From c59b23321f4ddf92a3f9f8c4afb84b545db17087 Mon Sep 17 00:00:00 2001 From: yomaq Date: Mon, 12 Aug 2024 23:38:51 -0500 Subject: [PATCH] refactor for nixfmt --- Utilities/devenv/default.nix | 11 +- .../import all directories default | 27 - .../import everything recursively | 39 - flake.nix | 218 +-- hosts/azure/azure.nix | 43 +- hosts/azure/default.nix | 41 +- hosts/blue/blue.nix | 34 +- hosts/blue/default.nix | 41 +- hosts/carob/carob.nix | 28 +- hosts/carob/default.nix | 41 +- hosts/green/default.nix | 41 +- hosts/green/green.nix | 21 +- hosts/green/hardware-configuration.nix | 21 +- hosts/install-iso/default.nix | 41 +- hosts/install-iso/install-iso.nix | 29 +- hosts/midnight/brew_macos.nix | 16 +- hosts/midnight/default.nix | 41 +- hosts/midnight/midnight.nix | 17 +- hosts/pearl/default.nix | 41 +- hosts/pearl/pearl.nix | 29 +- hosts/smalt/default.nix | 41 +- hosts/smalt/smalt.nix | 31 +- hosts/teal/default.nix | 41 +- hosts/teal/teal.nix | 36 +- modules/containers/default.nix | 43 +- modules/containers/docker.nix | 27 +- modules/containers/dufs.nix | 94 +- modules/containers/linkwarden.nix | 118 +- .../minecraft-bedrock-submodule.nix | 161 +- .../nixos-containers/code-server/nixos.nix | 65 +- .../nixos-containers/gatus/nixos.nix | 92 +- .../nixos-containers/healthchecks/nixos.nix | 93 +- .../nixos-containers/homepage/nixos.nix | 75 +- .../nixos-containers/nextcloud/nixos.nix | 101 +- .../nixos-containers/nfty/nixos.nix | 88 +- .../openvscode-server/nixos.nix | 69 +- modules/containers/tailscale-submodule.nix | 213 +-- modules/containers/teslamate.nix | 202 ++- modules/containers/windows-submodule.nix | 150 +- modules/home-manager/agenix/default.nix | 11 +- modules/home-manager/alacritty/default.nix | 30 +- modules/home-manager/bash/default.nix | 60 +- modules/home-manager/comma/default.nix | 34 +- modules/home-manager/default.nix | 52 +- modules/home-manager/direnv/default.nix | 26 +- modules/home-manager/firefox/default.nix | 662 ++++---- modules/home-manager/gnomeOptions/default.nix | 170 +-- modules/home-manager/nix/default.nix | 19 +- modules/home-manager/nixvim/default.nix | 28 +- modules/home-manager/suites/default.nix | 34 +- modules/home-manager/tmux/default.nix | 40 +- modules/home-manager/vscode/default.nix | 18 +- modules/home-manager/zsh/default.nix | 26 +- modules/hosts/1password/darwin.nix | 22 +- modules/hosts/1password/default.nix | 14 +- modules/hosts/1password/nixos.nix | 10 +- modules/hosts/adGuardHome/nixos.nix | 45 +- modules/hosts/agenix/darwin.nix | 14 +- modules/hosts/agenix/default.nix | 16 +- modules/hosts/agenix/nixos.nix | 14 +- modules/hosts/autoUpgradeNix/nixos.nix | 32 +- modules/hosts/darwin.nix | 32 +- modules/hosts/darwin/homebrew/darwin.nix | 28 +- .../hosts/darwin/macOS-Settings/darwin.nix | 21 +- modules/hosts/disko/nixos.nix | 16 +- modules/hosts/flatpak/nixos.nix | 23 +- modules/hosts/gatus/nixos.nix | 35 +- modules/hosts/gatus/temp/nixos.nix | 2 +- modules/hosts/glances/nixos.nix | 1343 +++++++++-------- modules/hosts/gnome/nixos.nix | 55 +- modules/hosts/healthchecks/nixos.nix | 15 +- modules/hosts/healthchecks/temp/nixos.nix | 122 +- modules/hosts/homepage/nixos.nix | 103 +- modules/hosts/impermanence/nixos.nix | 30 +- modules/hosts/initrd-tailscale/nixos.nix | 149 +- modules/hosts/kde-plasma/nixos.nix | 13 +- modules/hosts/network/darwin.nix | 15 +- modules/hosts/network/default.nix | 25 +- modules/hosts/network/nixos.nix | 99 +- modules/hosts/nextcloud/nixos.nix | 106 +- modules/hosts/nix+nixpkgs/darwin.nix | 21 +- modules/hosts/nix+nixpkgs/default.nix | 23 +- modules/hosts/nix+nixpkgs/nixos.nix | 19 +- modules/hosts/nixos.nix | 32 +- modules/hosts/ntfy/nixos.nix | 25 +- modules/hosts/primaryUser/nixos.nix | 16 +- modules/hosts/scripts/default.nix | 23 +- modules/hosts/skhd/darwin.nix | 16 +- modules/hosts/ssh/knownHosts/default.nix | 12 +- modules/hosts/ssh/nixos.nix | 20 +- modules/hosts/suites/basics/darwin.nix | 18 +- modules/hosts/suites/basics/default.nix | 25 +- modules/hosts/suites/basics/nixos.nix | 15 +- modules/hosts/suites/container/nixos.nix | 23 +- modules/hosts/suites/foundation/darwin.nix | 14 +- modules/hosts/suites/foundation/default.nix | 23 +- modules/hosts/suites/foundation/nixos.nix | 14 +- modules/hosts/tailscale/darwin.nix | 19 +- modules/hosts/tailscale/default.nix | 47 +- modules/hosts/tailscale/nixos.nix | 63 +- modules/hosts/timezone/nixos.nix | 23 +- modules/hosts/yabai/darwin.nix | 22 +- modules/hosts/zfs/disks/nixos.nix | 176 ++- modules/hosts/zfs/sanoid/nixos.nix | 29 +- modules/hosts/zfs/syncoid/nixos.nix | 122 +- modules/hosts/zsh/darwin.nix | 14 +- modules/hosts/zsh/default.nix | 16 +- modules/hosts/zsh/nixos.nix | 18 +- modules/overlays/default.nix | 4 +- modules/scripts/initrdunlock.nix | 97 +- packages/default.nix | 6 - packages/traefik/default.nix | 40 - secrets/secrets.nix | 89 +- users/admin/default.nix | 35 +- users/admin/homeManager/default.nix | 15 +- users/carln/default.nix | 32 +- users/carln/homeManager/default.nix | 67 +- .../carln/homeManager/dotfiles/1password.nix | 15 +- users/carln/homeManager/dotfiles/default.nix | 17 +- users/ryn/default.nix | 29 +- users/ryn/homeManager/default.nix | 37 +- users/ryn/homeManager/dotfiles/1password.nix | 15 +- users/ryn/homeManager/dotfiles/default.nix | 17 +- 123 files changed, 4156 insertions(+), 3416 deletions(-) delete mode 100644 Utilities/templates/examples for default import files/import all directories default delete mode 100644 Utilities/templates/examples for default import files/import everything recursively delete mode 100644 packages/default.nix delete mode 100644 packages/traefik/default.nix diff --git a/Utilities/devenv/default.nix b/Utilities/devenv/default.nix index 2e97030c..6fe2aa7f 100644 --- a/Utilities/devenv/default.nix +++ b/Utilities/devenv/default.nix @@ -1,19 +1,20 @@ -{ pkgs, lib, ... }: -{ +{ pkgs, lib, ... }: +{ env = { GREET = "Yomaq's Home Flake"; }; # https://github.com/cachix/devenv/issues/528 - containers = lib.mkForce {}; + containers = lib.mkForce { }; packages = with pkgs; [ _1password + nixfmt-rfc-style ]; enterShell = '' echo $GREET - ''; + ''; scripts = { # remove nix system gernerations older than 7 days @@ -118,4 +119,4 @@ nix run github:numtide/nixos-anywhere -- --flake .#$hostname root@$ipaddress ''; }; -} \ No newline at end of file +} diff --git a/Utilities/templates/examples for default import files/import all directories default b/Utilities/templates/examples for default import files/import all directories default deleted file mode 100644 index b69fc32a..00000000 --- a/Utilities/templates/examples for default import files/import all directories default +++ /dev/null @@ -1,27 +0,0 @@ -{ lib, ... }: - -## Import all default.nix modules within all neighbouring directories (recursive). -## from: https://github.com/evanjs/nixos_cfg/blob/4bb5b0b84a221b25cf50853c12b9f66f0cad3ea4/config/new-modules/default.nix - -with lib; -let - getDir = dir: mapAttrs - (file: type: - if type == "directory" then getDir "${dir}/${file}" else null - ) - (builtins.readDir dir); - - files = dir: collect isString (mapAttrsRecursive (path: type: concatStringsSep "/" path) (getDir dir)); - - validFiles = dir: map - (file: ./. + "/${file}") - (filter - (file: hasSuffix "default.nix" file - && file != "default.nix" - ) - (files dir)); - -in -{ - imports = validFiles ./.; -} \ No newline at end of file diff --git a/Utilities/templates/examples for default import files/import everything recursively b/Utilities/templates/examples for default import files/import everything recursively deleted file mode 100644 index 70b578a7..00000000 --- a/Utilities/templates/examples for default import files/import everything recursively +++ /dev/null @@ -1,39 +0,0 @@ -{ lib, ... }: - -## Import all modules inside this folder recursively. -## from: https://github.com/evanjs/nixos_cfg/blob/4bb5b0b84a221b25cf50853c12b9f66f0cad3ea4/config/new-modules/default.nix - -with lib; -let - # Recursively constructs an attrset of a given folder, recursing on directories, value of attrs is the filetype - getDir = dir: mapAttrs - (file: type: - if type == "directory" then getDir "${dir}/${file}" else type - # If you want to exclude recusing on directories (untested) - # if type == "directory" then null else type - ) - (builtins.readDir dir); - - # Collects all files of a directory as a list of strings of paths - files = dir: collect isString (mapAttrsRecursive (path: type: concatStringsSep "/" path) (getDir dir)); - - # Filters out directories that don't end with .nix or are this file, also makes the strings absolute - validFiles = dir: map - (file: ./. + "/${file}") - (filter - (file: hasSuffix ".nix" file - # Exclude this file - && file != "default.nix" - # how to exclude a path - # && ! lib.hasPrefix "exclude/path/" file - # how to exclude a group of files - # && ! lib.hasSuffix "-ex.nix" file - ) - (files dir)); - -in -{ - - imports = validFiles ./.; - -} \ No newline at end of file diff --git a/flake.nix b/flake.nix index 1dadbae4..65c45ca1 100644 --- a/flake.nix +++ b/flake.nix @@ -2,7 +2,7 @@ description = "nix config"; inputs = { # Nixpkgs - nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; + nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05"; # Home manager home-manager.url = "github:nix-community/home-manager/release-24.05"; @@ -39,104 +39,138 @@ inputs.nixpkgs.follows = "nixpkgs"; }; }; - outputs = { self, nixpkgs, home-manager, nix-darwin, nixos-generators, flake-parts, ... }@inputs: - flake-parts.lib.mkFlake { inherit inputs; } { - systems = [ - # systems for which you want to build the `perSystem` attributes - "x86_64-linux" - "aarch64-darwin" - ]; - imports = [ - inputs.devenv.flakeModule - ]; - perSystem = { config, self', inputs', pkgs, system, ... }: { - # flake's own devenv - devenv.shells.default = { imports = [ ./Utilities/devenv/default.nix ]; }; - }; - # non-flake.parts outputs - flake = { - overlays = import ./modules/overlays {inherit inputs;}; - ### Host outputs - # NixOS configuration entrypoint - # Available through 'nixos-rebuild switch --flake .#your-hostname' - nixosConfigurations = { - blue = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { inherit inputs; }; - modules = [ ./hosts/blue ]; + outputs = + { + self, + nixpkgs, + home-manager, + nix-darwin, + nixos-generators, + flake-parts, + ... + }@inputs: + flake-parts.lib.mkFlake { inherit inputs; } { + systems = [ + # systems for which you want to build the `perSystem` attributes + "x86_64-linux" + "aarch64-darwin" + ]; + imports = [ inputs.devenv.flakeModule ]; + perSystem = + { + config, + self', + inputs', + pkgs, + system, + ... + }: + { + # flake's own devenv + devenv.shells.default = { + imports = [ ./Utilities/devenv/default.nix ]; + }; }; - azure = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { inherit inputs; }; - modules = [ ./hosts/azure ]; + # non-flake.parts outputs + flake = { + overlays = import ./modules/overlays { inherit inputs; }; + ### Host outputs + # NixOS configuration entrypoint + # Available through 'nixos-rebuild switch --flake .#your-hostname' + nixosConfigurations = { + blue = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { + inherit inputs; + }; + modules = [ ./hosts/blue ]; + }; + azure = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { + inherit inputs; + }; + modules = [ ./hosts/azure ]; + }; + carob = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { + inherit inputs; + }; + modules = [ ./hosts/carob ]; + }; + teal = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { + inherit inputs; + }; + modules = [ ./hosts/teal ]; + }; + smalt = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { + inherit inputs; + }; + modules = [ ./hosts/smalt ]; + }; + # green = nixpkgs.lib.nixosSystem { + # system = "x86_64-linux"; + # specialArgs = { inherit inputs; }; + # modules = [ ./hosts/green ]; + # }; + pearl = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { + inherit inputs; + }; + modules = [ ./hosts/pearl ]; + }; }; - carob = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { inherit inputs; }; - modules = [ ./hosts/carob ]; + # Nix-darwin configuration entrypoint + # Available through 'darwin-rebuild switch --flake .#your-hostname' + darwinConfigurations = { + midnight = nix-darwin.lib.darwinSystem { + specialArgs = { + inherit inputs; + }; + system = "aarch64-darwin"; + modules = [ ./hosts/midnight ]; + }; }; - teal = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { inherit inputs; }; - modules = [ ./hosts/teal ]; + # Standalone home-manager configuration entrypoint + # Available through 'home-manager --flake .#your-username@your-hostname' + homeConfigurations = { + "carln@hostname" = home-manager.lib.homeManagerConfiguration { + pkgs = nixpkgs.legacyPackages.x86_64-linux; + extraSpecialArgs = { + inherit inputs; + }; + modules = [ ./users/carln/homeManager ]; + }; }; - smalt = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { inherit inputs; }; - modules = [ ./hosts/smalt ]; + # Nixos-generators configuration entrypoints + # Available through 'nix build .#your-hostname' + packages.x86_64-linux = { + #### requires --impure, breaks `nix flake check` + # install-iso = nixos-generators.nixosGenerate { + # system = "x86_64-linux"; + # format = "install-iso"; + # specialArgs = { inherit inputs; }; + # modules = [ ./hosts/install-iso ]; + # }; }; - # green = nixpkgs.lib.nixosSystem { - # system = "x86_64-linux"; - # specialArgs = { inherit inputs; }; - # modules = [ ./hosts/green ]; - # }; - pearl = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { inherit inputs; }; - modules = [ ./hosts/pearl ]; + ### Module outputs + nixosModules = { + yomaq = import ./modules/hosts/nixos.nix; + # custom container modules + pods = import ./modules/containers; }; - }; - # Nix-darwin configuration entrypoint - # Available through 'darwin-rebuild switch --flake .#your-hostname' - darwinConfigurations = { - midnight = nix-darwin.lib.darwinSystem { - specialArgs = { inherit inputs; }; - system = "aarch64-darwin"; - modules = [ ./hosts/midnight ]; + darwinModules = { + yomaq = import ./modules/hosts/darwin.nix; }; - }; - # Standalone home-manager configuration entrypoint - # Available through 'home-manager --flake .#your-username@your-hostname' - homeConfigurations = { - "carln@hostname" = home-manager.lib.homeManagerConfiguration { - pkgs = nixpkgs.legacyPackages.x86_64-linux; - extraSpecialArgs = {inherit inputs;}; - modules = [./users/carln/homeManager]; + homeManagerModules = { + yomaq = import ./modules/home-manager; }; }; - # Nixos-generators configuration entrypoints - # Available through 'nix build .#your-hostname' - packages.x86_64-linux = { - #### requires --impure, breaks `nix flake check` - # install-iso = nixos-generators.nixosGenerate { - # system = "x86_64-linux"; - # format = "install-iso"; - # specialArgs = { inherit inputs; }; - # modules = [ ./hosts/install-iso ]; - # }; - }; - ### Module outputs - nixosModules = { - yomaq = import ./modules/hosts/nixos.nix; - # custom container modules - pods = import ./modules/containers; - }; - darwinModules = { - yomaq = import ./modules/hosts/darwin.nix; - }; - homeManagerModules = { - yomaq = import ./modules/home-manager; - }; }; - }; -} \ No newline at end of file +} diff --git a/hosts/azure/azure.nix b/hosts/azure/azure.nix index 01a3bebc..20fe14be 100644 --- a/hosts/azure/azure.nix +++ b/hosts/azure/azure.nix @@ -1,6 +1,13 @@ -{ config, lib, pkgs, inputs, modulesPath, ... }: { - imports =[ + config, + lib, + pkgs, + inputs, + modulesPath, + ... +}: +{ + imports = [ # import custom modules inputs.self.nixosModules.yomaq inputs.self.nixosModules.pods @@ -14,7 +21,14 @@ config = { networking.hostName = "azure"; system.stateVersion = "23.11"; - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.availableKernelModules = [ + "nvme" + "xhci_pci" + "ahci" + "usbhid" + "usb_storage" + "sd_mod" + ]; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; yomaq = { @@ -22,7 +36,10 @@ primaryUser.users = [ "admin" ]; tailscale = { enable = true; - extraUpFlags = ["--ssh=true" "--reset=true" ]; + extraUpFlags = [ + "--ssh=true" + "--reset=true" + ]; }; docker.enable = true; pods = { @@ -41,15 +58,18 @@ healthchecks.enable = true; gatus.enable = true; }; - syncoid = { + syncoid = { isBackupServer = true; - exclude = ["blue" "green"]; + exclude = [ + "blue" + "green" + ]; }; - network = { + network = { useBr0 = true; physicalInterfaceName = "eno1"; }; - timezone.central= true; + timezone.central = true; suites = { basics.enable = true; foundation.enable = true; @@ -59,7 +79,7 @@ systemd-boot = true; initrd-ssh = { enable = true; - ethernetDrivers = ["igc"]; + ethernetDrivers = [ "igc" ]; }; zfs = { enable = true; @@ -72,7 +92,10 @@ }; storage = { enable = true; - disks = [ "sda" "sdb" ]; + disks = [ + "sda" + "sdb" + ]; reservation = "1500G"; mirror = true; #amReinstalling = true; diff --git a/hosts/azure/default.nix b/hosts/azure/default.nix index 70b578a7..da798b45 100644 --- a/hosts/azure/default.nix +++ b/hosts/azure/default.nix @@ -2,38 +2,37 @@ ## Import all modules inside this folder recursively. ## from: https://github.com/evanjs/nixos_cfg/blob/4bb5b0b84a221b25cf50853c12b9f66f0cad3ea4/config/new-modules/default.nix - -with lib; let # Recursively constructs an attrset of a given folder, recursing on directories, value of attrs is the filetype - getDir = dir: mapAttrs - (file: type: - if type == "directory" then getDir "${dir}/${file}" else type + getDir = + dir: + lib.mapAttrs ( + file: type: if type == "directory" then getDir "${dir}/${file}" else type # If you want to exclude recusing on directories (untested) # if type == "directory" then null else type - ) - (builtins.readDir dir); - + ) (builtins.readDir dir); # Collects all files of a directory as a list of strings of paths - files = dir: collect isString (mapAttrsRecursive (path: type: concatStringsSep "/" path) (getDir dir)); - + files = + dir: + lib.collect lib.isString ( + lib.mapAttrsRecursive (path: type: lib.concatStringsSep "/" path) (getDir dir) + ); # Filters out directories that don't end with .nix or are this file, also makes the strings absolute - validFiles = dir: map - (file: ./. + "/${file}") - (filter - (file: hasSuffix ".nix" file + validFiles = + dir: + map (file: ./. + "/${file}") ( + lib.filter ( + file: + lib.hasSuffix ".nix" file # Exclude this file - && file != "default.nix" + && file != "default.nix" # how to exclude a path # && ! lib.hasPrefix "exclude/path/" file # how to exclude a group of files # && ! lib.hasSuffix "-ex.nix" file - ) - (files dir)); - + ) (files dir) + ); in { - imports = validFiles ./.; - -} \ No newline at end of file +} diff --git a/hosts/blue/blue.nix b/hosts/blue/blue.nix index 3f429a98..41bde338 100644 --- a/hosts/blue/blue.nix +++ b/hosts/blue/blue.nix @@ -1,6 +1,13 @@ -{ config, lib, pkgs, inputs, modulesPath, ... }: { - imports =[ + config, + lib, + pkgs, + inputs, + modulesPath, + ... +}: +{ + imports = [ # import custom modules inputs.self.nixosModules.yomaq inputs.self.nixosModules.pods @@ -15,7 +22,14 @@ config = { networking.hostName = "blue"; system.stateVersion = "23.11"; - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.availableKernelModules = [ + "nvme" + "xhci_pci" + "ahci" + "usbhid" + "usb_storage" + "sd_mod" + ]; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; @@ -26,11 +40,17 @@ yomaq = { autoUpgrade.enable = true; - primaryUser.users = [ "carln" "admin" ]; + primaryUser.users = [ + "carln" + "admin" + ]; _1password.enable = true; tailscale = { enable = true; - extraUpFlags = ["--ssh=true" "--reset=true" ]; + extraUpFlags = [ + "--ssh=true" + "--reset=true" + ]; useRoutingFeatures = "client"; # for building iso preApprovedSshAuthkey = true; @@ -44,7 +64,7 @@ gnome.enable = true; scripts.enable = true; flatpak.enable = true; - timezone.central= true; + timezone.central = true; suites = { basics.enable = true; foundation.enable = true; @@ -54,7 +74,7 @@ systemd-boot = true; initrd-ssh = { enable = true; - ethernetDrivers = ["r8169"]; + ethernetDrivers = [ "r8169" ]; }; zfs = { enable = true; diff --git a/hosts/blue/default.nix b/hosts/blue/default.nix index 70b578a7..da798b45 100644 --- a/hosts/blue/default.nix +++ b/hosts/blue/default.nix @@ -2,38 +2,37 @@ ## Import all modules inside this folder recursively. ## from: https://github.com/evanjs/nixos_cfg/blob/4bb5b0b84a221b25cf50853c12b9f66f0cad3ea4/config/new-modules/default.nix - -with lib; let # Recursively constructs an attrset of a given folder, recursing on directories, value of attrs is the filetype - getDir = dir: mapAttrs - (file: type: - if type == "directory" then getDir "${dir}/${file}" else type + getDir = + dir: + lib.mapAttrs ( + file: type: if type == "directory" then getDir "${dir}/${file}" else type # If you want to exclude recusing on directories (untested) # if type == "directory" then null else type - ) - (builtins.readDir dir); - + ) (builtins.readDir dir); # Collects all files of a directory as a list of strings of paths - files = dir: collect isString (mapAttrsRecursive (path: type: concatStringsSep "/" path) (getDir dir)); - + files = + dir: + lib.collect lib.isString ( + lib.mapAttrsRecursive (path: type: lib.concatStringsSep "/" path) (getDir dir) + ); # Filters out directories that don't end with .nix or are this file, also makes the strings absolute - validFiles = dir: map - (file: ./. + "/${file}") - (filter - (file: hasSuffix ".nix" file + validFiles = + dir: + map (file: ./. + "/${file}") ( + lib.filter ( + file: + lib.hasSuffix ".nix" file # Exclude this file - && file != "default.nix" + && file != "default.nix" # how to exclude a path # && ! lib.hasPrefix "exclude/path/" file # how to exclude a group of files # && ! lib.hasSuffix "-ex.nix" file - ) - (files dir)); - + ) (files dir) + ); in { - imports = validFiles ./.; - -} \ No newline at end of file +} diff --git a/hosts/carob/carob.nix b/hosts/carob/carob.nix index f082e68f..ff5e3599 100644 --- a/hosts/carob/carob.nix +++ b/hosts/carob/carob.nix @@ -1,6 +1,13 @@ -{ config, lib, pkgs, inputs, modulesPath, ... }: { - imports =[ + config, + lib, + pkgs, + inputs, + modulesPath, + ... +}: +{ + imports = [ # import custom modules inputs.self.nixosModules.yomaq # import users @@ -11,7 +18,14 @@ config = { networking.hostName = "carob"; system.stateVersion = "23.11"; - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ]; + boot.initrd.availableKernelModules = [ + "xhci_pci" + "ahci" + "usbhid" + "usb_storage" + "sd_mod" + "sdhci_pci" + ]; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; # enable a desktop environment so I can set 1password ssh agent @@ -20,7 +34,11 @@ yomaq = { tailscale = { enable = true; - extraUpFlags = ["--ssh=true" "--reset=true" "--accept-dns=false" ]; + extraUpFlags = [ + "--ssh=true" + "--reset=true" + "--accept-dns=false" + ]; useRoutingFeatures = "client"; authKeyFile = null; }; @@ -29,7 +47,7 @@ autoUpgrade.enable = true; primaryUser.users = [ "admin" ]; - timezone.central= true; + timezone.central = true; syncoid.enable = true; suites = { basics.enable = true; diff --git a/hosts/carob/default.nix b/hosts/carob/default.nix index 70b578a7..da798b45 100644 --- a/hosts/carob/default.nix +++ b/hosts/carob/default.nix @@ -2,38 +2,37 @@ ## Import all modules inside this folder recursively. ## from: https://github.com/evanjs/nixos_cfg/blob/4bb5b0b84a221b25cf50853c12b9f66f0cad3ea4/config/new-modules/default.nix - -with lib; let # Recursively constructs an attrset of a given folder, recursing on directories, value of attrs is the filetype - getDir = dir: mapAttrs - (file: type: - if type == "directory" then getDir "${dir}/${file}" else type + getDir = + dir: + lib.mapAttrs ( + file: type: if type == "directory" then getDir "${dir}/${file}" else type # If you want to exclude recusing on directories (untested) # if type == "directory" then null else type - ) - (builtins.readDir dir); - + ) (builtins.readDir dir); # Collects all files of a directory as a list of strings of paths - files = dir: collect isString (mapAttrsRecursive (path: type: concatStringsSep "/" path) (getDir dir)); - + files = + dir: + lib.collect lib.isString ( + lib.mapAttrsRecursive (path: type: lib.concatStringsSep "/" path) (getDir dir) + ); # Filters out directories that don't end with .nix or are this file, also makes the strings absolute - validFiles = dir: map - (file: ./. + "/${file}") - (filter - (file: hasSuffix ".nix" file + validFiles = + dir: + map (file: ./. + "/${file}") ( + lib.filter ( + file: + lib.hasSuffix ".nix" file # Exclude this file - && file != "default.nix" + && file != "default.nix" # how to exclude a path # && ! lib.hasPrefix "exclude/path/" file # how to exclude a group of files # && ! lib.hasSuffix "-ex.nix" file - ) - (files dir)); - + ) (files dir) + ); in { - imports = validFiles ./.; - -} \ No newline at end of file +} diff --git a/hosts/green/default.nix b/hosts/green/default.nix index 70b578a7..da798b45 100644 --- a/hosts/green/default.nix +++ b/hosts/green/default.nix @@ -2,38 +2,37 @@ ## Import all modules inside this folder recursively. ## from: https://github.com/evanjs/nixos_cfg/blob/4bb5b0b84a221b25cf50853c12b9f66f0cad3ea4/config/new-modules/default.nix - -with lib; let # Recursively constructs an attrset of a given folder, recursing on directories, value of attrs is the filetype - getDir = dir: mapAttrs - (file: type: - if type == "directory" then getDir "${dir}/${file}" else type + getDir = + dir: + lib.mapAttrs ( + file: type: if type == "directory" then getDir "${dir}/${file}" else type # If you want to exclude recusing on directories (untested) # if type == "directory" then null else type - ) - (builtins.readDir dir); - + ) (builtins.readDir dir); # Collects all files of a directory as a list of strings of paths - files = dir: collect isString (mapAttrsRecursive (path: type: concatStringsSep "/" path) (getDir dir)); - + files = + dir: + lib.collect lib.isString ( + lib.mapAttrsRecursive (path: type: lib.concatStringsSep "/" path) (getDir dir) + ); # Filters out directories that don't end with .nix or are this file, also makes the strings absolute - validFiles = dir: map - (file: ./. + "/${file}") - (filter - (file: hasSuffix ".nix" file + validFiles = + dir: + map (file: ./. + "/${file}") ( + lib.filter ( + file: + lib.hasSuffix ".nix" file # Exclude this file - && file != "default.nix" + && file != "default.nix" # how to exclude a path # && ! lib.hasPrefix "exclude/path/" file # how to exclude a group of files # && ! lib.hasSuffix "-ex.nix" file - ) - (files dir)); - + ) (files dir) + ); in { - imports = validFiles ./.; - -} \ No newline at end of file +} diff --git a/hosts/green/green.nix b/hosts/green/green.nix index b8845504..09b4325b 100644 --- a/hosts/green/green.nix +++ b/hosts/green/green.nix @@ -1,6 +1,12 @@ -{ config, lib, pkgs, inputs, ... }: { - imports =[ + config, + lib, + pkgs, + inputs, + ... +}: +{ + imports = [ # import custom modules inputs.self.nixosModules.yomaq inputs.self.nixosModules.pods @@ -16,12 +22,17 @@ primaryUser.users = [ "admin" ]; tailscale = { enable = true; - extraUpFlags = ["--ssh=true" "--reset=true" "--accept-dns=true" "--advertise-exit-node=true" ]; + extraUpFlags = [ + "--ssh=true" + "--reset=true" + "--accept-dns=true" + "--advertise-exit-node=true" + ]; useRoutingFeatures = "server"; }; glances.enable = lib.mkForce false; _1password.enable = true; - timezone.central= true; + timezone.central = true; suites = { basics.enable = true; foundation.enable = true; @@ -32,7 +43,7 @@ systemd-boot = true; initrd-ssh = { enable = true; - ethernetDrivers = ["e1000e"]; + ethernetDrivers = [ "e1000e" ]; }; zfs = { enable = true; diff --git a/hosts/green/hardware-configuration.nix b/hosts/green/hardware-configuration.nix index 51d6ab16..12aff0b3 100644 --- a/hosts/green/hardware-configuration.nix +++ b/hosts/green/hardware-configuration.nix @@ -1,13 +1,24 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.availableKernelModules = [ + "nvme" + "xhci_pci" + "ahci" + "usbhid" + "usb_storage" + "sd_mod" + ]; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; } diff --git a/hosts/install-iso/default.nix b/hosts/install-iso/default.nix index 70b578a7..da798b45 100644 --- a/hosts/install-iso/default.nix +++ b/hosts/install-iso/default.nix @@ -2,38 +2,37 @@ ## Import all modules inside this folder recursively. ## from: https://github.com/evanjs/nixos_cfg/blob/4bb5b0b84a221b25cf50853c12b9f66f0cad3ea4/config/new-modules/default.nix - -with lib; let # Recursively constructs an attrset of a given folder, recursing on directories, value of attrs is the filetype - getDir = dir: mapAttrs - (file: type: - if type == "directory" then getDir "${dir}/${file}" else type + getDir = + dir: + lib.mapAttrs ( + file: type: if type == "directory" then getDir "${dir}/${file}" else type # If you want to exclude recusing on directories (untested) # if type == "directory" then null else type - ) - (builtins.readDir dir); - + ) (builtins.readDir dir); # Collects all files of a directory as a list of strings of paths - files = dir: collect isString (mapAttrsRecursive (path: type: concatStringsSep "/" path) (getDir dir)); - + files = + dir: + lib.collect lib.isString ( + lib.mapAttrsRecursive (path: type: lib.concatStringsSep "/" path) (getDir dir) + ); # Filters out directories that don't end with .nix or are this file, also makes the strings absolute - validFiles = dir: map - (file: ./. + "/${file}") - (filter - (file: hasSuffix ".nix" file + validFiles = + dir: + map (file: ./. + "/${file}") ( + lib.filter ( + file: + lib.hasSuffix ".nix" file # Exclude this file - && file != "default.nix" + && file != "default.nix" # how to exclude a path # && ! lib.hasPrefix "exclude/path/" file # how to exclude a group of files # && ! lib.hasSuffix "-ex.nix" file - ) - (files dir)); - + ) (files dir) + ); in { - imports = validFiles ./.; - -} \ No newline at end of file +} diff --git a/hosts/install-iso/install-iso.nix b/hosts/install-iso/install-iso.nix index 31e524eb..ec3632ff 100644 --- a/hosts/install-iso/install-iso.nix +++ b/hosts/install-iso/install-iso.nix @@ -1,27 +1,36 @@ -{ config, lib, pkgs, inputs, modulesPath, ... }: { - imports =[ + config, + lib, + pkgs, + inputs, + modulesPath, + ... +}: +{ + imports = [ # import users - inputs.self.nixosModules.yomaq + inputs.self.nixosModules.yomaq ]; config = { networking.hostName = "nixos-install"; users.users.root.initialPassword = "k"; - environment.systemPackages = with pkgs; [ - rsync - ]; + environment.systemPackages = with pkgs; [ rsync ]; networking.wireless.enable = lib.mkForce false; yomaq = { tailscale = { enable = true; - extraUpFlags = ["--reset=true" ]; + extraUpFlags = [ "--reset=true" ]; # attempt to write the authkey in clear text into the nix store for the install-iso as it won't have a key to decrypt the secret - authKeyFile = (pkgs.writeText "tailscaleAuthKey" (builtins.readFile config.age.secrets.tailscaleOAuthKeyAcceptSsh.path)); + authKeyFile = ( + pkgs.writeText "tailscaleAuthKey" ( + builtins.readFile config.age.secrets.tailscaleOAuthKeyAcceptSsh.path + ) + ); preApprovedSshAuthkey = true; }; - timezone.central= true; + timezone.central = true; suites = { basics.enable = true; # foundation.enable = true; @@ -31,4 +40,4 @@ # network.basics = lib.mkDefault false; }; }; -} \ No newline at end of file +} diff --git a/hosts/midnight/brew_macos.nix b/hosts/midnight/brew_macos.nix index d16528c1..00a5aaff 100644 --- a/hosts/midnight/brew_macos.nix +++ b/hosts/midnight/brew_macos.nix @@ -1,7 +1,13 @@ -{ config, lib, pkgs, ... }: { +{ + config, + lib, + pkgs, + ... +}: +{ config = { -#Some programs don't have nix packages available, so making use of Homebrew is needed, sadly there is also no way of installing home brew through nix + #Some programs don't have nix packages available, so making use of Homebrew is needed, sadly there is also no way of installing home brew through nix homebrew = { casks = [ "moonlight" @@ -13,14 +19,14 @@ "nextcloud" "brave-browser" ]; - taps = ["pulumi/tap"]; + taps = [ "pulumi/tap" ]; brews = [ "pulumi" "pulumi/tap/crd2pulumi" "pulumi/tap/kube2pulumi" - ]; + ]; }; -#User specific settings, eventually plan to create the user account itself through Nix as well + #User specific settings, eventually plan to create the user account itself through Nix as well users = { users = { carln = { diff --git a/hosts/midnight/default.nix b/hosts/midnight/default.nix index 70b578a7..da798b45 100644 --- a/hosts/midnight/default.nix +++ b/hosts/midnight/default.nix @@ -2,38 +2,37 @@ ## Import all modules inside this folder recursively. ## from: https://github.com/evanjs/nixos_cfg/blob/4bb5b0b84a221b25cf50853c12b9f66f0cad3ea4/config/new-modules/default.nix - -with lib; let # Recursively constructs an attrset of a given folder, recursing on directories, value of attrs is the filetype - getDir = dir: mapAttrs - (file: type: - if type == "directory" then getDir "${dir}/${file}" else type + getDir = + dir: + lib.mapAttrs ( + file: type: if type == "directory" then getDir "${dir}/${file}" else type # If you want to exclude recusing on directories (untested) # if type == "directory" then null else type - ) - (builtins.readDir dir); - + ) (builtins.readDir dir); # Collects all files of a directory as a list of strings of paths - files = dir: collect isString (mapAttrsRecursive (path: type: concatStringsSep "/" path) (getDir dir)); - + files = + dir: + lib.collect lib.isString ( + lib.mapAttrsRecursive (path: type: lib.concatStringsSep "/" path) (getDir dir) + ); # Filters out directories that don't end with .nix or are this file, also makes the strings absolute - validFiles = dir: map - (file: ./. + "/${file}") - (filter - (file: hasSuffix ".nix" file + validFiles = + dir: + map (file: ./. + "/${file}") ( + lib.filter ( + file: + lib.hasSuffix ".nix" file # Exclude this file - && file != "default.nix" + && file != "default.nix" # how to exclude a path # && ! lib.hasPrefix "exclude/path/" file # how to exclude a group of files # && ! lib.hasSuffix "-ex.nix" file - ) - (files dir)); - + ) (files dir) + ); in { - imports = validFiles ./.; - -} \ No newline at end of file +} diff --git a/hosts/midnight/midnight.nix b/hosts/midnight/midnight.nix index d045beaa..c7ee05eb 100644 --- a/hosts/midnight/midnight.nix +++ b/hosts/midnight/midnight.nix @@ -1,4 +1,10 @@ -{ inputs, lib, config, pkgs, ... }: +{ + inputs, + lib, + config, + pkgs, + ... +}: let hostname = "midnight"; in @@ -6,7 +12,7 @@ in imports = [ inputs.home-manager.darwinModules.home-manager inputs.self.darwinModules.yomaq - {home-manager.useUserPackages = true;} + { home-manager.useUserPackages = true; } ]; config = { @@ -24,7 +30,9 @@ in }; }; home-manager = { - extraSpecialArgs = { inherit inputs; }; + extraSpecialArgs = { + inherit inputs; + }; users = { # Import your home-manager configuration carln = import ../../users/carln/homeManager; @@ -43,6 +51,3 @@ in }; }; } - - - diff --git a/hosts/pearl/default.nix b/hosts/pearl/default.nix index 70b578a7..da798b45 100644 --- a/hosts/pearl/default.nix +++ b/hosts/pearl/default.nix @@ -2,38 +2,37 @@ ## Import all modules inside this folder recursively. ## from: https://github.com/evanjs/nixos_cfg/blob/4bb5b0b84a221b25cf50853c12b9f66f0cad3ea4/config/new-modules/default.nix - -with lib; let # Recursively constructs an attrset of a given folder, recursing on directories, value of attrs is the filetype - getDir = dir: mapAttrs - (file: type: - if type == "directory" then getDir "${dir}/${file}" else type + getDir = + dir: + lib.mapAttrs ( + file: type: if type == "directory" then getDir "${dir}/${file}" else type # If you want to exclude recusing on directories (untested) # if type == "directory" then null else type - ) - (builtins.readDir