ellmau/nixos
1
0
Fork 0
mirror of https://github.com/ellmau/nixos.git synced 2025-12-19 09:29:36 +01:00
Code Issues Projects Releases Wiki Activity

Format with alejandra style

Browse Source
This commit is contained in:
Stefan Ellmauthaler 2022-08-22 11:00:00 +02:00
parent 6b41b87f67
commit d44a40605f
Failed to extract signature
62 changed files with 1553 additions and 1291 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
common/users.nix
View File

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with lib; {
config = {
elss = {

8
common/wireguard.nix
View File

@ -1,7 +1,11 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with lib; {
config.elss.wireguard = {
interfaces = {
stelnet = {
servers = {

50
default.nix
View File

@ -1,41 +1,59 @@
{ flakes, flakeOutputs, ...}:
let
mkMachine = args:
let
name = if builtins.isString args then args else args.name;
system = if args ? system then args.system else "x86_64-linux";
extraModules = if args ? extraModules then args.extraModules else [ ];
extraOverlays = if args ? extraOverlays then args.extraOverlays else [
{
flakes,
flakeOutputs,
...
}: let
mkMachine = args: let
name =
if builtins.isString args
then args
else args.name;
system =
if args ? system
then args.system
else "x86_64-linux";
extraModules =
if args ? extraModules
then args.extraModules
else [];
extraOverlays =
if args ? extraOverlays
then args.extraOverlays
else [
overlay-unstable
# overlay-comma
];
pkgs = flakes.nixpkgs;
configuration = if args ? configuration then args.configuration else import ./baseconfiguration.nix {inherit extraOverlays system pkgs name flakes flakeOutputs;} ;
configuration =
if args ? configuration
then args.configuration
else import ./baseconfiguration.nix {inherit extraOverlays system pkgs name flakes flakeOutputs;};
overlay-unstable = final: prev: {
unstable = import flakes.nixpkgs-unstable {
system = "${system}";
config.allowUnfree = true;
};
};
# overlay-comma = final: prev: {
# comma = flakes.comma.packages."${system}";
# };
in
{
in {
inherit name;
value = pkgs.lib.nixosSystem {
inherit system;
modules = [
modules =
[
configuration
{ nix = {
{
nix = {
package = pkgs.legacyPackages.${system}.nixUnstable;
nixPath = ["nixpkgs=${pkgs}"];
registry.nixpkgs.flake = pkgs;
registry.nixpkgs-unstable.flake = flakes.nixpkgs-unstable;
};
}
;}
] ++ extraModules
]
++ extraModules
++ flakes.nixpkgs.lib.mapAttrsToList (_: module: module)
flakeOutputs.nixosModules;
};

41
flake.nix
View File

@ -2,7 +2,6 @@
description = "Flake to define configurations of 'elss' - ellmauthaler stefan's systems";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.05";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
@ -59,9 +58,14 @@
};
};
outputs = { self, nixpkgs, flake-utils-plus, ... }@inputs:
let
extended-lib = nixpkgs.lib.extend
outputs = {
self,
nixpkgs,
flake-utils-plus,
...
} @ inputs: let
extended-lib =
nixpkgs.lib.extend
(final: prev: {
elss = (import ./lib {lib = final;}) prev;
});
@ -74,7 +78,8 @@
lib = extended-lib;
channelsConfig = {
allowUnfreePredicate = pkg: builtins.elem (extended-lib.getName pkg) [
allowUnfreePredicate = pkg:
builtins.elem (extended-lib.getName pkg) [
"slack"
"steam"
"steam-original"
@ -97,37 +102,44 @@
hostDefaults = {
system = "x86_64-linux";
channelName = "nixpkgs";
modules = [
modules =
[
inputs.home-manager.nixosModules.home-manager
inputs.sops-nix.nixosModules.sops
inputs.dwarffs.nixosModules.dwarffs
inputs.simple-nixos-mailserver.nixosModules.mailserver
./common/wireguard.nix
] ++ (map (name: ./modules + "/${name}") (moduleNames ./modules));
]
++ (map (name: ./modules + "/${name}") (moduleNames ./modules));
specialArgs = {
nixos-hardware = inputs.nixos-hardware.nixosModules;
inherit inputs;
};
extraArgs = {
homeConfigurations = withModules ./users
homeConfigurations =
withModules ./users
(
{ name, path }:
{
name,
path,
}:
#import (./users + "/${name}")
import path
);
};
};
hosts = discoverMachines ./machines
hosts =
discoverMachines ./machines
{
specialArgs = {lib = extended-lib;};
};
nixosModules = discoverModules ./modules;
homeConfigurations = withModules ./users
(name:
let
homeConfigurations =
withModules ./users
(name: let
username = extended-lib.removeSuffix ".nix" name;
in
inputs.home-manager.lib.homeManagerConfiguration {
@ -154,8 +166,7 @@
rust = {
description = "Rust development environment flake";
welcomeText =
"Change into the folder and follow the prompt to create an automatic rust environment in this folder";
welcomeText = "Change into the folder and follow the prompt to create an automatic rust environment in this folder";
};
jupyter = {
description = "Jupyter server flake";

4
lib/default.nix
View File

@ -1,6 +1,6 @@
{lib}:
(lib.composeManyExtensions [
(import ./users.nix)
(import ./files.nix)
]) lib
])
lib

