diff --git a/flake.nix b/flake.nix index 64d8ab7..25b9640 100644 --- a/flake.nix +++ b/flake.nix @@ -98,7 +98,7 @@ statix = { enable = true; }; }; settings = { - statix.ignore = [ "*hardware{_,-}configuration.nix" ]; + statix.ignore = [ "*hardware_configuration.nix" ]; }; }; }; @@ -114,9 +114,8 @@ flake = let - inherit (import ./modules) utils mkHosts; - - hosts = mkHosts { inherit inputs; }; + hosts = import ./modules/hosts; + utils = import ./utils.nix; rawInputs = { inherit (inputs) nixpkgs nixpkgs-unstable nixos-unstable; diff --git a/modules/_oakleaf/default.nix b/modules/_oakleaf/default.nix deleted file mode 100644 index 958608a..0000000 --- a/modules/_oakleaf/default.nix +++ /dev/null @@ -1 +0,0 @@ -_: { } diff --git a/modules/archived/mysql.nix b/modules/archived/mysql.nix deleted file mode 100644 index 8669efa..0000000 --- a/modules/archived/mysql.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ pkgs, ... }: { - services.mysql = { - package = pkgs.mysql80; - enable = true; - }; -} diff --git a/modules/base/default.nix b/modules/base/default.nix new file mode 100644 index 0000000..28c5cc4 --- /dev/null +++ b/modules/base/default.nix @@ -0,0 +1,27 @@ +{ lib, ... }: { + imports = [ + ./efi-grub.nix + + ./aliases.nix + ./allow-unfree.nix + ./colmena.nix + ./direnv.nix + ./enable-flakes.nix + ./FIXES.nix + ./git.nix + ./helix + ./hm.nix + ./pass.nix + ./pkgs.nix + ./sops.nix + ./ssh.nix + ./starship.nix + ./swedish-locale.nix + ./user.nix + ./zsh.nix + ./opengl.nix + ]; + + custom.efi-grub.enable = lib.mkDefault true; + +} diff --git a/modules/base/efi-grub.nix b/modules/base/efi-grub.nix new file mode 100644 index 0000000..99cd2d3 --- /dev/null +++ b/modules/base/efi-grub.nix @@ -0,0 +1,23 @@ +{ config, lib, ... }: +let cfg = config.custom.efi-grub; in with lib; { + options.custom.efi-grub.enable = mkEnableOption "efi-grub"; + + config = lib.mkIf cfg.enable { + boot = { + #kernelParams = [ "quiet" "splash" ]; + loader = { + efi.canTouchEfiVariables = true; + timeout = 10; + grub = { + enable = true; + efiSupport = true; + device = "nodev"; + extraConfig = '' + GRUB_HIDDEN_TIMEOUT=10 + GRUB_HIDDEN_TIMEOUT_QUIET=false + ''; + }; + }; + }; + }; +} diff --git a/modules/base/opengl.nix b/modules/base/opengl.nix new file mode 100644 index 0000000..afe9143 --- /dev/null +++ b/modules/base/opengl.nix @@ -0,0 +1,3 @@ +_: { + hardware.opengl.enable = true; +} diff --git a/modules/base/_pubkeys/id_rsa_mothership.pub b/modules/base/pubkeys/id_rsa_mothership.pub similarity index 100% rename from modules/base/_pubkeys/id_rsa_mothership.pub rename to modules/base/pubkeys/id_rsa_mothership.pub diff --git a/modules/base/ssh.nix b/modules/base/ssh.nix index af57c24..ca5d557 100644 --- a/modules/base/ssh.nix +++ b/modules/base/ssh.nix @@ -23,7 +23,7 @@ with lib; { }; # allow these clients to connect users.users."ejg".openssh.authorizedKeys.keyFiles = [ - ./_pubkeys/id_rsa_mothership.pub + ./pubkeys/id_rsa_mothership.pub ]; # let colmena know about the identity file my.home.sessionVariables."SSH_CONFIG_FILE" = pkgs.writeText "colmena-ssh-config" '' @@ -37,8 +37,7 @@ with lib; { startAgent = true; extraConfig = let - inherit ((import ../.)) mkHosts; - hosts = mkHosts { }; + hosts = import ../hosts; hostStrings = lib.mapAttrsToList ( diff --git a/modules/can-hibernate.nix b/modules/can-hibernate.nix deleted file mode 100644 index 2f51ba6..0000000 --- a/modules/can-hibernate.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ config -, pkgs -, ... -}: { - environment.systemPackages = [ pkgs.pmutils ]; - my.home.shellAliases."hib" = "sudo pm-hibernate"; - - boot.resumeDevice = (builtins.head config.swapDevices)."device"; -} diff --git a/modules/crown/configuration.nix b/modules/crown/configuration.nix deleted file mode 100644 index f8f6b5b..0000000 --- a/modules/crown/configuration.nix +++ /dev/null @@ -1,14 +0,0 @@ -_: { - networking.hostName = "crown"; - - networking = { - useDHCP = false; - interfaces = { - "enp2s0".useDHCP = true; - "wlp5s0".useDHCP = false; - }; - }; - - system.stateVersion = "22.11"; - my.home.stateVersion = "22.11"; -} diff --git a/modules/crown/hardware_configuration.nix