comparing 7854df8637f6f10b8049ee930816837ced45534f and master on ryan.freumh.org/nixos

+63 -2

README.md

···

       1
       1
       +
       # NixOS Configuration

     

       2
       2
       +
       

     

       3
       3
       +
       My personal Nix and NixOS configuration for reproducible, declarative systems and environments across multiple hosts.

     

       4
       4
       +
       This is a personal configuration with limited applicability to others, though some patterns may be useful for reference.

     

       5
       5
       +
       Common self-hosting services have been extracted to a separate project, [Eilean](https://github.com/RyanGibb/eilean-nix).

     

       6
       6
       +
       

     

       7
       7
       +
       ## Usage

     

       8
       8
       +
       

     

       9
       9
       +
       ### NixOS

     

       10
       10
       +
       

     

       11
       11
       +
       See the [NixOS manual](https://nixos.org/manual/nixos/stable/#ch-installation) for how to install NixOS.

     

       12
       12
       +
       

     

       13
       13
       +
       1. Clone this repository to `/etc/nixos/` on a NixOS system.

     

       14
       14
       +
       2. Set up the host configuration in `/etc/nixos/hosts/<hostname>/`.

     

       15
       15
       +
       3. Deploy the host with `nixos-rebuild switch`.

     

       16
       16
       +
       

     

       17
       17
       +
       ### Remote Deployment

     

       18
       18
       +
       

     

       19
       19
       +
       [`deploy-rs`](https://github.com/serokell/deploy-rs) can be used to update remote hosts via SSH with `deploy .#hostname`.

     

       20
       20
       +
       

     

       21
       21
       +
       ### Home Manager

     

       22
       22
       +
       

     

       23
       23
       +
       For non-NixOS systems, you can use Home Manager standalone:

     

       24
       24
       +
       

     

       25
       25
       +
       1. Install [Nix](https://nixos.org/download/) and [enable flakes](https://nixos.wiki/wiki/flakes#Other_Distros.2C_without_Home-Manager).

     

       26
       26
       +
       2. Clone this repository and follow the [Home Manager manual](https://nix-community.github.io/home-manager/index.xhtml#sec-install-standalone).

     

       27
       27
       +
       3. Deploy the profile with `home-manager switch`.

     

       28
       28
       +
       

     

       29
       29
       +
       ### Nix-on-Droid

     

       30
       30
       +
       

     

       31
       31
       +
       See [upstream](https://github.com/nix-community/nix-on-droid/).

     

       32
       32
       +
       

     

       33
       33
       +
       ## Repository Structure

     

       1
       34
        
       

     

       2
       2
       -
       My NixOS configs.

     

       35
       35
       +
       - [`flake.nix`](./flake.nix) - Entry point where inputs, outputs, and [overlays](https://nixos.org/manual/nixpkgs/stable/#chap-overlays) are defined.

     

       36
       36
       +
         The [`flake.lock`](./flake.lock) file locks these inputs for reproducibility.

     

       37
       37
       +
       - [`hosts/`](./hosts/) - Host-specific configurations where each subdirectory represents a separate machine.

     

       38
       38
       +
         - Hosts are named after animals, following a rough naming scheme where,

     

       39
       39
       +
           - Stationary hosts are mammals.

     

       40
       40
       +
             - Servers are even-toed ungulates ([Artiodactyls](https://en.wikipedia.org/wiki/Artiodactyl)), e.g. the [Network-Attached Storage (NAS) server](https://ryan.freumh.org/nas.html) [`elephant`](./hosts/elephant).

     

       41
       41
       +
             - SBCs are small mammals ([Eulipotyphla](https://en.wikipedia.org/wiki/Eulipotyphla)), e.g. the [Home Assistant](https://www.home-assistant.io/) server and [Zigbee](https://en.wikipedia.org/wiki/Zigbee) bridge [`shrew`](./hosts/shrew).

     

       42
       42
       +
             - Desktops are carnivores ([Carnivora](https://en.wikipedia.org/wiki/Carnivora)), e.g. the tower PC [`vulpine`](./hosts/vulpine).

     

       43
       43
       +
           - Mobile (battery powered) hosts are reptiles, e.g. the laptop [`gecko`](./hosts/gecko).

     

       44
       44
       +
           - Virtual hosts are birds, e.g. the virtual private server (VPS) [`owl`](./hosts/owl).

     

       45
       45
       +
           - Work-associated hosts are aquatic, e.g. the VPSs for [Eon](https://github.com/RyanGibb/eon) experiments [`duck`](./hosts/duck), and running the [EEG](https://www.cst.cam.ac.uk/research/eeg) infrastructure including using the federated [Shibboleth](https://www.shibboleth.net/) identity server to provision [Matrix](https://matrix.org/) accounts [`swan`](./hosts/swan).

     

       46
       46
       +
           - [`barnacle`](./hosts/barnacle/default.nix) builds an ISO image that can be written to media like a USB flash drive to create a read-only live USB that can be booted to provide the custom environment on all my other hosts and used to, for example, install an operating system, with the [`install.sh`](./hosts/barnacle/install.sh) script.

     

       47
       47
       +
         - Each host directory typically contains,

     

       48
       48
       +
           - `default.nix` - Main configuration entry point that imports other modules.

     

       49
       49
       +
           - `hardware-configuration.nix` - Hardware-specific configuration generated by `nixos-generate-config`.

     

       50
       50
       +
           - `minimal.nix` - A minimal configuration that can be useful when updating with insufficient disk space.

     

       51
       51
       +
             The minimal configuration can be build, the `default.nix` system garbage collected, and then the updated configuration built.

     

       52
       52
       +
             Note this precludes trivial rollback.

     

       53
       53
       +
           - Other modules separating functionality, such as `services.nix`.

     

       54
       54
       +
       - [`modules/`](./modules/) - NixOS modules of common functionality extracted into modular components which can be enabled by host configurations.

     

       55
       55
       +
       - [`pkgs/`](./pkgs/) - Custom package definitions for packages not available in nixpkgs or requiring modifications.

     

       56
       56
       +
       - [`home/`](./home/) - Home-manager NixOS modules configurations.

     

       57
       57
       +
       - [`secrets/`](./secrets/) - Encrypted secrets managed by agenix.

     

       58
       58
       +
       - [`scripts/`](./scripts/) - Miscellaneous scripts.

     

       59
       59
       +
       - [`nix-on-droid/`](./nix-on-droid/) - [Nix-on-Droid](./#nix-on-droid) configuration.

     

       3
       60
        
       

     

       4
       4
       -
       Uses flakes.

     

       61
       61
       +
       ## Managing Secrets

     

       62
       62
       +
       

     

       63
       63
       +
       Secrets are managed using [agenix](https://github.com/ryantm/agenix).

     

       64
       64
       +
       To add a new secret, update [secrets.nix](./secrets/secrets.nix) and run `cd secrets && agenix -e <secret-name>.age`.

     

       65
       65
       +
       To update an existing secret you need only do the latter.

     

       5
       66

+161 -107

flake.lock

···

       58
       58
        
               "type": "gitlab"

     

       59
       59
        
             }

     

       60
       60
        
           },

     

       61
       61
       -
           "colour-guesser": {

     

       62
       62
       -
             "inputs": {

     

       63
       63
       -
               "flake-utils": "flake-utils_2",

     

       64
       64
       -
               "nix-filter": "nix-filter",

     

       65
       65
       -
               "nixpkgs": [

     

       66
       66
       -
                 "nixpkgs"

     

       67
       67
       -
               ]

     

       68
       68
       -
             },

     

       69
       69
       -
             "locked": {

     

       70
       70
       -
               "lastModified": 1713180220,

     

       71
       71
       -
               "narHash": "sha256-hTdD8t3/hvaexQXDFL2lsXgyxg93IrTFszXeCrBcmEY=",

     

       72
       72
       -
               "ref": "develop",

     

       73
       73
       -
               "rev": "6ecf853ca91af2e6ddcecd64e6eaa1214aaf87fa",

     

       74
       74
       -
               "revCount": 11,

     

       75
       75
       -
               "type": "git",

     

       76
       76
       -
               "url": "ssh://git@github.com/ryangibb/colour-guesser.git"

     

       77
       77
       -
             },

     

       78
       78
       -
             "original": {

     

       79
       79
       -
               "ref": "develop",

     

       80
       80
       -
               "type": "git",

     

       81
       81
       -
               "url": "ssh://git@github.com/ryangibb/colour-guesser.git"

     

       82
       82
       -
             }

     

       83
       83
       -
           },

     

       84
       61
        
           "darwin": {

     

       85
       62
        
             "inputs": {

     

       86
       63
        
               "nixpkgs": [

     
···

       125
       102
        
               "type": "github"

     

       126
       103
        
             }

     

       127
       104
        
           },

     

       105
       105
       +
           "disko": {

     

       106
       106
       +
             "inputs": {

     

       107
       107
       +
               "nixpkgs": [

     

       108
       108
       +
                 "nixpkgs"

     

       109
       109
       +
               ]

     

       110
       110
       +
             },

     

       111
       111
       +
             "locked": {

     

       112
       112
       +
               "lastModified": 1743598667,

     

       113
       113
       +
               "narHash": "sha256-ViE7NoFWytYO2uJONTAX35eGsvTYXNHjWALeHAg8OQY=",

     

       114
       114
       +
               "owner": "nix-community",

     

       115
       115
       +
               "repo": "disko",

     

       116
       116
       +
               "rev": "329d3d7e8bc63dd30c39e14e6076db590a6eabe6",

     

       117
       117
       +
               "type": "github"

     

       118
       118
       +
             },

     

       119
       119
       +
             "original": {

     

       120
       120
       +
               "owner": "nix-community",

     

       121
       121
       +
               "repo": "disko",

     

       122
       122
       +
               "type": "github"

     

       123
       123
       +
             }

     

       124
       124
       +
           },

     

       128
       125
        
           "eilean": {

     

       129
       126
        
             "inputs": {

     

       130
       127
        
               "eon": [

     
···

       136
       133
        
               ]

     

       137
       134
        
             },

     

       138
       135
        
             "locked": {

     

       139
       139
       -
               "lastModified": 1734089719,

     

       140
       140
       -
               "narHash": "sha256-ZBh6KrIQXPGXhR7AWUIMdkY/99MFunfULoNqWpm+K6k=",

     

       136
       136
       +
               "lastModified": 1740855157,

     

       137
       137
       +
               "narHash": "sha256-qnKyiLva/VVWYTYWH2tN7xxj9jJ4dsl/jOxkpotlZIE=",

     

       141
       138
        
               "owner": "RyanGibb",

     

       142
       139
        
               "repo": "eilean-nix",

     

       143
       143
       -
               "rev": "e048d7e4fba2029f9e70c2a770b59c1f88575670",

     

       140
       140
       +
               "rev": "f68975d7d049ab10b7c26eeceb63a6ddd357bb30",

     

       144
       141
        
               "type": "github"

     

       145
       142
        
             },

     

       146
       143
        
             "original": {

     
···

       152
       149
        
           },

     

       153
       150
        
           "eon": {

     

       154
       151
        
             "inputs": {

     

       155
       155
       -
               "flake-utils": "flake-utils_3",

     

       152
       152
       +
               "flake-utils": "flake-utils_2",

     

       156
       153
        
               "nixpkgs": [

     

       157
       154
        
                 "nixpkgs"

     

       158
       155
        
               ],

     

       159
       156
        
               "opam-nix": "opam-nix"

     

       160
       157
        
             },

     

       161
       158
        
             "locked": {

     

       162
       162
       -
               "lastModified": 1735557697,

     

       163
       163
       -
               "narHash": "sha256-pb/gYk5Yl4osJGoH7wVKeIs211zHRRbMoa14VSF26c0=",

     

       159
       159
       +
               "lastModified": 1743149102,

     

       160
       160
       +
               "narHash": "sha256-pW24ij8CqAdU8m5OFD1amwNmovf25YRygl1bv+s390o=",

     

       164
       161
        
               "owner": "RyanGibb",

     

       165
       162
        
               "repo": "eon",

     

       166
       166
       -
               "rev": "ab24e3b9bc36a00b540eb89e77a7789804fd7005",

     

       163
       163
       +
               "rev": "81bdd51d1e2651c46df2a1ce38b7df5661e7eef1",

     

       167
       164
        
               "type": "github"

     

       168
       165
        
             },

     

       169
       166
        
             "original": {

     
···

       287
       284
        
           },

     

       288
       285
        
           "flake-utils_2": {

     

       289
       286
        
             "inputs": {

     

       290
       290
       -
               "systems": "systems_2"

     

       291
       291
       -
             },

     

       292
       292
       -
             "locked": {

     

       293
       293
       -
               "lastModified": 1681202837,

     

       294
       294
       -
               "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",

     

       295
       295
       -
               "owner": "numtide",

     

       296
       296
       -
               "repo": "flake-utils",

     

       297
       297
       -
               "rev": "cfacdce06f30d2b68473a46042957675eebb3401",

     

       298
       298
       -
               "type": "github"

     

       299
       299
       -
             },

     

       300
       300
       -
             "original": {

     

       301
       301
       -
               "id": "flake-utils",

     

       302
       302
       -
               "type": "indirect"

     

       303
       303
       -
             }

     

       304
       304
       -
           },

     

       305
       305
       -
           "flake-utils_3": {

     

       306
       306
       -
             "inputs": {

     

       307
       307
       -
               "systems": "systems_5"

     

       287
       287
       +
               "systems": "systems_4"

     

       308
       288
        
             },

     

       309
       289
        
             "locked": {

     

       310
       290
        
               "lastModified": 1731533236,

     
···

       320
       300
        
               "type": "github"

     

       321
       301
        
             }

     

       322
       302
        
           },

     

       323
       323
       -
           "flake-utils_4": {

     

       303
       303
       +
           "flake-utils_3": {

     

       324
       304
        
             "locked": {

     

       325
       305
        
               "lastModified": 1676283394,

     

       326
       306
        
               "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=",

     
···

       334
       314
        
               "type": "indirect"

     

       335
       315
        
             }

     

       336
       316
        
           },

     

       337
       337
       -
           "flake-utils_5": {

     

       317
       317
       +
           "flake-utils_4": {

     

       338
       318
        
             "inputs": {

     

       339
       339
       -
               "systems": "systems_6"

     

       319
       319
       +
               "systems": "systems_5"

     

       340
       320
        
             },

     

       341
       321
        
             "locked": {

     

       342
       322
        
               "lastModified": 1694529238,

     
···

       352
       332
        
               "type": "github"

     

       353
       333
        
             }

     

       354
       334
        
           },

     

       355
       355
       -
           "flake-utils_6": {

     

       335
       335
       +
           "flake-utils_5": {

     

       356
       336
        
             "locked": {

     

       357
       337
        
               "lastModified": 1638122382,

     

       358
       338
        
               "narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=",

     
···

       367
       347
        
               "type": "github"

     

       368
       348
        
             }

     

       369
       349
        
           },

     

       370
       370
       -
           "flake-utils_7": {

     

       350
       350
       +
           "flake-utils_6": {

     

       371
       351
        
             "inputs": {

     

       372
       372
       -
               "systems": "systems_7"

     

       352
       352
       +
               "systems": "systems_6"

     

       373
       353
        
             },

     

       374
       354
        
             "locked": {

     

       375
       355
        
               "lastModified": 1692799911,

     
···

       387
       367
        
           },

     

       388
       368
        
           "fn06-website": {

     

       389
       369
        
             "inputs": {

     

       390
       390
       -
               "flake-utils": "flake-utils_4",

     

       370
       370
       +
               "flake-utils": "flake-utils_3",

     

       391
       371
        
               "nixpkgs": [

     

       392
       372
        
                 "nixpkgs"

     

       393
       373
        
               ]

     
···

       406
       386
        
               "type": "github"

     

       407
       387
        
             }

     

       408
       388
        
           },

     

       389
       389
       +
           "gitignore": {

     

       390
       390
       +
             "inputs": {

     

       391
       391
       +
               "nixpkgs": [

     

       392
       392
       +
                 "tangled",

     

       393
       393
       +
                 "nixpkgs"

     

       394
       394
       +
               ]

     

       395
       395
       +
             },

     

       396
       396
       +
             "locked": {

     

       397
       397
       +
               "lastModified": 1709087332,

     

       398
       398
       +
               "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",

     

       399
       399
       +
               "owner": "hercules-ci",

     

       400
       400
       +
               "repo": "gitignore.nix",

     

       401
       401
       +
               "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",

     

       402
       402
       +
               "type": "github"

     

       403
       403
       +
             },

     

       404
       404
       +
             "original": {

     

       405
       405
       +
               "owner": "hercules-ci",

     

       406
       406
       +
               "repo": "gitignore.nix",

     

       407
       407
       +
               "type": "github"

     

       408
       408
       +
             }

     

       409
       409
       +
           },

     

       409
       410
        
           "gomod2nix": {

     

       410
       411
        
             "inputs": {

     

       411
       412
        
               "nixpkgs": [

     
···

       456
       457
        
               ]

     

       457
       458
        
             },

     

       458
       459
        
             "locked": {

     

       459
       459
       -
               "lastModified": 1736373539,

     

       460
       460
       -
               "narHash": "sha256-dinzAqCjenWDxuy+MqUQq0I4zUSfaCvN9rzuCmgMZJY=",

     

       460
       460
       +
               "lastModified": 1743387206,

     

       461
       461
       +
               "narHash": "sha256-24N3NAuZZbYqZ39NgToZgHUw6M7xHrtrAm18kv0+2Wo=",

     

       461
       462
        
               "owner": "nix-community",

     

       462
       463
        
               "repo": "home-manager",

     

       463
       463
       -
               "rev": "bd65bc3cde04c16755955630b344bc9e35272c56",

     

       464
       464
       +
               "rev": "15c5f9d04fabd176f30286c8f52bbdb2c853a146",

     

       464
       465
        
               "type": "github"

     

       465
       466
        
             },

     

       466
       467
        
             "original": {

     
···

       470
       471
        
               "type": "github"

     

       471
       472
        
             }

     

       472
       473
        
           },

     

       474
       474
       +
           "htmx-src": {

     

       475
       475
       +
             "flake": false,

     

       476
       476
       +
             "locked": {

     

       477
       477
       +
               "narHash": "sha256-nm6avZuEBg67SSyyZUhjpXVNstHHgUxrtBHqJgowU08=",

     

       478
       478
       +
               "type": "file",

     

       479
       479
       +
               "url": "https://unpkg.com/htmx.org@2.0.4/dist/htmx.min.js"

     

       480
       480
       +
             },

     

       481
       481
       +
             "original": {

     

       482
       482
       +
               "type": "file",

     

       483
       483
       +
               "url": "https://unpkg.com/htmx.org@2.0.4/dist/htmx.min.js"

     

       484
       484
       +
             }

     

       485
       485
       +
           },

     

       473
       486
        
           "hyperbib-eeg": {

     

       474
       487
        
             "inputs": {

     

       475
       475
       -
               "flake-utils": "flake-utils_5",

     

       488
       488
       +
               "flake-utils": "flake-utils_4",

     

       476
       489
        
               "nixpkgs": [

     

       477
       490
        
                 "nixpkgs"

     

       478
       491
        
               ],

     
···

       496
       509
        
           },

     

       497
       510
        
           "i3-workspace-history": {

     

       498
       511
        
             "inputs": {

     

       499
       499
       -
               "flake-utils": "flake-utils_7",

     

       512
       512
       +
               "flake-utils": "flake-utils_6",

     

       500
       513
        
               "gomod2nix": "gomod2nix",

     

       501
       514
        
               "nixpkgs": [

     

       502
       515
        
                 "nixpkgs"

     
···

       516
       529
        
               "type": "github"

     

       517
       530
        
             }

     

       518
       531
        
           },

     

       532
       532
       +
           "ia-fonts-src": {

     

       533
       533
       +
             "flake": false,

     

       534
       534
       +
             "locked": {

     

       535
       535
       +
               "lastModified": 1686932517,

     

       536
       536
       +
               "narHash": "sha256-2T165nFfCzO65/PIHauJA//S+zug5nUwPcg8NUEydfc=",

     

       537
       537
       +
               "owner": "iaolo",

     

       538
       538
       +
               "repo": "iA-Fonts",

     

       539
       539
       +
               "rev": "f32c04c3058a75d7ce28919ce70fe8800817491b",

     

       540
       540
       +
               "type": "github"

     

       541
       541
       +
             },

     

       542
       542
       +
             "original": {

     

       543
       543
       +
               "owner": "iaolo",

     

       544
       544
       +
               "repo": "iA-Fonts",

     

       545
       545
       +
               "type": "github"

     

       546
       546
       +
             }

     

       547
       547
       +
           },

     

       548
       548
       +
           "indigo": {

     

       549
       549
       +
             "flake": false,

     

       550
       550
       +
             "locked": {

     

       551
       551
       +
               "lastModified": 1738491661,

     

       552
       552
       +
               "narHash": "sha256-+njDigkvjH4XmXZMog5Mp0K4x9mamHX6gSGJCZB9mE4=",

     

       553
       553
       +
               "owner": "oppiliappan",

     

       554
       554
       +
               "repo": "indigo",

     

       555
       555
       +
               "rev": "feb802f02a462ac0a6392ffc3e40b0529f0cdf71",

     

       556
       556
       +
               "type": "github"

     

       557
       557
       +
             },

     

       558
       558
       +
             "original": {

     

       559
       559
       +
               "owner": "oppiliappan",

     

       560
       560
       +
               "repo": "indigo",

     

       561
       561
       +
               "type": "github"

     

       562
       562
       +
             }

     

       563
       563
       +
           },

     

       564
       564
       +
           "lucide-src": {

     

       565
       565
       +
             "flake": false,

     

       566
       566
       +
             "locked": {

     

       567
       567
       +
               "lastModified": 1742302029,

     

       568
       568
       +
               "narHash": "sha256-OyPVtpnC4/AAmPq84Wt1r1Gcs48d9KG+UBCtZK87e9k=",

     

       569
       569
       +
               "type": "tarball",

     

       570
       570
       +
               "url": "https://github.com/lucide-icons/lucide/releases/download/0.483.0/lucide-icons-0.483.0.zip"

     

       571
       571
       +
             },

     

       572
       572
       +
             "original": {

     

       573
       573
       +
               "type": "tarball",

     

       574
       574
       +
               "url": "https://github.com/lucide-icons/lucide/releases/download/0.483.0/lucide-icons-0.483.0.zip"

     

       575
       575
       +
             }

     

       576
       576
       +
           },

     

       519
       577
        
           "mirage-opam-overlays": {

     

       520
       578
        
             "flake": false,

     

       521
       579
        
             "locked": {

     
···

       545
       603
        
             "original": {

     

       546
       604
        
               "owner": "dune-universe",

     

       547
       605
        
               "repo": "mirage-opam-overlays",

     

       548
       548
       -
               "type": "github"

     

       549
       549
       -
             }

     

