commit 4556170d55e467095427df64969545294aa25404 · ptr.pet/ark

+20 -12

flake.nix

···

       11
       11
        
             tlib = import ./lib lib;

     

       12
       12
        
             l = lib;

     

       13
       13
        
       

     

       14
       14
       -
             makePkgsSet = system: import ./pkgs-set {

     

       15
       15
       -
               inherit system lib tlib flakeInputs;

     

       16
       16
       -
             };

     

       14
       14
       +
             makePkgsSet =

     

       15
       15
       +
               system:

     

       16
       16
       +
               import ./pkgs-set {

     

       17
       17
       +
                 inherit

     

       18
       18
       +
                   system

     

       19
       19
       +
                   lib

     

       20
       20
       +
                   tlib

     

       21
       21
       +
                   flakeInputs

     

       22
       22
       +
                   ;

     

       23
       23
       +
               };

     

       17
       24
        
             allPkgsSets = tlib.genSystems makePkgsSet;

     

       18
       25
        
       

     

       19
       26
        
             miscApps =

     

       20
       27
        
               l.mapAttrs

     

       21
       28
        
                 (

     

       22
       22
       -
                   _: l.mapAttrs (_: cmd: {

     

       23
       23
       -
                     type = "app";

     

       24
       24
       -
                     program = cmd;

     

       25
       25
       -
                   })

     

       29
       29
       +
                   _:

     

       30
       30
       +
                   l.mapAttrs (

     

       31
       31
       +
                     _: cmd: {

     

       32
       32
       +
                       type = "app";

     

       33
       33
       +
                       program = cmd;

     

       34
       34
       +
                     }

     

       35
       35
       +
                   )

     

       26
       36
        
                 )

     

       27
       37
        
                 (

     

       28
       28
       -
                   l.mapAttrs

     

       29
       29
       -
                   (_: set: {

     

       38
       38
       +
                   l.mapAttrs (_: set: {

     

       30
       39
        
                     deploy-ncr = l.getExe set.terra.deploy-ncr;

     

       31
       40
        
                     dns = l.getExe set.terra.dnsmngmt;

     

       32
       32
       -
                   })

     

       33
       33
       -
                   allPkgsSets

     

       41
       41
       +
                   }) allPkgsSets

     

       34
       42
        
                 );

     

       35
       43
        
           in

     

       36
       44
        
           {

     
···

       38
       46
        
             nixosConfigurations = import ./hosts { inherit lib tlib allPkgsSets; };

     

       39
       47
        
             homeConfigurations = import ./users { inherit lib tlib allPkgsSets; };

     

       40
       48
        
       

     

       41
       41
       -
             legacyPackages = l.mapAttrs (_: set: set.pkgs // {inherit (set) inputs;}) allPkgsSets;

     

       49
       49
       +
             legacyPackages = l.mapAttrs (_: set: set.pkgs // { inherit (set) inputs; }) allPkgsSets;

     

       42
       50
        
             packages = l.mapAttrs (_: set: set.exported) allPkgsSets;

     

       43
       51
        
             apps = miscApps;

     

       44
       52

+12 -13

hosts/tkaronto/default.nix

···

       145
       145
        
           4995

     

       146
       146
        
         ];

     

       147
       147
        
         # musikcube

     

       148
       148
       -
         networking.firewall.allowedTCPPorts =

     

       149
       149
       -
           [

     

       150
       150
       -
             7905

     

       151
       151
       -
             7906

     

       152
       152
       -
           ]

     

       153
       153
       -
           ++ [

     

       154
       154
       -
             6695

     

       155
       155
       -
             6696

     

       156
       156
       -
             6697

     

       157
       157
       -
             6698

     

       158
       158
       -
             6699

     

       159
       159
       -
           ]

     

       160
       160
       -
           ++ [ 50300 ];

     

       148
       148
       +
         networking.firewall.allowedTCPPorts = [

     

       149
       149
       +
           7905

     

       150
       150
       +
           7906

     

       151
       151
       +
         ]

     

       152
       152
       +
         ++ [

     

       153
       153
       +
           6695

     

       154
       154
       +
           6696

     

       155
       155
       +
           6697

     

       156
       156
       +
           6698

     

       157
       157
       +
           6699

     

       158
       158
       +
         ]

     

       159
       159
       +
         ++ [ 50300 ];

     

       161
       160
        
       

     

       162
       161
        
         # for tailscale

     

       163
       162
        
         networking.firewall.checkReversePath = "loose";

+2 -1

hosts/wolumonde/default.nix

···

       10
       10
        
           "${inputs.agenix}/modules/age.nix"

     

       11
       11
        
           "${inputs.ncr}/firewall"

     

       12
       12
        
           "${inputs.ncr}/firewall/hetzner"

     

       13
       13
       -
         ] ++ (tlib.importFolder (toString ./modules));

     

       13
       13
       +
         ]

     

       14
       14
       +
         ++ (tlib.importFolder (toString ./modules));

     

       14
       15
        
       

     

       15
       16
        
         environment.systemPackages = with pkgs; [

     

       16
       17
        
           magic-wormhole-rs

+13 -14

hosts/wolumonde/modules/atproto.nix

···

       30
       30
        
         };

