diff --git a/flake.nix b/flake.nix index 9a340db1..f4c9a0f4 100644 --- a/flake.nix +++ b/flake.nix @@ -1,187 +1,194 @@ { description = "NixOS configuration with flakes"; - outputs = { self, flake-utils, flake-compat, home-manager - , nixpkgs-nixos-unstable, nixpkgs-master, nixpkgs-stable, darwin - , nixos-hardware, nur, sops, nil, helix, alejandra }@inputs: + outputs = { + self, + flake-utils, + flake-compat, + home-manager, + nixpkgs-nixos-unstable, + nixpkgs-master, + nixpkgs-stable, + darwin, + nixos-hardware, + nur, + sops, + nil, + helix, + alejandra, + } @ inputs: let + mkServer = pkgs: system: hostname: + pkgs.lib.nixosSystem { + inherit system; + modules = [ + (./. + "/nixos/boxes/${hostname}") + (import ./nixos/server-common.nix) + sops.nixosModules.sops + ]; + specialArgs = {inherit inputs;}; + }; + mkRaspi = pkgs: hostname: + pkgs.lib.nixosSystem { + system = "aarch64-linux"; + modules = [(./. + "/nixos/boxes/${hostname}")]; + specialArgs = {inherit inputs;}; + }; + mkKiosk = pkgs: system: hostname: + pkgs.lib.nixosSystem { + inherit system; + modules = [ + (./. + "/nixos/boxes/${hostname}") - let - mkServer = pkgs: system: hostname: - pkgs.lib.nixosSystem { - inherit system; - modules = [ - (./. + "/nixos/boxes/${hostname}") - (import ./nixos/server-common.nix) - sops.nixosModules.sops - ]; - specialArgs = { inherit inputs; }; - }; - mkRaspi = pkgs: hostname: - pkgs.lib.nixosSystem { - system = "aarch64-linux"; - modules = [ (./. + "/nixos/boxes/${hostname}") ]; - specialArgs = { inherit inputs; }; - }; - mkKiosk = pkgs: system: hostname: - pkgs.lib.nixosSystem { - inherit system; - modules = [ - (./. + "/nixos/boxes/${hostname}") + sops.nixosModules.sops - sops.nixosModules.sops - - home-manager.nixosModules.home-manager - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.users.cyryl = { - imports = - [ ./nixos/home-manager ./nixos/home-manager/linux.nix ]; - _module.args.inputs = inputs; - _module.args.system = system; - }; - } - - ]; - specialArgs = { inherit inputs system; }; - }; - mkWorkstation = pkgs: system: hostname: - pkgs.lib.nixosSystem { - inherit system; - modules = [ - (./. + "/nixos/boxes/${hostname}") - (import ./nixos/email-accounts.nix) - (import ./nixos/common.nix) - sops.nixosModules.sops - - home-manager.nixosModules.home-manager - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.users.cyryl = { - imports = - [ ./nixos/home-manager ./nixos/home-manager/linux.nix ]; - _module.args.inputs = inputs; - _module.args.system = system; - }; - } - - ]; - specialArgs = { - inherit inputs system; - nixpkgs-nixos-stable-and-unfree = import nixpkgs-stable { - inherit system; - config = { allowUnfree = true; }; + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.cyryl = { + imports = [./nixos/home-manager ./nixos/home-manager/linux.nix]; + _module.args.inputs = inputs; + _module.args.system = system; }; - nixpkgs-nixos-unstable-and-unfree = import nixpkgs-nixos-unstable { - inherit system; - config = { allowUnfree = true; }; + } + ]; + specialArgs = {inherit inputs system;}; + }; + mkWorkstation = pkgs: system: hostname: + pkgs.lib.nixosSystem { + inherit system; + modules = [ + (./. + "/nixos/boxes/${hostname}") + (import ./nixos/email-accounts.nix) + (import ./nixos/common.nix) + sops.nixosModules.sops + + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.cyryl = { + imports = [./nixos/home-manager ./nixos/home-manager/linux.nix]; + _module.args.inputs = inputs; + _module.args.system = system; }; + } + ]; + specialArgs = { + inherit inputs system; + nixpkgs-nixos-stable-and-unfree = import nixpkgs-stable { + inherit system; + config = {allowUnfree = true;}; + }; + nixpkgs-nixos-unstable-and-unfree = import nixpkgs-nixos-unstable { + inherit system; + config = {allowUnfree = true;}; }; }; - mkShell = packageSet: system: - let pkgs = packageSet.legacyPackages.${system}; - in pkgs.mkShell { - packages = with pkgs; [ - cacert - git - git-lfs - nixpkgs-fmt - openssh - openssl - pkg-config - statix - ]; - }; - in { - devShells = { - "x86_64-darwin".default = mkShell nixpkgs-stable "x86_64-darwin"; - "x86_64-linux".default = mkShell nixpkgs-stable "x86_64-linux"; }; - darwinConfigurations = { - "FORM3-CYRYLPLOTN" = darwin.lib.darwinSystem rec { - system = "x86_64-darwin"; - modules = [ - (./. + "/nixos/boxes/form3") - home-manager.darwinModules.home-manager - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.users.cyryl = { - imports = [ ./nixos/home-manager ]; - _module.args.inputs = inputs; - _module.args.system = system; - }; - } - ]; - }; + mkShell = packageSet: system: let + pkgs = packageSet.legacyPackages.${system}; + in + pkgs.mkShell { + packages = with pkgs; [ + cacert + git + git-lfs + nixpkgs-fmt + openssh + openssl + pkg-config + statix + ]; }; - - nixosConfigurations = { - foureighty = mkWorkstation nixpkgs-stable "x86_64-linux" "foureighty"; - skinnyv = mkWorkstation nixpkgs-stable "x86_64-linux" "skinnyv"; - thinky = mkWorkstation nixpkgs-stable "x86_64-linux" "thinky"; - bolty = mkServer nixpkgs-stable "x86_64-linux" "bolty"; - vpsfree1 = mkServer nixpkgs-stable "x86_64-linux" "vpsfree1"; - yoga = mkKiosk nixpkgs-stable "x86_64-linux" "yoga"; - homescreen = mkRaspi nixpkgs-stable "homescreen"; - - bootstrap = nixpkgs-stable.lib.nixosSystem rec { - system = "x86_64-linux"; - modules = [ (./. + "/nixos/boxes/bootstrap") sops.nixosModules.sops ]; - specialArgs = { - inherit inputs system; - nixpkgs-nixos-unstable-and-unfree = import nixpkgs-nixos-unstable { - inherit system; - config = { allowUnfree = true; }; + in { + devShells = { + "x86_64-darwin".default = mkShell nixpkgs-stable "x86_64-darwin"; + "x86_64-linux".default = mkShell nixpkgs-stable "x86_64-linux"; + }; + darwinConfigurations = { + "FORM3-CYRYLPLOTN" = darwin.lib.darwinSystem rec { + system = "x86_64-darwin"; + modules = [ + (./. + "/nixos/boxes/form3") + home-manager.darwinModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.cyryl = { + imports = [./nixos/home-manager]; + _module.args.inputs = inputs; + _module.args.system = system; }; - }; - }; - # nix build .#nixosConfigurations.raspiimage.config.system.build.sdImage - # sudo dd if=result/sd-image/nixos-sd-image-21.11.20211201.a640d83-aarch64-linux.img of=/dev/sda bs=4M conv=fsync status=progress - # make sure to update eeprom https://nixos.wiki/wiki/NixOS_on_ARM/Raspberry_Pi_4#Board-specific_installation_notes - raspiimage = nixpkgs-stable.lib.nixosSystem { - system = "aarch64-linux"; - modules = [ - (import - "${inputs.nixpkgs-nixos-unstable}/nixos/modules/installer/sd-card/sd-image-aarch64-installer.nix") - { - environment.systemPackages = - with nixpkgs-nixos-unstable.legacyPackages."aarch64-linux"; [ - neovim - htop - btop - atop - ]; - - networking.networkmanager.enable = false; - hardware.enableRedistributableFirmware = true; - networking.wireless.enable = true; - - services.openssh = { - enable = true; - permitRootLogin = - nixpkgs-stable.lib.mkForce "prohibit-password"; - passwordAuthentication = false; - }; - - services.xserver = { - enable = true; - displayManager.lightdm.enable = true; - desktopManager.gnome.enable = true; - libinput.enable = true; - }; - - users.extraUsers.root.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEo4R+6J3h6Ix3xWpOMdU7Es1/YxFchHw0c+kcCOJxFb cyryl@foureighty" - ]; - sdImage.compressImage = false; - console.earlySetup = true; - } - ]; - specialArgs = { inherit inputs; }; - }; + } + ]; }; }; + + nixosConfigurations = { + foureighty = mkWorkstation nixpkgs-stable "x86_64-linux" "foureighty"; + skinnyv = mkWorkstation nixpkgs-stable "x86_64-linux" "skinnyv"; + thinky = mkWorkstation nixpkgs-stable "x86_64-linux" "thinky"; + bolty = mkServer nixpkgs-stable "x86_64-linux" "bolty"; + vpsfree1 = mkServer nixpkgs-stable "x86_64-linux" "vpsfree1"; + yoga = mkKiosk nixpkgs-stable "x86_64-linux" "yoga"; + homescreen = mkRaspi nixpkgs-stable "homescreen"; + + bootstrap = nixpkgs-stable.lib.nixosSystem rec { + system = "x86_64-linux"; + modules = [(./. + "/nixos/boxes/bootstrap") sops.nixosModules.sops]; + specialArgs = { + inherit inputs system; + nixpkgs-nixos-unstable-and-unfree = import nixpkgs-nixos-unstable { + inherit system; + config = {allowUnfree = true;}; + }; + }; + }; + # nix build .#nixosConfigurations.raspiimage.config.system.build.sdImage + # sudo dd if=result/sd-image/nixos-sd-image-21.11.20211201.a640d83-aarch64-linux.img of=/dev/sda bs=4M conv=fsync status=progress + # make sure to update eeprom https://nixos.wiki/wiki/NixOS_on_ARM/Raspberry_Pi_4#Board-specific_installation_notes + raspiimage = nixpkgs-stable.lib.nixosSystem { + system = "aarch64-linux"; + modules = [ + (import + "${inputs.nixpkgs-nixos-unstable}/nixos/modules/installer/sd-card/sd-image-aarch64-installer.nix") + { + environment.systemPackages = with nixpkgs-nixos-unstable.legacyPackages."aarch64-linux"; [ + neovim + htop + btop + atop + ]; + + networking.networkmanager.enable = false; + hardware.enableRedistributableFirmware = true; + networking.wireless.enable = true; + + services.openssh = { + enable = true; + permitRootLogin = + nixpkgs-stable.lib.mkForce "prohibit-password"; + passwordAuthentication = false; + }; + + services.xserver = { + enable = true; + displayManager.lightdm.enable = true; + desktopManager.gnome.enable = true; + libinput.enable = true; + }; + + users.extraUsers.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEo4R+6J3h6Ix3xWpOMdU7Es1/YxFchHw0c+kcCOJxFb cyryl@foureighty" + ]; + sdImage.compressImage = false; + console.earlySetup = true; + } + ]; + specialArgs = {inherit inputs;}; + }; + }; + }; inputs = { nixpkgs-master = { type = "github"; @@ -262,7 +269,7 @@ inputs.nixpkgs.follows = "nixpkgs-stable"; inputs.nixpkgs-stable.follows = "nixpkgs-stable"; }; -alejandra = { + alejandra = { type = "github"; owner = "kamadorueda"; repo = "alejandra"; @@ -274,5 +281,4 @@ alejandra = { flake = false; }; }; - } diff --git a/nixos/backups.nix b/nixos/backups.nix index 6a620998..da40a3cf 100644 --- a/nixos/backups.nix +++ b/nixos/backups.nix @@ -1,5 +1,8 @@ -{ config, pkgs, ... }: -let +{ + config, + pkgs, + ... +}: let extraArgs = [ "--exclude='.cache'" "--exclude='.rustup'" @@ -12,21 +15,20 @@ let IOSchedulingClass = "idle"; }; in { - services = { restic.backups.home-to-bolty = { passwordFile = "/etc/nixos/secrets/restic-password-bolty"; - paths = [ "/home" ]; + paths = ["/home"]; repository = "rest:http://bolty:8000/"; - timerConfig = { OnCalendar = "hourly"; }; + timerConfig = {OnCalendar = "hourly";}; extraBackupArgs = extraArgs; }; restic.backups.home-to-b2 = { passwordFile = "/etc/nixos/secrets/restic-password-b2"; - paths = [ "/home" ]; + paths = ["/home"]; repository = "b2:cyplo-restic-${config.networking.hostName}:/"; - timerConfig = { OnCalendar = "hourly"; }; + timerConfig = {OnCalendar = "hourly";}; extraBackupArgs = extraArgs; environmentFile = "/etc/nixos/secrets/b2-env"; }; diff --git a/nixos/boot.nix b/nixos/boot.nix index 28f4efbc..2bfa7dd1 100644 --- a/nixos/boot.nix +++ b/nixos/boot.nix @@ -1,5 +1,9 @@ -{ config, pkgs, ... }: { - fileSystems."/".options = [ "noatime" "nodiratime" "discard" ]; +{ + config, + pkgs, + ... +}: { + fileSystems."/".options = ["noatime" "nodiratime" "discard"]; boot = { kernel.sysctl = { @@ -10,6 +14,4 @@ "net.core.bpf_jit_harden" = true; }; }; - } - diff --git a/nixos/boxes/bolty/bolty-boot.nix b/nixos/boxes/bolty/bolty-boot.nix index f64f1c3e..78046fdd 100644 --- a/nixos/boxes/bolty/bolty-boot.nix +++ b/nixos/boxes/bolty/bolty-boot.nix @@ -1,12 +1,14 @@ -{ config, pkgs, ... }: { - +{ + config, + pkgs, + ... +}: { boot = { kernelPackages = pkgs.linuxPackages_latest; - initrd.availableKernelModules = - [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sdhci_acpi" ]; - initrd.kernelModules = [ "dm-snapshot" ]; - kernelModules = [ "kvm-amd" ]; - extraModulePackages = [ ]; + initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sdhci_acpi"]; + initrd.kernelModules = ["dm-snapshot"]; + kernelModules = ["kvm-amd"]; + extraModulePackages = []; loader.systemd-boot.enable = true; loader.efi.canTouchEfiVariables = false; }; @@ -35,7 +37,7 @@ fsType = "vfat"; }; - swapDevices = [ ]; + swapDevices = []; nix.settings = { max-jobs = 8; diff --git a/nixos/boxes/bolty/default.nix b/nixos/boxes/bolty/default.nix index b375683d..3bf3fccd 100644 --- a/nixos/boxes/bolty/default.nix +++ b/nixos/boxes/bolty/default.nix @@ -1,5 +1,10 @@ -{ config, pkgs, inputs, lib, ... }: -let +{ + config, + pkgs, + inputs, + lib, + ... +}: let physicalInterface = "enp4s0"; bridgeInterface = "br0"; in { @@ -13,7 +18,7 @@ in { ./print-server.nix ./restic-server.nix ]; - boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; + boot.binfmt.emulatedSystems = ["aarch64-linux"]; programs.ccache.enable = true; networking = { hostName = "bolty"; @@ -22,22 +27,24 @@ in { address = "10.0.0.1"; interface = "${bridgeInterface}"; }; - nameservers = [ "91.239.100.100" "89.233.43.71" "1.1.1.1" ]; + nameservers = ["91.239.100.100" "89.233.43.71" "1.1.1.1"]; interfaces = { "${physicalInterface}" = { useDHCP = false; wakeOnLan.enable = true; }; "${bridgeInterface}" = { - ipv4.addresses = [{ - "address" = "10.0.0.8"; - "prefixLength" = 24; - }]; + ipv4.addresses = [ + { + "address" = "10.0.0.8"; + "prefixLength" = 24; + } + ]; }; }; - bridges = { "${bridgeInterface}".interfaces = [ "${physicalInterface}" ]; }; + bridges = {"${bridgeInterface}".interfaces = ["${physicalInterface}"];}; }; - boot.kernelModules = [ "kvm_amd" ]; + boot.kernelModules = ["kvm_amd"]; virtualisation = { libvirtd = { enable = true; @@ -51,11 +58,10 @@ in { virt-viewer lm_sensors ]; - networking.firewall.allowedTCPPorts = [ 5900 ]; + networking.firewall.allowedTCPPorts = [5900]; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; security.allowUserNamespaces = true; time.timeZone = "Europe/London"; - } diff --git a/nixos/boxes/bolty/home-assistant.nix b/nixos/boxes/bolty/home-assistant.nix index 665d6637..64eb873b 100644 --- a/nixos/boxes/bolty/home-assistant.nix +++ b/nixos/boxes/bolty/home-assistant.nix @@ -1,8 +1,13 @@ -{ config, pkgs, inputs, lib, ... }: -let port = 8123; +{ + config, + pkgs, + inputs, + lib, + ... +}: let + port = 8123; in { - imports = [ ]; - - networking.firewall.allowedTCPPorts = [ port ]; + imports = []; + networking.firewall.allowedTCPPorts = [port]; } diff --git a/nixos/boxes/bolty/i2p.nix b/nixos/boxes/bolty/i2p.nix index 5ab91a3b..a46ba177 100644 --- a/nixos/boxes/bolty/i2p.nix +++ b/nixos/boxes/bolty/i2p.nix @@ -1,4 +1,8 @@ -{ config, pkgs, ... }: { +{ + config, + pkgs, + ... +}: { services.i2pd = { enable = true; bandwidth = 1024; # kb/s diff --git a/nixos/boxes/bolty/matrix-server.nix b/nixos/boxes/bolty/matrix-server.nix index 5caa2598..90065993 100644 --- a/nixos/boxes/bolty/matrix-server.nix +++ b/nixos/boxes/bolty/matrix-server.nix @@ -1,4 +1,9 @@ -{ config, pkgs, inputs, ... }: { +{ + config, + pkgs, + inputs, + ... +}: { services.postgresql = { enable = true; initialScript = pkgs.writeText "synapse-init.sql" '' @@ -14,18 +19,22 @@ enable = true; settings = { server_name = "cyplo.dev"; - listeners = [{ - port = 8008; - bind_addresses = [ "bolty.cyplo.github.beta.tailscale.net" ]; - type = "http"; - tls = false; - x_forwarded = true; - resources = [{ - names = [ "client" "federation" ]; - compress = false; - }]; - }]; - experimental_features = { spaces_enabled = true; }; + listeners = [ + { + port = 8008; + bind_addresses = ["bolty.cyplo.github.beta.tailscale.net"]; + type = "http"; + tls = false; + x_forwarded = true; + resources = [ + { + names = ["client" "federation"]; + compress = false; + } + ]; + } + ]; + experimental_features = {spaces_enabled = true;}; enable_registration = false; suppress_key_server_warning = true; }; @@ -33,5 +42,5 @@ inputs.nixpkgs-nixos-unstable.legacyPackages."x86_64-linux".matrix-synapse; }; - networking.firewall.allowedTCPPorts = [ 8008 ]; + networking.firewall.allowedTCPPorts = [8008]; } diff --git a/nixos/boxes/bolty/nix-store-server.nix b/nixos/boxes/bolty/nix-store-server.nix index 15d5b1dc..3f8460e2 100644 --- a/nixos/boxes/bolty/nix-store-server.nix +++ b/nixos/boxes/bolty/nix-store-server.nix @@ -1,10 +1,13 @@ -{ config, pkgs, ... }: { - - networking.firewall.allowedTCPPorts = [ 9000 9001 ]; +{ + config, + pkgs, + ... +}: { + networking.firewall.allowedTCPPorts = [9000 9001]; services.minio = { enable = true; region = "home"; - dataDir = [ "/var/lib/minio/data" ]; + dataDir = ["/var/lib/minio/data"]; configDir = "/var/lib/minio/config"; listenAddress = ":9000"; consoleAddress = ":9001"; diff --git a/nixos/boxes/bolty/print-server.nix b/nixos/boxes/bolty/print-server.nix index a3b3abb5..28edf101 100644 --- a/nixos/boxes/bolty/print-server.nix +++ b/nixos/boxes/bolty/print-server.nix @@ -1,40 +1,45 @@ -{ config, pkgs, lib, ... }: { - +{ + config, + pkgs, + lib, + ... +}: { networking.firewall.enable = true; - networking.firewall.allowedTCPPorts = [ 631 6566 ]; - networking.firewall.allowedUDPPorts = [ 631 6566 ]; + networking.firewall.allowedTCPPorts = [631 6566]; + networking.firewall.allowedUDPPorts = [631 6566]; services.printing = { enable = true; - drivers = with pkgs; [ epson-escpr ]; - listenAddresses = [ "*:631" ]; + drivers = with pkgs; [epson-escpr]; + listenAddresses = ["*:631"]; defaultShared = true; browsing = true; - allowFrom = [ "all" ]; + allowFrom = ["all"]; extraConf = '' ServerAlias * DefaultEncryption Never ''; }; - hardware.printers.ensurePrinters = [{ - description = "Epson XP-540"; - location = "connected to bolty"; - name = "epson_xp540"; - deviceUri = - "usb://EPSON/XP-540%20Series?serial=583245393030303936&interface=1"; - model = "raw"; - ppdOptions = { PageSize = "A4"; }; - }]; + hardware.printers.ensurePrinters = [ + { + description = "Epson XP-540"; + location = "connected to bolty"; + name = "epson_xp540"; + deviceUri = "usb://EPSON/XP-540%20Series?serial=583245393030303936&interface=1"; + model = "raw"; + ppdOptions = {PageSize = "A4";}; + } + ]; hardware.sane = { enable = true; - extraBackends = with pkgs; [ utsushi sane-airscan gawk ]; + extraBackends = with pkgs; [utsushi sane-airscan gawk]; snapshot = true; }; - services.udev.packages = [ pkgs.utsushi ]; + services.udev.packages = [pkgs.utsushi]; - environment.systemPackages = with pkgs; [ gawk ]; + environment.systemPackages = with pkgs; [gawk]; services.saned = { enable = true; extraConfig = '' @@ -45,5 +50,4 @@ hagath ''; }; - } diff --git a/nixos/boxes/bolty/prometheus-node.nix b/nixos/boxes/bolty/prometheus-node.nix index 715063f3..840959c3 100644 --- a/nixos/boxes/bolty/prometheus-node.nix +++ b/nixos/boxes/bolty/prometheus-node.nix @@ -1,5 +1,10 @@ -{ config, pkgs, lib, ... }: { - networking.firewall.allowedTCPPorts = [ 9100 ]; +{ + config, + pkgs, + lib, + ... +}: { + networking.firewall.allowedTCPPorts = [9100]; services.prometheus = { enable = true; exporters.node.enable = true; diff --git a/nixos/boxes/bolty/real-hardware.nix b/nixos/boxes/bolty/real-hardware.nix index 4d318aa4..dc4ded6e 100644 --- a/nixos/boxes/bolty/real-hardware.nix +++ b/nixos/boxes/bolty/real-hardware.nix @@ -1,8 +1,13 @@ -{ config, pkgs, lib, ... }: { +{ + config, + pkgs, + lib, + ... +}: { hardware.enableRedistributableFirmware = true; services.smartd.enable = true; services.fstrim.enable = true; - environment.systemPackages = with pkgs; [ smartmontools ]; + environment.systemPackages = with pkgs; [smartmontools]; services.fwupd.enable = true; services.thermald.enable = true; services.haveged.enable = true; diff --git a/nixos/boxes/bolty/restic-server.nix b/nixos/boxes/bolty/restic-server.nix index 1fe80f2b..defc743a 100644 --- a/nixos/boxes/bolty/restic-server.nix +++ b/nixos/boxes/bolty/restic-server.nix @@ -1,12 +1,15 @@ -{ config, pkgs, ... }: { - environment.systemPackages = with pkgs; [ restic ]; - networking.firewall.allowedTCPPorts = [ 8000 ]; +{ + config, + pkgs, + ... +}: { + environment.systemPackages = with pkgs; [restic]; + networking.firewall.allowedTCPPorts = [8000]; services.restic.server = { enable = true; dataDir = "/data/restic"; appendOnly = true; prometheus = true; - extraFlags = [ "--no-auth" ]; + extraFlags = ["--no-auth"]; }; - } diff --git a/nixos/boxes/bootstrap/default.nix b/nixos/boxes/bootstrap/default.nix index 5ea4de22..72a9d3d6 100644 --- a/nixos/boxes/bootstrap/default.nix +++ b/nixos/boxes/bootstrap/default.nix @@ -1,4 +1,10 @@ -{ config, pkgs, inputs, nixpkgs-nixos-unstable-and-unfree, ... }: { +{ + config, + pkgs, + inputs, + nixpkgs-nixos-unstable-and-unfree, + ... +}: { networking.hostName = "fixme"; imports = [ diff --git a/nixos/boxes/bootstrap/hardware-configuration.nix b/nixos/boxes/bootstrap/hardware-configuration.nix index 6fd9c3bf..9de9b82a 100644 --- a/nixos/boxes/bootstrap/hardware-configuration.nix +++ b/nixos/boxes/bootstrap/hardware-configuration.nix @@ -1,11 +1,16 @@ -{ config, lib, pkgs, inputs, ... }: { +{ + config, + lib, + pkgs, + inputs, + ... +}: { boot = { - kernelModules = [ "kvm-intel" ]; + kernelModules = ["kvm-intel"]; initrd = { - kernelModules = [ "dm-snapshot" ]; - availableKernelModules = - [ "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; + kernelModules = ["dm-snapshot"]; + availableKernelModules = ["xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod"]; }; loader.efi.canTouchEfiVariables = true; @@ -24,7 +29,7 @@ fsType = "vfat"; }; - swapDevices = [ ]; + swapDevices = []; nix.settings = { max-jobs = "auto"; diff --git a/nixos/boxes/cli.nix b/nixos/boxes/cli.nix index 8bdbbc47..b2bf8e95 100644 --- a/nixos/boxes/cli.nix +++ b/nixos/boxes/cli.nix @@ -1,4 +1,8 @@ -{ config, pkgs, ... }: { +{ + config, + pkgs, + ... +}: { environment.systemPackages = with pkgs; [ atop btop diff --git a/nixos/boxes/form3/default.nix b/nixos/boxes/form3/default.nix index 5f828bbc..62b47201 100644 --- a/nixos/boxes/form3/default.nix +++ b/nixos/boxes/form3/default.nix @@ -1,14 +1,21 @@ -{ config, pkgs, inputs, lib, nixpkgs-nixos-unstable-and-unfree, ... }: -let +{ + config, + pkgs, + inputs, + lib, + nixpkgs-nixos-unstable-and-unfree, + ... +}: let system_cert_bundle_path = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; form3_cert_path = ./form3-palo-alto.pem; - form3_cert_bundle = builtins.toFile "form3-cert-bundle.crt" + form3_cert_bundle = + builtins.toFile "form3-cert-bundle.crt" (builtins.readFile system_cert_bundle_path + builtins.readFile form3_cert_path); in { - environment.systemPackages = with pkgs; [ vim nixfmt ]; + environment.systemPackages = with pkgs; [vim nixfmt]; - imports = [ ../../git ../../mercurial ]; + imports = [../../git ../../mercurial]; services.nix-daemon.enable = true; nix = { useDaemon = true; @@ -21,15 +28,11 @@ in { fonts.fontDir.enable = true; fonts.fonts = with pkgs; [ - (runCommand "berkeley-fonts" { } '' + (runCommand "berkeley-fonts" {} '' mkdir -vp "$out/share/fonts/opentype" mkdir -vp "$out/share/fonts/truetype" - ${pkgs.unzip}/bin/unzip ${ - ../../fonts.zip - } \*.otf -d $out/share/fonts/opentype - ${pkgs.unzip}/bin/unzip ${ - ../../fonts.zip - } \*.ttf -d $out/share/fonts/truetype + ${pkgs.unzip}/bin/unzip ${../../fonts.zip} \*.otf -d $out/share/fonts/opentype + ${pkgs.unzip}/bin/unzip ${../../fonts.zip} \*.ttf -d $out/share/fonts/truetype '') nerdfonts @@ -40,7 +43,7 @@ in { source-code-pro weather-icons ]; - security.pki.certificateFiles = [ form3_cert_path system_cert_bundle_path ]; + security.pki.certificateFiles = [form3_cert_path system_cert_bundle_path]; environment.variables = { SSL_CERT_FILE = form3_cert_bundle; NIX_SSL_CERT_FILE = form3_cert_bundle; @@ -51,15 +54,13 @@ in { system.stateVersion = 4; - home-manager.users.cyryl = { ... }: { - imports = [ ]; - home.packages = with pkgs; [ awscli kubectl cargo-update ]; + home-manager.users.cyryl = {...