derped/nixos
1
0
Fork 0
Code Releases Activity

Format the entire project.

Browse source
This commit is contained in:
Kevin Baensch 2023-09-11 20:23:04 +02:00
parent 1dc50ae17d
commit 6f9db5e3a4
Signed by: derped
GPG key ID: C0F1D326C7626543
115 changed files with 3451 additions and 2901 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
config/etc.nix
View file

@ -1,10 +1,12 @@
{ config, lib, pkgs, ... }:
with lib;
{ {
config,
lib,
pkgs,
...
}:
with lib; {
environment.etc = mkIf (elem "etcfiles" config.machine.conffiles) { environment.etc = mkIf (elem "etcfiles" config.machine.conffiles) {
"rofi.rasi".source = (import ./etc/rofi.rasi.nix { inherit pkgs; }); "rofi.rasi".source = import ./etc/rofi.rasi.nix {inherit pkgs;};
"i3/py3status".source = ./etc/i3/py3status; "i3/py3status".source = ./etc/i3/py3status;
"sway/config".source = mkDefault ./etc/sway/config; "sway/config".source = mkDefault ./etc/sway/config;
"mpv/input.conf".source = ./etc/mpv/input.conf; "mpv/input.conf".source = ./etc/mpv/input.conf;

4
config/etc/i3/config.nix
View file

@ -1,6 +1,4 @@
{ pkgs, ... }: {pkgs, ...}: (pkgs.writeText "config" ''
(pkgs.writeText "config" ''
# i3 config file (v4) # i3 config file (v4)
# #
# Please see http://i3wm.org/docs/userguide.html for a complete reference! # Please see http://i3wm.org/docs/userguide.html for a complete reference!

4
config/etc/rofi.rasi.nix
View file

@ -1,6 +1,4 @@
{ pkgs }: {pkgs}: let
let
tabMode = pkgs.writeScript "tab-finder.sh" (with pkgs; '' tabMode = pkgs.writeScript "tab-finder.sh" (with pkgs; ''
#!/usr/bin/env bash #!/usr/bin/env bash
if [ -z ''${1} ]; then if [ -z ''${1} ]; then

9
config/fonts.nix
View file

@ -1,7 +1,10 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
with lib; with lib;
mkIf (elem "fonts" config.machine.conffiles) { mkIf (elem "fonts" config.machine.conffiles) {
fonts = { fonts = {
fontDir.enable = true; fontDir.enable = true;

11
config/locale.nix
View file

@ -1,12 +1,17 @@
{ config, pkgs, ... }:
{ {
config,
pkgs,
...
}: {
console.keyMap = "de"; console.keyMap = "de";
i18n = { i18n = {
defaultLocale = "en_US.UTF-8"; defaultLocale = "en_US.UTF-8";
supportedLocales = ["all"]; supportedLocales = ["all"];
inputMethod = { inputMethod = {
enabled = if config.services.xserver.enable then "fcitx5" else null; enabled =
if config.services.xserver.enable
then "fcitx5"
else null;
fcitx5.addons = with pkgs; [fcitx5-chinese-addons fcitx5-mozc fcitx5-table-extra]; fcitx5.addons = with pkgs; [fcitx5-chinese-addons fcitx5-mozc fcitx5-table-extra];
}; };
}; };

14
config/networking.nix
View file

@ -1,8 +1,9 @@
{ config, lib, ... }: {
config,
with lib; lib,
...
let }:
with lib; let
networkD = config.machine.networkD; networkD = config.machine.networkD;
in { in {
networking = { networking = {
@ -58,7 +59,8 @@ in{
systemd.services."systemd-networkd-wait-online" = { systemd.services."systemd-networkd-wait-online" = {
enable = mkForce networkD.waitOnline; enable = mkForce networkD.waitOnline;
serviceConfig.ExecStart = [ serviceConfig.ExecStart = [
"" "${config.systemd.package}/lib/systemd/systemd-networkd-wait-online --any" ""
"${config.systemd.package}/lib/systemd/systemd-networkd-wait-online --any"
]; ];
}; };
} }

24
config/nix.nix
View file

@ -1,6 +1,12 @@
{ nixpkgs, nixpkgs-git, nixpkgs-stable, pkgs, config, lib, ... }: {
nixpkgs,
let nixpkgs-git,
nixpkgs-stable,
pkgs,
config,
lib,
...
}: let
cfg = config.machine; cfg = config.machine;
emptyGlobalRegistry = pkgs.writeText "registry.json" ''{ "flakes": [], "version": 2 }''; emptyGlobalRegistry = pkgs.writeText "registry.json" ''{ "flakes": [], "version": 2 }'';
in { in {
@ -16,14 +22,18 @@ in {
cores = 1; cores = 1;
sandbox = true; sandbox = true;
auto-optimise-store = true; auto-optimise-store = true;
trusted-substituters = [ trusted-substituters =
[
"https://cache.nixos.org" "https://cache.nixos.org"
] ++ cfg.binaryCaches; ]
++ cfg.binaryCaches;
# TODO: integrate into sops # TODO: integrate into sops
# trusted-public-keys = [ (lib.fileContents "${cfg.secretPath}/hydra_cache.pub") ]; # trusted-public-keys = [ (lib.fileContents "${cfg.secretPath}/hydra_cache.pub") ];
substituters = [ substituters =
[
"https://cache.nixos.org" "https://cache.nixos.org"
] ++ cfg.binaryCaches; ]
++ cfg.binaryCaches;
allowed-users = ["root"] ++ (map (n: n.name) cfg.administrators); allowed-users = ["root"] ++ (map (n: n.name) cfg.administrators);
}; };
extraOptions = '' extraOptions = ''

8
config/security.nix
View file

@ -1,7 +1,9 @@
{ config, lib, ... }: {
config,
lib,
...
}:
with lib; with lib;
mkIf (elem "security" config.machine.conffiles) { mkIf (elem "security" config.machine.conffiles) {
security = { security = {
audit.enable = true; audit.enable = true;

31
config/users.nix
View file

@ -1,8 +1,11 @@
{ config, lib, fn, pkgs, ... }: {
config,
with lib; lib,
fn,
let pkgs,
...
}:
with lib; let
withDocker = config.virtualisation.docker.enable; withDocker = config.virtualisation.docker.enable;
withPodman = config.virtualisation.podman.enable; withPodman = config.virtualisation.podman.enable;
administrators = user: { administrators = user: {
@ -14,13 +17,20 @@ let
isNormalUser = true; isNormalUser = true;
name = user.name; name = user.name;
uid = user.id; uid = user.id;
subUidRanges = (optional withPodman { startUid = 100000; count = 65536; }); subUidRanges = optional withPodman {
subGidRanges = (optional withPodman { startGid = 100000; count = 65536; }); startUid = 100000;
count = 65536;
};
subGidRanges = optional withPodman {
startGid = 100000;
count = 65536;
};
home = builtins.toPath "/home/${user.name}"; home = builtins.toPath "/home/${user.name}";
createHome = true; createHome = true;
description = "Administrative user ${user.name}."; description = "Administrative user ${user.name}.";
group = user.name; group = user.name;
extraGroups = [ "audio" "wheel" "network" ] extraGroups =
["audio" "wheel" "network"]
++ (optionals cfg.xserver.enable ["input" "video"]) ++ (optionals cfg.xserver.enable ["input" "video"])
++ (optionals cfg.printing.enable ["cups" "lp"]) ++ (optionals cfg.printing.enable ["cups" "lp"])
++ (optional (withDocker && !withPodman) "docker") ++ (optional (withDocker && !withPodman) "docker")
@ -39,10 +49,11 @@ let
}; };
}; };
in { in {
sops.secrets = (fn.sopsHelper sops.secrets =
fn.sopsHelper
(user: "users/${user.name}/password") (user: "users/${user.name}/password")
config.machine.administrators config.machine.administrators
{ neededForUsers = true; }); {neededForUsers = true;};
users = { users = {
mutableUsers = false; mutableUsers = false;
users = listToAttrs (map administrators config.machine.administrators); users = listToAttrs (map administrators config.machine.administrators);

8
config/zsh.nix
View file

@ -1,7 +1,9 @@
{ config, lib, ... }: {
config,
lib,
...
}:
with lib; with lib;
mkIf (elem "zsh" config.machine.conffiles) { mkIf (elem "zsh" config.machine.conffiles) {
programs.zsh = { programs.zsh = {
enable = true; enable = true;

44
configuration.nix
View file

@ -1,32 +1,46 @@
{lib, ...}: {lib, ...}:
with builtins; with builtins;
with lib; with lib; let
let
fn = import (toString ./fn.nix) {inherit lib;}; fn = import (toString ./fn.nix) {inherit lib;};
# Cannot use <hostName> here as those evaluations only work with existing paths >.< # Cannot use <hostName> here as those evaluations only work with existing paths >.<
# hostName and secretPtah can be set with -I hostName=$HOSTNAME and -I secretPath=$SECRETPATH respectively # hostName and secretPtah can be set with -I hostName=$HOSTNAME and -I secretPath=$SECRETPATH respectively
# , defaults to the contents of /secret/hostName # , defaults to the contents of /secret/hostName
secretPath = fn.ifelse ((tryEval (toString <secretPath>)).value != false) secretPath =
fn.ifelse ((tryEval (toString <secretPath>)).value != false)
(toString <secretPath>) (toString <secretPath>)
(toString /secret); (toString /secret);
hostName = ( hostName =
(
findFirst findFirst
(elem: elem.prefix == "hostName") (elem: elem.prefix == "hostName")
{ path = (fileContents "${secretPath}/hostName"); } {path = fileContents "${secretPath}/hostName";}
nixPath nixPath
).path; )
machinePath = (builtins.toPath (./machines + ("/" + hostName))); .path;
machineFiles = fn.lst { p = machinePath; b = true; }; machinePath = builtins.toPath (./machines + ("/" + hostName));
configFiles = fn.lst { p = (toString ./config); b = true; }; machineFiles = fn.lst {
pkgsFiles = fn.lst { p = (toString ./pkgs); b = true; }; p = machinePath;
serviceFiles = fn.lst { p = (toString ./services); b = true; }; b = true;
};
configFiles = fn.lst {
p = toString ./config;
b = true;
};
pkgsFiles = fn.lst {
p = toString ./pkgs;
b = true;
};
serviceFiles = fn.lst {
p = toString ./services;
b = true;
};
in { in {
imports = [ imports =
[
./options/machine.nix ./options/machine.nix
./services/mailserver/default.nix ./services/mailserver/default.nix
] ++ machineFiles ]
++ machineFiles
++ configFiles ++ configFiles
++ pkgsFiles ++ pkgsFiles
++ serviceFiles; ++ serviceFiles;

44
flake.nix
View file

@ -15,27 +15,53 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
}; };
outputs = { self, nixpkgs, alejandra, mailserver, sops-nix, ... }@attrs: let outputs = {
self,
nixpkgs,
alejandra,
mailserver,
sops-nix,
...
} @ attrs: let
lib = nixpkgs.lib; lib = nixpkgs.lib;
fn = import ./fn.nix {inherit lib;}; fn = import ./fn.nix {inherit lib;};
mappedFormatter = builtins.mapAttrs (arch: packages: packages.default) alejandra.packages; mappedFormatter = builtins.mapAttrs (arch: packages: packages.default) alejandra.packages;
system = "x86_64-linux"; system = "x86_64-linux";
machineList = fn.lst { p = (toString ./machines); t = "directory"; b = false; }; machineList = fn.lst {
configFiles = fn.lst { p = (toString ./config); b = true; }; p = toString ./machines;
pkgsFiles = fn.lst { p = (toString ./pkgs); b = true; }; t = "directory";
serviceFiles = fn.lst { p = (toString ./services); b = true; }; b = false;
};
configFiles = fn.lst {
p = toString ./config;
b = true;
};
pkgsFiles = fn.lst {
p = toString ./pkgs;
b = true;
};
serviceFiles = fn.lst {
p = toString ./services;
b = true;
};
nixosSystemFor = machine: { nixosSystemFor = machine: {
name = machine; name = machine;
value = let value = let
machinePath = lib.concatStringsSep "/" [(toString ./.) "machines" machine]; machinePath = lib.concatStringsSep "/" [(toString ./.) "machines" machine];
machineFiles = lib.filter (name: lib.strings.hasSuffix ".nix" name) (fn.lst { p = machinePath; b = true; }); machineFiles = lib.filter (name: lib.strings.hasSuffix ".nix" name) (fn.lst {
in nixpkgs.lib.nixosSystem { p = machinePath;
b = true;
});
in
nixpkgs.lib.nixosSystem {
inherit system; inherit system;
specialArgs = attrs // {fn = fn;}; specialArgs = attrs // {fn = fn;};
modules = [ modules =
[
(toString ./options/machine.nix) (toString ./options/machine.nix)
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
] ++ machineFiles ]
++ machineFiles
++ configFiles ++ configFiles
++ pkgsFiles ++ pkgsFiles
++ serviceFiles; ++ serviceFiles;

