commit 67a9c8c71126edde5601533ba7ce37c73d5664ba
parent 5d1d937cbacc0695651b09407df8699fbe60d8a3
Author: Katja (ctucx) <git@ctu.cx>
Date: Sat, 17 May 2025 17:32:24 +0200
parent 5d1d937cbacc0695651b09407df8699fbe60d8a3
Author: Katja (ctucx) <git@ctu.cx>
Date: Sat, 17 May 2025 17:32:24 +0200
katja wendet `nix fmt *` an
7 files changed, 352 insertions(+), 318 deletions(-)
M
|
293
++++++++++++++++++++++++++++++++++++++-----------------------------------------
M
|
290
++++++++++++++++++++++++++++++++++++++++---------------------------------------
diff --git a/config/nixos/modules/filesystem/rootDisk.nix b/config/nixos/modules/filesystem/rootDisk.nix @@ -51,17 +51,15 @@ in }; }; - config = lib.mkIf cfg.enable (lib.mkMerge [ - ( - lib.mkIf (cfg.type == "btrfs") { + config = lib.mkIf cfg.enable ( + lib.mkMerge [ + (lib.mkIf (cfg.type == "btrfs") { services.btrfs.autoScrub = { enable = true; interval = "weekly"; }; - } - ) - ( - lib.mkIf (cfg.type == "zfs") { + }) + (lib.mkIf (cfg.type == "zfs") { services.zfs.autoScrub.enable = true; boot = lib.mkIf cfg.encrypt { @@ -113,182 +111,169 @@ in mountpoint = "none"; xattr = "sa"; } - ( - lib.mkIf config.modules.filesystem.encrypt { - encryption = "on"; - keyformat = "hex"; - keylocation = "file:///key/${config.networking.hostName}.key"; - } - ) + (lib.mkIf config.modules.filesystem.encrypt { + encryption = "on"; + keyformat = "hex"; + keylocation = "file:///key/${config.networking.hostName}.key"; + }) ]; - datasets = lib.mkMerge (lib.flatten [ - { - data = { - type = "zfs_fs"; - options.canmount = "off"; - }; - "data/home" = { - type = "zfs_fs"; - options = { - canmount = "off"; - mountpoint = "none"; + datasets = lib.mkMerge ( + lib.flatten [ + { + data = { + type = "zfs_fs"; + options.canmount = "off"; + }; + "data/home" = { + type = "zfs_fs"; + options = { + canmount = "off"; + mountpoint = "none"; + }; }; - }; - "data/system" = { - type = "zfs_fs"; - options.mountpoint = "legacy"; - mountpoint = "/nix/persist/system"; - }; - nix = { - type = "zfs_fs"; - options = { - atime = "off"; - mountpoint = "legacy"; + "data/system" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/nix/persist/system"; }; - mountpoint = "/nix"; - }; - os = { - type = "zfs_fs"; - options.canmount = "off"; - }; - "os/nixos" = { - type = "zfs_fs"; - options.canmount = "off"; - }; - "os/nixos/root-1" = { - type = "zfs_fs"; - options = { - atime = "off"; - compression = "zstd-fast"; - mountpoint = "legacy"; + nix = { + type = "zfs_fs"; + options = { + atime = "off"; + mountpoint = "legacy"; + }; + mountpoint = "/nix"; }; - mountpoint = "/"; - }; - reserved = { - type = "zfs_volume"; - size = "8G"; - options.readonly = "on"; - }; - } - ( - lib.mkIf config.modules.filesystem.encrypt { + os = { + type = "zfs_fs"; + options.canmount = "off"; + }; + "os/nixos" = { + type = "zfs_fs"; + options.canmount = "off"; + }; + "os/nixos/root-1" = { + type = "zfs_fs"; + options = { + atime = "off"; + compression = "zstd-fast"; + mountpoint = "legacy"; + }; + mountpoint = "/"; + }; + reserved = { + type = "zfs_volume"; + size = "8G"; + options.readonly = "on"; + }; + } + (lib.mkIf config.modules.filesystem.encrypt { key = { type = "zfs_volume"; size = "24M"; options.encryption = "off"; # TODO: luksFormat, add key and make readonly }; - } - ) - ( - lib.map (user: { + }) + (lib.map (user: { "data/home/${user}" = { type = "zfs_fs"; options.mountpoint = "legacy"; mountOptions = [ "nofail" ]; mountpoint = - # if