commit 6b713ef0bc4e6c87868a1b834713ffead1d2225c · ryan.freumh.org/nixos

+129 -131

flake.nix

···

       9
       9
        
           nix-on-droid.url = "github:nix-community/nix-on-droid/release-23.05";

     

       10
       10
        
           eeww.url = "github:RyanGibb/eeww/nixos";

     

       11
       11
        
           eon.url = "github:RyanGibb/eon";

     

       12
       12
       -
           eilean.url ="github:RyanGibb/eilean-nix/main";

     

       12
       12
       +
           eilean.url = "github:RyanGibb/eilean-nix/main";

     

       13
       13
        
           ryan-website.url = "git+ssh://git@github.com/RyanGibb/website.git";

     

       14
       14
        
           alec-website.url = "github:alexanderhthompson/website";

     

       15
       15
        
           fn06-website.url = "github:RyanGibb/fn06";

     

       16
       16
       -
           colour-guesser.url = "git+ssh://git@github.com/ryangibb/colour-guesser.git?ref=develop";

     

       16
       16
       +
           colour-guesser.url =

     

       17
       17
       +
             "git+ssh://git@github.com/ryangibb/colour-guesser.git?ref=develop";

     

       17
       18
        
           i3-workspace-history.url = "github:RyanGibb/i3-workspace-history";

     

       18
       19
        
           hyperbib-eeg.url = "github:RyanGibb/hyperbib?ref=nixify";

     

       19
       19
       -
           neovim.url = "github:neovim/neovim/f40df63bdca33d343cada6ceaafbc8b765ed7cc6?dir=contrib";

     

       20
       20
       +
           neovim.url =

     

       21
       21
       +
             "github:neovim/neovim/f40df63bdca33d343cada6ceaafbc8b765ed7cc6?dir=contrib";

     

       20
       22
        
           nix-rpi5.url = "gitlab:vriska/nix-rpi5?ref=main";

     

       21
       23
        
       

     

       22
       24
        
           # deduplicate flake inputs

     
···

       34
       36
        
           hyperbib-eeg.inputs.nixpkgs.follows = "nixpkgs";

     

       35
       37
        
         };

     

       36
       38
        
       

     

       37
       37
       -
         outputs = {

     

       38
       38
       -
           self,

     

       39
       39
       -
           nixpkgs,

     

       40
       40
       -
           nixpkgs-unstable,

     

       41
       41
       -
           nixos-hardware,

     

       42
       42
       -
           home-manager,

     

       43
       43
       -
           agenix,

     

       44
       44
       -
           nix-on-droid,

     

       45
       45
       -
           eeww,

     

       46
       46
       -
           eon,

     

       47
       47
       -
           eilean,

     

       48
       48
       -
           fn06-website,

     

       49
       49
       -
           i3-workspace-history,

     

       50
       50
       -
           hyperbib-eeg,

     

       51
       51
       -
           neovim,

     

       52
       52
       -
           ...

     

       53
       53
       -
         }@inputs:

     

       39
       39
       +
         outputs = { self, nixpkgs, nixpkgs-unstable, nixos-hardware, home-manager

     

       40
       40
       +
           , agenix, nix-on-droid, eeww, eon, eilean, fn06-website

     

       41
       41
       +
           , i3-workspace-history, hyperbib-eeg, neovim, ... }@inputs:

     

       54
       42
        
           let

     

       55
       43
        
             getSystemOverlays = system: nixpkgsConfig:

     

       56
       44
        
               [

     
···

       64
       52
        
                   eeww = eeww.defaultPackage.${system};

     

       65
       53
        
                   eon = eon.defaultPackage.${system};

     

       66
       54
        
                   mautrix-signal = final.overlay-unstable.mautrix-signal;

     

       67
       67
       -
                   i3-workspace-history = i3-workspace-history.packages.${system}.default;

     

       68
       68
       -
                   maildir-rank-addr = final.callPackage ./pkgs/maildir-rank-addr.nix { };

     

       55
       55
       +
                   i3-workspace-history =

     

       56
       56
       +
                     i3-workspace-history.packages.${system}.default;

     

       57
       57
       +
                   maildir-rank-addr =

     

       58
       58
       +
                     final.callPackage ./pkgs/maildir-rank-addr.nix { };

     

       69
       59
        
                   # https://github.com/NixOS/nixpkgs/issues/86349#issuecomment-624489806

     

       70
       70
       -
                   aerc = (prev.callPackage "${prev.path}/pkgs/applications/networking/mailreaders/aerc/default.nix" {

     

       71
       71
       -
                     buildGoModule = args: prev.buildGoModule (args // {

     

       72
       72
       -
                        src = prev.fetchFromSourcehut {

     

       73
       73
       -
                         owner = "~rjarry";

     

       74
       74
       -
                         repo = "aerc";

     

       75
       75
       -
                         rev = "930e50328c3a57faeec7fd23881e044257eda157";

     

       76
       76
       -
                         hash = "sha256-V1cjjJBAGqfBZIizAweMUYl7X3QorgLh/8J4HulmKAE=";

     

       77
       77
       -
                       };

     

       78
       78
       -
                       vendorHash = "sha256-IzQKgNilBq53w41gNLXCd1BgYXW/aUuQQtFeKEI/dKw=";

     

       60
       60
       +
                   aerc = (prev.callPackage

     

       61
       61
       +
                     "${prev.path}/pkgs/applications/networking/mailreaders/aerc/default.nix" {

     

       62
       62
       +
                       buildGoModule = args:

     

       63
       63
       +
                         prev.buildGoModule (args // {

     

       64
       64
       +
                           src = prev.fetchFromSourcehut {

     

       65
       65
       +
                             owner = "~rjarry";

     

       66
       66
       +
                             repo = "aerc";

     

       67
       67
       +
                             rev = "930e50328c3a57faeec7fd23881e044257eda157";

     

       68
       68
       +
                             hash =

     

       69
       69
       +
                               "sha256-V1cjjJBAGqfBZIizAweMUYl7X3QorgLh/8J4HulmKAE=";

     

       70
       70
       +
                           };

     

       71
       71
       +
                           vendorHash =

     

       72
       72
       +
                             "sha256-IzQKgNilBq53w41gNLXCd1BgYXW/aUuQQtFeKEI/dKw=";

     

       73
       73
       +
                         });

     

       79
       74
        
                     });

     

       80
       80
       -
                   });

     

       81
       75
        
                   # https://github.com/swaywm/sway/pull/7226

     

       82
       76
        
                   sway-unwrapped = prev.callPackage ./pkgs/sway-im/package.nix {

     

       83
       77
        
                     libdrm = final.overlay-unstable.libdrm;

     

       84
       78
        
                     wlroots = prev.callPackage ./pkgs/wlroots/default.nix {

     

       85
       79
        
                       # for libdrm >=2.4.120

     

       86
       80
        
                       mesa = final.overlay-unstable.mesa;

     

       87
       87
       -
                       wayland-protocols = prev.wayland-protocols.overrideAttrs (old: rec {

     

       88
       88
       -
                         pname = "wayland-protocols";

     

       89
       89
       -
                         version = "1.33";

     

       90
       90
       -
                         src = prev.fetchurl {

     

       91
       91
       -
                           url = "https://gitlab.freedesktop.org/wayland/${pname}/-/releases/${version}/downloads/${pname}-${version}.tar.xz";

     

       92
       92
       -
                           hash = "sha256-lPDFCwkNbmGgP2IEhGexmrvoUb5OEa57NvZfi5jDljo=";

     

       93
       93
       -
                         };

     

       94
       94
       -
                       });

     

       81
       81
       +
                       wayland-protocols = prev.wayland-protocols.overrideAttrs

     

       82
       82
       +
                         (old: rec {

     

       83
       83
       +
                           pname = "wayland-protocols";

     

       84
       84
       +
                           version = "1.33";

     

       85
       85
       +
                           src = prev.fetchurl {

     

       86
       86
       +
                             url =

     

       87
       87
       +
                               "https://gitlab.freedesktop.org/wayland/${pname}/-/releases/${version}/downloads/${pname}-${version}.tar.xz";

     

       88
       88
       +
                             hash =

     

       89
       89
       +
                               "sha256-lPDFCwkNbmGgP2IEhGexmrvoUb5OEa57NvZfi5jDljo=";

     

       90
       90
       +
                           };

     

       91
       91
       +
                         });

     

       95
       92
        
                     };

     

       96
       93
        
                   };

     

       97
       94
        
                   neovim-unwrapped = neovim.packages.${system}.default;

     

       98
       95
        
                   # https://github.com/NixOS/nixpkgs/pull/291559

     

       99
       99
       -
                   libvpl = final.overlay-unstable.libvpl.overrideAttrs (_: {

     

       100
       100
       -
                     patches = [ ./pkgs/opengl-driver-lib.patch ];

     

       101
       101
       -
                   });

     

       96
       96
       +
                   libvpl = final.overlay-unstable.libvpl.overrideAttrs

     

       97
       97
       +
                     (_: { patches = [ ./pkgs/opengl-driver-lib.patch ]; });

     

       102
       98
        
                   # https://github.com/jellyfin/jellyfin-media-player/issues/165#issuecomment-1966131861

     

       103
       103
       -
                   jellyfin-media-player = prev.jellyfin-media-player.overrideAttrs (old: {

     

       104
       104
       -
                     buildInputs =

     

       105
       105
       -
                       (prev.lib.filter (input: input != prev.mpv) old.buildInputs) ++ [

     

       106
       106
       -
                       (prev.mpv-unwrapped.overrideAttrs (old: {

     

       107
       107
       -
                         buildInputs =

     

       108
       108
       -
                           (prev.lib.filter (input: input != prev.libva) old.buildInputs) ++ [

     

       109
       109
       -
                           (prev.libva.overrideAttrs (_: {

     

       110
       110
       -
                             src = prev.fetchFromGitHub {

     

       111
       111
       -
                               owner = "emersion";

     

       112
       112
       -
                               repo = "libva";

     

       113
       113
       -
                               rev = "linux-dmabuf";

     

       114
       114
       -
                               hash = "sha256-d1cT6zOZHnrBBWjxOtSMAijPr4Tab+0GetZ6aqzhvrQ=";

     

       115
       115
       -
                             };

     

       99
       99
       +
                   jellyfin-media-player = prev.jellyfin-media-player.overrideAttrs

     

       100
       100
       +
                     (old: {

     

       101
       101
       +
                       buildInputs =

     

       102
       102
       +
                         (prev.lib.filter (input: input != prev.mpv) old.buildInputs)

     

       103
       103
       +
                         ++ [

     

       104
       104
       +
                           (prev.mpv-unwrapped.overrideAttrs (old: {

     

       105
       105
       +
                             buildInputs =

     

       106
       106
       +
                               (prev.lib.filter (input: input != prev.libva)

     

       107
       107
       +
                                 old.buildInputs) ++ [

     

       108
       108
       +
                                   (prev.libva.overrideAttrs (_: {

     

       109
       109
       +
                                     src = prev.fetchFromGitHub {

     

       110
       110
       +
                                       owner = "emersion";

     

       111
       111
       +
                                       repo = "libva";

     

       112
       112
       +
                                       rev = "linux-dmabuf";

     

       113
       113
       +
                                       hash =

     

       114
       114
       +
                                         "sha256-d1cT6zOZHnrBBWjxOtSMAijPr4Tab+0GetZ6aqzhvrQ=";

     

       115
       115
       +
                                     };

     

       116
       116
       +
                                   }))

     

       117
       117
       +
                                 ];

     

       116
       118
        
                           }))

     

       117
       119
        
                         ];

     

       118
       118
       -
                       }))

     

       119
       119
       -
                     ];

     

       120
       120
       -
                   });

     

       120
       120
       +
                     });

     

       121
       121
        
                 })

     

       122
       122
        
               ];

     

       123
       123
       -
         in rec {

     

       124
       124
       -
           nixosConfigurations =

     

       125
       125
       -
             let

     

       123
       123
       +
           in rec {

     

       124
       124
       +
             nixosConfigurations = let

     

       126
       125
        
               mkMode = mode: host:

     

       127
       126
        
                 nixpkgs.lib.nixosSystem {

     

       128
       127
        
                   # use system from config.localSystem

     
···

       130
       129
        
                   system = null;

     

       131
       130
        
                   pkgs = null;

     

       132
       131
        
                   specialArgs = inputs;

     

       133
       133
       -
                   modules =

     

       134
       134
       -
                     [

     

       135
       135
       -
                       ./hosts/${host}/${mode}.nix

     

       136
       136
       -
                       ./modules/default.nix

     

       137
       137
       -
                       ({ config, ... }: {

     

       138
       138
       -
                         networking.hostName = "${host}";

     

       139
       139
       -
                         # pin nix command's nixpkgs flake to the system flake to avoid unnecessary downloads

     

       140
       140
       -
                         nix.registry.nixpkgs.flake = nixpkgs;

     

       141
       141
       -
                         system.stateVersion = "22.05";

     

       142
       142
       -
                         # record git revision (can be queried with `nixos-version --json)

     

       143
       143
       -
                         system.configurationRevision = nixpkgs.lib.mkIf (self ? rev) self.rev;

     

       144
       144
       -
                         nixpkgs = {

     

       145
       145
       -
                           config.allowUnfree = true;

     

       146
       146
       -
                           config.permittedInsecurePackages = [

     

       147
       147
       -
                             # obsidian

     

       148
       148
       -
                             "electron-25.9.0"

     

       149
       149
       -
                             # https://github.com/nix-community/nixd/issues/357

     

       150
       150
       -
                             "nix-2.16.2"

     

       151
       151
       -
                           ];

     

       152
       152
       -
                           overlays = getSystemOverlays config.nixpkgs.hostPlatform.system config.nixpkgs.config;

     

       153
       153
       -
                           # uncomment for cross compilation (https://github.com/NixOS/nix/issues/3843)

     

       154
       154
       -
                           #buildPlatform.system = "cpu-os";

     

       155
       155
       -
                         };

     

       156
       156
       -
                       })

     

       157
       157
       -
                       home-manager.nixosModule

     

       158
       158
       -
                       eilean.nixosModules.default

     

       159
       159
       -
                       eon.nixosModules.default

     

       160
       160
       -
                       hyperbib-eeg.nixosModules.default

     

       161
       161
       -
                       agenix.nixosModules.default

     

       162
       162
       -
                     ];

     

       163
       163
       -
                   };

     

       132
       132
       +
                   modules = [

     

       133
       133
       +
                     ./hosts/${host}/${mode}.nix

     

       134
       134
       +
                     ./modules/default.nix

     

       135
       135
       +
                     ({ config, ... }: {

     

       136
       136
       +
                       networking.hostName = "${host}";

     

       137
       137
       +
                       # pin nix command's nixpkgs flake to the system flake to avoid unnecessary downloads

     

       138
       138
       +
                       nix.registry.nixpkgs.flake = nixpkgs;

     

       139
       139
       +
                       system.stateVersion = "22.05";

     

       140
       140
       +
                       # record git revision (can be queried with `nixos-version --json)

     

       141
       141
       +
                       system.configurationRevision =

     

       142
       142
       +
                         nixpkgs.lib.mkIf (self ? rev) self.rev;

     

       143
       143
       +
                       nixpkgs = {

     

       144
       144
       +
                         config.allowUnfree = true;

     

       145
       145
       +
                         config.permittedInsecurePackages = [

     

       146
       146
       +
                           # obsidian

     

       147
       147
       +
                           "electron-25.9.0"

     

       148
       148
       +
                           # https://github.com/nix-community/nixd/issues/357

     

       149
       149
       +
                           "nix-2.16.2"

     

       150
       150
       +
                         ];

     

       151
       151
       +
                         overlays =

     

       152
       152
       +
                           getSystemOverlays config.nixpkgs.hostPlatform.system

     

       153
       153
       +
                           config.nixpkgs.config;

     

       154
       154
       +
                         # uncomment for cross compilation (https://github.com/NixOS/nix/issues/3843)

     

       155
       155
       +
                         #buildPlatform.system = "cpu-os";

     

       156
       156
       +
                       };

     

       157
       157
       +
                     })

     

       158
       158
       +
                     home-manager.nixosModule

     

       159
       159
       +
                     eilean.nixosModules.default

     

       160
       160
       +
                     eon.nixosModules.default

     

       161
       161
       +
                     hyperbib-eeg.nixosModules.default

     

       162
       162
       +
                     agenix.nixosModules.default

     

       163
       163
       +
                   ];

     

       164
       164
       +
                 };

     

       164
       165
        
               readModes = dir:

     

       165
       165
       -
                 let files = builtins.readDir dir; in

     

       166
       166
       -
                 let filtered = nixpkgs.lib.attrsets.filterAttrs (n: v:

     

       167
       167
       -
                   v == "regular" && (

     

       168
       168
       -
                     n == "default.nix" ||

     

       169
       169
       -
                     n == "minimal.nix" ||

     

       170
       170
       -
                     n == "sd-image.nix"

     

       171
       171
       -
                   )

     

       172
       172
       -
                 ) files; in

     

       173
       173
       -
                 let names = nixpkgs.lib.attrNames filtered; in

     

       174
       174
       -
                 builtins.map (f: nixpkgs.lib.strings.removeSuffix ".nix" f) names;

     

       166
       166
       +
                 let files = builtins.readDir dir;

     

       167
       167
       +
                 in let

     

       168
       168
       +
                   filtered = nixpkgs.lib.attrsets.filterAttrs (n: v:

     

       169
       169
       +
                     v == "regular" && (n == "default.nix" || n == "minimal.nix" || n

     

       170
       170
       +
                       == "sd-image.nix")) files;

     

       171
       171
       +
                 in let names = nixpkgs.lib.attrNames filtered;

     

       172
       172
       +
                 in builtins.map (f: nixpkgs.lib.strings.removeSuffix ".nix" f) names;

     

       175
       173
        
               mkModes = host: modes:

     

       176
       176
       -
                 builtins.map (mode:

     

       177
       177
       -
                   {

     

       178
       178
       -
                     name = "${host}${if mode == "default" then "" else "-${mode}"}";

     

       179
       179
       -
                     value = mkMode mode host;

     

       180
       180
       -
                   }

     

       181
       181
       -
                 ) modes;

     

       174
       174
       +
                 builtins.map (mode: {

     

       175
       175
       +
                   name = "${host}${if mode == "default" then "" else "-${mode}"}";

     

       176
       176
       +
                   value = mkMode mode host;

     

       177
       177
       +
                 }) modes;

     

       182
       178
        
               mkHosts = hosts:

     

       183
       183
       -
               let nestedList = builtins.map (host: mkModes host (readModes ./hosts/${host})) hosts; in

     

       184
       184
       -
                 let list = nixpkgs.lib.lists.flatten nestedList; in

     

       185
       185
       -
                 builtins.listToAttrs list;

     

       179
       179
       +
                 let

     

       180
       180
       +
                   nestedList =

     

       181
       181
       +
                     builtins.map (host: mkModes host (readModes ./hosts/${host}))

     

       182
       182
       +
                     hosts;

     

       183
       183
       +
                 in let list = nixpkgs.lib.lists.flatten nestedList;

     

       184
       184
       +
                 in builtins.listToAttrs list;

     

       186
       185
        
               hosts = builtins.attrNames (builtins.readDir ./hosts);

     

       187
       186
        
             in mkHosts hosts;

     

       188
       187
        
       

     

       189
       189
       -
           nixOnDroidConfigurations.default = nix-on-droid.lib.nixOnDroidConfiguration {

     

       190
       190
       -
             modules = [ ./nix-on-droid/default.nix ];

     

       191
       191
       -
             pkgs = import nixpkgs {

     

       192
       192
       -
               overlays = getSystemOverlays "aarch64-linux" { };

     

       193
       193
       -
               config.permittedInsecurePackages = [

     

       194
       194
       -
                 # https://github.com/nix-community/nixd/issues/357

     

       195
       195
       -
                 "nix-2.16.2"

     

       196
       196
       -
               ];

     

       197
       197
       -
             };

     

       198
       198
       -
           };

     

       188
       188
       +
             nixOnDroidConfigurations.default =

     

       189
       189
       +
               nix-on-droid.lib.nixOnDroidConfiguration {

     

       190
       190
       +
                 modules = [ ./nix-on-droid/default.nix ];

     

       191
       191
       +
                 pkgs = import nixpkgs {

     

       192
       192
       +
                   overlays = getSystemOverlays "aarch64-linux" { };

     

       193
       193
       +
                   config.permittedInsecurePackages = [

     

       194
       194
       +
                     # https://github.com/nix-community/nixd/issues/357

     

       195
       195
       +
                     "nix-2.16.2"

     

       196
       196
       +
                   ];

     

       197
       197
       +
                 };

     

       198
       198
       +
               };

     

       199
       199
        
       

     

       200
       200
       -
           legacyPackages = {

     

       201
       201
       -
             nixpkgs =

     

       202
       202
       -
               nixpkgs.lib.genAttrs nixpkgs.lib.systems.flakeExposed (system:

     

       203
       203
       -
                 nixpkgs.legacyPackages.${system}

     

       204
       204
       -
               );

     

       205
       205
       -
             nixpkgs-unstable =

     

       206
       206
       -
               nixpkgs.lib.genAttrs nixpkgs.lib.systems.flakeExposed (system:

     

       207
       207
       -
                 nixpkgs-unstable.legacyPackages.${system}

     

       208
       208
       -
               );

     

       200
       200
       +
             legacyPackages = {

     

       201
       201
       +
               nixpkgs = nixpkgs.lib.genAttrs nixpkgs.lib.systems.flakeExposed

     

       202
       202
       +
                 (system: nixpkgs.legacyPackages.${system});

     

       203
       203
       +
               nixpkgs-unstable = nixpkgs.lib.genAttrs nixpkgs.lib.systems.flakeExposed

     

       204
       204
       +
                 (system: nixpkgs-unstable.legacyPackages.${system});

     

       209
       205
        
             };

     

       206
       206
       +
       

     

       207
       207
       +
             formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt;

     

       210
       208
        
           };

     

       211
       209
        
       }

+5 -11

hosts/barnacle/default.nix

···

       23
       23
        
         networking.wireless = {

     

       24
       24
        
           # so we can use NetworkManager

     

       25
       25
        
           enable = lib.mkForce false;

     

       26
       26
       -
           networks = {

     

       27
       27
       -
             "SSID" = {

     

       28
       28
       -
               psk = "password";

     

       29
       29
       -
             };

     

       30
       30
       -
           };

     

       26
       26
       +
           networks = { "SSID" = { psk = "password"; }; };

     

       31
       27
        
         };

     

       32
       28
        
       

     

       33
       29
        
         # build with:

     

       34
       30
        
         #   nix build '/etc/nixos?submodules=1#nixosConfigurations.iso.config.system.build.isoImage'

     

       35
       35
       -
         isoImage.contents = [

     

       36
       36
       -
           {

     

       37
       37
       -
             source = ../..;

     

       38
       38
       -
             target = "nixos";

     

       39
       39
       -
           }

     

       40
       40
       -
         ];

     

       31
       31
       +
         isoImage.contents = [{

     

       32
       32
       +
           source = ../..;

     

       33
       33
       +
           target = "nixos";

     

       34
       34
       +
         }];

     

       41
       35
        
       

     

       42
       36
        
         # comment this out to make a smaller image

     

       43
       37
        
         isoImage.squashfsCompression = "gzip -Xcompression-level 1";

+20 -27

hosts/capybara/default.nix

···

       1
       1
        
       { config, pkgs, lib, nix-rpi5, ... }:

     

       2
       2
        
       

     

       3
       3
        
       {

     

       4
       4
       -
         imports = [

     

       5
       5
       -
           ./hardware-configuration.nix

     

       6
       6
       -
         ];

     

       4
       4
       +
         imports = [ ./hardware-configuration.nix ];

     

       7
       5
        
       

     

       8
       6
        
         personal = {

     

       9
       7
        
           enable = true;

     
···

       13
       11
        
       

     

       14
       12
        
         networking.networkmanager.enable = true;

     

       15
       13
        
       

     

       16
       16
       -
         boot.kernelPackages = nix-rpi5.legacyPackages.aarch64-linux.linuxPackages_rpi5;

     

       14
       14
       +
         boot.kernelPackages =

     

       15
       15
       +
           nix-rpi5.legacyPackages.aarch64-linux.linuxPackages_rpi5;

     

       17
       16
        
       

     

       18
       17
        
         networking.firewall.enable = false;

     

       19
       18
        
         networking.firewall.allowedTCPPorts = [ 44 ];

     
···

       40
       39
        
               user = "zigbee2mqtt";

     

       41
       40
        
               password = "test";

     

       42
       41
        
             };

     

       43
       43
       -
             serial = {

     

       44
       44
       -
               port = "/dev/ttyUSB0";

     

       45
       45
       -
             };

     

       46
       46
       -
             frontend = {

     

       47
       47
       -
               port = 15606;

     

       48
       48
       -
             };

     

       42
       42
       +
             serial = { port = "/dev/ttyUSB0"; };

     

       43
       43
       +
             frontend = { port = 15606; };

     

       49
       44
        
             homeassistant = true;

     

       50
       50
       -
             advanced = {

     

       51
       51
       -
               channel = 15;

     

       52
       52
       -
             };

     

       45
       45
       +
             advanced = { channel = 15; };

     

       53
       46
        
           };

     

       54
       47
        
         };

     

       55
       48
        
       

     

       56
       49
        
         services.mosquitto = {

     

       57
       50
        
           enable = true;

     

       58
       58
       -
           listeners = [

     

       59
       59
       -
             {

     

       60
       60
       -
               users = {

     

       61
       61
       -
                 zigbee2mqtt = {

     

       62
       62
       -
                   acl = [ "readwrite #" ];

     

       63
       63
       -
                   hashedPassword = "$6$nuDIW/ZPVsrDHyBe$JffJJvvMG+nH8GH9V5h4FqJkU0nfiFkDzAsdYNTHeJMgBXEX9epPkQTUdLG9L47K54vMxm/+toeMAiKD63Dfkw==";

     

       64
       64
       -
                 };

     

       65
       65
       -
                 homeassistant = {

     

       66
       66
       -
                   acl = [ "readwrite #" ];

     

       67
       67
       -
                   hashedPassword = "$7$101$wGQZPdVdeW7iQFmH$bK/VOR6LXCLJKbb6M4PNeVptocjBAWXCLMtEU5fQNBr0Y5UAWlhVg8UAu4IkIXgnViI51NnhXKykdlWF63VkVQ==";

     

       68
       68
       -
                 };

     

       51
       51
       +
           listeners = [{

     

       52
       52
       +
             users = {

     

       53
       53
       +
               zigbee2mqtt = {

     

       54
       54
       +
                 acl = [ "readwrite #" ];

     

       55
       55
       +
                 hashedPassword =

     

       56
       56
       +
                   "$6$nuDIW/ZPVsrDHyBe$JffJJvvMG+nH8GH9V5h4FqJkU0nfiFkDzAsdYNTHeJMgBXEX9epPkQTUdLG9L47K54vMxm/+toeMAiKD63Dfkw==";

     

       57
       57
       +
               };

     

       58
       58
       +
               homeassistant = {

     

       59
       59
       +
                 acl = [ "readwrite #" ];

     

       60
       60
       +
                 hashedPassword =

     

       61
       61
       +
                   "$7$101$wGQZPdVdeW7iQFmH$bK/VOR6LXCLJKbb6M4PNeVptocjBAWXCLMtEU5fQNBr0Y5UAWlhVg8UAu4IkIXgnViI51NnhXKykdlWF63VkVQ==";

     

       69
       62
        
               };

     

       70
       70
       -
             }

     

       71
       71
       -
           ];

     

       63
       63
       +
             };

     

       64
       64
       +
           }];

     

       72
       65
        
         };

     

       73
       66
        
       

     

       74
       67
        
         services.home-assistant = {

     
···

       84
       77
        
           config = {

     

       85
       78
        
             # Includes dependencies for a basic setup

     

       86
       79
        
             # https://www.home-assistant.io/integrations/default_config/

     

       87
       87
       -
             default_config = {};

     

       80
       80
       +
             default_config = { };

     

       88
       81
        
             http.use_x_forwarded_for = true;

     

       89
       82
        
             http.trusted_proxies = "100.64.0.2";

     

       90
       83
        
           };

+10 -14

hosts/capybara/hardware-configuration.nix

···

       1
       1
        
       { config, lib, pkgs, modulesPath, ... }:

     

       2
       2
        
       

     

       3
       3
        
       {

     

       4
       4
       -
         imports =

     

       5
       5
       -
           [ (modulesPath + "/installer/scan/not-detected.nix")

     

       6
       6
       -
           ];

     

       4
       4
       +
         imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];

     

       7
       5
        
       

     

       8
       6
        
         boot.loader.grub.device = "nodev";

     

       9
       7
        
         boot.loader.grub.efiSupport = true;

     
···

       14
       12
        
         boot.kernelModules = [ ];

     

       15
       13
        
         boot.extraModulePackages = [ ];

     

       16
       14
        
       

     

       17
       17
       -
         fileSystems."/" =

     

       18
       18
       -
           { device = "/dev/disk/by-uuid/4cef5b18-2c69-4f92-835d-52ac0b96256c";

     

       19
       19
       -
             fsType = "ext4";

     

       20
       20
       -
           };

     

       15
       15
       +
         fileSystems."/" = {

     

       16
       16
       +
           device = "/dev/disk/by-uuid/4cef5b18-2c69-4f92-835d-52ac0b96256c";

     

       17
       17
       +
           fsType = "ext4";

     

       18
       18
       +
         };

     

       21
       19
        
       

     

       22
       22
       -
         fileSystems."/boot" =

     

       23
       23
       -
           { device = "/dev/disk/by-uuid/63BC-60B5";

     

       24
       24
       -
             fsType = "vfat";

     

       25
       25
       -
           };

     

       20
       20
       +
         fileSystems."/boot" = {

     

       21
       21
       +
           device = "/dev/disk/by-uuid/63BC-60B5";

     

       22
       22
       +
           fsType = "vfat";

     

       23
       23
       +
         };

     

       26
       24
        
       

     

       27
       25
        
         swapDevices = [ ];

     

       28
       26
        
       

     

       29
       27
        
         networking.useDHCP = lib.mkDefault true;

     

       30
       28
        
       

     

       31
       31
       -
         boot.kernelParams = [

     

       32
       32
       -
           "video=HDMI-A-1:1024x768M@60D"

     

       33
       33
       -
         ];

     

