aboutsummaryrefslogtreecommitdiff
path: root/nixos
diff options
context:
space:
mode:
Diffstat (limited to 'nixos')
-rw-r--r--nixos/configurations.nix104
-rw-r--r--nixos/default.nix11
-rw-r--r--nixos/machine/adm-mpd.nix20
-rw-r--r--nixos/machine/adm-omnia.nix33
-rw-r--r--nixos/machine/adm-omnia2.nix33
-rw-r--r--nixos/machine/albert.nix13
-rw-r--r--nixos/machine/binky.nix13
-rw-r--r--nixos/machine/dean.nix31
-rw-r--r--nixos/machine/errol.nix20
-rw-r--r--nixos/machine/gaspode.nix14
-rw-r--r--nixos/machine/lipwig.nix14
-rw-r--r--nixos/machine/mrpump.nix31
-rw-r--r--nixos/machine/ridcully.nix13
-rw-r--r--nixos/machine/spt-mox.nix35
-rw-r--r--nixos/machine/spt-mox2.nix37
-rw-r--r--nixos/machine/spt-mpd.nix12
-rw-r--r--nixos/machine/spt-omnia.nix33
-rw-r--r--nixos/machine/susan.nix13
-rw-r--r--nixos/modules/autounlock.nix30
-rw-r--r--nixos/modules/compile.nix24
-rw-r--r--nixos/modules/desktop.nix278
-rw-r--r--nixos/modules/develop.nix127
-rw-r--r--nixos/modules/gaming.nix23
-rw-r--r--nixos/modules/generic.nix153
-rw-r--r--nixos/modules/home-assistant.nix70
-rw-r--r--nixos/modules/hosts.nix18
-rw-r--r--nixos/modules/monitoring.nix127
-rw-r--r--nixos/modules/openvpn.nix18
-rw-r--r--nixos/modules/router.nix21
-rw-r--r--nixos/modules/syncthing.nix53
-rw-r--r--nixos/modules/wifi-client.nix11
31 files changed, 801 insertions, 632 deletions
diff --git a/nixos/configurations.nix b/nixos/configurations.nix
index 9754d28..24256b3 100644
--- a/nixos/configurations.nix
+++ b/nixos/configurations.nix
@@ -1,35 +1,38 @@
self:
with self.inputs;
-let
-
- modules = hostname: [
- self.nixosModules.default
- self.nixosModules."machine-${hostname}"
- shellrc.nixosModules.default
- usbkey.nixosModules.default
- nixbigclown.nixosModules.default
- (personal-secret.lib.personalSecrets hostname)
- {
- networking.hostName = hostname;
- nixpkgs.overlays = [
- self.overlays.default
- sterm.overlay
- ];
- }
- ];
+with builtins;
+with nixpkgs.lib; let
+ modules = hostname:
+ [
+ self.nixosModules.default
+ shellrc.nixosModules.default
+ usbkey.nixosModules.default
+ nixbigclown.nixosModules.default
+ (personal-secret.lib.personalSecrets hostname)
+ {
+ networking.hostName = hostname;
+ nixpkgs.overlays = [
+ self.overlays.default
+ sterm.overlay
+ ];
+ }
+ ]
+ ++ (optional (hasAttr "machine-${hostname}" self.nixosModules) self.nixosModules."machine-${hostname}");
- genericSystem = {system ? "x86_64-linux", extra_modules ? []}:
- hostname: {
- ${hostname} = nixpkgs.lib.nixosSystem {
- system = system;
- modules = (modules hostname) ++ extra_modules;
- };
+ genericSystem = {
+ system ? "x86_64-linux",
+ extra_modules ? [],
+ }: hostname: {
+ ${hostname} = nixpkgs.lib.nixosSystem {
+ system = system;
+ modules = (modules hostname) ++ extra_modules;
};
- amd64System = genericSystem { };
+ };
+ amd64System = genericSystem {};
vpsSystem = genericSystem {
extra_modules = [
vpsadminos.nixosConfigurations.container
- { boot.loader.systemd-boot.enable = false; }
+ {boot.loader.systemd-boot.enable = false;}
];
};
raspi2System = genericSystem {
@@ -54,7 +57,8 @@ let
boot.loader.grub.enable = false;
boot.loader.systemd-boot.enable = false;
boot.loader.raspberryPi = {
- enable = true; version = 3;
+ enable = true;
+ version = 3;
};
})
];
@@ -72,6 +76,21 @@ let
];
};
+ vmSystem = system: hostSystem:
+ genericSystem {
+ system = system;
+ extra_modules = [
+ nixturris.nixosModules.turris-crossbuild
+ {
+ boot.loader.systemd-boot.enable = false;
+ virtualisation.qemu.package = self.nixosConfigurations."${hostSystem}".pkgs.qemu;
+ }
+ ];
+ };
+ amd64vmSystem = vmSystem "x86_64-linux";
+ armv7lvmSystem = vmSystem "armv7l-linux";
+ aarch64vmSystem = vmSystem "aarch64-linux";
+
turrisSystem = board: hostname: {
${hostname} = nixturris.lib.nixturrisSystem {
nixpkgs = nixpkgs;
@@ -81,21 +100,20 @@ let
};
turrisMoxSystem = turrisSystem "mox";
turrisOmniaSystem = turrisSystem "omnia";
-
in
- amd64System "albert" //
- amd64System "binky" //
- amd64System "errol" //
- amd64System "ridcully" //
- amd64System "susan" //
- vpsSystem "lipwig" //
- vpsSystem "mrpump" //
- raspi2System "spt-mpd" //
- raspi3System "adm-mpd" //
- beagleboneSystem "gaspode" //
- turrisMoxSystem "dean" //
- turrisOmniaSystem "spt-omnia" //
- turrisMoxSystem "spt-mox" //
- turrisMoxSystem "spt-mox2" //
- turrisOmniaSystem "adm-omnia" //
- turrisOmniaSystem "adm-omnia2"
+ amd64System "albert"
+ // amd64System "binky"
+ // amd64System "errol"
+ // amd64System "ridcully"
+ // amd64System "susan"
+ // vpsSystem "lipwig"
+ // vpsSystem "mrpump"
+ // raspi2System "spt-mpd"
+ // raspi3System "adm-mpd"
+ // beagleboneSystem "gaspode"
+ // turrisMoxSystem "dean"
+ // turrisOmniaSystem "spt-omnia"
+ // turrisMoxSystem "spt-mox"
+ // turrisMoxSystem "spt-mox2"
+ // turrisOmniaSystem "adm-omnia"
+ // turrisOmniaSystem "adm-omnia2"
diff --git a/nixos/default.nix b/nixos/default.nix
index 790ea40..7569de0 100644
--- a/nixos/default.nix
+++ b/nixos/default.nix
@@ -1,8 +1,9 @@
self: let
-
modules = import ./modules;
machines = import ./machine self;
-
-in modules // machines // {
- default = { imports = builtins.attrValues modules; };
-}
+in
+ modules
+ // machines
+ // {
+ default = {imports = builtins.attrValues modules;};
+ }
diff --git a/nixos/machine/adm-mpd.nix b/nixos/machine/adm-mpd.nix
index 45855e1..a35c944 100644
--- a/nixos/machine/adm-mpd.nix
+++ b/nixos/machine/adm-mpd.nix
@@ -1,11 +1,11 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
{
-
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+with lib; {
config = {
-
fileSystems = {
"/" = {
device = "/dev/mmcblk0p2";
@@ -28,9 +28,9 @@ with lib;
};
#services.pipewire = {
- #enable = true;
- #alsa.enable = true;
- #pulse.enable = true;