config.modules.filesystem.impermanence.persistHome then - if true then - "/home/${user}" - else - "/nix/persist/home/${user}"; + # if config.modules.filesystem.impermanence.persistHome then + if true then "/home/${user}" else "/nix/persist/home/${user}"; }; - }) (lib.attrNames (lib.filterAttrs (name: value: value.enable == true) config.modules.users)) - ) - ]); + }) (lib.attrNames (lib.filterAttrs (name: value: value.enable == true) config.modules.users))) + ] + ); }; }; - } - ) - { - disko.devices.disk = { - ${config.networking.hostName} = { - type = "disk"; - device = "${cfg.path}"; - content = { - type = "gpt"; - partitions = lib.mkMerge [ - ( - lib.mkIf (config.modules.boot.type == "legacy") { + }) + { + disko.devices.disk = { + ${config.networking.hostName} = { + type = "disk"; + device = "${cfg.path}"; + content = { + type = "gpt"; + partitions = lib.mkMerge [ + (lib.mkIf (config.modules.boot.type == "legacy") { grub-mbr = { size = "1M"; type = "EF02"; priority = 1; }; - } - ) - { - boot = { - type = lib.mkIf (config.modules.boot.type == "uefi") "EF00"; - size = "1G"; - content = { - type = "filesystem"; - format = "vfat"; - mountOptions = [ - "nofail" - "umask=0077" - "dmask=0077" - ]; - mountpoint = "/boot"; - }; - }; - } - { - root.content = part "root" (lib.mkMerge [ - ( - lib.mkIf (cfg.type == "ext4") { + }) + { + boot = { + type = lib.mkIf (config.modules.boot.type == "uefi") "EF00"; + size = "1G"; + content = { type = "filesystem"; - format = "ext4"; - mountpoint = "/"; - } - ) - ( - lib.mkIf (cfg.type == "btrfs") { - type = "btrfs"; - subvolumes = { - "/nixos/@" = { - mountpoint = "/"; - }; - "/nixos/@home" = { - mountOptions = [ "compress=zstd" ]; - mountpoint = "/home"; - }; - "/nixos/@nix" = { - mountOptions = [ - "compress=zstd" - "noatime" - ]; - mountpoint = "/nix"; + format = "vfat"; + mountOptions = [ + "nofail" + "umask=0077" + "dmask=0077" + ]; + mountpoint = "/boot"; + }; + }; + } + { + root.content = part "root" ( + lib.mkMerge [ + (lib.mkIf (cfg.type == "ext4") { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }) + (lib.mkIf (cfg.type == "btrfs") { + type = "btrfs"; + subvolumes = { + "/nixos/@" = { + mountpoint = "/"; + }; + "/nixos/@home" = { + mountOptions = [ "compress=zstd" ]; + mountpoint = "/home"; + }; + "/nixos/@nix" = { + mountOptions = [ + "compress=zstd" + "noatime" + ]; + mountpoint = "/nix"; + }; }; + }) + (lib.mkIf (cfg.type == "zfs") { + type = "zfs"; + pool = config.networking.hostName; + }) + ] + ); + } + ( + if cfg.swap.enable then + { + root.end = "-${cfg.swap.size}"; + swap = { + size = "100%"; + content = part "swap" { type = "swap"; }; }; } - ) - ( - lib.mkIf (cfg.type == "zfs") { - type = "zfs"; - pool = config.networking.hostName; - } - ) - ]); - } - ( - if cfg.swap.enable then - { - root.end = "-${cfg.swap.size}"; - swap = { - size = "100%"; - content = part "swap" { type = "swap"; }; - }; - } - else - { root.size = "100%"; } - ) - ]; + else + { root.size = "100%"; } + ) + ]; + }; }; }; - }; - } - ]); + } + ] + ); }
diff --git a/config/nixos/modules/font.nix b/config/nixos/modules/font.nix @@ -20,11 +20,11 @@ in config = lib.mkIf cfg.enable { fonts = { - fontconfig.enable = true; - fontDir.enable = true; + fontconfig.enable = true; + fontDir.enable = true; enableGhostscriptFonts = true; - enableDefaultPackages = true; - packages = with pkgs; [ + enableDefaultPackages = true; + packages = with pkgs; [ dejavu_fonts liberation_ttf ttf_bitstream_vera
