diff --git a/flake.nix b/flake.nix index 6d8c683..e171816 100755 --- a/flake.nix +++ b/flake.nix @@ -6,12 +6,13 @@ lanzaboote.url = "github:nix-community/lanzaboote"; # Secure boot. nixos-hardware.url = "github:NixOS/nixos-hardware"; # Hardware specific config. sops-nix.url = "github:Mic92/sops-nix"; # Secrets management. + nixvim.url = "github:nix-community/nixvim"; # Neovim. + # Secrets repo. secrets = { url = "git+ssh://git@docker.local:222/fern/secrets?ref=main"; flake = false; }; - nixvim.url = "github:nix-community/nixvim"; # Neovim. # Packages. fluffychat-2_0_0.url = "github:NixOS/nixpkgs?ref=pull/419632/head"; # FluffyChat 2.0.0 @@ -19,12 +20,11 @@ }; outputs = inputs @ { - self, nixpkgs, lanzaboote, nixos-hardware, - sops-nix, nixvim, + sops-nix, fluffychat-2_0_0, feishin-0_17_0, ... @@ -53,7 +53,7 @@ specialArgs = { inherit - self + nixpkgs hostname suite platform diff --git a/hosts/laptop/muskduck.nix b/hosts/laptop/muskduck.nix index 035504c..511a951 100644 --- a/hosts/laptop/muskduck.nix +++ b/hosts/laptop/muskduck.nix @@ -6,15 +6,14 @@ "sd_mod" ]; - boot.kernelModules = [ "kvm-intel" ]; + boot.kernelModules = ["kvm-intel"]; fileSystems."/" = { device = "/dev/disk/by-uuid/63d79656-aa5b-466a-b369-be5eac3f51ab"; fsType = "ext4"; }; - boot.initrd.luks.devices."luks-93fa00bc-777f-4359-bad5-880c29faca0d".device = - "/dev/disk/by-uuid/93fa00bc-777f-4359-bad5-880c29faca0d"; + boot.initrd.luks.devices."luks-93fa00bc-777f-4359-bad5-880c29faca0d".device = "/dev/disk/by-uuid/93fa00bc-777f-4359-bad5-880c29faca0d"; fileSystems."/boot" = { device = "/dev/disk/by-uuid/EBD7-3E1C"; diff --git a/hosts/lxc/firefox-syncserver.nix b/hosts/lxc/firefox-syncserver.nix index 5d178f6..157c694 100644 --- a/hosts/lxc/firefox-syncserver.nix +++ b/hosts/lxc/firefox-syncserver.nix @@ -1,8 +1,12 @@ -{ config, pkgs, secrets, ... }: { + config, + pkgs, + secrets, + ... +}: { # Secrets. sops = { - age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; defaultSopsFile = "${secrets}/sops.yaml"; secrets."firefox_syncserver/sync_master_secret" = {}; }; @@ -23,5 +27,5 @@ }; # Open Firefox sync service port. - networking.firewall.allowedTCPPorts = [ 5000 ]; + networking.firewall.allowedTCPPorts = [5000]; } diff --git a/hosts/server/weebill.nix b/hosts/server/weebill.nix index 76ff233..89c949c 100644 --- a/hosts/server/weebill.nix +++ b/hosts/server/weebill.nix @@ -1,5 +1,4 @@ -{ pkgs, ... }: -{ +{pkgs, ...}: { boot = { kernelPackages = pkgs.linuxKernel.packages.linux_rpi4; initrd.availableKernelModules = [ @@ -17,7 +16,7 @@ "/" = { device = "/dev/disk/by-label/NIXOS_SD"; fsType = "ext4"; - options = [ "noatime" ]; + options = ["noatime"]; }; }; diff --git a/hosts/vm/docker.nix b/hosts/vm/docker.nix index 63a62ea..09e8f47 100644 --- a/hosts/vm/docker.nix +++ b/hosts/vm/docker.nix @@ -10,6 +10,6 @@ }; swapDevices = [ - { device = "/dev/disk/by-uuid/025beadb-a89b-4abe-8d0c-b55401316319"; } + {device = "/dev/disk/by-uuid/025beadb-a89b-4abe-8d0c-b55401316319";} ]; } diff --git a/hosts/vm/minecraft.nix b/hosts/vm/minecraft.nix index 8ebb758..e7abad8 100644 --- a/hosts/vm/minecraft.nix +++ b/hosts/vm/minecraft.nix @@ -10,6 +10,6 @@ }; swapDevices = [ - { device = "/dev/disk/by-uuid/3123f58e-63a9-44fa-ac29-3e79dc520b8f"; } + {device = "/dev/disk/by-uuid/3123f58e-63a9-44fa-ac29-3e79dc520b8f";} ]; } diff --git a/modules/webone.nix b/modules/webone.nix index 53f4a58..701374a 100644 --- a/modules/webone.nix +++ b/modules/webone.nix @@ -4,15 +4,13 @@ userPackages, ... }: -with lib; -let +with lib; let cfg = config.services.webone; -in -{ +in { options.services.webone.enable = mkEnableOption "Enable WebOne HTTP proxy."; config = mkIf cfg.enable { - users.groups.webone = { }; + users.groups.webone = {}; users.users.webone = { createHome = true; @@ -42,10 +40,10 @@ in systemd.services.webone = { description = "WebOne HTTP Proxy Server"; - documentation = [ "https://github.com/atauenis/webone/wiki/" ]; - requires = [ "network-online.target" ]; - after = [ "network-online.target" ]; - wantedBy = [ "default.target" ]; + documentation = ["https://github.com/atauenis/webone/wiki/"]; + requires = ["network-online.target"]; + after = ["network-online.target"]; + wantedBy = ["default.target"]; startLimitIntervalSec = 5; startLimitBurst = 3; environment = { diff --git a/packages/webone/default.nix b/packages/webone/default.nix index fc35a19..a393e6a 100644 --- a/packages/webone/default.nix +++ b/packages/webone/default.nix @@ -4,7 +4,6 @@ dotnetCorePackages, ... }: - buildDotnetModule rec { pname = "webone"; version = "0.17.5"; diff --git a/packages/webone/deps.nix b/packages/webone/deps.nix index e63816d..6fb0b13 100644 --- a/packages/webone/deps.nix +++ b/packages/webone/deps.nix @@ -1,9 +1,7 @@ # This file was automatically generated by passthru.fetch-deps. # Please dont edit it manually, your changes might get overwritten! # TODO: This format file is obsolete, consider migrating to JSON. - -{ fetchNuGet }: -[ +{fetchNuGet}: [ (fetchNuGet { pname = "Microsoft.NETCore.Platforms"; version = "3.1.0"; diff --git a/suites/common.nix b/suites/common.nix index c54d80f..c6e7e58 100644 --- a/suites/common.nix +++ b/suites/common.nix @@ -1,5 +1,5 @@ { - self, + nixpkgs, pkgs, lib, hostname, @@ -10,15 +10,15 @@ with lib; { # NixOS version. system.stateVersion = "25.05"; - # Set $NIX_PATH to flake input. - nix.nixPath = ["nixpkgs=${self.inputs.nixpkgs}"]; - # Enable flakes. nix.settings.experimental-features = [ "nix-command" "flakes" ]; + # Set $NIX_PATH to flake input. + nix.nixPath = ["nixpkgs=${nixpkgs}"]; + # Enable redistributable firmware. hardware.enableRedistributableFirmware = true; @@ -66,25 +66,14 @@ with lib; { programs.fish = { enable = true; interactiveShellInit = '' - # nnn cd on quit. - function n --wraps nnn --description 'support nnn quit and change directory' - if test -n "$NNNLVL" -a "$NNNLVL" -ge 1 - echo "nnn is already running" - return - end - - if test -n "$XDG_CONFIG_HOME" - set -x NNN_TMPFILE "$XDG_CONFIG_HOME/nnn/.lastd" - else - set -x NNN_TMPFILE "$HOME/.config/nnn/.lastd" - end - - command ${pkgs.nnn}/bin/nnn $argv - - if test -e $NNN_TMPFILE - source $NNN_TMPFILE - rm -- $NNN_TMPFILE - end + # yazi cd on quit. + function y + set tmp (mktemp -t "yazi-cwd.XXXXXX") + ${pkgs.yazi}/bin/yazi $argv --cwd-file="$tmp" + if read -z cwd < "$tmp"; and [ -n "$cwd" ]; and [ "$cwd" != "$PWD" ] + builtin cd -- "$cwd" + end + rm -f -- "$tmp" end # kanagawa theme. @@ -123,6 +112,7 @@ with lib; { ''; }; + # https://nixos.wiki/wiki/Fish#Setting_fish_as_your_shell programs.bash = { interactiveShellInit = '' if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]] @@ -131,136 +121,153 @@ with lib; { exec ${pkgs.fish}/bin/fish $LOGIN_OPTION fi ''; - }; # https://nixos.wiki/wiki/Fish#Setting_fish_as_your_shell + }; # Install some packages. - programs.git.enable = true; - programs.lazygit.enable = true; + programs = { + git.enable = true; + lazygit.enable = true; - programs.nixvim = { - enable = true; - - globals.mapleader = " "; - - keymaps = [ - { - key = "t"; - action = " ToggleTerm direction=float "; - mode = "n"; - options = { - silent = true; - desc = "Open floating terminal."; - }; - } - - { - key = "e"; - action = " Neotree toggle "; - mode = "n"; - options.desc = "Show/hide file browser."; - } - - { - key = "f"; - action = " Telescope fd "; - mode = "n"; - options.desc = "Find files."; - } - - { - key = "g"; - action = " LazyGit "; - mode = "n"; - options.desc = "Open LazyGit."; - } - ]; - - colorschemes.kanagawa = { + nixvim = { enable = true; - settings = { - background.dark = "dragon"; - colors.theme.all.ui.bg_gutter = "none"; - overrides = '' - function(colors) - local theme = colors.theme - return { - NormalFloat = { bg = "none" }, - FloatBorder = { bg = "none" }, - FloatTitle = { bg = "none" }, - TelescopeTitle = { fg = theme.ui.special, bold = true }, - TelescopePromptNormal = { bg = theme.ui.bg_p1 }, - TelescopePromptBorder = { fg = theme.ui.bg_p1, bg = theme.ui.bg_p1 }, - TelescopeResultsNormal = { fg = theme.ui.fg_dim, bg = theme.ui.bg_m1 }, - TelescopeResultsBorder = { fg = theme.ui.bg_m1, bg = theme.ui.bg_m1 }, - TelescopePreviewNormal = { bg = theme.ui.bg_dim }, - TelescopePreviewBorder = { bg = theme.ui.bg_dim, fg = theme.ui.bg_dim }, + globals.mapleader = " "; - Pmenu = { fg = theme.ui.shade0, bg = theme.ui.bg_p1 }, -- add `blend = vim.o.pumblend` to enable transparency - PmenuSel = { fg = "NONE", bg = theme.ui.bg_p2 }, - PmenuSbar = { bg = theme.ui.bg_m1 }, - PmenuThumb = { bg = theme.ui.bg_p2 }, - } - end, - ''; - }; - }; + keymaps = [ + { + key = "t"; + action = " ToggleTerm direction=float "; + mode = "n"; + options = { + silent = true; + desc = "Open floating terminal."; + }; + } - opts = rec { - shiftwidth = 2; - tabstop = shiftwidth; - softtabstop = shiftwidth; - expandtab = true; - number = true; - cursorline = true; - undofile = true; - clipboard = "unnamedplus"; - }; + { + key = "g"; + action = " LazyGit "; + mode = "n"; + options.desc = "Open LazyGit."; + } - clipboard.providers.wl-copy.enable = true; + { + key = "y"; + action = " Yazi toggle "; + mode = "n"; + options.desc = "Show/hide file browser."; + } - plugins = { - colorizer.enable = true; - gitsigns.enable = true; - lazygit.enable = true; - lsp-format.enable = true; - mini-statusline.enable = true; - mini-tabline.enable = true; - notify.enable = true; - nvim-autopairs.enable = true; - telescope.enable = true; - toggleterm.enable = true; - trouble.enable = true; - web-devicons.enable = true; - which-key.enable = true; + { + key = "ff"; + action = " Telescope fd "; + mode = "n"; + options.desc = "Find files."; + } - blink-cmp = { + { + key = "fb"; + action = " Telescope buffers "; + mode = "n"; + options.desc = "Switch between buffers with telescope."; + } + + { + key = "fg"; + action = " Telescope live_grep "; + mode = "n"; + options.desc = "Grep files."; + } + ]; + + colorschemes.kanagawa = { enable = true; settings = { - keymap.preset = "enter"; - menu.auto_show = true; - completion.documentation.auto_show = true; + background.dark = "dragon"; + colors.theme.all.ui.bg_gutter = "none"; + overrides = '' + function(colors) + local theme = colors.theme + return { + NormalFloat = { bg = "none" }, + FloatBorder = { bg = "none" }, + FloatTitle = { bg = "none" }, + + TelescopeTitle = { fg = theme.ui.special, bold = true }, + TelescopePromptNormal = { bg = theme.ui.bg_p1 }, + TelescopePromptBorder = { fg = theme.ui.bg_p1, bg = theme.ui.bg_p1 }, + TelescopeResultsNormal = { fg = theme.ui.fg_dim, bg = theme.ui.bg_m1 }, + TelescopeResultsBorder = { fg = theme.ui.bg_m1, bg = theme.ui.bg_m1 }, + TelescopePreviewNormal = { bg = theme.ui.bg_dim }, + TelescopePreviewBorder = { bg = theme.ui.bg_dim, fg = theme.ui.bg_dim }, + + Pmenu = { fg = theme.ui.shade0, bg = theme.ui.bg_p1 }, -- add `blend = vim.o.pumblend` to enable transparency + PmenuSel = { fg = "NONE", bg = theme.ui.bg_p2 }, + PmenuSbar = { bg = theme.ui.bg_m1 }, + PmenuThumb = { bg = theme.ui.bg_p2 }, + } + end, + ''; }; }; - lsp = { - enable = true; - inlayHints = true; - servers = { - nixd = { - enable = true; - settings.formatting.command = ["alejandra"]; - settings.options.nixos.expr = "(builtins.getFlake (builtins.toString /home/fern/Repositories/flock)).nixosConfigurations.muskduck.options"; + opts = rec { + shiftwidth = 2; + tabstop = shiftwidth; + softtabstop = shiftwidth; + expandtab = true; + number = true; + cursorline = true; + undofile = true; + clipboard = "unnamedplus"; + }; + + clipboard.providers.wl-copy.enable = true; + + plugins = { + colorizer.enable = true; + gitsigns.enable = true; + lazygit.enable = true; + lsp-format.enable = true; + mini-statusline.enable = true; + mini-tabline.enable = true; + notify.enable = true; + nvim-autopairs.enable = true; + telescope.enable = true; + toggleterm.enable = true; + trouble.enable = true; + web-devicons.enable = true; + which-key.enable = true; + yazi.enable = true; + + blink-cmp = { + enable = true; + settings = { + keymap.preset = "enter"; + menu.auto_show = true; + completion.documentation.auto_show = true; }; }; - }; - treesitter = { - enable = true; - settings = { - highlight.enable = true; - incremental_selection.enable = true; - indent.enable = true; + lsp = { + enable = true; + inlayHints = true; + servers = { + nixd = { + enable = true; + settings.formatting.command = ["alejandra"]; + settings.options.nixos.expr = "(builtins.getFlake (builtins.toString /home/fern/Repositories/flock)).nixosConfigurations.muskduck.options"; + }; + }; + }; + + treesitter = { + enable = true; + settings = { + highlight.enable = true; + incremental_selection.enable = true; + indent.enable = true; + }; }; }; }; @@ -271,10 +278,10 @@ with lib; { btop lynx ncdu - nnn rsync tmux trash-cli + yazi ]; # Enable avahi hostname resolution. diff --git a/suites/laptop.nix b/suites/laptop.nix index c43df05..b742ef6 100755 --- a/suites/laptop.nix +++ b/suites/laptop.nix @@ -4,8 +4,7 @@ lib, ... }: -with lib; -{ +with lib; { # Configure the bootloader. boot = { # Enable secure boot. @@ -58,7 +57,7 @@ with lib; desktopManager.gnome = { enable = true; # Enable fractional scaling. - extraGSettingsOverridePackages = [ pkgs.mutter ]; + extraGSettingsOverridePackages = [pkgs.mutter]; extraGSettingsOverrides = '' [org.gnome.mutter] experimental-features=['scale-monitor-framebuffer'] @@ -74,34 +73,29 @@ with lib; # Exclude some default gnome applications. environment.gnome.excludePackages = ( - with pkgs; - [ - epiphany - gnome-connections - gnome-console - gnome-maps - gnome-music - gnome-tour - totem - yelp + with pkgs; [ + epiphany # Browser (replaced by Firefox). + gnome-connections # Remote desktop viewer. + gnome-console # Terminal (replaced by ghostTTY). + gnome-maps # Maps viewer. + gnome-music # Music player. + gnome-tour # First-boot tour. + totem # Movie player (replaced by Celluloid). + yelp # Help viewer. ] ); # Remove NixOS HTML manual documentation.doc.enable = false; - # Use ghostty for the "open in terminal" option in file