diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml deleted file mode 100644 index a3d9f58..0000000 --- a/.github/workflows/main.yml +++ /dev/null @@ -1,24 +0,0 @@ -name: "Flake.lock: update Nix dependencies" - -on: - workflow_dispatch: # allows manual triggering - schedule: - - cron: '0 16 * * *' # runs weekly on Sunday at 00:00 - -jobs: - nix-flake-update: - permissions: - contents: write - id-token: write - issues: write - pull-requests: write - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - uses: DeterminateSystems/determinate-nix-action@v3 - - uses: DeterminateSystems/update-flake-lock@main - with: - pr-title: "Update Nix flake inputs" - pr-labels: | - dependencies - automated diff --git a/flake.lock b/flake.lock index 358544d..ca5d548 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1770165109, - "narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=", + "lastModified": 1754433428, + "narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=", "owner": "ryantm", "repo": "agenix", - "rev": "b027ee29d959fda4b60b57566d64c98a202e0feb", + "rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d", "type": "github" }, "original": { @@ -29,11 +29,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1772965444, - "narHash": "sha256-VjcI4CozsowxGkZBzxQ6LYe49e9T1qfT1BzNrnc96y0=", + "lastModified": 1758493304, + "narHash": "sha256-A1xuSrELZIZhoKejIME0yemc9KlxZp/tKNxrF4LHrcw=", "owner": "9001", "repo": "copyparty", - "rev": "981a7cd9dda0acedbc7f53b2c44adb241c38cb84", + "rev": "1923a258797285ac75487d3d53665063a5bd67df", "type": "github" }, "original": { @@ -64,62 +64,7 @@ "type": "github" } }, - "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1767039857, - "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", - "owner": "NixOS", - "repo": "flake-compat", - "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "flake-compat", - "type": "github" - } - }, "flake-parts": { - "inputs": { - "nixpkgs-lib": [ - "nix-citizen", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1772408722, - "narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_2": { - "inputs": { - "nixpkgs-lib": "nixpkgs-lib" - }, - "locked": { - "lastModified": 1772408722, - "narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_3": { "inputs": { "nixpkgs-lib": [ "nixvim", @@ -127,32 +72,11 @@ ] }, "locked": { - "lastModified": 1769996383, - "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", + "lastModified": 1756770412, + "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_4": { - "inputs": { - "nixpkgs-lib": [ - "nur", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1733312601, - "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", + "rev": "4524271976b625a4a605beefd893f270620fd751", "type": "github" }, "original": { @@ -176,48 +100,21 @@ "type": "github" } }, - "git-hooks": { + "flake-utils_2": { "inputs": { - "flake-compat": "flake-compat", - "gitignore": "gitignore", - "nixpkgs": [ - "nix-gaming", - "nixpkgs" - ] + "systems": "systems_2" }, "locked": { - "lastModified": 1772893680, - "narHash": "sha256-JDqZMgxUTCq85ObSaFw0HhE+lvdOre1lx9iI6vYyOEs=", - "owner": "cachix", - "repo": "git-hooks.nix", - "rev": "8baab586afc9c9b57645a734c820e4ac0a604af9", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { - "owner": "cachix", - "repo": "git-hooks.nix", - "type": "github" - } - }, - "gitignore": { - "inputs": { - "nixpkgs": [ - "nix-gaming", - "git-hooks", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1709087332, - "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", - "owner": "hercules-ci", - "repo": "gitignore.nix", - "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "gitignore.nix", + "owner": "numtide", + "repo": "flake-utils", "type": "github" } }, @@ -249,11 +146,11 @@ ] }, "locked": { - "lastModified": 1772985285, - "narHash": "sha256-wEEmvfqJcl9J0wyMgMrj1TixOgInBW/6tLPhWGoZE3s=", + "lastModified": 1758464306, + "narHash": "sha256-i56XRXqjwJRdVYmpzVUQ0ktqBBHqNzQHQMQvFRF/acQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "5be5d8245cbc7bc0c09fbb5f38f23f223c543f85", + "rev": "939e91e1cff1f99736c5b02529658218ed819a2a", "type": "github" }, "original": { @@ -262,69 +159,52 @@ "type": "github" } }, - "nix-citizen": { - "inputs": { - "flake-parts": "flake-parts", - "nix-gaming": [ - "nix-gaming" - ], - "nix-github-actions": "nix-github-actions", - "nixpkgs": "nixpkgs_2", - "systems": "systems_2", - "treefmt-nix": "treefmt-nix" - }, - "locked": { - "lastModified": 1772840927, - "narHash": "sha256-WdIuEJpH7eUP3ya8laJAYf71WilE4x7xetgMferL5Ko=", - "owner": "LovingMelody", - "repo": "nix-citizen", - "rev": "73c8d04ba69fb0bb5c4521c4b91a930a0ce283a5", - "type": "github" - }, - "original": { - "owner": "LovingMelody", - "repo": "nix-citizen", - "type": "github" - } - }, - "nix-gaming": { - "inputs": { - "flake-parts": "flake-parts_2", - "git-hooks": "git-hooks", - "nixpkgs": "nixpkgs_3" - }, - "locked": { - "lastModified": 1772937574, - "narHash": "sha256-Yw1tP/ASebNYuW2GcYDTgWf2Mg9qcUYo6MTagXyeFCs=", - "owner": "fufexan", - "repo": "nix-gaming", - "rev": "d2b0b283deb24cdbb2750e658fa7001fee5ad586", - "type": "github" - }, - "original": { - "owner": "fufexan", - "repo": "nix-gaming", - "type": "github" - } - }, - "nix-github-actions": { + "home-manager_3": { "inputs": { "nixpkgs": [ - "nix-citizen", + "zen-browser", "nixpkgs" ] }, "locked": { - "lastModified": 1737420293, - "narHash": "sha256-F1G5ifvqTpJq7fdkT34e/Jy9VCyzd5XfJ9TO8fHhJWE=", + "lastModified": 1752603129, + "narHash": "sha256-S+wmHhwNQ5Ru689L2Gu8n1OD6s9eU9n9mD827JNR+kw=", "owner": "nix-community", - "repo": "nix-github-actions", - "rev": "f4158fa080ef4503c8f4c820967d946c2af31ec9", + "repo": "home-manager", + "rev": "e8c19a3cec2814c754f031ab3ae7316b64da085b", "type": "github" }, "original": { "owner": "nix-community", - "repo": "nix-github-actions", + "repo": "home-manager", + "type": "github" + } + }, + "ixx": { + "inputs": { + "flake-utils": [ + "nixvim", + "nuschtosSearch", + "flake-utils" + ], + "nixpkgs": [ + "nixvim", + "nuschtosSearch", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1754860581, + "narHash": "sha256-EM0IE63OHxXCOpDHXaTyHIOk2cNvMCGPqLt/IdtVxgk=", + "owner": "NuschtOS", + "repo": "ixx", + "rev": "babfe85a876162c4acc9ab6fb4483df88fa1f281", + "type": "github" + }, + "original": { + "owner": "NuschtOS", + "ref": "v0.1.1", + "repo": "ixx", "type": "github" } }, @@ -343,60 +223,13 @@ "type": "indirect" } }, - "nixpkgs-lib": { - "locked": { - "lastModified": 1772328832, - "narHash": "sha256-e+/T/pmEkLP6BHhYjx6GmwP5ivonQQn0bJdH9YrRB+Q=", - "owner": "nix-community", - "repo": "nixpkgs.lib", - "rev": "c185c7a5e5dd8f9add5b2f8ebeff00888b070742", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixpkgs.lib", - "type": "github" - } - }, "nixpkgs_2": { "locked": { - "lastModified": 1772624091, - "narHash": "sha256-QKyJ0QGWBn6r0invrMAK8dmJoBYWoOWy7lN+UHzW1jc=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "80bdc1e5ce51f56b19791b52b2901187931f5353", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { - "locked": { - "lastModified": 1772736753, - "narHash": "sha256-au/m3+EuBLoSzWUCb64a/MZq6QUtOV8oC0D9tY2scPQ=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "917fec990948658ef1ccd07cef2a1ef060786846", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_4": { - "locked": { - "lastModified": 1772773019, - "narHash": "sha256-E1bxHxNKfDoQUuvriG71+f+s/NT0qWkImXsYZNFFfCs=", + "lastModified": 1758277210, + "narHash": "sha256-iCGWf/LTy+aY0zFu8q12lK8KuZp7yvdhStehhyX1v8w=", "owner": "nixos", "repo": "nixpkgs", - "rev": "aca4d95fce4914b3892661bcb80b8087293536c6", + "rev": "8eaee110344796db060382e15d3af0a9fc396e0e", "type": "github" }, "original": { @@ -408,18 +241,19 @@ }, "nixvim": { "inputs": { - "flake-parts": "flake-parts_3", + "flake-parts": "flake-parts", "nixpkgs": [ "nixpkgs" ], + "nuschtosSearch": "nuschtosSearch", "systems": "systems_3" }, "locked": { - "lastModified": 1772402258, - "narHash": "sha256-3DmCFOdmbkFML1/G9gj8Wb+rCCZFPOQtNoMCpqOF8SA=", + "lastModified": 1758459270, + "narHash": "sha256-r2VA33WYfxDJyWmJeo0TmPPrk9yGS9WWb/kld0e7X+I=", "owner": "nix-community", "repo": "nixvim", - "rev": "21ae25e13b01d3b4cdc750b5f9e7bad68b150c10", + "rev": "92ba37a3e8c25d470f9affe8d5f36f2cfb21e5dd", "type": "github" }, "original": { @@ -428,24 +262,26 @@ "type": "github" } }, - "nur": { + "nuschtosSearch": { "inputs": { - "flake-parts": "flake-parts_4", + "flake-utils": "flake-utils_2", + "ixx": "ixx", "nixpkgs": [ + "nixvim", "nixpkgs" ] }, "locked": { - "lastModified": 1772985100, - "narHash": "sha256-EXFbJvUZrElVq839MnMgJEDnyXWn84Zx+MiHcZiCQmg=", - "owner": "nix-community", - "repo": "NUR", - "rev": "407db2f6f4ba94992815f872ffce9a9d99ccc13c", + "lastModified": 1758272005, + "narHash": "sha256-1u3xTH+3kaHhztPmWtLAD8LF5pTYLR2CpsPFWTFnVtQ=", + "owner": "NuschtOS", + "repo": "search", + "rev": "aa975a3757f28ce862812466c5848787b868e116", "type": "github" }, "original": { - "owner": "nix-community", - "repo": "NUR", + "owner": "NuschtOS", + "repo": "search", "type": "github" } }, @@ -454,11 +290,9 @@ "agenix": "agenix", "copyparty": "copyparty", "home-manager": "home-manager_2", - "nix-citizen": "nix-citizen", - "nix-gaming": "nix-gaming", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_2", "nixvim": "nixvim", - "nur": "nur" + "zen-browser": "zen-browser" } }, "systems": { @@ -506,24 +340,24 @@ "type": "github" } }, - "treefmt-nix": { + "zen-browser": { "inputs": { + "home-manager": "home-manager_3", "nixpkgs": [ - "nix-citizen", "nixpkgs" ] }, "locked": { - "lastModified": 1772660329, - "narHash": "sha256-IjU1FxYqm+VDe5qIOxoW+pISBlGvVApRjiw/Y/ttJzY=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "3710e0e1218041bbad640352a0440114b1e10428", + "lastModified": 1759353433, + "narHash": "sha256-g3+737nvjYu3WrxLOiW6Wwtu4Ncdsy1KW9AGSTfzGOM=", + "owner": "0xc000022070", + "repo": "zen-browser-flake", + "rev": "480746c469a2e14551c73940bd096aa9a9cc7cbd", "type": "github" }, "original": { - "owner": "numtide", - "repo": "treefmt-nix", + "owner": "0xc000022070", + "repo": "zen-browser-flake", "type": "github" } } diff --git a/flake.nix b/flake.nix index 4ce9e45..fe19135 100644 --- a/flake.nix +++ b/flake.nix @@ -12,36 +12,24 @@ url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; }; - nix-citizen = { - url = "github:LovingMelody/nix-citizen"; - inputs.nix-gaming.follows = "nix-gaming"; - }; - nix-gaming.url = "github:fufexan/nix-gaming"; nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixvim = { url = "github:nix-community/nixvim"; inputs.nixpkgs.follows = "nixpkgs"; }; - nur = { - url = "github:nix-community/NUR"; + zen-browser = { + url = "github:0xc000022070/zen-browser-flake"; inputs.nixpkgs.follows = "nixpkgs"; }; - # zen-browser = { - # url = "github:0xc000022070/zen-browser-flake"; - # inputs.nixpkgs.follows = "nixpkgs"; - # }; # keep-sorted end }; outputs = { - # keep-sorted start - agenix, - home-manager, nixpkgs, - nur, - # zen-browser, - # keep-sorted end + home-manager, + agenix, + zen-browser, ... }@inputs: let @@ -51,30 +39,21 @@ userName ? "will", system ? "x86_64-linux", }: - let - util = import ./util.nix; - in nixpkgs.lib.nixosSystem { modules = [ ./hosts/${hostName}/configuration.nix - nur.modules.nixos.default home-manager.nixosModules.home-manager { home-manager = { users.${userName}.imports = [ ./hosts/${hostName}/home.nix agenix.homeManagerModules.default - # zen-browser.homeModules.twilight + zen-browser.homeModules.twilight ]; backupFileExtension = "backup"; extraSpecialArgs = { - inherit - inputs - hostName - userName - system - util - ; + inherit userName; + inherit hostName; }; useGlobalPkgs = true; useUserPackages = true; @@ -82,13 +61,10 @@ } ]; specialArgs = { - inherit - inputs - hostName - userName - system - util - ; + inherit inputs; + inherit hostName; + inherit userName; + inherit system; }; inherit system; }; diff --git a/hosts/desktop/configuration.nix b/hosts/desktop/configuration.nix index 2ae8322..dc40017 100644 --- a/hosts/desktop/configuration.nix +++ b/hosts/desktop/configuration.nix @@ -1,34 +1,25 @@ { - # keep-sorted start userName, - util, - # keep-sorted end ... }: { imports = [ - # keep-sorted start ../../modules/nixos/default.nix ./hardware-configuration.nix - # keep-sorted end - ] - ++ (util.toImports ../../modules/nixos/features [ - # keep-sorted start - "amd-gpu" - "external-speakers" - "gaming" - "link2c" - "plasma" - "star-citizen" - # keep-sorted end - ]) - ++ (util.toImports ../../modules/nixos/bundles [ - # keep-sorted start - "desktop" - "dev" - "gui" - # keep-sorted end - ]); + ]; + + # reusable modules + + # keep-sorted start + amd-gpu.enable = true; + desktop.enable = true; + dev.enable = true; + external-speakers.enable = true; + gaming.enable = true; + link2c.enable = true; + plasma.enable = true; + # keep-sorted end + # config boot.initrd.luks.devices."luks-b164af31-c1c3-4b4e-83c8-eb39802c2027".device = "/dev/disk/by-uuid/b164af31-c1c3-4b4e-83c8-eb39802c2027"; @@ -39,6 +30,8 @@ system.stateVersion = "24.11"; + i18n.extraLocaleSettings.LC_ALL = "en_AU.UTF-8"; + users.users.${userName} = { extraGroups = [ # keep-sorted start diff --git a/hosts/desktop/home.nix b/hosts/desktop/home.nix index b745929..975855a 100644 --- a/hosts/desktop/home.nix +++ b/hosts/desktop/home.nix @@ -1,21 +1,18 @@ { - # keep-sorted start userName, - util, - # keep-sorted end ... }: { - imports = [ - ../../modules/home-manager/default.nix - ] - ++ (util.toImports ../../modules/home-manager/bundles [ - # keep-sorted start - "desktop" - "dev" - "gui" - # keep-sorted end - ]); + imports = [ ../../modules/home-manager/default.nix ]; + + # reusable modules + + # keep-sorted start + desktop.enable = true; + dev.enable = true; + # keep-sorted end + + # config age.secrets."protonmail-desktop-password".file = ../../secrets/protonmail-desktop-password.age; diff --git a/hosts/laptop/configuration.nix b/hosts/laptop/configuration.nix index 7788ef5..3247261 100644 --- a/hosts/laptop/configuration.nix +++ b/hosts/laptop/configuration.nix @@ -1,35 +1,31 @@ { - # keep-sorted start userName, - util, - # keep-sorted end ... }: { imports = [ - # keep-sorted start ../../modules/nixos/default.nix ./hardware-configuration.nix - # keep-sorted end - ] - ++ (util.toImports ../../modules/nixos/features [ - # keep-sorted start - "amd-gpu" - "gnome" - "tlp" - # keep-sorted end - ]) - ++ (util.toImports ../../modules/nixos/bundles [ - # keep-sorted start - "desktop" - "dev" - "gui" - # keep-sorted end - ]); + ]; - boot.initrd.luks.devices."luks-c2f5123c-0be0-4357-b383-b3f422e99a34".device = "/dev/disk/by-uuid/c2f5123c-0be0-4357-b383-b3f422e99a34"; + # reusable modules - system.stateVersion = "25.05"; + # keep-sorted start + amd-gpu.enable = true; + desktop.enable = true; + dev.enable = true; + gnome.enable = true; + tlp.enable = true; + # keep-sorted end + + # config + + boot.initrd.luks.devices."luks-a7726a9d-535f-44bc-9c0e-adc501fad371".device = + "/dev/disk/by-uuid/a7726a9d-535f-44bc-9c0e-adc501fad371"; + + system.stateVersion = "24.11"; + + i18n.extraLocaleSettings.LC_ALL = "en_AU.UTF-8"; users.users.${userName} = { extraGroups = [ diff --git a/hosts/laptop/hardware-configuration.nix b/hosts/laptop/hardware-configuration.nix index 9530183..359872d 100644 --- a/hosts/laptop/hardware-configuration.nix +++ b/hosts/laptop/hardware-configuration.nix @@ -14,20 +14,20 @@ boot.extraModulePackages = [ ]; fileSystems."/" = - { device = "/dev/disk/by-uuid/a240787a-6cc8-4c03-8a01-742adf305b1e"; + { device = "/dev/disk/by-uuid/b772799b-5434-4d5e-b0f9-ab425e36b9a1"; fsType = "ext4"; }; - boot.initrd.luks.devices."luks-f7d7a54f-d217-4260-8754-3cac7022e7d5".device = "/dev/disk/by-uuid/f7d7a54f-d217-4260-8754-3cac7022e7d5"; + boot.initrd.luks.devices."luks-de6f14d8-8c7e-4e77-bfe5-264a39ef0bea".device = "/dev/disk/by-uuid/de6f14d8-8c7e-4e77-bfe5-264a39ef0bea"; fileSystems."/boot" = - { device = "/dev/disk/by-uuid/B3C9-7C0A"; + { device = "/dev/disk/by-uuid/3730-5237"; fsType = "vfat"; options = [ "fmask=0077" "dmask=0077" ]; }; swapDevices = - [ { device = "/dev/disk/by-uuid/b07c858a-2bd7-4b9a-aec3-3f9593c461c9"; } + [ { device = "/dev/disk/by-uuid/081de704-5e9a-4e6d-ae8d-df492d0f662c"; } ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking diff --git a/hosts/laptop/home.nix b/hosts/laptop/home.nix index 1de2aff..50f5ec5 100644 --- a/hosts/laptop/home.nix +++ b/hosts/laptop/home.nix @@ -1,21 +1,18 @@ { - # keep-sorted start userName, - util, - # keep-sorted end ... }: { - imports = [ - ../../modules/home-manager/default.nix - ] - ++ (util.toImports ../../modules/home-manager/bundles [ - # keep-sorted start - "desktop" - "dev" - "gui" - # keep-sorted end - ]); + imports = [ ../../modules/home-manager/default.nix ]; + + # reusable modules + + # keep-sorted start + desktop.enable = true; + dev.enable = true; + # keep-sorted end + + # config age.secrets."protonmail-laptop-password".file = ../../secrets/protonmail-laptop-password.age; diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix index 9593963..98ffeda 100644 --- a/hosts/server/configuration.nix +++ b/hosts/server/configuration.nix @@ -1,61 +1,27 @@ { - # keep-sorted start hostName, userName, - util, - # keep-sorted end ... }: { imports = [ - # keep-sorted start ../../modules/nixos/default.nix ./hardware-configuration.nix - # keep-sorted end - ] - ++ (util.toImports ../../modules/nixos/features [ - # keep-sorted start - "borgbackup" - "intel-gpu" - # keep-sorted end - ]) - ++ (util.toImports ../../modules/nixos/bundles [ - "server" - ]); + ]; - # external drive - services.udisks2.enable = true; - fileSystems."/mnt/external" = { - device = "/dev/disk/by-uuid/d3b3d7dc-d634-4327-9ea2-9d8daa4ecf4e"; - fsType = "ext4"; - options = [ - "nofail" - ]; - }; + # reusable modules - networking = { - hostName = "${hostName}"; - firewall.interfaces."enp2s0".allowedTCPPorts = [ - 80 - 443 - ]; - }; + # keep-sorted start + borgmatic.enable = true; + intel-gpu.enable = true; + server.enable = true; + # keep-sorted end - # hardened openssh - services.openssh = { - allowSFTP = false; - extraConfig = '' - AllowTcpForwarding yes - X11Forwarding no - AllowAgentForwarding no - AllowStreamLocalForwarding no - AuthenticationMethods publickey - ''; - settings = { - KbdInteractiveAuthentication = false; - PasswordAuthentication = false; - }; - }; + # config + + networking.hostName = "${hostName}"; + + services.openssh.enable = true; system.stateVersion = "24.11"; diff --git a/hosts/server/home.nix b/hosts/server/home.nix index f233ffe..605d749 100644 --- a/hosts/server/home.nix +++ b/hosts/server/home.nix @@ -3,9 +3,7 @@ ... }: { - imports = [ - ../../modules/home-manager/default.nix - ]; + imports = [ ../../modules/home-manager/default.nix ]; home = { username = "${userName}"; diff --git a/modules/home-manager/bundles/desktop.nix b/modules/home-manager/bundles/desktop.nix index 9287ba2..6b2c63e 100644 --- a/modules/home-manager/bundles/desktop.nix +++ b/modules/home-manager/bundles/desktop.nix @@ -1,13 +1,24 @@ { - util, + config, + lib, ... }: +let + feature = "desktop"; +in { - imports = util.toImports ../features [ + config = lib.mkIf config.${feature}.enable { # keep-sorted start - "aerc" - "mail" - "zellij" + aerc.enable = true; + kitty.enable = true; + mail.enable = true; + obsidian.enable = true; + zellij.enable = true; + zen-browser.enable = true; # keep-sorted end - ]; + }; + + imports = [ ]; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/home-manager/bundles/dev.nix b/modules/home-manager/bundles/dev.nix index 8b0003b..bb6638a 100644 --- a/modules/home-manager/bundles/dev.nix +++ b/modules/home-manager/bundles/dev.nix @@ -1,11 +1,19 @@ { - util, + config, + lib, ... }: +let + feature = "dev"; +in { - imports = util.toImports ../features [ + config = lib.mkIf config.${feature}.enable { # keep-sorted start - "direnv" + zed-editor.enable = lib.mkDefault true; # keep-sorted end - ]; + }; + + imports = [ ]; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/home-manager/bundles/gui.nix b/modules/home-manager/bundles/gui.nix deleted file mode 100644 index 0d4ec42..0000000 --- a/modules/home-manager/bundles/gui.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ - util, - ... -}: -{ - imports = util.toImports ../features [ - # keep-sorted start - "alacritty" - "librewolf" - "obsidian" - # "zen-browser" - # keep-sorted end - ]; -} diff --git a/modules/home-manager/default.nix b/modules/home-manager/default.nix index eed9e76..a43c364 100644 --- a/modules/home-manager/default.nix +++ b/modules/home-manager/default.nix @@ -1,23 +1,22 @@ +{ lib, ... }: +let + featureBundler = + featuresDir: + map (name: featuresDir + "/${name}") (builtins.attrNames (builtins.readDir featuresDir)); +in { - util, - ... -}: -{ - imports = util.toImports ./features [ - # keep-sorted start - "agenix" - "bash" - "bat" - "bottom" - "delta" - "eza" - "fd" - "git" - "lazygit" - "shell-aliases" - "starship" - "yazi" - "zoxide" - # keep-sorted end - ]; + imports = (featureBundler ./bundles) ++ (featureBundler ./features); + + # keep-sorted start + agenix.enable = lib.mkDefault true; + bat.enable = lib.mkDefault true; + direnv.enable = lib.mkDefault true; + eza.enable = lib.mkDefault true; + fish.enable = lib.mkDefault true; + gh.enable = lib.mkDefault true; + git.enable = lib.mkDefault true; + starship.enable = lib.mkDefault true; + yazi.enable = lib.mkDefault true; + zoxide.enable = lib.mkDefault true; + # keep-sorted end } diff --git a/modules/home-manager/features/aerc.nix b/modules/home-manager/features/aerc.nix index 8b114ff..94559dc 100644 --- a/modules/home-manager/features/aerc.nix +++ b/modules/home-manager/features/aerc.nix @@ -1,181 +1,67 @@ { - accounts.email.accounts.personal.aerc.enable = true; - programs.aerc = { - enable = true; - extraAccounts.personal = { - default = "INBOX"; - folders-sort = "INBOX, Starred, Drafts, Sent, Trash, Archive, Spam"; - }; - extraConfig = { - general.unsafe-accounts-conf = true; - filters = { - "text/plain" = "colorize"; - "text/calendar" = "calendar | colorize"; - "text/html" = "html | colorize"; + config, + lib, + ... +}: +let + feature = "aerc"; +in +{ + config = lib.mkIf config.