darkkirb/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests 2 Projects Releases Packages Wiki Activity Actions

format all code

Browse source
This commit is contained in:
Charlotte 🦝 Delenk 2024-11-09 15:02:26 +01:00
parent c524dcaa0f
commit 0fe2e334bb
86 changed files with 787 additions and 603 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
config/default.nix
View file

@ -1,4 +1,5 @@
{nixos-config, ...}: {
{ nixos-config, ... }:
{
imports = [
"${nixos-config}/modules"
"${nixos-config}/services/tailscale.nix"

3
config/documentation.nix
View file

@ -1,4 +1,5 @@
{...}: {
{ ... }:
{
documentation.nixos.includeAllModules = true;
documentation.nixos.options.warningsAreErrors = false;
home-manager.users.darkkirb.manual = {

3
config/graphical.nix
View file

@ -1,4 +1,5 @@
{config, ...}: {
{ config, ... }:
{
time.timeZone = "Etc/GMT-1";
isGraphical = true;
imports = [

3
config/graphical/plymouth.nix
View file

@ -1,6 +1,7 @@
# Unlike other modules in this directory, this one is not enabled by default
# The default graphical configuration would enable this, the verbose configuration would not.
{config, ...}: {
{ config, ... }:
{
boot = {
plymouth.enable = true;
consoleLogLevel = 0;

15
config/i18n.nix
View file

@ -1,11 +1,12 @@
{config, ...}: {
{ config, ... }:
{
console.keyMap = "neo";
i18n.extraLocaleSettings = {
LC_ADDRESS="de_DE.UTF-8";
LC_MONETARY="de_DE.UTF-8";
LC_NAME="de_DE.UTF-8";
LC_PAPER="de_DE.UTF-8";
LC_TELEPHONE="de_DE.UTF-8";
LC_TIME="de_DE.UTF-8";
LC_ADDRESS = "de_DE.UTF-8";
LC_MONETARY = "de_DE.UTF-8";
LC_NAME = "de_DE.UTF-8";
LC_PAPER = "de_DE.UTF-8";
LC_TELEPHONE = "de_DE.UTF-8";
LC_TIME = "de_DE.UTF-8";
};
}

3
config/kde/default.nix
View file

@ -1,4 +1,5 @@
{...}: {
{ ... }:
{
services.xserver.enable = true;
services.displayManager.sddm.enable = true;
services.desktopManager.plasma6.enable = true;

3
config/kde/home-manager.nix
View file

@ -1,4 +1,5 @@
{plasma-manager, ...}: {
{ plasma-manager, ... }:
{
programs.plasma.enable = true;
programs.plasma.configFile.baloofilerc."Basic Settings"."Indexing-Enabled" = false;
imports = [

3
config/kde/i18n.nix
View file

@ -1,4 +1,5 @@
{...}: {
{ ... }:
{
services.libinput.enable = true;
services.xserver.xkb = {
layout = "de";

3
config/kde/theming.nix
View file

@ -1,4 +1,5 @@
{...}: {
{ ... }:
{
programs.plasma = {
workspace.lookAndFeel = "org.kde.breezedark.desktop";
hotkeys.commands."launch-konsole" = {

5
config/networkmanager.nix
View file

@ -1,6 +1,7 @@
{...}: {
{ ... }:
{
networking.networkmanager.enable = true;
users.users.darkkirb.extraGroups = ["networkmanager"];
users.users.darkkirb.extraGroups = [ "networkmanager" ];
environment.persistence."/persistent".directories = [
"/var/lib/NetworkManager"
"/etc/NetworkManager"

6
config/systemd-boot.nix
View file

@ -1,6 +1,8 @@
{system, ...}: let
{ system, ... }:
let
isx86 = system == "x86_64-linux";
in {
in
{
boot.loader.systemd-boot = {
enable = true;
memtest86.enable = isx86;

3
containers/default-configuration.nix
View file

@ -1,4 +1,5 @@
{system, ...}: {
{ system, ... }:
{
inherit system;
config = import ./default.nix;
autoStart = true;

3
containers/default.nix
View file

@ -1,4 +1,5 @@
{nixos-config, ...}: {
{ nixos-config, ... }:
{
imports = [
nixos-config.nixosModules.containers
];

25
default.nix
View file

@ -1,14 +1,11 @@
(
import
(
let
lock = builtins.fromJSON (builtins.readFile ./flake.lock);
in
fetchTarball {
url = lock.nodes.flake-compat.locked.url or "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz";
sha256 = lock.nodes.flake-compat.locked.narHash;
}
)
{src = ./.;}
)
.defaultNix
(import (
let
lock = builtins.fromJSON (builtins.readFile ./flake.lock);
in
fetchTarball {
url =
lock.nodes.flake-compat.locked.url
or "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz";
sha256 = lock.nodes.flake-compat.locked.narHash;
}
) { src = ./.; }).defaultNix