}: { + imports = []; + home.packages = with pkgs; [awscli kubectl cargo-update]; programs.git.userEmail = lib.mkForce "cyryl.plotnicki@form3.tech"; - programs.git.extraConfig.user.signingkey = - "6441B1BC81F8FB1561C9AFF5534222210FE423ED"; + programs.git.extraConfig.user.signingkey = "6441B1BC81F8FB1561C9AFF5534222210FE423ED"; programs.git.extraConfig.commit.gpgsign = true; - programs.git.extraConfig."url \"git@github.com:\"".insteadOf = - "https://github.com/"; + programs.git.extraConfig."url \"git@github.com:\"".insteadOf = "https://github.com/"; programs.gpg.enable = true; programs.gpg.homedir = "/Users/cyryl/.gnupg"; programs.zsh.loginExtra = '' diff --git a/nixos/boxes/foureighty/custom-kernel.nix b/nixos/boxes/foureighty/custom-kernel.nix index 6a931173..8d09e437 100644 --- a/nixos/boxes/foureighty/custom-kernel.nix +++ b/nixos/boxes/foureighty/custom-kernel.nix @@ -1,93 +1,100 @@ -{ config, pkgs, ... }: { +{ + config, + pkgs, + ... +}: { boot.kernelPackages = pkgs.linuxPackages_latest; nixpkgs.overlays = [ (self: super: { buildLinux = x: super.buildLinux ({ - ignoreConfigErrors = true; - enableParallelBuilding = true; - } // x); + ignoreConfigErrors = true; + enableParallelBuilding = true; + } + // x); }) ]; - boot.kernelPatches = [{ - name = "foureighty"; - patch = null; - extraConfig = '' - ACPI_CUSTOM_METHOD n - ACPI_DPTF y - BUG y - CC_STACKPROTECTOR_STRONG y - CPU_IDLE_GOV_HALTPOLL y - CPU_IDLE_GOV_TEO y - DEBUG_CREDENTIALS y - DEBUG_NOTIFIERS y - DEBUG_PI_LIST y - DEBUG_PLIST y - DEBUG_RODATA y - DEBUG_SET_MODULE_RONX y - DEBUG_SG y - DEVMEM y - DPTF_PCH_FIVR m - DPTF_POWER m - ENERGY_MODEL y - FORTIFY_SOURCE y - GCC_PLUGINS y - GCC_PLUGIN_LATENT_ENTROPY y - GCC_PLUGIN_RANDSTRUCT y - GCC_PLUGIN_RANDSTRUCT_PERFORMANCE y - GCC_PLUGIN_STACKLEAK y - GCC_PLUGIN_STRUCTLEAK y - GCC_PLUGIN_STRUCTLEAK_BYREF_ALL y - HARDENED_USERCOPY y - HARDENED_USERCOPY_FALLBACK y - HARDLOCKUP_DETECTOR y - HZ_300 y - INET_DIAG n - INET_DIAG_DESTROY option no - INET_MPTCP_DIAG option no - INET_RAW_DIAG option no - INET_TCP_DIAG option no - INET_UDP_DIAG option no - INIT_ON_ALLOC_DEFAULT_ON y - INIT_ON_FREE_DEFAULT_ON y - INTEL_TXT y - KEXEC n - KFENCE y - LEGACY_VSYSCALL_NONE y - LOCKUP_DETECTOR y - MCORE2 y - NR_CPUS 16 - NUMA_BALANCING y - NUMA_BALANCING_DEFAULT_ENABLED y - PAGE_POISONING y - PAGE_POISONING_NO_SANITY y - PAGE_POISONING_ZERO y - PANIC_TIMEOUT -1 - PM_AUTOSLEEP y - POWER_EFFICIENT_DEFAULT y - PREEMPT y - PREEMPTION y - PREEMPT_COUNT y - PREEMPT_DYNAMIC y - PREEMPT_RCU y - PROC_KCORE n - RANDOMIZE_KSTACK_OFFSET_DEFAULT y - SCHED_CORE y - SCHED_STACK_END_CHECK y - SECURITY_SAFESETID y - SECURITY_SELINUX_DISABLE n - SECURITY_WRITABLE_HOOKS n - SHUFFLE_PAGE_ALLOCATOR y - SLAB_FREELIST_HARDENED y - SLAB_FREELIST_RANDOM y - SLUB_DEBUG y - STRICT_DEVMEM y - STRICT_KERNEL_RWX y - UNINLINE_SPIN_UNLOCK y - WATCH_QUEUE y - X86_INTEL_TSX_MODE_AUTO y - X86_SGX y - X86_SGX_KVM y - ''; - }]; + boot.kernelPatches = [ + { + name = "foureighty"; + patch = null; + extraConfig = '' + ACPI_CUSTOM_METHOD n + ACPI_DPTF y + BUG y + CC_STACKPROTECTOR_STRONG y + CPU_IDLE_GOV_HALTPOLL y + CPU_IDLE_GOV_TEO y + DEBUG_CREDENTIALS y + DEBUG_NOTIFIERS y + DEBUG_PI_LIST y + DEBUG_PLIST y + DEBUG_RODATA y + DEBUG_SET_MODULE_RONX y + DEBUG_SG y + DEVMEM y + DPTF_PCH_FIVR m + DPTF_POWER m + ENERGY_MODEL y + FORTIFY_SOURCE y + GCC_PLUGINS y + GCC_PLUGIN_LATENT_ENTROPY y + GCC_PLUGIN_RANDSTRUCT y + GCC_PLUGIN_RANDSTRUCT_PERFORMANCE y + GCC_PLUGIN_STACKLEAK y + GCC_PLUGIN_STRUCTLEAK y + GCC_PLUGIN_STRUCTLEAK_BYREF_ALL y + HARDENED_USERCOPY y + HARDENED_USERCOPY_FALLBACK y + HARDLOCKUP_DETECTOR y + HZ_300 y + INET_DIAG n + INET_DIAG_DESTROY option no + INET_MPTCP_DIAG option no + INET_RAW_DIAG option no + INET_TCP_DIAG option no + INET_UDP_DIAG option no + INIT_ON_ALLOC_DEFAULT_ON y + INIT_ON_FREE_DEFAULT_ON y + INTEL_TXT y + KEXEC n + KFENCE y + LEGACY_VSYSCALL_NONE y + LOCKUP_DETECTOR y + MCORE2 y + NR_CPUS 16 + NUMA_BALANCING y + NUMA_BALANCING_DEFAULT_ENABLED y + PAGE_POISONING y + PAGE_POISONING_NO_SANITY y + PAGE_POISONING_ZERO y + PANIC_TIMEOUT -1 + PM_AUTOSLEEP y + POWER_EFFICIENT_DEFAULT y + PREEMPT y + PREEMPTION y + PREEMPT_COUNT y + PREEMPT_DYNAMIC y + PREEMPT_RCU y + PROC_KCORE n + RANDOMIZE_KSTACK_OFFSET_DEFAULT y + SCHED_CORE y + SCHED_STACK_END_CHECK y + SECURITY_SAFESETID y + SECURITY_SELINUX_DISABLE n + SECURITY_WRITABLE_HOOKS n + SHUFFLE_PAGE_ALLOCATOR y + SLAB_FREELIST_HARDENED y + SLAB_FREELIST_RANDOM y + SLUB_DEBUG y + STRICT_DEVMEM y + STRICT_KERNEL_RWX y + UNINLINE_SPIN_UNLOCK y + WATCH_QUEUE y + X86_INTEL_TSX_MODE_AUTO y + X86_SGX y + X86_SGX_KVM y + ''; + } + ]; } diff --git a/nixos/boxes/foureighty/default.nix b/nixos/boxes/foureighty/default.nix index 975a7776..e36390af 100644 --- a/nixos/boxes/foureighty/default.nix +++ b/nixos/boxes/foureighty/default.nix @@ -1,4 +1,11 @@ -{ config, pkgs, inputs, lib, nixpkgs-nixos-unstable-and-unfree, ... }: { +{ + config, + pkgs, + inputs, + lib, + nixpkgs-nixos-unstable-and-unfree, + ... +}: { networking.hostName = "foureighty"; imports = [ @@ -16,9 +23,9 @@ ../../mercurial ]; - fileSystems."/" = { options = [ "compress=zstd" ]; }; + fileSystems."/" = {options = ["compress=zstd"];}; - boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; + boot.binfmt.emulatedSystems = ["aarch64-linux"]; boot.plymouth = { enable = true; logo = ./boot.png; @@ -55,13 +62,12 @@ buttonMapping = "1 0 3 4 5 6 7 8 9 10"; }; }; - }; - services.fprintd = { enable = true; }; + services.fprintd = {enable = true;}; programs.ccache.enable = true; - home-manager.users.cyryl = { ... }: { - imports = [ ../../home-manager/programs/alacritty.nix ]; + home-manager.users.cyryl = {...}: { + imports = [../../home-manager/programs/alacritty.nix]; home.packages = [ inputs.nixpkgs-nixos-unstable.legacyPackages."x86_64-linux".bisq-desktop ]; diff --git a/nixos/boxes/foureighty/hardware-configuration.nix b/nixos/boxes/foureighty/hardware-configuration.nix index 85140687..a3986d72 100644 --- a/nixos/boxes/foureighty/hardware-configuration.nix +++ b/nixos/boxes/foureighty/hardware-configuration.nix @@ -1,11 +1,16 @@ -{ config, lib, pkgs, inputs, ... }: { +{ + config, + lib, + pkgs, + inputs, + ... +}: { boot = { - kernelModules = [ "kvm-intel" ]; + kernelModules = ["kvm-intel"]; initrd = { - kernelModules = [ "dm-snapshot" ]; - availableKernelModules = - [ "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; + kernelModules = ["dm-snapshot"]; + availableKernelModules = ["xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod"]; }; loader.systemd-boot.enable = true; @@ -13,9 +18,8 @@ loader.efi.efiSysMountPoint = "/boot/efi"; }; - boot.initrd.secrets = { "/crypto_keyfile.bin" = null; }; - boot.initrd.luks.devices."luks-43a80125-4089-45be-9561-fab93f984916".device = - "/dev/disk/by-uuid/43a80125-4089-45be-9561-fab93f984916"; + boot.initrd.secrets = {"/crypto_keyfile.bin" = null;}; + boot.initrd.luks.devices."luks-43a80125-4089-45be-9561-fab93f984916".device = "/dev/disk/by-uuid/43a80125-4089-45be-9561-fab93f984916"; fileSystems."/boot/efi" = { device = "/dev/disk/by-uuid/D6C0-1A9D"; @@ -25,10 +29,10 @@ fileSystems."/" = { device = "/dev/disk/by-uuid/98f3597c-183a-45fb-b2a4-b598c18d089a"; fsType = "btrfs"; - options = [ "subvol=@" ]; + options = ["subvol=@"]; }; - swapDevices = [ ]; + swapDevices = []; nix.settings = { max-jobs = 7; diff --git a/nixos/boxes/foureighty/lte-modem.nix b/nixos/boxes/foureighty/lte-modem.nix index a95fa593..9b0f4df2 100644 --- a/nixos/boxes/foureighty/lte-modem.nix +++ b/nixos/boxes/foureighty/lte-modem.nix @@ -1,5 +1,9 @@ -{ config, pkgs, ... }: { - environment.systemPackages = with pkgs; [ libqmi ]; - boot.extraModulePackages = with pkgs; [ libqmi ]; - boot.kernelModules = [ "qmi_wwan" "qcserial" ]; +{ + config, + pkgs, + ... +}: { + environment.systemPackages = with pkgs; [libqmi]; + boot.extraModulePackages = with pkgs; [libqmi]; + boot.kernelModules = ["qmi_wwan" "qcserial"]; } diff --git a/nixos/boxes/foureighty/nvidia.nix b/nixos/boxes/foureighty/nvidia.nix index 6ad7b0f3..da12f86c 100644 --- a/nixos/boxes/foureighty/nvidia.nix +++ b/nixos/boxes/foureighty/nvidia.nix @@ -1,6 +1,4 @@ -{ pkgs, ... }: - -let +{pkgs, ...}: let nvidia-offload = pkgs.writeShellScriptBin "nvidia-offload" '' export __NV_PRIME_RENDER_OFFLOAD=1 export __NV_PRIME_RENDER_OFFLOAD_PROVIDER=NVIDIA-G0 @@ -17,11 +15,11 @@ let glxinfo | grep vendor; echo OK!; ''; in { - environment.systemPackages = [ nvidia-offload whichgpu nvidiaon ]; + environment.systemPackages = [nvidia-offload whichgpu nvidiaon]; hardware.opengl.enable = true; hardware.opengl.driSupport32Bit = true; - hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [ libva ]; - services.xserver.videoDrivers = [ "nvidia" ]; + hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [libva]; + services.xserver.videoDrivers = ["nvidia"]; hardware.nvidia.prime = { offload.enable = true; # Bus ID of the Intel GPU. You can find it using lspci, either under 3D or VGA diff --git a/nixos/boxes/foureighty/thermal.nix b/nixos/boxes/foureighty/thermal.nix index 69797695..b441249e 100644 --- a/nixos/boxes/foureighty/thermal.nix +++ b/nixos/boxes/foureighty/thermal.nix @@ -1,46 +1,50 @@ -{ config, pkgs, lib, ... }: { - +{ + config, + pkgs, + lib, + ... +}: { boot.extraModprobeConfig = "options thinkpad_acpi fan_control=1"; services.thinkfan = { enable = true; levels = [ - [ 0 0 55 ] - [ 1 48 60 ] - [ 2 50 61 ] - [ 3 52 63 ] - [ 6 56 70 ] - [ 7 65 85 ] - [ "level full-speed" 80 32767 ] + [0 0 55] + [1 48 60] + [2 50 61] + [3 52 63] + [6 56 70] + [7 65 85] + ["level full-speed" 80 32767] ]; sensors = [ { type = "hwmon"; query = "/sys/class/hwmon"; name = "coretemp"; - indices = [ 1 2 3 4 5 ]; + indices = [1 2 3 4 5]; } { type = "hwmon"; query = "/sys/class/hwmon"; name = "nvme"; - indices = [ 1 ]; + indices = [1]; } { type = "hwmon"; query = "/sys/class/hwmon"; name = "acpitz"; - indices = [ 1 ]; + indices = [1]; } { type = "hwmon"; query = "/sys/class/hwmon"; name = "pch_skylake"; - indices = [ 1 ]; + indices = [1]; } { type = "tpacpi"; query = "/proc/acpi/ibm/thermal"; - indices = [ 0 1 ]; + indices = [0 1]; } ]; }; diff --git a/nixos/boxes/homescreen/default.nix b/nixos/boxes/homescreen/default.nix index a0267684..bd348b0d 100644 --- a/nixos/boxes/homescreen/default.nix +++ b/nixos/boxes/homescreen/default.nix @@ -1,13 +1,19 @@ -{ config, pkgs, inputs, lib, ... }: { - imports = [ inputs.nixos-hardware.nixosModules.raspberry-pi-4 ]; +{ + config, + pkgs, + inputs, + lib, + ... +}: { + imports = [inputs.nixos-hardware.nixosModules.raspberry-pi-4]; networking = { hostName = "homescreen"; - networkmanager = { enable = true; }; + networkmanager = {enable = true;}; }; hardware.enableRedistributableFirmware = true; - environment.systemPackages = with pkgs; [ neovim htop btop atop ]; + environment.systemPackages = with pkgs; [neovim htop btop atop]; services.fail2ban.enable = true; @@ -32,7 +38,7 @@ users = { mutableUsers = false; - users.kiosk = { isNormalUser = true; }; + users.kiosk = {isNormalUser = true;}; }; users.extraUsers.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEo4R+6J3h6Ix3xWpOMdU7Es1/YxFchHw0c+kcCOJxFb cyryl@foureighty" @@ -41,12 +47,12 @@ "/" = { device = "/dev/disk/by-label/NIXOS_SD"; fsType = "ext4"; - options = [ "noatime" ]; + options = ["noatime"]; }; "/boot/firmware" = { device = "/dev/disk/by-label/FIRMWARE"; fsType = "vfat"; - options = [ "nofail" "noauto" ]; + options = ["nofail" "noauto"]; }; }; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; diff --git a/nixos/boxes/homescreen/homeassistant.nix b/nixos/boxes/homescreen/homeassistant.nix index a7675e1c..4609c44c 100644 --- a/nixos/boxes/homescreen/homeassistant.nix +++ b/nixos/boxes/homescreen/homeassistant.nix @@ -1,29 +1,33 @@ -{ config, pkgs, ... }: { - +{ + config, + pkgs, + ... +}: { services.home-assistant = { enable = true; openFirewall = true; - package = (pkgs.home-assistant.override { - extraPackages = ps: with ps; [ ]; - extraComponents = [ - "api" - "auth" - "cloud" - "config" - "default_config" - "http" - "mobile_app" - "onboarding" - "search" - "ssdp" - "system_log" - "tts" - "websocket_api" - "zeroconf" - "zwave" - ]; - }).overridePythonAttrs { doCheck = false; }; + package = + (pkgs.home-assistant.override { + extraPackages = ps: with ps; []; + extraComponents = [ + "api" + "auth" + "cloud" + "config" + "default_config" + "http" + "mobile_app" + "onboarding" + "search" + "ssdp" + "system_log" + "tts" + "websocket_api" + "zeroconf" + "zwave" + ]; + }) + .overridePythonAttrs {doCheck = false;}; }; - } diff --git a/nixos/boxes/macmini/default.nix b/nixos/boxes/macmini/default.nix index 6ea6b767..cc72f170 100644 --- a/nixos/boxes/macmini/default.nix +++ b/nixos/boxes/macmini/default.nix @@ -1,7 +1,14 @@ -{ config, pkgs, inputs, lib, nixpkgs-nixos-unstable-and-unfree, ... }: { - environment.systemPackages = with pkgs; [ vim nixfmt ]; +{ + config, + pkgs, + inputs, + lib, + nixpkgs-nixos-unstable-and-unfree, + ... +}: { + environment.systemPackages = with pkgs; [vim nixfmt]; - imports = [ ../../git ../../mercurial ]; + imports = [../../git ../../mercurial]; services.nix-daemon.enable = true; nix = { useDaemon = true; @@ -38,8 +45,8 @@ system.stateVersion = 4; - home-manager.users.cyryl = { ... }: { - imports = [ ]; - home.packages = [ ]; + home-manager.users.cyryl = {...}: { + imports = []; + home.packages = []; }; } diff --git a/nixos/boxes/nginx.nix b/nixos/boxes/nginx.nix index d20a1af2..195b5e62 100644 --- a/nixos/boxes/nginx.nix +++ b/nixos/boxes/nginx.nix @@ -1,5 +1,9 @@ -{ config, pkgs, ... }: { - networking.firewall.allowedTCPPorts = [ 80 443 ]; +{ + config, + pkgs, + ... +}: { + networking.firewall.allowedTCPPorts = [80 443]; services.nginx = { enable = true; statusPage = true; diff --git a/nixos/boxes/skinnyv/default.nix b/nixos/boxes/skinnyv/default.nix index 7853933c..8c54dbe4 100644 --- a/nixos/boxes/skinnyv/default.nix +++ b/nixos/boxes/skinnyv/default.nix @@ -1,4 +1,8 @@ -{ config, pkgs, ... }: { +{ + config, + pkgs, + ... +}: { networking.hostName = "skinnyv"; imports = [ @@ -19,7 +23,7 @@ time.timeZone = "Europe/London"; services.thermald.enable = true; - home-manager.users.cyryl = { ... }: { - imports = [ ../../home-manager/programs/kitty.nix ]; + home-manager.users.cyryl = {...}: { + imports = [../../home-manager/programs/kitty.nix]; }; } diff --git a/nixos/boxes/skinnyv/hardware-configuration.nix b/nixos/boxes/skinnyv/hardware-configuration.nix index 833c333e..ee69423a 100644 --- a/nixos/boxes/skinnyv/hardware-configuration.nix +++ b/nixos/boxes/skinnyv/hardware-configuration.nix @@ -1,33 +1,37 @@ -{ config, lib, pkgs, modulesPath, ... }: - { - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [(modulesPath + "/installer/scan/not-detected.nix")]; - boot.initrd.availableKernelModules = - [ "xhci_pci" "ahci" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usb_storage" "sd_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; fileSystems."/" = { device = "/dev/disk/by-uuid/9dba116f-c9fe-403a-a8e2-f9fdab23f1f1"; fsType = "btrfs"; - options = [ "compress=zstd" ]; + options = ["compress=zstd"]; }; - boot.initrd.luks.devices."crypt".device = - "/dev/disk/by-uuid/0c192a18-178f-4598-a1ed-5295ef2abdc4"; + boot.initrd.luks.devices."crypt".device = "/dev/disk/by-uuid/0c192a18-178f-4598-a1ed-5295ef2abdc4"; fileSystems."/boot" = { device = "/dev/disk/by-uuid/0A6A-AAFC"; fsType = "vfat"; }; - swapDevices = [{ - device = "/swapfile"; - size = 16 * 1024; - priority = 1; - }]; + swapDevices = [ + { + device = "/swapfile"; + size = 16 * 1024; + priority = 1; + } + ]; zramSwap = { enable = true; diff --git a/nixos/boxes/thinky/default.nix b/nixos/boxes/thinky/default.nix index 9198f210..e68f1415 100644 --- a/nixos/boxes/thinky/default.nix +++ b/nixos/boxes/thinky/default.nix @@ -1,4 +1,8 @@ -{ config, pkgs, ... }: { +{ + config, + pkgs, + ... +}: { networking.hostName = "thinky"; imports = [ @@ -23,7 +27,7 @@ algorithm = "zstd"; memoryPercent = 50; }; - home-manager.users.cyryl = { ... }: { - imports = [ ../../home-manager/programs/termite.nix ]; + home-manager.users.cyryl = {...}: { + imports = [../../home-manager/programs/termite.nix]; }; } diff --git a/nixos/boxes/thinky/hardware-configuration.nix b/nixos/boxes/thinky/hardware-configuration.nix index 39dbccdd..767c870a 100644 --- a/nixos/boxes/thinky/hardware-configuration.nix +++ b/nixos/boxes/thinky/hardware-configuration.nix @@ -1,11 +1,16 @@ -{ config, lib, pkgs, inputs, ... }: { +{ + config, + lib, + pkgs, + inputs, + ... +}: { boot = { - kernelModules = [ "kvm-intel" ]; + kernelModules = ["kvm-intel"]; initrd = { - kernelModules = [ "dm-snapshot" ]; - availableKernelModules = - [ "ata_generic" "uhci_hcd" "ehci_pci" "ahci" "usb_storage" "sd_mod" ]; + kernelModules = ["dm-snapshot"]; + availableKernelModules = ["ata_generic" "uhci_hcd" "ehci_pci" "ahci" "usb_storage" "sd_mod"]; }; loader.grub.enable = true; @@ -18,15 +23,14 @@ fsType = "btrfs"; }; - boot.initrd.luks.devices."crypt".device = - "/dev/disk/by-uuid/8d51b38a-5d90-4a7a-a86a-0d57648fd82d"; + boot.initrd.luks.devices."crypt".device = "/dev/disk/by-uuid/8d51b38a-5d90-4a7a-a86a-0d57648fd82d"; fileSystems."/boot" = { device = "/dev/disk/by-uuid/195b3f15-885e-4123-879f-6e4591a58317"; fsType = "ext2"; }; - swapDevices = [ ]; + swapDevices = []; nix.settings = { max-jobs = 2; diff --git a/nixos/boxes/vm.nix b/nixos/boxes/vm.nix index b5273e0c..362d29d8 100644 --- a/nixos/boxes/vm.nix +++ b/nixos/boxes/vm.