felix/nixos
1
0
Fork 0
mirror of https://github.com/Stunkymonkey/nixos.git synced 2025-05-24 09:54:40 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

treewide: fmt

Browse source
This commit is contained in:
Felix Buehler 2024-07-28 21:08:02 +02:00
parent 330abe53d2
commit ea37c7b836
95 changed files with 1162 additions and 779 deletions
Download patch file Download diff file Expand all files Collapse all files

36
flake.nix
View file

@ -43,7 +43,13 @@
}; };
}; };
outputs = inputs@{ self, flake-parts, nixinate, ... }: outputs =
inputs@{
self,
flake-parts,
nixinate,
...
}:
flake-parts.lib.mkFlake { inherit inputs; } { flake-parts.lib.mkFlake { inherit inputs; } {
imports = [ imports = [
@ -52,13 +58,22 @@
inputs.git-hooks.flakeModule inputs.git-hooks.flakeModule
]; ];
systems = [ "x86_64-linux" "aarch64-linux" ]; systems = [
"x86_64-linux"
"aarch64-linux"
];
perSystem = { inputs', config, pkgs, system, ... }: { perSystem =
{
inputs',
config,
pkgs,
system,
...
}:
{
# make pkgs available to all `perSystem` functions # make pkgs available to all `perSystem` functions
_module.args.pkgs = import inputs.nixpkgs { _module.args.pkgs = import inputs.nixpkgs { inherit system; };
inherit system;
};
# enable pre-commit checks # enable pre-commit checks
pre-commit.settings = { pre-commit.settings = {
@ -77,7 +92,10 @@
statix.enable = true; statix.enable = true;
typos = { typos = {
enable = true; enable = true;
excludes = [ "secrets\\.yaml" "\\.sops\\.yaml" ]; excludes = [
"secrets\\.yaml"
"\\.sops\\.yaml"
];
settings.ignored-words = [ "flate" ]; settings.ignored-words = [ "flate" ];
}; };
yamllint = { yamllint = {
@ -88,9 +106,7 @@
}; };
devShells.default = pkgs.mkShell { devShells.default = pkgs.mkShell {
inputsFrom = [ inputsFrom = [ config.pre-commit.devShell ];
config.pre-commit.devShell
];
nativeBuildInputs = with pkgs; [ nativeBuildInputs = with pkgs; [
inputs'.sops-nix.packages.sops-import-keys-hook inputs'.sops-nix.packages.sops-import-keys-hook
inputs'.disko.packages.disko inputs'.disko.packages.disko

18
images/base-config.nix
View file

@ -1,9 +1,11 @@
# based on: https://github.com/Mic92/dotfiles/blob/main/nixos/images/base-config.nix # based on: https://github.com/Mic92/dotfiles/blob/main/nixos/images/base-config.nix
{ lib {
, pkgs lib,
, config pkgs,
, ... config,
}: { ...
}:
{
system.stateVersion = config.system.nixos.version; system.stateVersion = config.system.nixos.version;
networking = { networking = {
@ -23,7 +25,8 @@
network.enable = true; network.enable = true;
network.networks = network.networks =
lib.mapAttrs' lib.mapAttrs'
(num: _: (
num: _:
lib.nameValuePair "eth${num}" { lib.nameValuePair "eth${num}" {
matchConfig.Name = "eth${num}"; matchConfig.Name = "eth${num}";
networkConfig = { networkConfig = {
@ -40,7 +43,8 @@
RouteMetric = 512; RouteMetric = 512;
}; };
ipv6AcceptRAConfig.Token = "::521a:c5ff:fefe:65d9"; ipv6AcceptRAConfig.Token = "::521a:c5ff:fefe:65d9";
}) }
)
{ {
"0" = { }; "0" = { };
"1" = { }; "1" = { };

12
images/flake-module.nix
View file

@ -2,25 +2,19 @@
let let
inherit (self.inputs) nixos-generators; inherit (self.inputs) nixos-generators;
defaultModule = { defaultModule = {
imports = [ imports = [ ./base-config.nix ];
./base-config.nix
];
_module.args.inputs = self.inputs; _module.args.inputs = self.inputs;
}; };
in in
{ {
perSystem = perSystem =
{ pkgs { pkgs, ... }:
, ...
}:
{ {
packages = { packages = {
install-iso = nixos-generators.nixosGenerate { install-iso = nixos-generators.nixosGenerate {
system = "x86_64-linux"; system = "x86_64-linux";
inherit pkgs; inherit pkgs;
modules = [ modules = [ defaultModule ];
defaultModule
];
format = "install-iso"; format = "install-iso";
}; };

3
images/rpi4-image.nix
View file

@ -1,6 +1,7 @@
# nix build .#install-sd-aarch64 --system aarch64-linux # nix build .#install-sd-aarch64 --system aarch64-linux
# zstd -vdcfT6 /nix/store/...-aarch64-linux.img/sd-image/...-aarch64-linux.img.zst | dd of=/dev/sdX status=progress bs=64K # zstd -vdcfT6 /nix/store/...-aarch64-linux.img/sd-image/...-aarch64-linux.img.zst | dd of=/dev/sdX status=progress bs=64K
{ ... }: { { ... }:
{
nixpkgs.localSystem.system = "aarch64-linux"; nixpkgs.localSystem.system = "aarch64-linux";
imports = [ imports = [
<nixpkgs/nixos/modules/installer/sd-card/sd-image-aarch64.nix> <nixpkgs/nixos/modules/installer/sd-card/sd-image-aarch64.nix>

21
images/yubikey-installer.nix
View file

@ -2,7 +2,13 @@
# nix build -f yubikey-installer.nix nixos-yubikey # nix build -f yubikey-installer.nix nixos-yubikey
# sudo cp -v installer/iso/*.iso /dev/sdb; sync # sudo cp -v installer/iso/*.iso /dev/sdb; sync
let let
configuration = { config, lib, pkgs, ... }: configuration =
{
config,
lib,
pkgs,
...
}:
with pkgs; with pkgs;
let let
src = fetchGit "https://github.com/drduh/YubiKey-Guide"; src = fetchGit "https://github.com/drduh/YubiKey-Guide";
@ -54,12 +60,17 @@ let
yubikey-guide = symlinkJoin { yubikey-guide = symlinkJoin {
name = "yubikey-guide"; name = "yubikey-guide";
paths = [ view-yubikey-guide shortcut ]; paths = [
view-yubikey-guide
shortcut
];
}; };
in in
{ {
nixpkgs.config = { allowBroken = true; }; nixpkgs.config = {
allowBroken = true;
};
isoImage.isoBaseName = lib.mkForce "nixos-yubikey"; isoImage.isoBaseName = lib.mkForce "nixos-yubikey";
# Uncomment this to disable compression and speed up image creation time # Uncomment this to disable compression and speed up image creation time
@ -72,7 +83,9 @@ let
kernelParams = [ "copytoram" ]; kernelParams = [ "copytoram" ];
# Secure defaults # Secure defaults
tmp.cleanOnBoot = true; tmp.cleanOnBoot = true;
kernel.sysctl = { "kernel.unprivileged_bpf_disabled" = 1; }; kernel.sysctl = {
"kernel.unprivileged_bpf_disabled" = 1;
};
}; };
services.pcscd.enable = true; services.pcscd.enable = true;

18
machines/configurations.nix
View file

@ -1,7 +1,6 @@
{ self, ... }: { self, ... }:
let let
inherit inherit (self.inputs)
(self.inputs)
nixpkgs nixpkgs
nixpkgs-unstable nixpkgs-unstable
sops-nix sops-nix
@ -26,18 +25,19 @@ let
} }
{ {
imports = [ imports = [
({ pkgs, ... }: { (
{ pkgs, ... }:
{
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
nixpkgs.overlays = [ nixpkgs.overlays = [
overlay-unstable overlay-unstable
(import ../overlays) (import ../overlays)
(import ../pkgs) (import ../pkgs)
]; ];
nix.nixPath = [ nix.nixPath = [ "nixpkgs=${pkgs.path}" ];
"nixpkgs=${pkgs.path}"
];
documentation.info.enable = false; documentation.info.enable = false;
}) }
)
disko.nixosModules.disko disko.nixosModules.disko
passworts.nixosModules.passworts passworts.nixosModules.passworts
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
@ -60,9 +60,7 @@ in
}; };
newton = nixosSystem { newton = nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
modules = defaultModules ++ [ modules = defaultModules ++ [ ./newton/configuration.nix ];
./newton/configuration.nix
];
}; };
serverle = nixosSystem { serverle = nixosSystem {
system = "aarch64-linux"; system = "aarch64-linux";