     

       31
       31
        
       in

     

       32
       32
        
       {

     

       33
       33
       -
         services.nginx.virtualHosts =

     

       34
       34
       -
           {

     

       35
       35
       -
             # "gaze.systems" = mkWellKnownCfg {

     

       36
       36
       -
             #   "atproto-did" = pkgs.writeText "server" "did:plc:dfl62fgb7wtjj3fcbb72naae";

     

       37
       37
       -
             # };

     

       38
       38
       -
             "poor.dog" = mkWellKnownCfg {

     

       39
       39
       -
               "atproto-did" = pkgs.writeText "server" "did:plc:dfl62fgb7wtjj3fcbb72naae";

     

       40
       40
       -
             };

     

       41
       41
       -
             # "9.0.0.0.8.e.f.1.5.0.7.4.0.1.0.0.2.ip6.arpa" = mkWellKnownCfg {

     

       42
       42
       -
             #   "atproto-did" = pkgs.writeText "server" "did:plc:dfl62fgb7wtjj3fcbb72naae";

     

       43
       43
       -
             # };

     

       44
       44
       -
           }

     

       45
       45
       -
           // (mkDidWebCfg "dawn.gaze.systems")

     

       46
       46
       -
           // (mkDidWebCfg "guestbook.gaze.systems");

     

       33
       33
       +
         services.nginx.virtualHosts = {

     

       34
       34
       +
           # "gaze.systems" = mkWellKnownCfg {

     

       35
       35
       +
           #   "atproto-did" = pkgs.writeText "server" "did:plc:dfl62fgb7wtjj3fcbb72naae";

     

       36
       36
       +
           # };

     

       37
       37
       +
           "poor.dog" = mkWellKnownCfg {

     

       38
       38
       +
             "atproto-did" = pkgs.writeText "server" "did:plc:dfl62fgb7wtjj3fcbb72naae";

     

       39
       39
       +
           };

     

       40
       40
       +
           # "9.0.0.0.8.e.f.1.5.0.7.4.0.1.0.0.2.ip6.arpa" = mkWellKnownCfg {

     

       41
       41
       +
           #   "atproto-did" = pkgs.writeText "server" "did:plc:dfl62fgb7wtjj3fcbb72naae";

     

       42
       42
       +
           # };

     

       43
       43
       +
         }

     

       44
       44
       +
         // (mkDidWebCfg "dawn.gaze.systems")

     

       45
       45
       +
         // (mkDidWebCfg "guestbook.gaze.systems");

     

       47
       46
        
         # // (mkDidWebCfg "9.0.0.0.8.e.f.1.5.0.7.4.0.1.0.0.2.ip6.arpa");

     

       48
       47
        
       }

+1 -1

hosts/wolumonde/modules/blog.nix

···

       6
       6
        
       }:

     

       7
       7
        
       let

     

       8
       8
        
         PUBLIC_BASE_URL = "https://gaze.systems";

     

       9
       9
       -
         modules = (pkgs.callPackage "${inputs.blog}/nix/modules.nix" {}).overrideAttrs (_: {

     

       9
       9
       +
         modules = (pkgs.callPackage "${inputs.blog}/nix/modules.nix" { }).overrideAttrs (_: {

     

       10
       10
        
           outputHash = "sha256-CO0bFv5WbNBSgucHCb+I9kIZEkh6QqWngRra0luMtSI=";

     

       11
       11
        
         });

     

       12
       12
        
         pkg = pkgs.callPackage "${inputs.blog}/nix" {

+12 -4

hosts/wolumonde/modules/headplane.nix

···

       1
       1
       -
       {lib, config, pkgs, terra, inputs, ...}:

     

       1
       1
       +
       {

     

       2
       2
       +
         lib,

     

       3
       3
       +
         config,

     

       4
       4
       +
         pkgs,

     

       5
       5
       +
         terra,

     

       6
       6
       +
         inputs,

     

       7
       7
       +
         ...

     

       8
       8
       +
       }:

     

       2
       9
        
       let

     

       3
       3
       -
         format = pkgs.formats.yaml {};

     

       10
       10
       +
         format = pkgs.formats.yaml { };

     

       4
       11
        
       

     

       5
       12
        
         # A workaround generate a valid Headscale config accepted by Headplane when `config_strict == true`.

     

       6
       13
        
         settings = lib.recursiveUpdate config.services.headscale.settings {

     
···

       14
       21
        
         headscaleConfig = format.generate "headscale.yml" settings;

     

       15
       22
        
       

     

       16
       23
        
         cfg = config.services.headplane.settings;

     

       17
       17
       -
       in {

     

       18
       18
       -
         imports = ["${inputs.headplane}/nix/module.nix"];

     

       24
       24
       +
       in

     

       25
       25
       +
       {

     

       26
       26
       +
         imports = [ "${inputs.headplane}/nix/module.nix" ];

     

       19
       27
        
       

     

       20
       28
        
         services.headplane = {

     

       21
       29
        
           enable = true;

+10 -3

hosts/wolumonde/modules/headscale.nix/default.nix

···

       1
       1
       -
       {config, ...}: let

     

       1
       1
       +
       { config, ... }:

     

       2
       2
       +
       let

     

