commit f3d50a0b802edd69879501292c5724d896e9b870
parent def3a04ae82ecfa03d1c01332f45704498ecb36f
Author: Hannah Izzie Gesser <hannah@totient.eu>
Date: Wed, 12 Nov 2025 09:20:40 +0100
parent def3a04ae82ecfa03d1c01332f45704498ecb36f
Author: Hannah Izzie Gesser <hannah@totient.eu>
Date: Wed, 12 Nov 2025 09:20:40 +0100
Appliy linting and formatting
172 files changed, 1376 insertions(+), 1235 deletions(-)
M
|
59
+++++++++++++++++++++++++++++++++--------------------------
M
|
356
++++++++++++++++++++++++++++++++++++++++---------------------------------------
M
|
135
+++++++++++++++++++++++++++++++++++++++----------------------------------------
M
|
172
+++++++++++++++++++++++++++++++++++++++++--------------------------------------
M
|
120
++++++++++++++++++++++++++++++++++++++++---------------------------------------
M
|
75
+++++++++++++++++++++++++++++++++++++++------------------------------------
M
|
139
+++++++++++++++++++++++++++++++++++++++----------------------------------------
M
|
124
++++++++++++++++++++++++++++++++++++++++---------------------------------------
M
|
85
++++++++++++++++++++++++++++++++++++++++---------------------------------------
M
|
81
+++++++++++++++++++++++++++++++++++++++++++++++++++----------------------------
M
|
94
++++++++++++++++++++++++++++++++++++++++----------------------------------------
diff --git a/.gitignore b/.gitignore @@ -2,7 +2,7 @@ *.qcow2 # Nix output -result +result* # nixos-anywhere extra-files tmp \ No newline at end of file
diff --git a/config/home/common/programs/gpg.nix b/config/home/common/programs/gpg.nix @@ -48,12 +48,10 @@ } { # kontakt@governikus.com - source = ( - pkgs.fetchurl { - url = "https://www.governikus.de/wp-content/uploads/2023/06/governikusPubKey.asc"; - sha256 = "sha256-eU7g+c2CAYGLxHCRb0qsnL3CvKgK3lWcKcgrS1WFwz0="; - } - ); + source = pkgs.fetchurl { + url = "https://www.governikus.de/wp-content/uploads/2023/06/governikusPubKey.asc"; + sha256 = "sha256-eU7g+c2CAYGLxHCRb0qsnL3CvKgK3lWcKcgrS1WFwz0="; + }; trust = 3; } {
diff --git a/config/home/common/programs/ssh.nix b/config/home/common/programs/ssh.nix @@ -1,3 +1,5 @@ +_: + { config = {
diff --git a/config/home/common/programs/starship.nix b/config/home/common/programs/starship.nix @@ -1,7 +1,4 @@ -{ - lib, - ... -}: +_: {
diff --git a/config/home/void/home.nix b/config/home/void/home.nix @@ -1,7 +1,6 @@ { - config, homeManagerModules, - inputs, + lib, pkgs, ...
diff --git a/config/home/void/impermanence.nix b/config/home/void/impermanence.nix @@ -1,4 +1,4 @@ -{ ... }: +_: {
diff --git a/config/home/void/programs/eza.nix b/config/home/void/programs/eza.nix @@ -1,3 +1,5 @@ +_: + { config = {
diff --git a/config/home/void/programs/fish.nix b/config/home/void/programs/fish.nix @@ -1,3 +1,5 @@ +_: + { config = {
diff --git a/config/home/void/programs/fuzzel.nix b/config/home/void/programs/fuzzel.nix @@ -1,4 +1,4 @@ -{ ... }: +_: {
diff --git a/config/home/void/programs/git.nix b/config/home/void/programs/git.nix @@ -1,4 +1,8 @@ -{ lib, pkgs, ... }: +{ + lib, + pkgs, + ... +}: let inherit (lib) mkIf mkMerge; in
diff --git a/config/home/void/programs/gpg.nix b/config/home/void/programs/gpg.nix @@ -1,3 +1,5 @@ +_: + { config = {
diff --git a/config/home/void/programs/kitty.nix b/config/home/void/programs/kitty.nix @@ -1,7 +1,4 @@ -{ - lib, - ... -}: +_: { config = {
diff --git a/config/home/void/programs/ssh.nix b/config/home/void/programs/ssh.nix @@ -1,3 +1,5 @@ +_: + { config = {
diff --git a/config/home/void/programs/sway.nix b/config/home/void/programs/sway.nix @@ -23,19 +23,19 @@ in config = { #gtk = { - #enable = true; - #cursorTheme = { - # name = "adwaita"; - # size = 20; - #}; - #iconTheme = { - # name = "Papirus-Dark"; - # package = pkgs.papirus-icon-theme; - #}; - #theme = { - # name = "adwaita"; - # package = pkgs.gnome-themes-extra; - #}; + #enable = true; + #cursorTheme = { + # name = "adwaita"; + # size = 20; + #}; + #iconTheme = { + # name = "Papirus-Dark"; + # package = pkgs.papirus-icon-theme; + #}; + #theme = { + # name = "adwaita"; + # package = pkgs.gnome-themes-extra; + #}; #}; #qt = { @@ -114,7 +114,8 @@ in "${modifier}+Shift+Delete" = "exec 'swaymsg exit'"; "${modifier}+Delete" = "exec 'swaylock -f --grace 0'"; - "--locked XF86MonBrightnessDown" = "exec '${pkgs.brightnessctl}/bin/brightnessctl set --min-value=19200 10%-'"; + "--locked XF86MonBrightnessDown" = + "exec '${pkgs.brightnessctl}/bin/brightnessctl set --min-value=19200 10%-'"; "--locked XF86MonBrightnessUp" = "exec '${pkgs.brightnessctl}/bin/brightnessctl set 10%+'"; "--locked XF86AudioRaiseVolume" = "exec '${pkgs.wireplumber}/bin/wpctl set-volume @DEFAULT_SINK@ 5%+'"; @@ -131,7 +132,7 @@ in }; terminal = "kitty"; window.titlebar = false; - workspaceOutputAssign = ( + workspaceOutputAssign = (map (n: { output = DOCK_L; @@ -157,8 +158,7 @@ in ws_3 ws_4 "5" - ] - ); + ]; }; wrapperFeatures.gtk = true; #xwayland = false;
diff --git a/config/home/void/programs/swaylock.nix b/config/home/void/programs/swaylock.nix @@ -1,8 +1,8 @@ { - inputs, pkgs, ... }: + { config = {
diff --git a/config/home/void/programs/swayr.nix b/config/home/void/programs/swayr.nix @@ -1,6 +1,5 @@ { config, - lib, ... }:
diff --git a/config/home/void/programs/waybar.nix b/config/home/void/programs/waybar.nix @@ -3,6 +3,7 @@ pkgs, ... }: + { config = {
diff --git a/config/home/void/services/kanshi.nix b/config/home/void/services/kanshi.nix @@ -1,3 +1,5 @@ +_: + { config = {
diff --git a/config/home/void/services/syncthing.nix b/config/home/void/services/syncthing.nix @@ -1,4 +1,4 @@ -{ config, ... }: +_: {
diff --git a/config/home/zaphyra/configure/fonts.nix b/config/home/zaphyra/configure/fonts.nix @@ -1,4 +1,8 @@ -{ lib, pkgs, ... }: +{ + lib, + pkgs, + ... +}: let adwaita-fonts-nerd = pkgs.stdenvNoCC.mkDerivation {
diff --git a/config/home/zaphyra/configure/gnome.nix b/config/home/zaphyra/configure/gnome.nix @@ -21,32 +21,34 @@ in services.gnome-keyring ]; - home.persistence."/nix/persist/home/${config.home.username}".directories = [ - "dconf/.config/dconf" - "gnome/.local/share/gnome-shell" - ]; + home = { + persistence."/nix/persist/home/${config.home.username}".directories = [ + "dconf/.config/dconf" + "gnome/.local/share/gnome-shell" + ]; + + sessionVariables = { + QT_QPA_PLATFORMTHEME = "gnome"; + }; - home.sessionVariables = { - QT_QPA_PLATFORMTHEME = "gnome"; + packages = + with pkgs; + [ + gnome-power-manager + refine + + xdg-utils + qgnomeplatform + wl-clipboard-x11 + # look and feel from libadwaita ported to GTK-3 + adw-gtk3 + ] + ++ (with pkgs.gnomeExtensions; [ + battery-time-percentage-compact + caffeine + ]); }; - home.packages = - with pkgs; - [ - gnome-power-manager - refine - - xdg-utils - qgnomeplatform - wl-clipboard-x11 - # look and feel from libadwaita ported to GTK-3 - adw-gtk3 - ] - ++ (with pkgs.gnomeExtensions; [ - battery-time-percentage-compact - caffeine - ]); - gtk = { enable = true;
diff --git a/config/home/zaphyra/configure/xdg.nix b/config/home/zaphyra/configure/xdg.nix @@ -1,4 +1,7 @@ -{ config, ... }: +{ + config, + ... +}: {
diff --git a/config/home/zaphyra/gnomeExtensions/bluetoothBatteryMeter.nix b/config/home/zaphyra/gnomeExtensions/bluetoothBatteryMeter.nix @@ -1,4 +1,7 @@ -{ pkgs, ... }: +{ + pkgs, + ... +}: {
diff --git a/config/home/zaphyra/gnomeExtensions/dash-to-dock.nix b/config/home/zaphyra/gnomeExtensions/dash-to-dock.nix @@ -1,4 +1,7 @@ -{ pkgs, ... }: +{ + pkgs, + ... +}: {
diff --git a/config/home/zaphyra/gnomeExtensions/emoji-copy.nix b/config/home/zaphyra/gnomeExtensions/emoji-copy.nix @@ -1,4 +1,7 @@ -{ pkgs, ... }: +{ + pkgs, + ... +}: {
diff --git a/config/home/zaphyra/gnomeExtensions/just-perfection.nix b/config/home/zaphyra/gnomeExtensions/just-perfection.nix @@ -1,4 +1,7 @@ -{ pkgs, ... }: +{ + pkgs, + ... +}: {
diff --git a/config/home/zaphyra/gnomeExtensions/pip-on-top.nix b/config/home/zaphyra/gnomeExtensions/pip-on-top.nix @@ -1,4 +1,7 @@ -{ pkgs, ... }: +{ + pkgs, + ... +}: {
diff --git a/config/home/zaphyra/gnomeExtensions/search-light.nix b/config/home/zaphyra/gnomeExtensions/search-light.nix @@ -1,4 +1,7 @@ -{ pkgs, ... }: +{ + pkgs, + ... +}: {
diff --git a/config/home/zaphyra/gnomeExtensions/space-bar.nix b/config/home/zaphyra/gnomeExtensions/space-bar.nix @@ -1,4 +1,7 @@ -{ pkgs, ... }: +{ + pkgs, + ... +}: {
diff --git a/config/home/zaphyra/impermanence.nix b/config/home/zaphyra/impermanence.nix @@ -1,4 +1,4 @@ -{ ... }: +_: {
diff --git a/config/home/zaphyra/programs/airpodsctl.nix b/config/home/zaphyra/programs/airpodsctl.nix @@ -1,4 +1,8 @@ -{ config, pkgs, ... }: +{ + config, + pkgs, + ... +}: {
diff --git a/config/home/zaphyra/programs/alacritty.nix b/config/home/zaphyra/programs/alacritty.nix @@ -1,4 +1,7 @@ -{ pkgs, ... }: +{ + pkgs, + ... +}: {
diff --git a/config/home/zaphyra/programs/apostrophe.nix b/config/home/zaphyra/programs/apostrophe.nix @@ -1,4 +1,7 @@ -{ pkgs, ... }: +{ + pkgs, + ... +}: {
diff --git a/config/home/zaphyra/programs/bat.nix b/config/home/zaphyra/programs/bat.nix @@ -1,4 +1,4 @@ -{ ... }: +_: {
diff --git a/config/home/zaphyra/programs/bitwarden-cli.nix b/config/home/zaphyra/programs/bitwarden-cli.nix @@ -1,4 +1,7 @@ -{ pkgs, ... }: +{ + pkgs, + ... +}: {
diff --git a/config/home/zaphyra/programs/celluloid.nix b/config/home/zaphyra/programs/celluloid.nix @@ -1,4 +1,7 @@ -{ pkgs, ... }: +{ + pkgs, + ... +}: {
diff --git a/config/home/zaphyra/programs/chawan.nix b/config/home/zaphyra/programs/chawan.nix @@ -1,4 +1,4 @@ -{ ... }: +_: {
diff --git a/config/home/zaphyra/programs/cozy.nix b/config/home/zaphyra/programs/cozy.nix @@ -1,4 +1,7 @@ -{ pkgs, ... }: +{ + pkgs, + ... +}: {
diff --git a/config/home/zaphyra/programs/deploymentUtilities.nix b/config/home/zaphyra/programs/deploymentUtilities.nix @@ -1,4 +1,7 @@ -{ pkgs, ... }: +{ + pkgs, + ... +}: {
diff --git a/config/home/zaphyra/programs/eza.nix b/config/home/zaphyra/programs/eza.nix @@ -1,6 +1,4 @@ -{ - ... -}: +_: {
diff --git a/config/home/zaphyra/programs/firefox.nix b/config/home/zaphyra/programs/firefox.nix @@ -8,18 +8,20 @@ { - home.persistence."/nix/persist/home/${config.home.username}".directories = [ - "firefox/.mozilla/firefox/" - "firefox/.cache/mozilla/firefox" - ]; - - home.sessionVariables = { - BROWSER = "firefox"; - }; + home = { + persistence."/nix/persist/home/${config.home.username}".directories = [ + "firefox/.mozilla/firefox/" + "firefox/.cache/mozilla/firefox" + ]; + + sessionVariables = { + BROWSER = "firefox"; + }; - home.file."firefox-gnome-theme" = { - source = inputs.firefoxGnomeTheme; - target = ".mozilla/firefox/${config.home.username}/chrome/firefox-gnome-theme"; + file."firefox-gnome-theme" = { + source = inputs.firefoxGnomeTheme; + target = ".mozilla/firefox/${config.home.username}/chrome/firefox-gnome-theme"; + }; }; programs.firefox = { @@ -99,18 +101,23 @@ DNSOverHTTPS.Locked = true; # enable tracking protection - EnableTrackingProtection.Cryptomining = true; - EnableTrackingProtection.Fingerprinting = true; - EnableTrackingProtection.Value = true; - EnableTrackingProtection.Locked = true; - - UserMessaging.ExtensionRecommendations = false; - UserMessaging.FeatureRecommendations = false; - UserMessaging.UrlbarInterventions = false; - UserMessaging.SkipOnboarding = true; - UserMessaging.MoreFromMozilla = false; - UserMessaging.FirefoxLabs = false; - UserMessaging.Locked = true; + EnableTrackingProtection = { + + Cryptomining = true; + Fingerprinting = true; + Value = true; + Locked = true; + }; + + UserMessaging = { + ExtensionRecommendations = false; + FeatureRecommendations = false; + UrlbarInterventions = false; + SkipOnboarding = true; + MoreFromMozilla = false; + FirefoxLabs = false; + Locked = true; + }; Handlers.schemes = let @@ -174,7 +181,7 @@ }; } // (lib.mapAttrs - (name: value: { + (_name: value: { Status = "locked"; Value = value; }) @@ -279,10 +286,10 @@ ] [ (lib.map (config: { - name = (lib.elemAt config 1); + name = lib.elemAt config 1; value = { installation_mode = "normal_installed"; - default_area = (lib.elemAt config 0); + default_area = lib.elemAt config 0; install_url = "https://addons.mozilla.org/firefox/downloads/latest/${lib.elemAt config 1}/latest.xpi"; }; }))
diff --git a/config/home/zaphyra/programs/fractal.nix b/config/home/zaphyra/programs/fractal.nix @@ -1,4 +1,8 @@ -{ config, pkgs, ... }: +{ + config, + pkgs, + ... +}: {
