mirror of
https://git.oat.zone/dark-firepit/dotfiles
synced 2024-04-26 10:55:06 +02:00
some refactoring
Co-authored-by: Jill Monoids <oatmealine@disroot.org>
This commit is contained in:
parent
35452b7be0
commit
9da0a143ae
|
@ -0,0 +1,40 @@
|
|||
[security]
|
||||
INSTALL_LOCK = true
|
||||
PASSWORD_HASH_ALGO = "argon2"
|
||||
PASSWORD_CHECK_PWN = true
|
||||
|
||||
[repository]
|
||||
DEFAULT_BRANCH = "main"
|
||||
|
||||
[ui]
|
||||
DEFAULT_THEME = "arc-pink"
|
||||
THEMES="auto,gitea,arc-green,arc-pink,arc-pink-modern,darkred,gitea-blue,gitea-modern,github"
|
||||
CUSTOM_EMOJIS = "blurry_eyes,whenyoubigshit,he,ancapistanian,oralpleasure,horny,acab,tastymilk,gluttony,soul_of_fright,soul_of_night,soul_of_might,soul_of_blight,michael,bottom,spongesad,scripulous_fingore_point,scripulous_fingore,Tainted_John_F_Kennedy,John_F_Kennedy_Tainted,John_F_Kennedy,plumspin,despair,ihaveyourip,rusty50,entropy,peeeh,penis,gloopy,twister,stupib,speed,deadchat,cock,housj,dothejej,b_,trollgecommence,handsl,handsr,face,aiki,nervous,coffee,the_cowboy,dilf,child,closer,feddynite,orang,feddy_glamcock,elonmusk,slugclose,zonkerdoodle,pls,x3,slugloafspin,observer,pickle,zamiel_approves,ohgod,hapykity,i_see_chicory,i_see_pizza,cutely_blushes,gamer_boi,eeeeeeeeee,babytime,sleeby"
|
||||
|
||||
[mailer]
|
||||
ENABLED = false
|
||||
|
||||
[service]
|
||||
REGISTER_EMAIL_CONFIRM = false
|
||||
ENABLE_NOTIFY_MAIL = false
|
||||
ALLOW_ONLY_EXTERNAL_REGISTRATION = false
|
||||
ENABLE_CAPTCHA = false
|
||||
REQUIRE_SIGNIN_VIEW = false
|
||||
DEFAULT_KEEP_EMAIL_PRIVATE = true
|
||||
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
|
||||
DEFAULT_ENABLE_TIMETRACKING = true
|
||||
NO_REPLY_ADDRESS = "noreply.oat.zone"
|
||||
|
||||
[picture]
|
||||
DISABLE_GRAVATAR = false
|
||||
ENABLE_FEDERATED_AVATAR = true
|
||||
|
||||
[openid]
|
||||
ENABLE_OPENID_SIGNIN = false
|
||||
ENABLE_OPENID_SIGNUP = false
|
||||
|
||||
[session]
|
||||
PROVIDER = "file"
|
||||
|
||||
[other]
|
||||
SHOW_FOOTER_BRANDING = true
|
14
default.nix
14
default.nix
|
@ -1,7 +1,7 @@
|
|||
{ config, inputs, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
inherit (lib) _;
|
||||
inherit (lib) filterAttrs _;
|
||||
in {
|
||||
imports =
|
||||
[ inputs.home-manager.nixosModules.home-manager ]
|
||||
|
@ -15,18 +15,18 @@ in {
|
|||
boot.loader.systemd-boot.configurationLimit = 10;
|
||||
|
||||
nix = let
|
||||
registry = lib.mapAttrs (_: v: { flake = v; }) (_.filterSelf inputs);
|
||||
registry = lib.mapAttrs (name: value: { flake = value; }) (filterAttrs (name: value: name != "attrs") inputs);
|
||||
in {
|
||||
package = pkgs.nixFlakes;
|
||||
autoOptimiseStore = true;
|
||||
extraOptions = "experimental-features = nix-command flakes";
|
||||
binaryCaches = [
|
||||
registry = registry // { dotfiles.flake = inputs.self; };
|
||||
settings.auto-optimise-store = true;
|
||||
settings.experimental-features = [ "nix-command" "flakes"];
|
||||
settings.substituters = [
|
||||
"https://nix-community.cachix.org"
|
||||
];
|
||||
binaryCachePublicKeys = [
|
||||
settings.trusted-public-keys = [
|
||||
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
||||
];
|
||||
registry = registry // { dotfiles.flake = inputs.self; };
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
|
|
338
flake.lock
338
flake.lock
|
@ -7,11 +7,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1641576265,
|
||||
"narHash": "sha256-G4W39k5hdu2kS13pi/RhyTOySAo7rmrs7yMUZRH0OZI=",
|
||||
"lastModified": 1652712410,
|
||||
"narHash": "sha256-hMJ2TqLt0DleEnQFGUHK9sV2aAzJPU8pZeiZoqRozbE=",
|
||||
"owner": "ryantm",
|
||||
"repo": "agenix",
|
||||
"rev": "08b9c96878b2f9974fc8bde048273265ad632357",
|
||||
"rev": "7e5e58b98c3dcbf497543ff6f22591552ebfe65b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -20,29 +20,58 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1641205782,
|
||||
"narHash": "sha256-4jY7RCWUoZ9cKD8co0/4tFARpWB+57+r1bLLvXNJliY=",
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"rev": "b7547d3eed6f32d06102ead8991ec52ab0a4f1a7",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils": {
|
||||
"locked": {
|
||||
"lastModified": 1638122382,
|
||||
"narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=",
|
||||
"lastModified": 1631561581,
|
||||
"narHash": "sha256-3VQMV5zvxaVLvqqUrNz3iJelLw30mIVSfZmAaauM3dA=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "74f7e4319258e287b0f9cb95426c9853b282730b",
|
||||
"rev": "7e5bf3925f6fbdfaf50a2a7ca0be2879c4261d19",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils_2": {
|
||||
"locked": {
|
||||
"lastModified": 1656928814,
|
||||
"narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils_3": {
|
||||
"locked": {
|
||||
"lastModified": 1656928814,
|
||||
"narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils_4": {
|
||||
"locked": {
|
||||
"lastModified": 1656928814,
|
||||
"narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -58,43 +87,86 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1649887911,
|
||||
"narHash": "sha256-Af0Ppb1RZ7HWuxUvF0/O7h3cy8tqU2eKFyVwyA1ZD+w=",
|
||||
"lastModified": 1656169755,
|
||||
"narHash": "sha256-Nlnm4jeQWEGjYrE6hxi/7HYHjBSZ/E0RtjCYifnNsWk=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "7244c6715cb8f741f3b3e1220a9279e97b2ed8f5",
|
||||
"rev": "4a3d01fb53f52ac83194081272795aa4612c2381",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"ref": "release-21.11",
|
||||
"ref": "release-22.05",
|
||||
"repo": "home-manager",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"libnbtplusplus": {
|
||||
"flake": false,
|
||||
"jillo": {
|
||||
"inputs": {
|
||||
"mkNodePackage": "mkNodePackage",
|
||||
"nixpkgs": "nixpkgs_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1591558203,
|
||||
"narHash": "sha256-QgvNvaoFflCXEPCCFBCeZvYTpuiwScBG7EosUgFwFNQ=",
|
||||
"owner": "multimc",
|
||||
"repo": "libnbtplusplus",
|
||||
"rev": "dc72a20b7efd304d12af2025223fad07b4b78464",
|
||||
"lastModified": 1659775351,
|
||||
"narHash": "sha256-W1vRnGF4+JCr8BSempyaB2rNFlkUAzSR7RjXiF+5GnQ=",
|
||||
"ref": "main",
|
||||
"rev": "55476dce96057b62d8ff4ae666a5084c709e06d8",
|
||||
"revCount": 19,
|
||||
"type": "git",
|
||||
"url": "file:///home/oatmealine/jillo"
|
||||
},
|
||||
"original": {
|
||||
"type": "git",
|
||||
"url": "file:///home/oatmealine/jillo"
|
||||
}
|
||||
},
|
||||
"mkNodePackage": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"npmlock2nix": "npmlock2nix",
|
||||
"pnpm2nix": "pnpm2nix"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1633790997,
|
||||
"narHash": "sha256-1mk4EwNkWtTNpeRivZmJTzB+92g07maeFRVUMnnRh1U=",
|
||||
"owner": "winston0410",
|
||||
"repo": "mkNodePackage",
|
||||
"rev": "a7eca5e027c8b260dca4ece7d8dd187f92420611",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "multimc",
|
||||
"repo": "libnbtplusplus",
|
||||
"owner": "winston0410",
|
||||
"repo": "mkNodePackage",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nix-minecraft": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils_2",
|
||||
"nixpkgs": "nixpkgs_3"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1661267391,
|
||||
"narHash": "sha256-5u33JsRQCq6Fotjj3/+JbQNmDujLVX8i/82ruFsDbMc=",
|
||||
"owner": "Infinidoge",
|
||||
"repo": "nix-minecraft",
|
||||
"rev": "3442139e21642082000271849abb1209484e8909",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "Infinidoge",
|
||||
"repo": "nix-minecraft",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixos-hardware": {
|
||||
"locked": {
|
||||
"lastModified": 1639986101,
|
||||
"narHash": "sha256-Ow0+pkY7qMw6lMAvR1mEdUT9svJnrkbaRoqp4bkMTpg=",
|
||||
"lastModified": 1660407119,
|
||||
"narHash": "sha256-04lWO0pDbhAXFdL4v2VzzwgxrZ5IefKn+TmZPiPeKxg=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixos-hardware",
|
||||
"rev": "3f92db38374b2977aea8daf4c4fe2fa0eddbd60c",
|
||||
"rev": "12620020f76b1b5d2b0e6fbbda831ed4f5fe56e1",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -105,26 +177,43 @@
|
|||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1650501692,
|
||||
"narHash": "sha256-ApKf0/dc0SyB7zZ6yiiOQgcXAhCXxbSDyihHfRDIzx0=",
|
||||
"owner": "NixOS",
|
||||
"lastModified": 1633351077,
|
||||
"narHash": "sha256-z38JG4Bb0GtM1aF1pANVdp1dniMP23Yb3HnRoJRy2uU=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "9887f024766aa27704d1f89f623efd1d063da92a",
|
||||
"rev": "14aef06d9b3ad1d07626bdbb16083b83f92dc6c1",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"id": "nixpkgs",
|
||||
"ref": "nixos-21.11",
|
||||
"type": "indirect"
|
||||
"owner": "nixos",
|
||||
"ref": "nixos-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-master": {
|
||||
"locked": {
|
||||
"lastModified": 1661278267,
|
||||
"narHash": "sha256-eqJH9nHQrFsAGpG7YRfUipAT0mG8ZW0AusI5MeX716s=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "1ded9c47d54c1fcd3a9e6a4ed4e2bb65984ca691",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nixos",
|
||||
"ref": "master",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-unstable": {
|
||||
"locked": {
|
||||
"lastModified": 1640139330,
|
||||
"narHash": "sha256-Nkp3wUOGwtoQ7EH28RLVJ7EqB/e0TU7VcsM7GLy+SdY=",
|
||||
"lastModified": 1661239211,
|
||||
"narHash": "sha256-pNJzBlSNpWEiFJZnLF2oETYq8cGWx1DJPW33aMtG6n8=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "81cef6b70fb5d5cdba5a0fef3f714c2dadaf0d6d",
|
||||
"rev": "5e804cd8a27f835a402b22e086e36e797716ef8b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -135,11 +224,27 @@
|
|||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1641528457,
|
||||
"narHash": "sha256-FyU9E63n1W7Ql4pMnhW2/rO9OftWZ37pLppn/c1aisY=",
|
||||
"lastModified": 1659153955,
|
||||
"narHash": "sha256-BAdA1WBHi/TBSaeyDjsVIqe62r0w/5ZvsaglXivOLLM=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "ff377a78794d412a35245e05428c8f95fef3951f",
|
||||
"rev": "1e5d0fbd82f0f1370c70026d255deda2d9c8a585",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nixos",
|
||||
"ref": "nixos-22.05",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_3": {
|
||||
"locked": {
|
||||
"lastModified": 1650161686,
|
||||
"narHash": "sha256-70ZWAlOQ9nAZ08OU6WY7n4Ij2kOO199dLfNlvO/+pf8=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "1ffba9f2f683063c2b14c9f4d12c55ad5f4ed887",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -149,41 +254,83 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"polymc": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat",
|
||||
"flake-utils": "flake-utils",
|
||||
"libnbtplusplus": "libnbtplusplus",
|
||||
"nixpkgs": "nixpkgs_2",
|
||||
"quazip": "quazip"
|
||||
},
|
||||
"nixpkgs_4": {
|
||||
"locked": {
|
||||
"lastModified": 1641930261,
|
||||
"narHash": "sha256-3RR/rjMFDYoA7qJHXLHdw1sauBCdO9kqMEGUpuxB1Sw=",
|
||||
"owner": "PolyMC",
|
||||
"repo": "PolyMC",
|
||||
"rev": "3b524e99cceb734fa9f2433e3738ce0d185a75aa",
|
||||
"lastModified": 1661187878,
|
||||
"narHash": "sha256-/wCqoQB1BsaVi4nb8Iz0PreeBNMTim0p78NLtyWejFE=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "52527082ea267fe486f0648582d57c85486b2031",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "PolyMC",
|
||||
"repo": "PolyMC",
|
||||
"id": "nixpkgs",
|
||||
"ref": "nixos-22.05",
|
||||
"type": "indirect"
|
||||
}
|
||||
},
|
||||
"nixpkgs_5": {
|
||||
"locked": {
|
||||
"lastModified": 1659219666,
|
||||
"narHash": "sha256-pzYr5fokQPHv7CmUXioOhhzDy/XyWOIXP4LZvv/T7Mk=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "7b9be38c7250b22d829ab6effdee90d5e40c6e5c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"id": "nixpkgs",
|
||||
"ref": "nixos-unstable",
|
||||
"type": "indirect"
|
||||
}
|
||||
},
|
||||
"nixpkgs_6": {
|
||||
"locked": {
|
||||
"lastModified": 1659102345,
|
||||
"narHash": "sha256-Vbzlz254EMZvn28BhpN8JOi5EuKqnHZ3ujFYgFcSGvk=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "11b60e4f80d87794a2a4a8a256391b37c59a1ea7",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixpkgs-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"quazip": {
|
||||
"npmlock2nix": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1633895098,
|
||||
"narHash": "sha256-+Of0M2IAoTf1CyC0teCpsyurv6xfqiBo84V49dSeNTA=",
|
||||
"owner": "multimc",
|
||||
"repo": "quazip",
|
||||
"rev": "b1a72ac0bb5a732bf887a535ab75c6f9bedb6b6b",
|
||||
"lastModified": 1633729941,
|
||||
"narHash": "sha256-v2YPcEWI1Wz8ErivorubgLcDT06H6YzFT7uhp1ymqnE=",
|
||||
"owner": "winston0410",
|
||||
"repo": "npmlock2nix",
|
||||
"rev": "6ade47a330b6919defb45c0eb984a64234aa8468",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "multimc",
|
||||
"repo": "quazip",
|
||||
"owner": "winston0410",
|
||||
"ref": "issue113",
|
||||
"repo": "npmlock2nix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"pnpm2nix": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1594396611,
|
||||
"narHash": "sha256-UXOUQ+2A89/zaxYhTHiRrRBU5exbUWrg+FoJYMcNwuI=",
|
||||
"owner": "nix-community",
|
||||
"repo": "pnpm2nix",
|
||||
"rev": "f67be0925a91b92f54d99dbdead7a06920b979ac",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"ref": "master",
|
||||
"repo": "pnpm2nix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
|
@ -191,10 +338,49 @@
|
|||
"inputs": {
|
||||
"agenix": "agenix",
|
||||
"home-manager": "home-manager",
|
||||
"jillo": "jillo",
|
||||
"nix-minecraft": "nix-minecraft",
|
||||
"nixos-hardware": "nixos-hardware",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"nixpkgs": "nixpkgs_4",
|
||||
"nixpkgs-master": "nixpkgs-master",
|
||||
"nixpkgs-unstable": "nixpkgs-unstable",
|
||||
"polymc": "polymc"
|
||||
"watch-party": "watch-party"
|
||||
}
|
||||
},
|
||||
"rust-overlay": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils_4",
|
||||
"nixpkgs": "nixpkgs_6"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1659179790,
|
||||
"narHash": "sha256-HhCjnO20QbJFJExExiwAslpx0YpB0qpovKejE+HpSQ4=",
|
||||
"owner": "oxalica",
|
||||
"repo": "rust-overlay",
|
||||
"rev": "cc3c93a28de41ac38b93cdf075a6776c6e42d2a1",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "oxalica",
|
||||
"repo": "rust-overlay",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"watch-party": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils_3",
|
||||
"nixpkgs": "nixpkgs_5",
|
||||
"rust-overlay": "rust-overlay"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1657657296,
|
||||
"narHash": "sha256-eJnE1a3EiVM2EFhJ7nQvkTyEZ6/fOWYsnb6GYOSfizg=",
|
||||
"type": "git",
|
||||
"url": "file:///home/oatmealine/watch-party"
|
||||
},
|
||||
"original": {
|
||||
"type": "git",
|
||||
"url": "file:///home/oatmealine/watch-party"
|
||||
}
|
||||
}
|
||||
},
|
||||
|
|
39
flake.nix
39
flake.nix
|
@ -2,41 +2,31 @@
|
|||
description = "Frosted Flakes";
|
||||
|
||||
inputs = {
|
||||
# NixOS unstable
|
||||
# nixpkgs.url = "nixpkgs/nixos-unstable";
|
||||
nixpkgs.url = "nixpkgs/nixos-21.11";
|
||||
nixpkgs.url = "nixpkgs/nixos-22.05";
|
||||
|
||||
# WARNING: Where possible, prefer the stable branch of nixpkgs as nixpkgs-unstable may have incompatable or vulnerable software.