265
flake.nix
View file

@ -78,134 +78,161 @@
};
};
outputs = {
self,
nixpkgs,
...
} @ inputs': let
inputs =
inputs'
// {
outputs =
{
self,
nixpkgs,
...
}@inputs':
let
inputs = inputs' // {
nixos-config = self;
inherit inputs;
inTester = false;
pureInputs = inputs';
};
pkgsFor = system: let
inputs' =
inputs
// {
pkgsFor =
system:
let
inputs' = inputs // {
inherit system;
inputs = inputs';
};
in
import nixpkgs {
inherit system;
inputs = inputs';
};
in
import nixpkgs {
inherit system;
overlays =
[
(_: _:
inputs'
// {
inputs = inputs';
})
]
++ (
if system == "riscv64-linux"
then [
inputs.riscv-overlay.overlays.default
overlays =
[
(
_: _:
inputs'
// {
inputs = inputs';
}
)
]
else []
++ (
if system == "riscv64-linux" then
[
inputs.riscv-overlay.overlays.default
]
else
[ ]
);
};
in
{
checks.x86_64-linux = nixpkgs.lib.listToAttrs (
map (testName: {
name = testName;
value = (pkgsFor "x86_64-linux").callPackage ./tests/${testName}.nix { };
}) [ "containers-default" ]
);
nixosModules = {
containers = import ./modules/containers/default.nix;
default = import ./modules/default.nix;
};
nixosContainers =
with nixpkgs.lib;
let
containerNames = [
"default"
];
containerArches = [
"x86_64-linux"
"aarch64-linux"
"riscv64-linux"
];
containers = listToAttrs (
flatten (
map (
system:
let
pkgs = pkgsFor system;
in
map (container: {
name = "container-${container}-${system}";
value = pkgs.callPackage ./containers/${container}-configuration.nix { };
}) containerNames
) containerArches
)
);
in
containers;
nixosConfigurations =
with nixpkgs.lib;
let
mkSystem =
args:
let
inputs' = inputs // {
inherit (args) system;
};
in
nixosSystem (
args
// {
specialArgs = args.specialArgs or { } // inputs';
}
);
systems' = {
not522 = {
config = ./machine/not522;
system = "riscv64-linux";
};
not522-installer = {
config = ./machine/not522/installer;
system = "riscv64-linux";
};
pc-installer = {
config = ./machine/pc-installer;
system = "x86_64-linux";
};
rainbow-resort = {
config = ./machine/rainbow-resort;
system = "x86_64-linux";
};
thinkrac = {
config = ./machine/thinkrac;
system = "x86_64-linux";
};
};
containers = mapAttrs (
_: container:
mkSystem {
inherit (container) system;
modules = [
container.config
];
}
) self.nixosContainers;
systems = mapAttrs (
_: system:
mkSystem {
inherit (system) system;
modules = [
system.config
];
}
) systems';
in
containers // systems;
hydraJobs = {
inherit (self) checks devShells;
nixosConfigurations = nixpkgs.lib.mapAttrs (
_: v: v.config.system.build.toplevel
) self.nixosConfigurations;
};
in {
checks.x86_64-linux = nixpkgs.lib.listToAttrs (map (testName: {
name = testName;
value = (pkgsFor "x86_64-linux").callPackage ./tests/${testName}.nix {};
}) ["containers-default"]);
nixosModules = {
containers = import ./modules/containers/default.nix;
default = import ./modules/default.nix;
};
nixosContainers = with nixpkgs.lib; let
containerNames = [
"default"
];
containerArches = ["x86_64-linux" "aarch64-linux" "riscv64-linux"];
containers = listToAttrs (flatten (map (system: let
pkgs = pkgsFor system;
in
map (container: {
name = "container-${container}-${system}";
value = pkgs.callPackage ./containers/${container}-configuration.nix {};
})
containerNames)
containerArches));
in
containers;
nixosConfigurations = with nixpkgs.lib; let
mkSystem = args: let
inputs' = inputs // {inherit (args) system;};
in
nixosSystem (args
// {
specialArgs =
args.specialArgs
or {}
// inputs';
});
systems' = {
not522 = {
config = ./machine/not522;
system = "riscv64-linux";
};
not522-installer = {
config = ./machine/not522/installer;
system = "riscv64-linux";
};
pc-installer = {
config = ./machine/pc-installer;
system = "x86_64-linux";
};
rainbow-resort = {
config = ./machine/rainbow-resort;
system = "x86_64-linux";
};
thinkrac = {
config = ./machine/thinkrac;
system = "x86_64-linux";
};
};
containers = mapAttrs (_: container:
mkSystem {
inherit (container) system;
modules = [
container.config
devShells.x86_64-linux.default =
with pkgsFor "x86_64-linux";
mkShell {
nativeBuildInputs = with pkgs; [
age
sops
ssh-to-age
nixfmt-rfc-style
];
})
self.nixosContainers;
systems = mapAttrs (_: system:
mkSystem {
inherit (system) system;
modules = [
system.config
];
})
systems';
in
containers // systems;
hydraJobs = {
inherit (self) checks devShells;
nixosConfigurations = nixpkgs.lib.mapAttrs (_: v: v.config.system.build.toplevel) self.nixosConfigurations;
};
formatter.x86_64-linux = (pkgsFor "x86_64-linux").nixfmt-rfc-style;
};
devShells.x86_64-linux.default = with pkgsFor "x86_64-linux";
mkShell {
nativeBuildInputs = with pkgs; [
age
sops
ssh-to-age
nixfmt-rfc-style
];
};
formatter.x86_64-linux = (pkgsFor "x86_64-linux").nixfmt-rfc-style;
};
}

2
hydra/default.nix
View file

@ -1 +1 @@
{nixos-config}: (import nixos-config).hydraJobs
{ nixos-config }: (import nixos-config).hydraJobs

8
machine/not522/cross-packages.nix
View file

@ -3,13 +3,15 @@
nixpkgs,
lix,
...
}: let
}:
let
pkgs_x86_64 = import nixpkgs {
system = "x86_64-linux";
crossSystem.system = "riscv64-linux";
overlays = [lix.overlays.default];
overlays = [ lix.overlays.default ];
};
in {
in
{
nixpkgs.overlays = [
(self: super: {
inherit (pkgs_x86_64) lix nixos-option;

5
machine/not522/default.nix
View file

@ -3,7 +3,8 @@
nixos-hardware,
nixpkgs,
...
}: {
}:
{
networking.hostName = "not522";
imports = [
"${nixos-config}/config"
@ -14,5 +15,5 @@
];
system.stateVersion = "24.11";
nixpkgs.config.allowUnsupportedSystem = true;
nix.settings.system-features = ["native-riscv"];
nix.settings.system-features = [ "native-riscv" ];
}

13
machine/not522/disko.nix
View file

@ -17,30 +17,33 @@
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = ["umask=0077"];
mountOptions = [ "umask=0077" ];
};
};
root = {
end = "-8G";
content = {
type = "btrfs";
extraArgs = ["-f"]; # Override existing partition
extraArgs = [ "-f" ]; # Override existing partition
# Subvolumes must set a mountpoint in order to be mounted,
# unless their parent is mounted
subvolumes = {
# Subvolume name is different from mountpoint
"/root" = {
mountOptions = ["compress=zstd"];
mountOptions = [ "compress=zstd" ];
mountpoint = "/";
};
# Subvolume name is the same as the mountpoint
"/persistent" = {
mountOptions = ["compress=zstd"];
mountOptions = [ "compress=zstd" ];
mountpoint = "/persistent";
};
# Parent is not mounted so the mountpoint must be set
"/nix" = {
mountOptions = ["compress=zstd" "noatime"];
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/nix";
};
};

3
machine/not522/hardware.nix
View file

@ -3,7 +3,8 @@
nixos-hardware,
config,
...
}: {
}:
{
imports = [
"${nixos-hardware}/starfive/visionfive/v2/default.nix"
];

24
machine/not522/installer/default.nix
View file

@ -7,19 +7,19 @@
lib,
nixpkgs,
...
}: let
dependencies =
[
nixos-config.nixosConfigurations.not522.config.system.build.toplevel
nixos-config.nixosConfigurations.not522.config.system.build.diskoScript
nixos-config.nixosConfigurations.not522.config.system.build.diskoScript.drvPath
nixos-config.nixosConfigurations.not522.pkgs.stdenv.drvPath
(nixos-config.nixosConfigurations.not522.pkgs.closureInfo {rootPaths = [];}).drvPath
]
++ map (i: i.outPath) (builtins.filter builtins.isAttrs (builtins.attrValues pureInputs));
}:
let
dependencies = [
nixos-config.nixosConfigurations.not522.config.system.build.toplevel
nixos-config.nixosConfigurations.not522.config.system.build.diskoScript
nixos-config.nixosConfigurations.not522.config.system.build.diskoScript.drvPath
nixos-config.nixosConfigurations.not522.pkgs.stdenv.drvPath
(nixos-config.nixosConfigurations.not522.pkgs.closureInfo { rootPaths = [ ]; }).drvPath
] ++ map (i: i.outPath) (builtins.filter builtins.isAttrs (builtins.attrValues pureInputs));
closureInfo = pkgs.closureInfo {rootPaths = dependencies;};
in {
closureInfo = pkgs.closureInfo { rootPaths = dependencies; };
in
{
networking.hostName = "not522-installer";
imports = [
"${nixos-config}/config"

13
machine/not522/installer/disko.nix
View file

@ -17,30 +17,33 @@
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = ["umask=0077"];
mountOptions = [ "umask=0077" ];
};
};
root = {
size = "100%";
content = {
type = "btrfs";
extraArgs = ["-f"]; # Override existing partition
extraArgs = [ "-f" ]; # Override existing partition
# Subvolumes must set a mountpoint in order to be mounted,
# unless their parent is mounted
subvolumes = {
# Subvolume name is different from mountpoint
"/root" = {
mountOptions = ["compress=zstd"];
mountOptions = [ "compress=zstd" ];
mountpoint = "/";
};
# Subvolume name is the same as the mountpoint
"/persistent" = {
mountOptions = ["compress=zstd"];
mountOptions = [ "compress=zstd" ];
mountpoint = "/persistent";
};
# Parent is not mounted so the mountpoint must be set
"/nix" = {
mountOptions = ["compress=zstd" "noatime"];
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/nix";
};
};

