Commit 18afa8a2d7f6
Changed files (22)
home
common
lib
pkgs
systemd-email
systems
aix
athena
common
demeter
home/common/desktop/niri/default.nix
@@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ pkgs, ... }:
{
imports = [
../sway/mako.nix
home/common/desktop/mails.nix
@@ -2,91 +2,90 @@
{
accounts.email = {
maildirBasePath = "desktop/mails";
- accounts =
- {
- "icloud" = {
- primary = true;
- address = "vincent@demeester.fr";
- userName = "vdemeester@icloud.com";
- realName = "Vincent Demeester";
- passwordCommand = "${pkgs.passage}/bin/passage show mails/icloud/vdemeester";
- imap.host = "imap.mail.me.com";
- smtp.host = "smtp.mail.me.com";
- smtp.port = 587;
- mbsync = {
- enable = true;
- create = "both";
- expunge = "both";
- extraConfig = {
- channel = {
- Sync = "All";
- };
- account = {
- Timeout = 120;
- PipelineDepth = 1;
- };
+ accounts = {
+ "icloud" = {
+ primary = true;
+ address = "vincent@demeester.fr";
+ userName = "vdemeester@icloud.com";
+ realName = "Vincent Demeester";
+ passwordCommand = "${pkgs.passage}/bin/passage show mails/icloud/vdemeester";
+ imap.host = "imap.mail.me.com";
+ smtp.host = "smtp.mail.me.com";
+ smtp.port = 587;
+ mbsync = {
+ enable = true;
+ create = "both";
+ expunge = "both";
+ extraConfig = {
+ channel = {
+ Sync = "All";
};
- };
- mu.enable = true;
- msmtp = {
- enable = true;
- extraConfig = {
- tls_starttls = "on";
+ account = {
+ Timeout = 120;
+ PipelineDepth = 1;
};
};
};
- }
- // (
- if (hostname == "kyushu") then
- {
- # Work emails
- "redhat" = {
- # primary = true; # because it's work, but it's really just for notmuch
- address = "vdemeest@redhat.com";
- userName = "vdemeest@redhat.com";
- realName = "Vincent Demeester";
- passwordCommand = "${pkgs.passage}/bin/passage show mails/gmail/redhat";
- imap.host = "imap.gmail.com";
- smtp.host = "smtp.gmail.com";
- flavor = "gmail.com";
- mbsync = {
- enable = true;
- create = "both";
- expunge = "both";
- # Sync everything *but* "[Gmail] All Mail" to get the "organized" view.
- patterns = [
- "*"
- "!area/github"
- "!memo-list"
- "![Gmail]*"
- "[Gmail]/Sent Mail"
- "[Gmail]/Starred"
- "[Gmail]/Trash"
- "[Gmail]/Drafts"
- ];
- extraConfig = {
- channel = {
- Sync = "All";
- };
- account = {
- Timeout = 120;
- PipelineDepth = 1;
- };
+ mu.enable = true;
+ msmtp = {
+ enable = true;
+ extraConfig = {
+ tls_starttls = "on";
+ };
+ };
+ };
+ }
+ // (
+ if (hostname == "kyushu") then
+ {
+ # Work emails
+ "redhat" = {
+ # primary = true; # because it's work, but it's really just for notmuch
+ address = "vdemeest@redhat.com";
+ userName = "vdemeest@redhat.com";
+ realName = "Vincent Demeester";
+ passwordCommand = "${pkgs.passage}/bin/passage show mails/gmail/redhat";
+ imap.host = "imap.gmail.com";
+ smtp.host = "smtp.gmail.com";
+ flavor = "gmail.com";
+ mbsync = {
+ enable = true;
+ create = "both";
+ expunge = "both";
+ # Sync everything *but* "[Gmail] All Mail" to get the "organized" view.