       29
       29
       +
         boot.kernelParams = [ "video=HDMI-A-1:1024x768M@60D" ];

     

       34
       30
        
       

     

       35
       31
        
         nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";

     

       36
       32
        
       }

+58 -25

hosts/duck/default.nix

···

       1
       1
        
       { pkgs, config, lib, eilean, ryan-website, ... }:

     

       2
       2
        
       

     

       3
       3
        
       {

     

       4
       4
       -
         imports = [

     

       5
       5
       -
           ./hardware-configuration.nix

     

       6
       6
       -
         ];

     

       4
       4
       +
         imports = [ ./hardware-configuration.nix ];

     

       7
       5
        
       

     

       8
       6
        
         personal = {

     

       9
       7
        
           enable = true;

     
···

       11
       9
        
           machineColour = "green";

     

       12
       10
        
         };

     

       13
       11
        
       

     

       14
       14
       -
         swapDevices = [ { device = "/var/swap"; size = 2048; } ];

     

       12
       12
       +
         swapDevices = [{

     

       13
       13
       +
           device = "/var/swap";

     

       14
       14
       +
           size = 2048;

     

       15
       15
       +
         }];

     

       15
       16
        
       

     

       16
       16
       -
         environment.systemPackages = with pkgs; [

     

       17
       17
       -
           xe-guest-utilities

     

       18
       18
       -
         ];

     

       17
       17
       +
         environment.systemPackages = with pkgs; [ xe-guest-utilities ];

     

       19
       18
        
       

     

       20
       19
        
         eilean.services.dns = {

     

       21
       20
        
           zones."cl.freumh.org" = {

     

       22
       21
        
             soa.serial = lib.mkDefault 1;

     

       23
       23
       -
             records =

     

       24
       24
       -
               let

     

       25
       25
       -
                 ipv4 = "128.232.113.136";

     

       26
       26
       -
                 ipv6 = "2a05:b400:110:1101:d051:f2ff:fe13:3781";

     

       27
       27
       -
               in [

     

       28
       28
       -
                 { name = "@";   type = "NS"; data = "ns"; }

     

       22
       22
       +
             records = let

     

       23
       23
       +
               ipv4 = "128.232.113.136";

     

       24
       24
       +
               ipv6 = "2a05:b400:110:1101:d051:f2ff:fe13:3781";

     

       25
       25
       +
             in [

     

       26
       26
       +
               {

     

       27
       27
       +
                 name = "@";

     

       28
       28
       +
                 type = "NS";

     

       29
       29
       +
                 data = "ns";

     

       30
       30
       +
               }

     

       29
       31
        
       

     

       30
       30
       -
                 { name = "ns"; type = "A";    data = ipv4; }

     

       31
       31
       -
                 { name = "ns"; type = "AAAA"; data = ipv6; }

     

       32
       32
       +
               {

     

       33
       33
       +
                 name = "ns";

     

       34
       34
       +
                 type = "A";

     

       35
       35
       +
                 data = ipv4;

     

       36
       36
       +
               }

     

       37
       37
       +
               {

     

       38
       38
       +
                 name = "ns";

     

       39
       39
       +
                 type = "AAAA";

     

       40
       40
       +
                 data = ipv6;

     

       41
       41
       +
               }

     

       32
       42
        
       

     

       33
       33
       -
                 { name = "@";   type = "A";    data = ipv4; }

     

       34
       34
       -
                 { name = "@";   type = "AAAA"; data = ipv6; }

     

       35
       35
       -
                 { name = "vps"; type = "A";    data = ipv4; }

     

       36
       36
       -
                 { name = "vps"; type = "AAAA"; data = ipv6; }

     

       43
       43
       +
               {

     

       44
       44
       +
                 name = "@";

     

       45
       45
       +
                 type = "A";

     

       46
       46
       +
                 data = ipv4;

     

       47
       47
       +
               }

     

       48
       48
       +
               {

     

       49
       49
       +
                 name = "@";

     

       50
       50
       +
                 type = "AAAA";

     

       51
       51
       +
                 data = ipv6;

     

       52
       52
       +
               }

     

       53
       53
       +
               {

     

       54
       54
       +
                 name = "vps";

     

       55
       55
       +
                 type = "A";

     

       56
       56
       +
                 data = ipv4;

     

       57
       57
       +
               }

     

       58
       58
       +
               {

     

       59
       59
       +
                 name = "vps";

     

       60
       60
       +
                 type = "AAAA";

     

       61
       61
       +
                 data = ipv6;

     

       62
       62
       +
               }

     

       37
       63
        
             ];

     

       38
       64
        
           };

     

       39
       65
        
         };

     
···

       50
       76
        
           wantedBy = [ "multi-user.target" ];

     

       51
       77
        
           serviceConfig = {

     

       52
       78
        
             ExecStart = "${pkgs.eeww}/main.exe -p 80";

     

       53
       53
       -
             WorkingDirectory = "${ryan-website.packages.${config.nixpkgs.hostPlatform.system}.default}";

     

       79
       79
       +
             WorkingDirectory =

     

       80
       80
       +
               "${ryan-website.packages.${config.nixpkgs.hostPlatform.system}.default}";

     

       54
       81
        
             Restart = "always";

     

       55
       82
        
             RestartSec = "10s";

     

       56
       83
        
             AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];

     
···

       66
       93
        
           isSystemUser = true;

     

       67
       94
        
         };

     

       68
       95
        
       

     

       69
       69
       -
         users.groups."eeww" = {};

     

       96
       96
       +
         users.groups."eeww" = { };

     

       70
       97
        
       

     

       71
       98
        
         networking.firewall = {

     

       72
       99
        
           allowedTCPPorts = [

     

       73
       73
       -
             80   # HTTP

     

       74
       74
       -
             443  # HTTPS

     

       100
       100
       +
             80 # HTTP

     

       101
       101
       +
             443 # HTTPS

     

       75
       102
        
           ];

     

       76
       103
        
           allowedUDPPorts = [

     

       77
       77
       -
             80   # HTTP

     

       104
       104
       +
             80 # HTTP

     

       78
       105
        
           ];

     

       79
       106
        
         };

     

       80
       107
        
       

     
···

       83
       110
        
             enable = true;

     

       84
       111
        
             # TODO make this zonefile derivation a config parameter `services.eilean.services.dns.zonefile`

     

       85
       112
        
             # TODO add module in eilean for eon

     

       86
       86
       -
             zoneFile = "${import "${eilean}/modules/services/dns/zonefile.nix" { inherit pkgs config lib; zonename = "cl.freumh.org"; zone = config.eilean.services.dns.zones."cl.freumh.org"; }}/cl.freumh.org";

     

       113
       113
       +
             zoneFile = "${

     

       114
       114
       +
                 import "${eilean}/modules/services/dns/zonefile.nix" {

     

       115
       115
       +
                   inherit pkgs config lib;

     

       116
       116
       +
                   zonename = "cl.freumh.org";

     

       117
       117
       +
                   zone = config.eilean.services.dns.zones."cl.freumh.org";

     

       118
       118
       +
                 }

     

       119
       119
       +
               }/cl.freumh.org";

     

       87
       120
        
             logLevel = 1;

     

       88
       121
        
             application = "tund";

     

       89
       122
        
           };

+8 -6

hosts/duck/hardware-configuration.nix

···

       1
       1
        
       { config, lib, pkgs, modulesPath, ... }:

     

       2
       2
        
       

     

       3
       3
        
       {

     

       4
       4
       -
         boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "sr_mod" "xen_blkfront" ];

     

       4
       4
       +
         boot.initrd.availableKernelModules =

     

       5
       5
       +
           [ "ata_piix" "uhci_hcd" "sr_mod" "xen_blkfront" ];

     

       5
       6
        
         boot.initrd.kernelModules = [ ];

     

       6
       7
        
         boot.kernelModules = [ ];

     

       7
       8
        
         boot.extraModulePackages = [ ];

     

       8
       9
        
         boot.loader.grub.device = "/dev/xvda"; # or "nodev" for efi only

     

       9
       10
        
       

     

       10
       10
       -
         fileSystems."/" =

     

       11
       11
       -
           { device = "/dev/disk/by-uuid/426b9528-ccde-4438-8338-10d35cea9d16";

     

       12
       12
       -
             fsType = "ext4";

     

       13
       13
       -
           };

     

       11
       11
       +
         fileSystems."/" = {

     

       12
       12
       +
           device = "/dev/disk/by-uuid/426b9528-ccde-4438-8338-10d35cea9d16";

     

       13
       13
       +
           fsType = "ext4";

     

       14
       14
       +
         };

     

       14
       15
        
       

     

       15
       16
        
         networking.useDHCP = false;

     

       16
       17
        
       

     
···

       28
       29
        
         };

     

       29
       30
        
       

     

       30
       31
        
         nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";

     

       31
       31
       -
         hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;

     

       32
       32
       +
         hardware.cpu.intel.updateMicrocode =

     

       33
       33
       +
           lib.mkDefault config.hardware.enableRedistributableFirmware;

     

       32
       34
        
       }

+5 -21

hosts/elephant/default.nix

···

       1
       1
        
       { pkgs, config, lib, ... }:

     

       2
       2
        
       

     

       3
       3
        
       {

     

       4
       4
       -
         imports = [

     

       5
       5
       -
           ./hardware-configuration.nix

     

       6
       6
       -
           ./zfs.nix

     

       7
       7
       -
           ./services.nix

     

       8
       8
       -
         ];

     

       4
       4
       +
         imports = [ ./hardware-configuration.nix ./zfs.nix ./services.nix ];

     

       9
       5
        
       

     

       10
       6
        
         personal = {

     

       11
       7
        
           enable = true;

     
···

       20
       16
        
           restic

     

       21
       17
        
         ];

     

       22
       18
        
       

     

       23
       23
       -
         eilean = {

     

       24
       24
       -
           publicInterface = "enp1s0";

     

       25
       25
       -
         };

     

       19
       19
       +
         eilean = { publicInterface = "enp1s0"; };

     

       26
       20
        
       

     

       27
       21
        
         powerManagement = {

     

       28
       22
        
           powertop.enable = true;

     
···

       41
       35
        
           repositoryFile = config.age.secrets.restic-repo.path;

     

       42
       36
        
           passwordFile = config.age.secrets.restic-elephant.path;

     

       43
       37
        
           initialize = true;

     

       44
       44
       -
           paths = [

     

       45
       45
       -
             "/tank/family/mp4/"

     

       46
       46
       -
             "/tank/family/other/"

     

       47
       47
       -
             "/tank/photos/"

     

       48
       48
       -
           ];

     

       49
       49
       -
           timerConfig = {

     

       50
       50
       -
             OnCalendar = "03:00";

     

       51
       51
       -
           };

     

       52
       52
       -
           pruneOpts = [

     

       53
       53
       -
             "--keep-daily 7"

     

       54
       54
       -
             "--keep-weekly 4"

     

       55
       55
       -
             "--keep-yearly 10"

     

       56
       56
       -
           ];

     

       38
       38
       +
           paths = [ "/tank/family/mp4/" "/tank/family/other/" "/tank/photos/" ];

     

       39
       39
       +
           timerConfig = { OnCalendar = "03:00"; };

     

       40
       40
       +
           pruneOpts = [ "--keep-daily 7" "--keep-weekly 4" "--keep-yearly 10" ];

     

       57
       41
        
         };

     

       58
       42
        
       

     

       59
       43
        
         # Add hardware transcoding support to `ffmpeg_6` and derived packages (like jellyfin-ffmpeg)

+17 -14

hosts/elephant/hardware-configuration.nix

···

       1
       1
        
       { config, lib, pkgs, modulesPath, ... }:

     

       2
       2
        
       

     

       3
       3
        
       {

     

       4
       4
       -
         imports =

     

       5
       5
       -
           [ (modulesPath + "/installer/scan/not-detected.nix")

     

       6
       6
       -
           ];

     

       4
       4
       +
         imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];

     

       7
       5
        
       

     

       8
       8
       -
         boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];

     

       6
       6
       +
         boot.initrd.availableKernelModules =

     

       7
       7
       +
           [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];

     

       9
       8
        
         boot.initrd.kernelModules = [ ];

     

       10
       9
        
         boot.kernelModules = [ "kvm-intel" ];

     

       11
       10
        
         boot.extraModulePackages = [ ];

     

       12
       11
        
       

     

       13
       12
        
         boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;

     

       14
       13
        
       

     

       15
       15
       -
         fileSystems."/" =

     

       16
       16
       -
           { device = "/dev/disk/by-uuid/d1b7f032-9c43-4a57-b531-4b1d6f88c999";

     

       17
       17
       -
             fsType = "ext4";

     

       18
       18
       -
           };

     

       14
       14
       +
         fileSystems."/" = {

     

       15
       15
       +
           device = "/dev/disk/by-uuid/d1b7f032-9c43-4a57-b531-4b1d6f88c999";

     

       16
       16
       +
           fsType = "ext4";

     

       17
       17
       +
         };

     

       19
       18
        
       

     

       20
       20
       -
         fileSystems."/boot" =

     

       21
       21
       -
           { device = "/dev/disk/by-uuid/0CC6-561D";

     

       22
       22
       -
             fsType = "vfat";

     

       23
       23
       -
           };

     

       19
       19
       +
         fileSystems."/boot" = {

     

       20
       20
       +
           device = "/dev/disk/by-uuid/0CC6-561D";

     

       21
       21
       +
           fsType = "vfat";

     

       22
       22
       +
         };

     

       24
       23
        
       

     

       25
       25
       -
         swapDevices = [ { device = "/var/swap"; size = 16384; } ];

     

       24
       24
       +
         swapDevices = [{

     

       25
       25
       +
           device = "/var/swap";

     

       26
       26
       +
           size = 16384;

     

       27
       27
       +
         }];

     

       26
       28
        
       

     

       27
       29
        
         networking.useDHCP = lib.mkDefault true;

     

       28
       30
        
       

     

       29
       31
        
         nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";

     

       30
       30
       -
         hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;

     

       32
       32
       +
         hardware.cpu.intel.updateMicrocode =

     

       33
       33
       +
           lib.mkDefault config.hardware.enableRedistributableFirmware;

     

       31
       34
        
       

     

       32
       35
        
         boot.loader.grub = {

     

       33
       36
        
           enable = true;

+6 -6

hosts/elephant/services.nix

···

       114
       114
        
           #backups.owl = {

     

       115
       115
        
           #  repository = "${config.services.restic.server.dataDir}/owl";

     

       116
       116
        
           #  passwordFile = "${config.custom.secretsDir}/restic-password-owl";

     

       117
       117
       -
       	  #  timerConfig = {

     

       118
       118
       -
       	  #    OnCalendar = "02:00";

     

       119
       119
       -
       	  #  };

     

       117
       117
       +
           #  timerConfig = {

     

       118
       118
       +
           #    OnCalendar = "02:00";

     

       119
       119
       +
           #  };

     

       120
       120
        
           #  pruneOpts = [

     

       121
       121
        
           #    "--keep-daily 7"

     

       122
       122
        
           #    "--keep-weekly 5"

     
···

       127
       127
        
           #backups.gecko = {

     

       128
       128
        
           #  repository = "${config.services.restic.server.dataDir}/gecko";

     

       129
       129
        
           #  passwordFile = "${config.custom.secretsDir}/restic-password-gecko";

     

       130
       130
       -
       	  #  timerConfig = {

     

       131
       131
       -
       	  #    OnCalendar = "02:00";

     

       132
       132
       -
       	  #  };

     

       130
       130
       +
           #  timerConfig = {

     

       131
       131
       +
           #    OnCalendar = "02:00";

     

       132
       132
       +
           #  };

     

       133
       133
        
           #  pruneOpts = [

     

       134
       134
        
           #    "--keep-daily 7"

     

       135
       135
        
           #    "--keep-weekly 5"

+8 -16

hosts/gecko/default.nix

···

       1
       1
        
       { pkgs, lib, config, ... }:

     

       2
       2
        
       

     

       3
       3
        
       {

     

       4
       4
       -
         imports = [

     

       5
       5
       -
           ./hardware-configuration.nix

     

       6
       6
       -
         ];

     

       4
       4
       +
         imports = [ ./hardware-configuration.nix ];

     

       7
       5
        
       

     

       8
       6
        
         personal = {

     

       9
       7
        
           enable = true;

     
···

       28
       26
        
       

     

       29
       27
        
         environment.systemPackages = with pkgs; [

     

       30
       28
        
           dell-command-configure

     

       31
       31
       -
           (python3.withPackages (p: with p; [

     

       32
       32
       -
             numpy

     

       33
       33
       -
             matplotlib

     

       34
       34
       -
             pandas

     

       35
       35
       -
           ]))

     

       29
       29
       +
           (python3.withPackages (p: with p; [ numpy matplotlib pandas ]))

     

       36
       30
        
           python39Packages.pip

     

       37
       31
        
           jupyter

     

       38
       32
        
           #vagrant

     
···

       79
       73
        
       

     

       80
       74
        
         #system.includeBuildDependencies = true;

     

       81
       75
        
         nix = {

     

       82
       82
       -
           buildMachines = [ {

     

       76
       76
       +
           buildMachines = [{

     

       83
       77
        
             hostName = "rtg24@daintree.cl.cam.ac.uk";

     

       84
       78
        
             system = "x86_64-linux";

     

       85
       79
        
             protocol = "ssh-ng";

     
···

       87
       81
        
             speedFactor = 2;

     

       88
       82
        
             supportedFeatures = [ "benchmark" "big-parallel" "kvm" ];

     

       89
       83
        
             mandatoryFeatures = [ ];

     

       90
       90
       -
           }] ;

     

       84
       84
       +
           }];

     

       91
       85
        
           distributedBuilds = true;

     

       92
       86
        
           extraOptions = ''

     

       93
       87
        
             builders-use-substitutes = true

     

       94
       94
       -
             '';

     

       88
       88
       +
           '';

     

       95
       89
        
         };

     

       96
       90
        
       

     

       97
       91
        
         age.secrets.restic-gecko.file = ../../secrets/restic-gecko.age;

     
···

       109
       103
        
             "/home/${config.custom.username}/.cache"

     

       110
       104
        
             "/home/${config.custom.username}/.local/share/Steam"

     

       111
       105
        
           ];

     

       112
       112
       -
           timerConfig = {

     

       113
       113
       -
             OnUnitActiveSec = "1d";

     

       114
       114
       -
           };

     

       106
       106
       +
           timerConfig = { OnUnitActiveSec = "1d"; };

     

       115
       107
        
           extraBackupArgs = [ "-vv" ];

     

       116
       108
        
         };

     

       117
       109
        
       

     
···

       137
       129
        
           };

     

       138
       130
        
       

     

       139
       131
        
           environment.DBUS_SESSION_BUS_ADDRESS = "unix:path=/run/user/${

     

       140
       140
       -
             toString config.users.users.${config.custom.username}.uid

     

       141
       141
       -
           }/bus";

     

       132
       132
       +
               toString config.users.users.${config.custom.username}.uid

     

       133
       133
       +
             }/bus";

     

       142
       134
        
       

     

       143
       135
        
           script = ''

     

       144
       136
        
             ${pkgs.libnotify}/bin/notify-send --urgency=critical \

+17 -14

hosts/gecko/hardware-configuration.nix

···

       1
       1
        
       { config, lib, pkgs, modulesPath, ... }:

     

       2
       2
        
       

     

       3
       3
        
       {

     

       4
       4
       -
         imports =

     

       5
       5
       -
           [ (modulesPath + "/installer/scan/not-detected.nix")

     

       6
       6
       -
           ];

     

       4
       4
       +
         imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];

     

       7
       5
        
       

     

       8
       8
       -
         boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usbhid" "rtsx_pci_sdmmc" ];

     

       6
       6
       +
         boot.initrd.availableKernelModules =

     

       7
       7
       +
           [ "xhci_pci" "thunderbolt" "nvme" "usbhid" "rtsx_pci_sdmmc" ];

     

       9
       8
        
         boot.initrd.kernelModules = [ ];

     

       10
       9
        
         boot.kernelModules = [ "kvm-intel" ];

     

       11
       10
        
         boot.extraModulePackages = [ ];

     

       12
       11
        
       

     

       13
       13
       -
         fileSystems."/" =

     

       14
       14
       -
           { device = "/dev/disk/by-uuid/b949a6f8-8f30-4f68-9622-ae0f013bce8a";

     

       15
       15
       -
             fsType = "ext4";

     

       16
       16
       -
           };

     

       12
       12
       +
         fileSystems."/" = {

     

       13
       13
       +
           device = "/dev/disk/by-uuid/b949a6f8-8f30-4f68-9622-ae0f013bce8a";

     

       14
       14
       +
           fsType = "ext4";

     

       15
       15
       +
         };

     

       17
       16
        
       

     

       18
       18
       -
         fileSystems."/boot" =

     

       19
       19
       -
           { device = "/dev/disk/by-uuid/A49E-420F";

     

       20
       20
       -
             fsType = "vfat";

     

       21
       21
       -
           };

     

       17
       17
       +
         fileSystems."/boot" = {

     

       18
       18
       +
           device = "/dev/disk/by-uuid/A49E-420F";

     

       19
       19
       +
           fsType = "vfat";

     

       20
       20
       +
         };

     

       22
       21
        
       

     

       23
       23
       -
         swapDevices = [ { device = "/var/swap"; size = 16384; } ];

     

       22
       22
       +
         swapDevices = [{

     

       23
       23
       +
           device = "/var/swap";

     

       24
       24
       +
           size = 16384;

     

       25
       25
       +
         }];

     

       24
       26
        
         boot.resumeDevice = "/dev/disk/by-label/nixos";

     

       25
       27
        
         # https://wiki.archlinux.org/title/Power_management/Suspend_and_hibernate#Hibernation_into_swap_file

     

       26
       28
        
         boot.kernelParams = [ "mem_sleep_default=deep" "resume_offset=142587904" ];

     

       27
       29
        
       

     

       28
       30
        
         powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";

     

       29
       29
       -
         hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;

     

       31
       31
       +
         hardware.cpu.intel.updateMicrocode =

     

       32
       32
       +
           lib.mkDefault config.hardware.enableRedistributableFirmware;

     

       30
       33
        
       

     

       31
       34
        
         nixpkgs.hostPlatform = "x86_64-linux";

     

       32
       35
        
       }

+9 -10

hosts/mouse/installer.nix

···

       9
       9
        
       # To automatically join a Tailscale network at freumh.org add the secret in a `headscale` file

     

       10
       10
        
       # in the project root.

     

       11
       11
        
       {

     

       12
       12
       -
         imports = [

     

       13
       13
       -
           "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-raspberrypi.nix"

     

       14
       14
       -
         ];

     

       12
       12
       +
         imports =

     

       13
       13
       +
           [ "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-raspberrypi.nix" ];

     

       15
       14
        
       

     

       16
       15
        
         # from hardware-configuration.nix

     

       17
       16
        
         # https://github.com/NixOS/nixpkgs/issues/141470#issuecomment-996202318

     
···

       34
       33
        
         '';

     

       35
       34
        
       

     

       36
       35
        
         users = let

     

       37
       37
       -
           hashedPassword = "$6$IPvnJnu6/fp1Jxfy$U6EnzYDOC2NqE4iqRrkJJbSTHHNWk0KwK1xyk9jEvlu584UWQLyzDVF5I1Sh47wQhSVrvUI4mrqw6XTTjfPj6.";

     

       36
       36
       +
           hashedPassword =

     

       37
       37
       +
             "$6$IPvnJnu6/fp1Jxfy$U6EnzYDOC2NqE4iqRrkJJbSTHHNWk0KwK1xyk9jEvlu584UWQLyzDVF5I1Sh47wQhSVrvUI4mrqw6XTTjfPj6.";

     

       38
       38
        
         in {

     

       39
       39
        
           mutableUsers = false;

     

       40
       40
        
           users.ryan = {

     
···

       43
       43
        
               "wheel" # enable sudo

     

       44
       44
        
             ];

     

       45
       45
        
             hashedPassword = hashedPassword;

     

       46
       46
       -
             openssh.authorizedKeys.keyFiles = [ ../../modules/personal/authorized_keys ];

     

       46
       46
       +
             openssh.authorizedKeys.keyFiles =

     

       47
       47
       +
               [ ../../modules/personal/authorized_keys ];

     

       47
       48
        
           };

     

       48
       49
        
           users.root = {

     

       49
       50
        
             hashedPassword = hashedPassword;

     

       50
       50
       -
             openssh.authorizedKeys.keyFiles = [ ../../modules/personal/authorized_keys ];

     

       51
       51
       +
             openssh.authorizedKeys.keyFiles =

     

       52
       52
       +
               [ ../../modules/personal/authorized_keys ];

     

       51
       53
        
           };

     

       52
       54
        
         };

     

       53
       55
        
       

     

       54
       54
       -
         environment.systemPackages = with pkgs; [

     

       55
       55
       -
           vim

     

       56
       56
       -
           tmux

     

       57
       57
       -
         ];

     

       56
       56
       +
         environment.systemPackages = with pkgs; [ vim tmux ];

     

       58
       57
        
       

     

       59
       58
        
         services.tailscale = {

     

       60
       59
        
           enable = true;

+30 -40

hosts/mouse/sd-image.nix

···

       1
       1
        
       { nixpkgs, lib, pkgs, config, ... }:

     

       2
       2
        
       

     

       3
       3
        
       {

     

       4
       4
       -
         imports = [

     

       5
       5
       -
           "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-raspberrypi.nix"

     

       6
       6
       -
         ];

     

       4
       4
       +
         imports =

     

       5
       5
       +
           [ "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-raspberrypi.nix" ];

     

       7
       6
        
       

     

       8
       7
        
         # from hardware-configuration.nix

     

       9
       8
        
         # https://github.com/NixOS/nixpkgs/issues/141470#issuecomment-996202318

     
···

       14
       13
        
         boot.kernelModules = [ ];

     

       15
       14
        
         boot.extraModulePackages = [ ];

     

       16
       15
        
       

     

       17
       17
       -
         swapDevices = [ { device = "/var/swap"; size = 4096; } ];

     

       16
       16
       +
         swapDevices = [{

     

       17
       17
       +
           device = "/var/swap";

     

       18
       18
       +
           size = 4096;

     

       19
       19
       +
         }];

     

       18
       20
        
       

     

       19
       21
        
         networking.useDHCP = lib.mkDefault true;

     

       20
       22
        
       

     

       21
       23
        
         hardware.enableRedistributableFirmware = lib.mkDefault true;

     

       22
       22
       -
       

     

       23
       24
        
       

     

       24
       25
        
         # https://discourse.nixos.org/t/building-libcamera-for-raspberry-pi/26133/7

     

       25
       26
        
         nixpkgs.hostPlatform = {

     
···

       34
       35
        
         networking.hostName = "mouse";

     

       35
       36
        
       

     

       36
       37
        
         users = let

     

       37
       37
       -
           hashedPassword = "$6$IPvnJnu6/fp1Jxfy$U6EnzYDOC2NqE4iqRrkJJbSTHHNWk0KwK1xyk9jEvlu584UWQLyzDVF5I1Sh47wQhSVrvUI4mrqw6XTTjfPj6.";

     

       38
       38
       +
           hashedPassword =

     

       39
       39
       +
             "$6$IPvnJnu6/fp1Jxfy$U6EnzYDOC2NqE4iqRrkJJbSTHHNWk0KwK1xyk9jEvlu584UWQLyzDVF5I1Sh47wQhSVrvUI4mrqw6XTTjfPj6.";

     

       38
       40
        
         in {

     

       39
       41
        
           mutableUsers = false;

     

       40
       42
        
           users.ryan = {

     
···

       43
       45
        
               "wheel" # enable sudo

     

       44
       46
        
             ];

     

       45
       47
        
             hashedPassword = hashedPassword;

     

       46
       46
       -
             openssh.authorizedKeys.keyFiles = [ ../../modules/personal/authorized_keys ];

     

       48
       48
       +
             openssh.authorizedKeys.keyFiles =

     

       49
       49
       +
               [ ../../modules/personal/authorized_keys ];

     

       47
       50
        
           };

     

       48
       51
        
           users.root = {

     

       49
       52
        
             hashedPassword = hashedPassword;

     

       50
       50
       -
             openssh.authorizedKeys.keyFiles = [ ../../modules/personal/authorized_keys ];

     

       53
       53
       +
             openssh.authorizedKeys.keyFiles =

     

       54
       54
       +
               [ ../../modules/personal/authorized_keys ];

     

       51
       55
        
           };

     

       52
       56
        
         };

     

       53
       57
        
       

     

       54
       54
       -
         environment.systemPackages = with pkgs; [

     

       55
       55
       -
           vim

     

       56
       56
       -
         ];

     

       58
       58
       +
         environment.systemPackages = with pkgs; [ vim ];

     

       57
       59
        
       

     

       58
       60
        
         services.tailscale = {

     

       59
       61
        
           enable = true;

     
···

       94
       96
        
               user = "zigbee2mqtt";

     

       95
       97
        
               password = "test";

     

       96
       98
        
             };

     

       97
       97
       -
             serial = {

     

       98
       98
       -
               port = "/dev/ttyUSB0";

     

       99
       99
       -
             };

     

       99
       99
       +
             serial = { port = "/dev/ttyUSB0"; };

     

       100
       100
        
             frontend = {

     

       101
       101
        
               port = 15606;

     

       102
       102
        
               url = "http://mouse";

     

       103
       103
        
             };

     

       104
       104
        
             homeassistant = true;

     

       105
       105
       -
             advanced = {

     

       106
       106
       -
               channel = 15;

     

       107
       107
       -
             };

     

       105
       105
       +
             advanced = { channel = 15; };

     

       108
       106
        
           };

     

       109
       107
        
         };

     

       110
       108
        
       

     

       111
       109
        
         services.mosquitto = {

     

       112
       110
        
           enable = true;

     

       113
       113
       -
           listeners = [

     

       114
       114
       -
             {

     

       115
       115
       -
               users = {

     

       116
       116
       -
                 zigbee2mqtt = {

     

       117
       117
       -
                   acl = [ "readwrite #" ];

     

       118
       118
       -
                   hashedPassword = "$6$nuDIW/ZPVsrDHyBe$JffJJvvMG+nH8GH9V5h4FqJkU0nfiFkDzAsdYNTHeJMgBXEX9epPkQTUdLG9L47K54vMxm/+toeMAiKD63Dfkw==";

     

       119
       119
       -
                 };

     

       120
       120
       -
                 homeassistant = {

     