dir); - + ) (builtins.readDir dir); # Collects all files of a directory as a list of strings of paths - files = dir: collect isString (mapAttrsRecursive (path: type: concatStringsSep "/" path) (getDir dir)); - + files = + dir: + lib.collect lib.isString ( + lib.mapAttrsRecursive (path: type: lib.concatStringsSep "/" path) (getDir dir) + ); # Filters out directories that don't end with .nix or are this file, also makes the strings absolute - validFiles = dir: map - (file: ./. + "/${file}") - (filter - (file: hasSuffix ".nix" file + validFiles = + dir: + map (file: ./. + "/${file}") ( + lib.filter ( + file: + lib.hasSuffix ".nix" file # Exclude this file - && file != "default.nix" + && file != "default.nix" # how to exclude a path # && ! lib.hasPrefix "exclude/path/" file # how to exclude a group of files # && ! lib.hasSuffix "-ex.nix" file - ) - (files dir)); - + ) (files dir) + ); in { - imports = validFiles ./.; - -} \ No newline at end of file +} diff --git a/hosts/pearl/pearl.nix b/hosts/pearl/pearl.nix index 9c2611c2..70c247b3 100644 --- a/hosts/pearl/pearl.nix +++ b/hosts/pearl/pearl.nix @@ -1,6 +1,13 @@ -{ config, lib, pkgs, inputs, modulesPath, ... }: { - imports =[ + config, + lib, + pkgs, + inputs, + modulesPath, + ... +}: +{ + imports = [ # import custom modules inputs.self.nixosModules.yomaq # import users @@ -13,13 +20,25 @@ config = { networking.hostName = "pearl"; system.stateVersion = "23.11"; - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" "ufshcd-pci"]; + boot.initrd.availableKernelModules = [ + "xhci_pci" + "ahci" + "usbhid" + "usb_storage" + "sd_mod" + "sdhci_pci" + "ufshcd-pci" + ]; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; yomaq = { tailscale = { enable = true; - extraUpFlags = ["--ssh=true" "--reset=true" "--accept-dns=false" ]; + extraUpFlags = [ + "--ssh=true" + "--reset=true" + "--accept-dns=false" + ]; useRoutingFeatures = "client"; authKeyFile = null; }; @@ -27,7 +46,7 @@ autoUpgrade.enable = true; primaryUser.users = [ "admin" ]; - timezone.central= true; + timezone.central = true; syncoid.enable = true; suites = { basics.enable = true; diff --git a/hosts/smalt/default.nix b/hosts/smalt/default.nix index 70b578a7..da798b45 100644 --- a/hosts/smalt/default.nix +++ b/hosts/smalt/default.nix @@ -2,38 +2,37 @@ ## Import all modules inside this folder recursively. ## from: https://github.com/evanjs/nixos_cfg/blob/4bb5b0b84a221b25cf50853c12b9f66f0cad3ea4/config/new-modules/default.nix - -with lib; let # Recursively constructs an attrset of a given folder, recursing on directories, value of attrs is the filetype - getDir = dir: mapAttrs - (file: type: - if type == "directory" then getDir "${dir}/${file}" else type + getDir = + dir: + lib.mapAttrs ( + file: type: if type == "directory" then getDir "${dir}/${file}" else type # If you want to exclude recusing on directories (untested) # if type == "directory" then null else type - ) - (builtins.readDir dir); - + ) (builtins.readDir dir); # Collects all files of a directory as a list of strings of paths - files = dir: collect isString (mapAttrsRecursive (path: type: concatStringsSep "/" path) (getDir dir)); - + files = + dir: + lib.collect lib.isString ( + lib.mapAttrsRecursive (path: type: lib.concatStringsSep "/" path) (getDir dir) + ); # Filters out directories that don't end with .nix or are this file, also makes the strings absolute - validFiles = dir: map - (file: ./. + "/${file}") - (filter - (file: hasSuffix ".nix" file + validFiles = + dir: + map (file: ./. + "/${file}") ( + lib.filter ( + file: + lib.hasSuffix ".nix" file # Exclude this file - && file != "default.nix" + && file != "default.nix" # how to exclude a path # && ! lib.hasPrefix "exclude/path/" file # how to exclude a group of files # && ! lib.hasSuffix "-ex.nix" file - ) - (files dir)); - + ) (files dir) + ); in { - imports = validFiles ./.; - -} \ No newline at end of file +} diff --git a/hosts/smalt/smalt.nix b/hosts/smalt/smalt.nix index 62fe0c23..5aa97668 100644 --- a/hosts/smalt/smalt.nix +++ b/hosts/smalt/smalt.nix @@ -1,6 +1,13 @@ -{ config, lib, pkgs, inputs, modulesPath, ... }: { - imports =[ + config, + lib, + pkgs, + inputs, + modulesPath, + ... +}: +{ + imports = [ # import custom modules inputs.self.nixosModules.yomaq inputs.self.nixosModules.pods @@ -15,18 +22,28 @@ config = { networking.hostName = "smalt"; system.stateVersion = "23.11"; - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.availableKernelModules = [ + "nvme" + "xhci_pci" + "ahci" + "usbhid" + "usb_storage" + "sd_mod" + ]; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.enableRedistributableFirmware = lib.mkDefault true; - + yomaq = { autoUpgrade.enable = true; primaryUser.users = [ "admin" ]; tailscale = { enable = true; - extraUpFlags = ["--ssh=true" "--reset=true"]; + extraUpFlags = [ + "--ssh=true" + "--reset=true" + ]; }; - timezone.central= true; + timezone.central = true; syncoid.enable = true; suites = { basics.enable = true; @@ -46,7 +63,7 @@ systemd-boot = true; initrd-ssh = { enable = true; - ethernetDrivers = ["igc"]; + ethernetDrivers = [ "igc" ]; }; zfs = { enable = true; diff --git a/hosts/teal/default.nix b/hosts/teal/default.nix index 70b578a7..da798b45 100644 --- a/hosts/teal/default.nix +++ b/hosts/teal/default.nix @@ -2,38 +2,37 @@ ## Import all modules inside this folder recursively. ## from: https://github.com/evanjs/nixos_cfg/blob/4bb5b0b84a221b25cf50853c12b9f66f0cad3ea4/config/new-modules/default.nix - -with lib; let # Recursively constructs an attrset of a given folder, recursing on directories, value of attrs is the filetype - getDir = dir: mapAttrs - (file: type: - if type == "directory" then getDir "${dir}/${file}" else type + getDir = + dir: + lib.mapAttrs ( + file: type: if type == "directory" then getDir "${dir}/${file}" else type # If you want to exclude recusing on directories (untested) # if type == "directory" then null else type - ) - (builtins.readDir dir); - + ) (builtins.readDir dir); # Collects all files of a directory as a list of strings of paths - files = dir: collect isString (mapAttrsRecursive (path: type: concatStringsSep "/" path) (getDir dir)); - + files = + dir: + lib.collect lib.isString ( + lib.mapAttrsRecursive (path: type: lib.concatStringsSep "/" path) (getDir dir) + ); # Filters out directories that don't end with .nix or are this file, also makes the strings absolute - validFiles = dir: map - (file: ./. + "/${file}") - (filter - (file: hasSuffix ".nix" file + validFiles = + dir: + map (file: ./. + "/${file}") ( + lib.filter ( + file: + lib.hasSuffix ".nix" file # Exclude this file - && file != "default.nix" + && file != "default.nix" # how to exclude a path # && ! lib.hasPrefix "exclude/path/" file # how to exclude a group of files # && ! lib.hasSuffix "-ex.nix" file - ) - (files dir)); - + ) (files dir) + ); in { - imports = validFiles ./.; - -} \ No newline at end of file +} diff --git a/hosts/teal/teal.nix b/hosts/teal/teal.nix index 09e83b2d..a5ef0e4a 100644 --- a/hosts/teal/teal.nix +++ b/hosts/teal/teal.nix @@ -1,6 +1,13 @@ -{ config, lib, pkgs, inputs, modulesPath, ... }: { - imports =[ + config, + lib, + pkgs, + inputs, + modulesPath, + ... +}: +{ + imports = [ # import custom modules inputs.self.nixosModules.yomaq inputs.self.nixosModules.pods @@ -14,22 +21,35 @@ config = { networking.hostName = "teal"; system.stateVersion = "23.11"; - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.availableKernelModules = [ + "nvme" + "xhci_pci" + "ahci" + "usbhid" + "usb_storage" + "sd_mod" + ]; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; yomaq = { autoUpgrade.enable = true; - primaryUser.users = [ "carln" "admin" ]; + primaryUser.users = [ + "carln" + "admin" + ]; tailscale = { enable = true; - extraUpFlags = ["--ssh=true" "--reset=true"]; + extraUpFlags = [ + "--ssh=true" + "--reset=true" + ]; useRoutingFeatures = "server"; }; - network = { + network = { useBr0 = true; physicalInterfaceName = "eno2"; }; - timezone.central= true; + timezone.central = true; syncoid.enable = true; suites = { basics.enable = true; @@ -45,7 +65,7 @@ systemd-boot = true; initrd-ssh = { enable = true; - ethernetDrivers = ["e1000e"]; + ethernetDrivers = [ "e1000e" ]; }; zfs = { enable = true; diff --git a/modules/containers/default.nix b/modules/containers/default.nix index 44109875..da798b45 100644 --- a/modules/containers/default.nix +++ b/modules/containers/default.nix @@ -2,34 +2,37 @@ ## Import all modules inside this folder recursively. ## from: https://github.com/evanjs/nixos_cfg/blob/4bb5b0b84a221b25cf50853c12b9f66f0cad3ea4/config/new-modules/default.nix - -with lib; let # Recursively constructs an attrset of a given folder, recursing on directories, value of attrs is the filetype - getDir = dir: mapAttrs - (file: type: - if type == "directory" then getDir "${dir}/${file}" else type + getDir = + dir: + lib.mapAttrs ( + file: type: if type == "directory" then getDir "${dir}/${file}" else type # If you want to exclude recusing on directories (untested) # if type == "directory" then null else type - ) - (builtins.readDir dir); - + ) (builtins.readDir dir); # Collects all files of a directory as a list of strings of paths - files = dir: collect isString (mapAttrsRecursive (path: type: concatStringsSep "/" path) (getDir dir)); - + files = + dir: + lib.collect lib.isString ( + lib.mapAttrsRecursive (path: type: lib.concatStringsSep "/" path) (getDir dir) + ); # Filters out directories that don't end with .nix or are this file, also makes the strings absolute - validFiles = dir: map - (file: ./. + "/${file}") - (filter - (file: hasSuffix ".nix" file + validFiles = + dir: + map (file: ./. + "/${file}") ( + lib.filter ( + file: + lib.hasSuffix ".nix" file # Exclude this file && file != "default.nix" - ) - (files dir)); - + # how to exclude a path + # && ! lib.hasPrefix "exclude/path/" file + # how to exclude a group of files + # && ! lib.hasSuffix "-ex.nix" file + ) (files dir) + ); in { - imports = validFiles ./.; - -} \ No newline at end of file +} diff --git a/modules/containers/docker.nix b/modules/containers/docker.nix index f3e10c1f..75d60e62 100644 --- a/modules/containers/docker.nix +++ b/modules/containers/docker.nix @@ -1,19 +1,24 @@ -{ pkgs, config, lib, inputs, ... }: -with lib; - +{ + pkgs, + config, + lib, + inputs, + ... +}: let cfg = config.yomaq.docker; -in { +in +{ options.yomaq.docker = { - enable = mkOption { + enable = lib.mkOption { description = "Enable docker"; - type = types.bool; + type = lib.types.bool; default = false; }; }; - config = mkIf (cfg.enable) { + config = lib.mkIf (cfg.enable) { virtualisation.oci-containers.backend = "docker"; virtualisation = { docker = { @@ -27,11 +32,9 @@ in { }; }; environment.persistence."${config.yomaq.impermanence.dontBackup}" = { - directories = [ - "/var/lib/containers/storage" - ]; + directories = [ "/var/lib/containers/storage" ]; }; - users= { + users = { users.docker = { isNormalUser = true; uid = 4000; @@ -42,4 +45,4 @@ in { }; }; }; -} \ No newline at end of file +} diff --git a/modules/containers/dufs.nix b/modules/containers/dufs.nix index 0c3f7d69..0fa06b4c 100644 --- a/modules/containers/dufs.nix +++ b/modules/containers/dufs.nix @@ -1,6 +1,11 @@ -{ options, config, lib, pkgs, inputs, ... }: - -with lib; +{ + options, + config, + lib, + pkgs, + inputs, + ... +}: let ### Set container name and image NAME = "dufs"; @@ -10,26 +15,25 @@ let inherit (config.networking) hostName; inherit (config.yomaq.impermanence) backup; inherit (config.yomaq.tailscale) tailnetName; - in { options.yomaq.pods.${NAME} = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' enable custom ${NAME} container module ''; }; - volumeLocation = mkOption { - type = types.str; + volumeLocation = lib.mkOption { + type = lib.types.str; default = "${backup}/containers/${NAME}"; description = '' path to store container volumes ''; }; - imageVersion = mkOption { - type = types.str; + imageVersion = lib.mkOption { + type = lib.types.str; default = "latest"; description = '' container image version @@ -37,55 +41,59 @@ in }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { - systemd.tmpfiles.rules = ["d ${cfg.volumeLocation}/data 0755 4000 4000"]; + systemd.tmpfiles.rules = [ "d ${cfg.volumeLocation}/data 0755 4000 4000" ]; virtualisation.oci-containers.containers = { "${NAME}" = { image = "${IMAGE}:${cfg.imageVersion}"; autoStart = true; - volumes = [ - "${cfg.volumeLocation}/data:/data" - ]; + volumes = [ "${cfg.volumeLocation}/data:/data" ]; extraOptions = [ "--pull=always" "--network=container:TS${NAME}" ]; user = "4000:4000"; - cmd = ["/data" "--allow-upload"]; + cmd = [ + "/data" + "--allow-upload" + ]; }; }; yomaq.pods.tailscaled."TS${NAME}" = { - TSserve = {"/" = "http://127.0.0.1:5000";}; - tags = ["tag:generichttps"]; - }; - - yomaq.homepage.groups.services.services = [{ - "${NAME}" = { - icon = "si-files"; - href = "https://${hostName}-${NAME}.${tailnetName}.ts.net"; - siteMonitor = "https://${hostName}-${NAME}.${tailnetName}.ts.net"; + TSserve = { + "/" = "http://127.0.0.1:5000"; }; - }]; + tags = [ "tag:generichttps" ]; + }; - yomaq.gatus.endpoints = [{ - name = "${hostName}-${NAME}"; - group = "webapps"; - url = "https://${hostName}-${NAME}.${tailnetName}.ts.net/"; - interval = "5m"; - conditions = [ - "[STATUS] == 200" - ]; - alerts = [ - { - type = "ntfy"; - failureThreshold = 3; - description = "healthcheck failed"; - } - ]; - }]; + yomaq.homepage.groups.services.services = [ + { + "${NAME}" = { + icon = "si-files"; + href = "https://${hostName}-${NAME}.${tailnetName}.ts.net"; + siteMonitor = "https://${hostName}-${NAME}.${tailnetName}.ts.net"; + }; + } + ]; + yomaq.gatus.endpoints = [ + { + name = "${hostName}-${NAME}"; + group = "webapps"; + url = "https://${hostName}-${NAME}.${tailnetName}.ts.net/"; + interval = "5m"; + conditions = [ "[STATUS] == 200" ]; + alerts = [ + { + type = "ntfy"; + failureThreshold = 3; + description = "healthcheck failed"; + } + ]; + } + ]; }; -} \ No newline at end of file +} diff --git a/modules/containers/linkwarden.nix b/modules/containers/linkwarden.nix index a91d326e..e2d45f57 100644 --- a/modules/containers/linkwarden.nix +++ b/modules/containers/linkwarden.nix @@ -1,14 +1,17 @@ - -{ options, config, lib, pkgs, inputs, ... }: - -with lib; +{ + options, + config, + lib, + pkgs, + inputs, + ... +}: let ### Set container name and image NAME = "linkwarden"; IMAGE = "ghcr.io/linkwarden/linkwarden"; dbIMAGE = "docker.io/postgres"; - cfg = config.yomaq.pods.${NAME}; inherit (config.networking) hostName; inherit (config.yomaq.impermanence) backup; @@ -17,52 +20,52 @@ let in { options.yomaq.pods.${NAME} = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' enable custom ${NAME} container module ''; }; - agenixSecret = mkOption { - type = types.path; + agenixSecret = lib.mkOption { + type = lib.types.path; default = (inputs.self + /secrets/${NAME}EnvFile.age); description = '' path to agenix secret file ''; }; - volumeLocation = mkOption { - type = types.str; + volumeLocation = lib.mkOption { + type = lib.types.str; default = "${backup}/containers/${NAME}"; description = '' path to store container volumes ''; }; - imageVersion = mkOption { - type = types.str; + imageVersion = lib.mkOption { + type = lib.types.str; default = "latest"; description = '' container image version ''; }; -### database container + ### database container database = { - agenixSecret = mkOption { - type = types.path; + agenixSecret = lib.mkOption { + type = lib.types.path; default = (inputs.self + /secrets/${NAME}DBEnvFile.age); description = '' path to agenix secret file ''; }; - volumeLocation = mkOption { - type = types.str; + volumeLocation = lib.mkOption { + type = lib.types.str; default = "${backup}/containers/${NAME}"; description = '' path to store container volumes ''; }; - imageVersion = mkOption { - type = types.str; + imageVersion = lib.mkOption { + type = lib.types.str; default = "16-alpine"; description = '' container image version @@ -71,7 +74,7 @@ in }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { ### agenix secrets for container age.secrets."${NAME}EnvFile".file = cfg.agenixSecret; age.secrets."${NAME}DBEnvFile".file = cfg.database.agenixSecret; @@ -83,7 +86,7 @@ in "d ${cfg.database.volumeLocation}/db 0755 root root" ]; virtualisation.oci-containers.containers = { -### DB container + ### DB container "DB${NAME}" = { image = "${dbIMAGE}:${cfg.database.imageVersion}"; autoStart = true; @@ -92,17 +95,15 @@ in # }; environmentFiles = [ config.age.secrets."${NAME}DBEnvFile".path - # POSTGRES_PASSWORD=password #insert your secure database password! - ]; - volumes = [ - "${cfg.database.volumeLocation}/db:/var/lib/postgresql/data" + # POSTGRES_PASSWORD=password #insert your secure database password! ]; + volumes = [ "${cfg.database.volumeLocation}/db:/var/lib/postgresql/data" ]; extraOptions = [ "--pull=always" "--network=container:TS${NAME}" ]; }; -### main container + ### main container "${NAME}" = { image = "${IMAGE}:${cfg.imageVersion}"; autoStart = true; @@ -112,14 +113,12 @@ in # "NEXTAUTH_URL" = "http://localhost:3000/api/v1/auth"; # }; environmentFiles = [ - config.age.secrets."${NAME}EnvFile".path - # DATABASE_URL=postgresql://postgres:${POSTGRES_PASSWORD}@127.0.0.1:5432/postgres - # NEXTAUTH_SECRET=very_sensitive_secret - # NEXTAUTH_URL=http://localhost:3000/api/v1/auth - ]; - volumes = [ - "${cfg.volumeLocation}/data:/data/data" + config.age.secrets."${NAME}EnvFile".path + # DATABASE_URL=postgresql://postgres:${POSTGRES_PASSWORD}@127.0.0.1:5432/postgres + # NEXTAUTH_SECRET=very_sensitive_secret + # NEXTAUTH_URL=http://localhost:3000/api/v1/auth ]; + volumes = [ "${cfg.volumeLocation}/data:/data/data" ]; extraOptions = [ "--pull=always" "--network=container:TS${NAME}" @@ -130,32 +129,33 @@ in TSserve = { "/" = "http://127.0.0.1:3000"; }; - tags = ["tag:generichttps"]; + tags = [ "tag:generichttps" ]; }; - yomaq.homepage.groups.services.services = [{ - "${NAME}" = { - icon = "mdi-bookmark-box"; - href = "https://${hostName}-${NAME}.${tailnetName}.ts.net"; - siteMonitor = "https://${hostName}-${NAME}.${tailnetName}.ts.net"; - }; - }]; - - yomaq.gatus.endpoints = [{ - name = "${hostName}-${NAME}"; - group = "webapps"; - url = "https://${hostName}-${NAME}.${tailnetName}.ts.net/"; - interval = "5m"; - conditions = [ - "[STATUS] == 200" - ]; - alerts = [ - { - type = "ntfy"; - failureThreshold = 3; - description = "healthcheck failed"; - } - ]; - }]; + yomaq.homepage.groups.services.services = [ + { + "${NAME}" = { + icon = "mdi-bookmark-box"; + href = "https://${hostName}-${NAME}.${tailnetName}.ts.net"; + siteMonitor = "https://${hostName}-${NAME}.${tailnetName}.ts.net"; + }; + } + ]; + yomaq.gatus.endpoints = [ + { + name = "${hostName}-${NAME}"; + group = "webapps"; + url = "https://${hostName}-${NAME}.${tailnetName}.ts.net/"; + interval = "5m"; + conditions = [ "[STATUS] == 200" ]; + alerts = [ + { + type = "ntfy"; + failureThreshold = 3; + description = "healthcheck failed"; + } + ]; + } + ]; }; } diff --git a/modules/containers/minecraft-bedrock-submodule.nix b/modules/containers/minecraft-bedrock-submodule.nix index 49a21b90..6c1cda3b 100644 --- a/modules/containers/minecraft-bedrock-submodule.nix +++ b/modules/containers/minecraft-bedrock-submodule.nix @@ -1,6 +1,11 @@ -{ options, config, lib, pkgs, inputs, ... }: - -with lib; +{ + options, + config, + lib, + pkgs, + inputs, + ... +}: let ### Set container name and image NAME = "minecraftBedrock"; @@ -11,81 +16,80 @@ let inherit (config.yomaq.impermanence) backup; inherit (config.yomaq.tailscale) tailnetName; - - containerOpts = { name, config, ... }: - let - startsWith = substring 0 9 name == "minecraft"; - shortName = if startsWith then substring 9 (-1) name else name; - in - { - options = { - enable = mkOption { - type = types.bool; - default = false; - description = '' - enable custom ${NAME} container module - ''; - }; - volumeLocation = mkOption { - type = types.str; - default = "${backup}/containers/minecraft/bedrock/${name}"; - description = '' - path to store container volumes - ''; - }; - imageVersion = mkOption { - type = types.str; - default = "latest"; - description = '' - container image version - ''; - }; - serverName = mkOption { - type = types.str; - default = "${shortName}"; - description = '' - serverName - ''; - }; - envVariables = mkOption { - type = types.attrsOf types.str; - default = { - "EULA" = "TRUE"; - "gamemode" = "survival"; - "difficulty" = "hard"; - "allow-cheats" = "true"; - "max-players" = "10"; - "view-distance" = "50"; - "tick-distance" = "4"; - "TEXTUREPACK_REQUIRED" = "true"; + containerOpts = + { name, config, ... }: + let + startsWith = lib.substring 0 9 name == "minecraft"; + shortName = if startsWith then lib.substring 9 (-1) name else name; + in + { + options = { + enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + enable custom ${NAME} container module + ''; + }; + volumeLocation = lib.mkOption { + type = lib.types.str; + default = "${backup}/containers/minecraft/bedrock/${name}"; + description = '' + path to store container volumes + ''; + }; + imageVersion = lib.mkOption { + type = lib.types.str; + default = "latest"; + description = '' + container image version + ''; + }; + serverName = lib.mkOption { + type = lib.types.str; + default = "${shortName}"; + description = '' + serverName + ''; + }; + envVariables = lib.mkOption { + type = lib.types.attrsOf lib.types.str; + default = { + "EULA" = "TRUE"; + "gamemode" = "survival"; + "difficulty" = "hard"; + "allow-cheats" = "true"; + "max-players" = "10"; + "view-distance" = "50"; + "tick-distance" = "4"; + "TEXTUREPACK_REQUIRED" = "true"; + }; + description = '' + set custom environment variables for the bedrock container + ''; }; - description = '' - set custom environment variables for the bedrock container - ''; }; }; - }; mkContainer = name: cfg: { image = "${IMAGE}:${cfg.imageVersion}"; autoStart = true; environment = lib.mkMerge [ - cfg.envVariables - { "SERVER_NAME" = "${cfg.serverName}"; } + cfg.envVariables + { "SERVER_NAME" = "${cfg.serverName}"; } ]; - volumes = ["${cfg.volumeLocation}/data:/data"]; + volumes = [ "${cfg.volumeLocation}/data:/data" ]; extraOptions = [ "--pull=always" "--network=container:TS${name}" ]; user = "4000:4000"; }; - mkTmpfilesRules = name: cfg: [ - "d ${cfg.volumeLocation}/data 0755 4000 4000" - ]; - containersList = attrNames cfg; + mkTmpfilesRules = name: cfg: [ "d ${cfg.volumeLocation}/data 0755 4000 4000" ]; + containersList = lib.attrNames cfg; renameTScontainers = map (a: "TS" + a) containersList; - homepageServices = name: [{ + homepageServices = name: [ + { "${name}" = { icon = "si-minecraft"; href = "https://${hostName}-${name}.${tailnetName}.ts.net"; @@ -93,28 +97,37 @@ let type = "gamedig"; serverType = "minecraftbe"; url = "udp://${hostName}-${name}.${tailnetName}.ts.net:19132"; - fields = [ "status" "players" "ping" ]; + fields = [ + "status" + "players" + "ping" + ]; }; - }; - }]; + }; + } + ]; in { options.yomaq.pods = { - minecraftBedrock = mkOption { - default = {}; - type = with types; attrsOf (submodule containerOpts); - example = {}; + minecraftBedrock = lib.mkOption { + default = { }; + type = with lib.types; attrsOf (submodule containerOpts); + example = { }; description = lib.mdDoc '' Minecraft Bedrock Server ''; }; }; - config = mkIf (cfg != {}) { - yomaq.pods.tailscaled = lib.genAttrs renameTScontainers (container: { tags = ["tag:minecraft"]; }); - systemd.tmpfiles.rules = lib.flatten ( lib.mapAttrsToList (name: cfg: mkTmpfilesRules name cfg) config.yomaq.pods.minecraftBedrock); + config = lib.mkIf (cfg != { }) { + yomaq.pods.tailscaled = lib.genAttrs renameTScontainers (container: { + tags = [ "tag:minecraft" ]; + }); + systemd.tmpfiles.rules = lib.flatten ( + lib.mapAttrsToList (name: cfg: mkTmpfilesRules name cfg) config.yomaq.pods.minecraftBedrock + ); virtualisation.oci-containers.containers = lib.mapAttrs mkContainer config.yomaq.pods.minecraftBedrock; # yomaq.homepage.widgets = lib.flatten (map homepageWidgets containersList); - yomaq.homepage.services = [{minecraft = lib.flatten (map homepageServices containersList);}]; + yomaq.homepage.services = [ { minecraft = lib.flatten (map homepageServices containersList); } ]; yomaq.homepage.settings.layout.minecraft.tab = "Services"; }; -} \ No newline at end of file +} diff --git a/modules/containers/nixos-containers/code-server/nixos.nix b/modules/containers/nixos-containers/code-server/nixos.nix index 278d15f5..f4315a63 100644 --- a/modules/containers/nixos-containers/code-server/nixos.nix +++ b/modules/containers/nixos-containers/code-server/nixos.nix @@ -1,13 +1,15 @@ - ## currently "pkgs.vscode-with-extensions.override" does not appear to be working right now. - - -{ config, lib, pkgs, inputs, modulesPath, ... }: +{ + config, + lib, + pkgs, + inputs, + modulesPath, + ... +}: let - NAME = "code-server"; - cfg = config.yomaq.nixos-containers."${NAME}"; inherit (config.networking) hostName; @@ -28,14 +30,15 @@ in "d ${dontBackup}/nixos-containers/${NAME}/admin 0755 admin" ]; - - yomaq.homepage.groups.services.services = [{ - "Code Server" = { - icon = "si-visualstudiocode"; - href = "https://${hostName}-${NAME}.${tailnetName}.ts.net/"; - siteMonitor = "https://${hostName}-${NAME}.${tailnetName}.ts.net/"; - }; - }]; + yomaq.homepage.groups.services.services = [ + { + "Code Server" = { + icon = "si-visualstudiocode"; + href = "https://${hostName}-${NAME}.${tailnetName}.ts.net/"; + siteMonitor = "https://${hostName}-${NAME}.${tailnetName}.ts.net/"; + }; + } + ]; #will still need to set the network device name manually yomaq.network.useBr0 = true; @@ -44,27 +47,29 @@ in autoStart = true; privateNetwork = true; hostBridge = "br0"; # Specify the bridge name - specialArgs = { inherit inputs; }; - bindMounts = { - "/etc/ssh/${hostName}" = { + specialArgs = { + inherit inputs; + }; + bindMounts = { + "/etc/ssh/${hostName}" = { hostPath = "/etc/ssh/${hostName}"; - isReadOnly = true; + isReadOnly = true; }; "/var/lib/tailscale/" = { hostPath = "${dontBackup}/nixos-containers/${NAME}/tailscale"; - isReadOnly = false; + isReadOnly = false; }; "${dontBackup}/nixos-containers/${NAME}/userdata" = { hostPath = "${dontBackup}/nixos-containers/${NAME}/userdata"; - isReadOnly = false; + isReadOnly = false; }; "${dontBackup}/nixos-containers/${NAME}/extensions" = { hostPath = "${dontBackup}/nixos-containers/${NAME}/extensions"; - isReadOnly = false; + isReadOnly = false; }; "/home/admin" = { hostPath = "${dontBackup}/nixos-containers/${NAME}/admin"; - isReadOnly = false; + isReadOnly = false; }; }; enableTun = true; @@ -73,21 +78,24 @@ in imports = [ inputs.self.nixosModules.yomaq (inputs.self + /users/admin) - ]; + ]; system.stateVersion = stateVersion; - age.identityPaths = ["/etc/ssh/${hostName}"]; + age.identityPaths = [ "/etc/ssh/${hostName}" ]; yomaq = { suites = { container.enable = true; - }; + }; tailscale = { enable = true; - extraUpFlags = ["--ssh=true" "--reset=true"]; + extraUpFlags = [ + "--ssh=true" + "--reset=true" + ]; }; }; - environment.persistence."${dontBackup}".users.admin = lib.mkForce {}; + environment.persistence."${dontBackup}".users.admin = lib.mkForce { }; services.code-server = { enable = true; @@ -118,8 +126,7 @@ in reverse_proxy 127.0.0.1:3000 ''; }; - }; }; }; -} \ No newline at end of file +} diff --git a/modules/containers/nixos-containers/gatus/nixos.nix b/modules/containers/nixos-containers/gatus/nixos.nix index 8e511282..b5a7a85d 100644 --- a/modules/containers/nixos-containers/gatus/nixos.nix +++ b/modules/containers/nixos-containers/gatus/nixos.nix @@ -1,8 +1,13 @@ -{ config, lib, pkgs, inputs, modulesPath, ... }: +{ + config, + lib, + pkgs, + inputs, + modulesPath, + ... +}: let - NAME = "gatus"; - cfg = config.yomaq.nixos-containers."${NAME}"; inherit (config.networking) hostName; @@ -21,13 +26,15 @@ in "d ${dontBackup}/nixos-containers/${NAME}/tailscale" ]; - yomaq.homepage.groups.services.services = [{ - "${NAME}" = { - icon = "mdi-list-status"; - href = "https://${hostName}-${NAME}.${tailnetName}.ts.net/"; - siteMonitor = "https://${hostName}-${NAME}.${tailnetName}.ts.net/"; - }; - }]; + yomaq.homepage.groups.services.services = [ + { + "${NAME}" = { + icon = "mdi-list-status"; + href = "https://${hostName}-${NAME}.${tailnetName}.ts.net/"; + siteMonitor = "https://${hostName}-${NAME}.${tailnetName}.ts.net/"; + }; + } + ]; #will still need to set the network device name manually yomaq.network.useBr0 = true; @@ -36,19 +43,21 @@ in autoStart = true; privateNetwork = true; hostBridge = "br0"; # Specify the bridge name - specialArgs = { inherit inputs; }; - bindMounts = { - "/etc/ssh/${hostName}" = { + specialArgs = { + inherit inputs; + }; + bindMounts = { + "/etc/ssh/${hostName}" = { hostPath = "/etc/ssh/${hostName}"; - isReadOnly = true; + isReadOnly = true; }; "/var/lib/tailscale/" = { hostPath = "${dontBackup}/nixos-containers/${NAME}/tailscale"; - isReadOnly = false; + isReadOnly = false; }; "/var/lib/gatus/data" = { hostPath = "${backup}/nixos-containers/${NAME}/data"; - isReadOnly = false; + isReadOnly = false; }; }; enableTun = true; @@ -59,49 +68,50 @@ in (inputs.self + /users/admin) ]; system.stateVersion = stateVersion; - age.identityPaths = ["/etc/ssh/${hostName}"]; + age.identityPaths = [ "/etc/ssh/${hostName}" ]; yomaq = { suites = { container.enable = true; - }; + }; tailscale = { enable = true; - extraUpFlags = ["--ssh=true" "--reset=true"]; + extraUpFlags = [ + "--ssh=true" + "--reset=true" + ]; }; }; - environment.persistence."${dontBackup}".users.admin = lib.mkForce {}; + environment.persistence."${dontBackup}".users.admin = lib.mkForce { }; - systemd.tmpfiles.rules = [ - "d /var/lib/gatus/data 0755 gatus" - ]; + systemd.tmpfiles.rules = [ "d /var/lib/gatus/data 0755 gatus" ]; yomaq.gatus.enable = true; services.gatus = { enable = true; - settings ={ + settings = { web.port = 8080; storage = { type = "sqlite"; path = "/var/lib/gatus/data/data.db"; }; - endpoints = [{ - name = "gatus"; - group = "webapps"; - url = "https://${hostName}-${NAME}.${tailnetName}.ts.net"; - interval = "5m"; - conditions = [ - "[CONNECTED] == true" - ]; - # alerts = [ - # { - # type = "ntfy"; - # failureThreshold = 3; - # description = "default check"; - # } - # ]; - }]; + endpoints = [ + { + name = "gatus"; + group = "webapps"; + url = "https://${hostName}-${NAME}.${tailnetName}.ts.net"; + interval = "5m"; + conditions = [ "[CONNECTED] == true" ]; + # alerts = [ + # { + # type = "ntfy"; + # failureThreshold = 3; + # description = "default check"; + # } + # ]; + } + ]; alerting = { ntfy = { url = "${config.yomaq.ntfy.ntfyUrl}"; @@ -145,4 +155,4 @@ in }; }; }; -} \ No newline at end of file +} diff --git a/modules/containers/nixos-containers/healthchecks/nixos.nix b/modules/containers/nixos-containers/healthchecks/nixos.nix index 6d122438..8b5bf654 100644 --- a/modules/containers/nixos-containers/healthchecks/nixos.nix +++ b/modules/containers/nixos-containers/healthchecks/nixos.nix @@ -1,8 +1,13 @@ -{ config, lib, pkgs, inputs, modulesPath, ... }: +{ + config, + lib, + pkgs, + inputs, + modulesPath, + ... +}: let - NAME = "healthchecks"; - cfg = config.yomaq.nixos-containers."${NAME}"; inherit (config.networking) hostName; @@ -16,38 +21,39 @@ in config = lib.mkIf cfg.enable { - age.secrets.healthchecks.file = ( inputs.self + /secrets/healthchecks.age); - + age.secrets.healthchecks.file = (inputs.self + /secrets/healthchecks.age); systemd.tmpfiles.rules = [ "d ${dontBackup}/nixos-containers/${NAME}/tailscale" "d ${backup}/nixos-containers/${NAME}/data 0755 admin" ]; - yomaq.homepage.groups.services.services = [{ - "${NAME}" = { - icon = "mdi-bell-badge"; - href = "https://${hostName}-${NAME}.${tailnetName}.ts.net/"; - siteMonitor = "https://${hostName}-${NAME}.${tailnetName}.ts.net/"; - }; - }]; + yomaq.homepage.groups.services.services = [ + { + "${NAME}" = { + icon = "mdi-bell-badge"; + href = "https://${hostName}-${NAME}.${tailnetName}.ts.net/"; + siteMonitor = "https://${hostName}-${NAME}.${tailnetName}.ts.net/"; + }; + } + ]; - yomaq.gatus.endpoints = [{ - name = "${hostName}-${NAME}"; - group = "webapps"; - url = "https://${hostName}-${NAME}.${tailnetName}.ts.net/"; - interval = "5m"; - conditions = [ - "[STATUS] == 200" - ]; - alerts = [ - { - type = "ntfy"; - failureThreshold = 3; - description = "healthcheck failed"; - } - ]; - }]; + yomaq.gatus.endpoints = [ + { + name = "${hostName}-${NAME}"; + group = "webapps"; + url = "https://${hostName}-${NAME}.${tailnetName}.ts.net/"; + interval = "5m"; + conditions = [ "[STATUS] == 200" ]; + alerts = [ + { + type = "ntfy"; + failureThreshold = 3; + description = "healthcheck failed"; + } + ]; + } + ]; #will still need to set the network device name manually yomaq.network.useBr0 = true; @@ -56,19 +62,21 @@ in autoStart = true; privateNetwork = true; hostBridge = "br0"; # Specify the bridge name - specialArgs = { inherit inputs; }; - bindMounts = { - "/etc/ssh/${hostName}" = { + specialArgs = { + inherit inputs; + }; + bindMounts = { + "/etc/ssh/${hostName}" = { hostPath = "/etc/ssh/${hostName}"; - isReadOnly = true; + isReadOnly = true; }; "/var/lib/tailscale/" = { hostPath = "${dontBackup}/nixos-containers/${NAME}/tailscale"; - isReadOnly = false; + isReadOnly = false; }; "/var/lib/healthchecks/" = { hostPath = "${backup}/nixos-containers/${NAME}/data"; - isReadOnly = false; + isReadOnly = false; }; }; enableTun = true; @@ -79,25 +87,28 @@ in (inputs.self + /users/admin) ]; system.stateVersion = stateVersion; - age.identityPaths = ["/etc/ssh/${hostName}"]; + age.identityPaths = [ "/etc/ssh/${hostName}" ]; yomaq = { suites = { container.enable = true; - }; + }; tailscale = { enable = true; - extraUpFlags = ["--ssh=true" "--reset=true"]; + extraUpFlags = [ + "--ssh=true" + "--reset=true" + ]; }; }; - environment.persistence."${dontBackup}".users.admin = lib.mkForce {}; + environment.persistence."${dontBackup}".users.admin = lib.mkForce { }; - age.secrets.healthchecks.file = ( inputs.self + /secrets/healthchecks.age); + age.secrets.healthchecks.file = (inputs.self + /secrets/healthchecks.age); yomaq.healthchecks = { enable = true; - settings.ALLOWED_HOSTS = ["${hostName}-${NAME}.${tailnetName}.ts.net"]; + settings.ALLOWED_HOSTS = [ "${hostName}-${NAME}.${tailnetName}.ts.net" ]; settings.SITE_ROOT = "https://${hostName}-${NAME}.${tailnetName}.ts.net"; settings.REGISTRATION_OPEN = true; settingsFile = config.containers."${hostName}-${NAME}".config.age.secrets.healthchecks.path; @@ -112,4 +123,4 @@ in }; }; }; -} \ No newline at end of file +} diff --git a/modules/containers/nixos-containers/homepage/nixos.nix b/modules/containers/nixos-containers/homepage/nixos.nix index ed24c401..6640fe63 100644 --- a/modules/containers/nixos-containers/homepage/nixos.nix +++ b/modules/containers/nixos-containers/homepage/nixos.nix @@ -1,8 +1,13 @@ -{ config, lib, pkgs, inputs, modulesPath, ... }: +{ + config, + lib, + pkgs, + inputs, + modulesPath, + ... +}: let - NAME = "homepage"; - cfg = config.yomaq.nixos-containers."${NAME}"; inherit (config.networking) hostName; @@ -27,28 +32,25 @@ in yomaq.homepage.enable = true; - - yomaq.gatus.endpoints = [{ - name = "${hostName}-${NAME}"; - group = "webapps"; - url = "https://${hostName}-${NAME}.${tailnetName}.ts.net/"; - interval = "5m"; - conditions = [ - "[STATUS] == 200" - ]; - alerts = [ - { - type = "ntfy"; - failureThreshold = 3; - description = "healthcheck failed"; - } - ]; - }]; - - systemd.tmpfiles.rules = [ - "d ${cfg.storage}/nixos-containers/${NAME}/tailscale" + yomaq.gatus.endpoints = [ + { + name = "${hostName}-${NAME}"; + group = "webapps"; + url = "https://${hostName}-${NAME}.