diff --git a/config/home/zaphyra/programs/fuzzel.nix b/config/home/zaphyra/programs/fuzzel.nix @@ -1,4 +1,4 @@ -{ ... }: +_: {
diff --git a/config/home/zaphyra/programs/ghostty.nix b/config/home/zaphyra/programs/ghostty.nix @@ -1,4 +1,4 @@ -{ ... }: +_: {
diff --git a/config/home/zaphyra/programs/git.nix b/config/home/zaphyra/programs/git.nix @@ -1,4 +1,7 @@ -{ pkgs, ... }: +{ + pkgs, + ... +}: {
diff --git a/config/home/zaphyra/programs/gnome-calendar.nix b/config/home/zaphyra/programs/gnome-calendar.nix @@ -1,4 +1,8 @@ -{ config, pkgs, ... }: +{ + config, + pkgs, + ... +}: let gnome-online-accounts = pkgs.gnome-online-accounts.overrideAttrs (prevAttrs: {
diff --git a/config/home/zaphyra/programs/gnome-obfuscate.nix b/config/home/zaphyra/programs/gnome-obfuscate.nix @@ -1,4 +1,7 @@ -{ pkgs, ... }: +{ + pkgs, + ... +}: {
diff --git a/config/home/zaphyra/programs/gnome-text-editor.nix b/config/home/zaphyra/programs/gnome-text-editor.nix @@ -1,4 +1,7 @@ -{ pkgs, ... }: +{ + pkgs, + ... +}: {
diff --git a/config/home/zaphyra/programs/gpg.nix b/config/home/zaphyra/programs/gpg.nix @@ -1,5 +1,4 @@ { - lib, pkgs, ... }:
diff --git a/config/home/zaphyra/programs/gtklock.nix b/config/home/zaphyra/programs/gtklock.nix @@ -1,4 +1,7 @@ -{ pkgs, ... }: +{ + pkgs, + ... +}: {
diff --git a/config/home/zaphyra/programs/helix.nix b/config/home/zaphyra/programs/helix.nix @@ -1,4 +1,8 @@ -{ lib, pkgs, ... }: +{ + lib, + pkgs, + ... +}: {
diff --git a/config/home/zaphyra/programs/htop.nix b/config/home/zaphyra/programs/htop.nix @@ -1,4 +1,7 @@ -{ pkgs, ... }: +{ + pkgs, + ... +}: {
diff --git a/config/home/zaphyra/programs/imv.nix b/config/home/zaphyra/programs/imv.nix @@ -1,4 +1,7 @@ -{ pkgs, ... }: +{ + pkgs, + ... +}: {
diff --git a/config/home/zaphyra/programs/languages/golang.nix b/config/home/zaphyra/programs/languages/golang.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: {
diff --git a/config/home/zaphyra/programs/languages/javascript.nix b/config/home/zaphyra/programs/languages/javascript.nix @@ -1,4 +1,8 @@ -{ lib, pkgs, ... }: +{ + lib, + pkgs, + ... +}: {
diff --git a/config/home/zaphyra/programs/languages/nimlang.nix b/config/home/zaphyra/programs/languages/nimlang.nix @@ -1,4 +1,8 @@ -{ lib, pkgs, ... }: +{ + lib, + pkgs, + ... +}: {
diff --git a/config/home/zaphyra/programs/languages/nix.nix b/config/home/zaphyra/programs/languages/nix.nix @@ -1,4 +1,8 @@ -{ lib, pkgs, ... }: +{ + lib, + pkgs, + ... +}: {
diff --git a/config/home/zaphyra/programs/libreoffice.nix b/config/home/zaphyra/programs/libreoffice.nix @@ -1,4 +1,7 @@ -{ pkgs, ... }: +{ + pkgs, + ... +}: {
diff --git a/config/home/zaphyra/programs/loupe.nix b/config/home/zaphyra/programs/loupe.nix @@ -1,4 +1,8 @@ -{ lib, pkgs, ... }: +{ + lib, + pkgs, + ... +}: { @@ -17,7 +21,7 @@ "image/svg+xml-compressed" "image/avif" "image/heic" - ] (name: [ "org.gnome.Loupe.desktop" ]); + ] (_name: [ "org.gnome.Loupe.desktop" ]); associations.added = lib.genAttrs [ "image/jpeg" "image/png" @@ -29,7 +33,7 @@ "image/svg+xml-compressed" "image/avif" "image/heic" - ] (name: [ "org.gnome.Loupe.desktop" ]); + ] (_name: [ "org.gnome.Loupe.desktop" ]); }; }
diff --git a/config/home/zaphyra/programs/mcfly.nix b/config/home/zaphyra/programs/mcfly.nix @@ -1,4 +1,7 @@ -{ config, ... }: +{ + config, + ... +}: {
diff --git a/config/home/zaphyra/programs/micro.nix b/config/home/zaphyra/programs/micro.nix @@ -17,7 +17,7 @@ type = lib.types.str; }; options = lib.mkOption { - type = (pkgs.formats.json { }).type; + inherit ((pkgs.formats.json { })) type; default = { }; }; }; @@ -25,192 +25,196 @@ ); }; - config.programs.sherlock.settings.ignore = "Micro"; - config.programs.micro = { - enable = true; - package = - if systemConfig.modules.presets.graphical.enable then pkgs.micro-with-wl-clipboard else pkgs.micro; - settings = { - "*.nix".tabstospaces = true; - "*.nix".tabmovement = true; - "*.nix".tabsize = 2; + config = { + programs = { + sherlock.settings.ignore = "Micro"; + micro = { + enable = true; + package = + if systemConfig.modules.presets.graphical.enable then pkgs.micro-with-wl-clipboard else pkgs.micro; + settings = { + "*.nix".tabstospaces = true; + "*.nix".tabmovement = true; + "*.nix".tabsize = 2; - "*.nim".tabstospaces = true; - "*.nim".tabmovement = true; - "*.nim".tabsize = 2; + "*.nim".tabstospaces = true; + "*.nim".tabmovement = true; + "*.nim".tabsize = 2; - clipboard = "terminal"; + clipboard = "terminal"; - scrollbar = true; - eofnewline = false; - wordwrap = true; - softwrap = true; + scrollbar = true; + eofnewline = false; + wordwrap = true; + softwrap = true; - ignorecase = true; - savehistory = false; + ignorecase = true; + savehistory = false; - "lsp.formatOnSave" = true; - "lsp.tabcompletion" = true; - "lsp.autocompleteDetails" = false; - "lsp.server" = - if systemConfig.modules.presets.graphical.enable != true then - "" - else - (lib.concatMapAttrsStringSep "," ( - name: value: - lib.concatStringsSep "=" ( - [ - name - value.command - ] - ++ (lib.optionals (lib.hasAttr "options" value) [ - (builtins.toJSON (value.options)) - ]) - ) - ) config.programs.micro.lsp-servers); + "lsp.formatOnSave" = true; + "lsp.tabcompletion" = true; + "lsp.autocompleteDetails" = false; + "lsp.server" = + if !systemConfig.modules.presets.graphical.enable then + "" + else + (lib.concatMapAttrsStringSep "," ( + name: value: + lib.concatStringsSep "=" ( + [ + name + value.command + ] + ++ (lib.optionals (lib.hasAttr "options" value) [ + (builtins.toJSON value.options) + ]) + ) + ) config.programs.micro.lsp-servers); + }; + }; }; - }; - config.home = { - sessionVariables.EDITOR = "micro"; - shellAliases.nano = "micro"; - file = { - # keybindings - "${config.xdg.configHome}/micro/bindings.json".source = pkgs.writeText "micro-keybindings.json" ( - builtins.toJSON { - "Alt-," = "PreviousTab"; - "Alt-." = "NextTab"; - "Alt-Backspace" = "DeleteWordLeft"; - "Alt-CtrlH" = "DeleteWordLeft"; - "Alt-F" = "FindLiteral"; - "Alt-[" = "DiffPrevious|CursorStart"; - "Alt-]" = "DiffNext|CursorEnd"; - "Alt-a" = "StartOfLine"; - "Alt-b" = "WordLeft"; - "Alt-c" = "RemoveAllMultiCursors"; - "Alt-e" = "EndOfLine"; - "Alt-f" = "WordRight"; - "Alt-g" = "ToggleKeyMenu"; - "Alt-m" = "SpawnMultiCursorSelect"; - "Alt-n" = "SpawnMultiCursor"; - "Alt-p" = "RemoveMultiCursor"; - "Alt-x" = "SkipMultiCursor"; - "Alt-{" = "ParagraphPrevious"; - "Alt-}" = "ParagraphNext"; - "AltDown" = "MoveLinesDown"; - "AltLeft" = "StartOfTextToggle"; - "AltRight" = "EndOfLine"; - "AltShiftDown" = "SpawnMultiCursorDown"; - "AltShiftLeft" = "SelectToStartOfTextToggle"; - "AltShiftRight" = "SelectToEndOfLine"; - "AltShiftUp" = "SpawnMultiCursorUp"; - "AltUp" = "MoveLinesUp"; - "Backspace" = "Backspace"; - "Backtab" = "OutdentSelection|OutdentLine"; - "Ctrl-MouseLeft" = "MouseMultiCursor"; - "Ctrl-a" = "SelectAll"; - "Ctrl-b" = "ShellMode"; - "Ctrl-c" = "Copy|CopyLine"; - "Ctrl-d" = "DuplicateLine"; - "Ctrl-e" = "CommandMode"; - "Ctrl-f" = "Find"; - "Ctrl-g" = "ToggleHelp"; - "Ctrl-h" = "Backspace"; - "Ctrl-j" = "PlayMacro"; - "Ctrl-k" = "CutLine"; - "Ctrl-l" = "command-edit:goto "; - "Ctrl-n" = "FindNext"; - "Ctrl-o" = "OpenFile"; - "Ctrl-p" = "FindPrevious"; - "Ctrl-q" = "Quit"; - "Ctrl-r" = "ToggleRuler"; - "Ctrl-s" = "Save"; - "Ctrl-t" = "AddTab"; - "Ctrl-u" = "ToggleMacro"; - "Ctrl-v" = "Paste"; - "Ctrl-w" = "NextSplit"; - "Ctrl-x" = "Cut|CutLine"; - "Ctrl-y" = "Redo"; - "Ctrl-z" = "Undo"; - "CtrlDown" = "CursorEnd"; - "CtrlEnd" = "CursorEnd"; - "CtrlHome" = "CursorStart"; - "CtrlPageDown" = "NextTab"; - "CtrlPageUp" = "PreviousTab"; - "AltPageDown" = "NextTab"; - "AltPageUp" = "PreviousTab"; - "CtrlShiftDown" = "SelectToEnd"; - "CtrlShiftLeft" = "SelectWordLeft"; - "CtrlShiftRight" = "SelectWordRight"; - "CtrlShiftUp" = "SelectToStart"; - "CtrlUp" = "CursorStart"; - "Delete" = "Delete"; - "Down" = "CursorDown"; - "End" = "EndOfLine"; - "Enter" = "InsertNewline"; - "Esc" = "Escape"; - "F10" = "Quit"; - "F2" = "Save"; - "F3" = "Find"; - "F4" = "Quit"; - "F7" = "Find"; - "Home" = "StartOfText"; - "Insert" = "ToggleOverwriteMode"; - "Left" = "CursorLeft"; - "MouseLeft" = "MousePress"; - "MouseLeftDrag" = "MouseDrag"; - "MouseLeftRelease" = "MouseRelease"; - "MouseMiddle" = "PastePrimary"; - "MouseWheelDown" = "ScrollDown"; - "MouseWheelUp" = "ScrollUp"; - "PageDown" = "CursorPageDown"; - "PageUp" = "CursorPageUp"; - "Right" = "CursorRight"; - "ShiftDown" = "SelectDown"; - "ShiftEnd" = "SelectToEndOfLine"; - "ShiftHome" = "SelectToStartOfTextToggle"; - "ShiftLeft" = "SelectLeft"; - "ShiftPageDown" = "SelectPageDown"; - "ShiftPageUp" = "SelectPageUp"; - "ShiftRight" = "SelectRight"; - "ShiftUp" = "SelectUp"; - "Tab" = "Autocomplete|IndentSelection|InsertTab"; - "Up" = "CursorUp"; + home = { + sessionVariables.EDITOR = "micro"; + shellAliases.nano = "micro"; + file = { + # keybindings + "${config.xdg.configHome}/micro/bindings.json".source = pkgs.writeText "micro-keybindings.json" ( + builtins.toJSON { + "Alt-," = "PreviousTab"; + "Alt-." = "NextTab"; + "Alt-Backspace" = "DeleteWordLeft"; + "Alt-CtrlH" = "DeleteWordLeft"; + "Alt-F" = "FindLiteral"; + "Alt-[" = "DiffPrevious|CursorStart"; + "Alt-]" = "DiffNext|CursorEnd"; + "Alt-a" = "StartOfLine"; + "Alt-b" = "WordLeft"; + "Alt-c" = "RemoveAllMultiCursors"; + "Alt-e" = "EndOfLine"; + "Alt-f" = "WordRight"; + "Alt-g" = "ToggleKeyMenu"; + "Alt-m" = "SpawnMultiCursorSelect"; + "Alt-n" = "SpawnMultiCursor"; + "Alt-p" = "RemoveMultiCursor"; + "Alt-x" = "SkipMultiCursor"; + "Alt-{" = "ParagraphPrevious"; + "Alt-}" = "ParagraphNext"; + "AltDown" = "MoveLinesDown"; + "AltLeft" = "StartOfTextToggle"; + "AltRight" = "EndOfLine"; + "AltShiftDown" = "SpawnMultiCursorDown"; + "AltShiftLeft" = "SelectToStartOfTextToggle"; + "AltShiftRight" = "SelectToEndOfLine"; + "AltShiftUp" = "SpawnMultiCursorUp"; + "AltUp" = "MoveLinesUp"; + "Backspace" = "Backspace"; + "Backtab" = "OutdentSelection|OutdentLine"; + "Ctrl-MouseLeft" = "MouseMultiCursor"; + "Ctrl-a" = "SelectAll"; + "Ctrl-b" = "ShellMode"; + "Ctrl-c" = "Copy|CopyLine"; + "Ctrl-d" = "DuplicateLine"; + "Ctrl-e" = "CommandMode"; + "Ctrl-f" = "Find"; + "Ctrl-g" = "ToggleHelp"; + "Ctrl-h" = "Backspace"; + "Ctrl-j" = "PlayMacro"; + "Ctrl-k" = "CutLine"; + "Ctrl-l" = "command-edit:goto "; + "Ctrl-n" = "FindNext"; + "Ctrl-o" = "OpenFile"; + "Ctrl-p" = "FindPrevious"; + "Ctrl-q" = "Quit"; + "Ctrl-r" = "ToggleRuler"; + "Ctrl-s" = "Save"; + "Ctrl-t" = "AddTab"; + "Ctrl-u" = "ToggleMacro"; + "Ctrl-v" = "Paste"; + "Ctrl-w" = "NextSplit"; + "Ctrl-x" = "Cut|CutLine"; + "Ctrl-y" = "Redo"; + "Ctrl-z" = "Undo"; + "CtrlDown" = "CursorEnd"; + "CtrlEnd" = "CursorEnd"; + "CtrlHome" = "CursorStart"; + "CtrlPageDown" = "NextTab"; + "CtrlPageUp" = "PreviousTab"; + "AltPageDown" = "NextTab"; + "AltPageUp" = "PreviousTab"; + "CtrlShiftDown" = "SelectToEnd"; + "CtrlShiftLeft" = "SelectWordLeft"; + "CtrlShiftRight" = "SelectWordRight"; + "CtrlShiftUp" = "SelectToStart"; + "CtrlUp" = "CursorStart"; + "Delete" = "Delete"; + "Down" = "CursorDown"; + "End" = "EndOfLine"; + "Enter" = "InsertNewline"; + "Esc" = "Escape"; + "F10" = "Quit"; + "F2" = "Save"; + "F3" = "Find"; + "F4" = "Quit"; + "F7" = "Find"; + "Home" = "StartOfText"; + "Insert" = "ToggleOverwriteMode"; + "Left" = "CursorLeft"; + "MouseLeft" = "MousePress"; + "MouseLeftDrag" = "MouseDrag"; + "MouseLeftRelease" = "MouseRelease"; + "MouseMiddle" = "PastePrimary"; + "MouseWheelDown" = "ScrollDown"; + "MouseWheelUp" = "ScrollUp"; + "PageDown" = "CursorPageDown"; + "PageUp" = "CursorPageUp"; + "Right" = "CursorRight"; + "ShiftDown" = "SelectDown"; + "ShiftEnd" = "SelectToEndOfLine"; + "ShiftHome" = "SelectToStartOfTextToggle"; + "ShiftLeft" = "SelectLeft"; + "ShiftPageDown" = "SelectPageDown"; + "ShiftPageUp" = "SelectPageUp"; + "ShiftRight" = "SelectRight"; + "ShiftUp" = "SelectUp"; + "Tab" = "Autocomplete|IndentSelection|InsertTab"; + "Up" = "CursorUp"; - # plugins - "Alt-/" = "lua:comment.comment"; - "Alt-d" = "command:definition"; - # "Alt-f" = "command:format"; - "Alt-k" = "command:hover"; - "Alt-r" = "command:references"; - "CtrlSpace" = "command:lspcompletion"; - "CtrlUnderscore" = "lua:comment.comment"; - "F1" = "command:cheat"; - # "F4" = "command:jumptag"; - "F5" = "lua:wc.wordCount"; - } - ); + # plugins + "Alt-/" = "lua:comment.comment"; + "Alt-d" = "command:definition"; + # "Alt-f" = "command:format"; + "Alt-k" = "command:hover"; + "Alt-r" = "command:references"; + "CtrlSpace" = "command:lspcompletion"; + "CtrlUnderscore" = "lua:comment.comment"; + "F1" = "command:cheat"; + # "F4" = "command:jumptag"; + "F5" = "lua:wc.wordCount"; + } + ); - # plugins - "${config.xdg.configHome}/micro/plug/lsp".source = pkgs.fetchFromGitHub { - owner = "AndCake"; - repo = "micro-plugin-lsp"; - rev = "v0.6.3"; - sha256 = "sha256-rZ9Vw9WPGNaJBGHKU40F6cBIYQ1JFtSKPDrheazKkPY="; - }; + # plugins + "${config.xdg.configHome}/micro/plug/lsp".source = pkgs.fetchFromGitHub { + owner = "AndCake"; + repo = "micro-plugin-lsp"; + rev = "v0.6.3"; + sha256 = "sha256-rZ9Vw9WPGNaJBGHKU40F6cBIYQ1JFtSKPDrheazKkPY="; + }; - "${config.xdg.configHome}/micro/plug/detectindent".source = pkgs.fetchFromGitHub { - owner = "dmaluka"; - repo = "micro-detectindent"; - rev = "v1.1.0"; - sha256 = "sha256-5bKEkOnhz0pyBR2UNw5vvYiTtpd96fBPTYW9jnETvq4="; - }; + "${config.xdg.configHome}/micro/plug/detectindent".source = pkgs.fetchFromGitHub { + owner = "dmaluka"; + repo = "micro-detectindent"; + rev = "v1.1.0"; + sha256 = "sha256-5bKEkOnhz0pyBR2UNw5vvYiTtpd96fBPTYW9jnETvq4="; + }; - "${config.xdg.configHome}/micro/plug/wc".source = pkgs.fetchFromGitHub { - owner = "adamnpeace"; - repo = "micro-wc-plugin"; - rev = "b2c9957e521770eadc1ecae9d54c0a30f40a0a3d"; - sha256 = "sha256-Z6MC2cet8+7XHv41G+SlAZViCqlh/9dk0CSt7HklnTg="; + "${config.xdg.configHome}/micro/plug/wc".source = pkgs.fetchFromGitHub { + owner = "adamnpeace"; + repo = "micro-wc-plugin"; + rev = "b2c9957e521770eadc1ecae9d54c0a30f40a0a3d"; + sha256 = "sha256-Z6MC2cet8+7XHv41G+SlAZViCqlh/9dk0CSt7HklnTg="; + }; }; }; };