3
machines/core/modules.nix
View file

@ -1,5 +1,4 @@
_: _: {
{
boot.initrd = { boot.initrd = {
availableKernelModules = [ availableKernelModules = [
"ahci" "ahci"

3
machines/core/network.nix
View file

@ -1,5 +1,4 @@
_: _: {
{
networking.networkmanager = { networking.networkmanager = {
enable = true; enable = true;

3
machines/newton/boot.nix
View file

@ -1,5 +1,4 @@
_: _: {
{
boot.loader = { boot.loader = {
timeout = 1; timeout = 1;
grub = { grub = {

4
machines/newton/disko-config.nix
View file

@ -18,9 +18,7 @@
type = "filesystem"; type = "filesystem";
format = "vfat"; format = "vfat";
mountpoint = "/boot"; mountpoint = "/boot";
mountOptions = [ mountOptions = [ "defaults" ];
"defaults"
];
}; };
}; };
luks = { luks = {

11
machines/newton/hardware-configuration.nix
View file

@ -1,4 +1,9 @@
{ config, lib, modulesPath, ... }: {
config,
lib,
modulesPath,
...
}:
{ {
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
@ -9,9 +14,7 @@
"virtio_pci" "virtio_pci"
"virtio_scsi" "virtio_scsi"
]; ];
boot.initrd.kernelModules = [ boot.initrd.kernelModules = [ "dm-snapshot" ];
"dm-snapshot"
];
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

4
machines/newton/network.nix
View file

@ -27,7 +27,9 @@ let
in in
{ {
# kernel parameters are needed for initrd # kernel parameters are needed for initrd
boot.kernelParams = [ "ip=${ip4_addr}::${ip4_gw}:${ip4_mask}:${config.networking.hostName}:${ifname}:off" ]; boot.kernelParams = [
"ip=${ip4_addr}::${ip4_gw}:${ip4_mask}:${config.networking.hostName}:${ifname}:off"
];
networking = { networking = {
nameservers = ip4_dns ++ ip6_dns; nameservers = ip4_dns ++ ip6_dns;
domain = "buehler.rocks"; domain = "buehler.rocks";

3
machines/newton/system.nix
View file

@ -1,6 +1,5 @@
# enabled system services # enabled system services
_: _: {
{
my.system = { my.system = {
podman.enable = true; podman.enable = true;
}; };

4
machines/serverle/disko-config.nix
View file

@ -18,9 +18,7 @@
type = "filesystem"; type = "filesystem";
format = "vfat"; format = "vfat";
mountpoint = "/boot"; mountpoint = "/boot";
mountOptions = [ mountOptions = [ "defaults" ];
"defaults"
];
}; };
}; };
luks = { luks = {

3
machines/serverle/network.nix
View file

@ -1,5 +1,4 @@
_: _: {
{
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
8080 # aria 8080 # aria
]; ];

4
machines/serverle/syncthing.nix
View file

@ -74,9 +74,7 @@
"Aria2" = { "Aria2" = {
id = "jjnzq-pgzua"; id = "jjnzq-pgzua";
path = "/data/tmp/aria2"; path = "/data/tmp/aria2";
devices = [ devices = [ "thinkman" ];
"thinkman"
];
}; };
}; };
}; };

3
machines/serverle/system.nix
View file

@ -1,6 +1,5 @@
# enabled system services # enabled system services
_: _: {
{
my.system = { my.system = {
avahi.enable = true; avahi.enable = true;
docker.enable = true; docker.enable = true;

3
machines/thinkman/boot.nix
View file

@ -1,5 +1,4 @@
_: _: {
{
boot = { boot = {
loader = { loader = {
timeout = 1; timeout = 1;

4
machines/thinkman/disko-config.nix
View file

@ -18,9 +18,7 @@
type = "filesystem"; type = "filesystem";
format = "vfat"; format = "vfat";
mountpoint = "/boot"; mountpoint = "/boot";
mountOptions = [ mountOptions = [ "defaults" ];
"defaults"
];
}; };
}; };
luks = { luks = {

3
machines/thinkman/network.nix
View file

@ -1,6 +1,5 @@
# network settings # network settings
_: _: {
{
# hotfixes for dns settings # hotfixes for dns settings
networking.extraHosts = networking.extraHosts =
let let

3
machines/thinkman/profiles.nix
View file

@ -1,6 +1,5 @@
# enabled profiles # enabled profiles
_: _: {
{
my.profiles = { my.profiles = {
"3d-design".enable = true; "3d-design".enable = true;
android.enable = true; android.enable = true;

6
machines/thinkman/remote-build.nix
View file

@ -9,7 +9,11 @@ in
{ {
hostName = "buehler.rocks"; hostName = "buehler.rocks";
system = "x86_64-linux"; system = "x86_64-linux";
supportedFeatures = [ "benchmark" "kvm" "big-parallel" ]; supportedFeatures = [
"benchmark"
"kvm"
"big-parallel"
];
sshUser = "nixremote"; sshUser = "nixremote";
sshKey = secrets."nixremote/ssh_key".path; sshKey = secrets."nixremote/ssh_key".path;
maxJobs = 4; maxJobs = 4;

3
machines/thinkman/system.nix
View file

@ -1,6 +1,5 @@
# enabled system services # enabled system services
_: _: {
{
my.system = { my.system = {
avahi.enable = true; avahi.enable = true;
fonts.enable = true; fonts.enable = true;

11
modules/hardware/bluetooth/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.hardware.bluetooth; cfg = config.my.hardware.bluetooth;
in in
@ -18,8 +23,6 @@ in
}; };
}; };
services.blueman.enable = true; services.blueman.enable = true;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [ sony-headphones-client ];
sony-headphones-client
];
}; };
} }

7
modules/hardware/debug/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.hardware.debug; cfg = config.my.hardware.debug;
in in

13
modules/hardware/firmware/default.nix
View file

@ -7,14 +7,20 @@ in
enable = mkEnableOption "firmware configuration"; enable = mkEnableOption "firmware configuration";
cpuFlavor = mkOption { cpuFlavor = mkOption {
type = with types; nullOr (enum [ "intel" "amd" ]); type =
with types;
nullOr (enum [
"intel"
"amd"
]);
default = null; default = null;
example = "intel"; example = "intel";
description = "Which kind of CPU to activate micro-code updates"; description = "Which kind of CPU to activate micro-code updates";
}; };
}; };
config = lib.mkIf cfg.enable (lib.mkMerge [ config = lib.mkIf cfg.enable (
lib.mkMerge [
{ {
hardware = { hardware = {
enableRedistributableFirmware = true; enableRedistributableFirmware = true;
@ -34,5 +40,6 @@ in
cpu.amd.updateMicrocode = true; cpu.amd.updateMicrocode = true;
}; };
}) })
]); ]
);
} }

7
modules/hardware/graphics/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.hardware.graphics; cfg = config.my.hardware.graphics;
in in

7
modules/hardware/keychron/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.hardware.keychron; cfg = config.my.hardware.keychron;
in in

7
modules/hardware/sound/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.hardware.sound; cfg = config.my.hardware.sound;
in in

11
modules/hardware/thunderbolt/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.hardware.thunderbolt; cfg = config.my.hardware.thunderbolt;
in in
@ -8,9 +13,7 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [ thunderbolt ];
thunderbolt
];
services.hardware.bolt.enable = true; services.hardware.bolt.enable = true;
}; };
} }

11
modules/hardware/yubikey/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.hardware.yubikey; cfg = config.my.hardware.yubikey;
in in
@ -18,8 +23,6 @@ in
}; };
services.pcscd.enable = true; services.pcscd.enable = true;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [ yubikey-manager ];
yubikey-manager
];
}; };
} }

6
modules/services/alertmanager/config.nix
View file

@ -14,11 +14,7 @@
receivers = [ receivers = [
{ {
name = "default"; name = "default";
email_configs = [ email_configs = [ { to = "server@buehler.rocks"; } ];
{
to = "server@buehler.rocks";
}
];
webhook_configs = [ webhook_configs = [
{ {
url = "http://localhost:4050/services/hooks/YWxlcnRtYW5hZ2VyX3NlcnZpY2U"; url = "http://localhost:4050/services/hooks/YWxlcnRtYW5hZ2VyX3NlcnZpY2U";