${tailnetName}.ts.net/"; + interval = "5m"; + conditions = [ "[STATUS] == 200" ]; + alerts = [ + { + type = "ntfy"; + failureThreshold = 3; + description = "healthcheck failed"; + } + ]; + } ]; + systemd.tmpfiles.rules = [ "d ${cfg.storage}/nixos-containers/${NAME}/tailscale" ]; + #will still need to set the network device name manually yomaq.network.useBr0 = true; @@ -56,15 +58,17 @@ in autoStart = true; privateNetwork = true; hostBridge = "br0"; # Specify the bridge name - specialArgs = { inherit inputs; }; - bindMounts = { - "/etc/ssh/${hostName}" = { + specialArgs = { + inherit inputs; + }; + bindMounts = { + "/etc/ssh/${hostName}" = { hostPath = "/etc/ssh/${hostName}"; - isReadOnly = true; + isReadOnly = true; }; "/var/lib/tailscale" = { hostPath = "${cfg.storage}/nixos-containers/${NAME}/tailscale"; - isReadOnly = false; + isReadOnly = false; }; }; enableTun = true; @@ -73,21 +77,22 @@ in imports = [ inputs.self.nixosModules.yomaq (inputs.self + /users/admin) - ]; + ]; system.stateVersion = stateVersion; - age.identityPaths = ["/etc/ssh/${hostName}"]; + age.identityPaths = [ "/etc/ssh/${hostName}" ]; yomaq = { - tailscale.extraUpFlags = ["--ssh=true" "--reset=true"]; + tailscale.extraUpFlags = [ + "--ssh=true" + "--reset=true" + ]; suites.container.enable = true; # homepage-dashboard.enable = true; homepage.enable = true; }; services.homepage-dashboard.enable = true; - systemd.tmpfiles.rules = [ - "d /etc/homepage-dashboard/logs" - ]; + systemd.tmpfiles.rules = [ "d /etc/homepage-dashboard/logs" ]; services.caddy = { enable = true; virtualHosts."${hostName}-${NAME}.${tailnetName}.ts.net".extraConfig = '' @@ -97,4 +102,4 @@ in }; }; }; -} \ No newline at end of file +} diff --git a/modules/containers/nixos-containers/nextcloud/nixos.nix b/modules/containers/nixos-containers/nextcloud/nixos.nix index 29b7f3eb..f6c98514 100644 --- a/modules/containers/nixos-containers/nextcloud/nixos.nix +++ b/modules/containers/nixos-containers/nextcloud/nixos.nix @@ -1,8 +1,13 @@ -{ config, lib, pkgs, inputs, modulesPath, ... }: +{ + config, + lib, + pkgs, + inputs, + modulesPath, + ... +}: let - NAME = "nextcloud"; - cfg = config.yomaq.nixos-containers."${NAME}"; inherit (config.networking) hostName; @@ -31,31 +36,32 @@ in "d ${cfg.storage}/nixos-containers/${NAME}/db" ]; - yomaq.homepage.groups.services.services = [{ - "Nextcloud" = { - icon = "si-nextcloud"; - href = "https://${hostName}-${NAME}.${tailnetName}.ts.net"; - siteMonitor = "https://${hostName}-${NAME}.${tailnetName}.ts.net"; - }; - }]; - + yomaq.homepage.groups.services.services = [ + { + "Nextcloud" = { + icon = "si-nextcloud"; + href = "https://${hostName}-${NAME}.${tailnetName}.ts.net"; + siteMonitor = "https://${hostName}-${NAME}.${tailnetName}.ts.net"; + }; + } + ]; - yomaq.gatus.endpoints = [{ - name = "${hostName}-${NAME}"; - group = "webapps"; - url = "https://${hostName}-${NAME}.${tailnetName}.ts.net/"; - interval = "5m"; - conditions = [ - "[STATUS] == 200" - ]; - alerts = [ - { - type = "ntfy"; - failureThreshold = 3; - description = "healthcheck failed"; - } - ]; - }]; + yomaq.gatus.endpoints = [ + { + name = "${hostName}-${NAME}"; + group = "webapps"; + url = "https://${hostName}-${NAME}.${tailnetName}.ts.net/"; + interval = "5m"; + conditions = [ "[STATUS] == 200" ]; + alerts = [ + { + type = "ntfy"; + failureThreshold = 3; + description = "healthcheck failed"; + } + ]; + } + ]; #will still need to set the network device name manually yomaq.network.useBr0 = true; @@ -64,23 +70,25 @@ in autoStart = true; privateNetwork = true; hostBridge = "br0"; # Specify the bridge name - specialArgs = { inherit inputs; }; - bindMounts = { - "/etc/ssh/${hostName}" = { + specialArgs = { + inherit inputs; + }; + bindMounts = { + "/etc/ssh/${hostName}" = { hostPath = "/etc/ssh/${hostName}"; - isReadOnly = true; + isReadOnly = true; }; "/var/lib/tailscale" = { hostPath = "${cfg.storage}/nixos-containers/${NAME}/tailscale"; - isReadOnly = false; + isReadOnly = false; }; "/var/lib/mysql" = { hostPath = "${cfg.storage}/nixos-containers/${NAME}/db"; - isReadOnly = false; + isReadOnly = false; }; "/var/lib/nextcloud" = { hostPath = "${cfg.storage}/nixos-containers/${NAME}/nextcloud"; - isReadOnly = false; + isReadOnly = false; }; }; enableTun = true; @@ -89,12 +97,15 @@ in imports = [ inputs.self.nixosModules.yomaq (inputs.self + /users/admin) - ]; + ]; system.stateVersion = stateVersion; - age.identityPaths = ["/etc/ssh/${hostName}"]; + age.identityPaths = [ "/etc/ssh/${hostName}" ]; yomaq = { - tailscale.extraUpFlags = ["--ssh=true" "--reset=true"]; + tailscale.extraUpFlags = [ + "--ssh=true" + "--reset=true" + ]; suites.container.enable = true; }; @@ -128,11 +139,11 @@ in settings = { "maintenance_window_start" = 8; default_phone_region = "US"; - trustedProxies = ["127.0.0.1"]; + trustedProxies = [ "127.0.0.1" ]; logType = "file"; overwriteProtocol = "https"; }; - extraApps = {}; + extraApps = { }; appstoreEnable = true; config = { dbtype = "mysql"; @@ -146,14 +157,14 @@ in virtualisation.oci-containers.containers.collaboraCode = { image = "docker.io/collabora/code"; autoStart = true; - environment = { - "server_name" = "${hostName}-${NAME}.${tailnetName}.ts.net"; - }; + environment = { + "server_name" = "${hostName}-${NAME}.${tailnetName}.ts.net"; + }; extraOptions = [ - "--pull=always" - "--network=container:TScollaboraCode" + "--pull=always" + "--network=container:TScollaboraCode" ]; }; yomaq.pods.tailscaled."TScollaboraCode".enable = true; }; -} \ No newline at end of file +} diff --git a/modules/containers/nixos-containers/nfty/nixos.nix b/modules/containers/nixos-containers/nfty/nixos.nix index 7a6f21e3..0bd9418f 100644 --- a/modules/containers/nixos-containers/nfty/nixos.nix +++ b/modules/containers/nixos-containers/nfty/nixos.nix @@ -1,8 +1,13 @@ -{ config, lib, pkgs, inputs, modulesPath, ... }: +{ + config, + lib, + pkgs, + inputs, + modulesPath, + ... +}: let - NAME = "ntfy"; - cfg = config.yomaq.nixos-containers."${NAME}"; inherit (config.networking) hostName; @@ -21,30 +26,32 @@ in "d ${backup}/nixos-containers/${NAME}/data 0755 admin" ]; - yomaq.homepage.groups.services.services = [{ - "${NAME}" = { - icon = "mdi-bell-badge"; - href = "https://${hostName}-${NAME}.${tailnetName}.ts.net/"; - siteMonitor = "https://${hostName}-${NAME}.${tailnetName}.ts.net/"; - }; - }]; + yomaq.homepage.groups.services.services = [ + { + "${NAME}" = { + icon = "mdi-bell-badge"; + href = "https://${hostName}-${NAME}.${tailnetName}.ts.net/"; + siteMonitor = "https://${hostName}-${NAME}.${tailnetName}.ts.net/"; + }; + } + ]; - yomaq.gatus.endpoints = [{ - name = "${hostName}-${NAME}"; - group = "webapps"; - url = "https://${hostName}-${NAME}.${tailnetName}.ts.net/"; - interval = "5m"; - conditions = [ - "[STATUS] == 200" - ]; - alerts = [ - { - type = "ntfy"; - failureThreshold = 3; - description = "healthcheck failed"; - } - ]; - }]; + yomaq.gatus.endpoints = [ + { + name = "${hostName}-${NAME}"; + group = "webapps"; + url = "https://${hostName}-${NAME}.${tailnetName}.ts.net/"; + interval = "5m"; + conditions = [ "[STATUS] == 200" ]; + alerts = [ + { + type = "ntfy"; + failureThreshold = 3; + description = "healthcheck failed"; + } + ]; + } + ]; #will still need to set the network device name manually yomaq.network.useBr0 = true; @@ -53,20 +60,18 @@ in autoStart = true; privateNetwork = true; hostBridge = "br0"; # Specify the bridge name - specialArgs = { inherit inputs; }; - bindMounts = { - "/etc/ssh/${hostName}" = { + specialArgs = { + inherit inputs; + }; + bindMounts = { + "/etc/ssh/${hostName}" = { hostPath = "/etc/ssh/${hostName}"; - isReadOnly = true; + isReadOnly = true; }; "/var/lib/tailscale/" = { hostPath = "${dontBackup}/nixos-containers/${NAME}/tailscale"; - isReadOnly = false; + isReadOnly = false; }; - # "/var/lib/ntfy-sh/" = { - # hostPath = "${backup}/nixos-containers/${NAME}/data"; - # isReadOnly = false; - # }; }; enableTun = true; ephemeral = true; @@ -76,19 +81,22 @@ in (inputs.self + /users/admin) ]; system.stateVersion = stateVersion; - age.identityPaths = ["/etc/ssh/${hostName}"]; + age.identityPaths = [ "/etc/ssh/${hostName}" ]; yomaq = { suites = { container.enable = true; - }; + }; tailscale = { enable = true; - extraUpFlags = ["--ssh=true" "--reset=true"]; + extraUpFlags = [ + "--ssh=true" + "--reset=true" + ]; }; }; - environment.persistence."${dontBackup}".users.admin = lib.mkForce {}; + environment.persistence."${dontBackup}".users.admin = lib.mkForce { }; services.ntfy-sh = { enable = true; @@ -108,4 +116,4 @@ in }; }; }; -} \ No newline at end of file +} diff --git a/modules/containers/nixos-containers/openvscode-server/nixos.nix b/modules/containers/nixos-containers/openvscode-server/nixos.nix index 605a53a6..83a23e28 100644 --- a/modules/containers/nixos-containers/openvscode-server/nixos.nix +++ b/modules/containers/nixos-containers/openvscode-server/nixos.nix @@ -1,8 +1,13 @@ -{ config, lib, pkgs, inputs, modulesPath, ... }: +{ + config, + lib, + pkgs, + inputs, + modulesPath, + ... +}: let - NAME = "openvscode"; - cfg = config.yomaq.nixos-containers.openvscode; inherit (config.networking) hostName; @@ -12,7 +17,9 @@ let inherit (config.system) stateVersion; in { - options.yomaq.nixos-containers.openvscode.enable = lib.mkEnableOption (lib.mdDoc "Openvscode Server"); + options.yomaq.nixos-containers.openvscode.enable = lib.mkEnableOption ( + lib.mdDoc "Openvscode Server" + ); config = lib.mkIf cfg.enable { @@ -24,14 +31,15 @@ in "d ${dontBackup}/nixos-containers/${NAME}/admin 0755 admin" ]; - - yomaq.homepage.groups.services.services = [{ - "Code Server" = { - icon = "si-visualstudiocode"; - href = "https://${hostName}-${NAME}.${tailnetName}.ts.net/"; - siteMonitor = "https://${hostName}-${NAME}.${tailnetName}.ts.net/"; - }; - }]; + yomaq.homepage.groups.services.services = [ + { + "Code Server" = { + icon = "si-visualstudiocode"; + href = "https://${hostName}-${NAME}.${tailnetName}.ts.net/"; + siteMonitor = "https://${hostName}-${NAME}.${tailnetName}.ts.net/"; + }; + } + ]; #will still need to set the network device name manually yomaq.network.useBr0 = true; @@ -40,31 +48,33 @@ in autoStart = true; privateNetwork = true; hostBridge = "br0"; # Specify the bridge name - specialArgs = { inherit inputs; }; - bindMounts = { - "/etc/ssh/${hostName}" = { + specialArgs = { + inherit inputs; + }; + bindMounts = { + "/etc/ssh/${hostName}" = { hostPath = "/etc/ssh/${hostName}"; - isReadOnly = true; + isReadOnly = true; }; "/var/lib/tailscale/" = { hostPath = "${dontBackup}/nixos-containers/${NAME}/tailscale"; - isReadOnly = false; + isReadOnly = false; }; "${dontBackup}/nixos-containers/${NAME}/data" = { hostPath = "${dontBackup}/nixos-containers/${NAME}/data"; - isReadOnly = false; + isReadOnly = false; }; "${dontBackup}/nixos-containers/${NAME}/userdata" = { hostPath = "${dontBackup}/nixos-containers/${NAME}/userdata"; - isReadOnly = false; + isReadOnly = false; }; "${dontBackup}/nixos-containers/${NAME}/extensions" = { hostPath = "${dontBackup}/nixos-containers/${NAME}/extensions"; - isReadOnly = false; + isReadOnly = false; }; "/home/admin" = { hostPath = "${dontBackup}/nixos-containers/${NAME}/admin"; - isReadOnly = false; + isReadOnly = false; }; }; enableTun = true; @@ -73,21 +83,24 @@ in imports = [ inputs.self.nixosModules.yomaq (inputs.self + /users/admin) - ]; + ]; system.stateVersion = stateVersion; - age.identityPaths = ["/etc/ssh/${hostName}"]; + age.identityPaths = [ "/etc/ssh/${hostName}" ]; yomaq = { suites = { container.enable = true; - }; + }; tailscale = { enable = true; - extraUpFlags = ["--ssh=true" "--reset=true"]; + extraUpFlags = [ + "--ssh=true" + "--reset=true" + ]; }; }; - environment.persistence."${dontBackup}".users.admin = lib.mkForce {}; + environment.persistence."${dontBackup}".users.admin = lib.mkForce { }; services.openvscode-server = { enable = true; @@ -106,9 +119,7 @@ in reverse_proxy 127.0.0.1:3000 ''; }; - - }; }; }; -} \ No newline at end of file +} diff --git a/modules/containers/tailscale-submodule.nix b/modules/containers/tailscale-submodule.nix index 415ccf3c..69558300 100644 --- a/modules/containers/tailscale-submodule.nix +++ b/modules/containers/tailscale-submodule.nix @@ -1,6 +1,11 @@ -{ options, config, lib, pkgs, inputs, ... }: - -with lib; +{ + options, + config, + lib, + pkgs, + inputs, + ... +}: let ### Set container name and image NAME = "tailscale"; @@ -11,108 +16,110 @@ let inherit (config.yomaq.impermanence) dontBackup; inherit (config.yomaq.tailscale) tailnetName; - containerOpts = { name, config, ... }: + containerOpts = + { name, config, ... }: let # this allows container modules to name their TS submodule "TS${containerName}" so it won't overlap with the main container # but the tailscale node won't have the "TS" prefix, which is unnecessary - startsWithTS = substring 0 2 name == "TS"; - noTSname = if startsWithTS then substring 2 (-1) name else name; + startsWithTS = lib.substring 0 2 name == "TS"; + noTSname = if startsWithTS then lib.substring 2 (-1) name else name; in - { - options = { - enable = mkOption { - type = types.bool; - default = false; - description = '' - enable custom ${NAME} container module - ''; - }; - volumeLocation = mkOption { - type = types.str; - default = "${dontBackup}/containers/tailscale/${name}"; - description = '' - path to store container volumes - ''; - }; - imageVersion = mkOption { - type = types.str; - default = "latest"; - description = '' - container image version - ''; - }; - TSargs = mkOption { - type = types.str; - default = ""; - description = '' - TS_Extra_ARGS env var - ''; - }; - TShostname = mkOption { - type = types.str; - default = "${hostName}-${noTSname}"; - description = '' - TS_HOSTNAME env var - ''; - }; - TSserve = mkOption { - type = with types; attrsOf str; - default = {}; - description = '' - paths that should map to ports for tailscale serve - ''; - example = { - "/" = "http://127.0.0.1:9000"; + { + options = { + enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + enable custom ${NAME} container module + ''; + }; + volumeLocation = lib.mkOption { + type = lib.types.str; + default = "${dontBackup}/containers/tailscale/${name}"; + description = '' + path to store container volumes + ''; + }; + imageVersion = lib.mkOption { + type = lib.types.str; + default = "latest"; + description = '' + container image version + ''; + }; + TSargs = lib.mkOption { + type = lib.types.str; + default = ""; + description = '' + TS_Extra_ARGS env var + ''; + }; + TShostname = lib.mkOption { + type = lib.types.str; + default = "${hostName}-${noTSname}"; + description = '' + TS_HOSTNAME env var + ''; + }; + TSserve = lib.mkOption { + type = with lib.types; attrsOf str; + default = { }; + description = '' + paths that should map to ports for tailscale serve + ''; + example = { + "/" = "http://127.0.0.1:9000"; + }; + }; + enableFunnel = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + if you are sure you want to enable funnel + ''; + }; + tags = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ "tag:lockdown" ]; + description = '' + list of tags owned by "tag:container" to assign to the container + ''; }; - }; - enableFunnel = mkOption { - type = types.bool; - default = false; - description = '' - if you are sure you want to enable funnel - ''; - }; - tags = mkOption { - type = lib.types.listOf lib.types.str; - default = ["tag:lockdown"]; - description = '' - list of tags owned by "tag:container" to assign to the container - ''; }; }; - }; # Helper function to create a container configuration from a submodule - mkContainer = name: cfg: - let - formatTags = builtins.concatStringsSep "," cfg.tags; - PathsToMap = a: b: { Proxy = "${b}"; }; - Serveconfig = { - TCP."443".HTTPS = true; - Web."${cfg.TShostname}.${tailnetName}.ts.net:443".Handlers = lib.mapAttrs PathsToMap cfg.TSserve; - AllowFunnel = { + mkContainer = + name: cfg: + let + formatTags = builtins.concatStringsSep "," cfg.tags; + PathsToMap = a: b: { Proxy = "${b}"; }; + Serveconfig = { + TCP."443".HTTPS = true; + Web."${cfg.TShostname}.${tailnetName}.ts.net:443".Handlers = lib.mapAttrs PathsToMap cfg.TSserve; + AllowFunnel = { "${cfg.TShostname}.${tailnetName}.ts.net:443" = cfg.enableFunnel; + }; }; - }; - in - { + in + { image = "${IMAGE}:${cfg.imageVersion}"; autoStart = true; hostname = cfg.TShostname; environment = lib.mkMerge [ - { + { "TS_HOSTNAME" = cfg.TShostname; "TS_STATE_DIR" = "/var/lib/tailscale"; # "TS_USERSPACE" = "false"; "TS_EXTRA_ARGS" = "--advertise-tags=" + formatTags + " " + cfg.TSargs; - } - (lib.mkIf (cfg.TSserve != {}) { + } + (lib.mkIf (cfg.TSserve != { }) { "TS_SERVE_CONFIG" = "config/tailscaleCfg.json"; "TS_USERSPACE" = "true"; - }) - (lib.mkIf (cfg.TSserve == {}) { - # https://github.com/tailscale/tailscale/issues/11372 - "TS_USERSPACE" = "false"; - }) + }) + (lib.mkIf (cfg.TSserve == { }) { + # https://github.com/tailscale/tailscale/issues/11372 + "TS_USERSPACE" = "false"; + }) ]; environmentFiles = [ # need to set "TS_AUTHKEY=key" in agenix and import here @@ -122,10 +129,12 @@ let volumes = [ "${cfg.volumeLocation}/data-lib:/var/lib" "/dev/net/tun:/dev/net/tun" - "${(pkgs.writeTextFile { - name = "${name}TScfg"; - text = builtins.toJSON Serveconfig; - })}:/config/tailscaleCfg.json" + "${ + (pkgs.writeTextFile { + name = "${name}TScfg"; + text = builtins.toJSON Serveconfig; + }) + }:/config/tailscaleCfg.json" ]; extraOptions = [ "--pull=always" @@ -133,33 +142,33 @@ let "--cap-add=sys_module" ]; # user = "4000:4000"; - }; - mkTmpfilesRules = name: cfg: [ - "d ${cfg.volumeLocation}/data-lib 0755 root root" - ]; + }; + mkTmpfilesRules = name: cfg: [ "d ${cfg.volumeLocation}/data-lib 0755 root root" ]; in { options.yomaq.pods = { - tailscaled = mkOption { - default = {}; - type = with types; attrsOf (submodule containerOpts); - example = {}; + tailscaled = lib.mkOption { + default = { }; + type = with lib.types; attrsOf (submodule containerOpts); + example = { }; description = lib.mdDoc '' Additional tailscale containers to pair with container services to expose on the tailnet. ''; }; - tailscaleAgenixKey = mkOption { - type = types.path; + tailscaleAgenixKey = lib.mkOption { + type = lib.types.path; default = (inputs.self + /secrets/tailscaleOAuthEnvFile.age); description = '' path to agenix secret file ''; }; }; - config = mkIf (cfg != {}) { + config = lib.mkIf (cfg != { }) { age.secrets."tailscaleOAuthEnvFile".file = config.yomaq.pods.tailscaleAgenixKey; - systemd.tmpfiles.rules = lib.flatten ( lib.mapAttrsToList (name: cfg: mkTmpfilesRules name cfg) config.yomaq.pods.tailscaled); + systemd.tmpfiles.rules = lib.flatten ( + lib.mapAttrsToList (name: cfg: mkTmpfilesRules name cfg) config.yomaq.pods.tailscaled + ); virtualisation.oci-containers.containers = lib.mapAttrs mkContainer config.yomaq.pods.tailscaled; }; -} \ No newline at end of file +} diff --git a/modules/containers/teslamate.nix b/modules/containers/teslamate.nix index bb11aba2..c1d92704 100644 --- a/modules/containers/teslamate.nix +++ b/modules/containers/teslamate.nix @@ -1,7 +1,11 @@ - -{ options, config, lib, pkgs, inputs, ... }: - -with lib; +{ + options, + config, + lib, + pkgs, + inputs, + ... +}: let ### Set container name and image NAME = "teslamate"; @@ -10,7 +14,6 @@ let grafanaIMAGE = "docker.io/teslamate/grafana"; mqttIMAGE = "docker.io/eclipse-mosquitto"; - cfg = config.yomaq.pods.${NAME}; inherit (config.networking) hostName; inherit (config.yomaq.impermanence) backup; @@ -19,93 +22,93 @@ let in { options.yomaq.pods.${NAME} = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' enable custom ${NAME} container module ''; }; - agenixSecret = mkOption { - type = types.path; + agenixSecret = lib.mkOption { + type = lib.types.path; default = (inputs.self + /secrets/${NAME}EnvFile.age); description = '' path to agenix secret file ''; }; - volumeLocation = mkOption { - type = types.str; + volumeLocation = lib.mkOption { + type = lib.types.str; default = "${backup}/containers/${NAME}"; description = '' path to store container volumes ''; }; - imageVersion = mkOption { - type = types.str; + imageVersion = lib.mkOption { + type = lib.types.str; default = "latest"; description = '' container image version ''; }; -### database container + ### database container database = { - agenixSecret = mkOption { - type = types.path; + agenixSecret = lib.mkOption { + type = lib.types.path; default = (inputs.self + /secrets/${NAME}DBEnvFile.age); description = '' path to agenix secret file ''; }; - volumeLocation = mkOption { - type = types.str; + volumeLocation = lib.mkOption { + type = lib.types.str; default = "${backup}/containers/${NAME}/DB"; description = '' path to store container volumes ''; }; - imageVersion = mkOption { - type = types.str; + imageVersion = lib.mkOption { + type = lib.types.str; default = "16"; description = '' container image version ''; }; }; -### grafana container + ### grafana container grafana = { - agenixSecret = mkOption { - type = types.path; + agenixSecret = lib.mkOption { + type = lib.types.path; default = (inputs.self + /secrets/${NAME}GrafanaEnvFile.age); description = '' path to agenix secret file ''; }; - volumeLocation = mkOption { - type = types.str; + volumeLocation = lib.mkOption { + type = lib.types.str; default = "${backup}/containers/${NAME}/Grafana"; description = '' path to store container volumes ''; }; - imageVersion = mkOption { - type = types.str; + imageVersion = lib.mkOption { + type = lib.types.str; default = "latest"; description = '' container image version ''; }; }; -### mqtt container + ### mqtt container mqtt = { - volumeLocation = mkOption { - type = types.str; + volumeLocation = lib.mkOption { + type = lib.types.str; default = "${backup}/containers/${NAME}/mqtt"; description = '' path to store container volumes ''; }; - imageVersion = mkOption { - type = types.str; + imageVersion = lib.mkOption { + type = lib.types.str; default = "2"; description = '' container image version @@ -114,7 +117,7 @@ in }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { ### agenix secrets for container age.secrets."${NAME}EnvFile".file = cfg.agenixSecret; age.secrets."${NAME}DBEnvFile".file = cfg.database.agenixSecret; @@ -132,7 +135,7 @@ in # "d ${cfg.mqtt.volumeLocation}/mosquitto-conf 0755 4000 4000" ]; virtualisation.oci-containers.containers = { -### DB container + ### DB container "DB${NAME}" = { image = "${dbIMAGE}:${cfg.database.imageVersion}"; autoStart = true; @@ -141,61 +144,57 @@ in }; environmentFiles = [ config.age.secrets."${NAME}DBEnvFile".path - # POSTGRES_USER=teslamate - # POSTGRES_PASSWORD=password #insert your secure database password! - # POSTGRES_DB=teslamate - ]; - volumes = [ - "${cfg.database.volumeLocation}/teslamate-db:/var/lib/postgresql/data" + # POSTGRES_USER=teslamate + # POSTGRES_PASSWORD=password #insert your secure database password! + # POSTGRES_DB=teslamate ]; + volumes = [ "${cfg.database.volumeLocation}/teslamate-db:/var/lib/postgresql/data" ]; extraOptions = [ "--pull=always" "--network=container:TS${NAME}" ]; }; -### Grafana container + ### Grafana container "grafana-${NAME}" = { image = "${grafanaIMAGE}:${cfg.grafana.imageVersion}"; autoStart = true; environment = { - "GF_SERVER_ROOT_URL"= "%(protocol)s://%(domain)s/grafana"; - "GF_SERVER_SERVE_FROM_SUB_PATH" = "true"; + "GF_SERVER_ROOT_URL" = "%(protocol)s://%(domain)s/grafana"; + "GF_SERVER_SERVE_FROM_SUB_PATH" = "true"; }; environmentFiles = [ # container listens on port 3000 config.age.secrets."${NAME}GrafanaEnvFile".path - # DATABASE_USER=teslamate - # DATABASE_PASS=password #insert your secure database password! - # DATABASE_NAME=teslamate - # DATABASE_HOST=database - ]; - volumes = [ - "${cfg.grafana.volumeLocation}/teslamate-grafana-data:/var/lib/grafana" + # DATABASE_USER=teslamate + # DATABASE_PASS=password #insert your secure database password! + # DATABASE_NAME=teslamate + # DATABASE_HOST=database ]; + volumes = [ "${cfg.grafana.volumeLocation}/teslamate-grafana-data:/var/lib/grafana" ]; extraOptions = [ "--pull=always" "--network=container:TS${NAME}" ]; user = "4000:4000"; }; -# ### Mosquitto (MQTT) container -# "mqtt-${NAME}" = { -# image = "${mqttIMAGE}:${cfg.mqtt.imageVersion}"; -# autoStart = true; -# cmd = ["mosquitto -c /mosquitto-no-auth.conf"]; -# environment = { -# }; -# environmentFiles = []; -# volumes = [ -# "${cfg.mqtt.volumeLocation}/mosquitto-data:/mosquitto/data" -# "${cfg.mqtt.volumeLocation}/mosquitto-conf:/mosquitto/config" -# ]; -# extraOptions = [ -# "--network=container:TS${NAME}" -# ]; -# user = "4000:4000"; -# }; -### main container + # ### Mosquitto (MQTT) container + # "mqtt-${NAME}" = { + # image = "${mqttIMAGE}:${cfg.mqtt.imageVersion}"; + # autoStart = true; + # cmd = ["mosquitto -c /mosquitto-no-auth.conf"]; + # environment = { + # }; + # environmentFiles = []; + # volumes = [ + # "${cfg.mqtt.volumeLocation}/mosquitto-data:/mosquitto/data" + # "${cfg.mqtt.volumeLocation}/mosquitto-conf:/mosquitto/config" + # ]; + # extraOptions = [ + # "--network=container:TS${NAME}" + # ]; + # user = "4000:4000"; + # }; + ### main container "${NAME}" = { image = "${IMAGE}:${cfg.imageVersion}"; autoStart = true; @@ -205,16 +204,14 @@ in }; environmentFiles = [ config.age.secrets."${NAME}EnvFile".path - # ENCRYPTION_KEY=secretkey #replace with a secure key to encrypt your Tesla API tokens - # DATABASE_USER=teslamate - # DATABASE_PASS=password #insert your secure database password! - # DATABASE_NAME=teslamate - # DATABASE_HOST=database - # MQTT_HOST=mosquitto - ]; - volumes = [ - "${cfg.volumeLocation}/import:/opt/app/import" + # ENCRYPTION_KEY=secretkey #replace with a secure key to encrypt your Tesla API tokens + # DATABASE_USER=teslamate + # DATABASE_PASS=password #insert your secure database password! + # DATABASE_NAME=teslamate + # DATABASE_HOST=database + # MQTT_HOST=mosquitto ]; + volumes = [ "${cfg.volumeLocation}/import:/opt/app/import" ]; extraOptions = [ "--cap-drop=all" "--pull=always" @@ -227,33 +224,34 @@ in "/" = "http://127.0.0.1:4000"; "/grafana" = "http://127.0.0.1:3000/grafana"; }; - tags = ["tag:teslamate"]; + tags = [ "tag:teslamate" ]; }; - yomaq.homepage.groups.services.services = [{ - "${NAME}" = { - icon = "si-tesla"; - href = "https://${hostName}-${NAME}.${tailnetName}.ts.net"; - siteMonitor = "https://${hostName}-${NAME}.${tailnetName}.ts.net"; - }; - }]; - - yomaq.gatus.endpoints = [{ - name = "${hostName}-${NAME}"; - group = "webapps"; - url = "https://${hostName}-${NAME}.${tailnetName}.ts.net/"; - interval = "5m"; - conditions = [ - "[STATUS] == 200" - ]; - alerts = [ - { - type = "ntfy"; - failureThreshold = 3; - description = "healthcheck failed"; - } - ]; - }]; + yomaq.homepage.groups.services.services = [ + { + "${NAME}" = { + icon = "si-tesla"; + href = "https://${hostName}-${NAME}.${tailnetName}.ts.net"; + siteMonitor = "https://${hostName}-${NAME}.${tailnetName}.ts.net"; + }; + } + ]; + yomaq.gatus.endpoints = [ + { + name = "${hostName}-${NAME}"; + group = "webapps"; + url = "https://${hostName}-${NAME}.${tailnetName}.ts.net/"; + interval = "5m"; + conditions = [ "[STATUS] == 200" ]; + alerts = [ + { + type = "ntfy"; + failureThreshold = 3; + description = "healthcheck failed"; + } + ]; + } + ]; }; } diff --git a/modules/containers/windows-submodule.nix b/modules/containers/windows-submodule.nix index 731feb98..28970a21 100644 --- a/modules/containers/windows-submodule.nix +++ b/modules/containers/windows-submodule.nix @@ -1,6 +1,11 @@ -{ options, config, lib, pkgs, inputs, ... }: - -with lib; +{ + options, + config, + lib, + pkgs, + inputs, + ... +}: let ### Set container name and image NAME = "windows"; @@ -12,58 +17,58 @@ let inherit (config.yomaq.impermanence) dontBackup; inherit (config.yomaq.tailscale) tailnetName; - - containerOpts = { name, config, ... }: - { - options = { - enable = mkOption { - type = types.bool; - default = false; - description = '' - enable custom ${NAME} container module - ''; - }; - volumeLocation = mkOption { - type = types.str; - default = "${dontBackup}/containers/windows/${name}"; - description = '' - path to store container volumes - ''; - }; - imageVersion = mkOption { - type = types.str; - default = "latest"; - description = '' - container image version - ''; - }; - version = mkOption { - type = types.str; - default = "win11"; - description = '' - Version of Windows to create - ''; - }; - envVariables = mkOption { - type = types.attrsOf types.str; - default = { - RAM_SIZE = "8G"; - CPU_CORES = "4"; + containerOpts = + { name, config, ... }: + { + options = { + enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + enable custom ${NAME} container module + ''; + }; + volumeLocation = lib.mkOption { + type = lib.types.str; + default = "${dontBackup}/containers/windows/${name}"; + description = '' + path to store container volumes + ''; + }; + imageVersion = lib.mkOption { + type = lib.types.str; + default = "latest"; + description = '' + container image version + ''; + }; + version = lib.mkOption { + type = lib.types.str; + default = "win11"; + description = '' + Version of Windows to create + ''; + }; + envVariables = lib.mkOption { + type = lib.types.attrsOf lib.types.str; + default = { + RAM_SIZE = "8G"; + CPU_CORES = "4"; + }; + description = '' + set custom environment variables for the windows container + ''; }; - description = '' - set custom environment variables for the windows container - ''; }; }; - }; mkContainer = name: cfg: { image = "${IMAGE}:${cfg.imageVersion}"; autoStart = true; environment = lib.mkMerge [ - cfg.envVariables - { "VERSION" = "${cfg.version}"; } + cfg.envVariables + { "VERSION" = "${cfg.version}"; } ]; - volumes = ["${cfg.volumeLocation}/storage:/storage"]; + volumes = [ "${cfg.volumeLocation}/storage:/storage" ]; extraOptions = [ "--pull=always" "--network=container:TS${name}" @@ -72,41 +77,44 @@ let ]; # user = "4000:4000"; }; - mkTmpfilesRules = name: cfg: [ - "d ${cfg.volumeLocation}/storage 0755 root root" - ]; - containersList = attrNames cfg; + mkTmpfilesRules = name: cfg: [ "d ${cfg.volumeLocation}/storage 0755 root root" ]; + containersList = lib.attrNames cfg; renameTScontainers = map (a: "TS" + a) containersList; - # homepageServices = name: [{ - # "${name}" = { - # icon = "si-minecraft"; - # href = "https://${hostName}-${name}.${tailnetName}.ts.net"; - # widget = { - # type = "gamedig"; - # serverType = "minecraftbe"; - # url = "udp://${hostName}-${name}.${tailnetName}.ts.net:19132"; - # fields = [ "status" "players" "ping" ]; - # }; - # }; - # }]; in +# homepageServices = name: [{ +# "${name}" = { +# icon = "si-minecraft"; +# href = "https://${hostName}-${name}.${tailnetName}.ts.net"; +# widget = { +# type = "gamedig"; +# serverType = "minecraftbe"; +# url = "udp://${hostName}-${name}.