b/modules/crown/hardware_configuration.nix deleted file mode 100644 index 8d458e6..0000000 --- a/modules/crown/hardware_configuration.nix +++ /dev/null @@ -1,42 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config -, lib -, modulesPath -, ... -}: { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ohci_pci" "ehci_pci" "usb_storage" "usbhid" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/bb38b89d-a3e5-4796-a87d-03fdb3f7c6cb"; - fsType = "ext4"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/491E-77EE"; - fsType = "vfat"; - }; - - swapDevices = [ - { device = "/dev/disk/by-uuid/3bafb087-bee6-4aac-92bf-a63d0fbdc8b3"; } - ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp2s0.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/modules/crown/invidious.nix b/modules/crown/invidious.nix deleted file mode 100644 index 3e0265c..0000000 --- a/modules/crown/invidious.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ config, ... }: { - services.invidious.enable = true; - - # setup ports - services.invidious = { - port = 34030; - database.port = 34031; - settings = { - quality = "dash"; - quality_dash = "1080p"; - }; - }; - - networking.firewall.allowedTCPPorts = [ - config.services.invidious.port - config.services.invidious.database.port - ]; -} diff --git a/modules/default.nix b/modules/default.nix deleted file mode 100644 index b50a7ea..0000000 --- a/modules/default.nix +++ /dev/null @@ -1,80 +0,0 @@ -rec { - utils = import ./utils.nix; - - abstract = rec { - base = utils.dirFiles ./base; - pc = base ++ utils.dirFiles ./pc; - }; - - mkHosts = { inputs ? { } }: with abstract; - utils.mkModules rec { - - "void" = { - ip = "192.168.0.3"; - extraModuleDirs = [ base ]; - extraModules = [ - ./uses-efi-grub.nix - ./can-hibernate.nix - ./mailserver/client.nix - ./uses-nvidia.nix - ]; - }; - - "seneca" = { - ip = "192.168.0.4"; - extraModuleDirs = [ pc ]; - extraModules = [ - ./uses-efi-grub.nix - ./can-hibernate.nix - ]; - }; - - "fenix" = { - ip = "95.217.219.33"; - extraModuleDirs = [ base ]; - }; - - "_oakleaf" = { - ip = "127.0.0.1"; - extraModuleDirs = [ pc ]; - extraModules = [ - ./uses-efi-grub.nix - ./can-hibernate.nix - ]; - }; - - "oakleaf-home" = _oakleaf // { - extraModuleDirs = _oakleaf.extraModuleDirs ++ [ - (utils.dirFiles ./oakleaf) - ]; - extraModules = _oakleaf.extraModules ++ [ - ./oakleaf/_spec-home.nix - ]; - }; - - "oakleaf-laptop" = _oakleaf // { - extraModuleDirs = _oakleaf.extraModuleDirs ++ [ - (utils.dirFiles ./oakleaf) - ]; - extraModules = _oakleaf.extraModules ++ [ - ./oakleaf/_laptop-pape.nix - ]; - }; - - "stoneheart" = { - ip = "127.0.0.1"; - extraModuleDirs = [ pc ]; - extraModules = [ - ./uses-efi-grub.nix - ./uses-nvidia.nix - ]; - }; - "weasel" = { - ip = "127.0.0.1"; - extraModuleDirs = [ base ]; - extraModules = [ - inputs.wsl.nixosModules.default - ]; - }; - }; -} diff --git a/modules/fenix/configuration.nix b/modules/fenix/configuration.nix deleted file mode 100644 index 3b85a47..0000000 --- a/modules/fenix/configuration.nix +++ /dev/null @@ -1,16 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). -{ lib, ... }: { - # Use the GRUB 2 boot loader. - boot.loader.grub.device = lib.mkForce "/dev/sda"; - - networking.hostName = "fenix"; # Define your hostname. - - services.openssh = { - enable = true; - }; - - system.stateVersion = "22.11"; # Did you read the comment? - my.home.stateVersion = "22.11"; # Did you read the comment? -} diff --git a/modules/fenix/hardware-configuration.nix b/modules/fenix/hardware-configuration.nix deleted file mode 100644 index 9c2df61..0000000 --- a/modules/fenix/hardware-configuration.nix +++ /dev/null @@ -1,36 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config -, lib -, modulesPath -, ... -}: { - imports = [ - (modulesPath + "/profiles/qemu-guest.nix") - ]; - - boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/051c3c46-366b-4fd6-bf12-14fa557ee5d7"; - fsType = "ext4"; - }; - - swapDevices = [ - { device = "/dev/disk/by-uuid/4ec12da4-fba5-4e6f-a3f0-6c3f488386a2"; } - ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/modules/hosts/default.nix b/modules/hosts/default.nix new file mode 