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: { +{ + config, + pkgs, + lib, + ... +}: { time.timeZone = "Europe/London"; services.xserver.desktopManager.plasma5.enable = lib.mkForce false; @@ -7,6 +12,5 @@ virtualisation.virtualbox.guest.enable = true; virtualisation.virtualbox.guest.x11 = true; - imports = - [ ../common.nix ]; + imports = [ ../common.nix]; } diff --git a/nixos/boxes/vpsfree1/backups.nix b/nixos/boxes/vpsfree1/backups.nix index 8629a3fd..cf5d7a8d 100644 --- a/nixos/boxes/vpsfree1/backups.nix +++ b/nixos/boxes/vpsfree1/backups.nix @@ -1,10 +1,12 @@ -{ config, pkgs, ... }: -let +{ + config, + pkgs, + ... +}: let genericBackupPath = "/var/lib/backups/"; containersBackupPath = "${genericBackupPath}/oci-containers/"; in rec { - - environment.systemPackages = with pkgs; [ restic ]; + environment.systemPackages = with pkgs; [restic]; sops.secrets."restic-backups-b2-repo-password" = { sopsFile = ./restic.sops.yaml; @@ -28,9 +30,8 @@ in rec { mkdir -p ${containersBackupPath}/ ${pkgs.podman}/bin/podman volume export woodpecker-server-data -o ${containersBackupPath}/woodpecker.tar ''; - timerConfig = { OnCalendar = "hourly"; }; - environmentFile = - "${config.sops.secrets.restic-backups-b2-environment.path}"; + timerConfig = {OnCalendar = "hourly";}; + environmentFile = "${config.sops.secrets.restic-backups-b2-environment.path}"; }; }; diff --git a/nixos/boxes/vpsfree1/blog.cyplo.net.nix b/nixos/boxes/vpsfree1/blog.cyplo.net.nix index 8ce946d9..c9f863d2 100644 --- a/nixos/boxes/vpsfree1/blog.cyplo.net.nix +++ b/nixos/boxes/vpsfree1/blog.cyplo.net.nix @@ -1,8 +1,11 @@ -{ config, pkgs, inputs, lib, ... }: - { - - imports = [ ../nginx.nix ]; + config, + pkgs, + inputs, + lib, + ... +}: { + imports = [../nginx.nix]; services.nginx = { virtualHosts = { @@ -13,5 +16,4 @@ }; }; }; - } diff --git a/nixos/boxes/vpsfree1/cryptpad.nix b/nixos/boxes/vpsfree1/cryptpad.nix index d83a35c4..9c97285a 100644 --- a/nixos/boxes/vpsfree1/cryptpad.nix +++ b/nixos/boxes/vpsfree1/cryptpad.nix @@ -1,15 +1,18 @@ -{ config, pkgs, inputs, lib, ... }: - { - - imports = [ ../nginx.nix ]; + config, + pkgs, + inputs, + lib, + ... +}: { + imports = [../nginx.nix]; services.nginx = { virtualHosts = { "notes.purrfect.estate" = { forceSSL = true; enableACME = true; - serverAliases = [ "notes-sandbox.purrfect.estate" ]; + serverAliases = ["notes-sandbox.purrfect.estate"]; locations."/" = { proxyPass = "http://127.0.0.1:9005"; proxyWebsockets = true; @@ -36,7 +39,6 @@ CPAD_TRUSTED_PROXY = "0.0.0.0/0"; CPAD_HTTP2_DISABLE = "true"; }; - ports = [ "9005:80" ]; + ports = ["9005:80"]; }; - } diff --git a/nixos/boxes/vpsfree1/default.nix b/nixos/boxes/vpsfree1/default.nix index 05e1c966..4e99e1e3 100644 --- a/nixos/boxes/vpsfree1/default.nix +++ b/nixos/boxes/vpsfree1/default.nix @@ -1,4 +1,10 @@ -{ config, pkgs, inputs, lib, ... }: { +{ + config, + pkgs, + inputs, + lib, + ... +}: { networking.hostName = "vpsfree1"; imports = [ @@ -24,7 +30,7 @@ DefaultTimeoutStartSec=900s ''; - boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; + boot.binfmt.emulatedSystems = ["aarch64-linux"]; time.timeZone = "Europe/London"; nix.settings.cores = 8; } diff --git a/nixos/boxes/vpsfree1/fossil.nix b/nixos/boxes/vpsfree1/fossil.nix index 386533bd..4dfaa8e8 100644 --- a/nixos/boxes/vpsfree1/fossil.nix +++ b/nixos/boxes/vpsfree1/fossil.nix @@ -1,72 +1,85 @@ -{ config, pkgs, inputs, lib, ... }: -let +{ + config, + pkgs, + inputs, + lib, + ... +}: let port = 8081; domain = "fossil.cyplo.dev"; baseurl = "https://${domain}"; path = "/var/lib/fossil"; in { - imports = [ ../nginx.nix ]; + imports = [../nginx.nix]; services.nginx = { virtualHosts = { "${domain}" = { forceSSL = true; enableACME = true; - locations."/" = { proxyPass = "http://localhost:" + toString port; }; + locations."/" = {proxyPass = "http://localhost:" + toString port;}; }; }; }; containers.fossil = { autoStart = true; - forwardPorts = [{ - containerPort = port; - hostPort = port; - }]; + forwardPorts = [ + { + containerPort = port; + hostPort = port; + } + ]; bindMounts = { "${path}" = { hostPath = "${path}"; isReadOnly = false; }; }; - config = { config, pkgs, ... }: - let - user = "fossil"; - group = "fossil"; - in { - system.stateVersion = "22.05"; - environment.systemPackages = [ pkgs.fossil ]; - users.groups = { "${group}" = { }; }; - users.users = { - fossil = { - inherit group; - description = "Fossil Service"; - home = path; - useDefaultShell = true; - isSystemUser = true; - }; - }; - - systemd.tmpfiles.rules = [ "d '${path}' 0770 ${user} ${group} - -" ]; - systemd.services.fossil = { - description = "fossil server"; - after = [ "network-online.target" ]; - wantedBy = [ "multi-user.target" ]; - path = [ pkgs.fossil pkgs.git ]; - - serviceConfig = { - User = user; - Group = group; - WorkingDirectory = path; - ReadWritePaths = [ path ]; - ExecStart = "${pkgs.fossil}/bin/fossil server" + " --localhost" - + " --https" + " --port ${toString port}" - + " --baseurl ${baseurl}" + " --repolist ${path}"; - Restart = "always"; - RestartSec = 3; - }; - + config = { + config, + pkgs, + ... + }: let + user = "fossil"; + group = "fossil"; + in { + system.stateVersion = "22.05"; + environment.systemPackages = [pkgs.fossil]; + users.groups = {"${group}" = {};}; + users.users = { + fossil = { + inherit group; + description = "Fossil Service"; + home = path; + useDefaultShell = true; + isSystemUser = true; }; }; + + systemd.tmpfiles.rules = ["d '${path}' 0770 ${user} ${group} - -"]; + systemd.services.fossil = { + description = "fossil server"; + after = ["network-online.target"]; + wantedBy = ["multi-user.target"]; + path = [pkgs.fossil pkgs.git]; + + serviceConfig = { + User = user; + Group = group; + WorkingDirectory = path; + ReadWritePaths = [path]; + ExecStart = + "${pkgs.fossil}/bin/fossil server" + + " --localhost" + + " --https" + + " --port ${toString port}" + + " --baseurl ${baseurl}" + + " --repolist ${path}"; + Restart = "always"; + RestartSec = 3; + }; + }; + }; }; } diff --git a/nixos/boxes/vpsfree1/foundryvtt.nix b/nixos/boxes/vpsfree1/foundryvtt.nix index f192a78f..22dc7a82 100644 --- a/nixos/boxes/vpsfree1/foundryvtt.nix +++ b/nixos/boxes/vpsfree1/foundryvtt.nix @@ -1,5 +1,10 @@ -{ config, pkgs, inputs, lib, ... }: -let +{ + config, + pkgs, + inputs, + lib, + ... +}: let foundryvtt = pkgs.fetchzip { name = "foundryvtt"; url = "file:///" + ./FoundryVTT-10.290.zip; @@ -8,7 +13,7 @@ let stripRoot = false; }; in { - imports = [ ../nginx.nix ]; + imports = [../nginx.nix]; services.nginx = { clientMaxBodySize = "300M"; @@ -36,21 +41,27 @@ in { containers.foundryvtt = { autoStart = true; - forwardPorts = [{ - containerPort = 30000; - hostPort = 30000; - }]; + forwardPorts = [ + { + containerPort = 30000; + hostPort = 30000; + } + ]; bindMounts = { "/var/lib/foundryvtt" = { hostPath = "/var/lib/foundryvtt"; isReadOnly = false; }; }; - config = { config, pkgs, ... }: { + config = { + config, + pkgs, + ... + }: { system.stateVersion = "22.05"; systemd.services."foundryvtt" = { - requires = [ "network-online.target" ]; - wantedBy = [ "multi-user.target" ]; + requires = ["network-online.target"]; + wantedBy = ["multi-user.target"]; script = '' mkdir -p /var/lib/foundryvtt ${pkgs.nodejs-18_x}/bin/node ${foundryvtt}/resources/app/main.js --dataPath=/var/lib/foundryvtt @@ -61,15 +72,21 @@ in { }; containers.foundryvtt-test = { autoStart = true; - forwardPorts = [{ - containerPort = 30001; - hostPort = 30001; - }]; - config = { config, pkgs, ... }: { + forwardPorts = [ + { + containerPort = 30001; + hostPort = 30001; + } + ]; + config = { + config, + pkgs, + ... + }: { system.stateVersion = "22.05"; systemd.services."foundryvtt" = { - requires = [ "network-online.target" ]; - wantedBy = [ "multi-user.target" ]; + requires = ["network-online.target"]; + wantedBy = ["multi-user.target"]; script = '' mkdir -p /var/lib/foundryvtt ${pkgs.nodejs-18_x}/bin/node ${foundryvtt}/resources/app/main.js --dataPath=/var/lib/foundryvtt --port=30001 diff --git a/nixos/boxes/vpsfree1/gitea.nix b/nixos/boxes/vpsfree1/gitea.nix index 576975b5..fe850665 100644 --- a/nixos/boxes/vpsfree1/gitea.nix +++ b/nixos/boxes/vpsfree1/gitea.nix @@ -1,5 +1,10 @@ -{ config, pkgs, inputs, lib, ... }: -let +{ + config, + pkgs, + inputs, + lib, + ... +}: let httpPort = 8083; sshPort = 22; domain = "git.cyplo.dev"; @@ -21,18 +26,18 @@ let }; groups."${systemGroupName}" = { inherit gid; - members = [ "${systemUserName}" "nginx" ]; + members = ["${systemUserName}" "nginx"]; }; }; in { - imports = [ ../nginx.nix ]; + imports = [../nginx.nix]; inherit users; - boot.kernel.sysctl = { "net.ipv4.ip_unprivileged_port_start" = 0; }; + boot.kernel.sysctl = {"net.ipv4.ip_unprivileged_port_start" = 0;}; systemd.services.systemd-sysctl.enable = lib.mkForce true; - networking.firewall.allowedTCPPorts = [ sshPort ]; + networking.firewall.allowedTCPPorts = [sshPort]; services.nginx = { virtualHosts = { "${domain}" = { @@ -74,12 +79,19 @@ in { isReadOnly = true; }; }; - config = { config, pkgs, lib, ... }: { + config = { + config, + pkgs, + lib, + ... + }: { system.stateVersion = "22.05"; - users = users // { - mutableUsers = false; - allowNoPasswordLogin = true; - }; + users = + users + // { + mutableUsers = false; + allowNoPasswordLogin = true; + }; services.gitea = { inherit domain httpPort; enable = true; @@ -104,7 +116,6 @@ in { IS_TLS_ENABLED = true; USER = "postmaster@${emailDomain}"; }; - }; }; }; diff --git a/nixos/boxes/vpsfree1/mastodon.nix b/nixos/boxes/vpsfree1/mastodon.nix index ecd3c754..50e48733 100644 --- a/nixos/boxes/vpsfree1/mastodon.nix +++ b/nixos/boxes/vpsfree1/mastodon.nix @@ -1,5 +1,10 @@ -{ config, pkgs, inputs, lib, ... }: -let +{ + config, + pkgs, + inputs, + lib, + ... +}: let domain = "peninsula.industries"; streamingPort = 55000; webPort = 55001; @@ -22,7 +27,7 @@ let }; groups."${systemGroupName}" = { inherit gid; - members = [ "${systemUserName}" "nginx" ]; + members = ["${systemUserName}" "nginx"]; }; }; secretSettings = { @@ -33,7 +38,7 @@ let package = inputs.nixpkgs-nixos-unstable.legacyPackages."${pkgs.system}".mastodon; in { - imports = [ ../nginx.nix ]; + imports = [../nginx.nix]; services.nginx = { virtualHosts = { @@ -42,7 +47,7 @@ in { enableACME = true; root = "${package}/public/"; - locations."/" = { tryFiles = "$uri @proxy"; }; + locations."/" = {tryFiles = "$uri @proxy";}; locations."/system/".alias = "${publicPath}"; locations."@proxy" = { @@ -57,14 +62,18 @@ in { }; }; - sops.secrets."${mailgunSmtpSecretName}" = { - sopsFile = ./mailgun.sops.yaml; - path = mailgunSmtpPasswordPath; - } // secretSettings; - sops.secrets."${mastodonDbSecretName}" = { - sopsFile = ./mastodon-db.sops.yaml; - path = mastodonDbSecretPath; - } // secretSettings; + sops.secrets."${mailgunSmtpSecretName}" = + { + sopsFile = ./mailgun.sops.yaml; + path = mailgunSmtpPasswordPath; + } + // secretSettings; + sops.secrets."${mastodonDbSecretName}" = + { + sopsFile = ./mastodon-db.sops.yaml; + path = mastodonDbSecretPath; + } + // secretSettings; inherit users; @@ -84,7 +93,7 @@ in { ProtectSystem = "strict"; ReadWritePaths = path; }; - before = [ "container@mastodon.service" ]; + before = ["container@mastodon.service"]; }; containers.mastodon = { @@ -113,13 +122,20 @@ in { isReadOnly = true; }; }; - config = { config, pkgs, lib, ... }: { + config = { + config, + pkgs, + lib, + ... + }: { system.stateVersion = "22.05"; services.postgresql.port = postgresPort; - users = users // { - mutableUsers = false; - allowNoPasswordLogin = true; - }; + users = + users + // { + mutableUsers = false; + allowNoPasswordLogin = true; + }; services.mastodon = { enable = true; inherit package; @@ -151,6 +167,5 @@ in { }; }; }; - }; } diff --git a/nixos/boxes/vpsfree1/matrix-front.nix b/nixos/boxes/vpsfree1/matrix-front.nix index b543e90d..807fd719 100644 --- a/nixos/boxes/vpsfree1/matrix-front.nix +++ b/nixos/boxes/vpsfree1/matrix-front.nix @@ -1,21 +1,24 @@ -{ config, pkgs, ... }: { - +{ + config, + pkgs, + ... +}: { services.nginx = { virtualHosts = { "cyplo.dev" = { forceSSL = true; enableACME = true; - locations."= /.well-known/matrix/server".extraConfig = - let server = { "m.server" = "cyplo.dev:443"; }; - in '' - add_header Content-Type application/json; - return 200 '${builtins.toJSON server}'; - ''; + locations."= /.well-known/matrix/server".extraConfig = let + server = {"m.server" = "cyplo.dev:443";}; + in '' + add_header Content-Type application/json; + return 200 '${builtins.toJSON server}'; + ''; locations."= /.well-known/matrix/client".extraConfig = let client = { - "m.homeserver" = { "base_url" = "https://cyplo.dev"; }; - "m.identity_server" = { "base_url" = "https://vector.im"; }; + "m.homeserver" = {"base_url" = "https://cyplo.dev";}; + "m.identity_server" = {"base_url" = "https://vector.im";}; }; in '' add_header Content-Type application/json; @@ -33,5 +36,4 @@ }; }; }; - } diff --git a/nixos/boxes/vpsfree1/rss.nix b/nixos/boxes/vpsfree1/rss.nix index 51b11abf..082c0a38 100644 --- a/nixos/boxes/vpsfree1/rss.nix +++ b/nixos/boxes/vpsfree1/rss.nix @@ -1,63 +1,74 @@ -{ config, pkgs, inputs, lib, ... }: -let +{ + config, + pkgs, + inputs, + lib, + ... +}: let port = 8080; domain = "news.cyplo.dev"; in { - imports = [ ../nginx.nix ]; + imports = [../nginx.nix]; services.nginx = { virtualHosts = { "${domain}" = { forceSSL = true; enableACME = true; - locations."/" = { proxyPass = "http://127.0.0.1:" + toString port; }; + locations."/" = {proxyPass = "http://127.0.0.1:" + toString port;}; }; }; }; containers.rss = { autoStart = true; - forwardPorts = [{ - containerPort = port; - hostPort = port; - }]; - config = { config, pkgs, ... }: - let - inherit (config.services.tt-rss) pool; - inherit (config.services.tt-rss) root; - in { - system.stateVersion = "22.05"; - services.tt-rss = { - enable = true; - selfUrlPath = "https://${domain}"; - virtualHost = null; - registration.enable = false; - simpleUpdateMode = true; - }; - services.nginx = { - enable = true; - virtualHosts = { - "${domain}" = { - listen = [{ + forwardPorts = [ + { + containerPort = port; + hostPort = port; + } + ]; + config = { + config, + pkgs, + ... + }: let + inherit (config.services.tt-rss) pool; + inherit (config.services.tt-rss) root; + in { + system.stateVersion = "22.05"; + services.tt-rss = { + enable = true; + selfUrlPath = "https://${domain}"; + virtualHost = null; + registration.enable = false; + simpleUpdateMode = true; + }; + services.nginx = { + enable = true; + virtualHosts = { + "${domain}" = { + listen = [ + { inherit port; addr = "0.0.0.0"; - }]; - root = "${root}/www"; - locations."/" = { index = "index.php"; }; - locations."^~ /feed-icons" = { root = "${root}"; }; - locations."~ \\.php$" = { - extraConfig = '' - fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_pass unix:${ - config.services.phpfpm.pools.${pool}.socket - }; - fastcgi_index index.php; - ''; - }; + } + ]; + root = "${root}/www"; + locations."/" = {index = "index.php";}; + locations."^~ /feed-icons" = {root = "${root}";}; + locations."~ \\.php$" = { + extraConfig = '' + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass unix:${ + config.services.phpfpm.pools.${pool}.socket + }; + fastcgi_index index.php; + ''; }; }; }; }; + }; }; - } diff --git a/nixos/boxes/vpsfree1/search.nix b/nixos/boxes/vpsfree1/search.nix index 842b7b27..5e530dd9 100644 --- a/nixos/boxes/vpsfree1/search.nix +++ b/nixos/boxes/vpsfree1/search.nix @@ -1,5 +1,8 @@ -{ config, pkgs, ... }: { - +{ + config, + pkgs, + ... +}: { services.nginx = { virtualHosts = { "search.cyplo.dev" = { @@ -12,7 +15,7 @@ proxy_send_timeout 60s; proxy_read_timeout 60s; ''; - locations."/" = { proxyPass = "http://localhost:8888"; }; + locations."/" = {proxyPass = "http://localhost:8888";}; }; }; }; @@ -25,4 +28,3 @@ }; }; } - diff --git a/nixos/boxes/vpsfree1/ssh.nix b/nixos/boxes/vpsfree1/ssh.nix index 5f9ead09..fb6a979a 100644 --- a/nixos/boxes/vpsfree1/ssh.nix +++ b/nixos/boxes/vpsfree1/ssh.nix @@ -1,9 +1,13 @@ -{ config, pkgs, ... }: -let port = 2222; +{ + config, + pkgs, + ... +}: let + port = 2222; in { services.openssh = { enable = true; - ports = [ port ]; + ports = [port]; }; - networking.firewall.allowedTCPPorts = [ port ]; + networking.firewall.allowedTCPPorts = [port]; } diff --git a/nixos/boxes/vpsfree1/syncthing-relay.nix b/nixos/boxes/vpsfree1/syncthing-relay.nix index d9f3228c..2cd46b54 100644 --- a/nixos/boxes/vpsfree1/syncthing-relay.nix +++ b/nixos/boxes/vpsfree1/syncthing-relay.nix @@ -1,9 +1,14 @@ -{ config, pkgs, inputs, lib, ... }: { - - networking.firewall.allowedTCPPorts = [ 22067 22070 ]; +{ + config, + pkgs, + inputs, + lib, + ... +}: { + networking.firewall.allowedTCPPorts = [22067 22070]; services.syncthing.relay = { enable = true; listenAddress = "vpsfree1.cyplo.github.beta.tailscale.net"; - pools = [ "" ]; # private relay + pools = [""]; # private relay }; } diff --git a/nixos/boxes/vpsfree1/vpsfree1-vpsadminos.nix b/nixos/boxes/vpsfree1/vpsfree1-vpsadminos.nix index ee8cdb4e..87deb16a 100644 --- a/nixos/boxes/vpsfree1/vpsfree1-vpsadminos.nix +++ b/nixos/boxes/vpsfree1/vpsfree1-vpsadminos.nix @@ -5,21 +5,27 @@ # from vpsAdminOS repository: # # https://github.com/vpsfreecz/vpsadminos/blob/staging/os/lib/nixos-container/vpsadminos.nix - -{ config, pkgs, lib, ... }: -with lib; -let nameservers = [ "1.1.1.1" "2606:4700:4700::1111" ]; +{ + config, + pkgs, + lib, + ... +}: +with lib; let + nameservers = ["1.1.1.1" "2606:4700:4700::1111"]; in { networking.nameservers = mkDefault nameservers; - services.resolved = mkDefault { fallbackDns = nameservers; }; + services.resolved = mkDefault {fallbackDns = nameservers;}; networking.dhcpcd.extraConfig = "noipv4ll"; systemd.services.systemd-sysctl.enable = false; systemd.sockets."systemd-journald-audit".enable = false; - systemd.mounts = [{ - where = "/sys/kernel/debug"; - enable = false; - }]; + systemd.mounts = [ + { + where = "/sys/kernel/debug"; + enable = false; + } + ]; systemd.services.systemd-udev-trigger.enable = false; systemd.services.rpc-gssd.enable = false; @@ -27,7 +33,8 @@ in { boot.enableContainers = mkDefault true; boot.loader.initScript.enable = true; boot.specialFileSystems."/run/keys".fsType = mkForce "tmpfs"; - boot.systemdExecutable = mkDefault + boot.systemdExecutable = + mkDefault "/run/current-system/systemd/lib/systemd/systemd systemd.unified_cgroup_hierarchy=0"; # Overrides for @@ -39,10 +46,10 @@ in { # Bring up the network, /ifcfg.{add,del} are supplied by the vpsAdminOS host systemd.services.networking-setup = { description = "Load network configuration provided by the vpsAdminOS host"; - before = [ "network.target" ]; - wantedBy = [ "network.target" ]; - after = [ "network-pre.target" ]; - path = [ pkgs.iproute ]; + before = ["network.target"]; + wantedBy = ["network.target"]; + after = ["network-pre.target"]; + path = [pkgs.iproute]; serviceConfig = { Type = "oneshot"; RemainAfterExit = true; diff --git a/nixos/boxes/vpsfree1/woodpecker.nix b/nixos/boxes/vpsfree1/woodpecker.nix index 95d88c23..51908401 100644 --- a/nixos/boxes/vpsfree1/woodpecker.nix +++ b/nixos/boxes/vpsfree1/woodpecker.nix @@ -1,27 +1,30 @@ -{ config, pkgs, inputs, lib, ... }: -let +{ + config, + pkgs, + inputs, + lib, + ... +}: let httpPort = 8000; agentPort = 9000; domain = "ci.cyplo.dev"; path = "/var/lib/woodpecker"; serverContainerName = "woodpecker-server"; agent = { - dependsOn = [ "${serverContainerName}" ]; - volumes = [ "/var/run/podman/podman.sock:/var/run/docker.sock" ]; - image = - "woodpeckerci/woodpecker-agent@sha256:9a98e25ca6fcf7c437ad355cfce53a696c55b9864399a4d456429a20bfb44545"; - environmentFiles = [ "${config.sops.secrets.gitea-env.path}" ]; + dependsOn = ["${serverContainerName}"]; + volumes = ["/var/run/podman/podman.sock:/var/run/docker.sock"]; + image = "woodpeckerci/woodpecker-agent@sha256:9a98e25ca6fcf7c437ad355cfce53a696c55b9864399a4d456429a20bfb44545"; + environmentFiles = ["${config.sops.secrets.gitea-env.path}"]; environment = { WOODPECKER_SERVER = "${serverContainerName}:${toString agentPort}"; WOODPECKER_MAX_PROCS = "1"; WOODPECKER_DEBUG_PRETTY = "true"; WOODPECKER_LOG_LEVEL = "info"; }; - extraOptions = [ "--network=woodpecker" ]; + extraOptions = ["--network=woodpecker"]; }; - in { - imports = [ ../nginx.nix ]; + imports = [../nginx.nix]; services.nginx = { virtualHosts = { @@ -43,10 +46,9 @@ in { virtualisation.podman.defaultNetwork.dnsname.enable = true; virtualisation.oci-containers.containers = { "${serverContainerName}" = { - image = - "woodpeckerci/woodpecker-server@sha256:e6027e46a782d50790183b7274a2a2ad3a6c6fb9a645e6af81a16419613c28ea"; - volumes = [ "woodpecker-server-data:${path}" ]; - environmentFiles = [ "${config.sops.secrets.gitea-env.path}" ]; + image = "woodpeckerci/woodpecker-server@sha256:e6027e46a782d50790183b7274a2a2ad3a6c6fb9a645e6af81a16419613c28ea"; + volumes = ["woodpecker-server-data:${path}"]; + environmentFiles = ["${config.sops.secrets.gitea-env.path}"]; environment = { WOODPECKER_OPEN = "false"; WOODPECKER_ADMIN = "cyplo"; @@ -54,13 +56,12 @@ in { WOODPECKER_GITEA = "true"; WOODPECKER_GITEA_URL = "https://git.cyplo.dev"; }; - ports = [ "${toString httpPort}:${toString httpPort}" ]; - extraOptions = [ "--network=woodpecker" ]; + ports = ["${toString httpPort}:${toString httpPort}"]; + extraOptions = ["--network=woodpecker"]; }; woodpecker-agent1 = agent; woodpecker-agent2 = agent; woodpecker-agent3 = agent; woodpecker-agent4 = agent; }; - } diff --git a/nixos/boxes/yoga/default.nix b/nixos/boxes/yoga/default.nix index 51a717dd..76d9ee54 100644 --- a/nixos/boxes/yoga/default.nix +++ b/nixos/boxes/yoga/default.nix @@ -1,18 +1,25 @@ -{ config, pkgs, inputs, lib, system, nixpkgs-nixos-unstable-and-unfree, ... }: { - +{ + config, + pkgs, + inputs, + lib, + system, + nixpkgs-nixos-unstable-and-unfree, + ... +}: { networking.hostName = "yoga"; - imports = [ ./hardware-configuration.nix ../../boot.nix ../../git ]; + imports = [./hardware-configuration.nix ../../boot.nix ../../git]; boot.kernelPackages = pkgs.linuxPackages_latest; hardware.trackpoint.enable = true; services.hardware.bolt.enable = true; - services.fprintd = { enable = true; }; + services.fprintd = {enable = true;}; - home-manager.users.cyryl = { lib, ... }: { - home.packages = with pkgs; [ firefox vim gnome3.gedit git ]; + home-manager.users.cyryl = {lib, ...