       2
       3
        
         rootDomain = "gaze.systems";

     

       3
       4
        
         domain = "vpn.${rootDomain}";

     

       4
       4
       -
       in {

     

       5
       5
       +
       in

     

       6
       6
       +
       {

     

       5
       7
        
         age.secrets.headscaleOidcSecret = {

     

       6
       8
        
           file = ../../../../secrets/headscaleOidcSecret.age;

     

       7
       9
        
           mode = "600";

     
···

       21
       23
        
             };

     

       22
       24
        
             dns = {

     

       23
       25
        
               base_domain = "lan.${rootDomain}";

     

       24
       24
       -
               nameservers.global = ["1.1.1.1" "1.0.0.1" "9.9.9.9" "149.112.112.112"];

     

       26
       26
       +
               nameservers.global = [

     

       27
       27
       +
                 "1.1.1.1"

     

       28
       28
       +
                 "1.0.0.1"

     

       29
       29
       +
                 "9.9.9.9"

     

       30
       30
       +
                 "149.112.112.112"

     

       31
       31
       +
               ];

     

       25
       32
        
             };

     

       26
       33
        
             oidc = {

     

       27
       34
        
               issuer = config.services.pocket-id.settings.APP_URL;

+1 -1

hosts/wolumonde/modules/limbusart.nix

···

       5
       5
        
         ...

     

       6
       6
        
       }:

     

       7
       7
        
       let

     

       8
       8
       -
         pkg = pkgs.callPackage "${inputs.limbusart}/package.nix" {};

     

       8
       8
       +
         pkg = pkgs.callPackage "${inputs.limbusart}/package.nix" { };

     

       9
       9
        
       in

     

       10
       10
        
       {

     

       11
       11
        
         systemd.services.limbusart = {

+2 -2

hosts/wolumonde/modules/nginx.nix

···

       16
       16
        
           statusPage = true;

     

       17
       17
        
         };

     

       18
       18
        
       

     

       19
       19
       -
         networking.firewall.public."http".allowedTCPPorts = [80];

     

       20
       20
       -
         networking.firewall.public."https".allowedTCPPorts = [443];

     

       19
       19
       +
         networking.firewall.public."http".allowedTCPPorts = [ 80 ];

     

       20
       20
       +
         networking.firewall.public."https".allowedTCPPorts = [ 443 ];

     

       21
       21
        
       

     

       22
       22
        
         # output json logs so we can consume them more easily

     

       23
       23
        
         services.nginx.appendHttpConfig = ''

+4 -4

hosts/wolumonde/modules/nsid-tracker.nix

···

       6
       6
        
       }:

     

       7
       7
        
       let

     

       8
       8
        
         client-modules =

     

       9
       9
       -
           (pkgs.callPackage "${inputs.nsid-tracker}/nix/client-modules.nix" {})

     

       10
       10
       -
           .overrideAttrs (_: {

     

       11
       11
       -
             outputHash = "sha256-TzTafbNTng/mMyf0yR9Rc6XS9/zzipwmK9SUWm2XxeY=";

     

       12
       12
       -
           });

     

       9
       9
       +
           (pkgs.callPackage "${inputs.nsid-tracker}/nix/client-modules.nix" { }).overrideAttrs

     

       10
       10
       +
             (_: {

     

       11
       11
       +
               outputHash = "sha256-TzTafbNTng/mMyf0yR9Rc6XS9/zzipwmK9SUWm2XxeY=";

     

       12
       12
       +
             });

     

       13
       13
        
         client = pkgs.callPackage "${inputs.nsid-tracker}/nix/client.nix" {

     

       14
       14
        
           PUBLIC_API_URL = "gaze.systems/nsid-tracker/api";

     

       15
       15
        
           inherit client-modules;

+29 -30

hosts/wolumonde/modules/pds.nix

···

       6
       6
        
         services.nginx.virtualHosts.${config.services.pds.settings.PDS_HOSTNAME} = {

     

       7
       7
        
           useACMEHost = "gaze.systems";

     

       8
       8
        
           forceSSL = true;

     

       9
       9
       -
           locations =

     

       10
       10
       -
             {

     

       11
       11
       -
               # we need to proxy /xrpc for pds to work

     

       12
       12
       -
               # silly but i want root domain >:3

     

       13
       13
       -
               "/xrpc" = {

     

       14
       14
       -
                 proxyPass = pdsLocalhost;

     

       15
       15
       -
                 proxyWebsockets = true;

     

       16
       16
       -
                 # pass ws headers so we can actually proxy the ws

     

       17
       17
       -
                 extraConfig = ''

     

       18
       18
       -
                   proxy_set_header id $request_id;

     

       19
       19
       -
                   client_max_body_size 100M;

     

       20
       20
       -
                 '';

     

       21
       21
       -
                 # higher prio just to make sure

     

       22
       22
       -
                 priority = 100;

     

       23
       23
       -
               };

     

       24
       24
       -
             }

     

       25
       25
       -
             # others

     

       26
       26
       -
             // (lib.genAttrs

     

       27
       27
       -
               [

     

       28
       28
       -
                 "/@atproto"

     

       29
       29
       -
                 "/oauth"

     