|
||||
nixpkgs-unstable.url = "nixpkgs/nixos-unstable";
|
||||
|
||||
# home-manager
|
||||
# home-manager.url = "github:nix-community/home-manager/master";
|
||||
home-manager.url = "github:nix-community/home-manager/release-21.11";
|
||||
# WARNING: The master branch of nixpkgs is unsafe to use and software may break or contain various security vulnerabilities. Use at your own discretion.
|
||||
nixpkgs-master.url = "github:nixos/nixpkgs/master";
|
||||
|
||||
home-manager.url = "github:nix-community/home-manager/release-22.05";
|
||||
home-manager.inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
||||
# agenix - age-encrypted secrets
|
||||
agenix.url = "github:ryantm/agenix";
|
||||
agenix.inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
||||
# nixos-hardware
|
||||
nixos-hardware.url = "github:nixos/nixos-hardware";
|
||||
nixos-hardware.inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
||||
/*
|
||||
# fzf-hoogle
|
||||
fzf-hoogle-vim.url = "github:monkoose/fzf-hoogle.vim";
|
||||
fzf-hoogle-vim.flake = false;
|
||||
nix-minecraft.url = "github:Infinidoge/nix-minecraft";
|
||||
|
||||
# asyncrun-vim
|
||||
asyncrun-vim.url = "github:skywind3000/asyncrun.vim";
|
||||
asyncrun-vim.flake = false;
|
||||
*/
|
||||
|
||||
# blender-30.url = "github:blender/blender/blender-v3.0-release";
|
||||
# blender-30.flake = false;
|
||||
|
||||
polymc.url = "github:PolyMC/PolyMC";
|
||||
jillo.url = "/home/oatmealine/jillo";
|
||||
watch-party.url = "/home/oatmealine/watch-party";
|
||||
};
|
||||
|
||||
outputs = inputs @ { self, nixpkgs, nixpkgs-unstable, ... }:
|
||||
outputs = inputs @ { self, nixpkgs, nixpkgs-unstable, nixpkgs-master, nix-minecraft, ... }:
|
||||
let
|
||||
system = "x86_64-linux";
|
||||
|
||||
|
@ -49,16 +39,19 @@
|
|||
overlays = overlays ++ (lib.attrValues self.overlays);
|
||||
};
|
||||
|
||||
pkgs = mkPkgs nixpkgs [ self.overlay inputs.polymc.overlay.${system} ];
|
||||
pkgs = mkPkgs nixpkgs [ self.overlay nix-minecraft.overlay ];
|
||||
in {
|
||||
packages."${system}" = mapModules ./packages (p: pkgs.callPackage p {});
|
||||
overlay = final: prev: {
|
||||
_ = self.packages."${system}";
|
||||
unstable = mkPkgs nixpkgs-unstable [];
|
||||
master = mkPkgs nixpkgs-master [];
|
||||
};
|
||||
overlays = mapModules ./overlays import;
|
||||
nixosModules = mapModulesRec ./modules import;
|
||||
nixosConfigurations = mapModules ./hosts (mkHost system);
|
||||
nixosConfigurations = mapModules ./hosts (host: mkHost host { inherit system; });
|
||||
devShell."${system}" = import ./shell.nix { inherit pkgs; };
|
||||
};
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
{
|
||||
"aether@subsurface" = {
|
||||
ssh = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4lh7dN9Ohh2/WoGiZ4WlpVb01YPNto/9ungOAk6TH+65wkxMjY4a+1OsO8Znguj46tXVErn8xv2ZVX0K7ql0hzypPkP2Dvvim99tz6FKSf9Nwj6RRtIKPoYkJjtGYAqLJl8JPy50HkFXkDVQ/z4d4iwpneSODIJdkUFSzZR91jz9FX+4t2h+2xtuuRDI43+gHRqvwPP8XaE0srtMzZoQDUBKhwOynoo2vZnyd3O7kkpD9T+jzYEeLKppHdaoYN5UxZ4L0xnig0WFZiBH36/YGXA8gT56FHRw5GKhwWwfSvliEw63/6IxiVZBuM1Mj7syg2Ndhhmmay05QqvyTrdHA9veyzJG5l0HlnCmXe7ss9lVQnxxPfbHbnDZUhH1ax01sQUeTK3Bs3AvbsTLyXBbd4NCY5ovz85MqzM/Q84B1zX1i8KbFEBh0xkumNsPAXzY8ar+tq5rFa23bY9qF4s6CMv++JEXSJJufcf3BS2dBlw0lTGBn7UEO9FHHsU3xKCc= aether@subsurface";
|
||||
ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFLDtlpOnQFQq9mPMhR1uQnjrTexcof+c+y+ot/7Jgnt aether@subsurface";
|
||||
wg = "XEVSwNNPR7RTt/O0ihYmv3nopbPmqkCMGrVRCixnPWw=";
|
||||
};
|
||||
"oatmealine@beppy" = {
|
||||
"oatmealine@void-defragmented" = {
|
||||
ssh = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDbJDo79TD9RV77MnArQwS94wzBo+6l6dYQnaNdPk2xo019+tc7GyuQ+GHyh4qewIUQOwe3Ddj4YxJN9IS3E360/6RdaNDxn3hUp2jh/x9SOjh0W86FJfdHEQViNeFVSXJv+QBZT9ibR9IbOHYezhD6gtz15pNhEqhQyqw2hJuQzxLvnictTc4lPQnWN9I8ga+OVSh7Uauu5OKbUOyRRj1Er/hasNviCaGBJnLDYjSqTDRvEbdYlfuhrYITJ+viZOQq7Nczs6dbsl627FCvhr5vQi+/vvpx9DKHDvpGvbEglOmOwgffSkaOIIx/pNHTsRccX7c3/im6z4pCDj4bEuiqqawv2C6DV0aM01bW8cchOJrmSQGTygTrJuuVPHp4IRIZNvQGS+97j4u+d7ofricLR1RoxJcQibvRA9rhhYI2FhwrAweuuLktjSj5RkQnypd9kjOuH+nhgLZunreNoyPNDCmcOBA7BA0rD2pCIKB9SzlelMjVuvy0PA8uWfNFfxGU+m3BH7lQS/A6V+NeYrMGiZ+u+t9Pgr6kAoR7mAUO+obIdMM/lOp1/zGBY8lk2Aq3GQcyGVNi18VR0uA+NMaJYXA1JzSiPCz7cQn1pKIAKiDEnzicf5MxDHIi5F1iQ/Lc+NftgmDXZEAHDY1bQepScOttaOZQZLpYP/eWwlEQJQ== oatmealine@beppy";
|
||||
wg = "533BncNpHKzJVx5lwdxBg+aUfLGqea9uUYz70C6wxyg=";
|
||||
};
|
||||
"skye@DESKTOP-VB4940J" = {
|
||||
ssh = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDGPFAyr1zYL5+/VIUVhT5sIfikhlj37tuTHVSfW/xbHfBqvR/Ga21j2k6HAa6acpHBa3+Ri1DZIjIkzjco447ZP7ahwOF3Ci6Cv9oSXxmw43hUMypfMTLu9+v9sjFJFPg7F39X2ngZzzLxO1/fPMuQm3kK6T3WyVqpNUMaenXhnT2i641lo2tRjs1LeGIk6h3Ermp4V3WQo+exbf+nc1Lqt5Yos/jWn1HnsjxI2N1SQDiT9J+MpNN7wUz4Q57+aDKeXH2oBsnRjNGU90qudwZIdUUJunfVaFXZHuVopLv1DlY1rcjtTP/8P9WcFXsnqb4yiA4uon0fbo7IZISt+ffw+TDjPaDH/8TsfgeT36Dd2mKZ/Z9XdzdWiez4fZxExR9MZcJafxnnw6Bfsfb4sSw52VRE2R65apasDTHTE3toRr7JWDNOg35ULDuGiQMnWhbr1c/0aHOtxoIIjOTtWUAl1LqemAELq/sJhKc/B/ywN1421FCcyivn8meZUII0Ccc= skye@DESKTOP-VB4940J";
|
||||
wg = "";
|
||||
"oatmealine@beppy-phone" = {
|
||||
ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJUgEsAQ7EL5/3STLAk/0qWJddYqfBY71yS9RtRSWd3w JuiceSSH";
|
||||
wg = "qT7gX8beM/kW9AYg5dV1e3cLzLDTLxMO2CmnbFpMVj4=";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,12 +1,18 @@
|
|||
{ pkgs, inputs, lib, ... }:
|
||||
|
||||
let
|
||||
keys = import ./authorizedKeys;
|
||||
keys = import ./authorizedKeys.nix;
|
||||
in {
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
inputs.nix-minecraft.nixosModules.minecraft-servers
|
||||
#inputs.watch-party.nixosModules.watch-party
|
||||
(fetchTarball "https://github.com/msteen/nixos-vscode-server/tarball/master")
|
||||
];
|
||||
|
||||
# services.auto-fix-vscode-server.enable = true;
|
||||
services.vscode-server.enable = true;
|
||||
|
||||
user = {
|
||||
packages = with pkgs; [
|
||||
git
|
||||
|
@ -14,27 +20,39 @@ in {
|
|||
];
|
||||
};
|
||||
|
||||
defaultUsers = {
|
||||
normalUsers = {
|
||||
aether = {
|
||||
packages = [ ];
|
||||
shell = "fish";
|
||||
extraGroups = [ "wheel" ];
|
||||
initialHashedPassword = "!";
|
||||
openssh.authorizedKeys.keys = [ keys."aether@subsurface".ssh ];
|
||||
conf = {
|
||||
packages = with pkgs; [ bat duf broot nftables tmux ];
|
||||
shell = pkgs.unstable.fish;
|
||||
extraGroups = [ "wheel" "nix-users" ];
|
||||
initialHashedPassword = "!";
|
||||
openssh.authorizedKeys.keys = [ keys."aether@subsurface".ssh ];
|
||||
};
|
||||
|
||||
homeConf.home = {
|
||||
sessionVariables = {
|
||||
EDITOR = "nvim";
|
||||
NIX_REMOTE = "daemon";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
oatmealine = {
|
||||
packages = [ ];
|
||||
shell = "zsh";
|
||||
extraGroups = [ "wheel" ];
|
||||
initialHashedPassword = "!";
|
||||
openssh.authorizedKeys.keys = [ keys."oatmealine@beppy".shh ];
|
||||
};
|
||||
skye = {
|
||||
packages = [ ];
|
||||
shell = "fish";
|
||||
extraGroups = [ "wheel" ];
|
||||
initialHashedPassword = "!";
|
||||
openssh.authorizedKeys.keys = [ keys."skye@DESKTOP-VB4940J".shh ];
|
||||
conf = {
|
||||
packages = with pkgs; [ bat tmux micro direnv nix-direnv ripgrep ];
|
||||
shell = pkgs.unstable.fish;
|
||||
extraGroups = [ "wheel" "nix-users" ];
|
||||
initialHashedPassword = "!";
|
||||
openssh.authorizedKeys.keys = [ keys."oatmealine@void-defragmented".ssh keys."oatmealine@beppy-phone".ssh ];
|
||||
};
|
||||
|
||||
homeConf.home = {
|
||||
sessionVariables = {
|
||||
EDITOR = "micro";
|
||||
NIX_REMOTE = "daemon";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -44,41 +62,220 @@ in {
|
|||
};
|
||||
|
||||
modules = {
|
||||
# theme.active = "still";
|
||||
shell.zsh.enable = true;
|
||||
shell.fish.enable = true;
|
||||
security = {
|
||||
isLocalMachine = false;
|
||||
};
|
||||
desktop = {
|
||||
editors = {
|
||||
neovim.enable = true;
|
||||
};
|
||||
};
|
||||
dev = {
|
||||
security.isLocalMachine = false;
|
||||
editors.neovim.enable = true;
|
||||
remote = {
|
||||
enable = true;
|
||||
keys = [
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAoV7ymOtfC8SYvv31/GGso8DoHKE/KOfoEZ0hjmYtaQg7dyi5ijfDikLZUux8aWivvRofa7SqyaK0Ea+s9KuTX/dreJKz/RKG+QHLjw6U0FSoJ765q56pUy0j0TZoVy4PjSb38of56urg1UmHkK13WQXrvjwdHUjAcVx6PurHAxsbmxhYkJO9Jmvr8CB+PZFKIHjewkgBWkBxD97WFNwDfmBmvh1F5xRn8WhgT+2DVdQ2coN4Eqwc4NWzBUSfrro0gARsJsUvQxdx8f1kJDQKy2lQWCnlgRiD+pK5ocf1wCZfJMs0NQ6xqCZDKDJTcyGNLWH/L57Pg5U5t7BWRTTPmQ== yugoslavia"
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCX2uRTaL1Nu4KzsSJSVc7R2yCIa4Mw3KuJAMluQO746eXBFeTmRN6Pqc+H0Rpz9nkQ/fB8tYl70FfrYy4suM0QCY1IDbPWaUBmLQYCt6nzCfFY8PTpLoJmeQW3jzG7VqSjjl+uG2KLQqPtzxmvukIJRovhrKcUnPzw4tU4BLy2uGWgJN9sGofWczmtxdijADyOYtasVIr6/Hca5IwMCldbqQ9B1k+VIE87Kv2k5n+LVRVMsVHaVSubIMYZFbZFDW2/oRVg2ainewO0e9XPbtBREVraPnuf7s4uBByk4goQfLhz3B6L4JLbYYijw25+SmeJcesDxJUIIKMCuZChNcyb aura@LAPTOP-MEN8UH6Q"
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRI9sGl0EmOkNNnh8SgRq197gkEy3XEwKZjLIr27V9PfaVOLIAcZiGcOa5q7rc5FjcCtkQ9+/twE24bZpxkK0ygrRJBEdT+HGAUmpY/kRPEn/tqjmwNu43vQqOhNSYmAAzdjJ4AuRPK5st8QQyOzKv5Pnghwy8xPAjOM3o4n9ULMLjVvAu0eTmCJMKxEvz5FUEIVZtEid/ng46k/bJ/njSh8vyGBQV4fJei6M9Ovw0HPqqzWyV/e0c3hTClG4dfLCK3Qv3hLhXQ+8I9iaL7D2wZdr3F2lbg0vS/QctPZc28f1gpkFEzVflEzAk4aFwJMMflY04IG1Dr44IfM1gJbpj rsa-key-20220423"
