diff options
| author | Mike Vink <mike@pionative.com> | 2024-07-14 06:40:52 +0200 |
|---|---|---|
| committer | Mike Vink <mike@pionative.com> | 2024-07-14 06:40:52 +0200 |
| commit | 98c31cac3e931023b5afeb209af6b6eed2a025c7 (patch) | |
| tree | 4f78891affa3ce2cfbb7f0b1b3efc31d68c87ab7 /profiles | |
| parent | f56f38fc344a80244266e0b69f909775599ba5b2 (diff) | |
wip
Diffstat (limited to 'profiles')
| -rw-r--r-- | profiles/core/configuration.nix | 52 | ||||
| -rw-r--r-- | profiles/core/git.nix | 6 | ||||
| -rw-r--r-- | profiles/core/hm.nix | 2 | ||||
| -rw-r--r-- | profiles/core/home.nix | 21 | ||||
| -rw-r--r-- | profiles/core/meta.nix | 2 | ||||
| -rw-r--r-- | profiles/core/packages.nix | 53 | ||||
| -rw-r--r-- | profiles/core/secrets.nix | 8 | ||||
| -rw-r--r-- | profiles/core/syncthing.nix | 16 | ||||
| -rw-r--r-- | profiles/email/mailsync.nix | 2 | ||||
| -rw-r--r-- | profiles/email/server.nix | 30 | ||||
| -rw-r--r-- | profiles/graphical/suckless.nix | 2 | ||||
| -rw-r--r-- | profiles/homeserver/acme.nix | 6 | ||||
| -rw-r--r-- | profiles/homeserver/dns.nix | 14 | ||||
| -rw-r--r-- | profiles/homeserver/nginx.nix | 4 | ||||
| -rw-r--r-- | profiles/homeserver/radicale.nix | 2 | ||||
| -rw-r--r-- | profiles/homeserver/transmission.nix | 93 | ||||
| -rw-r--r-- | profiles/netboot/system.nix | 20 | ||||
| -rw-r--r-- | profiles/server/acme.nix | 2 | ||||
| -rw-r--r-- | profiles/server/mail.nix | 10 | ||||
| -rw-r--r-- | profiles/server/nginx.nix | 2 | ||||
| -rw-r--r-- | profiles/station/caldav.nix | 4 | ||||
| -rw-r--r-- | profiles/station/music.nix | 4 | ||||
| -rw-r--r-- | profiles/station/suckless.nix | 81 | ||||
| -rw-r--r-- | profiles/station/virtualisation.nix | 2 |
24 files changed, 203 insertions, 235 deletions
diff --git a/profiles/core/configuration.nix b/profiles/core/configuration.nix index 87b3d97..31a622b 100644 --- a/profiles/core/configuration.nix +++ b/profiles/core/configuration.nix @@ -5,7 +5,7 @@ lib, ... }: with lib; { - imports = [ (mkAliasOptionModule [ "ivi" ] [ "users" "users" ivi.username ]) ]; + imports = [ (mkAliasOptionModule [ "my" ] [ "users" "users" my.username ]) ]; services = { resolved.fallbackDns = [ @@ -28,60 +28,18 @@ time.timeZone = "Europe/Amsterdam"; users.users = { - ${ivi.username} = { + ${my.username} = { uid = mkIf (!machine.isDarwin) 1000; - description = ivi.realName; - openssh.authorizedKeys.keys = ivi.sshKeys; + description = my.realName; + openssh.authorizedKeys.keys = my.sshKeys; extraGroups = ["wheel" "networkmanager" "docker" "transmission" "dialout" "test"]; isNormalUser = true; }; root = { - openssh.authorizedKeys.keys = config.ivi.openssh.authorizedKeys.keys; + openssh.authorizedKeys.keys = config.my.openssh.authorizedKeys.keys; }; }; - environment.systemPackages = with pkgs; [ - vim - wget - git - subversion - htop - jq - yq-go - curl - fd - lf - fzf - ripgrep - parallel - pinentry-curses - gnused - gnutls - zoxide - binwalk - unzip - gcc - gnumake - file - pstree - bc - mediainfo - bat - openpomodoro-cli - coreutils - killall - ] ++ (optionals (!machine.isDarwin) [ - man-pages - man-pages-posix - # pkgsi686Linux.glibc - gdb - pciutils - dnsutils - iputils - inetutils - usbutils - ]); - nix.package = pkgs.nixVersions.latest; nix.extraOptions = '' experimental-features = nix-command flakes configurable-impure-env diff --git a/profiles/core/git.nix b/profiles/core/git.nix index b1d3ea6..44cadf7 100644 --- a/profiles/core/git.nix +++ b/profiles/core/git.nix @@ -3,14 +3,14 @@ hm = { programs.git = { enable = true; - userName = ivi.realName; - userEmail = if config.networking.hostName == "work" then "mike@pionative.com" else ivi.email; + userName = my.realName; + userEmail = if config.networking.hostName == "work" then "mike@pionative.com" else my.email; extraConfig = { worktree.guessRemote = true; mergetool.fugitive.cmd = "vim -f -c \"Gdiff\" \"$MERGED\""; merge.tool = "fugitive"; gpg.format = "ssh"; - user.signingKey = "${config.ivi.home}/.ssh/id_ed25519_sk.pub"; + user.signingKey = "${config.my.home}/.ssh/id_ed25519_sk.pub"; commit.gpgsign = true; }; diff --git a/profiles/core/hm.nix b/profiles/core/hm.nix index efa83af..57c7d0f 100644 --- a/profiles/core/hm.nix +++ b/profiles/core/hm.nix @@ -1,6 +1,6 @@ {inputs, config, lib, pkgs, ...}: with lib; { imports = [ - (mkAliasOptionModule [ "hm" ] [ "home-manager" "users" ivi.username ]) + (mkAliasOptionModule [ "hm" ] [ "home-manager" "users" my.username ]) ]; home-manager = { diff --git a/profiles/core/home.nix b/profiles/core/home.nix index ed86a55..032d954 100644 --- a/profiles/core/home.nix +++ b/profiles/core/home.nix @@ -8,7 +8,7 @@ programs.tmux = { enable = true; extraConfig = '' - set-option -g default-shell ${config.ivi.shell}/bin/zsh + set-option -g default-shell ${config.my.shell}/bin/zsh set -g status off set -s set-clipboard on setw -g mouse on @@ -42,7 +42,14 @@ }; hm = { - fonts.fontconfig.enable = true; + programs.password-store = { + enable = true; + settings = { + PASSWORD_STORE_DIR = config.synced.password-store.path; + }; + }; + + # fonts.fontconfig.enable = true; # https://github.com/nix-community/home-manager/issues/4692 # home.file.".local/bin".source = config.lib.meta.mkMutableSymlink /mut/bin; xdg = { @@ -86,7 +93,7 @@ # enable = true; # matchBlocks = { # "*" = { - # identityFile = "${config.ivi.home}/.ssh/id_ed25519_sk"; + # identityFile = "${config.my.home}/.ssh/id_ed25519_sk"; # }; # }; # }; @@ -114,8 +121,6 @@ ''; }; - programs.alacritty.enable = true; - programs = { zsh = { enable = true; @@ -226,7 +231,7 @@ k = "kubectl "; d = "docker "; ls = "ls --color=auto"; - s = "${if machine.isDarwin then "darwin-rebuild" else "sudo nixos-rebuild"} switch --flake ${config.ivi.home}/flake#${config.networking.hostName}"; + s = "${if machine.isDarwin then "darwin-rebuild" else "sudo nixos-rebuild"} switch --flake ${config.my.home}/flake#${config.networking.hostName}"; b = "/run/current-system/bin/switch-to-configuration boot"; v = "vremote"; lf = "lfub"; @@ -252,7 +257,7 @@ ( command -v docker ) &>/dev/null && eval "$(docker completion bash)" ( command -v kubectl ) &>/dev/null && eval "$(kubectl completion bash)" ( command -v zoxide ) &>/dev/null && eval "$(zoxide init bash)" - export PATH="$PATH:$HOME/.local/bin:/opt/homebrew/bin:${config.ivi.home}/.krew/bin:${config.ivi.home}/.cargo/bin:${pkgs.ncurses}/bin" + export