diff --git a/config/gitea/app.toml b/config/gitea/app.toml
new file mode 100755
index 0000000..7d15d4c
--- /dev/null
+++ b/config/gitea/app.toml
@@ -0,0 +1,40 @@
+[security]
+INSTALL_LOCK = true
+PASSWORD_HASH_ALGO = "argon2"
+PASSWORD_CHECK_PWN = true
+
+[repository]
+DEFAULT_BRANCH = "main"
+
+[ui]
+DEFAULT_THEME = "arc-pink"
+THEMES="auto,gitea,arc-green,arc-pink,arc-pink-modern,darkred,gitea-blue,gitea-modern,github"
+CUSTOM_EMOJIS = "blurry_eyes,whenyoubigshit,he,ancapistanian,oralpleasure,horny,acab,tastymilk,gluttony,soul_of_fright,soul_of_night,soul_of_might,soul_of_blight,michael,bottom,spongesad,scripulous_fingore_point,scripulous_fingore,Tainted_John_F_Kennedy,John_F_Kennedy_Tainted,John_F_Kennedy,plumspin,despair,ihaveyourip,rusty50,entropy,peeeh,penis,gloopy,twister,stupib,speed,deadchat,cock,housj,dothejej,b_,trollgecommence,handsl,handsr,face,aiki,nervous,coffee,the_cowboy,dilf,child,closer,feddynite,orang,feddy_glamcock,elonmusk,slugclose,zonkerdoodle,pls,x3,slugloafspin,observer,pickle,zamiel_approves,ohgod,hapykity,i_see_chicory,i_see_pizza,cutely_blushes,gamer_boi,eeeeeeeeee,babytime,sleeby"
+
+[mailer]
+ENABLED = false
+
+[service]
+REGISTER_EMAIL_CONFIRM = false
+ENABLE_NOTIFY_MAIL = false
+ALLOW_ONLY_EXTERNAL_REGISTRATION = false
+ENABLE_CAPTCHA = false
+REQUIRE_SIGNIN_VIEW = false
+DEFAULT_KEEP_EMAIL_PRIVATE = true
+DEFAULT_ALLOW_CREATE_ORGANIZATION = true
+DEFAULT_ENABLE_TIMETRACKING = true
+NO_REPLY_ADDRESS = "noreply.oat.zone"
+
+[picture]
+DISABLE_GRAVATAR = false
+ENABLE_FEDERATED_AVATAR = true
+
+[openid]
+ENABLE_OPENID_SIGNIN = false
+ENABLE_OPENID_SIGNUP = false
+
+[session]
+PROVIDER = "file"
+
+[other]
+SHOW_FOOTER_BRANDING = true
diff --git a/default.nix b/default.nix
index e182e2d..43fb5f2 100755
--- a/default.nix
+++ b/default.nix
@@ -1,7 +1,7 @@
{ config, inputs, lib, pkgs, ... }:
let
- inherit (lib) _;
+ inherit (lib) filterAttrs _;
in {
imports =
[ inputs.home-manager.nixosModules.home-manager ]
@@ -15,18 +15,18 @@ in {
boot.loader.systemd-boot.configurationLimit = 10;
nix = let
- registry = lib.mapAttrs (_: v: { flake = v; }) (_.filterSelf inputs);
+ registry = lib.mapAttrs (name: value: { flake = value; }) (filterAttrs (name: value: name != "attrs") inputs);
in {
package = pkgs.nixFlakes;
- autoOptimiseStore = true;
- extraOptions = "experimental-features = nix-command flakes";
- binaryCaches = [
+ registry = registry // { dotfiles.flake = inputs.self; };
+ settings.auto-optimise-store = true;
+ settings.experimental-features = [ "nix-command" "flakes"];
+ settings.substituters = [
"https://nix-community.cachix.org"
];
- binaryCachePublicKeys = [
+ settings.trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
- registry = registry // { dotfiles.flake = inputs.self; };
};
environment.systemPackages = with pkgs; [
diff --git a/flake.lock b/flake.lock
index bcaaf6a..20aeaec 100755
--- a/flake.lock
+++ b/flake.lock
@@ -7,11 +7,11 @@
]
},
"locked": {
- "lastModified": 1641576265,
- "narHash": "sha256-G4W39k5hdu2kS13pi/RhyTOySAo7rmrs7yMUZRH0OZI=",
+ "lastModified": 1652712410,
+ "narHash": "sha256-hMJ2TqLt0DleEnQFGUHK9sV2aAzJPU8pZeiZoqRozbE=",
"owner": "ryantm",
"repo": "agenix",
- "rev": "08b9c96878b2f9974fc8bde048273265ad632357",
+ "rev": "7e5e58b98c3dcbf497543ff6f22591552ebfe65b",
"type": "github"
},
"original": {
@@ -20,29 +20,58 @@
"type": "github"
}
},
- "flake-compat": {
- "flake": false,
- "locked": {
- "lastModified": 1641205782,
- "narHash": "sha256-4jY7RCWUoZ9cKD8co0/4tFARpWB+57+r1bLLvXNJliY=",
- "owner": "edolstra",
- "repo": "flake-compat",
- "rev": "b7547d3eed6f32d06102ead8991ec52ab0a4f1a7",
- "type": "github"
- },
- "original": {
- "owner": "edolstra",
- "repo": "flake-compat",
- "type": "github"
- }
- },
"flake-utils": {
"locked": {
- "lastModified": 1638122382,
- "narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=",
+ "lastModified": 1631561581,
+ "narHash": "sha256-3VQMV5zvxaVLvqqUrNz3iJelLw30mIVSfZmAaauM3dA=",
"owner": "numtide",
"repo": "flake-utils",
- "rev": "74f7e4319258e287b0f9cb95426c9853b282730b",
+ "rev": "7e5bf3925f6fbdfaf50a2a7ca0be2879c4261d19",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "flake-utils_2": {
+ "locked": {
+ "lastModified": 1656928814,
+ "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "flake-utils_3": {
+ "locked": {
+ "lastModified": 1656928814,
+ "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "flake-utils_4": {
+ "locked": {
+ "lastModified": 1656928814,
+ "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249",
"type": "github"
},
"original": {
@@ -58,43 +87,86 @@
]
},
"locked": {
- "lastModified": 1649887911,
- "narHash": "sha256-Af0Ppb1RZ7HWuxUvF0/O7h3cy8tqU2eKFyVwyA1ZD+w=",
+ "lastModified": 1656169755,
+ "narHash": "sha256-Nlnm4jeQWEGjYrE6hxi/7HYHjBSZ/E0RtjCYifnNsWk=",
"owner": "nix-community",
"repo": "home-manager",
- "rev": "7244c6715cb8f741f3b3e1220a9279e97b2ed8f5",
+ "rev": "4a3d01fb53f52ac83194081272795aa4612c2381",
"type": "github"
},
"original": {
"owner": "nix-community",
- "ref": "release-21.11",
+ "ref": "release-22.05",
"repo": "home-manager",
"type": "github"
}
},
- "libnbtplusplus": {
- "flake": false,
+ "jillo": {
+ "inputs": {
+ "mkNodePackage": "mkNodePackage",
+ "nixpkgs": "nixpkgs_2"
+ },
"locked": {
- "lastModified": 1591558203,
- "narHash": "sha256-QgvNvaoFflCXEPCCFBCeZvYTpuiwScBG7EosUgFwFNQ=",
- "owner": "multimc",
- "repo": "libnbtplusplus",
- "rev": "dc72a20b7efd304d12af2025223fad07b4b78464",
+ "lastModified": 1659775351,
+ "narHash": "sha256-W1vRnGF4+JCr8BSempyaB2rNFlkUAzSR7RjXiF+5GnQ=",
+ "ref": "main",
+ "rev": "55476dce96057b62d8ff4ae666a5084c709e06d8",
+ "revCount": 19,
+ "type": "git",
+ "url": "file:///home/oatmealine/jillo"
+ },
+ "original": {
+ "type": "git",
+ "url": "file:///home/oatmealine/jillo"
+ }
+ },
+ "mkNodePackage": {
+ "inputs": {
+ "flake-utils": "flake-utils",
+ "nixpkgs": "nixpkgs",
+ "npmlock2nix": "npmlock2nix",
+ "pnpm2nix": "pnpm2nix"
+ },
+ "locked": {
+ "lastModified": 1633790997,
+ "narHash": "sha256-1mk4EwNkWtTNpeRivZmJTzB+92g07maeFRVUMnnRh1U=",
+ "owner": "winston0410",
+ "repo": "mkNodePackage",
+ "rev": "a7eca5e027c8b260dca4ece7d8dd187f92420611",
"type": "github"
},
"original": {
- "owner": "multimc",
- "repo": "libnbtplusplus",
+ "owner": "winston0410",
+ "repo": "mkNodePackage",
+ "type": "github"
+ }
+ },
+ "nix-minecraft": {
+ "inputs": {
+ "flake-utils": "flake-utils_2",
+ "nixpkgs": "nixpkgs_3"
+ },
+ "locked": {
+ "lastModified": 1661267391,
+ "narHash": "sha256-5u33JsRQCq6Fotjj3/+JbQNmDujLVX8i/82ruFsDbMc=",
+ "owner": "Infinidoge",
+ "repo": "nix-minecraft",
+ "rev": "3442139e21642082000271849abb1209484e8909",
+ "type": "github"
+ },
+ "original": {
+ "owner": "Infinidoge",
+ "repo": "nix-minecraft",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
- "lastModified": 1639986101,
- "narHash": "sha256-Ow0+pkY7qMw6lMAvR1mEdUT9svJnrkbaRoqp4bkMTpg=",
+ "lastModified": 1660407119,
+ "narHash": "sha256-04lWO0pDbhAXFdL4v2VzzwgxrZ5IefKn+TmZPiPeKxg=",
"owner": "nixos",
"repo": "nixos-hardware",
- "rev": "3f92db38374b2977aea8daf4c4fe2fa0eddbd60c",
+ "rev": "12620020f76b1b5d2b0e6fbbda831ed4f5fe56e1",
"type": "github"
},
"original": {
@@ -105,26 +177,43 @@
},
"nixpkgs": {
"locked": {
- "lastModified": 1650501692,
- "narHash": "sha256-ApKf0/dc0SyB7zZ6yiiOQgcXAhCXxbSDyihHfRDIzx0=",
- "owner": "NixOS",
+ "lastModified": 1633351077,
+ "narHash": "sha256-z38JG4Bb0GtM1aF1pANVdp1dniMP23Yb3HnRoJRy2uU=",
+ "owner": "nixos",
"repo": "nixpkgs",
- "rev": "9887f024766aa27704d1f89f623efd1d063da92a",
+ "rev": "14aef06d9b3ad1d07626bdbb16083b83f92dc6c1",
"type": "github"
},
"original": {
- "id": "nixpkgs",
- "ref": "nixos-21.11",
- "type": "indirect"
+ "owner": "nixos",
+ "ref": "nixos-unstable",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs-master": {
+ "locked": {
+ "lastModified": 1661278267,
+ "narHash": "sha256-eqJH9nHQrFsAGpG7YRfUipAT0mG8ZW0AusI5MeX716s=",
+ "owner": "nixos",
+ "repo": "nixpkgs",
+ "rev": "1ded9c47d54c1fcd3a9e6a4ed4e2bb65984ca691",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nixos",
+ "ref": "master",
+ "repo": "nixpkgs",
+ "type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
- "lastModified": 1640139330,
- "narHash": "sha256-Nkp3wUOGwtoQ7EH28RLVJ7EqB/e0TU7VcsM7GLy+SdY=",
+ "lastModified": 1661239211,
+ "narHash": "sha256-pNJzBlSNpWEiFJZnLF2oETYq8cGWx1DJPW33aMtG6n8=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "81cef6b70fb5d5cdba5a0fef3f714c2dadaf0d6d",
+ "rev": "5e804cd8a27f835a402b22e086e36e797716ef8b",
"type": "github"
},
"original": {
@@ -135,11 +224,27 @@
},
"nixpkgs_2": {
"locked": {
- "lastModified": 1641528457,
- "narHash": "sha256-FyU9E63n1W7Ql4pMnhW2/rO9OftWZ37pLppn/c1aisY=",
+ "lastModified": 1659153955,
+ "narHash": "sha256-BAdA1WBHi/TBSaeyDjsVIqe62r0w/5ZvsaglXivOLLM=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "ff377a78794d412a35245e05428c8f95fef3951f",
+ "rev": "1e5d0fbd82f0f1370c70026d255deda2d9c8a585",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nixos",
+ "ref": "nixos-22.05",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_3": {
+ "locked": {
+ "lastModified": 1650161686,
+ "narHash": "sha256-70ZWAlOQ9nAZ08OU6WY7n4Ij2kOO199dLfNlvO/+pf8=",
+ "owner": "nixos",
+ "repo": "nixpkgs",
+ "rev": "1ffba9f2f683063c2b14c9f4d12c55ad5f4ed887",
"type": "github"
},
"original": {
@@ -149,41 +254,83 @@
"type": "github"
}
},
- "polymc": {
- "inputs": {
- "flake-compat": "flake-compat",
- "flake-utils": "flake-utils",
- "libnbtplusplus": "libnbtplusplus",
- "nixpkgs": "nixpkgs_2",
- "quazip": "quazip"
- },
+ "nixpkgs_4": {
"locked": {
- "lastModified": 1641930261,
- "narHash": "sha256-3RR/rjMFDYoA7qJHXLHdw1sauBCdO9kqMEGUpuxB1Sw=",
- "owner": "PolyMC",
- "repo": "PolyMC",
- "rev": "3b524e99cceb734fa9f2433e3738ce0d185a75aa",
+ "lastModified": 1661187878,
+ "narHash": "sha256-/wCqoQB1BsaVi4nb8Iz0PreeBNMTim0p78NLtyWejFE=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "52527082ea267fe486f0648582d57c85486b2031",
"type": "github"
},
"original": {
- "owner": "PolyMC",
- "repo": "PolyMC",
+ "id": "nixpkgs",
+ "ref": "nixos-22.05",
+ "type": "indirect"
+ }
+ },
+ "nixpkgs_5": {
+ "locked": {
+ "lastModified": 1659219666,
+ "narHash": "sha256-pzYr5fokQPHv7CmUXioOhhzDy/XyWOIXP4LZvv/T7Mk=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "7b9be38c7250b22d829ab6effdee90d5e40c6e5c",
+ "type": "github"
+ },
+ "original": {
+ "id": "nixpkgs",
+ "ref": "nixos-unstable",
+ "type": "indirect"
+ }
+ },
+ "nixpkgs_6": {
+ "locked": {
+ "lastModified": 1659102345,
+ "narHash": "sha256-Vbzlz254EMZvn28BhpN8JOi5EuKqnHZ3ujFYgFcSGvk=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "11b60e4f80d87794a2a4a8a256391b37c59a1ea7",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "nixpkgs-unstable",
+ "repo": "nixpkgs",
"type": "github"
}
},
- "quazip": {
+ "npmlock2nix": {
"flake": false,
"locked": {
- "lastModified": 1633895098,
- "narHash": "sha256-+Of0M2IAoTf1CyC0teCpsyurv6xfqiBo84V49dSeNTA=",
- "owner": "multimc",
- "repo": "quazip",
- "rev": "b1a72ac0bb5a732bf887a535ab75c6f9bedb6b6b",
+ "lastModified": 1633729941,
+ "narHash": "sha256-v2YPcEWI1Wz8ErivorubgLcDT06H6YzFT7uhp1ymqnE=",
+ "owner": "winston0410",
+ "repo": "npmlock2nix",
+ "rev": "6ade47a330b6919defb45c0eb984a64234aa8468",
"type": "github"
},
"original": {
- "owner": "multimc",
- "repo": "quazip",
+ "owner": "winston0410",
+ "ref": "issue113",
+ "repo": "npmlock2nix",
+ "type": "github"
+ }
+ },
+ "pnpm2nix": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1594396611,
+ "narHash": "sha256-UXOUQ+2A89/zaxYhTHiRrRBU5exbUWrg+FoJYMcNwuI=",
+ "owner": "nix-community",
+ "repo": "pnpm2nix",
+ "rev": "f67be0925a91b92f54d99dbdead7a06920b979ac",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-community",
+ "ref": "master",
+ "repo": "pnpm2nix",
"type": "github"
}
},
@@ -191,10 +338,49 @@
"inputs": {
"agenix": "agenix",
"home-manager": "home-manager",
+ "jillo": "jillo",
+ "nix-minecraft": "nix-minecraft",
"nixos-hardware": "nixos-hardware",
- "nixpkgs": "nixpkgs",
+ "nixpkgs": "nixpkgs_4",
+ "nixpkgs-master": "nixpkgs-master",
"nixpkgs-unstable": "nixpkgs-unstable",
- "polymc": "polymc"
+ "watch-party": "watch-party"
+ }
+ },
+ "rust-overlay": {
+ "inputs": {
+ "flake-utils": "flake-utils_4",
+ "nixpkgs": "nixpkgs_6"
+ },
+ "locked": {
+ "lastModified": 1659179790,
+ "narHash": "sha256-HhCjnO20QbJFJExExiwAslpx0YpB0qpovKejE+HpSQ4=",
+ "owner": "oxalica",
+ "repo": "rust-overlay",
+ "rev": "cc3c93a28de41ac38b93cdf075a6776c6e42d2a1",
+ "type": "github"
+ },
+ "original": {
+ "owner": "oxalica",
+ "repo": "rust-overlay",
+ "type": "github"
+ }
+ },
+ "watch-party": {
+ "inputs": {
+ "flake-utils": "flake-utils_3",
+ "nixpkgs": "nixpkgs_5",
+ "rust-overlay": "rust-overlay"
+ },
+ "locked": {
+ "lastModified": 1657657296,
+ "narHash": "sha256-eJnE1a3EiVM2EFhJ7nQvkTyEZ6/fOWYsnb6GYOSfizg=",
+ "type": "git",
+ "url": "file:///home/oatmealine/watch-party"
+ },
+ "original": {
+ "type": "git",
+ "url": "file:///home/oatmealine/watch-party"
}
}
},
diff --git a/flake.nix b/flake.nix
index 0a72188..73cd580 100755
--- a/flake.nix
+++ b/flake.nix
@@ -2,41 +2,31 @@
description = "Frosted Flakes";
inputs = {
- # NixOS unstable
-# nixpkgs.url = "nixpkgs/nixos-unstable";
- nixpkgs.url = "nixpkgs/nixos-21.11";
+ nixpkgs.url = "nixpkgs/nixos-22.05";
+
+ # WARNING: Where possible, prefer the stable branch of nixpkgs as nixpkgs-unstable may have incompatable or vulnerable software.