|
||||
keys."oatmealine@void-defragmented".ssh
|
||||
keys."oatmealine@beppy-phone".ssh
|
||||
];
|
||||
packages = with pkgs; [ tmux ];
|
||||
shell = pkgs.unstable.fish;
|
||||
};
|
||||
services = {
|
||||
ssh.enable = true;
|
||||
ssh = {
|
||||
enable = true;
|
||||
requirePassword = false;
|
||||
};
|
||||
|
||||
postgres.enable = true;
|
||||
|
||||
nextcloud = {
|
||||
enable = true;
|
||||
domain = "cloud.aether.gay";
|
||||
};
|
||||
|
||||
gitea = {
|
||||
enable = true;
|
||||
site = "git.oat.zone";
|
||||
domain = "git.oat.zone";
|
||||
port = 3000;
|
||||
};
|
||||
|
||||
matrix.conduit = {
|
||||
enable = false;
|
||||
domain = "matrix.aether.gay";
|
||||
};
|
||||
|
||||
minecraft = {
|
||||
enable = true;
|
||||
servers = {
|
||||
"dark-firepit" = {
|
||||
enable = true;
|
||||
autoStart = true;
|
||||
openFirewall = true;
|
||||
serverProperties = {
|
||||
server-port = 25565;
|
||||
gamemode = 0;
|
||||
motd = "dark-firepit, 1.19.2 Fabric";
|
||||
white-list = true;
|
||||
max-players = 8;
|
||||
allow-flight = true;
|
||||
enable-command-block = true;
|
||||
enforce-secure-profile = false;
|
||||
level-type = "terra:overworld/overworld";
|
||||
snooper-enabled = false;
|
||||
spawn-protection = 0;
|
||||
};
|
||||
whitelist = {
|
||||
oatmealine = "241d7103-4c9d-4c45-9464-83b5365ce48e";
|
||||
RustyMyHabibi = "e20305fa-a44c-44c9-b62e-6918e7c779d6";
|
||||
Dj_Afganistan = "1f879917-1ad4-49c3-9908-90769ee73f85";
|
||||
DumbDogDoodles = "d33e5e3b-85ab-4c93-a61b-605e2673fbe8";
|
||||
SuneFoxie = "82e82ef9-ea17-4794-9051-928b5b8629c1";
|
||||
FuzziestRedMoth = "21e1adf8-93f7-4173-a087-b3a9c02edec5";
|
||||
};
|
||||
package = pkgs.minecraftServers.fabric-1_19_2;
|
||||
jvmOpts = "-Xmx6G";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
wireguard = {
|
||||
enable = true;
|
||||
server = true;
|
||||
externalInterface = "eno1";
|
||||
interfaces."wg0" = import ./wireguardInterface.nix;
|
||||
};
|
||||
webapps = lib.mkMerge (import ./webapps);
|
||||
|
||||
vaultwarden = {
|
||||
enable = true;
|
||||
domain = "vault.aether.gay";
|
||||
};
|
||||
|
||||
jillo = {
|
||||
enable = false;
|
||||
dataDir = "/var/lib/jillo";
|
||||
};
|
||||
|
||||
# not entirely necessary but makes it so that invalid domains and/or direct ip access aborts connection
|
||||
# prevents other domains from "stealing" content by settings their dns to our ip
|
||||
# this has happened before by the way on the vps. i have no clue how or why
|
||||
# update: also optimizes gzip and tls stuff
|
||||
nginx-config = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
staticSites = {
|
||||
"aether.gay".dataDir = "/var/www/aether.gay";
|
||||
"dark-firepit.oat.zone".dataDir = "/var/www/dark-firepit.oat.zone";
|
||||
"va11halla.oat.zone".dataDir = "/var/www/va11halla.oat.zone";
|
||||
"giger.yugoslavia.fishing".dataDir = "/var/www/giger.yugoslavia.fishing";
|
||||
"modfiles.oat.zone".dataDir = "/var/www/modfiles.oat.zone";
|
||||
"shop.yugoslavia.best".dataDir = "/var/www/shop.yugoslavia.best";
|
||||
"tesco-underground-dev.oat.zone".dataDir = "/var/www/tesco-underground-dev.oat.zone";
|
||||
"tesco-underground-dev.oat.zone".auth = { tesco = "Jn2DVTM7yVZtRKKyz3b2Tjj7Ss8vpuLB"; };
|
||||
"oat.zone".dataDir = "/var/www/oat.zone";
|
||||
"oat.zone".php = true;
|
||||
"yugoslavia.fishing".dataDir = "/var/www/yugoslavia.fishing";
|
||||
"yugoslavia.fishing".php = true;
|
||||
};
|
||||
|
||||
nitter = {
|
||||
enable = true;
|
||||
lightweight = false; # enable if shit gets wild; check config for more info
|
||||
port = 3005;
|
||||
domain = "nitter.oat.zone";
|
||||
};
|
||||
|
||||
#watch-party = {
|
||||
# enable = true;
|
||||
# port = 1984;
|
||||
#};
|
||||
|
||||
terraria = {
|
||||
enable = false;
|
||||
port = 7777; # port-forwarded
|
||||
messageOfTheDay = "hi";
|
||||
openFirewall = true;
|
||||
worldPath = "/var/lib/terraria/gbj.wld";
|
||||
autoCreatedWorldSize = "large";
|
||||
dataDir = "/var/lib/terraria";
|
||||
};
|
||||
|
||||
matomo = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
isso = {
|
||||
enable = true;
|
||||
port = 1995;
|
||||
};
|
||||
|
||||
yugoslavia-best = {
|
||||
enable = true;
|
||||
domain = "yugoslavia.best";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."oat.zone" = {
|
||||
locations."/f/".extraConfig = ''
|
||||
add_header Access-Control-Allow-Origin "*";
|
||||
'';
|
||||
};
|
||||
|
||||
security.doas = {
|
||||
extraRules = [
|
||||
{ users = [ "aether" "oatmealine" "skye" ]; noPass = false; keepEnv = true; }
|
||||
{ users = [ "aether" ]; noPass = false; persist = true; keepEnv = true; }
|
||||
{ users = [ "oatmealine" ]; noPass = true; persist = false; keepEnv = true; }
|
||||
];
|
||||
};
|
||||
|
||||
time.timeZone = "Europe/Amsterdam";
|
||||
|
||||
# If you uncomment this, I will uncomment the spores in your body
|
||||
# mmm spores ymmnu.uyyy.., :)
|
||||
networking.useDHCP = false;
|
||||
|
||||
networking = {
|
||||
# for docs, start here
|
||||
# https://nixos.org/manual/nixos/stable/options.html#opt-networking.enableB43Firmware
|
||||
|
||||
enableIPv6 = true; # true by default, but better safe than sorry
|
||||
|
||||
interfaces.eno1.ipv4.addresses = [
|
||||
{ address = "51.89.98.8";
|
||||
prefixLength = 24;
|
||||
}
|
||||
];
|
||||
|
||||
defaultGateway = "51.89.98.254";
|
||||
nameservers = [ "8.8.8.8" "1.1.1.1" ];
|
||||
|
||||
interfaces.eno1.ipv6.addresses = [
|
||||
{ address = "2001:41d0:0700:3308::";
|
||||
prefixLength = 64;
|
||||
}
|
||||
];
|
||||
|
||||
defaultGateway6 = {
|
||||
address = "2001:41d0:0700:33ff:00ff:00ff:00ff:00ff";
|
||||
# address = "33ff::1";
|
||||
# address = "2001::1";
|
||||
interface = "eno1";
|
||||
};
|
||||
|
||||
/*
|
||||
dhcpcd.persistent = true;
|
||||
dhcpcd.extraConfig = ''
|
||||
clientid d0:50:99:d4:04:68:d0:50:99:d4:04:68
|
||||
noipv6rs
|
||||
interface eno1
|
||||
ia_pd 1/2001:41d0:700:3308::/56 eno1
|
||||
static ip6_address=2001:41d0:700:3308::1/56
|
||||
'';
|
||||
*/
|
||||
|
||||
firewall.allowPing = true;
|
||||
# minecraft proximity voice chat
|
||||
firewall.allowedTCPPorts = [ 24454 ];
|
||||
firewall.allowedUDPPorts = [ 24454 ];
|
||||
};
|
||||
|
||||
# environment.etc."dhcpcd.duid".text = "d0:50:99:d4:04:68:d0:50:99:d4:04:68";
|
||||
}
|
||||
|
|
|
@ -19,6 +19,9 @@
|
|||
};
|
||||
};
|
||||
|
||||
nix.settings.cores = 3;
|
||||
nix.settings.max-jobs = 6;
|
||||
|
||||
modules.hardware.fs = {
|
||||
enable = true;
|
||||
ssd.enable = true;
|
||||
|
|
|
@ -1 +1,6 @@
|
|||
{}
|
||||
let
|
||||
keys = import ../authorizedKeys.nix;
|
||||
|
||||
"subsurface.aether" = keys."aether@subsurface".ssh;
|
||||
in
|
||||
{}
|
||||
|
|
|
@ -1,2 +1,3 @@
|
|||
[
|
||||
]
|
||||
{
|
||||
# "git.oat.zone" = import ./git-oat-zone;
|
||||
}
|
||||
|
|
|
@ -0,0 +1,6 @@
|
|||
{
|
||||
locations."/" = {
|
||||
proxy_cache = "simple_cache";
|
||||
proxy_pass = "http://localhost:3000";
|
||||
};
|
||||
}
|
|
@ -0,0 +1,2 @@
|
|||
{
|
||||
}
|
|
@ -6,7 +6,7 @@ let
|
|||
in {
|
||||
ips = [ "10.100.0.1/24" ];
|
||||
|
||||
privateKeyFile = readFile "/etc/wg0.keys/wg0";
|
||||
privateKeyFile = "/etc/wg0.keys/wg0";
|
||||
|
||||
listenPort = 51820;
|
||||
|
||||
|
@ -15,3 +15,4 @@ in {
|
|||
allowedIPs = [ "10.100.0.${toString (n+2)}/32" ];
|
||||
}) (length (attrValues peerKeys));
|
||||
}
|
||||
|
||||
|
|
|
@ -1,20 +0,0 @@
|
|||
# Lib
|
||||
|
||||
The `default.nix` defines a lib extended with a `_` attribute under which mine
|
||||
custom lib functions live. The `default.nix` loads every `.nix` file in the
|
||||
`libs` (current) directory and imports it.
|
||||
|
||||
The importing is quite simple:
|
||||
1. First the `libsInFolder` reads the contents of the `libs` directory, filters
|
||||
out non `.nix` files and the `default.nix` file and then returns a list of
|
||||
paths to the individual `.nix` files it found.
|
||||
2. This list gets passed to `importLibs` which imports the libraries and
|
||||
merges the individual imported attribute sets together, so that all the
|
||||
functions are available directly under one attribute set.
|
||||
3. This attribute then gets bind to the `_` attribute in the `lib` extension.
|
||||
|
||||
Individual `.nix` files can use the functions defined in other local library
|
||||
files normally using the `nix._.someFunctionName`.
|
||||
|
||||
## Overview
|
||||
TODO
|
129
lib/colors.nix
129
lib/colors.nix
|
@ -1,129 +0,0 @@
|
|||
{ lib, ... }:
|
||||
|
||||
let
|
||||
inherit (builtins) elemAt listToAttrs substring;
|
||||
inherit (lib) concatStringsSep fixedWidthString nameValuePair
|
||||
stringToCharacters sublist toInt toUpper zipListsWith;
|
||||
inherit (lib._) joinWithSep;
|
||||
in rec {
|
||||
/* Converts a hex color string to RGB triplet, an array of exactly 3 elements
|
||||
|
||||
Type:
|
||||
toRGB :: String -> [Int]
|
||||
|
||||
Example:
|
||||
toRGB "ffFFff"
|
||||
=> [ 255 255 255 ]
|
||||
*/
|
||||
toRGB = hex: let
|
||||
chars = stringToCharacters hex;
|
||||
r = sublist 0 2 chars;
|
||||
g = sublist 2 2 chars;
|
||||
b = sublist 4 2 chars;
|
||||
/* Converts a pair of characters (array of two strings, each of one char
|
||||
long) in hexadecimal to a number. Expects a valid hexadecimal string.