87
fn.nix
View file

@ -1,27 +1,40 @@
{lib}: {lib}:
with builtins; with builtins;
with lib; with lib; rec {
ifelse = a: b: c:
rec { if a
ifelse = a: b: c: if a then b else c; then b
else c;
fileContentsOr = a: b: (ifelse fileContentsOr = a: b: (ifelse
(pathIsRegularFile a) (pathIsRegularFile a)
a b); a
b);
cwd = builtins.getEnv "PWD"; cwd = builtins.getEnv "PWD";
# lst (string PATH) (string FILETYPE) (bool RETURNFULLPATH) # lst (string PATH) (string FILETYPE) (bool RETURNFULLPATH)
lst = { p ? cwd, t ? "regular", b ? false }: (lists.forEach lst = {
p ? cwd,
t ? "regular",
b ? false,
}: (lists.forEach
(attrNames (attrNames
(filterAttrs (n: v: v == t) (filterAttrs (n: v: v == t)
(readDir p))) (readDir p)))
(v: ((optionalString b "${p}/") + v))); (v: ((optionalString b "${p}/") + v)));
lsf = p: (lst {p = p;}); lsf = p: (lst {p = p;});
lsd = p: (lst { p = p; t = "directory"; b = true; }); lsd = p: (lst {
lsfRec = p: b: flatten ((map (np: lsfRec np b) (lsd p)) ++ (lst { p = p; b = b; })); p = p;
t = "directory";
b = true;
});
lsfRec = p: b:
flatten ((map (np: lsfRec np b) (lsd p))
++ (lst {
p = p;
b = b;
}));
hasAttrs = aList: d: (map hasAttrs = aList: d: (map
(a: (a: (ifelse (isList a)
(ifelse (isList a)
(hasAttrByPath a d) (hasAttrByPath a d)
(hasAttr a d))) (hasAttr a d)))
aList); aList);
@ -30,36 +43,59 @@ rec {
# This might be a tad bit inefficient. # This might be a tad bit inefficient.
# TODO: look for better implementation (map is a builtin function so checking that probably won't help) # TODO: look for better implementation (map is a builtin function so checking that probably won't help)
# Sequentially checks elements of list (l) for condition (cond) and executes do on first match. # Sequentially checks elements of list (l) for condition (cond) and executes do on first match.
meetsConDo = cond: do: l: ifelse (l == []) false meetsConDo = cond: do: l:
ifelse (l == []) false
(let (let
h = (head l); h = head l;
t = (tail l); t = tail l;
in ifelse (cond h) (do h) in
(meetsConDo (cond) (do) (t))); ifelse (cond h) (do h)
deps = p: ifelse (isAttrs p) (filter (p: isAttrs p) (meetsConDo cond do t));
deps = p:
ifelse (isAttrs p) (
filter (p: isAttrs p)
(p.buildInputs ++ p.nativeBuildInputs ++ p.propagatedBuildInputs ++ p.propagatedNativeBuildInputs) (p.buildInputs ++ p.nativeBuildInputs ++ p.propagatedBuildInputs ++ p.propagatedNativeBuildInputs)
) []; ) [];
importFilter = l: p: filter (n: elem (nameFromURL (toString n) ".") l) p; importFilter = l: p: filter (n: elem (nameFromURL (toString n) ".") l) p;
depsRec = ld: ifelse (ld == []) [] ((toList ld) ++ (depsRec (lists.unique (lists.flatten (map (d: deps d) (toList ld)))))); depsRec = ld: ifelse (ld == []) [] ((toList ld) ++ (depsRec (lists.unique (lists.flatten (map (d: deps d) (toList ld))))));
isBroken = p: meetsConDo (s: ((hasAttrByPath s.path p) && (s.check (getAttrFromPath s.path p)))) (s: s.msg) isBroken = p:
meetsConDo (s: ((hasAttrByPath s.path p) && (s.check (getAttrFromPath s.path p)))) (s: s.msg)
[ [
{ path = ["meta" "broken"]; msg = (warn "Package ${p.name} is marked as broken." true); check = m: m; } {
{ path = ["meta" "knownVulnerabilities" ]; msg = (warn "Package ${p.name} has known Vulnerabilities.." true); check = m: m != []; } path = ["meta" "broken"];
{ path = ["name"]; msg = (warn "${p.name}: python2 is depricated." false); check = m: (strings.hasInfix "python2" m) || (strings.hasInfix "python-2" m); } msg = warn "Package ${p.name} is marked as broken." true;
check = m: m;
}
{
path = ["meta" "knownVulnerabilities"];
msg = warn "Package ${p.name} has known Vulnerabilities.." true;
check = m: m != [];
}
{
path = ["name"];
msg = warn "${p.name}: python2 is depricated." false;
check = m: (strings.hasInfix "python2" m) || (strings.hasInfix "python-2" m);
}
# not sure if the following test creates false positives (AFAIK every derivation/package needs to have an outPath) # not sure if the following test creates false positives (AFAIK every derivation/package needs to have an outPath)
# , definitely should catch all corner cases/everything that fails to evaluate. # , definitely should catch all corner cases/everything that fails to evaluate.
{ path = [ "outPath" ]; msg = (warn "Package ${p.name} has no outPath" true); check = m: !(tryEval m).success; } {
path = ["outPath"];
msg = warn "Package ${p.name} has no outPath" true;
check = m: !(tryEval m).success;
}
]; ];
depsBroken = p: lists.any (p: (isBroken p)) (deps p); depsBroken = p: lists.any (p: (isBroken p)) (deps p);
# No more magic 🧙 here 😢 # No more magic 🧙 here 😢
# But at least it now (hopefully) checks ONLY dependencies (and all of them at that). # But at least it now (hopefully) checks ONLY dependencies (and all of them at that).
depsBrokenRec = p: (meetsConDo depsBrokenRec = p: (
meetsConDo
(p: ifelse (depsBroken p) true (depsBrokenRec (deps p))) (p: ifelse (depsBroken p) true (depsBrokenRec (deps p)))
(p: true) (deps p) (p: true) (deps p)
); );
sopsHelper = template: names: options: let sopsHelper = template: names: options: let
optionsIsFunction = (typeOf options) == "lambda"; optionsIsFunction = (typeOf options) == "lambda";
in listToAttrs (map in
listToAttrs (map
(name: { (name: {
name = template name; name = template name;
value = ifelse optionsIsFunction (options name) options; value = ifelse optionsIsFunction (options name) options;
@ -74,7 +110,8 @@ rec {
true) true)
)) ))
ld); ld);
makeOptionTypeList = path: (lists.forEach makeOptionTypeList = path: (
lists.forEach
# get a list of all files ending in .nix in path # get a list of all files ending in .nix in path
(filter (filePath: hasSuffix ".nix" filePath) (filter (filePath: hasSuffix ".nix" filePath)
(lsfRec path true)) (lsfRec path true))

34
machines/Lilim/configuration.nix
View file

@ -1,6 +1,8 @@
{ pkgs, lib, ... }:
{ {
pkgs,
lib,
...
}: {
services.cron.enable = false; services.cron.enable = false;
networking.dhcpcd.extraConfig = "noarp"; networking.dhcpcd.extraConfig = "noarp";
@ -8,10 +10,30 @@
# low latency audio stuff # low latency audio stuff
security.pam.loginLimits = [ security.pam.loginLimits = [
{ domain = "@audio"; item = "memlock"; type = "-"; value = "unlimited"; } {
{ domain = "@audio"; item = "rtprio"; type = "-"; value = "99"; } domain = "@audio";
{ domain = "@audio"; item = "nofile"; type = "soft"; value = "99999"; } item = "memlock";
{ domain = "@audio"; item = "nofile"; type = "hard"; value = "99999"; } type = "-";
value = "unlimited";
}
{
domain = "@audio";
item = "rtprio";
type = "-";
value = "99";
}
{
domain = "@audio";
item = "nofile";
type = "soft";
value = "99999";
}
{
domain = "@audio";
item = "nofile";
type = "hard";
value = "99999";
}
]; ];
environment = { environment = {
etc = { etc = {

17
machines/Lilim/hardware-configuration.nix
View file

@ -1,6 +1,9 @@
{ nixpkgs, config, pkgs, ... }: {
nixpkgs,
let config,
pkgs,
...
}: let
cfg = config.machine; cfg = config.machine;
in { in {
imports = ["${nixpkgs}/nixos/modules/installer/scan/not-detected.nix"]; imports = ["${nixpkgs}/nixos/modules/installer/scan/not-detected.nix"];
@ -37,13 +40,13 @@ in {
}; };
}; };
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-uuid/b37b48a8-5dcb-4f4d-ad71-1b26500b3e5f"; device = "/dev/disk/by-uuid/b37b48a8-5dcb-4f4d-ad71-1b26500b3e5f";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/boot" = fileSystems."/boot" = {
{ device = "/dev/disk/by-uuid/546A-A3D1"; device = "/dev/disk/by-uuid/546A-A3D1";
fsType = "vfat"; fsType = "vfat";
}; };

33
machines/Lilim/options.nix
View file

@ -1,8 +1,9 @@
{ pkgs, lib, ... }:
with lib;
{ {
pkgs,
lib,
...
}:
with lib; {
imports = [ imports = [
../../options/copySysConf.nix ../../options/copySysConf.nix
]; ];
@ -13,7 +14,12 @@ with lib;
enable = true; enable = true;
waitOnline = false; waitOnline = false;
}; };
administrators = [ { name = "derped"; id = 1337; } ]; administrators = [
{
name = "derped";
id = 1337;
}
];
conffiles = [ conffiles = [
"etcfiles" "etcfiles"
"etcvars" "etcvars"
@ -59,15 +65,26 @@ with lib;
"cups" "cups"
"mullvad" "mullvad"
"mariaDB" "mariaDB"
"docker" "podman" "docker"
"podman"
]; ];
firewall = { firewall = {
enable = true; enable = true;
allowPing = true; allowPing = true;
allowedUDPPorts = [24642]; allowedUDPPorts = [24642];
allowedTCPPorts = [24642]; allowedTCPPorts = [24642];
allowedUDPPortRanges = [ { from = 1714; to = 1764; } ]; allowedUDPPortRanges = [
allowedTCPPortRanges = [ { from = 1714; to = 1764; } ]; {
from = 1714;
to = 1764;
}
];
allowedTCPPortRanges = [
{
from = 1714;
to = 1764;
}
];
}; };
}; };

6
machines/Lilim/sops.nix
View file

@ -1,6 +1,8 @@
{ config, lib, ... }:
{ {
config,
lib,
...
}: {
sops = { sops = {
defaultSopsFile = ./secrets.yaml; defaultSopsFile = ./secrets.yaml;
age = { age = {

4
machines/Marid/configuration.nix
View file

@ -1,6 +1,4 @@
{ pkgs, ... }: {pkgs, ...}: {
{
services.cron.enable = false; services.cron.enable = false;
security.pki.certificateFiles = [ security.pki.certificateFiles = [
./certs/proxy ./certs/proxy

17
machines/Marid/hardware-configuration.nix
View file

@ -1,6 +1,9 @@
{ config, pkgs, modulesPath, ... }: {
config,
let pkgs,
modulesPath,
...
}: let
cfg = config.machine; cfg = config.machine;
in { in {
imports = [(modulesPath + "/installer/scan/not-detected.nix")]; imports = [(modulesPath + "/installer/scan/not-detected.nix")];
@ -29,13 +32,13 @@ in {
}; };
}; };
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-uuid/cf8db7d5-5da7-4fb9-818d-ed5dd2815f0d"; device = "/dev/disk/by-uuid/cf8db7d5-5da7-4fb9-818d-ed5dd2815f0d";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/boot" = fileSystems."/boot" = {
{ device = "/dev/disk/by-uuid/96E4-9DF3"; device = "/dev/disk/by-uuid/96E4-9DF3";
fsType = "vfat"; fsType = "vfat";
}; };