nixpkgs-unstable.url = "nixpkgs/nixos-unstable";
- # home-manager
-# home-manager.url = "github:nix-community/home-manager/master";
- home-manager.url = "github:nix-community/home-manager/release-21.11";
+ # WARNING: The master branch of nixpkgs is unsafe to use and software may break or contain various security vulnerabilities. Use at your own discretion.
+ nixpkgs-master.url = "github:nixos/nixpkgs/master";
+
+ home-manager.url = "github:nix-community/home-manager/release-22.05";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
# agenix - age-encrypted secrets
agenix.url = "github:ryantm/agenix";
agenix.inputs.nixpkgs.follows = "nixpkgs";
- # nixos-hardware
nixos-hardware.url = "github:nixos/nixos-hardware";
nixos-hardware.inputs.nixpkgs.follows = "nixpkgs";
-/*
- # fzf-hoogle
- fzf-hoogle-vim.url = "github:monkoose/fzf-hoogle.vim";
- fzf-hoogle-vim.flake = false;
+ nix-minecraft.url = "github:Infinidoge/nix-minecraft";
- # asyncrun-vim
- asyncrun-vim.url = "github:skywind3000/asyncrun.vim";
- asyncrun-vim.flake = false;
-*/
-
-# blender-30.url = "github:blender/blender/blender-v3.0-release";
-# blender-30.flake = false;
-
- polymc.url = "github:PolyMC/PolyMC";
+ jillo.url = "/home/oatmealine/jillo";
+ watch-party.url = "/home/oatmealine/watch-party";
};
- outputs = inputs @ { self, nixpkgs, nixpkgs-unstable, ... }:
+ outputs = inputs @ { self, nixpkgs, nixpkgs-unstable, nixpkgs-master, nix-minecraft, ... }:
let
system = "x86_64-linux";
@@ -49,16 +39,19 @@
overlays = overlays ++ (lib.attrValues self.overlays);
};
- pkgs = mkPkgs nixpkgs [ self.overlay inputs.polymc.overlay.${system} ];
+ pkgs = mkPkgs nixpkgs [ self.overlay nix-minecraft.overlay ];
in {
packages."${system}" = mapModules ./packages (p: pkgs.callPackage p {});
overlay = final: prev: {
_ = self.packages."${system}";
unstable = mkPkgs nixpkgs-unstable [];
+ master = mkPkgs nixpkgs-master [];
};
overlays = mapModules ./overlays import;
nixosModules = mapModulesRec ./modules import;
- nixosConfigurations = mapModules ./hosts (mkHost system);
+ nixosConfigurations = mapModules ./hosts (host: mkHost host { inherit system; });
devShell."${system}" = import ./shell.nix { inherit pkgs; };
};
}
+
+
diff --git a/hosts/dark-firepit/authorizedKeys.nix b/hosts/dark-firepit/authorizedKeys.nix
index 47bbf68..3cacde0 100644
--- a/hosts/dark-firepit/authorizedKeys.nix
+++ b/hosts/dark-firepit/authorizedKeys.nix
@@ -1,14 +1,14 @@
{
"aether@subsurface" = {
- ssh = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4lh7dN9Ohh2/WoGiZ4WlpVb01YPNto/9ungOAk6TH+65wkxMjY4a+1OsO8Znguj46tXVErn8xv2ZVX0K7ql0hzypPkP2Dvvim99tz6FKSf9Nwj6RRtIKPoYkJjtGYAqLJl8JPy50HkFXkDVQ/z4d4iwpneSODIJdkUFSzZR91jz9FX+4t2h+2xtuuRDI43+gHRqvwPP8XaE0srtMzZoQDUBKhwOynoo2vZnyd3O7kkpD9T+jzYEeLKppHdaoYN5UxZ4L0xnig0WFZiBH36/YGXA8gT56FHRw5GKhwWwfSvliEw63/6IxiVZBuM1Mj7syg2Ndhhmmay05QqvyTrdHA9veyzJG5l0HlnCmXe7ss9lVQnxxPfbHbnDZUhH1ax01sQUeTK3Bs3AvbsTLyXBbd4NCY5ovz85MqzM/Q84B1zX1i8KbFEBh0xkumNsPAXzY8ar+tq5rFa23bY9qF4s6CMv++JEXSJJufcf3BS2dBlw0lTGBn7UEO9FHHsU3xKCc= aether@subsurface";
+ ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFLDtlpOnQFQq9mPMhR1uQnjrTexcof+c+y+ot/7Jgnt aether@subsurface";
wg = "XEVSwNNPR7RTt/O0ihYmv3nopbPmqkCMGrVRCixnPWw=";
};
- "oatmealine@beppy" = {
+ "oatmealine@void-defragmented" = {
ssh = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDbJDo79TD9RV77MnArQwS94wzBo+6l6dYQnaNdPk2xo019+tc7GyuQ+GHyh4qewIUQOwe3Ddj4YxJN9IS3E360/6RdaNDxn3hUp2jh/x9SOjh0W86FJfdHEQViNeFVSXJv+QBZT9ibR9IbOHYezhD6gtz15pNhEqhQyqw2hJuQzxLvnictTc4lPQnWN9I8ga+OVSh7Uauu5OKbUOyRRj1Er/hasNviCaGBJnLDYjSqTDRvEbdYlfuhrYITJ+viZOQq7Nczs6dbsl627FCvhr5vQi+/vvpx9DKHDvpGvbEglOmOwgffSkaOIIx/pNHTsRccX7c3/im6z4pCDj4bEuiqqawv2C6DV0aM01bW8cchOJrmSQGTygTrJuuVPHp4IRIZNvQGS+97j4u+d7ofricLR1RoxJcQibvRA9rhhYI2FhwrAweuuLktjSj5RkQnypd9kjOuH+nhgLZunreNoyPNDCmcOBA7BA0rD2pCIKB9SzlelMjVuvy0PA8uWfNFfxGU+m3BH7lQS/A6V+NeYrMGiZ+u+t9Pgr6kAoR7mAUO+obIdMM/lOp1/zGBY8lk2Aq3GQcyGVNi18VR0uA+NMaJYXA1JzSiPCz7cQn1pKIAKiDEnzicf5MxDHIi5F1iQ/Lc+NftgmDXZEAHDY1bQepScOttaOZQZLpYP/eWwlEQJQ== oatmealine@beppy";
wg = "533BncNpHKzJVx5lwdxBg+aUfLGqea9uUYz70C6wxyg=";
};
- "skye@DESKTOP-VB4940J" = {
- ssh = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDGPFAyr1zYL5+/VIUVhT5sIfikhlj37tuTHVSfW/xbHfBqvR/Ga21j2k6HAa6acpHBa3+Ri1DZIjIkzjco447ZP7ahwOF3Ci6Cv9oSXxmw43hUMypfMTLu9+v9sjFJFPg7F39X2ngZzzLxO1/fPMuQm3kK6T3WyVqpNUMaenXhnT2i641lo2tRjs1LeGIk6h3Ermp4V3WQo+exbf+nc1Lqt5Yos/jWn1HnsjxI2N1SQDiT9J+MpNN7wUz4Q57+aDKeXH2oBsnRjNGU90qudwZIdUUJunfVaFXZHuVopLv1DlY1rcjtTP/8P9WcFXsnqb4yiA4uon0fbo7IZISt+ffw+TDjPaDH/8TsfgeT36Dd2mKZ/Z9XdzdWiez4fZxExR9MZcJafxnnw6Bfsfb4sSw52VRE2R65apasDTHTE3toRr7JWDNOg35ULDuGiQMnWhbr1c/0aHOtxoIIjOTtWUAl1LqemAELq/sJhKc/B/ywN1421FCcyivn8meZUII0Ccc= skye@DESKTOP-VB4940J";
- wg = "";
+ "oatmealine@beppy-phone" = {
+ ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJUgEsAQ7EL5/3STLAk/0qWJddYqfBY71yS9RtRSWd3w JuiceSSH";
+ wg = "qT7gX8beM/kW9AYg5dV1e3cLzLDTLxMO2CmnbFpMVj4=";
};
}
diff --git a/hosts/dark-firepit/default.nix b/hosts/dark-firepit/default.nix
index 956f896..4f937d7 100644
--- a/hosts/dark-firepit/default.nix
+++ b/hosts/dark-firepit/default.nix
@@ -1,12 +1,18 @@
{ pkgs, inputs, lib, ... }:
let
- keys = import ./authorizedKeys;
+ keys = import ./authorizedKeys.nix;
in {
imports = [
./hardware-configuration.nix
+ inputs.nix-minecraft.nixosModules.minecraft-servers
+ #inputs.watch-party.nixosModules.watch-party
+ (fetchTarball "https://github.com/msteen/nixos-vscode-server/tarball/master")
];
+# services.auto-fix-vscode-server.enable = true;
+ services.vscode-server.enable = true;
+
user = {
packages = with pkgs; [
git
@@ -14,27 +20,39 @@ in {
];
};
- defaultUsers = {
+ normalUsers = {
aether = {
- packages = [ ];
- shell = "fish";
- extraGroups = [ "wheel" ];
- initialHashedPassword = "!";
- openssh.authorizedKeys.keys = [ keys."aether@subsurface".ssh ];
+ conf = {
+ packages = with pkgs; [ bat duf broot nftables tmux ];
+ shell = pkgs.unstable.fish;
+ extraGroups = [ "wheel" "nix-users" ];
+ initialHashedPassword = "!";
+ openssh.authorizedKeys.keys = [ keys."aether@subsurface".ssh ];
+ };
+
+ homeConf.home = {
+ sessionVariables = {
+ EDITOR = "nvim";
+ NIX_REMOTE = "daemon";
+ };
+ };
};
+
oatmealine = {
- packages = [ ];
- shell = "zsh";
- extraGroups = [ "wheel" ];
- initialHashedPassword = "!";
- openssh.authorizedKeys.keys = [ keys."oatmealine@beppy".shh ];
- };
- skye = {
- packages = [ ];
- shell = "fish";
- extraGroups = [ "wheel" ];
- initialHashedPassword = "!";
- openssh.authorizedKeys.keys = [ keys."skye@DESKTOP-VB4940J".shh ];
+ conf = {
+ packages = with pkgs; [ bat tmux micro direnv nix-direnv ripgrep ];
+ shell = pkgs.unstable.fish;
+ extraGroups = [ "wheel" "nix-users" ];
+ initialHashedPassword = "!";
+ openssh.authorizedKeys.keys = [ keys."oatmealine@void-defragmented".ssh keys."oatmealine@beppy-phone".ssh ];
+ };
+
+ homeConf.home = {
+ sessionVariables = {
+ EDITOR = "micro";
+ NIX_REMOTE = "daemon";
+ };
+ };
};
};
@@ -44,41 +62,220 @@ in {
};
modules = {
-# theme.active = "still";
- shell.zsh.enable = true;
shell.fish.enable = true;
- security = {
- isLocalMachine = false;
- };
- desktop = {
- editors = {
- neovim.enable = true;
- };
- };
- dev = {
+ security.isLocalMachine = false;
+ editors.neovim.enable = true;
+ remote = {
+ enable = true;
+ keys = [
+ "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAoV7ymOtfC8SYvv31/GGso8DoHKE/KOfoEZ0hjmYtaQg7dyi5ijfDikLZUux8aWivvRofa7SqyaK0Ea+s9KuTX/dreJKz/RKG+QHLjw6U0FSoJ765q56pUy0j0TZoVy4PjSb38of56urg1UmHkK13WQXrvjwdHUjAcVx6PurHAxsbmxhYkJO9Jmvr8CB+PZFKIHjewkgBWkBxD97WFNwDfmBmvh1F5xRn8WhgT+2DVdQ2coN4Eqwc4NWzBUSfrro0gARsJsUvQxdx8f1kJDQKy2lQWCnlgRiD+pK5ocf1wCZfJMs0NQ6xqCZDKDJTcyGNLWH/L57Pg5U5t7BWRTTPmQ== yugoslavia"
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCX2uRTaL1Nu4KzsSJSVc7R2yCIa4Mw3KuJAMluQO746eXBFeTmRN6Pqc+H0Rpz9nkQ/fB8tYl70FfrYy4suM0QCY1IDbPWaUBmLQYCt6nzCfFY8PTpLoJmeQW3jzG7VqSjjl+uG2KLQqPtzxmvukIJRovhrKcUnPzw4tU4BLy2uGWgJN9sGofWczmtxdijADyOYtasVIr6/Hca5IwMCldbqQ9B1k+VIE87Kv2k5n+LVRVMsVHaVSubIMYZFbZFDW2/oRVg2ainewO0e9XPbtBREVraPnuf7s4uBByk4goQfLhz3B6L4JLbYYijw25+SmeJcesDxJUIIKMCuZChNcyb aura@LAPTOP-MEN8UH6Q"
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRI9sGl0EmOkNNnh8SgRq197gkEy3XEwKZjLIr27V9PfaVOLIAcZiGcOa5q7rc5FjcCtkQ9+/twE24bZpxkK0ygrRJBEdT+HGAUmpY/kRPEn/tqjmwNu43vQqOhNSYmAAzdjJ4AuRPK5st8QQyOzKv5Pnghwy8xPAjOM3o4n9ULMLjVvAu0eTmCJMKxEvz5FUEIVZtEid/ng46k/bJ/njSh8vyGBQV4fJei6M9Ovw0HPqqzWyV/e0c3hTClG4dfLCK3Qv3hLhXQ+8I9iaL7D2wZdr3F2lbg0vS/QctPZc28f1gpkFEzVflEzAk4aFwJMMflY04IG1Dr44IfM1gJbpj rsa-key-20220423"
+ keys."oatmealine@void-defragmented".ssh
+ keys."oatmealine@beppy-phone".ssh
+ ];
+ packages = with pkgs; [ tmux ];
+ shell = pkgs.unstable.fish;
};
services = {
- ssh.enable = true;
+ ssh = {
+ enable = true;
+ requirePassword = false;
+ };
+
postgres.enable = true;
+
+ nextcloud = {
+ enable = true;
+ domain = "cloud.aether.gay";
+ };
+
gitea = {
enable = true;
- site = "git.oat.zone";
+ domain = "git.oat.zone";
+ port = 3000;
};
+
+ matrix.conduit = {
+ enable = false;
+ domain = "matrix.aether.gay";
+ };
+
+ minecraft = {
+ enable = true;
+ servers = {
+ "dark-firepit" = {
+ enable = true;
+ autoStart = true;
+ openFirewall = true;
+ serverProperties = {
+ server-port = 25565;
+ gamemode = 0;
+ motd = "dark-firepit, 1.19.2 Fabric";
+ white-list = true;
+ max-players = 8;
+ allow-flight = true;
+ enable-command-block = true;
+ enforce-secure-profile = false;
+ level-type = "terra:overworld/overworld";
+ snooper-enabled = false;
+ spawn-protection = 0;
+ };
+ whitelist = {
+ oatmealine = "241d7103-4c9d-4c45-9464-83b5365ce48e";
+ RustyMyHabibi = "e20305fa-a44c-44c9-b62e-6918e7c779d6";
+ Dj_Afganistan = "1f879917-1ad4-49c3-9908-90769ee73f85";
+ DumbDogDoodles = "d33e5e3b-85ab-4c93-a61b-605e2673fbe8";
