From d44a40605fed333b4d17e114f7bbeae50caf7947 Mon Sep 17 00:00:00 2001 From: Stefan Ellmauthaler Date: Mon, 22 Aug 2022 11:00:00 +0200 Subject: [PATCH] Format with alejandra style --- common/users.nix | 7 +- common/wireguard.nix | 16 +- default.nix | 122 ++-- flake.nix | 91 +-- lib/default.nix | 6 +- lib/files.nix | 52 +- lib/users.nix | 29 +- machines/metis/default.nix | 37 +- machines/metis/hardware-configuration.nix | 44 +- machines/nucturne/default.nix | 28 +- machines/nucturne/hardware-configuration.nix | 52 +- machines/nucturne/software.nix | 5 +- machines/stel-xps/default.nix | 11 +- machines/stel-xps/hardware-configuration.nix | 44 +- machines/stel-xps/printer.nix | 37 +- machines/stel-xps/software.nix | 5 +- modules/aspell.nix | 17 +- modules/base.nix | 9 +- modules/communication.nix | 14 +- modules/emacs/default.nix | 178 ++--- modules/emacs/packages.nix | 57 +- modules/graphical.nix | 24 +- modules/locale.nix | 9 +- modules/network-manager/default.nix | 43 +- modules/nix-index-db.nix | 42 +- modules/nix.nix | 8 +- modules/obs-studio.nix | 8 +- modules/openvpn/default.nix | 24 +- modules/python.nix | 27 +- modules/secrets.nix | 15 +- modules/server/acme.nix | 20 +- modules/server/default.nix | 15 +- modules/server/nextcloud.nix | 20 +- modules/server/nginx.nix | 18 +- modules/server/smailserver.nix | 22 +- modules/server/sql.nix | 28 +- modules/server/unbound.nix | 23 +- modules/ssh.nix | 26 +- modules/steam-run.nix | 17 +- modules/sway.nix | 14 +- modules/texlive.nix | 26 +- modules/users.nix | 267 ++++---- modules/wireguard.nix | 233 ++++--- modules/zsh.nix | 28 +- secrets/shell.nix | 29 +- templates/basic_tools/flake.nix | 32 +- templates/jupyter/flake.nix | 23 +- templates/rust/flake.nix | 56 +- users/ellmau/alacritty.nix | 6 +- users/ellmau/autorandr.nix | 16 +- users/ellmau/default.nix | 6 +- users/ellmau/dunst.nix | 15 +- users/ellmau/git.nix | 16 +- users/ellmau/gpg.nix | 8 +- users/ellmau/i3.nix | 15 +- users/ellmau/kanshi.nix | 15 +- users/ellmau/mako.nix | 19 +- users/ellmau/nextcloud.nix | 15 +- users/ellmau/polybar.nix | 673 ++++++++++--------- users/ellmau/sway.nix | 52 +- users/ellmau/waybar.nix | 25 +- users/ellmau/zsh.nix | 5 +- 62 files changed, 1553 insertions(+), 1291 deletions(-) diff --git a/common/users.nix b/common/users.nix index de46df6..b350882 100644 --- a/common/users.nix +++ b/common/users.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: with lib; { config = { elss = { diff --git a/common/wireguard.nix b/common/wireguard.nix index ea42a4e..2241e50 100644 --- a/common/wireguard.nix +++ b/common/wireguard.nix @@ -1,13 +1,17 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: with lib; { config.elss.wireguard = { - interfaces = { stelnet = { servers = { metis = { localIp = "1"; - extraIps = [ "1" "2" "142" ]; + extraIps = ["1" "2" "142"]; publicKey = "wP49t1TYXI3ucsYb8RavNGwIf+8nx5UBgDU0PM9VlnI="; endpoint = "metis.ellmauthaler.net:51820"; #TODO }; @@ -32,10 +36,10 @@ with lib; { }; prefixes = { - ipv4 = [ "192.168.244" ]; + ipv4 = ["192.168.244"]; ipv6 = { - ula = [ "fdaa:3313:9dfa:dfa3" ]; # TODO - gua = [ ]; + ula = ["fdaa:3313:9dfa:dfa3"]; # TODO + gua = []; }; serial = "2022073100"; }; diff --git a/default.nix b/default.nix index 4ed5330..24f578f 100644 --- a/default.nix +++ b/default.nix @@ -1,57 +1,75 @@ -{ flakes, flakeOutputs, ...}: -let - mkMachine = args: - let - name = if builtins.isString args then args else args.name; - system = if args ? system then args.system else "x86_64-linux"; - extraModules = if args ? extraModules then args.extraModules else [ ]; - extraOverlays = if args ? extraOverlays then args.extraOverlays else [ +{ + flakes, + flakeOutputs, + ... +}: let + mkMachine = args: let + name = + if builtins.isString args + then args + else args.name; + system = + if args ? system + then args.system + else "x86_64-linux"; + extraModules = + if args ? extraModules + then args.extraModules + else []; + extraOverlays = + if args ? extraOverlays + then args.extraOverlays + else [ overlay-unstable # overlay-comma ]; - pkgs = flakes.nixpkgs; - configuration = if args ? configuration then args.configuration else import ./baseconfiguration.nix {inherit extraOverlays system pkgs name flakes flakeOutputs;} ; - overlay-unstable = final: prev: { - unstable = import flakes.nixpkgs-unstable { - system = "${system}"; - config.allowUnfree=true; - }; - }; - - # overlay-comma = final: prev: { - # comma = flakes.comma.packages."${system}"; - # }; - in - { - inherit name; - value = pkgs.lib.nixosSystem { - inherit system; - modules = [ - configuration - { nix = { - package = pkgs.legacyPackages.${system}.nixUnstable; - nixPath= [ "nixpkgs=${pkgs}" ]; - registry.nixpkgs.flake = pkgs; - registry.nixpkgs-unstable.flake = flakes.nixpkgs-unstable; - } - ;} - ] ++ extraModules - ++ flakes.nixpkgs.lib.mapAttrsToList (_: module: module) - flakeOutputs.nixosModules; - }; + pkgs = flakes.nixpkgs; + configuration = + if args ? configuration + then args.configuration + else import ./baseconfiguration.nix {inherit extraOverlays system pkgs name flakes flakeOutputs;}; + overlay-unstable = final: prev: { + unstable = import flakes.nixpkgs-unstable { + system = "${system}"; + config.allowUnfree = true; }; + }; + # overlay-comma = final: prev: { + # comma = flakes.comma.packages."${system}"; + # }; + in { + inherit name; + value = pkgs.lib.nixosSystem { + inherit system; + modules = + [ + configuration + { + nix = { + package = pkgs.legacyPackages.${system}.nixUnstable; + nixPath = ["nixpkgs=${pkgs}"]; + registry.nixpkgs.flake = pkgs; + registry.nixpkgs-unstable.flake = flakes.nixpkgs-unstable; + }; + } + ] + ++ extraModules + ++ flakes.nixpkgs.lib.mapAttrsToList (_: module: module) + flakeOutputs.nixosModules; + }; + }; in -flakes.nixpkgs.lib.listToAttrs (map mkMachine [ - { - name = "stel-xps"; - extraModules = [ flakes.nixos-hardware.nixosModules.dell-xps-13-7390 flakes.home-manager.nixosModules.home-manager ]; - } - { - name = "nucturne"; - extraModules = [ flakes.home-manager.nixosModules.home-manager ]; - } - { - name = "ellmauthaler"; - extraModules = [ flakes.home-manager.nixosModules.home-manager flakes.simple-nixos-mailserver.nixosModule flakes.sops-nix.nixosModules.sops ]; - } -]) + flakes.nixpkgs.lib.listToAttrs (map mkMachine [ + { + name = "stel-xps"; + extraModules = [flakes.nixos-hardware.nixosModules.dell-xps-13-7390 flakes.home-manager.nixosModules.home-manager]; + } + { + name = "nucturne"; + extraModules = [flakes.home-manager.nixosModules.home-manager]; + } + { + name = "ellmauthaler"; + extraModules = [flakes.home-manager.nixosModules.home-manager flakes.simple-nixos-mailserver.nixosModule flakes.sops-nix.nixosModules.sops]; + } + ]) diff --git a/flake.nix b/flake.nix index 79cd601..da178c9 100644 --- a/flake.nix +++ b/flake.nix @@ -2,7 +2,6 @@ description = "Flake to define configurations of 'elss' - ellmauthaler stefan's systems"; inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.05"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; @@ -59,30 +58,36 @@ }; }; - outputs = { self, nixpkgs, flake-utils-plus, ... }@inputs: - let - extended-lib = nixpkgs.lib.extend - (final: prev: { - elss = (import ./lib { lib = final; }) prev; - }); - inherit (extended-lib.elss) discoverModules moduleNames discoverMachines withModules discoverTemplates; - in - flake-utils-plus.lib.mkFlake rec{ + outputs = { + self, + nixpkgs, + flake-utils-plus, + ... + } @ inputs: let + extended-lib = + nixpkgs.lib.extend + (final: prev: { + elss = (import ./lib {lib = final;}) prev; + }); + inherit (extended-lib.elss) discoverModules moduleNames discoverMachines withModules discoverTemplates; + in + flake-utils-plus.lib.mkFlake rec { inherit self inputs; - supportedSystems = [ "x86_64-linux" ]; + supportedSystems = ["x86_64-linux"]; lib = extended-lib; channelsConfig = { - allowUnfreePredicate = pkg: builtins.elem (extended-lib.getName pkg) [ - "slack" - "steam" - "steam-original" - "steam-runtime" - "skypeforlinux" - "teams" - "zoom" - ]; + allowUnfreePredicate = pkg: + builtins.elem (extended-lib.getName pkg) [ + "slack" + "steam" + "steam-original" + "steam-runtime" + "skypeforlinux" + "teams" + "zoom" + ]; }; channels.nixpkgs.overlaysBuilder = channels: [ @@ -97,39 +102,46 @@ hostDefaults = { system = "x86_64-linux"; channelName = "nixpkgs"; - modules = [ - inputs.home-manager.nixosModules.home-manager - inputs.sops-nix.nixosModules.sops - inputs.dwarffs.nixosModules.dwarffs - inputs.simple-nixos-mailserver.nixosModules.mailserver - ./common/wireguard.nix - ] ++ (map (name: ./modules + "/${name}") (moduleNames ./modules)); + modules = + [ + inputs.home-manager.nixosModules.home-manager + inputs.sops-nix.nixosModules.sops + inputs.dwarffs.nixosModules.dwarffs + inputs.simple-nixos-mailserver.nixosModules.mailserver + ./common/wireguard.nix + ] + ++ (map (name: ./modules + "/${name}") (moduleNames ./modules)); specialArgs = { nixos-hardware = inputs.nixos-hardware.nixosModules; inherit inputs; }; extraArgs = { - homeConfigurations = withModules ./users + homeConfigurations = + withModules ./users ( - { name, path }: + { + name, + path, + }: #import (./users + "/${name}") - import path + import path ); }; }; - hosts = discoverMachines ./machines + hosts = + discoverMachines ./machines { - specialArgs = { lib = extended-lib; }; + specialArgs = {lib = extended-lib;}; }; nixosModules = discoverModules ./modules; - homeConfigurations = withModules ./users - (name: - let - username = extended-lib.removeSuffix ".nix" name; - in + homeConfigurations = + withModules ./users + (name: let + username = extended-lib.removeSuffix ".nix" name; + in inputs.home-manager.lib.homeManagerConfiguration { configuration = import (./users + "/${name}"); inherit username; @@ -151,11 +163,10 @@ description = "Basic setup of tools in nixpkgs/unstable"; welcomeText = "Change into the folder and add the wanted packages to the buildInputs"; }; - + rust = { description = "Rust development environment flake"; - welcomeText = - "Change into the folder and follow the prompt to create an automatic rust environment in this folder"; + welcomeText = "Change into the folder and follow the prompt to create an automatic rust environment in this folder"; }; jupyter = { description = "Jupyter server flake"; diff --git a/lib/default.nix b/lib/default.nix index 6a88772..20637cc 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -1,6 +1,6 @@ -{ lib }: - +{lib}: (lib.composeManyExtensions [ (import ./users.nix) (import ./files.nix) -]) lib +]) +lib diff --git a/lib/files.nix b/lib/files.nix index 64ec074..b96823d 100644 --- a/lib/files.nix +++ b/lib/files.nix @@ -1,26 +1,34 @@ final: prev: - with prev; rec { - moduleNames = dir: pipe dir [ - builtins.readDir - (filterAttrs - (name: type: (!hasPrefix "." name && !hasPrefix "_" name - && (hasSuffix ".nix" name || type == "directory")))) - attrNames - ]; + moduleNames = dir: + pipe dir [ + builtins.readDir + (filterAttrs + (name: type: (!hasPrefix "." name + && !hasPrefix "_" name + && (hasSuffix ".nix" name || type == "directory")))) + attrNames + ]; withModules = dir: f: listToAttrs (map - (filename: - let - path = dir + "/${filename}"; - name = removeSuffix ".nix" filename; - in - nameValuePair name (f { inherit path name; })) + (filename: let + path = dir + "/${filename}"; + name = removeSuffix ".nix" filename; + in + nameValuePair name (f {inherit path name;})) (moduleNames dir)); - discoverModules = dir: withModules dir ({ path, name }: import path); + discoverModules = dir: + withModules dir ({ + path, + name, + }: + import path); discoverMachines = dir: args: - withModules dir ({ path, name }: - { modules = [ path ]; } // args); + withModules dir ({ + path, + name, + }: + {modules = [path];} // args); discoverTemplates = dir: overrides: pipe dir [ builtins.readDir @@ -32,11 +40,11 @@ with prev; rec { path = "${dir}/${template}"; description = "a template for ${template} projects"; } - (if hasAttr template overrides then - getAttr template overrides - else - { })))) + ( + if hasAttr template overrides + then getAttr template overrides + else {} + )))) listToAttrs ]; - } diff --git a/lib/users.nix b/lib/users.nix index c4b3f1e..50f8db3 100644 --- a/lib/users.nix +++ b/lib/users.nix @@ -1,19 +1,16 @@ -final: prev: - -{ - withConfig = config: - - let - cfg = config.elss.users; - mapAccount = f: login: prev.nameValuePair login (f login); - mapList = f: lst: builtins.listToAttrs (map (mapAccount f) lst); - in - rec { - mapUsers = f: mapList f cfg.users; - mapAdmins = f: mapList f cfg.admins; - mapAllUsers = f: (mapUsers f) // (mapAdmins f); - mapAllUsersAndRoot = f: (mapAllUsers f) // { +final: prev: { + withConfig = config: let + cfg = config.elss.users; + mapAccount = f: login: prev.nameValuePair login (f login); + mapList = f: lst: builtins.listToAttrs (map (mapAccount f) lst); + in rec { + mapUsers = f: mapList f cfg.users; + mapAdmins = f: mapList f cfg.admins; + mapAllUsers = f: (mapUsers f) // (mapAdmins f); + mapAllUsersAndRoot = f: + (mapAllUsers f) + // { root = f "root"; }; - }; + }; } diff --git a/machines/metis/default.nix b/machines/metis/default.nix index 5f92a02..86a5e9b 100644 --- a/machines/metis/default.nix +++ b/machines/metis/default.nix @@ -1,5 +1,10 @@ -{ config, pkgs, inputs, nixos-hardware, ... }: { + config, + pkgs, + inputs, + nixos-hardware, + ... +}: { imports = [ ../../common/users.nix ./hardware-configuration.nix @@ -41,12 +46,11 @@ # enable wireguard wireguard.enable = true; - # user setup users = { enable = true; - admins = [ "ellmau" ]; - users = [ ]; + admins = ["ellmau"]; + users = []; meta = { ellmau.git = { @@ -55,20 +59,24 @@ }; }; }; - fileSystems."/".options = [ "noatime" ]; + fileSystems."/".options = ["noatime"]; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; networking = { interfaces.ens3 = { - ipv4.addresses = [{ - address = "89.58.45.113"; - prefixLength = 22; - }]; - ipv6.addresses = [{ - address = "fe80::94e0:6eff:fecd:d6cb"; - prefixLength = 64; - }]; + ipv4.addresses = [ + { + address = "89.58.45.113"; + prefixLength = 22; + } + ]; + ipv6.addresses = [ + { + address = "fe80::94e0:6eff:fecd:d6cb"; + prefixLength = 64; + } + ]; }; defaultGateway = "89.58.44.1"; defaultGateway6 = { @@ -79,9 +87,8 @@ nat = { enable = true; externalInterface = "ens3"; - internalInterfaces = [ "wg-stelnet" ]; + internalInterfaces = ["wg-stelnet"]; }; - }; system.stateVersion = "22.05"; } diff --git a/machines/metis/hardware-configuration.nix b/machines/metis/hardware-configuration.nix index bfd3a32..f89c425 100644 --- a/machines/metis/hardware-configuration.nix +++ b/machines/metis/hardware-configuration.nix @@ -1,33 +1,33 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { - imports = - [ - (modulesPath + "/profiles/qemu-guest.nix") - ]; + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = []; + boot.extraModulePackages = []; - fileSystems."/" = - { - device = "/dev/disk/by-label/nixos-root"; - fsType = "xfs"; - }; + fileSystems."/" = { + device = "/dev/disk/by-label/nixos-root"; + fsType = "xfs"; + }; - fileSystems."/boot" = - { - device = "/dev/disk/by-label/BOOT"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-label/BOOT"; + fsType = "vfat"; + }; - swapDevices = - [{ device = "/dev/disk/by-label/swap"; }]; + swapDevices = [{device = "/dev/disk/by-label/swap";}]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/machines/nucturne/default.nix b/machines/nucturne/default.nix index 73c1a2e..da20b12 100644 --- a/machines/nucturne/default.nix +++ b/machines/nucturne/default.nix @@ -1,12 +1,16 @@ -{ config, pkgs, inputs, nixos-hardware, ...}: { + config, + pkgs, + inputs, + nixos-hardware, + ... +}: { imports = [ ../../common/users.nix ./hardware-configuration.nix ./software.nix ]; - elss = { # base system base.enable = true; @@ -22,7 +26,7 @@ sway.enable = true; i3.enable = false; # set dpi if used in mobile applications -# dpi = 180; + # dpi = 180; }; # enable deamon to generate nix-index-db @@ -38,12 +42,12 @@ # enable wireguard wireguard.enable = true; - + # user setup users = { enable = true; - admins = [ "ellmau" ]; - users = [ ]; + admins = ["ellmau"]; + users = []; meta = { ellmau.git = { @@ -54,15 +58,15 @@ }; boot = { - extraModulePackages = [ - config.boot.kernelPackages.v4l2loopback - ]; + extraModulePackages = [ + config.boot.kernelPackages.v4l2loopback + ]; - kernelModules = [ + kernelModules = [ "v4l2loopback" - ]; + ]; - plymouth.enable = true; + plymouth.enable = true; }; system.stateVersion = "21.05"; diff --git a/machines/nucturne/hardware-configuration.nix b/machines/nucturne/hardware-configuration.nix index 43d6e91..eb3c7cc 100644 --- a/machines/nucturne/hardware-configuration.nix +++ b/machines/nucturne/hardware-configuration.nix @@ -1,36 +1,40 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; - fileSystems."/" = - { device = "/dev/disk/by-uuid/da267a3c-34e3-4218-933f-10738ee61eb6"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/da267a3c-34e3-4218-933f-10738ee61eb6"; + fsType = "ext4"; + }; - fileSystems."/home" = - { device = "/dev/disk/by-uuid/9ebd7aff-629b-449b-83d8-6381a04eb708"; - fsType = "ext4"; - }; + fileSystems."/home" = { + device = "/dev/disk/by-uuid/9ebd7aff-629b-449b-83d8-6381a04eb708"; + fsType = "ext4"; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/DE6D-C383"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/DE6D-C383"; + fsType = "vfat"; + }; - swapDevices = - [ { device = "/dev/disk/by-uuid/0069f1fa-dd8e-4c0a-8f01-a576af29909e"; } - ]; + swapDevices = [ + {device = "/dev/disk/by-uuid/0069f1fa-dd8e-4c0a-8f01-a576af29909e";} + ]; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; # high-resolution display diff --git a/machines/nucturne/software.nix b/machines/nucturne/software.nix index b4c1a17..e3bc39f 100644 --- a/machines/nucturne/software.nix +++ b/machines/nucturne/software.nix @@ -1,5 +1,8 @@ -{ config, pkgs, ... }: { + config, + pkgs, + ... +}: { environment.systemPackages = with pkgs; [ libreoffice-fresh onlyoffice-bin diff --git a/machines/stel-xps/default.nix b/machines/stel-xps/default.nix index 5de3846..dca968b 100644 --- a/machines/stel-xps/default.nix +++ b/machines/stel-xps/default.nix @@ -1,5 +1,10 @@ -{ config, pkgs, inputs, nixos-hardware, ... }: { + config, + pkgs, + inputs, + nixos-hardware, + ... +}: { imports = [ ../../common/users.nix ./printer.nix @@ -43,8 +48,8 @@ # user setup users = { enable = true; - admins = [ "ellmau" ]; - users = [ ]; + admins = ["ellmau"]; + users = []; meta = { ellmau.git = { diff --git a/machines/stel-xps/hardware-configuration.nix b/machines/stel-xps/hardware-configuration.nix index 7bc3363..6835325 100644 --- a/machines/stel-xps/hardware-configuration.nix +++ b/machines/stel-xps/hardware-configuration.nix @@ -1,33 +1,37 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; - fileSystems."/" = - { device = "/dev/disk/by-uuid/6b7f9f80-af34-4317-b017-f883a2316674"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/6b7f9f80-af34-4317-b017-f883a2316674"; + fsType = "ext4"; + }; boot.initrd.luks.devices."crypted".device = "/dev/disk/by-uuid/9c84f143-023d-4fcb-a49c-ca78ce69e0e0"; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/39E0-047B"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/39E0-047B"; + fsType = "vfat"; + }; - swapDevices = - [ { device = "/dev/disk/by-uuid/93381a25-6704-408e-b091-cfda6cddbda0"; } - ]; + swapDevices = [ + {device = "/dev/disk/by-uuid/93381a25-6704-408e-b091-cfda6cddbda0";} + ]; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; # high-resolution display diff --git a/machines/stel-xps/printer.nix b/machines/stel-xps/printer.nix index 2c7cc6d..aad30bf 100644 --- a/machines/stel-xps/printer.nix +++ b/machines/stel-xps/printer.nix @@ -1,29 +1,32 @@ -{ config, pkgs, ...