commit 45ee3bd60a859a3033b83fe675292beca79214e3 · ryan.freumh.org/nixos

+211 -176

flake.nix

···

       13
       13
        
           eilean.url = "github:RyanGibb/eilean-nix/main";

     

       14
       14
        
           alec-website.url = "github:alexanderhthompson/website";

     

       15
       15
        
           fn06-website.url = "github:RyanGibb/fn06";

     

       16
       16
       -
           colour-guesser.url =

     

       17
       17
       -
             "git+ssh://git@github.com/ryangibb/colour-guesser.git?ref=develop";

     

       16
       16
       +
           colour-guesser.url = "git+ssh://git@github.com/ryangibb/colour-guesser.git?ref=develop";

     

       18
       17
        
           i3-workspace-history.url = "github:RyanGibb/i3-workspace-history";

     

       19
       18
        
           hyperbib-eeg.url = "github:RyanGibb/hyperbib?ref=nixify";

     

       20
       19
        
           nix-rpi5.url = "gitlab:vriska/nix-rpi5?ref=main";

     
···

       33
       32
        
           hyperbib-eeg.inputs.nixpkgs.follows = "nixpkgs";

     

       34
       33
        
         };

     

       35
       34
        
       

     

       36
       36
       -
         outputs = { self, nixpkgs-compat, nixpkgs, nixpkgs-unstable, home-manager

     

       37
       37
       -
           , home-manager-unstable, agenix, deploy-rs, nix-on-droid, eilean, ...

     

       35
       35
       +
         outputs =

     

       36
       36
       +
           {

     

       37
       37
       +
             self,

     

       38
       38
       +
             nixpkgs-compat,

     

       39
       39
       +
             nixpkgs,

     

       40
       40
       +
             nixpkgs-unstable,

     

       41
       41
       +
             home-manager,

     

       42
       42
       +
             home-manager-unstable,

     

       43
       43
       +
             agenix,

     

       44
       44
       +
             deploy-rs,

     

       45
       45
       +
             nix-on-droid,

     

       46
       46
       +
             eilean,

     

       47
       47
       +
             ...

     

       38
       48
        
           }@inputs:

     

       39
       49
        
           let

     

       40
       40
       -
             getSystemOverlays = system: nixpkgsConfig:

     

       41
       41
       -
               [

     

       42
       42
       -
                 (final: prev: {

     

       43
       43
       -
                   # https://github.com/mautrix/whatsapp/issues/749

     

       44
       44
       -
                   overlay-compat = import nixpkgs-compat {

     

       45
       45
       -
                     inherit system;

     

       46
       46
       -
                     # follow stable nixpkgs config

     

       47
       47
       -
                     config = nixpkgsConfig;

     

       50
       50
       +
             getSystemOverlays = system: nixpkgsConfig: [

     

       51
       51
       +
               (final: prev: {

     

       52
       52
       +
                 # https://github.com/mautrix/whatsapp/issues/749

     

       53
       53
       +
                 overlay-compat = import nixpkgs-compat {

     

       54
       54
       +
                   inherit system;

     

       55
       55
       +
                   # follow stable nixpkgs config

     

       56
       56
       +
                   config = nixpkgsConfig;

     

       57
       57
       +
                 };

     

       58
       58
       +
                 overlay-unstable = import nixpkgs-unstable {

     

       59
       59
       +
                   inherit system;

     

       60
       60
       +
                   # follow stable nixpkgs config

     

       61
       61
       +
                   config = nixpkgsConfig;

     

       62
       62
       +
                 };

     

       63
       63
       +
                 # to use an unstable version of a package

     

       64
       64
       +
                 #package = final.overlay-unstable.package;

     

       65
       65
       +
                 # to use an custom version of a package

     

       66
       66
       +
                 #package = prev.callPackage ./pkgs/package.nix { };

     

       67
       67
       +
                 # to use an unstable custom version of a package

     

       68
       68
       +
                 #package = final.callPackage ./pkgs/package.nix { };

     

       69
       69
       +
                 # to override attributes of a package

     

       70
       70
       +
                 # package = prev.package.overrideAttrs

     

       71
       71
       +
                 #  (_: { patches = [ ./pkgs/package.patch ]; });

     

       72
       72
       +
                 opam = final.overlay-unstable.opam.overrideAttrs (_: {

     

       73
       73
       +
                   src = final.fetchurl {

     

       74
       74
       +
                     url = "http://ryan.freumh.org/software/opam-full-2.3.0-nixos-depexts.tar.gz";

     

       75
       75
       +
                     sha256 = "sha256-mRxxZtWFgQ8v1szVq5g5+qVqa+OffoG1aHzGUiMMvT0=";

     

       48
       76
        
                   };

     

       49
       49
       -
                   overlay-unstable = import nixpkgs-unstable {

     

       50
       50
       -
                     inherit system;

     

       51
       51
       -
                     # follow stable nixpkgs config

     

       52
       52
       -
                     config = nixpkgsConfig;

     

       77
       77
       +
                   version = "2.3.0";

     

       78
       78
       +
                 });

     

       79
       79
       +
                 immich = final.overlay-unstable.immich;

     

       80
       80
       +
                 mautrix-whatsapp = final.overlay-compat.mautrix-whatsapp;

     

       81
       81
       +
               })

     

       82
       82
       +
             ];

     

       83
       83
       +
           in

     

       84
       84
       +
           {

     

       85
       85
       +
             nixosConfigurations =

     

       86
       86
       +
               let

     

       87
       87
       +
                 mkMode =

     

       88
       88
       +
                   mode: host:

     

       89
       89
       +
                   let

     

       90
       90
       +
                     host-nixpkgs = nixpkgs;

     

       91
       91
       +
                     host-home-manager = home-manager;

     

       92
       92
       +
                   in

     

       93
       93
       +
                   host-nixpkgs.lib.nixosSystem {

     

       94
       94
       +
                     # use system from config.localSystem

     

       95
       95
       +
                     # see https://github.com/NixOS/nixpkgs/blob/5297d584bcc5f95c8e87c631813b4e2ab7f19ecc/nixos/lib/eval-config.nix#L55

     

       96
       96
       +
                     system = null;

     

       97
       97
       +
                     pkgs = null;

     

       98
       98
       +
                     specialArgs = inputs;

     

       99
       99
       +
                     modules = [

     

       100
       100
       +
                       ./hosts/${host}/${mode}.nix

     

       101
       101
       +
                       ./modules/default.nix

     

       102
       102
       +
                       (

     

       103
       103
       +
                         { config, ... }:

     

       104
       104
       +
                         {

     

       105
       105
       +
                           networking.hostName = "${host}";

     

       106
       106
       +
                           # pin nix command's nixpkgs flake to the system flake to avoid unnecessary downloads

     

       107
       107
       +
                           nix.registry.nixpkgs.flake = host-nixpkgs;

     

       108
       108
       +
                           system.stateVersion = "24.05";

     

       109
       109
       +
                           # record git revision (can be queried with `nixos-version --json)

     

       110
       110
       +
                           system.configurationRevision = host-nixpkgs.lib.mkIf (self ? rev) self.rev;

     

       111
       111
       +
                           nixpkgs = {

     

       112
       112
       +
                             config.allowUnfree = true;

     

       113
       113
       +
                             config.permittedInsecurePackages = [

     

       114
       114
       +
                               # https://github.com/nix-community/nixd/issues/357

     

       115
       115
       +
                               "nix-2.16.2"

     

       116
       116
       +
                               # https://github.com/mautrix/go/issues/262

     

       117
       117
       +
                               "olm-3.2.16"

     

       118
       118
       +
                             ];

     

       119
       119
       +
                             overlays = getSystemOverlays config.nixpkgs.hostPlatform.system config.nixpkgs.config;

     

       120
       120
       +
                             # uncomment for cross compilation (https://github.com/NixOS/nix/issues/3843)

     

       121
       121
       +
                             #buildPlatform.system = "cpu-os";

     

       122
       122
       +
                           };

     

       123
       123
       +
                           security.acme-eon.acceptTerms = true;

     

       124
       124
       +
                         }

     

       125
       125
       +
                       )

     

       126
       126
       +
                       host-home-manager.nixosModule

     

       127
       127
       +
                       eilean.nixosModules.default

     

       128
       128
       +
                       agenix.nixosModules.default

     

       129
       129
       +
                     ];

     

       53
       130
        
                   };

     

       54
       54
       -
                   # to use an unstable version of a package

     

       55
       55
       -
                   #package = final.overlay-unstable.package;

     

       56
       56
       -
                   # to use an custom version of a package

     

       57
       57
       -
                   #package = prev.callPackage ./pkgs/package.nix { };

     

       58
       58
       -
                   # to use an unstable custom version of a package

     

       59
       59
       -
                   #package = final.callPackage ./pkgs/package.nix { };

     

       60
       60
       -
                   # to override attributes of a package

     

       61
       61
       -
                   # package = prev.package.overrideAttrs

     

       62
       62
       -
                   #  (_: { patches = [ ./pkgs/package.patch ]; });

     

       63
       63
       -
                   opam = final.overlay-unstable.opam.overrideAttrs (_: {

     

       64
       64
       -
                     src = final.fetchurl {

     

       65
       65
       -
                       url =

     

       66
       66
       -
                         "http://ryan.freumh.org/software/opam-full-2.3.0-nixos-depexts.tar.gz";

     

       67
       67
       -
                       sha256 = "sha256-mRxxZtWFgQ8v1szVq5g5+qVqa+OffoG1aHzGUiMMvT0=";

     

       68
       68
       -
                     };

     

       69
       69
       -
                     version = "2.3.0";

     

       70
       70
       -
                   });

     

       71
       71
       -
                   immich = final.overlay-unstable.immich;

     

       72
       72
       -
                   mautrix-whatsapp = final.overlay-compat.mautrix-whatsapp;

     

       73
       73
       -
                 })

     

       74
       74
       -
               ];

     

       75
       75
       -
           in {

     

       76
       76
       -
             nixosConfigurations = let

     

       77
       77
       -
               mkMode = mode: host:

     

       78
       78
       -
                 let

     

       79
       79
       -
                   host-nixpkgs = nixpkgs;

     

       80
       80
       -
                   host-home-manager = home-manager;

     

       81
       81
       -
                 in host-nixpkgs.lib.nixosSystem {

     

       82
       82
       -
                   # use system from config.localSystem

     

       83
       83
       -
                   # see https://github.com/NixOS/nixpkgs/blob/5297d584bcc5f95c8e87c631813b4e2ab7f19ecc/nixos/lib/eval-config.nix#L55

     

       84
       84
       -
                   system = null;

     

       85
       85
       -
                   pkgs = null;

     

       86
       86
       -
                   specialArgs = inputs;

     

       87
       87
       -
                   modules = [

     

       88
       88
       -
                     ./hosts/${host}/${mode}.nix

     

       89
       89
       -
                     ./modules/default.nix

     

       90
       90
       -
                     ({ config, ... }: {

     

       91
       91
       -
                       networking.hostName = "${host}";

     

       92
       92
       -
                       # pin nix command's nixpkgs flake to the system flake to avoid unnecessary downloads

     

       93
       93
       -
                       nix.registry.nixpkgs.flake = host-nixpkgs;

     

       94
       94
       -
                       system.stateVersion = "24.05";

     

       95
       95
       -
                       # record git revision (can be queried with `nixos-version --json)

     

       96
       96
       -
                       system.configurationRevision =

     

       97
       97
       -
                         host-nixpkgs.lib.mkIf (self ? rev) self.rev;

     

       98
       98
       -
                       nixpkgs = {

     

       99
       99
       -
                         config.allowUnfree = true;

     

       100
       100
       -
                         config.permittedInsecurePackages = [

     

       101
       101
       -
                           # https://github.com/nix-community/nixd/issues/357

     

       102
       102
       -
                           "nix-2.16.2"

     

       103
       103
       -
                           # https://github.com/mautrix/go/issues/262

     

       104
       104
       -
                           "olm-3.2.16"

     

       105
       105
       -
                         ];

     

       106
       106
       -
                         overlays =

     

       107
       107
       -
                           getSystemOverlays config.nixpkgs.hostPlatform.system

     

       108
       108
       -
                           config.nixpkgs.config;

     

       109
       109
       -
                         # uncomment for cross compilation (https://github.com/NixOS/nix/issues/3843)

     

       110
       110
       -
                         #buildPlatform.system = "cpu-os";

     

       111
       111
       -
                       };

     

       112
       112
       -
                       security.acme-eon.acceptTerms = true;

     

       113
       113
       -
                     })

     

       114
       114
       -
                     host-home-manager.nixosModule

     

       115
       115
       -
                     eilean.nixosModules.default

     

       116
       116
       -
                     agenix.nixosModules.default

     

       117
       117
       -
                   ];

     

       118
       118
       -
                 };

     

       119
       119
       -
               readModes = dir:

     

       120
       120
       -
                 let files = builtins.readDir dir;

     

       121
       121
       -
                 in let

     

       122
       122
       -
                   filtered = nixpkgs.lib.attrsets.filterAttrs (n: v:

     

       123
       123
       -
                     v == "regular" && (n == "default.nix" || n == "minimal.nix"))

     

       124
       124
       -
                     files;

     

       125
       125
       -
                 in let names = nixpkgs.lib.attrNames filtered;

     

       126
       126
       -
                 in builtins.map (f: nixpkgs.lib.strings.removeSuffix ".nix" f) names;

     

       127
       127
       -
               mkModes = host: modes:

     

       128
       128
       -
                 builtins.map (mode: {

     

       129
       129
       -
                   name = "${host}${if mode == "default" then "" else "-${mode}"}";

     

       130
       130
       -
                   value = mkMode mode host;

     

       131
       131
       -
                 }) modes;

     

       132
       132
       -
               mkHosts = hosts:

     

       133
       133
       -
                 let

     

       134
       134
       -
                   nestedList =

     

       135
       135
       -
                     builtins.map (host: mkModes host (readModes ./hosts/${host}))

     

       136
       136
       -
                     hosts;

     

       137
       137
       -
                 in let list = nixpkgs.lib.lists.flatten nestedList;

     

       138
       138
       -
                 in builtins.listToAttrs list;

     

       139
       139
       -
               hosts = builtins.attrNames (builtins.readDir ./hosts);

     

       140
       140
       -
             in mkHosts hosts;

     

       131
       131
       +
                 readModes =

     

       132
       132
       +
                   dir:

     

       133
       133
       +
                   let

     

       134
       134
       +
                     files = builtins.readDir dir;

     

       135
       135
       +
                   in

     

       136
       136
       +
                   let

     

       137
       137
       +
                     filtered = nixpkgs.lib.attrsets.filterAttrs (

     

       138
       138
       +
                       n: v: v == "regular" && (n == "default.nix" || n == "minimal.nix")

     

       139
       139
       +
                     ) files;

     

       140
       140
       +
                   in

     

       141
       141
       +
                   let

     

       142
       142
       +
                     names = nixpkgs.lib.attrNames filtered;

     

       143
       143
       +
                   in

     

       144
       144
       +
                   builtins.map (f: nixpkgs.lib.strings.removeSuffix ".nix" f) names;

     

       145
       145
       +
                 mkModes =

     

       146
       146
       +
                   host: modes:

     

       147
       147
       +
                   builtins.map (mode: {

     

       148
       148
       +
                     name = "${host}${if mode == "default" then "" else "-${mode}"}";

     

       149
       149
       +
                     value = mkMode mode host;

     

       150
       150
       +
                   }) modes;

     

       151
       151
       +
                 mkHosts =

     

       152
       152
       +
                   hosts:

     

       153
       153
       +
                   let

     

       154
       154
       +
                     nestedList = builtins.map (host: mkModes host (readModes ./hosts/${host})) hosts;

     

       155
       155
       +
                   in

     

       156
       156
       +
                   let

     

       157
       157
       +
                     list = nixpkgs.lib.lists.flatten nestedList;

     

       158
       158
       +
                   in

     

       159
       159
       +
                   builtins.listToAttrs list;

     

       160
       160
       +
                 hosts = builtins.attrNames (builtins.readDir ./hosts);

     

       161
       161
       +
               in

     

       162
       162
       +
               mkHosts hosts;

     

       141
       163
        
       

     

       142
       164
        
             deploy = {

     

       143
       165
        
               user = "root";

     

       144
       144
       -
               nodes = builtins.listToAttrs (builtins.map (name:

     

       145
       145
       -
                 let

     

       146
       146
       -
                   machine = self.nixosConfigurations.${name};

     

       147
       147
       -
                   system = machine.pkgs.system;

     

       148
       148
       -
                   pkgs = import nixpkgs { inherit system; };

     

       149
       149
       -
                   # nixpkgs with deploy-rs overlay but force the nixpkgs package

     

       150
       150
       -
                   deployPkgs = import nixpkgs {

     

       151
       151
       -
                     inherit system;

     

       152
       152
       -
                     overlays = [

     

       153
       153
       -
                       deploy-rs.overlay

     

       154
       154
       -
                       (self: super: {

     

       155
       155
       -
                         deploy-rs = {

     

       156
       156
       -
                           inherit (pkgs) deploy-rs;

     

       157
       157
       -
                           lib = super.deploy-rs.lib;

     

       166
       166
       +
               nodes = builtins.listToAttrs (

     

       167
       167
       +
                 builtins.map

     

       168
       168
       +
                   (

     

       169
       169
       +
                     name:

     

       170
       170
       +
                     let

     

       171
       171
       +
                       machine = self.nixosConfigurations.${name};

     

       172
       172
       +
                       system = machine.pkgs.system;

     

       173
       173
       +
                       pkgs = import nixpkgs { inherit system; };

     

       174
       174
       +
                       # nixpkgs with deploy-rs overlay but force the nixpkgs package

     

       175
       175
       +
                       deployPkgs = import nixpkgs {

     

       176
       176
       +
                         inherit system;

     

       177
       177
       +
                         overlays = [

     

       178
       178
       +
                           deploy-rs.overlay

     

       179
       179
       +
                           (self: super: {

     

       180
       180
       +
                             deploy-rs = {

     

       181
       181
       +
                               inherit (pkgs) deploy-rs;

     

       182
       182
       +
                               lib = super.deploy-rs.lib;

     

       183
       183
       +
                             };

     

       184
       184
       +
                           })

     

       185
       185
       +
                         ];

     

       186
       186
       +
                       };

     

       187
       187
       +
                     in

     

       188
       188
       +
                     {

     

       189
       189
       +
                       inherit name;

     

       190
       190
       +
                       value = {

     

       191
       191
       +
                         # if we're on a different system build on the remote

     

       192
       192
       +
                         #remoteBuild = machine.config.nixpkgs.hostPlatform.system == builtins.currentSystem;

     

       193
       193
       +
                         remoteBuild = true;

     

       194
       194
       +
                         sshUser = "root";

     

       195
       195
       +
                         hostname = if name == "swan" then "eeg.cl.cam.ac.uk" else machine.config.networking.hostName;

     

       196
       196
       +
                         profiles.system = {

     

       197
       197
       +
                           user = "root";

     

       198
       198
       +
                           path = deployPkgs.deploy-rs.lib.activate.nixos machine;

     

       158
       199
        
                         };

     

       159
       159
       -
                       })

     

       160
       160
       -
                     ];

     

       161
       161
       -
                   };

     

       162
       162
       -
                 in {

     

       163
       163
       -
                   inherit name;

     

       164
       164
       -
                   value = {

     

       165
       165
       -
                     # if we're on a different system build on the remote

     

       166
       166
       -
                     #remoteBuild = machine.config.nixpkgs.hostPlatform.system == builtins.currentSystem;

     

       167
       167
       -
                     remoteBuild = true;

     

       168
       168
       -
                     sshUser = "root";

     

       169
       169
       -
                     hostname = if name == "swan" then

     

       170
       170
       -
                       "eeg.cl.cam.ac.uk"

     

       171
       171
       -
                     else

     

       172
       172
       -
                       machine.config.networking.hostName;

     

       173
       173
       -
                     profiles.system = {

     

       174
       174
       -
                       user = "root";

     

       175
       175
       -
                       path = deployPkgs.deploy-rs.lib.activate.nixos machine;

     

       176
       176
       -
                     };

     

       177
       177
       -
                   };

     

       178
       178
       -
                 }) [ "capybara" "duck" "elephant" "gecko" "owl" "shrew" "swan" ]);

     

       200
       200
       +
                       };

     

       201
       201
       +
                     }

     

       202
       202
       +
                   )

     

       203
       203
       +
                   [

     

       204
       204
       +
                     "capybara"

     

       205
       205
       +
                     "duck"

     

       206
       206
       +
                     "elephant"

     

       207
       207
       +
                     "gecko"

     

       208
       208
       +
                     "owl"

     

       209
       209
       +
                     "shrew"

     

       210
       210
       +
                     "swan"

     

       211
       211
       +
                   ]

     

       212
       212
       +
               );

     

       179
       213
        
             };

     

       180
       214
        
       

     

       181
       181
       -
             nixOnDroidConfigurations.default =

     

       182
       182
       -
               nix-on-droid.lib.nixOnDroidConfiguration {

     

       183
       183
       -
                 modules = [ ./nix-on-droid/default.nix ];

     

       184
       184
       -
                 pkgs = import nixpkgs {

     

       185
       185
       -
                   overlays = getSystemOverlays "aarch64-linux" { };

     

       186
       186
       -
                   config.permittedInsecurePackages = [

     

       187
       187
       -
                     # https://github.com/nix-community/nixd/issues/357

     

       188
       188
       -
                     "nix-2.16.2"

     

       189
       189
       -
                   ];

     

       190
       190
       -
                 };

     

       191
       191
       -
               };

     

       192
       192
       -
       

     

       193
       193
       -
             homeConfigurations = {

     

       194
       194
       -
               rtg24 = let

     

       195
       195
       -
                 system = "x86_64-linux";

     

       196
       196
       -
                 pkgs = nixpkgs.legacyPackages.${system};

     

       197
       197
       -
               in home-manager.lib.homeManagerConfiguration {

     

       198
       198
       -
                 inherit pkgs;

     

       199
       199
       -
                 modules = [

     

       200
       200
       -
                   ./home/default.nix

     

       201
       201
       -
                   {

     

       202
       202
       -
                     nix.package = pkgs.nix;

     

       203
       203
       -
                     nixpkgs.overlays = getSystemOverlays system { };

     

       204
       204
       -
                     home.username = "rtg24";

     

       205
       205
       -
                     home.homeDirectory = "/home/rtg24";

     

       206
       206
       -
                     home.packages = with pkgs; [ home-manager ];

     

       207
       207
       -
                     custom = {

     

       208
       208
       -
                       machineColour = "red";

     

       209
       209
       -
                       nvim-lsps = true;

     

       210
       210
       -
                     };

     

       211
       211
       -
                   }

     

       215
       215
       +
             nixOnDroidConfigurations.default = nix-on-droid.lib.nixOnDroidConfiguration {

     

       216
       216
       +
               modules = [ ./nix-on-droid/default.nix ];

     

       217
       217
       +
               pkgs = import nixpkgs {

     

       218
       218
       +
                 overlays = getSystemOverlays "aarch64-linux" { };

     

       219
       219
       +
                 config.permittedInsecurePackages = [

     

       220
       220
       +
                   # https://github.com/nix-community/nixd/issues/357

     

       221
       221
       +
                   "nix-2.16.2"

     

       212
       222
        
                 ];

     

       213
       223
        
               };

     

       214
       224
        
             };

     

       215
       225
        
       

     

       216
       216
       -
             legacyPackages = nixpkgs.lib.genAttrs nixpkgs.lib.systems.flakeExposed

     

       217
       217
       -
               (system: {

     

       218
       218
       -
                 nixpkgs = import nixpkgs {

     

       219
       219
       -
                   inherit system;

     

       220
       220
       -
                   overlays = getSystemOverlays system { };

     

       226
       226
       +
             homeConfigurations = {

     

       227
       227
       +
               rtg24 =

     

       228
       228
       +
                 let

     

       229
       229
       +
                   system = "x86_64-linux";

     

       230
       230
       +
                   pkgs = nixpkgs.legacyPackages.${system};

     

       231
       231
       +
                 in

     

       232
       232
       +
                 home-manager.lib.homeManagerConfiguration {

     

       233
       233
       +
                   inherit pkgs;

     

       234
       234
       +
                   modules = [

     

       235
       235
       +
                     ./home/default.nix

     

       236
       236
       +
                     {

     

       237
       237
       +
                       nix.package = pkgs.nix;

     

       238
       238
       +
                       nixpkgs.overlays = getSystemOverlays system { };

     

       239
       239
       +
                       home.username = "rtg24";

     

       240
       240
       +
                       home.homeDirectory = "/home/rtg24";

     

       241
       241
       +
                       home.packages = with pkgs; [ home-manager ];

     

       242
       242
       +
                       custom = {

     

       243
       243
       +
                         machineColour = "red";

     

       244
       244
       +
                         nvim-lsps = true;

     

       245
       245
       +
                       };

     

       246
       246
       +
                     }

     

       247
       247
       +
                   ];

     

       221
       248
        
                 };

     

       222
       222
       -
               });

     

       249
       249
       +
             };

     

       223
       250
        
       

     

       224
       224
       -
             formatter = nixpkgs.lib.genAttrs nixpkgs.lib.systems.flakeExposed

     

       225
       225
       -
               (system: nixpkgs.legacyPackages.${system}.nixfmt);

     

       251
       251
       +
             legacyPackages = nixpkgs.lib.genAttrs nixpkgs.lib.systems.flakeExposed (system: {

     

       252
       252
       +
               nixpkgs = import nixpkgs {

     

       253
       253
       +
                 inherit system;

     

       254
       254
       +
                 overlays = getSystemOverlays system { };

     

       255
       255
       +
               };

     

       256
       256
       +
             });

     

       257
       257
       +
       

     

       258
       258
       +
             formatter = nixpkgs.lib.genAttrs nixpkgs.lib.systems.flakeExposed (

     

       259
       259
       +
               system: nixpkgs.legacyPackages.${system}.nixfmt-rfc-style

     

       260
       260
       +
             );

     

       226
       261
        
           };

     

       227
       262
        
       }

+7 -6

home/aerc-binds.nix

···

       1
       1
       -
       { pkgs, ... }: {

     

       1
       1
       +
       { pkgs, ... }:

     

       2
       2
       +
       {

     

       2
       3
        
         global = {

     

       3
       4
        
           "<C-p>" = ":prev-tab<Enter>";

     

       4
       5
        
           "<C-PgUp>" = ":prev-tab<Enter>";

     
···

       84
       85
        
           "<C-a>" = ":mark -a<Enter>";

     

       85
       86
        
           "e" = ":envelope<Enter>";

     

       86
       87
        
           "E" = ":envelope -h<Enter>";

     

       87
       87
       -
           "s" =

     

       88
       88
       -
             ":exec mu find --clearlinks --format=links --linksdir=~/mail/search/results<space>";

     

       88
       88
       +
           "s" = ":exec mu find --clearlinks --format=links --linksdir=~/mail/search/results<space>";

     

       89
       89
        
         };

     

       90
       90
        
       

     

       91
       91
       -
         "messages:folder=Drafts" = { "<Enter>" = ":recall<Enter>"; };

     

       91
       91
       +
         "messages:folder=Drafts" = {

     

       92
       92
       +
           "<Enter>" = ":recall<Enter>";

     

       93
       93
       +
         };

     

       92
       94
        
       

     

       93
       95
        
         view = {

     

       94
       96
        
           "/" = ":toggle-key-passthrough<Enter>/";

     
···

       96
       98
        
           "O" = ":open<Enter>";

     

       97
       99
        
           "o" = ":open<Enter>";

     

       98
       100
        
           "c" = ":pipe khal import --batch";

     

       99
       99
       -
           "C" =

     

       100
       100
       -
             ":open ${pkgs.libsForQt5.kitinerary}/libexec/kf5/kitinerary-extractor -o ical {} | khal import --batch";

     

       101
       101
       +
           "C" = ":open ${pkgs.libsForQt5.kitinerary}/libexec/kf5/kitinerary-extractor -o ical {} | khal import --batch";

     

       101
       102
        
           "S" = ":save<space>";

     

       102
       103
        
           "|" = ":pipe<space>";

     

       103
       104
        
           "d" = ":read<Enter>:move Bin<Enter>";

+13 -4

home/battery.nix

···

       1
       1
       -
       { config, lib, pkgs, ... }:

     

       1
       1
       +
       {

     

       2
       2
       +
         config,

     

       3
       3
       +
         lib,

     

       4
       4
       +
         pkgs,

     

       5
       5
       +
         ...

     

       6
       6
       +
       }:

     

       2
       7
        
       

     

       3
       3
       -
       let cfg = config.custom.battery;

     

       4
       4
       -
       in {

     

       8
       8
       +
       let

     

       9
       9
       +
         cfg = config.custom.battery;

     

       10
       10
       +
       in

     

       11
       11
       +
       {

     

       5
       12
        
         options.custom.battery.enable = lib.mkEnableOption "battery";

     

       6
       13
        
       

     

       7
       14
        
         config = lib.mkIf cfg.enable {

     

       8
       15
        
           systemd.user.services.battery_monitor = {

     

       9
       9
       -
             Install = { WantedBy = [ "default.target" ]; };

     

       16
       16
       +
             Install = {

     

       17
       17
       +
               WantedBy = [ "default.target" ];

     

       18
       18
       +
             };

     

       10
       19
        
             Service = {

     

       11
       20
        
               ExecStart = pkgs.writeScript "battery_monitor.sh" ''

     

       12
       21
        
                 #!${pkgs.bash}/bin/bash

+25 -10

home/calendar.nix

···

       1
       1
       -
       { pkgs, config, lib, ... }:

     

       1
       1
       +
       {

     

       2
       2
       +
         pkgs,

     

       3
       3
       +
         config,

     

       4
       4
       +
         lib,

     

       5
       5
       +
         ...

     

       6
       6
       +
       }:

     

       2
       7
        
       

     

       3
       3
       -
       let cfg = config.custom.calendar;

     

       4
       4
       -
       in {

     

       8
       8
       +
       let

     

       9
       9
       +
         cfg = config.custom.calendar;

     

       10
       10
       +
       in

     

       11
       11
       +
       {

     

       5
       12
        
         options.custom.calendar.enable = lib.mkEnableOption "calendar";

     

       6
       13
        
       

     

       7
       14
        
         config = lib.mkIf cfg.enable {

     
···

       26
       33
        
             };

     

       27
       34
        
           };

     

       28
       35
        
       

     

       29
       29
       -
           services = { gpg-agent.enable = true; };

     

       36
       36
       +
           services = {

     

       37
       37
       +
             gpg-agent.enable = true;

     

       38
       38
       +
           };

     

       30
       39
        
       

     

       31
       40
        
           accounts.calendar = {

     

       32
       41
        
             basePath = "calendar";

     
···

       36
       45
        
                   enable = true;

     

       37
       46
        
                   color = "white";

     

       38
       47
        
                 };

     

       39
       39
       -
                 vdirsyncer = { enable = true; };

     

       48
       48
       +
                 vdirsyncer = {

     

       49
       49
       +
                   enable = true;

     

       50
       50
       +
                 };

     

       40
       51
        
                 remote = {

     

       41
       52
        
                   type = "caldav";

     

       42
       42
       -
                   url =

     

       43
       43
       -
                     "https://cal.freumh.org/ryan/f497c073-d027-2aa5-1e58-cbec1bf5a8c7/";

     

       44
       44
       -
                   passwordCommand =

     

       45
       45
       -
                     [ "${pkgs.pass}/bin/pass" "show" "calendar/ryan@freumh.org" ];

     

       53
       53
       +
                   url = "https://cal.freumh.org/ryan/f497c073-d027-2aa5-1e58-cbec1bf5a8c7/";

     

       54
       54
       +
                   passwordCommand = [

     

       55
       55
       +
                     "${pkgs.pass}/bin/pass"

     

       56
       56
       +
                     "show"

     

       57
       57
       +
                     "calendar/ryan@freumh.org"

     

       58
       58
       +
                   ];

     

       46
       59
        
                   userName = "ryan";

     

       47
       60
        
                 };

     

       48
       61
        
                 local = {

     
···

       55
       68
        
                   enable = true;

     

       56
       69
        
                   color = "#CC3333";

     

       57
       70
        
                 };

     

       58
       58
       -
                 vdirsyncer = { enable = true; };

     

       71
       71
       +
                 vdirsyncer = {

     

       72
       72
       +
                   enable = true;

     

       73
       73
       +
                 };

     

       59
       74
        
                 remote = {

     

       60
       75
        
                   type = "http";

     

       61
       76
        
                   url = "https://talks.cam.ac.uk/show/ics/8316.ics";

+142 -126

home/default.nix

···

       1
       1
       -
       { pkgs, config, lib, ... }:

     

       1
       1
       +
       {

     

       2
       2
       +
         pkgs,

     

       3
       3
       +
         config,

     

       4
       4
       +
         lib,

     

       5
       5
       +
         ...