       550
       550
       -
           },

     

       551
       551
       -
           "nix-filter": {

     

       552
       552
       -
             "locked": {

     

       553
       553
       -
               "lastModified": 1681154353,

     

       554
       554
       -
               "narHash": "sha256-MCJ5FHOlbfQRFwN0brqPbCunLEVw05D/3sRVoNVt2tI=",

     

       555
       555
       -
               "owner": "numtide",

     

       556
       556
       -
               "repo": "nix-filter",

     

       557
       557
       -
               "rev": "f529f42792ade8e32c4be274af6b6d60857fbee7",

     

       558
       558
       -
               "type": "github"

     

       559
       559
       -
             },

     

       560
       560
       -
             "original": {

     

       561
       561
       -
               "owner": "numtide",

     

       562
       562
       -
               "repo": "nix-filter",

     

       563
       606
        
               "type": "github"

     

       564
       607
        
             }

     

       565
       608
        
           },

     
···

       638
       681
        
           },

     

       639
       682
        
           "nixos-hardware": {

     

       640
       683
        
             "locked": {

     

       641
       641
       -
               "lastModified": 1737590910,

     

       642
       642
       -
               "narHash": "sha256-qM/y6Dtpu9Wmf5HqeZajQdn+cS0aljdYQQQnrvx+LJE=",

     

       684
       684
       +
               "lastModified": 1743420942,

     

       685
       685
       +
               "narHash": "sha256-b/exDDQSLmENZZgbAEI3qi9yHkuXAXCPbormD8CSJXo=",

     

       643
       686
        
               "owner": "nixos",

     

       644
       687
        
               "repo": "nixos-hardware",

     

       645
       645
       -
               "rev": "9368027715d8dde4b84c79c374948b5306fdd2db",

     

       688
       688
       +
               "rev": "de6fc5551121c59c01e2a3d45b277a6d05077bc4",

     

       646
       689
        
               "type": "github"

     

       647
       690
        
             },

     

       648
       691
        
             "original": {

     
···

       806
       849
        
           },

     

       807
       850
        
           "nixpkgs-unstable": {

     

       808
       851
        
             "locked": {

     

       809
       809
       -
               "lastModified": 1737469691,

     

       810
       810
       -
               "narHash": "sha256-nmKOgAU48S41dTPIXAq0AHZSehWUn6ZPrUKijHAMmIk=",

     

       852
       852
       +
               "lastModified": 1743448293,

     

       853
       853
       +
               "narHash": "sha256-bmEPmSjJakAp/JojZRrUvNcDX2R5/nuX6bm+seVaGhs=",

     

       811
       854
        
               "owner": "nixos",

     

       812
       855
        
               "repo": "nixpkgs",

     

       813
       813
       -
               "rev": "9e4d5190a9482a1fb9d18adf0bdb83c6e506eaab",

     

       856
       856
       +
               "rev": "77b584d61ff80b4cef9245829a6f1dfad5afdfa3",

     

       814
       857
        
               "type": "github"

     

       815
       858
        
             },

     

       816
       859
        
             "original": {

     
···

       822
       865
        
           },

     

       823
       866
        
           "nixpkgs_2": {

     

       824
       867
        
             "locked": {

     

       825
       825
       -
               "lastModified": 1737569578,

     

       826
       826
       -
               "narHash": "sha256-6qY0pk2QmUtBT9Mywdvif0i/CLVgpCjMUn6g9vB+f3M=",

     

       868
       868
       +
               "lastModified": 1743501102,

     

       869
       869
       +
               "narHash": "sha256-7PCBQ4aGVF8OrzMkzqtYSKyoQuU2jtpPi4lmABpe5X4=",

     

       827
       870
        
               "owner": "nixos",

     

       828
       871
        
               "repo": "nixpkgs",

     

       829
       829
       -
               "rev": "47addd76727f42d351590c905d9d1905ca895b82",

     

       872
       872
       +
               "rev": "02f2af8c8a8c3b2c05028936a1e84daefa1171d4",

     

       830
       873
        
               "type": "github"

     

       831
       874
        
             },

     

       832
       875
        
             "original": {

     
···

       930
       973
        
               "opam2json": "opam2json"

     

       931
       974
        
             },

     

       932
       975
        
             "locked": {

     

       933
       933
       -
               "lastModified": 1732617437,

     

       934
       934
       -
               "narHash": "sha256-jj25fziYrES8Ix6HkfSiLzrN6MZjiwlHUxFSIuLRjgE=",

     

       976
       976
       +
               "lastModified": 1741156005,

     

       977
       977
       +
               "narHash": "sha256-JBPvXe5g1V2xpmPVMlf5CP5+T1E+TCK73lqeqV89EJE=",

     

       935
       978
        
               "owner": "tweag",

     

       936
       979
        
               "repo": "opam-nix",

     

       937
       937
       -
               "rev": "ea8b9cb81fe94e1fc45c6376fcff15f17319c445",

     

       980
       980
       +
               "rev": "e71936b31658f0b039a7d26b0c9c7a461d949ba4",

     

       938
       981
        
               "type": "github"

     

       939
       982
        
             },

     

       940
       983
        
             "original": {

     
···

       946
       989
        
           "opam-nix_2": {

     

       947
       990
        
             "inputs": {

     

       948
       991
        
               "flake-compat": "flake-compat_4",

     

       949
       949
       -
               "flake-utils": "flake-utils_6",

     

       992
       992
       +
               "flake-utils": "flake-utils_5",

     

       950
       993
        
               "mirage-opam-overlays": "mirage-opam-overlays_2",

     

       951
       994
        
               "nixpkgs": [

     

       952
       995
        
                 "hyperbib-eeg",

     
···

       1008
       1051
        
           "opam-repository": {

     

       1009
       1052
        
             "flake": false,

     

       1010
       1053
        
             "locked": {

     

       1011
       1011
       -
               "lastModified": 1732612513,

     

       1012
       1012
       -
               "narHash": "sha256-kju4NWEQo4xTxnKeBIsmqnyxIcCg6sNZYJ1FmG/gCDw=",

     

       1054
       1054
       +
               "lastModified": 1740730647,

     

       1055
       1055
       +
               "narHash": "sha256-6veU2WjUGcWDAzLDjoAI1L6GWZd0KIUq19sHcbJS+u8=",

     

       1013
       1056
        
               "owner": "ocaml",

     

       1014
       1057
        
               "repo": "opam-repository",

     

       1015
       1015
       -
               "rev": "3d52b66b04788999a23f22f0d59c2dfc831c4f32",

     

       1058
       1058
       +
               "rev": "f1f75fef5fbf1e8bd1cc9544e50b89ba59f625e2",

     

       1016
       1059
        
               "type": "github"

     

       1017
       1060
        
             },

     

       1018
       1061
        
             "original": {

     
···

       1085
       1128
        
             "inputs": {

     

       1086
       1129
        
               "agenix": "agenix",

     

       1087
       1130
        
               "alec-website": "alec-website",

     

       1088
       1088
       -
               "colour-guesser": "colour-guesser",

     

       1089
       1131
        
               "deploy-rs": "deploy-rs",

     

       1132
       1132
       +
               "disko": "disko",

     

       1090
       1133
        
               "eilean": "eilean",

     

       1091
       1134
        
               "eon": "eon",

     

       1092
       1135
        
               "fn06-website": "fn06-website",

     
···

       1103
       1146
        
               "nixpkgs-sonarr": "nixpkgs-sonarr",

     

       1104
       1147
        
               "nixpkgs-unstable": "nixpkgs-unstable",

     

       1105
       1148
        
               "nur": "nur",

     

       1149
       1149
       +
               "tangled": "tangled",

     

       1106
       1150
        
               "timewall": "timewall"

     

       1107
       1151
        
             }

     

       1108
       1152
        
           },

     
···

       1233
       1277
        
               "type": "github"

     

       1234
       1278
        
             }

     

       1235
       1279
        
           },

     

       1236
       1236
       -
           "systems_7": {

     

       1280
       1280
       +
           "tangled": {

     

       1281
       1281
       +
             "inputs": {

     

       1282
       1282
       +
               "gitignore": "gitignore",

     

       1283
       1283
       +
               "htmx-src": "htmx-src",

     

       1284
       1284
       +
               "ia-fonts-src": "ia-fonts-src",

     

       1285
       1285
       +
               "indigo": "indigo",

     

       1286
       1286
       +
               "lucide-src": "lucide-src",

     

       1287
       1287
       +
               "nixpkgs": [

     

       1288
       1288
       +
                 "nixpkgs"

     

       1289
       1289
       +
               ]

     

       1290
       1290
       +
             },

     

       1237
       1291
        
             "locked": {

     

       1238
       1238
       -
               "lastModified": 1681028828,

     

       1239
       1239
       -
               "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",

     

       1240
       1240
       -
               "owner": "nix-systems",

     

       1241
       1241
       -
               "repo": "default",

     

       1242
       1242
       -
               "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",

     

       1243
       1243
       -
               "type": "github"

     

       1292
       1292
       +
               "lastModified": 1743620557,

     

       1293
       1293
       +
               "narHash": "sha256-w7a9Qn/IUdCe+gk5cMvSUS+YKItK2iTiu2Qcq49a+zU=",

     

       1294
       1294
       +
               "ref": "refs/heads/master",

     

       1295
       1295
       +
               "rev": "19ee94f42ab259c218762e6f0ed87952f80b5162",

     

       1296
       1296
       +
               "revCount": 420,

     

       1297
       1297
       +
               "type": "git",

     

       1298
       1298
       +
               "url": "https://tangled.sh/@tangled.sh/core"

     

       1244
       1299
        
             },

     

       1245
       1300
        
             "original": {

     

       1246
       1246
       -
               "owner": "nix-systems",

     

       1247
       1247
       -
               "repo": "default",

     

       1248
       1248
       -
               "type": "github"

     

       1301
       1301
       +
               "type": "git",

     

       1302
       1302
       +
               "url": "https://tangled.sh/@tangled.sh/core"

     

       1249
       1303
        
             }

     

       1250
       1304
        
           },

     

       1251
       1305
        
           "timewall": {

     
···

       1256
       1310
        
               "rust-overlay": "rust-overlay"

     

       1257
       1311
        
             },

     

       1258
       1312
        
             "locked": {

     

       1259
       1259
       -
               "lastModified": 1737663538,

     

       1260
       1260
       -
               "narHash": "sha256-qrCHymJGE3hbLqxVZK98PNYvw03kQItelDAR2kkwA0o=",

     

       1313
       1313
       +
               "lastModified": 1743524557,

     

       1314
       1314
       +
               "narHash": "sha256-0rNcLtKWbjI0VqlusrqPMcpPgdkkZGkOIt9s3CnsCao=",

     

       1261
       1315
        
               "owner": "bcyran",

     

       1262
       1316
        
               "repo": "timewall",

     

       1263
       1263
       -
               "rev": "8c0a4bf755b714b41144bd830f8e718e5dee5afd",

     

       1317
       1317
       +
               "rev": "789befef40bf0d45e48285f17f512b41924cfeb7",

     

       1264
       1318
        
               "type": "github"

     

       1265
       1319
        
             },

     

       1266
       1320
        
             "original": {

     
···

       1292
       1346
        
           },

     

       1293
       1347
        
           "utils": {

     

       1294
       1348
        
             "inputs": {

     

       1295
       1295
       -
               "systems": "systems_3"

     

       1349
       1349
       +
               "systems": "systems_2"

     

       1296
       1350
        
             },

     

       1297
       1351
        
             "locked": {

     

       1298
       1352
        
               "lastModified": 1701680307,

     
···

       1310
       1364
        
           },

     

       1311
       1365
        
           "utils_2": {

     

       1312
       1366
        
             "inputs": {

     

       1313
       1313
       -
               "systems": "systems_4"

     

       1367
       1367
       +
               "systems": "systems_3"

     

       1314
       1368
        
             },

     

       1315
       1369
        
             "locked": {

     

       1316
       1370
        
               "lastModified": 1709126324,

+6 -6

flake.nix

···

       15
       15
        
           eilean.url = "github:RyanGibb/eilean-nix/main";

     

       16
       16
        
           alec-website.url = "github:alexanderhthompson/website";

     

       17
       17
        
           fn06-website.url = "github:RyanGibb/fn06";

     

       18
       18
       -
           colour-guesser.url = "git+ssh://git@github.com/ryangibb/colour-guesser.git?ref=develop";

     

       19
       18
        
           i3-workspace-history.url = "github:RyanGibb/i3-workspace-history";

     

       20
       19
        
           hyperbib-eeg.url = "github:RyanGibb/hyperbib?ref=nixify";

     

       21
       20
        
           nix-rpi5.url = "gitlab:vriska/nix-rpi5?ref=main";

     

       22
       21
        
           nur.url = "github:nix-community/NUR/e9e77b7985ef9bdeca12a38523c63d47555cc89b";

     

       23
       22
        
           timewall.url = "github:bcyran/timewall/";

     

       23
       23
       +
           tangled.url = "git+https://tangled.sh/@tangled.sh/core";

     

       24
       24
       +
           disko.url = "github:nix-community/disko";

     

       24
       25
        
       

     

       25
       26
        
           # deduplicate flake inputs

     

       26
       27
        
           eilean.inputs.nixpkgs.follows = "nixpkgs";

     
···

       32
       33
        
           alec-website.inputs.nixpkgs.follows = "nixpkgs";

     

       33
       34
        
           fn06-website.inputs.nixpkgs.follows = "nixpkgs";

     

       34
       35
        
           eon.inputs.nixpkgs.follows = "nixpkgs";

     

       35
       35
       -
           colour-guesser.inputs.nixpkgs.follows = "nixpkgs";

     

       36
       36
        
           i3-workspace-history.inputs.nixpkgs.follows = "nixpkgs";

     

       37
       37
        
           hyperbib-eeg.inputs.nixpkgs.follows = "nixpkgs";

     

       38
       38
        
           nix-rpi5.inputs.nixpkgs.follows = "nixpkgs";

     

       39
       39
        
           nur.inputs.nixpkgs.follows = "nixpkgs";

     

       40
       40
        
           timewall.inputs.nixpkgs.follows = "nixpkgs";

     

       41
       41
       +
           tangled.inputs.nixpkgs.follows = "nixpkgs";

     

       42
       42
       +
           disko.inputs.nixpkgs.follows = "nixpkgs";

     

       41
       43
        
         };

     

       42
       44
        
       

     

       43
       45
        
         outputs =

     
···

       116
       118
        
                       (

     

       117
       119
        
                         { config, ... }:

     

       118
       120
        
                         {

     

       119
       119
       -
                           networking.hostName = "${host}";

     

       121
       121
       +
                           networking.hostName = host-nixpkgs.lib.mkDefault "${host}";

     

       120
       122
        
                           # pin nix command's nixpkgs flake to the system flake to avoid unnecessary downloads

     

       121
       123
        
                           nix.registry.nixpkgs.flake = host-nixpkgs;

     

       122
       124
        
                           system.stateVersion = "24.05";

     
···

       231
       233
        
             };

     

       232
       234
        
       

     

       233
       235
        
             nixOnDroidConfigurations.default = inputs.nix-on-droid.lib.nixOnDroidConfiguration {

     

       234
       234
       -
               modules = [ ./nix-on-droid/default.nix ];

     

       236
       236
       +
               modules = [ (import ./nix-on-droid/default.nix inputs) ];

     

       235
       237
        
               pkgs = import inputs.nixpkgs {

     

       236
       238
        
                 overlays = getSystemOverlays "aarch64-linux" { };

     

       237
       239
        
                 config.permittedInsecurePackages = [

     
···

       275
       277
        
             formatter = inputs.nixpkgs.lib.genAttrs inputs.nixpkgs.lib.systems.flakeExposed (

     

       276
       278
        
               system: inputs.nixpkgs.legacyPackages.${system}.nixfmt-rfc-style

     

       277
       279
        
             );

     

       278
       278
       -
       

     

       279
       279
       -
             templates.host.path = ./templates/host;

     

       280
       280
        
           };

     

       281
       281
        
       }

+4 -62

home/calendar.nix

···

       12
       12
        
         options.custom.calendar.enable = lib.mkEnableOption "calendar";

     

       13
       13
        
       

     

       14
       14
        
         config = lib.mkIf cfg.enable {

     

       15
       15
       +
           home.packages = with pkgs; [

     

       16
       16
       +
             vdirsyncer

     

       17
       17
       +
           ];

     

       18
       18
       +
       

     

       15
       19
        
           programs = {

     

       16
       20
        
             password-store.enable = true;

     

       17
       21
        
             gpg.enable = true;

     

       18
       18
       -
             vdirsyncer.enable = true;

     

       19
       19
       -
             khal = {

     

       20
       20
       -
               enable = true;

     

       21
       21
       -
               locale = {

     

       22
       22
       -
                 timeformat = "%I:%M%p";

     

       23
       23
       -
                 dateformat = "%y-%m-%d";

     

       24
       24
       -
                 longdateformat = "%Y-%m-%d";

     

       25
       25
       -
                 datetimeformat = "%y-%m-%d %I:%M%p";

     

       26
       26
       -
                 longdatetimeformat = "%Y-%m-%d %I:%M%p";

     

       27
       27
       -
               };

     

       28
       28
       -
               settings = {

     

       29
       29
       -
                 default.default_calendar = "ryan_freumh_org";

     

       30
       30
       -
                 keybindings.external_edit = "ctrl e";

     

       31
       31
       -
                 keybindings.save = "ctrl s";

     

       32
       32
       -
               };

     

       33
       33
       -
             };

     

       34
       22
        
           };

     

       35
       23
        
       

     

       36
       24
        
           services = {

     

       37
       25
        
             gpg-agent.enable = true;

     

       38
       38
       -
           };

     

       39
       39
       -
       

     

       40
       40
       -
           accounts.calendar = {

     

       41
       41
       -
             basePath = "calendar";

     

       42
       42
       -
             accounts = {

     

       43
       43
       -
               "ryan_freumh_org" = {

     

       44
       44
       -
                 khal = {

     

       45
       45
       -
                   enable = true;

     

       46
       46
       -
                   color = "white";

     

       47
       47
       -
                 };

     

       48
       48
       -
                 vdirsyncer = {

     

       49
       49
       -
                   enable = true;

     

       50
       50
       -
                 };

     

       51
       51
       -
                 remote = {

     

       52
       52
       -
                   type = "caldav";

     

       53
       53
       -
                   url = "https://cal.freumh.org/ryan/f497c073-d027-2aa5-1e58-cbec1bf5a8c7/";

     

       54
       54
       -
                   passwordCommand = [

     

       55
       55
       -
                     "${pkgs.pass}/bin/pass"

     

       56
       56
       -
                     "show"

     

       57
       57
       -
                     "calendar/ryan@freumh.org"

     

       58
       58
       -
                   ];

     

       59
       59
       -
                   userName = "ryan";

     

       60
       60
       -
                 };

     

       61
       61
       -
                 local = {

     

       62
       62
       -
                   type = "filesystem";

     

       63
       63
       -
                   fileExt = ".ics";

     

       64
       64
       -
                 };

     

       65
       65
       -
               };

     

       66
       66
       -
               "srg" = {

     

       67
       67
       -
                 khal = {

     

       68
       68
       -
                   enable = true;

     

       69
       69
       -
                   color = "#CC3333";

     

       70
       70
       -
                 };

     

       71
       71
       -
                 vdirsyncer = {

     

       72
       72
       -
                   enable = true;

     

       73
       73
       -
                 };

     

       74
       74
       -
                 remote = {

     

       75
       75
       -
                   type = "http";

     

       76
       76
       -
                   url = "https://talks.cam.ac.uk/show/ics/8316.ics";

     

       77
       77
       -
                 };

     

       78
       78
       -
                 local = {

     

       79
       79
       -
                   type = "filesystem";

     

       80
       80
       -
                   fileExt = ".ics";

     

       81
       81
       -
                 };

     

       82
       82
       -
               };

     

       83
       83
       -
             };

     

       84
       26
        
           };

     

       85
       27
        
         };

     

       86
       28
        
       }

+49 -36

home/default.nix

···

       6
       6
        
       }:

     

       7
       7
        
       

     

       8
       8
        
       let

     

       9
       9
       -
         cfg = config.custom;

     

       9
       9
       +
         tmux-sessionizer = pkgs.writeScriptBin "tmux-sessionizer" ''

     

       10
       10
       +
           #!/usr/bin/env bash

     

       11
       11
       +
       

     

       12
       12
       +
           hist_file=~/.cache/sessionizer.hist

     

       13
       13
       +
       

     

       14
       14
       +
           if [[ $# -eq 1 ]]; then

     

       15
       15
       +
               selected=$1

     

       16
       16
       +
           else

     

       17
       17
       +
               selected=$((tac "$hist_file"

     

       18
       18
       +
                   find ~/ ~/projects -mindepth 1 -maxdepth 1 -type d -not -path '*/[.]*'

     

       19
       19
       +
                   awk '{print "ssh " $1}' ~/.ssh/known_hosts 2>/dev/null | sort -u

     

       20
       20
       +
                   echo /etc/nixos) | awk '!seen[$0]++' | fzf --print-query | tail -n 1)

     

       21
       21
       +
           fi

     

       22
       22
       +
       

     

       23
       23
       +
           if [[ -z $selected ]]; then

     

       24
       24
       +
               exit 0

     

       25
       25
       +
           fi

     

       26
       26
       +
       

     

       27
       27
       +
           echo "$selected" >> $hist_file

     

       28
       28
       +
       

     

       29
       29
       +
           selected_name=$(basename "$selected" | tr . _)

     

       30
       30
       +
           tmux_running=$(pgrep tmux)

     

       31
       31
       +
       

     

       32
       32
       +
           if [[ $selected == ssh\ * ]]; then

     

       33
       33
       +
               if [[ -z $TMUX ]] && [[ -z $tmux_running ]]; then

     

       34
       34
       +
                   tmux new-session -s "$selected_name" "$selected"

     

       35
       35
       +
                   exit 0

     

       36
       36
       +
               fi

     

       37
       37
       +
       

     

       38
       38
       +
               if ! tmux has-session -t="$selected_name" 2> /dev/null; then

     

       39
       39
       +
                   tmux new-session -ds "$selected_name" "$selected"

     

       40
       40
       +
               fi

     

       41
       41
       +
           else

     

       42
       42
       +
               if [[ -z $TMUX ]] && [[ -z "$tmux_running" ]]; then

     

       43
       43
       +
                   tmux new-session -s "$selected_name" -c "$selected"

     

       44
       44
       +
                   exit 0

     

       45
       45
       +
               fi

     

       46
       46
       +
       

     

       47
       47
       +
               if ! tmux has-session -t="$selected_name" 2> /dev/null; then

     

       48
       48
       +
                   tmux new-session -ds "$selected_name" -c "$selected"

     

       49
       49
       +
               fi

     

       50
       50
       +
           fi

     

       51
       51
       +
       

     

       52
       52
       +
       

     