diff --git a/config/home/zaphyra/programs/nautilus.nix b/config/home/zaphyra/programs/nautilus.nix @@ -43,7 +43,7 @@ "application/x-bzip2-compressed-tar" "application/vnd.rar;application/zstd" "application/x-zstd-compressed-tar" - ] (name: [ "org.gnome.Nautilus.desktop" ]); + ] (_name: [ "org.gnome.Nautilus.desktop" ]); gtk.gtk4.extraCss = '' /* remove 'starred' in nautilus side-panel */
diff --git a/config/home/zaphyra/programs/networkManagerDmenu.nix b/config/home/zaphyra/programs/networkManagerDmenu.nix @@ -1,4 +1,8 @@ -{ pkgs, lib, ... }: +{ + pkgs, + lib, + ... +}: {
diff --git a/config/home/zaphyra/programs/niri.nix b/config/home/zaphyra/programs/niri.nix @@ -1,5 +1,4 @@ { - inputs, config, lib, pkgs, @@ -51,7 +50,7 @@ position = "top"; }; } - // (lib.genAttrs [ "preset-column-widths" "preset-window-heights" ] (name: [ + // (lib.genAttrs [ "preset-column-widths" "preset-window-heights" ] (_name: [ { proportion = 1.0; } { proportion = 0.75; } { proportion = 0.5; } @@ -85,7 +84,7 @@ } { geometry-corner-radius = lib.genAttrs [ "bottom-left" "bottom-right" "top-left" "top-right" ] ( - name: 6.0 + _name: 6.0 ); clip-to-geometry = true; }
diff --git a/config/home/zaphyra/programs/nmgui.nix b/config/home/zaphyra/programs/nmgui.nix @@ -1,4 +1,7 @@ -{ pkgs, ... }: +{ + pkgs, + ... +}: {
diff --git a/config/home/zaphyra/programs/ocrmypdf.nix b/config/home/zaphyra/programs/ocrmypdf.nix @@ -1,4 +1,7 @@ -{ pkgs, ... }: +{ + pkgs, + ... +}: {
diff --git a/config/home/zaphyra/programs/overskride.nix b/config/home/zaphyra/programs/overskride.nix @@ -1,4 +1,7 @@ -{ pkgs, ... }: +{ + pkgs, + ... +}: {
diff --git a/config/home/zaphyra/programs/papers.nix b/config/home/zaphyra/programs/papers.nix @@ -1,4 +1,7 @@ -{ pkgs, ... }: +{ + pkgs, + ... +}: {
diff --git a/config/home/zaphyra/programs/password-store.nix b/config/home/zaphyra/programs/password-store.nix @@ -1,4 +1,7 @@ -{ pkgs, lib, ... }: +{ + pkgs, + ... +}: {
diff --git a/config/home/zaphyra/programs/pdfarranger.nix b/config/home/zaphyra/programs/pdfarranger.nix @@ -1,4 +1,7 @@ -{ pkgs, ... }: +{ + pkgs, + ... +}: {
diff --git a/config/home/zaphyra/programs/pipewire.nix b/config/home/zaphyra/programs/pipewire.nix @@ -1,6 +1,5 @@ { config, - lib, pkgs, ... }:
diff --git a/config/home/zaphyra/programs/plattenalbum.nix b/config/home/zaphyra/programs/plattenalbum.nix @@ -1,4 +1,7 @@ -{ pkgs, ... }: +{ + pkgs, + ... +}: {
diff --git a/config/home/zaphyra/programs/profanity.nix b/config/home/zaphyra/programs/profanity.nix @@ -1,4 +1,8 @@ -{ config, pkgs, ... }: +{ + config, + pkgs, + ... +}: {
diff --git a/config/home/zaphyra/programs/shellUtilities.nix b/config/home/zaphyra/programs/shellUtilities.nix @@ -1,4 +1,8 @@ -{ config, pkgs, ... }: +{ + config, + pkgs, + ... +}: {
diff --git a/config/home/zaphyra/programs/ssh.nix b/config/home/zaphyra/programs/ssh.nix @@ -1,4 +1,7 @@ -{ config, ... }: +{ + config, + ... +}: {
diff --git a/config/home/zaphyra/programs/tmux.nix b/config/home/zaphyra/programs/tmux.nix @@ -1,4 +1,4 @@ -{ ... }: +_: {
diff --git a/config/home/zaphyra/programs/typst.nix b/config/home/zaphyra/programs/typst.nix @@ -1,4 +1,8 @@ -{ lib, pkgs, ... }: +{ + lib, + pkgs, + ... +}: {
diff --git a/config/home/zaphyra/programs/yazi.nix b/config/home/zaphyra/programs/yazi.nix @@ -1,4 +1,4 @@ -{ ... }: +_: {
diff --git a/config/home/zaphyra/programs/zathura.nix b/config/home/zaphyra/programs/zathura.nix @@ -1,4 +1,7 @@ -{ pkgs, ... }: +{ + pkgs, + ... +}: {
diff --git a/config/home/zaphyra/programs/zoxide.nix b/config/home/zaphyra/programs/zoxide.nix @@ -1,4 +1,7 @@ -{ config, ... }: +{ + config, + ... +}: {
diff --git a/config/home/zaphyra/services/batsignal.nix b/config/home/zaphyra/services/batsignal.nix @@ -1,4 +1,4 @@ -{ ... }: +_: {
diff --git a/config/home/zaphyra/services/gnome-keyring.nix b/config/home/zaphyra/services/gnome-keyring.nix @@ -1,4 +1,7 @@ -{ config, ... }: +{ + config, + ... +}: {
diff --git a/config/home/zaphyra/services/mako.nix b/config/home/zaphyra/services/mako.nix @@ -1,4 +1,8 @@ -{ pkgs, lib, ... }: +{ + pkgs, + lib, + ... +}: {
diff --git a/config/home/zaphyra/services/shaderbg.nix b/config/home/zaphyra/services/shaderbg.nix @@ -1,15 +1,20 @@ -{ inputs, ... }: +{ + inputs, + ... +}: { tgc.services.shaderbg = { enable = true; - systemd.enable = true; - systemd.extraArgs = [ - "--fps" - "10" - ]; - systemd.shaderFile = inputs.self.resources.shaders.background1; + systemd = { + enable = true; + extraArgs = [ + "--fps" + "10" + ]; + shaderFile = inputs.self.resources.shaders.background1; + }; }; }
diff --git a/config/home/zaphyra/services/syncthing.nix b/config/home/zaphyra/services/syncthing.nix @@ -1,4 +1,4 @@ -{ config, ... }: +_: { @@ -8,7 +8,7 @@ cert = ""; key = ""; - settings = {}; + settings = { }; }; }
diff --git a/config/home/zaphyra/services/wlsunset.nix b/config/home/zaphyra/services/wlsunset.nix @@ -1,4 +1,4 @@ -{ ... }: +_: {
diff --git a/config/nixos/dns.nix b/config/nixos/dns.nix @@ -51,7 +51,7 @@ in # serve records defined in all host configs dns.allZones = lib.mkMerge ( lib.mapAttrsToList ( - hostName: hostConfig: hostConfig.config.dns.zones + _hostName: hostConfig: hostConfig.config.dns.zones ) inputs.self.nixosConfigurations ); };
diff --git a/config/nixos/modules/filesystem/impermanence.nix b/config/nixos/modules/filesystem/impermanence.nix @@ -1,16 +1,13 @@ { - pov, povSelf, hostConfig, config, lib, - pkgs, ... }: let inherit (lib) types; - cfgFilesystem = lib.getAttrFromPath pov config; cfg = lib.getAttrFromPath povSelf config; perms = { user = lib.mkOption { @@ -49,7 +46,8 @@ in (submodule { options = { directory = lib.mkOption { type = types.str; }; - } // perms; + } + // perms; }) ]); }; @@ -66,7 +64,8 @@ in type = with types; nullOr (submodule perms); default = null; }; - } // perms; + } + // perms; }) ]); }; @@ -78,7 +77,10 @@ in (lib.mkIf cfg.home.enable { assertions = [ { - assertion = builtins.elem config.modules.filesystem.rootDisk.type [ "btrfs" "zfs" ]; + assertion = builtins.elem config.modules.filesystem.rootDisk.type [ + "btrfs" + "zfs" + ]; message = '' Impermanence is currently only available for BTRFS and ZFS. ''; @@ -91,7 +93,10 @@ in (lib.mkIf cfg.system.enable { assertions = [ { - assertion = builtins.elem config.modules.filesystem.rootDisk.type [ "btrfs" "zfs" ]; + assertion = builtins.elem config.modules.filesystem.rootDisk.type [ + "btrfs" + "zfs" + ]; message = '' Impermanence is currently only available for BTRFS and ZFS. ''; @@ -167,10 +172,12 @@ in "/var/log" "/var/lib/nixos" "/var/lib/systemd/coredump" - ] ++ cfg.system.dirs; + ] + ++ cfg.system.dirs; files = [ "/etc/machine-id" - ] ++ cfg.system.files; + ] + ++ cfg.system.files; }; #zaphyra: hack to persist `/var/lib/private/<service>` (see https://github.com/nix-community/impermanence/issues/213)
diff --git a/config/nixos/modules/filesystem/rootDisk.nix b/config/nixos/modules/filesystem/rootDisk.nix @@ -3,7 +3,6 @@ hostConfig, config, lib, - pkgs, ... }: @@ -317,76 +316,74 @@ in }) { - root.content = ( - lib.mkMerge [ - (lib.mkIf (cfg.type == "ext4") ( - part "root" { - type = "filesystem"; - format = "ext4"; - mountpoint = "/"; - } - )) - (lib.mkIf (cfg.type == "btrfs") ( - part "root" { - type = "btrfs"; - subvolumes = lib.mkMerge [ - { - "/${hostConfig.hostName}/root" = { - mountpoint = "/"; - }; - } - (lib.mkIf cfg.parts.nix { - "/${hostConfig.hostName}/nix" = { - mountOptions = [ - "compress=zstd" - "noatime" - ]; - mountpoint = "/nix"; - }; - }) - (lib.mkIf cfg.parts.system { - "/${hostConfig.hostName}/persist" = { - mountOptions = [ - "compress=zstd" - "noatime" - ]; - mountpoint = "/nix/persist"; - }; - }) - (lib.mkIf (cfg.parts.home && !cfg.parts.homePerUser) { - "/${hostConfig.hostName}/home" = { - mountOptions = [ "compress=zstd" ]; - mountpoint = "/home"; - }; - }) - (lib.mkIf cfg.parts.homePerUser ( - lib.listToAttrs ( - lib.map (user: { - name = + root.content = lib.mkMerge [ + (lib.mkIf (cfg.type == "ext4") ( + part "root" { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + } + )) + (lib.mkIf (cfg.type == "btrfs") ( + part "root" { + type = "btrfs"; + subvolumes = lib.mkMerge [ + { + "/${hostConfig.hostName}/root" = { + mountpoint = "/"; + }; + } + (lib.mkIf cfg.parts.nix { + "/${hostConfig.hostName}/nix" = { + mountOptions = [ + "compress=zstd" + "noatime" + ]; + mountpoint = "/nix"; + }; + }) + (lib.mkIf cfg.parts.system { + "/${hostConfig.hostName}/persist" = { + mountOptions = [ + "compress=zstd" + "noatime" + ]; + mountpoint = "/nix/persist"; + }; + }) + (lib.mkIf (cfg.parts.home && !cfg.parts.homePerUser) { + "/${hostConfig.hostName}/home" = { + mountOptions = [ "compress=zstd" ]; + mountpoint = "/home"; + }; + }) + (lib.mkIf cfg.parts.homePerUser ( + lib.listToAttrs ( + lib.map (user: { + name = + if config.modules.filesystem.impermanence.home.enable then + "/${hostConfig.hostName}/persist/home/${user}" + else + "/${hostConfig.hostName}/home/${user}"; + value = { + mountOptions = [ "compress=zstd" ]; + mountpoint = if config.modules.filesystem.impermanence.home.enable then - "/${hostConfig.hostName}/persist/home/${user}" + "/nix/persist/home/${user}" else - "/${hostConfig.hostName}/home/${user}"; - value = { - mountOptions = [ "compress=zstd" ]; - mountpoint = - if config.modules.filesystem.impermanence.home.enable then - "/nix/persist/home/${user}" - else - "/home/${user}"; - }; - }) users - ) - )) - ]; - } - )) - (lib.mkIf (cfg.type == "zfs") { - type = "zfs"; - pool = hostConfig.hostName; - }) - ] - ); + "/home/${user}"; + }; + }) users + ) + )) + ]; + } + )) + (lib.mkIf (cfg.type == "zfs") { + type = "zfs"; + pool = hostConfig.hostName; + }) + ]; } ( if cfg.swap.enable then
diff --git a/config/nixos/modules/font.nix b/config/nixos/modules/font.nix @@ -2,7 +2,6 @@ povSelf, config, lib, - pkgs, ... }:
diff --git a/config/nixos/modules/gnomeMinimal.nix b/config/nixos/modules/gnomeMinimal.nix @@ -28,7 +28,7 @@ in default = { }; }; settings = { - type = settingsFormat.type; + inherit (settingsFormat) type; default = { }; }; }; @@ -38,7 +38,7 @@ in let configFile = settingsFormat.generate "custom.conf" cfg.gdm.settings; - nixos-background-info = pkgs.writeTextFile rec { + nixos-background-info = pkgs.writeTextFile { name = "nixos-background-info"; destination = "/share/gnome-background-properties/nixos.xml"; text = '' @@ -135,9 +135,9 @@ in # Change hardcoded paths to nix store paths. (prev.replaceVars inputs.self.resources.patches.gdm-fix-paths { - coreutils = final.coreutils; - plymouth = final.plymouth; - dbus = final.dbus; + inherit (final) coreutils; + inherit (final) plymouth; + inherit (final) dbus; }) ]; postPatch = '' @@ -217,13 +217,15 @@ in }; services = { - gnome.gnome-settings-daemon.enable = true; - gnome.glib-networking.enable = true; udisks2.enable = true; libinput.enable = true; accounts-daemon.enable = true; - gnome.at-spi2-core.enable = lib.mkDefault true; - gnome.gnome-keyring.enable = lib.mkDefault true; + gnome = { + gnome-settings-daemon.enable = true; + glib-networking.enable = true; + at-spi2-core.enable = lib.mkDefault true; + gnome-keyring.enable = lib.mkDefault true; + }; pipewire.enable = lib.mkDefault true; hardware.bolt.enable = lib.mkDefault true; colord.enable = lib.mkDefault true; @@ -248,14 +250,14 @@ in udev.packages = [ pkgs.mutter ]; dbus.packages = [ pkgs.gdm ]; - geoclue2.enable = lib.mkDefault true; - geoclue2.enableDemoAgent = false; # GNOME has its own geoclue agent - geoclue2.appConfig = - lib.genAttrs [ "gnome-datetime-panel" "gnome-color-panel" "org.gnome.Shell" ] - (name: { - isAllowed = true; - isSystem = true; - }); + geoclue2 = { + enable = lib.mkDefault true; + enableDemoAgent = false; # GNOME has its own geoclue agent + appConfig = lib.genAttrs [ "gnome-datetime-panel" "gnome-color-panel" "org.gnome.Shell" ] (_name: { + isAllowed = true; + isSystem = true; + }); + }; }; programs = { @@ -270,12 +272,14 @@ in mime.enable = true; icons.enable = true; - portal.enable = true; - portal.configPackages = lib.mkDefault [ pkgs.gnome-session ]; - portal.extraPortals = with pkgs; [ - xdg-desktop-portal-gnome - xdg-desktop-portal-gtk - ]; + portal = { + enable = true; + configPackages = lib.mkDefault [ pkgs.gnome-session ]; + extraPortals = with pkgs; [ + xdg-desktop-portal-gnome + xdg-desktop-portal-gtk + ]; + }; }; systemd = { @@ -292,73 +296,75 @@ in # We dont use the upstream gdm service # it has to be disabled since the gdm package has it # https://github.com/NixOS/nixpkgs/issues/108672 - services.gdm.enable = false; + services = { + gdm.enable = false; - services.display-manager = { - description = "Display Manager"; + display-manager = { + description = "Display Manager"; - wants = [ - "systemd-machined.service" - "accounts-daemon.service" - ]; - conflicts = [ - "getty@${pkgs.gdm.initialVT}.service" - "plymouth-quit.service" - ]; - onFailure = [ "plymouth-quit.service" ]; - wantedBy = [ "multi-user.target" ]; - after = [ - "systemd-logind.service" - "systemd-user-sessions.service" - "systemd-machined.service" - "getty@${pkgs.gdm.initialVT}.service" - "acpid.service" - "plymouth-quit.service" - "plymouth-start.service" - ]; + wants = [ + "systemd-machined.service" + "accounts-daemon.service" + ]; + conflicts = [ + "getty@${pkgs.gdm.initialVT}.service" + "plymouth-quit.service" + ]; + onFailure = [ "plymouth-quit.service" ]; + wantedBy = [ "multi-user.target" ]; + after = [ + "systemd-logind.service" + "systemd-user-sessions.service" + "systemd-machined.service" + "getty@${pkgs.gdm.initialVT}.service" + "acpid.service" + "plymouth-quit.service" + "plymouth-start.service" + ]; - path = [ pkgs.gnome-session ]; - environment = { - XDG_DATA_DIRS = lib.makeSearchPath "share" ( - with pkgs; - [ - gdm - gnome-session.sessions - gnome-control-center # for accessibility icon - adwaita-icon-theme - hicolor-icon-theme - ] - ); - }; + path = [ pkgs.gnome-session ]; + environment = { + XDG_DATA_DIRS = lib.makeSearchPath "share" ( + with pkgs; + [ + gdm + gnome-session.sessions + gnome-control-center # for accessibility icon + adwaita-icon-theme + hicolor-icon-theme + ] + ); + }; - serviceConfig = { - KillMode = "mixed"; - IgnoreSIGPIPE = "no"; - BusName = "org.gnome.DisplayManager"; - StandardError = "inherit"; - ExecStart = "${pkgs.gdm}/bin/gdm"; - ExecReload = "${pkgs.coreutils}/bin/kill -SIGHUP $MAINPID"; - KeyringMode = "shared"; - EnvironmentFile = "-/etc/locale.conf"; - Restart = "always"; - RestartSec = "200ms"; - SyslogIdentifier = "display-manager"; - }; + serviceConfig = { + KillMode = "mixed"; + IgnoreSIGPIPE = "no"; + BusName = "org.gnome.DisplayManager"; + StandardError = "inherit"; + ExecStart = "${pkgs.gdm}/bin/gdm"; + ExecReload = "${pkgs.coreutils}/bin/kill -SIGHUP $MAINPID"; + KeyringMode = "shared"; + EnvironmentFile = "-/etc/locale.conf"; + Restart = "always"; + RestartSec = "200ms"; + SyslogIdentifier = "display-manager"; + }; - restartIfChanged = false; + restartIfChanged = false; - # Stop restarting if the display manager stops (crashes) 2 times in one minute. - startLimitIntervalSec = 30; - startLimitBurst = 3; - }; + # Stop restarting if the display manager stops (crashes) 2 times in one minute. + startLimitIntervalSec = 30; + startLimitBurst = 3; + }; - # Prevent nixos-rebuild switch from bringing down the graphical - # session. (If multi-user.target wants plymouth-quit.service which - # conflicts display-manager.service, then when nixos-rebuild - # switch starts multi-user.target, display-manager.service is - # stopped so plymouth-quit.service can be started.) - services.plymouth-quit = lib.mkIf config.boot.plymouth.enable { - wantedBy = lib.mkForce [ ]; + # Prevent nixos-rebuild switch from bringing down the graphical + # session. (If multi-user.target wants plymouth-quit.service which + # conflicts display-manager.service, then when nixos-rebuild + # switch starts multi-user.target, display-manager.service is + # stopped so plymouth-quit.service can be started.) + plymouth-quit = lib.mkIf config.boot.plymouth.enable { + wantedBy = lib.mkForce [ ]; + }; }; };
diff --git a/config/nixos/modules/hardware/fprint.nix b/config/nixos/modules/hardware/fprint.nix @@ -1,7 +1,5 @@ { - inputs, povSelf, - hostConfig, config, lib, pkgs,
diff --git a/config/nixos/modules/hardware/quirks.nix b/config/nixos/modules/hardware/quirks.nix @@ -1,6 +1,5 @@ { povSelf, - hostConfig, config, lib, ...
diff --git a/config/nixos/modules/hardware/smartcard.nix b/config/nixos/modules/hardware/smartcard.nix @@ -1,6 +1,5 @@ { povSelf, - hostConfig, config, lib, pkgs,
diff --git a/config/nixos/modules/hardware/video/intel.nix b/config/nixos/modules/hardware/video/intel.nix @@ -25,7 +25,7 @@ in #services.xserver.videoDrivers = [ "intel" ]; - environment.systemPackages = [ pkgs.vulkan-validation-layers ]; + environment.systemPackages = [ pkgs.vulkan-validation-layers ]; environment.sessionVariables.VK_ICD_FILENAMES = "/run/opengl-driver/share/vulkan/icd.d/intel_icd.x86_64.json:/run/opengl-driver-32/share/vulkan/icd.d/intel_icd.i686.json"; hardware.graphics = {
diff --git a/config/nixos/modules/homeManager.nix b/config/nixos/modules/homeManager.nix @@ -30,14 +30,14 @@ in extraSpecialArgs = { inherit (inputs.self) homeManagerModules; - inputs = inputs; + inherit inputs; systemConfig = config; }; sharedModules = [ { home.sessionVariables = { - NIXPKGS_PATH = NIXPKGS_PATH; + inherit NIXPKGS_PATH; NIX_PATH = "nixpkgs=${NIXPKGS_PATH}"; }; }
diff --git a/config/nixos/modules/networking/dn42.nix b/config/nixos/modules/networking/dn42.nix @@ -76,11 +76,9 @@ in config = lib.mkIf cfg.enable { networking.firewall.allowedUDPPorts = lib.mapAttrsToList ( - name: peerConfig: peerConfig.listenPort + _name: peerConfig: peerConfig.listenPort ) cfg.peerings; - systemd.services.systemd-networkd.after = [ "sops-install-secrets.service" ]; - sops.secrets = lib.pipe cfg.peerings [ (lib.mapAttrsToList ( name: peerConfig: @@ -101,65 +99,69 @@ in lib.listToAttrs ]; - systemd.network = { - netdevs = lib.mapAttrs' ( - name: peerConfig: - lib.nameValuePair "20-dn42${name}" { - netdevConfig = { - Kind = "wireguard"; - Name = "dn42${name}"; - }; - wireguardConfig = { - ListenPort = peerConfig.listenPort; - PrivateKeyFile = config.sops.secrets."dn42/peerings/${name}/wgPrivateKey".path; - } - // (lib.optionalAttrs peerConfig.hasPresharedKey { - PresharedKeyFile = config.sops.secrets."dn42/peerings/${name}/wgPresharedKey".path; - }); - wireguardPeers = [ - { - PersistentKeepalive = 30; - Endpoint = lib.mkIf (!builtins.isNull peerConfig.endpoint) peerConfig.endpoint; - PublicKey = peerConfig.publicKey; - AllowedIPs = [ - "fd00::/8" - peerConfig.remoteLinkLocalAddress - ]; + systemd = { + network = { + netdevs = lib.mapAttrs' ( + name: peerConfig: + lib.nameValuePair "20-dn42${name}" { + netdevConfig = { + Kind = "wireguard"; + Name = "dn42${name}"; + }; + wireguardConfig = { + ListenPort = peerConfig.listenPort; + PrivateKeyFile = config.sops.secrets."dn42/peerings/${name}/wgPrivateKey".path; } - ]; - } - ) cfg.peerings; + // (lib.optionalAttrs peerConfig.hasPresharedKey { + PresharedKeyFile = config.sops.secrets."dn42/peerings/${name}/wgPresharedKey".path; + }); + wireguardPeers = [ + { + PersistentKeepalive = 30; + Endpoint = lib.mkIf (!builtins.isNull peerConfig.endpoint) peerConfig.endpoint; + PublicKey = peerConfig.publicKey; + AllowedIPs = [ + "fd00::/8" + peerConfig.remoteLinkLocalAddress + ]; + } + ]; + } + ) cfg.peerings; - networks = lib.mapAttrs' ( - name: peerConfig: - lib.nameValuePair "20-dn42${name}" { - matchConfig.Name = "dn42${name}"; - linkConfig.RequiredForOnline = "no"; + networks = lib.mapAttrs' ( + name: peerConfig: + lib.nameValuePair "20-dn42${name}" { + matchConfig.Name = "dn42${name}"; + linkConfig.RequiredForOnline = "no"; - address = [ peerConfig.localLinkLocalAddress ]; - routes = [ { Destination = "${peerConfig.remoteLinkLocalAddress}/128"; } ]; + address = [ peerConfig.localLinkLocalAddress ]; + routes = [ { Destination = "${peerConfig.remoteLinkLocalAddress}/128"; } ]; - networkConfig = { - IPv6Forwarding = true; - IPv6AcceptRA = false; - DHCP = false; - }; - } - ) cfg.peerings; - }; - - systemd.services.stayrtr = { - wantedBy = [ - "multi-user.target" - "bird.service" - ]; - serviceConfig.DynamicUser = true; - serviceConfig.ExecStart = '' - ${lib.getExe pkgs.stayrtr} \ - -bind [::1]:8282 \ - -cache=https://dn42.burble.com/roa/dn42_roa_46.json \ - -checktime=false - ''; + networkConfig = { + IPv6Forwarding = true; + IPv6AcceptRA = false; + DHCP = false; + }; + } + ) cfg.peerings; + }; + services = { + systemd-networkd.after = [ "sops-install-secrets.service" ]; + stayrtr = { + wantedBy = [ + "multi-user.target" + "bird.service" + ]; + serviceConfig.DynamicUser = true; + serviceConfig.ExecStart = '' + ${lib.getExe pkgs.stayrtr} \ + -bind [::1]:8282 \ + -cache=https://dn42.burble.com/roa/dn42_roa_46.json \ + -checktime=false + ''; + }; + }; }; services.bird = { @@ -289,7 +291,7 @@ in }; ${lib.concatStringsSep "\n" ( - lib.mapAttrsToList (name: peerConfig: '' + lib.mapAttrsToList (name: _peerConfig: '' interface "${name}"; '') cfg.babel.peerings )}
diff --git a/config/nixos/modules/nix/disableChannels.nix b/config/nixos/modules/nix/disableChannels.nix @@ -2,7 +2,6 @@ povSelf, config, lib, - pkgs, ... }:
diff --git a/config/nixos/modules/presets/base.nix b/config/nixos/modules/presets/base.nix @@ -29,7 +29,7 @@ in networking = { hostId = builtins.substring 0 8 (builtins.hashString "sha256" hostConfig.hostName); - hostName = hostConfig.hostName; + inherit (hostConfig) hostName; domain = lib.mkDefault hostConfig.domain; useNetworkd = lib.mkDefault true;
diff --git a/config/nixos/modules/presets/graphical/enable.nix b/config/nixos/modules/presets/graphical/enable.nix @@ -17,7 +17,7 @@ in }; config = lib.mkIf cfg { - environment.sessionVariables = { + environment.sessionVariables = { _JAVA_AWT_WM_NONREPARENTING = "1"; NIXOS_OZONE_WL = "1"; SDL_VIDEODRIVER = "wayland"; # Can break some native games
diff --git a/config/nixos/modules/presets/graphical/type.nix b/config/nixos/modules/presets/graphical/type.nix @@ -1,12 +1,9 @@ { - povSelf, - config, lib, ... }: let inherit (lib) types; - cfg = lib.getAttrFromPath povSelf config; in {
diff --git a/config/nixos/modules/presets/graphical/typeGnomeMinimal.nix b/config/nixos/modules/presets/graphical/typeGnomeMinimal.nix @@ -6,7 +6,6 @@ ... }: let - inherit (lib) types; cfg = lib.getAttrFromPath pov config; in @@ -14,7 +13,7 @@ in config = lib.mkIf (cfg.enable && (cfg.type == "gnomeMinimal")) { nixpkgs.overlays = [ - (final: prev: { + (_final: prev: { # patch gdm to automaticly select the first user gnome-shell = prev.gnome-shell.overrideAttrs (prevAttrs: { patches = prevAttrs.patches ++ [ inputs.self.resources.patches.gdm-autoselect-user ];
diff --git a/config/nixos/modules/presets/graphical/typeSway.nix b/config/nixos/modules/presets/graphical/typeSway.nix @@ -2,7 +2,6 @@ pov, config, lib, - pkgs, ... }: let
diff --git a/config/nixos/modules/presets/minimal.nix b/config/nixos/modules/presets/minimal.nix @@ -1,10 +1,7 @@ { povSelf, - pkgs, lib, config, - hostConfig, - modulesPath, ... }: let @@ -60,4 +57,4 @@ in }; -}- \ No newline at end of file +}
diff --git a/config/nixos/modules/presets/netcup.nix b/config/nixos/modules/presets/netcup.nix @@ -1,6 +1,5 @@ { povSelf, - pkgs, lib, config, hostConfig,