${feature}.enable { + accounts.email.accounts.personal.aerc.enable = true; + programs.aerc = { + enable = true; + extraAccounts.personal = { + default = "INBOX"; + folders-sort = "INBOX, Starred, Drafts, Sent, Trash, Archive, Spam"; }; - ui = { - styleset-name = "catppuccin-mocha"; - sort = "-r date"; + extraConfig = { + general.unsafe-accounts-conf = true; + filters = { + "text/plain" = "colorize"; + "text/calendar" = "calendar | colorize"; + "text/html" = "html | colorize"; + }; + ui = { + styleset-name = "catppuccin-mocha"; + sort = "-r date"; + }; + }; + stylesets = { + catppuccin-mocha = { + "*.default" = true; + "*.normal" = true; + "default.fg" = "#cdd6f4"; + "error.fg" = "#f38ba8"; + "warning.fg" = "#fab387"; + "success.fg" = "#a6e3a1"; + "tab.fg" = "#6c7086"; + "tab.bg" = "#181825"; + "tab.selected.fg" = "#cdd6f4"; + "tab.selected.bg" = "#1e1e2e"; + "tab.selected.bold" = true; + "border.fg" = "#11111b"; + "border.bold" = true; + "msglist_unread.bold" = true; + "msglist_flagged.fg" = "#f9e2af"; + "msglist_flagged.bold" = true; + "msglist_result.fg" = "#89b4fa"; + "msglist_result.bold" = true; + "msglist_*.selected.bold" = true; + "msglist_*.selected.bg" = "#313244"; + "dirlist_*.selected.bold" = true; + "dirlist_*.selected.bg" = "#313244"; + "statusline_default.fg" = "#9399b2"; + "statusline_default.bg" = "#313244"; + "statusline_error.bold" = true; + "statusline_success.bold" = true; + "completion_default.selected.bg" = "#313244"; + }; }; }; - extraBinds = { - global = { - # keep-sorted start - "" = ":next-tab "; - "" = ":prev-tab"; - "" = ":term"; - "?" = ":help keys"; - # keep-sorted end - }; - messages = { - # keep-sorted start - "!" = ":term"; - "$" = ":term"; - "/" = ":search-a"; - "" = ":prev 100%"; - "" = ":next 50%"; - "" = ":next 100%"; - "" = ":prev 50%"; - "" = ":next"; - "" = ":view"; - "" = ":clear"; - "" = ":next 100%"; - "" = ":prev 100%"; - "" = ":prev"; - "\\" = ":filter "; - "|" = ":pipe"; - A = ":archive flat"; - C = ":compose"; - D = ":move Trash"; - G = ":select -1"; - H = ":collapse-folder"; - I = ":read"; - J = ":next-folder "; - K = ":prev-folder"; - L = ":expand-folder"; - N = ":prev-result"; - Rq = ":reply -q"; - Rr = ":reply"; - T = ":toggle-threads"; - U = ":unread"; - V = ":mark -v"; - c = ":cf"; - d = ":prompt 'Really delete this message?' 'delete-message'"; - g = ":select 0 "; - j = ":next "; - k = ":prev "; - n = ":next-result"; - q = ":quit"; - rq = ":reply -aq"; - rr = ":reply -a"; - v = ":mark -t"; - # keep-sorted end - }; - "messages:folder=Drafts" = { - "" = ":recall"; - }; - view = { - # keep-sorted start - "/" = ":toggle-key-passthrough /"; - "" = ":next-part"; - "" = ":prev-part"; - "" = ":open-link "; - "|" = ":pipe"; - A = ":archive flat"; - D = ":move Trash"; - H = ":toggle-headers"; - J = ":next "; - K = ":prev"; - O = ":open"; - R = ":read"; - Rq = ":reply -q"; - Rr = ":reply"; - S = ":save"; - U = ":unread"; - f = ":forward "; - q = ":close"; - rq = ":reply -aq"; - rr = ":reply -a"; - # keep-sorted end - }; - "view::passthrough" = { - # keep-sorted start - "$ex" = ""; - "$noinherit" = "true"; - "" = ":toggle-key-passthrough"; - # keep-sorted end - }; - compose = { - # keep-sorted start - "$ex" = ""; - "$noinherit" = "true"; - "" = ":switch-account -n"; - "" = ":switch-account -p"; - "" = ":next-field"; - "" = ":prev-field"; - "" = ":next-tab"; - "" = ":prev-tab"; - "" = ":next-field"; - # keep-sorted end - }; - "compose::editor" = { - # keep-sorted start - "$ex" = ""; - "$noinherit" = "true"; - "" = ":next-field"; - "" = ":prev-field"; - "" = ":next-tab"; - "" = ":prev-tab"; - # keep-sorted end - }; - "compose::review" = { - # keep-sorted start - a = ":attach"; - d = ":detach"; - e = ":edit"; - n = ":abort"; - p = ":postpone"; - q = ":choose -o d discard abort -o p postpone postpone"; - y = ":send "; - # keep-sorted end - }; - terminal = { - # keep-sorted start - "$ex" = ""; - "$noinherit" = "true"; - "" = ":next-tab"; - "" = ":prev-tab"; - # keep-sorted end - }; - }; - stylesets.catppuccin-mocha = '' - "*.default" = true - "*.normal" = true - "default.fg" = "#cdd6f4" - "error.fg" = "#f38ba8" - "warning.fg" = "#fab387" - "success.fg" = "#a6e3a1" - "tab.fg" = "#6c7086" - "tab.bg" = "#181825" - "tab.selected.fg" = "#cdd6f4" - "tab.selected.bg" = "#1e1e2e" - "tab.selected.bold" = true - "border.fg" = "#11111b" - "border.bold" = true - "msglist_unread.bold" = true - "msglist_flagged.fg" = "#f9e2af" - "msglist_flagged.bold" = true - "msglist_result.fg" = "#89b4fa" - "msglist_result.bold" = true - "msglist_*.selected.bold" = true - "msglist_*.selected.bg" = "#313244" - "dirlist_*.selected.bold" = true - "dirlist_*.selected.bg" = "#313244" - "statusline_default.fg" = "#9399b2" - "statusline_default.bg" = "#313244" - "statusline_error.bold" = true - "statusline_success.bold" = true - "completion_default.selected.bg" = "#313244" - ''; }; + + imports = [ ]; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/home-manager/features/agenix.nix b/modules/home-manager/features/agenix.nix index 9bd6b9b..b74bd99 100644 --- a/modules/home-manager/features/agenix.nix +++ b/modules/home-manager/features/agenix.nix @@ -1,8 +1,16 @@ { + config, + lib, userName, ... }: +let + feature = "agenix"; +in { - age.identityPaths = [ "/home/${userName}/.ssh/id_ed25519" ]; + config = lib.mkIf config.${feature}.enable { + age.identityPaths = [ "/home/${userName}/.ssh/id_ed25519" ]; + }; + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/home-manager/features/alacritty.nix b/modules/home-manager/features/alacritty.nix deleted file mode 100644 index 2c9fc5d..0000000 --- a/modules/home-manager/features/alacritty.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - # keep-sorted start - lib, - pkgs, - # keep-sorted end - ... -}: -{ - programs.alacritty = { - enable = true; - settings = { - font = { - normal = { - family = "JetBrainsMono Nerd Font"; - style = "Regular"; - }; - size = 13; - }; - window.startup_mode = "Maximized"; - terminal.shell = { - program = "${lib.getExe pkgs.zellij}"; - args = [ "-l=welcome" ]; - }; - }; - theme = "catppuccin_mocha"; - }; -} diff --git a/modules/home-manager/features/bash.nix b/modules/home-manager/features/bash.nix deleted file mode 100644 index 4f7de2a..0000000 --- a/modules/home-manager/features/bash.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ - home.shell.enableBashIntegration = true; - programs.bash.enable = true; -} diff --git a/modules/home-manager/features/bat.nix b/modules/home-manager/features/bat.nix index 9326be1..30d5324 100644 --- a/modules/home-manager/features/bat.nix +++ b/modules/home-manager/features/bat.nix @@ -1,8 +1,22 @@ { - programs.bat = { - enable = true; - config = { - theme = "Dracula"; + config, + lib, + ... +}: +let + feature = "bat"; +in +{ + config = lib.mkIf config.${feature}.enable { + programs.bat = { + enable = true; + config = { + theme = "Dracula"; + }; }; }; + + imports = [ ]; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/home-manager/features/bottom.nix b/modules/home-manager/features/bottom.nix deleted file mode 100644 index f339706..0000000 --- a/modules/home-manager/features/bottom.nix +++ /dev/null @@ -1,78 +0,0 @@ -{ - programs.bottom = { - enable = true; - settings = { - flags = { - group_processes = true; - process_memory_as_value = true; - }; - styles = { - cpu = { - all_entry_color = "#f5e0dc"; - avg_entry_color = "#eba0ac"; - cpu_core_colors = [ - "#f38ba8" - "#fab387" - "#f9e2af" - "#a6e3a1" - "#74c7ec" - "#cba6f7" - ]; - }; - memory = { - ram_color = "#a6e3a1"; - cache_color = "#f38ba8"; - swap_color = "#fab387"; - gpu_colors = [ - "#74c7ec" - "#cba6f7" - "#f38ba8" - "#fab387" - "#f9e2af" - "#a6e3a1" - ]; - arc_color = "#89dceb"; - }; - network = { - rx_color = "#a6e3a1"; - tx_color = "#f38ba8"; - rx_total_color = "#89dceb"; - tx_total_color = "#a6e3a1"; - }; - battery = { - high_battery_color = "#a6e3a1"; - medium_battery_color = "#f9e2af"; - low_battery_color = "#f38ba8"; - }; - tables = { - headers = { - color = "#f5e0dc"; - }; - }; - graphs = { - graph_color = "#a6adc8"; - legend_text = { - color = "#a6adc8"; - }; - }; - widgets = { - border_color = "#585b70"; - selected_border_color = "#f5c2e7"; - widget_title = { - color = "#f2cdcd"; - }; - text = { - color = "#cdd6f4"; - }; - selected_text = { - color = "#11111b"; - bg_color = "#cba6f7"; - }; - disabled_text = { - color = "#1e1e2e"; - }; - }; - }; - }; - }; -} diff --git a/modules/home-manager/features/delta.nix b/modules/home-manager/features/delta.nix deleted file mode 100644 index 06dd631..0000000 --- a/modules/home-manager/features/delta.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - programs.delta = { - enable = true; - options.theme = "Dracula"; - }; -} diff --git a/modules/home-manager/features/direnv.nix b/modules/home-manager/features/direnv.nix index 636a9aa..d3de702 100644 --- a/modules/home-manager/features/direnv.nix +++ b/modules/home-manager/features/direnv.nix @@ -1,3 +1,13 @@ { - programs.direnv.enable = true; + config, + lib, + ... +}: +let + feature = "direnv"; +in +{ + config = lib.mkIf config.${feature}.enable { programs.direnv.enable = true; }; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/home-manager/features/espanso.nix b/modules/home-manager/features/espanso.nix index 74279ae..1a05dd1 100644 --- a/modules/home-manager/features/espanso.nix +++ b/modules/home-manager/features/espanso.nix @@ -1,6 +1,20 @@ { - services.espanso = { - enable = true; - configs = { }; + config, + lib, + ... +}: +let + feature = "espanso"; +in +{ + config = lib.mkIf config.${feature}.enable { + services.espanso = { + enable = true; + configs = { }; + }; }; + + imports = [ ]; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/home-manager/features/eza.nix b/modules/home-manager/features/eza.nix index 46fc91f..643ba8b 100644 --- a/modules/home-manager/features/eza.nix +++ b/modules/home-manager/features/eza.nix @@ -1,283 +1,297 @@ { - programs.eza = { - enable = true; - extraOptions = [ - "--long" - "--header" - "--group-directories-first" - ]; - git = true; - icons = "always"; - theme = { - colourful = true; + config, + lib, + ... +}: +let + feature = "eza"; +in +{ + config = lib.mkIf config.${feature}.enable { + programs.eza = { + enable = true; + extraOptions = [ + "--long" + "--header" + "--group-directories-first" + ]; + git = true; + icons = "always"; + theme = { + colourful = true; - filekinds = { - normal = { - foreground = "#BAC2DE"; + filekinds = { + normal = { + foreground = "#BAC2DE"; + }; + directory = { + foreground = "#89B4FA"; + }; + symlink = { + foreground = "#89DCEB"; + }; + pipe = { + foreground = "#7F849C"; + }; + block_device = { + foreground = "#EBA0AC"; + }; + char_device = { + foreground = "#EBA0AC"; + }; + socket = { + foreground = "#585B70"; + }; + special = { + foreground = "#CBA6F7"; + }; + executable = { + foreground = "#A6E3A1"; + }; + mount_point = { + foreground = "#74C7EC"; + }; }; - directory = { - foreground = "#89B4FA"; + + perms = { + user_read = { + foreground = "#CDD6F4"; + }; + user_write = { + foreground = "#F9E2AF"; + }; + user_execute_file = { + foreground = "#A6E3A1"; + }; + user_execute_other = { + foreground = "#A6E3A1"; + }; + group_read = { + foreground = "#BAC2DE"; + }; + group_write = { + foreground = "#F9E2AF"; + }; + group_execute = { + foreground = "#A6E3A1"; + }; + other_read = { + foreground = "#A6ADC8"; + }; + other_write = { + foreground = "#F9E2AF"; + }; + other_execute = { + foreground = "#A6E3A1"; + }; + special_user_file = { + foreground = "#CBA6F7"; + }; + special_other = { + foreground = "#585B70"; + }; + attribute = { + foreground = "#A6ADC8"; + }; }; - symlink = { - foreground = "#89DCEB"; + + size = { + major = { + foreground = "#A6ADC8"; + }; + minor = { + foreground = "#89DCEB"; + }; + number_byte = { + foreground = "#CDD6F4"; + }; + number_kilo = { + foreground = "#BAC2DE"; + }; + number_mega = { + foreground = "#89B4FA"; + }; + number_giga = { + foreground = "#CBA6F7"; + }; + number_huge = { + foreground = "#CBA6F7"; + }; + unit_byte = { + foreground = "#A6ADC8"; + }; + unit_kilo = { + foreground = "#89B4FA"; + }; + unit_mega = { + foreground = "#CBA6F7"; + }; + unit_giga = { + foreground = "#CBA6F7"; + }; + unit_huge = { + foreground = "#74C7EC"; + }; }; - pipe = { + + users = { + user_you = { + foreground = "#CDD6F4"; + }; + user_root = { + foreground = "#F38BA8"; + }; + user_other = { + foreground = "#CBA6F7"; + }; + group_yours = { + foreground = "#BAC2DE"; + }; + group_other = { + foreground = "#7F849C"; + }; + group_root = { + foreground = "#F38BA8"; + }; + + }; + links = { + normal = { + foreground = "#89DCEB"; + }; + multi_link_file = { + foreground = "#74C7EC"; + }; + }; + + git = { + new = { + foreground = "#A6E3A1"; + }; + modified = { + foreground = "#F9E2AF"; + }; + deleted = { + foreground = "#F38BA8"; + }; + renamed = { + foreground = "#94E2D5"; + }; + typechange = { + foreground = "#F5C2E7"; + }; + ignored = { + foreground = "#7F849C"; + }; + conflicted = { + foreground = "#EBA0AC"; + }; + }; + git_repo = { + branch_main = { + foreground = "#CDD6F4"; + }; + branch_other = { + foreground = "#CBA6F7"; + }; + git_clean = { + foreground = "#A6E3A1"; + }; + git_dirty = { + foreground = "#F38BA8"; + }; + }; + security_context = { + colon = { + foreground = "#7F849C"; + }; + user = { + foreground = "#BAC2DE"; + }; + role = { + foreground = "#CBA6F7"; + }; + typ = { + foreground = "#585B70"; + }; + range = { + foreground = "#CBA6F7"; + }; + }; + file_type = { + image = { + foreground = "#F9E2AF"; + }; + video = { + foreground = "#F38BA8"; + }; + music = { + foreground = "#A6E3A1"; + }; + lossless = { + foreground = "#94E2D5"; + }; + crypto = { + foreground = "#585B70"; + }; + document = { + foreground = "#CDD6F4"; + }; + compressed = { + foreground = "#F5C2E7"; + }; + temp = { + foreground = "#EBA0AC"; + }; + compiled = { + foreground = "#74C7EC"; + }; + build = { + foreground = "#585B70"; + }; + source = { + foreground = "#89B4FA"; + }; + }; + punctuation = { foreground = "#7F849C"; }; - block_device = { - foreground = "#EBA0AC"; + date = { + foreground = "#F9E2AF"; }; - char_device = { - foreground = "#EBA0AC"; + inode = { + foreground = "#A6ADC8"; }; - socket = { - foreground = "#585B70"; + blocks = { + foreground = "#9399B2"; }; - special = { - foreground = "#CBA6F7"; - }; - executable = { - foreground = "#A6E3A1"; - }; - mount_point = { - foreground = "#74C7EC"; - }; - }; - - perms = { - user_read = { + header = { foreground = "#CDD6F4"; }; - user_write = { - foreground = "#F9E2AF"; - }; - user_execute_file = { - foreground = "#A6E3A1"; - }; - user_execute_other = { - foreground = "#A6E3A1"; - }; - group_read = { - foreground = "#BAC2DE"; - }; - group_write = { - foreground = "#F9E2AF"; - }; - group_execute = { - foreground = "#A6E3A1"; - }; - other_read = { - foreground = "#A6ADC8"; - }; - other_write = { - foreground = "#F9E2AF"; - }; - other_execute = { - foreground = "#A6E3A1"; - }; - special_user_file = { - foreground = "#CBA6F7"; - }; - special_other = { - foreground = "#585B70"; - }; - attribute = { - foreground = "#A6ADC8"; - }; - }; - - size = { - major = { - foreground = "#A6ADC8"; - }; - minor = { - foreground = "#89DCEB"; - }; - number_byte = { - foreground = "#CDD6F4"; - }; - number_kilo = { - foreground = "#BAC2DE"; - }; - number_mega = { - foreground = "#89B4FA"; - }; - number_giga = { - foreground = "#CBA6F7"; - }; - number_huge = { - foreground = "#CBA6F7"; - }; - unit_byte = { - foreground = "#A6ADC8"; - }; - unit_kilo = { - foreground = "#89B4FA"; - }; - unit_mega = { - foreground = "#CBA6F7"; - }; - unit_giga = { - foreground = "#CBA6F7"; - }; - unit_huge = { - foreground = "#74C7EC"; - }; - }; - - users = { - user_you = { - foreground = "#CDD6F4"; - }; - user_root = { - foreground = "#F38BA8"; - }; - user_other = { - foreground = "#CBA6F7"; - }; - group_yours = { - foreground = "#BAC2DE"; - }; - group_other = { - foreground = "#7F849C"; - }; - group_root = { - foreground = "#F38BA8"; - }; - - }; - links = { - normal = { - foreground = "#89DCEB"; - }; - multi_link_file = { - foreground = "#74C7EC"; - }; - }; - - git = { - new = { - foreground = "#A6E3A1"; - }; - modified = { - foreground = "#F9E2AF"; - }; - deleted = { - foreground = "#F38BA8"; - }; - renamed = { + octal = { foreground = "#94E2D5"; }; - typechange = { - foreground = "#F5C2E7"; - }; - ignored = { - foreground = "#7F849C"; - }; - conflicted = { - foreground = "#EBA0AC"; - }; - }; - git_repo = { - branch_main = { - foreground = "#CDD6F4"; - }; - branch_other = { + flags = { foreground = "#CBA6F7"; }; - git_clean = { - foreground = "#A6E3A1"; + + symlink_path = { + foreground = "#89DCEB"; }; - git_dirty = { - foreground = "#F38BA8"; - }; - }; - security_context = { - colon = { - foreground = "#7F849C"; - }; - user = { - foreground = "#BAC2DE"; - }; - role = { - foreground = "#CBA6F7"; - }; - typ = { - foreground = "#585B70"; - }; - range = { - foreground = "#CBA6F7"; - }; - }; - file_type = { - image = { - foreground = "#F9E2AF"; - }; - video = { - foreground = "#F38BA8"; - }; - music = { - foreground = "#A6E3A1"; - }; - lossless = { - foreground = "#94E2D5"; - }; - crypto = { - foreground = "#585B70"; - }; - document = { - foreground = "#CDD6F4"; - }; - compressed = { - foreground = "#F5C2E7"; - }; - temp = { - foreground = "#EBA0AC"; - }; - compiled = { + control_char = { foreground = "#74C7EC"; }; - build = { + broken_symlink = { + foreground = "#F38BA8"; + }; + broken_path_overlay = { foreground = "#585B70"; }; - source = { - foreground = "#89B4FA"; - }; - }; - punctuation = { - foreground = "#7F849C"; - }; - date = { - foreground = "#F9E2AF"; - }; - inode = { - foreground = "#A6ADC8"; - }; - blocks = { - foreground = "#9399B2"; - }; - header = { - foreground = "#CDD6F4"; - }; - octal = { - foreground = "#94E2D5"; - }; - flags = { - foreground = "#CBA6F7"; - }; - - symlink_path = { - foreground = "#89DCEB"; - }; - control_char = { - foreground = "#74C7EC"; - }; - broken_symlink = { - foreground = "#F38BA8"; - }; - broken_path_overlay = { - foreground = "#585B70"; }; }; }; + + imports = [ ]; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/home-manager/features/fd.nix b/modules/home-manager/features/fd.nix deleted file mode 100644 index b46e74c..0000000 --- a/modules/home-manager/features/fd.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - programs.fd = { - enable = true; - hidden = true; - }; -} diff --git a/modules/home-manager/features/firefox.nix b/modules/home-manager/features/firefox.nix deleted file mode 100644 index b0c16b3..0000000 --- a/modules/home-manager/features/firefox.nix +++ /dev/null @@ -1,254 +0,0 @@ -{ - pkgs, - ... -}: -{ - programs.firefox = { - enable = true; - languagePacks = [ "en-GB" ]; - profiles.will = { - settings = { - # keep-sorted start - "browser.aboutwelcome.enabled" = false; - "browser.bookmarks.addedImportButton" = false; - "browser.bookmarks.restore_default_bookmarks" = false; - "browser.download.useDownloadDir" = true; - "browser.newtabpage.enabled" = false; - "browser.safebrowsing.downloads.enabled" = false; - "browser.safebrowsing.malware.enabled" = false; - "browser.safebrowsing.phishing.enabled" = false; - "browser.safebrowsing.remote.block_potentially_unwanted" = false; - "browser.safebrowsing.remote.block_uncommon" = false; - "browser.search.suggest.enabled" = false; - "browser.startup.homepage" = "chrome://browser/content/blanktab.html"; - "browser.startup.page" = 3; - "browser.tabs.groups.smart.userEnabled" = false; - "browser.tabs.warnOnClose" = true; - "browser.tabs.warnOnOpen" = false; - "browser.toolbars.bookmarks.visibility" = "never"; - "browser.urlbar.suggest.searches" = false; - "datareporting.healthreport.uploadEnabled" = false; - "datareporting.usage.uploadEnabled" = false; - "dom.security.https_only_mode" = true; - "dom.security.https_only_mode_ever_enabled" = true; - "extensions.formautofill.creditCards.enabled" = false; - "general.autoScroll" = true; - "intl.locale.requested" = "en-GB"; - "network.trr.mode" = 3; - "network.trr.uri" = "https://firefox.dns.nextdns.io/"; - "privacy.annotate_channels.strict_list.enabled" = true; - "privacy.bounceTrackingProtection.mode" = 1; - "privacy.fingerprintingProtection" = true; - "privacy.globalprivacycontrol.enabled" = true; - "privacy.globalprivacycontrol.was_ever_enabled" = true; - "privacy.history.custom" = false; - "privacy.query_stripping.enabled " = true; - "privacy.query_stripping.enabled.pbmode" = true; - "privacy.sanitize.sanitizeOnShutdown" = false; - "privacy.trackingprotection.allow_list.baseline.enabled" = true; - "privacy.trackingprotection.allow_list.convenience.enabled" = false; - "privacy.trackingprotection.consentmanager.skip.pbmode.enabled" = false; - "privacy.trackingprotection.emailtracking.enabled" = true; - "privacy.trackingprotection.enabled" = true; - "privacy.trackingprotection.socialtracking.enabled" = true; - "services.sync.engine.passwords" = false; - "sidebar.main.tools" = "syncedtabs,history,bookmarks"; - "sidebar.new-sidebar.has-used" = true; - "sidebar.position_start" = false; - "sidebar.revamp" = true; - "sidebar.verticalTabs" = true; - "sidebar.verticalTabs.dragToPinPromo.dismissed" = true; - "signon.autofillForms" = false; - "signon.firefoxRelay.feature" = "disabled"; - "signon.generation.enabled" = false; - "signon.management.page.breach-alerts.enabled" = false; - "signon.rememberSignons" = false; - "toolkit.telemetry.reportingpolicy.firstRun" = false; - # keep-sorted end - }; - search = { - default = "ddg"; - privateDefault = "ddg"; - engines = { }; - order = [ ]; - force = true; - }; - extensions = { - force = true; - packages = with pkgs.nur.repos.rycee.firefox-addons; [ - # keep-sorted start sticky_comments=no - # detect-cloudflare - bitwarden - dearrow - nixpkgs-pr-tracker - react-devtools - return-youtube-dislikes - sponsorblock - ublock-origin - # keep-sorted end - ]; - settings = { - # keep-sorted start block=yes - # sponsorblock - "sponsorBlocker@ajay.app".settings = { - hideSegmentCreationInPopup = false; - autoSkipOnMusicVideosUpdate = true; - changeChapterColor = true; - autoSkipOnMusicVideos = false; - hideVideoPlayerControls = false; - useVirtualTime = true; - categoryPillColors = { }; - payments = { - chaptersAllowed = false; - freeAccess = false; - lastCheck = 0; - lastFreeCheck = 0; - licenseKey = null; - }; - allowExpirements = true; - allowScrollingToEdit = true; - audioNotificationOnSkip = false; - autoHideInfoButton = true; - categoryPillUpdate = true; - chapterCategoryAdded = true; - checkForUnlistedVideos = false; - cleanPopup = false; - darkMode = true; - deArrowInstalled = true; - defaultCategory = "chooseACategory"; - disableSkipping = false; - donateClicked = 0; - dontShowNotice = false; - forceChannelCheck = false; - fullVideoLabelsOnThumbnails = true; - fullVideoSegments = true; - hideDeleteButtonPlayerControls = false; - hideDiscordLaunches = 0; - hideDiscordLink = false; - hideInfoButtonPlayerControls = false; - hideSkipButtonPlayerControls = false; - hideUploadButtonPlayerControls = false; - categorySelections = [ - { - name = "sponsor"; - option = 2; - } - { - name = "poi_highlight"; - option = 1; - } - { - name = "exclusive_access"; - option = 0; - } - { - name = "chapter"; - option = 0; - } - { - name = "selfpromo"; - option = 1; - } - { - name = "interaction"; - option = 1; - } - { - name = "intro"; - option = 1; - } - { - name = "outro"; - option = 1; - } - { - name = "preview"; - option = 1; - } - { - name = "filler"; - option = 1; - } - { - name = "music_offtopic"; - option = 2; - } - { - name = "hook"; - option = 1; - } - ]; - manualSkipOnFullVideo = false; - minDuration = 0; - isVip = false; - muteSegments = false; - noticeVisibilityMode = 3; - renderSegmentsAsChapters = false; - scrollToEditTimeUpdate = false; - serverAddress = "https://sponsor.ajay.app"; - showAutogeneratedChapters = false; - showCategoryGuidelines = true; - showCategoryWithoutPermission = false; - showChapterInfoMessage = true; - showDeArrowInSettings = true; - showDeArrowPromotion = true; - showDonationLink = false; - showNewFeaturePopups = false; - showSegmentFailedToFetchWarning = true; - showSegmentNameInChapterBar = true; - showTimeWithSkips = true; - showUpcomingNotice = false; - showUpsells = false; - minutesSaved = 67.630516; - shownDeArrowPromotion = false; - showZoomToFillError2 = false; - skipNoticeDuration = 4; - sponsorTimesContributed = 0; - testingServer = false; - trackDownvotes = false; - trackDownvotesInPrivate = false; - trackViewCount = false; - trackViewCountInPrivate = false; - ytInfoPermissionGranted = false; - skipNonMusicOnlyOnYoutubeMusic = false; - hookUpdate = false; - permissions = { - sponsor = true; - selfpromo = true; - exclusive_access = true; - interaction = true; - intro = true; - outro = true; - preview = true; - hook = true; - music_offtopic = true; - filler = true; - poi_highlight = true; - chapter = false; - }; - segmentListDefaultTab = 0; - prideTheme = false; - }; - # ublock-origin - "uBlock0@raymondhill.net".settings = { - advancedUserEnabled = true; - selectedFilterLists = [ - "user-filters" - "ublock-filters" - "ublock-badware" - "ublock-privacy" - "ublock-quick-fixes" - "ublock-unbreak" - "easylist" - "easyprivacy" - "adguard-spyware-url" - "urlhaus-1" - "plowe-0" - ]; - }; - # keep-sorted end - }; - }; - }; - }; -} diff --git a/modules/home-manager/features/fish.nix b/modules/home-manager/features/fish.nix index 4c8e865..cb35659 100644 --- a/modules/home-manager/features/fish.nix +++ b/modules/home-manager/features/fish.nix @@ -1,39 +1,74 @@ { + config, + lib, pkgs, ... }: +let + feature = "fish"; +in { - home.shell.enableFishIntegration = true; - programs.fish = { - enable = true; - interactiveShellInit = '' - set fish_greeting - ''; - plugins = [ - # INFO: Using this to get shell completion for programs added to the path through nix+direnv. - # Issue to upstream into direnv:Add commentMore actions - # https://github.com/direnv/direnv/issues/443 - { - name = "completion-sync"; - src = pkgs.fetchFromGitHub { - owner = "iynaix"; - repo = "fish-completion-sync"; - rev = "4f058ad2986727a5f510e757bc82cbbfca4596f0"; - sha256 = "sha256-kHpdCQdYcpvi9EFM/uZXv93mZqlk1zCi2DRhWaDyK5g="; - }; - } - ]; + config = lib.mkIf config.${feature}.enable { + home.shell.enableFishIntegration = true; + programs.fish = { + enable = true; + interactiveShellInit = '' + set fish_greeting + ''; + shellAliases = { + # keep-sorted start + cat = "bat"; + # cd = "j"; + cut = "choose"; + df = "duf"; + du = "dua"; + # find = "fd"; + g = "lazygit"; + l = "eza"; + la = "eza -a"; + ls = "eza"; + ns = "nh os switch"; + # curl = "xh"; + ping = "gping"; + ps = "procs"; + # sed = "sd"; + # grep = "rga"; + top = "btm"; + unzip = "ripunzip"; + vi = "nvim"; + vim = "nvim"; + # keep-sorted end + }; + plugins = [ + # INFO: Using this to get shell completion for programs added to the path through nix+direnv. + # Issue to upstream into direnv:Add commentMore actions + # https://github.com/direnv/direnv/issues/443 + { + name = "completion-sync"; + src = pkgs.fetchFromGitHub { + owner = "iynaix"; + repo = "fish-completion-sync"; + rev = "4f058ad2986727a5f510e757bc82cbbfca4596f0"; + sha256 = "sha256-kHpdCQdYcpvi9EFM/uZXv93mZqlk1zCi2DRhWaDyK5g="; + }; + } + ]; + }; + + # https://nixos.wiki/wiki/Fish#Setting_fish_as_your_shell + programs.bash = { + enable = true; + initExtra = '' + if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]] + then + shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION="" + exec ${pkgs.fish}/bin/fish $LOGIN_OPTION + fi + ''; + }; }; - # https://nixos.wiki/wiki/Fish#Setting_fish_as_your_shell - programs.bash = { - enable = true; - initExtra = '' - if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]] - then - shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION="" - exec ${pkgs.fish}/bin/fish $LOGIN_OPTION - fi - ''; - }; + imports = [ ]; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/home-manager/features/gh.nix b/modules/home-manager/features/gh.nix index 85a858c..226dd9c 100644 --- a/modules/home-manager/features/gh.nix +++ b/modules/home-manager/features/gh.nix @@ -1,9 +1,23 @@ { - programs.gh = { - enable = true; - settings = { - git_protocol = "ssh"; - editor = "nvim"; + config, + lib, + ... +}: +let + feature = "gh"; +in +{ + config = lib.mkIf config.${feature}.enable { + programs.gh = { + enable = true; + settings = { + git_protocol = "ssh"; + editor = "nvim"; + }; }; }; + + imports = [ ]; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/home-manager/features/git.nix b/modules/home-manager/features/git.nix index 7be9e6c..daed51d 100644 --- a/modules/home-manager/features/git.nix +++ b/modules/home-manager/features/git.nix @@ -1,12 +1,24 @@ { - userName, + config, + lib, ... }: +let + feature = "git"; +in { - programs.git = { - enable = true; - settings = { - # keep-sorted start block=yes + config = lib.mkIf config.${feature}.enable { + programs.${feature} = { + enable = true; + + delta = { + enable = true; + options.theme = "Dracula"; + }; + + userName = "wi11-holdsworth"; + userEmail = "83637728+wi11-holdsworth@users.noreply.github.com"; + aliases = { # keep-sorted start a = "add"; @@ -27,20 +39,18 @@ s = "status -s"; # keep-sorted end }; - core.editor = "nvim"; - init.defaultBranch = "main"; - pull.rebase = true; - push.autoSetupRemote = true; - user = { - name = "Will Holdsworth"; - email = "me@fi33.buzz"; + + extraConfig = { + init.defaultBranch = "main"; + + core.editor = "nvim"; + + push.autoSetupRemote = true; + + pull.rebase = false; }; - # keep-sorted end - }; - signing = { - key = "/home/${userName}/.ssh/git_signature.pub"; - format = "ssh"; - signByDefault = true; }; }; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/home-manager/features/kitty.nix b/modules/home-manager/features/kitty.nix index 574e777..5c4a317 100644 --- a/modules/home-manager/features/kitty.nix +++ b/modules/home-manager/features/kitty.nix @@ -1,21 +1,32 @@ { + config, + lib, pkgs, ... }: +let + feature = "kitty"; +in { - programs.kitty = { - enable = true; - enableGitIntegration = true; - font = { - package = pkgs.nerd-fonts.jetbrains-mono; - name = "JetBrainsMono Nerd Font"; - size = 13; - }; - themeFile = "Catppuccin-Mocha"; - settings = { - shell = "zellij -l welcome"; - remember_window_size = true; - confirm_os_window_close = 0; + config = lib.mkIf config.${feature}.enable { + programs.kitty = { + enable = true; + enableGitIntegration = true; + font = { + package = pkgs.nerd-fonts.jetbrains-mono; + name = "JetBrainsMono Nerd Font"; + size = 13; + }; + themeFile = "Catppuccin-Mocha"; + settings = { + shell = "zellij -l welcome"; + remember_window_size = true; + confirm_os_window_close = 0; + }; }; }; + + imports = [ ]; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/home-manager/features/lazygit.nix b/modules/home-manager/features/lazygit.nix deleted file mode 100644 index 6672936..0000000 --- a/modules/home-manager/features/lazygit.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ - ... -}: -{ - programs.lazygit = { - enable = true; - settings = { - git.overrideGpg = true; - log = { - localBranchSortOrder = "recency"; - remoteBranchSortOrder = "recency"; - }; - }; - }; -} diff --git a/modules/home-manager/features/librewolf.nix b/modules/home-manager/features/librewolf.nix deleted file mode 100644 index 31a34b2..0000000 --- a/modules/home-manager/features/librewolf.nix +++ /dev/null @@ -1,255 +0,0 @@ -{ - pkgs, - ... -}: -{ - programs.librewolf = { - enable = true; - languagePacks = [ "en-GB" ]; - profiles.will = { - settings = { - # keep-sorted start - "browser.aboutwelcome.enabled" = false; - "browser.bookmarks.addedImportButton" = false; - "browser.bookmarks.restore_default_bookmarks" = false; - "browser.download.useDownloadDir" = true; - "browser.newtabpage.enabled" = false; - "browser.safebrowsing.downloads.enabled" = false; - "browser.safebrowsing.malware.enabled" = false; - "browser.safebrowsing.phishing.enabled" = false; - "browser.safebrowsing.remote.block_potentially_unwanted" = false; - "browser.safebrowsing.remote.block_uncommon" = false; - "browser.search.suggest.enabled" = false; - "browser.startup.homepage" = "chrome://browser/content/blanktab.html"; - "browser.startup.page" = 3; - "browser.tabs.groups.smart.userEnabled" = false; - "browser.tabs.warnOnClose" = true; - "browser.tabs.warnOnOpen" = false; - "browser.toolbars.bookmarks.visibility" = "never"; - "browser.urlbar.suggest.searches" = false; - "datareporting.healthreport.uploadEnabled" = false; - "datareporting.usage.uploadEnabled" = false; - "dom.security.https_only_mode" = true; - "dom.security.https_only_mode_ever_enabled" = true; - "extensions.formautofill.creditCards.enabled" = false; - "general.autoScroll" = true; - "identity.fxaccounts.enabled" = true; - "intl.locale.requested" = "en-GB"; - "network.trr.mode" = 3; - "network.trr.uri" = "https://firefox.dns.nextdns.io/"; - "privacy.annotate_channels.strict_list.enabled" = true; - "privacy.bounceTrackingProtection.mode" = 1; - "privacy.fingerprintingProtection" = true; - "privacy.globalprivacycontrol.enabled" = true; - "privacy.globalprivacycontrol.was_ever_enabled" = true; - "privacy.history.custom" = false; - "privacy.query_stripping.enabled " = true; - "privacy.query_stripping.enabled.pbmode" = true; - "privacy.sanitize.sanitizeOnShutdown" = false; - "privacy.trackingprotection.allow_list.baseline.enabled" = true; - "privacy.trackingprotection.allow_list.convenience.enabled" = false; - "privacy.trackingprotection.consentmanager.skip.pbmode.enabled" = false; - "privacy.trackingprotection.emailtracking.enabled" = true; - "privacy.trackingprotection.enabled" = true; - "privacy.trackingprotection.socialtracking.enabled" = true; - "services.sync.engine.passwords" = false; - "sidebar.main.tools" = "syncedtabs,history,bookmarks"; - "sidebar.new-sidebar.has-used" = true; - "sidebar.position_start" = false; - "sidebar.revamp" = true; - "sidebar.verticalTabs" = true; - "sidebar.verticalTabs.dragToPinPromo.dismissed" = true; - "signon.autofillForms" = false; - "signon.firefoxRelay.feature" = "disabled"; - "signon.generation.enabled" = false; - "signon.management.page.breach-alerts.enabled" = false; - "signon.rememberSignons" = false; - "toolkit.telemetry.reportingpolicy.firstRun" = false; - # keep-sorted end - }; - search = { - default = "ddg"; - privateDefault = "ddg"; - engines = { }; - order = [ ]; - force = true; - }; - extensions = { - force = true; - packages = with pkgs.nur.repos.rycee.firefox-addons; [ - # keep-sorted start sticky_comments=no - # detect-cloudflare - bitwarden - dearrow - nixpkgs-pr-tracker - react-devtools - return-youtube-dislikes - sponsorblock - ublock-origin - # keep-sorted end - ]; - settings = { - # keep-sorted start block=yes - # sponsorblock - "sponsorBlocker@ajay.app".settings = { - hideSegmentCreationInPopup = false; - autoSkipOnMusicVideosUpdate = true; - changeChapterColor = true; - autoSkipOnMusicVideos = false; - hideVideoPlayerControls = false; - useVirtualTime = true; - categoryPillColors = { }; - payments = { - chaptersAllowed = false; - freeAccess = false; - lastCheck = 0; - lastFreeCheck = 0; - licenseKey = null; - }; - allowExpirements = true; - allowScrollingToEdit = true; - audioNotificationOnSkip = false; - autoHideInfoButton = true; - categoryPillUpdate = true; - chapterCategoryAdded = true; - checkForUnlistedVideos = false; - cleanPopup = false; - darkMode = true; - deArrowInstalled = true; - defaultCategory = "chooseACategory"; - disableSkipping = false; - donateClicked = 0; - dontShowNotice = false; - forceChannelCheck = false; - fullVideoLabelsOnThumbnails = true; - fullVideoSegments = true; - hideDeleteButtonPlayerControls = false; - hideDiscordLaunches = 0; - hideDiscordLink = false; - hideInfoButtonPlayerControls = false; - hideSkipButtonPlayerControls = false; - hideUploadButtonPlayerControls = false; - categorySelections = [ - { - name = "sponsor"; - option = 2; - } - { - name = "poi_highlight"; - option = 1; - } - { - name = "exclusive_access"; - option = 0; - } - { - name = "chapter"; - option = 0; - } - { - name = "selfpromo"; - option = 1; - } - { - name = "interaction"; - option = 1; - } - { - name = "intro"; - option = 1; - } - { - name = "outro"; - option = 1; - } - { - name = "preview"; - option = 1; - } - { - name = "filler"; - option = 1; - } - { - name = "music_offtopic"; - option = 2; - } - { - name = "hook"; - option = 1; - } - ]; - manualSkipOnFullVideo = false; - minDuration = 0; - isVip = false; - muteSegments = false; - noticeVisibilityMode = 3; - renderSegmentsAsChapters = false; - scrollToEditTimeUpdate = false; - serverAddress = "https://sponsor.ajay.app"; - showAutogeneratedChapters = false; - showCategoryGuidelines = true; - showCategoryWithoutPermission = false; - showChapterInfoMessage = true; - showDeArrowInSettings = true; - showDeArrowPromotion = true; - showDonationLink = false; - showNewFeaturePopups = false; - showSegmentFailedToFetchWarning = true; - showSegmentNameInChapterBar = true; - showTimeWithSkips = true; - showUpcomingNotice = false; - showUpsells = false; - minutesSaved = 67.630516; - shownDeArrowPromotion = false; - showZoomToFillError2 = false; - skipNoticeDuration = 4; - sponsorTimesContributed = 0; - testingServer = false; - trackDownvotes = false; - trackDownvotesInPrivate = false; - trackViewCount = false; - trackViewCountInPrivate = false; - ytInfoPermissionGranted = false; - skipNonMusicOnlyOnYoutubeMusic = false; - hookUpdate = false; - permissions = { - sponsor = true; - selfpromo = true; - exclusive_access = true; - interaction = true; - intro = true; - outro = true; - preview = true; - hook = true; - music_offtopic = true; - filler = true; - poi_highlight = true; - chapter = false; - }; - segmentListDefaultTab = 0; - prideTheme = false; - }; - # ublock-origin - "uBlock0@raymondhill.net".settings = { - advancedUserEnabled = true; - selectedFilterLists = [ - "user-filters" - "ublock-filters" - "ublock-badware" - "ublock-privacy" - "ublock-quick-fixes" - "ublock-unbreak" - "easylist" - "easyprivacy" - "adguard-spyware-url" - "urlhaus-1" - "plowe-0" - ]; - }; - # keep-sorted end - }; - }; - }; - }; -} diff --git a/modules/home-manager/features/mail.nix b/modules/home-manager/features/mail.nix index 1690e81..5bf57cd 100644 --- a/modules/home-manager/features/mail.nix +++ b/modules/home-manager/features/mail.nix @@ -1,54 +1,62 @@ { - # keep-sorted start config, + lib, hostName, - # keep-sorted end ... }: +let + feature = "mail"; +in { - accounts.email = - let - certificatesFile = config.age.secrets.protonmail-cert.path; - in - { - inherit certificatesFile; - accounts = - let - # keep-sorted start block=yes - address = "willholdsworth@pm.me"; - authentication = "login"; - host = "127.0.0.1"; - tls = { - enable = false; - useStartTls = true; - inherit certificatesFile; - }; - # keep-sorted end - in - { - personal = { - enable = true; + config = lib.mkIf config.${feature}.enable { + accounts.email = + let + certificatesFile = config.age.secrets.protonmail-cert.path; + in + { + inherit certificatesFile; + accounts = + let # keep-sorted start block=yes - imap = { - port = 1143; - inherit tls; - inherit authentication; - inherit host; + address = "willholdsworth@pm.me"; + authentication = "login"; + host = "127.0.0.1"; + tls = { + enable = false; + useStartTls = true; + inherit certificatesFile; }; - inherit address; - passwordCommand = "cat ${config.age.secrets."protonmail-${hostName}-password".path}"; - primary = true; - realName = "Will Holdsworth"; - smtp = { - port = 1025; - inherit tls; - inherit authentication; - inherit host; - }; - userName = address; # keep-sorted end + in + { + personal = { + enable = true; + # keep-sorted start block=yes + imap = { + port = 1143; + inherit tls; + inherit authentication; + inherit host; + }; + inherit address; + passwordCommand = "cat ${config.age.secrets."protonmail-${hostName}-password".path}"; + primary = true; + realName = "Will Holdsworth"; + smtp = { + port = 1025; + inherit tls; + inherit authentication; + inherit host; + }; + userName = address; + # keep-sorted end + }; }; - }; - }; - age.secrets."protonmail-cert".file = ../../../secrets/protonmail-cert.age; + }; + age.secrets."protonmail-cert".file = ../../../secrets/protonmail-cert.age; + }; + + imports = [ ]; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/home-manager/features/obsidian.nix b/modules/home-manager/features/obsidian.nix index 2f07e05..8384df1 100644 --- a/modules/home-manager/features/obsidian.nix +++ b/modules/home-manager/features/obsidian.nix @@ -1,116 +1,126 @@ +{ config, lib, ... }: +let + feature = "obsidian"; +in { - programs.obsidian = { - enable = true; - defaultSettings = { - app = { - tabSize = 2; - trashOption = "local"; - alwaysUpdateLinks = true; - attachmentFolderPath = "/"; - defaultViewMode = "preview"; - vimMode = true; - showLineNumber = true; - }; - appearance = { - monospaceFontFamily = "JetBrainsMono Nerd Font"; - interfaceFontFamily = "JetBrainsMono Nerd Font"; - textFontFamily = "JetBrainsMono Nerd Font"; - nativeMenus = false; - cssTheme = "Catppuccin"; - showRibbon = false; - }; - communityPlugins = [ - # keep-sorted start - "obsidian-editor-shortcuts" - "obsidian-excalidraw-plugin" - "obsidian-livesync" - "obsidian-relative-line-numbers" - "oz-clear-unused-images" - "pdf-plus" - "tag-wrangler" - "virtual-linker" - # keep-sorted end - ]; - corePlugins = [ - # keep-sorted start - "backlink" - "bases" - "bookmarks" - "canvas" - "command-palette" - "daily-notes" - "editor-status" - "file-explorer" - "file-recovery" - "global-search" - "graph" - "markdown-importer" - "note-composer" - "outgoing-link" - "outline" - "page-preview" - "properties" - "random-note" - "slash-command" - "slides" - "switcher" - "tag-pane" - "templates" - "word-count" - "workspaces" - "zk-prefixer" - # keep-sorted end - ]; - hotkeys = { - "editor:swap-line-down" = [ - { - "modifiers" = [ "Alt" ]; - "key" = "ArrowDown"; - } + config = lib.mkIf config.${feature}.enable { + programs.obsidian = { + enable = true; + defaultSettings = { + app = { + tabSize = 2; + trashOption = "local"; + alwaysUpdateLinks = true; + attachmentFolderPath = "/"; + defaultViewMode = "preview"; + vimMode = true; + showLineNumber = true; + }; + appearance = { + monospaceFontFamily = "JetBrainsMono Nerd Font"; + interfaceFontFamily = "JetBrainsMono Nerd Font"; + textFontFamily = "JetBrainsMono Nerd Font"; + nativeMenus = false; + cssTheme = "Catppuccin"; + showRibbon = false; + }; + communityPlugins = [ + # keep-sorted start + "obsidian-editor-shortcuts" + "obsidian-excalidraw-plugin" + "obsidian-livesync" + "obsidian-relative-line-numbers" + "oz-clear-unused-images" + "pdf-plus" + "tag-wrangler" + "virtual-linker" + # keep-sorted end ]; - "editor:swap-line-up" = [ - { - "modifiers" = [ "Alt" ]; - "key" = "ArrowUp"; - } - ]; - "app:toggle-left-sidebar" = [ - { - "modifiers" = [ - "Mod" - "Shift" - ]; - "key" = "/"; - } - ]; - "app:toggle-right-sidebar" = [ - { - "modifiers" = [ - "Mod" - "Shift" - ]; - "key" = "\\"; - } - ]; - "window:reset-zoom" = [ - { - "modifiers" = [ "Mod" ]; - "key" = "0"; - } - ]; - "app:go-back" = [ - { - "modifiers" = [ "Alt" ]; - "key" = "ArrowLeft"; - } - ]; - "app:go-forward" = [ - { - "modifiers" = [ "Alt" ]; - "key" = "ArrowRight"; - } + corePlugins = [ + # keep-sorted start + "backlink" + "bases" + "bookmarks" + "canvas" + "command-palette" + "daily-notes" + "editor-status" + "file-explorer" + "file-recovery" + "global-search" + "graph" + "markdown-importer" + "note-composer" + "outgoing-link" + "outline" + "page-preview" + "properties" + "random-note" + "slash-command" + "slides" + "switcher" + "tag-pane" + "templates" + "word-count" + "workspaces" + "zk-prefixer" + # keep-sorted end ]; + hotkeys = { + "editor:swap-line-down" = [ + { + "modifiers" = [ "Alt" ]; + "key" = "ArrowDown"; + } + ]; + "editor:swap-line-up" = [ + { + "modifiers" = [ "Alt" ]; + "key" = "ArrowUp"; + } + ]; + "app:toggle-left-sidebar" = [ + { + "modifiers" = [ + "Mod" + "Shift" + ]; + "key" = "/"; + } + ]; + "app:toggle-right-sidebar" = [ + { + "modifiers" = [ + "Mod" + "Shift" + ]; + "key" = "\\"; + } + ]; + "window:reset-zoom" = [ + { + "modifiers" = [ "Mod" ]; + "key" = "0"; + } + ]; + "app:go-back" = [ + { + "modifiers" = [ "Alt" ]; + "key" = "ArrowLeft"; + } + ]; + "app:go-forward" = [ + { + "modifiers" = [ "Alt" ]; + "key" = "ArrowRight"; + } + ]; + }; }; }; }; + + imports = [ ]; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/home-manager/features/shell-aliases.nix b/modules/home-manager/features/shell-aliases.nix deleted file mode 100644 index 0c78ca6..0000000 --- a/modules/home-manager/features/shell-aliases.