       53
       53
       +
           tmux switch-client -t "$selected_name"

     

       54
       54
       +
         '';

     

       10
       55
        
       in

     

       11
       56
        
       {

     

       12
       57
        
         imports = [

     
···

       43
       88
        
             dua

     

       44
       89
        
             fd

     

       45
       90
        
             ripgrep

     

       91
       91
       +
             tmux-sessionizer

     

       46
       92
        
           ];

     

       47
       93
        
       

     

       48
       94
        
           home.shellAliases = {

     
···

       178
       224
        
                       tmux set-option status off

     

       179
       225
        
                   fi

     

       180
       226
        
                 '';

     

       181
       181
       -
                 # https://github.com/ThePrimeagen/.dotfiles/blob/master/bin/.local/scripts/tmux-sessionizer

     

       182
       182
       -
                 sessionizer = pkgs.writeScript "sessionizer.sh" ''

     

       183
       183
       -
                   #!/usr/bin/env bash

     

       184
       184
       -
       

     

       185
       185
       -
                   if [[ $# -eq 1 ]]; then

     

       186
       186
       -
                       selected=$1

     

       187
       187
       -
                   else

     

       188
       188
       -
                       selected=$(find ~ -not -path '*/.*' -maxdepth 2 -type d | fzf)

     

       189
       189
       -
                   fi

     

       190
       190
       -
       

     

       191
       191
       -
                   if [[ -z $selected ]]; then

     

       192
       192
       -
                       exit 0

     

       193
       193
       -
                   fi

     

       194
       194
       -
       

     

       195
       195
       -
                   selected_name=$(basename "$selected" | tr . _)

     

       196
       196
       -
                   tmux_running=$(pgrep tmux)

     

       197
       197
       -
       

     

       198
       198
       -
                   if [[ -z $TMUX ]] && [[ -z $tmux_running ]]; then

     

       199
       199
       -
                       tmux new-session -s $selected_name -c $selected

     

       200
       200
       -
                       exit 0

     

       201
       201
       -
                   fi

     

       202
       202
       -
       

     

       203
       203
       -
                   if ! tmux has-session -t=$selected_name 2> /dev/null; then

     

       204
       204
       -
                       tmux new-session -ds $selected_name -c $selected

     

       205
       205
       -
                   fi

     

       206
       206
       -
       

     

       207
       207
       -
                   tmux switch-client -t $selected_name

     

       208
       208
       -
                 '';

     

       209
       227
        
               in

     

       228
       228
       +
               # https://github.com/ThePrimeagen/.dotfiles/blob/master/bin/.local/scripts/tmux-sessionizer

     

       210
       229
        
               ''

     

       211
       230
        
                 # alternative modifier

     

       212
       231
        
                 unbind C-b

     

       213
       232
        
                 set-option -g prefix C-a

     

       214
       233
        
                 bind-key C-a send-prefix

     

       215
       215
       -
       

     

       216
       234
        
                 set-window-option -g mode-keys vi

     

       217
       235
        
                 set-option -g mouse on

     

       218
       236
        
                 set-option -g set-titles on

     
···

       226
       244
        
                 # https://stackoverflow.com/questions/62182401/neovim-screen-lagging-when-switching-mode-from-insert-to-normal

     

       227
       245
        
                 # locking

     

       228
       246
        
                 set -s escape-time 0

     

       229
       229
       -
                 set -g lock-command ${pkgs.vlock}/bin/vlock

     

       230
       230
       -
                 set -g lock-after-time 0 # Seconds; 0 = never

     

       231
       231
       -
                 bind L lock-session

     

       232
       247
        
                 # for .zprofile display environment starting https://github.com/tmux/tmux/issues/3483

     

       233
       248
        
                 set-option -g update-environment XDG_VTNR

     

       234
       249
        
                 # Allow clipboard with OSC-52 work

     
···

       239
       254
        
                 bind -T copy-mode-vi v send-keys -X begin-selection

     

       240
       255
        
                 bind -T copy-mode-vi y send-keys -X copy-selection-and-cancel

     

       241
       256
        
                 # find

     

       242
       242
       -
                 bind-key -r g run-shell "tmux neww ${sessionizer}"

     

       257
       257
       +
                 bind-key -r f run-shell "tmux neww tmux-sessionizer"

     

       243
       258
        
                 # reload

     

       244
       259
        
                 bind-key r source-file ~/.config/tmux/tmux.conf

     

       245
       245
       -
                 # kill unattached

     

       246
       246
       -
                 bind-key K run-shell 'tmux ls | grep -v attached | cut -d: -f1 | xargs -I {} tmux kill-window -t {}'

     

       247
       260
        
               '';

     

       248
       261
        
           };

     

       249
       262

+1 -1

home/emacs/default.nix

···

       7
       7
        
       

     

       8
       8
        
       let

     

       9
       9
        
         cfg = config.custom.emacs;

     

       10
       10
       -
         emacs = (pkgs.emacsPackagesFor pkgs.emacs29-pgtk).emacsWithPackages (

     

       10
       10
       +
         emacs = (pkgs.emacsPackagesFor pkgs.emacs30-pgtk).emacsWithPackages (

     

       11
       11
        
           epkgs: with epkgs; [

     

       12
       12
        
             treesit-grammars.with-all-grammars

     

       13
       13
        
             vterm

+2 -2

home/gui/default.nix

···

       186
       186
        
             };

     

       187
       187
        
           };

     

       188
       188
        
       

     

       189
       189
       -
           services.timewall = {

     

       189
       189
       +
           services.timewall = lib.mkIf (inputs ? timewall) {

     

       190
       190
        
             enable = true;

     

       191
       191
        
             config = {

     

       192
       192
       -
               geoclue.timeout = 300000;

     

       192
       192
       +
               geoclue.timeout = 1000;

     

       193
       193
        
               setter = {

     

       194
       194
        
                 command = [

     

       195
       195
        
                   "${pkgs.bash}/bin/sh"

-1

home/gui/sway.nix

···

       63
       63
        
               export MOZ_ENABLE_WAYLAND=1

     

       64
       64
        
               export MOZ_DBUS_REMOTE=1

     

       65
       65
        
               export QT_STYLE_OVERRIDE="Fusion"

     

       66
       66
       -
               export WLR_NO_HARDWARE_CURSORS=1

     

       67
       66
        
               export NIXOS_OZONE_WL=1

     

       68
       67
        
       

     

       69
       68
        
               # for intellij

+4 -4

home/gui/wm/config.d/bindings

···

       201
       201
        
       bindsym $mod+Control+Shift+k resize shrink height 1px

     

       202
       202
        
       bindsym $mod+Control+Shift+l resize grow   width  1px

     

       203
       203
        
       

     

       204
       204
       -
       bindsym $mod+$alt+h focus output left

     

       205
       205
       -
       bindsym $mod+$alt+j focus output down

     

       206
       206
       -
       bindsym $mod+$alt+k focus output up

     

       207
       207
       -
       bindsym $mod+$alt+l focus output right

     

       204
       204
       +
       bindsym $mod+$alt+h focus output left ; exec st workspace -t 500

     

       205
       205
       +
       bindsym $mod+$alt+j focus output down ; exec st workspace -t 500

     

       206
       206
       +
       bindsym $mod+$alt+k focus output up ; exec st workspace -t 500

     

       207
       207
       +
       bindsym $mod+$alt+l focus output right ; exec st workspace -t 500

     

       208
       208
        
       

     

       209
       209
        
       bindsym $mod+$alt+Shift+h move container to output left

     

       210
       210
        
       bindsym $mod+$alt+Shift+j move container to output down

+2 -3

home/gui/wm/scripts/swayidle_suspend.sh

···

       9
       9
        
       		resume '@wmmsg@ "output * dpms on"'\

     

       10
       10
        
       	timeout 240 'loginctl lock-session'\

     

       11
       11
        
       	timeout 300 'systemctl suspend-then-hibernate'\

     

       12
       12
       -
       	before-sleep 'playerctl -a pause; loginctl lock-session'\

     

       13
       13
       -
       	after-resume 'pkill -x swaylock; timewall set; loginctl lock-session' # for timewall

     

       14
       14
       -
       

     

       12
       12
       +
       	    resume 'timewall set'\

     

       13
       13
       +
       	before-sleep 'playerctl -a pause; loginctl lock-session'

+13 -12

home/mail.nix

···

       12
       12
        
           ${pkgs.ugrep}/bin/ugrep -jPh -m 100 --color=never "$1" cat ${config.accounts.email.maildirBasePath}/addressbook/cam-ldap)

     

       13
       13
        
         '';

     

       14
       14
        
         sync-mail = pkgs.writeScriptBin "sync-mail" ''

     

       15
       15
       -
           ${pkgs.isync}/bin/mbsync "$1" || exit 1

     

       15
       15
       +
           ${pkgs.isync}/bin/mbsync "$@" || exit 1

     

       16
       16
        
           ${pkgs.procps}/bin/pkill -2 -x mu

     

       17
       17
        
           ${pkgs.coreutils}/bin/sleep 1

     

       18
       18
        
           ${pkgs.mu}/bin/mu index

     
···

       40
       40
        
             mu.enable = true;

     

       41
       41
        
             msmtp.enable = true;

     

       42
       42
        
             aerc = {

     

       43
       43
       -
               enable = true;

     

       43
       43
       +
               # enable = true;

     

       44
       44
        
               extraConfig = {

     

       45
       45
        
                 general.unsafe-accounts-conf = true;

     

       46
       46
        
                 general.default-save-path = "~/downloads";

     
···

       66
       66
        
               extraBinds = import ./aerc-binds.nix { inherit pkgs; };

     

       67
       67
        
             };

     

       68
       68
        
             neomutt = {

     

       69
       69
       -
               enable = true;

     

       69
       69
       +
               # enable = true;

     

       70
       70
        
               extraConfig = ''

     

       71
       71
        
                 # Macro to switch accounts

     

       72
       72
        
                 macro index,pager <F1> '"<change-folder> ${config.accounts.email.maildirBasePath}/ryan@freumh.org/Inbox<enter>"'

     
···

       80
       80
        
                                                "mu find results"

     

       81
       81
        
               '';

     

       82
       82
        
             };

     

       83
       83
       -
             notmuch.enable = true;

     

       84
       83
        
           };

     

       85
       84
        
       

     

       86
       85
        
           services = {

     
···

       152
       151
        
                     macro index gt "<change-folder>=${folders.trash}<enter>"

     

       153
       152
        
                   '';

     

       154
       153
        
                 };

     

       155
       155
       -
                 notmuch.enable = true;

     

       156
       154
        
               };

     

       157
       155
        
               "misc@freumh.org" = rec {

     

       158
       156
        
                 userName = "misc@freumh.org";

     
···

       194
       192
        
                     macro index gt "<change-folder>=${folders.trash}<enter>"

     

       195
       193
        
                   '';

     

       196
       194
        
                 };

     

       197
       197
       -
                 notmuch.enable = true;

     

       198
       195
        
               };

     

       199
       196
        
               "ryan.gibb@cl.cam.ac.uk" = rec {

     

       200
       197
        
                 userName = "rtg24@fm.cl.cam.ac.uk";

     
···

       210
       207
        
                 };

     

       211
       208
        
                 imapnotify = {

     

       212
       209
        
                   enable = true;

     

       213
       213
       -
                   boxes = [ "Inbox" ];

     

       214
       214
       -
                   onNotify = "${sync-mail}/bin/sync-mail ryan.gibb@cl.cam.ac.uk:INBOX";

     

       210
       210
       +
                   boxes = [

     

       211
       211
       +
                     "Inbox"

     

       212
       212
       +
                     "Sidebox"

     

       213
       213
       +
                   ];

     

       214
       214
       +
                   onNotify = "${sync-mail}/bin/sync-mail ryan.gibb@cl.cam.ac.uk:INBOX ryan.gibb@cl.cam.ac.uk:Sidebox";

     

       215
       215
        
                 };

     

       216
       216
        
                 mbsync = {

     

       217
       217
        
                   enable = true;

     
···

       253
       253
        
                     macro index gt "<change-folder>=${folders.trash}<enter>"

     

       254
       254
        
                   '';

     

       255
       255
        
                 };

     

       256
       256
       -
                 notmuch.enable = true;

     

       257
       256
        
               };

     

       258
       257
        
               "ryangibb321@gmail.com" = rec {

     

       259
       258
        
                 userName = "ryangibb321@gmail.com";

     
···

       269
       268
        
                 };

     

       270
       269
        
                 imapnotify = {

     

       271
       270
        
                   enable = true;

     

       272
       272
       -
                   boxes = [ "Inbox" ];

     

       273
       273
       -
                   onNotify = "${sync-mail}/bin/sync-mail ryangibb321@gmail.com:INBOX";

     

       271
       271
       +
                   boxes = [

     

       272
       272
       +
                     "Inbox"

     

       273
       273
       +
                     "Sidebox"

     

       274
       274
       +
                   ];

     

       275
       275
       +
                   onNotify = "${sync-mail}/bin/sync-mail ryangibb321@gmail.com:INBOX ryangibb321@gmail.com:Sidebox";

     

       274
       276
        
                 };

     

       275
       277
        
                 mbsync = {

     

       276
       278
        
                   enable = true;

     
···

       311
       313
        
                     macro index gt "<change-folder>=${folders.trash}<enter>"

     

       312
       314
        
                   '';

     

       313
       315
        
                 };

     

       314
       314
       -
                 notmuch.enable = true;

     

       315
       316
        
               };

     

       316
       317
        
               search = {

     

       317
       318
        
                 maildir.path = "search";

+313 -314

home/nvim/default.nix

···

       56
       56
        
             extraLuaConfig = builtins.readFile ./init.lua;

     

       57
       57
        
             # undo transparent background

     

       58
       58
        
             # + "colorscheme gruvbox";

     

       59
       59
       -
             plugins =

     

       60
       60
       -
               with pkgs.vimPlugins;

     

       61
       61
       -
               [

     

       62
       62
       -
                 {

     

       63
       63
       -
                   plugin = gruvbox-nvim;

     

       64
       64
       -
                   type = "lua";

     

       65
       65
       -
                   # TODO is there a better place to put this?

     

       66
       66
       -
                   runtime =

     

       67
       67
       -
                     let

     

       68
       68
       -
                       ml-style = ''

     

       69
       69
       -
                         setlocal expandtab

     

       70
       70
       -
                         setlocal shiftwidth=2

     

       71
       71
       -
                         setlocal tabstop=2

     

       72
       72
       -
                         setlocal softtabstop=2

     

       73
       73
       -
                       '';

     

       74
       74
       -
                     in

     

       75
       75
       -
                     {

     

       76
       76
       -
                       "ftplugin/nix.vim".text = ml-style;

     

       77
       77
       -
                       "ftplugin/ocaml.vim".text = ml-style;

     

       78
       78
       -
                       "ftplugin/ledger.vim".text = ''

     

       79
       79
       -
                         setlocal foldmethod=syntax

     

       80
       80
       -
                         vnoremap <silent> <buffer> <Tab> :LedgerAlign<CR>

     

       81
       81
       -
                         nnoremap <silent> <buffer> <Tab> :LedgerAlign<CR>

     

       82
       82
       -
                       '';

     

       83
       83
       -
                     };

     

       84
       84
       -
                 }

     

       59
       59
       +
             plugins = with pkgs.vimPlugins; [

     

       60
       60
       +
               {

     

       61
       61
       +
                 plugin = gruvbox-nvim;

     

       62
       62
       +
                 type = "lua";

     

       63
       63
       +
                 # TODO is there a better place to put this?

     

       64
       64
       +
                 runtime =

     

       65
       65
       +
                   let

     

       66
       66
       +
                     ml-style = ''

     

       67
       67
       +
                       setlocal expandtab

     

       68
       68
       +
                       setlocal shiftwidth=2

     

       69
       69
       +
                       setlocal tabstop=2

     

       70
       70
       +
                       setlocal softtabstop=2

     

       71
       71
       +
                     '';

     

       72
       72
       +
                   in

     

       73
       73
       +
                   {

     

       74
       74
       +
                     "ftplugin/nix.vim".text = ml-style;

     

       75
       75
       +
                     "ftplugin/ocaml.vim".text = ml-style;

     

       76
       76
       +
                     "ftplugin/haskell.vim".text = ml-style;

     

       77
       77
       +
                     "ftplugin/ledger.vim".text = ''

     

       78
       78
       +
                       setlocal foldmethod=syntax

     

       79
       79
       +
                       vnoremap <silent> <buffer> <Tab> :LedgerAlign<CR>

     

       80
       80
       +
                       nnoremap <silent> <buffer> <Tab> :LedgerAlign<CR>

     

       81
       81
       +
                     '';

     

       82
       82
       +
                   };

     

       83
       83
       +
               }

     

       84
       84
       +
       

     

       85
       85
       +
               {

     

       86
       86
       +
                 plugin = telescope-nvim;

     

       87
       87
       +
                 type = "lua";

     

       88
       88
       +
                 config = builtins.readFile ./telescope-nvim.lua;

     

       89
       89
       +
               }

     

       90
       90
       +
               telescope-fzf-native-nvim

     

       91
       91
       +
               telescope-undo-nvim

     

       92
       92
       +
               telescope-file-browser-nvim

     

       85
       93
        
       

     

       86
       86
       -
                 {

     

       87
       87
       -
                   plugin = telescope-nvim;

     

       88
       88
       -
                   type = "lua";

     

       89
       89
       -
                   config = builtins.readFile ./telescope-nvim.lua;

     

       90
       90
       -
                 }

     

       91
       91
       -
                 telescope-fzf-native-nvim

     

       92
       92
       -
                 telescope-undo-nvim

     

       93
       93
       -
                 telescope-file-browser-nvim

     

       94
       94
       +
               {

     

       95
       95
       +
                 plugin = gitsigns-nvim;

     

       96
       96
       +
                 type = "lua";

     

       97
       97
       +
                 config = ''

     

       98
       98
       +
                   require('gitsigns').setup{

     

       99
       99
       +
                     on_attach = function(bufnr)

     

       100
       100
       +
                       local gitsigns = require('gitsigns')

     

       94
       101
        
       

     

       95
       95
       -
                 {

     

       96
       96
       -
                   plugin = gitsigns-nvim;

     

       97
       97
       -
                   type = "lua";

     

       98
       98
       -
                   config = ''

     

       99
       99
       -
                     require('gitsigns').setup{

     

       100
       100
       -
                       on_attach = function(bufnr)

     

       101
       101
       -
                         local gitsigns = require('gitsigns')

     

       102
       102
       +
                       local function map(mode, l, r, opts)

     

       103
       103
       +
                         opts = opts or {}

     

       104
       104
       +
                         opts.buffer = bufnr

     

       105
       105
       +
                         vim.keymap.set(mode, l, r, opts)

     

       106
       106
       +
                       end

     

       102
       107
        
       

     

       103
       103
       -
                         local function map(mode, l, r, opts)

     

       104
       104
       -
                           opts = opts or {}

     

       105
       105
       -
                           opts.buffer = bufnr

     

       106
       106
       -
                           vim.keymap.set(mode, l, r, opts)

     

       108
       108
       +
                       map('n', ']c', function()

     

       109
       109
       +
                         if vim.wo.diff then

     

       110
       110
       +
                           vim.cmd.normal({']c', bang = true})

     

       111
       111
       +
                         else

     

       112
       112
       +
                           gitsigns.nav_hunk('next')

     

       107
       113
        
                         end

     

       114
       114
       +
                       end, { desc = 'Git next hunk' })

     

       108
       115
        
       

     

       109
       109
       -
                         map('n', ']c', function()

     

       110
       110
       -
                           if vim.wo.diff then

     

       111
       111
       -
                             vim.cmd.normal({']c', bang = true})

     

       112
       112
       -
                           else

     

       113
       113
       -
                             gitsigns.nav_hunk('next')

     

       114
       114
       -
                           end

     

       115
       115
       -
                         end, { desc = 'Git next hunk' })

     

       116
       116
       -
       

     

       117
       117
       -
                         map('n', '[c', function()

     

       118
       118
       -
                           if vim.wo.diff then

     

       119
       119
       -
                             vim.cmd.normal({'[c', bang = true})

     

       120
       120
       -
                           else

     

       121
       121
       -
                             gitsigns.nav_hunk('prev')

     

       122
       122
       -
                           end

     

       123
       123
       -
                         end, { desc = 'Git prev hunk' })

     

       116
       116
       +
                       map('n', '[c', function()

     

       117
       117
       +
                         if vim.wo.diff then

     

       118
       118
       +
                           vim.cmd.normal({'[c', bang = true})

     

       119
       119
       +
                         else

     

       120
       120
       +
                           gitsigns.nav_hunk('prev')

     

       121
       121
       +
                         end

     

       122
       122
       +
                       end, { desc = 'Git prev hunk' })

     

       124
       123
        
       

     

       125
       125
       -
                         map('n', '<leader>gs', gitsigns.stage_hunk, { desc = 'Git stage hunk' })

     

       126
       126
       -
                         map('n', '<leader>gr', gitsigns.reset_hunk, { desc = 'Git reset hunk' })

     

       127
       127
       -
                         map('v', '<leader>gs', function() gitsigns.stage_hunk {vim.fn.line('.'), vim.fn.line('v')} end, { desc = 'Git stage hunk' })

     

       128
       128
       -
                         map('v', '<leader>gr', function() gitsigns.reset_hunk {vim.fn.line('.'), vim.fn.line('v')} end, { desc = 'Git reset hunk' })

     

       129
       129
       -
                         map('n', '<leader>gS', gitsigns.stage_buffer, { desc = 'Git stage buffer' })

     

       130
       130
       -
                         map('n', '<leader>gu', gitsigns.undo_stage_hunk, { desc = 'Git unstage hunk' })

     

       131
       131
       -
                         map('n', '<leader>gR', gitsigns.reset_buffer, { desc = 'Git reset buffer' })

     

       132
       132
       -
                         map('n', '<leader>gp', gitsigns.preview_hunk, { desc = 'Git preview hunk' })

     

       133
       133
       -
                         map('n', '<leader>gb', function() gitsigns.blame_line{full=true} end, { desc = 'Git blame' })

     

       134
       134
       -
                         map('n', '<leader>gtb', gitsigns.toggle_current_line_blame, { desc = 'Git toggle line blame' })

     

       135
       135
       -
                         map('n', '<leader>gd', gitsigns.diffthis, { desc = 'Git diff index' })

     

       136
       136
       -
                         map('n', '<leader>gD', function() gitsigns.diffthis('~') end, { desc = 'Git diff last' })

     

       137
       137
       -
                         map('n', '<leader>gtd', gitsigns.toggle_deleted, { desc = 'Git toggle deleted' })

     

       124
       124
       +
                       map('n', '<leader>gs', gitsigns.stage_hunk, { desc = 'Git stage hunk' })

     

       125
       125
       +
                       map('n', '<leader>gr', gitsigns.reset_hunk, { desc = 'Git reset hunk' })