       121
       121
       -
                   acl = [ "readwrite #" ];

     

       122
       122
       -
                   hashedPassword = "$7$101$wGQZPdVdeW7iQFmH$bK/VOR6LXCLJKbb6M4PNeVptocjBAWXCLMtEU5fQNBr0Y5UAWlhVg8UAu4IkIXgnViI51NnhXKykdlWF63VkVQ==";

     

       123
       123
       -
                 };

     

       111
       111
       +
           listeners = [{

     

       112
       112
       +
             users = {

     

       113
       113
       +
               zigbee2mqtt = {

     

       114
       114
       +
                 acl = [ "readwrite #" ];

     

       115
       115
       +
                 hashedPassword =

     

       116
       116
       +
                   "$6$nuDIW/ZPVsrDHyBe$JffJJvvMG+nH8GH9V5h4FqJkU0nfiFkDzAsdYNTHeJMgBXEX9epPkQTUdLG9L47K54vMxm/+toeMAiKD63Dfkw==";

     

       117
       117
       +
               };

     

       118
       118
       +
               homeassistant = {

     

       119
       119
       +
                 acl = [ "readwrite #" ];

     

       120
       120
       +
                 hashedPassword =

     

       121
       121
       +
                   "$7$101$wGQZPdVdeW7iQFmH$bK/VOR6LXCLJKbb6M4PNeVptocjBAWXCLMtEU5fQNBr0Y5UAWlhVg8UAu4IkIXgnViI51NnhXKykdlWF63VkVQ==";

     

       124
       122
        
               };

     

       125
       125
       -
             }

     

       126
       126
       -
           ];

     

       123
       123
       +
             };

     

       124
       124
       +
           }];

     

       127
       125
        
         };

     

       128
       126
        
       

     

       129
       127
        
         services.home-assistant = {

     

       130
       128
        
           enable = true;

     

       131
       131
       -
           extraComponents = [

     

       132
       132
       -
             "esphome"

     

       133
       133
       -
             "met"

     

       134
       134
       -
             "radio_browser"

     

       135
       135
       -
             "mqtt"

     

       136
       136
       -
             "zha"

     

       137
       137
       -
           ];

     

       138
       138
       -
           config = {

     

       139
       139
       -
             default_config = {};

     

       140
       140
       -
           };

     

       129
       129
       +
           extraComponents = [ "esphome" "met" "radio_browser" "mqtt" "zha" ];

     

       130
       130
       +
           config = { default_config = { }; };

     

       141
       131
        
         };

     

       142
       132
        
       }

+143 -53

hosts/owl/default.nix

···

       46
       46
        
           ${config.networking.domain} = {

     

       47
       47
        
             soa.serial = 2018011658;

     

       48
       48
        
             records = [

     

       49
       49
       -
               { name = "@"; type = "TXT"; data = "google-site-verification=rEvwSqf7RYKRQltY412qMtTuoxPp64O3L7jMotj9Jnc"; }

     

       50
       50
       -
               { name = "teapot"; type = "CNAME"; data = "vps"; }

     

       49
       49
       +
               {

     

       50
       50
       +
                 name = "@";

     

       51
       51
       +
                 type = "TXT";

     

       52
       52
       +
                 data =

     

       53
       53
       +
                   "google-site-verification=rEvwSqf7RYKRQltY412qMtTuoxPp64O3L7jMotj9Jnc";

     

       54
       54
       +
               }

     

       55
       55
       +
               {

     

       56
       56
       +
                 name = "teapot";

     

       57
       57
       +
                 type = "CNAME";

     

       58
       58
       +
                 data = "vps";

     

       59
       59
       +
               }

     

       51
       60
        
       

     

       52
       52
       -
               { name = "@";   type = "NS"; data = "ns1"; }

     

       53
       53
       -
               { name = "@";   type = "NS"; data = "ns2"; }

     

       61
       61
       +
               {

     

       62
       62
       +
                 name = "@";

     

       63
       63
       +
                 type = "NS";

     

       64
       64
       +
                 data = "ns1";

     

       65
       65
       +
               }

     

       66
       66
       +
               {

     

       67
       67
       +
                 name = "@";

     

       68
       68
       +
                 type = "NS";

     

       69
       69
       +
                 data = "ns2";

     

       70
       70
       +
               }

     

       54
       71
        
       

     

       55
       55
       -
               { name = "ns1"; type = "A";    data = config.eilean.serverIpv4; }

     

       56
       56
       -
               { name = "ns1"; type = "AAAA"; data = config.eilean.serverIpv6; }

     

       57
       57
       -
               { name = "ns2"; type = "A";    data = config.eilean.serverIpv4; }

     

       58
       58
       -
               { name = "ns2"; type = "AAAA"; data = config.eilean.serverIpv6; }

     

       72
       72
       +
               {

     

       73
       73
       +
                 name = "ns1";

     

       74
       74
       +
                 type = "A";

     

       75
       75
       +
                 data = config.eilean.serverIpv4;

     

       76
       76
       +
               }

     

       77
       77
       +
               {

     

       78
       78
       +
                 name = "ns1";

     

       79
       79
       +
                 type = "AAAA";

     

       80
       80
       +
                 data = config.eilean.serverIpv6;

     

       81
       81
       +
               }

     

       82
       82
       +
               {

     

       83
       83
       +
                 name = "ns2";

     

       84
       84
       +
                 type = "A";

     

       85
       85
       +
                 data = config.eilean.serverIpv4;

     

       86
       86
       +
               }

     

       87
       87
       +
               {

     

       88
       88
       +
                 name = "ns2";

     

       89
       89
       +
                 type = "AAAA";

     

       90
       90
       +
                 data = config.eilean.serverIpv6;

     

       91
       91
       +
               }

     

       59
       92
        
       

     

       60
       60
       -
               { name = "@";   type = "A";    data = config.eilean.serverIpv4; }

     

       61
       61
       -
               { name = "@";   type = "AAAA"; data = config.eilean.serverIpv6; }

     

       62
       62
       -
               { name = "vps"; type = "A";    data = config.eilean.serverIpv4; }

     

       63
       63
       -
               { name = "vps"; type = "AAAA"; data = config.eilean.serverIpv6; }

     

       93
       93
       +
               {

     

       94
       94
       +
                 name = "@";

     

       95
       95
       +
                 type = "A";

     

       96
       96
       +
                 data = config.eilean.serverIpv4;

     

       97
       97
       +
               }

     

       98
       98
       +
               {

     

       99
       99
       +
                 name = "@";

     

       100
       100
       +
                 type = "AAAA";

     

       101
       101
       +
                 data = config.eilean.serverIpv6;

     

       102
       102
       +
               }

     

       103
       103
       +
               {

     

       104
       104
       +
                 name = "vps";

     

       105
       105
       +
                 type = "A";

     

       106
       106
       +
                 data = config.eilean.serverIpv4;

     

       107
       107
       +
               }

     

       108
       108
       +
               {

     

       109
       109
       +
                 name = "vps";

     

       110
       110
       +
                 type = "AAAA";

     

       111
       111
       +
                 data = config.eilean.serverIpv6;

     

       112
       112
       +
               }

     

       64
       113
        
       

     

       65
       65
       -
               { name = "@"; type = "LOC"; data = "52 12 40.4 N 0 5 31.9 E 22m 10m 10m 10m"; }

     

       114
       114
       +
               {

     

       115
       115
       +
                 name = "@";

     

       116
       116
       +
                 type = "LOC";

     

       117
       117
       +
                 data = "52 12 40.4 N 0 5 31.9 E 22m 10m 10m 10m";

     

       118
       118
       +
               }

     

       66
       119
        
       

     

       67
       67
       -
               { name = "ns.cl"; type = "A"; data = "128.232.113.136"; }

     

       68
       68
       -
               { name = "cl"; type = "NS"; data = "ns.cl"; }

     

       120
       120
       +
               {

     

       121
       121
       +
                 name = "ns.cl";

     

       122
       122
       +
                 type = "A";

     

       123
       123
       +
                 data = "128.232.113.136";

     

       124
       124
       +
               }

     

       125
       125
       +
               {

     

       126
       126
       +
                 name = "cl";

     

       127
       127
       +
                 type = "NS";

     

       128
       128
       +
                 data = "ns.cl";

     

       129
       129
       +
               }

     

       69
       130
        
       

     

       70
       70
       -
               { name = "ns1.eilean"; type = "A"; data = "65.109.10.223"; }

     

       71
       71
       -
               { name = "eilean"; type = "NS"; data = "ns1.eilean"; }

     

       131
       131
       +
               {

     

       132
       132
       +
                 name = "ns1.eilean";

     

       133
       133
       +
                 type = "A";

     

       134
       134
       +
                 data = "65.109.10.223";

     

       135
       135
       +
               }

     

       136
       136
       +
               {

     

       137
       137
       +
                 name = "eilean";

     

       138
       138
       +
                 type = "NS";

     

       139
       139
       +
                 data = "ns1.eilean";

     

       140
       140
       +
               }

     

       72
       141
        
       

     

       73
       73
       -
               { name = "shrew"; type = "CNAME"; data = "vps"; }

     

       142
       142
       +
               {

     

       143
       143
       +
                 name = "shrew";

     

       144
       144
       +
                 type = "CNAME";

     

       145
       145
       +
                 data = "vps";

     

       146
       146
       +
               }

     

       74
       147
        
       

     

       75
       148
        
               # generate with

     

       76
       149
        
               #   sudo openssl x509 -in /var/lib/acme/mail.freumh.org/fullchain.pem -pubkey -noout | openssl pkey -pubin -outform der | sha256sum | awk '{print "3 1 1", $1}'

     

       77
       77
       -
               { name = "_25._tcp.mail"; type = "TLSA"; data = "3 1 1 2f0fd413f063c75141937dd196a9f4ab66139d599e0dcf2a7ce6d557647e26a6"; }

     

       150
       150
       +
               {

     

       151
       151
       +
                 name = "_25._tcp.mail";

     

       152
       152
       +
                 type = "TLSA";

     

       153
       153
       +
                 data =

     

       154
       154
       +
                   "3 1 1 2f0fd413f063c75141937dd196a9f4ab66139d599e0dcf2a7ce6d557647e26a6";

     

       155
       155
       +
               }

     

       78
       156
        
               # generate with

     

       79
       157
        
               #   for i in r3 e1 r4-cross-signed e2

     

       80
       158
        
               #   openssl x509 -in ~/downloads/lets-encrypt-$i.pem -pubkey -noout | openssl pkey -pubin -outform der | sha256sum | awk '{print "2 1 1", $1}'

     

       81
       159
        
               # LE R3

     

       82
       82
       -
               { name = "_25._tcp.mail"; type = "TLSA"; data = "2 1 1 8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d"; }

     

       160
       160
       +
               {

     

       161
       161
       +
                 name = "_25._tcp.mail";

     

       162
       162
       +
                 type = "TLSA";

     

       163
       163
       +
                 data =

     

       164
       164
       +
                   "2 1 1 8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d";

     

       165
       165
       +
               }

     

       83
       166
        
               # LE E1

     

       84
       84
       -
               { name = "_25._tcp.mail"; type = "TLSA"; data = "2 1 1 276fe8a8c4ec7611565bf9fce6dcace9be320c1b5bea27596b2204071ed04f10"; }

     

       167
       167
       +
               {

     

       168
       168
       +
                 name = "_25._tcp.mail";

     

       169
       169
       +
                 type = "TLSA";

     

       170
       170
       +
                 data =

     

       171
       171
       +
                   "2 1 1 276fe8a8c4ec7611565bf9fce6dcace9be320c1b5bea27596b2204071ed04f10";

     

       172
       172
       +
               }

     

       85
       173
        
               # LE R4

     

       86
       86
       -
               { name = "_25._tcp.mail"; type = "TLSA"; data = "2 1 1 e5545e211347241891c554a03934cde9b749664a59d26d615fe58f77990f2d03"; }

     

       174
       174
       +
               {

     

       175
       175
       +
                 name = "_25._tcp.mail";

     

       176
       176
       +
                 type = "TLSA";

     

       177
       177
       +
                 data =

     

       178
       178
       +
                   "2 1 1 e5545e211347241891c554a03934cde9b749664a59d26d615fe58f77990f2d03";

     

       179
       179
       +
               }

     

       87
       180
        
               # LE E2

     

       88
       88
       -
               { name = "_25._tcp.mail"; type = "TLSA"; data = "2 1 1 bd936e72b212ef6f773102c6b77d38f94297322efc25396bc3279422e0c89270"; }

     

       181
       181
       +
               {

     

       182
       182
       +
                 name = "_25._tcp.mail";

     

       183
       183
       +
                 type = "TLSA";

     

       184
       184
       +
                 data =

     

       185
       185
       +
                   "2 1 1 bd936e72b212ef6f773102c6b77d38f94297322efc25396bc3279422e0c89270";

     

       186
       186
       +
               }

     

       89
       187
        
             ];

     

       90
       188
        
           };

     

       91
       189
        
           "fn06.org" = {

     

       92
       190
        
             soa.serial = 1706745601;

     

       93
       93
       -
             records = [

     

       94
       94
       -
               {

     

       95
       95
       -
                 name = "capybara.fn06.org";

     

       96
       96
       -
                 type = "CNAME";

     

       97
       97
       -
                 data = "fn06.org";

     

       98
       98
       -
               }

     

       99
       99
       -
             ];

     

       191
       191
       +
             records = [{

     

       192
       192
       +
               name = "capybara.fn06.org";

     

       193
       193
       +
               type = "CNAME";

     

       194
       194
       +
               data = "fn06.org";

     

       195
       195
       +
             }];

     

       100
       196
        
           };

     

       101
       197
        
         };

     

       102
       198
        
         services.bind.zones.${config.networking.domain}.extraConfig = ''

     
···

       104
       200
        
           inline-signing yes;

     

       105
       201
        
           journal "${config.services.bind.directory}/${config.networking.domain}.signed.jnl";

     

       106
       202
        
         '' +

     

       107
       107
       -
         # dig ns org +short | xargs dig +short

     

       108
       108
       -
         # replace with `checkds true;` in bind 9.20

     

       109
       109
       -
         ''

     

       110
       110
       -
           parental-agents {

     

       111
       111
       -
             199.19.56.1;

     

       112
       112
       -
             199.249.112.1;

     

       113
       113
       -
             199.19.54.1;

     

       114
       114
       -
             199.249.120.1;

     

       115
       115
       -
             199.19.53.1;

     

       116
       116
       -
             199.19.57.1;

     

       117
       117
       -
           };

     

       118
       118
       -
         '';

     

       203
       203
       +
           # dig ns org +short | xargs dig +short

     

       204
       204
       +
           # replace with `checkds true;` in bind 9.20

     

       205
       205
       +
           ''

     

       206
       206
       +
             parental-agents {

     

       207
       207
       +
               199.19.56.1;

     

       208
       208
       +
               199.249.112.1;

     

       209
       209
       +
               199.19.54.1;

     

       210
       210
       +
               199.249.120.1;

     

       211
       211
       +
               199.19.53.1;

     

       212
       212
       +
               199.19.57.1;

     

       213
       213
       +
             };

     

       214
       214
       +
           '';

     

       119
       215
        
       

     

       120
       120
       -
         

     

       121
       216
        
         services.nginx.commonHttpConfig = ''

     

       122
       217
        
           add_header Strict-Transport-Security max-age=31536000 always;

     

       123
       218
        
           add_header X-Frame-Options SAMEORIGIN always;

     
···

       234
       329
        
           repository = "rest:http://100.64.0.9:8000/${config.networking.hostName}/";

     

       235
       330
        
           passwordFile = config.age.secrets.restic-owl.path;

     

       236
       331
        
           initialize = true;

     

       237
       237
       -
           paths = [

     

       238
       238
       -
             "/var/"

     

       239
       239
       -
             "/run/"

     

       240
       240
       -
             "/etc/"

     

       241
       241
       -
           ];

     

       332
       332
       +
           paths = [ "/var/" "/run/" "/etc/" ];

     

       242
       333
        
           timerConfig = {

     

       243
       334
        
             OnCalendar = "03:00";

     

       244
       335
        
             randomizedDelaySec = "1hr";

     
···

       256
       347
        
       

     

       257
       348
        
         age.secrets.email-ryan.file = ../../secrets/email-ryan.age;

     

       258
       349
        
         age.secrets.email-system.file = ../../secrets/email-system.age;

     

       259
       259
       -
         eilean.mailserver.systemAccountPasswordFile = config.age.secrets.email-system.path;

     

       350
       350
       +
         eilean.mailserver.systemAccountPasswordFile =

     

       351
       351
       +
           config.age.secrets.email-system.path;

     

       260
       352
        
         mailserver.loginAccounts = {

     

       261
       353
        
           "${config.eilean.username}@${config.networking.domain}" = {

     

       262
       354
        
             passwordFile = config.age.secrets.email-ryan.path;

     
···

       266
       358
        
             ];

     

       267
       359
        
             sieveScript = ''

     

       268
       360
        
               require ["fileinto", "mailbox"];

     

       269
       269
       -
           

     

       361
       361
       +
       

     

       270
       362
        
               if header :contains ["to", "cc"] ["~rjarry/aerc-discuss@lists.sr.ht"] {

     

       271
       363
        
                 fileinto :create "lists.aerc";

     

       272
       364
        
                 stop;

     
···

       278
       370
        
             catchAll = [ "${config.networking.domain}" ];

     

       279
       371
        
           };

     

       280
       372
        
           "system@${config.networking.domain}" = {

     

       281
       281
       -
             aliases = [

     

       282
       282
       -
               "nas@${config.networking.domain}"

     

       283
       283
       -
             ];

     

       373
       373
       +
             aliases = [ "nas@${config.networking.domain}" ];

     

       284
       374
        
           };

     

       285
       375
        
         };

     

       286
       376
        
       }

+6 -2

hosts/owl/hardware-configuration.nix

···

       3
       3
        
       {

     

       4
       4
        
         imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];

     

       5
       5
        
         boot.loader.grub.device = "/dev/sda";

     

       6
       6
       -
         boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];

     

       6
       6
       +
         boot.initrd.availableKernelModules =

     

       7
       7
       +
           [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];

     

       7
       8
        
         boot.initrd.kernelModules = [ "nvme" ];

     

       8
       8
       -
         fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };

     

       9
       9
       +
         fileSystems."/" = {

     

       10
       10
       +
           device = "/dev/sda1";

     

       11
       11
       +
           fsType = "ext4";

     

       12
       12
       +
         };

     

       9
       13
        
         networking = {

     

       10
       14
        
           interfaces."enp1s0" = {

     

       11
       15
        
             ipv6.addresses = [{

+5 -4

hosts/owl/minimal.nix

···

       1
       1
        
       { pkgs, config, lib, eilean, ... }:

     

       2
       2
        
       

     

       3
       3
        
       {

     

       4
       4
       -
         imports = [

     

       5
       5
       -
           ./hardware-configuration.nix

     

       6
       6
       -
         ];

     

       4
       4
       +
         imports = [ ./hardware-configuration.nix ];

     

       7
       5
        
       

     

       8
       6
        
         personal = {

     

       9
       7
        
           enable = true;

     
···

       14
       12
        
         boot.tmp.cleanOnBoot = true;

     

       15
       13
        
         zramSwap.enable = true;

     

       16
       14
        
       

     

       17
       17
       -
         swapDevices = [ { device = "/var/swap"; size = 2048; } ];

     

       15
       15
       +
         swapDevices = [{

     

       16
       16
       +
           device = "/var/swap";

     

       17
       17
       +
           size = 2048;

     

       18
       18
       +
         }];

     

       18
       19
        
       }

+17 -24

hosts/shrew/default.nix

···

       1
       1
        
       { config, pkgs, lib, nixos-hardware, nixpkgs, ... }:

     

       2
       2
        
       

     

       3
       3
        
       {

     

       4
       4
       -
         imports = [

     

       5
       5
       -
           ./hardware-configuration.nix

     

       6
       6
       -
           "${nixos-hardware}/raspberry-pi/4"

     

       7
       7
       -
         ];

     

       4
       4
       +
         imports = [ ./hardware-configuration.nix "${nixos-hardware}/raspberry-pi/4" ];

     

       8
       5
        
       

     

       9
       6
        
         personal = {

     

       10
       7
        
           enable = true;

     
···

       36
       33
        
               user = "zigbee2mqtt";

     

       37
       34
        
               password = "test";

     

       38
       35
        
             };

     

       39
       39
       -
             serial = {

     

       40
       40
       -
               port = "/dev/ttyUSB0";

     

       41
       41
       -
             };

     

       36
       36
       +
             serial = { port = "/dev/ttyUSB0"; };

     

       42
       37
        
             frontend = {

     

       43
       38
        
               port = 15606;

     

       44
       39
        
               url = "http://shrew";

     

       45
       40
        
             };

     

       46
       41
        
             homeassistant = true;

     

       47
       47
       -
             advanced = {

     

       48
       48
       -
               channel = 15;

     

       49
       49
       -
             };

     

       42
       42
       +
             advanced = { channel = 15; };

     

       50
       43
        
           };

     

       51
       44
        
         };

     

       52
       45
        
       

     

       53
       46
        
         services.mosquitto = {

     

       54
       47
        
           enable = true;

     

       55
       55
       -
           listeners = [

     

       56
       56
       -
             {

     

       57
       57
       -
               users = {

     

       58
       58
       -
                 zigbee2mqtt = {

     

       59
       59
       -
                   acl = [ "readwrite #" ];

     

       60
       60
       -
                   hashedPassword = "$6$nuDIW/ZPVsrDHyBe$JffJJvvMG+nH8GH9V5h4FqJkU0nfiFkDzAsdYNTHeJMgBXEX9epPkQTUdLG9L47K54vMxm/+toeMAiKD63Dfkw==";

     

       61
       61
       -
                 };

     

       62
       62
       -
                 homeassistant = {

     

       63
       63
       -
                   acl = [ "readwrite #" ];

     

       64
       64
       -
                   hashedPassword = "$7$101$wGQZPdVdeW7iQFmH$bK/VOR6LXCLJKbb6M4PNeVptocjBAWXCLMtEU5fQNBr0Y5UAWlhVg8UAu4IkIXgnViI51NnhXKykdlWF63VkVQ==";

     

       65
       65
       -
                 };

     

       48
       48
       +
           listeners = [{

     

       49
       49
       +
             users = {

     

       50
       50
       +
               zigbee2mqtt = {

     

       51
       51
       +
                 acl = [ "readwrite #" ];

     

       52
       52
       +
                 hashedPassword =

     

       53
       53
       +
                   "$6$nuDIW/ZPVsrDHyBe$JffJJvvMG+nH8GH9V5h4FqJkU0nfiFkDzAsdYNTHeJMgBXEX9epPkQTUdLG9L47K54vMxm/+toeMAiKD63Dfkw==";

     

       54
       54
       +
               };

     

       55
       55
       +
               homeassistant = {

     

       56
       56
       +
                 acl = [ "readwrite #" ];

     

       57
       57
       +
                 hashedPassword =

     

       58
       58
       +
                   "$7$101$wGQZPdVdeW7iQFmH$bK/VOR6LXCLJKbb6M4PNeVptocjBAWXCLMtEU5fQNBr0Y5UAWlhVg8UAu4IkIXgnViI51NnhXKykdlWF63VkVQ==";

     

       66
       59
        
               };

     

       67
       67
       -
             }

     

       68
       68
       -
           ];

     

       60
       60
       +
             };

     

       61
       61
       +
           }];

     

       69
       62
        
         };

     

       70
       63
        
       

     

       71
       64
        
         services.home-assistant = {

     
···

       90
       83
        
           config = {

     

       91
       84
        
             # Includes dependencies for a basic setup

     

       92
       85
        
             # https://www.home-assistant.io/integrations/default_config/

     

       93
       93
       -
             default_config = {};

     

       86
       86
       +
             default_config = { };

     

       94
       87
        
             automation = "!include automations.yaml";

     

       95
       88
        
             scene = "!include scenes.yaml";

     

       96
       89
        
             http = {

+5 -7

hosts/shrew/hardware-configuration.nix

···

       4
       4
        
       { config, lib, pkgs, modulesPath, ... }:

     

       5
       5
        
       

     

       6
       6
        
       {

     

       7
       7
       -
         imports =

     

       8
       8
       -
           [ (modulesPath + "/installer/scan/not-detected.nix")

     

       9
       9
       -
           ];

     

       7
       7
       +
         imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];

     

       10
       8
        
       

     

       11
       9
        
         boot.initrd.availableKernelModules = [ "xhci_pci" "usbhid" ];

     

       12
       10
        
         boot.initrd.kernelModules = [ ];

     
···

       19
       17
        
         # https://github.com/NixOS/nixpkgs/issues/191095#issuecomment-1320982678

     

       20
       18
        
         boot.kernelPackages = pkgs.linuxKernel.packages.linux_rpi4;

     

       21
       19
        
       

     

       22
       22
       -
         fileSystems."/" =

     

       23
       23
       -
           { device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";

     

       24
       24
       -
             fsType = "ext4";

     

       25
       25
       -
           };

     

       20
       20
       +
         fileSystems."/" = {

     

       21
       21
       +
           device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";

     

       22
       22
       +
           fsType = "ext4";

     

       23
       23
       +
         };

     

       26
       24
        
       

     

       27
       25
        
         swapDevices = [ ];

     

       28
       26

+3 -8

hosts/shrew/sd-image.nix

···

       1
       1
        
       { lib, nixpkgs, ... }:

     

       2
       2
        
       

     

       3
       3
        
       {

     

       4
       4
       -
         imports = [

     

       5
       5
       -
           "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"

     

       6
       6
       -
         ];

     

       4
       4
       +
         imports =

     

       5
       5
       +
           [ "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix" ];

     

       7
       6
        
       

     

       8
       7
        
         nixpkgs.hostPlatform = "aarch64-linux";

     

       9
       8
        
       

     
···

       14
       13
        
       

     

       15
       14
        
         networking.wireless = {

     

       16
       15
        
           enable = true;

     

       17
       17
       -
           networks = {

     

       18
       18
       -
             "SSID" = {

     

       19
       19
       -
               psk = "password";

     

       20
       20
       -
             };

     

       21
       21
       -
           };

     

       16
       16
       +
           networks = { "SSID" = { psk = "password"; }; };

     

       22
       17
        
         };

     

       23
       18
        
       }

+129 -132

hosts/swan/default.nix

···

       1
       1
        
       { pkgs, config, lib, eilean, ... }:

     

       2
       2
        
       

     

       3
       3
       -
       let domain = "eeg.cl.cam.ac.uk"; in

     

       4
       4
       -
       {

     

       5
       5
       -
         imports = [

     

       6
       6
       -
           ./hardware-configuration.nix

     

       7
       7
       -
           ./minimal.nix

     

       8
       8
       -
         ];

     

       3
       3
       +
       let domain = "eeg.cl.cam.ac.uk";

     

       4
       4
       +
       in {

     

       5
       5
       +
         imports = [ ./hardware-configuration.nix ./minimal.nix ];

     

       9
       6
        
       

     

       10
       7
        
         security.acme = {

     

       11
       8
        
           defaults.email = "${config.eilean.username}@${config.networking.domain}";

     

       12
       9
        
           acceptTerms = true;

     

       13
       10
        
         };

     

       14
       11
        
       

     

       15
       15
       -
         environment.systemPackages = with pkgs; [

     

       16
       16
       -
           xe-guest-utilities

     

       17
       17
       -
         ];

     

       12
       12
       +
         environment.systemPackages = with pkgs; [ xe-guest-utilities ];

     

       18
       13
        
       

     

       19
       14
        
         services.hyperbib = {

     

       20
       15
        
           enable = true;

     
···

       26
       21
        
         services.nginx.enable = lib.mkForce false;

     

       27
       22
        
         services.httpd = {

     

       28
       23
        
           enable = true;

     

       29
       29
       -
           extraModules = let

     

       30
       30
       -
             mod_ucam_webauth = pkgs.callPackage ./mod_ucam_webauth.nix { };

     

       31
       31
       -
           in [ {

     

       32
       32
       -
             name = "ucam_webauth";

     

       33
       33
       -
             path = "${mod_ucam_webauth}/modules/mod_ucam_webauth.so";

     

       34
       34
       -
           } ];

     

       24
       24
       +
           extraModules =

     

       25
       25
       +
             let mod_ucam_webauth = pkgs.callPackage ./mod_ucam_webauth.nix { };

     

       26
       26
       +
             in [{

     

       27
       27
       +
               name = "ucam_webauth";

     

       28
       28
       +
               path = "${mod_ucam_webauth}/modules/mod_ucam_webauth.so";

     

       29
       29
       +
             }];

     

       35
       30
        
       

     

       36
       31
        
           virtualHosts."${domain}" = {

     

       37
       32
        
             forceSSL = true;

     

       38
       33
        
             enableACME = true;

     

       39
       34
        
             documentRoot = "/var/www/eeg/";

     

       40
       35
        
             locations."/bib/" = {

     

       41
       41
       -
               proxyPass = "http://127.0.0.1:${builtins.toString config.services.hyperbib.port}/bib/";

     

       36
       36
       +
               proxyPass = "http://127.0.0.1:${

     

       37
       37
       +
                   builtins.toString config.services.hyperbib.port

     

       38
       38
       +
                 }/bib/";

     

       42
       39
        
             };

     

       43
       40
        
             extraConfig = let

     

       44
       41
        
               keyfile = pkgs.writeTextFile {

     
···

       52
       49
        
                   -----END RSA PUBLIC KEY-----

     

       53
       50
        
                 '';

     

       54
       51
        
               };

     

       55
       55
       -
               matrixServerConfig = pkgs.writeText "matrix-server-config.json" (builtins.toJSON {

     

       56
       56
       -
                 "m.server" = "${domain}:443";

     

       57
       57
       -
               });

     

       58
       58
       -
               matrixClientConfig = pkgs.writeText "matrix-server-config.json" (builtins.toJSON {

     

       59
       59
       -
                 "m.homeserver" =  { "base_url" = "https://${domain}"; };

     

       60
       60
       -
                 "m.identity_server" =  { "base_url" = "https://vector.im"; };

     

       61
       61
       -
               });

     

       52
       52
       +
               matrixServerConfig = pkgs.writeText "matrix-server-config.json"

     

       53
       53
       +
                 (builtins.toJSON { "m.server" = "${domain}:443"; });

     

       54
       54
       +
               matrixClientConfig = pkgs.writeText "matrix-server-config.json"

     

       55
       55
       +
                 (builtins.toJSON {

     