+ SuneFoxie = "82e82ef9-ea17-4794-9051-928b5b8629c1";
+ FuzziestRedMoth = "21e1adf8-93f7-4173-a087-b3a9c02edec5";
+ };
+ package = pkgs.minecraftServers.fabric-1_19_2;
+ jvmOpts = "-Xmx6G";
+ };
+ };
+ };
+
wireguard = {
enable = true;
server = true;
externalInterface = "eno1";
interfaces."wg0" = import ./wireguardInterface.nix;
};
- webapps = lib.mkMerge (import ./webapps);
+
+ vaultwarden = {
+ enable = true;
+ domain = "vault.aether.gay";
+ };
+
+ jillo = {
+ enable = false;
+ dataDir = "/var/lib/jillo";
+ };
+
+ # not entirely necessary but makes it so that invalid domains and/or direct ip access aborts connection
+ # prevents other domains from "stealing" content by settings their dns to our ip
+ # this has happened before by the way on the vps. i have no clue how or why
+ # update: also optimizes gzip and tls stuff
+ nginx-config = {
+ enable = true;
+ };
+
+ staticSites = {
+ "aether.gay".dataDir = "/var/www/aether.gay";
+ "dark-firepit.oat.zone".dataDir = "/var/www/dark-firepit.oat.zone";
+ "va11halla.oat.zone".dataDir = "/var/www/va11halla.oat.zone";
+ "giger.yugoslavia.fishing".dataDir = "/var/www/giger.yugoslavia.fishing";
+ "modfiles.oat.zone".dataDir = "/var/www/modfiles.oat.zone";
+ "shop.yugoslavia.best".dataDir = "/var/www/shop.yugoslavia.best";
+ "tesco-underground-dev.oat.zone".dataDir = "/var/www/tesco-underground-dev.oat.zone";
+ "tesco-underground-dev.oat.zone".auth = { tesco = "Jn2DVTM7yVZtRKKyz3b2Tjj7Ss8vpuLB"; };
+ "oat.zone".dataDir = "/var/www/oat.zone";
+ "oat.zone".php = true;
+ "yugoslavia.fishing".dataDir = "/var/www/yugoslavia.fishing";
+ "yugoslavia.fishing".php = true;
+ };
+
+ nitter = {
+ enable = true;
+ lightweight = false; # enable if shit gets wild; check config for more info
+ port = 3005;
+ domain = "nitter.oat.zone";
+ };
+
+ #watch-party = {
+ # enable = true;
+ # port = 1984;
+ #};
+
+ terraria = {
+ enable = false;
+ port = 7777; # port-forwarded
+ messageOfTheDay = "hi";
+ openFirewall = true;
+ worldPath = "/var/lib/terraria/gbj.wld";
+ autoCreatedWorldSize = "large";
+ dataDir = "/var/lib/terraria";
+ };
+
+ matomo = {
+ enable = true;
+ };
+
+ isso = {
+ enable = true;
+ port = 1995;
+ };
+
+ yugoslavia-best = {
+ enable = true;
+ domain = "yugoslavia.best";
+ };
};
};
+ services.nginx.virtualHosts."oat.zone" = {
+ locations."/f/".extraConfig = ''
+ add_header Access-Control-Allow-Origin "*";
+ '';
+ };
+
security.doas = {
extraRules = [
- { users = [ "aether" "oatmealine" "skye" ]; noPass = false; keepEnv = true; }
+ { users = [ "aether" ]; noPass = false; persist = true; keepEnv = true; }
+ { users = [ "oatmealine" ]; noPass = true; persist = false; keepEnv = true; }
];
};
time.timeZone = "Europe/Amsterdam";
+
+# If you uncomment this, I will uncomment the spores in your body
+# mmm spores ymmnu.uyyy.., :)
+ networking.useDHCP = false;
+
+ networking = {
+ # for docs, start here
+ # https://nixos.org/manual/nixos/stable/options.html#opt-networking.enableB43Firmware
+
+ enableIPv6 = true; # true by default, but better safe than sorry
+
+ interfaces.eno1.ipv4.addresses = [
+ { address = "51.89.98.8";
+ prefixLength = 24;
+ }
+ ];
+
+ defaultGateway = "51.89.98.254";
+ nameservers = [ "8.8.8.8" "1.1.1.1" ];
+
+ interfaces.eno1.ipv6.addresses = [
+ { address = "2001:41d0:0700:3308::";
+ prefixLength = 64;
+ }
+ ];
+
+ defaultGateway6 = {
+ address = "2001:41d0:0700:33ff:00ff:00ff:00ff:00ff";
+# address = "33ff::1";
+# address = "2001::1";
+ interface = "eno1";
+ };
+
+/*
+ dhcpcd.persistent = true;
+ dhcpcd.extraConfig = ''
+ clientid d0:50:99:d4:04:68:d0:50:99:d4:04:68
+ noipv6rs
+ interface eno1
+ ia_pd 1/2001:41d0:700:3308::/56 eno1
+ static ip6_address=2001:41d0:700:3308::1/56
+ '';
+*/
+
+ firewall.allowPing = true;
+ # minecraft proximity voice chat
+ firewall.allowedTCPPorts = [ 24454 ];
+ firewall.allowedUDPPorts = [ 24454 ];
+ };
+
+# environment.etc."dhcpcd.duid".text = "d0:50:99:d4:04:68:d0:50:99:d4:04:68";
}
diff --git a/hosts/dark-firepit/hardware-configuration.nix b/hosts/dark-firepit/hardware-configuration.nix
index 8b869b3..d0e1cfa 100644
--- a/hosts/dark-firepit/hardware-configuration.nix
+++ b/hosts/dark-firepit/hardware-configuration.nix
@@ -19,6 +19,9 @@
};
};
+ nix.settings.cores = 3;
+ nix.settings.max-jobs = 6;
+
modules.hardware.fs = {
enable = true;
ssd.enable = true;
diff --git a/hosts/dark-firepit/secrets/secrets.nix b/hosts/dark-firepit/secrets/secrets.nix
index 0967ef4..2ab9ede 100644
--- a/hosts/dark-firepit/secrets/secrets.nix
+++ b/hosts/dark-firepit/secrets/secrets.nix
@@ -1 +1,6 @@
-{}
+let
+ keys = import ../authorizedKeys.nix;
+
+ "subsurface.aether" = keys."aether@subsurface".ssh;
+in
+ {}
diff --git a/hosts/dark-firepit/webapps/default.nix b/hosts/dark-firepit/webapps/default.nix
index 0d4f101..d56f648 100644
--- a/hosts/dark-firepit/webapps/default.nix
+++ b/hosts/dark-firepit/webapps/default.nix
@@ -1,2 +1,3 @@
-[
-]
+{
+# "git.oat.zone" = import ./git-oat-zone;
+}
diff --git a/hosts/dark-firepit/webapps/git-oat-zone.nix b/hosts/dark-firepit/webapps/git-oat-zone.nix
new file mode 100644
index 0000000..44fac1a
--- /dev/null
+++ b/hosts/dark-firepit/webapps/git-oat-zone.nix
@@ -0,0 +1,6 @@
+{
+ locations."/" = {
+ proxy_cache = "simple_cache";
+ proxy_pass = "http://localhost:3000";
+ };
+}
diff --git a/hosts/dark-firepit/webapps/gitea.nix b/hosts/dark-firepit/webapps/gitea.nix
new file mode 100644
index 0000000..2c63c08
--- /dev/null
+++ b/hosts/dark-firepit/webapps/gitea.nix
@@ -0,0 +1,2 @@
+{
+}
diff --git a/hosts/dark-firepit/wireguardInterface.nix b/hosts/dark-firepit/wireguardInterface.nix
index f4768c2..b072b91 100644
--- a/hosts/dark-firepit/wireguardInterface.nix
+++ b/hosts/dark-firepit/wireguardInterface.nix
@@ -6,7 +6,7 @@ let
in {
ips = [ "10.100.0.1/24" ];
- privateKeyFile = readFile "/etc/wg0.keys/wg0";
+ privateKeyFile = "/etc/wg0.keys/wg0";
listenPort = 51820;
@@ -15,3 +15,4 @@ in {
allowedIPs = [ "10.100.0.${toString (n+2)}/32" ];
}) (length (attrValues peerKeys));
}
+
diff --git a/lib/README.md b/lib/README.md
deleted file mode 100644
index 3dbbc65..0000000
--- a/lib/README.md
+++ /dev/null
@@ -1,20 +0,0 @@
-# Lib
-
-The `default.nix` defines a lib extended with a `_` attribute under which mine
-custom lib functions live. The `default.nix` loads every `.nix` file in the
-`libs` (current) directory and imports it.
-
-The importing is quite simple:
-1. First the `libsInFolder` reads the contents of the `libs` directory, filters
- out non `.nix` files and the `default.nix` file and then returns a list of
- paths to the individual `.nix` files it found.
-2. This list gets passed to `importLibs` which imports the libraries and
- merges the individual imported attribute sets together, so that all the
- functions are available directly under one attribute set.
-3. This attribute then gets bind to the `_` attribute in the `lib` extension.
-
-Individual `.nix` files can use the functions defined in other local library
-files normally using the `nix._.someFunctionName`.
-
-## Overview
-TODO
diff --git a/lib/colors.nix b/lib/colors.nix
deleted file mode 100644
index 7b928dc..0000000
--- a/lib/colors.nix
+++ /dev/null
@@ -1,129 +0,0 @@
-{ lib, ... }:
-
-let
- inherit (builtins) elemAt listToAttrs substring;
- inherit (lib) concatStringsSep fixedWidthString nameValuePair
- stringToCharacters sublist toInt toUpper zipListsWith;
- inherit (lib._) joinWithSep;
-in rec {
- /* Converts a hex color string to RGB triplet, an array of exactly 3 elements
-
- Type:
- toRGB :: String -> [Int]
-
- Example:
- toRGB "ffFFff"
- => [ 255 255 255 ]
- */
- toRGB = hex: let
- chars = stringToCharacters hex;
- r = sublist 0 2 chars;
- g = sublist 2 2 chars;
- b = sublist 4 2 chars;
- /* Converts a pair of characters (array of two strings, each of one char
- long) in hexadecimal to a number. Expects a valid hexadecimal string.
-
- Type:
- hexPairToNum :: [String] -> Int
-
- Example:
- hexPairToNum [ "F" "1" ]
- => 241
- */
- hexPairToNum = pair: let
- c1 = elemAt pair 0; c2 = elemAt pair 1;
- hexMapping = {
- "A" = 10;
- "B" = 11;
- "C" = 12;
- "D" = 13;
- "E" = 14;
- "F" = 15;
- };
- toNum = c: if hexMapping ? ${toUpper c} then hexMapping.${toUpper c} else toInt c;
- in 16 * (toNum c1) + (toNum c2);
- in [
- (hexPairToNum r)
- (hexPairToNum g)
- (hexPairToNum b)
- ];
-
- /* Both ‹hexColor› and ‹rgbColor› accept a color in 6 char long hexadecimal
- representation. Their variants ‹hexColor'› and ‹rgbaColor› accept an
- additional parameter ‹opacity› specified as an int in range from 0 to 100.
- */
-
- /* Type:
- hexColor :: String -> String
-
- Example:
- hexColor "FECACA"
- => "#FECACA"
- */
- hexColor = color: "#" + color;
-
- /* Type:
- hexColor' :: String -> Int -> String
-
- Example:
- hexColor' "FECACA" 54
- => "#FECACA54"
- */
- hexColor' = color: opacity: "#" + color + toString opacity;
-
- _rgbColor = color: extra: "(" + (joinWithSep ((toRGB color) ++ extra) ", ") + ")";
-
- /* Type:
- rgbColor :: String -> String
-
- Example:
- rgbColor "FFFFFF"
- => "rgb(255, 255, 255)"
- */
- rgbColor = color: "rgb" + _rgbColor color [];
-
- /* Type:
- rgbaColor :: String -> Int -> String
-
- Example:
- rgbaColor "FFFFFF" 42
- => "rgba(255, 255, 255, 0.42)"
- */
- rgbaColor = color: _opacity: let
- opacityStr = fixedWidthString 3 "0" (toString _opacity);
- opacity = substring 0 1 opacityStr + "." + substring 1 2 opacityStr;
- in "rgba" + _rgbColor color [opacity];
-
- /* ‹colors› defines a color palette according to the Tailwind colors:
- https://tailwindcss.com/docs/customizing-colors#color-palette-reference
-
- Each individual color has 10 variants, for example to access the variant
- ‹700› of color ‹red› following notation is used: ‹colors.red._700›
-
- The ‹_› in front of the variant is there because numbers cannot be
- used as keys.