+ #enable = true;
+ #alsa.enable = true;
+ #pulse.enable = true;
#};
hardware.pulseaudio = {
enable = true;
@@ -52,7 +52,5 @@ with lib;
initial_volume = 60;
};
};
-
};
-
}
diff --git a/nixos/machine/adm-omnia.nix b/nixos/machine/adm-omnia.nix
index 71104e9..4a41d4a 100644
--- a/nixos/machine/adm-omnia.nix
+++ b/nixos/machine/adm-omnia.nix
@@ -1,9 +1,10 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
{
-
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+with lib; {
config = {
cynerd = {
#openvpn.oldpersonal = true;
@@ -14,7 +15,11 @@ with lib;
bridges = {
brlan = {
interfaces = [
- "lan0" "lan1" "lan2" "lan3" "lan4"
+ "lan0"
+ "lan1"
+ "lan2"
+ "lan3"
+ "lan4"
];
};
#brguest = {
@@ -25,15 +30,17 @@ with lib;
};
interfaces.brlan = {
ipv4 = {
- addresses = [{
- address = config.cynerd.hosts.adm.omnia;
- prefixLength = 24;
- }];
+ addresses = [
+ {
+ address = config.cynerd.hosts.adm.omnia;
+ prefixLength = 24;
+ }
+ ];
};
};
# TODO localhost
- nameservers = [ "1.1.1.1" "8.8.8.8" ];
- dhcpcd.allowInterfaces = [ "eth2" ];
+ nameservers = ["1.1.1.1" "8.8.8.8"];
+ dhcpcd.allowInterfaces = ["eth2"];
};
networking.wirelessAP = {
@@ -60,7 +67,5 @@ with lib;
};
};
};
-
};
-
}
diff --git a/nixos/machine/adm-omnia2.nix b/nixos/machine/adm-omnia2.nix
index 0bdc3bc..ac4433d 100644
--- a/nixos/machine/adm-omnia2.nix
+++ b/nixos/machine/adm-omnia2.nix
@@ -1,15 +1,21 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
{
-
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+with lib; {
config = {
networking = {
bridges = {
brlan = {
interfaces = [
- "eth2" "lan0" "lan1" "lan2" "lan3" "lan4"
+ "eth2"
+ "lan0"
+ "lan1"
+ "lan2"
+ "lan3"
+ "lan4"
];
};
};
@@ -32,16 +38,17 @@ with lib;
};
interfaces.lan = {
ipv4 = {
- addresses = [{
- address = config.cynerd.hosts.adm.omnia2;
- prefixLength = 24;
- }];
+ addresses = [
+ {
+ address = config.cynerd.hosts.adm.omnia2;
+ prefixLength = 24;
+ }
+ ];
};
};
defaultGateway = config.cynerd.hosts.adm.omnia;
- nameservers = [ config.cynerd.hosts.adm.omnia "1.1.1.1" "8.8.8.8" ];
- dhcpcd.allowInterfaces = [ "lan" ];
+ nameservers = [config.cynerd.hosts.adm.omnia "1.1.1.1" "8.8.8.8"];
+ dhcpcd.allowInterfaces = ["lan"];
};
};
-
}
diff --git a/nixos/machine/albert.nix b/nixos/machine/albert.nix
index bc35f96..68d55ba 100644
--- a/nixos/machine/albert.nix
+++ b/nixos/machine/albert.nix
@@ -1,9 +1,10 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
{
-
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+with lib; {
config = {
cynerd = {
desktop = {
@@ -42,7 +43,5 @@ with lib;
options = ["compress=lzo" "subvol=@home"];
};
};
-
};
-
}
diff --git a/nixos/machine/binky.nix b/nixos/machine/binky.nix
index 7be8017..a90d625 100644
--- a/nixos/machine/binky.nix
+++ b/nixos/machine/binky.nix
@@ -1,9 +1,10 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
{
-
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+with lib; {
config = {
cynerd = {
desktop = {
@@ -61,7 +62,5 @@ with lib;
dataDir = "/home/cynerd";
configDir = "/home/cynerd/.config/syncthing";
};
-
};
-
}
diff --git a/nixos/machine/dean.nix b/nixos/machine/dean.nix
index aef3c04..8fca4bf 100644
--- a/nixos/machine/dean.nix
+++ b/nixos/machine/dean.nix
@@ -1,9 +1,10 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
{
-
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+with lib; {
config = {
cynerd = {
openvpn = {
@@ -15,23 +16,27 @@ with lib;
bridges = {
brlan = {
interfaces = [
- "eth0" "lan1" "lan2" "lan3" "lan4"
+ "eth0"
+ "lan1"
+ "lan2"
+ "lan3"
+ "lan4"
];
};
};
- dhcpcd.allowInterfaces = [ "brlan" ];
+ dhcpcd.allowInterfaces = ["brlan"];
};
- swapDevices = [{
- device = "/var/swap";
- priority = 1;
- }];
+ swapDevices = [
+ {
+ device = "/var/swap";
+ priority = 1;
+ }
+ ];
environment.systemPackages = with pkgs; [
#openocd
sterm
];
-
};
-
}
diff --git a/nixos/machine/errol.nix b/nixos/machine/errol.nix
index 70bc8cf..4a696b1 100644
--- a/nixos/machine/errol.nix
+++ b/nixos/machine/errol.nix
@@ -1,9 +1,10 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
{
-
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+with lib; {
config = {
cynerd = {
desktop.enable = true;
@@ -87,12 +88,11 @@ with lib;
};
extraComponents = [];
package = pkgs.home-assistant.override {
- extraPackages = pkgs: with pkgs; [
- securetar
- ];
+ extraPackages = pkgs:
+ with pkgs; [
+ securetar
+ ];
};
};
-
};
-
}
diff --git a/nixos/machine/gaspode.nix b/nixos/machine/gaspode.nix
index 82762f1..cbd08bb 100644
--- a/nixos/machine/gaspode.nix
+++ b/nixos/machine/gaspode.nix
@@ -1,11 +1,11 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
{
-
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+with lib; {
config = {
-
fileSystems = {
"/" = {
device = "/dev/mmcblk0p2";
@@ -19,7 +19,5 @@ with lib;
device = "/dev/mmcblk0p1";
};
};
-
};
-
}
diff --git a/nixos/machine/lipwig.nix b/nixos/machine/lipwig.nix
index ef90385..0ebf894 100644
--- a/nixos/machine/lipwig.nix
+++ b/nixos/machine/lipwig.nix
@@ -1,9 +1,10 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
{
-
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+with lib; {
config = {
cynerd = {
syncthing = {
@@ -38,7 +39,7 @@ with lib;
enable = true;
settings = {
server = {
- hosts = [ "0.0.0.0:5232" "[::]:5232" ];
+ hosts = ["0.0.0.0:5232" "[::]:5232"];
ssl = true;
certificate = "/run/secrets/radicale/radicale.crt";
key = "/run/secrets/radicale/radicale.key";
@@ -62,5 +63,4 @@ with lib;
};
};
};
-
}
diff --git a/nixos/machine/mrpump.nix b/nixos/machine/mrpump.nix
index 0b322dc..68de482 100644
--- a/nixos/machine/mrpump.nix
+++ b/nixos/machine/mrpump.nix
@@ -1,21 +1,21 @@
-self: { config, lib, pkgs, ... }:
-
+self: {
+ config,
+ lib,
+ pkgs,
+ ...