       56
       56
       +
                   "m.homeserver" = { "base_url" = "https://${domain}"; };

     

       57
       57
       +
                   "m.identity_server" = { "base_url" = "https://vector.im"; };

     

       58
       58
       +
                 });

     

       62
       59
        
             in ''

     

       63
       60
        
               AAKeyDir ${keyfile}

     

       64
       61
        
               AACookieKey file:/dev/urandom

     
···

       89
       86
        
             enableACME = true;

     

       90
       87
        
             locations."/" = {

     

       91
       88
        
               extraConfig = ''

     

       92
       92
       -
                 ProxyPass http://127.0.0.1:${builtins.toString config.services.peertube.listenHttp}/ upgrade=websocket

     

       93
       93
       -
                 ProxyPassReverse http://127.0.0.1:${builtins.toString config.services.peertube.listenHttp}/

     

       89
       89
       +
                 ProxyPass http://127.0.0.1:${

     

       90
       90
       +
                   builtins.toString config.services.peertube.listenHttp

     

       91
       91
       +
                 }/ upgrade=websocket

     

       92
       92
       +
                 ProxyPassReverse http://127.0.0.1:${

     

       93
       93
       +
                   builtins.toString config.services.peertube.listenHttp

     

       94
       94
       +
                 }/

     

       94
       95
        
               '';

     

       95
       96
        
             };

     

       96
       97
        
             extraConfig = ''

     
···

       125
       126
        
       

     

       126
       127
        
         services.matrix-synapse = {

     

       127
       128
        
           enable = true;

     

       128
       128
       -
           settings = lib.mkMerge [

     

       129
       129
       -
             {

     

       130
       130
       -
               server_name = domain;

     

       131
       131
       -
               enable_registration = false;

     

       132
       132
       -
               auto_join_rooms = [ "#EEG:eeg.cl.cam.ac.uk" ];

     

       133
       133
       -
               password_config.enabled = false;

     

       134
       134
       -
               listeners = [

     

       135
       135
       -
                 {

     

       136
       136
       -
                   port = 8008;

     

       137
       137
       -
                   bind_addresses = [ "::1" "127.0.0.1" ];

     

       138
       138
       -
                   type = "http";

     

       139
       139
       -
                   tls = false;

     

       140
       140
       -
                   x_forwarded = true;

     

       141
       141
       -
                   resources = [

     

       142
       142
       -
                     {

     

       143
       143
       -
                       names = [ "client" "federation" ];

     

       144
       144
       -
                       compress = false;

     

       145
       145
       -
                     }

     

       146
       146
       -
                   ];

     

       147
       147
       -
                 }

     

       148
       148
       -
               ];

     

       149
       149
       -
               max_upload_size = "100M";

     

       150
       150
       -
               saml2_config = {

     

       151
       151
       -
                 sp_config = {

     

       152
       152
       -
                   metadata.remote = [ { url = "https://shib.raven.cam.ac.uk/shibboleth"; } ];

     

       153
       153
       -
                   description = [ "Energy and Environment Group Computer Lab Matrix Server" "en" ];

     

       154
       154
       -
                   name = [ "EEG CL Matrix Server" "en" ];

     

       155
       155
       -
                  # generate keys with

     

       156
       156
       -
                  #   sudo nix shell nixpkgs#openssl nixpkgs#shibboleth-sp -c sh -c '`nix eval --raw nixpkgs#shibboleth-sp`/etc/shibboleth/keygen.sh -h matrix.eeg.cl.cam.ac.uk -o /secrets/matrix-shibboleth/'

     

       157
       157
       -
                  #   chown -R matrix-synapse /secrets/matrix-shibboleth/

     

       158
       158
       -
                   key_file = "/secrets/matrix-shibboleth/sp-key.pem";

     

       159
       159
       -
                   cert_file = "/secrets/matrix-shibboleth/sp-cert.pem";

     

       160
       160
       -
                   encryption_keypairs = [

     

       161
       161
       -
                     { key_file = "/secrets/matrix-shibboleth/sp-key.pem"; }

     

       162
       162
       -
                     { cert_file = "/secrets/matrix-shibboleth/sp-cert.pem"; }

     

       163
       163
       -
                   ];

     

       164
       164
       -
                   attribute_map_dir = pkgs.writeTextDir "map.py" ''

     

       165
       165
       -
                     MAP = {

     

       166
       166
       -
                         "identifier": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",

     

       167
       167
       -
                         "fro": {

     

       168
       168
       -
                             'urn:oid:0.9.2342.19200300.100.1.1': 'uid',

     

       169
       169
       -
                             'urn:oid:0.9.2342.19200300.100.1.3': 'email',

     

       170
       170
       -
                             'urn:oid:2.16.840.1.113730.3.1.241': 'displayName',

     

       171
       171
       -
                         },

     

       172
       172
       -
                         "to": {

     

       173
       173
       -
                             'uid': 'urn:oid:0.9.2342.19200300.100.1.1',

     

       174
       174
       -
                             'email': 'urn:oid:0.9.2342.19200300.100.1.3',

     

       175
       175
       -
                             'displayName': 'urn:oid:2.16.840.1.113730.3.1.241',

     

       176
       176
       -
                         },

     

       177
       177
       -
                     }

     

       178
       178
       -
                   '';

     

       179
       179
       -
                 };

     

       129
       129
       +
           settings = lib.mkMerge [{

     

       130
       130
       +
             server_name = domain;

     

       131
       131
       +
             enable_registration = false;

     

       132
       132
       +
             auto_join_rooms = [ "#EEG:eeg.cl.cam.ac.uk" ];

     

       133
       133
       +
             password_config.enabled = false;

     

       134
       134
       +
             listeners = [{

     

       135
       135
       +
               port = 8008;

     

       136
       136
       +
               bind_addresses = [ "::1" "127.0.0.1" ];

     

       137
       137
       +
               type = "http";

     

       138
       138
       +
               tls = false;

     

       139
       139
       +
               x_forwarded = true;

     

       140
       140
       +
               resources = [{

     

       141
       141
       +
                 names = [ "client" "federation" ];

     

       142
       142
       +
                 compress = false;

     

       143
       143
       +
               }];

     

       144
       144
       +
             }];

     

       145
       145
       +
             max_upload_size = "100M";

     

       146
       146
       +
             saml2_config = {

     

       147
       147
       +
               sp_config = {

     

       148
       148
       +
                 metadata.remote =

     

       149
       149
       +
                   [{ url = "https://shib.raven.cam.ac.uk/shibboleth"; }];

     

       150
       150
       +
                 description =

     

       151
       151
       +
                   [ "Energy and Environment Group Computer Lab Matrix Server" "en" ];

     

       152
       152
       +
                 name = [ "EEG CL Matrix Server" "en" ];

     

       153
       153
       +
                 # generate keys with

     

       154
       154
       +
                 #   sudo nix shell nixpkgs#openssl nixpkgs#shibboleth-sp -c sh -c '`nix eval --raw nixpkgs#shibboleth-sp`/etc/shibboleth/keygen.sh -h matrix.eeg.cl.cam.ac.uk -o /secrets/matrix-shibboleth/'

     

       155
       155
       +
                 #   chown -R matrix-synapse /secrets/matrix-shibboleth/

     

       156
       156
       +
                 key_file = "/secrets/matrix-shibboleth/sp-key.pem";

     

       157
       157
       +
                 cert_file = "/secrets/matrix-shibboleth/sp-cert.pem";

     

       158
       158
       +
                 encryption_keypairs = [

     

       159
       159
       +
                   { key_file = "/secrets/matrix-shibboleth/sp-key.pem"; }

     

       160
       160
       +
                   { cert_file = "/secrets/matrix-shibboleth/sp-cert.pem"; }

     

       161
       161
       +
                 ];

     

       162
       162
       +
                 attribute_map_dir = pkgs.writeTextDir "map.py" ''

     

       163
       163
       +
                   MAP = {

     

       164
       164
       +
                       "identifier": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",

     

       165
       165
       +
                       "fro": {

     

       166
       166
       +
                           'urn:oid:0.9.2342.19200300.100.1.1': 'uid',

     

       167
       167
       +
                           'urn:oid:0.9.2342.19200300.100.1.3': 'email',

     

       168
       168
       +
                           'urn:oid:2.16.840.1.113730.3.1.241': 'displayName',

     

       169
       169
       +
                       },

     

       170
       170
       +
                       "to": {

     

       171
       171
       +
                           'uid': 'urn:oid:0.9.2342.19200300.100.1.1',

     

       172
       172
       +
                           'email': 'urn:oid:0.9.2342.19200300.100.1.3',

     

       173
       173
       +
                           'displayName': 'urn:oid:2.16.840.1.113730.3.1.241',

     

       174
       174
       +
                       },

     

       175
       175
       +
                   }

     

       176
       176
       +
                 '';

     

       180
       177
        
               };

     

       181
       181
       -
               app_service_config_files = [ "/var/lib/heisenbridge/registration.yml" ];

     

       182
       182
       -
             }

     

       183
       183
       -
           ];

     

       178
       178
       +
             };

     

       179
       179
       +
             app_service_config_files = [ "/var/lib/heisenbridge/registration.yml" ];

     

       180
       180
       +
           }];

     

       184
       181
        
         };

     

       185
       182
        
       

     

       186
       183
        
         networking.firewall.allowedTCPPorts = [

     

       187
       187
       -
           80   # HTTP

     

       188
       188
       -
           443  # HTTPS

     

       184
       184
       +
           80 # HTTP

     

       185
       185
       +
           443 # HTTPS

     

       189
       186
        
           6667

     

       190
       187
        
         ];

     

       191
       188
        
       

     
···

       219
       216
        
               storage.videos = "/tank/peertube/videos";

     

       220
       217
        
             };

     

       221
       218
        
             secrets.secretsFile = "/secrets/peertube";

     

       222
       222
       -
             serviceEnvironmentFile  = "/secrets/peertube.env";

     

       219
       219
       +
             serviceEnvironmentFile = "/secrets/peertube.env";

     

       223
       220
        
             dataDirs = [ "/tank/peertube/videos" ];

     

       224
       221
        
           };

     

       225
       222
        
       

     
···

       240
       237
        
         services.inspircd = {

     

       241
       238
        
           enable = true;

     

       242
       239
        
           config = ''

     

       243
       243
       -
       <module name="ssl_gnutls">

     

       240
       240
       +
             <module name="ssl_gnutls">

     

       244
       241
        
       

     

       245
       245
       -
       <server

     

       246
       246
       -
           name="eeg.cl.cam.ac.uk"

     

       247
       247
       -
           description="EEG Lab IRC Server at Cambridge"

     

       248
       248
       -
           network="EEGLabNetwork"

     

       249
       249
       -
       >

     

       242
       242
       +
             <server

     

       243
       243
       +
                 name="eeg.cl.cam.ac.uk"

     

       244
       244
       +
                 description="EEG Lab IRC Server at Cambridge"

     

       245
       245
       +
                 network="EEGLabNetwork"

     

       246
       246
       +
             >

     

       250
       247
        
       

     

       251
       251
       -
       <admin

     

       252
       252
       -
           name="Ryan Gibb"

     

       253
       253
       -
           nick="rtg24"

     

       254
       254
       -
           email="rtg24@eeg.cl.cam.ac.uk"

     

       255
       255
       -
       >

     

       248
       248
       +
             <admin

     

       249
       249
       +
                 name="Ryan Gibb"

     

       250
       250
       +
                 nick="rtg24"

     

       251
       251
       +
                 email="rtg24@eeg.cl.cam.ac.uk"

     

       252
       252
       +
             >

     

       256
       253
        
       

     

       257
       257
       -
       <bind

     

       258
       258
       -
           address="128.232.98.96"

     

       259
       259
       -
           port="6667"

     

       260
       260
       -
           type="clients"

     

       261
       261
       -
       >

     

       254
       254
       +
             <bind

     

       255
       255
       +
                 address="128.232.98.96"

     

       256
       256
       +
                 port="6667"

     

       257
       257
       +
                 type="clients"

     

       258
       258
       +
             >

     

       262
       259
        
       

     

       263
       263
       -
       <oper

     

       264
       264
       -
           name="RyanGibb"

     

       265
       265
       -
           password="securepassword"

     

       266
       266
       -
           host="*@*"

     

       267
       267
       -
           type="NetAdmin"

     

       268
       268
       -
       >

     

       260
       260
       +
             <oper

     

       261
       261
       +
                 name="RyanGibb"

     

       262
       262
       +
                 password="securepassword"

     

       263
       263
       +
                 host="*@*"

     

       264
       264
       +
                 type="NetAdmin"

     

       265
       265
       +
             >

     

       269
       266
        
       

     

       270
       270
       -
       <type

     

       271
       271
       -
           name="NetAdmin"

     

       272
       272
       -
           classes="ServerLink ClientLink"

     

       273
       273
       -
       >

     

       267
       267
       +
             <type

     

       268
       268
       +
                 name="NetAdmin"

     

       269
       269
       +
                 classes="ServerLink ClientLink"

     

       270
       270
       +
             >

     

       274
       271
        
       

     

       275
       275
       -
       <class

     

       276
       276
       -
           name="ServerLink"

     

       277
       277
       -
           commands="300"

     

       278
       278
       -
           usermodes="300"

     

       279
       279
       -
           maxtime="0"

     

       280
       280
       -
       >

     

       272
       272
       +
             <class

     

       273
       273
       +
                 name="ServerLink"

     

       274
       274
       +
                 commands="300"

     

       275
       275
       +
                 usermodes="300"

     

       276
       276
       +
                 maxtime="0"

     

       277
       277
       +
             >

     

       281
       278
        
       

     

       282
       282
       -
       <class

     

       283
       283
       -
           name="ClientLink"

     

       284
       284
       -
           commands="20"

     

       285
       285
       -
           usermodes="20"

     

       286
       286
       -
           maxtime="90"

     

       287
       287
       -
       >

     

       279
       279
       +
             <class

     

       280
       280
       +
                 name="ClientLink"

     

       281
       281
       +
                 commands="20"

     

       282
       282
       +
                 usermodes="20"

     

       283
       283
       +
                 maxtime="90"

     

       284
       284
       +
             >

     

       288
       285
        
       

     

       289
       289
       -
       <channels

     

       290
       290
       -
           users="20"

     

       291
       291
       -
           op="@"

     

       292
       292
       -
           halfop="%"

     

       293
       293
       -
           voice="+"

     

       294
       294
       -
       >

     

       286
       286
       +
             <channels

     

       287
       287
       +
                 users="20"

     

       288
       288
       +
                 op="@"

     

       289
       289
       +
                 halfop="%"

     

       290
       290
       +
                 voice="+"

     

       291
       291
       +
             >

     

       295
       292
        
       

     

       296
       296
       -
       <log method="stdout"

     

       297
       297
       -
          type="*"

     

       298
       298
       -
          level="default"

     

       299
       299
       -
          flush="1">

     

       300
       300
       -
       '';

     

       293
       293
       +
             <log method="stdout"

     

       294
       294
       +
                type="*"

     

       295
       295
       +
                level="default"

     

       296
       296
       +
                flush="1">

     

       297
       297
       +
           '';

     

       301
       298
        
         };

     

       302
       299
        
       }

+16 -15

hosts/swan/hardware-configuration.nix

···

       1
       1
        
       { config, lib, pkgs, ... }:

     

       2
       2
        
       

     

       3
       3
        
       {

     

       4
       4
       -
         boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "sr_mod" "xen_blkfront" ];

     

       4
       4
       +
         boot.initrd.availableKernelModules =

     

       5
       5
       +
           [ "ata_piix" "uhci_hcd" "sr_mod" "xen_blkfront" ];

     

       5
       6
        
         boot.initrd.kernelModules = [ ];

     

       6
       7
        
         boot.kernelModules = [ ];

     

       7
       8
        
         boot.extraModulePackages = [ ];

     
···

       9
       10
        
         boot.loader.grub.enable = true;

     

       10
       11
        
         boot.loader.grub.device = "/dev/xvda"; # or "nodev" for efi only

     

       11
       12
        
       

     

       12
       12
       -
         fileSystems."/" =

     

       13
       13
       -
           { device = "/dev/disk/by-uuid/a0a1f9cf-78b3-402d-996d-68950326e7d0";

     

       14
       14
       -
             fsType = "ext4";

     

       15
       15
       -
           };

     

       13
       13
       +
         fileSystems."/" = {

     

       14
       14
       +
           device = "/dev/disk/by-uuid/a0a1f9cf-78b3-402d-996d-68950326e7d0";

     

       15
       15
       +
           fsType = "ext4";

     

       16
       16
       +
         };

     

       16
       17
        
       

     

       17
       18
        
         fileSystems."/tank" = {

     

       18
       19
        
           device = "/dev/pool/tank";

     
···

       22
       23
        
         swapDevices = [ ];

     

       23
       24
        
       

     

       24
       25
        
         networking = {

     

       25
       25
       -
          useDHCP = false;

     

       26
       26
       -
          interfaces."enX0".ipv4.addresses = [{

     

       27
       27
       -
            address = "128.232.98.96";

     

       28
       28
       -
            prefixLength = 23;

     

       29
       29
       -
          }];

     

       30
       30
       -
          defaultGateway = {

     

       31
       31
       -
            address = "128.232.98.1";

     

       32
       32
       -
            interface = "enX0";

     

       33
       33
       -
          };

     

       34
       34
       -
          nameservers = [ "1.1.1.1" ];

     

       26
       26
       +
           useDHCP = false;

     

       27
       27
       +
           interfaces."enX0".ipv4.addresses = [{

     

       28
       28
       +
             address = "128.232.98.96";

     

       29
       29
       +
             prefixLength = 23;

     

       30
       30
       +
           }];

     

       31
       31
       +
           defaultGateway = {

     

       32
       32
       +
             address = "128.232.98.1";

     

       33
       33
       +
             interface = "enX0";

     

       34
       34
       +
           };

     

       35
       35
       +
           nameservers = [ "1.1.1.1" ];

     

       35
       36
        
         };

     

       36
       37
        
       

     

       37
       38
        
         nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";

+5 -4

hosts/swan/minimal.nix

···

       1
       1
        
       { pkgs, config, lib, eilean, ... }:

     

       2
       2
        
       

     

       3
       3
        
       {

     

       4
       4
       -
         imports = [

     

       5
       5
       -
           ./hardware-configuration.nix

     

       6
       6
       -
         ];

     

       4
       4
       +
         imports = [ ./hardware-configuration.nix ];

     

       7
       5
        
       

     

       8
       6
        
         personal = {

     

       9
       7
        
           enable = true;

     
···

       12
       10
        
       

     

       13
       11
        
         services.openssh.openFirewall = true;

     

       14
       12
        
       

     

       15
       15
       -
         swapDevices = [ { device = "/var/swap"; size = 1024; } ];

     

       13
       13
       +
         swapDevices = [{

     

       14
       14
       +
           device = "/var/swap";

     

       15
       15
       +
           size = 1024;

     

       16
       16
       +
         }];

     

       16
       17
        
       }

+1 -1

hosts/swan/mod_ucam_webauth.nix

···

       11
       11
        
           hash = "sha256-NbwHRy0SYXvpVBzJGhgI3IAAY+uVr9yRvFfMACKK4MU=";

     

       12
       12
        
         };

     

       13
       13
        
       

     

       14
       14
       -
         buildInputs = [  openssl.dev ];

     

       14
       14
       +
         buildInputs = [ openssl.dev ];

     

       15
       15
        
       

     

       16
       16
        
         buildPhase = ''

     

       17
       17
        
           make APXS=${apacheHttpd.dev}/bin/apxs

+6 -5

hosts/vulpine/default.nix

···

       1
       1
        
       { pkgs, ... }:

     

       2
       2
        
       

     

       3
       3
        
       {

     

       4
       4
       -
         imports = [

     

       5
       5
       -
           ./hardware-configuration.nix

     

       6
       6
       -
         ];

     

       4
       4
       +
         imports = [ ./hardware-configuration.nix ];

     

       7
       5
        
       

     

       8
       6
        
         personal = {

     

       9
       7
        
           enable = true;

     
···

       21
       19
        
           device = "nodev";

     

       22
       20
        
           efiSupport = true;

     

       23
       21
        
         };

     

       24
       24
       -
         

     

       25
       25
       -
         swapDevices = [ { device = "/swapfile"; size = 8192; } ];

     

       22
       22
       +
       

     

       23
       23
       +
         swapDevices = [{

     

       24
       24
       +
           device = "/swapfile";

     

       25
       25
       +
           size = 8192;

     

       26
       26
       +
         }];

     

       26
       27
        
       

     

       27
       28
        
         boot.supportedFilesystems = [ "ntfs" ];

     

       28
       29

+22 -17

hosts/vulpine/hardware-configuration.nix

···

       1
       1
        
       { config, lib, pkgs, modulesPath, ... }:

     

       2
       2
        
       

     

       3
       3
        
       {

     

       4
       4
       -
         imports =

     

       5
       5
       -
           [ (modulesPath + "/installer/scan/not-detected.nix")

     

       6
       6
       -
           ];

     

       4
       4
       +
         imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];

     

       7
       5
        
       

     

       8
       8
       -
         boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "sd_mod" ];

     

       6
       6
       +
         boot.initrd.availableKernelModules =

     

       7
       7
       +
           [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "sd_mod" ];

     

       9
       8
        
         boot.initrd.kernelModules = [ ];

     

       10
       9
        
         # kvm for virtualisation, wl for broadcom_sta kernel module

     

       11
       10
        
         boot.kernelModules = [ "kvm-intel" "wl" ];

     
···

       13
       12
        
         # loading bcma/b43 at the same time as wl seems to cause issues

     

       14
       13
        
         boot.blacklistedKernelModules = [ "bcma" "b43" ];

     

       15
       14
        
       

     

       16
       16
       -
         fileSystems."/" =

     

       17
       17
       -
           { device = "/dev/disk/by-uuid/d2afdf21-7a3a-47f0-83e1-31e9cccdad84";

     

       18
       18
       -
             fsType = "ext4";

     

       19
       19
       -
           };

     

       15
       15
       +
         fileSystems."/" = {

     

       16
       16
       +
           device = "/dev/disk/by-uuid/d2afdf21-7a3a-47f0-83e1-31e9cccdad84";

     

       17
       17
       +
           fsType = "ext4";

     

       18
       18
       +
         };

     

       20
       19
        
       

     

       21
       21
       -
         fileSystems."/boot" =

     

       22
       22
       -
           { device = "/dev/disk/by-uuid/43FD-8669";

     

       23
       23
       -
             fsType = "vfat";

     

       24
       24
       -
           };

     

       20
       20
       +
         fileSystems."/boot" = {

     

       21
       21
       +
           device = "/dev/disk/by-uuid/43FD-8669";

     

       22
       22
       +
           fsType = "vfat";

     

       23
       23
       +
         };

     

       25
       24
        
       

     

       26
       26
       -
         fileSystems."/media/hdd" =

     

       27
       27
       -
           { device = "/dev/disk/by-label/HDD";

     

       28
       28
       -
             options = [ "nofail" "x-systemd.device-timeout=1ms" "x-systemd.automount" "x-systemd.idle-timeout=10min" ];

     

       29
       29
       -
           };

     

       25
       25
       +
         fileSystems."/media/hdd" = {

     

       26
       26
       +
           device = "/dev/disk/by-label/HDD";

     

       27
       27
       +
           options = [

     

       28
       28
       +
             "nofail"

     

       29
       29
       +
             "x-systemd.device-timeout=1ms"

     

       30
       30
       +
             "x-systemd.automount"

     

       31
       31
       +
             "x-systemd.idle-timeout=10min"

     

       32
       32
       +
           ];

     

       33
       33
       +
         };

     

       30
       34
        
       

     

       31
       35
        
         swapDevices = [ ];

     

       32
       36
        
       

     

       33
       37
        
         networking.useDHCP = lib.mkDefault true;

     

       34
       38
        
       

     

       35
       35
       -
         hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;

     

       39
       39
       +
         hardware.cpu.intel.updateMicrocode =

     

       40
       40
       +
           lib.mkDefault config.hardware.enableRedistributableFirmware;

     

       36
       41
        
         # high-resolution display

     

       37
       42
        
         # hardware.video.hidpi.enable = lib.mkDefault true;

     

       38
       43

+8 -10

modules/default.nix

···

       30
       30
        
           default = "ryan";

     

       31
       31
        
         };

     

       32
       32
        
       

     

       33
       33
       -
         config = let nixPath = "/etc/nix-path"; in {

     

       33
       33
       +
         config = let nixPath = "/etc/nix-path";

     

       34
       34
       +
         in {

     

       34
       35
        
           eilean = {

     

       35
       36
        
             username = config.custom.username;

     

       36
       37
        
             serverIpv4 = "135.181.100.27";

     
···

       68
       69
        
             # https://discourse.nixos.org/t/do-flakes-also-set-the-system-channel/19798/16

     

       69
       70
        
             nixPath = [ "nixpkgs=${nixPath}" ];

     

       70
       71
        
           };

     

       71
       71
       -
           systemd.tmpfiles.rules = [

     

       72
       72
       -
             "L+ ${nixPath} - - - - ${pkgs.path}"

     

       73
       73
       -
           ];

     

       72
       72
       +
           systemd.tmpfiles.rules = [ "L+ ${nixPath} - - - - ${pkgs.path}" ];

     

       74
       73
        
       

     

       75
       74
        
           system.autoUpgrade = {

     

       76
       75
        
             enable = true;

     

       77
       76
        
             allowReboot = true;

     

       78
       77
        
             flake = inputs.self.outPath;

     

       79
       79
       -
             flags = [

     

       80
       80
       -
               "--update-input"

     

       81
       81
       -
               "nixpkgs"

     

       82
       82
       -
               "-L"

     

       83
       83
       -
             ];

     

       78
       78
       +
             flags = [ "--update-input" "nixpkgs" "-L" ];

     

       84
       79
        
             dates = "03:00";

     

       85
       80
        
             randomizedDelaySec = "1hr";

     

       86
       86
       -
             rebootWindow = { lower = "03:00"; upper = "05:00"; };

     

       81
       81
       +
             rebootWindow = {

     

       82
       82
       +
               lower = "03:00";

     

       83
       83
       +
               upper = "05:00";

     

       84
       84
       +
             };

     

       87
       85
        
           };

     

       88
       86
        
           systemd.services.nixos-upgrade.preStart = with pkgs; ''

     

       89
       87
        
             DIR=/etc/nixos

+6 -7

modules/hosting/eeww.nix

···

       2
       2
        
       

     

       3
       3
        
       with lib;

     

       4
       4
        
       

     

       5
       5
       -
       let cfg = config.services.eeww; in

     

       6
       6
       -
       {

     

       5
       5
       +
       let cfg = config.services.eeww;

     

       6
       6
       +
       in {

     

       7
       7
        
         options = {

     

       8
       8
        
           services.eeww = {

     

       9
       9
        
             enable = mkEnableOption "eeww";

     

       10
       10
       -
             domain = lib.mkOption {

     

       11
       11
       -
               type = lib.types.str;

     

       12
       12
       -
             };

     

       10
       10
       +
             domain = lib.mkOption { type = lib.types.str; };

     

       13
       11
        
             port = lib.mkOption {

     

       14
       12
        
               type = lib.types.port;

     

       15
       13
        
               default = 8081;

     
···

       27
       25
        
       

     

       28
       26
        
         config = lib.mkIf cfg.enable {

     

       29
       27
        
           # TODO use unix socket?

     

       30
       30
       -
           services.nginx.virtualHosts."${cfg.domain}".locations."/".proxyPass = "http://localhost:${builtins.toString cfg.port}";

     

       28
       28
       +
           services.nginx.virtualHosts."${cfg.domain}".locations."/".proxyPass =

     

       29
       29
       +
             "http://localhost:${builtins.toString cfg.port}";

     

       31
       30
        
       

     

       32
       31
        
           systemd.services.eeww = {

     

       33
       32
        
             enable = true;

     
···

       51
       50
        
             isSystemUser = true;

     

       52
       51
        
           };

     

       53
       52
        
       

     

       54
       54
       -
           users.groups."${cfg.group}" = {};

     

       53
       53
       +
           users.groups."${cfg.group}" = { };

     

       55
       54
        
         };

     

       56
       55
        
       }

+21 -21

modules/hosting/freumh.nix

···

       1
       1
        
       { pkgs, config, lib, ... }:

     

       2
       2
        
       

     

       3
       3
       -
       let cfg = config.hosting; in

     

       4
       4
       -
       {

     

       3
       3
       +
       let cfg = config.hosting;

     

       4
       4
       +
       in {

     

       5
       5
        
         options.hosting.freumh.enable = lib.mkEnableOption "freumh";

     

       6
       6
       -
         

     

       6
       6
       +
       

     

       7
       7
        
         config = lib.mkIf cfg.freumh.enable {

     

       8
       8
        
           security.acme = {

     

       9
       9
        
             defaults.email = "${config.eilean.username}@${config.networking.domain}";

     
···

       16
       16
        
             locations."/index.html".root = pkgs.writeTextFile {

     

       17
       17
        
               name = "freumh";

     

       18
       18
        
               text = ''

     

       19
       19
       -
         <html>

     

       20
       20
       -
         <body>

     

       21
       21
       -
         <pre>

     

       22
       22
       -
               ||

     

       23
       23
       -
               \\

     

       24
       24
       -
         _      ||    __

     

       25
       25
       -
         \    / \\  /  \

     

       26
       26
       -
           \__/   \\/

     

       27
       27
       -
                   \\      __

     

       28
       28
       -
             _    / \\    /  \_/

     

       29
       29
       -
           _/ \  ||   \__/

     

       30
       30
       -
               \//     \

     

       31
       31
       -
               //       \

     

       32
       32
       -
               ||        \_

     

       33
       33
       -
         </html>

     

       34
       34
       -
         </body>

     

       35
       35
       -
         </pre>

     

       19
       19
       +
                 <html>

     

       20
       20
       +
                 <body>

     

       21
       21
       +
                 <pre>

     

       22
       22
       +
                       ||

     

       23
       23
       +
                       \\

     

       24
       24
       +
                 _      ||    __

     

       25
       25
       +
                 \    / \\  /  \

     

       26
       26
       +
                   \__/   \\/

     

       27
       27
       +
                           \\      __

     

       28
       28
       +
                     _    / \\    /  \_/

     

       29
       29
       +
                   _/ \  ||   \__/

     

       30
       30
       +
                       \//     \

     

       31
       31
       +
                       //       \

     

