diff options
-rw-r--r-- | flake.nix | 13 | ||||
-rw-r--r-- | hosts/disko.nix | 17 | ||||
-rw-r--r-- | hosts/pc/cfg.nix | 62 | ||||
-rw-r--r-- | hosts/vm/cfg.nix | 14 | ||||
-rw-r--r-- | hosts/vps/cfg.nix | 15 | ||||
-rw-r--r-- | hosts/vps/git.nix | 62 | ||||
-rw-r--r-- | hosts/vps/matrix.nix | 37 | ||||
-rw-r--r-- | hosts/vps/website.nix | 8 | ||||
-rw-r--r-- | mixins/cli.nix | 4 | ||||
-rw-r--r-- | mixins/greet.nix | 2 | ||||
-rw-r--r-- | mixins/hyprland.nix | 2 | ||||
-rw-r--r-- | mixins/mpd.nix | 10 | ||||
-rw-r--r-- | mixins/multimedia.nix | 10 | ||||
-rw-r--r-- | mixins/pipewire.nix | 8 | ||||
-rw-r--r-- | mixins/sway.nix | 2 | ||||
-rw-r--r-- | mixins/tailscale.nix | 12 | ||||
-rw-r--r-- | profiles/core.nix | 14 | ||||
-rw-r--r-- | profiles/gentoo.nix | 44 | ||||
-rw-r--r-- | profiles/graphical.nix | 10 | ||||
-rw-r--r-- | profiles/network.nix | 23 | ||||
-rw-r--r-- | profiles/security.nix | 12 | ||||
-rw-r--r-- | profiles/ssh.nix | 10 | ||||
-rw-r--r-- | profiles/user.nix | 4 | ||||
-rw-r--r-- | secrets/secrets.nix | 7 |
24 files changed, 239 insertions, 163 deletions
diff --git a/flake.nix b/flake.nix index 099efd4..ec2a03e 100644 --- a/flake.nix +++ b/flake.nix @@ -1,6 +1,6 @@ { description = "tzlil's system(s)"; - + inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; impermanence.url = "github:nix-community/impermanence"; @@ -18,7 +18,7 @@ hyprland.url = "github:hyprwm/Hyprland"; }; - outputs = inputs@{ self, ... }: let + outputs = inputs @ {self, ...}: let mkSystem_ = pkgs: system: h: modules: pkgs.lib.nixosSystem { system = system; @@ -26,8 +26,9 @@ specialArgs = {inherit inputs;}; }; mkSystem = pkgs: system: h: (mkSystem_ pkgs system h [ - inputs.agenix.nixosModules.age inputs.impermanence.nixosModules.impermanence - ]); + inputs.agenix.nixosModules.age + inputs.impermanence.nixosModules.impermanence + ]); in { apps = inputs.nixinate.nixinate.x86_64-linux self; nixosConfigurations = { @@ -35,5 +36,9 @@ vm = mkSystem inputs.nixpkgs "x86_64-linux" "vm"; vps = mkSystem inputs.nixpkgs "x86_64-linux" "vps"; }; + + formatter = { + x86_64-linux = inputs.nixpkgs.legacyPackages.x86_64-linux.alejandra; + }; }; } diff --git a/hosts/disko.nix b/hosts/disko.nix index 4808edd..26d1849 100644 --- a/hosts/disko.nix +++ b/hosts/disko.nix @@ -1,5 +1,9 @@ # Example to create a bios compatible gpt partition -{ lib, disks, ... }: { +{ + lib, + disks, + ... +}: { disk = lib.genAttrs disks (dev: { device = dev; type = "disk"; @@ -29,7 +33,7 @@ extraArgs = "-f"; # Override existing partition subvolumes = { "/" = { - mountOptions = ["noatime" "compress=zstd"]; + mountOptions = ["noatime" "compress=zstd"]; }; }; }; @@ -37,13 +41,16 @@ ]; }; }); - + nodev = { "/" = { fsType = "tmpfs"; mountOptions = [ - "noexec" "defaults" "size=2G" "mode=755" + "noexec" + "defaults" + "size=2G" + "mode=755" ]; }; }; -} \ No newline at end of file +} diff --git a/hosts/pc/cfg.nix b/hosts/pc/cfg.nix index 10267b5..aaf624c 100644 --- a/hosts/pc/cfg.nix +++ b/hosts/pc/cfg.nix @@ -1,4 +1,9 @@ -{config, lib, pkgs, ...