Commit c1ffad6588c7
Changed files (182)
home
common
desktop
services
lib
modules
nix
modules
overlays
packages
adi1090x-plymouth
ape
athens
batzconverter
chmouzies
fhs
gogo-protobuf
govanityurl
kubernix
manifest-tool
operator-tooling
prm
protobuild
ram
rmapi
sec
pkgs
secrets
systems
common
base
desktop
hardware
programs
services
users
hardware
hosts
kyushu
modules
desktop
editors
profiles
programs
services
virtualisation
redhat
tools
bekind
emacs
config
etc
eshell
ergodox
k8s.infra
users
houbeb
modules
profiles
root
vincent
containers
desktop
mails
home/common/desktop/sway/default.nix
@@ -108,7 +108,7 @@ in
keybindings =
let
mod = config.wayland.windowManager.sway.config.modifier;
- inherit (config.wayland.windowManager.sway.config) left down up right menu terminal;
+ inherit (config.wayland.windowManager.sway.config) terminal;
in
{
"${mod}+Return" = "exec ${terminal}";
@@ -176,34 +176,52 @@ in
};
}
{
- criteria = { title = "Save File"; };
+ criteria = {
+ title = "Save File";
+ };
command = "floating enable, resize set width 600px height 800px";
}
{
- criteria = { class = "pwvucontrol"; };
+ criteria = {
+ class = "pwvucontrol";
+ };
command = "floating enable";
}
{
- criteria = { title = "(Sharing Indicator)"; };
+ criteria = {
+ title = "(Sharing Indicator)";
+ };
command = "inhibit_idle visible, floating enable";
}
{
# browser zoom|meet|bluejeans
- criteria = { title = "(Blue Jeans)|(Meet)|(Zoom Meeting)"; };
+ criteria = {
+ title = "(Blue Jeans)|(Meet)|(Zoom Meeting)";
+ };
command = "inhibit_idle visible";
}
# for_window [app_id="^chrome-.*"] shortcuts_inhibitor disable
{
- criteria = { app_id = "^chrome-.*"; };
+ criteria = {
+ app_id = "^chrome-.*";
+ };
command = "shortcuts_inhibitor disable";
}
];
startup = [
- { command = "dbus-update-activation-environment --systemd WAYLAND_DISPLAY DISPLAY DBUS_SESSION_BUS_ADDRESS SWAYSOCK XDG_SESSION_TYPE XDG_SESSION_DESKTOP XDG_CURRENT_DESKTOP"; } #workaround
+ {
+ command = "dbus-update-activation-environment --systemd WAYLAND_DISPLAY DISPLAY DBUS_SESSION_BUS_ADDRESS SWAYSOCK XDG_SESSION_TYPE XDG_SESSION_DESKTOP XDG_CURRENT_DESKTOP";
+ } # workaround
# Make sure we update systemd service env variables with the current ones. This is required for dbus to work properly.
{ command = "dbus-update-activation-environment --systemd --all"; }
- { command = "systemctl --user restart kanshi"; always = true; }
- { command = "${pkgs.pa-notify}/bin/pa-notify -u0"; always = true; }
+ {
+ command = "systemctl --user restart kanshi";
+ always = true;
+ }
+ {
+ command = "${pkgs.pa-notify}/bin/pa-notify -u0";
+ always = true;
+ }
# Probably put a condition here.
{ command = "emacs --fg-daemon"; }
{ command = "i3-back"; }
@@ -214,7 +232,7 @@ in
extraConfig =
let
mod = config.wayland.windowManager.sway.config.modifier;
- inherit (config.wayland.windowManager.sway.config) left down up right menu terminal;
+ inherit (config.wayland.windowManager.sway.config) menu;
in
''
bindcode ${mod}+33 exec "${menu}"
home/common/desktop/sway/kanshi.nix
@@ -6,15 +6,30 @@ _: {
{
profile.name = "aomi";
profile.outputs = [
- { criteria = "eDP-1"; status = "disable"; }
- { criteria = "DP-1"; status = "enable"; position = "0,0"; mode = "3440x1440"; scale = 1.0; }
+ {
+ criteria = "eDP-1";
+ status = "disable";
+ }
+ {
+ criteria = "DP-1";
+ status = "enable";
+ position = "0,0";
+ mode = "3440x1440";
+ scale = 1.0;
+ }
];
}
{
profile.name = "home-undocked";
profile.outputs = [
# Output eDP-1 'AU Optronics 0xD291 Unknown'
- { criteria = "eDP-1"; status = "enable"; position = "0,0"; mode = "1920x1200"; scale = 1.0; }
+ {
+ criteria = "eDP-1";
+ status = "enable";
+ position = "0,0";
+ mode = "1920x1200";
+ scale = 1.0;
+ }
];
}
{
@@ -24,9 +39,21 @@ _: {
# Output eDP-1 'Unknown 0xD291 Unknown'
# Output DP-5 'LG Electronics LG ULTRAWIDE 0x0005D10C' (focused)
# { criteria = "LG Electronics LG ULTRAWIDE 0x0000D50C"; status = "enable"; position = "0,0"; mode = "3440x1440"; scale = 1.0; }
- { criteria = "DP-5"; status = "enable"; position = "0,0"; mode = "3440x1440"; scale = 1.0; }
+ {
+ criteria = "DP-5";
+ status = "enable";
+ position = "0,0";
+ mode = "3440x1440";
+ scale = 1.0;
+ }
# Use it as a "shareable" screen when needed
- { criteria = "eDP-1"; status = "enable"; position = "1460,1440"; mode = "1920x1200"; scale = 1.0; }
+ {
+ criteria = "eDP-1";
+ status = "enable";
+ position = "1460,1440";
+ mode = "1920x1200";
+ scale = 1.0;
+ }
];
}
];
home/common/desktop/sway/mako.nix
@@ -1,5 +1,4 @@
-_:
-{
+_: {
services.mako = {
enable = true;
font = "JetBrains Mono 12";
home/common/desktop/sway/swayidle.nix
@@ -7,8 +7,14 @@
services.swayidle = {
enable = true;
events = [
- { event = "before-sleep"; command = "${pkgs.swaylock}/bin/swaylock --daemonize -i $HOME/desktop/pictures/lockscreen"; }
- { event = "lock"; command = "${pkgs.swaylock}/bin/swaylock --daemonize -i $HOME/desktop/pictures/lockscreen"; }
+ {
+ event = "before-sleep";
+ command = "${pkgs.swaylock}/bin/swaylock --daemonize -i $HOME/desktop/pictures/lockscreen";
+ }
+ {
+ event = "lock";
+ command = "${pkgs.swaylock}/bin/swaylock --daemonize -i $HOME/desktop/pictures/lockscreen";
+ }
];
timeouts = [
{
home/common/desktop/kitty.nix
@@ -29,7 +29,7 @@ _: {
"shift+down" = "neighboring_window down";
};
themeFile = "Tango_Light";
- # action_alias mkh kitten hints --alphabet asdfghjklqwertyuiopzxcvbnmASDFGHJKLQWERTYUIOPZXCVBNM
+ # action_alias mkh kitten hints --alphabet asdfghjklqwertyuiopzxcvbnmASDFGHJKLQWERTYUIOPZXCVBNM
# map kitty_mod+n mkh --type=linenum emacsclient -c -nw +{line} {path}
};
}
home/common/desktop/mails.nix
@@ -1,76 +1,92 @@
-{ config, pkgs, hostname, ... }:
+{ pkgs, hostname, ... }:
{
accounts.email = {
maildirBasePath = "desktop/mails";
- accounts = {
- "icloud" = {
- primary = true;
- address = "vincent@demeester.fr";
- userName = "vdemeester@icloud.com";
- realName = "Vincent Demeester";
- passwordCommand = "${pkgs.passage}/bin/passage show mails/icloud/vdemeester";
- imap.host = "imap.mail.me.com";
- smtp.host = "smtp.mail.me.com";
- smtp.port = 587;
- mbsync = {
- enable = true;
- create = "both";
- expunge = "both";
- extraConfig = {
- channel = {
- Sync = "All";
+ accounts =
+ {
+ "icloud" = {
+ primary = true;
+ address = "vincent@demeester.fr";
+ userName = "vdemeester@icloud.com";
+ realName = "Vincent Demeester";
+ passwordCommand = "${pkgs.passage}/bin/passage show mails/icloud/vdemeester";
+ imap.host = "imap.mail.me.com";
+ smtp.host = "smtp.mail.me.com";
+ smtp.port = 587;
+ mbsync = {
+ enable = true;
+ create = "both";
+ expunge = "both";
+ extraConfig = {
+ channel = {
+ Sync = "All";
+ };
+ account = {
+ Timeout = 120;
+ PipelineDepth = 1;
+ };
};
- account = {
- Timeout = 120;
- PipelineDepth = 1;
+ };
+ mu.enable = true;
+ msmtp = {
+ enable = true;
+ extraConfig = {
+ tls_starttls = "on";
};
};
};
- mu.enable = true;
- msmtp = {
- enable = true;
- extraConfig = {
- tls_starttls = "on";
- };
- };
- };
- } // (if (hostname == "kyushu") then {
- # Work emails
- "redhat" = {
- # primary = true; # because it's work, but it's really just for notmuch
- address = "vdemeest@redhat.com";
- userName = "vdemeest@redhat.com";
- realName = "Vincent Demeester";
- passwordCommand = "${pkgs.passage}/bin/passage show mails/gmail/redhat";
- imap.host = "imap.gmail.com";
- smtp.host = "smtp.gmail.com";
- flavor = "gmail.com";
- mbsync = {
- enable = true;
- create = "both";
- expunge = "both";
- # Sync everything *but* "[Gmail] All Mail" to get the "organized" view.
- patterns = [ "*" "!area/github" "!memo-list" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/Trash" "[Gmail]/Drafts" ];
- extraConfig = {
- channel = {
- Sync = "All";
+ }
+ // (
+ if (hostname == "kyushu") then
+ {
+ # Work emails
+ "redhat" = {
+ # primary = true; # because it's work, but it's really just for notmuch
+ address = "vdemeest@redhat.com";
+ userName = "vdemeest@redhat.com";
+ realName = "Vincent Demeester";
+ passwordCommand = "${pkgs.passage}/bin/passage show mails/gmail/redhat";
+ imap.host = "imap.gmail.com";
+ smtp.host = "smtp.gmail.com";
+ flavor = "gmail.com";
+ mbsync = {
+ enable = true;
+ create = "both";
+ expunge = "both";
+ # Sync everything *but* "[Gmail] All Mail" to get the "organized" view.
+ patterns = [
+ "*"
+ "!area/github"
+ "!memo-list"
+ "![Gmail]*"
+ "[Gmail]/Sent Mail"
+ "[Gmail]/Starred"
+ "[Gmail]/Trash"
+ "[Gmail]/Drafts"
+ ];
+ extraConfig = {
+ channel = {
+ Sync = "All";
+ };
+ account = {
+ Timeout = 120;
+ PipelineDepth = 1;
+ };
+ };
+ };
+ mu.enable = true;
+ # aerc.enable = true;
+ msmtp = {
+ enable = true;
+ # extraConfig = {
+ # tls_starttls = "on";
+ # };
+ };
};
- account = {
- Timeout = 120;
- PipelineDepth = 1;
- };
- };
- };
- mu.enable = true;
- # aerc.enable = true;
- msmtp = {
- enable = true;
- # extraConfig = {
- # tls_starttls = "on";
- # };
- };
- };
- } else { });
+ }
+ else
+ { }
+ );
};
programs.mbsync.enable = true;
home/common/desktop/mpv.nix
@@ -6,6 +6,9 @@
hwdec = "auto";
osc = "no";
};
- scripts = [ pkgs.mpvScripts.mpris pkgs.mpvScripts.modernz ];
+ scripts = [
+ pkgs.mpvScripts.mpris
+ pkgs.mpvScripts.modernz
+ ];
};
}
home/common/desktop/xdg.nix
@@ -83,8 +83,15 @@ in
genericName = "Web Browser";
exec = "firefox %U";
terminal = false;
- categories = [ "Application" "Network" "WebBrowser" ];
- mimeType = [ "text/html" "text/xml" ];
+ categories = [
+ "Application"
+ "Network"
+ "WebBrowser"
+ ];
+ mimeType = [
+ "text/html"
+ "text/xml"
+ ];
};
};
};
home/common/dev/containers.nix
@@ -1,4 +1,5 @@
-{ pkgs, ... }: {
+{ pkgs, ... }:
+{
home.packages = with pkgs; [
# containers
oras
@@ -27,13 +28,14 @@
# build
dagger
# google
- (google-cloud-sdk.withExtraComponents
- (with google-cloud-sdk.components; [
+ (google-cloud-sdk.withExtraComponents (
+ with google-cloud-sdk.components;
+ [
gke-gcloud-auth-plugin
gcloud-man-pages
cloud-run-proxy
terraform-tools
- ])
- )
+ ]
+ ))
];
}
home/common/dev/default.nix
@@ -1,6 +1,7 @@
-{ lib
-, desktop
-, ...
+{
+ lib,
+ desktop,
+ ...
}:
{
imports = [
home/common/dev/emacs.nix
@@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
let
capture = pkgs.writeScriptBin "capture" ''
#!${pkgs.stdenv.shell}
@@ -12,145 +17,146 @@ let
#!${pkgs.stdenv.shell}
emacsclient --create-frame $@
'';
- myExtraPackages = epkgs: with epkgs; [
- ace-window
- adoc-mode
- age
- aggressive-indent
- aidermacs
- alert
- async
- avy
- beginend
- cape
- casual
- casual-avy
- conner
- consult
- consult-dir
- consult-denote
- consult-project-extra
- consult-vc-modified-files
- copilot
- copilot-chat
- corfu
- corfu-candidate-overlay
- dape
- dash
- denote
- denote-org
- denote-journal
- denote-sequence # maybe ?
- denote-menu
- devdocs
- diff-hl
- dired-collapse
- dired-narrow
- dired-rsync
- diredfl
- dockerfile-mode
- doom-modeline
- easy-kill
- eat
- edit-indirect
- editorconfig
- eldoc-box
- pr-review
- embark
- embark-consult
- emms
- envrc
- eshell-atuin
- eshell-prompt-extras
- esup
- flimenu
- flymake-yamllint
- git-modes
- go-mode
- gotest
- gotest-ts
- gptel
- hardhat
- helpful
- highlight
- highlight-indentation
- htmlize
- ibuffer-vc
- indent-bars
- jinx
- json-mode
- kubed
- ligature
- macrostep
- magit
- magit-popup
- marginalia
- markdown-mode
- minions
- modus-themes
- multi-vterm
- mu4e
- mwim
- nix-mode
- nix-ts-mode
- nixpkgs-fmt
- no-littering
- noether
- # notmuch
- ob-async
- ob-go
- ob-http
- orderless # TODO configure this
- org
- org-contrib
- org-download
- org-modern
- org-nix-shell
- org-ql
- org-review
- org-rich-yank
- org-tree-slide
- org-web-tools
- orgalist
- orgit
- outline-indent
- ox-pandoc
- pandoc-mode
- # password-store
- # pkgs.bookmatrk-plus # Do I use it ?
- popper
- project-rootfile
- rg
- run-command # Try this out instead of conner, might be even better
- scopeline
- scratch
- shr-tag-pre-highlight
- sideline
- sideline-eglot
- sideline-flymake
- smartparens
- substitute
- surround
- symbol-overlay
- tempel
- tempel-collection
- topsy
- trashed
- treesit-fold
- treesit-grammars.with-all-grammars # see how much it weight
- typescript-mode
- vc-jj
- verb
- vertico
- visual-fill-column
- visual-regexp
- vterm
- vundo
- web-mode
- wgrep
- with-editor
- xterm-color
- ];
+ myExtraPackages =
+ epkgs: with epkgs; [
+ ace-window
+ adoc-mode
+ age
+ aggressive-indent
+ aidermacs
+ alert
+ async
+ avy
+ beginend
+ cape
+ casual
+ casual-avy
+ conner
+ consult
+ consult-dir
+ consult-denote
+ consult-project-extra
+ consult-vc-modified-files
+ copilot
+ copilot-chat
+ corfu
+ corfu-candidate-overlay
+ dape
+ dash
+ denote
+ denote-org
+ denote-journal
+ denote-sequence # maybe ?
+ denote-menu
+ devdocs
+ diff-hl
+ dired-collapse
+ dired-narrow
+ dired-rsync
+ diredfl
+ dockerfile-mode
+ doom-modeline
+ easy-kill
+ eat
+ edit-indirect
+ editorconfig
+ eldoc-box
+ pr-review
+ embark
+ embark-consult
+ emms
+ envrc
+ eshell-atuin
+ eshell-prompt-extras
+ esup
+ flimenu
+ flymake-yamllint
+ git-modes
+ go-mode
+ gotest
+ gotest-ts
+ gptel
+ hardhat
+ helpful
+ highlight
+ highlight-indentation
+ htmlize
+ ibuffer-vc
+ indent-bars
+ jinx
+ json-mode
+ kubed
+ ligature
+ macrostep
+ magit
+ magit-popup
+ marginalia
+ markdown-mode
+ minions
+ modus-themes
+ multi-vterm
+ mu4e
+ mwim
+ nix-mode
+ nix-ts-mode
+ nixpkgs-fmt
+ no-littering
+ noether
+ # notmuch
+ ob-async
+ ob-go
+ ob-http
+ orderless # TODO configure this
+ org
+ org-contrib
+ org-download
+ org-modern
+ org-nix-shell
+ org-ql
+ org-review
+ org-rich-yank
+ org-tree-slide
+ org-web-tools
+ orgalist
+ orgit
+ outline-indent
+ ox-pandoc
+ pandoc-mode
+ # password-store
+ # pkgs.bookmatrk-plus # Do I use it ?
+ popper
+ project-rootfile
+ rg
+ run-command # Try this out instead of conner, might be even better
+ scopeline
+ scratch
+ shr-tag-pre-highlight
+ sideline
+ sideline-eglot
+ sideline-flymake
+ smartparens
+ substitute
+ surround
+ symbol-overlay
+ tempel
+ tempel-collection
+ topsy
+ trashed
+ treesit-fold
+ treesit-grammars.with-all-grammars # see how much it weight
+ typescript-mode
+ vc-jj
+ verb
+ vertico
+ visual-fill-column
+ visual-regexp
+ vterm
+ vundo
+ web-mode
+ wgrep
+ with-editor
+ xterm-color
+ ];
in
{
home.file.".config/emacs" = {
@@ -180,7 +186,14 @@ in
enable = true;
# FIXME: choose depending on the enabled modules
#package = (pkgs.emacs29.override { withTreeSitter = true; withNativeCompilation = true; withPgtk = true; withWebP = true; withGTK3 = true; withSQLite3 = true; });
- package = (pkgs.emacs-unstable.override { withTreeSitter = true; withNativeCompilation = true; withPgtk = true; withWebP = true; withGTK3 = true; withSQLite3 = true; });
+ package = pkgs.emacs-unstable.override {
+ withTreeSitter = true;
+ withNativeCompilation = true;
+ withPgtk = true;
+ withWebP = true;
+ withGTK3 = true;
+ withSQLite3 = true;
+ };
extraPackages = myExtraPackages;
};
# services.emacs = {
home/common/services/syncthing.nix
@@ -1,62 +1,40 @@
-{ config
-, lib
-, pkgs
-, outputs
-, ...
-}:
+_:
let
- isCurrentHost = n: v: n != config.networking.hostName;
# Folders list
folders = [
- { label = "sync"; id = "7dshg-r8zr6"; } # TODO maybe deprecate for documents
- { label = "documents"; id = "oftdb-t5anv"; }
- { label = "org"; id = "sjpsr-xfwdu"; }
- { label = "screenshots"; id = "prpsz-azlz9"; }
- { label = "wallpapers"; id = "wpiah-ydwwx"; }
- { label = "photos"; id = "uetya-ypa3d"; }
- { label = "music"; id = "kcyrf-mugzt"; }
+ {
+ label = "sync";
+ id = "7dshg-r8zr6";
+ } # TODO maybe deprecate for documents
+ {
+ label = "documents";
+ id = "oftdb-t5anv";
+ }
+ {
+ label = "org";
+ id = "sjpsr-xfwdu";
+ }
+ {
+ label = "screenshots";
+ id = "prpsz-azlz9";
+ }
+ {
+ label = "wallpapers";
+ id = "wpiah-ydwwx";
+ }
+ {
+ label = "photos";
+ id = "uetya-ypa3d";
+ }
+ {
+ label = "music";
+ id = "kcyrf-mugzt";
+ }
];
- getSyncthingFolders = c:
- if builtins.hasAttr "syncthingFolders" c._module.specialArgs
- then
- c._module.specialArgs.syncthingFolders
- else
- [ ];
- deviceHasFolder = folder: n: v: lib.lists.any (s: s == folder) (getSyncthingFolders v);
- devicesForFolder = folder: lib.attrsets.filterAttrs (deviceHasFolder folder) outputs.nixosConfigurations;
# outputs.nixosConfigurations.$.syncthingFolders will contains the folders for a host
# FIXME: we could use another file, and a "configuration" so that I don't import it ? or in the flake, but not in makeHost
# non-nixos syncthing machines
- extras = [
- # NAS
- {
- name = "aion";
- id = "YORNSGU-UC4IAG5-IWJCD7T-MVPIU7O-AYM36UK-LEHF7AP-CBC4L6C-ZWKUYQF";
- addresses = [ "tcp://aion.home" "tcp://aion.vpn" "tcp://aion.sbr.pm" ];
- folders = [ "org" "documents" "sync" "screenshots" "wallpapers" "photos" "videos" ];
- }
- # Macbook
- {
- name = "honshu";
- id = "RGIR34D-3SH3GZK-CYPNNFI-5M5I2K4-HVTUS56-72GJTLH-SDMOY4I-I7AURQR";
- addresses = [ "tcp://honshu.home" "tcp://honshu.sbr.pm" ];
- folders = [ ];
- }
- # Windows Gaming machine
- {
- name = "okinawa";
- id = "2RWT47Z-UGSH4QO-G4W6XN7-3XY722R-ZKGDN5U-4MDGHMA-6SM26QM-7VCQIAZ";
- addresses = [ "tcp://okinawa.home" "tcp://okinawa.vpn" "tcp://okinawa.sbr.pm" ];
- folder = [ ];
- }
- # iPhone
- {
- name = "hokkaido";
- id = "XD4XYNZ-DT3PJEY-UJYBHWX-6OQPPUI-HTW752L-FYTX3TW-GVHDTKW-PT336QV";
- folders = [ "org" "music" "documents" "sync" ];
- }
- ];
in
{
services.syncthing = {
@@ -65,57 +43,105 @@ in
# guiAddress = cfg.guiAddress;
# TODO This is only for kyushu, will need to migrate this later
settings = {
+ # FIXME this doesn't work, I wish it did.
+ # defaults = {
+ # ignores = { lines = [ "(?d).DS_Store" "**" ]; };
+ # };
devices = {
aomi = {
id = "XCR6WWB-OZUDGFB-LQPFW73-MV5SPJK-4IGOMA4-IAXON3I-C6OFETL-TPK5FQS";
- addresses = [ "tcp://aomi.vpn" "tcp://aomi.light" "tcp://aomi.sbr.pm" ];
+ addresses = [
+ "tcp://aomi.vpn"
+ "tcp://aomi.light"
+ "tcp://aomi.sbr.pm"
+ ];
};
sakhalin = {
id = "4TYYG7V-A67D5SN-HMEJCI7-POOZRLL-RNCIE4U-ZYVGTOB-JQ5DOSV-ZCGWUAL";
- addresses = [ "tcp://sakhalin.light" "tcp://sakhalin.vpn" "tcp://sakhalin.sbr.pm" ];
+ addresses = [
+ "tcp://sakhalin.light"
+ "tcp://sakhalin.vpn"
+ "tcp://sakhalin.sbr.pm"
+ ];
};
shikoku = {
id = "KZMMXRR-UINDQTS-H3TV2W7-EIGOUDI-3LW4ZDG-7PRKDFV-MJ5KUTJ-YG5Y5AI";
- addresses = [ "tcp://shikoku.light" "tcp://shikoku.vpn" "tcp://shikoku.sbr.pm" ];
+ addresses = [
+ "tcp://shikoku.light"
+ "tcp://shikoku.vpn"
+ "tcp://shikoku.sbr.pm"
+ ];
};
kerkouane = {
id = "IFVRRQ7-KMIOQXP-5YDJXQU-UJXUKHB-7THCSY6-B3NHRNA-ED7IRI7-2JPPKQY";
- addresses = [ "tcp://10.100.0.1" "tcp://kerkouane.vpn" ];
+ addresses = [
+ "tcp://10.100.0.1"
+ "tcp://kerkouane.vpn"
+ ];
};
aion = {
id = "YORNSGU-UC4IAG5-IWJCD7T-MVPIU7O-AYM36UK-LEHF7AP-CBC4L6C-ZWKUYQF";
- addresses = [ "tcp://aion.light" "tcp://aion.vpn" "tcp://aion.sbr.pm" ];
+ addresses = [
+ "tcp://aion.light"
+ "tcp://aion.vpn"
+ "tcp://aion.sbr.pm"
+ ];
};
};
folders = {
"/home/vincent/sync" = {
label = "sync";
id = "7dshg-r8zr6";
- devices = [ "aomi" "aion" "shikoku" "sakhalin" ];
+ devices = [
+ "aomi"
+ "aion"
+ "shikoku"
+ "sakhalin"
+ ];
rescanIntervalS = 3600 * 6;
};
"/home/vincent/desktop/org" = {
label = "org";
id = "sjpsr-xfwdu";
- devices = [ "aomi" "aion" "shikoku" "sakhalin" ];
+ devices = [
+ "aomi"
+ "aion"
+ "shikoku"
+ "sakhalin"
+ ];
rescanIntervalS = 3600 * 6;
};
"/home/vincent/desktop/documents" = {
label = "documents";
id = "oftdb-t5anv";
- devices = [ "aomi" "aion" "shikoku" "sakhalin" ];
+ devices = [
+ "aomi"
+ "aion"
+ "shikoku"
+ "sakhalin"
+ ];
rescanIntervalS = 3600 * 6;
};
"/home/vincent/desktop/pictures/screenshots" = {
label = "screenshots";
id = "prpsz-azlz9";
- devices = [ "aomi" "aion" "shikoku" "sakhalin" ];
+ devices = [
+ "aomi"
+ "aion"
+ "shikoku"
+ "sakhalin"
+ ];
rescanIntervalS = 3600 * 6;
};
"/home/vincent/desktop/pictures/wallpapers" = {
label = "wallpapers";
id = "wpiah-ydwwx";
- devices = [ "aomi" "aion" "shikoku" "sakhalin" ];
+ devices = [
+ "aomi"
+ "aion"
+ "shikoku"
+ "sakhalin"
+ ];
rescanIntervalS = 3600 * 6;
};
};
home/common/shell/atuin.nix
@@ -1,5 +1,4 @@
-{ ... }:
-{
+_: {
programs.atuin = {
enable = true;
enableZshIntegration = true;
home/common/shell/git.nix
@@ -1,4 +1,10 @@
-{ config, lib, pkgs, hostname, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ hostname,
+ ...
+}:
let
redhat_folders = [
"src/github.com/containers"
@@ -25,11 +31,11 @@ let
kyushu = "${pkgs.writeText "yubikey5-c1" "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGHMa4rHuBbQQYv+8jvlkFCD2VYRGA4+5fnZAhLx8iDirzfEPqHB60UJWcDeixnJCUlpJjzFbS4crNOXhfCTCTE="}";
};
defaultSSHKey = sshkeyPerHost.kyushu;
- getSSHKeyForHost = h: if builtins.hasAttr h sshkeyPerHost then sshkeyPerHost."${h}" else defaultSSHKey;
+ getSSHKeyForHost =
+ h: if builtins.hasAttr h sshkeyPerHost then sshkeyPerHost."${h}" else defaultSSHKey;
in
{
- xdg.configFile."git/allowed_signers".text = ''
- '';
+ xdg.configFile."git/allowed_signers".text = '''';
home.packages = with pkgs; [
git-lfs
gh
@@ -45,7 +51,7 @@ in
userName = "Vincent Demeester";
userEmail = "vincent@sbr.pm";
- includes = [ ] ++ lib.lists.forEach redhat_folders (x: {
+ includes = lib.lists.forEach redhat_folders (x: {
condition = "gitdir:${config.home.homeDirectory}/${x}/**";
contents.users.email = "vdemeest@redhat.com";
});
home/common/shell/htop.nix
@@ -2,20 +2,29 @@
{
programs.htop = {
enable = true;
- settings = {
- delay = 10;
- } // (with config.lib.htop; leftMeters [
- (bar "AllCPUs2")
- (bar "Memory")
- (bar "Swap")
- ]) // (with config.lib.htop; rightMeters [
- (text "Clock")
- (text "Hostname")
- (text "Tasks")
- (text "LoadAverage")
- (text "Uptime")
- (text "Battery")
- (text "Systemd")
- ]);
+ settings =
+ {
+ delay = 10;
+ }
+ // (
+ with config.lib.htop;
+ leftMeters [
+ (bar "AllCPUs2")
+ (bar "Memory")
+ (bar "Swap")
+ ]
+ )
+ // (
+ with config.lib.htop;
+ rightMeters [
+ (text "Clock")
+ (text "Hostname")
+ (text "Tasks")
+ (text "LoadAverage")
+ (text "Uptime")
+ (text "Battery")
+ (text "Systemd")
+ ]
+ );
};
}
home/common/shell/zsh.nix
@@ -1,8 +1,10 @@
-{ config, pkgs, ... }: {
+{ config, pkgs, ... }:
+{
home.file."${config.programs.zsh.dotDir}/completion.zsh".source = ./zsh/completion.zsh;
home.file."${config.programs.zsh.dotDir}/prompt.zsh".source = ./zsh/prompt.zsh;
home.file."${config.programs.zsh.dotDir}/functions/j".source = ./zsh/j;
- home.file."${config.programs.zsh.dotDir}/auto-expanding-aliases.zsh".source = ./zsh/auto-expanding-aliases.zsh;
+ home.file."${config.programs.zsh.dotDir}/auto-expanding-aliases.zsh".source =
+ ./zsh/auto-expanding-aliases.zsh;
home.packages = with pkgs; [
nix-zsh-completions
@@ -96,7 +98,9 @@
exec dbus-run-session sway
fi
'';
- sessionVariables = { RPROMPT = ""; };
+ sessionVariables = {
+ RPROMPT = "";
+ };
shellAliases = {
mkdir = ''mkdir --parents --verbose'';
home/default.nix
@@ -1,29 +1,26 @@
-{ config
-, desktop
-, hostname
-, syncthingFolders
-, lib
-, pkgs
-, outputs
-, stateVersion
-, username
-, inputs
-, ...
+{
+ config,
+ desktop,
+ hostname,
+ syncthingFolders,
+ lib,
+ outputs,
+ stateVersion,
+ username,
+ inputs,
+ ...
}:
{
- imports = [
- ./common/shell
- ]
- ++ lib.optional (builtins.isString desktop) ./common/desktop
- ++ lib.optional
- (builtins.pathExists (
- ./. + "/common/users/${username}"
- )) ./common/users/${username}
- ++ lib.optional
- (builtins.pathExists (
+ imports =
+ [
+ ./common/shell
+ ]
+ ++ lib.optional (builtins.isString desktop) ./common/desktop
+ ++ lib.optional (builtins.pathExists (./. + "/common/users/${username}")) ./common/users/${username}
+ ++ lib.optional (builtins.pathExists (
../systems/. + "/${hostname}/home.nix"
)) ../systems/${hostname}/home.nix
- ++ lib.optional ((builtins.length syncthingFolders) > 0) ./common/services/syncthing.nix;
+ ++ lib.optional ((builtins.length syncthingFolders) > 0) ./common/services/syncthing.nix;
home = {
inherit username stateVersion;
lib/default.nix
@@ -1,17 +1,18 @@
-{ self
-, inputs
-, outputs
-, stateVersion
-, ...