+ patterns = [
+ "*"
+ "!area/github"
+ "!memo-list"
+ "![Gmail]*"
+ "[Gmail]/Sent Mail"
+ "[Gmail]/Starred"
+ "[Gmail]/Trash"
+ "[Gmail]/Drafts"
+ ];
+ extraConfig = {
+ channel = {
+ Sync = "All";
+ };
+ account = {
+ Timeout = 120;
+ PipelineDepth = 1;
};
};
- mu.enable = true;
- # aerc.enable = true;
- msmtp = {
- enable = true;
- # extraConfig = {
- # tls_starttls = "on";
- # };
- };
};
- }
- else
- { }
- );
+ mu.enable = true;
+ # aerc.enable = true;
+ msmtp = {
+ enable = true;
+ # extraConfig = {
+ # tls_starttls = "on";
+ # };
+ };
+ };
+ }
+ else
+ { }
+ );
};
programs.mbsync.enable = true;
home/common/dev/ai.nix
@@ -1,7 +1,6 @@
{
lib,
pkgs,
- inputs,
...
}:
{
home/common/dev/default.nix
@@ -6,5 +6,6 @@
{
imports = [
./base.nix
- ] ++ lib.optional (builtins.isString desktop) ./desktop.nix;
+ ]
+ ++ lib.optional (builtins.isString desktop) ./desktop.nix;
}
home/common/dev/emacs.nix
@@ -1,6 +1,5 @@
{
config,
- lib,
pkgs,
...
}:
home/common/shell/htop.nix
@@ -2,29 +2,28 @@
{
programs.htop = {
enable = true;
- settings =
- {
- delay = 10;
- }
- // (
- with config.lib.htop;
- leftMeters [
- (bar "AllCPUs2")
- (bar "Memory")
- (bar "Swap")
- ]
- )
- // (
- with config.lib.htop;
- rightMeters [
- (text "Clock")
- (text "Hostname")
- (text "Tasks")
- (text "LoadAverage")
- (text "Uptime")
- (text "Battery")
- (text "Systemd")
- ]
- );
+ settings = {
+ delay = 10;
+ }
+ // (
+ with config.lib.htop;
+ leftMeters [
+ (bar "AllCPUs2")
+ (bar "Memory")
+ (bar "Swap")
+ ]
+ )
+ // (
+ with config.lib.htop;
+ rightMeters [
+ (text "Clock")
+ (text "Hostname")
+ (text "Tasks")
+ (text "LoadAverage")
+ (text "Uptime")
+ (text "Battery")
+ (text "Systemd")
+ ]
+ );
};
}
home/default.nix
@@ -1,9 +1,7 @@
{
- config,
desktop,
hostname,
lib,
- outputs,
stateVersion,
username,
inputs,
lib/functions.nix
@@ -1,36 +1,36 @@
{ lib }:
let
/**
- * Check if the given name matches the current hostname.
- *
- * @param hostname The current hostname to compare against
- * @param n The name to check
- * @return true if n equals hostname, false otherwise
- */
+ Check if the given name matches the current hostname.
+
+ @param hostname The current hostname to compare against
+ @param n The name to check
+ @return true if n equals hostname, false otherwise
+ */
isCurrentHost = hostname: n: n == hostname;
-
+
/**
- * Check if a host has a VPN public key configured.
- *
- * @param host The host configuration to check
- * @return true if host has a non-empty VPN public key, false otherwise
- */
+ Check if a host has a VPN public key configured.
+
+ @param host The host configuration to check
+ @return true if host has a non-empty VPN public key, false otherwise
+ */
hasVPNPublicKey = host: (lib.attrsets.attrByPath [ "net" "vpn" "pubkey" ] "" host) != "";
-
+
/**
- * Check if a host has VPN IP addresses configured.
- *
- * @param host The host configuration to check
- * @return true if host has at least one VPN IP address, false otherwise
- */
+ Check if a host has VPN IP addresses configured.