diff --git a/config/nixos/modules/presets/networkManagerProfiles/cccdaWifi.nix b/config/nixos/modules/presets/networkManagerProfiles/cccdaWifi.nix @@ -3,7 +3,6 @@ pkgs, lib, config, - hostConfig, ... }: let
diff --git a/config/nixos/modules/presets/networkManagerProfiles/grogHomeWifi.nix b/config/nixos/modules/presets/networkManagerProfiles/grogHomeWifi.nix @@ -1,10 +1,8 @@ { povSelf, inputs, - pkgs, lib, config, - hostConfig, ... }: let
diff --git a/config/nixos/modules/presets/networkManagerProfiles/voidHomeWifi.nix b/config/nixos/modules/presets/networkManagerProfiles/voidHomeWifi.nix @@ -1,10 +1,8 @@ { povSelf, inputs, - pkgs, lib, config, - hostConfig, ... }: let
diff --git a/config/nixos/modules/presets/networkManagerProfiles/voidPhoneWifi.nix b/config/nixos/modules/presets/networkManagerProfiles/voidPhoneWifi.nix @@ -1,10 +1,8 @@ { povSelf, inputs, - pkgs, lib, config, - hostConfig, ... }: let
diff --git a/config/nixos/modules/presets/networkManagerProfiles/zaphyraHomeWifi.nix b/config/nixos/modules/presets/networkManagerProfiles/zaphyraHomeWifi.nix @@ -1,10 +1,8 @@ { povSelf, inputs, - pkgs, lib, config, - hostConfig, ... }: let
diff --git a/config/nixos/modules/presets/networkManagerProfiles/zaphyraPhoneWifi.nix b/config/nixos/modules/presets/networkManagerProfiles/zaphyraPhoneWifi.nix @@ -1,10 +1,8 @@ { povSelf, inputs, - pkgs, lib, config, - hostConfig, ... }: let
diff --git a/config/nixos/modules/presets/void/enable.nix b/config/nixos/modules/presets/void/enable.nix @@ -1,9 +1,7 @@ { povSelf, - pkgs, lib, config, - hostConfig, ... }: let
diff --git a/config/nixos/modules/presets/zaphyra/dn42.nix b/config/nixos/modules/presets/zaphyra/dn42.nix @@ -1,7 +1,5 @@ { - inputs, povSelf, - pkgs, lib, config, hostConfig,
diff --git a/config/nixos/modules/presets/zaphyra/dnsServer.nix b/config/nixos/modules/presets/zaphyra/dnsServer.nix @@ -1,10 +1,8 @@ { inputs, povSelf, - pkgs, lib, config, - hostConfig, dnsNix, ... }: @@ -111,12 +109,8 @@ in inherit SOA NS CAA; subdomains = { - ns1 = ( - host inputs.self.hosts.morio.networking.ip4Address inputs.self.hosts.morio.networking.ip6Address - ); - ns2 = ( - host inputs.self.hosts.novus.networking.ip4Address inputs.self.hosts.novus.networking.ip6Address - ); + ns1 = host inputs.self.hosts.morio.networking.ip4Address inputs.self.hosts.morio.networking.ip6Address; + ns2 = host inputs.self.hosts.novus.networking.ip4Address inputs.self.hosts.novus.networking.ip6Address; _atproto.TXT = [ "did=did:plc:zaeuok3fmh2pcp4cjiicku4i" ]; }; @@ -148,7 +142,7 @@ in dns = { enable = true; - allZones = allZones; + inherit allZones; }; modules.services = { @@ -156,7 +150,7 @@ in enable = true; primary = cfg.isPrimary; zones = lib.mkIf cfg.isPrimary ( - lib.mapAttrs (name: value: { + lib.mapAttrs (_name: value: { file = value; journal-content = "all"; zonefile-sync = -1;
diff --git a/config/nixos/modules/presets/zaphyra/enable.nix b/config/nixos/modules/presets/zaphyra/enable.nix @@ -90,18 +90,16 @@ in }; certs."${config.networking.fqdn}" = { group = lib.mkIf config.services.nginx.enable "nginx"; - extraDomainNames = ( - lib.pipe config.services.nginx.virtualHosts [ - (lib.mapAttrsToList ( - key: config: [ - (if config ? serverAliases then config.serverAliases else [ ]) - key - ] - )) - lib.flatten - (lib.filter (domain: !(lib.hasSuffix "dn42" domain))) - ] - ); + extraDomainNames = lib.pipe config.services.nginx.virtualHosts [ + (lib.mapAttrsToList ( + key: config: [ + (config.serverAliases or [ ]) + key + ] + )) + lib.flatten + (lib.filter (domain: !(lib.hasSuffix "dn42" domain))) + ]; }; }; };
diff --git a/config/nixos/modules/presets/zaphyra/mailServer.nix b/config/nixos/modules/presets/zaphyra/mailServer.nix @@ -130,7 +130,7 @@ in }; }; } - // (lib.mapAttrs (domain: dkimKey: { + // (lib.mapAttrs (_domain: dkimKey: { inherit MX TXT; subdomains = { @@ -245,7 +245,8 @@ in domains = [ cfg.primaryDomain - ] ++ (lib.attrNames cfg.extraDomains); + ] + ++ (lib.attrNames cfg.extraDomains); loginAccounts = { "katja@zaphyra.eu" = {
diff --git a/config/nixos/modules/presets/zaphyra/mautrixBridges/signal.nix b/config/nixos/modules/presets/zaphyra/mautrixBridges/signal.nix @@ -20,7 +20,7 @@ in config = lib.mkIf cfg.enable { assertions = [ { - assertion = config.modules.websites."grapevine.zaphyra.eu".enable == true; + assertion = config.modules.websites."grapevine.zaphyra.eu".enable; message = "The option 'modules.websites.\"grapevine.zaphyra.eu\"' must be enabled in order to use this module."; } ]; @@ -65,16 +65,15 @@ in permissions."${homeserver.domain}" = "admin"; - cleanup_on_logout = - { - enabled = true; - } - // (lib.genAttrs [ "manual" "bad_credentials" ] (name: { - shared_has_users = "delete"; - shared_no_users = "delete"; - relayed = "delete"; - private = "delete"; - })); + cleanup_on_logout = { + enabled = true; + } + // (lib.genAttrs [ "manual" "bad_credentials" ] (_name: { + shared_has_users = "delete"; + shared_no_users = "delete"; + relayed = "delete"; + private = "delete"; + })); }; }; };
diff --git a/config/nixos/modules/presets/zaphyra/mautrixBridges/telegram.nix b/config/nixos/modules/presets/zaphyra/mautrixBridges/telegram.nix @@ -3,7 +3,6 @@ pkgs, lib, config, - hostConfig, ... }: let @@ -21,7 +20,7 @@ in config = lib.mkIf cfg.enable { assertions = [ { - assertion = config.modules.websites."grapevine.zaphyra.eu".enable == true; + assertion = config.modules.websites."grapevine.zaphyra.eu".enable; message = "The option 'modules.websites.\"grapevine.zaphyra.eu\"' must be enabled in order to use this module."; } ]; @@ -68,16 +67,15 @@ in permissions."${homeserver.domain}" = "admin"; - cleanup_on_logout = - { - enabled = true; - } - // (lib.genAttrs [ "manual" "bad_credentials" ] (name: { - shared_has_users = "delete"; - shared_no_users = "delete"; - relayed = "delete"; - private = "delete"; - })); + cleanup_on_logout = { + enabled = true; + } + // (lib.genAttrs [ "manual" "bad_credentials" ] (_name: { + shared_has_users = "delete"; + shared_no_users = "delete"; + relayed = "delete"; + private = "delete"; + })); }; }; };
diff --git a/config/nixos/modules/presets/zaphyra/mautrixBridges/whatsapp.nix b/config/nixos/modules/presets/zaphyra/mautrixBridges/whatsapp.nix @@ -3,7 +3,6 @@ pkgs, lib, config, - hostConfig, ... }: let @@ -21,7 +20,7 @@ in config = lib.mkIf cfg.enable { assertions = [ { - assertion = config.modules.websites."grapevine.zaphyra.eu".enable == true; + assertion = config.modules.websites."grapevine.zaphyra.eu".enable; message = "The option 'modules.websites.\"grapevine.zaphyra.eu\"' must be enabled in order to use this module."; } ]; @@ -41,9 +40,11 @@ in url_previews = true; history_sync = { request_full_sync = true; - full_sync_config.days_limit = 1000; - full_sync_config.size_mb_limit = 1024; - full_sync_config.storage_quota_mb = 1024; + full_sync_config = { + days_limit = 1000; + size_mb_limit = 1024; + storage_quota_mb = 1024; + }; }; }; @@ -77,16 +78,15 @@ in permissions."${homeserver.domain}" = "admin"; - cleanup_on_logout = - { - enabled = true; - } - // (lib.genAttrs [ "manual" "bad_credentials" ] (name: { - shared_has_users = "delete"; - shared_no_users = "delete"; - relayed = "delete"; - private = "delete"; - })); + cleanup_on_logout = { + enabled = true; + } + // (lib.genAttrs [ "manual" "bad_credentials" ] (_name: { + shared_has_users = "delete"; + shared_no_users = "delete"; + relayed = "delete"; + private = "delete"; + })); }; }; };
diff --git a/config/nixos/modules/presets/zaphyra/networkManagerProfiles/dn42.nix b/config/nixos/modules/presets/zaphyra/networkManagerProfiles/dn42.nix @@ -1,9 +1,7 @@ { povSelf, - pkgs, lib, config, - hostConfig, ... }: let
diff --git a/config/nixos/modules/presets/zaphyra/router/enable.nix b/config/nixos/modules/presets/zaphyra/router/enable.nix @@ -4,7 +4,6 @@ pkgs, lib, config, - hostConfig, ... }: let @@ -50,43 +49,47 @@ in }; services = { - avahi.enable = true; - avahi.reflector = true; - avahi.allowInterfaces = [ "brlan" ]; - - kresd.enable = true; - kresd.listenPlain = [ - "10.0.0.1:53" - "[fd6b:6174:6a61::5]:53" - ]; - kresd.extraConfig = '' - require 'math' - math.randomseed(os.time()) - - modules.load('dns64') - modules.load('view') - - dns64.config('64:ff9b::') - - -- disable dns64 for all IPv4 source addresses - view:addr('0.0.0.0/0', policy.all(policy.FLAGS('DNS64_DISABLE'))) - - dns_providers = { - { -- Quad9 - '9.9.9.9', '149.112.112.112' - }, - { -- Cloudflare - '1.1.1.1', '1.0.0.1' - }, - { -- Google - '8.8.8.8', '8.8.4.4' + avahi = { + enable = true; + reflector = true; + allowInterfaces = [ "brlan" ]; + }; + + kresd = { + enable = true; + listenPlain = [ + "10.0.0.1:53" + "[fd6b:6174:6a61::5]:53" + ]; + extraConfig = '' + require 'math' + math.randomseed(os.time()) + + modules.load('dns64') + modules.load('view') + + dns64.config('64:ff9b::') + + -- disable dns64 for all IPv4 source addresses + view:addr('0.0.0.0/0', policy.all(policy.FLAGS('DNS64_DISABLE'))) + + dns_providers = { + { -- Quad9 + '9.9.9.9', '149.112.112.112' + }, + { -- Cloudflare + '1.1.1.1', '1.0.0.1' + }, + { -- Google + '8.8.8.8', '8.8.4.4' + } } - } - policy.add(function (request, query) - return policy.FORWARD(dns_providers[math.random(1, #dns_providers)]) - end) - ''; + policy.add(function (request, query) + return policy.FORWARD(dns_providers[math.random(1, #dns_providers)]) + end) + ''; + }; }; };
diff --git a/config/nixos/modules/presets/zaphyra/router/pppd.nix b/config/nixos/modules/presets/zaphyra/router/pppd.nix @@ -1,10 +1,7 @@ { povSelf, - pkgs, lib, config, - hostConfig, - utils, ... }: let
diff --git a/config/nixos/modules/presets/zaphyra/router/systemd-networkd.nix b/config/nixos/modules/presets/zaphyra/router/systemd-networkd.nix @@ -1,6 +1,5 @@ { povSelf, - pkgs, lib, config, hostConfig,
diff --git a/config/nixos/modules/presets/zaphyra/smarthome/enable.nix b/config/nixos/modules/presets/zaphyra/smarthome/enable.nix @@ -1,10 +1,7 @@ { - inputs, pov, - pkgs, lib, config, - hostConfig, ... }: let
diff --git a/config/nixos/modules/presets/zaphyra/smarthome/mosqitto.nix b/config/nixos/modules/presets/zaphyra/smarthome/mosqitto.nix @@ -1,9 +1,7 @@ { povSelf, - pkgs, lib, config, - hostConfig, ... }: let
diff --git a/config/nixos/modules/presets/zaphyra/smarthome/telegraf.nix b/config/nixos/modules/presets/zaphyra/smarthome/telegraf.nix @@ -1,9 +1,7 @@ { povSelf, - pkgs, lib, config, - hostConfig, ... }: let
diff --git a/config/nixos/modules/presets/zaphyra/syncthing.nix b/config/nixos/modules/presets/zaphyra/syncthing.nix @@ -1,10 +1,8 @@ { inputs, povSelf, - pkgs, lib, config, - hostConfig, ... }: let @@ -69,7 +67,7 @@ in }; }; - isCurrentHost = key: value: key != config.networking.hostName; + isCurrentHost = key: _value: key != config.networking.hostName; deviceNames = lib.pipe syncthingDevices [ (lib.filterAttrs isCurrentHost) @@ -81,16 +79,14 @@ in (lib.pipe syncthingDevices [ (lib.filterAttrs isCurrentHost) (lib.filterAttrs ( - name: value: + name: _value: let syncthingCfg = inputs.self.zaphyraHosts."${name}".config.modules.presets.zaphyra.syncthing; in - ( - if (inputs.self.zaphyraHosts ? name) then - if (syncthingCfg.enable) then lib.elem share syncthingCfg.enabledShares else false - else - false - ) + if (inputs.self.zaphyraHosts ? name) then + if syncthingCfg.enable then lib.elem share syncthingCfg.enabledShares else false + else + false )) builtins.attrNames ]); @@ -99,7 +95,7 @@ in folders = let - dataDir = config.services.syncthing.dataDir; + inherit (config.services.syncthing) dataDir; in { @@ -170,9 +166,9 @@ in in { - sops.secrets = lib.genAttrs [ "syncthing/cert" "syncthing/key" ] (name: { + sops.secrets = lib.genAttrs [ "syncthing/cert" "syncthing/key" ] (_name: { owner = cfg.user; - group = cfg.group; + inherit (cfg) group; }); services.syncthing = { @@ -180,14 +176,14 @@ in openDefaultPorts = true; guiAddress = "[::1]:8384"; - user = cfg.user; - group = cfg.group; + inherit (cfg) user; + inherit (cfg) group; cert = config.sops.secrets."syncthing/cert".path; key = config.sops.secrets."syncthing/key".path; - dataDir = cfg.dataDir; - configDir = cfg.configDir; + inherit (cfg) dataDir; + inherit (cfg) configDir; settings.devices = devices; settings.folders = folders;
diff --git a/config/nixos/modules/programs/steam.nix b/config/nixos/modules/programs/steam.nix @@ -1,6 +1,5 @@ { povSelf, - pkgs, lib, config, ...