+{
+ self,
+ inputs,
+ outputs,
+ stateVersion,
+ ...
}:
{
# Function for generating home-manage configs
mkHome =
- { hostname
- , user
- , desktop ? null
- , system ? "x86_64-linux"
- ,
+ {
+ hostname,
+ user,
+ desktop ? null,
+ system ? "x86_64-linux",
}:
inputs.home-manager.lib.homeManagerConfiguration {
pkgs = inputs.nixpkgs.legacyPackages.${system};
@@ -33,13 +34,13 @@
# Function for generating host configs
mkHost =
- { hostname
- , desktop ? null
- , syncthingFolders ? [ ]
- , system ? "x86_64-linux"
- , pkgsInput ? inputs.nixpkgs
- , homeInput ? inputs.home-manager
- ,
+ {
+ hostname,
+ desktop ? null,
+ syncthingFolders ? [ ],
+ system ? "x86_64-linux",
+ pkgsInput ? inputs.nixpkgs,
+ homeInput ? inputs.home-manager,
}:
let
specialArgs = {
@@ -57,7 +58,7 @@
in
pkgsInput.lib.nixosSystem {
inherit specialArgs;
- system = system;
+ inherit system;
modules = [
self.nixosModules.wireguard-client
inputs.agenix.nixosModules.default
@@ -70,9 +71,8 @@
# Function to create a system manager
mkSystemManager =
- { hostname
- , system ? "x86_64-linux"
- ,
+ {
+ system ? "x86_64-linux",
}:
inputs.system-manager.lib-makeSystemConfig {
modules = [
modules/wireguard-client.nix
@@ -1,6 +1,17 @@
-{ config, options, lib, pkgs, ... }:
+{
+ config,
+ options,
+ lib,
+ pkgs,
+ ...
+}:
let
- inherit (lib) mkEnableOption mkIf mkOption types;
+ inherit (lib)
+ mkEnableOption
+ mkIf
+ mkOption
+ types
+ ;
cfg = config.services.wireguard;
in
{
@@ -61,12 +72,12 @@ in
networking.wireguard.enable = true;
networking.wireguard.interfaces = {
wg0 = {
- ips = cfg.ips;
+ inherit (cfg) ips;
privateKeyFile = "/etc/wireguard/private.key";
peers = [
{
publicKey = cfg.endpointPublicKey;
- allowedIPs = cfg.allowedIPs;
+ inherit (cfg) allowedIPs;
endpoint = "${cfg.endpoint}:${toString cfg.endpointPort}";
persistentKeepalive = 25;
}
nix/modules/default.nix
@@ -1,2 +1,1 @@
-{ pkgs, ... }:
-{ }
+_: { }
nix/overlays/compat/overlays.nix
@@ -2,7 +2,7 @@ self: super:
with super.lib;
let
# Load the system config and get the `nixpkgs.overlays` option
- overlays = (import <nixpkgs/nixos> { }).config.nixpkgs.overlays;
+ inherit ((import <nixpkgs/nixos> { }).config.nixpkgs) overlays;
in
# Apply all overlays to the input of the current "main" overlay
foldl' (flip extends) (_: super) overlays self
nix/overlays/emacs/builder.nix
@@ -1,11 +1,12 @@
-{ stdenv
-, lib
-, emacs
-, name
-, src
-, buildInputs ? [ ]
-, patches ? [ ]
-, preBuild ? ""
+{
+ stdenv,
+ lib,
+ emacs,
+ name,
+ src,
+ buildInputs ? [ ],
+ patches ? [ ],
+ preBuild ? "",
}:
stdenv.mkDerivation {
@@ -28,7 +29,7 @@ stdenv.mkDerivation {
'';
meta = {
description = "Emacs projects from the Internet that just compile .el files";
- homepage = http://www.emacswiki.org;
+ homepage = "http://www.emacswiki.org";
platforms = lib.platforms.all;
};
}
nix/overlays/default.nix
@@ -2,7 +2,7 @@
{
# FIXME: migrate to pkgs and overlays on root
additions = final: _prev: import ../../pkgs { pkgs = final; };
- modifications = _final: prev: {
+ modifications = _final: _prev: {
# example = prev.example.overrideAttrs (oldAttrs: rec {
# ...
# });
@@ -36,7 +36,7 @@
};
};
# tekton = final: prev: {
- #
+ #
# inherit (prev.callPackage ../packages/tkn { })
# tkn_0_17
# tkn_0_18
nix/overlays/infra.nix
@@ -1,4 +1,4 @@
-self: super:
+_self: super:
{
systemd-email = super.callPackage ../packages/systemd-email { };
nix/overlays/mkSecret.nix
@@ -1,7 +1,9 @@
-self: super:
-with builtins; with self.lib;
+self: _super:
+with builtins;
+with self.lib;
{
- mkSecret = path:
+ mkSecret =
+ path:
let
name = baseNameOf (toString path);
stub = toFile name "This is a stub!\n";
nix/overlays/tekton.nix
@@ -1,5 +1,4 @@
-final: prev:
-rec {
+_final: prev: rec {
inherit (prev.callPackage ../packages/tkn { })
tkn_0_17
nix/overlays/unstable.nix
@@ -1,10 +1,2 @@
-_: _:
-let
- unstable = (import ../.).pkgs-unstable { };
-in
-{
- inherit (unstable)
- # cachix
- #git
- ;
+_: _: {
}
nix/packages/adi1090x-plymouth/default.nix
@@ -19,8 +19,7 @@ pkgs.stdenv.mkDerivation rec {
mkdir -p $out/share/plymouth/themes/
'';
- buildPhase = ''
- '';
+ buildPhase = '''';
installPhase = ''
cp -r pack_1/cuts $out/share/plymouth/themes
nix/packages/ape/default.nix
@@ -1,4 +1,8 @@
-{ stdenv, lib, buildGoModule, fetchgit }:
+{
+ lib,
+ buildGoModule,
+ fetchgit,
+}:
buildGoModule rec {
name = "ape-${version}";
nix/packages/athens/default.nix
@@ -1,4 +1,8 @@
-{ stdenv, lib, buildGoModule, fetchFromGitHub }:
+{
+ lib,
+ buildGoModule,
+ fetchFromGitHub,
+}:
buildGoModule rec {
name = "athens-${version}";
nix/packages/batzconverter/default.nix
@@ -1,4 +1,8 @@
-{ stdenv, lib, fetchFromGitHub, tzdata }:
+{
+ stdenv,
+ fetchFromGitHub,
+ tzdata,
+}:
stdenv.mkDerivation rec {
pname = "batzconverter";
nix/packages/chmouzies/kubernetes.nix
@@ -1,5 +1,9 @@
# https://github.com/chmouel/chmouzies/tree/master/kubernetes
-{ stdenv, fetchFromGitHub, python310 }:
+{
+ stdenv,
+ fetchFromGitHub,
+ python310,
+}:
stdenv.mkDerivation rec {
name = "chmouzies.kubernetes";
nix/packages/fhs/std.nix
@@ -1,14 +1,15 @@
-{ stdenv, lib, buildFHSUserEnv }:
+{ buildFHSUserEnv }:
buildFHSUserEnv {
name = "fhs-std";
- targetPkgs = pkgs: with pkgs; [
- envsubst
- # exa # TODO: switch to eza in 2024
- git
- gnumake
- coreutils
- zsh
- ];
+ targetPkgs =
+ pkgs: with pkgs; [
+ envsubst
+ # exa # TODO: switch to eza in 2024
+ git
+ gnumake
+ coreutils
+ zsh
+ ];
runScript = "/bin/zsh";
}
nix/packages/gogo-protobuf/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, lib, buildGoModule, fetchFromGitHub }:
+{ buildGoModule, fetchFromGitHub }:
buildGoModule rec {
name = "gogo-protobuf-${version}";
nix/packages/govanityurl/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, lib, buildGoModule, fetchgit }:
+{ buildGoModule, fetchgit }:
buildGoModule rec {
pname = "govanityurl";
nix/packages/kubernix/default.nix
@@ -1,4 +1,8 @@
-{ stdenv, fetchFromGitHub, rustPlatform }:
+{
+ stdenv,
+ fetchFromGitHub,
+ rustPlatform,
+}:
rustPlatform.buildRustPackage rec {
pname = "kubernix";
@@ -17,7 +21,7 @@ rustPlatform.buildRustPackage rec {
meta = with stdenv.lib; {
description = "Single dependency Kubernetes clusters for local testing, experimenting and development";
- homepage = https://github.com/saschagrunert/kubernix;
+ homepage = "https://github.com/saschagrunert/kubernix";
license = with licenses; [ mit ];
maintainers = with maintainers; [ saschagrunert ];
platforms = platforms.linux;
nix/packages/manifest-tool/default.nix
@@ -1,4 +1,8 @@
-{ stdenv, lib, buildGoModule, fetchFromGitHub }:
+{
+ lib,
+ buildGoModule,
+ fetchFromGitHub,
+}:
buildGoModule rec {
name = "manifest-tool-${version}";
@@ -19,7 +23,7 @@ buildGoModule rec {
meta = {
description = "";
- homepage = https://github.com/estesp/manifest-tool;
+ homepage = "https://github.com/estesp/manifest-tool";
license = lib.licenses.asl20;
maintainers = with lib.maintainers; [ vdemeester ];
};
nix/packages/operator-tooling/default.nix
@@ -1,4 +1,8 @@
-{ stdenv, lib, buildGoModule, git, fetchFromGitHub }:
+{
+ lib,
+ buildGoModule,
+ fetchFromGitHub,
+}:
buildGoModule rec {
name = "operator-tool-${version}";
@@ -15,7 +19,7 @@ buildGoModule rec {
meta = {
description = "Tooling for managing operator remote payload";
- homepage = https://github.com/openshift-pipelines/operator-tooling;
+ homepage = "https://github.com/openshift-pipelines/operator-tooling";
license = lib.licenses.asl20;
};
}
nix/packages/prm/default.nix
@@ -1,4 +1,8 @@
-{ stdenv, lib, buildGoModule, fetchFromGitHub }:
+{
+ lib,
+ buildGoModule,
+ fetchFromGitHub,
+}:
buildGoModule rec {
name = "prm-${version}";
@@ -6,7 +10,8 @@ buildGoModule rec {
rev = "v${version}";
ldflags =
- let t = "github.com/ldez/prm/v3/meta";
+ let
+ t = "github.com/ldez/prm/v3/meta";
in
[
"-X ${t}.Version=${version}"
@@ -23,7 +28,7 @@ buildGoModule rec {
meta = {
description = "Pull Request Manager for Maintainers";
- homepage = https://github.com/ldez/prm;
+ homepage = "https://github.com/ldez/prm";
license = lib.licenses.asl20;
};
}
nix/packages/protobuild/default.nix
@@ -1,4 +1,8 @@
-{ stdenv, lib, buildGoModule, fetchFromGitHub }:
+{
+ lib,
+ buildGoModule,
+ fetchFromGitHub,
+}:
buildGoModule rec {
name = "protobuild-unstable-${version}";
@@ -16,7 +20,7 @@ buildGoModule rec {
meta = {
description = "Build protobufs in Go, easily";
- homepage = https://github.com/stevvooe/protobuild;
+ homepage = "https://github.com/stevvooe/protobuild";
license = lib.licenses.asl20;
};
}
nix/packages/ram/default.nix
@@ -1,4 +1,8 @@
-{ stdenv, lib, buildGoModule, fetchgit }:
+{
+ lib,
+ buildGoModule,
+ fetchgit,
+}:
buildGoModule rec {
name = "ram-${version}";
nix/packages/rmapi/default.nix
@@ -1,4 +1,8 @@
-{ stdenv, lib, buildGoModule, fetchFromGitHub }:
+{
+ lib,
+ buildGoModule,
+ fetchFromGitHub,
+}:
buildGoModule rec {
name = "rmapi-${version}";
nix/packages/sec/default.nix
@@ -1,4 +1,8 @@
-{ stdenv, lib, buildGoModule, fetchFromGitHub }:
+{
+ lib,
+ buildGoModule,
+ fetchFromGitHub,
+}:
buildGoModule rec {
name = "sec-${version}";
nix/packages/default.nix
@@ -1,4 +1,6 @@
-{ pkgs ? import <nixpkgs> { } }:
+{
+ pkgs ? import <nixpkgs> { },
+}:
rec {
# pre nur-packages import
nix/channels.nix
@@ -1,9 +1,12 @@
let
- mapAttrs = f: set: builtins.listToAttrs (
- map
- (attr: { name = attr; value = f set.${attr}; })
- (builtins.attrNames set)
- );
+ mapAttrs =
+ f: set:
+ builtins.listToAttrs (
+ map (attr: {
+ name = attr;
+ value = f set.${attr};
+ }) (builtins.attrNames set)
+ );
channels = {
aardvark = "13.10";
baboon = "14.04";
@@ -28,10 +31,6 @@ let
unstable = "unstable";
};
in
-mapAttrs
- (v:
- import
- (builtins.fetchTarball
- "https://nixos.org/channels/nixos-${v}/nixexprs.tar.xz") { }
- )
- channels
+mapAttrs (
+ v: import (builtins.fetchTarball "https://nixos.org/channels/nixos-${v}/nixexprs.tar.xz") { }
+) channels
nix/nixosSystem.nix
@@ -1,33 +1,28 @@
-{ nixpkgs
-, home-manager
-, system
-, specialArgs
-, nixos-modules
-,
+{
+ nixpkgs,
+ home-manager,
+ system,
+ specialArgs,
+ nixos-modules,
}:
-let
- username = specialArgs.username;
-in
nixpkgs.lib.nixosSystem {
inherit system specialArgs;
- modules =
- nixos-modules
- // [
- {
- # make `nix run nixpkgs#nixpkgs` use the same nixpkgs as the one used by this flake.
- nix.registry.nixpkgs.flake = nixpkgs;
+ modules = nixos-modules // [
+ {
+ # make `nix run nixpkgs#nixpkgs` use the same nixpkgs as the one used by this flake.
+ nix.registry.nixpkgs.flake = nixpkgs;
- # make `nix repl '<nixpkgs>'` use the same nixpkgs as the one used by this flake.
- environment.etc."nix/inputs/nixpkgs".source = "${nixpkgs}";
- nix.nixPath = [ "/etc/nix/inputs" ];
- }
+ # make `nix repl '<nixpkgs>'` use the same nixpkgs as the one used by this flake.
+ environment.etc."nix/inputs/nixpkgs".source = "${nixpkgs}";
+ nix.nixPath = [ "/etc/nix/inputs" ];
+ }
- home-manager.nixosModules.home-manager
- {
- home-manager.useGlobalPkgs = true;
- home-manager.useUserPackages = true;
+ home-manager.nixosModules.home-manager
+ {
+ home-manager.useGlobalPkgs = true;
+ home-manager.useUserPackages = true;
- home-manager.extraSpecialArgs = specialArgs;
- }
- ];
+ home-manager.extraSpecialArgs = specialArgs;
+ }
+ ];
}
pkgs/default.nix
@@ -1,8 +1,8 @@
# Custom packages, that can be defined similarly to ones from nixpkgs
# Build them using 'nix build .#example' or (legacy) 'nix-build -A example'
-{ pkgs ? (import ../nixpkgs.nix) { }
-,
+{
+ pkgs ? (import ../nixpkgs.nix) { },
}:
{
# TODO: migrate things from nix/packages
secrets/machines.nix
@@ -1,9 +1,4 @@
let
- invert-suffix = ip:
- let
- elts = builtins.split "[\.]" ip;
- in
- "${builtins.elemAt elts 6}.${builtins.elemAt elts 4}";
gpgRemoteForward = {
bind.address = "/run/user/1000/gnupg/S.gpg-agent";
host.address = "/run/user/1000/gnupg/S.gpg-agent.extra";
@@ -184,16 +179,32 @@ let
};
in
{
- home = home;
- wireguard = wireguard;
+ inherit home;
+ inherit wireguard;
wg = {
allowedIPs = "10.100.0.0/24";
listenPort = 51820;
endpointIP = "167.99.17.238";
persistentKeepalive = 25;
- peers = [ wireguard.shikoku wireguard.wakasu wireguard.vincent wireguard.sakhalin wireguard.aomi wireguard.kyushu wireguard.ipad wireguard.hass wireguard.demeter wireguard.athena wireguard.aion wireguard.honshu wireguard.houbeb wireguard.houbeb-ipad wireguard.houbeb-iphone ]; # wireguard.hokkaido
+ peers = [
+ wireguard.shikoku
+ wireguard.wakasu
+ wireguard.vincent
+ wireguard.sakhalin
+ wireguard.aomi
+ wireguard.kyushu
+ wireguard.ipad
+ wireguard.hass
+ wireguard.demeter
+ wireguard.athena
+ wireguard.aion
+ wireguard.honshu
+ wireguard.houbeb
+ wireguard.houbeb-ipad
+ wireguard.houbeb-iphone
+ ]; # wireguard.hokkaido
};
- ssh = ssh;
+ inherit ssh;
sshConfig = {
"naruhodo.home" = {
hostname = "${home.ips.naruhodo}";
@@ -203,74 +214,125 @@ in
};
"aomi.home" = {
hostname = "${home.ips.aomi}";
- remoteForwards = [ gpgRemoteForward gpgSSHRemoteForward ];
+ remoteForwards = [
+ gpgRemoteForward
+ gpgSSHRemoteForward
+ ];
};
"aion.home" = {
hostname = "${home.ips.aion}";
- remoteForwards = [ gpgRemoteForward gpgSSHRemoteForward ];
+ remoteForwards = [
+ gpgRemoteForward
+ gpgSSHRemoteForward
+ ];
};
"aion.vpn" = {
hostname = "${wireguard.ips.aion}";
- remoteForwards = [ gpgRemoteForward gpgSSHRemoteForward ];
+ remoteForwards = [
+ gpgRemoteForward
+ gpgSSHRemoteForward
+ ];
};
"aomi.vpn" = {
hostname = "${wireguard.ips.aomi}";
- remoteForwards = [ gpgRemoteForward gpgSSHRemoteForward ];
+ remoteForwards = [
+ gpgRemoteForward
+ gpgSSHRemoteForward
+ ];
};
"okinawa.home" = {
hostname = "${home.ips.okinawa}";
- remoteForwards = [ gpgRemoteForward gpgSSHRemoteForward ];
+ remoteForwards = [
+ gpgRemoteForward
+ gpgSSHRemoteForward
+ ];
};
"okinawa.vpn" = {
hostname = "${wireguard.ips.okinawa}";
- remoteForwards = [ gpgRemoteForward gpgSSHRemoteForward ];
+ remoteForwards = [
+ gpgRemoteForward
+ gpgSSHRemoteForward
+ ];
};
"sakhalin.home" = {
hostname = "${home.ips.sakhalin}";
- remoteForwards = [ gpgRemoteForward gpgSSHRemoteForward ];
+ remoteForwards = [
+ gpgRemoteForward
+ gpgSSHRemoteForward
+ ];
};
"sakhalin.vpn" = {
hostname = "${wireguard.ips.sakhalin}";
- remoteForwards = [ gpgRemoteForward gpgSSHRemoteForward ];
+ remoteForwards = [
+ gpgRemoteForward
+ gpgSSHRemoteForward
+ ];
};
"hokkaido.home" = {
hostname = "${home.ips.hokkaido}";
- remoteForwards = [ gpgRemoteForward gpgSSHRemoteForward ];
+ remoteForwards = [
+ gpgRemoteForward
+ gpgSSHRemoteForward
+ ];
};
"hokkaido.vpn" = {
hostname = "${wireguard.ips.hokkaido}";
- remoteForwards = [ gpgRemoteForward gpgSSHRemoteForward ];
+ remoteForwards = [
+ gpgRemoteForward
+ gpgSSHRemoteForward
+ ];
};
"wakasu.home" = {
hostname = "${home.ips.wakasu}";
- remoteForwards = [ gpgRemoteForward gpgSSHRemoteForward ];
+ remoteForwards = [
+ gpgRemoteForward
+ gpgSSHRemoteForward
+ ];
};
"wakasu.vpn" = {
hostname = "${wireguard.ips.wakasu}";
- remoteForwards = [ gpgRemoteForward gpgSSHRemoteForward ];
+ remoteForwards = [
+ gpgRemoteForward
+ gpgSSHRemoteForward
+ ];
};
"athena.home" = {
hostname = "${home.ips.athena}";
- remoteForwards = [ gpgRemoteForward gpgSSHRemoteForward ];
+ remoteForwards = [
+ gpgRemoteForward
+ gpgSSHRemoteForward
+ ];
};
"athena.vpn" = {
hostname = "${wireguard.ips.athena}";
- remoteForwards = [ gpgRemoteForward gpgSSHRemoteForward ];
+ remoteForwards = [
+ gpgRemoteForward
+ gpgSSHRemoteForward
+ ];
};
"demeter.home" = {
hostname = "${home.ips.demeter}";
- remoteForwards = [ gpgRemoteForward gpgSSHRemoteForward ];
+ remoteForwards = [
+ gpgRemoteForward
+ gpgSSHRemoteForward
+ ];
};
"demeter.vpn" = {
hostname = "${wireguard.ips.demeter}";
- remoteForwards = [ gpgRemoteForward gpgSSHRemoteForward ];
+ remoteForwards = [
+ gpgRemoteForward
+ gpgSSHRemoteForward
+ ];
};
"dev.home" = {
hostname = "${home.ips.dev}";
};
"kerkouane.vpn" = {
hostname = "${wireguard.ips.kerkouane}";
- remoteForwards = [ gpgRemoteForward gpgSSHRemoteForward ];
+ remoteForwards = [
+ gpgRemoteForward
+ gpgSSHRemoteForward
+ ];
};
};
}
shells/default.nix
@@ -1,2 +1,1 @@
import ./nixos-config.nix
-
shells/nixos-config.nix
@@ -1,7 +1,6 @@
{ pkgs, inputs }:
-pkgs.mkShell
-{
+pkgs.mkShell {
name = "NixOS config";
buildInputs = with pkgs; [
cachix
shells/osp.nix
@@ -1,9 +1,10 @@
-{ pkgs ? import <nixpkgs> {
+{
+ pkgs ? import <nixpkgs> {
overlays = [
- (self: super: { })
+ (_self: _super: { })
];
- }
-, ...
+ },
+ ...
}:
let
go = pkgs.go_1_18;
shells/tekton.nix
@@ -1,4 +1,7 @@
-{ pkgs ? import <nixpkgs> { }, ... }:
+{
+ pkgs ? import <nixpkgs> { },
+ ...
+}:
let
go = pkgs.go_1_18;
in
systems/common/base/console.nix
@@ -1,6 +1,4 @@
-{ ...
-}:
-{
+_: {
console = {
earlySetup = true;
keyMap = "fr-bepo";
systems/common/base/default.nix
@@ -1,8 +1,9 @@
-{ hostname
-, config
-, pkgs
-, lib
-, ...
+{
+ hostname,
+ config,
+ pkgs,
+ lib,
+ ...
}:
{
imports = [
@@ -67,10 +68,13 @@
# Clear out /tmp after a fortnight and give all normal users a ~/tmp
# cleaned out weekly.
- systemd.tmpfiles.rules = [ "d /tmp 1777 root root 14d" ] ++
- (
- let mkTmpDir = n: u: "d ${u.home}/tmp 0700 ${n} ${u.group} 7d";
- in lib.mapAttrsToList mkTmpDir (lib.filterAttrs (_: u: u.isNormalUser) config.users.extraUsers)
+ systemd.tmpfiles.rules =
+ [ "d /tmp 1777 root root 14d" ]
+ ++ (
+ let
+ mkTmpDir = n: u: "d ${u.home}/tmp 0700 ${n} ${u.group} 7d";
+ in
+ lib.mapAttrsToList mkTmpDir (lib.filterAttrs (_: u: u.isNormalUser) config.users.extraUsers)
);
}
systems/common/desktop/default.nix
@@ -1,8 +1,9 @@
-{ desktop
-, config
-, pkgs
-, lib
-, ...
+{
+ desktop,
+ config,
+ pkgs,
+ lib,
+ ...
}:
{
imports = [
@@ -117,9 +118,9 @@
};
# Clear out user's download weekly
- systemd.tmpfiles.rules = [ ] ++
- (
- let mkTmpDir = n: u: "d ${u.home}/desktop/downloads 0700 ${n} ${u.group} 7d";
- in lib.mapAttrsToList mkTmpDir (lib.filterAttrs (_: u: u.isNormalUser) config.users.extraUsers)
- );
+ systemd.tmpfiles.rules =
+ let
+ mkTmpDir = n: u: "d ${u.home}/desktop/downloads 0700 ${n} ${u.group} 7d";
+ in
+ lib.mapAttrsToList mkTmpDir (lib.filterAttrs (_: u: u.isNormalUser) config.users.extraUsers);
}
systems/common/desktop/sway.nix
@@ -1,6 +1,7 @@
-{ pkgs
-, lib
-, ...
+{
+ pkgs,
+ lib,
+ ...
}:
let
swayRun = pkgs.writeShellScript "sway-run" ''
@@ -30,7 +31,9 @@ in
services.greetd.settings = {
default_session = {
# command = "${pkgs.greetd.greetd}/bin/agreety --cmd sway";
- command = "${lib.makeBinPath [ pkgs.greetd.tuigreet ]}/tuigreet -r --asterisks --time --cmd ${swayRun}";
+ command = "${
+ lib.makeBinPath [ pkgs.greetd.tuigreet ]
+ }/tuigreet -r --asterisks --time --cmd ${swayRun}";
users = "greeter";
};
initial_session = {
systems/common/desktop/tiling-common.nix
@@ -19,7 +19,10 @@
dbus = {
enable = true;
implementation = "broker"; # trying this one out
- packages = [ pkgs.dconf pkgs.gcr ];
+ packages = [
+ pkgs.dconf
+ pkgs.gcr
+ ];
};
greetd = {
enable = true;
systems/common/hardware/bluetooth.nix
@@ -11,5 +11,5 @@
};
};
environment.systemPackages = if (builtins.isString desktop) then [ pkgs.blueberry ] else [ ];
- services.blueman.enable = (builtins.isString desktop);
+ services.blueman.enable = builtins.isString desktop;
}
systems/common/hardware/yubikey.nix
@@ -1,19 +1,23 @@
-{ lib
-, pkgs
-, desktop
-, ...
+{
+ lib,
+ pkgs,
+ desktop,
+ ...
}:
{
- environment.systemPackages = with pkgs; [
- age-plugin-yubikey
- yubico-piv-tool
- yubikey-personalization
- yubikey-manager
- ] ++ lib.optionals (builtins.isString desktop) [
- yubioath-flutter # Maybe not necessary
- ];
+ environment.systemPackages =
+ with pkgs;
+ [
+ age-plugin-yubikey
+ yubico-piv-tool
+ yubikey-personalization
+ yubikey-manager
+ ]
+ ++ lib.optionals (builtins.isString desktop) [
+ yubioath-flutter # Maybe not necessary
+ ];
- programs.yubikey-touch-detector.enable = (builtins.isString desktop);
+ programs.yubikey-touch-detector.enable = builtins.isString desktop;
services = {
pcscd.enable = true;
@@ -32,11 +36,13 @@
enable = true;
settings = {
origin = "pam://yubi";
- authfile = pkgs.writeText "u2f-mappings" (lib.concatStrings [
- "vincent"
- ":4IiWZI9g6D8W6LeAW13ug4CnS8PreNRcHdcebkUDny3gWGfmpMJg4TgBWaZSIdh+sgg4jQA4MxYwTCmmP/ipWQ==,qOl+ouBRk6MMEJiE7H5LuTAirhBhN0UQrCNlLQoRsVttp6IBKG4yq4zDwm4fmYlfy1MFhvh7oOapMOmodMKJpQ==,es256,+presence" # yubikey5-a
- ":Sz4J2qMhoE7bE/uzwUzjJxG/bE0s+cw18zXcQjRsLIdJTVbuMad1ivKlYeLZW6vWV0lYiODlRW21HTSaFzu06A==,p7OZ3z5fiAIuJRHVzm56Y8Ti934+4cVHjsG7kaapmz8cWPfXfXfj5c8QiyIz3EQ0hOoxVV5cbkzUTxe7hdQIsA==,es256,+presence" # yubikey5-c1
- ]);
+ authfile = pkgs.writeText "u2f-mappings" (
+ lib.concatStrings [
+ "vincent"
+ ":4IiWZI9g6D8W6LeAW13ug4CnS8PreNRcHdcebkUDny3gWGfmpMJg4TgBWaZSIdh+sgg4jQA4MxYwTCmmP/ipWQ==,qOl+ouBRk6MMEJiE7H5LuTAirhBhN0UQrCNlLQoRsVttp6IBKG4yq4zDwm4fmYlfy1MFhvh7oOapMOmodMKJpQ==,es256,+presence" # yubikey5-a
+ ":Sz4J2qMhoE7bE/uzwUzjJxG/bE0s+cw18zXcQjRsLIdJTVbuMad1ivKlYeLZW6vWV0lYiODlRW21HTSaFzu06A==,p7OZ3z5fiAIuJRHVzm56Y8Ti934+4cVHjsG7kaapmz8cWPfXfXfj5c8QiyIz3EQ0hOoxVV5cbkzUTxe7hdQIsA==,es256,+presence" # yubikey5-c1
+ ]
+ );
};
};
systems/common/programs/age.nix
@@ -1,5 +1,6 @@
-{ pkgs
-, ...
+{
+ pkgs,
+ ...
}:
{
environment.systemPackages = with pkgs; [
systems/common/programs/nix-ld.nix
@@ -1,75 +1,80 @@
-{ lib
-, pkgs
-, desktop
-, ...
-}: {
+{
+ lib,
+ pkgs,
+ desktop,
+ ...
