felix/nixos
1
0
Fork 0
mirror of https://github.com/Stunkymonkey/nixos.git synced 2025-05-24 01:44:40 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

treewide: fmt

Browse source
This commit is contained in:
Felix Buehler 2024-07-28 21:08:02 +02:00
parent 330abe53d2
commit ea37c7b836
95 changed files with 1162 additions and 779 deletions
Download patch file Download diff file Expand all files Collapse all files

96
flake.nix
View file

@ -43,7 +43,13 @@
}; };
}; };
outputs = inputs@{ self, flake-parts, nixinate, ... }: outputs =
inputs@{
self,
flake-parts,
nixinate,
...
}:
flake-parts.lib.mkFlake { inherit inputs; } { flake-parts.lib.mkFlake { inherit inputs; } {
imports = [ imports = [
@ -52,51 +58,61 @@
inputs.git-hooks.flakeModule inputs.git-hooks.flakeModule
]; ];
systems = [ "x86_64-linux" "aarch64-linux" ]; systems = [
"x86_64-linux"
"aarch64-linux"
];
perSystem = { inputs', config, pkgs, system, ... }: { perSystem =
# make pkgs available to all `perSystem` functions {
_module.args.pkgs = import inputs.nixpkgs { inputs',
inherit system; config,
}; pkgs,
system,
...
}:
{
# make pkgs available to all `perSystem` functions
_module.args.pkgs = import inputs.nixpkgs { inherit system; };
# enable pre-commit checks # enable pre-commit checks
pre-commit.settings = { pre-commit.settings = {
hooks = { hooks = {
deadnix = { deadnix = {
enable = true; enable = true;
settings.noLambdaPatternNames = true; settings.noLambdaPatternNames = true;
}; };
markdownlint.enable = true; markdownlint.enable = true;
nixfmt = { nixfmt = {
enable = true; enable = true;
# TODO remove in 24.11 # TODO remove in 24.11
package = pkgs.nixfmt-rfc-style; package = pkgs.nixfmt-rfc-style;
}; };
shellcheck.enable = true; shellcheck.enable = true;
statix.enable = true; statix.enable = true;
typos = { typos = {
enable = true; enable = true;
excludes = [ "secrets\\.yaml" "\\.sops\\.yaml" ]; excludes = [
settings.ignored-words = [ "flate" ]; "secrets\\.yaml"
}; "\\.sops\\.yaml"
yamllint = { ];
enable = true; settings.ignored-words = [ "flate" ];
excludes = [ "secrets\\.yaml" ]; };
yamllint = {
enable = true;
excludes = [ "secrets\\.yaml" ];
};
}; };
}; };
};
devShells.default = pkgs.mkShell { devShells.default = pkgs.mkShell {
inputsFrom = [ inputsFrom = [ config.pre-commit.devShell ];
config.pre-commit.devShell nativeBuildInputs = with pkgs; [
]; inputs'.sops-nix.packages.sops-import-keys-hook
nativeBuildInputs = with pkgs; [ inputs'.disko.packages.disko
inputs'.sops-nix.packages.sops-import-keys-hook ];
inputs'.disko.packages.disko };
];
}; };
};
# flake = {}; # flake = {};
flake.apps = inputs.nixinate.nixinate."x86_64-linux" self; flake.apps = inputs.nixinate.nixinate."x86_64-linux" self;
}; };

18
images/base-config.nix
View file

@ -1,9 +1,11 @@
# based on: https://github.com/Mic92/dotfiles/blob/main/nixos/images/base-config.nix # based on: https://github.com/Mic92/dotfiles/blob/main/nixos/images/base-config.nix
{ lib {
, pkgs lib,
, config pkgs,
, ... config,
}: { ...
}:
{
system.stateVersion = config.system.nixos.version; system.stateVersion = config.system.nixos.version;
networking = { networking = {
@ -23,7 +25,8 @@
network.enable = true; network.enable = true;
network.networks = network.networks =
lib.mapAttrs' lib.mapAttrs'
(num: _: (
num: _:
lib.nameValuePair "eth${num}" { lib.nameValuePair "eth${num}" {
matchConfig.Name = "eth${num}"; matchConfig.Name = "eth${num}";
networkConfig = { networkConfig = {
@ -40,7 +43,8 @@
RouteMetric = 512; RouteMetric = 512;
}; };
ipv6AcceptRAConfig.Token = "::521a:c5ff:fefe:65d9"; ipv6AcceptRAConfig.Token = "::521a:c5ff:fefe:65d9";
}) }
)
{ {
"0" = { }; "0" = { };
"1" = { }; "1" = { };

12
images/flake-module.nix
View file

@ -2,25 +2,19 @@
let let
inherit (self.inputs) nixos-generators; inherit (self.inputs) nixos-generators;
defaultModule = { defaultModule = {
imports = [ imports = [ ./base-config.nix ];
./base-config.nix
];
_module.args.inputs = self.inputs; _module.args.inputs = self.inputs;
}; };
in in
{ {
perSystem = perSystem =
{ pkgs { pkgs, ... }:
, ...
}:
{ {
packages = { packages = {
install-iso = nixos-generators.nixosGenerate { install-iso = nixos-generators.nixosGenerate {
system = "x86_64-linux"; system = "x86_64-linux";
inherit pkgs; inherit pkgs;
modules = [ modules = [ defaultModule ];
defaultModule
];
format = "install-iso"; format = "install-iso";
}; };

3
images/rpi4-image.nix
View file

@ -1,6 +1,7 @@
# nix build .#install-sd-aarch64 --system aarch64-linux # nix build .#install-sd-aarch64 --system aarch64-linux
# zstd -vdcfT6 /nix/store/...-aarch64-linux.img/sd-image/...-aarch64-linux.img.zst | dd of=/dev/sdX status=progress bs=64K # zstd -vdcfT6 /nix/store/...-aarch64-linux.img/sd-image/...-aarch64-linux.img.zst | dd of=/dev/sdX status=progress bs=64K
{ ... }: { { ... }:
{
nixpkgs.localSystem.system = "aarch64-linux"; nixpkgs.localSystem.system = "aarch64-linux";
imports = [ imports = [
<nixpkgs/nixos/modules/installer/sd-card/sd-image-aarch64.nix> <nixpkgs/nixos/modules/installer/sd-card/sd-image-aarch64.nix>

21
images/yubikey-installer.nix
View file

@ -2,7 +2,13 @@
# nix build -f yubikey-installer.nix nixos-yubikey # nix build -f yubikey-installer.nix nixos-yubikey
# sudo cp -v installer/iso/*.iso /dev/sdb; sync # sudo cp -v installer/iso/*.iso /dev/sdb; sync
let let
configuration = { config, lib, pkgs, ... }: configuration =
{
config,
lib,
pkgs,
...
}:
with pkgs; with pkgs;
let let
src = fetchGit "https://github.com/drduh/YubiKey-Guide"; src = fetchGit "https://github.com/drduh/YubiKey-Guide";
@ -54,12 +60,17 @@ let
yubikey-guide = symlinkJoin { yubikey-guide = symlinkJoin {
name = "yubikey-guide"; name = "yubikey-guide";
paths = [ view-yubikey-guide shortcut ]; paths = [
view-yubikey-guide
shortcut
];
}; };
in in
{ {
nixpkgs.config = { allowBroken = true; }; nixpkgs.config = {
allowBroken = true;
};
isoImage.isoBaseName = lib.mkForce "nixos-yubikey"; isoImage.isoBaseName = lib.mkForce "nixos-yubikey";
# Uncomment this to disable compression and speed up image creation time # Uncomment this to disable compression and speed up image creation time
@ -72,7 +83,9 @@ let
kernelParams = [ "copytoram" ]; kernelParams = [ "copytoram" ];
# Secure defaults # Secure defaults
tmp.cleanOnBoot = true; tmp.cleanOnBoot = true;
kernel.sysctl = { "kernel.unprivileged_bpf_disabled" = 1; }; kernel.sysctl = {
"kernel.unprivileged_bpf_disabled" = 1;
};
}; };
services.pcscd.enable = true; services.pcscd.enable = true;

32
machines/configurations.nix
View file

@ -1,7 +1,6 @@
{ self, ... }: { self, ... }:
let let
inherit inherit (self.inputs)
(self.inputs)
nixpkgs nixpkgs
nixpkgs-unstable nixpkgs-unstable
sops-nix sops-nix
@ -26,18 +25,19 @@ let
} }
{ {
imports = [ imports = [
({ pkgs, ... }: { (
nixpkgs.config.allowUnfree = true; { pkgs, ... }:
nixpkgs.overlays = [ {
overlay-unstable nixpkgs.config.allowUnfree = true;
(import ../overlays) nixpkgs.overlays = [
(import ../pkgs) overlay-unstable
]; (import ../overlays)
nix.nixPath = [ (import ../pkgs)
"nixpkgs=${pkgs.path}" ];
]; nix.nixPath = [ "nixpkgs=${pkgs.path}" ];
documentation.info.enable = false; documentation.info.enable = false;
}) }
)
disko.nixosModules.disko disko.nixosModules.disko
passworts.nixosModules.passworts passworts.nixosModules.passworts
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
@ -60,9 +60,7 @@ in
}; };
newton = nixosSystem { newton = nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
modules = defaultModules ++ [ modules = defaultModules ++ [ ./newton/configuration.nix ];
./newton/configuration.nix
];
}; };
serverle = nixosSystem { serverle = nixosSystem {
system = "aarch64-linux"; system = "aarch64-linux";

3
machines/core/modules.nix
View file

@ -1,5 +1,4 @@
_: _: {
{
boot.initrd = { boot.initrd = {
availableKernelModules = [ availableKernelModules = [
"ahci" "ahci"

3
machines/core/network.nix
View file

@ -1,5 +1,4 @@
_: _: {
{
networking.networkmanager = { networking.networkmanager = {
enable = true; enable = true;