100644 index 0000000..7cd804a --- /dev/null +++ b/modules/hosts/default.nix @@ -0,0 +1,32 @@ +rec { + "void" = { + ip = "192.168.0.3"; + modules = [ ./void ]; + }; + + "seneca" = { + ip = "192.168.0.4"; + modules = [ ./seneca ]; + }; + + "_oakleaf" = { + ip = "127.0.0.1"; + modules = [ ./oakleaf ]; + }; + + "oakleaf-home" = _oakleaf // { + modules = [ ./oakleaf/spec-home.nix ]; + }; + + "oakleaf-laptop" = _oakleaf; + + "weasel" = { + ip = "127.0.0.1"; + modules = [ ./weasel ]; + }; + "stoneheart" = { + ip = "127.0.0.1"; + modules = [ ./stoneheart ]; + }; +} + diff --git a/modules/oakleaf/configuration.nix b/modules/hosts/oakleaf/configuration.nix similarity index 79% rename from modules/oakleaf/configuration.nix rename to modules/hosts/oakleaf/configuration.nix index ab3f101..f95fe5a 100644 --- a/modules/oakleaf/configuration.nix +++ b/modules/hosts/oakleaf/configuration.nix @@ -2,9 +2,12 @@ # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running `nixos-help`). _: { + + imports = [ + ./hardware-configuration.nix + ]; + networking.hostName = "oakleaf"; system.stateVersion = "23.05"; # Did you read the comment? my.home.stateVersion = "23.05"; - # nix.settings.ssl-cert-file = "/var/lib/cert.crt"; - hardware.opengl.enable = true; } diff --git a/modules/hosts/oakleaf/default.nix b/modules/hosts/oakleaf/default.nix new file mode 100644 index 0000000..9cb2f69 --- /dev/null +++ b/modules/hosts/oakleaf/default.nix @@ -0,0 +1,9 @@ +_: { + + imports = [ + ../../pc + + ./configuration.nix + ]; + +} diff --git a/modules/oakleaf/hardware-configuration.nix b/modules/hosts/oakleaf/hardware_configuration.nix similarity index 100% rename from modules/oakleaf/hardware-configuration.nix rename to modules/hosts/oakleaf/hardware_configuration.nix diff --git a/modules/oakleaf/_spec-home.nix b/modules/hosts/oakleaf/spec-home.nix similarity index 99% rename from modules/oakleaf/_spec-home.nix rename to modules/hosts/oakleaf/spec-home.nix index 1a80d32..6e34a3f 100644 --- a/modules/oakleaf/_spec-home.nix +++ b/modules/hosts/oakleaf/spec-home.nix @@ -1,5 +1,8 @@ { config, lib, pkgs, ... }: { + + imports = [ ./. ]; + services.xserver.videoDrivers = [ "displaylink" "modesetting" ]; services.xserver.displayManager.sessionCommands = '' ${lib.getBin pkgs.xorg.xrandr}/bin/xrandr --setprovideroutputsource 2 0 diff --git a/modules/seneca/configuration.nix b/modules/hosts/seneca/configuration.nix similarity index 67% rename from modules/seneca/configuration.nix rename to modules/hosts/seneca/configuration.nix index ffd9f96..47b9d1e 100644 --- a/modules/seneca/configuration.nix +++ b/modules/hosts/seneca/configuration.nix @@ -1,4 +1,8 @@ _: { + imports = [ + ./hardware_configuration.nix + ]; + networking.hostName = "seneca"; system.stateVersion = "22.05"; diff --git a/modules/hosts/seneca/default.nix b/modules/hosts/seneca/default.nix new file mode 100644 index 0000000..971c068 --- /dev/null +++ b/modules/hosts/seneca/default.nix @@ -0,0 +1,11 @@ +_: { + imports = [ + ../../pc + + ./configuration.nix + + ./drive.nix + ./stay-awake.nix + ]; +} + diff --git a/modules/seneca/drive.nix b/modules/hosts/seneca/drive.nix similarity index 100% rename from modules/seneca/drive.nix rename to modules/hosts/seneca/drive.nix diff --git a/modules/seneca/hardware_configuration.nix b/modules/hosts/seneca/hardware_configuration.nix similarity index 100% rename from modules/seneca/hardware_configuration.nix rename to modules/hosts/seneca/hardware_configuration.nix diff --git a/modules/stoneheart/configuration.nix b/modules/hosts/stoneheart/configuration.nix similarity index 87% rename from modules/stoneheart/configuration.nix rename to modules/hosts/stoneheart/configuration.nix index ea42153..d3ce7fa 100644 --- a/modules/stoneheart/configuration.nix +++ b/modules/hosts/stoneheart/configuration.nix @@ -2,6 +2,11 @@ # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running `nixos-help`). _: { + + imports = [ + ./hardware_configuration.nix + ]; + networking.hostName = "stoneheart"; # Define your hostname. system.stateVersion = "23.05"; # Did you read the comment? my.home.stateVersion = "23.05"; diff --git a/modules/hosts/stoneheart/default.nix