+
+ @param host The host configuration to check
+ @return true if host has at least one VPN IP address, false otherwise
+ */
hasVPNips = host: (builtins.length (lib.attrsets.attrByPath [ "net" "vpn" "ips" ] [ ] host)) > 0;
-
+
/**
- * Return true if the given host has a list of Syncthing folder configured.
- *
- * @param host The host configuration to check
- * @return true if host has syncthing folders configured, false otherwise
- */
+ Return true if the given host has a list of Syncthing folder configured.
+
+ @param host The host configuration to check
+ @return true if host has syncthing folders configured, false otherwise
+ */
hasSyncthingFolders =
host:
builtins.hasAttr "syncthing" host
@@ -38,33 +38,33 @@ let
&& (builtins.length (lib.attrsets.attrValues host.syncthing.folders)) > 0;
/**
- * Check if a host has SSH host keys configured.
- *
- * @param host The host configuration to check
- * @return true if host has SSH host keys, false otherwise
- */
+ Check if a host has SSH host keys configured.
+
+ @param host The host configuration to check
+ @return true if host has SSH host keys, false otherwise
+ */
hasSSHHostKeys = host: builtins.hasAttr "ssh" host && builtins.hasAttr "hostKey" host.ssh;
/**
- * Get the path for the given folder, either using the host specified path or the default one.
- *
- * @param name The folder name
- * @param folder The folder configuration
- * @param folders The complete folders configuration
- * @return The path for the folder
- */
+ Get the path for the given folder, either using the host specified path or the default one.
+
+ @param name The folder name
+ @param folder The folder configuration
+ @param folders The complete folders configuration
+ @return The path for the folder
+ */
syncthingFolderPath =
name: folder: folders:
lib.attrsets.attrByPath [ "path" ] folders."${name}".path folder;
/**
- * Filter machines with the given syncthing folder.
- *
- * @param hostname The current hostname to exclude from results
- * @param folderName The folder name to filter by
- * @param machines The set of all machines
- * @return Filtered set of machines that have the specified folder and are not the current host
- */
+ Filter machines with the given syncthing folder.
+
+ @param hostname The current hostname to exclude from results
+ @param folderName The folder name to filter by
+ @param machines The set of all machines
+ @return Filtered set of machines that have the specified folder and are not the current host
+ */
syncthingMachinesWithFolder =
hostname: folderName: machines:
lib.attrsets.filterAttrs (
@@ -75,11 +75,11 @@ let
) machines;
/**
- * Generate Syncthing addresses for a machine from its network configuration.
- *
- * @param machine The machine configuration
- * @return List of TCP addresses (ips, vpn ips, and names) prefixed with "tcp://"
- */
+ Generate Syncthing addresses for a machine from its network configuration.
+
+ @param machine The machine configuration
+ @return List of TCP addresses (ips, vpn ips, and names) prefixed with "tcp://"
+ */
generateSyncthingAdresses =
machine:
builtins.map (x: "tcp://${x}") (
@@ -89,11 +89,11 @@ let
);
/**
- * Get SSH host identifiers for a machine (names, IPs, and VPN IPs).
- *
- * @param machine The machine configuration
- * @return List of all network identifiers for the machine
- */
+ Get SSH host identifiers for a machine (names, IPs, and VPN IPs).
+
+ @param machine The machine configuration
+ @return List of all network identifiers for the machine
+ */
sshHostIdentifier =
machine:
lib.attrsets.attrByPath [ "net" "names" ] [ ] machine
@@ -101,11 +101,11 @@ let
++ lib.attrsets.attrByPath [ "net" "vpn" "ips" ] [ ] machine;
/**
- * Generate host configuration mapping IPs to appropriate hostnames.
- *
- * @param machine The machine configuration
- * @return Attribute set mapping IP addresses to corresponding hostnames
- */
+ Generate host configuration mapping IPs to appropriate hostnames.
