diff --git a/.envrc b/.envrc index 3550a30..a0818f4 100644 --- a/.envrc +++ b/.envrc @@ -1 +1,2 @@ +# shellcheck disable=SC2148 use flake diff --git a/configs/client.nix b/configs/client.nix index f591c3c..6e5383c 100644 --- a/configs/client.nix +++ b/configs/client.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ imports = [ ./common.nix @@ -7,7 +8,7 @@ ]; environment.systemPackages = with pkgs; [ - (ffmpeg-full.override {withUnfree = true;}) + (ffmpeg-full.override { withUnfree = true; }) fastfetch lazygit nixd @@ -15,8 +16,8 @@ hm.programs.keychain = { enable = true; - agents = ["ssh"]; - keys = ["id_ed25519"]; + agents = [ "ssh" ]; + keys = [ "id_ed25519" ]; }; networking = { @@ -24,7 +25,7 @@ networkmanager = { enable = true; dns = "systemd-resolved"; - plugins = [pkgs.networkmanager-fortisslvpn]; + plugins = [ pkgs.networkmanager-fortisslvpn ]; }; }; diff --git a/configs/common.nix b/configs/common.nix index c0291e4..f7ad2d4 100644 --- a/configs/common.nix +++ b/configs/common.nix @@ -10,20 +10,25 @@ vencord, hydro, ... -}: let +}: +let username = "leo"; stateVersion = "24.11"; - rootPassword = _utils.setupSingleSecret config "rootPassword" {}; + rootPassword = _utils.setupSingleSecret config "rootPassword" { }; secrets = _utils.setupSharedSecrets config { - secrets = ["userPassword" "tailscaleKey"]; + secrets = [ + "userPassword" + "tailscaleKey" + ]; }; -in { +in +{ imports = [ agenix.nixosModules.default home-manager.nixosModules.home-manager - (lib.mkAliasOptionModule ["hm"] ["home-manager" "users" username]) + (lib.mkAliasOptionModule [ "hm" ] [ "home-manager" "users" username ]) rootPassword.generate secrets.generate @@ -35,12 +40,15 @@ in { age = { ageBin = lib.getExe pkgs.rage; - identityPaths = ["/etc/age/key"]; + identityPaths = [ "/etc/age/key" ]; }; boot = { kernelPackages = lib.mkDefault pkgs.linuxPackages; # use lts - kernelParams = ["quiet" "loglevel=3"]; + kernelParams = [ + "quiet" + "loglevel=3" + ]; # faster tcp !!! kernel.sysctl = { @@ -65,7 +73,7 @@ in { ]; hm = { - home = {inherit stateVersion;}; + home = { inherit stateVersion; }; programs.ssh = { enable = true; @@ -83,14 +91,17 @@ in { networking = { useNetworkd = lib.mkDefault true; - nameservers = ["1.1.1.1" "1.0.0.1"]; + nameservers = [ + "1.1.1.1" + "1.0.0.1" + ]; }; nix = { # package = pkgs.nixVersions.latest; channel.enable = false; # The `flake:` syntax in `$NIX_PATH` seems to do some weird copying on Nix 2.24 - nixPath = ["nixpkgs=${config.nixpkgs.flake.source}"]; + nixPath = [ "nixpkgs=${config.nixpkgs.flake.source}" ]; gc = { automatic = true; @@ -110,8 +121,14 @@ in { settings = { auto-optimise-store = true; - experimental-features = ["nix-command" "flakes"]; - trusted-users = ["root" "@wheel"]; + experimental-features = [ + "nix-command" + "flakes" + ]; + trusted-users = [ + "root" + "@wheel" + ]; connect-timeout = 5; # fail fast if substituters are not available builders-use-substitutes = true; log-lines = 25; @@ -132,7 +149,7 @@ in { nixpkgs = { config.allowUnfree = true; flake.setNixPath = false; - overlays = [(import ../exprs/overlay.nix {inherit vencord hydro;})]; + overlays = [ (import ../exprs/overlay.nix { inherit vencord hydro; }) ]; }; programs = { @@ -172,7 +189,10 @@ in { tailscale = { enable = true; useRoutingFeatures = "both"; - extraUpFlags = ["--ssh" "--stateful-filtering"]; + extraUpFlags = [ + "--ssh" + "--stateful-filtering" + ]; authKeyFile = secrets.get "tailscaleKey"; }; }; @@ -197,7 +217,14 @@ in { "${username}" = { isNormalUser = true; shell = pkgs.fish; - extraGroups = ["networkmanager" "wheel" "video" "libvirtd" "input" "docker"]; + extraGroups = [ + "networkmanager" + "wheel" + "video" + "libvirtd" + "input" + "docker" + ]; hashedPasswordFile = secrets.get "userPassword"; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN+7+KfdOrhcnHayxvOENUeMx8rE4XEIV/AxMHiaNUP8" diff --git a/configs/desktop.nix b/configs/desktop.nix index 3b535d1..70ea5dc 100644 --- a/configs/desktop.nix +++ b/configs/desktop.nix @@ -5,7 +5,8 @@ catppuccin, lanzaboote, ... -}: { +}: +{ imports = [ catppuccin.nixosModules.catppuccin lanzaboote.nixosModules.lanzaboote @@ -24,10 +25,10 @@ boot = { kernelPackages = pkgs.linuxPackages_latest; - extraModulePackages = with config.boot.kernelPackages; [v4l2loopback]; - kernelModules = ["v4l2loopback"]; + extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ]; + kernelModules = [ "v4l2loopback" ]; - supportedFilesystems = ["ntfs"]; + supportedFilesystems = [ "ntfs" ]; loader = { systemd-boot.enable = lib.mkForce false; @@ -61,7 +62,7 @@ ]; fontconfig.defaultFonts = { - emoji = ["Twitter Color Emoji"]; + emoji = [ "Twitter Color Emoji" ]; }; }; @@ -91,7 +92,7 @@ strawberry teams-for-linux thunderbird - (vesktop.override {withSystemVencord = true;}) + (vesktop.override { withSystemVencord = true; }) vscode # libreoffice stuff diff --git a/configs/laptop.nix b/configs/laptop.nix index 8481bad..7f97765 100644 --- a/configs/laptop.nix +++ b/configs/laptop.nix @@ -3,10 +3,11 @@ pkgs, config, ... -}: { - imports = [./desktop.nix]; +}: +{ + imports = [ ./desktop.nix ]; - boot.initrd.kernelModules = ["xe"]; + boot.initrd.kernelModules = [ "xe" ]; hardware = { bluetooth.enable = true; @@ -18,7 +19,7 @@ vpl-gpu-rt ]; - extraPackages32 = [pkgs.driversi686Linux.intel-media-driver]; + extraPackages32 = [ pkgs.driversi686Linux.intel-media-driver ]; }; }; @@ -30,7 +31,7 @@ programs.light.enable = true; # hyprland stuff - services.blueman = lib.mkIf config.programs.hyprland.enable {enable = true;}; + services.blueman = lib.mkIf config.programs.hyprland.enable { enable = true; }; hm.wayland.windowManager.hyprland.settings.exec-once = with pkgs; [ "${lib.getExe networkmanagerapplet}" "${lib.getExe' blueman "blueman-applet"}" diff --git a/configs/server.nix b/configs/server.nix index b2545cc..6c20c6f 100644 --- a/configs/server.nix +++ b/configs/server.nix @@ -2,11 +2,13 @@ config, _utils, ... -}: let +}: +let secrets = _utils.setupSharedSecrets config { - secrets = ["vmAuthToken"]; + secrets = [ "vmAuthToken" ]; }; -in { +in +{ imports = [ ./common.nix secrets.generate @@ -21,7 +23,7 @@ in { }; services = { - tailscale.extraUpFlags = ["--advertise-exit-node"]; + tailscale.extraUpFlags = [ "--advertise-exit-node" ]; openssh = { enable = true; @@ -46,20 +48,22 @@ in { prometheus.exporters.node = { enable = true; port = 9091; - enabledCollectors = ["systemd"]; + enabledCollectors = [ "systemd" ]; }; vmagent = { enable = true; remoteWrite.url = "https://metrics.uku3lig.net/api/v1/write"; - extraArgs = ["-remoteWrite.bearerTokenFile=\${CREDENTIALS_DIRECTORY}/vm_auth_token"]; + extraArgs = [ "-remoteWrite.bearerTokenFile=\${CREDENTIALS_DIRECTORY}/vm_auth_token" ]; prometheusConfig = { global.scrape_interval = "15s"; scrape_configs = [ { job_name = "node"; - static_configs = [{targets = ["localhost:${builtins.toString config.services.prometheus.exporters.node.port}"];}]; + static_configs = [ + { targets = [ "localhost:${builtins.toString config.services.prometheus.exporters.node.port}" ]; } + ]; relabel_configs = [ { target_label = "instance"; @@ -73,7 +77,7 @@ in { }; systemd = { - services.vmagent.serviceConfig.LoadCredential = ["vm_auth_token:${secrets.get "vmAuthToken"}"]; + services.vmagent.serviceConfig.LoadCredential = [ "vm_auth_token:${secrets.get "vmAuthToken"}" ]; # For more detail, see: # https://0pointer.de/blog/projects/watchdog.html diff --git a/exprs/idea-fixed.nix b/exprs/idea-fixed.nix index 845d928..5cd5e5a 100644 --- a/exprs/idea-fixed.nix +++ b/exprs/idea-fixed.nix @@ -22,17 +22,19 @@ pipewire, udev, xrandr, -}: let +}: +let inherit (jetbrains) idea-ultimate; in - symlinkJoin { - name = "idea-ultimate-fixed-${idea-ultimate.version}"; +symlinkJoin { + name = "idea-ultimate-fixed-${idea-ultimate.version}"; - paths = [idea-ultimate]; + paths = [ idea-ultimate ]; - nativeBuildInputs = [makeWrapper]; + nativeBuildInputs = [ makeWrapper ]; - postBuild = let + postBuild = + let runtimeLibs = [ stdenv.cc.cc.lib ## native versions @@ -63,9 +65,10 @@ in xrandr # needed for LWJGL [2.9.2, 3) https://github.com/LWJGL/lwjgl/issues/128 esbuild ]; - in '' + in + '' wrapProgram $out/bin/idea-ultimate \ --set LD_LIBRARY_PATH ${lib.makeLibraryPath runtimeLibs} \ --prefix PATH : ${lib.makeBinPath runtimePrograms} ''; - } +} diff --git a/exprs/overlay.nix b/exprs/overlay.nix index 651adf4..f961905 100644 --- a/exprs/overlay.nix +++ b/exprs/overlay.nix @@ -1,16 +1,14 @@ inputs: final: prev: { - idea-ultimate-fixed = prev.callPackage ./idea-fixed.nix {}; + idea-ultimate-fixed = prev.callPackage ./idea-fixed.nix { }; vencord = prev.vencord.overrideAttrs (old: rec { version = "${old.version}+git.${inputs.vencord.shortRev}"; src = inputs.vencord; - env = - old.env - // { - VENCORD_REMOTE = "Vendicated/Vencord"; - VENCORD_HASH = src.shortRev; - }; + env = old.env // { + VENCORD_REMOTE = "Vendicated/Vencord"; + VENCORD_HASH = src.shortRev; + }; pnpmDeps = old.pnpmDeps.overrideAttrs (_: { outputHash = "sha256-vVzERis1W3QZB/i6SQR9dQR56yDWadKWvFr+nLTQY9Y="; diff --git a/flake.lock b/flake.lock index b3433f1..4dddd09 100644 --- a/flake.lock +++ b/flake.lock @@ -329,6 +329,7 @@ "nixos-wsl": "nixos-wsl", "nixpkgs": "nixpkgs", "systems": "systems_2", + "treefmt-nix": "treefmt-nix", "ukubot-rs": "ukubot-rs", "vencord": "vencord", "vscode-extensions": "vscode-extensions" @@ -385,6 +386,26 @@ "type": "github" } }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1735135567, + "narHash": "sha256-8T3K5amndEavxnludPyfj3Z1IkcFdRpR23q+T0BVeZE=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "9e09d30a644c57257715902efbb3adc56c79cf28", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, "ukubot-rs": { "inputs": { "flake-parts": [ diff --git a/flake.nix b/flake.nix index b3593f8..2a66a77 100644 --- a/flake.nix +++ b/flake.nix @@ -1,31 +1,38 @@ { description = "example flake idk"; - outputs = { - self, - flake-parts, - nixinate, - agenix, - ... - } @ inputs: - flake-parts.lib.mkFlake {inherit inputs;} { - systems = ["x86_64-linux" "aarch64-linux"]; + outputs = + { + self, + flake-parts, + nixinate, + agenix, + treefmt-nix, + ... + }@inputs: + flake-parts.lib.mkFlake { inherit inputs; } { + systems = [ + "x86_64-linux" + "aarch64-linux" + ]; imports = [ + treefmt-nix.flakeModule ./systems ]; - perSystem = { - pkgs, - system, - self', - ... - }: { - apps = (nixinate.nixinate.${system} self).nixinate; + perSystem = + { + pkgs, + system, + self', + ... + }: + { + apps = (nixinate.nixinate.${system} self).nixinate; - devShells.default = with pkgs; - mkShellNoCC { - packages = [ + devShells.default = pkgs.mkShellNoCC { + packages = with pkgs; [ agenix.packages.${system}.default just self'.formatter @@ -33,8 +40,25 @@ ]; }; - formatter = pkgs.alejandra; - }; + treefmt = { + projectRootFile = "flake.nix"; + + settings.excludes = [ + ".envrc" + ".gitignore" + "*.age" + "flake.lock" + "justfile" + "LICENSE" + ]; + + programs = { + nixfmt.enable = true; + prettier.enable = true; + stylua.enable = true; + }; + }; + }; }; inputs = { @@ -109,6 +133,11 @@ # nix's most elaborate, overcomplicated joke systems.url = "github:nix-systems/default"; + treefmt-nix = { + url = "github:numtide/treefmt-nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + vscode-extensions = { url = "github:nix-community/nix-vscode-extensions"; inputs.nixpkgs.follows = "nixpkgs"; diff --git a/global/utils.nix b/global/utils.nix index ed75352..4981e97 100644 --- a/global/utils.nix +++ b/global/utils.nix @@ -1,66 +1,87 @@ -{lib, ...}: { - setupSecrets = _config: { - secrets, - extra ? {}, - }: let - inherit (_config.networking) hostName; - in { - generate = {age.secrets = lib.genAttrs secrets (name: extra // {file = ../secrets/${hostName}/${name}.age;});}; - get = name: _config.age.secrets.${name}.path; - }; - - setupSingleSecret = _config: name: extra: let - inherit (_config.networking) hostName; - in { - generate = {age.secrets.${name} = extra // {file = ../secrets/${hostName}/${name}.age;};}; - inherit (_config.age.secrets.${name}) path; - }; - - setupSharedSecrets = _config: { - secrets, - extra ? {}, - }: { - generate = {age.secrets = lib.genAttrs secrets (name: extra // {file = ../secrets/shared/${name}.age;});}; - get = name: _config.age.secrets.${name}.path; - }; - - mkMinecraftServer = _config: { - name, - port, - remotePort, - tag ? "java21", - dataDir ? "/var/lib/${name}", - memory ? "4G", - env ? {}, - envFiles ? [], - extraPorts ? [], - }: let - inherit (_config.virtualisation.oci-containers) backend; - in { - virtualisation.oci-containers.containers."mc-${name}" = { - image = "itzg/minecraft-server:${tag}"; - ports = ["${builtins.toString port}:25565"] ++ extraPorts; - volumes = ["${dataDir}:/data"]; - environmentFiles = envFiles; - environment = - { - EULA = "true"; - MEMORY = memory; - } - // env; +{ lib, ... }: +{ + setupSecrets = + _config: + { + secrets, + extra ? { }, + }: + let + inherit (_config.networking) hostName; + in + { + generate = { + age.secrets = lib.genAttrs secrets (name: extra // { file = ../secrets/${hostName}/${name}.age; }); + }; + get = name: _config.age.secrets.${name}.path; }; - networking.firewall.allowedTCPPorts = [port]; + setupSingleSecret = + _config: name: extra: + let + inherit (_config.networking) hostName; + in + { + generate = { + age.secrets.${name} = extra // { + file = ../secrets/${hostName}/${name}.age; + }; + }; + inherit (_config.age.secrets.${name}) path; + }; - services.frp.settings.proxies = [ - { - inherit name remotePort; - type = "tcp"; - localIp = "127.0.0.1"; - localPort = port; - } - ]; + setupSharedSecrets = + _config: + { + secrets, + extra ? { }, + }: + { + generate = { + age.secrets = lib.genAttrs secrets (name: extra // { file = ../secrets/shared/${name}.age; }); + }; + get = name: _config.age.secrets.