}: { +{ + config, + lib, + pkgs, + ... +}: { imports = [ ../../profiles/core.nix ../../profiles/user.nix @@ -21,13 +26,12 @@ }; networking.hostName = "pc"; - boot = { initrd = { supportedFilesystems = ["btrfs"]; - availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" ]; + availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid"]; }; - kernelModules = [ "kvm-amd" ]; + kernelModules = ["kvm-amd"]; kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; kernelParams = [ "console=ttyS0" @@ -52,33 +56,33 @@ time.timeZone = lib.mkDefault "Israel"; fileSystems = { - "/" = - { device = "/dev/disk/by-uuid/3fe7d38b-bb95-41ca-afce-1b0b89cbcd8b"; - fsType = "btrfs"; - options = [ "subvol=root" ]; - }; + "/" = { + device = "/dev/disk/by-uuid/3fe7d38b-bb95-41ca-afce-1b0b89cbcd8b"; + fsType = "btrfs"; + options = ["subvol=root"]; + }; - "/nix" = - { device = "/dev/disk/by-uuid/3fe7d38b-bb95-41ca-afce-1b0b89cbcd8b"; - fsType = "btrfs"; - options = [ "subvol=nix" ]; - }; + "/nix" = { + device = "/dev/disk/by-uuid/3fe7d38b-bb95-41ca-afce-1b0b89cbcd8b"; + fsType = "btrfs"; + options = ["subvol=nix"]; + }; - "/home" = - { device = "/dev/disk/by-uuid/3fe7d38b-bb95-41ca-afce-1b0b89cbcd8b"; - fsType = "btrfs"; - options = [ "subvol=home" ]; - }; + "/home" = { + device = "/dev/disk/by-uuid/3fe7d38b-bb95-41ca-afce-1b0b89cbcd8b"; + fsType = "btrfs"; + options = ["subvol=home"]; + }; - "/swap" = - { device = "/dev/disk/by-uuid/3fe7d38b-bb95-41ca-afce-1b0b89cbcd8b"; - fsType = "btrfs"; - options = [ "subvol=swap" ]; - }; - "/boot" = - { device = "/dev/disk/by-uuid/D999-2D99"; - fsType = "vfat"; - }; + "/swap" = { + device = "/dev/disk/by-uuid/3fe7d38b-bb95-41ca-afce-1b0b89cbcd8b"; + fsType = "btrfs"; + options = ["subvol=swap"]; + }; + "/boot" = { + device = "/dev/disk/by-uuid/D999-2D99"; + fsType = "vfat"; + }; }; zramSwap = { @@ -90,4 +94,4 @@ hardware.video.hidpi.enable = lib.mkDefault true; # greeter.initialSession = "sh -c hyprland"; }; -} \ No newline at end of file +} diff --git a/hosts/vm/cfg.nix b/hosts/vm/cfg.nix index f9907e4..9fb84ee 100644 --- a/hosts/vm/cfg.nix +++ b/hosts/vm/cfg.nix @@ -1,4 +1,10 @@ -{config, lib, pkgs, modulesPath, ...}: { +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { imports = [ ../../profiles/core.nix ../../profiles/user.nix @@ -24,12 +30,12 @@ # dont do this users.users.root.initialPassword = "hunter2"; - + boot.supportedFilesystems = ["9p"]; boot = { initrd = { supportedFilesystems = ["btrfs"]; - availableKernelModules = [ "ata_piix" "uhci_hcd" "floppy" "sd_mod" "sr_mod" ]; + availableKernelModules = ["ata_piix" "uhci_hcd" "floppy" "sd_mod" "sr_mod"]; }; kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; kernelParams = [ @@ -76,4 +82,4 @@ greeter.initialSession = "env WLR_RENDERER=pixman sh -c ${pkgs.sway}/bin/sway"; }; -} \ No newline at end of file +} diff --git a/hosts/vps/cfg.nix b/hosts/vps/cfg.nix index a8159ea..3c7787b 100644 --- a/hosts/vps/cfg.nix +++ b/hosts/vps/cfg.nix @@ -1,4 +1,9 @@ -{config, lib, pkgs, ...