+}:
with builtins;
-with lib;
-
-{
-
+with lib; {
config = let
-
localNix = import (self.inputs.nix.outPath + "/docker.nix") {
pkgs = pkgs;
name = "local/nix";
tag = "latest";
bundleNixpkgs = false;
- extraPkgs = with pkgs; [ cachix ];
+ extraPkgs = with pkgs; [cachix];
nixConf = {
cores = "0";
- experimental-features = [ "nix-command" "flakes" ];
+ experimental-features = ["nix-command" "flakes"];
};
};
localNixDaemon = pkgs.dockerTools.buildLayeredImage {
@@ -24,14 +24,13 @@ with lib;
tag = "latest";
config = {
Volumes = {
- "/nix/store" = { };
- "/nix/var/nix/db" = { };
- "/nix/var/nix/daemon-socket" = { };
+ "/nix/store" = {};
+ "/nix/var/nix/db" = {};
+ "/nix/var/nix/daemon-socket" = {};
};
};
maxLayers = 125;
};
-
in {
# MrPump won't see Errol anyway
cynerd.hosts.enable = false;
@@ -45,7 +44,7 @@ with lib;
dates = "daily";
};
};
- users.users.cynerd.extraGroups = [ "docker" ];
+ users.users.cynerd.extraGroups = ["docker"];
# Common container for the Gitlab Nix runner
virtualisation.oci-containers = {
@@ -59,7 +58,7 @@ with lib;
# Gitlab runner
systemd.services.gitlab-runner.serviceConfig = let
- config = (pkgs.formats.toml{}).generate "gitlab-runner.toml" {
+ config = (pkgs.formats.toml {}).generate "gitlab-runner.toml" {
concurrent = 1;
runners = [
{
@@ -118,7 +117,5 @@ with lib;
ExecReload = mkForce "!${configureScript}";
};
services.gitlab-runner.enable = true;
-
};
-
}
diff --git a/nixos/machine/ridcully.nix b/nixos/machine/ridcully.nix
index ad31e82..01e8f07 100644
--- a/nixos/machine/ridcully.nix
+++ b/nixos/machine/ridcully.nix
@@ -1,9 +1,10 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
{
-
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+with lib; {
config = {
cynerd = {
desktop.enable = true;
@@ -63,7 +64,5 @@ with lib;
dataDir = "/home/cynerd";
configDir = "/home/cynerd/.config/syncthing";
};
-
};
-
}
diff --git a/nixos/machine/spt-mox.nix b/nixos/machine/spt-mox.nix
index 57573ef..3ada201 100644
--- a/nixos/machine/spt-mox.nix
+++ b/nixos/machine/spt-mox.nix
@@ -1,10 +1,11 @@
-{ config, lib, pkgs, ... }:
-
-with builtins;
-with lib;
-
{
-
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+with builtins;
+with lib; {
config = {
cynerd.home-assistant = true;
@@ -41,7 +42,11 @@ with lib;
bridges = {
brlan = {
interfaces = [
- "eth0" "lan1" "lan2" "lan3" "lan4"
+ "eth0"
+ "lan1"
+ "lan2"
+ "lan3"
+ "lan4"
];
};
brguest = {
@@ -52,17 +57,17 @@ with lib;
};
interfaces.brlan = {
ipv4 = {
- addresses = [{
- address = config.cynerd.hosts.spt.mox;
- prefixLength = 24;
- }];
+ addresses = [
+ {
+ address = config.cynerd.hosts.spt.mox;
+ prefixLength = 24;
+ }
+ ];
};
};
defaultGateway = config.cynerd.hosts.spt.omnia;
- nameservers = [ config.cynerd.hosts.spt.omnia "1.1.1.1" "8.8.8.8" ];
- dhcpcd.allowInterfaces = [ "brlan" ];
+ nameservers = [config.cynerd.hosts.spt.omnia "1.1.1.1" "8.8.8.8"];
+ dhcpcd.allowInterfaces = ["brlan"];
};
-
};
-
}
diff --git a/nixos/machine/spt-mox2.nix b/nixos/machine/spt-mox2.nix
index 71b95ac..8ecf1ad 100644
--- a/nixos/machine/spt-mox2.nix
+++ b/nixos/machine/spt-mox2.nix
@@ -1,19 +1,21 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
{
-
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+with lib; {
config = {
-
boot.kernelParams = [
"pcie_aspm=off" # Fix for crashes due to SError Interrupt on ath10k load
];
- swapDevices = [{
- device = "/dev/disk/by-partlabel/NixTurrisSwap";
- priority = 1;
- }];
+ swapDevices = [
+ {
+ device = "/dev/disk/by-partlabel/NixTurrisSwap";
+ priority = 1;
+ }
+ ];
networking.wirelessAP = {
enable = true;
@@ -61,16 +63,17 @@ with lib;
};
interfaces.brlan = {
ipv4 = {
- addresses = [{
- address = config.cynerd.hosts.spt.mox2;
- prefixLength = 24;
- }];
+ addresses = [
+ {
+ address = config.cynerd.hosts.spt.mox2;
+ prefixLength = 24;
+ }
+ ];
};
};
defaultGateway = config.cynerd.hosts.spt.omnia;
- nameservers = [ config.cynerd.hosts.spt.omnia "1.1.1.1" "8.8.8.8" ];
- dhcpcd.allowInterfaces = [ "brlan" ];
+ nameservers = [config.cynerd.hosts.spt.omnia "1.1.1.1" "8.8.8.8"];
+ dhcpcd.allowInterfaces = ["brlan"];
};
};
-
}
diff --git a/nixos/machine/spt-mpd.nix b/nixos/machine/spt-mpd.nix
index f32c1db..ab960b5 100644
--- a/nixos/machine/spt-mpd.nix
+++ b/nixos/machine/spt-mpd.nix
@@ -1,9 +1,10 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
{
-
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+with lib; {
config = {
fileSystems = {
"/" = {
@@ -13,5 +14,4 @@ with lib;
};
};
};
-
}
diff --git a/nixos/machine/spt-omnia.nix b/nixos/machine/spt-omnia.nix
index d2c4a96..8251b0b 100644
--- a/nixos/machine/spt-omnia.nix
+++ b/nixos/machine/spt-omnia.nix
@@ -1,9 +1,10 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
{
-
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+with lib; {
config = {
cynerd = {
openvpn.oldpersonal = true;
@@ -14,7 +15,11 @@ with lib;
bridges = {
brlan = {
interfaces = [
- "lan0" "lan1" "lan2" "lan3" "lan4"
+ "lan0"
+ "lan1"
+ "lan2"
+ "lan3"
+ "lan4"
];
};
#brguest = {
@@ -25,14 +30,16 @@ with lib;
};
interfaces.brlan = {
ipv4 = {
- addresses = [{
- address = config.cynerd.hosts.spt.omnia;
- prefixLength = 24;
- }];
+ addresses = [
+ {
+ address = config.cynerd.hosts.spt.omnia;