+
+ @param machine The machine configuration
+ @return Attribute set mapping IP addresses to corresponding hostnames
+ */
hostConfig =
machine:
builtins.listToAttrs (
@@ -127,11 +127,11 @@ let
);
/**
- * Generate SSH configuration for a machine.
- *
- * @param machine The machine configuration
- * @return Attribute set of SSH host configurations with hostnames, identity settings, etc.
- */
+ Generate SSH configuration for a machine.
+
+ @param machine The machine configuration
+ @return Attribute set of SSH host configurations with hostnames, identity settings, etc.
+ */
sshConfig =
machine:
builtins.listToAttrs (
@@ -159,21 +159,21 @@ let
);
/**
- * Return a list of wireguard ips from a list of ips.
- *
- * Essentially, it will append /32 to each element of the list.
- *
- * @param ips List of IP addresses
- * @return List of IP addresses with /32 suffix for wireguard configuration
- */
+ Return a list of wireguard ips from a list of ips.
+
+ Essentially, it will append /32 to each element of the list.
+
+ @param ips List of IP addresses
+ @return List of IP addresses with /32 suffix for wireguard configuration
+ */
wg-ips = ips: builtins.map (x: "${x}/32") ips;
/**
- * Generate Wireguard peer configurations from a set of machines.
- *
- * @param machines The set of all machines
- * @return List of wireguard peer configurations with allowedIPs and publicKey
- */
+ Generate Wireguard peer configurations from a set of machines.
+
+ @param machines The set of all machines
+ @return List of wireguard peer configurations with allowedIPs and publicKey
+ */
generateWireguardPeers =
machines:
lib.attrsets.attrValues (
@@ -190,14 +190,14 @@ let
);
/**
- * Generate Syncthing folder configurations for the current machine.
- *
- * @param hostname The current hostname
- * @param machine The current machine configuration
- * @param machines The set of all machines
- * @param folders The folder definitions
- * @return Attribute set of syncthing folder configurations
- */
+ Generate Syncthing folder configurations for the current machine.
+
+ @param hostname The current hostname
+ @param machine The current machine configuration
+ @param machines The set of all machines
+ @param folders The folder definitions
+ @return Attribute set of syncthing folder configurations
+ */
generateSyncthingFolders =
hostname: machine: machines: folders:
lib.attrsets.mapAttrs' (
@@ -205,18 +205,20 @@ let
lib.attrsets.nameValuePair (syncthingFolderPath name value folders) {
inherit (folders."${name}") id;
label = name;
- devices = lib.attrsets.mapAttrsToList (n: _v: n) (syncthingMachinesWithFolder hostname name machines);
+ devices = lib.attrsets.mapAttrsToList (n: _v: n) (
+ syncthingMachinesWithFolder hostname name machines
+ );
rescanIntervalS = 3600 * 6; # TODO: make it configurable
}
) (lib.attrsets.attrByPath [ "syncthing" "folders" ] { } machine);
/**
- * Generate Syncthing device configurations for all machines except the current one.
- *
- * @param hostname The current hostname to exclude
- * @param machines The set of all machines
- * @return Attribute set of syncthing device configurations with IDs and addresses
- */
+ Generate Syncthing device configurations for all machines except the current one.
+
+ @param hostname The current hostname to exclude
+ @param machines The set of all machines
+ @return Attribute set of syncthing device configurations with IDs and addresses
+ */
generateSyncthingDevices =
hostname: machines:
lib.attrsets.mapAttrs
@@ -225,25 +227,27 @@ let
addresses = generateSyncthingAdresses value;
})
(
- lib.attrsets.filterAttrs (name: value: hasSyncthingFolders value && !(isCurrentHost hostname name)) machines
+ lib.attrsets.filterAttrs (
+ name: value: hasSyncthingFolders value && !(isCurrentHost hostname name)
+ ) machines
);
/**
- * Generate Syncthing GUI address for a machine.