3
machines/newton/boot.nix
View file

@ -1,5 +1,4 @@
_: _: {
{
boot.loader = { boot.loader = {
timeout = 1; timeout = 1;
grub = { grub = {

4
machines/newton/disko-config.nix
View file

@ -18,9 +18,7 @@
type = "filesystem"; type = "filesystem";
format = "vfat"; format = "vfat";
mountpoint = "/boot"; mountpoint = "/boot";
mountOptions = [ mountOptions = [ "defaults" ];
"defaults"
];
}; };
}; };
luks = { luks = {

11
machines/newton/hardware-configuration.nix
View file

@ -1,4 +1,9 @@
{ config, lib, modulesPath, ... }: {
config,
lib,
modulesPath,
...
}:
{ {
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
@ -9,9 +14,7 @@
"virtio_pci" "virtio_pci"
"virtio_scsi" "virtio_scsi"
]; ];
boot.initrd.kernelModules = [ boot.initrd.kernelModules = [ "dm-snapshot" ];
"dm-snapshot"
];
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

4
machines/newton/network.nix
View file

@ -27,7 +27,9 @@ let
in in
{ {
# kernel parameters are needed for initrd # kernel parameters are needed for initrd
boot.kernelParams = [ "ip=${ip4_addr}::${ip4_gw}:${ip4_mask}:${config.networking.hostName}:${ifname}:off" ]; boot.kernelParams = [
"ip=${ip4_addr}::${ip4_gw}:${ip4_mask}:${config.networking.hostName}:${ifname}:off"
];
networking = { networking = {
nameservers = ip4_dns ++ ip6_dns; nameservers = ip4_dns ++ ip6_dns;
domain = "buehler.rocks"; domain = "buehler.rocks";

3
machines/newton/system.nix
View file

@ -1,6 +1,5 @@
# enabled system services # enabled system services
_: _: {
{
my.system = { my.system = {
podman.enable = true; podman.enable = true;
}; };

4
machines/serverle/disko-config.nix
View file

@ -18,9 +18,7 @@
type = "filesystem"; type = "filesystem";
format = "vfat"; format = "vfat";
mountpoint = "/boot"; mountpoint = "/boot";
mountOptions = [ mountOptions = [ "defaults" ];
"defaults"
];
}; };
}; };
luks = { luks = {

3
machines/serverle/network.nix
View file

@ -1,5 +1,4 @@
_: _: {
{
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
8080 # aria 8080 # aria
]; ];

4
machines/serverle/syncthing.nix
View file

@ -74,9 +74,7 @@
"Aria2" = { "Aria2" = {
id = "jjnzq-pgzua"; id = "jjnzq-pgzua";
path = "/data/tmp/aria2"; path = "/data/tmp/aria2";
devices = [ devices = [ "thinkman" ];
"thinkman"
];
}; };
}; };
}; };

3
machines/serverle/system.nix
View file

@ -1,6 +1,5 @@
# enabled system services # enabled system services
_: _: {
{
my.system = { my.system = {
avahi.enable = true; avahi.enable = true;
docker.enable = true; docker.enable = true;

3
machines/thinkman/boot.nix
View file

@ -1,5 +1,4 @@
_: _: {
{
boot = { boot = {
loader = { loader = {
timeout = 1; timeout = 1;

4
machines/thinkman/disko-config.nix
View file

@ -18,9 +18,7 @@
type = "filesystem"; type = "filesystem";
format = "vfat"; format = "vfat";
mountpoint = "/boot"; mountpoint = "/boot";
mountOptions = [ mountOptions = [ "defaults" ];
"defaults"
];
}; };
}; };
luks = { luks = {

3
machines/thinkman/network.nix
View file

@ -1,6 +1,5 @@
# network settings # network settings
_: _: {
{
# hotfixes for dns settings # hotfixes for dns settings
networking.extraHosts = networking.extraHosts =
let let

3
machines/thinkman/profiles.nix
View file

@ -1,6 +1,5 @@
# enabled profiles # enabled profiles
_: _: {
{
my.profiles = { my.profiles = {
"3d-design".enable = true; "3d-design".enable = true;
android.enable = true; android.enable = true;

6
machines/thinkman/remote-build.nix
View file

@ -9,7 +9,11 @@ in
{ {
hostName = "buehler.rocks"; hostName = "buehler.rocks";
system = "x86_64-linux"; system = "x86_64-linux";
supportedFeatures = [ "benchmark" "kvm" "big-parallel" ]; supportedFeatures = [
"benchmark"
"kvm"
"big-parallel"
];
sshUser = "nixremote"; sshUser = "nixremote";
sshKey = secrets."nixremote/ssh_key".path; sshKey = secrets."nixremote/ssh_key".path;
maxJobs = 4; maxJobs = 4;

3
machines/thinkman/system.nix
View file

@ -1,6 +1,5 @@
# enabled system services # enabled system services
_: _: {
{
my.system = { my.system = {
avahi.enable = true; avahi.enable = true;
fonts.enable = true; fonts.enable = true;

11
modules/hardware/bluetooth/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.hardware.bluetooth; cfg = config.my.hardware.bluetooth;
in in
@ -18,8 +23,6 @@ in
}; };
}; };
services.blueman.enable = true; services.blueman.enable = true;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [ sony-headphones-client ];
sony-headphones-client
];
}; };
} }

7
modules/hardware/debug/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.hardware.debug; cfg = config.my.hardware.debug;
in in

47
modules/hardware/firmware/default.nix
View file

@ -7,32 +7,39 @@ in
enable = mkEnableOption "firmware configuration"; enable = mkEnableOption "firmware configuration";
cpuFlavor = mkOption { cpuFlavor = mkOption {
type = with types; nullOr (enum [ "intel" "amd" ]); type =
with types;
nullOr (enum [
"intel"
"amd"
]);
default = null; default = null;
example = "intel"; example = "intel";
description = "Which kind of CPU to activate micro-code updates"; description = "Which kind of CPU to activate micro-code updates";
}; };
}; };
config = lib.mkIf cfg.enable (lib.mkMerge [ config = lib.mkIf cfg.enable (
{ lib.mkMerge [
hardware = { {
enableRedistributableFirmware = true; hardware = {
}; enableRedistributableFirmware = true;
} };
}
# Intel CPU # Intel CPU
(lib.mkIf (cfg.cpuFlavor == "intel") { (lib.mkIf (cfg.cpuFlavor == "intel") {
hardware = { hardware = {
cpu.intel.updateMicrocode = true; cpu.intel.updateMicrocode = true;
}; };
}) })
# AMD CPU # AMD CPU
(lib.mkIf (cfg.cpuFlavor == "amd") { (lib.mkIf (cfg.cpuFlavor == "amd") {
hardware = { hardware = {
cpu.amd.updateMicrocode = true; cpu.amd.updateMicrocode = true;
}; };
}) })
]); ]
);
} }

7
modules/hardware/graphics/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.hardware.graphics; cfg = config.my.hardware.graphics;
in in

7
modules/hardware/keychron/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.hardware.keychron; cfg = config.my.hardware.keychron;
in in

7
modules/hardware/sound/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.hardware.sound; cfg = config.my.hardware.sound;
in in

11
modules/hardware/thunderbolt/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.hardware.thunderbolt; cfg = config.my.hardware.thunderbolt;
in in
@ -8,9 +13,7 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [ thunderbolt ];
thunderbolt
];
services.hardware.bolt.enable = true; services.hardware.bolt.enable = true;
}; };
} }

11
modules/hardware/yubikey/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.hardware.yubikey; cfg = config.my.hardware.yubikey;
in in
@ -18,8 +23,6 @@ in
}; };
services.pcscd.enable = true; services.pcscd.enable = true;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [ yubikey-manager ];
yubikey-manager
];
}; };
} }

6
modules/services/alertmanager/config.nix
View file

@ -14,11 +14,7 @@
receivers = [ receivers = [
{ {
name = "default"; name = "default";
email_configs = [ email_configs = [ { to = "server@buehler.rocks"; } ];
{
to = "server@buehler.rocks";
}
];
webhook_configs = [ webhook_configs = [
{ {
url = "http://localhost:4050/services/hooks/YWxlcnRtYW5hZ2VyX3NlcnZpY2U"; url = "http://localhost:4050/services/hooks/YWxlcnRtYW5hZ2VyX3NlcnZpY2U";

31
modules/services/alertmanager/default.nix
View file

@ -1,5 +1,10 @@
# monitoring system services # monitoring system services
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.services.alertmanager; cfg = config.my.services.alertmanager;
inherit (config.networking) domain; inherit (config.networking) domain;
@ -37,24 +42,18 @@ in
extraFlags = [ "--cluster.advertise-address 127.0.0.1:${toString cfg.port}" ]; extraFlags = [ "--cluster.advertise-address 127.0.0.1:${toString cfg.port}" ];
}; };
alertmanagers = [ alertmanagers = [ { static_configs = [ { targets = [ "localhost:${toString cfg.port}" ]; } ]; } ];
{
static_configs = [
{
targets = [ "localhost:${toString cfg.port}" ];
}
];
}
];
scrapeConfigs = [ scrapeConfigs = [
{ {
job_name = "alertmanager"; job_name = "alertmanager";
static_configs = [{ static_configs = [
targets = [ "127.0.0.1:${toString cfg.port}" ]; {
labels = { targets = [ "127.0.0.1:${toString cfg.port}" ];
instance = config.networking.hostName; labels = {
}; instance = config.networking.hostName;
}]; };
}
];
} }
]; ];
}; };

7
modules/services/aria2/default.nix
View file

@ -1,5 +1,10 @@
# to download things # to download things
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.services.aria2; cfg = config.my.services.aria2;
inherit (config.networking) domain; inherit (config.networking) domain;