+ prefixLength = 24;
+ }
+ ];
};
};
- nameservers = [ "127.0.0.1" "1.1.1.1" "8.8.8.8" ];
- dhcpcd.allowInterfaces = [ "eth2" ];
+ nameservers = ["127.0.0.1" "1.1.1.1" "8.8.8.8"];
+ dhcpcd.allowInterfaces = ["eth2"];
};
services.syncthing = {
@@ -44,7 +51,5 @@ with lib;
dataDir = "/data";
};
-
};
-
}
diff --git a/nixos/machine/susan.nix b/nixos/machine/susan.nix
index b452ed9..d05120f 100644
--- a/nixos/machine/susan.nix
+++ b/nixos/machine/susan.nix
@@ -1,9 +1,10 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
{
-
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+with lib; {
config = {
cynerd.desktop.enable = true;
@@ -20,7 +21,5 @@ with lib;
device = "/dev/disk/by-uuid/EB3E-3635";
};
};
-
};
-
}
diff --git a/nixos/modules/autounlock.nix b/nixos/modules/autounlock.nix
index 0458c7b..7f7c24e 100644
--- a/nixos/modules/autounlock.nix
+++ b/nixos/modules/autounlock.nix
@@ -1,13 +1,12 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
-
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+with lib; let
cnf = config.cynerd.autounlock;
-
in {
-
options = {
cynerd.autounlock = mkOption {
type = with types; attrsOf string;
@@ -17,24 +16,23 @@ in {
};
config = mkIf (cnf != {}) {
-
- environment.systemPackages = [ pkgs.luks-hw-password ];
+ environment.systemPackages = [pkgs.luks-hw-password];
boot.initrd = {
extraFiles."/luks-hw-password".source = pkgs.luks-hw-password;
- luks.devices = mapAttrs (name: value: {
+ luks.devices =
+ mapAttrs (name: value: {
device = value;
keyFile = "/keys/${name}.key";
fallbackToPassword = true;
preOpenCommands = ''
mkdir -p /keys
/luks-hw-password/bin/luks-hw-password > /keys/${name}.key
- '';
+ '';
postOpenCommands = ''
rm -rf /keys
- '';
- }) cnf;
+ '';
+ })
+ cnf;
};
-
};
-
}
diff --git a/nixos/modules/compile.nix b/nixos/modules/compile.nix
index ffa339f..6a6b7b2 100644
--- a/nixos/modules/compile.nix
+++ b/nixos/modules/compile.nix
@@ -1,9 +1,10 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
{
-
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+with lib; {
options = {
cynerd.compile = mkOption {
type = types.bool;
@@ -21,33 +22,32 @@ with lib;
aarch64-linux = {
fixBinary = true;
wrapInterpreterInShell = false;
- interpreter = (lib.systems.elaborate { system = "aarch64-linux"; }).emulator pkgs;
+ interpreter = (lib.systems.elaborate {system = "aarch64-linux";}).emulator pkgs;
magicOrExtension = "\\x7fELF\\x02\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\xb7\\x00";
mask = "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xfe\\xff\\xff\\xff";
};
armv7l-linux = {
fixBinary = true;
wrapInterpreterInShell = false;
- interpreter = (lib.systems.elaborate { system = "armv7l-linux"; }).emulator pkgs;
+ interpreter = (lib.systems.elaborate {system = "armv7l-linux";}).emulator pkgs;
magicOrExtension = "\\x7fELF\\x01\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x28\\x00";
mask = "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xfe\\xff\\xff\\xff";
};
};
nix.settings.extra-platforms = [
- "aarch64-linux" "armv7l-linux"
+ "aarch64-linux"
+ "armv7l-linux"
];
environment.systemPackages = with pkgs; [
# Tools
- git bash
+ git
+ bash
#uroot
qemu
# Python
python3Packages.pip
-
];
-
};
-
}
diff --git a/nixos/modules/desktop.nix b/nixos/modules/desktop.nix
index 27beb04..e7c6ecc 100644
--- a/nixos/modules/desktop.nix
+++ b/nixos/modules/desktop.nix
@@ -1,12 +1,12 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
-
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+with lib; let
cnf = config.cynerd.desktop;
-
in {
-
options = {
cynerd.desktop = {
enable = mkOption {
@@ -25,106 +25,146 @@ in {
config = mkIf cnf.enable {
programs.sway.enable = true;
programs.sway.wrapperFeatures.gtk = true;
- programs.sway.extraPackages = with pkgs; [
- gnome.dconf-editor
- glib gsettings-desktop-schemas
- i3blocks sysstat
- wofi rofimoji wev
- swaybackground myswaylock
-
- alacritty
-
- kanshi wdisplays wayvnc wl-mirror
- slurp grim
- wf-recorder
- wl-clipboard wl-color-picker
- swayidle
- dunst libnotify
-
- isync msmtp notmuch astroid
- taskwarrior vdirsyncer khal khard
- gnupg pinentry-gnome pinentry-curses
- (pass.withExtensions (exts: [
- exts.pass-otp exts.pass-audit
- ]))
-
- firefox chromium
- ferdium signal-desktop
- libreoffice
- mupdf pdfgrep
-
- xdg-utils xdg-launch
- mesa-demos vulkan-tools
-
- pulsemixer
- mpd mpc-cli ncmpcpp
- feh shotwell id3lib
- vlc mpv youtube-dl
-
- nordic
- delft-icon-theme gnome.adwaita-icon-theme
- vanilla-dmz
- sound-theme-freedesktop
- gucharmap
-
- (sdcv.withDictionaries [ stardict-en-cz stardict-de-cz stardict-cz ])
-
- samba cifs-utils
-
- tigervnc freerdp
- plasma5Packages.kdeconnect-kde
-
- hdparm ethtool multipath-tools
- usb-modeswitch
- v4l-utils
-
- # Calculating
- python3Packages.numpy python3Packages.sympy python3Packages.matplotlib
-
- # Creation
- simple-scan
- audacity
- gimp inkscape
- blender
- kdenlive
-
- # GStreamer
- gst_all_1.gst-libav
- gst_all_1.gst-plugins-bad
- gst_all_1.gst-plugins-base
- gst_all_1.gst-plugins-good
- gst_all_1.gst-plugins-ugly
- gst_all_1.gst-plugins-viperfx
-
- # Latex
- texlive.combined.scheme-full
-
- # Gnome utils
- gnome-firmware
