Infinidoge/universe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

flake: reformat with nixfmt

Browse source
This commit is contained in:
Infinidoge 2025-01-28 20:33:04 -05:00
parent a79e641851
commit eaf4f56ac0
Signed by: Infinidoge
SSH key fingerprint: SHA256:oAMyvotlNFraMmZmr+p6AxnNfW/GioTs1pOn3V4tQ7A
117 changed files with 2667 additions and 1592 deletions
Download patch file Download diff file Expand all files Collapse all files

259
flake.nix
View file

@ -29,7 +29,10 @@
devshell.url = "github:numtide/devshell";
disko.url = "github:nix-community/disko/latest";
flake-parts.url = "github:hercules-ci/flake-parts";
flake-registry = { url = "github:NixOS/flake-registry"; flake = false; };
flake-registry = {
url = "github:NixOS/flake-registry";
flake = false;
};
home-manager.url = "github:nix-community/home-manager";
impermanence.url = "github:nix-community/impermanence";
nix-index-database.url = "github:nix-community/nix-index-database";
@ -56,7 +59,10 @@
conduwuit.url = "github:girlbossceo/conduwuit";
## Vencord
vencord = { url = "github:Vendicated/Vencord"; flake = false; };
vencord = {
url = "github:Vendicated/Vencord";
flake = false;
};
## Qtile
qtile.url = "github:qtile/qtile";
@ -130,129 +136,146 @@
universe-cli.inputs.systems.follows = "systems";
};
outputs = inputs@{ flake-parts, nixpkgs, private, ... }: flake-parts.lib.mkFlake { inherit inputs; } ({ self, lib, ... }: {
systems = [ "x86_64-linux" ];
outputs =
inputs@{
flake-parts,
nixpkgs,
private,
...
}:
flake-parts.lib.mkFlake { inherit inputs; } (
{ self, lib, ... }:
{
systems = [ "x86_64-linux" ];
debug = true;
debug = true;
perSystem = { pkgs, system, ... }: {
_module.args.pkgs = import nixpkgs {
inherit system;
config.allowUnfree = true;
overlays = [
self.overlays.overrides
self.overlays.patches
];
};
treefmt.projectRootFile = "flake.nix";
treefmt.programs.nixfmt.enable = true;
};
flake = {
lib = import ./lib { inherit (nixpkgs) lib; };
users = self.lib.rakeLeaves ./users;
overlays = {
overrides = import ./overlays/overrides.nix inputs;
patches = import ./overlays/patches;
};
nixosConfigurations =
let
libOverlay = (lfinal: lprev: {
our = self.lib;
hm = inputs.home-manager.lib.hm;
});
in
lib.mapAttrs
(self.lib.mkHost {
specialArgs = {
lib = nixpkgs.lib.extend libOverlay;
inherit private self inputs;
perSystem =
{ pkgs, system, ... }:
{
_module.args.pkgs = import nixpkgs {
inherit system;
config.allowUnfree = true;
overlays = [
self.overlays.overrides
self.overlays.patches
];
};
modules = [
self.users.root
self.users.infinidoge
{
nixpkgs.hostPlatform = "x86_64-linux";
system.configurationRevision = lib.mkIf (self ? rev) self.rev;
nixpkgs.overlays = [
(final: prev: {
lib = prev.lib.extend libOverlay;
treefmt.projectRootFile = "flake.nix";
treefmt.programs.nixfmt.enable = true;
};
inherit (inputs.home-manager.packages.${prev.system}) home-manager;
})
self.overlays.packages
self.overlays.patches
self.overlays.overrides
flake = {
lib = import ./lib { inherit (nixpkgs) lib; };
# --- Domain-Specific Overlays
inputs.agenix.overlays.default
inputs.nix-minecraft.overlay
inputs.qtile.overlays.default
inputs.rust-overlay.overlays.default
inputs.universe-cli.overlays.default
users = self.lib.rakeLeaves ./users;
overlays = {
overrides = import ./overlays/overrides.nix inputs;
patches = import ./overlays/patches;
};
nixosConfigurations =
let
libOverlay = (
lfinal: lprev: {
our = self.lib;
hm = inputs.home-manager.lib.hm;
}
);
in
lib.mapAttrs (self.lib.mkHost {
specialArgs = {
lib = nixpkgs.lib.extend libOverlay;
inherit private self inputs;
};
modules = [
self.users.root
self.users.infinidoge
{
nixpkgs.hostPlatform = "x86_64-linux";
system.configurationRevision = lib.mkIf (self ? rev) self.rev;
nixpkgs.overlays = [
(final: prev: {
lib = prev.lib.extend libOverlay;
inherit (inputs.home-manager.packages.${prev.system}) home-manager;
})
self.overlays.packages
self.overlays.patches
self.overlays.overrides
# --- Domain-Specific Overlays
inputs.agenix.overlays.default
inputs.nix-minecraft.overlay
inputs.qtile.overlays.default
inputs.rust-overlay.overlays.default
inputs.universe-cli.overlays.default
];
home-manager = {
sharedModules = [
inputs.impermanence.nixosModules.home-manager.impermanence
inputs.nix-index-database.hmModules.nix-index
inputs.nixvim.homeManagerModules.nixvim
] ++ (self.lib.leaves ./users/modules);
};
}
# --- Universe Modules ---
./secrets
private.nixosModules.secrets
# --- Library Modules ---
inputs.agenix.nixosModules.age
inputs.disko.nixosModules.disko
inputs.home-manager.nixosModules.home-manager
inputs.impermanence.nixosModules.impermanence
inputs.nix-index-database.nixosModules.nix-index
inputs.nixos-wsl.nixosModules.wsl
# --- Domain-Specific Modules ---
inputs.authentik-nix.nixosModules.default
inputs.lix-module.nixosModules.default
inputs.hydra.nixosModules.overlayNixpkgsForThisHydra
inputs.nix-minecraft.nixosModules.minecraft-servers
] ++ (self.lib.leaves ./modules);
}) (self.lib.flattenLeaves ./hosts);
homeConfigurations = self.lib.mkHomeConfigurations {
inherit (self.nixosConfigurations)
"data.cs.purdue.edu"
vulcan
;
};
hydraJobs = {
packages = lib.mapAttrs (
_: lib.filterAttrs (n: v: v ? meta -> v.meta ? broken -> !v.meta.broken)
) self.packages;
nixosConfigurations.x86_64-linux =
lib.flip lib.genAttrs
(name: { toplevel = self.nixosConfigurations.${name}.config.system.build.toplevel; })
[
"Infini-DESKTOP"
"Infini-DL360"
"Infini-FRAMEWORK"
"Infini-OPTIPLEX"
"Infini-SERVER"
"hermes"
"hestia"
];
home-manager = {
sharedModules = [
inputs.impermanence.nixosModules.home-manager.impermanence
inputs.nix-index-database.hmModules.nix-index
inputs.nixvim.homeManagerModules.nixvim
] ++ (self.lib.leaves ./users/modules);
};
}
};
};
# --- Universe Modules ---
./secrets
private.nixosModules.secrets
# --- Library Modules ---
inputs.agenix.nixosModules.age
inputs.disko.nixosModules.disko
inputs.home-manager.nixosModules.home-manager
inputs.impermanence.nixosModules.impermanence
inputs.nix-index-database.nixosModules.nix-index
inputs.nixos-wsl.nixosModules.wsl
# --- Domain-Specific Modules ---
inputs.authentik-nix.nixosModules.default
inputs.lix-module.nixosModules.default
inputs.hydra.nixosModules.overlayNixpkgsForThisHydra
inputs.nix-minecraft.nixosModules.minecraft-servers
] ++ (self.lib.leaves ./modules);
})
(self.lib.flattenLeaves ./hosts);
homeConfigurations = self.lib.mkHomeConfigurations {
inherit (self.nixosConfigurations)
"data.cs.purdue.edu"
vulcan
;
};
hydraJobs = {
packages = lib.mapAttrs (_: lib.filterAttrs (n: v: v ? meta -> v.meta ? broken -> !v.meta.broken)) self.packages;
nixosConfigurations.x86_64-linux = lib.flip lib.genAttrs (name: { toplevel = self.nixosConfigurations.${name}.config.system.build.toplevel; }) [
"Infini-DESKTOP"
"Infini-DL360"
"Infini-FRAMEWORK"
"Infini-OPTIPLEX"
"Infini-SERVER"
"hermes"
"hestia"
imports = [
./pkgs
./shell
./templates
inputs.devshell.flakeModule
inputs.treefmt-nix.flakeModule
];
};
};
imports = [
./pkgs
./shell
./templates
inputs.devshell.flakeModule
inputs.treefmt-nix.flakeModule
];
});
}
);
}

23
hosts/Infini-DESKTOP/default.nix
View file

@ -1,4 +1,10 @@
{ config, pkgs, lib, ... }: {
{
config,
pkgs,
lib,
...
}:
{
imports = lib.lists.flatten [
./hardware-configuration.nix
./filesystems.nix
@ -69,7 +75,6 @@
razergenie # TODO: replace with polychromatic
];
programs.ns-usbloader.enable = true;
programs.minipro.enable = true;
@ -90,11 +95,13 @@
address = [ "10.10.0.3/32" ];
listenPort = 51820;
privateKeyFile = "/home/infinidoge/tmp/bb-vpn.key";
peers = [{
publicKey = "SYpnrGvxx8l4w9c7KVRVW6GyNDr/iK+maPPMw/Ua7XY=";
allowedIPs = [ "10.9.0.0/24" ];
endpoint = "66.23.193.252:55555";
persistentKeepalive = 25;
}];
peers = [
{
publicKey = "SYpnrGvxx8l4w9c7KVRVW6GyNDr/iK+maPPMw/Ua7XY=";
allowedIPs = [ "10.9.0.0/24" ];
endpoint = "66.23.193.252:55555";
persistentKeepalive = 25;
}
];
};
}

12
hosts/Infini-DESKTOP/filesystems.nix
View file

@ -7,14 +7,22 @@ let
backup = uuid "dabfc36b-20d1-4b09-8f55-4f9df7499741";
hydrus = uuid "2a025f29-4058-4a76-8f38-483f0925375d";
commonOptions = [ "autodefrag" "noatime" "ssd" ];
commonOptions = [
"autodefrag"
"noatime"
"ssd"
];
in
{
fileSystems = {
"/" = {
device = "none";
fsType = "tmpfs";
options = [ "defaults" "size=28G" "mode=755" ];
options = [
"defaults"
"size=28G"
"mode=755"
];
};
"/media/main" = {

8
hosts/Infini-DESKTOP/hardware-configuration.nix
View file

@ -1,7 +1,13 @@
{ ... }:
{
boot.initrd.availableKernelModules = [ "nvme" "ahci" "xhci_pci" "usbhid" "sd_mod" ];
boot.initrd.availableKernelModules = [
"nvme"
"ahci"
"xhci_pci"
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];

12
hosts/Infini-DL360/authentik.nix
View file

@ -1,4 +1,9 @@
{ config, common, secrets, ... }:
{
config,
common,
secrets,
...
}:
let
domain = common.subdomain "auth";
ldap = common.subdomain "ldap";
@ -32,7 +37,10 @@ in
environmentFile = secrets.authentik-ldap;
};
networking.firewall.allowedTCPPorts = [ 3389 6636 ];
networking.firewall.allowedTCPPorts = [
3389
6636
];
security.acme.certs.${ldap} = {
group = "nginx";

7
hosts/Infini-DL360/conduwuit.nix
View file

@ -1,4 +1,9 @@
{ config, common, inputs, ... }:
{
config,
common,
inputs,
...
}:
let
domain = common.subdomain "matrix";
cfg = config.services.conduwuit;

85
hosts/Infini-DL360/default.nix
View file

@ -1,4 +1,11 @@
{ config, lib, pkgs, private, ... }: {
{
config,
lib,
pkgs,
private,
...
}:
{
imports = [
./hardware-configuration.nix
./disks.nix
@ -57,19 +64,39 @@
networking = {
firewall = {
allowedUDPPorts = [ 80 443 ];
allowedTCPPorts = [ 80 443 25565 ];
allowedUDPPorts = [
80
443
];
allowedTCPPorts = [
80
443
25565
];
};
bridges = {
br0 = {
interfaces = [ "eno1" "eno2" "eno3" "eno4" ];
interfaces = [
"eno1"
"eno2"
"eno3"
"eno4"
];
};
};
interfaces.br0.ipv4.addresses = [{ address = "192.168.137.11"; prefixLength = 24; }];
interfaces.br0.ipv4.addresses = [
{
address = "192.168.137.11";
prefixLength = 24;
}
];
dhcpcd.denyInterfaces = [ "eno*" ];
defaultGateway = { address = "192.168.137.1"; interface = "br0"; };
defaultGateway = {
address = "192.168.137.1";
interface = "br0";
};
nat = {
enable = true;
@ -89,10 +116,12 @@
services.fail2ban.enable = true;
environment.etc."fail2ban/filter.d/nginx-url-probe.local".text = lib.mkDefault (lib.mkAfter ''
[Definition]
failregex = ^<HOST>.*GET.*(\.php|admin|wp\-).* HTTP/\d.\d\" 404.*$
'');
environment.etc."fail2ban/filter.d/nginx-url-probe.local".text = lib.mkDefault (
lib.mkAfter ''
[Definition]
failregex = ^<HOST>.*GET.*(\.php|admin|wp\-).* HTTP/\d.\d\" 404.*$
''
);
services.fail2ban.jails.nginx-url-probe.settings = {
enabled = true;
@ -127,22 +156,26 @@
services.minecraft-servers.servers.emd-server.autoStart = lib.mkForce false;
services.borgbackup.jobs."persist" = let tmux = lib.getExe pkgs.tmux; in {
preHook = ''
${tmux} -S /run/minecraft/friend-server.sock send-keys "say Server is backing up..." Enter
${tmux} -S /run/minecraft/friend-server.sock send-keys save-off Enter
${tmux} -S /run/minecraft/friend-server.sock send-keys save-all Enter
${tmux} -S /run/minecraft/sister-server.sock send-keys "say Server is backing up..." Enter
${tmux} -S /run/minecraft/sister-server.sock send-keys save-off Enter
${tmux} -S /run/minecraft/sister-server.sock send-keys save-all Enter
'';
postHook = ''
${tmux} -S /run/minecraft/friend-server.sock send-keys save-on Enter
${tmux} -S /run/minecraft/friend-server.sock send-keys "say Backup complete" Enter
${tmux} -S /run/minecraft/sister-server.sock send-keys save-on Enter
${tmux} -S /run/minecraft/sister-server.sock send-keys "say Backup complete" Enter
'';
};
services.borgbackup.jobs."persist" =
let
tmux = lib.getExe pkgs.tmux;
in
{
preHook = ''
${tmux} -S /run/minecraft/friend-server.sock send-keys "say Server is backing up..." Enter
${tmux} -S /run/minecraft/friend-server.sock send-keys save-off Enter
${tmux} -S /run/minecraft/friend-server.sock send-keys save-all Enter
${tmux} -S /run/minecraft/sister-server.sock send-keys "say Server is backing up..." Enter
${tmux} -S /run/minecraft/sister-server.sock send-keys save-off Enter
${tmux} -S /run/minecraft/sister-server.sock send-keys save-all Enter
'';
postHook = ''
${tmux} -S /run/minecraft/friend-server.sock send-keys save-on Enter
${tmux} -S /run/minecraft/friend-server.sock send-keys "say Backup complete" Enter
${tmux} -S /run/minecraft/sister-server.sock send-keys save-on Enter
${tmux} -S /run/minecraft/sister-server.sock send-keys "say Backup complete" Enter
'';
};
systemd.services.setup-infiniband = {
wantedBy = [ "network.target" ];