diff --git a/config/nixos/modules/programs/yubikey.nix b/config/nixos/modules/programs/yubikey.nix @@ -1,10 +1,8 @@ { - inputs, povSelf, config, lib, pkgs, - homeManagerModules, ... }: let
diff --git a/config/nixos/modules/services/earlyoom.nix b/config/nixos/modules/services/earlyoom.nix @@ -30,18 +30,17 @@ in services.earlyoom = { enable = true; enableNotifications = true; - extraArgs = - [ - "--ignore-root-user" - ] - ++ (lib.optionals (cfg.avoid != [ ]) [ - "--avoid" - "(^|/)(${lib.concatStringsSep "|" cfg.avoid})$" - ]) - ++ (lib.optionals (cfg.prefer != [ ]) [ - "--prefer" - "(^|/)(${lib.concatStringsSep "|" cfg.prefer})$" - ]); + extraArgs = [ + "--ignore-root-user" + ] + ++ (lib.optionals (cfg.avoid != [ ]) [ + "--avoid" + "(^|/)(${lib.concatStringsSep "|" cfg.avoid})$" + ]) + ++ (lib.optionals (cfg.prefer != [ ]) [ + "--prefer" + "(^|/)(${lib.concatStringsSep "|" cfg.prefer})$" + ]); }; };
diff --git a/config/nixos/modules/services/gitolite.nix b/config/nixos/modules/services/gitolite.nix @@ -110,8 +110,8 @@ in { directory = cfg.dataDir; mode = "0755"; - user = cfg.user; - group = cfg.group; + inherit (cfg) user; + inherit (cfg) group; } ]; @@ -122,7 +122,7 @@ in users.users.${cfg.user} = { home = cfg.dataDir; uid = config.ids.uids.gitolite; - group = cfg.group; + inherit (cfg) group; extraGroups = [ "ssh" ]; useDefaultShell = true; packages = [
diff --git a/config/nixos/modules/services/greetd.nix b/config/nixos/modules/services/greetd.nix @@ -1,6 +1,5 @@ { config, - inputs, lib, pkgs, povSelf, @@ -115,25 +114,14 @@ in services.greetd = { enable = true; - settings = - let - swayConfig = pkgs.writeText "greetd-sway-config" '' - input "type:keyboard" { - xkb_layout gb - xkb_variant colemak_dh - } - include /etc/sway/config.d/* - exec "${config.programs.regreet.package}/bin/regreet; swaymsg exit" - ''; - in - { - default_session = { - #command = '' - # ${pkgs.sway}/bin/sway --config ${swayConfig} - #''; - user = "greeter"; - }; + settings = { + default_session = { + #command = '' + # ${pkgs.sway}/bin/sway --config ${swayConfig} + #''; + user = "greeter"; }; + }; }; })
diff --git a/config/nixos/modules/services/gtklock.nix b/config/nixos/modules/services/gtklock.nix @@ -26,13 +26,17 @@ in { systemd.user.services = { gtklock = lib.mkDefault { - Unit.OnSuccess = [ "unlock.target" ]; - Unit.PartOf = [ "lock.target" ]; - Unit.After = [ "lock.target" ]; + Unit = { + OnSuccess = [ "unlock.target" ]; + PartOf = [ "lock.target" ]; + After = [ "lock.target" ]; + }; Install.WantedBy = [ "lock.target" ]; - Service.ExecStart = lib.getExe pkgs.gtklock; - Service.Restart = "on-failure"; - Service.RestartSec = 0; + Service = { + ExecStart = lib.getExe pkgs.gtklock; + Restart = "on-failure"; + RestartSec = 0; + }; }; }; }
diff --git a/config/nixos/modules/services/knot.nix b/config/nixos/modules/services/knot.nix @@ -15,14 +15,14 @@ let isPrimary: (lib.pipe inputs.self.nixosConfigurations [ (lib.filterAttrs ( - hostName: hostConfig: + _hostName: hostConfig: let cfgModule = lib.getAttrFromPath povSelf hostConfig.config; in - (cfgModule.enable && cfgModule.primary == isPrimary) + cfgModule.enable && cfgModule.primary == isPrimary )) (lib.mapAttrsToList ( - hostName: hostConfig: [ + hostName: _hostConfig: [ (lib.mkIf (inputs.self.hosts."${hostName}".networking.ip6Address != "") inputs.self.hosts."${hostName}".networking.ip6Address ) @@ -34,29 +34,27 @@ let lib.flatten ]); - dnsServerSecondaries = ( - lib.pipe inputs.self.nixosConfigurations [ - (lib.filterAttrs ( - hostName: hostConfig: - let - cfgModule = lib.getAttrFromPath povSelf hostConfig.config; - in - (cfgModule.enable && !cfgModule.primary) - )) - (lib.mapAttrs ( - hostName: hostConfig: { - address = [ - (lib.mkIf (inputs.self.hosts."${hostName}".networking.ip6Address != "") - inputs.self.hosts."${hostName}".networking.ip6Address - ) - (lib.mkIf (inputs.self.hosts."${hostName}".networking.ip4Address != "") - inputs.self.hosts."${hostName}".networking.ip4Address - ) - ]; - } - )) - ] - ); + dnsServerSecondaries = lib.pipe inputs.self.nixosConfigurations [ + (lib.filterAttrs ( + _hostName: hostConfig: + let + cfgModule = lib.getAttrFromPath povSelf hostConfig.config; + in + cfgModule.enable && !cfgModule.primary + )) + (lib.mapAttrs ( + hostName: _hostConfig: { + address = [ + (lib.mkIf (inputs.self.hosts."${hostName}".networking.ip6Address != "") + inputs.self.hosts."${hostName}".networking.ip6Address + ) + (lib.mkIf (inputs.self.hosts."${hostName}".networking.ip4Address != "") + inputs.self.hosts."${hostName}".networking.ip4Address + ) + ]; + } + )) + ]; in { @@ -83,12 +81,12 @@ in }; zones = { - type = (pkgs.formats.yaml { }).type; + inherit ((pkgs.formats.yaml { })) type; default = { }; }; extraACL = { - type = (pkgs.formats.yaml { }).type; + inherit ((pkgs.formats.yaml { })) type; default = { }; }; }; @@ -210,7 +208,7 @@ in } ) // (lib.mapAttrs ( - name: zone: + _name: zone: zone // { template = "nixZone";
diff --git a/config/nixos/modules/services/knotACME.nix b/config/nixos/modules/services/knotACME.nix @@ -38,7 +38,7 @@ in generateACMERecord = recordName: ((builtins.hashString "sha1" recordName) + ".${cfg.zone}."); nodesWithACMERecords = lib.filterAttrs ( - hostName: nodeCfg: nodeCfg.config.security.acme.certs != { } + _hostName: nodeCfg: nodeCfg.config.security.acme.certs != { } ) inputs.self.zaphyraHosts; getAllDomainsPerNode = @@ -74,17 +74,15 @@ in in { - dns.allZones = ( - lib.pipe cfg.zones [ - (lib.map ( - element: - lib.nameValuePair element { - subdomains = generateACMERecordsPerZone element; - } - )) - lib.listToAttrs - ] - ); + dns.allZones = lib.pipe cfg.zones [ + (lib.map ( + element: + lib.nameValuePair element { + subdomains = generateACMERecordsPerZone element; + } + )) + lib.listToAttrs + ]; systemd.services.knot = let
diff --git a/config/nixos/modules/services/openssh.nix b/config/nixos/modules/services/openssh.nix @@ -36,7 +36,9 @@ in }; }; - systemd.services.sops-install-secrets.after = lib.mkIf config.modules.filesystem.impermanence.system.enable [ "nix-persist.mount" ]; + systemd.services.sops-install-secrets.after = + lib.mkIf config.modules.filesystem.impermanence.system.enable + [ "nix-persist.mount" ]; # this is required because the secrets need to be decryped before the users get created # but the impermanence bind-mounts get created _after_ the user creation...
diff --git a/config/nixos/modules/services/prosody.nix b/config/nixos/modules/services/prosody.nix @@ -65,19 +65,20 @@ in networking.firewall.allowedTCPPorts = [ 5269 5222 - ] ++ config.services.prosody.httpsPorts; + ] + ++ config.services.prosody.httpsPorts; modules.filesystem.impermanence.system.dirs = [ { directory = config.services.prosody.dataDir; mode = "755"; - user = config.services.prosody.user; - group = config.services.prosody.group; + inherit (config.services.prosody) user; + inherit (config.services.prosody) group; } ]; security.acme.certs."${cfg.domain}" = { - group = config.services.prosody.group; + inherit (config.services.prosody) group; reloadServices = [ "prosody.service" ]; extraDomainNames = [ "xmpp.${cfg.domain}"
diff --git a/config/nixos/modules/services/rcloneResticServer.nix b/config/nixos/modules/services/rcloneResticServer.nix @@ -77,14 +77,13 @@ in virtualHosts."${cfg.nginx.domain}" = { locations."/" = { proxyPass = "http://[::1]:${toString cfg.port}/"; - extraConfig = - '' - client_max_body_size 10G; - '' - + lib.optionalString (cfg.nginx.basicAuthFile != null) '' - auth_basic Auth; - auth_basic_user_file ${cfg.nginx.basicAuthFile}; - ''; + extraConfig = '' + client_max_body_size 10G; + '' + + lib.optionalString (cfg.nginx.basicAuthFile != null) '' + auth_basic Auth; + auth_basic_user_file ${cfg.nginx.basicAuthFile}; + ''; }; }; };
diff --git a/config/nixos/modules/services/resticBackup.nix b/config/nixos/modules/services/resticBackup.nix @@ -124,9 +124,9 @@ in target: lib.nameValuePair "${element.name}-${target}" { initialize = true; - user = element.value.user; - passwordFile = element.value.passwordFile; - timerConfig = element.value.timerConfig; + inherit (element.value) user; + inherit (element.value) passwordFile; + inherit (element.value) timerConfig; repository = cfg.targets."${target}".repository + "/${config.networking.hostName}-${element.name}"; paths = lib.mkMerge [ element.value.paths @@ -142,7 +142,7 @@ in lib.map (element: "/tmp/influxBuckets/${element}") element.value.influxBuckets )) ]; - backupPrepareCommand = ( + backupPrepareCommand = element.value.runBeforeBackup + #dump postgresql databases @@ -173,8 +173,7 @@ in ${pkgs.influxdb2}/bin/influx backup --compression=none --bucket=${db} /tmp/influxBuckets/${db} [ $(du -b /tmp/influxBuckets/${db} | cut -f1) -gt "50" ] || exit 1 '') element.value.influxBuckets - )) - ); + )); } ) element.value.targets) else
diff --git a/config/nixos/modules/services/swaylock.nix b/config/nixos/modules/services/swaylock.nix @@ -27,13 +27,17 @@ in { systemd.user.services = { swaylock = lib.mkDefault { - Unit.OnSuccess = [ "unlock.target" ]; - Unit.PartOf = [ "lock.target" ]; - Unit.After = [ "lock.target" ]; + Unit = { + OnSuccess = [ "unlock.target" ]; + PartOf = [ "lock.target" ]; + After = [ "lock.target" ]; + }; Install.WantedBy = [ "lock.target" ]; - Service.ExecStart = lib.getExe pkgs.swaylock; - Service.Restart = "on-failure"; - Service.RestartSec = 0; + Service = { + ExecStart = lib.getExe pkgs.swaylock; + Restart = "on-failure"; + RestartSec = 0; + }; }; }; }
diff --git a/config/nixos/modules/services/vnstat.nix b/config/nixos/modules/services/vnstat.nix @@ -1,5 +1,4 @@ { - inputs, povSelf, config, lib,
diff --git a/config/nixos/modules/sops.nix b/config/nixos/modules/sops.nix @@ -3,7 +3,6 @@ povSelf, config, lib, - pkgs, ... }:
diff --git a/config/nixos/modules/users/void.nix b/config/nixos/modules/users/void.nix @@ -1,5 +1,4 @@ { - inputs, povSelf, config, lib, @@ -50,16 +49,18 @@ in } (lib.mkIf config.modules.homeManager.enable { - home-manager.users.void.imports = with homeManagerModules.void; lib.concatLists [ - [ - home - impermanence # FIXME - ] + home-manager.users.void.imports = + with homeManagerModules.void; + lib.concatLists [ + [ + home + impermanence # FIXME + ] - (lib.optionals config.modules.filesystem.impermanence.home.enable [ - homeManagerModules.void.impermanence # FIXME: implement impermanence - ]) - ]; + (lib.optionals config.modules.filesystem.impermanence.home.enable [ + homeManagerModules.void.impermanence # FIXME: implement impermanence + ]) + ]; }) ] );
diff --git a/config/nixos/modules/websites/bikemap.zaphyra.eu.nix b/config/nixos/modules/websites/bikemap.zaphyra.eu.nix @@ -1,6 +1,5 @@ { povSelf, - hostConfig, config, pkgs, lib, @@ -40,7 +39,7 @@ in { assertions = [ { - assertion = config.modules.services.gitolite.enable == true; + assertion = config.modules.services.gitolite.enable; message = "The option 'modules.services.gitolite.enable' must be enabled in order to use this module."; } ]; @@ -52,13 +51,13 @@ in directory = "/var/lib/bikemap"; mode = "0755"; user = "bikemap"; - group = config.modules.services.gitolite.group; + inherit (config.modules.services.gitolite) group; } ]; users.users."bikemap" = { isSystemUser = true; - group = config.modules.services.gitolite.group; + inherit (config.modules.services.gitolite) group; createHome = true; homeMode = "755"; home = "/var/lib/bikemap";
diff --git a/config/nixos/modules/websites/dav.zaphyra.eu.nix b/config/nixos/modules/websites/dav.zaphyra.eu.nix @@ -1,8 +1,6 @@ { povSelf, - hostConfig, config, - pkgs, lib, ... }: @@ -72,9 +70,11 @@ in web.type = "internal"; storage.filesystem_folder = "/var/lib/radicale"; headers.Access-Control-Allow-Origin = "*"; - auth.type = "htpasswd"; - auth.htpasswd_filename = config.sops.secrets.radicaleUsers.path; - auth.htpasswd_encryption = "plain"; + auth = { + type = "htpasswd"; + htpasswd_filename = config.sops.secrets.radicaleUsers.path; + htpasswd_encryption = "plain"; + }; }; }; nginx = {
diff --git a/config/nixos/modules/websites/fedi.ctu.cx.nix b/config/nixos/modules/websites/fedi.ctu.cx.nix @@ -25,7 +25,7 @@ in config = lib.mkIf cfg.enable { assertions = [ { - assertion = cfgWebsites."ctu.cx".enable == true; + assertion = cfgWebsites."ctu.cx".enable; message = "The option 'modules.websites.\"ctu.cx\"' must be enabled in order to use this module."; } ]; @@ -42,8 +42,8 @@ in systemd.tmpfiles.settings.gotosocial = { "/var/lib/gotosocial/storage".d = { - user = config.tgc.services.gotosocial.user; - group = config.tgc.services.gotosocial.group; + inherit (config.tgc.services.gotosocial) user; + inherit (config.tgc.services.gotosocial) group; mode = "750"; age = "-"; }; @@ -54,15 +54,15 @@ in { directory = config.tgc.services.gotosocial.stateDir; mode = "0755"; - user = config.tgc.services.gotosocial.user; - group = config.tgc.services.gotosocial.group; + inherit (config.tgc.services.gotosocial) user; + inherit (config.tgc.services.gotosocial) group; } ]; services.resticBackup.paths = { gotosocial = { enable = true; - user = config.tgc.services.gotosocial.user; + inherit (config.tgc.services.gotosocial) user; passwordFile = config.sops.secrets."resticPasswords/gotosocial".path; sqliteDatabases = [ (lib.mkIf ( @@ -83,7 +83,7 @@ in tgc.services.gotosocial = { enable = true; package = pkgs.tgc.gotosocial-unstable; - group = config.services.nginx.group; + inherit (config.services.nginx) group; environmentFile = config.sops.secrets."environments/gotosocial".path; settings = { protocol = "https";