diff --git a/config/nixos/modules/hardware/fprint.nix b/config/nixos/modules/hardware/fprint.nix @@ -25,12 +25,12 @@ in }; }; - config = lib.mkIf cfg.enable (lib.mkMerge [ - { - services.fprintd.enable = true; - } - ( - lib.mkIf cfg.enableGoodixDriver { + config = lib.mkIf cfg.enable ( + lib.mkMerge [ + { + services.fprintd.enable = true; + } + (lib.mkIf cfg.enableGoodixDriver { assertions = [ { assertion = cfg.enableGoodixDriver -> cfgRoot.modules.unfree.enable; @@ -47,8 +47,8 @@ in enable = lib.mkDefault true; driver = lib.mkDefault pkgs.libfprint-2-tod1-goodix; }; - } - ) - ]); + }) + ] + ); }
diff --git a/config/nixos/modules/presets/base.nix b/config/nixos/modules/presets/base.nix @@ -21,7 +21,7 @@ in }; config = lib.mkIf cfg.enable { - environment.defaultPackages = lib.mkForce []; + environment.defaultPackages = lib.mkForce [ ]; users.mutableUsers = lib.mkForce false;
diff --git a/config/nixos/modules/presets/katja/syncthing.nix b/config/nixos/modules/presets/katja/syncthing.nix @@ -18,155 +18,159 @@ in default = false; }; - config = lib.mkIf (cfg.enable && cfg.syncthing.enable) (let - syncthingDevices = { - #mobile devices - blechkasten.id = "HGPWBVY-RD4JKBQ-X3V53IB-KRVDXEQ-4YLN5F2-WPPSMYR-SOXGTY6-IDFOAAC"; - coladose.id = "BNCAOEB-CYTYIBA-ZKFJKRB-DX4C3MT-SDH7IWQ-5EI35PJ-YUIJSYH-COCGUAW"; - seifenkiste.id = "6YZT5PZ-EKXZBMV-C2MJL75-OCQ36LC-L3QIRPW-VJ5EU3C-2ICZDDO-IZ7IGAO"; - - iphone.id = "3SM3LJV-XMHYW2D-MU5WQ3T-KGYUJOI-LXOL6YI-BSVZ2B5-QJ6GVXN-MPWMKQ7"; - - #servers - hector.name = "hector.infra.katja.wtf"; - hector.id = "MVGBPSX-YSZNBDO-E7HZFGJ-WULYWQ5-XDHVMJO-BKA4R37-GPPRLLS-Z5DQMQJ"; - wanderduene.name = "wanderduene.infra.katja.wtf"; - wanderduene.id = "WEFYARN-GY3WZXB-TIXBI56-ZZ77AHS-GFH5SH2-Q35NTBI-VPT3OEM-EQNAMQH"; - briefkasten.name = "briefkasten.infra.katja.wtf"; - briefkasten.id = "QI2EPUE-4VMZ3XV-LXX3GXP-RHCWTRY-AACLSGL-YG7MIYV-THST74N-KJGIBQ6"; - }; - - enabledShares = { - briefkasten = [ - "ctucx-music-orig" - "ctucx-media" - ]; - }; - - defaultVersioning = { - type = "trashcan"; - params = { - cleanoutDays = "3"; - }; - }; - - - isCurrentHost = key: value: key != config.networking.hostName; - - deviceNames = ( - syncthingDevices - |> lib.filterAttrs isCurrentHost - |> builtins.attrNames - ); - - shareDeviceNames = share: ( - enabledShares - |> lib.filterAttrs isCurrentHost - |> lib.filterAttrs (key: value: builtins.elem share value) - |> builtins.attrNames - ); - - isShareEnabled = share: ( - if builtins.hasAttr config.networking.hostName enabledShares then - (if builtins.elem share enabledShares.${config.networking.hostName} then true else false) - else - false - ); - - devices = lib.filterAttrs isCurrentHost syncthingDevices; - - folders = let - dataDir = config.services.syncthing.dataDir; - - in { - "${dataDir}/Audiobooks" = { - enable = lib.mkDefault true; - id = "ctucx-audiobooks"; - label = "Audiobooks"; - devices = deviceNames; - versioning = lib.mkDefault defaultVersioning; - }; - - "${dataDir}/Documents" = { - enable = lib.mkDefault true; - id = "ctucx-documents"; - label = "Documents"; - devices = deviceNames; - versioning = lib.mkDefault defaultVersioning; - }; - - "${dataDir}/Music" = { - enable = lib.mkDefault true; - id = "ctucx-music"; - label = "Music"; - devices = deviceNames; - versioning = lib.mkDefault defaultVersioning; - }; - - "${dataDir}/Pictures" = { - enable = lib.mkDefault true; - id = "ctucx-pictures"; - label = "Pictures"; - devices = deviceNames; - versioning = lib.mkDefault