     

       126
       126
       +
                       map('v', '<leader>gs', function() gitsigns.stage_hunk {vim.fn.line('.'), vim.fn.line('v')} end, { desc = 'Git stage hunk' })

     

       127
       127
       +
                       map('v', '<leader>gr', function() gitsigns.reset_hunk {vim.fn.line('.'), vim.fn.line('v')} end, { desc = 'Git reset hunk' })

     

       128
       128
       +
                       map('n', '<leader>gS', gitsigns.stage_buffer, { desc = 'Git stage buffer' })

     

       129
       129
       +
                       map('n', '<leader>gu', gitsigns.undo_stage_hunk, { desc = 'Git unstage hunk' })

     

       130
       130
       +
                       map('n', '<leader>gR', gitsigns.reset_buffer, { desc = 'Git reset buffer' })

     

       131
       131
       +
                       map('n', '<leader>gp', gitsigns.preview_hunk, { desc = 'Git preview hunk' })

     

       132
       132
       +
                       map('n', '<leader>gb', function() gitsigns.blame_line{full=true} end, { desc = 'Git blame' })

     

       133
       133
       +
                       map('n', '<leader>gtb', gitsigns.toggle_current_line_blame, { desc = 'Git toggle line blame' })

     

       134
       134
       +
                       map('n', '<leader>gd', gitsigns.diffthis, { desc = 'Git diff index' })

     

       135
       135
       +
                       map('n', '<leader>gD', function() gitsigns.diffthis('~') end, { desc = 'Git diff last' })

     

       136
       136
       +
                       map('n', '<leader>gtd', gitsigns.toggle_deleted, { desc = 'Git toggle deleted' })

     

       138
       137
        
       

     

       139
       139
       -
                         -- vih

     

       140
       140
       -
                         map({'o', 'x'}, 'ih', ':<C-U>Git select_hunk<CR>', { desc = 'Gitsigns select hunk' })

     

       141
       141
       -
                       end

     

       142
       142
       -
                     }

     

       143
       143
       -
                   '';

     

       144
       144
       -
                 }

     

       145
       145
       -
                 {

     

       146
       146
       -
                   plugin = pkgs.overlay-unstable.vimPlugins.neogit;

     

       147
       147
       -
                   type = "lua";

     

       148
       148
       -
                   config = ''

     

       149
       149
       -
                     local neogit = require('neogit')

     

       150
       150
       -
                     neogit.setup {}

     

       151
       151
       -
                   '';

     

       152
       152
       -
                 }

     

       138
       138
       +
                       -- vih

     

       139
       139
       +
                       map({'o', 'x'}, 'ih', ':<C-U>Git select_hunk<CR>', { desc = 'Gitsigns select hunk' })

     

       140
       140
       +
                     end

     

       141
       141
       +
                   }

     

       142
       142
       +
                 '';

     

       143
       143
       +
               }

     

       144
       144
       +
               {

     

       145
       145
       +
                 plugin = pkgs.overlay-unstable.vimPlugins.neogit;

     

       146
       146
       +
                 type = "lua";

     

       147
       147
       +
                 config = ''

     

       148
       148
       +
                   local neogit = require('neogit')

     

       149
       149
       +
                   neogit.setup {}

     

       150
       150
       +
                 '';

     

       151
       151
       +
               }

     

       153
       152
        
       

     

       154
       154
       -
                 plenary-nvim

     

       155
       155
       -
                 pkgs.ripgrep

     

       153
       153
       +
               plenary-nvim

     

       154
       154
       +
               pkgs.ripgrep

     

       156
       155
        
       

     

       157
       157
       -
                 {

     

       158
       158
       -
                   plugin = nvim-cmp;

     

       159
       159
       -
                   type = "lua";

     

       160
       160
       -
                   config = builtins.readFile ./nvim-cmp.lua;

     

       161
       161
       -
                 }

     

       162
       162
       -
                 cmp-path

     

       163
       163
       -
                 cmp-buffer

     

       164
       164
       -
                 cmp-cmdline

     

       165
       165
       -
                 {

     

       166
       166
       -
                   plugin = cmp-dictionary;

     

       167
       167
       -
                   type = "lua";

     

       168
       168
       -
                   config = ''

     

       169
       169
       -
                     require("cmp_dictionary").setup({

     

       170
       170
       -
                       paths = { "${pkgs.scowl}/share/dict/words.txt" },

     

       171
       171
       -
                       exact_length = 2,

     

       172
       172
       -
                       first_case_insensitive = true,

     

       173
       173
       -
                     })

     

       174
       174
       -
                   '';

     

       175
       175
       -
                 }

     

       156
       156
       +
               {

     

       157
       157
       +
                 plugin = nvim-cmp;

     

       158
       158
       +
                 type = "lua";

     

       159
       159
       +
                 config = builtins.readFile ./nvim-cmp.lua;

     

       160
       160
       +
               }

     

       161
       161
       +
               cmp-path

     

       162
       162
       +
               cmp-buffer

     

       163
       163
       +
               cmp-cmdline

     

       164
       164
       +
               {

     

       165
       165
       +
                 plugin = cmp-dictionary;

     

       166
       166
       +
                 type = "lua";

     

       167
       167
       +
                 config = ''

     

       168
       168
       +
                   require("cmp_dictionary").setup({

     

       169
       169
       +
                     paths = { "${pkgs.scowl}/share/dict/words.txt" },

     

       170
       170
       +
                     exact_length = 2,

     

       171
       171
       +
                     first_case_insensitive = true,

     

       172
       172
       +
                   })

     

       173
       173
       +
                 '';

     

       174
       174
       +
               }

     

       176
       175
        
       

     

       177
       177
       -
                 {

     

       178
       178
       -
                   plugin = luasnip;

     

       179
       179
       -
                   type = "lua";

     

       180
       180
       -
                   config = builtins.readFile ./luasnip.lua;

     

       181
       181
       -
                 }

     

       182
       182
       -
                 cmp_luasnip

     

       183
       183
       -
                 pkgs.overlay-unstable.vimPlugins.friendly-snippets

     

       176
       176
       +
               {

     

       177
       177
       +
                 plugin = luasnip;

     

       178
       178
       +
                 type = "lua";

     

       179
       179
       +
                 config = builtins.readFile ./luasnip.lua;

     

       180
       180
       +
               }

     

       181
       181
       +
               cmp_luasnip

     

       182
       182
       +
               pkgs.overlay-unstable.vimPlugins.friendly-snippets

     

       184
       183
        
       

     

       185
       185
       -
                 {

     

       186
       186
       -
                   plugin = nvim-treesitter.withAllGrammars;

     

       187
       187
       -
                   type = "lua";

     

       188
       188
       -
                   config = ''

     

       189
       189
       -
                     require'nvim-treesitter.configs'.setup {

     

       190
       190
       -
                       highlight = {

     

       184
       184
       +
               {

     

       185
       185
       +
                 plugin = nvim-treesitter.withAllGrammars;

     

       186
       186
       +
                 type = "lua";

     

       187
       187
       +
                 config = ''

     

       188
       188
       +
                   require'nvim-treesitter.configs'.setup {

     

       189
       189
       +
                     highlight = {

     

       190
       190
       +
                       enable = true,

     

       191
       191
       +
                       -- :h vimtex-faq-treesitter

     

       192
       192
       +
                       disable = { "latex" },

     

       193
       193
       +
                     },

     

       194
       194
       +
                   }

     

       195
       195
       +
                   vim.opt.foldmethod = "expr"

     

       196
       196
       +
                   vim.opt.foldexpr = "v:lua.vim.treesitter.foldexpr()"

     

       197
       197
       +
                   vim.opt.foldenable = false

     

       198
       198
       +
                 '';

     

       199
       199
       +
               }

     

       200
       200
       +
               {

     

       201
       201
       +
                 plugin = nvim-treesitter-textobjects;

     

       202
       202
       +
                 type = "lua";

     

       203
       203
       +
                 config = ''

     

       204
       204
       +
                   require'nvim-treesitter.configs'.setup {

     

       205
       205
       +
                     textobjects = {

     

       206
       206
       +
                       select = {

     

       191
       207
        
                         enable = true,

     

       192
       192
       -
                         -- :h vimtex-faq-treesitter

     

       193
       193
       -
                         disable = { "latex" },

     

       208
       208
       +
                         lookahead = true,

     

       209
       209
       +
                         keymaps = {

     

       210
       210
       +
                           ["af"] = "@function.outer",

     

       211
       211
       +
                           ["if"] = "@function.inner",

     

       212
       212
       +
                           ["ac"] = "@conditional.outer",

     

       213
       213
       +
                           ["ic"] = "@conditional.inner",

     

       214
       214
       +
                           ["al"] = "@loop.outer",

     

       215
       215
       +
                           ["il"] = "@loop.inner",

     

       216
       216
       +
                         },

     

       217
       217
       +
                         include_surrounding_whitespace = true,

     

       194
       218
        
                       },

     

       195
       195
       -
                     }

     

       196
       196
       -
                     vim.opt.foldmethod = "expr"

     

       197
       197
       -
                     vim.opt.foldexpr = "v:lua.vim.treesitter.foldexpr()"

     

       198
       198
       -
                     vim.opt.foldenable = false

     

       199
       199
       -
                   '';

     

       200
       200
       -
                 }

     

       201
       201
       -
                 {

     

       202
       202
       -
                   plugin = nvim-treesitter-textobjects;

     

       203
       203
       -
                   type = "lua";

     

       204
       204
       -
                   config = ''

     

       205
       205
       -
                     require'nvim-treesitter.configs'.setup {

     

       206
       206
       -
                       textobjects = {

     

       207
       207
       -
                         select = {

     

       208
       208
       -
                           enable = true,

     

       209
       209
       -
                           lookahead = true,

     

       210
       210
       -
                           keymaps = {

     

       211
       211
       -
                             ["af"] = "@function.outer",

     

       212
       212
       -
                             ["if"] = "@function.inner",

     

       213
       213
       -
                             ["ac"] = "@conditional.outer",

     

       214
       214
       -
                             ["ic"] = "@conditional.inner",

     

       215
       215
       -
                             ["al"] = "@loop.outer",

     

       216
       216
       -
                             ["il"] = "@loop.inner",

     

       217
       217
       -
                           },

     

       218
       218
       -
                           include_surrounding_whitespace = true,

     

       219
       219
       +
                       swap = {

     

       220
       220
       +
                         enable = true,

     

       221
       221
       +
                         swap_next = {

     

       222
       222
       +
                           ["<leader>a"] = "@parameter.inner",

     

       223
       223
       +
                         },

     

       224
       224
       +
                         swap_previous = {

     

       225
       225
       +
                           ["<leader>A"] = "@parameter.inner",

     

       226
       226
       +
                         },

     

       227
       227
       +
                       },

     

       228
       228
       +
                       move = {

     

       229
       229
       +
                         enable = true,

     

       230
       230
       +
                         set_jumps = true,

     

       231
       231
       +
                         goto_next_start = {

     

       232
       232
       +
                           ["]m"] = "@function.outer",

     

       233
       233
       +
                         },

     

       234
       234
       +
                         goto_next_end = {

     

       235
       235
       +
                           ["]M"] = "@function.outer",

     

       219
       236
        
                         },

     

       220
       220
       -
                         swap = {

     

       221
       221
       -
                           enable = true,

     

       222
       222
       -
                           swap_next = {

     

       223
       223
       -
                             ["<leader>a"] = "@parameter.inner",

     

       224
       224
       -
                           },

     

       225
       225
       -
                           swap_previous = {

     

       226
       226
       -
                             ["<leader>A"] = "@parameter.inner",

     

       227
       227
       -
                           },

     

       237
       237
       +
                         goto_previous_start = {

     

       238
       238
       +
                           ["[m"] = "@function.outer",

     

       228
       239
        
                         },

     

       229
       229
       -
                         move = {

     

       230
       230
       -
                           enable = true,

     

       231
       231
       -
                           set_jumps = true,

     

       232
       232
       -
                           goto_next_start = {

     

       233
       233
       -
                             ["]m"] = "@function.outer",

     

       234
       234
       -
                           },

     

       235
       235
       -
                           goto_next_end = {

     

       236
       236
       -
                             ["]M"] = "@function.outer",

     

       237
       237
       -
                           },

     

       238
       238
       -
                           goto_previous_start = {

     

       239
       239
       -
                             ["[m"] = "@function.outer",

     

       240
       240
       -
                           },

     

       241
       241
       -
                           goto_previous_end = {

     

       242
       242
       -
                             ["[M"] = "@function.outer",

     

       243
       243
       -
                           },

     

       240
       240
       +
                         goto_previous_end = {

     

       241
       241
       +
                           ["[M"] = "@function.outer",

     

       244
       242
        
                         },

     

       245
       243
        
                       },

     

       246
       246
       -
                     }

     

       247
       247
       -
                     -- could use some tweaking

     

       248
       248
       -
                     vim.treesitter.query.set("ocaml", "textobjects", [[

     

       249
       249
       -
                     ((value_definition (let_binding)) @function.outer)

     

       250
       250
       -
                     ((let_binding body: (_) @function.inner))

     

       251
       251
       -
                     ]])

     

       252
       252
       -
                   '';

     

       253
       253
       -
                 }

     

       244
       244
       +
                     },

     

       245
       245
       +
                   }

     

       246
       246
       +
                   -- could use some tweaking

     

       247
       247
       +
                   vim.treesitter.query.set("ocaml", "textobjects", [[

     

       248
       248
       +
                   ((value_definition (let_binding)) @function.outer)

     

       249
       249
       +
                   ((let_binding body: (_) @function.inner))

     

       250
       250
       +
                   ]])

     

       251
       251
       +
                 '';

     

       252
       252
       +
               }

     

       254
       253
        
       

     

       255
       255
       -
                 {

     

       256
       256
       -
                   plugin = vimtex;

     

       257
       257
       -
                   type = "lua";

     

       258
       258
       -
                   config = ''

     

       259
       259
       -
                     vim.cmd("filetype plugin indent on")

     

       260
       260
       -
                     vim.cmd("syntax enable")

     

       261
       261
       -
                     vim.g.vimtex_quickfix_mode = 0

     

       262
       262
       -
                     vim.g.vimtex_view_general_viewer = 'evince'

     

       254
       254
       +
               {

     

       255
       255
       +
                 plugin = vimtex;

     

       256
       256
       +
                 type = "lua";

     

       257
       257
       +
                 config = ''

     

       258
       258
       +
                   vim.cmd("filetype plugin indent on")

     

       259
       259
       +
                   vim.cmd("syntax enable")

     

       260
       260
       +
                   vim.g.vimtex_quickfix_mode = 0

     

       261
       261
       +
                   vim.g.vimtex_view_general_viewer = 'evince'

     

       262
       262
       +
                 '';

     

       263
       263
       +
               }

     

       264
       264
       +
               {

     

       265
       265
       +
                 plugin = sved;

     

       266
       266
       +
                 type = "lua";

     

       267
       267
       +
                 runtime = {

     

       268
       268
       +
                   "ftplugin/tex.lua".text = ''

     

       269
       269
       +
                     vim.keymap.set('n', '<localleader>v', ':call SVED_Sync()<CR>')

     

       263
       270
        
                   '';

     

       264
       264
       -
                 }

     

       265
       265
       -
                 {

     

       266
       266
       -
                   plugin = sved;

     

       267
       267
       -
                   type = "lua";

     

       268
       268
       -
                   runtime = {

     

       269
       269
       -
                     "ftplugin/tex.lua".text = ''

     

       270
       270
       -
                       vim.keymap.set('n', '<localleader>v', ':call SVED_Sync()<CR>')

     

       271
       271
       -
                     '';

     

       272
       272
       -
                   };

     

       273
       273
       -
                 }

     

       274
       274
       -
                 cmp-omni

     

       271
       271
       +
                 };

     

       272
       272
       +
               }

     

       273
       273
       +
               cmp-omni

     

       275
       274
        
       

     

       276
       276
       -
                 {

     

       277
       277
       -
                   plugin = nvim-surround;

     

       278
       278
       -
                   type = "lua";

     

       279
       279
       -
                   config = ''

     

       280
       280
       -
                     require('nvim-surround').setup({})

     

       281
       281
       -
                   '';

     

       282
       282
       -
                 }

     

       283
       283
       -
                 {

     

       284
       284
       -
                   plugin = comment-nvim;

     

       285
       285
       -
                   type = "lua";

     

       286
       286
       -
                   config = ''

     

       287
       287
       -
                     require('Comment').setup()

     

       288
       288
       -
                   '';

     

       289
       289
       -
                 }

     

       290
       290
       -
                 {

     

       291
       291
       -
                   plugin = undotree;

     

       292
       292
       -
                   type = "lua";

     

       293
       293
       -
                   config = ''

     

       294
       294
       -
                     vim.keymap.set('n', '<leader>u', vim.cmd.UndotreeToggle, { desc = 'Undotree toggle' })

     

       295
       295
       -
                   '';

     

       296
       296
       -
                 }

     

       297
       297
       -
                 {

     

       298
       298
       -
                   plugin = leap-nvim;

     

       299
       299
       -
                   type = "lua";

     

       300
       300
       -
                   config = ''

     

       301
       301
       -
                     vim.keymap.set({'n', 'x', 'o'}, 's',  '<Plug>(leap-forward)', { desc = "Leap forward"} )

     

       302
       302
       -
                     vim.keymap.set({'n', 'x', 'o'}, 'S',  '<Plug>(leap-backward)', { desc = "Leap backward"} )

     

       303
       303
       -
                     vim.keymap.set({'n', 'x', 'o'}, 'gs', '<Plug>(leap-from-window)', { desc = "Leap from window"} )

     

       304
       304
       -
                   '';

     

       305
       305
       -
                 }

     

       306
       306
       -
                 {

     

       307
       307
       -
                   plugin = pkgs.overlay-unstable.vimPlugins.which-key-nvim;

     

       308
       308
       -
                   type = "lua";

     

       309
       309
       -
                   config = ''

     

       310
       310
       -
                     local wk = require('which-key')

     

       311
       311
       -
                     wk.setup({

     

       312
       312
       -
                       plugins = {

     

       313
       313
       -
                         spelling = {

     

       314
       314
       -
                           enabled = false

     

       315
       315
       -
                         },

     

       275
       275
       +
               {

     

       276
       276
       +
                 plugin = nvim-surround;

     

       277
       277
       +
                 type = "lua";

     

       278
       278
       +
                 config = ''

     

       279
       279
       +
                   require('nvim-surround').setup({})

     

       280
       280
       +
                 '';

     

       281
       281
       +
               }

     

       282
       282
       +
               {

     

       283
       283
       +
                 plugin = comment-nvim;

     

       284
       284
       +
                 type = "lua";

     

       285
       285
       +
                 config = ''

     

       286
       286
       +
                   require('Comment').setup()

     

       287
       287
       +
                 '';

     

       288
       288
       +
               }

     

       289
       289
       +
               {

     

       290
       290
       +
                 plugin = undotree;

     

       291
       291
       +
                 type = "lua";

     

       292
       292
       +
                 config = ''

     

       293
       293
       +
                   vim.keymap.set('n', '<leader>su', vim.cmd.UndotreeToggle, { desc = 'Undo history' })

     

       294
       294
       +
                 '';

     

       295
       295
       +
               }

     

       296
       296
       +
               {

     

       297
       297
       +
                 plugin = leap-nvim;

     

       298
       298
       +
                 type = "lua";

     

       299
       299
       +
                 config = ''

     

       300
       300
       +
                   vim.keymap.set({'n', 'x', 'o'}, 's',  '<Plug>(leap-forward)', { desc = "Leap forward"} )

     

       301
       301
       +
                   vim.keymap.set({'n', 'x', 'o'}, 'S',  '<Plug>(leap-backward)', { desc = "Leap backward"} )

     

       302
       302
       +
                   vim.keymap.set({'n', 'x', 'o'}, 'gs', '<Plug>(leap-from-window)', { desc = "Leap from window"} )

     

       303
       303
       +
                 '';

     

       304
       304
       +
               }

     

       305
       305
       +
               {

     

       306
       306
       +
                 plugin = pkgs.overlay-unstable.vimPlugins.which-key-nvim;

     

       307
       307
       +
                 type = "lua";

     

       308
       308
       +
                 config = ''

     

       309
       309
       +
                   local wk = require('which-key')

     

       310
       310
       +
                   wk.setup({

     

       311
       311
       +
                     plugins = {

     

       312
       312
       +
                       spelling = {

     

       313
       313
       +
                         enabled = false

     

       316
       314
        
                       },

     

       317
       317
       -
                       icons = { mappings = false },

     

       318
       318
       -
                       triggers = {

     

       319
       319
       -
                         { "<leader>", mode = { "n", "v" } },

     

       320
       320
       -
                         { "<auto>", mode = "nixsotc" },

     

       321
       321
       -
                       },

     

       322
       322
       -
                       delay = 1000,

     

       323
       323
       -
                     })

     

       324
       324
       -
                     wk.add({

     

       325
       325
       -
                       { "<leader>f", group = 'Find' },

     

       326
       326
       -
                       { "<leader>l", group = 'LSP' },

     

       327
       327
       -
                       { "<leader>;", group = 'DAP' },

     

       328
       328
       -
                       { "<leader>s", group = 'Session' },

     

       329
       329
       -
                       { "<leader>t", group = 'Tab' },

     

       330
       330
       -
                       { "<leader>h", group = 'Hunk' },

     

       331
       331
       -
                       { "<leader>x", group = 'Trouble' },

     

       332
       332
       -
                       { "<leader>g", group = 'Git' },

     

       333
       333
       -
                       { "<leader>i", group = 'Insert' },

     

       334
       334
       -
                     })

     

       335
       335
       -
                   '';

     

       336
       336
       -
                 }

     

       315
       315
       +
                     },

     

       316
       316
       +
                     icons = { mappings = false },

     

       317
       317
       +
                     triggers = {

     

       318
       318
       +
                       { "<leader>", mode = { "n", "v" } },

     

       319
       319
       +
                       { "<auto>", mode = "nixsotc" },

     

       320
       320
       +
                     },

     

       321
       321
       +
                     delay = 1000,

     

       322
       322
       +
                   })

     

       323
       323
       +
                   wk.add({

     

       324
       324
       +
                     { "<leader>f", group = 'Find' },

     

       325
       325
       +
                     { "<leader>c", group = 'Code' },

     

       326
       326
       +
                     { "<leader>;", group = 'DAP' },

     

       327
       327
       +
                     { "<leader>s", group = 'Search' },

     

       328
       328
       +
                     { "<leader>t", group = 'Tab' },

     

       329
       329
       +
                     { "<leader>h", group = 'Hunk' },

     

       330
       330
       +
                     { "<leader>x", group = 'Trouble' },

     

       331
       331
       +
                     { "<leader>g", group = 'Git' },

     

       332
       332
       +
                     { "<leader>i", group = 'Insert' },

     