32
lib/files.nix
View File

@ -1,25 +1,33 @@
final: prev:
with prev; rec {
moduleNames = dir: pipe dir [
moduleNames = dir:
pipe dir [
builtins.readDir
(filterAttrs
(name: type: (!hasPrefix "." name && !hasPrefix "_" name
(name: type: (!hasPrefix "." name
&& !hasPrefix "_" name
&& (hasSuffix ".nix" name || type == "directory"))))
attrNames
];
withModules = dir: f:
listToAttrs (map
(filename:
let
(filename: let
path = dir + "/${filename}";
name = removeSuffix ".nix" filename;
in
nameValuePair name (f {inherit path name;}))
(moduleNames dir));
discoverModules = dir: withModules dir ({ path, name }: import path);
discoverModules = dir:
withModules dir ({
path,
name,
}:
import path);
discoverMachines = dir: args:
withModules dir ({ path, name }:
withModules dir ({
path,
name,
}:
{modules = [path];} // args);
discoverTemplates = dir: overrides:
pipe dir [
@ -32,11 +40,11 @@ with prev; rec {
path = "${dir}/${template}";
description = "a template for ${template} projects";
}
(if hasAttr template overrides then
getAttr template overrides
else
{ }))))
(
if hasAttr template overrides
then getAttr template overrides
else {}
))))
listToAttrs
];
}

15
lib/users.nix
View File

@ -1,18 +1,15 @@
final: prev:
{
withConfig = config:
let
final: prev: {
withConfig = config: let
cfg = config.elss.users;
mapAccount = f: login: prev.nameValuePair login (f login);
mapList = f: lst: builtins.listToAttrs (map (mapAccount f) lst);
in
rec {
in rec {
mapUsers = f: mapList f cfg.users;
mapAdmins = f: mapList f cfg.admins;
mapAllUsers = f: (mapUsers f) // (mapAdmins f);
mapAllUsersAndRoot = f: (mapAllUsers f) // {
mapAllUsersAndRoot = f:
(mapAllUsers f)
// {
root = f "root";
};
};

21
machines/metis/default.nix
View File

@ -1,5 +1,10 @@
{ config, pkgs, inputs, nixos-hardware, ... }:
{
config,
pkgs,
inputs,
nixos-hardware,
...
}: {
imports = [
../../common/users.nix
./hardware-configuration.nix
@ -41,7 +46,6 @@
# enable wireguard
wireguard.enable = true;
# user setup
users = {
enable = true;
@ -61,14 +65,18 @@
networking = {
interfaces.ens3 = {
ipv4.addresses = [{
ipv4.addresses = [
{
address = "89.58.45.113";
prefixLength = 22;
}];
ipv6.addresses = [{
}
];
ipv6.addresses = [
{
address = "fe80::94e0:6eff:fecd:d6cb";
prefixLength = 64;
}];
}
];
};
defaultGateway = "89.58.44.1";
defaultGateway6 = {
@ -81,7 +89,6 @@
externalInterface = "ens3";
internalInterfaces = ["wg-stelnet"];
};
};
system.stateVersion = "22.05";
}

20
machines/metis/hardware-configuration.nix
View File

@ -1,11 +1,14 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
@ -14,20 +17,17 @@
boot.kernelModules = [];
boot.extraModulePackages = [];
fileSystems."/" =
{
fileSystems."/" = {
device = "/dev/disk/by-label/nixos-root";
fsType = "xfs";
};
fileSystems."/boot" =
{
fileSystems."/boot" = {
device = "/dev/disk/by-label/BOOT";
fsType = "vfat";
};
swapDevices =
[{ device = "/dev/disk/by-label/swap"; }];
swapDevices = [{device = "/dev/disk/by-label/swap";}];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

8
machines/nucturne/default.nix
View File

@ -1,12 +1,16 @@
{ config, pkgs, inputs, nixos-hardware, ...}:
{
config,
pkgs,
inputs,
nixos-hardware,
...
}: {
imports = [
../../common/users.nix
./hardware-configuration.nix
./software.nix
];
elss = {
# base system
base.enable = true;

28
machines/nucturne/hardware-configuration.nix
View File

@ -1,11 +1,15 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci"];
@ -13,23 +17,23 @@
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/da267a3c-34e3-4218-933f-10738ee61eb6";
fileSystems."/" = {
device = "/dev/disk/by-uuid/da267a3c-34e3-4218-933f-10738ee61eb6";
fsType = "ext4";
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/9ebd7aff-629b-449b-83d8-6381a04eb708";
fileSystems."/home" = {
device = "/dev/disk/by-uuid/9ebd7aff-629b-449b-83d8-6381a04eb708";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/DE6D-C383";
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/DE6D-C383";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/0069f1fa-dd8e-4c0a-8f01-a576af29909e"; }
swapDevices = [
{device = "/dev/disk/by-uuid/0069f1fa-dd8e-4c0a-8f01-a576af29909e";}
];
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";

5
machines/nucturne/software.nix
View File

@ -1,5 +1,8 @@
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
environment.systemPackages = with pkgs; [
libreoffice-fresh
onlyoffice-bin