5
hosts/Infini-DL360/disks.nix
View file

@ -3,7 +3,10 @@ with lib.our.disko;
{
boot.kernelPackages = pkgs.linuxPackages;
boot.zfs.extraPools = [ "zssd" "zhdd" ];
boot.zfs.extraPools = [
"zssd"
"zhdd"
];
disko.devices = {
nodev."/" = mkTmpfs "64G";

8
hosts/Infini-DL360/forgejo.nix
View file

@ -1,4 +1,10 @@
{ config, common, secrets, pkgs, ... }:
{
config,
common,
secrets,
pkgs,
...
}:
let
cfg = config.services.forgejo;
domain = common.subdomain "git";

14
hosts/Infini-DL360/hardware-configuration.nix
View file

@ -5,12 +5,22 @@
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "uhci_hcd" "hpsa" "usb_storage" "sd_mod" ];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ehci_pci"
"uhci_hcd"
"hpsa"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.kernelParams = [ "boot.shell_on_fail" ];
boot.supportedFilesystems = [ "btrfs" "zfs" ];
boot.supportedFilesystems = [
"btrfs"
"zfs"
];
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
info.model = "HPE ProLiant DL360 Gen 9";

12
hosts/Infini-DL360/hedgedoc.nix
View file

@ -1,4 +1,9 @@
{ config, common, secrets, ... }:
{
config,
common,
secrets,
...
}:
let
cfg = config.services.hedgedoc;
domain = common.subdomain "md";
@ -12,7 +17,10 @@ in
protocolUseSSL = true;
port = 4003;
db = { dialect = "sqlite"; storage = "/srv/hedgedoc/db.sqlite"; };
db = {
dialect = "sqlite";
storage = "/srv/hedgedoc/db.sqlite";
};
uploadsPath = "/srv/hedgedoc/uploads";
allowFreeURL = true;

15
hosts/Infini-DL360/hydra.nix
View file

@ -1,4 +1,10 @@
{ config, common, secrets, pkgs, ... }:
{
config,
common,
secrets,
pkgs,
...
}:
let
domain = common.subdomain "hydra";
in
@ -61,7 +67,12 @@ in
{
hostName = "localhost";
system = "x86_64-linux";
supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ];
supportedFeatures = [
"kvm"
"nixos-test"
"big-parallel"
"benchmark"
];
protocol = null;
maxJobs = 32;
speedFactor = 16;

7
hosts/Infini-DL360/immich.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, common, ... }:
{
config,
pkgs,
common,
...
}:
let
domain = common.subdomain "photos";
cfg = config.services.immich;

14
hosts/Infini-DL360/jellyfin.nix
View file

@ -25,9 +25,11 @@ in
locations."/" = {
proxyPass = jellyfin;
recommendedProxySettings = false;
extraConfig = proxyConfig + ''
proxy_buffering off;
'';
extraConfig =
proxyConfig
+ ''
proxy_buffering off;
'';
};
locations."= /web/" = {
@ -51,5 +53,9 @@ in
openFirewall = true;
};
persist.directories = with config.services.jellyfin; [ dataDir cacheDir logDir ];
persist.directories = with config.services.jellyfin; [
dataDir
cacheDir
logDir
];
}

55
hosts/Infini-DL360/jupyter.nix
View file

@ -1,11 +1,22 @@
{ config, common, pkgs, ... }:
{
config,
common,
pkgs,
...
}:
let
cfg = config.services.jupyter;
mkPythonKernel = displayName: env: {
inherit displayName;
language = "python";
argv = [ "${env.interpreter}" "-m" "ipykernel_launcher" "-f" "{connection_file}" ];
argv = [
"${env.interpreter}"
"-m"
"ipykernel_launcher"
"-f"
"{connection_file}"
];
logo32 = "${env}/${env.sitePackages}/ipykernel/resources/logo-32x32.png";
logo64 = "${env}/${env.sitePackages}/ipykernel/resources/logo-64x64.png";
};
@ -59,24 +70,32 @@ in
notebookDir = "~/Notebooks";
kernels = {
python3 = mkPythonKernel "Python 3" (pkgs.python3.withPackages (p: with p; [
ipykernel
python3 = mkPythonKernel "Python 3" (
pkgs.python3.withPackages (
p: with p; [
ipykernel
matplotlib
numpy
pandas
scipy
]));
vpython = mkPythonKernel "VPython" (pkgs.python3.withPackages (p: with p; [
ipykernel
jupyterlab-vpython
matplotlib
numpy
pandas
scipy
]
)
);
vpython = mkPythonKernel "VPython" (
pkgs.python3.withPackages (
p: with p; [
ipykernel
jupyterlab-vpython
vpython-jupyter
matplotlib
numpy
pandas
scipy
]));
vpython-jupyter
matplotlib
numpy
pandas
scipy
]
)
);
};
};

8
hosts/Infini-DL360/postgresql.nix
View file

@ -4,7 +4,13 @@ let
directory = "/srv/postgresql";
in
{
persist.directories = [{ inherit directory; user = "postgres"; group = "postgres"; }];
persist.directories = [
{
inherit directory;
user = "postgres";
group = "postgres";
}
];
services.postgresql = {
enable = true;

7
hosts/Infini-DL360/searx.nix
View file

@ -1,4 +1,9 @@
{ config, common, secrets, ... }:
{
config,
common,
secrets,
...
}:
let
cfg = config.services.searx;
domain = common.subdomain "search";

11
hosts/Infini-DL360/ssh.nix
View file

@ -50,8 +50,15 @@ in
security.pam.services.sshd.allowNullPassword = true;
systemd.tmpfiles.settings."30-external" = {
"/srv/external".d = { user = "root"; group = "root"; };
"/srv/external/incoming".d = { user = "incoming"; group = "incoming"; mode = "0770"; };
"/srv/external".d = {
user = "root";
group = "root";
};
"/srv/external/incoming".d = {
user = "incoming";
group = "incoming";
mode = "0770";
};
};
# https://enotacoes.wordpress.com/2021/10/05/limiting-user-to-sshfs-or-sftp-of-one-directory-only/

7
hosts/Infini-DL360/thelounge.nix
View file

@ -1,4 +1,9 @@
{ config, common, pkgs, ... }:
{
config,
common,
pkgs,
...
}:
{
services.nginx.virtualHosts."thelounge.inx.moe" = common.nginx.ssl // {

8
hosts/Infini-DL360/torrenting.nix
View file

@ -1,4 +1,10 @@
{ pkgs, private, config, lib, ... }:
{
pkgs,
private,
config,
lib,
...
}:
{
containers.torrenting = {

9
hosts/Infini-DL360/vaultwarden.nix
View file

@ -1,4 +1,11 @@
{ config, common, secrets, lib, pkgs, ... }:
{
config,
common,
secrets,
lib,
pkgs,
...
}:
let
domain = common.subdomain "bitwarden";
in

117
hosts/Infini-DL360/web.nix
View file

@ -1,4 +1,10 @@
{ config, common, pkgs, lib, ... }:
{
config,
common,
pkgs,
lib,
...
}:
let
inherit (common.nginx) ssl ssl-optional;
@ -14,21 +20,23 @@ let
location ~ "/\..+" { deny all; }
'';
mkWebsite = name: ssl // {
locations."/" = {
root = "/srv/web/${name}";
inherit tryFiles;
extraConfig = websiteConfig;
mkWebsite =
name:
ssl
// {
locations."/" = {
root = "/srv/web/${name}";
inherit tryFiles;
extraConfig = websiteConfig;
};
};
};
mkRedirect = from: to: ssl-optional // { globalRedirect = to; };
websites = lib.genAttrs [
"inx.moe"
"stickers.inx.moe"
]
mkWebsite;
] mkWebsite;
redirects = lib.mapAttrs mkRedirect {
"nitter.inx.moe" = "twitter.com";
@ -44,52 +52,55 @@ in
}
'';
services.nginx.virtualHosts = websites // redirects // {
"j.inx.moe" = ssl-optional // {
locations."/" = {
return = "302 $jump_link";
services.nginx.virtualHosts =
websites
// redirects
// {
"j.inx.moe" = ssl-optional // {
locations."/" = {
return = "302 $jump_link";
};
};
"blahaj.inx.moe" = ssl-optional // {
locations."/" = {
tryFiles = "/Blahaj.png =404";
root = ./static;
};
locations."/buy" = {
return = "301 https://www.ikea.com/us/en/p/blahaj-soft-toy-shark-90373590/";
};
};
"swedish.fish" = ssl-optional // {
locations."/" = {
tryFiles = "/Blahaj.png =404";
root = ./static;
};
locations."/buy" = {
return = "301 https://www.ikea.com/us/en/p/blahaj-soft-toy-shark-90373590/";
};
};
"files.inx.moe" = ssl // {
locations."/" = {
root = "/srv/web/files.inx.moe";
extraConfig = ''
autoindex on;
'';
};
locations."/p/" = {
root = "/srv/web/files.inx.moe";
};
};
"old.inx.moe" = ssl-optional // {
locations."/" = {
root = "/srv/web/inx.moe";
inherit tryFiles;
extraConfig = websiteConfig;
};
};
"foxy.software" = ssl-optional // {
locations."/".return = "301 https://inx.moe";
};
};
"blahaj.inx.moe" = ssl-optional // {
locations."/" = {
tryFiles = "/Blahaj.png =404";
root = ./static;
};
locations."/buy" = {
return = "301 https://www.ikea.com/us/en/p/blahaj-soft-toy-shark-90373590/";
};
};
"swedish.fish" = ssl-optional // {
locations."/" = {
tryFiles = "/Blahaj.png =404";
root = ./static;
};
locations."/buy" = {
return = "301 https://www.ikea.com/us/en/p/blahaj-soft-toy-shark-90373590/";
};
};
"files.inx.moe" = ssl // {
locations."/" = {
root = "/srv/web/files.inx.moe";
extraConfig = ''
autoindex on;
'';
};
locations."/p/" = {
root = "/srv/web/files.inx.moe";
};
};
"old.inx.moe" = ssl-optional // {
locations."/" = {
root = "/srv/web/inx.moe";
inherit tryFiles;
extraConfig = websiteConfig;
};
};
"foxy.software" = ssl-optional // {
locations."/".return = "301 https://inx.moe";
};
};
services.uwsgi = {
enable = true;

64
hosts/Infini-FRAMEWORK/default.nix
View file

@ -1,4 +1,10 @@
{ config, pkgs, lib, ... }: {
{
config,
pkgs,
lib,
...
}:
{
imports = [
./hardware-configuration.nix
./filesystems.nix
@ -11,7 +17,10 @@
persist = {
directories = [
{ directory = "/var/lib/dnsmasq/"; user = "dnsmasq"; }
{
directory = "/var/lib/dnsmasq/";
user = "dnsmasq";
}
];
files = [
@ -82,7 +91,10 @@
"sys-devices-pci0000:00-0000:00:02.0-drm-card0-card0\\x2deDP\\x2d1-intel_backlight.device"
"sys-devices-pci0000:00-0000:00:02.0-drm-card1-card1\\x2deDP\\x2d1-intel_backlight.device"
];
after = [ "system-systemd\\x2dbacklight.slice" "systemd-backlight@backlight:intel_backlight.service" ];
after = [
"system-systemd\\x2dbacklight.slice"
"systemd-backlight@backlight:intel_backlight.service"
];
serviceConfig.Type = "oneshot";
script = "${lib.getExe pkgs.brightnessctl} set 50%";
};
@ -99,8 +111,16 @@
#}
{
hostName = "infini-dl360";
systems = [ "x86_64-linux" "aarch64-linux" ];
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
systems = [
"x86_64-linux"
"aarch64-linux"
];
supportedFeatures = [
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
];
protocol = "ssh-ng";
maxJobs = 32;
speedFactor = 16;
@ -114,26 +134,33 @@
address = [ "10.10.0.3/32" ];
listenPort = 51820;
privateKeyFile = "/home/infinidoge/tmp/bb-vpn.key";
peers = [{
publicKey = "SYpnrGvxx8l4w9c7KVRVW6GyNDr/iK+maPPMw/Ua7XY=";
allowedIPs = [ "10.9.0.0/24" ];
endpoint = "66.23.193.252:55555";
persistentKeepalive = 25;
}];
peers = [
{
publicKey = "SYpnrGvxx8l4w9c7KVRVW6GyNDr/iK+maPPMw/Ua7XY=";
allowedIPs = [ "10.9.0.0/24" ];
endpoint = "66.23.193.252:55555";
persistentKeepalive = 25;
}
];
};
specialisation.router.configuration = {
networking = {
interfaces."enp0s13f0u1" = {
ipv4.addresses = [{
address = "192.168.100.1";
prefixLength = 24;
}];
ipv4.addresses = [
{
address = "192.168.100.1";
prefixLength = 24;
}
];
};
firewall.interfaces."enp0s13f0u1" = {
allowedTCPPorts = [ 53 ];
allowedUDPPorts = [ 53 67 ];
allowedUDPPorts = [
53
67
];
};
nat = {
@ -146,7 +173,10 @@
services.dnsmasq = {
enable = true;
settings = {
server = [ "8.8.8.8" "1.1.1.1" ];
server = [
"8.8.8.8"
"1.1.1.1"
];
domain-needed = true;
bogus-priv = true;
no-resolv = true;