23
modules/services/alertmanager/default.nix
View file

@ -1,5 +1,10 @@
# monitoring system services # monitoring system services
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.services.alertmanager; cfg = config.my.services.alertmanager;
inherit (config.networking) domain; inherit (config.networking) domain;
@ -37,24 +42,18 @@ in
extraFlags = [ "--cluster.advertise-address 127.0.0.1:${toString cfg.port}" ]; extraFlags = [ "--cluster.advertise-address 127.0.0.1:${toString cfg.port}" ];
}; };
alertmanagers = [ alertmanagers = [ { static_configs = [ { targets = [ "localhost:${toString cfg.port}" ]; } ]; } ];
{
static_configs = [
{
targets = [ "localhost:${toString cfg.port}" ];
}
];
}
];
scrapeConfigs = [ scrapeConfigs = [
{ {
job_name = "alertmanager"; job_name = "alertmanager";
static_configs = [{ static_configs = [
{
targets = [ "127.0.0.1:${toString cfg.port}" ]; targets = [ "127.0.0.1:${toString cfg.port}" ];
labels = { labels = {
instance = config.networking.hostName; instance = config.networking.hostName;
}; };
}]; }
];
} }
]; ];
}; };

7
modules/services/aria2/default.nix
View file

@ -1,5 +1,10 @@
# to download things # to download things
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.services.aria2; cfg = config.my.services.aria2;
inherit (config.networking) domain; inherit (config.networking) domain;

23
modules/services/backup/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.services.backup; cfg = config.my.services.backup;
in in
@ -52,9 +57,7 @@ in
type = with types; listOf str; type = with types; listOf str;
description = lib.mdDoc "additional path(s) to back up"; description = lib.mdDoc "additional path(s) to back up";
default = [ "/" ]; default = [ "/" ];
example = [ example = [ "/home/user" ];
"/home/user"
];
}; };
exclude = mkOption { exclude = mkOption {
type = with types; listOf str; type = with types; listOf str;
@ -138,9 +141,11 @@ in
inherit (cfg) doInit; inherit (cfg) doInit;
compression = "auto,zstd"; compression = "auto,zstd";
postHook = '' postHook =
''
if (( $exitStatus > 1 )); then if (( $exitStatus > 1 )); then
'' + lib.optionalString cfg.OnFailureNotification '' ''
+ lib.optionalString cfg.OnFailureNotification ''
# iterate over all logged in users # iterate over all logged in users
for user in $(users); do for user in $(users); do
sway_pid=$(${pkgs.procps}/bin/pgrep -x "sway" -u "$user") sway_pid=$(${pkgs.procps}/bin/pgrep -x "sway" -u "$user")
@ -153,10 +158,12 @@ in
echo "sent notification" echo "sent notification"
fi fi
done done
'' + lib.optionalString (cfg.OnFailureMail != null) '' ''
+ lib.optionalString (cfg.OnFailureMail != null) ''
journalctl -u borgbackup-job-hetzner.service | ${pkgs.mailutils}/bin/mail -r "Administrator<root@buehler.rocks>" -s "Backup Error" server@buehler.rocks journalctl -u borgbackup-job-hetzner.service | ${pkgs.mailutils}/bin/mail -r "Administrator<root@buehler.rocks>" -s "Backup Error" server@buehler.rocks
echo "sent mail" echo "sent mail"
'' + '' ''
+ ''
fi fi
''; '';

6
modules/services/bazarr/default.nix
View file

@ -31,12 +31,14 @@ in
prometheus.scrapeConfigs = [ prometheus.scrapeConfigs = [
{ {
job_name = "bazarr"; job_name = "bazarr";
static_configs = [{ static_configs = [
{
targets = [ "127.0.0.1:${toString port + 1}" ]; targets = [ "127.0.0.1:${toString port + 1}" ];
labels = { labels = {
instance = config.networking.hostName; instance = config.networking.hostName;
}; };
}]; }
];
} }
]; ];
}; };

15
modules/services/blackbox/default.nix
View file

@ -1,5 +1,10 @@
# monitor urls # monitor urls
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.services.blackbox; cfg = config.my.services.blackbox;
blackBoxConfig = { blackBoxConfig = {
@ -11,12 +16,8 @@ let
ssh_banner = { ssh_banner = {
prober = "tcp"; prober = "tcp";
tcp.query_response = [ tcp.query_response = [
{ { send = "SSH-2.0-blackbox-ssh-check"; }
send = "SSH-2.0-blackbox-ssh-check"; { expect = "^SSH-2.0-"; }
}
{
expect = "^SSH-2.0-";
}
]; ];
}; };
}; };

7
modules/services/blocky/default.nix
View file

@ -1,5 +1,10 @@
# Fast and lightweight DNS proxy as ad-blocker for local network # Fast and lightweight DNS proxy as ad-blocker for local network
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.services.blocky; cfg = config.my.services.blocky;
in in

7
modules/services/freshrss/default.nix
View file

@ -1,5 +1,10 @@
# RSS aggregator and reader # RSS aggregator and reader
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.services.freshrss; cfg = config.my.services.freshrss;
inherit (config.networking) domain; inherit (config.networking) domain;

7
modules/services/gitea/default.nix
View file

@ -1,5 +1,10 @@
# self-hosted git service # self-hosted git service
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.services.gitea; cfg = config.my.services.gitea;
inherit (config.networking) domain; inherit (config.networking) domain;

7
modules/services/grafana/default.nix
View file

@ -1,5 +1,10 @@
# visualize monitoring services # visualize monitoring services
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.services.grafana; cfg = config.my.services.grafana;
inherit (config.networking) domain; inherit (config.networking) domain;

7
modules/services/hedgedoc/default.nix
View file

@ -1,5 +1,10 @@
# HedgeDoc is an open-source, web-based, self-hosted, collaborative markdown editor. # HedgeDoc is an open-source, web-based, self-hosted, collaborative markdown editor.
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.services.hedgedoc; cfg = config.my.services.hedgedoc;
inherit (config.networking) domain; inherit (config.networking) domain;

7
modules/services/home-automation/default.nix
View file

@ -1,5 +1,10 @@
# home automation # home automation
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.services.home-automation; cfg = config.my.services.home-automation;
inherit (config.networking) domain; inherit (config.networking) domain;

7
modules/services/homepage/default.nix
View file

@ -1,5 +1,10 @@
# My own personal homepage # My own personal homepage
{ config, lib, inputs, ... }: {
config,
lib,
inputs,
...
}:
let let
cfg = config.my.services.homepage; cfg = config.my.services.homepage;
inherit (config.networking) domain; inherit (config.networking) domain;

43
modules/services/homer/config.nix
View file

@ -3,7 +3,8 @@
{ {
options.webapps = { options.webapps = {
dashboardCategories = lib.mkOption { dashboardCategories = lib.mkOption {
type = lib.types.listOf (lib.types.submodule { type = lib.types.listOf (
lib.types.submodule {
options = { options = {
name = lib.mkOption { name = lib.mkOption {
type = lib.types.str; type = lib.types.str;
@ -20,7 +21,8 @@
example = "app"; example = "app";
}; };
}; };
}); }
);
description = '' description = ''
App categories to display on the dashboard. App categories to display on the dashboard.
''; '';
@ -34,8 +36,8 @@
}; };
apps = lib.mkOption { apps = lib.mkOption {
type = lib.types.attrsOf type = lib.types.attrsOf (
(lib.types.submodule { lib.types.submodule {
options = { options = {
dashboard = { dashboard = {
url = lib.mkOption { url = lib.mkOption {
@ -79,7 +81,10 @@
default = "Ping"; default = "Ping";
}; };
method = lib.mkOption { method = lib.mkOption {
type = lib.types.enum [ "get" "head" ]; type = lib.types.enum [
"get"
"head"
];
description = '' description = ''
method of request used method of request used
''; '';
@ -88,7 +93,8 @@
}; };
}; };
}; };
}); }
);
description = '' description = ''
Defines a web application. Defines a web application.
''; '';
@ -105,24 +111,33 @@
let let
apps = builtins.filter (a: a.dashboard.name != null) (lib.attrValues cfg.apps); apps = builtins.filter (a: a.dashboard.name != null) (lib.attrValues cfg.apps);
in in
lib.forEach cfg.dashboardCategories (cat: lib.forEach cfg.dashboardCategories (
cat:
let let
catApps = lib.sort (a: b: a.dashboard.name < b.dashboard.name) ( catApps = lib.sort (a: b: a.dashboard.name < b.dashboard.name) (
builtins.filter builtins.filter (
(a: a:
a.dashboard.category != null && a.dashboard.category == cat.tag || a.dashboard.category != null && a.dashboard.category == cat.tag
a.dashboard.category == null && cat.tag == "misc") || a.dashboard.category == null && cat.tag == "misc"
apps); ) apps
);
in in
{ {
inherit (cat) name; inherit (cat) name;
items = lib.forEach catApps (a: { items = lib.forEach catApps (a: {
inherit (a.dashboard) method name type url; inherit (a.dashboard)
method
name
type
url
;
icon = lib.optionalString (a.dashboard.icon != null) "fas fa-${a.dashboard.icon}"; icon = lib.optionalString (a.dashboard.icon != null) "fas fa-${a.dashboard.icon}";
target = "_blank"; target = "_blank";
}); });
} }
); );
my.services.blackbox.http_endpoints = lib.mapAttrsToList (_key: value: value.dashboard.url) config.webapps.apps ++ [ "https://${config.networking.domain}/" ]; my.services.blackbox.http_endpoints =
lib.mapAttrsToList (_key: value: value.dashboard.url) config.webapps.apps
++ [ "https://${config.networking.domain}/" ];
}; };
} }