7
machines/stel-xps/default.nix
View File

@ -1,5 +1,10 @@
{ config, pkgs, inputs, nixos-hardware, ... }:
{
config,
pkgs,
inputs,
nixos-hardware,
...
}: {
imports = [
../../common/users.nix
./printer.nix

24
machines/stel-xps/hardware-configuration.nix
View File

@ -1,11 +1,15 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"];
@ -13,20 +17,20 @@
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/6b7f9f80-af34-4317-b017-f883a2316674";
fileSystems."/" = {
device = "/dev/disk/by-uuid/6b7f9f80-af34-4317-b017-f883a2316674";
fsType = "ext4";
};
boot.initrd.luks.devices."crypted".device = "/dev/disk/by-uuid/9c84f143-023d-4fcb-a49c-ca78ce69e0e0";
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/39E0-047B";
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/39E0-047B";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/93381a25-6704-408e-b091-cfda6cddbda0"; }
swapDevices = [
{device = "/dev/disk/by-uuid/93381a25-6704-408e-b091-cfda6cddbda0";}
];
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";

17
machines/stel-xps/printer.nix
View File

@ -1,6 +1,8 @@
{ config, pkgs, ...}:
let
{
config,
pkgs,
...
}: let
ppd-local = pkgs.stdenv.mkDerivation rec {
pname = "local-ppds";
version = "2021-07-04";
@ -14,13 +16,14 @@ let
cp -R Ricoh $out/share/cups/model
'';
};
in
{
services.printing.drivers = with pkgs; [
in {
services.printing.drivers = with pkgs;
[
foomatic-filters
gutenprint
hplip
] ++ [
]
++ [
ppd-local
];

5
machines/stel-xps/software.nix
View File

@ -1,5 +1,8 @@
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
environment.systemPackages = with pkgs; [
brightnessctl
libreoffice-fresh

15
modules/aspell.nix
View File

@ -1,6 +1,9 @@
{ config, pkgs, lib, ... }:
let
{
config,
pkgs,
lib,
...
}: let
aspellConf = ''
data-dir /run/current-system/sw/lib/aspell
dict-dir /run/current-system/sw/lib/aspell
@ -8,12 +11,12 @@ let
extra-dicts en-computers.rws
add-extra-dicts en_GB-science.rws
'';
in
{
in {
options.elss.programs.aspell.enable = lib.mkEnableOption "setup aspell";
config = lib.mkIf config.elss.programs.aspell.enable {
environment.systemPackages = [ pkgs.aspell ]
environment.systemPackages =
[pkgs.aspell]
++ (with pkgs.aspellDicts; [de en sv en-computers en-science]);
};
}

7
modules/base.nix
View File

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib; {
options.elss = {
base.enable = mkEnableOption "Set the base configuration for the system";

10
modules/communication.nix
View File

@ -1,9 +1,13 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib; {
options.elss.programs.communication.enable = mkEnableOption "enable the basic graphical communication tools";
config =
let
config = let
cfg = config.elss.programs.communication;
in
mkIf cfg.enable {

34
modules/emacs/default.nix
View File

@ -1,6 +1,10 @@
{ config, lib, pkgs, ... }:
with lib;
let
{
config,
lib,
pkgs,
...
}:
with lib; let
defaultEl = ./default.el;
environment.systemPackages = [pkgs.gdb]; # use gdb for dap-mode
@ -8,9 +12,9 @@ let
mkdir -p $out/share/emacs/site-lisp
cp ${defaultEl} $out/share/emacs/site-lisp/default.el
'';
emacsPackage = (pkgs.emacsPackagesFor pkgs.emacs).emacsWithPackages
(epkgs:
let
emacsPackage =
(pkgs.emacsPackagesFor pkgs.emacs).emacsWithPackages
(epkgs: let
lpkgs = import ./packages.nix {
inherit config lib pkgs epkgs;
};
@ -21,13 +25,17 @@ let
# gnupg
# nixpkgs-fmt
#])
[(defaultConfig)] ++
[(with epkgs.elpaPackages; [
[defaultConfig]
++ [
(with epkgs.elpaPackages; [
auctex
org
flymake
])]
++ (with epkgs.melpaStablePackages; [ ]) ++ (with epkgs.melpaPackages; [
])
]
++ (with epkgs.melpaStablePackages; [])
++ (with epkgs.melpaPackages;
[
ac-helm
academic-phrases
add-hooks
@ -86,12 +94,12 @@ let
yaml-mode
yasnippet
#zenburn-theme
] ++ (with lpkgs; [
]
++ (with lpkgs; [
org-roam-ui
ligatures
])));
in
{
in {
options.elss.programs.emacs.enable = mkEnableOption "Setup emacs package and install it";
config = mkIf config.elss.programs.emacs.enable {
services.emacs = {

9
modules/emacs/packages.nix
View File

@ -1,5 +1,10 @@
{ config, lib, pkgs, epkgs, ...}:
let
{
config,
lib,
pkgs,
epkgs,
...
}: let
in
with epkgs; rec {
org-roam-ui = trivialBuild {