16
machines/Marid/options.nix
View file

@ -1,15 +1,21 @@
{ pkgs, lib, ... }:
with lib;
{ {
pkgs,
lib,
...
}:
with lib; {
imports = [ imports = [
../../options/copySysConf.nix ../../options/copySysConf.nix
]; ];
config.machine = { config.machine = {
allowUnfree = true; allowUnfree = true;
hostName = "Marid"; hostName = "Marid";
administrators = [ { name = "derped"; id = 1337; } ]; administrators = [
{
name = "derped";
id = 1337;
}
];
conffiles = [ conffiles = [
"etcfiles" "etcfiles"
"etcvars" "etcvars"

6
machines/Marid/sops.nix
View file

@ -1,6 +1,8 @@
{ config, lib, ... }:
{ {
config,
lib,
...
}: {
sops = { sops = {
defaultSopsFile = ./secrets.yaml; defaultSopsFile = ./secrets.yaml;
age = { age = {

1
machines/Ophanim/configuration.nix
View file

@ -1,7 +1,6 @@
# Edit this configuration file to define what should be installed on # Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page # your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help). # and in the NixOS manual (accessible by running nixos-help).
{ {
system.autoUpgrade.enable = false; system.autoUpgrade.enable = false;

14
machines/Ophanim/hardware-configuration.nix
View file

@ -1,8 +1,10 @@
{ nixpkgs, pkgs, ... }:
{ {
imports = nixpkgs,
[ "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix" pkgs,
...
}: {
imports = [
"${nixpkgs}/nixos/modules/profiles/qemu-guest.nix"
]; ];
boot = { boot = {
@ -18,8 +20,8 @@
time.timeZone = "Europe/Berlin"; time.timeZone = "Europe/Berlin";
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-uuid/fa0c2ff3-59f9-4c00-8153-c2c2ef0f0e84"; device = "/dev/disk/by-uuid/fa0c2ff3-59f9-4c00-8153-c2c2ef0f0e84";
fsType = "ext4"; fsType = "ext4";
}; };

51
machines/Ophanim/options.nix
View file

@ -1,15 +1,26 @@
{ config, lib, ... }: {
config,
with lib; lib,
...
let }:
with lib; let
cfg = config.machine; cfg = config.machine;
in { in {
config.machine = rec { config.machine = rec {
hostName = "Ophanim"; hostName = "Ophanim";
domain = "ophanim.de"; domain = "ophanim.de";
administrators = [ { name = "derped"; id = 1337; } ]; administrators = [
mailAccounts = [ { name = "derped"; aliases = [ "postmaster" "baensch" ]; } ]; {
name = "derped";
id = 1337;
}
];
mailAccounts = [
{
name = "derped";
aliases = ["postmaster" "baensch"];
}
];
allowUnfree = true; allowUnfree = true;
conffiles = [ conffiles = [
"etcvars" "etcvars"
@ -30,14 +41,28 @@ in {
"nginx" "nginx"
"openssh" "openssh"
]; ];
vHosts = (let base = domain; in [ vHosts = let
{ domain = base; service = "simple"; } base = domain;
in [
{
domain = base;
service = "simple";
}
# { domain = "builder.${base}"; service = "hydra"; } # { domain = "builder.${base}"; service = "hydra"; }
# { domain = "cache.${base}"; service = "cache"; } # { domain = "cache.${base}"; service = "cache"; }
{ domain = "storage.${base}"; service = "nextcloud"; } {
{ domain = "mail.${base}"; service = "mail"; } domain = "storage.${base}";
{ domain = "git.${base}"; service = "gitea"; } service = "nextcloud";
]); }
{
domain = "mail.${base}";
service = "mail";
}
{
domain = "git.${base}";
service = "gitea";
}
];
firewall = { firewall = {
enable = true; enable = true;
allowPing = false; allowPing = false;

6
machines/Ophanim/sops.nix
View file

@ -1,6 +1,8 @@
{ config, lib, ... }:
{ {
config,
lib,
...
}: {
sops = { sops = {
defaultSopsFile = ./secrets.yaml; defaultSopsFile = ./secrets.yaml;
age = { age = {

21
options/copySysConf.nix
View file

@ -1,11 +1,16 @@
{ config, pkgs, lib, ... }: {
config,
with lib; pkgs,
lib,
let ...
}:
with lib; let
cfg = config.system.copySysConf; cfg = config.system.copySysConf;
cfgPath = ../.; cfgPath = ../.;
copySysConf = if !(isStorePath cfgPath) then pkgs.stdenv.mkDerivation rec { copySysConf =
if !(isStorePath cfgPath)
then
pkgs.stdenv.mkDerivation rec {
name = "NixOS_Configuration-${version}"; name = "NixOS_Configuration-${version}";
version = commitIdFromGitRepo (cfgPath + "/.git"); version = commitIdFromGitRepo (cfgPath + "/.git");
@ -14,8 +19,8 @@ let
installPhase = '' installPhase = ''
cp -R ./. $out cp -R ./. $out
''; '';
} else (builtins.toPath ../.); }
else (builtins.toPath ../.);
in { in {
options.system.copySysConf = { options.system.copySysConf = {
enable = mkOption { enable = mkOption {

11
options/emacs-init-defaults.nix
View file

@ -1,20 +1,15 @@
# Original Source: # Original Source:
# https://gitlab.com/rycee/nur-expressions/raw/master/hm-modules/emacs-init-defaults.nix (49ff2d63e867c09e658c959c0d8a73d641061c30) # https://gitlab.com/rycee/nur-expressions/raw/master/hm-modules/emacs-init-defaults.nix (49ff2d63e867c09e658c959c0d8a73d641061c30)
# MIT License # MIT License
# Copyright (c) 2019 Robert Helgesson # Copyright (c) 2019 Robert Helgesson
# Permission is hereby granted, free of charge, to any person obtaining a copy # Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal # of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights # in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is # copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions: # furnished to do so, subject to the following conditions:
# The above copyright notice and this permission notice shall be included in all # The above copyright notice and this permission notice shall be included in all
# copies or substantial portions of the Software. # copies or substantial portions of the Software.
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
@ -22,11 +17,7 @@
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE. # SOFTWARE.
{pkgs, ...}: {
{ pkgs, ... }:
{
programs.emacs.init.usePackage = { programs.emacs.init.usePackage = {
deadgrep = { deadgrep = {
config = '' config = ''

81
options/emacs-init.nix
View file

@ -1,20 +1,15 @@
# Original Source: # Original Source:
# https://gitlab.com/rycee/nur-expressions/raw/master/hm-modules/emacs-init.nix (d27525db3358b9463fab1b4a7739cb77e27b768c) # https://gitlab.com/rycee/nur-expressions/raw/master/hm-modules/emacs-init.nix (d27525db3358b9463fab1b4a7739cb77e27b768c)
# MIT License # MIT License
# Copyright (c) 2019 Robert Helgesson # Copyright (c) 2019 Robert Helgesson
# Permission is hereby granted, free of charge, to any person obtaining a copy # Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal # of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights # in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is # copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions: # furnished to do so, subject to the following conditions:
# The above copyright notice and this permission notice shall be included in all # The above copyright notice and this permission notice shall be included in all
# copies or substantial portions of the Software. # copies or substantial portions of the Software.
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
@ -22,14 +17,13 @@
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE. # SOFTWARE.
{
config,
{ config, lib, pkgs, ... }: lib,
pkgs,
with lib; ...
}:
let with lib; let
cfg = config.programs.emacs.init; cfg = config.programs.emacs.init;
packageFunctionType = mkOptionType { packageFunctionType = mkOptionType {
@ -39,7 +33,11 @@ let
merge = mergeOneOption; merge = mergeOneOption;
}; };
usePackageType = types.submodule ({ name, config, ... }: { usePackageType = types.submodule ({
name,
config,
...
}: {
options = { options = {
enable = mkEnableOption "Emacs package ${name}"; enable = mkEnableOption "Emacs package ${name}";
@ -83,7 +81,10 @@ let
chords = mkOption { chords = mkOption {
type = types.attrsOf types.str; type = types.attrsOf types.str;
default = {}; default = {};
example = { "jj" = "ace-jump-char-mode"; "jk" = "ace-jump-word-mode"; }; example = {
"jj" = "ace-jump-char-mode";
"jk" = "ace-jump-word-mode";
};
description = '' description = ''
The entries to use for <option>:chords</option>. The entries to use for <option>:chords</option>.
''; '';
@ -108,7 +109,10 @@ let
bind = mkOption { bind = mkOption {
type = types.attrsOf types.str; type = types.attrsOf types.str;
default = {}; default = {};
example = { "M-<up>" = "drag-stuff-up"; "M-<down>" = "drag-stuff-down"; }; example = {
"M-<up>" = "drag-stuff-up";
"M-<down>" = "drag-stuff-down";
};
description = '' description = ''
The entries to use for <option>:bind</option>. The entries to use for <option>:bind</option>.
''; '';
@ -181,8 +185,7 @@ let
}; };
config = mkIf config.enable { config = mkIf config.enable {
assembly = assembly = let
let
quoted = v: ''"${escape ["\""] v}"''; quoted = v: ''"${escape ["\""] v}"'';
mkBindHelper = cmd: prefix: bs: mkBindHelper = cmd: prefix: bs:
optionals (bs != {}) ( optionals (bs != {}) (
@ -196,8 +199,7 @@ let
mkDiminish = vs: optional (vs != []) ":diminish (${toString vs})"; mkDiminish = vs: optional (vs != []) ":diminish (${toString vs})";
mkMode = map (v: ":mode ${v}"); mkMode = map (v: ":mode ${v}");
mkBind = mkBindHelper "bind" ""; mkBind = mkBindHelper "bind" "";
mkBindLocal = bs: mkBindLocal = bs: let
let
mkMap = n: v: mkBindHelper "bind" ":map ${n}" v; mkMap = n: v: mkBindHelper "bind" ":map ${n}" v;
in in
flatten (mapAttrsToList mkMap bs); flatten (mapAttrsToList mkMap bs);
@ -205,7 +207,8 @@ let
mkChords = mkBindHelper "chords" ""; mkChords = mkBindHelper "chords" "";
mkHook = map (v: ":hook ${v}"); mkHook = map (v: ":hook ${v}");
mkDefer = v: mkDefer = v:
if isBool v then optional v ":defer t" if isBool v
then optional v ":defer t"
else [":defer ${toString v}"]; else [":defer ${toString v}"];
mkDemand = v: optional v ":demand t"; mkDemand = v: optional v ":demand t";
in in
@ -225,7 +228,8 @@ let
++ optionals (config.init != "") [":init" config.init] ++ optionals (config.init != "") [":init" config.init]
++ optionals (config.config != "") [":config" config.config] ++ optionals (config.config != "") [":config" config.config]
++ optional (config.extraConfig != "") config.extraConfig ++ optional (config.extraConfig != "") config.extraConfig
) + ")"; )
+ ")";
}; };
}); });
@ -234,13 +238,16 @@ let
${pkgConfStr}) ${pkgConfStr})
''; '';
mkRecommendedOption = type: extraDescription: mkOption { mkRecommendedOption = type: extraDescription:
mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
example = true; example = true;
description = '' description =
''
Whether to enable recommended ${type} settings. Whether to enable recommended ${type} settings.
'' + optionalString (extraDescription != "") '' ''
+ optionalString (extraDescription != "") ''
</para><para> </para><para>
${extraDescription} ${extraDescription}
''; '';
@ -300,7 +307,9 @@ let
;; To help fixing issues during startup. ;; To help fixing issues during startup.
(setq use-package-verbose ${ (setq use-package-verbose ${
if cfg.usePackageVerbose then "t" else "nil" if cfg.usePackageVerbose
then "t"
else "nil"
})) }))
'' ''
+ optionalString hasDiminish '' + optionalString hasDiminish ''
@ -317,7 +326,8 @@ let
:config (key-chord-mode 1)) :config (key-chord-mode 1))
''; '';
initFile = '' initFile =
''
;;; hm-init.el --- Emacs configuration à la Home Manager. ;;; hm-init.el --- Emacs configuration à la Home Manager.
;; ;;
;; -*- lexical-binding: t; -*- ;; -*- lexical-binding: t; -*-
@ -359,10 +369,7 @@ let
(provide 'hm-init) (provide 'hm-init)
;; hm-init.el ends here ;; hm-init.el ends here
''; '';
in {
in
{
imports = [./emacs-init-defaults.nix]; imports = [./emacs-init-defaults.nix];
options.programs.emacs.init = { options.programs.emacs.init = {
@ -412,10 +419,10 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
machine.pkgsets.emacs.pkgs = epkgs: machine.pkgsets.emacs.pkgs = epkgs: let
let
getPkg = v: getPkg = v:
if isFunction v then [ (v epkgs) ] if isFunction v
then [(v epkgs)]
else optional (isString v && hasAttr v epkgs) epkgs.${v}; else optional (isString v && hasAttr v epkgs) epkgs.${v};
in in
[epkgs.use-package] [epkgs.use-package]
@ -430,11 +437,13 @@ in
# use lucid as toolkit; emacs will otherwise crash quite frequently when run in daemon mode # use lucid as toolkit; emacs will otherwise crash quite frequently when run in daemon mode
# https://gitlab.gnome.org/GNOME/gtk/issues/221 # https://gitlab.gnome.org/GNOME/gtk/issues/221
machine.pkgsets.emacs.pkgwrap = let machine.pkgsets.emacs.pkgwrap = let
emacsWithPackages = (pkgs.emacsPackagesFor emacsWithPackages =
(pkgs.emacsPackagesFor
(pkgs.emacs.override { (pkgs.emacs.override {
withGTK2 = false; withGTK2 = false;
withGTK3 = false; withGTK3 = false;
})).emacsWithPackages; }))
.emacsWithPackages;
in (emacsWithPackages config.machine.pkgsets.emacs.pkgs); in (emacsWithPackages config.machine.pkgsets.emacs.pkgs);
environment.systemPackages = [ environment.systemPackages = [