${tailnetName}.ts.net:19132"; +# fields = [ "status" "players" "ping" ]; +# }; +# }; +# }]; { options.yomaq.pods = { - windows = mkOption { - default = {}; - type = with types; attrsOf (submodule containerOpts); - example = {}; + windows = lib.mkOption { + default = { }; + type = with lib.types; attrsOf (submodule containerOpts); + example = { }; description = lib.mdDoc '' Windows Docker VM ''; }; }; - config = mkIf (cfg != {}) { - yomaq.pods.tailscaled = lib.genAttrs renameTScontainers (container: { tags = ["tag:windowsindocker"]; TSserve = {"/" = "http://127.0.0.1:8006";};}); - systemd.tmpfiles.rules = lib.flatten ( lib.mapAttrsToList (name: cfg: mkTmpfilesRules name cfg) cfg); + config = lib.mkIf (cfg != { }) { + yomaq.pods.tailscaled = lib.genAttrs renameTScontainers (container: { + tags = [ "tag:windowsindocker" ]; + TSserve = { + "/" = "http://127.0.0.1:8006"; + }; + }); + systemd.tmpfiles.rules = lib.flatten (lib.mapAttrsToList (name: cfg: mkTmpfilesRules name cfg) cfg); virtualisation.oci-containers.containers = lib.mapAttrs mkContainer cfg; # yomaq.homepage.services = [{minecraft = lib.flatten (map homepageServices containersList);}]; # yomaq.homepage.settings.layout.minecraft.tab = "Services"; }; -} \ No newline at end of file +} diff --git a/modules/home-manager/agenix/default.nix b/modules/home-manager/agenix/default.nix index a967f936..ecb3d46e 100644 --- a/modules/home-manager/agenix/default.nix +++ b/modules/home-manager/agenix/default.nix @@ -1,3 +1,10 @@ -{ inputs, lib, config, pkgs, ... }: { - imports = [inputs.agenix.homeManagerModules.default]; +{ + inputs, + lib, + config, + pkgs, + ... +}: +{ + imports = [ inputs.agenix.homeManagerModules.default ]; } diff --git a/modules/home-manager/alacritty/default.nix b/modules/home-manager/alacritty/default.nix index b249d557..a92f5b25 100644 --- a/modules/home-manager/alacritty/default.nix +++ b/modules/home-manager/alacritty/default.nix @@ -1,19 +1,27 @@ -{ options, config, lib, pkgs, inputs, ... }: +{ + options, + config, + lib, + pkgs, + inputs, + ... +}: let cfg = config.yomaq.alacritty; in { - imports = []; + imports = [ ]; options.yomaq.alacritty = { - enable = with lib; mkOption { - type = types.bool; - default = false; - description = '' - enable custom alacritty module - ''; - }; + enable = + lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + enable custom alacritty module + ''; + }; }; - config = lib.mkIf cfg.enable { + config = lib.mkIf cfg.enable { programs = { alacritty = { enable = true; @@ -51,5 +59,5 @@ in }; }; }; - }; + }; } diff --git a/modules/home-manager/bash/default.nix b/modules/home-manager/bash/default.nix index 23529b40..607596ed 100644 --- a/modules/home-manager/bash/default.nix +++ b/modules/home-manager/bash/default.nix @@ -1,46 +1,54 @@ -{ options, config, lib, pkgs, inputs, ... }: +{ + options, + config, + lib, + pkgs, + inputs, + ... +}: let cfg = config.yomaq.bash; in { - imports = []; + imports = [ ]; options.yomaq.bash = { - enable = with lib; mkOption { - type = types.bool; - default = false; - description = '' - enable custom bash module - ''; - }; + enable = + lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + enable custom bash module + ''; + }; }; - config = lib.mkIf cfg.enable { + config = lib.mkIf cfg.enable { programs = { bash = { enable = true; enableCompletion = true; profileExtra = '' - # Commands that should be applied only for interactive shells. - [[ $- == *i* ]] || return + # Commands that should be applied only for interactive shells. + [[ $- == *i* ]] || return - HISTFILESIZE=100000 - HISTSIZE=10000 + HISTFILESIZE=100000 + HISTSIZE=10000 - shopt -s histappend - shopt -s checkwinsize - shopt -s extglob - shopt -s globstar - shopt -s checkjobs + shopt -s histappend + shopt -s checkwinsize + shopt -s extglob + shopt -s globstar + shopt -s checkjobs - #defaults - export EDITOR=vim + #defaults + export EDITOR=vim - #auto completion - source <(kubectl completion bash) - alias k=kubectl - complete -o default -F __start_kubectl k + #auto completion + source <(kubectl completion bash) + alias k=kubectl + complete -o default -F __start_kubectl k ''; }; }; - }; + }; } diff --git a/modules/home-manager/comma/default.nix b/modules/home-manager/comma/default.nix index f5f5051c..50a8e5a8 100644 --- a/modules/home-manager/comma/default.nix +++ b/modules/home-manager/comma/default.nix @@ -1,21 +1,25 @@ -{ options, config, lib, pkgs, inputs, ... }: +{ + options, + config, + lib, + pkgs, + inputs, + ... +}: let cfg = config.yomaq.comma; in { - imports = [ - inputs.nix-index-database.hmModules.nix-index - ]; + imports = [ inputs.nix-index-database.hmModules.nix-index ]; options.yomaq.comma = { - enable = with lib; mkOption { - type = types.bool; - default = false; - description = '' - enable custom comma module - ''; - }; - }; - config = lib.mkIf cfg.enable { - programs.nix-index-database.comma.enable = true; + enable = + lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + enable custom comma module + ''; + }; }; -} \ No newline at end of file + config = lib.mkIf cfg.enable { programs.nix-index-database.comma.enable = true; }; +} diff --git a/modules/home-manager/default.nix b/modules/home-manager/default.nix index b69fc32a..a839d59a 100644 --- a/modules/home-manager/default.nix +++ b/modules/home-manager/default.nix @@ -1,27 +1,37 @@ { lib, ... }: - -## Import all default.nix modules within all neighbouring directories (recursive). +## Import all modules inside this folder recursively. ## from: https://github.com/evanjs/nixos_cfg/blob/4bb5b0b84a221b25cf50853c12b9f66f0cad3ea4/config/new-modules/default.nix - -with lib; let - getDir = dir: mapAttrs - (file: type: - if type == "directory" then getDir "${dir}/${file}" else null - ) - (builtins.readDir dir); - - files = dir: collect isString (mapAttrsRecursive (path: type: concatStringsSep "/" path) (getDir dir)); - - validFiles = dir: map - (file: ./. + "/${file}") - (filter - (file: hasSuffix "default.nix" file - && file != "default.nix" - ) - (files dir)); - + # Recursively constructs an attrset of a given folder, recursing on directories, value of attrs is the filetype + getDir = + dir: + lib.mapAttrs ( + file: type: if type == "directory" then getDir "${dir}/${file}" else null + # If you want to exclude recusing on directories (untested) + # if type == "directory" then null else type + ) (builtins.readDir dir); + # Collects all files of a directory as a list of strings of paths + files = + dir: + lib.collect lib.isString ( + lib.mapAttrsRecursive (path: type: lib.concatStringsSep "/" path) (getDir dir) + ); + # Filters out directories that don't end with .nix or are this file, also makes the strings absolute + validFiles = + dir: + map (file: ./. + "/${file}") ( + lib.filter ( + file: + lib.hasSuffix "default.nix" file + # Exclude this file + && file != "default.nix" + # how to exclude a path + # && ! lib.hasPrefix "exclude/path/" file + # how to exclude a group of files + # && ! lib.hasSuffix "-ex.nix" file + ) (files dir) + ); in { imports = validFiles ./.; -} \ No newline at end of file +} diff --git a/modules/home-manager/direnv/default.nix b/modules/home-manager/direnv/default.nix index 436a7069..4210c8fd 100644 --- a/modules/home-manager/direnv/default.nix +++ b/modules/home-manager/direnv/default.nix @@ -1,17 +1,25 @@ -{ options, config, lib, pkgs, inputs, ... }: +{ + options, + config, + lib, + pkgs, + inputs, + ... +}: let cfg = config.yomaq.direnv; in { - imports = []; + imports = [ ]; options.yomaq.direnv = { - enable = with lib; mkOption { - type = types.bool; - default = false; - description = '' - enable custom direnv module - ''; - }; + enable = + lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + enable custom direnv module + ''; + }; }; config = lib.mkIf cfg.enable { programs = { diff --git a/modules/home-manager/firefox/default.nix b/modules/home-manager/firefox/default.nix index d3ed729e..95adac09 100644 --- a/modules/home-manager/firefox/default.nix +++ b/modules/home-manager/firefox/default.nix @@ -1,26 +1,22 @@ ### Does not work on darwin ### Will expand with more options as I use different css - - - - - - ### currently broken - - -{ options, config, lib, pkgs, ... }: - -with lib; +{ + options, + config, + lib, + pkgs, + ... +}: let cfg = config.yomaq.firefox; in { options.yomaq.firefox = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' enable custom firefox module @@ -28,7 +24,7 @@ in }; }; - config = mkIf (cfg.enable && pkgs.system != "aarch64-darwin") { + config = lib.mkIf (cfg.enable && pkgs.system != "aarch64-darwin") { programs.firefox = { package = pkgs.firefox.override { extraPolicies = { @@ -42,15 +38,15 @@ in OfferToSaveLoginsDefault = false; PasswordManagerEnabled = false; FirefoxHome = { - Search = true; - Pocket = false; - Snippets = false; - TopSites = false; - Highlights = false; + Search = true; + Pocket = false; + Snippets = false; + TopSites = false; + Highlights = false; }; UserMessaging = { - ExtensionRecommendations = false; - SkipOnboarding = true; + ExtensionRecommendations = false; + SkipOnboarding = true; }; Preferences = { "browser.toolbars.bookmarks.visibility" = "never"; @@ -65,455 +61,455 @@ in name = "Default"; isDefault = true; extensions = with pkgs.nur.repos.rycee.firefox-addons; [ - ublock-origin - onepassword-password-manager - darkreader + ublock-origin + onepassword-password-manager + darkreader ]; search = { - force = true; - default = "DuckDuckGo"; + force = true; + default = "DuckDuckGo"; }; settings = { - "general.smoothScroll" = true; + "general.smoothScroll" = true; }; -### Pick user chrome css here + ### Pick user chrome css here userChrome = '' - /*========================================================================================================* + /*========================================================================================================* - +-----+-----+-----+-----+-----+-----+-----+ - | █▀▀ | ▄▀█ | █▀▀ | █▀▀ | ▄▀█ | █▀▄ | █▀▀ | - | █▄▄ | █▀█ | ▄▄█ | █▄▄ | █▀█ | █▄▀ | ██▄ | - +-----+-----+-----+-----+-----+-----+-----+ Mouse Edition. + +-----+-----+-----+-----+-----+-----+-----+ + | █▀▀ | ▄▀█ | █▀▀ | █▀▀ | ▄▀█ | █▀▄ | █▀▀ | + | █▄▄ | █▀█ | ▄▄█ | █▄▄ | █▀█ | █▄▀ | ██▄ | + +-----+-----+-----+-----+-----+-----+-----+ Mouse Edition. - Description: Cascade, Mouse Edition, is a Firefox Style based on the Cascade theme by Andreas Grafen - What you get is a really simple one-line layout using the new Proton UI. + Description: Cascade, Mouse Edition, is a Firefox Style based on the Cascade theme by Andreas Grafen + What you get is a really simple one-line layout using the new Proton UI. - The original Cascade Theme by Andreas Grafen was based on SimpleFox : - > SimpleFox: https://github.com/migueravila/SimpleFox + The original Cascade Theme by Andreas Grafen was based on SimpleFox : + > SimpleFox: https://github.com/migueravila/SimpleFox - Authors: Andreas Grafen (original cascade theme) - (https://andreas.grafen.info) + Authors: Andreas Grafen (original cascade theme) + (https://andreas.grafen.info) - Clément Rambaud (minor tweaks on the original file) + Clément Rambaud (minor tweaks on the original file) - Repository: https://github.com/andreasgrafen/cascade - https://github.com/crambaud/cascade + Repository: https://github.com/andreasgrafen/cascade + https://github.com/crambaud/cascade - *========================================================================================================*/ + *========================================================================================================*/ - /*---+---+---+---+---+---+ - | C | O | N | F | I | G | - +---+---+---+---+---+---*/ + /*---+---+---+---+---+---+ + | C | O | N | F | I | G | + +---+---+---+---+---+---*/ - /* Feel free to tweak the following - * config settingsto your own liking. */ + /* Feel free to tweak the following + * config settingsto your own liking. */ - :root { - - /*---+---+---+---+---+---+---+ - | C | O | L | O | U | R | S | - +---+---+---+---+---+---+---*/ + :root { + + /*---+---+---+---+---+---+---+ + | C | O | L | O | U | R | S | + +---+---+---+---+---+---+---*/ - /* Comment the color theme you don't want to use */ + /* Comment the color theme you don't want to use */ - /* Dark Theme Colors */ - --window-colour: #1f2122; - --secondary-colour: #141616; - --inverted-colour: #FAFAFC; + /* Dark Theme Colors */ + --window-colour: #1f2122; + --secondary-colour: #141616; + --inverted-colour: #FAFAFC; - /* Light Theme Colors - --window-colour: #FAFAFC; - --secondary-colour: #EAEAEC; - --inverted-colour: #1E2021; - */ + /* Light Theme Colors + --window-colour: #FAFAFC; + --secondary-colour: #EAEAEC; + --inverted-colour: #1E2021; + */ - - /* Containter Tab Colours */ - --uc-identity-color-blue: #7ED6DF; - --uc-identity-color-turquoise: #55E6C1; - --uc-identity-color-green: #B8E994; - --uc-identity-color-yellow: #F7D794; - --uc-identity-color-orange: #F19066; - --uc-identity-color-red: #FC5C65; - --uc-identity-color-pink: #F78FB3; - --uc-identity-color-purple: #786FA6; - - - /* URL colour in URL bar suggestions */ - --urlbar-popup-url-color: var(--uc-identity-color-purple) !important; - - - - /*---+---+---+---+---+---+---+ - | V | I | S | U | A | L | S | - +---+---+---+---+---+---+---*/ - - /* global border radius */ - --uc-border-radius: 0; - - /* dynamic url bar width settings */ - --uc-urlbar-width: clamp(250px, 50vw, 600px); + + /* Containter Tab Colours */ + --uc-identity-color-blue: #7ED6DF; + --uc-identity-color-turquoise: #55E6C1; + --uc-identity-color-green: #B8E994; + --uc-identity-color-yellow: #F7D794; + --uc-identity-color-orange: #F19066; + --uc-identity-color-red: #FC5C65; + --uc-identity-color-pink: #F78FB3; + --uc-identity-color-purple: #786FA6; + + + /* URL colour in URL bar suggestions */ + --urlbar-popup-url-color: var(--uc-identity-color-purple) !important; + + + + /*---+---+---+---+---+---+---+ + | V | I | S | U | A | L | S | + +---+---+---+---+---+---+---*/ + + /* global border radius */ + --uc-border-radius: 0; + + /* dynamic url bar width settings */ + --uc-urlbar-width: clamp(250px, 50vw, 600px); - /* dynamic tab width settings */ - --uc-active-tab-width: clamp( 50px, 18vw, 220px); - --uc-inactive-tab-width: clamp( 50px, 15vw, 200px); + /* dynamic tab width settings */ + --uc-active-tab-width: clamp( 50px, 18vw, 220px); + --uc-inactive-tab-width: clamp( 50px, 15vw, 200px); - /* if active always shows the tab close button */ - --show-tab-close-button: none; /* DEFAULT: -moz-inline-box; */ + /* if active always shows the tab close button */ + --show-tab-close-button: none; /* DEFAULT: -moz-inline-box; */ - /* if active only shows the tab close button on hover*/ - --show-tab-close-button-hover: -moz-inline-box; /* DEFAULT: -moz-inline-box; */ + /* if active only shows the tab close button on hover*/ + --show-tab-close-button-hover: -moz-inline-box; /* DEFAULT: -moz-inline-box; */ - /* adds left and right margin to the container-tabs indicator */ - --container-tabs-indicator-margin: 0px; + /* adds left and right margin to the container-tabs indicator */ + --container-tabs-indicator-margin: 0px; - } + } - /*---+---+---+---+---+---+---+ - | B | U | T | T | O | N | S | - +---+---+---+---+---+---+---*/ + /*---+---+---+---+---+---+---+ + | B | U | T | T | O | N | S | + +---+---+---+---+---+---+---*/ - /* showing only the back button */ - #back-button{ display: -moz-inline-box !important; } - #forward-button{ display: none !important; } - #stop-button{ display: none !important; } - #reload-button{ display: none !important; } + /* showing only the back button */ + #back-button{ display: -moz-inline-box !important; } + #forward-button{ display: none !important; } + #stop-button{ display: none !important; } + #reload-button{ display: none !important; } - /* bookmark icon */ - #star-button{ display: none !important; } + /* bookmark icon */ + #star-button{ display: none !important; } - /* zoom indicator */ - #urlbar-zoom-button { display: none !important; } + /* zoom indicator */ + #urlbar-zoom-button { display: none !important; } - /* Show Hamburger Menu */ - #PanelUI-button { display: -moz-inline-box !important;} + /* Show Hamburger Menu */ + #PanelUI-button { display: -moz-inline-box !important;} - #reader-mode-button{ display: none !important; } + #reader-mode-button{ display: none !important; } - /* tracking protection shield icon */ - #tracking-protection-icon-container { display: none !important; } + /* tracking protection shield icon */ + #tracking-protection-icon-container { display: none !important; } - /* #identity-box { display: none !important } /* hides encryption AND permission items */ - #identity-permission-box { display: none !important; } /* only hides permission items */ - - /* e.g. playing indicator (secondary - not icon) */ - .tab-secondary-label { display: none !important; } - - #pageActionButton { display: none !important; } - #page-action-buttons { display: none !important; } - - - - - - /*=============================================================================================*/ - - - /*---+---+---+---+---+---+ - | L | A | Y | O | U | T | - +---+---+---+---+---+---*/ - - /* No need to change anything below this comment. - * Just tweak it if you want to tweak the overall layout. c: */ - - :root { - - --uc-theme-colour: var(--window-colour); - --uc-hover-colour: var(--secondary-colour); - --uc-inverted-colour: var(--inverted-colour); - - --button-bgcolor: var(--uc-theme-colour) !important; - --button-hover-bgcolor: var(--uc-hover-colour) !important; - --button-active-bgcolor: var(--uc-hover-colour) !important; - - --toolbar-bgcolor: var(--uc-theme-colour) !important; - --toolbarbutton-hover-background: var(--uc-hover-colour) !important; - --toolbarbutton-active-background: var(--uc-hover-colour) !important; - --toolbarbutton-border-radius: var(--uc-border-radius) !important; - --lwt-toolbar-field-focus: var(--uc-theme-colour) !important; - --toolbarbutton-icon-fill: var(--uc-inverted-colour) !important; - --toolbar-field-focus-background-color: var(--secondary-colour) !important; - --toolbar-field-color: var(--uc-inverted-colour) !important; - --toolbar-field-focus-color: var(--uc-inverted-colour) !important; - - --tabs-border-color: var(--uc-theme-colour) !important; - --tab-border-radius: var(--uc-border-radius) !important; - --lwt-text-color: var(--uc-inverted-colour) !important; - --lwt-tab-text: var(--uc-inverted-colour) !important; + /* #identity-box { display: none !important } /* hides encryption AND permission items */ + #identity-permission-box { display: none !important; } /* only hides permission items */ - --lwt-sidebar-background-color: var(--uc-hover-colour) !important; - --lwt-sidebar-text-color: var(--uc-inverted-colour) !important; - - --arrowpanel-border-color: var(--uc-theme-colour) !important; - --arrowpanel-border-radius: var(--uc-border-radius) !important; - --arrowpanel-background: var(--uc-theme-colour) !important; - --arrowpanel-color: var(--inverted-colour) !important; + /* e.g. playing indicator (secondary - not icon) */ + .tab-secondary-label { display: none !important; } + + #pageActionButton { display: none !important; } + #page-action-buttons { display: none !important; } - --autocomplete-popup-highlight-background: var(--uc-inverted-colour) !important; - --autocomplete-popup-highlight-color: var(--uc-inverted-colour) !important; - --autocomplete-popup-hover-background: var(--uc-inverted-colour) !important; - - --tab-block-margin: 2px !important; - - } + /*=============================================================================================*/ - window, - #main-window, - #toolbar-menubar, - #TabsToolbar, - #PersonalToolbar, - #navigator-toolbox, - #sidebar-box, - #nav-bar { + /*---+---+---+---+---+---+ + | L | A | Y | O | U | T | + +---+---+---+---+---+---*/ - -moz-appearance: none !important; - - border: none !important; - box-shadow: none !important; - background: var(--uc-theme-colour) !important; + /* No need to change anything below this comment. + * Just tweak it if you want to tweak the overall layout. c: */ - } + :root { + + --uc-theme-colour: var(--window-colour); + --uc-hover-colour: var(--secondary-colour); + --uc-inverted-colour: var(--inverted-colour); + + --button-bgcolor: var(--uc-theme-colour) !important; + --button-hover-bgcolor: var(--uc-hover-colour) !important; + --button-active-bgcolor: var(--uc-hover-colour) !important; + + --toolbar-bgcolor: var(--uc-theme-colour) !important; + --toolbarbutton-hover-background: var(--uc-hover-colour) !important; + --toolbarbutton-active-background: var(--uc-hover-colour) !important; + --toolbarbutton-border-radius: var(--uc-border-radius) !important; + --lwt-toolbar-field-focus: var(--uc-theme-colour) !important; + --toolbarbutton-icon-fill: var(--uc-inverted-colour) !important; + --toolbar-field-focus-background-color: var(--secondary-colour) !important; + --toolbar-field-color: var(--uc-inverted-colour) !important; + --toolbar-field-focus-color: var(--uc-inverted-colour) !important; + + --tabs-border-color: var(--uc-theme-colour) !important; + --tab-border-radius: var(--uc-border-radius) !important; + --lwt-text-color: var(--uc-inverted-colour) !important; + --lwt-tab-text: var(--uc-inverted-colour) !important; + --lwt-sidebar-background-color: var(--uc-hover-colour) !important; + --lwt-sidebar-text-color: var(--uc-inverted-colour) !important; + + --arrowpanel-border-color: var(--uc-theme-colour) !important; + --arrowpanel-border-radius: var(--uc-border-radius) !important; + --arrowpanel-background: var(--uc-theme-colour) !important; + --arrowpanel-color: var(--inverted-colour) !important; + --autocomplete-popup-highlight-background: var(--uc-inverted-colour) !important; + --autocomplete-popup-highlight-color: var(--uc-inverted-colour) !important; + --autocomplete-popup-hover-background: var(--uc-inverted-colour) !important; + + --tab-block-margin: 2px !important; + + } - /* grey out ccons inside the toolbar to make it - * more aligned with the Black & White colour look */ - #PersonalToolbar toolbarbutton:not(:hover), - #bookmarks-toolbar-button:not(:hover) { filter: grayscale(1) !important; } - /* Show Window Control Button */ - .titlebar-buttonbox-container { display: -moz-inline-box !important; } + window, + #main-window, + #toolbar-menubar, + #TabsToolbar, + #PersonalToolbar, + #navigator-toolbox, + #sidebar-box, + #nav-bar { - /* remove "padding" left and right from tabs */ - .titlebar-spacer { display: none !important; } + -moz-appearance: none !important; + + border: none !important; + box-shadow: none !important; + background: var(--uc-theme-colour) !important; + } - /* remove gap after pinned tabs */ - #tabbrowser-tabs[haspinnedtabs]:not([positionpinnedtabs]) - > #tabbrowser-arrowscrollbox - > .tabbrowser-tab[first-visible-unpinned-tab] { margin-inline-start: 0 !important; } - /* remove tab shadow */ - .tabbrowser-tab - >.tab-stack - > .tab-background { box-shadow: none !important; } - /* tab background */ - .tabbrowser-tab - > .tab-stack - > .tab-background { background: var(--uc-theme-colour) !important; } + /* grey out ccons inside the toolbar to make it + * more aligned with the Black & White colour look */ + #PersonalToolbar toolbarbutton:not(:hover), + #bookmarks-toolbar-button:not(:hover) { filter: grayscale(1) !important; } - /* active tab background */ - .tabbrowser-tab[selected] - > .tab-stack - > .tab-background { background: var(--uc-hover-colour) !important; } + /* Show Window Control Button */ + .titlebar-buttonbox-container { display: -moz-inline-box !important; } - /* tab close button options */ - .tabbrowser-tab:not([pinned]) .tab-close-button { display: var(--show-tab-close-button) !important; } - .tabbrowser-tab:not([pinned]):hover .tab-close-button { display: var(--show-tab-close-button-hover) !important } + /* remove "padding" left and right from tabs */ + .titlebar-spacer { display: none !important; } - /* adaptive tab width */ - .tabbrowser-tab[selected][fadein]:not([pinned]) { max-width: var(--uc-active-tab-width) !important; } - .tabbrowser-tab[fadein]:not([selected]):not([pinned]) { max-width: var(--uc-inactive-tab-width) !important; } + /* remove gap after pinned tabs */ + #tabbrowser-tabs[haspinnedtabs]:not([positionpinnedtabs]) + > #tabbrowser-arrowscrollbox + > .tabbrowser-tab[first-visible-unpinned-tab] { margin-inline-start: 0 !important; } - /* container tabs indicator */ - .tabbrowser-tab[usercontextid] - > .tab-stack - > .tab-background - > .tab-context-line { - - margin: -1px var(--container-tabs-indicator-margin) 0 var(--container-tabs-indicator-margin) !important; + /* remove tab shadow */ + .tabbrowser-tab + >.tab-stack + > .tab-background { box-shadow: none !important; } - border-radius: var(--tab-border-radius) !important; - } + /* tab background */ + .tabbrowser-tab + > .tab-stack + > .tab-background { background: var(--uc-theme-colour) !important; } - /* show favicon when media is playing but tab is hovered */ - .tab-icon-image:not([pinned]) { opacity: 1 !important; } + /* active tab background */ + .tabbrowser-tab[selected] + > .tab-stack + > .tab-background { background: var(--uc-hover-colour) !important; } - /* Makes the speaker icon to always appear if the tab is playing (not only on hover) */ - .tab-icon-overlay:not([crashed]), - .tab-icon-overlay[pinned][crashed][selected] { + /* tab close button options */ + .tabbrowser-tab:not([pinned]) .tab-close-button { display: var(--show-tab-close-button) !important; } + .tabbrowser-tab:not([pinned]):hover .tab-close-button { display: var(--show-tab-close-button-hover) !important } - top: 5px !important; - z-index: 1 !important; - padding: 1.5px !important; - inset-inline-end: -8px !important; - width: 16px !important; height: 16px !important; + /* adaptive tab width */ + .tabbrowser-tab[selected][fadein]:not([pinned]) { max-width: var(--uc-active-tab-width) !important; } + .tabbrowser-tab[fadein]:not([selected]):not([pinned]) { max-width: var(--uc-inactive-tab-width) !important; } - border-radius: 10px !important; - } + /* container tabs indicator */ + .tabbrowser-tab[usercontextid] + > .tab-stack + > .tab-background + > .tab-context-line { + + margin: -1px var(--container-tabs-indicator-margin) 0 var(--container-tabs-indicator-margin) !important; + border-radius: var(--tab-border-radius) !important; - /* style and position speaker icon */ - .tab-icon-overlay:not([sharing], [crashed]):is([soundplaying], [muted], [activemedia-blocked]) { + } - stroke: transparent !important; - background: transparent !important; - opacity: 1 !important; fill-opacity: 0.8 !important; - color: currentColor !important; - - stroke: var(--uc-theme-colour) !important; - background-color: var(--uc-theme-colour) !important; + /* show favicon when media is playing but tab is hovered */ + .tab-icon-image:not([pinned]) { opacity: 1 !important; } - } + /* Makes the speaker icon to always appear if the tab is playing (not only on hover) */ + .tab-icon-overlay:not([crashed]), + .tab-icon-overlay[pinned][crashed][selected] { - /* change the colours of the speaker icon on active tab to match tab colours */ - .tabbrowser-tab[selected] .tab-icon-overlay:not([sharing], [crashed]):is([soundplaying], [muted], [activemedia-blocked]) { - - stroke: var(--uc-hover-colour) !important; - background-color: var(--uc-hover-colour) !important; + top: 5px !important; + z-index: 1 !important; + + padding: 1.5px !important; + inset-inline-end: -8px !important; + width: 16px !important; height: 16px !important; + + border-radius: 10px !important; + + } + + + /* style and position speaker icon */ + .tab-icon-overlay:not([sharing], [crashed]):is([soundplaying], [muted], [activemedia-blocked]) { + + stroke: transparent !important; + background: transparent !important; + opacity: 1 !important; fill-opacity: 0.8 !important; + + color: currentColor !important; + + stroke: var(--uc-theme-colour) !important; + background-color: var(--uc-theme-colour) !important; + + } + + + /* change the colours of the speaker icon on active tab to match tab colours */ + .tabbrowser-tab[selected] .tab-icon-overlay:not([sharing], [crashed]):is([soundplaying], [muted], [activemedia-blocked]) { + + stroke: var(--uc-hover-colour) !important; + background-color: var(--uc-hover-colour) !important; - } + } - .tab-icon-overlay:not([pinned], [sharing], [crashed]):is([soundplaying], [muted], [activemedia-blocked]) { margin-inline-end: 9.5px !important; } + .tab-icon-overlay:not([pinned], [sharing], [crashed]):is([soundplaying], [muted], [activemedia-blocked]) { margin-inline-end: 9.5px !important; } - .tabbrowser-tab:not([image]) .tab-icon-overlay:not([pinned], [sharing], [crashed]) { + .tabbrowser-tab:not([image]) .tab-icon-overlay:not([pinned], [sharing], [crashed]) { - top: 0 !important; + top: 0 !important; - padding: 0 !important; - margin-inline-end: 5.5px !important; - inset-inline-end: 0 !important; + padding: 0 !important; + margin-inline-end: 5.5px !important; + inset-inline-end: 0 !important; - } + } - .tab-icon-overlay:not([crashed])[soundplaying]:hover, - .tab-icon-overlay:not([crashed])[muted]:hover, - .tab-icon-overlay:not([crashed])[activemedia-blocked]:hover { - - color: currentColor !important; - stroke: var(--uc-inverted-colour) !important; - background-color: var(--uc-inverted-colour) !important; - fill-opacity: 0.95 !important; - - } + .tab-icon-overlay:not([crashed])[soundplaying]:hover, + .tab-icon-overlay:not([crashed])[muted]:hover, + .tab-icon-overlay:not([crashed])[activemedia-blocked]:hover { + + color: currentColor !important; + stroke: var(--uc-inverted-colour) !important; + background-color: var(--uc-inverted-colour) !important; + fill-opacity: 0.95 !important; + + } - .tabbrowser-tab[selected] .tab-icon-overlay:not([crashed])[soundplaying]:hover, - .tabbrowser-tab[selected] .tab-icon-overlay:not([crashed])[muted]:hover, - .tabbrowser-tab[selected] .tab-icon-overlay:not([crashed])[activemedia-blocked]:hover { - - color: currentColor !important; - stroke: var(--uc-inverted-colour) !important; - background-color: var(--uc-inverted-colour) !important; - fill-opacity: 0.95 !important; - - } + .tabbrowser-tab[selected] .tab-icon-overlay:not([crashed])[soundplaying]:hover, + .tabbrowser-tab[selected] .tab-icon-overlay:not([crashed])[muted]:hover, + .tabbrowser-tab[selected] .tab-icon-overlay:not([crashed])[activemedia-blocked]:hover { + + color: currentColor !important; + stroke: var(--uc-inverted-colour) !important; + background-color: var(--uc-inverted-colour) !important; + fill-opacity: 0.95 !important; + + } - /* speaker icon colour fix */ - #TabsToolbar .tab-icon-overlay:not([crashed])[soundplaying], - #TabsToolbar .tab-icon-overlay:not([crashed])[muted], - #TabsToolbar .tab-icon-overlay:not([crashed])[activemedia-blocked] { color: var(--uc-inverted-colour) !important; } + /* speaker icon colour fix */ + #TabsToolbar .tab-icon-overlay:not([crashed])[soundplaying], + #TabsToolbar .tab-icon-overlay:not([crashed])[muted], + #TabsToolbar .tab-icon-overlay:not([crashed])[activemedia-blocked] { color: var(--uc-inverted-colour) !important; } - /* speaker icon colour fix on hover */ - #TabsToolbar .tab-icon-overlay:not([crashed])[soundplaying]:hover, - #TabsToolbar .tab-icon-overlay:not([crashed])[muted]:hover, - #TabsToolbar .tab-icon-overlay:not([crashed])[activemedia-blocked]:hover { color: var(--uc-theme-colour) !important; } + /* speaker icon colour fix on hover */ + #TabsToolbar .tab-icon-overlay:not([crashed])[soundplaying]:hover, + #TabsToolbar .tab-icon-overlay:not([crashed])[muted]:hover, + #TabsToolbar .tab-icon-overlay:not([crashed])[activemedia-blocked]:hover { color: var(--uc-theme-colour) !important; } - #nav-bar { + #nav-bar { - border: none !important; - box-shadow: none !important; - background: transparent !important; + border: none !important; + box-shadow: none !important; + background: transparent !important; - } + } - /* remove border below whole nav */ - #navigator-toolbox { border-bottom: none !important; } + /* remove border below whole nav */ + #navigator-toolbox { border-bottom: none !important; } - #urlbar, - #urlbar * { box-shadow: none !important; } + #urlbar, + #urlbar * { box-shadow: none !important; } - #urlbar-background { border: var(--uc-hover-colour) !important; } + #urlbar-background { border: var(--uc-hover-colour) !important; } - #urlbar[focused="true"] - > #urlbar-background, - #urlbar:not([open]) - > #urlbar-background { background: transparent !important; } + #urlbar[focused="true"] + > #urlbar-background, + #urlbar:not([open]) + > #urlbar-background { background: transparent !important; } - #urlbar[open] - > #urlbar-background { background: var(--uc-theme-colour) !important; } + #urlbar[open] + > #urlbar-background { background: var(--uc-theme-colour) !important; } - .urlbarView-row:hover - > .urlbarView-row-inner, - .urlbarView-row[selected] - > .urlbarView-row-inner { background: var(--uc-hover-colour) !important; } - + .urlbarView-row:hover + > .urlbarView-row-inner, + .urlbarView-row[selected] + > .urlbarView-row-inner { background: var(--uc-hover-colour) !important; } + - /* transition to oneline */ - @media (min-width: 1000px) { - + /* transition to oneline */ + @media (min-width: 1000px) { + - /* move tabs bar over */ - #TabsToolbar { margin-left: var(--uc-urlbar-width) !important; } + /* move tabs bar over */ + #TabsToolbar { margin-left: var(--uc-urlbar-width) !important; } - /* move entire nav bar */ - #nav-bar { margin: calc((var(--urlbar-min-height) * -1) - 8px) calc(100vw - var(--uc-urlbar-width)) 0 0 !important; } + /* move entire nav bar */ + #nav-bar { margin: calc((var(--urlbar-min-height) * -1) - 8px) calc(100vw - var(--uc-urlbar-width)) 0 0 !important; } - } /* end media query */ + } /* end media query */ - /* Container Tabs */ - .identity-color-blue { --identity-tab-color: var(--uc-identity-color-blue) !important; --identity-icon-color: var(--uc-identity-color-blue) !important; } - .identity-color-turquoise { --identity-tab-color: var(--uc-identity-color-turquoise) !important; --identity-icon-color: var(--uc-identity-color-turquoise) !important; } - .identity-color-green { --identity-tab-color: var(--uc-identity-color-green) !important; --identity-icon-color: var(--uc-identity-color-green) !important; } - .identity-color-yellow { --identity-tab-color: var(--uc-identity-color-yellow) !important; --identity-icon-color: var(--uc-identity-color-yellow) !important; } - .identity-color-orange { --identity-tab-color: var(--uc-identity-color-orange) !important; --identity-icon-color: var(--uc-identity-color-orange) !important; } - .identity-color-red { --identity-tab-color: var(--uc-identity-color-red) !important; --identity-icon-color: var(--uc-identity-color-red) !important; } - .identity-color-pink { --identity-tab-color: var(--uc-identity-color-pink) !important; --identity-icon-color: var(--uc-identity-color-pink) !important; } - .identity-color-purple { --identity-tab-color: var(--uc-identity-color-purple) !important; --identity-icon-color: var(--uc-identity-color-purple) !important; } - ''; + /* Container Tabs */ + .identity-color-blue { --identity-tab-color: var(--uc-identity-color-blue) !important; --identity-icon-color: var(--uc-identity-color-blue) !important; } + .identity-color-turquoise { --identity-tab-color: var(--uc-identity-color-turquoise) !important; --identity-icon-color: var(--uc-identity-color-turquoise) !important; } + .identity-color-green { --identity-tab-color: var(--uc-identity-color-green) !important; --identity-icon-color: var(--uc-identity-color-green) !important; } + .identity-color-yellow { --identity-tab-color: var(--uc-identity-color-yellow) !important; --identity-icon-color: var(--uc-identity-color-yellow) !important; } + .identity-color-orange { --identity-tab-color: var(--uc-identity-color-orange) !important; --identity-icon-color: var(--uc-identity-color-orange) !important; } + .identity-color-red { --identity-tab-color: var(--uc-identity-color-red) !important; --identity-icon-color: var(--uc-identity-color-red) !important; } + .identity-color-pink { --identity-tab-color: var(--uc-identity-color-pink) !important; --identity-icon-color: var(--uc-identity-color-pink) !important; } + .identity-color-purple { --identity-tab-color: var(--uc-identity-color-purple) !important; --identity-icon-color: var(--uc-identity-color-purple) !important; } + ''; }; }; }; -} \ No newline at end of file +} diff --git a/modules/home-manager/gnomeOptions/default.nix b/modules/home-manager/gnomeOptions/default.nix index fb03c29b..190ac15b 100644 --- a/modules/home-manager/gnomeOptions/default.nix +++ b/modules/home-manager/gnomeOptions/default.nix @@ -16,20 +16,22 @@ ### I found this page useful in learning how to set configurations: ### https://hoverbear.org/blog/declarative-gnome-configuration-in-nixos/ - - ### Will expact to have more options to customize different themes etc as I use them. -{ options, config, lib, pkgs, ... }: - -with lib; +{ + options, + config, + lib, + pkgs, + ... +}: let cfg = config.yomaq.gnomeOptions; in { options.yomaq.gnomeOptions = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' enable custom gnome module @@ -37,16 +39,13 @@ in }; }; - - - - config = mkIf (cfg.enable && pkgs.system != "aarch64-darwin") { + config = lib.mkIf (cfg.enable && pkgs.system != "aarch64-darwin") { dconf.settings = { "org/gnome/desktop/wm/keybindings" = { close = [ "q" ]; - screensaver = ["l"]; + screensaver = [ "l" ]; }; - # Custom keyboard shorcuts. Needs both to be told that the custom exists, and then below to be told what the custom is. + # Custom keyboard shorcuts. Needs both to be told that the custom exists, and then below to be told what the custom is. # Tell it that the custom exists here, follow its example of "custom0", "custom1" etc. "org/gnome/settings-daemon/plugins/media-keys" = { custom-keybindings = [ @@ -55,24 +54,20 @@ in }; # Define the custom options here "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { - binding = "Return"; - command = "alacritty"; - name = "alacritty"; + binding = "Return"; + command = "alacritty"; + name = "alacritty"; }; # lock computer "org/gnome/settings-daemon/plugins/media-keys/screensaver" = { - binding = "l"; + binding = "l"; }; }; - -### Configure general Gnome settings here + ### Configure general Gnome settings here dconf.settings."org/gnome/desktop/interface".enable-hot-corners = false; - - - -### I have not learned how to install packages from multiple locations within the same file, so everything gets install here, and then configured down below. + ### I have not learned how to install packages from multiple locations within the same file, so everything gets install here, and then configured down below. home.packages = with pkgs; [ # gnome extensions gnome.gnome-tweaks @@ -80,7 +75,7 @@ in gnomeExtensions.caffeine gnomeExtensions.blur-my-shell gnomeExtensions.burn-my-windows - gnomeExtensions.space-bar + gnomeExtensions.space-bar gnomeExtensions.forge gnomeExtensions.appindicator gnomeExtensions.rounded-window-corners @@ -89,79 +84,80 @@ in fluent-icon-theme volantes-cursors moka-icon-theme - ]; + ]; - -### Configure Gnome Extensions + ### Configure Gnome Extensions # Enable specific Gnome extensions dconf.settings = { - "org/gnome/shell" = { - disable-user-extensions = false; - # `gnome-extensions list` for a list - enabled-extensions = [ - "burn-my-windows@schneegans.github.com" - "caffeine@patapon.info" - "unite@hardpixel.eu" - "forge@jmmaranan.com" - "space-bar@luchrioh" - "user-theme@gnome-shell-extensions.gcampax.github.com" - "blur-my-shell@aunetx" - "rounded-window-corners@yilozt" - ]; - }; - # Configure the extensions settings - "org/gnome/shell/extensions/unite" = { - hide-window-titlebars = "always"; - }; - "org/gnome/shell/extensions/caffeine" = { - enable-fullscreen = false; - }; - "org/gnome/shell/extensions/rounded-window-corners" = { - skip-libadwaita-app = false; - }; - "org/gnome/shell/extensions/forge" = { - window-gap-hidden-on-single = true; - focus-border-toggle = false; - }; - "org/gnome/shell/extensions/blur-my-shell" = { - "panel/sigma" = 0; - }; + "org/gnome/shell" = { + disable-user-extensions = false; + # `gnome-extensions list` for a list + enabled-extensions = [ + "burn-my-windows@schneegans.github.com" + "caffeine@patapon.info" + "unite@hardpixel.eu" + "forge@jmmaranan.com" + "space-bar@luchrioh" + "user-theme@gnome-shell-extensions.gcampax.github.com" + "blur-my-shell@aunetx" + "rounded-window-corners@yilozt" + ]; }; - - - + # Configure the extensions settings + "org/gnome/shell/extensions/unite" = { + hide-window-titlebars = "always"; + }; + "org/gnome/shell/extensions/caffeine" = { + enable-fullscreen = false; + }; + "org/gnome/shell/extensions/rounded-window-corners" = { + skip-libadwaita-app = false; + }; + "org/gnome/shell/extensions/forge" = { + window-gap-hidden-on-single = true; + focus-border-toggle = false; + }; + "org/gnome/shell/extensions/blur-my-shell" = { + "panel/sigma" = 0; + }; + }; -### Set gnome themes after installing them above + ### Set gnome themes after installing them above dconf.settings."org/gnome/shell/extensions/user-theme".name = "Graphite-Dark"; home.sessionVariables.GTK_THEME = "Graphite-Dark"; gtk = { - enable = true; + enable = true; - iconTheme = { + iconTheme = { name = "Moka"; package = pkgs.fluent-icon-theme; - }; - cursorTheme = { - name = "volantes_light_cursors"; - package = pkgs.volantes-cursors; - }; - theme = { - name = "Graphite-Dark"; - package = (pkgs.graphite-gtk-theme.override { - themeVariants = ["default"]; - tweaks = ["rimless" "darker"]; - }); - }; - gtk3.extraConfig = { - Settings = '' - gtk-application-prefer-dark-theme=1 - ''; - }; - gtk4.extraConfig = { - Settings = '' - gtk-application-prefer-dark-theme=1 - ''; - }; + }; + cursorTheme = { + name = "volantes_light_cursors"; + package = pkgs.volantes-cursors; + }; + theme = { + name = "Graphite-Dark"; + package = ( + pkgs.graphite-gtk-theme.override { + themeVariants = [ "default" ]; + tweaks = [ + "rimless" + "darker" + ]; + } + ); + }; + gtk3.extraConfig = { + Settings = '' + gtk-application-prefer-dark-theme=1 + ''; + }; + gtk4.extraConfig = { + Settings = '' + gtk-application-prefer-dark-theme=1 + ''; + }; }; }; -} \ No newline at end of file +} diff --git a/modules/home-manager/nix/default.nix b/modules/home-manager/nix/default.nix index ad6feac9..c36b7f7a 100644 --- a/modules/home-manager/nix/default.nix +++ b/modules/home-manager/nix/default.nix @@ -1,15 +1,22 @@ -{ inputs, lib, config, pkgs, ... }: { +{ + inputs, + lib, + config, + pkgs, + ... +}: +{ # Nicely reload system units when changing configs systemd.user.startServices = "sd-switch"; - # fix for home manager bug + # fix for home manager bug manual.manpages.enable = false; # home manager overlays nixpkgs = { - overlays = [ + overlays = [ inputs.self.overlays.pkgs-unstable inputs.agenix.overlays.default - ]; - # Configure your nixpkgs instance + ]; + # Configure your nixpkgs instance config = { # Disable if you don't want unfree packages allowUnfree = true; @@ -18,4 +25,4 @@ }; }; xdg.configFile."nixpkgs/config.nix".text = ''{ allowUnfree = true; }''; -} \ No newline at end of file +} diff --git a/modules/home-manager/nixvim/default.nix b/modules/home-manager/nixvim/default.nix index c3ba770d..4fa26685 100644 --- a/modules/home-manager/nixvim/default.nix +++ b/modules/home-manager/nixvim/default.nix @@ -1,19 +1,25 @@ -{ options, config, lib, pkgs, inputs, ... }: +{ + options, + config, + lib, + pkgs, + inputs, + ... +}: let cfg = config.yomaq.nixvim; in { - imports = [ - inputs.nixvim.homeManagerModules.nixvim - ]; + imports = [ inputs.nixvim.homeManagerModules.nixvim ]; options.yomaq.nixvim = { - enable = with lib; mkOption { - type = types.bool; - default = false; - description = '' - enable custom nixvim module - ''; - }; + enable = + lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + enable custom nixvim module + ''; + }; }; config = lib.mkIf cfg.enable { programs.nixvim = { diff --git a/modules/home-manager/suites/default.nix b/modules/home-manager/suites/default.nix index a2641326..b8b211ea 100644 --- a/modules/home-manager/suites/default.nix +++ b/modules/home-manager/suites/default.nix @@ -1,19 +1,27 @@ -{ options, config, lib, pkgs, inputs, ... }: +{ + options, + config, + lib, + pkgs, + inputs, + ... +}: let cfg = config.yomaq.suites.basic; in { - imports = []; + imports = [ ]; options.yomaq.suites.basic = { - enable = with lib; mkOption { - type = types.bool; - default = false; - description = '' - enable custom suite - ''; - }; + enable = + lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + enable custom suite + ''; + }; }; - config = lib.mkIf cfg.enable { + config = lib.mkIf cfg.enable { yomaq = { comma.enable = true; bash.enable = true; @@ -21,8 +29,6 @@ in zsh.enable = true; direnv.enable = true; }; - home.packages = with pkgs; [ - devenv - ]; - }; + home.packages = with pkgs; [ devenv ]; + }; } diff --git a/modules/home-manager/tmux/default.nix b/modules/home-manager/tmux/default.nix index 8d2f7a4b..fb5276f6 100644 --- a/modules/home-manager/tmux/default.nix +++ b/modules/home-manager/tmux/default.nix @@ -1,24 +1,32 @@ -{ options, config, lib, pkgs, inputs, ... }: +{ + options, + config, + lib, + pkgs, + inputs, + ... +}: let cfg = config.yomaq.tmux; in { - imports = []; + imports = [ ]; options.yomaq.tmux = { - enable = with lib; mkOption { - type = types.bool; - default = false; - description = '' - enable custom tmux module - ''; + enable = + lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + enable custom tmux module + ''; + }; + }; + config = lib.mkIf cfg.enable { + programs = { + tmux = { + enable = true; + shell = if pkgs ? zsh then "${pkgs.zsh}/bin/zsh" else "${pkgs.bash}/bin/bash"; + }; }; }; - config = lib.mkIf cfg.enable { - programs = { - tmux = { - enable = true; - shell = if pkgs ? zsh then "${pkgs.zsh}/bin/zsh" else "${pkgs.bash}/bin/bash"; - }; - }; - }; } diff --git a/modules/home-manager/vscode/default.nix b/modules/home-manager/vscode/default.nix index 54f6bc1c..3ded3f3c 100644 --- a/modules/home-manager/vscode/default.nix +++ b/modules/home-manager/vscode/default.nix @@ -1,13 +1,17 @@ -{ options, config, lib, pkgs, ... }: - -with lib; +{ + options, + config, + lib, + pkgs, + ... +}: let cfg = config.yomaq.vscode; in { options.yomaq.vscode = { - enable = mkOption { - type = types.bool; + enable =lib. mkOption { + type = lib.types.bool; default = false; description = '' enable custom vscode module @@ -15,7 +19,7 @@ in }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { programs.vscode = { package = pkgs.vscode; enable = true; @@ -39,4 +43,4 @@ in }; }; }; -} \ No newline at end of file +} diff --git a/modules/home-manager/zsh/default.nix b/modules/home-manager/zsh/default.nix index a1ab3213..971ae127 100644 --- a/modules/home-manager/zsh/default.nix +++ b/modules/home-manager/zsh/default.nix @@ -1,13 +1,17 @@ -{ options, config, lib, pkgs, ... }: - -with lib; +{ + options, + config, + lib, + pkgs, + ... +}: let cfg = config.yomaq.zsh; in { options.yomaq.zsh = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' enable custom zsh module @@ -15,7 +19,7 @@ in }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { programs.zsh = { enable = true; autosuggestion.enable = true; @@ -24,14 +28,12 @@ in oh-my-zsh = { enable = true; theme = "darkblood"; - plugins = [ - "kubectl" - ]; + plugins = [ "kubectl" ]; }; envExtra = '' - EDITOR=vim - ${lib.optionalString (pkgs.system == "aarch64-darwin") "export PATH=/opt/homebrew/bin:$PATH"} + EDITOR=vim + ${lib.optionalString (pkgs.system == "aarch64-darwin") "export PATH=/opt/homebrew/bin:$PATH"} ''; }; }; -} \ No newline at end of file +} diff --git a/modules/hosts/1password/darwin.nix b/modules/hosts/1password/darwin.nix index 10806007..d348bb23 100644 --- a/modules/hosts/1password/darwin.nix +++ b/modules/hosts/1password/darwin.nix @@ -1,12 +1,18 @@ -{ options, config, lib, pkgs, ... }: +{ + options, + config, + lib, + pkgs, + ... +}: let cfg = config.yomaq._1password; in { - config = lib.mkIf cfg.enable { - homebrew.casks = [ - "1password" - "1password-cli" - ]; - }; -} \ No newline at end of file + config = lib.mkIf cfg.enable { + homebrew.casks = [ + "1password" + "1password-cli" + ]; + }; +} diff --git a/modules/hosts/1password/default.nix b/modules/hosts/1password/default.nix index 9b235030..30b5e81f 100644 --- a/modules/hosts/1password/default.nix +++ b/modules/hosts/1password/default.nix @@ -1,15 +1,21 @@ -{ options, config, lib, pkgs, ... }: +{ + options, + config, + lib, + pkgs, + ... +}: let cfg = config.yomaq._1password; in { options.yomaq._1password = { - enable = with lib; mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' enable custom 1password module ''; }; }; -} \ No newline at end of file +} diff --git a/modules/hosts/1password/nixos.nix b/modules/hosts/1password/nixos.nix index 05159ebe..30f72066 100644 --- a/modules/hosts/1password/nixos.nix +++ b/modules/hosts/1password/nixos.nix @@ -1,4 +1,10 @@ -{ options, config, lib, pkgs, ... }: +{ + options, + config, + lib, + pkgs, + ... +}: let cfg = config.yomaq._1password; in @@ -10,4 +16,4 @@ in polkitPolicyOwners = config.yomaq.primaryUser.users; }; }; -} \ No newline at end of file +} diff --git a/modules/hosts/adGuardHome/nixos.nix b/modules/hosts/adGuardHome/nixos.nix index 9812ce73..e80c0253 100644 --- a/modules/hosts/adGuardHome/nixos.nix +++ b/modules/hosts/adGuardHome/nixos.nix @@ -1,5 +1,10 @@ -{ options, config, lib, pkgs, ... }: -with lib; +{ + options, + config, + lib, + pkgs, + ... +}: let cfg = config.yomaq.adguardhome; inherit (config.networking) hostName; @@ -8,8 +13,8 @@ let in { options.yomaq.adguardhome = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' enable custom adGuard Home module @@ -17,27 +22,27 @@ in }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { environment.persistence."${backup}" = { - directories = [ - "/var/lib" - ]; + directories = [ "/var/lib" ]; }; services.adguardhome = { enable = true; allowDHCP = true; }; - yomaq.homepage.groups.services.services = [{ - DNS = { - icon = "si-adguard"; - href = "{{HOMEPAGE_VAR_ADGUARD_IP}}"; - widget = { - type = "adguard"; - url = "http://${hostName}.${tailnetName}.ts.net"; - username = "{{HOMEPAGE_VAR_ADGUARD_USERNAME}}"; - password = "{{HOMEPAGE_VAR_ADGUARD_PASSWORD}}"; + yomaq.homepage.groups.services.services = [ + { + DNS = { + icon = "si-adguard"; + href = "{{HOMEPAGE_VAR_ADGUARD_IP}}"; + widget = { + type = "adguard"; + url = "http://${hostName}.${tailnetName}.ts.net"; + username = "{{HOMEPAGE_VAR_ADGUARD_USERNAME}}"; + password = "{{HOMEPAGE_VAR_ADGUARD_PASSWORD}}"; + }; }; - }; - }]; + } + ]; }; -} \ No newline at end of file +} diff --git a/modules/hosts/agenix/darwin.nix b/modules/hosts/agenix/darwin.nix index 68156f0a..cc5e5dd9 100644 --- a/modules/hosts/agenix/darwin.nix +++ b/modules/hosts/agenix/darwin.nix @@ -1,11 +1,15 @@ -{ config, lib, pkgs, inputs, ... }: +{ + config, + lib, + pkgs, + inputs, + ... +}: let inherit (config.networking) localHostName; cfg = config.yomaq.agenix; in { imports = [ inputs.agenix.darwinModules.default ]; - config = lib.mkIf cfg.enable { - age.identityPaths = [ "/etc/ssh/${localHostName}" ]; - }; -} \ No newline at end of file + config = lib.mkIf cfg.enable { age.identityPaths = [ "/etc/ssh/${localHostName}" ]; }; +} diff --git a/modules/hosts/agenix/default.nix b/modules/hosts/agenix/default.nix index 8ca3bd53..cac76f99 100644 --- a/modules/hosts/agenix/default.nix +++ b/modules/hosts/agenix/default.nix @@ -1,16 +1,22 @@ -{ options, config, lib, pkgs, inputs, ... }: -with lib; +{ + options, + config, + lib, + pkgs, + inputs, + ... +}: let cfg = config.yomaq.agenix; in { options.yomaq.agenix = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' enable custom agenix module ''; }; }; -} \ No newline at end of file +} diff --git a/modules/hosts/agenix/nixos.nix b/modules/hosts/agenix/nixos.nix index 7a77bc31..277ece08 100644 --- a/modules/hosts/agenix/nixos.nix +++ b/modules/hosts/agenix/nixos.nix @@ -1,11 +1,15 @@ -{ config, lib, pkgs, inputs, ... }: +{ + config, + lib, + pkgs, + inputs, + ... +}: let inherit (config.networking) hostName; cfg = config.yomaq.agenix; in { imports = [ inputs.agenix.nixosModules.default ]; - config = lib.mkIf cfg.enable { - age.identityPaths = [ "/etc/ssh/${hostName}" ]; - }; -} \ No newline at end of file + config = lib.mkIf cfg.enable { age.identityPaths = [ "/etc/ssh/${hostName}" ]; }; +} diff --git a/modules/hosts/autoUpgradeNix/nixos.nix b/modules/hosts/autoUpgradeNix/nixos.nix index 393e7a74..5b92d33f 100644 --- a/modules/hosts/autoUpgradeNix/nixos.nix +++ b/modules/hosts/autoUpgradeNix/nixos.nix @@ -1,7 +1,13 @@ -{ options, config, lib, pkgs, inputs, ... }: +{ + options, + config, + lib, + pkgs, + inputs, + ... +}: # base around https://github.com/Misterio77/nix-config/blob/main/hosts/common/global/auto-upgrade.nix -with lib; let cfg = config.yomaq.autoUpgrade; # Only enable auto upgrade if current config came from a clean tree @@ -11,8 +17,8 @@ let in { options.yomaq.autoUpgrade = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' enable custom autoUpgrade module @@ -20,14 +26,12 @@ in }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { system.autoUpgrade = { enable = isClean; dates = "hourly"; - flags = [ - "--refresh" - ]; - flake = github:yomaq/nix-config; + flags = [ "--refresh" ]; + flake = "github:yomaq/nix-config"; }; # Only run if current config (self) is older than the new one. @@ -40,8 +44,8 @@ in test "$(lastModified "${config.system.autoUpgrade.flake}")" -gt "$(lastModified "self")" '' ); - onFailure = ["nixos-upgrade-fail.service"]; - onSuccess = ["nixos-upgrade-success.service"]; + onFailure = [ "nixos-upgrade-fail.service" ]; + onSuccess = [ "nixos-upgrade-success.service" ]; }; systemd.services.nixos-upgrade-fail = lib.mkIf config.system.autoUpgrade.enable { script = ''${lib.getExe pkgs.curl} -H "t: NixOS Flake host rebuild failure" ${config.yomaq.ntfy.defaultPriority} -d "${hostName} failed to rebuild" ${config.yomaq.ntfy.ntfyUrl}${config.yomaq.ntfy.defaultTopic}''; @@ -49,7 +53,9 @@ in }; systemd.services.nixos-upgrade-success = lib.mkIf config.system.autoUpgrade.enable { - script = ''${lib.getExe pkgs.curl} -fsS -m 10 --retry 5 ${config.yomaq.healthcheckUrl.nixos-upgrade."${hostName}"}''; + script = ''${lib.getExe pkgs.curl} -fsS -m 10 --retry 5 ${ + config.yomaq.healthcheckUrl.nixos-upgrade."${hostName}" + }''; # ${lib.getExe pkgs.curl} -X POST ${config.yomaq.gatus.url}/api/v1/endpoints/Nixos-Host-Auto-Rebuilds_${hostName}/external?success=false -H "Authorization: Bearer nixos" }; @@ -71,4 +77,4 @@ in # ]; # }]; }; -} \ No newline at end of file +} diff --git a/modules/hosts/darwin.nix b/modules/hosts/darwin.nix index eb13252b..980149c2 100644 --- a/modules/hosts/darwin.nix +++ b/modules/hosts/darwin.nix @@ -3,38 +3,40 @@ ## Import all modules inside this folder recursively. ## from: https://github.com/evanjs/nixos_cfg/blob/4bb5b0b84a221b25cf50853c12b9f66f0cad3ea4/config/new-modules/default.nix -with lib; let # Recursively constructs an attrset of a given folder, recursing on directories, value of attrs is the filetype - getDir = dir: mapAttrs - (file: type: - if type == "directory" then getDir "${dir}/${file}" else type + getDir = + dir: + lib.mapAttrs ( + file: type: if type == "directory" then getDir "${dir}/${file}" else type # If you want to exclude recusing on directories (untested) # if type == "directory" then null else type - ) - (builtins.readDir dir); + ) (builtins.readDir dir); # Collects all files of a directory as a list of strings of paths - files = dir: collect isString (mapAttrsRecursive (path: type: concatStringsSep "/" path) (getDir dir)); + files = + dir: lib.collect lib.isString (lib.mapAttrsRecursive (path: type: lib.concatStringsSep "/" path) (getDir dir)); # Filters out directories that don't end with .nix or are this file, also makes the strings absolute - validFiles = dir: map - (file: ./. + "/${file}") - (filter - (file: hasSuffix ".nix" file + validFiles = + dir: + map (file: ./. + "/${file}") ( + lib.filter ( + file: + lib.hasSuffix ".nix" file # Exclude this file && file != "default.nix" && file != "darwin.nix" # how to exclude a path # && ! lib.hasPrefix "exclude/path/" file # how to exclude a group of files - && ! lib.hasSuffix "nixos.nix" file - ) - (files dir)); + && !lib.hasSuffix "nixos.nix" file + ) (files dir) + ); in { imports = validFiles ./.; -} \ No newline at end of file +} diff --git a/modules/hosts/darwin/homebrew/darwin.nix b/modules/hosts/darwin/homebrew/darwin.nix index e5b3a1c8..c157de54 100644 --- a/modules/hosts/darwin/homebrew/darwin.nix +++ b/modules/hosts/darwin/homebrew/darwin.nix @@ -1,25 +1,27 @@ -{ options, config, lib, pkgs, inputs, ... }: - -with lib; +{ + options, + config, + lib, + pkgs, + inputs, + ... +}: let cfg = config.yomaq.homebrew; in { options.yomaq.homebrew = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; - description = '' - ''; + description = ''''; }; }; - config = mkIf cfg.enable { - #Some programs don't have nix packages available, so making use of Homebrew is needed, sadly there is also no way of installing home brew through nix + config = lib.mkIf cfg.enable { + #Some programs don't have nix packages available, so making use of Homebrew is needed, sadly there is also no way of installing home brew through nix homebrew = { brewPrefix = "/opt/homebrew/bin"; - brews = [ - "mas" - ]; + brews = [ "mas" ]; enable = true; onActivation = { autoUpdate = true; @@ -28,4 +30,4 @@ in }; }; }; -} \ No newline at end of file +} diff --git a/modules/hosts/darwin/macOS-Settings/darwin.nix b/modules/hosts/darwin/macOS-Settings/darwin.nix index c33101f2..c731848a 100644 --- a/modules/hosts/darwin/macOS-Settings/darwin.nix +++ b/modules/hosts/darwin/macOS-Settings/darwin.nix @@ -1,21 +1,26 @@ -{ options, config, lib, pkgs, inputs, ... }: - -with lib; +{ + options, + config, + lib, + pkgs, + inputs, + ... +}: let cfg = config.yomaq.macosSettings; in { options.yomaq.macosSettings = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' enable custom enablesettings ''; }; }; - config = mkIf cfg.enable { - #MacOS settings for Dock, Finder, etc + config = lib.mkIf cfg.enable { + #MacOS settings for Dock, Finder, etc system = { defaults = { NSGlobalDomain = { @@ -51,4 +56,4 @@ in }; }; }; -} \ No newline at end of file +} diff --git a/modules/hosts/disko/nixos.nix b/modules/hosts/disko/nixos.nix index 182acadf..1a9ad25a 100644 --- a/modules/hosts/disko/nixos.nix +++ b/modules/hosts/disko/nixos.nix @@ -1,7 +1,11 @@ -{ config, lib, pkgs, modulesPath, inputs, ... }: - { - imports =[ - inputs.disko.nixosModules.disko - ]; -} \ No newline at end of file + config, + lib, + pkgs, + modulesPath, + inputs, + ... +}: +{ + imports = [ inputs.disko.nixosModules.disko ]; +} diff --git a/modules/hosts/flatpak/nixos.nix b/modules/hosts/flatpak/nixos.nix index c1d177f1..aae9c40b 100644 --- a/modules/hosts/flatpak/nixos.nix +++ b/modules/hosts/flatpak/nixos.nix @@ -1,14 +1,19 @@ -{ options, config, lib, pkgs, inputs, ... }: - -with lib; +{ + options, + config, + lib, + pkgs, + inputs, + ... +}: let cfg = config.yomaq.flatpak; inherit (config.yomaq.impermanence) dontBackup; in { options.yomaq.flatpak = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' enable custom flatpak module @@ -16,13 +21,11 @@ in }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { services.flatpak.enable = true; environment.persistence."${dontBackup}" = { hideMounts = true; - directories = [ - "/var/lib/flatpak" - ]; + directories = [ "/var/lib/flatpak" ]; }; }; -} \ No newline at end of file +} diff --git a/modules/hosts/gatus/nixos.nix b/modules/hosts/gatus/nixos.nix index 77a614ea..8e4a3a74 100644 --- a/modules/hosts/gatus/nixos.nix +++ b/modules/hosts/gatus/nixos.nix @@ -1,4 +1,11 @@ -{ config, lib, pkgs, inputs, modulesPath, ... }: +{ + config, + lib, + pkgs, + inputs, + modulesPath, + ... +}: let cfg = config.yomaq.gatus; settingsFormat = pkgs.formats.yaml { }; @@ -9,11 +16,11 @@ in enable = lib.mkEnableOption (lib.mdDoc "Gatus Dashboard"); endpoints = lib.mkOption { inherit (settingsFormat) type; - default = []; + default = [ ]; }; externalEndpoints = lib.mkOption { inherit (settingsFormat) type; - default = []; + default = [ ]; }; url = lib.mkOption { type = lib.types.str; @@ -24,12 +31,22 @@ in config = lib.mkIf cfg.enable { services.gatus = { settings = { - endpoints = lib.mkMerge (map (hostname: lib.mkIf (inputs.self.nixosConfigurations."${hostname}".config.yomaq.gatus.endpoints!= []) - inputs.self.nixosConfigurations."${hostname}".config.yomaq.gatus.endpoints - ) listOfHosts); - external-endpoints = lib.mkMerge (map (hostname: lib.mkIf (inputs.self.nixosConfigurations."${hostname}".config.yomaq.gatus.externalEndpoints!= []) - inputs.self.nixosConfigurations."${hostname}".config.yomaq.gatus.externalEndpoints - ) listOfHosts); + endpoints = lib.mkMerge ( + map ( + hostname: + lib.mkIf ( + inputs.self.nixosConfigurations."${hostname}".config.yomaq.gatus.endpoints != [ ] + ) inputs.self.nixosConfigurations."${hostname}".config.yomaq.gatus.endpoints + ) listOfHosts + ); + external-endpoints = lib.mkMerge ( + map ( + hostname: + lib.mkIf ( + inputs.self.nixosConfigurations."${hostname}".config.yomaq.gatus.externalEndpoints != [ ] + ) inputs.self.nixosConfigurations."${hostname}".config.yomaq.gatus.externalEndpoints + ) listOfHosts + ); }; }; ### example of how to add a gatus monitor in another module for use on any host in the flake. diff --git a/modules/hosts/gatus/temp/nixos.nix b/modules/hosts/gatus/temp/nixos.nix index fa4fb747..a6e298ee 100644 --- a/modules/hosts/gatus/temp/nixos.nix +++ b/modules/hosts/gatus/temp/nixos.nix @@ -136,4 +136,4 @@ in }; meta.maintainers = with maintainers; [ pizzapim ]; -} \ No newline at end of file +} diff --git a/modules/hosts/glances/nixos.nix b/modules/hosts/glances/nixos.nix index f6e598ab..be2700be 100644 --- a/modules/hosts/glances/nixos.nix +++ b/modules/hosts/glances/nixos.nix @@ -1,8 +1,9 @@ -{ config -, pkgs -, lib -, inputs -, ... +{ + config, + pkgs, + lib, + inputs, + ... }: let cfg = config.yomaq.glances; @@ -24,9 +25,8 @@ in after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - environment = { - }; - serviceConfig = { + environment = { }; + serviceConfig = { Type = "simple"; DynamicUser = true; StateDirectory = "glances"; @@ -41,120 +41,152 @@ in root = "${dontBackup}/lastUpdate/"; }; - system.activationScripts = lib.mkIf (inputs.self ? rev) {lastUpdate.text = '' - echo "{\"date\": \"$(date +"%a %m/%d %H:%M")\", \"commit\": \"${inputs.self.shortRev}\"}" > ${dontBackup}/lastUpdate/lastUpdate.html + system.activationScripts = lib.mkIf (inputs.self ? rev) { + lastUpdate.text = '' + echo "{\"date\": \"$(date +"%a %m/%d %H:%M")\", \"commit\": \"${inputs.self.shortRev}\"}" > ${dontBackup}/lastUpdate/lastUpdate.html ''; }; - yomaq.homepage.services = - (lib.optional (config.yomaq.homepage.enable) {"Flake" = [ - {"flake.lock last update"={ - widget = { - type = "customapi"; - url = "https://gitlab.com/api/v4/projects/56279050/repository/commits?path=flake.lock"; - method = "GET"; - mappings = [ - { - field = {"0"="committed_date";}; - format = "date"; - style = "short"; - } - ]; - }; - };} - {"Last Commit"={ - widget = { - type = "customapi"; - url = "https://gitlab.com/api/v4/projects/56279050/repository/commits?sort=desc&per_page=1"; - method = "GET"; - mappings = [ - { - field = {"0"="committed_date";}; - format = "date"; - style = "short"; - } - ]; - }; - };} - {"Update Message"={ - widget = { - type = "customapi"; - url = "https://gitlab.com/api/v4/projects/56279050/repository/commits?sort=desc&per_page=1"; - method = "GET"; - mappings = [ - { - field = {"0" = "message";}; - } - ]; - }; - };} - {"Current Commit"={ - widget = { - type = "customapi"; - url = "https://gitlab.com/api/v4/projects/56279050/repository/commits?sort=desc&per_page=1"; - method = "GET"; - mappings = [ - { - field = {"0"="short_id";}; - } - ]; - }; - };} - ];}) ++ - [{ "${hostName}" = [ - {CPU = { - href = "http://${hostName}.${tailnetName}.ts.net:61208"; - widget = { - type = "glances"; - url = "http://${hostName}.${tailnetName}.ts.net:61208"; - metric = "cpu"; - }; - };} - {MEMORY = { - href = "http://${hostName}.${tailnetName}.ts.net:61208"; - widget = { - type = "glances"; - url = "http://${hostName}.${tailnetName}.ts.net:61208"; - metric = "memory"; - }; - };} - {PersistSave = { - href = "http://${hostName}.${tailnetName}.ts.net:61208"; - widget = { - type = "glances"; - url = "http://${hostName}.${tailnetName}.ts.net:61208"; - metric = "fs:/persist/save"; - }; - };} - {Processes = { - href = "http://${hostName}.${tailnetName}.ts.net:61208"; - widget = { - type = "glances"; - url = "http://${hostName}.${tailnetName}.ts.net:61208"; - metric = "process"; - }; - };} - {LastUpdate = { - href = "http://${hostName}.${tailnetName}.ts.net:8787/lastUpdate.html"; - widget = { - type = "customapi"; - url = "http://${hostName}.${tailnetName}.ts.net:8787/lastUpdate.html"; - method = "GET"; - display = "list"; - mappings = [ - { - field = "date"; - label = "Last Updated"; - } - { - field = "commit"; - label = "Commit"; - } - ]; - }; - };} - ];} - ]; + yomaq.homepage.services = + (lib.optional (config.yomaq.homepage.enable) { + "Flake" = [ + { + "flake.lock last update" = { + widget = { + type = "customapi"; + url = "https://gitlab.com/api/v4/projects/56279050/repository/commits?path=flake.lock"; + method = "GET"; + mappings = [ + { + field = { + "0" = "committed_date"; + }; + format = "date"; + style = "short"; + } + ]; + }; + }; + } + { + "Last Commit" = { + widget = { + type = "customapi"; + url = "https://gitlab.com/api/v4/projects/56279050/repository/commits?sort=desc&per_page=1"; + method = "GET"; + mappings = [ + { + field = { + "0" = "committed_date"; + }; + format = "date"; + style = "short"; + } + ]; + }; + }; + } + { + "Update Message" = { + widget = { + type = "customapi"; + url = "https://gitlab.com/api/v4/projects/56279050/repository/commits?sort=desc&per_page=1"; + method = "GET"; + mappings = [ + { + field = { + "0" = "message"; + }; + } + ]; + }; + }; + } + { + "Current Commit" = { + widget = { + type = "customapi"; + url = "https://gitlab.com/api/v4/projects/56279050/repository/commits?sort=desc&per_page=1"; + method = "GET"; + mappings = [ + { + field = { + "0" = "short_id"; + }; + } + ]; + }; + }; + } + ]; + }) + ++ [ + { + "${hostName}" = [ + { + CPU = { + href = "http://${hostName}.${tailnetName}.ts.net:61208"; + widget = { + type = "glances"; + url = "http://${hostName}.${tailnetName}.ts.net:61208"; + metric = "cpu"; + }; + }; + } + { + MEMORY = { + href = "http://${hostName}.${tailnetName}.ts.net:61208"; + widget = { + type = "glances"; + url = "http://${hostName}.${tailnetName}.ts.net:61208"; + metric = "memory"; + }; + }; + } + { + PersistSave = { + href = "http://${hostName}.${tailnetName}.ts.net:61208"; + widget = { + type = "glances"; + url = "http://${hostName}.${tailnetName}.ts.net:61208"; + metric = "fs:/persist/save"; + }; + }; + } + { + Processes = { + href = "http://${hostName}.${tailnetName}.ts.net:61208"; + widget = { + type = "glances"; + url = "http://${hostName}.${tailnetName}.ts.net:61208"; + metric = "process"; + }; + }; + } + { + LastUpdate = { + href = "http://${hostName}.${tailnetName}.ts.net:8787/lastUpdate.html"; + widget = { + type = "customapi"; + url = "http://${hostName}.${tailnetName}.ts.net:8787/lastUpdate.html"; + method = "GET"; + display = "list"; + mappings = [ + { + field = "date"; + label = "Last Updated"; + } + { + field = "commit"; + label = "Commit"; + } + ]; + }; + }; + } + ]; + } + ]; yomaq.homepage.settings = { layout = { Flake = { @@ -171,545 +203,542 @@ in }; }; }; - systemd.tmpfiles.rules = [ + systemd.tmpfiles.rules = [ "d ${dontBackup}/lastUpdate 0755 root root" - ("L+ /etc/glances/glances.conf 755 root root - ${pkgs.writeText "glances config" '' - ############################################################################## - # Globals Glances parameters - ############################################################################## - - [global] - # Stats refresh rate (default is a minimum of 2 seconds) - # Can be overwrite by the -t option - # It is also possible to overwrite it in each plugin sections - refresh=2 - # Does Glances should check if a newer version is available on PyPI ? - check_update=true - # History size (maximum number of values) - # Default is 1200 values (~1h with the default refresh rate) - history_size=1200 - # Set the way Glances should display the date (default is %Y-%m-%d %H:%M:%S %Z) - #strftime_format="%Y-%m-%d %H:%M:%S %Z" - - ############################################################################## - # User interface - ############################################################################## - - [outputs] - # Theme name for the Curses interface: black or white - curse_theme=black - # Limit the number of processes to display in the WebUI - max_processes_display=30 - - ############################################################################## - # plugins - ############################################################################## - - [quicklook] - # Set to true to disable a plugin - # Note: you can also disable it from the command line (see --disable-plugin ) - disable=False - # Graphical percentage char used in the terminal user interface (default is |) - percentage_char=| - # Define CPU, MEM and SWAP thresholds in % - cpu_careful=50 - cpu_warning=70 - cpu_critical=90 - mem_careful=50 - mem_warning=70 - mem_critical=90 - swap_careful=50 - swap_warning=70 - swap_critical=90 - - [system] - # This plugin display the first line in the Glances UI with: - # Hostname / Operating system name / Architecture information - # Set to true to disable a plugin - disable=False - # Default refresh rate is 60 seconds - #refresh=60 - - [cpu] - disable=False - # See https://scoutapm.com/blog/slow_server_flow_chart - # - # I/O wait percentage should be lower than 1/# (# = Logical CPU cores) - # Leave commented to just use the default config: - # Careful=1/#*100-20% / Warning=1/#*100-10% / Critical=1/#*100 - #iowait_careful=30 - #iowait_warning=40 - #iowait_critical=50 - # - # Total % is 100 - idle - total_careful=65 - total_warning=75 - total_critical=85 - total_log=True - # - # Default values if not defined: 50/70/90 (except for iowait) - user_careful=50 - user_warning=70 - user_critical=90 - user_log=False - #user_critical_action=echo {{user}} {{value}} {{max}} > /tmp/cpu.alert - # - system_careful=50 - system_warning=70 - system_critical=90 - system_log=False - # - steal_careful=50 - steal_warning=70 - steal_critical=90 - #steal_log=True - # - # Context switch limit (core / second) - # Leave commented to just use the default config (critical is 50000*# (Logical CPU cores) - #ctx_switches_careful=10000 - #ctx_switches_warning=12000 - #ctx_switches_critical=14000 - - [percpu] - disable=True - # Define CPU thresholds in % - # Default values if not defined: 50/70/90 - user_careful=50 - user_warning=70 - user_critical=90 - iowait_careful=50 - iowait_warning=70 - iowait_critical=90 - system_careful=50 - system_warning=70 - system_critical=90 - - [gpu] - disable=True - # Default processor values if not defined: 50/70/90 - proc_careful=50 - proc_warning=70 - proc_critical=90 - # Default memory values if not defined: 50/70/90 - mem_careful=50 - mem_warning=70 - mem_critical=90 - - [mem] - disable=False - # Define RAM thresholds in % - # Default values if not defined: 50/70/90 - careful=50 - #careful_action_repeat=echo {{percent}} >> /tmp/memory.alert - warning=70 - critical=90 - - [memswap] - disable=True - # Define SWAP thresholds in % - # Default values if not defined: 50/70/90 - careful=50 - warning=70 - critical=90 - - [load] - disable=True - # Define LOAD thresholds - # Value * number of cores - # Default values if not defined: 0.7/1.0/5.0 per number of cores - # Source: http://blog.scoutapp.com/articles/2009/07/31/understanding-load-averages - # http://www.linuxjournal.com/article/9001 - careful=0.7 - warning=1.0 - critical=5.0 - #log=False - - [network] - disable=True - # Default bitrate thresholds in % of the network interface speed - # Default values if not defined: 70/80/90 - rx_careful=70 - rx_warning=80 - rx_critical=90 - tx_careful=70 - tx_warning=80 - tx_critical=90 - # Define the list of hidden network interfaces (comma-separated regexp) - hide=docker.*,lo - # Define the list of wireless network interfaces to be show (comma-separated) - #show=docker.* - # WLAN 0 alias - #wlan0_alias=Wireless - # It is possible to overwrite the bitrate thresholds per interface - # WLAN 0 Default limits (in bits per second aka bps) for interface bitrate - #wlan0_rx_careful=4000000 - #wlan0_rx_warning=5000000 - #wlan0_rx_critical=6000000 - #wlan0_rx_log=True - #wlan0_tx_careful=700000 - #wlan0_tx_warning=900000 - #wlan0_tx_critical=1000000 - #wlan0_tx_log=True - - [ip] - disable=True - public_refresh_interval=300 - public_ip_disabled=False - # Configuration for the Censys online service - # Need to create an aacount: https://censys.io/login - censys_url=https://search.censys.io/api - # Get your own credential here: https://search.censys.io/account/api - # Enter your credential and uncomment the following lines - #censys_username= - #censys_password= - # List of fields to be displayed in user interface (comma separated) - censys_fields=location:continent,location:country,autonomous_system:name - - [connections] - # Display additional information about TCP connections - # This plugin is disabled by default - disable=True - # nf_conntrack thresholds in % - nf_conntrack_percent_careful=70 - nf_conntrack_percent_warning=80 - nf_conntrack_percent_critical=90 - - [wifi] - disable=True - # Define the list of hidden wireless network interfaces (comma-separated regexp) - hide=lo,docker.* - # Define the list of wireless network interfaces to be show (comma-separated) - #show=docker.* - # Define SIGNAL thresholds in db (lower is better...) - # Based on: http://serverfault.com/questions/501025/industry-standard-for-minimum-wifi-signal-strength - careful=-65 - warning=-75 - critical=-85 - - [diskio] - disable=True - # Define the list of hidden disks (comma-separated regexp) - #hide=sda2,sda5,loop.* - hide=loop.*,/dev/loop.* - # Define the list of disks to be show (comma-separated) - #show=sda.* - # Alias for sda1 - #sda1_alias=InternalDisk - - [fs] - disable=False - # Define the list of file system to hide (comma-separated regexp) - hide=/boot.*,/snap.