- gaphor
-
- # CAD
- freecad
- kicad-with-packages3d
- sweethome3d.application
- qelectrotech
-
- ] ++ (optionals cnf.laptop [
- # Power management
- powertop
- acpi
- ]);
+ programs.sway.extraPackages = with pkgs;
+ [
+ gnome.dconf-editor
+ glib
+ gsettings-desktop-schemas
+ i3blocks
+ sysstat
+ wofi
+ rofimoji
+ wev
+ swaybackground
+ myswaylock
+
+ alacritty
+
+ kanshi
+ wdisplays
+ wayvnc
+ wl-mirror
+ slurp
+ grim
+ wf-recorder
+ wl-clipboard
+ wl-color-picker
+ swayidle
+ dunst
+ libnotify
+
+ isync
+ msmtp
+ notmuch
+ astroid
+ taskwarrior
+ vdirsyncer
+ khal
+ khard
+ gnupg
+ pinentry-gnome
+ pinentry-curses
+ (pass.withExtensions (exts: [
+ exts.pass-otp
+ exts.pass-audit
+ ]))
+
+ firefox
+ chromium
+ ferdium
+ signal-desktop
+ libreoffice
+ mupdf
+ pdfgrep
+
+ xdg-utils
+ xdg-launch
+ mesa-demos
+ vulkan-tools
+
+ pulsemixer
+ mpd
+ mpc-cli
+ ncmpcpp
+ feh
+ shotwell
+ id3lib
+ vlc
+ mpv
+ youtube-dl
+
+ nordic
+ delft-icon-theme
+ gnome.adwaita-icon-theme
+ vanilla-dmz
+ sound-theme-freedesktop
+ gucharmap
+
+ (sdcv.withDictionaries [stardict-en-cz stardict-de-cz stardict-cz])
+
+ samba
+ cifs-utils
+
+ tigervnc
+ freerdp
+ plasma5Packages.kdeconnect-kde
+
+ hdparm
+ ethtool
+ multipath-tools
+ usb-modeswitch
+ v4l-utils
+
+ # Calculating
+ python3Packages.numpy
+ python3Packages.sympy
+ python3Packages.matplotlib
+
+ # Creation
+ simple-scan
+ audacity
+ gimp
+ inkscape
+ blender
+ kdenlive
+
+ # GStreamer
+ gst_all_1.gst-libav
+ gst_all_1.gst-plugins-bad
+ gst_all_1.gst-plugins-base
+ gst_all_1.gst-plugins-good
+ gst_all_1.gst-plugins-ugly
+ gst_all_1.gst-plugins-viperfx
+
+ # Latex
+ texlive.combined.scheme-full
+
+ # Gnome utils
+ gnome-firmware
+ gaphor
+
+ # CAD
+ freecad
+ kicad-with-packages3d
+ sweethome3d.application
+ qelectrotech
+ ]
+ ++ (optionals cnf.laptop [
+ # Power management
+ powertop
+ acpi
+ ]);
programs.vim.package = pkgs.vimHugeX;
programs.shellrc.desktop = true;
xdg.portal.enable = true;
xdg.portal.wlr.enable = true;
- xdg.portal.extraPortals = with pkgs; [ xdg-desktop-portal-gtk ];
+ xdg.portal.extraPortals = with pkgs; [xdg-desktop-portal-gtk];
xdg.mime.defaultApplications = {
- "text/html" = [ "firefox.desktop" ];
- "application/pdf" = [ "mupdf.desktop" ];
- "image/jpeg" = [ "feh.desktop" ];
- "image/png" = [ "feh.desktop" ];
- "image/svg" = [ "feh.desktop" ];
+ "text/html" = ["firefox.desktop"];
+ "application/pdf" = ["mupdf.desktop"];
+ "image/jpeg" = ["feh.desktop"];
+ "image/png" = ["feh.desktop"];
+ "image/svg" = ["feh.desktop"];
};
programs.usbkey = {
@@ -137,7 +177,7 @@ in {
enableSSHSupport = true;
enableBrowserSocket = true;
};
- services.dbus.packages = [ pkgs.gcr ];
+ services.dbus.packages = [pkgs.gcr];
programs.kdeconnect.enable = true;
@@ -148,7 +188,7 @@ in {
pulse.enable = true;
config.pipewire = {
context.modules = [
- { name = "libpipewire-module-zeroconf-discover"; }
+ {name = "libpipewire-module-zeroconf-discover";}
];
};
};
@@ -157,7 +197,8 @@ in {
services.printing = {
enable = true;
drivers = with pkgs; [
- gutenprint gutenprintBin
+ gutenprint
+ gutenprintBin
cnijfilter2
];
};
@@ -167,8 +208,8 @@ in {
enable = true;
discovery = true;
};
- networking.firewall.allowedTCPPorts = [ 5357 ];
- networking.firewall.allowedUDPPorts = [ 3702 ];
+ networking.firewall.allowedTCPPorts = [5357];
+ networking.firewall.allowedUDPPorts = [3702];
fonts.fonts = with pkgs; [
arkpandora_ttf
@@ -188,7 +229,7 @@ in {
services.udev.extraRules = ''
ACTION=="add|change", KERNEL=="sd*[!0-9]", ATTR{queue/scheduler}="bfq"
- '';
+ '';
hardware.opengl.driSupport = true;
hardware.opengl.driSupport32Bit = true;
@@ -224,7 +265,7 @@ in {
# Autologin on the first TTY
services.getty = {
- extraArgs = [ "--skip-login" ];
+ extraArgs = ["--skip-login"];
loginProgram = "${pkgs.bash}/bin/sh";
loginOptions = toString (pkgs.writeText "login-program.sh" ''
if [[ "$(tty)" == '/dev/tty1' ]]; then
@@ -238,8 +279,22 @@ in {
# VTI settings
console = {
colors = [
- "2e3440" "3b4252" "434c5e" "4c566a" "d8dee9" "e5e9f0" "eceff4" "8fbcbb"
- "88c0d0" "81a1c1" "5e81ac" "bf616a" "d08770" "ebcb8b" "a3be8c" "b48ead"
+ "2e3440"
+ "3b4252"
+ "434c5e"
+ "4c566a"
+ "d8dee9"
+ "e5e9f0"
+ "eceff4"
+ "8fbcbb"
+ "88c0d0"
+ "81a1c1"
+ "5e81ac"
+ "bf616a"
+ "d08770"
+ "ebcb8b"
+ "a3be8c"
+ "b48ead"
];
earlySetup = true;
useXkbConfig = true;
@@ -248,6 +303,5 @@ in {
services.gpm.enable = true;
services.locate.enable = true;
-
};
}
diff --git a/nixos/modules/develop.nix b/nixos/modules/develop.nix
index 2bf085f..c7ab1d2 100644
--- a/nixos/modules/develop.nix
+++ b/nixos/modules/develop.nix
@@ -1,11 +1,11 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
-
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+with lib; let
in {
-
options = {
cynerd.develop = mkOption {
type = types.bool;
@@ -19,7 +19,10 @@ in {
environment.enableDebugInfo = true;
environment.systemPackages = with pkgs; [
# Tools
- tig gource hub github-cli # Git
+ tig
+ gource
+ hub
+ github-cli # Git
wlc # Weblate
cloc
openssl
@@ -28,7 +31,9 @@ in {
# Nix
dev
- nix-prefetch-git nix-prefetch-github nix-prefetch-scripts
+ nix-prefetch-git
+ nix-prefetch-github
+ nix-prefetch-scripts
nix-universal-prefetch
rnix-lsp
