diff options
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/autounlock.nix | 30 | ||||
-rw-r--r-- | nixos/modules/compile.nix | 24 | ||||
-rw-r--r-- | nixos/modules/desktop.nix | 278 | ||||
-rw-r--r-- | nixos/modules/develop.nix | 127 | ||||
-rw-r--r-- | nixos/modules/gaming.nix | 23 | ||||
-rw-r--r-- | nixos/modules/generic.nix | 153 | ||||
-rw-r--r-- | nixos/modules/home-assistant.nix | 70 | ||||
-rw-r--r-- | nixos/modules/hosts.nix | 18 | ||||
-rw-r--r-- | nixos/modules/monitoring.nix | 127 | ||||
-rw-r--r-- | nixos/modules/openvpn.nix | 18 | ||||
-rw-r--r-- | nixos/modules/router.nix | 21 | ||||
-rw-r--r-- | nixos/modules/syncthing.nix | 53 | ||||
-rw-r--r-- | nixos/modules/wifi-client.nix | 11 |
13 files changed, 542 insertions, 411 deletions
diff --git a/nixos/modules/autounlock.nix b/nixos/modules/autounlock.nix index 0458c7b..7f7c24e 100644 --- a/nixos/modules/autounlock.nix +++ b/nixos/modules/autounlock.nix @@ -1,13 +1,12 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - +{ + config, + lib, + pkgs, + ... +}: +with lib; let cnf = config.cynerd.autounlock; - in { - options = { cynerd.autounlock = mkOption { type = with types; attrsOf string; @@ -17,24 +16,23 @@ in { }; config = mkIf (cnf != {}) { - - environment.systemPackages = [ pkgs.luks-hw-password ]; + environment.systemPackages = [pkgs.luks-hw-password]; boot.initrd = { extraFiles."/luks-hw-password".source = pkgs.luks-hw-password; - luks.devices = mapAttrs (name: value: { + luks.devices = + mapAttrs (name: value: { device = value; keyFile = "/keys/${name}.key"; fallbackToPassword = true; preOpenCommands = '' mkdir -p /keys /luks-hw-password/bin/luks-hw-password > /keys/${name}.key - ''; + ''; postOpenCommands = '' rm -rf /keys - ''; - }) cnf; + ''; + }) + cnf; }; - }; - } diff --git a/nixos/modules/compile.nix b/nixos/modules/compile.nix index ffa339f..6a6b7b2 100644 --- a/nixos/modules/compile.nix +++ b/nixos/modules/compile.nix @@ -1,9 +1,10 @@ -{ config, lib, pkgs, ... }: - -with lib; - { - + config, + lib, + pkgs, + ... +}: +with lib; { options = { cynerd.compile = mkOption { type = types.bool; @@ -21,33 +22,32 @@ with lib; aarch64-linux = { fixBinary = true; wrapInterpreterInShell = false; - interpreter = (lib.systems.elaborate { system = "aarch64-linux"; }).emulator pkgs; + interpreter = (lib.systems.elaborate {system = "aarch64-linux";}).emulator pkgs; magicOrExtension = "\\x7fELF\\x02\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\xb7\\x00"; mask = "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xfe\\xff\\xff\\xff"; }; armv7l-linux = { fixBinary = true; wrapInterpreterInShell = false; - interpreter = (lib.systems.elaborate { system = "armv7l-linux"; }).emulator pkgs; + interpreter = (lib.systems.elaborate {system = "armv7l-linux";}).emulator pkgs; magicOrExtension = "\\x7fELF\\x01\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x28\\x00"; mask = "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xfe\\xff\\xff\\xff"; }; }; nix.settings.extra-platforms = [ - "aarch64-linux" "armv7l-linux" + "aarch64-linux" + "armv7l-linux" ]; environment.systemPackages = with pkgs; [ # Tools - git bash + git + bash #uroot qemu # Python python3Packages.pip - ]; - }; - } diff --git a/nixos/modules/desktop.nix b/nixos/modules/desktop.nix index 27beb04..e7c6ecc 100644 --- a/nixos/modules/desktop.nix +++ b/nixos/modules/desktop.nix @@ -1,12 +1,12 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - +{ + config, + lib, + pkgs, + ... +}: +with lib; let cnf = config.cynerd.desktop; - in { - options = { cynerd.desktop = { enable = mkOption { @@ -25,106 +25,146 @@ in { config = mkIf cnf.enable { programs.sway.enable = true; programs.sway.wrapperFeatures.gtk = true; - programs.sway.extraPackages = with pkgs; [ - gnome.dconf-editor - glib gsettings-desktop-schemas - i3blocks sysstat - wofi rofimoji wev - swaybackground myswaylock - - alacritty - - kanshi wdisplays wayvnc wl-mirror - slurp grim - wf-recorder - wl-clipboard wl-color-picker - swayidle - dunst libnotify - - isync msmtp notmuch astroid - taskwarrior vdirsyncer khal khard - gnupg pinentry-gnome pinentry-curses - (pass.withExtensions (exts: [ - exts.pass-otp exts.pass-audit - ])) - - firefox chromium - ferdium signal-desktop - libreoffice - mupdf pdfgrep - - xdg-utils xdg-launch - mesa-demos vulkan-tools - - pulsemixer - mpd mpc-cli ncmpcpp - feh shotwell id3lib - vlc mpv youtube-dl - - nordic - delft-icon-theme gnome.adwaita-icon-theme - vanilla-dmz - sound-theme-freedesktop - gucharmap - - (sdcv.withDictionaries [ stardict-en-cz stardict-de-cz stardict-cz ]) - - samba cifs-utils - - tigervnc freerdp - plasma5Packages.kdeconnect-kde - - hdparm ethtool multipath-tools - usb-modeswitch - v4l-utils - - # Calculating - python3Packages.numpy python3Packages.sympy python3Packages.matplotlib - - # Creation - simple-scan - audacity - gimp inkscape - blender - kdenlive - - # GStreamer - gst_all_1.gst-libav - gst_all_1.gst-plugins-bad - gst_all_1.gst-plugins-base - gst_all_1.gst-plugins-good - gst_all_1.gst-plugins-ugly - gst_all_1.gst-plugins-viperfx - - # Latex - texlive.combined.scheme-full - - # Gnome utils - gnome-firmware - gaphor - - # CAD - freecad - kicad-with-packages3d - sweethome3d.application - qelectrotech - - ] ++ (optionals cnf.laptop [ - # Power management - powertop - acpi - ]); + programs.sway.extraPackages = with pkgs; + [ + gnome.dconf-editor + glib + gsettings-desktop-schemas + i3blocks + sysstat + wofi + rofimoji + wev + swaybackground + myswaylock + + alacritty + + kanshi + wdisplays + wayvnc + wl-mirror + slurp + grim + wf-recorder + wl-clipboard + wl-color-picker + swayidle + dunst + libnotify + + isync + msmtp + notmuch + astroid + taskwarrior + vdirsyncer + khal + khard + gnupg + pinentry-gnome + pinentry-curses + (pass.withExtensions (exts: [ + exts.pass-otp + exts.pass-audit + ])) + + firefox + chromium + ferdium + signal-desktop + libreoffice + mupdf + pdfgrep + + xdg-utils + xdg-launch + mesa-demos + vulkan-tools + + pulsemixer + mpd + mpc-cli + ncmpcpp + feh + shotwell + id3lib + vlc + mpv + youtube-dl + + nordic + delft-icon-theme + gnome.adwaita-icon-theme + vanilla-dmz + sound-theme-freedesktop + gucharmap + + (sdcv.withDictionaries [stardict-en-cz stardict-de-cz stardict-cz]) + + samba + cifs-utils + + tigervnc + freerdp + plasma5Packages.kdeconnect-kde + + hdparm + ethtool + multipath-tools + usb-modeswitch + v4l-utils + + # Calculating + python3Packages.numpy + python3Packages.sympy + python3Packages.matplotlib + + # Creation + simple-scan + audacity + gimp + inkscape + blender + kdenlive + + # GStreamer + gst_all_1.gst-libav + gst_all_1.gst-plugins-bad + gst_all_1.gst-plugins-base + gst_all_1.gst-plugins-good + gst_all_1.gst-plugins-ugly + gst_all_1.gst-plugins-viperfx + + # Latex + texlive.combined.scheme-full + + # Gnome utils + gnome-firmware + gaphor + + # CAD + freecad + kicad-with-packages3d + sweethome3d.application + qelectrotech + ] + ++ (optionals cnf.laptop [ + # Power management + powertop + acpi + ]); programs.vim.package = pkgs.vimHugeX; programs.shellrc.desktop = true; xdg.portal.enable = true; xdg.portal.wlr.enable = true; - xdg.portal.extraPortals = with pkgs; [ xdg-desktop-portal-gtk ]; + xdg.portal.extraPortals = with pkgs; [xdg-desktop-portal-gtk]; xdg.mime.defaultApplications = { - "text/html" = [ "firefox.desktop" ]; - "application/pdf" = [ "mupdf.desktop" ]; - "image/jpeg" = [ "feh.desktop" ]; - "image/png" = [ "feh.desktop" ]; - "image/svg" = [ "feh.desktop" ]; + "text/html" = ["firefox.desktop"]; + "application/pdf" = ["mupdf.desktop"]; + "image/jpeg" = ["feh.desktop"]; + "image/png" = ["feh.desktop"]; + "image/svg" = ["feh.desktop"]; }; programs.usbkey = { @@ -137,7 +177,7 @@ in { enableSSHSupport = true; enableBrowserSocket = true; }; - services.dbus.packages = [ pkgs.gcr ]; + services.dbus.packages = [pkgs.gcr]; programs.kdeconnect.enable = true; @@ -148,7 +188,7 @@ in { pulse.enable = true; config.pipewire = { context.modules = [ - { name = "libpipewire-module-zeroconf-discover"; } + {name = "libpipewire-module-zeroconf-discover";} ]; }; }; @@ -157,7 +197,8 @@ in { services.printing = { enable = true; drivers = with pkgs; [ - gutenprint gutenprintBin + gutenprint + gutenprintBin cnijfilter2 ]; }; @@ -167,8 +208,8 @@ in { enable = true; discovery = true; }; - networking.firewall.allowedTCPPorts = [ 5357 ]; - networking.firewall.allowedUDPPorts = [ 3702 ]; + networking.firewall.allowedTCPPorts = [5357]; + networking.firewall.allowedUDPPorts = [3702]; fonts.fonts = with pkgs; [ arkpandora_ttf @@ -188,7 +229,7 @@ in { services.udev.extraRules = '' ACTION=="add|change", KERNEL=="sd*[!0-9]", ATTR{queue/scheduler}="bfq" - ''; + ''; hardware.opengl.driSupport = true; hardware.opengl.driSupport32Bit = true; @@ -224,7 +265,7 @@ in { # Autologin on the first TTY services.getty = { - extraArgs = [ "--skip-login" ]; + extraArgs = ["--skip-login"]; loginProgram = "${pkgs.bash}/bin/sh"; loginOptions = toString (pkgs.writeText "login-program.sh" '' if [[ "$(tty)" == '/dev/tty1' ]]; then @@ -238,8 +279,22 @@ in { # VTI settings console = { colors = [ - "2e3440" "3b4252" "434c5e" "4c566a" "d8dee9" "e5e9f0" "eceff4" "8fbcbb" - "88c0d0" "81a1c1" "5e81ac" "bf616a" "d08770" "ebcb8b" "a3be8c" "b48ead" + "2e3440" + "3b4252" + "434c5e" + "4c566a" + "d8dee9" + "e5e9f0" + "eceff4" + "8fbcbb" + "88c0d0" + "81a1c1" + "5e81ac" + "bf616a" + "d08770" + "ebcb8b" + "a3be8c" + "b48ead" ]; earlySetup = true; useXkbConfig = true; @@ -248,6 +303,5 @@ in { services.gpm.enable = true; services.locate.enable = true; - }; } diff --git a/nixos/modules/develop.nix b/nixos/modules/develop.nix index 