59
modules/services/backup/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.services.backup; cfg = config.my.services.backup;
in in
@ -52,9 +57,7 @@ in
type = with types; listOf str; type = with types; listOf str;
description = lib.mdDoc "additional path(s) to back up"; description = lib.mdDoc "additional path(s) to back up";
default = [ "/" ]; default = [ "/" ];
example = [ example = [ "/home/user" ];
"/home/user"
];
}; };
exclude = mkOption { exclude = mkOption {
type = with types; listOf str; type = with types; listOf str;
@ -100,8 +103,8 @@ in
# other-os # other-os
"**/.Trash" # apple "**/.Trash" # apple
"**/.DS_Store" # apple "**/.DS_Store" # apple
"**/$RECYCLE.BIN" #windows "**/$RECYCLE.BIN" # windows
"**/System Volume Information" #windows "**/System Volume Information" # windows
# var data # var data
"/var/cache" "/var/cache"
@ -138,27 +141,31 @@ in
inherit (cfg) doInit; inherit (cfg) doInit;
compression = "auto,zstd"; compression = "auto,zstd";
postHook = '' postHook =
if (( $exitStatus > 1 )); then ''
'' + lib.optionalString cfg.OnFailureNotification '' if (( $exitStatus > 1 )); then
# iterate over all logged in users ''
for user in $(users); do + lib.optionalString cfg.OnFailureNotification ''
sway_pid=$(${pkgs.procps}/bin/pgrep -x "sway" -u "$user") # iterate over all logged in users
if [ -n "$sway_pid" ]; then for user in $(users); do
# set environment variables sway_pid=$(${pkgs.procps}/bin/pgrep -x "sway" -u "$user")
export $(cat /proc/$sway_pid/environ | grep -z '^DBUS_SESSION_BUS_ADDRESS=' | tr -d '\0') if [ -n "$sway_pid" ]; then
export DISPLAY=:0 # set environment variables
# send notification via dbus: https://wiki.archlinux.org/title/Desktop_notifications#Bash export $(cat /proc/$sway_pid/environ | grep -z '^DBUS_SESSION_BUS_ADDRESS=' | tr -d '\0')
${pkgs.sudo}/bin/sudo --preserve-env=DBUS_SESSION_BUS_ADDRESS,DISPLAY -u $user ${pkgs.libnotify}/bin/notify-send -u critical "BorgBackup Failed!" "Run journalctl -u borgbackup-job* for more details." export DISPLAY=:0
echo "sent notification" # send notification via dbus: https://wiki.archlinux.org/title/Desktop_notifications#Bash
${pkgs.sudo}/bin/sudo --preserve-env=DBUS_SESSION_BUS_ADDRESS,DISPLAY -u $user ${pkgs.libnotify}/bin/notify-send -u critical "BorgBackup Failed!" "Run journalctl -u borgbackup-job* for more details."
echo "sent notification"
fi
done
''
+ lib.optionalString (cfg.OnFailureMail != null) ''
journalctl -u borgbackup-job-hetzner.service | ${pkgs.mailutils}/bin/mail -r "Administrator<root@buehler.rocks>" -s "Backup Error" server@buehler.rocks
echo "sent mail"
''
+ ''
fi fi
done '';
'' + lib.optionalString (cfg.OnFailureMail != null) ''
journalctl -u borgbackup-job-hetzner.service | ${pkgs.mailutils}/bin/mail -r "Administrator<root@buehler.rocks>" -s "Backup Error" server@buehler.rocks
echo "sent mail"
'' + ''
fi
'';
# for mail sending # for mail sending
readWritePaths = lib.optional (cfg.OnFailureMail != null) "/var/lib/postfix/queue/maildrop/"; readWritePaths = lib.optional (cfg.OnFailureMail != null) "/var/lib/postfix/queue/maildrop/";

14
modules/services/bazarr/default.nix
View file

@ -31,12 +31,14 @@ in
prometheus.scrapeConfigs = [ prometheus.scrapeConfigs = [
{ {
job_name = "bazarr"; job_name = "bazarr";
static_configs = [{ static_configs = [
targets = [ "127.0.0.1:${toString port + 1}" ]; {
labels = { targets = [ "127.0.0.1:${toString port + 1}" ];
instance = config.networking.hostName; labels = {
}; instance = config.networking.hostName;
}]; };
}
];
} }
]; ];
}; };

15
modules/services/blackbox/default.nix
View file

@ -1,5 +1,10 @@
# monitor urls # monitor urls
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.services.blackbox; cfg = config.my.services.blackbox;
blackBoxConfig = { blackBoxConfig = {
@ -11,12 +16,8 @@ let
ssh_banner = { ssh_banner = {
prober = "tcp"; prober = "tcp";
tcp.query_response = [ tcp.query_response = [
{ { send = "SSH-2.0-blackbox-ssh-check"; }
send = "SSH-2.0-blackbox-ssh-check"; { expect = "^SSH-2.0-"; }
}
{
expect = "^SSH-2.0-";
}
]; ];
}; };
}; };

7
modules/services/blocky/default.nix
View file

@ -1,5 +1,10 @@
# Fast and lightweight DNS proxy as ad-blocker for local network # Fast and lightweight DNS proxy as ad-blocker for local network
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.services.blocky; cfg = config.my.services.blocky;
in in

7
modules/services/freshrss/default.nix
View file

@ -1,5 +1,10 @@
# RSS aggregator and reader # RSS aggregator and reader
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.services.freshrss; cfg = config.my.services.freshrss;
inherit (config.networking) domain; inherit (config.networking) domain;

7
modules/services/gitea/default.nix
View file

@ -1,5 +1,10 @@
# self-hosted git service # self-hosted git service
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.services.gitea; cfg = config.my.services.gitea;
inherit (config.networking) domain; inherit (config.networking) domain;

7
modules/services/grafana/default.nix
View file

@ -1,5 +1,10 @@
# visualize monitoring services # visualize monitoring services
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.services.grafana; cfg = config.my.services.grafana;
inherit (config.networking) domain; inherit (config.networking) domain;

7
modules/services/hedgedoc/default.nix
View file

@ -1,5 +1,10 @@
# HedgeDoc is an open-source, web-based, self-hosted, collaborative markdown editor. # HedgeDoc is an open-source, web-based, self-hosted, collaborative markdown editor.
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.services.hedgedoc; cfg = config.my.services.hedgedoc;
inherit (config.networking) domain; inherit (config.networking) domain;

7
modules/services/home-automation/default.nix
View file

@ -1,5 +1,10 @@
# home automation # home automation
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.services.home-automation; cfg = config.my.services.home-automation;
inherit (config.networking) domain; inherit (config.networking) domain;

7
modules/services/homepage/default.nix
View file

@ -1,5 +1,10 @@
# My own personal homepage # My own personal homepage
{ config, lib, inputs, ... }: {
config,
lib,
inputs,
...
}:
let let
cfg = config.my.services.homepage; cfg = config.my.services.homepage;
inherit (config.networking) domain; inherit (config.networking) domain;

73
modules/services/homer/config.nix
View file

@ -3,24 +3,26 @@
{ {
options.webapps = { options.webapps = {
dashboardCategories = lib.mkOption { dashboardCategories = lib.mkOption {
type = lib.types.listOf (lib.types.submodule { type = lib.types.listOf (
options = { lib.types.submodule {
name = lib.mkOption { options = {
type = lib.types.str; name = lib.mkOption {
description = '' type = lib.types.str;
Category name. description = ''
''; Category name.
example = "Applications"; '';
example = "Applications";
};
tag = lib.mkOption {
type = lib.types.str;
description = ''
Category tag.
'';
example = "app";
};
}; };
tag = lib.mkOption { }
type = lib.types.str; );
description = ''
Category tag.
'';
example = "app";
};
};
});
description = '' description = ''
App categories to display on the dashboard. App categories to display on the dashboard.
''; '';
@ -34,8 +36,8 @@
}; };
apps = lib.mkOption { apps = lib.mkOption {
type = lib.types.attrsOf type = lib.types.attrsOf (
(lib.types.submodule { lib.types.submodule {
options = { options = {
dashboard = { dashboard = {
url = lib.mkOption { url = lib.mkOption {
@ -79,7 +81,10 @@
default = "Ping"; default = "Ping";
}; };
method = lib.mkOption { method = lib.mkOption {
type = lib.types.enum [ "get" "head" ]; type = lib.types.enum [
"get"
"head"
];
description = '' description = ''
method of request used method of request used
''; '';
@ -88,7 +93,8 @@
}; };
}; };
}; };
}); }
);
description = '' description = ''
Defines a web application. Defines a web application.
''; '';
@ -105,24 +111,33 @@
let let
apps = builtins.filter (a: a.dashboard.name != null) (lib.attrValues cfg.apps); apps = builtins.filter (a: a.dashboard.name != null) (lib.attrValues cfg.apps);
in in
lib.forEach cfg.dashboardCategories (cat: lib.forEach cfg.dashboardCategories (
cat:
let let
catApps = lib.sort (a: b: a.dashboard.name < b.dashboard.name) ( catApps = lib.sort (a: b: a.dashboard.name < b.dashboard.name) (
builtins.filter builtins.filter (
(a: a:
a.dashboard.category != null && a.dashboard.category == cat.tag || a.dashboard.category != null && a.dashboard.category == cat.tag
a.dashboard.category == null && cat.tag == "misc") || a.dashboard.category == null && cat.tag == "misc"
apps); ) apps
);
in in
{ {
inherit (cat) name; inherit (cat) name;
items = lib.forEach catApps (a: { items = lib.forEach catApps (a: {
inherit (a.dashboard) method name type url; inherit (a.dashboard)
method
name
type
url
;
icon = lib.optionalString (a.dashboard.icon != null) "fas fa-${a.dashboard.icon}"; icon = lib.optionalString (a.dashboard.icon != null) "fas fa-${a.dashboard.icon}";
target = "_blank"; target = "_blank";
}); });
} }
); );
my.services.blackbox.http_endpoints = lib.mapAttrsToList (_key: value: value.dashboard.url) config.webapps.apps ++ [ "https://${config.networking.domain}/" ]; my.services.blackbox.http_endpoints =
lib.mapAttrsToList (_key: value: value.dashboard.url) config.webapps.apps
++ [ "https://${config.networking.domain}/" ];
}; };
} }