}: { +{ + config, + lib, + pkgs, + ... +}: { imports = [ ../../profiles/core.nix ../../profiles/user.nix @@ -19,7 +24,7 @@ }; networking.hostName = "vps"; - + boot = { kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; kernelParams = [ @@ -32,7 +37,7 @@ cleanTmpDir = true; loader.grub.device = "/dev/vda"; initrd = { - availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ]; + availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk"]; kernelModules = []; }; kernelModules = []; @@ -63,11 +68,11 @@ }; }; - swapDevices = [ { device = "/dev/disk/by-uuid/00eb2d2e-4d7c-4e95-804d-e9ecb22679d4"; } ]; + swapDevices = [{device = "/dev/disk/by-uuid/00eb2d2e-4d7c-4e95-804d-e9ecb22679d4";}]; zramSwap = { enable = true; algorithm = "zstd"; }; }; -} \ No newline at end of file +} diff --git a/hosts/vps/git.nix b/hosts/vps/git.nix index fcf8cfb..9d50865 100644 --- a/hosts/vps/git.nix +++ b/hosts/vps/git.nix @@ -1,6 +1,8 @@ -{ pkgs, config, ... }: - { + pkgs, + config, + ... +}: { config = { users.groups.git = {}; users.users.git = { @@ -19,46 +21,52 @@ caddy = { virtualHosts."http://100.67.217.90".extraConfig = '' bind 100.67.217.90 - handle /cgit.png { + handle /cgit.png { root * ${pkgs.cgit}/cgit file_server } - handle /cgit.css { + handle /cgit.css { root * ${pkgs.cgit}/cgit file_server } - handle /favicon.ico { + handle /favicon.ico { root * ${pkgs.cgit}/cgit file_server } handle { - reverse_proxy unix//run/fcgiwrap.sock { + reverse_proxy unix//run/fcgiwrap.sock { transport fastcgi { env SCRIPT_FILENAME ${pkgs.cgit}/cgit/cgit.cgi - env CGIT_CONFIG ${pkgs.writeText "cgitrc" (pkgs.lib.generators.toKeyValue { } { - css = "/cgit.css"; - logo = "/cgit.png"; - favicon = "/favicon.ico"; - clone-url = (pkgs.lib.concatStringsSep " " [ - "http://$HTTP_HOST$SCRIPT_NAME/$CGIT_REPO_URL" - "ssh://git@git.example.com:$CGIT_REPO_URL" - ]); - enable-log-filecount = 1; - enable-log-linecount = 1; - enable-git-config = 1; - root-title = "git.example.com"; - root-desc = "Tzlil's Git Repositories"; - scan-path = "/home/git"; - about-filter = "${pkgs.cgit}/lib/cgit/filters/about-formatting.sh"; - source-filter = "${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py"; - logo-link = "/"; - })} - } + env CGIT_CONFIG ${pkgs.writeText "cgitrc" (pkgs.lib.generators.toKeyValue {} { + css = "/cgit.css"; + logo = "/cgit.png"; + favicon = "/favicon.ico"; + clone-url = pkgs.lib.concatStringsSep " " [ + "http://$HTTP_HOST$SCRIPT_NAME/$CGIT_REPO_URL" + "ssh://git@git.example.com:$CGIT_REPO_URL" + ]; + enable-log-filecount = 1; + enable-log-linecount = 1; + enable-git-config = 1; + root-title = "git.example.com"; + root-desc = "Tzlil's Git Repositories"; + scan-path = "/home/git"; + about-filter = "${pkgs.cgit}/lib/cgit/filters/about-formatting.sh"; + source-filter = "${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py"; + logo-link = "/"; + })} + } } } ''; }; }; - environment.persistence."/nix/persist".directories = [ { directory = "/home/git"; user = "git"; group = "git"; } ]; + environment.persistence."