2bf085f..c7ab1d2 100644 --- a/nixos/modules/develop.nix +++ b/nixos/modules/develop.nix @@ -1,11 +1,11 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - +{ + config, + lib, + pkgs, + ... +}: +with lib; let in { - options = { cynerd.develop = mkOption { type = types.bool; @@ -19,7 +19,10 @@ in { environment.enableDebugInfo = true; environment.systemPackages = with pkgs; [ # Tools - tig gource hub github-cli # Git + tig + gource + hub + github-cli # Git wlc # Weblate cloc openssl @@ -28,7 +31,9 @@ in { # Nix dev - nix-prefetch-git nix-prefetch-github nix-prefetch-scripts + nix-prefetch-git + nix-prefetch-github + nix-prefetch-scripts nix-universal-prefetch rnix-lsp cachix @@ -36,50 +41,61 @@ in { # Shell dash # Posix shell bats - shellcheck shfmt - jq yq + shellcheck + shfmt + jq + yq # Python - (python3.withPackages (pypkgs: with pypkgs; [ - ipython - - pytest pytest-html pytest-tap - coverage - python-lsp-black - pylint pydocstyle - - mypy - - pygobject3 - pygraphviz matplotlib - - python-gitlab PyGithub - - schema - jinja2 - ruamel-yaml - msgpack - urllib3 influxdb-client - - psycopg - - humanize rich - lorem-text.pythonPackage - - pyserial pylibftdi - pylxd - selenium - - paho-mqtt - - ])) + (python3.withPackages (pypkgs: + with pypkgs; [ + ipython + + pytest + pytest-html + pytest-tap + coverage + python-lsp-black + pylint + pydocstyle + + mypy + + pygobject3 + pygraphviz + matplotlib + + python-gitlab + PyGithub + + schema + jinja2 + ruamel-yaml + msgpack + urllib3 + influxdb-client + + psycopg + + humanize + rich + lorem-text.pythonPackage + + pyserial + pylibftdi + pylxd + selenium + + paho-mqtt + ])) geckodriver chromedriver # Lua - (lua5_1.withPackages (luapkgs: with luapkgs; [ - luacheck - ])) + (lua5_1.withPackages (luapkgs: + with luapkgs; [ + luacheck + ])) # Ansible ansible @@ -93,7 +109,8 @@ in { tftp-hpa # Network - iperf2 iperf3 + iperf2 + iperf3 wireshark inetutils @@ -107,7 +124,9 @@ in { dfeet # Documentation - man-pages man-pages-posix linux-manual + man-pages + man-pages-posix + linux-manual # SHV shvspy @@ -134,11 +153,13 @@ in { virtualisation.lxc.enable = true; virtualisation.libvirtd.enable = true; - users.groups.develop = { }; + users.groups.develop = {}; users.users.cynerd.extraGroups = [ - "docker" "lxd" "develop" "libvirtd" "wireshark" + "docker" + "lxd" + "develop" + "libvirtd" + "wireshark" ]; - }; - } diff --git a/nixos/modules/gaming.nix b/nixos/modules/gaming.nix index f61f85e..82a7335 100644 --- a/nixos/modules/gaming.nix +++ b/nixos/modules/gaming.nix @@ -1,12 +1,12 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - +{ + config, + lib, + pkgs, + ... +}: +with lib; let cnf = config.cynerd.gaming; - in { - options = { cynerd.gaming = mkOption { type = types.bool; @@ -29,12 +29,11 @@ in { }; nixpkgs.config.packageOverrides = pkgs: { steam = pkgs.steam.override { - extraPkgs = pkgs: with pkgs; [ - ncurses - ]; + extraPkgs = pkgs: + with pkgs; [ + ncurses + ]; }; }; - - }; } diff --git a/nixos/modules/generic.nix b/nixos/modules/generic.nix index 121133f..25fcbde 100644 --- a/nixos/modules/generic.nix +++ b/nixos/modules/generic.nix @@ -1,13 +1,12 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - +{ + config, + lib, + pkgs, + ... +}: +with lib; let isNative = config.nixpkgs.crossSystem == null; - in { - config = { system.stateVersion = "22.05"; @@ -23,7 +22,7 @@ in { "thefloweringash-armv7.cachix.org-1:v+5yzBD2odFKeXbmC+OPWVqx4WVoIVO6UXgnSAWFtso=" "arm.cachix.org-1:K3XjAeWPgWkFtSS9ge5LJSLw3xgnNqyOaG7MDecmTQ8=" ]; - trusted-users = [ "@wheel" ]; + trusted-users = ["@wheel"]; }; registry = { personal.to = { @@ -40,52 +39,70 @@ in { hardware.enableAllFirmware = true; services.fwupd.enable = mkIf (pkgs.system == "x86_64-linux") true; - nixpkgs.config.allowUnfree = true; - environment.systemPackages = with pkgs; [ - git # We need git for this repository to even work - # Administration tools - #coreutils moreutils binutils psmisc progress lshw file - coreutils binutils psmisc progress lshw file vde2 - ldns wget - gnumake - exfat exfatprogs ntfs3g - nix-index - usbutils pciutils smartmontools - - # NCurses tools - htop iotop #glances - mc - screen tmux - - # ls tools - tree - lsof - strace - #mlocate - - sourceHighlight # Colors for less - unrar p7zip zip unzip - - # Network - nmap netcat traceroute - iftop nethogs - # TODO add mdns - sshfs - wakeonlan - - lm_sensors - - ] ++ optionals (system == "x86_64-linux") [ - ltrace - ] ++ optionals (!isNative) [ - ncdu_1 - ] ++ optionals (isNative) [ - moreutils - glances - ncdu - mlocate - ]; + environment.systemPackages = with pkgs; + [ + git # We need git for this repository to even work + # Administration tools + coreutils + binutils + psmisc + progress + lshw + file + vde2 + ldns + wget + gnumake + exfat + exfatprogs + ntfs3g + nix-index + usbutils + pciutils + smartmontools + + # NCurses tools + htop + iotop + mc + screen + tmux + + # ls tools + tree + lsof + strace + + sourceHighlight # Colors for less + unrar + p7zip + zip + unzip + + # Network + nmap + netcat + traceroute + iftop + nethogs + sshfs + wakeonlan + + lm_sensors + ] + ++ optionals (system == "x86_64-linux") [ + ltrace + ] + ++ optionals (!isNative) [ + ncdu_1 + ] + ++ optionals isNative [ + moreutils + glances + ncdu + mlocate + ]; users.mutableUsers = false; users.groups.cynerd.gid = 1000; @@ -97,11 +114,24 @@ in { group = "cynerd"; extraGroups = ["users" "wheel" "dialout" "kvm" "uucp"]; uid = 1000; - subUidRanges = [{ count = 65534; startUid = 10000; }]; - subGidRanges = [{ count = 65534; startGid = 10000; }]; + subUidRanges = [ + { + count = 65534; + startUid = 10000; + } + ]; + subGidRanges = [ + { + count = 65534; + startGid = 10000; + } + ]; isNormalUser = true; createHome = true; - shell = if isNative then pkgs.zsh.out else pkgs.bash.out; + shell = + if isNative + then pkgs.zsh.out + else pkgs.bash.out; passwordFile = "/run/secrets/cynerd.pass"; openssh.authorizedKeys.keyFiles = [ (config.personal-secrets + "/unencrypted/git-private.pub") @@ -113,7 +143,10 @@ in { programs.vim.defaultEditor = mkDefault true; security.sudo.extraRules = [ - { groups = [ "wheel" ]; commands = [ "ALL" ]; } + { + groups = ["wheel"]; + commands = ["ALL"]; + } ]; networking.dhcpcd.extraConfig = "controlgroup wheel"; environment.etc."dhcpcd.conf".text = "controlgroup wheel"; @@ -123,7 +156,7 @@ in { time.timeZone = "Europe/Prague"; i18n.defaultLocale = "en_US.UTF-8"; - services.udev.packages = [ + services.udev.packages = [ (pkgs.writeTextFile rec { name = "bfq-drives.rules"; destination = "/etc/udev/rules.d/60-${name}"; @@ -140,7 +173,5 @@ in { ''; programs.fuse.userAllowOther = true; - }; - } diff --git a/nixos/modules/home-assistant.nix b/nixos/modules/home-assistant.nix index e4f2232..0f2df9e 100644 --- a/nixos/modules/home-assistant.nix +++ b/nixos/modules/home-assistant.nix @@ -1,18 +1,17 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - +{ + config, + lib, + pkgs, + ... +}: +with lib; let cnf = config.cynerd.home-assistant; - in { options = { cynerd.home-assistant = mkEnableOption "Enable Home Assistant and Bigclown"; }; config = mkIf cnf { - services.mosquitto = { enable = true; listeners = [ @@ -134,27 +133,31 @@ in { }; services.telegraf.extraConfig = { - outputs.influxdb_v2 = [{ - urls = ["http://errol:8086"]; - token = "$INFLUX_TOKEN"; - organization = "personal"; - bucket = "bigclown"; - tagpass.source = ["bigclown"]; - }]; + outputs.influxdb_v2 = [ + { + urls = ["http://errol:8086"]; + token = "$INFLUX_TOKEN"; + organization = "personal"; + bucket = "bigclown"; + tagpass.source = ["bigclown"]; + } + ]; inputs.mqtt_consumer = let consumer = data_type: topics: { - tags = { source = "bigclown"; }; + tags = {source = "bigclown";}; servers = ["tcp://localhost:1883"]; topics = topics; username = "telegraf"; password = "$MQTT_PASSWORD"; data_format = "value"; data_type = data_type; - topic_parsing = [{ - topic = "bigclown/node/+/+/+/+"; - measurement = "_/_/_/_/_/measurement"; - tags = "_/_/device/field/_/_"; - }]; + topic_parsing = [ + { + topic = "bigclown/node/+/+/+/+"; + measurement = "_/_/_/_/_/measurement"; + tags = "_/_/device/field/_/_"; + } + ]; }; in [ (consumer "float" [ @@ -170,11 +173,13 @@ in { "bigclown/node/+/flood-detector/+/alarm" ]) ]; - processors.pivot = [{ - tag_key = "field"; - value_key = "value"; - tagpass.source = ["bigclown"]; - }]; + processors.pivot = [ + { + tag_key = "field"; + value_key = "value"; + tagpass.source = ["bigclown"]; + } + ]; }; services.home-assistant = { @@ -204,10 +209,11 @@ in { }; extraComponents = []; package = pkgs.home-assistant.override { - extraPackages = pkgs: with pkgs; [ - securetar - ]; - packageOverrides = (self: super: { + extraPackages = pkgs: + with pkgs; [ + securetar + ]; + packageOverrides = self: super: { scapy = super.scapy.override { withPlottingSupport = false; }; @@ -215,10 +221,8 @@ in { dontUsePytestCheck = true; dontUseSetuptoolsCheck = true; }); - }); + }; }; }; - }; - } diff --git a/nixos/modules/hosts.nix b/nixos/modules/hosts.nix index ca9daa1..8a53578 100644 --- a/nixos/modules/hosts.nix +++ b/nixos/modules/hosts.nix @@ -1,18 +1,17 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - +{ + config, + lib, + pkgs, + ... +}: +with lib; let cnf = config.cynerd.hosts; staticZoneOption = mkOption { type = types.attrsOf types.str; readOnly = true; }; - in { - options = { cynerd.hosts = { enable = mkOption { @@ -62,7 +61,7 @@ in { "3dprint" = "10.8.3.80"; "mpd" = "192.168.0.51"; # Portable - "albert" ="10.8.3.61"; + "albert" = "10.8.3.61"; "susan" = "10.8.3.62"; "binky" = "10.8.3.63"; }; @@ -100,5 +99,4 @@ in { "${cnf.adm.mpd}" = ["mpd.adm"]; }; }; - } diff --git a/nixos/modules/monitoring.nix b/nixos/modules/monitoring.nix index abeba2d..86a37e4 100644 --- a/nixos/modules/monitoring.nix +++ b/nixos/modules/monitoring.nix @@ -1,13 +1,13 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - -cnf = config.cynerd.monitoring; -hostName = config.networking.hostName; -isHost = cnf.host == hostName; - +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cnf = config.cynerd.monitoring; + hostName = config.networking.hostName; + isHost = cnf.host == hostName; in { options.cynerd.monitoring = { enable = mkOption { @@ -29,7 +29,7 @@ in { }; config = mkMerge [ - { cynerd.monitoring.host = "errol"; } + {cynerd.monitoring.host = "errol";} (mkIf cnf.enable { # Telegraf configuration @@ -38,53 +38,75 @@ in { environmentFiles = ["/run/secrets/telegraf.env"]; extraConfig = { agent = {}; - outputs.influxdb_v2 = [{ - urls = ["http://errol:8086"]; - token = "$INFLUX_TOKEN"; - organization = "personal"; - bucket = "monitoring"; - tagdrop.source = ["bigclown"]; # See home-assistant.nix - }]; - inputs = { - cpu = [{ - percpu = true; - totalcpu = true; - }]; - mem = [{}]; - swap = [{}]; - disk = [{ - ignore_fs = [ - "tmpfs" "devtmpfs" "devfs" "iso9660" "overlay" "aufs" "squashfs" + outputs.influxdb_v2 = [ + { + urls = ["http://errol:8086"]; + token = "$INFLUX_TOKEN"; + organization = "personal"; + bucket = "monitoring"; + tagdrop.source = ["bigclown"]; # See home-assistant.nix + } + ]; + inputs = + { + cpu = [ + { + percpu = true; + totalcpu = true; + } ]; - }]; - diskio = [{}]; - net = [{}]; - system = [{}]; - processes = [{}]; - systemd_units = [{}]; - wireguard = [{}]; - } // (optionalAttrs cnf.hw { - sensors = [{}]; - smart = [{ - path_smartctl = "${pkgs.smartmontools}/bin/smartctl"; - use_sudo = true; - }]; - wireless = [{}]; - }); + mem = [{}]; + swap = [{}]; + disk = [ + { + ignore_fs = [ + "tmpfs" + "devtmpfs" + "devfs" + "iso9660" + "overlay" + "aufs" + "squashfs" + ]; + } + ]; + diskio = [{}]; + net = [{}]; + system = [{}]; + processes = [{}]; + systemd_units = [{}]; + wireguard = [{}]; + } + // (optionalAttrs cnf.hw { + sensors = [{}]; + smart = [ + { + path_smartctl = "${pkgs.smartmontools}/bin/smartctl"; + use_sudo = true; + } + ]; + wireless = [{}]; + }); }; }; - systemd.services.telegraf.path = with pkgs; [ - "/run/wrappers" - ] ++ (optionals cnf.hw [ - lm_sensors smartmontools nvme-cli - ]); + systemd.services.telegraf.path = with pkgs; + [ + "/run/wrappers" + ] + ++ (optionals cnf.hw [ + lm_sensors + smartmontools + nvme-cli + ]); security.sudo.extraRules = [ { users = ["telegraf"]; - commands = [{ - command = "${pkgs.smartmontools}/bin/smartctl"; - options = ["NOPASSWD"]; - }]; + commands = [ + { + command = "${pkgs.smartmontools}/bin/smartctl"; + options = ["NOPASSWD"]; + } + ]; } ]; }) @@ -112,6 +134,5 @@ in { }; networking.firewall.allowedTCPPorts = [8086 3000]; }) - ]; } diff --git a/nixos/modules/openvpn.nix b/nixos/modules/openvpn.nix index d070cb2..ee62582 100644 --- a/nixos/modules/openvpn.nix +++ b/nixos/modules/openvpn.nix @@ -1,13 +1,12 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - +{ + config, + lib, + pkgs, + ... +}: +with lib; let cnf = config.cynerd.openvpn; - in { - options = { cynerd.openvpn = { personal = mkOption { @@ -36,11 +35,10 @@ in { oldpersonal = mkIf cnf.oldpersonal { config = "config /run/secrets/old.ovpn"; }; - elektroline = mkIf cnf.elektroline { + elektroline = mkIf cnf.elektroline { autoStart = false; config = "config /run/secrets/elektroline.ovpn"; }; }; }; - } diff --git a/nixos/modules/router.nix b/nixos/modules/router.nix index e65ef10..00a3c03 100644 --- a/nixos/modules/router.nix +++ b/nixos/modules/router.nix @@ -1,12 +1,12 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - +{ + config, + lib, + pkgs, + ... +}: +with lib; let cnf = config.cynerd.router; - in { - options = { cynerd.router = { enable = mkOption { @@ -28,16 +28,14 @@ in { }; config = mkIf cnf { - # TODO firewall NAT networking = { - }; services.dhcpd4 = { enable = true; authoritative = true; - interfaces = [ "brlan" ]; + interfaces = ["brlan"]; extraConfig = '' ''; }; @@ -45,7 +43,7 @@ in { services.dhcpd6 = { enable = true; authoritative = true; - interfaces = [ "brlan" ]; + interfaces = ["brlan"]; extraConfig = '' ''; }; @@ -53,6 +51,5 @@ in { services.kresd = { enable = true; }; - }; } diff --git a/nixos/modules/syncthing.nix b/nixos/modules/syncthing.nix index 44c1ac1..db8b6a8 100644 --- a/nixos/modules/syncthing.nix +++ b/nixos/modules/syncthing.nix @@ -1,28 +1,38 @@ -{ config, lib, pkgs, ... }: - +{ + config, + lib, + pkgs, + ... +}: with builtins; -with lib; - -let - +with lib; let cnf = config.cynerd.syncthing; hostName = config.networking.hostName; allDevices = [ - "albert" "binky" "errol" "lipwig" "ridcully" "susan" "spt-omnia" + "albert" + "binky" + "errol" + "lipwig" + "ridcully" + "susan" + "spt-omnia" ]; mediaDevices = [ - "lipwig" "binky" "errol" "ridcully" "spt-omnia" + "lipwig" + "binky" + "errol" + "ridcully" + "spt-omnia" ]; bigStorageDevices = [ - "errol" "ridcully" "spt-omnia" + "errol" + "ridcully" + "spt-omnia" ]; filterDevice = folders: filterAttrs (n: v: any (d: d == hostName) v.devices) folders; - in { - options = { cynerd.syncthing = { - enable = mkOption { type = types.bool; default = false; @@ -34,13 +44,12 @@ in { default = "/home/cynerd"; description = "Base directory for all folders being synced."; }; - }; }; config = mkIf cnf.enable { services.syncthing = { - enable = any (n: n == hostName) allDevices; + enable = any (n: n == hostName) allDevices; user = mkDefault "cynerd"; key = "/run/secrets/syncthing/key.pem"; cert = "/run/secrets/syncthing/cert.pem"; @@ -101,15 +110,15 @@ in { }; overrideDevices = true; - devices = recursiveUpdate - (genAttrs allDevices (name: { - id = config.secrets.syncthingIDs."${name}"; - })) - { - lipwig.addresses = ["tcp://cynerd.cz"]; - }; + devices = + recursiveUpdate + (genAttrs allDevices (name: { + id = config.secrets.syncthingIDs."${name}"; + })) + { + lipwig.addresses = ["tcp://cynerd.cz"]; + }; # TODO phone }; }; - } diff --git a/nixos/modules/wifi-client.nix b/nixos/modules/wifi-client.nix index af09155..fd0944a 100644 --- a/nixos/modules/wifi-client.nix +++ b/nixos/modules/wifi-client.nix @@ -1,9 +1,10 @@ -{ config, lib, pkgs, ... }: - -with lib; - { - + config, + lib, + pkgs, + ... +}: +with lib; { options = { cynerd.wifiClient = mkOption { type = types.bool; |