       333
       333
       +
                   })

     

       334
       334
       +
                 '';

     

       335
       335
       +
               }

     

       337
       336
        
       

     

       338
       338
       -
                 {

     

       339
       339
       -
                   plugin = vim-ledger-2024-07-15;

     

       340
       340
       -
                   type = "lua";

     

       341
       341
       -
                   config = ''

     

       342
       342
       -
                     vim.g.ledger_fuzzy_account_completion = true

     

       343
       343
       -
                     vim.g.ledger_extra_options = '--pedantic'

     

       344
       344
       -
                     vim.g.ledger_align_at = 50

     

       345
       345
       -
                     vim.g.ledger_accounts_cmd = 'ledger accounts --add-budget'

     

       337
       337
       +
               {

     

       338
       338
       +
                 plugin = vim-ledger-2024-07-15;

     

       339
       339
       +
                 type = "lua";

     

       340
       340
       +
                 config = ''

     

       341
       341
       +
                   vim.g.ledger_fuzzy_account_completion = true

     

       342
       342
       +
                   vim.g.ledger_extra_options = '--pedantic'

     

       343
       343
       +
                   vim.g.ledger_align_at = 50

     

       344
       344
       +
                   vim.g.ledger_accounts_cmd = 'ledger accounts --add-budget'

     

       346
       345
        
       

     

       347
       347
       -
                     vim.g.ledger_date_format = '%Y-%m-%d'

     

       346
       346
       +
                   vim.g.ledger_date_format = '%Y-%m-%d'

     

       348
       347
        
       

     

       349
       349
       -
                     vim.cmd([[

     

       350
       350
       -
                       autocmd FileType ledger nnoremap <buffer> <leader>e :call ledger#entry()<CR>

     

       351
       351
       -
                     ]])

     

       352
       352
       -
                   '';

     

       353
       353
       -
                 }

     

       354
       354
       -
                 {

     

       355
       355
       -
                   plugin = orgmode;

     

       356
       356
       -
                   type = "lua";

     

       357
       357
       -
                   config = ''

     

       358
       358
       -
                     -- In any orgmode buffer press g? for help

     

       359
       359
       -
                     require('orgmode').setup({

     

       360
       360
       -
                       org_agenda_files = { '~/vault/*.org' },

     

       361
       361
       -
                       org_default_notes_file = '~/vault/todo.org',

     

       362
       362
       -
                       org_capture_templates = {

     

       363
       363
       -
                         t = {

     

       364
       364
       -
                           description = 'Task',

     

       365
       365
       -
                           template = '* TODO %?\n  %u',

     

       366
       366
       -
                         },

     

       348
       348
       +
                   vim.cmd([[

     

       349
       349
       +
                     autocmd FileType ledger nnoremap <buffer> <leader>e :call ledger#entry()<CR>

     

       350
       350
       +
                   ]])

     

       351
       351
       +
                 '';

     

       352
       352
       +
               }

     

       353
       353
       +
               {

     

       354
       354
       +
                 plugin = orgmode;

     

       355
       355
       +
                 type = "lua";

     

       356
       356
       +
                 config = ''

     

       357
       357
       +
                   -- In any orgmode buffer press g? for help

     

       358
       358
       +
                   require('orgmode').setup({

     

       359
       359
       +
                     org_agenda_files = { '~/vault/*.org' },

     

       360
       360
       +
                     org_default_notes_file = '~/vault/todo.org',

     

       361
       361
       +
                     org_capture_templates = {

     

       362
       362
       +
                       t = {

     

       363
       363
       +
                         description = 'Task',

     

       364
       364
       +
                         template = '* TODO %?\n  %u',

     

       367
       365
        
                       },

     

       368
       368
       -
                     })

     

       369
       369
       -
                   '';

     

       370
       370
       -
                 }

     

       366
       366
       +
                     },

     

       367
       367
       +
                   })

     

       368
       368
       +
                 '';

     

       369
       369
       +
               }

     

       371
       370
        
       

     

       372
       372
       -
                 {

     

       373
       373
       -
                   plugin = nvim-lspconfig;

     

       374
       374
       -
                   type = "lua";

     

       375
       375
       -
                   config = builtins.readFile ./lsp.lua;

     

       376
       376
       -
                   runtime = {

     

       377
       377
       -
                     "ftplugin/java.lua".text = ''

     

       378
       378
       -
                       local project_name = vim.fn.fnamemodify(vim.fn.getcwd(), ':p:h:t')

     

       379
       379
       -
                       local workspace_dir = '~/.cache/jdt/' .. project_name

     

       380
       380
       -
                       require('jdtls').start_or_attach {

     

       381
       381
       -
                       	on_attach = On_attach,

     

       382
       382
       -
                       	capabilities = Capabilities,

     

       383
       383
       -
                       	cmd = { 'jdt-language-server', '-data', workspace_dir, },

     

       384
       384
       -
                       	root_dir = vim.fs.dirname(vim.fs.find({'gradlew', '.git', 'mvnw'}, { upward = true })[1]),

     

       385
       385
       -
                       }

     

       386
       386
       -
                     '';

     

       387
       387
       -
                   };

     

       388
       388
       -
                 }

     

       389
       389
       -
                 {

     

       390
       390
       -
                   plugin = nvim-dap;

     

       391
       391
       -
                   type = "lua";

     

       392
       392
       -
                   config = builtins.readFile ./dap.lua;

     

       393
       393
       -
                 }

     

       394
       394
       -
                 cmp-nvim-lsp

     

       395
       395
       -
                 cmp-nvim-lsp-signature-help

     

       396
       396
       -
                 ltex-ls-nvim

     

       397
       397
       -
                 nvim-jdtls

     

       398
       398
       -
               ];

     

       371
       371
       +
               {

     

       372
       372
       +
                 plugin = nvim-lspconfig;

     

       373
       373
       +
                 type = "lua";

     

       374
       374
       +
                 config = builtins.readFile ./lsp.lua;

     

       375
       375
       +
                 runtime = {

     

       376
       376
       +
                   "ftplugin/java.lua".text = ''

     

       377
       377
       +
                     local project_name = vim.fn.fnamemodify(vim.fn.getcwd(), ':p:h:t')

     

       378
       378
       +
                     local workspace_dir = '~/.cache/jdt/' .. project_name

     

       379
       379
       +
                     require('jdtls').start_or_attach {

     

       380
       380
       +
                       on_attach = On_attach,

     

       381
       381
       +
                       capabilities = Capabilities,

     

       382
       382
       +
                       cmd = { 'jdt-language-server', '-data', workspace_dir, },

     

       383
       383
       +
                       root_dir = vim.fs.dirname(vim.fs.find({'gradlew', '.git', 'mvnw'}, { upward = true })[1]),

     

       384
       384
       +
                     }

     

       385
       385
       +
                   '';

     

       386
       386
       +
                 };

     

       387
       387
       +
               }

     

       388
       388
       +
               {

     

       389
       389
       +
                 plugin = nvim-dap;

     

       390
       390
       +
                 type = "lua";

     

       391
       391
       +
                 config = builtins.readFile ./dap.lua;

     

       392
       392
       +
               }

     

       393
       393
       +
               cmp-nvim-lsp

     

       394
       394
       +
               cmp-nvim-lsp-signature-help

     

       395
       395
       +
               ltex-ls-nvim

     

       396
       396
       +
               nvim-jdtls

     

       397
       397
       +
             ];

     

       399
       398
        
           };

     

       400
       399
        
         };

     

       401
       400
        
       }

+1 -1

home/nvim/init.lua

···

       80
       80
        
       

     

       81
       81
        
       vim.keymap.set('n', '!', ':term ', { desc = 'terminal' })

     

       82
       82
        
       

     

       83
       83
       -
       vim.keymap.set('n', '<leader>gg', ':Neogit', { desc = 'Neogit' })

     

       83
       83
       +
       vim.keymap.set('n', '<leader>gg', ':Neogit<CR>', { desc = 'Neogit' })

     

       84
       84
        
       

     

       85
       85
        
       vim.keymap.set('n', '<leader>om', ':make<Enter>', { desc = 'Make' })

     

       86
       86

+3 -2

home/nvim/telescope-nvim.lua

···

       33
       33
        
       

     

       34
       34
        
       vim.keymap.set('n', '<leader>ff', require('telescope.builtin').find_files, { desc = 'Find files' })

     

       35
       35
        
       vim.keymap.set('n', '<leader><leader>', require('telescope.builtin').find_files, { desc = 'Find files' })

     

       36
       36
       -
       vim.keymap.set('n', '<leader>sd', require('telescope.builtin').live_grep, { desc = 'Find grep' })

     

       36
       36
       +
       vim.keymap.set('n', '<leader>sd', require('telescope.builtin').live_grep, { desc = 'Search directory' })

     

       37
       37
        
       vim.keymap.set('n', '<leader>fv', require('telescope.builtin').git_files, { desc = 'Find version control' })

     

       38
       38
        
       vim.keymap.set('n', '<leader>bb', function() require('telescope.builtin').buffers({ sort_mru = true }) end, { desc = 'Find buffer' })

     

       39
       39
        
       vim.keymap.set('n', '<leader>h', require('telescope.builtin').help_tags, { desc = 'Find help' })

     

       40
       40
       -
       vim.keymap.set('n', '<leader>fq', require('telescope.builtin').command_history, { desc = 'Find command' })

     

       40
       40
       +
       vim.keymap.set('n', '<leader>fq', require('telescope.builtin').commands, { desc = 'Find command' })

     

       41
       41
       +
       vim.keymap.set('n', '<leader>fQ', require('telescope.builtin').command_history, { desc = 'Find command history' })

     

       41
       42
        
       vim.keymap.set('n', '<leader>f/', require('telescope.builtin').search_history, { desc = 'Find search' })

     

       42
       43
        
       vim.keymap.set('n', '<leader>fj', require('telescope.builtin').jumplist, { desc = 'Find jumplist' })

     

       43
       44
        
       vim.keymap.set('n', '<leader>fm', require('telescope.builtin').marks, { desc = 'Find marks' })

home/zsh.cfg

···

       1
       1
       +
       

     

       2
       2
       +
       # https://www.emacswiki.org/emacs/TrampMode#h5o-9

     

       3
       3
       +
       [[ $TERM == "dumb" ]] && unsetopt zle && PS1='$ ' && return

     

       1
       4
        
       

     

       2
       5
        
       setopt autocd nomatch notify interactive_comments inc_append_history 

     

       3
       6
        
       unsetopt beep extendedglob share_history

     
···

       111
       114
        
       	source /run/current-system/sw/share/bash-completion/completions/ledger.bash

     

       112
       115
        
       fi

     

       113
       116
        
       

     

       117
       117
       +
       eval $(opam env)

-1

hosts/elephant/default.nix

···

       77
       77
        
             # Video Acceleration API (VA-API) user mode driver

     

       78
       78
        
             intel-media-driver

     

       79
       79
        
             # Intel Video Processing Library (VPL) API runtime implementation

     

       80
       80
       -
             # replace with`onevpl-intel-gpu` after https://github.com/NixOS/nixpkgs/pull/264621

     

       81
       80
        
             vpl-gpu-rt

     

       82
       81
        
           ];

     

       83
       82
        
         };

+76 -8

hosts/elephant/services.nix

···

       29
       29
        
             "nextcloud.vpn.freumh.org"

     

       30
       30
        
             "owntracks.vpn.freumh.org"

     

       31
       31
        
             "immich.vpn.freumh.org"

     

       32
       32
       +
             "calibre.freumh.org"

     

       33
       33
       +
             "audiobookshelf.vpn.freumh.org"

     

       32
       34
        
           ];

     

       33
       35
        
         };

     

       34
       36
        
       

     
···

       93
       95
        
                 proxyPass = with config.services.immich; ''

     

       94
       96
        
                   http://${host}:${builtins.toString port}

     

       95
       97
        
                 '';

     

       98
       98
       +
               };

     

       99
       99
       +
             };

     

       100
       100
       +
             "calibre.freumh.org" = {

     

       101
       101
       +
               addSSL = true;

     

       102
       102
       +
               locations."/" = {

     

       103
       103
       +
                 recommendedProxySettings = true;

     

       104
       104
       +
                 proxyPass = ''

     

       105
       105
       +
                   http://127.0.0.1:${builtins.toString config.services.calibre-web.listen.port}

     

       106
       106
       +
                 '';

     

       107
       107
       +
                 proxyWebsockets = true;

     

       108
       108
       +
                 extraConfig = ''

     

       109
       109
       +
                   proxy_buffer_size 128k;

     

       110
       110
       +
                   proxy_buffers 4 256k;

     

       111
       111
       +
                   proxy_busy_buffers_size 256k;

     

       112
       112
       +
                 '';

     

       113
       113
       +
               };

     

       114
       114
       +
             };

     

       115
       115
       +
             "audiobookshelf.vpn.freumh.org" = {

     

       116
       116
       +
               onlySSL = true;

     

       117
       117
       +
               listenAddresses = [ "100.64.0.9" ];

     

       118
       118
       +
               locations."/" = {

     

       119
       119
       +
                 proxyPass = ''

     

       120
       120
       +
                   http://localhost:${builtins.toString config.services.audiobookshelf.port}

     

       121
       121
       +
                 '';

     

       122
       122
       +
                 proxyWebsockets = true;

     

       96
       123
        
               };

     

       97
       124
        
             };

     

       98
       125
        
           };

     
···

       217
       244
        
           config.services.transmission.user

     

       218
       245
        
           config.services.nzbget.user

     

       219
       246
        
         ];

     

       220
       220
       -
         # services.calibre-server.enable = true;

     

       247
       247
       +
       

     

       248
       248
       +
         services.calibre-web = {

     

       249
       249
       +
           enable = true;

     

       250
       250
       +
           listen = {

     

       251
       251
       +
             port = 8084;

     

       252
       252
       +
             ip = "127.0.0.1";

     

       253
       253
       +
           };

     

       254
       254
       +
           options = {

     

       255
       255
       +
             enableBookConversion = true;

     

       256
       256
       +
             enableBookUploading = true;

     

       257
       257
       +
             enableKepubify = true;

     

       258
       258
       +
           };

     

       259
       259
       +
         };

     

       260
       260
       +
         users.users.${config.services.calibre-web.user}.extraGroups = [

     

       261
       261
       +
           config.services.readarr.user

     

       262
       262
       +
         ];

     

       221
       263
        
       

     

       222
       264
        
         age.secrets.restic-owl.file = ../../secrets/restic-owl.age;

     

       223
       265
        
         age.secrets.restic-gecko.file = ../../secrets/restic-gecko.age;

     
···

       275
       317
        
           mediaLocation = "/tank/immich";

     

       276
       318
        
         };

     

       277
       319
        
       

     

       320
       320
       +
         services.audiobookshelf = {

     

       321
       321
       +
           enable = true;

     

       322
       322
       +
           port = 8001;

     

       323
       323
       +
         };

     

       324
       324
       +
         users.users.${config.services.audiobookshelf.user}.extraGroups = [

     

       325
       325
       +
           config.services.readarr.user

     

       326
       326
       +
         ];

     

       327
       327
       +
       

     

       278
       328
        
         services.fail2ban = {

     

       279
       329
        
           enable = true;

     

       280
       330
        
           bantime = "24h";

     
···

       304
       354
        
             bantime = "86400";

     

       305
       355
        
             findTime = "43200";

     

       306
       356
        
             logPath = "/var/lib/jellyseerr/logs/overseerr.log";

     

       357
       357
       +
           };

     

       358
       358
       +
           # requires 'Enable Proxy Support' for jellyseerr

     

       359
       359
       +
           jails."calibre-web".settings = {

     

       360
       360
       +
             backend = "auto";

     

       361
       361
       +
             port = "80,443";

     

       362
       362
       +
             protocol = "tcp";

     

       363
       363
       +
             filter = "calibre-web";

     

       364
       364
       +
             maxRetry = 3;

     

       365
       365
       +
             bantime = "86400";

     

       366
       366
       +
             findTime = "43200";

     

       367
       367
       +
             logPath = "/var/lib/calibre-web/log";

     

       307
       368
        
           };

     

       308
       369
        
         };

     

       309
       370
        
         environment.etc = {

     
···

       315
       376
        
             [Definition]

     

       316
       377
        
             failregex = ^.*\[warn\]\[Auth\]: Failed login attempt from user with incorrect Jellyfin credentials {"account":{"ip":"<HOST>","email":

     

       317
       378
        
           '';

     

       379
       379
       +
           "fail2ban/filter.d/calibre-web.local".text = ''

     

       380
       380
       +
             [Definition]

     

       381
       381
       +
             failregex = ^(?:\[\])?\s*WARN \{[^\}]*\} Login failed for user "<F-USER>[^"]*</F-USER>" IP-address: <ADDR>

     

       382
       382
       +
           '';

     

       318
       383
        
         };

     

       319
       384
        
       

     

       320
       385
        
         systemd.services.ddns = {

     
···

       325
       390
        
           serviceConfig = {

     

       326
       391
        
             ExecStart = pkgs.writeShellScript "update-dns" ''

     

       327
       392
        
               while true; do

     

       328
       328
       -
                 IP="$(${pkgs.curl}/bin/curl https://ipinfo.io/ip 2> /dev/null)";

     

       329
       329
       -
                 echo $IP;

     

       393
       393
       +
                 IP="$(${pkgs.curl}/bin/curl https://ipinfo.io/ip 2> /dev/null)"

     

       394
       394
       +
                 echo $IP

     

       330
       395
        
                 ${config.services.eon.package}/bin/capc update /run/agenix/eon-freumh.org.cap \

     

       331
       331
       -
                   -u remove/jellyfin.freumh.org/A \

     

       332
       332
       -
                   -u remove/jellyseerr.freumh.org/A \

     

       333
       333
       -
                   -u add/jellyfin.freumh.org/A/"$IP"/60 \

     

       334
       334
       -
                   -u add/jellyseerr.freumh.org/A/"$IP"/60;

     

       335
       335
       -
                 sleep 3600;

     

       396
       396
       +
                   -u "remove|jellyfin.freumh.org|A" \

     

       397
       397
       +
                   -u "remove|jellyseerr.freumh.org|A" \

     

       398
       398
       +
                   -u "remove|calibre.freumh.org|A" \

     

       399
       399
       +
                   -u "add|jellyfin.freumh.org|A|$IP|60" \

     

       400
       400
       +
                   -u "add|jellyseerr.freumh.org|A|$IP|60" \

     

       401
       401
       +
                   -u "add|calibre.freumh.org|A|$IP|60" \

     

       402
       402
       +
                   ;

     

       403
       403
       +
                 sleep 3600

     

       336
       404
        
               done

     

       337
       405
        
             '';

     

       338
       406
        
             Restart = "always";

+24 -5

hosts/gecko/default.nix

···

       41
       41
        
             emacs.enable = true;

     

       42
       42
        
           };

     

       43
       43
        
           home.sessionVariables = {

     

       44
       44
       -
             LEDGER_FILE = "~/vault/finaces.ledger";

     

       44
       44
       +
             LEDGER_FILE = "$HOME/vault/finances.ledger";

     

       45
       45
       +
             CALENDAR_DIR = "$HOME/calendar";

     

       45
       46
        
           };

     

       46
       47
        
           programs.git.extraConfig.commit.gpgSign = true;

     

       48
       48
       +
           programs.direnv = {

     

       49
       49
       +
             enable = true;

     

       50
       50
       +
             enableZshIntegration = true;

     

       51
       51
       +
             enableBashIntegration = true;

     

       52
       52
       +
           };

     

       47
       53
        
         };

     

       48
       54
        
       

     

       49
       55
        
         boot.loader.grub = {

     
···

       65
       71
        
           calibre

     

       66
       72
        
           zotero

     

       67
       73
        
           element-desktop

     

       74
       74
       +
           nheko

     

       68
       75
        
           iamb

     

       69
       76
        
           spotify

     

       70
       77
        
           gimp

     
···

       130
       137
        
           ocamlPackages.ocaml-lsp

     

       131
       138
        
           ocamlPackages.ocamlformat

     

       132
       139
        
           # rust

     

       133
       133
       -
           cargo

     

       134
       134
       -
           rustc

     

       135
       135
       -
           rust-analyzer

     

       136
       136
       -
           rustfmt

     

       140
       140
       +
           overlay-unstable.cargo

     

       141
       141
       +
           overlay-unstable.rustc

     

       142
       142
       +
           overlay-unstable.rust-analyzer

     

       143
       143
       +
           overlay-unstable.rustfmt

     

       137
       144
        
           # haskell

     

       138
       145
        
           cabal-install

     

       139
       146
        
           ghc

     
···

       151
       158
        
           # other

     

       152
       159
        
           ltex-ls

     

       153
       160
        
           typst-lsp

     

       161
       161
       +
       

     

       162
       162
       +
           overlay-unstable.claude-code

     

       154
       163
        
         ];

     

       155
       164
        
       

     

       156
       165
        
         services.gnome.gnome-keyring.enable = true;

     
···

       211
       220
        
       

     

       212
       221
        
         # ddcutil

     

       213
       222
        
         hardware.i2c.enable = true;

     

       223
       223
       +
       

     

       224
       224
       +
         hardware.graphics = {

     

       225
       225
       +
           enable = true;

     

       226
       226
       +
           extraPackages = with pkgs; [

     

       227
       227
       +
             # Video Acceleration API (VA-API) user mode driver

     

       228
       228
       +
             intel-media-driver

     

       229
       229
       +
             # Intel Video Processing Library (VPL) API runtime implementation

     

       230
       230
       +
             vpl-gpu-rt

     

       231
       231
       +
           ];

     

       232
       232
       +
         };

     

       214
       233
        
       }

+31

hosts/hippo/default.nix

···

       1
       1
       +
       {

     

       2
       2
       +
         pkgs,

     

       3
       3
       +
         config,

     

       4
       4
       +
         lib,

     

       5
       5
       +
         disko,

     

       6
       6
       +
         ...