- */
- colors = let
- scaleDef = [ 50 100 200 300 400 500 600 700 800 900 ];
- scale = s: listToAttrs (zipListsWith (variant: color: nameValuePair "_${toString variant}" color) scaleDef s);
- in rec {
- # Default palette
- coolGray = scale [ "F9FAFB" "F3F4F6" "E5E7EB" "D1D5DB" "9CA3AF" "6B7280" "4B5563" "374151" "1F2937" "111827" ];
- red = scale [ "FEF2F2" "FEE2E2" "FECACA" "FCA5A5" "F87171" "EF4444" "DC2626" "B91C1C" "991B1B" "7F1D1D" ];
- amber = scale [ "FFFBEB" "FEF3C7" "FDE68A" "FCD34D" "FBBF24" "F59E0B" "D97706" "B45309" "92400E" "78350F" ];
- emerald = scale [ "ECFDF5" "D1FAE5" "A7F3D0" "6EE7B7" "34D399" "10B981" "059669" "047857" "065F46" "064E3B" ];
- blue = scale [ "EFF6FF" "DBEAFE" "BFDBFE" "93C5FD" "60A5FA" "3B82F6" "2563EB" "1D4ED8" "1E40AF" "1E3A8A" ];
- indigo = scale [ "EEF2FF" "E0E7FF" "C7D2FE" "A5B4FC" "818CF8" "6366F1" "4F46E5" "4338CA" "3730A3" "312E81" ];
- violet = scale [ "F5F3FF" "EDE9FE" "DDD6FE" "C4B5FD" "A78BFA" "8B5CF6" "7C3AED" "6D28D9" "5B21B6" "4C1D95" ];
- pink = scale [ "FDF2F8" "FCE7F3" "FBCFE8" "F9A8D4" "F472B6" "EC4899" "DB2777" "BE185D" "9D174D" "831843" ];
-
- # Extra
- blueGray = scale [ "F8FAFC" "F1F5F9" "E2E8F0" "CBD5E1" "94A3B8" "64748B" "475569" "334155" "1E293B" "0F172A" ];
-
- # Aliases
- gray = coolGray;
- yellow = amber;
- green = emerald;
- purple = violet;
- };
-}
diff --git a/lib/default.nix b/lib/default.nix
index 7820542..f978e9c 100644
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -1,25 +1,12 @@
-# _ _ _
-# | (_) |__
-# | | | '_ \
-# | | | |_) |
-# |_|_|_.__/
-#
-
{ inputs, lib, pkgs, ... }:
-lib.extend (lib: super:
+lib.extend (self: super:
let
- inherit (builtins) attrNames map readDir;
- inherit (lib) filterAttrs foldr hasSuffix;
+ inherit (lib) attrValues foldr;
+ inherit (modules) mapModules;
- importLib = file: import file { inherit inputs lib pkgs; };
- merge = foldr (a: b: a // b) {};
- importLibs = libs: merge (map importLib libs);
-
- isLib = name: type: type == "regular" && name != "default.nix" && hasSuffix ".nix" name;
- libPath = name: "${toString ./.}/${name}";
- libsInFolder = map libPath (attrNames (filterAttrs isLib (readDir ./.)));
+ modules = import ./modules.nix { inherit lib; };
in {
- _ = importLibs libsInFolder;
+ _ = foldr (a: b: a // b) {} (attrValues (mapModules ./. (file: import file { inherit pkgs inputs; lib = self; })));
}
)
diff --git a/lib/modules.nix b/lib/modules.nix
index cd45615..287c1f6 100644
--- a/lib/modules.nix
+++ b/lib/modules.nix
@@ -1,29 +1,27 @@
{ lib, ... }:
let
- inherit (builtins) attrValues pathExists readDir;
- inherit (lib) filterAttrs hasSuffix mapAttrs' mkDefault mkOption
- nameValuePair nixosSystem removeSuffix types;
- inherit (lib._) mapFilterAttrs attrValuesRec;
+ inherit (builtins) attrValues readDir pathExists;
+ inherit (lib) id filterAttrs hasPrefix hasSuffix nameValuePair removeSuffix mapAttrs' trace fix fold isAttrs;
in rec {
mapModules' = dir: fn: dirfn:
- mapFilterAttrs
- (_: v: v != null)
- (name: type:
- let
- path = "${toString dir}/${name}";
- in
- if type == "directory" then
- nameValuePair name (dirfn path)
- else if type == "regular" && name != "default.nix" && hasSuffix ".nix" name then
-# else if type == "regular" && hasSuffix ".nix" name then
- nameValuePair (removeSuffix ".nix" name) (fn path)
- else
- nameValuePair "" null
- )
- (readDir dir);
+ filterAttrs
+ (name: type: type != null && !(hasPrefix "_" name))
+ (mapAttrs'
+ (name: type:
+ let path = "${toString dir}/${name}"; in
+ if type == "directory"
+ then nameValuePair name (dirfn path)
+ else if
+ type == "regular" &&
+ name != "default.nix" &&
+ hasSuffix ".nix" name
+ then nameValuePair (removeSuffix ".nix" name) (fn path)
+ else nameValuePair "" null
+ )
+ (readDir dir));
- mapModules = dir: fn: mapModules' dir fn (path: if pathExists "${path}/default.nix" then (fn path) else null);
+ mapModules = dir: fn: mapModules' dir fn (path: if pathExists "${path}/default.nix" then fn path else null);
mapModulesRec = dir: fn: mapModules' dir fn (path: mapModulesRec path fn);
- mapModulesRec' = dir: fn: attrValuesRec (mapModulesRec dir fn);
+ mapModulesRec' = dir: fn: fix (f: attrs: fold (x: xs: (if isAttrs x then f x else [x]) ++ xs) [] (attrValues attrs)) (mapModulesRec dir fn);
}
diff --git a/lib/nixos.nix b/lib/nixos.nix
index 31f1e1b..464bf91 100644
--- a/lib/nixos.nix
+++ b/lib/nixos.nix
@@ -1,18 +1,20 @@
{ inputs, lib, pkgs, ... }:
-let
- inherit (lib) mkDefault nixosSystem;
-in {
- mkHost = system: path:
+with lib;
+{
+ mkHost = path: attrs@{ system, ... }:
nixosSystem {
inherit system;
specialArgs = { inherit lib inputs system; };
modules = [
{
nixpkgs.pkgs = pkgs;
- networking.hostName = mkDefault (baseNameOf path);
+ networking.hostName = mkDefault (removeSuffix ".nix" (baseNameOf path));
}
+ (filterAttrs (n: v: !elem n [ "system" ]) attrs)
+
../.
+
(import path)
];
};
diff --git a/lib/pkgs.nix b/lib/pkgs.nix
deleted file mode 100644
index f53ba52..0000000
--- a/lib/pkgs.nix
+++ /dev/null
@@ -1,20 +0,0 @@
-{ pkgs, ... }:
-
-let
- inherit (pkgs.stdenv) mkDerivation;
-in rec {
- _buildBinScript = buildInputs: name: mkDerivation {
- inherit name buildInputs;
-
- src = builtins.path { path = ../bin; name = "dotfiles"; };
-
- buildCommand = ''
- install -Dm755 $src/${name} $out/bin/${name}
- patchShebangs $out/bin/${name}
- '';
- };
-
- buildBinScript = _buildBinScript [];
-
- buildBabashkaBinScript = _buildBinScript [ pkgs.babashka ];
-}
diff --git a/lib/utils.nix b/lib/utils.nix
deleted file mode 100644
index 1d2f2a2..0000000
--- a/lib/utils.nix
+++ /dev/null
@@ -1,88 +0,0 @@
-{ lib, ... }:
-
-let
- inherit (builtins) attrValues readFile;
- inherit (lib) concatStringsSep filterAttrs fold isAttrs mapAttrs' mkOption types;
-in rec {
- /* Map over ‹attrs› with ‹f› and then filter them using ‹pred›
-
- Type:
- mapFilterAttrs ::
- (String -> a -> Bool) -> (String -> b -> AttrSet) -> AttrSet' -> AttrSet
- where AttrSet' has a value of type ‹b› and AttrSet of type ‹a›
-
- Example:
- mapFilterAttrs (n: v: n == "foo" || v == "bar") (n: v: nameValuePair n v)
- { foo = "baz"; a = "bar"; b = "foo" };
- => { foo = "baz"; a = "bar"; }
- */
- mapFilterAttrs = pred: f: attrs: filterAttrs pred (mapAttrs' f attrs);
-
- /* Recursively generates a list of values of ‹attr› even for nested attrs
-
- Type:
- attrValuesRec :: AttrSet -> [x]
-
- Example:
- attrValuesRec { foo = { bar = "baz"; }; a = "b"; }
- => ["baz" "b"]
- */
- attrValuesRec = attr: fold (x: xs: (if isAttrs x then attrValuesRec x else [x]) ++ xs) [] (attrValues attr);
-
- /* Filter the ‹self› key from the given ‹attr›
-
- Type:
- filterSelf :: AttrSet -> AttrSet
-
- Example:
- filterSelf { foo = "bar"; self = "baz"; }
- => { foo = "bar"; }
- */
- filterSelf = attr: filterAttrs (n: _: n != "self") attr;
-
- /* Maps the items of ‹list› to strings and concatenates them with ‹sep› in
- between the individual items
-
- Type:
- joinWithSep :: [a] -> String -> String
- ‹a› should be a type that is convertable to string using ‹toString›
-
- Example:
- joinWithSep [ 42 "foo" 0 ] "-"
- => "42-foo-0"
- */
- joinWithSep = list: sep: concatStringsSep sep (map toString list);
-
- /* Reads the given ‹path› and appends the ‹extras› to it
-
- Type:
- configWithExtras :: Path -> String -> String
-
- Example:
- configWithExtras example.txt "Appended text"
- => "Some text from example\nAppended text"
- Given that ‹example.txt› contains "Some text from example"
- */
- configWithExtras = path: extras: "${readFile path}\n${extras}";
-
- enable = { enable = true; };
-
- /* A simplifiation for creating options
-
- Example:
- mkOpt types.str "foobar" "A very important option"
- => mkOption {
- type = types.str;
- default = "foobar";
- description = "A very important option";
- }
- */
- mkOpt = type: default: description:
- mkOption { inherit type default description; };
-
- /* Creates option without description */
- mkOpt' = type: default: mkOpt type default null;
-
- /* Alias for ‹mkOpt' types.bool› */
- mkBoolOpt = default: mkOpt' types.bool default;
-}
diff --git a/modules/desktop/apps/alacritty.nix b/modules/desktop/apps/alacritty.nix
deleted file mode 100644
index d5b7352..0000000
--- a/modules/desktop/apps/alacritty.nix
+++ /dev/null
@@ -1,47 +0,0 @@
-{ config, options, pkgs, lib, ... }:
-
-with lib;
-let
- cfg = config.modules.desktop.apps.alacritty;
-in {
- options.modules.desktop.apps.alacritty = {
- enable = mkOption {
- type = types.bool;
- default = false;
- };
- executable = mkOption {
- type = types.str;
- default = "${pkgs.alacritty}/bin/alacritty";
- };
- };
-
- config = mkIf cfg.enable {
-/*
- user.packages = with pkgs; [
- alacritty
- ];
-*/
- home._.programs.alacritty = {
- enable = true;
-/*
- settings = {
- background_opacity = theme.backgroundOpacity;
- font = {
- size = 12;
- normal.family = theme.font.mono;
- bold.family = theme.font.mono;
- italic.family = theme.font.mono;
- };
- colors = {
- primary = {
- background = theme.colors.background;
- foreground = theme.colors.foreground;
- };
- normal = theme.colors.backgroundScheme;
- bright = theme.colors.foregroundScheme;
- };
- };
-*/
- };
- };
-}
diff --git a/modules/desktop/apps/firefox.nix b/modules/desktop/apps/firefox.nix
deleted file mode 100644
index 41045f8..0000000
--- a/modules/desktop/apps/firefox.nix
+++ /dev/null
@@ -1,22 +0,0 @@
-{ config, lib, pkgs, options, ... }:
-
-with lib;
-let
- cfg = config.modules.desktop.apps.firefox;
- wayland = config.modules.desktop.sway.enable;
-in {
- options.modules.desktop.apps.firefox = {
- enable = mkOption {
- type = types.bool;
- default = false;
- };
- };
-
- config = mkIf cfg.enable {
- user.packages = if wayland then (with pkgs; [
- firefox-wayland
- ]) else (with pkgs; [
- firefox
- ]);
- };
-}
diff --git a/modules/desktop/apps/menus/nwggrid.nix b/modules/desktop/apps/menus/nwggrid.nix
deleted file mode 100644
index 74f86ad..0000000
--- a/modules/desktop/apps/menus/nwggrid.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{ config, pkgs, inputs, lib, ... }:
-
-with lib;
-let
- cfg = config.modules.desktop.apps.menus.nwggrid;
-in {
- options.modules.desktop.apps.menus.nwggrid = {
- enable = mkOption {
- type = types.bool;
- default = false;
- };
- executable = mkOption {
- type = types.str;
- default = "${pkgs.nwg-launchers}/bin/nwggrid";
- };
- };
-
- config = mkIf cfg.enable {
- modules.desktop.apps.nwg-launchers.enable = true;
- };
-}
diff --git a/modules/desktop/apps/menus/wofi.nix b/modules/desktop/apps/menus/wofi.nix
deleted file mode 100644
index fb2ddb0..0000000
--- a/modules/desktop/apps/menus/wofi.nix
+++ /dev/null
@@ -1,24 +0,0 @@
-{ config, lib, pkgs, options, ... }:
-
-with lib;
-let
- cfg = config.modules.desktop.apps.wofi;
-in {
- options.modules.desktop.apps.wofi = {
- enable = mkOption {
- type = types.bool;
- default = false;
- description = "";
- };
- executable = mkOption {
- type = types.str;
- default = "${pkgs.wofi}/bin/wofi";
- };
- };
-
- config = mkIf cfg.enable {
- user.packages = with pkgs; [
- wofi
- ];
- };
-}
diff --git a/modules/desktop/apps/mpc.nix b/modules/desktop/apps/mpc.nix
deleted file mode 100644
index 3f72c6d..0000000
--- a/modules/desktop/apps/mpc.nix
+++ /dev/null
@@ -1,22 +0,0 @@
-{ pkgs, config, lib, options, ... }:
-
-with lib;
-let
- cfg = config.modules.desktop.apps.mpc;
-in {
- options.modules.desktop.apps.mpc = {
- enable = mkOption {
- type = types.bool;
- default = false;
- };
- };
-
- config = mkIf cfg.enable {
- modules.services.mpd.enable = true;
-
- user.packages = with pkgs; [
- mpc_cli
- ];
-
- };
-}
diff --git a/modules/desktop/apps/nwg-launchers.nix b/modules/desktop/apps/nwg-launchers.nix
deleted file mode 100644
index 7050bd4..0000000
--- a/modules/desktop/apps/nwg-launchers.nix
+++ /dev/null
@@ -1,17 +0,0 @@
-{ pkgs, lib, options, config, ... }:
-
-with lib;
-let
- cfg = config.modules.desktop.apps.nwg-launchers;
-in {
- options.modules.desktop.apps.nwg-launchers = {
- enable = mkOption {
- type = types.bool;
- default = false;
- };
- };
-
- config = mkIf cfg.enable {
- user.packages = with pkgs; [ nwg-launchers ];
- };
-}
diff --git a/modules/desktop/apps/obs.nix b/modules/desktop/apps/obs.nix
deleted file mode 100644
index 1c059eb..0000000
--- a/modules/desktop/apps/obs.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-{ config, options, pkgs, lib, ... }:
-
-with lib;
-let
- cfg = config.modules.desktop.apps.obs;
-in {
- options.modules.desktop.apps.obs = {
- enable = mkOption {
- type = types.bool;
- default = false;
- };
- };
-
- config = mkIf cfg.enable {
- user.packages = with pkgs; [
- obs-studio
- ];
- };
-}
diff --git a/modules/desktop/desktop.nix b/modules/desktop/desktop.nix
deleted file mode 100644
index 65482cc..0000000
--- a/modules/desktop/desktop.nix
+++ /dev/null
@@ -1,18 +0,0 @@
-{ config, options, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.modules.desktop;
-in {
- options.modules.desktop = {
- theme = mkOption {
- type = types.str;
- default = "still";
- description = "Sets a particular styling and wallpaper configuration.";
- };
- };
-
- config = {
- services.dbus.enable = true;
- };
-}
diff --git a/modules/desktop/gaming/minecraft.nix b/modules/desktop/gaming/minecraft.nix
deleted file mode 100644
index 96760f6..0000000
--- a/modules/desktop/gaming/minecraft.nix
+++ /dev/null
@@ -1,18 +0,0 @@
-{ config, lib, options, pkgs, ... }:
-
-with lib;
-let
- cfg = config.modules.desktop.gaming.minecraft;
-in {
- options.modules.desktop.gaming.minecraft = {
- enable = mkOption {
- type = types.bool;
- default = false;
- description = "Enables Minecraft through the PolyMC launcher";
- };
- };
-
- config = mkIf cfg.enable {
- environment.systemPackages = with pkgs; [ polymc ];
- };
-}
diff --git a/modules/desktop/gaming/srb2k.nix b/modules/desktop/gaming/srb2k.nix
deleted file mode 100644
index afef16b..0000000
--- a/modules/desktop/gaming/srb2k.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-{ lib, pkgs, options, config, ... }:
-
-with lib;
-let
- cfg = config.modules.desktop.gaming.srb2k;
-in {
-}
diff --git a/modules/desktop/river.nix b/modules/desktop/river.nix
deleted file mode 100644
index 2d8ff52..0000000
--- a/modules/desktop/river.nix
+++ /dev/null
@@ -1,28 +0,0 @@
-{ options, config, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.modules.desktop.river;
- audioSupport = config.modules.hardware.audio.enable;
-in {