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - home.shellAliases = { - # keep-sorted start - ",cat" = "bat"; - ",curl" = "xh"; - ",cut" = "choose"; - ",df" = "duf"; - ",diff" = "delta"; - ",du" = "dua"; - ",find" = "fd"; - ",grep" = "rga"; - ",ping" = "gping"; - ",ps" = "procs"; - ",sed" = "sd"; - ",ss" = "snitch"; - ",top" = "btm"; - ",unzip" = "ripunzip"; - "g" = "lazygit"; - "l" = "eza"; - "la" = "eza -a"; - "ls" = "eza"; - "ns" = "nh os switch"; - "vi" = "nvim"; - "vim" = "nvim"; - # keep-sorted end - }; -} diff --git a/modules/home-manager/features/starship.nix b/modules/home-manager/features/starship.nix index 898e19c..b998cfa 100644 --- a/modules/home-manager/features/starship.nix +++ b/modules/home-manager/features/starship.nix @@ -1,9 +1,21 @@ { - programs.starship = { - enable = true; - settings.character = { - success_symbol = "[%](bold green) "; - error_symbol = "[%](bold red) "; + config, + lib, + ... +}: +let + feature = "starship"; +in +{ + config = lib.mkIf config.${feature}.enable { + programs.starship = { + enable = true; + settings.character = { + success_symbol = "[%](bold green) "; + error_symbol = "[%](bold red) "; + }; }; }; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/home-manager/features/yazi.nix b/modules/home-manager/features/yazi.nix index 42575dd..ff00bce 100644 --- a/modules/home-manager/features/yazi.nix +++ b/modules/home-manager/features/yazi.nix @@ -1,25 +1,35 @@ { + config, + lib, pkgs, ... }: +let + feature = "yazi"; +in { - programs.yazi = { - enable = true; - shellWrapperName = "y"; - plugins = { - # keep-sorted start - diff = pkgs.yaziPlugins.diff; - git = pkgs.yaziPlugins.git; - mediainfo = pkgs.yaziPlugins.mediainfo; - mount = pkgs.yaziPlugins.mount; - ouch = pkgs.yaziPlugins.ouch; - relative-motions = pkgs.yaziPlugins.relative-motions; - restore = pkgs.yaziPlugins.restore; - rich-preview = pkgs.yaziPlugins.rich-preview; - starship = pkgs.yaziPlugins.starship; - vcs-files = pkgs.yaziPlugins.vcs-files; - yatline-githead = pkgs.yaziPlugins.yatline-githead; - # keep-sorted end + config = lib.mkIf config.${feature}.enable { + programs.yazi = { + enable = true; + plugins = { + # keep-sorted start + diff = pkgs.yaziPlugins.diff; + git = pkgs.yaziPlugins.git; + mediainfo = pkgs.yaziPlugins.mediainfo; + mount = pkgs.yaziPlugins.mount; + ouch = pkgs.yaziPlugins.ouch; + relative-motions = pkgs.yaziPlugins.relative-motions; + restore = pkgs.yaziPlugins.restore; + rich-preview = pkgs.yaziPlugins.rich-preview; + starship = pkgs.yaziPlugins.starship; + vcs-files = pkgs.yaziPlugins.vcs-files; + yatline-githead = pkgs.yaziPlugins.yatline-githead; + # keep-sorted end + }; }; }; + + imports = [ ]; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/home-manager/features/zed-editor.nix b/modules/home-manager/features/zed-editor.nix index 4224e3c..3271284 100644 --- a/modules/home-manager/features/zed-editor.nix +++ b/modules/home-manager/features/zed-editor.nix @@ -1,89 +1,97 @@ { - # keep-sorted start + config, lib, pkgs, - # keep-sorted end ... }: +let + feature = "zed-editor"; +in { - programs.zed-editor = { - enable = true; - package = pkgs.zed-editor-fhs; - extensions = [ - # keep-sorted start - "catppuccin" - "catppuccin-icons" - "codebook" - "emmet" - "git-firefly" - "haskell" - "html" - "nix" - # keep-sorted end - ]; - extraPackages = with pkgs; [ - # keep-sorted start - haskell-language-server - nil - nixd - package-version-server - rust-analyzer - # keep-sorted end - ]; - installRemoteServer = true; - userSettings = { - # keep-sorted start block=yes - base_keymap = "VSCode"; - buffer_font_family = "JetBrainsMono Nerd Font"; - buffer_font_size = 15; - disable_ai = true; - icon_theme = "Catppuccin Mocha"; - inlay_hints = { - enabled = true; - show_value_hints = true; - show_type_hints = true; - show_parameter_hints = true; - show_other_hints = true; - show_background = false; - edit_debounce_ms = 700; - scroll_debounce_ms = 50; - toggle_on_modifiers_press = { - control = false; - alt = false; - shift = false; - platform = false; - function = false; + config = lib.mkIf config.${feature}.enable { + programs.zed-editor = { + enable = true; + package = pkgs.zed-editor-fhs; + extensions = [ + # keep-sorted start + "catppuccin" + "catppuccin-icons" + "codebook" + "emmet" + "git-firefly" + "haskell" + "html" + "nix" + # keep-sorted end + ]; + extraPackages = with pkgs; [ + # keep-sorted start + haskell-language-server + nil + nixd + package-version-server + rust-analyzer + # keep-sorted end + ]; + installRemoteServer = true; + userSettings = { + # keep-sorted start block=yes + base_keymap = "VSCode"; + buffer_font_family = "JetBrainsMono Nerd Font"; + buffer_font_size = 15; + disable_ai = true; + icon_theme = "Catppuccin Mocha"; + inlay_hints = { + enabled = true; + show_value_hints = true; + show_type_hints = true; + show_parameter_hints = true; + show_other_hints = true; + show_background = false; + edit_debounce_ms = 700; + scroll_debounce_ms = 50; + toggle_on_modifiers_press = { + control = false; + alt = false; + shift = false; + platform = false; + function = false; + }; }; + # https://wiki.nixos.org/wiki/Zed#rust-analyzer + lsp.rust-analyzer.binary.path = lib.getExe pkgs.rust-analyzer; + minimap = { + show = "auto"; + }; + preferred_line_length = 80; + relative_line_numbers = true; + soft_wrap = "preferred_line_length"; + tab_bar = { + show_nav_history_buttons = false; + }; + tab_size = 2; + tabs = { + file_icons = true; + git_status = true; + }; + telemetry = { + diagnostics = false; + metrics = false; + }; + theme = { + mode = "system"; + light = "One Light"; + dark = "Catppuccin Mocha"; + }; + ui_font_family = "JetBrainsMono Nerd Font"; + ui_font_size = 16; + vim_mode = true; + # keep-sorted end }; - # https://wiki.nixos.org/wiki/Zed#rust-analyzer - lsp.rust-analyzer.binary.path = lib.getExe pkgs.rust-analyzer; - minimap = { - show = "auto"; - }; - preferred_line_length = 80; - relative_line_numbers = true; - soft_wrap = "preferred_line_length"; - tab_bar = { - show_nav_history_buttons = false; - }; - tab_size = 2; - tabs = { - file_icons = true; - git_status = true; - }; - telemetry = { - diagnostics = false; - metrics = false; - }; - theme = { - mode = "system"; - light = "One Light"; - dark = "Catppuccin Mocha"; - }; - ui_font_family = "JetBrainsMono Nerd Font"; - ui_font_size = 16; - vim_mode = true; - # keep-sorted end }; }; + + imports = [ ]; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/home-manager/features/zellij.nix b/modules/home-manager/features/zellij.nix index 43d706b..5313695 100644 --- a/modules/home-manager/features/zellij.nix +++ b/modules/home-manager/features/zellij.nix @@ -1,9 +1,24 @@ { - programs.zellij = { - enable = true; - settings = { - theme = "catppuccin-mocha"; - show_startup_tips = false; + config, + lib, + ... +}: +let + feature = "zellij"; +in +{ + config = lib.mkIf config.${feature}.enable { + programs.zellij = { + enable = true; + settings = { + theme = "catppuccin-mocha"; + show_startup_tips = false; + default_shell = "fish"; + }; }; }; + + imports = [ ]; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/home-manager/features/zen-browser.nix b/modules/home-manager/features/zen-browser.nix index b64fe5f..cdfdbc0 100644 --- a/modules/home-manager/features/zen-browser.nix +++ b/modules/home-manager/features/zen-browser.nix @@ -1,13 +1,15 @@ { - programs.zen-browser = - let - profileName = "fmnikwnj.Default Profile"; - in - { + config, + lib, + ... +}: +let + feature = "zen-browser"; +in +{ + config = lib.mkIf config.${feature}.enable { + programs.zen-browser = { enable = true; - profiles.${profileName}.settings = { - zen.tabs.vertical.right-side = true; - }; policies = let mkLockedAttrs = builtins.mapAttrs ( @@ -64,4 +66,7 @@ # keep-sorted end }; }; + }; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/home-manager/features/zoxide.nix b/modules/home-manager/features/zoxide.nix index 61faad9..60afa1f 100644 --- a/modules/home-manager/features/zoxide.nix +++ b/modules/home-manager/features/zoxide.nix @@ -1,8 +1,23 @@ { - programs.zoxide = { - enable = true; - options = [ - "--cmd j" - ]; + config, + lib, + ... +}: +let + feature = "zoxide"; +in +{ + config = lib.mkIf config.${feature}.enable { + programs.zoxide = { + enable = true; + enableBashIntegration = true; + options = [ + "--cmd j" + ]; + }; }; + + imports = [ ]; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/bundles/desktop.nix b/modules/nixos/bundles/desktop.nix index b5b48c2..f6559ad 100644 --- a/modules/nixos/bundles/desktop.nix +++ b/modules/nixos/bundles/desktop.nix @@ -1,13 +1,36 @@ { - util, + config, + lib, + pkgs, ... }: +let + feature = "desktop"; +in { - imports = util.toImports ../features [ + config = lib.mkIf config.${feature}.enable { # keep-sorted start - "pipewire" - "print-and-scan" - "protonmail-bridge" + pipewire.enable = true; + print-and-scan.enable = true; + protonmail-bridge.enable = true; # keep-sorted end - ]; + + environment.systemPackages = with pkgs; [ + # keep-sorted start + beeper + # TODO: replace with lue/epy + calibre + cameractrls-gtk3 + # https://github.com/NixOS/nixpkgs/issues/437865 + # jellyfin-media-player + # TODO: replace with sc-im/visidata + onlyoffice-desktopeditors + textsnatcher + # keep-sorted end + ]; + }; + + imports = [ ]; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/bundles/dev.nix b/modules/nixos/bundles/dev.nix index 2af44dc..8bb7de6 100644 --- a/modules/nixos/bundles/dev.nix +++ b/modules/nixos/bundles/dev.nix @@ -1,13 +1,26 @@ { + config, + lib, pkgs, ... }: +let + feature = "dev"; +in { - environment.systemPackages = with pkgs; [ - # keep-sorted start - bacon - cargo-info - mask - # keep-sorted end - ]; + config = lib.mkIf config.${feature}.enable { + environment.systemPackages = with pkgs; [ + # keep-sorted start + bacon + cargo-info + devenv + just + mask + rusty-man + vscode + # keep-sorted end + ]; + }; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/bundles/gui.nix b/modules/nixos/bundles/gui.nix deleted file mode 100644 index 9459711..0000000 --- a/modules/nixos/bundles/gui.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ - # keep-sorted start - pkgs, - util, - # keep-sorted end - ... -}: -{ - imports = util.toImports ../features [ - # keep-sorted start - "fonts" - # keep-sorted end - ]; - - environment.systemPackages = with pkgs; [ - # keep-sorted start - cameractrls-gtk3 - jellyfin-desktop - libreoffice - signal-desktop - textsnatcher - # keep-sorted end - ]; -} diff --git a/modules/nixos/bundles/server.nix b/modules/nixos/bundles/server.nix index 7a9f017..0091667 100644 --- a/modules/nixos/bundles/server.nix +++ b/modules/nixos/bundles/server.nix @@ -1,41 +1,39 @@ { - util, + config, + lib, ... }: +let + feature = "server"; +in { - imports = util.toImports ../features [ + config = lib.mkIf config.${feature}.enable { # keep-sorted start - "bazarr" - "caddy" - "copyparty" - "couchdb" - "cryptpad" - "fi33.buzz" - "gatus" - "homepage-dashboard" - "immich" - "jellyfin" - "kavita" - "libretranslate" - "lidarr" - "mealie" - "miniflux" - "ntfy-sh" - "nzbget" - "paperless" - "prowlarr" - "qbittorrent" - "radarr" - "radicale" - "readarr" - "send" - "sonarr" - "vaultwarden" + copyparty.enable = true; + couchdb.enable = true; + flaresolverr.enable = true; + homepage-dashboard.enable = true; + immich.enable = true; + jellyfin.enable = true; + lidarr.enable = true; + miniflux.enable = true; + nginx.enable = true; + ntfy-sh.enable = true; + paperless.enable = true; + prowlarr.enable = true; + qbittorrent.enable = true; + radarr.enable = true; + sonarr.enable = true; + syncthing.enable = true; + vaultwarden.enable = true; # keep-sorted end - ]; - services.borgbackup.jobs = { - onsite.paths = [ "/srv" ]; - offsite.paths = [ "/srv" ]; + users.groups.media = { }; + + services.borgmatic.settings.source_directories = [ "/srv" ]; }; + + imports = [ ]; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index bba0af7..ce619c4 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -1,35 +1,44 @@ { - # keep-sorted start + lib, pkgs, - util, - # keep-sorted end ... }: +let + featureBundler = + featuresDir: + map (name: featuresDir + "/${name}") (builtins.attrNames (builtins.readDir featuresDir)); +in { - imports = util.toImports ./features [ - # keep-sorted start - "agenix" - "localisation" - "network" - "nh" - "nix" - "nixvim" - "syncthing" - "systemd-boot" - # keep-sorted end - ]; + imports = (featureBundler ./bundles) ++ (featureBundler ./features); + # keep-sorted start + agenix.enable = lib.mkDefault true; + fonts.enable = lib.mkDefault true; + localisation.enable = lib.mkDefault true; + network.enable = lib.mkDefault true; + nh.enable = lib.mkDefault true; + nix-settings.enable = lib.mkDefault true; + nixpkgs.enable = lib.mkDefault true; + nixvim.enable = lib.mkDefault true; + syncthing.enable = lib.mkDefault true; + systemd-boot.enable = lib.mkDefault true; + tailscale.enable = lib.mkDefault true; + # keep-sorted end environment.systemPackages = with pkgs; [ # keep-sorted start + bottom # top broot # large directory browser choose # cut + circumflex # hacker news browsing + cointop # crypto ticker ddgr # web search - doggo # dns + dogdns # dns dua # du duf # df epy # ebook reading + fd # find fselect # find with sql syntax fx # json processor and viewer fzf # fuzzy finder @@ -39,12 +48,13 @@ hexyl # hexadecimal viewer hyperfine # benchmarking tool keep-sorted # alphabetical formatter + lazygit # git tui mprocs # run long running commands and monitor output navi # cheatsheet browser nb # note taking nil # nix language server nixd # nix language server - nixfmt # nix file formatting + nixfmt-rfc-style # nix file formatting nom # stylistic nix dependency graphs pastel # colour generation pdd # datetime calculations @@ -56,11 +66,10 @@ ripunzip # unzip sd # sed slides # presentations - snitch # netstat ticker # stock ticker tldr # cheat sheets tmpmail # temporary email address - # topydo # todo.txt helper tool + topydo # todo.txt helper tool tt # typing test wtfutil # terminal homepage xh # curl diff --git a/modules/nixos/features/agenix.nix b/modules/nixos/features/agenix.nix index 3c0afae..255124a 100644 --- a/modules/nixos/features/agenix.nix +++ b/modules/nixos/features/agenix.nix @@ -1,14 +1,21 @@ { - # keep-sorted start + config, inputs, + lib, system, userName, - # keep-sorted end ... }: +let + feature = "agenix"; +in { - environment.systemPackages = [ inputs.agenix.packages.${system}.default ]; - age.identityPaths = [ "/home/${userName}/.ssh/id_ed25519" ]; + config = lib.mkIf config.${feature}.enable { + environment.systemPackages = [ inputs.agenix.packages.${system}.default ]; + age.identityPaths = [ "/home/${userName}/.ssh/id_ed25519" ]; + }; imports = [ inputs.agenix.nixosModules.default ]; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/features/amd-gpu.nix b/modules/nixos/features/amd-gpu.nix index e971e21..7d52f28 100644 --- a/modules/nixos/features/amd-gpu.nix +++ b/modules/nixos/features/amd-gpu.nix @@ -1,11 +1,26 @@ { - # load graphics drivers before anything else - boot.initrd.kernelModules = [ "amdgpu" ]; + config, + lib, + pkgs, + ... +}: +let + feature = "amd-gpu"; +in +{ + config = lib.mkIf config.${feature}.enable { - hardware.graphics = { - enable = true; - enable32Bit = true; + # load graphics drivers before anything else + boot.initrd.kernelModules = [ "amdgpu" ]; + + hardware.graphics = { + enable = true; + enable32Bit = true; + extraPackages = with pkgs; [ amdvlk ]; + }; + + services.xserver.videoDrivers = [ "amdgpu" ]; }; - services.xserver.videoDrivers = [ "amdgpu" ]; + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/features/bazarr.nix b/modules/nixos/features/bazarr.nix deleted file mode 100644 index a121fa5..0000000 --- a/modules/nixos/features/bazarr.nix +++ /dev/null @@ -1,38 +0,0 @@ -let - port = 5017; - certloc = "/var/lib/acme/fi33.buzz"; - hostname = "subtitles.fi33.buzz"; - url = "https://${hostname}"; -in -{ - services = { - bazarr = { - enable = true; - dataDir = "/srv/bazarr"; - group = "srv"; - listenPort = port; - }; - - gatus.settings.endpoints = [ - { - name = "Bazarr"; - group = "Media Management"; - inherit url; - interval = "5m"; - conditions = [ - "[STATUS] == 200" - "[CONNECTED] == true" - "[RESPONSE_TIME] < 500" - ]; - alerts = [ { type = "ntfy"; } ]; - } - ]; - - caddy.virtualHosts.${hostname}.extraConfig = '' - reverse_proxy localhost:${toString port} - tls ${certloc}/cert.pem ${certloc}/key.pem { - protocols tls1.3 - } - ''; - }; -} diff --git a/modules/nixos/features/borgbackup.nix b/modules/nixos/features/borgbackup.nix deleted file mode 100644 index c30799a..0000000 --- a/modules/nixos/features/borgbackup.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ - config, - pkgs, - ... -}: -let - jobConfig = { - compression = "auto,zlib"; - doInit = false; - preHook = '' - /run/wrappers/bin/sudo -u postgres ${pkgs.postgresql}/bin/pg_dumpall > /srv/backup/database/postgres/dump.sql - ''; - postHook = '' - rm /srv/backup/database/postgres/dump.sql - ''; - prune.keep = { - daily = 7; - weekly = 4; - monthly = 6; - yearly = 1; - }; - readWritePaths = [ - "/srv/backup" - ]; - startAt = "*-*-* 03:00:00"; - extraCreateArgs = [ "-v" ]; - }; -in -{ - services.borgbackup = { - jobs = { - onsite = { - encryption = { - passCommand = "cat ${config.age.secrets.borgbackup-onsite.path}"; - mode = "repokey-blake2"; - }; - removableDevice = true; - repo = "/mnt/external/backup/take2"; - } - // jobConfig; - offsite = { - encryption = { - passCommand = "cat ${config.age.secrets.borgbackup-offsite.path}"; - mode = "repokey-blake2"; - }; - environment.BORG_RSH = "ssh -i /home/srv/.ssh/id_ed25519"; - repo = "ssh://vuc5c3xq@vuc5c3xq.repo.borgbase.com/./repo"; - } - // jobConfig; - }; - }; - - age.secrets = { - borgbackup-onsite.file = ../../../secrets/borgbackup-onsite.age; - borgbackup-offsite.file = ../../../secrets/borgbackup-offsite.age; - }; -} diff --git a/modules/nixos/features/borgmatic.nix b/modules/nixos/features/borgmatic.nix index 112eeda..d7c60b6 100644 --- a/modules/nixos/features/borgmatic.nix +++ b/modules/nixos/features/borgmatic.nix @@ -1,82 +1,92 @@ { - # keep-sorted start config, lib, - # keep-sorted end ... }: +let + feature = "borgmatic"; +in { - # service - services.borgmatic = { - enable = true; - settings = { - # keep-sorted start block=yes - compression = "auto,zlib"; - encryption_passcommand = "cat ${config.age.secrets.borgmatic.path}"; - keep_daily = 7; - keep_monthly = 6; - keep_weekly = 4; - keep_yearly = 1; - ntfy = { - topic = "backups"; - server = config.services.ntfy-sh.settings.base-url; - username = "borgmatic"; - password = "{credential file ${config.age.secrets.borgmatic-ntfy.path}}"; - finish = { - title = "Ping!"; - message = "Your backups have succeeded :)"; - tags = "tada,BorgBackup,Server"; + config = lib.mkIf config.${feature}.enable { + # service + services.borgmatic = { + enable = true; + settings = { + # keep-sorted start block=yes + compression = "auto,zlib"; + encryption_passcommand = "cat ${config.age.secrets.borgmatic.path}"; + keep_daily = 7; + keep_monthly = 6; + keep_weekly = 4; + keep_yearly = 1; + ntfy = { + topic = "backups"; + server = config.services.ntfy-sh.settings.base-url; + finish = { + title = "Ping!"; + message = "Your backups have succeeded :)"; + tags = "tada,BorgBackup,Server"; + }; + fail = { + title = "Ping!"; + message = "Your backups have failed :("; + tags = "rotating_light,BorgBackup,Server"; + }; + states = [ + "finish" + "fail" + ]; }; - fail = { - title = "Ping!"; - message = "Your backups have failed :("; - tags = "rotating_light,BorgBackup,Server"; - }; - states = [ - "finish" - "fail" + repositories = [ + { + path = "/backup/repo"; + label = "onsite"; + # encryption = "repokey-blake2"; + } + { + path = "ssh://vuc5c3xq@vuc5c3xq.repo.borgbase.com/./repo"; + label = "offsite"; + # encryption = "repokey-blake2"; + } ]; + retries = 3; + retry_wait = 10; + ssh_command = "ssh -i /home/srv/.ssh/id_ed25519"; + # keep-sorted end }; - relocated_repo_access_is_ok = true; - repositories = [ - { - path = "/mnt/external/backup/repo"; - label = "onsite"; - } - { - path = "ssh://vuc5c3xq@vuc5c3xq.repo.borgbase.com/./repo"; - label = "offsite"; - } - ]; - retries = 3; - retry_wait = 10; - ssh_command = "ssh -i /home/srv/.ssh/id_ed25519"; - # keep-sorted end + }; + + # postgres + services.postgresql.ensureUsers = [ + { + name = "root"; + } + ]; + systemd.services.postgresql.postStart = lib.mkAfter '' + /run/current-system/sw/bin/psql postgres -c "GRANT pg_read_all_data TO root" + ''; + systemd.services.borgmatic.path = [ + config.services.postgresql.package + ]; + + # credentials + systemd.services.borgmatic.serviceConfig.LoadCredential = [ + "borgmatic-pg:${config.age.secrets.borgmatic-pg.path}" + ]; + + # onsite drive + services.udisks2.enable = true; + fileSystems."/backup" = { + device = "/dev/disk/by-uuid/d3b3d7dc-d634-4327-9ea2-9d8daa4ecf4e"; + fsType = "ext4"; + }; + + # secrets + age.secrets = { + "borgmatic".file = ../../../secrets/borgmatic.age; + "borgmatic-pg".file = ../../../secrets/borgmatic-pg.age; }; }; - # postgres - services.postgresql.ensureUsers = [ - { - name = "root"; - } - ]; - systemd.services.postgresql.postStart = lib.mkAfter '' - /run/current-system/sw/bin/psql postgres -c "GRANT pg_read_all_data TO root" - ''; - systemd.services.borgmatic.path = [ - config.services.postgresql.package - ]; - - # credentials - systemd.services.borgmatic.serviceConfig.LoadCredential = [ - "borgmatic-pg:${config.age.secrets.borgmatic-pg.path}" - ]; - - # secrets - age.secrets = { - "borgmatic".file = ../../../secrets/borgmatic.age; - "borgmatic-ntfy".file = ../../../secrets/borgmatic-ntfy.age; - "borgmatic-pg".file = ../../../secrets/borgmatic-pg.age; - }; + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/features/caddy.nix b/modules/nixos/features/caddy.nix deleted file mode 100644 index 4c8978a..0000000 --- a/modules/nixos/features/caddy.