10
machine/pc-installer/default.nix
View file

@ -5,21 +5,23 @@
pkgs,
pureInputs,
...
}: let
}:
let
getDeps = name: [
nixos-config.nixosConfigurations.${name}.config.system.build.toplevel
nixos-config.nixosConfigurations.${name}.config.system.build.diskoScript
nixos-config.nixosConfigurations.${name}.config.system.build.diskoScript.drvPath
nixos-config.nixosConfigurations.${name}.pkgs.stdenv.drvPath
(nixos-config.nixosConfigurations.${name}.pkgs.closureInfo {rootPaths = [];}).drvPath
(nixos-config.nixosConfigurations.${name}.pkgs.closureInfo { rootPaths = [ ]; }).drvPath
];
dependencies =
(getDeps "rainbow-resort")
++ (getDeps "thinkrac")
++ map (i: i.outPath) (builtins.filter builtins.isAttrs (builtins.attrValues pureInputs));
closureInfo = pkgs.closureInfo {rootPaths = dependencies;};
in {
closureInfo = pkgs.closureInfo { rootPaths = dependencies; };
in
{
networking.hostName = "pc-installer";
imports = [
"${nixos-config}/config"

13
machine/pc-installer/disko.nix
View file

@ -18,30 +18,33 @@
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = ["umask=0077"];
mountOptions = [ "umask=0077" ];
};
};
root = {
size = "100%";
content = {
type = "btrfs";
extraArgs = ["-f"]; # Override existing partition
extraArgs = [ "-f" ]; # Override existing partition
# Subvolumes must set a mountpoint in order to be mounted,
# unless their parent is mounted
subvolumes = {
# Subvolume name is different from mountpoint
"/root" = {
mountOptions = ["compress=zstd"];
mountOptions = [ "compress=zstd" ];
mountpoint = "/";
};
# Subvolume name is the same as the mountpoint
"/persistent" = {
mountOptions = ["compress=zstd"];
mountOptions = [ "compress=zstd" ];
mountpoint = "/persistent";
};
# Parent is not mounted so the mountpoint must be set
"/nix" = {
mountOptions = ["compress=zstd" "noatime"];
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/nix";
};
};

3
machine/pc-installer/graphical.nix
View file

@ -2,7 +2,8 @@
config,
nixos-config,
...
}: {
}:
{
imports = [
"${nixos-config}/config/graphical.nix"
];

3
machine/pc-installer/grub.nix
View file

@ -2,7 +2,8 @@
config,
lib,
...
}: {
}:
{
# For legacy pc reason, this needs to be grub
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.loader.grub = {

12
machine/pc-installer/hardware.nix
View file

@ -1,5 +1,13 @@
{...}: {
boot.initrd.availableKernelModules = ["nvme" "ahci" "xhci_pci" "usbhid" "uas" "sd_mod"];
{ ... }:
{
boot.initrd.availableKernelModules = [
"nvme"
"ahci"
"xhci_pci"
"usbhid"
"uas"
"sd_mod"
];
hardware.cpu.amd.updateMicrocode = true;
hardware.cpu.intel.updateMicrocode = true;
}

5
machine/rainbow-resort/default.nix
View file

@ -3,7 +3,8 @@
nixos-config,
lib,
...
}: {
}:
{
networking.hostName = "rainbow-resort";
imports = [
"${nixos-config}/config"
@ -21,5 +22,5 @@
}
];
};
home-manager.users.darkkirb.imports = [./home-manager.nix];
home-manager.users.darkkirb.imports = [ ./home-manager.nix ];
}

13
machine/rainbow-resort/disko.nix
View file

@ -17,30 +17,33 @@
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = ["umask=0077"];
mountOptions = [ "umask=0077" ];
};
};
root = {
end = "-64G";
content = {
type = "btrfs";
extraArgs = ["-f"]; # Override existing partition
extraArgs = [ "-f" ]; # Override existing partition
# Subvolumes must set a mountpoint in order to be mounted,
# unless their parent is mounted
subvolumes = {
# Subvolume name is different from mountpoint
"/root" = {
mountOptions = ["compress=zstd"];
mountOptions = [ "compress=zstd" ];
mountpoint = "/";
};
# Subvolume name is the same as the mountpoint
"/persistent" = {
mountOptions = ["compress=zstd"];
mountOptions = [ "compress=zstd" ];
mountpoint = "/persistent";
};
# Parent is not mounted so the mountpoint must be set
"/nix" = {
mountOptions = ["compress=zstd" "noatime"];
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/nix";
};
};

24
machine/rainbow-resort/hardware.nix
View file

@ -2,7 +2,8 @@
modulesPath,
nixos-hardware,
...
}: {
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
nixos-hardware.nixosModules.common-cpu-amd
@ -13,10 +14,23 @@
nixos-hardware.nixosModules.common-pc-ssd
];
hardware.cpu.amd.updateMicrocode = true;
boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "sr_mod" "k10temp"];
boot.initrd.kernelModules = ["amdgpu"];
boot.kernelModules = ["kvm-amd" "i2c-dev" "i2c-piix4"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usb_storage"
"usbhid"
"sd_mod"
"sr_mod"
"k10temp"
];
boot.initrd.kernelModules = [ "amdgpu" ];
boot.kernelModules = [
"kvm-amd"
"i2c-dev"
"i2c-piix4"
];
boot.extraModulePackages = [ ];
nix.settings.cores = 16;
boot.binfmt.emulatedSystems = [
"armv7l-linux"

3
machine/rainbow-resort/home-manager.nix
View file

@ -1,4 +1,5 @@
{lib, ...}: {
{ lib, ... }:
{
xdg.configFile."kwinoutputconfig.json".text = lib.strings.toJSON [
{
data = [

3
machine/thinkrac/default.nix
View file

@ -3,7 +3,8 @@
nixos-config,
lib,
...
}: {
}:
{
networking.hostName = "thinkrac";
imports = [
"${nixos-config}/config"

13
machine/thinkrac/disko.nix
View file

@ -17,30 +17,33 @@
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = ["umask=0077"];
mountOptions = [ "umask=0077" ];
};
};
root = {
end = "-24G";
content = {
type = "btrfs";
extraArgs = ["-f"]; # Override existing partition
extraArgs = [ "-f" ]; # Override existing partition
# Subvolumes must set a mountpoint in order to be mounted,
# unless their parent is mounted
subvolumes = {
# Subvolume name is different from mountpoint
"/root" = {
mountOptions = ["compress=zstd"];
mountOptions = [ "compress=zstd" ];
mountpoint = "/";
};
# Subvolume name is the same as the mountpoint
"/persistent" = {
mountOptions = ["compress=zstd"];
mountOptions = [ "compress=zstd" ];
mountpoint = "/persistent";
};
# Parent is not mounted so the mountpoint must be set
"/nix" = {
mountOptions = ["compress=zstd" "noatime"];
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/nix";
};
};