|
||||
|
||||
Type:
|
||||
hexPairToNum :: [String] -> Int
|
||||
|
||||
Example:
|
||||
hexPairToNum [ "F" "1" ]
|
||||
=> 241
|
||||
*/
|
||||
hexPairToNum = pair: let
|
||||
c1 = elemAt pair 0; c2 = elemAt pair 1;
|
||||
hexMapping = {
|
||||
"A" = 10;
|
||||
"B" = 11;
|
||||
"C" = 12;
|
||||
"D" = 13;
|
||||
"E" = 14;
|
||||
"F" = 15;
|
||||
};
|
||||
toNum = c: if hexMapping ? ${toUpper c} then hexMapping.${toUpper c} else toInt c;
|
||||
in 16 * (toNum c1) + (toNum c2);
|
||||
in [
|
||||
(hexPairToNum r)
|
||||
(hexPairToNum g)
|
||||
(hexPairToNum b)
|
||||
];
|
||||
|
||||
/* Both ‹hexColor› and ‹rgbColor› accept a color in 6 char long hexadecimal
|
||||
representation. Their variants ‹hexColor'› and ‹rgbaColor› accept an
|
||||
additional parameter ‹opacity› specified as an int in range from 0 to 100.
|
||||
*/
|
||||
|
||||
/* Type:
|
||||
hexColor :: String -> String
|
||||
|
||||
Example:
|
||||
hexColor "FECACA"
|
||||
=> "#FECACA"
|
||||
*/
|
||||
hexColor = color: "#" + color;
|
||||
|
||||
/* Type:
|
||||
hexColor' :: String -> Int -> String
|
||||
|
||||
Example:
|
||||
hexColor' "FECACA" 54
|
||||
=> "#FECACA54"
|
||||
*/
|
||||
hexColor' = color: opacity: "#" + color + toString opacity;
|
||||
|
||||
_rgbColor = color: extra: "(" + (joinWithSep ((toRGB color) ++ extra) ", ") + ")";
|
||||
|
||||
/* Type:
|
||||
rgbColor :: String -> String
|
||||
|
||||
Example:
|
||||
rgbColor "FFFFFF"
|
||||
=> "rgb(255, 255, 255)"
|
||||
*/
|
||||
rgbColor = color: "rgb" + _rgbColor color [];
|
||||
|
||||
/* Type:
|
||||
rgbaColor :: String -> Int -> String
|
||||
|
||||
Example:
|
||||
rgbaColor "FFFFFF" 42
|
||||
=> "rgba(255, 255, 255, 0.42)"
|
||||
*/
|
||||
rgbaColor = color: _opacity: let
|
||||
opacityStr = fixedWidthString 3 "0" (toString _opacity);
|
||||
opacity = substring 0 1 opacityStr + "." + substring 1 2 opacityStr;
|
||||
in "rgba" + _rgbColor color [opacity];
|
||||
|
||||
/* ‹colors› defines a color palette according to the Tailwind colors:
|
||||
https://tailwindcss.com/docs/customizing-colors#color-palette-reference
|
||||
|
||||
Each individual color has 10 variants, for example to access the variant
|
||||
‹700› of color ‹red› following notation is used: ‹colors.red._700›
|
||||
|
||||
The ‹_› in front of the variant is there because numbers cannot be
|
||||
used as keys.
|
||||
*/
|
||||
colors = let
|
||||
scaleDef = [ 50 100 200 300 400 500 600 700 800 900 ];
|
||||
scale = s: listToAttrs (zipListsWith (variant: color: nameValuePair "_${toString variant}" color) scaleDef s);
|
||||
in rec {
|
||||
# Default palette
|
||||
coolGray = scale [ "F9FAFB" "F3F4F6" "E5E7EB" "D1D5DB" "9CA3AF" "6B7280" "4B5563" "374151" "1F2937" "111827" ];
|
||||
red = scale [ "FEF2F2" "FEE2E2" "FECACA" "FCA5A5" "F87171" "EF4444" "DC2626" "B91C1C" "991B1B" "7F1D1D" ];
|
||||
amber = scale [ "FFFBEB" "FEF3C7" "FDE68A" "FCD34D" "FBBF24" "F59E0B" "D97706" "B45309" "92400E" "78350F" ];
|
||||
emerald = scale [ "ECFDF5" "D1FAE5" "A7F3D0" "6EE7B7" "34D399" "10B981" "059669" "047857" "065F46" "064E3B" ];
|
||||
blue = scale [ "EFF6FF" "DBEAFE" "BFDBFE" "93C5FD" "60A5FA" "3B82F6" "2563EB" "1D4ED8" "1E40AF" "1E3A8A" ];
|
||||
indigo = scale [ "EEF2FF" "E0E7FF" "C7D2FE" "A5B4FC" "818CF8" "6366F1" "4F46E5" "4338CA" "3730A3" "312E81" ];
|
||||
violet = scale [ "F5F3FF" "EDE9FE" "DDD6FE" "C4B5FD" "A78BFA" "8B5CF6" "7C3AED" "6D28D9" "5B21B6" "4C1D95" ];
|
||||
pink = scale [ "FDF2F8" "FCE7F3" "FBCFE8" "F9A8D4" "F472B6" "EC4899" "DB2777" "BE185D" "9D174D" "831843" ];
|
||||
|
||||
# Extra
|
||||
blueGray = scale [ "F8FAFC" "F1F5F9" "E2E8F0" "CBD5E1" "94A3B8" "64748B" "475569" "334155" "1E293B" "0F172A" ];
|
||||
|
||||
# Aliases
|
||||
gray = coolGray;
|
||||
yellow = amber;
|
||||
green = emerald;
|
||||
purple = violet;
|
||||
};
|
||||
}
|
|
@ -1,25 +1,12 @@
|
|||
# _ _ _
|
||||
# | (_) |__
|
||||
# | | | '_ \
|
||||
# | | | |_) |
|
||||
# |_|_|_.__/
|
||||
#
|
||||
|
||||
{ inputs, lib, pkgs, ... }:
|
||||
|
||||
lib.extend (lib: super:
|
||||
lib.extend (self: super:
|
||||
let
|
||||
inherit (builtins) attrNames map readDir;
|
||||
inherit (lib) filterAttrs foldr hasSuffix;
|
||||
inherit (lib) attrValues foldr;
|
||||
inherit (modules) mapModules;
|
||||
|
||||
importLib = file: import file { inherit inputs lib pkgs; };
|
||||
merge = foldr (a: b: a // b) {};
|
||||
importLibs = libs: merge (map importLib libs);
|
||||
|
||||
isLib = name: type: type == "regular" && name != "default.nix" && hasSuffix ".nix" name;
|
||||
libPath = name: "${toString ./.}/${name}";
|
||||
libsInFolder = map libPath (attrNames (filterAttrs isLib (readDir ./.)));
|
||||
modules = import ./modules.nix { inherit lib; };
|
||||
in {
|
||||
_ = importLibs libsInFolder;
|
||||
_ = foldr (a: b: a // b) {} (attrValues (mapModules ./. (file: import file { inherit pkgs inputs; lib = self; })));
|
||||
}
|
||||
)
|
||||
|
|
|
@ -1,29 +1,27 @@
|
|||
{ lib, ... }:
|
||||
|
||||
let
|
||||
inherit (builtins) attrValues pathExists readDir;
|
||||
inherit (lib) filterAttrs hasSuffix mapAttrs' mkDefault mkOption
|
||||
nameValuePair nixosSystem removeSuffix types;
|
||||
inherit (lib._) mapFilterAttrs attrValuesRec;
|
||||
inherit (builtins) attrValues readDir pathExists;
|
||||
inherit (lib) id filterAttrs hasPrefix hasSuffix nameValuePair removeSuffix mapAttrs' trace fix fold isAttrs;
|
||||
in rec {
|
||||
mapModules' = dir: fn: dirfn:
|
||||
mapFilterAttrs
|
||||
(_: v: v != null)
|
||||
(name: type:
|
||||
let
|
||||
path = "${toString dir}/${name}";
|
||||
in
|
||||
if type == "directory" then
|
||||
nameValuePair name (dirfn path)
|
||||
else if type == "regular" && name != "default.nix" && hasSuffix ".nix" name then
|
||||
# else if type == "regular" && hasSuffix ".nix" name then
|
||||
nameValuePair (removeSuffix ".nix" name) (fn path)
|
||||
else
|
||||
nameValuePair "" null
|
||||
)
|
||||
(readDir dir);
|
||||
filterAttrs
|
||||
(name: type: type != null && !(hasPrefix "_" name))
|
||||
(mapAttrs'
|
||||
(name: type:
|
||||
let path = "${toString dir}/${name}"; in
|
||||
if type == "directory"
|
||||
then nameValuePair name (dirfn path)
|
||||
else if
|
||||
type == "regular" &&
|
||||
name != "default.nix" &&
|
||||
hasSuffix ".nix" name
|
||||
then nameValuePair (removeSuffix ".nix" name) (fn path)
|
||||
else nameValuePair "" null
|
||||
)
|
||||
(readDir dir));
|
||||
|
||||
mapModules = dir: fn: mapModules' dir fn (path: if pathExists "${path}/default.nix" then (fn path) else null);
|
||||
mapModules = dir: fn: mapModules' dir fn (path: if pathExists "${path}/default.nix" then fn path else null);
|
||||
mapModulesRec = dir: fn: mapModules' dir fn (path: mapModulesRec path fn);
|
||||
mapModulesRec' = dir: fn: attrValuesRec (mapModulesRec dir fn);
|
||||
mapModulesRec' = dir: fn: fix (f: attrs: fold (x: xs: (if isAttrs x then f x else [x]) ++ xs) [] (attrValues attrs)) (mapModulesRec dir fn);
|
||||
}
|
||||
|
|
|
@ -1,18 +1,20 @@
|
|||
{ inputs, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
inherit (lib) mkDefault nixosSystem;
|
||||
in {
|
||||
mkHost = system: path:
|
||||
with lib;
|
||||
{
|
||||
mkHost = path: attrs@{ system, ... }:
|
||||
nixosSystem {
|
||||
inherit system;
|
||||
specialArgs = { inherit lib inputs system; };
|
||||
modules = [
|
||||
{
|
||||
nixpkgs.pkgs = pkgs;
|
||||
networking.hostName = mkDefault (baseNameOf path);
|
||||
networking.hostName = mkDefault (removeSuffix ".nix" (baseNameOf path));
|
||||
}
|
||||
(filterAttrs (n: v: !elem n [ "system" ]) attrs)
|
||||
|
||||
../.