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ - config, - ... -}: -{ - services.caddy = { - enable = true; - dataDir = "/srv/caddy"; - globalConfig = '' - auto_https disable_redirects - ''; - openFirewall = true; - }; - - security.acme = { - acceptTerms = true; - defaults.email = "festive-steed-fit@duck.com"; - certs."fi33.buzz" = { - group = config.services.caddy.group; - domain = "fi33.buzz"; - extraDomainNames = [ "*.fi33.buzz" ]; - dnsProvider = "porkbun"; - dnsPropagationCheck = true; - credentialsFile = config.age.secrets."porkbun-api".path; - }; - }; - - age.secrets."porkbun-api".file = ../../../secrets/porkbun-api.age; -} diff --git a/modules/nixos/features/copyparty.nix b/modules/nixos/features/copyparty.nix index 1eff57b..8f204ac 100644 --- a/modules/nixos/features/copyparty.nix +++ b/modules/nixos/features/copyparty.nix @@ -1,70 +1,67 @@ { - # keep-sorted start config, + lib, inputs, - # keep-sorted end ... }: let - port = 5000; - certloc = "/var/lib/acme/fi33.buzz"; - hostname = "files.fi33.buzz"; - url = "https://${hostname}"; + feature = "copyparty"; + port = "5000"; in { imports = [ inputs.copyparty.nixosModules.default ]; - services = { - copyparty = { - enable = true; - settings = { - z = true; - e2dsa = true; - e2ts = true; - e2vu = true; - p = port; - xff-hdr = "x-forwarded-for"; - rproxy = 1; + config = lib.mkIf config.${feature}.enable { + services = { + # service + copyparty = { + enable = true; + settings = { + z = true; + e2dsa = true; + e2ts = true; + e2vu = true; + p = lib.toInt port; + }; + + accounts = { + will = { + passwordFile = config.age.secrets.copyparty-will.path; + }; + }; + + volumes = { + "/" = { + path = "/srv/copyparty"; + access = { + r = "*"; + A = [ "will" ]; + }; + }; + }; }; - accounts.Impatient7119.passwordFile = config.age.secrets.copyparty.path; - - volumes."/" = { - path = "/srv/copyparty"; - access = { - A = [ "Impatient7119" ]; + # reverse proxy + nginx = { + virtualHosts."${feature}.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/" = { + proxyPass = "http://localhost:${port}"; + # proxyWebsockets = true; + }; }; }; }; - gatus.settings.endpoints = [ - { - name = "copyparty"; - group = "Private Services"; - inherit url; - interval = "5m"; - conditions = [ - "[STATUS] == 200" - "[CONNECTED] == true" - "[RESPONSE_TIME] < 500" - ]; - alerts = [ { type = "ntfy"; } ]; - } - ]; + # secrets + age.secrets."copyparty-will" = { + file = ../../../secrets/copyparty-will.age; + owner = "copyparty"; + }; - caddy.virtualHosts.${hostname}.extraConfig = '' - reverse_proxy localhost:${toString port} - tls ${certloc}/cert.pem ${certloc}/key.pem { - protocols tls1.3 - } - ''; + nixpkgs.overlays = [ inputs.copyparty.overlays.default ]; }; - # secrets - age.secrets."copyparty" = { - file = ../../../secrets/copyparty.age; - owner = "copyparty"; - }; - - nixpkgs.overlays = [ inputs.copyparty.overlays.default ]; + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/features/couchdb.nix b/modules/nixos/features/couchdb.nix index a5edbb0..8206732 100644 --- a/modules/nixos/features/couchdb.nix +++ b/modules/nixos/features/couchdb.nix @@ -1,62 +1,60 @@ +{ + config, + lib, + ... +}: let - port = 5984; - certloc = "/var/lib/acme/fi33.buzz"; - hostname = "couchdb.fi33.buzz"; - url = "https://${hostname}"; + feature = "couchdb"; + port = "5984"; in { - services = { - couchdb = { - enable = true; - databaseDir = "/srv/couchdb"; - viewIndexDir = "/srv/couchdb"; - configFile = "/srv/couchdb"; - inherit port; - extraConfig = { - chttpd = { - require_valid_user = true; - enable_cors = true; - max_http_request_size = 4294967296; + config = lib.mkIf config.${feature}.enable { + services = { + # service + couchdb = { + enable = true; + databaseDir = "/srv/couchdb"; + viewIndexDir = "/srv/couchdb"; + configFile = "/srv/couchdb"; + port = lib.toInt port; + extraConfig = { + chttpd = { + require_valid_user = true; + enable_cors = true; + max_http_request_size = 4294967296; + }; + + chttpd_auth.require_valid_user = true; + + httpd = { + WWW-Authenticate = ''Basic realm="couchdb"''; + enable_cors = true; + }; + + couchdb.max_document_size = 50000000; + + cors = { + credentials = true; + origins = '' + app://obsidian.md,capacitor://localhost,http://localhost,https://localhost,capacitor://couchdb.fi33.buzz,http://couchdb.fi33.buzz,https://couchdb.fi33.buzz + ''; + }; }; + }; - chttpd_auth.require_valid_user = true; - - httpd = { - WWW-Authenticate = ''Basic realm="couchdb"''; - enable_cors = true; - }; - - couchdb.max_document_size = 50000000; - - cors = { - credentials = true; - origins = '' - app://obsidian.md,capacitor://localhost,http://localhost,https://localhost,capacitor://${hostname},http://${hostname},${url} - ''; + # reverse proxy + nginx = { + virtualHosts."${feature}.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/" = { + proxyPass = "http://localhost:${port}"; + # proxyWebsockets = true; + }; }; }; }; - - gatus.settings.endpoints = [ - { - name = "CouchDB"; - group = "Private Services"; - inherit url; - interval = "5m"; - conditions = [ - "[STATUS] == 401" - "[CONNECTED] == true" - "[RESPONSE_TIME] < 500" - ]; - alerts = [ { type = "ntfy"; } ]; - } - ]; - - caddy.virtualHosts.${hostname}.extraConfig = '' - reverse_proxy localhost:${toString port} - tls ${certloc}/cert.pem ${certloc}/key.pem { - protocols tls1.3 - } - ''; }; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/features/cryptpad.nix b/modules/nixos/features/cryptpad.nix deleted file mode 100644 index be8c7ad..0000000 --- a/modules/nixos/features/cryptpad.nix +++ /dev/null @@ -1,66 +0,0 @@ -let - httpPort = 5022; - websocketPort = 5024; - certloc = "/var/lib/acme/fi33.buzz"; - hostname = "cryptpad.fi33.buzz"; - url = "https://${hostname}"; -in -{ - services = { - cryptpad = { - enable = true; - settings = { - inherit httpPort; - inherit websocketPort; - httpUnsafeOrigin = url; - httpSafeOrigin = "https://cryptpad-ui.fi33.buzz"; - inactiveTime = 7; - archiveRetentionTime = 7; - accountRetentionTime = 7; - }; - }; - - gatus.settings.endpoints = [ - { - name = "CryptPad"; - group = "Public Services"; - inherit url; - interval = "5m"; - conditions = [ - "[STATUS] == 200" - "[CONNECTED] == true" - "[RESPONSE_TIME] < 500" - ]; - alerts = [ { type = "ntfy"; } ]; - } - ]; - - caddy.virtualHosts."${hostname} cryptpad-ui.fi33.buzz".extraConfig = '' - header Strict-Transport-Security "includeSubDomains; preload" - - handle /cryptpad_websocket* { - reverse_proxy localhost:${toString websocketPort} { - header_up Host {host} - header_up X-Real-IP {remote_host} - } - } - - handle { - reverse_proxy localhost:${toString httpPort} { - header_up Host {host} - header_up X-Real-IP {remote_host} - } - } - - @register { - host ${hostname} - path /register* - } - respond @register 403 - - tls ${certloc}/cert.pem ${certloc}/key.pem { - protocols tls1.3 - } - ''; - }; -} diff --git a/modules/nixos/features/external-speakers.nix b/modules/nixos/features/external-speakers.nix index cec34dc..2b70586 100644 --- a/modules/nixos/features/external-speakers.nix +++ b/modules/nixos/features/external-speakers.nix @@ -1,5 +1,17 @@ { - boot.extraModprobeConfig = '' - options snd_hda_intel power_save=0 - ''; + config, + lib, + ... +}: +let + feature = "external-speakers"; +in +{ + config = lib.mkIf config.${feature}.enable { + boot.extraModprobeConfig = '' + options snd_hda_intel power_save=0 + ''; + }; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/features/fi33.buzz.nix b/modules/nixos/features/fi33.buzz.nix deleted file mode 100644 index 947026e..0000000 --- a/modules/nixos/features/fi33.buzz.nix +++ /dev/null @@ -1,19 +0,0 @@ -let - certloc = "/var/lib/acme/fi33.buzz"; - hostname = "www.fi33.buzz"; -in -{ - # TODO why can't I serve content on fi33.buzz? dns propagation issue? - services.caddy.virtualHosts = { - "fi33.buzz".extraConfig = '' - redir https://www.fi33.buzz{uri} permanent - ''; - ${hostname}.extraConfig = '' - root * /srv/fi33.buzz/public - file_server - tls ${certloc}/cert.pem ${certloc}/key.pem { - protocols tls1.3 - } - ''; - }; -} diff --git a/modules/nixos/features/firefly.nix b/modules/nixos/features/firefly.nix deleted file mode 100644 index c32df14..0000000 --- a/modules/nixos/features/firefly.nix +++ /dev/null @@ -1,50 +0,0 @@ -{ - config, - ... -}: -let - certloc = "/var/lib/acme/fi33.buzz"; -in -{ - services = { - firefly-iii = { - enable = true; - dataDir = "/srv/firefly"; - group = config.services.caddy.group; - settings = { - # keep-sorted start - ALLOW_WEBHOOKS = "true"; - APP_KEY_FILE = config.age.secrets.firefly.path; - APP_URL = "https://firefly.fi33.buzz"; - DEFAULT_LANGUAGE = "en_GB"; - REPORT_ERRORS_ONLINE = "false"; - TRUSTED_PROXIES = "**"; - TZ = "Australia/Melbourne"; - # keep-sorted end - }; - }; - - caddy.virtualHosts."firefly.fi33.buzz".extraConfig = '' - root * ${config.services.firefly-iii.package}/public - php_fastcgi unix//${config.services.phpfpm.pools.firefly-iii.socket} - try_files {path} {path}/ /index.php?{query} - file_server { - index index.php - } - tls ${certloc}/cert.pem ${certloc}/key.pem { - protocols tls1.3 - } - ''; - }; - - age.secrets = { - firefly = { - file = ../../../secrets/firefly.age; - owner = "firefly-iii"; - }; - firefly-db = { - file = ../../../secrets/firefly-db.age; - owner = "firefly-iii"; - }; - }; -} diff --git a/modules/nixos/features/flaresolverr.nix b/modules/nixos/features/flaresolverr.nix new file mode 100644 index 0000000..84124f4 --- /dev/null +++ b/modules/nixos/features/flaresolverr.nix @@ -0,0 +1,34 @@ +{ + config, + lib, + ... +}: +let + feature = "flaresolverr"; + port = "5011"; +in +{ + config = lib.mkIf config.${feature}.enable { + services = { + # service + flaresolverr = { + enable = true; + port = lib.toInt port; + }; + + # reverse proxy + nginx = { + virtualHosts."${feature}.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/" = { + proxyPass = "http://localhost:${port}"; + # proxyWebsockets = true; + }; + }; + }; + }; + }; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; +} diff --git a/modules/nixos/features/fonts.nix b/modules/nixos/features/fonts.nix index d910799..52f5712 100644 --- a/modules/nixos/features/fonts.nix +++ b/modules/nixos/features/fonts.nix @@ -1,10 +1,21 @@ { + config, + lib, pkgs, ... }: +let + feature = "fonts"; +in { - fonts.packages = with pkgs; [ - nerd-fonts.jetbrains-mono - inter-nerdfont - ]; + config = lib.mkIf config.${feature}.enable { + fonts.packages = with pkgs; [ + nerd-fonts.jetbrains-mono + inter-nerdfont + ]; + }; + + imports = [ ]; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/features/gaming.nix b/modules/nixos/features/gaming.nix index 94c90ae..d09fc85 100644 --- a/modules/nixos/features/gaming.nix +++ b/modules/nixos/features/gaming.nix @@ -1,34 +1,44 @@ { + config, + lib, pkgs, ... }: +let + feature = "gaming"; +in { - environment.systemPackages = with pkgs; [ - # keep-sorted start - heroic - mangohud - prismlauncher - protonup-qt - wine - wine64 - winetricks - # keep-sorted end - ]; + config = lib.mkIf config.${feature}.enable { + environment.systemPackages = with pkgs; [ + # keep-sorted start + heroic + lutris + mangohud + nexusmods-app + prismlauncher + protonup-qt + wine + wine64 + winetricks + # keep-sorted end + ]; - programs = { - gamemode.enable = true; - gamescope.enable = true; - steam = { - enable = true; - gamescopeSession.enable = true; + programs = { + gamemode.enable = true; + steam = { + enable = true; + gamescopeSession.enable = true; + }; }; + + services.lact = { + enable = true; + settings = { }; + }; + + # latest kernel + boot.kernelPackages = pkgs.linuxPackages_latest; }; - services.lact = { - enable = true; - settings = { }; - }; - - # latest kernel - # boot.kernelPackages = pkgs.linuxPackages_latest; + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/features/gatus.nix b/modules/nixos/features/gatus.nix deleted file mode 100644 index 2fe39ce..0000000 --- a/modules/nixos/features/gatus.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ - config, - ... -}: -let - port = 5025; - certloc = "/var/lib/acme/fi33.buzz"; - hostname = "status.fi33.buzz"; - url = "https://${hostname}"; -in -{ - services = { - gatus = { - enable = true; - environmentFile = config.age.secrets.gatus.path; - settings = { - alerting = { - ntfy = { - topic = "services"; - url = config.services.ntfy-sh.settings.base-url; - token = "$NTFY_TOKEN"; - click = url; - default-alert = { - description = "Health Check Failed"; - send-on-resolved = true; - }; - }; - }; - connectivity.checker = { - target = "1.1.1.1:53"; - interval = "60s"; - }; - ui = { - title = "Health Dashboard | Fi33Buzz"; - description = "Fi33Buzz health dashboard"; - dashboard-heading = ""; - dashboard-subheading = ""; - header = "Fi33Buzz Status"; - link = "https://home.fi33.buzz/"; - default-sort-by = "group"; - }; - web.port = port; - }; - }; - - caddy.virtualHosts.${hostname}.extraConfig = '' - reverse_proxy localhost:${toString port} - tls ${certloc}/cert.pem ${certloc}/key.pem { - protocols tls1.3 - } - ''; - }; - - age.secrets.gatus.file = ../../../secrets/gatus.age; -} diff --git a/modules/nixos/features/gnome.nix b/modules/nixos/features/gnome.nix index f1720d2..192d0c6 100644 --- a/modules/nixos/features/gnome.nix +++ b/modules/nixos/features/gnome.nix @@ -1,50 +1,59 @@ { + config, + lib, pkgs, ... }: +let + feature = "gnome"; +in { - services = { - desktopManager.gnome.enable = true; - displayManager.gdm.enable = true; + config = lib.mkIf config.${feature}.enable { + services = { + desktopManager.gnome.enable = true; + displayManager.gdm.enable = true; + }; + + environment = { + # https://discourse.nixos.org/t/howto-disable-most-gnome-default-applications-and-what-they-are/13505 + gnome.excludePackages = with pkgs; [ + # keep-sorted start + # baobab # disk usage analyzer + # cheese # photo booth + # eog # image viewer + epiphany # web browser + evince # document viewer + # file-roller # archive manager + geary # email client + gedit # text editor + gnome-calculator + gnome-calendar + gnome-characters + gnome-clocks + # gnome-disk-utility + gnome-connections + gnome-contacts + gnome-font-viewer + gnome-logs + gnome-maps + gnome-music + gnome-photos + # gnome-screenshot + # gnome-system-monitor + gnome-terminal + gnome-weather + seahorse # password manager + # simple-scan # document scanner + totem # video player + yelp # help viewer + # keep-sorted end + ]; + systemPackages = with pkgs; [ + gnome-tweaks + bibata-cursors + ]; + }; }; - environment = { - # https://discourse.nixos.org/t/howto-disable-most-gnome-default-applications-and-what-they-are/13505 - gnome.excludePackages = with pkgs; [ - # keep-sorted start - # baobab # disk usage analyzer - # cheese # photo booth - # eog # image viewer - epiphany # web browser - evince # document viewer - # file-roller # archive manager - geary # email client - gedit # text editor - gnome-calculator - gnome-calendar - gnome-characters - gnome-clocks - # gnome-disk-utility - gnome-connections - gnome-contacts - gnome-font-viewer - gnome-logs - gnome-maps - gnome-music - gnome-photos - # gnome-screenshot - # gnome-system-monitor - gnome-terminal - gnome-weather - seahorse # password manager - # simple-scan # document scanner - totem # video player - yelp # help viewer - # keep-sorted end - ]; - systemPackages = with pkgs; [ - gnome-tweaks - bibata-cursors - ]; - }; + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/features/homepage-dashboard.nix b/modules/nixos/features/homepage-dashboard.nix index 3516600..9ecbb23 100644 --- a/modules/nixos/features/homepage-dashboard.nix +++ b/modules/nixos/features/homepage-dashboard.nix @@ -1,13 +1,12 @@ { - # keep-sorted start config, lib, pkgs, - # keep-sorted end ... }: let - port = 5004; + feature = "homepage-dashboard"; + port = "5004"; genSecrets = secrets: lib.genAttrs secrets (secret: { @@ -25,441 +24,290 @@ let # keep-sorted start "immich" "jellyfin" - "kavita-api" "lidarr" - "mealie" "miniflux" - "nzbget" "paperless" "prowlarr" "radarr" - "readarr" "sonarr" - "subtitles" # keep-sorted end ]; - certloc = "/var/lib/acme/fi33.buzz"; - hostname = "home.fi33.buzz"; - url = "https://${hostname}"; in { - services = { - homepage-dashboard = { - enable = true; - listenPort = port; - allowedHosts = hostname; - services = [ - { - "Public Services" = [ - { - CryptPad = { - description = "Collaborative office suite"; - icon = "cryptpad.svg"; - href = "https://cryptpad.fi33.buzz/"; - siteMonitor = "https://cryptpad.fi33.buzz/"; - }; - } - { - LibreTranslate = { - description = "Machine Translation API"; - icon = "libretranslate.svg"; - href = "https://translate.fi33.buzz/"; - siteMonitor = "https://translate.fi33.buzz/"; - }; - } - { - Send = { - description = "Simple, private file sharing"; - icon = "send.svg"; - href = "https://send.fi33.buzz/"; - siteMonitor = "https://send.fi33.buzz/"; - }; - } - ]; - } - { - "Media Management" = [ - { - Radarr = { - description = "Movie organizer/manager"; - icon = "radarr.svg"; - href = "https://movies.fi33.buzz/"; - siteMonitor = "https://movies.fi33.buzz/"; - widget = { - type = "radarr"; - url = "https://movies.fi33.buzz/"; - key = "@radarr@"; - enableQueue = true; - }; - }; - } - { - Sonarr = { - description = "Smart PVR"; - icon = "sonarr.svg"; - href = "https://shows.fi33.buzz/"; - siteMonitor = "https://shows.fi33.buzz/"; - widget = { - type = "sonarr"; - url = "https://shows.fi33.buzz/"; - key = "@sonarr@"; - enableQueue = true; - }; - }; - } - { - Lidarr = { - description = "Like Sonarr but made for music"; - icon = "lidarr.svg"; - href = "https://music.fi33.buzz/"; - siteMonitor = "https://music.fi33.buzz/"; - widget = { - type = "lidarr"; - url = "https://music.fi33.buzz/"; - key = "@lidarr@"; - enableQueue = true; - }; - }; - } - { - Readarr = { - description = "Book Manager and Automation"; - icon = "readarr.svg"; - href = "https://books.fi33.buzz/"; - siteMonitor = "https://books.fi33.buzz/"; - widget = { - type = "readarr"; - url = "https://books.fi33.buzz/"; - key = "@readarr@"; - enableQueue = true; - }; - }; - } - { - Bazarr = { - description = "Subtitle manager and downloader"; - icon = "bazarr.svg"; - href = "https://subtitles.fi33.buzz/"; - siteMonitor = "https://subtitles.fi33.buzz/"; - widget = { - type = "bazarr"; - url = "https://subtitles.fi33.buzz/"; - key = "@subtitles@"; - }; - }; - } - { - Prowlarr = { - description = "Indexer manager/proxy"; - icon = "prowlarr.svg"; - href = "https://prowlarr.fi33.buzz/"; - siteMonitor = "https://prowlarr.fi33.buzz/"; - widget = { - type = "prowlarr"; - url = "https://prowlarr.fi33.buzz/"; - key = "@prowlarr@"; - }; - }; - } - { - NZBget = { - description = "Usenet Downloader"; - icon = "nzbget.svg"; - href = "https://usenet.fi33.buzz/"; - siteMonitor = "https://usenet.fi33.buzz/"; - widget = { - type = "nzbget"; - url = "https://usenet.fi33.buzz/"; - username = "nzbget"; - password = "@nzbget@"; - }; - }; - } - { - qBittorrent = { - description = "BitTorrent client"; - icon = "qbittorrent.svg"; - href = "https://bittorrent.fi33.buzz/"; - siteMonitor = "https://bittorrent.fi33.buzz/"; - }; - } - ]; - } - { - "Private Services" = [ - { - copyparty = { - description = "Portable file server"; - icon = "sh-copyparty.svg"; - href = "https://files.fi33.buzz/"; - siteMonitor = "https://files.fi33.buzz/"; - }; - } - { - CouchDB = { - description = "Syncing database"; - icon = "couchdb.svg"; - href = "https://couchdb.fi33.buzz/_utils/"; - siteMonitor = "https://couchdb.fi33.buzz/_utils/"; - }; - } - { - Mealie = { - description = "Recipe manager and meal planner"; - icon = "mealie.svg"; - href = "https://mealie.fi33.buzz/"; - siteMonitor = "https://mealie.fi33.buzz/"; - widget = { - type = "mealie"; - url = "https://mealie.fi33.buzz/"; - version = 2; - key = "@mealie@"; - }; - }; - } - { - ntfy = { - description = "Send push notifications using PUT/POST"; - icon = "ntfy.svg"; - href = "https://notify.fi33.buzz/"; - siteMonitor = "https://notify.fi33.buzz/"; - }; - } - { - Radicale = { - description = "A simple CalDAV (calendar) and CardDAV (contact) server"; - icon = "radicale.svg"; - href = "https://caldav.fi33.buzz"; - siteMonitor = "https://caldav.fi33.buzz"; - }; - } - { - Syncthing = { - description = "Open Source Continuous File Synchronization"; - icon = "syncthing.svg"; - href = "https://sync.fi33.buzz/"; - siteMonitor = "https://sync.fi33.buzz/"; - }; - } - { - Vaultwarden = { - description = "Unofficial Bitwarden compatible server"; - icon = "vaultwarden.svg"; - href = "https://vault.fi33.buzz/"; - siteMonitor = "https://vault.fi33.buzz/"; - }; - } - ]; - } - { - "Media Streaming" = [ - { - Immich = { - description = "Photo and video management solution"; - icon = "immich.svg"; - href = "https://photos.fi33.buzz/"; - siteMonitor = "https://photos.fi33.buzz/"; - widget = { - type = "immich"; - fields = [ - "users" - "photos" - "videos" - "storage" - ]; - url = "https://photos.fi33.buzz/"; - version = 2; - key = "@immich@"; - }; - }; - } - { - Jellyfin = { - description = "Media System"; - icon = "jellyfin.svg"; - href = "https://media.fi33.buzz/"; - siteMonitor = "https://media.fi33.buzz/"; - widget = { - type = "jellyfin"; - url = "https://media.fi33.buzz/"; - key = "@jellyfin@"; - enableBlocks = true; - enableNowPlaying = true; - enableUser = true; - showEpisodeNumber = true; - expandOneStreamToTwoRows = false; - }; - }; - } - { - Kavita = { - description = "Reading server"; - icon = "kavita.svg"; - href = "https://library.fi33.buzz/"; - siteMonitor = "https://library.fi33.buzz/"; - widget = { - type = "kavita"; - url = "https://library.fi33.buzz/"; - key = "@kavita-api@"; - }; - }; - } - { - Miniflux = { - description = "Feed reader"; - icon = "miniflux.svg"; - href = "https://feeds.fi33.buzz/"; - siteMonitor = "https://feeds.fi33.buzz/"; - widget = { - type = "miniflux"; - url = "https://feeds.fi33.buzz/"; - key = "@miniflux@"; - }; - }; - } - { - Paperless = { - description = "Document management system"; - icon = "paperless.svg"; - href = "https://documents.fi33.buzz/"; - siteMonitor = "https://documents.fi33.buzz/"; - widget = { - type = "paperlessngx"; - url = "https://documents.fi33.buzz/"; - username = "admin"; - password = "@paperless@"; - }; - }; - } - ]; - } - { - Utilities = [ - { - Gatus = { - description = "Status page"; - icon = "gatus.svg"; - href = "https://status.fi33.buzz/"; - siteMonitor = "https://status.fi33.buzz/"; - widget = { - type = "gatus"; - url = "https://status.fi33.buzz/"; - }; - }; - } - { - NanoKVM = { - description = "Remote KVM switch"; - icon = "mdi-console.svg"; - href = "http://nano-kvm/"; - }; - } - ]; - } - ]; - settings = { - title = "Mission Control"; - theme = "dark"; - color = "neutral"; - headerStyle = "clean"; - hideVersion = true; - layout = [ + config = lib.mkIf config.