From b2ec9599373c7e0f5428694c5712c8fc0be06264 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= Date: Thu, 14 Mar 2024 09:35:13 +0100 Subject: Load of updates and module simplification --- flake.lock | 80 ++++---- flake.nix | 16 +- nixos/machine/adm-mpd.nix | 88 +++++---- nixos/machine/adm-omnia.nix | 154 ++++++++------- nixos/machine/adm-omnia2.nix | 72 ++++--- nixos/machine/albert.nix | 67 +++---- nixos/machine/binky.nix | 114 ++++++------ nixos/machine/dean.nix | 68 +++---- nixos/machine/errol.nix | 216 +++++++++++---------- nixos/machine/gaspode.nix | 30 ++- nixos/machine/lipwig.nix | 392 +++++++++++++++++++-------------------- nixos/machine/ridcully.nix | 117 ++++++------ nixos/machine/spt-mox.nix | 91 +++++---- nixos/machine/spt-mox2.nix | 88 +++++---- nixos/machine/spt-mpd.nix | 18 +- nixos/machine/spt-omnia.nix | 316 +++++++++++++++---------------- nixos/machine/spt-omniax.nix | 88 ++++----- nixos/modules/default.nix | 2 +- nixos/modules/desktop.nix | 14 +- nixos/modules/develop.nix | 27 ++- nixos/modules/generic.nix | 10 +- nixos/modules/home-assistant.nix | 6 +- nixos/modules/hosts.nix | 20 +- nixos/modules/openvpn.nix | 1 - nixos/modules/switch.nix | 4 +- nixos/modules/syncthing.nix | 1 - nixos/modules/wifi-adm.nix | 5 +- nixos/modules/wifi-spt.nix | 11 +- nixos/modules/wireguad.nix | 18 ++ pkgs/default.nix | 8 + pkgs/stardict/wrapper.nix | 5 +- pkgs/theme/delft-icon-theme.nix | 3 +- pkgs/theme/myswaylock.sh | 4 - update.sh | 6 - 34 files changed, 1080 insertions(+), 1080 deletions(-) create mode 100644 nixos/modules/wireguad.nix delete mode 100755 update.sh diff --git a/flake.lock b/flake.lock index b552701..0698404 100644 --- a/flake.lock +++ b/flake.lock @@ -48,11 +48,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1705309234, - "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", "type": "github" }, "original": { @@ -147,11 +147,11 @@ "systems": "systems_5" }, "locked": { - "lastModified": 1705309234, - "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", "type": "github" }, "original": { @@ -230,11 +230,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1708425420, - "narHash": "sha256-VCRZDSqxCHrbs46+OEu6MiCcPGpT/JTBvGAb6BjaqcU=", + "lastModified": 1710337543, + "narHash": "sha256-qMfZOsB+p787hJdqGIvcoEByRTwwbT4SKIBctjCIB6Q=", "ref": "refs/heads/master", - "rev": "2082ee48503c3ebe376a9b4d23eb6bc33a54b6a6", - "revCount": 3512, + "rev": "fa5c4161e4c66646235c52ef8949a072f74a36d5", + "revCount": 3563, "submodules": true, "type": "git", "url": "https://gitlab.elektroline.cz/elektroline/flatlineng.git" @@ -312,11 +312,11 @@ "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1708611197, - "narHash": "sha256-4UoamtCUOgavrqlSUtbS9CZdWlkcSLjCdZkPWluHAwc=", + "lastModified": 1710150065, + "narHash": "sha256-o9B/i2uvEsZWvivDBsstffSUFE+pDcMeskWAXTnmAvA=", "owner": "cynerd", "repo": "nixdeploy", - "rev": "1be94239235103433a7bc3d769ba411d2c44e02f", + "rev": "6e251cee712de2de91a5bc28d32702111a95848f", "type": "gitlab" }, "original": { @@ -327,11 +327,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1708594753, - "narHash": "sha256-c/gH7iXS/IYH9NrFOT+aJqTq+iEBkvAkpWuUHGU3+f0=", + "lastModified": 1710123225, + "narHash": "sha256-j3oWlxRZxB7cFsgEntpH3rosjFHRkAo/dhX9H3OfxtY=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "3f7d0bca003eac1a1a7f4659bbab9c8f8c2a0958", + "rev": "ad2fd7b978d5e462048729a6c635c45d3d33c9ba", "type": "github" }, "original": { @@ -441,11 +441,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1708535278, - "narHash": "sha256-WQHQ+311Mp8/L5+wB++6nnzeVscdF46hbAh/EwQdp/k=", + "lastModified": 1710339354, + "narHash": "sha256-+P5ccUPiLouHexb8aJrUOVOIja9qm+fG57pgAu7uIRs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "591f9cbebeef5dfdcb24997a3069d7f29c365ab9", + "rev": "2dbc8f62d8af7a1ab962e4b20d12b25ddcb86ced", "type": "github" }, "original": { @@ -456,11 +456,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1707743206, - "narHash": "sha256-AehgH64b28yKobC/DAWYZWkJBxL/vP83vkY+ag2Hhy4=", + "lastModified": 1710252211, + "narHash": "sha256-hQChQpB4LDBaSrNlD6DPLhU9T+R6oyxMCg2V+S7Y1jg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2d627a2a704708673e56346fcb13d25344b8eaf3", + "rev": "7eeacecff44e05a9fd61b9e03836b66ecde8a525", "type": "github" }, "original": { @@ -516,11 +516,11 @@ "nixpkgs": "nixpkgs_6" }, "locked": { - "lastModified": 1708186608, - "narHash": "sha256-yDIbHSKSyXRWOknzpwZ/dLAa9PjSk5CibwN0nrJEFFk=", + "lastModified": 1710278775, + "narHash": "sha256-4kwVKv2Wrus6kNka/XtcrpYx1hemORAiv0wchoMxEvM=", "owner": "cynerd", "repo": "nixturris", - "rev": "a446cb11256ae77161384af2451875eb63c19d4d", + "rev": "b6f0fe38003fe22c2a0b94ac660e6063bb6f67b9", "type": "gitlab" }, "original": { @@ -531,11 +531,11 @@ }, "personal-secret": { "locked": { - "lastModified": 1708459156, - "narHash": "sha256-NrEpPIdAceJVeQHKSF2blD++e8FfxPBzWILXsoW8qoc=", + "lastModified": 1709714642, + "narHash": "sha256-0Dhy0mpN2SZ+SB70zHHkAZIXTVQiFTtQMU9K8SwL1JE=", "ref": "refs/heads/master", - "rev": "24d085ef420ab7f3186f969f58f70f62c4bd743b", - "revCount": 93, + "rev": "87850728e08b2f1ded1ace00d4934a81bcfeb970", + "revCount": 94, "type": "git", "url": "ssh://git@cynerd.cz/nixos-personal-secret" }, @@ -588,11 +588,11 @@ "nixpkgs": "nixpkgs_7" }, "locked": { - "lastModified": 1701422437, - "narHash": "sha256-a4ZHQoZL5AN0JtBe1uY+Ue91XygNs4jQ/gGGkPtUX+Q=", + "lastModified": 1710324061, + "narHash": "sha256-iljq1G7W3Pd18Dda9GhLlHoH7yDU15nCatOqpt0jeSY=", "ref": "refs/heads/master", - "rev": "000268bfffeb92a0afe7e6953b0e20ee395d5621", - "revCount": 102, + "rev": "4456b47318a9014b8fa2eeec34edb165cb4ca811", + "revCount": 107, "type": "git", "url": "https://git.cynerd.cz/shellrc" }, @@ -627,11 +627,11 @@ "nixpkgs": "nixpkgs_11" }, "locked": { - "lastModified": 1708357912, - "narHash": "sha256-+eDr/7AdOiwA63hSVkFgWx37kc+bqg+YVajLYxJC7ro=", + "lastModified": 1709892386, + "narHash": "sha256-TuCeepBnNgHiBp7ykvL9f4VomndWr6iipxz9tudu0rI=", "ref": "refs/heads/master", - "rev": "76601ce0137feeb6bd69432963cb36b12e42f407", - "revCount": 434, + "rev": "0b8659543bba43d6298693fe84e00a0ae27dcf2e", + "revCount": 440, "submodules": true, "type": "git", "url": "https://github.com/silicon-heaven/shvspy.git" @@ -813,11 +813,11 @@ }, "vpsadminos": { "locked": { - "lastModified": 1708364097, - "narHash": "sha256-7VYZ9Y7lEtiDQPritENiiIzGTWk4GDrAOqqJFZjwZPg=", + "lastModified": 1710366851, + "narHash": "sha256-/Qhjx2mM87tc0ip+aJUeCYbdUQ5a0eb9GmxeAQvM+bA=", "owner": "vpsfreecz", "repo": "vpsadminos", - "rev": "b9956bd62059d06114d4368dedd24777fa75f126", + "rev": "0cb872bfbf463f38c611e5c6d8ec28ee69ed48c2", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 9e0a9bd..72cbbd6 100644 --- a/flake.nix +++ b/flake.nix @@ -57,14 +57,14 @@ // eachDefaultSystem (system: let pkgs = nixpkgs.legacyPackages."${system}".extend self.overlays.default; in { - packages = { - default = pkgs.nixdeploy; - } // mapAttrs' (n: v: - nameValuePair - "tarball-${n}" - v.buildPlatform.${system}.config.system.build.tarball) (filterAttrs - (n: v: v.config.system.build ? tarball) - self.nixosConfigurations); + packages = + {default = pkgs.nixdeploy;} + // mapAttrs' (n: v: + nameValuePair + "tarball-${n}" + v.buildPlatform.