|
||||
|
||||
(import path)
|
||||
];
|
||||
};
|
||||
|
|
20
lib/pkgs.nix
20
lib/pkgs.nix
|
@ -1,20 +0,0 @@
|
|||
{ pkgs, ... }:
|
||||
|
||||
let
|
||||
inherit (pkgs.stdenv) mkDerivation;
|
||||
in rec {
|
||||
_buildBinScript = buildInputs: name: mkDerivation {
|
||||
inherit name buildInputs;
|
||||
|
||||
src = builtins.path { path = ../bin; name = "dotfiles"; };
|
||||
|
||||
buildCommand = ''
|
||||
install -Dm755 $src/${name} $out/bin/${name}
|
||||
patchShebangs $out/bin/${name}
|
||||
'';
|
||||
};
|
||||
|
||||
buildBinScript = _buildBinScript [];
|
||||
|
||||
buildBabashkaBinScript = _buildBinScript [ pkgs.babashka ];
|
||||
}
|
|
@ -1,88 +0,0 @@
|
|||
{ lib, ... }:
|
||||
|
||||
let
|
||||
inherit (builtins) attrValues readFile;
|
||||
inherit (lib) concatStringsSep filterAttrs fold isAttrs mapAttrs' mkOption types;
|
||||
in rec {
|
||||
/* Map over ‹attrs› with ‹f› and then filter them using ‹pred›
|
||||
|
||||
Type:
|
||||
mapFilterAttrs ::
|
||||
(String -> a -> Bool) -> (String -> b -> AttrSet) -> AttrSet' -> AttrSet
|
||||
where AttrSet' has a value of type ‹b› and AttrSet of type ‹a›
|
||||
|
||||
Example:
|
||||
mapFilterAttrs (n: v: n == "foo" || v == "bar") (n: v: nameValuePair n v)
|
||||
{ foo = "baz"; a = "bar"; b = "foo" };
|
||||
=> { foo = "baz"; a = "bar"; }
|
||||
*/
|
||||
mapFilterAttrs = pred: f: attrs: filterAttrs pred (mapAttrs' f attrs);
|
||||
|
||||
/* Recursively generates a list of values of ‹attr› even for nested attrs
|
||||
|
||||
Type:
|
||||
attrValuesRec :: AttrSet -> [x]
|
||||
|
||||
Example:
|
||||
attrValuesRec { foo = { bar = "baz"; }; a = "b"; }
|
||||
=> ["baz" "b"]
|
||||
*/
|
||||
attrValuesRec = attr: fold (x: xs: (if isAttrs x then attrValuesRec x else [x]) ++ xs) [] (attrValues attr);
|
||||
|
||||
/* Filter the ‹self› key from the given ‹attr›
|
||||
|
||||
Type:
|
||||
filterSelf :: AttrSet -> AttrSet
|
||||
|
||||
Example:
|
||||
filterSelf { foo = "bar"; self = "baz"; }
|
||||
=> { foo = "bar"; }
|
||||
*/
|
||||
filterSelf = attr: filterAttrs (n: _: n != "self") attr;
|
||||
|
||||
/* Maps the items of ‹list› to strings and concatenates them with ‹sep› in
|
||||
between the individual items
|
||||
|
||||
Type:
|
||||
joinWithSep :: [a] -> String -> String
|
||||
‹a› should be a type that is convertable to string using ‹toString›
|
||||
|
||||
Example:
|
||||
joinWithSep [ 42 "foo" 0 ] "-"
|
||||
=> "42-foo-0"
|
||||
*/
|
||||
joinWithSep = list: sep: concatStringsSep sep (map toString list);
|
||||
|
||||
/* Reads the given ‹path› and appends the ‹extras› to it
|
||||
|
||||
Type:
|
||||
configWithExtras :: Path -> String -> String
|
||||
|
||||
Example:
|
||||
configWithExtras example.txt "Appended text"
|
||||
=> "Some text from example\nAppended text"
|
||||
Given that ‹example.txt› contains "Some text from example"
|
||||
*/
|
||||
configWithExtras = path: extras: "${readFile path}\n${extras}";
|
||||
|
||||
enable = { enable = true; };
|
||||
|
||||
/* A simplifiation for creating options
|
||||
|
||||
Example:
|
||||
mkOpt types.str "foobar" "A very important option"
|
||||
=> mkOption {
|
||||
type = types.str;
|
||||
default = "foobar";
|
||||
description = "A very important option";
|
||||
}
|
||||
*/
|
||||
mkOpt = type: default: description:
|
||||
mkOption { inherit type default description; };
|
||||
|
||||
/* Creates option without description */
|
||||
mkOpt' = type: default: mkOpt type default null;
|
||||
|
||||
/* Alias for ‹mkOpt' types.bool› */
|
||||
mkBoolOpt = default: mkOpt' types.bool default;
|
||||
}
|
|
@ -1,47 +0,0 @@
|
|||
{ config, options, pkgs, lib, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
cfg = config.modules.desktop.apps.alacritty;
|
||||
in {
|
||||
options.modules.desktop.apps.alacritty = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
};
|
||||
executable = mkOption {
|
||||
type = types.str;
|
||||
default = "${pkgs.alacritty}/bin/alacritty";
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
/*
|
||||
user.packages = with pkgs; [
|
||||
alacritty
|
||||
];
|
||||
*/
|
||||
home._.programs.alacritty = {
|
||||
enable = true;
|
||||
/*
|
||||
settings = {
|
||||
background_opacity = theme.backgroundOpacity;
|
||||
font = {
|
||||
size = 12;
|
||||
normal.family = theme.font.mono;
|
||||
bold.family = theme.font.mono;
|
||||
italic.family = theme.font.mono;
|
||||
};
|
||||
colors = {
|
||||
primary = {
|
||||
background = theme.colors.background;
|
||||
foreground = theme.colors.foreground;
|
||||
};
|
||||
normal = theme.colors.backgroundScheme;
|
||||
bright = theme.colors.foregroundScheme;
|
||||
};
|
||||
};
|
||||
*/
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,22 +0,0 @@
|
|||
{ config, lib, pkgs, options, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
cfg = config.modules.desktop.apps.firefox;
|
||||
wayland = config.modules.desktop.sway.enable;
|
||||
in {
|
||||
options.modules.desktop.apps.firefox = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
user.packages = if wayland then (with pkgs; [
|
||||
firefox-wayland
|
||||
]) else (with pkgs; [
|
||||
firefox
|
||||
]);
|
||||
};
|
||||
}
|
|
@ -1,21 +0,0 @@
|
|||
{ config, pkgs, inputs, lib, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
cfg = config.modules.desktop.apps.menus.nwggrid;
|
||||
in {
|
||||
options.modules.desktop.apps.menus.nwggrid = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
};
|
||||
executable = mkOption {
|
||||
type = types.str;
|
||||
default = "${pkgs.nwg-launchers}/bin/nwggrid";
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
modules.desktop.apps.nwg-launchers.enable = true;
|
||||
};
|
||||
}
|
|
@ -1,24 +0,0 @@
|
|||
{ config, lib, pkgs, options, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
cfg = config.modules.desktop.apps.wofi;
|
||||
in {
|
||||
options.modules.desktop.apps.wofi = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "";
|
||||
};
|
||||
executable = mkOption {
|
||||
type = types.str;
|
||||
default = "${pkgs.wofi}/bin/wofi";
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
user.packages = with pkgs; [
|
||||
wofi
|
||||
];
|
||||
};
|
||||
}
|
|
@ -1,22 +0,0 @@
|
|||
{ pkgs, config, lib, options, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
cfg = config.modules.desktop.apps.mpc;
|
||||
in {
|
||||
options.modules.desktop.apps.mpc = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
modules.services.mpd.enable = true;
|
||||
|
||||
user.packages = with pkgs; [
|
||||
mpc_cli
|
||||
];
|
||||
|
||||
};
|
||||
}
|
|
@ -1,17 +0,0 @@
|
|||
{ pkgs, lib, options, config, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
cfg = config.modules.desktop.apps.nwg-launchers;
|
||||
in {
|
||||
options.modules.desktop.apps.nwg-launchers = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
user.packages = with pkgs; [ nwg-launchers ];
|
||||
};
|
||||
}
|
|
@ -1,19 +0,0 @@
|
|||
{ config, options, pkgs, lib, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
cfg = config.modules.desktop.apps.obs;
|
||||
in {
|
||||
options.modules.desktop.apps.obs = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
user.packages = with pkgs; [
|
||||
obs-studio
|
||||
];
|
||||
};
|
||||
}
|
|
@ -1,18 +0,0 @@
|
|||
{ config, options, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
cfg = config.modules.desktop;
|
||||
in {
|
||||
options.modules.desktop = {
|
||||
theme = mkOption {
|
||||
type = types.str;
|
||||
default = "still";
|
||||
description = "Sets a particular styling and wallpaper configuration.";
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
services.dbus.enable = true;
|
||||
};
|
||||
}
|
|
@ -1,18 +0,0 @@
|
|||
{ config, lib, options, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
cfg = config.modules.desktop.gaming.minecraft;
|
||||
in {
|
||||
options.modules.desktop.gaming.minecraft = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "Enables Minecraft through the PolyMC launcher";
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
environment.systemPackages = with pkgs; [ polymc ];
|
||||
};
|
||||
}
|
|
@ -1,7 +0,0 @@
|
|||
{ lib, pkgs, options, config, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
cfg = config.modules.desktop.gaming.srb2k;
|
||||
in {
|
||||
}
|
|
@ -1,28 +0,0 @@
|
|||
{ options, config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
cfg = config.modules.desktop.river;
|
||||
audioSupport = config.modules.hardware.audio.enable;
|
||||
in {
|
||||
options.modules.desktop.river = {
|
||||
enable = mkOption {
|
||||
type = tyoes.bool;
|
||||
default = false;
|
||||
description = "Enables the river wayland compositor.";
|
||||
};
|
||||
menu = mkOption {
|
||||
type = types.str;
|
||||
default = "nwggrid";
|
||||
description = "Which application launch menu to use. Defaults to nwggrid.";
|
||||
};
|
||||
term = mkOption {
|
||||
type = types.str;
|
||||
default = "alacritty";
|
||||
description = "Which terminal river should use. Defaults to alacritty.";
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
};
|
||||
}
|
|
@ -1,22 +0,0 @@
|
|||
{ config, lib, pkgs, options, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
cfg = config.modules.desktop.services.swayidle;
|
||||
|
||||
in {
|
||||
options.modules.desktop.services.swayidle = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
/*
|
||||
user.packages = with pkgs; [
|
||||
swayidle
|
||||
];
|
||||
*/
|
||||
};
|
||||
}
|
|
@ -1,20 +0,0 @@
|
|||
{ config, lib, pkgs, options, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
cfg = config.modules.desktop.services.swaylock;
|
||||
|
||||
in {
|
||||
options.modules.desktop.services.swaylock = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
user.packages = with pkgs; [
|
||||
swaylock
|
||||
];
|
||||
};
|
||||
}
|
|
@ -1,26 +0,0 @@
|
|||
{ config, lib, pkgs, options, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
cfg = config.modules.desktop.services.waybar;
|
||||
in {
|
||||
options.modules.desktop.services.waybar = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
home._.programs.waybar = with pkgs; {
|
||||
enable = true;
|
||||
settings = [{
|
||||
height = 10;
|
||||
modules-left = [ "sway/workspaces" "sway/window" ];
|
||||
modules-center = [ "clock" ];
|
||||
modules-right = [ "tray" "cpu" "memory" "battery#bat0" ];
|
||||
}];
|
||||
style = builtins.readFile "${config.home.configFile.waybar.source}/style.css";
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,148 +0,0 @@
|
|||
{ options, config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
cfg = config.modules.desktop.sway;
|
||||
audioSupport = config.modules.hardware.audio.enable;
|
||||
in {
|
||||
options.modules.desktop.sway = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "Enables the sway window manager for Wayland.";
|
||||
};
|
||||
menu = mkOption {
|
||||
type = types.str;
|
||||
default = "nwggrid";
|
||||
description = "";
|
||||
};
|
||||
term = mkOption {
|
||||
type = types.str;
|
||||
default = "alacritty";
|
||||
description = "Which terminal sway should default to.";
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
modules.hardware.graphics.enable = true;
|
||||
|
||||
programs.sway = {
|
||||
enable = true;
|
||||
extraPackages = with pkgs; [ xwayland ];
|
||||
};
|
||||
|
||||
user.packages = with pkgs; [
|
||||
grim
|
||||
slurp
|
||||
wl-clipboard
|
||||
swaybg
|
||||
autotiling
|
||||
brightnessctl
|
||||
wdisplays
|
||||
gammastep
|
||||
] ++ (if audioSupport then (with pkgs; [
|
||||
playerctl
|
||||
]) else [ ]);
|
||||
|
||||
xdg.portal = {
|
||||
enable = true;
|
||||
extraPortals = with pkgs; [
|
||||
xdg-desktop-portal-wlr
|
||||
xdg-desktop-portal-gtk
|
||||
];
|
||||
gtkUsePortal = true;
|
||||
};
|
||||
|
||||
services.xserver = {
|
||||
enable = true;
|
||||
autorun = true;
|
||||
|
||||
displayManager = {
|
||||
sddm.enable = true;
|
||||
defaultSession = "sway";
|
||||
};
|
||||
|
||||
wacom.enable = true;
|
||||
};
|
||||
|
||||
modules.desktop.apps."${cfg.term}".enable = true;
|
||||
modules.desktop.apps.menus.${cfg.menu}.enable = true;
|
||||
|
||||
# modules.desktop.services.swaylock.enable = true;
|
||||
modules.desktop.services.swayidle.enable = true;
|
||||
# modules.desktop.services.mako.enable = true;
|
||||
modules.desktop.services.waybar.enable = true;
|
||||
|
||||
home._.wayland.windowManager.sway = {
|
||||
enable = true;
|
||||
wrapperFeatures.gtk = true;
|
||||
|
||||
config = {
|
||||
bars = [{ command = "waybar"; }];
|
||||
modifier = "Mod4";
|
||||
input."type:keyboard" = let kbcfg = config.keyboard; in {
|
||||
xkb_layout = toLower (substring 3 2 kbcfg.locale);
|
||||
xkb_variant = "," + kbcfg.variant;
|
||||
};
|
||||
input."type:touchpad" = {
|
||||
tap = "enabled";
|
||||
natural_scroll = "enabled";
|
||||
scroll_method = "two_finger";
|
||||
};
|
||||
startup = [
|
||||
# { command = "lock"; }
|
||||
{ command = "autotiling"; }
|
||||
# { command = "mako"; }
|
||||
];
|
||||
terminal = config.modules.desktop.apps.${cfg.term}.executable;
|
||||
menu = config.modules.desktop.apps.menus.${cfg.menu}.executable;
|
||||
output."eDP-1" = {
|
||||
bg = "${config.modules.theme.wallpaper} fill";
|
||||
scale = "1.5";
|
||||
};
|
||||
output."DP-4".bg = "${config.modules.theme.wallpaper} fill";
|
||||
keybindings = let mod = config.home._.wayland.windowManager.sway.config.modifier; scProc = "wl-copy -t image/png && notify-send \"Screenshot Taken\""; in {
|
||||
# "${mod}+l" = "exec lock";
|
||||
"${mod}+q" = "reload";
|
||||
"${mod}+Shift+c" = "kill";
|
||||
"${mod}+p" = "exec ${config.home._.wayland.windowManager.sway.config.menu}";
|
||||
"${mod}+Shift+Return" = "exec ${config.home._.wayland.windowManager.sway.config.terminal}";
|
||||
"${mod}+Shift+e" = "exit";
|
||||
|
||||
"${mod}+1" = "workspace 1";
|
||||
"${mod}+2" = "workspace 2";
|
||||
"${mod}+3" = "workspace 3";
|
||||
"${mod}+4" = "workspace 4";
|
||||
"${mod}+5" = "workspace 5";
|
||||
"${mod}+6" = "workspace 6";
|
||||
"${mod}+7" = "workspace 7";
|
||||
"${mod}+8" = "workspace 8";
|
||||
"${mod}+9" = "workspace 9";
|
||||
"${mod}+0" = "workspace 10";
|
||||
|
||||
"${mod}+Shift+1" = "move container to workspace 1";
|
||||
"${mod}+Shift+2" = "move container to workspace 2";
|
||||
"${mod}+Shift+3" = "move container to workspace 3";
|
||||
"${mod}+Shift+4" = "move container to workspace 4";
|
||||
"${mod}+Shift+5" = "move container to workspace 5";
|
||||
"${mod}+Shift+6" = "move container to workspace 6";
|
||||
"${mod}+Shift+7" = "move container to workspace 7";
|
||||
"${mod}+Shift+8" = "move container to workspace 8";
|
||||
"${mod}+Shift+9" = "move container to workspace 9";
|
||||
"${mod}+Shift+0" = "move container to workspace 10";
|
||||
|
||||
"Print" = "exec grim -g \"$(slurp -d)\" - | ${scProc}";
|
||||
"XF86AudioPlay" = "playerctl play-pause";
|
||||
"Shift+XF86AudioPlay" = "playerctl loop";
|
||||
};
|
||||
};
|
||||
extraSessionCommands = ''
|
||||
export XDG_SESSION_TYPE=wayland
|
||||
export QT_QPA_PLATFORM=wayland
|
||||
export XDG_SESSION_DESKTOP=sway
|
||||
export XDG_CURRENT_DESKTOP=sway
|
||||
'';
|
||||
extraConfig = builtins.readFile "${config.home.configFile.sway.source}/config";
|
||||
};
|
||||
};
|
||||
}
|
|