- options.modules.desktop.river = {
- enable = mkOption {
- type = tyoes.bool;
- default = false;
- description = "Enables the river wayland compositor.";
- };
- menu = mkOption {
- type = types.str;
- default = "nwggrid";
- description = "Which application launch menu to use. Defaults to nwggrid.";
- };
- term = mkOption {
- type = types.str;
- default = "alacritty";
- description = "Which terminal river should use. Defaults to alacritty.";
- };
- };
-
- config = mkIf cfg.enable {
- };
-}
diff --git a/modules/desktop/services/swayidle.nix b/modules/desktop/services/swayidle.nix
deleted file mode 100644
index 9a2d5c2..0000000
--- a/modules/desktop/services/swayidle.nix
+++ /dev/null
@@ -1,22 +0,0 @@
-{ config, lib, pkgs, options, ... }:
-
-with lib;
-let
- cfg = config.modules.desktop.services.swayidle;
-
-in {
- options.modules.desktop.services.swayidle = {
- enable = mkOption {
- type = types.bool;
- default = false;
- };
- };
-
- config = mkIf cfg.enable {
-/*
- user.packages = with pkgs; [
- swayidle
- ];
-*/
- };
-}
diff --git a/modules/desktop/services/swaylock.nix b/modules/desktop/services/swaylock.nix
deleted file mode 100644
index 7cba2fd..0000000
--- a/modules/desktop/services/swaylock.nix
+++ /dev/null
@@ -1,20 +0,0 @@
-{ config, lib, pkgs, options, ... }:
-
-with lib;
-let
- cfg = config.modules.desktop.services.swaylock;
-
-in {
- options.modules.desktop.services.swaylock = {
- enable = mkOption {
- type = types.bool;
- default = false;
- };
- };
-
- config = mkIf cfg.enable {
- user.packages = with pkgs; [
- swaylock
- ];
- };
-}
diff --git a/modules/desktop/services/waybar.nix b/modules/desktop/services/waybar.nix
deleted file mode 100644
index f994482..0000000
--- a/modules/desktop/services/waybar.nix
+++ /dev/null
@@ -1,26 +0,0 @@
-{ config, lib, pkgs, options, ... }:
-
-with lib;
-let
- cfg = config.modules.desktop.services.waybar;
-in {
- options.modules.desktop.services.waybar = {
- enable = mkOption {
- type = types.bool;
- default = false;
- };
- };
-
- config = mkIf cfg.enable {
- home._.programs.waybar = with pkgs; {
- enable = true;
- settings = [{
- height = 10;
- modules-left = [ "sway/workspaces" "sway/window" ];
- modules-center = [ "clock" ];
- modules-right = [ "tray" "cpu" "memory" "battery#bat0" ];
- }];
- style = builtins.readFile "${config.home.configFile.waybar.source}/style.css";
- };
- };
-}
diff --git a/modules/desktop/sway.nix b/modules/desktop/sway.nix
deleted file mode 100644
index 9ec1a4c..0000000
--- a/modules/desktop/sway.nix
+++ /dev/null
@@ -1,148 +0,0 @@
-{ options, config, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.modules.desktop.sway;
- audioSupport = config.modules.hardware.audio.enable;
-in {
- options.modules.desktop.sway = {
- enable = mkOption {
- type = types.bool;
- default = false;
- description = "Enables the sway window manager for Wayland.";
- };
- menu = mkOption {
- type = types.str;
- default = "nwggrid";
- description = "";
- };
- term = mkOption {
- type = types.str;
- default = "alacritty";
- description = "Which terminal sway should default to.";
- };
- };
-
- config = mkIf cfg.enable {
- modules.hardware.graphics.enable = true;
-
- programs.sway = {
- enable = true;
- extraPackages = with pkgs; [ xwayland ];
- };
-
- user.packages = with pkgs; [
- grim
- slurp
- wl-clipboard
- swaybg
- autotiling
- brightnessctl
- wdisplays
- gammastep
- ] ++ (if audioSupport then (with pkgs; [
- playerctl
- ]) else [ ]);
-
- xdg.portal = {
- enable = true;
- extraPortals = with pkgs; [
- xdg-desktop-portal-wlr
- xdg-desktop-portal-gtk
- ];
- gtkUsePortal = true;
- };
-
- services.xserver = {
- enable = true;
- autorun = true;
-
- displayManager = {
- sddm.enable = true;
- defaultSession = "sway";
- };
-
- wacom.enable = true;
- };
-
- modules.desktop.apps."${cfg.term}".enable = true;
- modules.desktop.apps.menus.${cfg.menu}.enable = true;
-
-# modules.desktop.services.swaylock.enable = true;
- modules.desktop.services.swayidle.enable = true;
-# modules.desktop.services.mako.enable = true;
- modules.desktop.services.waybar.enable = true;
-
- home._.wayland.windowManager.sway = {
- enable = true;
- wrapperFeatures.gtk = true;
-
- config = {
- bars = [{ command = "waybar"; }];
- modifier = "Mod4";
- input."type:keyboard" = let kbcfg = config.keyboard; in {
- xkb_layout = toLower (substring 3 2 kbcfg.locale);
- xkb_variant = "," + kbcfg.variant;
- };
- input."type:touchpad" = {
- tap = "enabled";
- natural_scroll = "enabled";
- scroll_method = "two_finger";
- };
- startup = [
-# { command = "lock"; }
- { command = "autotiling"; }
-# { command = "mako"; }
- ];
- terminal = config.modules.desktop.apps.${cfg.term}.executable;
- menu = config.modules.desktop.apps.menus.${cfg.menu}.executable;
- output."eDP-1" = {
- bg = "${config.modules.theme.wallpaper} fill";
- scale = "1.5";
- };
- output."DP-4".bg = "${config.modules.theme.wallpaper} fill";
- keybindings = let mod = config.home._.wayland.windowManager.sway.config.modifier; scProc = "wl-copy -t image/png && notify-send \"Screenshot Taken\""; in {
-# "${mod}+l" = "exec lock";
- "${mod}+q" = "reload";
- "${mod}+Shift+c" = "kill";
- "${mod}+p" = "exec ${config.home._.wayland.windowManager.sway.config.menu}";
- "${mod}+Shift+Return" = "exec ${config.home._.wayland.windowManager.sway.config.terminal}";
- "${mod}+Shift+e" = "exit";
-
- "${mod}+1" = "workspace 1";
- "${mod}+2" = "workspace 2";
- "${mod}+3" = "workspace 3";
- "${mod}+4" = "workspace 4";
- "${mod}+5" = "workspace 5";
- "${mod}+6" = "workspace 6";
- "${mod}+7" = "workspace 7";
- "${mod}+8" = "workspace 8";
- "${mod}+9" = "workspace 9";
- "${mod}+0" = "workspace 10";
-
- "${mod}+Shift+1" = "move container to workspace 1";
- "${mod}+Shift+2" = "move container to workspace 2";
- "${mod}+Shift+3" = "move container to workspace 3";
- "${mod}+Shift+4" = "move container to workspace 4";
- "${mod}+Shift+5" = "move container to workspace 5";
- "${mod}+Shift+6" = "move container to workspace 6";
- "${mod}+Shift+7" = "move container to workspace 7";
- "${mod}+Shift+8" = "move container to workspace 8";
- "${mod}+Shift+9" = "move container to workspace 9";
- "${mod}+Shift+0" = "move container to workspace 10";
-
- "Print" = "exec grim -g \"$(slurp -d)\" - | ${scProc}";
- "XF86AudioPlay" = "playerctl play-pause";
- "Shift+XF86AudioPlay" = "playerctl loop";
- };
- };
- extraSessionCommands = ''
- export XDG_SESSION_TYPE=wayland
- export QT_QPA_PLATFORM=wayland
- export XDG_SESSION_DESKTOP=sway
- export XDG_CURRENT_DESKTOP=sway
- '';
- extraConfig = builtins.readFile "${config.home.configFile.sway.source}/config";
- };
- };
-}
diff --git a/modules/dev/php.nix b/modules/dev/php.nix
new file mode 100644
index 0000000..f633f60
--- /dev/null
+++ b/modules/dev/php.nix
@@ -0,0 +1,17 @@
+{ pkgs, lib, config, options, ... }:
+
+with lib;
+let
+ cfg = config.modules.dev.php;
+in {
+ options.modules.dev.php = {
+ enable = mkOption {
+ type = types.bool;
+ default = false;
+ };
+ };
+
+ config = mkIf cfg.enable {
+ environment.systemPackages = [ pkgs.php ];
+ };
+}
diff --git a/modules/desktop/editors/codium.nix b/modules/editors/codium.nix
similarity index 89%
rename from modules/desktop/editors/codium.nix
rename to modules/editors/codium.nix
index 5cc7c54..f95511b 100644
--- a/modules/desktop/editors/codium.nix
+++ b/modules/editors/codium.nix
@@ -2,9 +2,9 @@
with lib;
let
- cfg = config.modules.desktop.editors.codium;
+ cfg = config.modules.editors.codium;
in {
- options.modules.desktop.editors.codium = {
+ options.modules.editors.codium = {
enable = mkOption {
type = types.bool;
default = false;
diff --git a/modules/desktop/editors/neovim.nix b/modules/editors/neovim.nix
similarity index 93%
rename from modules/desktop/editors/neovim.nix
rename to modules/editors/neovim.nix
index b996f4a..84074cb 100644
--- a/modules/desktop/editors/neovim.nix
+++ b/modules/editors/neovim.nix
@@ -3,9 +3,9 @@
with lib;
let
configDir = config.configDir;
- cfg = config.modules.desktop.editors.neovim;
+ cfg = config.modules.editors.neovim;
in {
- options.modules.desktop.editors.neovim = {
+ options.modules.editors.neovim = {
enable = mkOption {
type = types.bool;
default = false;
diff --git a/modules/remote.nix b/modules/remote.nix
new file mode 100644
index 0000000..e5b0510
--- /dev/null
+++ b/modules/remote.nix
@@ -0,0 +1,48 @@
+{ config, lib, pkgs, options, ... }:
+
+with lib;
+let
+ cfg = config.modules.remote;
+in {
+ options.modules.remote = {
+ enable = mkOption {
+ type = types.bool;
+ default = false;
+ };
+ keys = mkOption {
+ type = types.nullOr (types.listOf types.str);
+ default = [];
+ };
+ packages = mkOption {
+ type = types.nullOr (types.listOf types.package);
+ default = [];
+ };
+ shell = mkOption {
+ type = types.nullOr types.package;
+ default = pkgs.bash;
+ };
+ };
+
+ config = mkIf cfg.enable {
+ users.users.remote = {
+ description = "Generic remote server access user";
+ createHome = true;
+ #isSystemUser = true;
+ isNormalUser = true;
+ group = "remote";
+ extraGroups = [ "nix-users" ];
+ initialHashedPassword = "!";
+ openssh.authorizedKeys.keys = cfg.keys;
+ packages = cfg.packages;
+ shell = cfg.shell;
+ };
+
+ #home-manager.users.remote.home = {
+ # sessionVariables = {
+ # NIX_REMOTE = "daemon";
+ # };
+ #};
+
+ users.groups.remote = {};
+ };
+}
diff --git a/modules/security.nix b/modules/security.nix
index 27094f1..42f528e 100644
--- a/modules/security.nix
+++ b/modules/security.nix
@@ -82,8 +82,8 @@ in {
};
users.users.root = {
- packages = [ pkgs.nologin ];
- shell = pkgs.nologin;
+ packages = [ pkgs.shadow ];
+ shell = pkgs.shadow;
hashedPassword = "!";
};
};
diff --git a/modules/services/conduit.nix b/modules/services/conduit.nix
new file mode 100644
index 0000000..1dd8abd
--- /dev/null
+++ b/modules/services/conduit.nix
@@ -0,0 +1,130 @@
+{ pkgs, config, options, lib, ... }:
+
+with lib;
+let
+ cfg = config.modules.services.matrix.conduit;
+in {
+ options.modules.services.matrix.conduit = {
+ enable = mkOption {
+ type = types.bool;
+ default = false;
+ };
+
+ package = mkOption {
+ type = types.package;
+ default = pkgs._.matrix-conduit;
+ };
+
+ domain = mkOption {
+ type = types.str;
+ default = "localhost";
+ };
+
+ user = mkOption {
+ type = types.str;
+ default = "conduit";
+ description = "User account under which Conduit runs.";
+ };
+
+ dataDir = mkOption {
+ type = types.str;
+ default = "/var/lib/conduit";
+ };
+
+ httpAddress = mkOption {
+ type = types.str;
+ default = "127.0.0.1";
+ };
+
+ httpPort = mkOption {
+ type = types.port;
+ default = 6167;
+ };
+
+ disableRegistration = mkOption {
+ type = types.bool;
+ default = true;
+ };
+
+ disableFederation = mkOption {
+ type = types.bool;
+ default = false;
+ };
+
+ settings = mkOption {
+ type = types.submodule {
+ freeFormType = format.type;
+
+ options = {
+ server_name = mkOption {
+ type = types.str;
+ example = "matrix.aether.gay";
+ default = config.networking.hostName;
+ description = "The domain used to be used by the conduit instance for nginx.";
+ };
+
+ database_path = mkOption {
+ type = types.str;
+ default = "/var/lib/conduit";
+ };
+
+ database_backend = mkOption {
+ type = types.str;
+ default = "postgresql";
+ example = "rocksdb";
+ };
+
+ port = mkOption {
+ type = types.int;
+ default = 6167;
+ };
+
+ max_request_size = mkOption {
+ type = types.int;
+ default = 52428800; # 50MiB
+ };
+
+ allow_registration = mkOption {
+ type = types.bool;
+ default = false;
+ };
+
+ allow_federation = mkOption {
+ type = types.bool;
+ default = true;
+ };
+
+ max_concurrent_requests = mkOption {
+ type = types.int;
+ default = 64;
+ };
+
+ trusted_servers = mkOption {
+ type = types.listOf types.str;
+ default = [ "matrix.org" ];
+ };
+
+ address = mkOption {
+ type = types.str;
+ default = "127.0.0.1";
+ description = "The address used to access the Conduit instance. Setting this to 127.0.0.1 ensures that it is only possible to reach the server via nginx.";
+ };
+ };
+ };
+ default = {};
+ };
+ };
+
+ config = mkIf cfg.enable {
+ environment.systemPackages = [ cfg.package ];
+
+ modules.services.matrix.conduit.settings = {
+ server_name = cfg.domain;
+ database_dir = cfg.dataDir;
+ port = cfg.httpPort;
+ enable_registration = !cfg.disableRegistration;
+ enable_federation = !cfg.disableFederation;
+ };
+
+ };
+}
diff --git a/modules/services/dark-firepit-oat-zone.nix b/modules/services/dark-firepit-oat-zone.nix
new file mode 100644
index 0000000..1b4e23b
--- /dev/null
+++ b/modules/services/dark-firepit-oat-zone.nix
@@ -0,0 +1,27 @@
+{ config, lib, pkgs, options, ... }:
+
+with lib;
+let
+ cfg = config.modules.services.dark-firepit-oat-zone;
+in {
+ options.modules.services.dark-firepit-oat-zone = {
+ enable = mkOption {
+ type = types.bool;
+ default = false;
+ };
+ domain = mkOption {
+ type = types.str;
+ default = "dark-firepit.oat.zone";
+ };
+ };
+
+ config = mkIf cfg.enable {
+ services = {
+ nginx.virtualHosts."${cfg.domain}" = {
+ forceSSL = true;
+ enableACME = true;
+ root = "/var/www/dark-firepit.oat.zone";
+ };
+ };
+ };
+}
diff --git a/modules/services/gitea.nix b/modules/services/gitea.nix
index 4656bdb..ad83b4f 100644
--- a/modules/services/gitea.nix
+++ b/modules/services/gitea.nix
@@ -9,21 +9,49 @@ in {
type = types.bool;
default = false;
};
- site = mkOption {
+ domain = mkOption {
type = types.str;
default = "git.oat.zone";
};
+ port = mkOption {
+ type = types.int;
+ default = 3000;
+ };
};
config = mkIf cfg.enable {
- modules.services.postgres.enable = true;
- services.gitea = {
- enable = true;
- domain = cfg.site;
- rootUrl = "https://${cfg.site}/";
- appName = "Gitea: Fire Pit hosted Git";
- database = {
- type = "postgres";
+ services = {
+ gitea = {
+ enable = true;
+ package = pkgs.master.gitea;
+ disableRegistration = true;
+ domain = cfg.domain;
+ httpPort = cfg.port;
+ rootUrl = "https://${cfg.domain}/";
+ stateDir = "/var/lib/${cfg.domain}";
+ cookieSecure = true;
+ appName = "Gitea: dark-firepit hosted Git";
+ database = {
+ type = "postgres";
+ name = "gitea";
+ };
+ settings = mkMerge [ (builtins.fromTOML (builtins.readFile "/etc/dotfiles/config/gitea/app.toml")) {
+ "ui.meta" = {
+ AUTHOR = "aether & oat";
+ DESCRIPTION = "dark-firepit's shared git instance";
+ };
+ }];
+ };
+
+ nginx.virtualHosts."${cfg.domain}" = {
+ forceSSL = true;
+ enableACME = true;
+ # using manual extraconfig because else nginx spits out a runtime error????