}: - -let +{ + config, + pkgs, + ... +}: let ppd-local = pkgs.stdenv.mkDerivation rec { pname = "local-ppds"; version = "2021-07-04"; src = ./ppds; - phases = [ "unpackPhase" "installPhase" ]; + phases = ["unpackPhase" "installPhase"]; installPhase = '' - mkdir -p $out/share/cups/model/ - cp -R Ricoh $out/share/cups/model - ''; + mkdir -p $out/share/cups/model/ + cp -R Ricoh $out/share/cups/model + ''; }; -in -{ - services.printing.drivers = with pkgs; [ - foomatic-filters - gutenprint - hplip - ] ++ [ - ppd-local - ]; - +in { + services.printing.drivers = with pkgs; + [ + foomatic-filters + gutenprint + hplip + ] + ++ [ + ppd-local + ]; + hardware.printers.ensurePrinters = [ { name = "hpm605"; diff --git a/machines/stel-xps/software.nix b/machines/stel-xps/software.nix index be0ebc8..ae005c0 100644 --- a/machines/stel-xps/software.nix +++ b/machines/stel-xps/software.nix @@ -1,5 +1,8 @@ -{ config, pkgs, ... }: { + config, + pkgs, + ... +}: { environment.systemPackages = with pkgs; [ brightnessctl libreoffice-fresh diff --git a/modules/aspell.nix b/modules/aspell.nix index 63d2e05..54e5dec 100644 --- a/modules/aspell.nix +++ b/modules/aspell.nix @@ -1,6 +1,9 @@ -{ config, pkgs, lib, ... }: - -let +{ + config, + pkgs, + lib, + ... +}: let aspellConf = '' data-dir /run/current-system/sw/lib/aspell dict-dir /run/current-system/sw/lib/aspell @@ -8,12 +11,12 @@ let extra-dicts en-computers.rws add-extra-dicts en_GB-science.rws ''; -in -{ +in { options.elss.programs.aspell.enable = lib.mkEnableOption "setup aspell"; config = lib.mkIf config.elss.programs.aspell.enable { - environment.systemPackages = [ pkgs.aspell ] - ++ (with pkgs.aspellDicts; [ de en sv en-computers en-science ]); + environment.systemPackages = + [pkgs.aspell] + ++ (with pkgs.aspellDicts; [de en sv en-computers en-science]); }; } diff --git a/modules/base.nix b/modules/base.nix index 1c44966..8abf5f0 100644 --- a/modules/base.nix +++ b/modules/base.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: with lib; { options.elss = { base.enable = mkEnableOption "Set the base configuration for the system"; @@ -14,7 +19,7 @@ with lib; { services = { dbus = { enable = true; - packages = with pkgs; [ dconf ]; + packages = with pkgs; [dconf]; }; }; diff --git a/modules/communication.nix b/modules/communication.nix index 89c4eb4..0162021 100644 --- a/modules/communication.nix +++ b/modules/communication.nix @@ -1,11 +1,15 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: with lib; { options.elss.programs.communication.enable = mkEnableOption "enable the basic graphical communication tools"; - config = - let - cfg = config.elss.programs.communication; - in + config = let + cfg = config.elss.programs.communication; + in mkIf cfg.enable { # elss.graphical.enable = true; environment.systemPackages = with pkgs; [ diff --git a/modules/emacs/default.nix b/modules/emacs/default.nix index 990a74c..3412ffa 100644 --- a/modules/emacs/default.nix +++ b/modules/emacs/default.nix @@ -1,97 +1,105 @@ -{ config, lib, pkgs, ... }: -with lib; -let +{ + config, + lib, + pkgs, + ... +}: +with lib; let defaultEl = ./default.el; - environment.systemPackages = [ pkgs.gdb ]; # use gdb for dap-mode + environment.systemPackages = [pkgs.gdb]; # use gdb for dap-mode - defaultConfig = pkgs.runCommand "default.el" { } '' - mkdir -p $out/share/emacs/site-lisp - cp ${defaultEl} $out/share/emacs/site-lisp/default.el + defaultConfig = pkgs.runCommand "default.el" {} '' + mkdir -p $out/share/emacs/site-lisp + cp ${defaultEl} $out/share/emacs/site-lisp/default.el ''; - emacsPackage = (pkgs.emacsPackagesFor pkgs.emacs).emacsWithPackages - (epkgs: - let - lpkgs = import ./packages.nix { - inherit config lib pkgs epkgs; - }; - in + emacsPackage = + (pkgs.emacsPackagesFor pkgs.emacs).emacsWithPackages + (epkgs: let + lpkgs = import ./packages.nix { + inherit config lib pkgs epkgs; + }; + in #[ (defaultConfig lpkgs) ] ++ (with pkgs; [ # aspell # emacs-all-the-icons-fonts # gnupg # nixpkgs-fmt #]) - [(defaultConfig)] ++ - [(with epkgs.elpaPackages; [ - auctex - org - flymake - ])] - ++ (with epkgs.melpaStablePackages; [ ]) ++ (with epkgs.melpaPackages; [ - ac-helm - academic-phrases - add-hooks - alert - all-the-icons - all-the-icons-dired - beacon - bln-mode - cargo-mode - company - company-auctex - company-bibtex - company-flx - company-quickhelp - company-reftex - cov - dap-mode - diminish - direnv - dockerfile-mode - docker-compose-mode - flycheck - free-keys - highlight-indentation - helm - #helm-bbdb - helm-company - helm-flx - helm-descbinds - helm-lsp - helm-projectile - helm-rg - json-mode - less-css-mode - lsp-mode - lsp-ui - magit - moe-theme - multiple-cursors - nix-mode - nixpkgs-fmt - org-bullets - org-roam - #org-roam-server - pasp-mode - pdf-tools - projectile - projectile-ripgrep - rustic - spacemacs-theme - solarized-theme - sparql-mode - sudo-edit - use-package - #vscode-dark-plus-theme - yaml-mode - yasnippet - #zenburn-theme - ] ++ (with lpkgs; [ - org-roam-ui - ligatures - ]))); -in -{ + [defaultConfig] + ++ [ + (with epkgs.elpaPackages; [ + auctex + org + flymake + ]) + ] + ++ (with epkgs.melpaStablePackages; []) + ++ (with epkgs.melpaPackages; + [ + ac-helm + academic-phrases + add-hooks + alert + all-the-icons + all-the-icons-dired + beacon + bln-mode + cargo-mode + company + company-auctex + company-bibtex + company-flx + company-quickhelp + company-reftex + cov + dap-mode + diminish + direnv + dockerfile-mode + docker-compose-mode + flycheck + free-keys + highlight-indentation + helm + #helm-bbdb + helm-company + helm-flx + helm-descbinds + helm-lsp + helm-projectile + helm-rg + json-mode + less-css-mode + lsp-mode + lsp-ui + magit + moe-theme + multiple-cursors + nix-mode + nixpkgs-fmt + org-bullets + org-roam + #org-roam-server + pasp-mode + pdf-tools + projectile + projectile-ripgrep + rustic + spacemacs-theme + solarized-theme + sparql-mode + sudo-edit + use-package + #vscode-dark-plus-theme + yaml-mode + yasnippet + #zenburn-theme + ] + ++ (with lpkgs; [ + org-roam-ui + ligatures + ]))); +in { options.elss.programs.emacs.enable = mkEnableOption "Setup emacs package and install it"; config = mkIf config.elss.programs.emacs.enable { services.emacs = { diff --git a/modules/emacs/packages.nix b/modules/emacs/packages.nix index cbb6946..c5827af 100644 --- a/modules/emacs/packages.nix +++ b/modules/emacs/packages.nix @@ -1,30 +1,35 @@ -{ config, lib, pkgs, epkgs, ...}: -let +{ + config, + lib, + pkgs, + epkgs, + ... +}: let in -with epkgs; rec{ - org-roam-ui = trivialBuild{ - pname = "org-roam-ui"; - version = "2021-10-06"; - src = pkgs.fetchFromGitHub { - owner = "org-roam"; - repo = "org-roam-ui"; - rev = "bae6487afd5e6eec9f04b38b235bbac24042ca62"; - sha256 = "14dbdvxf1l0dwbhc0ap3wr3ffafy4cxmwc9b7gm0gzzmcxvszisc"; + with epkgs; rec { + org-roam-ui = trivialBuild { + pname = "org-roam-ui"; + version = "2021-10-06"; + src = pkgs.fetchFromGitHub { + owner = "org-roam"; + repo = "org-roam-ui"; + rev = "bae6487afd5e6eec9f04b38b235bbac24042ca62"; + sha256 = "14dbdvxf1l0dwbhc0ap3wr3ffafy4cxmwc9b7gm0gzzmcxvszisc"; + }; + packageRequires = [f websocket org-roam simple-httpd]; + postInstall = '' + cp -r out $out/share/emacs/site-lisp + ''; }; - packageRequires = [ f websocket org-roam simple-httpd ]; - postInstall = '' - cp -r out $out/share/emacs/site-lisp - ''; - }; - ligatures = trivialBuild { - pname = "ligatures"; - version = "unstable-2021-08-27"; - src = pkgs.fetchFromGitHub { - owner = "mickeynp"; - repo = "ligature.el"; - rev = "d3426509cc5436a12484d91e48abd7b62429b7ef"; - sha256 = "baFDkfQLM2MYW2QhMpPnOMSfsLlcp9fO5xfyioZzOqg="; + ligatures = trivialBuild { + pname = "ligatures"; + version = "unstable-2021-08-27"; + src = pkgs.fetchFromGitHub { + owner = "mickeynp"; + repo = "ligature.el"; + rev = "d3426509cc5436a12484d91e48abd7b62429b7ef"; + sha256 = "baFDkfQLM2MYW2QhMpPnOMSfsLlcp9fO5xfyioZzOqg="; + }; }; - }; -} + } diff --git a/modules/graphical.nix b/modules/graphical.nix index 3114128..b22da85 100644 --- a/modules/graphical.nix +++ b/modules/graphical.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: with lib; { options.elss.graphical = { enable = mkEnableOption "configure graphical layer"; @@ -18,14 +23,16 @@ with lib; { }; i3.enable = mkEnableOption "enable i3"; }; - config = - let - cfg = config.elss.graphical; - #cursorsize = if config.variables.hostName == "nucturne" then 14 else 16; - #xserverDPI = if config.variables.hostName == "stel-xps" then 180 else null; - in + config = let + cfg = config.elss.graphical; + #cursorsize = if config.variables.hostName == "nucturne" then 14 else 16; + #xserverDPI = if config.variables.hostName == "stel-xps" then 180 else null; + in mkIf cfg.enable { - elss.users.x11.enable = if cfg.i3.enable then true else false; + elss.users.x11.enable = + if cfg.i3.enable + then true + else false; elss.networking.useNetworkManager = true; services = { @@ -77,6 +84,5 @@ with lib; { libsecret arandr ]; - }; } diff --git a/modules/locale.nix b/modules/locale.nix index 3599f2b..895bfaf 100644 --- a/modules/locale.nix +++ b/modules/locale.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ...}: +{ + config, + pkgs, + lib, + ... +}: with lib; { options.elss.locale.enable = mkEnableOption "setup default locale and font-handling"; @@ -21,7 +26,7 @@ with lib; { noto-fonts-extra roboto roboto-mono - (nerdfonts.override { fonts = [ "Hasklig" ]; }) + (nerdfonts.override {fonts = ["Hasklig"];}) material-icons weather-icons xits-math diff --git a/modules/network-manager/default.nix b/modules/network-manager/default.nix index ae208be..e16a5e8 100644 --- a/modules/network-manager/default.nix +++ b/modules/network-manager/default.nix @@ -1,27 +1,30 @@ -{ config, pkgs, lib, ...}: +{ + config, + pkgs, + lib, + ... +}: with lib; { options.elss.networking.useNetworkManager = mkEnableOption "enable networkmanager"; - config = - let - connections = [ - "tartaros" - "eduroam" - ]; + config = let + connections = [ + "tartaros" + "eduroam" + ]; - mkSopsSecrets = connection: { - "${connection}" = { - sopsFile = ../../secrets/networks.yaml; - path = "/run/NetworkManager/system-connections/${connection}.nmconnection"; - }; + mkSopsSecrets = connection: { + "${connection}" = { + sopsFile = ../../secrets/networks.yaml; + path = "/run/NetworkManager/system-connections/${connection}.nmconnection"; + }; + }; + in + mkIf config.elss.networking.useNetworkManager { + networking.networkmanager = { + enable = true; }; - in - mkIf config.elss.networking.useNetworkManager { - networking.networkmanager = { - enable = true; - }; - sops.secrets = mkMerge (map mkSopsSecrets connections); - }; + sops.secrets = mkMerge (map mkSopsSecrets connections); + }; } - diff --git a/modules/nix-index-db.nix b/modules/nix-index-db.nix index 80f23eb..3eb2846 100644 --- a/modules/nix-index-db.nix +++ b/modules/nix-index-db.nix @@ -1,22 +1,25 @@ -{ config, pkgs, lib, ... }: - +{ + config, + pkgs, + lib, + ... +}: with lib; { options.elss.nix-index-db-update.enable = mkEnableOption "periodically update the nix-index database"; - config = - let - cfg = config.elss.nix-index-db-update; - nix-index-db-update = pkgs.writeShellScript "nix-index-db-update" '' - set -euo pipefail + config = let + cfg = config.elss.nix-index-db-update; + nix-index-db-update = pkgs.writeShellScript "nix-index-db-update" '' + set -euo pipefail - filename="index-x86_64-$(${pkgs.coreutils}/bin/uname | ${pkgs.coreutils}/bin/tr A-Z a-z)" - cd /var/db/nix-index/ - ${pkgs.wget}/bin/wget -q -N https://github.com/Mic92/nix-index-database/releases/latest/download/$filename - ${pkgs.coreutils}/bin/ln -f $filename files - ''; - inherit (lib.elss.withConfig config) mapAllUsers; - in + filename="index-x86_64-$(${pkgs.coreutils}/bin/uname | ${pkgs.coreutils}/bin/tr A-Z a-z)" + cd /var/db/nix-index/ + ${pkgs.wget}/bin/wget -q -N https://github.com/Mic92/nix-index-database/releases/latest/download/$filename + ${pkgs.coreutils}/bin/ln -f $filename files + ''; + inherit (lib.elss.withConfig config) mapAllUsers; + in mkIf cfg.enable { systemd = { services.nix-index-db-update = { @@ -44,14 +47,13 @@ with lib; { Persistent = true; }; - wantedBy = [ "timers.target" ]; + wantedBy = ["timers.target"]; }; }; - home-manager.users = mapAllUsers (_: - { config, ... }: { - home.file.".cache/nix-index".source = - config.lib.file.mkOutOfStoreSymlink "/var/db/nix-index/"; - }); + home-manager.users = mapAllUsers (_: {config, ...}: { + home.file.".cache/nix-index".source = + config.lib.file.mkOutOfStoreSymlink "/var/db/nix-index/"; + }); }; } diff --git a/modules/nix.nix b/modules/nix.nix index 160d549..2c0a434 100644 --- a/modules/nix.nix +++ b/modules/nix.nix @@ -1,6 +1,8 @@ -{ pkgs, config, ... }: - { + pkgs, + config, + ... +}: { config = { nix = { useSandbox = true; @@ -10,7 +12,7 @@ linkInputs = true; autoOptimiseStore = true; - trustedUsers = [ "root" ] ++ config.elss.users.admins; + trustedUsers = ["root"] ++ config.elss.users.admins; # Enable flakes # Free up to 50 GiB whenever there is less than 10 GiB left. diff --git a/modules/obs-studio.nix b/modules/obs-studio.nix index 028691b..1877c42 100644 --- a/modules/obs-studio.nix +++ b/modules/obs-studio.nix @@ -1,6 +1,10 @@ -{ config, pkgs, lib, ...}: -with lib; { + config, + pkgs, + lib, + ... +}: +with lib; { options.elss.programs.obsstudio.enable = mkEnableOption "install obs-studio"; config = mkIf config.elss.programs.obsstudio.enable { environment.systemPackages = with pkgs; [ diff --git a/modules/openvpn/default.nix b/modules/openvpn/default.nix index 77e47fb..908747a 100644 --- a/modules/openvpn/default.nix +++ b/modules/openvpn/default.nix @@ -1,14 +1,18 @@ -{ config, lib, pkgs, ...}: +{ + config, + lib, + pkgs, + ... +}: with lib; { options.elss.openvpn.enable = mkEnableOption "Setup TUD openvpn"; - config = - let - cfg = config.elss.openvpn; - in - mkIf cfg.enable { - services.openvpn.servers.TUD = { - config = "config config/TUD.ovpn"; - autoStart = false; - }; + config = let + cfg = config.elss.openvpn; + in + mkIf cfg.enable { + services.openvpn.servers.TUD = { + config = "config config/TUD.ovpn"; + autoStart = false; }; + }; } diff --git a/modules/python.nix b/modules/python.nix index 68c9f3c..398b4f1 100644 --- a/modules/python.nix +++ b/modules/python.nix @@ -1,16 +1,21 @@ -{ config, lib, pkgs, ... }: -with pkgs; with lib; -let - my-python-packages = python-packages: with python-packages; [ - pandas - requests - # other python packages you want - ]; - python-with-my-packages = python3.withPackages my-python-packages; -in { + config, + lib, + pkgs, + ... +}: +with pkgs; +with lib; let + my-python-packages = python-packages: + with python-packages; [ + pandas + requests + # other python packages you want + ]; + python-with-my-packages = python3.withPackages my-python-packages; +in { options.elss.programs.python.enable = mkEnableOption "install python 3"; config = mkIf config.elss.programs.python.enable { - environment.systemPackages = [ python-with-my-packages ]; + environment.systemPackages = [python-with-my-packages]; }; } diff --git a/modules/secrets.nix b/modules/secrets.nix index 3985ecb..da3d8a6 100644 --- a/modules/secrets.nix +++ b/modules/secrets.nix @@ -1,16 +1,19 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: with lib; { options.elss.sops.enable = mkEnableOption "Use sops config"; - config = - let - cfg = config.elss.sops; - in + config = let + cfg = config.elss.sops; + in mkIf cfg.enable { sops = { defaultSopsFile = ../secrets/secrets.yaml; secrets.example_key.format = "yaml"; - }; }; } diff --git a/modules/server/acme.nix b/modules/server/acme.nix index 167af6e..e993e5e 100644 --- a/modules/server/acme.nix +++ b/modules/server/acme.nix @@ -1,15 +1,17 @@ -{ config, lib, pkgs, ... }: -with lib;{ - config = - let - cfg = config.elss.server; - staging = config.elss.server.acme.staging; - in +{ + config, + lib, + pkgs, + ... +}: +with lib; { + config = let + cfg = config.elss.server; + staging = config.elss.server.acme.staging; + in mkIf cfg.enable { security.acme = { defaults = { - - server = mkIf staging "https://acme-staging-v02.api.letsencrypt.org/directory"; email = "stefan.ellmauthaler@gmail.com"; # Do not use ellmauthaler.net as the mail server will be covered by acme }; diff --git a/modules/server/default.nix b/modules/server/default.nix index d4c348a..b079b55 100644 --- a/modules/server/default.nix +++ b/modules/server/default.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: with lib; { options.elss.server = { acme.staging = mkEnableOption "Whether to use the staging or the default server for acme"; @@ -8,7 +13,6 @@ with lib; { nextcloud.enable = mkEnableOption "Set up nextcloud"; smailserver.enable = mkEnableOption "Set up simple mail server"; unbound.enable = mkEnableOption "Set unbound dns up"; - }; imports = [ @@ -20,10 +24,9 @@ with lib; { ./unbound.nix ]; - config = - let - cfg = config.elss.server; - in + config = let + cfg = config.elss.server; + in mkIf cfg.enable { elss.server = { nginx.enable = mkDefault true; diff --git a/modules/server/nextcloud.nix b/modules/server/nextcloud.nix index 904ff64..108fbdd 100644 --- a/modules/server/nextcloud.nix +++ b/modules/server/nextcloud.nix @@ -1,9 +1,13 @@ -{ config, pkgs, lib, ... }: -with lib;{ - config = - let - cfg = config.elss.server.nextcloud; - in +{ + config, + pkgs, + lib, + ... +}: +with lib; { + config = let + cfg = config.elss.server.nextcloud; + in mkIf cfg.enable { elss.server.sql.enable = mkDefault true; services.nextcloud = { @@ -27,8 +31,8 @@ with lib;{ }; systemd.services."nextcloud-setup" = { - requires = [ "postgresql.service" ]; - after = [ "postrgresql.service" ]; + requires = ["postgresql.service"]; + after = ["postrgresql.service"]; }; sops.secrets = { storemin = { diff --git a/modules/server/nginx.nix b/modules/server/nginx.nix index ae745d9..2d9e711 100644 --- a/modules/server/nginx.nix +++ b/modules/server/nginx.nix @@ -1,12 +1,16 @@ -{ config, lib, pkgs, ... }: -with lib;{ - config = - let - cfg = config.elss.server.nginx; - in +{ + config, + lib, + pkgs, + ... +}: +with lib; { + config = let + cfg = config.elss.server.nginx; + in mkIf cfg.enable { services.nginx.enable = true; - networking.firewall.allowedTCPPorts = [ 80 443 ]; + networking.firewall.allowedTCPPorts = [80 443]; services.nginx.virtualHosts."localhost" = { addSSL = false; enableACME = false; diff --git a/modules/server/smailserver.nix b/modules/server/smailserver.nix index 7fb2c45..33bfc07 100644 --- a/modules/server/smailserver.nix +++ b/modules/server/smailserver.nix @@ -1,25 +1,29 @@ -{ config, pkgs, lib, ... }: -with lib;{ - config = - let - cfg = config.elss.server.smailserver; - in +{ + config, + pkgs, + lib, + ... +}: +with lib; { + config = let + cfg = config.elss.server.smailserver; + in mkIf cfg.enable { mailserver = { enable = true; fqdn = "mail.ellmauthaler.net"; sendingFqdn = "ellmauthaler.net"; - domains = [ "ellmauthaler.net" ]; + domains = ["ellmauthaler.net"]; loginAccounts = { "ellmau@ellmauthaler.net" = { - aliases = [ "stefan@ellmauthaler.net" "postmaster@ellmauthaler.net" "abuse@ellmauthaler.net" ]; + aliases = ["stefan@ellmauthaler.net" "postmaster@ellmauthaler.net" "abuse@ellmauthaler.net"]; hashedPasswordFile = config.sops.secrets.ellmauMail.path; }; }; localDnsResolver = false; - + # use ACME certificateScheme = 3; }; diff --git a/modules/server/sql.nix b/modules/server/sql.nix index b78526f..abea98e 100644 --- a/modules/server/sql.nix +++ b/modules/server/sql.nix @@ -1,18 +1,24 @@ -{ config, pkgs, lib, ... }: -with lib;{ - config = - let - cfg = config.elss.server.sql; - in +{ + config, + pkgs, + lib, + ... +}: +with lib; { + config = let + cfg = config.elss.server.sql; + in mkIf cfg.enable { services.postgresql = { enable = true; package = pkgs.postgresql_14; - ensureDatabases = [ "nextcloud" ]; - ensureUsers = [{ - name = "nextcloud"; - ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES"; - }]; + ensureDatabases = ["nextcloud"]; + ensureUsers = [ + { + name = "nextcloud"; + ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES"; + } + ]; }; }; } diff --git a/modules/server/unbound.nix b/modules/server/unbound.nix index a57cb27..8b17c72 100644 --- a/modules/server/unbound.nix +++ b/modules/server/unbound.nix @@ -1,16 +1,20 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: with lib; { - config = - let - cfg = config.elss.server.unbound; - in + config = let + cfg = config.elss.server.unbound; + in mkIf cfg.enable { services = { resolved = { enable = true; dnssec = "true"; llmnr = "true"; - fallbackDns = [ "127.0.0.1" "::1" ]; + fallbackDns = ["127.0.0.1" "::1"]; extraConfig = '' DNS = 127.0.0.1 ::1 Domains = ~. @@ -18,13 +22,12 @@ with lib; { }; unbound = { enable = true; - settings.server.interface = [ "127.0.0.0" "::1" ]; - settings.server.access-control = [ "192.168.244.0/24 allow" "fdaa:3313:9dfa:dfa3::/64 allow" ]; + settings.server.interface = ["127.0.0.0" "::1"]; + settings.server.access-control = ["192.168.244.0/24 allow" "fdaa:3313:9dfa:dfa3::/64 allow"]; }; - }; networking = { - nameservers = [ "127.0.0.1" "::1"]; + nameservers = ["127.0.0.1" "::1"]; resolvconf.useLocalResolver = true; }; }; diff --git a/modules/ssh.nix b/modules/ssh.nix index 85899ed..a9ba863 100644 --- a/modules/ssh.nix +++ b/modules/ssh.nix @@ -1,16 +1,20 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: with lib; { options.elss.sshd.enable = mkEnableOption "Set up sshd"; - config = - let - cfg = config.elss.sshd; - in - mkIf cfg.enable { - services.openssh = { - enable = true; - passwordAuthentication = false; - permitRootLogin = "no"; - }; + config = let + cfg = config.elss.sshd; + in + mkIf cfg.enable { + services.openssh = { + enable = true; + passwordAuthentication = false; + permitRootLogin = "no"; }; + }; } diff --git a/modules/steam-run.nix b/modules/steam-run.nix index 499b0f6..a60fbb4 100644 --- a/modules/steam-run.nix +++ b/modules/steam-run.nix @@ -1,15 +1,18 @@ -{ config, lib, pkgs, ... }: - +{ + config, + lib, + pkgs, + ... +}: with lib; { options.elss.steam-run.enable = mkEnableOption "configure steam-run to support unpatched binaries"; - config = - let - cfg = config.elss.steam-run; - in + config = let + cfg = config.elss.steam-run; + in mkIf cfg.enable { environment.systemPackages = [ - (pkgs.unstable.steam.override { withJava = true; }).run + (pkgs.unstable.steam.override {withJava = true;}).run ]; }; } diff --git a/modules/sway.nix b/modules/sway.nix index 91e5825..2d091b7 100644 --- a/modules/sway.nix +++ b/modules/sway.nix @@ -1,10 +1,14 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: with lib; { options.elss.graphical.sway.enable = mkEnableOption "Use sway"; - config = - let - cfg = config.elss.graphical.sway; - in + config = let + cfg = config.elss.graphical.sway; + in mkIf cfg.enable { services.pipewire = { enable = true; diff --git a/modules/texlive.nix b/modules/texlive.nix index 6a67e59..b54fcd5 100644 --- a/modules/texlive.nix +++ b/modules/texlive.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: with lib; { options.elss.texlive = { enable = mkEnableOption "configure texlife on the system"; @@ -8,17 +13,16 @@ with lib; { default = pkgs.texlive.combined.scheme-full; description = '' This option specifies which texlive package shall be installed - ''; + ''; }; }; - config = - let - cfg = config.elss.texlive; - in - mkIf cfg.enable { - environment.systemPackages = [ - cfg.package - ]; - }; + config = let + cfg = config.elss.texlive; + in + mkIf cfg.enable { + environment.systemPackages = [ + cfg.package + ]; + }; } diff --git a/modules/users.nix b/modules/users.nix index e95766d..04f4754 100644 --- a/modules/users.nix +++ b/modules/users.nix @@ -1,5 +1,10 @@ -{ config, pkgs, lib, homeConfigurations, ... }: - +{ + config, + pkgs, + lib, + homeConfigurations, + ... +}: with lib; { options.elss.users = { enable = mkEnableOption "elss specific user configuration"; @@ -15,14 +20,16 @@ with lib; { type = types.listOf types.str; }; meta = mkOption { - type = types.attrsOf + type = + types.attrsOf (types.submodule { options = { description = mkOption { type = types.str; description = "full name of the user"; }; - hashedPassword = mkOption + hashedPassword = + mkOption { type = types.str; default = null; @@ -38,146 +45,142 @@ with lib; { }; git = mkOption { type = types.submodule { - options = { - key = mkOption { - type = types.str; - example = "0xBEEE1234"; - default = "C804A9C1B7AF8256"; - description = "Signkey for git commits"; - }; - gpgsm = mkOption { - type = types.bool; - default = false; - description = "Whether to use gpgsm for commit signatures"; - }; - signDefault = mkOption { - type = types.bool; - default = false; - description = "Whether to force signing commits or not"; - }; + options = { + key = mkOption { + type = types.str; + example = "0xBEEE1234"; + default = "C804A9C1B7AF8256"; + description = "Signkey for git commits"; + }; + gpgsm = mkOption { + type = types.bool; + default = false; + description = "Whether to use gpgsm for commit signatures"; + }; + signDefault = mkOption { + type = types.bool; + default = false; + description = "Whether to force signing commits or not"; }; }; + }; }; }; }); }; }; - config = - let - cfg = config.elss.users; - inherit (elss.withConfig config) mapAdmins mapUsers mapAllUsersAndRoot mapAllUsers; + config = let + cfg = config.elss.users; + inherit (elss.withConfig config) mapAdmins mapUsers mapAllUsersAndRoot mapAllUsers; - getMeta = login: - builtins.getAttr login cfg.meta; - mkAdmin = login: - mkMerge [ - (mkUser login) - { - extraGroups = [ "wheel" ]; - inherit (getMeta login) hashedPassword; - } - ]; - mkUser = login: - let meta = getMeta login; - in + getMeta = login: + builtins.getAttr login cfg.meta; + mkAdmin = login: + mkMerge [ + (mkUser login) { - inherit (meta) description; - isNormalUser = true; - home = "/home/${login}"; - extraGroups = [ ]; - openssh.authorizedKeys.keys = meta.publicKeys; - }; + extraGroups = ["wheel"]; + inherit (getMeta login) hashedPassword; + } + ]; + mkUser = login: let + meta = getMeta login; + in { + inherit (meta) description; + isNormalUser = true; + home = "/home/${login}"; + extraGroups = []; + openssh.authorizedKeys.keys = meta.publicKeys; + }; - mkGitUser = login: - let meta = getMeta login; - in - { - programs.git = { - userEmail = meta.mailAddress; - userName = meta.description; - extraConfig = { - gpg = lib.mkIf meta.git.gpgsm { - format = "x509"; - program = "${pkgs.gnupg}/bin/gpgsm"; - }; - user = { - signingKey = meta.git.key; - }; - commit = { - gpgsign = meta.git.signDefault; - }; - }; + mkGitUser = login: let + meta = getMeta login; + in { + programs.git = { + userEmail = meta.mailAddress; + userName = meta.description; + extraConfig = { + gpg = lib.mkIf meta.git.gpgsm { + format = "x509"; + program = "${pkgs.gnupg}/bin/gpgsm"; + }; + user = { + signingKey = meta.git.key; + }; + commit = { + gpgsign = meta.git.signDefault; }; }; - - mkX11User = login: - let meta = getMeta login; - in - mkIf (cfg.x11.enable) - { - xsession = { - numlock.enable = true; - profileExtra = '' - if [ $(hostname) = 'stel-xps' ]; then - brightnessctl s 50% - fi - ''; - }; - home.file.".background-image".source = ../common/wallpaper/nix-wallpaper-nineish-dark-gray.png; - - services = { - blueman-applet.enable = true; - network-manager-applet.enable = true; - dunst.enable = true; - }; - }; - - in - mkIf (cfg.enable) - { - assertions = - let - cfg = config.elss.users; - in - [ - { - assertion = mutuallyExclusive cfg.users cfg.admins; - message = "elss.users.users and elss.users.admins are mutually exclusive"; - } - { - assertion = all (hash: hash != "") - (catAttrs "hashedPassword" (attrVals cfg.admins cfg.meta)); - message = "No admin without password"; - } - { - assertion = length (cfg.admins) > 0; - message = "One admin needed at least"; - } - ]; - - users = { - mutableUsers = false; - users = - mkMerge [ - (mapAdmins mkAdmin) - (mapUsers mkUser) - ]; - }; - home-manager = { - useUserPackages = true; - useGlobalPkgs = true; - users = - mkMerge [ - (mapAllUsers mkX11User) - (mapAllUsers mkGitUser) - (mapAllUsersAndRoot (login: - mkMerge [ - { config.home.stateVersion = mkDefault "21.11"; } - (if homeConfigurations ? "${login}" then homeConfigurations."