16
modules/graphical.nix
View File

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with lib; {
options.elss.graphical = {
enable = mkEnableOption "configure graphical layer";
@ -18,14 +23,16 @@ with lib; {
};
i3.enable = mkEnableOption "enable i3";
};
config =
let
config = let
cfg = config.elss.graphical;
#cursorsize = if config.variables.hostName == "nucturne" then 14 else 16;
#xserverDPI = if config.variables.hostName == "stel-xps" then 180 else null;
in
mkIf cfg.enable {
elss.users.x11.enable = if cfg.i3.enable then true else false;
elss.users.x11.enable =
if cfg.i3.enable
then true
else false;
elss.networking.useNetworkManager = true;
services = {
@ -77,6 +84,5 @@ with lib; {
libsecret
arandr
];
};
}

7
modules/locale.nix
View File

@ -1,4 +1,9 @@
{ config, pkgs, lib, ...}:
{
config,
pkgs,
lib,
...
}:
with lib; {
options.elss.locale.enable = mkEnableOption "setup default locale and font-handling";

11
modules/network-manager/default.nix
View File

@ -1,9 +1,13 @@
{ config, pkgs, lib, ...}:
{
config,
pkgs,
lib,
...
}:
with lib; {
options.elss.networking.useNetworkManager = mkEnableOption "enable networkmanager";
config =
let
config = let
connections = [
"tartaros"
"eduroam"
@ -24,4 +28,3 @@ with lib; {
sops.secrets = mkMerge (map mkSopsSecrets connections);
};
}

14
modules/nix-index-db.nix
View File

@ -1,11 +1,14 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with lib; {
options.elss.nix-index-db-update.enable =
mkEnableOption "periodically update the nix-index database";
config =
let
config = let
cfg = config.elss.nix-index-db-update;
nix-index-db-update = pkgs.writeShellScript "nix-index-db-update" ''
set -euo pipefail
@ -48,8 +51,7 @@ with lib; {
};
};
home-manager.users = mapAllUsers (_:
{ config, ... }: {
home-manager.users = mapAllUsers (_: {config, ...}: {
home.file.".cache/nix-index".source =
config.lib.file.mkOutOfStoreSymlink "/var/db/nix-index/";
});

6
modules/nix.nix
View File

@ -1,6 +1,8 @@
{ pkgs, config, ... }:
{
pkgs,
config,
...
}: {
config = {
nix = {
useSandbox = true;

8
modules/obs-studio.nix
View File

@ -1,6 +1,10 @@
{ config, pkgs, lib, ...}:
with lib;
{
config,
pkgs,
lib,
...
}:
with lib; {
options.elss.programs.obsstudio.enable = mkEnableOption "install obs-studio";
config = mkIf config.elss.programs.obsstudio.enable {
environment.systemPackages = with pkgs; [

10
modules/openvpn/default.nix
View File

@ -1,8 +1,12 @@
{ config, lib, pkgs, ...}:
{
config,
lib,
pkgs,
...
}:
with lib; {
options.elss.openvpn.enable = mkEnableOption "Setup TUD openvpn";
config =
let
config = let
cfg = config.elss.openvpn;
in
mkIf cfg.enable {

17
modules/python.nix
View File

@ -1,14 +1,19 @@
{ config, lib, pkgs, ... }:
with pkgs; with lib;
let
my-python-packages = python-packages: with python-packages; [
{
config,
lib,
pkgs,
...
}:
with pkgs;
with lib; let
my-python-packages = python-packages:
with python-packages; [
pandas
requests
# other python packages you want
];
python-with-my-packages = python3.withPackages my-python-packages;
in
{
in {
options.elss.programs.python.enable = mkEnableOption "install python 3";
config = mkIf config.elss.programs.python.enable {
environment.systemPackages = [python-with-my-packages];

11
modules/secrets.nix
View File

@ -1,16 +1,19 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with lib; {
options.elss.sops.enable = mkEnableOption "Use sops config";
config =
let
config = let
cfg = config.elss.sops;
in
mkIf cfg.enable {
sops = {
defaultSopsFile = ../secrets/secrets.yaml;
secrets.example_key.format = "yaml";
};
};
}

12
modules/server/acme.nix
View File

@ -1,15 +1,17 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib; {
config =
let
config = let
cfg = config.elss.server;
staging = config.elss.server.acme.staging;
in
mkIf cfg.enable {
security.acme = {
defaults = {
server = mkIf staging "https://acme-staging-v02.api.letsencrypt.org/directory";
email = "stefan.ellmauthaler@gmail.com"; # Do not use ellmauthaler.net as the mail server will be covered by acme
};

11
modules/server/default.nix
View File

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib; {
options.elss.server = {
acme.staging = mkEnableOption "Whether to use the staging or the default server for acme";
@ -8,7 +13,6 @@ with lib; {
nextcloud.enable = mkEnableOption "Set up nextcloud";
smailserver.enable = mkEnableOption "Set up simple mail server";
unbound.enable = mkEnableOption "Set unbound dns up";
};
imports = [
@ -20,8 +24,7 @@ with lib; {
./unbound.nix
];
config =
let
config = let
cfg = config.elss.server;
in
mkIf cfg.enable {

10
modules/server/nextcloud.nix
View File

@ -1,7 +1,11 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with lib; {
config =
let
config = let
cfg = config.elss.server.nextcloud;
in
mkIf cfg.enable {