+}:
+{
programs = {
nix-ld = {
enable = true;
# put whatever libraries you think you might need
# nix-ld includes a strong sane-default as well
# in addition to these
- libraries = with pkgs; [
- acl
- alsa-lib
- at-spi2-atk
- at-spi2-core
- atk
- attr
- bzip2
- cairo
- curl
- dbus
- expat
- fontconfig
- freetype
- fuse3
- gdk-pixbuf
- glib
- glibc
- icu
- libdrm
- libglvnd
- libnotify
- libpulseaudio
- libsecret
- libsodium
- libssh
- libunwind
- libusb1
- libuuid
- libxkbcommon
- mesa
- nspr
- nss
- openssl
- pango
- pipewire
- systemd
- stdenv.cc.cc # .lib
- util-linux
- zlib
- zstd
- ] ++ lib.optionals (builtins.isString desktop) [
- gtk3
- libGL
- libappindicator-gtk3
- vulkan-loader
- xorg.libX11
- xorg.libXScrnSaver
- xorg.libXcomposite
- xorg.libXcursor
- xorg.libXdamage
- xorg.libXext
- xorg.libXfixes
- xorg.libXi
- xorg.libXrandr
- xorg.libXrender
- xorg.libXtst
- xorg.libxcb
- xorg.libxkbfile
- xorg.libxshmfence
- ];
+ libraries =
+ with pkgs;
+ [
+ acl
+ alsa-lib
+ at-spi2-atk
+ at-spi2-core
+ atk
+ attr
+ bzip2
+ cairo
+ curl
+ dbus
+ expat
+ fontconfig
+ freetype
+ fuse3
+ gdk-pixbuf
+ glib
+ glibc
+ icu
+ libdrm
+ libglvnd
+ libnotify
+ libpulseaudio
+ libsecret
+ libsodium
+ libssh
+ libunwind
+ libusb1
+ libuuid
+ libxkbcommon
+ mesa
+ nspr
+ nss
+ openssl
+ pango
+ pipewire
+ systemd
+ stdenv.cc.cc # .lib
+ util-linux
+ zlib
+ zstd
+ ]
+ ++ lib.optionals (builtins.isString desktop) [
+ gtk3
+ libGL
+ libappindicator-gtk3
+ vulkan-loader
+ xorg.libX11
+ xorg.libXScrnSaver
+ xorg.libXcomposite
+ xorg.libXcursor
+ xorg.libXdamage
+ xorg.libXext
+ xorg.libXfixes
+ xorg.libXi
+ xorg.libXrandr
+ xorg.libXrender
+ xorg.libXtst
+ xorg.libxcb
+ xorg.libxkbfile
+ xorg.libxshmfence
+ ];
};
};
}
systems/common/services/buildkit.nix
@@ -9,28 +9,30 @@ _: {
grpc = {
# This can be overridden per host
address = [ "unix:///run/buildkit/buildkitd.sock" ];
- ;
+ };
+ worker.oci = {
+ enabled = false;
+ };
+ worker.containerd = {
+ enabled = true;
+ platforms = [
+ "linux/amd64"
+ "linux/arm64"
+ ];
+ namespace = "buildkit";
+ };
+ # FIXME: change thoses
+ registry = {
+ "r.svc.home:5000" = {
+ http = true;
+ insecure = true;
};
- worker.oci = {
- enabled = false;
- };
- worker.containerd = {
- enabled = true;
- platforms = [ "linux/amd64" "linux/arm64" ];
- namespace = "buildkit";
- };
- # FIXME: change thoses
- registry = {
- "r.svc.home:5000" = {
- http = true;
- insecure = true;
- };
- "r.svc.home" = {
- http = true;
- insecure = true;
- };
+ "r.svc.home" = {
+ http = true;
+ insecure = true;
};
};
};
};
- }
+ };
+}
systems/common/services/containers.nix
@@ -4,13 +4,19 @@ _: {
virtualisation.containers = {
enable = true;
registries = {
- search = [ "registry.fedoraproject.org" "registry.access.redhat.com" "registry.centos.org" "docker.io" "quay.io" ];
+ search = [
+ "registry.fedoraproject.org"
+ "registry.access.redhat.com"
+ "registry.centos.org"
+ "docker.io"
+ "quay.io"
+ ];
};
policy = {
- default = [{ type = "insecureAcceptAnything"; }];
+ default = [ { type = "insecureAcceptAnything"; } ];
transports = {
docker-daemon = {
- "" = [{ type = "insecureAcceptAnything"; }];
+ "" = [ { type = "insecureAcceptAnything"; } ];
};
};
};
@@ -18,14 +24,26 @@ _: {
network = {
default_subnet_pools = [
# See https://github.com/kubernetes-sigs/kind/issues/2872 for this
- { "base" = "11.0.0.0/24"; "size" = 24; }
+ {
+ "base" = "11.0.0.0/24";
+ "size" = 24;
+ }
{
"base" = "192.168.129.0/24";
"size" = 24;
}
- { "base" = "192.168.130.0/24"; "size" = 24; }
- { "base" = "192.168.131.0/24"; "size" = 24; }
- { "base" = "192.168.132.0/24"; "size" = 24; }
+ {
+ "base" = "192.168.130.0/24";
+ "size" = 24;
+ }
+ {
+ "base" = "192.168.131.0/24";
+ "size" = 24;
+ }
+ {
+ "base" = "192.168.132.0/24";
+ "size" = 24;
+ }
];
};
};
systems/common/services/docker.nix
@@ -1,4 +1,5 @@
-{ pkgs, ... }: {
+{ pkgs, ... }:
+{
virtualisation = {
docker = {
enable = true;
@@ -8,8 +9,17 @@
userland-proxy = false;
experimental = true;
bip = "172.26.0.1/16";
- features = { buildkit = true; };
- insecure-registries = [ "172.30.0.0/16" "192.168.1.0/16" "10.100.0.0/16" "shikoku.home:5000" "r.svc.home:5000" "r.svc.home" ];
+ features = {
+ buildkit = true;
+ };
+ insecure-registries = [
+ "172.30.0.0/16"
+ "192.168.1.0/16"
+ "10.100.0.0/16"
+ "shikoku.home:5000"
+ "r.svc.home:5000"
+ "r.svc.home"
+ ];
# seccomp-profile = ./my-seccomp.json;
};
};
systems/common/services/fprint.nix
@@ -1,5 +1,4 @@
-{ ... }:
-{
+_: {
services.fprintd = {
enable = true;
};
systems/common/services/lxd.nix
@@ -1,5 +1,6 @@
-{ pkgs
-, ...
+{
+ pkgs,
+ ...
}:
{
virtualisation = {
systems/common/services/networkmanager.nix
@@ -1,25 +1,28 @@
-{ config
-, lib
-, pkgs
-, ...
-}: {
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+{
networking = {
networkmanager = {
enable = true;
wifi = {
backend = "iwd";
};
- unmanaged = [
- "interface-name:br-*"
- "interface-name:ve-*" # FIXME are those docker's or libvirt's
- "interface-name:veth-*" # FIXME are those docker's or libvirt's
- ]
- # Do not manager wireguard
- ++ lib.optionals config.networking.wireguard.enable [ "interface-name:wg0" ]
- # Do not manage docker interfaces
- ++ lib.optionals config.virtualisation.docker.enable [ "interface-name:docker0" ]
- # Do not manager libvirt interfaces
- ++ lib.optionals config.virtualisation.libvirtd.enable [ "interface-name:virbr*" ];
+ unmanaged =
+ [
+ "interface-name:br-*"
+ "interface-name:ve-*" # FIXME are those docker's or libvirt's
+ "interface-name:veth-*" # FIXME are those docker's or libvirt's
+ ]
+ # Do not manager wireguard
+ ++ lib.optionals config.networking.wireguard.enable [ "interface-name:wg0" ]
+ # Do not manage docker interfaces
+ ++ lib.optionals config.virtualisation.docker.enable [ "interface-name:docker0" ]
+ # Do not manager libvirt interfaces
+ ++ lib.optionals config.virtualisation.libvirtd.enable [ "interface-name:virbr*" ];
plugins = with pkgs; [ networkmanager-openvpn ];
};
};
systems/common/services/openssh.nix
@@ -8,10 +8,9 @@ _: {
# PasswordAuthentication = false;
# PermitRootLogin = "no"
};
- extraConfig =
- ''
- StreamLocalBindUnlink yes
- '';
+ extraConfig = ''
+ StreamLocalBindUnlink yes
+ '';
};
sshguard.enable = true;
};
systems/common/services/pipewire.nix
@@ -1,7 +1,9 @@
-{ pkgs
-, desktop
-, ...
-}: {
+{
+ pkgs,
+ desktop,
+ ...
+}:
+{
# hardware.pulseaudio.enable = lib.mkForce false;
services.pipewire = {
@@ -23,10 +25,14 @@
];
};
};
- environment.systemPackages = with pkgs;
- if (builtins.isString desktop) then [
- pwvucontrol
- apulse # allow alsa application to use pulse
- # pavucontrol
- ] else [ ];
+ environment.systemPackages =
+ with pkgs;
+ if (builtins.isString desktop) then
+ [
+ pwvucontrol
+ apulse # allow alsa application to use pulse
+ # pavucontrol
+ ]
+ else
+ [ ];
}
systems/common/services/syncthing.nix
@@ -1,58 +1,4 @@
-{ config
-, lib
-, pkgs
-, outputs
-, ...
-}:
-let
- isCurrentHost = n: v: n != config.networking.hostName;
- # Folders list
- folders = [
- # TODO maybe deprecate for documents
- { label = "sync"; id = "7dshg-r8zr6"; }
- { label = "documents"; id = "oftdb-t5anv"; }
- { label = "org"; id = "sjpsr-xfwdu"; }
- { label = "screenshots"; id = "prpsz-azlz9"; }
- { label = "wallpapers"; id = "wpiah-ydwwx"; }
- { label = "photos"; id = "uetya-ypa3d"; }
- { label = "music"; id = "kcyrf-mugzt"; }
- ];
- deviceHasFolder = folder: n: v: lib.lists.any (s: s == folder) (if builtins.hasAttr "syncthingFolders" v then v.syncthingFolders else [ ]);
- devicesForFolder = folder: lib.attrsets.filterAttrs (deviceHasFolder folder) outputs.nixosConfigurations;
- # outputs.nixosConfigurations.$.syncthingFolders will contains the folders for a host
-
- # non-nixos syncthing machines
- extras = [
- # NAS
- {
- name = "aion";
- id = "YORNSGU-UC4IAG5-IWJCD7T-MVPIU7O-AYM36UK-LEHF7AP-CBC4L6C-ZWKUYQF";
- addresses = [ "tcp://aion.home" "tcp://aion.vpn" "tcp://aion.sbr.pm" ];
- folders = [ "org" "documents" "sync" "screenshots" "wallpapers" "photos" "videos" ];
- }
- # Macbook
- {
- name = "honshu";
- id = "RGIR34D-3SH3GZK-CYPNNFI-5M5I2K4-HVTUS56-72GJTLH-SDMOY4I-I7AURQR";
- addresses = [ "tcp://honshu.home" "tcp://honshu.sbr.pm" ];
- folders = [ ];
- }
- # Windows Gaming machine
- {
- name = "okinawa";
- id = "2RWT47Z-UGSH4QO-G4W6XN7-3XY722R-ZKGDN5U-4MDGHMA-6SM26QM-7VCQIAZ";
- addresses = [ "tcp://okinawa.home" "tcp://okinawa.vpn" "tcp://okinawa.sbr.pm" ];
- folder = [ ];
- }
- # iPhone
- {
- name = "hokkaido";
- id = "XD4XYNZ-DT3PJEY-UJYBHWX-6OQPPUI-HTW752L-FYTX3TW-GVHDTKW-PT336QV";
- folders = [ "org" "music" "documents" "sync" ];
- }
- ];
-in
-{
+_: {
services.syncthing = {
enable = true;
user = "vincent";
systems/common/users/default.nix
@@ -1,4 +1,5 @@
-{ config, ... }: {
+{ config, ... }:
+{
# Default users, to create everywhere
imports = [
./vincent.nix
systems/common/users/vincent.nix
@@ -1,13 +1,14 @@
-{ pkgs
-, lib
-, config
-, desktop
-, syncthingFolders
-, hostname
-, outputs
-, stateVersion
-, inputs
-, ...
+{
+ pkgs,
+ lib,
+ config,
+ desktop,
+ syncthingFolders,
+ hostname,
+ outputs,
+ stateVersion,
+ inputs,
+ ...
}:
let
ifExists = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
@@ -39,8 +40,18 @@ in
"plugdev"
"tss"
];
- subUidRanges = [{ startUid = 100000; count = 65536; }];
- subGidRanges = [{ startGid = 100000; count = 65536; }];
+ subUidRanges = [
+ {
+ startUid = 100000;
+ count = 65536;
+ }
+ ];
+ subGidRanges = [
+ {
+ startGid = 100000;
+ count = 65536;
+ }
+ ];
initialPassword = "changeMe";
# FIXME set this up
@@ -56,7 +67,12 @@ in
pam = {
# Nix will hit the stack limit when using `nixFlakes`.
loginLimits = [
- { domain = config.users.users.vincent.name; item = "stack"; type = "-"; value = "unlimited"; }
+ {
+ domain = config.users.users.vincent.name;
+ item = "stack";
+ type = "-";
+ value = "unlimited";
+ }
];
};
};
@@ -67,11 +83,20 @@ in
# '';
# Do I user home-manager nixosModule *or* home-manager on its own
- home-manager.users.vincent =
- (import ../../../home/default.nix {
- inherit config pkgs lib hostname syncthingFolders desktop outputs inputs stateVersion;
- username = "vincent";
- });
+ home-manager.users.vincent = import ../../../home/default.nix {
+ inherit
+ config
+ pkgs
+ lib
+ hostname
+ syncthingFolders
+ desktop
+ outputs
+ inputs
+ stateVersion
+ ;
+ username = "vincent";
+ };
# This is a workaround for not seemingly being able to set $EDITOR in home-manager
environment.sessionVariables = {
EDITOR = "emacs";
systems/hardware/dell-latitude-e6540.nix
@@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ pkgs, ... }:
{
boot = {
systems/hardware/gigabyte-brix.nix
@@ -1,8 +1,15 @@
-{ config, pkgs, ... }:
+_:
{
boot = {
- initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
+ initrd.availableKernelModules = [
+ "xhci_pci"
+ "ahci"
+ "nvme"
+ "usb_storage"
+ "usbhid"
+ "sd_mod"
+ ];
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
kernelParams = [
systems/hardware/lenovo-p1.nix
@@ -1,4 +1,4 @@
-{ config, pkgs, lib, ... }:
+{ lib, ... }:
#let
# sources = import ../../nix/sources.nix;
#in
@@ -9,7 +9,12 @@
./thinkpad.nix
];
boot = {
- initrd.availableKernelModules = [ "nvme" "rtsx_pci_sdmmc" "thunderbolt" "dm-mod" ];
+ initrd.availableKernelModules = [
+ "nvme"
+ "rtsx_pci_sdmmc"
+ "thunderbolt"
+ "dm-mod"
+ ];
};
hardware = {
enableAllFirmware = true;
systems/hardware/lenovo-p50.nix
@@ -1,4 +1,4 @@
-{ config, pkgs, lib, ... }:
+{ pkgs, lib, ... }:
#let
# sources = import ../../nix/sources.nix;
#in
@@ -8,7 +8,10 @@
./thinkpad.nix
];
boot = {
- initrd.availableKernelModules = [ "nvme" "rtsx_pci_sdmmc" ];
+ initrd.availableKernelModules = [
+ "nvme"
+ "rtsx_pci_sdmmc"
+ ];
};
hardware = {
systems/hardware/thinkpad-t460s.nix
@@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ ... }:
#let
# sources = import ../../nix/sources.nix;
#in
systems/hardware/thinkpad-t480s.nix
@@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ pkgs, ... }:
#let
# sources = import ../../nix/sources.nix;
#in
@@ -9,7 +9,11 @@
./thinkpad.nix
];
boot = {
- initrd.availableKernelModules = [ "nvme" "rtsx_pci_sdmmc" "thunderbolt" ];
+ initrd.availableKernelModules = [
+ "nvme"
+ "rtsx_pci_sdmmc"
+ "thunderbolt"
+ ];
kernelParams = [ "intel_idle.max_cstate=4" ];
};
hardware = {
systems/hardware/thinkpad-x1g9.nix
@@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ pkgs, ... }:
{
# NixOS options
boot = {
@@ -30,7 +30,13 @@
enableAllFirmware = true;
trackpoint.enable = false;
cpu.intel.updateMicrocode = true;
- opengl.extraPackages = with pkgs; [ vaapiIntel libvdpau-va-gl vaapiVdpau intel-ocl intel-media-driver ];
+ opengl.extraPackages = with pkgs; [
+ vaapiIntel
+ libvdpau-va-gl
+ vaapiVdpau
+ intel-ocl
+ intel-media-driver
+ ];
};
services = {
hardware.bolt.enable = true;
systems/hardware/thinkpad-x220.nix
@@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ ... }:
#let
# sources = import ../../nix/sources.nix;
#in
systems/hardware/thinkpad.nix
@@ -11,7 +11,16 @@
options snd_hda_intel power_save=1
'';
initrd = {
- availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" "aesni-intel" "cryptd" ];
+ availableKernelModules = [
+ "ehci_pci"
+ "ahci"
+ "xhci_pci"
+ "usb_storage"
+ "sd_mod"
+ "sdhci_pci"
+ "aesni-intel"
+ "cryptd"
+ ];
};
kernelModules = [ "kvm_intel" ];
kernelParams = [
@@ -29,7 +38,13 @@
hardware = {
trackpoint.enable = false;
cpu.intel.updateMicrocode = true;
- opengl.extraPackages = with pkgs; [ vaapiIntel libvdpau-va-gl vaapiVdpau intel-ocl intel-media-driver ];
+ opengl.extraPackages = with pkgs; [
+ vaapiIntel
+ libvdpau-va-gl
+ vaapiVdpau
+ intel-ocl
+ intel-media-driver
+ ];
};
services = {
acpid = {
@@ -37,16 +52,15 @@
};
xserver = {
synaptics.enable = false;
- config =
- ''
- Section "InputClass"
- Identifier "Enable libinput for TrackPoint"
- MatchIsPointer "on"
- Driver "libinput"
- Option "ScrollMethod" "button"
- Option "ScrollButton" "8"
- EndSection
- '';
+ config = ''
+ Section "InputClass"
+ Identifier "Enable libinput for TrackPoint"
+ MatchIsPointer "on"
+ Driver "libinput"
+ Option "ScrollMethod" "button"
+ Option "ScrollButton" "8"
+ EndSection
+ '';
inputClassSections = [
''
Identifier "evdev touchpad off"
systems/hosts/aomi.nix
@@ -1,20 +1,22 @@
-{ sources ? import ../../nix
-, lib ? sources.lib
-, pkgs ? sources.pkgs { }
-, ...
+{
+ sources ? import ../../nix,
+ lib ? sources.lib,
+ pkgs ? sources.pkgs { },
+ ...
}:
with lib;
let
hostname = "aomi";
secretPath = ../../secrets/machines.nix;
- secretCondition = (builtins.pathExists secretPath);
+ secretCondition = builtins.pathExists secretPath;
ip = strings.optionalString secretCondition (import secretPath).wireguard.ips."${hostname}";
- ips = lists.optionals secretCondition ([ "${ip}/24" ]);
+ ips = lists.optionals secretCondition [ "${ip}/24" ];
endpointIP = strings.optionalString secretCondition (import secretPath).wg.endpointIP;
endpointPort = if secretCondition then (import secretPath).wg.listenPort else 0;
- endpointPublicKey = strings.optionalString secretCondition (import secretPath).wireguard.kerkouane.publicKey;
+ endpointPublicKey = strings.optionalString secretCondition (import secretPath)
+ .wireguard.kerkouane.publicKey;
metadata = importTOML ../../ops/hosts.toml;
in
{
@@ -40,7 +42,10 @@ in
# device = "/dev/disk/by-uuid/6bedd234-3179-46f7-9a3f-feeffd880791";
device = "/dev/mapper/root";
fsType = "ext4";
- options = [ "noatime" "discard" ];
+ options = [
+ "noatime"
+ "discard"
+ ];
};
fileSystems."/boot" = {
@@ -48,7 +53,7 @@ in
fsType = "vfat";
};
- swapDevices = [{ device = "/dev/disk/by-uuid/24da6a46-cd28-4bff-9220-6f449e3bd8b5"; }];
+ swapDevices = [ { device = "/dev/disk/by-uuid/24da6a46-cd28-4bff-9220-6f449e3bd8b5"; } ];
networking = {
hostName = hostname;
@@ -129,7 +134,10 @@ in
editors.emacs.enable = true;
editors.neovim.enable = true;
hardware = {
- yubikey = { enable = true; u2f = true; };
+ yubikey = {
+ enable = true;
+ u2f = true;
+ };
laptop.enable = true;
bluetooth.enable = true;
};
@@ -156,12 +164,18 @@ in
};
image-mirroring = {
enable = true;
- targets = [ "quay.io/vdemeest" "ghcr.io/vdemeester" ];
+ targets = [
+ "quay.io/vdemeest"
+ "ghcr.io/vdemeester"
+ ];
settings = {
"docker.io" = {
"images" = {
# sync latest and edge tags
- "alpine" = [ "latest" "edge" ];
+ "alpine" = [
+ "latest"
+ "edge"
+ ];
};
"images-by-tag-regex" = {
# sync all "3.x" images"
@@ -183,7 +197,10 @@ in
guiAddress = "${metadata.hosts.aomi.wireguard.addrs.v4}:8384";
};
};
- virtualisation.libvirt = { enable = true; nested = true; };
+ virtualisation.libvirt = {
+ enable = true;
+ nested = true;
+ };
};
modules.profiles = {
@@ -231,7 +248,12 @@ in
};
dictd = {
enable = true;
- DBs = with pkgs.dictdDBs; [ wiktionary wordnet fra2eng eng2fra ];
+ DBs = with pkgs.dictdDBs; [
+ wiktionary
+ wordnet
+ fra2eng
+ eng2fra
+ ];
};
locate = {
enable = true;
@@ -248,19 +270,26 @@ in
prometheus.exporters.node = {
enable = true;
port = 9000;
- enabledCollectors = [ "systemd" "processes" ];
- extraFlags = [ "--collector.ethtool" "--collector.softirqs" "--collector.tcpstat" ];
+ enabledCollectors = [
+ "systemd"
+ "processes"
+ ];
+ extraFlags = [
+ "--collector.ethtool"
+ "--collector.softirqs"
+ "--collector.tcpstat"
+ ];
};
smartd = {
enable = true;
- devices = [{ device = "/dev/nvme0n1"; }];
+ devices = [ { device = "/dev/nvme0n1"; } ];
};
wireguard = {
enable = true;
ips = [ "${metadata.hosts.aomi.wireguard.addrs.v4}/24" ];
endpoint = endpointIP;
- endpointPort = endpointPort;
- endpointPublicKey = endpointPublicKey;
+ inherit endpointPort;
+ inherit endpointPublicKey;
};
gitea-actions-runner = {
instances = {
@@ -306,7 +335,11 @@ in
extraGroups = [ ];
openssh.authorizedKeys.keys = [ (builtins.readFile ../../secrets/builder.pub) ];
};
- nix.trustedUsers = [ "root" "vincent" "builder" ];
+ nix.trustedUsers = [
+ "root"
+ "vincent"
+ "builder"
+ ];
security = {
tpm2 = {
systems/hosts/athena.nix
@@ -4,15 +4,14 @@ with lib;
let
hostname = "athena";
secretPath = ../../secrets/machines.nix;
- secretCondition = (builtins.pathExists secretPath);
+ secretCondition = builtins.pathExists secretPath;
ip = strings.optionalString secretCondition (import secretPath).wireguard.ips."${hostname}";
- ips = lists.optionals secretCondition ([ "${ip}/24" ]);
+ ips = lists.optionals secretCondition [ "${ip}/24" ];
endpointIP = strings.optionalString secretCondition (import secretPath).wg.endpointIP;
endpointPort = if secretCondition then (import secretPath).wg.listenPort else 0;
- endpointPublicKey = strings.optionalString secretCondition (import secretPath).wireguard.kerkouane.publicKey;
-
- metadata = importTOML ../../ops/hosts.toml;
+ endpointPublicKey = strings.optionalString secretCondition (import secretPath)
+ .wireguard.kerkouane.publicKey;
in
{
imports = [
@@ -22,7 +21,11 @@ in
boot = {
kernelPackages = pkgs.linuxKernel.packages.linux_rpi4;
- initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" ];
+ initrd.availableKernelModules = [
+ "xhci_pci"
+ "usbhid"
+ "usb_storage"
+ ];
loader = {
grub.enable = false;
generic-extlinux-compatible.enable = true;
@@ -51,7 +54,7 @@ in
# boot.cleanTmpDir = lib.mkForce false;
# boot.loader.systemd-boot.enable = lib.mkForce false;
# profiles.base.systemd-boot = lib.mkForce true;
- #
+ #
modules = {
profiles.home = true;
services = {
@@ -68,19 +71,29 @@ in
services = {
prometheus.exporters = {
node = {
- enable = true;
- port = 9000;
- enabledCollectors = [ "systemd" "processes" ];
- extraFlags = ["--collector.ethtool" "--collector.softirqs" "--collector.tcpstat"];
+ enable = true;
+ port = 9000;
+ enabledCollectors = [
+ "systemd"
+ "processes"
+ ];
+ extraFlags = [
+ "--collector.ethtool"
+ "--collector.softirqs"
+ "--collector.tcpstat"
+ ];
+ };
+ bind = {
+ enable = true;
+ port = 9009;
};
- bind = { enable = true; port = 9009; };
};
wireguard = {
enable = true;
- ips = ips;
+ inherit ips;
endpoint = endpointIP;
- endpointPort = endpointPort;
- endpointPublicKey = endpointPublicKey;
+ inherit endpointPort;
+ inherit endpointPublicKey;
};
};
security.apparmor.enable = true;
systems/hosts/carthage.nix
@@ -1,4 +1,4 @@
-{ modulesPath, pkgs, lib, ... }:
+{ modulesPath, ... }:
let
hostname = "carthage";
@@ -24,4 +24,3 @@ in
programs.mosh.enable = true;
}
-
systems/hosts/default.nix
@@ -16,7 +16,7 @@ let
}
];
- inherit (self.lib) nixosSystem makeOverridable;
+ inherit (self.lib) nixosSystem;
# inherit (import "${self}/home/profiles" inputs) homeImports;
in
{
systems/hosts/demeter.nix
@@ -4,15 +4,14 @@ with lib;
let
hostname = "demeter";
secretPath = ../../secrets/machines.nix;
- secretCondition = (builtins.pathExists secretPath);
-
+ secretCondition = builtins.pathExists secretPath;
+
ip = strings.optionalString secretCondition (import secretPath).wireguard.ips."${hostname}";
- ips = lists.optionals secretCondition ([ "${ip}/24" ]);
+ ips = lists.optionals secretCondition [ "${ip}/24" ];
endpointIP = strings.optionalString secretCondition (import secretPath).wg.endpointIP;
endpointPort = if secretCondition then (import secretPath).wg.listenPort else 0;
- endpointPublicKey = strings.optionalString secretCondition (import secretPath).wireguard.kerkouane.publicKey;
-
- metadata = importTOML ../../ops/hosts.toml;
+ endpointPublicKey = strings.optionalString secretCondition (import secretPath)
+ .wireguard.kerkouane.publicKey;
in
{
imports = [
@@ -22,7 +21,11 @@ in
boot = {
kernelPackages = pkgs.linuxKernel.packages.linux_rpi4;
- initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" ];
+ initrd.availableKernelModules = [
+ "xhci_pci"
+ "usbhid"
+ "usb_storage"
+ ];
loader = {
grub.enable = false;
generic-extlinux-compatible.enable = true;
@@ -51,7 +54,7 @@ in
# boot.cleanTmpDir = lib.mkForce false;
# boot.loader.systemd-boot.enable = lib.mkForce false;
# profiles.base.systemd-boot = lib.mkForce true;
- #
+ #
modules = {
profiles.home = true;
services = {
@@ -68,19 +71,29 @@ in
services = {
prometheus.exporters = {
node = {
- enable = true;
- port = 9000;
- enabledCollectors = [ "systemd" "processes" ];
- extraFlags = ["--collector.ethtool" "--collector.softirqs" "--collector.tcpstat"];
+ enable = true;
+ port = 9000;
+ enabledCollectors = [
+ "systemd"
+ "processes"
+ ];
+ extraFlags = [
+ "--collector.ethtool"
+ "--collector.softirqs"
+ "--collector.tcpstat"
+ ];
+ };
+ bind = {
+ enable = true;
+ port = 9009;
};
- bind = { enable = true; port = 9009; };
};
wireguard = {
enable = true;
- ips = ips;
+ inherit ips;
endpoint = endpointIP;
- endpointPort = endpointPort;
- endpointPublicKey = endpointPublicKey;
+ inherit endpointPort;
+ inherit endpointPublicKey;
};
};
security.apparmor.enable = true;
systems/hosts/kerkouane.nix
@@ -6,16 +6,11 @@ let
metadata = importTOML ../../ops/hosts.toml;
secretPath = ../../secrets/machines.nix;
- secretCondition = (builtins.pathExists secretPath);
+ secretCondition = builtins.pathExists secretPath;
- isAuthorized = p: builtins.isAttrs p && p.authorized or false;
- authorizedKeys = lists.optionals secretCondition (
- attrsets.mapAttrsToList
- (name: value: value.key)
- (attrsets.filterAttrs (name: value: isAuthorized value) (import secretPath).ssh)
- );
-
- wireguardIp = strings.optionalString secretCondition (import secretPath).wireguard.ips."${hostname}";
+ wireguardIp =
+ strings.optionalString secretCondition
+ (import secretPath).wireguard.ips."${hostname}";
nginxExtraConfig = ''
expires 31d;
@@ -27,7 +22,7 @@ let
add_header X-XSS-Protection "1; mode=block";
'';
- nginx = pkgs.nginxMainline.override (old: {
+ nginx = pkgs.nginxMainline.override (_old: {
modules = with pkgs.nginxModules; [
fancyindex
];
@@ -70,16 +65,27 @@ in
networking.hostName = hostname;
## From qemu-quest.nix
- boot.initrd.availableKernelModules = [ "virtio_net" "virtio_pci" "virtio_mmio" "virtio_blk" "virtio_scsi" "9p" "9pnet_virtio" ];
- boot.initrd.kernelModules = [ "virtio_balloon" "virtio_console" "virtio_rng" ];
+ boot.initrd.availableKernelModules = [
+ "virtio_net"
+ "virtio_pci"
+ "virtio_mmio"
+ "virtio_blk"
+ "virtio_scsi"
+ "9p"
+ "9pnet_virtio"
+ ];
+ boot.initrd.kernelModules = [
+ "virtio_balloon"
+ "virtio_console"
+ "virtio_rng"
+ ];
- boot.initrd.postDeviceCommands =
- ''
- # Set the system time from the hardware clock to work around a
- # bug in qemu-kvm > 1.5.2 (where the VM clock is initialised
- # to the *boot time* of the host).
- hwclock -s
- '';
+ boot.initrd.postDeviceCommands = ''
+ # Set the system time from the hardware clock to work around a
+ # bug in qemu-kvm > 1.5.2 (where the VM clock is initialised
+ # to the *boot time* of the host).
+ hwclock -s
+ '';
# START OF DigitalOcean specifics
# FIXME: move this into a secret ?
@@ -97,11 +103,20 @@ in
interfaces = {
eth0 = {
ipv4.addresses = [
- { address = "188.166.102.243"; prefixLength = 18; }
- { address = "10.18.0.5"; prefixLength = 16; }
+ {
+ address = "188.166.102.243";
+ prefixLength = 18;
+ }
+ {
+ address = "10.18.0.5";
+ prefixLength = 16;
+ }
];
ipv6.addresses = [
- { address = "fe80::8035:3aff:fe72:1036"; prefixLength = 64; }
+ {
+ address = "fe80::8035:3aff:fe72:1036";
+ prefixLength = 64;
+ }
];
};
@@ -116,8 +131,16 @@ in
boot.loader.grub.device = "/dev/vda";
boot.loader.grub.enable = lib.mkForce true;
boot.loader.systemd-boot.enable = lib.mkForce false;
- fileSystems."/" = { device = "/dev/vda1"; fsType = "ext4"; };
- swapDevices = [{ device = "/swapfile"; size = 1024; }];
+ fileSystems."/" = {
+ device = "/dev/vda1";
+ fsType = "ext4";
+ };
+ swapDevices = [
+ {
+ device = "/swapfile";
+ size = 1024;
+ }
+ ];
core.nix = {
# FIXME move this away
@@ -145,7 +168,10 @@ in
};
networking.firewall.allowPing = true;
- networking.firewall.allowedTCPPorts = [ 80 443 ];
+ networking.firewall.allowedTCPPorts = [
+ 80
+ 443
+ ];
security = {
acme = {
acceptTerms = true;
@@ -162,8 +188,15 @@ in
node = {
enable = true;
port = 9000;
- enabledCollectors = [ "systemd" "processes" ];
- extraFlags = [ "--collector.ethtool" "--collector.softirqs" "--collector.tcpstat" ];
+ enabledCollectors = [
+ "systemd"
+ "processes"
+ ];
+ extraFlags = [
+ "--collector.ethtool"
+ "--collector.softirqs"
+ "--collector.tcpstat"
+ ];
};
nginx = {
enable = true;
@@ -214,7 +247,9 @@ in
virtualHosts."go.sbr.pm" = {
enableACME = true;
forceSSL = true;
- locations."/" = { proxyPass = "http://127.0.0.1:8080"; };
+ locations."/" = {
+ proxyPass = "http://127.0.0.1:8080";
+ };
extraConfig = nginxExtraConfig;
};
virtualHosts."whoami.sbr.pm" = {
@@ -288,7 +323,10 @@ in
};
openssh = {
listenAddresses = [
- { addr = wireguardIp; port = 22; }
+ {
+ addr = wireguardIp;
+ port = 22;
+ }
];
openFirewall = false;
passwordAuthentication = false;
@@ -296,4 +334,3 @@ in
};
};
}
-
systems/hosts/okinawa.nix
@@ -1,4 +1,9 @@
-{ lib, pkgs, config, modulesPath, ... }:
+{
+ lib,
+ pkgs,
+ modulesPath,
+ ...