${system}.config.system.build.tarball) (filterAttrs + (n: v: v.config.system.build ? tarball) + self.nixosConfigurations); legacyPackages = pkgs; devShells = filterPackages system (import ./devShells pkgs); formatter = pkgs.alejandra; diff --git a/nixos/machine/adm-mpd.nix b/nixos/machine/adm-mpd.nix index a35c944..ae2ea01 100644 --- a/nixos/machine/adm-mpd.nix +++ b/nixos/machine/adm-mpd.nix @@ -1,56 +1,54 @@ { config, lib, - pkgs, ... -}: -with lib; { - config = { - fileSystems = { - "/" = { - device = "/dev/mmcblk0p2"; - options = ["compress=lzo" "subvol=@nix"]; - }; - "/home" = { - device = "/dev/mmcblk0p2"; - options = ["compress=lzo" "subvol=@home"]; - }; - "/boot" = { - device = "/dev/mmcblk0p1"; - }; +}: let + inherit (lib) filterAttrs; +in { + fileSystems = { + "/" = { + device = "/dev/mmcblk0p2"; + options = ["compress=lzo" "subvol=@nix"]; }; - - networking.wireless = { - enable = true; - networks = filterAttrs (n: v: n == "Nela") config.secrets.wifiNetworks; - environmentFile = "/run/secrets/wifi.env"; - userControlled.enable = true; + "/home" = { + device = "/dev/mmcblk0p2"; + options = ["compress=lzo" "subvol=@home"]; }; - - #services.pipewire = { - #enable = true; - #alsa.enable = true; - #pulse.enable = true; - #}; - hardware.pulseaudio = { - enable = true; - systemWide = true; - zeroconf.publish.enable = true; + "/boot" = { + device = "/dev/mmcblk0p1"; }; + }; + + networking.wireless = { + enable = true; + networks = filterAttrs (n: _: n == "Nela") config.secrets.wifiNetworks; + environmentFile = "/run/secrets/wifi.env"; + userControlled.enable = true; + }; + + #services.pipewire = { + #enable = true; + #alsa.enable = true; + #pulse.enable = true; + #}; + hardware.pulseaudio = { + enable = true; + systemWide = true; + zeroconf.publish.enable = true; + }; - services.spotifyd = { - enable = true; - settings.global = { - device_name = "Adámkovi"; - device = "sysdefault"; - mixer = "Master"; - bitrate = 320; - cache_path = "/var/cahe/spotify"; - no_audio_cache = true; - volume_normalisation = true; - normalisation_pregain = -10; - initial_volume = 60; - }; + services.spotifyd = { + enable = true; + settings.global = { + device_name = "Adámkovi"; + device = "sysdefault"; + mixer = "Master"; + bitrate = 320; + cache_path = "/var/cahe/spotify"; + no_audio_cache = true; + volume_normalisation = true; + normalisation_pregain = -10; + initial_volume = 60; }; }; } diff --git a/nixos/machine/adm-omnia.nix b/nixos/machine/adm-omnia.nix index 088481f..08db3fd 100644 --- a/nixos/machine/adm-omnia.nix +++ b/nixos/machine/adm-omnia.nix @@ -1,88 +1,80 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; { - config = { - cynerd = { - router = { - enable = true; - wan = "pppoe-wan"; - lanIP = config.cynerd.hosts.adm.omnia; - }; - wifiAP.adm = { - enable = true; - ar9287.interface = "wlp3s0"; - qca988x.interface = "wlp2s0"; - }; - openvpn.oldpersonal = false; - monitoring.speedtest = true; +{config, ...}: { + cynerd = { + router = { + enable = true; + wan = "pppoe-wan"; + lanIP = config.cynerd.hosts.adm.omnia; }; + wifiAP.adm = { + enable = true; + ar9287.interface = "wlp3s0"; + qca988x.interface = "wlp2s0"; + }; + openvpn.oldpersonal = false; + monitoring.speedtest = true; + }; - networking.useDHCP = false; - systemd.network = { - networks = { - "end2" = { - matchConfig.Name = "end2"; - #networkConfig = { - # DHCP = "ipv6"; - # IPv6AcceptRA = "yes"; - # DHCPPrefixDelegation = "yes"; - #}; - #dhcpPrefixDelegationConfig = { - # UplinkInterface = ":self"; - # SubnetId = 0; - # Announce = "no"; - #}; - linkConfig.RequiredForOnline = "routable"; - }; - "lan-brlan" = { - matchConfig.Name = "lan[1-4]"; - networkConfig.Bridge = "brlan"; - bridgeVLANs = [ - { - bridgeVLANConfig = { - EgressUntagged = 1; - PVID = 1; - }; - } - {bridgeVLANConfig.VLAN = 2;} - ]; - }; - "lan0-guest" = { - matchConfig.Name = "lan0"; - networkConfig.Bridge = "brlan"; - bridgeVLANs = [ - { - bridgeVLANConfig = { - EgressUntagged = 2; - PVID = 2; - }; - } - ]; - }; + networking.useDHCP = false; + systemd.network = { + networks = { + "end2" = { + matchConfig.Name = "end2"; + #networkConfig = { + # DHCP = "ipv6"; + # IPv6AcceptRA = "yes"; + # DHCPPrefixDelegation = "yes"; + #}; + #dhcpPrefixDelegationConfig = { + # UplinkInterface = ":self"; + # SubnetId = 0; + # Announce = "no"; + #}; + linkConfig.RequiredForOnline = "routable"; + }; + "lan-brlan" = { + matchConfig.Name = "lan[1-4]"; + networkConfig.Bridge = "brlan"; + bridgeVLANs = [ + { + bridgeVLANConfig = { + EgressUntagged = 1; + PVID = 1; + }; + } + {bridgeVLANConfig.VLAN = 2;} + ]; + }; + "lan0-guest" = { + matchConfig.Name = "lan0"; + networkConfig.Bridge = "brlan"; + bridgeVLANs = [ + { + bridgeVLANConfig = { + EgressUntagged = 2; + PVID = 2; + }; + } + ]; }; }; + }; - services.pppd = { - enable = true; - peers."wan".config = '' - plugin pppoe.so end2 - ifname pppoe-wan - lcp-echo-interval 1 - lcp-echo-failure 5 - lcp-echo-adaptive - +ipv6 - defaultroute - defaultroute6 - usepeerdns - maxfail 1 - user O2 - password 02 - ''; - }; - systemd.services."pppd-wan".after = ["sys-subsystem-net-devices-end2.device"]; + services.pppd = { + enable = true; + peers."wan".config = '' + plugin pppoe.so end2 + ifname pppoe-wan + lcp-echo-interval 1 + lcp-echo-failure 5 + lcp-echo-adaptive + +ipv6 + defaultroute + defaultroute6 + usepeerdns + maxfail 1 + user O2 + password 02 + ''; }; + systemd.services."pppd-wan".after = ["sys-subsystem-net-devices-end2.device"]; } diff --git a/nixos/machine/adm-omnia2.nix b/nixos/machine/adm-omnia2.nix index 2573372..be245e2 100644 --- a/nixos/machine/adm-omnia2.nix +++ b/nixos/machine/adm-omnia2.nix @@ -1,47 +1,39 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; { - config = { - cynerd = { - switch = { - enable = true; - lanAddress = "${config.cynerd.hosts.adm.omnia2}/24"; - lanGateway = config.cynerd.hosts.adm.omnia; - }; - wifiAP.adm = { - enable = true; - ar9287.interface = "wlp2s0"; - qca988x.interface = "wlp1s0"; - }; +{config, ...}: { + cynerd = { + switch = { + enable = true; + lanAddress = "${config.cynerd.hosts.adm.omnia2}/24"; + lanGateway = config.cynerd.hosts.adm.omnia; }; - - services.btrfs.autoScrub = { + wifiAP.adm = { enable = true; - fileSystems = ["/"]; + ar9287.interface = "wlp2s0"; + qca988x.interface = "wlp1s0"; }; + }; - networking = { - useNetworkd = true; - useDHCP = false; - }; - systemd.network.networks = { - "lan-brlan" = { - matchConfig.Name = "lan* eth0"; - networkConfig.Bridge = "brlan"; - bridgeVLANs = [ - { - bridgeVLANConfig = { - EgressUntagged = 1; - PVID = 1; - }; - } - {bridgeVLANConfig.VLAN = 2;} - ]; - }; + services.btrfs.autoScrub = { + enable = true; + fileSystems = ["/"]; + }; + + networking = { + useNetworkd = true; + useDHCP = false; + }; + systemd.network.networks = { + "lan-brlan" = { + matchConfig.Name = "lan* eth0"; + networkConfig.Bridge = "brlan"; + bridgeVLANs = [ + { + bridgeVLANConfig = { + EgressUntagged = 1; + PVID = 1; + }; + } + {bridgeVLANConfig.VLAN = 2;} + ]; }; }; } diff --git a/nixos/machine/albert.nix b/nixos/machine/albert.nix index 85bc943..b9a2c8e 100644 --- a/nixos/machine/albert.nix +++ b/nixos/machine/albert.nix @@ -1,46 +1,39 @@ { - config, - lib, - pkgs, - ... -}: { - config = { - cynerd = { - desktop = { - enable = true; - laptop = true; - }; - wifiClient = true; - openvpn = { - oldpersonal = true; - }; + cynerd = { + desktop = { + enable = true; + laptop = true; }; + wifiClient = true; + openvpn = { + oldpersonal = true; + }; + }; - boot.initrd.availableKernelModules = ["xhci_pci" "usb_storage" "sd_mod"]; + boot.initrd.availableKernelModules = ["xhci_pci" "usb_storage" "sd_mod"]; - hardware.cpu.intel.updateMicrocode = true; + hardware.cpu.intel.updateMicrocode = true; - fileSystems = { - "/" = { - device = "/dev/disk/by-uuid/1c9bafac-fcf8-41c4-b394-bca5917ca82d"; - fsType = "btrfs"; - options = ["compress=lzo" "subvol=@nix"]; - }; - "/home" = { - device = "/dev/disk/by-uuid/1c9bafac-fcf8-41c4-b394-bca5917ca82d"; - fsType = "btrfs"; - options = ["compress=lzo" "subvol=@home"]; - }; - "/boot" = { - device = "/dev/disk/by-uuid/E403-124B"; - fsType = "vfat"; - }; + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/1c9bafac-fcf8-41c4-b394-bca5917ca82d"; + fsType = "btrfs"; + options = ["compress=lzo" "subvol=@nix"]; + }; + "/home" = { + device = "/dev/disk/by-uuid/1c9bafac-fcf8-41c4-b394-bca5917ca82d"; + fsType = "btrfs"; + options = ["compress=lzo" "subvol=@home"]; + }; + "/boot" = { + device = "/dev/disk/by-uuid/E403-124B"; + fsType = "vfat"; + }; - "/home2" = { - device = "/dev/disk/by-uuid/55e177a1-215e-475b-ba9c-771b5fa3f8f0"; - fsType = "btrfs"; - options = ["compress=lzo" "subvol=@home"]; - }; + "/home2" = { + device = "/dev/disk/by-uuid/55e177a1-215e-475b-ba9c-771b5fa3f8f0"; + fsType = "btrfs"; + options = ["compress=lzo" "subvol=@home"]; }; }; } diff --git a/nixos/machine/binky.nix b/nixos/machine/binky.nix index a210a4b..569fccb 100644 --- a/nixos/machine/binky.nix +++ b/nixos/machine/binky.nix @@ -1,72 +1,70 @@ -{ - config, - lib, - pkgs, - ... -}: let +{lib, ...