, hatch-jupyter-builder
, hatch-nodejs-version
, nodejs
jupyterlab,
jupyter,
jupyter-packaging,
hatchling,
hatch-jupyter-builder,
hatch-nodejs-version,
nodejs,
}:
buildPythonPackage rec {

15
pkgs/mcaselector.nix
View file

@ -1,10 +1,11 @@
{ stdenv
, lib
, fetchurl
, jre
, gtk3
, makeWrapper
, wrapGAppsHook
{
stdenv,
lib,
fetchurl,
jre,
gtk3,
makeWrapper,
wrapGAppsHook,
}:
let

8
pkgs/nix-modrinth-prefetch.nix
View file

@ -1,4 +1,10 @@
{ runtimeShell, writeShellScriptBin, curl, jq, gnused }:
{
runtimeShell,
writeShellScriptBin,
curl,
jq,
gnused,
}:
writeShellScriptBin "nix-modrinth-prefetch" ''
input=$(${curl}/bin/curl --no-progress-meter https://api.modrinth.com/v2/version/$1)

13
pkgs/olympus.nix
View file

@ -1,10 +1,11 @@
# Taken from https://github.com/VergeDX/config-nixpkgs/blob/899f13750c9c1795d455eeee9cb28d3aa74a0866/packages/gui/olympus.nix
{ stdenv
, lib
, fetchzip
, unzip
, makeDesktopItem
, buildFHSEnv
{
stdenv,
lib,
fetchzip,
unzip,
makeDesktopItem,
buildFHSEnv,
}:
let
olympus = stdenv.mkDerivation rec {

9
pkgs/sim65.nix
View file

@ -1,7 +1,8 @@
{ stdenv
, fetchFromGitHub
, lib
, wxGTK32
{
stdenv,
fetchFromGitHub,
lib,
wxGTK32,
}:
stdenv.mkDerivation {

6
pkgs/simpervisor.nix
View file

@ -1,4 +1,8 @@
{ buildPythonPackage, fetchFromGitHub, hatchling }:
{
buildPythonPackage,
fetchFromGitHub,
hatchling,
}:
buildPythonPackage {
pname = "simpervisor";

7
pkgs/substitute-subset.nix
View file

@ -2,7 +2,8 @@
args:
stdenv.mkDerivation ({
stdenv.mkDerivation (
{
name = if args ? name then args.name else baseNameOf (toString args.src);
builder = builtins.toFile "builder.sh" ''
source $stdenv/setup
@ -24,4 +25,6 @@ stdenv.mkDerivation ({
'';
preferLocalBuild = true;
allowSubstitutes = false;
} // args)
}
// args
)

17
pkgs/tmx-cups-ppd.nix
View file

@ -1,8 +1,9 @@
{ stdenv
, fetchurl
, bintools
, cups
, autoPatchelfHook
{
stdenv,
fetchurl,
bintools,
cups,
autoPatchelfHook,
}:
stdenv.mkDerivation rec {
@ -14,7 +15,11 @@ stdenv.mkDerivation rec {
sha256 = "sha256-8WA6Q5z9//UJj20VHOsPA/nCCd50CcaHRVArtmTjeiQ=";
};
buildInputs = [ bintools cups autoPatchelfHook ];
buildInputs = [
bintools
cups
autoPatchelfHook
];
buildPhase = ''
ar p filter/tmx-cups_*_amd64.deb data.tar.gz \

11
pkgs/unbted.nix
View file

@ -1,9 +1,10 @@
# Based on this example: https://git.marvid.fr/scolobb/nix-GINsim
{ stdenv
, fetchurl
, makeWrapper
, lib
, jre
{
stdenv,
fetchurl,
makeWrapper,
lib,
jre,
}:
stdenv.mkDerivation rec {
pname = "unbted";

7
pkgs/unmap/default.nix
View file

@ -1,6 +1,7 @@
{ lib
, buildNpmPackage
, fetchFromGitHub
{
lib,
buildNpmPackage,
fetchFromGitHub,
}:
buildNpmPackage rec {

23
pkgs/vpython-jupyter.nix
View file

@ -1,16 +1,17 @@
{ buildPythonPackage
, fetchFromGitHub
{
buildPythonPackage,
fetchFromGitHub,
, cython
, setuptools
, setuptools_scm
cython,
setuptools,
setuptools_scm,
, autobahn
, ipykernel
, jupyter
, notebook
, numpy
, jupyterlab-vpython
autobahn,
ipykernel,
jupyter,
notebook,
numpy,
jupyterlab-vpython,
}:
buildPythonPackage {

Some files were not shown because too many files have changed in this diff Show more