+}:
with lib;
{
systems/hosts/sakhalin.nix
@@ -4,13 +4,14 @@ with lib;
let
hostname = "sakhalin";
secretPath = ../../secrets/machines.nix;
- secretCondition = (builtins.pathExists secretPath);
+ secretCondition = builtins.pathExists secretPath;
ip = strings.optionalString secretCondition (import secretPath).wireguard.ips."${hostname}";
- ips = lists.optionals secretCondition ([ "${ip}/24" ]);
+ ips = lists.optionals secretCondition [ "${ip}/24" ];
endpointIP = strings.optionalString secretCondition (import secretPath).wg.endpointIP;
endpointPort = if secretCondition then (import secretPath).wg.listenPort else 0;
- endpointPublicKey = strings.optionalString secretCondition (import secretPath).wireguard.kerkouane.publicKey;
+ endpointPublicKey = strings.optionalString secretCondition (import secretPath)
+ .wireguard.kerkouane.publicKey;
metadata = importTOML ../../ops/hosts.toml;
in
@@ -26,7 +27,10 @@ in
fileSystems."/" = {
device = "/dev/disk/by-uuid/92ce650d-873e-41c1-a44e-71c2b9191b9d";
fsType = "ext4";
- options = [ "noatime" "discard" ];
+ options = [
+ "noatime"
+ "discard"
+ ];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/B226-075A";
@@ -35,7 +39,10 @@ in
fileSystems."/home" = {
device = "/dev/disk/by-uuid/4f614c00-d94d-42f9-8386-3ecd396aa246";
fsType = "ext4";
- options = [ "noatime" "discard" ];
+ options = [
+ "noatime"
+ "discard"
+ ];
};
fileSystems."/mnt/gaia" = {
device = "/dev/disk/by-uuid/88d3d686-d451-4ba9-bd6e-373601ed2683";
@@ -47,7 +54,7 @@ in
fsType = "ext4";
options = [ "noatime" ];
};
- swapDevices = [{ device = "/dev/disk/by-uuid/9eb067d1-b329-4fbb-ae27-38abfbe7c108"; }];
+ swapDevices = [ { device = "/dev/disk/by-uuid/9eb067d1-b329-4fbb-ae27-38abfbe7c108"; } ];
networking = {
hostName = hostname;
@@ -69,11 +76,21 @@ in
avahi.enable = true;
ssh.enable = true;
};
- virtualisation.libvirt = { enable = true; nested = true; listenTCP = true; };
+ virtualisation.libvirt = {
+ enable = true;
+ nested = true;
+ listenTCP = true;
+ };
};
- fileSystems."/export/gaia" = { device = "/mnt/gaia"; options = [ "bind" ]; };
- fileSystems."/export/toshito" = { device = "/mnt/toshito"; options = [ "bind" ]; };
+ fileSystems."/export/gaia" = {
+ device = "/mnt/gaia";
+ options = [ "bind" ];
+ };
+ fileSystems."/export/toshito" = {
+ device = "/mnt/toshito";
+ options = [ "bind" ];
+ };
services = {
atuin = {
@@ -123,22 +140,36 @@ in
}
{
job_name = "bind";
- static_configs = [{
- targets = [ "demeter.sbr.pm:9009" "athena.sbr.pm:9009" ];
- }];
+ static_configs = [
+ {
+ targets = [
+ "demeter.sbr.pm:9009"
+ "athena.sbr.pm:9009"
+ ];
+ }
+ ];
}
{
job_name = "nginx";
- static_configs = [{
- targets = [ "kerkouane.sbr.pm:9001" ];
- }];
+ static_configs = [
+ {
+ targets = [ "kerkouane.sbr.pm:9001" ];
+ }
+ ];
}
];
exporters.node = {
enable = true;
port = 9000;
- enabledCollectors = [ "systemd" "processes" ];
- extraFlags = [ "--collector.ethtool" "--collector.softirqs" "--collector.tcpstat" ];
+ enabledCollectors = [
+ "systemd"
+ "processes"
+ ];
+ extraFlags = [
+ "--collector.ethtool"
+ "--collector.softirqs"
+ "--collector.tcpstat"
+ ];
};
};
tarsnap = {
@@ -176,10 +207,10 @@ in
};
wireguard = {
enable = true;
- ips = ips;
+ inherit ips;
endpoint = endpointIP;
- endpointPort = endpointPort;
- endpointPublicKey = endpointPublicKey;
+ inherit endpointPort;
+ inherit endpointPublicKey;
};
};
security.apparmor.enable = true;
@@ -201,7 +232,12 @@ in
unitConfig.X-StopOnRemoval = false;
restartIfChanged = false;
- path = with pkgs; [ rsync coreutils bash openssh ];
+ path = with pkgs; [
+ rsync
+ coreutils
+ bash
+ openssh
+ ];
script = ''
${pkgs.vrsync}/bin/vrsync
'';
@@ -227,7 +263,10 @@ in
OnFailure = "status-email-root@%n.service";
};
- path = with pkgs; [ git mr ];
+ path = with pkgs; [
+ git
+ mr
+ ];
script = ''
set -e
cd /mnt/gaia/src/configs/
systems/hosts/shikoku.nix
@@ -1,16 +1,22 @@
-{ config, lib, pkgs, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
with lib;
let
hostname = "shikoku";
secretPath = ../../secrets/machines.nix;
- secretCondition = (builtins.pathExists secretPath);
+ secretCondition = builtins.pathExists secretPath;
ip = strings.optionalString secretCondition (import secretPath).wireguard.ips."${hostname}";
- ips = lists.optionals secretCondition ([ "${ip}/24" ]);
+ ips = lists.optionals secretCondition [ "${ip}/24" ];
endpointIP = strings.optionalString secretCondition (import secretPath).wg.endpointIP;
endpointPort = if secretCondition then (import secretPath).wg.listenPort else 0;
- endpointPublicKey = strings.optionalString secretCondition (import secretPath).wireguard.kerkouane.publicKey;
+ endpointPublicKey = strings.optionalString secretCondition (import secretPath)
+ .wireguard.kerkouane.publicKey;
metadata = importTOML ../../ops/hosts.toml;
@@ -40,7 +46,15 @@ in
};
# TODO: check if it's done elsewhere
- boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" "sr_mod" ];
+ boot.initrd.availableKernelModules = [
+ "xhci_pci"
+ "ahci"
+ "nvme"
+ "usb_storage"
+ "usbhid"
+ "sd_mod"
+ "sr_mod"
+ ];
boot.initrd.kernelModules = [
"vfio_pci"
"vfio"
@@ -69,7 +83,10 @@ in
fileSystems."/" = {
device = "/dev/disk/by-uuid/73fd8864-f6af-4fdd-b826-0dfdeacd3c19";
fsType = "ext4";
- options = [ "noatime" "discard" ];
+ options = [
+ "noatime"
+ "discard"
+ ];
};
fileSystems."/boot" = {
@@ -97,7 +114,7 @@ in
# fsType = "zfs";
# options = [ "zfsutil" ];
# };
- #
+ #
# fileSystems."/tank/virt" =
# {
# device = "tank/virt";
@@ -105,9 +122,11 @@ in
# options = [ "zfsutil" ];
# };
- swapDevices = [{
- device = "/dev/disk/by-uuid/a9ec44e6-0c1d-4f60-9f5c-81a7eaa8e8fd";
- }];
+ swapDevices = [
+ {
+ device = "/dev/disk/by-uuid/a9ec44e6-0c1d-4f60-9f5c-81a7eaa8e8fd";
+ }
+ ];
modules = {
core.binfmt.enable = true;
@@ -138,7 +157,11 @@ in
avahi.enable = true;
ssh.enable = true;
};
- virtualisation.libvirt = { enable = true; nested = true; listenTCP = true; };
+ virtualisation.libvirt = {
+ enable = true;
+ nested = true;
+ listenTCP = true;
+ };
profiles.home = true;
};
@@ -164,8 +187,15 @@ in
prometheus.exporters.node = {
enable = true;
port = 9000;
- enabledCollectors = [ "systemd" "processes" ];
- extraFlags = [ "--collector.ethtool" "--collector.softirqs" "--collector.tcpstat" ];
+ enabledCollectors = [
+ "systemd"
+ "processes"
+ ];
+ extraFlags = [
+ "--collector.ethtool"
+ "--collector.softirqs"
+ "--collector.tcpstat"
+ ];
};
aria2 = {
enable = true;
@@ -209,7 +239,7 @@ in
};
smartd = {
enable = true;
- devices = [{ device = "/dev/nvme0n1"; }];
+ devices = [ { device = "/dev/nvme0n1"; } ];
};
dockerRegistry = {
enable = true;
@@ -221,10 +251,10 @@ in
};
wireguard = {
enable = true;
- ips = ips;
+ inherit ips;
endpoint = endpointIP;
- endpointPort = endpointPort;
- endpointPublicKey = endpointPublicKey;
+ inherit endpointPort;
+ inherit endpointPublicKey;
};
};
@@ -235,7 +265,11 @@ in
extraGroups = [ ];
openssh.authorizedKeys.keys = [ (builtins.readFile ../../secrets/builder.pub) ];
};
- nix.settings.trusted-users = [ "root" "vincent" "builder" ];
+ nix.settings.trusted-users = [
+ "root"
+ "vincent"
+ "builder"
+ ];
security.pam.sshAgentAuth.enable = true;
}
systems/hosts/wakasu.nix
@@ -1,16 +1,15 @@
-{ config, lib, pkgs, ... }:
+{ lib, pkgs, ... }:
with lib;
let
hostname = "wakasu";
secretPath = ../../secrets/machines.nix;
- secretCondition = (builtins.pathExists secretPath);
+ secretCondition = builtins.pathExists secretPath;
endpointIP = strings.optionalString secretCondition (import secretPath).wg.endpointIP;
endpointPort = if secretCondition then (import secretPath).wg.listenPort else 0;
- endpointPublicKey = strings.optionalString secretCondition (import secretPath).wireguard.kerkouane.publicKey;
-
- getEmulator = system: (lib.systems.elaborate { inherit system; }).emulator pkgs;
+ endpointPublicKey = strings.optionalString secretCondition (import secretPath)
+ .wireguard.kerkouane.publicKey;
metadata = importTOML ../../ops/hosts.toml;
# Scripts
@@ -34,7 +33,10 @@ in
device = "/dev/mapper/root";
# uuid: 637ee2a5-638d-46cd-8845-3cc0fa8551bd
fsType = "ext4";
- options = [ "noatime" "discard" ];
+ options = [
+ "noatime"
+ "discard"
+ ];
};
fileSystems."/boot" = {
@@ -42,12 +44,15 @@ in
fsType = "vfat";
};
- swapDevices = [{ device = "/dev/disk/by-uuid/ab056cfc-fb17-4db7-a393-f93726cc2987"; }];
+ swapDevices = [ { device = "/dev/disk/by-uuid/ab056cfc-fb17-4db7-a393-f93726cc2987"; } ];
networking = {
hostName = hostname;
firewall.allowedTCPPortRanges = [
- { from = 45000; to = 47000; }
+ {
+ from = 45000;
+ to = 47000;
+ }
];
};
@@ -110,8 +115,14 @@ in
{
groups = [ "wheel" ];
commands = [
- { command = "${officemode}/bin/officemode"; options = [ "NOPASSWD" ]; }
- { command = "${roadmode}/bin/roadmode"; options = [ "NOPASSWD" ]; }
+ {
+ command = "${officemode}/bin/officemode";
+ options = [ "NOPASSWD" ];
+ }
+ {
+ command = "${roadmode}/bin/roadmode";
+ options = [ "NOPASSWD" ];
+ }
];
}
];
@@ -121,7 +132,10 @@ in
editors.emacs.enable = true;
editors.neovim.enable = true;
hardware = {
- yubikey = { enable = true; u2f = true; };
+ yubikey = {
+ enable = true;
+ u2f = true;
+ };
laptop.enable = true;
bluetooth.enable = true;
};
@@ -147,7 +161,10 @@ in
};
ssh.enable = true;
};
- virtualisation.libvirt = { enable = true; nested = true; };
+ virtualisation.libvirt = {
+ enable = true;
+ nested = true;
+ };
};
# TODO Migrate to modules
@@ -179,7 +196,12 @@ in
ollama.enable = true;
dictd = {
enable = true;
- DBs = with pkgs.dictdDBs; [ wiktionary wordnet fra2eng eng2fra ];
+ DBs = with pkgs.dictdDBs; [
+ wiktionary
+ wordnet
+ fra2eng
+ eng2fra
+ ];
};
locate = {
enable = true;
@@ -196,8 +218,8 @@ in
enable = true;
ips = [ "${metadata.hosts.wakasu.wireguard.addrs.v4}/24" ];
endpoint = endpointIP;
- endpointPort = endpointPort;
- endpointPublicKey = endpointPublicKey;
+ inherit endpointPort;
+ inherit endpointPublicKey;
};
};
systems/kyushu/disks.nix
@@ -1,6 +1,4 @@
-{ ...
-}:
-{
+_: {
disko.devices = {
disk = {
# 512GB root/boot drive. Configured with:
@@ -41,7 +39,11 @@
type = "filesystem";
format = "ext4";
mountpoint = "/";
- mountOptions = [ "noatime" "nodiratime" "discard" ];
+ mountOptions = [
+ "noatime"
+ "nodiratime"
+ "discard"
+ ];
};
};
};
systems/modules/core/binfmt.nix
@@ -1,7 +1,12 @@
-{ config, lib, pkgs, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
let
- inherit (lib) mkEnableOption mkIf types;
+ inherit (lib) mkEnableOption mkIf;
cfg = config.modules.core.binfmt;
in
{
systems/modules/core/boot.nix
@@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, ... }:
let
inherit (lib) mkOption types;
systems/modules/core/config.nix
@@ -1,9 +1,6 @@
-{ config, lib, pkgs, ... }:
+{ lib, ... }:
with lib;
-let
- cfg = config.profiles;
-in
{
# This options are mainly used for user side for now
# aka, in users/vincent, there is a check if these are enabled, to conditionnally
systems/modules/core/default.nix
@@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
{
imports = [
@@ -142,10 +147,13 @@
# Clear out /tmp after a fortnight and give all normal users a ~/tmp
# cleaned out weekly.
- systemd.tmpfiles.rules = [ "d /tmp 1777 root root 14d" ] ++
- (
- let mkTmpDir = n: u: "d ${u.home}/tmp 0700 ${n} ${u.group} 7d";
- in lib.mapAttrsToList mkTmpDir (lib.filterAttrs (_: u: u.isNormalUser) config.users.extraUsers)
+ systemd.tmpfiles.rules =
+ [ "d /tmp 1777 root root 14d" ]
+ ++ (
+ let
+ mkTmpDir = n: u: "d ${u.home}/tmp 0700 ${n} ${u.group} 7d";
+ in
+ lib.mapAttrsToList mkTmpDir (lib.filterAttrs (_: u: u.isNormalUser) config.users.extraUsers)
);
systemd.services."status-email-root@" = {
systems/modules/core/i18n.nix
@@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, ... }:
with lib;
let
systems/modules/core/nix.nix
@@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
with lib;
let
@@ -11,7 +16,11 @@ in
{
options = {
core.nix = {
- enable = mkOption { type = types.bool; default = true; description = "Enable core.nix"; };
+ enable = mkOption {
+ type = types.bool;
+ default = true;
+ description = "Enable core.nix";
+ };
gcDates = mkOption {
default = "daily";
description = "Specification (in the format described by systemd.time(7)) of the time at which the garbage collector will run. ";
@@ -86,14 +95,20 @@ in
];
optimise = {
automatic = true;
- dates = [ "01:10" "12:10" ];
+ dates = [
+ "01:10"
+ "12:10"
+ ];
};
nrBuildUsers = 32;
#nrBuildUsers = config.nix.maxJobs * 2;
settings = {
sandbox = true;
allowed-users = [ "@wheel" ];
- trusted-users = [ "root" "@wheel" ];
+ trusted-users = [
+ "root"
+ "@wheel"
+ ];
# See https://nixos.org/manual/nix/stable/command-ref/conf-file#conf-use-xdg-base-directories
use-xdg-base-directories = true;
};
systems/modules/desktop/base.nix
@@ -1,6 +1,17 @@
-{ config, lib, pkgs, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
let
- inherit (lib) mkIf mkEnableOption mkDefault mkOption types;
+ inherit (lib)
+ mkIf
+ mkEnableOption
+ mkDefault
+ mkOption
+ types
+ ;
cfg = config.modules.desktop;
in
{
@@ -111,7 +122,7 @@ in
plymouth = {
enable = true;
themePackages = [ cfg.plymouth.themePackage ];
- theme = cfg.plymouth.theme;
+ inherit (cfg.plymouth) theme;
};
};
@@ -162,24 +173,25 @@ in
# Enable NetkworManager by default
networking.networkmanager = {
enable = mkDefault true;
- unmanaged = [
- "interface-name:br-*"
- "interface-name:ve-*" # FIXME are those docker's or libvirt's
- "interface-name:veth-*" # FIXME are those docker's or libvirt's
- ]
- # Do not manager wireguard
- ++ lib.optionals config.networking.wireguard.enable [ "interface-name:wg0" ]
- # Do not manage docker interfaces
- ++ lib.optionals config.virtualisation.docker.enable [ "interface-name:docker0" ]
- # Do not manager libvirt interfaces
- ++ lib.optionals config.virtualisation.libvirtd.enable [ "interface-name:virbr*" ];
+ unmanaged =
+ [
+ "interface-name:br-*"
+ "interface-name:ve-*" # FIXME are those docker's or libvirt's
+ "interface-name:veth-*" # FIXME are those docker's or libvirt's
+ ]
+ # Do not manager wireguard
+ ++ lib.optionals config.networking.wireguard.enable [ "interface-name:wg0" ]
+ # Do not manage docker interfaces
+ ++ lib.optionals config.virtualisation.docker.enable [ "interface-name:docker0" ]
+ # Do not manager libvirt interfaces
+ ++ lib.optionals config.virtualisation.libvirtd.enable [ "interface-name:virbr*" ];
plugins = with pkgs; [ networkmanager-openvpn ];
# dispatcherScripts = [{
# # https://askubuntu.com/questions/1271491/disable-wifi-if-lan-is-connected
# source = pkgs.writeText "wifi-wired-exclusive" ''
# #!${pkgs.bash}/bin/bash
# export LC_ALL=C
- #
+ #
# enable_disable_wifi ()
# {
# result=$(${pkgs.networkmanager}/bin/nmcli dev | ${pkgs.gnugrep}/bin/grep "ethernet" | ${pkgs.gnugrep}/bin/grep -w "connected")
@@ -189,11 +201,11 @@ in
# ${pkgs.networkmanager}/bin/nmcli radio wifi on
# fi
# }
- #
+ #
# if [ "$2" = "up" ]; then
# enable_disable_wifi
# fi
- #
+ #
# if [ "$2" = "down" ]; then
# enable_disable_wifi
# fi
systems/modules/desktop/i3.nix
@@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
with lib;
let
systems/modules/desktop/sway.nix
@@ -1,6 +1,11 @@
-{ config, lib, pkgs, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
let
- inherit (lib) mkIf mkEnableOption mkDefault;
+ inherit (lib) mkIf mkEnableOption;
cfg = config.modules.desktop.wayland.sway;
in
{
@@ -44,8 +49,10 @@ in
programs.dconf.enable = true;
services.dbus = {
enable = true;
- packages = [ pkgs.dconf pkgs.gcr ];
+ packages = [
+ pkgs.dconf
+ pkgs.gcr
+ ];
};
};
}
-
systems/modules/desktop/wayland.nix
@@ -1,6 +1,16 @@
-{ config, lib, pkgs, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
let
- inherit (lib) mkIf mkEnableOption mkDefault mkForce versionOlder;
+ inherit (lib)
+ mkIf
+ mkEnableOption
+ mkForce
+ versionOlder
+ ;
cfg = config.modules.desktop.wayland;
stable = versionOlder config.system.nixos.release "24.05";
swayRun = pkgs.writeShellScript "sway-run" ''
@@ -29,32 +39,39 @@ in
enable = true;
};
};
- services = {
- greetd = {
- enable = true;
- settings = {
- default_session = {
- # command = "${pkgs.greetd.greetd}/bin/agreety --cmd sway";
- command = "${lib.makeBinPath [ pkgs.greetd.tuigreet ]}/tuigreet --time --cmd ${swayRun}";
- users = "greeter";
- };
- initial_session = {
- command = "${swayRun}";
- user = "vincent";
+ services =
+ {
+ greetd = {
+ enable = true;
+ settings = {
+ default_session = {
+ # command = "${pkgs.greetd.greetd}/bin/agreety --cmd sway";
+ command = "${lib.makeBinPath [ pkgs.greetd.tuigreet ]}/tuigreet --time --cmd ${swayRun}";
+ users = "greeter";
+ };
+ initial_session = {
+ command = "${swayRun}";
+ user = "vincent";
+ };
};
+ # restart = false;
};
- # restart = false;
- };
- } // (if stable then { } else {
- libinput = {
- touchpad = {
- disableWhileTyping = true;
- additionalOptions = ''
- Option "Ignore" "on"
- '';
- };
- };
- });
+ }
+ // (
+ if stable then
+ { }
+ else
+ {
+ libinput = {
+ touchpad = {
+ disableWhileTyping = true;
+ additionalOptions = ''
+ Option "Ignore" "on"
+ '';
+ };
+ };
+ }
+ );
environment.systemPackages = with pkgs; [
qogir-icon-theme
];
systems/modules/desktop/xorg.nix
@@ -1,6 +1,11 @@
-{ config, lib, pkgs, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
let
- inherit (lib) mkIf mkEnableOption mkDefault;
+ inherit (lib) mkIf mkEnableOption;
cfg = config.modules.desktop.xorg;
in
{
systems/modules/dev/base.nix
@@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
let
cfg = config.modules.dev;
systems/modules/dev/containers-image-mirroring.nix
@@ -1,7 +1,17 @@
-{ config, lib, pkgs, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
let
- inherit (lib) mkEnableOption mkOption mkIf types;
+ inherit (lib)
+ mkEnableOption
+ mkOption
+ mkIf
+ types
+ ;
cfg = config.modules.dev.containers.image-mirroring;
settingsFormat = pkgs.formats.yaml { };
settingsFile = settingsFormat.generate "sync.yaml" cfg.settings;
@@ -13,18 +23,24 @@ in
enable = mkEnableOption "Enable container image mirroring service";
targets = mkOption {
type = types.listOf types.str;
- example = [ "quay.io/vdemeest" "ghcr.io/vdemeester" ];
+ example = [
+ "quay.io/vdemeest"
+ "ghcr.io/vdemeester"
+ ];
description = lib.mdDoc ''
A list of targets to sync images to. It will use the same
sync configuration to push on all.
'';
};
settings = mkOption {
- type = settingsFormat.type;
+ inherit (settingsFormat) type;
default = { };
example = {
"docker.io" = {
- "vdemeester/foo" = [ "latest" "bar" ];
+ "vdemeester/foo" = [
+ "latest"
+ "bar"
+ ];
};
"quay.io" = {
"buildah/stable" = [ "latest" ];
systems/modules/dev/containers.nix
@@ -1,8 +1,19 @@
-{ config, lib, pkgs, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
let
cfg = config.modules.dev.containers;
- inherit (lib) mkEnableOption mkIf mkMerge mkOption types;
+ inherit (lib)
+ mkEnableOption
+ mkIf
+ mkMerge
+ mkOption
+ types
+ ;
in
{
options = {
@@ -29,7 +40,10 @@ in
grpcAddress = mkOption {
type = types.listOf types.str;
default = [ "unix:///run/buildkit/buildkitd.sock" ];
- example = [ "unix:///run/buildkit/buildkitd.sock" "tcp://0.0.0.0:1234" ];
+ example = [
+ "unix:///run/buildkit/buildkitd.sock"
+ "tcp://0.0.0.0:1234"
+ ];
description = lib.mdDoc ''
A list of address to listen to for the grpc service.
'';
@@ -46,14 +60,26 @@ in
network = {
default_subnet_pools = [
# See https://github.com/kubernetes-sigs/kind/issues/2872 for this
- { "base" = "11.0.0.0/24"; "size" = 24; }
+ {
+ "base" = "11.0.0.0/24";
+ "size" = 24;
+ }
{
"base" = "192.168.129.0/24";
"size" = 24;
}
- { "base" = "192.168.130.0/24"; "size" = 24; }
- { "base" = "192.168.131.0/24"; "size" = 24; }
- { "base" = "192.168.132.0/24"; "size" = 24; }
+ {
+ "base" = "192.168.130.0/24";
+ "size" = 24;
+ }
+ {
+ "base" = "192.168.131.0/24";
+ "size" = 24;
+ }
+ {
+ "base" = "192.168.132.0/24";
+ "size" = 24;
+ }
];
};
};
@@ -75,7 +101,10 @@ in
};
worker.containerd = {
enabled = true;
- platforms = [ "linux/amd64" "linux/arm64" ];
+ platforms = [
+ "linux/amd64"
+ "linux/arm64"
+ ];
namespace = "buildkit";
};
# FIXME: move to home
@@ -93,7 +122,7 @@ in
};
docker = {
enable = true;
- package = cfg.docker.package;
+ inherit (cfg.docker) package;
liveRestore = false;
storageDriver = "overlay2";
daemon.settings = {
@@ -107,8 +136,17 @@ in
};
default-runtime = "docker-runc";
containerd = "/run/containerd/containerd.sock";
- features = { buildkit = true; };
- insecure-registries = [ "172.30.0.0/16" "192.168.1.0/16" "10.100.0.0/16" "shikoku.home:5000" "r.svc.home:5000" "r.svc.home" ];
+ features = {
+ buildkit = true;
+ };
+ insecure-registries = [
+ "172.30.0.0/16"
+ "192.168.1.0/16"
+ "10.100.0.0/16"
+ "shikoku.home:5000"
+ "r.svc.home:5000"
+ "r.svc.home"
+ ];
seccomp-profile = ./my-seccomp.json;
};
};
@@ -116,7 +154,10 @@ in
environment.systemPackages = with pkgs; [
docker-buildx
];
- networking.firewall.trustedInterfaces = [ "docker0" "podman" ];
+ networking.firewall.trustedInterfaces = [
+ "docker0"
+ "podman"
+ ];
})
(mkIf cfg.podman.enable {
virtualisation.podman.enable = true;
@@ -126,13 +167,19 @@ in
virtualisation = {
containers = {
registries = {
- search = [ "registry.fedoraproject.org" "registry.access.redhat.com" "registry.centos.org" "docker.io" "quay.io" ];
+ search = [
+ "registry.fedoraproject.org"
+ "registry.access.redhat.com"
+ "registry.centos.org"
+ "docker.io"
+ "quay.io"
+ ];
};
policy = {
- default = [{ type = "insecureAcceptAnything"; }];
+ default = [ { type = "insecureAcceptAnything"; } ];
transports = {
docker-daemon = {
- "" = [{ type = "insecureAcceptAnything"; }];
+ "" = [ { type = "insecureAcceptAnything"; } ];
};
};
};
systems/modules/editors/default.nix
@@ -1,10 +1,19 @@
{ config, lib, ... }:
let
- inherit (lib) mkIf mkOption mkOverride types;
+ inherit (lib)
+ mkIf
+ mkOption
+ mkOverride
+ types
+ ;
cfg = config.modules.editors;
in
{
- imports = [ ./vim.nix ./emacs.nix ./neovim.nix ];
+ imports = [
+ ./vim.nix
+ ./emacs.nix
+ ./neovim.nix
+ ];
options.modules.editors = {
default = mkOption {
description = "default editor";
systems/modules/editors/emacs.nix
@@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
let
inherit (lib) mkEnableOption mkIf;
cfg = config.modules.editors.emacs;
systems/modules/editors/neovim.nix
@@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
let
inherit (lib) mkEnableOption mkIf;
cfg = config.modules.editors.neovim;
systems/modules/editors/vim.nix
@@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
let
inherit (lib) mkEnableOption mkIf;
cfg = config.modules.editors.vim;
systems/modules/hardware/audio.nix
@@ -1,6 +1,18 @@
-{ config, lib, pkgs, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
let
- inherit (lib) mkEnableOption mkIf mkMerge mkOption types versionOlder;
+ inherit (lib)
+ mkEnableOption
+ mkIf
+ mkMerge
+ mkOption
+ types
+ versionOlder
+ ;
cfg = config.modules.hardware.audio;
stable = versionOlder config.system.nixos.release "24.05";
in
@@ -25,53 +37,94 @@ in
# sound.enable = true;
# FIXME is it needed
security.pam.loginLimits = [
- { domain = "@audio"; item = "memlock"; type = "-"; value = "unlimited"; }
- { domain = "@audio"; item = "rtprio"; type = "-"; value = "99"; }
- { domain = "@audio"; item = "nofile"; type = "-"; value = "99999"; }
+ {
+ domain = "@audio";
+ item = "memlock";
+ type = "-";
+ value = "unlimited";
+ }
+ {
+ domain = "@audio";
+ item = "rtprio";
+ type = "-";
+ value = "99";
+ }
+ {
+ domain = "@audio";
+ item = "nofile";
+ type = "-";
+ value = "99999";
+ }
];
}
(mkIf cfg.pipewire.enable {
security.rtkit.enable = true;
- services.pipewire = {
- enable = true;
- alsa.enable = true;
- alsa.support32Bit = true;
- pulse.enable = true;
- wireplumber = {
+ services.pipewire =
+ {
enable = true;
- } // (if stable then { } else {
- configPackages = [
- (pkgs.writeTextDir "share/wireplumber/bluetooth.lua.d/51-bluez-config.lua" ''
- bluez_monitor.properties = {
- ["bluez5.enable-sbc-xq"] = true,
- ["bluez5.enable-msbc"] = true,
- ["bluez5.enable-hw-volume"] = true,
- ["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]"
- }
- '')
- ];
- });
- } // (if stable then { } else {
- extraConfig = {
- pipewire-pulse = {
- "50-network-party.conf" = {
- # "context.modules" = [
- # { name = "libpipewire-module-protocol-native"; }
- # { name = "libpipewire-module-client-node"; }
- # { name = "libpipewire-module-adapter"; }
- # { name = "libpipewire-module-metadata"; }
- # ];
- "context.exec" = [
- { path = "pactl"; args = "load-module module-native-protocol-tcp"; }
- { path = "pactl"; args = "load-module module-zeroconf-discover"; }
- { path = "pactl"; args = "load-module module-zeroconf-publish"; }
- ];
- };
- };
- };
- });
+ alsa.enable = true;
+ alsa.support32Bit = true;
+ pulse.enable = true;
+ wireplumber =
+ {
+ enable = true;
+ }
+ // (
+ if stable then
+ { }
+ else
+ {
+ configPackages = [
+ (pkgs.writeTextDir "share/wireplumber/bluetooth.lua.d/51-bluez-config.lua" ''
+ bluez_monitor.properties = {
+ ["bluez5.enable-sbc-xq"] = true,
+ ["bluez5.enable-msbc"] = true,
+ ["bluez5.enable-hw-volume"] = true,
+ ["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]"
+ }
+ '')
+ ];
+ }
+ );
+ }
+ // (
+ if stable then
+ { }
+ else
+ {
+ extraConfig = {
+ pipewire-pulse = {
+ "50-network-party.conf" = {
+ # "context.modules" = [
+ # { name = "libpipewire-module-protocol-native"; }
+ # { name = "libpipewire-module-client-node"; }
+ # { name = "libpipewire-module-adapter"; }
+ # { name = "libpipewire-module-metadata"; }
+ # ];
+ "context.exec" = [
+ {
+ path = "pactl";
+ args = "load-module module-native-protocol-tcp";
+ }
+ {
+ path = "pactl";
+ args = "load-module module-zeroconf-discover";
+ }
+ {
+ path = "pactl";
+ args = "load-module module-zeroconf-publish";
+ }
+ ];
+ };
+ };
+ };
+ }
+ );
networking.firewall = {
- allowedTCPPorts = [ 6001 6002 ];
+ allowedTCPPorts = [
+ 6001
+ 6002
+ ];
};
})
(mkIf cfg.pulseaudio.enable {
@@ -101,7 +154,11 @@ in
enable = cfg.tcp;
anonymousClients = {
allowAll = true;
- allowedIpRanges = [ "127.0.0.1" "192.168.12.0/24" "10.0.0.0/24" ];
+ allowedIpRanges = [
+ "127.0.0.1"
+ "192.168.12.0/24"
+ "10.0.0.0/24"
+ ];
};
};
};
systems/modules/hardware/bluetooth.nix
@@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
let
inherit (lib) mkEnableOption mkIf mkMerge;
cfg = config.modules.hardware.bluetooth;
systems/modules/hardware/laptop.nix
@@ -1,6 +1,11 @@
-{ config, lib, pkgs, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
let
- inherit (lib) mkEnableOption mkIf mkMerge mkOption types;
+ inherit (lib) mkEnableOption mkIf mkMerge;
cfg = config.modules.hardware.laptop;
in
{
systems/modules/hardware/sane-extra-config.nixos.nix
@@ -1,14 +1,12 @@
-{ config, lib, pkgs, ... }:
+{
+ config,
+ lib,
+ ...