PATH="$PATH:$HOME/.local/bin:/opt/homebrew/bin:${config.my.home}/.krew/bin:${config.my.home}/.cargo/bin:${pkgs.ncurses}/bin" [[ -f ~/.cache/wal/sequences ]] && (cat ~/.cache/wal/sequences &) unset LD_PRELOAD # include nix.sh if it exists @@ -273,7 +278,7 @@ k = "kubectl "; d = "docker "; ls = "ls --color=auto"; - s = "${if machine.isDarwin then "darwin-rebuild" else "sudo nixos-rebuild"} switch --flake ${config.ivi.home}/flake#${config.networking.hostName}"; + s = "${if machine.isDarwin then "darwin-rebuild" else "sudo nixos-rebuild"} switch --flake ${config.my.home}/flake#${config.networking.hostName}"; b = "/run/current-system/bin/switch-to-configuration boot"; v = "nvim"; M = "xrandr --output HDMI1 --auto --output eDP1 --off"; diff --git a/profiles/core/meta.nix b/profiles/core/meta.nix index f813b56..add9b34 100644 --- a/profiles/core/meta.nix +++ b/profiles/core/meta.nix @@ -1,6 +1,6 @@ {inputs,lib,config, ...}: with lib; { lib.meta = { - configPath = "${config.ivi.home}/flake"; + configPath = "${config.my.home}/flake"; mkMutableSymlink = path: config.hm.lib.file.mkOutOfStoreSymlink (config.lib.meta.configPath + removePrefix (toString inputs.self) (toString path)); diff --git a/profiles/core/packages.nix b/profiles/core/packages.nix new file mode 100644 index 0000000..1d8e737 --- /dev/null +++ b/profiles/core/packages.nix @@ -0,0 +1,53 @@ +{ + machine, + config, + pkgs, + lib, + ... +}: + +with lib; + +{ + environment.systemPackages = with pkgs; [ + vim + wget + git + subversion + htop + jq + yq-go + curl + fd + lf + fzf + ripgrep + parallel + pinentry-curses + gnused + gnutls + zoxide + binwalk + unzip + # gcc + gnumake + file + pstree + bc + mediainfo + bat + openpomodoro-cli + coreutils + killall + ] ++ (optionals (!machine.isDarwin) [ + man-pages + man-pages-posix + # pkgsi686Linux.glibc + gdb + pciutils + dnsutils + iputils + inetutils + usbutils + ]); +} diff --git a/profiles/core/secrets.nix b/profiles/core/secrets.nix index 7361123..192bacf 100644 --- a/profiles/core/secrets.nix +++ b/profiles/core/secrets.nix @@ -35,13 +35,5 @@ in ]; }; - hm = { - programs.password-store = { - enable = true; - settings = { - PASSWORD_STORE_DIR = config.synced.password-store.path; - }; - }; - }; }; } diff --git a/profiles/core/syncthing.nix b/profiles/core/syncthing.nix index f8d6ee2..796a3d7 100644 --- a/profiles/core/syncthing.nix +++ b/profiles/core/syncthing.nix @@ -1,5 +1,5 @@ -{machine, config, lib,...}: with lib; let - group = if machine.isDarwin then (builtins.toString config.ivi.gid) else config.ivi.group; +{machines, machine, config, lib,...}: with lib; let + group = if machine.isDarwin then (builtins.toString config.my.gid) else config.my.group; in { imports = [ (mkAliasOptionModule [ "synced" ] [ "services" "syncthing" "settings" "folders" ]) @@ -7,16 +7,16 @@ in { services.syncthing = { enable = machine.syncthing.enable; - user = ivi.username; + user = my.username; inherit group; - dataDir = config.ivi.home; + dataDir = config.my.home; overrideDevices = true; overrideFolders = true; key = config.secrets.syncthing.path; settings = let - allDevices = (filterAttrs (_: m: m.syncthing.id != "") ivi.machines); + allDevices = (filterAttrs (_: m: m.syncthing.id != "") machines); in { gui = { theme = "default"; @@ -43,17 +43,17 @@ in { allNames = attrNames allDevices; in { my = { - path = "${config.ivi.home}/sync/my"; + path = "${config.my.home}/sync/my"; devices = allNames; versioning = simple; }; pictures = { - path = "${config.ivi.home}/sync/pictures"; + path = "${config.my.home}/sync/pictures"; devices = allNames; versioning = trashcan; }; password-store = { - path = "${config.ivi.home}/sync/password-store"; + path = "${config.my.home}/sync/password-store"; devices = allNames; versioning = trashcan; }; diff --git a/profiles/email/mailsync.nix b/profiles/email/mailsync.nix index 8e81c89..42620d6 100644 --- a/profiles/email/mailsync.nix +++ b/profiles/email/mailsync.nix @@ -26,7 +26,7 @@ Service = { Type = "oneshot"; RemainAfterExit = "no"; - ExecSearchPath = "${config.ivi.home}/.local/bin:${config.hm.home.profileDirectory}/bin:/run/current-system/sw/bin"; + ExecSearchPath = "${config.my.home}/.local/bin:${config.hm.home.profileDirectory}/bin:/run/current-system/sw/bin"; ExecStart = "mailsync"; }; }; diff --git a/profiles/email/server.nix b/profiles/email/server.nix index 29996cd..f95828f 100644 --- a/profiles/email/server.nix +++ b/profiles/email/server.nix @@ -6,20 +6,20 @@ hm = { accounts.email = { accounts = { - ${ivi.username} = { - realName = "${ivi.realName}"; - userName = "${ivi.email}"; - address = "${ivi.email}"; + ${my.username} = { + realName = "${my.realName}"; + userName = "${my.email}"; + address = "${my.email}"; passwordCommand = ["${pkgs.pass}/bin/pass" "personal/mailserver"]; - imap = { host = "${ivi.domain}"; port = 993; tls = { enable = true; }; }; - smtp = { host = "${ivi.domain}"; port = 587; tls = { enable = true; useStartTls = true; }; }; + imap = { host = "${my.domain}"; port = 993; tls = { enable = true; }; }; + smtp = { host = "${my.domain}"; port = 587; tls = { enable = true; useStartTls = true; }; }; msmtp = { enable = true; }; neomutt = { enable = true; - sendMailCommand = "msmtp -a ${ivi.username}"; - mailboxName = "=== ${ivi.username} ==="; + sendMailCommand = "msmtp -a ${my.username}"; + mailboxName = "=== ${my.username} ==="; extraConfig = '' set spoolfile='Inbox' unvirtual-mailboxes * @@ -29,7 +29,7 @@ enable = true; create = "both"; remove = "both"; expunge = "both"; groups = { - ${ivi.username} = { + ${my.username} = { channels = { All = { patterns = ["*"]; extraConfig = { Create = "Both"; Expunge = "Both"; Remove = "Both"; }; }; }; @@ -41,12 +41,12 @@ neomutt = { enable = true; virtualMailboxes = [ - { name = "Inbox"; query = "folder:/${ivi.username}/ tag:inbox"; } - { name = "Sent"; query = "folder:/${ivi.username}/ tag:sent"; } - { name = "Archive"; query = "folder:/${ivi.username}/ tag:archive"; } - { name = "Drafts"; query = "folder:/${ivi.username}/ tag:drafts"; } - { name = "Junk"; query = "folder:/${ivi.username}/ tag:spam"; } - { name = "Trash"; query = "folder:/${ivi.username}/ tag:trash"; } + { name = "Inbox"; query = "folder:/${my.username}/ tag:inbox"; } + { name = "Sent"; query = "folder:/${my.username}/ tag:sent"; } + { name = "Archive"; query = "folder:/${my.username}/ tag:archive"; } + { name = "Drafts"; query = "folder:/${my.username}/ tag:drafts"; } + { name = "Junk"; query = "folder:/${my.username}/ tag:spam"; } + { name = "Trash"; query = "folder:/${my.username}/ tag:trash"; } ]; }; }; diff --git a/profiles/graphical/suckless.nix b/profiles/graphical/suckless.nix index b6bb011..061734d 100644 --- a/profiles/graphical/suckless.nix +++ b/profiles/graphical/suckless.nix @@ -1,6 +1,5 @@ { self, - config, pkgs, lib, machine, @@ -80,7 +79,6 @@ dmenu librewolf xclip - mpv maim ]; }; diff --git a/profiles/homeserver/acme.nix b/profiles/homeserver/acme.nix index 1880db2..e72e8fe 100644 --- a/profiles/homeserver/acme.nix +++ b/profiles/homeserver/acme.nix @@ -4,13 +4,13 @@ defaults = { extraLegoFlags = [ "--dns.disable-cp" ]; extraLegoRunFlags = ["--preferred-chain" "ISRG Root X1"]; - email = ivi.email; + email = my.email; dnsProvider = "porkbun"; environmentFile = config.secrets.porkbun.path; }; - certs."${ivi.domain}" = { + certs."${my.domain}" = { # NOTE(ivi): use dns wildcard certs for local services - domain = "*.${ivi.domain}"; + domain = "*.${my.domain}"; }; }; } diff --git a/profiles/homeserver/dns.nix b/profiles/homeserver/dns.nix index 917c8bb..21ccf7e 100644 --- a/profiles/homeserver/dns.nix +++ b/profiles/homeserver/dns.nix @@ -1,4 +1,4 @@ -{ config, machine, inputs, lib, ... }: with lib; let +{ config, machines, machine, inputs, lib, ... }: with lib; let dns = inputs.dns.lib; in { system.extraDependencies = collectFlakeInputs inputs.dns; @@ -20,12 +20,12 @@ ]; }; stub-zone = [ { - name = ivi.domain; + name = my.domain; stub-addr = "127.0.0.1@10053"; } ]; forward-zone = [ { - name = "_acme-challenge.${ivi.domain}"; + name = "_acme-challenge.${my.domain}"; forward-addr = config.services.resolved.fallbackDns; forward-tls-upstream = true; } @@ -45,15 +45,15 @@ zones = with dns.combinators; let here = { - A = map a ivi.machines.serber.ipv4; - AAAA = map a ivi.machines.serber.ipv6; + A = map a machines.serber.ipv4; + AAAA = map a machines.serber.ipv6; }; in { - ${ivi.domain}.data = dns.toString ivi.domain (here // { + ${my.domain}.data = dns.toString my.domain (here // { TTL = 60 * 60; SOA = { nameServer = "@"; - adminEmail = "dns@${ivi.domain}"; + adminEmail = "dns@${my.domain}"; serial = 0; }; NS = [ "@" ]; diff --git a/profiles/homeserver/nginx.nix b/profiles/homeserver/nginx.nix index f869d3b..22fd74e 100644 --- a/profiles/homeserver/nginx.nix +++ b/profiles/homeserver/nginx.nix @@ -4,8 +4,8 @@ type = types.attrsOf (types.submodule ({ name, ... }: { config = mkIf (name != "default") { forceSSL = mkDefault true; - sslCertificateKey = "/var/lib/acme/${ivi.domain}/key.pem"; - sslCertificate = "/var/lib/acme/${ivi.domain}/fullchain.pem"; + sslCertificateKey = "/var/lib/acme/${my.domain}/key.pem"; + sslCertificate = "/var/lib/acme/${my.domain}/fullchain.pem"; }; })); }; diff --git a/profiles/homeserver/radicale.nix b/profiles/homeserver/radicale.nix index f04a4a4..6f07245 100644 --- a/profiles/homeserver/radicale.nix +++ b/profiles/homeserver/radicale.nix @@ -1,6 +1,6 @@ { lib, ... }: with lib; { services.nginx = { - virtualHosts."cal.${ivi.domain}" = { + virtualHosts."cal.${my.domain}" = { locations."