/nix/persist".directories = [ + { + directory = "/home/git"; + user = "git"; + group = "git"; + } + ]; }; -} \ No newline at end of file +} diff --git a/hosts/vps/matrix.nix b/hosts/vps/matrix.nix index cb13326..2d606b0 100644 --- a/hosts/vps/matrix.nix +++ b/hosts/vps/matrix.nix @@ -1,23 +1,28 @@ -{ pkgs, config, ... }: - { + pkgs, + config, + ... +}: { config = { services.matrix-synapse = { - enable = true; - settings.server_name = config.networking.domain; - settings.listeners = [ - { port = 8008; - bind_addresses = [ "::1" ]; - type = "http"; - tls = false; - x_forwarded = true; - resources = [ { - names = [ "client" "federation" ]; + enable = true; + settings.server_name = config.networking.domain; + settings.listeners = [ + { + port = 8008; + bind_addresses = ["::1"]; + type = "http"; + tls = false; + x_forwarded = true; + resources = [ + { + names = ["client" "federation"]; compress = true; - } ]; - } - ]; + } + ]; + } + ]; }; networking.firewall.allowedTCPPorts = [80 443]; }; -} \ No newline at end of file +} diff --git a/hosts/vps/website.nix b/hosts/vps/website.nix index 9dc9fc7..fd7f71c 100644 --- a/hosts/vps/website.nix +++ b/hosts/vps/website.nix @@ -1,6 +1,8 @@ -{ pkgs, config, ... }: - { + pkgs, + config, + ... +}: { config = { services.caddy = { enable = true; @@ -14,4 +16,4 @@ }; networking.firewall.allowedTCPPorts = [80 443]; }; -} \ No newline at end of file +} diff --git a/mixins/cli.nix b/mixins/cli.nix index 0d82ed1..3dce0bf 100644 --- a/mixins/cli.nix +++ b/mixins/cli.nix @@ -9,7 +9,7 @@ inputs.home-manager.nixosModules."home-manager" ]; config = { - home-manager.users.tzlil = {pkgs, ...}@hm: { + home-manager.users.tzlil = {pkgs, ...} @ hm: { home = { packages = with pkgs; [ rsync @@ -45,4 +45,4 @@ }; }; }; -} \ No newline at end of file +} diff --git a/mixins/greet.nix b/mixins/greet.nix index 0006eaf..fc1d151 100644 --- a/mixins/greet.nix +++ b/mixins/greet.nix @@ -38,4 +38,4 @@ in { }; }; }; -} \ No newline at end of file +} diff --git a/mixins/hyprland.nix b/mixins/hyprland.nix index 1a063d9..3442438 100644 --- a/mixins/hyprland.nix +++ b/mixins/hyprland.nix @@ -17,4 +17,4 @@ }; }; }; -} \ No newline at end of file +} diff --git a/mixins/mpd.nix b/mixins/mpd.nix index 3730802..f86162b 100644 --- a/mixins/mpd.nix +++ b/mixins/mpd.nix @@ -1,11 +1,13 @@ -{ pkgs, config, ... }: - { - home-manager.users.tzlil = {pkgs, ...}@hm: { + pkgs, + config, + ... +}: { + home-manager.users.tzlil = {pkgs, ...} @ hm: { services = { mpd.enable = true; mpdris2.enable = true; }; programs.ncmpcpp.enable = true; }; -} \ No newline at end of file +} diff --git a/mixins/multimedia.nix b/mixins/multimedia.nix index a814213..d36be17 100644 --- a/mixins/multimedia.nix +++ b/mixins/multimedia.nix @@ -1,6 +1,10 @@ -{ pkgs, lib, config, inputs, ... }: - { + pkgs, + lib, + config, + inputs, + ... +}: { config = { home-manager.users.tzlil = {...