manager. - programs.nautilus-open-any-terminal = { - enable = true; - terminal = "ghostty"; - }; - # Run electron apps under wayland. environment.sessionVariables.NIXOS_OZONE_WL = "1"; # Install some packages. - programs.steam.enable = true; - programs.firefox.enable = true; + programs = { + steam.enable = true; + firefox.enable = true; + }; environment.systemPackages = with pkgs; [ adwsteamgtk @@ -109,7 +103,6 @@ with lib; caligula celluloid discord - userPackages.feishin ghostty gimp3 glabels-qt @@ -121,14 +114,12 @@ with lib; libreoffice merriweather merriweather-sans - nixd # nix language server - alejandra # nix language formatter nerd-fonts.fira-code obsidian protonmail-desktop signal-desktop smile - vscodium + userPackages.feishin yubioath-flutter # PrismLauncher with temurin jre. @@ -142,18 +133,20 @@ with lib; (userPackages.fluffychat.overrideAttrs ( finalAttrs: previousAttrs: { desktopItems = [ - ((builtins.elemAt previousAttrs.desktopItems 0).override { startupWMClass = "fluffychat"; }) + ((builtins.elemAt previousAttrs.desktopItems 0).override {startupWMClass = "fluffychat";}) ]; } )) ]; - # Enable gamemode service + # Enable gamemode service. programs.gamemode.enable = true; # Enable CUPS to print documents. - services.printing.enable = true; - services.printing.drivers = [ pkgs.brlaser ]; + services.printing = { + enable = true; + drivers = [pkgs.brlaser]; + }; # If you don't set this Wireguard won't work. networking.firewall.checkReversePath = false; @@ -170,6 +163,6 @@ with lib; # Enable CPU frequency scaling management. services.power-profiles-daemon.enable = mkForce false; # enabled by gnome - services.tlp.enable = lib.mkForce false; # enabled by nixos-hardware + services.tlp.enable = mkForce false; # enabled by nixos-hardware services.auto-cpufreq.enable = true; } diff --git a/suites/lxc.nix b/suites/lxc.nix index ca491fe..4b11d63 100644 --- a/suites/lxc.nix +++ b/suites/lxc.nix @@ -1,10 +1,6 @@ -{ - modulesPath, - ... -}: -{ +{modulesPath, ...}: { imports = [ (modulesPath + "/virtualisation/proxmox-lxc.nix") ./server.nix ]; -} \ No newline at end of file +} diff --git a/suites/server.nix b/suites/server.nix index 01d61e1..1f6af57 100644 --- a/suites/server.nix +++ b/suites/server.nix @@ -1,13 +1,16 @@ -{ user, lib, ... }: -with lib; { - # Passwordless sudo + user, + lib, + ... +}: +with lib; { + # Passwordless sudo. security.sudo.wheelNeedsPassword = false; - # Enable all terminfo (for ghostty) + # Enable all terminfo (for ghostty). environment.enableAllTerminfo = true; - # Enable SSH server + # Enable SSH server. services.openssh.enable = true; users.users.${user} = { @@ -17,9 +20,9 @@ with lib; "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBEJYq1fMxVOzCMfE/td6DtWS8nUk76U9seYD3Z9RYAz u0_a399@fairywren" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIMoJvPcUJDVVzO4dHROCFNlgJdDZSP5xyPx2s40zcx5QAAAABHNzaDo= YubiKey5NFC" ]; - extraGroups = mkIf (user == "docker") [ "docker" ]; + extraGroups = mkIf (user == "docker") ["docker"]; }; # Enable docker. virtualisation.docker.enable = mkIf (user == "docker") true; -} \ No newline at end of file +} diff --git a/suites/vm.nix b/suites/vm.nix index 32a0966..3a4d6e2 100644 --- a/suites/vm.nix +++ b/suites/vm.nix @@ -3,8 +3,7 @@ lib, ... }: -with lib; -{ +with lib; { imports = [ (modulesPath + "/profiles/qemu-guest.nix") ./server.nix @@ -19,7 +18,7 @@ with lib; "sd_mod" ]; - boot.kernelModules = [ "kvm-intel" ]; + boot.kernelModules = ["kvm-intel"]; # Enable DHCP. networking.useDHCP = mkDefault true;