diff --git a/config/nixos/modules/websites/fedi.home.ctu.cx.nix b/config/nixos/modules/websites/fedi.home.ctu.cx.nix @@ -29,8 +29,8 @@ in systemd.tmpfiles.settings.gotosocial = { "/var/lib/gotosocial/storage".d = { - user = config.tgc.services.gotosocial.user; - group = config.tgc.services.gotosocial.group; + inherit (config.tgc.services.gotosocial) user; + inherit (config.tgc.services.gotosocial) group; mode = "750"; age = "-"; }; @@ -41,8 +41,8 @@ in { directory = config.tgc.services.gotosocial.stateDir; mode = "0755"; - user = config.tgc.services.gotosocial.user; - group = config.tgc.services.gotosocial.group; + inherit (config.tgc.services.gotosocial) user; + inherit (config.tgc.services.gotosocial) group; } ]; @@ -50,7 +50,7 @@ in gotosocial = { enable = true; package = pkgs.tgc.gotosocial-unstable; - user = config.tgc.services.gotosocial.user; + inherit (config.tgc.services.gotosocial) user; passwordFile = config.sops.secrets."resticPasswords/gotosocial".path; sqliteDatabases = [ (lib.mkIf ( @@ -70,7 +70,7 @@ in tgc.services.gotosocial = { enable = true; - group = config.services.nginx.group; + inherit (config.services.nginx) group; settings = { protocol = "https"; @@ -117,76 +117,75 @@ in appendHttpConfig = '' proxy_cache_path /var/cache/nginx keys_zone=gotosocial_ap_public_responses:10m inactive=1w; ''; - virtualHosts = - { - "${config.tgc.services.gotosocial.settings.host}" = { - useACMEHost = lib.mkDefault "${config.networking.fqdn}"; - forceSSL = lib.mkDefault true; - kTLS = lib.mkDefault true; - locations = { - "/" = { - proxyPass = "http://${toString config.tgc.services.gotosocial.settings.bind-address}:${toString config.tgc.services.gotosocial.settings.port}"; - proxyWebsockets = true; - }; - - "~ /.well-known/(webfinger|host-meta)$" = { - proxyPass = "http://${toString config.tgc.services.gotosocial.settings.bind-address}:${toString config.tgc.services.gotosocial.settings.port}"; - extraConfig = '' - proxy_cache gotosocial_ap_public_responses; - proxy_cache_background_update on; - proxy_cache_key $scheme://$host$uri$is_args$query_string; - proxy_cache_valid 200 10m; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504 http_429; - proxy_cache_lock on; - add_header X-Cache-Status $upstream_cache_status; - ''; - }; + virtualHosts = { + "${config.tgc.services.gotosocial.settings.host}" = { + useACMEHost = lib.mkDefault "${config.networking.fqdn}"; + forceSSL = lib.mkDefault true; + kTLS = lib.mkDefault true; + locations = { + "/" = { + proxyPass = "http://${toString config.tgc.services.gotosocial.settings.bind-address}:${toString config.tgc.services.gotosocial.settings.port}"; + proxyWebsockets = true; + }; - "~ ^\/users\/(?:[a-z0-9_\.]+)\/main-key$" = { - proxyPass = "http://${toString config.tgc.services.gotosocial.settings.bind-address}:${toString config.tgc.services.gotosocial.settings.port}"; - extraConfig = '' - proxy_cache gotosocial_ap_public_responses; - proxy_cache_background_update on; - proxy_cache_key $scheme://$host$uri; - proxy_cache_valid 200 604800s; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504 http_429; - proxy_cache_lock on; - - add_header X-Cache-Status $upstream_cache_status; - ''; - }; + "~ /.well-known/(webfinger|host-meta)$" = { + proxyPass = "http://${toString config.tgc.services.gotosocial.settings.bind-address}:${toString config.tgc.services.gotosocial.settings.port}"; + extraConfig = '' + proxy_cache gotosocial_ap_public_responses; + proxy_cache_background_update on; + proxy_cache_key $scheme://$host$uri$is_args$query_string; + proxy_cache_valid 200 10m; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504 http_429; + proxy_cache_lock on; + add_header X-Cache-Status $upstream_cache_status; + ''; + }; - "/assets/".extraConfig = '' - alias ${config.tgc.services.gotosocial.package}/share/web/assets/; - autoindex off; - expires max; - add_header Cache-Control "public, immutable"; + "~ ^\/users\/(?:[a-z0-9_\.]+)\/main-key$" = { + proxyPass = "http://${toString config.tgc.services.gotosocial.settings.bind-address}:${toString config.tgc.services.gotosocial.settings.port}"; + extraConfig = '' + proxy_cache gotosocial_ap_public_responses; + proxy_cache_background_update on; + proxy_cache_key $scheme://$host$uri; + proxy_cache_valid 200 604800s; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504 http_429; + proxy_cache_lock on; + + add_header X-Cache-Status $upstream_cache_status; ''; }; + + "/assets/".extraConfig = '' + alias ${config.tgc.services.gotosocial.package}/share/web/assets/; + autoindex off; + expires max; + add_header Cache-Control "public, immutable"; + ''; }; - } - // ( - if - ( - config.tgc.services.gotosocial.settings.account-domain - != config.tgc.services.gotosocial.settings.host - ) - then - { - "${config.tgc.services.gotosocial.settings.account-domain}" = { - locations = { - "= /.well-known/host-meta".extraConfig = - "return 301 https://${config.tgc.services.gotosocial.settings.host}$request_uri;"; - "= /.well-known/webfinger".extraConfig = - "return 301 https://${config.tgc.services.gotosocial.settings.host}$request_uri;"; - "= /.well-known/nodeinfo".extraConfig = - "return 301 https://${config.tgc.services.gotosocial.settings.host}$request_uri;"; - }; + }; + } + // ( + if + ( + config.tgc.services.gotosocial.settings.account-domain + != config.tgc.services.gotosocial.settings.host + ) + then + { + "${config.tgc.services.gotosocial.settings.account-domain}" = { + locations = { + "= /.well-known/host-meta".extraConfig = + "return 301 https://${config.tgc.services.gotosocial.settings.host}$request_uri;"; + "= /.well-known/webfinger".extraConfig = + "return 301 https://${config.tgc.services.gotosocial.settings.host}$request_uri;"; + "= /.well-known/nodeinfo".extraConfig = + "return 301 https://${config.tgc.services.gotosocial.settings.host}$request_uri;"; }; - } - else - { } - ); + }; + } + else + { } + ); }; };
diff --git a/config/nixos/modules/websites/flauschehorn.zaphyra.eu.nix b/config/nixos/modules/websites/flauschehorn.zaphyra.eu.nix @@ -1,6 +1,5 @@ { povSelf, - hostConfig, config, pkgs, lib,
diff --git a/config/nixos/modules/websites/git.zaphyra.eu.nix b/config/nixos/modules/websites/git.zaphyra.eu.nix @@ -1,6 +1,5 @@ { povSelf, - hostConfig, config, lib, pkgs, @@ -205,7 +204,7 @@ in enable = true; user = "git"; group = "git"; - adminPubkey = cfg.adminPubkey; + inherit (cfg) adminPubkey; extraGitoliteRc = '' $RC{GIT_CONFIG_KEYS} = ".*";
diff --git a/config/nixos/modules/websites/grafana.infra.zaphyra.eu.nix b/config/nixos/modules/websites/grafana.infra.zaphyra.eu.nix @@ -1,9 +1,7 @@ { - inputs, povSelf, config, lib, - pkgs, ... }:
diff --git a/config/nixos/modules/websites/grapevine.zaphyra.eu.nix b/config/nixos/modules/websites/grapevine.zaphyra.eu.nix @@ -34,7 +34,7 @@ in assertions = [ { - assertion = cfgWebsites."zaphyra.eu".enable == true; + assertion = cfgWebsites."zaphyra.eu".enable; message = "The option 'modules.websites.\"zaphyra.eu\"' must be enabled in order to use this module."; } ]; @@ -132,7 +132,7 @@ in kTLS = true; locations = { "/_matrix" = { - proxyPass = "http://[${grapevineListen.address}]:${toString (grapevineListen.port)}"; + proxyPass = "http://[${grapevineListen.address}]:${toString grapevineListen.port}"; proxyWebsockets = true; }; "/".root = pkgs.cinny.override {
diff --git a/config/nixos/modules/websites/gts.zaphyra.eu.nix b/config/nixos/modules/websites/gts.zaphyra.eu.nix @@ -25,7 +25,7 @@ in config = lib.mkIf cfg.enable { assertions = [ { - assertion = cfgWebsites."zaphyra.eu".enable == true; + assertion = cfgWebsites."zaphyra.eu".enable; message = "The option 'modules.websites.\"zaphyra.eu\"' must be enabled in order to use this module."; } ]; @@ -45,8 +45,8 @@ in systemd.tmpfiles.settings.gotosocial = { "/var/lib/gotosocial/storage".d = { - user = config.tgc.services.gotosocial.user; - group = config.tgc.services.gotosocial.group; + inherit (config.tgc.services.gotosocial) user; + inherit (config.tgc.services.gotosocial) group; mode = "750"; age = "-"; }; @@ -57,15 +57,15 @@ in { directory = config.tgc.services.gotosocial.stateDir; mode = "0755"; - user = config.tgc.services.gotosocial.user; - group = config.tgc.services.gotosocial.group; + inherit (config.tgc.services.gotosocial) user; + inherit (config.tgc.services.gotosocial) group; } ]; services.resticBackup.paths = { gotosocial = { enable = true; - user = config.tgc.services.gotosocial.user; + inherit (config.tgc.services.gotosocial) user; passwordFile = config.sops.secrets."resticPasswords/gotosocial".path; sqliteDatabases = [ (lib.mkIf ( @@ -86,7 +86,7 @@ in tgc.services.gotosocial = { enable = true; package = pkgs.tgc.gotosocial-unstable; - group = config.services.nginx.group; + inherit (config.services.nginx) group; environmentFile = config.sops.secrets.gotosocialEnv.path; settings = { protocol = "https";
diff --git a/config/nixos/modules/websites/ip.zaphyra.eu.nix b/config/nixos/modules/websites/ip.zaphyra.eu.nix @@ -28,79 +28,81 @@ in config = lib.mkIf cfg.enable { dns.zones."${cfg.domain}".subdomains = { - "ip" = (dnsNix.combinators.host hostConfig.networking.ip4Address hostConfig.networking.ip6Address); + "ip" = dnsNix.combinators.host hostConfig.networking.ip4Address hostConfig.networking.ip6Address; "ip4".A = [ hostConfig.networking.ip4Address ]; "ip6".AAAA = [ hostConfig.networking.ip6Address ]; }; - services.nginx.virtualHosts."ip.${cfg.domain}" = { - useACMEHost = "${config.networking.fqdn}"; - forceSSL = true; - kTLS = true; - locations."/" = { - extraConfig = "types { } default_type 'text/html; charset=utf-8';"; - return = '' - 200 ' - <!DOCTYPE html> - <html> - <head> - <title>ip.${cfg.domain}</title> - </head> - <body> - <h1>ip.${cfg.domain}</h1> - <ul> - <li><span style="user-select: none;"><b>IPv6:</b> </span><span id="ip6">Loading...</span></li> - <li><span style="user-select: none;"><b>IPv4:</b> </span><span id="ip4">Loading...</span></li> - </ul> - <p>Use bash and curl: <code>curl ip{4,6}.${cfg.domain}</code></p> - <p><small>Because any other "Whats my IP?"-tool sucks. <a href="https://git.clerie.de/clerie/ip.clerie.de">Host yourself :3</a></small></p> + services.nginx.virtualHosts = { + "ip.${cfg.domain}" = { + useACMEHost = "${config.networking.fqdn}"; + forceSSL = true; + kTLS = true; + locations."/" = { + extraConfig = "types { } default_type 'text/html; charset=utf-8';"; + return = '' + 200 ' + <!DOCTYPE html> + <html> + <head> + <title>ip.${cfg.domain}</title> + </head> + <body> + <h1>ip.${cfg.domain}</h1> + <ul> + <li><span style="user-select: none;"><b>IPv6:</b> </span><span id="ip6">Loading...</span></li> + <li><span style="user-select: none;"><b>IPv4:</b> </span><span id="ip4">Loading...</span></li> + </ul> + <p>Use bash and curl: <code>curl ip{4,6}.${cfg.domain}</code></p> + <p><small>Because any other "Whats my IP?"-tool sucks. <a href="https://git.clerie.de/clerie/ip.clerie.de">Host yourself :3</a></small></p> - <script> - window.addEventListener("DOMContentLoaded", (event) => { - [ "ip6", "ip4" ].forEach(async (ipVersion) => { - try { - const url = "https://" + ipVersion + ".${cfg.domain}/"; - const response = await fetch(url + ((/\?/).test(url) ? "&" : "?") + (new Date()).getTime()); - if(response.status != 200) { + <script> + window.addEventListener("DOMContentLoaded", (event) => { + [ "ip6", "ip4" ].forEach(async (ipVersion) => { + try { + const url = "https://" + ipVersion + ".${cfg.domain}/"; + const response = await fetch(url + ((/\?/).test(url) ? "&" : "?") + (new Date()).getTime()); + if(response.status != 200) { + document.getElementById(ipVersion).innerText = "Error!"; + } else { + document.getElementById(ipVersion).innerText = await response.text(); + } + } catch { document.getElementById(ipVersion).innerText = "Error!"; - } else { - document.getElementById(ipVersion).innerText = await response.text(); } - } catch { - document.getElementById(ipVersion).innerText = "Error!"; - } + }); }); - }); - </script> - </body> - </html>' - ''; + </script> + </body> + </html>' + ''; + }; }; - }; - services.nginx.virtualHosts."ip4.${cfg.domain}" = { - useACMEHost = "${config.networking.fqdn}"; - forceSSL = true; - kTLS = true; - locations."/" = { - return = "200 '$remote_addr\n'"; - extraConfig = '' - types { } default_type "text/plain; charset=utf-8"; - add_header Access-Control-Allow-Origin *; - ''; + "ip4.${cfg.domain}" = { + useACMEHost = "${config.networking.fqdn}"; + forceSSL = true; + kTLS = true; + locations."/" = { + return = "200 '$remote_addr\n'"; + extraConfig = '' + types { } default_type "text/plain; charset=utf-8"; + add_header Access-Control-Allow-Origin *; + ''; + }; }; - }; - services.nginx.virtualHosts."ip6.${cfg.domain}" = { - useACMEHost = "${config.networking.fqdn}"; - forceSSL = true; - kTLS = true; - locations."/" = { - return = "200 '$remote_addr\n'"; - extraConfig = '' - types { } default_type "text/plain; charset=utf-8"; - add_header Access-Control-Allow-Origin *; - ''; + "ip6.${cfg.domain}" = { + useACMEHost = "${config.networking.fqdn}"; + forceSSL = true; + kTLS = true; + locations."/" = { + return = "200 '$remote_addr\n'"; + extraConfig = '' + types { } default_type "text/plain; charset=utf-8"; + add_header Access-Control-Allow-Origin *; + ''; + }; }; }; };
diff --git a/config/nixos/modules/websites/katja.wtf.nix b/config/nixos/modules/websites/katja.wtf.nix @@ -2,7 +2,6 @@ povSelf, hostConfig, config, - pkgs, lib, dnsNix, ...
diff --git a/config/nixos/modules/websites/oeffi.zaphyra.eu.nix b/config/nixos/modules/websites/oeffi.zaphyra.eu.nix @@ -1,6 +1,5 @@ { povSelf, - hostConfig, config, pkgs, lib, @@ -78,47 +77,49 @@ in large_client_header_buffers 4 16k; ''; - locations."/db/vehicle-sequence".extraConfig = '' - proxy_ssl_server_name on; - proxy_ssl_name www.bahn.de; - proxy_set_header Host www.bahn.de; - proxy_hide_header 'set-cookie'; - proxy_pass https://www.bahn.de/web/api/reisebegleitung/wagenreihung/vehicle-sequence$is_args$args; - ''; - - locations."~ ^/db/vendo/(?<vendotarget>[a-z]+)(/([^\\r\\n].*))?$".extraConfig = '' - if ($vendopath = no) { - return 400; - } - - if ($vendotarget = 'trip') { - set $vendopath '$vendopath$2'; - } - - if ($vendotarget = 'location') { - set $vendopath '$vendopath$2'; - } - - set $vendodomain 'app.vendo.noncd.db.de'; - - proxy_ssl_server_name on; - proxy_ssl_name $vendodomain; - proxy_set_header Host $vendodomain; - proxy_hide_header 'set-cookie'; - proxy_pass https://$vendodomain$vendopath; - ''; - - locations."~ ^/hafas/(?<hafastarget>.*)$".extraConfig = '' - if ($hafasurl = no) { - return 400; - } - - proxy_ssl_server_name on; - proxy_ssl_name $hafasurl; - proxy_set_header Host $hafasurl; - proxy_hide_header 'set-cookie'; - proxy_pass https://$hafasurl$hafaspath; - ''; + locations = { + "/db/vehicle-sequence".extraConfig = '' + proxy_ssl_server_name on; + proxy_ssl_name www.bahn.de; + proxy_set_header Host www.bahn.de; + proxy_hide_header 'set-cookie'; + proxy_pass https://www.bahn.de/web/api/reisebegleitung/wagenreihung/vehicle-sequence$is_args$args; + ''; + + "~ ^/db/vendo/(?<vendotarget>[a-z]+)(/([^\\r\\n].*))?$".extraConfig = '' + if ($vendopath = no) { + return 400; + } + + if ($vendotarget = 'trip') { + set $vendopath '$vendopath$2'; + } + + if ($vendotarget = 'location') { + set $vendopath '$vendopath$2'; + } + + set $vendodomain 'app.vendo.noncd.db.de'; + + proxy_ssl_server_name on; + proxy_ssl_name $vendodomain; + proxy_set_header Host $vendodomain; + proxy_hide_header 'set-cookie'; + proxy_pass https://$vendodomain$vendopath; + ''; + + "~ ^/hafas/(?<hafastarget>.*)$".extraConfig = '' + if ($hafasurl = no) { + return 400; + } + + proxy_ssl_server_name on; + proxy_ssl_name $hafasurl; + proxy_set_header Host $hafasurl; + proxy_hide_header 'set-cookie'; + proxy_pass https://$hafasurl$hafaspath; + ''; + }; }; }; };
diff --git a/config/nixos/modules/websites/prometheus.infra.zaphyra.eu.nix b/config/nixos/modules/websites/prometheus.infra.zaphyra.eu.nix @@ -1,10 +1,8 @@ { inputs, povSelf, - hostConfig, config, lib, - dnsNix, ... }: @@ -55,12 +53,10 @@ in metrics_path = "/node-exporter"; static_configs = [ { - targets = ( - lib.mapAttrsToList ( - name: host: - lib.mkIf host.config.modules.services.prometheusExporters.enable host.config.modules.services.prometheusExporters.domain - ) inputs.self.zaphyraHosts - ); + targets = lib.mapAttrsToList ( + _name: host: + lib.mkIf host.config.modules.services.prometheusExporters.enable host.config.modules.services.prometheusExporters.domain + ) inputs.self.zaphyraHosts; } ]; } @@ -71,12 +67,10 @@ in metrics_path = "/systemd-exporter"; static_configs = [ { - targets = ( - lib.mapAttrsToList ( - name: host: - lib.mkIf host.config.modules.services.prometheusExporters.enable host.config.modules.services.prometheusExporters.domain - ) inputs.self.zaphyraHosts - ); + targets = lib.mapAttrsToList ( + _name: host: + lib.mkIf host.config.modules.services.prometheusExporters.enable host.config.modules.services.prometheusExporters.domain + ) inputs.self.zaphyraHosts; } ]; }