@ -0,0 +1,17 @@
|
|||
{ pkgs, lib, config, options, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
cfg = config.modules.dev.php;
|
||||
in {
|
||||
options.modules.dev.php = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
environment.systemPackages = [ pkgs.php ];
|
||||
};
|
||||
}
|
|
@ -2,9 +2,9 @@
|
|||
|
||||
with lib;
|
||||
let
|
||||
cfg = config.modules.desktop.editors.codium;
|
||||
cfg = config.modules.editors.codium;
|
||||
in {
|
||||
options.modules.desktop.editors.codium = {
|
||||
options.modules.editors.codium = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
|
@ -3,9 +3,9 @@
|
|||
with lib;
|
||||
let
|
||||
configDir = config.configDir;
|
||||
cfg = config.modules.desktop.editors.neovim;
|
||||
cfg = config.modules.editors.neovim;
|
||||
in {
|
||||
options.modules.desktop.editors.neovim = {
|
||||
options.modules.editors.neovim = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
|
@ -0,0 +1,48 @@
|
|||
{ config, lib, pkgs, options, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
cfg = config.modules.remote;
|
||||
in {
|
||||
options.modules.remote = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
};
|
||||
keys = mkOption {
|
||||
type = types.nullOr (types.listOf types.str);
|
||||
default = [];
|
||||
};
|
||||
packages = mkOption {
|
||||
type = types.nullOr (types.listOf types.package);
|
||||
default = [];
|
||||
};
|
||||
shell = mkOption {
|
||||
type = types.nullOr types.package;
|
||||
default = pkgs.bash;
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
users.users.remote = {
|
||||
description = "Generic remote server access user";
|
||||
createHome = true;
|
||||
#isSystemUser = true;
|
||||
isNormalUser = true;
|
||||
group = "remote";
|
||||
extraGroups = [ "nix-users" ];
|
||||
initialHashedPassword = "!";
|
||||
openssh.authorizedKeys.keys = cfg.keys;
|
||||
packages = cfg.packages;
|
||||
shell = cfg.shell;
|
||||
};
|
||||
|
||||
#home-manager.users.remote.home = {
|
||||
# sessionVariables = {
|
||||
# NIX_REMOTE = "daemon";
|
||||
# };
|
||||
#};
|
||||
|
||||
users.groups.remote = {};
|
||||
};
|
||||
}
|
|
@ -82,8 +82,8 @@ in {
|
|||
};
|
||||
|
||||
users.users.root = {
|
||||
packages = [ pkgs.nologin ];
|
||||
shell = pkgs.nologin;
|
||||
packages = [ pkgs.shadow ];
|
||||
shell = pkgs.shadow;
|
||||
hashedPassword = "!";
|
||||
};
|
||||
};
|
||||
|
|
|
@ -0,0 +1,130 @@
|
|||
{ pkgs, config, options, lib, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
cfg = config.modules.services.matrix.conduit;
|
||||
in {
|
||||
options.modules.services.matrix.conduit = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
};
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs._.matrix-conduit;
|
||||
};
|
||||
|
||||
domain = mkOption {
|
||||
type = types.str;
|
||||
default = "localhost";
|
||||
};
|
||||
|
||||
user = mkOption {
|
||||
type = types.str;
|
||||
default = "conduit";
|
||||
description = "User account under which Conduit runs.";
|
||||
};
|
||||
|
||||
dataDir = mkOption {
|
||||
type = types.str;
|
||||
default = "/var/lib/conduit";
|
||||
};
|
||||
|
||||
httpAddress = mkOption {
|
||||
type = types.str;
|
||||
default = "127.0.0.1";
|
||||
};
|
||||
|
||||
httpPort = mkOption {
|
||||
type = types.port;
|
||||
default = 6167;
|
||||
};
|
||||
|
||||
disableRegistration = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
};
|
||||
|
||||
disableFederation = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
};
|
||||
|
||||
settings = mkOption {
|
||||
type = types.submodule {
|
||||
freeFormType = format.type;
|
||||
|
||||
options = {
|
||||
server_name = mkOption {
|
||||
type = types.str;
|
||||
example = "matrix.aether.gay";
|
||||
default = config.networking.hostName;
|
||||
description = "The domain used to be used by the conduit instance for nginx.";
|
||||
};
|
||||
|
||||
database_path = mkOption {
|
||||
type = types.str;
|
||||
default = "/var/lib/conduit";
|
||||
};
|
||||
|
||||
database_backend = mkOption {
|
||||
type = types.str;
|
||||
default = "postgresql";
|
||||
example = "rocksdb";
|
||||
};
|
||||
|
||||
port = mkOption {
|
||||
type = types.int;
|
||||
default = 6167;
|
||||
};
|
||||
|
||||
max_request_size = mkOption {
|
||||
type = types.int;
|
||||
default = 52428800; # 50MiB
|
||||
};
|
||||
|
||||
allow_registration = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
};
|
||||
|
||||
allow_federation = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
};
|
||||
|
||||
max_concurrent_requests = mkOption {
|
||||
type = types.int;
|
||||
default = 64;
|
||||
};
|
||||
|
||||
trusted_servers = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [ "matrix.org" ];
|
||||
};
|
||||
|
||||
address = mkOption {
|
||||
type = types.str;
|
||||
default = "127.0.0.1";
|
||||
description = "The address used to access the Conduit instance. Setting this to 127.0.0.1 ensures that it is only possible to reach the server via nginx.";
|
||||
};
|
||||
};
|
||||
};
|
||||
default = {};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
environment.systemPackages = [ cfg.package ];
|
||||
|
||||
modules.services.matrix.conduit.settings = {
|
||||
server_name = cfg.domain;
|
||||
database_dir = cfg.dataDir;
|
||||
port = cfg.httpPort;
|
||||
enable_registration = !cfg.disableRegistration;
|
||||
enable_federation = !cfg.disableFederation;
|
||||
};
|
||||
|
||||
};
|
||||
}
|
|
@ -0,0 +1,27 @@
|
|||
{ config, lib, pkgs, options, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
cfg = config.modules.services.dark-firepit-oat-zone;
|
||||
in {
|
||||
options.modules.services.dark-firepit-oat-zone = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
};
|
||||
domain = mkOption {
|
||||
type = types.str;
|
||||
default = "dark-firepit.oat.zone";
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
services = {
|
||||
nginx.virtualHosts."${cfg.domain}" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
root = "/var/www/dark-firepit.oat.zone";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -9,21 +9,49 @@ in {
|
|||
type = types.bool;
|
||||
default = false;
|
||||
};
|
||||
site = mkOption {
|
||||
domain = mkOption {
|
||||
type = types.str;
|
||||
default = "git.oat.zone";
|
||||
};
|
||||
port = mkOption {
|
||||
type = types.int;
|
||||
default = 3000;
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
modules.services.postgres.enable = true;
|
||||
services.gitea = {
|
||||
enable = true;
|
||||
domain = cfg.site;
|
||||
rootUrl = "https://${cfg.site}/";
|
||||
appName = "Gitea: Fire Pit hosted Git";
|
||||
database = {
|
||||
type = "postgres";
|
||||
services = {
|
||||
gitea = {
|
||||
enable = true;
|
||||
package = pkgs.master.gitea;
|
||||
disableRegistration = true;
|
||||
domain = cfg.domain;
|
||||
httpPort = cfg.port;
|
||||
rootUrl = "https://${cfg.domain}/";
|
||||
stateDir = "/var/lib/${cfg.domain}";
|
||||
cookieSecure = true;
|
||||
appName = "Gitea: dark-firepit hosted Git";
|
||||
database = {
|
||||
type = "postgres";
|
||||
name = "gitea";
|
||||
};
|
||||
settings = mkMerge [ (builtins.fromTOML (builtins.readFile "/etc/dotfiles/config/gitea/app.toml")) {
|
||||
"ui.meta" = {
|
||||
AUTHOR = "aether & oat";
|
||||
DESCRIPTION = "dark-firepit's shared git instance";
|
||||
};
|
||||
}];
|
||||
};
|
||||
|
||||
nginx.virtualHosts."${cfg.domain}" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
# using manual extraconfig because else nginx spits out a runtime error????
|
||||
# thanks nginx
|
||||
#locations."/".proxyPass = "http://127.0.0.1:${toString cfg.port};";
|
||||
locations."/".extraConfig = ''
|
||||
proxy_pass http://127.0.0.1:${toString cfg.port};
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -0,0 +1,63 @@
|
|||
{ config, lib, pkgs, options, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
cfg = config.modules.services.isso;
|
||||
in {
|
||||
options.modules.services.isso = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
};
|
||||
domain = mkOption {
|
||||
type = types.str;
|
||||
default = "comments.oat.zone";
|
||||
};
|
||||
port = mkOption {
|
||||
type = types.port;
|
||||
default = 1550;
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
services = {
|
||||
isso = {
|
||||
enable = true;
|
||||
settings = {
|
||||
general = {
|
||||
host = "https://blog.oat.zone/";
|
||||
latest-enabled = true;
|
||||
};
|
||||
server = {
|
||||
listen = "http://localhost:${toString cfg.port}";
|
||||
samesite = "Lax";
|
||||
public-endpoint = "https://comments.oat.zone";
|
||||
};
|
||||
guard = {
|
||||
enabled = true;
|
||||
require-author = true;
|
||||
ratelimit = 4;
|
||||
};
|
||||
admin = {
|
||||
enabled = true;
|
||||
password = "a8UYAH7jQQC3LjnG";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
nginx.enable = true;
|
||||
nginx.virtualHosts."${cfg.domain}" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://localhost:${toString cfg.port}";
|
||||
extraConfig = ''
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -0,0 +1,50 @@
|
|||
{ pkgs, lib, config, options, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
cfg = config.modules.services.jillo;
|
||||
in {
|
||||
options.modules.services.jillo = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
};
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs._.jillo;
|
||||
};
|
||||
|
||||
dataDir = mkOption {
|
||||
type = types.either [types.path types.str];
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
users.users.jillo = {
|
||||
group = "jillo";
|
||||
home = cfg.dataDir;
|
||||
createHome = true;
|
||||
isSystemUser = true;
|
||||
shell = "${pkgs.bash}/bin/bash";
|
||||
};
|
||||
|
||||
users.groups.jillo = {};
|
||||
|
||||
environment.systemPackages = [ pkgs.nodejs-18_x ];
|
||||
|
||||
systemd.services.jillo = {
|
||||
description = "Jillo Discord bot";
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
Type = "notify";
|
||||
User = "jillo";
|
||||
Group = "jillo";
|
||||
WorkingDirectory = cfg.dataDir;
|
||||
ExecStart = "${pkgs.nodejs-18_x}/bin/npm run start";
|
||||
Restart = "on-failure";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -0,0 +1,60 @@
|
|||
{ config, lib, pkgs, options, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
cfg = config.modules.services.matomo;
|
||||
in {
|
||||
options.modules.services.matomo = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
};
|
||||
domain = mkOption {
|
||||
type = types.str;
|
||||
default = "analytics.oat.zone";
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
services = {
|
||||
matomo = {
|
||||
enable = true;
|
||||
|
||||
package = pkgs.unstable.matomo-beta;
|
||||
periodicArchiveProcessing = true;
|
||||
hostname = cfg.domain;
|
||||
nginx = {
|
||||
serverAliases = [
|
||||
cfg.domain
|
||||
];
|
||||
enableACME = true;
|
||||
};
|
||||
};
|
||||
|
||||
mysql = {
|
||||
enable = true;
|
||||
|
||||
package = pkgs.unstable.mariadb;
|
||||
|
||||
settings = {
|
||||
mysqld = {
|
||||
max_allowed_packet = "128M";
|
||||
};
|
||||
client = {
|
||||
max_allowed_packet = "128M";
|
||||
};
|
||||
};
|
||||
|
||||
ensureDatabases = [ "matomo" ];
|
||||
ensureUsers = [
|
||||
{
|
||||
name = "matomo";
|
||||
ensurePermissions = {
|
||||
"matomo.*" = "ALL PRIVILEGES";
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -0,0 +1,22 @@
|
|||
{ config, pkgs, lib, options, inputs, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
cfg = config.modules.services.minecraft;
|
||||
in {
|
||||
options.modules.services.minecraft = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
};
|
||||
servers = options.services.minecraft-servers.servers;
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
services.minecraft-servers = {
|
||||
enable = true;
|
||||
eula = true;
|
||||
servers = cfg.servers;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -0,0 +1,33 @@
|
|||
{ pkgs, config, lib, options, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
cfg = config.modules.services.nextcloud;
|
||||
in {
|
||||
options.modules.services.nextcloud = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
};
|
||||
|
||||
domain = mkOption {
|
||||
type = types.str;
|
||||
default = null;
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
assertions = [
|
||||
{ assertion = cfg.domain != null;
|
||||
description = "Nextcloud requires a domain.";
|
||||
}
|
||||
];
|
||||
|
||||
services.nextcloud = {
|
||||
enable = true;
|
||||
package = pkgs.nextcloud24;
|
||||
hostName = cfg.domain;
|
||||
config.adminpassFile = "/etc/nextcloudpass";
|
||||
};
|
||||
};
|
||||
}
|
|
@ -0,0 +1,66 @@
|
|||
{ config, lib, pkgs, options, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
cfg = config.modules.services.nginx-config;
|
||||
in {
|
||||
options.modules.services.nginx-config = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
defaults.email = "oatmealine@disroot.org";
|
||||
# defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory";
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
#enable = lib.mkForce false;
|
||||
|
||||
recommendedTlsSettings = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedGzipSettings = true;
|
||||
recommendedProxySettings = true;
|
||||
|
||||
commonHttpConfig = ''
|
||||
# Add HSTS header with preloading to HTTPS requests.
|
||||
# Adding this header to HTTP requests is discouraged
|
||||
map $scheme $hsts_header {
|
||||
https "max-age=31536000; includeSubdomains; preload";
|
||||
}
|
||||
add_header Strict-Transport-Security $hsts_header;
|
||||
|
||||
# Enable CSP for your services.
|
||||
#add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
|
||||
|
||||
# Minimize information leaked to other domains
|
||||
#add_header 'Referrer-Policy' 'origin-when-cross-origin';
|
||||
|
||||
# Disable embedding as a frame
|
||||
#add_header X-Frame-Options DENY;
|
||||
|
||||
# Prevent injection of code in other mime types (XSS Attacks)
|
||||
#add_header X-Content-Type-Options nosniff;
|
||||
|
||||
# Enable XSS protection of the browser.
|
||||
# May be unnecessary when CSP is configured properly (see above)
|
||||
#add_header X-XSS-Protection "1; mode=block";
|
||||
|
||||
# This might create errors
|
||||
#proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
|
||||
'';
|
||||
|
||||
# prevent invalid domains from being used
|
||||
virtualHosts."_".locations."/".return = "444";
|
||||
virtualHosts."a".locations."/".return = "444";
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 443 80 ];
|
||||
networking.firewall.allowedUDPPorts = [ 443 80 ];
|
||||
};
|
||||
}
|
|
@ -0,0 +1,88 @@
|
|||
{ config, lib, pkgs, options, ... }:
|
||||
|
||||
# heavily references https://github.com/erdnaxe/nixos-modules/blob/master/services/nitter.nix
|
||||
|
||||
with lib;
|
||||
let
|
||||
cfg = config.modules.services.nitter;
|
||||
in {
|
||||
options.modules.services.nitter = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
};
|
||||
domain = mkOption {
|
||||
type = types.str;
|
||||
default = "nitter.oat.zone";
|
||||
};
|
||||
port = mkOption {
|
||||
type = types.int;
|
||||
default = 3005;
|
||||
};
|
||||
lightweight = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Incase shit gets wild, this will make Nitter a lot more lightweight.