* - # Define the list of file system to show (comma-separated regexp) - #show=/,/srv - # Define filesystem space thresholds in % - # Default values if not defined: 50/70/90 - # It is also possible to define per mount point value - # Example: /_careful=40 - careful=50 - warning=70 - critical=90 - # Allow additional file system types (comma-separated FS type) - #allow=shm - - [irq] - # Documentation: https://glances.readthedocs.io/en/latest/aoa/irq.html - # This plugin is disabled by default - disable=True - - [folders] - # Documentation: https://glances.readthedocs.io/en/latest/aoa/folders.html - disable=True - # Define a folder list to monitor - # The list is composed of items (list_#nb <= 10) - # An item is defined by: - # * path: absolute path - # * careful: optional careful threshold (in MB) - # * warning: optional warning threshold (in MB) - # * critical: optional critical threshold (in MB) - # * refresh: interval in second between two refreshes - #folder_1_path=/tmp - #folder_1_careful=2500 - #folder_1_warning=3000 - #folder_1_critical=3500 - #folder_1_refresh=60 - #folder_2_path=/home/nicolargo/Videos - #folder_2_warning=17000 - #folder_2_critical=20000 - #folder_3_path=/nonexisting - #folder_4_path=/root - - [cloud] - # Documentation: https://glances.readthedocs.io/en/latest/aoa/cloud.html - # This plugin is disabled by default - disable=True - - [raid] - # Documentation: https://glances.readthedocs.io/en/latest/aoa/raid.html - # This plugin is disabled by default - disable=True - - [smart] - # Documentation: https://glances.readthedocs.io/en/latest/aoa/smart.html - # This plugin is disabled by default - disable=True - - [hddtemp] - disable=True - # Define hddtemp server IP and port (default is 127.0.0.1 and 7634 (TCP)) - host=127.0.0.1 - port=7634 - - [sensors] - # Documentation: https://glances.readthedocs.io/en/latest/aoa/sensors.html - disable=False - # By default refresh every refresh time * 2 - #refresh=6 - # Hide some sensors - #hide=ambient - # Sensors core thresholds (in Celsius...) - # Default values are grabbed from the system - #temperature_core_careful=60 - #temperature_core_warning=70 - #temperature_core_critical=80 - # Temperatures threshold in °C for hddtemp - # Default values if not defined: 45/52/60 - temperature_hdd_careful=45 - temperature_hdd_warning=52 - temperature_hdd_critical=60 - # Battery threshold in % - battery_careful=80 - battery_warning=90 - battery_critical=95 - # Sensors alias - #temp1_alias=Motherboard 0 - #temp2_alias=Motherboard 1 - #core 0_temperature_core_alias=CPU Core 0 temp - #core 0_fans_speed_alias=CPU Core 0 fan - #or - #core 0_alias=CPU Core 0 - #core 1_alias=CPU Core 1 - - [processcount] - disable=False - # If you want to change the refresh rate of the processing list, please uncomment: - #refresh=10 - - [processlist] - disable=False - # Sort key: if not defined, the sort is automatically done by Glances (recommended) - # Should be one of the following: - # cpu_percent, memory_percent, io_counters, name, cpu_times, username - #sort_key=memory_percent - # Define CPU/MEM (per process) thresholds in % - # Default values if not defined: 50/70/90 - cpu_careful=50 - cpu_warning=70 - cpu_critical=90 - mem_careful=50 - mem_warning=70 - mem_critical=90 - # - # Nice priorities range from -20 to 19. - # Configure nice levels using a comma separated list. - # - # Nice: Example 1, non-zero is warning (default behavior) - nice_warning=-20,-19,-18,-17,-16,-15,-14,-13,-12,-11,-10,-9,-8,-7,-6,-5,-4,-3,-2,-1,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19 - # - # Nice: Example 2, low priority processes escalate from careful to critical - #nice_careful=1,2,3,4,5,6,7,8,9 - #nice_warning=10,11,12,13,14 - #nice_critical=15,16,17,18,19 - - [ports] - disable=False - # Interval in second between two scans - # Ports scanner plugin configuration - refresh=30 - # Set the default timeout (in second) for a scan (can be overwritten in the scan list) - timeout=3 - # If port_default_gateway is True, add the default gateway on top of the scan list - port_default_gateway=True - # - # Define the scan list (1 < x < 255) - # port_x_host (name or IP) is mandatory - # port_x_port (TCP port number) is optional (if not set, use ICMP) - # port_x_description is optional (if not set, define to host:port) - # port_x_timeout is optional and overwrite the default timeout value - # port_x_rtt_warning is optional and defines the warning threshold in ms - # - #port_1_host=192.168.0.1 - #port_1_port=80 - #port_1_description=Home Box - #port_1_timeout=1 - #port_2_host=www.free.fr - #port_2_description=My ISP - #port_3_host=www.google.com - #port_3_description=Internet ICMP - #port_3_rtt_warning=1000 - #port_4_description=Internet Web - #port_4_host=www.google.com - #port_4_port=80 - #port_4_rtt_warning=1000 - # - # Define Web (URL) monitoring list (1 < x < 255) - # web_x_url is the URL to monitor (example: http://my.site.com/folder) - # web_x_description is optional (if not set, define to URL) - # web_x_timeout is optional and overwrite the default timeout value - # web_x_rtt_warning is optional and defines the warning respond time in ms (approximately) - # - #web_1_url=https://blog.nicolargo.com - #web_1_description=My Blog - #web_1_rtt_warning=3000 - #web_2_url=https://github.com - #web_3_url=http://www.google.fr - #web_3_description=Google Fr - #web_4_url=https://blog.nicolargo.com/nonexist - #web_4_description=Intranet - - [containers] - disable=False - # Only show specific containers (comma separated list of container name or regular expression) - # Comment this line to display all containers (default configuration) - #show=telegraf - # Hide some containers (comma separated list of container name or regular expression) - # Comment this line to display all containers (default configuration) - #hide=telegraf - # Define the maximum docker size name (default is 20 chars) - max_name_size=20 - #cpu_careful=50 - # Thresholds for CPU and MEM (in %) - #cpu_warning=70 - #cpu_critical=90 - #mem_careful=20 - #mem_warning=50 - #mem_critical=70 - # - # Per container thresholds - #containername_cpu_careful=10 - #containername_cpu_warning=20 - #containername_cpu_critical=30 - # - # By default, Glances only display running containers - # Set the following key to True to display all containers - all=True - # Define Podman sock - #podman_sock=unix:///run/user/1000/podman/podman.sock - - [amps] - # AMPs configuration are defined in the bottom of this file - disable=True - - ############################################################################## - # Client/server - ############################################################################## - - [serverlist] - # Define the static servers list - #server_1_name=localhost - #server_1_alias=My local PC - #server_1_port=61209 - #server_2_name=localhost - #server_2_port=61235 - #server_3_name=192.168.0.17 - #server_3_alias=Another PC on my network - #server_3_port=61209 - #server_4_name=pasbon - #server_4_port=61237 - - [passwords] - # Define the passwords list related to the [serverlist] section - # Syntax: host=password - # Where: host is the hostname - # password is the clear password - # Additionally (and optionally) a default password could be defined - #localhost=abc - #default=defaultpassword - # - # Define the path of the local '.pwd' file (default is system one) - #local_password_path=~/.config/glances - - ############################################################################## - # Exports - ############################################################################## - - [graph] - # Configuration for the --export graph option - # Set the path where the graph (.svg files) will be created - # Can be overwrite by the --graph-path command line option - path=/tmp - # It is possible to generate the graphs automatically by setting the - # generate_every to a non zero value corresponding to the seconds between - # two generation. Set it to 0 to disable graph auto generation. - generate_every=0 - # See following configuration keys definitions in the Pygal lib documentation - # http://pygal.org/en/stable/documentation/index.html - width=800 - height=600 - style=DarkStyle - - - - - [amp_dropbox] - # Use the default AMP (no dedicated AMP Python script) - # Check if the Dropbox daemon is running - # Every 3 seconds, display the 'dropbox status' command line - enable=false - regex=.*dropbox.* - refresh=3 - one_line=false - command=dropbox status - countmin=1 - - [amp_python] - # Use the default AMP (no dedicated AMP Python script) - # Monitor all the Python scripts - # Alert if more than 20 Python scripts are running - enable=false - regex=.*python.* - refresh=3 - countmax=20 - - [amp_conntrack] - # Use comma separated for multiple commands (no space around the comma) - # If the regex key is not defined, the AMP will be executed every refresh second - # and the process count will not be displayed (countmin and countmax will be ignore) - enable=false - refresh=30 - one_line=false - command=sysctl net.netfilter.nf_conntrack_count;sysctl net.netfilter.nf_conntrack_max - - [amp_nginx] - # Use the NGinx AMP - # Nginx status page should be enable (https://easyengine.io/tutorials/nginx/status-page/) - enable=false - regex=\/usr\/sbin\/nginx - refresh=60 - one_line=false - status_url=http://localhost/nginx_status - - [amp_systemd] - # Use the Systemd AMP - enable=false - regex=\/lib\/systemd\/systemd - refresh=30 - one_line=true - systemctl_cmd=/bin/systemctl --plain - - [amp_systemv] - # Use the Systemv AMP - enable=false - regex=\/sbin\/init - refresh=30 - one_line=true - service_cmd=/usr/bin/service --status-all - ''}") + ( + "L+ /etc/glances/glances.conf 755 root root - ${pkgs.writeText "glances config" '' + ############################################################################## + # Globals Glances parameters + ############################################################################## + + [global] + # Stats refresh rate (default is a minimum of 2 seconds) + # Can be overwrite by the -t option + # It is also possible to overwrite it in each plugin sections + refresh=2 + # Does Glances should check if a newer version is available on PyPI ? + check_update=true + # History size (maximum number of values) + # Default is 1200 values (~1h with the default refresh rate) + history_size=1200 + # Set the way Glances should display the date (default is %Y-%m-%d %H:%M:%S %Z) + #strftime_format="%Y-%m-%d %H:%M:%S %Z" + + ############################################################################## + # User interface + ############################################################################## + + [outputs] + # Theme name for the Curses interface: black or white + curse_theme=black + # Limit the number of processes to display in the WebUI + max_processes_display=30 + + ############################################################################## + # plugins + ############################################################################## + + [quicklook] + # Set to true to disable a plugin + # Note: you can also disable it from the command line (see --disable-plugin ) + disable=False + # Graphical percentage char used in the terminal user interface (default is |) + percentage_char=| + # Define CPU, MEM and SWAP thresholds in % + cpu_careful=50 + cpu_warning=70 + cpu_critical=90 + mem_careful=50 + mem_warning=70 + mem_critical=90 + swap_careful=50 + swap_warning=70 + swap_critical=90 + + [system] + # This plugin display the first line in the Glances UI with: + # Hostname / Operating system name / Architecture information + # Set to true to disable a plugin + disable=False + # Default refresh rate is 60 seconds + #refresh=60 + + [cpu] + disable=False + # See https://scoutapm.com/blog/slow_server_flow_chart + # + # I/O wait percentage should be lower than 1/# (# = Logical CPU cores) + # Leave commented to just use the default config: + # Careful=1/#*100-20% / Warning=1/#*100-10% / Critical=1/#*100 + #iowait_careful=30 + #iowait_warning=40 + #iowait_critical=50 + # + # Total % is 100 - idle + total_careful=65 + total_warning=75 + total_critical=85 + total_log=True + # + # Default values if not defined: 50/70/90 (except for iowait) + user_careful=50 + user_warning=70 + user_critical=90 + user_log=False + #user_critical_action=echo {{user}} {{value}} {{max}} > /tmp/cpu.alert + # + system_careful=50 + system_warning=70 + system_critical=90 + system_log=False + # + steal_careful=50 + steal_warning=70 + steal_critical=90 + #steal_log=True + # + # Context switch limit (core / second) + # Leave commented to just use the default config (critical is 50000*# (Logical CPU cores) + #ctx_switches_careful=10000 + #ctx_switches_warning=12000 + #ctx_switches_critical=14000 + + [percpu] + disable=True + # Define CPU thresholds in % + # Default values if not defined: 50/70/90 + user_careful=50 + user_warning=70 + user_critical=90 + iowait_careful=50 + iowait_warning=70 + iowait_critical=90 + system_careful=50 + system_warning=70 + system_critical=90 + + [gpu] + disable=True + # Default processor values if not defined: 50/70/90 + proc_careful=50 + proc_warning=70 + proc_critical=90 + # Default memory values if not defined: 50/70/90 + mem_careful=50 + mem_warning=70 + mem_critical=90 + + [mem] + disable=False + # Define RAM thresholds in % + # Default values if not defined: 50/70/90 + careful=50 + #careful_action_repeat=echo {{percent}} >> /tmp/memory.alert + warning=70 + critical=90 + + [memswap] + disable=True + # Define SWAP thresholds in % + # Default values if not defined: 50/70/90 + careful=50 + warning=70 + critical=90 + + [load] + disable=True + # Define LOAD thresholds + # Value * number of cores + # Default values if not defined: 0.7/1.0/5.0 per number of cores + # Source: http://blog.scoutapp.com/articles/2009/07/31/understanding-load-averages + # http://www.linuxjournal.com/article/9001 + careful=0.7 + warning=1.0 + critical=5.0 + #log=False + + [network] + disable=True + # Default bitrate thresholds in % of the network interface speed + # Default values if not defined: 70/80/90 + rx_careful=70 + rx_warning=80 + rx_critical=90 + tx_careful=70 + tx_warning=80 + tx_critical=90 + # Define the list of hidden network interfaces (comma-separated regexp) + hide=docker.*,lo + # Define the list of wireless network interfaces to be show (comma-separated) + #show=docker.* + # WLAN 0 alias + #wlan0_alias=Wireless + # It is possible to overwrite the bitrate thresholds per interface + # WLAN 0 Default limits (in bits per second aka bps) for interface bitrate + #wlan0_rx_careful=4000000 + #wlan0_rx_warning=5000000 + #wlan0_rx_critical=6000000 + #wlan0_rx_log=True + #wlan0_tx_careful=700000 + #wlan0_tx_warning=900000 + #wlan0_tx_critical=1000000 + #wlan0_tx_log=True + + [ip] + disable=True + public_refresh_interval=300 + public_ip_disabled=False + # Configuration for the Censys online service + # Need to create an aacount: https://censys.io/login + censys_url=https://search.censys.io/api + # Get your own credential here: https://search.censys.io/account/api + # Enter your credential and uncomment the following lines + #censys_username= + #censys_password= + # List of fields to be displayed in user interface (comma separated) + censys_fields=location:continent,location:country,autonomous_system:name + + [connections] + # Display additional information about TCP connections + # This plugin is disabled by default + disable=True + # nf_conntrack thresholds in % + nf_conntrack_percent_careful=70 + nf_conntrack_percent_warning=80 + nf_conntrack_percent_critical=90 + + [wifi] + disable=True + # Define the list of hidden wireless network interfaces (comma-separated regexp) + hide=lo,docker.* + # Define the list of wireless network interfaces to be show (comma-separated) + #show=docker.* + # Define SIGNAL thresholds in db (lower is better...) + # Based on: http://serverfault.com/questions/501025/industry-standard-for-minimum-wifi-signal-strength + careful=-65 + warning=-75 + critical=-85 + + [diskio] + disable=True + # Define the list of hidden disks (comma-separated regexp) + #hide=sda2,sda5,loop.* + hide=loop.*,/dev/loop.* + # Define the list of disks to be show (comma-separated) + #show=sda.* + # Alias for sda1 + #sda1_alias=InternalDisk + + [fs] + disable=False + # Define the list of file system to hide (comma-separated regexp) + hide=/boot.*,/snap.* + # Define the list of file system to show (comma-separated regexp) + #show=/,/srv + # Define filesystem space thresholds in % + # Default values if not defined: 50/70/90 + # It is also possible to define per mount point value + # Example: /_careful=40 + careful=50 + warning=70 + critical=90 + # Allow additional file system types (comma-separated FS type) + #allow=shm + + [irq] + # Documentation: https://glances.readthedocs.io/en/latest/aoa/irq.html + # This plugin is disabled by default + disable=True + + [folders] + # Documentation: https://glances.readthedocs.io/en/latest/aoa/folders.html + disable=True + # Define a folder list to monitor + # The list is composed of items (list_#nb <= 10) + # An item is defined by: + # * path: absolute path + # * careful: optional careful threshold (in MB) + # * warning: optional warning threshold (in MB) + # * critical: optional critical threshold (in MB) + # * refresh: interval in second between two refreshes + #folder_1_path=/tmp + #folder_1_careful=2500 + #folder_1_warning=3000 + #folder_1_critical=3500 + #folder_1_refresh=60 + #folder_2_path=/home/nicolargo/Videos + #folder_2_warning=17000 + #folder_2_critical=20000 + #folder_3_path=/nonexisting + #folder_4_path=/root + + [cloud] + # Documentation: https://glances.readthedocs.io/en/latest/aoa/cloud.html + # This plugin is disabled by default + disable=True + + [raid] + # Documentation: https://glances.readthedocs.io/en/latest/aoa/raid.html + # This plugin is disabled by default + disable=True + + [smart] + # Documentation: https://glances.readthedocs.io/en/latest/aoa/smart.html + # This plugin is disabled by default + disable=True + + [hddtemp] + disable=True + # Define hddtemp server IP and port (default is 127.0.0.1 and 7634 (TCP)) + host=127.0.0.1 + port=7634 + + [sensors] + # Documentation: https://glances.readthedocs.io/en/latest/aoa/sensors.html + disable=False + # By default refresh every refresh time * 2 + #refresh=6 + # Hide some sensors + #hide=ambient + # Sensors core thresholds (in Celsius...) + # Default values are grabbed from the system + #temperature_core_careful=60 + #temperature_core_warning=70 + #temperature_core_critical=80 + # Temperatures threshold in °C for hddtemp + # Default values if not defined: 45/52/60 + temperature_hdd_careful=45 + temperature_hdd_warning=52 + temperature_hdd_critical=60 + # Battery threshold in % + battery_careful=80 + battery_warning=90 + battery_critical=95 + # Sensors alias + #temp1_alias=Motherboard 0 + #temp2_alias=Motherboard 1 + #core 0_temperature_core_alias=CPU Core 0 temp + #core 0_fans_speed_alias=CPU Core 0 fan + #or + #core 0_alias=CPU Core 0 + #core 1_alias=CPU Core 1 + + [processcount] + disable=False + # If you want to change the refresh rate of the processing list, please uncomment: + #refresh=10 + + [processlist] + disable=False + # Sort key: if not defined, the sort is automatically done by Glances (recommended) + # Should be one of the following: + # cpu_percent, memory_percent, io_counters, name, cpu_times, username + #sort_key=memory_percent + # Define CPU/MEM (per process) thresholds in % + # Default values if not defined: 50/70/90 + cpu_careful=50 + cpu_warning=70 + cpu_critical=90 + mem_careful=50 + mem_warning=70 + mem_critical=90 + # + # Nice priorities range from -20 to 19. + # Configure nice levels using a comma separated list. + # + # Nice: Example 1, non-zero is warning (default behavior) + nice_warning=-20,-19,-18,-17,-16,-15,-14,-13,-12,-11,-10,-9,-8,-7,-6,-5,-4,-3,-2,-1,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19 + # + # Nice: Example 2, low priority processes escalate from careful to critical + #nice_careful=1,2,3,4,5,6,7,8,9 + #nice_warning=10,11,12,13,14 + #nice_critical=15,16,17,18,19 + + [ports] + disable=False + # Interval in second between two scans + # Ports scanner plugin configuration + refresh=30 + # Set the default timeout (in second) for a scan (can be overwritten in the scan list) + timeout=3 + # If port_default_gateway is True, add the default gateway on top of the scan list + port_default_gateway=True + # + # Define the scan list (1 < x < 255) + # port_x_host (name or IP) is mandatory + # port_x_port (TCP port number) is optional (if not set, use ICMP) + # port_x_description is optional (if not set, define to host:port) + # port_x_timeout is optional and overwrite the default timeout value + # port_x_rtt_warning is optional and defines the warning threshold in ms + # + #port_1_host=192.168.0.1 + #port_1_port=80 + #port_1_description=Home Box + #port_1_timeout=1 + #port_2_host=www.free.fr + #port_2_description=My ISP + #port_3_host=www.google.com + #port_3_description=Internet ICMP + #port_3_rtt_warning=1000 + #port_4_description=Internet Web + #port_4_host=www.google.com + #port_4_port=80 + #port_4_rtt_warning=1000 + # + # Define Web (URL) monitoring list (1 < x < 255) + # web_x_url is the URL to monitor (example: http://my.site.com/folder) + # web_x_description is optional (if not set, define to URL) + # web_x_timeout is optional and overwrite the default timeout value + # web_x_rtt_warning is optional and defines the warning respond time in ms (approximately) + # + #web_1_url=https://blog.nicolargo.com + #web_1_description=My Blog + #web_1_rtt_warning=3000 + #web_2_url=https://github.com + #web_3_url=http://www.google.fr + #web_3_description=Google Fr + #web_4_url=https://blog.nicolargo.com/nonexist + #web_4_description=Intranet + + [containers] + disable=False + # Only show specific containers (comma separated list of container name or regular expression) + # Comment this line to display all containers (default configuration) + #show=telegraf + # Hide some containers (comma separated list of container name or regular expression) + # Comment this line to display all containers (default configuration) + #hide=telegraf + # Define the maximum docker size name (default is 20 chars) + max_name_size=20 + #cpu_careful=50 + # Thresholds for CPU and MEM (in %) + #cpu_warning=70 + #cpu_critical=90 + #mem_careful=20 + #mem_warning=50 + #mem_critical=70 + # + # Per container thresholds + #containername_cpu_careful=10 + #containername_cpu_warning=20 + #containername_cpu_critical=30 + # + # By default, Glances only display running containers + # Set the following key to True to display all containers + all=True + # Define Podman sock + #podman_sock=unix:///run/user/1000/podman/podman.sock + + [amps] + # AMPs configuration are defined in the bottom of this file + disable=True + + ############################################################################## + # Client/server + ############################################################################## + + [serverlist] + # Define the static servers list + #server_1_name=localhost + #server_1_alias=My local PC + #server_1_port=61209 + #server_2_name=localhost + #server_2_port=61235 + #server_3_name=192.168.0.17 + #server_3_alias=Another PC on my network + #server_3_port=61209 + #server_4_name=pasbon + #server_4_port=61237 + + [passwords] + # Define the passwords list related to the [serverlist] section + # Syntax: host=password + # Where: host is the hostname + # password is the clear password + # Additionally (and optionally) a default password could be defined + #localhost=abc + #default=defaultpassword + # + # Define the path of the local '.pwd' file (default is system one) + #local_password_path=~/.config/glances + + ############################################################################## + # Exports + ############################################################################## + + [graph] + # Configuration for the --export graph option + # Set the path where the graph (.svg files) will be created + # Can be overwrite by the --graph-path command line option + path=/tmp + # It is possible to generate the graphs automatically by setting the + # generate_every to a non zero value corresponding to the seconds between + # two generation. Set it to 0 to disable graph auto generation. + generate_every=0 + # See following configuration keys definitions in the Pygal lib documentation + # http://pygal.org/en/stable/documentation/index.html + width=800 + height=600 + style=DarkStyle + + + + + [amp_dropbox] + # Use the default AMP (no dedicated AMP Python script) + # Check if the Dropbox daemon is running + # Every 3 seconds, display the 'dropbox status' command line + enable=false + regex=.*dropbox.* + refresh=3 + one_line=false + command=dropbox status + countmin=1 + + [amp_python] + # Use the default AMP (no dedicated AMP Python script) + # Monitor all the Python scripts + # Alert if more than 20 Python scripts are running + enable=false + regex=.*python.* + refresh=3 + countmax=20 + + [amp_conntrack] + # Use comma separated for multiple commands (no space around the comma) + # If the regex key is not defined, the AMP will be executed every refresh second + # and the process count will not be displayed (countmin and countmax will be ignore) + enable=false + refresh=30 + one_line=false + command=sysctl net.netfilter.nf_conntrack_count;sysctl net.netfilter.nf_conntrack_max + + [amp_nginx] + # Use the NGinx AMP + # Nginx status page should be enable (https://easyengine.io/tutorials/nginx/status-page/) + enable=false + regex=\/usr\/sbin\/nginx + refresh=60 + one_line=false + status_url=http://localhost/nginx_status + + [amp_systemd] + # Use the Systemd AMP + enable=false + regex=\/lib\/systemd\/systemd + refresh=30 + one_line=true + systemctl_cmd=/bin/systemctl --plain + + [amp_systemv] + # Use the Systemv AMP + enable=false + regex=\/sbin\/init + refresh=30 + one_line=true + service_cmd=/usr/bin/service --status-all + ''}" + ) ]; }; } - - - - - diff --git a/modules/hosts/gnome/nixos.nix b/modules/hosts/gnome/nixos.nix index 8cc1ca43..2db3b227 100644 --- a/modules/hosts/gnome/nixos.nix +++ b/modules/hosts/gnome/nixos.nix @@ -1,13 +1,17 @@ -{ options, config, lib, pkgs, ... }: - -with lib; +{ + options, + config, + lib, + pkgs, + ... +}: let cfg = config.yomaq.gnome; in { options.yomaq.gnome = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' enable custom gnome module @@ -15,7 +19,7 @@ in }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { # Enable the X11 windowing system. services.xserver.enable = true; @@ -51,24 +55,25 @@ in # Enable configuring Gnome through dconf settings programs.dconf.enable = true; - # remove default gnome packages - environment.gnome.excludePackages = (with pkgs; [ - gnome-photos - gnome-tour - ]) ++ (with pkgs.gnome; [ - cheese # webcam tool - gnome-music - gnome-terminal - epiphany # web browser - geary # email reader - evince # document viewer - gnome-characters - totem # video player - tali # poker game - iagno # go game - hitori # sudoku game - atomix # puzzle game - ]); + environment.gnome.excludePackages = + (with pkgs; [ + gnome-photos + gnome-tour + ]) + ++ (with pkgs.gnome; [ + cheese # webcam tool + gnome-music + gnome-terminal + epiphany # web browser + geary # email reader + evince # document viewer + gnome-characters + totem # video player + tali # poker game + iagno # go game + hitori # sudoku game + atomix # puzzle game + ]); }; -} \ No newline at end of file +} diff --git a/modules/hosts/healthchecks/nixos.nix b/modules/hosts/healthchecks/nixos.nix index 02eaa8cf..4babe1e9 100644 --- a/modules/hosts/healthchecks/nixos.nix +++ b/modules/hosts/healthchecks/nixos.nix @@ -1,14 +1,19 @@ -{ options, config, lib, pkgs, inputs, ... }: +{ + options, + config, + lib, + pkgs, + inputs, + ... +}: let cfg = config.yomaq.healthcheckUrl; in { options.yomaq.healthcheckUrl = lib.mkOption { - type = lib.types.submodule { - freeformType = lib.types.attrs; - }; - default = {}; + type = lib.types.submodule { freeformType = lib.types.attrs; }; + default = { }; description = "A submodule for health check URLs."; }; diff --git a/modules/hosts/healthchecks/temp/nixos.nix b/modules/hosts/healthchecks/temp/nixos.nix index 01b02813..fa4a2275 100644 --- a/modules/hosts/healthchecks/temp/nixos.nix +++ b/modules/hosts/healthchecks/temp/nixos.nix @@ -1,7 +1,11 @@ -{ config, lib, options, pkgs, buildEnv, ... }: - -with lib; - +{ + config, + lib, + options, + pkgs, + buildEnv, + ... +}: let defaultUser = "healthchecks"; cfg = config.yomaq.healthchecks; @@ -13,7 +17,9 @@ let STATIC_ROOT = cfg.dataDir + "/static"; } // lib.filterAttrs (_: v: !builtins.isNull v) cfg.settings; - environmentFile = pkgs.writeText "healthchecks-environment" (lib.generators.toKeyValue { } environment); + environmentFile = pkgs.writeText "healthchecks-environment" ( + lib.generators.toKeyValue { } environment + ); healthchecksManageScript = pkgs.writeShellScriptBin "healthchecks-manage" '' sudo=exec @@ -27,18 +33,18 @@ let in { options.yomaq.healthchecks = { - enable = mkEnableOption "healthchecks" // { + enable = lib.mkEnableOption "healthchecks" // { description = '' Enable healthchecks. It is expected to be run behind a HTTP reverse proxy. ''; }; - package = mkPackageOption pkgs "healthchecks" { }; + package = lib.mkPackageOption pkgs "healthchecks" { }; - user = mkOption { + user = lib.mkOption { default = defaultUser; - type = types.str; + type = lib.types.str; description = '' User account under which healthchecks runs. @@ -50,9 +56,9 @@ in ''; }; - group = mkOption { + group = lib.mkOption { default = defaultUser; - type = types.str; + type = lib.types.str; description = '' Group account under which healthchecks runs. @@ -64,20 +70,20 @@ in ''; }; - listenAddress = mkOption { - type = types.str; + listenAddress = lib.mkOption { + type = lib.types.str; default = "localhost"; description = "Address the server will listen on."; }; - port = mkOption { - type = types.port; + port = lib.mkOption { + type = lib.types.port; default = 8000; description = "Port the server will listen on."; }; - dataDir = mkOption { - type = types.str; + dataDir = lib.mkOption { + type = lib.types.str; default = "/var/lib/healthchecks"; description = '' The directory used to store all data for healthchecks. @@ -91,7 +97,7 @@ in }; settingsFile = lib.mkOption { - type = types.nullOr types.path; + type = lib.types.nullOr lib.types.path; default = null; description = opt.settings.description; }; @@ -119,31 +125,31 @@ in If the same variable is set in both `settings` and `settingsFile` the value from `settingsFile` has priority. ''; - type = types.submodule (settings: { - freeformType = types.attrsOf types.str; + type = lib.types.submodule (settings: { + freeformType = lib.types.attrsOf lib.types.str; options = { ALLOWED_HOSTS = lib.mkOption { - type = types.listOf types.str; + type = lib.types.listOf lib.types.str; default = [ "*" ]; description = "The host/domain names that this site can serve."; apply = lib.concatStringsSep ","; }; - SECRET_KEY_FILE = mkOption { - type = types.nullOr types.path; + SECRET_KEY_FILE = lib.mkOption { + type = lib.types.nullOr lib.types.path; description = "Path to a file containing the secret key."; default = null; }; - DEBUG = mkOption { - type = types.bool; + DEBUG = lib.mkOption { + type = lib.types.bool; default = false; description = "Enable debug mode."; apply = boolToPython; }; - REGISTRATION_OPEN = mkOption { - type = types.bool; + REGISTRATION_OPEN = lib.mkOption { + type = lib.types.bool; default = false; description = '' A boolean that controls whether site visitors can create new accounts. @@ -156,18 +162,19 @@ in apply = boolToPython; }; - DB = mkOption { - type = types.enum [ "sqlite" "postgres" "mysql" ]; + DB = lib.mkOption { + type = lib.types.enum [ + "sqlite" + "postgres" + "mysql" + ]; default = "sqlite"; description = "Database engine to use."; }; - DB_NAME = mkOption { - type = types.str; - default = - if settings.config.DB == "sqlite" - then "${cfg.dataDir}/healthchecks.sqlite" - else "hc"; + DB_NAME = lib.mkOption { + type = lib.types.str; + default = if settings.config.DB == "sqlite" then "${cfg.dataDir}/healthchecks.sqlite" else "hc"; defaultText = lib.literalExpression '' if config.${settings.options.DB} == "sqlite" then "''${config.${opt.dataDir}}/healthchecks.sqlite" @@ -180,14 +187,17 @@ in }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { environment.systemPackages = [ healthchecksManageScript ]; systemd.targets.healthchecks = { description = "Target for all Healthchecks services"; wantedBy = [ "multi-user.target" ]; wants = [ "network-online.target" ]; - after = [ "network.target" "network-online.target" ]; + after = [ + "network.target" + "network-online.target" + ]; }; systemd.services = @@ -200,8 +210,8 @@ in environmentFile (lib.optional (cfg.settingsFile != null) cfg.settingsFile) ]; - StateDirectory = mkIf (cfg.dataDir == "/var/lib/healthchecks") "healthchecks"; - StateDirectoryMode = mkIf (cfg.dataDir == "/var/lib/healthchecks") "0750"; + StateDirectory = lib.mkIf (cfg.dataDir == "/var/lib/healthchecks") "healthchecks"; + StateDirectoryMode = lib.mkIf (cfg.dataDir == "/var/lib/healthchecks") "0750"; }; in { @@ -223,10 +233,12 @@ in wantedBy = [ "healthchecks.target" ]; after = [ "healthchecks-migration.service" ]; - preStart = '' - ${pkg}/opt/healthchecks/manage.py collectstatic --no-input - ${pkg}/opt/healthchecks/manage.py remove_stale_contenttypes --no-input - '' + lib.optionalString (cfg.settings.DEBUG != "True") "${pkg}/opt/healthchecks/manage.py compress"; + preStart = + '' + ${pkg}/opt/healthchecks/manage.py collectstatic --no-input + ${pkg}/opt/healthchecks/manage.py remove_stale_contenttypes --no-input + '' + + lib.optionalString (cfg.settings.DEBUG != "True") "${pkg}/opt/healthchecks/manage.py compress"; serviceConfig = commonConfig // { Restart = "always"; @@ -265,20 +277,18 @@ in }; }; - users.users = optionalAttrs (cfg.user == defaultUser) { - ${defaultUser} = - { - description = "healthchecks service owner"; - isSystemUser = true; - group = defaultUser; - }; + users.users = lib.optionalAttrs (cfg.user == defaultUser) { + ${defaultUser} = { + description = "healthchecks service owner"; + isSystemUser = true; + group = defaultUser; + }; }; - users.groups = optionalAttrs (cfg.user == defaultUser) { - ${defaultUser} = - { - members = [ defaultUser ]; - }; + users.groups = lib.optionalAttrs (cfg.user == defaultUser) { + ${defaultUser} = { + members = [ defaultUser ]; + }; }; }; -} \ No newline at end of file +} diff --git a/modules/hosts/homepage/nixos.nix b/modules/hosts/homepage/nixos.nix index 093bc8fc..8ea4897e 100644 --- a/modules/hosts/homepage/nixos.nix +++ b/modules/hosts/homepage/nixos.nix @@ -1,14 +1,50 @@ -{ config, lib, pkgs, inputs, modulesPath, ... }: +{ + config, + lib, + pkgs, + inputs, + modulesPath, + ... +}: let cfg = config.yomaq.homepage; settingsFormat = pkgs.formats.yaml { }; listOfHosts = lib.attrNames inputs.self.nixosConfigurations; - mergeConfig = configKey: lib.mkMerge (map (hostname: lib.mkIf (inputs.self.nixosConfigurations."${hostname}".config.yomaq.homepage."${configKey}" != []) - inputs.self.nixosConfigurations."${hostname}".config.yomaq.homepage."${configKey}") listOfHosts); - mergeServiceGroups = configKey: lib.mkMerge (map (hostname: lib.mkIf (inputs.self.nixosConfigurations."${hostname}".config.yomaq.homepage.groups.services."${configKey}" != []) - inputs.self.nixosConfigurations."${hostname}".config.yomaq.homepage.groups.services."${configKey}") listOfHosts); - mergeBookmarksGroups = configKey: lib.mkMerge (map (hostname: lib.mkIf (inputs.self.nixosConfigurations."${hostname}".config.yomaq.homepage.groups.bookmarks"${configKey}" != []) - inputs.self.nixosConfigurations."${hostname}".config.yomaq.homepage.groups.bookmarks"${configKey}") listOfHosts); + mergeConfig = + configKey: + lib.mkMerge ( + map ( + hostname: + lib.mkIf ( + inputs.self.nixosConfigurations."${hostname}".config.yomaq.homepage."${configKey}" != [ ] + ) inputs.self.nixosConfigurations."${hostname}".config.yomaq.homepage."${configKey}" + ) listOfHosts + ); + mergeServiceGroups = + configKey: + lib.mkMerge ( + map ( + hostname: + lib.mkIf ( + inputs.self.nixosConfigurations."${hostname}".config.yomaq.homepage.groups.services."${configKey}" + != [ ] + ) inputs.self.nixosConfigurations."${hostname}".config.yomaq.homepage.groups.services."${configKey}" + ) listOfHosts + ); + mergeBookmarksGroups = + configKey: + lib.mkMerge ( + map ( + hostname: + lib.mkIf + ( + inputs.self.nixosConfigurations."${hostname}".config.yomaq.homepage.groups.bookmarks "${configKey}" + != [ ] + ) + inputs.self.nixosConfigurations."