     

       6
       6
       +
       }:

     

       2
       7
        
       

     

       3
       3
       -
       let cfg = config.custom;

     

       4
       4
       -
       in {

     

       8
       8
       +
       let

     

       9
       9
       +
         cfg = config.custom;

     

       10
       10
       +
       in

     

       11
       11
       +
       {

     

       5
       12
        
         imports = [

     

       6
       13
        
           ./mail.nix

     

       7
       14
        
           ./calendar.nix

     
···

       25
       32
        
             NIX_AUTO_RUN_INTERACTIVE = "y";

     

       26
       33
        
             GOPATH = "$HOME/.go";

     

       27
       34
        
           };

     

       28
       28
       -
           home.packages = let

     

       29
       29
       -
             status = pkgs.stdenv.mkDerivation {

     

       30
       30
       -
               name = "status";

     

       35
       35
       +
           home.packages =

     

       36
       36
       +
             let

     

       37
       37
       +
               status = pkgs.stdenv.mkDerivation {

     

       38
       38
       +
                 name = "status";

     

       31
       39
        
       

     

       32
       32
       -
               src = ./status;

     

       40
       40
       +
                 src = ./status;

     

       33
       41
        
       

     

       34
       34
       -
               installPhase = ''

     

       35
       35
       -
                 mkdir -p $out

     

       36
       36
       -
                 cp -r * $out

     

       37
       37
       -
               '';

     

       38
       38
       -
             };

     

       39
       39
       -
           in with pkgs; [

     

       40
       40
       -
             status

     

       41
       41
       -
             tree

     

       42
       42
       -
             htop

     

       43
       43
       -
             gnumake

     

       44
       44
       -
             killall

     

       45
       45
       -
             inetutils

     

       46
       46
       -
             dnsutils

     

       47
       47
       -
             nmap

     

       48
       48
       -
             gcc

     

       49
       49
       -
             fzf

     

       50
       50
       -
             nix-tree

     

       51
       51
       -
             jq

     

       52
       52
       -
             bc

     

       53
       53
       -
             openssh

     

       54
       54
       -
             # multicore rust command line utils

     

       55
       55
       -
             dua

     

       56
       56
       -
             fd

     

       57
       57
       -
             bat

     

       58
       58
       -
             ripgrep

     

       59
       59
       -
           ];

     

       42
       42
       +
                 installPhase = ''

     

       43
       43
       +
                   mkdir -p $out

     

       44
       44
       +
                   cp -r * $out

     

       45
       45
       +
                 '';

     

       46
       46
       +
               };

     

       47
       47
       +
             in

     

       48
       48
       +
             with pkgs;

     

       49
       49
       +
             [

     

       50
       50
       +
               status

     

       51
       51
       +
               tree

     

       52
       52
       +
               htop

     

       53
       53
       +
               gnumake

     

       54
       54
       +
               killall

     

       55
       55
       +
               inetutils

     

       56
       56
       +
               dnsutils

     

       57
       57
       +
               nmap

     

       58
       58
       +
               gcc

     

       59
       59
       +
               fzf

     

       60
       60
       +
               nix-tree

     

       61
       61
       +
               jq

     

       62
       62
       +
               bc

     

       63
       63
       +
               openssh

     

       64
       64
       +
               # multicore rust command line utils

     

       65
       65
       +
               dua

     

       66
       66
       +
               fd

     

       67
       67
       +
               bat

     

       68
       68
       +
               ripgrep

     

       69
       69
       +
             ];

     

       60
       70
        
       

     

       61
       71
        
           home.shellAliases = {

     

       62
       72
        
             ls = "ls -p --color=auto";

     
···

       69
       79
        
             inhibit-lid = "systemd-inhibit --what=handle-lid-switch sleep 1d";

     

       70
       80
        
             tmux = "tmux -2";

     

       71
       81
        
             feh = "feh --scale-down --auto-zoom";

     

       72
       72
       -
             nix-stray-roots =

     

       73
       73
       -
               "nix-store --gc --print-roots | egrep -v '^(/nix/var|/run|/proc|{censored})'";

     

       82
       82
       +
             nix-stray-roots = "nix-store --gc --print-roots | egrep -v '^(/nix/var|/run|/proc|{censored})'";

     

       74
       83
        
           };

     

       75
       84
        
       

     

       76
       85
        
           # https://github.com/nix-community/home-manager/issues/1439#issuecomment-1106208294

     

       77
       86
        
           home.activation = {

     

       78
       87
        
             linkDesktopApplications = {

     

       79
       79
       -
               after = [ "writeBoundary" "createXdgUserDirectories" ];

     

       88
       88
       +
               after = [

     

       89
       89
       +
                 "writeBoundary"

     

       90
       90
       +
                 "createXdgUserDirectories"

     

       91
       91
       +
               ];

     

       80
       92
        
               before = [ ];

     

       81
       93
        
               data = ''

     

       82
       94
        
                 rm -rf ${config.xdg.dataHome}/"applications/home-manager"

     
···

       110
       122
        
       

     

       111
       123
        
           programs.gpg = {

     

       112
       124
        
             enable = true;

     

       113
       113
       -
             publicKeys = [{

     

       114
       114
       -
               text = ''

     

       115
       115
       -
                 -----BEGIN PGP PUBLIC KEY BLOCK-----

     

       125
       125
       +
             publicKeys = [

     

       126
       126
       +
               {

     

       127
       127
       +
                 text = ''

     

       128
       128
       +
                   -----BEGIN PGP PUBLIC KEY BLOCK-----

     

       116
       129
        
       

     

       117
       117
       -
                 mDMEZZ1zrBYJKwYBBAHaRw8BAQdA8Zeb1OFbzEWx3tM7ylO0ILCnDCG2JoA/iay6

     

       118
       118
       -
                 iWXmB7G0G1J5YW4gR2liYiA8cnlhbkBmcmV1bWgub3JnPoiUBBMWCgA8FiEE67lV

     

       119
       119
       -
                 Y2amyVrqUoWjGfnbY35Mq3QFAmWdc6wCGwMFCQPCZwAECwkIBwQVCgkIBRYCAwEA

     

       120
       120
       -
                 Ah4FAheAAAoJEBn522N+TKt0mwcA/AvuKD4dTPj4hJ/cezEWDOFELMaVYZqDS3V1

     

       121
       121
       -
                 LmRJrdIHAQDYgST8awabyd2Y3PRTFf9ZcWRRompeg0v7c2hCc9/3A7g4BGWdc6wS

     

       122
       122
       -
                 CisGAQQBl1UBBQEBB0AdJP8T3mGR7SUp9DBlIaVU1ESRC7sLWbm4QFCR1JTfSgMB

     

       123
       123
       -
                 CAeIfgQYFgoAJhYhBOu5VWNmpsla6lKFoxn522N+TKt0BQJlnXOsAhsMBQkDwmcA

     

       124
       124
       -
                 AAoJEBn522N+TKt07KwA/10R+ejRZeW0cYScowHAsnDZ09A43bZvdp1X7KeQHMl+

     

       125
       125
       -
                 AQD+TbceHh393VFc4tkl5pYHfrmkCXMdN0faVWolkc7GCA==

     

       126
       126
       -
                 =EfP/

     

       127
       127
       -
                 -----END PGP PUBLIC KEY BLOCK-----

     

       128
       128
       -
               '';

     

       129
       129
       -
               trust = "ultimate";

     

       130
       130
       -
             }];

     

       130
       130
       +
                   mDMEZZ1zrBYJKwYBBAHaRw8BAQdA8Zeb1OFbzEWx3tM7ylO0ILCnDCG2JoA/iay6

     

       131
       131
       +
                   iWXmB7G0G1J5YW4gR2liYiA8cnlhbkBmcmV1bWgub3JnPoiUBBMWCgA8FiEE67lV

     

       132
       132
       +
                   Y2amyVrqUoWjGfnbY35Mq3QFAmWdc6wCGwMFCQPCZwAECwkIBwQVCgkIBRYCAwEA

     

       133
       133
       +
                   Ah4FAheAAAoJEBn522N+TKt0mwcA/AvuKD4dTPj4hJ/cezEWDOFELMaVYZqDS3V1

     

       134
       134
       +
                   LmRJrdIHAQDYgST8awabyd2Y3PRTFf9ZcWRRompeg0v7c2hCc9/3A7g4BGWdc6wS

     

       135
       135
       +
                   CisGAQQBl1UBBQEBB0AdJP8T3mGR7SUp9DBlIaVU1ESRC7sLWbm4QFCR1JTfSgMB

     

       136
       136
       +
                   CAeIfgQYFgoAJhYhBOu5VWNmpsla6lKFoxn522N+TKt0BQJlnXOsAhsMBQkDwmcA

     

       137
       137
       +
                   AAoJEBn522N+TKt07KwA/10R+ejRZeW0cYScowHAsnDZ09A43bZvdp1X7KeQHMl+

     

       138
       138
       +
                   AQD+TbceHh393VFc4tkl5pYHfrmkCXMdN0faVWolkc7GCA==

     

       139
       139
       +
                   =EfP/

     

       140
       140
       +
                   -----END PGP PUBLIC KEY BLOCK-----

     

       141
       141
       +
                 '';

     

       142
       142
       +
                 trust = "ultimate";

     

       143
       143
       +
               }

     

       144
       144
       +
             ];

     

       131
       145
        
           };

     

       132
       146
        
           services.gpg-agent.pinentryPackage = pkgs.pinentry-qt;

     

       133
       147
        
       

     

       134
       148
        
           programs.git = {

     

       135
       149
        
             enable = true;

     

       136
       150
        
             extraConfig = {

     

       137
       137
       -
               init = { defaultBranch = "main"; };

     

       151
       151
       +
               init = {

     

       152
       152
       +
                 defaultBranch = "main";

     

       153
       153
       +
               };

     

       138
       154
        
               user = {

     

       139
       155
        
                 email = "ryan@freumh.org";

     

       140
       156
        
                 name = "Ryan Gibb";

     
···

       153
       169
        
                 l = "log";

     

       154
       170
        
                 lg = "log -p";

     

       155
       171
        
                 lol = "log --graph --decorate --pretty=oneline --abbrev-commit";

     

       156
       156
       -
                 lola =

     

       157
       157
       -
                   "log --graph --decorate --pretty=oneline --abbrev-commit --all";

     

       172
       172
       +
                 lola = "log --graph --decorate --pretty=oneline --abbrev-commit --all";

     

       158
       173
        
                 ls = "ls-files";

     

       159
       174
        
                 a = "add";

     

       160
       175
        
                 aa = "add --all";

     
···

       175
       190
        
       

     

       176
       191
        
           programs.tmux = {

     

       177
       192
        
             enable = true;

     

       178
       178
       -
             extraConfig = let

     

       179
       179
       -
               toggle-status-bar = pkgs.writeScript "toggle-status-bar.sh" ''

     

       180
       180
       -
                 #!/usr/bin/env bash

     

       181
       181
       -
                 window_count=$(tmux list-windows | wc -l)

     

       182
       182
       -
                 if [ "$window_count" -ge "2" ]; then

     

       183
       183
       -
                     tmux set-option status on

     

       184
       184
       -
                 else

     

       185
       185
       -
                     tmux set-option status off

     

       186
       186
       -
                 fi

     

       187
       187
       -
               '';

     

       188
       188
       -
               # https://github.com/ThePrimeagen/.dotfiles/blob/master/bin/.local/scripts/tmux-sessionizer

     

       189
       189
       -
               sessionizer = pkgs.writeScript "sessionizer.sh" ''

     

       190
       190
       -
                 #!/usr/bin/env bash

     

       193
       193
       +
             extraConfig =

     

       194
       194
       +
               let

     

       195
       195
       +
                 toggle-status-bar = pkgs.writeScript "toggle-status-bar.sh" ''

     

       196
       196
       +
                   #!/usr/bin/env bash

     

       197
       197
       +
                   window_count=$(tmux list-windows | wc -l)

     

       198
       198
       +
                   if [ "$window_count" -ge "2" ]; then

     

       199
       199
       +
                       tmux set-option status on

     

       200
       200
       +
                   else

     

       201
       201
       +
                       tmux set-option status off

     

       202
       202
       +
                   fi

     

       203
       203
       +
                 '';

     

       204
       204
       +
                 # https://github.com/ThePrimeagen/.dotfiles/blob/master/bin/.local/scripts/tmux-sessionizer

     

       205
       205
       +
                 sessionizer = pkgs.writeScript "sessionizer.sh" ''

     

       206
       206
       +
                   #!/usr/bin/env bash

     

       191
       207
        
       

     

       192
       192
       -
                 if [[ $# -eq 1 ]]; then

     

       193
       193
       -
                     selected=$1

     

       194
       194
       -
                 else

     

       195
       195
       -
                     selected=$(find ~ -not -path '*/.*' -maxdepth 2 -type d | fzf)

     

       196
       196
       -
                 fi

     

       208
       208
       +
                   if [[ $# -eq 1 ]]; then

     

       209
       209
       +
                       selected=$1

     

       210
       210
       +
                   else

     

       211
       211
       +
                       selected=$(find ~ -not -path '*/.*' -maxdepth 2 -type d | fzf)

     

       212
       212
       +
                   fi

     

       197
       213
        
       

     

       198
       198
       -
                 if [[ -z $selected ]]; then

     

       199
       199
       -
                     exit 0

     

       200
       200
       -
                 fi

     

       214
       214
       +
                   if [[ -z $selected ]]; then

     

       215
       215
       +
                       exit 0

     

       216
       216
       +
                   fi

     

       201
       217
        
       

     

       202
       202
       -
                 selected_name=$(basename "$selected" | tr . _)

     

       203
       203
       -
                 tmux_running=$(pgrep tmux)

     

       218
       218
       +
                   selected_name=$(basename "$selected" | tr . _)

     

       219
       219
       +
                   tmux_running=$(pgrep tmux)

     

       204
       220
        
       

     

       205
       205
       -
                 if [[ -z $TMUX ]] && [[ -z $tmux_running ]]; then

     

       206
       206
       -
                     tmux new-session -s $selected_name -c $selected

     

       207
       207
       -
                     exit 0

     

       208
       208
       -
                 fi

     

       221
       221
       +
                   if [[ -z $TMUX ]] && [[ -z $tmux_running ]]; then

     

       222
       222
       +
                       tmux new-session -s $selected_name -c $selected

     

       223
       223
       +
                       exit 0

     

       224
       224
       +
                   fi

     

       209
       225
        
       

     

       210
       210
       -
                 if ! tmux has-session -t=$selected_name 2> /dev/null; then

     

       211
       211
       -
                     tmux new-session -ds $selected_name -c $selected

     

       212
       212
       -
                 fi

     

       226
       226
       +
                   if ! tmux has-session -t=$selected_name 2> /dev/null; then

     

       227
       227
       +
                       tmux new-session -ds $selected_name -c $selected

     

       228
       228
       +
                   fi

     

       213
       229
        
       

     

       214
       214
       -
                 tmux switch-client -t $selected_name

     

       215
       215
       -
               '';

     

       216
       216
       -
             in ''

     

       217
       217
       -
               # alternative modifier

     

       218
       218
       -
               unbind C-b

     

       219
       219
       -
               set-option -g prefix C-a

     

       220
       220
       -
               bind-key C-a send-prefix

     

       230
       230
       +
                   tmux switch-client -t $selected_name

     

       231
       231
       +
                 '';

     

       232
       232
       +
               in

     

       233
       233
       +
               ''

     

       234
       234
       +
                 # alternative modifier

     

       235
       235
       +
                 unbind C-b

     

       236
       236
       +
                 set-option -g prefix C-a

     

       237
       237
       +
                 bind-key C-a send-prefix

     

       221
       238
        
       

     

       222
       222
       -
               set-window-option -g mode-keys vi

     

       223
       223
       -
               set-option -g mouse on

     

       224
       224
       -
               set-option -g set-titles on

     

       225
       225
       -
               set-option -g set-titles-string "#T"

     

       226
       226
       -
               bind-key t capture-pane -S -\; new-window '(tmux show-buffer; tmux delete-buffer) | nvim -c $'

     

       227
       227
       -
               bind-key u capture-pane\; new-window '(tmux show-buffer; tmux delete-buffer) | ${pkgs.urlscan}/bin/urlscan'

     

       228
       228
       -
               set-hook -g session-window-changed 'run-shell ${toggle-status-bar}'

     

       229
       229
       -
               set-hook -g session-created 'run-shell ${toggle-status-bar}'

     

       230
       230
       -
               # Fixes C-Up/Down in TUIs

     

       231
       231
       -
               set-option default-terminal tmux

     

       232
       232
       -
               # https://stackoverflow.com/questions/62182401/neovim-screen-lagging-when-switching-mode-from-insert-to-normal

     

       233
       233
       -
               # locking

     

       234
       234
       -
               set -s escape-time 0

     

       235
       235
       -
               set -g lock-command ${pkgs.vlock}/bin/vlock

     

       236
       236
       -
               set -g lock-after-time 0 # Seconds; 0 = never

     

       237
       237
       -
               bind L lock-session

     

       238
       238
       -
               # for .zprofile display environment starting https://github.com/tmux/tmux/issues/3483

     

       239
       239
       -
               set-option -g update-environment XDG_VTNR

     

       240
       240
       -
               # Allow clipboard with OSC-52 work

     

       241
       241
       -
               set -s set-clipboard on

     

       242
       242
       -
               # toggle

     

       243
       243
       -
               bind -r ^ last-window

     

       244
       244
       -
               # vim copy

     

       245
       245
       -
               bind -T copy-mode-vi v send-keys -X begin-selection

     

       246
       246
       -
               bind -T copy-mode-vi y send-keys -X copy-selection-and-cancel

     

       247
       247
       -
               # find

     

       248
       248
       -
               bind-key -r g run-shell "tmux neww ${sessionizer}"

     

       249
       249
       -
               # reload

     

       250
       250
       -
               bind-key r source-file ~/.config/tmux/tmux.conf

     

       251
       251
       -
               # kill unattached

     

       252
       252
       -
               bind-key K run-shell 'tmux ls | grep -v attached | cut -d: -f1 | xargs -I {} tmux kill-window -t {}'

     

       253
       253
       -
             '';

     

       239
       239
       +
                 set-window-option -g mode-keys vi

     

       240
       240
       +
                 set-option -g mouse on

     

       241
       241
       +
                 set-option -g set-titles on

     

       242
       242
       +
                 set-option -g set-titles-string "#T"

     

       243
       243
       +
                 bind-key t capture-pane -S -\; new-window '(tmux show-buffer; tmux delete-buffer) | nvim -c $'

     

       244
       244
       +
                 bind-key u capture-pane\; new-window '(tmux show-buffer; tmux delete-buffer) | ${pkgs.urlscan}/bin/urlscan'

     

       245
       245
       +
                 set-hook -g session-window-changed 'run-shell ${toggle-status-bar}'

     

       246
       246
       +
                 set-hook -g session-created 'run-shell ${toggle-status-bar}'

     

       247
       247
       +
                 # Fixes C-Up/Down in TUIs

     

       248
       248
       +
                 set-option default-terminal tmux

     

       249
       249
       +
                 # https://stackoverflow.com/questions/62182401/neovim-screen-lagging-when-switching-mode-from-insert-to-normal

     

       250
       250
       +
                 # locking

     

       251
       251
       +
                 set -s escape-time 0

     

       252
       252
       +
                 set -g lock-command ${pkgs.vlock}/bin/vlock

     

       253
       253
       +
                 set -g lock-after-time 0 # Seconds; 0 = never

     

       254
       254
       +
                 bind L lock-session

     

       255
       255
       +
                 # for .zprofile display environment starting https://github.com/tmux/tmux/issues/3483

     

       256
       256
       +
                 set-option -g update-environment XDG_VTNR

     

       257
       257
       +
                 # Allow clipboard with OSC-52 work

     

       258
       258
       +
                 set -s set-clipboard on

     

       259
       259
       +
                 # toggle

     

       260
       260
       +
                 bind -r ^ last-window

     

       261
       261
       +
                 # vim copy

     

       262
       262
       +
                 bind -T copy-mode-vi v send-keys -X begin-selection

     

       263
       263
       +
                 bind -T copy-mode-vi y send-keys -X copy-selection-and-cancel

     

       264
       264
       +
                 # find

     

       265
       265
       +
                 bind-key -r g run-shell "tmux neww ${sessionizer}"

     

       266
       266
       +
                 # reload

     

       267
       267
       +
                 bind-key r source-file ~/.config/tmux/tmux.conf

     

       268
       268
       +
                 # kill unattached

     

       269
       269
       +
                 bind-key K run-shell 'tmux ls | grep -v attached | cut -d: -f1 | xargs -I {} tmux kill-window -t {}'

     

       270
       270
       +
               '';

     

       254
       271
        
           };

     

       255
       272
        
       

     

       256
       273
        
           programs.less = {

     
···

       267
       284
        
           home.stateVersion = "22.05";

     

       268
       285
        
         };

     

       269
       286
        
       }

     

       270
       270
       -

+12 -5

home/emacs/default.nix

···

       1
       1
       -
       { pkgs, lib, config, ... }:

     

       1
       1
       +
       {

     

       2
       2
       +
         pkgs,

     

       3
       3
       +
         lib,

     

       4
       4
       +
         config,

     

       5
       5
       +
         ...

     

       6
       6
       +
       }:

     

       2
       7
        
       

     

       3
       3
       -
       let cfg = config.custom.emacs;

     

       4
       4
       -
       in {

     

       8
       8
       +
       let

     

       9
       9
       +
         cfg = config.custom.emacs;

     

       10
       10
       +
       in

     

       11
       11
       +
       {

     

       5
       12
        
         options.custom.emacs.enable = lib.mkEnableOption "emacs";

     

       6
       13
        
       

     

       7
       14
        
         config = lib.mkIf cfg.enable {

     

       8
       15
        
           programs.emacs = {

     

       9
       16
        
             enable = true;

     

       10
       17
        
             package = pkgs.emacs29-pgtk;

     

       11
       11
       -
             extraPackages = epkgs:

     

       12
       12
       -
               with epkgs; [

     

       18
       18
       +
             extraPackages =

     

       19
       19
       +
               epkgs: with epkgs; [

     

       13
       20
        
                 evil

     

       14
       21
        
                 evil-leader

     

       15
       22
        
                 # https://github.com/emacs-evil/evil-collection/pull/812/commits/149eacce58354f0ee3a55d4c12059148ef4ff953

+63 -50

home/gui.nix

···

       1
       1
       -
       { pkgs, config, lib, ... }:

     

       1
       1
       +
       {

     

       2
       2
       +
         pkgs,

     

       3
       3
       +
         config,

     

       4
       4
       +
         lib,

     

       5
       5
       +
         ...

     

       6
       6
       +
       }:

     

       2
       7
        
       

     

       3
       3
       -
       let cfg = config.custom.gui;

     

       4
       4
       -
       in {

     

       8
       8
       +
       let

     

       9
       9
       +
         cfg = config.custom.gui;

     

       10
       10
       +
       in

     

       11
       11
       +
       {

     

       5
       12
        
         options.custom.gui.enable = lib.mkEnableOption "gui";

     

       6
       13
        
       

     

       7
       14
        
         config = lib.mkIf cfg.enable {

     
···

       25
       32
        
             sessionVariables = {

     

       26
       33
        
               # evince workaround

     

       27
       34
        
               GTK_THEME = "Gruvbox-Dark";

     

       28
       28
       -
               WALLPAPER = let wallpaper = ./wallpaper.jpg;

     

       29
       29
       -
               in pkgs.runCommand (builtins.baseNameOf wallpaper) { }

     

       30
       30
       -
               "cp ${wallpaper} $out";

     

       35
       35
       +
               WALLPAPER =

     

       36
       36
       +
                 let

     

       37
       37
       +
                   wallpaper = ./wallpaper.jpg;

     

       38
       38
       +
                 in

     

       39
       39
       +
                 pkgs.runCommand (builtins.baseNameOf wallpaper) { } "cp ${wallpaper} $out";

     

       31
       40
        
               TERMINAL = "alacritty";

     

       32
       41
        
             };

     

       33
       42
        
             pointerCursor = {

     
···

       57
       66
        
             };

     

       58
       67
        
           };

     

       59
       68
        
       

     

       60
       60
       -
           programs.firefox = let

     

       61
       61
       -
             settings = {

     

       62
       62
       -
               "browser.ctrlTab.recentlyUsedOrder" = false;

     

       63
       63
       -
               "browser.tabs.warnOnClose" = false;

     

       64
       64
       -
               "browser.toolbars.bookmarks.visibility" = "never";

     

       69
       69
       +
           programs.firefox =

     

       70
       70
       +
             let

     

       71
       71
       +
               settings = {

     

       72
       72
       +
                 "browser.ctrlTab.recentlyUsedOrder" = false;

     

       73
       73
       +
                 "browser.tabs.warnOnClose" = false;

     

       74
       74
       +
                 "browser.toolbars.bookmarks.visibility" = "never";

     

       65
       75
        
       

     

       66
       66
       -
               # Only hide UI elements on F11 (i.e. don't go fullscreen, leave that to WM)

     

       67
       67
       -
               "full-screen-api.ignore-widgets" = true;

     

       68
       68
       -
               # Right click issue fix

     

       69
       69
       -
               "ui.context_menus.after_mouseup" = true;

     

       76
       76
       +
                 # Only hide UI elements on F11 (i.e. don't go fullscreen, leave that to WM)

     

       77
       77
       +
                 "full-screen-api.ignore-widgets" = true;

     

       78
       78
       +
                 # Right click issue fix

     

       79
       79
       +
                 "ui.context_menus.after_mouseup" = true;

     

       70
       80
        
       

     

       71
       71
       -
               # Use userChrome.css

     

       72
       72
       -
               "toolkit.legacyUserProfileCustomizations.stylesheets" = true;

     

       81
       81
       +
                 # Use userChrome.css

     

       82
       82
       +
                 "toolkit.legacyUserProfileCustomizations.stylesheets" = true;

     

       73
       83
        
       

     

       74
       74
       -
               "browser.shell.checkDefaultBrowser" = false;

     

       84
       84
       +
                 "browser.shell.checkDefaultBrowser" = false;

     

       75
       85
        
       

     

       76
       76
       -
               # sync toolbar

     

       77
       77
       -
               "services.sync.prefs.sync.browser.uiCustomization.state" = true;

     

       86
       86
       +
                 # sync toolbar

     

       87
       87
       +
                 "services.sync.prefs.sync.browser.uiCustomization.state" = true;

     

       78
       88
        
       

     

       79
       79
       -
               "extensions.pocket.enabled" = false;

     

       80
       80
       -
             };

     

       81
       81
       -
             userChrome = ''

     

       82
       82
       -
               #webrtcIndicator {

     

       83
       83
       -
                 display: none;

     

       84
       84
       -
               }

     

       89
       89
       +
                 "extensions.pocket.enabled" = false;

     

       90
       90
       +
               };

     

       91
       91
       +
               userChrome = ''

     

       92
       92
       +
                 #webrtcIndicator {

     

       93
       93
       +
                   display: none;

     

       94
       94
       +
                 }

     

       85
       95
        
       

     

       86
       86
       -
               /* Move find bar to top */

     

       87
       87
       -
               .browserContainer > findbar {

     

       88
       88
       -
                 -moz-box-ordinal-group: 0;

     

       89
       89
       -
               }

     

       96
       96
       +
                 /* Move find bar to top */

     

       97
       97
       +
                 .browserContainer > findbar {

     

       98
       98
       +
                   -moz-box-ordinal-group: 0;

     

       99
       99
       +
                 }

     

       90
       100
        
       

     

       91
       91
       -
               #TabsToolbar

     

       92
       92
       -
               {

     

       93
       93
       -
                   visibility: collapse;

     

       94
       94
       -
               }

     

       95
       95
       -
             '';

     

       96
       96
       -
           in {

     

       97
       97
       -
             enable = true;

     

       98
       98
       -
             profiles.default = {

     

       99
       99
       -
               settings = settings;

     

       100
       100
       -
               userChrome = userChrome;

     

       101
       101
       -
             };

     

       102
       102
       -
             profiles.secondary = {

     

       103
       103
       -
               id = 1;

     

       104
       104
       -
               isDefault = false;

     

       105
       105
       -
               settings = settings;

     

       106
       106
       -
               userChrome = userChrome;

     

       101
       101
       +
                 #TabsToolbar

     

       102
       102
       +
                 {

     

       103
       103
       +
                     visibility: collapse;

     

       104
       104
       +
                 }

     

       105
       105
       +
               '';

     

       106
       106
       +
             in

     

       107
       107
       +
             {

     

       108
       108
       +
               enable = true;

     

       109
       109
       +
               profiles.default = {

     

       110
       110
       +
                 settings = settings;

     

       111
       111
       +
                 userChrome = userChrome;

     

       112
       112
       +
               };

     

       113
       113
       +
               profiles.secondary = {

     

       114
       114
       +
                 id = 1;

     

       115
       115
       +
                 isDefault = false;

     

       116
       116
       +
                 settings = settings;

     

       117
       117
       +
                 userChrome = userChrome;

     

       118
       118
       +
               };

     

       119
       119
       +
               package = (

     

       120
       120
       +
                 pkgs.firefox.override {

     

       121
       121
       +
                   nativeMessagingHosts = with pkgs; [ tridactyl-native ];

     

       122
       122
       +
                 }

     

       123
       123
       +
               );

     

       107
       124
        
             };

     

       108
       108
       -
             package = (pkgs.firefox.override {

     

       109
       109
       -
               nativeMessagingHosts = with pkgs; [ tridactyl-native ];

     

       110
       110
       -
             });

     

       111
       111
       -
           };

     

       112
       125
        
       

     

       113
       126
        
           xdg = {

     

       114
       127
        
             configFile = {

+24 -12

home/i3.nix

···

       1
       1
       -
       { pkgs, config, lib, ... }@inputs:

     

       1
       1
       +
       {

     

       2
       2
       +
         pkgs,

     

       3
       3
       +
         config,

     

       4
       4
       +
         lib,

     

       5
       5
       +
         ...

     

       6
       6
       +
       }@inputs:

     

       2
       7
        
       

     

       3
       8
        
       let

     

       4
       9
        
         i3-workspace-history =

     
···

       24
       29
        
         };

     

       25
       30
        
         util = import ./util.nix { inherit pkgs lib; };

     

       26
       31
        
         cfg = config.custom.gui.i3;

     

       27
       27
       -
       in {

     

       32
       32
       +
       in

     

       33
       33
       +
       {

     

       28
       34
        
         options.custom.gui.i3.enable = lib.mkEnableOption "i3";

     

       29
       35
        
       

     

       30
       36
        
         config = lib.mkIf cfg.enable {

     
···

       54
       60
        
             '';

     

       55
       61
        
           };

     

       56
       62
        
       

     

       57
       57
       -
           xdg.configFile = let

     

       58
       58
       -
             entries = {

     

       59
       59
       -
               "dunst/dunstrc".source = ./dunst;

     

       60
       60
       -
               "i3/config".text = let wmFilenames = util.listFilesInDir ./wm/config.d;

     

       61
       61
       -
               in let i3Filenames = util.listFilesInDir ./wm/i3;

     

       62
       62
       -
               in (util.concatFilesReplace

     

       63
       63
       -
                 ([ ./wm/config ] ++ wmFilenames ++ i3Filenames) replacements);

     

       64
       64
       -
               "rofi/config.rasi".source = ./rofi.rasi;

     

       65
       65
       -
             };

     

       66
       66
       -
           in (util.inDirReplace ./wm/scripts "i3/scripts" replacements) // entries;

     

       63
       63
       +
           xdg.configFile =

     

       64
       64
       +
             let

     

       65
       65
       +
               entries = {

     

       66
       66
       +
                 "dunst/dunstrc".source = ./dunst;

     

       67
       67
       +
                 "i3/config".text =

     

       68
       68
       +
                   let

     

       69
       69
       +
                     wmFilenames = util.listFilesInDir ./wm/config.d;

     

       70
       70
       +
                   in

     

       71
       71
       +
                   let

     

       72
       72
       +
                     i3Filenames = util.listFilesInDir ./wm/i3;

     

       73
       73
       +
                   in

     

       74
       74
       +
                   (util.concatFilesReplace ([ ./wm/config ] ++ wmFilenames ++ i3Filenames) replacements);

     

       75
       75
       +
                 "rofi/config.rasi".source = ./rofi.rasi;

     

       76
       76
       +
               };

     

       77
       77
       +
             in

     

       78
       78
       +
             (util.inDirReplace ./wm/scripts "i3/scripts" replacements) // entries;

     

       67
       79
        
       

     

       68
       80
        
           services.redshift = {

     

       69
       81
        
             enable = true;

+44 -19

home/mail.nix

···

       1
       1
       -
       { pkgs, config, lib, ... }:

     

       1
       1
       +
       {

     

       2
       2
       +
         pkgs,

     

       3
       3
       +
         config,

     

       4
       4
       +
         lib,

     

       5
       5
       +
         ...