31
modules/services/homer/default.nix
View file

@ -1,5 +1,10 @@
# Dashboard site # Dashboard site
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.services.homer; cfg = config.my.services.homer;
inherit (config.networking) domain; inherit (config.networking) domain;
@ -14,9 +19,7 @@ let
}; };
in in
{ {
imports = [ imports = [ ./config.nix ];
./config.nix
];
options.my.services.homer = with lib; { options.my.services.homer = with lib; {
enable = mkEnableOption "Homer Dashboard"; enable = mkEnableOption "Homer Dashboard";
@ -44,10 +47,22 @@ in
webapps = { webapps = {
dashboardCategories = [ dashboardCategories = [
{ name = "Applications"; tag = "app"; } {
{ name = "Media"; tag = "media"; } name = "Applications";
{ name = "Infrastructure"; tag = "infra"; } tag = "app";
{ name = "Others"; tag = "other"; } }
{
name = "Media";
tag = "media";
}
{
name = "Infrastructure";
tag = "infra";
}
{
name = "Others";
tag = "other";
}
]; ];
}; };
}; };

4
modules/services/initrd-ssh/default.nix
View file

@ -15,9 +15,7 @@ in
ssh = { ssh = {
enable = true; enable = true;
port = 2222; port = 2222;
hostKeys = [ hostKeys = [ "/etc/secrets/initrd/ssh_host_ed25519_key" ];
"/etc/secrets/initrd/ssh_host_ed25519_key"
];
authorizedKeys = [ authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOFx6OLwL9MbkD3mnMsv+xrzZHN/rwCTgVs758SCLG0h felix@thinkman" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOFx6OLwL9MbkD3mnMsv+xrzZHN/rwCTgVs758SCLG0h felix@thinkman"
]; ];

12
modules/services/jellyfin/default.nix
View file

@ -1,5 +1,10 @@
# The Free Software Media System # The Free Software Media System
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.services.jellyfin; cfg = config.my.services.jellyfin;
inherit (config.networking) domain; inherit (config.networking) domain;
@ -8,10 +13,7 @@ let
jellyfin-with-metrics = pkgs.jellyfin.overrideAttrs (attrs: { jellyfin-with-metrics = pkgs.jellyfin.overrideAttrs (attrs: {
patches = patches =
let let
existingPatches = existingPatches = if attrs ? patches && builtins.isList attrs.patches then attrs.patches else [ ];
if attrs ? patches && builtins.isList attrs.patches
then attrs.patches
else [ ];
in in
# with this patch the default setting for metrics is changed # with this patch the default setting for metrics is changed
existingPatches ++ [ ./enable-metrics.patch ]; existingPatches ++ [ ./enable-metrics.patch ];

50
modules/services/loki/default.nix
View file

@ -1,5 +1,10 @@
# log monitoring # log monitoring
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.services.loki; cfg = config.my.services.loki;
in in
@ -15,8 +20,8 @@ in
}; };
rules = mkOption { rules = mkOption {
type = types.attrsOf type = types.attrsOf (
(types.submodule { types.submodule {
options = { options = {
condition = mkOption { condition = mkOption {
type = types.str; type = types.str;
@ -53,7 +58,8 @@ in
default = "2m"; default = "2m";
}; };
}; };
}); }
);
description = '' description = ''
Defines the loki rules. Defines the loki rules.
''; '';
@ -67,14 +73,12 @@ in
groups = [ groups = [
{ {
name = "alerting-rules"; name = "alerting-rules";
rules = lib.mapAttrsToList rules = lib.mapAttrsToList (name: opts: {
(name: opts: { alert = name;
alert = name; inherit (opts) condition labels;
inherit (opts) condition labels; for = opts.time;
for = opts.time; annotations.description = opts.description;
annotations.description = opts.description; }) cfg.rules;
})
cfg.rules;
} }
]; ];
}; };
@ -114,16 +118,18 @@ in
}; };
schema_config = { schema_config = {
configs = [{ configs = [
from = "2020-11-08"; {
store = "tsdb"; from = "2020-11-08";
object_store = "filesystem"; store = "tsdb";
schema = "v13"; object_store = "filesystem";
index = { schema = "v13";
prefix = "index_"; index = {
period = "24h"; prefix = "index_";
}; period = "24h";
}]; };
}
];
}; };
limits_config = { limits_config = {

7
modules/services/minecraft-server/default.nix
View file

@ -1,5 +1,10 @@
# sandbox video game # sandbox video game
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.services.minecraft-server; cfg = config.my.services.minecraft-server;
in in

12
modules/services/mumble-server/default.nix
View file

@ -1,5 +1,10 @@
# Have a good quality voice chat # Have a good quality voice chat
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.services.mumble-server; cfg = config.my.services.mumble-server;
domain = "voice.${config.networking.domain}"; domain = "voice.${config.networking.domain}";
@ -28,7 +33,10 @@ in
''; '';
}; };
users.groups."voice-buehler-rocks".members = [ "murmur" "nginx" ]; users.groups."voice-buehler-rocks".members = [
"murmur"
"nginx"
];
my.services.prometheus.rules = { my.services.prometheus.rules = {
mumble_not_running = { mumble_not_running = {

7
modules/services/navidrome/default.nix
View file

@ -1,5 +1,10 @@
# A FLOSS self-hosted, subsonic compatible music server # A FLOSS self-hosted, subsonic compatible music server
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.services.navidrome; cfg = config.my.services.navidrome;
inherit (config.networking) domain; inherit (config.networking) domain;

14
modules/services/nextcloud/default.nix
View file

@ -1,5 +1,10 @@
# self-hosted cloud # self-hosted cloud
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.services.nextcloud; cfg = config.my.services.nextcloud;
inherit (config.networking) domain; inherit (config.networking) domain;
@ -71,7 +76,12 @@ in
}; };
extraApps = with pkgs.nextcloud29Packages.apps; { extraApps = with pkgs.nextcloud29Packages.apps; {
inherit calendar contacts tasks deck; inherit
calendar
contacts
tasks
deck
;
}; };
extraAppsEnable = true; extraAppsEnable = true;
}; };