+}:
with lib;
let
cfg = config.hardware.sane;
- pkg =
- if cfg.snapshot
- then pkgs.sane-backends-git
- else pkgs.sane-backends;
- backends = [ pkg ] ++ cfg.extraBackends;
- saneConfig = pkgs.mkSaneConfig { paths = backends; };
# saneExtraConfig =
# pkgs.runCommand "sane-extra-config"
# { } ''
@@ -32,7 +30,9 @@ in
hardware.sane.extraConfig = mkOption {
type = types.attrsOf types.lines;
default = { };
- example = { "some-backend" = "# some lines to add to its .conf"; };
+ example = {
+ "some-backend" = "# some lines to add to its .conf";
+ };
};
};
systems/modules/hardware/server.nix
@@ -1,6 +1,6 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, ... }:
let
- inherit (lib) mkEnableOption mkIf mkOption types;
+ inherit (lib) mkEnableOption mkIf;
cfg = config.modules.hardware.server;
in
{
systems/modules/hardware/yubikey.nix
@@ -1,6 +1,17 @@
-{ config, lib, pkgs, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
let
- inherit (lib) mkEnableOption mkIf mkMerge mkOption types;
+ inherit (lib)
+ mkEnableOption
+ mkIf
+ mkMerge
+ mkOption
+ types
+ ;
cfg = config.modules.hardware.yubikey;
in
{
@@ -53,11 +64,13 @@ in
security.pam.u2f = {
enable = true;
origin = "pam://yubi";
- authFile = pkgs.writeText "u2f-mappings" (lib.concatStrings [
- "vincent"
- ":4IiWZI9g6D8W6LeAW13ug4CnS8PreNRcHdcebkUDny3gWGfmpMJg4TgBWaZSIdh+sgg4jQA4MxYwTCmmP/ipWQ==,qOl+ouBRk6MMEJiE7H5LuTAirhBhN0UQrCNlLQoRsVttp6IBKG4yq4zDwm4fmYlfy1MFhvh7oOapMOmodMKJpQ==,es256,+presence" # yubikey5-a
- ":Sz4J2qMhoE7bE/uzwUzjJxG/bE0s+cw18zXcQjRsLIdJTVbuMad1ivKlYeLZW6vWV0lYiODlRW21HTSaFzu06A==,p7OZ3z5fiAIuJRHVzm56Y8Ti934+4cVHjsG7kaapmz8cWPfXfXfj5c8QiyIz3EQ0hOoxVV5cbkzUTxe7hdQIsA==,es256,+presence" # yubikey5-c1
- ]);
+ authFile = pkgs.writeText "u2f-mappings" (
+ lib.concatStrings [
+ "vincent"
+ ":4IiWZI9g6D8W6LeAW13ug4CnS8PreNRcHdcebkUDny3gWGfmpMJg4TgBWaZSIdh+sgg4jQA4MxYwTCmmP/ipWQ==,qOl+ouBRk6MMEJiE7H5LuTAirhBhN0UQrCNlLQoRsVttp6IBKG4yq4zDwm4fmYlfy1MFhvh7oOapMOmodMKJpQ==,es256,+presence" # yubikey5-a
+ ":Sz4J2qMhoE7bE/uzwUzjJxG/bE0s+cw18zXcQjRsLIdJTVbuMad1ivKlYeLZW6vWV0lYiODlRW21HTSaFzu06A==,p7OZ3z5fiAIuJRHVzm56Y8Ti934+4cVHjsG7kaapmz8cWPfXfXfj5c8QiyIz3EQ0hOoxVV5cbkzUTxe7hdQIsA==,es256,+presence" # yubikey5-c1
+ ]
+ );
};
})
(mkIf cfg.agent {
systems/modules/profiles/builder.nix
@@ -1,13 +1,19 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, ... }:
let
- inherit (lib) mkIf mkEnableOption importTOML filter;
+ inherit (lib)
+ mkIf
+ mkEnableOption
+ importTOML
+ filter
+ ;
cfg = config.profiles.externalbuilder;
metadata = importTOML ../../../ops/hosts.toml;
currentHostIP =
- if builtins.hasAttr "addrs" metadata.hosts.${config.networking.hostName}
- then metadata.hosts.${config.networking.hostName}.addrs.v4
- else "0.0.0.0";
+ if builtins.hasAttr "addrs" metadata.hosts.${config.networking.hostName} then
+ metadata.hosts.${config.networking.hostName}.addrs.v4
+ else
+ "0.0.0.0";
isCurrentHost = n: n.hostName != currentHostIP;
in
{
@@ -25,39 +31,42 @@ in
# path = "/etc/nix/builder.key";
# };
- nix.buildMachines = (filter isCurrentHost
- [
- {
- hostName = "${metadata.hosts.shikoku.addrs.v4}";
- maxJobs = metadata.hosts.shikoku.builder.maxJobs;
- sshUser = "builder";
- # sshKey = config.sops.secrets.builder.path;
- systems = metadata.hosts.shikoku.builder.systems;
- supportedFeatures = metadata.hosts.shikoku.builder.features;
- }
- {
- hostName = "${metadata.hosts.aomi.addrs.v4}";
- maxJobs = metadata.hosts.aomi.builder.maxJobs;
- sshUser = "builder";
- # sshKey = config.sops.secrets.builder.path;
- systems = metadata.hosts.aomi.builder.systems;
- supportedFeatures = metadata.hosts.aomi.builder.features;
- }
- ]
- );
+ nix.buildMachines = filter isCurrentHost [
+ {
+ hostName = "${metadata.hosts.shikoku.addrs.v4}";
+ inherit (metadata.hosts.shikoku.builder) maxJobs;
+ sshUser = "builder";
+ # sshKey = config.sops.secrets.builder.path;
+ inherit (metadata.hosts.shikoku.builder) systems;
+ supportedFeatures = metadata.hosts.shikoku.builder.features;
+ }
+ {
+ hostName = "${metadata.hosts.aomi.addrs.v4}";
+ inherit (metadata.hosts.aomi.builder) maxJobs;
+ sshUser = "builder";
+ # sshKey = config.sops.secrets.builder.path;
+ inherit (metadata.hosts.aomi.builder) systems;
+ supportedFeatures = metadata.hosts.aomi.builder.features;
+ }
+ ];
programs.ssh.knownHosts = {
"shikoku" = {
- hostNames = [ "shikoku.home" "${metadata.hosts.shikoku.addrs.v4}" ];
+ hostNames = [
+ "shikoku.home"
+ "${metadata.hosts.shikoku.addrs.v4}"
+ ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH18c6kcorVbK2TwCgdewL6nQf29Cd5BVTeq8nRYUigm";
};
"aomi" = {
- hostNames = [ "aomi.home" "${metadata.hosts.aomi.addrs.v4}" ];
+ hostNames = [
+ "aomi.home"
+ "${metadata.hosts.aomi.addrs.v4}"
+ ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFQVlSrUKU0xlM9E+sJ8qgdgqCW6ePctEBD2Yf+OnyME";
};
};
};
-
}
systems/modules/profiles/home.nix
@@ -1,10 +1,10 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, ... }:
with lib;
let
cfg = config.modules.profiles.home;
secretPath = ../../../secrets/machines.nix;
- secretCondition = (builtins.pathExists secretPath);
+ secretCondition = builtins.pathExists secretPath;
machines = lib.optionalAttrs secretCondition (import secretPath);
in
{
@@ -12,31 +12,39 @@ in
modules.profiles.home = mkEnableOption "Enable home profile";
};
config = mkIf cfg {
- boot.kernelParams = [ "nfs.nfs4_disable_idmapping=0" "nfsd.nfs4_disable_idmapping=0" ];
+ boot.kernelParams = [
+ "nfs.nfs4_disable_idmapping=0"
+ "nfsd.nfs4_disable_idmapping=0"
+ ];
networking = {
domain = "home";
- hosts = with machines; mkIf secretCondition {
- "${home.ips.honshu}" = [ "honshu.home" ];
- "${home.ips.aion}" = [ "aion.home" ];
- "${home.ips.aomi}" = [ "aomi.home" ];
- "${wireguard.ips.aomi}" = [ "aomi.vpn" ];
- "${home.ips.shikoku}" = [ "shikoku.home" ];
- "${wireguard.ips.shikoku}" = [ "shikoku.vpn" ];
- "${home.ips.wakasu}" = [ "wakasu.home" ];
- "${wireguard.ips.wakasu}" = [ "wakasu.vpn" ];
- "${home.ips.hokkaido}" = [ "hokkaido.home" ];
- "${wireguard.ips.hokkaido}" = [ "hokkaido.vpn" ];
- # "${home.ips.sakhalin}" = [ "sakhalin.home" ];
- "${home.ips.sakhalin}" = [ "sakhalin.home" "nix.cache.home" ];
- "${wireguard.ips.sakhalin}" = [ "sakhalin.vpn" ];
- "${home.ips.synodine}" = [ "synodine.home" ];
- "${home.ips.okinawa}" = [ "okinawa.home" ];
- "${wireguard.ips.okinawa}" = [ "okinawa.vpn" ];
- "${wireguard.ips.kerkouane}" = [ "kerkouane.vpn" ];
- "${wireguard.ips.naruhodo}" = [ "naruhodo.vpn" ];
- "${home.ips.demeter}" = [ "demeter.home" ];
- "${home.ips.athena}" = [ "athena.home" ];
- };
+ hosts =
+ with machines;
+ mkIf secretCondition {
+ "${home.ips.honshu}" = [ "honshu.home" ];
+ "${home.ips.aion}" = [ "aion.home" ];
+ "${home.ips.aomi}" = [ "aomi.home" ];
+ "${wireguard.ips.aomi}" = [ "aomi.vpn" ];
+ "${home.ips.shikoku}" = [ "shikoku.home" ];
+ "${wireguard.ips.shikoku}" = [ "shikoku.vpn" ];
+ "${home.ips.wakasu}" = [ "wakasu.home" ];
+ "${wireguard.ips.wakasu}" = [ "wakasu.vpn" ];
+ "${home.ips.hokkaido}" = [ "hokkaido.home" ];
+ "${wireguard.ips.hokkaido}" = [ "hokkaido.vpn" ];
+ # "${home.ips.sakhalin}" = [ "sakhalin.home" ];
+ "${home.ips.sakhalin}" = [
+ "sakhalin.home"
+ "nix.cache.home"
+ ];
+ "${wireguard.ips.sakhalin}" = [ "sakhalin.vpn" ];
+ "${home.ips.synodine}" = [ "synodine.home" ];
+ "${home.ips.okinawa}" = [ "okinawa.home" ];
+ "${wireguard.ips.okinawa}" = [ "okinawa.vpn" ];
+ "${wireguard.ips.kerkouane}" = [ "kerkouane.vpn" ];
+ "${wireguard.ips.naruhodo}" = [ "naruhodo.vpn" ];
+ "${home.ips.demeter}" = [ "demeter.home" ];
+ "${home.ips.athena}" = [ "athena.home" ];
+ };
};
time.timeZone = "Europe/Paris";
# To mimic autofs on fedora
@@ -44,39 +52,60 @@ in
"/net/synodine.home" = {
device = "${machines.home.ips.synodine}:/";
fsType = "nfs";
- options = [ "x-systemd.automount" "noauto" ];
+ options = [
+ "x-systemd.automount"
+ "noauto"
+ ];
};
# FIXME(vdemeester): I think it acts like this because there is only one export
"/net/sakhalin.home/export" = {
device = "${machines.home.ips.sakhalin}:/";
fsType = "nfs";
- options = [ "x-systemd.automount" "noauto" ];
+ options = [
+ "x-systemd.automount"
+ "noauto"
+ ];
};
# FIXME(vdemeester): Loop
"/net/aion.home/export/documents" = {
device = "aion.home:/export/documents";
fsType = "nfs";
- options = [ "x-systemd.automount" "noauto" ];
+ options = [
+ "x-systemd.automount"
+ "noauto"
+ ];
};
"/net/aion.home/export/downloads" = {
device = "aion.home:/export/downloads";
fsType = "nfs";
- options = [ "x-systemd.automount" "noauto" ];
+ options = [
+ "x-systemd.automount"
+ "noauto"
+ ];
};
"/net/aion.home/export/music" = {
device = "aion.home:/export/music";
fsType = "nfs";
- options = [ "x-systemd.automount" "noauto" ];
+ options = [
+ "x-systemd.automount"
+ "noauto"
+ ];
};
"/net/aion.home/export/pictures" = {
device = "aion.home:/export/pictures";
fsType = "nfs";
- options = [ "x-systemd.automount" "noauto" ];
+ options = [
+ "x-systemd.automount"
+ "noauto"
+ ];
};
"/net/aion.home/export/videos" = {
device = "aion.home:/export/videos";
fsType = "nfs";
- options = [ "x-systemd.automount" "noauto" ];
+ options = [
+ "x-systemd.automount"
+ "noauto"
+ ];
};
};
};
systems/modules/profiles/work.nix
@@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
with lib;
let
systems/modules/programs/crc.nix
@@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
with lib;
let
systems/modules/services/athens.nix
@@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
with lib;
let
@@ -58,7 +63,9 @@ in
preStart = ''
mkdir -p /var/lib/athens
'';
- environment = { HOME = "/var/lib/athens"; };
+ environment = {
+ HOME = "/var/lib/athens";
+ };
serviceConfig = {
User = cfg.user;
Restart = "on-failure";
@@ -66,7 +73,12 @@ in
${cfg.package}/bin/proxy -config_file=/etc/athens/config.toml
'';
};
- path = [ cfg.package ] ++ [ pkgs.go pkgs.git ];
+ path =
+ [ cfg.package ]
+ ++ [
+ pkgs.go
+ pkgs.git
+ ];
};
};
}
systems/modules/services/avahi.nix
@@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, ... }:
let
inherit (lib) mkEnableOption mkIf versionOlder;
@@ -12,10 +12,10 @@ in
};
};
- config = mkIf cfg.enable
- {
- services = {
- avahi = {
+ config = mkIf cfg.enable {
+ services = {
+ avahi =
+ {
enable = true;
ipv4 = true;
ipv6 = true;
@@ -23,13 +23,18 @@ in
enable = true;
userServices = true;
};
- openFirewall = true;
- } // (if stable
- then {
- nssmdns = true;
- } else {
- nssmdns4 = true;
- });
- };
+ openFirewall = true;
+ }
+ // (
+ if stable then
+ {
+ nssmdns = true;
+ }
+ else
+ {
+ nssmdns4 = true;
+ }
+ );
};
+ };
}
systems/modules/services/barrier.nix
@@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, ... }:
with lib;
let
systems/modules/services/bind.nix
@@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, ... }:
let
inherit (lib) mkIf mkEnableOption;
@@ -15,19 +15,26 @@ in
services = {
bind = {
enable = true;
- forwarders = [ "8.8.8.8" "8.8.4.4" ];
+ forwarders = [
+ "8.8.8.8"
+ "8.8.4.4"
+ ];
extraOptions = ''
dnssec-validation no;
'';
- cacheNetworks = [ "192.168.1.0/24" "127.0.0.0/8" "10.100.0.0/24" ];
+ cacheNetworks = [
+ "192.168.1.0/24"
+ "127.0.0.0/8"
+ "10.100.0.0/24"
+ ];
zones = [
- {
- # sbr
- name = "sbr.pm";
- master = true;
- slaves = [];
- file = ../../../secrets/db.sbr.pm;
- }
+ {
+ # sbr
+ name = "sbr.pm";
+ master = true;
+ slaves = [ ];
+ file = ../../../secrets/db.sbr.pm;
+ }
{
# home
name = "home";
systems/modules/services/gosmee.nix
@@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
with lib;
let
@@ -45,4 +50,3 @@ in
};
};
}
-
systems/modules/services/govanityurl.nix
@@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
with lib;
let
systems/modules/services/nix-binary-cache.nix
@@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, ... }:
with lib;
let
@@ -20,7 +20,10 @@ in
};
};
config = mkIf cfg.enable {
- networking.firewall.allowedTCPPorts = [ 80 443 ];
+ networking.firewall.allowedTCPPorts = [
+ 80
+ 443
+ ];
systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/public-nix-cache" ];
services.nginx = {
enable = true;
systems/modules/services/ssh.nix
@@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, ... }:
with lib;
let
systems/modules/services/syncthing.nix
@@ -1,50 +1,80 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, ... }:
with lib;
let
# unstable = versionOlder config.system.nixos.release "21.05";
cfg = config.modules.services.syncthing;
- isCurrentHost = n: v: n != config.networking.hostName;
- isFull = n: v: (isCurrentHost n v) && v.full == true; # TODO: handle this
+ isCurrentHost = n: _v: n != config.networking.hostName;
+ isFull = n: v: (isCurrentHost n v) && v.full; # TODO: handle this
devices = {
wakasu = {
id = "3P5BRF6-27NH2OX-3ZUI7EZ-BP4KCSE-EF2GMJL-DHUGPP2-OGHIJVO-LAJOMA7";
- addresses = [ "tcp://wakasu.light" "tcp://wakasu.vpn" "tcp://wakasu.sbr.pm" ];
+ addresses = [
+ "tcp://wakasu.light"
+ "tcp://wakasu.vpn"
+ "tcp://wakasu.sbr.pm"
+ ];
full = true;
};
aomi = {
id = "XCR6WWB-OZUDGFB-LQPFW73-MV5SPJK-4IGOMA4-IAXON3I-C6OFETL-TPK5FQS";
- addresses = [ "tcp://aomi.vpn" "tcp://aomi.light" "tcp://aomi.sbr.pm" ];
+ addresses = [
+ "tcp://aomi.vpn"
+ "tcp://aomi.light"
+ "tcp://aomi.sbr.pm"
+ ];
full = true;
};
sakhalin = {
id = "4TYYG7V-A67D5SN-HMEJCI7-POOZRLL-RNCIE4U-ZYVGTOB-JQ5DOSV-ZCGWUAL";
- addresses = [ "tcp://sakhalin.light" "tcp://sakhalin.vpn" "tcp://sakhalin.sbr.pm" ];
+ addresses = [
+ "tcp://sakhalin.light"
+ "tcp://sakhalin.vpn"
+ "tcp://sakhalin.sbr.pm"
+ ];
full = true;
};
shikoku = {
id = "KZMMXRR-UINDQTS-H3TV2W7-EIGOUDI-3LW4ZDG-7PRKDFV-MJ5KUTJ-YG5Y5AI";
- addresses = [ "tcp://shikoku.light" "tcp://shikoku.vpn" "tcp://shikoku.sbr.pm" ];
+ addresses = [
+ "tcp://shikoku.light"
+ "tcp://shikoku.vpn"
+ "tcp://shikoku.sbr.pm"
+ ];
full = true;
};
kerkouane = {
id = "IFVRRQ7-KMIOQXP-5YDJXQU-UJXUKHB-7THCSY6-B3NHRNA-ED7IRI7-2JPPKQY";
- addresses = [ "tcp://10.100.0.1" "tcp://kerkouane.vpn" ];
+ addresses = [
+ "tcp://10.100.0.1"
+ "tcp://kerkouane.vpn"
+ ];
full = false;
};
aion = {
id = "YORNSGU-UC4IAG5-IWJCD7T-MVPIU7O-AYM36UK-LEHF7AP-CBC4L6C-ZWKUYQF";
- addresses = [ "tcp://aion.light" "tcp://aion.vpn" "tcp://aion.sbr.pm" ];
+ addresses = [
+ "tcp://aion.light"
+ "tcp://aion.vpn"
+ "tcp://aion.sbr.pm"
+ ];
full = true;
};
honshu = {
id = "RGIR34D-3SH3GZK-CYPNNFI-5M5I2K4-HVTUS56-72GJTLH-SDMOY4I-I7AURQR";
- addresses = [ "tcp://honshu.home" "tcp://honshu.sbr.pm" ];
+ addresses = [
+ "tcp://honshu.home"
+ "tcp://honshu.sbr.pm"
+ ];
full = true;
};
okinawa = {
id = "2RWT47Z-UGSH4QO-G4W6XN7-3XY722R-ZKGDN5U-4MDGHMA-6SM26QM-7VCQIAZ";
- addresses = [ "tcp://okinawa.home" "tcp://okinawa.vpn" "tcp://okinawa.sbr.pm" ];
+ addresses = [
+ "tcp://okinawa.home"
+ "tcp://okinawa.vpn"
+ "tcp://okinawa.sbr.pm"
+ ];
full = true;
};
iphone = {
@@ -61,7 +91,14 @@ let
};
deviceNames = builtins.attrNames (filterAttrs isCurrentHost devices);
fullDeviceNames = builtins.attrNames (filterAttrs isFull devices);
- musicDeviceNames = builtins.attrNames (filterAttrs isCurrentHost { wakasu = devices.wakasu; iphone = devices.iphone; aomi = devices.aomi; aion = devices.aion; });
+ musicDeviceNames = builtins.attrNames (
+ filterAttrs isCurrentHost {
+ inherit (devices) wakasu;
+ inherit (devices) iphone;
+ inherit (devices) aomi;
+ inherit (devices) aion;
+ }
+ );
in
{
options = {
@@ -78,67 +115,81 @@ in
};
config = mkIf cfg.enable {
services.syncthing =
- if (builtins.hasAttr "devices" config.services.syncthing)
- then {
- enable = true;
- user = "vincent";
- dataDir = "/home/vincent/.syncthing";
- configDir = "/home/vincent/.syncthing";
- guiAddress = cfg.guiAddress;
- settings = {
- devices = filterAttrs isCurrentHost devices;
- folders = {
- "/home/vincent/sync" = {
- label = "sync";
- id = "7dshg-r8zr6";
- devices = deviceNames;
- };
- # "/home/vincent/desktop/notes" = {
- # label = "notes";
- # id = "q2eld-jylbu";
- # devices = deviceNames;
- # };
- "/home/vincent/desktop/org" = {
- label = "org";
- id = "sjpsr-xfwdu";
- devices = deviceNames;
- };
- } // (if (config.networking.hostName != "kerkouane") then {
- "/home/vincent/desktop/documents" = {
- label = "documents";
- id = "oftdb-t5anv";
- devices = fullDeviceNames;
- };
- "/home/vincent/desktop/pictures/screenshots" = {
- label = "screenshots";
- id = "prpsz-azlz9";
- devices = fullDeviceNames;
- };
- "/home/vincent/desktop/pictures/wallpapers" = {
- label = "wallpapers";
- id = "wpiah-ydwwx";
- devices = fullDeviceNames;
- };
- "/home/vincent/desktop/pictures/photos" = {
- label = "photos";
- id = "uetya-ypa3d";
- devices = fullDeviceNames;
- };
- } else { }) // (if (config.networking.hostName == "wakasu") then {
- "/home/vincent/desktop/music" = {
- label = "music";
- id = "kcyrf-mugzt";
- devices = musicDeviceNames;
- };
- } else { });
+ if (builtins.hasAttr "devices" config.services.syncthing) then
+ {
+ enable = true;
+ user = "vincent";
+ dataDir = "/home/vincent/.syncthing";
+ configDir = "/home/vincent/.syncthing";
+ inherit (cfg) guiAddress;
+ settings = {
+ devices = filterAttrs isCurrentHost devices;
+ folders =
+ {
+ "/home/vincent/sync" = {
+ label = "sync";
+ id = "7dshg-r8zr6";
+ devices = deviceNames;
+ };
+ # "/home/vincent/desktop/notes" = {
+ # label = "notes";
+ # id = "q2eld-jylbu";
+ # devices = deviceNames;
+ # };
+ "/home/vincent/desktop/org" = {
+ label = "org";
+ id = "sjpsr-xfwdu";
+ devices = deviceNames;
+ };
+ }
+ // (
+ if (config.networking.hostName != "kerkouane") then
+ {
+ "/home/vincent/desktop/documents" = {
+ label = "documents";
+ id = "oftdb-t5anv";
+ devices = fullDeviceNames;
+ };
+ "/home/vincent/desktop/pictures/screenshots" = {
+ label = "screenshots";
+ id = "prpsz-azlz9";
+ devices = fullDeviceNames;
+ };
+ "/home/vincent/desktop/pictures/wallpapers" = {
+ label = "wallpapers";
+ id = "wpiah-ydwwx";
+ devices = fullDeviceNames;
+ };
+ "/home/vincent/desktop/pictures/photos" = {
+ label = "photos";
+ id = "uetya-ypa3d";
+ devices = fullDeviceNames;
+ };
+ }
+ else
+ { }
+ )
+ // (
+ if (config.networking.hostName == "wakasu") then
+ {
+ "/home/vincent/desktop/music" = {
+ label = "music";
+ id = "kcyrf-mugzt";
+ devices = musicDeviceNames;
+ };
+ }
+ else
+ { }
+ );
+ };
+ }
+ else
+ {
+ enable = true;
+ user = "vincent";
+ dataDir = "/home/vincent/.syncthing";
+ configDir = "/home/vincent/.syncthing";
+ inherit (cfg) guiAddress;
};
- }
- else {
- enable = true;
- user = "vincent";
- dataDir = "/home/vincent/.syncthing";
- configDir = "/home/vincent/.syncthing";
- guiAddress = cfg.guiAddress;
- };
};
}
systems/modules/services/wireguard.client.nix
@@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
with lib;
let
@@ -49,12 +54,12 @@ in
networking.wireguard.enable = true;
networking.wireguard.interfaces = {
wg0 = {
- ips = cfg.ips;
+ inherit (cfg) ips;
privateKeyFile = "/etc/nixos/secrets/wireguard/private.key";
peers = [
{
publicKey = cfg.endpointPublicKey;
- allowedIPs = cfg.allowedIPs;
+ inherit (cfg) allowedIPs;
endpoint = "${cfg.endpoint}:${toString cfg.endpointPort}";
persistentKeepalive = 25;
}
systems/modules/services/wireguard.server.nix
@@ -1,11 +1,16 @@
-{ config, lib, pkgs, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
with lib;
let
cfg = config.modules.services.wireguard.server;
secretPath = ../../../secrets/machines.nix;
- secretCondition = (builtins.pathExists secretPath);
+ secretCondition = builtins.pathExists secretPath;
allowedIPs = lists.optionals secretCondition (import secretPath).wireguard.kerkouane.allowedIPs;
listenPort = if secretCondition then (import secretPath).wg.listenPort else 0;
peers = lists.optionals secretCondition (import secretPath).wg.peers;
@@ -30,9 +35,9 @@ in
networking.wireguard.interfaces = {
"wg0" = {
ips = allowedIPs;
- listenPort = listenPort;
+ inherit listenPort;
privateKeyFile = "/etc/nixos/secrets/wireguard/private.key";
- peers = peers;
+ inherit peers;
};
};
};
systems/modules/shell/default.nix
@@ -1,7 +1,4 @@
-{ lib, ... }:
-let
- inherit (lib) mkEnableOption;
-in
+{ ... }:
{
imports = [
./direnv.nix
systems/modules/shell/direnv.nix
@@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
let
inherit (lib) mkEnableOption mkIf;
cfg = config.modules.shell.direnv;
systems/modules/shell/git.nix
@@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
let
inherit (lib) mkEnableOption mkIf;
cfg = config.modules.shell.git;
@@ -13,8 +18,7 @@ in
systemPackages = with pkgs; [
git
# gitAndTools.git-extras
- (mkIf config.modules.shell.gnupg.enable
- gitAndTools.git-crypt)
+ (mkIf config.modules.shell.gnupg.enable gitAndTools.git-crypt)
lazygit
];
# Default gitconfig
systems/modules/shell/gnupg.nix
@@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
let
inherit (lib) mkEnableOption mkIf;
cfg = config.modules.shell.gnupg;
systems/modules/shell/tmux.nix
@@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, ... }:
let
inherit (lib) mkEnableOption mkIf;
cfg = config.modules.shell.tmux;
systems/modules/shell/zsh.nix
@@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, ... }:
let
inherit (lib) mkOption mkIf types;
cfg = config.modules.shell.zsh;
systems/modules/virtualisation/buildkit.nix
@@ -1,8 +1,21 @@
-{ config, lib, pkgs, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
let
cfg = config.virtualisation.buildkitd;
inherit (lib) mkOption mkIf;
- inherit (lib.types) attrsOf str nullOr path bool package listOf;
+ inherit (lib.types)
+ attrsOf
+ str
+ nullOr
+ path
+ bool
+ package
+ listOf
+ ;
configFile =
if cfg.configFile == null then
@@ -31,7 +44,10 @@ in
packages = mkOption {
type = listOf package;
- default = [ pkgs.runc pkgs.git ];
+ default = [
+ pkgs.runc
+ pkgs.git
+ ];
description = "List of packages to be added to buildkitd service path";
};
@@ -51,7 +67,7 @@ in
};
settings = lib.mkOption {
- type = settingsFormat.type;
+ inherit (settingsFormat) type;
default = {
grpc.address = [ "unix:///run/buildkit/buildkitd.sock" ];
};
@@ -77,10 +93,15 @@ in
};
systemd.services.buildkitd = {
- after = [ "network.target" "containerd.service" ];
+ after = [
+ "network.target"
+ "containerd.service"
+ ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
- ExecStart = ''${cfg.package}/bin/buildkitd ${lib.concatStringsSep " " (lib.cli.toGNUCommandLine {} cfg.args)}'';
+ ExecStart = ''${cfg.package}/bin/buildkitd ${
+ lib.concatStringsSep " " (lib.cli.toGNUCommandLine { } cfg.args)
+ }'';
Delegate = "yes";
KillMode = "process";
Type = "notify";
@@ -99,5 +120,4 @@ in
};
-
}
systems/modules/virtualisation/containerd.nix
@@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
let
cfg = config.virtualisation.mycontainerd;
@@ -33,18 +38,21 @@ in
extraPackages = mkOption {
type = types.listOf types.package;
- default = [ pkgs.runc pkgs.cni pkgs.cni-plugins ];
+ default = [
+ pkgs.runc
+ pkgs.cni
+ pkgs.cni-plugins
+ ];
description = "List of packages to be added to containerd service path";
};
extraOptions = mkOption {
type = types.separatedString " ";
default = "";
- description =
- ''
- The extra command-line options to pass to
- <command>containerd</command> daemon.
- '';
+ description = ''
+ The extra command-line options to pass to
+ <command>containerd</command> daemon.