}: { + home.packages = with pkgs; [firefox vim gnome3.gedit git]; }; networking.networkmanager.enable = true; @@ -49,11 +56,9 @@ users.users.cyryl = { isNormalUser = true; description = "cyryl"; - extraGroups = [ "networkmanager" "wheel" ]; - packages = with pkgs; - [ - - ]; + extraGroups = ["networkmanager" "wheel"]; + packages = with pkgs; [ + ]; }; services.fwupd.enable = true; @@ -75,6 +80,5 @@ ''; }; - system = { stateVersion = "22.05"; }; - + system = {stateVersion = "22.05";}; } diff --git a/nixos/boxes/yoga/hardware-configuration.nix b/nixos/boxes/yoga/hardware-configuration.nix index adc69ed7..a1a1c6ad 100644 --- a/nixos/boxes/yoga/hardware-configuration.nix +++ b/nixos/boxes/yoga/hardware-configuration.nix @@ -1,40 +1,39 @@ -{ config, lib, pkgs, modulesPath, ... }: - { - imports = [ ]; + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = []; - boot.initrd.availableKernelModules = - [ "xhci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.efiSysMountPoint = "/boot/efi"; - boot.initrd.secrets = { "/crypto_keyfile.bin" = null; }; + boot.initrd.secrets = {"/crypto_keyfile.bin" = null;}; - boot.initrd.luks.devices."luks-e6cb9de6-a571-4462-ba9e-6f8dafdd3d21".device = - "/dev/disk/by-uuid/e6cb9de6-a571-4462-ba9e-6f8dafdd3d21"; - boot.initrd.luks.devices."luks-e6cb9de6-a571-4462-ba9e-6f8dafdd3d21".keyFile = - "/crypto_keyfile.bin"; + boot.initrd.luks.devices."luks-e6cb9de6-a571-4462-ba9e-6f8dafdd3d21".device = "/dev/disk/by-uuid/e6cb9de6-a571-4462-ba9e-6f8dafdd3d21"; + boot.initrd.luks.devices."luks-e6cb9de6-a571-4462-ba9e-6f8dafdd3d21".keyFile = "/crypto_keyfile.bin"; fileSystems."/" = { device = "/dev/disk/by-uuid/d19afedb-d03b-4a85-9ad7-d99d2ed057c5"; fsType = "ext4"; }; - boot.initrd.luks.devices."luks-10f9ad25-cff6-4a5c-ae92-4847e1374b2d".device = - "/dev/disk/by-uuid/10f9ad25-cff6-4a5c-ae92-4847e1374b2d"; + boot.initrd.luks.devices."luks-10f9ad25-cff6-4a5c-ae92-4847e1374b2d".device = "/dev/disk/by-uuid/10f9ad25-cff6-4a5c-ae92-4847e1374b2d"; fileSystems."/boot/efi" = { device = "/dev/disk/by-uuid/5A4D-EDA3"; fsType = "vfat"; }; - swapDevices = - [{ device = "/dev/disk/by-uuid/5c9ab30b-9128-4c31-b392-785e7acbc0d2"; }]; + swapDevices = [{device = "/dev/disk/by-uuid/5c9ab30b-9128-4c31-b392-785e7acbc0d2";}]; networking.useDHCP = lib.mkDefault true; diff --git a/nixos/common-hardware.nix b/nixos/common-hardware.nix index e361172e..05844b0a 100644 --- a/nixos/common-hardware.nix +++ b/nixos/common-hardware.nix @@ -1,33 +1,41 @@ -{ config, pkgs, nixpkgs-nixos-unstable-and-unfree, lib, ... }: { - boot.kernelModules = [ "fuse" ]; +{ + config, + pkgs, + nixpkgs-nixos-unstable-and-unfree, + lib, + ... +}: { + boot.kernelModules = ["fuse"]; services.smartd.enable = true; sound.enable = true; networking.networkmanager = { enable = true; - dispatcherScripts = [{ - source = pkgs.writeText "upHook" '' - enable_disable_wifi () - { - result=$(nmcli dev | grep "ethernet" | grep -w "connected") - if [ -n "$result" ]; then - nmcli radio wifi off - else - nmcli radio wifi on + dispatcherScripts = [ + { + source = pkgs.writeText "upHook" '' + enable_disable_wifi () + { + result=$(nmcli dev | grep "ethernet" | grep -w "connected") + if [ -n "$result" ]; then + nmcli radio wifi off + else + nmcli radio wifi on + fi + } + + if [ "$2" = "up" ]; then + enable_disable_wifi fi - } - if [ "$2" = "up" ]; then - enable_disable_wifi - fi - - if [ "$2" = "down" ]; then - enable_disable_wifi - fi - ''; - type = "basic"; - }]; + if [ "$2" = "down" ]; then + enable_disable_wifi + fi + ''; + type = "basic"; + } + ]; }; hardware.enableRedistributableFirmware = true; @@ -36,7 +44,7 @@ enable = true; package = pkgs.pulseaudioFull; support32Bit = true; - extraModules = [ ]; + extraModules = []; daemon.config = { nice-level = -15; realtime-scheduling = "yes"; @@ -46,12 +54,12 @@ hardware.bluetooth = { enable = true; package = pkgs.bluezFull; - settings = { General = { Enable = "Source,Sink,Media,Socket"; }; }; + settings = {General = {Enable = "Source,Sink,Media,Socket";};}; }; services.blueman.enable = true; - environment.systemPackages = with pkgs; [ ghostscript poppler ]; + environment.systemPackages = with pkgs; [ghostscript poppler]; services.printing = { enable = true; drivers = with pkgs; [ @@ -69,8 +77,7 @@ description = "Epson XP-540 via bolty"; name = "epson_xp540_via_bolty"; deviceUri = "ipp://bolty:631/printers/epson_xp540"; - model = - "epson-inkjet-printer-escpr/Epson-XP-540_Series-epson-escpr-en.ppd"; + model = "epson-inkjet-printer-escpr/Epson-XP-540_Series-epson-escpr-en.ppd"; ppdOptions = { PageSize = "A4"; Duplex = "DuplexNoTumble"; @@ -79,8 +86,7 @@ { description = "Samsung SCX-4623 Series"; name = "samsung-SCX-4623"; - deviceUri = - "usb://Samsung/SCX-4623%20Series?serial=Z2TYBFFZC01007W&interface=1"; + deviceUri = "usb://Samsung/SCX-4623%20Series?serial=Z2TYBFFZC01007W&interface=1"; model = "samsung/SCX-4623FW.ppd"; ppdOptions = { PageSize = "A4"; @@ -89,7 +95,7 @@ } ]; - services.udev.packages = [ pkgs.utsushi ]; + services.udev.packages = [pkgs.utsushi]; hardware.sane = { enable = true; snapshot = true; diff --git a/nixos/common-services.nix b/nixos/common-services.nix index 7bc32d29..4ee9c335 100644 --- a/nixos/common-services.nix +++ b/nixos/common-services.nix @@ -1,8 +1,12 @@ -{ config, pkgs, ... }: { +{ + config, + pkgs, + ... +}: { console.keyMap = "pl"; - imports = [ ./tailscale ]; + imports = [./tailscale]; services = { - udev.packages = [ pkgs.android-udev-rules ]; + udev.packages = [pkgs.android-udev-rules]; ratbagd.enable = true; fwupd = { @@ -12,7 +16,7 @@ tlp = { enable = true; - settings = { "DISK_IOSCHED" = "mq-deadline"; }; + settings = {"DISK_IOSCHED" = "mq-deadline";}; }; upower.enable = true; @@ -41,7 +45,6 @@ Option "TearFree" "true" Option "AccelMethod" "sna" ''; - }; }; } diff --git a/nixos/common.nix b/nixos/common.nix index c6abf869..1b4e115b 100644 --- a/nixos/common.nix +++ b/nixos/common.nix @@ -1,5 +1,11 @@ -{ config, pkgs, lib, inputs, nixpkgs-nixos-unstable-and-unfree, ... }: -let +{ + config, + pkgs, + lib, + inputs, + nixpkgs-nixos-unstable-and-unfree, + ... +}: let stateVersion = "22.05"; username = "cyryl"; in { @@ -51,10 +57,9 @@ in { shell = pkgs.zsh; }; - networking.nameservers = - [ "91.239.100.100" "89.233.43.71" "1.1.1.1" "8.8.8.8" ]; + networking.nameservers = ["91.239.100.100" "89.233.43.71" "1.1.1.1" "8.8.8.8"]; - networking.hosts = { "10.11.99.1" = [ "remarkable" ]; }; + networking.hosts = {"10.11.99.1" = ["remarkable"];}; programs.light.enable = true; programs.adb.enable = true; @@ -64,29 +69,24 @@ in { enable = true; autoPrune.enable = true; daemon.settings = { - "insecure-registries" = [ "vpsfree1.raptor-carp.ts.net:5000" ]; + "insecure-registries" = ["vpsfree1.raptor-carp.ts.net:5000"]; }; }; fonts.fontconfig = { enable = true; - defaultFonts.monospace = [ "Berkeley Mono" ]; + defaultFonts.monospace = ["Berkeley Mono"]; }; - fonts.fonts = with pkgs; - [ - (runCommand "berkeley-fonts" { } '' - mkdir -vp "$out/share/fonts/opentype" - mkdir -vp "$out/share/fonts/truetype" - ${pkgs.unzip}/bin/unzip ${ - ./fonts.zip - } \*.otf -d $out/share/fonts/opentype - ${pkgs.unzip}/bin/unzip ${ - ./fonts.zip - } \*.ttf -d $out/share/fonts/truetype + fonts.fonts = with pkgs; [ + (runCommand "berkeley-fonts" {} '' + mkdir -vp "$out/share/fonts/opentype" + mkdir -vp "$out/share/fonts/truetype" + ${pkgs.unzip}/bin/unzip ${./fonts.zip} \*.otf -d $out/share/fonts/opentype + ${pkgs.unzip}/bin/unzip ${./fonts.zip} \*.ttf -d $out/share/fonts/truetype - '') - ]; + '') + ]; nix = { settings.auto-optimise-store = true; @@ -98,5 +98,5 @@ in { ''; }; - system = { inherit stateVersion; }; + system = {inherit stateVersion;}; } diff --git a/nixos/distributed-builds.nix b/nixos/distributed-builds.nix index 9f8266a7..3775b3a4 100644 --- a/nixos/distributed-builds.nix +++ b/nixos/distributed-builds.nix @@ -1,25 +1,30 @@ -{ config, pkgs, ... }: { +{ + config, + pkgs, + ... +}: { programs.ssh.extraConfig = '' - Host vpsfree1 + Host vpsfree1 HostName vpsfree1 - Port 2222 + Port 2222 StrictHostKeyChecking=accept-new ''; - nix.buildMachines = [{ - hostName = "bolty"; - sshUser = "nix-builder"; - sshKey = "/home/cyryl/.ssh/id_ed25519"; - systems = [ "i686-linux" "x86_64-linux" "aarch64-linux" ]; - maxJobs = 2; - speedFactor = 1; - supportedFeatures = [ "kvm" "big-parallel" ]; - mandatoryFeatures = [ ]; - }]; + nix.buildMachines = [ + { + hostName = "bolty"; + sshUser = "nix-builder"; + sshKey = "/home/cyryl/.ssh/id_ed25519"; + systems = ["i686-linux" "x86_64-linux" "aarch64-linux"]; + maxJobs = 2; + speedFactor = 1; + supportedFeatures = ["kvm" "big-parallel"]; + mandatoryFeatures = []; + } + ]; nix.extraOptions = '' builders-use-substitutes = true ''; nix.distributedBuilds = true; - } diff --git a/nixos/email-accounts.nix b/nixos/email-accounts.nix index 45e4a57f..2e2c07d3 100644 --- a/nixos/email-accounts.nix +++ b/nixos/email-accounts.nix @@ -1,11 +1,16 @@ -{ config, pkgs, inputs, ... }: -let unstable = inputs.nixpkgs-nixos-unstable.legacyPackages.${pkgs.system}; +{ + config, + pkgs, + inputs, + ... +}: let + unstable = inputs.nixpkgs-nixos-unstable.legacyPackages.${pkgs.system}; in { home-manager.users.cyryl = { accounts.email.accounts.cyplo = { primary = true; address = "cyplo@cyplo.dev"; - aliases = [ "cyplo@cyplo.net" ]; + aliases = ["cyplo@cyplo.net"]; realName = "Cyryl Płotnicki"; userName = "cyplo@cyplo.dev"; imap = { @@ -52,14 +57,14 @@ in { programs.mbsync.enable = true; programs.msmtp.enable = true; - programs.neomutt = { enable = true; }; + programs.neomutt = {enable = true;}; programs.notmuch = { enable = true; hooks.preNew = "${pkgs.isync}/bin/mbsync -a"; }; - programs.alot = { enable = true; }; + programs.alot = {enable = true;}; - home.packages = with pkgs; [ unstable.protonmail-bridge ]; + home.packages = with pkgs; [unstable.protonmail-bridge]; services.mbsync.enable = true; @@ -69,11 +74,9 @@ in { systemd.user.services."proton-bridge" = { Unit.Description = "Bridge to ProtonMail"; - Install.WantedBy = [ "default.target" "mbsync.service" ]; - Service.ExecStart = - "${unstable.protonmail-bridge}/bin/protonmail-bridge --noninteractive"; + Install.WantedBy = ["default.target" "mbsync.service"]; + Service.ExecStart = "${unstable.protonmail-bridge}/bin/protonmail-bridge --noninteractive"; Service.Environment = "PATH=${pkgs.pass}/bin:${pkgs.gnupg}/bin"; }; - }; } diff --git a/nixos/enlightenment/home.nix b/nixos/enlightenment/home.nix index cec22006..a317028b 100644 --- a/nixos/enlightenment/home.nix +++ b/nixos/enlightenment/home.nix @@ -1,7 +1,11 @@ -{ config, pkgs, ... }: { - services = { }; +{ + config, + pkgs, + ... +}: { + services = {}; - xsession = { enable = false; }; + xsession = {enable = false;}; programs.gnome-terminal = { enable = true; diff --git a/nixos/enlightenment/system.nix b/nixos/enlightenment/system.nix index d67ba156..6b4127e6 100644 --- a/nixos/enlightenment/system.nix +++ b/nixos/enlightenment/system.nix @@ -1,8 +1,11 @@ -{ config, pkgs, ... }: { +{ + config, + pkgs, + ... +}: { services.xserver = { enable = true; desktopManager.enlightenment.enable = true; }; - users.users.cyryl.packages = with pkgs; [ ]; + users.users.cyryl.packages = with pkgs; []; } - diff --git a/nixos/gfx-intel-dri2.nix b/nixos/gfx-intel-dri2.nix index d95d2b85..c97c3345 100644 --- a/nixos/gfx-intel-dri2.nix +++ b/nixos/gfx-intel-dri2.nix @@ -1,6 +1,10 @@ -{ config, pkgs, ... }: { +{ + config, + pkgs, + ... +}: { services.xserver = { - videoDrivers = [ "intel" ]; + videoDrivers = ["intel"]; deviceSection = '' Option "DRI" "2" Option "TearFree" "true" @@ -20,8 +24,7 @@ nixpkgs.config = { packageOverrides = pkgs: { - vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; + vaapiIntel = pkgs.vaapiIntel.override {enableHybridCodec = true;}; }; }; - } diff --git a/nixos/gfx-intel.nix b/nixos/gfx-intel.nix index 01fab9d7..ab9d815e 100644 --- a/nixos/gfx-intel.nix +++ b/nixos/gfx-intel.nix @@ -1,5 +1,9 @@ -{ config, pkgs, ... }: { - services.xserver = { videoDrivers = [ "modesetting" ]; }; +{ + config, + pkgs, + ... +}: { + services.xserver = {videoDrivers = ["modesetting"];}; hardware.opengl = { enable = true; @@ -14,8 +18,7 @@ nixpkgs.config = { packageOverrides = pkgs: { - vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; + vaapiIntel = pkgs.vaapiIntel.override {enableHybridCodec = true;}; }; }; - } diff --git a/nixos/git/default.nix b/nixos/git/default.nix index 6380cc98..21b01962 100644 --- a/nixos/git/default.nix +++ b/nixos/git/default.nix @@ -1,3 +1,8 @@ -{ config, pkgs, lib, ... }: { - home-manager.users.cyryl = { ... }: { imports = [ ./home.nix ]; }; +{ + config, + pkgs, + lib, + ... +}: { + home-manager.users.cyryl = {...}: {imports = [./home.nix];}; } diff --git a/nixos/git/home.nix b/nixos/git/home.nix index 77c7a81c..74df2c3d 100644 --- a/nixos/git/home.nix +++ b/nixos/git/home.nix @@ -1,4 +1,9 @@ -{ config, pkgs, inputs, ... }: { +{ + config, + pkgs, + inputs, + ... +}: { programs.git = { enable = true; lfs.enable = true; @@ -13,7 +18,7 @@ }; extraConfig = { colour.ui = true; - credential = { helper = "cache"; }; + credential = {helper = "cache";}; diff.algorithm = "histogram"; diff.renameLimit = 2048; diff.renames = "copy"; @@ -25,13 +30,10 @@ push.default = "simple"; }; aliases = { - tree = - "log --show-signature --color --decorate --date=short --all --graph -n 3"; - newbranch = - "!git checkout master && git fetch -p && git reset --hard origin/master && git checkout -b $2"; + tree = "log --show-signature --color --decorate --date=short --all --graph -n 3"; + newbranch = "!git checkout master && git fetch -p && git reset --hard origin/master && git checkout -b $2"; head = "log HEAD -n1"; - vacuum = - "!git fetch -p && git branch -vv | awk '/: gone]/{print $1}' | xargs -r git branch -D && git gc --aggressive --auto"; + vacuum = "!git fetch -p && git branch -vv | awk '/: gone]/{print $1}' | xargs -r git branch -D && git gc --aggressive --auto"; }; }; } diff --git a/nixos/gnome/default.nix b/nixos/gnome/default.nix index 1c1e9c40..107087c0 100644 --- a/nixos/gnome/default.nix +++ b/nixos/gnome/default.nix @@ -1,5 +1,9 @@ -{ config, pkgs, ... }: { - imports = [ ./system.nix ]; +{ + config, + pkgs, + ... +}: { + imports = [./system.nix]; - home-manager.users.cyryl = { ... }: { imports = [ ./home.nix ]; }; + home-manager.users.cyryl = {...}: {imports = [./home.nix];}; } diff --git a/nixos/gnome/home.nix b/nixos/gnome/home.nix index 7a96e888..028157e3 100644 --- a/nixos/gnome/home.nix +++ b/nixos/gnome/home.nix @@ -1,9 +1,13 @@ -{ config, pkgs, ... }: { - services = { }; +{ + config, + pkgs, + ... +}: { + services = {}; - xsession = { enable = false; }; + xsession = {enable = false;}; - home.packages = with pkgs; [ gnome-usage gnome3.gnome-tweaks ]; + home.packages = with pkgs; [gnome-usage gnome3.gnome-tweaks]; programs.gnome-terminal = { enable = true; diff --git a/nixos/gnome/system.nix b/nixos/gnome/system.nix index 555e1e48..68dba720 100644 --- a/nixos/gnome/system.nix +++ b/nixos/gnome/system.nix @@ -1,4 +1,8 @@ -{ config, pkgs, ... }: { +{ + config, + pkgs, + ... +}: { services.xserver = { enable = true; displayManager.gdm.enable = true; @@ -7,7 +11,7 @@ desktopManager.gnome3.enable = true; }; services.flatpak.enable = true; - services.dbus.packages = with pkgs; [ gnome2.GConf gnome3.dconf gcr ]; + services.dbus.packages = with pkgs; [gnome2.GConf gnome3.dconf gcr]; users.users.cyryl.packages = with pkgs.gnomeExtensions; [ caffeine clipboard-indicator @@ -15,4 +19,3 @@ gsconnect ]; } - diff --git a/nixos/gsconnect.nix b/nixos/gsconnect.nix index 8b41e255..f30fa04f 100644 --- a/nixos/gsconnect.nix +++ b/nixos/gsconnect.nix @@ -1,10 +1,18 @@ -{ config, pkgs, ... }: { - networking.firewall.allowedTCPPortRanges = [{ - from = 1716; - to = 1764; - }]; - networking.firewall.allowedUDPPortRanges = [{ - from = 1716; - to = 1764; - }]; +{ + config, + pkgs, + ... +}: { + networking.firewall.allowedTCPPortRanges = [ + { + from = 1716; + to = 1764; + } + ]; + networking.firewall.allowedUDPPortRanges = [ + { + from = 1716; + to = 1764; + } + ]; } diff --git a/nixos/gui/default.nix b/nixos/gui/default.nix index 44fb58e4..d6379332 100644 --- a/nixos/gui/default.nix +++ b/nixos/gui/default.nix @@ -1,13 +1,18 @@ -{ config, pkgs, discord, inputs, nixpkgs-nixos-stable-and-unfree -, nixpkgs-nixos-unstable-and-unfree, ... }: -let +{ + config, + pkgs, + discord, + inputs, + nixpkgs-nixos-stable-and-unfree, + nixpkgs-nixos-unstable-and-unfree, + ... +}: let unstable = inputs.nixpkgs-nixos-unstable.legacyPackages.${pkgs.system}; nixpkgs-master = inputs.nixpkgs-master.legacyPackages.${pkgs.system}; in { - security.chromiumSuidSandbox.enable = true; - home-manager.users.cyryl = { ... }: { + home-manager.users.cyryl = {...