${feature}.enable { + services = { + # service + homepage-dashboard = { + enable = true; + listenPort = lib.toInt port; + allowedHosts = "homepage-dashboard.fi33.buzz"; + services = [ + # keep-sorted start block=yes { - "Public Services" = { - style = "row"; - columns = 3; - useEqualHeights = true; + "Cloud Services" = [ + { + "copyparty" = { + "description" = "Cloud file manager"; + "icon" = "sh-copyparty.svg"; + "href" = "https://copyparty.fi33.buzz/"; + }; + } + { + "CouchDB" = { + "description" = "Obsidian sync database"; + "icon" = "couchdb.svg"; + "href" = "https://couchdb.fi33.buzz/_utils/"; + }; + } + { + "ntfy" = { + "description" = "Notification service"; + "icon" = "ntfy.svg"; + "href" = "https://ntfy-sh.fi33.buzz/"; + }; + } + { + "Syncthing" = { + "description" = "Decentralised file synchronisation"; + "icon" = "syncthing.svg"; + "href" = "https://syncthing.fi33.buzz/"; + }; + } + { + "qBittorrent" = { + "description" = "BitTorrent client"; + "icon" = "qbittorrent.svg"; + "href" = "https://qbittorrent.fi33.buzz/"; + }; + } + { + "Vaultwarden" = { + "description" = "Password manager"; + "icon" = "vaultwarden.svg"; + "href" = "https://vaultwarden.fi33.buzz/"; + }; + } + ]; + } + { + "Media Management" = [ + { + "Lidarr" = { + "description" = "Music collection manager"; + "icon" = "lidarr.svg"; + "href" = "https://lidarr.fi33.buzz/"; + "widget" = { + "type" = "lidarr"; + "url" = "https://lidarr.fi33.buzz/"; + "key" = "@lidarr@"; + "enableQueue" = true; + }; + }; + } + { + "Prowlarr" = { + "description" = "Indexer management tool"; + "icon" = "prowlarr.svg"; + "href" = "https://prowlarr.fi33.buzz/"; + "widget" = { + "type" = "prowlarr"; + "url" = "https://prowlarr.fi33.buzz/"; + "key" = "@prowlarr@"; + }; + }; + } + { + "Radarr" = { + "description" = "Movie collection manager"; + "icon" = "radarr.svg"; + "href" = "https://radarr.fi33.buzz/"; + "widget" = { + "type" = "radarr"; + "url" = "https://radarr.fi33.buzz/"; + "key" = "@radarr@"; + "enableQueue" = true; + }; + }; + } + { + "Sonarr" = { + "description" = "TV show collection manager"; + "icon" = "sonarr.svg"; + "href" = "https://sonarr.fi33.buzz/"; + "widget" = { + "type" = "sonarr"; + "url" = "https://sonarr.fi33.buzz/"; + "key" = "@sonarr@"; + "enableQueue" = true; + }; + }; + } + ]; + } + { + "Media Streaming" = [ + { + "Immich" = { + "description" = "Photo backup"; + "icon" = "immich.svg"; + "href" = "https://immich.fi33.buzz/"; + "widget" = { + "type" = "immich"; + "fields" = [ + "users" + "photos" + "videos" + "storage" + ]; + "url" = "https://immich.fi33.buzz/"; + "version" = 2; + "key" = "@immich@"; + }; + }; + } + { + "Jellyfin" = { + "description" = "Media streaming"; + "icon" = "jellyfin.svg"; + "href" = "https://jellyfin.fi33.buzz/"; + "widget" = { + "type" = "jellyfin"; + "url" = "https://jellyfin.fi33.buzz/"; + "key" = "@jellyfin@"; + "enableBlocks" = true; + "enableNowPlaying" = true; + "enableUser" = true; + "showEpisodeNumber" = true; + "expandOneStreamToTwoRows" = false; + }; + }; + } + { + "Miniflux" = { + "description" = "RSS aggregator"; + "icon" = "miniflux.svg"; + "href" = "https://miniflux.fi33.buzz/"; + "widget" = { + "type" = "miniflux"; + "url" = "https://miniflux.fi33.buzz/"; + "key" = "@miniflux@"; + }; + }; + } + { + "Paperless" = { + "description" = "Digital filing cabinet"; + "icon" = "paperless.svg"; + "href" = "https://paperless.fi33.buzz/"; + "widget" = { + "type" = "paperlessngx"; + "url" = "https://paperless.fi33.buzz/"; + "username" = "admin"; + "password" = "@paperless@"; + }; + }; + } + ]; + } + { + "Utilities" = [ + { + "NanoKVM" = { + "description" = "Remote KVM switch"; + "icon" = "mdi-console.svg"; + "href" = "http://nano-kvm/"; + }; + } + ]; + } + # keep-sorted end + ]; + settings = { + title = "Mission Control"; + theme = "dark"; + color = "neutral"; + headerStyle = "clean"; + layout = [ + { + "Media Streaming" = { + style = "row"; + columns = 4; + useEqualHeights = true; + }; + } + { + "Media Management" = { + style = "row"; + columns = 4; + useEqualHeights = true; + }; + } + { + "Cloud Services" = { + style = "row"; + columns = 3; + }; + } + { + "Utilities" = { + style = "row"; + columns = 3; + }; + } + ]; + quicklaunch.searchDescriptions = true; + disableUpdateCheck = true; + showStats = true; + statusStyle = "dot"; + }; + widgets = [ + { + search = { + provider = [ + "duckduckgo" + "brave" + ]; + focus = true; + showSearchSuggestions = true; + target = "_blank"; }; } { - "Private Services" = { - style = "row"; - columns = 3; - useEqualHeights = true; - }; - } - { - "Media Streaming" = { - style = "row"; - columns = 3; - useEqualHeights = true; - }; - } - { - "Media Management" = { - style = "row"; - columns = 3; - useEqualHeights = true; - }; - } - { - Utilities = { - style = "row"; - columns = 3; - useEqualHeights = true; - initiallyCollapsed = true; + resources = { + cpu = true; + memory = true; + disk = [ + "/" + "/backup" + ]; + cputemp = true; + tempmin = 0; + tempmax = 100; + units = "metric"; + network = true; + uptime = true; }; } ]; - quicklaunch.searchDescriptions = true; - disableUpdateCheck = true; - showStats = true; }; - widgets = [ - { - search = { - provider = [ - "duckduckgo" - "brave" - ]; - focus = true; - showSearchSuggestions = true; - target = "_blank"; + + # reverse proxy + nginx = { + virtualHosts."${feature}.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/" = { + proxyPass = "http://localhost:${port}"; + # proxyWebsockets = true; }; - } - { - resources = { - cpu = true; - memory = true; - disk = [ - "/" - "/mnt/external" - ]; - cputemp = true; - tempmin = 0; - tempmax = 100; - units = "metric"; - network = true; - uptime = true; - }; - } - ]; + }; + }; }; - gatus.settings.endpoints = [ - { - name = "Homepage Dashboard"; - group = "Utilities"; - inherit url; - interval = "5m"; - conditions = [ - "[STATUS] == 200" - "[CONNECTED] == true" - "[RESPONSE_TIME] < 500" - ]; - alerts = [ { type = "ntfy"; } ]; - } - ]; - - caddy.virtualHosts.${hostname}.extraConfig = '' - reverse_proxy localhost:${toString port} - tls ${certloc}/cert.pem ${certloc}/key.pem { - protocols tls1.3 - } - ''; + # secrets + age.secrets = genSecrets secrets; + system.activationScripts = insertSecrets secrets; }; - # secrets - age.secrets = genSecrets secrets; - system.activationScripts = insertSecrets secrets; + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/features/immich.nix b/modules/nixos/features/immich.nix index ce89f21..ab72dee 100644 --- a/modules/nixos/features/immich.nix +++ b/modules/nixos/features/immich.nix @@ -1,37 +1,46 @@ +{ + config, + lib, + ... +}: let - port = 2283; - certloc = "/var/lib/acme/fi33.buzz"; - hostname = "photos.fi33.buzz"; - url = "https://${hostname}"; + feature = "immich"; + port = "2283"; in { - services = { - immich = { - enable = true; - inherit port; - mediaLocation = "/srv/immich"; - }; + config = lib.mkIf config.${feature}.enable { + services = { + immich = { + enable = true; + port = builtins.fromJSON "${port}"; + mediaLocation = "/srv/immich"; + }; - gatus.settings.endpoints = [ - { - name = "Immich"; - group = "Media Streaming"; - inherit url; - interval = "5m"; - conditions = [ - "[STATUS] == 200" - "[CONNECTED] == true" - "[RESPONSE_TIME] < 500" + # database backup + borgmatic.settings = { + postgresql_databases = [ + { + name = "immich"; + hostname = "localhost"; + username = "root"; + password = "{credential systemd borgmatic-pg}"; + } ]; - alerts = [ { type = "ntfy"; } ]; - } - ]; + }; - caddy.virtualHosts.${hostname}.extraConfig = '' - reverse_proxy localhost:${toString port} - tls ${certloc}/cert.pem ${certloc}/key.pem { - protocols tls1.3 - } - ''; + nginx = { + clientMaxBodySize = "50000M"; + virtualHosts."${feature}.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/" = { + proxyPass = "http://[::1]:${port}"; + proxyWebsockets = true; + }; + }; + }; + }; }; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/features/intel-gpu.nix b/modules/nixos/features/intel-gpu.nix index c3b95d1..08809d5 100644 --- a/modules/nixos/features/intel-gpu.nix +++ b/modules/nixos/features/intel-gpu.nix @@ -1,21 +1,32 @@ { + config, + lib, pkgs, ... }: +let + feature = "intel-gpu"; +in { - hardware = { - enableAllFirmware = true; - graphics = { - enable = true; - extraPackages = with pkgs; [ - # keep-sorted start - intel-compute-runtime - intel-media-driver - intel-ocl - libva-vdpau-driver - vpl-gpu-rt - # keep-sorted end - ]; + config = lib.mkIf config.${feature}.enable { + hardware = { + enableAllFirmware = true; + graphics = { + enable = true; + extraPackages = with pkgs; [ + # keep-sorted start + intel-compute-runtime + intel-media-driver + intel-ocl + libva-vdpau-driver + vpl-gpu-rt + # keep-sorted end + ]; + }; }; }; + + imports = [ ]; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/features/jellyfin.nix b/modules/nixos/features/jellyfin.nix index 6e1f7b8..a16e1ca 100644 --- a/modules/nixos/features/jellyfin.nix +++ b/modules/nixos/features/jellyfin.nix @@ -1,43 +1,36 @@ +{ + config, + lib, + ... +}: let - port = 8096; - certloc = "/var/lib/acme/fi33.buzz"; - hostname = "media.fi33.buzz"; - url = "https://${hostname}"; + feature = "jellyfin"; + port = "8096"; in { - services = { - jellyfin = { - enable = true; - dataDir = "/srv/jellyfin"; - group = "srv"; + config = lib.mkIf config.${feature}.enable { + services = { + # service + jellyfin = { + enable = true; + dataDir = "/srv/jellyfin"; + group = "media"; + }; + + # reverse proxy + nginx.virtualHosts."${feature}.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/".proxyPass = "http://localhost:${port}"; + }; }; - gatus.settings.endpoints = [ - { - name = "Jellyfin"; - group = "Media Streaming"; - inherit url; - interval = "5m"; - conditions = [ - "[STATUS] == 200" - "[CONNECTED] == true" - "[RESPONSE_TIME] < 500" - ]; - alerts = [ { type = "ntfy"; } ]; - } - ]; - - caddy.virtualHosts.${hostname}.extraConfig = '' - reverse_proxy localhost:${toString port} - tls ${certloc}/cert.pem ${certloc}/key.pem { - protocols tls1.3 - } - ''; + # use intel iGP + systemd.services.jellyfin.environment.LIBVA_DRIVER_NAME = "iHD"; + environment.sessionVariables = { + LIBVA_DRIVER_NAME = "iHD"; + }; }; - # use intel iGP - systemd.services.jellyfin.environment.LIBVA_DRIVER_NAME = "iHD"; - environment.sessionVariables = { - LIBVA_DRIVER_NAME = "iHD"; - }; + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/features/karakeep.nix b/modules/nixos/features/karakeep.nix deleted file mode 100644 index cebc5f8..0000000 --- a/modules/nixos/features/karakeep.nix +++ /dev/null @@ -1,22 +0,0 @@ -let - port = 5014; - certloc = "/var/lib/acme/fi33.buzz"; -in -{ - services = { - karakeep = { - enable = true; - extraEnvironment = { - PORT = toString port; - DISABLE_NEW_RELEASE_CHECK = "true"; - }; - }; - - caddy.virtualHosts."karakeep.fi33.buzz".extraConfig = '' - reverse_proxy localhost:${toString port} - tls ${certloc}/cert.pem ${certloc}/key.pem { - protocols tls1.3 - } - ''; - }; -} diff --git a/modules/nixos/features/kavita.nix b/modules/nixos/features/kavita.nix deleted file mode 100644 index 814cd91..0000000 --- a/modules/nixos/features/kavita.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ - config, - ... -}: -let - port = 5015; - certloc = "/var/lib/acme/fi33.buzz"; - hostname = "library.fi33.buzz"; - url = "https://${hostname}"; -in -{ - services = { - kavita = { - enable = true; - dataDir = "/srv/kavita"; - settings.Port = port; - tokenKeyFile = config.age.secrets.kavita.path; - }; - - gatus.settings.endpoints = [ - { - name = "Kavita"; - group = "Media Streaming"; - inherit url; - interval = "5m"; - conditions = [ - "[STATUS] == 200" - "[CONNECTED] == true" - "[RESPONSE_TIME] < 500" - ]; - alerts = [ { type = "ntfy"; } ]; - } - ]; - - caddy.virtualHosts.${hostname}.extraConfig = '' - reverse_proxy localhost:${toString port} - tls ${certloc}/cert.pem ${certloc}/key.pem { - protocols tls1.3 - } - ''; - }; - - age.secrets.kavita.file = ../../../secrets/kavita.age; -} diff --git a/modules/nixos/features/libretranslate.nix b/modules/nixos/features/libretranslate.nix deleted file mode 100644 index ed20161..0000000 --- a/modules/nixos/features/libretranslate.nix +++ /dev/null @@ -1,37 +0,0 @@ -let - port = 5023; - certloc = "/var/lib/acme/fi33.buzz"; - hostname = "translate.fi33.buzz"; - url = "https://${hostname}"; -in -{ - services = { - libretranslate = { - enable = true; - inherit port; - updateModels = true; - }; - - gatus.settings.endpoints = [ - { - name = "LibreTranslate"; - group = "Public Services"; - inherit url; - interval = "5m"; - conditions = [ - "[STATUS] == 200" - "[CONNECTED] == true" - "[RESPONSE_TIME] < 500" - ]; - alerts = [ { type = "ntfy"; } ]; - } - ]; - - caddy.virtualHosts.${hostname}.extraConfig = '' - reverse_proxy localhost:${toString port} - tls ${certloc}/cert.pem ${certloc}/key.pem { - protocols tls1.3 - } - ''; - }; -} diff --git a/modules/nixos/features/lidarr.nix b/modules/nixos/features/lidarr.nix index 620f684..02574d6 100644 --- a/modules/nixos/features/lidarr.nix +++ b/modules/nixos/features/lidarr.nix @@ -1,40 +1,36 @@ +{ + config, + lib, + ... +}: let - port = 5012; - certloc = "/var/lib/acme/fi33.buzz"; - hostname = "music.fi33.buzz"; - url = "https://${hostname}"; + feature = "lidarr"; + port = "5012"; in { - services = { - lidarr = { - enable = true; - dataDir = "/srv/lidarr"; - settings.server = { - inherit port; + config = lib.mkIf config.${feature}.enable { + services = { + # service + lidarr = { + enable = true; + dataDir = "/srv/lidarr"; + settings.server.port = lib.toInt port; + group = "media"; + }; + + # reverse proxy + nginx = { + virtualHosts."${feature}.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/" = { + proxyPass = "http://localhost:${port}"; + # proxyWebsockets = true; + }; + }; }; - group = "srv"; }; - - gatus.settings.endpoints = [ - { - name = "Lidarr"; - group = "Media Management"; - inherit url; - interval = "5m"; - conditions = [ - "[STATUS] == 200" - "[CONNECTED] == true" - "[RESPONSE_TIME] < 500" - ]; - alerts = [ { type = "ntfy"; } ]; - } - ]; - - caddy.virtualHosts.${hostname}.extraConfig = '' - reverse_proxy localhost:${toString port} - tls ${certloc}/cert.pem ${certloc}/key.pem { - protocols tls1.3 - } - ''; }; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/features/link2c.nix b/modules/nixos/features/link2c.nix index 6bb42ea..6a62718 100644 --- a/modules/nixos/features/link2c.nix +++ b/modules/nixos/features/link2c.nix @@ -1,5 +1,17 @@ { - services.udev.extraRules = '' - ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="2e1a", ATTR{idProduct}=="4c03", TEST=="power/control", ATTR{power/control}="on" - ''; + config, + lib, + ... +}: +let + feature = "link2c"; +in +{ + config = lib.mkIf config.${feature}.enable { + services.udev.extraRules = '' + ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="2e1a", ATTR{idProduct}=="4c03", TEST=="power/control", ATTR{power/control}="on" + ''; + }; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/features/llm.nix b/modules/nixos/features/llm.nix deleted file mode 100644 index fcd470c..0000000 --- a/modules/nixos/features/llm.nix +++ /dev/null @@ -1,46 +0,0 @@ -{ - pkgs, - ... -}: -{ - environment.systemPackages = [ pkgs.ollama-rocm ]; - - services = { - open-webui.enable = true; - - ollama = { - enable = true; - package = pkgs.ollama-rocm; - loadModels = [ - # small - # keep-sorted start - "deepseek-r1:1.5b" - "gemma3:1b" - "gemma3:270m" - "gemma3:4b" - "llama3.2:1b" - "llama3.2:3b" - "ministral-3:3b" - "qwen3:0.6b" - "qwen3:1.7b" - "qwen3:4b" - # keep-sorted end - # medium - # keep-sorted start - "deepseek-r1:7b" - "deepseek-r1:8b" - "llama3.1:8b" - "ministral-3:8b" - "qwen3:8b" - # keep-sorted end - # large - # keep-sorted start - "deepseek-r1:14b" - "gemma3:12b" - "ministral-3:14b" - "qwen3:14b" - # keep-sorted end - ]; - }; - }; -} diff --git a/modules/nixos/features/localisation.nix b/modules/nixos/features/localisation.nix index ea5750f..e00fba5 100644 --- a/modules/nixos/features/localisation.nix +++ b/modules/nixos/features/localisation.nix @@ -1,12 +1,21 @@ +{ config, lib, ... }: +let + feature = "localisation"; +in { - i18n = { - defaultLocale = "en_AU.UTF-8"; - extraLocales = [ - "en_GB.UTF-8/UTF-8" - "en_US.UTF-8/UTF-8" - ]; - extraLocaleSettings.LC_ALL = "en_GB.UTF-8"; + config = lib.mkIf config.${feature}.enable { + i18n = { + defaultLocale = "en_AU.UTF-8"; + supportedLocales = [ + "en_US.UTF-8/UTF-8" + "en_AU.UTF-8/UTF-8" + ]; + }; + + time.timeZone = "Australia/Melbourne"; }; - time.timeZone = "Australia/Melbourne"; + imports = [ ]; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/features/mealie.nix b/modules/nixos/features/mealie.nix deleted file mode 100644 index 324c241..0000000 --- a/modules/nixos/features/mealie.nix +++ /dev/null @@ -1,53 +0,0 @@ -{ - pkgs, - ... -}: -let - port = 5026; - certloc = "/var/lib/acme/fi33.buzz"; - hostname = "mealie.fi33.buzz"; - url = "https://${hostname}"; -in -{ - services = { - mealie = { - enable = true; - inherit port; - settings = { - TZ = "Australia/Melbourne"; - ALLOW_SIGNUP = "false"; - }; - }; - - gatus.settings.endpoints = [ - { - name = "Mealie"; - group = "Private Services"; - inherit url; - interval = "5m"; - conditions = [ - "[STATUS] == 200" - "[CONNECTED] == true" - "[RESPONSE_TIME] < 500" - ]; - alerts = [ { type = "ntfy"; } ]; - } - ]; - - borgbackup.jobs = { - onsite = { - paths = [ "/var/lib/mealie" ]; - }; - offsite = { - paths = [ "/var/lib/mealie" ]; - }; - }; - - caddy.virtualHosts.${hostname}.extraConfig = '' - reverse_proxy localhost:${toString port} - tls ${certloc}/cert.pem ${certloc}/key.pem { - protocols tls1.3 - } - ''; - }; -} diff --git a/modules/nixos/features/miniflux.nix b/modules/nixos/features/miniflux.nix index 094bdc2..59bbcbd 100644 --- a/modules/nixos/features/miniflux.nix +++ b/modules/nixos/features/miniflux.nix @@ -1,46 +1,54 @@ { config, + lib, ... }: let - port = 5010; - certloc = "/var/lib/acme/fi33.buzz"; - hostname = "feeds.fi33.buzz"; - url = "https://${hostname}"; + feature = "miniflux"; + port = "5010"; in { - services = { - miniflux = { - enable = true; - adminCredentialsFile = config.age.secrets.miniflux-creds.path; - config = { - BASE_URL = url; - LISTEN_ADDR = "localhost:${toString port}"; + config = lib.mkIf config.${feature}.enable { + services = { + # service + miniflux = { + enable = true; + adminCredentialsFile = config.age.secrets.miniflux-creds.path; + config = { + BASE_URL = "https://miniflux.fi33.buzz"; + LISTEN_ADDR = "localhost:${port}"; + }; + }; + + # database backup + borgmatic.settings = { + postgresql_databases = [ + { + name = "miniflux"; + hostname = "localhost"; + username = "root"; + password = "{credential systemd borgmatic-pg}"; + } + ]; + }; + + # reverse proxy + nginx = { + virtualHosts."${feature}.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/" = { + proxyPass = "http://localhost:${port}"; + # proxyWebsockets = true; + }; + }; }; }; - gatus.settings.endpoints = [ - { - name = "Miniflux"; - group = "Media Streaming"; - inherit url; - interval = "5m"; - conditions = [ - "[STATUS] == 200" - "[CONNECTED] == true" - "[RESPONSE_TIME] < 500" - ]; - alerts = [ { type = "ntfy"; } ]; - } - ]; + # secrets + age.secrets."miniflux-creds".file = ../../../secrets/miniflux-creds.age; - caddy.virtualHosts.${hostname}.extraConfig = '' - reverse_proxy localhost:${toString port} - tls ${certloc}/cert.pem ${certloc}/key.pem { - protocols tls1.3 - } - ''; }; - age.secrets."miniflux-creds".file = ../../../secrets/miniflux-creds.age; + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/features/network.nix b/modules/nixos/features/network.nix index ce2b3a9..ad955f7 100644 --- a/modules/nixos/features/network.nix +++ b/modules/nixos/features/network.nix @@ -1,11 +1,21 @@ { + config, + lib, hostName, ... }: +let + feature = "network"; +in { - networking = { - hostName = "${hostName}"; - networkmanager.enable = true; - firewall.enable = true; + config = lib.mkIf config.${feature}.enable { + networking = { + hostName = "${hostName}"; + networkmanager.enable = true; + }; }; + + imports = [ ]; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/features/nginx.nix b/modules/nixos/features/nginx.nix index 6ee2f9e..c5da142 100644 --- a/modules/nixos/features/nginx.nix +++ b/modules/nixos/features/nginx.nix @@ -1,37 +1,48 @@ { config, + lib, ... }: +let + feature = "nginx"; +in { - services.nginx = { - enable = true; + config = lib.mkIf config.${feature}.enable { + services.nginx = { + enable = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; - virtualHosts."*.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/".index = "index.html"; + virtualHosts."*.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/".index = "index.html"; + }; }; + + security.acme = { + acceptTerms = true; + defaults.email = "wi11@duck.com"; + certs."fi33.buzz" = { + domain = "fi33.buzz"; + extraDomainNames = [ "*.fi33.buzz" ]; + group = "nginx"; + dnsProvider = "porkbun"; + dnsPropagationCheck = true; + credentialsFile = config.age.secrets."porkbun-api".path; + }; + }; + + # secrets + age.secrets."porkbun-api" = { + file = ../../../secrets/porkbun-api.age; + }; + + users.users.nginx.extraGroups = [ "acme" ]; }; - security.acme = { - acceptTerms = true; - defaults.email = "wi11@duck.com"; - certs."fi33.buzz" = { - domain = "fi33.buzz"; - extraDomainNames = [ "*.fi33.buzz" ]; - group = "nginx"; - dnsProvider = "porkbun"; - dnsPropagationCheck = true; - credentialsFile = config.age.secrets."porkbun-api".path; - }; - }; - - age.secrets."porkbun-api".file = ../../../secrets/porkbun-api.age; - - users.users.nginx.extraGroups = [ "acme" ]; + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/features/nh.nix b/modules/nixos/features/nh.nix index 3f23596..d26c29c 100644 --- a/modules/nixos/features/nh.nix +++ b/modules/nixos/features/nh.nix @@ -1,11 +1,20 @@ { + config, + lib, userName, ... }: +let + feature = "nh"; +in { - programs.nh = { - enable = true; - # clean.enable = true; - flake = "/home/${userName}/.dots"; + config = lib.mkIf config.