       30
       30
       -
                 "=/.well-known/oauth-protected-resource"

     

       31
       31
       -
                 "=/.well-known/oauth-authorization-server"

     

       32
       32
       -
               ]

     

       33
       33
       -
               (_: {

     

       34
       34
       -
                 proxyPass = pdsLocalhost;

     

       35
       35
       -
                 # higher prio just to make sure

     

       36
       36
       -
                 priority = 100;

     

       37
       37
       -
               })

     

       38
       38
       -
             );

     

       9
       9
       +
           locations = {

     

       10
       10
       +
             # we need to proxy /xrpc for pds to work

     

       11
       11
       +
             # silly but i want root domain >:3

     

       12
       12
       +
             "/xrpc" = {

     

       13
       13
       +
               proxyPass = pdsLocalhost;

     

       14
       14
       +
               proxyWebsockets = true;

     

       15
       15
       +
               # pass ws headers so we can actually proxy the ws

     

       16
       16
       +
               extraConfig = ''

     

       17
       17
       +
                 proxy_set_header id $request_id;

     

       18
       18
       +
                 client_max_body_size 100M;

     

       19
       19
       +
               '';

     

       20
       20
       +
               # higher prio just to make sure

     

       21
       21
       +
               priority = 100;

     

       22
       22
       +
             };

     

       23
       23
       +
           }

     

       24
       24
       +
           # others

     

       25
       25
       +
           // (lib.genAttrs

     

       26
       26
       +
             [

     

       27
       27
       +
               "/@atproto"

     

       28
       28
       +
               "/oauth"

     

       29
       29
       +
               "=/.well-known/oauth-protected-resource"

     

       30
       30
       +
               "=/.well-known/oauth-authorization-server"

     

       31
       31
       +
             ]

     

       32
       32
       +
             (_: {

     

       33
       33
       +
               proxyPass = pdsLocalhost;

     

       34
       34
       +
               # higher prio just to make sure

     

       35
       35
       +
               priority = 100;

     

       36
       36
       +
             })

     

       37
       37
       +
           );

     

       39
       38
        
         };

     

       40
       39
        
         # setup pds stuff

     

       41
       40
        
         services.pds = {

+15 -8

hosts/wolumonde/modules/perses.nix/default.nix

···

       1
       1
       -
       { pkgs, terra, config, ... }:

     

       1
       1
       +
       {

     

       2
       2
       +
         pkgs,

     

       3
       3
       +
         terra,

     

       4
       4
       +
         config,

     

       5
       5
       +
         ...

     

       6
       6
       +
       }:

     

       2
       7
        
       let

     

       3
       8
        
         domain = "dash.gaze.systems";

     

       4
       9
        
         port = 7412;

     
···

       15
       20
        
           security = {

     

       16
       21
        
             enable_auth = true;

     

       17
       22
        
             authentication = {

     

       18
       18
       -
               providers.oidc = [{

     

       19
       19
       -
                 slug_id = "pocketid";

     

       20
       20
       -
                 name = "Pocket ID";

     

       21
       21
       -
                 client_id = "aa583db6-e03c-4490-853a-7f2b3e089fbe";

     

       22
       22
       -
                 issuer = config.services.pocket-id.settings.APP_URL;

     

       23
       23
       -
                 scopes = ["openid profile email"];

     

       24
       24
       -
               }];

     

       23
       23
       +
               providers.oidc = [

     

       24
       24
       +
                 {

     

       25
       25
       +
                   slug_id = "pocketid";

     

       26
       26
       +
                   name = "Pocket ID";

     

       27
       27
       +
                   client_id = "aa583db6-e03c-4490-853a-7f2b3e089fbe";

     

       28
       28
       +
                   issuer = config.services.pocket-id.settings.APP_URL;

     

       29
       29
       +
                   scopes = [ "openid profile email" ];

     

       30
       30
       +
                 }

     

       31
       31
       +
               ];

     

       25
       32
        
               disable_sign_up = true;

     

       26
       33
        
             };

     

       27
       34
        
             cookie = {

+1 -1

hosts/wolumonde/modules/ssh.nix

···

       8
       8
        
         users.users.root.openssh.authorizedKeys.keys = [

     

       9
       9
        
           (builtins.readFile "${inputs.self}/secrets/yusdacra.key.pub")

     

       10
       10
        
         ];

     

       11
       11
       -
         networking.firewall.public."ssh".allowedTCPPorts = [22];

     

       11
       11
       +
         networking.firewall.public."ssh".allowedTCPPorts = [ 22 ];

     

       12
       12
        
       }

+2 -1

hosts/wolumonde/modules/tailscale.nix

···

       1
       1
       -
       {config, ...}: {

     

       1
       1
       +
       { config, ... }:

     

       2
       2
       +
       {

     

       2
       3
        
         age.secrets.tailscaleAuthKey.file = ../../../secrets/tailscaleAuthKey.age;

     

       3
       4
        
       

     

       4
       5
        
         services.tailscale = {

+10 -4

hosts/wolumonde/modules/tangled.nix

···

       1
       1
       -
       { lib, config, inputs, terra, ... }:

     

       1
       1
       +
       {

     

       2
       2
       +
         lib,

     

       3
       3
       +
         config,

     

       4
       4
       +
         inputs,

     

       5
       5
       +
         terra,

     

       6
       6
       +
         ...