defaultVersioning; - }; - - "${dataDir}/Videos" = { - enable = lib.mkDefault true; - id = "ctucx-videos"; - label = "Videos"; - devices = deviceNames; - versioning = lib.mkDefault defaultVersioning; + config = lib.mkIf (cfg.enable && cfg.syncthing.enable) ( + let + syncthingDevices = { + #mobile devices + blechkasten.id = "HGPWBVY-RD4JKBQ-X3V53IB-KRVDXEQ-4YLN5F2-WPPSMYR-SOXGTY6-IDFOAAC"; + coladose.id = "BNCAOEB-CYTYIBA-ZKFJKRB-DX4C3MT-SDH7IWQ-5EI35PJ-YUIJSYH-COCGUAW"; + seifenkiste.id = "6YZT5PZ-EKXZBMV-C2MJL75-OCQ36LC-L3QIRPW-VJ5EU3C-2ICZDDO-IZ7IGAO"; + + iphone.id = "3SM3LJV-XMHYW2D-MU5WQ3T-KGYUJOI-LXOL6YI-BSVZ2B5-QJ6GVXN-MPWMKQ7"; + + #servers + hector.name = "hector.infra.katja.wtf"; + hector.id = "MVGBPSX-YSZNBDO-E7HZFGJ-WULYWQ5-XDHVMJO-BKA4R37-GPPRLLS-Z5DQMQJ"; + wanderduene.name = "wanderduene.infra.katja.wtf"; + wanderduene.id = "WEFYARN-GY3WZXB-TIXBI56-ZZ77AHS-GFH5SH2-Q35NTBI-VPT3OEM-EQNAMQH"; + briefkasten.name = "briefkasten.infra.katja.wtf"; + briefkasten.id = "QI2EPUE-4VMZ3XV-LXX3GXP-RHCWTRY-AACLSGL-YG7MIYV-THST74N-KJGIBQ6"; }; - "${dataDir}/Bahn-Richtlinien" = { - enable = lib.mkDefault true; - id = "Bahn-Richtlinien"; - label = "Bahn-Richtlinien"; - devices = deviceNames; - versioning = lib.mkDefault defaultVersioning; + enabledShares = { + briefkasten = [ + "ctucx-music-orig" + "ctucx-media" + ]; }; - "${dataDir}/Music (Originals)" = rec { - enable = lib.mkDefault (isShareEnabled "${id}"); - id = "ctucx-music-orig"; - label = "Music (Originals)"; - devices = shareDeviceNames "${id}"; - versioning = lib.mkDefault defaultVersioning; + defaultVersioning = { + type = "trashcan"; + params = { + cleanoutDays = "3"; + }; }; - "${dataDir}/Media (legacy)" = rec { - enable = lib.mkDefault (isShareEnabled "${id}"); - id = "ctucx-media"; - label = "Media (legacy)"; - devices = shareDeviceNames "${id}"; - versioning = lib.mkDefault defaultVersioning; + isCurrentHost = key: value: key != config.networking.hostName; + + deviceNames = (syncthingDevices |> lib.filterAttrs isCurrentHost |> builtins.attrNames); + + shareDeviceNames = + share: + ( + enabledShares + |> lib.filterAttrs isCurrentHost + |> lib.filterAttrs (key: value: builtins.elem share value) + |> builtins.attrNames + ); + + isShareEnabled = + share: + ( + if builtins.hasAttr config.networking.hostName enabledShares then + (if builtins.elem share enabledShares.${config.networking.hostName} then true else false) + else + false + ); + + devices = lib.filterAttrs isCurrentHost syncthingDevices; + + folders = + let + dataDir = config.services.syncthing.dataDir; + + in + { + "${dataDir}/Audiobooks" = { + enable = lib.mkDefault true; + id = "ctucx-audiobooks"; + label = "Audiobooks"; + devices = deviceNames; + versioning = lib.mkDefault defaultVersioning; + }; + + "${dataDir}/Documents" = { + enable = lib.mkDefault true; + id = "ctucx-documents"; + label = "Documents"; + devices = deviceNames; + versioning = lib.mkDefault defaultVersioning; + }; + + "${dataDir}/Music" = { + enable = lib.mkDefault true; + id = "ctucx-music"; + label = "Music"; + devices = deviceNames; + versioning = lib.mkDefault defaultVersioning; + }; + + "${dataDir}/Pictures" = { + enable = lib.mkDefault true; + id = "ctucx-pictures"; + label = "Pictures"; + devices = deviceNames; + versioning = lib.mkDefault defaultVersioning; + }; + + "${dataDir}/Videos" = { + enable = lib.mkDefault true; + id = "ctucx-videos"; + label = "Videos"; + devices = deviceNames; + versioning = lib.mkDefault