     

       6
       6
       +
       }:

     

       2
       7
        
       

     

       3
       8
        
       let

     

       4
       9
        
         address-book = pkgs.writeScriptBin "address-book" ''

     
···

       14
       19
        
           ${pkgs.mu}/bin/mu index

     

       15
       20
        
         '';

     

       16
       21
        
         cfg = config.custom.mail;

     

       17
       17
       -
       in {

     

       22
       22
       +
       in

     

       23
       23
       +
       {

     

       18
       24
        
         options.custom.mail.enable = lib.mkEnableOption "mail";

     

       19
       25
        
       

     

       20
       26
        
         config = lib.mkIf cfg.enable {

     
···

       41
       47
        
                 general.default-save-path = "~/downloads";

     

       42
       48
        
                 ui.mouse-enabled = true;

     

       43
       49
        
                 compose.address-book-cmd = "${address-book}/bin/address-book '%s'";

     

       44
       44
       -
                 compose.file-picker-cmd =

     

       45
       45
       -
                   "${pkgs.ranger}/bin/ranger --choosefiles=%f";

     

       50
       50
       +
                 compose.file-picker-cmd = "${pkgs.ranger}/bin/ranger --choosefiles=%f";

     

       46
       51
        
                 compose.format-flowed = true;

     

       47
       52
        
                 ui.index-columns = "date<=,name<50,flags>=,subject<*";

     

       48
       53
        
                 ui.column-name = "{{index (.From | persons) 0}}";

     

       49
       54
        
                 "ui:folder=Sent".index-columns = "date<=,to<50,flags>=,subject<*";

     

       50
       55
        
                 "ui:folder=Sent".column-to = "{{index (.To | persons) 0}}";

     

       51
       56
        
                 openers."text/html" = "firefox --new-window";

     

       52
       52
       -
                 hooks.mail-recieved = ''

     

       53
       53
       -
                   notify-send "[$AERC_ACCOUNT/$AERC_FOLDER] mail from $AERC_FROM_NAME" "$AERC_SUBJECT"'';

     

       57
       57
       +
                 hooks.mail-recieved = ''notify-send "[$AERC_ACCOUNT/$AERC_FOLDER] mail from $AERC_FROM_NAME" "$AERC_SUBJECT"'';

     

       54
       58
        
                 filters = {

     

       55
       59
        
                   "text/plain" = "wrap -w 90 | colorize";

     

       56
       60
        
                   "text/calendar" = "calendar";

     
···

       116
       120
        
                   expunge = "both";

     

       117
       121
        
                   remove = "both";

     

       118
       122
        
                 };

     

       119
       119
       -
                 msmtp = { enable = true; };

     

       123
       123
       +
                 msmtp = {

     

       124
       124
       +
                   enable = true;

     

       125
       125
       +
                 };

     

       120
       126
        
                 aerc = {

     

       121
       127
        
                   enable = true;

     

       122
       128
        
                   extraAccounts = {

     

       123
       129
        
                     check-mail-cmd = "${sync-mail}/bin/mbsync ryan@freumh.org";

     

       124
       130
        
                     check-mail-timeout = "1m";

     

       125
       131
        
                     check-mail = "1h";

     

       126
       126
       -
                     folders-sort =

     

       127
       127
       -
                       [ "Inbox" "Sent" "Drafts" "Archive" "Spam" "Trash" ];

     

       132
       132
       +
                     folders-sort = [

     

       133
       133
       +
                       "Inbox"

     

       134
       134
       +
                       "Sent"

     

       135
       135
       +
                       "Drafts"

     

       136
       136
       +
                       "Archive"

     

       137
       137
       +
                       "Spam"

     

       138
       138
       +
                       "Trash"

     

       139
       139
       +
                     ];

     

       128
       140
        
                     folder-map = "${pkgs.writeText "folder-map" ''

     

       129
       141
        
                       Spam = Junk

     

       130
       142
        
                       Bin = Trash

     
···

       170
       182
        
                   expunge = "both";

     

       171
       183
        
                   remove = "both";

     

       172
       184
        
                 };

     

       173
       173
       -
                 msmtp = { enable = true; };

     

       185
       185
       +
                 msmtp = {

     

       186
       186
       +
                   enable = true;

     

       187
       187
       +
                 };

     

       174
       188
        
                 neomutt = {

     

       175
       189
        
                   enable = true;

     

       176
       190
        
                   extraConfig = ''

     
···

       187
       201
        
                 userName = "rtg24@fm.cl.cam.ac.uk";

     

       188
       202
        
                 address = "ryan.gibb@cl.cam.ac.uk";

     

       189
       203
        
                 realName = "Ryan Gibb";

     

       190
       190
       -
                 passwordCommand =

     

       191
       191
       -
                   "${pkgs.pass}/bin/pass show email/ryan.gibb@cl.cam.ac.uk";

     

       204
       204
       +
                 passwordCommand = "${pkgs.pass}/bin/pass show email/ryan.gibb@cl.cam.ac.uk";

     

       192
       205
        
                 flavor = "fastmail.com";

     

       193
       206
        
                 folders = {

     

       194
       207
        
                   drafts = "Drafts";

     
···

       207
       220
        
                   expunge = "both";

     

       208
       221
        
                   remove = "both";

     

       209
       222
        
                 };

     

       210
       210
       -
                 msmtp = { enable = true; };

     

       223
       223
       +
                 msmtp = {

     

       224
       224
       +
                   enable = true;

     

       225
       225
       +
                 };

     

       211
       226
        
                 aerc = {

     

       212
       227
        
                   enable = true;

     

       213
       228
        
                   extraAccounts = {

     
···

       215
       230
        
                     check-mail-timeout = "1m";

     

       216
       231
        
                     check-mail = "1h";

     

       217
       232
        
                     aliases = "rtg24@cam.ac.uk";

     

       218
       218
       -
                     folders-sort =

     

       219
       219
       -
                       [ "Inbox" "Sidebox" "Sent" "Drafts" "Archive" "Spam" "Trash" ];

     

       233
       233
       +
                     folders-sort = [

     

       234
       234
       +
                       "Inbox"

     

       235
       235
       +
                       "Sidebox"

     

       236
       236
       +
                       "Sent"

     

       237
       237
       +
                       "Drafts"

     

       238
       238
       +
                       "Archive"

     

       239
       239
       +
                       "Spam"

     

       240
       240
       +
                       "Trash"

     

       241
       241
       +
                     ];

     

       220
       242
        
                     folder-map = "${pkgs.writeText "folder-map" ''

     

       221
       243
        
                       Bin = Trash

     

       222
       244
        
                     ''}";

     
···

       238
       260
        
                 userName = "ryangibb321@gmail.com";

     

       239
       261
        
                 address = "ryangibb321@gmail.com";

     

       240
       262
        
                 realName = "Ryan Gibb";

     

       241
       241
       -
                 passwordCommand =

     

       242
       242
       -
                   "${pkgs.pass}/bin/pass show email/ryangibb321@gmail.com";

     

       263
       263
       +
                 passwordCommand = "${pkgs.pass}/bin/pass show email/ryangibb321@gmail.com";

     

       243
       264
        
                 flavor = "gmail.com";

     

       244
       265
        
                 folders = {

     

       245
       266
        
                   drafts = "Drafts";

     
···

       258
       279
        
                   expunge = "both";

     

       259
       280
        
                   remove = "both";

     

       260
       281
        
                 };

     

       261
       261
       -
                 msmtp = { enable = true; };

     

       282
       282
       +
                 msmtp = {

     

       283
       283
       +
                   enable = true;

     

       284
       284
       +
                 };

     

       262
       285
        
                 aerc = {

     

       263
       286
        
                   enable = true;

     

       264
       287
        
                   extraAccounts = {

     
···

       296
       319
        
                 realName = "Search Index";

     

       297
       320
        
                 address = "search@local";

     

       298
       321
        
                 aerc.enable = true;

     

       299
       299
       -
                 aerc.extraAccounts = { source = "maildir://~/mail/search"; };

     

       322
       322
       +
                 aerc.extraAccounts = {

     

       323
       323
       +
                   source = "maildir://~/mail/search";

     

       324
       324
       +
                 };

     

       300
       325
        
                 aerc.extraConfig = {

     

       301
       326
        
                   ui = {

     

       302
       327
        
                     index-columns = "flags>4,date<*,to<30,name<30,subject<*";

+58 -41

home/nvim/default.nix

···

       1
       1
       -
       { pkgs, config, lib, ... }:

     

       1
       1
       +
       {

     

       2
       2
       +
         pkgs,

     

       3
       3
       +
         config,

     

       4
       4
       +
         lib,

     

       5
       5
       +
         ...

     

       6
       6
       +
       }:

     

       2
       7
        
       

     

       3
       8
        
       let

     

       4
       9
        
         ltex-ls-nvim = pkgs.vimUtils.buildVimPlugin {

     
···

       45
       50
        
           meta.homepage = "https://github.com/RyanGibb/calendar.nvim/";

     

       46
       51
        
         };

     

       47
       52
        
         cfg = config.custom;

     

       48
       48
       -
       in {

     

       53
       53
       +
       in

     

       54
       54
       +
       {

     

       49
       55
        
         options.custom.nvim-lsps = lib.mkEnableOption "nvim-lsps";

     

       50
       56
        
       

     

       51
       57
        
         config = {

     
···

       59
       65
        
             enable = true;

     

       60
       66
        
             viAlias = true;

     

       61
       67
        
             vimAlias = true;

     

       62
       62
       -
             extraPackages = with pkgs;

     

       63
       63
       -
               [ ripgrep nixd ] ++ lib.lists.optionals cfg.nvim-lsps [

     

       68
       68
       +
             extraPackages =

     

       69
       69
       +
               with pkgs;

     

       70
       70
       +
               [

     

       71
       71
       +
                 ripgrep

     

       72
       72
       +
                 nixd

     

       73
       73
       +
               ]

     

       74
       74
       +
               ++ lib.lists.optionals cfg.nvim-lsps [

     

       64
       75
        
                 nixfmt-rfc-style

     

       65
       76
        
                 # stop complaining when launching but a devshell is better

     

       66
       77
        
                 ocamlPackages.ocaml-lsp

     
···

       77
       88
        
             extraLuaConfig = builtins.readFile ./init.lua;

     

       78
       89
        
             # undo transparent background

     

       79
       90
        
             # + "colorscheme gruvbox";

     

       80
       80
       -
             plugins = with pkgs.vimPlugins;

     

       91
       91
       +
             plugins =

     

       92
       92
       +
               with pkgs.vimPlugins;

     

       81
       93
        
               [

     

       82
       94
        
                 gruvbox-nvim

     

       83
       95
        
       

     
···

       348
       360
        
       

     

       349
       361
        
                 {

     

       350
       362
        
                   plugin = pkgs.notmuch;

     

       351
       351
       -
                   runtime = let

     

       352
       352
       -
                     notmuch-style = ''

     

       353
       353
       -
                       let g:notmuch_date_format = '%Y-%m-%d'

     

       354
       354
       -
                       let g:notmuch_datetime_format = '%Y-%m-%d %I:%M%p'

     

       355
       355
       -
                     '';

     

       356
       356
       -
                   in {

     

       357
       357
       -
                     "ftplugin/notmuch-folders.vim".text = notmuch-style;

     

       358
       358
       -
                     "ftplugin/notmuch-search.vim".text = notmuch-style;

     

       359
       359
       -
                     "ftplugin/notmuch-show.vim".text = notmuch-style;

     

       360
       360
       -
                     "ftplugin/notmuch-compose.vim".text = notmuch-style;

     

       361
       361
       -
                   };

     

       363
       363
       +
                   runtime =

     

       364
       364
       +
                     let

     

       365
       365
       +
                       notmuch-style = ''

     

       366
       366
       +
                         let g:notmuch_date_format = '%Y-%m-%d'

     

       367
       367
       +
                         let g:notmuch_datetime_format = '%Y-%m-%d %I:%M%p'

     

       368
       368
       +
                       '';

     

       369
       369
       +
                     in

     

       370
       370
       +
                     {

     

       371
       371
       +
                       "ftplugin/notmuch-folders.vim".text = notmuch-style;

     

       372
       372
       +
                       "ftplugin/notmuch-search.vim".text = notmuch-style;

     

       373
       373
       +
                       "ftplugin/notmuch-show.vim".text = notmuch-style;

     

       374
       374
       +
                       "ftplugin/notmuch-compose.vim".text = notmuch-style;

     

       375
       375
       +
                     };

     

       362
       376
        
                 }

     

       363
       377
        
       

     

       364
       378
        
                 {

     
···

       390
       404
        
                     require('calendar')

     

       391
       405
        
                   '';

     

       392
       406
        
                 }

     

       393
       393
       -
               ] ++ lib.lists.optionals cfg.nvim-lsps [

     

       407
       407
       +
               ]

     

       408
       408
       +
               ++ lib.lists.optionals cfg.nvim-lsps [

     

       394
       409
        
                 {

     

       395
       410
        
                   plugin = nvim-lspconfig;

     

       396
       411
        
                   type = "lua";

     

       397
       412
        
                   config = builtins.readFile ./lsp.lua;

     

       398
       398
       -
                   runtime = let

     

       399
       399
       -
                     ml-style = ''

     

       400
       400
       -
                       setlocal expandtab

     

       401
       401
       -
                       setlocal shiftwidth=2

     

       402
       402
       -
                       setlocal tabstop=2

     

       403
       403
       -
                       setlocal softtabstop=2

     

       404
       404
       -
                     '';

     

       405
       405
       -
                   in {

     

       406
       406
       -
                     "ftplugin/nix.vim".text = ml-style;

     

       407
       407
       -
                     "ftplugin/ocaml.vim".text = ml-style;

     

       408
       408
       -
                     "ftplugin/java.lua".text = ''

     

       409
       409
       -
                       local project_name = vim.fn.fnamemodify(vim.fn.getcwd(), ':p:h:t')

     

       410
       410
       -
                       local workspace_dir = '~/.cache/jdt/' .. project_name

     

       411
       411
       -
                       require('jdtls').start_or_attach {

     

       412
       412
       -
                       	on_attach = On_attach,

     

       413
       413
       -
                       	capabilities = Capabilities,

     

       414
       414
       -
                       	cmd = { 'jdt-language-server', '-data', workspace_dir, },

     

       415
       415
       -
                       	root_dir = vim.fs.dirname(vim.fs.find({'gradlew', '.git', 'mvnw'}, { upward = true })[1]),

     

       416
       416
       -
                       }

     

       417
       417
       -
                     '';

     

       418
       418
       -
                     "ftplugin/ledger.vim".text = ''

     

       419
       419
       -
                       setlocal foldmethod=syntax

     

       420
       420
       -
                     '';

     

       421
       421
       -
                   };

     

       413
       413
       +
                   runtime =

     

       414
       414
       +
                     let

     

       415
       415
       +
                       ml-style = ''

     

       416
       416
       +
                         setlocal expandtab

     

       417
       417
       +
                         setlocal shiftwidth=2

     

       418
       418
       +
                         setlocal tabstop=2

     

       419
       419
       +
                         setlocal softtabstop=2

     

       420
       420
       +
                       '';

     

       421
       421
       +
                     in

     

       422
       422
       +
                     {

     

       423
       423
       +
                       "ftplugin/nix.vim".text = ml-style;

     

       424
       424
       +
                       "ftplugin/ocaml.vim".text = ml-style;

     

       425
       425
       +
                       "ftplugin/java.lua".text = ''

     

       426
       426
       +
                         local project_name = vim.fn.fnamemodify(vim.fn.getcwd(), ':p:h:t')

     

       427
       427
       +
                         local workspace_dir = '~/.cache/jdt/' .. project_name

     

       428
       428
       +
                         require('jdtls').start_or_attach {

     

       429
       429
       +
                         	on_attach = On_attach,

     

       430
       430
       +
                         	capabilities = Capabilities,

     

       431
       431
       +
                         	cmd = { 'jdt-language-server', '-data', workspace_dir, },

     

       432
       432
       +
                         	root_dir = vim.fs.dirname(vim.fs.find({'gradlew', '.git', 'mvnw'}, { upward = true })[1]),

     

       433
       433
       +
                         }

     

       434
       434
       +
                       '';

     

       435
       435
       +
                       "ftplugin/ledger.vim".text = ''

     

       436
       436
       +
                         setlocal foldmethod=syntax

     

       437
       437
       +
                       '';

     

       438
       438
       +
                     };

     

       422
       439
        
                 }

     

       423
       440
        
                 {

     

       424
       441
        
                   plugin = nvim-dap;

+33 -23

home/sway.nix

···

       1
       1
       -
       { pkgs, config, lib, ... }@inputs:

     

       1
       1
       +
       {

     

       2
       2
       +
         pkgs,

     

       3
       3
       +
         config,

     

       4
       4
       +
         lib,

     

       5
       5
       +
         ...

     

       6
       6
       +
       }@inputs:

     

       2
       7
        
       

     

       3
       8
        
       let

     

       4
       9
        
         i3-workspace-history =

     
···

       26
       31
        
         };

     

       27
       32
        
         util = import ./util.nix { inherit pkgs lib; };

     

       28
       33
        
         cfg = config.custom.gui.sway;

     

       29
       29
       -
       in {

     

       34
       34
       +
       in

     

       35
       35
       +
       {

     

       30
       36
        
         options.custom.gui.sway.enable = lib.mkEnableOption "sway";

     

       31
       37
        
       

     

       32
       38
        
         config = lib.mkIf cfg.enable {

     
···

       72
       78
        
             fi

     

       73
       79
        
           '';

     

       74
       80
        
       

     

       75
       75
       -
           xdg.configFile = let

     

       76
       76
       -
             entries = {

     

       77
       77
       -
               "fusuma/config.yml".source = ./fusuma.yml;

     

       78
       78
       -
               "kanshi/config".source = ./kanshi;

     

       79
       79
       -
               "dunst/dunstrc".source = ./dunst;

     

       80
       80
       -
               "swaylock/config".source = ./swaylock;

     

       81
       81
       -
               "wofi/style.css".source = ./wofi.css;

     

       82
       82
       -
               "swappy/config".text = ''

     

       83
       83
       -
                 [Default]

     

       84
       84
       -
                 save_dir=$XDG_PICTURES_DIR/capture/

     

       85
       85
       -
                 save_filename_format=screenshot_%Y-%m-%dT%H:%M:%S%z.png

     

       86
       86
       -
               '';

     

       87
       87
       -
               "sway/config".text =

     

       88
       88
       -
                 let wmFilenames = util.listFilesInDir ./wm/config.d;

     

       89
       89
       -
                 in let swayFilenames = util.listFilesInDir ./wm/sway;

     

       90
       90
       -
                 in (util.concatFilesReplace

     

       91
       91
       -
                   ([ ./wm/config ] ++ wmFilenames ++ swayFilenames) replacements);

     

       92
       92
       -
             };

     

       93
       93
       -
           in (util.inDirReplace ./wm/scripts "sway/scripts" replacements) // entries;

     

       81
       81
       +
           xdg.configFile =

     

       82
       82
       +
             let

     

       83
       83
       +
               entries = {

     

       84
       84
       +
                 "fusuma/config.yml".source = ./fusuma.yml;

     

       85
       85
       +
                 "kanshi/config".source = ./kanshi;

     

       86
       86
       +
                 "dunst/dunstrc".source = ./dunst;

     

       87
       87
       +
                 "swaylock/config".source = ./swaylock;

     

       88
       88
       +
                 "wofi/style.css".source = ./wofi.css;

     

       89
       89
       +
                 "swappy/config".text = ''

     

       90
       90
       +
                   [Default]

     

       91
       91
       +
                   save_dir=$XDG_PICTURES_DIR/capture/

     

       92
       92
       +
                   save_filename_format=screenshot_%Y-%m-%dT%H:%M:%S%z.png

     

       93
       93
       +
                 '';

     

       94
       94
       +
                 "sway/config".text =

     

       95
       95
       +
                   let

     

       96
       96
       +
                     wmFilenames = util.listFilesInDir ./wm/config.d;

     

       97
       97
       +
                   in

     

       98
       98
       +
                   let

     

       99
       99
       +
                     swayFilenames = util.listFilesInDir ./wm/sway;

     

       100
       100
       +
                   in

     

       101
       101
       +
                   (util.concatFilesReplace ([ ./wm/config ] ++ wmFilenames ++ swayFilenames) replacements);

     

       102
       102
       +
               };

     

       103
       103
       +
             in

     

       104
       104
       +
             (util.inDirReplace ./wm/scripts "sway/scripts" replacements) // entries;

     

       94
       105
        
       

     

       95
       106
        
           services.gammastep = {

     

       96
       107
        
             enable = true;

     

       97
       108
        
             provider = "geoclue2";

     

       98
       109
        
             temperature.day = 6500;

     

       99
       110
        
           };

     

       100
       100
       -
           systemd.user.services.gammastep.Service.ExecStart =

     

       101
       101
       -
             lib.mkForce "${pkgs.gammastep}/bin/gammastep -r";

     

       111
       111
       +
           systemd.user.services.gammastep.Service.ExecStart = lib.mkForce "${pkgs.gammastep}/bin/gammastep -r";

     

       102
       112
        
         };

     

       103
       113
        
       }

+31 -23

home/util.nix

···

       1
       1
        
       { pkgs, lib, ... }:

     

       2
       2
        
       

     

       3
       3
        
       {

     

       4
       4
       -
         listFilesInDir = src:

     

       5
       5
       -
           lib.attrsets.mapAttrsToList (name: value: "${src}/${name}")

     

       6
       6
       -
           (builtins.readDir src);

     

       7
       7
       -
         inDirReplace = src: dst: replacements:

     

       4
       4
       +
         listFilesInDir =

     

       5
       5
       +
           src: lib.attrsets.mapAttrsToList (name: value: "${src}/${name}") (builtins.readDir src);

     

       6
       6
       +
         inDirReplace =

     

       7
       7
       +
           src: dst: replacements:

     

       8
       8
        
           lib.pipe src [

     

       9
       9
        
             # get filenames in src directory

     

       10
       10
        
             builtins.readDir

     

       11
       11
        
             (lib.attrsets.mapAttrsToList (name: value: "${name}"))

     

       12
       12
        
             # call `substituteAll` on all files

     

       13
       13
       -
             (let

     

       14
       14
       -
               substitutedSource = file: {

     

       15
       15
       -
                 source = (pkgs.substituteAll ({

     

       16
       16
       -
                   src = "/${src}/${file}";

     

       17
       17
       -
                   isExecutable = true;

     

       18
       18
       -
                 } // replacements));

     

       19
       19
       -
               };

     

       20
       20
       -
             in builtins.map (file:

     

       21
       21
       -
               lib.attrsets.nameValuePair "${dst}/${file}" (substitutedSource file)))

     

       13
       13
       +
             (

     

       14
       14
       +
               let

     

       15
       15
       +
                 substitutedSource = file: {

     

       16
       16
       +
                   source = (

     

       17
       17
       +
                     pkgs.substituteAll (

     

       18
       18
       +
                       {

     

       19
       19
       +
                         src = "/${src}/${file}";

     

       20
       20
       +
                         isExecutable = true;

     

       21
       21
       +
                       }

     

       22
       22
       +
                       // replacements

     

       23
       23
       +
                     )

     

       24
       24
       +
                   );

     

       25
       25
       +
                 };

     

       26
       26
       +
               in

     

       27
       27
       +
               builtins.map (file: lib.attrsets.nameValuePair "${dst}/${file}" (substitutedSource file))

     

       28
       28
       +
             )

     

       22
       29
        
             builtins.listToAttrs

     

       23
       30
        
           ];

     

       24
       24
       -
         concatFilesReplace = filenames: replacements:

     

       31
       31
       +
         concatFilesReplace =

     

       32
       32
       +
           filenames: replacements:

     

       33
       33
       +
           let

     

       34
       34
       +
             fromStrings = lib.attrsets.mapAttrsToList (name: value: "@${name}@") replacements;

     

       35
       35
       +
           in

     

       36
       36
       +
           let

     

       37
       37
       +
             toStrings = lib.attrsets.mapAttrsToList (name: value: "${value}") replacements;

     

       38
       38
       +
           in

     

       25
       39
        
           let

     

       26
       26
       -
             fromStrings =

     

       27
       27
       -
               lib.attrsets.mapAttrsToList (name: value: "@${name}@") replacements;

     

       28
       28
       -
           in let

     

       29
       29
       -
             toStrings =

     

       30
       30
       -
               lib.attrsets.mapAttrsToList (name: value: "${value}") replacements;

     

       31
       31
       -
           in let

     

       32
       32
       -
             fileToString = file:

     

       33
       33
       -
               builtins.replaceStrings fromStrings toStrings (builtins.readFile file);

     

       34
       34
       -
           in builtins.concatStringsSep "\n" (builtins.map fileToString filenames);

     

       40
       40
       +
             fileToString = file: builtins.replaceStrings fromStrings toStrings (builtins.readFile file);

     

       41
       41
       +
           in

     

       42
       42
       +
           builtins.concatStringsSep "\n" (builtins.map fileToString filenames);

     

       35
       43
        
       }

+13 -5

hosts/barnacle/default.nix

···

       1
       1
       -
       { config, lib, pkgs, nixpkgs, ... }:

     

       1
       1
       +
       {

     

       2
       2
       +
         config,

     

       3
       3
       +
         lib,

     

       4
       4
       +
         pkgs,

     

       5
       5
       +
         nixpkgs,

     

       6
       6
       +
         ...

     

       7
       7
       +
       }:

     

       2
       8
        
       

     

       3
       9
        
       {

     

       4
       10
        
         imports = [

     
···

       29
       35
        
       

     

       30
       36
        
         # build with:

     

       31
       37
        
         #   nix build /etc/nixos#nixosConfigurations.barnacle.config.system.build.isoImage

     

       32
       32
       -
         isoImage.contents = [{

     

       33
       33
       -
           source = ../..;

     

       34
       34
       -
           target = "nixos";

     

       35
       35
       -
         }];

     

       38
       38
       +
         isoImage.contents = [

     

       39
       39
       +
           {

     

       40
       40
       +
             source = ../..;

     

       41
       41
       +
             target = "nixos";

     

       42
       42
       +
           }

     

       43
       43
       +
         ];

     

       36
       44
        
       

     

       37
       45
        
         # comment this out to make a smaller image

     

       38
       46
        
         isoImage.squashfsCompression = "gzip -Xcompression-level 1";

+31 -21

hosts/capybara/default.nix

···

       1
       1
       -
       { config, pkgs, lib, nix-rpi5, ... }:

     

       1
       1
       +
       {

     

       2
       2
       +
         config,

     

       3
       3
       +
         pkgs,

     

       4
       4
       +
         lib,

     

       5
       5
       +
         nix-rpi5,

     

       6
       6
       +
         ...

     

       7
       7
       +
       }:

     

       2
       8
        
       

     

       3
       9
        
       {

     

       4
       10
        
         imports = [ ./hardware-configuration.nix ];

     
···

       10
       16
        
           homeManager.enable = true;

     

       11
       17
        
         };

     

       12
       18
        
       

     

       13
       13
       -
         home-manager.users.${config.custom.username}.config.custom.machineColour =

     

       14
       14
       -
           "red";

     

       19
       19
       +
         home-manager.users.${config.custom.username}.config.custom.machineColour = "red";

     

       15
       20
        
       

     

       16
       21
        
         networking.networkmanager.enable = true;

     

       17
       22
        
       

     

       18
       18
       -
         boot.kernelPackages =

     

       19
       19
       -
           nix-rpi5.legacyPackages.aarch64-linux.linuxPackages_rpi5;

     

       23
       23
       +
         boot.kernelPackages = nix-rpi5.legacyPackages.aarch64-linux.linuxPackages_rpi5;

     

       20
       24
        
       

     

       21
       25
        
         networking.firewall.enable = false;

     

       22
       26
        
         networking.firewall.allowedTCPPorts = [ 44 ];

     
···

       45
       49
        
               user = "zigbee2mqtt";

     

       46
       50
        
               password = "test";

     

       47
       51
        
             };

     

       48
       48
       -
             serial = { port = "/dev/ttyUSB0"; };

     

       49
       49
       -
             frontend = { port = 15606; };

     

       52
       52
       +
             serial = {

     

       53
       53
       +
               port = "/dev/ttyUSB0";

     

       54
       54
       +
             };

     

       55
       55
       +
             frontend = {

     

       56
       56
       +
               port = 15606;

     

       57
       57
       +
             };

     

       50
       58
        
             homeassistant = true;

     

       51
       51
       -
             advanced = { channel = 15; };

     

       59
       59
       +
             advanced = {

     

       60
       60
       +
               channel = 15;

     

       61
       61
       +
             };

     

       52
       62
        
           };

     

       53
       63
        
         };

     

       54
       64
        
       

     

       55
       65
        
         services.mosquitto = {

     

       56
       66
        
           enable = true;

     

       57
       57
       -
           listeners = [{

     

       58
       58
       -
             users = {

     

       59
       59
       -
               zigbee2mqtt = {

     

       60
       60
       -
                 acl = [ "readwrite #" ];

     

       61
       61
       -
                 hashedPassword =

     

       62
       62
       -
                   "$6$nuDIW/ZPVsrDHyBe$JffJJvvMG+nH8GH9V5h4FqJkU0nfiFkDzAsdYNTHeJMgBXEX9epPkQTUdLG9L47K54vMxm/+toeMAiKD63Dfkw==";

     

       63
       63
       -
               };

     

       64
       64
       -
               homeassistant = {

     

       65
       65
       -
                 acl = [ "readwrite #" ];

     

       66
       66
       -
                 hashedPassword =

     

       67
       67
       -
                   "$7$101$wGQZPdVdeW7iQFmH$bK/VOR6LXCLJKbb6M4PNeVptocjBAWXCLMtEU5fQNBr0Y5UAWlhVg8UAu4IkIXgnViI51NnhXKykdlWF63VkVQ==";

     

       67
       67
       +
           listeners = [

     

       68
       68
       +
             {

     

       69
       69
       +
               users = {

     

       70
       70
       +
                 zigbee2mqtt = {

     

       71
       71
       +
                   acl = [ "readwrite #" ];

     

       72
       72
       +
                   hashedPassword = "$6$nuDIW/ZPVsrDHyBe$JffJJvvMG+nH8GH9V5h4FqJkU0nfiFkDzAsdYNTHeJMgBXEX9epPkQTUdLG9L47K54vMxm/+toeMAiKD63Dfkw==";

     

       73
       73
       +
                 };

     

       74
       74
       +
                 homeassistant = {

     

       75
       75
       +
                   acl = [ "readwrite #" ];

     

       76
       76
       +
                   hashedPassword = "$7$101$wGQZPdVdeW7iQFmH$bK/VOR6LXCLJKbb6M4PNeVptocjBAWXCLMtEU5fQNBr0Y5UAWlhVg8UAu4IkIXgnViI51NnhXKykdlWF63VkVQ==";

     

       77
       77
       +
                 };

     

       68
       78
        
               };

     

       69
       69
       -
             };

     

       70
       70
       -
           }];

     

       79
       79
       +
             }

     

       80
       80
       +
           ];

     

       71
       81
        
         };

     

       72
       82
        
       

     

       73
       83
        
         services.home-assistant = {

+12 -2

hosts/capybara/hardware-configuration.nix

···

       1
       1
       -
       { config, lib, pkgs, modulesPath, ... }:

     

       1
       1
       +
       {

     

       2
       2
       +
         config,

     

       3
       3
       +
         lib,

     

       4
       4
       +
         pkgs,

     

       5
       5
       +
         modulesPath,

     

       6
       6
       +
         ...