     

       7
       7
       +
       }:

     

       2
       8
        
       let

     

       3
       9
        
         knotCfg = config.services.tangled-knot;

     

       4
       10
        
         spindleCfg = config.services.tangled-spindle;

     
···

       46
       52
        
           group = "spindle";

     

       47
       53
        
           isSystemUser = true;

     

       48
       54
        
         };

     

       49
       49
       -
         users.groups.spindle = {};

     

       50
       50
       -
         users.groups.podman.members = ["spindle"];

     

       55
       55
       +
         users.groups.spindle = { };

     

       56
       56
       +
         users.groups.podman.members = [ "spindle" ];

     

       51
       57
        
         systemd.services.spindle = {

     

       52
       52
       -
           after = lib.mkForce ["network.target"];

     

       58
       58
       +
           after = lib.mkForce [ "network.target" ];

     

       53
       59
        
           serviceConfig = {

     

       54
       60
        
             User = "spindle";

     

       55
       61
        
             Group = "spindle";

+6 -4

hosts/wolumonde/modules/unbound.nix

···

       1
       1
       -
       {config, lib, ...}: let

     

       1
       1
       +
       { config, lib, ... }:

     

       2
       2
       +
       let

     

       2
       3
        
         cfg = config.services.unbound.settings;

     

       3
       3
       -
       in {

     

       4
       4
       +
       in

     

       5
       5
       +
       {

     

       4
       6
        
         services.unbound = {

     

       5
       7
        
           enable = true;

     

       6
       8
        
           enableRootTrustAnchor = false;

     
···

       47
       49
        
           };

     

       48
       50
        
         };

     

       49
       51
        
         networking.firewall = {

     

       50
       50
       -
           allowedTCPPorts = [cfg.server.port];

     

       51
       51
       -
           allowedUDPPorts = [cfg.server.port];

     

       52
       52
       +
           allowedTCPPorts = [ cfg.server.port ];

     

       53
       53
       +
           allowedUDPPorts = [ cfg.server.port ];

     

       52
       54
        
         };

     

       53
       55
        
       }

+2 -1

hosts/wsl/default.nix

···

       12
       12
        
           ../../users/firewatch

     

       13
       13
        
           "${inputs.nixos-wsl}/modules"

     

       14
       14
        
           "${inputs.agenix}/modules/age.nix"

     

       15
       15
       -
         ] ++ (tlib.importFolder (toString ./modules));

     

       15
       15
       +
         ]

     

       16
       16
       +
         ++ (tlib.importFolder (toString ./modules));

     

       16
       17
        
       

     

       17
       18
        
         wsl.enable = true;

     

       18
       19
        
         wsl.defaultUser = "firewatch";

+27 -26

pkgs-set/default.nix

···

       14
       14
        
           # config.permittedInsecurePackages = ["electron-25.9.0"];

     

       15
       15
        
         };

     

       16
       16
        
         _inputs = import ../_sources/generated.nix {

     

       17
       17
       -
           inherit (_pkgs) fetchgit fetchurl fetchFromGitHub dockerTools;

     

       17
       17
       +
           inherit (_pkgs)

     

       18
       18
       +
             fetchgit

     

       19
       19
       +
             fetchurl

     

       20
       20
       +
             fetchFromGitHub

     

       21
       21
       +
             dockerTools

     

       22
       22
       +
             ;

     

       18
       23
        
         };

     

       19
       19
       -
         inputs = (l.mapAttrs (_: inp: inp // {__toString = s: toString s.src;}) _inputs) // flakeInputs;

     

       24
       24
       +
         inputs = (l.mapAttrs (_: inp: inp // { __toString = s: toString s.src; }) _inputs) // flakeInputs;

     

       20
       25
        
         pkgs = _pkgs.appendOverlays (

     

       21
       26
        
           l.flatten (

     

       22
       22
       -
             l.mapAttrsToList

     

       23
       23
       -
             (

     

       27
       27
       +
             l.mapAttrsToList (

     

       24
       28
        
               name: _:

     

       25
       25
       -
                 if name != "disabled"

     

       26
       26
       -
                 then

     

       27
       27
       -
                   let

     

       28
       28
       -
                     o = import "${./overlays}/${name}";

     

       29
       29
       -
                   in

     

       30
       30
       -
                   if (l.functionArgs o) ? inputs

     

       31
       31
       -
                   then o { inherit inputs; }

     

       32
       32
       -
                   else o

     

       33
       33
       -
                 else

     

       34
       34
       -
                   []

     

       35
       35
       -
             )

     

       36
       36
       -
             (l.readDir ./overlays)

     

       29
       29
       +
               if name != "disabled" then

     

       30
       30
       +
                 let

     

       31
       31
       +
                   o = import "${./overlays}/${name}";

     

       32
       32
       +
                 in

     

       33
       33
       +
                 if (l.functionArgs o) ? inputs then o { inherit inputs; } else o

     

       34
       34
       +
               else

     

       35
       35
       +
                 [ ]

     

       36
       36
       +
             ) (l.readDir ./overlays)

     

       37
       37
       +
           )

     