31
modules/services/homer/default.nix
View file

@ -1,5 +1,10 @@
# Dashboard site # Dashboard site
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.services.homer; cfg = config.my.services.homer;
inherit (config.networking) domain; inherit (config.networking) domain;
@ -14,9 +19,7 @@ let
}; };
in in
{ {
imports = [ imports = [ ./config.nix ];
./config.nix
];
options.my.services.homer = with lib; { options.my.services.homer = with lib; {
enable = mkEnableOption "Homer Dashboard"; enable = mkEnableOption "Homer Dashboard";
@ -44,10 +47,22 @@ in
webapps = { webapps = {
dashboardCategories = [ dashboardCategories = [
{ name = "Applications"; tag = "app"; } {
{ name = "Media"; tag = "media"; } name = "Applications";
{ name = "Infrastructure"; tag = "infra"; } tag = "app";
{ name = "Others"; tag = "other"; } }
{
name = "Media";
tag = "media";
}
{
name = "Infrastructure";
tag = "infra";
}
{
name = "Others";
tag = "other";
}
]; ];
}; };
}; };

4
modules/services/initrd-ssh/default.nix
View file

@ -15,9 +15,7 @@ in
ssh = { ssh = {
enable = true; enable = true;
port = 2222; port = 2222;
hostKeys = [ hostKeys = [ "/etc/secrets/initrd/ssh_host_ed25519_key" ];
"/etc/secrets/initrd/ssh_host_ed25519_key"
];
authorizedKeys = [ authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOFx6OLwL9MbkD3mnMsv+xrzZHN/rwCTgVs758SCLG0h felix@thinkman" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOFx6OLwL9MbkD3mnMsv+xrzZHN/rwCTgVs758SCLG0h felix@thinkman"
]; ];

12
modules/services/jellyfin/default.nix
View file

@ -1,5 +1,10 @@
# The Free Software Media System # The Free Software Media System
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.services.jellyfin; cfg = config.my.services.jellyfin;
inherit (config.networking) domain; inherit (config.networking) domain;
@ -8,10 +13,7 @@ let
jellyfin-with-metrics = pkgs.jellyfin.overrideAttrs (attrs: { jellyfin-with-metrics = pkgs.jellyfin.overrideAttrs (attrs: {
patches = patches =
let let
existingPatches = existingPatches = if attrs ? patches && builtins.isList attrs.patches then attrs.patches else [ ];
if attrs ? patches && builtins.isList attrs.patches
then attrs.patches
else [ ];
in in
# with this patch the default setting for metrics is changed # with this patch the default setting for metrics is changed
existingPatches ++ [ ./enable-metrics.patch ]; existingPatches ++ [ ./enable-metrics.patch ];

26
modules/services/loki/default.nix
View file

@ -1,5 +1,10 @@
# log monitoring # log monitoring
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.services.loki; cfg = config.my.services.loki;
in in
@ -15,8 +20,8 @@ in
}; };
rules = mkOption { rules = mkOption {
type = types.attrsOf type = types.attrsOf (
(types.submodule { types.submodule {
options = { options = {
condition = mkOption { condition = mkOption {
type = types.str; type = types.str;
@ -53,7 +58,8 @@ in
default = "2m"; default = "2m";
}; };
}; };
}); }
);
description = '' description = ''
Defines the loki rules. Defines the loki rules.
''; '';
@ -67,14 +73,12 @@ in
groups = [ groups = [
{ {
name = "alerting-rules"; name = "alerting-rules";
rules = lib.mapAttrsToList rules = lib.mapAttrsToList (name: opts: {
(name: opts: {
alert = name; alert = name;
inherit (opts) condition labels; inherit (opts) condition labels;
for = opts.time; for = opts.time;
annotations.description = opts.description; annotations.description = opts.description;
}) }) cfg.rules;
cfg.rules;
} }
]; ];
}; };
@ -114,7 +118,8 @@ in
}; };
schema_config = { schema_config = {
configs = [{ configs = [
{
from = "2020-11-08"; from = "2020-11-08";
store = "tsdb"; store = "tsdb";
object_store = "filesystem"; object_store = "filesystem";
@ -123,7 +128,8 @@ in
prefix = "index_"; prefix = "index_";
period = "24h"; period = "24h";
}; };
}]; }
];
}; };
limits_config = { limits_config = {

7
modules/services/minecraft-server/default.nix
View file

@ -1,5 +1,10 @@
# sandbox video game # sandbox video game
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.services.minecraft-server; cfg = config.my.services.minecraft-server;
in in

12
modules/services/mumble-server/default.nix
View file

@ -1,5 +1,10 @@
# Have a good quality voice chat # Have a good quality voice chat
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.services.mumble-server; cfg = config.my.services.mumble-server;
domain = "voice.${config.networking.domain}"; domain = "voice.${config.networking.domain}";
@ -28,7 +33,10 @@ in
''; '';
}; };
users.groups."voice-buehler-rocks".members = [ "murmur" "nginx" ]; users.groups."voice-buehler-rocks".members = [
"murmur"
"nginx"
];
my.services.prometheus.rules = { my.services.prometheus.rules = {
mumble_not_running = { mumble_not_running = {

7
modules/services/navidrome/default.nix
View file

@ -1,5 +1,10 @@
# A FLOSS self-hosted, subsonic compatible music server # A FLOSS self-hosted, subsonic compatible music server
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.services.navidrome; cfg = config.my.services.navidrome;
inherit (config.networking) domain; inherit (config.networking) domain;

14
modules/services/nextcloud/default.nix
View file

@ -1,5 +1,10 @@
# self-hosted cloud # self-hosted cloud
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.services.nextcloud; cfg = config.my.services.nextcloud;
inherit (config.networking) domain; inherit (config.networking) domain;
@ -71,7 +76,12 @@ in
}; };
extraApps = with pkgs.nextcloud29Packages.apps; { extraApps = with pkgs.nextcloud29Packages.apps; {
inherit calendar contacts tasks deck; inherit
calendar
contacts
tasks
deck
;
}; };
extraAppsEnable = true; extraAppsEnable = true;
}; };