}: let inherit (lib) mkDefault; in { - config = { - cynerd = { - desktop = { - enable = true; - laptop = true; - }; - wifiClient = true; - develop = true; - openvpn = { - oldpersonal = true; - elektroline = true; - }; - }; + deploy = { + enable = true; + default = false; + }; - boot = { - initrd.availableKernelModules = ["nvme" "xhci_pci" "usb_storage" "sd_mod"]; - kernelModules = ["kvm-amd"]; + cynerd = { + desktop = { + enable = true; + laptop = true; + }; + wifiClient = true; + develop = true; + openvpn = { + oldpersonal = true; + elektroline = true; }; + }; + + boot = { + initrd.availableKernelModules = ["nvme" "xhci_pci" "usb_storage" "sd_mod"]; + kernelModules = ["kvm-amd"]; + }; - hardware.cpu.amd.updateMicrocode = true; + hardware.cpu.amd.updateMicrocode = true; - boot.initrd.luks.devices = { - "encroot".device = "/dev/disk/by-uuid/b317feb5-d68d-4ec3-a24f-0307c116cac8"; + boot.initrd.luks.devices = { + "encroot".device = "/dev/disk/by-uuid/b317feb5-d68d-4ec3-a24f-0307c116cac8"; + }; + fileSystems = { + "/" = { + device = "/dev/mapper/encroot"; + fsType = "btrfs"; + options = ["compress=lzo" "subvol=@"]; }; - fileSystems = { - "/" = { - device = "/dev/mapper/encroot"; - fsType = "btrfs"; - options = ["compress=lzo" "subvol=@"]; - }; - "/nix" = { - device = "/dev/mapper/encroot"; - fsType = "btrfs"; - options = ["compress=lzo" "subvol=@nix"]; - }; - "/home" = { - device = "/dev/mapper/encroot"; - fsType = "btrfs"; - options = ["compress=lzo" "subvol=@home"]; - }; - "/boot" = { - device = "/dev/disk/by-uuid/8F7D-A154"; - fsType = "vfat"; - }; + "/nix" = { + device = "/dev/mapper/encroot"; + fsType = "btrfs"; + options = ["compress=lzo" "subvol=@nix"]; }; - services.btrfs.autoScrub = { - enable = true; - fileSystems = ["/"]; + "/home" = { + device = "/dev/mapper/encroot"; + fsType = "btrfs"; + options = ["compress=lzo" "subvol=@home"]; }; + "/boot" = { + device = "/dev/disk/by-uuid/8F7D-A154"; + fsType = "vfat"; + }; + }; + services.btrfs.autoScrub = { + enable = true; + fileSystems = ["/"]; + }; - services.syncthing = { - enable = true; - user = mkDefault "cynerd"; - group = mkDefault "cynerd"; - openDefaultPorts = true; + services.syncthing = { + enable = true; + user = mkDefault "cynerd"; + group = mkDefault "cynerd"; + openDefaultPorts = true; - overrideDevices = false; - overrideFolders = false; + overrideDevices = false; + overrideFolders = false; - dataDir = "/home/cynerd"; - configDir = "/home/cynerd/.config/syncthing"; - }; + dataDir = "/home/cynerd"; + configDir = "/home/cynerd/.config/syncthing"; }; } diff --git a/nixos/machine/dean.nix b/nixos/machine/dean.nix index 906881f..0a97e33 100644 --- a/nixos/machine/dean.nix +++ b/nixos/machine/dean.nix @@ -1,46 +1,38 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; { - config = { - cynerd = { - openvpn = { - oldpersonal = true; - }; - monitoring.speedtest = true; +{pkgs, ...}: { + cynerd = { + openvpn = { + oldpersonal = true; }; + monitoring.speedtest = true; + }; - networking = { - bridges = { - brlan = { - interfaces = [ - "eth0" - "lan1" - "lan2" - "lan3" - "lan4" - ]; - }; + networking = { + bridges = { + brlan = { + interfaces = [ + "eth0" + "lan1" + "lan2" + "lan3" + "lan4" + ]; }; - dhcpcd.allowInterfaces = ["brlan"]; }; + dhcpcd.allowInterfaces = ["brlan"]; + }; - swapDevices = [ - { - device = "/var/swap"; - priority = 1; - } - ]; + swapDevices = [ + { + device = "/var/swap"; + priority = 1; + } + ]; - environment.systemPackages = with pkgs; [ - #openocd - tio - ]; + environment.systemPackages = with pkgs; [ + #openocd + tio + ]; - # TODO: ubootTools build is broken! - firmware.environment.enable = false; - }; + # TODO: ubootTools build is broken! + firmware.environment.enable = false; } diff --git a/nixos/machine/errol.nix b/nixos/machine/errol.nix index 8491f92..6f48a17 100644 --- a/nixos/machine/errol.nix +++ b/nixos/machine/errol.nix @@ -6,126 +6,136 @@ }: let inherit (lib) mkDefault; in { - config = { - deploy.enable = true; + deploy.enable = true; - cynerd = { - desktop.enable = true; - develop = true; - gaming = true; - openvpn = { - elektroline = true; - }; + cynerd = { + desktop.enable = true; + develop = true; + gaming = true; + openvpn = { + elektroline = true; }; + }; - boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "usb_storage"]; - boot.kernelModules = ["kvm-amd"]; + boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "usb_storage"]; + boot.kernelModules = ["kvm-amd"]; - hardware.cpu.amd.updateMicrocode = true; - services.hardware.openrgb.motherboard = "amd"; + hardware.cpu.amd.updateMicrocode = true; + services.hardware.openrgb.motherboard = "amd"; - cynerd.autounlock = { - "encroot" = "/dev/disk/by-uuid/7c412ae6-6016-45af-8c2a-8fcc394dbbe6"; - "enchdd1" = "/dev/disk/by-uuid/87f16080-5ff6-43dd-89f3-307455a46fbe"; - "enchdd2" = "/dev/disk/by-uuid/be4a33fa-8bc6-431d-a3ac-787668f223ed"; + cynerd.autounlock = { + "encroot" = "/dev/disk/by-uuid/7c412ae6-6016-45af-8c2a-8fcc394dbbe6"; + "enchdd1" = "/dev/disk/by-uuid/87f16080-5ff6-43dd-89f3-307455a46fbe"; + "enchdd2" = "/dev/disk/by-uuid/be4a33fa-8bc6-431d-a3ac-787668f223ed"; + }; + fileSystems = { + "/" = { + device = "/dev/mapper/encroot"; + fsType = "btrfs"; + options = ["compress=lzo" "subvol=@nix"]; }; - fileSystems = { - "/" = { - device = "/dev/mapper/encroot"; - fsType = "btrfs"; - options = ["compress=lzo" "subvol=@nix"]; - }; - "/home" = { - device = "/dev/mapper/encroot"; - fsType = "btrfs"; - options = ["compress=lzo" "subvol=@home"]; - }; - "/boot" = { - device = "/dev/disk/by-uuid/49D9-3A0D"; - fsType = "vfat"; - }; - - "/home2" = { - device = "/dev/mapper/enchdd1"; - fsType = "btrfs"; - options = ["compress=lzo" "subvol=@home"]; - }; + "/home" = { + device = "/dev/mapper/encroot"; + fsType = "btrfs"; + options = ["compress=lzo" "subvol=@home"]; + }; + "/boot" = { + device = "/dev/disk/by-uuid/49D9-3A0D"; + fsType = "vfat"; }; - services.btrfs.autoScrub = { - enable = true; - fileSystems = ["/" "/home2"]; + + "/home2" = { + device = "/dev/mapper/enchdd1"; + fsType = "btrfs"; + options = ["compress=lzo" "subvol=@home"]; }; + }; + services.btrfs.autoScrub = { + enable = true; + fileSystems = ["/" "/home2"]; + }; + #services.beesd.filesystems = { + # root = { + # spec = "/"; + # hashTableSizeMB = 4096; # 4KB blocks for 1TB drive + # extraOptions = ["--workaround-btrfs-send"]; + # }; + # hdd = { + # spec = "/home2"; + # hashTableSizeMB = 8192; # 4KB blocks for 2TB drive + # extraOptions = ["--workaround-btrfs-send"]; + # }; + #}; - services.syncthing = { - enable = true; - user = mkDefault "cynerd"; - group = mkDefault "cynerd"; - openDefaultPorts = true; + services.syncthing = { + enable = true; + user = mkDefault "cynerd"; + group = mkDefault "cynerd"; + openDefaultPorts = true; - overrideDevices = false; - overrideFolders = false; + overrideDevices = false; + overrideFolders = false; - dataDir = "/home/cynerd"; - configDir = "/home/cynerd/.config/syncthing"; - }; + dataDir = "/home/cynerd"; + configDir = "/home/cynerd/.config/syncthing"; + }; - nixpkgs.config.permittedInsecurePackages = ["openssl-1.1.1w"]; # TODO - services.home-assistant = { - enable = true; - openFirewall = true; - configDir = "/var/lib/hass"; - config = { - homeassistant = { - name = "SPT"; - latitude = "!secret latitude"; - longitude = "!secret longitude"; - elevation = "!secret elevation"; - time_zone = "Europe/Prague"; - country = "CZ"; - }; - http.server_port = 8808; - mqtt = { - sensor = import ../modules/home-assistant/sensors.nix; - light = import ../modules/home-assistant/light.nix; - }; - default_config = {}; - automation = "!include automations.yaml"; + nixpkgs.config.permittedInsecurePackages = ["openssl-1.1.1w"]; # TODO + services.home-assistant = { + enable = true; + openFirewall = true; + configDir = "/var/lib/hass"; + config = { + homeassistant = { + name = "SPT"; + latitude = "!secret latitude"; + longitude = "!secret longitude"; + elevation = "!secret elevation"; + time_zone = "Europe/Prague"; + country = "CZ"; }; - extraComponents = ["met"]; - package = pkgs.home-assistant.override { - extraPackages = pkgs: - with pkgs; [ - securetar - pyipp - ]; + http.server_port = 8808; + mqtt = { + sensor = import ../modules/home-assistant/sensors.nix; + light = import ../modules/home-assistant/light.nix; }; + default_config = {}; + automation = "!include automations.yaml"; }; + extraComponents = ["met"]; + package = pkgs.home-assistant.override { + extraPackages = pkgs: + with pkgs; [ + securetar + pyipp + ]; + }; + }; - services.zigbee2mqtt = { - enable = true; - settings = { - serial.port = "/dev/serial/by-id/usb-ITEAD_SONOFF_Zigbee_3.0_USB_Dongle_Plus_V2_20220812153849-if00"; - mqtt = { - server = "mqtt://${config.cynerd.hosts.spt.mox}:1883"; - user = "zigbee2mqtt"; - password = "!secret.yaml mqtt_password"; - }; - advanced = { - network_key = "!secret.yaml network_key"; - homeassistant_legacy_entity_attributes = false; - legacy_api = false; - legacy_availability_payload = false; - last_seen = "epoch"; - }; - frontend = true; - availability = true; - homeassistant = { - legacy_triggers = false; - }; - device_options.legacy = false; - permit_join = false; - devices = config.secrets.zigbee2mqttDevices; + services.zigbee2mqtt = { + enable = true; + settings = { + serial.port = "/dev/serial/by-id/usb-ITEAD_SONOFF_Zigbee_3.0_USB_Dongle_Plus_V2_20220812153849-if00"; + mqtt = { + server = "mqtt://${config.cynerd.hosts.spt.mox}:1883"; + user = "zigbee2mqtt"; + password = "!secret.yaml mqtt_password"; + }; + advanced = { + network_key = "!secret.yaml network_key"; + homeassistant_legacy_entity_attributes = false; + legacy_api = false; + legacy_availability_payload = false; + last_seen = "epoch"; + }; + frontend = true; + availability = true; + homeassistant = { + legacy_triggers = false; }; + device_options.legacy = false; + permit_join = false; + devices = config.secrets.zigbee2mqttDevices; }; }; } diff --git a/nixos/machine/gaspode.nix b/nixos/machine/gaspode.nix index cbd08bb..5e57456 100644 --- a/nixos/machine/gaspode.nix +++ b/nixos/machine/gaspode.nix @@ -1,23 +1,15 @@ { - config, - lib, - pkgs, - ... -}: -with lib; { - config = { - fileSystems = { - "/" = { - device = "/dev/mmcblk0p2"; - options = ["compress=lzo" "subvol=@nix"]; - }; - "/home" = { - device = "/dev/mmcblk0p2"; - options = ["compress=lzo" "subvol=@home"]; - }; - "/boot" = { - device = "/dev/mmcblk0p1"; - }; + fileSystems = { + "/" = { + device = "/dev/mmcblk0p2"; + options = ["compress=lzo" "subvol=@nix"]; + }; + "/home" = { + device = "/dev/mmcblk0p2"; + options = ["compress=lzo" "subvol=@home"]; + }; + "/boot" = { + device = "/dev/mmcblk0p1"; }; }; } diff --git a/nixos/machine/lipwig.nix b/nixos/machine/lipwig.nix index 7b4b7f6..ac868f5 100644 --- a/nixos/machine/lipwig.nix +++ b/nixos/machine/lipwig.nix @@ -1,228 +1,228 @@ { config, - lib, pkgs, ... }: { - config = { - deploy = { - enable = true; - ssh.host = "cynerd.cz"; - }; + deploy = { + enable = true; + ssh.host = "cynerd.cz"; + }; - cynerd = { - syncthing = { - enable = false; - baseDir = "/nas"; - }; - openvpn.oldpersonal = true; + cynerd = { + syncthing = { + enable = false; + baseDir = "/nas"; }; + openvpn.oldpersonal = true; + }; - fileSystems."/nas" = { - device = "172.16.128.63:/nas/2682"; - fsType = "nfs"; - }; + fileSystems."/nas" = { + device = "172.16.128.63:/nas/2682"; + fsType = "nfs"; + }; - networking.firewall = { - allowedTCPPorts = [80 443]; - allowedUDPPorts = [1194]; - }; + networking.firewall = { + allowedTCPPorts = [80 443]; + allowedUDPPorts = [1194]; + }; - # Web ###################################################################### - services.nginx = { - enable = true; - virtualHosts = { - "cynerd.cz" = { - forceSSL = true; - enableACME = true; - locations = { - "/".root = ../../web; - "/radicale/" = { - proxyPass = "http://127.0.0.1:5232/"; - extraConfig = '' - proxy_set_header X-Script-Name /radicale; - proxy_pass_header Authorization; - ''; - }; + # Web ###################################################################### + services.nginx = { + enable = true; + virtualHosts = { + "cynerd.cz" = { + forceSSL = true; + enableACME = true; + locations = { + "/".root = ../../web; + "/radicale/" = { + proxyPass = "http://127.0.0.1:5232/"; + extraConfig = '' + proxy_set_header X-Script-Name /radicale; + proxy_pass_header Authorization; + ''; }; }; - "git.cynerd.cz" = { - forceSSL = true; - useACMEHost = "cynerd.cz"; - root = "${pkgs.cgit}/cgit"; - locations."/".tryFiles = "$uri @cgit"; - locations."@cgit".extraConfig = '' - fastcgi_param SCRIPT_FILENAME ${pkgs.cgit}/cgit/cgit.cgi; - fastcgi_pass unix:${config.services.fcgiwrap.socketAddress}; - fastcgi_param PATH_INFO $uri; - fastcgi_param QUERY_STRING $args; - fastcgi_param HTTP_HOST $server_name; - ''; - }; - "cloud.cynerd.cz" = { - forceSSL = true; - useACMEHost = "cynerd.cz"; - }; - "grafana.cynerd.cz" = { - forceSSL = true; - useACMEHost = "cynerd.cz"; - locations."/" = { - proxyPass = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}/"; - extraConfig = "proxy_set_header Host $host;"; - proxyWebsockets = true; - }; + }; + "git.cynerd.cz" = { + forceSSL = true; + useACMEHost = "cynerd.cz"; + root = "${pkgs.cgit}/cgit"; + locations."/".tryFiles = "$uri @cgit"; + locations."@cgit".extraConfig = '' + fastcgi_param SCRIPT_FILENAME ${pkgs.cgit}/cgit/cgit.cgi; + fastcgi_pass unix:${config.services.fcgiwrap.socketAddress}; + fastcgi_param PATH_INFO $uri; + fastcgi_param QUERY_STRING $args; + fastcgi_param HTTP_HOST $server_name; + ''; + }; + "cloud.cynerd.cz" = { + forceSSL = true; + useACMEHost = "cynerd.cz"; + }; + "grafana.cynerd.cz" = { + forceSSL = true; + useACMEHost = "cynerd.cz"; + locations."/" = { + proxyPass = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}/"; + extraConfig = "proxy_set_header Host $host;"; + proxyWebsockets = true; }; }; }; - services.fcgiwrap = { - enable = true; - inherit (config.services.nginx) group; - }; - security.acme = { - acceptTerms = true; - defaults.email = "cynerd+acme@email.cz"; - certs."cynerd.cz".extraDomainNames = [ - "git.cynerd.cz" - "cloud.cynerd.cz" - "grafana.cynerd.cz" - ]; - }; + }; + services.fcgiwrap = { + enable = true; + inherit (config.services.nginx) group; + }; + security.acme = { + acceptTerms = true; + defaults.email = "cynerd+acme@email.cz"; + certs."cynerd.cz".extraDomainNames = [ + "git.cynerd.cz" + "cloud.cynerd.cz" + "grafana.cynerd.cz" + ]; + }; - # Git ###################################################################### - services.gitolite = { - enable = true; - user = "git"; - group = "git"; - dataDir = "/var/lib/git"; - adminPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIaMmBV0wPvG5JQIWxi20IDlLokhRBumTEbUUD9TNWoY Bootstrap gitolite key"; - }; - services.gitDaemon = { - enable = false; - user = "gitdemon"; - group = "gitdaemon"; - basePath = "/var/lib/git/repositories"; - }; - environment.etc."cgitrc".text = '' - root-title=Cynerd's git repository - root-desc=All my projects (at least those released to public) - #logo=cynerd.cz/wolf.svg - virtual-root=/ + # Git ###################################################################### + services.gitolite = { + enable = true; + user = "git"; + group = "git"; + dataDir = "/var/lib/git"; + adminPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIaMmBV0wPvG5JQIWxi20IDlLokhRBumTEbUUD9TNWoY Bootstrap gitolite key"; + }; + services.gitDaemon = { + enable = false; + user = "gitdemon"; + group = "gitdaemon"; + basePath = "/var/lib/git/repositories"; + }; + environment.etc."cgitrc".text = '' + root-title=Cynerd's git repository + root-desc=All my projects (at least those released to public) + #logo=cynerd.cz/wolf.svg + virtual-root=/ - # Allow download of tar.gz, tar.bz2 and zip-files - snapshots=tar.gz tar.bz2 zip - ## List of common mimetypes - mimetype.gif=image/gif - mimetype.html=text/html - mimetype.jpg=image/jpeg - mimetype.jpeg=image/jpeg - mimetype.pdf=application/pdf - mimetype.png=image/png - mimetype.svg=image/svg+xml + # Allow download of tar.gz, tar.bz2 and zip-files + snapshots=tar.gz tar.bz2 zip + ## List of common mimetypes + mimetype.gif=image/gif + mimetype.html=text/html + mimetype.jpg=image/jpeg + mimetype.jpeg=image/jpeg + mimetype.pdf=application/pdf + mimetype.png=image/png + mimetype.svg=image/svg+xml - source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py - about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh + source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py + about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh - readme=:README.md - readme=:README.adoc + readme=:README.md + readme=:README.adoc - enable-index-owner=0 - enable-index-links=1 - enable-http-clone=1 - clone-url=https://git.cynerd.cz/$CGIT_REPO_URL git://cynerd.cz/$CGIT_REPO_URL.git git@cynerd.cz:$CGIT_REPO_URL - enable-commit-graph=1 - branch-sort=age + enable-index-owner=0 + enable-index-links=1 + enable-http-clone=1 + clone-url=https://git.cynerd.cz/$CGIT_REPO_URL git://cynerd.cz/$CGIT_REPO_URL.git git@cynerd.cz:$CGIT_REPO_URL + enable-commit-graph=1 + branch-sort=age - remove-suffix=1 - enable-git-config=1 - project-list=/var/lib/git/projects.list - scan-path=/var/lib/git/repositories/ - ''; + remove-suffix=1 + enable-git-config=1 + project-list=/var/lib/git/projects.list + scan-path=/var/lib/git/repositories/ + ''; - # Nextcloud ################################################################ - services.nextcloud = { - enable = true; - package = pkgs.nextcloud28; - https = true; - hostName = "cloud.cynerd.cz"; - datadir = "/nas/nextcloud"; - config = { - adminuser = "cynerd"; - adminpassFile = "/run/secrets/nextcloud.admin.pass"; - dbtype = "pgsql"; - dbhost = "/run/postgresql"; - dbtableprefix = "oc_"; - }; - settings = { - #log_type = "systemd"; - default_phone_region = "CZ"; + # Nextcloud ################################################################ + services.nextcloud = { + enable = true; + package = pkgs.nextcloud28; + https = true; + hostName = "cloud.cynerd.cz"; + datadir = "/nas/nextcloud"; + config = { + adminuser = "cynerd"; + adminpassFile = "/run/secrets/nextcloud.admin.pass"; + dbtype = "pgsql"; + dbhost = "/run/postgresql"; + dbtableprefix = "oc_"; + }; + settings = { + #log_type = "systemd"; + default_phone_region = "CZ"; + }; + phpExtraExtensions = php: [php.pgsql php.pdo_pgsql]; + phpOptions = { + "opcache.interned_strings_buffer" = "16"; + }; + maxUploadSize = "1G"; + appstoreEnable = false; + extraApps = { + inherit + (config.services.nextcloud.package.packages.apps) + bookmarks + calendar + contacts + cookbook + deck + forms + groupfolders + impersonate + maps + memories + notes + phonetrack + previewgenerator + spreed + tasks + twofactor_nextcloud_notification + twofactor_webauthn + ; + # Additional modules can be fetched with: + # NEXTCLOUD_VERSIONS=28 nix run nixpkgs#nc4nix -- -apps "passwords,integration_homeassistant,integration_github,integration_gitlab" + passwords = pkgs.fetchNextcloudApp { + url = "https://git.mdns.eu/api/v4/projects/45/packages/generic/passwords/2024.2.0/passwords.tar.gz"; + sha256 = "0s5z6pxkcwmhlbzy9s2g0s05n1iqjmxr2jqxz7ayklin9kcgr3h7"; + license = "agpl3"; }; - phpExtraExtensions = php: [php.pgsql php.pdo_pgsql]; - phpOptions = { - "opcache.interned_strings_buffer" = "16"; + integration_github = pkgs.fetchNextcloudApp { + url = "https://github.com/nextcloud-releases/integration_github/releases/download/v2.0.6/integration_github-v2.0.6.tar.gz"; + sha256 = "0rjdlsalayb21nmh3j5bl42dcbavxka2r5g9csagz7vc9dl0qrw6"; + license = "agpl3"; }; - maxUploadSize = "1G"; - appstoreEnable = false; - extraApps = { - inherit - (config.services.nextcloud.package.packages.apps) - bookmarks - calendar - contacts - cookbook - deck - groupfolders - maps - memories - notes - phonetrack - previewgenerator - tasks - twofactor_nextcloud_notification - twofactor_webauthn - ; - # Additional modules can be fetched with: - # NEXTCLOUD_VERSIONS=28 nix run nixpkgs#nc4nix -- -apps "passwords,integration_homeassistant,integration_github,integration_gitlab" - passwords = pkgs.fetchNextcloudApp { - url = "https://git.mdns.eu/api/v4/projects/45/packages/generic/passwords/2023.12.2/passwords.tar.gz"; - sha256 = "17qkkkmc3gai6pryl3lb4y074pzbjk26swnpgvy6qfvkp64n8bw1"; - license = "agpl3"; - }; - integration_github = pkgs.fetchNextcloudApp { - url = "https://github.com/nextcloud-releases/integration_github/releases/download/v2.0.6/integration_github-v2.0.6.tar.gz"; - sha256 = "0rjdlsalayb21nmh3j5bl42dcbavxka2r5g9csagz7vc9dl0qrw6"; - license = "agpl3"; - }; - integration_gitlab = pkgs.fetchNextcloudApp { - url = "https://github.com/nextcloud-releases/integration_gitlab/releases/download/v1.0.18/integration_gitlab-v1.0.18.tar.gz"; - sha256 = "13vlbr7sigqrh480a9zp7zl9nbzb4pk8m1zzlqv9lkzj3zywp7mi"; - license = "agpl3"; - }; + integration_gitlab = pkgs.fetchNextcloudApp { + url = "https://github.com/nextcloud-releases/integration_gitlab/releases/download/v1.0.18/integration_gitlab-v1.0.18.tar.gz"; + sha256 = "13vlbr7sigqrh480a9zp7zl9nbzb4pk8m1zzlqv9lkzj3zywp7mi"; + license = "agpl3"; }; }; - environment.systemPackages = with pkgs; [exiftool ffmpeg-headless nodejs]; + }; + environment.systemPackages = with pkgs; [exiftool ffmpeg-headless nodejs]; - # Postgresql ############################################################### - services.postgresql = { - enable = true; - ensureUsers = [ - { - name = "nextcloud"; - ensureDBOwnership = true; - } - ]; - ensureDatabases = ["nextcloud"]; - }; + # Postgresql ############################################################### + services.postgresql = { + enable = true; + ensureUsers = [ + { + name = "nextcloud"; + ensureDBOwnership = true; + } + ]; + ensureDatabases = ["nextcloud"]; + }; - # Old Syncthing ############################################################ - services.syncthing = { - enable = true; - openDefaultPorts = true; + # Old Syncthing ############################################################ + services.syncthing = { + enable = true; + openDefaultPorts = true; - overrideDevices = false; - overrideFolders = false; + overrideDevices = false; + overrideFolders = false; - dataDir = "/nas/sync"; - configDir = "/nas/sync/.syncthing"; - }; + dataDir = "/nas/sync"; + configDir = "/nas/sync/.syncthing"; }; } diff --git a/nixos/machine/ridcully.nix b/nixos/machine/ridcully.nix index d16cdb2..f4af643 100644 --- a/nixos/machine/ridcully.nix +++ b/nixos/machine/ridcully.nix @@ -1,79 +1,72 @@ -{ - config, - lib, - pkgs, - ... -}: let +{lib, ...}: let inherit (lib) mkDefault; in { - config = { - deploy.enable = true; + deploy.enable = true; - cynerd = { - desktop.enable = true; - develop = true; - gaming = true; - openvpn = { - elektroline = true; - }; + cynerd = { + desktop.enable = true; + develop = true; + gaming = true; + openvpn = { + elektroline = true; }; + }; - boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "usb_storage"]; - boot.kernelModules = ["kvm-amd"]; + boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "usb_storage"]; + boot.kernelModules = ["kvm-amd"]; - hardware.cpu.amd.updateMicrocode = true; - services.hardware.openrgb.motherboard = "amd"; + hardware.cpu.amd.updateMicrocode = true; + services.hardware.openrgb.motherboard = "amd"; - cynerd.autounlock = { - "encroot" = "/dev/disk/by-uuid/bc7d2ba4-6e04-4c49-b40c-3aecd1a86c71"; - "enchdd" = "/dev/disk/by-uuid/7fee3cda-efa0-47cd-8832-fdead9a7e6db"; + cynerd.autounlock = { + "encroot" = "/dev/disk/by-uuid/bc7d2ba4-6e04-4c49-b40c-3aecd1a86c71"; + "enchdd" = "/dev/disk/by-uuid/7fee3cda-efa0-47cd-8832-fdead9a7e6db"; + }; + fileSystems = { + "/" = { + device = "/dev/mapper/encroot"; + fsType = "btrfs"; + options = ["compress=lzo" "subvol=@nix"]; }; - fileSystems = { - "/" = { - device = "/dev/mapper/encroot"; - fsType = "btrfs"; - options = ["compress=lzo" "subvol=@nix"]; - }; - "/home" = { - device = "/dev/mapper/encroot"; - fsType = "btrfs"; - options = ["compress=lzo" "subvol=@home"]; - }; - "/boot" = { - device = "/dev/disk/by-uuid/6DAD-3819"; - fsType = "vfat"; - }; - - "/home2" = { - device = "/dev/mapper/enchdd"; - fsType = "btrfs"; - options = ["compress=lzo" "subvol=@home"]; - }; + "/home" = { + device = "/dev/mapper/encroot"; + fsType = "btrfs"; + options = ["compress=lzo" "subvol=@home"]; }; - services.btrfs.autoScrub = { - enable = true; - fileSystems = ["/" "/home2"]; + "/boot" = { + device = "/dev/disk/by-uuid/6DAD-3819"; + fsType = "vfat"; }; - #networking.vlans."enp6s0.adm" = { - #id = 2; - #interface = "enp6s0"; - #}; + "/home2" = { + device = "/dev/mapper/enchdd"; + fsType = "btrfs"; + options = ["compress=lzo" "subvol=@home"]; + }; + }; + services.btrfs.autoScrub = { + enable = true; + fileSystems = ["/" "/home2"]; + }; - services.syncthing = { - enable = true; - user = mkDefault "cynerd"; - group = mkDefault "cynerd"; - openDefaultPorts = true; + #networking.vlans."enp6s0.adm" = { + #id = 2; + #interface = "enp6s0"; + #}; - overrideDevices = false; - overrideFolders = false; + services.syncthing = { + enable = true; + user = mkDefault "cynerd"; + group = mkDefault "cynerd"; + openDefaultPorts = true; - dataDir = "/home/cynerd"; - configDir = "/home/cynerd/.config/syncthing"; - }; + overrideDevices = false; + overrideFolders = false; - # Force nix to use less jobs - nix.settings.max-jobs = 8; + dataDir = "/home/cynerd"; + configDir = "/home/cynerd/.config/syncthing"; }; + + # Force nix to use less jobs + nix.settings.max-jobs = 8; } diff --git a/nixos/machine/spt-mox.nix b/nixos/machine/spt-mox.nix index 2371b5e..edeae8a 100644 --- a/nixos/machine/spt-mox.nix +++ b/nixos/machine/spt-mox.nix @@ -1,57 +1,52 @@ -{ - config, - lib, - pkgs, - ... -}: -with builtins; -with lib; { - config = { - deploy = { +{config, ...