b/modules/hosts/stoneheart/default.nix new file mode 100644 index 0000000..1302c46 --- /dev/null +++ b/modules/hosts/stoneheart/default.nix @@ -0,0 +1,13 @@ +_: { + imports = [ + ../../pc + + ../../uses-nvidia.nix + + ./configuration.nix + ./force-nvidia-pipeline.nix + ./disko.nix + ./screens.nix + ./nginx.nix + ]; +} diff --git a/modules/stoneheart/disko.nix b/modules/hosts/stoneheart/disko.nix similarity index 100% rename from modules/stoneheart/disko.nix rename to modules/hosts/stoneheart/disko.nix diff --git a/modules/stoneheart/force-nvidia-pipeline.nix b/modules/hosts/stoneheart/force-nvidia-pipeline.nix similarity index 100% rename from modules/stoneheart/force-nvidia-pipeline.nix rename to modules/hosts/stoneheart/force-nvidia-pipeline.nix diff --git a/modules/stoneheart/hardware-configuration.nix b/modules/hosts/stoneheart/hardware_configuration.nix similarity index 100% rename from modules/stoneheart/hardware-configuration.nix rename to modules/hosts/stoneheart/hardware_configuration.nix diff --git a/modules/stoneheart/nginx.nix b/modules/hosts/stoneheart/nginx.nix similarity index 100% rename from modules/stoneheart/nginx.nix rename to modules/hosts/stoneheart/nginx.nix diff --git a/modules/stoneheart/screens.nix b/modules/hosts/stoneheart/screens.nix similarity index 100% rename from modules/stoneheart/screens.nix rename to modules/hosts/stoneheart/screens.nix diff --git a/modules/void/configuration.nix b/modules/hosts/void/configuration.nix similarity index 66% rename from modules/void/configuration.nix rename to modules/hosts/void/configuration.nix index 548926f..3a5a6a2 100644 --- a/modules/void/configuration.nix +++ b/modules/hosts/void/configuration.nix @@ -1,4 +1,9 @@ _: { + + imports = [ + ./hardware_configuration.nix + ]; + networking.hostName = "void"; system.stateVersion = "22.11"; my.home.stateVersion = "22.11"; diff --git a/modules/hosts/void/default.nix b/modules/hosts/void/default.nix new file mode 100644 index 0000000..136012f --- /dev/null +++ b/modules/hosts/void/default.nix @@ -0,0 +1,14 @@ +_: { + imports = [ + ../../base + + ../../uses-nvidia.nix + + ./configuration.nix + + ./media + + ./nginx.nix + ./porkbun.nix + ]; +} diff --git a/modules/void/hardware_configuration.nix b/modules/hosts/void/hardware_configuration.nix similarity index 100% rename from modules/void/hardware_configuration.nix rename to modules/hosts/void/hardware_configuration.nix diff --git a/modules/void/arr.nix b/modules/hosts/void/media/arr.nix similarity index 100% rename from modules/void/arr.nix rename to modules/hosts/void/media/arr.nix diff --git a/modules/hosts/void/media/default.nix b/modules/hosts/void/media/default.nix new file mode 100644 index 0000000..72af737 --- /dev/null +++ b/modules/hosts/void/media/default.nix @@ -0,0 +1,10 @@ +_: { + imports = [ + ./arr.nix + ./flood.nix + ./invidious.nix + ./jellyfin.nix + ./navidrome.nix + ./torrenting.nix + ]; +} diff --git a/modules/void/flood.nix b/modules/hosts/void/media/flood.nix similarity index 100% rename from modules/void/flood.nix rename to modules/hosts/void/media/flood.nix diff --git a/modules/void/invidious.nix b/modules/hosts/void/media/invidious.nix similarity index 100% rename from modules/void/invidious.nix rename to modules/hosts/void/media/invidious.nix diff --git a/modules/void/jellyfin.nix b/modules/hosts/void/media/jellyfin.nix similarity index 100% rename from modules/void/jellyfin.nix rename to modules/hosts/void/media/jellyfin.nix diff --git a/modules/void/navidrome.nix b/modules/hosts/void/media/navidrome.nix similarity index 66% rename from modules/void/navidrome.nix rename to modules/hosts/void/media/navidrome.nix index e9e77f4..3cc750e 100644 --- a/modules/void/navidrome.nix +++ b/modules/hosts/void/media/navidrome.