16
machine/thinkrac/hardware.nix
View file

@ -2,7 +2,8 @@
modulesPath,
nixos-hardware,
...
}: {
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
nixos-hardware.nixosModules.lenovo-thinkpad-t470s
@ -11,10 +12,15 @@
nixos-hardware.nixosModules.common-pc-laptop-ssd
];
hardware.cpu.intel.updateMicrocode = true;
boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [
"xhci_pci"
"nvme"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
nix.settings.cores = 4;
# use the lowest frequency possible, to save power
powerManagement.cpuFreqGovernor = "powersave";

23
modules/containers/autoconfig.nix
View file

@ -6,27 +6,28 @@
inputs,
...
}:
with lib; let
with lib;
let
badNames = [
"system"
"override"
"overrideDerivation"
];
filterBad = filterAttrs (n: _: lib.all (m: n != m) badNames);
in {
in
{
options.autoContainers = mkOption {
default = [];
default = [ ];
type = types.listOf types.str;
};
config = {
containers = listToAttrs (map (container: {
containers = listToAttrs (
map (container: {
name = container;
value =
filterBad (pkgs.callPackage ../../containers/${container}-configuration.nix {})
// {
specialArgs = inputs;
};
})
config.autoContainers);
value = filterBad (pkgs.callPackage ../../containers/${container}-configuration.nix { }) // {
specialArgs = inputs;
};
}) config.autoContainers
);
};
}

3
modules/containers/default.nix
View file

@ -2,7 +2,8 @@
nixos-config,
lib,
...
}: {
}:
{
imports = [
nixos-config.nixosModules.default
./hostName.nix

10
modules/containers/hostName.nix
View file

@ -3,7 +3,8 @@
lib,
...
}:
with lib; {
with lib;
{
options.networking = {
rootHostName = mkOption {
description = "Hostname of the running host";
@ -26,9 +27,10 @@ with lib; {
config = {
networking = rec {
fullHostName =
if config.networking.rootHostName == ""
then config.networking.hostName
else "${config.networking.rootHostName}-${config.networking.hostName}";
if config.networking.rootHostName == "" then
config.networking.hostName
else
"${config.networking.rootHostName}-${config.networking.hostName}";
nodeID = lib.substring 0 8 (builtins.hashString "sha256" fullHostName);
};
};

3
modules/containers/minimize.nix
View file

@ -1,4 +1,5 @@
{nixpkgs, ...}: {
{ nixpkgs, ... }:
{
imports = [
(nixpkgs.outPath + "/nixos/modules/profiles/minimal.nix")
(nixpkgs.outPath + "/nixos/modules/profiles/headless.nix")

3
modules/default.nix
View file

@ -5,7 +5,8 @@
nur,
...
}:
with lib; {
with lib;
{
imports = [
./riscv.nix
./containers/autoconfig.nix

20
modules/environment/impermanence.nix
View file

@ -6,7 +6,8 @@
inTester,
...
}:
with lib; {
with lib;
{
imports = [
"${impermanence}/nixos.nix"
./user-impermanence.nix
@ -70,26 +71,23 @@ with lib; {
}
{
assertion =
if hasAttr "/" config.fileSystems
then config.fileSystems."/".fsType == "btrfs"
else false;
if hasAttr "/" config.fileSystems then config.fileSystems."/".fsType == "btrfs" else false;
message = "rootfs must be btrfs";
}
{
assertion =
if hasAttr "/" config.fileSystems
then any (t: t == "subvol=root" || t == "subvol=/root") config.fileSystems."/".options
else false;
if hasAttr "/" config.fileSystems then
any (t: t == "subvol=root" || t == "subvol=/root") config.fileSystems."/".options
else
false;
message = "rootfs must mount subvolume root";
}
];
fileSystems."/persistent" = {
device =
if hasAttr "/" config.fileSystems
then mkDefault config.fileSystems."/".device
else "/dev/null";
if hasAttr "/" config.fileSystems then mkDefault config.fileSystems."/".device else "/dev/null";
fsType = "btrfs";
options = ["subvol=persistent"];
options = [ "subvol=persistent" ];
neededForBoot = true;
};
environment.persistence."/persistent" = {

196
modules/environment/user-impermanence.nix
View file

@ -5,107 +5,121 @@
inTester,
...
}:
with lib; {
with lib;
{
options = {
environment.impermanence.users = mkOption {
description = "Which users to clean up the home directory for";
default = [];
default = [ ];
type = types.listOf types.str;
};
};
config = mkIf (config.environment.impermanence.enable && config.environment.impermanence.users != []) {
programs.fuse.userAllowOther = true;
home-manager.users = listToAttrs (map (name: {
inherit name;
value = {config, ...}: {
home.file."${config.home.homeDirectory}/.cache/.keep" = {
enable = false;
};
home.persistence.default = {
persistentStoragePath = "/persistent/home/${name}";
allowOther = true;
directories = [
"Downloads"
"Music"
"Pictures"
"Documents"
"Videos"
config =
mkIf (config.environment.impermanence.enable && config.environment.impermanence.users != [ ])
{
programs.fuse.userAllowOther = true;
home-manager.users = listToAttrs (
map (name: {
inherit name;
value =
{ config, ... }:
{
directory = ".cache";
method = "symlink";
}
"Data"
];
};
};
})
config.environment.impermanence.users);
systemd.tmpfiles.rules = mkMerge (map (name: [
"d /persistent/home/${name} 700 ${name} ${config.users.users.${name}.group} - -"
"d /persistent/home/${name}/.cache 700 ${name} ${config.users.users.${name}.group} 7d -"
])
config.environment.impermanence.users);
systemd.services = listToAttrs (flatten (map (name: let
cfg = config.users.users.${name};
in [
{
name = "cleanup-home-${name}";
description = "Clean home directory for ${name}";
value = {
before = [
"user@${toString cfg.uid}.service"
"home-manager-${name}.service"
];
partOf = [
"user@${toString cfg.uid}.service"
];
serviceConfig.Type = "oneshot";
script = ''
if [[ -e ${cfg.home} ]]; then
timestamp=$(date --date="@$(stat -c %X ${cfg.home})" "+%Y-%m-%d_%H:%M:%S")
mkdir -p /persistent/old-homedirs/${name}
mv ${cfg.home} /persistent/old-homedirs/${name}/$timestamp
fi
home.file."${config.home.homeDirectory}/.cache/.keep" = {
enable = false;
};
home.persistence.default = {
persistentStoragePath = "/persistent/home/${name}";
allowOther = true;
directories = [
"Downloads"
"Music"
"Pictures"
"Documents"
"Videos"
{
directory = ".cache";
method = "symlink";
}
"Data"
];
};
};
}) config.environment.impermanence.users
);
systemd.tmpfiles.rules = mkMerge (
map (name: [
"d /persistent/home/${name} 700 ${name} ${config.users.users.${name}.group} - -"
"d /persistent/home/${name}/.cache 700 ${name} ${config.users.users.${name}.group} 7d -"
]) config.environment.impermanence.users
);
systemd.services = listToAttrs (
flatten (
map (
name:
let
cfg = config.users.users.${name};
in
[
{
name = "cleanup-home-${name}";
description = "Clean home directory for ${name}";
value = {
before = [
"user@${toString cfg.uid}.service"
"home-manager-${name}.service"
];
partOf = [
"user@${toString cfg.uid}.service"
];
serviceConfig.Type = "oneshot";
script = ''
if [[ -e ${cfg.home} ]]; then
timestamp=$(date --date="@$(stat -c %X ${cfg.home})" "+%Y-%m-%d_%H:%M:%S")
mkdir -p /persistent/old-homedirs/${name}
mv ${cfg.home} /persistent/old-homedirs/${name}/$timestamp
fi
delete_subvolume_recursively() {
IFS=$'\n'
for i in $(${pkgs.btrfs-progs}/bin/btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/persistent/old-homedirs/${name}/$i"
done
${pkgs.btrfs-progs}/bin/btrfs subvolume delete "$1" || rm -rf "$1"
}
delete_subvolume_recursively() {
IFS=$'\n'
for i in $(${pkgs.btrfs-progs}/bin/btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/persistent/old-homedirs/${name}/$i"
done
${pkgs.btrfs-progs}/bin/btrfs subvolume delete "$1" || rm -rf "$1"
}
for i in $(find /persistent/old-homedirs/${name} -maxdepth 1 -atime +30); do
delete_subvolume_recursively "$i"
done
for i in $(find /persistent/old-homedirs/${name} -maxdepth 1 -atime +30); do
delete_subvolume_recursively "$i"
done
${pkgs.btrfs-progs}/bin/btrfs subvolume create ${cfg.home}
chown -R ${name}:${cfg.group} ${cfg.home}
${pkgs.btrfs-progs}/bin/btrfs subvolume create ${cfg.home}
chown -R ${name}:${cfg.group} ${cfg.home}
mkdir -p /persistent/home/${name}
chown -R ${name}:${cfg.group} /persistent/home/${name}
'';
};
}
{
name = "home-manager-${name}";
value = {
wantedBy = mkForce [
"user@${toString cfg.uid}.service"
];
after = [
"cleanup-home-${name}.service"
];
before = [
"user@${toString cfg.uid}.service"
];
partOf = [
"user@${toString cfg.uid}.service"
];
};
}
])
config.environment.impermanence.users));
};
mkdir -p /persistent/home/${name}
chown -R ${name}:${cfg.group} /persistent/home/${name}
'';
};
}
{
name = "home-manager-${name}";
value = {
wantedBy = mkForce [
"user@${toString cfg.uid}.service"
];
after = [
"cleanup-home-${name}.service"
];
before = [
"user@${toString cfg.uid}.service"
];
partOf = [
"user@${toString cfg.uid}.service"
];
};
}
]
) config.environment.impermanence.users
)
);
};
}