363
modules/services/nginx/default.nix
View file

@ -1,60 +1,65 @@
# A simple abstraction layer for almost all of my services' needs # A simple abstraction layer for almost all of my services' needs
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.services.nginx; cfg = config.my.services.nginx;
virtualHostOption = with lib; types.submodule { virtualHostOption =
options = { with lib;
subdomain = mkOption { types.submodule {
type = types.str; options = {
example = "dev"; subdomain = mkOption {
description = '' type = types.str;
Which subdomain, under config.networking.domain, to use example = "dev";
for this virtual host. description = ''
''; Which subdomain, under config.networking.domain, to use
}; for this virtual host.
port = mkOption { '';
type = with types; nullOr port; };
default = null; port = mkOption {
example = 8080; type = with types; nullOr port;
description = '' default = null;
Which port to proxy to, through 127.0.0.1, for this virtual host. example = 8080;
This option is incompatible with `root`. description = ''
''; Which port to proxy to, through 127.0.0.1, for this virtual host.
}; This option is incompatible with `root`.
root = mkOption { '';
type = with types; nullOr path; };
default = null; root = mkOption {
example = "/var/www/blog"; type = with types; nullOr path;
description = '' default = null;
The root folder for this virtual host. This option is incompatible example = "/var/www/blog";
with `port`. description = ''
''; The root folder for this virtual host. This option is incompatible
}; with `port`.
sso = { '';
enable = mkEnableOption "SSO authentication"; };
}; sso = {
extraConfig = mkOption { enable = mkEnableOption "SSO authentication";
type = types.attrs; # FIXME: forward type of virtualHosts };
example = literalExpression '' extraConfig = mkOption {
{ type = types.attrs; # FIXME: forward type of virtualHosts
locations."/socket" = { example = literalExpression ''
proxyPass = "http://127.0.0.1:8096/"; {
proxyWebsockets = true; locations."/socket" = {
}; proxyPass = "http://127.0.0.1:8096/";
} proxyWebsockets = true;
''; };
default = { }; }
description = '' '';
Any extra configuration that should be applied to this virtual host. default = { };
''; description = ''
Any extra configuration that should be applied to this virtual host.
'';
};
}; };
}; };
};
in in
{ {
imports = [ imports = [ ./sso ];
./sso
];
options.my.services.nginx = with lib; { options.my.services.nginx = with lib; {
enable = mkEnableOption "Nginx"; enable = mkEnableOption "Nginx";
acme = { acme = {
@ -116,20 +121,22 @@ in
description = "Port to use for internal webui."; description = "Port to use for internal webui.";
}; };
users = mkOption { users = mkOption {
type = types.attrsOf (types.submodule { type = types.attrsOf (
options = { types.submodule {
passwordHashFile = mkOption { options = {
type = types.str; passwordHashFile = mkOption {
example = "/var/lib/nginx-sso/alice/password-hash.txt"; type = types.str;
description = "Path to file containing the user's password hash."; example = "/var/lib/nginx-sso/alice/password-hash.txt";
description = "Path to file containing the user's password hash.";
};
totpSecretFile = mkOption {
type = types.str;
example = "/var/lib/nginx-sso/alice/totp-secret.txt";
description = "Path to file containing the user's TOTP secret.";
};
}; };
totpSecretFile = mkOption { }
type = types.str; );
example = "/var/lib/nginx-sso/alice/totp-secret.txt";
description = "Path to file containing the user's TOTP secret.";
};
};
});
example = literalExpression '' example = literalExpression ''
{ {
alice = { alice = {
@ -153,9 +160,13 @@ in
}; };
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
assertions = lib.flip builtins.map cfg.virtualHosts ({ subdomain, ... } @ args: assertions = lib.flip builtins.map cfg.virtualHosts (
{ subdomain, ... }@args:
let let
conflicts = [ "port" "root" ]; conflicts = [
"port"
"root"
];
optionsNotNull = builtins.map (v: args.${v} != null) conflicts; optionsNotNull = builtins.map (v: args.${v} != null) conflicts;
optionsSet = lib.filter lib.id optionsNotNull; optionsSet = lib.filter lib.id optionsNotNull;
in in
@ -166,39 +177,40 @@ in
lib.concatStringsSep ", " (builtins.map (v: "'${v}'") conflicts) lib.concatStringsSep ", " (builtins.map (v: "'${v}'") conflicts)
} configured. } configured.
''; '';
}) }
# ++ ( )
# let # ++ (
# ports = lib.my.mapFilter # let
# (v: v != null) # ports = lib.my.mapFilter
# ({ port, ... }: port) # (v: v != null)
# cfg.virtualHosts; # ({ port, ... }: port)
# lib.unique ports; # cfg.virtualHosts;
# lib.compareLists ports # lib.unique ports;
# portCounts = lib.my.countValues ports; # lib.compareLists ports
# nonUniquesCounts = lib.filterAttrs (_: v: v != 1) portCounts; # portCounts = lib.my.countValues ports;
# nonUniques = builtins.attrNames nonUniquesCounts; # nonUniquesCounts = lib.filterAttrs (_: v: v != 1) portCounts;
# mkAssertion = port: { # nonUniques = builtins.attrNames nonUniquesCounts;
# assertion = false; # mkAssertion = port: {
# message = "Port ${port} cannot appear in multiple virtual hosts."; # assertion = false;
# }; # message = "Port ${port} cannot appear in multiple virtual hosts.";
# in # };
# map mkAssertion nonUniques # in
# ) ++ ( # map mkAssertion nonUniques
# let # ) ++ (
# subs = map ({ subdomain, ... }: subdomain) cfg.virtualHosts; # let
# subsCounts = lib.my.countValues subs; # subs = map ({ subdomain, ... }: subdomain) cfg.virtualHosts;
# nonUniquesCounts = lib.filterAttrs (_: v: v != 1) subsCounts; # subsCounts = lib.my.countValues subs;
# nonUniques = builtins.attrNames nonUniquesCounts; # nonUniquesCounts = lib.filterAttrs (_: v: v != 1) subsCounts;
# mkAssertion = v: { # nonUniques = builtins.attrNames nonUniquesCounts;
# assertion = false; # mkAssertion = v: {
# message = '' # assertion = false;
# Subdomain '${v}' cannot appear in multiple virtual hosts. # message = ''
# ''; # Subdomain '${v}' cannot appear in multiple virtual hosts.
# }; # '';
# in # };
# map mkAssertion nonUniques # in
# ) # map mkAssertion nonUniques
# )
; ;
services = { services = {
nginx = { nginx = {
@ -251,67 +263,68 @@ in
let let
genAttrs' = values: f: lib.listToAttrs (map f values); genAttrs' = values: f: lib.listToAttrs (map f values);
inherit (config.networking) domain; inherit (config.networking) domain;
mkVHost = { subdomain, ... } @ args: lib.nameValuePair mkVHost =
"${subdomain}.${domain}" { subdomain, ... }@args:
(lib.foldl lib.recursiveUpdate { } [ lib.nameValuePair "${subdomain}.${domain}" (
# Base configuration lib.foldl lib.recursiveUpdate { } [
{ # Base configuration
forceSSL = true; {
useACMEHost = domain; forceSSL = true;
} useACMEHost = domain;
# Proxy to port }
(lib.optionalAttrs (args.port != null) { # Proxy to port
locations."/".proxyPass = (lib.optionalAttrs (args.port != null) {
"http://127.0.0.1:${toString args.port}"; locations."/".proxyPass = "http://127.0.0.1:${toString args.port}";
# TODO make ipv6 possible # TODO make ipv6 possible
# http://[::1]:${toString args.port}; # http://[::1]:${toString args.port};
}) })
# Serve filesystem content # Serve filesystem content
(lib.optionalAttrs (args.root != null) { (lib.optionalAttrs (args.root != null) { inherit (args) root; })
inherit (args) root; # VHost specific configuration
}) args.extraConfig
# VHost specific configuration # SSO configuration
args.extraConfig (lib.optionalAttrs args.sso.enable {
# SSO configuration extraConfig =
(lib.optionalAttrs args.sso.enable { (args.extraConfig.extraConfig or "")
extraConfig = (args.extraConfig.extraConfig or "") + '' + ''
error_page 401 = @error401; error_page 401 = @error401;
'';
locations = {
"@error401".return = ''
302 https://${cfg.sso.subdomain}.${config.networking.domain}/login?go=$scheme://$http_host$request_uri
'';
"/" = {
extraConfig =
(args.extraConfig.locations."/".extraConfig or "") + ''
# Use SSO
auth_request /sso-auth;
# Set username through header
auth_request_set $username $upstream_http_x_username;
proxy_set_header X-User $username;
# Renew SSO cookie on request
auth_request_set $cookie $upstream_http_set_cookie;
add_header Set-Cookie $cookie;
'';
};
"/sso-auth" = {
proxyPass = "http://localhost:${toString cfg.sso.port}/auth";
extraConfig = ''
# Do not allow requests from outside
internal;
# Do not forward the request body
proxy_pass_request_body off;
proxy_set_header Content-Length "";
# Set X-Application according to subdomain for matching
proxy_set_header X-Application "${subdomain}";
# Set origin URI for matching
proxy_set_header X-Origin-URI $request_uri;
''; '';
locations = {
"@error401".return = ''
302 https://${cfg.sso.subdomain}.${config.networking.domain}/login?go=$scheme://$http_host$request_uri
'';
"/" = {
extraConfig =
(args.extraConfig.locations."/".extraConfig or "")
+ ''
# Use SSO
auth_request /sso-auth;
# Set username through header
auth_request_set $username $upstream_http_x_username;
proxy_set_header X-User $username;
# Renew SSO cookie on request
auth_request_set $cookie $upstream_http_set_cookie;
add_header Set-Cookie $cookie;
'';
};
"/sso-auth" = {
proxyPass = "http://localhost:${toString cfg.sso.port}/auth";
extraConfig = ''
# Do not allow requests from outside
internal;
# Do not forward the request body
proxy_pass_request_body off;
proxy_set_header Content-Length "";
# Set X-Application according to subdomain for matching
proxy_set_header X-Application "${subdomain}";
# Set origin URI for matching
proxy_set_header X-Origin-URI $request_uri;
'';
};
}; };
}; })
}) ]
]) );
;
in in
genAttrs' cfg.virtualHosts mkVHost; genAttrs' cfg.virtualHosts mkVHost;
sso = { sso = {
@ -322,9 +335,7 @@ in
inherit (cfg.sso) port; inherit (cfg.sso) port;
}; };
audit_log = { audit_log = {
target = [ target = [ "fd://stdout" ];
"fd://stdout"
];
events = [ events = [
"access_denied" "access_denied"
"login_success" "login_success"
@ -359,21 +370,30 @@ in
in in
{ {
users = applyUsers (_: v: { _secret = v.passwordHashFile; }); users = applyUsers (_: v: { _secret = v.passwordHashFile; });
mfa = applyUsers (_: v: [{ mfa = applyUsers (
provider = "totp"; _: v: [
attributes = { {
secret = { provider = "totp";
_secret = v.totpSecretFile; attributes = {
}; secret = {
}; _secret = v.totpSecretFile;
}]); };
};
}
]
);
inherit (cfg.sso) groups; inherit (cfg.sso) groups;
}; };
}; };
acl = { acl = {
rule_sets = [ rule_sets = [
{ {
rules = [{ field = "x-application"; present = true; }]; rules = [
{
field = "x-application";
present = true;
}
];
allow = [ "@root" ]; allow = [ "@root" ];
} }
]; ];
@ -426,7 +446,10 @@ in
]; ];
}; };
networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedTCPPorts = [
80
443
];
# Nginx needs to be able to read the certificates # Nginx needs to be able to read the certificates
users.users.nginx.extraGroups = [ "acme" ]; users.users.nginx.extraGroups = [ "acme" ];
security.acme = { security.acme = {

12
modules/services/nginx/sso/default.nix
View file

@ -1,5 +1,11 @@
# I must override the module to allow having runtime secrets # I must override the module to allow having runtime secrets
{ config, lib, pkgs, utils, ... }: {
config,
lib,
pkgs,
utils,
...
}:
let let
cfg = config.services.nginx.sso; cfg = config.services.nginx.sso;
pkg = lib.getBin cfg.package; pkg = lib.getBin cfg.package;
@ -8,7 +14,6 @@ in
{ {
disabledModules = [ "services/security/nginx-sso.nix" ]; disabledModules = [ "services/security/nginx-sso.nix" ];
options.services.nginx.sso = with lib; { options.services.nginx.sso = with lib; {
enable = mkEnableOption "nginx-sso service"; enable = mkEnableOption "nginx-sso service";
@ -67,8 +72,7 @@ in
# Fix permissions # Fix permissions
chown nginx-sso:nginx-sso ${confPath} chown nginx-sso:nginx-sso ${confPath}
chmod 0600 ${confPath} chmod 0600 ${confPath}
'' ''}'';
}'';
ExecStart = lib.mkForce '' ExecStart = lib.mkForce ''
${pkg}/bin/nginx-sso \ ${pkg}/bin/nginx-sso \
--config ${confPath} \ --config ${confPath} \