103
hosts/Infini-FRAMEWORK/displays.nix
View file

@ -13,12 +13,26 @@ in
services.autorandr.profiles =
let
scale = { x = scaleFactor'; y = scaleFactor'; };
scale = {
x = scaleFactor';
y = scaleFactor';
};
config = {
framework = { mode = "2256x1504"; primary = true; inherit scale; };
portable-second = { mode = "1920x1080"; rotate = "left"; };
dock = { mode = "1280x1024"; };
dorm = { mode = "1920x1080"; };
framework = {
mode = "2256x1504";
primary = true;
inherit scale;
};
portable-second = {
mode = "1920x1080";
rotate = "left";
};
dock = {
mode = "1280x1024";
};
dorm = {
mode = "1920x1080";
};
};
fingerprints = {
framework = "00ffffffffffff0009e5ca0b000000002f200104a51c137803de50a3544c99260f505400000001010101010101010101010101010101115cd01881e02d50302036001dbe1000001aa749d01881e02d50302036001dbe1000001a000000fe00424f452043510a202020202020000000fe004e4531333546424d2d4e34310a0073";
@ -32,30 +46,57 @@ in
config = lib.mapAttrs (_: v: lib.removeAttrs v [ "fingerprint" ]) config;
};
in
lib.mapAttrs (_: mkConfig) (with config'; {
main = {
eDP-1 = framework // { position = "0x0"; };
};
portable-second = {
eDP-1 = framework // { position = "1080x716"; };
DP-4 = portable-second // { position = "0x0"; };
};
docked = {
eDP-1 = framework // { position = "0x210"; };
DP-1-3 = dock // { position = "1805x0"; };
};
docked-alt = {
eDP-1 = framework // { position = "1080x716"; };
DP-4 = portable-second // { position = "0x0"; };
DP-1-3 = dock // { position = "2885x506"; };
};
dorm = {
eDP-1 = framework // { position = "1920x0"; };
DP-4 = dorm // { position = "0x0"; };
};
dorm-2 = {
eDP-1 = framework // { position = "1920x0"; };
DP-3 = dorm // { position = "0x0"; };
};
});
lib.mapAttrs (_: mkConfig) (
with config';
{
main = {
eDP-1 = framework // {
position = "0x0";
};
};
portable-second = {
eDP-1 = framework // {
position = "1080x716";
};
DP-4 = portable-second // {
position = "0x0";
};
};
docked = {
eDP-1 = framework // {
position = "0x210";
};
DP-1-3 = dock // {
position = "1805x0";
};
};
docked-alt = {
eDP-1 = framework // {
position = "1080x716";
};
DP-4 = portable-second // {
position = "0x0";
};
DP-1-3 = dock // {
position = "2885x506";
};
};
dorm = {
eDP-1 = framework // {
position = "1920x0";
};
DP-4 = dorm // {
position = "0x0";
};
};
dorm-2 = {
eDP-1 = framework // {
position = "1920x0";
};
DP-3 = dorm // {
position = "0x0";
};
};
}
);
}

8
hosts/Infini-FRAMEWORK/hardware-configuration.nix
View file

@ -1,7 +1,13 @@
{ lib, ... }:
{
boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ];
boot.initrd.availableKernelModules = [
"xhci_pci"
"thunderbolt"
"nvme"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];

3
hosts/Infini-OPTIPLEX/default.nix
View file

@ -1,4 +1,5 @@
{ ... }: {
{ ... }:
{
imports = [
./hardware-configuration.nix
./filesystems.nix

13
hosts/Infini-OPTIPLEX/filesystems.nix
View file

@ -3,7 +3,12 @@ let
uuid = uuid: "/dev/disk/by-uuid/${uuid}";
main = uuid "9d4bf2d8-f139-42e7-937a-541a7870d806";
data = uuid "456cebd3-f800-4733-a783-90ed7c8978f7";
commonOptions = [ "autodefrag" "noatime" "ssd" "compress=zstd:1" ];
commonOptions = [
"autodefrag"
"noatime"
"ssd"
"compress=zstd:1"
];
mkMain' = options: {
device = main;
@ -26,7 +31,11 @@ in
"/" = {
device = "none";
fsType = "tmpfs";
options = [ "defaults" "size=16G" "mode=755" ];
options = [
"defaults"
"size=16G"
"mode=755"
];
};
"/media/main" = mkMain' [ ];

9
hosts/Infini-OPTIPLEX/hardware-configuration.nix
View file

@ -1,7 +1,14 @@
{ lib, ... }:
{
boot.initrd.availableKernelModules = [ "ahci" "nvme" "sd_mod" "usb_storage" "usbhid" "xhci_pci" ];
boot.initrd.availableKernelModules = [
"ahci"
"nvme"
"sd_mod"
"usb_storage"
"usbhid"
"xhci_pci"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];

18
hosts/Infini-RASPBERRY/default.nix
View file

@ -1,4 +1,10 @@
{ inputs, config, lib, pkgs, ... }:
{
inputs,
config,
lib,
pkgs,
...
}:
with lib;
{
imports = [
@ -13,8 +19,7 @@ with lib;
nixpkgs.overlays = [
(final: super: {
makeModulesClosure = x:
super.makeModulesClosure (x // { allowMissing = true; });
makeModulesClosure = x: super.makeModulesClosure (x // { allowMissing = true; });
})
];
@ -31,7 +36,12 @@ with lib;
kernelPackages = mkForce pkgs.linuxPackages_rpi4;
# Removes ZFS >:(
supportedFilesystems = mkForce [ "btrfs" "ntfs" "vfat" "ext4" ];
supportedFilesystems = mkForce [
"btrfs"
"ntfs"
"vfat"
"ext4"
];
tmp.useTmpfs = true;
# kernelParams = [

14
hosts/Infini-RASPBERRY/sd-image.nix
View file

@ -1,4 +1,10 @@
{ modulesPath, config, lib, pkgs, ... }:
{
modulesPath,
config,
lib,
pkgs,
...
}:
{
#formatAttr = "sdImage";
@ -18,7 +24,11 @@
# The serial ports listed here are:
# - ttyS0: for Tegra (Jetson TX1)
# - ttyAMA0: for QEMU's -machine virt
boot.kernelParams = [ "console=ttyS0,115200n8" "console=ttyAMA0,115200n8" "console=tty0" ];
boot.kernelParams = [
"console=ttyS0,115200n8"
"console=ttyAMA0,115200n8"
"console=tty0"
];
#sdImage = {
# populateFirmwareCommands =

13
hosts/Infini-SD/default.nix
View file

@ -1,4 +1,5 @@
{ pkgs, ... }: {
{ pkgs, ... }:
{
imports = [
./hardware-configuration.nix
./filesystems.nix
@ -20,10 +21,12 @@
networking = {
interfaces.eno4 = {
ipv4.addresses = [{
address = "128.210.6.109";
prefixLength = 28;
}];
ipv4.addresses = [
{
address = "128.210.6.109";
prefixLength = 28;
}
];
};
defaultGateway = {
address = "128.210.6.97";

12
hosts/Infini-SD/filesystems.nix
View file

@ -3,7 +3,11 @@
let
uuid = uuid: "/dev/disk/by-uuid/${uuid}";
main = uuid "527062b3-7a48-4456-8527-30887c6e9f52";
commonOptions = [ "autodefrag" "noatime" "compress-force=zstd:1" ];
commonOptions = [
"autodefrag"
"noatime"
"compress-force=zstd:1"
];
mkMain' = options: {
device = main;
@ -17,7 +21,11 @@ in
"/" = {
device = "none";
fsType = "tmpfs";
options = [ "defaults" "size=64G" "mode=755" ];
options = [
"defaults"
"size=64G"
"mode=755"
];
};
"/media/main" = mkMain' [ ];

19
hosts/Infini-SD/hardware-configuration.nix
View file

@ -5,12 +5,25 @@
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "ahci" "usbhid" "sd_mod" ];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"thunderbolt"
"ahci"
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = [ "usb_storage" ];
boot.kernelModules = [ "kvm-amd" "kvm-intel" ];
boot.kernelModules = [
"kvm-amd"
"kvm-intel"
];
boot.extraModulePackages = [ ];
boot.kernelParams = [ "boot.shell_on_fail" ];
boot.supportedFilesystems = [ "btrfs" "zfs" ];
boot.supportedFilesystems = [
"btrfs"
"zfs"
];
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
info.model = "SD Card Installation";

3
hosts/Infini-SERVER/default.nix
View file

@ -1,4 +1,5 @@
{ ... }: {
{ ... }:
{
imports = [
./hardware-configuration.nix
./filesystems.nix

12
hosts/Infini-SERVER/filesystems.nix
View file

@ -7,7 +7,11 @@ let
esp = uuid "A2B8-4C6E";
data = uuid "59abb0ff-fe4e-4061-87d2-b728b937656a";
commonOptions = [ "autodefrag" "noatime" "ssd" ];
commonOptions = [
"autodefrag"
"noatime"
"ssd"
];
in
{
@ -15,7 +19,11 @@ in
"/" = {
device = "tmpfs";
fsType = "tmpfs";
options = [ "defaults" "size=4G" "mode=755" ];
options = [
"defaults"
"size=4G"
"mode=755"
];
};
"/media/main" = {

14
hosts/Infini-SERVER/hardware-configuration.nix
View file

@ -1,9 +1,19 @@
{ lib, ... }:
{
boot.initrd.availableKernelModules = [ "nvme" "usb_storage" "xhci_pci" "ahci" "usbhid" "sd_mod" ];
boot.initrd.availableKernelModules = [
"nvme"
"usb_storage"
"xhci_pci"
"ahci"
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" "kvm-intel" ];
boot.kernelModules = [
"kvm-amd"
"kvm-intel"
];
boot.extraModulePackages = [ ];
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";

13
hosts/Infini-SWIFT/hardware-configuration.nix
View file

@ -1,12 +1,15 @@
{ lib, modulesPath, ... }:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" ];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];

73
hosts/data.cs.purdue.edu/default.nix
View file

@ -1,4 +1,10 @@
{ private, config, lib, pkgs, ... }:
{
private,
config,
lib,
pkgs,
...
}:
{
modules.hardware.form.server = true;
@ -14,40 +20,45 @@
home-manager.useUserPackages = false;
home = { main, config, ... }: {
home = {
username = lib.mkForce private.variables.purdue-username;
home =
{ main, config, ... }:
{
home = {
username = lib.mkForce private.variables.purdue-username;
packages = with pkgs; [
home-manager
] ++ main.universe.packages;
packages =
with pkgs;
[
home-manager
]
++ main.universe.packages;
inherit (main.universe) shellAliases;
inherit (main.universe) shellAliases;
sessionVariables = {
TMPDIR = "${config.home.homeDirectory}/scratch/tmp";
UNIVERSE_FLAKE_ROOT = "${config.home.homeDirectory}/universe";
UNIVERSE_USERNAME = main.user.name;
SHELL = "zsh";
sessionVariables = {
TMPDIR = "${config.home.homeDirectory}/scratch/tmp";
UNIVERSE_FLAKE_ROOT = "${config.home.homeDirectory}/universe";
UNIVERSE_USERNAME = main.user.name;
SHELL = "zsh";
};
file.".profile".target = ".profile-hm";
homeDirectory = lib.mkForce "/homes/${config.home.username}";
};
file.".profile".target = ".profile-hm";
homeDirectory = lib.mkForce "/homes/${config.home.username}";
nix.settings = {
inherit (main.nix.settings)
auto-optimise-store
experimental-features
fallback
flake-registry
keep-derivations
keep-outputs
min-free
sandbox
use-xdg-base-directories
;
};
};
nix.settings = {
inherit (main.nix.settings)
auto-optimise-store
experimental-features
fallback
flake-registry
keep-derivations
keep-outputs
min-free
sandbox
use-xdg-base-directories
;
};
};
}

3
hosts/hermes/default.nix
View file

@ -1,4 +1,5 @@
{ pkgs, ... }: {
{ pkgs, ... }:
{
imports = [
./hardware-configuration.nix
./disks.nix

19
hosts/hermes/hardware-configuration.nix
View file

@ -5,12 +5,25 @@
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "ahci" "usbhid" "sd_mod" ];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"thunderbolt"
"ahci"
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = [ "usb_storage" ];
boot.kernelModules = [ "kvm-amd" "kvm-intel" ];
boot.kernelModules = [
"kvm-amd"
"kvm-intel"
];
boot.extraModulePackages = [ ];
boot.kernelParams = [ "boot.shell_on_fail" ];
boot.supportedFilesystems = [ "btrfs" "zfs" ];
boot.supportedFilesystems = [
"btrfs"
"zfs"
];
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
info.model = "Portable Installation";

12
hosts/hestia/hardware-configuration.nix
View file

@ -5,12 +5,20 @@
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" ];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.kernelParams = [ "boot.shell_on_fail" ];
boot.supportedFilesystems = [ "btrfs" "zfs" ];
boot.supportedFilesystems = [
"btrfs"
"zfs"
];
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
info.model = "Dell R330";

31
hosts/vulcan/default.nix
View file

@ -10,21 +10,26 @@
home-manager.useUserPackages = false;
home = { main, config, ... }: {
home = {
packages = with pkgs; [
home-manager
] ++ main.universe.packages;
home =
{ main, config, ... }:
{
home = {
packages =
with pkgs;
[
home-manager
]
++ main.universe.packages;
inherit (main.universe) shellAliases;
inherit (main.universe) shellAliases;
sessionVariables = {
UNIVERSE_FLAKE_ROOT = "${config.home.homeDirectory}/universe";
UNIVERSE_MODE = "home-manager";
sessionVariables = {
UNIVERSE_FLAKE_ROOT = "${config.home.homeDirectory}/universe";
UNIVERSE_MODE = "home-manager";
};
};
};
nix.settings.use-xdg-base-directories = true;
nix.settings.use-xdg-base-directories = true;
universe.programming.all.enable = true;
};
universe.programming.all.enable = true;
};
}