     

       7
       7
       +
       }:

     

       8
       8
       +
       

     

       9
       9
       +
       {

     

       10
       10
       +
         imports = [

     

       11
       11
       +
           ./hardware-configuration.nix

     

       12
       12
       +
           disko.nixosModules.disko

     

       13
       13
       +
           ./disk-config.nix

     

       14
       14
       +
         ];

     

       15
       15
       +
       

     

       16
       16
       +
         custom = {

     

       17
       17
       +
           enable = true;

     

       18
       18
       +
           autoUpgrade.enable = true;

     

       19
       19
       +
           homeManager.enable = true;

     

       20
       20
       +
         };

     

       21
       21
       +
       

     

       22
       22
       +
         home-manager.users.${config.custom.username}.config.custom.machineColour = "blue";

     

       23
       23
       +
       

     

       24
       24
       +
         networking.hostName = "iphito";

     

       25
       25
       +
       

     

       26
       26
       +
         services.openssh.openFirewall = true;

     

       27
       27
       +
       

     

       28
       28
       +
         users.users.root.openssh.authorizedKeys.keys = [

     

       29
       29
       +
           "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA7UrJmBFWR3c7jVzpoyg4dJjON9c7t9bT9acfrj6G7i mtelvers"

     

       30
       30
       +
         ];

     

       31
       31
       +
       }

+33

hosts/hippo/disk-config.nix

···

       1
       1
       +
       { lib, ... }:

     

       2
       2
       +
       

     

       3
       3
       +
       {

     

       4
       4
       +
         disko.devices = {

     

       5
       5
       +
           disk.disk1 = {

     

       6
       6
       +
             device = lib.mkDefault "/dev/sda";

     

       7
       7
       +
             type = "disk";

     

       8
       8
       +
             content = {

     

       9
       9
       +
               type = "gpt";

     

       10
       10
       +
               partitions = {

     

       11
       11
       +
                 ESP = {

     

       12
       12
       +
                   type = "EF00";

     

       13
       13
       +
                   size = "500M";

     

       14
       14
       +
                   content = {

     

       15
       15
       +
                     type = "filesystem";

     

       16
       16
       +
                     format = "vfat";

     

       17
       17
       +
                     mountpoint = "/boot";

     

       18
       18
       +
                     mountOptions = [ "umask=0077" ];

     

       19
       19
       +
                   };

     

       20
       20
       +
                 };

     

       21
       21
       +
                 root = {

     

       22
       22
       +
                   size = "100%";

     

       23
       23
       +
                   content = {

     

       24
       24
       +
                     type = "filesystem";

     

       25
       25
       +
                     format = "ext4";

     

       26
       26
       +
                     mountpoint = "/";

     

       27
       27
       +
                   };

     

       28
       28
       +
                 };

     

       29
       29
       +
               };

     

       30
       30
       +
             };

     

       31
       31
       +
           };

     

       32
       32
       +
         };

     

       33
       33
       +
       }

+40

hosts/hippo/hardware-configuration.nix

···

       1
       1
       +
       {

     

       2
       2
       +
         config,

     

       3
       3
       +
         lib,

     

       4
       4
       +
         pkgs,

     

       5
       5
       +
         modulesPath,

     

       6
       6
       +
         ...

     

       7
       7
       +
       }:

     

       8
       8
       +
       

     

       9
       9
       +
       {

     

       10
       10
       +
         imports = [

     

       11
       11
       +
           (modulesPath + "/installer/scan/not-detected.nix")

     

       12
       12
       +
         ];

     

       13
       13
       +
       

     

       14
       14
       +
         boot.initrd.availableKernelModules = [

     

       15
       15
       +
           "megaraid_sas"

     

       16
       16
       +
           "xhci_pci"

     

       17
       17
       +
           "nvme"

     

       18
       18
       +
           "ahci"

     

       19
       19
       +
           "sd_mod"

     

       20
       20
       +
         ];

     

       21
       21
       +
         boot.initrd.kernelModules = [ "dm-snapshot" ];

     

       22
       22
       +
         boot.kernelModules = [ "kvm-amd" ];

     

       23
       23
       +
         boot.extraModulePackages = [ ];

     

       24
       24
       +
       

     

       25
       25
       +
         networking.useDHCP = lib.mkDefault true;

     

       26
       26
       +
       

     

       27
       27
       +
         nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";

     

       28
       28
       +
         hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;

     

       29
       29
       +
       

     

       30
       30
       +
         boot.loader.grub = {

     

       31
       31
       +
           enable = true;

     

       32
       32
       +
           device = "nodev";

     

       33
       33
       +
           efiSupport = true;

     

       34
       34
       +
           efiInstallAsRemovable = true;

     

       35
       35
       +
         };

     

       36
       36
       +
       

     

       37
       37
       +
         boot.kernelParams = [

     

       38
       38
       +
           "console=ttyS1,115200n8"

     

       39
       39
       +
         ];

     

       40
       40
       +
       }

+5 -467

hosts/owl/default.nix

···

       1
       1
        
       {

     

       2
       2
        
         pkgs,

     

       3
       3
       -
         config,

     

       4
       3
        
         lib,

     

       5
       5
       -
         eon,

     

       6
       4
        
         ...

     

       7
       5
        
       }@inputs:

     

       8
       6
        
       

     

       9
       9
       -
       let

     

       10
       10
       -
         vpnRecords = [

     

       11
       11
       -
           {

     

       12
       12
       -
             name = "nix-cache.vpn.${config.networking.domain}.";

     

       13
       13
       -
             type = "A";

     

       14
       14
       -
             value = "100.64.0.9";

     

       15
       15
       -
           }

     

       16
       16
       -
           {

     

       17
       17
       -
             name = "jellyfin.vpn.${config.networking.domain}.";

     

       18
       18
       -
             type = "A";

     

       19
       19
       -
             value = "100.64.0.9";

     

       20
       20
       -
           }

     

       21
       21
       -
           {

     

       22
       22
       -
             name = "nextcloud.vpn.${config.networking.domain}.";

     

       23
       23
       -
             type = "A";

     

       24
       24
       -
             value = "100.64.0.9";

     

       25
       25
       -
           }

     

       26
       26
       -
           {

     

       27
       27
       -
             name = "transmission.vpn.${config.networking.domain}.";

     

       28
       28
       -
             type = "A";

     

       29
       29
       -
             value = "100.64.0.9";

     

       30
       30
       -
           }

     

       31
       31
       -
           {

     

       32
       32
       -
             name = "owntracks.vpn.${config.networking.domain}.";

     

       33
       33
       -
             type = "A";

     

       34
       34
       -
             value = "100.64.0.9";

     

       35
       35
       -
           }

     

       36
       36
       -
           {

     

       37
       37
       -
             name = "immich.vpn.${config.networking.domain}.";

     

       38
       38
       -
             type = "A";

     

       39
       39
       -
             value = "100.64.0.9";

     

       40
       40
       -
           }

     

       41
       41
       -
         ];

     

       42
       42
       -
       in

     

       43
       7
        
       {

     

       44
       8
        
         imports = [

     

       45
       9
        
           ./hardware-configuration.nix

     

       46
       10
        
           ./minimal.nix

     

       47
       47
       -
           ../../modules/colour-guesser.nix

     

       11
       11
       +
           ./services.nix

     

       48
       12
        
           ../../modules/ryan-website.nix

     

       49
       13
        
           ../../modules/alec-website.nix

     

       50
       14
        
           ../../modules/fn06-website.nix

     

       15
       15
       +
           inputs.tangled.nixosModules.knotserver

     

       51
       16
        
         ];

     

       52
       17
        
       

     

       53
       53
       -
         age.secrets.eon-capnp = {

     

       54
       54
       -
           file = ../../secrets/eon-capnp.age;

     

       55
       55
       -
           mode = "770";

     

       56
       56
       -
           owner = "eon";

     

       57
       57
       -
           group = "eon";

     

       58
       58
       -
         };

     

       59
       59
       -
         age.secrets.eon-sirref-primary = {

     

       60
       60
       -
           file = ../../secrets/eon-sirref-primary.cap.age;

     

       61
       61
       -
           mode = "770";

     

       62
       62
       -
           owner = "eon";

     

       63
       63
       -
           group = "eon";

     

       64
       64
       -
         };

     

       65
       65
       -
         services.eon = {

     

       66
       66
       -
           capnpSecretKeyFile = config.age.secrets.eon-capnp.path;

     

       67
       67
       -
           primaries = [ config.age.secrets.eon-sirref-primary.path ];

     

       68
       68
       -
           prod = true;

     

       69
       69
       -
           capnpAddress = "135.181.100.27";

     

       70
       70
       -
           logLevel = 0;

     

       71
       71
       -
         };

     

       72
       72
       -
       

     

       73
       73
       -
         security.acme-eon = {

     

       74
       74
       -
           acceptTerms = true;

     

       75
       75
       -
           package = eon.defaultPackage.${config.nixpkgs.hostPlatform.system};

     

       76
       76
       -
           defaults.email = "${config.custom.username}@${config.networking.domain}";

     

       77
       77
       -
           defaults.capFile = "/var/lib/eon/caps/domain/freumh.org.cap";

     

       78
       78
       -
           certs = {

     

       79
       79
       -
             "fn06.org".capFile = "/var/lib/eon/caps/domain/fn06.org.cap";

     

       80
       80
       -
             "capybara.fn06.org".capFile = "/var/lib/eon/caps/domain/fn06.org.cap";

     

       81
       81
       -
           };

     

       82
       82
       -
         };

     

       83
       83
       -
       

     

       84
       84
       -
         eilean = {

     

       85
       85
       -
           username = config.custom.username;

     

       86
       86
       -
           serverIpv4 = "135.181.100.27";

     

       87
       87
       -
           serverIpv6 = "2a01:4f9:c011:87ad:0:0:0:0";

     

       88
       88
       -
           acme-eon = true;

     

       89
       89
       -
           fail2ban.enable = true;

     

       90
       90
       -
         };

     

       91
       91
       -
         networking.domain = lib.mkDefault "freumh.org";

     

       92
       92
       -
         eilean.publicInterface = "enp1s0";

     

       93
       93
       -
         eilean.mailserver.enable = true;

     

       94
       94
       -
         eilean.radicale = {

     

       95
       95
       -
           enable = true;

     

       96
       96
       -
           users = null;

     

       97
       97
       -
         };

     

       98
       98
       -
         age.secrets.matrix-shared-secret = {

     

       99
       99
       -
           file = ../../secrets/matrix-shared-secret.age;

     

       100
       100
       -
           mode = "770";

     

       101
       101
       -
           owner = "${config.systemd.services.matrix-synapse.serviceConfig.User}";

     

       102
       102
       -
           group = "${config.systemd.services.matrix-synapse.serviceConfig.Group}";

     

       103
       103
       -
         };

     

       104
       104
       -
         eilean.matrix = {

     

       105
       105
       -
           enable = true;

     

       106
       106
       -
           registrationSecretFile = config.age.secrets.matrix-shared-secret.path;

     

       107
       107
       -
           bridges.whatsapp = true;

     

       108
       108
       -
           bridges.signal = true;

     

       109
       109
       -
           bridges.instagram = true;

     

       110
       110
       -
           bridges.messenger = true;

     

       111
       111
       -
         };

     

       112
       112
       -
         eilean.turn.enable = true;

     

       113
       113
       -
         eilean.mastodon.enable = true;

     

       114
       114
       -
         eilean.headscale.enable = true;

     

       115
       115
       -
         #eilean.dns.enable = lib.mkForce false;

     

       116
       116
       -
       

     

       117
       117
       -
         systemd.services.matrix-as-meta = {

     

       118
       118
       -
           # voice messages need `ffmpeg`

     

       119
       119
       -
           path = [ pkgs.ffmpeg ];

     

       120
       120
       -
         };

     

       121
       121
       -
       

     

       122
       122
       -
         custom = {

     

       123
       123
       -
           freumh.enable = true;

     

       124
       124
       -
           rmfakecloud.enable = true;

     

       125
       125
       -
           website = {

     

       126
       126
       -
             ryan = {

     

       127
       127
       -
               enable = true;

     

       128
       128
       -
               cname = "vps";

     

       129
       129
       -
             };

     

       130
       130
       -
             alec = {

     

       131
       131
       -
               enable = true;

     

       132
       132
       -
               cname = "vps";

     

       133
       133
       -
             };

     

       134
       134
       -
             fn06 = {

     

       135
       135
       -
               enable = true;

     

       136
       136
       -
               cname = "vps";

     

       137
       137
       -
               domain = "fn06.org";

     

       138
       138
       -
             };

     

       139
       139
       -
             colour-guesser = {

     

       140
       140
       -
               # enable = true;

     

       141
       141
       -
               cname = "vps";

     

       142
       142
       -
             };

     

       143
       143
       -
           };

     

       144
       144
       -
         };

     

       145
       145
       -
       

     

       146
       146
       -
         eilean.dns.nameservers = [ "ns1" ];

     

       147
       147
       -
         eilean.services.dns.zones = {

     

       148
       148
       -
           ${config.networking.domain} = {

     

       149
       149
       -
             ttl = 300;

     

       150
       150
       -
             soa = {

     

       151
       151
       -
               serial = 2018011660;

     

       152
       152
       -
               refresh = 300;

     

       153
       153
       -
             };

     

       154
       154
       -
             records = [

     

       155
       155
       -
               {

     

       156
       156
       -
                 name = "@";

     

       157
       157
       -
                 type = "TXT";

     

       158
       158
       -
                 value = "google-site-verification=rEvwSqf7RYKRQltY412qMtTuoxPp64O3L7jMotj9Jnc";

     

       159
       159
       -
               }

     

       160
       160
       -
               {

     

       161
       161
       -
                 name = "_atproto.ryan";

     

       162
       162
       -
                 type = "TXT";

     

       163
       163
       -
                 value = "did=did:plc:3lfhu6ehlynzjgehef6alnvg";

     

       164
       164
       -
               }

     

       165
       165
       -
       

     

       166
       166
       -
               {

     

       167
       167
       -
                 name = "teapot";

     

       168
       168
       -
                 type = "CNAME";

     

       169
       169
       -
                 value = "vps";

     

       170
       170
       -
               }

     

       171
       171
       -
       

     

       172
       172
       -
               {

     

       173
       173
       -
                 name = "@";

     

       174
       174
       -
                 type = "NS";

     

       175
       175
       -
                 value = "ns1.sirref.org.";

     

       176
       176
       -
               }

     

       177
       177
       -
       

     

       178
       178
       -
               {

     

       179
       179
       -
                 name = "@";

     

       180
       180
       -
                 type = "A";

     

       181
       181
       -
                 value = config.eilean.serverIpv4;

     

       182
       182
       -
               }

     

       183
       183
       -
               {

     

       184
       184
       -
                 name = "@";

     

       185
       185
       -
                 type = "AAAA";

     

       186
       186
       -
                 value = config.eilean.serverIpv6;

     

       187
       187
       -
               }

     

       188
       188
       -
               {

     

       189
       189
       -
                 name = "vps";

     

       190
       190
       -
                 type = "A";

     

       191
       191
       -
                 value = config.eilean.serverIpv4;

     

       192
       192
       -
               }

     

       193
       193
       -
               {

     

       194
       194
       -
                 name = "vps";

     

       195
       195
       -
                 type = "AAAA";

     

       196
       196
       -
                 value = config.eilean.serverIpv6;

     

       197
       197
       -
               }

     

       198
       198
       -
       

     

       199
       199
       -
               {

     

       200
       200
       -
                 name = "@";

     

       201
       201
       -
                 type = "LOC";

     

       202
       202
       -
                 value = "52 12 40.4 N 0 5 31.9 E 22m 10m 10m 10m";

     

       203
       203
       -
               }

     

       204
       204
       -
       

     

       205
       205
       -
               {

     

       206
       206
       -
                 name = "ns.cl";

     

       207
       207
       -
                 type = "A";

     

       208
       208
       -
                 value = "128.232.113.136";

     

       209
       209
       -
               }

     

       210
       210
       -
               {

     

       211
       211
       -
                 name = "cl";

     

       212
       212
       -
                 type = "NS";

     

       213
       213
       -
                 value = "ns.cl";

     

       214
       214
       -
               }

     

       215
       215
       -
       

     

       216
       216
       -
               {

     

       217
       217
       -
                 name = "ns1.eilean";

     

       218
       218
       -
                 type = "A";

     

       219
       219
       -
                 value = "65.109.10.223";

     

       220
       220
       -
               }

     

       221
       221
       -
               {

     

       222
       222
       -
                 name = "eilean";

     

       223
       223
       -
                 type = "NS";

     

       224
       224
       -
                 value = "ns1.eilean";

     

       225
       225
       -
               }

     

       226
       226
       -
       

     

       227
       227
       -
               {

     

       228
       228
       -
                 name = "shrew";

     

       229
       229
       -
                 type = "CNAME";

     

       230
       230
       -
                 value = "vps";

     

       231
       231
       -
               }

     

       232
       232
       -
       

     

       233
       233
       -
               # generate with

     

       234
       234
       -
               #   sudo openssl x509 -in /var/lib/acme/mail.freumh.org/fullchain.pem -pubkey -noout | openssl pkey -pubin -outform der | sha256sum | awk '{print "3 1 1", $1}'

     

       235
       235
       -
               {

     

       236
       236
       -
                 name = "_25._tcp.mail";

     

       237
       237
       -
                 type = "TLSA";

     

       238
       238
       -
                 value = "3 1 1 2f0fd413f063c75141937dd196a9f4ab66139d599e0dcf2a7ce6d557647e26a6";

     

       239
       239
       -
               }

     

       240
       240
       -
               # generate with

     

       241
       241
       -
               #   for i in r3 e1 r4-cross-signed e2

     

       242
       242
       -
               #   openssl x509 -in ~/downloads/lets-encrypt-$i.pem -pubkey -noout | openssl pkey -pubin -outform der | sha256sum | awk '{print "2 1 1", $1}'

     

       243
       243
       -
               # LE R3

     

       244
       244
       -
               {

     

       245
       245
       -
                 name = "_25._tcp.mail";

     

       246
       246
       -
                 type = "TLSA";

     

       247
       247
       -
                 value = "2 1 1 8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d";

     

       248
       248
       -
               }

     

       249
       249
       -
               # LE E1

     

       250
       250
       -
               {

     

       251
       251
       -
                 name = "_25._tcp.mail";

     

       252
       252
       -
                 type = "TLSA";

     

       253
       253
       -
                 value = "2 1 1 276fe8a8c4ec7611565bf9fce6dcace9be320c1b5bea27596b2204071ed04f10";

     

       254
       254
       -
               }

     

       255
       255
       -
               # LE R4

     

       256
       256
       -
               {

     

       257
       257
       -
                 name = "_25._tcp.mail";

     

       258
       258
       -
                 type = "TLSA";

     

       259
       259
       -
                 value = "2 1 1 e5545e211347241891c554a03934cde9b749664a59d26d615fe58f77990f2d03";

     

       260
       260
       -
               }

     

       261
       261
       -
               # LE E2

     

       262
       262
       -
               {

     

       263
       263
       -
                 name = "_25._tcp.mail";

     

       264
       264
       -
                 type = "TLSA";

     

       265
       265
       -
                 value = "2 1 1 bd936e72b212ef6f773102c6b77d38f94297322efc25396bc3279422e0c89270";

     

       266
       266
       -
               }

     

       267
       267
       -
             ] ++ vpnRecords;

     

       268
       268
       -
           };

     

       269
       269
       -
           "fn06.org" = {

     

       270
       270
       -
             soa.serial = 1706745602;

     

       271
       271
       -
             records = [

     

       272
       272
       -
               {

     

       273
       273
       -
                 name = "@";

     

       274
       274
       -
                 type = "NS";

     

       275
       275
       -
                 value = "ns1";

     

       276
       276
       -
               }

     

       277
       277
       -
               {

     

       278
       278
       -
                 name = "@";

     

       279
       279
       -
                 type = "NS";

     

       280
       280
       -
                 value = "ns2";

     

       281
       281
       -
               }

     

       282
       282
       -
       

     

       283
       283
       -
               {

     

       284
       284
       -
                 name = "ns1";

     

       285
       285
       -
                 type = "A";

     

       286
       286
       -
                 value = config.eilean.serverIpv4;

     

       287
       287
       -
               }

     

       288
       288
       -
               {

     

       289
       289
       -
                 name = "ns1";

     

       290
       290
       -
                 type = "AAAA";

     

       291
       291
       -
                 value = config.eilean.serverIpv6;

     

       292
       292
       -
               }

     

       293
       293
       -
               {

     

       294
       294
       -
                 name = "ns2";

     

       295
       295
       -
                 type = "A";

     

       296
       296
       -
                 value = config.eilean.serverIpv4;

     

       297
       297
       -
               }

     

       298
       298
       -
               {

     

       299
       299
       -
                 name = "ns2";

     

       300
       300
       -
                 type = "AAAA";

     

       301
       301
       -
                 value = config.eilean.serverIpv6;

     

       302
       302
       -
               }

     

       303
       303
       -
       

     

       304
       304
       -
               {

     

       305
       305
       -
                 name = "@";

     

       306
       306
       -
                 type = "A";

     

       307
       307
       -
                 value = config.eilean.serverIpv4;

     

       308
       308
       -
               }

     

       309
       309
       -
               {

     

       310
       310
       -
                 name = "@";

     

       311
       311
       -
                 type = "AAAA";

     

       312
       312
       -
                 value = config.eilean.serverIpv6;

     

       313
       313
       -
               }

     

       314
       314
       -
       

     

       315
       315
       -
               {

     

       316
       316
       -
                 name = "www.fn06.org.";

     

       317
       317
       -
                 type = "CNAME";

     

       318
       318
       -
                 value = "fn06.org.";

     

       319
       319
       -
               }

     

       320
       320
       -
       

     

       321
       321
       -
               {

     

       322
       322
       -
                 name = "@";

     

       323
       323
       -
                 type = "LOC";

     

       324
       324
       -
                 value = "52 12 40.4 N 0 5 31.9 E 22m 10m 10m 10m";

     

       325
       325
       -
               }

     

       326
       326
       -
       

     

       327
       327
       -
               {

     

       328
       328
       -
                 name = "capybara.fn06.org.";

     

       329
       329
       -
                 type = "CNAME";

     

       330
       330
       -
                 value = "fn06.org.";

     

       331
       331
       -
               }

     

       332
       332
       -
       

     

       333
       333
       -
               {

     

       334
       334
       -
                 name = "jellyfin.${config.networking.domain}.";

     

       335
       335
       -
                 type = "AAAA";

     

       336
       336
       -
                 value = "2a00:23c6:aa22:e401:8dff:9b9a:cb3c:3fcb";

     

       337
       337
       -
               }

     

       338
       338
       -
               {

     

       339
       339
       -
                 name = "jellyseerr.${config.networking.domain}.";

     

       340
       340
       -
                 type = "AAAA";

     

       341
       341
       -
                 value = "2a00:23c6:aa22:e401:8dff:9b9a:cb3c:3fcb";

     

       342
       342
       -
               }

     

       343
       343
       -
             ];

     

       344
       344
       -
           };

     

       345
       345
       -
         };

     

       346
       346
       -
         services.bind.zones.${config.networking.domain}.extraConfig =

     

       347
       347
       -
           ''

     

       348
       348
       -
             dnssec-policy default;

     

       349
       349
       -
             inline-signing yes;

     

       350
       350
       -
             journal "${config.services.bind.directory}/${config.networking.domain}.signed.jnl";

     

       351
       351
       -
           ''

     

       352
       352
       -
           +

     

       353
       353
       -
             # dig ns org +short | xargs dig +short

     

       354
       354
       -
             # replace with `checkds true;` in bind 9.20

     

       355
       355
       -
             ''

     

       356
       356
       -
               parental-agents {

     

       357
       357
       -
                 199.19.56.1;

     

       358
       358
       -
                 199.249.112.1;