       32
       32
       +
                       ||        \_

     

       33
       33
       +
                 </html>

     

       34
       34
       +
                 </body>

     

       35
       35
       +
                 </pre>

     

       36
       36
        
               '';

     

       37
       37
        
               destination = "/index.html";

     

       38
       38
        
             };

     
···

       42
       42
        
             locations."/.well-known/security.txt".root = pkgs.writeTextFile {

     

       43
       43
        
               name = "freumh-security.txt";

     

       44
       44
        
               text = ''

     

       45
       45
       -
       Contact: mailto:security@freumh.org

     

       45
       45
       +
                 Contact: mailto:security@freumh.org

     

       46
       46
        
               '';

     

       47
       47
        
               destination = "/.well-known/security.txt";

     

       48
       48
        
             };

+10 -10

modules/hosting/nix-cache.nix

···

       1
       1
        
       { config, pkgs, lib, ... }:

     

       2
       2
        
       

     

       3
       3
       -
       let cfg = config.hosting; in

     

       4
       4
       -
       {

     

       3
       3
       +
       let cfg = config.hosting;

     

       4
       4
       +
       in {

     

       5
       5
        
         options.hosting.nix-cache.enable = lib.mkEnableOption "nix-cache";

     

       6
       6
        
       

     

       7
       7
        
         config = lib.mkIf cfg.nix-cache.enable {

     
···

       22
       22
        
               enableACME = true;

     

       23
       23
        
               forceSSL = true;

     

       24
       24
        
               locations."/".extraConfig = ''

     

       25
       25
       -
                 proxy_pass http://localhost:${toString config.services.nix-serve.port};

     

       25
       25
       +
                 proxy_pass http://localhost:${

     

       26
       26
       +
                   toString config.services.nix-serve.port

     

       27
       27
       +
                 };

     

       26
       28
        
                 proxy_set_header Host $host;

     

       27
       29
        
                 proxy_set_header X-Real-IP $remote_addr;

     

       28
       30
        
                 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

     
···

       30
       32
        
             };

     

       31
       33
        
           };

     

       32
       34
        
       

     

       33
       33
       -
           eilean.services.dns.zones.${config.networking.domain}.records = [

     

       34
       34
       -
             {

     

       35
       35
       -
               name = "binarycache";

     

       36
       36
       -
               type = "CNAME";

     

       37
       37
       -
               data = "vps";

     

       38
       38
       -
             }

     

       39
       39
       -
           ];

     

       35
       35
       +
           eilean.services.dns.zones.${config.networking.domain}.records = [{

     

       36
       36
       +
             name = "binarycache";

     

       37
       37
       +
             type = "CNAME";

     

       38
       38
       +
             data = "vps";

     

       39
       39
       +
           }];

     

       40
       40
        
         };

     

       41
       41
        
       }

+9 -11

modules/hosting/rmfakecloud.nix

···

       5
       5
        
       let

     

       6
       6
        
         cfg = config.hosting.rmfakecloud;

     

       7
       7
        
         domain = config.networking.domain;

     

       8
       8
       -
       in

     

       9
       9
       -
       {

     

       8
       8
       +
       in {

     

       10
       9
        
         options.hosting.rmfakecloud = {

     

       11
       10
        
           enable = mkEnableOption "rmfakecloud";

     

       12
       11
        
           port = mkOption {

     
···

       29
       28
        
             extraSettings = {

     

       30
       29
        
               RM_SMTP_SERVER = "mail.freumh.org:465";

     

       31
       30
        
               RM_SMTP_USERNAME = "misc@${domain}";

     

       32
       32
       -
               RM_SMTP_FROM="remarkable@${domain}";

     

       31
       31
       +
               RM_SMTP_FROM = "remarkable@${domain}";

     

       33
       32
        
             };

     

       34
       33
        
           };

     

       35
       34
        
       

     

       36
       36
       -
           mailserver.loginAccounts."misc@${domain}".aliases = [ "remarkable@${domain}" ];

     

       35
       35
       +
           mailserver.loginAccounts."misc@${domain}".aliases =

     

       36
       36
       +
             [ "remarkable@${domain}" ];

     

       37
       37
        
       

     

       38
       38
        
           # nginx handles letsencrypt

     

       39
       39
        
           services.nginx = {

     
···

       51
       51
        
             };

     

       52
       52
        
           };

     

       53
       53
        
       

     

       54
       54
       -
           eilean.services.dns.zones.${config.networking.domain}.records = [

     

       55
       55
       -
             {

     

       56
       56
       -
               name = "rmfakecloud";

     

       57
       57
       -
               type = "CNAME";

     

       58
       58
       -
               data = "vps";

     

       59
       59
       -
             }

     

       60
       60
       -
           ];

     

       54
       54
       +
           eilean.services.dns.zones.${config.networking.domain}.records = [{

     

       55
       55
       +
             name = "rmfakecloud";

     

       56
       56
       +
             type = "CNAME";

     

       57
       57
       +
             data = "vps";

     

       58
       58
       +
           }];

     

       61
       59
        
         };

     

       62
       60
        
       }

+14 -14

modules/personal/default.nix

···

       1
       1
        
       { pkgs, config, lib, ... }:

     

       2
       2
        
       

     

       3
       3
       -
       let cfg = config.personal; in

     

       4
       4
       -
       {

     

       5
       5
       -
         options.personal = {

     

       6
       6
       -
           enable = lib.mkEnableOption "personal";

     

       7
       7
       -
         };

     

       3
       3
       +
       let cfg = config.personal;

     

       4
       4
       +
       in {

     

       5
       5
       +
         options.personal = { enable = lib.mkEnableOption "personal"; };

     

       8
       6
        
       

     

       9
       7
        
         config = lib.mkIf cfg.enable {

     

       10
       8
        
           console = {

     
···

       13
       11
        
           };

     

       14
       12
        
       

     

       15
       13
        
           users = let

     

       16
       16
       -
             hashedPassword = "$6$IPvnJnu6/fp1Jxfy$U6EnzYDOC2NqE4iqRrkJJbSTHHNWk0KwK1xyk9jEvlu584UWQLyzDVF5I1Sh47wQhSVrvUI4mrqw6XTTjfPj6.";

     

       14
       14
       +
             hashedPassword =

     

       15
       15
       +
               "$6$IPvnJnu6/fp1Jxfy$U6EnzYDOC2NqE4iqRrkJJbSTHHNWk0KwK1xyk9jEvlu584UWQLyzDVF5I1Sh47wQhSVrvUI4mrqw6XTTjfPj6.";

     

       17
       16
        
           in {

     

       18
       17
        
             mutableUsers = false;

     

       19
       18
        
             groups.plugdev = { };

     
···

       77
       76
        
               inhibit-lid = "systemd-inhibit --what=handle-lid-switch sleep 1d";

     

       78
       77
        
               tmux = "tmux -2";

     

       79
       78
        
               feh = "feh --scale-down --auto-zoom";

     

       80
       80
       -
               nix-stray-roots = "nix-store --gc --print-roots | egrep -v '^(/nix/var|/run|/proc|{censored})'";

     

       79
       79
       +
               nix-stray-roots =

     

       80
       80
       +
                 "nix-store --gc --print-roots | egrep -v '^(/nix/var|/run|/proc|{censored})'";

     

       81
       81
        
             };

     

       82
       82
        
             sessionVariables = {

     

       83
       83
        
               NIX_AUTO_RUN = "y";

     

       84
       84
        
               NIX_AUTO_RUN_INTERACTIVE = "y";

     

       85
       85
       -
               BROWSER="firefox"; # urlview

     

       85
       85
       +
               BROWSER = "firefox"; # urlview

     

       86
       86
        
             };

     

       87
       87
        
           };

     

       88
       88
       -
           

     

       88
       88
       +
       

     

       89
       89
        
           networking = rec {

     

       90
       90
        
             # nameservers = [ ${config.eilean.serverIpv4} ];

     

       91
       91
        
             nameservers = [ "1.1.1.1" ];

     
···

       95
       95
        
           programs.git = {

     

       96
       96
        
             enable = true;

     

       97
       97
        
             config = {

     

       98
       98
       -
               init = {

     

       99
       99
       -
                 defaultBranch = "main";

     

       100
       100
       -
               };

     

       98
       98
       +
               init = { defaultBranch = "main"; };

     

       101
       99
        
               user = {

     

       102
       100
        
                 email = "${config.custom.username}@${config.networking.domain}";

     

       103
       101
        
                 name = "Ryan Gibb";

     
···

       115
       113
        
                 l = "log";

     

       116
       114
        
                 lg = "log -p";

     

       117
       115
        
                 lol = "log --graph --decorate --pretty=oneline --abbrev-commit";

     

       118
       118
       -
                 lola = "log --graph --decorate --pretty=oneline --abbrev-commit --all";

     

       116
       116
       +
                 lola =

     

       117
       117
       +
                   "log --graph --decorate --pretty=oneline --abbrev-commit --all";

     

       119
       118
        
                 ls = "ls-files";

     

       120
       119
        
                 a = "add";

     

       121
       120
        
                 aa = "add --all";

     
···

       145
       144
        
                 else

     

       146
       145
        
                     tmux set-option status off

     

       147
       146
        
                 fi

     

       148
       148
       -
             ''; in ''

     

       147
       147
       +
               '';

     

       148
       148
       +
             in ''

     

       149
       149
        
               set-window-option -g mode-keys vi

     

       150
       150
        
               set-option -g mouse on

     

       151
       151
        
               set-option -g set-titles on

+3 -5

modules/personal/dict.nix

···

       1
       1
        
       { pkgs, config, lib, ... }:

     

       2
       2
        
       

     

       3
       3
       -
       let cfg = config.personal; in

     

       4
       4
       -
       {

     

       3
       3
       +
       let cfg = config.personal;

     

       4
       4
       +
       in {

     

       5
       5
        
         options.personal.dict = lib.mkOption {

     

       6
       6
        
           type = types.bool;

     

       7
       7
        
           default = true;

     
···

       10
       10
        
         config = lib.mkIf cfg.dict {

     

       11
       11
        
           services.dictd.enable = true;

     

       12
       12
        
       

     

       13
       13
       -
           environment.systemPackages = with pkgs; [

     

       14
       14
       -
             dict

     

       15
       15
       -
           ];

     

       13
       13
       +
           environment.systemPackages = with pkgs; [ dict ];

     

       16
       14
        
         };

     

       17
       15
        
       }

+64 -58

modules/personal/external-hdd-backup.nix

···

       1
       1
       -
       

     

       2
       1
        
       { pkgs, config, lib, ... }:

     

       3
       2
        
       

     

       4
       4
       -
       let cfg = config.personal; in

     

       5
       5
       -
       {

     

       3
       3
       +
       let cfg = config.personal;

     

       4
       4
       +
       in {

     

       6
       5
        
         options.personal.backup = {

     

       7
       6
        
           enable = lib.mkEnableOption "laptop";

     

       8
       7
        
           disk = lib.mkOption {

     
···

       18
       17
        
             default = "external-hdd";

     

       19
       18
        
           };

     

       20
       19
        
         };

     

       21
       21
       -
         

     

       20
       20
       +
       

     

       22
       21
        
         config = lib.mkIf cfg.backup.enable {

     

       23
       22
        
           systemd.services.backup = {

     

       24
       23
        
             description = "Backup service";

     
···

       27
       26
        
             #   Error mounting /dev/sda1: GDBus.Error:org.freedesktop.UDisks2.Error.NotAuthorizedCanObtain: Not authorized to perform operation

     

       28
       27
        
             # And in order to communicate with GUI prompts, e.g. yad, we need to run as user

     

       29
       28
        
             # udisks is still use for on-demand mountin, but we'll use the autofs for mounting the backup disk

     

       30
       30
       -
             script = let backup = pkgs.writeShellScript "backup.sh" ''

     

       31
       31
       -
               # TODO make nixos module with options

     

       32
       32
       -
               DISK="${cfg.backup.disk}"

     

       33
       33
       -
               LAST_RUN_FILE="$HOME/.cache/last_backup"

     

       29
       29
       +
             script = let

     

       30
       30
       +
               backup = pkgs.writeShellScript "backup.sh" ''

     

       31
       31
       +
                 # TODO make nixos module with options

     

       32
       32
       +
                 DISK="${cfg.backup.disk}"

     

       33
       33
       +
                 LAST_RUN_FILE="$HOME/.cache/last_backup"

     

       34
       34
       +
       

     

       35
       35
       +
                 if [ -f "$LAST_RUN_FILE" ] && [ "$(( $(date +%s) - $(date +%s -r "$LAST_RUN_FILE") ))" -lt 86400 ]; then

     

       36
       36
       +
                     echo "<24hrs"

     

       37
       37
       +
                     exit 0

     

       38
       38
       +
                 fi

     

       34
       39
        
       

     

       35
       35
       -
               if [ -f "$LAST_RUN_FILE" ] && [ "$(( $(date +%s) - $(date +%s -r "$LAST_RUN_FILE") ))" -lt 86400 ]; then

     

       36
       36
       -
                   echo "<24hrs"

     

       40
       40
       +
                 # if no external-hdd

     

       41
       41
       +
                 if [ ! -e $DISK ]; then

     

       42
       42
       +
                   echo "no $DISK"

     

       37
       43
        
                   exit 0

     

       38
       38
       -
               fi

     

       44
       44
       +
                 fi

     

       39
       45
        
       

     

       40
       40
       -
               # if no external-hdd

     

       41
       41
       -
               if [ ! -e $DISK ]; then

     

       42
       42
       -
                 echo "no $DISK"

     

       43
       43
       -
                 exit 0

     

       44
       44
       -
               fi

     

       45
       45
       -
       

     

       46
       46
       -
               export DISPLAY=:0

     

       47
       47
       -
               ${pkgs.xorg.xhost}/bin/xhost +local:${config.custom.username}

     

       48
       48
       -
               export GTK_R2_FILES=$HOME/.gtkrc-2.0

     

       49
       49
       -
               timeout 60 ${pkgs.yad}/bin/yad --question --title "backup" --text "Backup now? Will autostart in 60s."

     

       50
       50
       -
               prompt_status=$?

     

       51
       51
       -
               ${pkgs.xorg.xhost}/bin/xhost -local:${config.custom.username}

     

       52
       52
       -
               # if not success or timeout

     

       53
       53
       -
               if [ ! $prompt_status -eq 0 -a ! $prompt_status -eq 124 ]; then

     

       54
       54
       -
                 echo "backup cancelled"

     

       55
       55
       -
                 ${pkgs.libnotify}/bin/notify-send "backup cancelled"

     

       56
       56
       -
                 exit 0

     

       57
       57
       -
               fi

     

       46
       46
       +
                 export DISPLAY=:0

     

       47
       47
       +
                 ${pkgs.xorg.xhost}/bin/xhost +local:${config.custom.username}

     

       48
       48
       +
                 export GTK_R2_FILES=$HOME/.gtkrc-2.0

     

       49
       49
       +
                 timeout 60 ${pkgs.yad}/bin/yad --question --title "backup" --text "Backup now? Will autostart in 60s."

     

       50
       50
       +
                 prompt_status=$?

     

       51
       51
       +
                 ${pkgs.xorg.xhost}/bin/xhost -local:${config.custom.username}

     

       52
       52
       +
                 # if not success or timeout

     

       53
       53
       +
                 if [ ! $prompt_status -eq 0 -a ! $prompt_status -eq 124 ]; then

     

       54
       54
       +
                   echo "backup cancelled"

     

       55
       55
       +
                   ${pkgs.libnotify}/bin/notify-send "backup cancelled"

     

       56
       56
       +
                   exit 0

     

       57
       57
       +
                 fi

     

       58
       58
        
       

     

       59
       59
       -
               DIR="${cfg.backup.mountdir}/${cfg.backup.mountname}"

     

       60
       60
       -
               cd "$DIR"

     

       61
       61
       -
               TEST_DIR=`${pkgs.util-linux}/bin/findmnt -nr -o target -S $DISK`

     

       62
       62
       -
               status=$?

     

       63
       63
       -
               if [ ! $status -eq 0 ]; then

     

       64
       64
       -
                 echo "backup failed to find mount"

     

       65
       65
       -
                 ${pkgs.libnotify}/bin/notify-send "backup failed to find mount"

     

       59
       59
       +
                 DIR="${cfg.backup.mountdir}/${cfg.backup.mountname}"

     

       60
       60
       +
                 cd "$DIR"

     

       61
       61
       +
                 TEST_DIR=`${pkgs.util-linux}/bin/findmnt -nr -o target -S $DISK`

     

       62
       62
       +
                 status=$?

     

       63
       63
       +
                 if [ ! $status -eq 0 ]; then

     

       64
       64
       +
                   echo "backup failed to find mount"

     

       65
       65
       +
                   ${pkgs.libnotify}/bin/notify-send "backup failed to find mount"

     

       66
       66
       +
                   exit $status

     

       67
       67
       +
                 fi 

     

       68
       68
       +
                 if [ "$DIR" != "$TEST_DIR" ]; then

     

       69
       69
       +
                   echo "backup disk mounted at unexpected path: $TEST_DIR"

     

       70
       70
       +
                   ${pkgs.libnotify}/bin/notify-send "backup disk mounted at unexpected path: $TEST_DIR"

     

       71
       71
       +
                   exit 1

     

       72
       72
       +
                 fi 

     

       73
       73
       +
                 ${pkgs.libnotify}/bin/notify-send "backup starting"

     

       74
       74
       +
                 ${pkgs.rsync}/bin/rsync -va --exclude={".cache",".local/share/Steam/"} ~/ $DIR/home/ −−delete−after

     

       75
       75
       +
                 status=$?

     

       76
       76
       +
                 if [ $status -eq 0 ]; then

     

       77
       77
       +
                   touch "$LAST_RUN_FILE"

     

       78
       78
       +
                   echo "backup finished"

     

       79
       79
       +
                   ${pkgs.libnotify}/bin/notify-send "backup finished"

     

       80
       80
       +
                 else

     

       81
       81
       +
                   echo "backup failed"

     

       82
       82
       +
                   ${pkgs.libnotify}/bin/notify-send "backup failed"

     

       83
       83
       +
                 fi

     

       66
       84
        
                 exit $status

     

       67
       67
       -
               fi 

     

       68
       68
       -
               if [ "$DIR" != "$TEST_DIR" ]; then

     

       69
       69
       -
                 echo "backup disk mounted at unexpected path: $TEST_DIR"

     

       70
       70
       -
                 ${pkgs.libnotify}/bin/notify-send "backup disk mounted at unexpected path: $TEST_DIR"

     

       71
       71
       -
                 exit 1

     

       72
       72
       -
               fi 

     

       73
       73
       -
               ${pkgs.libnotify}/bin/notify-send "backup starting"

     

       74
       74
       -
               ${pkgs.rsync}/bin/rsync -va --exclude={".cache",".local/share/Steam/"} ~/ $DIR/home/ −−delete−after

     

       75
       75
       -
               status=$?

     

       76
       76
       -
               if [ $status -eq 0 ]; then

     

       77
       77
       -
                 touch "$LAST_RUN_FILE"

     

       78
       78
       -
                 echo "backup finished"

     

       79
       79
       -
                 ${pkgs.libnotify}/bin/notify-send "backup finished"

     

       80
       80
       -
               else

     

       81
       81
       -
                 echo "backup failed"

     

       82
       82
       -
                 ${pkgs.libnotify}/bin/notify-send "backup failed"

     

       83
       83
       -
               fi

     

       84
       84
       -
               exit $status

     

       85
       85
       -
             ''; in "${backup}";

     

       85
       85
       +
               '';

     

       86
       86
       +
             in "${backup}";

     

       86
       87
        
             serviceConfig = {

     

       87
       88
        
               Type = "oneshot";

     

       88
       89
        
               User = config.custom.username;

     

       89
       90
        
             };

     

       90
       91
        
             # trigger on wake

     

       91
       91
       -
             wantedBy = [ "suspend.target" "hibernate.target" "hybrid-sleep.target" "suspend-then-hibernate.target" ];

     

       92
       92
       +
             wantedBy = [

     

       93
       93
       +
               "suspend.target"

     

       94
       94
       +
               "hibernate.target"

     

       95
       95
       +
               "hybrid-sleep.target"

     

       96
       96
       +
               "suspend-then-hibernate.target"

     

       97
       97
       +
             ];

     

       92
       98
        
             environment.DBUS_SESSION_BUS_ADDRESS = "unix:path=/run/user/1000/bus";

     

       93
       99
        
           };

     

       94
       100
        
           # trigger backup on hard drive connection

     
···

       97
       103
        
             # but we just assume the Seagate Expansion Desk is the same as /dev/disk/by-label/external-hdd

     

       98
       104
        
             # UDEV has crap support for detecting devices

     

       99
       105
        
             ''

     

       100
       100
       -
             ACTION=="add", SUBSYSTEM=="block", KERNEL=="sd[a-z]*[0-9]*", ATTRS{model}=="Expansion Desk  ", ATTRS{vendor}=="Seagate ", TAG+="systemd", ENV{SYSTEMD_WANTS}+="backup"

     

       101
       101
       -
           '';

     

       106
       106
       +
               ACTION=="add", SUBSYSTEM=="block", KERNEL=="sd[a-z]*[0-9]*", ATTRS{model}=="Expansion Desk  ", ATTRS{vendor}=="Seagate ", TAG+="systemd", ENV{SYSTEMD_WANTS}+="backup"

     

       107
       107
       +
             '';

     

       102
       108
        
           services.autofs = {

     

       103
       109
        
             enable = true;

     

       104
       110
        
             autoMaster = let

+81 -84

modules/personal/gui/default.nix

···

       1
       1
        
       { pkgs, config, lib, ... }:

     

       2
       2
        
       

     

       3
       3
       -
       let cfg = config.personal.gui; in

     

       4
       4
       -
       {

     

       3
       3
       +
       let cfg = config.personal.gui;

     

       4
       4
       +
       in {

     

       5
       5
        
         options.personal.gui.enable = lib.mkOption {

     

       6
       6
        
           type = lib.types.bool;

     

       7
       7
        
           default = cfg.i3 || cfg.sway || cfg.kde;

     
···

       58
       58
        
       

     

       59
       59
        
           nixpkgs.config.allowUnfree = true;

     

       60
       60
        
       

     

       61
       61
       -
           home-manager = {

     

       62
       62
       -
             useGlobalPkgs = true;

     

       63
       63
       -
           };

     

       61
       61
       +
           home-manager = { useGlobalPkgs = true; };

     

       64
       62
        
       

     

       65
       63
        
           environment.systemPackages = with pkgs;

     

       66
       64
        
             let

     

       67
       67
       -
             desktopEntries = [

     

       68
       68
       -
               (pkgs.makeDesktopItem {

     

       69
       69
       -
                 name = "feh.desktop";

     

       70
       70
       -
                 desktopName = "feh";

     

       71
       71
       -
                 exec = "feh --scale-down --auto-zoom";

     

       72
       72
       -
                 icon = "feh";

     

       65
       65
       +
               desktopEntries = [

     

       66
       66
       +
                 (pkgs.makeDesktopItem {

     

       67
       67
       +
                   name = "feh.desktop";

     

       68
       68
       +
                   desktopName = "feh";

     

       69
       69
       +
                   exec = "feh --scale-down --auto-zoom";

     

       70
       70
       +
                   icon = "feh";

     

       71
       71
       +
                 })

     

       72
       72
       +
               ];

     

       73
       73
       +
             in [

     

       74
       74
       +
               jq

     

       75
       75
       +
               playerctl

     

       76
       76
       +
               brightnessctl

     

       77
       77
       +
               xdg-utils

     

       78
       78
       +
               yad

     

       79
       79
       +
               networkmanagerapplet

     

       80
       80
       +
               pavucontrol

     

       81
       81
       +
               (xfce.thunar.override {

     

       82
       82
       +
                 thunarPlugins = with xfce; [ thunar-archive-plugin xfconf ];

     

       73
       83
        
               })

     

       74
       74
       -
             ];

     

       75
       75
       -
           in [

     

       76
       76
       -
             jq

     

       77
       77
       -
             playerctl

     

       78
       78
       -
             brightnessctl

     

       79
       79
       -
             xdg-utils

     

       80
       80
       -
             yad

     

       81
       81
       -
             networkmanagerapplet

     

       82
       82
       -
             pavucontrol

     

       83
       83
       -
             (xfce.thunar.override { thunarPlugins = with xfce; [

     

       84
       84
       -
               thunar-archive-plugin

     

       85
       85
       -
               xfconf

     

       86
       86
       -
             ]; })

     

       87
       87
       -
             gnome.file-roller

     

       88
       88
       -
             gnome.cheese

     

       89
       89
       -
             # https://discourse.nixos.org/t/sway-wm-configuration-polkit-login-manager/3857/6

     

       90
       90
       -
             polkit_gnome

     

       91
       91
       -
             glib

     

       92
       92
       -
             feh

     

       93
       93
       -
             libnotify

     

       84
       84
       +
               gnome.file-roller

     

       85
       85
       +
               gnome.cheese

     

       86
       86
       +
               # https://discourse.nixos.org/t/sway-wm-configuration-polkit-login-manager/3857/6

     

       87
       87
       +
               polkit_gnome

     

       88
       88
       +
               glib

     

       89
       89
       +
               feh

     

       90
       90
       +
               libnotify

     

       94
       91
        
       

     

       95
       95
       -
             # https://nixos.wiki/wiki/PipeWire#pactl_not_found

     

       96
       96
       -
             pulseaudio

     

       92
       92
       +
               # https://nixos.wiki/wiki/PipeWire#pactl_not_found

     

       93
       93
       +
               pulseaudio

     

       97
       94
        
       

     

       98
       98
       -
             (firefox.override {

     

       99
       99
       -
               nativeMessagingHosts = with pkgs; [

     

       100
       100
       -
                 tridactyl-native

     

       101
       101
       -
               ];

     

       102
       102
       -
             })

     

       103
       103
       -
             tridactyl-native

     

       104
       104
       -
             chromium

     

       105
       105
       -
             gparted

     

       106
       106
       -
             vlc

     

       107
       107
       -
             (vscode-with-extensions.override {

     

       108
       108
       -
               vscode = vscodium;

     

       109
       109
       -
               vscodeExtensions = with vscode-extensions; [

     

       110
       110
       -
                 asvetliakov.vscode-neovim

     

       111
       111
       -
                 james-yu.latex-workshop

     

       112
       112
       -
                 ocamllabs.ocaml-platform

     

       113
       113
       -
                 streetsidesoftware.code-spell-checker

     

       114
       114
       -
                 jdinhlife.gruvbox

     

       115
       115
       -
                 bbenoist.nix

     

       116
       116
       -
               ];

     

       117
       117
       -
             })

     

       118
       118
       -
             vscode

     

       95
       95
       +
               (firefox.override {

     

       96
       96
       +
                 nativeMessagingHosts = with pkgs; [ tridactyl-native ];

     

       97
       97
       +
               })

     

       98
       98
       +
               tridactyl-native

     

       99
       99
       +
               chromium

     

       100
       100
       +
               gparted

     

       101
       101
       +
               vlc

     

       102
       102
       +
               (vscode-with-extensions.override {

     

       103
       103
       +
                 vscode = vscodium;

     

       104
       104
       +
                 vscodeExtensions = with vscode-extensions; [

     

       105
       105
       +
                   asvetliakov.vscode-neovim

     

       106
       106
       +
                   james-yu.latex-workshop

     

       107
       107
       +
                   ocamllabs.ocaml-platform

     

       108
       108
       +
                   streetsidesoftware.code-spell-checker

     

       109
       109
       +
                   jdinhlife.gruvbox

     

       110
       110
       +
                   bbenoist.nix

     

       111
       111
       +
                 ];

     

       112
       112
       +
               })

     

       113
       113
       +
               vscode

     

       119
       114
        
       

     

       120
       120
       -
             i3-workspace-history

     

       121
       121
       -
           ] ++ desktopEntries;

     

       115
       115
       +
               i3-workspace-history

     

       116
       116
       +
             ] ++ desktopEntries;

     

       122
       117
        
       

     

       123
       118
        
           fonts.packages = with pkgs; [

     

       124
       119
        
             noto-fonts

     
···

       137
       132
        
           services.tumbler.enable = true;

     

       138
       133
        
       

     

       139
       134
        
           # ZSA Moonlander udev rules

     

       140
       140
       -
           services.udev.packages = [ (pkgs.writeTextFile {

     

       141
       141
       -
             name = "zsa-udev-rules";

     

       142
       142
       -
             text = ''

     

       143
       143
       -
               # Rules for Oryx web flashing and live training

     

       144
       144
       -
               KERNEL=="hidraw*", ATTRS{idVendor}=="16c0", MODE="0664", GROUP="plugdev"

     

       145
       145
       -
               KERNEL=="hidraw*", ATTRS{idVendor}=="3297", MODE="0664", GROUP="plugdev"

     

       146
       146
       -
               

     

       147
       147
       -
               # Legacy rules for live training over webusb (Not needed for firmware v21+)

     

       148
       148
       -
                 # Rule for all ZSA keyboards

     

       149
       149
       -
                 SUBSYSTEM=="usb", ATTR{idVendor}=="3297", GROUP="plugdev"

     

       150
       150
       -
                 # Rule for the Moonlander

     

       151
       151
       -
                 SUBSYSTEM=="usb", ATTR{idVendor}=="3297", ATTR{idProduct}=="1969", GROUP="plugdev"

     

       152
       152
       -
                 # Rule for the Ergodox EZ

     

       153
       153
       -
                 SUBSYSTEM=="usb", ATTR{idVendor}=="feed", ATTR{idProduct}=="1307", GROUP="plugdev"

     

       154
       154
       -
                 # Rule for the Planck EZ

     

       155
       155
       -
                 SUBSYSTEM=="usb", ATTR{idVendor}=="feed", ATTR{idProduct}=="6060", GROUP="plugdev"

     

       156
       156
       -
               

     

       157
       157
       -
               # Wally Flashing rules for the Ergodox EZ

     

       158
       158
       -
               ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789B]?", ENV{ID_MM_DEVICE_IGNORE}="1"

     

       159
       159
       -
               ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789A]?", ENV{MTP_NO_PROBE}="1"

     

       160
       160
       -
               SUBSYSTEMS=="usb", ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789ABCD]?", MODE:="0666"

     

       161
       161
       -
               KERNEL=="ttyACM*", ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789B]?", MODE:="0666"

     

       162
       162
       -
               

     