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, ... }: +{ config, pkgs, lib, self, ... }: { services.navidrome = { @@ -48,37 +48,20 @@ Group = "navidrome"; }; - sops.secrets = { - - "last_fm/api_key" = { - sopsFile = ../../secrets/navidrome.yaml; - mode = "0440"; - owner = "navidrome"; - group = "navidrome"; - }; - - "last_fm/shared_secret" = { - sopsFile = ../../secrets/navidrome.yaml; - mode = "0440"; - owner = "navidrome"; - group = "navidrome"; - }; - - "spotify/id" = { - sopsFile = ../../secrets/navidrome.yaml; - mode = "0440"; - owner = "navidrome"; - group = "navidrome"; - }; - - "spotify/secret" = { - sopsFile = ../../secrets/navidrome.yaml; - mode = "0440"; - owner = "navidrome"; - group = "navidrome"; - }; - - }; + sops.secrets = + lib.genAttrs + [ + "last_fm/api_key" + "last_fm/shared_secret" + "spotify/id" + "spotify/secret" + ] + (_: { + sopsFile = "${self}/secrets/navidrome.yaml"; + mode = "0440"; + owner = "navidrome"; + group = "navidrome"; + }); } diff --git a/modules/void/torrenting.nix b/modules/hosts/void/media/torrenting.nix similarity index 100% rename from modules/void/torrenting.nix rename to modules/hosts/void/media/torrenting.nix diff --git a/modules/void/nginx.nix b/modules/hosts/void/nginx.nix similarity index 100% rename from modules/void/nginx.nix rename to modules/hosts/void/nginx.nix diff --git a/modules/hosts/void/porkbun.nix b/modules/hosts/void/porkbun.nix new file mode 100644 index 0000000..5c9f72b --- /dev/null +++ b/modules/hosts/void/porkbun.nix @@ -0,0 +1,96 @@ +{ config +, pkgs +, lib +, self +, ... +}: +let + service = "porkbun-ddns"; + user = "root"; + User = user; + owner = user; + group = "root"; + Group = group; + + secret = service; +in +{ + users.groups = lib.mkIf (group == service) { + ${service} = { }; + }; + + users.users = lib.mkIf (user == service) { + ${service} = { + inherit group; + description = "${service} daemon user"; + isSystemUser = true; + }; + }; + + sops.secrets.${secret} = { + sopsFile = "${self}/secrets/${secret}.yaml"; + mode = "0440"; + inherit owner group; + }; + + systemd = { + timers.${service} = { + wantedBy = [ "timers.target" ]; + after = [ "network-online.target" ]; + timerConfig = { + OnBootSec = "10"; + OnUnitActiveSec = "1h"; + Unit = "${service}.service"; + }; + }; + + services.${service} = + let + domain = "emanueljg.com"; + skPath = config.sops.secrets.${secret}.path; + pk = "pk1_78185aaeb4231ae38f608c4d8c2eceeb7219c79bfff11727b1e32701915f8944"; + endpoint = "https://porkbun.com/api/json/v3/dns/editByNameType/${domain}/A/*"; + porkbun-json = pkgs.writeTextFile { + name = "porkbun-json-details"; + # not using builtins.toJSON because it's not valid json; it has args for jq in it. + text = '' + { + "secretapikey": $secretapikey, + "apikey": "${pk}", + "content": $current_ip + } + ''; + }; + + cmd = pkgs.writeShellApplication { + name = "update-porkbun-ip"; + runtimeInputs = [ pkgs.curl pkgs.dig pkgs.jq ]; + text = '' + CURRENT_IP="$(curl -s ifconfig.me)" + PORKBUN_IP="$(dig +short www.${domain})" + if [ "$CURRENT_IP" != "$PORKBUN_IP" ]; then + curl \ + -X 'POST' \ + --json "$(jq \ + --null-input \ + --arg 'secretapikey' "$(cat ${skPath})" \ + --arg 'current_ip' "$CURRENT_IP" \ + "$(cat ${porkbun-json})")" \ + '${endpoint}' + else + echo 'IP has not changed, doing nothing.' + exit 0 + fi + ''; + }; + in + { + serviceConfig = { + Type = "oneshot"; + inherit User Group; + ExecStart = lib.getExe cmd; + }; + }; + }; +} + diff --git a/modules/weasel/default.nix b/modules/hosts/weasel/default.nix similarity index 68% rename from modules/weasel/default.nix rename to modules/hosts/weasel/default.nix index 0f289da..a6a9d96 100644 --- a/modules/weasel/default.nix +++ b/modules/hosts/weasel/default.nix @@ -1,6 +1,11 @@ _: { + + imports = [ + ../../base + ./wsl.nix + ]; + my.home.stateVersion = "23.11"; system.stateVersion = "23.11"; - wsl.enable = true; networking.hostName = "weasel"; } diff --git a/modules/hosts/weasel/wsl.nix b/modules/hosts/weasel/wsl.nix new file mode 100644 index 0000000..eb95f92 --- /dev/null +++ b/modules/hosts/weasel/wsl.nix @@ -0,0 +1,10 @@ +{ wsl, lib, ... }: { + + imports = [ + wsl.nixosModules.default + ]; + + wsl.enable = lib.mkForce true; + + custom.efi-grub.enable = false; +} diff --git a/modules/oakleaf-home/default.nix b/modules/oakleaf-home/default.nix deleted file mode 100644 index 958608a..0000000 --- a/modules/oakleaf-home/default.nix +++ /dev/null @@ -1 +0,0 @@ -_: { } diff --git a/modules/oakleaf/_laptop-pape.nix b/modules/oakleaf/_laptop-pape.nix deleted file mode 100644 index e93262a..0000000 --- a/modules/oakleaf/_laptop-pape.