${hostname}".config.yomaq.homepage.groups.bookmarks + "${configKey}" + ) listOfHosts + ); in { options.yomaq.homepage = { @@ -33,15 +69,15 @@ in }; options.yomaq.homepage.groups = { services = { - services =lib.mkOption { + services = lib.mkOption { inherit (settingsFormat) type; - default = []; + default = [ ]; }; }; bookmarks = { - favorites =lib.mkOption { + favorites = lib.mkOption { inherit (settingsFormat) type; - default = []; + default = [ ]; }; }; }; @@ -61,46 +97,51 @@ in ##### yomaq.homepage = { - ### Bookmark and service groups cannot have the same names. - ### Empty lists will break the config - ### Also add the layout for the group below. - services = [ - { Services = mergeServiceGroups "services"; } - ]; + ### Bookmark and service groups cannot have the same names. + ### Empty lists will break the config + ### Also add the layout for the group below. + services = [ { Services = mergeServiceGroups "services"; } ]; bookmarks = [ # { favorites = mergeServiceGroups "favorites"; } ]; widgets = [ - {datetime = { + { + datetime = { format = { timeStyle = "short"; }; - };} - {search = { + }; + } + { + search = { provider = "brave"; focus = true; # Optional, will set focus to the search bar on page load showSearchSuggestions = true; # Optional, will show search suggestions. Defaults to false target = "_blank"; # One of _self, _blank, _parent or _top - };} - {openmeteo = { + }; + } + { + openmeteo = { label = "Okc"; # optional - latitude = "35.46756"; + latitude = "35.46756"; longitude = "-97.51643"; timezone = "America/Chicago"; # optional units = "Imperial"; # or "imperial" cache = 5; # Time in minutes to cache API responses, to stay within limits - format = { # optional, Intl.NumberFormat options + format = { + # optional, Intl.NumberFormat options maximumFractionDigits = 1; }; - };} + }; + } ]; - settings ={ + settings = { title = "{{HOMEPAGE_VAR_NAME}}"; background = { - blur = "sm"; # sm, "", md, xl... see https://tailwindcss.com/docs/backdrop-blur - saturate = 50; # 0, 50, 100... see https://tailwindcss.com/docs/backdrop-saturate - brightness = 50; # 0, 50, 75... see https://tailwindcss.com/docs/backdrop-brightness - opacity = 50; # 0-100 + blur = "sm"; # sm, "", md, xl... see https://tailwindcss.com/docs/backdrop-blur + saturate = 50; # 0, 50, 100... see https://tailwindcss.com/docs/backdrop-saturate + brightness = 50; # 0, 50, 75... see https://tailwindcss.com/docs/backdrop-brightness + opacity = 50; # 0-100 }; color = "slate"; theme = "dark"; # or light @@ -118,4 +159,4 @@ in }; }; -} \ No newline at end of file +} diff --git a/modules/hosts/impermanence/nixos.nix b/modules/hosts/impermanence/nixos.nix index 5b619670..cbe547ec 100644 --- a/modules/hosts/impermanence/nixos.nix +++ b/modules/hosts/impermanence/nixos.nix @@ -1,29 +1,33 @@ -{ config, lib, pkgs, inputs, ... }: -with lib; +{ + config, + lib, + pkgs, + inputs, + ... +}: { # I have to do this so I can import it into multiple modules, because if I import it directly to multiple modules... it breaks - imports = [inputs.impermanence.nixosModules.impermanence]; - + imports = [ inputs.impermanence.nixosModules.impermanence ]; options.yomaq.impermanence = { - backup = mkOption { - type = types.str; + backup = lib.mkOption { + type = lib.types.str; default = "/persist/save"; description = "The persistent directory to backup"; }; - backupStorage = mkOption { - type = types.str; + backupStorage = lib.mkOption { + type = lib.types.str; default = "/persist/save"; description = "The persistent directory to backup"; }; - dontBackup = mkOption { - type = types.str; + dontBackup = lib.mkOption { + type = lib.types.str; default = "/persist"; description = "The persistent directory to not backup"; }; }; config = { - yomaq.impermanence.backup = mkIf config.yomaq.disks.amReinstalling "/tmp"; - yomaq.impermanence.backupStorage = mkIf config.yomaq.disks.amReinstalling "/tmp"; + yomaq.impermanence.backup = lib.mkIf config.yomaq.disks.amReinstalling "/tmp"; + yomaq.impermanence.backupStorage = lib.mkIf config.yomaq.disks.amReinstalling "/tmp"; }; -} \ No newline at end of file +} diff --git a/modules/hosts/initrd-tailscale/nixos.nix b/modules/hosts/initrd-tailscale/nixos.nix index ed04169a..e756a672 100644 --- a/modules/hosts/initrd-tailscale/nixos.nix +++ b/modules/hosts/initrd-tailscale/nixos.nix @@ -1,4 +1,10 @@ -{ config, lib, pkgs, inputs, ... }: +{ + config, + lib, + pkgs, + inputs, + ... +}: ### pulled some lines from Andrew-d's comment here: https://github.com/NixOS/nixpkgs/pull/204249/files ### oauthkeys are currently not working because of trusted CA issues. Currently don't know how to fix for initrd. @@ -8,15 +14,14 @@ ### https://github.com/NixOS/nixpkgs/pull/306532 Made this more complicated, as it removed tailscale-wrapped. ### Made an overlay to undo it and add tailscale-wrapped back. -with lib; let cfg = config.yomaq.initrd-tailscale; in { options = { yomaq.initrd-tailscale = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = lib.mdDoc '' Starts Tailscale during initrd boot. It can be used to @@ -25,11 +30,11 @@ in included. Service is killed when stage-1 boot is finished. ''; }; - - package = lib.mkPackageOptionMD pkgs "tailscale" {}; - authKeyFile = mkOption { - type = types.nullOr types.path; + package = lib.mkPackageOptionMD pkgs "tailscale" { }; + + authKeyFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; default = "${config.age.secrets.tailscaleOAuthKeyAcceptSsh.path}"; example = "/run/secrets/tailscale_key"; description = lib.mdDoc '' @@ -37,23 +42,23 @@ in ''; }; - extraUpFlags = mkOption { + extraUpFlags = lib.mkOption { description = lib.mdDoc "Extra flags to pass to {command}`tailscale up`."; - type = types.listOf types.str; - default = []; - example = ["--ssh"]; + type = lib.types.listOf lib.types.str; + default = [ ]; + example = [ "--ssh" ]; }; }; }; - config = + config = let iptables-static = pkgs.iptables.overrideAttrs (old: { - dontDisableStatic = true; - configureFlags = (lib.remove "--enable-shared" old.configureFlags) ++ [ + dontDisableStatic = true; + configureFlags = (lib.remove "--enable-shared" old.configureFlags) ++ [ "--enable-static" "--disable-shared" - ]; + ]; }); # have to undo https://github.com/NixOS/nixpkgs/pull/306532 @@ -61,62 +66,74 @@ in tailscale-wrapped = super.tailscale.overrideAttrs (oldAttrs: { subPackages = oldAttrs.subPackages ++ [ "cmd/tailscale" ]; postInstall = lib.optionalString super.stdenv.isLinux '' - wrapProgram $out/bin/tailscaled --prefix PATH : ${lib.makeBinPath [ super.iproute2 super.iptables super.getent super.shadow ]} + wrapProgram $out/bin/tailscaled --prefix PATH : ${ + lib.makeBinPath [ + super.iproute2 + super.iptables + super.getent + super.shadow + ] + } wrapProgram $out/bin/tailscale --suffix PATH : ${lib.makeBinPath [ super.procps ]} ''; }); }; - in - mkMerge [ - (mkIf (config.boot.initrd.network.enable && !config.yomaq.disks.amReinstalling && cfg.enable) { - - nixpkgs.overlays = [ TailscaleWrappedOverlay ]; - - yomaq.initrd-tailscale.package = pkgs.tailscale-wrapped; - - boot.initrd.kernelModules = [ "tun" ]; - boot.initrd.availableKernelModules = [ - "xt_mark" - "nft_chain_nat" - "nft_compat" - "nft_compat" - "xt_LOG" - "xt_MASQUERADE" - "xt_addrtype" - "xt_comment" - "xt_conntrack" - "xt_multiport" - "xt_pkttype" - "xt_tcpudp" - ]; + in + lib.mkMerge [ + (lib.mkIf (config.boot.initrd.network.enable && !config.yomaq.disks.amReinstalling && cfg.enable) { + + nixpkgs.overlays = [ TailscaleWrappedOverlay ]; + + yomaq.initrd-tailscale.package = pkgs.tailscale-wrapped; + + boot.initrd.kernelModules = [ "tun" ]; + boot.initrd.availableKernelModules = [ + "xt_mark" + "nft_chain_nat" + "nft_compat" + "nft_compat" + "xt_LOG" + "xt_MASQUERADE" + "xt_addrtype" + "xt_comment" + "xt_conntrack" + "xt_multiport" + "xt_pkttype" + "xt_tcpudp" + ]; + + boot.initrd.extraUtilsCommands = '' + copy_bin_and_libs ${cfg.package}/bin/.tailscaled-wrapped + copy_bin_and_libs ${cfg.package}/bin/.tailscale-wrapped + copy_bin_and_libs ${pkgs.iproute}/bin/ip + copy_bin_and_libs ${iptables-static}/bin/iptables + copy_bin_and_libs ${iptables-static}/bin/ip6tables + copy_bin_and_libs ${iptables-static}/bin/xtables-legacy-multi + copy_bin_and_libs ${iptables-static}/bin/xtables-nft-multi + ''; + + age.secrets.tailscaleOAuthKeyAcceptSsh.file = ( + inputs.self + /secrets/tailscaleOAuthKeyAcceptSsh.age + ); - boot.initrd.extraUtilsCommands = '' - copy_bin_and_libs ${cfg.package}/bin/.tailscaled-wrapped - copy_bin_and_libs ${cfg.package}/bin/.tailscale-wrapped - copy_bin_and_libs ${pkgs.iproute}/bin/ip - copy_bin_and_libs ${iptables-static}/bin/iptables - copy_bin_and_libs ${iptables-static}/bin/ip6tables - copy_bin_and_libs ${iptables-static}/bin/xtables-legacy-multi - copy_bin_and_libs ${iptables-static}/bin/xtables-nft-multi - ''; - - age.secrets.tailscaleOAuthKeyAcceptSsh.file = (inputs.self + /secrets/tailscaleOAuthKeyAcceptSsh.age); - - boot.initrd.secrets."/etc/tauthkey" = cfg.authKeyFile; - - boot.initrd.network.postCommands = mkIf (!config.boot.initrd.systemd.enable) '' - .tailscaled-wrapped --state=mem: & - .tailscale-wrapped up --hostname=${config.networking.hostName}-initrd --auth-key 'file:/etc/tauthkey' ${escapeShellArgs cfg.extraUpFlags} & - ''; - - }) - (mkIf (config.boot.initrd.network.enable && cfg.enable) { - ### initrd secrets are deployed before agenix sets up keys. So the key needs to exist first, or the build will fail with a missing file error. - ### So, on a system install use amReinstalling to disable the above actual deployment of the secret, while still deploying the key here. - ## Then when you remove amReinstalling, initrd will see the secret deployed by the previous rebuild. - age.secrets.tailscaleOAuthKeyAcceptSsh.file = (inputs.self + /secrets/tailscaleOAuthKeyAcceptSsh.age); - })]; + boot.initrd.secrets."/etc/tauthkey" = cfg.authKeyFile; + + boot.initrd.network.postCommands = lib.mkIf (!config.boot.initrd.systemd.enable) '' + .tailscaled-wrapped --state=mem: & + .tailscale-wrapped up --hostname=${config.networking.hostName}-initrd --auth-key 'file:/etc/tauthkey' ${lib.escapeShellArgs cfg.extraUpFlags} & + ''; + + }) + (lib.mkIf (config.boot.initrd.network.enable && cfg.enable) { + ### initrd secrets are deployed before agenix sets up keys. So the key needs to exist first, or the build will fail with a missing file error. + ### So, on a system install use amReinstalling to disable the above actual deployment of the secret, while still deploying the key here. + ## Then when you remove amReinstalling, initrd will see the secret deployed by the previous rebuild. + age.secrets.tailscaleOAuthKeyAcceptSsh.file = ( + inputs.self + /secrets/tailscaleOAuthKeyAcceptSsh.age + ); + }) + ]; # ### for systemd networking. the old script based initrd network is slowly being phased out # ### not tested yet, just starting to prep what I expect is needed. diff --git a/modules/hosts/kde-plasma/nixos.nix b/modules/hosts/kde-plasma/nixos.nix index 3acab0f2..42b2f3f6 100644 --- a/modules/hosts/kde-plasma/nixos.nix +++ b/modules/hosts/kde-plasma/nixos.nix @@ -1,4 +1,11 @@ -{ options, config, lib, pkgs, inputs, ... }: +{ + options, + config, + lib, + pkgs, + inputs, + ... +}: let cfg = config.yomaq.kde-plasma; @@ -22,7 +29,6 @@ in services.xserver.videoDrivers = [ "amdgpu" ]; - # Enable sound with pipewire. sound.enable = true; hardware.pulseaudio.enable = false; @@ -40,6 +46,5 @@ in #media-session.enable = true; }; - }; -} \ No newline at end of file +} diff --git a/modules/hosts/network/darwin.nix b/modules/hosts/network/darwin.nix index 82ffd41f..97bec615 100644 --- a/modules/hosts/network/darwin.nix +++ b/modules/hosts/network/darwin.nix @@ -1,11 +1,16 @@ -{ options, config, lib, pkgs, inputs, ... }: - -with lib; +{ + options, + config, + lib, + pkgs, + inputs, + ... +}: let cfg = config.yomaq.network; in { - config = mkIf cfg.basics { + config = lib.mkIf cfg.basics { networking = { knownNetworkServices = [ '' @@ -18,4 +23,4 @@ in ]; }; }; -} \ No newline at end of file +} diff --git a/modules/hosts/network/default.nix b/modules/hosts/network/default.nix index bbca2b9e..e02b0754 100644 --- a/modules/hosts/network/default.nix +++ b/modules/hosts/network/default.nix @@ -1,31 +1,36 @@ -{ options, config, lib, pkgs, inputs, ... }: - -with lib; +{ + options, + config, + lib, + pkgs, + inputs, + ... +}: let cfg = config.yomaq.network; in { options.yomaq.network = { - basics = mkOption { - type = types.bool; + basics = lib.mkOption { + type = lib.types.bool; default = false; description = '' enable custom nix settings ''; }; - physicalInterfaceName = mkOption { - type = types.str or types.null; + physicalInterfaceName = lib.mkOption { + type = lib.types.str or lib.types.null; default = null; description = '' physical interface name - used for useBr0 option bellow ''; }; - useBr0 = mkOption { - type = types.bool; + useBr0 = lib.mkOption { + type = lib.types.bool; default = false; description = '' use a bridge, for nixos containers / vms ''; }; }; -} \ No newline at end of file +} diff --git a/modules/hosts/network/nixos.nix b/modules/hosts/network/nixos.nix index 1beb2a11..a2504a81 100644 --- a/modules/hosts/network/nixos.nix +++ b/modules/hosts/network/nixos.nix @@ -1,65 +1,70 @@ -{ options, config, lib, pkgs, inputs, ... }: - -with lib; +{ + options, + config, + lib, + pkgs, + inputs, + ... +}: let cfg = config.yomaq.network; in { - config = mkMerge [ - (mkIf cfg.basics { + config = lib.mkMerge [ + (lib.mkIf cfg.basics { networking.networkmanager.enable = true; # pulled from https://github.com/nix-community/srvos/blob/main/nixos/common/networking.nix - # Allow PMTU / DHCP - networking.firewall.allowPing = true; + # Allow PMTU / DHCP + networking.firewall.allowPing = true; - # Keep dmesg/journalctl -k output readable by NOT logging - # each refused connection on the open internet. - networking.firewall.logRefusedConnections = lib.mkDefault false; + # Keep dmesg/journalctl -k output readable by NOT logging + # each refused connection on the open internet. + networking.firewall.logRefusedConnections = lib.mkDefault false; - # Use networkd instead of the pile of shell scripts - networking.useNetworkd = lib.mkDefault true; - networking.useDHCP = lib.mkDefault false; + # Use networkd instead of the pile of shell scripts + networking.useNetworkd = lib.mkDefault true; + networking.useDHCP = lib.mkDefault false; - # The notion of "online" is a broken concept - # https://github.com/systemd/systemd/blob/e1b45a756f71deac8c1aa9a008bd0dab47f64777/NEWS#L13 - systemd.services.NetworkManager-wait-online.enable = false; - systemd.network.wait-online.enable = false; + # The notion of "online" is a broken concept + # https://github.com/systemd/systemd/blob/e1b45a756f71deac8c1aa9a008bd0dab47f64777/NEWS#L13 + systemd.services.NetworkManager-wait-online.enable = false; + systemd.network.wait-online.enable = false; - # # FIXME: Maybe upstream? - # # Do not take down the network for too long when upgrading, - # # This also prevents failures of services that are restarted instead of stopped. - # # It will use `systemctl restart` rather than stopping it with `systemctl stop` - # # followed by a delayed `systemctl start`. - # systemd.services.systemd-networkd.stopIfChanged = false; - # # Services that are only restarted might be not able to resolve when resolved is stopped before - # systemd.services.systemd-resolved.stopIfChanged = false; - }) - (mkIf cfg.useBr0 { - systemd.network = { - netdevs = { - "20-br0" = { - netdevConfig = { - Kind = "bridge"; - Name = "br0"; + # # FIXME: Maybe upstream? + # # Do not take down the network for too long when upgrading, + # # This also prevents failures of services that are restarted instead of stopped. + # # It will use `systemctl restart` rather than stopping it with `systemctl stop` + # # followed by a delayed `systemctl start`. + # systemd.services.systemd-networkd.stopIfChanged = false; + # # Services that are only restarted might be not able to resolve when resolved is stopped before + # systemd.services.systemd-resolved.stopIfChanged = false; + }) + (lib.mkIf cfg.useBr0 { + systemd.network = { + netdevs = { + "20-br0" = { + netdevConfig = { + Kind = "bridge"; + Name = "br0"; + }; }; }; - }; - networks = { - "30-${cfg.physicalInterfaceName}" = { - matchConfig.Name = "${cfg.physicalInterfaceName}"; - networkConfig.Bridge = "br0"; - linkConfig.RequiredForOnline = "enslaved"; - }; - "40-br0" = { - matchConfig.Name = "br0"; - networkConfig.DHCP = "ipv4"; - linkConfig.RequiredForOnline = "carrier"; + networks = { + "30-${cfg.physicalInterfaceName}" = { + matchConfig.Name = "${cfg.physicalInterfaceName}"; + networkConfig.Bridge = "br0"; + linkConfig.RequiredForOnline = "enslaved"; + }; + "40-br0" = { + matchConfig.Name = "br0"; + networkConfig.DHCP = "ipv4"; + linkConfig.RequiredForOnline = "carrier"; + }; }; }; - }; - }) + }) ]; -} \ No newline at end of file +} diff --git a/modules/hosts/nextcloud/nixos.nix b/modules/hosts/nextcloud/nixos.nix index 25c5071a..dbce05e9 100644 --- a/modules/hosts/nextcloud/nixos.nix +++ b/modules/hosts/nextcloud/nixos.nix @@ -1,16 +1,15 @@ ### from https://github.com/onny/nixos-nextcloud-testumgebung/blob/main/nextcloud-extras.nix ### here to enable caddy in place of nginx for nextlcloud - - -{ config -, lib -, options -, ... -}: let - - inherit - (lib) +{ + config, + lib, + options, + ... +}: +let + + inherit (lib) optionalString escapeShellArg types @@ -26,13 +25,14 @@ fpm = config.services.phpfpm.pools.nextcloud; webserver = config.services.${cfg.webserver}; -in { +in +{ options = { services.nextcloud = { ensureUsers = mkOption { - default = {}; + default = { }; description = lib.mdDoc '' List of user accounts which get automatically created if they don't exist yet. This option does not delete accounts which are not listed @@ -48,28 +48,33 @@ in { email = "user2@localhost"; }; }; - type = types.attrsOf (types.submodule { - options = { - passwordFile = mkOption { - type = types.path; - example = "/path/to/file"; - default = null; - description = lib.mdDoc '' - Specifies the path to a file containing the - clear text password for the user. - ''; - }; - email = mkOption { - type = types.str; - example = "user1@localhost"; - default = null; + type = types.attrsOf ( + types.submodule { + options = { + passwordFile = mkOption { + type = types.path; + example = "/path/to/file"; + default = null; + description = lib.mdDoc '' + Specifies the path to a file containing the + clear text password for the user. + ''; + }; + email = mkOption { + type = types.str; + example = "user1@localhost"; + default = null; + }; }; - }; - }); + } + ); }; webserver = mkOption { - type = types.enum [ "nginx" "caddy" ]; + type = types.enum [ + "nginx" + "caddy" + ]; default = "nginx"; description = '' Whether to use nginx or caddy for virtual host management. @@ -90,22 +95,26 @@ in { systemd.services.nextcloud-ensure-users = { enable = true; script = '' - ${optionalString (cfg.ensureUsers != {}) '' - ${concatStringsSep "\n" (mapAttrsToList (name: cfg: '' - if ${config.services.nextcloud.occ}/bin/nextcloud-occ user:info "${name}" | grep "user not found"; then - export OC_PASS="$(cat ${escapeShellArg cfg.passwordFile})" - ${config.services.nextcloud.occ}/bin/nextcloud-occ user:add --password-from-env "${name}" - fi - if ! ${config.services.nextcloud.occ}/bin/nextcloud-occ user:info "${name}" | grep "user not found"; then - ${optionalString (cfg.email != null) '' - ${config.services.nextcloud.occ}/bin/nextcloud-occ user:setting "${name}" settings email "${cfg.email}" - ''} - fi - '') cfg.ensureUsers)} + ${optionalString (cfg.ensureUsers != { }) '' + ${concatStringsSep "\n" ( + mapAttrsToList (name: cfg: '' + if ${config.services.nextcloud.occ}/bin/nextcloud-occ user:info "${name}" | grep "user not found"; then + export OC_PASS="$(cat ${escapeShellArg cfg.passwordFile})" + ${config.services.nextcloud.occ}/bin/nextcloud-occ user:add --password-from-env "${name}" + fi + if ! ${config.services.nextcloud.occ}/bin/nextcloud-occ user:info "${name}" | grep "user not found"; then + ${ + optionalString (cfg.email != null) '' + ${config.services.nextcloud.occ}/bin/nextcloud-occ user:setting "${name}" settings email "${cfg.email}" + '' + } + fi + '') cfg.ensureUsers + )} ''} ''; wantedBy = [ "multi-user.target" ]; - after = ["nextcloud-setup.service"]; + after = [ "nextcloud-setup.service" ]; }; services.phpfpm.pools.nextcloud.settings = { @@ -113,11 +122,12 @@ in { "listen.group" = webserver.group; }; - users.groups.nextcloud.members = [ "nextcloud" webserver.user ]; + users.groups.nextcloud.members = [ + "nextcloud" + webserver.user + ]; - services.nginx = lib.mkIf (cfg.webserver == "caddy") { - enable = mkForce false; - }; + services.nginx = lib.mkIf (cfg.webserver == "caddy") { enable = mkForce false; }; services.caddy = lib.mkIf (cfg.webserver == "caddy") { enable = mkDefault true; @@ -193,4 +203,4 @@ in { }; }; -} \ No newline at end of file +} diff --git a/modules/hosts/nix+nixpkgs/darwin.nix b/modules/hosts/nix+nixpkgs/darwin.nix index b1cd9dcf..ace20a3e 100644 --- a/modules/hosts/nix+nixpkgs/darwin.nix +++ b/modules/hosts/nix+nixpkgs/darwin.nix @@ -1,6 +1,11 @@ -{ options, config, lib, pkgs, inputs, ... }: - -with lib; +{ + options, + config, + lib, + pkgs, + inputs, + ... +}: let cfg = config.yomaq.nixSettings; in @@ -9,23 +14,21 @@ in # this apparently needs to say nixos instead of darwin inputs.lix.nixosModules.default ]; - config = mkIf cfg.enable { + config = lib.mkIf lib.cfg.enable { nix = { gc = { automatic = true; interval.Hour = 1; options = "--delete-older-than 30d"; }; - #Nix Store config, hard linking identical dependancies etc. + #Nix Store config, hard linking identical dependancies etc. settings = { auto-optimise-store = true; - allowed-users = [ - "carln" - ]; + allowed-users = [ "carln" ]; }; }; services.nix-daemon.enable = true; #At the time of making the config nix breaks when darwin documentation is enabled. documentation.enable = false; }; -} \ No newline at end of file +} diff --git a/modules/hosts/nix+nixpkgs/default.nix b/modules/hosts/nix+nixpkgs/default.nix index 09e5fcc8..090054ae 100644 --- a/modules/hosts/nix+nixpkgs/default.nix +++ b/modules/hosts/nix+nixpkgs/default.nix @@ -1,13 +1,18 @@ -{ options, config, lib, pkgs, inputs, ... }: - -with lib; +{ + options, + config, + lib, + pkgs, + inputs, + ... +}: let cfg = config.yomaq.nixSettings; in { options.yomaq.nixSettings = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' enable custom nix settings @@ -15,7 +20,7 @@ in }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { nix = { # This will add each flake input as a registry # To make nix3 commands consistent with your flake @@ -42,10 +47,10 @@ in }; }; nixpkgs = { - overlays = [ + overlays = [ inputs.self.overlays.pkgs-unstable inputs.agenix.overlays.default - ]; + ]; # Configure your nixpkgs instance config = { # Disable if you don't want unfree packages @@ -55,4 +60,4 @@ in }; }; }; -} \ No newline at end of file +} diff --git a/modules/hosts/nix+nixpkgs/nixos.nix b/modules/hosts/nix+nixpkgs/nixos.nix index b04469fc..02b15ec0 100644 --- a/modules/hosts/nix+nixpkgs/nixos.nix +++ b/modules/hosts/nix+nixpkgs/nixos.nix @@ -1,14 +1,17 @@ -{ options, config, lib, pkgs, inputs, ... }: - -with lib; +{ + options, + config, + lib, + pkgs, + inputs, + ... +}: let cfg = config.yomaq.nixSettings; in { - imports = [ - inputs.lix.nixosModules.default - ]; - config = mkIf cfg.enable { + imports = [ inputs.lix.nixosModules.default ]; + config = lib.mkIf cfg.enable { nix = { gc = { automatic = true; @@ -18,4 +21,4 @@ in }; systemd.services.nix-daemon.serviceConfig.OOMScoreAdjust = lib.mkDefault 250; }; -} \ No newline at end of file +} diff --git a/modules/hosts/nixos.nix b/modules/hosts/nixos.nix index a1a05fef..9c9843b9 100644 --- a/modules/hosts/nixos.nix +++ b/modules/hosts/nixos.nix @@ -3,38 +3,40 @@ ## Import all modules inside this folder recursively. ## from: https://github.com/evanjs/nixos_cfg/blob/4bb5b0b84a221b25cf50853c12b9f66f0cad3ea4/config/new-modules/default.nix -with lib; let # Recursively constructs an attrset of a given folder, recursing on directories, value of attrs is the filetype - getDir = dir: mapAttrs - (file: type: - if type == "directory" then getDir "${dir}/${file}" else type + getDir = + dir: + lib.mapAttrs ( + file: type: if type == "directory" then getDir "${dir}/${file}" else type # If you want to exclude recusing on directories (untested) # if type == "directory" then null else type - ) - (builtins.readDir dir); + ) (builtins.readDir dir); # Collects all files of a directory as a list of strings of paths - files = dir: collect isString (mapAttrsRecursive (path: type: concatStringsSep "/" path) (getDir dir)); + files = + dir: lib.collect lib.isString (lib.mapAttrsRecursive (path: type: lib.concatStringsSep "/" path) (getDir dir)); # Filters out directories that don't end with .nix or are this file, also makes the strings absolute - validFiles = dir: map - (file: ./. + "/${file}") - (filter - (file: hasSuffix ".nix" file + validFiles = + dir: + map (file: ./. + "/${file}") ( + lib.filter ( + file: + lib.hasSuffix ".nix" file # Exclude this file && file != "default.nix" && file != "nixos.nix" # how to exclude a path # && ! lib.hasPrefix "exclude/path/" file # how to exclude a group of files - && ! lib.hasSuffix "darwin.nix" file - ) - (files dir)); + && !lib.hasSuffix "darwin.nix" file + ) (files dir) + ); in { imports = validFiles ./.; -} \ No newline at end of file +} diff --git a/modules/hosts/ntfy/nixos.nix b/modules/hosts/ntfy/nixos.nix index cd8fbbbe..9f39c682 100644 --- a/modules/hosts/ntfy/nixos.nix +++ b/modules/hosts/ntfy/nixos.nix @@ -1,25 +1,30 @@ -{ options, config, lib, pkgs, inputs, ... }: - -with lib; +{ + options, + config, + lib, + pkgs, + inputs, + ... +}: let cfg = config.yomaq.ntfy; in { options.yomaq.ntfy = { - ntfyUrl = mkOption { - type = types.str; + ntfyUrl = lib.mkOption { + type = lib.types.str; default = ""; description = "The base URL for NTFY notifications."; }; - defaultTopic = mkOption { - type = types.str; + defaultTopic = lib.mkOption { + type = lib.types.str; default = ""; description = "The default topic for NTFY notifications."; }; - defaultPriority = mkOption { - type = types.str; + defaultPriority = lib.mkOption { + type = lib.types.str; default = ""; description = "The default priority level for NTFY notifications."; }; @@ -35,4 +40,4 @@ in } # example: -# "curl -H ${config.yomaq.ntfy.defaultPriority} -d "message goes here" ${config.yomaq.ntfy.ntfyUrl}${config.yomaq.ntfy.defaultTopic}" \ No newline at end of file +# "curl -H ${config.yomaq.ntfy.defaultPriority} -d "message goes here" ${config.yomaq.ntfy.ntfyUrl}${config.yomaq.ntfy.defaultTopic}" diff --git a/modules/hosts/primaryUser/nixos.nix b/modules/hosts/primaryUser/nixos.nix index 20c71eb1..14c706e6 100644 --- a/modules/hosts/primaryUser/nixos.nix +++ b/modules/hosts/primaryUser/nixos.nix @@ -1,13 +1,17 @@ -{ options, config, lib, pkgs, ... }: - +{ + options, + config, + lib, + pkgs, + ... +}: # this is used in other places to allow modules to be dynamic to the primary user accounts on the machine, is used frequently in other modules # may eventually expand to configure everything related to user accounts -with lib; { options.yomaq.primaryUser = { - users = mkOption { - type = types.listOf types.str; + users = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ "admin" ]; description = '' list Primary users for the computer @@ -25,4 +29,4 @@ with lib; Defaults lecture = never ''; }; -} \ No newline at end of file +} diff --git a/modules/hosts/scripts/default.nix b/modules/hosts/scripts/default.nix index 36415d76..6b9cbdaf 100644 --- a/modules/hosts/scripts/default.nix +++ b/modules/hosts/scripts/default.nix @@ -1,12 +1,18 @@ -{ options, config, lib, pkgs, inputs, ... }: -with lib; +{ + options, + config, + lib, + pkgs, + inputs, + ... +}: let cfg = config.yomaq.scripts; in { options.yomaq.scripts = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' install custom scripts @@ -14,10 +20,9 @@ in }; }; - - config = lib.mkIf cfg.enable { + config = lib.mkIf cfg.enable { environment.systemPackages = with pkgs; [ - (import (inputs.self + /modules/scripts/initrdunlock.nix) {inherit pkgs inputs;}) + (import (inputs.self + /modules/scripts/initrdunlock.nix) { inherit pkgs inputs; }) ]; - }; -} \ No newline at end of file + }; +} diff --git a/modules/hosts/skhd/darwin.nix b/modules/hosts/skhd/darwin.nix index 4b4640ff..7ce621d2 100644 --- a/modules/hosts/skhd/darwin.nix +++ b/modules/hosts/skhd/darwin.nix @@ -1,13 +1,17 @@ -{ options, config, lib, pkgs, ... }: - -with lib; +{ + options, + config, + lib, + pkgs, + ... +}: let cfg = config.yomaq.skhd; in { options.yomaq.skhd = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' enable custom skhd module @@ -15,7 +19,7 @@ in }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { services = { skhd = { enable = true; diff --git a/modules/hosts/ssh/knownHosts/default.nix b/modules/hosts/ssh/knownHosts/default.nix index 2f622c09..1838e1d5 100644 --- a/modules/hosts/ssh/knownHosts/default.nix +++ b/modules/hosts/ssh/knownHosts/default.nix @@ -1,4 +1,10 @@ -{ options, config, lib, pkgs, ... }: +{ + options, + config, + lib, + pkgs, + ... +}: { programs.ssh.knownHosts = { "green".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICWw4+s+Og4ASHmpP5s03O+mww5y1aPa9fE1rZHP1KDD"; @@ -19,5 +25,5 @@ "smalt".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILR615VGZfPxDnK6dDumGUByl8n8ZT8hctQ0HzXplxPB"; "smalt-initrd".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFk1pvG36S3ICyy70Ci3Y5b1/wOEvyfD2hkw6qLhC/LG"; - }; -} \ No newline at end of file + }; +} diff --git a/modules/hosts/ssh/nixos.nix b/modules/hosts/ssh/nixos.nix index 86aa5cf0..17443780 100644 --- a/modules/hosts/ssh/nixos.nix +++ b/modules/hosts/ssh/nixos.nix @@ -1,14 +1,18 @@ -{ options, config, lib, pkgs, ... }: - -with lib; +{ + options, + config, + lib, + pkgs, + ... +}: let cfg = config.yomaq.ssh; inherit (config.networking) hostName; in { options.yomaq.ssh = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' enable custom ssh module @@ -16,9 +20,9 @@ in }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { # Enable SSH service - networking.firewall.allowedTCPPorts = [22]; + networking.firewall.allowedTCPPorts = [ 22 ]; services.openssh = { enable = true; settings = { @@ -33,4 +37,4 @@ in ]; }; }; -} \ No newline at end of file +} diff --git a/modules/hosts/suites/basics/darwin.nix b/modules/hosts/suites/basics/darwin.nix index adb66b29..365cb3bf 100644 --- a/modules/hosts/suites/basics/darwin.nix +++ b/modules/hosts/suites/basics/darwin.nix @@ -1,15 +1,19 @@ -{ options, config, lib, pkgs, inputs, ... }: - -with lib; +{ + options, + config, + lib, + pkgs, + inputs, + ... +}: let cfg = config.yomaq.suites.basics; in { - imports = [ - ]; - config = mkIf cfg.enable { + imports = [ ]; + config = lib.mkIf cfg.enable { yomaq = { skhd.enable = true; }; }; -} \ No newline at end of file +} diff --git a/modules/hosts/suites/basics/default.nix b/modules/hosts/suites/basics/default.nix index 3b6cac30..f761c07b 100644 --- a/modules/hosts/suites/basics/default.nix +++ b/modules/hosts/suites/basics/default.nix @@ -1,22 +1,25 @@ -{ options, config, lib, pkgs, inputs, ... }: - -with lib; +{ + options, + config, + lib, + pkgs, + inputs, + ... +}: let cfg = config.yomaq.suites.basics; in { - imports = [ - ]; + imports = [ ]; options.yomaq.suites.basics = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; - description = '' - ''; + description = ''''; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { nixpkgs.overlays = [ inputs.agenix.overlays.default ]; environment.systemPackages = with pkgs; [ vim @@ -26,4 +29,4 @@ in nixos-rebuild ]; }; -} \ No newline at end of file +} diff --git a/modules/hosts/suites/basics/nixos.nix b/modules/hosts/suites/basics/nixos.nix index 354c3de1..72d98561 100644 --- a/modules/hosts/suites/basics/nixos.nix +++ b/modules/hosts/suites/basics/nixos.nix @@ -1,13 +1,18 @@ -{ options, config, lib, pkgs, inputs, ... }: - -with lib; +{ + options, + config, + lib, + pkgs, + inputs, + ... +}: let cfg = config.yomaq.suites.basics; in { - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { yomaq = { glances.enable = true; }; }; -} \ No newline at end of file +} diff --git a/modules/hosts/suites/container/nixos.nix b/modules/hosts/suites/container/nixos.nix index def4f695..cdfd1ef9 100644 --- a/modules/hosts/suites/container/nixos.nix +++ b/modules/hosts/suites/container/nixos.nix @@ -1,22 +1,25 @@ -{ options, config, lib, pkgs, ... }: - -with lib; +{ + options, + config, + lib, + pkgs, + ... +}: let cfg = config.yomaq.suites.container; in { options.yomaq.suites.container = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; - description = '' - ''; + description = ''''; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { yomaq = { - zsh.enable =true; + zsh.enable = true; agenix.enable = true; nixSettings.enable = true; tailscale.enable = true; @@ -25,4 +28,4 @@ in networking.useDHCP = lib.mkForce true; }; -} \ No newline at end of file +} diff --git a/modules/hosts/suites/foundation/darwin.nix b/modules/hosts/suites/foundation/darwin.nix index 44091180..6d75c27e 100644 --- a/modules/hosts/suites/foundation/darwin.nix +++ b/modules/hosts/suites/foundation/darwin.nix @@ -1,14 +1,18 @@ -{ options, config, lib, pkgs, ... }: - -with lib; +{ + options, + config, + lib, + pkgs, + ... +}: let cfg = config.yomaq.suites.foundation; in { - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { yomaq = { macosSettings.enable = true; homebrew.enable = true; }; }; -} \ No newline at end of file +} diff --git a/modules/hosts/suites/foundation/default.nix b/modules/hosts/suites/foundation/default.nix index 4f422f2d..95c691e2 100644 --- a/modules/hosts/suites/foundation/default.nix +++ b/modules/hosts/suites/foundation/default.nix @@ -1,26 +1,29 @@ -{ options, config, lib, pkgs, ... }: - -with lib; +{ + options, + config, + lib, + pkgs, + ... +}: let cfg = config.yomaq.suites.foundation; in { options.yomaq.suites.foundation = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; - description = '' - ''; + description = ''''; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { yomaq = { - zsh.enable =true; + zsh.enable = true; agenix.enable = true; nixSettings.enable = true; tailscale.enable = true; network.basics = true; }; }; -} \ No newline at end of file +} diff --git a/modules/hosts/suites/foundation/nixos.nix b/modules/hosts/suites/foundation/nixos.nix index 2d7b9cac..03d7b944 100644 --- a/modules/hosts/suites/foundation/nixos.nix +++ b/modules/hosts/suites/foundation/nixos.nix @@ -1,13 +1,17 @@ -{ options, config, lib, pkgs, ... }: - -with lib; +{ + options, + config, + lib, + pkgs, + ... +}: let cfg = config.yomaq.suites.foundation; in { - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { yomaq = { initrd-tailscale.enable = true; }; }; -} \ No newline at end of file +} diff --git a/modules/hosts/tailscale/darwin.nix b/modules/hosts/tailscale/darwin.nix index 437d3430..2cfa75a2 100644 --- a/modules/hosts/tailscale/darwin.nix +++ b/modules/hosts/tailscale/darwin.nix @@ -1,15 +1,16 @@ -{ options, config, lib, pkgs, inputs, ... }: +{ + options, + config, + lib, + pkgs, + inputs, + ... +}: # why am I not just using the tailscale service directly? ... idk, it auto configures the authKeyFile? - -with lib; let cfg = config.yomaq.tailscale; in { - config = lib.mkIf cfg.enable { - homebrew.casks = [ - "tailscale" - ]; - }; -} \ No newline at end of file + config = lib.mkIf cfg.enable { homebrew.casks = [ "tailscale" ]; }; +} diff --git a/modules/hosts/tailscale/default.nix b/modules/hosts/tailscale/default.nix index 2d63b3d7..c2607081 100644 --- a/modules/hosts/tailscale/default.nix +++ b/modules/hosts/tailscale/default.nix @@ -1,29 +1,44 @@ -{ options, config, lib, pkgs, inputs, ... }: +{ + options, + config, + lib, + pkgs, + inputs, + ... +}: # why am I not just using the tailscale service directly? ... idk, it auto configures the authKeyFile? -with lib; let cfg = config.yomaq.tailscale; in { options.yomaq.tailscale = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' enable custom tailscale module ''; }; - extraUpFlags = mkOption { - type = types.listOf types.str; - default = ["--ssh=true" "--reset=true" "--accept-dns=true"]; + extraUpFlags = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ + "--ssh=true" + "--reset=true" + "--accept-dns=true" + ]; description = '' Extra flags to pass to tailscale up. ''; }; - useRoutingFeatures = mkOption { - type = types.enum [ "none" "client" "server" "both" ]; + useRoutingFeatures = lib.mkOption { + type = lib.types.enum [ + "none" + "client" + "server" + "both" + ]; default = "none"; example = "server"; description = lib.mdDoc '' @@ -35,26 +50,26 @@ in When set to `server` or `both`, IP forwarding will be enabled. ''; }; - tailnetName = mkOption { - type = types.str; + tailnetName = lib.mkOption { + type = lib.types.str; default = ""; description = '' The name of the tailnet ''; }; - authKeyFile = mkOption { - type = types.nullOr types.path; + authKeyFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; default = "${config.age.secrets.tailscaleKey.path}"; description = '' allow you to specify a key, or set null to disable ''; }; - preApprovedSshAuthkey = mkOption { - type = types.bool; + preApprovedSshAuthkey = lib.mkOption { + type = lib.types.bool; default = false; description = '' decrypt pre-approved ssh authkey ''; }; }; -} \ No newline at end of file +} diff --git a/modules/hosts/tailscale/nixos.nix b/modules/hosts/tailscale/nixos.nix index a94a9a30..85815cb6 100644 --- a/modules/hosts/tailscale/nixos.nix +++ b/modules/hosts/tailscale/nixos.nix @@ -1,39 +1,42 @@ -{ options, config, lib, pkgs, inputs, ... }: - - -with lib; +{ + options, + config, + lib, + pkgs, + inputs, + ... +}: let cfg = config.yomaq.tailscale; inherit (config.networking) hostName; in { - config = mkMerge [ - (lib.mkIf cfg.enable { - services.tailscale = { - package = pkgs.unstable.tailscale; - enable = true; - authKeyFile = cfg.authKeyFile; - extraUpFlags = cfg.extraUpFlags; - useRoutingFeatures = cfg.useRoutingFeatures; - permitCertUid = "caddy"; - }; + config = lib.mkMerge [ + (lib.mkIf cfg.enable { + services.tailscale = { + package = pkgs.unstable.tailscale; + enable = true; + authKeyFile = cfg.authKeyFile; + extraUpFlags = cfg.extraUpFlags; + useRoutingFeatures = cfg.useRoutingFeatures; + permitCertUid = "caddy"; + }; - environment.persistence."