cachix
@@ -36,50 +41,61 @@ in {
# Shell
dash # Posix shell
bats
- shellcheck shfmt
- jq yq
+ shellcheck
+ shfmt
+ jq
+ yq
# Python
- (python3.withPackages (pypkgs: with pypkgs; [
- ipython
-
- pytest pytest-html pytest-tap
- coverage
- python-lsp-black
- pylint pydocstyle
-
- mypy
-
- pygobject3
- pygraphviz matplotlib
-
- python-gitlab PyGithub
-
- schema
- jinja2
- ruamel-yaml
- msgpack
- urllib3 influxdb-client
-
- psycopg
-
- humanize rich
- lorem-text.pythonPackage
-
- pyserial pylibftdi
- pylxd
- selenium
-
- paho-mqtt
-
- ]))
+ (python3.withPackages (pypkgs:
+ with pypkgs; [
+ ipython
+
+ pytest
+ pytest-html
+ pytest-tap
+ coverage
+ python-lsp-black
+ pylint
+ pydocstyle
+
+ mypy
+
+ pygobject3
+ pygraphviz
+ matplotlib
+
+ python-gitlab
+ PyGithub
+
+ schema
+ jinja2
+ ruamel-yaml
+ msgpack
+ urllib3
+ influxdb-client
+
+ psycopg
+
+ humanize
+ rich
+ lorem-text.pythonPackage
+
+ pyserial
+ pylibftdi
+ pylxd
+ selenium
+
+ paho-mqtt
+ ]))
geckodriver
chromedriver
# Lua
- (lua5_1.withPackages (luapkgs: with luapkgs; [
- luacheck
- ]))
+ (lua5_1.withPackages (luapkgs:
+ with luapkgs; [
+ luacheck
+ ]))
# Ansible
ansible
@@ -93,7 +109,8 @@ in {
tftp-hpa
# Network
- iperf2 iperf3
+ iperf2
+ iperf3
wireshark
inetutils
@@ -107,7 +124,9 @@ in {
dfeet
# Documentation
- man-pages man-pages-posix linux-manual
+ man-pages
+ man-pages-posix
+ linux-manual
# SHV
shvspy
@@ -134,11 +153,13 @@ in {
virtualisation.lxc.enable = true;
virtualisation.libvirtd.enable = true;
- users.groups.develop = { };
+ users.groups.develop = {};
users.users.cynerd.extraGroups = [
- "docker" "lxd" "develop" "libvirtd" "wireshark"
+ "docker"
+ "lxd"
+ "develop"
+ "libvirtd"
+ "wireshark"
];
-
};
-
}
diff --git a/nixos/modules/gaming.nix b/nixos/modules/gaming.nix
index f61f85e..82a7335 100644
--- a/nixos/modules/gaming.nix
+++ b/nixos/modules/gaming.nix
@@ -1,12 +1,12 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
-
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+with lib; let
cnf = config.cynerd.gaming;
-
in {
-
options = {
cynerd.gaming = mkOption {
type = types.bool;
@@ -29,12 +29,11 @@ in {
};
nixpkgs.config.packageOverrides = pkgs: {
steam = pkgs.steam.override {
- extraPkgs = pkgs: with pkgs; [
- ncurses
- ];
+ extraPkgs = pkgs:
+ with pkgs; [
+ ncurses
+ ];
};
};
-
-
};
}
diff --git a/nixos/modules/generic.nix b/nixos/modules/generic.nix
index 121133f..25fcbde 100644
--- a/nixos/modules/generic.nix
+++ b/nixos/modules/generic.nix
@@ -1,13 +1,12 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
-
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+with lib; let
isNative = config.nixpkgs.crossSystem == null;
-
in {
-
config = {
system.stateVersion = "22.05";
@@ -23,7 +22,7 @@ in {
"thefloweringash-armv7.cachix.org-1:v+5yzBD2odFKeXbmC+OPWVqx4WVoIVO6UXgnSAWFtso="
"arm.cachix.org-1:K3XjAeWPgWkFtSS9ge5LJSLw3xgnNqyOaG7MDecmTQ8="
];
- trusted-users = [ "@wheel" ];
+ trusted-users = ["@wheel"];
};
registry = {
personal.to = {
@@ -40,52 +39,70 @@ in {
hardware.enableAllFirmware = true;
services.fwupd.enable = mkIf (pkgs.system == "x86_64-linux") true;
-
nixpkgs.config.allowUnfree = true;
- environment.systemPackages = with pkgs; [
- git # We need git for this repository to even work
- # Administration tools
- #coreutils moreutils binutils psmisc progress lshw file
- coreutils binutils psmisc progress lshw file vde2
- ldns wget
- gnumake
- exfat exfatprogs ntfs3g
- nix-index
- usbutils pciutils smartmontools
-
- # NCurses tools
- htop iotop #glances
- mc
- screen tmux
-
- # ls tools
- tree
- lsof
- strace
- #mlocate
-
- sourceHighlight # Colors for less
- unrar p7zip zip unzip
-
- # Network
- nmap netcat traceroute
- iftop nethogs
- # TODO add mdns
- sshfs
- wakeonlan
-
- lm_sensors
-
- ] ++ optionals (system == "x86_64-linux") [
- ltrace
- ] ++ optionals (!isNative) [
- ncdu_1
- ] ++ optionals (isNative) [
- moreutils
- glances
- ncdu
- mlocate
- ];
+ environment.systemPackages = with pkgs;
+ [
+ git # We need git for this repository to even work
+ # Administration tools
+ coreutils
+ binutils
+ psmisc
+ progress
+ lshw
+ file
+ vde2
+ ldns
+ wget
+ gnumake
+ exfat
+ exfatprogs
+ ntfs3g
+ nix-index
+ usbutils
+ pciutils
+ smartmontools
+
+ # NCurses tools
+ htop
+ iotop
+ mc
+ screen
+ tmux
+
+ # ls tools
+ tree
+ lsof
+ strace
+
+ sourceHighlight # Colors for less
+ unrar
+ p7zip
+ zip
+ unzip
+
+ # Network
+ nmap
+ netcat
+ traceroute
+ iftop
+ nethogs
+ sshfs
+ wakeonlan
+
+ lm_sensors
+ ]
+ ++ optionals (system == "x86_64-linux") [
+ ltrace
+ ]
+ ++ optionals (!isNative) [
+ ncdu_1
+ ]
+ ++ optionals isNative [
+ moreutils
+ glances
+ ncdu
+ mlocate
+ ];
users.mutableUsers = false;
users.groups.cynerd.gid = 1000;
@@ -97,11 +114,24 @@ in {
group = "cynerd";
extraGroups = ["users" "wheel" "dialout" "kvm" "uucp"];
uid = 1000;
- subUidRanges = [{ count = 65534; startUid = 10000; }];
- subGidRanges = [{ count = 65534; startGid = 10000; }];
+ subUidRanges = [
+ {
+ count = 65534;
+ startUid = 10000;
+ }
+ ];
+ subGidRanges = [
+ {
+ count = 65534;
+ startGid = 10000;
+ }
+ ];
isNormalUser = true;
createHome = true;
- shell = if isNative then pkgs.zsh.out else pkgs.bash.out;
+ shell =
+ if isNative