       163
       163
       -
               # Wally Flashing rules for the Moonlander and Planck EZ

     

       164
       164
       -
               SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", MODE:="0666", SYMLINK+="stm32_dfu"

     

       165
       165
       -
             '';

     

       166
       166
       -
             destination = "/lib/udev/rules.d/50-zsa.rules";

     

       167
       167
       -
            }) ];

     

       135
       135
       +
           services.udev.packages = [

     

       136
       136
       +
             (pkgs.writeTextFile {

     

       137
       137
       +
               name = "zsa-udev-rules";

     

       138
       138
       +
               text = ''

     

       139
       139
       +
                 # Rules for Oryx web flashing and live training

     

       140
       140
       +
                 KERNEL=="hidraw*", ATTRS{idVendor}=="16c0", MODE="0664", GROUP="plugdev"

     

       141
       141
       +
                 KERNEL=="hidraw*", ATTRS{idVendor}=="3297", MODE="0664", GROUP="plugdev"

     

       142
       142
       +
       

     

       143
       143
       +
                 # Legacy rules for live training over webusb (Not needed for firmware v21+)

     

       144
       144
       +
                   # Rule for all ZSA keyboards

     

       145
       145
       +
                   SUBSYSTEM=="usb", ATTR{idVendor}=="3297", GROUP="plugdev"

     

       146
       146
       +
                   # Rule for the Moonlander

     

       147
       147
       +
                   SUBSYSTEM=="usb", ATTR{idVendor}=="3297", ATTR{idProduct}=="1969", GROUP="plugdev"

     

       148
       148
       +
                   # Rule for the Ergodox EZ

     

       149
       149
       +
                   SUBSYSTEM=="usb", ATTR{idVendor}=="feed", ATTR{idProduct}=="1307", GROUP="plugdev"

     

       150
       150
       +
                   # Rule for the Planck EZ

     

       151
       151
       +
                   SUBSYSTEM=="usb", ATTR{idVendor}=="feed", ATTR{idProduct}=="6060", GROUP="plugdev"

     

       152
       152
       +
       

     

       153
       153
       +
                 # Wally Flashing rules for the Ergodox EZ

     

       154
       154
       +
                 ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789B]?", ENV{ID_MM_DEVICE_IGNORE}="1"

     

       155
       155
       +
                 ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789A]?", ENV{MTP_NO_PROBE}="1"

     

       156
       156
       +
                 SUBSYSTEMS=="usb", ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789ABCD]?", MODE:="0666"

     

       157
       157
       +
                 KERNEL=="ttyACM*", ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789B]?", MODE:="0666"

     

       158
       158
       +
       

     

       159
       159
       +
                 # Wally Flashing rules for the Moonlander and Planck EZ

     

       160
       160
       +
                 SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", MODE:="0666", SYMLINK+="stm32_dfu"

     

       161
       161
       +
               '';

     

       162
       162
       +
               destination = "/lib/udev/rules.d/50-zsa.rules";

     

       163
       163
       +
             })

     

       164
       164
       +
           ];

     

       168
       165
        
       

     

       169
       166
        
           # sets $WORLDLIST

     

       170
       167
        
           environment.wordlist.enable = true;

+2 -2

modules/personal/gui/extra.nix

···

       1
       1
        
       { pkgs, config, lib, ... }:

     

       2
       2
        
       

     

       3
       3
       -
       let cfg = config.personal.gui; in

     

       4
       4
       -
       {

     

       3
       3
       +
       let cfg = config.personal.gui;

     

       4
       4
       +
       in {

     

       5
       5
        
         options.personal.gui.extra = lib.mkEnableOption "extra";

     

       6
       6
        
       

     

       7
       7
        
         config = lib.mkIf cfg.extra {

+2 -2

modules/personal/gui/i3.nix

···

       1
       1
        
       { pkgs, config, lib, ... }:

     

       2
       2
        
       

     

       3
       3
       -
       let cfg = config.personal.gui; in

     

       4
       4
       -
       {

     

       3
       3
       +
       let cfg = config.personal.gui;

     

       4
       4
       +
       in {

     

       5
       5
        
         options.personal.gui.i3 = lib.mkEnableOption "i3";

     

       6
       6
        
       

     

       7
       7
        
         config = lib.mkIf cfg.i3 {

+2 -2

modules/personal/gui/kde.nix

···

       1
       1
        
       { config, lib, ... }:

     

       2
       2
        
       

     

       3
       3
       -
       let cfg = config.personal.gui; in

     

       4
       4
       -
       {

     

       3
       3
       +
       let cfg = config.personal.gui;

     

       4
       4
       +
       in {

     

       5
       5
        
         options.personal.gui.kde = lib.mkEnableOption "kde";

     

       6
       6
        
       

     

       7
       7
        
         config = lib.mkIf cfg.kde {

+2 -2

modules/personal/gui/sway.nix

···

       1
       1
        
       { pkgs, config, lib, ... }:

     

       2
       2
        
       

     

       3
       3
       -
       let cfg = config.personal.gui; in

     

       4
       4
       -
       {

     

       3
       3
       +
       let cfg = config.personal.gui;

     

       4
       4
       +
       in {

     

       5
       5
        
         options.personal.gui.sway = lib.mkEnableOption "sway";

     

       6
       6
        
       

     

       7
       7
        
         config = lib.mkIf cfg.sway {

+18 -25

modules/personal/home/default.nix

···

       1
       1
        
       { pkgs, config, ... }:

     

       2
       2
        
       

     

       3
       3
        
       {

     

       4
       4
       -
         imports = [

     

       5
       5
       -
           ./mail/default.nix

     

       6
       6
       -
         ];

     

       4
       4
       +
         imports = [ ./mail/default.nix ];

     

       7
       5
        
       

     

       8
       6
        
         gtk = {

     

       9
       7
        
           enable = true;

     
···

       24
       22
        
         # evince workaround

     

       25
       23
        
         home.sessionVariables.GTK_THEME = "gruvbox-dark";

     

       26
       24
        
       

     

       27
       27
       -
         home.sessionVariables.WALLPAPER =

     

       28
       28
       -
           let wallpaper = ./wallpaper.jpg; in

     

       29
       29
       -
           pkgs.runCommand (builtins.baseNameOf wallpaper) {} "cp ${wallpaper} $out";

     

       25
       25
       +
         home.sessionVariables.WALLPAPER = let wallpaper = ./wallpaper.jpg;

     

       26
       26
       +
         in pkgs.runCommand (builtins.baseNameOf wallpaper) { } "cp ${wallpaper} $out";

     

       30
       27
        
       

     

       31
       28
        
         home.sessionVariables.GOPATH = "$HOME/.go";

     

       32
       29
        
       

     

       33
       30
        
         home.pointerCursor = {

     

       34
       34
       -
             name = "Adwaita";

     

       35
       35
       -
             package = pkgs.gnome.adwaita-icon-theme;

     

       36
       36
       -
             size = 32;

     

       31
       31
       +
           name = "Adwaita";

     

       32
       32
       +
           package = pkgs.gnome.adwaita-icon-theme;

     

       33
       33
       +
           size = 32;

     

       37
       34
        
         };

     

       38
       35
        
       

     

       39
       36
        
         home.file.".profile".text = ''

     

       40
       37
        
           source "$HOME/.nix-profile/etc/profile.d/hm-session-vars.sh"

     

       41
       38
        
         '';

     

       42
       39
        
       

     

       43
       43
       -
         programs.firefox =

     

       44
       44
       -
         let

     

       40
       40
       +
         programs.firefox = let

     

       45
       41
        
           settings = {

     

       46
       42
        
             "browser.ctrlTab.recentlyUsedOrder" = false;

     

       47
       43
        
             "browser.tabs.warnOnClose" = false;

     
···

       55
       51
        
             # Use userChrome.css

     

       56
       52
        
             "toolkit.legacyUserProfileCustomizations.stylesheets" = true;

     

       57
       53
        
       

     

       58
       58
       -
             "browser.shell.checkDefaultBrowser" = false; 

     

       54
       54
       +
             "browser.shell.checkDefaultBrowser" = false;

     

       59
       55
        
       

     

       60
       56
        
             # sync toolbar

     

       61
       57
        
             "services.sync.prefs.sync.browser.uiCustomization.state" = true;

     
···

       77
       73
        
                 visibility: collapse;

     

       78
       74
        
             }

     

       79
       75
        
           '';

     

       80
       80
       -
         in

     

       81
       81
       -
         {

     

       76
       76
       +
         in {

     

       82
       77
        
           enable = true;

     

       83
       78
        
           profiles.default = {

     

       84
       79
        
             settings = settings;

     
···

       91
       86
        
             userChrome = userChrome;

     

       92
       87
        
           };

     

       93
       88
        
           package = (pkgs.firefox.override {

     

       94
       94
       -
             nativeMessagingHosts = with pkgs; [

     

       95
       95
       -
               tridactyl-native

     

       96
       96
       -
             ];

     

       89
       89
       +
             nativeMessagingHosts = with pkgs; [ tridactyl-native ];

     

       97
       90
        
           });

     

       98
       91
        
         };

     

       99
       92
        
       

     
···

       153
       146
        
           userDirs = {

     

       154
       147
        
             enable = true;

     

       155
       148
        
             createDirectories = true;

     

       156
       156
       -
             download    = "$HOME/downloads";

     

       157
       157
       -
             pictures    = "$HOME/pictures";

     

       158
       158
       -
             videos      = "$HOME/videos";

     

       159
       159
       -
             documents   = "$HOME/documents/";

     

       160
       160
       -
             music       = "$HOME/";

     

       149
       149
       +
             download = "$HOME/downloads";

     

       150
       150
       +
             pictures = "$HOME/pictures";

     

       151
       151
       +
             videos = "$HOME/videos";

     

       152
       152
       +
             documents = "$HOME/documents/";

     

       153
       153
       +
             music = "$HOME/";

     

       161
       154
        
             # https://bugzilla.mozilla.org/show_bug.cgi?id=1082717

     

       162
       162
       -
             desktop     = "$HOME/";

     

       163
       163
       -
             templates   = "$HOME/";

     

       155
       155
       +
             desktop = "$HOME/";

     

       156
       156
       +
             templates = "$HOME/";

     

       164
       157
        
             publicShare = "$HOME/";

     

       165
       158
        
           };

     

       166
       159
        
         };

     

       167
       167
       -
         

     

       160
       160
       +
       

     

       168
       161
        
         # https://github.com/nix-community/home-manager/issues/1439#issuecomment-1106208294

     

       169
       162
        
         home.activation = {

     

       170
       163
        
           linkDesktopApplications = {

+35 -34

modules/personal/home/i3.nix

···

       1
       1
        
       { pkgs, lib, ... }:

     

       2
       2
        
       

     

       3
       3
       -
       let replacements = {

     

       4
       4
       -
         wm = "i3";

     

       5
       5
       -
         wmmsg = "i3-msg";

     

       6
       6
       -
         rofi = "rofi";

     

       7
       7
       -
         app_id = "class";

     

       8
       8
       -
         bar_extra = "";

     

       9
       9
       -
         locked = "";

     

       10
       10
       -
         polkit_gnome = "${pkgs.polkit_gnome}";

     

       11
       11
       -
         locker = "xsecurelock";

     

       12
       12
       -
         enable_output  = "xrandr --output $laptop_output --auto";

     

       13
       13
       -
         disable_output = "xrandr --output $laptop_output --off";

     

       14
       14
       -
         drun = "rofi -i -modi drun -show drun";

     

       15
       15
       -
         run = "rofi -i -modi run -show run";

     

       16
       16
       -
         dmenu = "rofi -i -dmenu -p";

     

       17
       17
       -
         displays = "arandr";

     

       18
       18
       -
         bar = "i3bar";

     

       19
       19
       -
         notification_deamon = "dunst";

     

       20
       20
       -
         i3-workspace-history = "${pkgs.i3-workspace-history}";

     

       21
       21
       -
         i3-workspace-history-args = "";

     

       22
       22
       -
       }; in

     

       23
       23
       -
       let util = import ./util.nix { inherit pkgs lib; }; in

     

       24
       24
       -
       {

     

       3
       3
       +
       let

     

       4
       4
       +
         replacements = {

     

       5
       5
       +
           wm = "i3";

     

       6
       6
       +
           wmmsg = "i3-msg";

     

       7
       7
       +
           rofi = "rofi";

     

       8
       8
       +
           app_id = "class";

     

       9
       9
       +
           bar_extra = "";

     

       10
       10
       +
           locked = "";

     

       11
       11
       +
           polkit_gnome = "${pkgs.polkit_gnome}";

     

       12
       12
       +
           locker = "xsecurelock";

     

       13
       13
       +
           enable_output = "xrandr --output $laptop_output --auto";

     

       14
       14
       +
           disable_output = "xrandr --output $laptop_output --off";

     

       15
       15
       +
           drun = "rofi -i -modi drun -show drun";

     

       16
       16
       +
           run = "rofi -i -modi run -show run";

     

       17
       17
       +
           dmenu = "rofi -i -dmenu -p";

     

       18
       18
       +
           displays = "arandr";

     

       19
       19
       +
           bar = "i3bar";

     

       20
       20
       +
           notification_deamon = "dunst";

     

       21
       21
       +
           i3-workspace-history = "${pkgs.i3-workspace-history}";

     

       22
       22
       +
           i3-workspace-history-args = "";

     

       23
       23
       +
         };

     

       24
       24
       +
       in let util = import ./util.nix { inherit pkgs lib; };

     

       25
       25
       +
       in {

     

       25
       26
        
         # TODO

     

       26
       27
        
         # idling

     

       27
       28
        
       

     
···

       43
       44
        
           '';

     

       44
       45
        
         };

     

       45
       46
        
       

     

       46
       46
       -
         xdg.configFile  =

     

       47
       47
       -
           let entries = {

     

       47
       47
       +
         xdg.configFile = let

     

       48
       48
       +
           entries = {

     

       48
       49
        
             "dunst/dunstrc".source = ./dunst;

     

       49
       49
       -
             "i3/config".text =

     

       50
       50
       -
               let wmFilenames = util.listFilesInDir ./wm/config.d; in

     

       51
       51
       -
               let i3Filenames = util.listFilesInDir ./wm/i3; in

     

       52
       52
       -
               (util.concatFilesReplace ([ ./wm/config ] ++ wmFilenames ++ i3Filenames) replacements);

     

       50
       50
       +
             "i3/config".text = let wmFilenames = util.listFilesInDir ./wm/config.d;

     

       51
       51
       +
             in let i3Filenames = util.listFilesInDir ./wm/i3;

     

       52
       52
       +
             in (util.concatFilesReplace

     

       53
       53
       +
               ([ ./wm/config ] ++ wmFilenames ++ i3Filenames) replacements);

     

       53
       54
        
             "i3blocks".source = ./i3blocks;

     

       54
       55
        
             "rofi/config.rasi".source = ./rofi.rasi;

     

       55
       55
       -
           }; in

     

       56
       56
       -
           (util.inDirReplace ./wm/scripts "i3/scripts" replacements) // entries;

     

       56
       56
       +
           };

     

       57
       57
       +
         in (util.inDirReplace ./wm/scripts "i3/scripts" replacements) // entries;

     

       57
       58
        
       

     

       58
       58
       -
           services.redshift = {

     

       59
       59
       -
             enable = true;

     

       60
       60
       -
             provider = "geoclue2";

     

       61
       61
       -
           };

     

       59
       59
       +
         services.redshift = {

     

       60
       60
       +
           enable = true;

     

       61
       61
       +
           provider = "geoclue2";

     

       62
       62
       +
         };

     

       62
       63
        
       }

+1 -3

modules/personal/home/mail/aerc-binds.nix

···

       88
       88
        
           "E" = ":envelope -h<Enter>";

     

       89
       89
        
         };

     

       90
       90
        
       

     

       91
       91
       -
         "messages:folder=Drafts" = {

     

       92
       92
       -
           "<Enter>" = ":recall<Enter>";

     

       93
       93
       -
         };

     

       91
       91
       +
         "messages:folder=Drafts" = { "<Enter>" = ":recall<Enter>"; };

     

       94
       92
        
       

     

       95
       93
        
         view = {

     

       96
       94
        
           "/" = ":toggle-key-passthrough<Enter>/";

+30 -26

modules/personal/home/mail/default.nix

···

       6
       6
        
           ${pkgs.ugrep}/bin/ugrep -jPh -m 100 --color=never "$1"\

     

       7
       7
        
             ${config.accounts.email.maildirBasePath}/addressbook/maildir\

     

       8
       8
        
             ${config.accounts.email.maildirBasePath}/addressbook/cam-ldap

     

       9
       9
       -
           '';

     

       9
       9
       +
         '';

     

       10
       10
        
         sync-mail = pkgs.writeScriptBin "sync-mail" ''

     

       11
       11
        
           #!/usr/bin/env bash

     

       12
       12
        
           ${pkgs.isync}/bin/mbsync "$1"

     
···

       62
       62
        
               "ui:folder=Sent".index-columns = "date<=,to<50,flags>=,subject<*";

     

       63
       63
        
               "ui:folder=Sent".column-to = "{{index (.To | persons) 0}}";

     

       64
       64
        
               openers."text/html" = "firefox --new-window";

     

       65
       65
       -
               hooks.mail-recieved = ''notify-send "[$AERC_ACCOUNT/$AERC_FOLDER] mail from $AERC_FROM_NAME" "$AERC_SUBJECT"'';

     

       65
       65
       +
               hooks.mail-recieved = ''

     

       66
       66
       +
                 notify-send "[$AERC_ACCOUNT/$AERC_FOLDER] mail from $AERC_FROM_NAME" "$AERC_SUBJECT"'';

     

       66
       67
        
               filters = {

     

       67
       68
        
                 "text/plain" = "wrap -w 90 | colorize";

     

       68
       69
        
                 "text/calendar" = "calendar";

     
···

       86
       87
        
                                        "mu find"

     

       87
       88
        
               macro index <F9> "<change-folder-readonly>˜/Maildir/search" \

     

       88
       89
        
                                              "mu find results"

     

       89
       89
       -
           '';

     

       90
       90
       +
             '';

     

       90
       91
        
           };

     

       91
       92
        
         };

     

       92
       93
        
       

     
···

       119
       120
        
               imapnotify = {

     

       120
       121
        
                 enable = true;

     

       121
       122
        
                 boxes = [ "Inbox" ];

     

       122
       122
       -
                 onNotify = "${pkgs.isync}/bin/mbsync ryan@freumh.org && ${pkgs.mu}/bin/mu index && ${pkgs.procps}/bin/pkill -RTMIN+13 i3blocks";

     

       123
       123
       +
                 onNotify =

     

       124
       124
       +
                   "${pkgs.isync}/bin/mbsync ryan@freumh.org && ${pkgs.mu}/bin/mu index && ${pkgs.procps}/bin/pkill -RTMIN+13 i3blocks";

     

       123
       125
        
               };

     

       124
       126
        
               mbsync = {

     

       125
       127
        
                 enable = true;

     
···

       127
       129
        
                 expunge = "both";

     

       128
       130
        
                 remove = "both";

     

       129
       131
        
               };

     

       130
       130
       -
               msmtp = {

     

       131
       131
       -
                 enable = true;

     

       132
       132
       -
               };

     

       132
       132
       +
               msmtp = { enable = true; };

     

       133
       133
        
               aerc = {

     

       134
       134
        
                 enable = true;

     

       135
       135
        
                 extraAccounts = {

     

       136
       136
       -
                   check-mail-cmd = "${pkgs.isync}/bin/mbsync ryan@freumh.org && ${pkgs.mu}/bin/mu index && ${pkgs.procps}/bin/pkill -RTMIN+13 i3blocks";

     

       136
       136
       +
                   check-mail-cmd =

     

       137
       137
       +
                     "${pkgs.isync}/bin/mbsync ryan@freumh.org && ${pkgs.mu}/bin/mu index && ${pkgs.procps}/bin/pkill -RTMIN+13 i3blocks";

     

       137
       138
        
                   check-mail-timeout = "1m";

     

       138
       139
        
                   check-mail = "1h";

     

       139
       140
        
                   folders-sort = [ "Inbox" "Sent" "Drafts" "Archive" "Spam" "Trash" ];

     
···

       173
       174
        
               imapnotify = {

     

       174
       175
        
                 enable = true;

     

       175
       176
        
                 boxes = [ "Inbox" ];

     

       176
       176
       -
                 onNotify = "${pkgs.isync}/bin/mbsync misc@freumh.org && ${pkgs.mu}/bin/mu index && ${pkgs.procps}/bin/pkill -RTMIN+13 i3blocks";

     

       177
       177
       +
                 onNotify =

     

       178
       178
       +
                   "${pkgs.isync}/bin/mbsync misc@freumh.org && ${pkgs.mu}/bin/mu index && ${pkgs.procps}/bin/pkill -RTMIN+13 i3blocks";

     

       177
       179
        
               };

     

       178
       180
        
               mbsync = {

     

       179
       181
        
                 enable = true;

     
···

       181
       183
        
                 expunge = "both";

     

       182
       184
        
                 remove = "both";

     

       183
       185
        
               };

     

       184
       184
       -
               msmtp = {

     

       185
       185
       -
                 enable = true;

     

       186
       186
       -
               };

     

       186
       186
       +
               msmtp = { enable = true; };

     

       187
       187
        
               neomutt = {

     

       188
       188
        
                 enable = true;

     

       189
       189
        
                 extraConfig = ''

     
···

       199
       199
        
               userName = "rtg24@fm.cl.cam.ac.uk";

     

       200
       200
        
               address = "ryan.gibb@cl.cam.ac.uk";

     

       201
       201
        
               realName = "Ryan Gibb";

     

       202
       202
       -
               passwordCommand = "${pkgs.pass}/bin/pass show email/ryan.gibb@cl.cam.ac.uk";

     

       202
       202
       +
               passwordCommand =

     

       203
       203
       +
                 "${pkgs.pass}/bin/pass show email/ryan.gibb@cl.cam.ac.uk";

     

       203
       204
        
               flavor = "fastmail.com";

     

       204
       205
        
               folders = {

     

       205
       206
        
                 drafts = "Drafts";

     
···

       210
       211
        
               imapnotify = {

     

       211
       212
        
                 enable = true;

     

       212
       213
        
                 boxes = [ "Inbox" ];

     

       213
       213
       -
                 onNotify = "${pkgs.isync}/bin/mbsync ryan.gibb@cl.cam.ac.uk && ${pkgs.mu}/bin/mu index && ${pkgs.procps}/bin/pkill -RTMIN+13 i3blocks";

     

       214
       214
       +
                 onNotify =

     

       215
       215
       +
                   "${pkgs.isync}/bin/mbsync ryan.gibb@cl.cam.ac.uk && ${pkgs.mu}/bin/mu index && ${pkgs.procps}/bin/pkill -RTMIN+13 i3blocks";

     

       214
       216
        
               };

     

       215
       217
        
               mbsync = {

     

       216
       218
        
                 enable = true;

     
···

       218
       220
        
                 expunge = "both";

     

       219
       221
        
                 remove = "both";

     

       220
       222
        
               };

     

       221
       221
       -
               msmtp = {

     

       222
       222
       -
                 enable = true;

     

       223
       223
       -
               };

     

       223
       223
       +
               msmtp = { enable = true; };

     

       224
       224
        
               aerc = {

     

       225
       225
        
                 enable = true;

     

       226
       226
        
                 extraAccounts = {

     

       227
       227
       -
                   check-mail-cmd = "${pkgs.isync}/bin/mbsync ryan.gibb@cl.cam.ac.uk && ${pkgs.mu}/bin/mu index && ${pkgs.procps}/bin/pkill -RTMIN+13 i3blocks";

     

       227
       227
       +
                   check-mail-cmd =

     

       228
       228
       +
                     "${pkgs.isync}/bin/mbsync ryan.gibb@cl.cam.ac.uk && ${pkgs.mu}/bin/mu index && ${pkgs.procps}/bin/pkill -RTMIN+13 i3blocks";

     

       228
       229
        
                   check-mail-timeout = "1m";

     

       229
       230
        
                   check-mail = "1h";

     

       230
       231
        
                   aliases = "rtg24@cam.ac.uk";

     

       231
       231
       -
                   folders-sort = [ "Inbox" "Sidebox" "Sent" "Drafts" "Archive" "Spam" "Trash" ];

     

       232
       232
       +
                   folders-sort =

     

       233
       233
       +
                     [ "Inbox" "Sidebox" "Sent" "Drafts" "Archive" "Spam" "Trash" ];

     

       232
       234
        
                   folder-map = "${pkgs.writeText "folder-map" ''

     

       233
       235
        
                     Bin = Trash

     

       234
       236
        
                   ''}";

     
···

       249
       251
        
               userName = "ryangibb321@gmail.com";

     

       250
       252
        
               address = "ryangibb321@gmail.com";

     

       251
       253
        
               realName = "Ryan Gibb";

     

       252
       252
       -
               passwordCommand = "${pkgs.pass}/bin/pass show email/ryangibb321@gmail.com";

     

       254
       254
       +
               passwordCommand =

     

       255
       255
       +
                 "${pkgs.pass}/bin/pass show email/ryangibb321@gmail.com";

     

       253
       256
        
               flavor = "gmail.com";

     

       254
       257
        
               folders = {

     

       255
       258
        
                 drafts = "Drafts";

     
···

       260
       263
        
               imapnotify = {

     

       261
       264
        
                 enable = true;

     

       262
       265
        
                 boxes = [ "Inbox" ];

     

       263
       263
       -
                 onNotify = "${pkgs.isync}/bin/mbsync ryangibb321@gmail.com && ${pkgs.mu}/bin/mu index && ${pkgs.procps}/bin/pkill -RTMIN+13 i3blocks";

     

       266
       266
       +
                 onNotify =

     

       267
       267
       +
                   "${pkgs.isync}/bin/mbsync ryangibb321@gmail.com && ${pkgs.mu}/bin/mu index && ${pkgs.procps}/bin/pkill -RTMIN+13 i3blocks";

     

       264
       268
        
               };

     

       265
       269
        
               mbsync = {

     

       266
       270
        
                 enable = true;

     
···

       268
       272
        
                 expunge = "both";

     

       269
       273
        
                 remove = "both";

     

       270
       274
        
               };

     

       271
       271
       -
               msmtp = {

     

       272
       272
       -
                 enable = true;

     

       273
       273
       -
               };

     

       275
       275
       +
               msmtp = { enable = true; };

     

       274
       276
        
               aerc = {

     

       275
       277
        
                 enable = true;

     

       276
       278
        
                 extraAccounts = {

     

       277
       277
       -
                   check-mail-cmd = "${pkgs.isync}/bin/mbsync ryangibb321@gmail.com && ${pkgs.mu}/bin/mu index && ${pkgs.procps}/bin/pkill -RTMIN+13 i3blocks";

     

       279
       279
       +
                   check-mail-cmd =

     

       280
       280
       +
                     "${pkgs.isync}/bin/mbsync ryangibb321@gmail.com && ${pkgs.mu}/bin/mu index && ${pkgs.procps}/bin/pkill -RTMIN+13 i3blocks";

     

       278
       281
        
                   check-mail-timeout = "1m";

     

       279
       282
        
                   check-mail = "1h";

     

       280
       280
       -
                   folders-sort = [ "Inbox" "Sidebox" "Sent" "Drafts" "Archive" "Spam" "Trash" ];

     

       283
       283
       +
                   folders-sort =

     

       284
       284
       +
                     [ "Inbox" "Sidebox" "Sent" "Drafts" "Archive" "Spam" "Trash" ];

     

       281
       285
        
                   folder-map = "${pkgs.writeText "folder-map" ''

     

       282
       286
        
                     * = [Gmail]/*

     

       283
       287
        
                     Sent = 'Sent Mail'

+37 -36

modules/personal/home/sway.nix

···

       1
       1
        
       { pkgs, lib, ... }:

     

       2
       2
        
       

     

       3
       3
       -
       let replacements = {

     

       4
       4
       -
         wm = "sway";

     

       5
       5
       -
         wmmsg = "swaymsg";

     

       6
       6
       -
         rofi = "wofi";

     

       7
       7
       -
         app_id = "app_id";

     

       8
       8
       -
         bar_extra = ''

     

       9
       9
       -
           icon_theme Papirus

     

       10
       10
       -
         '';

     

       11
       11
       -
         locked = "--locked";

     

       12
       12
       -
         polkit_gnome = "${pkgs.polkit_gnome}";

     

       13
       13
       -
         locker = "swaylock -f -i $WALLPAPER";

     

       14
       14
       -
         enable_output  = "swaymsg output $laptop_output enable";

     

       15
       15
       -
         disable_output = "swaymsg output $laptop_output disable";

     

       16
       16
       -
         drun = "wofi -i --show drun --allow-images -a";

     

       17
       17
       -
         run = "wofi -i --show run";

     

       18
       18
       -
         dmenu = "wofi -d -i -p";

     

       19
       19
       -
         displays = "wdisplays";

     

       20
       20
       -
         bar = "swaybar";

     

       21
       21
       -
         notification_deamon = "mako";

     

       22
       22
       -
         i3-workspace-history = "${pkgs.i3-workspace-history}";

     

       23
       23
       -
         i3-workspace-history-args = "-sway";

     

       24
       24
       -
       }; in

     

       25
       25
       -
       let util = import ./util.nix { inherit pkgs lib; }; in

     

       26
       26
       -
       {

     

       3
       3
       +
       let

     

       4
       4
       +
         replacements = {

     

       5
       5
       +
           wm = "sway";

     

       6
       6
       +
           wmmsg = "swaymsg";

     

       7
       7
       +
           rofi = "wofi";

     

       8
       8
       +
           app_id = "app_id";

     

       9
       9
       +
           bar_extra = ''

     

       10
       10
       +
             icon_theme Papirus

     

       11
       11
       +
           '';

     

       12
       12
       +
           locked = "--locked";

     

       13
       13
       +
           polkit_gnome = "${pkgs.polkit_gnome}";

     

       14
       14
       +
           locker = "swaylock -f -i $WALLPAPER";

     

       15
       15
       +
           enable_output = "swaymsg output $laptop_output enable";

     

       16
       16
       +
           disable_output = "swaymsg output $laptop_output disable";

     

       17
       17
       +
           drun = "wofi -i --show drun --allow-images -a";

     

       18
       18
       +
           run = "wofi -i --show run";

     

       19
       19
       +
           dmenu = "wofi -d -i -p";

     

       20
       20
       +
           displays = "wdisplays";

     

       21
       21
       +
           bar = "swaybar";