12
modules/hydra/build-server.nix
View file

@ -3,13 +3,15 @@
config,
...
}:
with lib; {
with lib;
{
options.hydra.buildServer.enable = mkEnableOption "Make this device a build server";
imports = [
{
config.hydra.buildServer.enable = let
buildServers = import ./build-server-list.nix;
in
config.hydra.buildServer.enable =
let
buildServers = import ./build-server-list.nix;
in
mkDefault (any (t: t == config.networking.hostName) buildServers);
}
];
@ -21,6 +23,6 @@ with lib; {
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINN5Q/L2FyB3DIgdJRYnTGHW3naw5VQ9coOdwHYmv0aZ darkkirb@thinkrac"
];
};
nix.settings.trusted-users = ["remote-build"];
nix.settings.trusted-users = [ "remote-build" ];
};
}

177
modules/nix/autoupdater.nix
View file

@ -3,60 +3,62 @@
pkgs,
lib,
...
}: let
}:
let
cfg = config.nix.auto-update;
in
with lib; {
options.nix.auto-update = {
enable = mkEnableOption "enable automatic updates";
reboot = mkEnableOption "Reboot if kernel change";
hydraServer = mkOption {
type = types.str;
description = "Location of hydra server";
default = "https://hydra.chir.rs";
};
project = mkOption {
type = types.str;
description = "Project name to use";
default = "nixos-config";
};
jobset = mkOption {
type = types.str;
description = "Jobset name to use";
default = "pr618";
};
job = mkOption {
type = types.str;
description = "Job name to use";
default = "nixosConfigurations.${config.networking.hostName}";
defaultText = literalExpression ''"nixosConfigurations.''${config.networking.hostName}"'';
};
specialisation = mkOption {
type = types.nullOr types.str;
description = "specialisation to switch into";
default = null;
};
with lib;
{
options.nix.auto-update = {
enable = mkEnableOption "enable automatic updates";
reboot = mkEnableOption "Reboot if kernel change";
hydraServer = mkOption {
type = types.str;
description = "Location of hydra server";
default = "https://hydra.chir.rs";
};
project = mkOption {
type = types.str;
description = "Project name to use";
default = "nixos-config";
};
jobset = mkOption {
type = types.str;
description = "Jobset name to use";
default = "pr618";
};
job = mkOption {
type = types.str;
description = "Job name to use";
default = "nixosConfigurations.${config.networking.hostName}";
defaultText = literalExpression ''"nixosConfigurations.''${config.networking.hostName}"'';
};
specialisation = mkOption {
type = types.nullOr types.str;
description = "specialisation to switch into";
default = null;
};
};
config.nix.auto-update.enable = mkDefault config.nix.enable;
config.nix.auto-update.reboot = mkDefault true;
config.systemd.services.nixos-upgrade = mkIf config.nix.enable {
description = "NixOS Upgrade";
restartIfChanged = false;
unitConfig.X-StopOnRemoval = false;
config.nix.auto-update.enable = mkDefault config.nix.enable;
config.nix.auto-update.reboot = mkDefault true;
config.systemd.services.nixos-upgrade = mkIf config.nix.enable {
description = "NixOS Upgrade";
restartIfChanged = false;
unitConfig.X-StopOnRemoval = false;
wants = ["network-online.target"];
after = ["network-online.target"];
wants = [ "network-online.target" ];
after = [ "network-online.target" ];
serviceConfig.Type = "oneshot";
serviceConfig.Type = "oneshot";
script = let
output =
if cfg.specialisation == null
then "$output"
else "$output/specialisation/${cfg.specialisation}";
script =
let
output =
if cfg.specialisation == null then "$output" else "$output/specialisation/${cfg.specialisation}";
switchToConfiguration = "${output}/bin/switch-to-configuration";
in ''
in
''
#!${pkgs.bash}/bin/bash
set -euxo pipefail
build=$(${pkgs.curl}/bin/curl -H "accept: application/json" -G ${cfg.hydraServer}/api/latestbuilds -d "nr=10" -d "project=${cfg.project}" -d "jobset=${cfg.jobset}" -d "job=${cfg.job}" | ${pkgs.jq}/bin/jq -r '[.[]|select(.buildstatus==0)][0].id')
@ -65,49 +67,50 @@ in
output=$(${pkgs.nix}/bin/nix-store -r $drvname)
${pkgs.nix}/bin/nix-env -p /nix/var/nix/profiles/system --set ${output}
${
if cfg.reboot
then ''
${switchToConfiguration} boot
booted="$(${pkgs.coreutils}/bin/readlink /run/booted-system/{initrd,kernel,kernel-modules})"
built="$(${pkgs.coreutils}/bin/readlink ${output}/{initrd,kernel,kernel-modules})"
if [ "$booted" = "$built" ]; then
if cfg.reboot then
''
${switchToConfiguration} boot
booted="$(${pkgs.coreutils}/bin/readlink /run/booted-system/{initrd,kernel,kernel-modules})"
built="$(${pkgs.coreutils}/bin/readlink ${output}/{initrd,kernel,kernel-modules})"
if [ "$booted" = "$built" ]; then
${switchToConfiguration} switch
else
${pkgs.systemd}/bin/shutdown -r +1
fi
exit
''
else
''
${switchToConfiguration} switch
else
${pkgs.systemd}/bin/shutdown -r +1
fi
exit
''
else ''
${switchToConfiguration} switch
''
''
}
'';
};
};
config.systemd.timers.nixos-upgrade = {
enable = cfg.enable;
description = "Automatically update nixos";
requires = ["nixos-upgrade.service"];
wants = ["network-online.target"];
after = ["network-online.target"];
wantedBy = ["multi-user.target"];
timerConfig = {
OnUnitActiveSec = "30min";
RandomizedDelaySec = "1h";
};
config.systemd.timers.nixos-upgrade = {
enable = cfg.enable;
description = "Automatically update nixos";
requires = [ "nixos-upgrade.service" ];
wants = [ "network-online.target" ];
after = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
timerConfig = {
OnUnitActiveSec = "30min";
RandomizedDelaySec = "1h";
};
config.assertions = [
{
assertion = cfg.enable -> config.nix.enable;
message = "Auto updating will only work when nix itself is enabled.";
}
{
assertion = (cfg.specialisation != null) -> config.isSpecialisation;
message = "Automatic update switching to specialisation is only allowed in specialisations";
}
{
assertion = config.isSpecialisation -> (cfg.specialisation != null);
message = "Specifying the specialization name is required for autoupdate to work!";
}
];
}
};
config.assertions = [
{
assertion = cfg.enable -> config.nix.enable;
message = "Auto updating will only work when nix itself is enabled.";
}
{
assertion = (cfg.specialisation != null) -> config.isSpecialisation;
message = "Automatic update switching to specialisation is only allowed in specialisations";
}
{
assertion = config.isSpecialisation -> (cfg.specialisation != null);
message = "Specifying the specialization name is required for autoupdate to work!";
}
];
}