+ # thanks nginx
+ #locations."/".proxyPass = "http://127.0.0.1:${toString cfg.port};";
+ locations."/".extraConfig = ''
+ proxy_pass http://127.0.0.1:${toString cfg.port};
+ '';
};
};
};
diff --git a/modules/services/isso.nix b/modules/services/isso.nix
new file mode 100644
index 0000000..3d41a21
--- /dev/null
+++ b/modules/services/isso.nix
@@ -0,0 +1,63 @@
+{ config, lib, pkgs, options, ... }:
+
+with lib;
+let
+ cfg = config.modules.services.isso;
+in {
+ options.modules.services.isso = {
+ enable = mkOption {
+ type = types.bool;
+ default = false;
+ };
+ domain = mkOption {
+ type = types.str;
+ default = "comments.oat.zone";
+ };
+ port = mkOption {
+ type = types.port;
+ default = 1550;
+ };
+ };
+
+ config = mkIf cfg.enable {
+ services = {
+ isso = {
+ enable = true;
+ settings = {
+ general = {
+ host = "https://blog.oat.zone/";
+ latest-enabled = true;
+ };
+ server = {
+ listen = "http://localhost:${toString cfg.port}";
+ samesite = "Lax";
+ public-endpoint = "https://comments.oat.zone";
+ };
+ guard = {
+ enabled = true;
+ require-author = true;
+ ratelimit = 4;
+ };
+ admin = {
+ enabled = true;
+ password = "a8UYAH7jQQC3LjnG";
+ };
+ };
+ };
+
+ nginx.enable = true;
+ nginx.virtualHosts."${cfg.domain}" = {
+ forceSSL = true;
+ enableACME = true;
+ locations."/" = {
+ proxyPass = "http://localhost:${toString cfg.port}";
+ extraConfig = ''
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header Host $host;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ '';
+ };
+ };
+ };
+ };
+}
diff --git a/modules/services/jillo.nix b/modules/services/jillo.nix
new file mode 100644
index 0000000..c36731a
--- /dev/null
+++ b/modules/services/jillo.nix
@@ -0,0 +1,50 @@
+{ pkgs, lib, config, options, ... }:
+
+with lib;
+let
+ cfg = config.modules.services.jillo;
+in {
+ options.modules.services.jillo = {
+ enable = mkOption {
+ type = types.bool;
+ default = false;
+ };
+
+ package = mkOption {
+ type = types.package;
+ default = pkgs._.jillo;
+ };
+
+ dataDir = mkOption {
+ type = types.either [types.path types.str];
+ };
+ };
+
+ config = mkIf cfg.enable {
+ users.users.jillo = {
+ group = "jillo";
+ home = cfg.dataDir;
+ createHome = true;
+ isSystemUser = true;
+ shell = "${pkgs.bash}/bin/bash";
+ };
+
+ users.groups.jillo = {};
+
+ environment.systemPackages = [ pkgs.nodejs-18_x ];
+
+ systemd.services.jillo = {
+ description = "Jillo Discord bot";
+ after = [ "network.target" ];
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ Type = "notify";
+ User = "jillo";
+ Group = "jillo";
+ WorkingDirectory = cfg.dataDir;
+ ExecStart = "${pkgs.nodejs-18_x}/bin/npm run start";
+ Restart = "on-failure";
+ };
+ };
+ };
+}
diff --git a/modules/services/matomo.nix b/modules/services/matomo.nix
new file mode 100644
index 0000000..943af71
--- /dev/null
+++ b/modules/services/matomo.nix
@@ -0,0 +1,60 @@
+{ config, lib, pkgs, options, ... }:
+
+with lib;
+let
+ cfg = config.modules.services.matomo;
+in {
+ options.modules.services.matomo = {
+ enable = mkOption {
+ type = types.bool;
+ default = false;
+ };
+ domain = mkOption {
+ type = types.str;
+ default = "analytics.oat.zone";
+ };
+ };
+
+ config = mkIf cfg.enable {
+ services = {
+ matomo = {
+ enable = true;
+
+ package = pkgs.unstable.matomo-beta;
+ periodicArchiveProcessing = true;
+ hostname = cfg.domain;
+ nginx = {
+ serverAliases = [
+ cfg.domain
+ ];
+ enableACME = true;
+ };
+ };
+
+ mysql = {
+ enable = true;
+
+ package = pkgs.unstable.mariadb;
+
+ settings = {
+ mysqld = {
+ max_allowed_packet = "128M";
+ };
+ client = {
+ max_allowed_packet = "128M";
+ };
+ };
+
+ ensureDatabases = [ "matomo" ];
+ ensureUsers = [
+ {
+ name = "matomo";
+ ensurePermissions = {
+ "matomo.*" = "ALL PRIVILEGES";
+ };
+ }
+ ];
+ };
+ };
+ };
+}
diff --git a/modules/services/minecraft.nix b/modules/services/minecraft.nix
new file mode 100644
index 0000000..1849f33
--- /dev/null
+++ b/modules/services/minecraft.nix
@@ -0,0 +1,22 @@
+{ config, pkgs, lib, options, inputs, ... }:
+
+with lib;
+let
+ cfg = config.modules.services.minecraft;
+in {
+ options.modules.services.minecraft = {
+ enable = mkOption {
+ type = types.bool;
+ default = false;
+ };
+ servers = options.services.minecraft-servers.servers;
+ };
+
+ config = mkIf cfg.enable {
+ services.minecraft-servers = {
+ enable = true;
+ eula = true;
+ servers = cfg.servers;
+ };
+ };
+}
diff --git a/modules/services/nextcloud.nix b/modules/services/nextcloud.nix
new file mode 100644
index 0000000..e7ab0a5
--- /dev/null
+++ b/modules/services/nextcloud.nix
@@ -0,0 +1,33 @@
+{ pkgs, config, lib, options, ... }:
+
+with lib;
+let
+ cfg = config.modules.services.nextcloud;
+in {
+ options.modules.services.nextcloud = {
+ enable = mkOption {
+ type = types.bool;
+ default = false;
+ };
+
+ domain = mkOption {
+ type = types.str;
+ default = null;
+ };
+ };
+
+ config = mkIf cfg.enable {
+ assertions = [
+ { assertion = cfg.domain != null;
+ description = "Nextcloud requires a domain.";
+ }
+ ];
+
+ services.nextcloud = {
+ enable = true;
+ package = pkgs.nextcloud24;
+ hostName = cfg.domain;
+ config.adminpassFile = "/etc/nextcloudpass";
+ };
+ };
+}
diff --git a/modules/services/nginx-config.nix b/modules/services/nginx-config.nix
new file mode 100644
index 0000000..a1c0ecd
--- /dev/null
+++ b/modules/services/nginx-config.nix
@@ -0,0 +1,66 @@
+{ config, lib, pkgs, options, ... }:
+
+with lib;
+let
+ cfg = config.modules.services.nginx-config;
+in {
+ options.modules.services.nginx-config = {
+ enable = mkOption {
+ type = types.bool;
+ default = false;
+ };
+ };
+
+ config = mkIf cfg.enable {
+ security.acme = {
+ acceptTerms = true;
+ defaults.email = "oatmealine@disroot.org";
+# defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory";
+ };
+
+ services.nginx = {
+ enable = true;
+ #enable = lib.mkForce false;
+
+ recommendedTlsSettings = true;
+ recommendedOptimisation = true;
+ recommendedGzipSettings = true;
+ recommendedProxySettings = true;
+
+ commonHttpConfig = ''
+ # Add HSTS header with preloading to HTTPS requests.
+ # Adding this header to HTTP requests is discouraged
+ map $scheme $hsts_header {
+ https "max-age=31536000; includeSubdomains; preload";
+ }
+ add_header Strict-Transport-Security $hsts_header;
+
+ # Enable CSP for your services.
+ #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
+
+ # Minimize information leaked to other domains
+ #add_header 'Referrer-Policy' 'origin-when-cross-origin';
+
+ # Disable embedding as a frame
+ #add_header X-Frame-Options DENY;
+
+ # Prevent injection of code in other mime types (XSS Attacks)
+ #add_header X-Content-Type-Options nosniff;
+
+ # Enable XSS protection of the browser.
+ # May be unnecessary when CSP is configured properly (see above)
+ #add_header X-XSS-Protection "1; mode=block";
+
+ # This might create errors
+ #proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
+ '';
+
+ # prevent invalid domains from being used
+ virtualHosts."_".locations."/".return = "444";
+ virtualHosts."a".locations."/".return = "444";
+ };
+
+ networking.firewall.allowedTCPPorts = [ 443 80 ];
+ networking.firewall.allowedUDPPorts = [ 443 80 ];
+ };
+}
diff --git a/modules/services/nitter.nix b/modules/services/nitter.nix
new file mode 100644
index 0000000..80af18c
--- /dev/null
+++ b/modules/services/nitter.nix
@@ -0,0 +1,88 @@
+{ config, lib, pkgs, options, ... }:
+
+# heavily references https://github.com/erdnaxe/nixos-modules/blob/master/services/nitter.nix
+
+with lib;
+let
+ cfg = config.modules.services.nitter;
+in {
+ options.modules.services.nitter = {
+ enable = mkOption {
+ type = types.bool;
+ default = false;
+ };
+ domain = mkOption {
+ type = types.str;
+ default = "nitter.oat.zone";
+ };
+ port = mkOption {
+ type = types.int;
+ default = 3005;
+ };
+ lightweight = mkOption {
+ type = types.bool;
+ default = false;
+ description = ''
+ Incase shit gets wild, this will make Nitter a lot more lightweight.