}: { + deploy = { + enable = true; + ssh.host = "mox.spt"; + }; + + cynerd = { + home-assistant = true; + switch = { enable = true; - ssh.host = "mox.spt"; + lanAddress = "${config.cynerd.hosts.spt.mox}/24"; + lanGateway = config.cynerd.hosts.spt.omnia; }; - - cynerd = { - home-assistant = true; - switch = { - enable = true; - lanAddress = "${config.cynerd.hosts.spt.mox}/24"; - lanGateway = config.cynerd.hosts.spt.omnia; - }; - wifiAP.spt = { - enable = true; - qca988x = { - interface = "wls1"; - bssids = ["04:f0:21:24:24:d2" "08:f0:21:24:24:d2"]; - channel = 7; - }; + wifiAP.spt = { + enable = true; + qca988x = { + interface = "wls1"; + bssids = ["04:f0:21:24:24:d2" "08:f0:21:24:24:d2"]; + channel = 7; }; }; + }; - services.btrfs.autoScrub = { - enable = true; - fileSystems = ["/"]; - }; + services.journald.extraConfig = '' + SystemMaxUse=512M + ''; - networking = { - useNetworkd = true; - useDHCP = false; - }; - systemd.network.networks = { - "lan-brlan" = { - matchConfig.Name = "lan* end0"; - networkConfig.Bridge = "brlan"; - bridgeVLANs = [ - { - bridgeVLANConfig = { - EgressUntagged = 1; - PVID = 1; - }; - } - {bridgeVLANConfig.VLAN = 2;} - ]; - }; + services.btrfs.autoScrub = { + enable = true; + fileSystems = ["/"]; + }; + + networking = { + useNetworkd = true; + useDHCP = false; + }; + systemd.network.networks = { + "lan-brlan" = { + matchConfig.Name = "lan* end0"; + networkConfig.Bridge = "brlan"; + bridgeVLANs = [ + { + bridgeVLANConfig = { + EgressUntagged = 1; + PVID = 1; + }; + } + {bridgeVLANConfig.VLAN = 2;} + ]; }; }; } diff --git a/nixos/machine/spt-mox2.nix b/nixos/machine/spt-mox2.nix index 73aba50..45035d4 100644 --- a/nixos/machine/spt-mox2.nix +++ b/nixos/machine/spt-mox2.nix @@ -1,55 +1,51 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; { - config = { - deploy = { +{config, ...}: { + deploy = { + enable = true; + ssh.host = "mox2.spt"; + }; + + cynerd = { + switch = { enable = true; - ssh.host = "mox2.spt"; + lanAddress = "${config.cynerd.hosts.spt.mox2}/24"; + lanGateway = config.cynerd.hosts.spt.omnia; }; - - cynerd = { - switch = { - enable = true; - lanAddress = "${config.cynerd.hosts.spt.mox2}/24"; - lanGateway = config.cynerd.hosts.spt.omnia; - }; - wifiAP.spt = { - enable = true; - qca988x = { - interface = "wls1"; - bssids = ["04:f0:21:45:d3:47" "08:f0:21:45:d3:47"]; - channel = 1; - }; + wifiAP.spt = { + enable = true; + qca988x = { + interface = "wls1"; + bssids = ["04:f0:21:45:d3:47" "08:f0:21:45:d3:47"]; + channel = 1; }; }; + }; - services.btrfs.autoScrub = { - enable = true; - fileSystems = ["/"]; - }; + services.journald.extraConfig = '' + SystemMaxUse=512M + ''; - networking = { - useNetworkd = true; - useDHCP = false; - }; - systemd.network.networks = { - "lan-brlan" = { - matchConfig.Name = "end0"; - networkConfig.Bridge = "brlan"; - bridgeVLANs = [ - { - bridgeVLANConfig = { - EgressUntagged = 1; - PVID = 1; - }; - } - {bridgeVLANConfig.VLAN = 2;} - ]; - }; + services.btrfs.autoScrub = { + enable = true; + fileSystems = ["/"]; + }; + + networking = { + useNetworkd = true; + useDHCP = false; + }; + systemd.network.networks = { + "lan-brlan" = { + matchConfig.Name = "end0"; + networkConfig.Bridge = "brlan"; + bridgeVLANs = [ + { + bridgeVLANConfig = { + EgressUntagged = 1; + PVID = 1; + }; + } + {bridgeVLANConfig.VLAN = 2;} + ]; }; }; } diff --git a/nixos/machine/spt-mpd.nix b/nixos/machine/spt-mpd.nix index ab960b5..28f5f99 100644 --- a/nixos/machine/spt-mpd.nix +++ b/nixos/machine/spt-mpd.nix @@ -1,17 +1,9 @@ { - config, - lib, - pkgs, - ... -}: -with lib; { - config = { - fileSystems = { - "/" = { - device = "/dev/mmcblk0p1"; - fsType = "btrfs"; - options = ["compress=lzo"]; - }; + fileSystems = { + "/" = { + device = "/dev/mmcblk0p1"; + fsType = "btrfs"; + options = ["compress=lzo"]; }; }; } diff --git a/nixos/machine/spt-omnia.nix b/nixos/machine/spt-omnia.nix index c897abc..ea5b4e1 100644 --- a/nixos/machine/spt-omnia.nix +++ b/nixos/machine/spt-omnia.nix @@ -1,189 +1,193 @@ { config, - lib, pkgs, ... }: let hosts = config.cynerd.hosts.spt; in { - config = { - deploy = { + deploy = { + enable = true; + ssh.host = "omnia.spt"; + }; + + cynerd = { + router = { enable = true; - ssh.host = "omnia.spt"; + wan = "pppoe-wan"; + lanIP = hosts.omnia; + staticLeases = { + "a8:a1:59:10:32:c4" = hosts.errol; + "7c:b0:c2:bb:9c:ca" = hosts.albert; + "4c:d5:77:0d:85:d9" = hosts.binky; + "b8:27:eb:57:a2:31" = hosts.mpd; + "74:bf:c0:42:82:19" = hosts.printer; + }; }; - - cynerd = { - router = { - enable = true; - wan = "pppoe-wan"; - lanIP = hosts.omnia; - staticLeases = { - "a8:a1:59:10:32:c4" = hosts.errol; - "7c:b0:c2:bb:9c:ca" = hosts.albert; - "4c:d5:77:0d:85:d9" = hosts.binky; - "b8:27:eb:57:a2:31" = hosts.mpd; - "74:bf:c0:42:82:19" = hosts.printer; - }; + wifiAP.spt = { + enable = true; + ar9287 = { + interface = "wlp1s0"; + bssids = ["04:f0:21:24:21:93" "08:f0:21:24:21:93"]; + channel = 11; }; - wifiAP.spt = { - enable = true; - ar9287 = { - interface = "wlp1s0"; - bssids = ["04:f0:21:24:21:93" "08:f0:21:24:21:93"]; - channel = 11; - }; - qca988x = { - interface = "wlp3s0"; - bssids = ["04:f0:21:23:16:64" "08:f0:21:23:16:64"]; - channel = 36; - }; + qca988x = { + interface = "wlp3s0"; + bssids = ["04:f0:21:23:16:64" "08:f0:21:23:16:64"]; + channel = 36; }; - openvpn.oldpersonal = true; - monitoring.speedtest = true; }; + openvpn.oldpersonal = true; + monitoring.speedtest = true; + }; - environment = { - etc.crypttab.text = '' - nas UUID=3472bef9-cbae-48bd-873e-fd4858a0b72f /run/secrets/luks-spt-omnia-nas.key luks - nassec UUID=016e9e75-bbc8-4b24-8bb7-c800c8f6a500 /run/secrets/luks-spt-omnia-nas.key luks - ''; - systemPackages = with pkgs; [ - cryptsetup - ]; - }; - fileSystems = { - "/data" = { - device = "/dev/mapper/nas"; - fsType = "btrfs"; - options = ["compress=lzo" "subvol=@data" "nofail"]; - }; - "/srv" = { - device = "/dev/mapper/nas"; - fsType = "btrfs"; - options = ["compress=lzo" "subvol=@srv" "nofail"]; - depends = ["/data"]; - }; + services.journald.extraConfig = '' + SystemMaxUse=512M + ''; + + environment = { + etc.crypttab.text = '' + nas UUID=3472bef9-cbae-48bd-873e-fd4858a0b72f /run/secrets/luks-spt-omnia-nas.key luks + nassec UUID=016e9e75-bbc8-4b24-8bb7-c800c8f6a500 /run/secrets/luks-spt-omnia-nas.key luks + ''; + systemPackages = with pkgs; [ + cryptsetup + ]; + }; + fileSystems = { + "/data" = { + device = "/dev/mapper/nas"; + fsType = "btrfs"; + options = ["compress=lzo" "subvol=@data" "nofail"]; }; - services.btrfs.autoScrub = { - enable = true; - fileSystems = ["/" "/data"]; + "/srv" = { + device = "/dev/mapper/nas"; + fsType = "btrfs"; + options = ["compress=lzo" "subvol=@srv" "nofail"]; + depends = ["/data"]; }; - services.udev.packages = [ - (pkgs.writeTextFile rec { - name = "queue_depth_sata.rules"; - destination = "/etc/udev/rules.d/50-${name}"; - text = '' - ACTION=="add|change", SUBSYSTEM=="scsi", ATTR{queue_depth}="1" - ''; - }) - ]; + }; + services.btrfs.autoScrub = { + enable = true; + fileSystems = ["/" "/data"]; + }; + services.udev.packages = [ + (pkgs.writeTextFile rec { + name = "queue_depth_sata.rules"; + destination = "/etc/udev/rules.d/50-${name}"; + text = '' + SUBSYSTEMS=="pci", DRIVER=="ahci", ATTR{device}!