+ '';
};
};
@@ -66,7 +74,6 @@ in
path = [ cfg.package ] ++ cfg.extraPackages;
};
-
systemd.sockets.containerd = {
description = "Containerd Socket for the API";
wantedBy = [ "sockets.target" ];
@@ -80,5 +87,4 @@ in
};
-
}
systems/modules/virtualisation/libvirt.nix
@@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
let
inherit (lib) mkEnableOption mkIf mkMerge;
@@ -18,7 +23,11 @@ in
qemu.ovmf.enable = true;
};
security.polkit.enable = true; # 22.11: libvirtd requires poltkit to be enabled
- environment.systemPackages = with pkgs; [ qemu vde2 libosinfo ];
+ environment.systemPackages = with pkgs; [
+ qemu
+ vde2
+ libosinfo
+ ];
}
(mkIf config.modules.desktop.enable {
environment.systemPackages = with pkgs; [ virt-manager ];
@@ -30,7 +39,9 @@ in
'';
})
(mkIf cfg.listenTCP {
- boot.kernel.sysctl = { "net.ipv4.ip_forward" = 1; };
+ boot.kernel.sysctl = {
+ "net.ipv4.ip_forward" = 1;
+ };
virtualisation.libvirtd = {
allowedBridges = [ "br1" ];
extraConfig = ''
systems/redhat/default.nix
@@ -1,4 +1,5 @@
-{ config, pkgs, ... }: {
+{ pkgs, ... }:
+{
environment.systemPackages = with pkgs; [
krb5
(google-chrome.override {
systems/default.nix
@@ -1,24 +1,25 @@
-{ config
-, desktop
-, hostname
-, inputs
-, lib
-, modulesPath
-, outputs
-, stateVersion
-, ...
+{
+ config,
+ desktop,
+ hostname,
+ inputs,
+ lib,
+ outputs,
+ stateVersion,
+ ...
}:
{
- imports = [
- (./. + "/${hostname}/boot.nix")
- (./. + "/${hostname}/hardware.nix")
+ imports =
+ [
+ (./. + "/${hostname}/boot.nix")
+ (./. + "/${hostname}/hardware.nix")
- ./common/base
- ./common/users
- ]
- ++ lib.optional (builtins.pathExists (./. + "/${hostname}/extra.nix")) ./${hostname}/extra.nix
- ++ lib.optional (builtins.isString desktop) ./common/desktop;
+ ./common/base
+ ./common/users
+ ]
+ ++ lib.optional (builtins.pathExists (./. + "/${hostname}/extra.nix")) ./${hostname}/extra.nix
+ ++ lib.optional (builtins.isString desktop) ./common/desktop;
nixpkgs = {
overlays = [
@@ -59,7 +60,10 @@
optimise = {
automatic = true;
- dates = [ "01:10" "12:10" ];
+ dates = [
+ "01:10"
+ "12:10"
+ ];
};
settings = {
tools/bekind/default.nix
@@ -3,7 +3,10 @@
stdenv.mkDerivation {
name = "bekind";
src = ./.;
- phases = [ "installPhase" "fixupPhase" ];
+ phases = [
+ "installPhase"
+ "fixupPhase"
+ ];
installPhase = ''
mkdir -p $out $out/bin $out/share/bekind
sed "s%profile_dir=\"./profiles\"%profile_dir=$out/share/bekind/profiles%g" $src/bekind > $out/bin/bekind
tools/emacs/config/programming-nix.el
@@ -19,6 +19,8 @@
(use-package nixpkgs-fmt
:if (executable-find "nix")
:after nix-ts-mode
+ :custom
+ (nixpkgs-fmt-command = "nixfmt")
:config
(add-hook 'nix-ts-mode-hook 'nixpkgs-fmt-on-save-mode))
tools/emacs/etc/eshell/aliases
@@ -1,3 +1,3 @@
-alias l ls -lah $*
-alias ll ls -l $*
-alias ls ls $*
+alias l exa -lah $*
+alias ll exa -l $*
+alias ls exa $*
tools/ergodox/default.nix
@@ -1,10 +1,12 @@
-{ sources ? import ../../nix
-, lib ? sources.lib
-, pkgs ? sources.nixpkgs { }
+{
+ sources ? import ../../nix,
+ pkgs ? sources.nixpkgs { },
}:
with pkgs;
-let avrlibc = pkgsCross.avr.libcCross; in
+let
+ avrlibc = pkgsCross.avr.libcCross;
+in
rec {
qmkSource = fetchgit {
url = "https://github.com/qmk/qmk_firmware";
tools/k8s.infra/default.nix
@@ -3,7 +3,10 @@
pkgs.stdenv.mkDerivation {
name = "k8s.infra";
src = ./.;
- phases = [ "installPhase" "fixupPhase" ];
+ phases = [
+ "installPhase"
+ "fixupPhase"
+ ];
buildInputs = with pkgs; [
makeWrapper
];
@@ -11,6 +14,14 @@ pkgs.stdenv.mkDerivation {
mkdir -p $out $out/bin
cp $src/k8s.infra.sh $out/bin/k8s.infra
- wrapProgram "$out/bin/k8s.infra" --prefix PATH : ${pkgs.lib.makeBinPath [ pkgs.nixos-generators pkgs.virtmanager pkgs.libguestfs-with-appliance pkgs.qemu pkgs.libvirt ]}
+ wrapProgram "$out/bin/k8s.infra" --prefix PATH : ${
+ pkgs.lib.makeBinPath [
+ pkgs.nixos-generators
+ pkgs.virtmanager
+ pkgs.libguestfs-with-appliance
+ pkgs.qemu
+ pkgs.libvirt
+ ]
+ }
'';
}
tools/tmp/installer_configuration.nix
@@ -1,11 +1,10 @@
-{ config, pkgs, ... }:
+{ ... }:
{
- imports =
- [
- # Include the results of the hardware scan.
- ./hardware-configuration.nix
- ];
+ imports = [
+ # Include the results of the hardware scan.
+ ./hardware-configuration.nix
+ ];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
tools/tmp/iso.nix
@@ -7,18 +7,18 @@
# nix-build <SAME AS BEFORE> --argStr system i686-linux
#
-{ config, lib, pkgs, system ? builtins.currentSystem, ... }:
+{ lib, pkgs, ... }:
with lib;
let
secretPath = ../../secrets/machines.nix;
- secretCondition = (builtins.pathExists secretPath);
+ secretCondition = builtins.pathExists secretPath;
isAuthorized = p: builtins.isAttrs p && p.authorized or false;
authorizedKeys = lists.optionals secretCondition (
- attrsets.mapAttrsToList
- (name: value: value.key)
- (attrsets.filterAttrs (name: value: isAuthorized value) (import secretPath).ssh)
+ attrsets.mapAttrsToList (_name: value: value.key) (
+ attrsets.filterAttrs (_name: isAuthorized) (import secretPath).ssh
+ )
);
in
{
users/houbeb/default.nix
@@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }:
+{ lib, pkgs, ... }:
let
inherit (lib) importTOML;
users/modules/profiles/mails.nix
@@ -1,6 +1,11 @@
# Generated from an org file 💃
# See : https://sbr.pm/technical/configurations/mails.html
-{ config, lib, pkgs, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
with lib;
let
@@ -20,192 +25,200 @@ in
};
};
- config = mkIf cfg.enable (
- mkMerge [
- {
- accounts.email = {
- maildirBasePath = "desktop/mails";
- accounts = {
- "redhat" = {
- address = "vdemeest@redhat.com";
- userName = "vdemeest@redhat.com";
- realName = "Vincent Demeester";
- passwordCommand = "${pkgs.gnupg}/bin/gpg -q --for-your-eyes-only --no-tty --exit-on-status-write-error --batch --passphrase-file ${config.home.homeDirectory}/sync/rh.pass -d ${config.home.homeDirectory}/desktop/documents/0\ Archives/rh.pass.gpg";
- imap.host = "imap.gmail.com";
- smtp.host = "smtp.gmail.com";
- mbsync = {
- enable = true;
- create = "both";
- expunge = "both";
- patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ];
- extraConfig = {
- channel = {
- Sync = "All";
- };
- account = {
- Timeout = 120;
- PipelineDepth = 1;
- };
+ config = mkIf cfg.enable (mkMerge [
+ {
+ accounts.email = {
+ maildirBasePath = "desktop/mails";
+ accounts = {
+ "redhat" = {
+ address = "vdemeest@redhat.com";
+ userName = "vdemeest@redhat.com";
+ realName = "Vincent Demeester";
+ passwordCommand = "${pkgs.gnupg}/bin/gpg -q --for-your-eyes-only --no-tty --exit-on-status-write-error --batch --passphrase-file ${config.home.homeDirectory}/sync/rh.pass -d ${config.home.homeDirectory}/desktop/documents/0\ Archives/rh.pass.gpg";
+ imap.host = "imap.gmail.com";
+ smtp.host = "smtp.gmail.com";
+ mbsync = {
+ enable = true;
+ create = "both";
+ expunge = "both";
+ patterns = [
+ "*"
+ "![Gmail]*"
+ "[Gmail]/Sent Mail"
+ "[Gmail]/Starred"
+ "[Gmail]/All Mail"
+ ];
+ extraConfig = {
+ channel = {
+ Sync = "All";
+ };
+ account = {
+ Timeout = 120;
+ PipelineDepth = 1;
};
};
- notmuch.enable = cfg.sync;
- # astroid.enable = cfg.sync;
- msmtp.enable = true;
};
- "perso" = {
- address = "vinc.demeester@gmail.com";
- userName = "vinc.demeester@gmail.com";
- realName = "Vincent Demeester";
- passwordCommand = "${pkgs.gnupg}/bin/gpg -q --for-your-eyes-only --no-tty --exit-on-status-write-error --batch --passphrase-file ${config.home.homeDirectory}/sync/perso.pass -d ${config.home.homeDirectory}/desktop/documents/0\ Archives/perso.pass.gpg";
- imap.host = "imap.gmail.com";
- smtp.host = "smtp.gmail.com";
- mbsync = {
- enable = true;
- create = "both";
- expunge = "both";
- patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ];
- extraConfig = {
- channel = {
- Sync = "All";
- };
- account = {
- Timeout = 120;
- PipelineDepth = 1;
- };
+ notmuch.enable = cfg.sync;
+ # astroid.enable = cfg.sync;
+ msmtp.enable = true;
+ };
+ "perso" = {
+ address = "vinc.demeester@gmail.com";
+ userName = "vinc.demeester@gmail.com";
+ realName = "Vincent Demeester";
+ passwordCommand = "${pkgs.gnupg}/bin/gpg -q --for-your-eyes-only --no-tty --exit-on-status-write-error --batch --passphrase-file ${config.home.homeDirectory}/sync/perso.pass -d ${config.home.homeDirectory}/desktop/documents/0\ Archives/perso.pass.gpg";
+ imap.host = "imap.gmail.com";
+ smtp.host = "smtp.gmail.com";
+ mbsync = {
+ enable = true;
+ create = "both";
+ expunge = "both";
+ patterns = [
+ "*"
+ "![Gmail]*"
+ "[Gmail]/Sent Mail"
+ "[Gmail]/Starred"
+ "[Gmail]/All Mail"
+ ];
+ extraConfig = {
+ channel = {
+ Sync = "All";
+ };
+ account = {
+ Timeout = 120;
+ PipelineDepth = 1;
};
};
- notmuch.enable = cfg.sync;
- # astroid.enable = cfg.sync;
- msmtp.enable = true;
};
- "prv" = {
- primary = true;
- address = "vincent@demeester.fr";
- userName = "vincent@demeester.fr";
- realName = "Vincent Demeester";
- passwordCommand = "${pkgs.gnupg}/bin/gpg -q --for-your-eyes-only --no-tty --exit-on-status-write-error --batch --passphrase-file ${config.home.homeDirectory}/sync/prv.pass -d ${config.home.homeDirectory}/desktop/documents/prv.pass.gpg";
- imap.host = "mail.gandi.net";
- smtp.host = "mail.gandi.net";
- mbsync = {
- enable = true;
- create = "both";
- expunge = "both";
- patterns = [ "*" ];
- extraConfig = {
- channel = {
- Sync = "All";
- };
- account = {
- Timeout = 120;
- PipelineDepth = 1;
- };
+ notmuch.enable = cfg.sync;
+ # astroid.enable = cfg.sync;
+ msmtp.enable = true;
+ };
+ "prv" = {
+ primary = true;
+ address = "vincent@demeester.fr";
+ userName = "vincent@demeester.fr";
+ realName = "Vincent Demeester";
+ passwordCommand = "${pkgs.gnupg}/bin/gpg -q --for-your-eyes-only --no-tty --exit-on-status-write-error --batch --passphrase-file ${config.home.homeDirectory}/sync/prv.pass -d ${config.home.homeDirectory}/desktop/documents/prv.pass.gpg";
+ imap.host = "mail.gandi.net";
+ smtp.host = "mail.gandi.net";
+ mbsync = {
+ enable = true;
+ create = "both";
+ expunge = "both";
+ patterns = [ "*" ];
+ extraConfig = {
+ channel = {
+ Sync = "All";
+ };
+ account = {
+ Timeout = 120;
+ PipelineDepth = 1;
};
};
- notmuch.enable = cfg.sync;
- # astroid.enable = cfg.sync;
- msmtp.enable = true;
};
+ notmuch.enable = cfg.sync;
+ # astroid.enable = cfg.sync;
+ msmtp.enable = true;
};
};
+ };
- home.file."bin/msmtp" = {
- text = ''
- #!${pkgs.stdenv.shell}
- ${pkgs.libnotify}/bin/notify-send "Sending mail ✉️"
- ${pkgs.msmtp}/bin/msmtp --read-envelope-from $@
- '';
- executable = true;
+ home.file."bin/msmtp" = {
+ text = ''
+ #!${pkgs.stdenv.shell}
+ ${pkgs.libnotify}/bin/notify-send "Sending mail ✉️"
+ ${pkgs.msmtp}/bin/msmtp --read-envelope-from $@
+ '';
+ executable = true;
+ };
+
+ programs.msmtp.enable = true;
+
+ }
+
+ (mkIf cfg.sync {
+
+ services.mbsync = {
+ enable = true;
+ preExec = "${config.xdg.configHome}/mbsync/preExec";
+ postExec = "${config.xdg.configHome}/mbsync/postExec";
+ inherit (cfg) frequency;
+ };
+
+ xdg.configFile."mbsync/preExec" = {
+ text = ''
+ #!${pkgs.stdenv.shell}
+
+ export NOTMUCH_CONFIG=${config.xdg.configHome}/notmuch/notmuchrc
+ export NMBGIT=${config.xdg.dataHome}/notmuch/nmbug
+
+ ${pkgs.coreutils}/bin/mkdir -p ${config.home.homeDirectory}/desktop/mails/redhat ${config.home.homeDirectory}/desktop/mails/perso
+ ${pkgs.afew}/bin/afew -C ${config.xdg.configHome}/notmuch/notmuchrc -m -v || true
+ '';
+ executable = true;
+ };
+
+ xdg.configFile."mbsync/postExec" = {
+ text = ''
+ #!${pkgs.stdenv.shell}
+
+ export NOTMUCH_CONFIG=${config.xdg.configHome}/notmuch/notmuchrc
+ export NMBGIT=${config.xdg.dataHome}/notmuch/nmbug
+
+ ${pkgs.notmuch}/bin/notmuch new
+ ${pkgs.afew}/bin/afew -C ${config.xdg.configHome}/notmuch/notmuchrc --tag --new -v
+ # Remove inbox (lower-case)
+ ${pkgs.notmuch}/bin/notmuch tag -inbox -- tag:inbox
+ # Remove Inbox tagged message that are not in an Inbox
+ ${pkgs.notmuch}/bin/notmuch tag -Inbox -- not folder:redhat/Inbox and not folder:perso/Inbox and tag:Inbox
+ ${pkgs.libnotify}/bin/notify-send "Mails synced 📬"
+ '';
+ executable = true;
+ };
+
+ home.file."bin/msync" = {
+ text = ''
+ #!${pkgs.stdenv.shell}
+ ${pkgs.libnotify}/bin/notify-send "Syncing mails 📫️"
+ systemctl --user start mbsync
+ '';
+ executable = true;
+ };
+
+ programs.mbsync.enable = true;
+ programs.notmuch.enable = true;
+
+ programs.afew = {
+ enable = true;
+ extraConfig = ''
+ [SpamFilter]
+ [KillThreadsFilter]
+ [ListMailsFilter]
+ [ArchiveSentMailsFilter]
+ [FolderNameFilter]
+ maildir_separator = /
+
+ [MailMover]
+ folders = perso/Inbox redhat/Inbox
+ rename = true
+
+ perso/Inbox = 'NOT tag:Inbox':"perso/[Gmail]/All Mail"
+ redhat/Inbox = 'NOT tag:Inbox':"redhat/[Gmail]/All Mail"
+ '';
+ };
+
+ programs.astroid = {
+ enable = false;
+ externalEditor = "emacsclient -c";
+ extraConfig = {
+ startup.queries.inbox = "tag:Inbox";
+ startup.queries.inbox_perso = "folder:perso/Inbox";
+ startup.queries.inbox_redhat = "folder:redhat/Inbox";
};
+ };
- programs.msmtp.enable = true;
+ })
- }
-
- (
- mkIf cfg.sync {
-
- services.mbsync = {
- enable = true;
- preExec = "${config.xdg.configHome}/mbsync/preExec";
- postExec = "${config.xdg.configHome}/mbsync/postExec";
- frequency = cfg.frequency;
- };
-
- xdg.configFile."mbsync/preExec" = {
- text = ''
- #!${pkgs.stdenv.shell}
-
- export NOTMUCH_CONFIG=${config.xdg.configHome}/notmuch/notmuchrc
- export NMBGIT=${config.xdg.dataHome}/notmuch/nmbug
-
- ${pkgs.coreutils}/bin/mkdir -p ${config.home.homeDirectory}/desktop/mails/redhat ${config.home.homeDirectory}/desktop/mails/perso
- ${pkgs.afew}/bin/afew -C ${config.xdg.configHome}/notmuch/notmuchrc -m -v || true
- '';
- executable = true;
- };
-
- xdg.configFile."mbsync/postExec" = {
- text = ''
- #!${pkgs.stdenv.shell}
-
- export NOTMUCH_CONFIG=${config.xdg.configHome}/notmuch/notmuchrc
- export NMBGIT=${config.xdg.dataHome}/notmuch/nmbug
-
- ${pkgs.notmuch}/bin/notmuch new
- ${pkgs.afew}/bin/afew -C ${config.xdg.configHome}/notmuch/notmuchrc --tag --new -v
- # Remove inbox (lower-case)
- ${pkgs.notmuch}/bin/notmuch tag -inbox -- tag:inbox
- # Remove Inbox tagged message that are not in an Inbox
- ${pkgs.notmuch}/bin/notmuch tag -Inbox -- not folder:redhat/Inbox and not folder:perso/Inbox and tag:Inbox
- ${pkgs.libnotify}/bin/notify-send "Mails synced 📬"
- '';
- executable = true;
- };
-
- home.file."bin/msync" = {
- text = ''
- #!${pkgs.stdenv.shell}
- ${pkgs.libnotify}/bin/notify-send "Syncing mails 📫️"
- systemctl --user start mbsync
- '';
- executable = true;
- };
-
- programs.mbsync.enable = true;
- programs.notmuch.enable = true;
-
- programs.afew = {
- enable = true;
- extraConfig = ''
- [SpamFilter]
- [KillThreadsFilter]
- [ListMailsFilter]
- [ArchiveSentMailsFilter]
- [FolderNameFilter]
- maildir_separator = /
-
- [MailMover]
- folders = perso/Inbox redhat/Inbox
- rename = true
-
- perso/Inbox = 'NOT tag:Inbox':"perso/[Gmail]/All Mail"
- redhat/Inbox = 'NOT tag:Inbox':"redhat/[Gmail]/All Mail"
- '';
- };
-
- programs.astroid = {
- enable = false;
- externalEditor = "emacsclient -c";
- extraConfig = {
- startup.queries.inbox = "tag:Inbox";
- startup.queries.inbox_perso = "folder:perso/Inbox";
- startup.queries.inbox_redhat = "folder:redhat/Inbox";
- };
- };
-
- }
- )
-
- ]
- );
+ ]);
}
users/root/default.nix
@@ -1,7 +1,17 @@
-{ config, lib, pkgs, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
let
- inherit (lib) lists attrsets mkIf optionals versionOlder importTOML;
+ inherit (lib)
+ mkIf
+ optionals
+ versionOlder
+ importTOML
+ ;
metadata = importTOML ../../ops/hosts.toml;
in
{
@@ -14,11 +24,16 @@ in
(import ../vincent/core/zsh.nix)
(import ../vincent/core/ssh.nix)
]
- ++ optionals (versionOlder config.system.nixos.release "21.11") [{
- # manpages are broken on 21.05 and home-manager (for some reason..)
- manual.manpages.enable = false;
- }] ++ [{
- home.stateVersion = "22.05";
- }]
+ ++ optionals (versionOlder config.system.nixos.release "21.11") [
+ {
+ # manpages are broken on 21.05 and home-manager (for some reason..)
+ manual.manpages.enable = false;
+ }
+ ]
+ ++ [
+ {
+ home.stateVersion = "22.05";
+ }
+ ]
);
}
users/vincent/containers/gcloud.nix
@@ -2,13 +2,14 @@
{
home.packages = with pkgs; [
- (google-cloud-sdk.withExtraComponents
- (with google-cloud-sdk.components; [
+ (google-cloud-sdk.withExtraComponents (
+ with google-cloud-sdk.components;
+ [
gke-gcloud-auth-plugin
gcloud-man-pages
cloud-run-proxy
terraform-tools
- ])
- )
+ ]
+ ))
];
}
users/vincent/containers/kubernetes.nix
@@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }:
+{ lib, pkgs, ... }:
with lib;
let
users/vincent/core/bash.nix
@@ -1,14 +1,22 @@
-{ config, lib, pkgs, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
let
shellConfig = import ./shell.nix { inherit config lib pkgs; };
in
{
programs.bash = {
enable = true;
- historyControl = [ "erasedups" "ignorespace" ];
+ historyControl = [
+ "erasedups"
+ "ignorespace"
+ ];
historyFile = "${config.xdg.dataHome}/bash_history";
historyFileSize = shellConfig.historySize;
- historySize = shellConfig.historySize;
+ inherit (shellConfig) historySize;
shellAliases = shellConfig.aliases;
};
}
users/vincent/core/default.nix
@@ -1,8 +1,5 @@
-{ lib, pkgs, nixosConfig, ... }:
+{ pkgs, ... }:
-let
- inherit (lib) versionOlder;
-in
{
imports = [
./bash.nix
users/vincent/core/git.nix
@@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
with lib;
let
@@ -215,7 +220,7 @@ in
"url \"git@github.com:\"".insteadOf = "git://github.com/";
};
- includes = [ ] ++ lists.forEach redhat_folders (x: {
+ includes = lists.forEach redhat_folders (x: {
path = "${config.xdg.configHome}/git/config.d/redhat.gitconfig";
condition = "gitdir:${config.home.homeDirectory}/${x}/**";
});
users/vincent/core/gpg.nix
@@ -1,4 +1,9 @@
-{ pkgs, lib, nixosConfig, ... }:
+{
+ pkgs,
+ lib,
+ nixosConfig,
+ ...
+}:
let
stable = lib.versionOlder nixosConfig.system.nixos.release "24.05";
@@ -14,15 +19,23 @@ in
};
};
services = {
- gpg-agent = {
- enable = true;
- # enableSshSupport = true;
- enableExtraSocket = true;
- # defaultCacheTtlSsh = 7200;
- } // (if stable then {
- pinentryFlavor = if (nixosConfig.modules.desktop.enable) then "gnome3" else "tty";
- } else {
- pinentryPackage = if (nixosConfig.modules.desktop.enable) then pkgs.pinentry-gnome3 else pkgs.pinentry-tty;
- });
+ gpg-agent =
+ {
+ enable = true;
+ # enableSshSupport = true;
+ enableExtraSocket = true;
+ # defaultCacheTtlSsh = 7200;
+ }
+ // (
+ if stable then
+ {
+ pinentryFlavor = if nixosConfig.modules.desktop.enable then "gnome3" else "tty";
+ }
+ else
+ {
+ pinentryPackage =
+ if nixosConfig.modules.desktop.enable then pkgs.pinentry-gnome3 else pkgs.pinentry-tty;
+ }
+ );
};
}
users/vincent/core/htop.nix
@@ -3,20 +3,29 @@
{
programs.htop = {
enable = true;
- settings = {
- delay = 10;
- } // (with config.lib.htop; leftMeters [
- (bar "AllCPUs2")
- (bar "Memory")
- (bar "Swap")
- ]) // (with config.lib.htop; rightMeters [
- (text "Clock")
- (text "Hostname")
- (text "Tasks")
- (text "LoadAverage")
- (text "Uptime")
- (text "Battery")
- (text "Systemd")
- ]);
+ settings =
+ {
+ delay = 10;
+ }
+ // (
+ with config.lib.htop;
+ leftMeters [
+ (bar "AllCPUs2")
+ (bar "Memory")
+ (bar "Swap")
+ ]
+ )
+ // (
+ with config.lib.htop;
+ rightMeters [
+ (text "Clock")
+ (text "Hostname")
+ (text "Tasks")
+ (text "LoadAverage")
+ (text "Uptime")
+ (text "Battery")
+ (text "Systemd")
+ ]
+ );
};
}
users/vincent/core/shell.nix
@@ -1,4 +1,5 @@
-{ config, ... }: {
+{ config, ... }:
+{
aliases = {
mkdir = ''mkdir --parents --verbose'';
rm = ''rm --interactive'';
users/vincent/core/ssh.nix
@@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
let
gpgRemoteForward = {
@@ -10,35 +15,40 @@ let
host.address = "/run/user/1000/gnupg/S.gpg-agent.ssh";
};
- inherit (lib) optionalAttrs importTOML hasAttr attrsets mkIf;
+ inherit (lib)
+ importTOML
+ hasAttr
+ attrsets
+ mkIf
+ ;
metadata = importTOML ../../../ops/hosts.toml;
- hasWireguard = name: value: hasAttr "wireguard" value;
- hasAddrs = name: value: hasAttr "addrs" value;
+ hasWireguard = _name: value: hasAttr "wireguard" value;
+ hasAddrs = _name: value: hasAttr "addrs" value;
hasSShAndRemoteForward = v: (hasAttr "ssh" v) && (hasAttr "gpgRemoteForward" v.ssh);
- hasCommand = v: hasAttr "command" v;
hostWireguardIP = v: "${v.wireguard.addrs.v4}";
hostIP = v: "${v.addrs.v4}";
- hostRemoteCommand = v: "${v.command}";
hostToSSHConfigItem = value: ipfn: {
hostname = ipfn value;
- remoteForwards = mkIf (hasSShAndRemoteForward value) [ gpgRemoteForward gpgSSHRemoteForward ];
+ remoteForwards = mkIf (hasSShAndRemoteForward value) [
+ gpgRemoteForward
+ gpgSSHRemoteForward
+ ];
# FIXME: need support for RemoteCommand in home-manager
# RemoteCommand = mkIf (hasCommand value) hostRemoteCommand value;
};
- hostToSSHConfig = suffix: ipfn:
- name: value: attrsets.nameValuePair
- (toString "${name}${suffix}")
- (hostToSSHConfigItem value ipfn);
+ hostToSSHConfig =
+ suffix: ipfn: name: value:
+ attrsets.nameValuePair (toString "${name}${suffix}") (hostToSSHConfigItem value ipfn);
- vpnConfig = attrsets.mapAttrs'
- (hostToSSHConfig "\.vpn" hostWireguardIP)
- (attrsets.filterAttrs hasWireguard metadata.hosts);
- homeConfig = attrsets.mapAttrs'
- (hostToSSHConfig "\.home" hostIP)
- (attrsets.filterAttrs hasAddrs metadata.hosts);
+ vpnConfig = attrsets.mapAttrs' (hostToSSHConfig "\.vpn" hostWireguardIP) (
+ attrsets.filterAttrs hasWireguard metadata.hosts
+ );
+ homeConfig = attrsets.mapAttrs' (hostToSSHConfig "\.home" hostIP) (
+ attrsets.filterAttrs hasAddrs metadata.hosts
+ );
in
{
home.packages = [
@@ -56,48 +66,51 @@ in
controlMaster = "auto";
controlPersist = "10m";
controlPath = "${config.home.homeDirectory}/.ssh/sockets/%u-%l-%r@%h:%p";
- matchBlocks = {
- "github.com" = {
- hostname = "github.com";
- user = "git";
- extraOptions = {
- controlMaster = "auto";
- controlPersist = "360";
+ matchBlocks =
+ {
+ "github.com" = {
+ hostname = "github.com";
+ user = "git";
+ extraOptions = {
+ controlMaster = "auto";
+ controlPersist = "360";
+ };
};
- };
- "gitlab.com" = {
- hostname = "gitlab.com";
- user = "git";
- extraOptions = {
- controlMaster = "auto";
- controlPersist = "360";
+ "gitlab.com" = {
+ hostname = "gitlab.com";
+ user = "git";
+ extraOptions = {
+ controlMaster = "auto";
+ controlPersist = "360";
+ };
};
- };
- "git.sr.ht" = {
- hostname = "git.sr.ht";
- user = "git";
- extraOptions = {
- controlMaster = "auto";
- controlPersist = "360";
+ "git.sr.ht" = {
+ hostname = "git.sr.ht";
+ user = "git";
+ extraOptions = {
+ controlMaster = "auto";
+ controlPersist = "360";
+ };
};
- };
- "*.redhat.com" = {
- user = "vdemeest";
- };
- "bootstrap.ospqa.com" = {
- forwardAgent = true;
- };
- "192.168.1.*" = {
- forwardAgent = true;
- extraOptions = {
- StrictHostKeyChecking = "no";
- UserKnownHostsFile = "/dev/null";
+ "*.redhat.com" = {
+ user = "vdemeest";
};
- };
- "10.100.0.*" = {
- forwardAgent = true;
- };
- } // homeConfig // vpnConfig;
+ "bootstrap.ospqa.com" = {
+ forwardAgent = true;
+ };
+ "192.168.1.*" = {
+ forwardAgent = true;
+ extraOptions = {
+ StrictHostKeyChecking = "no";
+ UserKnownHostsFile = "/dev/null";
+ };
+ };
+ "10.100.0.*" = {
+ forwardAgent = true;
+ };
+ }
+ // homeConfig
+ // vpnConfig;
extraConfig = ''
GlobalKnownHostsFile ~/.config/ssh/ssh_known_hosts ~/.config/ssh/ssh_known_hosts.redhat ~/.config/ssh/ssh_known_hosts.mutable
StrictHostKeyChecking yes
users/vincent/core/tmux.nix
@@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ config, ... }:
{
programs.tmux = {
users/vincent/core/zsh.nix
@@ -1,4 +1,10 @@
-{ config, lib, nixosConfig, pkgs, ... }:
+{
+ config,
+ lib,
+ nixosConfig,
+ pkgs,
+ ...
+}:
let
shellConfig = import ./shell.nix { inherit config lib pkgs; };
stable = lib.versionOlder nixosConfig.system.nixos.release "24.05";
@@ -12,169 +18,183 @@ in
home.file."${config.programs.zsh.dotDir}/completion.zsh".source = ./zsh/completion.zsh;
home.file."${config.programs.zsh.dotDir}/prompt.zsh".source = ./zsh/prompt.zsh;
home.file."${config.programs.zsh.dotDir}/functions/j".source = ./zsh/j;
- home.file."${config.programs.zsh.dotDir}/auto-expanding-aliases.zsh".source = ./zsh/auto-expanding-aliases.zsh;
+ home.file."${config.programs.zsh.dotDir}/auto-expanding-aliases.zsh".source =
+ ./zsh/auto-expanding-aliases.zsh;
programs = {
direnv.enableZshIntegration = true;
};
- programs.zsh = {
- enable = true;
- enableCompletion = true;
- autocd = true;
- dotDir = ".config/zsh";
- defaultKeymap = "emacs";
- history = {
- expireDuplicatesFirst = true;
- extended = true;
- ignoreDups = true;
- path = "${config.xdg.dataHome}/zsh_history";
- save = shellConfig.historySize;
- share = true;
- };
- envExtra = shellConfig.env;
- # TODO Extract this to files.