/" = { proxyPass = "http://127.0.0.1:5232"; }; diff --git a/profiles/homeserver/transmission.nix b/profiles/homeserver/transmission.nix index 8b7b4fa..d871e96 100644 --- a/profiles/homeserver/transmission.nix +++ b/profiles/homeserver/transmission.nix @@ -1,53 +1,83 @@ -{ config, lib, pkgs, ... }: with lib; { +{ config, lib, ... }: with lib; { virtualisation.docker.rootless = { enable = true; setSocketVariable = true; }; users.groups.multimedia = { }; - users.users.${ivi.username}.extraGroups = [ "multimedia" ]; + users.users.${my.username}.extraGroups = [ "multimedia" ]; systemd.tmpfiles.rules = [ "d /data 0770 - multimedia - -" ]; - nixpkgs.config.allowUnfreePredicate = pkg: - builtins.elem (lib.getName pkg) [ - "plexmediaserver" - ]; - - environment.systemPackages = [ - pkgs.jellyfin-ffmpeg - ]; - services.nginx = { virtualHosts = { - "sonarr.${ivi.domain}" = { locations."/" = { proxyPass = "http://127.0.0.1:8989"; }; }; - "radarr.${ivi.domain}" = { locations."/" = { proxyPass = "http://127.0.0.1:7878"; }; }; - "bazarr.${ivi.domain}" = { locations."/" = { proxyPass = "http://127.0.0.1:${toString config.services.bazarr.listenPort}"; }; }; - "readarr.${ivi.domain}" = { locations."/" = { proxyPass = "http://127.0.0.1:8787"; }; }; - "prowlarr.${ivi.domain}" = { locations."/" = { proxyPass = "http://127.0.0.1:9696"; }; }; - "transmission.${ivi.domain}" = { locations."/" = { proxyPass = "http://127.0.0.1:9091"; }; }; - "jellyfin.${ivi.domain}" = { locations."/" = { proxyPass = "http://127.0.0.1:8096"; }; }; + "sonarr.${my.domain}" = { locations."/" = { proxyPass = "http://127.0.0.1:8989"; }; }; + "radarr.${my.domain}" = { locations."/" = { proxyPass = "http://127.0.0.1:7878"; }; }; + "bazarr.${my.domain}" = { locations."/" = { proxyPass = "http://127.0.0.1:${toString config.services.bazarr.listenPort}"; }; }; + # "readarr.${my.domain}" = { locations."/" = { proxyPass = "http://127.0.0.1:8787"; }; }; + "prowlarr.${my.domain}" = { locations."/" = { proxyPass = "http://127.0.0.1:9696"; }; }; + "transmission.${my.domain}" = { locations."/" = { proxyPass = "http://127.0.0.1:9091"; }; }; + "jellyfin.${my.domain}" = { locations."/" = { proxyPass = "http://127.0.0.1:8096"; }; }; }; }; - services = { - jellyfin = { enable = true; group = "multimedia"; }; - sonarr = { enable = true; group = "multimedia"; }; - radarr = { enable = true; group = "multimedia"; }; - bazarr = { enable = true; group = "multimedia"; }; - readarr = { enable = true; group = "multimedia"; }; - prowlarr = { enable = true; }; - }; + # services = { + # jellyfin = { enable = true; group = "multimedia"; }; + # sonarr = { enable = true; group = "multimedia"; }; + # radarr = { enable = true; group = "multimedia"; }; + # bazarr = { enable = true; group = "multimedia"; }; + # readarr = { enable = true; group = "multimedia"; }; + # prowlarr = { enable = true; }; + # }; virtualisation.oci-containers = { backend = "docker"; containers = { + prowlarr = { + image = "linuxserver/prowlarr"; + extraOptions = ["--net=host"]; + volumes = [ + "/data/config/prowlarr/data:/config" + ]; + }; + bazarr = { + image = "linuxserver/bazarr"; + extraOptions = ["--net=host"]; + volumes = [ + "/data/media:/data" + "/data/config/prowlarr/data:/config" + ]; + }; + radarr = { + image = "linuxserver/radarr"; + extraOptions = ["--net=host"]; + volumes = [ + "/data/media:/data" + "/data/config/radarr/data:/config" + ]; + }; + sonarr = { + image = "linuxserver/sonarr"; + extraOptions = ["--net=host"]; + volumes = [ + "/data/media:/data" + "/data/config/sonarr/data:/config" + ]; + }; + jellyfin = { + image = "jellyfin/jellyfin"; + extraOptions = ["--net=host"]; + volumes = [ + "/data/config/jellyfin/config:/config" + "/data/config/jellyfin/cache:/config" + ]; + }; transmission = { image = "haugene/transmission-openvpn"; extraOptions = ["--cap-add=NET_ADMIN"]; volumes = [ - "/config/ovpn:/etc/openvpn/custom" - "/config/transmission:/config" + "/data/config/ovpn:/etc/openvpn/custom" + "/data/config/transmission:/config" "/data/torrents:/data/torrents" ]; ports = [ @@ -59,13 +89,6 @@ config.secrets.transmission.path ]; }; - # ytdl-sub = { - # image = "ghcr.io/jmbannon/ytdl-sub:latest"; - # environment = { - # TZ=""; - # DOCKER_MODS="linuxserver/mods:universal-cron"; - # }; - # }; }; }; } diff --git a/profiles/netboot/system.nix b/profiles/netboot/system.nix new file mode 100644 index 0000000..528b547 --- /dev/null +++ b/profiles/netboot/system.nix @@ -0,0 +1,20 @@ +sys: { pkgs, lib, ... }: let + run-pixiecore = let + build = sys.config.system.build; + in pkgs.writeShellApplication { + name = "run-pixiecore"; + text = '' + exec ${pkgs.pixiecore}/bin/pixiecore \ + boot ${build.kernel}/bzImage ${build.netbootRamdisk}/initrd \ + --cmdline "init=${build.toplevel}/init loglevel=4" \ + --debug --dhcp-no-bind \ + --port 64172 --status-port 64172 "$@" + ''; + }; +in { + networking.firewall.allowedUDPPorts = [ 67 69 4011 ]; + networking.firewall.allowedTCPPorts = [ 64172 ]; + environment.systemPackages = [ + run-pixiecore + ]; +} diff --git a/profiles/server/acme.nix b/profiles/server/acme.nix index 25303a6..a9fc594 100644 --- a/profiles/server/acme.nix +++ b/profiles/server/acme.nix @@ -3,7 +3,7 @@ acceptTerms = true; defaults = { extraLegoRunFlags = ["--preferred-chain" "ISRG Root X1"]; - email = ivi.email; + email = my.email; dnsProvider = "porkbun"; credentialsFile = config.secrets.porkbun.path; }; diff --git a/profiles/server/mail.nix b/profiles/server/mail.nix index 291e764..7bf0a88 100644 --- a/profiles/server/mail.nix +++ b/profiles/server/mail.nix @@ -11,12 +11,12 @@ enableSubmissionSsl = true; # TODO: configurate a local dns server? - fqdn = ivi.domain; - domains = [ ivi.domain ]; + fqdn = my.domain; + domains = [ my.domain ]; loginAccounts = { - ${ivi.email} = { - hashedPasswordFile = config.secrets.ivi.path; - aliases = [ "@${ivi.domain}" ]; + ${my.email} = { + hashedPasswordFile = config.secrets.my.path; + aliases = [ "@${my.domain}" ]; }; }; certificateScheme = "acme"; diff --git a/profiles/server/nginx.nix b/profiles/server/nginx.nix index d497833..dbabebd 100644 --- a/profiles/server/nginx.nix +++ b/profiles/server/nginx.nix @@ -17,7 +17,7 @@ recommendedGzipSettings = true; recommendedOptimisation = true; - virtualHosts."${ivi.domain}" = { + virtualHosts."