${name}.path; + }; - systemd.services."${backend}-mc-${name}".serviceConfig.TimeoutSec = "300"; - }; + mkMinecraftServer = + _config: + { + name, + port, + remotePort, + tag ? "java21", + dataDir ? "/var/lib/${name}", + memory ? "4G", + env ? { }, + envFiles ? [ ], + extraPorts ? [ ], + }: + let + inherit (_config.virtualisation.oci-containers) backend; + in + { + virtualisation.oci-containers.containers."mc-${name}" = { + image = "itzg/minecraft-server:${tag}"; + ports = [ "${builtins.toString port}:25565" ] ++ extraPorts; + volumes = [ "${dataDir}:/data" ]; + environmentFiles = envFiles; + environment = { + EULA = "true"; + MEMORY = memory; + } // env; + }; + + networking.firewall.allowedTCPPorts = [ port ]; + + services.frp.settings.proxies = [ + { + inherit name remotePort; + type = "tcp"; + localIp = "127.0.0.1"; + localPort = port; + } + ]; + + systemd.services."${backend}-mc-${name}".serviceConfig.TimeoutSec = "300"; + }; } diff --git a/programs/alacritty.nix b/programs/alacritty.nix index 03db8ef..f59a58f 100644 --- a/programs/alacritty.nix +++ b/programs/alacritty.nix @@ -2,22 +2,25 @@ lib, pkgs, ... -}: { - hm.programs.alacritty = let - theme = pkgs.fetchurl { - # url = "https://raw.githubusercontent.com/catppuccin/alacritty/ce476fb41f307d90f841c1a4fd7f0727c21248b2/catppuccin-macchiato.toml"; - url = "https://raw.githubusercontent.com/rose-pine/alacritty/3c3e36eb5225b0eb6f1aa989f9d9e783a5b47a83/dist/rose-pine.toml"; - hash = "sha256-MheSmzz02ZLAOS2uaclyazu6E//eikcdFydFfkio0/U="; - }; +}: +{ + hm.programs.alacritty = + let + theme = pkgs.fetchurl { + # url = "https://raw.githubusercontent.com/catppuccin/alacritty/ce476fb41f307d90f841c1a4fd7f0727c21248b2/catppuccin-macchiato.toml"; + url = "https://raw.githubusercontent.com/rose-pine/alacritty/3c3e36eb5225b0eb6f1aa989f9d9e783a5b47a83/dist/rose-pine.toml"; + hash = "sha256-MheSmzz02ZLAOS2uaclyazu6E//eikcdFydFfkio0/U="; + }; - themeAttr = builtins.fromTOML (builtins.readFile theme); - in { - enable = true; - settings = lib.recursiveUpdate themeAttr { - font = { - normal.family = "Iosevka Nerd Font"; - size = 12; + themeAttr = builtins.fromTOML (builtins.readFile theme); + in + { + enable = true; + settings = lib.recursiveUpdate themeAttr { + font = { + normal.family = "Iosevka Nerd Font"; + size = 12; + }; }; }; - }; } diff --git a/programs/dotnet.nix b/programs/dotnet.nix index ea3c2ac..5be6ac3 100644 --- a/programs/dotnet.nix +++ b/programs/dotnet.nix @@ -3,14 +3,17 @@ config, pkgs, ... -}: let +}: +let inherit (config.lib.file) mkOutOfStoreSymlink; -in { +in +{ home = { - packages = [pkgs.jetbrains.rider]; + packages = [ pkgs.jetbrains.rider ]; file = { - ".dotnet/8".source = mkOutOfStoreSymlink "${pkgs.dotnetCorePackages.dotnet_8.sdk.unwrapped}/share/dotnet"; + ".dotnet/8".source = + mkOutOfStoreSymlink "${pkgs.dotnetCorePackages.dotnet_8.sdk.unwrapped}/share/dotnet"; ".dotnet/mono".source = mkOutOfStoreSymlink pkgs.mono; }; }; diff --git a/programs/fish.nix b/programs/fish.nix index ae70371..824094b 100644 --- a/programs/fish.nix +++ b/programs/fish.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ programs.fish.enable = true; environment.systemPackages = with pkgs; [ diff --git a/programs/games.nix b/programs/games.nix index 188b680..1f08d5d 100644 --- a/programs/games.nix +++ b/programs/games.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ hardware = { xone.enable = true; xpadneo.enable = true; @@ -9,7 +10,11 @@ osu-lazer-bin (prismlauncher.override { - jdks = [temurin-bin-21 temurin-bin-17 temurin-bin-8]; + jdks = [ + temurin-bin-21 + temurin-bin-17 + temurin-bin-8 + ]; }) ]; diff --git a/programs/ghostty.nix b/programs/ghostty.nix index 9935fb5..030593e 100644 --- a/programs/ghostty.nix +++ b/programs/ghostty.nix @@ -2,9 +2,10 @@ pkgs, ghostty, ... -}: { +}: +{ hm.home = { - packages = [ghostty.packages.${pkgs.system}.default]; + packages = [ ghostty.packages.${pkgs.system}.default ]; file.".config/ghostty/config".text = '' theme = light:catppuccin-latte,dark:catppuccin-mocha diff --git a/programs/git.nix b/programs/git.nix index 74a8f35..1e0effa 100644 --- a/programs/git.nix +++ b/programs/git.nix @@ -1,4 +1,5 @@ -{config, ...}: { +{ config, ... }: +{ programs.git.enable = true; hm.programs = { diff --git a/programs/gnome.nix b/programs/gnome.nix index 5d03326..784f4b5 100644 --- a/programs/gnome.nix +++ b/programs/gnome.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ services = { xserver.desktopManager.gnome.enable = true; displayManager = { @@ -13,14 +14,14 @@ hm.programs.gnome-shell = { enable = true; extensions = with pkgs.gnomeExtensions; [ - {package = appindicator;} - {package = dash-to-dock;} - {package = blur-my-shell;} + { package = appindicator; } + { package = dash-to-dock; } + { package = blur-my-shell; } ]; }; environment = with pkgs; { - systemPackages = [gnome-tweaks]; + systemPackages = [ gnome-tweaks ]; gnome.excludePackages = [ gnome-tour diff --git a/programs/hyprland-misc.nix b/programs/hyprland-misc.nix index 8e67653..f37e79e 100644 --- a/programs/hyprland-misc.nix +++ b/programs/hyprland-misc.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ # utility packages for hyprland, since you know it's not a DE hm.home.packages = with pkgs; [ @@ -14,7 +15,10 @@ thunar = { enable = true; - plugins = with pkgs.xfce; [thunar-volman thunar-archive-plugin]; + plugins = with pkgs.xfce; [ + thunar-volman + thunar-archive-plugin + ]; }; }; } diff --git a/programs/hyprland.nix b/programs/hyprland.nix index 66881bb..ae83972 100644 --- a/programs/hyprland.nix +++ b/programs/hyprland.nix @@ -2,7 +2,8 @@ lib, pkgs, ... -}: { +}: +{ imports = [ ./hyprland-misc.nix ./alacritty.nix @@ -20,7 +21,7 @@ }; }; - xdg.portal.extraPortals = with pkgs; [xdg-desktop-portal-gtk]; + xdg.portal.extraPortals = with pkgs; [ xdg-desktop-portal-gtk ]; hm = { home.packages = with pkgs; [ @@ -37,11 +38,24 @@ wayland.windowManager.hyprland = { enable = true; - settings = let - inherit (lib) getExe getExe'; - keys = ["ampersand" "eacute" "quotedbl" "apostrophe" "parenleft" "minus" "egrave" "underscore" "ccedilla" "agrave"]; - in - with pkgs; { + settings = + let + inherit (lib) getExe getExe'; + keys = [ + "ampersand" + "eacute" + "quotedbl" + "apostrophe" + "parenleft" + "minus" + "egrave" + "underscore" + "ccedilla" + "agrave" + ]; + in + with pkgs; + { "$mod" = "SUPER"; "$wl-paste" = getExe' wl-clipboard "wl-paste"; "$wpctl" = getExe' wireplumber "wpctl"; @@ -152,12 +166,18 @@ ++ # Switch workspaces with mod + [0-9] # Move active window to a workspace with mod + SHIFT + [0-9] - lib.flatten (builtins.map (i: let - key = builtins.elemAt keys (i - 1); - in [ - "$mod, ${key}, workspace, ${toString i}" - "$mod SHIFT, ${key}, movetoworkspace, ${toString