18
options/machine.nix
View file

@ -1,9 +1,11 @@
{ config, lib, fn, ... }: {
config,
lib,
fn,
...
}:
with builtins; with builtins;
with lib; with lib; let
let
cfg = config.machine; cfg = config.machine;
pkgsetList = fn.makeOptionTypeList (toString ../pkgsets); pkgsetList = fn.makeOptionTypeList (toString ../pkgsets);
serviceList = fn.makeOptionTypeList (toString ../services); serviceList = fn.makeOptionTypeList (toString ../services);
@ -12,7 +14,7 @@ let
value = rec { value = rec {
pkgwrap = mkOption { pkgwrap = mkOption {
type = with types; oneOf [package (listOf package)]; type = with types; oneOf [package (listOf package)];
default = (fn.pkgFilter cfg.pkgsets."${pname}".pkgs); default = fn.pkgFilter cfg.pkgsets."${pname}".pkgs;
description = '' description = ''
Package Wrapper for packages using a wrapper function (like python, emacs, haskell, ...) Package Wrapper for packages using a wrapper function (like python, emacs, haskell, ...)
''; '';
@ -29,7 +31,7 @@ let
in { in {
options.machine = { options.machine = {
pkgs = mkOption { pkgs = mkOption {
type = (types.listOf (types.enum pkgsetList)); type = types.listOf (types.enum pkgsetList);
default = ["base"]; default = ["base"];
description = '' description = ''
The list of metapackages to be installed. The list of metapackages to be installed.
@ -38,7 +40,7 @@ in {
# Package names containing '::' are sub packages and should not have their own pkgset. # Package names containing '::' are sub packages and should not have their own pkgset.
pkgsets = listToAttrs (map pkgOption (lists.filter (v: !(strings.hasInfix "::" v)) pkgsetList)); pkgsets = listToAttrs (map pkgOption (lists.filter (v: !(strings.hasInfix "::" v)) pkgsetList));
services = mkOption { services = mkOption {
type = (types.listOf (types.enum serviceList)); type = types.listOf (types.enum serviceList);
default = []; default = [];
description = '' description = ''
List of services to be enabled. List of services to be enabled.

34
options/mailman3/core.nix
View file

@ -1,10 +1,29 @@
{ stdenv, buildPythonPackage, fetchgit {
, aiosmtpd, alembic, atpublic, click, dnspython, falcon, flufl_bounce, flufl_i18n, flufl_lock stdenv,
, importlib-resources, lazr_config, passlib, requests, sqlalchemy buildPythonPackage,
, zope_component, zope_configuration, zope_event, zope_interface fetchgit,
aiosmtpd,
alembic,
atpublic,
click,
dnspython,
falcon,
flufl_bounce,
flufl_i18n,
flufl_lock,
importlib-resources,
lazr_config,
passlib,
requests,
sqlalchemy,
zope_component,
zope_configuration,
zope_event,
zope_interface,
# optional database dependencies # optional database dependencies
, pymysql, psycopg2 }: pymysql,
psycopg2,
}:
buildPythonPackage rec { buildPythonPackage rec {
name = "mailman3_core-${version}"; name = "mailman3_core-${version}";
version = "3.2.2"; version = "3.2.2";
@ -33,7 +52,8 @@ buildPythonPackage rec {
zope_configuration zope_configuration
zope_event zope_event
zope_interface zope_interface
pymysql psycopg2 pymysql
psycopg2
]; ];
doCheck = false; doCheck = false;

10
options/mailman3/extraPackages/aiosmtpd.nix
View file

@ -1,6 +1,10 @@
{ stdenv, lib, fetchPypi, buildPythonPackage {
, atpublic }: stdenv,
lib,
fetchPypi,
buildPythonPackage,
atpublic,
}:
buildPythonPackage rec { buildPythonPackage rec {
pname = "aiosmtpd"; pname = "aiosmtpd";
version = "1.2"; version = "1.2";

8
options/mailman3/extraPackages/atpublic.nix
View file

@ -1,5 +1,9 @@
{ stdenv, lib, fetchPypi, buildPythonPackage }: {
stdenv,
lib,
fetchPypi,
buildPythonPackage,
}:
buildPythonPackage rec { buildPythonPackage rec {
pname = "atpublic"; pname = "atpublic";
version = "1.0"; version = "1.0";

11
options/mailman3/extraPackages/flufl_bounce.nix
View file

@ -1,6 +1,11 @@
{ stdenv, lib, fetchPypi, buildPythonPackage {
, atpublic, zope_interface }: stdenv,
lib,
fetchPypi,
buildPythonPackage,
atpublic,
zope_interface,
}:
buildPythonPackage rec { buildPythonPackage rec {
name = "${pname}-${version}"; name = "${pname}-${version}";
pname = "flufl.bounce"; pname = "flufl.bounce";

10
options/mailman3/extraPackages/flufl_i18n.nix
View file

@ -1,6 +1,10 @@
{ stdenv, lib, fetchPypi, buildPythonPackage {
, atpublic }: stdenv,
lib,
fetchPypi,
buildPythonPackage,
atpublic,
}:
buildPythonPackage rec { buildPythonPackage rec {
name = "${pname}-${version}"; name = "${pname}-${version}";
pname = "flufl.i18n"; pname = "flufl.i18n";

10
options/mailman3/extraPackages/flufl_lock.nix
View file

@ -1,6 +1,10 @@
{ stdenv, lib, fetchPypi, buildPythonPackage {
, atpublic }: stdenv,
lib,
fetchPypi,
buildPythonPackage,
atpublic,
}:
buildPythonPackage rec { buildPythonPackage rec {
name = "${pname}-${version}"; name = "${pname}-${version}";
pname = "flufl.lock"; pname = "flufl.lock";

10
options/mailman3/extraPackages/lazr_config.nix
View file

@ -1,6 +1,10 @@
{ stdenv, lib, fetchPypi, buildPythonPackage {
, lazr_delegates }: stdenv,
lib,
fetchPypi,
buildPythonPackage,
lazr_delegates,
}:
buildPythonPackage rec { buildPythonPackage rec {
name = "${pname}-${version}"; name = "${pname}-${version}";
pname = "lazr.config"; pname = "lazr.config";

11
options/mailman3/extraPackages/lazr_delegates.nix
View file

@ -1,6 +1,11 @@
{ stdenv, lib, fetchPypi, buildPythonPackage {
, nose, zope_interface }: stdenv,
lib,
fetchPypi,
buildPythonPackage,
nose,
zope_interface,
}:
buildPythonPackage rec { buildPythonPackage rec {
name = "${pname}-${version}"; name = "${pname}-${version}";
pname = "lazr.delegates"; pname = "lazr.delegates";

25
options/mailman3/options.nix
View file

@ -1,8 +1,10 @@
{ pkgs, lib, config, ... }: {
pkgs,
with lib; lib,
config,
let ...
}:
with lib; let
mailman3 = import ./release.nix {}; mailman3 = import ./release.nix {};
cfg = config.services.mailman3; cfg = config.services.mailman3;
usePostgresql = cfg.database.type == "postgresql"; usePostgresql = cfg.database.type == "postgresql";
@ -357,7 +359,6 @@ in {
}; };
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
users = mkIf (cfg.user == "mailman3") { users = mkIf (cfg.user == "mailman3") {
users.mailman3 = { users.mailman3 = {
@ -374,16 +375,16 @@ in {
services.postfix.mapFiles."local_recipient_maps" = mkIf usePostfix (mkDefault "${cfg.paths.data_dir}/postfix_lmtp"); services.postfix.mapFiles."local_recipient_maps" = mkIf usePostfix (mkDefault "${cfg.paths.data_dir}/postfix_lmtp");
services.postfix.mapFiles."relay_domains" = mkIf usePostfix (mkDefault "${cfg.paths.data_dir}/postfix_domains"); services.postfix.mapFiles."relay_domains" = mkIf usePostfix (mkDefault "${cfg.paths.data_dir}/postfix_domains");
warnings = optional (cfg.database.password != "") warnings =
optional (cfg.database.password != "")
'' config.services.mailman3.database.password will be stored as plaintext '' config.services.mailman3.database.password will be stored as plaintext
in the Nix store. Use database.passwordFile instead.''; in the Nix store. Use database.passwordFile instead.'';
# Create database passwordFile default when password is configured. # Create database passwordFile default when password is configured.
services.mailman3.database.passwordFile = services.mailman3.database.passwordFile = mkDefault (toString (pkgs.writeTextFile {
(mkDefault (toString (pkgs.writeTextFile {
name = "mailman3-database-password"; name = "mailman3-database-password";
text = cfg.database.password; text = cfg.database.password;
}))); }));
systemd.services.mailman3 = { systemd.services.mailman3 = {
description = "GNU Mailing List Manager"; description = "GNU Mailing List Manager";
@ -391,8 +392,8 @@ in {
wantedBy = ["multi-user.target"]; wantedBy = ["multi-user.target"];
preStart = let preStart = let
dbpass = (fileContents cfg.database.passwordFile); dbpass = fileContents cfg.database.passwordFile;
smtppass = (fileContents cfg.mta.smtp_passFile); smtppass = fileContents cfg.mta.smtp_passFile;
in '' in ''
mkdir -p ${cfg.paths.etc_dir} mkdir -p ${cfg.paths.etc_dir}
cp ${configFile} ${cfg.paths.etc_dir}/mailman.cfg cp ${configFile} ${cfg.paths.etc_dir}/mailman.cfg

10
options/mailman3/release.nix
View file

@ -1,6 +1,7 @@
{ pkgs ? import <nixpkgs> {}, python3Packages ? pkgs.python3Packages }: {
pkgs ? import <nixpkgs> {},
let python3Packages ? pkgs.python3Packages,
}: let
mailman3 = { mailman3 = {
core = python3Packages.callPackage ./core.nix (with deps; { core = python3Packages.callPackage ./core.nix (with deps; {
inherit aiosmtpd atpublic flufl_bounce flufl_i18n flufl_lock lazr_config; inherit aiosmtpd atpublic flufl_bounce flufl_i18n flufl_lock lazr_config;
@ -25,4 +26,5 @@ let
}; };
lazr_delegates = python3Packages.callPackage ./extraPackages/lazr_delegates.nix {}; lazr_delegates = python3Packages.callPackage ./extraPackages/lazr_delegates.nix {};
}; };
in mailman3 in
mailman3