- initExtra = ''
- # c.f. https://wiki.gnupg.org/AgentForwarding
- # gpgconf --create-socketdir &!
- path+="$HOME/${config.programs.zsh.dotDir}/functions"
- fpath+="$HOME/.nix-profile/share/zsh/site-functions"
- fpath+="$HOME/${config.programs.zsh.dotDir}/functions"
- for func ($HOME/${config.programs.zsh.dotDir}/functions) autoload -U $func/*(x:t)
- autoload -Uz select-word-style; select-word-style bash
- if [ -e /home/vincent/.nix-profile/etc/profile.d/nix.sh ]; then . /home/vincent/.nix-profile/etc/profile.d/nix.sh; fi
- #if [ -n "$INSIDE_EMACS" ]; then
- # chpwd() { print -P "\033AnSiTc %d" }
- # print -P "\033AnSiTu %n"
- # print -P "\033AnSiTc %d"
- #fi
- if [[ "$TERM" == "dumb" || "$TERM" == "emacs" ]]
- then
- TERM=eterm-color
- unsetopt zle
- unsetopt prompt_cr
- unsetopt prompt_subst
- unfunction precmd
- unfunction preexec
- PS1='$ '
- return
- fi
- # eval "$(${config.programs.atuin.package}/bin/atuin init zsh)"
- # make sure navigation using emacs keybindings works on all non-alphanumerics
- # syntax highlighting
- source $HOME/${config.programs.zsh.dotDir}/plugins/zsh-nix-shell/nix-shell.plugin.zsh
- source ${pkgs.zsh-syntax-highlighting}/share/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh
- ZSH_HIGHLIGHT_PATTERNS+=('rm -rf *' 'fg=white,bold,bg=red')
- ZSH_HIGHLIGHT_PATTERNS+=('rm -fR *' 'fg=white,bold,bg=red')
- ZSH_HIGHLIGHT_PATTERNS+=('rm -fr *' 'fg=white,bold,bg=red')
- source $HOME/${config.programs.zsh.dotDir}/completion.zsh
- source $HOME/${config.programs.zsh.dotDir}/plugins/powerlevel10k/powerlevel10k.zsh-theme
- source $HOME/${config.programs.zsh.dotDir}/prompt.zsh
- source $HOME/${config.programs.zsh.dotDir}/plugins/kubectl-config-switcher/kubectl-config-switcher.plugin.zsh
- source $HOME/${config.programs.zsh.dotDir}/auto-expanding-aliases.zsh
- setopt HIST_IGNORE_SPACE
- alias -g L="|less"
- alias -g EEL=' 2>&1 | less'
- alias -g GB='`git rev-parse --abbrev-ref HEAD`'
- alias -g GR='`git rev-parse --show-toplevel`'
- alias -s {ape,avi,flv,m4a,mkv,mov,mp3,mp4,mpeg,mpg,ogg,ogm,wav,webm}=mpv
- alias -s org=emacs
- (( $+commands[jq] )) && alias -g MJ="| jq -C '.'" || alias -g MJ="| ${pkgs.python3}/bin/python -mjson.tool"
- (( $+functions[zshz] )) && compdef _zshz j
- [[ -n $INSIDE_EMACS ]] && \
- function ff () {
- print "\e]51;Efind-file $(readlink -f $1)\e\\"
- }
+ programs.zsh =
+ {
+ enable = true;
+ enableCompletion = true;
+ autocd = true;
+ dotDir = ".config/zsh";
+ defaultKeymap = "emacs";
+ history = {
+ expireDuplicatesFirst = true;
+ extended = true;
+ ignoreDups = true;
+ path = "${config.xdg.dataHome}/zsh_history";
+ save = shellConfig.historySize;
+ share = true;
+ };
+ envExtra = shellConfig.env;
+ # TODO Extract this to files.
+ initExtra = ''
+ # c.f. https://wiki.gnupg.org/AgentForwarding
+ # gpgconf --create-socketdir &!
+ path+="$HOME/${config.programs.zsh.dotDir}/functions"
+ fpath+="$HOME/.nix-profile/share/zsh/site-functions"
+ fpath+="$HOME/${config.programs.zsh.dotDir}/functions"
+ for func ($HOME/${config.programs.zsh.dotDir}/functions) autoload -U $func/*(x:t)
+ autoload -Uz select-word-style; select-word-style bash
+ if [ -e /home/vincent/.nix-profile/etc/profile.d/nix.sh ]; then . /home/vincent/.nix-profile/etc/profile.d/nix.sh; fi
+ #if [ -n "$INSIDE_EMACS" ]; then
+ # chpwd() { print -P "\033AnSiTc %d" }
+ # print -P "\033AnSiTu %n"
+ # print -P "\033AnSiTc %d"
+ #fi
+ if [[ "$TERM" == "dumb" || "$TERM" == "emacs" ]]
+ then
+ TERM=eterm-color
+ unsetopt zle
+ unsetopt prompt_cr
+ unsetopt prompt_subst
+ unfunction precmd
+ unfunction preexec
+ PS1='$ '
+ return
+ fi
+ # eval "$(${config.programs.atuin.package}/bin/atuin init zsh)"
+ # make sure navigation using emacs keybindings works on all non-alphanumerics
+ # syntax highlighting
+ source $HOME/${config.programs.zsh.dotDir}/plugins/zsh-nix-shell/nix-shell.plugin.zsh
+ source ${pkgs.zsh-syntax-highlighting}/share/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh
+ ZSH_HIGHLIGHT_PATTERNS+=('rm -rf *' 'fg=white,bold,bg=red')
+ ZSH_HIGHLIGHT_PATTERNS+=('rm -fR *' 'fg=white,bold,bg=red')
+ ZSH_HIGHLIGHT_PATTERNS+=('rm -fr *' 'fg=white,bold,bg=red')
+ source $HOME/${config.programs.zsh.dotDir}/completion.zsh
+ source $HOME/${config.programs.zsh.dotDir}/plugins/powerlevel10k/powerlevel10k.zsh-theme
+ source $HOME/${config.programs.zsh.dotDir}/prompt.zsh
+ source $HOME/${config.programs.zsh.dotDir}/plugins/kubectl-config-switcher/kubectl-config-switcher.plugin.zsh
+ source $HOME/${config.programs.zsh.dotDir}/auto-expanding-aliases.zsh
+ setopt HIST_IGNORE_SPACE
+ alias -g L="|less"
+ alias -g EEL=' 2>&1 | less'
+ alias -g GB='`git rev-parse --abbrev-ref HEAD`'
+ alias -g GR='`git rev-parse --show-toplevel`'
+ alias -s {ape,avi,flv,m4a,mkv,mov,mp3,mp4,mpeg,mpg,ogg,ogm,wav,webm}=mpv
+ alias -s org=emacs
+ (( $+commands[jq] )) && alias -g MJ="| jq -C '.'" || alias -g MJ="| ${pkgs.python3}/bin/python -mjson.tool"
+ (( $+functions[zshz] )) && compdef _zshz j
+ [[ -n $INSIDE_EMACS ]] && \
+ function ff () {
+ print "\e]51;Efind-file $(readlink -f $1)\e\\"
+ }
- export _Z_DATA="${config.xdg.dataHome}/z"
+ export _Z_DATA="${config.xdg.dataHome}/z"
- [ -n "$EAT_SHELL_INTEGRATION_DIR" ] && \
- source "$EAT_SHELL_INTEGRATION_DIR/zsh"
- '';
- loginExtra = ''
- if [[ -z $DISPLAY && $TTY = /dev/tty1 ]]; then
- exec dbus-run-session sway
- fi
- '';
- profileExtra = ''
- if [ -e /home/vincent/.nix-profile/etc/profile.d/nix.sh ]; then . /home/vincent/.nix-profile/etc/profile.d/nix.sh; fi
- '';
- localVariables = {
- EMOJI_CLI_KEYBIND = "^n";
- EMOJI_CLI_USE_EMOJI = "yes";
- ZSH_HIGHLIGHT_HIGHLIGHTERS = [ "main" "brackets" "pattern" ];
- };
- sessionVariables = { RPROMPT = ""; };
- plugins = [
- {
- name = "kubectl-config-switcher";
- src = pkgs.fetchFromGitHub {
- owner = "chmouel";
- repo = "kubectl-config-switcher";
- rev = "faccc5d3c1f98170c38d3889f50fe74f3f6fe2cc";
- sha256 = "sha256-BOMvC/r6uN9Hewp8OxPIp38+V9Usp6XbMvNoDim0qmc=";
- };
- }
- {
- name = "emoji-cli";
- src = pkgs.fetchFromGitHub {
- owner = "b4b4r07";
- repo = "emoji-cli";
- rev = "0fbb2e48e07218c5a2776100a4c708b21cb06688";
- sha256 = "sha256-ii7RDTK/m+IqK7N+Xb6cEbziLPUQh7ZsbvQiX56F0sE=";
- };
- }
- {
- name = "zsh-z";
- src = pkgs.fetchFromGitHub {
- owner = "agkozak";
- repo = "zsh-z";
- rev = "aaafebcd97424c570ee247e2aeb3da30444299cd";
- sha256 = "sha256-9Wr4uZLk2CvINJilg4o72x0NEAl043lP30D3YnHk+ZA=";
- };
- }
- {
- name = "async";
- src = pkgs.fetchFromGitHub {
- owner = "mafredri";
- repo = "zsh-async";
- rev = "v1.8.5";
- sha256 = "sha256-mpXT3Hoz0ptVOgFMBCuJa0EPkqP4wZLvr81+1uHDlCc=";
- };
- }
- {
- name = "zsh-completions";
- src = pkgs.fetchFromGitHub {
- owner = "zsh-users";
- repo = "zsh-completions";
- rev = "0.34.0";
- sha256 = "sha256-qSobM4PRXjfsvoXY6ENqJGI9NEAaFFzlij6MPeTfT0o=";
- };
- }
- {
- name = "powerlevel10k";
- src = pkgs.fetchFromGitHub {
- owner = "romkatv";
- repo = "powerlevel10k";
- rev = "v1.16.1";
- sha256 = "sha256-DLiKH12oqaaVChRqY0Q5oxVjziZdW/PfnRW1fCSCbjo=";
- };
- }
- {
- name = "zsh-nix-shell";
- src = pkgs.fetchFromGitHub {
- owner = "chisui";
- repo = "zsh-nix-shell";
- rev = "v0.5.0";
- sha256 = "sha256-IT3wpfw8zhiNQsrw59lbSWYh0NQ1CUdUtFzRzHlURH0=";
- };
- }
- ];
- shellAliases = shellConfig.aliases;
- } // (if stable then {
- enableAutosuggestions = true;
- } else {
- autosuggestion.enable = true;
- });
+ [ -n "$EAT_SHELL_INTEGRATION_DIR" ] && \
+ source "$EAT_SHELL_INTEGRATION_DIR/zsh"
+ '';
+ loginExtra = ''
+ if [[ -z $DISPLAY && $TTY = /dev/tty1 ]]; then
+ exec dbus-run-session sway
+ fi
+ '';
+ profileExtra = ''
+ if [ -e /home/vincent/.nix-profile/etc/profile.d/nix.sh ]; then . /home/vincent/.nix-profile/etc/profile.d/nix.sh; fi
+ '';
+ localVariables = {
+ EMOJI_CLI_KEYBIND = "^n";
+ EMOJI_CLI_USE_EMOJI = "yes";
+ ZSH_HIGHLIGHT_HIGHLIGHTERS = [
+ "main"
+ "brackets"
+ "pattern"
+ ];
+ };
+ sessionVariables = {
+ RPROMPT = "";
+ };
+ plugins = [
+ {
+ name = "kubectl-config-switcher";
+ src = pkgs.fetchFromGitHub {
+ owner = "chmouel";
+ repo = "kubectl-config-switcher";
+ rev = "faccc5d3c1f98170c38d3889f50fe74f3f6fe2cc";
+ sha256 = "sha256-BOMvC/r6uN9Hewp8OxPIp38+V9Usp6XbMvNoDim0qmc=";
+ };
+ }
+ {
+ name = "emoji-cli";
+ src = pkgs.fetchFromGitHub {
+ owner = "b4b4r07";
+ repo = "emoji-cli";
+ rev = "0fbb2e48e07218c5a2776100a4c708b21cb06688";
+ sha256 = "sha256-ii7RDTK/m+IqK7N+Xb6cEbziLPUQh7ZsbvQiX56F0sE=";
+ };
+ }
+ {
+ name = "zsh-z";
+ src = pkgs.fetchFromGitHub {
+ owner = "agkozak";
+ repo = "zsh-z";
+ rev = "aaafebcd97424c570ee247e2aeb3da30444299cd";
+ sha256 = "sha256-9Wr4uZLk2CvINJilg4o72x0NEAl043lP30D3YnHk+ZA=";
+ };
+ }
+ {
+ name = "async";
+ src = pkgs.fetchFromGitHub {
+ owner = "mafredri";
+ repo = "zsh-async";
+ rev = "v1.8.5";
+ sha256 = "sha256-mpXT3Hoz0ptVOgFMBCuJa0EPkqP4wZLvr81+1uHDlCc=";
+ };
+ }
+ {
+ name = "zsh-completions";
+ src = pkgs.fetchFromGitHub {
+ owner = "zsh-users";
+ repo = "zsh-completions";
+ rev = "0.34.0";
+ sha256 = "sha256-qSobM4PRXjfsvoXY6ENqJGI9NEAaFFzlij6MPeTfT0o=";
+ };
+ }
+ {
+ name = "powerlevel10k";
+ src = pkgs.fetchFromGitHub {
+ owner = "romkatv";
+ repo = "powerlevel10k";
+ rev = "v1.16.1";
+ sha256 = "sha256-DLiKH12oqaaVChRqY0Q5oxVjziZdW/PfnRW1fCSCbjo=";
+ };
+ }
+ {
+ name = "zsh-nix-shell";
+ src = pkgs.fetchFromGitHub {
+ owner = "chisui";
+ repo = "zsh-nix-shell";
+ rev = "v0.5.0";
+ sha256 = "sha256-IT3wpfw8zhiNQsrw59lbSWYh0NQ1CUdUtFzRzHlURH0=";
+ };
+ }
+ ];
+ shellAliases = shellConfig.aliases;
+ }
+ // (
+ if stable then
+ {
+ enableAutosuggestions = true;
+ }
+ else
+ {
+ autosuggestion.enable = true;
+ }
+ );
}
users/vincent/desktop/audio.nix
@@ -1,4 +1,9 @@
-{ config, nixosConfig, lib, pkgs, ... }:
+{
+ nixosConfig,
+ lib,
+ pkgs,
+ ...
+}:
{
home.packages = with pkgs; [
users/vincent/desktop/default.nix
@@ -1,22 +1,29 @@
-{ config, lib, pkgs, nixosConfig, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ nixosConfig,
+ ...
+}:
let
inherit (lib) optionals;
in
{
- imports = [
- ./audio.nix
- ./finances.nix
- ./firefox.nix
- ./gtk.nix
- ./keyboard.nix
- ./mpv.nix
- ./passwordstore.nix
- ./spotify.nix
- ]
- ++ optionals nixosConfig.modules.desktop.xorg.enable [ ./xorg.nix ]
- ++ optionals nixosConfig.modules.desktop.wayland.enable [ ./wayland.nix ]
- ++ optionals nixosConfig.modules.desktop.wayland.sway.enable [ ./sway.nix ];
+ imports =
+ [
+ ./audio.nix
+ ./finances.nix
+ ./firefox.nix
+ ./gtk.nix
+ ./keyboard.nix
+ ./mpv.nix
+ ./passwordstore.nix
+ ./spotify.nix
+ ]
+ ++ optionals nixosConfig.modules.desktop.xorg.enable [ ./xorg.nix ]
+ ++ optionals nixosConfig.modules.desktop.wayland.enable [ ./wayland.nix ]
+ ++ optionals nixosConfig.modules.desktop.wayland.sway.enable [ ./sway.nix ];
home.sessionVariables = {
WEBKIT_DISABLE_COMPOSITING_MODE = 1;
@@ -73,8 +80,15 @@ in
genericName = "Web Browser";
exec = "firefox %U";
terminal = false;
- categories = [ "Application" "Network" "WebBrowser" ];
- mimeType = [ "text/html" "text/xml" ];
+ categories = [
+ "Application"
+ "Network"
+ "WebBrowser"
+ ];
+ mimeType = [
+ "text/html"
+ "text/xml"
+ ];
};
home.file.".XCompose".source = ./xorg/XCompose;
xdg.configFile."xorg/emoji.compose".source = ./xorg/emoji.compose;
users/vincent/desktop/firefox.nix
@@ -24,7 +24,7 @@
};
};
};
-
+
profiles.default = {
id = 0;
isDefault = true;
users/vincent/desktop/i3.nix
@@ -1,4 +1,9 @@
-{ config, nixosConfig, lib, pkgs, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
with lib;
let
@@ -26,7 +31,9 @@ in
# ./dconf.nix
./xsession.nix
];
- home.sessionVariables = { WEBKIT_DISABLE_COMPOSITING_MODE = 1; };
+ home.sessionVariables = {
+ WEBKIT_DISABLE_COMPOSITING_MODE = 1;
+ };
home.packages = with pkgs; [
alacritty
kitty
@@ -112,7 +119,13 @@ in
};
programs.rofi = {
enable = true;
- package = pkgs.rofi.override { plugins = [ pkgs.rofi-emoji pkgs.rofi-menugen pkgs.rofi-mpd ]; };
+ package = pkgs.rofi.override {
+ plugins = [
+ pkgs.rofi-emoji
+ pkgs.rofi-menugen
+ pkgs.rofi-mpd
+ ];
+ };
font = "Ubuntu Mono 14";
terminal = "${pkgs.kitty}/bin/kitty";
theme = "slate";
@@ -212,9 +225,12 @@ in
};
keycodebindings = {
"Mod4+Shift+24" = "kill";
- "Mod4+33" = "exec \"rofi -show drun -modi 'drun,run,window,ssh' -kb-row-select 'Tab' -kb-row-tab '' -location 2 -hide-scrollbar -separator-style solid -font 'Ubuntu Mono 14'";
- "Mod4+Shift+33" = "exec \"rofi -show combi -modi 'drun,run,window,ssh,combi' -kb-row-select 'Tab' -kb-row-tab '' -location 2 -hide-scrollbar -separator-style solid -font 'Ubuntu Mono 14'";
- "Mod4+Control+33" = "exec \"rofi -show emoji -modi emoji -location 2 -hide-scrollbar -separator-style solid -font 'Ubuntu Mono 14'|pbcopy";
+ "Mod4+33" =
+ "exec \"rofi -show drun -modi 'drun,run,window,ssh' -kb-row-select 'Tab' -kb-row-tab '' -location 2 -hide-scrollbar -separator-style solid -font 'Ubuntu Mono 14'";
+ "Mod4+Shift+33" =
+ "exec \"rofi -show combi -modi 'drun,run,window,ssh,combi' -kb-row-select 'Tab' -kb-row-tab '' -location 2 -hide-scrollbar -separator-style solid -font 'Ubuntu Mono 14'";
+ "Mod4+Control+33" =
+ "exec \"rofi -show emoji -modi emoji -location 2 -hide-scrollbar -separator-style solid -font 'Ubuntu Mono 14'|pbcopy";
# "Mod4+space" = "";
# focus window
"Mod4+44" = "focus left";
users/vincent/desktop/keyboard.nix
@@ -2,6 +2,10 @@
home.keyboard = {
layout = "fr(bepo),fr";
variant = "oss";
- options = [ "grp:menu_toggle" "grp_led:caps" "compose:caps" ];
+ options = [
+ "grp:menu_toggle"
+ "grp_led:caps"
+ "compose:caps"
+ ];
};
}
users/vincent/desktop/passwordstore.nix
@@ -8,7 +8,11 @@
# TODO Migrate to passage
programs.password-store = {
enable = true;
- package = pkgs.pass-wayland.withExtensions (exts: [ exts.pass-otp exts.pass-genphrase exts.pass-update ]);
+ package = pkgs.pass-wayland.withExtensions (exts: [
+ exts.pass-otp
+ exts.pass-genphrase
+ exts.pass-update
+ ]);
};
home.packages = with pkgs; [
wofi-pass
users/vincent/desktop/sway.nix
@@ -1,4 +1,4 @@
-{ config, nixosConfig, lib, pkgs, ... }:
+{ config, pkgs, ... }:
let
emacs-in-folder = pkgs.writeScript "emacs-in-folder" ''
@@ -72,7 +72,7 @@ in
keybindings =
let
mod = config.wayland.windowManager.sway.config.modifier;
- inherit (config.wayland.windowManager.sway.config) left down up right menu terminal;
+ inherit (config.wayland.windowManager.sway.config) terminal;
in
{
"${mod}+Return" = "exec ${terminal}";
@@ -138,34 +138,52 @@ in
};
}
{
- criteria = { title = "Save File"; };
+ criteria = {
+ title = "Save File";
+ };
command = "floating enable, resize set width 600px height 800px";
}
{
- criteria = { class = "pavucontrol"; };
+ criteria = {
+ class = "pavucontrol";
+ };
command = "floating enable";
}
{
- criteria = { title = "(Sharing Indicator)"; };
+ criteria = {
+ title = "(Sharing Indicator)";
+ };
command = "inhibit_idle visible, floating enable";
}
{
# browser zoom|meet|bluejeans
- criteria = { title = "(Blue Jeans)|(Meet)|(Zoom Meeting)"; };
+ criteria = {
+ title = "(Blue Jeans)|(Meet)|(Zoom Meeting)";
+ };
command = "inhibit_idle visible";
}
# for_window [app_id="^chrome-.*"] shortcuts_inhibitor disable
{
- criteria = { app_id = "^chrome-.*"; };
+ criteria = {
+ app_id = "^chrome-.*";
+ };
command = "shortcuts_inhibitor disable";
}
];
startup = [
- { command = "dbus-update-activation-environment --systemd WAYLAND_DISPLAY DISPLAY DBUS_SESSION_BUS_ADDRESS SWAYSOCK XDG_SESSION_TYPE XDG_SESSION_DESKTOP XDG_CURRENT_DESKTOP"; } #workaround
+ {
+ command = "dbus-update-activation-environment --systemd WAYLAND_DISPLAY DISPLAY DBUS_SESSION_BUS_ADDRESS SWAYSOCK XDG_SESSION_TYPE XDG_SESSION_DESKTOP XDG_CURRENT_DESKTOP";
+ } # workaround
# Make sure we update systemd service env variables with the current ones. This is required for dbus to work properly.
{ command = "dbus-update-activation-environment --systemd --all"; }
- { command = "systemctl --user restart kanshi"; always = true; }
- { command = "${pkgs.pa-notify}/bin/pa-notify -u0"; always = true; }
+ {
+ command = "systemctl --user restart kanshi";
+ always = true;
+ }
+ {
+ command = "${pkgs.pa-notify}/bin/pa-notify -u0";
+ always = true;
+ }
# Probably put a condition here.
{ command = "emacs --fg-daemon"; }
{ command = "i3-back"; }
@@ -176,7 +194,7 @@ in
extraConfig =
let
mod = config.wayland.windowManager.sway.config.modifier;
- inherit (config.wayland.windowManager.sway.config) left down up right menu terminal;
+ inherit (config.wayland.windowManager.sway.config) menu;
in
''
bindcode ${mod}+33 exec "${menu}"
@@ -282,4 +300,3 @@ in
];
}
-
users/vincent/desktop/wayland.nix
@@ -1,4 +1,9 @@
-{ config, lib, pkgs, nixosConfig, ... }:
+{
+ lib,
+ pkgs,
+ nixosConfig,
+ ...
+}:
{
home.pointerCursor = {
@@ -40,7 +45,7 @@
"shift+down" = "neighboring_window down";
};
theme = "Tango Light";
- # action_alias mkh kitten hints --alphabet asdfghjklqwertyuiopzxcvbnmASDFGHJKLQWERTYUIOPZXCVBNM
+ # action_alias mkh kitten hints --alphabet asdfghjklqwertyuiopzxcvbnmASDFGHJKLQWERTYUIOPZXCVBNM
# map kitty_mod+n mkh --type=linenum emacsclient -c -nw +{line} {path}
};
};
@@ -62,15 +67,30 @@
{
profile.name = "aomi";
profile.outputs = [
- { criteria = "eDP-1"; status = "disable"; }
- { criteria = "DP-1"; status = "enable"; position = "0,0"; mode = "3440x1440"; scale = 1.0; }
+ {
+ criteria = "eDP-1";
+ status = "disable";
+ }
+ {
+ criteria = "DP-1";
+ status = "enable";
+ position = "0,0";
+ mode = "3440x1440";
+ scale = 1.0;
+ }
];
}
{
profile.name = "home-undocked";
profile.outputs = [
# Output eDP-1 'AU Optronics 0xD291 Unknown'
- { criteria = "eDP-1"; status = "enable"; position = "0,0"; mode = "1920x1200"; scale = 1.0; }
+ {
+ criteria = "eDP-1";
+ status = "enable";
+ position = "0,0";
+ mode = "1920x1200";
+ scale = 1.0;
+ }
];
}
{
@@ -80,9 +100,21 @@
# Output eDP-1 'Unknown 0xD291 Unknown'
# Output DP-5 'LG Electronics LG ULTRAWIDE 0x0005D10C' (focused)
# { criteria = "LG Electronics LG ULTRAWIDE 0x0000D50C"; status = "enable"; position = "0,0"; mode = "3440x1440"; scale = 1.0; }
- { criteria = "DP-5"; status = "enable"; position = "0,0"; mode = "3440x1440"; scale = 1.0; }
+ {
+ criteria = "DP-5";
+ status = "enable";
+ position = "0,0";
+ mode = "3440x1440";
+ scale = 1.0;
+ }
# Use it as a "shareable" screen when needed
- { criteria = "eDP-1"; status = "enable"; position = "1460,1440"; mode = "1920x1200"; scale = 1.0; }
+ {
+ criteria = "eDP-1";
+ status = "enable";
+ position = "1460,1440";
+ mode = "1920x1200";
+ scale = 1.0;
+ }
];
}
];
@@ -147,8 +179,14 @@
swayidle = {
enable = true;
events = [
- { event = "before-sleep"; command = "${pkgs.swaylock}/bin/swaylock --daemonize -i $HOME/desktop/pictures/lockscreen"; }
- { event = "lock"; command = "${pkgs.swaylock}/bin/swaylock --daemonize -i $HOME/desktop/pictures/lockscreen"; }
+ {
+ event = "before-sleep";
+ command = "${pkgs.swaylock}/bin/swaylock --daemonize -i $HOME/desktop/pictures/lockscreen";
+ }
+ {
+ event = "lock";
+ command = "${pkgs.swaylock}/bin/swaylock --daemonize -i $HOME/desktop/pictures/lockscreen";
+ }
];
timeouts = [
{
users/vincent/desktop/xorg.nix
@@ -1,4 +1,4 @@
-{ config, lib, pkgs, nixosConfig, ... }:
+{ nixosConfig, ... }:
{
# home.file.".Xmodmap".source = ./xorg/Xmodmap;
users/vincent/dev/default.nix
@@ -11,7 +11,11 @@
./python.nix
];
- home.extraOutputsToInstall = [ "doc" "info" "devdoc" ];
+ home.extraOutputsToInstall = [
+ "doc"
+ "info"
+ "devdoc"
+ ];
home.sessionVariables = {
CARGO_HOME = "${config.xdg.dataHome}/cargo";
users/vincent/dev/emacs.nix
@@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
with lib;
let
@@ -14,145 +19,146 @@ let
#!${pkgs.stdenv.shell}
emacsclient --create-frame $@
'';
- myExtraPackages = epkgs: with epkgs; [
- ace-window
- adoc-mode
- age
- aggressive-indent
- aidermacs
- alert
- async
- avy
- beginend
- cape
- casual
- casual-avy
- conner
- consult
- consult-dir
- consult-denote
- consult-notes
- consult-project-extra
- consult-vc-modified-files
- copilot
- copilot-chat
- corfu
- corfu-candidate-overlay
- dape
- dash
- denote
- denote-menu
- devdocs
- dired-collapse
- dired-narrow
- dired-rsync
- diredfl
- dockerfile-mode
- doom-modeline
- easy-kill
- eat
- edit-indirect
- editorconfig
- eldoc-box
- pr-review
- embark
- embark-consult
- emms
- envrc
- eshell-atuin
- eshell-prompt-extras
- esup
- flimenu
- flymake-yamllint
- focus
- general
- git-gutter
- git-gutter-fringe
- git-modes
- go-mode
- gotest
- gotest-ts
- gptel
- hardhat
- helpful
- highlight
- highlight-indentation
- htmlize
- ibuffer-vc
- indent-bars
- jinx
- json-mode
- kubed
- ligature
- macrostep
- magit
- magit-popup
- marginalia
- markdown-mode
- minions
- modus-themes
- multi-vterm
- mu4e
- mwim
- nix-mode
- nix-ts-mode
- nixpkgs-fmt
- no-littering
- noether
- # notmuch
- ob-async
- ob-go
- ob-http
- orderless # TODO configure this
- org
- org-contrib
- org-download
- org-modern
- org-nix-shell
- org-ql
- org-review
- org-rich-yank
- org-tree-slide
- org-web-tools
- orgalist
- orgit
- outline-indent
- ox-pandoc
- pandoc-mode
- # password-store
- # pkgs.bookmatrk-plus # Do I use it ?
- popper
- project-rootfile
- rg
- run-command # Try this out instead of conner, might be even better
- scopeline
- scratch
- shr-tag-pre-highlight
- sideline
- sideline-eglot
- sideline-flymake
- smartparens
- substitute
- surround
- symbol-overlay
- tempel
- tempel-collection
- topsy
- trashed
- treesit-fold
- treesit-grammars.with-all-grammars # see how much it weight
- try
- typescript-mode
- vertico
- visual-fill-column
- visual-regexp
- vterm
- vundo
- web-mode
- wgrep
- with-editor
- xterm-color
- ];
+ myExtraPackages =
+ epkgs: with epkgs; [
+ ace-window
+ adoc-mode
+ age
+ aggressive-indent
+ aidermacs
+ alert
+ async
+ avy
+ beginend
+ cape
+ casual
+ casual-avy
+ conner
+ consult
+ consult-dir
+ consult-denote
+ consult-notes
+ consult-project-extra
+ consult-vc-modified-files
+ copilot
+ copilot-chat
+ corfu
+ corfu-candidate-overlay
+ dape
+ dash
+ denote
+ denote-menu
+ devdocs
+ dired-collapse
+ dired-narrow
+ dired-rsync
+ diredfl
+ dockerfile-mode
+ doom-modeline
+ easy-kill
+ eat
+ edit-indirect
+ editorconfig
+ eldoc-box
+ pr-review
+ embark
+ embark-consult
+ emms
+ envrc
+ eshell-atuin
+ eshell-prompt-extras
+ esup
+ flimenu
+ flymake-yamllint
+ focus
+ general
+ git-gutter
+ git-gutter-fringe
+ git-modes
+ go-mode
+ gotest
+ gotest-ts
+ gptel
+ hardhat
+ helpful
+ highlight
+ highlight-indentation
+ htmlize
+ ibuffer-vc
+ indent-bars
+ jinx
+ json-mode
+ kubed
+ ligature
+ macrostep
+ magit
+ magit-popup
+ marginalia
+ markdown-mode
+ minions
+ modus-themes
+ multi-vterm
+ mu4e
+ mwim
+ nix-mode
+ nix-ts-mode
+ nixpkgs-fmt
+ no-littering
+ noether
+ # notmuch
+ ob-async
+ ob-go
+ ob-http
+ orderless # TODO configure this
+ org
+ org-contrib
+ org-download
+ org-modern
+ org-nix-shell
+ org-ql
+ org-review
+ org-rich-yank
+ org-tree-slide
+ org-web-tools
+ orgalist
+ orgit
+ outline-indent
+ ox-pandoc
+ pandoc-mode
+ # password-store
+ # pkgs.bookmatrk-plus # Do I use it ?