${config.yomaq.impermanence.dontBackup}" = { - hideMounts = true; - directories = [ - "/var/lib/tailscale" - ]; - }; - yomaq.tailscale.tailnetName = "sable-chimaera"; - age.secrets.tailscaleKey.file = ( inputs.self + /secrets/tailscaleKey.age); + environment.persistence."${config.yomaq.impermanence.dontBackup}" = { + hideMounts = true; + directories = [ "/var/lib/tailscale" ]; + }; + yomaq.tailscale.tailnetName = "sable-chimaera"; + age.secrets.tailscaleKey.file = (inputs.self + /secrets/tailscaleKey.age); - environment.systemPackages = with pkgs; [ - unstable.tailscale - ]; + environment.systemPackages = with pkgs; [ unstable.tailscale ]; - }) - (lib.mkIf cfg.preApprovedSshAuthkey { - age.secrets.tailscaleOAuthKeyAcceptSsh.file = ( inputs.self + /secrets/tailscaleOAuthKeyAcceptSsh.age); - })]; -} \ No newline at end of file + }) + (lib.mkIf cfg.preApprovedSshAuthkey { + age.secrets.tailscaleOAuthKeyAcceptSsh.file = ( + inputs.self + /secrets/tailscaleOAuthKeyAcceptSsh.age + ); + }) + ]; +} diff --git a/modules/hosts/timezone/nixos.nix b/modules/hosts/timezone/nixos.nix index c99b7ec4..b3e41157 100644 --- a/modules/hosts/timezone/nixos.nix +++ b/modules/hosts/timezone/nixos.nix @@ -1,21 +1,24 @@ -{ options, config, lib, pkgs, ... }: - -with lib; +{ + options, + config, + lib, + pkgs, + ... +}: let cfg = config.yomaq.timezone; in { options.yomaq.timezone = { - central = mkOption { - type = types.bool; + central = lib.mkOption { + type = lib.types.bool; default = false; - description = '' - ''; + description = ''''; }; }; - config = mkMerge [ - (mkIf cfg.central { + config = lib.mkMerge [ + (lib.mkIf cfg.central { # Set your time zone. time.timeZone = "America/Chicago"; # Select internationalisation properties. @@ -33,4 +36,4 @@ in }; }) ]; -} \ No newline at end of file +} diff --git a/modules/hosts/yabai/darwin.nix b/modules/hosts/yabai/darwin.nix index 4d85e051..79f2734c 100644 --- a/modules/hosts/yabai/darwin.nix +++ b/modules/hosts/yabai/darwin.nix @@ -1,13 +1,17 @@ -{ options, config, lib, pkgs, ... }: - -with lib; +{ + options, + config, + lib, + pkgs, + ... +}: let cfg = config.yomaq.yabai; in { options.yomaq.yabai = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' enable custom yabai module @@ -15,9 +19,9 @@ in }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { services = { -#config for Yabai Window Manager, really basic config + #config for Yabai Window Manager, really basic config yabai = { enable = true; extraConfig = '' @@ -31,7 +35,7 @@ in yabai -m config mouse_action1 move yabai -m config mouse_action2 resize yabai -m config mouse_drop_action swap - + yabai -m config layout bsp yabai -m config top_padding 8 yabai -m config bottom_padding 8 @@ -41,7 +45,7 @@ in #yabai -m rule --add app="" manage=off ''; }; -#config for skhd keyboard shortcuts for Yabai Window Manager. + #config for skhd keyboard shortcuts for Yabai Window Manager. skhd = { enable = true; skhdConfig = '' diff --git a/modules/hosts/zfs/disks/nixos.nix b/modules/hosts/zfs/disks/nixos.nix index 5c6d2491..6c9fe7c7 100644 --- a/modules/hosts/zfs/disks/nixos.nix +++ b/modules/hosts/zfs/disks/nixos.nix @@ -1,7 +1,14 @@ -{ options, config, lib, pkgs, inputs, ... }: +{ + options, + config, + lib, + pkgs, + inputs, + ... +}: let authorizedkeys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDF1TFwXbqdC1UyG75q3HO1n7/L3yxpeRLIq2kQ9DalI" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDF1TFwXbqdC1UyG75q3HO1n7/L3yxpeRLIq2kQ9DalI" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHYSJ9ywFRJ747tkhvYWFkx/Y9SkLqv3rb7T1UuXVBWo" ]; cfg = config.yomaq.disks; @@ -28,24 +35,24 @@ in type = lib.types.bool; default = false; }; - initrd-ssh = { + initrd-ssh = { enable = lib.mkOption { type = lib.types.bool; default = false; }; authorizedKeys = lib.mkOption { type = lib.types.listOf lib.types.str; - default = []; + default = [ ]; }; ethernetDrivers = lib.mkOption { type = lib.types.listOf lib.types.str; - default = []; + default = [ ]; description = '' ethernet drivers to load: (run "lspci -v | grep -iA8 'network\|ethernet'") ''; }; - }; - zfs = { + }; + zfs = { enable = lib.mkOption { type = lib.types.bool; default = false; @@ -102,7 +109,7 @@ in }; disks = lib.mkOption { type = lib.types.listOf lib.types.str; - default = []; + default = [ ]; description = '' device names ''; @@ -125,7 +132,7 @@ in }; }; - config = lib.mkMerge [ + config = lib.mkMerge [ (lib.mkIf (cfg.enable && cfg.systemd-boot) { # setup systemd-boot boot.loader.systemd-boot.enable = true; @@ -161,7 +168,7 @@ in }) (lib.mkIf cfg.zfs.enable { networking.hostId = cfg.zfs.hostID; - environment.systemPackages = [pkgs.zfs-prune-snapshots]; + environment.systemPackages = [ pkgs.zfs-prune-snapshots ]; boot = { # Newest kernels might not be supported by ZFS kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; @@ -170,7 +177,10 @@ in "nohibernate" "zfs.zfs_arc_max=17179869184" ]; - supportedFilesystems = [ "vfat" "zfs" ]; + supportedFilesystems = [ + "vfat" + "zfs" + ]; zfs = { devNodes = "/dev/disk/by-id/"; forceImportAll = true; @@ -184,98 +194,104 @@ in }) (lib.mkIf cfg.zfs.enable { disko.devices = { - disk = lib.mkMerge [ - (lib.mkIf (cfg.zfs.storage.enable && !cfg.amReinstalling) (lib.mkMerge (map ( diskname: { - "${diskname}" = { + disk = lib.mkMerge [ + (lib.mkIf (cfg.zfs.storage.enable && !cfg.amReinstalling) ( + lib.mkMerge ( + map (diskname: { + "${diskname}" = { + type = "disk"; + device = "/dev/${diskname}"; + content = { + type = "gpt"; + partitions = { + luks = { + size = "100%"; + content = { + type = "luks"; + name = "stg${diskname}"; + settings.allowDiscards = true; + passwordFile = "/tmp/secret.key"; + content = { + type = "zfs"; + pool = "zstorage"; + }; + }; + }; + }; + }; + }; + }) cfg.zfs.storage.disks + ) + )) + ({ + one = lib.mkIf (cfg.zfs.root.disk1 != "") { type = "disk"; - device = "/dev/${diskname}"; + device = "/dev/${cfg.zfs.root.disk1}"; content = { type = "gpt"; partitions = { - luks = { + ESP = { + label = "EFI"; + name = "ESP"; + size = "2048M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ + "defaults" + "umask=0077" + ]; + }; + }; + luks = lib.mkIf cfg.zfs.root.encrypt { size = "100%"; content = { type = "luks"; - name = "stg${diskname}"; + name = "crypted1"; settings.allowDiscards = true; passwordFile = "/tmp/secret.key"; content = { type = "zfs"; - pool = "zstorage"; + pool = "zroot"; }; }; }; - }; - }; - }; - })cfg.zfs.storage.disks))) - ({one = lib.mkIf (cfg.zfs.root.disk1 != "") { - type = "disk"; - device = "/dev/${cfg.zfs.root.disk1}"; - content = { - type = "gpt"; - partitions = { - ESP = { - label = "EFI"; - name = "ESP"; - size = "2048M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ - "defaults" - "umask=0077" - ]; - }; - }; - luks = lib.mkIf cfg.zfs.root.encrypt { - size = "100%"; - content = { - type = "luks"; - name = "crypted1"; - settings.allowDiscards = true; - passwordFile = "/tmp/secret.key"; + notluks = lib.mkIf (!cfg.zfs.root.encrypt) { + size = "100%"; content = { type = "zfs"; pool = "zroot"; }; }; }; - notluks = lib.mkIf (!cfg.zfs.root.encrypt) { - size = "100%"; - content = { - type = "zfs"; - pool = "zroot"; - }; - }; }; }; - }; - two = lib.mkIf (cfg.zfs.root.disk2 != "") { - type = "disk"; - device = "/dev/${cfg.zfs.root.disk2}"; - content = { - type = "gpt"; - partitions = { - luks = { - size = "100%"; - content = { - type = "luks"; - name = "crypted2"; - settings.allowDiscards = true; - passwordFile = "/tmp/secret.key"; + two = lib.mkIf (cfg.zfs.root.disk2 != "") { + type = "disk"; + device = "/dev/${cfg.zfs.root.disk2}"; + content = { + type = "gpt"; + partitions = { + luks = { + size = "100%"; content = { - type = "zfs"; - pool = "zroot"; + type = "luks"; + name = "crypted2"; + settings.allowDiscards = true; + passwordFile = "/tmp/secret.key"; + content = { + type = "zfs"; + pool = "zroot"; + }; }; }; }; }; }; - }; - })]; + }) + ]; zpool = { zroot = { type = "zpool"; @@ -406,9 +422,9 @@ in }; }; # Needed for agenix. - # nixos-anywhere currently has issues with impermanence so agenix keys are lost during the install process. - # as such we give /etc/ssh its own zfs dataset rather than using impermanence to save the keys when we wipe the root directory on boot - # agenix needs the keys available before the zfs datasets are mounted, so we need this to make sure they are available. + # nixos-anywhere currently has issues with impermanence so agenix keys are lost during the install process. + # as such we give /etc/ssh its own zfs dataset rather than using impermanence to save the keys when we wipe the root directory on boot + # agenix needs the keys available before the zfs datasets are mounted, so we need this to make sure they are available. fileSystems."/etc/ssh".neededForBoot = true; # Needed for impermanence, because we mount /persist/save on /persist, we need to make sure /persist is mounted before /persist/save fileSystems."/persist".neededForBoot = true; @@ -419,7 +435,7 @@ in #wipe / and /var on boot lib.mkAfter '' zfs rollback -r zroot/root@empty - ''; + ''; }) ]; -} \ No newline at end of file +} diff --git a/modules/hosts/zfs/sanoid/nixos.nix b/modules/hosts/zfs/sanoid/nixos.nix index aa867fc8..ab9a0881 100644 --- a/modules/hosts/zfs/sanoid/nixos.nix +++ b/modules/hosts/zfs/sanoid/nixos.nix @@ -1,4 +1,11 @@ -{ options, config, lib, pkgs, inputs, ... }: +{ + options, + config, + lib, + pkgs, + inputs, + ... +}: let cfg = config.yomaq.sanoid; in @@ -10,7 +17,7 @@ in description = '' enable custom sanoid, zfs-snapshot module ''; - }; + }; }; config = lib.mkIf cfg.enable { @@ -26,13 +33,15 @@ in yearly = 1; }; }; - datasets = { - "zroot/persist".useTemplate = [ "default" ]; - "zroot/persistSave".useTemplate = [ "default" ]; - } // lib.optionalAttrs (config.yomaq.disks.zfs.storage.enable && !config.yomaq.disks.amReinstalling) { - "zstorage/storage".useTemplate = [ "default" ]; - "zstorage/persistSave".useTemplate = [ "default" ]; - }; + datasets = + { + "zroot/persist".useTemplate = [ "default" ]; + "zroot/persistSave".useTemplate = [ "default" ]; + } + // lib.optionalAttrs (config.yomaq.disks.zfs.storage.enable && !config.yomaq.disks.amReinstalling) { + "zstorage/storage".useTemplate = [ "default" ]; + "zstorage/persistSave".useTemplate = [ "default" ]; + }; }; }; -} \ No newline at end of file +} diff --git a/modules/hosts/zfs/syncoid/nixos.nix b/modules/hosts/zfs/syncoid/nixos.nix index 51912c11..cf337c10 100644 --- a/modules/hosts/zfs/syncoid/nixos.nix +++ b/modules/hosts/zfs/syncoid/nixos.nix @@ -1,9 +1,18 @@ -{ options, config, lib, pkgs, inputs, ... }: +{ + options, + config, + lib, + pkgs, + inputs, + ... +}: let cfg = config.yomaq.syncoid; - thisHost = config.networking.hostName; + thisHost = config.networking.hostName; allNixosHosts = lib.attrNames inputs.self.nixosConfigurations; - nixosHosts = lib.lists.subtractLists (cfg.exclude ++ [thisHost]) (allNixosHosts ++ cfg.additionalClients); + nixosHosts = lib.lists.subtractLists (cfg.exclude ++ [ thisHost ]) ( + allNixosHosts ++ cfg.additionalClients + ); in { options.yomaq.syncoid = { @@ -23,21 +32,21 @@ in }; exclude = lib.mkOption { type = lib.types.listOf lib.types.str; - default = []; + default = [ ]; description = '' exclude hosts from backup ''; }; additionalClients = lib.mkOption { type = lib.types.listOf lib.types.str; - default = []; + default = [ ]; description = '' clients to backup not in the flake ''; }; datasets = lib.mkOption { type = lib.types.listOf lib.types.str; - default = ["zroot/persistSave"]; + default = [ "zroot/persistSave" ]; description = '' list of datasets syncoid has access to on client ''; @@ -49,12 +58,16 @@ in # I believe I need to create the login shell as I am not using the default method of enabling ssh for the user (using tailscale ssh auth instead) users.users.syncoid.shell = pkgs.bash; # give syncoid user access to send and hold snapshots - systemd.services = (lib.mkMerge (map (dataset: { - "syncoid-zfs-allow-${(lib.replaceStrings ["/"] ["-"] "${dataset}")}" = { - serviceConfig.ExecStart = "${lib.getExe pkgs.zfs} allow -u syncoid bookmark,snapshot,send,hold ${dataset}"; - wantedBy = [ "multi-user.target" ]; - }; - })cfg.datasets)); + systemd.services = ( + lib.mkMerge ( + map (dataset: { + "syncoid-zfs-allow-${(lib.replaceStrings [ "/" ] [ "-" ] "${dataset}")}" = { + serviceConfig.ExecStart = "${lib.getExe pkgs.zfs} allow -u syncoid bookmark,snapshot,send,hold ${dataset}"; + wantedBy = [ "multi-user.target" ]; + }; + }) cfg.datasets + ) + ); # # wipe zfs allow permissions # systemd.services.syncoid-zfs-unallow }) @@ -62,7 +75,7 @@ in services.syncoid = { enable = true; interval = "daily"; - commonArgs = ["--no-sync-snap"]; + commonArgs = [ "--no-sync-snap" ]; commands."${thisHost}Save" = { source = "zroot/persistSave"; target = "zstorage/backups/${thisHost}"; @@ -71,44 +84,59 @@ in }; services.sanoid = { datasets."zstorage/backups/${thisHost}" = { - autosnap = false; - autoprune = true; - hourly = 0; - daily = 14; - monthly = 6; - yearly = 1; + autosnap = false; + autoprune = true; + hourly = 0; + daily = 14; + monthly = 6; + yearly = 1; }; }; - }) - {services.syncoid = lib.mkIf config.yomaq.syncoid.isBackupServer (lib.mkMerge (map ( hostName: { - commands = { - "${hostName}Save" = { - source = "syncoid@${hostName}:zroot/persistSave"; - target = "zstorage/backups/${hostName}"; - recvOptions = "c"; - }; - }; - })nixosHosts)); - services.sanoid = lib.mkIf config.yomaq.syncoid.isBackupServer (lib.mkMerge (map ( hostName: { - datasets."zstorage/backups/${hostName}" = { - autosnap = false; - autoprune = true; - hourly = 0; - daily = 14; - monthly = 6; - yearly = 1; - }; - })nixosHosts)); + }) + { + services.syncoid = lib.mkIf config.yomaq.syncoid.isBackupServer ( + lib.mkMerge ( + map (hostName: { + commands = { + "${hostName}Save" = { + source = "syncoid@${hostName}:zroot/persistSave"; + target = "zstorage/backups/${hostName}"; + recvOptions = "c"; + }; + }; + }) nixosHosts + ) + ); + services.sanoid = lib.mkIf config.yomaq.syncoid.isBackupServer ( + lib.mkMerge ( + map (hostName: { + datasets."zstorage/backups/${hostName}" = { + autosnap = false; + autoprune = true; + hourly = 0; + daily = 14; + monthly = 6; + yearly = 1; + }; + }) nixosHosts + ) + ); # syncoid-fail service for all nixosHosts - systemd.services = lib.mkIf config.yomaq.syncoid.isBackupServer (lib.mkMerge (map (hostName: { - "syncoid-${hostName}Save" = { - onSuccess = ["syncoid-success-${hostName}.service"]; - }; - "syncoid-success-${hostName}" = { - script = ''${lib.getExe pkgs.curl} -fsS -m 10 --retry 5 ${config.yomaq.healthcheckUrl.syncoid."${hostName}"}''; - }; - })(nixosHosts ++ [config.networking.hostName]))); + systemd.services = lib.mkIf config.yomaq.syncoid.isBackupServer ( + lib.mkMerge ( + map (hostName: { + "syncoid-${hostName}Save" = { + onSuccess = [ "syncoid-success-${hostName}.service" ]; + }; + "syncoid-success-${hostName}" = { + script = ''${lib.getExe pkgs.curl} -fsS -m 10 --retry 5 ${ + config.yomaq.healthcheckUrl.syncoid."${hostName}" + }''; + }; + }) (nixosHosts ++ [ config.networking.hostName ]) + ) + ); } ]; diff --git a/modules/hosts/zsh/darwin.nix b/modules/hosts/zsh/darwin.nix index bc394ef7..16baeb54 100644 --- a/modules/hosts/zsh/darwin.nix +++ b/modules/hosts/zsh/darwin.nix @@ -1,10 +1,12 @@ -{ config, pkgs, lib, ... }: -with lib; +{ + config, + pkgs, + lib, + ... +}: let cfg = config.yomaq.zsh; in { - config = lib.mkIf cfg.enable { - programs.zsh.enable = true; - }; -} \ No newline at end of file + config = lib.mkIf cfg.enable { programs.zsh.enable = true; }; +} diff --git a/modules/hosts/zsh/default.nix b/modules/hosts/zsh/default.nix index a27c81b1..e0f380b4 100644 --- a/modules/hosts/zsh/default.nix +++ b/modules/hosts/zsh/default.nix @@ -1,16 +1,22 @@ -{ options, config, lib, pkgs, inputs, ... }: -with lib; +{ + options, + config, + lib, + pkgs, + inputs, + ... +}: let cfg = config.yomaq.zsh; in { options.yomaq.zsh = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' enable custom zsh module ''; }; }; -} \ No newline at end of file +} diff --git a/modules/hosts/zsh/nixos.nix b/modules/hosts/zsh/nixos.nix index 52056b36..27d4da53 100644 --- a/modules/hosts/zsh/nixos.nix +++ b/modules/hosts/zsh/nixos.nix @@ -1,11 +1,15 @@ -{ config, pkgs, lib, ... }: -with lib; +{ + config, + pkgs, + lib, + ... +}: let cfg = config.yomaq.zsh; in { - config = lib.mkIf cfg.enable { - programs.zsh.enable = true; - environment.shells = with pkgs; [ zsh]; - }; -} \ No newline at end of file + config = lib.mkIf cfg.enable { + programs.zsh.enable = true; + environment.shells = with pkgs; [ zsh ]; + }; +} diff --git a/modules/overlays/default.nix b/modules/overlays/default.nix index b1d4d89c..dbdb4830 100644 --- a/modules/overlays/default.nix +++ b/modules/overlays/default.nix @@ -1,5 +1,5 @@ # This file defines overlays -{inputs, ...}: +{ inputs, ... }: { ## When applied, the stable nixpkgs set (declared in the flake inputs) will @@ -18,4 +18,4 @@ config.allowUnfree = true; }; }; -} \ No newline at end of file +} diff --git a/modules/scripts/initrdunlock.nix b/modules/scripts/initrdunlock.nix index f7aeeb52..25cfd53d 100644 --- a/modules/scripts/initrdunlock.nix +++ b/modules/scripts/initrdunlock.nix @@ -1,68 +1,67 @@ { pkgs, inputs, ... }: let - hostnamesList = builtins.attrNames inputs.self.nixosConfigurations; - hostnamesString = builtins.concatStringsSep " " hostnamesList; + hostnamesList = builtins.attrNames inputs.self.nixosConfigurations; + hostnamesString = builtins.concatStringsSep " " hostnamesList; in - ### I don't use pkgs._1password because I don't use it on macos, and I want the script to work on both pkgs.writeShellScriptBin "initrd-unlock" '' -if [ "$1" = "--up" ]; then - hostnames="${hostnamesString}" - # Iterate over each hostname - for hostname in $hostnames; do - # Ping the host - ping -c 1 "$hostname" > /dev/null 2>&1 + if [ "$1" = "--up" ]; then + hostnames="${hostnamesString}" + # Iterate over each hostname + for hostname in $hostnames; do + # Ping the host + ping -c 1 "$hostname" > /dev/null 2>&1 - # Check if the ping was successful - if [ $? -eq 0 ]; then - echo "$hostname is up" - else - echo "Could not reach $hostname" - fi - done -else + # Check if the ping was successful + if [ $? -eq 0 ]; then + echo "$hostname is up" + else + echo "Could not reach $hostname" + fi + done + else - # Check if any arguments were provided - if [ $# -eq 0 ]; then - # If no arguments were provided, use all nixos hosts - hostnames="${hostnamesString}" - else - # If arguments were provided, use them as the hostnames - hostnames="$@" - fi + # Check if any arguments were provided + if [ $# -eq 0 ]; then + # If no arguments were provided, use all nixos hosts + hostnames="${hostnamesString}" + else + # If arguments were provided, use them as the hostnames + hostnames="$@" + fi - # Iterate over each hostname - for hostname in $hostnames; do - # Ping the host - ping -c 1 "$hostname-initrd" > /dev/null 2>&1 + # Iterate over each hostname + for hostname in $hostnames; do + # Ping the host + ping -c 1 "$hostname-initrd" > /dev/null 2>&1 - # Check if the ping was successful - if [ $? -eq 0 ]; then + # Check if the ping was successful + if [ $? -eq 0 ]; then - #sign into 1password and get the secret - eval $(op signin) - password=$(op read op://nix/$hostname/encryption) + #sign into 1password and get the secret + eval $(op signin) + password=$(op read op://nix/$hostname/encryption) - echo -n "$password" | ssh -T root@$hostname-initrd > /dev/null - echo "unlock sent" + echo -n "$password" | ssh -T root@$hostname-initrd > /dev/null + echo "unlock sent" - sleep 8 + sleep 8 - ping -c 1 "$hostname-initrd" > /dev/null 2>&1 + ping -c 1 "$hostname-initrd" > /dev/null 2>&1 - # Check if the initrd sshd server has closed - if [ $? -eq 0 ]; then - echo "Initrd sshd server still open, unlock may have failed." - else - echo "Successfully unlocked" - fi - else - echo "Could not reach $hostname-initrd" - fi - done -fi + # Check if the initrd sshd server has closed + if [ $? -eq 0 ]; then + echo "Initrd sshd server still open, unlock may have failed." + else + echo "Successfully unlocked" + fi + else + echo "Could not reach $hostname-initrd" + fi + done + fi '' diff --git a/packages/default.nix b/packages/default.nix deleted file mode 100644 index e8998eec..00000000 --- a/packages/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ pkgs ? import { } }: rec { - - # made to try to use the tailscale tls cert with traefik, appears to properly install traefik, but it still wont work with tailscale. Leaving now for reference for other packages. - traefik-test = pkgs.callPackage ./traefik { }; - -} \ No newline at end of file diff --git a/packages/traefik/default.nix b/packages/traefik/default.nix deleted file mode 100644 index ab6bc878..00000000 --- a/packages/traefik/default.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ lib, fetchzip, buildGoModule, }: - -buildGoModule rec { - pname = "traefik"; - version = "3.0.0-beta5"; - - # Archive with static assets for webui - src = fetchzip { - url = "https://github.com/traefik/traefik/releases/download/v${version}/traefik-v${version}.src.tar.gz"; - hash = "sha256-9pv4x11GVkdNjs1IFESeB7k3qJisXcoK+QLp8LpbhDw="; - stripRoot = false; - }; - - vendorHash = "sha256-3SyD1mC+tc8cf5MGcw891W5VbX+b7d0cIJQfwNq2NU8="; - - subPackages = [ "cmd/traefik" ]; - - preBuild = '' - go generate - - CODENAME=$(awk -F "=" '/CODENAME=/ { print $2}' script/binary) - - buildFlagsArray+=("-ldflags= -s -w \ - -X github.com/traefik/traefik/v${lib.versions.major version}/pkg/version.Version=${version} \ - -X github.com/traefik/traefik/v${lib.versions.major version}/pkg/version.Codename=$CODENAME") - ''; - - doCheck = false; - - # passthru.tests = { inherit (nixosTests) traefik; }; - - meta = with lib; { - homepage = "https://traefik.io"; - description = "A modern reverse proxy"; - changelog = "https://github.com/traefik/traefik/raw/v${version}/CHANGELOG.md"; - license = licenses.mit; - maintainers = with maintainers; [ vdemeester ]; - mainProgram = "traefik"; - }; -} \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 31666aee..b3207547 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -8,34 +8,85 @@ let smalt = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPsEPoDzF3MRUY0adefhlXkHoErrLncXrV1GTXbM8Znt"; # keys to work for all secrets - all = [ agenix carln blue ]; + all = [ + agenix + carln + blue + ]; in { "carln.age".publicKeys = [ green ] ++ all; "ryn.age".publicKeys = [ blue ] ++ all; "encrypt.age".publicKeys = all; - "tailscaleKey.age".publicKeys = [ green azure teal smalt ] ++ all; - "tailscaleOAuthKeyAcceptSsh.age".publicKeys = [ green azure teal smalt ] ++ all; - "tailscaleEnvFile.age".publicKeys = [ green azure teal smalt ] ++ all; - "tailscaleOAuthEnvFile.age".publicKeys = [ green azure teal smalt ] ++ all; + "tailscaleKey.age".publicKeys = [ + green + azure + teal + smalt + ] ++ all; + "tailscaleOAuthKeyAcceptSsh.age".publicKeys = [ + green + azure + teal + smalt + ] ++ all; + "tailscaleEnvFile.age".publicKeys = [ + green + azure + teal + smalt + ] ++ all; + "tailscaleOAuthEnvFile.age".publicKeys = [ + green + azure + teal + smalt + ] ++ all; "piholeEnvFile.age".publicKeys = [ green ] ++ all; - "nextcloudEnvFile.age".publicKeys = [ azure green ] ++ all; - "nextcloudDBEnvFile.age".publicKeys = [ azure green ] ++ all; - "palworldEnvFile.age".publicKeys = [ teal smalt ] ++ all; - "teslamateEnvFile.age".publicKeys = [ teal azure ] ++ all; - "teslamateDBEnvFile.age".publicKeys = [ teal azure ] ++ all; - "teslamateGrafanaEnvFile.age".publicKeys = [ teal azure ] ++ all; - "semaphoreEnvFile.age".publicKeys = [ teal azure ] ++ all; - "semaphoreDBEnvFile.age".publicKeys = [ teal azure ] ++ all; + "nextcloudEnvFile.age".publicKeys = [ + azure + green + ] ++ all; + "nextcloudDBEnvFile.age".publicKeys = [ + azure + green + ] ++ all; + "palworldEnvFile.age".publicKeys = [ + teal + smalt + ] ++ all; + "teslamateEnvFile.age".publicKeys = [ + teal + azure + ] ++ all; + "teslamateDBEnvFile.age".publicKeys = [ + teal + azure + ] ++ all; + "teslamateGrafanaEnvFile.age".publicKeys = [ + teal + azure + ] ++ all; + "semaphoreEnvFile.age".publicKeys = [ + teal + azure + ] ++ all; + "semaphoreDBEnvFile.age".publicKeys = [ + teal + azure + ] ++ all; "homepage.age".publicKeys = [ azure ] ++ all; - "linkwardenEnvFile.age".publicKeys = [ teal azure ] ++ all; - "linkwardenDBEnvFile.age".publicKeys = [ teal azure ] ++ all; + "linkwardenEnvFile.age".publicKeys = [ + teal + azure + ] ++ all; + "linkwardenDBEnvFile.age".publicKeys = [ + teal + azure + ] ++ all; "healthchecks.age".publicKeys = [ azure ] ++ all; - - - #example for calling groups #"secret2.age".publicKeys = users ++ systems; -} +} diff --git a/users/admin/default.nix b/users/admin/default.nix index 4abf9137..28694f41 100644 --- a/users/admin/default.nix +++ b/users/admin/default.nix @@ -1,11 +1,16 @@ -{ config, lib, pkgs, modulesPath, inputs, ... }: +{ + config, + lib, + pkgs, + modulesPath, + inputs, + ... +}: let inherit (config.yomaq.impermanence) dontBackup; in { - imports = [ - inputs.home-manager.nixosModules.home-manager - ]; + imports = [ inputs.home-manager.nixosModules.home-manager ]; yomaq.ssh.enable = true; # Force all user accounts to require nix configuration, any manual changes to users will be lost @@ -18,16 +23,24 @@ in hashedPassword = null; # Set authorized keys to authenticate to ssh as admin user openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHYSJ9ywFRJ747tkhvYWFkx/Y9SkLqv3rb7T1UuXVBWo" - ]; + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHYSJ9ywFRJ747tkhvYWFkx/Y9SkLqv3rb7T1UuXVBWo" + ]; shell = pkgs.zsh; - extraGroups = [ "networkmanager" "wheel" ]; + extraGroups = [ + "networkmanager" + "wheel" + ]; }; # Enable admin account to use ssh without password (since the admin account doesn't HAVE a password) security.sudo.extraRules = [ { users = [ "admin" ]; - commands = [ { command = "ALL"; options = [ "NOPASSWD" ]; } ]; + commands = [ + { + command = "ALL"; + options = [ "NOPASSWD" ]; + } + ]; } ]; environment.persistence."${dontBackup}" = { @@ -40,10 +53,12 @@ in }; home-manager = { - extraSpecialArgs = { inherit inputs; }; + extraSpecialArgs = { + inherit inputs; + }; users = { # Import your home-manager configuration admin = import ./homeManager; }; }; -} \ No newline at end of file +} diff --git a/users/admin/homeManager/default.nix b/users/admin/homeManager/default.nix index f9cc87e9..028b17a9 100644 --- a/users/admin/homeManager/default.nix +++ b/users/admin/homeManager/default.nix @@ -1,8 +1,13 @@ -{ inputs, lib, config, pkgs, ... }: { - imports = [ - inputs.self.homeManagerModules.yomaq - ]; -# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion +{ + inputs, + lib, + config, + pkgs, + ... +}: +{ + imports = [ inputs.self.homeManagerModules.yomaq ]; + # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion home.stateVersion = "23.05"; home.packages = with pkgs; [ vim diff --git a/users/carln/default.nix b/users/carln/default.nix index 50bf9bd5..3853eb8e 100644 --- a/users/carln/default.nix +++ b/users/carln/default.nix @@ -1,12 +1,16 @@ -{ config, lib, pkgs, modulesPath, inputs, ... }: +{ + config, + lib, + pkgs, + modulesPath, + inputs, + ... +}: let inherit (config.yomaq.impermanence) dontBackup; in { - imports = - [ - inputs.home-manager.nixosModules.home-manager - ]; + imports = [ inputs.home-manager.nixosModules.home-manager ]; age.secrets.carln.file = (inputs.self + /secrets/carln.age); users.mutableUsers = false; @@ -16,11 +20,14 @@ in isNormalUser = true; description = "carln"; hashedPasswordFile = config.age.secrets.carln.path; - extraGroups = [ "networkmanager" "wheel" ]; + extraGroups = [ + "networkmanager" + "wheel" + ]; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDF1TFwXbqdC1UyG75q3HO1n7/L3yxpeRLIq2kQ9DalI" - ]; - packages = with pkgs; []; + ]; + packages = with pkgs; [ ]; }; environment.persistence."${dontBackup}" = { @@ -32,16 +39,17 @@ in ".config" ".local" ]; - files = [ - ]; + files = [ ]; }; }; home-manager = { - extraSpecialArgs = { inherit inputs; }; + extraSpecialArgs = { + inherit inputs; + }; users = { # Import your home-manager configuration carln = import ./homeManager; }; }; -} \ No newline at end of file +} diff --git a/users/carln/homeManager/default.nix b/users/carln/homeManager/default.nix index 3aa934e6..5187c03e 100644 --- a/users/carln/homeManager/default.nix +++ b/users/carln/homeManager/default.nix @@ -1,37 +1,46 @@ -{ inputs, lib, config, pkgs, ... }: { +{ + inputs, + lib, + config, + pkgs, + ... +}: +{ imports = [ inputs.self.homeManagerModules.yomaq # inputs.nix-index-database.hmModules.nix-index ./dotfiles - ]; -# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion + ]; + # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion home.stateVersion = "23.05"; - home.packages = [ -### nixos + darwin packages - pkgs.tailscale - pkgs.discord - pkgs.alacritty - pkgs.vim - pkgs.kubectl - pkgs.nerdfonts - pkgs.chezmoi - pkgs.tmuxinator - pkgs.kubernetes-helm - # pkgs.agenix - pkgs.git - pkgs.gh - pkgs.gitkraken - ] ++ (lib.optionals (pkgs.system != "aarch64-darwin") [ -### nixos specific packages - pkgs.trayscale - pkgs.nextcloud-client - #pkgs.spotify - pkgs.steam - pkgs.brave - #screenshare x11 apps on wayland - pkgs.xwaylandvideobridge - # pkgs.obsidian - ]); + home.packages = + [ + ### nixos + darwin packages + pkgs.tailscale + pkgs.discord + pkgs.alacritty + pkgs.vim + pkgs.kubectl + pkgs.nerdfonts + pkgs.chezmoi + pkgs.tmuxinator + pkgs.kubernetes-helm + # pkgs.agenix + pkgs.git + pkgs.gh + pkgs.gitkraken + ] + ++ (lib.optionals (pkgs.system != "aarch64-darwin") [ + ### nixos specific packages + pkgs.trayscale + pkgs.nextcloud-client + #pkgs.spotify + pkgs.steam + pkgs.brave + #screenshare x11 apps on wayland + pkgs.xwaylandvideobridge + # pkgs.obsidian + ]); programs = { git = { enable = true; diff --git a/users/carln/homeManager/dotfiles/1password.nix b/users/carln/homeManager/dotfiles/1password.nix index a6b5d570..348b97a6 100644 --- a/users/carln/homeManager/dotfiles/1password.nix +++ b/users/carln/homeManager/dotfiles/1password.nix @@ -1,7 +1,12 @@ -{ inputs, lib, config, pkgs, ... }: { - - imports = [ - ]; +{ + inputs, + lib, + config, + pkgs, + ... +}: +{ + imports = [ ]; home.file.onePassword = { enable = true; target = ".config/1Password/ssh/agent.toml"; @@ -10,4 +15,4 @@ vault = "ssh" ''; }; -} \ No newline at end of file +} diff --git a/users/carln/homeManager/dotfiles/default.nix b/users/carln/homeManager/dotfiles/default.nix index b0b4c7a7..32e0cdd3 100644 --- a/users/carln/homeManager/dotfiles/default.nix +++ b/users/carln/homeManager/dotfiles/default.nix @@ -1,7 +1,10 @@ -{ inputs, lib, config, pkgs, ... }: { - - imports = [ - ./1password.nix - ]; - -} \ No newline at end of file +{ + inputs, + lib, + config, + pkgs, + ... +}: +{ + imports = [ ./1password.nix ]; +} diff --git a/users/ryn/default.nix b/users/ryn/default.nix index 4278551f..7d989a69 100644 --- a/users/ryn/default.nix +++ b/users/ryn/default.nix @@ -1,12 +1,16 @@ -{ config, lib, pkgs, modulesPath, inputs, ... }: +{ + config, + lib, + pkgs, + modulesPath, + inputs, + ... +}: let inherit (config.yomaq.impermanence) dontBackup; in { - imports = - [ - inputs.home-manager.nixosModules.home-manager - ]; + imports = [ inputs.home-manager.nixosModules.home-manager ]; age.secrets.ryn.file = (inputs.self + /secrets/ryn.age); users.mutableUsers = false; @@ -16,9 +20,9 @@ in isNormalUser = true; description = "ryn"; hashedPasswordFile = config.age.secrets.ryn.path; - extraGroups = []; - openssh.authorizedKeys.keys = []; - packages = with pkgs; []; + extraGroups = [ ]; + openssh.authorizedKeys.keys = [ ]; + packages = with pkgs; [ ]; }; environment.persistence."${dontBackup}" = { @@ -30,16 +34,17 @@ in ".config" ".local" ]; - files = [ - ]; + files = [ ]; }; }; home-manager = { - extraSpecialArgs = { inherit inputs; }; + extraSpecialArgs = { + inherit inputs; + }; users = { # Import your home-manager configuration ryn = import ./homeManager; }; }; -} \ No newline at end of file +} diff --git a/users/ryn/homeManager/default.nix b/users/ryn/homeManager/default.nix index d18bbe11..bf80bdc8 100644 --- a/users/ryn/homeManager/default.nix +++ b/users/ryn/homeManager/default.nix @@ -1,21 +1,30 @@ -{ inputs, lib, config, pkgs, ... }: { +{ + inputs, + lib, + config, + pkgs, + ... +}: +{ imports = [ inputs.self.homeManagerModules.yomaq ./dotfiles - ]; + ]; home.stateVersion = "23.05"; - home.packages = [ -### nixos + darwin packages - pkgs.tailscale - pkgs.discord - ] ++ (lib.optionals (pkgs.system != "aarch64-darwin") [ -### nixos specific packages - pkgs.trayscale - pkgs.nextcloud-client - pkgs.steam - pkgs.brave - ]); - programs = {}; + home.packages = + [ + ### nixos + darwin packages + pkgs.tailscale + pkgs.discord + ] + ++ (lib.optionals (pkgs.system != "aarch64-darwin") [ + ### nixos specific packages + pkgs.trayscale + pkgs.nextcloud-client + pkgs.steam + pkgs.brave + ]); + programs = { }; yomaq = { suites.basic.enable = true; gnomeOptions.enable = true; diff --git a/users/ryn/homeManager/dotfiles/1password.nix b/users/ryn/homeManager/dotfiles/1password.nix index a6b5d570..348b97a6 100644 --- a/users/ryn/homeManager/dotfiles/1password.nix +++ b/users/ryn/homeManager/dotfiles/1password.nix @@ -1,7 +1,12 @@ -{ inputs, lib, config, pkgs, ... }: { - - imports = [ - ]; +{ + inputs, + lib, + config, + pkgs, + ... +}: +{ + imports = [ ]; home.file.onePassword = { enable = true; target = ".config/1Password/ssh/agent.toml"; @@ -10,4 +15,4 @@ vault = "ssh" ''; }; -} \ No newline at end of file +} diff --git a/users/ryn/homeManager/dotfiles/default.nix b/users/ryn/homeManager/dotfiles/default.nix index b0b4c7a7..32e0cdd3 100644 --- a/users/ryn/homeManager/dotfiles/default.nix +++ b/users/ryn/homeManager/dotfiles/default.nix @@ -1,7 +1,10 @@ -{ inputs, lib, config, pkgs, ... }: { - - imports = [ - ./1password.nix - ]; - -} \ No newline at end of file +{ + inputs, + lib, + config, + pkgs, + ... +}: +{ + imports = [ ./1password.nix ]; +}