212
lib/default.nix
View file

@ -1,107 +1,133 @@
{ lib }:
lib.makeExtensible (self:
with lib;
rec {
flattenListSet = imports: (flatten (concatLists (attrValues imports)));
flattenSetList = attrSet: (mapAttrs (name: value: flatten value) attrSet);
lib.makeExtensible (
self:
with lib;
rec {
flattenListSet = imports: (flatten (concatLists (attrValues imports)));
flattenSetList = attrSet: (mapAttrs (name: value: flatten value) attrSet);
# ["/home/user/" "/.screenrc"] -> ["home" "user" ".screenrc"]
splitPath = paths:
(filter
(s: builtins.typeOf s == "string" && s != "")
(concatMap (builtins.split "/") paths)
);
# ["/home/user/" "/.screenrc"] -> ["home" "user" ".screenrc"]
splitPath =
paths:
(filter (s: builtins.typeOf s == "string" && s != "") (concatMap (builtins.split "/") paths));
# ["home" "user" ".screenrc"] -> "home/user/.screenrc"
dirListToPath = dirList: (concatStringsSep "/" dirList);
# ["home" "user" ".screenrc"] -> "home/user/.screenrc"
dirListToPath = dirList: (concatStringsSep "/" dirList);
# ["/home/user/" "/.screenrc"] -> "/home/user/.screenrc"
concatPaths = paths:
let
prefix = optionalString (hasPrefix "/" (head paths)) "/";
path = dirListToPath (splitPath paths);
in
prefix + path;
# ["/home/user/" "/.screenrc"] -> "/home/user/.screenrc"
concatPaths =
paths:
let
prefix = optionalString (hasPrefix "/" (head paths)) "/";
path = dirListToPath (splitPath paths);
in
prefix + path;
sanitizeName = name:
replaceStrings
[ "." ] [ "" ]
(sanitizeDerivationName (removePrefix "/" name));
sanitizeName = name: replaceStrings [ "." ] [ "" ] (sanitizeDerivationName (removePrefix "/" name));
mapGenAttrs = list: func: attrs:
lib.genAttrs list (name: func (if builtins.typeOf attrs == "lambda" then attrs name else attrs));
mapGenAttrs =
list: func: attrs:
lib.genAttrs list (name: func (if builtins.typeOf attrs == "lambda" then attrs name else attrs));
dirsOf = dir: lib.attrNames (lib.filterAttrs (file: type: type == "directory") (builtins.readDir dir));
dirsOf =
dir: lib.attrNames (lib.filterAttrs (file: type: type == "directory") (builtins.readDir dir));
# Only useful for functors
recMap = f: list:
if list == [ ] then f
else recMap (f (head list)) (tail list)
;
# Only useful for functors
recMap = f: list: if list == [ ] then f else recMap (f (head list)) (tail list);
chain = {
func = id;
__functor = self: input:
if (typeOf input) == "lambda"
then self // { func = e: input (self.func e); }
else self.func input;
};
chain = {
func = id;
__functor =
self: input:
if (typeOf input) == "lambda" then self // { func = e: input (self.func e); } else self.func input;
};
spread = function: list: if list == [ ] then function else spread (function (head list)) (tail list);
spread =
function: list: if list == [ ] then function else spread (function (head list)) (tail list);
isFunction = obj: (typeOf obj) == "lambda" || ((typeOf obj) == "set" && obj ? __functor);
isFunction = obj: (typeOf obj) == "lambda" || ((typeOf obj) == "set" && obj ? __functor);
# Takes a function and makes it lazy, by consuming arguments and applying it to the inner function first
# before calling the original function
# if the inner object is not actually a function, then just calls the original function
lazy = func: inner: if !(isFunction inner) then func inner else {
inherit func;
app = inner;
__functor = self: input:
let app = self.app input; in
if isFunction app then self // { inherit app; }
else self.func app;
};
# Takes a function and makes it lazy, by consuming arguments and applying it to the inner function first
# before calling the original function
# if the inner object is not actually a function, then just calls the original function
lazy =
func: inner:
if !(isFunction inner) then
func inner
else
{
inherit func;
app = inner;
__functor =
self: input:
let
app = self.app input;
in
if isFunction app then self // { inherit app; } else self.func app;
};
toBase64 = text:
let
inherit (lib) sublist mod stringToCharacters concatMapStrings;
inherit (lib.strings) charToInt;
inherit (builtins) substring foldl' genList elemAt length concatStringsSep stringLength;
lookup = stringToCharacters "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
sliceN = size: list: n: sublist (n * size) size list;
pows = [ (64 * 64 * 64) (64 * 64) 64 1 ];
intSextets = i: map (j: mod (i / j) 64) pows;
compose = f: g: x: f (g x);
intToChar = elemAt lookup;
convertTripletInt = sliceInt: concatMapStrings intToChar (intSextets sliceInt);
sliceToInt = foldl' (acc: val: acc * 256 + val) 0;
convertTriplet = compose convertTripletInt sliceToInt;
join = concatStringsSep "";
convertLastSlice = slice:
let
len = length slice;
in
if len == 1
then (substring 0 2 (convertTripletInt ((sliceToInt slice) * 256 * 256))) + "=="
else if len == 2
then (substring 0 3 (convertTripletInt ((sliceToInt slice) * 256))) + "="
else "";
len = stringLength text;
nFullSlices = len / 3;
bytes = map charToInt (stringToCharacters text);
tripletAt = sliceN 3 bytes;
head = genList (compose convertTriplet tripletAt) nFullSlices;
tail = convertLastSlice (tripletAt nFullSlices);
in
join (head ++ [ tail ]);
toBase64 =
text:
let
inherit (lib)
sublist
mod
stringToCharacters
concatMapStrings
;
inherit (lib.strings) charToInt;
inherit (builtins)
substring
foldl'
genList
elemAt
length
concatStringsSep
stringLength
;
lookup = stringToCharacters "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
sliceN =
size: list: n:
sublist (n * size) size list;
pows = [
(64 * 64 * 64)
(64 * 64)
64
1
];
intSextets = i: map (j: mod (i / j) 64) pows;
compose =
f: g: x:
f (g x);
intToChar = elemAt lookup;
convertTripletInt = sliceInt: concatMapStrings intToChar (intSextets sliceInt);
sliceToInt = foldl' (acc: val: acc * 256 + val) 0;
convertTriplet = compose convertTripletInt sliceToInt;
join = concatStringsSep "";
convertLastSlice =
slice:
let
len = length slice;
in
if len == 1 then
(substring 0 2 (convertTripletInt ((sliceToInt slice) * 256 * 256))) + "=="
else if len == 2 then
(substring 0 3 (convertTripletInt ((sliceToInt slice) * 256))) + "="
else
"";
len = stringLength text;
nFullSlices = len / 3;
bytes = map charToInt (stringToCharacters text);
tripletAt = sliceN 3 bytes;
head = genList (compose convertTriplet tripletAt) nFullSlices;
tail = convertLastSlice (tripletAt nFullSlices);
in
join (head ++ [ tail ]);
disko = import ./disko.nix { inherit lib; };
filesystems = import ./filesystems.nix { inherit lib self; };
} // (
import ./digga.nix { inherit lib; }
) // (
import ./hosts.nix { inherit lib; }
) // (
import ./options.nix { inherit lib; }
))
disko = import ./disko.nix { inherit lib; };
filesystems = import ./filesystems.nix { inherit lib self; };
}
// (import ./digga.nix { inherit lib; })
// (import ./hosts.nix { inherit lib; })
// (import ./options.nix { inherit lib; })
)

195
lib/digga.nix
View file

@ -4,63 +4,58 @@
let
flattenTree' =
/*
*
Synopsis: flattenTree' _cond_ _sep_ _tree_
*
Synopsis: flattenTree' _cond_ _sep_ _tree_
Flattens a _tree_ of the shape that is produced by rakeLeaves.
_cond_ determines when to stop recursing
_sep_ is the separator to join the path with
Flattens a _tree_ of the shape that is produced by rakeLeaves.
_cond_ determines when to stop recursing
_sep_ is the separator to join the path with
Output Format:
An attrset with names in the spirit of the Reverse DNS Notation form
that fully preserve information about grouping from nesting.
Output Format:
An attrset with names in the spirit of the Reverse DNS Notation form
that fully preserve information about grouping from nesting.
Example input:
```
{
a = {
b = {
c = <path>;
};
};
}
```
Example input:
```
{
a = {
b = {
c = <path>;
};
};
}
```
Example output:
```
{
"a.b.c" = <path>;
}
```
*
*/
cond:
sep:
tree:
Example output:
```
{
"a.b.c" = <path>;
}
```
*
*/
cond: sep: tree:
let
op = sum: path: val:
op =
sum: path: val:
let
pathStr = builtins.concatStringsSep sep path; # dot-based reverse DNS notation
in
if cond val
then
# builtins.trace "${toString val} matches condition"
if cond val then
# builtins.trace "${toString val} matches condition"
(sum // { "${pathStr}" = val; })
else if builtins.isAttrs val
then
# builtins.trace "${builtins.toJSON val} is an attrset"
# recurse into that attribute set
else if builtins.isAttrs val then
# builtins.trace "${builtins.toJSON val} is an attrset"
# recurse into that attribute set
(recurse sum path val)
else
# ignore that value
# builtins.trace "${toString path} is something else"
# ignore that value
# builtins.trace "${toString path} is something else"
sum;
recurse = sum: path: val:
builtins.foldl'
(sum: key: op sum (path ++ [ key ]) val.${key})
sum
(builtins.attrNames val);
recurse =
sum: path: val:
builtins.foldl' (sum: key: op sum (path ++ [ key ]) val.${key}) sum (builtins.attrNames val);
in
recurse { } [ ] tree;
@ -68,40 +63,41 @@ let
rakeLeaves =
/*
*
Synopsis: rakeLeaves _path_
*
Synopsis: rakeLeaves _path_
Recursively collect the nix files of _path_ into attrs.
Recursively collect the nix files of _path_ into attrs.
Output Format:
An attribute set where all `.nix` files and directories with `default.nix` in them
are mapped to keys that are either the file with .nix stripped or the folder name.
All other directories are recursed further into nested attribute sets with the same format.
Output Format:
An attribute set where all `.nix` files and directories with `default.nix` in them
are mapped to keys that are either the file with .nix stripped or the folder name.
All other directories are recursed further into nested attribute sets with the same format.
Example file structure:
```
./core/default.nix
./base.nix
./main/dev.nix
./main/os/default.nix
```
Example file structure:
```
./core/default.nix
./base.nix
./main/dev.nix
./main/os/default.nix
```
Example output:
```
{
core = ./core;
base = base.nix;
main = {
dev = ./main/dev.nix;
os = ./main/os;
};
}
```
*
*/
Example output:
```
{
core = ./core;
base = base.nix;
main = {
dev = ./main/dev.nix;
os = ./main/os;
};
}
```
*
*/
dirPath:
let
seive = file: type:
seive =
file: type:
# Only rake `.nix` files or directories
(type == "regular" && lib.hasSuffix ".nix" file) || (type == "directory");
@ -111,12 +107,11 @@ let
let
path = dirPath + "/${file}";
in
if
(type == "regular")
|| (type == "directory" && builtins.pathExists (path + "/default.nix"))
then path
if (type == "regular") || (type == "directory" && builtins.pathExists (path + "/default.nix")) then
path
# recurse on directories that don't contain a `default.nix`
else rakeLeaves path;
else
rakeLeaves path;
};
files = lib.filterAttrs seive (builtins.readDir dirPath);
@ -125,42 +120,44 @@ let
flattenLeaves = dir: flattenTree (rakeLeaves dir);
getFqdn = c:
getFqdn =
c:
let
net = c.config.networking;
fqdn =
if (net ? domain) && (net.domain != null)
then "${net.hostName}.${net.domain}"
else net.hostName;
if (net ? domain) && (net.domain != null) then "${net.hostName}.${net.domain}" else net.hostName;
in
fqdn;
in
{
inherit rakeLeaves flattenTree flattenTree' flattenLeaves;
inherit
rakeLeaves
flattenTree
flattenTree'
flattenLeaves
;
leaves = dir: builtins.attrValues (flattenLeaves dir);
mkHomeConfigurations = systemConfigurations:
mkHomeConfigurations =
systemConfigurations:
/*
*
Synopsis: mkHomeConfigurations _systemConfigurations_
*
Synopsis: mkHomeConfigurations _systemConfigurations_
Generate the `homeConfigurations` attribute expected by `home-manager` cli
from _nixosConfigurations_ or _darwinConfigurations_ in the form
_user@hostname_.
*
*/
Generate the `homeConfigurations` attribute expected by `home-manager` cli
from _nixosConfigurations_ or _darwinConfigurations_ in the form
_user@hostname_.
*
*/
let
op = attrs: c:
op =
attrs: c:
attrs
// (
lib.mapAttrs'
(user: v: {
name = "${user}@${getFqdn c}";
value = v.home;
})
c.config.home-manager.users
);
// (lib.mapAttrs' (user: v: {
name = "${user}@${getFqdn c}";
value = v.home;
}) c.config.home-manager.users);
mkHmConfigs = lib.foldl op { };
in
mkHmConfigs (builtins.attrValues systemConfigurations);

92
lib/disko.nix
View file

@ -34,62 +34,84 @@ rec {
mkTmpfs' = mountOptions: size: mode: {
fsType = "tmpfs";
mountOptions = mountOptions ++ [ "size=${size}" "mode=${mode}" ];
mountOptions = mountOptions ++ [
"size=${size}"
"mode=${mode}"
];
};
mkTmpfs = size: mkTmpfs' defaultMountOptions size "755";
# btrfs
mkBtrfsPart' = base: mountpoint: content': {
content = {
inherit mountpoint;
type = "btrfs";
} // content';
} // base;
mkBtrfsPart' =
base: mountpoint: content':
{
content = {
inherit mountpoint;
type = "btrfs";
} // content';
}
// base;
mkBtrfsPart = size: mkBtrfsPart' { inherit size; };
mkBtrfsPartEndAt = end: mkBtrfsPart' { inherit end; };
mkBtrfsSubvols' = mountOptions: mapAttrs (n: v: {
mountpoint = n;
mountOptions = mountOptions ++ (optionals (v ? mountOptions) v.mountOptions);
} // (removeAttrs v [ "mountOptions" ]));
mkBtrfsSubvols' =
mountOptions:
mapAttrs (
n: v:
{
mountpoint = n;
mountOptions = mountOptions ++ (optionals (v ? mountOptions) v.mountOptions);
}
// (removeAttrs v [ "mountOptions" ])
);
mkBtrfsSubvols = mkBtrfsSubvols' defaultMountOptions;
# ZFS
mkZPart' = base: content: pool: {
content = {
type = "zfs";
inherit pool;
} // content;
} // base;
mkZPart' =
base: content: pool:
{
content = {
type = "zfs";
inherit pool;
} // content;
}
// base;
mkZPart = size: mkZPart' { inherit size; } { };
mkZPartEndAt = end: mkZPart' { inherit end; } { };
mkZDisk = id: pool: mkDisk id {
partitions = {
zfs = mkZPart "100%" pool;
mkZDisk =
id: pool:
mkDisk id {
partitions = {
zfs = mkZPart "100%" pool;
};
};
};
mkZPool' = mountOptions: name: options: {
type = "zpool";
mode = "raidz";
mountpoint = "/media/${name}";
rootFsOptions = {
mountpoint = "legacy";
compression = "zstd";
atime = "off";
};
inherit mountOptions;
} // options;
mkZPool' =
mountOptions: name: options:
{
type = "zpool";
mode = "raidz";
mountpoint = "/media/${name}";
rootFsOptions = {
mountpoint = "legacy";
compression = "zstd";
atime = "off";
};
inherit mountOptions;
}
// options;
mkZPool = mkZPool' defaultMountOptions;
mkZPools = mapAttrs mkZPool;
mkZfs' = mountOptions: mountpoint: options: {
type = "zfs_fs";
inherit mountpoint mountOptions;
options = { mountpoint = "legacy"; } // options;
options = {
mountpoint = "legacy";
} // options;
};
mkZfs = mkZfs' defaultMountOptions;
@ -98,5 +120,7 @@ rec {
inherit size content;
};
markNeededForBoot = flip genAttrs (_: { neededForBoot = true; });
markNeededForBoot = flip genAttrs (_: {
neededForBoot = true;
});
}