52
modules/services/node-exporter/default.nix
View file

@ -1,5 +1,11 @@
# monitoring system services # monitoring system services
{ config, lib, pkgs, inputs, ... }: {
config,
lib,
pkgs,
inputs,
...
}:
let let
cfg = config.my.services.node-exporter; cfg = config.my.services.node-exporter;
in in
@ -17,9 +23,7 @@ in
"systemd" "systemd"
"textfile" "textfile"
]; ];
extraFlags = [ extraFlags = [ "--collector.textfile.directory=/etc/prometheus-node-exporter-text-files" ];
"--collector.textfile.directory=/etc/prometheus-node-exporter-text-files"
];
port = 9100; port = 9100;
listenAddress = "127.0.0.1"; listenAddress = "127.0.0.1";
}; };
@ -32,21 +36,25 @@ in
scrapeConfigs = [ scrapeConfigs = [
{ {
job_name = "node"; job_name = "node";
static_configs = [{ static_configs = [
targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" ]; {
labels = { targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" ];
instance = config.networking.hostName; labels = {
}; instance = config.networking.hostName;
}]; };
}
];
} }
{ {
job_name = "systemd"; job_name = "systemd";
static_configs = [{ static_configs = [
targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.systemd.port}" ]; {
labels = { targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.systemd.port}" ];
instance = config.networking.hostName; labels = {
}; instance = config.networking.hostName;
}]; };
}
];
} }
]; ];
}; };
@ -55,10 +63,14 @@ in
environment.etc = environment.etc =
let let
inputsWithDate = lib.filterAttrs (_: input: input ? lastModified) inputs; inputsWithDate = lib.filterAttrs (_: input: input ? lastModified) inputs;
flakeAttrs = input: (lib.mapAttrsToList (n: v: ''${n}="${v}"'') flakeAttrs =
(lib.filterAttrs (_n: v: (builtins.typeOf v) == "string") input)); input:
lastModified = name: input: '' (lib.mapAttrsToList (n: v: ''${n}="${v}"'') (
flake_input_last_modified{input="${name}",${lib.concatStringsSep "," (flakeAttrs input)}} ${toString input.lastModified}''; lib.filterAttrs (_n: v: (builtins.typeOf v) == "string") input
));
lastModified =
name: input:
''flake_input_last_modified{input="${name}",${lib.concatStringsSep "," (flakeAttrs input)}} ${toString input.lastModified}'';
in in
{ {
"prometheus-node-exporter-text-files/flake-inputs.prom" = { "prometheus-node-exporter-text-files/flake-inputs.prom" = {

20
modules/services/octoprint/default.nix
View file

@ -19,14 +19,18 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.octoprint = { services.octoprint = {
enable = true; enable = true;
plugins = plugins: with plugins; [ plugins =
costestimation plugins:
displayprogress with plugins;
m86motorsoff [
stlviewer costestimation
telegram displayprogress
titlestatus m86motorsoff
] ++ cfg.plugins; stlviewer
telegram
titlestatus
]
++ cfg.plugins;
}; };
networking.firewall.allowedTCPPorts = [ 5000 ]; networking.firewall.allowedTCPPorts = [ 5000 ];
}; };

7
modules/services/photoprism/default.nix
View file

@ -49,7 +49,12 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.photoprism = { services.photoprism = {
enable = true; enable = true;
inherit (cfg) passwordFile port originalsPath settings; inherit (cfg)
passwordFile
port
originalsPath
settings
;
}; };
my.services.nginx.virtualHosts = [ my.services.nginx.virtualHosts = [

50
modules/services/prometheus/default.nix
View file

@ -1,5 +1,10 @@
# monitoring system services # monitoring system services
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.services.prometheus; cfg = config.my.services.prometheus;
inherit (config.networking) domain; inherit (config.networking) domain;
@ -31,8 +36,8 @@ in
# a good collections for allerts can be found here: https://samber.github.io/awesome-prometheus-alerts/rules#blackbox # a good collections for allerts can be found here: https://samber.github.io/awesome-prometheus-alerts/rules#blackbox
rules = mkOption { rules = mkOption {
type = types.attrsOf type = types.attrsOf (
(types.submodule { types.submodule {
options = { options = {
condition = mkOption { condition = mkOption {
type = types.str; type = types.str;
@ -69,7 +74,8 @@ in
default = "2m"; default = "2m";
}; };
}; };
}); }
);
description = '' description = ''
Defines the prometheus rules. Defines the prometheus rules.
''; '';
@ -92,12 +98,12 @@ in
}; };
ruleFiles = [ ruleFiles = [
(pkgs.writeText "prometheus-rules.yml" (builtins.toJSON { (pkgs.writeText "prometheus-rules.yml" (
groups = [ builtins.toJSON {
{ groups = [
name = "alerting-rules"; {
rules = lib.mapAttrsToList name = "alerting-rules";
(name: opts: { rules = lib.mapAttrsToList (name: opts: {
alert = name; alert = name;
expr = opts.condition; expr = opts.condition;
for = opts.time; for = opts.time;
@ -106,22 +112,24 @@ in
inherit (opts) description; inherit (opts) description;
grafana = lib.optionalString config.services.grafana.enable "https://visualization.${domain}"; grafana = lib.optionalString config.services.grafana.enable "https://visualization.${domain}";
}; };
}) }) cfg.rules;
cfg.rules; }
} ];
]; }
})) ))
]; ];
scrapeConfigs = [ scrapeConfigs = [
{ {
job_name = "prometheus"; job_name = "prometheus";
static_configs = [{ static_configs = [
targets = [ "127.0.0.1:${toString cfg.port}" ]; {
labels = { targets = [ "127.0.0.1:${toString cfg.port}" ];
instance = config.networking.hostName; labels = {
}; instance = config.networking.hostName;
}]; };
}
];
} }
]; ];
}; };

22
modules/services/promtail/default.nix
View file

@ -28,9 +28,11 @@ in
positions = { positions = {
filename = "/tmp/positions.yaml"; filename = "/tmp/positions.yaml";
}; };
clients = [{ clients = [
url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}/loki/api/v1/push"; {
}]; url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}/loki/api/v1/push";
}
];
scrape_configs = [ scrape_configs = [
{ {
job_name = "journal"; job_name = "journal";
@ -41,18 +43,18 @@ in
host = config.networking.hostName; host = config.networking.hostName;
}; };
}; };
relabel_configs = [{ relabel_configs = [
source_labels = [ "__journal__systemd_unit" ]; {
target_label = "unit"; source_labels = [ "__journal__systemd_unit" ];
}]; target_label = "unit";
}
];
} }
{ {
job_name = "nginx"; job_name = "nginx";
static_configs = [ static_configs = [
{ {
targets = [ targets = [ "localhost" ];
"localhost"
];
labels = { labels = {
job = "nginx"; job = "nginx";
__path__ = "/var/log/nginx/*.log"; __path__ = "/var/log/nginx/*.log";

14
modules/services/prowlarr/default.nix
View file

@ -31,12 +31,14 @@ in
prometheus.scrapeConfigs = [ prometheus.scrapeConfigs = [
{ {
job_name = "prowlarr"; job_name = "prowlarr";
static_configs = [{ static_configs = [
targets = [ "127.0.0.1:${toString port + 1}" ]; {
labels = { targets = [ "127.0.0.1:${toString port + 1}" ];
instance = config.networking.hostName; labels = {
}; instance = config.networking.hostName;
}]; };
}
];
} }
]; ];
}; };

14
modules/services/radarr/default.nix
View file

@ -31,12 +31,14 @@ in
prometheus.scrapeConfigs = [ prometheus.scrapeConfigs = [
{ {
job_name = "radarr"; job_name = "radarr";
static_configs = [{ static_configs = [
targets = [ "127.0.0.1:${toString port + 1}" ]; {
labels = { targets = [ "127.0.0.1:${toString port + 1}" ];
instance = config.networking.hostName; labels = {
}; instance = config.networking.hostName;
}]; };
}
];
} }
]; ];
}; };

11
modules/services/remote-build/default.nix
View file

@ -1,5 +1,10 @@
# manages remote builds # manages remote builds
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.services.remote-build; cfg = config.my.services.remote-build;
in in
@ -15,7 +20,9 @@ in
isSystemUser = true; isSystemUser = true;
group = "nixremote"; group = "nixremote";
shell = pkgs.bashInteractive; shell = pkgs.bashInteractive;
openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGYSzDdxqaNHmaaLqEvOK/vB65zvqoCebI3Nxzgg5smq root@thinkman" ]; openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGYSzDdxqaNHmaaLqEvOK/vB65zvqoCebI3Nxzgg5smq root@thinkman"
];
}; };
nix.settings.trusted-users = [ "nixremote" ]; nix.settings.trusted-users = [ "nixremote" ];
}; };

14
modules/services/sonarr/default.nix
View file

@ -31,12 +31,14 @@ in
prometheus.scrapeConfigs = [ prometheus.scrapeConfigs = [
{ {
job_name = "sonarr"; job_name = "sonarr";
static_configs = [{ static_configs = [
targets = [ "127.0.0.1:${toString port + 1}" ]; {
labels = { targets = [ "127.0.0.1:${toString port + 1}" ];
instance = config.networking.hostName; labels = {
}; instance = config.networking.hostName;
}]; };
}
];
} }
]; ];
}; };

7
modules/system/avahi/default.nix
View file

@ -1,5 +1,10 @@
# avahi related settings # avahi related settings
{ config, lib, options, ... }: {
config,
lib,
options,
...
}:
let let
cfg = config.my.system.avahi; cfg = config.my.system.avahi;
in in

8
modules/system/docker/default.nix
View file

@ -1,5 +1,11 @@
# Docker related settings # Docker related settings
{ config, lib, options, pkgs, ... }: {
config,
lib,
options,
pkgs,
...
}:
let let
cfg = config.my.system.docker; cfg = config.my.system.docker;
in in