${feature}.enable { + programs.nh = { + enable = true; + # clean.enable = true; + flake = "/home/${userName}/.dots"; + }; }; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/features/nix-settings.nix b/modules/nixos/features/nix-settings.nix new file mode 100644 index 0000000..9fcaf07 --- /dev/null +++ b/modules/nixos/features/nix-settings.nix @@ -0,0 +1,34 @@ +{ config, lib, ... }: +let + feature = "nix-settings"; +in +{ + config = lib.mkIf config.${feature}.enable { + nix = { + gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 20d"; + persistent = true; + }; + optimise = { + automatic = true; + persistent = true; + }; + settings = { + experimental-features = [ + "nix-command" + "flakes" + ]; + trusted-users = [ + "will" + "srv" + ]; + }; + }; + }; + + imports = [ ]; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; +} diff --git a/modules/nixos/features/nix.nix b/modules/nixos/features/nix.nix deleted file mode 100644 index a73a504..0000000 --- a/modules/nixos/features/nix.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ - lib, - ... -}: -{ - # rip out default packages - environment.defaultPackages = lib.mkForce [ ]; - - # allow packages with non-free licenses - nixpkgs.config.allowUnfree = true; - - nix = { - gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 20d"; - persistent = true; - }; - optimise = { - automatic = true; - persistent = true; - }; - settings = { - allowed-users = [ "@wheel" ]; - experimental-features = [ - "nix-command" - "flakes" - ]; - trusted-users = [ - "will" - "srv" - ]; - }; - }; -} diff --git a/modules/nixos/features/nixpkgs.nix b/modules/nixos/features/nixpkgs.nix new file mode 100644 index 0000000..3bf6858 --- /dev/null +++ b/modules/nixos/features/nixpkgs.nix @@ -0,0 +1,13 @@ +{ config, lib, ... }: +let + feature = "nixpkgs"; +in +{ + config = lib.mkIf config.${feature}.enable { + nixpkgs.config.allowUnfree = true; + }; + + imports = [ ]; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; +} diff --git a/modules/nixos/features/nixvim.nix b/modules/nixos/features/nixvim.nix index e4838bd..76c1773 100644 --- a/modules/nixos/features/nixvim.nix +++ b/modules/nixos/features/nixvim.nix @@ -1,102 +1,108 @@ { + config, inputs, + lib, ... }: +let + feature = "nixvim"; +in { - environment.variables.EDITOR = "nvim"; - programs.nixvim = { - enable = true; - clipboard = { - providers.wl-copy.enable = true; - register = "unnamedplus"; - }; - colorschemes.catppuccin = { + config = lib.mkIf config.${feature}.enable { + environment.variables.EDITOR = "nvim"; + programs.nixvim = { enable = true; - settings.background.dark = "mocha"; - }; - dependencies = { - tree-sitter.enable = true; - gcc.enable = true; - }; - diagnostic.settings.virtual_lines = true; - opts = { - # keep-sorted start - autoindent = true; - colorcolumn = "80"; - expandtab = true; - number = true; - relativenumber = true; - shiftwidth = 2; - # get suggestions by typing z= - spell = true; - spelllang = "en_au"; - tabstop = 2; - # keep-sorted end - }; - plugins = { - # auto close brackets - autoclose.enable = true; - - # completion window - cmp = { - enable = true; - autoEnableSources = true; - settings = { - mapping = { - "" = "cmp.mapping.complete()"; - "" = "cmp.mapping.scroll_docs(-4)"; - "" = "cmp.mapping.close()"; - "" = "cmp.mapping.scroll_docs(4)"; - "" = "cmp.mapping.confirm({ select = true })"; - "" = "cmp.mapping(cmp.mapping.select_prev_item(), {'i', 's'})"; - "" = "cmp.mapping(cmp.mapping.select_next_item(), {'i', 's'})"; - }; - sources = [ - { name = "nvim_lsp"; } - { name = "path"; } - { name = "buffer"; } - ]; - }; + clipboard = { + providers.wl-copy.enable = true; + register = "unnamedplus"; }; - - # git changes in margin - gitsigns.enable = true; - - # opens last edit position - lastplace.enable = true; - - # lsp servers - lsp = { + colorschemes.catppuccin = { enable = true; - inlayHints = true; - servers = { - nixd.enable = true; - rust_analyzer = { - enable = true; - installCargo = true; - installRustc = true; - }; - hls = { - enable = true; - installGhc = true; + settings.background.dark = "mocha"; + }; + dependencies = { + tree-sitter.enable = true; + gcc.enable = true; + }; + diagnostic.settings.virtual_lines = true; + opts = { + autoindent = true; + expandtab = true; + number = true; + relativenumber = true; + shiftwidth = 2; + tabstop = 2; + colorcolumn = "80"; + }; + plugins = { + # autoclose brackets + autoclose.enable = true; + + # completion window + cmp = { + enable = true; + autoEnableSources = true; + settings = { + mapping = { + "" = "cmp.mapping.complete()"; + "" = "cmp.mapping.scroll_docs(-4)"; + "" = "cmp.mapping.close()"; + "" = "cmp.mapping.scroll_docs(4)"; + "" = "cmp.mapping.confirm({ select = true })"; + "" = "cmp.mapping(cmp.mapping.select_prev_item(), {'i', 's'})"; + "" = "cmp.mapping(cmp.mapping.select_next_item(), {'i', 's'})"; + }; + sources = [ + { name = "nvim_lsp"; } + { name = "path"; } + { name = "buffer"; } + ]; }; }; + + # git changes in margin + gitsigns.enable = true; + + # opens last edit position + lastplace.enable = true; + + # lsp servers + lsp = { + enable = true; + inlayHints = true; + servers = { + nixd.enable = true; + } + // lib.optionalAttrs config.dev.enable { + rust_analyzer = { + enable = true; + installCargo = true; + installRustc = true; + }; + hls = { + enable = true; + installGhc = true; + }; + }; + }; + lsp-format.enable = true; + lsp-lines.enable = true; + lsp-signature.enable = true; + lspkind.enable = true; + + # status bar + lualine.enable = true; + + # perform file system operations inside of neovim + oil.enable = true; + + # syntax highlighting + treesitter.enable = true; }; - lsp-format.enable = true; - lsp-lines.enable = true; - lsp-signature.enable = true; - lspkind.enable = true; - - # status bar - lualine.enable = true; - - # perform file system operations inside of neovim - oil.enable = true; - - # syntax highlighting - treesitter.enable = true; }; }; imports = [ inputs.nixvim.nixosModules.nixvim ]; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/features/ntfy-sh.nix b/modules/nixos/features/ntfy-sh.nix index 0d101eb..1182065 100644 --- a/modules/nixos/features/ntfy-sh.nix +++ b/modules/nixos/features/ntfy-sh.nix @@ -1,59 +1,38 @@ { config, + lib, ... }: let - port = 5002; - certloc = "/var/lib/acme/fi33.buzz"; - hostname = "notify.fi33.buzz"; - url = "https://${hostname}"; + feature = "ntfy-sh"; + port = "5002"; in { - services = { - ntfy-sh = { - enable = true; - environmentFile = config.age.secrets.ntfy.path; - settings = { - base-url = url; - listen-http = ":${toString port}"; - behind-proxy = true; - auth-default-access = "deny-all"; - auth-users = [ - "Debit3885:$2a$12$ZeFimzdifNFSmf0W2oi.vuZfsqae75md9nhC/Q2BcKMyvDO8T.uEK:admin" - "gatus:$2a$12$OswG3sB8oDaB.KpawKM3P.78dID.Tj/0y5qeVD5BE6EH5bpGKe.na:user" - ]; - auth-access = [ - "gatus:services:wo" - ]; + config = lib.mkIf config.${feature}.enable { + services = { + # service + ntfy-sh = { + enable = true; + settings = { + base-url = "https://ntfy-sh.fi33.buzz"; + listen-http = ":${port}"; + behind-proxy = true; + }; + }; + + # reverse proxy + nginx = { + virtualHosts."${feature}.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/" = { + proxyPass = "http://localhost:${port}"; + proxyWebsockets = true; + }; + }; }; }; - - gatus.settings.endpoints = [ - { - name = "ntfy"; - group = "Private Services"; - inherit url; - interval = "5m"; - conditions = [ - "[STATUS] == 200" - "[CONNECTED] == true" - "[RESPONSE_TIME] < 500" - ]; - } - ]; - - borgbackup.jobs = { - onsite.paths = [ "/var/lib/ntfy-sh" ]; - offsite.paths = [ "/var/lib/ntfy-sh" ]; - }; - - caddy.virtualHosts.${hostname}.extraConfig = '' - reverse_proxy localhost:${toString port} - tls ${certloc}/cert.pem ${certloc}/key.pem { - protocols tls1.3 - } - ''; }; - age.secrets.ntfy.file = ../../../secrets/ntfy.age; + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/features/nzbget.nix b/modules/nixos/features/nzbget.nix deleted file mode 100644 index 18fc272..0000000 --- a/modules/nixos/features/nzbget.nix +++ /dev/null @@ -1,46 +0,0 @@ -{ - pkgs, - ... -}: -let - port = 5018; - certloc = "/var/lib/acme/fi33.buzz"; - hostname = "usenet.fi33.buzz"; - url = "https://${hostname}"; -in -{ - services = { - nzbget = { - enable = true; - settings = { - MainDir = "/srv/nzbget"; - ControlPort = port; - }; - group = "srv"; - }; - - gatus.settings.endpoints = [ - { - name = "NZBget"; - group = "Media Management"; - inherit url; - interval = "5m"; - conditions = [ - "[STATUS] == 401" - "[CONNECTED] == true" - "[RESPONSE_TIME] < 500" - ]; - alerts = [ { type = "ntfy"; } ]; - } - ]; - - caddy.virtualHosts.${hostname}.extraConfig = '' - reverse_proxy localhost:${toString port} - tls ${certloc}/cert.pem ${certloc}/key.pem { - protocols tls1.3 - } - ''; - }; - - environment.systemPackages = with pkgs; [ unrar ]; -} diff --git a/modules/nixos/features/paperless.nix b/modules/nixos/features/paperless.nix index 5be0efb..e6ea41d 100644 --- a/modules/nixos/features/paperless.nix +++ b/modules/nixos/features/paperless.nix @@ -1,51 +1,57 @@ { config, + lib, ... }: let - port = 5013; - certloc = "/var/lib/acme/fi33.buzz"; - hostname = "documents.fi33.buzz"; - url = "https://${hostname}"; + feature = "paperless"; + port = "5013"; in { - services = { - paperless = { - enable = true; - dataDir = "/srv/paperless"; - database.createLocally = true; - passwordFile = config.age.secrets.paperless.path; - inherit port; - settings = { - PAPERLESS_URL = url; + config = lib.mkIf config.${feature}.enable { + services = { + # service + paperless = { + enable = true; + dataDir = "/srv/paperless"; + database.createLocally = true; + passwordFile = config.age.secrets.paperless.path; + port = lib.toInt port; + settings = { + PAPERLESS_URL = "https://paperless.fi33.buzz"; + }; + }; + + # database backup + borgmatic.settings = { + postgresql_databases = [ + { + name = "paperless"; + hostname = "localhost"; + username = "root"; + password = "{credential systemd borgmatic-pg}"; + } + ]; + }; + + # reverse proxy + nginx = { + virtualHosts."${feature}.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/" = { + proxyPass = "http://localhost:${port}"; + # proxyWebsockets = true; + }; + }; }; }; - gatus.settings.endpoints = [ - { - name = "Paperless"; - group = "Media Streaming"; - inherit url; - interval = "5m"; - conditions = [ - "[STATUS] == 200" - "[CONNECTED] == true" - "[RESPONSE_TIME] < 500" - ]; - alerts = [ { type = "ntfy"; } ]; - } - ]; - - caddy.virtualHosts.${hostname}.extraConfig = '' - reverse_proxy localhost:${toString port} - tls ${certloc}/cert.pem ${certloc}/key.pem { - protocols tls1.3 - } - ''; + age.secrets."paperless" = { + file = ../../../secrets/paperless.age; + owner = "paperless"; + }; }; - age.secrets."paperless" = { - file = ../../../secrets/paperless.age; - owner = "paperless"; - }; + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/features/pipewire.nix b/modules/nixos/features/pipewire.nix index a1264bd..623dff9 100644 --- a/modules/nixos/features/pipewire.nix +++ b/modules/nixos/features/pipewire.nix @@ -1,11 +1,19 @@ +{ config, lib, ... }: +let + feature = "pipewire"; +in { - security.rtkit.enable = true; + config = lib.mkIf config.${feature}.enable { + security.rtkit.enable = true; - services.pipewire = { - alsa.enable = true; - alsa.support32Bit = true; - enable = true; - jack.enable = true; - pulse.enable = true; + services.pipewire = { + alsa.enable = true; + alsa.support32Bit = true; + enable = true; + jack.enable = true; + pulse.enable = true; + }; }; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/features/plasma.nix b/modules/nixos/features/plasma.nix index bed3b90..f4c6625 100644 --- a/modules/nixos/features/plasma.nix +++ b/modules/nixos/features/plasma.nix @@ -1,27 +1,39 @@ { + config, + lib, pkgs, ... }: +let + feature = "plasma"; +in { - services = { - desktopManager.plasma6.enable = true; - displayManager.sddm = { - enable = true; - wayland.enable = true; + config = lib.mkIf config.${feature}.enable { + services = { + desktopManager.plasma6.enable = true; + displayManager.sddm = { + enable = true; + wayland.enable = true; + }; }; + + environment.systemPackages = + with pkgs.kdePackages; + [ + # keep-sorted start + kget + kontact + # TODO: replace with transmission + ktorrent + kzones + # keep-sorted end + ] + ++ (with pkgs; [ + # keep-sorted start + haruna + # keep-sorted end + ]); }; - environment.systemPackages = - with pkgs.kdePackages; - [ - # keep-sorted start - ktorrent - kzones - # keep-sorted end - ] - ++ (with pkgs; [ - # keep-sorted start - haruna - # keep-sorted end - ]); + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/features/print-and-scan.nix b/modules/nixos/features/print-and-scan.nix index c141962..626edb3 100644 --- a/modules/nixos/features/print-and-scan.nix +++ b/modules/nixos/features/print-and-scan.nix @@ -1,21 +1,30 @@ { + config, + lib, pkgs, ... }: +let + feature = "print-and-scan"; +in { - hardware.sane = { - enable = true; - extraBackends = [ pkgs.hplip ]; - }; - services = { - avahi = { + config = lib.mkIf config.${feature}.enable { + hardware.sane = { enable = true; - nssmdns4 = true; - openFirewall = true; + extraBackends = [ pkgs.hplip ]; }; - printing = { - enable = true; - drivers = [ pkgs.hplip ]; + services = { + avahi = { + enable = true; + nssmdns4 = true; + openFirewall = true; + }; + printing = { + enable = true; + drivers = [ pkgs.hplip ]; + }; }; }; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/features/protonmail-bridge.nix b/modules/nixos/features/protonmail-bridge.nix index 23bad84..2db8958 100644 --- a/modules/nixos/features/protonmail-bridge.nix +++ b/modules/nixos/features/protonmail-bridge.nix @@ -1,3 +1,17 @@ { - services.protonmail-bridge.enable = true; + config, + lib, + ... +}: +let + feature = "protonmail-bridge"; +in +{ + config = lib.mkIf config.${feature}.enable { + services.protonmail-bridge.enable = true; + }; + + imports = [ ]; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/features/prowlarr.nix b/modules/nixos/features/prowlarr.nix index 050cc56..004525f 100644 --- a/modules/nixos/features/prowlarr.nix +++ b/modules/nixos/features/prowlarr.nix @@ -1,51 +1,35 @@ { - pkgs, + config, + lib, ... }: let - port = 5009; - certloc = "/var/lib/acme/fi33.buzz"; - hostname = "prowlarr.fi33.buzz"; - url = "https://${hostname}"; + feature = "prowlarr"; + port = "5009"; in { - services = { - prowlarr = { - enable = true; - settings.server = { - inherit port; + config = lib.mkIf config.${feature}.enable { + services = { + # service + prowlarr = { + enable = true; + dataDir = "/srv/prowlarr"; + settings.server.port = lib.toInt port; + }; + + # reverse proxy + nginx = { + virtualHosts."${feature}.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/" = { + proxyPass = "http://localhost:${port}"; + # proxyWebsockets = true; + }; + }; }; }; - - gatus.settings.endpoints = [ - { - name = "Prowlarr"; - group = "Media Management"; - inherit url; - interval = "5m"; - conditions = [ - "[STATUS] == 200" - "[CONNECTED] == true" - "[RESPONSE_TIME] < 500" - ]; - alerts = [ { type = "ntfy"; } ]; - } - ]; - - borgbackup.jobs = { - onsite = { - paths = [ "/var/lib/prowlarr" ]; - }; - offsite = { - paths = [ "/var/lib/prowlarr" ]; - }; - }; - - caddy.virtualHosts.${hostname}.extraConfig = '' - reverse_proxy localhost:${toString port} - tls ${certloc}/cert.pem ${certloc}/key.pem { - protocols tls1.3 - } - ''; }; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/features/qbittorrent.nix b/modules/nixos/features/qbittorrent.nix index c44683a..1400ac2 100644 --- a/modules/nixos/features/qbittorrent.nix +++ b/modules/nixos/features/qbittorrent.nix @@ -1,41 +1,37 @@ +{ config, lib, ... }: let - port = 5005; - certloc = "/var/lib/acme/fi33.buzz"; - hostname = "bittorrent.fi33.buzz"; - url = "https://${hostname}"; + feature = "qbittorrent"; + port = "5005"; in { - services = { - qbittorrent = { - enable = true; - webuiPort = port; - profileDir = "/srv"; - group = "srv"; - extraArgs = [ - "--confirm-legal-notice" - ]; - }; + config = lib.mkIf config.${feature}.enable { + users.users.qbittorrent.extraGroups = [ "media" ]; - gatus.settings.endpoints = [ - { - name = "qBittorrent"; - group = "Media Management"; - inherit url; - interval = "5m"; - conditions = [ - "[STATUS] == 200" - "[CONNECTED] == true" - "[RESPONSE_TIME] < 500" + services = { + # service + qbittorrent = { + enable = true; + webuiPort = lib.toInt port; + profileDir = "/srv"; + group = "media"; + extraArgs = [ + "--confirm-legal-notice" ]; - alerts = [ { type = "ntfy"; } ]; - } - ]; + }; - caddy.virtualHosts.${hostname}.extraConfig = '' - reverse_proxy localhost:${toString port} - tls ${certloc}/cert.pem ${certloc}/key.pem { - protocols tls1.3 - } - ''; + # reverse proxy + nginx = { + virtualHosts."${feature}.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/" = { + proxyPass = "http://localhost:${port}"; + # proxyWebsockets = true; + }; + }; + }; + }; }; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/features/qui.nix b/modules/nixos/features/qui.nix deleted file mode 100644 index 8c34edf..0000000 --- a/modules/nixos/features/qui.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ - # keep-sorted start - lib, - pkgs, - # keep-sorted end - ... -}: -let - port = 5019; - certloc = "/var/lib/acme/fi33.buzz"; -in -{ - environment.systemPackages = [ pkgs.qui ]; - - systemd.user.services.qui = { - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig.ExecStart = "${lib.getExe pkgs.qui} serve"; - - environment = { - QUI__PORT = toString port; - QUI__DATA_DIR = "/srv/qui"; - }; - }; - - services.caddy.virtualHosts."qui.fi33.buzz".extraConfig = '' - reverse_proxy localhost:${toString port} - tls ${certloc}/cert.pem ${certloc}/key.pem { - protocols tls1.3 - } - ''; -} diff --git a/modules/nixos/features/radarr.nix b/modules/nixos/features/radarr.nix index cdbfe0d..104145c 100644 --- a/modules/nixos/features/radarr.nix +++ b/modules/nixos/features/radarr.nix @@ -1,40 +1,37 @@ +{ + config, + lib, + ... +}: let - port = 5007; - certloc = "/var/lib/acme/fi33.buzz"; - hostname = "movies.fi33.buzz"; - url = "https://${hostname}"; + feature = "radarr"; + port = "5007"; in { - services = { - radarr = { - enable = true; - dataDir = "/srv/radarr"; - settings.server = { - inherit port; + config = lib.mkIf config.${feature}.enable { + services = { + # service + radarr = { + enable = true; + dataDir = "/srv/radarr"; + settings.server.port = lib.toInt port; + group = "media"; + + }; + + # reverse proxy + nginx = { + virtualHosts."${feature}.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/" = { + proxyPass = "http://localhost:${port}"; + # proxyWebsockets = true; + }; + }; }; - group = "srv"; }; - - gatus.settings.endpoints = [ - { - name = "Radarr"; - group = "Media Management"; - inherit url; - interval = "5m"; - conditions = [ - "[STATUS] == 200" - "[CONNECTED] == true" - "[RESPONSE_TIME] < 500" - ]; - alerts = [ { type = "ntfy"; } ]; - } - ]; - - caddy.virtualHosts.${hostname}.extraConfig = '' - reverse_proxy localhost:${toString port} - tls ${certloc}/cert.pem ${certloc}/key.pem { - protocols tls1.3 - } - ''; }; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/features/radicale.nix b/modules/nixos/features/radicale.nix deleted file mode 100644 index 1cbaf04..0000000 --- a/modules/nixos/features/radicale.nix +++ /dev/null @@ -1,61 +0,0 @@ -{ - config, - ... -}: -let - port = 5003; - certloc = "/var/lib/acme/fi33.buzz"; - hostname = "caldav.fi33.buzz"; - url = "https://${hostname}"; -in -{ - services = { - radicale = { - enable = true; - settings = { - server = { - hosts = [ - "0.0.0.0:${toString port}" - "[::]:${toString port}" - ]; - }; - auth = { - type = "htpasswd"; - htpasswd_filename = config.age.secrets.radicale.path; - htpasswd_encryption = "plain"; - }; - storage = { - filesystem_folder = "/srv/radicale"; - }; - }; - }; - - gatus.settings.endpoints = [ - { - name = "Radicale"; - group = "Private Services"; - inherit url; - interval = "5m"; - conditions = [ - "[STATUS] == 200" - "[CONNECTED] == true" - "[RESPONSE_TIME] < 500" - ]; - alerts = [ { type = "ntfy"; } ]; - } - ]; - - caddy.virtualHosts.${hostname}.extraConfig = '' - reverse_proxy localhost:${toString port} - tls ${certloc}/cert.pem ${certloc}/key.pem { - protocols tls1.3 - } - ''; - }; - - # secrets - age.secrets."radicale" = { - file = ../../../secrets/radicale.age; - owner = "radicale"; - }; -} diff --git a/modules/nixos/features/readarr.nix b/modules/nixos/features/readarr.nix deleted file mode 100644 index d78a322..0000000 --- a/modules/nixos/features/readarr.nix +++ /dev/null @@ -1,40 +0,0 @@ -let - port = 5016; - certloc = "/var/lib/acme/fi33.buzz"; - hostname = "books.fi33.buzz"; - url = "https://${hostname}"; -in -{ - services = { - readarr = { - enable = true; - dataDir = "/srv/readarr"; - settings.server = { - inherit port; - }; - group = "srv"; - }; - - gatus.settings.endpoints = [ - { - name = "Readarr"; - group = "Media Management"; - inherit url; - interval = "5m"; - conditions = [ - "[STATUS] == 200" - "[CONNECTED] == true" - "[RESPONSE_TIME] < 500" - ]; - alerts = [ { type = "ntfy"; } ]; - } - ]; - - caddy.virtualHosts.${hostname}.extraConfig = '' - reverse_proxy localhost:${toString port} - tls ${certloc}/cert.pem ${certloc}/key.pem { - protocols tls1.3 - } - ''; - }; -} diff --git a/modules/nixos/features/send.nix b/modules/nixos/features/send.nix deleted file mode 100644 index cdb6620..0000000 --- a/modules/nixos/features/send.nix +++ /dev/null @@ -1,45 +0,0 @@ -let - port = 5020; - certloc = "/var/lib/acme/fi33.buzz"; - hostname = "send.fi33.buzz"; - url = "https://${hostname}"; -in -{ - services = { - send = { - enable = true; - inherit port; - baseUrl = url; - environment = { - DEFAULT_EXPIRE_SECONDS = 360; - EXPIRE_TIMES_SECONDS = "360"; - DOWNLOAD_COUNTS = "1"; - MAX_DOWNLOADS = 1; - MAX_EXPIRE_SECONDS = 1024; - MAX_FILE_SIZE = 134217728; - }; - }; - - gatus.settings.endpoints = [ - { - name = "Send"; - group = "Public Services"; - inherit url; - interval = "5m"; - conditions = [ - "[STATUS] == 200" - "[CONNECTED] == true" - "[RESPONSE_TIME] < 500" - ]; - alerts = [ { type = "ntfy"; } ]; - } - ]; - - caddy.virtualHosts.