36
lib/filesystems.nix
View file

@ -10,25 +10,33 @@ rec {
neededForBoot = self.lazy (fs: fs // { neededForBoot = true; });
mkFilesystemDev' = f: d: c: o:
mkFilesystemDev' =
f: d: c: o:
neededForBoot (mkFilesystemDev f d c o);
mkFilesystem = fsType: uuid:
mkFilesystemDev fsType (diskByUuid uuid);
mkFilesystem = fsType: uuid: mkFilesystemDev fsType (diskByUuid uuid);
mkFilesystem' = f: d: c: o:
mkFilesystem' =
f: d: c: o:
neededForBoot (mkFilesystemDev f d c o);
mkEFI = uuid: neededForBoot {
device = diskByUuid uuid;
fsType = "vfat";
};
mkTmpfs = name: size: neededForBoot {
device = name;
fsType = "tmpfs";
options = [ "defaults" "size=${size}" "mode=755" ];
};
mkEFI =
uuid:
neededForBoot {
device = diskByUuid uuid;
fsType = "vfat";
};
mkTmpfs =
name: size:
neededForBoot {
device = name;
fsType = "tmpfs";
options = [
"defaults"
"size=${size}"
"mode=755"
];
};
mkBtrfs' = options: uuid: extraOptions: {
device = diskByUuid uuid;
fsType = "btrfs";

23
lib/hosts.nix
View file

@ -1,12 +1,21 @@
{ lib }:
{
mkHost = attrs@{ modules ? [ ], ... }: name: path: lib.nixosSystem (attrs // {
modules = [
{
networking.hostName = lib.mkDefault name;
mkHost =
attrs@{
modules ? [ ],
...
}:
name: path:
lib.nixosSystem (
attrs
// {
modules = [
{
networking.hostName = lib.mkDefault name;
}
(import path)
] ++ attrs.modules;
}
(import path)
] ++ attrs.modules;
});
);
}

43
lib/options.nix
View file

@ -3,25 +3,30 @@ let
inherit (lib) mkOption types flatten;
in
rec {
mkOpt = type: default:
mkOption { inherit type default; };
mkOpt = type: default: mkOption { inherit type default; };
mkOpt' = type: default: description:
mkOpt' =
type: default: description:
mkOption { inherit type default description; };
mkBoolOpt = default: mkOption {
inherit default;
type = types.bool;
example = true;
};
mkBoolOpt =
default:
mkOption {
inherit default;
type = types.bool;
example = true;
};
mkBoolOpt' = default: description: mkOption {
inherit default description;
type = types.bool;
example = true;
};
mkBoolOpt' =
default: description:
mkOption {
inherit default description;
type = types.bool;
example = true;
};
coercedPackageList = with types;
coercedPackageList =
with types;
let
packageListType = listOf (either package packageListType);
in
@ -29,7 +34,11 @@ rec {
packageListOpt = mkOpt coercedPackageList [ ];
addPackageLists = lib.mapAttrs (name: value: value // {
packages = packageListOpt;
});
addPackageLists = lib.mapAttrs (
name: value:
value
// {
packages = packageListOpt;
}
);
}

8
modules/functionality/soft-serve.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
with lib.our;
let
@ -88,4 +93,3 @@ in
];
};
}

19
modules/functionality/ssh-tunnel.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
let
cfg = config.services.ssh-tunnel;
@ -50,11 +55,13 @@ in
local = mkParams "-L" cfg.forwards.local;
remote = mkParams "-R" cfg.forwards.remote;
options = mkParams "-o" (mapAttrsToList (n: v: "${n}=${toString v}") {
ServerAliveInterval = 60;
ExitOnForwardFailure = "yes";
KbdInteractiveAuthentication = "no";
});
options = mkParams "-o" (
mapAttrsToList (n: v: "${n}=${toString v}") {
ServerAliveInterval = 60;
ExitOnForwardFailure = "yes";
KbdInteractiveAuthentication = "no";
}
);
in
{
script = ''

41
modules/global/backup.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
# Borg Backup public key:
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINhldH579ixPRSBtTjnzWoDCNyUxUSl1BjogWN3keYBR borg@universe
# This is used to connect to my rsync.net
@ -7,11 +12,7 @@ with lib.our;
let
append = root: path: (root + "/" + path);
excludes' = concatLists
(mapAttrsToList
(root: map (append root))
cfg.excludes
);
excludes' = concatLists (mapAttrsToList (root: map (append root)) cfg.excludes);
commonArgs = {
environment = {
@ -36,12 +37,19 @@ let
};
};
mkJob = paths: commonArgs // {
inherit paths;
inherit (cfg) repo;
exclude = map (append paths) (excludes' ++ cfg.extraExcludes);
startAt = if cfg.backupTimes ? "${config.networking.hostName}" then "*-*-* ${cfg.backupTimes.${config.networking.hostName}}" else [ ];
};
mkJob =
paths:
commonArgs
// {
inherit paths;
inherit (cfg) repo;
exclude = map (append paths) (excludes' ++ cfg.extraExcludes);
startAt =
if cfg.backupTimes ? "${config.networking.hostName}" then
"*-*-* ${cfg.backupTimes.${config.networking.hostName}}"
else
[ ];
};
cfg = config.modules.backups;
in
@ -106,11 +114,12 @@ in
(mkIf cfg.enable {
services.borgbackup.jobs = mapAttrs (_: mkJob) cfg.jobs;
systemd.timers = lib.mapAttrs'
(n: _: lib.nameValuePair "borgbackup-job-${n}" {
systemd.timers = lib.mapAttrs' (
n: _:
lib.nameValuePair "borgbackup-job-${n}" {
requires = [ "network-online.target" ];
})
cfg.jobs;
}
) cfg.jobs;
persist.directories = [
"/root/.cache/borg"

4
modules/global/caches/personal.nix
View file

@ -2,7 +2,9 @@
{
nix.settings = {
substituters = lib.flatten [
(lib.optional (config.networking.hostName != "Infini-DESKTOP" && config.info.loc.home) "ssh://infini-desktop?priority=9")
(lib.optional (
config.networking.hostName != "Infini-DESKTOP" && config.info.loc.home
) "ssh://infini-desktop?priority=9")
"https://hydra.inx.moe?priority=10"
];
trusted-public-keys = [

8
modules/global/general.nix
View file

@ -1,4 +1,10 @@
{ config, common, secrets, lib, ... }:
{
config,
common,
secrets,
lib,
...
}:
{
programs = {
# Enable dconf for programs that need it

8
modules/global/home-manager.nix
View file

@ -1,4 +1,10 @@
{ config, lib, pkgs, ... }: {
{
config,
lib,
pkgs,
...
}:
{
home-manager = {
useUserPackages = lib.mkDefault true;
useGlobalPkgs = true;

12
modules/global/networking.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, private, ... }:
{
config,
pkgs,
private,
...
}:
{
imports = [ private.nixosModules.networking ];
@ -27,7 +32,10 @@
#"100.100.100.100"
];
firewall.trustedInterfaces = [ "br-+" "tailscale0" ];
firewall.trustedInterfaces = [
"br-+"
"tailscale0"
];
nftables = {
enable = true;

36
modules/global/nix.nix
View file

@ -1,6 +1,17 @@
{ config, inputs, pkgs, lib, ... }:
{
config,
inputs,
pkgs,
lib,
...
}:
let
inherit (lib) mkIf mkDefault filterAttrs mapAttrs';
inherit (lib)
mkIf
mkDefault
filterAttrs
mapAttrs'
;
in
{
nix = {
@ -8,9 +19,19 @@ in
settings = {
allowed-users = [ "*" ];
trusted-users = [ "root" "@wheel" "remotebuild" "nix-ssh" ];
trusted-users = [
"root"
"@wheel"
"remotebuild"
"nix-ssh"
];
system-features = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
system-features = [
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
];
experimental-features = [
"flakes"
"nix-command"
@ -52,7 +73,12 @@ in
let
flakes = filterAttrs (n: v: v ? outputs) inputs;
in
(mapAttrs' (n: v: { name = if n == "self" then "universe" else n; value = { flake = v; }; }) flakes)
(mapAttrs' (n: v: {
name = if n == "self" then "universe" else n;
value = {
flake = v;
};
}) flakes)
// {
nixpkgs-git = {
exact = false;

13
modules/global/options.nix
View file

@ -1,5 +1,10 @@
# Heavily inspired by hlissner: https://github.com/hlissner/dotfiles/blob/master/modules/options.nix
{ config, options, lib, ... }:
{
config,
options,
lib,
...
}:
with lib;
with lib.our;
let
@ -40,7 +45,11 @@ in
universe = {
packages = packageListOpt;
shellAliases = mkOpt (attrsOf str) { };
variables = mkOpt (attrsOf (oneOf [ (listOf str) str path ])) { };
variables = mkOpt (attrsOf (oneOf [
(listOf str)
str
path
])) { };
media.enable = mkBoolOpt false;
minimal.enable = mkBoolOpt false;
};

169
modules/global/packages.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
{
# Use the latest Linux kernel
boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
@ -7,80 +12,96 @@
environment.defaultPackages = lib.mkForce [ ];
# Packages wanted everywhere
universe.packages = with pkgs; [
universe-cli
universe.packages =
with pkgs;
[
universe-cli
agenix
bat
cloc
cryptsetup
curl
difftastic
direnv
dnsutils
erdtree
eza
fd
fzf
gnumake
gptfdisk
gum
htop
hyfetch
iputils
jq
man-pages
man-pages-posix
nmap
openssl
parallel
parted
pciutils
perl
rhash
ripgrep
rsync
skim
sshfs
strace
tealdeer
unixtools.whereis
unrar-wrapper
unzip
util-linux
wget
whois
xxHash
yq
zip
] ++ (lib.optionals config.universe.media.enable (with pkgs; [
ghostscript
graphviz
imagemagick
pandoc
yt-dlp
]));
agenix
bat
cloc
cryptsetup
curl
difftastic
direnv
dnsutils
erdtree
eza
fd
fzf
gnumake
gptfdisk
gum
htop
hyfetch
iputils
jq
man-pages
man-pages-posix
nmap
openssl
parallel
parted
pciutils
perl
rhash
ripgrep
rsync
skim
sshfs
strace
tealdeer
unixtools.whereis
unrar-wrapper
unzip
util-linux
wget
whois
xxHash
yq
zip
]
++ (lib.optionals config.universe.media.enable (
with pkgs;
[
ghostscript
graphviz
imagemagick
pandoc
yt-dlp
]
));
environment.systemPackages = config.universe.packages ++ (with pkgs; [
binutils
btrfs-progs
bubblewrap
compsize
coreutils-doge
dosfstools
exfat # Windows drives
kitty.terminfo
ntfs3g # Windows drives
smartmontools
usbutils
environment.systemPackages =
config.universe.packages
++ (with pkgs; [
binutils
btrfs-progs
bubblewrap
compsize
coreutils-doge
dosfstools
exfat # Windows drives
kitty.terminfo
ntfs3g # Windows drives
smartmontools
usbutils
# covered by home manager
git
vim
]) ++ (lib.optionals config.info.graphical (with pkgs; [
arandr
])) ++ (lib.optionals config.universe.media.enable (with pkgs; [
ffmpeg-full
mpv
]));
# covered by home manager
git
vim
])
++ (lib.optionals config.info.graphical (
with pkgs;
[
arandr
]
))
++ (lib.optionals config.universe.media.enable (
with pkgs;
[
ffmpeg-full
mpv
]
));
}

15
modules/global/persist.nix
View file

@ -6,13 +6,22 @@ in
persist = {
directories = flatten [
"/home"
{ directory = "/etc/nixos"; user = "infinidoge"; }
{ directory = "/etc/nixos-private"; user = "infinidoge"; }
{
directory = "/etc/nixos";
user = "infinidoge";
}
{
directory = "/etc/nixos-private";
user = "infinidoge";
}
"/var/log"
"/var/lib/nixos"
"/var/lib/systemd/"
{ directory = "/var/lib/tailscale"; mode = "0700"; }
{
directory = "/var/lib/tailscale";
mode = "0700";
}
"/root/.ssh"