7
pkgs/flat-remix/default.nix
View file

@ -1,5 +1,8 @@
{ stdenv, fetchFromGitHub, gtk-engine-murrine }: {
stdenv,
fetchFromGitHub,
gtk-engine-murrine,
}:
stdenv.mkDerivation { stdenv.mkDerivation {
version = "1.0"; version = "1.0";
name = "Flat-Remix-GTK"; name = "Flat-Remix-GTK";

16
pkgs/nixpkgs.nix
View file

@ -1,14 +1,18 @@
{ config, lib, pkgs, {
nixpkgs-unstable, nixpkgs-stable, nixpkgs-git, config,
... }: lib,
pkgs,
let nixpkgs-unstable,
nixpkgs-stable,
nixpkgs-git,
...
}: let
callPackage = pkgs.callPackage; callPackage = pkgs.callPackage;
in { in {
nixpkgs = { nixpkgs = {
config = { config = {
allowUnfree = true; allowUnfree = true;
mpv.vaapiSupport = (lib.elem "xserver" config.machine.services); mpv.vaapiSupport = lib.elem "xserver" config.machine.services;
packageOverrides = { packageOverrides = {
pyluxafor = pkgs.python3Packages.callPackage ./pyluxafor {}; pyluxafor = pkgs.python3Packages.callPackage ./pyluxafor {};

8
pkgs/pyluxafor/default.nix
View file

@ -1,5 +1,9 @@
{ fetchFromGitHub, buildPythonApplication, click, pyusb }: {
fetchFromGitHub,
buildPythonApplication,
click,
pyusb,
}:
buildPythonApplication rec { buildPythonApplication rec {
pname = "pyluxafor"; pname = "pyluxafor";
version = "0.1.0"; version = "0.1.0";

7
pkgs/sddm_midnight/default.nix
View file

@ -1,5 +1,8 @@
{ stdenv, fetchFromGitHub, qtstyleplugin-kvantum-qt4 }: {
stdenv,
fetchFromGitHub,
qtstyleplugin-kvantum-qt4,
}:
stdenv.mkDerivation { stdenv.mkDerivation {
name = "sddm_midnight"; name = "sddm_midnight";
version = 1.0; version = 1.0;

24
pkgs/systemPackages.nix
View file

@ -1,18 +1,26 @@
{ config, lib, fn, pkgs, ... }: {
config,
with lib; lib,
fn,
let pkgs,
...
}:
with lib; let
cfg = config.machine; cfg = config.machine;
pkgsets = fn.lst { p = (toString ../pkgsets); b = true;}; pkgsets = fn.lst {
p = toString ../pkgsets;
b = true;
};
in { in {
imports = pkgsets; imports = pkgsets;
environment.systemPackages = flatten environment.systemPackages =
flatten
(lists.forEach (lists.forEach
(attrVals (attrVals
(filter (filter
(v: !(strings.hasInfix "::" v)) cfg.pkgs) (v: !(strings.hasInfix "::" v))
cfg.pkgs)
cfg.pkgsets) cfg.pkgsets)
(v: v.pkgwrap)); (v: v.pkgwrap));

7
pkgs/xdiskusage/default.nix
View file

@ -1,5 +1,8 @@
{ stdenv, fetchurl, fltk }: {
stdenv,
fetchurl,
fltk,
}:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "xdiskusage"; name = "xdiskusage";
version = "1.51"; version = "1.51";

12
pkgsets/base.nix
View file

@ -1,9 +1,12 @@
# Programms I'm likely to want on every machine and/or may execute as root # Programms I'm likely to want on every machine and/or may execute as root
{ config, pkgs, ... }:
{ {
config,
pkgs,
...
}: {
config.machine.pkgsets.base.pkgs = with pkgs; [ config.machine.pkgsets.base.pkgs = with pkgs; [
age sops age
sops
bat bat
ccze ccze
cryptsetup cryptsetup
@ -54,7 +57,8 @@
whois whois
wirelesstools wirelesstools
wpa_supplicant wpa_supplicant
zip unzipNLS zip
unzipNLS
zlib zlib
zsh zsh
]; ];

6
pkgsets/cpp.nix
View file

@ -1,6 +1,8 @@
{ config, pkgs, ... }:
{ {
config,
pkgs,
...
}: {
config.machine.pkgsets.cpp.pkgs = with pkgs; [ config.machine.pkgsets.cpp.pkgs = with pkgs; [
clang clang
cmake cmake

6
pkgsets/dict.nix
View file

@ -1,6 +1,8 @@
{ config, pkgs, ... }:
{ {
config,
pkgs,
...
}: {
config.machine.pkgsets.dict.pkgs = with pkgs; [ config.machine.pkgsets.dict.pkgs = with pkgs; [
translate-shell translate-shell
(hunspellWithDicts (with pkgs.hunspellDicts; [de-de en-us])) (hunspellWithDicts (with pkgs.hunspellDicts; [de-de en-us]))

26
pkgsets/emacs.nix
View file

@ -1,16 +1,24 @@
{ config, lib, fn, pkgs, ... }: {
config,
with lib; lib,
fn,
let pkgs,
modefiles = fn.lst { p = (toString ./emacs); b = true; }; ...
}:
with lib; let
modefiles = fn.lst {
p = toString ./emacs;
b = true;
};
in rec { in rec {
imports = [ imports =
[
../options/emacs-init.nix ../options/emacs-init.nix
] ++ modefiles; ]
++ modefiles;
programs.emacs.init = { programs.emacs.init = {
enable = (elem "emacs" config.machine.pkgs); enable = elem "emacs" config.machine.pkgs;
recommendedGcSettings = true; recommendedGcSettings = true;
prelude = '' prelude = ''

23
pkgsets/emacs/company.nix
View file

@ -1,8 +1,10 @@
{ config, lib, pkgs, ... }: {
config,
with lib; lib,
pkgs,
let ...
}:
with lib; let
# Source: https://github.com/Henry/dot-emacs/blob/master/my-lisp/company-pcomplete.el # Source: https://github.com/Henry/dot-emacs/blob/master/my-lisp/company-pcomplete.el
company-pcomplete = pkgs.writeText "company-pcomplete.el" '' company-pcomplete = pkgs.writeText "company-pcomplete.el" ''
;;; company-pcomplete.el --- company-mode pcomplete backend -*- lexical-binding: t -*- ;;; company-pcomplete.el --- company-mode pcomplete backend -*- lexical-binding: t -*-
@ -95,13 +97,15 @@ let
(provide 'company-pcomplete) (provide 'company-pcomplete)
''; '';
in mkIf (elem "emacs::company" config.machine.pkgs) { in
mkIf (elem "emacs::company" config.machine.pkgs) {
programs.emacs.init.usePackage = { programs.emacs.init.usePackage = {
company = { company = {
enable = true; enable = true;
package = epkgs: [epkgs.company epkgs.company-web]; package = epkgs: [epkgs.company epkgs.company-web];
diminish = ["company-mode"]; diminish = ["company-mode"];
hook = [ "(after-init . global-company-mode)" ] hook =
["(after-init . global-company-mode)"]
++ optional (elem "emacs::rust" config.machine.pkgs) ++ optional (elem "emacs::rust" config.machine.pkgs)
''(rust-mode . (lambda () (setq company-backends '((company-capf :with company-yasnippet)))))'' ''(rust-mode . (lambda () (setq company-backends '((company-capf :with company-yasnippet)))))''
++ optional (elem "emacs::web-mode" config.machine.pkgs) ++ optional (elem "emacs::web-mode" config.machine.pkgs)
@ -114,7 +118,8 @@ in mkIf (elem "emacs::company" config.machine.pkgs) {
(setq company-idle-delay 0.3 (setq company-idle-delay 0.3
company-show-numbers t) company-show-numbers t)
${optionalString ${
optionalString
(elem "emacs::org" config.machine.pkgs) '' (elem "emacs::org" config.machine.pkgs) ''
(load-file "${company-pcomplete}")'' (load-file "${company-pcomplete}")''
} }
@ -164,7 +169,7 @@ in mkIf (elem "emacs::company" config.machine.pkgs) {
}; };
all-the-icons = {enable = true;}; all-the-icons = {enable = true;};
company-jedi = { company-jedi = {
enable = (elem "emacs::elpy" config.machine.pkgs); enable = elem "emacs::elpy" config.machine.pkgs;
}; };
}; };
fonts.packages = pkgs.emacs-all-the-icons-fonts.all; fonts.packages = pkgs.emacs-all-the-icons-fonts.all;

9
pkgsets/emacs/direnv.nix
View file

@ -1,7 +1,10 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
mkIf (elem "emacs::direnv" config.machine.pkgs) { mkIf (elem "emacs::direnv" config.machine.pkgs) {
programs.emacs.init.usePackage.direnv = { programs.emacs.init.usePackage.direnv = {
enable = true; enable = true;

8
pkgsets/emacs/docker.nix
View file

@ -1,7 +1,9 @@
{ config, lib, ... }: {
config,
lib,
...
}:
with lib; with lib;
mkIf (elem "emacs::docker" config.machine.pkgs) { mkIf (elem "emacs::docker" config.machine.pkgs) {
programs.emacs.init.usePackage = { programs.emacs.init.usePackage = {
dockerfile-mode = { dockerfile-mode = {

8
pkgsets/emacs/dockerfile.nix
View file

@ -1,7 +1,9 @@
{ config, lib, ... }: {
config,
lib,
...
}:
with lib; with lib;
mkIf (elem "emacs::dockerfile" config.machine.pkgs) { mkIf (elem "emacs::dockerfile" config.machine.pkgs) {
programs.emacs.init.usePackage.dockerfile-mode = { programs.emacs.init.usePackage.dockerfile-mode = {
enable = true; enable = true;

9
pkgsets/emacs/doom-modeline.nix
View file

@ -1,7 +1,10 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
mkIf (elem "emacs::doom-modeline" config.machine.pkgs) { mkIf (elem "emacs::doom-modeline" config.machine.pkgs) {
programs.emacs.init.usePackage.doom-modeline = { programs.emacs.init.usePackage.doom-modeline = {
enable = true; enable = true;

9
pkgsets/emacs/doom-themes.nix
View file

@ -1,7 +1,10 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
mkIf (elem "emacs::doom-themes" config.machine.pkgs) { mkIf (elem "emacs::doom-themes" config.machine.pkgs) {
programs.emacs.init.usePackage.doom-themes = { programs.emacs.init.usePackage.doom-themes = {
enable = true; enable = true;

9
pkgsets/emacs/elfeed.nix
View file

@ -1,7 +1,10 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
mkIf (elem "emacs::elfeed" config.machine.pkgs) { mkIf (elem "emacs::elfeed" config.machine.pkgs) {
programs.emacs.init.usePackage = { programs.emacs.init.usePackage = {
elfeed = let elfeed = let

21
pkgsets/emacs/elpy.nix
View file

@ -1,23 +1,30 @@
{ config, lib, ... }: {
config,
lib,
...
}:
with lib; with lib;
mkIf (elem "emacs::elpy" config.machine.pkgs) { mkIf (elem "emacs::elpy" config.machine.pkgs) {
programs.emacs.init.usePackage.elpy = { programs.emacs.init.usePackage.elpy = {
enable = true; enable = true;
after = ["python"]; after = ["python"];
command = ["elpy-enable"]; command = ["elpy-enable"];
hook = [ '' hook =
[
''
(elpy-mode (elpy-mode
. (lambda () . (lambda ()
(set (make-local-variable 'company-backends) (set (make-local-variable 'company-backends)
'((company-dabbrev-code company-yasnippet elpy-company-backend))))) '((company-dabbrev-code company-yasnippet elpy-company-backend)))))
'' ] ''
]
++ (optional (elem "emacs::flyspell" config.machine.pkgs) "(elpy-mode . (lambda () (flyspell-prog-mode)))") ++ (optional (elem "emacs::flyspell" config.machine.pkgs) "(elpy-mode . (lambda () (flyspell-prog-mode)))")
++ (optional (elem "emacs::flycheck" config.machine.pkgs) "(elpy-mode . (lambda () (flycheck-mode)))"); ++ (optional (elem "emacs::flycheck" config.machine.pkgs) "(elpy-mode . (lambda () (flycheck-mode)))");
bindLocal = { elpy-mode-map = { bindLocal = {
elpy-mode-map = {
"<tab>" = "company-indent-or-complete-common"; "<tab>" = "company-indent-or-complete-common";
};}; };
};
init = ''(with-eval-after-load 'python (elpy-enable))''; init = ''(with-eval-after-load 'python (elpy-enable))'';
config = '' config = ''
(setq elpy-project-root-finder-functions '(elpy-project-find-git-root elpy-project-find-python-root elpy-project-find-hg-root elpy-project-find-svn-root)) (setq elpy-project-root-finder-functions '(elpy-project-find-git-root elpy-project-find-python-root elpy-project-find-hg-root elpy-project-find-svn-root))