       38
       38
       +
         );

     

       39
       39
       +
         terraPkgs = pkgs.lib.makeScope pkgs.newScope (

     

       40
       40
       +
           self:

     

       41
       41
       +
           l.genAttrs (l.map (l.removeSuffix ".nix") (l.attrNames (l.readDir ./pkgs))) (

     

       42
       42
       +
             name:

     

       43
       43
       +
             self.callPackage "${./pkgs}/${name}.nix" {

     

       44
       44
       +
               inherit inputs tlib;

     

       45
       45
       +
             }

     

       37
       46
        
           )

     

       38
       47
        
         );

     

       39
       39
       -
         terraPkgs =

     

       40
       40
       -
           pkgs.lib.makeScope pkgs.newScope (

     

       41
       41
       -
             self:

     

       42
       42
       -
               l.genAttrs

     

       43
       43
       -
               (l.map (l.removeSuffix ".nix") (l.attrNames (l.readDir ./pkgs)))

     

       44
       44
       -
               (name: self.callPackage "${./pkgs}/${name}.nix" {

     

       45
       45
       -
                 inherit inputs tlib;

     

       46
       46
       -
               })

     

       47
       47
       -
           );

     

       48
       48
        
         pkgsToExport = pkgs.lib.getAttrs (import ./exported.nix) (pkgs // terraPkgs);

     

       49
       49
       -
       in {

     

       49
       49
       +
       in

     

       50
       50
       +
       {

     

       50
       51
        
         inherit pkgs inputs;

     

       51
       52
        
         terra = terraPkgs;

     

       52
       53
        
         exported = pkgsToExport;

+8 -5

pkgs-set/overlays/_lix.nix

···

       1
       1
       -
       {inputs}: final: prev:

     

       2
       2
       -
       (import "${inputs.lix-module}/overlay.nix" {lix = null;})

     

       3
       3
       -
       final (prev // {

     

       4
       4
       -
         lix = final.lixPackageSets.latest.lix;

     

       5
       5
       -
       })

     

       1
       1
       +
       { inputs }:

     

       2
       2
       +
       final: prev:

     

       3
       3
       +
       (import "${inputs.lix-module}/overlay.nix" { lix = null; }) final (

     

       4
       4
       +
         prev

     

       5
       5
       +
         // {

     

       6
       6
       +
           lix = final.lixPackageSets.latest.lix;

     

       7
       7
       +
         }

     

       8
       8
       +
       )

+1 -1

pkgs-set/pkgs/buildGoApplication.nix

···

       1
       1
       -
       {callPackage, inputs, ...}:

     

       1
       1
       +
       { callPackage, inputs, ... }:

     

       2
       2
        
       (callPackage "${inputs.gomod2nix}/builder" {

     

       3
       3
        
         gomod2nix = null;

     

       4
       4
        
       }).buildGoApplication

+1 -1

pkgs-set/pkgs/headplane.nix

···

       1
       1
       -
       {callPackage, inputs, ...}: callPackage "${inputs.headplane}/nix/package.nix" {}

     

       1
       1
       +
       { callPackage, inputs, ... }: callPackage "${inputs.headplane}/nix/package.nix" { }

+1 -1

pkgs-set/pkgs/nsid-tracker-server.nix

···

       1
       1
       -
       {callPackage, inputs, ...}: callPackage "${inputs.nsid-tracker}/nix/server.nix" {}

     

       1
       1
       +
       { callPackage, inputs, ... }: callPackage "${inputs.nsid-tracker}/nix/server.nix" { }

+12 -10

pkgs-set/pkgs/tangled-knot.nix

···

       6
       6
        
         ...

     

       7
       7
        
       }:

     

       8
       8
        
       let

     

       9
       9
       -
         unwrapped = (callPackage "${inputs.tangled}/nix/pkgs/knot-unwrapped.nix" {

     

       10
       10
       -
           modules = tangled-modules;

     

       11
       11
       -
           sqlite-lib = tangled-sqlite-lib;

     

       12
       12
       -
           gitignoreSource = null;

     

       13
       13
       -
         }).overrideAttrs (_: {

     

       14
       14
       -
           src = inputs.tangled;

     

       15
       15
       -
         });

     

       9
       9
       +
         unwrapped =

     

       10
       10
       +
           (callPackage "${inputs.tangled}/nix/pkgs/knot-unwrapped.nix" {

     

       11
       11
       +
             modules = tangled-modules;

     

       12
       12
       +
             sqlite-lib = tangled-sqlite-lib;

     

       13
       13
       +
             gitignoreSource = null;

     

       14
       14
       +
           }).overrideAttrs

     

       15
       15
       +
             (_: {

     

       16
       16
       +
               src = inputs.tangled;

     

       17
       17
       +
             });

     

       16
       18
        
       in

     

       17
       17
       -
         callPackage "${inputs.tangled}/nix/pkgs/knot.nix" {

     

       18
       18
       -
           knot-unwrapped = unwrapped;

     

       19
       19
       -
         }

     

       19
       19
       +
       callPackage "${inputs.tangled}/nix/pkgs/knot.nix" {

     

       20
       20
       +
         knot-unwrapped = unwrapped;

     