     

       22
       22
       +
           notification_deamon = "mako";

     

       23
       23
       +
           i3-workspace-history = "${pkgs.i3-workspace-history}";

     

       24
       24
       +
           i3-workspace-history-args = "-sway";

     

       25
       25
       +
         };

     

       26
       26
       +
       in let util = import ./util.nix { inherit pkgs lib; };

     

       27
       27
       +
       in {

     

       27
       28
        
         home.sessionVariables = {

     

       28
       29
        
           QT_QPA_PLATFORM = "wayland";

     

       29
       30
        
           SDL_VIDEODRIVER = "wayland";

     
···

       50
       51
        
           fi

     

       51
       52
        
         '';

     

       52
       53
        
       

     

       53
       53
       -
         xdg.configFile  =

     

       54
       54
       -
           let entries = {

     

       54
       54
       +
         xdg.configFile = let

     

       55
       55
       +
           entries = {

     

       55
       56
        
             "fusuma/config.yml".source = ./fusuma.yml;

     

       56
       57
        
             "kanshi/config".source = ./kanshi;

     

       57
       58
        
             "mako/config".source = ./mako;

     
···

       62
       63
        
               save_dir=$XDG_PICTURES_DIR/capture/

     

       63
       64
        
               save_filename_format=screenshot_%Y-%m-%dT%H:%M:%S%z.png

     

       64
       65
        
             '';

     

       65
       65
       -
             "sway/config".text =

     

       66
       66
       -
               let wmFilenames = util.listFilesInDir ./wm/config.d; in

     

       67
       67
       -
               let swayFilenames = util.listFilesInDir ./wm/sway; in

     

       68
       68
       -
               (util.concatFilesReplace ([ ./wm/config ] ++ wmFilenames ++ swayFilenames) replacements);

     

       66
       66
       +
             "sway/config".text = let wmFilenames = util.listFilesInDir ./wm/config.d;

     

       67
       67
       +
             in let swayFilenames = util.listFilesInDir ./wm/sway;

     

       68
       68
       +
             in (util.concatFilesReplace

     

       69
       69
       +
               ([ ./wm/config ] ++ wmFilenames ++ swayFilenames) replacements);

     

       69
       70
        
             "i3blocks".source = ./i3blocks;

     

       70
       70
       -
           }; in

     

       71
       71
       -
           (util.inDirReplace ./wm/scripts "sway/scripts" replacements) // entries;

     

       72
       72
       -
       

     

       73
       73
       -
           services.gammastep = {

     

       74
       74
       -
             enable = true;

     

       75
       75
       -
             provider = "geoclue2";

     

       76
       71
        
           };

     

       72
       72
       +
         in (util.inDirReplace ./wm/scripts "sway/scripts" replacements) // entries;

     

       73
       73
       +
       

     

       74
       74
       +
         services.gammastep = {

     

       75
       75
       +
           enable = true;

     

       76
       76
       +
           provider = "geoclue2";

     

       77
       77
       +
         };

     

       77
       78
        
       }

+30 -16

modules/personal/home/util.nix

···

       1
       1
        
       { pkgs, lib, ... }:

     

       2
       2
        
       

     

       3
       3
        
       {

     

       4
       4
       -
         listFilesInDir = src: lib.attrsets.mapAttrsToList (name: value: "${src}/${name}") (builtins.readDir src);

     

       5
       5
       -
         inDirReplace = src: dst: replacements: lib.pipe src [

     

       6
       6
       -
           # get filenames in src directory

     

       7
       7
       -
           builtins.readDir

     

       8
       8
       -
           (lib.attrsets.mapAttrsToList (name: value: "${name}"))

     

       9
       9
       -
           # call `substituteAll` on all files

     

       10
       10
       -
           (

     

       11
       11
       -
             let substitutedSource = file: { source = (pkgs.substituteAll ({src="/${src}/${file}"; isExecutable = true;} // replacements)); }; in

     

       12
       12
       -
             builtins.map (file: lib.attrsets.nameValuePair "${dst}/${file}" (substitutedSource file))

     

       13
       13
       -
           )

     

       14
       14
       -
           builtins.listToAttrs

     

       15
       15
       -
         ];

     

       4
       4
       +
         listFilesInDir = src:

     

       5
       5
       +
           lib.attrsets.mapAttrsToList (name: value: "${src}/${name}")

     

       6
       6
       +
           (builtins.readDir src);

     

       7
       7
       +
         inDirReplace = src: dst: replacements:

     

       8
       8
       +
           lib.pipe src [

     

       9
       9
       +
             # get filenames in src directory

     

       10
       10
       +
             builtins.readDir

     

       11
       11
       +
             (lib.attrsets.mapAttrsToList (name: value: "${name}"))

     

       12
       12
       +
             # call `substituteAll` on all files

     

       13
       13
       +
             (let

     

       14
       14
       +
               substitutedSource = file: {

     

       15
       15
       +
                 source = (pkgs.substituteAll ({

     

       16
       16
       +
                   src = "/${src}/${file}";

     

       17
       17
       +
                   isExecutable = true;

     

       18
       18
       +
                 } // replacements));

     

       19
       19
       +
               };

     

       20
       20
       +
             in builtins.map (file:

     

       21
       21
       +
               lib.attrsets.nameValuePair "${dst}/${file}" (substitutedSource file)))

     

       22
       22
       +
             builtins.listToAttrs

     

       23
       23
       +
           ];

     

       16
       24
        
         concatFilesReplace = filenames: replacements:

     

       17
       17
       -
           let fromStrings = lib.attrsets.mapAttrsToList (name: value: "@${name}@") replacements; in

     

       18
       18
       -
           let toStrings =   lib.attrsets.mapAttrsToList (name: value: "${value}") replacements; in

     

       19
       19
       -
           let fileToString = file: builtins.replaceStrings fromStrings toStrings (builtins.readFile file); in

     

       20
       20
       -
           builtins.concatStringsSep "\n" (builtins.map fileToString filenames);

     

       25
       25
       +
           let

     

       26
       26
       +
             fromStrings =

     

       27
       27
       +
               lib.attrsets.mapAttrsToList (name: value: "@${name}@") replacements;

     

       28
       28
       +
           in let

     

       29
       29
       +
             toStrings =

     

       30
       30
       +
               lib.attrsets.mapAttrsToList (name: value: "${value}") replacements;

     

       31
       31
       +
           in let

     

       32
       32
       +
             fileToString = file:

     

       33
       33
       +
               builtins.replaceStrings fromStrings toStrings (builtins.readFile file);

     

       34
       34
       +
           in builtins.concatStringsSep "\n" (builtins.map fileToString filenames);

     

       21
       35
        
       }

+3 -3

modules/personal/laptop.nix

···

       1
       1
        
       { pkgs, config, lib, ... }:

     

       2
       2
        
       

     

       3
       3
       -
       let cfg = config.personal; in

     

       4
       4
       -
       {

     

       3
       3
       +
       let cfg = config.personal;

     

       4
       4
       +
       in {

     

       5
       5
        
         options.personal.laptop = lib.mkEnableOption "laptop";

     

       6
       6
       -
         

     

       6
       6
       +
       

     

       7
       7
        
         config = lib.mkIf cfg.laptop {

     

       8
       8
        
           users.users.${config.custom.username}.extraGroups = [ "input" ];

     

       9
       9

+2 -2

modules/personal/nix-index.nix

···

       1
       1
        
       { pkgs, config, lib, ... }:

     

       2
       2
        
       

     

       3
       3
       -
       let cfg = config.personal; in

     

       4
       4
       -
       {

     

       3
       3
       +
       let cfg = config.personal;

     

       4
       4
       +
       in {

     

       5
       5
        
         config = lib.mkIf cfg.enable {

     

       6
       6
        
           environment.systemPackages = [ pkgs.nix-index ];

     

       7
       7
        
           programs.command-not-found.enable = false;

+38 -43

modules/personal/nvim/default.nix

···

       1
       1
        
       { pkgs, config, lib, ... }:

     

       2
       2
        
       

     

       3
       3
       -
       let cfg = config.personal; in

     

       4
       4
       -
       let

     

       5
       5
       -
         obsidian-nvim =

     

       6
       6
       -
           (pkgs.vimUtils.buildVimPlugin {

     

       7
       7
       -
             pname = "obsidian.nvim";

     

       8
       8
       -
             version = "2.6.0";

     

       9
       9
       -
             src = pkgs.fetchFromGitHub {

     

       10
       10
       -
               owner = "epwalsh";

     

       11
       11
       -
               repo = "obsidian.nvim";

     

       12
       12
       -
               rev = "v2.6.0";

     

       13
       13
       -
               sha256 = "sha256-+w3XYoobuH17oinPfQxhrizbmQB5IbbulUK69674/Wg=";

     

       14
       14
       -
             };

     

       15
       15
       -
           });

     

       16
       16
       -
         ltex-ls-nvim =

     

       17
       17
       -
           (pkgs.vimUtils.buildVimPlugin {

     

       18
       18
       -
             pname = "ltex-ls.nvim";

     

       19
       19
       -
             version = "2.6.0";

     

       20
       20
       -
             src = pkgs.fetchFromGitHub {

     

       21
       21
       -
               owner = "vigoux";

     

       22
       22
       -
               repo = "ltex-ls.nvim";

     

       23
       23
       -
               rev = "c8139ea6b7f3d71adcff121e16ee8726037ffebd";

     

       24
       24
       -
               sha256 = "sha256-jY3ALr6h88xnWN2QdKe3R0vvRcSNhFWDW56b2NvnTCs=";

     

       25
       25
       -
             };

     

       26
       26
       -
           });

     

       27
       27
       -
       in

     

       28
       28
       -
       {

     

       3
       3
       +
       let cfg = config.personal;

     

       4
       4
       +
       in let

     

       5
       5
       +
         obsidian-nvim = (pkgs.vimUtils.buildVimPlugin {

     

       6
       6
       +
           pname = "obsidian.nvim";

     

       7
       7
       +
           version = "2.6.0";

     

       8
       8
       +
           src = pkgs.fetchFromGitHub {

     

       9
       9
       +
             owner = "epwalsh";

     

       10
       10
       +
             repo = "obsidian.nvim";

     

       11
       11
       +
             rev = "v2.6.0";

     

       12
       12
       +
             sha256 = "sha256-+w3XYoobuH17oinPfQxhrizbmQB5IbbulUK69674/Wg=";

     

       13
       13
       +
           };

     

       14
       14
       +
         });

     

       15
       15
       +
         ltex-ls-nvim = (pkgs.vimUtils.buildVimPlugin {

     

       16
       16
       +
           pname = "ltex-ls.nvim";

     

       17
       17
       +
           version = "2.6.0";

     

       18
       18
       +
           src = pkgs.fetchFromGitHub {

     

       19
       19
       +
             owner = "vigoux";

     

       20
       20
       +
             repo = "ltex-ls.nvim";

     

       21
       21
       +
             rev = "c8139ea6b7f3d71adcff121e16ee8726037ffebd";

     

       22
       22
       +
             sha256 = "sha256-jY3ALr6h88xnWN2QdKe3R0vvRcSNhFWDW56b2NvnTCs=";

     

       23
       23
       +
           };

     

       24
       24
       +
         });

     

       25
       25
       +
       in {

     

       29
       26
        
         options.personal.nvim-lsps = lib.mkEnableOption "nvim-lsps";

     

       30
       27
        
       

     

       31
       28
        
         config = lib.mkIf cfg.enable {

     

       32
       32
       -
           environment.systemPackages = with pkgs; [

     

       33
       33
       -
             ripgrep

     

       34
       34
       -
             nixd

     

       35
       35
       -
           ] ++ lib.lists.optionals cfg.nvim-lsps [

     

       36
       36
       -
             alejandra

     

       37
       37
       -
             # stop complaining when launching but a devshell is better

     

       38
       38
       -
             ocamlPackages.ocaml-lsp

     

       39
       39
       -
             ocamlPackages.ocamlformat

     

       40
       40
       -
             lua-language-server

     

       41
       41
       -
             pyright

     

       42
       42
       -
             black

     

       43
       43
       -
             ltex-ls

     

       44
       44
       -
             jdt-language-server

     

       45
       45
       -
             nodejs_18

     

       46
       46
       -
             clang-tools

     

       47
       47
       -
             typst-lsp

     

       48
       48
       -
           ];

     

       29
       29
       +
           environment.systemPackages = with pkgs;

     

       30
       30
       +
             [ ripgrep nixd ] ++ lib.lists.optionals cfg.nvim-lsps [

     

       31
       31
       +
               nixfmt

     

       32
       32
       +
               # stop complaining when launching but a devshell is better

     

       33
       33
       +
               ocamlPackages.ocaml-lsp

     

       34
       34
       +
               ocamlPackages.ocamlformat

     

       35
       35
       +
               lua-language-server

     

       36
       36
       +
               pyright

     

       37
       37
       +
               black

     

       38
       38
       +
               ltex-ls

     

       39
       39
       +
               jdt-language-server

     

       40
       40
       +
               nodejs_18

     

       41
       41
       +
               clang-tools

     

       42
       42
       +
               typst-lsp

     

       43
       43
       +
             ];

     

       49
       44
        
           programs.neovim = {

     

       50
       45
        
             enable = true;

     

       51
       46
        
             viAlias = true;

+3 -3

modules/personal/ocaml.nix

···

       1
       1
        
       { pkgs, config, lib, ... }:

     

       2
       2
        
       

     

       3
       3
       -
       let cfg = config.personal; in

     

       4
       4
       -
       {

     

       3
       3
       +
       let cfg = config.personal;

     

       4
       4
       +
       in {

     

       5
       5
        
         options.personal.ocaml = lib.mkEnableOption "ocaml";

     

       6
       6
       -
         

     

       6
       6
       +
       

     

       7
       7
        
         config = lib.mkIf cfg.ocaml {

     

       8
       8
        
           environment.systemPackages = with pkgs; [

     

       9
       9
        
             ocaml

+3 -3

modules/personal/printing.nix

···

       1
       1
        
       { config, lib, ... }:

     

       2
       2
        
       

     

       3
       3
       -
       let cfg = config.personal; in

     

       4
       4
       -
       {

     

       3
       3
       +
       let cfg = config.personal;

     

       4
       4
       +
       in {

     

       5
       5
        
         options.personal.printing = lib.mkEnableOption "printing";

     

       6
       6
       -
         

     

       6
       6
       +
       

     

       7
       7
        
         config = lib.mkIf cfg.printing {

     

       8
       8
        
           networking.firewall = {

     

       9
       9
        
             allowedTCPPorts = [ 631 ];

+2 -2

modules/personal/scripts.nix

···

       1
       1
        
       { config, lib, ... }:

     

       2
       2
        
       

     

       3
       3
       -
       let cfg = config.personal; in

     

       4
       4
       -
       {

     

       3
       3
       +
       let cfg = config.personal;

     

       4
       4
       +
       in {

     

       5
       5
        
         config = lib.mkIf cfg.enable {

     

       6
       6
        
           environment.interactiveShellInit = "export PATH=$PATH:/etc/nixos/scripts";

     

       7
       7
        
         };

+4 -6

modules/personal/shell.nix

···

       1
       1
        
       { config, lib, ... }:

     

       2
       2
        
       

     

       3
       3
       -
       let cfg = config.personal; in

     

       4
       4
       -
       {

     

       3
       3
       +
       let cfg = config.personal;

     

       4
       4
       +
       in {

     

       5
       5
        
         options.personal.machineColour = lib.mkOption {

     

       6
       6
        
           type = lib.types.str;

     

       7
       7
        
           default = "cyan";

     

       8
       8
        
         };

     

       9
       9
       -
         

     

       9
       9
       +
       

     

       10
       10
        
         config = lib.mkIf cfg.enable {

     

       11
       11
        
           programs.zsh = {

     

       12
       12
        
             enable = true;

     
···

       15
       15
        
               enable = true;

     

       16
       16
        
               highlightStyle = "fg=5";

     

       17
       17
        
             };

     

       18
       18
       -
             syntaxHighlighting = {

     

       19
       19
       -
               enable = true;

     

       20
       20
       -
             };

     

       18
       18
       +
             syntaxHighlighting = { enable = true; };

     

       21
       19
        
             autosuggestions.strategy = [ "match_prev_cmd" "completion" "history" ];

     

       22
       20
        
             promptInit = ''

     

       23
       21
        
               PROMPT='%(?..%F{red}%3?%f )%F{${config.personal.machineColour}}%n@%m%f:%~ %#'$'\n'

+4 -3

modules/personal/ssh.nix

···

       1
       1
        
       { pkgs, config, lib, ... }:

     

       2
       2
        
       

     

       3
       3
       -
       let cfg = config.personal; in

     

       4
       4
       -
       {

     

       3
       3
       +
       let cfg = config.personal;

     

       4
       4
       +
       in {

     

       5
       5
        
         config = lib.mkIf cfg.enable {

     

       6
       6
        
           users.mutableUsers = false;

     

       7
       7
       -
           users.users.${config.custom.username}.openssh.authorizedKeys.keyFiles = [ ./authorized_keys ];

     

       7
       7
       +
           users.users.${config.custom.username}.openssh.authorizedKeys.keyFiles =

     

       8
       8
       +
             [ ./authorized_keys ];

     

       8
       9
        
           users.users.root.openssh.authorizedKeys.keyFiles = [ ./authorized_keys ];

     

       9
       10
        
       

     

       10
       11
        
           programs.mosh.enable = true;

+2 -2

modules/personal/tailscale.nix

···

       2
       2
        
       

     

       3
       3
        
       with lib;

     

       4
       4
        
       

     

       5
       5
       -
       let cfg = config.personal; in

     

       6
       6
       -
       {

     

       5
       5
       +
       let cfg = config.personal;

     

       6
       6
       +
       in {

     

       7
       7
        
         options.personal.tailscale = mkEnableOption "tailscale";

     

       8
       8
        
       

     

       9
       9
        
         config = lib.mkIf cfg.tailscale {

+2 -2

modules/personal/wireguard-hosts.nix

···

       1
       1
        
       { config, lib, ... }:

     

       2
       2
        
       

     

       3
       3
       -
       let cfg = config.personal; in

     

       4
       4
       -
       {

     

       3
       3
       +
       let cfg = config.personal;

     

       4
       4
       +
       in {

     

       5
       5
        
         config.wireguard.hosts = lib.mkIf cfg.enable {

     

       6
       6
        
           "vps" = {

     

       7
       7
        
             ip = "10.0.0.1";

+180 -183

nix-on-droid/default.nix

···

       54
       54
        
       

     

       55
       55
        
         home-manager = {

     

       56
       56
        
           useGlobalPkgs = true;

     

       57
       57
       -
           config =

     

       58
       58
       -
             { pkgs, lib, ... }:

     

       59
       59
       -
             {

     

       60
       60
       -
               # Use the same overlays as the system packages

     

       61
       61
       -
               nixpkgs = { inherit (config.nixpkgs) overlays; };

     

       57
       57
       +
           config = { pkgs, lib, ... }: {

     

       58
       58
       +
             # Use the same overlays as the system packages

     

       59
       59
       +
             nixpkgs = { inherit (config.nixpkgs) overlays; };

     

       62
       60
        
       

     

       63
       63
       -
               nix = {

     

       64
       64
       -
                 package = pkgs.nix;

     

       65
       65
       -
                 settings.experimental-features = [ "nix-command" "flakes" ];

     

       66
       66
       -
               };

     

       67
       67
       -
       

     

       68
       68
       -
               # https://github.com/nix-community/nix-on-droid/issues/185

     

       69
       69
       -
               home.shellAliases = {

     

       70
       70
       -
                 sshd =

     

       71
       71
       -
                   let config = pkgs.writeText "sshd_config" ''

     

       72
       72
       -
                     HostKey /data/data/com.termux.nix/files/home/.ssh/id_ed25519

     

       73
       73
       -
                     Port 9022

     

       74
       74
       -
                   '';

     

       75
       75
       -
                   in "$(readlink $(whereis sshd)) -f ${config}";

     

       76
       76
       -
                 ping = "/android/system/bin/linker64 /android/system/bin/ping";

     

       77
       77
       -
               };

     

       61
       61
       +
             nix = {

     

       62
       62
       +
               package = pkgs.nix;

     

       63
       63
       +
               settings.experimental-features = [ "nix-command" "flakes" ];

     

       64
       64
       +
             };

     

       78
       65
        
       

     

       79
       79
       -
               programs.zsh = {

     

       80
       80
       -
                 enable = true;

     

       81
       81
       -
                 history.size = 100000;

     

       82
       82
       -
                 enableAutosuggestions = true;

     

       83
       83
       -
                 syntaxHighlighting.enable = true;

     

       84
       84
       -
                 initExtraFirst = ''

     

       85
       85
       -
                   export ZSH_AUTOSUGGEST_STRATEGY=(match_prev_cmd completion history)

     

       86
       86
       -
                   export ZSH_AUTOSUGGEST_HIGHLIGHT_STYLE="fg=5"

     

       87
       87
       -
                   PROMPT='%(?..%F{red}%3?%f )%F{blue}%n@%m%f:%~ %#'$'\n'

     

       66
       66
       +
             # https://github.com/nix-community/nix-on-droid/issues/185

     

       67
       67
       +
             home.shellAliases = {

     

       68
       68
       +
               sshd = let

     

       69
       69
       +
                 config = pkgs.writeText "sshd_config" ''

     

       70
       70
       +
                   HostKey /data/data/com.termux.nix/files/home/.ssh/id_ed25519

     

       71
       71
       +
                   Port 9022

     

       88
       72
        
                 '';

     

       89
       89
       -
                 initExtra = builtins.readFile ../modules/personal/zsh.cfg + ''

     

       90
       90
       -
                   bindkey "^[[A" up-line-or-beginning-search

     

       91
       91
       -
                   bindkey "^[[B" down-line-or-beginning-search

     

       92
       92
       -
                 '';

     

       93
       93
       -
               };

     

       73
       73
       +
               in "$(readlink $(whereis sshd)) -f ${config}";

     

       74
       74
       +
               ping = "/android/system/bin/linker64 /android/system/bin/ping";

     

       75
       75
       +
             };

     

       94
       76
        
       

     

       95
       95
       -
               programs.git = {

     

       96
       96
       -
                 enable = true;

     

       97
       97
       -
                 userEmail = "ryan@$freumh.org";

     

       98
       98
       -
                 userName = "Ryan Gibb";

     

       99
       99
       -
                 aliases = {

     

       100
       100
       -
                   s = "status";

     

       101
       101
       -
                   c = "commit";

     

       102
       102
       -
                   cm = "commit --message";

     

       103
       103
       -
                   ca = "commit --amend";

     

       104
       104
       -
                   cu = "commit --message update";

     

       105
       105
       -
                   ci = "commit --message initial";

     

       106
       106
       -
                   br = "branch";

     

       107
       107
       -
                   co = "checkout";

     

       108
       108
       -
                   df = "diff";

     

       109
       109
       -
                   l = "log";

     

       110
       110
       -
                   lg = "log -p";

     

       111
       111
       -
                   lol = "log --graph --decorate --pretty=oneline --abbrev-commit";

     

       112
       112
       -
                   lola = "log --graph --decorate --pretty=oneline --abbrev-commit --all";

     

       113
       113
       -
                   ls = "ls-files";

     

       114
       114
       -
                   a = "add";

     

       115
       115
       -
                   aa = "add --all";

     

       116
       116
       -
                   au = "add -u";

     

       117
       117
       -
                   ap = "add --patch";

     

       118
       118
       -
                   ps = "push";

     

       119
       119
       -
                   pf = "push --force";

     

       120
       120
       -
                   pu = "push --set-upstream";

     

       121
       121
       -
                   pl = "pull";

     

       122
       122
       -
                   pr = "pull --rebase";

     

       123
       123
       -
                   acp = "!git add --all && git commit --message update && git push";

     

       124
       124
       -
                 };

     

       77
       77
       +
             programs.zsh = {

     

       78
       78
       +
               enable = true;

     

       79
       79
       +
               history.size = 100000;

     

       80
       80
       +
               enableAutosuggestions = true;

     

       81
       81
       +
               syntaxHighlighting.enable = true;

     

       82
       82
       +
               initExtraFirst = ''

     

       83
       83
       +
                 export ZSH_AUTOSUGGEST_STRATEGY=(match_prev_cmd completion history)

     

       84
       84
       +
                 export ZSH_AUTOSUGGEST_HIGHLIGHT_STYLE="fg=5"

     

       85
       85
       +
                 PROMPT='%(?..%F{red}%3?%f )%F{blue}%n@%m%f:%~ %#'$'\n'

     

       86
       86
       +
               '';

     

       87
       87
       +
               initExtra = builtins.readFile ../modules/personal/zsh.cfg + ''

     

       88
       88
       +
                 bindkey "^[[A" up-line-or-beginning-search

     

       89
       89
       +
                 bindkey "^[[B" down-line-or-beginning-search

     

       90
       90
       +
               '';

     

       91
       91
       +
             };

     

       92
       92
       +
       

     

       93
       93
       +
             programs.git = {

     

       94
       94
       +
               enable = true;

     

       95
       95
       +
               userEmail = "ryan@$freumh.org";

     

       96
       96
       +
               userName = "Ryan Gibb";

     

       97
       97
       +
               aliases = {

     

       98
       98
       +
                 s = "status";

     

       99
       99
       +
                 c = "commit";

     

       100
       100
       +
                 cm = "commit --message";

     

       101
       101
       +
                 ca = "commit --amend";

     

       102
       102
       +
                 cu = "commit --message update";

     

       103
       103
       +
                 ci = "commit --message initial";

     

       104
       104
       +
                 br = "branch";

     

       105
       105
       +
                 co = "checkout";

     

       106
       106
       +
                 df = "diff";

     

       107
       107
       +
                 l = "log";

     

       108
       108
       +
                 lg = "log -p";

     

       109
       109
       +
                 lol = "log --graph --decorate --pretty=oneline --abbrev-commit";

     

       110
       110
       +
                 lola =

     

       111
       111
       +
                   "log --graph --decorate --pretty=oneline --abbrev-commit --all";

     

       112
       112
       +
                 ls = "ls-files";

     

       113
       113
       +
                 a = "add";

     

       114
       114
       +
                 aa = "add --all";

     

       115
       115
       +
                 au = "add -u";

     

       116
       116
       +
                 ap = "add --patch";

     

       117
       117
       +
                 ps = "push";

     

       118
       118
       +
                 pf = "push --force";

     

       119
       119
       +
                 pu = "push --set-upstream";

     

       120
       120
       +
                 pl = "pull";

     

       121
       121
       +
                 pr = "pull --rebase";

     

       122
       122
       +
                 acp = "!git add --all && git commit --message update && git push";

     

       125
       123
        
               };

     

       124
       124
       +
             };

     

       126
       125
        
       

     

       127
       127
       -
               programs.neovim = {

     

       128
       128
       -
                 enable = true;

     

       129
       129
       -
                 viAlias = true;

     

       130
       130
       -
                 vimAlias = true;

     

       131
       131
       -
                 extraPackages = with pkgs; [

     

       132
       132
       -
                   ripgrep

     

       133
       133
       -
                   nixd

     

       134
       134
       -
                   alejandra

     

       135
       135
       -
                   # stop complaining when launching but a devshell is better

     

       136
       136
       -
                   #ocamlPackages.ocaml-lsp

     

       137
       137
       -
                   #ocamlPackages.ocamlformat

     

       138
       138
       -
                   marksman

     

       139
       139
       -
                   lua-language-server

     

       140
       140
       -
                   #pyright

     

       141
       141
       -
                   #black

     

       142
       142
       -
                   ltex-ls

     

       143
       143
       -
                 ];

     

       144
       144
       -
                 extraLuaConfig = builtins.readFile ../modules/personal/nvim/nvim.lua;

     

       145
       145
       -
                   # undo transparent background

     

       146
       146
       -
                   # + "colorscheme gruvbox";

     

       147
       147
       -
                 plugins = let

     

       148
       148
       -
                     obsidian-nvim =

     

       149
       149
       -
                     (pkgs.vimUtils.buildVimPlugin {

     

       150
       150
       -
                       pname = "obsidian.nvim";

     

       151
       151
       -
                       version = "2.6.0";

     

       152
       152
       -
                       src = pkgs.fetchFromGitHub {

     

       153
       153
       -
                         owner = "epwalsh";

     

       154
       154
       -
                         repo = "obsidian.nvim";

     

       155
       155
       -
                         rev = "v2.6.0";

     

       156
       156
       -
                         sha256 = "sha256-+w3XYoobuH17oinPfQxhrizbmQB5IbbulUK69674/Wg=";

     

       157
       157
       -
                       };

     

       158
       158
       -
                     });

     

       159
       159
       -
                     ltex-ls-nvim =

     

       160
       160
       -
                       (pkgs.vimUtils.buildVimPlugin {

     

       161
       161
       -
                         pname = "ltex-ls.nvim";

     

       162
       162
       -
                         version = "2.6.0";

     

       163
       163
       -
                         src = pkgs.fetchFromGitHub {

     

       164
       164
       -
                           owner = "vigoux";

     

       165
       165
       -
                           repo = "ltex-ls.nvim";

     

       166
       166
       -
                           rev = "c8139ea6b7f3d71adcff121e16ee8726037ffebd";

     

       167
       167
       -
                           sha256 = "sha256-jY3ALr6h88xnWN2QdKe3R0vvRcSNhFWDW56b2NvnTCs=";

     

       168
       168
       -
                         };

     

       169
       169
       -
                       });

     

       170
       170
       -
                 in with pkgs.vimPlugins; [

     

       171
       171
       -
                   gruvbox-nvim

     

       126
       126
       +
             programs.neovim = {

     

       127
       127
       +
               enable = true;

     

       128
       128
       +
               viAlias = true;

     

       129
       129
       +
               vimAlias = true;

     

       130
       130
       +
               extraPackages = with pkgs; [

     

       131
       131
       +
                 ripgrep

     

       132
       132
       +
                 nixd

     

       133
       133
       +
                 alejandra

     

       134
       134
       +
                 # stop complaining when launching but a devshell is better

     

       135
       135
       +
                 #ocamlPackages.ocaml-lsp

     

       136
       136
       +
                 #ocamlPackages.ocamlformat

     

       137
       137
       +
                 marksman

     

       138
       138
       +
                 lua-language-server

     

       139
       139
       +
                 #pyright

     

       140
       140
       +
                 #black

     

       141
       141
       +
                 ltex-ls

     

       142
       142
       +
               ];