10
modules/server/nginx.nix
View File

@ -1,7 +1,11 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib; {
config =
let
config = let
cfg = config.elss.server.nginx;
in
mkIf cfg.enable {

10
modules/server/smailserver.nix
View File

@ -1,7 +1,11 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with lib; {
config =
let
config = let
cfg = config.elss.server.smailserver;
in
mkIf cfg.enable {

16
modules/server/sql.nix
View File

@ -1,7 +1,11 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with lib; {
config =
let
config = let
cfg = config.elss.server.sql;
in
mkIf cfg.enable {
@ -9,10 +13,12 @@ with lib;{
enable = true;
package = pkgs.postgresql_14;
ensureDatabases = ["nextcloud"];
ensureUsers = [{
ensureUsers = [
{
name = "nextcloud";
ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
}];
}
];
};
};
}

11
modules/server/unbound.nix
View File

@ -1,7 +1,11 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib; {
config =
let
config = let
cfg = config.elss.server.unbound;
in
mkIf cfg.enable {
@ -21,7 +25,6 @@ with lib; {
settings.server.interface = ["127.0.0.0" "::1"];
settings.server.access-control = ["192.168.244.0/24 allow" "fdaa:3313:9dfa:dfa3::/64 allow"];
};
};
networking = {
nameservers = ["127.0.0.1" "::1"];

10
modules/ssh.nix
View File

@ -1,9 +1,13 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib; {
options.elss.sshd.enable = mkEnableOption "Set up sshd";
config =
let
config = let
cfg = config.elss.sshd;
in
mkIf cfg.enable {

11
modules/steam-run.nix
View File

@ -1,10 +1,13 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib; {
options.elss.steam-run.enable = mkEnableOption "configure steam-run to support unpatched binaries";
config =
let
config = let
cfg = config.elss.steam-run;
in
mkIf cfg.enable {

10
modules/sway.nix
View File

@ -1,8 +1,12 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with lib; {
options.elss.graphical.sway.enable = mkEnableOption "Use sway";
config =
let
config = let
cfg = config.elss.graphical.sway;
in
mkIf cfg.enable {

10
modules/texlive.nix
View File

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib; {
options.elss.texlive = {
enable = mkEnableOption "configure texlife on the system";
@ -12,8 +17,7 @@ with lib; {
};
};
config =
let
config = let
cfg = config.elss.texlive;
in
mkIf cfg.enable {

59
modules/users.nix
View File

@ -1,5 +1,10 @@
{ config, pkgs, lib, homeConfigurations, ... }:
{
config,
pkgs,
lib,
homeConfigurations,
...
}:
with lib; {
options.elss.users = {
enable = mkEnableOption "elss specific user configuration";
@ -15,14 +20,16 @@ with lib; {
type = types.listOf types.str;
};
meta = mkOption {
type = types.attrsOf
type =
types.attrsOf
(types.submodule {
options = {
description = mkOption {
type = types.str;
description = "full name of the user";
};
hashedPassword = mkOption
hashedPassword =
mkOption
{
type = types.str;
default = null;
@ -63,8 +70,7 @@ with lib; {
};
};
config =
let
config = let
cfg = config.elss.users;
inherit (elss.withConfig config) mapAdmins mapUsers mapAllUsersAndRoot mapAllUsers;
@ -78,10 +84,9 @@ with lib; {
inherit (getMeta login) hashedPassword;
}
];
mkUser = login:
let meta = getMeta login;
in
{
mkUser = login: let
meta = getMeta login;
in {
inherit (meta) description;
isNormalUser = true;
home = "/home/${login}";
@ -89,10 +94,9 @@ with lib; {
openssh.authorizedKeys.keys = meta.publicKeys;
};
mkGitUser = login:
let meta = getMeta login;
in
{
mkGitUser = login: let
meta = getMeta login;
in {
programs.git = {
userEmail = meta.mailAddress;
userName = meta.description;
@ -111,8 +115,8 @@ with lib; {
};
};
mkX11User = login:
let meta = getMeta login;
mkX11User = login: let
meta = getMeta login;
in
mkIf (cfg.x11.enable)
{
@ -132,21 +136,19 @@ with lib; {
dunst.enable = true;
};
};
in
mkIf (cfg.enable)
{
assertions =
let
assertions = let
cfg = config.elss.users;
in
[
in [
{
assertion = mutuallyExclusive cfg.users cfg.admins;
message = "elss.users.users and elss.users.admins are mutually exclusive";
}
{
assertion = all (hash: hash != "")
assertion =
all (hash: hash != "")
(catAttrs "hashedPassword" (attrVals cfg.admins cfg.meta));
message = "No admin without password";
}
@ -158,8 +160,7 @@ with lib; {
users = {
mutableUsers = false;
users =
mkMerge [
users = mkMerge [
(mapAdmins mkAdmin)
(mapUsers mkUser)
];
@ -167,17 +168,19 @@ with lib; {
home-manager = {
useUserPackages = true;
useGlobalPkgs = true;
users =
mkMerge [
users = mkMerge [
(mapAllUsers mkX11User)
(mapAllUsers mkGitUser)
(mapAllUsersAndRoot (login:
mkMerge [
{config.home.stateVersion = mkDefault "21.11";}
(if homeConfigurations ? "${login}" then homeConfigurations."${login}" else { })
(
if homeConfigurations ? "${login}"
then homeConfigurations."${login}"
else {}
)
]))
];
};
};
}