     

       359
       359
       -
                 199.19.54.1;

     

       360
       360
       -
                 199.249.120.1;

     

       361
       361
       -
                 199.19.53.1;

     

       362
       362
       -
                 199.19.57.1;

     

       363
       363
       -
               };

     

       364
       364
       -
             '';

     

       365
       365
       -
       

     

       366
       366
       -
         services.nginx.commonHttpConfig = ''

     

       367
       367
       -
           add_header Strict-Transport-Security max-age=31536000 always;

     

       368
       368
       -
           add_header X-Frame-Options SAMEORIGIN always;

     

       369
       369
       -
           add_header X-Content-Type-Options nosniff always;

     

       370
       370
       -
           add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; base-uri 'self'; frame-src 'self'; frame-ancestors 'self'; form-action 'self';" always;

     

       371
       371
       -
           add_header Referrer-Policy 'same-origin';

     

       372
       372
       -
         '';

     

       373
       373
       -
         services.nginx.virtualHosts."teapot.${config.networking.domain}" = {

     

       374
       374
       -
           extraConfig = ''

     

       375
       375
       -
             return 418;

     

       376
       376
       -
           '';

     

       377
       377
       -
         };

     

       378
       378
       -
         age.secrets.website-phd = {

     

       379
       379
       -
           file = ../../secrets/website-phd.age;

     

       380
       380
       -
           mode = "770";

     

       381
       381
       -
           owner = "${config.systemd.services.nginx.serviceConfig.User}";

     

       382
       382
       -
           group = "${config.systemd.services.nginx.serviceConfig.Group}";

     

       383
       383
       -
         };

     

       384
       384
       -
         services.nginx.virtualHosts."${config.custom.website.ryan.domain}" = {

     

       385
       385
       -
           locations."/phd/" = {

     

       386
       386
       -
             basicAuthFile = config.age.secrets.website-phd.path;

     

       387
       387
       -
           };

     

       388
       388
       -
         };

     

       389
       389
       -
       

     

       390
       390
       -
         security.acme-eon.nginxCerts = [

     

       391
       391
       -
           "capybara.fn06.org"

     

       392
       392
       -
           "shrew.freumh.org"

     

       18
       18
       +
         environment.systemPackages = with pkgs; [

     

       19
       19
       +
           nixd

     

       20
       20
       +
           nixfmt-rfc-style

     

       393
       21
        
         ];

     

       394
       394
       -
         services.nginx.virtualHosts."capybara.fn06.org" = {

     

       395
       395
       -
           forceSSL = true;

     

       396
       396
       -
           locations."/" = {

     

       397
       397
       -
             proxyPass = ''

     

       398
       398
       -
               http://100.64.0.10:8123

     

       399
       399
       -
             '';

     

       400
       400
       -
             proxyWebsockets = true;

     

       401
       401
       -
           };

     

       402
       402
       -
         };

     

       403
       403
       -
         services.nginx.virtualHosts."shrew.freumh.org" = {

     

       404
       404
       -
           forceSSL = true;

     

       405
       405
       -
           locations."/" = {

     

       406
       406
       -
             # need to specify ip or there's a bootstrap problem with headscale

     

       407
       407
       -
             proxyPass = ''

     

       408
       408
       -
               http://100.64.0.6:8123

     

       409
       409
       -
             '';

     

       410
       410
       -
             proxyWebsockets = true;

     

       411
       411
       -
           };

     

       412
       412
       -
         };

     

       413
       413
       -
       

     

       414
       414
       -
         services.mastodon = {

     

       415
       415
       -
           webProcesses = lib.mkForce 1;

     

       416
       416
       -
           webThreads = lib.mkForce 1;

     

       417
       417
       -
           sidekiqThreads = lib.mkForce 1;

     

       418
       418
       -
           streamingProcesses = lib.mkForce 1;

     

       419
       419
       -
         };

     

       420
       420
       -
       

     

       421
       421
       -
         boot.kernel.sysctl = {

     

       422
       422
       -
           "net.ipv4.ip_forward" = 1;

     

       423
       423
       -
           "net.ipv6.conf.all.forwarding" = 1;

     

       424
       424
       -
         };

     

       425
       425
       -
       

     

       426
       426
       -
         services.headscale.settings.dns = {

     

       427
       427
       -
           extra_records = vpnRecords;

     

       428
       428
       -
           base_domain = "vpn.freumh.org";

     

       429
       429
       -
           nameservers.global = config.networking.nameservers;

     

       430
       430
       -
         };

     

       431
       431
       -
       

     

       432
       432
       -
         age.secrets.restic-owl.file = ../../secrets/restic-owl.age;

     

       433
       433
       -
         services.restic.backups.${config.networking.hostName} = {

     

       434
       434
       -
           repository = "rest:http://100.64.0.9:8000/${config.networking.hostName}/";

     

       435
       435
       -
           passwordFile = config.age.secrets.restic-owl.path;

     

       436
       436
       -
           initialize = true;

     

       437
       437
       -
           paths = [

     

       438
       438
       -
             "/var/"

     

       439
       439
       -
             "/run/"

     

       440
       440
       -
             "/etc/"

     

       441
       441
       -
           ];

     

       442
       442
       -
           timerConfig = {

     

       443
       443
       -
             OnCalendar = "03:00";

     

       444
       444
       -
             randomizedDelaySec = "1hr";

     

       445
       445
       -
           };

     

       446
       446
       -
         };

     

       447
       22
        
       

     

       448
       23
        
         nix = {

     

       449
       24
        
           gc = {

     
···

       453
       28
        
             options = lib.mkForce "--delete-older-than 2d";

     

       454
       29
        
           };

     

       455
       30
        
         };

     

       456
       456
       -
       

     

       457
       457
       -
         age.secrets.email-ryan.file = ../../secrets/email-ryan.age;

     

       458
       458
       -
         age.secrets.email-system.file = ../../secrets/email-system.age;

     

       459
       459
       -
         eilean.mailserver.systemAccountPasswordFile = config.age.secrets.email-system.path;

     

       460
       460
       -
         mailserver.loginAccounts = {

     

       461
       461
       -
           "${config.eilean.username}@${config.networking.domain}" = {

     

       462
       462
       -
             passwordFile = config.age.secrets.email-ryan.path;

     

       463
       463
       -
             aliases = [

     

       464
       464
       -
               "dns@${config.networking.domain}"

     

       465
       465
       -
               "postmaster@${config.networking.domain}"

     

       466
       466
       -
             ];

     

       467
       467
       -
             sieveScript = ''

     

       468
       468
       -
               require ["fileinto", "mailbox"];

     

       469
       469
       -
       

     

       470
       470
       -
               if header :contains ["to", "cc"] ["~rjarry/aerc-discuss@lists.sr.ht"] {

     

       471
       471
       -
                 fileinto :create "lists.aerc";

     

       472
       472
       -
                 stop;

     

       473
       473
       -
               }

     

       474
       474
       -
             '';

     

       475
       475
       -
           };

     

       476
       476
       -
           "misc@${config.networking.domain}" = {

     

       477
       477
       -
             passwordFile = config.age.secrets.email-ryan.path;

     

       478
       478
       -
             catchAll = [ "${config.networking.domain}" ];

     

       479
       479
       -
           };

     

       480
       480
       -
           "system@${config.networking.domain}" = {

     

       481
       481
       -
             aliases = [ "nas@${config.networking.domain}" ];

     

       482
       482
       -
           };

     

       483
       483
       -
         };

     

       484
       484
       -
       

     

       485
       485
       -
         services.minecraft-server = {

     

       486
       486
       -
           enable = true;

     

       487
       487
       -
           package = pkgs.overlay-unstable.minecraft-server;

     

       488
       488
       -
           eula = true;

     

       489
       489
       -
           openFirewall = true;

     

       490
       490
       -
         };

     

       491
       491
       -
       

     

       492
       492
       -
         networking.firewall.allowedTCPPorts = [ 7001 ];

     

       493
       31
        
       

     

       494
       32
        
         services.openssh.openFirewall = true;

     

       495
       33
        
       }

-3

hosts/owl/minimal.nix

+518

hosts/owl/services.nix

···

       1
       1
       +
       {

     

       2
       2
       +
         pkgs,

     

       3
       3
       +
         config,

     

       4
       4
       +
         lib,

     

       5
       5
       +
         eon,

     

       6
       6
       +
         ...

     

       7
       7
       +
       }:

     

       8
       8
       +
       

     

       9
       9
       +
       let

     

       10
       10
       +
         vpnRecords = [

     

       11
       11
       +
           {

     

       12
       12
       +
             name = "nix-cache.vpn.${config.networking.domain}.";

     

       13
       13
       +
             type = "A";

     

       14
       14
       +
             value = "100.64.0.9";

     

       15
       15
       +
           }

     

       16
       16
       +
           {

     

       17
       17
       +
             name = "jellyfin.vpn.${config.networking.domain}.";

     

       18
       18
       +
             type = "A";

     

       19
       19
       +
             value = "100.64.0.9";

     

       20
       20
       +
           }

     

       21
       21
       +
           {

     

       22
       22
       +
             name = "nextcloud.vpn.${config.networking.domain}.";

     

       23
       23
       +
             type = "A";

     

       24
       24
       +
             value = "100.64.0.9";

     

       25
       25
       +
           }

     

       26
       26
       +
           {

     

       27
       27
       +
             name = "transmission.vpn.${config.networking.domain}.";

     

       28
       28
       +
             type = "A";

     

       29
       29
       +
             value = "100.64.0.9";

     

       30
       30
       +
           }

     

       31
       31
       +
           {

     

       32
       32
       +
             name = "owntracks.vpn.${config.networking.domain}.";

     

       33
       33
       +
             type = "A";

     

       34
       34
       +
             value = "100.64.0.9";

     

       35
       35
       +
           }

     

       36
       36
       +
           {

     

       37
       37
       +
             name = "immich.vpn.${config.networking.domain}.";

     

       38
       38
       +
             type = "A";

     

       39
       39
       +
             value = "100.64.0.9";

     

       40
       40
       +
           }

     

       41
       41
       +
           {

     

       42
       42
       +
             name = "audiobookshelf.vpn.${config.networking.domain}.";

     

       43
       43
       +
             type = "A";

     

       44
       44
       +
             value = "100.64.0.9";

     

       45
       45
       +
           }

     

       46
       46
       +
         ];

     

       47
       47
       +
       in

     

       48
       48
       +
       {

     

       49
       49
       +
         # eilean

     

       50
       50
       +
         networking.domain = lib.mkDefault "freumh.org";

     

       51
       51
       +
         eilean = {

     

       52
       52
       +
           username = config.custom.username;

     

       53
       53
       +
           serverIpv4 = "135.181.100.27";

     

       54
       54
       +
           serverIpv6 = "2a01:4f9:c011:87ad:0:0:0:0";

     

       55
       55
       +
           publicInterface = "enp1s0";

     

       56
       56
       +
           fail2ban.enable = true;

     

       57
       57
       +
         };

     

       58
       58
       +
       

     

       59
       59
       +
         # eon

     

       60
       60
       +
         age.secrets.eon-capnp = {

     

       61
       61
       +
           file = ../../secrets/eon-capnp.age;

     

       62
       62
       +
           mode = "660";

     

       63
       63
       +
           owner = "eon";

     

       64
       64
       +
           group = "eon";

     

       65
       65
       +
         };

     

       66
       66
       +
         age.secrets.eon-sirref-primary = {

     

       67
       67
       +
           file = ../../secrets/eon-sirref-primary.cap.age;

     

       68
       68
       +
           mode = "660";

     

       69
       69
       +
           owner = "eon";

     

       70
       70
       +
           group = "eon";

     

       71
       71
       +
         };

     

       72
       72
       +
         services.eon = {

     

       73
       73
       +
           capnpSecretKeyFile = config.age.secrets.eon-capnp.path;

     

       74
       74
       +
           primaries = [ config.age.secrets.eon-sirref-primary.path ];

     

       75
       75
       +
           prod = true;

     

       76
       76
       +
           capnpAddress = "135.181.100.27";

     

       77
       77
       +
           logLevel = 0;

     

       78
       78
       +
         };

     

       79
       79
       +
       

     

       80
       80
       +
         # certificates

     

       81
       81
       +
         eilean.acme-eon = true;

     

       82
       82
       +
         security.acme-eon = {

     

       83
       83
       +
           acceptTerms = true;

     

       84
       84
       +
           package = eon.defaultPackage.${config.nixpkgs.hostPlatform.system};

     

       85
       85
       +
           defaults.email = "${config.custom.username}@${config.networking.domain}";

     

       86
       86
       +
           defaults.capFile = "/var/lib/eon/caps/domain/freumh.org.cap";

     

       87
       87
       +
           certs = {

     

       88
       88
       +
             "fn06.org".capFile = "/var/lib/eon/caps/domain/fn06.org.cap";

     

       89
       89
       +
             "capybara.fn06.org".capFile = "/var/lib/eon/caps/domain/fn06.org.cap";

     

       90
       90
       +
           };

     

       91
       91
       +
         };

     

       92
       92
       +
         security.acme-eon.nginxCerts = [

     

       93
       93
       +
           "capybara.fn06.org"

     

       94
       94
       +
           "shrew.freumh.org"

     

       95
       95
       +
           "knot.freumh.org"

     

       96
       96
       +
           "enki.freumh.org"

     

       97
       97
       +
         ];

     

       98
       98
       +
       

     

       99
       99
       +
         # VPN

     

       100
       100
       +
         eilean.headscale.enable = true;

     

       101
       101
       +
         services.headscale.settings.dns = {

     

       102
       102
       +
           extra_records = vpnRecords;

     

       103
       103
       +
           base_domain = "vpn.freumh.org";

     

       104
       104
       +
           nameservers.global = config.networking.nameservers;

     

       105
       105
       +
         };

     

       106
       106
       +
         boot.kernel.sysctl = {

     

       107
       107
       +
           "net.ipv4.ip_forward" = 1;

     

       108
       108
       +
           "net.ipv6.conf.all.forwarding" = 1;

     

       109
       109
       +
         };

     

       110
       110
       +
       

     

       111
       111
       +
         # websites

     

       112
       112
       +
         custom = {

     

       113
       113
       +
           freumh.enable = true;

     

       114
       114
       +
           rmfakecloud.enable = true;

     

       115
       115
       +
           website = {

     

       116
       116
       +
             ryan = {

     

       117
       117
       +
               enable = true;

     

       118
       118
       +
               cname = "vps";

     

       119
       119
       +
             };

     

       120
       120
       +
             alec = {

     

       121
       121
       +
               enable = true;

     

       122
       122
       +
               cname = "vps";

     

       123
       123
       +
             };

     

       124
       124
       +
             fn06 = {

     

       125
       125
       +
               enable = true;

     

       126
       126
       +
               cname = "vps";

     

       127
       127
       +
               domain = "fn06.org";

     

       128
       128
       +
             };

     

       129
       129
       +
           };

     

       130
       130
       +
         };

     

       131
       131
       +
         services.nginx.commonHttpConfig = ''

     

       132
       132
       +
           add_header Strict-Transport-Security max-age=31536000 always;

     

       133
       133
       +
           add_header X-Frame-Options SAMEORIGIN always;

     

       134
       134
       +
           add_header X-Content-Type-Options nosniff always;

     

       135
       135
       +
           add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; base-uri 'self'; frame-src 'self'; frame-ancestors 'self'; form-action 'self';" always;

     

       136
       136
       +
           add_header Referrer-Policy 'same-origin';

     

       137
       137
       +
         '';

     

       138
       138
       +
         services.nginx.virtualHosts."teapot.${config.networking.domain}" = {

     

       139
       139
       +
           extraConfig = ''

     

       140
       140
       +
             return 418;

     

       141
       141
       +
           '';

     

       142
       142
       +
         };

     

       143
       143
       +
       

     

       144
       144
       +
         # mailserver

     

       145
       145
       +
         eilean.mailserver.enable = true;

     

       146
       146
       +
         age.secrets.email-ryan.file = ../../secrets/email-ryan.age;

     

       147
       147
       +
         age.secrets.email-system.file = ../../secrets/email-system.age;

     

       148
       148
       +
         eilean.mailserver.systemAccountPasswordFile = config.age.secrets.email-system.path;

     

       149
       149
       +
         mailserver.loginAccounts = {

     

       150
       150
       +
           "${config.eilean.username}@${config.networking.domain}" = {

     

       151
       151
       +
             passwordFile = config.age.secrets.email-ryan.path;

     

       152
       152
       +
             aliases = [

     

       153
       153
       +
               "dns@${config.networking.domain}"

     

       154
       154
       +
               "postmaster@${config.networking.domain}"

     

       155
       155
       +
             ];

     

       156
       156
       +
             sieveScript = ''

     

       157
       157
       +
               require ["fileinto", "mailbox"];

     

       158
       158
       +
       

     

       159
       159
       +
               if header :contains ["to", "cc"] ["ai-control@ietf.org"] {

     

       160
       160
       +
                 fileinto :create "lists.aietf";

     

       161
       161
       +
                 stop;

     

       162
       162
       +
               }

     

       163
       163
       +
             '';

     

       164
       164
       +
           };

     

       165
       165
       +
           "misc@${config.networking.domain}" = {

     

       166
       166
       +
             passwordFile = config.age.secrets.email-ryan.path;

     

       167
       167
       +
             catchAll = [ "${config.networking.domain}" ];

     

       168
       168
       +
           };

     

       169
       169
       +
           "system@${config.networking.domain}" = {

     

       170
       170
       +
             aliases = [ "nas@${config.networking.domain}" ];

     

       171
       171
       +
           };

     

       172
       172
       +
         };

     

       173
       173
       +
       

     

       174
       174
       +
         # CalDAV calendar server

     

       175
       175
       +
         eilean.radicale = {

     

       176
       176
       +
           enable = true;

     

       177
       177
       +
           users = null;

     

       178
       178
       +
         };

     

       179
       179
       +
       

     

       180
       180
       +
         # matrix

     

       181
       181
       +
         age.secrets.matrix-shared-secret = {

     

       182
       182
       +
           file = ../../secrets/matrix-shared-secret.age;

     

       183
       183
       +
           mode = "770";

     

       184
       184
       +
           owner = "${config.systemd.services.matrix-synapse.serviceConfig.User}";

     

       185
       185
       +
           group = "${config.systemd.services.matrix-synapse.serviceConfig.Group}";

     

       186
       186
       +
         };

     

       187
       187
       +
         eilean.matrix = {

     

       188
       188
       +
           enable = true;

     

       189
       189
       +
           registrationSecretFile = config.age.secrets.matrix-shared-secret.path;

     

       190
       190
       +
           bridges.whatsapp = true;

     

       191
       191
       +
           bridges.signal = true;

     

       192
       192
       +
           bridges.instagram = true;

     

       193
       193
       +
           bridges.messenger = true;

     

       194
       194
       +
         };

     

       195
       195
       +
         eilean.turn.enable = true;

     

       196
       196
       +
         systemd.services.matrix-as-meta = {

     

       197
       197
       +
           path = [ pkgs.ffmpeg ];

     

       198
       198
       +
         };

     

       199
       199
       +
       

     

       200
       200
       +
         # mastodon

     

       201
       201
       +
         eilean.mastodon.enable = true;

     

       202
       202
       +
         services.mastodon = {

     

       203
       203
       +
           webProcesses = lib.mkForce 1;

     

       204
       204
       +
           webThreads = lib.mkForce 1;

     

       205
       205
       +
           sidekiqThreads = lib.mkForce 1;

     

       206
       206
       +
           streamingProcesses = lib.mkForce 1;

     

       207
       207
       +
         };

     

       208
       208
       +
       

     

       209
       209
       +
         # restic

     

       210
       210
       +
         age.secrets.restic-owl.file = ../../secrets/restic-owl.age;

     

       211
       211
       +
         services.restic.backups.${config.networking.hostName} = {

     

       212
       212
       +
           repository = "rest:http://100.64.0.9:8000/${config.networking.hostName}/";

     

       213
       213
       +
           passwordFile = config.age.secrets.restic-owl.path;

     

       214
       214
       +
           initialize = true;

     

       215
       215
       +
           paths = [

     

       216
       216
       +
             "/var/"

     

       217
       217
       +
             "/run/"

     

       218
       218
       +
             "/etc/"

     

       219
       219
       +
           ];

     

       220
       220
       +
           timerConfig = {

     

       221
       221
       +
             OnCalendar = "03:00";

     

       222
       222
       +
             randomizedDelaySec = "1hr";

     

       223
       223
       +
           };

     

       224
       224
       +
         };

     

       225
       225
       +
       

     

       226
       226
       +
         # reverse proxy

     

       227
       227
       +
         services.nginx.virtualHosts."capybara.fn06.org" = {

     

       228
       228
       +
           forceSSL = true;

     

       229
       229
       +
           locations."/" = {

     

       230
       230
       +
             proxyPass = ''

     

       231
       231
       +
               http://100.64.0.10:8123

     

       232
       232
       +
             '';

     

       233
       233
       +
             proxyWebsockets = true;

     

       234
       234
       +
           };

     

       235
       235
       +
         };

     

       236
       236
       +
         services.nginx.virtualHosts."shrew.freumh.org" = {

     

       237
       237
       +
           forceSSL = true;

     

       238
       238
       +
           locations."/" = {

     

       239
       239
       +
             proxyPass = ''

     

       240
       240
       +
               http://100.64.0.6:8123

     

       241
       241
       +
             '';

     

       242
       242
       +
             proxyWebsockets = true;

     

       243
       243
       +
           };

     

       244
       244
       +
         };

     

       245
       245
       +
       

     

       246
       246
       +
         # tangled

     

       247
       247
       +
         age.secrets.tangled = {

     

       248
       248
       +
           file = ../../secrets/tangled.age;

     

       249
       249
       +
           mode = "660";

     

       250
       250
       +
           owner = "git";

     

       251
       251
       +
           group = "git";

     

       252
       252
       +
         };

     

       253
       253
       +
         services.tangled-knotserver = {

     

       254
       254
       +
           enable = true;

     

       255
       255
       +
           repo.mainBranch = "master";

     

       256
       256
       +
           server.hostname = "knot.freumh.org";

     

       257
       257
       +
           server = {

     

       258
       258
       +
             secretFile = config.age.secrets.tangled.path;

     

       259
       259
       +
             listenAddr = "127.0.0.1:5555";

     

       260
       260
       +
             internalListenAddr = "127.0.0.1:5444";

     

       261
       261
       +
           };

     

       262
       262
       +
         };

     

       263
       263
       +
         services.nginx.virtualHosts."knot.freumh.org" = {

     

       264
       264
       +
           forceSSL = true;

     

       265
       265
       +
           locations."/" = {

     

       266
       266
       +
             proxyPass = ''

     

       267
       267
       +
               http://${config.services.tangled-knotserver.server.listenAddr}

     

       268
       268
       +
             '';

     

       269
       269
       +
             proxyWebsockets = true;