defaultVersioning; + }; + + "${dataDir}/Bahn-Richtlinien" = { + enable = lib.mkDefault true; + id = "Bahn-Richtlinien"; + label = "Bahn-Richtlinien"; + devices = deviceNames; + versioning = lib.mkDefault defaultVersioning; + }; + + "${dataDir}/Music (Originals)" = rec { + enable = lib.mkDefault (isShareEnabled "${id}"); + id = "ctucx-music-orig"; + label = "Music (Originals)"; + devices = shareDeviceNames "${id}"; + versioning = lib.mkDefault defaultVersioning; + }; + + "${dataDir}/Media (legacy)" = rec { + enable = lib.mkDefault (isShareEnabled "${id}"); + id = "ctucx-media"; + label = "Media (legacy)"; + devices = shareDeviceNames "${id}"; + versioning = lib.mkDefault defaultVersioning; + }; + }; + + in + { + sops.secrets = lib.genAttrs [ "syncthingCert" "syncthingKey" ] (name: { + owner = "katja"; + group = "users"; + }); + + services.syncthing = { + enable = true; + openDefaultPorts = true; + guiAddress = "[::1]:8384"; + + user = lib.mkDefault "katja"; + group = lib.mkDefault "users"; + + cert = lib.mkDefault config.sops.secrets.syncthingCert.path; + key = lib.mkDefault config.sops.secrets.syncthingKey.path; + + dataDir = lib.mkDefault "/home/katja"; + configDir = lib.mkDefault "/home/katja/.config/syncthing"; + + settings.devices = devices; + settings.folders = folders; }; - }; - - in { - sops.secrets = lib.genAttrs [ "syncthingCert" "syncthingKey" ] (name: { - owner = "katja"; - group = "users"; - }); - - services.syncthing = { - enable = true; - openDefaultPorts = true; - guiAddress = "[::1]:8384"; - - user = lib.mkDefault "katja"; - group = lib.mkDefault "users"; - - cert = lib.mkDefault config.sops.secrets.syncthingCert.path; - key = lib.mkDefault config.sops.secrets.syncthingKey.path; - - dataDir = lib.mkDefault "/home/katja"; - configDir = lib.mkDefault "/home/katja/.config/syncthing"; - - settings.devices = devices; - settings.folders = folders; - }; - }); + } + ); }
diff --git a/flake.lock b/flake.lock @@ -67,6 +67,46 @@ "type": "github" } }, + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1747274630, + "narHash": "sha256-87RJwXbfOHyzTB9LYagAQ6vOZhszCvd8Gvudu+gf3qo=", + "owner": "nix-community", + "repo": "disko", + "rev": "ec7c109a4f794fce09aad87239eab7f66540b888", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, + "diskoUnstable": { + "inputs": { + "nixpkgs": [ + "nixpkgsUnstable" + ] + }, + "locked": { + "lastModified": 1747274630, + "narHash": "sha256-87RJwXbfOHyzTB9LYagAQ6vOZhszCvd8Gvudu+gf3qo=", + "owner": "nix-community", + "repo": "disko", + "rev": "ec7c109a4f794fce09aad87239eab7f66540b888", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, "firefoxGnomeTheme": { "flake": false, "locked": { @@ -421,6 +461,8 @@ "inputs": { "ctucxWebsite": "ctucxWebsite", "deploy-rs": "deploy-rs", + "disko": "disko", + "diskoUnstable": "diskoUnstable", "firefoxGnomeTheme": "firefoxGnomeTheme", "flakeCompat": "flakeCompat", "flakeParts": "flakeParts",
diff --git a/flake.nix b/flake.nix @@ -83,13 +83,16 @@ } ( - if !hostConfig.nixpkgsStable then [ - inputs.homeManagerUnstable.nixosModules.default - inputs.diskoUnstable.nixosModules.default - ] else [ - inputs.homeManager.nixosModules.default - inputs.disko.nixosModules.default - ] + if !hostConfig.nixpkgsStable then + [ + inputs.homeManagerUnstable.nixosModules.default + inputs.diskoUnstable.nixosModules.default + ] + else + [ + inputs.homeManager.nixosModules.default + inputs.disko.nixosModules.default + ] ) inputs.lixModule.nixosModules.default