}: { fonts.fontconfig.enable = true; @@ -14,4 +18,4 @@ ]; }; }; -} \ No newline at end of file +} diff --git a/mixins/pipewire.nix b/mixins/pipewire.nix index 7f17aa1..4208f08 100644 --- a/mixins/pipewire.nix +++ b/mixins/pipewire.nix @@ -1,6 +1,8 @@ -{ pkgs, config, ... }: - { + pkgs, + config, + ... +}: { config = { sound.enable = false; security.rtkit.enable = true; @@ -12,4 +14,4 @@ jack.enable = true; }; }; -} \ No newline at end of file +} diff --git a/mixins/sway.nix b/mixins/sway.nix index 7b99b2c..e7c71db 100644 --- a/mixins/sway.nix +++ b/mixins/sway.nix @@ -287,4 +287,4 @@ in { }; }; }; -} \ No newline at end of file +} diff --git a/mixins/tailscale.nix b/mixins/tailscale.nix index ccefc48..0822d97 100644 --- a/mixins/tailscale.nix +++ b/mixins/tailscale.nix @@ -1,13 +1,15 @@ -{ pkgs, config, ... }: - { + pkgs, + config, + ... +}: { config = { services.tailscale.enable = true; networking.firewall = { - trustedInterfaces = [ "tailscale0" ]; + trustedInterfaces = ["tailscale0"]; allowedUDPPorts = [41641]; }; - environment.persistence."/nix/persist".directories = [ "/var/lib/tailscale" ]; + environment.persistence."/nix/persist".directories = ["/var/lib/tailscale"]; }; -} \ No newline at end of file +} diff --git a/profiles/core.nix b/profiles/core.nix index 5f48baa..1cd8ab5 100644 --- a/profiles/core.nix +++ b/profiles/core.nix @@ -1,6 +1,10 @@ -{ pkgs, lib, config, inputs, ... }: - { + pkgs, + lib, + config, + inputs, + ... +}: { imports = [ ../profiles/security.nix ../profiles/network.nix @@ -23,10 +27,10 @@ users.mutableUsers = false; environment.defaultPackages = lib.mkForce []; - age.identityPaths = [ "/nix/persist/etc/ssh/ssh_host_ed25519_key" ]; + age.identityPaths = ["/nix/persist/etc/ssh/ssh_host_ed25519_key"]; programs.command-not-found.dbPath = inputs.programsdb.packages.${pkgs.system}.programs-sqlite; # save uid/guid - environment.persistence."/nix/persist".directories = [ "/var/lib/nixos" ]; + environment.persistence."/nix/persist".directories = ["/var/lib/nixos"]; }; -} \ No newline at end of file +} diff --git a/profiles/gentoo.nix b/profiles/gentoo.nix index 9755fd8..337a306 100644 --- a/profiles/gentoo.nix +++ b/profiles/gentoo.nix @@ -1,6 +1,10 @@ -{ pkgs, lib, config, inputs, ... }: - { + pkgs, + lib, + config, + inputs, + ... +}: { imports = []; config = { nix.binaryCaches = [ @@ -11,21 +15,23 @@ nix.binaryCachePublicKeys = [ "gravity.cs.illinois.edu-1:yymmNS/WMf0iTj2NnD0nrVV8cBOXM9ivAkEdO1Lro3U=" ]; - - nativeStdenv = prev.stdenvAdapters.withCFlags [ "-O3" "-pipe" "-march=native" ] - (prev.overrideCC prev.llvmPackages_latest.stdenv - (prev.wrapCCWith rec { - cc = prev.llvmPackages_latest.clang-unwrapped; - bintools = (final.wrapBintoolsWith { - coreutils = final.uutils-coreutils; - libc = final.musl; - bintools = final.binutils-unwrapped.overrideAttrs - (old: { - postInstall = '' - ln -sf ${final.mold}/bin/mold $out/bin/ld - ''; - }); - }); - })); + + nativeStdenv = + prev.stdenvAdapters.withCFlags ["-O3" "-pipe" "-march=native"] + (prev.overrideCC prev.llvmPackages_latest.stdenv + (prev.wrapCCWith rec { + cc = prev.llvmPackages_latest.clang-unwrapped; + bintools = final.wrapBintoolsWith { + coreutils = final.uutils-coreutils; + libc = final.musl; + bintools = + final.binutils-unwrapped.overrideAttrs + (old: { + postInstall = '' + ln -sf ${final.mold}/bin/mold $out/bin/ld + ''; + }); + }; + })); }; -} \ No newline at end of file +} diff --git a/profiles/graphical.nix b/profiles/graphical.nix index f3bff3a..a4fa0cd 100644 --- a/profiles/graphical.nix +++ b/profiles/graphical.nix @@ -1,6 +1,10 @@ -{ pkgs, lib, config, inputs, ... }: - { + pkgs, + lib, + config, + inputs, + ... +}: { config = { home-manager.users.tzlil = {...