     

       7
       7
       +
       }:

     

       2
       8
        
       

     

       3
       9
        
       {

     

       4
       10
        
         imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];

     
···

       7
       13
        
         boot.loader.grub.efiSupport = true;

     

       8
       14
        
         boot.loader.grub.efiInstallAsRemovable = true;

     

       9
       15
        
         boot.loader.efi.canTouchEfiVariables = false;

     

       10
       10
       -
         boot.initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" ];

     

       16
       16
       +
         boot.initrd.availableKernelModules = [

     

       17
       17
       +
           "xhci_pci"

     

       18
       18
       +
           "usbhid"

     

       19
       19
       +
           "usb_storage"

     

       20
       20
       +
         ];

     

       11
       21
        
         boot.initrd.kernelModules = [ ];

     

       12
       22
        
         boot.kernelModules = [ ];

     

       13
       23
        
         boot.extraModulePackages = [ ];

+51 -43

hosts/duck/default.nix

···

       1
       1
       -
       { pkgs, config, lib, eilean, eon, ... }:

     

       1
       1
       +
       {

     

       2
       2
       +
         pkgs,

     

       3
       3
       +
         config,

     

       4
       4
       +
         lib,

     

       5
       5
       +
         eilean,

     

       6
       6
       +
         eon,

     

       7
       7
       +
         ...

     

       8
       8
       +
       }:

     

       2
       9
        
       

     

       3
       10
        
       {

     

       4
       11
        
         imports = [ ./hardware-configuration.nix ];

     
···

       10
       17
        
           homeManager.enable = true;

     

       11
       18
        
         };

     

       12
       19
        
       

     

       13
       13
       -
         home-manager.users.${config.custom.username}.config.custom.machineColour =

     

       14
       14
       -
           "green";

     

       20
       20
       +
         home-manager.users.${config.custom.username}.config.custom.machineColour = "green";

     

       15
       21
        
       

     

       16
       22
        
         environment.systemPackages = with pkgs; [ xe-guest-utilities ];

     

       17
       23
        
       

     
···

       78
       84
        
         eilean.services.dns = {

     

       79
       85
        
           zones."cl.freumh.org" = {

     

       80
       86
        
             soa.serial = lib.mkDefault 3;

     

       81
       81
       -
             records = let

     

       82
       82
       -
               ipv4 = "128.232.113.136";

     

       83
       83
       -
               ipv6 = "2a05:b400:110:1101:d051:f2ff:fe13:3781";

     

       84
       84
       -
             in [

     

       85
       85
       -
               {

     

       86
       86
       -
                 name = "@";

     

       87
       87
       -
                 type = "NS";

     

       88
       88
       -
                 value = "ns";

     

       89
       89
       -
               }

     

       87
       87
       +
             records =

     

       88
       88
       +
               let

     

       89
       89
       +
                 ipv4 = "128.232.113.136";

     

       90
       90
       +
                 ipv6 = "2a05:b400:110:1101:d051:f2ff:fe13:3781";

     

       91
       91
       +
               in

     

       92
       92
       +
               [

     

       93
       93
       +
                 {

     

       94
       94
       +
                   name = "@";

     

       95
       95
       +
                   type = "NS";

     

       96
       96
       +
                   value = "ns";

     

       97
       97
       +
                 }

     

       90
       98
        
       

     

       91
       91
       -
               {

     

       92
       92
       -
                 name = "ns";

     

       93
       93
       -
                 type = "A";

     

       94
       94
       -
                 value = ipv4;

     

       95
       95
       -
               }

     

       96
       96
       -
               {

     

       97
       97
       -
                 name = "ns";

     

       98
       98
       -
                 type = "AAAA";

     

       99
       99
       -
                 value = ipv6;

     

       100
       100
       -
               }

     

       99
       99
       +
                 {

     

       100
       100
       +
                   name = "ns";

     

       101
       101
       +
                   type = "A";

     

       102
       102
       +
                   value = ipv4;

     

       103
       103
       +
                 }

     

       104
       104
       +
                 {

     

       105
       105
       +
                   name = "ns";

     

       106
       106
       +
                   type = "AAAA";

     

       107
       107
       +
                   value = ipv6;

     

       108
       108
       +
                 }

     

       101
       109
        
       

     

       102
       102
       -
               {

     

       103
       103
       -
                 name = "@";

     

       104
       104
       -
                 type = "A";

     

       105
       105
       -
                 value = ipv4;

     

       106
       106
       -
               }

     

       107
       107
       -
               {

     

       108
       108
       -
                 name = "@";

     

       109
       109
       -
                 type = "AAAA";

     

       110
       110
       -
                 value = ipv6;

     

       111
       111
       -
               }

     

       112
       112
       -
               {

     

       113
       113
       -
                 name = "vps";

     

       114
       114
       -
                 type = "A";

     

       115
       115
       -
                 value = ipv4;

     

       116
       116
       -
               }

     

       117
       117
       -
               {

     

       118
       118
       -
                 name = "vps";

     

       119
       119
       -
                 type = "AAAA";

     

       120
       120
       -
                 value = ipv6;

     

       121
       121
       -
               }

     

       122
       122
       -
             ];

     

       110
       110
       +
                 {

     

       111
       111
       +
                   name = "@";

     

       112
       112
       +
                   type = "A";

     

       113
       113
       +
                   value = ipv4;

     

       114
       114
       +
                 }

     

       115
       115
       +
                 {

     

       116
       116
       +
                   name = "@";

     

       117
       117
       +
                   type = "AAAA";

     

       118
       118
       +
                   value = ipv6;

     

       119
       119
       +
                 }

     

       120
       120
       +
                 {

     

       121
       121
       +
                   name = "vps";

     

       122
       122
       +
                   type = "A";

     

       123
       123
       +
                   value = ipv4;

     

       124
       124
       +
                 }

     

       125
       125
       +
                 {

     

       126
       126
       +
                   name = "vps";

     

       127
       127
       +
                   type = "AAAA";

     

       128
       128
       +
                   value = ipv6;

     

       129
       129
       +
                 }

     

       130
       130
       +
               ];

     

       123
       131
        
           };

     

       124
       132
        
         };

     

       125
       133

+26 -13

hosts/duck/hardware-configuration.nix

···

       1
       1
       -
       { config, lib, pkgs, modulesPath, ... }:

     

       1
       1
       +
       {

     

       2
       2
       +
         config,

     

       3
       3
       +
         lib,

     

       4
       4
       +
         pkgs,

     

       5
       5
       +
         modulesPath,

     

       6
       6
       +
         ...

     

       7
       7
       +
       }:

     

       2
       8
        
       

     

       3
       9
        
       {

     

       4
       4
       -
         boot.initrd.availableKernelModules =

     

       5
       5
       -
           [ "ata_piix" "uhci_hcd" "sr_mod" "xen_blkfront" ];

     

       10
       10
       +
         boot.initrd.availableKernelModules = [

     

       11
       11
       +
           "ata_piix"

     

       12
       12
       +
           "uhci_hcd"

     

       13
       13
       +
           "sr_mod"

     

       14
       14
       +
           "xen_blkfront"

     

       15
       15
       +
         ];

     

       6
       16
        
         boot.initrd.kernelModules = [ ];

     

       7
       17
        
         boot.kernelModules = [ ];

     

       8
       18
        
         boot.extraModulePackages = [ ];

     
···

       13
       23
        
           fsType = "ext4";

     

       14
       24
        
         };

     

       15
       25
        
       

     

       16
       16
       -
         swapDevices = [{

     

       17
       17
       -
           device = "/var/swap";

     

       18
       18
       -
           size = 2048;

     

       19
       19
       -
         }];

     

       26
       26
       +
         swapDevices = [

     

       27
       27
       +
           {

     

       28
       28
       +
             device = "/var/swap";

     

       29
       29
       +
             size = 2048;

     

       30
       30
       +
           }

     

       31
       31
       +
         ];

     

       20
       32
        
       

     

       21
       33
        
         networking = {

     

       22
       34
        
           useDHCP = false;

     

       23
       35
        
           interfaces."enX0" = {

     

       24
       24
       -
             ipv4.addresses = [{

     

       25
       25
       -
               address = "128.232.113.136";

     

       26
       26
       -
               prefixLength = 23;

     

       27
       27
       -
             }];

     

       36
       36
       +
             ipv4.addresses = [

     

       37
       37
       +
               {

     

       38
       38
       +
                 address = "128.232.113.136";

     

       39
       39
       +
                 prefixLength = 23;

     

       40
       40
       +
               }

     

       41
       41
       +
             ];

     

       28
       42
        
           };

     

       29
       43
        
           defaultGateway = {

     

       30
       44
        
             address = "128.232.112.1";

     
···

       33
       47
        
         };

     

       34
       48
        
       

     

       35
       49
        
         nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";

     

       36
       36
       -
         hardware.cpu.intel.updateMicrocode =

     

       37
       37
       -
           lib.mkDefault config.hardware.enableRedistributableFirmware;

     

       50
       50
       +
         hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;

     

       38
       51
        
       }

+35 -12

hosts/elephant/default.nix

···

       1
       1
       -
       { pkgs, config, lib, ... }:

     

       1
       1
       +
       {

     

       2
       2
       +
         pkgs,

     

       3
       3
       +
         config,

     

       4
       4
       +
         lib,

     

       5
       5
       +
         ...

     

       6
       6
       +
       }:

     

       2
       7
        
       

     

       3
       8
        
       {

     

       4
       4
       -
         imports =

     

       5
       5
       -
           [ ./hardware-configuration.nix ./zfs.nix ./services.nix ./owntracks.nix ];

     

       9
       9
       +
         imports = [

     

       10
       10
       +
           ./hardware-configuration.nix

     

       11
       11
       +
           ./zfs.nix

     

       12
       12
       +
           ./services.nix

     

       13
       13
       +
           ./owntracks.nix

     

       14
       14
       +
         ];

     

       6
       15
        
       

     

       7
       16
        
         custom = {

     

       8
       17
        
           enable = true;

     
···

       11
       20
        
           homeManager.enable = true;

     

       12
       21
        
         };

     

       13
       22
        
       

     

       14
       14
       -
         home-manager.users.${config.custom.username}.config.custom.machineColour =

     

       15
       15
       -
           "blue";

     

       23
       23
       +
         home-manager.users.${config.custom.username}.config.custom.machineColour = "blue";

     

       16
       24
        
       

     

       17
       25
        
         environment.systemPackages = with pkgs; [

     

       18
       26
        
           smartmontools

     
···

       23
       31
        
           #stig

     

       24
       32
        
         ];

     

       25
       33
        
       

     

       26
       26
       -
         eilean = { publicInterface = "enp1s0"; };

     

       34
       34
       +
         eilean = {

     

       35
       35
       +
           publicInterface = "enp1s0";

     

       36
       36
       +
         };

     

       27
       37
        
       

     

       28
       38
        
         powerManagement = {

     

       29
       39
        
           powertop.enable = true;

     
···

       42
       52
        
           repositoryFile = config.age.secrets.restic-repo.path;

     

       43
       53
        
           passwordFile = config.age.secrets.restic-elephant.path;

     

       44
       54
        
           initialize = true;

     

       45
       45
       -
           paths = [ "/tank/family/mp4/" "/tank/family/other/" "/tank/photos/" ];

     

       46
       46
       -
           timerConfig = { OnCalendar = "03:00"; };

     

       47
       47
       -
           pruneOpts = [ "--keep-daily 7" "--keep-weekly 4" "--keep-yearly 10" ];

     

       55
       55
       +
           paths = [

     

       56
       56
       +
             "/tank/family/mp4/"

     

       57
       57
       +
             "/tank/family/other/"

     

       58
       58
       +
             "/tank/photos/"

     

       59
       59
       +
           ];

     

       60
       60
       +
           timerConfig = {

     

       61
       61
       +
             OnCalendar = "03:00";

     

       62
       62
       +
           };

     

       63
       63
       +
           pruneOpts = [

     

       64
       64
       +
             "--keep-daily 7"

     

       65
       65
       +
             "--keep-weekly 4"

     

       66
       66
       +
             "--keep-yearly 10"

     

       67
       67
       +
           ];

     

       48
       68
        
         };

     

       49
       69
        
       

     

       50
       70
        
         # Add hardware transcoding support to `ffmpeg_6` and derived packages (like jellyfin-ffmpeg)

     
···

       60
       80
        
           ];

     

       61
       81
        
         };

     

       62
       82
        
         nixpkgs.config.packageOverrides = prev: {

     

       63
       63
       -
           jellyfin-ffmpeg =

     

       64
       64
       -
             prev.jellyfin-ffmpeg.overrideAttrs (_: { withVpl = true; });

     

       65
       65
       -
           ffmpeg = prev.ffmpeg.overrideAttrs (_: { withVpl = true; });

     

       83
       83
       +
           jellyfin-ffmpeg = prev.jellyfin-ffmpeg.overrideAttrs (_: {

     

       84
       84
       +
             withVpl = true;

     

       85
       85
       +
           });

     

       86
       86
       +
           ffmpeg = prev.ffmpeg.overrideAttrs (_: {

     

       87
       87
       +
             withVpl = true;

     

       88
       88
       +
           });

     

       66
       89
        
         };

     

       67
       90
        
       

     

       68
       91
        
         boot.kernel.sysctl = {

+22 -9

hosts/elephant/hardware-configuration.nix

···

       1
       1
       -
       { config, lib, pkgs, modulesPath, ... }:

     

       1
       1
       +
       {

     

       2
       2
       +
         config,

     

       3
       3
       +
         lib,

     

       4
       4
       +
         pkgs,

     

       5
       5
       +
         modulesPath,

     

       6
       6
       +
         ...

     

       7
       7
       +
       }:

     

       2
       8
        
       

     

       3
       9
        
       {

     

       4
       10
        
         imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];

     

       5
       11
        
       

     

       6
       6
       -
         boot.initrd.availableKernelModules =

     

       7
       7
       -
           [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];

     

       12
       12
       +
         boot.initrd.availableKernelModules = [

     

       13
       13
       +
           "xhci_pci"

     

       14
       14
       +
           "ahci"

     

       15
       15
       +
           "nvme"

     

       16
       16
       +
           "usbhid"

     

       17
       17
       +
           "usb_storage"

     

       18
       18
       +
           "sd_mod"

     

       19
       19
       +
         ];

     

       8
       20
        
         boot.initrd.kernelModules = [ ];

     

       9
       21
        
         boot.kernelModules = [ "kvm-intel" ];

     

       10
       22
        
         boot.extraModulePackages = [ ];

     
···

       19
       31
        
           fsType = "vfat";

     

       20
       32
        
         };

     

       21
       33
        
       

     

       22
       22
       -
         swapDevices = [{

     

       23
       23
       -
           device = "/var/swap";

     

       24
       24
       -
           size = 16384;

     

       25
       25
       -
         }];

     

       34
       34
       +
         swapDevices = [

     

       35
       35
       +
           {

     

       36
       36
       +
             device = "/var/swap";

     

       37
       37
       +
             size = 16384;

     

       38
       38
       +
           }

     

       39
       39
       +
         ];

     

       26
       40
        
       

     

       27
       41
        
         networking.useDHCP = lib.mkDefault true;

     

       28
       42
        
       

     

       29
       43
        
         nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";

     

       30
       30
       -
         hardware.cpu.intel.updateMicrocode =

     

       31
       31
       -
           lib.mkDefault config.hardware.enableRedistributableFirmware;

     

       44
       44
       +
         hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;

     

       32
       45
        
       

     

       33
       46
        
         boot.loader.grub = {

     

       34
       47
        
           enable = true;

+33 -24

hosts/elephant/owntracks.nix

···

       1
       1
       -
       { pkgs, config, lib, ... }:

     

       1
       1
       +
       {

     

       2
       2
       +
         pkgs,

     

       3
       3
       +
         config,

     

       4
       4
       +
         lib,

     

       5
       5
       +
         ...

     

       6
       6
       +
       }:

     

       2
       7
        
       

     

       3
       3
       -
       let cfg = config.services.owntracks-recorder;

     

       4
       4
       -
       in {

     

       8
       8
       +
       let

     

       9
       9
       +
         cfg = config.services.owntracks-recorder;

     

       10
       10
       +
       in

     

       11
       11
       +
       {

     

       5
       12
        
         options.services.owntracks-recorder = {

     

       6
       13
        
           enable = lib.mkEnableOption "Enable the Owntracks location tracker";

     

       7
       14
        
           host = lib.mkOption {

     
···

       31
       38
        
           services.mosquitto = {

     

       32
       39
        
             enable = true;

     

       33
       40
        
             logType = [ "debug" ];

     

       34
       34
       -
             listeners = [{

     

       35
       35
       -
               port = cfg.port;

     

       36
       36
       -
               address = cfg.host;

     

       37
       37
       -
               acl = [ "topic readwrite #" ];

     

       38
       38
       -
               omitPasswordAuth = true;

     

       39
       39
       -
               users = { };

     

       40
       40
       -
               settings = { allow_anonymous = true; };

     

       41
       41
       -
             }];

     

       41
       41
       +
             listeners = [

     

       42
       42
       +
               {

     

       43
       43
       +
                 port = cfg.port;

     

       44
       44
       +
                 address = cfg.host;

     

       45
       45
       +
                 acl = [ "topic readwrite #" ];

     

       46
       46
       +
                 omitPasswordAuth = true;

     

       47
       47
       +
                 users = { };

     

       48
       48
       +
                 settings = {

     

       49
       49
       +
                   allow_anonymous = true;

     

       50
       50
       +
                 };

     

       51
       51
       +
               }

     

       52
       52
       +
             ];

     

       42
       53
        
           };

     

       43
       54
        
       

     

       44
       55
        
           systemd.services.owntracks-recorder = {

     

       45
       56
        
             description = "OwnTracks Recorder Service";

     

       46
       57
        
             wantedBy = [ "multi-user.target" ];

     

       47
       47
       -
             after = [ "network.target" "mosquitto.service" ];

     

       58
       58
       +
             after = [

     

       59
       59
       +
               "network.target"

     

       60
       60
       +
               "mosquitto.service"

     

       61
       61
       +
             ];

     

       48
       62
        
       

     

       49
       63
        
             serviceConfig = {

     

       50
       50
       -
               ExecStart = "${pkgs.owntracks-recorder}/bin/ot-recorder"

     

       64
       64
       +
               ExecStart =

     

       65
       65
       +
                 "${pkgs.owntracks-recorder}/bin/ot-recorder"

     

       51
       66
        
                 + " --storage /var/lib/owntracks"

     

       52
       67
        
                 + " --doc-root ${pkgs.owntracks-recorder.src}/docroot"

     

       53
       68
        
                 + " --host ${cfg.host} --port ${builtins.toString cfg.port}"

     
···

       69
       84
        
             virtualHosts."${cfg.domain}" = {

     

       70
       85
        
               locations = {

     

       71
       86
        
                 "/ws" = {

     

       72
       72
       -
                   proxyPass =

     

       73
       73
       -
                     "http://${cfg.httpHost}:${builtins.toString cfg.httpPort}";

     

       87
       87
       +
                   proxyPass = "http://${cfg.httpHost}:${builtins.toString cfg.httpPort}";

     

       74
       88
        
                   proxyWebsockets = true;

     

       75
       89
        
                   recommendedProxySettings = true;

     

       76
       90
        
                 };

     

       77
       91
        
                 "/" = {

     

       78
       78
       -
                   proxyPass =

     

       79
       79
       -
                     "http://${cfg.httpHost}:${builtins.toString cfg.httpPort}/";

     

       92
       92
       +
                   proxyPass = "http://${cfg.httpHost}:${builtins.toString cfg.httpPort}/";

     

       80
       93
        
                   recommendedProxySettings = true;

     

       81
       94
        
                 };

     

       82
       95
        
                 "/view/" = {

     

       83
       83
       -
                   proxyPass =

     

       84
       84
       -
                     "http://${cfg.httpHost}:${builtins.toString cfg.httpPort}/view/";

     

       96
       96
       +
                   proxyPass = "http://${cfg.httpHost}:${builtins.toString cfg.httpPort}/view/";

     

       85
       97
        
                   recommendedProxySettings = true;

     

       86
       98
        
                   # Chrome fix

     

       87
       99
        
                   extraConfig = "proxy_buffering off;";

     

       88
       100
        
                 };

     

       89
       101
        
                 "/static/" = {

     

       90
       90
       -
                   proxyPass = "http://${cfg.httpHost}:${

     

       91
       91
       -
                       builtins.toString cfg.httpPort

     

       92
       92
       -
                     }/static/";

     

       102
       102
       +
                   proxyPass = "http://${cfg.httpHost}:${builtins.toString cfg.httpPort}/static/";

     

       93
       103
        
                   recommendedProxySettings = true;

     

       94
       104
        
                 };

     

       95
       105
        
                 "/utils/" = {

     

       96
       96
       -
                   proxyPass =

     

       97
       97
       -
                     "http://${cfg.httpHost}:${builtins.toString cfg.httpPort}/utils/";

     

       106
       106
       +
                   proxyPass = "http://${cfg.httpHost}:${builtins.toString cfg.httpPort}/utils/";

     

       98
       107
        
                   recommendedProxySettings = true;

     

       99
       108
        
                 };

     

       100
       109
        
               };

+11 -4

hosts/elephant/services.nix

···

       1
       1
       -
       { nixpkgs-unstable, config, pkgs, lib, ... }:

     

       1
       1
       +
       {

     

       2
       2
       +
         nixpkgs-unstable,

     

       3
       3
       +
         config,

     

       4
       4
       +
         pkgs,

     

       5
       5
       +
         lib,

     

       6
       6
       +
         ...

     

       7
       7
       +
       }:

     

       2
       8
        
       

     

       3
       9
        
       {

     

       4
       10
        
         custom.nix-cache.enable = true;

     
···

       27
       33
        
           #requires = [ "tailscaled.service" ];

     

       28
       34
        
           clientMaxBodySize = "1g";

     

       29
       35
        
           virtualHosts = {

     

       30
       30
       -
             "nix-cache.vpn.freumh.org" = { listenAddresses = [ "100.64.0.9" ]; };

     

       36
       36
       +
             "nix-cache.vpn.freumh.org" = {

     

       37
       37
       +
               listenAddresses = [ "100.64.0.9" ];

     

       38
       38
       +
             };

     

       31
       39
        
             "jellyfin.vpn.freumh.org" = {

     

       32
       40
        
               onlySSL = true;

     

       33
       41
        
               listenAddresses = [ "100.64.0.9" ];

     
···

       104
       112
        
               #"use sendfile" = "yes";

     

       105
       113
        
               #"max protocol" = "smb2";

     

       106
       114
        
               # note: localhost is the ipv6 localhost ::1

     

       107
       107
       -
               "hosts allow" =

     

       108
       108
       -
                 "192.168.1. 192.168.0. 127.0.0.1 localhost 100.64.0.0/10";

     

       115
       115
       +
               "hosts allow" = "192.168.1. 192.168.0. 127.0.0.1 localhost 100.64.0.0/10";

     

       109
       116
        
               "hosts deny" = "0.0.0.0/0";

     

       110
       117
        
               "guest account" = "nobody";

     

       111
       118
        
               "map to guest" = "bad user";

+4 -1

hosts/gecko/backups.nix

···

       6
       6
        
           repository = "rest:http://100.64.0.9:8000/${config.networking.hostName}/";

     

       7
       7
        
           passwordFile = config.age.secrets.restic-gecko.path;

     

       8
       8
        
           initialize = true;

     

       9
       9
       -
           paths = [ "/home/ryan" "/etc/NetworkManager/system-connections" ];

     

       9
       9
       +
           paths = [

     

       10
       10
       +
             "/home/ryan"

     

       11
       11
       +
             "/etc/NetworkManager/system-connections"

     

       12
       12
       +
           ];

     

       10
       13
        
           exclude = [

     

       11
       14
        
             "/home/ryan/videos"

     

       12
       15
        
             "/home/ryan/.thunderbird"

+17 -3

hosts/gecko/default.nix

···

       1
       1
       -
       { pkgs, lib, config, ... }:

     

       1
       1
       +
       {

     

       2
       2
       +
         pkgs,

     

       3
       3
       +
         lib,

     

       4
       4
       +
         config,

     

       5
       5
       +
         ...

     

       6
       6
       +
       }:

     

       2
       7
        
       

     

       3
       8
        
       {

     

       4
       4
       -
         imports = [ ./hardware-configuration.nix ./backups.nix ];

     

       9
       9
       +
         imports = [

     

       10
       10
       +
           ./hardware-configuration.nix

     

       11
       11
       +
           ./backups.nix

     

       12
       12
       +
         ];

     

       5
       13
        
       

     

       6
       14
        
         custom = {

     

       7
       15
        
           enable = true;

     
···

       61
       69
        
           iamb

     

       62
       70
        
           spotify

     

       63
       71
        
           gimp

     

       64
       64
       -
           (python3.withPackages (p: with p; [ numpy matplotlib pandas ]))

     

       72
       72
       +
           (python3.withPackages (

     

       73
       73
       +
             p: with p; [

     

       74
       74
       +
               numpy

     

       75
       75
       +
               matplotlib

     

       76
       76
       +
               pandas

     

       77
       77
       +
             ]

     

       78
       78
       +
           ))

     

       65
       79
        
           lsof

     

       66
       80
        
           gthumb

     

       67
       81
        
           restic

+25 -10

hosts/gecko/hardware-configuration.nix

···

       1
       1
       -
       { config, lib, pkgs, modulesPath, ... }:

     

       1
       1
       +
       {

     

       2
       2
       +
         config,

     

       3
       3
       +
         lib,

     

       4
       4
       +
         pkgs,

     

       5
       5
       +
         modulesPath,

     

       6
       6
       +
         ...

     

       7
       7
       +
       }:

     

       2
       8
        
       

     

       3
       9
        
       {

     

       4
       10
        
         imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];

     

       5
       11
        
       

     

       6
       6
       -
         boot.initrd.availableKernelModules =

     

       7
       7
       -
           [ "xhci_pci" "thunderbolt" "nvme" "usbhid" "rtsx_pci_sdmmc" ];

     

       12
       12
       +
         boot.initrd.availableKernelModules = [

     

       13
       13
       +
           "xhci_pci"

     

       14
       14
       +
           "thunderbolt"

     

       15
       15
       +
           "nvme"

     

       16
       16
       +
           "usbhid"

     

       17
       17
       +
           "rtsx_pci_sdmmc"

     

       18
       18
       +
         ];

     

       8
       19
        
         boot.initrd.kernelModules = [ ];

     

       9
       20
        
         boot.kernelModules = [ "kvm-intel" ];

     

       10
       21
        
         boot.extraModulePackages = [ ];

     
···

       19
       30
        
           fsType = "vfat";

     

       20
       31
        
         };

     

       21
       32
        
       

     

       22
       22
       -
         swapDevices = [{

     

       23
       23
       -
           device = "/var/swap";

     

       24
       24
       -
           size = 16384;

     

       25
       25
       -
         }];

     

       33
       33
       +
         swapDevices = [

     

       34
       34
       +
           {

     

       35
       35
       +
             device = "/var/swap";

     

       36
       36
       +
             size = 16384;

     

       37
       37
       +
           }

     

       38
       38
       +
         ];

     

       26
       39
        
         boot.resumeDevice = "/dev/disk/by-label/nixos";

     

       27
       40
        
         # https://wiki.archlinux.org/title/Power_management/Suspend_and_hibernate#Hibernation_into_swap_file

     

       28
       28
       -
         boot.kernelParams = [ "mem_sleep_default=deep" "resume_offset=142587904" ];

     

       41
       41
       +
         boot.kernelParams = [

     

       42
       42
       +
           "mem_sleep_default=deep"

     

       43
       43
       +
           "resume_offset=142587904"

     

       44
       44
       +
         ];

     

       29
       45
        
       

     

       30
       46
        
         powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";

     

       31
       31
       -
         hardware.cpu.intel.updateMicrocode =

     

       32
       32
       -
           lib.mkDefault config.hardware.enableRedistributableFirmware;

     

       47
       47
       +
         hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;

     

       33
       48
        
       

     

       34
       49
        
         nixpkgs.hostPlatform = "x86_64-linux";

     

       35
       50
        
       }

+30 -21

hosts/mouse/installer.nix

···

       1
       1
       -
       { nixpkgs, lib, pkgs, config, ... }:

     

       1
       1
       +
       {

     

       2
       2
       +
         nixpkgs,

     

       3
       3
       +
         lib,

     

       4
       4
       +
         pkgs,

     

       5
       5
       +
         config,

     

       6
       6
       +
         ...

     

       7
       7
       +
       }:

     

       2
       8
        
       

     

       3
       9
        
       # A minimal config for a ARMv6-L Raspberry Pi 1 that can be built to an SD card image with:

     

       4
       10
        
       #   `nix build .#nixosConfigurations.mouse-install.config.system.build.toplevel

     
···

       9
       15
        
       # To automatically join a Tailscale network at freumh.org add the secret in a `headscale` file

     

       10
       16
        
       # in the project root.

     

       11
       17
        
       {

     

       12
       12
       -
         imports =

     

       13
       13
       -
           [ "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-raspberrypi.nix" ];

     

       18
       18
       +
         imports = [ "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-raspberrypi.nix" ];

     

       14
       19
        
       

     

       15
       20
        
         # from hardware-configuration.nix

     

       16
       21
        
         # https://github.com/NixOS/nixpkgs/issues/141470#issuecomment-996202318

     
···

       32
       37
        
           set -o vi

     

       33
       38
        
         '';

     

       34
       39
        
       

     

       35
       35
       -
         users = let

     

       36
       36
       -
           hashedPassword =

     

       37
       37
       -
             "$6$IPvnJnu6/fp1Jxfy$U6EnzYDOC2NqE4iqRrkJJbSTHHNWk0KwK1xyk9jEvlu584UWQLyzDVF5I1Sh47wQhSVrvUI4mrqw6XTTjfPj6.";

     

       38
       38
       -
         in {

     

       39
       39
       -
           mutableUsers = false;

     

       40
       40
       -
           users.ryan = {

     

       41
       41
       -
             isNormalUser = true;

     

       42
       42
       -
             extraGroups = [

     

       43
       43
       -
               "wheel" # enable sudo

     

       44
       44
       -
             ];

     

       45
       45
       -
             hashedPassword = hashedPassword;

     

       46
       46
       -
             openssh.authorizedKeys.keyFiles = [ ../../modules/authorized_keys ];

     

       47
       47
       -
           };

     

       48
       48
       -
           users.root = {

     

       49
       49
       -
             hashedPassword = hashedPassword;

     

       50
       50
       -
             openssh.authorizedKeys.keyFiles = [ ../../modules/authorized_keys ];

     

       40
       40
       +
         users =

     

       41
       41
       +
           let

     

       42
       42
       +
             hashedPassword = "$6$IPvnJnu6/fp1Jxfy$U6EnzYDOC2NqE4iqRrkJJbSTHHNWk0KwK1xyk9jEvlu584UWQLyzDVF5I1Sh47wQhSVrvUI4mrqw6XTTjfPj6.";

     

       43
       43
       +
           in

     

       44
       44
       +
           {

     

       45
       45
       +
             mutableUsers = false;

     

       46
       46
       +
             users.ryan = {

     

       47
       47
       +
               isNormalUser = true;

     

       48
       48
       +
               extraGroups = [

     

       49
       49
       +
                 "wheel" # enable sudo

     

       50
       50
       +
               ];

     

       51
       51
       +
               hashedPassword = hashedPassword;

     

       52
       52
       +
               openssh.authorizedKeys.keyFiles = [ ../../modules/authorized_keys ];

     

       53
       53
       +
             };

     

       54
       54
       +
             users.root = {

     

       55
       55
       +
               hashedPassword = hashedPassword;

     

       56
       56
       +
               openssh.authorizedKeys.keyFiles = [ ../../modules/authorized_keys ];

     

       57
       57
       +
             };

     

       51
       58
        
           };

     

       52
       52
       -
         };

     

       53
       59
        
       

     

       54
       54
       -
         environment.systemPackages = with pkgs; [ vim tmux ];

     

       60
       60
       +
         environment.systemPackages = with pkgs; [

     

       61
       61
       +
           vim

     

       62
       62
       +
           tmux

     

       63
       63
       +
         ];

     

       55
       64
        
       

     

       56
       65
        
         services.tailscale = {

     

       57
       66
        
           enable = true;

+36 -25

hosts/mouse/sd-image.nix

···

       1
       1
       -
       { nixpkgs, lib, pkgs, config, ... }:

     

       1
       1
       +
       {

     

       2
       2
       +
         nixpkgs,

     

       3
       3
       +
         lib,

     

       4
       4
       +
         pkgs,

     

       5
       5
       +
         config,

     

       6
       6
       +
         ...