     

       143
       143
       +
               extraLuaConfig = builtins.readFile ../modules/personal/nvim/nvim.lua;

     

       144
       144
       +
               # undo transparent background

     

       145
       145
       +
               # + "colorscheme gruvbox";

     

       146
       146
       +
               plugins = let

     

       147
       147
       +
                 obsidian-nvim = (pkgs.vimUtils.buildVimPlugin {

     

       148
       148
       +
                   pname = "obsidian.nvim";

     

       149
       149
       +
                   version = "2.6.0";

     

       150
       150
       +
                   src = pkgs.fetchFromGitHub {

     

       151
       151
       +
                     owner = "epwalsh";

     

       152
       152
       +
                     repo = "obsidian.nvim";

     

       153
       153
       +
                     rev = "v2.6.0";

     

       154
       154
       +
                     sha256 = "sha256-+w3XYoobuH17oinPfQxhrizbmQB5IbbulUK69674/Wg=";

     

       155
       155
       +
                   };

     

       156
       156
       +
                 });

     

       157
       157
       +
                 ltex-ls-nvim = (pkgs.vimUtils.buildVimPlugin {

     

       158
       158
       +
                   pname = "ltex-ls.nvim";

     

       159
       159
       +
                   version = "2.6.0";

     

       160
       160
       +
                   src = pkgs.fetchFromGitHub {

     

       161
       161
       +
                     owner = "vigoux";

     

       162
       162
       +
                     repo = "ltex-ls.nvim";

     

       163
       163
       +
                     rev = "c8139ea6b7f3d71adcff121e16ee8726037ffebd";

     

       164
       164
       +
                     sha256 = "sha256-jY3ALr6h88xnWN2QdKe3R0vvRcSNhFWDW56b2NvnTCs=";

     

       165
       165
       +
                   };

     

       166
       166
       +
                 });

     

       167
       167
       +
               in with pkgs.vimPlugins; [

     

       168
       168
       +
                 gruvbox-nvim

     

       172
       169
        
       

     

       173
       173
       -
                   telescope-nvim

     

       174
       174
       -
                   telescope-fzf-native-nvim

     

       175
       175
       -
                   trouble-nvim

     

       170
       170
       +
                 telescope-nvim

     

       171
       171
       +
                 telescope-fzf-native-nvim

     

       172
       172
       +
                 trouble-nvim

     

       176
       173
        
       

     

       177
       177
       -
                   obsidian-nvim

     

       178
       178
       -
                   plenary-nvim

     

       179
       179
       -
                   pkgs.ripgrep

     

       174
       174
       +
                 obsidian-nvim

     

       175
       175
       +
                 plenary-nvim

     

       176
       176
       +
                 pkgs.ripgrep

     

       180
       177
        
       

     

       181
       181
       -
                   {

     

       182
       182
       -
                     plugin = nvim-lspconfig;

     

       183
       183
       -
                     runtime = let

     

       184
       184
       -
                       ml-style = ''

     

       185
       185
       -
                         setlocal expandtab

     

       186
       186
       -
                         setlocal shiftwidth=2

     

       187
       187
       -
                         setlocal tabstop=2

     

       188
       188
       -
                         setlocal softtabstop=2

     

       189
       189
       -
                       '';

     

       190
       190
       -
                     in {

     

       191
       191
       -
                       "ftplugin/mail.vim".text = ''

     

       192
       192
       -
                         let b:did_ftplugin = 1

     

       193
       193
       -
                       '';

     

       194
       194
       -
                       "ftplugin/nix.vim".text = ml-style;

     

       195
       195
       -
                       "ftplugin/ocaml.vim".text = ml-style;

     

       196
       196
       -
                       "after/ftplugin/markdown.vim".text = ''

     

       197
       197
       -
                         set com-=fb:-

     

       198
       198
       -
                         set com+=b:-

     

       199
       199
       -
                         set formatoptions+=ro

     

       200
       200
       -
                       '';

     

       201
       201
       -
                     };

     

       202
       202
       -
                   }

     

       178
       178
       +
                 {

     

       179
       179
       +
                   plugin = nvim-lspconfig;

     

       180
       180
       +
                   runtime = let

     

       181
       181
       +
                     ml-style = ''

     

       182
       182
       +
                       setlocal expandtab

     

       183
       183
       +
                       setlocal shiftwidth=2

     

       184
       184
       +
                       setlocal tabstop=2

     

       185
       185
       +
                       setlocal softtabstop=2

     

       186
       186
       +
                     '';

     

       187
       187
       +
                   in {

     

       188
       188
       +
                     "ftplugin/mail.vim".text = ''

     

       189
       189
       +
                       let b:did_ftplugin = 1

     

       190
       190
       +
                     '';

     

       191
       191
       +
                     "ftplugin/nix.vim".text = ml-style;

     

       192
       192
       +
                     "ftplugin/ocaml.vim".text = ml-style;

     

       193
       193
       +
                     "after/ftplugin/markdown.vim".text = ''

     

       194
       194
       +
                       set com-=fb:-

     

       195
       195
       +
                       set com+=b:-

     

       196
       196
       +
                       set formatoptions+=ro

     

       197
       197
       +
                     '';

     

       198
       198
       +
                   };

     

       199
       199
       +
                 }

     

       203
       200
        
       

     

       204
       204
       -
                   cmp-nvim-lsp

     

       205
       205
       -
                   cmp-nvim-lsp-signature-help

     

       206
       206
       -
                   cmp-path

     

       207
       207
       -
                   cmp-buffer

     

       208
       208
       -
                   cmp-cmdline

     

       209
       209
       -
                   cmp-spell

     

       210
       210
       -
                   luasnip

     

       211
       211
       -
                   nvim-cmp

     

       201
       201
       +
                 cmp-nvim-lsp

     

       202
       202
       +
                 cmp-nvim-lsp-signature-help

     

       203
       203
       +
                 cmp-path

     

       204
       204
       +
                 cmp-buffer

     

       205
       205
       +
                 cmp-cmdline

     

       206
       206
       +
                 cmp-spell

     

       207
       207
       +
                 luasnip

     

       208
       208
       +
                 nvim-cmp

     

       212
       209
        
       

     

       213
       213
       -
                   vimtex

     

       214
       214
       -
                   nvim-surround

     

       215
       215
       -
                   comment-nvim

     

       210
       210
       +
                 vimtex

     

       211
       211
       +
                 nvim-surround

     

       212
       212
       +
                 comment-nvim

     

       216
       213
        
       

     

       217
       217
       -
                   ltex-ls-nvim

     

       218
       218
       -
                   nvim-jdtls

     

       219
       219
       -
                   # TODO nvim-dap

     

       214
       214
       +
                 ltex-ls-nvim

     

       215
       215
       +
                 nvim-jdtls

     

       216
       216
       +
                 # TODO nvim-dap

     

       220
       217
        
       

     

       221
       221
       -
                   copilot-vim

     

       222
       222
       -
                 ];

     

       223
       223
       -
               };

     

       224
       224
       -
       

     

       225
       225
       -
               programs.tmux = {

     

       226
       226
       -
                 enable = true;

     

       227
       227
       -
                 extraConfig = ''

     

       228
       228
       -
                   set-window-option -g mode-keys vi

     

       229
       229
       -
                   set-option -g mouse on

     

       230
       230
       -
                   set-option -g set-titles on

     

       231
       231
       -
                   set-option -g set-titles-string "#T"

     

       232
       232
       -
                   bind-key t capture-pane -S -\; new-window '(tmux show-buffer; tmux delete-buffer) | nvim -c $'

     

       233
       233
       -
                   bind-key u capture-pane\; new-window '(tmux show-buffer; tmux delete-buffer) | ${pkgs.urlview}/bin/urlview'

     

       234
       234
       -
                   # Fixes C-Up/Down in TUIs

     

       235
       235
       -
                   set-option default-terminal tmux

     

       236
       236
       -
                   # https://stackoverflow.com/questions/62182401/neovim-screen-lagging-when-switching-mode-from-insert-to-normal

     

       237
       237
       -
                   set -s escape-time 0

     

       238
       238
       -
                   set -g lock-command vlock

     

       239
       239
       -
                   set -g lock-after-time 0 # Seconds; 0 = never

     

       240
       240
       -
                   bind L lock-session

     

       241
       241
       -
                 '';

     

       242
       242
       -
               };

     

       218
       218
       +
                 copilot-vim

     

       219
       219
       +
               ];

     

       220
       220
       +
             };

     

       243
       221
        
       

     

       244
       244
       -
               home.file = {

     

       245
       245
       -
                 ".ssh/authorized_keys".source = ../modules/personal/authorized_keys;

     

       246
       246
       -
               };

     

       222
       222
       +
             programs.tmux = {

     

       223
       223
       +
               enable = true;

     

       224
       224
       +
               extraConfig = ''

     

       225
       225
       +
                 set-window-option -g mode-keys vi

     

       226
       226
       +
                 set-option -g mouse on

     

       227
       227
       +
                 set-option -g set-titles on

     

       228
       228
       +
                 set-option -g set-titles-string "#T"

     

       229
       229
       +
                 bind-key t capture-pane -S -\; new-window '(tmux show-buffer; tmux delete-buffer) | nvim -c $'

     

       230
       230
       +
                 bind-key u capture-pane\; new-window '(tmux show-buffer; tmux delete-buffer) | ${pkgs.urlview}/bin/urlview'

     

       231
       231
       +
                 # Fixes C-Up/Down in TUIs

     

       232
       232
       +
                 set-option default-terminal tmux

     

       233
       233
       +
                 # https://stackoverflow.com/questions/62182401/neovim-screen-lagging-when-switching-mode-from-insert-to-normal

     

       234
       234
       +
                 set -s escape-time 0

     

       235
       235
       +
                 set -g lock-command vlock

     

       236
       236
       +
                 set -g lock-after-time 0 # Seconds; 0 = never

     

       237
       237
       +
                 bind L lock-session

     

       238
       238
       +
               '';

     

       239
       239
       +
             };

     

       247
       240
        
       

     

       248
       248
       -
               programs.ssh = {

     

       249
       249
       -
                 enable = true;

     

       250
       250
       -
                 extraConfig = ''

     

       251
       251
       -
                   User ryan

     

       252
       252
       -
                 '';

     

       253
       253
       -
               };

     

       241
       241
       +
             home.file = {

     

       242
       242
       +
               ".ssh/authorized_keys".source = ../modules/personal/authorized_keys;

     

       243
       243
       +
             };

     

       254
       244
        
       

     

       255
       255
       -
               home.stateVersion = "22.05";

     

       245
       245
       +
             programs.ssh = {

     

       246
       246
       +
               enable = true;

     

       247
       247
       +
               extraConfig = ''

     

       248
       248
       +
                 User ryan

     

       249
       249
       +
               '';

     

       256
       250
        
             };

     

       251
       251
       +
       

     

       252
       252
       +
             home.stateVersion = "22.05";

     

       253
       253
       +
           };

     

       257
       254
        
         };

     

       258
       255
        
         system.stateVersion = "22.05";

     

       259
       256
        
       }

+4 -13

pkgs/cctk/default.nix

···

       1
       1
       -
       {

     

       2
       2
       -
         stdenv,

     

       3
       3
       -
         lib,

     

       4
       4
       -
         fetchurl,

     

       5
       5
       -
         dpkg,

     

       6
       6
       -
         autoPatchelfHook,

     

       7
       7
       -
         patchelf,

     

       8
       8
       -
         openssl,

     

       9
       9
       -
       }:

     

       1
       1
       +
       { stdenv, lib, fetchurl, dpkg, autoPatchelfHook, patchelf, openssl, }:

     

       10
       2
        
       

     

       11
       3
        
       # Use techniques described in https://web.archive.org/web/20220904051329/https://tapesoftware.net/replace-symbol/

     

       12
       4
        
       # Uses patchelf-raphi to do this

     
···

       23
       15
        
         unpacked = stdenv.mkDerivation rec {

     

       24
       16
        
           inherit version;

     

       25
       17
        
           pname = "dell-command-configure-unpacked";

     

       26
       26
       -
         

     

       18
       18
       +
       

     

       27
       19
        
           src = fetchurl {

     

       28
       20
        
             url =

     

       29
       21
        
               "https://dl.dell.com/FOLDER08911312M/1/command-configure_${version}.ubuntu20_amd64.tar.gz";

     
···

       33
       25
        
           };

     

       34
       26
        
       

     

       35
       27
        
           dontBuild = true;

     

       36
       36
       -
         

     

       28
       28
       +
       

     

       37
       29
        
           nativeBuildInputs = [ dpkg ];

     

       38
       38
       -
         

     

       30
       30
       +
       

     

       39
       31
        
           unpackPhase = ''

     

       40
       32
        
             tar -xzf ${src}

     

       41
       33
        
             dpkg-deb -x command-configure_${version}.ubuntu20_amd64.deb command-configure

     
···

       47
       39
        
             cp -r . $out

     

       48
       40
        
           '';

     

       49
       41
        
         };

     

       50
       50
       -
       

     

       51
       42
        
       

     

       52
       43
        
         # Contains a fopen() wrapper for finding the firmware package

     

       53
       44
        
         wrapperLibName = "wrapper-lib.so";

+3 -5

pkgs/maildir-rank-addr.nix

···

       1
       1
       -
       { lib

     

       2
       2
       -
       , buildGoModule

     

       3
       3
       -
       , fetchFromGitHub

     

       4
       4
       -
       }:

     

       1
       1
       +
       { lib, buildGoModule, fetchFromGitHub }:

     

       5
       2
        
       

     

       6
       3
        
       buildGoModule rec {

     

       7
       4
        
         pname = "maildir-rank-addr";

     
···

       17
       14
        
         vendorHash = "sha256-Mqx938j8LwM+bDnrK3V46FFy86JbVoh9Zxr/CA/egk8=";

     

       18
       15
        
       

     

       19
       16
        
         meta = with lib; {

     

       20
       20
       -
           description = "Creates a ranked list of email addresses from maildir folders";

     

       17
       17
       +
           description =

     

       18
       18
       +
             "Creates a ranked list of email addresses from maildir folders";

     

       21
       19
        
           homepage = "https://github.com/ferdinandyb/maildir-rank-addr/";

     

       22
       20
        
           maintainers = with maintainers; [ ryangibb ];

     

       23
       21
        
           mainProgram = "maildir-rank-addr";

+3 -15

pkgs/mautrix-instagram.nix

···

       1
       1
        
       # https://gitlab.com/coffeetables/nix-matrix-appservices/-/blob/main/pkgs/mautrix-instagram/default.nix

     

       2
       2
       -
       { stdenv

     

       3
       3
       -
       , lib

     

       4
       4
       -
       , python3

     

       5
       5
       -
       , makeWrapper

     

       6
       6
       -
       , fetchFromGitHub

     

       7
       7
       -
       }:

     

       2
       2
       +
       { stdenv, lib, python3, makeWrapper, fetchFromGitHub }:

     

       8
       3
        
       

     

       9
       4
        
       with python3.pkgs;

     

       10
       5
        
       

     
···

       15
       10
        
           # sqlite driver is already shipped with python by default

     

       16
       11
        
         ];

     

       17
       12
        
       

     

       18
       18
       -
       in

     

       19
       19
       -
       

     

       20
       20
       -
       buildPythonApplication rec {

     

       13
       13
       +
       in buildPythonApplication rec {

     

       21
       14
        
         pname = "mautrix-instagram";

     

       22
       15
        
         version = "unstable-2021-11-15";

     

       23
       16
        
       

     
···

       58
       51
        
           setuptools

     

       59
       52
        
         ] ++ dbDrivers;

     

       60
       53
        
       

     

       61
       61
       -
         checkInputs = [

     

       62
       62
       -
           pytest

     

       63
       63
       -
           pytestrunner

     

       64
       64
       -
           pytest-mock

     

       65
       65
       -
           pytest-asyncio

     

       66
       66
       -
         ];

     

       54
       54
       +
         checkInputs = [ pytest pytestrunner pytest-mock pytest-asyncio ];

     

       67
       55
        
       

     

       68
       56
        
         doCheck = false;

     

       69
       57

+2 -1

pkgs/mautrix-meta.nix

···

       20
       20
        
       

     

       21
       21
        
         meta = with lib; {

     

       22
       22
        
           homepage = "https://github.com/mautrix/meta";

     

       23
       23
       -
           description = " A Matrix-Facebook Messenger and Instagram DM puppeting bridge.";

     

       23
       23
       +
           description =

     

       24
       24
       +
             " A Matrix-Facebook Messenger and Instagram DM puppeting bridge.";

     

       24
       25
        
           license = licenses.agpl3Plus;

     

       25
       26
        
           mainProgram = "mautrix-meta";

     

       26
       27
        
         };

+1 -8

pkgs/onevpl-intel-gpu.nix

···

       1
       1
        
       # https://github.com/NixOS/nixpkgs/pull/264621/

     

       2
       2
       -
       { lib

     

       3
       3
       -
       , stdenv

     

       4
       4
       -
       , fetchFromGitHub

     

       5
       5
       -
       , cmake

     

       6
       6
       -
       , pkg-config

     

       7
       7
       -
       , libdrm

     

       8
       8
       -
       , libva

     

       9
       9
       -
       }:

     

       2
       2
       +
       { lib, stdenv, fetchFromGitHub, cmake, pkg-config, libdrm, libva }:

     

       10
       3
        
       

     

       11
       4
        
       stdenv.mkDerivation rec {

     

       12
       5
        
         pname = "onevpl-intel-gpu";

+31 -34

pkgs/sway-im/package.nix

···

       1
       1
       -
       { lib, stdenv, fetchFromGitHub, fetchpatch, substituteAll, swaybg

     

       2
       2
       -
       , meson, ninja, pkg-config, wayland-scanner, scdoc

     

       3
       3
       -
       , libGL, wayland, libxkbcommon, pcre2, json_c, libevdev

     

       4
       4
       -
       , pango, cairo, libinput, gdk-pixbuf, librsvg

     

       5
       5
       -
       , wlroots, wayland-protocols, libdrm

     

       6
       6
       -
       , nixosTests

     

       1
       1
       +
       { lib, stdenv, fetchFromGitHub, fetchpatch, substituteAll, swaybg, meson, ninja

     

       2
       2
       +
       , pkg-config, wayland-scanner, scdoc, libGL, wayland, libxkbcommon, pcre2

     

       3
       3
       +
       , json_c, libevdev, pango, cairo, libinput, gdk-pixbuf, librsvg, wlroots

     

       4
       4
       +
       , wayland-protocols, libdrm, nixosTests

     

       7
       5
        
       # Used by the NixOS module:

     

       8
       8
       -
       , isNixOS ? false

     

       9
       9
       -
       , enableXWayland ? true, xorg

     

       6
       6
       +
       , isNixOS ? false, enableXWayland ? true, xorg

     

       10
       7
        
       , systemdSupport ? lib.meta.availableOn stdenv.hostPlatform systemd, systemd

     

       11
       11
       -
       , trayEnabled ? systemdSupport

     

       12
       12
       -
       }:

     

       8
       8
       +
       , trayEnabled ? systemdSupport }:

     

       13
       9
        
       

     

       14
       10
        
       stdenv.mkDerivation (finalAttrs: {

     

       15
       11
        
         pname = "sway-unwrapped";

     
···

       41
       37
        
         ];

     

       42
       38
        
       

     

       43
       39
        
         strictDeps = true;

     

       44
       44
       -
         depsBuildBuild = [

     

       45
       45
       -
           pkg-config

     

       46
       46
       -
         ];

     

       40
       40
       +
         depsBuildBuild = [ pkg-config ];

     

       47
       41
        
       

     

       48
       48
       -
         nativeBuildInputs = [

     

       49
       49
       -
           meson ninja pkg-config wayland-scanner scdoc

     

       50
       50
       -
         ];

     

       42
       42
       +
         nativeBuildInputs = [ meson ninja pkg-config wayland-scanner scdoc ];

     

       51
       43
        
       

     

       52
       44
        
         buildInputs = [

     

       53
       53
       -
           libGL wayland libxkbcommon pcre2 json_c libevdev

     

       54
       54
       -
           pango cairo libinput gdk-pixbuf librsvg

     

       55
       55
       -
           wayland-protocols libdrm

     

       45
       45
       +
           libGL

     

       46
       46
       +
           wayland

     

       47
       47
       +
           libxkbcommon

     

       48
       48
       +
           pcre2

     

       49
       49
       +
           json_c

     

       50
       50
       +
           libevdev

     

       51
       51
       +
           pango

     

       52
       52
       +
           cairo

     

       53
       53
       +
           libinput

     

       54
       54
       +
           gdk-pixbuf

     

       55
       55
       +
           librsvg

     

       56
       56
       +
           wayland-protocols

     

       57
       57
       +
           libdrm

     

       56
       58
        
           (wlroots.override { inherit (finalAttrs) enableXWayland; })

     

       57
       57
       -
         ] ++ lib.optionals finalAttrs.enableXWayland [

     

       58
       58
       -
           xorg.xcbutilwm

     

       59
       59
       -
         ];

     

       59
       59
       +
         ] ++ lib.optionals finalAttrs.enableXWayland [ xorg.xcbutilwm ];

     

       60
       60
        
       

     

       61
       61
        
         mesonFlags = let

     

       62
       62
        
           # The "sd-bus-provider" meson option does not include a "none" option,

     
···

       65
       65
        
           # changes: https://github.com/swaywm/sway/issues/6843#issuecomment-1047288761

     

       66
       66
        
           # assert trayEnabled -> systemdSupport && dbusSupport;

     

       67
       67
        
       

     

       68
       68
       -
           sd-bus-provider =  if systemdSupport then "libsystemd" else "basu";

     

       69
       69
       -
           in

     

       70
       70
       -
           [ "-Dsd-bus-provider=${sd-bus-provider}" ]

     

       71
       71
       -
           ++ [ "-Dwerror=false" ]

     

       72
       72
       -
           ++ lib.optional (!finalAttrs.enableXWayland) "-Dxwayland=disabled"

     

       73
       73
       -
           ++ lib.optional (!finalAttrs.trayEnabled)    "-Dtray=disabled"

     

       74
       74
       -
         ;

     

       68
       68
       +
           sd-bus-provider = if systemdSupport then "libsystemd" else "basu";

     

       69
       69
       +
         in [ "-Dsd-bus-provider=${sd-bus-provider}" ] ++ [ "-Dwerror=false" ]

     

       70
       70
       +
         ++ lib.optional (!finalAttrs.enableXWayland) "-Dxwayland=disabled"

     

       71
       71
       +
         ++ lib.optional (!finalAttrs.trayEnabled) "-Dtray=disabled";

     

       75
       72
        
       

     

       76
       73
        
         passthru.tests.basic = nixosTests.sway;

     

       77
       77
       -
         

     

       74
       74
       +
       

     

       78
       75
        
         meta = with lib; {

     

       79
       76
        
           description = "An i3-compatible tiling Wayland compositor";

     

       80
       77
        
           longDescription = ''

     
···

       86
       83
        
             maximizes the efficiency of your screen and can be quickly manipulated

     

       87
       84
        
             using only the keyboard.

     

       88
       85
        
           '';

     

       89
       89
       -
           homepage    = "https://swaywm.org";

     

       90
       90
       -
           changelog   = "https://github.com/swaywm/sway/releases/tag/${version}";

     

       91
       91
       -
           license     = licenses.mit;

     

       92
       92
       -
           platforms   = platforms.linux;

     

       86
       86
       +
           homepage = "https://swaywm.org";

     

       87
       87
       +
           changelog = "https://github.com/swaywm/sway/releases/tag/${version}";

     

       88
       88
       +
           license = licenses.mit;

     

       89
       89
       +
           platforms = platforms.linux;

     

       93
       90
        
           maintainers = with maintainers; [ primeos synthetica ];

     

       94
       91
        
           mainProgram = "sway";

     

       95
       92
        
         };

+9 -36

pkgs/wlroots/default.nix

···

       1
       1
       -
       { lib

     

       2
       2
       -
       , stdenv

     

       3
       3
       -
       , fetchFromGitLab

     

       4
       4
       -
       , fetchpatch

     

       5
       5
       -
       , meson

     

       6
       6
       -
       , ninja

     

       7
       7
       -
       , pkg-config

     

       8
       8
       -
       , wayland-scanner

     

       9
       9
       -
       , libGL

     

       10
       10
       -
       , wayland

     

       11
       11
       -
       , wayland-protocols

     

       12
       12
       -
       , libinput

     

       13
       13
       -
       , libxkbcommon

     

       14
       14
       -
       , pixman

     

       15
       15
       -
       , libcap

     

       16
       16
       -
       , mesa

     

       17
       17
       -
       , xorg

     

       18
       18
       -
       , libpng

     

       19
       19
       -
       , ffmpeg_4

     

       20
       20
       -
       , ffmpeg

     

       21
       21
       -
       , hwdata

     

       22
       22
       -
       , seatd

     

       23
       23
       -
       , vulkan-loader

     

       24
       24
       -
       , glslang

     

       25
       25
       -
       , libliftoff

     

       26
       26
       -
       , libdisplay-info

     

       27
       27
       -
       , nixosTests

     

       1
       1
       +
       { lib, stdenv, fetchFromGitLab, fetchpatch, meson, ninja, pkg-config

     

       2
       2
       +
       , wayland-scanner, libGL, wayland, wayland-protocols, libinput, libxkbcommon

     

       3
       3
       +
       , pixman, libcap, mesa, xorg, libpng, ffmpeg_4, ffmpeg, hwdata, seatd

     

       4
       4
       +
       , vulkan-loader, glslang, libliftoff, libdisplay-info, nixosTests

     

       28
       5
        
       

     

       29
       29
       -
       , enableXWayland ? true

     

       30
       30
       -
       , xwayland ? null

     

       31
       31
       -
       }:

     

       6
       6
       +
       , enableXWayland ? true, xwayland ? null }:

     

       32
       7
        
       

     

       33
       8
        
       stdenv.mkDerivation (finalAttrs: rec {

     

       34
       9
        
         pname = "wlroots";

     
···

       73
       48
        
           hwdata

     

       74
       49
        
           libliftoff

     

       75
       50
        
           libdisplay-info

     

       76
       76
       -
         ]

     

       77
       77
       -
         ++ lib.optional finalAttrs.enableXWayland xwayland;

     

       51
       51
       +
         ] ++ lib.optional finalAttrs.enableXWayland xwayland;

     

       78
       52
        
       

     

       79
       79
       -
         mesonFlags =

     

       80
       80
       -
           lib.optional (!finalAttrs.enableXWayland) "-Dxwayland=disabled"

     

       81
       81
       -
         ;

     

       53
       53
       +
         mesonFlags = lib.optional (!finalAttrs.enableXWayland) "-Dxwayland=disabled";

     

       82
       54
        
       

     

       83
       55
        
         postFixup = ''

     

       84
       56
        
           # Install ALL example programs to $examples:

     
···

       102
       74
        
             compositor; or about 50,000 lines of code you were going to write anyway.

     

       103
       75
        
           '';

     

       104
       76
        
           inherit (finalAttrs.src.meta) homepage;

     

       105
       105
       -
           changelog = "https://gitlab.freedesktop.org/wlroots/wlroots/-/tags/${version}";

     

       77
       77
       +
           changelog =

     

       78
       78
       +
             "https://gitlab.freedesktop.org/wlroots/wlroots/-/tags/${version}";

     

       106
       79
        
           license = lib.licenses.mit;

     

       107
       80
        
           platforms = lib.platforms.linux;

     

       108
       81
        
           maintainers = with lib.maintainers; [ primeos synthetica rewine ];

+3 -3

pkgs/wlroots/protocols.nix

···

       35
       35
        
             extend the functionality of some other protocol either in Wayland core,

     

       36
       36
        
             or some other protocol in wayland-protocols.

     

       37
       37
        
           '';

     

       38
       38
       -
           homepage    = "https://gitlab.freedesktop.org/wlroots/wlr-protocols";

     

       39
       39
       -
           license     = licenses.mit; # See file headers

     

       40
       40
       -
           platforms   = platforms.linux;

     

       38
       38
       +
           homepage = "https://gitlab.freedesktop.org/wlroots/wlr-protocols";

     

       39
       39
       +
           license = licenses.mit; # See file headers

     

       40
       40
       +
           platforms = platforms.linux;

     

       41
       41
        
           maintainers = with maintainers; [ twitchyliquid64 ];

     

       42
       42
        
         };

     

       43
       43
        
       }

+9 -6

secrets/secrets.nix

···

       3
       3
        
           "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAGNcdBuEeoJiMH8TMO4k/w3OVKfiSZ9IZ3xrzFOZEi8 ryan@dell-xps"

     

       4
       4
        
         ];

     

       5
       5
        
       

     

       6
       6
       -
         gecko = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGLEtqkSlJx219h1aYRXRjP60vBmJmhrCp0Mj1FIF25N root@gecko";

     

       7
       7
       -
         owl = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILP6Cgm/BWnJvuGgU1SjWwjOCjuE5AXGqEdQonWYR7BA root@owl";

     

       8
       8
       -
         elephant = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+ddohsRFrypCVJqIhI3p3R12pJI8iwuMfRu0TJWuPe root@elephant";

     

       9
       9
       -
         shrew = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHLiZ0xdXSlF1eMibrs320lVQaushEpEDMrR6lp9uFkx root@shrew";

     

       10
       10
       -
       in

     

       11
       11
       -
       {

     

       6
       6
       +
         gecko =

     

       7
       7
       +
           "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGLEtqkSlJx219h1aYRXRjP60vBmJmhrCp0Mj1FIF25N root@gecko";

     

       8
       8
       +
         owl =

     

       9
       9
       +
           "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILP6Cgm/BWnJvuGgU1SjWwjOCjuE5AXGqEdQonWYR7BA root@owl";

     

       10
       10
       +
         elephant =

     

       11
       11
       +
           "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+ddohsRFrypCVJqIhI3p3R12pJI8iwuMfRu0TJWuPe root@elephant";

     

       12
       12
       +
         shrew =

     

       13
       13
       +
           "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHLiZ0xdXSlF1eMibrs320lVQaushEpEDMrR6lp9uFkx root@shrew";

     

       14
       14
       +
       in {

     

       12
       15
        
         "cache-priv-key.pem.age".publicKeys = user ++ [ owl ];

     

       13
       16
        
         "email-ryan.age".publicKeys = user ++ [ gecko owl ];

     

       14
       17
        
         "email-system.age".publicKeys = user ++ [ gecko owl elephant ];