}: { gtk = { enable = true; iconTheme = { @@ -22,13 +27,13 @@ in { style.package = pkgs.adwaita-qt; }; - imports = [ ]; + imports = []; programs.chromium.enable = true; programs.firefox.enable = true; home.packages = with pkgs; - with pkgs.gnome3; - with pkgs.python38Packages; + with pkgs.gnome3; + with pkgs.python38Packages; [ anarchism calibre @@ -76,7 +81,9 @@ in { yubikey-manager-qt yubikey-personalization yubikey-personalization-gui - ] ++ [ unstable.gnucash unstable.thunderbird ] ++ [ + ] + ++ [unstable.gnucash unstable.thunderbird] + ++ [ nixpkgs-nixos-stable-and-unfree.discord nixpkgs-nixos-unstable-and-unfree.hopper ]; diff --git a/nixos/gui/firejail.nix b/nixos/gui/firejail.nix index 2a54617d..726426cd 100644 --- a/nixos/gui/firejail.nix +++ b/nixos/gui/firejail.nix @@ -1,7 +1,15 @@ -{ config, pkgs, lib, ... }: { - home.file.".config/firejail/firefox.profile".text = '' - include ${pkgs.firejail}/etc/firejail/firefox.profile +{ + config, + pkgs, + lib, + ... +}: { + home.file.".config/firejail/firefox.profile".text = + '' + include ${pkgs.firejail}/etc/firejail/firefox.profile - ignore apparmor - ignore noexec '' + "$" + "{HOME}"; + ignore apparmor + ignore noexec '' + + "$" + + "{HOME}"; } diff --git a/nixos/gui/vscode.nix b/nixos/gui/vscode.nix index 7ebd221c..ff373955 100644 --- a/nixos/gui/vscode.nix +++ b/nixos/gui/vscode.nix @@ -1,153 +1,152 @@ -{ config, pkgs, ... }: { - home.packages = with pkgs; - [ - (vscode-with-extensions.override { - vscodeExtensions = with vscode-extensions; - [ - ms-python.python - (vscode-utils.buildVscodeExtension { - vscodeExtUniqueId = "vadimcn.vscode-lldb"; - name = "vadimcn.vscode-lldb-1.6.10"; - src = fetchurl { - name = "vadimcn.vscode-lldb.zip"; - url = - "https://github.com/vadimcn/vscode-lldb/releases/download/v1.6.10/codelldb-${pkgs.system}.vsix"; - sha256 = "sha256-QWbpe6ofacjrTCyWSKljwHDWWeHGmKNqi7cpw8Qy5Tw="; - }; - buildInputs = with pkgs; [ llvm lldb python37 autoPatchelfHook ]; - }) - ] - - ++ - - vscode-utils.extensionsFromVscodeMarketplace [ - { - publisher = "vscodevim"; - name = "vim"; - version = "1.21.7"; - sha256 = "sha256-nCcDafZ2CUhTjVha+6Mjxoil61xMGboO5lajc7dGEJg="; - } - { - publisher = "bbenoist"; - name = "nix"; - version = "1.0.1"; - sha256 = "sha256-qwxqOGublQeVP2qrLF94ndX/Be9oZOn+ZMCFX1yyoH0="; - } - { - publisher = "matklad"; - name = "rust-analyzer"; - version = "0.3.937"; - sha256 = "sha256-aGBFKnntycpgNFdWwxFPVtQ2ryUvFCx7oet9uILiUTY="; - } - { - publisher = "hashicorp"; - name = "terraform"; - version = "2.19.0"; - sha256 = "sha256-k/fcEJuELz0xkwivSrP6Nxtz861BLq1wR2ZDMXVrvkY="; - } - { - publisher = "be5invis"; - name = "toml"; - version = "0.6.0"; - sha256 = "sha256-yk7buEyQIw6aiUizAm+sgalWxUibIuP9crhyBaOjC2E="; - } - { - publisher = "ms-vscode"; - name = "cpptools-extension-pack"; - version = "1.1.0"; - sha256 = "sha256-XKHBwoRXNHIpy7gDR9/xEFdEdB4S0B9L9Jbk53f/Vbc="; - } - { - publisher = "tiehuis"; - name = "zig"; - version = "0.2.5"; - sha256 = "sha256-P8Sep0OtdchTfnudxFNvIK+SW++TyibGVI9zd+B5tu4="; - } - { - publisher = "sjhuangx"; - name = "vscode-scheme"; - version = "0.4.0"; - sha256 = "07vjfymvfv98s5r5a4b5iqhgfz1wpgq2l8h3wlq1bnhhhvmq5pq4"; - } - { - publisher = "shaunlebron"; - name = "vscode-parinfer"; - version = "0.6.2"; - sha256 = "0h4v4rnximy6rbh83y4s2qj1cqbj66g9wld39mzd0zwgi6ig9syd"; - } - { - publisher = "swyphcosmo"; - name = "spellchecker"; - version = "1.2.13"; - sha256 = "1lr33lf01afgi74c1a9gylk92li4hyq24l8bki4l6ggl4z4c2h3w"; - } - { - publisher = "asabil"; - name = "meson"; - version = "1.1.1"; - sha256 = "00cc28a2nb325f54bx51wf5q15x1pmsn0j9z6rnxxqxwii1dm5cl"; - } - { - publisher = "codezombiech"; - name = "gitignore"; - version = "0.6.0"; - sha256 = "0gnc0691pwkd9s8ldqabmpfvj0236rw7bxvkf0bvmww32kv1ia0b"; - } - { - publisher = "DavidAnson"; - name = "vscode-markdownlint"; - version = "0.26.0"; - sha256 = "0g4pssvajn7d8p2547v7313gjyqx4pzs7cbjws2s3v2fk1sw7vbj"; - } - { - publisher = "esbenp"; - name = "prettier-vscode"; - version = "1.8.1"; - sha256 = "0qcm2784n9qc4p77my1kwqrswpji7bp895ay17yzs5g84cj010ln"; - } - { - publisher = "hbenl"; - name = "vscode-test-explorer"; - version = "2.9.3"; - sha256 = "1yf85hgvganxq5n5jff9ckn3smxd6xi79cgn6k53qi5w1r5rahy0"; - } - { - publisher = "lextudio"; - name = "restructuredtext"; - version = "106.0.0"; - sha256 = "096r8071202nxi1is6z7dghcmpsh0f0mm3mp3cfh1yj2mnyzlaxa"; - } - { - publisher = "lostintangent"; - name = "vsls-pomodoro"; - version = "0.1.0"; - sha256 = "1b73zbkhlhacvi18cx4g3n6randy3hw9cab1gkw5gzb3375w7w3p"; - } - { - publisher = "lostintangent"; - name = "vsls-whiteboard"; - version = "0.0.8"; - sha256 = "13fcay9bs861msb5y694casbw66dmhl504xm5cvprssx1qka186p"; - } - { - publisher = "mechatroner"; - name = "rainbow-csv"; - version = "1.0.0"; - sha256 = "1fyamgm7zq31r3c00cn6pcb66rrkfhwfmp72qnhrajydmnvcnbg6"; - } - { - publisher = "ronnidc"; - name = "nunjucks"; - version = "0.2.3"; - sha256 = "119xgyn1dggw2rcqkn2mnz364iw5jlrxg7pcydbijsqj5d3zdfsf"; - } - { - publisher = "serayuzgur"; - name = "crates"; - version = "0.4.2"; - sha256 = "1knspsc98cfw4mhc0yaz0f2185sxdf9kn9qsysfs6c82g9wjaqcj"; - } - ]; - }) - ]; +{ + config, + pkgs, + ... +}: { + home.packages = with pkgs; [ + (vscode-with-extensions.override { + vscodeExtensions = with vscode-extensions; + [ + ms-python.python + (vscode-utils.buildVscodeExtension { + vscodeExtUniqueId = "vadimcn.vscode-lldb"; + name = "vadimcn.vscode-lldb-1.6.10"; + src = fetchurl { + name = "vadimcn.vscode-lldb.zip"; + url = "https://github.com/vadimcn/vscode-lldb/releases/download/v1.6.10/codelldb-${pkgs.system}.vsix"; + sha256 = "sha256-QWbpe6ofacjrTCyWSKljwHDWWeHGmKNqi7cpw8Qy5Tw="; + }; + buildInputs = with pkgs; [llvm lldb python37 autoPatchelfHook]; + }) + ] + ++ vscode-utils.extensionsFromVscodeMarketplace [ + { + publisher = "vscodevim"; + name = "vim"; + version = "1.21.7"; + sha256 = "sha256-nCcDafZ2CUhTjVha+6Mjxoil61xMGboO5lajc7dGEJg="; + } + { + publisher = "bbenoist"; + name = "nix"; + version = "1.0.1"; + sha256 = "sha256-qwxqOGublQeVP2qrLF94ndX/Be9oZOn+ZMCFX1yyoH0="; + } + { + publisher = "matklad"; + name = "rust-analyzer"; + version = "0.3.937"; + sha256 = "sha256-aGBFKnntycpgNFdWwxFPVtQ2ryUvFCx7oet9uILiUTY="; + } + { + publisher = "hashicorp"; + name = "terraform"; + version = "2.19.0"; + sha256 = "sha256-k/fcEJuELz0xkwivSrP6Nxtz861BLq1wR2ZDMXVrvkY="; + } + { + publisher = "be5invis"; + name = "toml"; + version = "0.6.0"; + sha256 = "sha256-yk7buEyQIw6aiUizAm+sgalWxUibIuP9crhyBaOjC2E="; + } + { + publisher = "ms-vscode"; + name = "cpptools-extension-pack"; + version = "1.1.0"; + sha256 = "sha256-XKHBwoRXNHIpy7gDR9/xEFdEdB4S0B9L9Jbk53f/Vbc="; + } + { + publisher = "tiehuis"; + name = "zig"; + version = "0.2.5"; + sha256 = "sha256-P8Sep0OtdchTfnudxFNvIK+SW++TyibGVI9zd+B5tu4="; + } + { + publisher = "sjhuangx"; + name = "vscode-scheme"; + version = "0.4.0"; + sha256 = "07vjfymvfv98s5r5a4b5iqhgfz1wpgq2l8h3wlq1bnhhhvmq5pq4"; + } + { + publisher = "shaunlebron"; + name = "vscode-parinfer"; + version = "0.6.2"; + sha256 = "0h4v4rnximy6rbh83y4s2qj1cqbj66g9wld39mzd0zwgi6ig9syd"; + } + { + publisher = "swyphcosmo"; + name = "spellchecker"; + version = "1.2.13"; + sha256 = "1lr33lf01afgi74c1a9gylk92li4hyq24l8bki4l6ggl4z4c2h3w"; + } + { + publisher = "asabil"; + name = "meson"; + version = "1.1.1"; + sha256 = "00cc28a2nb325f54bx51wf5q15x1pmsn0j9z6rnxxqxwii1dm5cl"; + } + { + publisher = "codezombiech"; + name = "gitignore"; + version = "0.6.0"; + sha256 = "0gnc0691pwkd9s8ldqabmpfvj0236rw7bxvkf0bvmww32kv1ia0b"; + } + { + publisher = "DavidAnson"; + name = "vscode-markdownlint"; + version = "0.26.0"; + sha256 = "0g4pssvajn7d8p2547v7313gjyqx4pzs7cbjws2s3v2fk1sw7vbj"; + } + { + publisher = "esbenp"; + name = "prettier-vscode"; + version = "1.8.1"; + sha256 = "0qcm2784n9qc4p77my1kwqrswpji7bp895ay17yzs5g84cj010ln"; + } + { + publisher = "hbenl"; + name = "vscode-test-explorer"; + version = "2.9.3"; + sha256 = "1yf85hgvganxq5n5jff9ckn3smxd6xi79cgn6k53qi5w1r5rahy0"; + } + { + publisher = "lextudio"; + name = "restructuredtext"; + version = "106.0.0"; + sha256 = "096r8071202nxi1is6z7dghcmpsh0f0mm3mp3cfh1yj2mnyzlaxa"; + } + { + publisher = "lostintangent"; + name = "vsls-pomodoro"; + version = "0.1.0"; + sha256 = "1b73zbkhlhacvi18cx4g3n6randy3hw9cab1gkw5gzb3375w7w3p"; + } + { + publisher = "lostintangent"; + name = "vsls-whiteboard"; + version = "0.0.8"; + sha256 = "13fcay9bs861msb5y694casbw66dmhl504xm5cvprssx1qka186p"; + } + { + publisher = "mechatroner"; + name = "rainbow-csv"; + version = "1.0.0"; + sha256 = "1fyamgm7zq31r3c00cn6pcb66rrkfhwfmp72qnhrajydmnvcnbg6"; + } + { + publisher = "ronnidc"; + name = "nunjucks"; + version = "0.2.3"; + sha256 = "119xgyn1dggw2rcqkn2mnz364iw5jlrxg7pcydbijsqj5d3zdfsf"; + } + { + publisher = "serayuzgur"; + name = "crates"; + version = "0.4.2"; + sha256 = "1knspsc98cfw4mhc0yaz0f2185sxdf9kn9qsysfs6c82g9wjaqcj"; + } + ]; + }) + ]; } diff --git a/nixos/home-manager/cli.nix b/nixos/home-manager/cli.nix index 8555b234..62a91b08 100644 --- a/nixos/home-manager/cli.nix +++ b/nixos/home-manager/cli.nix @@ -1,4 +1,10 @@ -{ config, pkgs, inputs, ... }: { +{ + config, + pkgs, + inputs, + system, + ... +}: { home.packages = with pkgs; [ (pass.withExtensions (ext: [ ext.pass-otp @@ -7,6 +13,7 @@ ext.pass-audit ext.pass-update ])) + inputs.alejandra.packages.${system}.default age android-tools aria @@ -53,6 +60,5 @@ wget whois inputs.nixpkgs-nixos-unstable.legacyPackages."x86_64-linux".youtube-dl - ]; } diff --git a/nixos/home-manager/default.nix b/nixos/home-manager/default.nix index cc37ad3c..349094d3 100644 --- a/nixos/home-manager/default.nix +++ b/nixos/home-manager/default.nix @@ -1,5 +1,10 @@ -{ config, pkgs, inputs, ... }: -let username = "cyryl"; +{ + config, + pkgs, + inputs, + ... +}: let + username = "cyryl"; in { home.sessionVariables = { LC_ALL = "en_GB.UTF-8"; @@ -9,7 +14,7 @@ in { news.display = "show"; - home.packages = with pkgs; [ ]; + home.packages = with pkgs; []; home.username = username; home.homeDirectory = "/home/${username}"; @@ -30,5 +35,4 @@ in { ./programs/vim.nix ./programs/zsh.nix ]; - } diff --git a/nixos/home-manager/links.nix b/nixos/home-manager/links.nix index 215cf997..5e305358 100644 --- a/nixos/home-manager/links.nix +++ b/nixos/home-manager/links.nix @@ -1,6 +1,8 @@ -{ config, pkgs, ... }: - { + config, + pkgs, + ... +}: { home.file.".config/nixpkgs/config.nix".source = ../shell-config.nix; home.file.".gdbinit".text = '' set auto-load python-scripts on diff --git a/nixos/home-manager/linux.nix b/nixos/home-manager/linux.nix index 473395b9..01d0f710 100644 --- a/nixos/home-manager/linux.nix +++ b/nixos/home-manager/linux.nix @@ -1,4 +1,9 @@ -{ config, pkgs, inputs, ... }: { +{ + config, + pkgs, + inputs, + ... +}: { services.gpg-agent = { enable = true; pinentryFlavor = "curses"; diff --git a/nixos/home-manager/programs.nix b/nixos/home-manager/programs.nix index d5cc7b14..a91e6c59 100644 --- a/nixos/home-manager/programs.nix +++ b/nixos/home-manager/programs.nix @@ -1,6 +1,8 @@ -{ config, pkgs, ... }: - { + config, + pkgs, + ... +}: { programs = { home-manager.enable = true; @@ -13,7 +15,7 @@ gpg = { enable = true; - settings = { }; + settings = {}; }; taskwarrior.enable = true; diff --git a/nixos/home-manager/programs/alacritty.nix b/nixos/home-manager/programs/alacritty.nix index 51e5af0c..f4ce4bcd 100644 --- a/nixos/home-manager/programs/alacritty.nix +++ b/nixos/home-manager/programs/alacritty.nix @@ -1,16 +1,22 @@ -{ config, pkgs, ... }: { - home.sessionVariables = { TERMINAL = "alacritty"; }; +{ + config, + pkgs, + ... +}: { + home.sessionVariables = {TERMINAL = "alacritty";}; programs.alacritty = { enable = true; settings = { window.decorations = "none"; - mouse_bindings = [{ - mouse = "Middle"; - mode = "~Vi"; - action = "None"; - }]; + mouse_bindings = [ + { + mouse = "Middle"; + mode = "~Vi"; + action = "None"; + } + ]; scrolling = { history = 32000; multiplier = 3; diff --git a/nixos/home-manager/programs/emacs/default.nix b/nixos/home-manager/programs/emacs/default.nix index 6380cc98..21b01962 100644 --- a/nixos/home-manager/programs/emacs/default.nix +++ b/nixos/home-manager/programs/emacs/default.nix @@ -1,3 +1,8 @@ -{ config, pkgs, lib, ... }: { - home-manager.users.cyryl = { ... }: { imports = [ ./home.nix ]; }; +{ + config, + pkgs, + lib, + ... +}: { + home-manager.users.cyryl = {...}: {imports = [./home.nix];}; } diff --git a/nixos/home-manager/programs/emacs/emacs.nix b/nixos/home-manager/programs/emacs/emacs.nix index 1e6f371b..db5cfa51 100644 --- a/nixos/home-manager/programs/emacs/emacs.nix +++ b/nixos/home-manager/programs/emacs/emacs.nix @@ -1,22 +1,25 @@ -{ pkgs }: -let +{pkgs}: let myEmacs = pkgs.emacs-nox; inherit ((pkgs.emacsPackagesFor myEmacs)) emacsWithPackages; -in emacsWithPackages (epkgs: - (with epkgs.melpaStablePackages; [ ]) ++ (with epkgs.melpaPackages; [ - color-theme-sanityinc-solarized - evil - evil-collection - helm - helm-projectile - helm-rg - magit - nix-mode - projectile - xterm-color - ]) ++ (with epkgs.elpaPackages; [ - beacon # ; highlight my cursor when scrolling - nameless # ; hide current package name everywhere in elisp code - ]) ++ [ - pkgs.notmuch # From main packages set - ]) +in + emacsWithPackages (epkgs: + (with epkgs.melpaStablePackages; []) + ++ (with epkgs.melpaPackages; [ + color-theme-sanityinc-solarized + evil + evil-collection + helm + helm-projectile + helm-rg + magit + nix-mode + projectile + xterm-color + ]) + ++ (with epkgs.elpaPackages; [ + beacon # ; highlight my cursor when scrolling + nameless # ; hide current package name everywhere in elisp code + ]) + ++ [ + pkgs.notmuch # From main packages set + ]) diff --git a/nixos/home-manager/programs/emacs/home.nix b/nixos/home-manager/programs/emacs/home.nix index ad4eb5aa..5826113d 100644 --- a/nixos/home-manager/programs/emacs/home.nix +++ b/nixos/home-manager/programs/emacs/home.nix @@ -1,4 +1,8 @@ -{ config, pkgs, ... }: { +{ + config, + pkgs, + ... +}: { home.file.".emacs".text = '' (require 'package) @@ -31,7 +35,6 @@ ''; programs.emacs = { enable = true; - package = import ./emacs.nix { inherit pkgs; }; + package = import ./emacs.nix {inherit pkgs;}; }; - } diff --git a/nixos/home-manager/programs/genpass.nix b/nixos/home-manager/programs/genpass.nix index b5cbf7ac..7d95f209 100644 --- a/nixos/home-manager/programs/genpass.nix +++ b/nixos/home-manager/programs/genpass.nix @@ -1,24 +1,24 @@ -{ pkgs ? import { } }: +{pkgs ? import {}}: with pkgs; -rustPlatform.buildRustPackage rec { - pname = "genpass"; - version = "0.4.1"; + rustPlatform.buildRustPackage rec { + pname = "genpass"; + version = "0.4.1"; - src = fetchFromGitHub { - owner = "cyplo"; - repo = pname; - rev = "v" + version; - sha256 = "1b22m7g55k5ry0vwyd8pakh8rmfkhk37qy5r74cn3n5pv3fcwini"; - }; + src = fetchFromGitHub { + owner = "cyplo"; + repo = pname; + rev = "v" + version; + sha256 = "1b22m7g55k5ry0vwyd8pakh8rmfkhk37qy5r74cn3n5pv3fcwini"; + }; - cargoSha256 = "1p6l64s9smhwka8bh3pamqimamxziad859i62nrmxzqc49nq5s7m"; + cargoSha256 = "1p6l64s9smhwka8bh3pamqimamxziad859i62nrmxzqc49nq5s7m"; - buildInputs = [ openssl pkgconfig git ]; + buildInputs = [openssl pkgconfig git]; - meta = with stdenv.lib; { - description = "A simple yet robust commandline random password generator."; - homepage = "https://github.com/cyplo/genpass"; - license = licenses.agpl3; - platforms = platforms.all; - }; -} + meta = with stdenv.lib; { + description = "A simple yet robust commandline random password generator."; + homepage = "https://github.com/cyplo/genpass"; + license = licenses.agpl3; + platforms = platforms.all; + }; + } diff --git a/nixos/home-manager/programs/kitty.nix b/nixos/home-manager/programs/kitty.nix index 129f0e99..4599e3d8 100644 --- a/nixos/home-manager/programs/kitty.nix +++ b/nixos/home-manager/programs/kitty.nix @@ -1,5 +1,9 @@ -{ config, pkgs, ... }: { - home.sessionVariables = { TERMINAL = "kitty"; }; +{ + config, + pkgs, + ... +}: { + home.sessionVariables = {TERMINAL = "kitty";}; programs.kitty = { enable = true; @@ -33,7 +37,6 @@ color13 = "#5856b9"; color14 = "#81908f"; color15 = "#fcf4dc"; - }; }; } diff --git a/nixos/home-manager/programs/newsboat.nix b/nixos/home-manager/programs/newsboat.nix index e6822a89..071f7818 100644 --- a/nixos/home-manager/programs/newsboat.nix +++ b/nixos/home-manager/programs/newsboat.nix @@ -1,4 +1,8 @@ -{ config, pkgs, ... }: { +{ + config, + pkgs, + ... +}: { programs.newsboat = { enable = true; autoReload = true; @@ -16,294 +20,291 @@ color article default default ''; urls = [ - { url = "https://www.scattered-thoughts.net/atom.xml"; } - { url = "https://acoup.blog/feed/"; } - { url = "https://gaymingmag.com/feed/"; } - { url = "https://blog.benjojo.co.uk/rss.xml"; } - { url = "https://electronicsdeli.net/feed/"; } - { url = "https://michael.stapelberg.ch/feed.xml"; } - { url = "https://blog.nelhage.com/atom.xml"; } - { url = "https://deninet.com/rss.xml"; } - { url = "https://berthub.eu/articles/index.xml"; } - { url = "https://ciko.io/index.xml"; } - { url = "https://blog.thea.codes/feed.xml"; } - { url = "https://ambrevar.xyz/atom.xml"; } - { url = "https://openprivacy.ca/feed/discreet-log.xml"; } - { url = "https://shealevy.com/blog/index.xml"; } - { url = "https://oxide.computer/blog/index.xml"; } - { url = "https://alecmuffett.com/article/tag/essay/feed"; } - { url = "https://osarch.org/feed/"; } - { url = "https://fosdem.org/2021/atom.xml"; } - { url = "https://tailscale.com/blog/index.xml"; } - { url = "https://nrdxp.dev/feed.xml"; } - { url = "https://ww.telent.net/news.rss"; } - { url = "https://guix.gnu.org/feeds/blog.atom"; } - { url = "https://blog.servo.org/feed.xml"; } - { url = "https://www.radicalroutes.org.uk/?format=feed&type=atom"; } - { url = "https://matklad.github.io/feed.xml"; } - { url = "https://sfconservancy.org/feeds/blog/"; } - { url = "https://sourcehut.org/blog/index.xml"; } + {url = "https://www.scattered-thoughts.net/atom.xml";} + {url = "https://acoup.blog/feed/";} + {url = "https://gaymingmag.com/feed/";} + {url = "https://blog.benjojo.co.uk/rss.xml";} + {url = "https://electronicsdeli.net/feed/";} + {url = "https://michael.stapelberg.ch/feed.xml";} + {url = "https://blog.nelhage.com/atom.xml";} + {url = "https://deninet.com/rss.xml";} + {url = "https://berthub.eu/articles/index.xml";} + {url = "https://ciko.io/index.xml";} + {url = "https://blog.thea.codes/feed.xml";} + {url = "https://ambrevar.xyz/atom.xml";} + {url = "https://openprivacy.ca/feed/discreet-log.xml";} + {url = "https://shealevy.com/blog/index.xml";} + {url = "https://oxide.computer/blog/index.xml";} + {url = "https://alecmuffett.com/article/tag/essay/feed";} + {url = "https://osarch.org/feed/";} + {url = "https://fosdem.org/2021/atom.xml";} + {url = "https://tailscale.com/blog/index.xml";} + {url = "https://nrdxp.dev/feed.xml";} + {url = "https://ww.telent.net/news.rss";} + {url = "https://guix.gnu.org/feeds/blog.atom";} + {url = "https://blog.servo.org/feed.xml";} + {url = "https://www.radicalroutes.org.uk/?format=feed&type=atom";} + {url = "https://matklad.github.io/feed.xml";} + {url = "https://sfconservancy.org/feeds/blog/";} + {url = "https://sourcehut.org/blog/index.xml";} { - url = - "https://openwrt.org/feed.php?type=rss&mode=list&sort=date&ns=advisory&linkto=current&content=html"; + url = "https://openwrt.org/feed.php?type=rss&mode=list&sort=date&ns=advisory&linkto=current&content=html"; } - { url = "https://nora.codes/index.xml"; } - { url = "http://hackedfrompieces.wordpress.com/feed/"; } - { url = "http://notonlyzeroesandones.site40.net/feed/"; } - { url = "https://tonyarcieri.com/feed"; } - { url = "https://www.destroyallsoftware.com/screencasts/feed"; } - { url = "https://blog.liftsecurity.io/rss"; } - { url = "http://mightyohm.com/blog/feed/"; } - { url = "http://feeds.falkvinge.net/Falkvinge-on-Infopolicy"; } - { url = "http://www.veronicabelmont.com/feed/"; } - { url = "https://perplexinglyemma.blogspot.com/feeds/posts/default"; } - { url = "http://www.davecooper.org/blog/feed/"; } - { url = "http://hackaweek.com/hacks/?feed=rss2"; } - { url = "https://www.hadean.com/blog/rss.xml"; } - { url = "http://feeds.feedburner.com/malukah"; } - { url = "http://jonasdn.blogspot.com/feeds/posts/default"; } - { url = "https://www.destroyallsoftware.com/blog/index.xml"; } - { url = "http://metajack.im/"; } - { url = "https://haskell-at-work.com/feed.xml"; } - { url = "http://temporal.pr0.pl/devblog/feed/"; } - { url = "https://superevr.com/blog/feed/"; } - { url = "http://thejoysofcode.com/rss"; } - { url = "http://www.rsspect.com/rss/threeps.xml"; } - { url = "http://brianzawesomeblog.blogspot.com/feeds/posts/default"; } - { url = "http://ssj3gohan.tweakblogs.net/feed/"; } - { url = "http://planet.mozilla.org/releng/atom.xml"; } - { url = "https://grahamc.com/feed/"; } - { url = "http://www.h-online.com/grand-atom.xml"; } - { url = "https://jneem.github.io/feed.xml"; } - { url = "http://blog.opensourceecology.org/feed/"; } - { url = "http://pepijndevos.nl/atom.xml"; } - { url = "https://wedistribute.org/feed/"; } - { url = "http://www.wattnotions.com/feed/"; } - { url = "https://blondihacks.com/feed/"; } - { url = "http://ghcarm.wordpress.com/feed/"; } - { url = "http://blog.tkjelectronics.dk/feed/"; } - { url = "https://www.circuitlab.com/blog/feed/"; } - { url = "http://danluu.com/atom.xml"; } - { url = "http://silverwingedseraph.net/feed"; } - { url = "http://takbardzozle.blogspot.com/feeds/posts/default"; } - { url = "https://weekly.nixos.org/feeds/all.rss.xml"; } - { url = "http://www.hscott.net/feed/"; } - { url = "http://feeds.feedburner.com/kernelmag?format=xml"; } - { url = "http://www.malwaretech.com/feeds/posts/default"; } - { url = "https://nixos.org/blogs.xml"; } - { url = "http://spaceismore.com/feed/"; } - { url = "https://blog.cyplo.dev/index.xml"; } - { url = "https://blog.kobol.io/feed.xml"; } - { url = "http://blog.ffwll.ch/feeds/posts/default"; } - { url = "http://blog.pnkfx.org/atom.xml"; } - { url = "http://metaltronics.wordpress.com/feed/"; } - { url = "http://ncrmnt.org/wp/feed/"; } - { url = "http://www.arachnidlabs.com/atom.xml"; } - { url = "http://blogs.valvesoftware.com/feed/"; } - { url = "http://billmccloskey.wordpress.com/feed/"; } - { url = "http://sparkleshare.org/feed/"; } - { url = "http://osprintingllc.com/feed/"; } + {url = "https://nora.codes/index.xml";} + {url = "http://hackedfrompieces.wordpress.com/feed/";} + {url = "http://notonlyzeroesandones.site40.net/feed/";} + {url = "https://tonyarcieri.com/feed";} + {url = "https://www.destroyallsoftware.com/screencasts/feed";} + {url = "https://blog.liftsecurity.io/rss";} + {url = "http://mightyohm.com/blog/feed/";} + {url = "http://feeds.falkvinge.net/Falkvinge-on-Infopolicy";} + {url = "http://www.veronicabelmont.com/feed/";} + {url = "https://perplexinglyemma.blogspot.com/feeds/posts/default";} + {url = "http://www.davecooper.org/blog/feed/";} + {url = "http://hackaweek.com/hacks/?feed=rss2";} + {url = "https://www.hadean.com/blog/rss.xml";} + {url = "http://feeds.feedburner.com/malukah";} + {url = "http://jonasdn.blogspot.com/feeds/posts/default";} + {url = "https://www.destroyallsoftware.com/blog/index.xml";} + {url = "http://metajack.im/";} + {url = "https://haskell-at-work.com/feed.xml";} + {url = "http://temporal.pr0.pl/devblog/feed/";} + {url = "https://superevr.com/blog/feed/";} + {url = "http://thejoysofcode.com/rss";} + {url = "http://www.rsspect.com/rss/threeps.xml";} + {url = "http://brianzawesomeblog.blogspot.com/feeds/posts/default";} + {url = "http://ssj3gohan.tweakblogs.net/feed/";} + {url = "http://planet.mozilla.org/releng/atom.xml";} + {url = "https://grahamc.com/feed/";} + {url = "http://www.h-online.com/grand-atom.xml";} + {url = "https://jneem.github.io/feed.xml";} + {url = "http://blog.opensourceecology.org/feed/";} + {url = "http://pepijndevos.nl/atom.xml";} + {url = "https://wedistribute.org/feed/";} + {url = "http://www.wattnotions.com/feed/";} + {url = "https://blondihacks.com/feed/";} + {url = "http://ghcarm.wordpress.com/feed/";} + {url = "http://blog.tkjelectronics.dk/feed/";} + {url = "https://www.circuitlab.com/blog/feed/";} + {url = "http://danluu.com/atom.xml";} + {url = "http://silverwingedseraph.net/feed";} + {url = "http://takbardzozle.blogspot.com/feeds/posts/default";} + {url = "https://weekly.nixos.org/feeds/all.rss.xml";} + {url = "http://www.hscott.net/feed/";} + {url = "http://feeds.feedburner.com/kernelmag?format=xml";} + {url = "http://www.malwaretech.com/feeds/posts/default";} + {url = "https://nixos.org/blogs.xml";} + {url = "http://spaceismore.com/feed/";} + {url = "https://blog.cyplo.dev/index.xml";} + {url = "https://blog.kobol.io/feed.xml";} + {url = "http://blog.ffwll.ch/feeds/posts/default";} + {url = "http://blog.pnkfx.org/atom.xml";} + {url = "http://metaltronics.wordpress.com/feed/";} + {url = "http://ncrmnt.org/wp/feed/";} + {url = "http://www.arachnidlabs.com/atom.xml";} + {url = "http://blogs.valvesoftware.com/feed/";} + {url = "http://billmccloskey.wordpress.com/feed/";} + {url = "http://sparkleshare.org/feed/";} + {url = "http://osprintingllc.com/feed/";} { - url = - "https://forum.openwrt.org/extern.php?action=feed&fid=11&type=rss"; + url = "https://forum.openwrt.org/extern.php?action=feed&fid=11&type=rss"; } - { url = "http://corgibytes.com/feed.xml"; } - { url = "http://chatolandia.pl/feed/"; } - { url = "http://niczsoft.com/feed/"; } - { url = "http://blog.macrofab.net/feed/"; } - { url = "http://hackaday.com/feed/"; } - { url = "https://blog.uncensoreddns.org/feeds/atom/all/"; } - { url = "http://www.paulallenengineering.com/1/feed"; } + {url = "http://corgibytes.com/feed.xml";} + {url = "http://chatolandia.pl/feed/";} + {url = "http://niczsoft.com/feed/";} + {url = "http://blog.macrofab.net/feed/";} + {url = "http://hackaday.com/feed/";} + {url = "https://blog.uncensoreddns.org/feeds/atom/all/";} + {url = "http://www.paulallenengineering.com/1/feed";} { - url = - "http://komornik.wroclaw.pl/index.php?option=com_rss&feed=RSS2.0&no_html=1"; + url = "http://komornik.wroclaw.pl/index.php?option=com_rss&feed=RSS2.0&no_html=1"; } - { url = "https://rachelbythebay.com/w/atom.xml"; } - { url = "http://sliptonic.com/feed/"; } - { url = "http://blog.unsecu.re/feeds/posts/default"; } - { url = "http://neverworkintheory.org/feed.xml"; } - { url = "http://kocikocizabci.blogspot.com/feeds/posts/default"; } - { url = "https://blog.christophersmart.com/feed/"; } - { url = "http://sarah.thesharps.us/feed/"; } - { url = "http://explique.me/feed.xml"; } - { url = "http://www.arcfn.com/feeds/posts/default"; } - { url = "http://sunrider-vn.com/feed/"; } - { url = "http://www.wrocnet.org/syndication.axd"; } - { url = "http://www.goldsborough.me/feed.xml"; } - { url = "http://blog.tilaa.nl/feeds/posts/default"; } - { url = "http://latkin.org/blog/index.xml"; } - { url = "https://ind.ie/blog/rss/index.xml"; } - { url = "http://spritesmods.com/rss.php"; } - { url = "http://codeascraft.etsy.com/feed/"; } - { url = "http://chrisgammell.com/feed/"; } - { url = "https://www.stellar.org/feed/"; } - { url = "http://shenzhentrip.blogspot.com/feeds/posts/default"; } - { url = "https://aphyr.com/posts.atom"; } - { url = "http://www.latentlaboratories.com/blog?format=RSS"; } - { url = "http://zentasrobots.com/feed/"; } - { url = "http://grugq.github.io/atom.xml"; } - { url = "http://gusclass.com/blog/feed/"; } - { url = "http://www.devttys0.com/feed/"; } - { url = "https://www.ruma.io/news/feed.atom"; } - { url = "http://runawaybrainz.blogspot.com/feeds/posts/default"; } - { url = "http://blog.ploeh.dk/rss.xml"; } - { url = "http://lab.whitequark.org/atom.xml"; } - { url = "http://rroarr.blog.pl/index.rss"; } - { url = "http://slic3r.org/rss"; } - { url = "http://feeds.feedburner.com/EmbeddedInAcademia"; } - { url = "http://mightydevices.com/?feed=rss2"; } - { url = "http://www.cppwroclaw.pl/dokuwiki/feed.php"; } - { url = "http://pagekite.net/Blog?rss=1"; } - { url = "http://iradan.com/?feed=rss2"; } - { url = "http://tirania.org/blog/miguel.rss2"; } - { url = "http://the-missing-link-of-agile.com/feed/"; } - { url = "http://www.kroah.com/log/index.rss"; } - { url = "http://ebldc.com/?feed=rss2"; } - { url = "http://codegangsta.io/atom.xml"; } - { url = "http://intorust.com/feed.xml"; } - { url = "http://carol-nichols.com/feed.xml"; } - { url = "http://blogs.msdn.com/b/ericlippert/atom.aspx"; } - { url = "http://kroah.com/log/index.rss"; } - { url = "http://quinndunki.com/blondihacks/?feed=rss2"; } - { url = "http://gerrysweeney.com/feed/"; } - { url = "http://cybergibbons.com/feed/"; } - { url = "https://freedom-to-tinker.com/feed/"; } - { url = "http://sealedabstract.com/feed/"; } - { url = "http://hermanradtke.com/atom.xml"; } - { url = "http://feeds.feedburner.com/plainlystated/xtwL?format=xml"; } - { url = "http://www.mdswanson.com/atom.xml"; } - { url = "http://feeds.feedburner.com/thegrue"; } - { url = "https://gergely.imreh.net/blog/feed/"; } - { url = "http://www.sigrok.org/blog/rss.xml"; } - { url = "https://thesquareplanet.com/feed.xml"; } - { url = "http://feedpress.me/inessential"; } - { url = "http://wheningit.tumblr.com/rss"; } - { url = "http://b.truzzi.me/?feed=rss2"; } - { url = "https://blog.conformal.com/feed/"; } - { url = "http://windytan.blogspot.com/feeds/posts/default"; } - { url = "http://www.logicalelegance.com/journey/feed/"; } - { url = "https://www.adafruit.com/blog/feed/"; } - { url = "https://electronichamsters.wordpress.com/feed/"; } - { url = "http://security.goatse.fr/feed"; } - { url = "http://panoptykon.org/rss.xml"; } - { url = "http://blog.piston.rs/atom.xml"; } - { url = "http://tenderlovemaking.com/atom.xml"; } - { url = "http://www.wired.com/threatlevel/feed/"; } - { url = "http://onethingwell.org/rss"; } - { url = "http://serialized.net/rss.xml"; } - { url = "http://aosabook.org/blog/feeds/all.atom.xml"; } - { url = "http://www.alicegrove.com/rss"; } - { url = "http://www.konradokonski.com/KWD/feed/"; } - { url = "http://way-cooler.org/feed.xml"; } - { url = "http://antygea.blogspot.com/feeds/posts/default"; } - { url = "http://blog.gameagent.com/feed/"; } - { url = "http://llogiq.github.io/feed.xml"; } - { url = "http://lambda-the-ultimate.org/rss.xml"; } - { url = "https://soldernerd.com/feed/"; } - { url = "http://www.0xrage.com/?feed=rss2"; } - { url = "http://www.bitscope.com/blog/feed.xml"; } - { url = "http://theprofoundprogrammer.com/rss"; } - { url = "http://essentialscrap.com/rss.xml"; } - { url = "http://handmade.hackaday.com/feed/"; } - { url = "http://events.ccc.de/feed/"; } - { url = "http://www.estechnical.co.uk/blog/latest?format=feed&type=rss"; } - { url = "http://perso.aquilenet.fr/~sven337/feeds/feed_english.xml"; } - { url = "http://blog.trailofbits.com/feed/"; } - { url = "https://michaelwoerister.github.io/feed.xml"; } - { url = "http://nitschinger.at//index.xml"; } - { url = "http://lambdaops.com/feed"; } - { url = "http://simon-says-architecture.com/feed/"; } - { url = "https://sha2017.org/rss.xml"; } - { url = "http://www.davidhunt.ie/feed/"; } - { url = "https://begriffs.com/atom.xml"; } - { url = "http://dankaminsky.com/feed/"; } - { url = "http://www.analogzoo.com/feed/"; } - { url = "http://blog.makezine.com/feed/"; } - { url = "http://wot.lv/feeds/all.atom.xml"; } - { url = "http://www.bunniestudios.com/blog/?feed=rss2"; } - { url = "http://lukelectro.wordpress.com/feed/"; } - { url = "http://buffered.io/index.xml"; } - { url = "http://www.yesodweb.com/feed"; } - { url = "http://lcamtuf.blogspot.com/feeds/posts/default"; } - { url = "http://feeds.feedburner.com/schneier/fulltext"; } - { url = "https://simplysecure.org/feed.xml"; } - { url = "http://maryrosecook.com/blog/feed"; } - { url = "https://nathanleclaire.com/index.xml"; } - { url = "http://downingsbasement.com/feed/"; } - { url = "http://www.pxdojo.net/feeds/posts/default"; } - { url = "http://fulmicoton.com/atom.xml"; } - { url = "http://rys.io/en/rss"; } - { url = "https://rust-embedded.github.io/blog/rss.xml"; } - { url = "https://pointersgonewild.com/feed/"; } - { url = "http://blog.cryptographyengineering.com/feeds/posts/default"; } - { url = "http://www.hardhack.org/feed/"; } - { url = "http://blog.system76.com/rss"; } - { url = "https://www.mailpile.is/blog/index.rss"; } - { url = "https://blog.rustfest.eu/feed.xml"; } - { url = "http://nullr0ute.com/feed/"; } - { url = "http://xion.io/feeds/atom.xml"; } - { url = "http://blog.mozilla.org/nfroyd/feed/"; } - { url = "http://anniemachon.ch/feed"; } - { url = "http://befinitiv.wordpress.com/feed/"; } - { url = "http://www.2600.com/rss.xml"; } - { url = "http://www.planet-rust.com/atom.xml"; } - { url = "http://www.elidedbranches.com/feeds/posts/default"; } - { url = "http://www.eevblog.com/feed/"; } - { url = "http://www.questionablecontent.net/QCRSS.xml"; } - { url = "http://davidegironi.blogspot.com/feeds/posts/default"; } - { url = "http://intorust.com/blog/feed.xml"; } - { url = "http://londyn.msz.gov.pl/rss/ambasadalondynaktualnosci.xml450"; } - { url = "http://www.thegamercat.com/feed/"; } - { url = "http://feeds.feedburner.com/gadgetfactory/zjHC"; } - { url = "http://embedderslife.wordpress.com/feed/"; } - { url = "http://blog.ctf365.com/feed/"; } - { url = "http://owncloud.org/news/feed/"; } - { url = "http://jreeblog.wordpress.com/feed/"; } - { url = "http://www.wildcircuits.com/feeds/posts/default"; } - { url = "http://www.raspberrypi.org/feed"; } - { url = "https://apollo.open-resource.org/mission:log:feed"; } - { url = "http://bikerglen.com/blog/feed/"; } - { url = "http://www.crypto.com/blog/rss20.xml"; } - { url = "https://www.platymuus.com/feed.xml"; } - { url = "http://oneweekwonder.blogspot.com/feeds/posts/default"; } - { url = "https://blog.mozilla.org/thunderbird/feed/"; } - { url = "https://blog.mozilla.org/research/feed/"; } - { url = "http://thesignalpath.com/blogs/feed/"; } - { url = "http://www.daemonology.net/blog/index.rss"; } - { url = "http://dangerousprototypes.com/feed/"; } - { url = "https://www.trueos.org/feed/"; } - { url = "http://nautil.us/rss/all"; } - { url = "http://blog.computationalcomplexity.org/feeds/posts/default"; } - { url = "http://blog.humblebundle.com/rss"; } - { url = "https://copperhead.co/feed.xml"; } - { url = "http://blog.xamarin.com/feed/"; } - { url = "http://coreos.com/atom.xml"; } - { url = "http://lowpowerlab.com/feed/"; } - { url = "http://feeds.feedburner.com/TheBitBangTheory_en?format=xml"; } - { url = "http://feeds.feedburner.com/TheLifeOfKenneth"; } - { url = "http://corporat.blox.pl/rss2"; } - { url = "http://www.willowgarage.com/news/feed"; } - { url = "http://nakedsecurity.sophos.com/feed/"; } - { url = "http://edri.org/feed/"; } - { url = "https://ruudvanasseldonk.com/feed.xml"; } - { url = "http://www.lowrisc.org//index.xml"; } - { url = "http://feeds.feedburner.com/Phoronix"; } - { url = "http://jvns.ca/atom.xml"; } - { url = "http://feeds.feedburner.com/steveklabnik/words"; } - { url = "https://blog.torproject.org/blog/feed"; } - { url = "http://this-week-in-rust.org/atom.xml"; } - { url = "http://opensource.com/feed"; } - { url = "http://blog.elementary.io/rss"; } - { url = "https://www.insinuator.net/feed/"; } - { url = "https://www.mapbox.com/blog/blog.rss"; } - { url = "http://www.harmj0y.net/blog/feed/"; } - { url = "http://codurance.com/atom.xml"; } - { url = "https://blog.makersacademy.com/feed"; } - { url = "https://sensepost.com/rss.xml"; } - { url = "https://www.evilsocket.net/atom.xml"; } - { url = "https://krebsonsecurity.com/feed/"; } - { url = "https://tisiphone.net/feed/"; } - { url = "https://blog.bastion.rs/feed.xml"; } + {url = "https://rachelbythebay.com/w/atom.xml";} + {url = "http://sliptonic.com/feed/";} + {url = "http://blog.unsecu.re/feeds/posts/default";} + {url = "http://neverworkintheory.org/feed.xml";} + {url = "http://kocikocizabci.blogspot.com/feeds/posts/default";} + {url = "https://blog.christophersmart.com/feed/";} + {url = "http://sarah.thesharps.us/feed/";} + {url = "http://explique.me/feed.xml";} + {url = "http://www.arcfn.com/feeds/posts/default";} + {url = "http://sunrider-vn.com/feed/";} + {url = "http://www.wrocnet.org/syndication.axd";} + {url = "http://www.goldsborough.me/feed.xml";} + {url = "http://blog.tilaa.nl/feeds/posts/default";} + {url = "http://latkin.org/blog/index.xml";} + {url = "https://ind.ie/blog/rss/index.xml";} + {url = "http://spritesmods.com/rss.php";} + {url = "http://codeascraft.etsy.com/feed/";} + {url = "http://chrisgammell.com/feed/";} + {url = "https://www.stellar.org/feed/";} + {url = "http://shenzhentrip.blogspot.com/feeds/posts/default";} + {url = "https://aphyr.com/posts.atom";} + {url = "http://www.latentlaboratories.com/blog?format=RSS";} + {url = "http://zentasrobots.com/feed/";} + {url = "http://grugq.github.io/atom.xml";} + {url = "http://gusclass.com/blog/feed/";} + {url = "http://www.devttys0.com/feed/";} + {url = "https://www.ruma.io/news/feed.atom";} + {url = "http://runawaybrainz.blogspot.com/feeds/posts/default";} + {url = "http://blog.ploeh.dk/rss.xml";} + {url = "http://lab.whitequark.org/atom.xml";} + {url = "http://rroarr.blog.pl/index.rss";} + {url = "http://slic3r.org/rss";} + {url = "http://feeds.feedburner.com/EmbeddedInAcademia";} + {url = "http://mightydevices.com/?feed=rss2";} + {url = "http://www.cppwroclaw.pl/dokuwiki/feed.php";} + {url = "http://pagekite.net/Blog?rss=1";} + {url = "http://iradan.com/?feed=rss2";} + {url = "http://tirania.org/blog/miguel.rss2";} + {url = "http://the-missing-link-of-agile.com/feed/";} + {url = "http://www.kroah.com/log/index.rss";} + {url = "http://ebldc.com/?feed=rss2";} + {url = "http://codegangsta.io/atom.xml";} + {url = "http://intorust.com/feed.xml";} + {url = "http://carol-nichols.com/feed.xml";} + {url = "http://blogs.msdn.com/b/ericlippert/atom.aspx";} + {url = "http://kroah.com/log/index.rss";} + {url = "http://quinndunki.com/blondihacks/?feed=rss2";} + {url = "http://gerrysweeney.com/feed/";} + {url = "http://cybergibbons.com/feed/";} + {url = "https://freedom-to-tinker.com/feed/";} + {url = "http://sealedabstract.com/feed/";} + {url = "http://hermanradtke.com/atom.xml";} + {url = "http://feeds.feedburner.com/plainlystated/xtwL?format=xml";} + {url = "http://www.mdswanson.com/atom.xml";} + {url = "http://feeds.feedburner.com/thegrue";} + {url = "https://gergely.imreh.net/blog/feed/";} + {url = "http://www.sigrok.org/blog/rss.xml";} + {url = "https://thesquareplanet.com/feed.xml";} + {url = "http://feedpress.me/inessential";} + {url = "http://wheningit.tumblr.com/rss";} + {url = "http://b.truzzi.me/?feed=rss2";} + {url = "https://blog.conformal.com/feed/";} + {url = "http://windytan.blogspot.com/feeds/posts/default";} + {url = "http://www.logicalelegance.com/journey/feed/";} + {url = "https://www.adafruit.com/blog/feed/";} + {url = "https://electronichamsters.wordpress.com/feed/";} + {url = "http://security.goatse.fr/feed";} + {url = "http://panoptykon.org/rss.xml";} + {url = "http://blog.piston.rs/atom.xml";} + {url = "http://tenderlovemaking.com/atom.xml";} + {url = "http://www.wired.com/threatlevel/feed/";} + {url = "http://onethingwell.org/rss";} + {url = "http://serialized.net/rss.xml";} + {url = "http://aosabook.org/blog/feeds/all.atom.xml";} + {url = "http://www.alicegrove.com/rss";} + {url = "http://www.konradokonski.com/KWD/feed/";} + {url = "http://way-cooler.org/feed.xml";} + {url = "http://antygea.blogspot.com/feeds/posts/default";} + {url = "http://blog.gameagent.com/feed/";} + {url = "http://llogiq.github.io/feed.xml";} + {url = "http://lambda-the-ultimate.org/rss.xml";} + {url = "https://soldernerd.com/feed/";} + {url = "http://www.0xrage.com/?feed=rss2";} + {url = "http://www.bitscope.com/blog/feed.xml";} + {url = "http://theprofoundprogrammer.com/rss";} + {url = "http://essentialscrap.com/rss.xml";} + {url = "http://handmade.hackaday.com/feed/";} + {url = "http://events.ccc.de/feed/";} + {url = "http://www.estechnical.co.uk/blog/latest?format=feed&type=rss";} + {url = "http://perso.aquilenet.fr/~sven337/feeds/feed_english.xml";} + {url = "http://blog.trailofbits.com/feed/";} + {url = "https://michaelwoerister.github.io/feed.xml";} + {url = "http://nitschinger.at//index.xml";} + {url = "http://lambdaops.com/feed";} + {url = "http://simon-says-architecture.com/feed/";} + {url = "https://sha2017.org/rss.xml";} + {url = "http://www.davidhunt.ie/feed/";} + {url = "https://begriffs.com/atom.xml";} + {url = "http://dankaminsky.com/feed/";} + {url = "http://www.analogzoo.com/feed/";} + {url = "http://blog.makezine.com/feed/";} + {url = "http://wot.lv/feeds/all.atom.xml";} + {url = "http://www.bunniestudios.com/blog/?feed=rss2";} + {url = "http://lukelectro.wordpress.com/feed/";} + {url = "http://buffered.io/index.xml";} + {url = "http://www.yesodweb.com/feed";} + {url = "http://lcamtuf.blogspot.com/feeds/posts/default";} + {url = "http://feeds.feedburner.com/schneier/fulltext";} + {url = "https://simplysecure.org/feed.xml";} + {url = "http://maryrosecook.com/blog/feed";} + {url = "https://nathanleclaire.com/index.xml";} + {url = "http://downingsbasement.com/feed/";} + {url = "http://www.pxdojo.net/feeds/posts/default";} + {url = "http://fulmicoton.com/atom.xml";} + {url = "http://rys.io/en/rss";} + {url = "https://rust-embedded.github.io/blog/rss.xml";} + {url = "https://pointersgonewild.com/feed/";} + {url = "http://blog.cryptographyengineering.com/feeds/posts/default";} + {url = "http://www.hardhack.org/feed/";} + {url = "http://blog.system76.com/rss";} + {url = "https://www.mailpile.is/blog/index.rss";} + {url = "https://blog.rustfest.eu/feed.xml";} + {url = "http://nullr0ute.com/feed/";} + {url = "http://xion.io/feeds/atom.xml";} + {url = "http://blog.mozilla.org/nfroyd/feed/";} + {url = "http://anniemachon.ch/feed";} + {url = "http://befinitiv.wordpress.com/feed/";} + {url = "http://www.2600.com/rss.xml";} + {url = "http://www.planet-rust.com/atom.xml";} + {url = "http://www.elidedbranches.com/feeds/posts/default";} + {url = "http://www.eevblog.com/feed/";} + {url = "http://www.questionablecontent.net/QCRSS.xml";} + {url = "http://davidegironi.blogspot.com/feeds/posts/default";} + {url = "http://intorust.com/blog/feed.xml";} + {url = "http://londyn.msz.gov.pl/rss/ambasadalondynaktualnosci.xml450";} + {url = "http://www.thegamercat.com/feed/";} + {url = "http://feeds.feedburner.com/gadgetfactory/zjHC";} + {url = "http://embedderslife.wordpress.com/feed/";} + {url = "http://blog.ctf365.com/feed/";} + {url = "http://owncloud.org/news/feed/";} + {url = "http://jreeblog.wordpress.com/feed/";} + {url = "http://www.wildcircuits.com/feeds/posts/default";} + {url = "http://www.raspberrypi.org/feed";} + {url = "https://apollo.open-resource.org/mission:log:feed";} + {url = "http://bikerglen.com/blog/feed/";} + {url = "http://www.crypto.com/blog/rss20.xml";} + {url = "https://www.platymuus.com/feed.xml";} + {url = "http://oneweekwonder.blogspot.com/feeds/posts/default";} + {url = "https://blog.mozilla.org/thunderbird/feed/";} + {url = "https://blog.mozilla.org/research/feed/";} + {url = "http://thesignalpath.com/blogs/feed/";} + {url = "http://www.daemonology.net/blog/index.rss";} + {url = "http://dangerousprototypes.com/feed/";} + {url = "https://www.trueos.org/feed/";} + {url = "http://nautil.us/rss/all";} + {url = "http://blog.computationalcomplexity.org/feeds/posts/default";} + {url = "http://blog.humblebundle.com/rss";} + {url = "https://copperhead.co/feed.xml";} + {url = "http://blog.xamarin.com/feed/";} + {url = "http://coreos.com/atom.xml";} + {url = "http://lowpowerlab.com/feed/";} + {url = "http://feeds.feedburner.com/TheBitBangTheory_en?format=xml";} + {url = "http://feeds.feedburner.com/TheLifeOfKenneth";} + {url = "http://corporat.blox.pl/rss2";} + {url = "http://www.willowgarage.com/news/feed";} + {url = "http://nakedsecurity.sophos.com/feed/";} + {url = "http://edri.org/feed/";} + {url = "https://ruudvanasseldonk.com/feed.xml";} + {url = "http://www.lowrisc.org//index.xml";} + {url = "http://feeds.feedburner.com/Phoronix";} + {url = "http://jvns.ca/atom.xml";} + {url = "http://feeds.feedburner.com/steveklabnik/words";} + {url = "https://blog.torproject.org/blog/feed";} + {url = "http://this-week-in-rust.org/atom.xml";} + {url = "http://opensource.com/feed";} + {url = "http://blog.elementary.io/rss";} + {url = "https://www.insinuator.net/feed/";} + {url = "https://www.mapbox.com/blog/blog.rss";} + {url = "http://www.harmj0y.net/blog/feed/";} + {url = "http://codurance.com/atom.xml";} + {url = "https://blog.makersacademy.com/feed";} + {url = "https://sensepost.com/rss.xml";} + {url = "https://www.evilsocket.net/atom.xml";} + {url = "https://krebsonsecurity.com/feed/";} + {url = "https://tisiphone.net/feed/";} + {url = "https://blog.bastion.rs/feed.xml";} ]; }; } diff --git a/nixos/home-manager/programs/ssh.nix b/nixos/home-manager/programs/ssh.nix index 985f1add..e7746606 100644 --- a/nixos/home-manager/programs/ssh.nix +++ b/nixos/home-manager/programs/ssh.nix @@ -1,7 +1,9 @@ -{ config, pkgs, ... }: { - +{ + config, + pkgs, + ... +}: { programs.ssh.extraConfig = '' StrictHostKeyChecking=accept-new ''; - } diff --git a/nixos/home-manager/programs/termite.nix b/nixos/home-manager/programs/termite.nix index 1c930cc4..91232474 100644 --- a/nixos/home-manager/programs/termite.nix +++ b/nixos/home-manager/programs/termite.nix @@ -1,5 +1,9 @@ -{ config, pkgs, ... }: { - home.sessionVariables = { TERMINAL = "termite"; }; +{ + config, + pkgs, + ... +}: { + home.sessionVariables = {TERMINAL = "termite";}; programs.termite = { enable = true; allowBold = true; diff --git a/nixos/home-manager/programs/tmux.nix b/nixos/home-manager/programs/tmux.nix index 1e90ce38..92365df9 100644 --- a/nixos/home-manager/programs/tmux.nix +++ b/nixos/home-manager/programs/tmux.nix @@ -1,4 +1,8 @@ -{ config, pkgs, ... }: { +{ + config, + pkgs, + ... +}: { programs.tmux = { enable = true; shortcut = "a"; diff --git a/nixos/home-manager/programs/vim.nix b/nixos/home-manager/programs/vim.nix index 4290b100..a54a6657 100644 --- a/nixos/home-manager/programs/vim.nix +++ b/nixos/home-manager/programs/vim.nix @@ -1,12 +1,18 @@ -{ config, pkgs, lib, inputs, system, ... }: -let +{ + config, + pkgs, + lib, + inputs, + system, + ... +}: let unstablePackages = inputs.nixpkgs-nixos-unstable.legacyPackages."