81
modules/wireguard.nix
View File

@ -1,6 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}: {
options.elss.wireguard = with lib; {
enable = mkEnableOption "wireguard overlay network";
@ -78,14 +81,12 @@
ipv6 = {
ula = mkOption {
type = types.listOf types.str;
description =
"IPv6 prefixes to use for ULA wireguard addressing";
description = "IPv6 prefixes to use for ULA wireguard addressing";
};
gua = mkOption {
type = types.listOf types.str;
description =
"IPv6 prefixes to use for GUA wireguard addressing";
description = "IPv6 prefixes to use for GUA wireguard addressing";
};
};
@ -99,21 +100,25 @@
};
};
config =
let
config = let
cfg = config.elss;
hostName = config.system.name;
secretsFile = ../machines
secretsFile =
../machines
+ builtins.toPath "/${hostName}/secrets/wireguard.yaml";
takeNonEmpty = lib.filter (interface: interface != "");
testInterface = predicate:
lib.mapAttrsToList
(interface: value: if (predicate interface value) then interface else "")
(interface: value:
if (predicate interface value)
then interface
else "")
cfg.wireguard.interfaces;
onlyInterfaces = predicate: takeNonEmpty (testInterface predicate);
peerInterfaces =
onlyInterfaces (interface: value: builtins.hasAttr hostName value.peers);
serverInterfaces = onlyInterfaces
serverInterfaces =
onlyInterfaces
(interface: value: builtins.hasAttr hostName value.servers);
interfaces = serverInterfaces ++ peerInterfaces;
@ -135,39 +140,42 @@
};
mkPeerPeer = prefixes: peers: peer: {
allowedIPs = (mkAddresses prefixes peer.localIp)
++ (lib.concatMap (mkAddresses prefixes) peer.extraIps) ++ (if lib.hasAttr hostName peers then peers.${hostName}.additionalAllowedIps else [ ]);
allowedIPs =
(mkAddresses prefixes peer.localIp)
++ (lib.concatMap (mkAddresses prefixes) peer.extraIps)
++ (
if lib.hasAttr hostName peers
then peers.${hostName}.additionalAllowedIps
else []
);
persistentKeepalive = 25;
inherit (peer) publicKey endpoint;
};
mkPostSetup = name: prefixes: servers:
let
mkPostSetup = name: prefixes: servers: let
ifName = mkInterfaceName name;
serverIps = name: server: mkServerAddresses prefixes server.localIp;
dnsServers = lib.concatLists (lib.mapAttrsToList serverIps servers);
in
lib.concatStrings ([
''
${pkgs.systemd}/bin/resolvectl domain ${ifName} ${name}.${config.elss.dns.wgZone}
${pkgs.systemd}/bin/resolvectl default-route ${ifName} true
''
] ++ (map
]
++ (map
(ip: ''
${pkgs.systemd}/bin/resolvectl dns ${ifName} ${ip}
'')
dnsServers));
mkInterfaceConfig = hostName: interface: value:
let
mkInterfaceConfig = hostName: interface: value: let
isServer = builtins.hasAttr hostName value.servers;
isPeer = builtins.hasAttr hostName value.peers;
myConfig =
if isServer then
value.servers."${hostName}"
else
value.peers."${hostName}";
if isServer
then value.servers."${hostName}"
else value.peers."${hostName}";
in
assert lib.asserts.assertMsg
((isServer || isPeer) && !(isServer && isPeer))
@ -176,25 +184,30 @@
privateKeyFile = config.sops.secrets."wireguard-${interface}".path;
ips = mkAddresses value.prefixes myConfig.localIp;
inherit (myConfig) listenPort;
} // (if isServer then {
}
// (
if isServer
then {
peers = lib.mapAttrsToList (_: mkServerPeer value.prefixes) value.peers;
} else if isPeer then {
}
else if isPeer
then {
peers = lib.mapAttrsToList (_: mkPeerPeer value.prefixes value.peers) value.servers;
postSetup = mkPostSetup interface value.prefixes value.servers;
} else
{ }));
}
else {}
));
mkInterfaceSecret = interface: {
"wireguard-${interface}" = {sopsFile = secretsFile;};
};
mkListenPorts = hostName: interface: value:
if builtins.hasAttr hostName value.servers then
value.servers."${hostName}".listenPort
else if builtins.hasAttr hostName value.peers then
value.peers."${hostName}".listenPort
else
-1;
if builtins.hasAttr hostName value.servers
then value.servers."${hostName}".listenPort
else if builtins.hasAttr hostName value.peers
then value.peers."${hostName}".listenPort
else -1;
mkSysctl = hostName: interface: [
{
@ -210,7 +223,6 @@
value = "1";
}
];
in
lib.mkIf cfg.wireguard.enable {
networking = {
@ -243,7 +255,6 @@
})
interfaces);
boot.kernel.sysctl =
builtins.listToAttrs (lib.concatMap (mkSysctl hostName) serverInterfaces);