${login}" else { }) - ])) - ]; - }; - }; + }; + + mkX11User = login: let + meta = getMeta login; + in + mkIf (cfg.x11.enable) + { + xsession = { + numlock.enable = true; + profileExtra = '' + if [ $(hostname) = 'stel-xps' ]; then + brightnessctl s 50% + fi + ''; + }; + home.file.".background-image".source = ../common/wallpaper/nix-wallpaper-nineish-dark-gray.png; + + services = { + blueman-applet.enable = true; + network-manager-applet.enable = true; + dunst.enable = true; + }; + }; + in + mkIf (cfg.enable) + { + assertions = let + cfg = config.elss.users; + in [ + { + assertion = mutuallyExclusive cfg.users cfg.admins; + message = "elss.users.users and elss.users.admins are mutually exclusive"; + } + { + assertion = + all (hash: hash != "") + (catAttrs "hashedPassword" (attrVals cfg.admins cfg.meta)); + message = "No admin without password"; + } + { + assertion = length (cfg.admins) > 0; + message = "One admin needed at least"; + } + ]; + + users = { + mutableUsers = false; + users = mkMerge [ + (mapAdmins mkAdmin) + (mapUsers mkUser) + ]; + }; + home-manager = { + useUserPackages = true; + useGlobalPkgs = true; + users = mkMerge [ + (mapAllUsers mkX11User) + (mapAllUsers mkGitUser) + (mapAllUsersAndRoot (login: + mkMerge [ + {config.home.stateVersion = mkDefault "21.11";} + ( + if homeConfigurations ? "${login}" + then homeConfigurations."${login}" + else {} + ) + ])) + ]; + }; + }; } diff --git a/modules/wireguard.nix b/modules/wireguard.nix index 875baed..94879a9 100644 --- a/modules/wireguard.nix +++ b/modules/wireguard.nix @@ -1,11 +1,14 @@ -{ config, lib, pkgs, ... }: - { + config, + lib, + pkgs, + ... +}: { options.elss.wireguard = with lib; { enable = mkEnableOption "wireguard overlay network"; interfaces = mkOption { - default = { }; + default = {}; type = types.attrsOf (types.submodule { options = { servers = mkOption { @@ -18,7 +21,7 @@ extraIps = mkOption { type = types.listOf types.str; - default = [ ]; + default = []; description = "extra IPs to add to allowedIPs"; }; @@ -63,7 +66,7 @@ additionalAllowedIps = mkOption { type = types.listOf types.str; description = "Additional IPs to add to allowedIPs "; - default = [ ]; + default = []; }; }; }); @@ -78,14 +81,12 @@ ipv6 = { ula = mkOption { type = types.listOf types.str; - description = - "IPv6 prefixes to use for ULA wireguard addressing"; + description = "IPv6 prefixes to use for ULA wireguard addressing"; }; gua = mkOption { type = types.listOf types.str; - description = - "IPv6 prefixes to use for GUA wireguard addressing"; + description = "IPv6 prefixes to use for GUA wireguard addressing"; }; }; @@ -99,119 +100,130 @@ }; }; - config = - let - cfg = config.elss; - hostName = config.system.name; - secretsFile = ../machines - + builtins.toPath "/${hostName}/secrets/wireguard.yaml"; - takeNonEmpty = lib.filter (interface: interface != ""); - testInterface = predicate: - lib.mapAttrsToList - (interface: value: if (predicate interface value) then interface else "") - cfg.wireguard.interfaces; - onlyInterfaces = predicate: takeNonEmpty (testInterface predicate); - peerInterfaces = - onlyInterfaces (interface: value: builtins.hasAttr hostName value.peers); - serverInterfaces = onlyInterfaces - (interface: value: builtins.hasAttr hostName value.servers); - interfaces = serverInterfaces ++ peerInterfaces; + config = let + cfg = config.elss; + hostName = config.system.name; + secretsFile = + ../machines + + builtins.toPath "/${hostName}/secrets/wireguard.yaml"; + takeNonEmpty = lib.filter (interface: interface != ""); + testInterface = predicate: + lib.mapAttrsToList + (interface: value: + if (predicate interface value) + then interface + else "") + cfg.wireguard.interfaces; + onlyInterfaces = predicate: takeNonEmpty (testInterface predicate); + peerInterfaces = + onlyInterfaces (interface: value: builtins.hasAttr hostName value.peers); + serverInterfaces = + onlyInterfaces + (interface: value: builtins.hasAttr hostName value.servers); + interfaces = serverInterfaces ++ peerInterfaces; - mkAddresses = prefixes: localIp: - (map (prefix: "${prefix}.${localIp}/32") prefixes.ipv4) - ++ (map (prefix: "${prefix}::${localIp}/128") prefixes.ipv6.ula) - ++ (map (prefix: "${prefix}::${localIp}/128") prefixes.ipv6.gua); + mkAddresses = prefixes: localIp: + (map (prefix: "${prefix}.${localIp}/32") prefixes.ipv4) + ++ (map (prefix: "${prefix}::${localIp}/128") prefixes.ipv6.ula) + ++ (map (prefix: "${prefix}::${localIp}/128") prefixes.ipv6.gua); - mkServerAddresses = prefixes: serverIp: - (map (prefix: "${prefix}.${serverIp}") prefixes.ipv4) - ++ (map (prefix: "${prefix}::${serverIp}") prefixes.ipv6.ula) - ++ (map (prefix: "${prefix}::${serverIp}") prefixes.ipv6.gua); + mkServerAddresses = prefixes: serverIp: + (map (prefix: "${prefix}.${serverIp}") prefixes.ipv4) + ++ (map (prefix: "${prefix}::${serverIp}") prefixes.ipv6.ula) + ++ (map (prefix: "${prefix}::${serverIp}") prefixes.ipv6.gua); - mkInterfaceName = interface: "wg-${interface}"; + mkInterfaceName = interface: "wg-${interface}"; - mkServerPeer = prefixes: peer: { - allowedIPs = mkAddresses prefixes peer.localIp; - inherit (peer) publicKey; - }; + mkServerPeer = prefixes: peer: { + allowedIPs = mkAddresses prefixes peer.localIp; + inherit (peer) publicKey; + }; - mkPeerPeer = prefixes: peers: peer: { - allowedIPs = (mkAddresses prefixes peer.localIp) - ++ (lib.concatMap (mkAddresses prefixes) peer.extraIps) ++ (if lib.hasAttr hostName peers then peers.${hostName}.additionalAllowedIps else [ ]); - persistentKeepalive = 25; - inherit (peer) publicKey endpoint; - }; + mkPeerPeer = prefixes: peers: peer: { + allowedIPs = + (mkAddresses prefixes peer.localIp) + ++ (lib.concatMap (mkAddresses prefixes) peer.extraIps) + ++ ( + if lib.hasAttr hostName peers + then peers.${hostName}.additionalAllowedIps + else [] + ); + persistentKeepalive = 25; + inherit (peer) publicKey endpoint; + }; - mkPostSetup = name: prefixes: servers: - let - ifName = mkInterfaceName name; - serverIps = name: server: mkServerAddresses prefixes server.localIp; - dnsServers = lib.concatLists (lib.mapAttrsToList serverIps servers); - in - - lib.concatStrings ([ + mkPostSetup = name: prefixes: servers: let + ifName = mkInterfaceName name; + serverIps = name: server: mkServerAddresses prefixes server.localIp; + dnsServers = lib.concatLists (lib.mapAttrsToList serverIps servers); + in + lib.concatStrings ([ '' ${pkgs.systemd}/bin/resolvectl domain ${ifName} ${name}.${config.elss.dns.wgZone} ${pkgs.systemd}/bin/resolvectl default-route ${ifName} true '' - ] ++ (map + ] + ++ (map (ip: '' ${pkgs.systemd}/bin/resolvectl dns ${ifName} ${ip} '') dnsServers)); - mkInterfaceConfig = hostName: interface: value: - let - isServer = builtins.hasAttr hostName value.servers; - isPeer = builtins.hasAttr hostName value.peers; - myConfig = - if isServer then - value.servers."${hostName}" - else - value.peers."${hostName}"; - in - assert lib.asserts.assertMsg - ((isServer || isPeer) && !(isServer && isPeer)) - "host must be either server or peer"; - lib.nameValuePair (mkInterfaceName interface) ({ - privateKeyFile = config.sops.secrets."wireguard-${interface}".path; - ips = mkAddresses value.prefixes myConfig.localIp; - inherit (myConfig) listenPort; - } // (if isServer then { - peers = lib.mapAttrsToList (_: mkServerPeer value.prefixes) value.peers; - } else if isPeer then { - peers = lib.mapAttrsToList (_: mkPeerPeer value.prefixes value.peers) value.servers; - postSetup = mkPostSetup interface value.prefixes value.servers; - } else - { })); - - mkInterfaceSecret = interface: { - "wireguard-${interface}" = { sopsFile = secretsFile; }; - }; - - mkListenPorts = hostName: interface: value: - if builtins.hasAttr hostName value.servers then - value.servers."${hostName}".listenPort - else if builtins.hasAttr hostName value.peers then - value.peers."${hostName}".listenPort - else - -1; - - mkSysctl = hostName: interface: [ - { - name = "net.ipv4.conf.${mkInterfaceName interface}.forwarding"; - value = "1"; - } - { - name = "net.ipv6.conf.${mkInterfaceName interface}.forwarding"; - value = "1"; - } - { - name = "net.ipv6.conf.all.forwarding"; - value = "1"; - } - ]; - + mkInterfaceConfig = hostName: interface: value: let + isServer = builtins.hasAttr hostName value.servers; + isPeer = builtins.hasAttr hostName value.peers; + myConfig = + if isServer + then value.servers."${hostName}" + else value.peers."${hostName}"; in + assert lib.asserts.assertMsg + ((isServer || isPeer) && !(isServer && isPeer)) + "host must be either server or peer"; + lib.nameValuePair (mkInterfaceName interface) ({ + privateKeyFile = config.sops.secrets."wireguard-${interface}".path; + ips = mkAddresses value.prefixes myConfig.localIp; + inherit (myConfig) listenPort; + } + // ( + if isServer + then { + peers = lib.mapAttrsToList (_: mkServerPeer value.prefixes) value.peers; + } + else if isPeer + then { + peers = lib.mapAttrsToList (_: mkPeerPeer value.prefixes value.peers) value.servers; + postSetup = mkPostSetup interface value.prefixes value.servers; + } + else {} + )); + + mkInterfaceSecret = interface: { + "wireguard-${interface}" = {sopsFile = secretsFile;}; + }; + + mkListenPorts = hostName: interface: value: + if builtins.hasAttr hostName value.servers + then value.servers."${hostName}".listenPort + else if builtins.hasAttr hostName value.peers + then value.peers."${hostName}".listenPort + else -1; + + mkSysctl = hostName: interface: [ + { + name = "net.ipv4.conf.${mkInterfaceName interface}.forwarding"; + value = "1"; + } + { + name = "net.ipv6.conf.