- *
- * @param machine The machine configuration
- * @return String in format "IP:8384" for accessing Syncthing GUI
- */
+ Generate Syncthing GUI address for a machine.
+
+ @param machine The machine configuration
+ @return String in format "IP:8384" for accessing Syncthing GUI
+ */
syncthingGuiAddress =
machine:
(builtins.head (lib.attrsets.attrByPath [ "net" "vpn" "ips" ] [ "127.0.0.1" ] machine)) + ":8384";
/**
- * Generate SSH known_hosts entries for all machines with SSH host keys.
- *
- * @param machines The set of all machines
- * @return String containing SSH known_hosts entries
- */
+ Generate SSH known_hosts entries for all machines with SSH host keys.
+
+ @param machines The set of all machines
+ @return String containing SSH known_hosts entries
+ */
sshKnownHosts =
machines:
lib.strings.concatStringsSep "\n" (
@@ -253,20 +257,20 @@ let
);
/**
- * Merge host configurations from all machines.
- *
- * @param machines The set of all machines
- * @return Merged attribute set of all host configurations
- */
+ Merge host configurations from all machines.
+
+ @param machines The set of all machines
+ @return Merged attribute set of all host configurations
+ */
hostConfigs =
machines: lib.attrsets.mergeAttrsList (lib.attrsets.mapAttrsToList (_name: hostConfig) machines);
/**
- * Generate and merge SSH configurations from all machines.
- *
- * @param machines The set of all machines
- * @return Merged attribute set of all SSH configurations
- */
+ Generate and merge SSH configurations from all machines.
+
+ @param machines The set of all machines
+ @return Merged attribute set of all SSH configurations
+ */
sshConfigs =
machines:
lib.attrsets.mergeAttrsList (
@@ -297,4 +301,4 @@ in
hostConfigs
sshConfigs
;
-}
\ No newline at end of file
+}
modules/wireguard-client.nix
@@ -1,6 +1,5 @@
{
config,
- options,
lib,
pkgs,
...
modules/wireguard-server.nix
@@ -1,6 +1,5 @@
{
config,
- options,
lib,
pkgs,
...
pkgs/systemd-email/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, lib }:
+{ stdenv }:
stdenv.mkDerivation rec {
name = "systemd-email";
pkgs/nixfmt-plus.nix
@@ -4,7 +4,7 @@ pkgs.writeShellApplication {
name = "nixfmt-plus";
runtimeInputs = with pkgs; [
deadnix
- nixfmt
+ nixfmt-rfc-style
statix
];
text = ''
systems/aix/extra.nix
@@ -1,5 +1,8 @@
{
- libx, globals, ... }:
+ libx,
+ globals,
+ ...
+}:
{
imports = [
../common/services/samba.nix
systems/athena/extra.nix
@@ -1,5 +1,8 @@
{
- libx, globals, ... }:
+ libx,
+ globals,
+ ...
+}:
{
imports = [
../common/services/bind.nix
systems/common/base/default.nix
@@ -66,13 +66,14 @@
# Clear out /tmp after a fortnight and give all normal users a ~/tmp
# cleaned out weekly.
- systemd.tmpfiles.rules =
- [ "d /tmp 1777 root root 14d" ]
- ++ (
- let
- mkTmpDir = n: u: "d ${u.home}/tmp 0700 ${n} ${u.group} 7d";
- in
- lib.mapAttrsToList mkTmpDir (lib.filterAttrs (_: u: u.isNormalUser) config.users.extraUsers)
- );
+ systemd.tmpfiles.rules = [
+ "d /tmp 1777 root root 14d"
+ ]
+ ++ (
+ let
+ mkTmpDir = n: u: "d ${u.home}/tmp 0700 ${n} ${u.group} 7d";
+ in
+ lib.mapAttrsToList mkTmpDir (lib.filterAttrs (_: u: u.isNormalUser) config.users.extraUsers)
+ );
}
systems/common/desktop/niri.nix
@@ -1,6 +1,5 @@
{
pkgs,
- lib,
...