+ Some functionality gets removed (videos are not proxied, etc) in exchange for less RAM usage and CPU usage
+ '';
+ };
+ };
+
+ config = mkIf cfg.enable {
+ services = {
+ nitter = {
+ enable = true;
+ server = {
+ address = "127.0.0.1";
+ port = cfg.port;
+ hostname = cfg.domain;
+ title = "nitter.oat.zone"; # TODO: make this costumizable? not sure
+ https = true; # doesn't actually do any encryption, just changes cookie configuration
+ };
+ preferences = {
+ hlsPlayback = true;
+ proxyVideos = !cfg.lightweight;
+ theme = "Mastodon";
+ replaceTwitter = cfg.domain;
+ };
+ };
+
+ # https://github.com/zedeus/nitter/wiki/Nginx
+ nginx.virtualHosts."${cfg.domain}" = {
+ forceSSL = true;
+ enableACME = true;
+ locations."/" = {
+ proxyPass = "http://127.0.0.1:${toString cfg.port}";
+ extraConfig = ''
+ #add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
+ #add_header Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline'; img-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; media-src 'self' blob:; worker-src 'self' blob:; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; connect-src 'self' https://*.twimg.com; manifest-src 'self'";
+ #add_header X-Content-Type-Options nosniff;
+ #add_header X-Frame-Options DENY;
+ #add_header X-XSS-Protection "1; mode=block";
+ '';
+ };
+ locations."= /robots.txt" = {
+ extraConfig = ''
+ # re-defining
+ #add_header Strict-Transport-Security $hsts_header;
+ add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
+ add_header Referrer-Policy origin-when-cross-origin;
+ add_header X-Content-Type-Options nosniff;
+ add_header X-XSS-Protection "1; mode=block";
+
+ add_header Content-Type text/plain;
+ return 200 "User-agent: *\nDisallow: /\n";
+ '';
+ };
+ };
+ };
+
+ # fix for a dumb error
+ # (this doesn't work or do anything lmfao)
+ # genuinely no idea how to fix it atm
+ systemd.services.nitter = {
+ path = with pkgs; lib.mkForce [ git ];
+ };
+ };
+}
diff --git a/modules/services/ssh.nix b/modules/services/ssh.nix
index 5d64bc1..95da94a 100644
--- a/modules/services/ssh.nix
+++ b/modules/services/ssh.nix
@@ -11,13 +11,21 @@ in {
default = false;
description = "Provide system SSH support though OpenSSH.";
};
+ requirePassword = mkOption {
+ type = types.bool;
+ default = true;
+ };
};
config = mkIf cfg.enable {
services.openssh = {
enable = true;
- passwordAuthentication = false;
+ passwordAuthentication = cfg.requirePassword;
permitRootLogin = "no";
};
+ programs.gnupg.agent = {
+ enable = true;
+ enableSSHSupport = true;
+ };
};
}
diff --git a/modules/services/staticSites.nix b/modules/services/staticSites.nix
new file mode 100644
index 0000000..936bc05
--- /dev/null
+++ b/modules/services/staticSites.nix
@@ -0,0 +1,85 @@
+{ pkgs, lib, config, options, ... }:
+
+with lib;
+let
+ sites = config.modules.services.staticSites;
+ staticSiteModule.options = {
+ dataDir = mkOption {
+ type = types.oneOf [ types.str types.path ];
+ default = null;
+ };
+
+ auth = mkOption {
+ type = types.attrsOf types.str;
+ description = "Basic authentication options. Defines a set of user = password pairs.";
+ example = literalExpr ''
+ {
+ user = "password";
+ anotherUser = "anotherPassword";
+ /* ... */
+ }
+ '';
+ default = {};
+ };
+
+ php = mkOption {
+ type = types.bool;
+ description = "Does this site use php (phpfpm)?";
+ default = false;
+ };
+ };
+in {
+ options.modules.services.staticSites = mkOption {
+ type = types.attrsOf (types.submodule staticSiteModule);
+ example = literalExpression ''
+ {
+ "aether.gay".dataDir = /var/www/aether.gay;
+ "oat.zone".dataDir = "/some/weird/place/oat-zone";
+ }
+ '';
+ default = {};
+ };
+
+ config = {
+ assertions = mapAttrsToList (domain: _@{dataDir, ...}:
+ { assertion = dataDir != null;
+ description = "${domain} must specify a dataDir.";
+ }) sites;
+
+ services.nginx.virtualHosts = mkMerge (mapAttrsToList (domain: site: {
+ ${domain} = {
+ locations."/".basicAuth = site.auth;
+ locations."~ \.php$".extraConfig = mkIf site.php ''
+ fastcgi_pass unix:${config.services.phpfpm.pools."${domain}".socket};
+ fastcgi_index index.php;
+ '';
+ locations."/".index = mkIf site.php "index.php index.html";
+ forceSSL = true;
+ enableACME = true;
+ root = site.dataDir;
+ };
+ }) sites);
+
+ users.users.phpfpm = {
+ isSystemUser = true;
+ group = "phpfpm";
+ };
+
+ users.groups.phpfpm = {};
+
+ services.phpfpm.pools = mkMerge (mapAttrsToList (domain: site: mkIf site.php {
+ ${domain} = {
+ user = "phpfpm";
+ settings = {
+ pm = "dynamic";
+ "listen.owner" = config.services.nginx.user;
+ "pm.max_children" = 200;
+ "pm.max_requests" = 2000;
+ "pm.min_spare_servers" = 1;
+ "pm.max_spare_servers" = 25;
+ };
+ phpEnv."PATH" = lib.makeBinPath [ pkgs.unstable.php ];
+ };
+ }) sites);
+ };
+}
diff --git a/modules/services/terraria.nix b/modules/services/terraria.nix
new file mode 100644
index 0000000..53adee4
--- /dev/null
+++ b/modules/services/terraria.nix
@@ -0,0 +1,170 @@
+{ config, lib, pkgs, options, ... }:
+
+# copied from https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/games/terraria.nix
+# just modified to uhm. not break
+
+with lib;
+
+let
+ cfg = config.modules.services.terraria;
+ opt = options.modules.services.terraria;
+ worldSizeMap = { small = 1; medium = 2; large = 3; };
+ valFlag = name: val: optionalString (val != null) "-${name} \"${escape ["\\" "\""] (toString val)}\"";
+ #" (ignore this its for micro)
+ boolFlag = name: val: optionalString val "-${name}";
+ flags = [
+ (valFlag "port" cfg.port)
+ (valFlag "maxPlayers" cfg.maxPlayers)
+ (valFlag "password" cfg.password)
+ (valFlag "motd" cfg.messageOfTheDay)
+ (valFlag "world" cfg.worldPath)
+ (valFlag "autocreate" (builtins.getAttr cfg.autoCreatedWorldSize worldSizeMap))
+ (valFlag "banlist" cfg.banListPath)
+ (boolFlag "secure" cfg.secure)
+ (boolFlag "noupnp" cfg.noUPnP)
+ ];
+ stopScript = pkgs.writeScript "terraria-stop" ''
+ #!${pkgs.runtimeShell}
+ if ! [ -d "/proc/$1" ]; then
+ exit 0
+ fi
+ ${getBin pkgs.tmux}/bin/tmux -S ${cfg.dataDir}/terraria.sock send-keys Enter exit Enter
+ ${getBin pkgs.coreutils}/bin/tail --pid="$1" -f /dev/null
+ '';
+in
+{
+ options = {
+ modules.services.terraria = {
+ enable = mkOption {
+ type = types.bool;
+ default = false;
+ description = lib.mdDoc ''
+ If enabled, starts a Terraria server. The server can be connected to via `tmux -S ''${config.${opt.dataDir}}/terraria.sock attach`
+ for administration by users who are a part of the `terraria` group (use `C-b d` shortcut to detach again).
+ '';
+ };
+
+ port = mkOption {
+ type = types.port;
+ default = 7777;
+ description = lib.mdDoc ''
+ Specifies the port to listen on.
+ '';
+ };
+
+ maxPlayers = mkOption {
+ type = types.ints.u8;
+ default = 255;
+ description = lib.mdDoc ''
+ Sets the max number of players (between 1 and 255).
+ '';
+ };
+ password = mkOption {
+ type = types.nullOr types.str;
+ default = null;
+ description = lib.mdDoc ''
+ Sets the server password. Leave `null` for no password.
+ '';
+ };
+
+ messageOfTheDay = mkOption {
+ type = types.nullOr types.str;
+ default = null;
+ description = lib.mdDoc ''
+ Set the server message of the day text.
+ '';
+ };
+
+ worldPath = mkOption {
+ type = types.nullOr types.path;
+ default = null;
+ description = lib.mdDoc ''
+ The path to the world file (`.wld`) which should be loaded.
+ If no world exists at this path, one will be created with the size
+ specified by `autoCreatedWorldSize`.
+ '';
+ };
+
+ autoCreatedWorldSize = mkOption {
+ type = types.enum [ "small" "medium" "large" ];
+ default = "medium";
+ description = lib.mdDoc ''
+ Specifies the size of the auto-created world if `worldPath` does not
+ point to an existing world.
+ '';
+ };
+
+ banListPath = mkOption {
+ type = types.nullOr types.path;
+ default = null;
+ description = lib.mdDoc ''
+ The path to the ban list.
+ '';
+ };
+
+ secure = mkOption {
+ type = types.bool;
+ default = false;
+ description = lib.mdDoc "Adds additional cheat protection to the server.";
+ };
+
+ noUPnP = mkOption {
+ type = types.bool;
+ default = false;
+ description = lib.mdDoc "Disables automatic Universal Plug and Play.";
+ };
+
+ openFirewall = mkOption {
+ type = types.bool;
+ default = false;
+ description = lib.mdDoc "Wheter to open ports in the firewall";
+ };
+
+ dataDir = mkOption {
+ type = types.str;
+ default = "/var/lib/terraria";
+ example = "/srv/terraria";
+ description = lib.mdDoc "Path to variable state data directory for terraria.";
+ };
+ };
+ };
+
+ #'' (sorry another micro moment)
+
+ config = mkIf cfg.enable {
+ users.users.terraria = {
+ description = "Terraria server service user";
+ home = cfg.dataDir;
+ createHome = true;
+ isSystemUser = true;
+ group = "terraria";
+ };
+
+ users.groups.terraria = {};
+
+ systemd.services.terraria = {
+ description = "Terraria Server Service";
+ wantedBy = [ "multi-user.target" ];
+ after = [ "network.target" ];
+
+ serviceConfig = {
+ User = "terraria";
+ Type = "forking";
+ GuessMainPID = true;
+ ExecStart = "${getBin pkgs.tmux}/bin/tmux -S ${cfg.dataDir}/terraria.sock new -d ${pkgs.terraria-server}/bin/TerrariaServer ${concatStringsSep " " flags}";
+ ExecStop = "${stopScript} $MAINPID";
+ };
+
+ postStart = ''
+ ${pkgs.coreutils}/bin/chmod 660 ${cfg.dataDir}/terraria.sock
+ ${pkgs.coreutils}/bin/chgrp terraria ${cfg.dataDir}/terraria.sock
+ '';
+ };
+
+ networking.firewall = mkIf cfg.openFirewall {
+ allowedTCPPorts = [ cfg.port ];
+ allowedUDPPorts = [ cfg.port ];
+ };
+
+ };
+}
diff --git a/modules/services/vaultwarden.nix b/modules/services/vaultwarden.nix
new file mode 100644
index 0000000..6f05d32
--- /dev/null
+++ b/modules/services/vaultwarden.nix
@@ -0,0 +1,64 @@
+{ pkgs, lib, config, options, ... }:
+
+with lib;
+let
+ cfg = config.modules.services.vaultwarden;
+in {
+ options.modules.services.vaultwarden = {
+ enable = mkOption {
+ type = types.bool;
+ default = false;
+ };
+
+ domain = mkOption {
+ type = types.str;
+ default = null;
+ };
+
+ port = mkOption {
+ type = types.port;
+ default = 8222;
+ };
+ };
+
+ config = mkIf cfg.enable {
+ assertions = [
+ { assertion = cfg.domain != null;
+ description = "Vaultwarden requires a domain to be defined";
+ }
+ ];
+
+ services = {
+ vaultwarden = {
+ enable = true;
+ dbBackend = "postgresql";
+ config = {
+ DOMAIN = "https://${cfg.domain}";
+ DATABASE_URL = "postgresql:///vaultwarden?host=/run/postgresql";
+ DATA_FOLDER = "/var/lib/bitwarden_rs";
+ SIGNUPS_ALLOWED = false;
+ ROCKET_ADDRESS = "127.0.0.1";
+ ROCKET_PORT = cfg.port;
+ ROCKET_LOG = "critical";
+ };
+ environmentFile = "${config.services.vaultwarden.config.DATA_FOLDER}/conf.env";
+ };
+
+ nginx.virtualHosts.${cfg.domain} = {
+ forceSSL = true;
+ enableACME = true;
+ locations."/".proxyPass = "http://127.0.0.1:${toString cfg.port}";
+ };
+
+ postgresql = {
+ enable = true;
+ ensureDatabases = [ "vaultwarden" ];
+ ensureUsers = [
+ { name = "vaultwarden";
+ ensurePermissions = { "DATABASE vaultwarden" = "ALL PRIVILEGES"; };
+ }
+ ];
+ };
+ };
+ };
+}
diff --git a/modules/services/watch-party.nix b/modules/services/watch-party.nix
new file mode 100644
index 0000000..c158121
--- /dev/null
+++ b/modules/services/watch-party.nix
@@ -0,0 +1,38 @@
+{ config, lib, pkgs, options, inputs, ... }:
+
+with lib;
+let
+ cfg = config.modules.services.watch-party;
+in {
+ options.modules.services.watch-party = {
+ enable = mkOption {
+ type = types.bool;
+ default = false;
+ };
+ domain = mkOption {
+ type = types.str;
+ default = "watch-party.oat.zone";
+ };
+ port = mkOption {
+ type = types.int;
+ default = 1984;
+ };
+ };
+
+ config = mkIf cfg.enable {
+ services = {
+ #watch-party = {
+ # enable = true;
+ # port = cfg.port;
+ #};
+
+ nginx.virtualHosts."${cfg.domain}" = {
+ forceSSL = true;
+ enableACME = true;
+ locations."/" = {
+ proxyPass = "http://127.0.0.1:${toString cfg.port}";
+ };
+ };
+ };
+ };
+}
diff --git a/modules/services/webapps.nix b/modules/services/webapps.nix
index 96a9e4d..0bcc55f 100644
--- a/modules/services/webapps.nix
+++ b/modules/services/webapps.nix
@@ -1,30 +1,61 @@
{ pkgs, lib, config, options, ... }:
-with lib;
+# uncomment any of this and i will uncomment the entirety of russia above your house
+{ /*
+with lib; with types;
let
cfg = config.modules.services.webapps;
in {
- options.modules.services.webapps = mkOption {
- type = types.attrsOf types.attrs;
- default = {};
+ options.modules.services.webapps = {
+ enable = mkOption {
+ type = bool;
+ default = false;
+ };
+ webapps = mkOption {
+ type = attrsOf (submodule { options = {
+ nginx = mkOption {
+ type = submodule { options = options.services.nginx.virtualHosts.type.getSubModules; };
+ default = {};
+ };
+ phpfpm = {
+ enable = mkOption {
+ type = bool;
+ default = false;
+ };
+ config = mkOption {
+ type = submodule { options = options.services.phpfpm.pools.type.getSubModules; };
+ default = {
+ settings = {
+ "pm" = mkDefault "dynamic";
+ "pm.max_children" = mkDefault 16;
+ "pm.max_requests" = mkDefault 500;
+ "pm.start_servers" = mkDefault 1;
+ "pm.min_spare_servers" = mkDefault 1;
+ "pm.max_spare_servers" = mkDefault 3;
+# "php_admin_value[error_log]" = mkDefault "${app.root}/log";
+ "php_admin_flag[log_errors]" = mkDefault true;
+ "catch_workers_output" = mkDefault true;
+ };
+ phpEnv."PATH" = makeBinPath [ pkgs.php ];
+ };
+ };
+ };
+ root = mkOption {
+ type = path;
+ default = null;
+ };
+ }; });
+ default = {};
+ };