${my.domain}" = { }; }; networking.firewall.allowedTCPPorts = [ 80 443 ]; diff --git a/profiles/station/caldav.nix b/profiles/station/caldav.nix index dc157c4..98674e4 100644 --- a/profiles/station/caldav.nix +++ b/profiles/station/caldav.nix @@ -25,7 +25,7 @@ }; remote = { type = "caldav"; - url = "https://cal.${ivi.domain}"; + url = "https://cal.${my.domain}"; userName = "mike"; passwordCommand = ["echo" "''"]; }; @@ -50,7 +50,7 @@ }; remote = { type = "carddav"; - url = "https://cal.${ivi.domain}"; + url = "https://cal.${my.domain}"; userName = "mike"; passwordCommand = ["echo" "''"]; }; diff --git a/profiles/station/music.nix b/profiles/station/music.nix index d991e5c..fbb316a 100644 --- a/profiles/station/music.nix +++ b/profiles/station/music.nix @@ -8,7 +8,7 @@ with lib; mkIf (!machine.isDarwin) { # TODO: what about secrets on nix-darwin... - # secrets.mopidy.owner = lib.ivi.username; + # secrets.mopidy.owner = lib.my.username; hm.home.packages = [pkgs.mpc-cli]; hm.services.mopidy = { enable = true; @@ -30,7 +30,7 @@ with lib; config.secrets.mopidy.path ]; }; - secrets.mopidy.owner = ivi.username; + secrets.mopidy.owner = my.username; hm.programs.ncmpcpp = { enable = true; diff --git a/profiles/station/suckless.nix b/profiles/station/suckless.nix deleted file mode 100644 index 5d1b8c0..0000000 --- a/profiles/station/suckless.nix +++ /dev/null @@ -1,81 +0,0 @@ -{ - self, - config, - pkgs, - lib, - machine, - ... -}: with lib; mkIf (!machine.isDarwin) { - nixpkgs.overlays = [(import (self + "/overlays/suckless.nix") {inherit pkgs; home = config.ivi.home;})]; - hm = { - xsession = { - enable = true; - initExtra = '' - ${pkgs.xorg.xset}/bin/xset r rate 230 30 - [ -z "$(lsusb | grep microdox)" ] && ${pkgs.xorg.setxkbmap}/bin/setxkbmap -option "ctrl:swapcaps" - wal -R - dwm - ''; - }; - services.picom = { - enable = true; - activeOpacity = 0.99; - inactiveOpacity = 0.7; - opacityRules = [ - "100:class_g = 'Wfica'" - "100:class_g = 'dwm'" - "100:class_g = 'Zathura'" - "100:name *= 'Firefox'" - "100:name *= 'mpv'" - "100:name *= 'LibreWolf'" - "100:name *= 'Steam'" - "100:name *= 'Risk of Rain'" - "100:name *= 'KVM'" - ]; - settings = { - inactive-opacity-override = false; - frame-opacity = 1; - }; - }; - services.dunst = { - enable = true; - settings = { - global = { - monitor = 0; - follow = "keyboard"; - width = 370; - height = 350; - offset = "0x19"; - padding = 2; - horizontal_padding = 2; - transparency = 0; - font = "Monospace 12"; - format = "<b>%s</b>\\n%b"; - }; - urgency_low = { - background = "#1d2021"; - foreground = "#928374"; - timeout = 3; - }; - urgency_normal = { - foreground = "#ebdbb2"; - background = "#458588"; - timeout = 5; - }; - urgency_critical = { - background = "#1cc24d"; - foreground = "#ebdbb2"; - frame_color = "#fabd2f"; - timeout = 10; - }; - }; - }; - home.packages = with pkgs; [ - libnotify - sxiv - st - dwm - dwmblocks - ]; - }; -} diff --git a/profiles/station/virtualisation.nix b/profiles/station/virtualisation.nix index 5646562..440dc6e 100644 --- a/profiles/station/virtualisation.nix +++ b/profiles/station/virtualisation.nix @@ -10,5 +10,5 @@ uris = ["qemu:///system"]; }; }; - ivi.extraGroups = [ "libvirtd" ]; + my.extraGroups = [ "libvirtd" ]; } |