14
modules/zsh.nix
View File

@ -1,8 +1,12 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with lib; {
options.elss.zsh.enable = mkEnableOption "Setup systemwide zsh";
config =
let
config = let
inherit (elss.withConfig config) mapAllUsers;
cfg = config.elss.zsh;
in
@ -58,8 +62,8 @@ with lib; {
};
};
users.users = mapAllUsers (_: { shell = pkgs.zsh; }
users.users = mapAllUsers (
_: {shell = pkgs.zsh;}
);
};
}

11
secrets/shell.nix
View File

@ -1,9 +1,8 @@
{ pkgs ? import <nixpkgs> { }
, sops-nix ? pkgs.callPackage <sops-nix> { }
, ...
}:
let
{
pkgs ? import <nixpkgs> {},
sops-nix ? pkgs.callPackage <sops-nix> {},
...
}: let
sops-rekey = pkgs.writeShellScriptBin "sops-rekey" ''
${pkgs.findutils}/bin/find . -wholename '*/secrets/*.yaml' -exec ${pkgs.sops}/bin/sops updatekeys {} \;
'';

20
templates/basic_tools/flake.nix
View File

@ -8,19 +8,25 @@
flake-utils-plus.url = "github:gytis-ivaskevicius/flake-utils-plus";
};
outputs = { self, nixpkgs, nixpkgs-unstable, flake-utils, flake-utils-plus, ... }@inputs:
{ } // (flake-utils.lib.eachDefaultSystem (system:
let
outputs = {
self,
nixpkgs,
nixpkgs-unstable,
flake-utils,
flake-utils-plus,
...
} @ inputs:
{}
// (flake-utils.lib.eachDefaultSystem (
system: let
unstable = import nixpkgs-unstable {
inherit system;
};
pkgs = import nixpkgs {
inherit system;
};
in
rec {
devShell =
pkgs.mkShell {
in rec {
devShell = pkgs.mkShell {
buildInputs = [
# add packages here, like
# pkgs.clingo

11
templates/jupyter/flake.nix
View File

@ -6,9 +6,14 @@
flake-utils.url = "github:numtide/flake-utils";
};
outputs = { self, nixpkgs, jupyterWith, flake-utils }:
flake-utils.lib.eachSystem [ "x86_64-linux" "x86_64-darwin" ] (system:
let
outputs = {
self,
nixpkgs,
jupyterWith,
flake-utils,
}:
flake-utils.lib.eachSystem ["x86_64-linux" "x86_64-darwin"] (
system: let
pkgs = import nixpkgs {
system = system;
overlays = nixpkgs.lib.attrValues jupyterWith.overlays;

22
templates/rust/flake.nix
View File

@ -18,20 +18,27 @@
};
};
outputs = { self, nixpkgs, nixpkgs-unstable, flake-utils, gitignoresrc, rust-overlay, ... }@inputs:
outputs = {
self,
nixpkgs,
nixpkgs-unstable,
flake-utils,
gitignoresrc,
rust-overlay,
...
} @ inputs:
{
#overlay = import ./nix { inherit gitignoresrc; };
} // (flake-utils.lib.eachDefaultSystem (system:
let
}
// (flake-utils.lib.eachDefaultSystem (
system: let
unstable = import nixpkgs-unstable {inherit system;};
pkgs = import nixpkgs {
inherit system;
overlays = [(import rust-overlay)];
};
in
rec {
devShell =
pkgs.mkShell {
in rec {
devShell = pkgs.mkShell {
RUST_LOG = "debug";
RUST_BACKTRACE = 1;
buildInputs = [
@ -50,4 +57,3 @@
}
));
}

6
users/ellmau/alacritty.nix
View File

@ -1,5 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}: {
programs.alacritty = {
enable = true;
settings = {

12
users/ellmau/autorandr.nix
View File

@ -1,11 +1,15 @@
{ config, pkgs, lib, nixosConfig, ... }:
{
config,
pkgs,
lib,
nixosConfig,
...
}:
with lib; {
config =
let
config = let
cfg = nixosConfig.elss.graphical.i3;
in
mkIf cfg.enable {
programs.autorandr = {
enable = true;
profiles = {

6
users/ellmau/default.nix
View File

@ -1,5 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}: {
imports = [
./alacritty.nix
./autorandr.nix

11
users/ellmau/dunst.nix
View File

@ -1,7 +1,12 @@
{ config, pkgs, lib, nixosConfig, ... }:
{
config,
pkgs,
lib,
nixosConfig,
...
}:
with lib; {
config =
let
config = let
cfg = nixosConfig.elss.graphical.i3;
in
mkIf cfg.enable {

6
users/ellmau/git.nix
View File

@ -1,5 +1,9 @@
{ config, pkgs, lib, ...}:
{
config,
pkgs,
lib,
...
}: {
programs = {
git = {
enable = true;

8
users/ellmau/gpg.nix
View File

@ -1,5 +1,9 @@
{ config, pkgs, lib, ...}:
{
config,
pkgs,
lib,
...
}: {
home.file = {
".gnupg/gpgsm.conf".text = ''
keyserver ldap.pca.dfn.de::::o=DFN-Verein,c=DE
@ -10,7 +14,5 @@
".gnupg/chain.txt".source = ./conf/gpgsm/chain.txt;
};
programs.gpg.enable = true;
}