${system}"; nil = inputs.nil.packages."${system}".default; cocPackage = unstablePackages.vimPlugins.coc-nvim; nvimPackage = unstablePackages.neovim-unwrapped; in { home.file.".vimrc".source = ../../../.vimrc; - home.packages = with pkgs; [ ripgrep ]; + home.packages = with pkgs; [ripgrep]; programs.neovim = { enable = true; package = nvimPackage; @@ -22,12 +28,11 @@ in { languageserver = { nix = { command = "${nil}/bin/nil"; - rootPatterns = [ "flake.nix" ]; - filetypes = [ "nix" ]; + rootPatterns = ["flake.nix"]; + filetypes = ["nix"]; }; }; }; - }; viAlias = true; vimAlias = true; @@ -37,58 +42,58 @@ in { withRuby = true; plugins = with pkgs; - with pkgs.vimPlugins; [ - (vimUtils.buildVimPluginFrom2Nix rec { - pname = "vim-tada"; - version = "2022-04-22"; - src = fetchFromGitHub { - owner = "dewyze"; - repo = pname; - rev = "acfda7229fc487ee6da44650164cb770d1cc608c"; - sha256 = "sha256-9kvLbzrVjtBTjbXmhJ7JTggXgFvGVF7sc2YiVW9fUGY="; - }; - }) - (vimUtils.buildVimPluginFrom2Nix rec { - pname = "srht.vim"; - version = "2022-01-04"; - src = fetchFromSourcehut { - owner = "~willdurand"; - repo = pname; - rev = "825e685f75464cbd41a5f8eded974e46f416355e"; - sha256 = "sha256-9/Yeqmq/1ZIIsEgsrLLZ7o0cjOt/wlUgeLEzJoK7eco="; - }; - }) - ack-vim - coc-go - coc-highlight - coc-rust-analyzer - coc-yaml - committia-vim - ctrlp-vim - editorconfig-vim - fzf-vim - lsp-colors-nvim - nvim-tree-lua - nvim-web-devicons - quickfix-reflector-vim - rainbow - tabular - vim-airline - vim-airline-themes - vim-autoformat - vim-colors-solarized - vim-devicons - vim-dirdiff - vim-dispatch - vim-fugitive - vim-gitgutter - vim-markdown - vim-nix - vim-sensible - vim-startify - vim-surround - vim-toml - ]; + with pkgs.vimPlugins; [ + (vimUtils.buildVimPluginFrom2Nix rec { + pname = "vim-tada"; + version = "2022-04-22"; + src = fetchFromGitHub { + owner = "dewyze"; + repo = pname; + rev = "acfda7229fc487ee6da44650164cb770d1cc608c"; + sha256 = "sha256-9kvLbzrVjtBTjbXmhJ7JTggXgFvGVF7sc2YiVW9fUGY="; + }; + }) + (vimUtils.buildVimPluginFrom2Nix rec { + pname = "srht.vim"; + version = "2022-01-04"; + src = fetchFromSourcehut { + owner = "~willdurand"; + repo = pname; + rev = "825e685f75464cbd41a5f8eded974e46f416355e"; + sha256 = "sha256-9/Yeqmq/1ZIIsEgsrLLZ7o0cjOt/wlUgeLEzJoK7eco="; + }; + }) + ack-vim + coc-go + coc-highlight + coc-rust-analyzer + coc-yaml + committia-vim + ctrlp-vim + editorconfig-vim + fzf-vim + lsp-colors-nvim + nvim-tree-lua + nvim-web-devicons + quickfix-reflector-vim + rainbow + tabular + vim-airline + vim-airline-themes + vim-autoformat + vim-colors-solarized + vim-devicons + vim-dirdiff + vim-dispatch + vim-fugitive + vim-gitgutter + vim-markdown + vim-nix + vim-sensible + vim-startify + vim-surround + vim-toml + ]; extraConfig = '' if filereadable($HOME . "/.vimrc") source $HOME/.vimrc diff --git a/nixos/home-manager/programs/zsh.nix b/nixos/home-manager/programs/zsh.nix index 3d48dedd..7d3091dd 100644 --- a/nixos/home-manager/programs/zsh.nix +++ b/nixos/home-manager/programs/zsh.nix @@ -1,4 +1,8 @@ -{ config, pkgs, ... }: { +{ + config, + pkgs, + ... +}: { programs.zsh = { enable = true; history = { @@ -14,7 +18,7 @@ oh-my-zsh = { enable = true; - plugins = [ "vi-mode" "git" "python" "history-substring-search" "tmux" ]; + plugins = ["vi-mode" "git" "python" "history-substring-search" "tmux"]; }; initExtra = '' @@ -65,7 +69,7 @@ programs.direnv = { enable = true; enableZshIntegration = true; - nix-direnv = { enable = true; }; + nix-direnv = {enable = true;}; }; home.file.".config/starship.toml".text = '' diff --git a/nixos/home-manager/scripts.nix b/nixos/home-manager/scripts.nix index 010e59ac..249d9796 100644 --- a/nixos/home-manager/scripts.nix +++ b/nixos/home-manager/scripts.nix @@ -1,4 +1,8 @@ -{ config, pkgs, ... }: { +{ + config, + pkgs, + ... +}: { imports = [ ./scripts/mount-vault.nix ./scripts/umount-vault.nix diff --git a/nixos/home-manager/scripts/download.nix b/nixos/home-manager/scripts/download.nix index 207ec74b..07590973 100644 --- a/nixos/home-manager/scripts/download.nix +++ b/nixos/home-manager/scripts/download.nix @@ -1,11 +1,11 @@ -{ config, pkgs, ... }: - -let +{ + config, + pkgs, + ... +}: let download = pkgs.writeShellScriptBin "download" '' ${pkgs.aria}/bin/aria2c -x 16 -s 16 $@ ''; - in { - - home.packages = with pkgs; [ download ]; + home.packages = with pkgs; [download]; } diff --git a/nixos/home-manager/scripts/mount-vault.nix b/nixos/home-manager/scripts/mount-vault.nix index bbbc721f..3463a2ad 100644 --- a/nixos/home-manager/scripts/mount-vault.nix +++ b/nixos/home-manager/scripts/mount-vault.nix @@ -1,6 +1,8 @@ -{ config, pkgs, ... }: - -let +{ + config, + pkgs, + ... +}: let mount-vault = pkgs.writeTextFile { name = "mount-vault"; executable = true; @@ -49,8 +51,6 @@ let fi ''; }; - in { - - home.packages = with pkgs; [ mount-vault ]; + home.packages = with pkgs; [mount-vault]; } diff --git a/nixos/home-manager/scripts/umount-vault.nix b/nixos/home-manager/scripts/umount-vault.nix index f579b472..99b49cb4 100644 --- a/nixos/home-manager/scripts/umount-vault.nix +++ b/nixos/home-manager/scripts/umount-vault.nix @@ -1,6 +1,8 @@ -{ config, pkgs, ... }: - -let +{ + config, + pkgs, + ... +}: let umount-vault = pkgs.writeTextFile { name = "umount-vault"; executable = true; @@ -16,5 +18,4 @@ let $VERACRYPT -t -d ''; }; - -in { home.packages = with pkgs; [ umount-vault ]; } +in {home.packages = with pkgs; [umount-vault];} diff --git a/nixos/i3/autorandr.nix b/nixos/i3/autorandr.nix index 352d203d..7e84634e 100644 --- a/nixos/i3/autorandr.nix +++ b/nixos/i3/autorandr.nix @@ -1,4 +1,8 @@ -{ config, pkgs, ... }: { +{ + config, + pkgs, + ... +}: { services.autorandr.enable = true; home-manager.users.cyryl = _: { programs.autorandr = { @@ -23,15 +27,12 @@ }; profiles = { "foureighty-docked" = { - fingerprint = { - eDP1 = - "00ffffffffffff0030e4ee0500000000001c0104a51f1178e272e5a15148a2280e505400000001010101010101010101010101010101695e00a0a0a029503020a50035ae1000001a000000000000000000000000000000000000000000fe004c4720446973706c61790a2020000000fe004c503134305148322d535044310060"; - DP1 = - "00ffffffffffff0026cd4e66f3030000271d0104b53c22783ef6d5a7544b9e250d5054bfef80714f8140818081c09500b300d1c001014dd000a0f0703e8030203500544f2100001a000000ff0031313636333933393031303131000000fd00184c1fa03c000a202020202020000000fc00504c3237393255480a202020200176020320f15390050403020716011f121314201511065d5e5f2309070783010000023a801871382d40582c4500544f2100001f011d8018711c1620582c2500544f2100009fa76600a0f0701f8030205500544f2100001ff45100a0f070198030203500544f2100001f565e00a0a0a0295030203500544f2100001b000000000059"; + eDP1 = "00ffffffffffff0030e4ee0500000000001c0104a51f1178e272e5a15148a2280e505400000001010101010101010101010101010101695e00a0a0a029503020a50035ae1000001a000000000000000000000000000000000000000000fe004c4720446973706c61790a2020000000fe004c503134305148322d535044310060"; + DP1 = "00ffffffffffff0026cd4e66f3030000271d0104b53c22783ef6d5a7544b9e250d5054bfef80714f8140818081c09500b300d1c001014dd000a0f0703e8030203500544f2100001a000000ff0031313636333933393031303131000000fd00184c1fa03c000a202020202020000000fc00504c3237393255480a202020200176020320f15390050403020716011f121314201511065d5e5f2309070783010000023a801871382d40582c4500544f2100001f011d8018711c1620582c2500544f2100009fa76600a0f0701f8030205500544f2100001ff45100a0f070198030203500544f2100001f565e00a0a0a0295030203500544f2100001b000000000059"; }; config = { - eDP1 = { enable = false; }; + eDP1 = {enable = false;}; DP1 = { enable = true; primary = true; @@ -42,8 +43,7 @@ }; "foureighty" = { fingerprint = { - eDP1 = - "00ffffffffffff0030e4ee0500000000001c0104a51f1178e272e5a15148a2280e505400000001010101010101010101010101010101695e00a0a0a029503020a50035ae1000001a000000000000000000000000000000000000000000fe004c4720446973706c61790a2020000000fe004c503134305148322d535044310060"; + eDP1 = "00ffffffffffff0030e4ee0500000000001c0104a51f1178e272e5a15148a2280e505400000001010101010101010101010101010101695e00a0a0a029503020a50035ae1000001a000000000000000000000000000000000000000000fe004c4720446973706c61790a2020000000fe004c503134305148322d535044310060"; }; config = { eDP1 = { @@ -57,5 +57,4 @@ }; }; }; - } diff --git a/nixos/i3/default.nix b/nixos/i3/default.nix index 0bb8c62b..fab4ff69 100644 --- a/nixos/i3/default.nix +++ b/nixos/i3/default.nix @@ -1,28 +1,36 @@ -{ config, pkgs, ... }: { - imports = [ ./autorandr.nix ./openweathermap-secrets.nix ]; - environment.systemPackages = with pkgs; [ dconf ]; +{ + config, + pkgs, + ... +}: { + imports = [./autorandr.nix ./openweathermap-secrets.nix]; + environment.systemPackages = with pkgs; [dconf]; programs.dconf.enable = true; security.sudo.extraRules = [ { - users = [ "cyryl" ]; - commands = [{ - command = "${pkgs.i3}/bin/i3-msg"; - options = [ "NOPASSWD" ]; - }]; + users = ["cyryl"]; + commands = [ + { + command = "${pkgs.i3}/bin/i3-msg"; + options = ["NOPASSWD"]; + } + ]; } { - users = [ "cyryl" ]; - commands = [{ - command = "${pkgs.intel-gpu-tools}/bin/intel_gpu_top"; - options = [ "NOPASSWD" ]; - }]; + users = ["cyryl"]; + commands = [ + { + command = "${pkgs.intel-gpu-tools}/bin/intel_gpu_top"; + options = ["NOPASSWD"]; + } + ]; } ]; xdg.portal = { enable = true; - extraPortals = with pkgs; [ xdg-desktop-portal-gtk xdg-desktop-portal-kde ]; + extraPortals = with pkgs; [xdg-desktop-portal-gtk xdg-desktop-portal-kde]; }; services = { @@ -31,7 +39,7 @@ allowAnyUser = true; }; - dbus = { packages = with pkgs; [ gnome2.GConf dconf ]; }; + dbus = {packages = with pkgs; [gnome2.GConf dconf];}; fractalart.enable = true; colord.enable = true; @@ -41,8 +49,8 @@ enableHidpi = true; }; }; - home-manager.users.cyryl = { ... }: { - imports = [ ./home.nix ]; - home.packages = with pkgs; [ ]; + home-manager.users.cyryl = {...}: { + imports = [./home.nix]; + home.packages = with pkgs; []; }; } diff --git a/nixos/i3/dunst.nix b/nixos/i3/dunst.nix index fd675000..9dec6716 100644 --- a/nixos/i3/dunst.nix +++ b/nixos/i3/dunst.nix @@ -1,4 +1,8 @@ -{ config, pkgs, ... }: { +{ + config, + pkgs, + ... +}: { services.dunst = { enable = true; settings = { diff --git a/nixos/i3/grobi.nix b/nixos/i3/grobi.nix index c2b29321..cb0b9e8b 100644 --- a/nixos/i3/grobi.nix +++ b/nixos/i3/grobi.nix @@ -1,6 +1,9 @@ -{ config, pkgs, ... }: { - - home.packages = with pkgs; [ grobi ]; +{ + config, + pkgs, + ... +}: { + home.packages = with pkgs; [grobi]; services.grobi = { enable = true; executeAfter = [ @@ -10,7 +13,7 @@ rules = [ { name = "foureighty-docked"; - outputs_connected = [ "eDP1" "DP1" ]; + outputs_connected = ["eDP1" "DP1"]; configure_single = "DP1"; execute_after = [ "${pkgs.xorg.xrandr}/bin/xrandr --dpi 192" @@ -19,7 +22,7 @@ } { name = "foureighty"; - outputs_connected = [ "eDP1-AUO-9014-0--" ]; + outputs_connected = ["eDP1-AUO-9014-0--"]; configure_single = "eDP1"; execute_after = [ "${pkgs.xorg.xrandr}/bin/xrandr --dpi 144" @@ -28,7 +31,7 @@ } { name = "skinnyv"; - outputs_connected = [ "eDP1-AUO-8493-0--" ]; + outputs_connected = ["eDP1-AUO-8493-0--"]; configure_single = "eDP1"; execute_after = [ "${pkgs.xorg.xrandr}/bin/xrandr --dpi 120" diff --git a/nixos/i3/home.nix b/nixos/i3/home.nix index fbd047a2..fc0b08d7 100644 --- a/nixos/i3/home.nix +++ b/nixos/i3/home.nix @@ -1,8 +1,11 @@ -{ config, pkgs, ... }: { - imports = - [ ./i3.nix ./i3status-rust.nix ./dunst.nix ./rofi.nix ./xidlehook.nix ]; +{ + config, + pkgs, + ... +}: { + imports = [./i3.nix ./i3status-rust.nix ./dunst.nix ./rofi.nix ./xidlehook.nix]; - home.sessionVariables = { CM_LAUNCHER = "rofi"; }; + home.sessionVariables = {CM_LAUNCHER = "rofi";}; services = { picom = { @@ -13,7 +16,7 @@ pasystray.enable = true; gnome-keyring = { enable = true; - components = [ "pkcs11" "secrets" "ssh" ]; + components = ["pkcs11" "secrets" "ssh"]; }; }; @@ -26,6 +29,5 @@ longitude = -1.0; }; - xsession = { enable = true; }; - + xsession = {enable = true;}; } diff --git a/nixos/i3/i3-status.nix b/nixos/i3/i3-status.nix index 360a54ed..1f866bc3 100644 --- a/nixos/i3/i3-status.nix +++ b/nixos/i3/i3-status.nix @@ -1,12 +1,16 @@ -{ config, pkgs, ... }: { +{ + config, + pkgs, + ... +}: { programs.i3status = { enable = true; enableDefault = false; modules = { - "load" = { position = 1; }; + "load" = {position = 1;}; "disk /" = { position = 2; - settings = { format = " %avail"; }; + settings = {format = " %avail";}; }; "memory" = { settings = { @@ -27,10 +31,9 @@ position = 3; }; "time" = { - settings = { format = "%a %d/%m %H:%M"; }; + settings = {format = "%a %d/%m %H:%M";}; position = 9; }; }; }; - } diff --git a/nixos/i3/i3.nix b/nixos/i3/i3.nix index d694df9b..065625c8 100644 --- a/nixos/i3/i3.nix +++ b/nixos/i3/i3.nix @@ -1,7 +1,11 @@ -{ config, pkgs, ... }: -let mod = "Mod4"; +{ + config, + pkgs, + ... +}: let + mod = "Mod4"; in { - home.packages = with pkgs; [ font-awesome intel-gpu-tools ]; + home.packages = with pkgs; [font-awesome intel-gpu-tools]; xsession.windowManager.i3 = { enable = true; @@ -23,8 +27,7 @@ in { notification = false; } { - command = - "exec xdg-mime default org.gnome.Evince.desktop application/pdf"; + command = "exec xdg-mime default org.gnome.Evince.desktop application/pdf"; always = false; notification = false; } @@ -42,19 +45,20 @@ in { }; workspaceLayout = "tabbed"; - bars = [{ - statusCommand = - "${pkgs.i3status-rust}/bin/i3status-rs ~/.config/i3status-rust/config-top.toml"; - position = "top"; - colors.background = "#001e26"; - colors.statusline = "#708183"; - fonts = { - names = [ "Berkeley Mono" "Font Awesome 6 Free" ]; - size = 10.0; - }; + bars = [ + { + statusCommand = "${pkgs.i3status-rust}/bin/i3status-rs ~/.config/i3status-rust/config-top.toml"; + position = "top"; + colors.background = "#001e26"; + colors.statusline = "#708183"; + fonts = { + names = ["Berkeley Mono" "Font Awesome 6 Free"]; + size = 10.0; + }; - trayOutput = "primary"; - }]; + trayOutput = "primary"; + } + ]; modifier = mod; keybindings = { @@ -65,25 +69,17 @@ in { "${mod}+Shift+l" = "exec physlock -d"; "${mod}+Return" = "exec i3-sensible-terminal"; - "XF86AudioRaiseVolume" = - "exec --no-startup-id pactl set-sink-volume @DEFAULT_SINK@ +5%"; - "XF86AudioLowerVolume" = - "exec --no-startup-id pactl set-sink-volume @DEFAULT_SINK@ -5%"; - "XF86AudioMute" = - "exec --no-startup-id pactl set-sink-mute @DEFAULT_SINK@ toggle"; - "XF86AudioMicMute" = - "exec --no-startup-id pactl set-source-mute @DEFAULT_SOURCE@ toggle"; + "XF86AudioRaiseVolume" = "exec --no-startup-id pactl set-sink-volume @DEFAULT_SINK@ +5%"; + "XF86AudioLowerVolume" = "exec --no-startup-id pactl set-sink-volume @DEFAULT_SINK@ -5%"; + "XF86AudioMute" = "exec --no-startup-id pactl set-sink-mute @DEFAULT_SINK@ toggle"; + "XF86AudioMicMute" = "exec --no-startup-id pactl set-source-mute @DEFAULT_SOURCE@ toggle"; - "XF86MonBrightnessUp" = - "exec light -s sysfs/backlight/intel_backlight -A 5"; - "XF86MonBrightnessDown" = - "exec light -s sysfs/backlight/intel_backlight -U 5"; + "XF86MonBrightnessUp" = "exec light -s sysfs/backlight/intel_backlight -A 5"; + "XF86MonBrightnessDown" = "exec light -s sysfs/backlight/intel_backlight -U 5"; - "Print" = - "exec ${pkgs.gnome3.gnome-screenshot}/bin/gnome-screenshot -i"; + "Print" = "exec ${pkgs.gnome3.gnome-screenshot}/bin/gnome-screenshot -i"; - "${mod}+r" = - "exec ${pkgs.rofi}/bin/rofi -show combi -combi-modi window#run#ssh -modi combi"; + "${mod}+r" = "exec ${pkgs.rofi}/bin/rofi -show combi -combi-modi window#run#ssh -modi combi"; "${mod}+c" = "exec ${pkgs.clipmenu}/bin/clipmenu"; "${mod}+q" = "kill"; "${mod}+f" = "fullscreen toggle"; @@ -120,8 +116,6 @@ in { "${mod}+Ctrl+Up" = "move workspace to output up"; "${mod}+Ctrl+Down" = "move workspace to output down"; }; - }; }; - } diff --git a/nixos/i3/i3status-rust.nix b/nixos/i3/i3status-rust.nix index e3037dd4..02ca4ec2 100644 --- a/nixos/i3/i3status-rust.nix +++ b/nixos/i3/i3status-rust.nix @@ -1,5 +1,8 @@ -{ config, pkgs, ... }: { - +{ + config, + pkgs, + ... +}: { programs.i3status-rust = { enable = true; bars = { diff --git a/nixos/i3/openweathermap-secrets.nix b/nixos/i3/openweathermap-secrets.nix index f7c70f39..7290c8b2 100644 --- a/nixos/i3/openweathermap-secrets.nix +++ b/nixos/i3/openweathermap-secrets.nix @@ -1,11 +1,13 @@ -{ config, pkgs, ... }: - { + config, + pkgs, + ... +}: { sops.secrets.openweathermap-api-key = { inherit (config.users.users.cyryl) group; mode = "0440"; owner = config.users.users.cyryl.name; sopsFile = ./openweathermap.sops.yaml; }; - home-manager.users.cyryl = { home.sessionVariables = { }; }; + home-manager.users.cyryl = {home.sessionVariables = {};}; } diff --git a/nixos/i3/polybar/polybar.nix b/nixos/i3/polybar/polybar.nix index 21264e45..813a965b 100644 --- a/nixos/i3/polybar/polybar.nix +++ b/nixos/i3/polybar/polybar.nix @@ -1,4 +1,8 @@ -{ config, pkgs, ... }: { +{ + config, + pkgs, + ... +}: { services.polybar = { enable = true; script = "polybar -r main_bar &"; @@ -10,7 +14,7 @@ githubSupport = true; }; config = { - "settings" = { screenchange-reload = "true"; }; + "settings" = {screenchange-reload = "true";}; "bar/main_bar" = { font-0 = "DejaVu Sans Mono for Powerline:size=12.0;weight=bold"; font-1 = "Weather Icons:size=12;0"; @@ -40,12 +44,11 @@ "module/weather" = { type = "custom/script"; interval = 600; - exec = - "${pkgs.bash}/bin/bash -c 'source ~/dev/dotfiles/nixos/i3/polybar/openweathermap-fullfeatured.sh'"; + exec = "${pkgs.bash}/bin/bash -c 'source ~/dev/dotfiles/nixos/i3/polybar/openweathermap-fullfeatured.sh'"; label-font = 2; }; - "module/i3" = { type = "internal/i3"; }; + "module/i3" = {type = "internal/i3";}; "module/cpu" = { type = "internal/cpu"; @@ -56,8 +59,7 @@ "module/temperature" = { type = "custom/script"; interval = 5; - exec = - "${pkgs.bash}/bin/bash -c 'source ~/dev/dotfiles/nixos/i3/polybar/cpu-temp.sh'"; + exec = "${pkgs.bash}/bin/bash -c 'source ~/dev/dotfiles/nixos/i3/polybar/cpu-temp.sh'"; }; "module/memory" = { @@ -89,8 +91,6 @@ format-discharging = ""; label-discharging = "%time%"; }; - }; }; - } diff --git a/nixos/i3/rofi.nix b/nixos/i3/rofi.nix index f14a97e0..5cc67c27 100644 --- a/nixos/i3/rofi.nix +++ b/nixos/i3/rofi.nix @@ -1,6 +1,8 @@ -{ config, pkgs, ... }: - { + config, + pkgs, + ... +}: { programs.rofi = { enable = true; font = "Berkeley Mono 16"; diff --git a/nixos/i3/xidlehook.nix b/nixos/i3/xidlehook.nix index 6880b1ba..4060c4f1 100644 --- a/nixos/i3/xidlehook.nix +++ b/nixos/i3/xidlehook.nix @@ -1,11 +1,14 @@ -{ config, pkgs, ... }: { +{ + config, + pkgs, + ... +}: { services.xidlehook = { enable = true; not-when-audio = true; not-when-fullscreen = true; environment = { - "PRIMARY_DISPLAY" = - "$(${pkgs.xorg.xrandr}/bin/xrandr | awk '/ primary/{print $1}')"; + "PRIMARY_DISPLAY" = "$(${pkgs.xorg.xrandr}/bin/xrandr | awk '/ primary/{print $1}')"; }; timers = [ { @@ -24,6 +27,5 @@ ''}"; } ]; - }; } diff --git a/nixos/kde.nix b/nixos/kde.nix index 50a7e96f..fb11b250 100644 --- a/nixos/kde.nix +++ b/nixos/kde.nix @@ -1,4 +1,8 @@ -{ config, pkgs, ... }: { +{ + config, + pkgs, + ... +}: { services.xserver = { enable = true; displayManager.sddm = { @@ -8,6 +12,5 @@ desktopManager.default = "plasma5"; desktopManager.plasma5.enable = true; }; - users.users.cyryl.packages = with pkgs; [ ]; + users.users.cyryl.packages = with pkgs; []; } - diff --git a/nixos/libvirt.nix b/nixos/libvirt.nix index dd8b7583..35b873c3 100644 --- a/nixos/libvirt.nix +++ b/nixos/libvirt.nix @@ -1,9 +1,13 @@ -{ config, pkgs, ... }: { - boot.kernelModules = [ "kvm-intel" ]; - boot.kernelParams = [ "intel_iommu=on" ]; +{ + config, + pkgs, + ... +}: { + boot.kernelModules = ["kvm-intel"]; + boot.kernelParams = ["intel_iommu=on"]; virtualisation.libvirtd.enable = true; virtualisation.kvmgt.enable = true; - users.extraUsers.cyryl.extraGroups = [ "kvm" ]; + users.extraUsers.cyryl.extraGroups = ["kvm"]; environment.systemPackages = with pkgs; [ virtmanager @@ -11,5 +15,4 @@ swtpm virt-viewer ]; - } diff --git a/nixos/mercurial/default.nix b/nixos/mercurial/default.nix index 6380cc98..21b01962 100644 --- a/nixos/mercurial/default.nix +++ b/nixos/mercurial/default.nix @@ -1,3 +1,8 @@ -{ config, pkgs, lib, ... }: { - home-manager.users.cyryl = { ... }: { imports = [ ./home.nix ]; }; +{ + config, + pkgs, + lib, + ... +}: { + home-manager.users.cyryl = {...