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ lib, pkgs, ... }: { - my.xsession.windowManager.i3.config.startup = lib.mkForce [ - { - command = "${lib.getBin pkgs.feh} ${lib.cli.toGNUCommandLineShell {} { - output = "eDP-1"; - bg = true; - }} ~/papes/tavern.jpg"; - always = true; - notification = false; - } - ]; -} diff --git a/modules/oakleaf/my-web-app.nix b/modules/oakleaf/my-web-app.nix deleted file mode 100644 index 039646e..0000000 --- a/modules/oakleaf/my-web-app.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ my-web-app, ... }: { - imports = [ - my-web-app.nixosModules.default - ]; - services.my-web-app = { - enable = true; - reverseProxy = { - enable = true; - virtualHost = { - serverName = "webapp.emanueljg.com"; - }; - }; - }; -} - diff --git a/modules/oakleaf/tf-vault-backend.nix b/modules/oakleaf/tf-vault-backend.nix deleted file mode 100644 index 9a9ef35..0000000 --- a/modules/oakleaf/tf-vault-backend.nix +++ /dev/null @@ -1,63 +0,0 @@ -{ tf-vault-backend, pkgs, config, ... }: { - imports = [ - tf-vault-backend.nixosModules.default - ]; - services.tf-vault-backend = { - enable = true; - vault = { - address = "localhost:8200"; - }; - backend = { }; - }; - - systemd.services.vault-testing-init = { - wantedBy = [ "vault.service" ]; - after = [ "network-online.target" "vault.service" ]; - before = [ "tf-vault-backend.service" ]; - serviceConfig = { - ExecStart = pkgs.writeShellApplication { - name = "vault-testing-init"; - runtimeInputs = with pkgs; [ - jq - config.services.tf-vault-backend.vault.package - ]; - text = '' - init_status="$(vault operator init \ - -status \ - -format=json \ - | jq -r '.Initialized' - )" - echo "$init_status" - - if [ "$init_status" == "true" ]; then - echo "Vault already initialized. OK!" - exit 0 - fi - - unseal_key="$(vault operator init \ - -key-shares=1 \ - -key-threshold=1 \ - -format=json \ - | jq -r '.unseal_keys_b64.[0]' - )" - echo "$unseal_key" - - unseal_status="$(vault operator unseal \ - -format=json \ - "$unseal_key" \ - | jq -r '.sealed' - )" - echo "$unseal_status" - - if ! [ "$unseal_status" = "false" ]; then - echo "Unseal did not work." 1>&2 - exit 1 - fi - - echo "Unsealing done. Bye!" - ''; - }; - }; - }; - -} diff --git a/modules/oakleaf/wine.nix b/modules/oakleaf/wine.nix deleted file mode 100644 index c50b350..0000000 --- a/modules/oakleaf/wine.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ pkgs, ... }: { - environment.systemPackages = with pkgs; [ - # ... - - # support both 32- and 64-bit applications - wineWowPackages.stable - - # winetricks (all versions) - winetricks - - ]; -} diff --git a/modules/pc/_rtorrent.nix b/modules/pc/_rtorrent.nix deleted file mode 100644 index 0a7fc7b..0000000 --- a/modules/pc/_rtorrent.nix +++ /dev/null @@ -1,42 +0,0 @@ -{ config -, pkgs -, ... -}: { - services.rtorrent = { - enable = true; - dataDir = "/mnt/data/rtorrent"; - downloadDir = "/home/ejg/rtorrent-dl"; - openFirewall = true; - group = "lighttpd"; - # configText = '' - # # scgi_local = ${config.services.rtorrent.rpcSocket} - # ''; - }; - services.lighttpd = { - enable = true; - extraConfig = '' - server.modules += ( "mod_scgi" ) - scgi.server = ( - "/RPC2" => - ( "127.0.0.1" => - ( - "socket" => "${config.services.rtorrent.rpcSocket}", - "check-local" => "disable", - "disable-time" => 0, # don't disable scgi if connection fails - ) - ) - ) - ''; - }; - # services.nginx = { - # enable = true; - # virtualHosts."localhost" = { - # locations."