81
modules/services/nginx/default.nix
View file

@ -1,8 +1,15 @@
# A simple abstraction layer for almost all of my services' needs # A simple abstraction layer for almost all of my services' needs
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.services.nginx; cfg = config.my.services.nginx;
virtualHostOption = with lib; types.submodule { virtualHostOption =
with lib;
types.submodule {
options = { options = {
subdomain = mkOption { subdomain = mkOption {
type = types.str; type = types.str;
@ -52,9 +59,7 @@ let
}; };
in in
{ {
imports = [ imports = [ ./sso ];
./sso
];
options.my.services.nginx = with lib; { options.my.services.nginx = with lib; {
enable = mkEnableOption "Nginx"; enable = mkEnableOption "Nginx";
acme = { acme = {
@ -116,7 +121,8 @@ in
description = "Port to use for internal webui."; description = "Port to use for internal webui.";
}; };
users = mkOption { users = mkOption {
type = types.attrsOf (types.submodule { type = types.attrsOf (
types.submodule {
options = { options = {
passwordHashFile = mkOption { passwordHashFile = mkOption {
type = types.str; type = types.str;
@ -129,7 +135,8 @@ in
description = "Path to file containing the user's TOTP secret."; description = "Path to file containing the user's TOTP secret.";
}; };
}; };
}); }
);
example = literalExpression '' example = literalExpression ''
{ {
alice = { alice = {
@ -153,9 +160,13 @@ in
}; };
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
assertions = lib.flip builtins.map cfg.virtualHosts ({ subdomain, ... } @ args: assertions = lib.flip builtins.map cfg.virtualHosts (
{ subdomain, ... }@args:
let let
conflicts = [ "port" "root" ]; conflicts = [
"port"
"root"
];
optionsNotNull = builtins.map (v: args.${v} != null) conflicts; optionsNotNull = builtins.map (v: args.${v} != null) conflicts;
optionsSet = lib.filter lib.id optionsNotNull; optionsSet = lib.filter lib.id optionsNotNull;
in in
@ -166,7 +177,8 @@ in
lib.concatStringsSep ", " (builtins.map (v: "'${v}'") conflicts) lib.concatStringsSep ", " (builtins.map (v: "'${v}'") conflicts)
} configured. } configured.
''; '';
}) }
)
# ++ ( # ++ (
# let # let
# ports = lib.my.mapFilter # ports = lib.my.mapFilter
@ -251,9 +263,10 @@ in
let let
genAttrs' = values: f: lib.listToAttrs (map f values); genAttrs' = values: f: lib.listToAttrs (map f values);
inherit (config.networking) domain; inherit (config.networking) domain;
mkVHost = { subdomain, ... } @ args: lib.nameValuePair mkVHost =
"${subdomain}.${domain}" { subdomain, ... }@args:
(lib.foldl lib.recursiveUpdate { } [ lib.nameValuePair "${subdomain}.${domain}" (
lib.foldl lib.recursiveUpdate { } [
# Base configuration # Base configuration
{ {
forceSSL = true; forceSSL = true;
@ -261,20 +274,19 @@ in
} }
# Proxy to port # Proxy to port
(lib.optionalAttrs (args.port != null) { (lib.optionalAttrs (args.port != null) {
locations."/".proxyPass = locations."/".proxyPass = "http://127.0.0.1:${toString args.port}";
"http://127.0.0.1:${toString args.port}";
# TODO make ipv6 possible # TODO make ipv6 possible
# http://[::1]:${toString args.port}; # http://[::1]:${toString args.port};
}) })
# Serve filesystem content # Serve filesystem content
(lib.optionalAttrs (args.root != null) { (lib.optionalAttrs (args.root != null) { inherit (args) root; })
inherit (args) root;
})
# VHost specific configuration # VHost specific configuration
args.extraConfig args.extraConfig
# SSO configuration # SSO configuration
(lib.optionalAttrs args.sso.enable { (lib.optionalAttrs args.sso.enable {
extraConfig = (args.extraConfig.extraConfig or "") + '' extraConfig =
(args.extraConfig.extraConfig or "")
+ ''
error_page 401 = @error401; error_page 401 = @error401;
''; '';
locations = { locations = {
@ -283,7 +295,8 @@ in
''; '';
"/" = { "/" = {
extraConfig = extraConfig =
(args.extraConfig.locations."/".extraConfig or "") + '' (args.extraConfig.locations."/".extraConfig or "")
+ ''
# Use SSO # Use SSO
auth_request /sso-auth; auth_request /sso-auth;
# Set username through header # Set username through header
@ -310,8 +323,8 @@ in
}; };
}; };
}) })
]) ]
; );
in in
genAttrs' cfg.virtualHosts mkVHost; genAttrs' cfg.virtualHosts mkVHost;
sso = { sso = {
@ -322,9 +335,7 @@ in
inherit (cfg.sso) port; inherit (cfg.sso) port;
}; };
audit_log = { audit_log = {
target = [ target = [ "fd://stdout" ];
"fd://stdout"
];
events = [ events = [
"access_denied" "access_denied"
"login_success" "login_success"
@ -359,21 +370,30 @@ in
in in
{ {
users = applyUsers (_: v: { _secret = v.passwordHashFile; }); users = applyUsers (_: v: { _secret = v.passwordHashFile; });
mfa = applyUsers (_: v: [{ mfa = applyUsers (
_: v: [
{
provider = "totp"; provider = "totp";
attributes = { attributes = {
secret = { secret = {
_secret = v.totpSecretFile; _secret = v.totpSecretFile;
}; };
}; };
}]); }
]
);
inherit (cfg.sso) groups; inherit (cfg.sso) groups;
}; };
}; };
acl = { acl = {
rule_sets = [ rule_sets = [
{ {
rules = [{ field = "x-application"; present = true; }]; rules = [
{
field = "x-application";
present = true;
}
];
allow = [ "@root" ]; allow = [ "@root" ];
} }
]; ];
@ -426,7 +446,10 @@ in
]; ];
}; };
networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedTCPPorts = [
80
443
];
# Nginx needs to be able to read the certificates # Nginx needs to be able to read the certificates
users.users.nginx.extraGroups = [ "acme" ]; users.users.nginx.extraGroups = [ "acme" ];
security.acme = { security.acme = {

12
modules/services/nginx/sso/default.nix
View file

@ -1,5 +1,11 @@
# I must override the module to allow having runtime secrets # I must override the module to allow having runtime secrets
{ config, lib, pkgs, utils, ... }: {
config,
lib,
pkgs,
utils,
...
}:
let let
cfg = config.services.nginx.sso; cfg = config.services.nginx.sso;
pkg = lib.getBin cfg.package; pkg = lib.getBin cfg.package;
@ -8,7 +14,6 @@ in
{ {
disabledModules = [ "services/security/nginx-sso.nix" ]; disabledModules = [ "services/security/nginx-sso.nix" ];
options.services.nginx.sso = with lib; { options.services.nginx.sso = with lib; {
enable = mkEnableOption "nginx-sso service"; enable = mkEnableOption "nginx-sso service";
@ -67,8 +72,7 @@ in
# Fix permissions # Fix permissions
chown nginx-sso:nginx-sso ${confPath} chown nginx-sso:nginx-sso ${confPath}
chmod 0600 ${confPath} chmod 0600 ${confPath}
'' ''}'';
}'';
ExecStart = lib.mkForce '' ExecStart = lib.mkForce ''
${pkg}/bin/nginx-sso \ ${pkg}/bin/nginx-sso \
--config ${confPath} \ --config ${confPath} \

36
modules/services/node-exporter/default.nix
View file

@ -1,5 +1,11 @@
# monitoring system services # monitoring system services
{ config, lib, pkgs, inputs, ... }: {
config,
lib,
pkgs,
inputs,
...
}:
let let
cfg = config.my.services.node-exporter; cfg = config.my.services.node-exporter;
in in
@ -17,9 +23,7 @@ in
"systemd" "systemd"
"textfile" "textfile"
]; ];
extraFlags = [ extraFlags = [ "--collector.textfile.directory=/etc/prometheus-node-exporter-text-files" ];
"--collector.textfile.directory=/etc/prometheus-node-exporter-text-files"
];
port = 9100; port = 9100;
listenAddress = "127.0.0.1"; listenAddress = "127.0.0.1";
}; };
@ -32,21 +36,25 @@ in
scrapeConfigs = [ scrapeConfigs = [
{ {
job_name = "node"; job_name = "node";
static_configs = [{ static_configs = [
{
targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" ]; targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" ];
labels = { labels = {
instance = config.networking.hostName; instance = config.networking.hostName;
}; };
}]; }
];
} }
{ {
job_name = "systemd"; job_name = "systemd";
static_configs = [{ static_configs = [
{
targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.systemd.port}" ]; targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.systemd.port}" ];
labels = { labels = {
instance = config.networking.hostName; instance = config.networking.hostName;
}; };
}]; }
];
} }
]; ];
}; };
@ -55,10 +63,14 @@ in
environment.etc = environment.etc =
let let
inputsWithDate = lib.filterAttrs (_: input: input ? lastModified) inputs; inputsWithDate = lib.filterAttrs (_: input: input ? lastModified) inputs;
flakeAttrs = input: (lib.mapAttrsToList (n: v: ''${n}="${v}"'') flakeAttrs =
(lib.filterAttrs (_n: v: (builtins.typeOf v) == "string") input)); input:
lastModified = name: input: '' (lib.mapAttrsToList (n: v: ''${n}="${v}"'') (
flake_input_last_modified{input="${name}",${lib.concatStringsSep "," (flakeAttrs input)}} ${toString input.lastModified}''; lib.filterAttrs (_n: v: (builtins.typeOf v) == "string") input
));
lastModified =
name: input:
''flake_input_last_modified{input="${name}",${lib.concatStringsSep "," (flakeAttrs input)}} ${toString input.lastModified}'';
in in
{ {
"prometheus-node-exporter-text-files/flake-inputs.prom" = { "prometheus-node-exporter-text-files/flake-inputs.prom" = {