     

       7
       7
       +
       }:

     

       2
       8
        
       

     

       3
       9
        
       {

     

       4
       4
       -
         imports =

     

       5
       5
       -
           [ "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-raspberrypi.nix" ];

     

       10
       10
       +
         imports = [ "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-raspberrypi.nix" ];

     

       6
       11
        
       

     

       7
       12
        
         # from hardware-configuration.nix

     

       8
       13
        
         # https://github.com/NixOS/nixpkgs/issues/141470#issuecomment-996202318

     

       9
       9
       -
         boot.initrd.availableKernelModules = lib.mkForce [ "xhci_pci" "usbhid" ];

     

       14
       14
       +
         boot.initrd.availableKernelModules = lib.mkForce [

     

       15
       15
       +
           "xhci_pci"

     

       16
       16
       +
           "usbhid"

     

       17
       17
       +
         ];

     

       10
       18
        
         #boot.initrd.availableKernelModules = lib.mkForce [ ];

     

       11
       19
        
       

     

       12
       20
        
         boot.initrd.kernelModules = [ ];

     

       13
       21
        
         boot.kernelModules = [ ];

     

       14
       22
        
         boot.extraModulePackages = [ ];

     

       15
       23
        
       

     

       16
       16
       -
         swapDevices = [{

     

       17
       17
       -
           device = "/var/swap";

     

       18
       18
       -
           size = 4096;

     

       19
       19
       -
         }];

     

       24
       24
       +
         swapDevices = [

     

       25
       25
       +
           {

     

       26
       26
       +
             device = "/var/swap";

     

       27
       27
       +
             size = 4096;

     

       28
       28
       +
           }

     

       29
       29
       +
         ];

     

       20
       30
        
       

     

       21
       31
        
         networking.useDHCP = lib.mkDefault true;

     

       22
       32
        
       

     
···

       34
       44
        
       

     

       35
       45
        
         networking.hostName = "mouse";

     

       36
       46
        
       

     

       37
       37
       -
         users = let

     

       38
       38
       -
           hashedPassword =

     

       39
       39
       -
             "$6$IPvnJnu6/fp1Jxfy$U6EnzYDOC2NqE4iqRrkJJbSTHHNWk0KwK1xyk9jEvlu584UWQLyzDVF5I1Sh47wQhSVrvUI4mrqw6XTTjfPj6.";

     

       40
       40
       -
         in {

     

       41
       41
       -
           mutableUsers = false;

     

       42
       42
       -
           users.ryan = {

     

       43
       43
       -
             isNormalUser = true;

     

       44
       44
       -
             extraGroups = [

     

       45
       45
       -
               "wheel" # enable sudo

     

       46
       46
       -
             ];

     

       47
       47
       -
             hashedPassword = hashedPassword;

     

       48
       48
       -
             openssh.authorizedKeys.keyFiles = [ ../../modules/authorized_keys ];

     

       49
       49
       -
           };

     

       50
       50
       -
           users.root = {

     

       51
       51
       -
             hashedPassword = hashedPassword;

     

       52
       52
       -
             openssh.authorizedKeys.keyFiles = [ ../../modules/authorized_keys ];

     

       47
       47
       +
         users =

     

       48
       48
       +
           let

     

       49
       49
       +
             hashedPassword = "$6$IPvnJnu6/fp1Jxfy$U6EnzYDOC2NqE4iqRrkJJbSTHHNWk0KwK1xyk9jEvlu584UWQLyzDVF5I1Sh47wQhSVrvUI4mrqw6XTTjfPj6.";

     

       50
       50
       +
           in

     

       51
       51
       +
           {

     

       52
       52
       +
             mutableUsers = false;

     

       53
       53
       +
             users.ryan = {

     

       54
       54
       +
               isNormalUser = true;

     

       55
       55
       +
               extraGroups = [

     

       56
       56
       +
                 "wheel" # enable sudo

     

       57
       57
       +
               ];

     

       58
       58
       +
               hashedPassword = hashedPassword;

     

       59
       59
       +
               openssh.authorizedKeys.keyFiles = [ ../../modules/authorized_keys ];

     

       60
       60
       +
             };

     

       61
       61
       +
             users.root = {

     

       62
       62
       +
               hashedPassword = hashedPassword;

     

       63
       63
       +
               openssh.authorizedKeys.keyFiles = [ ../../modules/authorized_keys ];

     

       64
       64
       +
             };

     

       53
       65
        
           };

     

       54
       54
       -
         };

     

       55
       66
        
       

     

       56
       67
        
         environment.systemPackages = with pkgs; [ vim ];

     

       57
       68

+43 -34

hosts/owl/default.nix

···

       1
       1
       -
       { pkgs, config, lib, eon, ... }@inputs:

     

       1
       1
       +
       {

     

       2
       2
       +
         pkgs,

     

       3
       3
       +
         config,

     

       4
       4
       +
         lib,

     

       5
       5
       +
         eon,

     

       6
       6
       +
         ...

     

       7
       7
       +
       }@inputs:

     

       2
       8
        
       

     

       3
       9
        
       let

     

       4
       10
        
         vpnRecords = [

     
···

       33
       39
        
             value = "100.64.0.9";

     

       34
       40
        
           }

     

       35
       41
        
         ];

     

       36
       36
       -
       in {

     

       42
       42
       +
       in

     

       43
       43
       +
       {

     

       37
       44
        
         imports = [

     

       38
       45
        
           ./hardware-configuration.nix

     

       39
       46
        
           ./minimal.nix

     
···

       147
       154
        
               {

     

       148
       155
        
                 name = "@";

     

       149
       156
        
                 type = "TXT";

     

       150
       150
       -
                 value =

     

       151
       151
       -
                   "google-site-verification=rEvwSqf7RYKRQltY412qMtTuoxPp64O3L7jMotj9Jnc";

     

       157
       157
       +
                 value = "google-site-verification=rEvwSqf7RYKRQltY412qMtTuoxPp64O3L7jMotj9Jnc";

     

       152
       158
        
               }

     

       153
       159
        
               {

     

       154
       160
        
                 name = "_atproto.ryan";

     
···

       228
       234
        
               {

     

       229
       235
        
                 name = "_25._tcp.mail";

     

       230
       236
        
                 type = "TLSA";

     

       231
       231
       -
                 value =

     

       232
       232
       -
                   "3 1 1 2f0fd413f063c75141937dd196a9f4ab66139d599e0dcf2a7ce6d557647e26a6";

     

       237
       237
       +
                 value = "3 1 1 2f0fd413f063c75141937dd196a9f4ab66139d599e0dcf2a7ce6d557647e26a6";

     

       233
       238
        
               }

     

       234
       239
        
               # generate with

     

       235
       240
        
               #   for i in r3 e1 r4-cross-signed e2

     
···

       238
       243
        
               {

     

       239
       244
        
                 name = "_25._tcp.mail";

     

       240
       245
        
                 type = "TLSA";

     

       241
       241
       -
                 value =

     

       242
       242
       -
                   "2 1 1 8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d";

     

       246
       246
       +
                 value = "2 1 1 8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d";

     

       243
       247
        
               }

     

       244
       248
        
               # LE E1

     

       245
       249
        
               {

     

       246
       250
        
                 name = "_25._tcp.mail";

     

       247
       251
        
                 type = "TLSA";

     

       248
       248
       -
                 value =

     

       249
       249
       -
                   "2 1 1 276fe8a8c4ec7611565bf9fce6dcace9be320c1b5bea27596b2204071ed04f10";

     

       252
       252
       +
                 value = "2 1 1 276fe8a8c4ec7611565bf9fce6dcace9be320c1b5bea27596b2204071ed04f10";

     

       250
       253
        
               }

     

       251
       254
        
               # LE R4

     

       252
       255
        
               {

     

       253
       256
        
                 name = "_25._tcp.mail";

     

       254
       257
        
                 type = "TLSA";

     

       255
       255
       -
                 value =

     

       256
       256
       -
                   "2 1 1 e5545e211347241891c554a03934cde9b749664a59d26d615fe58f77990f2d03";

     

       258
       258
       +
                 value = "2 1 1 e5545e211347241891c554a03934cde9b749664a59d26d615fe58f77990f2d03";

     

       257
       259
        
               }

     

       258
       260
        
               # LE E2

     

       259
       261
        
               {

     

       260
       262
        
                 name = "_25._tcp.mail";

     

       261
       263
        
                 type = "TLSA";

     

       262
       262
       -
                 value =

     

       263
       263
       -
                   "2 1 1 bd936e72b212ef6f773102c6b77d38f94297322efc25396bc3279422e0c89270";

     

       264
       264
       +
                 value = "2 1 1 bd936e72b212ef6f773102c6b77d38f94297322efc25396bc3279422e0c89270";

     

       264
       265
        
               }

     

       265
       266
        
             ] ++ vpnRecords;

     

       266
       267
        
           };

     
···

       330
       331
        
             ];

     

       331
       332
        
           };

     

       332
       333
        
         };

     

       333
       333
       -
         services.bind.zones.${config.networking.domain}.extraConfig = ''

     

       334
       334
       -
           dnssec-policy default;

     

       335
       335
       -
           inline-signing yes;

     

       336
       336
       -
           journal "${config.services.bind.directory}/${config.networking.domain}.signed.jnl";

     

       337
       337
       -
         '' +

     

       338
       338
       -
           # dig ns org +short | xargs dig +short

     

       339
       339
       -
           # replace with `checkds true;` in bind 9.20

     

       334
       334
       +
         services.bind.zones.${config.networking.domain}.extraConfig =

     

       335
       335
       +
           ''

     

       336
       336
       +
             dnssec-policy default;

     

       337
       337
       +
             inline-signing yes;

     

       338
       338
       +
             journal "${config.services.bind.directory}/${config.networking.domain}.signed.jnl";

     

       340
       339
        
           ''

     

       341
       341
       -
             parental-agents {

     

       342
       342
       -
               199.19.56.1;

     

       343
       343
       -
               199.249.112.1;

     

       344
       344
       -
               199.19.54.1;

     

       345
       345
       -
               199.249.120.1;

     

       346
       346
       -
               199.19.53.1;

     

       347
       347
       -
               199.19.57.1;

     

       348
       348
       -
             };

     

       349
       349
       -
           '';

     

       340
       340
       +
           +

     

       341
       341
       +
             # dig ns org +short | xargs dig +short

     

       342
       342
       +
             # replace with `checkds true;` in bind 9.20

     

       343
       343
       +
             ''

     

       344
       344
       +
               parental-agents {

     

       345
       345
       +
                 199.19.56.1;

     

       346
       346
       +
                 199.249.112.1;

     

       347
       347
       +
                 199.19.54.1;

     

       348
       348
       +
                 199.249.120.1;

     

       349
       349
       +
                 199.19.53.1;

     

       350
       350
       +
                 199.19.57.1;

     

       351
       351
       +
               };

     

       352
       352
       +
             '';

     

       350
       353
        
       

     

       351
       354
        
         services.nginx.commonHttpConfig = ''

     

       352
       355
        
           add_header Strict-Transport-Security max-age=31536000 always;

     
···

       372
       375
        
           };

     

       373
       376
        
         };

     

       374
       377
        
       

     

       375
       375
       -
         security.acme-eon.nginxCerts = [ "capybara.fn06.org" "shrew.freumh.org" ];

     

       378
       378
       +
         security.acme-eon.nginxCerts = [

     

       379
       379
       +
           "capybara.fn06.org"

     

       380
       380
       +
           "shrew.freumh.org"

     

       381
       381
       +
         ];

     

       376
       382
        
         services.nginx.virtualHosts."capybara.fn06.org" = {

     

       377
       383
        
           forceSSL = true;

     

       378
       384
        
           locations."/" = {

     
···

       416
       422
        
           repository = "rest:http://100.64.0.9:8000/${config.networking.hostName}/";

     

       417
       423
        
           passwordFile = config.age.secrets.restic-owl.path;

     

       418
       424
        
           initialize = true;

     

       419
       419
       -
           paths = [ "/var/" "/run/" "/etc/" ];

     

       425
       425
       +
           paths = [

     

       426
       426
       +
             "/var/"

     

       427
       427
       +
             "/run/"

     

       428
       428
       +
             "/etc/"

     

       429
       429
       +
           ];

     

       420
       430
        
           timerConfig = {

     

       421
       431
        
             OnCalendar = "03:00";

     

       422
       432
        
             randomizedDelaySec = "1hr";

     
···

       434
       444
        
       

     

       435
       445
        
         age.secrets.email-ryan.file = ../../secrets/email-ryan.age;

     

       436
       446
        
         age.secrets.email-system.file = ../../secrets/email-system.age;

     

       437
       437
       -
         eilean.mailserver.systemAccountPasswordFile =

     

       438
       438
       -
           config.age.secrets.email-system.path;

     

       447
       447
       +
         eilean.mailserver.systemAccountPasswordFile = config.age.secrets.email-system.path;

     

       439
       448
        
         mailserver.loginAccounts = {

     

       440
       449
        
           "${config.eilean.username}@${config.networking.domain}" = {

     

       441
       450
        
             passwordFile = config.age.secrets.email-ryan.path;

+18 -10

hosts/owl/hardware-configuration.nix

···

       3
       3
        
       {

     

       4
       4
        
         imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];

     

       5
       5
        
         boot.loader.grub.device = "/dev/sda";

     

       6
       6
       -
         boot.initrd.availableKernelModules =

     

       7
       7
       -
           [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];

     

       6
       6
       +
         boot.initrd.availableKernelModules = [

     

       7
       7
       +
           "ata_piix"

     

       8
       8
       +
           "uhci_hcd"

     

       9
       9
       +
           "xen_blkfront"

     

       10
       10
       +
           "vmw_pvscsi"

     

       11
       11
       +
         ];

     

       8
       12
        
         boot.initrd.kernelModules = [ "nvme" ];

     

       9
       13
        
       

     

       10
       14
        
         fileSystems."/" = {

     
···

       12
       16
        
           fsType = "ext4";

     

       13
       17
        
         };

     

       14
       18
        
       

     

       15
       15
       -
         swapDevices = [{

     

       16
       16
       -
           device = "/var/swap";

     

       17
       17
       -
           size = 4096;

     

       18
       18
       -
         }];

     

       19
       19
       +
         swapDevices = [

     

       20
       20
       +
           {

     

       21
       21
       +
             device = "/var/swap";

     

       22
       22
       +
             size = 4096;

     

       23
       23
       +
           }

     

       24
       24
       +
         ];

     

       19
       25
        
       

     

       20
       26
        
         networking = {

     

       21
       27
        
           interfaces."enp1s0" = {

     

       22
       22
       -
             ipv6.addresses = [{

     

       23
       23
       -
               address = "2a01:4f9:c011:87ad::";

     

       24
       24
       -
               prefixLength = 64;

     

       25
       25
       -
             }];

     

       28
       28
       +
             ipv6.addresses = [

     

       29
       29
       +
               {

     

       30
       30
       +
                 address = "2a01:4f9:c011:87ad::";

     

       31
       31
       +
                 prefixLength = 64;

     

       32
       32
       +
               }

     

       33
       33
       +
             ];

     

       26
       34
        
           };

     

       27
       35
        
           defaultGateway6 = {

     

       28
       36
        
             address = "fe80::1";

+8 -3

hosts/owl/minimal.nix

···

       1
       1
       -
       { pkgs, config, lib, eilean, ... }:

     

       1
       1
       +
       {

     

       2
       2
       +
         pkgs,

     

       3
       3
       +
         config,

     

       4
       4
       +
         lib,

     

       5
       5
       +
         eilean,

     

       6
       6
       +
         ...

     

       7
       7
       +
       }:

     

       2
       8
        
       

     

       3
       9
        
       {

     

       4
       10
        
         imports = [ ./hardware-configuration.nix ];

     
···

       10
       16
        
           homeManager.enable = true;

     

       11
       17
        
         };

     

       12
       18
        
       

     

       13
       13
       -
         home-manager.users.${config.custom.username}.config.custom.machineColour =

     

       14
       14
       -
           "yellow";

     

       19
       19
       +
         home-manager.users.${config.custom.username}.config.custom.machineColour = "yellow";

     

       15
       20
        
       

     

       16
       21
        
         boot.tmp.cleanOnBoot = true;

     

       17
       22
        
       }

+45 -25

hosts/shrew/default.nix

···

       1
       1
       -
       { config, pkgs, lib, nixos-hardware, nixpkgs, ... }:

     

       1
       1
       +
       {

     

       2
       2
       +
         config,

     

       3
       3
       +
         pkgs,

     

       4
       4
       +
         lib,

     

       5
       5
       +
         nixos-hardware,

     

       6
       6
       +
         nixpkgs,

     

       7
       7
       +
         ...

     

       8
       8
       +
       }:

     

       2
       9
        
       

     

       3
       10
        
       {

     

       4
       4
       -
         imports = [ ./hardware-configuration.nix "${nixos-hardware}/raspberry-pi/4" ];

     

       11
       11
       +
         imports = [

     

       12
       12
       +
           ./hardware-configuration.nix

     

       13
       13
       +
           "${nixos-hardware}/raspberry-pi/4"

     

       14
       14
       +
         ];

     

       5
       15
        
       

     

       6
       16
        
         custom = {

     

       7
       17
        
           enable = true;

     
···

       10
       20
        
           homeManager.enable = true;

     

       11
       21
        
         };

     

       12
       22
        
       

     

       13
       13
       -
         home-manager.users.${config.custom.username}.config.custom.machineColour =

     

       14
       14
       -
           "red";

     

       23
       23
       +
         home-manager.users.${config.custom.username}.config.custom.machineColour = "red";

     

       15
       24
        
       

     

       16
       25
        
         networking.networkmanager.enable = true;

     

       17
       26
        
       

     
···

       37
       46
        
               user = "zigbee2mqtt";

     

       38
       47
        
               password = "test";

     

       39
       48
        
             };

     

       40
       40
       -
             serial = { port = "/dev/ttyUSB0"; };

     

       49
       49
       +
             serial = {

     

       50
       50
       +
               port = "/dev/ttyUSB0";

     

       51
       51
       +
             };

     

       41
       52
        
             frontend = {

     

       42
       53
        
               port = 15606;

     

       43
       54
        
               url = "http://shrew";

     

       44
       55
        
             };

     

       45
       56
        
             homeassistant = true;

     

       46
       46
       -
             advanced = { channel = 15; };

     

       57
       57
       +
             advanced = {

     

       58
       58
       +
               channel = 15;

     

       59
       59
       +
             };

     

       47
       60
        
           };

     

       48
       61
        
         };

     

       49
       62
        
       

     

       50
       63
        
         services.mosquitto = {

     

       51
       64
        
           enable = true;

     

       52
       52
       -
           listeners = [{

     

       53
       53
       -
             users = {

     

       54
       54
       -
               zigbee2mqtt = {

     

       55
       55
       -
                 acl = [ "readwrite #" ];

     

       56
       56
       -
                 hashedPassword =

     

       57
       57
       -
                   "$6$nuDIW/ZPVsrDHyBe$JffJJvvMG+nH8GH9V5h4FqJkU0nfiFkDzAsdYNTHeJMgBXEX9epPkQTUdLG9L47K54vMxm/+toeMAiKD63Dfkw==";

     

       58
       58
       -
               };

     

       59
       59
       -
               homeassistant = {

     

       60
       60
       -
                 acl = [ "readwrite #" ];

     

       61
       61
       -
                 hashedPassword =

     

       62
       62
       -
                   "$7$101$wGQZPdVdeW7iQFmH$bK/VOR6LXCLJKbb6M4PNeVptocjBAWXCLMtEU5fQNBr0Y5UAWlhVg8UAu4IkIXgnViI51NnhXKykdlWF63VkVQ==";

     

       65
       65
       +
           listeners = [

     

       66
       66
       +
             {

     

       67
       67
       +
               users = {

     

       68
       68
       +
                 zigbee2mqtt = {

     

       69
       69
       +
                   acl = [ "readwrite #" ];

     

       70
       70
       +
                   hashedPassword = "$6$nuDIW/ZPVsrDHyBe$JffJJvvMG+nH8GH9V5h4FqJkU0nfiFkDzAsdYNTHeJMgBXEX9epPkQTUdLG9L47K54vMxm/+toeMAiKD63Dfkw==";

     

       71
       71
       +
                 };

     

       72
       72
       +
                 homeassistant = {

     

       73
       73
       +
                   acl = [ "readwrite #" ];

     

       74
       74
       +
                   hashedPassword = "$7$101$wGQZPdVdeW7iQFmH$bK/VOR6LXCLJKbb6M4PNeVptocjBAWXCLMtEU5fQNBr0Y5UAWlhVg8UAu4IkIXgnViI51NnhXKykdlWF63VkVQ==";

     

       75
       75
       +
                 };

     

       63
       76
        
               };

     

       64
       64
       -
             };

     

       65
       65
       -
           }];

     

       77
       77
       +
             }

     

       78
       78
       +
           ];

     

       66
       79
        
         };

     

       67
       80
        
       

     

       68
       81
        
         services.home-assistant = {

     
···

       84
       97
        
             "google_assistant"

     

       85
       98
        
             "google_translate"

     

       86
       99
        
           ];

     

       87
       87
       -
           customComponents =

     

       88
       88
       -
             with pkgs.overlay-unstable.home-assistant-custom-components;

     

       89
       89
       -
             [ adaptive_lighting ];

     

       100
       100
       +
           customComponents = with pkgs.overlay-unstable.home-assistant-custom-components; [

     

       101
       101
       +
             adaptive_lighting

     

       102
       102
       +
           ];

     

       90
       103
        
           config = {

     

       91
       104
        
             # Includes dependencies for a basic setup

     

       92
       105
        
             # https://www.home-assistant.io/integrations/default_config/

     
···

       101
       114
        
               project_id = "shrew-25325";

     

       102
       115
        
               service_account = "!include SERVICE_ACCOUNT.JSON";

     

       103
       116
        
               report_state = true;

     

       104
       104
       -
               exposed_domains = [ "switch" "light" ];

     

       117
       117
       +
               exposed_domains = [

     

       118
       118
       +
                 "switch"

     

       119
       119
       +
                 "light"

     

       120
       120
       +
               ];

     

       105
       121
        
               entity_config = {

     

       106
       122
        
                 "light.room_bed_left" = {

     

       107
       123
        
                   name = "BED_LEFT";

     
···

       131
       147
        
             adaptive_lighting = {

     

       132
       148
        
               sunrise_time = "06:00:00";

     

       133
       149
        
               sunset_time = "18:00:00";

     

       134
       134
       -
               lights =

     

       135
       135
       -
                 [ "light.bed_left" "light.bed_right" "light.ceiling" "light.strip" ];

     

       150
       150
       +
               lights = [

     

       151
       151
       +
                 "light.bed_left"

     

       152
       152
       +
                 "light.bed_right"

     

       153
       153
       +
                 "light.ceiling"

     

       154
       154
       +
                 "light.strip"

     

       155
       155
       +
               ];

     

       136
       156
        
             };

     

       137
       157
        
           };

     

       138
       158
        
         };

+11 -2

hosts/shrew/hardware-configuration.nix

···

       1
       1
        
       # Do not modify this file!  It was generated by ‘nixos-generate-config’

     

       2
       2
        
       # and may be overwritten by future invocations.  Please make changes

     

       3
       3
        
       # to /etc/nixos/configuration.nix instead.

     

       4
       4
       -
       { config, lib, pkgs, modulesPath, ... }:

     

       4
       4
       +
       {

     

       5
       5
       +
         config,

     

       6
       6
       +
         lib,

     

       7
       7
       +
         pkgs,

     

       8
       8
       +
         modulesPath,

     

       9
       9
       +
         ...

     

       10
       10
       +
       }:

     

       5
       11
        
       

     

       6
       12
        
       {

     

       7
       13
        
         imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];

     

       8
       14
        
       

     

       9
       9
       -
         boot.initrd.availableKernelModules = [ "xhci_pci" "usbhid" ];

     

       15
       15
       +
         boot.initrd.availableKernelModules = [

     

       16
       16
       +
           "xhci_pci"

     

       17
       17
       +
           "usbhid"

     

       18
       18
       +
         ];

     

       10
       19
        
         boot.initrd.kernelModules = [ ];

     

       11
       20
        
         boot.kernelModules = [ ];

     

       12
       21
        
         boot.extraModulePackages = [ ];

+15 -5

hosts/shrew/sd-image.nix

···

       1
       1
       -
       { config, lib, nixpkgs, ... }:

     

       1
       1
       +
       {

     

       2
       2
       +
         config,

     

       3
       3
       +
         lib,

     

       4
       4
       +
         nixpkgs,

     

       5
       5
       +
         ...

     

       6
       6
       +
       }:

     

       2
       7
        
       

     

       3
       8
        
       {

     

       4
       4
       -
         imports =

     

       5
       5
       -
           [ "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix" ];

     

       9
       9
       +
         imports = [ "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix" ];

     

       6
       10
        
       

     

       7
       11
        
         nixpkgs.hostPlatform = "aarch64-linux";

     

       8
       12
        
       

     

       9
       9
       -
         custom = { enable = true; };

     

       13
       13
       +
         custom = {

     

       14
       14
       +
           enable = true;

     

       15
       15
       +
         };

     

       10
       16
        
       

     

       11
       17
        
         networking.wireless = {

     

       12
       18
        
           enable = true;

     

       13
       13
       -
           networks = { "SSID" = { psk = "password"; }; };

     

       19
       19
       +
           networks = {

     

       20
       20
       +
             "SSID" = {

     

       21
       21
       +
               psk = "password";

     

       22
       22
       +
             };

     

       23
       23
       +
           };

     

       14
       24
        
         };

     

       15
       25
        
       }

+137 -107

hosts/swan/default.nix

···

       1
       1
       -
       { pkgs, config, lib, hyperbib-eeg, ... }:

     

       1
       1
       +
       {

     

       2
       2
       +
         pkgs,

     

       3
       3
       +
         config,

     

       4
       4
       +
         lib,

     

       5
       5
       +
         hyperbib-eeg,

     

       6
       6
       +
         ...

     

       7
       7
       +
       }:

     

       2
       8
        
       

     

       3
       3
       -
       let domain = "eeg.cl.cam.ac.uk";

     

       4
       4
       -
       in {

     

       9
       9
       +
       let

     

       10
       10
       +
         domain = "eeg.cl.cam.ac.uk";

     

       11
       11
       +
       in

     

       12
       12
       +
       {

     

       5
       13
        
         imports = [

     

       6
       14
        
           ./hardware-configuration.nix

     

       7
       15
        
           ./minimal.nix

     
···

       26
       34
        
         services.httpd = {

     

       27
       35
        
           enable = true;

     

       28
       36
        
           extraModules =

     

       29
       29
       -
             let mod_ucam_webauth = pkgs.callPackage ./mod_ucam_webauth.nix { };

     

       30
       30
       -
             in [{

     

       31
       31
       -
               name = "ucam_webauth";

     

       32
       32
       -
               path = "${mod_ucam_webauth}/modules/mod_ucam_webauth.so";

     

       33
       33
       -
             }];

     

       37
       37
       +
             let

     

       38
       38
       +
               mod_ucam_webauth = pkgs.callPackage ./mod_ucam_webauth.nix { };

     

       39
       39
       +
             in

     

       40
       40
       +
             [

     

       41
       41
       +
               {

     

       42
       42
       +
                 name = "ucam_webauth";

     

       43
       43
       +
                 path = "${mod_ucam_webauth}/modules/mod_ucam_webauth.so";

     

       44
       44
       +
               }

     

       45
       45
       +
             ];

     

       34
       46
        
       

     

       35
       47
        
           virtualHosts."${domain}" = {

     

       36
       48
        
             forceSSL = true;

     

       37
       49
        
             enableACME = true;

     

       38
       50
        
             documentRoot = "/var/www/eeg/";

     

       39
       51
        
             locations."/bib/" = {

     

       40
       40
       -
               proxyPass = "http://127.0.0.1:${

     

       41
       41
       -
                   builtins.toString config.services.hyperbib.port

     

       42
       42
       -
                 }/bib/";

     

       52
       52
       +
               proxyPass = "http://127.0.0.1:${builtins.toString config.services.hyperbib.port}/bib/";

     

       43
       53
        
             };

     

       44
       44
       -
             extraConfig = let

     

       45
       45
       -
               keyfile = pkgs.writeTextFile {

     

       46
       46
       -
                 name = "raven-rsa-key";

     

       47
       47
       -
                 destination = "/pubkey2";

     

       48
       48
       -
                 text = ''

     

       49
       49
       -
                   -----BEGIN RSA PUBLIC KEY-----

     

       50
       50
       -
                   MIGJAoGBAL/2pwBbVcJKTRF8B+K6W9Oi4xkoPiOb32te0whw7Zuf7cTFCk5tvBa6

     

       51
       51
       -
                   CI7wM0R99LtvNLFmoantTps92LjF9fvrCBYZDqpaLnk5clXShKKqt3do4SykqYkq

     

       52
       52
       -
                   66kpc42jZ58C3omR0dUfQ7o7yTktVqnrDjLVb9P+vLhAfuSFHFa1AgMBAAE=

     

       53
       53
       -
                   -----END RSA PUBLIC KEY-----

     

       54
       54
       -
                 '';

     

       55
       55
       -
               };

     

       56
       56
       -
               matrixServerConfig = pkgs.writeText "matrix-server-config.json"

     

       57
       57
       -
                 (builtins.toJSON { "m.server" = "${domain}:443"; });

     

       58
       58
       -
               matrixClientConfig = pkgs.writeText "matrix-server-config.json"

     

       59
       59
       -
                 (builtins.toJSON {

     

       60
       60
       -
                   "m.homeserver" = { "base_url" = "https://${domain}"; };

     

       61
       61
       -
                   "m.identity_server" = { "base_url" = "https://vector.im"; };

     

       62
       62
       -
                 });

     

       63
       63
       -
             in ''

     

       64
       64
       -
               AAKeyDir ${keyfile}

     

       65
       65
       -
               AACookieKey file:/dev/urandom

     

       66
       66
       -
               <Location "/bib/">

     

       67
       67
       -
                 AuthType Ucam-WebAuth

     

       68
       68
       -
                 Require valid-user

     

       69
       69
       -
               </Location>

     

       54
       54
       +
             extraConfig =

     

       55
       55
       +
               let

     

       56
       56
       +
                 keyfile = pkgs.writeTextFile {

     

       57
       57
       +
                   name = "raven-rsa-key";

     

       58
       58
       +
                   destination = "/pubkey2";

     

       59
       59
       +
                   text = ''

     

       60
       60
       +
                     -----BEGIN RSA PUBLIC KEY-----

     

       61
       61
       +
                     MIGJAoGBAL/2pwBbVcJKTRF8B+K6W9Oi4xkoPiOb32te0whw7Zuf7cTFCk5tvBa6

     

       62
       62
       +
                     CI7wM0R99LtvNLFmoantTps92LjF9fvrCBYZDqpaLnk5clXShKKqt3do4SykqYkq

     

       63
       63
       +
                     66kpc42jZ58C3omR0dUfQ7o7yTktVqnrDjLVb9P+vLhAfuSFHFa1AgMBAAE=

     

       64
       64
       +
                     -----END RSA PUBLIC KEY-----

     

       65
       65
       +
                   '';

     

       66
       66
       +
                 };

     

       67
       67
       +
                 matrixServerConfig = pkgs.writeText "matrix-server-config.json" (

     

       68
       68
       +
                   builtins.toJSON { "m.server" = "${domain}:443"; }

     

       69
       69
       +
                 );

     

       70
       70
       +
                 matrixClientConfig = pkgs.writeText "matrix-server-config.json" (

     

       71
       71
       +
                   builtins.toJSON {

     

       72
       72
       +
                     "m.homeserver" = {

     

       73
       73
       +
                       "base_url" = "https://${domain}";

     

       74
       74
       +
                     };

     

       75
       75
       +
                     "m.identity_server" = {

     

       76
       76
       +
                       "base_url" = "https://vector.im";

     

       77
       77
       +
                     };

     

       78
       78
       +
                   }

     

       79
       79
       +
                 );

     

       80
       80
       +
               in

     

       81
       81
       +
               ''

     

       82
       82
       +
                 AAKeyDir ${keyfile}

     

       83
       83
       +
                 AACookieKey file:/dev/urandom

     

       84
       84
       +
                 <Location "/bib/">

     

       85
       85
       +
                   AuthType Ucam-WebAuth

     

       86
       86
       +
                   Require valid-user

     

       87
       87
       +
                 </Location>

     

       70
       88
        
       

     

       71
       71
       -
               SSLEngine on

     

       72
       72
       -
               ServerName ${domain}

     

       89
       89
       +
                 SSLEngine on

     

       90
       90
       +
                 ServerName ${domain}

     

       73
       91
        
       

     

       74
       74
       -
               ### Matrix config

     

       92
       92
       +
                 ### Matrix config

     

       75
       93
        
       

     

       76
       76
       -
               RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}

     

       77
       77
       -
               AllowEncodedSlashes NoDecode

     