86
modules/global/programming.nix
View file

@ -1,33 +1,39 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
let
inherit (lib) flip;
inherit (lib.our) mkBoolOpt' addPackageLists;
cfg = config.universe.programming;
programmingOpt' = kind: flip mkBoolOpt' "Programming: ${kind}";
programmingOpt = flip programmingOpt' cfg.all.enable;
in
{
options.universe.programming = (addPackageLists {
base.enable = programmingOpt' "Base packages" true;
options.universe.programming =
(addPackageLists {
base.enable = programmingOpt' "Base packages" true;
c.enable = programmingOpt' "C" true;
csharp.enable = programmingOpt "C#";
haskell.enable = programmingOpt "Haskell";
java.enable = programmingOpt "Java";
lua.enable = programmingOpt "Lua";
nim.enable = programmingOpt "Nim";
python.enable = programmingOpt' "Python" true;
racket.enable = programmingOpt "Racket";
rust.enable = programmingOpt "Rust";
zig.enable = programmingOpt "Zig";
latex.enable = programmingOpt "LaTeX";
html.enable = programmingOpt "HTML";
}) // {
all.enable = programmingOpt' "All languages" false;
};
c.enable = programmingOpt' "C" true;
csharp.enable = programmingOpt "C#";
haskell.enable = programmingOpt "Haskell";
java.enable = programmingOpt "Java";
lua.enable = programmingOpt "Lua";
nim.enable = programmingOpt "Nim";
python.enable = programmingOpt' "Python" true;
racket.enable = programmingOpt "Racket";
rust.enable = programmingOpt "Rust";
zig.enable = programmingOpt "Zig";
latex.enable = programmingOpt "LaTeX";
html.enable = programmingOpt "HTML";
})
// {
all.enable = programmingOpt' "All languages" false;
};
config = {
universe.programming = with pkgs; {
@ -60,7 +66,6 @@ in
cabal2nix
];
java.packages = [
openjdk
clang-tools
@ -75,15 +80,17 @@ in
];
python.packages = [
(python312.withPackages (p: with p; [
black
isort
jupyter
mypy
pip
pyflakes
pytest
]))
(python312.withPackages (
p: with p; [
black
isort
jupyter
mypy
pip
pyflakes
pytest
]
))
pipenv
ruff
];
@ -93,12 +100,15 @@ in
];
rust.packages = [
(rust-bin.selectLatestNightlyWith (toolchain: toolchain.default.override {
extensions = [
"rust-src"
"rust-analyzer"
];
}))
(rust-bin.selectLatestNightlyWith (
toolchain:
toolchain.default.override {
extensions = [
"rust-src"
"rust-analyzer"
];
}
))
gcc
];
@ -142,9 +152,9 @@ in
];
};
universe.packages = lib.concatMap
(v: lib.optionals (v ? packages && v.enable) v.packages)
(lib.attrValues cfg);
universe.packages = lib.concatMap (v: lib.optionals (v ? packages && v.enable) v.packages) (
lib.attrValues cfg
);
programs.java.enable = cfg.java.enable;

15
modules/global/security.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
let
inherit (config.nixpkgs.hostPlatform) system;
@ -32,8 +37,12 @@ in
hardware = {
enableRedistributableFirmware = mkDefault true;
cpu.intel.updateMicrocode = mkDefault (config.hardware.enableRedistributableFirmware && system == "x86_64-linux");
cpu.amd.updateMicrocode = mkDefault (config.hardware.enableRedistributableFirmware && system == "x86_64-linux");
cpu.intel.updateMicrocode = mkDefault (
config.hardware.enableRedistributableFirmware && system == "x86_64-linux"
);
cpu.amd.updateMicrocode = mkDefault (
config.hardware.enableRedistributableFirmware && system == "x86_64-linux"
);
};
users.mutableUsers = false;

8
modules/global/shell.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
let
ifSudo = lib.mkIf config.security.sudo.enable;
ifSudo' = text: if config.security.sudo.enable then "sudo ${text}" else text;
@ -43,7 +48,6 @@ in
gcd = "cd $(git root || echo \".\")";
ucd = "cd $(uni cd || echo \".\")";
# grep
grep = "rg";
gi = "grep -i";

15
modules/global/ssh.nix
View file

@ -12,14 +12,19 @@ with lib;
ClientAliveInterval = 60;
TCPKeepAlive = "yes";
};
hostKeys = mkDefault [{
path = "/etc/ssh/ssh_host_ed25519_key";
type = "ed25519";
}];
hostKeys = mkDefault [
{
path = "/etc/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
];
knownHosts = {
"github.com" = {
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl";
extraHostNames = [ "ssh.github.com" "ssh.github.com:443" ];
extraHostNames = [
"ssh.github.com"
"ssh.github.com:443"
];
};
};
};

10
modules/global/virtualisation.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
with lib.our;
let
@ -16,7 +21,8 @@ in
};
programs.dconf.enable = mkIf cfg.libvirtd.enable true;
environment.systemPackages = (optional cfg.libvirtd.enable pkgs.virt-manager)
environment.systemPackages =
(optional cfg.libvirtd.enable pkgs.virt-manager)
++ (optional cfg.docker.enable pkgs.docker-compose);
persist.directories = optional cfg.libvirtd.enable "/var/lib/libvirt";
};

49
modules/modules/desktop/gaming.nix
View file

@ -1,4 +1,10 @@
{ config, options, lib, pkgs, ... }:
{
config,
options,
lib,
pkgs,
...
}:
with lib;
with lib.our;
let
@ -32,16 +38,23 @@ in
config = mkMerge [
{
assertions = [{
assertion = (any id (with cfg; [
steam.enable
prismlauncher.enable
lutris.enable
olympus.enable
puzzles.enable
])) -> config.info.graphical;
message = "Games cannot be enabled in a non-graphical environment";
}];
assertions = [
{
assertion =
(any id (
with cfg;
[
steam.enable
prismlauncher.enable
lutris.enable
olympus.enable
puzzles.enable
]
))
-> config.info.graphical;
message = "Games cannot be enabled in a non-graphical environment";
}
];
home.home.packages = with pkgs; [
(mkIf cfg.prismlauncher.enable cfg.prismlauncher.package)
@ -56,12 +69,14 @@ in
programs.steam = {
enable = mkAliasDefinitions opt.steam.enable;
package = cfg.steam.package.override (optionalAttrs config.modules.hardware.gpu.nvidia {
extraProfile = ''
unset VK_ICD_FILENAMES
export VK_ICD_FILENAMES=${config.hardware.nvidia.package}/share/vulkan/icd.d/nvidia_icd.json:${config.hardware.nvidia.package.lib32}/share/vulkan/icd.d/nvidia_icd32.json
'';
});
package = cfg.steam.package.override (
optionalAttrs config.modules.hardware.gpu.nvidia {
extraProfile = ''
unset VK_ICD_FILENAMES
export VK_ICD_FILENAMES=${config.hardware.nvidia.package}/share/vulkan/icd.d/nvidia_icd.json:${config.hardware.nvidia.package.lib32}/share/vulkan/icd.d/nvidia_icd32.json
'';
}
);
extraCompatPackages = with pkgs; [
proton-ge-bin
];

49
modules/modules/desktop/wm.nix
View file

@ -1,4 +1,10 @@
{ config, common, pkgs, lib, ... }:
{
config,
common,
pkgs,
lib,
...
}:
with lib;
with lib.our;
let
@ -50,29 +56,34 @@ in
'';
};
home-manager.sharedModules = [{
xsession.enable = true;
}];
environment.systemPackages = with pkgs; flatten [
(with xorg; [
xwininfo
xprop
])
xclip
xdotool
pavucontrol
common.wm.locker
home-manager.sharedModules = [
{
xsession.enable = true;
}
];
environment.systemPackages =
with pkgs;
flatten [
(with xorg; [
xwininfo
xprop
])
xclip
xdotool
pavucontrol
common.wm.locker
];
}
(mkIf cfg.qtile.enable {
services.xserver.windowManager.qtile = {
enable = true;
extraPackages = p: with p; [
qtile-extras
];
extraPackages =
p: with p; [
qtile-extras
];
};
info.env.wm = "qtile";

7
modules/modules/hardware/audio.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
with lib.our;

15
modules/modules/hardware/form.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
with lib.our;
let
@ -58,7 +63,13 @@ in
environment = {
variables.LAPTOP = "True";
systemPackages = with pkgs; [ acpi brightnessctl ] ++ optional config.powerManagement.powertop.enable pkgs.powertop;
systemPackages =
with pkgs;
[
acpi
brightnessctl
]
++ optional config.powerManagement.powertop.enable pkgs.powertop;
};
})

55
modules/modules/hardware/gpu.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
with lib.our;
let
@ -13,27 +18,39 @@ in
};
config = mkMerge [
(mkIf (any' (with cfg; [ amdgpu nvidia intel ])) {
hardware.graphics = {
enable = true;
enable32Bit = true;
(mkIf
(any' (
with cfg;
[
amdgpu
nvidia
intel
]
))
{
hardware.graphics = {
enable = true;
enable32Bit = true;
extraPackages = with pkgs; flatten [
libvdpau-va-gl
vaapiVdpau
extraPackages =
with pkgs;
flatten [
libvdpau-va-gl
vaapiVdpau
(optionals cfg.intel [
intel-compute-runtime
intel-media-driver
vaapiIntel
])
(optionals cfg.intel [
intel-compute-runtime
intel-media-driver
vaapiIntel
])
(optionals cfg.nvidia [
nvidia-vaapi-driver
])
];
};
})
(optionals cfg.nvidia [
nvidia-vaapi-driver
])
];
};
}
)
(mkIf cfg.amdgpu {
boot.initrd.kernelModules = [ "amdgpu" ];

7
modules/modules/hardware/peripherals/printing.nix
View file

@ -1,4 +1,9 @@
{ config, lib, private, ... }:
{
config,
lib,
private,
...
}:
with lib;
with lib.our;
let

7
modules/modules/hardware/peripherals/yubikey.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
with lib.our;
let

8
modules/modules/hardware/wireless.nix
View file

@ -1,4 +1,10 @@
{ config, lib, private, pkgs, ... }:
{
config,
lib,
private,
pkgs,
...
}:
with lib;
with lib.our;
let

44
modules/modules/services/apcupsd.nix
View file

@ -20,26 +20,32 @@ in
config = mkIf cfg.enable {
services.apcupsd = {
enable = true;
configText = ''
UPSNAME UPS
UPSCLASS standalone
UPSMODE disable
NETSERVER on
NISPORT ${toString port}
configText =
''
UPSNAME UPS
UPSCLASS standalone
UPSMODE disable
NETSERVER on
NISPORT ${toString port}
BATTERYLEVEL ${toString cfg.config.battery_level}
MINUTES ${toString cfg.config.minutes}
'' +
(if cfg.primary then ''
UPSTYPE usb
UPSCABLE usb
NISIP ${cfg.config.address}
'' else ''
UPSCABLE ether
UPSTYPE net
DEVICE ${cfg.config.address}:${toString port}
POLLTIME 10
'');
BATTERYLEVEL ${toString cfg.config.battery_level}
MINUTES ${toString cfg.config.minutes}
''
+ (
if cfg.primary then
''
UPSTYPE usb
UPSCABLE usb
NISIP ${cfg.config.address}
''
else
''
UPSCABLE ether
UPSTYPE net
DEVICE ${cfg.config.address}:${toString port}
POLLTIME 10
''
);
hooks = cfg.config.hooks;
};
networking.firewall.allowedTCPPorts = mkIf cfg.primary [ port ];

82
modules/vendored/factorio.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
@ -48,19 +53,25 @@ let
savePath = "${cfg.stateDir}/saves/${cfg.saveName}.zip";
mkCmd = options: toString ([
"${lib.getExe cfg.package}"
"--config=${cfg.configFile}"
(optionalString (cfg.mods != [ ]) "--mod-directory=${modDir}")
(optionalString (cfg.mods != [ ]) "--mod-directory=${modDir}")
(optionalString (cfg.mapGenSettings != { }) "--map-gen-settings=${mapGenSettingsFile}")
(optionalString (cfg.mapSettings != { }) "--map-settings=${mapSettingsFile}")
"--server-settings=${
if (cfg.extraSettingsFile != null)
then "${cfg.stateDir}/server-settings.json"
else serverSettingsFile
}"
] ++ options);
mkCmd =
options:
toString (
[
"${lib.getExe cfg.package}"
"--config=${cfg.configFile}"
(optionalString (cfg.mods != [ ]) "--mod-directory=${modDir}")
(optionalString (cfg.mods != [ ]) "--mod-directory=${modDir}")
(optionalString (cfg.mapGenSettings != { }) "--map-gen-settings=${mapGenSettingsFile}")
(optionalString (cfg.mapSettings != { }) "--map-settings=${mapSettingsFile}")
"--server-settings=${
if (cfg.extraSettingsFile != null) then
"${cfg.stateDir}/server-settings.json"
else
serverSettingsFile
}"
]
++ options
);
in
{
disabledModules = [ "services/games/factorio.nix" ];
@ -234,7 +245,9 @@ in
extraSettings = mkOption {
type = types.attrs;
default = { };
example = { admins = [ "username" ]; };
example = {
admins = [ "username" ];
};
description = lib.mdDoc ''
Extra game configuration that will go into server-settings.json
'';
@ -338,18 +351,20 @@ in
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
preStart = ''
if [[ ! -e "${savePath}" ]]; then
${mkCmd [
"--create=${savePath}"
]}
fi
'' + (optionalString (cfg.extraSettingsFile != null) ''
echo ${lib.strings.escapeShellArg serverSettingsString} \
"$(cat ${cfg.extraSettingsFile})" \
| ${lib.getExe pkgs.jq} -s add \
> ${cfg.stateDir}/server-settings.json
'');
preStart =
''
if [[ ! -e "${savePath}" ]]; then
${mkCmd [
"--create=${savePath}"
]}
fi
''
+ (optionalString (cfg.extraSettingsFile != null) ''
echo ${lib.strings.escapeShellArg serverSettingsString} \
"$(cat ${cfg.extraSettingsFile})" \
| ${lib.getExe pkgs.jq} -s add \
> ${cfg.stateDir}/server-settings.json
'');
serviceConfig = {
User = cfg.user;
@ -362,11 +377,7 @@ in
ExecStart = mkCmd [
"--port=${toString cfg.port}"
"--bind=${cfg.bind}"
(
if cfg.loadLatestSave
then "--start-server-load-latest"
else "--start-server=${savePath}"
)
(if cfg.loadLatestSave then "--start-server-load-latest" else "--start-server=${savePath}")
(optionalString (cfg.admins != [ ]) "--server-adminlist=${serverAdminsFile}")
];
@ -379,7 +390,12 @@ in
ProtectControlGroups = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" "AF_NETLINK" ];
RestrictAddressFamilies = [
"AF_UNIX"
"AF_INET"
"AF_INET6"
"AF_NETLINK"
];
RestrictRealtime = true;
RestrictNamespaces = true;
MemoryDenyWriteExecute = true;