44
modules/system/fonts/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.system.fonts; cfg = config.my.system.fonts;
in in
@ -21,23 +26,26 @@ in
monospace = [ "Ubuntu Mono" ]; monospace = [ "Ubuntu Mono" ];
}; };
packages = with pkgs; [ packages =
cantarell-fonts # gnome default with pkgs;
fira [
fira-code # coding cantarell-fonts # gnome default
fira-code-symbols # ligatures fira
fira-mono fira-code # coding
font-awesome # icons fira-code-symbols # ligatures
joypixels # emojis fira-mono
liberation_ttf # main microsoft fonts font-awesome # icons
# mplus-outline-fonts.githubRelease # microsoft fonts joypixels # emojis
noto-fonts liberation_ttf # main microsoft fonts
noto-fonts-cjk-sans # mplus-outline-fonts.githubRelease # microsoft fonts
noto-fonts-color-emoji noto-fonts
noto-fonts-extra noto-fonts-cjk-sans
ubuntu_font_family noto-fonts-color-emoji
unifont # unicode fallback noto-fonts-extra
] ++ cfg.additionalFonts; ubuntu_font_family
unifont # unicode fallback
]
++ cfg.additionalFonts;
}; };
nixpkgs.config.joypixels.acceptLicense = true; nixpkgs.config.joypixels.acceptLicense = true;
}; };

37
modules/system/kvm/default.nix
View file

@ -7,32 +7,31 @@ in
enable = mkEnableOption "kvm configuration"; enable = mkEnableOption "kvm configuration";
cpuFlavor = mkOption { cpuFlavor = mkOption {
type = with types; nullOr (enum [ "intel" "amd" ]); type =
with types;
nullOr (enum [
"intel"
"amd"
]);
default = null; default = null;
example = "intel"; example = "intel";
description = "Which kind of CPU to activate kernelModules"; description = "Which kind of CPU to activate kernelModules";
}; };
}; };
config = lib.mkIf cfg.enable (lib.mkMerge [ config = lib.mkIf cfg.enable (
{ lib.mkMerge [
virtualisation.libvirtd.enable = true; {
virtualisation.libvirtd.enable = true;
programs.virt-manager.enable = true; programs.virt-manager.enable = true;
} }
# Intel CPU # Intel CPU
(lib.mkIf (cfg.cpuFlavor == "intel") { (lib.mkIf (cfg.cpuFlavor == "intel") { boot.kernelModules = [ "kvm-intel" ]; })
boot.kernelModules = [
"kvm-intel"
];
})
# AMD CPU # AMD CPU
(lib.mkIf (cfg.cpuFlavor == "amd") { (lib.mkIf (cfg.cpuFlavor == "amd") { boot.kernelModules = [ "kvm-amd" ]; })
boot.kernelModules = [ ]
"kvm-amd" );
];
})
]);
} }

12
modules/system/podman/default.nix
View file

@ -1,5 +1,11 @@
# Podman related settings # Podman related settings
{ config, lib, options, pkgs, ... }: {
config,
lib,
options,
pkgs,
...
}:
let let
cfg = config.my.system.podman; cfg = config.my.system.podman;
in in
@ -10,9 +16,7 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [ podman-compose ];
podman-compose
];
virtualisation.podman = { virtualisation.podman = {
enable = true; enable = true;

8
modules/system/spell-check/default.nix
View file

@ -1,5 +1,11 @@
# spell-checking # spell-checking
{ config, lib, options, pkgs, ... }: {
config,
lib,
options,
pkgs,
...
}:
let let
cfg = config.my.system.spell-check; cfg = config.my.system.spell-check;
in in

3
overlays/default.nix
View file

@ -1,6 +1,5 @@
# overlays for nixpkgs # overlays for nixpkgs
_self: _super: _self: _super: {
{
# freshrss = _super.freshrss.overrideAttrs (old: { # freshrss = _super.freshrss.overrideAttrs (old: {
# version = "1.21.0"; # version = "1.21.0";
# src = _super.fetchFromGitHub { # src = _super.fetchFromGitHub {

3
pkgs/default.nix
View file

@ -1,5 +1,4 @@
final: _prev: final: _prev: {
{
homer = final.callPackage ./homer { }; homer = final.callPackage ./homer { };
grafana-dashboards = final.callPackage ./grafana-dashboards { }; grafana-dashboards = final.callPackage ./grafana-dashboards { };
} }

271
pkgs/grafana-dashboards/default.nix
View file

@ -6,139 +6,164 @@ let
inherit (pkgs) stdenv fetchurl; inherit (pkgs) stdenv fetchurl;
in in
lib.makeScope pkgs.newScope (_self: lib.makeScope pkgs.newScope (
let _self:
buildGrafanaDashboard = args: stdenv.mkDerivation (args // { let
pname = "grafana-dashboard-${args.pname}-${toString args.id}"; buildGrafanaDashboard =
inherit (args) version; args:
src = fetchurl { stdenv.mkDerivation (
url = "https://grafana.com/api/dashboards/${toString args.id}/revisions/${args.version}/download"; args
inherit (args) hash; // {
pname = "grafana-dashboard-${args.pname}-${toString args.id}";
inherit (args) version;
src = fetchurl {
url = "https://grafana.com/api/dashboards/${toString args.id}/revisions/${args.version}/download";
inherit (args) hash;
};
dontUnpack = true;
installPhase = ''
runHook preInstall
mkdir -p $out
cp $src $out/${args.pname}-${toString args.id}.json
runHook postInstall
'';
}
);
in
{
inherit buildGrafanaDashboard;
node-exporter = buildGrafanaDashboard {
id = 1860;
pname = "node-exporter-full";
version = "31";
hash = "sha256-QsRHsnayYRRGc+2MfhaKGYpNdH02PesnR5b50MDzHIg=";
}; };
dontUnpack = true; node-systemd =
installPhase = '' (buildGrafanaDashboard {
runHook preInstall id = 1617;
mkdir -p $out pname = "node-systemd";
cp $src $out/${args.pname}-${toString args.id}.json version = "1";
runHook postInstall hash = "sha256-MEWU5rIqlbaGu3elqdSoMZfbk67WDnH0VWuC8FqZ8v8=";
''; }).overrideAttrs
}); (_: {
in src = ./node-systemd.json; # sadly only imported dashboards work
{ });
inherit buildGrafanaDashboard;
node-exporter = buildGrafanaDashboard { nginx = buildGrafanaDashboard {
id = 1860; id = 12708;
pname = "node-exporter-full"; pname = "nginx";
version = "31"; version = "1";
hash = "sha256-QsRHsnayYRRGc+2MfhaKGYpNdH02PesnR5b50MDzHIg="; hash = "sha256-T1HqWbwt+i/We+Y2B7hcl3CijGxZF5QI38aPcXjk9y0=";
}; };
node-systemd = (buildGrafanaDashboard {
id = 1617;
pname = "node-systemd";
version = "1";
hash = "sha256-MEWU5rIqlbaGu3elqdSoMZfbk67WDnH0VWuC8FqZ8v8=";
}).overrideAttrs (_: {
src = ./node-systemd.json; # sadly only imported dashboards work
});
nginx = buildGrafanaDashboard { nextcloud =
id = 12708; (buildGrafanaDashboard {
pname = "nginx"; id = 9632;
version = "1"; pname = "nextcloud";
hash = "sha256-T1HqWbwt+i/We+Y2B7hcl3CijGxZF5QI38aPcXjk9y0="; version = "1";
}; hash = "sha256-Z28Q/sMg3jxglkszAs83IpL8f4p9loNnTQzjc3S/SAQ=";
}).overrideAttrs
(_: {
src = ./nextcloud.json; # sadly only imported dashboards work
});
nextcloud = (buildGrafanaDashboard { blocky = buildGrafanaDashboard {
id = 9632; id = 13768;
pname = "nextcloud"; pname = "blocky";
version = "1"; version = "3";
hash = "sha256-Z28Q/sMg3jxglkszAs83IpL8f4p9loNnTQzjc3S/SAQ="; hash = "sha256-T1HqWbwt+i/Wa+Y2B7hcl3CijGxZF5aI38aPcXjk9y0=";
}).overrideAttrs (_: { };
src = ./nextcloud.json; # sadly only imported dashboards work
});
blocky = buildGrafanaDashboard { navidrome =
id = 13768; (buildGrafanaDashboard {
pname = "blocky"; id = 18038;
version = "3"; pname = "navidrome";
hash = "sha256-T1HqWbwt+i/Wa+Y2B7hcl3CijGxZF5aI38aPcXjk9y0="; version = "1";
}; hash = "sha256-MU890UAEI9wrnVIC/R0HkYwFa6mJ8Y7ESAWuaSQ8FQ8=";
}).overrideAttrs
(_: {
src = ./navidrome.json; # sadly data source is not detected
});
navidrome = (buildGrafanaDashboard { # taken from https://gitlab.archlinux.org/archlinux/infrastructure/-/blob/master/roles/grafana/files/dashboards/Hedgedoc.json?ref_type=heads
id = 18038; hedgedoc =
pname = "navidrome"; (buildGrafanaDashboard {
version = "1"; id = -1;
hash = "sha256-MU890UAEI9wrnVIC/R0HkYwFa6mJ8Y7ESAWuaSQ8FQ8="; pname = "hedgedoc";
}).overrideAttrs (_: { version = "1";
src = ./navidrome.json; # sadly data source is not detected hash = lib.fakeSha256;
}); }).overrideAttrs
(_: {
src = ./hedgedoc.json; # sadly data source is not detected
});
# taken from https://gitlab.archlinux.org/archlinux/infrastructure/-/blob/master/roles/grafana/files/dashboards/Hedgedoc.json?ref_type=heads cadvisor = buildGrafanaDashboard {
hedgedoc = (buildGrafanaDashboard { id = 10619;
id = -1; pname = "cadvisor";
pname = "hedgedoc"; version = "1";
version = "1"; hash = "sha256-T1HqWbwt+i/Wa+Y2B7hclaCijGxZF5QI38aPcXjk9y0=";
hash = lib.fakeSha256; };
}).overrideAttrs (_: {
src = ./hedgedoc.json; # sadly data source is not detected
});
cadvisor = buildGrafanaDashboard { loki =
id = 10619; (buildGrafanaDashboard {
pname = "cadvisor"; id = 13407;
version = "1"; pname = "loki";
hash = "sha256-T1HqWbwt+i/Wa+Y2B7hclaCijGxZF5QI38aPcXjk9y0="; version = "1";
}; hash = "sha256-1sxTDSEwi2O/Ce+rWqqhMvsYEJeELBfkb9W2R6cDjcU=";
}).overrideAttrs
(_: {
src = ./loki.json; # sadly not yet updated to latest grafana
});
loki = (buildGrafanaDashboard { alertmanager = buildGrafanaDashboard {
id = 13407; id = 9578;
pname = "loki"; pname = "alertmanager";
version = "1"; version = "4";
hash = "sha256-1sxTDSEwi2O/Ce+rWqqhMvsYEJeELBfkb9W2R6cDjcU="; hash = "sha256-/scCKBKqTjRKKImIrEYLBKGweOUnkx+QsD5yLfdXW5o=";
}).overrideAttrs (_: { };
src = ./loki.json; # sadly not yet updated to latest grafana
});
alertmanager = buildGrafanaDashboard { gitea =
id = 9578; (buildGrafanaDashboard {
pname = "alertmanager"; id = 13192;
version = "4"; pname = "gitea";
hash = "sha256-/scCKBKqTjRKKImIrEYLBKGweOUnkx+QsD5yLfdXW5o="; version = "1";
}; hash = "sha256-IAaI/HvMxcWE3PGQFK8avNjgj88DgcDvkWRcDAWSejM=";
}).overrideAttrs
(_: {
src = ./gitea.json; # sadly not yet updated to latest grafana
});
gitea = (buildGrafanaDashboard { prometheus =
id = 13192; (buildGrafanaDashboard {
pname = "gitea"; id = 3662;
version = "1"; pname = "prometheus";
hash = "sha256-IAaI/HvMxcWE3PGQFK8avNjgj88DgcDvkWRcDAWSejM="; version = "2";
}).overrideAttrs (_: { hash = "sha256-+nsi8/dYNvGVGV+ftfO1gSAQbO5GpZwW480T5mHMM4Q=";
src = ./gitea.json; # sadly not yet updated to latest grafana }).overrideAttrs
}); (_: {
src = ./prometheus.json; # sadly only imported dashboards work
});
prometheus = (buildGrafanaDashboard { grafana =
id = 3662; (buildGrafanaDashboard {
pname = "prometheus"; id = 3590;
version = "2"; pname = "grafana";
hash = "sha256-+nsi8/dYNvGVGV+ftfO1gSAQbO5GpZwW480T5mHMM4Q="; version = "3";
}).overrideAttrs (_: { }).overrideAttrs
src = ./prometheus.json; # sadly only imported dashboards work (_: {
}); src = ./grafana.json; # sadly only imported dashboards work
});
grafana = (buildGrafanaDashboard { blackbox =
id = 3590; (buildGrafanaDashboard {
pname = "grafana"; id = 13659;
version = "3"; pname = "blackbox";
}).overrideAttrs (_: { version = "1";
src = ./grafana.json; # sadly only imported dashboards work hash = "sha256-nnBFWFDAqKUqTOYxOrkRPlVla4ioQZ6rqEqakdzUj1Q=";
}); }).overrideAttrs
(_: {
blackbox = (buildGrafanaDashboard { src = ./blackbox.json; # sadly only imported dashboards work
id = 13659; });
pname = "blackbox"; }
version = "1"; )
hash = "sha256-nnBFWFDAqKUqTOYxOrkRPlVla4ioQZ6rqEqakdzUj1Q=";
}).overrideAttrs (_: {
src = ./blackbox.json; # sadly only imported dashboards work
});
})