13
modules/nix/build-server.nix
View file

@ -3,7 +3,8 @@
lib,
...
}:
with lib; {
with lib;
{
config = mkIf (!config.isInstaller) {
nix.distributedBuilds = true;
nix.buildMachines = mkMerge [
@ -17,7 +18,15 @@ with lib; {
];
maxJobs = 4;
speedFactor = 1;
supportedFeatures = ["nixos-test" "benchmark" "ca-derivations" "gccarch-armv8-a" "gccarch-armv8.1-a" "gccarch-armv8.2-a" "big-parallel"];
supportedFeatures = [
"nixos-test"
"benchmark"
"ca-derivations"
"gccarch-armv8-a"
"gccarch-armv8.1-a"
"gccarch-armv8.2-a"
"big-parallel"
];
}
]
[

9
modules/nix/default.nix
View file

@ -3,7 +3,8 @@
lib,
...
}:
with lib; {
with lib;
{
imports = [
./link-inputs.nix
./lix.nix
@ -12,9 +13,9 @@ with lib; {
];
nix.settings = {
substituters = mkMerge [
["https://attic.chir.rs/chir-rs/"]
(mkIf (!config.isInstaller) ["https://hydra.int.chir.rs"])
(mkIf config.isInstaller ["https://hydra.chir.rs"])
[ "https://attic.chir.rs/chir-rs/" ]
(mkIf (!config.isInstaller) [ "https://hydra.int.chir.rs" ])
(mkIf config.isInstaller [ "https://hydra.chir.rs" ])
];
trusted-public-keys = [
"nixcache:8KKuGz95Pk4UJ5W/Ni+pN+v+LDTkMMFV4yrGmAYgkDg="

26
modules/nix/link-inputs.nix
View file

@ -2,22 +2,20 @@
lib,
inputs,
...
}: let
}:
let
# Taken from https://github.com/gytis-ivaskevicius/flake-utils-plus/blob/master/lib/options.nix
inherit (lib) filterAttrs mapAttrs';
flakes = filterAttrs (name: value: (value ? outputs)) inputs;
nixRegistry =
builtins.mapAttrs
(name: v: {flake = v;})
flakes;
in {
nixRegistry = builtins.mapAttrs (name: v: { flake = v; }) flakes;
in
{
nix.registry = nixRegistry;
environment.etc =
mapAttrs'
(name: value: {
name = "nix/inputs/${name}";
value = {source = value.outPath;};
})
flakes;
nix.nixPath = ["/etc/nix/inputs"];
environment.etc = mapAttrs' (name: value: {
name = "nix/inputs/${name}";
value = {
source = value.outPath;
};
}) flakes;
nix.nixPath = [ "/etc/nix/inputs" ];
}

8
modules/nix/lix.nix
View file

@ -5,11 +5,9 @@
pkgs,
lib,
...
}: {
imports =
if inTester
then []
else [lix-module.nixosModules.default];
}:
{
imports = if inTester then [ ] else [ lix-module.nixosModules.default ];
environment.systemPackages = lib.mkIf config.nix.enable [
pkgs.git

15
modules/riscv.nix
View file

@ -3,10 +3,11 @@
riscv-overlay,
...
}:
if system == "riscv64-linux"
then {
nixpkgs.overlays = [
riscv-overlay.overlays.default
];
}
else {}
if system == "riscv64-linux" then
{
nixpkgs.overlays = [
riscv-overlay.overlays.default
];
}
else
{ }

3
modules/secrets/sops.nix
View file

@ -2,7 +2,8 @@
sops-nix,
config,
...
}: {
}:
{
imports = [
"${sops-nix}/modules/sops"
];

5
programs/desktop/audacious.nix
View file

@ -1,5 +1,6 @@
{pkgs, ...}: {
home.packages = with pkgs; [audacious];
{ pkgs, ... }:
{
home.packages = with pkgs; [ audacious ];
home.persistence.default.directories = [
".config/audacious"
];

14
programs/desktop/default.nix
View file

@ -1,13 +1,15 @@
{config, pkgs, ...}: {
{ config, pkgs, ... }:
{
imports = [
./steam
];
home-manager.users.darkkirb.imports =
if config.isGraphical
then [
./home-manager.nix
]
else [];
if config.isGraphical then
[
./home-manager.nix
]
else
[ ];
environment.plasma6.excludePackages = with pkgs.kdePackages; [
pkgs.elisa

28
programs/desktop/firefox/default.nix
View file

@ -4,7 +4,8 @@
lib,
nur,
...
}: let
}:
let
extensions = {
"ublock-origin" = [
"alarms"
@ -102,7 +103,8 @@
nurpkgs = pkgs;
inherit pkgs;
};
in {
in
{
programs.firefox = {
enable = true;
nativeMessagingHosts = with pkgs; [
@ -139,18 +141,16 @@ in {
'';
};
};
assertions =
lib.mapAttrsToList (k: v: let
unaccepted =
lib.subtractLists
v
nur'.repos.rycee.firefox-addons.${k}.meta.mozPermissions;
in {
assertion = unaccepted == [];
message = ''
Extension ${k} has unaccepted permissions: ${builtins.toJSON unaccepted}'';
})
extensions;
assertions = lib.mapAttrsToList (
k: v:
let
unaccepted = lib.subtractLists v nur'.repos.rycee.firefox-addons.${k}.meta.mozPermissions;
in
{
assertion = unaccepted == [ ];
message = ''Extension ${k} has unaccepted permissions: ${builtins.toJSON unaccepted}'';
}
) extensions;
home.persistence.default.directories = [
".mozilla"
];

5
programs/desktop/games/default.nix
View file

@ -1,6 +1,7 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
imports = [
./ff14
];
home.packages = with pkgs; [factorio];
home.packages = with pkgs; [ factorio ];
}