     

       270
       270
       +
           };

     

       271
       271
       +
         };

     

       272
       272
       +
       

     

       273
       273
       +
         services.nginx.virtualHosts."enki.freumh.org" = {

     

       274
       274
       +
           forceSSL = true;

     

       275
       275
       +
           locations."/" = {

     

       276
       276
       +
             proxyPass = ''

     

       277
       277
       +
               http://localhost:8000

     

       278
       278
       +
             '';

     

       279
       279
       +
             proxyWebsockets = true;

     

       280
       280
       +
             extraConfig = ''

     

       281
       281
       +
               # SSE-specific settings

     

       282
       282
       +
               proxy_buffering off;

     

       283
       283
       +
               proxy_read_timeout 3600s;

     

       284
       284
       +
               proxy_send_timeout 3600s;

     

       285
       285
       +
               proxy_connect_timeout 60s;

     

       286
       286
       +
       

     

       287
       287
       +
               # Forward headers

     

       288
       288
       +
               proxy_set_header Connection "";

     

       289
       289
       +
               proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

     

       290
       290
       +
               proxy_set_header X-Forwarded-Proto $scheme;

     

       291
       291
       +
               proxy_set_header Host $host;

     

       292
       292
       +
             '';

     

       293
       293
       +
           };

     

       294
       294
       +
         };

     

       295
       295
       +
       

     

       296
       296
       +
         # minecraft server

     

       297
       297
       +
         services.minecraft-server = {

     

       298
       298
       +
           enable = true;

     

       299
       299
       +
           package = pkgs.overlay-unstable.minecraft-server;

     

       300
       300
       +
           eula = true;

     

       301
       301
       +
           openFirewall = true;

     

       302
       302
       +
         };

     

       303
       303
       +
       

     

       304
       304
       +
         # DNS records

     

       305
       305
       +
         eilean.dns.nameservers = [ "ns1" ];

     

       306
       306
       +
         eilean.services.dns.zones = {

     

       307
       307
       +
           ${config.networking.domain} = {

     

       308
       308
       +
             ttl = 300;

     

       309
       309
       +
             soa = {

     

       310
       310
       +
               serial = 2018011660;

     

       311
       311
       +
               refresh = 300;

     

       312
       312
       +
             };

     

       313
       313
       +
             records = [

     

       314
       314
       +
               {

     

       315
       315
       +
                 name = "@";

     

       316
       316
       +
                 type = "TXT";

     

       317
       317
       +
                 value = "google-site-verification=rEvwSqf7RYKRQltY412qMtTuoxPp64O3L7jMotj9Jnc";

     

       318
       318
       +
               }

     

       319
       319
       +
               {

     

       320
       320
       +
                 name = "_atproto.ryan";

     

       321
       321
       +
                 type = "TXT";

     

       322
       322
       +
                 value = "did=did:plc:3lfhu6ehlynzjgehef6alnvg";

     

       323
       323
       +
               }

     

       324
       324
       +
       

     

       325
       325
       +
               {

     

       326
       326
       +
                 name = "teapot";

     

       327
       327
       +
                 type = "CNAME";

     

       328
       328
       +
                 value = "vps";

     

       329
       329
       +
               }

     

       330
       330
       +
       

     

       331
       331
       +
               {

     

       332
       332
       +
                 name = "@";

     

       333
       333
       +
                 type = "ns";

     

       334
       334
       +
                 value = "ns1.sirref.org.";

     

       335
       335
       +
               }

     

       336
       336
       +
       

     

       337
       337
       +
               {

     

       338
       338
       +
                 name = "vps";

     

       339
       339
       +
                 type = "A";

     

       340
       340
       +
                 value = config.eilean.serverIpv4;

     

       341
       341
       +
               }

     

       342
       342
       +
               {

     

       343
       343
       +
                 name = "vps";

     

       344
       344
       +
                 type = "AAAA";

     

       345
       345
       +
                 value = config.eilean.serverIpv6;

     

       346
       346
       +
               }

     

       347
       347
       +
       

     

       348
       348
       +
               {

     

       349
       349
       +
                 name = "@";

     

       350
       350
       +
                 type = "LOC";

     

       351
       351
       +
                 value = "52 12 40.4 N 0 5 31.9 E 22m 10m 10m 10m";

     

       352
       352
       +
               }

     

       353
       353
       +
       

     

       354
       354
       +
               {

     

       355
       355
       +
                 name = "ns.cl";

     

       356
       356
       +
                 type = "A";

     

       357
       357
       +
                 value = "128.232.113.136";

     

       358
       358
       +
               }

     

       359
       359
       +
               {

     

       360
       360
       +
                 name = "cl";

     

       361
       361
       +
                 type = "NS";

     

       362
       362
       +
                 value = "ns.cl";

     

       363
       363
       +
               }

     

       364
       364
       +
       

     

       365
       365
       +
               {

     

       366
       366
       +
                 name = "ns1.eilean";

     

       367
       367
       +
                 type = "A";

     

       368
       368
       +
                 value = "65.109.10.223";

     

       369
       369
       +
               }

     

       370
       370
       +
               {

     

       371
       371
       +
                 name = "eilean";

     

       372
       372
       +
                 type = "NS";

     

       373
       373
       +
                 value = "ns1.eilean";

     

       374
       374
       +
               }

     

       375
       375
       +
       

     

       376
       376
       +
               {

     

       377
       377
       +
                 name = "shrew";

     

       378
       378
       +
                 type = "CNAME";

     

       379
       379
       +
                 value = "vps";

     

       380
       380
       +
               }

     

       381
       381
       +
       

     

       382
       382
       +
               {

     

       383
       383
       +
                 name = "knot";

     

       384
       384
       +
                 type = "CNAME";

     

       385
       385
       +
                 value = "vps";

     

       386
       386
       +
               }

     

       387
       387
       +
       

     

       388
       388
       +
               {

     

       389
       389
       +
                 name = "enki";

     

       390
       390
       +
                 type = "CNAME";

     

       391
       391
       +
                 value = "vps";

     

       392
       392
       +
               }

     

       393
       393
       +
       

     

       394
       394
       +
               {

     

       395
       395
       +
                 name = "hippo";

     

       396
       396
       +
                 type = "A";

     

       397
       397
       +
                 value = "128.232.124.251";

     

       398
       398
       +
               }

     

       399
       399
       +
       

     

       400
       400
       +
               # generate with

     

       401
       401
       +
               #   sudo openssl x509 -in /var/lib/acme/mail.freumh.org/fullchain.pem -pubkey -noout | openssl pkey -pubin -outform der | sha256sum | awk '{print "3 1 1", $1}'

     

       402
       402
       +
               {

     

       403
       403
       +
                 name = "_25._tcp.mail";

     

       404
       404
       +
                 type = "TLSA";

     

       405
       405
       +
                 value = "3 1 1 2f0fd413f063c75141937dd196a9f4ab66139d599e0dcf2a7ce6d557647e26a6";

     

       406
       406
       +
               }

     

       407
       407
       +
               # generate with

     

       408
       408
       +
               #   for i in r3 e1 r4-cross-signed e2

     

       409
       409
       +
               #   openssl x509 -in ~/downloads/lets-encrypt-$i.pem -pubkey -noout | openssl pkey -pubin -outform der | sha256sum | awk '{print "2 1 1", $1}'

     

       410
       410
       +
               # LE R3

     

       411
       411
       +
               {

     

       412
       412
       +
                 name = "_25._tcp.mail";

     

       413
       413
       +
                 type = "TLSA";

     

       414
       414
       +
                 value = "2 1 1 8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d";

     

       415
       415
       +
               }

     

       416
       416
       +
               # LE E1

     

       417
       417
       +
               {

     

       418
       418
       +
                 name = "_25._tcp.mail";

     

       419
       419
       +
                 type = "TLSA";

     

       420
       420
       +
                 value = "2 1 1 276fe8a8c4ec7611565bf9fce6dcace9be320c1b5bea27596b2204071ed04f10";

     

       421
       421
       +
               }

     

       422
       422
       +
               # LE R4

     

       423
       423
       +
               {

     

       424
       424
       +
                 name = "_25._tcp.mail";

     

       425
       425
       +
                 type = "TLSA";

     

       426
       426
       +
                 value = "2 1 1 e5545e211347241891c554a03934cde9b749664a59d26d615fe58f77990f2d03";

     

       427
       427
       +
               }

     

       428
       428
       +
               # LE E2

     

       429
       429
       +
               {

     

       430
       430
       +
                 name = "_25._tcp.mail";

     

       431
       431
       +
                 type = "TLSA";

     

       432
       432
       +
                 value = "2 1 1 bd936e72b212ef6f773102c6b77d38f94297322efc25396bc3279422e0c89270";

     

       433
       433
       +
               }

     

       434
       434
       +
       

     

       435
       435
       +
               {

     

       436
       436
       +
                 name = "jellyfin";

     

       437
       437
       +
                 type = "AAAA";

     

       438
       438
       +
                 value = "2a00:23c6:aa22:e401:8dff:9b9a:cb3c:3fcb";

     

       439
       439
       +
               }

     

       440
       440
       +
               {

     

       441
       441
       +
                 name = "jellyseerr";

     

       442
       442
       +
                 type = "AAAA";

     

       443
       443
       +
                 value = "2a00:23c6:aa22:e401:8dff:9b9a:cb3c:3fcb";

     

       444
       444
       +
               }

     

       445
       445
       +
               {

     

       446
       446
       +
                 name = "calibre";

     

       447
       447
       +
                 type = "AAAA";

     

       448
       448
       +
                 value = "2a00:23c6:aa22:e401:8dff:9b9a:cb3c:3fcb";

     

       449
       449
       +
               }

     

       450
       450
       +
             ] ++ vpnRecords;

     

       451
       451
       +
           };

     

       452
       452
       +
           "fn06.org" = {

     

       453
       453
       +
             soa.serial = 1706745602;

     

       454
       454
       +
             records = [

     

       455
       455
       +
               {

     

       456
       456
       +
                 name = "@";

     

       457
       457
       +
                 type = "NS";

     

       458
       458
       +
                 value = "ns1";

     

       459
       459
       +
               }

     

       460
       460
       +
               {

     

       461
       461
       +
                 name = "@";

     

       462
       462
       +
                 type = "NS";

     

       463
       463
       +
                 value = "ns2";

     

       464
       464
       +
               }

     

       465
       465
       +
       

     

       466
       466
       +
               {

     

       467
       467
       +
                 name = "ns1";

     

       468
       468
       +
                 type = "A";

     

       469
       469
       +
                 value = config.eilean.serverIpv4;

     

       470
       470
       +
               }

     

       471
       471
       +
               {

     

       472
       472
       +
                 name = "ns1";

     

       473
       473
       +
                 type = "AAAA";

     

       474
       474
       +
                 value = config.eilean.serverIpv6;

     

       475
       475
       +
               }

     

       476
       476
       +
               {

     

       477
       477
       +
                 name = "ns2";

     

       478
       478
       +
                 type = "A";

     

       479
       479
       +
                 value = config.eilean.serverIpv4;

     

       480
       480
       +
               }

     

       481
       481
       +
               {

     

       482
       482
       +
                 name = "ns2";

     

       483
       483
       +
                 type = "AAAA";

     

       484
       484
       +
                 value = config.eilean.serverIpv6;

     

       485
       485
       +
               }

     

       486
       486
       +
       

     

       487
       487
       +
               {

     

       488
       488
       +
                 name = "@";

     

       489
       489
       +
                 type = "A";

     

       490
       490
       +
                 value = config.eilean.serverIpv4;

     

       491
       491
       +
               }

     

       492
       492
       +
               {

     

       493
       493
       +
                 name = "@";

     

       494
       494
       +
                 type = "AAAA";

     

       495
       495
       +
                 value = config.eilean.serverIpv6;

     

       496
       496
       +
               }

     

       497
       497
       +
       

     

       498
       498
       +
               {

     

       499
       499
       +
                 name = "www.fn06.org.";

     

       500
       500
       +
                 type = "CNAME";

     

       501
       501
       +
                 value = "fn06.org.";

     

       502
       502
       +
               }

     

       503
       503
       +
       

     

       504
       504
       +
               {

     

       505
       505
       +
                 name = "@";

     

       506
       506
       +
                 type = "LOC";

     

       507
       507
       +
                 value = "52 12 40.4 N 0 5 31.9 E 22m 10m 10m 10m";

     

       508
       508
       +
               }

     

       509
       509
       +
       

     

       510
       510
       +
               {

     

       511
       511
       +
                 name = "capybara.fn06.org.";

     

       512
       512
       +
                 type = "CNAME";

     

       513
       513
       +
                 value = "fn06.org.";

     

       514
       514
       +
               }

     

       515
       515
       +
             ];

     

       516
       516
       +
           };

     

       517
       517
       +
         };

     

       518
       518
       +
       }

+2 -11

hosts/vulpine/default.nix

···

       20
       20
        
           services.kdeconnect.enable = true;

     

       21
       21
        
           custom = {

     

       22
       22
        
             machineColour = "magenta";

     

       23
       23
       -
             mail.enable = true;

     

       24
       23
        
             calendar.enable = true;

     

       25
       24
        
             battery.enable = true;

     

       26
       25
        
           };

     

       27
       26
        
           home.sessionVariables = {

     

       28
       28
       -
             LEDGER_FILE = "~/vault/finaces.ledger";

     

       27
       27
       +
             LEDGER_FILE = "~/vault/finances.ledger";

     

       29
       28
        
           };

     

       30
       29
        
         };

     

       31
       30
        
       

     
···

       66
       65
        
           Defaults !tty_tickets

     

       67
       66
        
         '';

     

       68
       67
        
       

     

       69
       69
       -
         services = {

     

       70
       70
       -
           syncthing = {

     

       71
       71
       -
             enable = true;

     

       72
       72
       -
             user = config.custom.username;

     

       73
       73
       -
             dataDir = "/home/ryan/syncthing";

     

       74
       74
       -
             configDir = "/home/ryan/.config/syncthing";

     

       75
       75
       -
           };

     

       76
       76
       -
         };

     

       77
       77
       -
       

     

       78
       68
        
         services.avahi.enable = true;

     

       79
       69
        
       

     

       80
       70
        
         programs.steam.enable = true;

     

       81
       71
        
       

     

       82
       72
        
         specialisation.nvidia.configuration = {

     

       83
       73
        
           services.xserver.videoDrivers = [ "nvidia" ];

     

       74
       74
       +
           hardware.nvidia.open = false;

     

       84
       75
        
         };

     

       85
       76
        
       }

-57

modules/colour-guesser.nix

···

       1
       1
       -
       {

     

       2
       2
       -
         pkgs,

     

       3
       3
       -
         config,

     

       4
       4
       -
         lib,

     

       5
       5
       -
         options,

     

       6
       6
       -
         colour-guesser,

     

       7
       7
       -
         ...

     

       8
       8
       -
       }:

     

       9
       9
       -
       

     

       10
       10
       -
       let

     

       11
       11
       -
         cfg = config.custom.website.colour-guesser;

     

       12
       12
       -
       in

     

       13
       13
       -
       {

     

       14
       14
       -
         options = {

     

       15
       15
       -
           custom.website.colour-guesser = {

     

       16
       16
       -
             enable = lib.mkEnableOption "Colour Guesser";

     

       17
       17
       -
             domain = lib.mkOption {

     

       18
       18
       -
               type = lib.types.str;

     

       19
       19
       -
               default = "colour-guesser.${config.networking.domain}";

     

       20
       20
       -
             };

     

       21
       21
       -
             cname = lib.mkOption {

     

       22
       22
       -
               type = lib.types.str;

     

       23
       23
       -
               default = null;

     

       24
       24
       -
               description = ''

     

       25
       25
       -
                 CNAME to create DNS records for.

     

       26
       26
       -
                 Ignored if null

     

       27
       27
       -
               '';

     

       28
       28
       -
             };

     

       29
       29
       -
           };

     

       30
       30
       -
         };

     

       31
       31
       -
       

     

       32
       32
       -
         config = lib.mkIf cfg.enable {

     

       33
       33
       -
           security.acme-eon.nginxCerts = [ cfg.domain ];

     

       34
       34
       -
           services.nginx = {

     

       35
       35
       -
             enable = true;

     

       36
       36
       -
             recommendedProxySettings = true;

     

       37
       37
       -
             virtualHosts."${cfg.domain}" = {

     

       38
       38
       -
               forceSSL = true;

     

       39
       39
       -
               root = "${colour-guesser.packages.${pkgs.stdenv.hostPlatform.system}.default}";

     

       40
       40
       -
             };

     

       41
       41
       -
           };

     

       42
       42
       -
       

     

       43
       43
       -
           # requires dns module

     

       44
       44
       -
           eilean.services.dns.zones.${config.networking.domain}.records = [

     

       45
       45
       -
             {

     

       46
       46
       -
               name = "${cfg.domain}.";

     

       47
       47
       -
               type = "CNAME";

     

       48
       48
       -
               value = cfg.cname;

     

       49
       49
       -
             }

     

       50
       50
       -
             {

     

       51
       51
       -
               name = "www.${cfg.domain}.";

     

       52
       52
       -
               type = "CNAME";

     

       53
       53
       -
               value = cfg.cname;

     

       54
       54
       -
             }

     

       55
       55
       -
           ];

     

       56
       56
       -
         };

     

       57
       57
       -
       }

+2 -2

modules/ryan-website.nix

···

       1
       1
        
       {

     

       2
       2
       -
         pkgs,

     

       3
       2
        
         config,

     

       4
       3
        
         lib,

     

       5
       5
       -
         ryan-website,

     

       6
       4
        
         ...

     

       7
       5
        
       }:

     

       8
       6
        
       

     
···

       44
       42
        
               "${cfg.domain}" = {

     

       45
       43
        
                 forceSSL = true;

     

       46
       44
        
                 root = "/var/www/ryan.freumh.org/";

     

       45
       45
       +
                 locations."/".index = "home.html index.html";

     

       47
       46
        
                 locations."/teapot".extraConfig = ''

     

       48
       47
        
                   return 418;

     

       49
       48
        
                 '';

     

       49
       49
       +
                 locations."/var/".alias = "/var/www/var/";

     

       50
       50
        
                 extraConfig = ''

     

       51
       51
        
                   error_page 403 =404 /404.html;

     

       52
       52
        
                   error_page 404 /404.html;

+8 -1

nix-on-droid/default.nix

···

       1
       1
       +
       # TODO there has to be a better way of getting this in here

     

       2
       2
       +
       inputs:

     

       3
       3
       +
       

     

       1
       4
        
       {

     

       2
       5
        
         pkgs,

     

       3
       6
        
         config,

     
···

       24
       27
        
       

     

       25
       28
        
         home-manager = {

     

       26
       29
        
           useGlobalPkgs = true;

     

       30
       30
       +
           extraSpecialArgs = {

     

       31
       31
       +
             i3-workspace-history = inputs.i3-workspace-history;

     

       32
       32
       +
             timewall = inputs.timewall;

     

       33
       33
       +
           };

     

       27
       34
        
           config =

     

       28
       35
        
             { pkgs, lib, ... }:

     

       29
       36
        
             {

     
···

       67
       74
        
               };

     

       68
       75
        
       

     

       69
       76
        
               home.sessionVariables = {

     

       70
       70
       -
                 LEDGER_FILE = "~/storage/Documents/vault/finaces.ledger";

     

       77
       77
       +
                 LEDGER_FILE = "~/storage/Documents/vault/finances.ledger";

     

       71
       78
        
               };

     

       72
       79
        
       

     

       73
       80
        
               home.stateVersion = "22.05";

secrets/secrets.nix

···

       47
       47
        
           owl

     

       48
       48
        
         ];

     

       49
       49
        
         "eon-sirref-primary.cap.age".publicKeys = user ++ [ owl ];

     

       50
       50
       +
         "tangled.age".publicKeys = user ++ [ owl ];

     

       50
       51
        
       }

secrets/tangled.age

···

       1
       1
       +
       age-encryption.org/v1

     

       2
       2
       +
       -> ssh-ed25519 2wDnOw Ttbl5LTzHDAP3kG7kbRErJr+ayerVYZIWZeLPmZmD0U

     

       3
       3
       +
       Uvon5zchwp3jwP/wHJ5/jIrmDhSVOxGKEhLGPtnQj9w

     

       4
       4
       +
       -> ssh-ed25519 suwb0g N+Z7lyQailIdkJMiCuFapSN3LhYphejMvB0x4Au1zBI

     

       5
       5
       +
       dC6ju3bdhzyLB19/WFwgmr+HxTG9vd2fO/EB/WYjodM

     

       6
       6
       +
       --- s2WjTwvpTi8jhAn0/yqBcTmzh77wbpYulovyEdGE7KQ

     

       7
       7
       +
       G����}w����{� n�od&i,V����U��%�'!R46�{>� )>to�]Hh�����2F��A����Tv�!�;���)R�lM%U=|W"?*��e��"����i�KB�F

-43

templates/host/default.nix

···

       1
       1
       -
       {

     

       2
       2
       -
         pkgs,

     

       3
       3
       -
         lib,

     

       4
       4
       -
         config,

     

       5
       5
       -
         ...

     

       6
       6
       -
       }:

     

       7
       7
       -
       

     

       8
       8
       -
       {

     

       9
       9
       -
         imports = [

     

       10
       10
       -
           ./hardware-configuration.nix

     

       11
       11
       -
         ];

     

       12
       12
       -
       

     

       13
       13
       -
         boot.loader.grub = {

     

       14
       14
       -
           enable = true;

     

       15
       15
       -
           device = "nodev";

     

       16
       16
       -
           efiSupport = true;

     

       17
       17
       -
         };

     

       18
       18
       -
         boot.loader.efi.canTouchEfiVariables = true;

     

       19
       19
       -
       

     

       20
       20
       -
         custom = {

     

       21
       21
       -
           enable = true;

     

       22
       22
       -
           #tailscale = true;

     

       23
       23
       -
           #laptop = true;

     

       24
       24
       -
           #gui.i3 = true;

     

       25
       25
       -
           #gui.sway = true;

     

       26
       26
       -
           #workstation = true;

     

       27
       27
       -
           #autoUpgrade.enable = true;

     

       28
       28
       -
           homeManager.enable = true;

     

       29
       29
       -
         };

     

       30
       30
       -
       

     

       31
       31
       -
         home-manager.users.${config.custom.username} = {

     

       32
       32
       -
           custom = {

     

       33
       33
       -
             machineColour = "blue";

     

       34
       34
       -
           };

     

       35
       35
       -
         };

     

       36
       36
       -
       

     

       37
       37
       -
         environment.systemPackages = with pkgs; [

     

       38
       38
       -
           coreutils

     

       39
       39
       -
         ];

     

       40
       40
       -
       

     

       41
       41
       -
         networking.networkmanager.enable = true;

     

       42
       42
       -
         # services.openssh.openFirewall = true;

     

       43
       43
       -
       }

Compare changes