8
modules/services/octoprint/default.nix
View file

@ -19,14 +19,18 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.octoprint = { services.octoprint = {
enable = true; enable = true;
plugins = plugins: with plugins; [ plugins =
plugins:
with plugins;
[
costestimation costestimation
displayprogress displayprogress
m86motorsoff m86motorsoff
stlviewer stlviewer
telegram telegram
titlestatus titlestatus
] ++ cfg.plugins; ]
++ cfg.plugins;
}; };
networking.firewall.allowedTCPPorts = [ 5000 ]; networking.firewall.allowedTCPPorts = [ 5000 ];
}; };

7
modules/services/photoprism/default.nix
View file

@ -49,7 +49,12 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.photoprism = { services.photoprism = {
enable = true; enable = true;
inherit (cfg) passwordFile port originalsPath settings; inherit (cfg)
passwordFile
port
originalsPath
settings
;
}; };
my.services.nginx.virtualHosts = [ my.services.nginx.virtualHosts = [

32
modules/services/prometheus/default.nix
View file

@ -1,5 +1,10 @@
# monitoring system services # monitoring system services
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.services.prometheus; cfg = config.my.services.prometheus;
inherit (config.networking) domain; inherit (config.networking) domain;
@ -31,8 +36,8 @@ in
# a good collections for allerts can be found here: https://samber.github.io/awesome-prometheus-alerts/rules#blackbox # a good collections for allerts can be found here: https://samber.github.io/awesome-prometheus-alerts/rules#blackbox
rules = mkOption { rules = mkOption {
type = types.attrsOf type = types.attrsOf (
(types.submodule { types.submodule {
options = { options = {
condition = mkOption { condition = mkOption {
type = types.str; type = types.str;
@ -69,7 +74,8 @@ in
default = "2m"; default = "2m";
}; };
}; };
}); }
);
description = '' description = ''
Defines the prometheus rules. Defines the prometheus rules.
''; '';
@ -92,12 +98,12 @@ in
}; };
ruleFiles = [ ruleFiles = [
(pkgs.writeText "prometheus-rules.yml" (builtins.toJSON { (pkgs.writeText "prometheus-rules.yml" (
builtins.toJSON {
groups = [ groups = [
{ {
name = "alerting-rules"; name = "alerting-rules";
rules = lib.mapAttrsToList rules = lib.mapAttrsToList (name: opts: {
(name: opts: {
alert = name; alert = name;
expr = opts.condition; expr = opts.condition;
for = opts.time; for = opts.time;
@ -106,22 +112,24 @@ in
inherit (opts) description; inherit (opts) description;
grafana = lib.optionalString config.services.grafana.enable "https://visualization.${domain}"; grafana = lib.optionalString config.services.grafana.enable "https://visualization.${domain}";
}; };
}) }) cfg.rules;
cfg.rules;
} }
]; ];
})) }
))
]; ];
scrapeConfigs = [ scrapeConfigs = [
{ {
job_name = "prometheus"; job_name = "prometheus";
static_configs = [{ static_configs = [
{
targets = [ "127.0.0.1:${toString cfg.port}" ]; targets = [ "127.0.0.1:${toString cfg.port}" ];
labels = { labels = {
instance = config.networking.hostName; instance = config.networking.hostName;
}; };
}]; }
];
} }
]; ];
}; };

16
modules/services/promtail/default.nix
View file

@ -28,9 +28,11 @@ in
positions = { positions = {
filename = "/tmp/positions.yaml"; filename = "/tmp/positions.yaml";
}; };
clients = [{ clients = [
{
url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}/loki/api/v1/push"; url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}/loki/api/v1/push";
}]; }
];
scrape_configs = [ scrape_configs = [
{ {
job_name = "journal"; job_name = "journal";
@ -41,18 +43,18 @@ in
host = config.networking.hostName; host = config.networking.hostName;
}; };
}; };
relabel_configs = [{ relabel_configs = [
{
source_labels = [ "__journal__systemd_unit" ]; source_labels = [ "__journal__systemd_unit" ];
target_label = "unit"; target_label = "unit";
}]; }
];
} }
{ {
job_name = "nginx"; job_name = "nginx";
static_configs = [ static_configs = [
{ {
targets = [ targets = [ "localhost" ];
"localhost"
];
labels = { labels = {
job = "nginx"; job = "nginx";
__path__ = "/var/log/nginx/*.log"; __path__ = "/var/log/nginx/*.log";

6
modules/services/prowlarr/default.nix
View file

@ -31,12 +31,14 @@ in
prometheus.scrapeConfigs = [ prometheus.scrapeConfigs = [
{ {
job_name = "prowlarr"; job_name = "prowlarr";
static_configs = [{ static_configs = [
{
targets = [ "127.0.0.1:${toString port + 1}" ]; targets = [ "127.0.0.1:${toString port + 1}" ];
labels = { labels = {
instance = config.networking.hostName; instance = config.networking.hostName;
}; };
}]; }
];
} }
]; ];
}; };

6
modules/services/radarr/default.nix
View file

@ -31,12 +31,14 @@ in
prometheus.scrapeConfigs = [ prometheus.scrapeConfigs = [
{ {
job_name = "radarr"; job_name = "radarr";
static_configs = [{ static_configs = [
{
targets = [ "127.0.0.1:${toString port + 1}" ]; targets = [ "127.0.0.1:${toString port + 1}" ];
labels = { labels = {
instance = config.networking.hostName; instance = config.networking.hostName;
}; };
}]; }
];
} }
]; ];
}; };

11
modules/services/remote-build/default.nix
View file

@ -1,5 +1,10 @@
# manages remote builds # manages remote builds
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.services.remote-build; cfg = config.my.services.remote-build;
in in
@ -15,7 +20,9 @@ in
isSystemUser = true; isSystemUser = true;
group = "nixremote"; group = "nixremote";
shell = pkgs.bashInteractive; shell = pkgs.bashInteractive;
openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGYSzDdxqaNHmaaLqEvOK/vB65zvqoCebI3Nxzgg5smq root@thinkman" ]; openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGYSzDdxqaNHmaaLqEvOK/vB65zvqoCebI3Nxzgg5smq root@thinkman"
];
}; };
nix.settings.trusted-users = [ "nixremote" ]; nix.settings.trusted-users = [ "nixremote" ];
}; };

6
modules/services/sonarr/default.nix
View file

@ -31,12 +31,14 @@ in
prometheus.scrapeConfigs = [ prometheus.scrapeConfigs = [
{ {
job_name = "sonarr"; job_name = "sonarr";
static_configs = [{ static_configs = [
{
targets = [ "127.0.0.1:${toString port + 1}" ]; targets = [ "127.0.0.1:${toString port + 1}" ];
labels = { labels = {
instance = config.networking.hostName; instance = config.networking.hostName;
}; };
}]; }
];
} }
]; ];
}; };

7
modules/system/avahi/default.nix
View file

@ -1,5 +1,10 @@
# avahi related settings # avahi related settings
{ config, lib, options, ... }: {
config,
lib,
options,
...
}:
let let
cfg = config.my.system.avahi; cfg = config.my.system.avahi;
in in

8
modules/system/docker/default.nix
View file

@ -1,5 +1,11 @@
# Docker related settings # Docker related settings
{ config, lib, options, pkgs, ... }: {
config,
lib,
options,
pkgs,
...
}:
let let
cfg = config.my.system.docker; cfg = config.my.system.docker;
in in

14
modules/system/fonts/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.system.fonts; cfg = config.my.system.fonts;
in in
@ -21,7 +26,9 @@ in
monospace = [ "Ubuntu Mono" ]; monospace = [ "Ubuntu Mono" ];
}; };
packages = with pkgs; [ packages =
with pkgs;
[
cantarell-fonts # gnome default cantarell-fonts # gnome default
fira fira
fira-code # coding fira-code # coding
@ -37,7 +44,8 @@ in
noto-fonts-extra noto-fonts-extra
ubuntu_font_family ubuntu_font_family
unifont # unicode fallback unifont # unicode fallback
] ++ cfg.additionalFonts; ]
++ cfg.additionalFonts;
}; };
nixpkgs.config.joypixels.acceptLicense = true; nixpkgs.config.joypixels.acceptLicense = true;
}; };