};
- config = mkMerge (
-/*
- [{ services.nginx.enable = true; }] ++
-
- # Generic configuration
- (mapAttrsToList (appName: app: let username = lib.intersperse "-" (lib.splitString "." appName); in mkMerge [
+ config = mkIf cfg.enable
+ (mkMerge (mapAttrsToList (appName: app: let username = concatStringsSep "-" (splitString "." appName); in trace appName (mkMerge [
{
- assertions = [{
- assertion = (types.enum ["generic" "phpfpm"]).check app.platform;
- description = "Please specify a webapp platform for ${appName}. The possible platforms are: \"generic\", \"phpfpm\"";
- }];
-
users.users.${username} = mkMerge [
{
isSystemUser = true;
- group = appName;
+ group = username;
}
(mkIf (app.root != null) {
createHome = true;
@@ -32,33 +63,25 @@ in {
})
];
- users.groups.${username} = username;
+# users.groups.${username} = {};
- services.nginx.virtualHosts."${appName}" = app.nginx;
+ services.nginx = {
+ enable = true;
+ virtualHosts.${appName} = mkMerge [
+ app.nginx
+ (mkIf (app.root != null) { root = mkDefault app.root; })
+ ];
+ };
}
- # phpfpm-specific configuration
- (mkIf (app.platform == "phpfpm") {
+ (mkIf app.phpfpm.enable {
modules.dev.php.enable = true;
-
- services.phpfpm.pools.${appName} = {
- user = appName;
- settings = mkMerge [{
- "listen.owner" = config.services.nginx.user;
- "pm" = "dynamic";
- "pm.max_children" = 16;
- "pm.max_requests" = 500;
- "pm.start_servers" = 2;
- "pm.min_spare_servers" = 1;
- "pm.max_spare_servers" = 3;
- "php_admin_value[error_log]" = "${app.root}/log";
- "php_admin_flag[log_errors]" = true;
- "catch_workers_output" = true;
- } app.phpfpm];
- phpEnv."PATH" = lib.makeBinPath [ pkgs.php ];
- };
+ services.phpfpm.pools.${appName} = mkMerge [ app.phpfpm.config {
+ user = username;
+ default."listen.owner" = config.services.nginx.user;
+ }];
})
- ]) cfg)
-*/[]
- );
+ ])) cfg.webapps
+ ));
}
+*/ }
diff --git a/modules/services/wireguard.nix b/modules/services/wireguard.nix
index ac31cb9..1b15a31 100644
--- a/modules/services/wireguard.nix
+++ b/modules/services/wireguard.nix
@@ -8,7 +8,7 @@ in {
enable = mkOption {
type = types.bool;
default = false;
- description = "Enables the wiregyard VPN service.";
+ description = "Enables wireguard. \"WireGuard\" and the \"WireGuard\" logo are registered trademarks of Jason A. Donenfeld.";
};
server = mkOption {
@@ -38,6 +38,8 @@ in {
}
];
+ environment.systemPackages = [ pkgs.nftables ];
+
networking = mkMerge (
[{
nat.enable = true;
@@ -46,6 +48,7 @@ in {
}] ++
(mapAttrsToList (iname: iattrs: {
+ firewall.allowedTCPPorts = [ iattrs.listenPort ];
firewall.allowedUDPPorts = [ iattrs.listenPort ];
wireguard.interfaces.${iname} = mkMerge [ iattrs {
diff --git a/modules/services/yugoslavia-best.nix b/modules/services/yugoslavia-best.nix
new file mode 100644
index 0000000..d46fcbe
--- /dev/null
+++ b/modules/services/yugoslavia-best.nix
@@ -0,0 +1,132 @@
+{ config, lib, pkgs, options, ... }:
+
+with lib;
+let
+ cfg = config.modules.services.yugoslavia-best;
+in {
+ options.modules.services.yugoslavia-best = {
+ enable = mkOption {
+ type = types.bool;
+ default = false;
+ };
+ domain = mkOption {
+ type = types.str;
+ default = "yugoslavia.best";
+ };
+ root = mkOption {
+ type = types.str;
+ default = "/var/www/yugoslavia.best";
+ };
+ };
+
+ config = mkIf cfg.enable {
+ modules.services.staticSites."${cfg.domain}" = {
+ dataDir = cfg.root;
+ php = true;
+ };
+
+ services = {
+ nginx.virtualHosts."${cfg.domain}" = {
+ locations."/modding-txts/" = {
+ extraConfig = ''
+ autoindex on;
+ sub_filter
+ '';
+ sub_filter ' ';
+ sub_filter
' ';
+ sub_filter '' '';
+ sub_filter '' '';
+ sub_filter '
';
+ sub_filter
'
';
+ sub_filter_once off;
+ '';
+ };
+
+ locations."/srb2kaddons/" = {
+ extraConfig = ''
+ autoindex on;
+ alias /home/oatmealine/.srb2kart/firepit/;
+ sub_filter
+ '';
+ sub_filter ' ';
+ sub_filter
' ';
+ sub_filter '' '';
+ sub_filter '' '';
+ sub_filter '
';
+ sub_filter
'
';
+ sub_filter_once off;
+ '';
+ };
+
+ locations."/__special" = {
+ extraConfig = ''
+ internal;
+ allow all;
+ root ${cfg.root}/nginx/html/__special;
+ '';
+ };
+
+ locations."= /__md_file" = {
+ extraConfig = ''
+ internal;
+ allow all;
+
+ add_header 'Vary' 'Accept';
+
+ # redefining
+ add_header Strict-Transport-Security $hsts_header;
+ add_header Referrer-Policy origin-when-cross-origin;
+ add_header X-Content-Type-Options nosniff;
+ add_header X-XSS-Protection "1; mode=block";
+
+ sub_filter
+ '$request_filename - yugoslavia.best';
+ sub_filter_once on;
+
+ default_type text/html;
+ alias ${cfg.root}/nginx/html/__special/md-renderer.html;
+ '';
+ };
+
+ locations."~* \\.md" = {
+ extraConfig = ''
+ error_page 418 = /__md_file;
+
+ add_header 'Vary' 'Accept';
+
+ # redefining
+ add_header Strict-Transport-Security $hsts_header;
+ add_header Referrer-Policy origin-when-cross-origin;
+ add_header X-Content-Type-Options nosniff;
+ add_header X-XSS-Protection "1; mode=block";
+
+ if (!-f $request_filename) {
+ break;
+ }
+
+ # if no "text/markdown" in "accept" header:
+ # redirect to /__md_file to serve html renderer
+ if ($http_accept !~* "text/markdown") {
+ return 418;
+ }
+ '';
+ };
+
+ extraConfig = ''
+ types {
+ text/plain md;
+ text/html html;
+ text/plain txt;
+ text/css css;
+ application/javascript js;
+ image/x-icon ico;
+ image/png png;
+ image/gif gif;
+ }
+ '';
+ };
+ };
+ };
+}
diff --git a/modules/theme.nix b/modules/theme.nix
deleted file mode 100644
index 70e153e..0000000
--- a/modules/theme.nix
+++ /dev/null
@@ -1,41 +0,0 @@
-{ config, pkgs, lib, options, ... }:
-
-with lib;
-let
- cfg = config.modules.theme;
-in {
- options.modules.theme = {
- active = mkOption {
- type = types.str;
- default = "still";
- description = "Theme defaults";
- };
- wallpaper = mkOption {
- type = types.path;
- default = null;
- description = "The main wallpaper";
- };
-/*
- gtk = {
- theme = mkOption {
- type = types.str;
- default = "";
- description = "The global GTK theme";
- };
- iconTheme = {
- type = types.str;
- default = "";
- description = "Global GTK icon theme";
- };
- cursorTheme = {
- type = types.str;
- default = "";
- description = "Global GTK cursor theme";
- };
- };
-*/
- };
-
- config = mkIf (cfg.active != "") {
- };
-}
diff --git a/modules/themes/still/background.png b/modules/themes/still/background.png
deleted file mode 100644
index 02724ab..0000000
Binary files a/modules/themes/still/background.png and /dev/null differ
diff --git a/modules/themes/still/config/nwggrid/style.css b/modules/themes/still/config/nwggrid/style.css
deleted file mode 100644
index 305e0ce..0000000
--- a/modules/themes/still/config/nwggrid/style.css
+++ /dev/null
@@ -1,39 +0,0 @@
-button, label, image {
- background: none;
- border-style: none;
- box-shadow: none;
- color: #999999;
-}
-
-button {
- padding: 5px;
- margin: 5px
-}
-
-button:hover {
- background-color: rgba(255, 255, 255, 0.1);
-}
-
-button:focus {
- box-shadow: 0 0 2px;
-}
-
-#searchbox {
- background: none;
- border-color: #999999;
- color: #cccccc;
- margin-top: 20px;
- margin-bottom: 20px
-}
-
-#separator {
- background-color: rgba(200, 200, 200, 0.5);
- margin-left: 500px;
- margin-right: 500px;
- margin-top: 10px;
- margin-bottom: 10px
-}
-
-#description {
- margin-bottom: 20px
-}
diff --git a/modules/themes/still/config/sway/config b/modules/themes/still/config/sway/config
deleted file mode 100644
index 85da1a9..0000000
--- a/modules/themes/still/config/sway/config
+++ /dev/null
@@ -1,3 +0,0 @@
-# font pango:SF Pro Display
-
-gaps inner 10
diff --git a/modules/themes/still/config/waybar/style.css b/modules/themes/still/config/waybar/style.css
deleted file mode 100644
index e72a8c1..0000000
--- a/modules/themes/still/config/waybar/style.css
+++ /dev/null
@@ -1,88 +0,0 @@
-* {
- border: none;
- border-radius: 0;
- font-family: "SF Pro Display";
- font-size: 13px;
-}
-
-window#waybar {
- background-color: rgba(0, 0, 0, 0);
-}
-
-window#waybar.hidden {
- opacity: 0.2;
-}
-
-/* Universal Attributes */
-
-#tray,
-#cpu,
-#memory,
-#pulseaudio,
-#battery,
-#clock,
-#workspaces button,
-#window {
- background: rgba(40, 50, 80, 0.60);
- border-radius: 5px;
- color: rgba(240, 240, 240, 1.00);
-}
-
-/* Font Sizes */
-
-#workspaces button {
- font-size: 15px;
-}
-
-/* Padding */
-
-#workspaces button,
-#window {
- padding: 2px 5px;
-}
-
-#clock {
- padding: 2px 8px;
-}
-
-#cpu,
-#memory,
-#battery {
- padding: 2px 7px;
-}
-
-
-/* Margins */
-
-#workspaces button,
-#window {
- margin: 10px 0 0 10px;
-}
-
-#clock {
- margin: 10px 0 0 0;
-}
-
-#tray,
-#cpu,
-#memory,
-#pulseaudio,
-#battery {
- margin: 10px 10px 0 0 ;
-}
-
-/* Colours */
-
-#workspaces button.active {
- background: rgba(40, 70, 125, 0.40);
-}
-
-#workspaces button:hover,
-#battery.charging {
- background: rgba(45, 80, 140, 1.00);
-}
-
-#workspaces button.urgent,
-#battery.critical:not(.charging) {
- background: rgba(255, 100, 80, 1.00);
-}
diff --git a/modules/themes/still/theme.nix b/modules/themes/still/theme.nix
deleted file mode 100644
index cdf380d..0000000
--- a/modules/themes/still/theme.nix
+++ /dev/null
@@ -1,32 +0,0 @@
-{ config, options, lib, pkgs, ... }:
-
-with lib;
-let
- theme = config.modules.theme;
-in {
- config = mkIf (theme.active == "still") (mkMerge [
- {
- modules.theme.wallpaper = ./background.png;
- home.configFile = with config.modules; mkMerge [
- (mkIf desktop.services.waybar.enable {
- "waybar" = { source = ./config/waybar; target = "$HOME.config/waybar"; recursive = true; };
- })
-/*
- (mkIf desktop.apps.alacritty.enable {
- "alacritty" = { source = ./config/alacritty; recursive = true; };
- })
- (mkIf desktop.apps.wofi.enable {
- "wofi" = { source = ./config/wofi; recursive = true; };
- })
-*/
- (mkIf desktop.sway.enable {
- "sway" = { source = ./config/sway; target = "$HOME.config/sway"; recursive = true; };
- })
-
- (mkIf desktop.apps.nwg-launchers.enable {
- "nwg-launchers/nwggrid/style.css" = { source = ./config/nwggrid/style.css; };
- })
- ];
- }
- ]);
-}
diff --git a/modules/users.nix b/modules/users.nix
index 556eacc..119ec40 100644
--- a/modules/users.nix
+++ b/modules/users.nix
@@ -5,10 +5,23 @@ let
in {
options = {
- defaultUsers = mkOption {
+ user = mkOption {
type = types.attrs;
default = {};
- description = "Collection of users";
+ description = "Defaults to apply to all normal users in the system.";
+ };
+ normalUsers = mkOption {
+ type = types.attrsOf (types.submodule { options = {
+ conf = mkOption {
+ type = types.attrs;
+ default = {};
+ };
+ homeConf = mkOption {
+ type = types.attrs;
+ default = {};
+ };
+ };});
+ default = {};
};
home = {
_ = mkOption {
@@ -18,15 +31,10 @@ in {
};
configFile = mkOption {
type = types.attrs;
- default = {};
- description = "(XDG) Configuration files managed by home-manager";
+ default = {};
+ description = "(XDG) Configuration files managed by home-manager";
};
};
- user = mkOption {
- type = types.attrs;
- default = {};
- description = "Universal system-level user configuration";
- };
configDir = mkOption {
type = types.path;
default = ../config;
@@ -58,22 +66,17 @@ in {
};
};
- users.users = mapAttrs (user: prop: mkMerge [
+ users.groups = mapAttrs (_: _: {}) config.normalUsers;
+
+ users.users = mapAttrs (username: user: (mkMerge [
(mkAliasDefinitions options.user)
-
+ user.conf
{
- packages = prop.packages;
- extraGroups = prop.extraGroups;
- shell = pkgs."${config.defaultUsers."${user}".shell}";
- home = "/home/${user}";
isNormalUser = true;
- group = user;
+ group = username;
}
- ]) config.defaultUsers;
+ ])) config.normalUsers;
- home-manager.users = mapAttrs (user: prop: mkMerge [
- (mkAliasDefinitions options.home._)
-# (import "${prop.homeDir}/.home/")
- ]) config.defaultUsers;
+ home-manager.users = mapAttrs (username: user: (mkMerge [(mkAliasDefinitions options.home._) user.homeConf])) config.normalUsers;
};
}
diff --git a/nixos.nix b/nixos.nix
deleted file mode 100755
index a961580..0000000
--- a/nixos.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{ lib, inputs, pkgs, ... }:
-
-let
- inherit (lib) nixosSystem mkDefault;
-in {
- /*
- */
- mkHost = system: path:
- nixosSystem {
- inherit system;
- specialArgs = { inherit lib inputs system; };
- modules = [
- {
- nixpkgs.pkgs = pkgs;
- networking.hostName = mkDefault (baseNameOf path);
- }
- ../.
- (import path)
- ];
- };
-}
diff --git a/packages/matrix-conduit/default.nix b/packages/matrix-conduit/default.nix
new file mode 100644
index 0000000..1e13d8f
--- /dev/null
+++ b/packages/matrix-conduit/default.nix
@@ -0,0 +1,26 @@
+{ lib, stdenv, fetchFromGitLab, rustc, cargo, openssl, rustPlatform, ... }: {}
+
+/*
+rustPlatform.buildRustPackage rec {
+ pname = "matrix-conduit";
+ ver = "v0.4.0";
+
+ src = fetchFromGitLab {
+ owner = "famedly";
+ repo = "conduit";
+ rev = "0b926c2a31deff57a3526dd75d8c08775b02241a";
+ sha256 = lib.fakeSha256;
+ };
+
+ meta = {
+ name = "conduit";
+ description = "A Matrix homeserver written in Rust";
+ license = "Apache-2.0";
+ homepage = "https://conduit.rs";
+ };
+
+ cargoSha256 = lib.fakeSha256;
+
+ buildInputs = [ openssl ];
+}
+*/
diff --git a/result b/result
index ae87d11..6dbe7a6 120000
--- a/result
+++ b/result
@@ -1 +1 @@
-/nix/store/js0sdyhi0319gwr76gj56q52dci2n9y0-nixos-system-dark-firepit-21.11.20220421.9887f02
\ No newline at end of file
+/nix/store/f5ybdcl8js6wh9w643f1agaxcsfh0i12-nixos-system-dark-firepit-22.05.20220731.ede02b4
\ No newline at end of file