11
programs/desktop/games/ff14/default.nix
View file

@ -1,6 +1,13 @@
{ config, pkgs, lib, systemConfig, ... }: {
{
config,
pkgs,
lib,
systemConfig,
...
}:
{
config = lib.mkIf (systemConfig.networking.hostName == "rainbow-resort") {
home.packages = with pkgs; [xivlauncher];
home.packages = with pkgs; [ xivlauncher ];
systemd.user.tmpfiles.rules = [
"L ${config.home.homeDirectory}/.xlcore - - - - ${config.home.homeDirectory}/Games/FF14/xlcore"
];

3
programs/desktop/home-manager.nix
View file

@ -1,4 +1,5 @@
{pkgs, nixos-config, ...}: {
{ pkgs, nixos-config, ... }:
{
imports = [
./firefox
./password-manager.nix

5
programs/desktop/ims.nix
View file

@ -1,8 +1,9 @@
{config, pkgs, ...}: {
{ config, pkgs, ... }:
{
home.packages = with pkgs; [
telegram-desktop
];
home.persistence.default.directories = [".local/share/TelegramDesktop"];
home.persistence.default.directories = [ ".local/share/TelegramDesktop" ];
systemd.user.tmpfiles.rules = [
"d ${config.xdg.cacheHome}/TelegramDesktop/cache - - - - -"
"d ${config.xdg.cacheHome}/TelegramDesktop/media_cache - - - - -"

5
programs/desktop/password-manager.nix
View file

@ -1,8 +1,9 @@
{ pkgs, lib, ... }: {
{ pkgs, lib, ... }:
{
home.packages = with pkgs; [
keepassxc
];
xdg.configFile."keepassxc.ini".text = lib.generators.toINI {} {
xdg.configFile."keepassxc.ini".text = lib.generators.toINI { } {
General.ConfigVersion = 2;
Browser = {
CustomProxyLocation = "";

5
programs/desktop/steam/default.nix
View file

@ -1,4 +1,5 @@
{lib, config, ...}: {
{ lib, config, ... }:
{
programs.steam = lib.mkIf config.isGraphical {
enable = !config.isInstaller;
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
@ -7,5 +8,5 @@
};
nixpkgs.config.allowUnfree = true;
home-manager.users.darkkirb.imports = if config.isGraphical then [./home-manager.nix] else [];
home-manager.users.darkkirb.imports = if config.isGraphical then [ ./home-manager.nix ] else [ ];
}

13
programs/desktop/steam/home-manager.nix
View file

@ -1,6 +1,9 @@
{...}: {
home.persistence.default.directories = [{
directory = ".local/share/Steam";
method = "symlink";
}];
{ ... }:
{
home.persistence.default.directories = [
{
directory = ".local/share/Steam";
method = "symlink";
}
];
}

5
programs/desktop/syncthing/default.nix
View file

@ -1,7 +1,8 @@
{config, systemConfig, ...}: {
{ config, systemConfig, ... }:
{
services.syncthing = {
enable = true;
tray.enable = true;
};
home.persistence.default.directories = [".local/state/syncthing"];
home.persistence.default.directories = [ ".local/state/syncthing" ];
}

5
programs/editors/default.nix
View file

@ -1,6 +1,7 @@
{config, ...}: {
{ config, ... }:
{
imports = [
./nvim
];
home-manager.users.darkkirb.imports = if config.isGraphical then [./vscode] else [];
home-manager.users.darkkirb.imports = if config.isGraphical then [ ./vscode ] else [ ];
}

16
programs/editors/nvim/globals.nix
View file

@ -3,16 +3,12 @@
pkgs,
lib,
...
}: let
boolToStr = b:
if b
then "true"
else "false";
boolToStr' = b:
if b
then "1"
else "0";
in {
}:
let
boolToStr = b: if b then "true" else "false";
boolToStr' = b: if b then "1" else "0";
in
{
xdg.configFile."nvim/lua/globals.lua".text = ''
local fn = vim.fn
local api = vim.api

5
programs/editors/nvim/home-manager.nix
View file

@ -2,13 +2,14 @@
pkgs,
config,
...
}: {
}:
{
imports = [
./globals.nix
./plugins/lazy-nvim.nix
];
programs.neovim = {
plugins = with pkgs.vimPlugins; [lazy-nvim];
plugins = with pkgs.vimPlugins; [ lazy-nvim ];
enable = true;
viAlias = true;
vimAlias = true;

56
programs/editors/nvim/plugins/lazy-nvim.nix
View file

@ -2,11 +2,13 @@
pkgs,
config,
...
}: {
}:
{
programs.neovim = {
plugins = with pkgs.vimPlugins;
plugins =
with pkgs.vimPlugins;
[
(nvim-treesitter.withPlugins (p: []))
(nvim-treesitter.withPlugins (p: [ ]))
(pkgs.vimUtils.buildVimPlugin {
name = "vim-highlighturl";
src = pkgs.fetchFromGitHub {
@ -39,7 +41,10 @@
indent-blankline-nvim
lazy-nvim
(LeaderF.overrideAttrs (super: {
buildInputs = [pkgs.python3 pkgs.python3Packages.setuptools];
buildInputs = [
pkgs.python3
pkgs.python3Packages.setuptools
];
}))
lspkind-nvim
lualine-nvim
@ -84,12 +89,13 @@
zen-mode-nvim
]
++ (
if pkgs.targetPlatform.system != "riscv64-linux"
then [
diffview-nvim
vim-grammarous
]
else []
if pkgs.targetPlatform.system != "riscv64-linux" then
[
diffview-nvim
vim-grammarous
]
else
[ ]
);
};
xdg.configFile."nvim/lua/config/lazy-nvim.lua".text = ''
@ -280,12 +286,14 @@
-- Better git commit experience
{ "rhysd/committia.vim", lazy = true },
${
if pkgs.targetPlatform.system != "riscv64-linux"
then '' {
"sindrets/diffview.nvim"
},''
else ""
}
if pkgs.targetPlatform.system != "riscv64-linux" then
''
{
"sindrets/diffview.nvim"
},''
else
""
}
{
"kevinhwang91/nvim-bqf",
ft = "qf",
@ -310,13 +318,15 @@
end,
},
${
if pkgs.targetPlatform.system != "riscv64-linux"
then '' {
"rhysd/vim-grammarous",
ft = { "markdown" },
},''
else ""
}
if pkgs.targetPlatform.system != "riscv64-linux" then
''
{
"rhysd/vim-grammarous",
ft = { "markdown" },
},''
else
""
}
{ "chrisbra/unicode.vim", event = "VeryLazy" },
-- Additional powerful text object for vim, this plugin should be studied
-- carefully to use its full power

3
programs/editors/vscode/default.nix
View file

@ -1,4 +1,5 @@
{vscode-server, pkgs, ...}: {
{ vscode-server, pkgs, ... }:
{
imports = [
"${vscode-server}/modules/vscode-server/home.nix"
];

8
programs/home-manager.nix
View file

@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
programs.eza.enable = true;
programs.bat.enable = true;
programs.fzf.enable = true;
@ -6,5 +7,8 @@
cat = "bat";
less = "bat";
};
home.packages = with pkgs; [ripgrep fd];
home.packages = with pkgs; [
ripgrep
fd
];
}

3
programs/shell/fish/default.nix
View file

@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
programs.fish.enable = true;
home-manager.users.root.imports = [
./home-manager.nix

3
programs/shell/fish/home-manager.nix
View file

@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
imports = [
./tide.nix
./z.nix