25
modules/system/kvm/default.nix
View file

@ -7,14 +7,20 @@ in
enable = mkEnableOption "kvm configuration"; enable = mkEnableOption "kvm configuration";
cpuFlavor = mkOption { cpuFlavor = mkOption {
type = with types; nullOr (enum [ "intel" "amd" ]); type =
with types;
nullOr (enum [
"intel"
"amd"
]);
default = null; default = null;
example = "intel"; example = "intel";
description = "Which kind of CPU to activate kernelModules"; description = "Which kind of CPU to activate kernelModules";
}; };
}; };
config = lib.mkIf cfg.enable (lib.mkMerge [ config = lib.mkIf cfg.enable (
lib.mkMerge [
{ {
virtualisation.libvirtd.enable = true; virtualisation.libvirtd.enable = true;
@ -22,17 +28,10 @@ in
} }
# Intel CPU # Intel CPU
(lib.mkIf (cfg.cpuFlavor == "intel") { (lib.mkIf (cfg.cpuFlavor == "intel") { boot.kernelModules = [ "kvm-intel" ]; })
boot.kernelModules = [
"kvm-intel"
];
})
# AMD CPU # AMD CPU
(lib.mkIf (cfg.cpuFlavor == "amd") { (lib.mkIf (cfg.cpuFlavor == "amd") { boot.kernelModules = [ "kvm-amd" ]; })
boot.kernelModules = [ ]
"kvm-amd" );
];
})
]);
} }

12
modules/system/podman/default.nix
View file

@ -1,5 +1,11 @@
# Podman related settings # Podman related settings
{ config, lib, options, pkgs, ... }: {
config,
lib,
options,
pkgs,
...
}:
let let
cfg = config.my.system.podman; cfg = config.my.system.podman;
in in
@ -10,9 +16,7 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [ podman-compose ];
podman-compose
];
virtualisation.podman = { virtualisation.podman = {
enable = true; enable = true;

8
modules/system/spell-check/default.nix
View file

@ -1,5 +1,11 @@
# spell-checking # spell-checking
{ config, lib, options, pkgs, ... }: {
config,
lib,
options,
pkgs,
...
}:
let let
cfg = config.my.system.spell-check; cfg = config.my.system.spell-check;
in in

3
overlays/default.nix
View file

@ -1,6 +1,5 @@
# overlays for nixpkgs # overlays for nixpkgs
_self: _super: _self: _super: {
{
# freshrss = _super.freshrss.overrideAttrs (old: { # freshrss = _super.freshrss.overrideAttrs (old: {
# version = "1.21.0"; # version = "1.21.0";
# src = _super.fetchFromGitHub { # src = _super.fetchFromGitHub {

3
pkgs/default.nix
View file

@ -1,5 +1,4 @@
final: _prev: final: _prev: {
{
homer = final.callPackage ./homer { }; homer = final.callPackage ./homer { };
grafana-dashboards = final.callPackage ./grafana-dashboards { }; grafana-dashboards = final.callPackage ./grafana-dashboards { };
} }

69
pkgs/grafana-dashboards/default.nix
View file

@ -6,9 +6,14 @@ let
inherit (pkgs) stdenv fetchurl; inherit (pkgs) stdenv fetchurl;
in in
lib.makeScope pkgs.newScope (_self: lib.makeScope pkgs.newScope (
_self:
let let
buildGrafanaDashboard = args: stdenv.mkDerivation (args // { buildGrafanaDashboard =
args:
stdenv.mkDerivation (
args
// {
pname = "grafana-dashboard-${args.pname}-${toString args.id}"; pname = "grafana-dashboard-${args.pname}-${toString args.id}";
inherit (args) version; inherit (args) version;
src = fetchurl { src = fetchurl {
@ -22,7 +27,8 @@ let
cp $src $out/${args.pname}-${toString args.id}.json cp $src $out/${args.pname}-${toString args.id}.json
runHook postInstall runHook postInstall
''; '';
}); }
);
in in
{ {
inherit buildGrafanaDashboard; inherit buildGrafanaDashboard;
@ -33,12 +39,14 @@ in
version = "31"; version = "31";
hash = "sha256-QsRHsnayYRRGc+2MfhaKGYpNdH02PesnR5b50MDzHIg="; hash = "sha256-QsRHsnayYRRGc+2MfhaKGYpNdH02PesnR5b50MDzHIg=";
}; };
node-systemd = (buildGrafanaDashboard { node-systemd =
(buildGrafanaDashboard {
id = 1617; id = 1617;
pname = "node-systemd"; pname = "node-systemd";
version = "1"; version = "1";
hash = "sha256-MEWU5rIqlbaGu3elqdSoMZfbk67WDnH0VWuC8FqZ8v8="; hash = "sha256-MEWU5rIqlbaGu3elqdSoMZfbk67WDnH0VWuC8FqZ8v8=";
}).overrideAttrs (_: { }).overrideAttrs
(_: {
src = ./node-systemd.json; # sadly only imported dashboards work src = ./node-systemd.json; # sadly only imported dashboards work
}); });
@ -49,12 +57,14 @@ in
hash = "sha256-T1HqWbwt+i/We+Y2B7hcl3CijGxZF5QI38aPcXjk9y0="; hash = "sha256-T1HqWbwt+i/We+Y2B7hcl3CijGxZF5QI38aPcXjk9y0=";
}; };
nextcloud = (buildGrafanaDashboard { nextcloud =
(buildGrafanaDashboard {
id = 9632; id = 9632;
pname = "nextcloud"; pname = "nextcloud";
version = "1"; version = "1";
hash = "sha256-Z28Q/sMg3jxglkszAs83IpL8f4p9loNnTQzjc3S/SAQ="; hash = "sha256-Z28Q/sMg3jxglkszAs83IpL8f4p9loNnTQzjc3S/SAQ=";
}).overrideAttrs (_: { }).overrideAttrs
(_: {
src = ./nextcloud.json; # sadly only imported dashboards work src = ./nextcloud.json; # sadly only imported dashboards work
}); });
@ -65,22 +75,26 @@ in
hash = "sha256-T1HqWbwt+i/Wa+Y2B7hcl3CijGxZF5aI38aPcXjk9y0="; hash = "sha256-T1HqWbwt+i/Wa+Y2B7hcl3CijGxZF5aI38aPcXjk9y0=";
}; };
navidrome = (buildGrafanaDashboard { navidrome =
(buildGrafanaDashboard {
id = 18038; id = 18038;
pname = "navidrome"; pname = "navidrome";
version = "1"; version = "1";
hash = "sha256-MU890UAEI9wrnVIC/R0HkYwFa6mJ8Y7ESAWuaSQ8FQ8="; hash = "sha256-MU890UAEI9wrnVIC/R0HkYwFa6mJ8Y7ESAWuaSQ8FQ8=";
}).overrideAttrs (_: { }).overrideAttrs
(_: {
src = ./navidrome.json; # sadly data source is not detected src = ./navidrome.json; # sadly data source is not detected
}); });
# taken from https://gitlab.archlinux.org/archlinux/infrastructure/-/blob/master/roles/grafana/files/dashboards/Hedgedoc.json?ref_type=heads # taken from https://gitlab.archlinux.org/archlinux/infrastructure/-/blob/master/roles/grafana/files/dashboards/Hedgedoc.json?ref_type=heads
hedgedoc = (buildGrafanaDashboard { hedgedoc =
(buildGrafanaDashboard {
id = -1; id = -1;
pname = "hedgedoc"; pname = "hedgedoc";
version = "1"; version = "1";
hash = lib.fakeSha256; hash = lib.fakeSha256;
}).overrideAttrs (_: { }).overrideAttrs
(_: {
src = ./hedgedoc.json; # sadly data source is not detected src = ./hedgedoc.json; # sadly data source is not detected
}); });
@ -91,12 +105,14 @@ in
hash = "sha256-T1HqWbwt+i/Wa+Y2B7hclaCijGxZF5QI38aPcXjk9y0="; hash = "sha256-T1HqWbwt+i/Wa+Y2B7hclaCijGxZF5QI38aPcXjk9y0=";
}; };
loki = (buildGrafanaDashboard { loki =
(buildGrafanaDashboard {
id = 13407; id = 13407;
pname = "loki"; pname = "loki";
version = "1"; version = "1";
hash = "sha256-1sxTDSEwi2O/Ce+rWqqhMvsYEJeELBfkb9W2R6cDjcU="; hash = "sha256-1sxTDSEwi2O/Ce+rWqqhMvsYEJeELBfkb9W2R6cDjcU=";
}).overrideAttrs (_: { }).overrideAttrs
(_: {
src = ./loki.json; # sadly not yet updated to latest grafana src = ./loki.json; # sadly not yet updated to latest grafana
}); });
@ -107,38 +123,47 @@ in
hash = "sha256-/scCKBKqTjRKKImIrEYLBKGweOUnkx+QsD5yLfdXW5o="; hash = "sha256-/scCKBKqTjRKKImIrEYLBKGweOUnkx+QsD5yLfdXW5o=";
}; };
gitea = (buildGrafanaDashboard { gitea =
(buildGrafanaDashboard {
id = 13192; id = 13192;
pname = "gitea"; pname = "gitea";
version = "1"; version = "1";
hash = "sha256-IAaI/HvMxcWE3PGQFK8avNjgj88DgcDvkWRcDAWSejM="; hash = "sha256-IAaI/HvMxcWE3PGQFK8avNjgj88DgcDvkWRcDAWSejM=";
}).overrideAttrs (_: { }).overrideAttrs
(_: {
src = ./gitea.json; # sadly not yet updated to latest grafana src = ./gitea.json; # sadly not yet updated to latest grafana
}); });
prometheus = (buildGrafanaDashboard { prometheus =
(buildGrafanaDashboard {
id = 3662; id = 3662;
pname = "prometheus"; pname = "prometheus";
version = "2"; version = "2";
hash = "sha256-+nsi8/dYNvGVGV+ftfO1gSAQbO5GpZwW480T5mHMM4Q="; hash = "sha256-+nsi8/dYNvGVGV+ftfO1gSAQbO5GpZwW480T5mHMM4Q=";
}).overrideAttrs (_: { }).overrideAttrs
(_: {
src = ./prometheus.json; # sadly only imported dashboards work src = ./prometheus.json; # sadly only imported dashboards work
}); });
grafana = (buildGrafanaDashboard { grafana =
(buildGrafanaDashboard {
id = 3590; id = 3590;
pname = "grafana"; pname = "grafana";
version = "3"; version = "3";
}).overrideAttrs (_: { }).overrideAttrs
(_: {
src = ./grafana.json; # sadly only imported dashboards work src = ./grafana.json; # sadly only imported dashboards work
}); });
blackbox = (buildGrafanaDashboard { blackbox =
(buildGrafanaDashboard {
id = 13659; id = 13659;
pname = "blackbox"; pname = "blackbox";
version = "1"; version = "1";
hash = "sha256-nnBFWFDAqKUqTOYxOrkRPlVla4ioQZ6rqEqakdzUj1Q="; hash = "sha256-nnBFWFDAqKUqTOYxOrkRPlVla4ioQZ6rqEqakdzUj1Q=";
}).overrideAttrs (_: { }).overrideAttrs
(_: {
src = ./blackbox.json; # sadly only imported dashboards work src = ./blackbox.json; # sadly only imported dashboards work
}); });
}) }
)