diff --git a/config/nixos/modules/websites/restic.novus.infra.zaphyra.eu.nix b/config/nixos/modules/websites/restic.novus.infra.zaphyra.eu.nix @@ -1,9 +1,7 @@ { povSelf, - hostConfig, config, lib, - dnsNix, ... }:
diff --git a/config/nixos/modules/websites/things.zaphyra.eu.nix b/config/nixos/modules/websites/things.zaphyra.eu.nix @@ -1,8 +1,6 @@ { povSelf, - hostConfig, config, - pkgs, lib, ... }:
diff --git a/config/nixos/modules/websites/vault.zaphyra.eu.nix b/config/nixos/modules/websites/vault.zaphyra.eu.nix @@ -1,6 +1,5 @@ { povSelf, - hostConfig, config, pkgs, lib,
diff --git a/config/nixos/modules/websites/zaphyra.dn42.nix b/config/nixos/modules/websites/zaphyra.dn42.nix @@ -1,10 +1,8 @@ { povSelf, - hostConfig, config, pkgs, lib, - dnsNix, ... }:
diff --git a/config/nixosModules.nix b/config/nixosModules.nix @@ -17,7 +17,7 @@ let ( _: lib.mapAttrs ( - name: value: + _name: value: ( if value ? option then ( @@ -30,15 +30,13 @@ let ( (lib.removeAttrs value [ "options" ]) // { - nixosOptions = ( - lib.mapAttrsRecursiveCond (element: !(element ? type)) ( - path: value: lib.mkOption value - ) value.options - ); + nixosOptions = lib.mapAttrsRecursiveCond (element: !(element ? type)) ( + _path: value: lib.mkOption value + ) value.options; } ) else - (value) + value ) ) ) @@ -61,7 +59,7 @@ let in { - options = modules.options; + inherit (modules) options; config = lib.mkMerge ( lib.pipe (lib.removeAttrs modules [ "options" ]) [
diff --git a/flake.nix b/flake.nix @@ -34,8 +34,8 @@ formatter = tgcLib.forAllSystems { body = pkgs: pkgs.nixfmt-rfc-style; }; - checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks inputs.self.deploy) ( - nixpkgsLib.filterAttrs (key: value: nixpkgsLib.hasSuffix "linux" key) inputs.deploy-rs.lib + checks = builtins.mapAttrs (_system: deployLib: deployLib.deployChecks inputs.self.deploy) ( + nixpkgsLib.filterAttrs (key: _value: nixpkgsLib.hasSuffix "linux" key) inputs.deploy-rs.lib ); resources = loadDir [ @@ -63,7 +63,7 @@ inputs.tgcNUR.overlays.nixpkgsUnstable inputs.tgcNUR.overlays.tuigreet inputs.tgcNUR.overlays.swaylock-plugin-fprintd - (final: prev: { sherlock-launcher = inputs.sherlock.packages.${prev.system}.default; }) + (_final: prev: { sherlock-launcher = inputs.sherlock.packages.${prev.system}.default; }) ]; hosts = loadDir importLoader ./hosts; @@ -71,7 +71,7 @@ nixosConfigurations = builtins.mapAttrs ( hostName: hostConfig: (if !hostConfig.nixpkgsStable then unstableNixpkgsLib.nixosSystem else nixpkgsLib.nixosSystem) { - system = hostConfig.system; + inherit (hostConfig) system; specialArgs = { inherit inputs; @@ -130,15 +130,13 @@ } ) inputs.self.hosts; - zaphyraHosts = ( - nixpkgsLib.filterAttrs ( - name: value: - if (builtins.isNull value.config.networking.domain) then - false - else - nixpkgsLib.hasSuffix "zaphyra.eu" value.config.networking.domain - ) inputs.self.nixosConfigurations - ); + zaphyraHosts = nixpkgsLib.filterAttrs ( + _name: value: + if (builtins.isNull value.config.networking.domain) then + false + else + nixpkgsLib.hasSuffix "zaphyra.eu" value.config.networking.domain + ) inputs.self.nixosConfigurations; homeConfigurations = builtins.listToAttrs ( builtins.map @@ -201,7 +199,7 @@ deploy = { activationTimeout = 600; confirmTimeout = 240; - nodes = builtins.mapAttrs (nodeName: node: { + nodes = builtins.mapAttrs (_nodeName: node: { hostname = node.config.networking.fqdn; sshUser = "root"; sshOpts = [ @@ -249,7 +247,7 @@ stylixUnstable.url = "github:nix-community/stylix"; stylixUnstable.inputs.nixpkgs.follows = "nixpkgsUnstable"; - + disko.url = "github:nix-community/disko"; disko.inputs.nixpkgs.follows = "nixpkgs";
diff --git a/hosts/empty/default.nix b/hosts/empty/default.nix @@ -12,11 +12,15 @@ { config = { # Minimal options to pass assertions. - boot.enableContainers = false; - boot.loader.grub.enable = false; - boot.initrd.includeDefaultModules = false; - boot.initrd.kernelModules = lib.mkOverride 0 [ ]; - boot.initrd.systemd.enable = true; + boot = { + enableContainers = false; + loader.grub.enable = false; + initrd = { + includeDefaultModules = false; + kernelModules = lib.mkOverride 0 [ ]; + systemd.enable = true; + }; + }; documentation = { doc.enable = false; info.enable = false; @@ -24,7 +28,7 @@ nixos.enable = false; }; nixpkgs.overlays = [ - (final: prev: { + (_final: prev: { systemd = prev.systemd.override { withAcl = false; withAnalyze = false; @@ -60,9 +64,11 @@ security.sudo.enable = false; services.userborn.enable = true; nix.channel.enable = false; - system.disableInstallerTools = true; - system.forbiddenDependenciesRegexes = [ "perl" ]; - system.etc.overlay.enable = true; + system = { + disableInstallerTools = true; + forbiddenDependenciesRegexes = [ "perl" ]; + etc.overlay.enable = true; + }; systemd.coredump.enable = false; environment.defaultPackages = lib.mkOverride 0 [ ]; fileSystems."/" = {
diff --git a/hosts/eximius/configuration.nix b/hosts/eximius/configuration.nix @@ -2,7 +2,10 @@ # your system. Help is available in the configuration.nix(5) man page, on # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). -{ config, lib, pkgs, ... }: +{ + pkgs, + ... +}: { # Use latest kernel. @@ -16,7 +19,7 @@ #networking.hostName = "eximius"; # Define your hostname. # Pick only one of the below networking options. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. + networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. # Set your time zone. #time.timeZone = "Europe/Berlin"; @@ -28,29 +31,31 @@ # Select internationalisation properties. #i18n.defaultLocale = "en_GB.UTF-8"; console = { - # font = "Lat2-Terminus16"; + # font = "Lat2-Terminus16"; keyMap = "mod-dh-iso-uk"; - # useXkbConfig = true; # use xkb.options in tty. + # useXkbConfig = true; # use xkb.options in tty. }; powerManagement.powertop.enable = true; virtualisation.podman.enable = true; - services.blueman.enable = true; - services.upower.enable = true; - services.power-profiles-daemon.enable = true; - services.seatd.enable = true; - services.mullvad-vpn = { - enable = true; - package = pkgs.mullvad-vpn; - }; - services.syncthing = { - enable = false; - user = "void"; - group = "users"; - dataDir = "/home/void"; - openDefaultPorts = true; + services = { + blueman.enable = true; + upower.enable = true; + power-profiles-daemon.enable = true; + seatd.enable = true; + mullvad-vpn = { + enable = true; + package = pkgs.mullvad-vpn; + }; + syncthing = { + enable = false; + user = "void"; + group = "users"; + dataDir = "/home/void"; + openDefaultPorts = true; + }; }; users.defaultUserShell = pkgs.fish; @@ -58,7 +63,10 @@ # Define a user account. Don't forget to set a password with ‘passwd’. users.users.void = { isNormalUser = true; - extraGroups = [ "networkmanager" "wheel" ]; # Enable ‘sudo’ for the user. + extraGroups = [ + "networkmanager" + "wheel" + ]; # Enable ‘sudo’ for the user. packages = with pkgs; [ comma kitty @@ -73,10 +81,9 @@ programs.fish.enable = true; programs.sway = { enable = true; - extraPackages = []; + extraPackages = [ ]; wrapperFeatures.gtk = true; }; #environment.systemPackages = [pkgs.swaylock]; } -
diff --git a/hosts/eximius/default.nix b/hosts/eximius/default.nix @@ -19,9 +19,6 @@ configuration = { - config, - lib, - pkgs, inputs, ... }: @@ -42,7 +39,6 @@ } ]; - boot.initrd.systemd.emergencyAccess = true; boot.kernelParams = [ "resume=/dev/eximius/swap" @@ -126,9 +122,9 @@ #hosts."127.0.0.1" = [ config.networking.fqdn ]; }; -# nixpkgs.overlays = [ -# (self: super: { mesa = pkgs.callPackage inputs.self.resources.mesa {}; }) -# ]; + # nixpkgs.overlays = [ + # (self: super: { mesa = pkgs.callPackage inputs.self.resources.mesa {}; }) + # ]; programs.steam = { enable = true; @@ -145,7 +141,7 @@ keyd = { enable = true; keyboards.builtin = { - ids = ["0001:0001"]; + ids = [ "0001:0001" ]; settings = { main = { capslock = "layer(shift)";
diff --git a/hosts/eximius/hardware-configuration.nix b/hosts/eximius/hardware-configuration.nix @@ -1,65 +1,88 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: +{ + config, + lib, + modulesPath, + ... +}: { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" ]; - boot.initrd.kernelModules = [ "dm-snapshot" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; + boot = { + initrd.availableKernelModules = [ + "xhci_pci" + "nvme" + ]; + kernelModules = [ "kvm-intel" ]; + extraModulePackages = [ ]; - boot.initrd.luks.devices.cryptroot = { - device = "/dev/disk/by-partlabel/disk-eximius-root"; + initrd = { + kernelModules = [ "dm-snapshot" ]; + luks.devices.cryptroot = { + device = "/dev/disk/by-partlabel/disk-eximius-root"; + }; + }; }; - fileSystems."/" = - { device = "/dev/eximius/root"; + fileSystems = { + "/" = { + device = "/dev/eximius/root"; fsType = "btrfs"; options = [ "subvol=nixos" ]; }; - fileSystems."/nix" = - { device = "/dev/eximius/nix"; + "/nix" = { + device = "/dev/eximius/nix"; fsType = "xfs"; }; - fileSystems."/data" = - { device = "/dev/eximius/persist"; + "/data" = { + device = "/dev/eximius/persist"; fsType = "btrfs"; }; - fileSystems."/home" = - { device = "/dev/eximius/home"; + "/home" = { + device = "/dev/eximius/home"; fsType = "btrfs"; - options = [ "acl" "nofail" ]; + options = [ + "acl" + "nofail" + ]; }; - fileSystems."/boot" = - { device = "/dev/disk/by-partlabel/disk-eximius-boot"; + "/boot" = { + device = "/dev/disk/by-partlabel/disk-eximius-boot"; fsType = "vfat"; - options = [ "fmask=0077" "dmask=0077" ]; + options = [ + "fmask=0077" + "dmask=0077" + ]; }; - fileSystems."/etc/nixos" = - { device = "/dev/eximius/persist"; + "/etc/nixos" = { + device = "/dev/eximius/persist"; fsType = "btrfs"; options = [ "subvol=etc/nixos" ]; }; - fileSystems."/var/lib/sbctl" = - { device = "/dev/eximius/persist"; + "/var/lib/sbctl" = { + device = "/dev/eximius/persist"; fsType = "btrfs"; options = [ "subvol=var/lib/sbctl" ]; }; + }; - swapDevices = - [ { device = "/dev/eximius/swap"; options = [ "nofail" ]; } - ]; + swapDevices = [ + { + device = "/dev/eximius/swap"; + options = [ "nofail" ]; + } + ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's
diff --git a/hosts/morio/default.nix b/hosts/morio/default.nix @@ -31,7 +31,6 @@ { inputs, config, - pkgs, ... }: { @@ -76,9 +75,11 @@ syncthing.enable = false; dnsServer.enable = true; mailServer.enable = true; - mautrixBridges.signal.enable = true; - mautrixBridges.whatsapp.enable = true; - mautrixBridges.telegram.enable = true; + mautrixBridges = { + signal.enable = true; + whatsapp.enable = true; + telegram.enable = true; + }; }; };
diff --git a/hosts/novus/default.nix b/hosts/novus/default.nix @@ -31,8 +31,6 @@ { inputs, config, - lib, - pkgs, ... }: {
diff --git a/hosts/polaris/default.nix b/hosts/polaris/default.nix @@ -28,10 +28,6 @@ configuration = { inputs, - hostConfig, - config, - lib, - pkgs, ... }: {
diff --git a/hosts/pratorum/default.nix b/hosts/pratorum/default.nix @@ -39,19 +39,23 @@ ./dn42.nix ]; - boot.initrd.systemd.emergencyAccess = true; - boot.initrd.availableKernelModules = [ - "nvme" - "ehci_pci" - "xhci_pci" - "ahci" - "usbhid" - "usb_storage" - "sd_mod" - ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; - boot.initrd.luks.devices."root".device = "/dev/disk/by-uuid/e6ad3c7a-f1a5-4e10-a9f6-53e39297b1a3"; + boot = { + initrd = { + systemd.emergencyAccess = true; + availableKernelModules = [ + "nvme" + "ehci_pci" + "xhci_pci" + "ahci" + "usbhid" + "usb_storage" + "sd_mod" + ]; + luks.devices."root".device = "/dev/disk/by-uuid/e6ad3c7a-f1a5-4e10-a9f6-53e39297b1a3"; + }; + kernelModules = [ "kvm-amd" ]; + extraModulePackages = [ ]; + }; fileSystems."/" = { device = "/dev/disk/by-uuid/d9856f85-c995-4d85-a614-cb2977fea1de";
diff --git a/resources/patchedNixpkgsModules/pam.nix b/resources/patchedNixpkgsModules/pam.nix @@ -2294,16 +2294,17 @@ in a malicious process can then edit such an authorized_keys file and bypass the ssh-agent-based authentication. See https://github.com/NixOS/nixpkgs/issues/31611 '' - ++ lib.optional - ( - with config.security.pam.rssh; - enable && settings.auth_key_file or null != null && settings.authorized_keys_command or null != null - ) - '' - security.pam.rssh.settings.auth_key_file will be ignored as - security.pam.rssh.settings.authorized_keys_command has been specified. - Explictly set the former to null to silence this warning. - ''; + ++ + lib.optional + ( + with config.security.pam.rssh; + enable && settings.auth_key_file or null != null && settings.authorized_keys_command or null != null + ) + '' + security.pam.rssh.settings.auth_key_file will be ignored as + security.pam.rssh.settings.authorized_keys_command has been specified. + Explictly set the former to null to silence this warning. + ''; environment.systemPackages = # Include the PAM modules in the system path mostly for the manpages. @@ -2334,46 +2335,45 @@ in environment.etc = lib.mapAttrs' makePAMService enabledServices; - security.pam.services = - { - other.text = '' - auth required pam_warn.so - auth required pam_deny.so - account required pam_warn.so - account required pam_deny.so - password required pam_warn.so - password required pam_deny.so - session required pam_warn.so - session required pam_deny.so - ''; + security.pam.services = { + other.text = '' + auth required pam_warn.so + auth required pam_deny.so + account required pam_warn.so + account required pam_deny.so + password required pam_warn.so + password required pam_deny.so + session required pam_warn.so + session required pam_deny.so + ''; - # Most of these should be moved to specific modules. - i3lock.enable = lib.mkDefault config.programs.i3lock.enable; - i3lock-color.enable = lib.mkDefault config.programs.i3lock.enable; - vlock.enable = lib.mkDefault config.console.enable; - xlock.enable = lib.mkDefault config.services.xserver.enable; - xscreensaver.enable = lib.mkDefault config.services.xscreensaver.enable; - - runuser = { - rootOK = true; - unixAuth = false; - setEnvironment = false; - }; + # Most of these should be moved to specific modules. + i3lock.enable = lib.mkDefault config.programs.i3lock.enable; + i3lock-color.enable = lib.mkDefault config.programs.i3lock.enable; + vlock.enable = lib.mkDefault config.console.enable; + xlock.enable = lib.mkDefault config.services.xserver.enable; + xscreensaver.enable = lib.mkDefault config.services.xscreensaver.enable; + + runuser = { + rootOK = true; + unixAuth = false; + setEnvironment = false; + }; - /* - FIXME: should runuser -l start a systemd session? Currently - it complains "Cannot create session: Already running in a - session". - */ - runuser-l = { - rootOK = true; - unixAuth = false; - }; - } - // lib.optionalAttrs (config.security.pam.enableFscrypt) { - # Allow fscrypt to verify login passphrase - fscrypt = { }; + /* + FIXME: should runuser -l start a systemd session? Currently + it complains "Cannot create session: Already running in a + session". + */ + runuser-l = { + rootOK = true; + unixAuth = false; }; + } + // lib.optionalAttrs (config.security.pam.enableFscrypt) { + # Allow fscrypt to verify login passphrase + fscrypt = { }; + }; security.apparmor.includes."abstractions/pam" = lib.concatMapStrings (name: "r ${config.environment.etc."pam.d/${name}".source},\n") (
diff --git a/statix.toml b/statix.toml @@ -0,0 +1,6 @@ +disabled = [ + 'collapsible_let_in' +] +nix_version = '2.4' +ignore = ['.direnv', 'resources' ] +