="0x0612", GOTO="turris_pci_end" + ACTION=="add|change", SUBSYSTEM=="scsi", ATTR{vendor}=="ATA", ATTR{queue_depth}="1" + LABEL="turris_pci_end" + ''; + }) + ]; + users = { + groups.nas = {}; users = { - groups.nas = {}; - users = { - nas = { - group = "nas"; - openssh.authorizedKeys.keyFiles = [(config.personal-secrets + "/unencrypted/nas.pub")]; - isNormalUser = true; - home = "/data/nas"; - homeMode = "770"; - }; - cynerd.extraGroups = ["nas"]; + nas = { + group = "nas"; + openssh.authorizedKeys.keyFiles = [(config.personal-secrets + "/unencrypted/nas.pub")]; + isNormalUser = true; + home = "/data/nas"; + homeMode = "770"; }; + cynerd.extraGroups = ["nas"]; }; - services.openssh = { - settings.Macs = ["hmac-sha2-256"]; # Allow sha2-256 for Nexcloud access - extraConfig = '' - Match User nas - X11Forwarding no - AllowTcpForwarding no - AllowAgentForwarding no - ForceCommand internal-sftp -d /data/nas - ''; - }; + }; + services.openssh = { + settings.Macs = ["hmac-sha2-256"]; # Allow sha2-256 for Nexcloud access + extraConfig = '' + Match User nas + X11Forwarding no + AllowTcpForwarding no + AllowAgentForwarding no + ForceCommand internal-sftp -d /data/nas + ''; + }; + services.fail2ban.enable = true; - networking.useDHCP = false; - systemd.network = { - netdevs = { - "end2.848" = { - netdevConfig = { - Kind = "vlan"; - Name = "end2.848"; - }; - vlanConfig.Id = 848; + networking.useDHCP = false; + systemd.network = { + netdevs = { + "end2.848" = { + netdevConfig = { + Kind = "vlan"; + Name = "end2.848"; }; + vlanConfig.Id = 848; }; - networks = { - "end2" = { - matchConfig.Name = "end2"; - networkConfig.VLAN = ["end2.848"]; - }; - "end2.848" = { - matchConfig.Name = "end2.848"; - networkConfig.BindCarrier = "end2"; - }; - "pppoe-wan" = { - matchConfig.Name = "pppoe-wan"; - networkConfig = { - BindCarrier = "end2.848"; - DHCP = "ipv6"; - IPv6AcceptRA = "no"; - DHCPPrefixDelegation = "yes"; - }; - dhcpPrefixDelegationConfig = { - UplinkInterface = ":self"; - SubnetId = 0; - Announce = "no"; - }; - linkConfig.RequiredForOnline = "routable"; + }; + networks = { + "end2" = { + matchConfig.Name = "end2"; + networkConfig.VLAN = ["end2.848"]; + }; + "end2.848" = { + matchConfig.Name = "end2.848"; + networkConfig.BindCarrier = "end2"; + }; + "pppoe-wan" = { + matchConfig.Name = "pppoe-wan"; + networkConfig = { + BindCarrier = "end2.848"; + DHCP = "ipv6"; + IPv6AcceptRA = "no"; + DHCPPrefixDelegation = "yes"; }; - "lan-brlan" = { - matchConfig.Name = "lan*"; - networkConfig.Bridge = "brlan"; - bridgeVLANs = [ - { - bridgeVLANConfig = { - EgressUntagged = 1; - PVID = 1; - }; - } - {bridgeVLANConfig.VLAN = 2;} - ]; + dhcpPrefixDelegationConfig = { + UplinkInterface = ":self"; + SubnetId = 0; + Announce = "no"; }; + linkConfig.RequiredForOnline = "routable"; + }; + "lan-brlan" = { + matchConfig.Name = "lan*"; + networkConfig.Bridge = "brlan"; + bridgeVLANs = [ + { + bridgeVLANConfig = { + EgressUntagged = 1; + PVID = 1; + }; + } + {bridgeVLANConfig.VLAN = 2;} + ]; }; }; + }; - services.pppd = { - enable = true; - peers."wan".config = '' - plugin pppoe.so end2.848 - ifname pppoe-wan - lcp-echo-interval 1 - lcp-echo-failure 5 - lcp-echo-adaptive - defaultroute - defaultroute6 - usepeerdns - maxfail 1 - user metronet - password metronet - ''; - }; - systemd.services."pppd-wan".after = ["sys-subsystem-net-devices-end2.848.device"]; - # TODO limit NSS clamping to just pppoe-wan - networking.firewall.extraForwardRules = '' - tcp flags syn tcp option maxseg size set rt mtu comment "Needed for PPPoE to fix IPv4" - iifname {"home", "personalvpn"} oifname {"home", "personalvpn"} accept + services.pppd = { + enable = true; + peers."wan".config = '' + plugin pppoe.so end2.848 + ifname pppoe-wan + lcp-echo-interval 1 + lcp-echo-failure 5 + lcp-echo-adaptive + defaultroute + defaultroute6 + usepeerdns + maxfail 1 + user metronet + password metronet ''; + }; + systemd.services."pppd-wan".after = ["sys-subsystem-net-devices-end2.848.device"]; + # TODO limit NSS clamping to just pppoe-wan + networking.firewall.extraForwardRules = '' + tcp flags syn tcp option maxseg size set rt mtu comment "Needed for PPPoE to fix IPv4" + iifname {"home", "personalvpn"} oifname {"home", "personalvpn"} accept + ''; - services.syncthing = { - enable = false; - openDefaultPorts = true; + services.syncthing = { + enable = false; + openDefaultPorts = true; - overrideDevices = false; - overrideFolders = false; + overrideDevices = false; + overrideFolders = false; - dataDir = "/data"; # TODO this can't be the location - }; + dataDir = "/data"; # TODO this can't be the location }; } diff --git a/nixos/machine/spt-omniax.nix b/nixos/machine/spt-omniax.nix index 9bdc3d3..8edef49 100644 --- a/nixos/machine/spt-omniax.nix +++ b/nixos/machine/spt-omniax.nix @@ -1,56 +1,48 @@ { - config, - lib, - pkgs, - ... -}: -with lib; { - config = { - cynerd = { - router = { - enable = true; - wan = "end2"; - lanIP = "192.168.2.1"; - }; - wifiAP.spt = { - enable = true; - ar9287.interface = "wlp3s0"; - qca988x.interface = "wlp2s0"; - }; - monitoring.speedtest = true; + cynerd = { + router = { + enable = true; + wan = "end2"; + lanIP = "192.168.2.1"; + }; + wifiAP.spt = { + enable = true; + ar9287.interface = "wlp3s0"; + qca988x.interface = "wlp2s0"; }; + monitoring.speedtest = true; + }; - networking.useDHCP = false; - systemd.network = { - networks = { - "end2" = { - matchConfig.Name = "end2"; - networkConfig = { - BindCarrier = "end2"; - DHCP = "yes"; - IPv6AcceptRA = "yes"; - DHCPPrefixDelegation = "yes"; - }; - dhcpPrefixDelegationConfig = { - UplinkInterface = ":self"; - SubnetId = 0; - Announce = "no"; - }; - linkConfig.RequiredForOnline = "routable"; + networking.useDHCP = false; + systemd.network = { + networks = { + "end2" = { + matchConfig.Name = "end2"; + networkConfig = { + BindCarrier = "end2"; + DHCP = "yes"; + IPv6AcceptRA = "yes"; + DHCPPrefixDelegation = "yes"; }; - "lan-brlan" = { - matchConfig.Name = "lan*"; - networkConfig.Bridge = "brlan"; - bridgeVLANs = [ - { - bridgeVLANConfig = { - EgressUntagged = 1; - PVID = 1; - }; - } - {bridgeVLANConfig.VLAN = 2;} - ]; + dhcpPrefixDelegationConfig = { + UplinkInterface = ":self"; + SubnetId = 0; + Announce = "no"; }; + linkConfig.RequiredForOnline = "routable"; + }; + "lan-brlan" = { + matchConfig.Name = "lan*"; + networkConfig.Bridge = "brlan"; + bridgeVLANs = [ + { + bridgeVLANConfig = { + EgressUntagged = 1; + PVID = 1; + }; + } + {bridgeVLANConfig.VLAN = 2;} + ]; }; }; }; diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix index 9d707e9..7afdc95 100644 --- a/nixos/modules/default.nix +++ b/nixos/modules/default.nix @@ -3,7 +3,7 @@ self: let inherit (self.inputs.nixpkgs.lib) filterAttrs nameValuePair mapAttrs' hasSuffix removeSuffix; in mapAttrs' - (n: v: nameValuePair "cynerd-${removeSuffix ".nix" n}" (import (./. + "/${n}"))) + (n: v: nameValuePair "cynerd-${removeSuffix ".nix" n}" (./. + "/${n}")) (filterAttrs (n: v: v == "regular" && hasSuffix ".nix" n && n != "default.nix") (readDir ./.)) diff --git a/nixos/modules/desktop.nix b/nixos/modules/desktop.nix index 87dc12e..e33a8d9 100644 --- a/nixos/modules/desktop.nix +++ b/nixos/modules/desktop.nix @@ -66,7 +66,7 @@ in { #khal #khard gnupg - pinentry-gnome + pinentry-gnome3 pinentry-curses (pass.withExtensions (exts: [ exts.pass-otp @@ -166,7 +166,6 @@ in { acpi ]); }; - vim.package = pkgs.vimHugeX; firefox = { enable = true; languagePacks = ["en-US" "cs"]; @@ -210,12 +209,10 @@ in { alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; + extraConfig.pipewire."10-zeroconf" = { + "context.modules" = [{name = "libpipewire-module-zeroconf-discover";}]; + }; }; - environment.etc."pipewire/pipewire.conf.d/zeroconf.conf".text = '' - context.modules = [ - { name = libpipewire-module-zeroconf-discover } - ] - ''; security.rtkit.enable = true; services.printing = { @@ -236,6 +233,7 @@ in { networking.firewall.allowedUDPPorts = [3702]; fonts.packages = with pkgs; [ + nerdfonts arkpandora_ttf corefonts dejavu_fonts @@ -324,6 +322,8 @@ in { services.locate.enable = true; + services.davfs2.enable = true; + # Support running app images