7
profiles/3d-design/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.profiles."3d-design"; cfg = config.my.profiles."3d-design";
in in

11
profiles/android/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.profiles.android; cfg = config.my.profiles.android;
in in
@ -9,8 +14,6 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
programs.adb.enable = true; programs.adb.enable = true;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [ scrcpy ];
scrcpy
];
}; };
} }

7
profiles/clean/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.profiles.clean; cfg = config.my.profiles.clean;
in in

7
profiles/desktop-apps/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.profiles.desktop-apps; cfg = config.my.profiles.desktop-apps;
in in

16
profiles/desktop-dev/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.profiles.desktop-dev; cfg = config.my.profiles.desktop-dev;
in in
@ -22,7 +27,8 @@ in
(vscode-with-extensions.override { (vscode-with-extensions.override {
vscode = vscodium; vscode = vscodium;
vscodeExtensions = vscodeExtensions =
with vscode-extensions; [ with vscode-extensions;
[
bbenoist.nix bbenoist.nix
editorconfig.editorconfig editorconfig.editorconfig
github.copilot github.copilot
@ -31,11 +37,13 @@ in
ms-python.python ms-python.python
ms-vscode-remote.remote-ssh ms-vscode-remote.remote-ssh
pkief.material-icon-theme pkief.material-icon-theme
] ++ [ ]
++ [
# remove in 24.05 # remove in 24.05
unstable.vscode-extensions.equinusocio.vsc-material-theme unstable.vscode-extensions.equinusocio.vsc-material-theme
unstable.vscode-extensions.hiukky.flate unstable.vscode-extensions.hiukky.flate
] ++ pkgs.vscode-utils.extensionsFromVscodeMarketplace [ ]
++ pkgs.vscode-utils.extensionsFromVscodeMarketplace [
# { # {
# name = "vsc-material-theme"; # name = "vsc-material-theme";
# publisher = "Equinusocio"; # publisher = "Equinusocio";

13
profiles/development/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.profiles.development; cfg = config.my.profiles.development;
in in
@ -23,7 +28,8 @@ in
# websites # websites
hugo hugo
# scripts # scripts
(python3.withPackages (ps: with ps; [ (python3.withPackages (
ps: with ps; [
jupyter # notebooks jupyter # notebooks
matplotlib matplotlib
numpy numpy
@ -34,7 +40,8 @@ in
scipy scipy
tqdm # progressbar in pandas tqdm # progressbar in pandas
wheel # python development wheel # python development
])) ]
))
# linter # linter
shellcheck shellcheck
typos typos

7
profiles/filesystem/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.profiles.filesystem; cfg = config.my.profiles.filesystem;
in in

7
profiles/gaming/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.profiles.gaming; cfg = config.my.profiles.gaming;
in in

7
profiles/gnome/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.profiles.gnome; cfg = config.my.profiles.gnome;
in in

7
profiles/latex/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.profiles.latex; cfg = config.my.profiles.latex;
in in

11
profiles/media/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.profiles.media; cfg = config.my.profiles.media;
in in
@ -31,9 +36,7 @@ in
shotwell # photo management shotwell # photo management
sonixd # cloud-music-player sonixd # cloud-music-player
soundkonverter # audio converter soundkonverter # audio converter
(yt-dlp.override { (yt-dlp.override { withAlias = true; }) # video download
withAlias = true;
}) # video download
]; ];
}; };
} }

7
profiles/meeting/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.profiles.meeting; cfg = config.my.profiles.meeting;
in in

11
profiles/nautilus/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.profiles.nautilus; cfg = config.my.profiles.nautilus;
in in
@ -31,9 +36,7 @@ in
]; ];
sessionVariables.NAUTILUS_4_EXTENSION_DIR = "${config.system.path}/lib/nautilus/extensions-4"; sessionVariables.NAUTILUS_4_EXTENSION_DIR = "${config.system.path}/lib/nautilus/extensions-4";
pathsToLink = [ pathsToLink = [ "/share/nautilus-python/extensions" ];
"/share/nautilus-python/extensions"
];
}; };
programs.nautilus-open-any-terminal = { programs.nautilus-open-any-terminal = {

7
profiles/powersave/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.profiles.powersave; cfg = config.my.profiles.powersave;
in in

11
profiles/printing/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.profiles.printing; cfg = config.my.profiles.printing;
in in
@ -16,8 +21,6 @@ in
]; ];
programs.system-config-printer.enable = true; programs.system-config-printer.enable = true;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [ gnome.simple-scan ];
gnome.simple-scan
];
}; };
} }

11
profiles/sway/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.profiles.sway; cfg = config.my.profiles.sway;
in in
@ -23,9 +28,7 @@ in
sway-theme.enable = true; sway-theme.enable = true;
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [ polkit_gnome ];
polkit_gnome
];
environment.pathsToLink = [ "/libexec" ]; environment.pathsToLink = [ "/libexec" ];
programs = { programs = {

15
profiles/sway/screen-sharing.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.profiles.sway-screen-sharing; cfg = config.my.profiles.sway-screen-sharing;
in in
@ -8,18 +13,14 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [ remmina ];
remmina
];
services.pipewire.enable = true; services.pipewire.enable = true;
xdg.portal = { xdg.portal = {
enable = true; enable = true;
wlr.enable = true; wlr.enable = true;
extraPortals = with pkgs; [ extraPortals = with pkgs; [ xdg-desktop-portal-gtk ];
xdg-desktop-portal-gtk
];
}; };
# for firefox # for firefox

7
profiles/sway/theme.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.profiles.sway-theme; cfg = config.my.profiles.sway-theme;
in in

7
profiles/sync/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.profiles.sync; cfg = config.my.profiles.sync;
in in

11
profiles/update/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.profiles.update; cfg = config.my.profiles.update;
in in
@ -11,8 +16,6 @@ in
# Enable firmware update daemon # Enable firmware update daemon
services.fwupd.enable = true; services.fwupd.enable = true;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [ topgrade ];
topgrade
];
}; };
} }

7
profiles/usb-iso/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.profiles.usb-iso; cfg = config.my.profiles.usb-iso;
in in

7
profiles/webcam/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.profiles.webcam; cfg = config.my.profiles.webcam;
in in