8
pkgsets/emacs/fcitx.nix
View file

@ -1,7 +1,9 @@
{ config, lib, ... }: {
config,
lib,
...
}:
with lib; with lib;
mkIf (elem "emacs::fcitx" config.machine.pkgs) { mkIf (elem "emacs::fcitx" config.machine.pkgs) {
programs.emacs.init.usePackage = { programs.emacs.init.usePackage = {
fcitx = { fcitx = {

18
pkgsets/emacs/flycheck.nix
View file

@ -1,7 +1,9 @@
{ config, lib, ... }: {
config,
lib,
...
}:
with lib; with lib;
mkIf (elem "emacs::flycheck" config.machine.pkgs) { mkIf (elem "emacs::flycheck" config.machine.pkgs) {
programs.emacs.init.usePackage.flycheck = { programs.emacs.init.usePackage.flycheck = {
enable = true; enable = true;
@ -14,22 +16,22 @@ mkIf (elem "emacs::flycheck" config.machine.pkgs) {
}; };
programs.emacs.init.usePackage.flycheck-haskell = { programs.emacs.init.usePackage.flycheck-haskell = {
enable = (elem "emacs::haskell" config.machine.pkgs); enable = elem "emacs::haskell" config.machine.pkgs;
}; };
programs.emacs.init.usePackage.flycheck-irony = { programs.emacs.init.usePackage.flycheck-irony = {
enable = (elem "emacs::irony" config.machine.pkgs); enable = elem "emacs::irony" config.machine.pkgs;
}; };
programs.emacs.init.usePackage.flycheck-mypy = { programs.emacs.init.usePackage.flycheck-mypy = {
enable = (elem "emacs::elpy" config.machine.pkgs); enable = elem "emacs::elpy" config.machine.pkgs;
}; };
programs.emacs.init.usePackage.pylint = { programs.emacs.init.usePackage.pylint = {
enable = (elem "emacs::elpy" config.machine.pkgs); enable = elem "emacs::elpy" config.machine.pkgs;
}; };
programs.emacs.init.usePackage.flycheck-rust = { programs.emacs.init.usePackage.flycheck-rust = {
enable = (elem "emacs::rust" config.machine.pkgs); enable = elem "emacs::rust" config.machine.pkgs;
}; };
} }

8
pkgsets/emacs/flyspell.nix
View file

@ -1,7 +1,9 @@
{ config, lib, ... }: {
config,
lib,
...
}:
with lib; with lib;
mkIf (elem "emacs::flyspell" config.machine.pkgs) { mkIf (elem "emacs::flyspell" config.machine.pkgs) {
programs.emacs.init.usePackage.flyspell = { programs.emacs.init.usePackage.flyspell = {
enable = true; enable = true;

9
pkgsets/emacs/latex.nix
View file

@ -1,7 +1,10 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
mkIf (elem "emacs::latex" config.machine.pkgs) { mkIf (elem "emacs::latex" config.machine.pkgs) {
programs.emacs.init.usePackage = { programs.emacs.init.usePackage = {
latex-mode = { latex-mode = {

12
pkgsets/emacs/lsp.nix
View file

@ -1,7 +1,10 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
mkIf (elem "emacs::lsp" config.machine.pkgs) { mkIf (elem "emacs::lsp" config.machine.pkgs) {
programs.emacs.init.usePackage = { programs.emacs.init.usePackage = {
lsp-mode = { lsp-mode = {
@ -49,7 +52,8 @@ mkIf (elem "emacs::lsp" config.machine.pkgs) {
lsp-ui-flycheck = { lsp-ui-flycheck = {
enable = true; enable = true;
package = epkgs: [epkgs.lsp-ui]; package = epkgs: [epkgs.lsp-ui];
after = [ "lsp-ui" ] after =
["lsp-ui"]
++ optional (elem "emacs::flycheck" config.machine.pkgs) "flycheck"; ++ optional (elem "emacs::flycheck" config.machine.pkgs) "flycheck";
}; };
}; };

8
pkgsets/emacs/magit.nix
View file

@ -1,7 +1,9 @@
{ config, lib, ... }: {
config,
lib,
...
}:
with lib; with lib;
mkIf (elem "emacs::magit" config.machine.pkgs) { mkIf (elem "emacs::magit" config.machine.pkgs) {
programs.emacs.init.usePackage.magit = { programs.emacs.init.usePackage.magit = {
enable = true; enable = true;

15
pkgsets/emacs/mu4e.nix
View file

@ -1,8 +1,10 @@
{ config, lib, pkgs, ... }: {
config,
with lib; lib,
pkgs,
let ...
}:
with lib; let
defaultEncrypt = pkgs.emacsPackages.trivialBuild rec { defaultEncrypt = pkgs.emacsPackages.trivialBuild rec {
pname = "defaultencrypt"; pname = "defaultencrypt";
version = "ba07acc8e9fd692534c39c7cdad0a19dc0d897d9"; version = "ba07acc8e9fd692534c39c7cdad0a19dc0d897d9";
@ -14,7 +16,8 @@ let
sha256 = "1ln7h1syx7yi7bqvirv90mk4rvwxg4zm1wvfcvhfh64s3hqrbfgl"; sha256 = "1ln7h1syx7yi7bqvirv90mk4rvwxg4zm1wvfcvhfh64s3hqrbfgl";
}; };
}; };
in mkIf (elem "emacs::mu4e" config.machine.pkgs) { in
mkIf (elem "emacs::mu4e" config.machine.pkgs) {
programs.emacs.init.usePackage.pinentry = { programs.emacs.init.usePackage.pinentry = {
enable = true; enable = true;
command = ["pinentry-start"]; command = ["pinentry-start"];

8
pkgsets/emacs/nix-mode.nix
View file

@ -1,7 +1,9 @@
{ config, lib, ... }: {
config,
lib,
...
}:
with lib; with lib;
mkIf (elem "emacs::nix-mode" config.machine.pkgs) { mkIf (elem "emacs::nix-mode" config.machine.pkgs) {
programs.emacs.init.usePackage.nix-mode = { programs.emacs.init.usePackage.nix-mode = {
enable = true; enable = true;

36
pkgsets/emacs/org.nix
View file

@ -1,14 +1,20 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
mkIf (elem "emacs::org" config.machine.pkgs) { mkIf (elem "emacs::org" config.machine.pkgs) {
programs.emacs.init.usePackage.org = { programs.emacs.init.usePackage.org = {
enable = true; enable = true;
package = epkgs: [epkgs.org]; package = epkgs: [epkgs.org];
mode = [''("\\.org\\'" . org-mode)'']; mode = [''("\\.org\\'" . org-mode)''];
command = ["org-mode"]; command = ["org-mode"];
hook = [ "(org-mode . (lambda () (org-indent-mode)))" '' hook =
[
"(org-mode . (lambda () (org-indent-mode)))"
''
(org-mode (org-mode
. (lambda () . (lambda ()
;; Automatic line-wrapping in org-mode ;; Automatic line-wrapping in org-mode
@ -17,7 +23,8 @@ mkIf (elem "emacs::org" config.machine.pkgs) {
(setq completion-at-point-functions (setq completion-at-point-functions
'(org-completion-symbols '(org-completion-symbols
ora-cap-filesystem)))) ora-cap-filesystem))))
'' '' ''
''
(org-mode (org-mode
. (lambda () . (lambda ()
"Beautify Org Checkbox Symbol" "Beautify Org Checkbox Symbol"
@ -26,11 +33,14 @@ mkIf (elem "emacs::org" config.machine.pkgs) {
(push '("[-]" . "" ) prettify-symbols-alist) (push '("[-]" . "" ) prettify-symbols-alist)
(prettify-symbols-mode))) (prettify-symbols-mode)))
'' ''
] ++ optional (elem "emacs::flyspell" config.machine.pkgs) "(org-mode . (lambda () (flyspell-mode)))"; ]
++ optional (elem "emacs::flyspell" config.machine.pkgs) "(org-mode . (lambda () (flyspell-mode)))";
bind = { bind = {
"C-c a" = "org-agenda"; "C-c a" = "org-agenda";
}; };
bindLocal = { org-mode-map = { bindLocal = {
org-mode-map =
{
"M-<up>" = "org-metaup"; "M-<up>" = "org-metaup";
"M-<down>" = "org-metadown"; "M-<down>" = "org-metadown";
"M-." = "org-open-at-point"; "M-." = "org-open-at-point";
@ -39,9 +49,11 @@ mkIf (elem "emacs::org" config.machine.pkgs) {
"M-<return>" = "org-meta-return"; "M-<return>" = "org-meta-return";
"M-p" = "org-previous-visible-heading"; "M-p" = "org-previous-visible-heading";
"M-n" = "org-next-visible-heading"; "M-n" = "org-next-visible-heading";
} // (optionalAttrs (elem "emacs::company" config.machine.pkgs) { }
// (optionalAttrs (elem "emacs::company" config.machine.pkgs) {
"<M-tab>" = "company-pcomplete"; "<M-tab>" = "company-pcomplete";
}); }; });
};
config = '' config = ''
;; Insead of "..." show "" when there's hidden folded content ;; Insead of "..." show "" when there's hidden folded content
@ -406,10 +418,12 @@ mkIf (elem "emacs::org" config.machine.pkgs) {
after = ["org"]; after = ["org"];
hook = ["(org-mode . (lambda () (add-hook 'before-save-hook 'org-encrypt-entries nil t)))"]; hook = ["(org-mode . (lambda () (add-hook 'before-save-hook 'org-encrypt-entries nil t)))"];
command = ["org-decrypt-entry" "org-encrypt-entry"]; command = ["org-decrypt-entry" "org-encrypt-entry"];
bindLocal = { org-mode-map = { bindLocal = {
org-mode-map = {
"C-c d" = "org-decrypt-entry"; "C-c d" = "org-decrypt-entry";
"C-c e" = "org-encrypt-entry"; "C-c e" = "org-encrypt-entry";
};}; };
};
config = '' config = ''
(setq org-tags-exclude-from-inheritance (quote ("crypt"))) (setq org-tags-exclude-from-inheritance (quote ("crypt")))
;; GPG key to use for encryption ;; GPG key to use for encryption

11
pkgsets/emacs/php-mode.nix
View file

@ -1,12 +1,15 @@
{ config, lib, ... }: {
config,
lib,
...
}:
with lib; with lib;
mkIf (elem "emacs::php-mode" config.machine.pkgs) { mkIf (elem "emacs::php-mode" config.machine.pkgs) {
programs.emacs.init.usePackage = { programs.emacs.init.usePackage = {
php-mode = { php-mode = {
enable = true; enable = true;
hook = lib.optional (elem "emacs::lsp" config.machine.pkgs) hook =
lib.optional (elem "emacs::lsp" config.machine.pkgs)
''(typescript-mode . (lambda () (lsp)))''; ''(typescript-mode . (lambda () (lsp)))'';
}; };
}; };

8
pkgsets/emacs/powerline.nix
View file

@ -1,7 +1,9 @@
{ config, lib, ... }: {
config,
lib,
...
}:
with lib; with lib;
mkIf (elem "emacs::powerline" config.machine.pkgs) { mkIf (elem "emacs::powerline" config.machine.pkgs) {
programs.emacs.init.usePackage.powerline = { programs.emacs.init.usePackage.powerline = {
enable = true; enable = true;