}: { fonts.fontconfig.enable = true; @@ -31,4 +35,4 @@ # }; }; }; -} \ No newline at end of file +} diff --git a/profiles/network.nix b/profiles/network.nix index 40e31cc..461106f 100644 --- a/profiles/network.nix +++ b/profiles/network.nix @@ -1,6 +1,10 @@ -{ pkgs, lib, config, inputs, ... }: - { + pkgs, + lib, + config, + inputs, + ... +}: { imports = []; config = { networking = { @@ -14,13 +18,12 @@ useDHCP = false; nameservers = ["127.0.0.1" "::1"]; networkmanager.dns = "none"; - extraHosts = - '' - 100.99.246.128 pc - 100.105.242.70 phone - 100.109.155.123 vm - 100.67.217.90 vps - ''; + extraHosts = '' + 100.99.246.128 pc + 100.105.242.70 phone + 100.109.155.123 vm + 100.67.217.90 vps + ''; }; # Don't wait for network startup @@ -54,4 +57,4 @@ StateDirectory = "dnscrypt-proxy"; }; }; -} \ No newline at end of file +} diff --git a/profiles/security.nix b/profiles/security.nix index e28431b..8ca89e3 100644 --- a/profiles/security.nix +++ b/profiles/security.nix @@ -1,6 +1,10 @@ -{ pkgs, lib, config, inputs, ... }: - { + pkgs, + lib, + config, + inputs, + ... +}: { imports = []; config = { security.auditd.enable = true; @@ -60,8 +64,8 @@ boot.kernel.sysctl."net.ipv4.conf.default.send_redirects" = false; security.chromiumSuidSandbox.enable = true; - + security.sudo.execWheelOnly = true; security.sudo.extraConfig = "Defaults lecture = never"; }; -} \ No newline at end of file +} diff --git a/profiles/ssh.nix b/profiles/ssh.nix index 49917f9..5a62fe2 100644 --- a/profiles/ssh.nix +++ b/profiles/ssh.nix @@ -1,6 +1,10 @@ -{ pkgs, lib, config, inputs, ... }: - { + pkgs, + lib, + config, + inputs, + ... +}: { config = { services.openssh = { enable = true; @@ -33,4 +37,4 @@ ]; }; }; -} \ No newline at end of file +} diff --git a/profiles/user.nix b/profiles/user.nix index 7f0ec8b..637c15d 100644 --- a/profiles/user.nix +++ b/profiles/user.nix @@ -41,7 +41,7 @@ backupFileExtension = "backup"; }; - home-manager.users.tzlil = {pkgs, ...}@hm: { + home-manager.users.tzlil = {pkgs, ...} @ hm: { home = { stateVersion = "22.05"; username = "tzlil"; @@ -56,4 +56,4 @@ }; }; }; -} \ No newline at end of file +} diff --git a/secrets/secrets.nix b/secrets/secrets.nix index fd40ec5..7d82534 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -3,8 +3,7 @@ let vm = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHS6LK6rCmJCR/rKVJYVmJTL8fAdyJSLlgC3mesd6QVS"; vps = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMdOuj27GB703ZRKRqhytlaLJsKucaRa//yswxijAZT7"; - systems = [ vm vps ]; -in -{ - "id_ed25519.age".publicKeys = [ tzlil ] ++ systems; + systems = [vm vps]; +in { + "id_ed25519.age".publicKeys = [tzlil] ++ systems; } |