i}" - ]) (lib.range 1 10)); + lib.flatten ( + builtins.map ( + i: + let + key = builtins.elemAt keys (i - 1); + in + [ + "$mod, ${key}, workspace, ${toString i}" + "$mod SHIFT, ${key}, movetoworkspace, ${toString i}" + ] + ) (lib.range 1 10) + ); bindm = [ "$mod, mouse:272, movewindow" diff --git a/programs/java.nix b/programs/java.nix index 26c1232..adcc379 100644 --- a/programs/java.nix +++ b/programs/java.nix @@ -3,9 +3,11 @@ config, pkgs, ... -}: let +}: +let inherit (config.lib.file) mkOutOfStoreSymlink; -in { +in +{ home.file = { ".jdks/temurin-21".source = mkOutOfStoreSymlink pkgs.temurin-bin-21; ".jdks/temurin-17".source = mkOutOfStoreSymlink pkgs.temurin-bin-17; diff --git a/programs/kde.nix b/programs/kde.nix index 69f0ff8..57b236b 100644 --- a/programs/kde.nix +++ b/programs/kde.nix @@ -2,7 +2,8 @@ pkgs, camasca, ... -}: { +}: +{ services = { desktopManager.plasma6.enable = true; displayManager.sddm = { diff --git a/programs/neovim/default.nix b/programs/neovim/default.nix index 6ce438f..4bc95e6 100644 --- a/programs/neovim/default.nix +++ b/programs/neovim/default.nix @@ -1,11 +1,12 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ hm.programs.neovim = { enable = true; defaultEditor = true; extraLuaConfig = builtins.readFile ./init.lua; extraPackages = with pkgs; [ - (lua5_1.withPackages (ps: with ps; [luarocks])) + (lua5_1.withPackages (ps: with ps; [ luarocks ])) tree-sitter ]; diff --git a/programs/neovim/init.lua b/programs/neovim/init.lua index bc1b2be..c9ea72f 100644 --- a/programs/neovim/init.lua +++ b/programs/neovim/init.lua @@ -1,5 +1,5 @@ -- sets the "key", which can be used in shortcuts -vim.g.mapleader = ' ' +vim.g.mapleader = " " vim.g.have_nerd_font = true @@ -8,7 +8,7 @@ vim.g.have_nerd_font = true vim.opt.number = true -- enable mouse -vim.opt.mouse = 'a' +vim.opt.mouse = "a" -- save undo history vim.opt.undofile = true @@ -31,21 +31,19 @@ vim.opt.splitbelow = true vim.opt.list = true -- preview substitutions (:s & :%s) while typing -vim.opt.inccommand = 'split' +vim.opt.inccommand = "split" -- highlight the line the cursor is on vim.opt.cursorline = true -- sync os clipboard and neovim vim.schedule(function() - vim.opt.clipboard = 'unnamedplus' + vim.opt.clipboard = "unnamedplus" end) - -- [[ shortcuts, see `:help vim.keymap.set()` ]] -- hide search results when pressing esc -vim.keymap.set('n', '', 'nohlsearch') - +vim.keymap.set("n", "", "nohlsearch") -- disable arrow keys in normal mode -- vim.keymap.set('n', '', 'echo "Use h to move!!"') @@ -57,11 +55,10 @@ vim.keymap.set('n', '', 'nohlsearch') -- Use CTRL+ to switch between windows -- -- See `:help wincmd` for a list of all window commands -vim.keymap.set('n', '', '', { desc = 'Move focus to the left window' }) -vim.keymap.set('n', '', '', { desc = 'Move focus to the right window' }) -vim.keymap.set('n', '', '', { desc = 'Move focus to the lower window' }) -vim.keymap.set('n', '', '', { desc = 'Move focus to the upper window' }) - +vim.keymap.set("n", "", "", { desc = "Move focus to the left window" }) +vim.keymap.set("n", "", "", { desc = "Move focus to the right window" }) +vim.keymap.set("n", "", "", { desc = "Move focus to the lower window" }) +vim.keymap.set("n", "", "", { desc = "Move focus to the upper window" }) -- [[ plugin configuration ]] require("nvim-treesitter.configs").setup({ diff --git a/programs/rust.nix b/programs/rust.nix index 7d4f590..ea33595 100644 --- a/programs/rust.nix +++ b/programs/rust.nix @@ -3,15 +3,20 @@ pkgs, config, ... -}: let - toml = pkgs.formats.toml {}; -in { +}: +let + toml = pkgs.formats.toml { }; +in +{ hm.home.file.".cargo/config.toml".source = toml.generate "config.toml" { build.target-dir = "${config.hm.home.homeDirectory}/.cargo/target"; target.x86_64-unknown-linux-gnu = { linker = "${lib.getExe pkgs.clang}"; - rustflags = ["-C" "link-arg=-fuse-ld=${lib.getExe pkgs.mold}"]; + rustflags = [ + "-C" + "link-arg=-fuse-ld=${lib.getExe pkgs.mold}" + ]; }; }; } diff --git a/programs/starship/default.nix b/programs/starship/default.nix index 3527a05..135da01 100644 --- a/programs/starship/default.nix +++ b/programs/starship/default.nix @@ -1,15 +1,13 @@ { hm.programs.starship = { enable = true; - settings = - { - add_newline = false; + settings = { + add_newline = false; - directory = { - truncation_length = 3; - truncation_symbol = "…/"; - }; - } - // (import ./nerd-font.nix); + directory = { + truncation_length = 3; + truncation_symbol = "…/"; + }; + } // (import ./nerd-font.nix); }; } diff --git a/programs/vscode.nix b/programs/vscode.nix index ce9dfc1..c2c43ce 100644 --- a/programs/vscode.nix +++ b/programs/vscode.nix @@ -2,7 +2,8 @@ pkgs, vscode-extensions, ... -}: let +}: +let inherit (pkgs.stdenv.hostPlatform) system; extensions = vscode-extensions.extensions.${system}; @@ -13,14 +14,16 @@ rust-lang.rust-analyzer wakatime.vscode-wakatime ]; -in { +in +{ hm.programs.vscode = { enable = true; enableUpdateCheck = false; enableExtensionUpdateCheck = false; mutableExtensionsDir = false; - extensions = with extensions.vscode-marketplace; + extensions = + with extensions.vscode-marketplace; patched ++ [ # style @@ -49,8 +52,12 @@ in { # cpp mesonbuild.mesonbuild - (ms-vscode.cmake-tools.overrideAttrs (_: {sourceRoot = "extension";})) - (ms-vscode.makefile-tools.overrideAttrs (_: {sourceRoot = "extension";})) + (ms-vscode.cmake-tools.overrideAttrs (_: { + sourceRoot = "extension"; + })) + (ms-vscode.makefile-tools.overrideAttrs (_: { + sourceRoot = "extension"; + })) twxs.cmake xaver.clang-format diff --git a/programs/waybar/default.nix b/programs/waybar/default.nix index 191ab5a..0290b19 100644 --- a/programs/waybar/default.nix +++ b/programs/waybar/default.nix @@ -3,7 +3,8 @@ pkgs, config, ... -}: { +}: +{ hm.programs.waybar = { enable = true; style = ./style.css; @@ -15,15 +16,23 @@ height = 24; spacing = 2; - modules-left = ["hyprland/workspaces"]; - modules-center = []; + modules-left = [ "hyprland/workspaces" ]; + modules-center = [ ]; modules-right = - ["memory"] - ++ lib.optionals (builtins.elem "amdgpu" config.services.xserver.videoDrivers) ["custom/gpu-usage"] - ++ ["cpu" "wireplumber"] - ++ lib.optionals config.services.power-profiles-daemon.enable ["battery"] - ++ lib.optionals config.programs.light.enable ["backlight"] - ++ ["clock" "tray"]; + [ "memory" ] + ++ lib.optionals (builtins.elem "amdgpu" config.services.xserver.videoDrivers) [ + "custom/gpu-usage" + ] + ++ [ + "cpu" + "wireplumber" + ] + ++ lib.optionals config.services.power-profiles-daemon.enable [ "battery" ] + ++ lib.optionals config.programs.light.enable [ "backlight" ] + ++ [ + "clock" + "tray" + ]; "hyprland/workspaces" = { format = "{name}"; diff --git a/programs/waybar/style.css b/programs/waybar/style.css index ba3d7dc..a5cb018 100644 --- a/programs/waybar/style.css +++ b/programs/waybar/style.css @@ -31,28 +31,30 @@ @define-color rosewater #f4dbd6; * { - font-family: Jetbrains Mono, sans-serif; - font-size: 12px; + font-family: + Jetbrains Mono, + sans-serif; + font-size: 12px; } window#waybar { - background-color: @base; - color: @text; - transition-property: background-color; - transition-duration: .5s; + background-color: @base; + color: @text; + transition-property: background-color; + transition-duration: 0.5s; } button { - /* Use box-shadow instead of border so the text isn't offset */ - box-shadow: inset 0 -3px transparent; - /* Avoid rounded borders under each button name */ - border: none; - border-radius: 0; + /* Use box-shadow instead of border so the text isn't offset */ + box-shadow: inset 0 -3px transparent; + /* Avoid rounded borders under each button name */ + border: none; + border-radius: 0; } /* https://github.com/Alexays/Waybar/wiki/FAQ#the-workspace-buttons-have-a-strange-hover-effect */ button:hover { - background: inherit; + background: inherit; } #clock, @@ -72,93 +74,93 @@ button:hover { #idle_inhibitor, #scratchpad, #mpd { - padding: 0 10px; - color: @crust; + padding: 0 10px; + color: @crust; } #window, #workspaces { - margin: 0 4px; + margin: 0 4px; } /* If workspaces is the leftmost module, omit left margin */ -.modules-left>widget:first-child>#workspaces { - margin-left: 0; +.modules-left > widget:first-child > #workspaces { + margin-left: 0; } /* If workspaces is the rightmost module, omit right margin */ -.modules-right>widget:last-child>#workspaces { - margin-right: 0; +.modules-right > widget:last-child > #workspaces { + margin-right: 0; } #workspaces button { - padding: 0 2px; - background-color: transparent; - color: @text; + padding: 0 2px; + background-color: transparent; + color: @text; } #workspaces button:hover { - background: rgba(0, 0, 0, 0.2); + background: rgba(0, 0, 0, 0.2); } #workspaces button.active { - background-color: @surface1; - box-shadow: inset 0 -3px @yellow; + background-color: @surface1; + box-shadow: inset 0 -3px @yellow; } #workspaces button.urgent { - background-color: @red; + background-color: @red; } #clock { - background-color: @green; + background-color: @green; } #battery { - background-color: @sky; + background-color: @sky; } #battery.low:not(.charging) { - background-color: @red; + background-color: @red; } #cpu { - background-color: @sapphire; + background-color: @sapphire; } #custom-gpu-usage { - background-color: @blue; + background-color: @blue; } #memory { - background-color: @lavender; + background-color: @lavender; } #backlight { - background-color: @teal; + background-color: @teal; } #network { - background-color: @mauve; + background-color: @mauve; } #wireplumber { - background-color: @sapphire; + background-color: @sapphire; } #wireplumber.muted { - color: @base; + color: @base; } #tray { - background-color: @yellow; + background-color: @yellow; } -#tray>.passive { - -gtk-icon-effect: dim; +#tray > .passive { + -gtk-icon-effect: dim; } -#tray>.needs-attention { - -gtk-icon-effect: highlight; - background-color: #eb4d4b; +#tray > .needs-attention { + -gtk-icon-effect: highlight; + background-color: #eb4d4b; } diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 18a3419..d92b862 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -5,9 +5,17 @@ let etna = "age1m3jm6c5ywc5zntv5j4xhals0h28mpea88zzddq88zxcshmhteqwqu89qnh"; vesuvio = "age1g2z0tztrv2w7wtludjrd85q7px3lvjms0cjj32zej9dqpjwpscwsle6xhf"; - main = [fuji kilimandjaro mottarone]; - all = main ++ [etna vesuvio]; -in { + main = [ + fuji + kilimandjaro + mottarone + ]; + all = main ++ [ + etna + vesuvio + ]; +in +{ "shared/userPassword.age".publicKeys = all; "shared/tailscaleKey.age".publicKeys = all; "shared/frpToken.age".publicKeys = all; @@ -17,19 +25,19 @@ in { "fuji-wsl/rootPassword.age".publicKeys = main; "kilimandjaro/rootPassword.age".publicKeys = main; "mottarone/rootPassword.age".publicKeys = main; - "etna/rootPassword.age".publicKeys = main ++ [etna]; - "vesuvio/rootPassword.age".publicKeys = main ++ [vesuvio]; + "etna/rootPassword.age".publicKeys = main ++ [ etna ]; + "vesuvio/rootPassword.age".publicKeys = main ++ [ vesuvio ]; - "etna/tunnelCreds.age".publicKeys = main ++ [etna]; - "etna/apiRsEnv.age".publicKeys = main ++ [etna]; - "etna/ukubotRsEnv.age".publicKeys = main ++ [etna]; - "etna/minecraftEnv.age".publicKeys = main ++ [etna]; - "etna/dendriteKey.age".publicKeys = main ++ [etna]; - "etna/nextcloudAdminPass.age".publicKeys = main ++ [etna]; - "etna/turnstileSecret.age".publicKeys = main ++ [etna]; - "etna/navidromeEnv.age".publicKeys = main ++ [etna]; - "etna/forgejoRunnerSecret.age".publicKeys = main ++ [etna]; - "etna/vaultwardenEnv.age".publicKeys = main ++ [etna]; - "etna/vmauthEnv.age".publicKeys = main ++ [etna]; - "etna/upsdUserPass.age".publicKeys = main ++ [etna]; + "etna/tunnelCreds.age".publicKeys = main ++ [ etna ]; + "etna/apiRsEnv.age".publicKeys = main ++ [ etna ]; + "etna/ukubotRsEnv.age".publicKeys = main ++ [ etna ]; + "etna/minecraftEnv.age".publicKeys = main ++ [ etna ]; + "etna/dendriteKey.age".publicKeys = main ++ [ etna ]; + "etna/nextcloudAdminPass.age".publicKeys = main ++ [ etna ]; + "etna/turnstileSecret.age".publicKeys = main ++ [ etna ]; + "etna/navidromeEnv.age".publicKeys = main ++ [ etna ]; + "etna/forgejoRunnerSecret.age".publicKeys = main ++ [ etna ]; + "etna/vaultwardenEnv.age".publicKeys = main ++ [ etna ]; + "etna/vmauthEnv.age".publicKeys = main ++ [ etna ]; + "etna/upsdUserPass.age".publicKeys = main ++ [ etna ]; } diff --git a/systems/default.nix b/systems/default.nix index 84eb9e7..92a0646 100644 --- a/systems/default.nix +++ b/systems/default.nix @@ -2,15 +2,17 @@ lib, inputs, ... -}: let - _utils = import ../global/utils.nix {inherit lib;}; +}: +let + _utils = import ../global/utils.nix { inherit lib; }; - toSystem = name: { - role, - system, - }: - inputs.nixpkgs.lib.nixosSystem + toSystem = + name: { + role, + system, + }: + inputs.nixpkgs.lib.nixosSystem { inherit system; modules = [ @@ -18,12 +20,15 @@ ./${name}/hardware-configuration.nix ../configs/${role}.nix - {networking.hostName = name;} + { networking.hostName = name; } ]; - specialArgs = inputs // {inherit _utils;}; + specialArgs = inputs // { + inherit _utils; + }; }; -in { +in +{ flake.nixosConfigurations = lib.mapAttrs toSystem { fuji = { role = "desktop"; diff --git a/systems/etna/default.nix b/systems/etna/default.nix index 6ad1d45..db583cc 100644 --- a/systems/etna/default.nix +++ b/systems/etna/default.nix @@ -4,15 +4,17 @@ config, _utils, ... -}: let +}: +let tunnelId = "57f51ad7-25a0-45f3-b113-0b6ae0b2c3e5"; - secrets = _utils.setupSharedSecrets config {secrets = ["frpToken"];}; + secrets = _utils.setupSharedSecrets config { secrets = [ "frpToken" ]; }; cfTunnelSecret = _utils.setupSingleSecret config "tunnelCreds" { owner = "cloudflared"; group = "cloudflared"; }; -in { +in +{ assertions = [ { assertion = lib.versionAtLeast config.boot.kernelPackages.kernel.version "6.6.31"; @@ -21,7 +23,7 @@ in { ]; imports = [ - (lib.mkAliasOptionModule ["cfTunnels"] ["services" "cloudflared" "tunnels" tunnelId "ingress"]) + (lib.mkAliasOptionModule [ "cfTunnels" ] [ "services" "cloudflared" "tunnels" tunnelId "ingress" ]) secrets.generate cfTunnelSecret.generate diff --git a/systems/etna/dendrite.nix b/systems/etna/dendrite.nix index 689c955..140111e 100644 --- a/systems/etna/dendrite.nix +++ b/systems/etna/dendrite.nix @@ -2,60 +2,64 @@ config, _utils, ... -}: let - secretKey = _utils.setupSingleSecret config "dendriteKey" {}; -in { - imports = [secretKey.generate]; +}: +let + secretKey = _utils.setupSingleSecret config "dendriteKey" { }; +in +{ + imports = [ secretKey.generate ]; cfTunnels."m.uku.moe" = "http://localhost:80"; systemd.services.dendrite = { - after = ["postgresql.service"]; + after = [ "postgresql.service" ]; serviceConfig.RestartSec = 10; }; services = { - dendrite = let - database = { - connection_string = "postgres:///dendrite?host=/run/postgresql"; - max_open_conns = 50; - max_idle_conns = 5; - conn_max_lifetime = -1; - }; - in { - enable = true; - httpPort = 8008; - loadCredential = ["private_key:${secretKey.path}"]; - - settings = { - global = { - server_name = "m.uku.moe"; - private_key = "$CREDENTIALS_DIRECTORY/private_key"; - inherit database; + dendrite = + let + database = { + connection_string = "postgres:///dendrite?host=/run/postgresql"; + max_open_conns = 50; + max_idle_conns = 5; + conn_max_lifetime = -1; }; + in + { + enable = true; + httpPort = 8008; + loadCredential = [ "private_key:${secretKey.path}" ]; - client_api = { - registration_disabled = true; - }; + settings = { + global = { + server_name = "m.uku.moe"; + private_key = "$CREDENTIALS_DIRECTORY/private_key"; + inherit database; + }; - app_service_api = {inherit database;}; - federation_api = {inherit database;}; - key_server = {inherit database;}; - media_api = {inherit database;}; - mscs = {inherit database;}; - relay_api = {inherit database;}; - room_server = {inherit database;}; - sync_api = {inherit database;}; - user_api = { - account_database = database; - device_database = database; + client_api = { + registration_disabled = true; + }; + + app_service_api = { inherit database; }; + federation_api = { inherit database; }; + key_server = { inherit database; }; + media_api = { inherit database; }; + mscs = { inherit database; }; + relay_api = { inherit database; }; + room_server = { inherit database; }; + sync_api = { inherit database; }; + user_api = { + account_database = database; + device_database = database; + }; }; }; - }; postgresql = { enable = true; - ensureDatabases = ["dendrite"]; + ensureDatabases = [ "dendrite" ]; ensureUsers = [ { name = "dendrite"; @@ -64,28 +68,34 @@ in { ]; }; - nginx.virtualHosts."m.uku.moe".locations = let - server = {"m.server" = "m.uku.moe:443";}; - client = {"m.homeserver"."base_url" = "https://m.uku.moe";}; - in { - "=/.well-known/matrix/server" = { - return = "200 '${builtins.toJSON server}'"; - }; + nginx.virtualHosts."m.uku.moe".locations = + let + server = { + "m.server" = "m.uku.moe:443"; + }; + client = { + "m.homeserver"."base_url" = "https://m.uku.moe"; + }; + in + { + "=/.well-known/matrix/server" = { + return = "200 '${builtins.toJSON server}'"; + }; - "=/.well-known/matrix/client" = { - return = "200 '${builtins.toJSON client}'"; - }; + "=/.well-known/matrix/client" = { + return = "200 '${builtins.toJSON client}'"; + }; - "/" = { - proxyPass = "http://localhost:8008"; - proxyWebsockets = true; - extraConfig = '' - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_read_timeout 600; - client_max_body_size 100M; - ''; + "/" = { + proxyPass = "http://localhost:8008"; + proxyWebsockets = true; + extraConfig = '' + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_read_timeout 600; + client_max_body_size 100M; + ''; + }; }; - }; }; } diff --git a/systems/etna/forgejo.nix b/systems/etna/forgejo.nix index 43bae3a..7da7460 100644 --- a/systems/etna/forgejo.nix +++ b/systems/etna/forgejo.nix @@ -3,16 +3,21 @@ config, _utils, ... -}: let +}: +let secrets = _utils.setupSecrets config { - secrets = ["turnstileSecret" "forgejoRunnerSecret"]; + secrets = [ + "turnstileSecret" + "forgejoRunnerSecret" + ]; extra = { owner = "forgejo"; group = "forgejo"; }; }; -in { - imports = [secrets.generate]; +in +{ + imports = [ secrets.generate ]; cfTunnels."git.uku3lig.net" = "http://localhost:3000"; diff --git a/systems/etna/hardware-configuration.nix b/systems/etna/hardware-configuration.nix index bfbe08d..2d22270 100644 --- a/systems/etna/hardware-configuration.nix +++ b/systems/etna/hardware-configuration.nix @@ -7,15 +7,22 @@ pkgs, modulesPath, ... -}: { +}: +{ imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"]; - boot.initrd.kernelModules = []; - boot.kernelModules = ["kvm-intel"]; - boot.extraModulePackages = []; + boot.initrd.availableKernelModules = [ + "xhci_pci" + "ahci" + "usbhid" + "usb_storage" + "sd_mod" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; fileSystems."/" = { device = "/dev/disk/by-uuid/e136f8ad-b8d5-4706-ad24-725926fd50ec"; @@ -25,7 +32,10 @@ fileSystems."/boot" = { device = "/dev/disk/by-uuid/FBB1-A79D"; fsType = "vfat"; - options = ["fmask=0022" "dmask=0022"]; + options = [ + "fmask=0022" + "dmask=0022" + ]; }; fileSystems."/data" = { @@ -34,7 +44,7 @@ }; swapDevices = [ - {device = "/dev/disk/by-uuid/4982538e-5402-44c0-86c6-bf086c856615";} + { device = "/dev/disk/by-uuid/4982538e-5402-44c0-86c6-bf086c856615"; } ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking diff --git a/systems/etna/immich.nix b/systems/etna/immich.nix index e81a55e..65b520b 100644 --- a/systems/etna/immich.nix +++ b/systems/etna/immich.nix @@ -1,4 +1,5 @@ -{...