+ popper
+ project-rootfile
+ rg
+ run-command # Try this out instead of conner, might be even better
+ scopeline
+ scratch
+ shr-tag-pre-highlight
+ sideline
+ sideline-eglot
+ sideline-flymake
+ smartparens
+ substitute
+ surround
+ symbol-overlay
+ tempel
+ tempel-collection
+ topsy
+ trashed
+ treesit-fold
+ treesit-grammars.with-all-grammars # see how much it weight
+ try
+ typescript-mode
+ vertico
+ visual-fill-column
+ visual-regexp
+ vterm
+ vundo
+ web-mode
+ wgrep
+ with-editor
+ xterm-color
+ ];
in
{
home.file.".config/emacs" = {
@@ -182,7 +188,14 @@ in
enable = true;
# FIXME: choose depending on the enabled modules
#package = (pkgs.emacs29.override { withTreeSitter = true; withNativeCompilation = true; withPgtk = true; withWebP = true; withGTK3 = true; withSQLite3 = true; });
- package = (pkgs.emacs-unstable.override { withTreeSitter = true; withNativeCompilation = true; withPgtk = true; withWebP = true; withGTK3 = true; withSQLite3 = true; });
+ package = pkgs.emacs-unstable.override {
+ withTreeSitter = true;
+ withNativeCompilation = true;
+ withPgtk = true;
+ withWebP = true;
+ withGTK3 = true;
+ withSQLite3 = true;
+ };
extraPackages = myExtraPackages;
};
# services.emacs = {
users/vincent/dev/js.nix
@@ -15,4 +15,3 @@
# vscode-langservers-extracted
];
}
-
users/vincent/dev/mr.nix
@@ -1,4 +1,4 @@
-{ pkgs, ... }:
+_:
{
xdg.configFile."mr".source = ./mr/lib.mr;
users/vincent/dev/python.nix
@@ -12,5 +12,3 @@
PYTHONSTARTUP = "${config.xdg.configHome}/python/pythonrc";
};
}
-
-
users/vincent/mails/default.nix
@@ -1,7 +1,4 @@
-{ hostname, pkgs, ... }:
-let
- sync = (hostname == "aomi");
-in
+{ pkgs, ... }:
{
imports = [ ../../modules ];
# profiles.mails = {
users/vincent/default.nix
@@ -1,25 +1,45 @@
-{ config, lib, pkgs, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
let
- inherit (lib) importTOML attrsets hasAttr optionals versionAtLeast mkIf;
+ inherit (lib)
+ importTOML
+ attrsets
+ hasAttr
+ optionals
+ versionAtLeast
+ mkIf
+ ;
metadata = importTOML ../../ops/hosts.toml;
- hasSSHAttr = name: value: hasAttr "ssh" value;
- authorizedKeys = attrsets.mapAttrsToList
- (name: value: value.ssh.pubkey)
- (attrsets.filterAttrs hasSSHAttr metadata.hosts);
-
- hasConfigVirtualizationContainers = builtins.hasAttr "containers" config.virtualisation;
- isContainersEnabled = if hasConfigVirtualizationContainers then config.virtualisation.containers.enable else false;
+ hasSSHAttr = _name: value: hasAttr "ssh" value;
+ authorizedKeys = attrsets.mapAttrsToList (_name: value: value.ssh.pubkey) (
+ attrsets.filterAttrs hasSSHAttr metadata.hosts
+ );
in
{
- warnings = if (versionAtLeast config.system.nixos.release "21.11") then [ ] else [ "NixOS release: ${config.system.nixos.release}" ];
+ warnings =
+ if (versionAtLeast config.system.nixos.release "21.11") then
+ [ ]
+ else
+ [ "NixOS release: ${config.system.nixos.release}" ];
users.users.vincent = {
createHome = true;
uid = 1000;
description = "Vincent Demeester";
- extraGroups = [ "wheel" "input" ]
+ extraGroups =
+ [
+ "wheel"
+ "input"
+ ]
++ optionals config.networking.networkmanager.enable [ "networkmanager" ]
- ++ optionals config.modules.desktop.enable [ "audio" "video" ]
+ ++ optionals config.modules.desktop.enable [
+ "audio"
+ "video"
+ ]
# ++ optionals config.profiles.scanning.enable [ "lp" "scanner" ]
++ optionals config.networking.networkmanager.enable [ "networkmanager" ]
++ optionals config.virtualisation.docker.enable [ "docker" ]
@@ -29,12 +49,20 @@ in
++ optionals config.security.tpm2.enable [ "tss" ];
shell = mkIf config.programs.zsh.enable pkgs.zsh;
isNormalUser = true;
- openssh.authorizedKeys.keys = authorizedKeys
- ++ metadata.ssh.keys.vincent
- ++ metadata.ssh.keys.root;
+ openssh.authorizedKeys.keys = authorizedKeys ++ metadata.ssh.keys.vincent ++ metadata.ssh.keys.root;
initialPassword = "changeMe";
- subUidRanges = [{ startUid = 100000; count = 65536; }];
- subGidRanges = [{ startGid = 100000; count = 65536; }];
+ subUidRanges = [
+ {
+ startUid = 100000;
+ count = 65536;
+ }
+ ];
+ subGidRanges = [
+ {
+ startGid = 100000;
+ count = 65536;
+ }
+ ];
};
nix = {
@@ -48,7 +76,12 @@ in
pam = {
# Nix will hit the stack limit when using `nixFlakes`.
loginLimits = [
- { domain = config.users.users.vincent.name; item = "stack"; type = "-"; value = "unlimited"; }
+ {
+ domain = config.users.users.vincent.name;
+ item = "stack";
+ type = "-";
+ value = "unlimited";
+ }
];
};
};
@@ -64,167 +97,185 @@ in
# FIXME(vdemeester) using nixosConfig, we can get the NixOS configuration from
# the home-manager configuration. This should help play around the conditions
# inside each "home-manager" modules instead of here.
- home-manager.users.vincent = lib.mkMerge
- (
- [
- (import ./core)
- (import ./mails { hostname = config.networking.hostName; pkgs = pkgs; })
- ]
- ++ optionals config.modules.editors.emacs.enable [
- (import ./dev/emacs.nix)
- ]
- ++ optionals config.modules.dev.enable [
- (import ./dev)
- # TODO Move it elsewhere ?
- (import ./containers/kubernetes.nix)
- (import ./containers/openshift.nix)
- (import ./containers/tekton.nix)
- {
- # Enable only on dev, could do something better than this longterm 😀
- services.keybase.enable = true;
- }
- ]
- ++ optionals config.modules.dev.containers.enable [
- (import ./containers)
- ]
- ++ optionals config.modules.desktop.enable [ (import ./desktop) ]
- ++ optionals (config.networking.hostName == "wakasu" || config.networking.hostName == "aomi") [
- {
- # Move this to its own module
- home.packages = with pkgs; [
- libosinfo
- asciinema
- oathToolkit
- p7zip
- ];
- home.file."bin/msmtp" = {
- text = ''
- #!${pkgs.stdenv.shell}
- ${pkgs.libnotify}/bin/notify-send "Sending mail ✉️"
- ${pkgs.msmtp}/bin/msmtp --read-envelope-from $@
- '';
- executable = true;
- };
- programs.mbsync.enable = true;
- # programs.lieer.enable = true;
- programs.aerc.enable = true;
- programs.msmtp.enable = true;
- programs.mu.enable = true;
- # programs.notmuch.enable = true;
- accounts.email = {
- maildirBasePath = "desktop/mails";
- accounts = {
- "icloud" = {
- primary = true;
- address = "vincent@demeester.fr";
- userName = "vdemeester@icloud.com";
- realName = "Vincent Demeester";
- passwordCommand = "${pkgs.passage}/bin/passage show mails/icloud/vdemeester";
- imap.host = "imap.mail.me.com";
- smtp.host = "smtp.mail.me.com";
- smtp.port = 587;
- mbsync = {
- enable = true;
- create = "both";
- expunge = "both";
- extraConfig = {
- channel = {
- Sync = "All";
- };
- account = {
- Timeout = 120;
- PipelineDepth = 1;
- };
+ home-manager.users.vincent = lib.mkMerge (
+ [
+ (import ./core)
+ (import ./mails {
+ hostname = config.networking.hostName;
+ inherit pkgs;
+ })
+ ]
+ ++ optionals config.modules.editors.emacs.enable [
+ (import ./dev/emacs.nix)
+ ]
+ ++ optionals config.modules.dev.enable [
+ (import ./dev)
+ # TODO Move it elsewhere ?
+ (import ./containers/kubernetes.nix)
+ (import ./containers/openshift.nix)
+ (import ./containers/tekton.nix)
+ {
+ # Enable only on dev, could do something better than this longterm 😀
+ services.keybase.enable = true;
+ }
+ ]
+ ++ optionals config.modules.dev.containers.enable [
+ (import ./containers)
+ ]
+ ++ optionals config.modules.desktop.enable [ (import ./desktop) ]
+ ++ optionals (config.networking.hostName == "wakasu" || config.networking.hostName == "aomi") [
+ {
+ # Move this to its own module
+ home.packages = with pkgs; [
+ libosinfo
+ asciinema
+ oathToolkit
+ p7zip
+ ];
+ home.file."bin/msmtp" = {
+ text = ''
+ #!${pkgs.stdenv.shell}
+ ${pkgs.libnotify}/bin/notify-send "Sending mail ✉️"
+ ${pkgs.msmtp}/bin/msmtp --read-envelope-from $@
+ '';
+ executable = true;
+ };
+ programs.mbsync.enable = true;
+ # programs.lieer.enable = true;
+ programs.aerc.enable = true;
+ programs.msmtp.enable = true;
+ programs.mu.enable = true;
+ # programs.notmuch.enable = true;
+ accounts.email = {
+ maildirBasePath = "desktop/mails";
+ accounts = {
+ "icloud" = {
+ primary = true;
+ address = "vincent@demeester.fr";
+ userName = "vdemeester@icloud.com";
+ realName = "Vincent Demeester";
+ passwordCommand = "${pkgs.passage}/bin/passage show mails/icloud/vdemeester";
+ imap.host = "imap.mail.me.com";
+ smtp.host = "smtp.mail.me.com";
+ smtp.port = 587;
+ mbsync = {
+ enable = true;
+ create = "both";
+ expunge = "both";
+ extraConfig = {
+ channel = {
+ Sync = "All";
};
- };
- mu.enable = true;
- msmtp = {
- enable = true;
- extraConfig = {
- tls_starttls = "on";
+ account = {
+ Timeout = 120;
+ PipelineDepth = 1;
};
};
};
- # We will forward those to a "central" mail account.
- "gmail" = {
- address = "vinc.demeester@gmail.com";
- userName = "vinc.demeester@gmail.com";
- realName = "Vincent Demeester";
- passwordCommand = "${pkgs.passage}/bin/passage show mails/gmail/vinc.demeester";
- imap.host = "imap.gmail.com";
- smtp.host = "smtp.gmail.com";
- flavor = "gmail.com";
- # aerc.enable = true;
- msmtp = {
- enable = true;
- # extraConfig = {
- # tls_starttls = "on";
- # };
- };
- # This is here for doing backup
- mbsync = {
- enable = true;
- create = "both";
- expunge = "both";
- # Sync everything *but* "[Gmail] All Mail" to get the "organized" view.
- patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/Trash" "[Gmail]/Drafts" ];
- extraConfig = {
- channel = {
- Sync = "All";
- };
- account = {
- Timeout = 120;
- PipelineDepth = 1;
- };
- };
- };
- };
- "redhat" = {
- # primary = true; # because it's work, but it's really just for notmuch
- address = "vdemeest@redhat.com";
- userName = "vdemeest@redhat.com";
- realName = "Vincent Demeester";
- passwordCommand = "${pkgs.passage}/bin/passage show mails/gmail/redhat";
- imap.host = "imap.gmail.com";
- smtp.host = "smtp.gmail.com";
- flavor = "gmail.com";
- mbsync = {
- enable = true;
- create = "both";
- expunge = "both";
- # Sync everything *but* "[Gmail] All Mail" to get the "organized" view.
- patterns = [ "*" "!area/github" "!memo-list" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/Trash" "[Gmail]/Drafts" ];
- extraConfig = {
- channel = {
- Sync = "All";
- };
- account = {
- Timeout = 120;
- PipelineDepth = 1;
- };
- };
- };
- mu.enable = true;
- # aerc.enable = true;
- msmtp = {
- enable = true;
- # extraConfig = {
- # tls_starttls = "on";
- # };
+ mu.enable = true;
+ msmtp = {
+ enable = true;
+ extraConfig = {
+ tls_starttls = "on";
};
};
};
+ # We will forward those to a "central" mail account.
+ "gmail" = {
+ address = "vinc.demeester@gmail.com";
+ userName = "vinc.demeester@gmail.com";
+ realName = "Vincent Demeester";
+ passwordCommand = "${pkgs.passage}/bin/passage show mails/gmail/vinc.demeester";
+ imap.host = "imap.gmail.com";
+ smtp.host = "smtp.gmail.com";
+ flavor = "gmail.com";
+ # aerc.enable = true;
+ msmtp = {
+ enable = true;
+ # extraConfig = {
+ # tls_starttls = "on";
+ # };
+ };
+ # This is here for doing backup
+ mbsync = {
+ enable = true;
+ create = "both";
+ expunge = "both";
+ # Sync everything *but* "[Gmail] All Mail" to get the "organized" view.
+ patterns = [
+ "*"
+ "![Gmail]*"
+ "[Gmail]/Sent Mail"
+ "[Gmail]/Starred"
+ "[Gmail]/Trash"
+ "[Gmail]/Drafts"
+ ];
+ extraConfig = {
+ channel = {
+ Sync = "All";
+ };
+ account = {
+ Timeout = 120;
+ PipelineDepth = 1;
+ };
+ };
+ };
+ };
+ "redhat" = {
+ # primary = true; # because it's work, but it's really just for notmuch
+ address = "vdemeest@redhat.com";
+ userName = "vdemeest@redhat.com";
+ realName = "Vincent Demeester";
+ passwordCommand = "${pkgs.passage}/bin/passage show mails/gmail/redhat";
+ imap.host = "imap.gmail.com";
+ smtp.host = "smtp.gmail.com";
+ flavor = "gmail.com";
+ mbsync = {
+ enable = true;
+ create = "both";
+ expunge = "both";
+ # Sync everything *but* "[Gmail] All Mail" to get the "organized" view.
+ patterns = [
+ "*"
+ "!area/github"
+ "!memo-list"
+ "![Gmail]*"
+ "[Gmail]/Sent Mail"
+ "[Gmail]/Starred"
+ "[Gmail]/Trash"
+ "[Gmail]/Drafts"
+ ];
+ extraConfig = {
+ channel = {
+ Sync = "All";
+ };
+ account = {
+ Timeout = 120;
+ PipelineDepth = 1;
+ };
+ };
+ };
+ mu.enable = true;
+ # aerc.enable = true;
+ msmtp = {
+ enable = true;
+ # extraConfig = {
+ # tls_starttls = "on";
+ # };
+ };
+ };
};
- }
- ]
- # ++ optionals config.virtualisation.docker.enable [
- # {
- # home.packages = with pkgs; [ docker docker-compose dive ];
- # }
- # ]
- #++ optionals config.profiles.redhat.enable [{
- # home.file.".local/share/applications/redhat-vpn.desktop".source = ./redhat/redhat-vpn.desktop;
- # home.packages = with pkgs; [ gnome3.zenity oathToolkit ];
- #}]
- );
+ };
+ }
+ ]
+ # ++ optionals config.virtualisation.docker.enable [
+ # {
+ # home.packages = with pkgs; [ docker docker-compose dive ];
+ # }
+ # ]
+ #++ optionals config.profiles.redhat.enable [{
+ # home.file.".local/share/applications/redhat-vpn.desktop".source = ./redhat/redhat-vpn.desktop;
+ # home.packages = with pkgs; [ gnome3.zenity oathToolkit ];
+ #}]
+ );
}
flake.nix
@@ -1,7 +1,8 @@
{
description = "System Config";
- outputs = { self, ... } @ inputs:
+ outputs =
+ { self, ... }@inputs:
let
inherit (self) outputs;
stateVersion = "24.11";
@@ -79,17 +80,26 @@
kyushu = libx.mkHost {
hostname = "kyushu";
desktop = "sway";
- syncthingFolders = [ "org" "documents" "sync" "screenshots" "wallpapers" ];
+ syncthingFolders = [
+ "org"
+ "documents"
+ "sync"
+ "screenshots"
+ "wallpapers"
+ ];
};
# Work workstation (unstable)
# FIXME migrate to libx.mkHost
aomi = inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
- modules = commonModules ++ unstableModules ++ [
- inputs.nixos-hardware.nixosModules.lenovo-thinkpad-p1-gen3
- inputs.nixos-hardware.nixosModules.common-pc-laptop-ssd
- ./systems/hosts/aomi.nix
- ];
+ modules =
+ commonModules
+ ++ unstableModules
+ ++ [
+ inputs.nixos-hardware.nixosModules.lenovo-thinkpad-p1-gen3
+ inputs.nixos-hardware.nixosModules.common-pc-laptop-ssd
+ ./systems/hosts/aomi.nix
+ ];
# syncthingFolders = [ "org" "documents" "sync" "screenshots" "wallpapers" ];
};
# Work server (stable ?)
@@ -102,25 +112,34 @@
# Servers (stable)
shikoku = inputs.nixpkgs-24_11.lib.nixosSystem {
system = "x86_64-linux";
- modules = commonModules ++ stableModules ++ [
- ./systems/hosts/shikoku.nix
- ];
+ modules =
+ commonModules
+ ++ stableModules
+ ++ [
+ ./systems/hosts/shikoku.nix
+ ];
# syncthingFolders = [ "org" "documents" "sync" "screenshots" "wallpapers" ];
};
sakhalin = inputs.nixpkgs-24_11.lib.nixosSystem {
system = "x86_64-linux";
- modules = commonModules ++ stableModules ++ [
- inputs.nixos-hardware.nixosModules.common-pc-ssd
- ./systems/hosts/sakhalin.nix
- ];
+ modules =
+ commonModules
+ ++ stableModules
+ ++ [
+ inputs.nixos-hardware.nixosModules.common-pc-ssd
+ ./systems/hosts/sakhalin.nix
+ ];
# syncthingFolders = [ "org" "documents" "sync" "screenshots" "wallpapers" ];
};
kerkouane = inputs.nixpkgs-24_11.lib.nixosSystem {
system = "x86_64-linux";
- modules = commonModules ++ stableModules ++ [
- ./systems/modules/services/govanityurl.nix
- ./systems/hosts/kerkouane.nix
- ];
+ modules =
+ commonModules
+ ++ stableModules
+ ++ [
+ ./systems/modules/services/govanityurl.nix
+ ./systems/hosts/kerkouane.nix
+ ];
# syncthingFolders = [ "org" "documents" "sync" "screenshots" "wallpapers" ];
};
# carthage = inputs.nixpkgs-24_11.lib.nixosSystem {
@@ -133,17 +152,23 @@
# athena
athena = inputs.nixpkgs-24_11.lib.nixosSystem {
system = "aarch64-linux";
- modules = commonModules ++ stableModules ++ [
- ./systems/hosts/athena.nix
- ];
+ modules =
+ commonModules
+ ++ stableModules
+ ++ [
+ ./systems/hosts/athena.nix
+ ];
# syncthingFolders = [ "org" "documents" "sync" "screenshots" "wallpapers" ];
};
# demeter
demeter = inputs.nixpkgs-24_11.lib.nixosSystem {
system = "aarch64-linux";
- modules = commonModules ++ stableModules ++ [
- ./systems/hosts/demeter.nix
- ];
+ modules =
+ commonModules
+ ++ stableModules
+ ++ [
+ ./systems/hosts/demeter.nix
+ ];
# syncthingFolders = [ "org" "documents" "sync" "screenshots" "wallpapers" ];
};
};
@@ -167,21 +192,26 @@
carthage = inputs.nixos-generators.nixosGenerate rec {
system = "aarch64-linux";
format = "amazon";
- modules = commonModules ++ stableModules ++ [
- ./systems/hosts/carthage.nix
- ];
+ modules =
+ commonModules
+ ++ stableModules
+ ++ [
+ ./systems/hosts/carthage.nix
+ ];
};
# sdimages
- athena = (self.nixosConfigurations.athena.extendModules {
- modules = [
- "${inputs.nixpkgs-24_11}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
- ];
- }).config.system.build.sdImage;
- demeter = (self.nixosConfigurations.demeter.extendModules {
- modules = [
- "${inputs.nixpkgs-24_11}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
- ];
- }).config.system.build.sdImage;
+ athena =
+ (self.nixosConfigurations.athena.extendModules {
+ modules = [
+ "${inputs.nixpkgs-24_11}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
+ ];
+ }).config.system.build.sdImage;
+ demeter =
+ (self.nixosConfigurations.demeter.extendModules {
+ modules = [
+ "${inputs.nixpkgs-24_11}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
+ ];
+ }).config.system.build.sdImage;
};
# TODO: expose some packages ?
# This is probably not gonna happen, instead I should move any internal package here outside, in their
@@ -197,7 +227,14 @@
};
in
pkgs.mkShell {
- packages = [ pkgs.alejandra pkgs.git pkgs.nodePackages.prettier pkgs.deadnix pkgs.nixfmt-classic inputs.agenix.packages.x86_64-linux.default ];
+ packages = [
+ pkgs.alejandra
+ pkgs.git
+ pkgs.nodePackages.prettier
+ pkgs.deadnix
+ pkgs.nixfmt-classic
+ inputs.agenix.packages.x86_64-linux.default
+ ];
name = "home";
DIRENV_LOG_FORMAT = "";
};
@@ -205,22 +242,56 @@
inputs = {
# Flake for compatibility with non-flake commands
- flake-compat = { type = "github"; owner = "edolstra"; repo = "flake-compat"; flake = false; };
+ flake-compat = {
+ type = "github";
+ owner = "edolstra";
+ repo = "flake-compat";
+ flake = false;
+ };
- buildkit-tekton = { url = "github:vdemeester/buildkit-tekton"; inputs.nixpkgs.follows = "nixpkgs"; };
+ buildkit-tekton = {
+ url = "github:vdemeester/buildkit-tekton";
+ inputs.nixpkgs.follows = "nixpkgs";
+ };
# nixpkgs
- nixpkgs = { type = "github"; owner = "NixOS"; repo = "nixpkgs"; ref = "nixos-unstable"; };
- nixpkgs-24_11 = { type = "github"; owner = "NixOS"; repo = "nixpkgs"; ref = "nixos-24.11"; };
+ nixpkgs = {
+ type = "github";
+ owner = "NixOS";
+ repo = "nixpkgs";
+ ref = "nixos-unstable";
+ };
+ nixpkgs-24_11 = {
+ type = "github";
+ owner = "NixOS";
+ repo = "nixpkgs";
+ ref = "nixos-24.11";
+ };
nixpkgs-master.url = "github:nixos/nixpkgs/master";
# Home Manager
- home-manager = { type = "github"; owner = "nix-community"; repo = "home-manager"; inputs.nixpkgs.follows = "nixpkgs"; };
- home-manager-24_11 = { type = "github"; owner = "nix-community"; repo = "home-manager"; ref = "release-24.11"; inputs.nixpkgs.follows = "nixpkgs-24_11"; };
+ home-manager = {
+ type = "github";
+ owner = "nix-community";
+ repo = "home-manager";
+ inputs.nixpkgs.follows = "nixpkgs";
+ };
+ home-manager-24_11 = {
+ type = "github";
+ owner = "nix-community";
+ repo = "home-manager";
+ ref = "release-24.11";
+ inputs.nixpkgs.follows = "nixpkgs-24_11";
+ };
# FIXME could still be useful for servers
# impermanence = { type = "github"; owner = "nix-community"; repo = "impermanence"; };
- dagger = { type = "github"; owner = "dagger"; repo = "nix"; inputs.nixpkgs.follows = "nixpkgs"; };
+ dagger = {
+ type = "github";
+ owner = "dagger";
+ repo = "nix";
+ inputs.nixpkgs.follows = "nixpkgs";
+ };
emacs-overlay = {
url = "github:nix-community/emacs-overlay";
@@ -229,8 +300,17 @@
};
# WSL
- nixos-wsl = { type = "github"; owner = "nix-community"; repo = "NixOS-WSL"; inputs.nixpkgs.follows = "nixpkgs"; };
- nixos-hardware = { type = "github"; owner = "NixOS"; "repo" = "nixos-hardware"; };
+ nixos-wsl = {
+ type = "github";
+ owner = "nix-community";
+ repo = "NixOS-WSL";
+ inputs.nixpkgs.follows = "nixpkgs";
+ };
+ nixos-hardware = {
+ type = "github";
+ owner = "NixOS";
+ "repo" = "nixos-hardware";
+ };
# Me :D
chick-group = {
secrets.nix
@@ -1,10 +1,12 @@
let
- vincent-yubikey5a = "";
#vincent-yubikey5a = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFT5Rx+4Wuvd8lMBkcHxb4oHdRhm/OTg+p5tvPzoIN9enSmgRw5Inm/SlS8ZzV87G1NESTgzDRi6hREvqDlKvxs=";
vincent-yubikey5c1 = "age1yubikey1q0g72w5n3zgt4qv64fkymcttqlpct0yh0rf29079h3696d6wkruakkst877"; # does this work ? Otherwise the ssh one.
# vincent-yubikey5c1 = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBFzxC16VqwTgWDQfw2YCiOw2JzpH3z9XgHtKoHhBdHi2i9m9XUc7fIUeEIIf7P8ARRNd8q5bjvl8JY7LtPkNCU=";
vincent-yubikey5c2 = "age1yubikey1qf2vcr22ugzj94dzfhdrz39h60ukr6gvk2687de2srg9407azd53kgsajvu";
- users = [ vincent-yubikey5c1 vincent-yubikey5c2 ];
+ users = [
+ vincent-yubikey5c1
+ vincent-yubikey5c2
+ ];
aomi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFQVlSrUKU0xlM9E+sJ8qgdgqCW6ePctEBD2Yf+OnyME"; # ssh-keyscan -q -t ed25519 aomi.sbr.pm
athena = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM/4KRP1rzOwyA2zP1Nf1WlLRHqAGutLtOHYWfH732xh"; # ssh-keyscan -q -t ed25519 athena.sbr.pm
@@ -14,26 +16,92 @@ let
shikoku = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH18c6kcorVbK2TwCgdewL6nQf29Cd5BVTeq8nRYUigm"; # ssh-keyscan -q -t ed25519 shikoku.sbr.pm
wakasu = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINrAh07USjRnAdS3mMNGdKee1KumjYDLzgXaiZ5LYi2D"; # ssh-keyscan -q -t ed25519 wakasu.sbr.pm
kyushu = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINd795m+P54GlGJdMaGci9pQ9N942VUz8ri2F14+LWxg"; # ssh-keyscan -q -t ed25519 kyushu.sbr.pm
- desktops = [ aomi wakasu kyushu ];
- servers = [ athena demeter kerkouane sakhalin shikoku ];
+ desktops = [
+ aomi
+ wakasu
+ kyushu
+ ];
+ servers = [
+ athena
+ demeter
+ kerkouane
+ sakhalin
+ shikoku
+ ];
systems = servers ++ desktops;
in
{
# Red Hat
- "secrets/redhat/krb5.conf.age".publicKeys = users ++ [ aomi wakasu kyushu ];
- "secrets/redhat/RHVPN.ovpn.age".publicKeys = users ++ [ aomi wakasu kyushu ];
- "secrets/redhat/AMS2.ovpn.age".publicKeys = users ++ [ aomi wakasu kyushu ];
- "secrets/redhat/RDU2.ovpn.age".publicKeys = users ++ [ aomi wakasu kyushu ];
- "secrets/redhat/BBRQ.ovpn.age".publicKeys = users ++ [ aomi wakasu kyushu ];
- "secrets/redhat/ipa.crt.age".publicKeys = users ++ [ aomi wakasu kyushu ];
- "secrets/redhat/2022-RH-IT-Root-CA.pem.age".publicKeys = users ++ [ aomi wakasu kyushu ];
- "secrets/redhat/2015-RH-IT-Root-CA.pem.age".publicKeys = users ++ [ aomi wakasu kyushu ];
- "secrets/redhat/Eng-CA.crt.age".publicKeys = users ++ [ aomi wakasu kyushu ];
- "secrets/redhat/newca.crt.age".publicKeys = users ++ [ aomi wakasu kyushu ];
- "secrets/redhat/oracle_ebs.crt.age".publicKeys = users ++ [ aomi wakasu kyushu ];
- "secrets/redhat/pki-ca-chain.crt.age".publicKeys = users ++ [ aomi wakasu kyushu ];
- "secrets/redhat/RH_ITW.crt.age".publicKeys = users ++ [ aomi wakasu kyushu ];
- "secrets/redhat/win-intermediate-ca.cer.age".publicKeys = users ++ [ aomi wakasu kyushu ];
+ "secrets/redhat/krb5.conf.age".publicKeys = users ++ [
+ aomi
+ wakasu
+ kyushu
+ ];
+ "secrets/redhat/RHVPN.ovpn.age".publicKeys = users ++ [
+ aomi
+ wakasu
+ kyushu
+ ];
+ "secrets/redhat/AMS2.ovpn.age".publicKeys = users ++ [
+ aomi
+ wakasu
+ kyushu
+ ];
+ "secrets/redhat/RDU2.ovpn.age".publicKeys = users ++ [
+ aomi
+ wakasu
+ kyushu
+ ];
+ "secrets/redhat/BBRQ.ovpn.age".publicKeys = users ++ [
+ aomi
+ wakasu
+ kyushu
+ ];
+ "secrets/redhat/ipa.crt.age".publicKeys = users ++ [
+ aomi
+ wakasu
+ kyushu
+ ];
+ "secrets/redhat/2022-RH-IT-Root-CA.pem.age".publicKeys = users ++ [
+ aomi
+ wakasu
+ kyushu
+ ];
+ "secrets/redhat/2015-RH-IT-Root-CA.pem.age".publicKeys = users ++ [
+ aomi
+ wakasu
+ kyushu
+ ];
+ "secrets/redhat/Eng-CA.crt.age".publicKeys = users ++ [
+ aomi
+ wakasu
+ kyushu
+ ];
+ "secrets/redhat/newca.crt.age".publicKeys = users ++ [
+ aomi
+ wakasu
+ kyushu
+ ];
+ "secrets/redhat/oracle_ebs.crt.age".publicKeys = users ++ [
+ aomi
+ wakasu
+ kyushu
+ ];
+ "secrets/redhat/pki-ca-chain.crt.age".publicKeys = users ++ [
+ aomi
+ wakasu
+ kyushu
+ ];
+ "secrets/redhat/RH_ITW.crt.age".publicKeys = users ++ [
+ aomi
+ wakasu
+ kyushu
+ ];
+ "secrets/redhat/win-intermediate-ca.cer.age".publicKeys = users ++ [
+ aomi
+ wakasu
+ kyushu
+ ];
"secrets/redhat/redhat.pem.age".publicKeys = users ++ systems;
# Others
"secrets/minica.pem.age".publicKeys = users ++ systems;
shell.nix
@@ -18,8 +18,9 @@
# '';
# };
# }
-{ system ? builtins.currentSystem }:
+{
+ system ? builtins.currentSystem,
+}:
# Use flake.nix devshell, similar to "nix develop"
(builtins.getFlake (toString ./.)).devShells.${system}.default
-