/RPC2".extraConfig = '' - # scgi_pass 127.0.0.1:5000; - # include scgi_vars; - # scgi_var SCRIPT_NAME /RPC2; - # ''; - # }; - # }; - my.home.packages = with pkgs; [ rtorrent ]; -} diff --git a/modules/pc/default.nix b/modules/pc/default.nix new file mode 100644 index 0000000..984216d --- /dev/null +++ b/modules/pc/default.nix @@ -0,0 +1,44 @@ +{ lib, ... }: { + imports = [ + ../base + + ./stay-awake.nix + ./hibernation.nix + + ./ani-cli.nix + ./bluetooth.nix + ./docker.nix + ./extra-mounts.nix + ./f5fpc.nix + ./firefox.nix + ./go.nix + ./i3.nix + ./kitty.nix + ./networkmanager.nix + ./newsboat.nix + ./nodejs.nix + ./pavucontrol.nix + ./phone.nix + ./picom.nix + ./pkgs.nix + ./polybar.nix + ./pyradio.nix + ./python.nix + ./qutebrowser + ./rust.nix + ./slack.nix + ./slock.nix + ./sound.nix + ./terraform.nix + ./virt.nix + ./x.nix + ./ytfzf.nix + ./yubikey.nix + ]; + + custom = { + hibernation.enable = lib.mkDefault true; + stay-awake.enable = lib.mkDefault true; + }; + +} diff --git a/modules/pc/hibernation.nix b/modules/pc/hibernation.nix new file mode 100644 index 0000000..01223aa --- /dev/null +++ b/modules/pc/hibernation.nix @@ -0,0 +1,13 @@ +{ config, pkgs, lib, ... }: +let cfg = config.custom.hibernation; in with lib; { + + options.custom.hibernation.enable = mkEnableOption "hibernation"; + + config = mkIf cfg.enable { + + environment.systemPackages = [ pkgs.pmutils ]; + my.home.shellAliases."hib" = "sudo pm-hibernate"; + + boot.resumeDevice = (builtins.head config.swapDevices)."device"; + }; +} diff --git a/modules/pc/pkgs.nix b/modules/pc/pkgs.nix index 85d932d..bb76dfd 100644 --- a/modules/pc/pkgs.nix +++ b/modules/pc/pkgs.nix @@ -1,14 +1,8 @@ { pkgs, ... }: { my.home.packages = with pkgs; [ dmenu - i3status - i3lock xclip - vegur - material-design-icons feh - pv - jetbrains-mono mupdf openssl scrot @@ -17,6 +11,5 @@ }) jmtpfs arandr - deluge ]; } diff --git a/modules/pc/stay-awake.nix b/modules/pc/stay-awake.nix new file mode 100644 index 0000000..8ea3866 --- /dev/null +++ b/modules/pc/stay-awake.nix @@ -0,0 +1,14 @@ +{ config, lib, ... }: +let cfg = config.custom.stay-awake; in with lib; { + options.custom.stay-awake.enable = mkEnableOption "stay-awake"; + + config = mkIf cfg.enable { + services.logind.lidSwitch = "ignore"; + + systemd.targets = { + sleep.enable = false; + suspend.enable = false; + hybrid-sleep.enable = false; + }; + }; +} diff --git a/modules/seneca/stay-awake.nix b/modules/seneca/stay-awake.nix deleted file mode 100644 index 77296e0..0000000 --- a/modules/seneca/stay-awake.nix +++ /dev/null @@ -1,9 +0,0 @@ -_: { - services.logind.lidSwitch = "ignore"; - - systemd.targets = { - sleep.enable = false; - suspend.enable = false; - hybrid-sleep.enable = false; - }; -} diff --git a/modules/uses-efi-grub.nix b/modules/uses-efi-grub.nix deleted file mode 100644 index 97bf153..0000000 --- a/modules/uses-efi-grub.nix +++ /dev/null @@ -1,18 +0,0 @@ -_: { - boot = { - #kernelParams = [ "quiet" "splash" ]; - loader = { - efi.canTouchEfiVariables = true; - timeout = 10; - grub = { - enable = true; - efiSupport = true; - device = "nodev"; - extraConfig = '' - GRUB_HIDDEN_TIMEOUT=10 - GRUB_HIDDEN_TIMEOUT_QUIET=false - ''; - }; - }; - }; -} diff --git a/modules/utils.nix b/modules/utils.nix index 42a057e..691b9bf 100644 --- a/modules/utils.nix +++ b/modules/utils.nix @@ -4,17 +4,11 @@ let attrNames readDir mapAttrs - concatMap - isList filter split elemAt ; - flatten = x: - if isList x - then concatMap flatten x - else [ x ]; in rec { dirFiles = path: ( @@ -27,21 +21,6 @@ rec { ) ); - mkModules = hosts: ( - mapAttrs - ( - hostName: host: - host - // { - modules = - (host.extraModules or [ ]) - ++ (flatten (host.extraModuleDirs or [ ])) - ++ (dirFiles (./. + ("/" + hostName))); - } - ) - hosts - ); - systemify = system: rawInputs: ( mapAttrs (_name: input: import input { inherit system; }) diff --git a/modules/void/deluge.nix b/modules/void/deluge.nix deleted file mode 100644 index c8ec9e6..0000000 --- a/modules/void/deluge.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ config, ... }: { - services.deluge = { - enable = false; - - web = { - enable = true; - }; - - declarative = true; - config = { - "download_location" = "/mnt/data/dl"; - "dont_count_slow_torrents" = true; - "allow_remote" = true; - daemon_port = 58846; - }; - authFile = config.sops.secrets."deluge_auth".path; - }; - - sops.secrets."deluge_auth" = { - sopsFile = ../../secrets/deluge.yaml; - mode = "0440"; - owner = "deluge"; - group = "deluge"; - }; - - networking.firewall.allowedTCPPorts = [ config.services.deluge.config.daemon_port ]; - -} diff --git a/modules/void/porkbun.nix b/modules/void/porkbun.nix deleted file mode 100644 index 1d30620..0000000 --- a/modules/void/porkbun.nix +++ /dev/null @@ -1,75 +0,0 @@ -{ config -, pkgs -, lib -, ... -}: -let - service = "porkbun-ddns"; - user = "root"; - User = user; - owner = user; - group = "root"; - Group = group; - - secret = service; -in -{ - users.groups = lib.mkIf (group == service) { - ${service} = { }; - }; - - users.users = lib.mkIf (user == service) { - ${service} = { - inherit group; - description = "${service} daemon user"; - isSystemUser = true; - }; - }; - - sops.secrets.