boot.binfmt.registrations.appimage = { wrapInterpreterInShell = false; diff --git a/nixos/modules/develop.nix b/nixos/modules/develop.nix index 3ef6ce6..cc8ce76 100644 --- a/nixos/modules/develop.nix +++ b/nixos/modules/develop.nix @@ -30,15 +30,19 @@ in { tio vim-vint nodePackages.vim-language-server - ctags + vale + + # Required for neovim plugins + editorconfig-checker + go + gcc # Nix dev cachix nurl nix-universal-prefetch - rnix-lsp - nixd + nil alejandra statix deadnix @@ -49,10 +53,14 @@ in { bats shellcheck shfmt + nodePackages.bash-language-server jq yq fq + # C + clang-tools + # Python (python3.withPackages (pypkgs: with pypkgs; [ @@ -73,9 +81,14 @@ in { python-gitlab PyGithub ])) + ruff geckodriver chromedriver + # Lua + selene + stylua + # Julia julia @@ -99,7 +112,7 @@ in { barcode # D-Bus - dfeet + d-spy # Documentation man-pages @@ -152,5 +165,11 @@ in { "develop" "libvirtd" ]; + + # Allow using latest git version from registry + nixpkgs.flake = { + setNixPath = false; + setFlakeRegistry = false; + }; }; } diff --git a/nixos/modules/generic.nix b/nixos/modules/generic.nix index ea8bd74..5c6e2fe 100644 --- a/nixos/modules/generic.nix +++ b/nixos/modules/generic.nix @@ -4,8 +4,9 @@ pkgs, ... }: let - inherit (lib) mkOverride mkDefault mkIf optionals; + inherit (lib) mkOverride mkDefault optionals; isNative = config.nixpkgs.hostPlatform == config.nixpkgs.buildPlatform; + isArm = config.nixpkgs.hostPlatform.isAarch; in { config = { system.stateVersion = "24.05"; @@ -154,7 +155,12 @@ in { syntaxHighlighting.enable = isNative; }; shellrc = true; - vim.defaultEditor = mkDefault true; + vim.defaultEditor = isArm; + neovim = { + enable = !isArm; + defaultEditor = true; + withNodeJs = true; + }; wireshark.enable = true; }; diff --git a/nixos/modules/home-assistant.nix b/nixos/modules/home-assistant.nix index 862b31c..267f725 100644 --- a/nixos/modules/home-assistant.nix +++ b/nixos/modules/home-assistant.nix @@ -152,14 +152,14 @@ in { securetar pyipp ]; - packageOverrides = self: super: { + packageOverrides = _: super: { scapy = super.scapy.override { withPlottingSupport = false; }; - s3transfer = super.s3transfer.overridePythonAttrs (oldAttrs: { + s3transfer = super.s3transfer.overridePythonAttrs { dontUsePytestCheck = true; dontUseSetuptoolsCheck = true; - }); + }; }; }; }; diff --git a/nixos/modules/hosts.nix b/nixos/modules/hosts.nix index 8a9318c..b9a40a6 100644 --- a/nixos/modules/hosts.nix +++ b/nixos/modules/hosts.nix @@ -1,7 +1,6 @@ { config, lib, - pkgs, ... }: let inherit (lib) mkOption types mkIf; @@ -20,6 +19,7 @@ in { description = "Use my personal static hosts"; }; vpn = staticZoneOption; + wg = staticZoneOption; spt = staticZoneOption; adm = staticZoneOption; }; @@ -38,6 +38,17 @@ in { "spt-omnia" = "10.8.0.50"; "adm-omnia" = "10.8.0.51"; }; + wg = { + "lipwig" = "10.8.1.1"; + # Portable + "binky" = "10.8.1.10"; + "android" = "10.8.1.30"; + # Endpoints + "spt-omnia" = "10.8.1.50"; + "adm-omnia" = "10.8.1.51"; + # Endpoints without routing + "dean" = "10.8.1.59"; + }; spt = { # Network "omnia" = "10.8.2.1"; @@ -74,6 +85,13 @@ in { "${cnf.vpn.binky}" = ["binky.vpn"]; "${cnf.vpn.spt-omnia}" = ["spt.vpn"]; "${cnf.vpn.adm-omnia}" = ["adm.vpn"]; + # Wireguard + "${cnf.wg.lipwig}" = ["lipwig.wg"]; + "${cnf.wg.binky}" = ["binky.wg"]; + "${cnf.wg.android}" = ["android.wg"]; + "${cnf.wg.spt-omnia}" = ["spt.wg"]; + "${cnf.wg.adm-omnia}" = ["adm.wg"]; + "${cnf.wg.dean}" = ["dean.wg"]; # Spt "${cnf.spt.omnia}" = ["omnia.spt"]; "${cnf.spt.mox}" = ["mox.spt"]; diff --git a/nixos/modules/openvpn.nix b/nixos/modules/openvpn.nix index 57d59ee..d80dd9d 100644 --- a/nixos/modules/openvpn.nix +++ b/nixos/modules/openvpn.nix @@ -1,7 +1,6 @@ { config, lib, - pkgs, ... }: let inherit (lib) mkOption types mkIf; diff --git a/nixos/modules/switch.nix b/nixos/modules/switch.nix index 16d57bc..669b6ab 100644 --- a/nixos/modules/switch.nix +++ b/nixos/modules/switch.nix @@ -2,8 +2,8 @@ config, lib, ... -}: -with lib; let +}: let + inherit (lib) mkEnableOption mkOption types mkIf; cnf = config.cynerd.switch; in { options = { diff --git a/nixos/modules/syncthing.nix b/nixos/modules/syncthing.nix index b93ecdb..d6b65e6 100644 --- a/nixos/modules/syncthing.nix +++ b/nixos/modules/syncthing.nix @@ -1,7 +1,6 @@ { config, lib, - pkgs, ... }: let inherit (lib) filterAttrs mkOption types mkIf any mkDefault recursiveUpdate genAttrs; diff --git a/nixos/modules/wifi-adm.nix b/nixos/modules/wifi-adm.nix index 733f167..40210e7 100644 --- a/nixos/modules/wifi-adm.nix +++ b/nixos/modules/wifi-adm.nix @@ -1,10 +1,9 @@ { config, lib, - pkgs, ... -}: -with lib; let +}: let + inherit (lib) mkOption mkEnableOption types mkIf hostapd elemAt; cnf = config.cynerd.wifiAP.adm; wOptions = card: channelDefault: { diff --git a/nixos/modules/wifi-spt.nix b/nixos/modules/wifi-spt.nix index 769449d..11554a7 100644 --- a/nixos/modules/wifi-spt.nix +++ b/nixos/modules/wifi-spt.nix @@ -1,10 +1,9 @@ { config, lib, - pkgs, ... }: let - inherit (lib) mkOption mkEnableOption types mkIf mkMerge hostapd elemAt; + inherit (lib) mkOption mkEnableOption types mkIf mkForce mkMerge hostapd elemAt; cnf = config.cynerd.wifiAP.spt; wOptions = card: channelDefault: { @@ -57,6 +56,10 @@ in { mode = "wpa2-sha256"; wpaPasswordFile = "/run/secrets/hostapd-TurrisRules.pass"; }; + settings = { + ieee80211w = 0; + wpa_key_mgmt = mkForce "WPA-PSK"; # force use without sha256 + }; }; #"${cnf.ar9287.interface}.guest" = { # bssid = elemAt cnf.ar9287.bssids 1; @@ -99,6 +102,10 @@ in { mode = "wpa2-sha256"; wpaPasswordFile = "/run/secrets/hostapd-TurrisRules.pass"; }; + settings = { + ieee80211w = 0; + wpa_key_mgmt = mkForce "WPA-PSK"; # force use without sha256 + }; }; #"${cnf.qca988x.interface}.guest" = { # bssid = elemAt cnf.qca988x.bssids 1; diff --git a/nixos/modules/wireguad.nix b/nixos/modules/wireguad.nix new file mode 100644 index 0000000..67bd8d5 --- /dev/null +++ b/nixos/modules/wireguad.nix @@ -0,0 +1,18 @@ +{ + config, + lib, + ... +}: let + inherit (lib) mkEnableOption mkIf; + cnf = config.cynerd.wireguard; +in { + options = { + cynerd.wireguard = { + enable = mkEnableOption "Enable Wireguard"; + }; + }; + + config = + mkIf cnf.enable { + }; +} diff --git a/pkgs/default.nix b/pkgs/default.nix index 38ce6b8..dc4dcae 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -25,4 +25,12 @@ final: prev: { #zigbee2mqtt = prev.zigbee2mqtt.overrideAttrs (oldAttrs: { # npmInstallFlags = ["--no-optional"]; # Fix cross build #}); + flac1_3 = prev.flac.overrideAttrs { + version = "1.3.4"; + src = final.fetchurl { + url = "http://downloads.xiph.org/releases/flac/flac-1.3.4.tar.xz"; + hash = "sha256-j/BgfnWjIt181uxI9PIlRxQEricw0OqUUSexNVFV5zc="; + }; + outputs = ["out"]; + }; } diff --git a/pkgs/stardict/wrapper.nix b/pkgs/stardict/wrapper.nix index e99fa01..98ee814 100644 --- a/pkgs/stardict/wrapper.nix +++ b/pkgs/stardict/wrapper.nix @@ -1,5 +1,4 @@ { - lib, stdenv, makeBinaryWrapper, stardict, @@ -36,9 +35,9 @@ with stardict; let ''; passthru.withDictionaries = dicts: - drv.overrideAttrs (oldAttrs: { + drv.overrideAttrs { dictionaries = dicts; - }); + }; }; in drv diff --git a/pkgs/theme/delft-icon-theme.nix b/pkgs/theme/delft-icon-theme.nix index 1dcd904..fb0b6e3 100644 --- a/pkgs/theme/delft-icon-theme.nix +++ b/pkgs/theme/delft-icon-theme.nix @@ -1,13 +1,12 @@ { lib, - stdenv, stdenvNoCC, fetchFromGitHub, gtk3, gnome-icon-theme, hicolor-icon-theme, }: -stdenv.mkDerivation rec { +stdenvNoCC.mkDerivation rec { pname = "delft-icon-theme"; version = "1.15"; diff --git a/pkgs/theme/myswaylock.sh b/pkgs/theme/myswaylock.sh index c204a57..18d6a6f 100755 --- a/pkgs/theme/myswaylock.sh +++ b/pkgs/theme/myswaylock.sh @@ -1,8 +1,4 @@ #!/usr/bin/env bash - -# Switch to the US keyboard (to make sure that we have the correct one) -swaymsg input type:keyboard xkb_layout us - resolution="$(swaymsg -t get_outputs \ | jq -r '.[0].rect | [.width,.height] | join("x")')" case "$resolution" in diff --git a/update.sh b/update.sh deleted file mode 100755 index 7d99ca4..0000000 --- a/update.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh -set -eu - -nix flake update -git add flake.lock -git commit -m 'Flake inputs update' -- cgit v1.2.3