|
||||
Some functionality gets removed (videos are not proxied, etc) in exchange for less RAM usage and CPU usage
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
services = {
|
||||
nitter = {
|
||||
enable = true;
|
||||
server = {
|
||||
address = "127.0.0.1";
|
||||
port = cfg.port;
|
||||
hostname = cfg.domain;
|
||||
title = "nitter.oat.zone"; # TODO: make this costumizable? not sure
|
||||
https = true; # doesn't actually do any encryption, just changes cookie configuration
|
||||
};
|
||||
preferences = {
|
||||
hlsPlayback = true;
|
||||
proxyVideos = !cfg.lightweight;
|
||||
theme = "Mastodon";
|
||||
replaceTwitter = cfg.domain;
|
||||
};
|
||||
};
|
||||
|
||||
# https://github.com/zedeus/nitter/wiki/Nginx
|
||||
nginx.virtualHosts."${cfg.domain}" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:${toString cfg.port}";
|
||||
extraConfig = ''
|
||||
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
||||
#add_header Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline'; img-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; media-src 'self' blob:; worker-src 'self' blob:; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; connect-src 'self' https://*.twimg.com; manifest-src 'self'";
|
||||
#add_header X-Content-Type-Options nosniff;
|
||||
#add_header X-Frame-Options DENY;
|
||||
#add_header X-XSS-Protection "1; mode=block";
|
||||
'';
|
||||
};
|
||||
locations."= /robots.txt" = {
|
||||
extraConfig = ''
|
||||
# re-defining
|
||||
#add_header Strict-Transport-Security $hsts_header;
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
||||
add_header Referrer-Policy origin-when-cross-origin;
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
|
||||
add_header Content-Type text/plain;
|
||||
return 200 "User-agent: *\nDisallow: /\n";
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# fix for a dumb error
|
||||
# (this doesn't work or do anything lmfao)
|
||||
# genuinely no idea how to fix it atm
|
||||
systemd.services.nitter = {
|
||||
path = with pkgs; lib.mkForce [ git ];
|
||||
};
|
||||
};
|
||||
}
|
|
@ -11,13 +11,21 @@ in {
|
|||
default = false;
|
||||
description = "Provide system SSH support though OpenSSH.";
|
||||
};
|
||||
requirePassword = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
passwordAuthentication = false;
|
||||
passwordAuthentication = cfg.requirePassword;
|
||||
permitRootLogin = "no";
|
||||
};
|
||||
programs.gnupg.agent = {
|
||||
enable = true;
|
||||
enableSSHSupport = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -0,0 +1,85 @@
|
|||
{ pkgs, lib, config, options, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
sites = config.modules.services.staticSites;
|
||||
staticSiteModule.options = {
|
||||
dataDir = mkOption {
|
||||
type = types.oneOf [ types.str types.path ];
|
||||
default = null;
|
||||
};
|
||||
|
||||
auth = mkOption {
|
||||
type = types.attrsOf types.str;
|
||||
description = "Basic authentication options. Defines a set of user = password pairs.";
|
||||
example = literalExpr ''
|
||||
{
|
||||
user = "password";
|
||||
anotherUser = "anotherPassword";
|
||||
/* ... */
|
||||
}
|
||||
'';
|
||||
default = {};
|
||||
};
|
||||
|
||||
php = mkOption {
|
||||
type = types.bool;
|
||||
description = "Does this site use php (phpfpm)?";
|
||||
default = false;
|
||||
};
|
||||
};
|
||||
in {
|
||||
options.modules.services.staticSites = mkOption {
|
||||
type = types.attrsOf (types.submodule staticSiteModule);
|
||||
example = literalExpression ''
|
||||
{
|
||||
"aether.gay".dataDir = /var/www/aether.gay;
|
||||
"oat.zone".dataDir = "/some/weird/place/oat-zone";
|
||||
}
|
||||
'';
|
||||
default = {};
|
||||
};
|
||||
|
||||
config = {
|
||||
assertions = mapAttrsToList (domain: _@{dataDir, ...}:
|
||||
{ assertion = dataDir != null;
|
||||
description = "${domain} must specify a dataDir.";
|
||||
}) sites;
|
||||
|
||||
services.nginx.virtualHosts = mkMerge (mapAttrsToList (domain: site: {
|
||||
${domain} = {
|
||||
locations."/".basicAuth = site.auth;
|
||||
locations."~ \.php$".extraConfig = mkIf site.php ''
|
||||
fastcgi_pass unix:${config.services.phpfpm.pools."${domain}".socket};
|
||||
fastcgi_index index.php;
|
||||
'';
|
||||
locations."/".index = mkIf site.php "index.php index.html";
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
root = site.dataDir;
|
||||
};
|
||||
}) sites);
|
||||
|
||||
users.users.phpfpm = {
|
||||
isSystemUser = true;
|
||||
group = "phpfpm";
|
||||
};
|
||||
|
||||
users.groups.phpfpm = {};
|
||||
|
||||
services.phpfpm.pools = mkMerge (mapAttrsToList (domain: site: mkIf site.php {
|
||||
${domain} = {
|
||||
user = "phpfpm";
|
||||
settings = {
|
||||
pm = "dynamic";
|
||||
"listen.owner" = config.services.nginx.user;
|
||||
"pm.max_children" = 200;
|
||||
"pm.max_requests" = 2000;
|
||||
"pm.min_spare_servers" = 1;
|
||||
"pm.max_spare_servers" = 25;
|
||||
};
|
||||
phpEnv."PATH" = lib.makeBinPath [ pkgs.unstable.php ];
|
||||
};
|
||||
}) sites);
|
||||
};
|
||||
}
|
|
@ -0,0 +1,170 @@
|
|||
{ config, lib, pkgs, options, ... }:
|
||||
|
||||
# copied from https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/games/terraria.nix
|
||||
# just modified to uhm. not break
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.modules.services.terraria;
|
||||
opt = options.modules.services.terraria;
|
||||
worldSizeMap = { small = 1; medium = 2; large = 3; };
|
||||
valFlag = name: val: optionalString (val != null) "-${name} \"${escape ["\\" "\""] (toString val)}\"";
|
||||
#" (ignore this its for micro)
|
||||
boolFlag = name: val: optionalString val "-${name}";
|
||||
flags = [
|
||||
(valFlag "port" cfg.port)
|
||||
(valFlag "maxPlayers" cfg.maxPlayers)
|
||||
(valFlag "password" cfg.password)
|
||||
(valFlag "motd" cfg.messageOfTheDay)
|
||||
(valFlag "world" cfg.worldPath)
|
||||
(valFlag "autocreate" (builtins.getAttr cfg.autoCreatedWorldSize worldSizeMap))
|
||||
(valFlag "banlist" cfg.banListPath)
|
||||
(boolFlag "secure" cfg.secure)
|
||||
(boolFlag "noupnp" cfg.noUPnP)
|
||||
];
|
||||
stopScript = pkgs.writeScript "terraria-stop" ''
|
||||
#!${pkgs.runtimeShell}
|
||||
if ! [ -d "/proc/$1" ]; then
|
||||
exit 0
|
||||
fi
|
||||
${getBin pkgs.tmux}/bin/tmux -S ${cfg.dataDir}/terraria.sock send-keys Enter exit Enter
|
||||
${getBin pkgs.coreutils}/bin/tail --pid="$1" -f /dev/null
|
||||
'';
|
||||
in
|
||||
{
|
||||
options = {
|
||||
modules.services.terraria = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = lib.mdDoc ''
|
||||
If enabled, starts a Terraria server. The server can be connected to via `tmux -S ''${config.${opt.dataDir}}/terraria.sock attach`
|
||||
for administration by users who are a part of the `terraria` group (use `C-b d` shortcut to detach again).
|
||||
'';
|
||||
};
|
||||
|
||||
port = mkOption {
|
||||
type = types.port;
|
||||
default = 7777;
|
||||
description = lib.mdDoc ''
|
||||
Specifies the port to listen on.
|
||||
'';
|
||||
};
|
||||
|
||||
maxPlayers = mkOption {
|
||||
type = types.ints.u8;
|
||||
default = 255;
|
||||
description = lib.mdDoc ''
|
||||
Sets the max number of players (between 1 and 255).
|
||||
'';
|
||||
};
|
||||
password = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = lib.mdDoc ''
|
||||
Sets the server password. Leave `null` for no password.
|
||||
'';
|
||||
};
|
||||
|
||||
messageOfTheDay = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = lib.mdDoc ''
|
||||
Set the server message of the day text.
|
||||
'';
|
||||
};
|
||||
|
||||
worldPath = mkOption {
|
||||
type = types.nullOr types.path;
|
||||
default = null;
|
||||
description = lib.mdDoc ''
|
||||
The path to the world file (`.wld`) which should be loaded.
|
||||
If no world exists at this path, one will be created with the size
|
||||
specified by `autoCreatedWorldSize`.
|
||||
'';
|
||||
};
|
||||
|
||||
autoCreatedWorldSize = mkOption {
|
||||
type = types.enum [ "small" "medium" "large" ];
|
||||
default = "medium";
|
||||
description = lib.mdDoc ''
|
||||
Specifies the size of the auto-created world if `worldPath` does not
|
||||
point to an existing world.
|
||||
'';
|
||||
};
|
||||
|
||||
banListPath = mkOption {
|
||||
type = types.nullOr types.path;
|
||||
default = null;
|
||||
description = lib.mdDoc ''
|
||||
The path to the ban list.
|
||||
'';
|
||||
};
|
||||
|
||||
secure = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = lib.mdDoc "Adds additional cheat protection to the server.";
|
||||
};
|
||||
|
||||
noUPnP = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = lib.mdDoc "Disables automatic Universal Plug and Play.";
|
||||
};
|
||||
|
||||
openFirewall = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = lib.mdDoc "Wheter to open ports in the firewall";
|
||||
};
|
||||
|
||||
dataDir = mkOption {
|
||||
type = types.str;
|
||||
default = "/var/lib/terraria";
|
||||
example = "/srv/terraria";
|
||||
description = lib.mdDoc "Path to variable state data directory for terraria.";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
#'' (sorry another micro moment)
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
users.users.terraria = {
|
||||
description = "Terraria server service user";
|
||||
home = cfg.dataDir;
|
||||
createHome = true;
|
||||
isSystemUser = true;
|
||||
group = "terraria";
|
||||
};
|
||||
|
||||
users.groups.terraria = {};
|
||||
|
||||
systemd.services.terraria = {
|
||||
description = "Terraria Server Service";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
|
||||
serviceConfig = {
|
||||
User = "terraria";
|
||||
Type = "forking";
|
||||
GuessMainPID = true;
|
||||
ExecStart = "${getBin pkgs.tmux}/bin/tmux -S ${cfg.dataDir}/terraria.sock new -d ${pkgs.terraria-server}/bin/TerrariaServer ${concatStringsSep " " flags}";
|
||||
ExecStop = "${stopScript} $MAINPID";
|
||||
};
|
||||
|
||||
postStart = ''
|
||||
${pkgs.coreutils}/bin/chmod 660 ${cfg.dataDir}/terraria.sock
|
||||
${pkgs.coreutils}/bin/chgrp terraria ${cfg.dataDir}/terraria.sock
|
||||
'';
|
||||
};
|
||||
|
||||
networking.firewall = mkIf cfg.openFirewall {
|
||||
allowedTCPPorts = [ cfg.port ];
|
||||
allowedUDPPorts = [ cfg.port ];
|
||||
};
|
||||
|
||||
};
|
||||
}
|
|
@ -0,0 +1,64 @@
|
|||
{ pkgs, lib, config, options, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
cfg = config.modules.services.vaultwarden;
|
||||
in {
|
||||
options.modules.services.vaultwarden = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
};
|
||||
|
||||
domain = mkOption {
|
||||
type = types.str;
|
||||
default = null;
|
||||
};
|
||||
|
||||
port = mkOption {
|
||||
type = types.port;
|
||||
default = 8222;
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
assertions = [
|
||||
{ assertion = cfg.domain != null;
|
||||
description = "Vaultwarden requires a domain to be defined";
|
||||
}
|
||||
];
|
||||
|
||||
services = {
|
||||
vaultwarden = {
|
||||
enable = true;
|
||||
dbBackend = "postgresql";
|
||||
config = {
|
||||
DOMAIN = "https://${cfg.domain}";
|
||||
DATABASE_URL = "postgresql:///vaultwarden?host=/run/postgresql";
|
||||
DATA_FOLDER = "/var/lib/bitwarden_rs";
|
||||
SIGNUPS_ALLOWED = false;
|
||||
ROCKET_ADDRESS = "127.0.0.1";
|
||||
ROCKET_PORT = cfg.port;
|
||||
ROCKET_LOG = "critical";
|
||||
};
|
||||
environmentFile = "${config.services.vaultwarden.config.DATA_FOLDER}/conf.env";
|
||||
};
|
||||
|
||||
nginx.virtualHosts.${cfg.domain} = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/".proxyPass = "http://127.0.0.1:${toString cfg.port}";
|
||||
};
|
||||
|
||||
postgresql = {
|
||||
enable = true;
|
||||
ensureDatabases = [ "vaultwarden" ];
|
||||
ensureUsers = [
|
||||
{ name = "vaultwarden";
|
||||
ensurePermissions = { "DATABASE vaultwarden" = "ALL PRIVILEGES"; };
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -0,0 +1,38 @@
|
|||
{ config, lib, pkgs, options, inputs, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
cfg = config.modules.services.watch-party;
|
||||
in {
|
||||
options.modules.services.watch-party = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
};
|
||||
domain = mkOption {
|
||||
type = types.str;
|
||||
default = "watch-party.oat.zone";
|
||||
};
|
||||
port = mkOption {
|
||||
type = types.int;
|
||||
default = 1984;
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
services = {
|
||||
#watch-party = {
|
||||
# enable = true;
|
||||
# port = cfg.port;
|
||||
#};
|
||||
|
||||
nginx.virtualHosts."${cfg.domain}" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:${toString cfg.port}";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,30 +1,61 @@
|
|||
{ pkgs, lib, config, options, ... }:
|
||||