90
modules/vendored/hydra.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with lib;
@ -16,22 +21,29 @@ let
HYDRA_DATA = "${baseDir}";
};
env = {
NIX_REMOTE = "daemon";
SSL_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt"; # Remove in 16.03
PGPASSFILE = "${baseDir}/pgpass";
NIX_REMOTE_SYSTEMS = concatStringsSep ":" cfg.buildMachinesFiles;
} // optionalAttrs (cfg.smtpHost != null) {
EMAIL_SENDER_TRANSPORT = "SMTP";
EMAIL_SENDER_TRANSPORT_host = cfg.smtpHost;
} // hydraEnv // cfg.extraEnv;
env =
{
NIX_REMOTE = "daemon";
SSL_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt"; # Remove in 16.03
PGPASSFILE = "${baseDir}/pgpass";
NIX_REMOTE_SYSTEMS = concatStringsSep ":" cfg.buildMachinesFiles;
}
// optionalAttrs (cfg.smtpHost != null) {
EMAIL_SENDER_TRANSPORT = "SMTP";
EMAIL_SENDER_TRANSPORT_host = cfg.smtpHost;
}
// hydraEnv
// cfg.extraEnv;
serverEnv = env // {
HYDRA_TRACKER = cfg.tracker;
XDG_CACHE_HOME = "${baseDir}/www/.cache";
COLUMNS = "80";
PGPASSFILE = "${baseDir}/pgpass-www"; # grrr
} // (optionalAttrs cfg.debugServer { DBIC_TRACE = "1"; });
serverEnv =
env
// {
HYDRA_TRACKER = cfg.tracker;
XDG_CACHE_HOME = "${baseDir}/www/.cache";
COLUMNS = "80";
PGPASSFILE = "${baseDir}/pgpass-www"; # grrr
}
// (optionalAttrs cfg.debugServer { DBIC_TRACE = "1"; });
localDB = "dbi:Pg:dbname=hydra;user=hydra;";
@ -39,7 +51,9 @@ let
hydra-package =
let
makeWrapperArgs = concatStringsSep " " (mapAttrsToList (key: value: "--set-default \"${key}\" \"${value}\"") hydraEnv);
makeWrapperArgs = concatStringsSep " " (
mapAttrsToList (key: value: "--set-default \"${key}\" \"${value}\"") hydraEnv
);
in
pkgs.buildEnv rec {
name = "hydra-env";
@ -236,7 +250,10 @@ in
type = types.listOf types.path;
default = optional (config.nix.buildMachines != [ ]) "/etc/nix/machines";
defaultText = literalExpression ''optional (config.nix.buildMachines != []) "/etc/nix/machines"'';
example = [ "/etc/nix/machines" "/var/lib/hydra/provisioner/machines" ];
example = [
"/etc/nix/machines"
"/var/lib/hydra/provisioner/machines"
];
description = "List of files containing build machines.";
};
@ -257,7 +274,6 @@ in
};
###### implementation
config = mkIf cfg.enable {
@ -312,7 +328,10 @@ in
use-substitutes = ${if cfg.useSubstitutes then "1" else "0"}
'';
environment.systemPackages = [ hydra-package pkgs.git ];
environment.systemPackages = [
hydra-package
pkgs.git
];
environment.variables = hydraEnv;
@ -320,7 +339,11 @@ in
{
keep-outputs = true;
keep-derivations = true;
extra-trusted-users = [ "hydra" "hydra-queue-runner" "hydra-www" ];
extra-trusted-users = [
"hydra"
"hydra-queue-runner"
"hydra-www"
];
}
(mkIf (versionOlder (getVersion config.nix.package.out) "2.4pre") {
@ -419,8 +442,17 @@ in
wantedBy = [ "multi-user.target" ];
requires = [ "hydra-init.service" ];
wants = [ "network-online.target" ];
after = [ "hydra-init.service" "network.target" ];
path = [ hydra-package pkgs.nettools pkgs.openssh pkgs.bzip2 config.nix.package ];
after = [
"hydra-init.service"
"network.target"
];
path = [
hydra-package
pkgs.nettools
pkgs.openssh
pkgs.bzip2
config.nix.package
];
restartTriggers = [ hydraConf ];
environment = env // {
PGPASSFILE = "${baseDir}/pgpass-queue-runner"; # grrr
@ -444,8 +476,16 @@ in
wantedBy = [ "multi-user.target" ];
requires = [ "hydra-init.service" ];
wants = [ "network-online.target" ];
after = [ "hydra-init.service" "network.target" "network-online.target" ];
path = with pkgs; [ hydra-package nettools jq ];
after = [
"hydra-init.service"
"network.target"
"network-online.target"
];
path = with pkgs; [
hydra-package
nettools
jq
];
restartTriggers = [ hydraConf ];
environment = env // {
HYDRA_DBI = "${env.HYDRA_DBI};application_name=hydra-evaluator";

98
modules/vendored/steam.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
let
cfg = config.programs.steam;
@ -8,7 +13,9 @@ let
steam-gamescope =
let
exports = builtins.attrValues (builtins.mapAttrs (n: v: "export ${n}=${v}") cfg.gamescopeSession.env);
exports = builtins.attrValues (
builtins.mapAttrs (n: v: "export ${n}=${v}") cfg.gamescopeSession.env
);
in
pkgs.writeShellScriptBin "steam-gamescope" ''
${builtins.concatStringsSep "\n" exports}
@ -22,7 +29,10 @@ let
Comment=A digital distribution platform
Exec=${steam-gamescope}/bin/steam-gamescope
Type=Application
'').overrideAttrs (_: { passthru.providedSessions = [ "steam" ]; });
'').overrideAttrs
(_: {
passthru.providedSessions = [ "steam" ];
});
in
{
disabledModules = [ "programs/steam.nix" ];
@ -46,29 +56,40 @@ in
];
}
'';
apply = steam: steam.override (prev: {
extraEnv = (lib.optionalAttrs (cfg.extraCompatPackages != [ ]) {
STEAM_EXTRA_COMPAT_TOOLS_PATHS = extraCompatPaths;
}) // (lib.optionalAttrs cfg.extest.enable {
LD_PRELOAD = "${pkgs.pkgsi686Linux.extest}/lib/libextest.so";
}) // (prev.extraEnv or { });
extraLibraries = pkgs:
let
prevLibs = if prev ? extraLibraries then prev.extraLibraries pkgs else [ ];
additionalLibs = with config.hardware.graphics;
if pkgs.stdenv.hostPlatform.is64bit
then [ package ] ++ extraPackages
else [ package32 ] ++ extraPackages32;
in
prevLibs ++ additionalLibs;
extraPkgs = p: (cfg.extraPackages ++ lib.optionals (prev ? extraPkgs) (prev.extraPkgs p));
} // lib.optionalAttrs (cfg.gamescopeSession.enable && gamescopeCfg.capSysNice)
{
buildFHSEnv = pkgs.buildFHSEnv.override {
# use the setuid wrapped bubblewrap
bubblewrap = "${config.security.wrapperDir}/..";
};
});
apply =
steam:
steam.override (
prev:
{
extraEnv =
(lib.optionalAttrs (cfg.extraCompatPackages != [ ]) {
STEAM_EXTRA_COMPAT_TOOLS_PATHS = extraCompatPaths;
})
// (lib.optionalAttrs cfg.extest.enable {
LD_PRELOAD = "${pkgs.pkgsi686Linux.extest}/lib/libextest.so";
})
// (prev.extraEnv or { });
extraLibraries =
pkgs:
let
prevLibs = if prev ? extraLibraries then prev.extraLibraries pkgs else [ ];
additionalLibs =
with config.hardware.graphics;
if pkgs.stdenv.hostPlatform.is64bit then
[ package ] ++ extraPackages
else
[ package32 ] ++ extraPackages32;
in
prevLibs ++ additionalLibs;
extraPkgs = p: (cfg.extraPackages ++ lib.optionals (prev ? extraPkgs) (prev.extraPkgs p));
}
// lib.optionalAttrs (cfg.gamescopeSession.enable && gamescopeCfg.capSysNice) {
buildFHSEnv = pkgs.buildFHSEnv.override {
# use the setuid wrapped bubblewrap
bubblewrap = "${config.security.wrapperDir}/..";
};
}
);
description = ''
The Steam package to use. Additional libraries are added from the system
configuration to ensure graphics work properly.
@ -201,18 +222,24 @@ in
programs.steam.extraPackages = cfg.fontPackages;
programs.gamescope.enable = lib.mkDefault cfg.gamescopeSession.enable;
services.displayManager.sessionPackages = lib.mkIf cfg.gamescopeSession.enable [ gamescopeSessionFile ];
services.displayManager.sessionPackages = lib.mkIf cfg.gamescopeSession.enable [
gamescopeSessionFile
];
# optionally enable 32bit pulseaudio support if pulseaudio is enabled
services.pulseaudio.support32Bit = config.services.pulseaudio.enable;
hardware.steam-hardware.enable = true;
home.home.packages = [
cfg.package
cfg.package.run
] ++ lib.optional cfg.gamescopeSession.enable steam-gamescope
++ lib.optional cfg.protontricks.enable (cfg.protontricks.package.override { inherit extraCompatPaths; });
home.home.packages =
[
cfg.package
cfg.package.run
]
++ lib.optional cfg.gamescopeSession.enable steam-gamescope
++ lib.optional cfg.protontricks.enable (
cfg.protontricks.package.override { inherit extraCompatPaths; }
);
networking.firewall = lib.mkMerge [
(lib.mkIf (cfg.remotePlay.openFirewall || cfg.localNetworkGameTransfers.openFirewall) {
@ -221,7 +248,12 @@ in
(lib.mkIf cfg.remotePlay.openFirewall {
allowedTCPPorts = [ 27036 ];
allowedUDPPortRanges = [{ from = 27031; to = 27035; }];
allowedUDPPortRanges = [
{
from = 27031;
to = 27035;
}
];
})
(lib.mkIf cfg.dedicatedServer.openFirewall {

29
modules/vendored/thelounge.nix
View file

@ -1,27 +1,42 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with lib;
let
cfg = config.services.thelounge;
configJsData = "module.exports = " + builtins.toJSON (
{ inherit (cfg) public port; } // cfg.extraConfig
);
configJsData =
"module.exports = " + builtins.toJSON ({ inherit (cfg) public port; } // cfg.extraConfig);
pluginManifest = {
dependencies = builtins.listToAttrs (builtins.map (pkg: { name = getName pkg; value = getVersion pkg; }) cfg.plugins);
dependencies = builtins.listToAttrs (
builtins.map (pkg: {
name = getName pkg;
value = getVersion pkg;
}) cfg.plugins
);
};
plugins = pkgs.runCommandLocal "thelounge-plugins" { } ''
mkdir -p $out/node_modules
echo ${escapeShellArg (builtins.toJSON pluginManifest)} >> $out/package.json
${concatMapStringsSep "\n" (pkg: ''
ln -s ${pkg}/lib/node_modules/${getName pkg} $out/node_modules/${getName pkg}
ln -s ${pkg}/lib/node_modules/${getName pkg} $out/node_modules/${getName pkg}
'') cfg.plugins}
'';
in
{
disabledModules = [ "services/networking/thelounge.nix" ];
imports = [ (mkRemovedOptionModule [ "services" "thelounge" "private" ] "The option was renamed to `services.thelounge.public` to follow upstream changes.") ];
imports = [
(mkRemovedOptionModule [
"services"
"thelounge"
"private"
] "The option was renamed to `services.thelounge.public` to follow upstream changes.")
];
options.services.thelounge = {
enable = mkEnableOption (lib.mdDoc "The Lounge web IRC client");

96
modules/vendored/vaultwarden.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
@ -8,17 +13,27 @@ let
group = config.users.groups.vaultwarden.name;
# Convert name from camel case (e.g. disable2FARemember) to upper case snake case (e.g. DISABLE_2FA_REMEMBER).
nameToEnvVar = name:
nameToEnvVar =
name:
let
parts = builtins.split "([A-Z0-9]+)" name;
partsToEnvVar = parts: foldl'
(key: x:
let last = stringLength key - 1; in
if isList x then key + optionalString (key != "" && substring last 1 key != "_") "_" + head x
partsToEnvVar =
parts:
foldl' (
key: x:
let
last = stringLength key - 1;
in
if isList x then
key + optionalString (key != "" && substring last 1 key != "_") "_" + head x
else if key != "" && elem (substring 0 1 x) lowerChars then # to handle e.g. [ "disable" [ "2FAR" ] "emember" ]
substring 0 last key + optionalString (substring (last - 1) 1 key != "_") "_" + substring last 1 key + toUpper x
else key + toUpper x) ""
parts;
substring 0 last key
+ optionalString (substring (last - 1) 1 key != "_") "_"
+ substring last 1 key
+ toUpper x
else
key + toUpper x
) "" parts;
in
if builtins.match "[A-Z0-9_]+" name != null then name else partsToEnvVar parts;
@ -26,17 +41,24 @@ let
# we can only check for values consistently after converting them to their corresponding environment variable name.
configEnv =
let
configEnv = concatMapAttrs
(name: value: optionalAttrs (value != null) {
configEnv = concatMapAttrs (
name: value:
optionalAttrs (value != null) {
${nameToEnvVar name} = if isBool value then boolToString value else toString value;
})
cfg.config;
}
) cfg.config;
in
{ DATA_FOLDER = cfg.dataDir; } // optionalAttrs (!(configEnv ? WEB_VAULT_ENABLED) || configEnv.WEB_VAULT_ENABLED == "true") {
{
DATA_FOLDER = cfg.dataDir;
}
// optionalAttrs (!(configEnv ? WEB_VAULT_ENABLED) || configEnv.WEB_VAULT_ENABLED == "true") {
WEB_VAULT_FOLDER = "${cfg.webVaultPackage}/share/vaultwarden/vault";
} // configEnv;
}
// configEnv;
configFile = pkgs.writeText "vaultwarden.env" (concatStrings (mapAttrsToList (name: value: "${name}=${value}\n") configEnv));
configFile = pkgs.writeText "vaultwarden.env" (
concatStrings (mapAttrsToList (name: value: "${name}=${value}\n") configEnv)
);
vaultwarden = cfg.package.override { inherit (cfg) dbBackend; };
@ -52,7 +74,11 @@ in
enable = mkEnableOption (lib.mdDoc "vaultwarden");
dbBackend = mkOption {
type = enum [ "sqlite" "mysql" "postgresql" ];
type = enum [
"sqlite"
"mysql"
"postgresql"
];
default = "sqlite";
description = lib.mdDoc ''
Which database backend vaultwarden will be using.
@ -77,7 +103,13 @@ in
};
config = mkOption {
type = attrsOf (nullOr (oneOf [ bool int str ]));
type = attrsOf (
nullOr (oneOf [
bool
int
str
])
);
default = {
ROCKET_ADDRESS = "::1"; # default to localhost
ROCKET_PORT = 8222;
@ -186,10 +218,12 @@ in
};
config = mkIf cfg.enable {
assertions = [{
assertion = cfg.backupDir != null -> cfg.dbBackend == "sqlite";
message = "Backups for database backends other than sqlite will need customization";
}];
assertions = [
{
assertion = cfg.backupDir != null -> cfg.dbBackend == "sqlite";
message = "Backups for database backends other than sqlite will need customization";
}
];
users.users.vaultwarden = {
inherit group;
@ -218,11 +252,19 @@ in
wantedBy = [ "multi-user.target" ];
};
systemd.tmpfiles.settings."10-vaultwarden" = {
${cfg.dataDir}.d = { inherit user group; mode = "0700"; };
} // optionalAttrs (cfg.backupDir != null) {
${cfg.backupDir}.d = { inherit user group; mode = "0770"; };
};
systemd.tmpfiles.settings."10-vaultwarden" =
{
${cfg.dataDir}.d = {
inherit user group;
mode = "0700";
};
}
// optionalAttrs (cfg.backupDir != null) {
${cfg.backupDir}.d = {
inherit user group;
mode = "0770";
};
};
systemd.services.backup-vaultwarden = mkIf (cfg.backupDir != null) {
aliases = [ "backup-bitwarden_rs.service" ];