+ then pkgs.zsh.out
+ else pkgs.bash.out;
passwordFile = "/run/secrets/cynerd.pass";
openssh.authorizedKeys.keyFiles = [
(config.personal-secrets + "/unencrypted/git-private.pub")
@@ -113,7 +143,10 @@ in {
programs.vim.defaultEditor = mkDefault true;
security.sudo.extraRules = [
- { groups = [ "wheel" ]; commands = [ "ALL" ]; }
+ {
+ groups = ["wheel"];
+ commands = ["ALL"];
+ }
];
networking.dhcpcd.extraConfig = "controlgroup wheel";
environment.etc."dhcpcd.conf".text = "controlgroup wheel";
@@ -123,7 +156,7 @@ in {
time.timeZone = "Europe/Prague";
i18n.defaultLocale = "en_US.UTF-8";
- services.udev.packages = [
+ services.udev.packages = [
(pkgs.writeTextFile rec {
name = "bfq-drives.rules";
destination = "/etc/udev/rules.d/60-${name}";
@@ -140,7 +173,5 @@ in {
'';
programs.fuse.userAllowOther = true;
-
};
-
}
diff --git a/nixos/modules/home-assistant.nix b/nixos/modules/home-assistant.nix
index e4f2232..0f2df9e 100644
--- a/nixos/modules/home-assistant.nix
+++ b/nixos/modules/home-assistant.nix
@@ -1,18 +1,17 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
-
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+with lib; let
cnf = config.cynerd.home-assistant;
-
in {
options = {
cynerd.home-assistant = mkEnableOption "Enable Home Assistant and Bigclown";
};
config = mkIf cnf {
-
services.mosquitto = {
enable = true;
listeners = [
@@ -134,27 +133,31 @@ in {
};
services.telegraf.extraConfig = {
- outputs.influxdb_v2 = [{
- urls = ["http://errol:8086"];
- token = "$INFLUX_TOKEN";
- organization = "personal";
- bucket = "bigclown";
- tagpass.source = ["bigclown"];
- }];
+ outputs.influxdb_v2 = [
+ {
+ urls = ["http://errol:8086"];
+ token = "$INFLUX_TOKEN";
+ organization = "personal";
+ bucket = "bigclown";
+ tagpass.source = ["bigclown"];
+ }
+ ];
inputs.mqtt_consumer = let
consumer = data_type: topics: {
- tags = { source = "bigclown"; };
+ tags = {source = "bigclown";};
servers = ["tcp://localhost:1883"];
topics = topics;
username = "telegraf";
password = "$MQTT_PASSWORD";
data_format = "value";
data_type = data_type;
- topic_parsing = [{
- topic = "bigclown/node/+/+/+/+";
- measurement = "_/_/_/_/_/measurement";
- tags = "_/_/device/field/_/_";
- }];
+ topic_parsing = [
+ {
+ topic = "bigclown/node/+/+/+/+";
+ measurement = "_/_/_/_/_/measurement";
+ tags = "_/_/device/field/_/_";
+ }
+ ];
};
in [
(consumer "float" [
@@ -170,11 +173,13 @@ in {
"bigclown/node/+/flood-detector/+/alarm"
])
];
- processors.pivot = [{
- tag_key = "field";
- value_key = "value";
- tagpass.source = ["bigclown"];
- }];
+ processors.pivot = [
+ {
+ tag_key = "field";
+ value_key = "value";
+ tagpass.source = ["bigclown"];
+ }
+ ];
};
services.home-assistant = {
@@ -204,10 +209,11 @@ in {
};
extraComponents = [];
package = pkgs.home-assistant.override {
- extraPackages = pkgs: with pkgs; [
- securetar
- ];
- packageOverrides = (self: super: {
+ extraPackages = pkgs:
+ with pkgs; [
+ securetar
+ ];
+ packageOverrides = self: super: {
scapy = super.scapy.override {
withPlottingSupport = false;
};
@@ -215,10 +221,8 @@ in {
dontUsePytestCheck = true;
dontUseSetuptoolsCheck = true;
});
- });
+ };
};
};
-
};
-
}
diff --git a/nixos/modules/hosts.nix b/nixos/modules/hosts.nix
index ca9daa1..8a53578 100644
--- a/nixos/modules/hosts.nix
+++ b/nixos/modules/hosts.nix
@@ -1,18 +1,17 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
-
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+with lib; let
cnf = config.cynerd.hosts;
staticZoneOption = mkOption {
type = types.attrsOf types.str;
readOnly = true;
};
-
in {
-
options = {
cynerd.hosts = {
enable = mkOption {
@@ -62,7 +61,7 @@ in {
"3dprint" = "10.8.3.80";
"mpd" = "192.168.0.51";
# Portable
- "albert" ="10.8.3.61";
+ "albert" = "10.8.3.61";
"susan" = "10.8.3.62";
"binky" = "10.8.3.63";
};
@@ -100,5 +99,4 @@ in {
"${cnf.adm.mpd}" = ["mpd.adm"];
};
};
-
}
diff --git a/nixos/modules/monitoring.nix b/nixos/modules/monitoring.nix
index abeba2d..86a37e4 100644
--- a/nixos/modules/monitoring.nix
+++ b/nixos/modules/monitoring.nix
@@ -1,13 +1,13 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
-
-cnf = config.cynerd.monitoring;
-hostName = config.networking.hostName;
-isHost = cnf.host == hostName;
-
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+with lib; let
+ cnf = config.cynerd.monitoring;
+ hostName = config.networking.hostName;
+ isHost = cnf.host == hostName;
in {
options.cynerd.monitoring = {
enable = mkOption {
@@ -29,7 +29,7 @@ in {
};
config = mkMerge [
- { cynerd.monitoring.host = "errol"; }
+ {cynerd.monitoring.host = "errol";}
(mkIf cnf.enable {
# Telegraf configuration
@@ -38,53 +38,75 @@ in {
environmentFiles = ["/run/secrets/telegraf.env"];
extraConfig = {
agent = {};
- outputs.influxdb_v2 = [{
- urls = ["http://errol:8086"];
- token = "$INFLUX_TOKEN";
- organization = "personal";
- bucket = "monitoring";
- tagdrop.source = ["bigclown"]; # See home-assistant.nix
- }];
- inputs = {
- cpu = [{
- percpu = true;
- totalcpu = true;
- }];
- mem = [{}];
- swap = [{}];
- disk = [{
- ignore_fs = [
- "tmpfs" "devtmpfs" "devfs" "iso9660" "overlay" "aufs" "squashfs"
+ outputs.influxdb_v2 = [
+ {
+ urls = ["http://errol:8086"];
+ token = "$INFLUX_TOKEN";