${mkInterfaceName interface}.forwarding"; + value = "1"; + } + { + name = "net.ipv6.conf.all.forwarding"; + value = "1"; + } + ]; + in lib.mkIf cfg.wireguard.enable { networking = { wireguard.interfaces = @@ -221,15 +233,15 @@ # (lib.mapAttrsToList (mkListenPorts hostName) cfg.wireguard.interfaces); allowedUDPPorts = lib.filter (port: port > 0) (map (interface: - lib.attrByPath [ interface "servers" hostName "listenPort" ] (-1) - cfg.wireguard.interfaces) + lib.attrByPath [interface "servers" hostName "listenPort"] (-1) + cfg.wireguard.interfaces) serverInterfaces); trustedInterfaces = map mkInterfaceName interfaces; }; interfaces = lib.listToAttrs (map (interface: { name = mkInterfaceName interface; - value = { mtu = 1300; }; + value = {mtu = 1300;}; }) interfaces); }; @@ -239,11 +251,10 @@ systemd.services = lib.listToAttrs (map (interface: { name = "wireguard-${mkInterfaceName interface}"; - value = { serviceConfig.Restart = "on-failure"; }; + value = {serviceConfig.Restart = "on-failure";}; }) interfaces); - boot.kernel.sysctl = builtins.listToAttrs (lib.concatMap (mkSysctl hostName) serverInterfaces); diff --git a/modules/zsh.nix b/modules/zsh.nix index 97fcc31..d501fd8 100644 --- a/modules/zsh.nix +++ b/modules/zsh.nix @@ -1,15 +1,19 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: with lib; { options.elss.zsh.enable = mkEnableOption "Setup systemwide zsh"; - config = - let - inherit (elss.withConfig config) mapAllUsers; - cfg = config.elss.zsh; - in + config = let + inherit (elss.withConfig config) mapAllUsers; + cfg = config.elss.zsh; + in mkIf cfg.enable { environment = { - shells = [ pkgs.zsh ]; - pathsToLink = [ "/share/zsh/" ]; + shells = [pkgs.zsh]; + pathsToLink = ["/share/zsh/"]; sessionVariables = rec { XDG_CACHE_HOME = "\${HOME}/.cache"; XDG_CONFIG_HOME = "\${HOME}/.config"; @@ -29,10 +33,10 @@ with lib; { autosuggestions.enable = true; syntaxHighlighting = { enable = true; - highlighters = [ "main" "brackets" "root" "line" ]; + highlighters = ["main" "brackets" "root" "line"]; #styles = { cursor = "standout,underline"; }; }; - setOptions = [ "auto_pushd" "correct" "nocaseglob" "rcexpandparam" "numericglobsort" "nobeep" "appendhistory" ]; + setOptions = ["auto_pushd" "correct" "nocaseglob" "rcexpandparam" "numericglobsort" "nobeep" "appendhistory"]; shellInit = '' if [[ $TERM == "dumb" ]]; then @@ -58,8 +62,8 @@ with lib; { }; }; - users.users = mapAllUsers (_: { shell = pkgs.zsh; } - + users.users = mapAllUsers ( + _: {shell = pkgs.zsh;} ); }; } diff --git a/secrets/shell.nix b/secrets/shell.nix index 3922b5b..937e073 100644 --- a/secrets/shell.nix +++ b/secrets/shell.nix @@ -1,20 +1,19 @@ -{ pkgs ? import { } -, sops-nix ? pkgs.callPackage { } -, ... -}: - -let +{ + pkgs ? import {}, + sops-nix ? pkgs.callPackage {}, + ... +}: let sops-rekey = pkgs.writeShellScriptBin "sops-rekey" '' ${pkgs.findutils}/bin/find . -wholename '*/secrets/*.yaml' -exec ${pkgs.sops}/bin/sops updatekeys {} \; ''; in -pkgs.mkShell { - sopsPGPKeyDirs = [ ./keys/users ./keys/hosts ]; + pkgs.mkShell { + sopsPGPKeyDirs = [./keys/users ./keys/hosts]; - nativeBuildInputs = [ - sops-nix.sops-import-keys-hook - sops-nix.ssh-to-pgp - sops-rekey - pkgs.wireguard-tools - ]; -} + nativeBuildInputs = [ + sops-nix.sops-import-keys-hook + sops-nix.ssh-to-pgp + sops-rekey + pkgs.wireguard-tools + ]; + } diff --git a/templates/basic_tools/flake.nix b/templates/basic_tools/flake.nix index 5e64afb..f08136b 100644 --- a/templates/basic_tools/flake.nix +++ b/templates/basic_tools/flake.nix @@ -8,24 +8,30 @@ flake-utils-plus.url = "github:gytis-ivaskevicius/flake-utils-plus"; }; - outputs = { self, nixpkgs, nixpkgs-unstable, flake-utils, flake-utils-plus, ... }@inputs: - { } // (flake-utils.lib.eachDefaultSystem (system: - let + outputs = { + self, + nixpkgs, + nixpkgs-unstable, + flake-utils, + flake-utils-plus, + ... + } @ inputs: + {} + // (flake-utils.lib.eachDefaultSystem ( + system: let unstable = import nixpkgs-unstable { inherit system; }; pkgs = import nixpkgs { inherit system; }; - in - rec { - devShell = - pkgs.mkShell { - buildInputs = [ - # add packages here, like - # pkgs.clingo - ]; - }; - } + in rec { + devShell = pkgs.mkShell { + buildInputs = [ + # add packages here, like + # pkgs.clingo + ]; + }; + } )); } diff --git a/templates/jupyter/flake.nix b/templates/jupyter/flake.nix index 8234ce1..9d6ad5f 100644 --- a/templates/jupyter/flake.nix +++ b/templates/jupyter/flake.nix @@ -2,36 +2,41 @@ description = "JupyterLab Flake"; inputs = { - jupyterWith.url = "github:tweag/jupyterWith"; - flake-utils.url = "github:numtide/flake-utils"; + jupyterWith.url = "github:tweag/jupyterWith"; + flake-utils.url = "github:numtide/flake-utils"; }; - outputs = { self, nixpkgs, jupyterWith, flake-utils }: - flake-utils.lib.eachSystem [ "x86_64-linux" "x86_64-darwin" ] (system: - let + outputs = { + self, + nixpkgs, + jupyterWith, + flake-utils, + }: + flake-utils.lib.eachSystem ["x86_64-linux" "x86_64-darwin"] ( + system: let pkgs = import nixpkgs { system = system; overlays = nixpkgs.lib.attrValues jupyterWith.overlays; }; prince = pkgs.python3Packages.buildPythonPackage rec { name = "prince"; - src = pkgs.fetchFromGitHub{ + src = pkgs.fetchFromGitHub { owner = "MaxHalford"; repo = "prince"; rev = "bd5b29fafe853579c9d41e954caa4504d585665d"; sha256 = "X7gpHvy2cfIKMrfSGLZxmJsytLbe/VZd27VsYIyEoTI="; }; - propagatedBuildInputs = with pkgs.python3Packages; [ matplotlib pandas numpy scipy scikit-learn ]; + propagatedBuildInputs = with pkgs.python3Packages; [matplotlib pandas numpy scipy scikit-learn]; dontCheck = true; dontUseSetuptoolsCheck = true; }; iPython = pkgs.kernels.iPythonWith { name = "Python-env"; - packages = p: with p; [ sympy numpy pandas prince ]; + packages = p: with p; [sympy numpy pandas prince]; ignoreCollisions = true; }; jupyterEnvironment = pkgs.jupyterlabWith { - kernels = [ iPython ]; + kernels = [iPython]; }; in rec { apps.jupterlab = { diff --git a/templates/rust/flake.nix b/templates/rust/flake.nix index 08193db..b696d59 100644 --- a/templates/rust/flake.nix +++ b/templates/rust/flake.nix @@ -18,36 +18,42 @@ }; }; - outputs = { self, nixpkgs, nixpkgs-unstable, flake-utils, gitignoresrc, rust-overlay, ... }@inputs: + outputs = { + self, + nixpkgs, + nixpkgs-unstable, + flake-utils, + gitignoresrc, + rust-overlay, + ... + } @ inputs: { #overlay = import ./nix { inherit gitignoresrc; }; - } // (flake-utils.lib.eachDefaultSystem (system: - let - unstable = import nixpkgs-unstable { inherit system; }; + } + // (flake-utils.lib.eachDefaultSystem ( + system: let + unstable = import nixpkgs-unstable {inherit system;}; pkgs = import nixpkgs { inherit system; - overlays = [ (import rust-overlay)]; + overlays = [(import rust-overlay)]; + }; + in rec { + devShell = pkgs.mkShell { + RUST_LOG = "debug"; + RUST_BACKTRACE = 1; + buildInputs = [ + pkgs.rust-bin.stable.latest.rustfmt + pkgs.rust-bin.stable.latest.default + pkgs.rust-analyzer + pkgs.cargo-audit + pkgs.cargo-license + pkgs.cargo-tarpaulin + pkgs.cargo-kcov + pkgs.valgrind + pkgs.gnuplot + pkgs.kcov + ]; }; - in - rec { - devShell = - pkgs.mkShell { - RUST_LOG = "debug"; - RUST_BACKTRACE = 1; - buildInputs = [ - pkgs.rust-bin.stable.latest.rustfmt - pkgs.rust-bin.stable.latest.default - pkgs.rust-analyzer - pkgs.cargo-audit - pkgs.cargo-license - pkgs.cargo-tarpaulin - pkgs.cargo-kcov - pkgs.valgrind - pkgs.gnuplot - pkgs.kcov - ]; - }; } )); } - diff --git a/users/ellmau/alacritty.nix b/users/ellmau/alacritty.nix index 6d185b6..9dc14d8 100644 --- a/users/ellmau/alacritty.nix +++ b/users/ellmau/alacritty.nix @@ -1,5 +1,9 @@ -{ config, lib, pkgs, ... }: { + config, + lib, + pkgs, + ... +}: { programs.alacritty = { enable = true; settings = { diff --git a/users/ellmau/autorandr.nix b/users/ellmau/autorandr.nix index 4b927df..cdda657 100644 --- a/users/ellmau/autorandr.nix +++ b/users/ellmau/autorandr.nix @@ -1,11 +1,15 @@ -{ config, pkgs, lib, nixosConfig, ... }: +{ + config, + pkgs, + lib, + nixosConfig, + ... +}: with lib; { - config = - let - cfg = nixosConfig.elss.graphical.i3; - in + config = let + cfg = nixosConfig.elss.graphical.i3; + in mkIf cfg.enable { - programs.autorandr = { enable = true; profiles = { diff --git a/users/ellmau/default.nix b/users/ellmau/default.nix index 15af483..7f9bf2d 100644 --- a/users/ellmau/default.nix +++ b/users/ellmau/default.nix @@ -1,5 +1,9 @@ -{ config, lib, pkgs, ... }: { + config, + lib, + pkgs, + ... +}: { imports = [ ./alacritty.nix ./autorandr.nix diff --git a/users/ellmau/dunst.nix b/users/ellmau/dunst.nix index 2b0da4e..d12f103 100644 --- a/users/ellmau/dunst.nix +++ b/users/ellmau/dunst.nix @@ -1,9 +1,14 @@ -{ config, pkgs, lib, nixosConfig, ... }: +{ + config, + pkgs, + lib, + nixosConfig, + ... +}: with lib; { - config = - let - cfg = nixosConfig.elss.graphical.i3; - in + config = let + cfg = nixosConfig.elss.graphical.i3; + in mkIf cfg.enable { services.dunst = { iconTheme = { diff --git a/users/ellmau/git.nix b/users/ellmau/git.nix index 91b0ab0..e97833e 100644 --- a/users/ellmau/git.nix +++ b/users/ellmau/git.nix @@ -1,14 +1,18 @@ -{ config, pkgs, lib, ...}: { - programs= { + config, + pkgs, + lib, + ... +}: { + programs = { git = { enable = true; package = pkgs.gitAndTools.gitFull; extraConfig = { - core = { editor = "emacsclient"; }; - init = { defaultBranch = "main";}; - branch = { autosetuprebase = "always";}; - safe.directory = [ "/etc/nixos" ]; + core = {editor = "emacsclient";}; + init = {defaultBranch = "main";}; + branch = {autosetuprebase = "always";}; + safe.directory = ["/etc/nixos"]; }; lfs.enable = true; }; diff --git a/users/ellmau/gpg.nix b/users/ellmau/gpg.nix index 81c6c8e..e085598 100644 --- a/users/ellmau/gpg.nix +++ b/users/ellmau/gpg.nix @@ -1,5 +1,9 @@ -{ config, pkgs, lib, ...