       21
       21
       +
       }

+1 -1

pkgs-set/pkgs/tangled-modules.nix

···

       1
       1
       -
       {inputs, ...}: "${inputs.tangled}/nix/gomod2nix.toml"

     

       1
       1
       +
       { inputs, ... }: "${inputs.tangled}/nix/gomod2nix.toml"

+4 -3

pkgs-set/pkgs/tangled-spindle.nix

···

       9
       9
        
         modules = tangled-modules;

     

       10
       10
        
         sqlite-lib = tangled-sqlite-lib;

     

       11
       11
        
         gitignoreSource = null;

     

       12
       12
       -
       }).overrideAttrs (_: {

     

       13
       13
       -
         src = inputs.tangled;

     

       14
       14
       -
       })

     

       12
       12
       +
       }).overrideAttrs

     

       13
       13
       +
         (_: {

     

       14
       14
       +
           src = inputs.tangled;

     

       15
       15
       +
         })

+1 -1

pkgs-set/pkgs/tangled-sqlite-lib.nix

···

       1
       1
       -
       {callPackage, inputs, ...}:

     

       1
       1
       +
       { callPackage, inputs, ... }:

     

       2
       2
        
       callPackage "${inputs.tangled}/nix/pkgs/sqlite-lib.nix" {

     

       3
       3
        
         sqlite-lib-src = inputs.tangled-sqlite-lib;

     

       4
       4
        
       }

+3 -5

shells/default.nix

···

       3
       3
        
         allPkgsSets,

     

       4
       4
        
         ...

     

       5
       5
        
       }:

     

       6
       6
       -
       lib.mapAttrs

     

       7
       7
       -
       (

     

       6
       6
       +
       lib.mapAttrs (

     

       8
       7
        
         system: set:

     

       9
       8
        
         let

     

       10
       9
        
           inherit (set) pkgs;

     

       11
       11
       -
           agenix = pkgs.callPackage "${set.inputs.agenix}/pkgs/agenix.nix" {};

     

       10
       10
       +
           agenix = pkgs.callPackage "${set.inputs.agenix}/pkgs/agenix.nix" { };

     

       12
       11
        
           agenix-wrapped = pkgs.writeShellApplication {

     

       13
       12
        
             name = "agenix";

     

       14
       13
        
             runtimeInputs = [ agenix ];

     
···

       53
       52
        
             '';

     

       54
       53
        
           };

     

       55
       54
        
         }

     

       56
       56
       -
       )

     

       57
       57
       -
       allPkgsSets

     

       55
       55
       +
       ) allPkgsSets

+2 -2

users/dusk@devel.mobi/default.nix

···

       44
       44
        
           PATH = "${pkgs.coreutils-full}/bin:$PATH";

     

       45
       45
        
         };

     

       46
       46
        
       

     

       47
       47
       -
         age.identityPaths = ["${config.home.homeDirectory}/.ssh/id_ed25519"];

     

       47
       47
       +
         age.identityPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519" ];

     

       48
       48
        
         home = {

     

       49
       49
        
           homeDirectory = "/home/dusk";

     

       50
       50
        
           username = "dusk";

     
···

       65
       65
        
           enable = true;

     

       66
       66
        
           controlServer = "https://vpn.gaze.systems";

     

       67
       67
        
           authKeyFile = config.age.secrets.tailscaleAuthKey.path;

     

       68
       68
       -
           extraUpFlags = ["--hostname=dusk-devel-mobi"];

     

       68
       68
       +
           extraUpFlags = [ "--hostname=dusk-devel-mobi" ];

     

       69
       69
        
         };

     

       70
       70
        
       

     

       71
       71
        
         programs = {

+1 -1

users/dusk@devel.mobi/nsid-tracker.nix

···

       14
       14
        
           };

     

       15
       15
        
       

     

       16
       16
        
           Service = {

     

       17
       17
       -
             ExecStartPre="${pkgs.coreutils-full}/bin/mkdir -p %D/nsid-tracker";

     

       17
       17
       +
             ExecStartPre = "${pkgs.coreutils-full}/bin/mkdir -p %D/nsid-tracker";

     

       18
       18
        
             ExecStart = "${pkgs.dash}/bin/dash -c 'cd %D/nsid-tracker && ${server}/bin/server'";

     

       19
       19
        
             Restart = "on-failure";

     

       20
       20
        
             RestartSec = 5;

+13 -3

users/modules/netbird/default.nix

···

       1
       1
       -
       {lib, config, pkgs, ...}: let

     

       1
       1
       +
       {

     

       2
       2
       +
         lib,

     

       3
       3
       +
         config,

     

       4
       4
       +
         pkgs,

     

       5
       5
       +
         ...