36
pkgsets/emacs/rust.nix
View file

@ -1,24 +1,32 @@
{ config, lib, pkgs, ... }: {
config,
with lib; lib,
pkgs,
let ...
}:
with lib; let
rustEnv = pkgs.symlinkJoin { rustEnv = pkgs.symlinkJoin {
name = "rustEnv"; name = "rustEnv";
paths = config.machine.pkgsets.rustpkgs.pkgwrap; paths = config.machine.pkgsets.rustpkgs.pkgwrap;
}; };
in mkIf (elem "emacs::rust" config.machine.pkgs) { in
mkIf (elem "emacs::rust" config.machine.pkgs) {
programs.emacs.init.usePackage.rust-mode = { programs.emacs.init.usePackage.rust-mode = {
enable = true; enable = true;
hook = [ ''(rust-mode . (lambda () (cargo-minor-mode)))'' ] hook =
++ (if (elem "emacs::lsp" config.machine.pkgs) [''(rust-mode . (lambda () (cargo-minor-mode)))'']
++ (
if (elem "emacs::lsp" config.machine.pkgs)
then [''(rust-mode . (lambda () (lsp)))''] then [''(rust-mode . (lambda () (lsp)))'']
else [''(rust-mode . (lambda () (racer-mode)))'']); else [''(rust-mode . (lambda () (racer-mode)))'']
);
mode = [''("\\.rs\\'" . rust-mode)'']; mode = [''("\\.rs\\'" . rust-mode)''];
command = ["rust-mode"]; command = ["rust-mode"];
bindLocal = optionalAttrs (elem "emacs::company" config.machine.pkgs) { rust-mode-map = { bindLocal = optionalAttrs (elem "emacs::company" config.machine.pkgs) {
rust-mode-map = {
"<tab>" = "company-indent-or-complete-common"; "<tab>" = "company-indent-or-complete-common";
};}; };
};
config = '' config = ''
(setq rust-rustfmt-bin "${rustEnv}/bin/rustfmt") (setq rust-rustfmt-bin "${rustEnv}/bin/rustfmt")
(setq rust-format-on-save t) (setq rust-format-on-save t)
@ -33,9 +41,11 @@ in mkIf (elem "emacs::rust" config.machine.pkgs) {
programs.emacs.init.usePackage.racer = { programs.emacs.init.usePackage.racer = {
enable = true; enable = true;
defer = true; defer = true;
hook = [ hook =
[
''(racer-mode . (lambda () (eldoc-mode)))'' ''(racer-mode . (lambda () (eldoc-mode)))''
] ++ optional (elem "emacs::company" config.machine.pkgs) ''(racer-mode . (lambda () (company-mode)))''; ]
++ optional (elem "emacs::company" config.machine.pkgs) ''(racer-mode . (lambda () (company-mode)))'';
config = '' config = ''
(setq racer-rust-src-path "${rustEnv}/lib/rustlib/src/rust/src") (setq racer-rust-src-path "${rustEnv}/lib/rustlib/src/rust/src")

8
pkgsets/emacs/solarized-theme.nix
View file

@ -1,7 +1,9 @@
{ config, lib, ... }: {
config,
lib,
...
}:
with lib; with lib;
mkIf (elem "emacs::solarized-theme" config.machine.pkgs) { mkIf (elem "emacs::solarized-theme" config.machine.pkgs) {
programs.emacs.init.usePackage.solarized-theme = { programs.emacs.init.usePackage.solarized-theme = {
enable = true; enable = true;

8
pkgsets/emacs/telega.nix
View file

@ -1,7 +1,9 @@
{ config, lib, ... }: {
config,
lib,
...
}:
with lib; with lib;
mkIf (elem "emacs::telega" config.machine.pkgs) { mkIf (elem "emacs::telega" config.machine.pkgs) {
programs.emacs.init.usePackage.telegram = { programs.emacs.init.usePackage.telegram = {
enable = true; enable = true;

9
pkgsets/emacs/transmission.nix
View file

@ -1,7 +1,10 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
mkIf (elem "emacs::transmission" config.machine.pkgs) { mkIf (elem "emacs::transmission" config.machine.pkgs) {
programs.emacs.init.usePackage = { programs.emacs.init.usePackage = {
transmission = { transmission = {

8
pkgsets/emacs/undo-tree.nix
View file

@ -1,7 +1,9 @@
{ config, lib, ... }: {
config,
lib,
...
}:
with lib; with lib;
mkIf (elem "emacs::undo-tree" config.machine.pkgs) { mkIf (elem "emacs::undo-tree" config.machine.pkgs) {
programs.emacs.init.usePackage.undo-tree = { programs.emacs.init.usePackage.undo-tree = {
enable = true; enable = true;

14
pkgsets/emacs/web-mode.nix
View file

@ -1,7 +1,9 @@
{ config, lib, ... }: {
config,
lib,
...
}:
with lib; with lib;
mkIf (elem "emacs::web-mode" config.machine.pkgs) { mkIf (elem "emacs::web-mode" config.machine.pkgs) {
programs.emacs.init.usePackage = { programs.emacs.init.usePackage = {
web-mode = { web-mode = {
@ -60,7 +62,8 @@ mkIf (elem "emacs::web-mode" config.machine.pkgs) {
}; };
typescript-mode = { typescript-mode = {
enable = true; enable = true;
hook = [ "(typescript-mode . (lambda () (subword-mode)))" ] hook =
["(typescript-mode . (lambda () (subword-mode)))"]
++ lib.optional (elem "emacs::lsp" config.machine.pkgs) ++ lib.optional (elem "emacs::lsp" config.machine.pkgs)
''(typescript-mode . (lambda () (lsp)))''; ''(typescript-mode . (lambda () (lsp)))'';
mode = [ mode = [
@ -77,7 +80,7 @@ mkIf (elem "emacs::web-mode" config.machine.pkgs) {
# https://github.com/NixOS/nixpkgs/pull/150239 # https://github.com/NixOS/nixpkgs/pull/150239
tree-sitter = { tree-sitter = {
enable = true; enable = true;
package = (epkgs: [ epkgs.tree-sitter (epkgs.tree-sitter-langs.withPlugins(p: epkgs.tree-sitter-langs.plugins ++ [ p.tree-sitter-markdown p.tree-sitter-tsx ]))]); package = epkgs: [epkgs.tree-sitter (epkgs.tree-sitter-langs.withPlugins (p: epkgs.tree-sitter-langs.plugins ++ [p.tree-sitter-markdown p.tree-sitter-tsx]))];
hook = [ hook = [
"(typescript-mode . tree-sitter-hl-mode)" "(typescript-mode . tree-sitter-hl-mode)"
"(typescript-tsx-mode . tree-sitter-hl-mode)" "(typescript-tsx-mode . tree-sitter-hl-mode)"
@ -86,7 +89,6 @@ mkIf (elem "emacs::web-mode" config.machine.pkgs) {
(tree-sitter-require 'tsx) (tree-sitter-require 'tsx)
(add-to-list 'tree-sitter-major-mode-language-alist '(typescript-tsx-mode . tsx)) (add-to-list 'tree-sitter-major-mode-language-alist '(typescript-tsx-mode . tsx))
''; '';
}; };
impatient-mode = { impatient-mode = {
enable = true; enable = true;

9
pkgsets/emacs/yaml-mode.nix
View file

@ -1,7 +1,10 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
mkIf (elem "emacs::yaml-mode" config.machine.pkgs) { mkIf (elem "emacs::yaml-mode" config.machine.pkgs) {
programs.emacs.init.usePackage = { programs.emacs.init.usePackage = {
yaml-mode = { yaml-mode = {

9
pkgsets/emacs/yasnippet.nix
View file

@ -1,7 +1,10 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
mkIf (elem "emacs::yasnippet" config.machine.pkgs) { mkIf (elem "emacs::yasnippet" config.machine.pkgs) {
programs.emacs.init.usePackage = { programs.emacs.init.usePackage = {
yasnippet = { yasnippet = {

6
pkgsets/extra.nix
View file

@ -1,6 +1,8 @@
{ config, pkgs, ... }:
{ {
config,
pkgs,
...
}: {
config.machine.pkgsets.extra.pkgs = with pkgs; [ config.machine.pkgsets.extra.pkgs = with pkgs; [
alsaUtils alsaUtils
binutils-unwrapped binutils-unwrapped

6
pkgsets/haskell-tools.nix
View file

@ -1,5 +1,7 @@
{ config, pkgs, ... }:
{ {
config,
pkgs,
...
}: {
config.machine.pkgsets.haskell-tools.pkgs = with pkgs; [cabal-install hlint]; # ghcid config.machine.pkgsets.haskell-tools.pkgs = with pkgs; [cabal-install hlint]; # ghcid
} }

10
pkgsets/haskell.nix
View file

@ -1,7 +1,11 @@
{ config, lib, fn, pkgs, ... }:
{ {
config.machine.pkgsets.haskell.pkgwrap = (pkgs.haskellPackages.ghcWithPackages (pkgs: (fn.pkgFilter config.machine.pkgsets.haskell.pkgs))); config,
lib,
fn,
pkgs,
...
}: {
config.machine.pkgsets.haskell.pkgwrap = pkgs.haskellPackages.ghcWithPackages (pkgs: (fn.pkgFilter config.machine.pkgsets.haskell.pkgs));
config.machine.pkgsets.haskell.pkgs = with pkgs.haskellPackages; [ config.machine.pkgsets.haskell.pkgs = with pkgs.haskellPackages; [
hindent hindent
mtl mtl

10
pkgsets/latex.nix
View file

@ -1,8 +1,10 @@
{ config, lib, pkgs, ... }:
with lib;
{ {
config,
lib,
pkgs,
...
}:
with lib; {
config.machine.pkgsets.latex.pkgs = with pkgs; [ config.machine.pkgsets.latex.pkgs = with pkgs; [
texlive.combined.scheme-full texlive.combined.scheme-full
texlab texlab

6
pkgsets/mail_utils.nix
View file

@ -1,6 +1,8 @@
{ config, pkgs, ... }:
{ {
config,
pkgs,
...
}: {
config.machine.pkgsets.mail_utils.pkgs = with pkgs; [ config.machine.pkgsets.mail_utils.pkgs = with pkgs; [
fetchmail fetchmail
isync isync

11
pkgsets/nodejs.nix
View file

@ -1,8 +1,11 @@
{ config, pkgs, ... }:
{ {
config.machine.pkgsets.nodejs.pkgs = (with pkgs; [ nodejs yarn deno esbuild ]) ++ config,
(with pkgs.nodePackages; [ pkgs,
...
}: {
config.machine.pkgsets.nodejs.pkgs =
(with pkgs; [nodejs yarn deno esbuild])
++ (with pkgs.nodePackages; [
autoprefixer autoprefixer
browserify browserify
create-react-app create-react-app

16
pkgsets/php.nix
View file

@ -1,8 +1,14 @@
{ config, lib, fn, pkgs, ... }:
{ {
config.machine.pkgsets.php.pkgwrap = (fn.pkgFilter config.machine.pkgsets.php.pkgs); config,
config.machine.pkgsets.php.pkgs = (with pkgs.php82Packages; [ lib,
fn,
pkgs,
...
}: {
config.machine.pkgsets.php.pkgwrap = fn.pkgFilter config.machine.pkgsets.php.pkgs;
config.machine.pkgsets.php.pkgs =
(with pkgs.php82Packages; [
composer composer
]) ++ (with pkgs; [ php82 ]); ])
++ (with pkgs; [php82]);
} }

19
pkgsets/python3.nix
View file

@ -1,9 +1,12 @@
{ config, lib, fn, pkgs, ... }:
with lib;
{ {
config.machine.pkgsets.python3.pkgwrap = (pkgs.python310.withPackages (ps: (fn.pkgFilter config.machine.pkgsets.python3.pkgs))); config,
lib,
fn,
pkgs,
...
}:
with lib; {
config.machine.pkgsets.python3.pkgwrap = pkgs.python310.withPackages (ps: (fn.pkgFilter config.machine.pkgsets.python3.pkgs));
config.machine.pkgsets.python3.pkgs = with pkgs.python310Packages; [ config.machine.pkgsets.python3.pkgs = with pkgs.python310Packages; [
GitPython GitPython
bpython bpython
@ -13,7 +16,8 @@ with lib;
epc epc
flake8 flake8
genanki genanki
matplotlib ipywidgets matplotlib
ipywidgets
python-docx python-docx
mypy mypy
numpy numpy
@ -29,7 +33,8 @@ with lib;
pypdf2 pypdf2
# pygame pygame_sdl2 # pygame pygame_sdl2
pylama pylama
pylint toml pylint
toml
pyopengl pyopengl
pyproj pyproj
pytest pytest