11
users/ellmau/i3.nix
View File

@ -1,7 +1,12 @@
{ config, pkgs, lib, nixosConfig, ... }:
{
config,
pkgs,
lib,
nixosConfig,
...
}:
with lib; {
config =
let
config = let
cfg = nixosConfig.elss.graphical;
in
mkIf cfg.enable {

11
users/ellmau/kanshi.nix
View File

@ -1,7 +1,12 @@
{ config, pkgs, lib, nixosConfig, ... }:
{
config,
pkgs,
lib,
nixosConfig,
...
}:
with lib; {
config =
let
config = let
cfg = nixosConfig.elss.graphical.sway;
in
mkIf cfg.enable {

13
users/ellmau/mako.nix
View File

@ -1,18 +1,21 @@
{ config, pkgs, lib, nixosConfig, ... }:
{
config,
pkgs,
lib,
nixosConfig,
...
}:
with lib; {
config =
let
config = let
cfg = nixosConfig.elss.graphical.sway;
in
mkIf cfg.enable {
programs.mako = {
enable = true;
iconPath = "${pkgs.numix-icon-theme}";
font = "Hasklug Nerd Font 10";
defaultTimeout = 8000;
# ignoreTimeout = true;
};
home.packages = [pkgs.numix-icon-theme];

11
users/ellmau/nextcloud.nix
View File

@ -1,7 +1,12 @@
{ config, pkgs, lib, nixosConfig, ... }:
{
config,
pkgs,
lib,
nixosConfig,
...
}:
with lib; {
config =
let
config = let
cfg = nixosConfig.elss.graphical;
in
mkIf cfg.enable {

19
users/ellmau/polybar.nix
View File

@ -1,17 +1,20 @@
{ config, pkgs, lib, nixosConfig, ... }:
{
config,
pkgs,
lib,
nixosConfig,
...
}:
with lib; {
config =
let
config = let
cfg = nixosConfig.elss.graphical.i3;
in
mkIf cfg.enable {
services.polybar = {
enable = true;
package = pkgs.polybarFull;
settings =
let
settings = let
# solarized theme colours ~ https://en.wikipedia.org/wiki/Solarized
#content tones
Base01 = "#586e75";
Base00 = "#657b83";
@ -57,8 +60,7 @@ with lib; {
"Weather Icons:size=12;0"
"Hasklug Nerd Font,Hasklig Medium:style=Medium,Regular"
];
in
{
in {
"bar/main" = {
font = fonts;
modules = {
@ -204,7 +206,6 @@ with lib; {
#;label-disconnected = %ifname% disconnected
#;label-disconnected-foreground = ${colors.foreground-alt}
ramp-signal-foreground = foreground_altcol;
};
"module/eth" = {

38
users/ellmau/sway.nix
View File

@ -1,7 +1,12 @@
{ config, pkgs, lib, nixosConfig, ... }:
{
config,
pkgs,
lib,
nixosConfig,
...
}:
with lib; {
config =
let
config = let
cfg = nixosConfig.elss.graphical.sway;
in
mkIf cfg.enable {
@ -10,13 +15,20 @@ with lib; {
swayidle = {
enable = true;
events = [
{ event = "before-sleep"; command = "swaylock -KfeFi ~/.background-image"; }
{ event = "lock"; command = "swaylock -KfeFi ~/.background-image"; }
{
event = "before-sleep";
command = "swaylock -KfeFi ~/.background-image";
}
{
event = "lock";
command = "swaylock -KfeFi ~/.background-image";
}
];
timeouts = [
{ timeout = 60; command = "swaylock -KfeFi ~/.background-image"; }
{
timeout = 60;
command = "swaylock -KfeFi ~/.background-image";
}
];
};
};
@ -40,8 +52,7 @@ with lib; {
modifier = "Mod4";
keybindings =
let
keybindings = let
modifier = config.wayland.windowManager.sway.config.modifier;
bctl = "${pkgs.brightnessctl}/bin/brightnessctl";
in
@ -55,13 +66,10 @@ with lib; {
XF86AudioMute = "exec ${pkgs.pamixer}/bin/pamixer -t";
XF86AudioLowerVolume = "exec ${pkgs.pulseaudioFull}/bin/pactl set-sink-volume @DEFAULT_SINK@ -10%";
XF86AudioRaiseVolume = "exec ${pkgs.pulseaudioFull}/bin/pactl set-sink-volume @DEFAULT_SINK@ +10%";
};
keycodebindings =
let
keycodebindings = let
modifier = config.wayland.windowManager.sway.config.modifier;
in
{ };
in {};
startup = [
{

13
users/ellmau/waybar.nix
View File

@ -1,7 +1,12 @@
{ config, pkgs, lib, nixosConfig, ... }:
{
config,
pkgs,
lib,
nixosConfig,
...
}:
with lib; {
config =
let
config = let
cfg = nixosConfig.elss.graphical.sway;
in
mkIf cfg.enable {
@ -82,10 +87,8 @@ with lib; {
on-click = "${pkgs.pamixer}/bin/pamixer -t";
on-click-right = "${pkgs.pavucontrol}/bin/pavucontrol &";
};
};
};
};
};
}

3
users/ellmau/zsh.nix
View File

@ -1,5 +1,4 @@
{ pkgs, ... }:
{
{pkgs, ...}: {
programs = {
zsh = {
enable = true;