7
profiles/3d-design/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.profiles."3d-design"; cfg = config.my.profiles."3d-design";
in in

11
profiles/android/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.profiles.android; cfg = config.my.profiles.android;
in in
@ -9,8 +14,6 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
programs.adb.enable = true; programs.adb.enable = true;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [ scrcpy ];
scrcpy
];
}; };
} }

7
profiles/clean/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.profiles.clean; cfg = config.my.profiles.clean;
in in

7
profiles/desktop-apps/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.profiles.desktop-apps; cfg = config.my.profiles.desktop-apps;
in in

16
profiles/desktop-dev/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.profiles.desktop-dev; cfg = config.my.profiles.desktop-dev;
in in
@ -22,7 +27,8 @@ in
(vscode-with-extensions.override { (vscode-with-extensions.override {
vscode = vscodium; vscode = vscodium;
vscodeExtensions = vscodeExtensions =
with vscode-extensions; [ with vscode-extensions;
[
bbenoist.nix bbenoist.nix
editorconfig.editorconfig editorconfig.editorconfig
github.copilot github.copilot
@ -31,11 +37,13 @@ in
ms-python.python ms-python.python
ms-vscode-remote.remote-ssh ms-vscode-remote.remote-ssh
pkief.material-icon-theme pkief.material-icon-theme
] ++ [ ]
++ [
# remove in 24.05 # remove in 24.05
unstable.vscode-extensions.equinusocio.vsc-material-theme unstable.vscode-extensions.equinusocio.vsc-material-theme
unstable.vscode-extensions.hiukky.flate unstable.vscode-extensions.hiukky.flate
] ++ pkgs.vscode-utils.extensionsFromVscodeMarketplace [ ]
++ pkgs.vscode-utils.extensionsFromVscodeMarketplace [
# { # {
# name = "vsc-material-theme"; # name = "vsc-material-theme";
# publisher = "Equinusocio"; # publisher = "Equinusocio";

33
profiles/development/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.profiles.development; cfg = config.my.profiles.development;
in in
@ -23,18 +28,20 @@ in
# websites # websites
hugo hugo
# scripts # scripts
(python3.withPackages (ps: with ps; [ (python3.withPackages (
jupyter # notebooks ps: with ps; [
matplotlib jupyter # notebooks
numpy matplotlib
pandas numpy
pillow pandas
plotly pillow
scikitlearn plotly
scipy scikitlearn
tqdm # progressbar in pandas scipy
wheel # python development tqdm # progressbar in pandas
])) wheel # python development
]
))
# linter # linter
shellcheck shellcheck
typos typos

7
profiles/filesystem/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.profiles.filesystem; cfg = config.my.profiles.filesystem;
in in

7
profiles/gaming/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.profiles.gaming; cfg = config.my.profiles.gaming;
in in

7
profiles/gnome/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.profiles.gnome; cfg = config.my.profiles.gnome;
in in

7
profiles/latex/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.profiles.latex; cfg = config.my.profiles.latex;
in in

11
profiles/media/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.profiles.media; cfg = config.my.profiles.media;
in in
@ -31,9 +36,7 @@ in
shotwell # photo management shotwell # photo management
sonixd # cloud-music-player sonixd # cloud-music-player
soundkonverter # audio converter soundkonverter # audio converter
(yt-dlp.override { (yt-dlp.override { withAlias = true; }) # video download
withAlias = true;
}) # video download
]; ];
}; };
} }

7
profiles/meeting/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.profiles.meeting; cfg = config.my.profiles.meeting;
in in

11
profiles/nautilus/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.profiles.nautilus; cfg = config.my.profiles.nautilus;
in in
@ -31,9 +36,7 @@ in
]; ];
sessionVariables.NAUTILUS_4_EXTENSION_DIR = "${config.system.path}/lib/nautilus/extensions-4"; sessionVariables.NAUTILUS_4_EXTENSION_DIR = "${config.system.path}/lib/nautilus/extensions-4";
pathsToLink = [ pathsToLink = [ "/share/nautilus-python/extensions" ];
"/share/nautilus-python/extensions"
];
}; };
programs.nautilus-open-any-terminal = { programs.nautilus-open-any-terminal = {

7
profiles/powersave/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.profiles.powersave; cfg = config.my.profiles.powersave;
in in

11
profiles/printing/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.profiles.printing; cfg = config.my.profiles.printing;
in in
@ -16,8 +21,6 @@ in
]; ];
programs.system-config-printer.enable = true; programs.system-config-printer.enable = true;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [ gnome.simple-scan ];
gnome.simple-scan
];
}; };
} }

11
profiles/sway/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.profiles.sway; cfg = config.my.profiles.sway;
in in
@ -23,9 +28,7 @@ in
sway-theme.enable = true; sway-theme.enable = true;
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [ polkit_gnome ];
polkit_gnome
];
environment.pathsToLink = [ "/libexec" ]; environment.pathsToLink = [ "/libexec" ];
programs = { programs = {

15
profiles/sway/screen-sharing.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.profiles.sway-screen-sharing; cfg = config.my.profiles.sway-screen-sharing;
in in
@ -8,18 +13,14 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [ remmina ];
remmina
];
services.pipewire.enable = true; services.pipewire.enable = true;
xdg.portal = { xdg.portal = {
enable = true; enable = true;
wlr.enable = true; wlr.enable = true;
extraPortals = with pkgs; [ extraPortals = with pkgs; [ xdg-desktop-portal-gtk ];
xdg-desktop-portal-gtk
];
}; };
# for firefox # for firefox

7
profiles/sway/theme.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.profiles.sway-theme; cfg = config.my.profiles.sway-theme;
in in

7
profiles/sync/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.profiles.sync; cfg = config.my.profiles.sync;
in in

11
profiles/update/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.profiles.update; cfg = config.my.profiles.update;
in in
@ -11,8 +16,6 @@ in
# Enable firmware update daemon # Enable firmware update daemon
services.fwupd.enable = true; services.fwupd.enable = true;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [ topgrade ];
topgrade
];
}; };
} }

7
profiles/usb-iso/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.profiles.usb-iso; cfg = config.my.profiles.usb-iso;
in in

7
profiles/webcam/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.my.profiles.webcam; cfg = config.my.profiles.webcam;
in in