       78
       78
       -
               ProxyPreserveHost on

     

       79
       79
       -
               ProxyPass /_matrix http://127.0.0.1:8008/_matrix nocanon

     

       80
       80
       -
               ProxyPassReverse /_matrix http://127.0.0.1:8008/_matrix

     

       81
       81
       -
               ProxyPass /_synapse/client http://127.0.0.1:8008/_synapse/client nocanon

     

       82
       82
       -
               ProxyPassReverse /_synapse/client http://127.0.0.1:8008/_synapse/client

     

       94
       94
       +
                 RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}

     

       95
       95
       +
                 AllowEncodedSlashes NoDecode

     

       96
       96
       +
                 ProxyPreserveHost on

     

       97
       97
       +
                 ProxyPass /_matrix http://127.0.0.1:8008/_matrix nocanon

     

       98
       98
       +
                 ProxyPassReverse /_matrix http://127.0.0.1:8008/_matrix

     

       99
       99
       +
                 ProxyPass /_synapse/client http://127.0.0.1:8008/_synapse/client nocanon

     

       100
       100
       +
                 ProxyPassReverse /_synapse/client http://127.0.0.1:8008/_synapse/client

     

       83
       101
        
       

     

       84
       84
       -
               Alias /.well-known/matrix/server "${matrixServerConfig}"

     

       85
       85
       -
               Alias /.well-known/matrix/client "${matrixClientConfig}"

     

       86
       86
       -
             '';

     

       102
       102
       +
                 Alias /.well-known/matrix/server "${matrixServerConfig}"

     

       103
       103
       +
                 Alias /.well-known/matrix/client "${matrixClientConfig}"

     

       104
       104
       +
               '';

     

       87
       105
        
           };

     

       88
       106
        
           virtualHosts."watch.${domain}" = {

     

       89
       107
        
             forceSSL = true;

     

       90
       108
        
             enableACME = true;

     

       91
       109
        
             locations."/" = {

     

       92
       110
        
               extraConfig = ''

     

       93
       93
       -
                 ProxyPass http://127.0.0.1:${

     

       94
       94
       -
                   builtins.toString config.services.peertube.listenHttp

     

       95
       95
       -
                 }/ upgrade=websocket

     

       96
       96
       -
                 ProxyPassReverse http://127.0.0.1:${

     

       97
       97
       -
                   builtins.toString config.services.peertube.listenHttp

     

       98
       98
       -
                 }/

     

       111
       111
       +
                 ProxyPass http://127.0.0.1:${builtins.toString config.services.peertube.listenHttp}/ upgrade=websocket

     

       112
       112
       +
                 ProxyPassReverse http://127.0.0.1:${builtins.toString config.services.peertube.listenHttp}/

     

       99
       113
        
               '';

     

       100
       114
        
             };

     

       101
       115
        
             extraConfig = ''

     
···

       130
       144
        
       

     

       131
       145
        
         services.matrix-synapse = {

     

       132
       146
        
           enable = true;

     

       133
       133
       -
           settings = lib.mkMerge [{

     

       134
       134
       -
             server_name = domain;

     

       135
       135
       -
             enable_registration = false;

     

       136
       136
       -
             auto_join_rooms = [ "#EEG:eeg.cl.cam.ac.uk" ];

     

       137
       137
       -
             password_config.enabled = false;

     

       138
       138
       -
             listeners = [{

     

       139
       139
       -
               port = 8008;

     

       140
       140
       -
               bind_addresses = [ "::1" "127.0.0.1" ];

     

       141
       141
       -
               type = "http";

     

       142
       142
       -
               tls = false;

     

       143
       143
       -
               x_forwarded = true;

     

       144
       144
       -
               resources = [{

     

       145
       145
       -
                 names = [ "client" "federation" ];

     

       146
       146
       -
                 compress = false;

     

       147
       147
       -
               }];

     

       148
       148
       -
             }];

     

       149
       149
       -
             max_upload_size = "100M";

     

       150
       150
       -
             saml2_config = {

     

       151
       151
       -
               sp_config = {

     

       152
       152
       -
                 metadata.remote =

     

       153
       153
       -
                   [{ url = "https://shib.raven.cam.ac.uk/shibboleth"; }];

     

       154
       154
       -
                 description =

     

       155
       155
       -
                   [ "Energy and Environment Group Computer Lab Matrix Server" "en" ];

     

       156
       156
       -
                 name = [ "EEG CL Matrix Server" "en" ];

     

       157
       157
       -
                 # generate keys with

     

       158
       158
       -
                 #   sudo nix shell nixpkgs#openssl nixpkgs#shibboleth-sp -c sh -c '`nix eval --raw nixpkgs#shibboleth-sp`/etc/shibboleth/keygen.sh -h matrix.eeg.cl.cam.ac.uk -o /secrets/matrix-shibboleth/'

     

       159
       159
       -
                 #   chown -R matrix-synapse /secrets/matrix-shibboleth/

     

       160
       160
       -
                 key_file = "/secrets/matrix-shibboleth/sp-key.pem";

     

       161
       161
       -
                 cert_file = "/secrets/matrix-shibboleth/sp-cert.pem";

     

       162
       162
       -
                 encryption_keypairs = [

     

       163
       163
       -
                   { key_file = "/secrets/matrix-shibboleth/sp-key.pem"; }

     

       164
       164
       -
                   { cert_file = "/secrets/matrix-shibboleth/sp-cert.pem"; }

     

       165
       165
       -
                 ];

     

       166
       166
       -
                 attribute_map_dir = pkgs.writeTextDir "map.py" ''

     

       167
       167
       -
                   MAP = {

     

       168
       168
       -
                       "identifier": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",

     

       169
       169
       -
                       "fro": {

     

       170
       170
       -
                           'urn:oid:0.9.2342.19200300.100.1.1': 'uid',

     

       171
       171
       -
                           'urn:oid:0.9.2342.19200300.100.1.3': 'email',

     

       172
       172
       -
                           'urn:oid:2.16.840.1.113730.3.1.241': 'displayName',

     

       173
       173
       -
                       },

     

       174
       174
       -
                       "to": {

     

       175
       175
       -
                           'uid': 'urn:oid:0.9.2342.19200300.100.1.1',

     

       176
       176
       -
                           'email': 'urn:oid:0.9.2342.19200300.100.1.3',

     

       177
       177
       -
                           'displayName': 'urn:oid:2.16.840.1.113730.3.1.241',

     

       178
       178
       -
                       },

     

       179
       179
       -
                   }

     

       180
       180
       -
                 '';

     

       147
       147
       +
           settings = lib.mkMerge [

     

       148
       148
       +
             {

     

       149
       149
       +
               server_name = domain;

     

       150
       150
       +
               enable_registration = false;

     

       151
       151
       +
               auto_join_rooms = [ "#EEG:eeg.cl.cam.ac.uk" ];

     

       152
       152
       +
               password_config.enabled = false;

     

       153
       153
       +
               listeners = [

     

       154
       154
       +
                 {

     

       155
       155
       +
                   port = 8008;

     

       156
       156
       +
                   bind_addresses = [

     

       157
       157
       +
                     "::1"

     

       158
       158
       +
                     "127.0.0.1"

     

       159
       159
       +
                   ];

     

       160
       160
       +
                   type = "http";

     

       161
       161
       +
                   tls = false;

     

       162
       162
       +
                   x_forwarded = true;

     

       163
       163
       +
                   resources = [

     

       164
       164
       +
                     {

     

       165
       165
       +
                       names = [

     

       166
       166
       +
                         "client"

     

       167
       167
       +
                         "federation"

     

       168
       168
       +
                       ];

     

       169
       169
       +
                       compress = false;

     

       170
       170
       +
                     }

     

       171
       171
       +
                   ];

     

       172
       172
       +
                 }

     

       173
       173
       +
               ];

     

       174
       174
       +
               max_upload_size = "100M";

     

       175
       175
       +
               saml2_config = {

     

       176
       176
       +
                 sp_config = {

     

       177
       177
       +
                   metadata.remote = [ { url = "https://shib.raven.cam.ac.uk/shibboleth"; } ];

     

       178
       178
       +
                   description = [

     

       179
       179
       +
                     "Energy and Environment Group Computer Lab Matrix Server"

     

       180
       180
       +
                     "en"

     

       181
       181
       +
                   ];

     

       182
       182
       +
                   name = [

     

       183
       183
       +
                     "EEG CL Matrix Server"

     

       184
       184
       +
                     "en"

     

       185
       185
       +
                   ];

     

       186
       186
       +
                   # generate keys with

     

       187
       187
       +
                   #   sudo nix shell nixpkgs#openssl nixpkgs#shibboleth-sp -c sh -c '`nix eval --raw nixpkgs#shibboleth-sp`/etc/shibboleth/keygen.sh -h matrix.eeg.cl.cam.ac.uk -o /secrets/matrix-shibboleth/'

     

       188
       188
       +
                   #   chown -R matrix-synapse /secrets/matrix-shibboleth/

     

       189
       189
       +
                   key_file = "/secrets/matrix-shibboleth/sp-key.pem";

     

       190
       190
       +
                   cert_file = "/secrets/matrix-shibboleth/sp-cert.pem";

     

       191
       191
       +
                   encryption_keypairs = [

     

       192
       192
       +
                     { key_file = "/secrets/matrix-shibboleth/sp-key.pem"; }

     

       193
       193
       +
                     { cert_file = "/secrets/matrix-shibboleth/sp-cert.pem"; }

     

       194
       194
       +
                   ];

     

       195
       195
       +
                   attribute_map_dir = pkgs.writeTextDir "map.py" ''

     

       196
       196
       +
                     MAP = {

     

       197
       197
       +
                         "identifier": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",

     

       198
       198
       +
                         "fro": {

     

       199
       199
       +
                             'urn:oid:0.9.2342.19200300.100.1.1': 'uid',

     

       200
       200
       +
                             'urn:oid:0.9.2342.19200300.100.1.3': 'email',

     

       201
       201
       +
                             'urn:oid:2.16.840.1.113730.3.1.241': 'displayName',

     

       202
       202
       +
                         },

     

       203
       203
       +
                         "to": {

     

       204
       204
       +
                             'uid': 'urn:oid:0.9.2342.19200300.100.1.1',

     

       205
       205
       +
                             'email': 'urn:oid:0.9.2342.19200300.100.1.3',

     

       206
       206
       +
                             'displayName': 'urn:oid:2.16.840.1.113730.3.1.241',

     

       207
       207
       +
                         },

     

       208
       208
       +
                     }

     

       209
       209
       +
                   '';

     

       210
       210
       +
                 };

     

       181
       211
        
               };

     

       182
       182
       -
             };

     

       183
       183
       -
             app_service_config_files = [ "/var/lib/heisenbridge/registration.yml" ];

     

       184
       184
       -
           }];

     

       212
       212
       +
               app_service_config_files = [ "/var/lib/heisenbridge/registration.yml" ];

     

       213
       213
       +
             }

     

       214
       214
       +
           ];

     

       185
       215
        
         };

     

       186
       216
        
       

     

       187
       217
        
         networking.firewall.allowedTCPPorts = [

+24 -11

hosts/swan/hardware-configuration.nix

···

       1
       1
       -
       { config, lib, pkgs, ... }:

     

       1
       1
       +
       {

     

       2
       2
       +
         config,

     

       3
       3
       +
         lib,

     

       4
       4
       +
         pkgs,

     

       5
       5
       +
         ...

     

       6
       6
       +
       }:

     

       2
       7
        
       

     

       3
       8
        
       {

     

       4
       4
       -
         boot.initrd.availableKernelModules =

     

       5
       5
       -
           [ "ata_piix" "uhci_hcd" "sr_mod" "xen_blkfront" ];

     

       9
       9
       +
         boot.initrd.availableKernelModules = [

     

       10
       10
       +
           "ata_piix"

     

       11
       11
       +
           "uhci_hcd"

     

       12
       12
       +
           "sr_mod"

     

       13
       13
       +
           "xen_blkfront"

     

       14
       14
       +
         ];

     

       6
       15
        
         boot.initrd.kernelModules = [ ];

     

       7
       16
        
         boot.kernelModules = [ ];

     

       8
       17
        
         boot.extraModulePackages = [ ];

     
···

       20
       29
        
           fsType = "ext4";

     

       21
       30
        
         };

     

       22
       31
        
       

     

       23
       23
       -
         swapDevices = [{

     

       24
       24
       -
           device = "/var/swap";

     

       25
       25
       -
           size = 1024;

     

       26
       26
       -
         }];

     

       32
       32
       +
         swapDevices = [

     

       33
       33
       +
           {

     

       34
       34
       +
             device = "/var/swap";

     

       35
       35
       +
             size = 1024;

     

       36
       36
       +
           }

     

       37
       37
       +
         ];

     

       27
       38
        
       

     

       28
       39
        
         networking = {

     

       29
       40
        
           useDHCP = false;

     

       30
       30
       -
           interfaces."enX0".ipv4.addresses = [{

     

       31
       31
       -
             address = "128.232.98.96";

     

       32
       32
       -
             prefixLength = 23;

     

       33
       33
       -
           }];

     

       41
       41
       +
           interfaces."enX0".ipv4.addresses = [

     

       42
       42
       +
             {

     

       43
       43
       +
               address = "128.232.98.96";

     

       44
       44
       +
               prefixLength = 23;

     

       45
       45
       +
             }

     

       46
       46
       +
           ];

     

       34
       47
        
           defaultGateway = {

     

       35
       48
        
             address = "128.232.98.1";

     

       36
       49
        
             interface = "enX0";

+7 -3

hosts/swan/minimal.nix

···

       1
       1
       -
       { pkgs, config, lib, ... }:

     

       1
       1
       +
       {

     

       2
       2
       +
         pkgs,

     

       3
       3
       +
         config,

     

       4
       4
       +
         lib,

     

       5
       5
       +
         ...

     

       6
       6
       +
       }:

     

       2
       7
        
       

     

       3
       8
        
       {

     

       4
       9
        
         imports = [ ./hardware-configuration.nix ];

     
···

       10
       15
        
           useNixCache = false;

     

       11
       16
        
         };

     

       12
       17
        
       

     

       13
       13
       -
         home-manager.users.${config.custom.username}.config.custom.machineColour =

     

       14
       14
       -
           "green";

     

       18
       18
       +
         home-manager.users.${config.custom.username}.config.custom.machineColour = "green";

     

       15
       19
        
       

     

       16
       20
        
         services.openssh.openFirewall = true;

     

       17
       21
        
       }

+7 -1

hosts/swan/mod_ucam_webauth.nix

···

       1
       1
       -
       { lib, stdenv, fetchFromGitHub, apacheHttpd, openssl }:

     

       1
       1
       +
       {

     

       2
       2
       +
         lib,

     

       3
       3
       +
         stdenv,

     

       4
       4
       +
         fetchFromGitHub,

     

       5
       5
       +
         apacheHttpd,

     

       6
       6
       +
         openssl,

     

       7
       7
       +
       }:

     

       2
       8
        
       

     

       3
       9
        
       stdenv.mkDerivation rec {

     

       4
       10
        
         pname = "mod_ucam_webauth";

+29 -11

hosts/vulpine/hardware-configuration.nix

···

       1
       1
       -
       { config, lib, pkgs, modulesPath, ... }:

     

       1
       1
       +
       {

     

       2
       2
       +
         config,

     

       3
       3
       +
         lib,

     

       4
       4
       +
         pkgs,

     

       5
       5
       +
         modulesPath,

     

       6
       6
       +
         ...

     

       7
       7
       +
       }:

     

       2
       8
        
       

     

       3
       9
        
       {

     

       4
       10
        
         imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];

     

       5
       11
        
       

     

       6
       6
       -
         boot.initrd.availableKernelModules =

     

       7
       7
       -
           [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "sd_mod" ];

     

       12
       12
       +
         boot.initrd.availableKernelModules = [

     

       13
       13
       +
           "xhci_pci"

     

       14
       14
       +
           "ehci_pci"

     

       15
       15
       +
           "ahci"

     

       16
       16
       +
           "usbhid"

     

       17
       17
       +
           "sd_mod"

     

       18
       18
       +
         ];

     

       8
       19
        
         boot.initrd.kernelModules = [ ];

     

       9
       20
        
         # kvm for virtualisation, wl for broadcom_sta kernel module

     

       10
       10
       -
         boot.kernelModules = [ "kvm-intel" "wl" ];

     

       21
       21
       +
         boot.kernelModules = [

     

       22
       22
       +
           "kvm-intel"

     

       23
       23
       +
           "wl"

     

       24
       24
       +
         ];

     

       11
       25
        
         boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ];

     

       12
       26
        
         # loading bcma/b43 at the same time as wl seems to cause issues

     

       13
       13
       -
         boot.blacklistedKernelModules = [ "bcma" "b43" ];

     

       27
       27
       +
         boot.blacklistedKernelModules = [

     

       28
       28
       +
           "bcma"

     

       29
       29
       +
           "b43"

     

       30
       30
       +
         ];

     

       14
       31
        
       

     

       15
       32
        
         fileSystems."/" = {

     

       16
       33
        
           device = "/dev/disk/by-uuid/d2afdf21-7a3a-47f0-83e1-31e9cccdad84";

     
···

       32
       49
        
           ];

     

       33
       50
        
         };

     

       34
       51
        
       

     

       35
       35
       -
         swapDevices = [{

     

       36
       36
       -
           device = "/swapfile";

     

       37
       37
       -
           size = 8192;

     

       38
       38
       -
         }];

     

       52
       52
       +
         swapDevices = [

     

       53
       53
       +
           {

     

       54
       54
       +
             device = "/swapfile";

     

       55
       55
       +
             size = 8192;

     

       56
       56
       +
           }

     

       57
       57
       +
         ];

     

       39
       58
        
       

     

       40
       59
        
         networking.useDHCP = lib.mkDefault true;

     

       41
       60
        
       

     

       42
       42
       -
         hardware.cpu.intel.updateMicrocode =

     

       43
       43
       -
           lib.mkDefault config.hardware.enableRedistributableFirmware;

     

       61
       61
       +
         hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;

     

       44
       62
        
         # high-resolution display

     

       45
       63
        
         # hardware.video.hidpi.enable = lib.mkDefault true;

     

       46
       64

+17 -9

modules/alec-website.nix

···

       1
       1
       -
       { pkgs, config, lib, alec-website, ... }:

     

       1
       1
       +
       {

     

       2
       2
       +
         pkgs,

     

       3
       3
       +
         config,

     

       4
       4
       +
         lib,

     

       5
       5
       +
         alec-website,

     

       6
       6
       +
         ...

     

       7
       7
       +
       }:

     

       2
       8
        
       

     

       3
       9
        
       with lib;

     

       4
       10
        
       

     

       5
       5
       -
       let cfg = config.custom.website.alec;

     

       6
       6
       -
       in {

     

       11
       11
       +
       let

     

       12
       12
       +
         cfg = config.custom.website.alec;

     

       13
       13
       +
       in

     

       14
       14
       +
       {

     

       7
       15
        
         options = {

     

       8
       16
        
           custom.website.alec = {

     

       9
       17
        
             enable = mkEnableOption "Alec's website";

     
···

       28
       36
        
       

     

       29
       37
        
         config = mkIf cfg.enable {

     

       30
       38
        
           security.acme-eon.nginxCerts = [ cfg.domain ];

     

       31
       31
       -
           security.acme-eon.certs.${cfg.domain}.extraDomainNames =

     

       32
       32
       -
             [ "www.${cfg.domain}" ];

     

       39
       39
       +
           security.acme-eon.certs.${cfg.domain}.extraDomainNames = [ "www.${cfg.domain}" ];

     

       33
       40
        
       

     

       34
       41
        
           services.nginx = {

     

       35
       42
        
             enable = true;

     

       36
       43
        
             virtualHosts = {

     

       37
       44
        
               "${cfg.domain}" = {

     

       38
       45
        
                 forceSSL = true;

     

       39
       39
       -
                 root =

     

       40
       40
       -
                   "${alec-website.packages.${pkgs.stdenv.hostPlatform.system}.default}";

     

       46
       46
       +
                 root = "${alec-website.packages.${pkgs.stdenv.hostPlatform.system}.default}";

     

       41
       47
        
                 locations."/var/".extraConfig = ''

     

       42
       48
        
                   alias /var/${cfg.domain}/;

     

       43
       49
        
                 '';

     
···

       49
       55
        
                 '';

     

       50
       56
        
               };

     

       51
       57
        
               "www.${cfg.domain}" =

     

       52
       52
       -
                 let certDir = config.security.acme-eon.certs.${cfg.domain}.directory;

     

       53
       53
       -
                 in {

     

       58
       58
       +
                 let

     

       59
       59
       +
                   certDir = config.security.acme-eon.certs.${cfg.domain}.directory;

     

       60
       60
       +
                 in

     

       61
       61
       +
                 {

     

       54
       62
        
                   forceSSL = true;

     

       55
       63
        
                   sslCertificate = "${certDir}/fullchain.pem";

     

       56
       64
        
                   sslCertificateKey = "${certDir}/key.pem";

+15 -4

modules/auto-upgrade.nix

···

       1
       1
       -
       { pkgs, config, lib, ... }@inputs:

     

       1
       1
       +
       {

     

       2
       2
       +
         pkgs,

     

       3
       3
       +
         config,

     

       4
       4
       +
         lib,

     

       5
       5
       +
         ...

     

       6
       6
       +
       }@inputs:

     

       2
       7
        
       

     

       3
       3
       -
       let cfg = config.custom.autoUpgrade;

     

       4
       4
       -
       in {

     

       8
       8
       +
       let

     

       9
       9
       +
         cfg = config.custom.autoUpgrade;

     

       10
       10
       +
       in

     

       11
       11
       +
       {

     

       5
       12
        
         options.custom.autoUpgrade.enable = lib.mkEnableOption "autoUpgrade";

     

       6
       13
        
       

     

       7
       14
        
         config = lib.mkIf cfg.enable {

     
···

       9
       16
        
             enable = true;

     

       10
       17
        
             allowReboot = true;

     

       11
       18
        
             flake = inputs.self.outPath;

     

       12
       12
       -
             flags = [ "--update-input" "nixpkgs" "-L" ];

     

       19
       19
       +
             flags = [

     

       20
       20
       +
               "--update-input"

     

       21
       21
       +
               "nixpkgs"

     

       22
       22
       +
               "-L"

     

       23
       23
       +
             ];

     

       13
       24
        
             dates = "03:00";

     

       14
       25
        
             randomizedDelaySec = "1hr";

     

       15
       26
        
             rebootWindow = {

+13 -5

modules/colour-guesser.nix

···

       1
       1
       -
       { pkgs, config, lib, options, colour-guesser, ... }:

     

       1
       1
       +
       {

     

       2
       2
       +
         pkgs,

     

       3
       3
       +
         config,

     

       4
       4
       +
         lib,

     

       5
       5
       +
         options,

     

       6
       6
       +
         colour-guesser,

     

       7
       7
       +
         ...

     

       8
       8
       +
       }:

     

       2
       9
        
       

     

       3
       3
       -
       let cfg = config.custom.website.colour-guesser;

     

       4
       4
       -
       in {

     

       10
       10
       +
       let

     

       11
       11
       +
         cfg = config.custom.website.colour-guesser;

     

       12
       12
       +
       in

     

       13
       13
       +
       {

     

       5
       14
        
         options = {

     

       6
       15
        
           custom.website.colour-guesser = {

     

       7
       16
        
             enable = lib.mkEnableOption "Colour Guesser";

     
···

       27
       36
        
             recommendedProxySettings = true;

     

       28
       37
        
             virtualHosts."${cfg.domain}" = {

     

       29
       38
        
               forceSSL = true;

     

       30
       30
       -
               root =

     

       31
       31
       -
                 "${colour-guesser.packages.${pkgs.stdenv.hostPlatform.system}.default}";

     

       39
       39
       +
               root = "${colour-guesser.packages.${pkgs.stdenv.hostPlatform.system}.default}";

     

       32
       40
        
             };

     

       33
       41
        
           };

     

       34
       42

+75 -58

modules/default.nix

···

       1
       1
       -
       { pkgs, config, lib, agenix, ... }:

     

       1
       1
       +
       {

     

       2
       2
       +
         pkgs,

     

       3
       3
       +
         config,

     

       4
       4
       +
         lib,

     

       5
       5
       +
         agenix,

     

       6
       6
       +
         ...

     

       7
       7
       +
       }:

     

       2
       8
        
       

     

       3
       3
       -
       let cfg = config.custom;

     

       4
       4
       -
       in {

     

       9
       9
       +
       let

     

       10
       10
       +
         cfg = config.custom;

     

       11
       11
       +
       in

     

       12
       12
       +
       {

     

       5
       13
        
         imports = [

     

       6
       14
        
           ./auto-upgrade.nix

     

       7
       15
        
           ./dict.nix

     
···

       34
       42
        
           };

     

       35
       43
        
         };

     

       36
       44
        
       

     

       37
       37
       -
         config = let nixPath = "/etc/nix-path";

     

       38
       38
       -
         in lib.mkIf cfg.enable {

     

       39
       39
       -
           console = {

     

       40
       40
       -
             font = "Lat2-Terminus16";

     

       41
       41
       -
             keyMap = "uk";

     

       42
       42
       -
           };

     

       43
       43
       -
           i18n.defaultLocale = "en_GB.UTF-8";

     

       45
       45
       +
         config =

     

       46
       46
       +
           let

     

       47
       47
       +
             nixPath = "/etc/nix-path";

     

       48
       48
       +
           in

     

       49
       49
       +
           lib.mkIf cfg.enable {

     

       50
       50
       +
             console = {

     

       51
       51
       +
               font = "Lat2-Terminus16";

     

       52
       52
       +
               keyMap = "uk";

     

       53
       53
       +
             };

     

       54
       54
       +
             i18n.defaultLocale = "en_GB.UTF-8";

     

       44
       55
        
       

     

       45
       45
       -
           networking.domain = lib.mkDefault "freumh.org";

     

       56
       56
       +
             networking.domain = lib.mkDefault "freumh.org";

     

       46
       57
        
       

     

       47
       47
       -
           eilean.username = cfg.username;

     

       58
       58
       +
             eilean.username = cfg.username;

     

       48
       59
        
       

     

       49
       49
       -
           nix = {

     

       50
       50
       -
             settings = lib.mkMerge [{

     

       51
       51
       -
               experimental-features = [ "nix-command" "flakes" ];

     

       52
       52
       -
               auto-optimise-store = true;

     

       53
       53
       -
               trusted-users = [ cfg.username ];

     

       54
       54
       -
             }];

     

       55
       55
       -
             gc = {

     

       56
       56
       -
               automatic = true;

     

       57
       57
       -
               dates = "weekly";

     

       58
       58
       -
               options = "--delete-older-than 30d";

     

       60
       60
       +
             nix = {

     

       61
       61
       +
               settings = lib.mkMerge [

     

       62
       62
       +
                 {

     

       63
       63
       +
                   experimental-features = [

     

       64
       64
       +
                     "nix-command"

     

       65
       65
       +
                     "flakes"

     

       66
       66
       +
                   ];

     

       67
       67
       +
                   auto-optimise-store = true;

     

       68
       68
       +
                   trusted-users = [ cfg.username ];

     

       69
       69
       +
                 }

     

       70
       70
       +
               ];

     

       71
       71
       +
               gc = {

     

       72
       72
       +
                 automatic = true;

     

       73
       73
       +
                 dates = "weekly";

     

       74
       74
       +
                 options = "--delete-older-than 30d";

     

       75
       75
       +
               };

     

       76
       76
       +
               # https://discourse.nixos.org/t/do-flakes-also-set-the-system-channel/19798/16

     

       77
       77
       +
               nixPath = [ "nixpkgs=${nixPath}" ];

     

       59
       78
        
             };

     

       60
       60
       -
             # https://discourse.nixos.org/t/do-flakes-also-set-the-system-channel/19798/16

     

       61
       61
       -
             nixPath = [ "nixpkgs=${nixPath}" ];

     

       62
       62
       -
           };

     

       63
       63
       -
           systemd.tmpfiles.rules = [ "L+ ${nixPath} - - - - ${pkgs.path}" ];

     

       79
       79
       +
             systemd.tmpfiles.rules = [ "L+ ${nixPath} - - - - ${pkgs.path}" ];

     

       64
       80
        
       

     

       65
       65
       -
           users = let

     

       66
       66
       -
             hashedPassword =

     

       67
       67
       -
               "$6$IPvnJnu6/fp1Jxfy$U6EnzYDOC2NqE4iqRrkJJbSTHHNWk0KwK1xyk9jEvlu584UWQLyzDVF5I1Sh47wQhSVrvUI4mrqw6XTTjfPj6.";

     

       68
       68
       -
           in {

     

       69
       69
       -
             mutableUsers = false;

     

       70
       70
       -
             groups.plugdev = { };

     

       71
       71
       -
             users.${cfg.username} = {

     

       72
       72
       -
               isNormalUser = true;

     

       73
       73
       -
               extraGroups = [

     

       74
       74
       -
                 "wheel" # enable sudo

     

       75
       75
       -
                 "networkmanager"

     

       76
       76
       -
                 "video"

     

       77
       77
       -
                 "plugdev"

     

       78
       78
       -
               ];

     

       79
       79
       -
               shell = pkgs.zsh;

     

       80
       80
       -
               # we let home manager manager zsh

     

       81
       81
       -
               ignoreShellProgramCheck = true;

     

       82
       82
       -
               hashedPassword = hashedPassword;

     

       83
       83
       -
             };

     

       84
       84
       -
             users.root.hashedPassword = hashedPassword;

     

       85
       85
       -
           };

     

       81
       81
       +
             users =

     

       82
       82
       +
               let

     

       83
       83
       +
                 hashedPassword = "$6$IPvnJnu6/fp1Jxfy$U6EnzYDOC2NqE4iqRrkJJbSTHHNWk0KwK1xyk9jEvlu584UWQLyzDVF5I1Sh47wQhSVrvUI4mrqw6XTTjfPj6.";

     

       84
       84
       +
               in

     

       85
       85
       +
               {

     

       86
       86
       +
                 mutableUsers = false;

     

       87
       87
       +
                 groups.plugdev = { };

     

       88
       88
       +
                 users.${cfg.username} = {

     

       89
       89
       +
                   isNormalUser = true;

     

       90
       90
       +
                   extraGroups = [

     

       91
       91
       +
                     "wheel" # enable sudo

     

       92
       92
       +
                     "networkmanager"

     

       93
       93
       +
                     "video"

     

       94
       94
       +
                     "plugdev"

     

       95
       95
       +
                   ];

     

       96
       96
       +
                   shell = pkgs.zsh;

     

       97
       97
       +
                   # we let home manager manager zsh

     

       98
       98
       +
                   ignoreShellProgramCheck = true;

     

       99
       99
       +
                   hashedPassword = hashedPassword;

     

       100
       100
       +
                 };

     

       101
       101
       +
                 users.root.hashedPassword = hashedPassword;

     

       102
       102
       +
               };

     

       86
       103
        
       

     

       87
       87
       -
           environment.systemPackages = with pkgs; [

     

       88
       88
       -
             nix

     

       89
       89
       -
             git

     

       90
       90
       -
             agenix.packages.${system}.default

     

       91
       91
       -
           ];

     

       104
       104
       +
             environment.systemPackages = with pkgs; [

     

       105
       105
       +
               nix

     

       106
       106
       +
               git

     

       107
       107
       +
               agenix.packages.${system}.default

     

       108
       108
       +
             ];

     

       92
       109
        
       

     

       93
       93
       -
           networking = rec {

     

       94
       94
       -
             # nameservers = [ "freumh.org" ];

     

       95
       95
       -
             nameservers = [ "1.1.1.1" ];

     

       96
       96
       -
             # uncomment to stop using DHCP nameservers

     

       97
       97
       -
             #networkmanager.dns = "none";

     

       110
       110
       +
             networking = rec {

     

       111
       111
       +
               # nameservers = [ "freumh.org" ];

     

       112
       112
       +
               nameservers = [ "1.1.1.1" ];

     

       113
       113
       +
               # uncomment to stop using DHCP nameservers

     

       114
       114
       +
               #networkmanager.dns = "none";

     

       115
       115
       +
             };

     

       98
       116
        
           };

     

       99
       99
       -
         };

     

       100
       117
        
       }

+10 -3

modules/dict.nix

···

       1
       1
       -
       { pkgs, config, lib, ... }:

     

       1
       1
       +
       {

     

       2
       2
       +
         pkgs,

     

       3
       3
       +
         config,

     

       4
       4
       +
         lib,

     

       5
       5
       +
         ...