}: { + config, + pkgs, + lib, + ... +}: { home.file = { ".gnupg/gpgsm.conf".text = '' keyserver ldap.pca.dfn.de::::o=DFN-Verein,c=DE @@ -10,7 +14,5 @@ ".gnupg/chain.txt".source = ./conf/gpgsm/chain.txt; }; - - programs.gpg.enable = true; } diff --git a/users/ellmau/i3.nix b/users/ellmau/i3.nix index 8be6422..f653b65 100644 --- a/users/ellmau/i3.nix +++ b/users/ellmau/i3.nix @@ -1,9 +1,14 @@ -{ config, pkgs, lib, nixosConfig, ... }: +{ + config, + pkgs, + lib, + nixosConfig, + ... +}: with lib; { - config = - let - cfg = nixosConfig.elss.graphical; - in + config = let + cfg = nixosConfig.elss.graphical; + in mkIf cfg.enable { xdg = { configFile."i3" = { diff --git a/users/ellmau/kanshi.nix b/users/ellmau/kanshi.nix index 0059bf5..e6319d6 100644 --- a/users/ellmau/kanshi.nix +++ b/users/ellmau/kanshi.nix @@ -1,9 +1,14 @@ -{ config, pkgs, lib, nixosConfig, ... }: +{ + config, + pkgs, + lib, + nixosConfig, + ... +}: with lib; { - config = - let - cfg = nixosConfig.elss.graphical.sway; - in + config = let + cfg = nixosConfig.elss.graphical.sway; + in mkIf cfg.enable { services.kanshi = { enable = true; diff --git a/users/ellmau/mako.nix b/users/ellmau/mako.nix index 435cc14..d4024aa 100644 --- a/users/ellmau/mako.nix +++ b/users/ellmau/mako.nix @@ -1,20 +1,23 @@ -{ config, pkgs, lib, nixosConfig, ... }: +{ + config, + pkgs, + lib, + nixosConfig, + ... +}: with lib; { - config = - let - cfg = nixosConfig.elss.graphical.sway; - in + config = let + cfg = nixosConfig.elss.graphical.sway; + in mkIf cfg.enable { - programs.mako = { enable = true; iconPath = "${pkgs.numix-icon-theme}"; font = "Hasklug Nerd Font 10"; defaultTimeout = 8000; # ignoreTimeout = true; - }; - home.packages = [ pkgs.numix-icon-theme ]; + home.packages = [pkgs.numix-icon-theme]; }; } diff --git a/users/ellmau/nextcloud.nix b/users/ellmau/nextcloud.nix index e2271c1..6663ae0 100644 --- a/users/ellmau/nextcloud.nix +++ b/users/ellmau/nextcloud.nix @@ -1,9 +1,14 @@ -{ config, pkgs, lib, nixosConfig, ... }: +{ + config, + pkgs, + lib, + nixosConfig, + ... +}: with lib; { - config = - let - cfg = nixosConfig.elss.graphical; - in + config = let + cfg = nixosConfig.elss.graphical; + in mkIf cfg.enable { services.nextcloud-client = { enable = true; diff --git a/users/ellmau/polybar.nix b/users/ellmau/polybar.nix index f7fddb7..65f801f 100644 --- a/users/ellmau/polybar.nix +++ b/users/ellmau/polybar.nix @@ -1,353 +1,354 @@ -{ config, pkgs, lib, nixosConfig, ... }: +{ + config, + pkgs, + lib, + nixosConfig, + ... +}: with lib; { - config = - let - cfg = nixosConfig.elss.graphical.i3; - in + config = let + cfg = nixosConfig.elss.graphical.i3; + in mkIf cfg.enable { services.polybar = { enable = true; package = pkgs.polybarFull; - settings = - let - # solarized theme colours ~ https://en.wikipedia.org/wiki/Solarized + settings = let + # solarized theme colours ~ https://en.wikipedia.org/wiki/Solarized + #content tones + Base01 = "#586e75"; + Base00 = "#657b83"; + Base0 = "#839496"; + Base1 = "#93a1a1"; + # background tones + Base2 = "#eee8d5"; + Base3 = "#fdf6e3"; + # accent tones + Yellow = "#b58900"; + Orange = "#cb4b16"; + Red = "#dc322f"; + Magenta = "#d33682"; + Violet = "#6c71c4"; + Blue = "#268bd2"; + Cyan = "#2aa198"; + Green = "#859900"; - #content tones - Base01 = "#586e75"; - Base00 = "#657b83"; - Base0 = "#839496"; - Base1 = "#93a1a1"; - # background tones - Base2 = "#eee8d5"; - Base3 = "#fdf6e3"; - # accent tones - Yellow = "#b58900"; - Orange = "#cb4b16"; - Red = "#dc322f"; - Magenta = "#d33682"; - Violet = "#6c71c4"; - Blue = "#268bd2"; - Cyan = "#2aa198"; - Green = "#859900"; + foreground_col = Base3; + background_col = Base01; - foreground_col = Base3; - background_col = Base01; + # old bg/fg stuff + #foreground_col = "#eee8d5"; + #background_col = "#6c71c4"; + foreground_altcol = "#66deff"; + primary_col = "#ffb52a"; + secondary_col = "#e60053"; + alert_col = "#dc322f"; - # old bg/fg stuff - #foreground_col = "#eee8d5"; - #background_col = "#6c71c4"; - foreground_altcol = "#66deff"; - primary_col = "#ffb52a"; - secondary_col = "#e60053"; - alert_col = "#dc322f"; + dpi = '' + ''${env:DPI:0} + ''; - dpi = '' - ''${env:DPI:0} + #polyheight = 60; + + fonts = [ + "Hasklig:style=Regular" + "all-the-icons:style=Regular" + "Webdings:style=Regular" + "Noto Emoji:scale=10" + "Unifont:style=Regular" + "Material Icons:size=12;0" + "Weather Icons:size=12;0" + "Hasklug Nerd Font,Hasklig Medium:style=Medium,Regular" + ]; + in { + "bar/main" = { + font = fonts; + modules = { + left = "i3 xwindow"; + center = ""; + right = " xbacklight xkeyboard eth wlan battery date powermenu dunst volume "; + }; + + background = background_col; + foreground = foreground_col; + + monitor = '' + ''${env:MONITOR:} ''; + width = "100%"; + #height = polyheight; + padding = 0; + padding-right = 2; + radius = 14; + module-margin = 1; + line-size = 2; - #polyheight = 60; + dpi-x = dpi; + dpi-y = dpi; - fonts = [ - "Hasklig:style=Regular" - "all-the-icons:style=Regular" - "Webdings:style=Regular" - "Noto Emoji:scale=10" - "Unifont:style=Regular" - "Material Icons:size=12;0" - "Weather Icons:size=12;0" - "Hasklug Nerd Font,Hasklig Medium:style=Medium,Regular" - ]; - in - { - "bar/main" = { - font = fonts; - modules = { - left = "i3 xwindow"; - center = ""; - right = " xbacklight xkeyboard eth wlan battery date powermenu dunst volume "; - }; - - background = background_col; - foreground = foreground_col; - - monitor = '' - ''${env:MONITOR:} - ''; - width = "100%"; - #height = polyheight; - padding = 0; - padding-right = 2; - radius = 14; - module-margin = 1; - line-size = 2; - - dpi-x = dpi; - dpi-y = dpi; - - tray = { - position = "right"; - padding = 2; - background = Base2; - }; - }; - "bar/aux" = { - font = fonts; - modules = { - left = "i3"; - center = ""; - right = " xbacklight xkeyboard eth wlan battery date powermenu volume "; - }; - - background = background_col; - foreground = foreground_col; - - monitor = '' - ''${env:MONITOR:} - ''; - width = "100%"; - #height = polyheight; - radius = 14; - module-margin = 1; - line-size = 2; - - dpi-x = dpi; - dpi-y = dpi; - }; - - "module/volume" = { - type = "internal/pulseaudio"; - format.volume = " "; - label.muted.text = "🔇"; - label.muted.foreground = "#666"; - ramp.volume = [ "🔈" "🔉" "🔊" ]; - click.right = "${pkgs.pavucontrol}/bin/pavucontrol &"; - # format-volume-underline = Base2; - # format-muted-underline = Base2; - }; - "module/i3" = { - type = "internal/i3"; - format = " "; - index-sort = "true"; - wrapping-scroll = "false"; - - #; Only show workspaces on the same output as the bar - pin-workspaces = "true"; - - label-mode-padding = "2"; - label-mode-foreground = "#000"; - label-mode-background = primary_col; - - #; focused = Active workspace on focused monitor - label-focused = "%name%"; - #;label-focused-background = ${colors.background-alt} - #;label-focused-background = #9f78e1 - label-focused-background = foreground_col; - label-focused-underline = foreground_col; - label-focused-foreground = background_col; - label-focused-padding = "2"; - - #; unfocused = Inactive workspace on any monitor - label-unfocused = "%name%"; - label-unfocused-padding = "2"; - label-unfocused-underline = foreground_col; - - #; visible = Active workspace on unfocused monitor - label-visible = "%name%"; - label-visible-background = Violet; - label-visible-underline = Yellow; - label-visible-padding = 2; - - #; urgent = Workspace with urgency hint set - label-urgent = "%name%"; - label-urgent-background = alert_col; - label-urgent-foreground = primary_col; - label-urgent-padding = "2"; - - #; Separator in between workspaces - #; label-separator = | - }; - "module/xkeyboard" = { - type = "internal/xkeyboard"; - blacklist-0 = "num lock"; - interval = "5"; - - format-prefix = ''""''; - format-prefix-foreground = foreground_altcol; - format-prefix-underline = secondary_col; - - label-layout = "%layout%"; - label-layout-underline = secondary_col; - - label-indicator-padding = "2"; - label-indicator-margin = "1"; - label-indicator-background = secondary_col; - label-indicator-underline = secondary_col; - }; - "module/wlan" = { - type = "internal/network"; - interface = "wlp0s20f3"; - interval = "3.0"; - - format-connected = " "; - format-connected-underline = "#9f78e1"; - label-connected = "%essid%"; - - ramp-signal-0 = ''"0.0"''; - ramp-signal-1 = ''"0.5"''; - ramp-signal-2 = ''"1.0"''; - ramp-signal-3 = ''"1.0"''; - ramp-signal-4 = ''"1.0"''; - - format-disconnected = ""; - # ;format-disconnected = - #;format-disconnected-underline = ${self.format-connected-underline} - #;label-disconnected = %ifname% disconnected - #;label-disconnected-foreground = ${colors.foreground-alt} - - - ramp-signal-foreground = foreground_altcol; - }; - "module/eth" = { - type = "internal/network"; - interface = "eno1"; - interval = "3.0"; - - format-connected-underline = "#55aa55"; - format-connected = " "; - format-connected-prefix-foreground = foreground_altcol; - label-connected = "%local_ip%"; - - format-disconnected = ""; - format-disconnected-background = "#5479b7"; - #;format-disconnected = - #;format-disconnected-underline = ${self.format-connected-underline} - #;label-disconnected = %ifname% disconnected - #;label-disconnected-foreground = ${colors.foreground-alt} - }; - "module/date" = { - type = "internal/date"; - interval = "5"; - - date = ''" %Y-%m-%d"''; - date-alt = ''" %Y-%m-%d"''; - - time = "%H:%M"; - time-alt = "%H:%M:%S"; - - #format-prefix = ""; - #format-prefix-foreground = foreground_altcol; - format-underline = "#0a6cf5"; - - label = "%{A} %date% %time%"; - }; - "module/battery" = { - type = "internal/battery"; - battery = "BAT0"; - adapter = "ADP1"; - full-at = "98"; - - format-charging-background = "#689d6a"; - format-charging-prefix = ''" "''; - format-charging = ""; - format-discharging-prefix = ''" "''; - format-discharging = ""; - format-discharging-background = "#689d6a"; - format-full-prefix = ''" "''; - - format-charging-underline = "#ffaa55"; - format-full-prefix-foreground = foreground_altcol; - format-full-underline = "#ffaa55"; - - ormat-full-padding = "1"; - format-charging-padding = "1"; - format-discharging-padding = "1"; - }; - "module/temperature" = { - type = "internal/temperature"; - thermal-zone = "0"; - warn-temperature = "60"; - - format = "