}: { +{ ... }: +{ services.immich = { enable = true; diff --git a/systems/etna/metrics.nix b/systems/etna/metrics.nix index 3403138..186747b 100644 --- a/systems/etna/metrics.nix +++ b/systems/etna/metrics.nix @@ -3,11 +3,13 @@ mystia, _utils, ... -}: let +}: +let vmcfg = config.services.victoriametrics; - secrets = _utils.setupSharedSecrets config {secrets = ["vmAuthToken"];}; - vmauthEnv = _utils.setupSingleSecret config "vmauthEnv" {}; -in { + secrets = _utils.setupSharedSecrets config { secrets = [ "vmAuthToken" ]; }; + vmauthEnv = _utils.setupSingleSecret config "vmauthEnv" { }; +in +{ imports = [ mystia.nixosModules.vmauth secrets.generate @@ -47,12 +49,12 @@ in { scrape_configs = [ { job_name = "victoriametrics"; - static_configs = [{targets = ["${builtins.toString vmcfg.listenAddress}"];}]; + static_configs = [ { targets = [ "${builtins.toString vmcfg.listenAddress}" ]; } ]; } { job_name = "api-rs"; - static_configs = [{targets = ["localhost:5001"];}]; + static_configs = [ { targets = [ "localhost:5001" ]; } ]; } ]; }; diff --git a/systems/etna/minecraft.nix b/systems/etna/minecraft.nix index b684192..29630df 100644 --- a/systems/etna/minecraft.nix +++ b/systems/etna/minecraft.nix @@ -4,17 +4,18 @@ config, _utils, ... -}: let +}: +let inherit (config.virtualisation.oci-containers) backend; - secret = _utils.setupSingleSecret config "minecraftEnv" {}; + secret = _utils.setupSingleSecret config "minecraftEnv" { }; lynn = _utils.mkMinecraftServer config { name = "lynn"; port = 25567; remotePort = 6002; memory = "4G"; - envFiles = [secret.path]; + envFiles = [ secret.path ]; env = { USE_AIKAR_FLAGS = "true"; TYPE = "MODRINTH"; @@ -27,7 +28,7 @@ port = 25565; remotePort = 6005; memory = "4G"; - envFiles = [secret.path]; + envFiles = [ secret.path ]; env = { USE_AIKAR_FLAGS = "true"; TYPE = "MODRINTH"; @@ -40,7 +41,7 @@ port = 25566; remotePort = 6006; memory = "4G"; - envFiles = [secret.path]; + envFiles = [ secret.path ]; env = { USE_AIKAR_FLAGS = "true"; TYPE = "MODRINTH"; @@ -48,7 +49,8 @@ MODRINTH_PROJECTS = "spark, no-chat-reports"; }; }; -in { +in +{ imports = [ secret.generate @@ -58,7 +60,7 @@ in { ]; systemd.services.restart-minecraft-servers = { - wantedBy = ["multi-user.target"]; + wantedBy = [ "multi-user.target" ]; startAt = "*-*-* 05:00:00"; restartIfChanged = false; diff --git a/systems/etna/navidrome.nix b/systems/etna/navidrome.nix index fa87255..eef7640 100644 --- a/systems/etna/navidrome.nix +++ b/systems/etna/navidrome.nix @@ -2,15 +2,17 @@ config, _utils, ... -}: let +}: +let cfg = config.services.navidrome; env = _utils.setupSingleSecret config "navidromeEnv" { inherit (cfg) group; owner = cfg.user; }; -in { - imports = [env.generate]; +in +{ + imports = [ env.generate ]; cfTunnels."navidrome.uku3lig.net" = "http://localhost:4533"; diff --git a/systems/etna/nextcloud.nix b/systems/etna/nextcloud.nix index 2771a6d..0dbf787 100644 --- a/systems/etna/nextcloud.nix +++ b/systems/etna/nextcloud.nix @@ -3,13 +3,15 @@ config, _utils, ... -}: let +}: +let adminPass = _utils.setupSingleSecret config "nextcloudAdminPass" { owner = config.users.users.nextcloud.name; group = config.users.users.nextcloud.name; }; -in { - imports = [adminPass.generate]; +in +{ + imports = [ adminPass.generate ]; # nextcloud generates nginx config cfTunnels."cloud.uku3lig.net" = "http://localhost:80"; diff --git a/systems/etna/reposilite.nix b/systems/etna/reposilite.nix index 0275786..974888c 100644 --- a/systems/etna/reposilite.nix +++ b/systems/etna/reposilite.nix @@ -1,5 +1,6 @@ -{camasca, ...}: { - imports = [camasca.nixosModules.reposilite]; +{ camasca, ... }: +{ + imports = [ camasca.nixosModules.reposilite ]; cfTunnels."maven.uku3lig.net" = "http://localhost:8080"; diff --git a/systems/etna/satisfactory.nix b/systems/etna/satisfactory.nix index daab588..277a3d0 100644 --- a/systems/etna/satisfactory.nix +++ b/systems/etna/satisfactory.nix @@ -1,10 +1,15 @@ -{config, ...}: let +{ config, ... }: +let inherit (config.virtualisation.oci-containers) backend; -in { +in +{ virtualisation.oci-containers.containers.satisfactory = { image = "wolveix/satisfactory-server:v1.8.5"; - ports = ["7777:7777/udp" "7777:7777/tcp"]; - volumes = ["/var/lib/satisfactory-server:/config"]; + ports = [ + "7777:7777/udp" + "7777:7777/tcp" + ]; + volumes = [ "/var/lib/satisfactory-server:/config" ]; environment = { MAXPLAYERS = "4"; PGID = "1000"; @@ -20,7 +25,7 @@ in { }; networking.firewall = { - allowedTCPPorts = [7777]; - allowedUDPPorts = [7777]; + allowedTCPPorts = [ 7777 ]; + allowedUDPPorts = [ 7777 ]; }; } diff --git a/systems/etna/shlink.nix b/systems/etna/shlink.nix index 62b4a54..a50fd59 100644 --- a/systems/etna/shlink.nix +++ b/systems/etna/shlink.nix @@ -3,8 +3,8 @@ virtualisation.oci-containers.containers.shlink = { image = "shlinkio/shlink:stable"; - ports = ["8081:8080"]; - volumes = ["/data/shlink/database.sqlite:/etc/shlink/data/database.sqlite"]; + ports = [ "8081:8080" ]; + volumes = [ "/data/shlink/database.sqlite:/etc/shlink/data/database.sqlite" ]; environment = { DEFAULT_DOMAIN = "uku.moe"; IS_HTTPS_ENABLED = "true"; diff --git a/systems/etna/uku.nix b/systems/etna/uku.nix index ed0e3ad..6df47f9 100644 --- a/systems/etna/uku.nix +++ b/systems/etna/uku.nix @@ -4,11 +4,16 @@ api-rs, ukubot-rs, ... -}: let +}: +let secrets = _utils.setupSecrets config { - secrets = ["apiRsEnv" "ukubotRsEnv"]; + secrets = [ + "apiRsEnv" + "ukubotRsEnv" + ]; }; -in { +in +{ imports = [ api-rs.nixosModules.default ukubot-rs.nixosModules.default diff --git a/systems/etna/ups.nix b/systems/etna/ups.nix index 01b9638..2e58f12 100644 --- a/systems/etna/ups.nix +++ b/systems/etna/ups.nix @@ -2,10 +2,12 @@ _utils, config, ... -}: let - upsdPass = _utils.setupSingleSecret config "upsdUserPass" {}; -in { - imports = [upsdPass.generate]; +}: +let + upsdPass = _utils.setupSingleSecret config "upsdUserPass" { }; +in +{ + imports = [ upsdPass.generate ]; power.ups = { enable = true; @@ -20,8 +22,11 @@ in { users.admin = { passwordFile = upsdPass.path; - instcmds = ["ALL"]; - actions = ["SET" "FSD"]; + instcmds = [ "ALL" ]; + actions = [ + "SET" + "FSD" + ]; }; ups.eaton-3s-850 = { @@ -57,10 +62,10 @@ in { { job_name = "nut"; metrics_path = "/ups_metrics"; - params.ups = ["eaton-3s-850"]; + params.ups = [ "eaton-3s-850" ]; static_configs = [ { - targets = ["localhost:${builtins.toString config.services.prometheus.exporters.nut.port}"]; + targets = [ "localhost:${builtins.toString config.services.prometheus.exporters.nut.port}" ]; labels.ups = "eaton-3s-850"; } ]; diff --git a/systems/etna/vaultwarden.nix b/systems/etna/vaultwarden.nix index 575c560..7bb1735 100644 --- a/systems/etna/vaultwarden.nix +++ b/systems/etna/vaultwarden.nix @@ -2,10 +2,12 @@ config, _utils, ... -}: let - envFile = _utils.setupSingleSecret config "vaultwardenEnv" {}; -in { - imports = [envFile.generate]; +}: +let + envFile = _utils.setupSingleSecret config "vaultwardenEnv" { }; +in +{ + imports = [ envFile.generate ]; cfTunnels."bw.uku3lig.net" = "http://localhost:8222"; diff --git a/systems/fuji-wsl/default.nix b/systems/fuji-wsl/default.nix index f0a9df2..51acee2 100644 --- a/systems/fuji-wsl/default.nix +++ b/systems/fuji-wsl/default.nix @@ -3,12 +3,13 @@ pkgs, nixos-wsl, ... -}: { +}: +{ imports = [ nixos-wsl.nixosModules.default ]; - environment.sessionVariables.LD_LIBRARY_PATH = ["/run/opengl-driver/lib"]; + environment.sessionVariables.LD_LIBRARY_PATH = [ "/run/opengl-driver/lib" ]; wsl = { enable = true; diff --git a/systems/fuji/default.nix b/systems/fuji/default.nix index 1cb0878..c1fb41a 100644 --- a/systems/fuji/default.nix +++ b/systems/fuji/default.nix @@ -1,10 +1,11 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ imports = [ ./nvidia.nix ../../programs/games.nix ]; - services.xserver.videoDrivers = ["amdgpu"]; + services.xserver.videoDrivers = [ "amdgpu" ]; hm = { home.packages = with pkgs; [ diff --git a/systems/fuji/hardware-configuration.nix b/systems/fuji/hardware-configuration.nix index 270bc58..b252817 100644 --- a/systems/fuji/hardware-configuration.nix +++ b/systems/fuji/hardware-configuration.nix @@ -7,20 +7,27 @@ pkgs, modulesPath, ... -}: { +}: +{ imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "sd_mod"]; - boot.initrd.kernelModules = []; - boot.kernelModules = ["kvm-intel"]; - boot.extraModulePackages = []; + boot.initrd.availableKernelModules = [ + "xhci_pci" + "ahci" + "nvme" + "usbhid" + "sd_mod" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; fileSystems."