${secret} = { - sopsFile = ../../secrets/${secret}.yaml; - mode = "0440"; - inherit owner group; - }; - - systemd = { - timers.${service} = { - wantedBy = [ "timers.target" ]; - after = [ "network-online.target" ]; - timerConfig = { - OnBootSec = "10"; - OnUnitActiveSec = "1h"; - Unit = "${service}.service"; - }; - }; - - services.${service} = - let - domain = "emanueljg.com"; - skPath = config.sops.secrets.${secret}.path; - pk = "pk1_78185aaeb4231ae38f608c4d8c2eceeb7219c79bfff11727b1e32701915f8944"; - endpoint = "https://porkbun.com/api/json/v3/dns/editByNameType/${domain}/a/*"; - cmd = pkgs.writeShellScriptBin service '' - set -e - - CURRENT_IP="$(curl -s ifconfig.me)" - PORKBUN_IP="$(dig +short ${domain})" - if [ "$CURRENT_IP" != "$PORKBUN_IP" ]; then - curl -X POST ${endpoint} \ - -H 'Content-Type: application/json' \ - -d '{"secretapikey": '"\"$(cat ${skPath})\""','` - `'"apikey": "${pk}",'` - `'"content": '"\"$CURRENT_IP\""'}' - fi - ''; - in - { - path = with pkgs; [ curl dig ]; - serviceConfig = { - Type = "oneshot"; - ExecStart = "${cmd}/bin/${service}"; - inherit User Group; - }; - }; - }; -} diff --git a/modules/void/qbittorrent.nix b/modules/void/qbittorrent.nix deleted file mode 100644 index f2b733d..0000000 --- a/modules/void/qbittorrent.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ pkgs, ... }: -let - qbit = pkgs.qbittorrent; -in -{ - my.home.packages = [ - qbit - ]; - - my.xsession.windowManager.i3.config = { - assigns."10" = [{ class = "qBittorrent"; }]; - startup = [ - { - command = "${qbit}/bin/qbittorrent"; - always = false; - notification = true; - } - ]; - }; -} diff --git a/modules/void/vault.nix b/modules/void/vault.nix deleted file mode 100644 index 613c38f..0000000 --- a/modules/void/vault.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ pkgs, ... }: -let - address = "http://127.0.0.1:8200"; - package = pkgs.writeShellApplication { - name = "vault"; - runtimeInputs = with pkgs; [ vault ]; - text = '' - export VAULT_ADDR='${address}' - vault "$@" - ''; - }; -in -{ - services.vault = { - enable = true; - inherit package address; - dev = true; - devRootTokenID = "foo"; - }; - - my.home.packages = [ package ]; -} diff --git a/utils.nix b/utils.nix new file mode 100644 index 0000000..42a057e --- /dev/null +++ b/utils.nix @@ -0,0 +1,92 @@ +let + inherit + (builtins) + attrNames + readDir + mapAttrs + concatMap + isList + filter + split + elemAt + ; + + flatten = x: + if isList x + then concatMap flatten x + else [ x ]; +in +rec { + dirFiles = path: ( + map + (f: path + ("/" + f)) + ( + filter + (fn: (elemAt (split "_" fn) 0) != "") + (attrNames (readDir path)) + ) + ); + + mkModules = hosts: ( + mapAttrs + ( + hostName: host: + host + // { + modules = + (host.extraModules or [ ]) + ++ (flatten (host.extraModuleDirs or [ ])) + ++ (dirFiles (./. + ("/" + hostName))); + } + ) + hosts + ); + + systemify = system: rawInputs: ( + mapAttrs + (_name: input: import input { inherit system; }) + rawInputs + ); + + defaultSystem = "x86_64-linux"; + + hostSystem = host: host.system or defaultSystem; + + mkNixosConfigurations = + { hosts + , inputs + , rawInputs + , + }: ( + mapAttrs + (_hostName: host: + let + system = hostSystem host; + in + rawInputs.nixpkgs.lib.nixosSystem { + inherit system; + specialArgs = inputs // (systemify system rawInputs); + inherit (host) modules; + }) + hosts + ); + + mkColmenaHosts = hosts: ( + mapAttrs + (_hostName: host: { + imports = host.modules; + deployment = { + allowLocalDeployment = true; + targetUser = "ejg"; + targetHost = host.ip; + }; + }) + hosts + ); + + mkColmenaSystemizeInputs = hosts: rawInputs: ( + mapAttrs + (_hostName: host: systemify (hostSystem host) rawInputs) + hosts + ); +}