|
||||
with lib;
|
||||
# uncomment any of this and i will uncomment the entirety of russia above your house
|
||||
{ /*
|
||||
with lib; with types;
|
||||
let
|
||||
cfg = config.modules.services.webapps;
|
||||
in {
|
||||
options.modules.services.webapps = mkOption {
|
||||
type = types.attrsOf types.attrs;
|
||||
default = {};
|
||||
options.modules.services.webapps = {
|
||||
enable = mkOption {
|
||||
type = bool;
|
||||
default = false;
|
||||
};
|
||||
webapps = mkOption {
|
||||
type = attrsOf (submodule { options = {
|
||||
nginx = mkOption {
|
||||
type = submodule { options = options.services.nginx.virtualHosts.type.getSubModules; };
|
||||
default = {};
|
||||
};
|
||||
phpfpm = {
|
||||
enable = mkOption {
|
||||
type = bool;
|
||||
default = false;
|
||||
};
|
||||
config = mkOption {
|
||||
type = submodule { options = options.services.phpfpm.pools.type.getSubModules; };
|
||||
default = {
|
||||
settings = {
|
||||
"pm" = mkDefault "dynamic";
|
||||
"pm.max_children" = mkDefault 16;
|
||||
"pm.max_requests" = mkDefault 500;
|
||||
"pm.start_servers" = mkDefault 1;
|
||||
"pm.min_spare_servers" = mkDefault 1;
|
||||
"pm.max_spare_servers" = mkDefault 3;
|
||||
# "php_admin_value[error_log]" = mkDefault "${app.root}/log";
|
||||
"php_admin_flag[log_errors]" = mkDefault true;
|
||||
"catch_workers_output" = mkDefault true;
|
||||
};
|
||||
phpEnv."PATH" = makeBinPath [ pkgs.php ];
|
||||
};
|
||||
};
|
||||
};
|
||||
root = mkOption {
|
||||
type = path;
|
||||
default = null;
|
||||
};
|
||||
}; });
|
||||
default = {};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkMerge (
|
||||
/*
|
||||
[{ services.nginx.enable = true; }] ++
|
||||
|
||||
# Generic configuration
|
||||
(mapAttrsToList (appName: app: let username = lib.intersperse "-" (lib.splitString "." appName); in mkMerge [
|
||||
config = mkIf cfg.enable
|
||||
(mkMerge (mapAttrsToList (appName: app: let username = concatStringsSep "-" (splitString "." appName); in trace appName (mkMerge [
|
||||
{
|
||||
assertions = [{
|
||||
assertion = (types.enum ["generic" "phpfpm"]).check app.platform;
|
||||
description = "Please specify a webapp platform for ${appName}. The possible platforms are: \"generic\", \"phpfpm\"";
|
||||
}];
|
||||
|
||||
users.users.${username} = mkMerge [
|
||||
{
|
||||
isSystemUser = true;
|
||||
group = appName;
|
||||
group = username;
|
||||
}
|
||||
(mkIf (app.root != null) {
|
||||
createHome = true;
|
||||
|
@ -32,33 +63,25 @@ in {
|
|||
})
|
||||
];
|
||||
|
||||
users.groups.${username} = username;
|
||||
# users.groups.${username} = {};
|
||||
|
||||
services.nginx.virtualHosts."${appName}" = app.nginx;
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
virtualHosts.${appName} = mkMerge [
|
||||
app.nginx
|
||||
(mkIf (app.root != null) { root = mkDefault app.root; })
|
||||
];
|
||||
};
|
||||
}
|
||||
|
||||
# phpfpm-specific configuration
|
||||
(mkIf (app.platform == "phpfpm") {
|
||||
(mkIf app.phpfpm.enable {
|
||||
modules.dev.php.enable = true;
|
||||
|
||||
services.phpfpm.pools.${appName} = {
|
||||
user = appName;
|
||||
settings = mkMerge [{
|
||||
"listen.owner" = config.services.nginx.user;
|
||||
"pm" = "dynamic";
|
||||
"pm.max_children" = 16;
|
||||
"pm.max_requests" = 500;
|
||||
"pm.start_servers" = 2;
|
||||
"pm.min_spare_servers" = 1;
|
||||
"pm.max_spare_servers" = 3;
|
||||
"php_admin_value[error_log]" = "${app.root}/log";
|
||||
"php_admin_flag[log_errors]" = true;
|
||||
"catch_workers_output" = true;
|
||||
} app.phpfpm];
|
||||
phpEnv."PATH" = lib.makeBinPath [ pkgs.php ];
|
||||
};
|
||||
services.phpfpm.pools.${appName} = mkMerge [ app.phpfpm.config {
|
||||
user = username;
|
||||
default."listen.owner" = config.services.nginx.user;
|
||||
}];
|
||||
})
|
||||
]) cfg)
|
||||
*/[]
|
||||
);
|
||||
])) cfg.webapps
|
||||
));
|
||||
}
|
||||
*/ }
|
||||
|
|
|
@ -8,7 +8,7 @@ in {
|
|||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "Enables the wiregyard VPN service.";
|
||||
description = "Enables wireguard. \"WireGuard\" and the \"WireGuard\" logo are registered trademarks of Jason A. Donenfeld.";
|
||||
};
|
||||
|
||||
server = mkOption {
|
||||
|
@ -38,6 +38,8 @@ in {
|
|||
}
|
||||
];
|
||||
|
||||
environment.systemPackages = [ pkgs.nftables ];
|
||||
|
||||
networking = mkMerge (
|
||||
[{
|
||||
nat.enable = true;
|
||||
|
@ -46,6 +48,7 @@ in {
|
|||
}] ++
|
||||
|
||||
(mapAttrsToList (iname: iattrs: {
|
||||
firewall.allowedTCPPorts = [ iattrs.listenPort ];
|
||||
firewall.allowedUDPPorts = [ iattrs.listenPort ];
|
||||
|
||||
wireguard.interfaces.${iname} = mkMerge [ iattrs {
|
||||
|
|
File diff suppressed because one or more lines are too long
|
@ -1,41 +0,0 @@
|
|||
{ config, pkgs, lib, options, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
cfg = config.modules.theme;
|
||||
in {
|
||||
options.modules.theme = {
|
||||
active = mkOption {
|
||||
type = types.str;
|
||||
default = "still";
|
||||
description = "Theme defaults";
|
||||
};
|
||||
wallpaper = mkOption {
|
||||
type = types.path;
|
||||
default = null;
|
||||
description = "The main wallpaper";
|
||||
};
|
||||
/*
|
||||
gtk = {
|
||||
theme = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = "The global GTK theme";
|
||||
};
|
||||
iconTheme = {
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = "Global GTK icon theme";
|
||||
};
|
||||
cursorTheme = {
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = "Global GTK cursor theme";
|
||||
};
|
||||
};
|
||||
*/
|
||||
};
|
||||
|
||||
config = mkIf (cfg.active != "") {
|
||||
};
|
||||
}
|
Binary file not shown.
Before Width: | Height: | Size: 2.8 MiB |
|
@ -1,39 +0,0 @@
|
|||
button, label, image {
|
||||
background: none;
|
||||
border-style: none;
|
||||
box-shadow: none;
|
||||
color: #999999;
|
||||
}
|
||||
|
||||
button {
|
||||
padding: 5px;
|
||||
margin: 5px
|
||||
}
|
||||
|
||||
button:hover {
|
||||
background-color: rgba(255, 255, 255, 0.1);
|
||||
}
|
||||
|
||||
button:focus {
|
||||
box-shadow: 0 0 2px;
|
||||
}
|
||||
|
||||
#searchbox {
|
||||
background: none;
|
||||
border-color: #999999;
|
||||
color: #cccccc;
|
||||
margin-top: 20px;
|
||||
margin-bottom: 20px
|
||||
}
|
||||
|
||||
#separator {
|
||||
background-color: rgba(200, 200, 200, 0.5);
|
||||
margin-left: 500px;
|
||||
margin-right: 500px;
|
||||
margin-top: 10px;
|
||||
margin-bottom: 10px
|
||||
}
|
||||
|
||||
#description {
|
||||
margin-bottom: 20px
|
||||
}
|
|
@ -1,3 +0,0 @@
|
|||
# font pango:SF Pro Display
|
||||
|
||||
gaps inner 10
|
|
@ -1,88 +0,0 @@
|
|||
* {
|
||||
border: none;
|
||||
border-radius: 0;
|
||||
font-family: "SF Pro Display";
|
||||
font-size: 13px;
|
||||
}
|
||||
|
||||
window#waybar {
|
||||
background-color: rgba(0, 0, 0, 0);
|
||||
}
|
||||
|
||||
window#waybar.hidden {
|
||||
opacity: 0.2;
|
||||
}
|
||||
|
||||
/* Universal Attributes */
|
||||
|
||||
#tray,
|
||||
#cpu,
|
||||
#memory,
|
||||
#pulseaudio,
|
||||
#battery,
|
||||
#clock,
|
||||
#workspaces button,
|
||||
#window {
|
||||
background: rgba(40, 50, 80, 0.60);
|
||||
border-radius: 5px;
|
||||
color: rgba(240, 240, 240, 1.00);
|
||||
}
|
||||
|
||||
/* Font Sizes */
|
||||
|
||||
#workspaces button {
|
||||
font-size: 15px;
|
||||
}
|
||||
|
||||
/* Padding */
|
||||
|
||||
#workspaces button,
|
||||
#window {
|
||||
padding: 2px 5px;
|
||||
}
|
||||
|
||||
#clock {
|
||||
padding: 2px 8px;
|
||||
}
|
||||
|
||||
#cpu,
|
||||
#memory,
|
||||
#battery {
|
||||
padding: 2px 7px;
|
||||
}
|
||||
|
||||
|
||||
/* Margins */
|
||||
|
||||
#workspaces button,
|
||||
#window {
|
||||
margin: 10px 0 0 10px;
|
||||
}
|
||||
|
||||
#clock {
|
||||
margin: 10px 0 0 0;
|
||||
}
|
||||
|
||||
#tray,
|
||||
#cpu,
|
||||
#memory,
|
||||
#pulseaudio,
|
||||
#battery {
|
||||
margin: 10px 10px 0 0 ;
|
||||
}
|
||||
|
||||
/* Colours */
|
||||
|
||||
#workspaces button.active {
|
||||
background: rgba(40, 70, 125, 0.40);
|
||||
}
|
||||
|
||||
#workspaces button:hover,
|
||||
#battery.charging {
|
||||
background: rgba(45, 80, 140, 1.00);
|
||||
}
|
||||
|
||||
#workspaces button.urgent,
|
||||
#battery.critical:not(.charging) {
|
||||
background: rgba(255, 100, 80, 1.00);
|
||||
}
|
|
@ -1,32 +0,0 @@
|
|||
{ config, options, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
theme = config.modules.theme;
|
||||
in {
|
||||
config = mkIf (theme.active == "still") (mkMerge [
|
||||
{
|
||||
modules.theme.wallpaper = ./background.png;
|
||||
home.configFile = with config.modules; mkMerge [
|
||||
(mkIf desktop.services.waybar.enable {
|
||||
"waybar" = { source = ./config/waybar; target = "$HOME.config/waybar"; recursive = true; };
|
||||
})
|
||||
/*
|
||||
(mkIf desktop.apps.alacritty.enable {
|
||||
"alacritty" = { source = ./config/alacritty; recursive = true; };
|
||||
})
|
||||
(mkIf desktop.apps.wofi.enable {
|
||||
"wofi" = { source = ./config/wofi; recursive = true; };
|
||||
})
|
||||
*/
|
||||
(mkIf desktop.sway.enable {
|
||||
"sway" = { source = ./config/sway; target = "$HOME.config/sway"; recursive = true; };
|
||||
})
|
||||
|
||||
(mkIf desktop.apps.nwg-launchers.enable {
|
||||
"nwg-launchers/nwggrid/style.css" = { source = ./config/nwggrid/style.css; };
|
||||
})
|
||||
];
|
||||
}
|
||||
]);
|
||||
}
|
|
@ -5,10 +5,23 @@ let
|
|||
|
||||
in {
|
||||
options = {
|
||||
defaultUsers = mkOption {
|
||||
user = mkOption {
|
||||
type = types.attrs;
|
||||
default = {};
|
||||
description = "Collection of users";
|
||||
description = "Defaults to apply to all normal users in the system.";
|
||||
};
|
||||
normalUsers = mkOption {
|
||||
type = types.attrsOf (types.submodule { options = {
|
||||
conf = mkOption {
|
||||
type = types.attrs;
|
||||
default = {};
|
||||
};
|
||||
homeConf = mkOption {
|
||||
type = types.attrs;
|
||||
default = {};
|
||||
};
|
||||
};});
|
||||
default = {};
|
||||
};
|
||||
home = {
|
||||
_ = mkOption {
|
||||
|
@ -18,15 +31,10 @@ in {
|
|||
};
|
||||
configFile = mkOption {
|
||||
type = types.attrs;
|
||||
default = {};
|
||||
description = "(XDG) Configuration files managed by home-manager";
|
||||
default = {};
|
||||
description = "(XDG) Configuration files managed by home-manager";
|
||||
};
|
||||
};
|
||||
user = mkOption {
|
||||
type = types.attrs;
|
||||
default = {};
|
||||
description = "Universal system-level user configuration";
|
||||
};
|
||||
configDir = mkOption {
|
||||
type = types.path;
|
||||
default = ../config;
|
||||
|
@ -58,22 +66,17 @@ in {
|
|||
};
|
||||
};
|
||||
|
||||
users.users = mapAttrs (user: prop: mkMerge [
|
||||
users.groups = mapAttrs (_: _: {}) config.normalUsers;
|
||||
|
||||
users.users = mapAttrs (username: user: (mkMerge [
|
||||
(mkAliasDefinitions options.user)
|
||||
|
||||
user.conf
|
||||
{
|
||||
packages = prop.packages;
|
||||
extraGroups = prop.extraGroups;
|
||||
shell = pkgs."${config.defaultUsers."${user}".shell}";
|
||||
home = "/home/${user}";
|
||||
isNormalUser = true;
|
||||
group = user;
|
||||
group = username;
|
||||
}
|
||||
]) config.defaultUsers;
|
||||
])) config.normalUsers;
|
||||
|
||||
home-manager.users = mapAttrs (user: prop: mkMerge [
|
||||
(mkAliasDefinitions options.home._)
|
||||
# (import "${prop.homeDir}/.home/")
|
||||
]) config.defaultUsers;
|
||||
home-manager.users = mapAttrs (username: user: (mkMerge [(mkAliasDefinitions options.home._) user.homeConf])) config.normalUsers;
|
||||
};
|
||||
}
|
||||
|
|
21
nixos.nix
21
nixos.nix
|
@ -1,21 +0,0 @@
|
|||
{ lib, inputs, pkgs, ... }:
|
||||
|
||||
let
|
||||
inherit (lib) nixosSystem mkDefault;
|
||||
in {
|
||||
/*
|
||||
*/
|
||||
mkHost = system: path:
|
||||
nixosSystem {
|
||||
inherit system;
|
||||
specialArgs = { inherit lib inputs system; };
|
||||
modules = [
|
||||
{
|
||||
nixpkgs.pkgs = pkgs;
|
||||
networking.hostName = mkDefault (baseNameOf path);
|
||||
}
|
||||
../.
|
||||
(import path)
|
||||
];
|
||||
};
|
||||
}
|
|
@ -0,0 +1,26 @@
|
|||
{ lib, stdenv, fetchFromGitLab, rustc, cargo, openssl, rustPlatform, ... }: {}
|
||||
|
||||
/*
|
||||
rustPlatform.buildRustPackage rec {
|
||||
pname = "matrix-conduit";
|
||||
ver = "v0.4.0";
|
||||
|
||||
src = fetchFromGitLab {
|
||||
owner = "famedly";
|
||||
repo = "conduit";
|
||||
rev = "0b926c2a31deff57a3526dd75d8c08775b02241a";
|
||||
sha256 = lib.fakeSha256;
|
||||
};
|
||||
|
||||
meta = {
|
||||
name = "conduit";
|
||||
description = "A Matrix homeserver written in Rust";
|
||||
license = "Apache-2.0";
|
||||
homepage = "https://conduit.rs";
|
||||
};
|
||||
|
||||
cargoSha256 = lib.fakeSha256;
|
||||
|
||||
buildInputs = [ openssl ];
|
||||
}
|
||||
*/
|
Loading…
Reference in New Issue