+ organization = "personal";
+ bucket = "monitoring";
+ tagdrop.source = ["bigclown"]; # See home-assistant.nix
+ }
+ ];
+ inputs =
+ {
+ cpu = [
+ {
+ percpu = true;
+ totalcpu = true;
+ }
];
- }];
- diskio = [{}];
- net = [{}];
- system = [{}];
- processes = [{}];
- systemd_units = [{}];
- wireguard = [{}];
- } // (optionalAttrs cnf.hw {
- sensors = [{}];
- smart = [{
- path_smartctl = "${pkgs.smartmontools}/bin/smartctl";
- use_sudo = true;
- }];
- wireless = [{}];
- });
+ mem = [{}];
+ swap = [{}];
+ disk = [
+ {
+ ignore_fs = [
+ "tmpfs"
+ "devtmpfs"
+ "devfs"
+ "iso9660"
+ "overlay"
+ "aufs"
+ "squashfs"
+ ];
+ }
+ ];
+ diskio = [{}];
+ net = [{}];
+ system = [{}];
+ processes = [{}];
+ systemd_units = [{}];
+ wireguard = [{}];
+ }
+ // (optionalAttrs cnf.hw {
+ sensors = [{}];
+ smart = [
+ {
+ path_smartctl = "${pkgs.smartmontools}/bin/smartctl";
+ use_sudo = true;
+ }
+ ];
+ wireless = [{}];
+ });
};
};
- systemd.services.telegraf.path = with pkgs; [
- "/run/wrappers"
- ] ++ (optionals cnf.hw [
- lm_sensors smartmontools nvme-cli
- ]);
+ systemd.services.telegraf.path = with pkgs;
+ [
+ "/run/wrappers"
+ ]
+ ++ (optionals cnf.hw [
+ lm_sensors
+ smartmontools
+ nvme-cli
+ ]);
security.sudo.extraRules = [
{
users = ["telegraf"];
- commands = [{
- command = "${pkgs.smartmontools}/bin/smartctl";
- options = ["NOPASSWD"];
- }];
+ commands = [
+ {
+ command = "${pkgs.smartmontools}/bin/smartctl";
+ options = ["NOPASSWD"];
+ }
+ ];
}
];
})
@@ -112,6 +134,5 @@ in {
};
networking.firewall.allowedTCPPorts = [8086 3000];
})
-
];
}
diff --git a/nixos/modules/openvpn.nix b/nixos/modules/openvpn.nix
index d070cb2..ee62582 100644
--- a/nixos/modules/openvpn.nix
+++ b/nixos/modules/openvpn.nix
@@ -1,13 +1,12 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
-
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+with lib; let
cnf = config.cynerd.openvpn;
-
in {
-
options = {
cynerd.openvpn = {
personal = mkOption {
@@ -36,11 +35,10 @@ in {
oldpersonal = mkIf cnf.oldpersonal {
config = "config /run/secrets/old.ovpn";
};
- elektroline = mkIf cnf.elektroline {
+ elektroline = mkIf cnf.elektroline {
autoStart = false;
config = "config /run/secrets/elektroline.ovpn";
};
};
};
-
}
diff --git a/nixos/modules/router.nix b/nixos/modules/router.nix
index e65ef10..00a3c03 100644
--- a/nixos/modules/router.nix
+++ b/nixos/modules/router.nix
@@ -1,12 +1,12 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
-
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+with lib; let
cnf = config.cynerd.router;
-
in {
-
options = {
cynerd.router = {
enable = mkOption {
@@ -28,16 +28,14 @@ in {
};
config = mkIf cnf {
-
# TODO firewall NAT
networking = {
-
};
services.dhcpd4 = {
enable = true;
authoritative = true;
- interfaces = [ "brlan" ];
+ interfaces = ["brlan"];
extraConfig = ''
'';
};
@@ -45,7 +43,7 @@ in {
services.dhcpd6 = {
enable = true;
authoritative = true;
- interfaces = [ "brlan" ];
+ interfaces = ["brlan"];
extraConfig = ''
'';
};
@@ -53,6 +51,5 @@ in {
services.kresd = {
enable = true;
};
-
};
}
diff --git a/nixos/modules/syncthing.nix b/nixos/modules/syncthing.nix
index 44c1ac1..db8b6a8 100644
--- a/nixos/modules/syncthing.nix
+++ b/nixos/modules/syncthing.nix
@@ -1,28 +1,38 @@
-{ config, lib, pkgs, ... }:
-
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
with builtins;
-with lib;
-
-let
-
+with lib; let
cnf = config.cynerd.syncthing;
hostName = config.networking.hostName;
allDevices = [
- "albert" "binky" "errol" "lipwig" "ridcully" "susan" "spt-omnia"
+ "albert"
+ "binky"
+ "errol"
+ "lipwig"
+ "ridcully"
+ "susan"
+ "spt-omnia"
];
mediaDevices = [
- "lipwig" "binky" "errol" "ridcully" "spt-omnia"
+ "lipwig"
+ "binky"
+ "errol"
+ "ridcully"
+ "spt-omnia"
];
bigStorageDevices = [
- "errol" "ridcully" "spt-omnia"
+ "errol"
+ "ridcully"
+ "spt-omnia"
];
filterDevice = folders: filterAttrs (n: v: any (d: d == hostName) v.devices) folders;
-
in {
-
options = {
cynerd.syncthing = {
-
enable = mkOption {
type = types.bool;
default = false;
@@ -34,13 +44,12 @@ in {
default = "/home/cynerd";
description = "Base directory for all folders being synced.";
};
-
};
};
config = mkIf cnf.enable {
services.syncthing = {
- enable = any (n: n == hostName) allDevices;
+ enable = any (n: n == hostName) allDevices;
user = mkDefault "cynerd";
key = "/run/secrets/syncthing/key.pem";
cert = "/run/secrets/syncthing/cert.pem";
@@ -101,15 +110,15 @@ in {
};
overrideDevices = true;
- devices = recursiveUpdate
- (genAttrs allDevices (name: {
- id = config.secrets.syncthingIDs."${name}";
- }))
- {
- lipwig.addresses = ["tcp://cynerd.cz"];
- };
+ devices =
+ recursiveUpdate
+ (genAttrs allDevices (name: {
+ id = config.secrets.syncthingIDs."${name}";
+ }))
+ {
+ lipwig.addresses = ["tcp://cynerd.cz"];
+ };
# TODO phone
};
};
-
}
diff --git a/nixos/modules/wifi-client.nix b/nixos/modules/wifi-client.nix
index af09155..fd0944a 100644
--- a/nixos/modules/wifi-client.nix
+++ b/nixos/modules/wifi-client.nix
@@ -1,9 +1,10 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
{
-
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+with lib; {
options = {
cynerd.wifiClient = mkOption {
type = types.bool;