     

       6
       6
       +
       }:

     

       2
       7
        
       

     

       3
       3
       -
       let cfg = config.custom;

     

       4
       4
       -
       in {

     

       8
       8
       +
       let

     

       9
       9
       +
         cfg = config.custom;

     

       10
       10
       +
       in

     

       11
       11
       +
       {

     

       5
       12
        
         options.custom.dict = lib.mkOption {

     

       6
       13
        
           type = lib.types.bool;

     

       7
       14
        
           default = true;

+73 -62

modules/external-hdd-backup.nix

···

       1
       1
       -
       { pkgs, config, lib, ... }:

     

       1
       1
       +
       {

     

       2
       2
       +
         pkgs,

     

       3
       3
       +
         config,

     

       4
       4
       +
         lib,

     

       5
       5
       +
         ...

     

       6
       6
       +
       }:

     

       2
       7
        
       

     

       3
       3
       -
       let cfg = config.custom;

     

       4
       4
       -
       in {

     

       8
       8
       +
       let

     

       9
       9
       +
         cfg = config.custom;

     

       10
       10
       +
       in

     

       11
       11
       +
       {

     

       5
       12
        
         options.custom.external-hdd-backup = {

     

       6
       13
        
           enable = lib.mkEnableOption "laptop";

     

       7
       14
        
           disk = lib.mkOption {

     
···

       26
       33
        
             #   Error mounting /dev/sda1: GDBus.Error:org.freedesktop.UDisks2.Error.NotAuthorizedCanObtain: Not authorized to perform operation

     

       27
       34
        
             # And in order to communicate with GUI prompts, e.g. yad, we need to run as user

     

       28
       35
        
             # udisks is still use for on-demand mountin, but we'll use the autofs for mounting the backup disk

     

       29
       29
       -
             script = let

     

       30
       30
       -
               backup = pkgs.writeShellScript "backup.sh" ''

     

       31
       31
       -
                 # TODO make nixos module with options

     

       32
       32
       -
                 DISK="${cfg.backup.disk}"

     

       33
       33
       -
                 LAST_RUN_FILE="$HOME/.cache/last_backup"

     

       36
       36
       +
             script =

     

       37
       37
       +
               let

     

       38
       38
       +
                 backup = pkgs.writeShellScript "backup.sh" ''

     

       39
       39
       +
                   # TODO make nixos module with options

     

       40
       40
       +
                   DISK="${cfg.backup.disk}"

     

       41
       41
       +
                   LAST_RUN_FILE="$HOME/.cache/last_backup"

     

       42
       42
       +
       

     

       43
       43
       +
                   if [ -f "$LAST_RUN_FILE" ] && [ "$(( $(date +%s) - $(date +%s -r "$LAST_RUN_FILE") ))" -lt 86400 ]; then

     

       44
       44
       +
                       echo "<24hrs"

     

       45
       45
       +
                       exit 0

     

       46
       46
       +
                   fi

     

       34
       47
        
       

     

       35
       35
       -
                 if [ -f "$LAST_RUN_FILE" ] && [ "$(( $(date +%s) - $(date +%s -r "$LAST_RUN_FILE") ))" -lt 86400 ]; then

     

       36
       36
       -
                     echo "<24hrs"

     

       48
       48
       +
                   # if no external-hdd

     

       49
       49
       +
                   if [ ! -e $DISK ]; then

     

       50
       50
       +
                     echo "no $DISK"

     

       37
       51
        
                     exit 0

     

       38
       38
       -
                 fi

     

       52
       52
       +
                   fi

     

       39
       53
        
       

     

       40
       40
       -
                 # if no external-hdd

     

       41
       41
       -
                 if [ ! -e $DISK ]; then

     

       42
       42
       -
                   echo "no $DISK"

     

       43
       43
       -
                   exit 0

     

       44
       44
       -
                 fi

     

       54
       54
       +
                   export DISPLAY=:0

     

       55
       55
       +
                   ${pkgs.xorg.xhost}/bin/xhost +local:${config.custom.username}

     

       56
       56
       +
                   export GTK_R2_FILES=$HOME/.gtkrc-2.0

     

       57
       57
       +
                   timeout 60 ${pkgs.yad}/bin/yad --question --title "backup" --text "Backup now? Will autostart in 60s."

     

       58
       58
       +
                   prompt_status=$?

     

       59
       59
       +
                   ${pkgs.xorg.xhost}/bin/xhost -local:${config.custom.username}

     

       60
       60
       +
                   # if not success or timeout

     

       61
       61
       +
                   if [ ! $prompt_status -eq 0 -a ! $prompt_status -eq 124 ]; then

     

       62
       62
       +
                     echo "backup cancelled"

     

       63
       63
       +
                     ${pkgs.libnotify}/bin/notify-send "backup cancelled"

     

       64
       64
       +
                     exit 0

     

       65
       65
       +
                   fi

     

       45
       66
        
       

     

       46
       46
       -
                 export DISPLAY=:0

     

       47
       47
       -
                 ${pkgs.xorg.xhost}/bin/xhost +local:${config.custom.username}

     

       48
       48
       -
                 export GTK_R2_FILES=$HOME/.gtkrc-2.0

     

       49
       49
       -
                 timeout 60 ${pkgs.yad}/bin/yad --question --title "backup" --text "Backup now? Will autostart in 60s."

     

       50
       50
       -
                 prompt_status=$?

     

       51
       51
       -
                 ${pkgs.xorg.xhost}/bin/xhost -local:${config.custom.username}

     

       52
       52
       -
                 # if not success or timeout

     

       53
       53
       -
                 if [ ! $prompt_status -eq 0 -a ! $prompt_status -eq 124 ]; then

     

       54
       54
       -
                   echo "backup cancelled"

     

       55
       55
       -
                   ${pkgs.libnotify}/bin/notify-send "backup cancelled"

     

       56
       56
       -
                   exit 0

     

       57
       57
       -
                 fi

     

       58
       58
       -
       

     

       59
       59
       -
                 DIR="${cfg.backup.mountdir}/${cfg.backup.mountname}"

     

       60
       60
       -
                 cd "$DIR"

     

       61
       61
       -
                 TEST_DIR=`${pkgs.util-linux}/bin/findmnt -nr -o target -S $DISK`

     

       62
       62
       -
                 status=$?

     

       63
       63
       -
                 if [ ! $status -eq 0 ]; then

     

       64
       64
       -
                   echo "backup failed to find mount"

     

       65
       65
       -
                   ${pkgs.libnotify}/bin/notify-send "backup failed to find mount"

     

       67
       67
       +
                   DIR="${cfg.backup.mountdir}/${cfg.backup.mountname}"

     

       68
       68
       +
                   cd "$DIR"

     

       69
       69
       +
                   TEST_DIR=`${pkgs.util-linux}/bin/findmnt -nr -o target -S $DISK`

     

       70
       70
       +
                   status=$?

     

       71
       71
       +
                   if [ ! $status -eq 0 ]; then

     

       72
       72
       +
                     echo "backup failed to find mount"

     

       73
       73
       +
                     ${pkgs.libnotify}/bin/notify-send "backup failed to find mount"

     

       74
       74
       +
                     exit $status

     

       75
       75
       +
                   fi 

     

       76
       76
       +
                   if [ "$DIR" != "$TEST_DIR" ]; then

     

       77
       77
       +
                     echo "backup disk mounted at unexpected path: $TEST_DIR"

     

       78
       78
       +
                     ${pkgs.libnotify}/bin/notify-send "backup disk mounted at unexpected path: $TEST_DIR"

     

       79
       79
       +
                     exit 1

     

       80
       80
       +
                   fi 

     

       81
       81
       +
                   ${pkgs.libnotify}/bin/notify-send "backup starting"

     

       82
       82
       +
                   ${pkgs.rsync}/bin/rsync -va --exclude={".cache",".local/share/Steam/"} ~/ $DIR/home/ −−delete−after

     

       83
       83
       +
                   status=$?

     

       84
       84
       +
                   if [ $status -eq 0 ]; then

     

       85
       85
       +
                     touch "$LAST_RUN_FILE"

     

       86
       86
       +
                     echo "backup finished"

     

       87
       87
       +
                     ${pkgs.libnotify}/bin/notify-send "backup finished"

     

       88
       88
       +
                   else

     

       89
       89
       +
                     echo "backup failed"

     

       90
       90
       +
                     ${pkgs.libnotify}/bin/notify-send "backup failed"

     

       91
       91
       +
                   fi

     

       66
       92
        
                   exit $status

     

       67
       67
       -
                 fi 

     

       68
       68
       -
                 if [ "$DIR" != "$TEST_DIR" ]; then

     

       69
       69
       -
                   echo "backup disk mounted at unexpected path: $TEST_DIR"

     

       70
       70
       -
                   ${pkgs.libnotify}/bin/notify-send "backup disk mounted at unexpected path: $TEST_DIR"

     

       71
       71
       -
                   exit 1

     

       72
       72
       -
                 fi 

     

       73
       73
       -
                 ${pkgs.libnotify}/bin/notify-send "backup starting"

     

       74
       74
       -
                 ${pkgs.rsync}/bin/rsync -va --exclude={".cache",".local/share/Steam/"} ~/ $DIR/home/ −−delete−after

     

       75
       75
       -
                 status=$?

     

       76
       76
       -
                 if [ $status -eq 0 ]; then

     

       77
       77
       -
                   touch "$LAST_RUN_FILE"

     

       78
       78
       -
                   echo "backup finished"

     

       79
       79
       -
                   ${pkgs.libnotify}/bin/notify-send "backup finished"

     

       80
       80
       -
                 else

     

       81
       81
       -
                   echo "backup failed"

     

       82
       82
       -
                   ${pkgs.libnotify}/bin/notify-send "backup failed"

     

       83
       83
       -
                 fi

     

       84
       84
       -
                 exit $status

     

       85
       85
       -
               '';

     

       86
       86
       -
             in "${backup}";

     

       93
       93
       +
                 '';

     

       94
       94
       +
               in

     

       95
       95
       +
               "${backup}";

     

       87
       96
        
             serviceConfig = {

     

       88
       97
        
               Type = "oneshot";

     

       89
       98
        
               User = config.custom.username;

     
···

       107
       116
        
             '';

     

       108
       117
        
           services.autofs = {

     

       109
       118
        
             enable = true;

     

       110
       110
       -
             autoMaster = let

     

       111
       111
       -
               map = pkgs.writeText "auto.media" ''

     

       112
       112
       -
                 ${cfg.backup.mountname} -fstype=auto :${cfg.backup.disk}

     

       119
       119
       +
             autoMaster =

     

       120
       120
       +
               let

     

       121
       121
       +
                 map = pkgs.writeText "auto.media" ''

     

       122
       122
       +
                   ${cfg.backup.mountname} -fstype=auto :${cfg.backup.disk}

     

       123
       123
       +
                 '';

     

       124
       124
       +
               in

     

       125
       125
       +
               ''

     

       126
       126
       +
                 ${cfg.backup.mountdir} file,sun:${map} -t 60

     

       113
       127
        
               '';

     

       114
       114
       -
             in ''

     

       115
       115
       -
               ${cfg.backup.mountdir} file,sun:${map} -t 60

     

       116
       116
       -
             '';

     

       117
       128
        
           };

     

       118
       129
        
         };

     

       119
       130
        
       }

+17 -9

modules/fn06-website.nix

···

       1
       1
       -
       { pkgs, config, lib, fn06-website, ... }:

     

       1
       1
       +
       {

     

       2
       2
       +
         pkgs,

     

       3
       3
       +
         config,

     

       4
       4
       +
         lib,

     

       5
       5
       +
         fn06-website,

     

       6
       6
       +
         ...

     

       7
       7
       +
       }:

     

       2
       8
        
       

     

       3
       9
        
       with lib;

     

       4
       10
        
       

     

       5
       5
       -
       let cfg = config.custom.website.fn06;

     

       6
       6
       -
       in {

     

       11
       11
       +
       let

     

       12
       12
       +
         cfg = config.custom.website.fn06;

     

       13
       13
       +
       in

     

       14
       14
       +
       {

     

       7
       15
        
         options = {

     

       8
       16
        
           custom.website.fn06 = {

     

       9
       17
        
             enable = mkEnableOption "fn06's website";

     
···

       24
       32
        
       

     

       25
       33
        
         config = mkIf cfg.enable {

     

       26
       34
        
           security.acme-eon.nginxCerts = [ cfg.domain ];

     

       27
       27
       -
           security.acme-eon.certs.${cfg.domain}.extraDomainNames =

     

       28
       28
       -
             [ "www.${cfg.domain}" ];

     

       35
       35
       +
           security.acme-eon.certs.${cfg.domain}.extraDomainNames = [ "www.${cfg.domain}" ];

     

       29
       36
        
       

     

       30
       37
        
           services.nginx = {

     

       31
       38
        
             enable = true;

     

       32
       39
        
             virtualHosts = {

     

       33
       40
        
               "${cfg.domain}" = {

     

       34
       41
        
                 forceSSL = true;

     

       35
       35
       -
                 root =

     

       36
       36
       -
                   "${fn06-website.packages.${pkgs.stdenv.hostPlatform.system}.default}";

     

       42
       42
       +
                 root = "${fn06-website.packages.${pkgs.stdenv.hostPlatform.system}.default}";

     

       37
       43
        
                 locations."/var/".extraConfig = ''

     

       38
       44
        
                   alias /var/${cfg.domain}/;

     

       39
       45
        
                 '';

     
···

       45
       51
        
                 '';

     

       46
       52
        
               };

     

       47
       53
        
               "www.${cfg.domain}" =

     

       48
       48
       -
                 let certDir = config.security.acme-eon.certs.${cfg.domain}.directory;

     

       49
       49
       -
                 in {

     

       54
       54
       +
                 let

     

       55
       55
       +
                   certDir = config.security.acme-eon.certs.${cfg.domain}.directory;

     

       56
       56
       +
                 in

     

       57
       57
       +
                 {

     

       50
       58
        
                   forceSSL = true;

     

       51
       59
        
                   sslCertificate = "${certDir}/fullchain.pem";

     

       52
       60
        
                   sslCertificateKey = "${certDir}/key.pem";

+30 -21

modules/freumh.nix

···

       1
       1
       -
       { pkgs, config, lib, ... }:

     

       1
       1
       +
       {

     

       2
       2
       +
         pkgs,

     

       3
       3
       +
         config,

     

       4
       4
       +
         lib,

     

       5
       5
       +
         ...

     

       6
       6
       +
       }:

     

       2
       7
        
       

     

       3
       3
       -
       let cfg = config.custom;

     

       4
       4
       -
       in {

     

       8
       8
       +
       let

     

       9
       9
       +
         cfg = config.custom;

     

       10
       10
       +
       in

     

       11
       11
       +
       {

     

       5
       12
        
         options.custom.freumh.enable = lib.mkEnableOption "freumh";

     

       6
       13
        
       

     

       7
       14
        
         config = lib.mkIf cfg.freumh.enable {

     
···

       38
       45
        
             enable = true;

     

       39
       46
        
             virtualHosts."${config.networking.domain}" = {

     

       40
       47
        
               forceSSL = true;

     

       41
       41
       -
               locations."/root" = let

     

       42
       42
       -
                 random-root = pkgs.writeScript "random-root.php" ''

     

       43
       43
       -
                   <?php

     

       44
       44
       -
                   $dir = '/var/roots/';

     

       45
       45
       -
                   $files = glob($dir . '/*.*');

     

       46
       46
       -
                   $file = $files[array_rand($files)];

     

       47
       47
       -
                   header('Content-Type: ' . mime_content_type($file));

     

       48
       48
       -
                   header('X-Id: ' . pathinfo($file, PATHINFO_FILENAME));

     

       49
       49
       -
                   readfile($file);

     

       50
       50
       -
                   ?>

     

       51
       51
       -
                 '';

     

       52
       52
       -
               in {

     

       53
       53
       -
                 extraConfig = ''

     

       54
       54
       -
                   fastcgi_pass unix:${config.services.phpfpm.pools.freumh.socket};

     

       55
       55
       -
                   include ${pkgs.nginx}/conf/fastcgi_params;

     

       56
       56
       -
                   fastcgi_param SCRIPT_FILENAME ${random-root};

     

       57
       57
       -
                 '';

     

       58
       58
       -
               };

     

       48
       48
       +
               locations."/root" =

     

       49
       49
       +
                 let

     

       50
       50
       +
                   random-root = pkgs.writeScript "random-root.php" ''

     

       51
       51
       +
                     <?php

     

       52
       52
       +
                     $dir = '/var/roots/';

     

       53
       53
       +
                     $files = glob($dir . '/*.*');

     

       54
       54
       +
                     $file = $files[array_rand($files)];

     

       55
       55
       +
                     header('Content-Type: ' . mime_content_type($file));

     

       56
       56
       +
                     header('X-Id: ' . pathinfo($file, PATHINFO_FILENAME));

     

       57
       57
       +
                     readfile($file);

     

       58
       58
       +
                     ?>

     

       59
       59
       +
                   '';

     

       60
       60
       +
                 in

     

       61
       61
       +
                 {

     

       62
       62
       +
                   extraConfig = ''

     

       63
       63
       +
                     fastcgi_pass unix:${config.services.phpfpm.pools.freumh.socket};

     

       64
       64
       +
                     include ${pkgs.nginx}/conf/fastcgi_params;

     

       65
       65
       +
                     fastcgi_param SCRIPT_FILENAME ${random-root};

     

       66
       66
       +
                   '';

     

       67
       67
       +
                 };

     

       59
       68
        
               locations."/index.html".root = pkgs.writeTextFile {

     

       60
       69
        
                 name = "freumh";

     

       61
       70
        
                 text = ''

+26 -10

modules/gui/default.nix

···

       1
       1
       -
       { pkgs, config, lib, i3-workspace-history, ... }:

     

       1
       1
       +
       {

     

       2
       2
       +
         pkgs,

     

       3
       3
       +
         config,

     

       4
       4
       +
         lib,

     

       5
       5
       +
         i3-workspace-history,

     

       6
       6
       +
         ...

     

       7
       7
       +
       }:

     

       2
       8
        
       

     

       3
       3
       -
       let cfg = config.custom.gui;

     

       4
       4
       -
       in {

     

       9
       9
       +
       let

     

       10
       10
       +
         cfg = config.custom.gui;

     

       11
       11
       +
       in

     

       12
       12
       +
       {

     

       5
       13
        
         options.custom.gui.enable = lib.mkOption {

     

       6
       14
        
           type = lib.types.bool;

     

       7
       15
        
           default = cfg.i3 || cfg.sway || cfg.kde;

     

       8
       16
        
         };

     

       9
       17
        
       

     

       10
       18
        
         config = lib.mkIf cfg.enable {

     

       11
       11
       -
           home-manager.users.${config.custom.username} = { config, ... }: {

     

       12
       12
       -
             config.custom.gui.enable = true;

     

       13
       13
       -
           };

     

       19
       19
       +
           home-manager.users.${config.custom.username} =

     

       20
       20
       +
             { config, ... }:

     

       21
       21
       +
             {

     

       22
       22
       +
               config.custom.gui.enable = true;

     

       23
       23
       +
             };

     

       14
       24
        
       

     

       15
       25
        
           networking.networkmanager.enable = true;

     

       16
       26
        
       

     
···

       55
       65
        
           hardware.bluetooth.enable = true;

     

       56
       66
        
           services.blueman.enable = true;

     

       57
       67
        
       

     

       58
       58
       -
           environment.systemPackages = with pkgs;

     

       68
       68
       +
           environment.systemPackages =

     

       69
       69
       +
             with pkgs;

     

       59
       70
        
             let

     

       60
       71
        
               desktopEntries = [

     

       61
       72
        
                 (pkgs.makeDesktopItem {

     
···

       65
       76
        
                   icon = "feh";

     

       66
       77
        
                 })

     

       67
       78
        
               ];

     

       68
       68
       -
             in [

     

       79
       79
       +
             in

     

       80
       80
       +
             [

     

       69
       81
        
               jq

     

       70
       82
        
               playerctl

     

       71
       83
        
               brightnessctl

     
···

       74
       86
        
               networkmanagerapplet

     

       75
       87
        
               pavucontrol

     

       76
       88
        
               (xfce.thunar.override {

     

       77
       77
       -
                 thunarPlugins = with xfce; [ thunar-archive-plugin xfconf ];

     

       89
       89
       +
                 thunarPlugins = with xfce; [

     

       90
       90
       +
                   thunar-archive-plugin

     

       91
       91
       +
                   xfconf

     

       92
       92
       +
                 ];

     

       78
       93
        
               })

     

       79
       94
        
               # https://discourse.nixos.org/t/sway-wm-configuration-polkit-login-manager/3857/6

     

       80
       95
        
               polkit_gnome

     
···

       85
       100
        
               pulseaudio

     

       86
       101
        
               tridactyl-native

     

       87
       102
        
               vlc

     

       88
       88
       -
             ] ++ desktopEntries;

     

       103
       103
       +
             ]

     

       104
       104
       +
             ++ desktopEntries;

     

       89
       105
        
       

     

       90
       106
        
           fonts.packages = with pkgs; [

     

       91
       107
        
             noto-fonts

+15 -6

modules/gui/i3.nix

···

       1
       1
       -
       { pkgs, config, lib, ... }:

     

       1
       1
       +
       {

     

       2
       2
       +
         pkgs,

     

       3
       3
       +
         config,

     

       4
       4
       +
         lib,

     

       5
       5
       +
         ...

     

       6
       6
       +
       }:

     

       2
       7
        
       

     

       3
       3
       -
       let cfg = config.custom.gui;

     

       4
       4
       -
       in {

     

       8
       8
       +
       let

     

       9
       9
       +
         cfg = config.custom.gui;

     

       10
       10
       +
       in

     

       11
       11
       +
       {

     

       5
       12
        
         options.custom.gui.i3 = lib.mkEnableOption "i3";

     

       6
       13
        
       

     

       7
       14
        
         config = lib.mkIf cfg.i3 {

     

       8
       8
       -
           home-manager.users.${config.custom.username} = { config, ... }: {

     

       9
       9
       -
             config.custom.gui.i3.enable = true;

     

       10
       10
       -
           };

     

       15
       15
       +
           home-manager.users.${config.custom.username} =

     

       16
       16
       +
             { config, ... }:

     

       17
       17
       +
             {

     

       18
       18
       +
               config.custom.gui.i3.enable = true;

     

       19
       19
       +
             };

     

       11
       20
        
       

     

       12
       21
        
           #services.displayManager.lightdm.enable = true;

     

       13
       22
        
           services.displayManager.defaultSession = "none+i3";

+4 -2

modules/gui/kde.nix

···

       1
       1
        
       { config, lib, ... }:

     

       2
       2
        
       

     

       3
       3
       -
       let cfg = config.custom.gui;

     

       4
       4
       -
       in {

     

       3
       3
       +
       let

     

       4
       4
       +
         cfg = config.custom.gui;

     

       5
       5
       +
       in

     

       6
       6
       +
       {

     

       5
       7
        
         options.custom.gui.kde = lib.mkEnableOption "kde";

     

       6
       8
        
       

     

       7
       9
        
         config = lib.mkIf cfg.kde {

+15 -6

modules/gui/sway.nix

···

       1
       1
       -
       { pkgs, config, lib, ... }:

     

       1
       1
       +
       {

     

       2
       2
       +
         pkgs,

     

       3
       3
       +
         config,

     

       4
       4
       +
         lib,

     

       5
       5
       +
         ...

     

       6
       6
       +
       }:

     

       2
       7
        
       

     

       3
       3
       -
       let cfg = config.custom.gui;

     

       4
       4
       -
       in {

     

       8
       8
       +
       let

     

       9
       9
       +
         cfg = config.custom.gui;

     

       10
       10
       +
       in

     

       11
       11
       +
       {

     

       5
       12
        
         options.custom.gui.sway = lib.mkEnableOption "sway";

     

       6
       13
        
       

     

       7
       14
        
         config = lib.mkIf cfg.sway {

     

       8
       8
       -
           home-manager.users.${config.custom.username} = { config, ... }: {

     

       9
       9
       -
             config.custom.gui.sway.enable = true;

     

       10
       10
       -
           };

     

       15
       15
       +
           home-manager.users.${config.custom.username} =

     

       16
       16
       +
             { config, ... }:

     

       17
       17
       +
             {

     

       18
       18
       +
               config.custom.gui.sway.enable = true;

     

       19
       19
       +
             };

     

       11
       20
        
       

     

       12
       21
        
           programs.sway = {

     

       13
       22
        
             enable = true;

+4 -2

modules/home-manager.nix

···

       1
       1
        
       { config, lib, ... }@inputs:

     

       2
       2
        
       

     

       3
       3
       -
       let cfg = config.custom.homeManager;

     

       4
       4
       -
       in {

     

       3
       3
       +
       let

     

       4
       4
       +
         cfg = config.custom.homeManager;

     

       5
       5
       +
       in

     

       6
       6
       +
       {

     

       5
       7
        
         options.custom.homeManager.enable = lib.mkEnableOption "homeManager";

     

       6
       8
        
       

     

       7
       9
        
         config = lib.mkIf cfg.enable {

+10 -3

modules/laptop.nix

···

       1
       1
       -
       { pkgs, config, lib, ... }:

     

       1
       1
       +
       {

     

       2
       2
       +
         pkgs,

     

       3
       3
       +
         config,

     

       4
       4
       +
         lib,

     

       5
       5
       +
         ...

     

       6
       6
       +
       }:

     

       2
       7
        
       

     

       3
       3
       -
       let cfg = config.custom;

     

       4
       4
       -
       in {

     

       8
       8
       +
       let

     

       9
       9
       +
         cfg = config.custom;

     

       10
       10
       +
       in

     

       11
       11
       +
       {

     

       5
       12
        
         options.custom.laptop = lib.mkEnableOption "laptop";

     

       6
       13
        
       

     

       7
       14
        
         config = lib.mkIf cfg.laptop {

+11 -6

modules/nix-cache.nix

···

       1
       1
       -
       { config, pkgs, lib, ... }:

     

       1
       1
       +
       {

     

       2
       2
       +
         config,

     

       3
       3
       +
         pkgs,

     

       4
       4
       +
         lib,

     

       5
       5
       +
         ...

     

       6
       6
       +
       }:

     

       2
       7
        
       

     

       3
       3
       -
       let cfg = config.custom;

     

       4
       4
       -
       in {

     

       8
       8
       +
       let

     

       9
       9
       +
         cfg = config.custom;

     

       10
       10
       +
       in

     

       11
       11
       +
       {

     

       5
       12
        
         options.custom.nix-cache = {

     

       6
       13
        
           enable = lib.mkEnableOption "nix-cache";

     

       7
       14
        
           domain = lib.mkOption {

     
···

       27
       34
        
             virtualHosts.${cfg.nix-cache.domain} = {

     

       28
       35
        
               forceSSL = true;

     

       29
       36
        
               locations."/".extraConfig = ''

     

       30
       30
       -
                 proxy_pass http://localhost:${

     

       31
       31
       -
                   toString config.services.nix-serve.port

     

       32
       32
       -
                 };

     

       37
       37
       +
                 proxy_pass http://localhost:${toString config.services.nix-serve.port};

     

       33
       38
        
                 proxy_set_header Host $host;

     

       34
       39
        
                 proxy_set_header X-Real-IP $remote_addr;

     

       35
       40
        
                 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

+17 -8

modules/nix-index.nix

···

       1
       1
       -
       { pkgs, config, lib, ... }:

     

       1
       1
       +
       {

     

       2
       2
       +
         pkgs,

     

       3
       3
       +
         config,

     

       4
       4
       +
         lib,

     

       5
       5
       +
         ...

     

       6
       6
       +
       }:

     

       2
       7
        
       

     

       3
       3
       -
       let cfg = config.custom;

     

       4
       4
       -
       in {

     

       8
       8
       +
       let

     

       9
       9
       +
         cfg = config.custom;

     

       10
       10
       +
       in

     

       11
       11
       +
       {

     

       5
       12
        
         config = lib.mkIf cfg.enable {

     

       6
       13
        
           environment.systemPackages = [ pkgs.nix-index ];

     

       7
       14
        
           programs.command-not-found.enable = false;

     

       8
       8
       -
           home-manager.users.${config.custom.username} = { ... }: {

     

       9
       9
       -
             programs.zsh.initExtra = ''

     

       10
       10
       -
               source ${pkgs.nix-index}/etc/profile.d/command-not-found.sh

     

       11
       11
       -
             '';

     

       12
       12
       -
           };

     

       15
       15
       +
           home-manager.users.${config.custom.username} =

     

       16
       16
       +
             { ... }:

     

       17
       17
       +
             {

     

       18
       18
       +
               programs.zsh.initExtra = ''

     

       19
       19
       +
                 source ${pkgs.nix-index}/etc/profile.d/command-not-found.sh

     

       20
       20
       +
               '';

     

       21
       21
       +
             };

     

       13
       22
        
         };

     

       14
       23
        
       }

+14 -4

modules/ocaml.nix

···

       1
       1
       -
       { pkgs, config, lib, ... }:

     

       1
       1
       +
       {

     

       2
       2
       +
         pkgs,

     

       3
       3
       +
         config,

     

       4
       4
       +
         lib,

     

       5
       5
       +
         ...

     

       6
       6
       +
       }:

     

       2
       7
        
       

     

       3
       3
       -
       let cfg = config.custom;

     

       4
       4
       -
       in {

     

       8
       8
       +
       let

     

       9
       9
       +
         cfg = config.custom;

     

       10
       10
       +
       in

     

       11
       11
       +
       {

     

       5
       12
        
         options.custom.ocaml = lib.mkEnableOption "ocaml";

     

       6
       13
        
       

     

       7
       14
        
         config = lib.mkIf cfg.ocaml {

     

       8
       8
       -
           environment.systemPackages = with pkgs; [ opam pkg-config ];

     

       15
       15
       +
           environment.systemPackages = with pkgs; [

     

       16
       16
       +
             opam

     

       17
       17
       +
             pkg-config

     

       18
       18
       +
           ];

     

       9
       19
        
         };

     

       10
       20
        
       }

+4 -2

modules/printing.nix

···

       1
       1
        
       { config, lib, ... }:

     

       2
       2
        
       

     

       3
       3
       -
       let cfg = config.custom;

     

       4
       4
       -
       in {

     

       3
       3
       +
       let

     

       4
       4
       +
         cfg = config.custom;

     

       5
       5
       +
       in

     

       6
       6
       +
       {

     

       5
       7
        
         options.custom.printing = lib.mkEnableOption "printing";

     

       6
       8
        
       

     

       7
       9
        
         config = lib.mkIf cfg.printing {

+16 -9

modules/rmfakecloud.nix

···

       1
       1
       -
       { pkgs, config, lib, ... }:

     

       1
       1
       +
       {

     

       2
       2
       +
         pkgs,

     

       3
       3
       +
         config,

     

       4
       4
       +
         lib,

     

       5
       5
       +
         ...

     

       6
       6
       +
       }:

     

       2
       7
        
       

     

       3
       8
        
       with lib;

     

       4
       9
        
       

     

       5
       10
        
       let

     

       6
       11
        
         cfg = config.custom.rmfakecloud;

     

       7
       12
        
         domain = config.networking.domain;

     

       8
       8
       -
       in {

     

       13
       13
       +
       in

     

       14
       14
       +
       {

     

       9
       15
        
         options.custom.rmfakecloud = {

     

       10
       16
        
           enable = mkEnableOption "rmfakecloud";

     

       11
       17
        
           port = mkOption {

     
···

       32
       38
        
             };

     

       33
       39
        
           };

     

       34
       40
        
       

     

       35
       35
       -
           mailserver.loginAccounts."misc@${domain}".aliases =

     

       36
       36
       -
             [ "remarkable@${domain}" ];

     

       41
       41
       +
           mailserver.loginAccounts."misc@${domain}".aliases = [ "remarkable@${domain}" ];

     

       37
       42
        
       

     

       38
       43
        
           security.acme-eon.nginxCerts = [ cfg.domain ];

     

       39
       44
        
           services.nginx = {

     
···

       50
       55
        
             };

     

       51
       56
        
           };

     

       52
       57
        
       

     

       53
       53
       -
           eilean.services.dns.zones.${config.networking.domain}.records = [{

     

       54
       54
       -
             name = "rmfakecloud";

     

       55
       55
       -
             type = "CNAME";

     

       56
       56
       -
             value = "vps";

     

       57
       57
       -
           }];

     

       58
       58
       +
           eilean.services.dns.zones.${config.networking.domain}.records = [

     

       59
       59
       +
             {

     

       60
       60
       +
               name = "rmfakecloud";

     

       61
       61
       +
               type = "CNAME";

     

       62
       62
       +
               value = "vps";

     

       63
       63
       +
             }

     

       64
       64
       +
           ];

     

       58
       65
        
         };

     

       59
       66
        
       }

+16 -7

modules/ryan-website.nix

···

       1
       1
       -
       { pkgs, config, lib, ryan-website, ... }:

     

       1
       1
       +
       {

     

       2
       2
       +
         pkgs,

     

       3
       3
       +
         config,

     

       4
       4
       +
         lib,

     

       5
       5
       +
         ryan-website,

     

       6
       6
       +
         ...