/" = { device = "/dev/disk/by-uuid/660ff32b-308f-411a-815e-959706ec1bcb"; fsType = "btrfs"; - options = ["subvol=@"]; + options = [ "subvol=@" ]; }; fileSystems."/boot" = { @@ -39,7 +46,7 @@ }; swapDevices = [ - {device = "/dev/disk/by-uuid/6ee8ec3d-3b26-4d6d-b43d-174f908fd8fe";} + { device = "/dev/disk/by-uuid/6ee8ec3d-3b26-4d6d-b43d-174f908fd8fe"; } ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking diff --git a/systems/fuji/nvidia.nix b/systems/fuji/nvidia.nix index a495bd5..5de78ce 100644 --- a/systems/fuji/nvidia.nix +++ b/systems/fuji/nvidia.nix @@ -2,8 +2,9 @@ lib, pkgs, ... -}: { - services.xserver.videoDrivers = lib.mkForce ["nvidia"]; +}: +{ + services.xserver.videoDrivers = lib.mkForce [ "nvidia" ]; boot.kernelParams = [ "nvidia.NVreg_EnableGpuFirmware=0" @@ -16,7 +17,7 @@ }; hardware = { - graphics.extraPackages = [pkgs.vaapiVdpau]; + graphics.extraPackages = [ pkgs.vaapiVdpau ]; nvidia = { # package = config.boot.kernelPackages.nvidiaPackages.production; open = true; diff --git a/systems/kilimandjaro/default.nix b/systems/kilimandjaro/default.nix index ffdce13..a8bdbee 100644 --- a/systems/kilimandjaro/default.nix +++ b/systems/kilimandjaro/default.nix @@ -1,10 +1,11 @@ -{camasca, ...}: { +{ camasca, ... }: +{ imports = [ camasca.nixosModules.asus-numpad ../../programs/games.nix ]; - hm.imports = [../../programs/dotnet.nix]; + hm.imports = [ ../../programs/dotnet.nix ]; services.asus-numpad = { enable = true; diff --git a/systems/kilimandjaro/hardware-configuration.nix b/systems/kilimandjaro/hardware-configuration.nix index 953b7d7..f5bc8aa 100644 --- a/systems/kilimandjaro/hardware-configuration.nix +++ b/systems/kilimandjaro/hardware-configuration.nix @@ -7,15 +7,24 @@ pkgs, modulesPath, ... -}: { +}: +{ imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = ["xhci_pci" "thunderbolt" "vmd" "nvme" "usb_storage" "sd_mod" "rtsx_usb_sdmmc"]; - boot.initrd.kernelModules = []; - boot.kernelModules = ["kvm-intel"]; - boot.extraModulePackages = []; + boot.initrd.availableKernelModules = [ + "xhci_pci" + "thunderbolt" + "vmd" + "nvme" + "usb_storage" + "sd_mod" + "rtsx_usb_sdmmc" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; fileSystems."/" = { device = "/dev/disk/by-uuid/e082a535-4b7c-4b24-af1c-0373eefd3c05"; @@ -33,7 +42,7 @@ }; swapDevices = [ - {device = "/dev/disk/by-uuid/2a5ce834-4a58-45ab-955f-5b620d503f7b";} + { device = "/dev/disk/by-uuid/2a5ce834-4a58-45ab-955f-5b620d503f7b"; } ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking diff --git a/systems/mottarone/default.nix b/systems/mottarone/default.nix index adbc1e0..580c18b 100644 --- a/systems/mottarone/default.nix +++ b/systems/mottarone/default.nix @@ -3,9 +3,11 @@ pkgs, camasca, ... -}: let +}: +let inherit (pkgs.stdenv.hostPlatform) system; -in { +in +{ environment.systemPackages = with pkgs; [ gtkterm remmina diff --git a/systems/mottarone/hardware-configuration.nix b/systems/mottarone/hardware-configuration.nix index 84f6d3f..dce25e1 100644 --- a/systems/mottarone/hardware-configuration.nix +++ b/systems/mottarone/hardware-configuration.nix @@ -7,15 +7,23 @@ pkgs, modulesPath, ... -}: { +}: +{ imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usbhid" "usb_storage" "sd_mod"]; - boot.initrd.kernelModules = []; - boot.kernelModules = ["kvm-intel"]; - boot.extraModulePackages = []; + boot.initrd.availableKernelModules = [ + "xhci_pci" + "thunderbolt" + "nvme" + "usbhid" + "usb_storage" + "sd_mod" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; fileSystems."/" = { device = "/dev/disk/by-uuid/e36f709d-a4ea-4310-8c0d-8752afacba3c"; @@ -25,11 +33,14 @@ fileSystems."/boot" = { device = "/dev/disk/by-uuid/D4AA-EE25"; fsType = "vfat"; - options = ["fmask=0022" "dmask=0022"]; + options = [ + "fmask=0022" + "dmask=0022" + ]; }; swapDevices = [ - {device = "/dev/disk/by-uuid/316ddc44-0359-40ac-9dce-2d78817fbb29";} + { device = "/dev/disk/by-uuid/316ddc44-0359-40ac-9dce-2d78817fbb29"; } ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking diff --git a/systems/vesuvio/default.nix b/systems/vesuvio/default.nix index 086bfc5..04c43a0 100644 --- a/systems/vesuvio/default.nix +++ b/systems/vesuvio/default.nix @@ -3,17 +3,22 @@ config, _utils, ... -}: let - secrets = _utils.setupSharedSecrets config {secrets = ["frpToken"];}; -in { - imports = [secrets.generate]; +}: +let + secrets = _utils.setupSharedSecrets config { secrets = [ "frpToken" ]; }; +in +{ + imports = [ secrets.generate ]; zramSwap.enable = true; - environment.systemPackages = with pkgs; [dig traceroute]; + environment.systemPackages = with pkgs; [ + dig + traceroute + ]; services = { - openssh.ports = [4269]; + openssh.ports = [ 4269 ]; # Needed by the Hetzner Cloud password reset feature. qemuGuest.enable = true; @@ -40,11 +45,11 @@ in { frp.serviceConfig.EnvironmentFile = secrets.get "frpToken"; # https://discourse.nixos.org/t/qemu-guest-agent-on-hetzner-cloud-doesnt-work/8864/2 - qemu-guest-agent.path = [pkgs.shadow]; + qemu-guest-agent.path = [ pkgs.shadow ]; }; networking.firewall = { - allowedTCPPorts = [22]; # forgejo-ssh + allowedTCPPorts = [ 22 ]; # forgejo-ssh allowedTCPPortRanges = [ { from = 6000; diff --git a/systems/vesuvio/hardware-configuration.nix b/systems/vesuvio/hardware-configuration.nix index c0a2379..8a91e02 100644 --- a/systems/vesuvio/hardware-configuration.nix +++ b/systems/vesuvio/hardware-configuration.nix @@ -1,5 +1,6 @@ -{modulesPath, ...}: { - imports = ["${modulesPath}/profiles/qemu-guest.nix"]; +{ modulesPath, ... }: +{ + imports = [ "${modulesPath}/profiles/qemu-guest.nix" ]; boot = { # arm so we can use systemd-boot @@ -11,11 +12,18 @@ # set console because the console defaults to serial and # initialize the display early to get a complete log. # this is required for typing in LUKS passwords on boot too. - kernelParams = ["console=tty"]; + kernelParams = [ "console=tty" ]; initrd = { - availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront"]; - kernelModules = ["nvme" "virtio_gpu"]; + availableKernelModules = [ + "ata_piix" + "uhci_hcd" + "xen_blkfront" + ]; + kernelModules = [ + "nvme" + "virtio_gpu" + ]; }; };