     

       6
       6
       +
       }:

     

       7
       7
       +
       let

     

       2
       8
        
         l = lib;

     

       3
       9
        
         t = l.types;

     

       4
       10
        
         cfg = config.services.netbird;

     
···

       16
       22
        
         wrappedProxychains = pkgs.writers.writeBashBin "netbird-proxychains" ''

     

       17
       23
        
           ${pkgs.proxychains-ng}/bin/proxychains4 -f "${proxychainsCfg}" $@

     

       18
       24
        
         '';

     

       19
       19
       -
       in {

     

       25
       25
       +
       in

     

       26
       26
       +
       {

     

       20
       27
        
         options = {

     

       21
       28
        
           services.netbird = {

     

       22
       29
        
             enable = l.mkEnableOption "netbird client";

     
···

       37
       44
        
           };

     

       38
       45
        
         };

     

       39
       46
        
         config = l.mkIf cfg.enable {

     

       40
       40
       -
           home.packages = [ wrapped wrappedProxychains ];

     

       47
       47
       +
           home.packages = [

     

       48
       48
       +
             wrapped

     

       49
       49
       +
             wrappedProxychains

     

       50
       50
       +
           ];

     

       41
       51
        
           services.netbird.proxyScript = wrappedProxychains;

     

       42
       52
        
           systemd.user.services.netbird = {

     

       43
       53
        
             Unit = {

+2 -1

users/modules/nushell/default.nix

···

       1
       1
       -
       {pkgs, lib, ...}: {

     

       1
       1
       +
       { pkgs, lib, ... }:

     

       2
       2
       +
       {

     

       2
       3
        
         programs.carapace.enable = true;

     

       3
       4
        
         programs.carapace.enableNushellIntegration = true;

     

       4
       5
        
         programs.nushell = {

+16 -5

users/modules/tailscale/default.nix

···

       1
       1
       -
       {lib, config, pkgs, ...}: let

     

       1
       1
       +
       {

     

       2
       2
       +
         lib,

     

       3
       3
       +
         config,

     

       4
       4
       +
         pkgs,

     

       5
       5
       +
         ...

     

       6
       6
       +
       }:

     

       7
       7
       +
       let

     

       2
       8
        
         l = lib;

     

       3
       9
        
         t = l.types;

     

       4
       10
        
         cfg = config.services.tailscale;

     
···

       15
       21
        
         wrapped = pkgs.writers.writeBashBin "tailscale" ''

     

       16
       22
        
           ${pkgs.tailscale}/bin/tailscale --socket $XDG_RUNTIME_DIR/tailscaled.sock $@

     

       17
       23
        
         '';

     

       18
       18
       -
       in {

     

       24
       24
       +
       in

     

       25
       25
       +
       {

     

       19
       26
        
         options = {

     

       20
       27
        
           services.tailscale = {

     

       21
       28
        
             enable = l.mkEnableOption "tailscale client";

     
···

       31
       38
        
             };

     

       32
       39
        
             extraUpFlags = l.mkOption {

     

       33
       40
        
               type = t.listOf t.str;

     

       34
       34
       -
               default = [];

     

       41
       41
       +
               default = [ ];

     

       35
       42
        
               description = "Extra flags to pass to tailscale up";

     

       36
       43
        
             };

     

       37
       44
        
             proxyScript = l.mkOption {

     
···

       42
       49
        
           };

     

       43
       50
        
         };

     

       44
       51
        
         config = l.mkIf cfg.enable {

     

       45
       45
       -
           home.packages = [ wrapped wrappedProxychains ];

     

       52
       52
       +
           home.packages = [

     

       53
       53
       +
             wrapped

     

       54
       54
       +
             wrappedProxychains

     

       55
       55
       +
           ];

     

       46
       56
        
           services.tailscale.proxyScript = wrappedProxychains;

     

       47
       57
        
           systemd.user.services.tailscaled = {

     

       48
       58
        
             Unit = {

     
···

       54
       64
        
               ExecStart = "${pkgs.tailscale}/bin/tailscaled --tun=userspace-networking --socks5-server=localhost:1055 --outbound-http-proxy-listen=localhost:1055 --socket %t/tailscaled.sock";

     

       55
       65
        
               Restart = "on-failure";

     

       56
       66
        
               RestartSec = "5s";

     

       57
       57
       -
             } // l.optionalAttrs (cfg.authKeyFile != null) {

     

       67
       67
       +
             }

     

       68
       68
       +
             // l.optionalAttrs (cfg.authKeyFile != null) {

     

       58
       69
        
               ExecStartPost = "${wrapped}/bin/tailscale up --reset --login-server=${cfg.controlServer} --auth-key=file:${cfg.authKeyFile} ${l.concatStringsSep " " cfg.extraUpFlags}";

     

       59
       70
        
             };

     

       60
       71

+2 -2

users/root/default.nix

···

       1
       1
        
       { pkgs, ... }:

     

       2
       2
        
       {

     

       3
       3
        
         users.users.root.initialHashedPassword = "$6$XLWo1sPpgp63Zm$XHBbULH9q1gb/.yalPPU/I7EgTcW80bM.moCjIe/qGyOwE47VcXNVbTHloBZdIWQq0MfIG0IxInAu59.oJyos/";

     

       4
       4
       -
         environment.systemPackages = [pkgs.nushell];

     

       4
       4
       +
         environment.systemPackages = [ pkgs.nushell ];

     

       5
       5
        
         users.users.root.shell = pkgs.nushell;

     

       6
       6
        
         home-manager.users.root = {

     

       7
       7
       -
           imports = [../modules/nushell];

     

       7
       7
       +
           imports = [ ../modules/nushell ];

     

       8
       8
        
         };

     

       9
       9
        
       }