}:
{
systems/common/hardware/yubikey.nix
@@ -1,7 +1,6 @@
{
lib,
pkgs,
- config,
desktop,
...
}:
systems/common/services/bind.nix
@@ -12,7 +12,8 @@
'';
cacheNetworks = [
"127.0.0.0/8"
- ] ++ globals.net.dns.cacheNetworks;
+ ]
+ ++ globals.net.dns.cacheNetworks;
inherit (globals.net.dns) zones;
};
}
systems/common/services/networkmanager.nix
@@ -11,18 +11,17 @@
wifi = {
backend = "iwd";
};
- unmanaged =
- [
- "interface-name:br-*"
- "interface-name:ve-*" # FIXME are those docker's or libvirt's
- "interface-name:veth-*" # FIXME are those docker's or libvirt's
- ]
- # Do not manager wireguard
- ++ lib.optionals config.networking.wireguard.enable [ "interface-name:wg0" ]
- # Do not manage docker interfaces
- ++ lib.optionals config.virtualisation.docker.enable [ "interface-name:docker0" ]
- # Do not manager libvirt interfaces
- ++ lib.optionals config.virtualisation.libvirtd.enable [ "interface-name:virbr*" ];
+ unmanaged = [
+ "interface-name:br-*"
+ "interface-name:ve-*" # FIXME are those docker's or libvirt's
+ "interface-name:veth-*" # FIXME are those docker's or libvirt's
+ ]
+ # Do not manager wireguard
+ ++ lib.optionals config.networking.wireguard.enable [ "interface-name:wg0" ]
+ # Do not manage docker interfaces
+ ++ lib.optionals config.virtualisation.docker.enable [ "interface-name:docker0" ]
+ # Do not manager libvirt interfaces
+ ++ lib.optionals config.virtualisation.libvirtd.enable [ "interface-name:virbr*" ];
plugins = with pkgs; [ networkmanager-openvpn ];
};
};
systems/demeter/extra.nix
@@ -1,5 +1,8 @@
{
- libx, globals, ... }:
+ libx,
+ globals,
+ ...
+}:
{
imports = [
../common/services/bind.nix
flake.nix
@@ -112,44 +112,38 @@
];
}
)
- (
- { ... }:
- {
- networking.hostName = "nagoya";
- users.users.yourUserName = {
- initialPassword = "yourInitialPassword";
- isNormalUser = true;
- extraGroups = [
- "wheel"
+ (_: {
+ networking.hostName = "nagoya";
+ users.users.yourUserName = {
+ initialPassword = "yourInitialPassword";
+ isNormalUser = true;
+ extraGroups = [
+ "wheel"
+ ];
+ };
+
+ services.openssh.enable = true;
+ })
+
+ (_: {
+ fileSystems = {
+ "/boot/firmware" = {
+ device = "/dev/disk/by-uuid/2175-794E";
+ fsType = "vfat";
+ options = [
+ "noatime"
+ "noauto"
+ "x-systemd.automount"
+ "x-systemd.idle-timeout=1min"
];
};
-
- services.openssh.enable = true;
- }
- )
-
- (
- { ... }:
- {
- fileSystems = {
- "/boot/firmware" = {
- device = "/dev/disk/by-uuid/2175-794E";
- fsType = "vfat";
- options = [
- "noatime"
- "noauto"
- "x-systemd.automount"
- "x-systemd.idle-timeout=1min"
- ];
- };
- "/" = {
- device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
- fsType = "ext4";
- options = [ "noatime" ];
- };
+ "/" = {
+ device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
+ fsType = "ext4";
+ options = [ "noatime" ];
};
- }
- )
+ };
+ })
];
};
sakhalin = libx.mkHost {
globals.nix
@@ -1,5 +1,4 @@
-{ hostname, lib, ... }:
-{
+_: {
ssh = {
vincent = [
# Yubikeys