25
pkgsets/rustpkgs.nix
View file

@ -1,10 +1,11 @@
{ config, ... }: {config, ...}: let
mozRust = with builtins;
let (map (p:
mozRust = with builtins; (map (p: import ((fetchTarball { import ((fetchTarball {
url = "https://github.com/mozilla/nixpkgs-mozilla/archive/e912ed4.tar.gz"; url = "https://github.com/mozilla/nixpkgs-mozilla/archive/e912ed4.tar.gz";
sha256 = "08fvzb8w80bkkabc1iyhzd15f4sm7ra10jn32kfch5klgl0gj3j3"; sha256 = "08fvzb8w80bkkabc1iyhzd15f4sm7ra10jn32kfch5klgl0gj3j3";
}) + p))) [ })
+ p))) [
(toPath "/lib-overlay.nix") (toPath "/lib-overlay.nix")
(toPath "/rust-overlay.nix") (toPath "/rust-overlay.nix")
]; ];
@ -16,24 +17,28 @@ let
channel = "nightly"; channel = "nightly";
}; };
rustNightly = { rustNightly = {
rustc = nightly.rust.override { rustc =
nightly.rust.override {
extensions = [ extensions = [
"clippy-preview" "clippy-preview"
"rls-preview" "rls-preview"
"rust-analysis" "rust-analysis"
"rust-src" "rust-src"
"rustfmt-preview" "rustfmt-preview"
]; } // { src = nightly.rust-src; }; ];
}
// {src = nightly.rust-src;};
cargo = nightly.cargo; cargo = nightly.cargo;
}; };
rustPNightly = stablepkgs.recurseIntoAttrs (stablepkgs.makeRustPlatform { rustPNightly = stablepkgs.recurseIntoAttrs (stablepkgs.makeRustPlatform {
inherit (rustNightly) rustc cargo; inherit (rustNightly) rustc cargo;
}); });
in { in {
config.machine.pkgsets.rustpkgs.pkgs = (with stablepkgs; [ config.machine.pkgsets.rustpkgs.pkgs =
(with stablepkgs; [
diesel-cli diesel-cli
carnix carnix
rustracer rustracer
]) ++ (with rustNightly; [ rustc cargo]); ])
++ (with rustNightly; [rustc cargo]);
} }

6
pkgsets/server.nix
View file

@ -1,6 +1,8 @@
{ config, pkgs, ... }:
{ {
config,
pkgs,
...
}: {
config.machine.pkgsets.server.pkgs = with pkgs; [ config.machine.pkgsets.server.pkgs = with pkgs; [
audit audit
certbot certbot

10
pkgsets/tracking.nix
View file

@ -1,8 +1,10 @@
{ config, lib, pkgs, ... }:
with lib;
{ {
config,
lib,
pkgs,
...
}:
with lib; {
config.machine.pkgsets.tracking.pkgs = with pkgs; [ config.machine.pkgsets.tracking.pkgs = with pkgs; [
aw-qt aw-qt
aw-server-rust aw-server-rust

6
pkgsets/uniProgs.nix
View file

@ -1,5 +1,7 @@
{ config, pkgs, ... }:
{ {
config,
pkgs,
...
}: {
config.machine.pkgsets.uniProgs.pkgs = with pkgs; [qucs]; config.machine.pkgsets.uniProgs.pkgs = with pkgs; [qucs];
} }

12
pkgsets/xpkgs.nix
View file

@ -1,6 +1,8 @@
{ config, pkgs, ... }: {
config,
let pkgs,
...
}: let
cfg = config.machine; cfg = config.machine;
in { in {
config.machine.pkgsets.xpkgs.pkgs = with pkgs; [ config.machine.pkgsets.xpkgs.pkgs = with pkgs; [
@ -13,7 +15,9 @@ in {
gnome3.gvfs gnome3.gvfs
gvfs gvfs
oneko oneko
pcmanfm lxmenu-data shared-mime-info pcmanfm
lxmenu-data
shared-mime-info
pavucontrol pavucontrol
xclip xclip
xorg.xkill xorg.xkill

17
services/acme.nix
View file

@ -1,11 +1,16 @@
{ options, config, lib, fn, pkgs, ... }: {
options,
config,
lib,
fn,
pkgs,
...
}:
with builtins; with builtins;
with lib; with lib; let
let
cfg = config.machine; cfg = config.machine;
in mkIf (elem "acme" cfg.services) { in
mkIf (elem "acme" cfg.services) {
security.acme = { security.acme = {
# see https://letsencrypt.org/repository/ # see https://letsencrypt.org/repository/
acceptTerms = true; acceptTerms = true;

24
services/bind.nix
View file

@ -1,20 +1,28 @@
# This Configuration is meant for local DNS setups only! # This Configuration is meant for local DNS setups only!
{ options, config, lib, fn, pkgs, ... }: {
options,
config,
lib,
fn,
pkgs,
...
}:
with builtins; with builtins;
with lib; with lib; let
let
cfg = config.machine; cfg = config.machine;
in mkIf (elem "bind" cfg.services) { in
mkIf (elem "bind" cfg.services) {
services.bind = { services.bind = {
enable = true; enable = true;
listenOn = ["127.0.0.1"]; listenOn = ["127.0.0.1"];
forwarders = [ forwarders = [
# Cloudflare CDN # Cloudflare CDN
"1.1.1.1" "1.0.0.1" "1.1.1.1"
"1.0.0.1"
#CCC DNS #CCC DNS
"204.152.184.76" "159.203.38.175" "207.148.83.241" "204.152.184.76"
"159.203.38.175"
"207.148.83.241"
]; ];
# TODO: add DNSSEC # TODO: add DNSSEC
extraOptions = '' extraOptions = ''

11
services/containers.nix
View file

@ -1,14 +1,15 @@
{ config, lib, ... }: {
config,
lib,
...
}:
with lib; with lib;
mkIf (elem "containers" config.machine.services) { mkIf (elem "containers" config.machine.services) {
containers.CDServer = { containers.CDServer = {
privateNetwork = true; privateNetwork = true;
hostAddress = "192.168.100.10"; hostAddress = "192.168.100.10";
localAddress = "192.168.100.11"; localAddress = "192.168.100.11";
config = config = {
{
imports = [ imports = [
../machines/CDServer/options.nix ../machines/CDServer/options.nix
./default.nix ./default.nix

9
services/cups.nix
View file

@ -1,7 +1,10 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
mkIf (elem "cups" config.machine.services) { mkIf (elem "cups" config.machine.services) {
services.printing = { services.printing = {
enable = true; enable = true;

24
services/desktop.nix
View file

@ -1,13 +1,21 @@
{ config, lib, fn, pkgs, ... }: {
config,
with lib; lib,
fn,
let pkgs,
...
}:
with lib; let
cfg = config.machine; cfg = config.machine;
desktopFiles = fn.lst { p = (toString ./desktop); b = true; }; desktopFiles = fn.lst {
in { p = toString ./desktop;
b = true;
};
in
{
imports = desktopFiles; imports = desktopFiles;
} // mkIf (elem "desktop" cfg.services) { }
// mkIf (elem "desktop" cfg.services) {
services.gvfs.enable = true; services.gvfs.enable = true;
services.xserver = { services.xserver = {
layout = "de"; layout = "de";

11
services/desktop/i3.nix
View file

@ -1,13 +1,16 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
mkIf (elem "desktop::i3" config.machine.services) { mkIf (elem "desktop::i3" config.machine.services) {
services.xserver = { services.xserver = {
enable = true; enable = true;
windowManager.i3 = { windowManager.i3 = {
enable = true; enable = true;
configFile = (import ../../config/etc/i3/config.nix { inherit pkgs; }); configFile = import ../../config/etc/i3/config.nix {inherit pkgs;};
extraPackages = with pkgs; [ extraPackages = with pkgs; [
dmenu dmenu
file file

16
services/desktop/sway.nix
View file

@ -1,15 +1,21 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
mkIf (elem "desktop::sway" config.machine.services) { mkIf (elem "desktop::sway" config.machine.services) {
programs.sway = { programs.sway = {
enable = true; enable = true;
extraPackages = with pkgs; [ extraPackages = with pkgs; [
xwayland xwayland
file i3status dmenu file
i3status
dmenu
qt5.qtwayland qt5.qtwayland
grim slurp grim
slurp
swaylock swaylock
swayidle swayidle
light light

9
services/docker.nix
View file

@ -1,8 +1,11 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
# Note: add privileged users to docker group for access # Note: add privileged users to docker group for access
with lib; with lib;
mkIf ((elem "docker" config.machine.services) && !(elem "podman" config.machine.services)) { mkIf ((elem "docker" config.machine.services) && !(elem "podman" config.machine.services)) {
virtualisation.docker = { virtualisation.docker = {
enable = true; enable = true;

22
services/fail2ban.nix
View file

@ -1,11 +1,13 @@
{ config, lib, ... }: {
config,
with lib; lib,
...
let }:
with lib; let
cfg = config.machine; cfg = config.machine;
active = name: (elem name cfg.services); active = name: (elem name cfg.services);
in mkIf (elem "fail2ban" cfg.services) { in
mkIf (elem "fail2ban" cfg.services) {
services.fail2ban = { services.fail2ban = {
enable = true; enable = true;
jails = { jails = {
@ -61,7 +63,7 @@ in mkIf (elem "fail2ban" cfg.services) {
}; };
environment.etc."fail2ban/filter.d/sshd-ddos.conf" = { environment.etc."fail2ban/filter.d/sshd-ddos.conf" = {
enable = (active "openssh"); enable = active "openssh";
text = '' text = ''
[Definition] [Definition]
failregex = sshd(?:\[\d+\])?: Did not receive identification string from <HOST>$ failregex = sshd(?:\[\d+\])?: Did not receive identification string from <HOST>$
@ -70,7 +72,7 @@ in mkIf (elem "fail2ban" cfg.services) {
}; };
environment.etc."fail2ban/filter.d/postfix-sasl.conf" = { environment.etc."fail2ban/filter.d/postfix-sasl.conf" = {
enable = (active "mailserver"); enable = active "mailserver";
text = '' text = ''
# Fail2Ban filter for postfix authentication failures # Fail2Ban filter for postfix authentication failures
[INCLUDES] [INCLUDES]
@ -82,7 +84,7 @@ in mkIf (elem "fail2ban" cfg.services) {
}; };
environment.etc."fail2ban/filter.d/postfix-ddos.conf" = { environment.etc."fail2ban/filter.d/postfix-ddos.conf" = {
enable = (active "mailserver"); enable = active "mailserver";
text = '' text = ''
[Definition] [Definition]
failregex = lost connection after EHLO from \S+\[<HOST>\] failregex = lost connection after EHLO from \S+\[<HOST>\]
@ -90,7 +92,7 @@ in mkIf (elem "fail2ban" cfg.services) {
}; };
environment.etc."fail2ban/filter.d/nginx-req-limit.conf" = { environment.etc."fail2ban/filter.d/nginx-req-limit.conf" = {
enable = (active "nginx"); enable = active "nginx";
text = '' text = ''
[Definition] [Definition]
failregex = limiting requests, excess:.* by zone.*client: <HOST> failregex = limiting requests, excess:.* by zone.*client: <HOST>

14
services/fprintd.nix
View file

@ -1,7 +1,9 @@
{ config, lib, ... }: {
config,
lib,
...
}:
with lib; with lib;
mkIf (elem "fprintd" config.machine.services) { mkIf (elem "fprintd" config.machine.services) {
security.pam.services = let security.pam.services = let
unlock = [ unlock = [
@ -10,7 +12,11 @@ mkIf (elem "fprintd" config.machine.services) {
"login" "login"
"lightdm" "lightdm"
]; ];
in listToAttrs (forEach unlock (n: {name = n; value = { fprintAuth = true; }; })); in
listToAttrs (forEach unlock (n: {
name = n;
value = {fprintAuth = true;};
}));
services.fprintd = { services.fprintd = {
enable = true; enable = true;

10
services/gitea.nix
View file

@ -1,7 +1,9 @@
{ config, lib, ... }: {
config,
lib,
...
}:
with lib; with lib;
mkIf (elem "gitea" config.machine.services) { mkIf (elem "gitea" config.machine.services) {
services = { services = {
gitea = let gitea = let
@ -34,7 +36,7 @@ mkIf (elem "gitea" config.machine.services) {
}; };
service = { service = {
DISABLE_REGISTRATION = (lib.mkForce true); DISABLE_REGISTRATION = lib.mkForce true;
}; };
session = { session = {

Some files were not shown because too many files have changed in this diff Show more