13
overlays/overrides.nix
View file

@ -1,17 +1,20 @@
inputs: final: prev:
let
mkPkgs = channel: channel.legacyPackages.${final.system};
mkPkgsUnfree = channel: import channel {
inherit (final) system;
config.allowUnfree = true;
};
mkPkgsUnfree =
channel:
import channel {
inherit (final) system;
config.allowUnfree = true;
};
latest = mkPkgsUnfree inputs.latest;
fork = mkPkgsUnfree inputs.fork;
stable = mkPkgs inputs.stable;
old-stable = mkPkgs inputs.old-stable;
versionFromInput = input:
versionFromInput =
input:
let
slice = a: b: builtins.substring a b input.lastModifiedDate;
in

12
overlays/patches/default.nix
View file

@ -1,9 +1,11 @@
final: prev:
let
addPatches = package: patches: package.overrideAttrs (old: {
patches = (old.patches or [ ]) ++ patches;
});
addPatches =
package: patches:
package.overrideAttrs (old: {
patches = (old.patches or [ ]) ++ patches;
});
in
{
# coreutils-doge = addPatches prev.coreutils [ ./coreutils.patch ];
@ -20,7 +22,9 @@ in
# })
#];
hydra_unstable = addPatches prev.hydra_unstable [ ./hydra-force-allow-import-from-derivation.patch ];
hydra_unstable = addPatches prev.hydra_unstable [
./hydra-force-allow-import-from-derivation.patch
];
openssh-srv = addPatches prev.openssh [ ./srv-records.patch ];

8
pkgs/all-packages.nix
View file

@ -14,8 +14,12 @@ rec {
tmx-cups-ppd = pkgs.callPackage ./tmx-cups-ppd.nix { };
unbted = pkgs.callPackage ./unbted.nix { };
unmap = pkgs.callPackage ./unmap { };
vpython-jupyter = pkgs.python3Packages.callPackage ./vpython-jupyter.nix { inherit jupyterlab-vpython; };
vpython-jupyter = pkgs.python3Packages.callPackage ./vpython-jupyter.nix {
inherit jupyterlab-vpython;
};
jupyterlab-vpython = pkgs.python3Packages.callPackage ./jupyterlab-vpython { };
jupyter-server-proxy = pkgs.python3Packages.callPackage ./jupyter-server-proxy { inherit simpervisor; };
jupyter-server-proxy = pkgs.python3Packages.callPackage ./jupyter-server-proxy {
inherit simpervisor;
};
simpervisor = pkgs.python3Packages.callPackage ./simpervisor.nix { };
}

13
pkgs/bytecode-viewer.nix
View file

@ -1,9 +1,10 @@
{ stdenv
, lib
, fetchFromGitHub
, jre
, makeWrapper
, maven
{
stdenv,
lib,
fetchFromGitHub,
jre,
makeWrapper,
maven,
}:
maven.buildMavenPackage rec {

3
pkgs/default.nix
View file

@ -1,6 +1,7 @@
{ self, lib, ... }:
{
perSystem = { pkgs, ... }:
perSystem =
{ pkgs, ... }:
let
allPackages = import ./all-packages.nix { inherit pkgs; };
in

16
pkgs/ears-cli.nix
View file

@ -1,8 +1,9 @@
{ lib
, stdenvNoCC
, fetchFromGitea
, makeWrapper
, jdk
{
lib,
stdenvNoCC,
fetchFromGitea,
makeWrapper,
jdk,
}:
stdenvNoCC.mkDerivation rec {
pname = "ears-cli";
@ -16,7 +17,10 @@ stdenvNoCC.mkDerivation rec {
sha256 = "sha256-3ov7wjw8nxjwrNRH0wHICbZjXR4j2DPkUl5WlxJZsLA=";
};
nativeBuildInputs = [ jdk makeWrapper ];
nativeBuildInputs = [
jdk
makeWrapper
];
buildPhase = ''
bash ./build.sh

17
pkgs/fw-ectool.nix
View file

@ -1,11 +1,12 @@
{ stdenv
, lib
, fetchFromGitLab
, pkg-config
, cmake
, hostname
, libusb1
, libftdi1
{
stdenv,
lib,
fetchFromGitLab,
pkg-config,
cmake,
hostname,
libusb1,
libftdi1,
}:
stdenv.mkDerivation {

6
pkgs/hexagon.nix
View file

@ -1,4 +1,8 @@
{ lib, fetchFromGitHub, rustPlatform }:
{
lib,
fetchFromGitHub,
rustPlatform,
}:
rustPlatform.buildRustPackage rec {
pname = "hexagon";

29
pkgs/jupyter-server-proxy/default.nix
View file

@ -1,19 +1,20 @@
{ buildPythonPackage
, fetchFromGitHub
{
buildPythonPackage,
fetchFromGitHub,
, yarnConfigHook
, fetchYarnDeps
, hatchling
, hatch-jupyter-builder
, nodejs
yarnConfigHook,
fetchYarnDeps,
hatchling,
hatch-jupyter-builder,
nodejs,
, jupyterlab
, aiohttp
, importlib-metadata
, jupyter-server
, simpervisor
, tornado
, traitlets
jupyterlab,
aiohttp,
importlib-metadata,
jupyter-server,
simpervisor,
tornado,
traitlets,
}:
buildPythonPackage {

28
pkgs/jupyterlab-myst/default.nix
View file

@ -1,16 +1,17 @@
{ lib
, buildPythonPackage
, fetchFromGitHub
, yarnConfigHook
, fetchYarnDeps
{
lib,
buildPythonPackage,
fetchFromGitHub,
yarnConfigHook,
fetchYarnDeps,
, jupyterlab
, jupyter
, jupyter-packaging
, hatchling
, hatch-jupyter-builder
, hatch-nodejs-version
, nodejs
jupyterlab,
jupyter,
jupyter-packaging,
hatchling,
hatch-jupyter-builder,
hatch-nodejs-version,
nodejs,
}:
buildPythonPackage rec {
@ -35,7 +36,6 @@ buildPythonPackage rec {
--replace-fail '"@myst-theme/frontmatter": "^0.9.0"' '"@myst-theme/frontmatter": "^0.13.2"'
'';
yarnOfflineCache = fetchYarnDeps {
yarnLock = ./yarn.lock;
hash = "sha256-ou3Tjml5VU1O14k/oIDufj3QV2sQYD8EzVGAPhF9RZI=";
@ -46,7 +46,6 @@ buildPythonPackage rec {
nodejs
];
build-system = [
hatchling
hatch-jupyter-builder
@ -86,4 +85,3 @@ buildPythonPackage rec {
maintainers = [ ];
};
}

29
pkgs/jupyterlab-vim/default.nix
View file

@ -1,16 +1,17 @@
{ lib
, buildPythonPackage
, fetchFromGitHub
, yarnConfigHook
, fetchYarnDeps
{
lib,
buildPythonPackage,
fetchFromGitHub,
yarnConfigHook,
fetchYarnDeps,
, jupyterlab
, jupyter
, jupyter-packaging
, hatchling
, hatch-jupyter-builder
, hatch-nodejs-version
, nodejs
jupyterlab,
jupyter,
jupyter-packaging,
hatchling,
hatch-jupyter-builder,
hatch-nodejs-version,
nodejs,
}:
buildPythonPackage rec {
@ -29,7 +30,6 @@ buildPythonPackage rec {
cp ${./yarn.lock} yarn.lock
'';
yarnOfflineCache = fetchYarnDeps {
yarnLock = ./yarn.lock;
hash = "sha256-z82r763EG+QGu2KbZ2PaKueAs9wrpTYul/O/O7It7lY=";
@ -40,7 +40,6 @@ buildPythonPackage rec {
nodejs
];
build-system = [
hatchling
hatch-jupyter-builder
@ -65,7 +64,6 @@ buildPythonPackage rec {
yarn --offline run build:prod
'';
# has no tests
doCheck = false;
@ -78,4 +76,3 @@ buildPythonPackage rec {
maintainers = [ ];
};
}

23
pkgs/jupyterlab-vpython/default.nix
View file

@ -1,16 +1,17 @@
{ buildPythonPackage
, fetchFromGitHub
{
buildPythonPackage,
fetchFromGitHub,
, yarnConfigHook
, fetchYarnDeps
yarnConfigHook,
fetchYarnDeps,
, jupyterlab
, jupyter
, jupyter-packaging
, hatchling
, hatch-jupyter-builder
, hatch-nodejs-version
, nodejs
jupyterlab,
jupyter,
jupyter-packaging,
hatchling,
hatch-jupyter-builder,
hatch-nodejs-version,
nodejs,
}:
buildPythonPackage rec {

15
pkgs/mcaselector.nix
View file

@ -1,10 +1,11 @@
{ stdenv
, lib
, fetchurl
, jre
, gtk3
, makeWrapper
, wrapGAppsHook
{
stdenv,
lib,
fetchurl,
jre,
gtk3,
makeWrapper,
wrapGAppsHook,
}:
let

8
pkgs/nix-modrinth-prefetch.nix
View file

@ -1,4 +1,10 @@
{ runtimeShell, writeShellScriptBin, curl, jq, gnused }:
{
runtimeShell,
writeShellScriptBin,
curl,
jq,
gnused,
}:
writeShellScriptBin "nix-modrinth-prefetch" ''
input=$(${curl}/bin/curl --no-progress-meter https://api.modrinth.com/v2/version/$1)

13
pkgs/olympus.nix
View file

@ -1,10 +1,11 @@
# Taken from https://github.com/VergeDX/config-nixpkgs/blob/899f13750c9c1795d455eeee9cb28d3aa74a0866/packages/gui/olympus.nix
{ stdenv
, lib
, fetchzip
, unzip
, makeDesktopItem
, buildFHSEnv
{
stdenv,
lib,
fetchzip,
unzip,
makeDesktopItem,
buildFHSEnv,
}:
let
olympus = stdenv.mkDerivation rec {

9
pkgs/sim65.nix
View file

@ -1,7 +1,8 @@
{ stdenv
, fetchFromGitHub
, lib
, wxGTK32
{
stdenv,
fetchFromGitHub,
lib,
wxGTK32,
}:
stdenv.mkDerivation {

6
pkgs/simpervisor.nix
View file

@ -1,4 +1,8 @@
{ buildPythonPackage, fetchFromGitHub, hatchling }:
{
buildPythonPackage,
fetchFromGitHub,
hatchling,
}:
buildPythonPackage {
pname = "simpervisor";

39
pkgs/substitute-subset.nix
View file

@ -2,26 +2,29 @@
args:
stdenv.mkDerivation ({
name = if args ? name then args.name else baseNameOf (toString args.src);
builder = builtins.toFile "builder.sh" ''
source $stdenv/setup
set -o pipefail
stdenv.mkDerivation (
{
name = if args ? name then args.name else baseNameOf (toString args.src);
builder = builtins.toFile "builder.sh" ''
source $stdenv/setup
set -o pipefail
eval "$preInstall"
eval "$preInstall"
args=
args=
cp -r "$src" "$out"
cp -r "$src" "$out"
pushd "$out"
echo -ne "${lib.concatStringsSep "\\0" args.files}" | xargs -0 -n1 -I {} -- find {} -type f -print0 | while read -d "" line; do
substituteAllInPlace "$line"
done
popd
pushd "$out"
echo -ne "${lib.concatStringsSep "\\0" args.files}" | xargs -0 -n1 -I {} -- find {} -type f -print0 | while read -d "" line; do
substituteAllInPlace "$line"
done
popd
eval "$postInstall"
'';
preferLocalBuild = true;
allowSubstitutes = false;
} // args)
eval "$postInstall"
'';
preferLocalBuild = true;
allowSubstitutes = false;
}
// args
)

17
pkgs/tmx-cups-ppd.nix
View file

@ -1,8 +1,9 @@
{ stdenv
, fetchurl
, bintools
, cups
, autoPatchelfHook
{
stdenv,
fetchurl,
bintools,
cups,
autoPatchelfHook,
}:
stdenv.mkDerivation rec {
@ -14,7 +15,11 @@ stdenv.mkDerivation rec {
sha256 = "sha256-8WA6Q5z9//UJj20VHOsPA/nCCd50CcaHRVArtmTjeiQ=";
};
buildInputs = [ bintools cups autoPatchelfHook ];
buildInputs = [
bintools
cups
autoPatchelfHook
];
buildPhase = ''
ar p filter/tmx-cups_*_amd64.deb data.tar.gz \

11
pkgs/unbted.nix
View file

@ -1,9 +1,10 @@
# Based on this example: https://git.marvid.fr/scolobb/nix-GINsim
{ stdenv
, fetchurl
, makeWrapper
, lib
, jre
{
stdenv,
fetchurl,
makeWrapper,
lib,
jre,
}:
stdenv.mkDerivation rec {
pname = "unbted";

7
pkgs/unmap/default.nix
View file

@ -1,6 +1,7 @@
{ lib
, buildNpmPackage
, fetchFromGitHub
{
lib,
buildNpmPackage,
fetchFromGitHub,
}:
buildNpmPackage rec {

23
pkgs/vpython-jupyter.nix
View file

@ -1,16 +1,17 @@
{ buildPythonPackage
, fetchFromGitHub
{
buildPythonPackage,
fetchFromGitHub,
, cython
, setuptools
, setuptools_scm
cython,
setuptools,
setuptools_scm,
, autobahn
, ipykernel
, jupyter
, notebook
, numpy
, jupyterlab-vpython
autobahn,
ipykernel,
jupyter,
notebook,
numpy,
jupyterlab-vpython,
}:
buildPythonPackage {

Some files were not shown because too many files have changed in this diff Show more