     

       7
       7
       +
       }:

     

       2
       8
        
       

     

       3
       9
        
       with lib;

     

       4
       10
        
       

     

       5
       5
       -
       let cfg = config.custom.website.ryan;

     

       6
       6
       -
       in {

     

       11
       11
       +
       let

     

       12
       12
       +
         cfg = config.custom.website.ryan;

     

       13
       13
       +
       in

     

       14
       14
       +
       {

     

       7
       15
        
         options = {

     

       8
       16
        
           custom.website.ryan = {

     

       9
       17
        
             enable = mkEnableOption "ryan's website";

     
···

       28
       36
        
       

     

       29
       37
        
         config = mkIf cfg.enable {

     

       30
       38
        
           security.acme-eon.nginxCerts = [ cfg.domain ];

     

       31
       31
       -
           security.acme-eon.certs.${cfg.domain}.extraDomainNames =

     

       32
       32
       -
             [ "www.${cfg.domain}" ];

     

       39
       39
       +
           security.acme-eon.certs.${cfg.domain}.extraDomainNames = [ "www.${cfg.domain}" ];

     

       33
       40
        
       

     

       34
       41
        
           services.nginx = {

     

       35
       42
        
             enable = true;

     
···

       48
       55
        
                 '';

     

       49
       56
        
               };

     

       50
       57
        
               "www.${cfg.domain}" =

     

       51
       51
       -
                 let certDir = config.security.acme-eon.certs.${cfg.domain}.directory;

     

       52
       52
       -
                 in {

     

       58
       58
       +
                 let

     

       59
       59
       +
                   certDir = config.security.acme-eon.certs.${cfg.domain}.directory;

     

       60
       60
       +
                 in

     

       61
       61
       +
                 {

     

       53
       62
        
                   forceSSL = true;

     

       54
       63
        
                   sslCertificate = "${certDir}/fullchain.pem";

     

       55
       64
        
                   sslCertificateKey = "${certDir}/key.pem";

+4 -2

modules/scripts.nix

···

       1
       1
        
       { config, lib, ... }:

     

       2
       2
        
       

     

       3
       3
       -
       let cfg = config.custom;

     

       4
       4
       -
       in {

     

       3
       3
       +
       let

     

       4
       4
       +
         cfg = config.custom;

     

       5
       5
       +
       in

     

       6
       6
       +
       {

     

       5
       7
        
         config = lib.mkIf cfg.enable {

     

       6
       8
        
           environment.interactiveShellInit = "export PATH=$PATH:/etc/nixos/scripts";

     

       7
       9
        
         };

+11 -5

modules/ssh.nix

···

       1
       1
       -
       { pkgs, config, lib, ... }:

     

       1
       1
       +
       {

     

       2
       2
       +
         pkgs,

     

       3
       3
       +
         config,

     

       4
       4
       +
         lib,

     

       5
       5
       +
         ...

     

       6
       6
       +
       }:

     

       2
       7
        
       

     

       3
       3
       -
       let cfg = config.custom;

     

       4
       4
       -
       in {

     

       8
       8
       +
       let

     

       9
       9
       +
         cfg = config.custom;

     

       10
       10
       +
       in

     

       11
       11
       +
       {

     

       5
       12
        
         config = lib.mkIf cfg.enable {

     

       6
       13
        
           users.mutableUsers = false;

     

       7
       7
       -
           users.users.${config.custom.username}.openssh.authorizedKeys.keyFiles =

     

       8
       8
       -
             [ ./authorized_keys ];

     

       14
       14
       +
           users.users.${config.custom.username}.openssh.authorizedKeys.keyFiles = [ ./authorized_keys ];

     

       9
       15
        
           users.users.root.openssh.authorizedKeys.keyFiles = [ ./authorized_keys ];

     

       10
       16
        
       

     

       11
       17
        
           programs.mosh.enable = true;

+4 -2

modules/tailscale.nix

···

       2
       2
        
       

     

       3
       3
        
       with lib;

     

       4
       4
        
       

     

       5
       5
       -
       let cfg = config.custom;

     

       6
       6
       -
       in {

     

       5
       5
       +
       let

     

       6
       6
       +
         cfg = config.custom;

     

       7
       7
       +
       in

     

       8
       8
       +
       {

     

       7
       9
        
         options.custom.tailscale = mkEnableOption "tailscale";

     

       8
       10
        
       

     

       9
       11
        
         config = lib.mkIf cfg.tailscale {

+4 -2

modules/use-nix-cache.nix

···

       1
       1
        
       { config, lib, ... }:

     

       2
       2
        
       

     

       3
       3
       -
       let cfg = config.custom;

     

       4
       4
       -
       in {

     

       3
       3
       +
       let

     

       4
       4
       +
         cfg = config.custom;

     

       5
       5
       +
       in

     

       6
       6
       +
       {

     

       5
       7
        
         options.custom.useNixCache = lib.mkOption {

     

       6
       8
        
           type = lib.types.bool;

     

       7
       9
        
           default = true;

+10 -3

modules/workstation.nix

···

       1
       1
       -
       { pkgs, config, lib, ... }@inputs:

     

       1
       1
       +
       {

     

       2
       2
       +
         pkgs,

     

       3
       3
       +
         config,

     

       4
       4
       +
         lib,

     

       5
       5
       +
         ...

     

       6
       6
       +
       }@inputs:

     

       2
       7
        
       

     

       3
       3
       -
       let cfg = config.custom;

     

       4
       4
       -
       in {

     

       8
       8
       +
       let

     

       9
       9
       +
         cfg = config.custom;

     

       10
       10
       +
       in

     

       11
       11
       +
       {

     

       5
       12
        
         options.custom.workstation = lib.mkEnableOption "custom";

     

       6
       13
        
       

     

       7
       14
        
         config = lib.mkIf cfg.workstation {

+10 -3

modules/zsa.nix

···

       1
       1
       -
       { pkgs, config, lib, ... }:

     

       1
       1
       +
       {

     

       2
       2
       +
         pkgs,

     

       3
       3
       +
         config,

     

       4
       4
       +
         lib,

     

       5
       5
       +
         ...

     

       6
       6
       +
       }:

     

       2
       7
        
       

     

       3
       3
       -
       let cfg = config.custom.zsa;

     

       4
       4
       -
       in {

     

       8
       8
       +
       let

     

       9
       9
       +
         cfg = config.custom.zsa;

     

       10
       10
       +
       in

     

       11
       11
       +
       {

     

       5
       12
        
         options.custom.zsa = lib.mkOption {

     

       6
       13
        
           type = lib.types.bool;

     

       7
       14
        
           default = false;

+45 -33

nix-on-droid/default.nix

···

       1
       1
       -
       { pkgs, config, lib, ... }:

     

       1
       1
       +
       {

     

       2
       2
       +
         pkgs,

     

       3
       3
       +
         config,

     

       4
       4
       +
         lib,

     

       5
       5
       +
         ...

     

       6
       6
       +
       }:

     

       2
       7
        
       

     

       3
       8
        
       {

     

       4
       9
        
         user.shell = "${pkgs.zsh}/bin/zsh";

     
···

       20
       25
        
       

     

       21
       26
        
         home-manager = {

     

       22
       27
        
           useGlobalPkgs = true;

     

       23
       23
       -
           config = { pkgs, lib, ... }: {

     

       24
       24
       -
             imports = [ ../home/default.nix ];

     

       28
       28
       +
           config =

     

       29
       29
       +
             { pkgs, lib, ... }:

     

       30
       30
       +
             {

     

       31
       31
       +
               imports = [ ../home/default.nix ];

     

       25
       32
        
       

     

       26
       26
       -
             # Use the same overlays as the system packages

     

       27
       27
       -
             nixpkgs = { inherit (config.nixpkgs) overlays; };

     

       33
       33
       +
               # Use the same overlays as the system packages

     

       34
       34
       +
               nixpkgs = { inherit (config.nixpkgs) overlays; };

     

       28
       35
        
       

     

       29
       29
       -
             nix = {

     

       30
       30
       -
               package = pkgs.nix;

     

       31
       31
       -
               settings.experimental-features = [ "nix-command" "flakes" ];

     

       32
       32
       -
             };

     

       36
       36
       +
               nix = {

     

       37
       37
       +
                 package = pkgs.nix;

     

       38
       38
       +
                 settings.experimental-features = [

     

       39
       39
       +
                   "nix-command"

     

       40
       40
       +
                   "flakes"

     

       41
       41
       +
                 ];

     

       42
       42
       +
               };

     

       33
       43
        
       

     

       34
       34
       -
             # https://github.com/nix-community/nix-on-droid/issues/185

     

       35
       35
       -
             home.shellAliases = {

     

       36
       36
       -
               sshd = let

     

       37
       37
       -
                 config = pkgs.writeText "sshd_config" ''

     

       38
       38
       -
                   HostKey /data/data/com.termux.nix/files/home/.ssh/id_ed25519

     

       39
       39
       -
                   Port 9022

     

       40
       40
       -
                 '';

     

       41
       41
       -
               in "$(readlink $(whereis sshd)) -f ${config}";

     

       42
       42
       -
               ping = "/android/system/bin/linker64 /android/system/bin/ping";

     

       43
       43
       -
             };

     

       44
       44
       +
               # https://github.com/nix-community/nix-on-droid/issues/185

     

       45
       45
       +
               home.shellAliases = {

     

       46
       46
       +
                 sshd =

     

       47
       47
       +
                   let

     

       48
       48
       +
                     config = pkgs.writeText "sshd_config" ''

     

       49
       49
       +
                       HostKey /data/data/com.termux.nix/files/home/.ssh/id_ed25519

     

       50
       50
       +
                       Port 9022

     

       51
       51
       +
                     '';

     

       52
       52
       +
                   in

     

       53
       53
       +
                   "$(readlink $(whereis sshd)) -f ${config}";

     

       54
       54
       +
                 ping = "/android/system/bin/linker64 /android/system/bin/ping";

     

       55
       55
       +
               };

     

       44
       56
        
       

     

       45
       45
       -
             home.file = {

     

       46
       46
       -
               ".ssh/authorized_keys".source = ../modules/authorized_keys;

     

       47
       47
       -
             };

     

       57
       57
       +
               home.file = {

     

       58
       58
       +
                 ".ssh/authorized_keys".source = ../modules/authorized_keys;

     

       59
       59
       +
               };

     

       60
       60
       +
       

     

       61
       61
       +
               programs.ssh = {

     

       62
       62
       +
                 enable = true;

     

       63
       63
       +
                 extraConfig = ''

     

       64
       64
       +
                   User ryan

     

       65
       65
       +
                 '';

     

       66
       66
       +
               };

     

       48
       67
        
       

     

       49
       49
       -
             programs.ssh = {

     

       50
       50
       -
               enable = true;

     

       51
       51
       -
               extraConfig = ''

     

       52
       52
       -
                 User ryan

     

       53
       53
       -
               '';

     

       54
       54
       -
             };

     

       68
       68
       +
               home.sessionVariables = {

     

       69
       69
       +
                 LEDGER_FILE = ''~/storage/Documents/vault/ledger/`date "+%Y"`.ledger'';

     

       70
       70
       +
               };

     

       55
       71
        
       

     

       56
       56
       -
             home.sessionVariables = {

     

       57
       57
       -
               LEDGER_FILE = ''~/storage/Documents/vault/ledger/`date "+%Y"`.ledger'';

     

       72
       72
       +
               home.stateVersion = "22.05";

     

       58
       73
        
             };

     

       59
       59
       -
       

     

       60
       60
       -
             home.stateVersion = "22.05";

     

       61
       61
       -
           };

     

       62
       74
        
         };

     

       63
       75
        
         system.stateVersion = "22.05";

     

       64
       76
        
       }

+8 -5

pkgs/hmrc-paye-tool.nix

···

       1
       1
       -
       { pkgs ? import <nixpkgs> { } }:

     

       1
       1
       +
       {

     

       2
       2
       +
         pkgs ? import <nixpkgs> { },

     

       3
       3
       +
       }:

     

       2
       4
        
       

     

       3
       5
        
       with pkgs;

     

       4
       6
        
       let

     
···

       9
       11
        
           inherit version;

     

       10
       12
        
       

     

       11
       13
        
           src = fetchurl {

     

       12
       12
       -
             url =

     

       13
       13
       -
               "https://www.gov.uk/government/uploads/uploaded/hmrc/payetools-rti-${version}-linux.zip";

     

       14
       14
       +
             url = "https://www.gov.uk/government/uploads/uploaded/hmrc/payetools-rti-${version}-linux.zip";

     

       14
       15
        
             hash = "sha256-QOW6Loqg001AcqWX/TOH6wvI2uAY4qNyFvQzCVEe8VU=";

     

       15
       16
        
           };

     

       16
       17
        
       

     
···

       43
       44
        
             mv prefix $out

     

       44
       45
        
           '';

     

       45
       46
        
         };

     

       46
       46
       -
       in buildFHSUserEnv {

     

       47
       47
       +
       in

     

       48
       48
       +
       buildFHSUserEnv {

     

       47
       49
        
         name = "hmrc-paye-tools-fhs";

     

       48
       50
        
       

     

       49
       49
       -
         targetPkgs = pkgs:

     

       51
       51
       +
         targetPkgs =

     

       52
       52
       +
           pkgs:

     

       50
       53
        
           (with pkgs; [

     

       51
       54
        
             glibc

     

       52
       55
        
             zlib

+83 -36

pkgs/sway-im/package.nix

···

       1
       1
       -
       { lib, stdenv, fetchFromGitHub, fetchpatch, substituteAll, swaybg, meson, ninja

     

       2
       2
       -
       , pkg-config, wayland-scanner, scdoc, libGL, wayland, libxkbcommon, pcre2

     

       3
       3
       -
       , json_c, libevdev, pango, cairo, libinput, gdk-pixbuf, librsvg, wlroots

     

       4
       4
       -
       , wayland-protocols, libdrm, nixosTests

     

       5
       5
       -
       # Used by the NixOS module:

     

       6
       6
       -
       , isNixOS ? false, enableXWayland ? true, xorg

     

       7
       7
       -
       , systemdSupport ? lib.meta.availableOn stdenv.hostPlatform systemd, systemd

     

       8
       8
       -
       , trayEnabled ? systemdSupport }:

     

       1
       1
       +
       {

     

       2
       2
       +
         lib,

     

       3
       3
       +
         stdenv,

     

       4
       4
       +
         fetchFromGitHub,

     

       5
       5
       +
         fetchpatch,

     

       6
       6
       +
         substituteAll,

     

       7
       7
       +
         swaybg,

     

       8
       8
       +
         meson,

     

       9
       9
       +
         ninja,

     

       10
       10
       +
         pkg-config,

     

       11
       11
       +
         wayland-scanner,

     

       12
       12
       +
         scdoc,

     

       13
       13
       +
         libGL,

     

       14
       14
       +
         wayland,

     

       15
       15
       +
         libxkbcommon,

     

       16
       16
       +
         pcre2,

     

       17
       17
       +
         json_c,

     

       18
       18
       +
         libevdev,

     

       19
       19
       +
         pango,

     

       20
       20
       +
         cairo,

     

       21
       21
       +
         libinput,

     

       22
       22
       +
         gdk-pixbuf,

     

       23
       23
       +
         librsvg,

     

       24
       24
       +
         wlroots,

     

       25
       25
       +
         wayland-protocols,

     

       26
       26
       +
         libdrm,

     

       27
       27
       +
         nixosTests,

     

       28
       28
       +
         # Used by the NixOS module:

     

       29
       29
       +
         isNixOS ? false,

     

       30
       30
       +
         enableXWayland ? true,

     

       31
       31
       +
         xorg,

     

       32
       32
       +
         systemdSupport ? lib.meta.availableOn stdenv.hostPlatform systemd,

     

       33
       33
       +
         systemd,

     

       34
       34
       +
         trayEnabled ? systemdSupport,

     

       35
       35
       +
       }:

     

       9
       36
        
       

     

       10
       37
        
       stdenv.mkDerivation (finalAttrs: {

     

       11
       38
        
         pname = "sway-unwrapped";

     

       12
       39
        
         version = "im";

     

       13
       40
        
       

     

       14
       14
       -
         inherit enableXWayland isNixOS systemdSupport trayEnabled;

     

       41
       41
       +
         inherit

     

       42
       42
       +
           enableXWayland

     

       43
       43
       +
           isNixOS

     

       44
       44
       +
           systemdSupport

     

       45
       45
       +
           trayEnabled

     

       46
       46
       +
           ;

     

       15
       47
        
         src = fetchFromGitHub {

     

       16
       48
        
           owner = "Decodetalkers";

     

       17
       49
        
           repo = "sway";

     
···

       19
       51
        
           sha256 = "sha256-UqmdwCTV5LgAQ6z94ZrHBX/QPmBi29fruUzeQk5Vhto=";

     

       20
       52
        
         };

     

       21
       53
        
       

     

       22
       22
       -
         patches = [

     

       23
       23
       -
           ./load-configuration-from-etc.patch

     

       54
       54
       +
         patches =

     

       55
       55
       +
           [

     

       56
       56
       +
             ./load-configuration-from-etc.patch

     

       24
       57
        
       

     

       25
       25
       -
           (substituteAll {

     

       26
       26
       -
             src = ./fix-paths.patch;

     

       27
       27
       -
             inherit swaybg;

     

       28
       28
       -
           })

     

       29
       29
       -
         ] ++ lib.optionals (!finalAttrs.isNixOS) [

     

       30
       30
       -
           # References to /nix/store/... will get GC'ed which causes problems when

     

       31
       31
       -
           # copying the default configuration:

     

       32
       32
       -
           ./sway-config-no-nix-store-references.patch

     

       33
       33
       -
         ] ++ lib.optionals finalAttrs.isNixOS [

     

       34
       34
       -
           # Use /run/current-system/sw/share and /etc instead of /nix/store

     

       35
       35
       -
           # references:

     

       36
       36
       -
           ./sway-config-nixos-paths.patch

     

       37
       37
       -
         ];

     

       58
       58
       +
             (substituteAll {

     

       59
       59
       +
               src = ./fix-paths.patch;

     

       60
       60
       +
               inherit swaybg;

     

       61
       61
       +
             })

     

       62
       62
       +
           ]

     

       63
       63
       +
           ++ lib.optionals (!finalAttrs.isNixOS) [

     

       64
       64
       +
             # References to /nix/store/... will get GC'ed which causes problems when

     

       65
       65
       +
             # copying the default configuration:

     

       66
       66
       +
             ./sway-config-no-nix-store-references.patch

     

       67
       67
       +
           ]

     

       68
       68
       +
           ++ lib.optionals finalAttrs.isNixOS [

     

       69
       69
       +
             # Use /run/current-system/sw/share and /etc instead of /nix/store

     

       70
       70
       +
             # references:

     

       71
       71
       +
             ./sway-config-nixos-paths.patch

     

       72
       72
       +
           ];

     

       38
       73
        
       

     

       39
       74
        
         strictDeps = true;

     

       40
       75
        
         depsBuildBuild = [ pkg-config ];

     

       41
       76
        
       

     

       42
       42
       -
         nativeBuildInputs = [ meson ninja pkg-config wayland-scanner scdoc ];

     

       77
       77
       +
         nativeBuildInputs = [

     

       78
       78
       +
           meson

     

       79
       79
       +
           ninja

     

       80
       80
       +
           pkg-config

     

       81
       81
       +
           wayland-scanner

     

       82
       82
       +
           scdoc

     

       83
       83
       +
         ];

     

       43
       84
        
       

     

       44
       85
        
         buildInputs = [

     

       45
       86
        
           libGL

     
···

       58
       99
        
           (wlroots.override { inherit (finalAttrs) enableXWayland; })

     

       59
       100
        
         ] ++ lib.optionals finalAttrs.enableXWayland [ xorg.xcbutilwm ];

     

       60
       101
        
       

     

       61
       61
       -
         mesonFlags = let

     

       62
       62
       -
           # The "sd-bus-provider" meson option does not include a "none" option,

     

       63
       63
       -
           # but it is silently ignored iff "-Dtray=disabled".  We use "basu"

     

       64
       64
       -
           # (which is not in nixpkgs) instead of "none" to alert us if this

     

       65
       65
       -
           # changes: https://github.com/swaywm/sway/issues/6843#issuecomment-1047288761

     

       66
       66
       -
           # assert trayEnabled -> systemdSupport && dbusSupport;

     

       102
       102
       +
         mesonFlags =

     

       103
       103
       +
           let

     

       104
       104
       +
             # The "sd-bus-provider" meson option does not include a "none" option,

     

       105
       105
       +
             # but it is silently ignored iff "-Dtray=disabled".  We use "basu"

     

       106
       106
       +
             # (which is not in nixpkgs) instead of "none" to alert us if this

     

       107
       107
       +
             # changes: https://github.com/swaywm/sway/issues/6843#issuecomment-1047288761

     

       108
       108
       +
             # assert trayEnabled -> systemdSupport && dbusSupport;

     

       67
       109
        
       

     

       68
       68
       -
           sd-bus-provider = if systemdSupport then "libsystemd" else "basu";

     

       69
       69
       -
         in [ "-Dsd-bus-provider=${sd-bus-provider}" ] ++ [ "-Dwerror=false" ]

     

       70
       70
       -
         ++ lib.optional (!finalAttrs.enableXWayland) "-Dxwayland=disabled"

     

       71
       71
       -
         ++ lib.optional (!finalAttrs.trayEnabled) "-Dtray=disabled";

     

       110
       110
       +
             sd-bus-provider = if systemdSupport then "libsystemd" else "basu";

     

       111
       111
       +
           in

     

       112
       112
       +
           [ "-Dsd-bus-provider=${sd-bus-provider}" ]

     

       113
       113
       +
           ++ [ "-Dwerror=false" ]

     

       114
       114
       +
           ++ lib.optional (!finalAttrs.enableXWayland) "-Dxwayland=disabled"

     

       115
       115
       +
           ++ lib.optional (!finalAttrs.trayEnabled) "-Dtray=disabled";

     

       72
       116
        
       

     

       73
       117
        
         passthru.tests.basic = nixosTests.sway;

     

       74
       118
        
       

     
···

       87
       131
        
           changelog = "https://github.com/swaywm/sway/releases/tag/${version}";

     

       88
       132
        
           license = licenses.mit;

     

       89
       133
        
           platforms = platforms.linux;

     

       90
       90
       -
           maintainers = with maintainers; [ primeos synthetica ];

     

       134
       134
       +
           maintainers = with maintainers; [

     

       135
       135
       +
             primeos

     

       136
       136
       +
             synthetica

     

       137
       137
       +
           ];

     

       91
       138
        
           mainProgram = "sway";

     

       92
       139
        
         };

     

       93
       140
        
       })

+48 -10

pkgs/wlroots/default.nix

···

       1
       1
       -
       { lib, stdenv, fetchFromGitLab, fetchpatch, meson, ninja, pkg-config

     

       2
       2
       -
       , wayland-scanner, libGL, wayland, wayland-protocols, libinput, libxkbcommon

     

       3
       3
       -
       , pixman, libcap, mesa, xorg, libpng, ffmpeg_4, ffmpeg, hwdata, seatd

     

       4
       4
       -
       , vulkan-loader, glslang, libliftoff, libdisplay-info, nixosTests

     

       1
       1
       +
       {

     

       2
       2
       +
         lib,

     

       3
       3
       +
         stdenv,

     

       4
       4
       +
         fetchFromGitLab,

     

       5
       5
       +
         fetchpatch,

     

       6
       6
       +
         meson,

     

       7
       7
       +
         ninja,

     

       8
       8
       +
         pkg-config,

     

       9
       9
       +
         wayland-scanner,

     

       10
       10
       +
         libGL,

     

       11
       11
       +
         wayland,

     

       12
       12
       +
         wayland-protocols,

     

       13
       13
       +
         libinput,

     

       14
       14
       +
         libxkbcommon,

     

       15
       15
       +
         pixman,

     

       16
       16
       +
         libcap,

     

       17
       17
       +
         mesa,

     

       18
       18
       +
         xorg,

     

       19
       19
       +
         libpng,

     

       20
       20
       +
         ffmpeg_4,

     

       21
       21
       +
         ffmpeg,

     

       22
       22
       +
         hwdata,

     

       23
       23
       +
         seatd,

     

       24
       24
       +
         vulkan-loader,

     

       25
       25
       +
         glslang,

     

       26
       26
       +
         libliftoff,

     

       27
       27
       +
         libdisplay-info,

     

       28
       28
       +
         nixosTests,

     

       5
       29
        
       

     

       6
       6
       -
       , enableXWayland ? true, xwayland ? null }:

     

       30
       30
       +
         enableXWayland ? true,

     

       31
       31
       +
         xwayland ? null,

     

       32
       32
       +
       }:

     

       7
       33
        
       

     

       8
       34
        
       stdenv.mkDerivation (finalAttrs: rec {

     

       9
       35
        
         pname = "wlroots";

     
···

       20
       46
        
         };

     

       21
       47
        
       

     

       22
       48
        
         # $out for the library and $examples for the example programs (in examples):

     

       23
       23
       -
         outputs = [ "out" "examples" ];

     

       49
       49
       +
         outputs = [

     

       50
       50
       +
           "out"

     

       51
       51
       +
           "examples"

     

       52
       52
       +
         ];

     

       24
       53
        
       

     

       25
       54
        
         strictDeps = true;

     

       26
       55
        
         depsBuildBuild = [ pkg-config ];

     

       27
       56
        
       

     

       28
       28
       -
         nativeBuildInputs = [ meson ninja pkg-config wayland-scanner glslang ];

     

       57
       57
       +
         nativeBuildInputs = [

     

       58
       58
       +
           meson

     

       59
       59
       +
           ninja

     

       60
       60
       +
           pkg-config

     

       61
       61
       +
           wayland-scanner

     

       62
       62
       +
           glslang

     

       63
       63
       +
         ];

     

       29
       64
        
       

     

       30
       65
        
         buildInputs = [

     

       31
       66
        
           libGL

     
···

       74
       109
        
             compositor; or about 50,000 lines of code you were going to write anyway.

     

       75
       110
        
           '';

     

       76
       111
        
           inherit (finalAttrs.src.meta) homepage;

     

       77
       77
       -
           changelog =

     

       78
       78
       -
             "https://gitlab.freedesktop.org/wlroots/wlroots/-/tags/${version}";

     

       112
       112
       +
           changelog = "https://gitlab.freedesktop.org/wlroots/wlroots/-/tags/${version}";

     

       79
       113
        
           license = lib.licenses.mit;

     

       80
       114
        
           platforms = lib.platforms.linux;

     

       81
       81
       -
           maintainers = with lib.maintainers; [ primeos synthetica rewine ];

     

       115
       115
       +
           maintainers = with lib.maintainers; [

     

       116
       116
       +
             primeos

     

       117
       117
       +
             synthetica

     

       118
       118
       +
             rewine

     

       119
       119
       +
           ];

     

       82
       120
        
         };

     

       83
       121
        
       })

+10 -2

pkgs/wlroots/protocols.nix

···

       1
       1
       -
       { lib, stdenv, fetchFromGitLab, wayland-scanner }:

     

       1
       1
       +
       {

     

       2
       2
       +
         lib,

     

       3
       3
       +
         stdenv,

     

       4
       4
       +
         fetchFromGitLab,

     

       5
       5
       +
         wayland-scanner,

     

       6
       6
       +
       }:

     

       2
       7
        
       

     

       3
       8
        
       stdenv.mkDerivation rec {

     

       4
       9
        
         pname = "wlr-protocols";

     
···

       24
       29
        
         doCheck = true;

     

       25
       30
        
         checkTarget = "check";

     

       26
       31
        
       

     

       27
       27
       -
         installFlags = [ "DESTDIR=$(out)" "PREFIX=" ];

     

       32
       32
       +
         installFlags = [

     

       33
       33
       +
           "DESTDIR=$(out)"

     

       34
       34
       +
           "PREFIX="

     

       35
       35
       +
         ];

     

       28
       36
        
       

     

       29
       37
        
         meta = with lib; {

     

       30
       38
        
           description = "Wayland roots protocol extensions";

+27 -14

secrets/secrets.nix

···

       3
       3
        
           "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAGNcdBuEeoJiMH8TMO4k/w3OVKfiSZ9IZ3xrzFOZEi8 ryan@dell-xps"

     

       4
       4
        
         ];

     

       5
       5
        
       

     

       6
       6
       -
         gecko =

     

       7
       7
       -
           "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGLEtqkSlJx219h1aYRXRjP60vBmJmhrCp0Mj1FIF25N root@gecko";

     

       8
       8
       -
         owl =

     

       9
       9
       -
           "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILP6Cgm/BWnJvuGgU1SjWwjOCjuE5AXGqEdQonWYR7BA root@owl";

     

       10
       10
       -
         elephant =

     

       11
       11
       -
           "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+ddohsRFrypCVJqIhI3p3R12pJI8iwuMfRu0TJWuPe root@elephant";

     

       12
       12
       -
         shrew =

     

       13
       13
       -
           "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHLiZ0xdXSlF1eMibrs320lVQaushEpEDMrR6lp9uFkx root@shrew";

     

       14
       14
       -
       in {

     

       6
       6
       +
         gecko = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGLEtqkSlJx219h1aYRXRjP60vBmJmhrCp0Mj1FIF25N root@gecko";

     

       7
       7
       +
         owl = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILP6Cgm/BWnJvuGgU1SjWwjOCjuE5AXGqEdQonWYR7BA root@owl";

     

       8
       8
       +
         elephant = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+ddohsRFrypCVJqIhI3p3R12pJI8iwuMfRu0TJWuPe root@elephant";

     

       9
       9
       +
         shrew = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHLiZ0xdXSlF1eMibrs320lVQaushEpEDMrR6lp9uFkx root@shrew";

     

       10
       10
       +
       in

     

       11
       11
       +
       {

     

       15
       12
        
         "cache-priv-key.pem.age".publicKeys = user ++ [ elephant ];

     

       16
       16
       -
         "email-ryan.age".publicKeys = user ++ [ gecko owl ];

     

       17
       17
       -
         "email-system.age".publicKeys = user ++ [ gecko owl elephant ];

     

       13
       13
       +
         "email-ryan.age".publicKeys = user ++ [

     

       14
       14
       +
           gecko

     

       15
       15
       +
           owl

     

       16
       16
       +
         ];

     

       17
       17
       +
         "email-system.age".publicKeys = user ++ [

     

       18
       18
       +
           gecko

     

       19
       19
       +
           owl

     

       20
       20
       +
           elephant

     

       21
       21
       +
         ];

     

       18
       22
        
         "matrix-shared-secret.age".publicKeys = user ++ [ owl ];

     

       19
       23
        
         "matrix-turn-shared-secret.age".publicKeys = user ++ [ owl ];

     

       20
       24
        
         "coturn.age".publicKeys = user ++ [ owl ];

     

       21
       25
        
         "website-phd.age".publicKeys = user ++ [ owl ];

     

       22
       26
        
         "rmfakecloud.age".publicKeys = user ++ [ owl ];

     

       23
       23
       -
         "restic-owl.age".publicKeys = user ++ [ owl elephant ];

     

       24
       24
       -
         "restic-gecko.age".publicKeys = user ++ [ gecko elephant ];

     

       25
       25
       -
         "restic-shrew.age".publicKeys = user ++ [ shrew elephant ];

     

       27
       27
       +
         "restic-owl.age".publicKeys = user ++ [

     

       28
       28
       +
           owl

     

       29
       29
       +
           elephant

     

       30
       30
       +
         ];

     

       31
       31
       +
         "restic-gecko.age".publicKeys = user ++ [

     

       32
       32
       +
           gecko

     

       33
       33
       +
           elephant

     

       34
       34
       +
         ];

     

       35
       35
       +
         "restic-shrew.age".publicKeys = user ++ [

     

       36
       36
       +
           shrew

     

       37
       37
       +
           elephant

     

       38
       38
       +
         ];

     

       26
       39
        
         "restic-elephant.age".publicKeys = user ++ [ elephant ];

     

       27
       40
        
         "restic.env.age".publicKeys = user ++ [ elephant ];

     

       28
       41
        
         "restic-repo.age".publicKeys = user ++ [ elephant ];