}: {imports = [./home.nix];}; } diff --git a/nixos/mercurial/home.nix b/nixos/mercurial/home.nix index f1491f5c..ea9f0b40 100644 --- a/nixos/mercurial/home.nix +++ b/nixos/mercurial/home.nix @@ -1,4 +1,8 @@ -{ config, pkgs, ... }: { +{ + config, + pkgs, + ... +}: { programs.mercurial = { enable = true; userName = "Cyryl Płotnicki"; @@ -8,6 +12,6 @@ ui.paginate = "never"; defaults.revert = "--no-backup"; }; - aliases = { }; + aliases = {}; }; } diff --git a/nixos/packages/decsync-evolution/default.nix b/nixos/packages/decsync-evolution/default.nix index 3cef1492..8ece478d 100644 --- a/nixos/packages/decsync-evolution/default.nix +++ b/nixos/packages/decsync-evolution/default.nix @@ -1,29 +1,28 @@ -with import { }; +with import {}; + stdenv.mkDerivation rec { + name = "evolution-decsync"; + version = "1.0.1"; + src = fetchFromGitHub { + owner = "39aldo39"; + repo = "Evolution-DecSync"; + rev = "v1.0.1"; + sha256 = "0cq5cvc9ywcbwrhj5nm9azjmjwc8hxfbw3r7bjqkjd0bwfnxk3g6"; + fetchSubmodules = true; + }; -stdenv.mkDerivation rec { - name = "evolution-decsync"; - version = "1.0.1"; - src = fetchFromGitHub { - owner = "39aldo39"; - repo = "Evolution-DecSync"; - rev = "v1.0.1"; - sha256 = "0cq5cvc9ywcbwrhj5nm9azjmjwc8hxfbw3r7bjqkjd0bwfnxk3g6"; - fetchSubmodules = true; - }; - - buildInputs = [ - libgee - json-glib - gnome3.evolution-data-server - gnome3.evolution - gtk3 - webkitgtk - glib - libsecret - libsoup - ]; - nativeBuildInputs = [ meson ninja vala pkg-config ]; - configurePhase = "meson build --prefix=$out"; - buildPhase = "ninja -C build"; - installPhase = "ninja -C build install"; -} + buildInputs = [ + libgee + json-glib + gnome3.evolution-data-server + gnome3.evolution + gtk3 + webkitgtk + glib + libsecret + libsoup + ]; + nativeBuildInputs = [meson ninja vala pkg-config]; + configurePhase = "meson build --prefix=$out"; + buildPhase = "ninja -C build"; + installPhase = "ninja -C build install"; + } diff --git a/nixos/packages/etesync-dav/default.nix b/nixos/packages/etesync-dav/default.nix index 0738ea00..a82339e1 100644 --- a/nixos/packages/etesync-dav/default.nix +++ b/nixos/packages/etesync-dav/default.nix @@ -1,20 +1,16 @@ -with import { }; -let - +with import {}; let pyscrypt = python37.pkgs.buildPythonPackage rec { pname = "pyscrypt"; version = "1.6.2"; src = pythonPackages.fetchPypi { inherit pname version; - sha256 = - "bafdd195f10f7c7395f0133bad09746a68e0e6b66da202c9bdb6b1eb4abba5e9"; + sha256 = "bafdd195f10f7c7395f0133bad09746a68e0e6b66da202c9bdb6b1eb4abba5e9"; }; doCheck = false; meta = with stdenv.lib; { homepage = "https://github.com/ricmoo/pyscrypt"; license = licenses.mit; - description = - "Pure-Python Implementation of the scrypt password-based key derivation function and scrypt file format library"; + description = "Pure-Python Implementation of the scrypt password-based key derivation function and scrypt file format library"; }; }; @@ -23,11 +19,10 @@ let version = "1.0"; src = pythonPackages.fetchPypi { inherit pname version; - sha256 = - "b89895ba6438038d0bdf88020ceff876cf3eae0d5c66a69b526fab31125db2c5"; + sha256 = "b89895ba6438038d0bdf88020ceff876cf3eae0d5c66a69b526fab31125db2c5"; }; - checkInputs = [ python37Packages.pycodestyle ]; - propagatedBuildInputs = [ python37Packages.six ]; + checkInputs = [python37Packages.pycodestyle]; + propagatedBuildInputs = [python37Packages.six]; meta = with pkgs.stdenv.lib; { homepage = "https://github.com/gruns/orderedmultidict"; license = licenses.unlicense; @@ -40,11 +35,10 @@ let version = "2.0.0"; src = pythonPackages.fetchPypi { inherit pname version; - sha256 = - "fdcaedc1fb19a63d7d875b0105b0a5b496dd0989330d454a42bcb401fa5454ec"; + sha256 = "fdcaedc1fb19a63d7d875b0105b0a5b496dd0989330d454a42bcb401fa5454ec"; }; - checkInputs = [ python37Packages.flake8 ]; - propagatedBuildInputs = [ orderedmultidict python37Packages.six ]; + checkInputs = [python37Packages.flake8]; + propagatedBuildInputs = [orderedmultidict python37Packages.six]; meta = with pkgs.stdenv.lib; { homepage = "https://github.com/gruns/furl"; license = licenses.publicDomain; @@ -59,7 +53,7 @@ let inherit pname version; sha256 = "007zsdn0zv0f80wpyf8fzl446wmv7jr8a0pdp4wj1y61b14f4q0p"; }; - checkInputs = [ python37Packages.pytest ]; + checkInputs = [python37Packages.pytest]; meta = with pkgs.stdenv.lib; { homepage = "https://github.com/etesync/pyetesync"; license = licenses.lgpl3; @@ -96,8 +90,7 @@ let version = "2.1.11"; src = pythonPackages.fetchPypi { inherit pname version; - sha256 = - "02273fcc6ae10e0f74aa12652e24d0001eec8dbf467d54ddb4dfcc2af7d7a5db"; + sha256 = "02273fcc6ae10e0f74aa12652e24d0001eec8dbf467d54ddb4dfcc2af7d7a5db"; }; doCheck = false; checkInputs = [ @@ -106,8 +99,7 @@ let python37Packages.pytest-flake8 python37Packages.pytestcov ]; - propagatedBuildInputs = - [ python37Packages.dateutil python37Packages.vobject ]; + propagatedBuildInputs = [python37Packages.dateutil python37Packages.vobject]; meta = with pkgs.stdenv.lib; { homepage = "http://www.radicale.org/"; license = licenses.gpl1; @@ -144,41 +136,41 @@ let description = "An EteSync storage plugin for radicale"; }; }; - -in python37.pkgs.buildPythonPackage rec { - pname = "etesync-dav"; - version = "0.5.0"; - src = pythonPackages.fetchPypi { - inherit pname version; - sha256 = "18ykgi3gqy6p7wj7n9d88rsn0y566ypl5ixpb3v7l3f6w5fffwh1"; - }; - propagatedBuildInputs = [ - python37Packages.pytz - python37Packages.pytzdata - python37Packages.appdirs - python37Packages.asn1crypto - python37Packages.certifi - python37Packages.cffi - python37Packages.chardet - python37Packages.coverage - python37Packages.cryptography - python37Packages.idna - python37Packages.packaging - python37Packages.peewee - python37Packages.py - python37Packages.pyasn1 - python37Packages.pycparser - python37Packages.pyparsing - python37Packages.python-dateutil - python37Packages.requests - python37Packages.six - python37Packages.urllib3 - python37Packages.vobject - radicale - furl - orderedmultidict - pyscrypt - etesync - radicale-storage-etesync - ]; -} +in + python37.pkgs.buildPythonPackage rec { + pname = "etesync-dav"; + version = "0.5.0"; + src = pythonPackages.fetchPypi { + inherit pname version; + sha256 = "18ykgi3gqy6p7wj7n9d88rsn0y566ypl5ixpb3v7l3f6w5fffwh1"; + }; + propagatedBuildInputs = [ + python37Packages.pytz + python37Packages.pytzdata + python37Packages.appdirs + python37Packages.asn1crypto + python37Packages.certifi + python37Packages.cffi + python37Packages.chardet + python37Packages.coverage + python37Packages.cryptography + python37Packages.idna + python37Packages.packaging + python37Packages.peewee + python37Packages.py + python37Packages.pyasn1 + python37Packages.pycparser + python37Packages.pyparsing + python37Packages.python-dateutil + python37Packages.requests + python37Packages.six + python37Packages.urllib3 + python37Packages.vobject + radicale + furl + orderedmultidict + pyscrypt + etesync + radicale-storage-etesync + ]; + } diff --git a/nixos/quirks/thinkpad-cpu-throttling.nix b/nixos/quirks/thinkpad-cpu-throttling.nix index eddd5773..e24e7af8 100644 --- a/nixos/quirks/thinkpad-cpu-throttling.nix +++ b/nixos/quirks/thinkpad-cpu-throttling.nix @@ -1,14 +1,18 @@ -{ config, pkgs, ... }: { +{ + config, + pkgs, + ... +}: { systemd.services.cpu-throttling = { enable = true; description = "CPU Throttling Fix"; documentation = [ "https://wiki.archlinux.org/index.php/Lenovo_ThinkPad_X1_Carbon_(Gen_6)#Power_management.2FThrottling_issues" ]; - path = [ pkgs.msr-tools ]; + path = [pkgs.msr-tools]; script = "wrmsr -a 0x1a2 0x3000000"; - serviceConfig = { Type = "oneshot"; }; - wantedBy = [ "timers.target" ]; + serviceConfig = {Type = "oneshot";}; + wantedBy = ["timers.target"]; }; systemd.timers.cpu-throttling = { @@ -22,6 +26,6 @@ OnUnitActiveSec = 60; Unit = "cpu-throttling.service"; }; - wantedBy = [ "timers.target" ]; + wantedBy = ["timers.target"]; }; } diff --git a/nixos/security-kernel.nix b/nixos/security-kernel.nix index c5e8df79..02325d2f 100644 --- a/nixos/security-kernel.nix +++ b/nixos/security-kernel.nix @@ -1,45 +1,51 @@ -{ config, pkgs, ... }: { - boot.kernelPatches = [{ - name = "cyplo-hardened"; - patch = null; - extraConfig = '' - LOCKUP_DETECTOR y - HARDLOCKUP_DETECTOR y - BUG y +{ + config, + pkgs, + ... +}: { + boot.kernelPatches = [ + { + name = "cyplo-hardened"; + patch = null; + extraConfig = '' + LOCKUP_DETECTOR y + HARDLOCKUP_DETECTOR y + BUG y - SECURITY_SELINUX_DISABLE n + SECURITY_SELINUX_DISABLE n - STRICT_KERNEL_RWX y + STRICT_KERNEL_RWX y - DEBUG_CREDENTIALS y - DEBUG_NOTIFIERS y - DEBUG_SG y - SCHED_STACK_END_CHECK y + DEBUG_CREDENTIALS y + DEBUG_NOTIFIERS y + DEBUG_SG y + SCHED_STACK_END_CHECK y - SHUFFLE_PAGE_ALLOCATOR y + SHUFFLE_PAGE_ALLOCATOR y - SLUB_DEBUG y + SLUB_DEBUG y - PAGE_POISONING y - PAGE_POISONING_NO_SANITY y - PAGE_POISONING_ZERO y + PAGE_POISONING y + PAGE_POISONING_NO_SANITY y + PAGE_POISONING_ZERO y - SECURITY_SAFESETID y + SECURITY_SAFESETID y - PANIC_TIMEOUT -1 + PANIC_TIMEOUT -1 - GCC_PLUGINS y - GCC_PLUGIN_LATENT_ENTROPY y + GCC_PLUGINS y + GCC_PLUGIN_LATENT_ENTROPY y - GCC_PLUGIN_STRUCTLEAK y - GCC_PLUGIN_STRUCTLEAK_BYREF_ALL y - GCC_PLUGIN_STACKLEAK y - GCC_PLUGIN_RANDSTRUCT y - GCC_PLUGIN_RANDSTRUCT_PERFORMANCE y + GCC_PLUGIN_STRUCTLEAK y + GCC_PLUGIN_STRUCTLEAK_BYREF_ALL y + GCC_PLUGIN_STACKLEAK y + GCC_PLUGIN_RANDSTRUCT y + GCC_PLUGIN_RANDSTRUCT_PERFORMANCE y - ACPI_CUSTOM_METHOD n - PROC_KCORE n - INET_DIAG n - ''; - }]; + ACPI_CUSTOM_METHOD n + PROC_KCORE n + INET_DIAG n + ''; + } + ]; } diff --git a/nixos/security.nix b/nixos/security.nix index a71d05ba..a4540ee8 100644 --- a/nixos/security.nix +++ b/nixos/security.nix @@ -1,8 +1,13 @@ -{ config, pkgs, lib, ... }: { +{ + config, + pkgs, + lib, + ... +}: { networking.firewall.checkReversePath = "loose"; networking.firewall.enable = true; - nix.settings.allowed-users = [ "@users" ]; + nix.settings.allowed-users = ["@users"]; security.apparmor.enable = true; security.apparmor.killUnconfinedConfinables = true; @@ -16,8 +21,7 @@ generateKey = true; }; - boot.kernelParams = - [ "slub_debug=FZP" "page_poison=1" "page_alloc.shuffle=1" ]; + boot.kernelParams = ["slub_debug=FZP" "page_poison=1" "page_alloc.shuffle=1"]; boot.blacklistedKernelModules = [ # Obscure network protocols diff --git a/nixos/server-common.nix b/nixos/server-common.nix index e79ed9e5..a6f64fe8 100644 --- a/nixos/server-common.nix +++ b/nixos/server-common.nix @@ -1,4 +1,8 @@ -{ config, pkgs, ... }: { - imports = [ ./server-security.nix ./tailscale ]; +{ + config, + pkgs, + ... +}: { + imports = [./server-security.nix ./tailscale]; system.stateVersion = "22.05"; } diff --git a/nixos/server-security.nix b/nixos/server-security.nix index 66a589f7..2d9b9f5a 100644 --- a/nixos/server-security.nix +++ b/nixos/server-security.nix @@ -1,5 +1,8 @@ -{ config, pkgs, ... }: -let +{ + config, + pkgs, + ... +}: let authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEo4R+6J3h6Ix3xWpOMdU7Es1/YxFchHw0c+kcCOJxFb cyryl@foureighty" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDN/2C59i+ucvSa9FLCHlVPJp0zebLOcw0+hnBYwy0cY cyryl@skinnyv" @@ -7,7 +10,7 @@ let "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBDa2qAxpUEFeBYl2wlzDa/x37TAAy5pOBHv50OXUrV5 cyryl@thinky" ]; in { - imports = [ ./security.nix ]; + imports = [./security.nix]; security.acme.defaults.email = "admin@cyplo.dev"; security.acme.acceptTerms = true; @@ -25,5 +28,5 @@ in { openssh.authorizedKeys.keys = authorizedKeys; }; - nix.settings.trusted-users = [ "root" "nix-builder" ]; + nix.settings.trusted-users = ["root" "nix-builder"]; } diff --git a/nixos/shell-config.nix b/nixos/shell-config.nix index d19b1604..6b3e9a2f 100644 --- a/nixos/shell-config.nix +++ b/nixos/shell-config.nix @@ -1,7 +1,6 @@ { - permittedInsecurePackages = [ ]; + permittedInsecurePackages = []; packageOverrides = pkgs: { - vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; + vaapiIntel = pkgs.vaapiIntel.override {enableHybridCodec = true;}; }; } - diff --git a/nixos/sway/default.nix b/nixos/sway/default.nix index 3b658871..f61d8142 100644 --- a/nixos/sway/default.nix +++ b/nixos/sway/default.nix @@ -1,7 +1,11 @@ -{ config, pkgs, ... }: -let mod = "Mod4"; +{ + config, + pkgs, + ... +}: let + mod = "Mod4"; in { - services.dbus.packages = with pkgs; [ gnome2.GConf gnome3.dconf ]; + services.dbus.packages = with pkgs; [gnome2.GConf gnome3.dconf]; programs.dconf.enable = true; programs.qt5ct.enable = true; systemd.defaultUnit = "graphical.target"; @@ -12,10 +16,10 @@ in { fi ''; - home-manager.users.cyryl = { ... }: { + home-manager.users.cyryl = {...}: { programs.mako.enable = true; - imports = [ ./keybindings.nix ]; + imports = [./keybindings.nix]; home.sessionVariables = { XDG_CURRENT_DESKTOP = "Unity"; @@ -62,20 +66,21 @@ in { titlebar = false; border = 0; }; - bars = [{ - position = "top"; - command = "${pkgs.waybar}/bin/waybar"; - }]; + bars = [ + { + position = "top"; + command = "${pkgs.waybar}/bin/waybar"; + } + ]; startup = [ { - command = - "${pkgs.wl-clipboard}/bin/wl-paste -t text --watch ${pkgs.clipman}/bin/clipman store"; + command = "${pkgs.wl-clipboard}/bin/wl-paste -t text --watch ${pkgs.clipman}/bin/clipman store"; } - { command = "${pkgs.clipman}/bin/clipman restore"; } + {command = "${pkgs.clipman}/bin/clipman restore";} { command = '' swayidle -w timeout 300 'swaylock -f -c 000000' timeout 600 'swaymsg "output * dpms off" && systemctl suspend' resume 'swaymsg "output * dpms on"' before-sleep 'swaylock -f -c 657b83' - ''; + ''; } ]; output.eDP-1.scale = "1.7"; @@ -83,7 +88,7 @@ in { xkb_layout = "pl"; xkb_options = "caps:ctrl_modifier"; }; - input."2:7:SynPS/2_Synaptics_TouchPad" = { tap = "enabled"; }; + input."2:7:SynPS/2_Synaptics_TouchPad" = {tap = "enabled";}; }; }; }; diff --git a/nixos/sway/keybindings.nix b/nixos/sway/keybindings.nix index 11b5aa1b..62c6ada9 100644 --- a/nixos/sway/keybindings.nix +++ b/nixos/sway/keybindings.nix @@ -1,5 +1,9 @@ -{ config, pkgs, ... }: -let mod = "Mod4"; +{ + config, + pkgs, + ... +}: let + mod = "Mod4"; in { wayland.windowManager.sway.config.keybindings = { "${mod}+Shift+e" = "exit"; @@ -7,19 +11,13 @@ in { "${mod}+Shift+l" = "exec swaylock -c 657b83"; "${mod}+Return" = "exec ${pkgs.kitty}/bin/kitty"; - "XF86AudioRaiseVolume" = - "exec --no-startup-id pactl set-sink-volume @DEFAULT_SINK@ +5%"; - "XF86AudioLowerVolume" = - "exec --no-startup-id pactl set-sink-volume @DEFAULT_SINK@ -5%"; - "XF86AudioMute" = - "exec --no-startup-id pactl set-sink-mute @DEFAULT_SINK@ toggle"; - "XF86AudioMicMute" = - "exec --no-startup-id pactl set-source-mute @DEFAULT_SOURCE@ toggle"; + "XF86AudioRaiseVolume" = "exec --no-startup-id pactl set-sink-volume @DEFAULT_SINK@ +5%"; + "XF86AudioLowerVolume" = "exec --no-startup-id pactl set-sink-volume @DEFAULT_SINK@ -5%"; + "XF86AudioMute" = "exec --no-startup-id pactl set-sink-mute @DEFAULT_SINK@ toggle"; + "XF86AudioMicMute" = "exec --no-startup-id pactl set-source-mute @DEFAULT_SOURCE@ toggle"; - "XF86MonBrightnessUp" = - "exec light -s sysfs/backlight/intel_backlight -A 5"; - "XF86MonBrightnessDown" = - "exec light -s sysfs/backlight/intel_backlight -U 5"; + "XF86MonBrightnessUp" = "exec light -s sysfs/backlight/intel_backlight -A 5"; + "XF86MonBrightnessDown" = "exec light -s sysfs/backlight/intel_backlight -U 5"; "Print" = "exec ${pkgs.gnome3.gnome-screenshot}/bin/gnome-screenshot -i"; diff --git a/nixos/syncthing.nix b/nixos/syncthing.nix index 93ad5a79..1629da75 100644 --- a/nixos/syncthing.nix +++ b/nixos/syncthing.nix @@ -1,7 +1,11 @@ -{ config, pkgs, inputs, ... }: -let - workstations = [ "skinnyv" "foureighty" "thinky" ]; - workstations_plus_phone = [ "OnePlus9" ] ++ workstations; +{ + config, + pkgs, + inputs, + ... +}: let + workstations = ["skinnyv" "foureighty" "thinky"]; + workstations_plus_phone = ["OnePlus9"] ++ workstations; in { services.syncthing = { enable = true; @@ -32,13 +36,12 @@ in { "/home/cyryl/vaults" = { id = "vaults"; label = "vaults"; - devices = workstations_plus_phone ++ [ "hagath" ]; + devices = workstations_plus_phone ++ ["hagath"]; }; "/home/cyryl/documents" = { id = "documents"; label = "documents"; - devices = workstations_plus_phone ++ [ "hagath" ]; - + devices = workstations_plus_phone ++ ["hagath"]; }; "/home/cyryl/camera" = { id = "camera"; @@ -63,8 +66,7 @@ in { "/home/cyryl/photos" = { id = "photos"; label = "photos"; - devices = workstations ++ [ "hagath" ]; - + devices = workstations ++ ["hagath"]; }; "/home/cyryl/gopro" = { id = "gopro"; @@ -74,8 +76,7 @@ in { "/home/cyryl/videos" = { id = "videos"; label = "videos"; - devices = workstations ++ [ "hagath" ]; - + devices = workstations ++ ["hagath"]; }; }; extraOptions = { diff --git a/nixos/tailscale/default.nix b/nixos/tailscale/default.nix index 53a844da..94c5523f 100644 --- a/nixos/tailscale/default.nix +++ b/nixos/tailscale/default.nix @@ -1,18 +1,23 @@ -{ config, pkgs, inputs, ... }: -let - inherit (inputs.nixpkgs-nixos-unstable.legacyPackages."x86_64-linux") - tailscale; - +{ + config, + pkgs, + inputs, + ... +}: let + inherit + (inputs.nixpkgs-nixos-unstable.legacyPackages."x86_64-linux") + tailscale + ; in { - environment.systemPackages = [ tailscale ]; + environment.systemPackages = [tailscale]; services.tailscale = { enable = true; package = tailscale; }; networking.firewall = { - trustedInterfaces = [ "tailscale0" ]; - allowedUDPPorts = [ config.services.tailscale.port ]; + trustedInterfaces = ["tailscale0"]; + allowedUDPPorts = [config.services.tailscale.port]; }; sops.secrets."tailscale-key-${config.networking.hostName}" = { sopsFile = ./keys.sops.yaml; @@ -20,9 +25,9 @@ in { systemd.services.tailscale-auth = { description = "Auth with tailscale"; - after = [ "network-pre.target" "tailscale.service" ]; - wants = [ "network-pre.target" "tailscale.service" ]; - wantedBy = [ "multi-user.target" ]; + after = ["network-pre.target" "tailscale.service"]; + wants = ["network-pre.target" "tailscale.service"]; + wantedBy = ["multi-user.target"]; serviceConfig.Type = "oneshot"; @@ -34,7 +39,7 @@ in { exit 0 fi - ${tailscale}/bin/tailscale up -authkey `cat /run/secrets/tailscale-key-${config.networking.hostName}` + ${tailscale}/bin/tailscale up -authkey `cat /run/secrets/tailscale-key-${config.networking.hostName}` ''; }; } diff --git a/nixos/variables.nix b/nixos/variables.nix index a2df0102..4ae694a8 100644 --- a/nixos/variables.nix +++ b/nixos/variables.nix @@ -1,7 +1,11 @@ -{ config, lib, ... }: { +{ + config, + lib, + ... +}: { options.variables = lib.mkOption { type = lib.types.attrs; - default = { }; + default = {}; }; config._module.args.variables = config.variables; } diff --git a/nixos/virtualbox.nix b/nixos/virtualbox.nix index cded9d93..4a54f7e1 100644 --- a/nixos/virtualbox.nix +++ b/nixos/virtualbox.nix @@ -1,7 +1,11 @@ -{ config, pkgs, ... }: { +{ + config, + pkgs, + ... +}: { virtualisation.virtualbox.host = { enable = true; enableExtensionPack = true; }; - users.extraGroups.vboxusers.members = [ "cyryl" ]; + users.extraGroups.vboxusers.members = ["cyryl"]; } diff --git a/nixos/wireguard.nix b/nixos/wireguard.nix index 9097a63b..3104c3d3 100644 --- a/nixos/wireguard.nix +++ b/nixos/wireguard.nix @@ -1,4 +1,7 @@ -{ config, pkgs, ... }: { - networking.wireguard = { enable = true; }; - +{ + config, + pkgs, + ... +}: { + networking.wireguard = {enable = true;}; } diff --git a/shell.nix b/shell.nix index e7bdb49e..b847c560 100644 --- a/shell.nix +++ b/shell.nix @@ -3,12 +3,12 @@ let lock = builtins.fromJSON (builtins.readFile ./flake.lock); in - fetchTarball { - url = "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz"; - sha256 = lock.nodes.flake-compat.locked.narHash; - } + fetchTarball { + url = "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz"; + sha256 = lock.nodes.flake-compat.locked.narHash; + } ) { src = ./.; - }).shellNix - + }) +.shellNix