3
programs/shell/fish/tide.nix
View file

@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
programs.fish.plugins = with pkgs.fishPlugins; [
{
name = "tide";

3
programs/shell/fish/z.nix
View file

@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
programs.fish.plugins = with pkgs.fishPlugins; [
{
name = "z";

3
programs/shell/tmux/default.nix
View file

@ -1,4 +1,5 @@
{...}: {
{ ... }:
{
home-manager.users.root.imports = [
./home-manager.nix
];

3
programs/shell/tmux/home-manager.nix
View file

@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
programs.tmux = {
enable = true;
baseIndex = 1;

13
programs/ssh/builders.nix
View file

@ -3,12 +3,15 @@
systemConfig,
lib,
...
}: let
}:
let
identityFile =
if config.home.username == "root"
then systemConfig.sops.secrets.".ssh/builder_id_ed25519".path
else config.sops.secrets.".ssh/builder_id_ed25519".path;
in {
if config.home.username == "root" then
systemConfig.sops.secrets.".ssh/builder_id_ed25519".path
else
config.sops.secrets.".ssh/builder_id_ed25519".path;
in
{
programs.ssh = {
enable = true;
matchBlocks = {

24
programs/ssh/home-manager.nix
View file

@ -3,19 +3,29 @@
config,
systemConfig,
...
}: {
}:
{
imports = [
./builders.nix
];
programs.ssh = {
controlMaster = "auto";
controlPersist = "10m";
matchBlocks."*" = lib.hm.dag.entryAfter ["build-nas" "build-rainbow-resort" "build-aarch64" "build-riscv"] {
identityFile =
if config.home.username == "root"
then systemConfig.sops.secrets.".ssh/id_ed25519_sk".path
else config.sops.secrets.".ssh/id_ed25519_sk".path;
};
matchBlocks."*" =
lib.hm.dag.entryAfter
[
"build-nas"
"build-rainbow-resort"
"build-aarch64"
"build-riscv"
]
{
identityFile =
if config.home.username == "root" then
systemConfig.sops.secrets.".ssh/id_ed25519_sk".path
else
config.sops.secrets.".ssh/id_ed25519_sk".path;
};
enable = true;
};
sops.secrets = lib.mkIf (config.home.username != "root") {

3
services/desktop/default.nix
View file

@ -1,4 +1,5 @@
{...}: {
{ ... }:
{
imports = [
./kdeconnect.nix
];

3
services/desktop/kdeconnect.nix
View file

@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
services.kdeconnect = {
enable = true;
indicator = true;

5
services/openssh.nix
View file

@ -1,4 +1,5 @@
{...}: {
{ ... }:
{
services.openssh.enable = true;
services.openssh.settings = {
PermitRootLogin = "yes";
@ -9,5 +10,5 @@
"instance-20221213-1915.int.chir.rs".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE+GanuiV1I08OP8+nNy24+zagQN08rtJnCoU/ixiQNn";
"not522.tailbab65.ts.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILpOcmvVODaja3wDdnocb/k6MK7vsh5uH8gpeHR9+/rY";
};
networking.firewall.allowedTCPPorts = [22];
networking.firewall.allowedTCPPorts = [ 22 ];
}

3
services/tailscale.nix
View file

@ -3,7 +3,8 @@
lib,
...
}:
with lib; {
with lib;
{
config = mkIf (!config.isInstaller) {
services.tailscale = {
enable = true;

26
tests/containers-default.nix
View file

@ -6,18 +6,22 @@
}:
testers.runNixOSTest {
name = "container-default-test";
nodes.default = {
config,
pkgs,
nixos-config,
...
}: {
imports = [
nixos-config.nixosModules.default
];
autoContainers = ["default"];
nodes.default =
{
config,
pkgs,
nixos-config,
...
}:
{
imports = [
nixos-config.nixosModules.default
];
autoContainers = [ "default" ];
};
node.specialArgs = inputs // {
inTester = true;
};
node.specialArgs = inputs // {inTester = true;};
testScript = ''
machine.wait_for_unit("container@default.service")
'';

3
users/common/default.nix
View file

@ -1,3 +1,4 @@
{...}: {
{ ... }:
{
home.stateVersion = "24.11";
}

12
users/darkkirb/default.nix
View file

@ -1,4 +1,5 @@
{config, ...}: {
{ config, ... }:
{
users.users.darkkirb = {
createHome = true;
isNormalUser = true;
@ -6,7 +7,7 @@
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDXQlfvRUm/z6eP1EjsajIbMibkq9n+ymlbBi7NFiOuaAAAABHNzaDo= ssh:"
];
hashedPasswordFile = config.sops.secrets."users/users/darkkirb/hashedPassword".path;
extraGroups = ["wheel"];
extraGroups = [ "wheel" ];
};
sops.secrets."users/users/darkkirb/hashedPassword" = {
neededForUsers = true;
@ -16,7 +17,8 @@
owner = "darkkirb";
sopsFile = ./system.yaml;
};
home-manager.users.darkkirb.sops.age.keyFile = config.sops.secrets."users/users/darkkirb/age-key".path;
home-manager.users.darkkirb.sops.age.keyFile =
config.sops.secrets."users/users/darkkirb/age-key".path;
home-manager.users.darkkirb.home.persistence.default.directories = [
"sources"
{
@ -24,6 +26,6 @@
method = "symlink";
}
];
home-manager.users.darkkirb.imports = [./home-manager];
environment.impermanence.users = ["darkkirb"];
home-manager.users.darkkirb.imports = [ ./home-manager ];
environment.impermanence.users = [ "darkkirb" ];
}

3
users/darkkirb/home-manager/default.nix
View file

@ -1,4 +1,5 @@
{...}: {
{ ... }:
{
imports = [
./git.nix
];

9
users/darkkirb/home-manager/git.nix
View file

@ -1,10 +1,8 @@
{pkgs, systemConfig, ...}: {
{ pkgs, systemConfig, ... }:
{
programs.git = {
enable = true;
package =
if systemConfig.isGraphical
then pkgs.gitAndTools.gitFull
else pkgs.git;
package = if systemConfig.isGraphical then pkgs.gitAndTools.gitFull else pkgs.git;
lfs.enable = true;
userEmail = "lotte@chir.rs";
userName = "Charlotte 🦝 Delenk";
@ -17,4 +15,3 @@
delta.enable = true;
};
}

3
users/default.nix
View file

@ -1,4 +1,5 @@
{...}: {
{ ... }:
{
imports = [
./home-manager.nix
./root

13
users/home-manager.nix
View file

@ -5,17 +5,16 @@
config,
sops-nix,
...
}: {
}:
{
home-manager = {
useUserPackages = true;
useGlobalPkgs = true;
backupFileExtension = "backup";
extraSpecialArgs =
inputs
// {
inherit inputs inputs';
systemConfig = config;
};
extraSpecialArgs = inputs // {
inherit inputs inputs';
systemConfig = config;
};
sharedModules = [
./common
"${impermanence}/home-manager.nix"

7
users/root/default.nix
View file

@ -3,7 +3,8 @@
config,
lib,
...
}: {
}:
{
users.users.root = {
createHome = true;
openssh.authorizedKeys.keys = [
@ -23,6 +24,6 @@
mode = "600";
sopsFile = "${nixos-config}/programs/ssh/shared-keys.yaml";
};
home-manager.users.root.sops.secrets = lib.mkForce {};
environment.impermanence.users = ["root"];
home-manager.users.root.sops.secrets = lib.mkForce { };
environment.impermanence.users = [ "root" ];
}