${hostname}.extraConfig = '' - reverse_proxy localhost:${toString port} - tls ${certloc}/cert.pem ${certloc}/key.pem { - protocols tls1.3 - } - ''; - }; -} diff --git a/modules/nixos/features/sonarr.nix b/modules/nixos/features/sonarr.nix index 696872d..0777fe1 100644 --- a/modules/nixos/features/sonarr.nix +++ b/modules/nixos/features/sonarr.nix @@ -1,40 +1,37 @@ +{ + config, + lib, + ... +}: let - port = 5006; - certloc = "/var/lib/acme/fi33.buzz"; - hostname = "shows.fi33.buzz"; - url = "https://${hostname}"; + feature = "sonarr"; + port = "5006"; in { - services = { - sonarr = { - enable = true; - dataDir = "/srv/sonarr"; - settings.server = { - inherit port; + config = lib.mkIf config.${feature}.enable { + services = { + # service + sonarr = { + enable = true; + dataDir = "/srv/sonarr"; + settings.server.port = lib.toInt port; + group = "media"; + + }; + + # reverse proxy + nginx = { + virtualHosts."${feature}.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/" = { + proxyPass = "http://localhost:${port}"; + # proxyWebsockets = true; + }; + }; }; - group = "srv"; }; - - gatus.settings.endpoints = [ - { - name = "Sonarr"; - group = "Media Management"; - inherit url; - interval = "5m"; - conditions = [ - "[STATUS] == 200" - "[CONNECTED] == true" - "[RESPONSE_TIME] < 500" - ]; - alerts = [ { type = "ntfy"; } ]; - } - ]; - - caddy.virtualHosts.${hostname}.extraConfig = '' - reverse_proxy localhost:${toString port} - tls ${certloc}/cert.pem ${certloc}/key.pem { - protocols tls1.3 - } - ''; }; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/features/star-citizen.nix b/modules/nixos/features/star-citizen.nix deleted file mode 100644 index e54f03a..0000000 --- a/modules/nixos/features/star-citizen.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ - # keep-sorted start - inputs, - system, - # keep-sorted end - ... -}: -{ - nix.settings = { - substituters = [ "https://nix-citizen.cachix.org" ]; - trusted-public-keys = [ "nix-citizen.cachix.org-1:lPMkWc2X8XD4/7YPEEwXKKBg+SVbYTVrAaLA2wQTKCo=" ]; - }; - - environment.systemPackages = [ - inputs.nix-citizen.packages.${system}.rsi-launcher - ]; - - zramSwap = { - enable = true; - memoryPercent = 100; - writebackDevice = "/dev/sda1"; - }; -} diff --git a/modules/nixos/features/sudo.nix b/modules/nixos/features/sudo.nix deleted file mode 100644 index 78f1db5..0000000 --- a/modules/nixos/features/sudo.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - ... -}: -{ - security.sudo.execWheelOnly = true; -} diff --git a/modules/nixos/features/syncthing.nix b/modules/nixos/features/syncthing.nix index 0b141f7..cd66ad3 100644 --- a/modules/nixos/features/syncthing.nix +++ b/modules/nixos/features/syncthing.nix @@ -1,10 +1,15 @@ { + config, + lib, + pkgs, userName, hostName, ... }: let - port = 5008; + feature = "syncthing"; + port = "5008"; + devicesList = [ # keep-sorted start block=yes { @@ -13,11 +18,11 @@ let } { device = "laptop"; - id = "CTU345T-27VU5KK-HXLPSMO-H6C47TL-XZG3BVU-AZF7HSX-FCQHAMA-QOA3CAT"; + id = "XDDGWB2-5OFYWSY-7LN652V-3WNQMWV-4WCVHCR-2EXLDW7-FUL2MC4-MMLO4QV"; } { device = "phone"; - id = "KAZ3SOB-SSJHY33-6JF64KW-VF3CPSP-565565I-YXOJHU6-E273VR5-CKQFNQ6"; + id = "DF56S5M-2EDKAML-LZBB35J-MNNK7UE-WAYE2QW-EKUGKXN-U5JW3RX-S3FUGA4"; } { device = "server"; @@ -25,6 +30,7 @@ let } # keep-sorted end ]; + devices = builtins.listToAttrs ( map ( { device, id }: @@ -40,59 +46,47 @@ let } ) (builtins.filter (deviceSet: deviceSet.device != hostName) devicesList) ); - certloc = "/var/lib/acme/fi33.buzz"; - hostname = "sync.fi33.buzz"; - url = "https://${hostname}"; in { - services = { - syncthing = { - enable = true; - guiAddress = "0.0.0.0:${toString port}"; - openDefaultPorts = true; - user = "${userName}"; - dataDir = "/home/${userName}"; - overrideDevices = true; - settings = { - inherit devices; + config = lib.mkIf config.${feature}.enable { + services = { + # service + syncthing = { + enable = true; + guiAddress = "0.0.0.0:${port}"; + openDefaultPorts = true; + user = "${userName}"; + dataDir = "/home/${userName}"; + overrideDevices = true; + settings = { + inherit devices; + }; + }; + + borgmatic.settings = + if userName == "srv" then + { + source_directories = [ + "/home/srv/.config/syncthing" + "/home/srv/Sync" + ]; + } + else + null; + + # reverse proxy + nginx = { + virtualHosts."${feature}.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/" = { + proxyPass = "http://localhost:${port}"; + # proxyWebsockets = true; + }; + }; }; }; - - gatus.settings.endpoints = [ - { - name = "Syncthing"; - group = "Private Services"; - inherit url; - interval = "5m"; - conditions = [ - "[STATUS] == 200" - "[CONNECTED] == true" - "[RESPONSE_TIME] < 500" - ]; - alerts = [ { type = "ntfy"; } ]; - } - ]; - - borgbackup.jobs = - if userName == "srv" then - { - onsite.paths = [ - "/home/srv/.config/syncthing" - "/home/srv/Sync/" - ]; - offsite.paths = [ - "/home/srv/.config/syncthing" - "/home/srv/Sync/" - ]; - } - else - { }; - - caddy.virtualHosts.${hostname}.extraConfig = '' - reverse_proxy http://localhost:${toString port} - tls ${certloc}/cert.pem ${certloc}/key.pem { - protocols tls1.3 - } - ''; }; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/features/systemd-boot.nix b/modules/nixos/features/systemd-boot.nix index fca6970..64fa9f0 100644 --- a/modules/nixos/features/systemd-boot.nix +++ b/modules/nixos/features/systemd-boot.nix @@ -1,6 +1,14 @@ +{ config, lib, ... }: +let + feature = "systemd-boot"; +in { - boot.loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; + config = lib.mkIf config.${feature}.enable { + boot.loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; }; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/features/tailscale.nix b/modules/nixos/features/tailscale.nix index 6c4f1fa..ad8b1b8 100644 --- a/modules/nixos/features/tailscale.nix +++ b/modules/nixos/features/tailscale.nix @@ -1,8 +1,22 @@ { - services.tailscale = { - enable = true; - extraSetFlags = [ - "--accept-dns=true" - ]; + config, + lib, + ... +}: +let + feature = "tailscale"; +in +{ + config = lib.mkIf config.${feature}.enable { + services.tailscale = { + enable = true; + extraSetFlags = [ + "--accept-dns=true" + ]; + }; + + networking.firewall.trustedInterfaces = [ "tailscale0" ]; }; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/features/tlp.nix b/modules/nixos/features/tlp.nix index 4c0bdf1..5aa7d1f 100644 --- a/modules/nixos/features/tlp.nix +++ b/modules/nixos/features/tlp.nix @@ -1,19 +1,29 @@ +{ config, lib, ... }: +let + feature = "tlp"; +in { - # Disable if devices take long to unsuspend (keyboard, mouse, etc) - powerManagement.powertop.enable = true; - services = { - power-profiles-daemon.enable = false; - tlp = { - enable = true; - settings = { - # keep-sorted start - CPU_BOOST_ON_AC = 1; - CPU_BOOST_ON_BAT = 0; - CPU_SCALING_GOVERNOR_ON_AC = "performance"; - CPU_SCALING_GOVERNOR_ON_BAT = "powersave"; - STOP_CHARGE_THRESH_BAT0 = 95; - # keep-sorted end + config = lib.mkIf config.${feature}.enable { + # Disable if devices take long to unsuspend (keyboard, mouse, etc) + powerManagement.powertop.enable = true; + services = { + power-profiles-daemon.enable = false; + tlp = { + enable = true; + settings = { + # keep-sorted start + CPU_BOOST_ON_AC = 1; + CPU_BOOST_ON_BAT = 0; + CPU_SCALING_GOVERNOR_ON_AC = "performance"; + CPU_SCALING_GOVERNOR_ON_BAT = "powersave"; + STOP_CHARGE_THRESH_BAT0 = 95; + # keep-sorted end + }; }; }; }; + + imports = [ ]; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/features/upbank2firefly.nix b/modules/nixos/features/upbank2firefly.nix deleted file mode 100644 index e711bb8..0000000 --- a/modules/nixos/features/upbank2firefly.nix +++ /dev/null @@ -1,60 +0,0 @@ -{ - config, - pkgs, - ... -}: -let - port = 5021; - certloc = "/var/lib/acme/fi33.buzz"; -in -{ - virtualisation.oci-containers = { - backend = "docker"; - containers.upbank2firefly = { - extraOptions = [ - "--network=host" - ]; - image = "compose2nix/upbank2firefly"; - environment = { - FIREFLY_BASEURL = "https://firefly.fi33.buzz"; - TZ = "Australia/Melbourne"; - }; - environmentFiles = [ config.age.secrets.upbank2firefly.path ]; - volumes = [ - "/srv/upbank2firefly/app:/app:rw" - ]; - ports = [ - "${toString port}:80/tcp" - ]; - }; - }; - - systemd = { - services = { - "docker-build-upbank2firefly" = { - path = with pkgs; [ - docker - git - ]; - serviceConfig = { - Type = "oneshot"; - TimeoutSec = 300; - }; - script = '' - cd /srv/upbank2firefly - git pull - docker build -t compose2nix/upbank2firefly . - ''; - }; - }; - }; - - services.caddy.virtualHosts."upbank2firefly.fi33.buzz".extraConfig = '' - reverse_proxy localhost:${toString port} - tls ${certloc}/cert.pem ${certloc}/key.pem { - protocols tls1.3 - } - ''; - - age.secrets.upbank2firefly.file = ../../../secrets/upbank2firefly.age; -} diff --git a/modules/nixos/features/vaultwarden.nix b/modules/nixos/features/vaultwarden.nix index 5833a18..8991a90 100644 --- a/modules/nixos/features/vaultwarden.nix +++ b/modules/nixos/features/vaultwarden.nix @@ -1,55 +1,47 @@ { config, + lib, ... }: let - port = 5001; - certloc = "/var/lib/acme/fi33.buzz"; - hostname = "vault.fi33.buzz"; - url = "https://${hostname}"; + feature = "vaultwarden"; + port = "5001"; in { - services = { - vaultwarden = { - enable = true; - backupDir = "/srv/vaultwarden"; - config = { - rocketPort = toString port; - domain = url; - signupsAllowed = false; - invitationsAllowed = false; - showPasswordHint = false; - useSyslog = true; - extendedLogging = true; - adminTokenFile = "${config.age.secrets.vaultwarden-admin.path}"; + config = lib.mkIf config.${feature}.enable { + services = { + vaultwarden = { + enable = true; + backupDir = "/srv/vaultwarden"; + config = { + rocketPort = "${port}"; + domain = "https://vaultwarden.fi33.buzz"; + signupsAllowed = false; + invitationsAllowed = false; + showPasswordHint = false; + useSyslog = true; + extendedLogging = true; + adminTokenFile = "${config.age.secrets.vaultwarden-admin.path}"; + }; }; }; - gatus.settings.endpoints = [ - { - name = "Vaultwarden"; - group = "Private Services"; - inherit url; - interval = "5m"; - conditions = [ - "[STATUS] == 200" - "[CONNECTED] == true" - "[RESPONSE_TIME] < 500" - ]; - alerts = [ { type = "ntfy"; } ]; - } - ]; + # reverse proxy + services.nginx.virtualHosts."${feature}.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/" = { + proxyPass = "http://localhost:${port}"; + proxyWebsockets = true; + }; + }; - caddy.virtualHosts.${hostname}.extraConfig = '' - reverse_proxy localhost:${toString port} - tls ${certloc}/cert.pem ${certloc}/key.pem { - protocols tls1.3 - } - ''; + # secrets + age.secrets."vaultwarden-admin" = { + file = ../../../secrets/vaultwarden-admin.age; + owner = "vaultwarden"; + }; }; - age.secrets."vaultwarden-admin" = { - file = ../../../secrets/vaultwarden-admin.age; - owner = "vaultwarden"; - }; + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/templates/bundle.nix b/modules/templates/bundle.nix deleted file mode 100644 index dffb226..0000000 --- a/modules/templates/bundle.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ - util, - ... -}: -{ - imports = util.toImports ./features [ - - ]; -} diff --git a/modules/templates/feature.nix b/modules/templates/feature.nix index 0d7a220..eaec9f6 100644 --- a/modules/templates/feature.nix +++ b/modules/templates/feature.nix @@ -1,6 +1,17 @@ { + config, + lib, ... }: +let + feature = "replace"; +in { + config = lib.mkIf config.${feature}.enable { + }; + + imports = [ ]; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/templates/web-feature.nix b/modules/templates/web-feature.nix index 29f389c..77245e2 100644 --- a/modules/templates/web-feature.nix +++ b/modules/templates/web-feature.nix @@ -1,40 +1,34 @@ +{ + config, + lib, + ... +}: let - port = 0000; - certloc = "/var/lib/acme/fi33.buzz"; - hostname = "feature.fi33.buzz"; - url = "https://${hostname}"; + feature = "replace"; + port = "port"; in { - services = { - feature = { - enable = true; + config = lib.mkIf config.${feature}.enable { + services = { + # service + replace = { + enable = true; + }; + + # backup + borgbackup.jobs = feature { }; + + # reverse proxy + nginx.virtualHosts."${feature}.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/" = { + proxyPass = "http://localhost:${port}"; + # proxyWebsockets = true; + }; + }; }; - - gatus.settings.endpoints = [ - { - name = "feature"; - group = ""; - inherit url; - interval = "5m"; - conditions = [ - "[STATUS] == 200" - "[CONNECTED] == true" - "[RESPONSE_TIME] < 500" - ]; - alerts = [ { type = "ntfy"; } ]; - } - ]; - - borgbackup.jobs = { - onsite.paths = [ "" ]; - offsite.paths = [ "" ]; - }; - - caddy.virtualHosts.${hostname}.extraConfig = '' - reverse_proxy localhost:${toString port} - tls ${certloc}/cert.pem ${certloc}/key.pem { - protocols tls1.3 - } - ''; }; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/secrets/bazarr.age b/secrets/bazarr.age deleted file mode 100644 index 108c2a4..0000000 --- a/secrets/bazarr.age +++ /dev/null @@ -1,9 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 qLT+DQ sHlKSMDLuGOLY2qwoFCS2ZiC/903ChAP0wp4wJYksi8 -jIzt2BvZy53dMdUSYBEa2QsWQ7yluk9ltdk4wrTkIbo --> ssh-ed25519 7+xRyQ /JHmkqPhx/nJFhOxWu5nrX89NCBI/Bhyih81bIv2OR8 -VJPt3EFgYWc6bYBSNNzLFnWBNVx7RYJaG/hNF2EswQ4 --> ssh-ed25519 LtK9yQ znUR+X5uu9wdKPdUBEOhs295e/zLAD8E49vZ0QEaL10 -ADBASujra+DSzavY/m/gU3xgAzaSqlTh2txpzyyJIJQ ---- j21Ms0NWBwHJV1NPbIp19lSgCMkCHSUX3UwWjg43OLk -[,WM?&>ʄ 1P ī"oKޓjhiҪ&UMPr& \ No newline at end of file diff --git a/secrets/borgbackup-offsite.age b/secrets/borgbackup-offsite.age deleted file mode 100644 index e1809a9..0000000 --- a/secrets/borgbackup-offsite.age +++ /dev/null @@ -1,9 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 qLT+DQ NuEGxxieL0H7mUFKft+fuH1jd0XFDf3xESLrVcb9GAg -KxJcj9P/+cr63TmqEIPwfykz07luqe9VLRLzs3CWx9Y --> ssh-ed25519 NanIwQ HRHMV4jFn7vJVHd6gFqcOTA14VI6+QaITXMpZbeGoDg -aANuHXv4O1KKwPCClatphXgWDFnsCy/AoQJT0+D560o --> ssh-ed25519 LtK9yQ NHLTdStEdoXSGKxoz4/gR+oT9bLq8wwz4XRHS2rd9Xo -lndB74KBkWrfNuZyuQufl35lQIPNqbppLfSZRerIDaA ---- dro8ECdWcFtleQv5nffX/Wh97w/FGXQZwSIjPE9WIX8 -8R#;rpEhȾW8-. `OW']kJdC .T)N_kq_=ϰ \ No newline at end of file diff --git a/secrets/borgbackup-onsite.age b/secrets/borgbackup-onsite.age deleted file mode 100644 index 86c240f..0000000 --- a/secrets/borgbackup-onsite.age +++ /dev/null @@ -1,9 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 qLT+DQ 3UW3CErZDv6UkjXJZldymqYmmJoQcbSjVX4IUX7KRn8 -pnbegKpKiNW8QY9rD7pD1mrhOSdD+cxUxcNKtLM5uOQ --> ssh-ed25519 NanIwQ qAl2RheS1lTOU60xeodc4/WvyzYRGiWR+55QvsVE5H0 -j/UoLITpRpMF2t0J/Y0zL0kAgz5nJ02I/nwUp+pEowg --> ssh-ed25519 LtK9yQ sbldK/F2u6MMgIR8F6c5ZFkMesq+GHKRmlqt3n6L2yw -GTSzhGfj+Shg+MQ3hde12pKi6zfeGNw6RXwSAoGyaak ---- 6WmdTjpwgwb6/1o06i5xtvnOQcvNztwpBmvH/9wYbmo -K^ѭUb|:m@*ޱg1>)qs,n{ DdvɜEuH ssh-ed25519 qLT+DQ GTuLiTsgOVunKC+DyalVPV3gKm3WiKoSIQXg/0ElJF8 -UiOLJdTn4Q5oTkqAtZ6K0uxW+EsrpfA156uC1ncrIY0 --> ssh-ed25519 7+xRyQ k2ta2Gl7zCvHiv4DwzgRK5REDYayIoTfC32BF5yHxgg -n7sqfJ6fx/3VnQCD+H4n92ekGdoFCdk/SeXdSU8FZHc --> ssh-ed25519 LtK9yQ BQ9U3//Lzx7dX+iDyP2lqx6K860kFTu/iB5uMAskKhA -xiV+QxL8ffx9n9gIUr5wwQ5zGvZlFsf2DclayQh8SJI ---- k06SInBOn82DqWfIf4t62pjAZ1R0uWAyQTi5ELDD/6U -f_$T56"TH;4} ssh-ed25519 qLT+DQ C3A3TKOyIWzbW8JupvhTmLKetnr+0uzkPq985NA0DCs +ahrHVR7WadjOfOXBWOqBAf9L0UdCNeD0Ynk6sKDF7WM +-> ssh-ed25519 7+xRyQ evZ6zSS3olbORnqiCnEAL68D1FNPgg2oBoJSaquLAAA +BYoo9AVOHsRsTbXkRQdS/7WN25vBuJOAb0YfnSY+hGQ +-> ssh-ed25519 LtK9yQ jLIdKPvVhPsRIJevWLmads3P2hM29c0B143OWoINzlY +ziCUQ1TtB6BUgbNZ/zFXoaOtpxyrbKobsTvXo/dSpSA +--- Q6JHS+5vuYLIqyIb6x3qCbIJvsjk2++ovL1zkVGs69o +쇽NM1WByM.-|Gl]8Z,(5豲P!pmpEa;(tq!KU4m \ No newline at end of file diff --git a/secrets/borgmatic.age b/secrets/borgmatic.age new file mode 100644 index 0000000..fca1c53 --- /dev/null +++ b/secrets/borgmatic.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 qLT+DQ zfLZc8A30KjoMrhUSl4OgTp+Yg11fmVjDioxtIYMqDU +URhJwUCElaJcSd+k5wBQAXvdC/68ZcCA5WbHGAJTYfY +-> ssh-ed25519 7+xRyQ mrGrjW0fQIRNMDdw4Hoc9N/xAEm1P0IFukShfeVdKE8 +yLUmj7LBfHQ/i4buBB57ktNUOnHpoC8NYTQUnK5e5y4 +-> ssh-ed25519 LtK9yQ THjOsSIr/DQTulFlwd4r5DYb73VQ0vWgyDHkfJV3NR0 +Dl8FwK1WciiEMs5MdrFcUIOFGmlbZf3APOWzLN6rkOE +--- 3mjYPT9APy0F5NNbbCIQhzZ0XjKBtB9YGGS3t37eoRU +T^vU{>[dhPC6Z|K|~lݝbDt΄]1P$10 A$ \ No newline at end of file diff --git a/secrets/copyparty.age b/secrets/copyparty-will.age similarity index 100% rename from secrets/copyparty.age rename to secrets/copyparty-will.age diff --git a/secrets/firefly-db.age b/secrets/firefly-db.age deleted file mode 100644 index d4cbe78..0000000 --- a/secrets/firefly-db.age +++ /dev/null @@ -1,9 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 qLT+DQ zL4NAxPigHwUnYz0KUoDXlzXJ3PtnxIYl81oLP3e40M -yricJ+r8OTXwGd0Bt4+CsW7/M8lOSha04i0Fb0QCHGo --> ssh-ed25519 7+xRyQ 2UhHfwz3DvXT/bEDp8QrluyPa/po5CCB5rUKxBqfn2c -2pWexi7bU3UlOo9SKfw/9k/DJ535tsgPvZXAbLruL00 --> ssh-ed25519 LtK9yQ 8XOO4u1di+FedjGcaj/Fhna8Y+LRRPa9L4ShAx5dASA -F51SLqQEZ1LQAP2SgXphszVBhKaB+/OAVWEHr/thtFo ---- ovyL3oCODPSbd8Fe7KdS3sKCc+bjcj2y+6aS1qVqQsg - %>IOդ77ZFhu<4)cҚUZ*UCk|xCox P \ No newline at end of file diff --git a/secrets/firefly.age b/secrets/firefly.age deleted file mode 100644 index 430908f..0000000 --- a/secrets/firefly.age +++ /dev/null @@ -1,10 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 qLT+DQ DhWZZ8fB3bwSaI88j9M5Ix/jCwoJWPUVmR56OwxJFUs -/pxA0PTShUGloixcyUoAW5cOKWAjD9M0byLAQUgnPvA --> ssh-ed25519 7+xRyQ LrUQ5trcyyhcjK8IhGKVOAz6g7HjBI8t0m/snDiVMkE -hi0My/e0Enno50niPMKcy278Wr5z1sq3X1yJn7H8uBo --> ssh-ed25519 LtK9yQ ke0bLtqFny2oUkCvtawPcHzPlyi2Lvi6WpZP2lDyelE -VFjTwnbTcayuruXVmVnfK97KcwB+luOoLU2x6Ug3HVM ---- NxMB9mtZ480lLRRmk0ne5BaL/tfF81Yr3wGBUvECGQY -HH9?܂獠 |ؽ15i/FlG$EwG -;;߽ݤ$}/[g] \ No newline at end of file diff --git a/secrets/gatus.age b/secrets/gatus.age deleted file mode 100644 index 13d455e..0000000 --- a/secrets/gatus.age +++ /dev/null @@ -1,10 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 qLT+DQ 3vJV+PZ1IvwiFPplPEwXkaZK4y0QLxkvi/stzAV+HWg -3htQOBS3ph9+OXG2ZYtMyzErGtYRP1vzycua+vhPX+4 --> ssh-ed25519 NanIwQ 748IDG9uT6jMj0CSU3EeBqRd7lZ7NTJoUldo4FUfkFI -bYaXhcXjYgKqEaUeRZQhx9neK1pDVN3QbhblLOcGUg0 --> ssh-ed25519 LtK9yQ au/UGPL91M0sUzMeOKPOkltXWDPoWeCrUWrD2OIsJA0 -thILTQH9hrcBYBbRSZaHMODAhCKWsqomDuEK4hcKAqM ---- UpA2kIfSBwfgMxjt2x61KFAiUaV3sHQ6Gp2R87cvnwo -*D27p梔 pQ -Fufpڰ4Q5ѨeӪ ވ;ꖓz8i{@Ǘ \ No newline at end of file diff --git a/secrets/git_signing_key.age b/secrets/git_signing_key.age deleted file mode 100644 index d3a4680..0000000 Binary files a/secrets/git_signing_key.age and /dev/null differ diff --git a/secrets/git_signing_key.pub.age b/secrets/git_signing_key.pub.age deleted file mode 100644 index f0b53bc..0000000 --- a/secrets/git_signing_key.pub.age +++ /dev/null @@ -1,10 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 qLT+DQ NMzN1Cll+cH5GgEQvCRpb8c1m7CDHWBtUZ5QNMluKkg -H77YBVoCAZerRyoG90h9W6PKZbpjNBl2mfsW3Eco27w --> ssh-ed25519 7+xRyQ 67NFmrcLe9R5ni0HnvIiHcN0tlRVXpAiaVOQfIpqWzI -H7jbIgVXVl+lENksb4KUfASeIKPBI/FtHhhlQzhXwik --> ssh-ed25519 LtK9yQ jvrWRlZF/H20QARL4lWWX0cDDoIK0Et5ZMxdsPJPXn0 -g+ZaDYycq65tBEBFuDpSl1BKuCTmxCJuYqG8kSCtL9U ---- jZ2xp/oW3CgXPc8jriK53zTODB9lhDNZr8YfSYLAmio -AKw;2R -֨bS'7//kXHӖW†

ssh-ed25519 qLT+DQ jySlchGAPxdkjpZzg+5BLH7O5yM+O5a9CleBVMqbck8 -I5OEMjXJNrNKIBumXmiAMXRa1AZx0cKQ0BfM7HYCcRc --> ssh-ed25519 NanIwQ 29upo2jTQF8Vz91yWmYCXnQW4LgYcvt1TcF/HLA5klA -eQla3EMQnRPzhd5MyDL3byPhIiio0rFFM+yesPLEtv8 --> ssh-ed25519 LtK9yQ Vx/lQ6M/wYa9483YpuCwwobNuIZjv/Sy9vl695H05BQ -qqUWRnrMYfflhcznrF2QKfODDa7vmz6Uy7fk1zSpbEE ---- xunznREPjjEVRWAmqI/4xKp/NrNk6C3B1Z+3Vjf2TL4 -m{z\,TSS7Tk)hVX0mN?=ӟx TdY0[)ۓSZ:>FU֙~ \ No newline at end of file diff --git a/secrets/nzbget.age b/secrets/nzbget.age deleted file mode 100644 index 6d7bec1..0000000 --- a/secrets/nzbget.age +++ /dev/null @@ -1,9 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 qLT+DQ lEh3/6XbXaiVdCK5gEl/Vy5wIyeg4oD+1q9js0p/bG0 -5O+ivgDvislMJbvE/bSRy6mF+ie6aGK6yAoc2TWlPOk --> ssh-ed25519 7+xRyQ D03BRt3lUgEihDcJDFspP2RPt6WorIvGiRI1jnDT+gk -GuOES+KE5CUj733aSC+5wslfYRvCm27rvNnUDi/DiRE --> ssh-ed25519 LtK9yQ K35hFXPZN4JhS9L8YfG+fwE2bbWLPc4r/rsQnxq68XM -GhWHGZzESMKKhQjCXT9yDHgpa/Y7eAxwi935lWts72A ---- wlbsANHwH3ah2YNlkaefazTv2zWsxE5kHCFOGcuSJQ0 - |,K+% (E"K" m`"\:'xljujU`TF;Z9M \ No newline at end of file diff --git a/secrets/prowlarr.age b/secrets/prowlarr.age index 08436c5..bb7d73c 100644 --- a/secrets/prowlarr.age +++ b/secrets/prowlarr.age @@ -1,9 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 qLT+DQ k6AiMFgWygHRf2yPApcnQYDPaJx/Dp6BTq3+BdyBiyM -64MyfaTpMcAl8o9zkWXCoZQ5uy+7izd30A90LLiALTY --> ssh-ed25519 7+xRyQ YcPcsux5lCSDbV8hSCvhkI+1qnAmXcpd5FDmT7bMXk0 -bbkjozzt/bL7j7uJTtgkklI/qJ11zYgQsYmZhFwGV+c --> ssh-ed25519 LtK9yQ Ol8eU/Pyb3gDCsIzE1zT8FNsTCGKZZc5zfX6lW/5+2w -Gj0ssfpyQcy0vfVXgNXxzFzHGpPBOyfkR7UeRYina4A ---- +iLccZwqDkqDg2atoNRSuhEf3v3fyU6oda4vOw+BuKc -&L: 9:"| dm9v1y"vOYnx=4D \ No newline at end of file +-> ssh-ed25519 LtK9yQ YVgPDwV8XS85LpMBbpgsXmoc2E0w2qopErn//kDHJzo +ZX3RIdYPxwOzpLddoGhi0aJ4H89hcpmlPgJuyTiYzlE +-> ssh-ed25519 qLT+DQ KQMInU5B/vVG4dr0DGAFk1Yf+LbnPkV7OqfiqRaNgzo +BeMLVvtSKSKIPplIorIJSBMciQj5GYF1ltGbUn8SsJA +-> ssh-ed25519 7+xRyQ Cr+rUSSDpC5WLh/bvWKJkf2SWIcljLofx3ybcVcK0z4 +kqabKTHxNxH9xfgShKTcleNXjBf/huoU+hH9tnOx5hg +--- J6RjAbLUNOKkb2UQyVjgTyrfyrIkDFMkQtXZypBDfWw +14%6p< ($$toI8;pZb83hf!mNסc8U \ No newline at end of file diff --git a/secrets/radicale.age b/secrets/radicale.age index d8553a7..172d31e 100644 Binary files a/secrets/radicale.age and b/secrets/radicale.age differ diff --git a/secrets/readarr.age b/secrets/readarr.age deleted file mode 100644 index e0d0607..0000000 --- a/secrets/readarr.age +++ /dev/null @@ -1,10 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 qLT+DQ qeJ25W5TGvWY8xc1I5sjjtP/98nGqoRMIFk6xLIbmi8 -RhUcEjz6mFp6uNVOpOgg6fPyL2cyrZH1ZWJTrax2xOE --> ssh-ed25519 7+xRyQ jhJX/0+ZO+teoM2rUmdyFuI9V+tMe5kQaaHQFxwBGSU -fJmXSc/c3lth0cQgx8p/7G0WrnfgioSs8OcRa56B2s0 --> ssh-ed25519 LtK9yQ UH9T6lRLG0pi0P84B9Zs/22nCKAoOAwL6KAmj+536U4 -h2DEqoPLgFqmVZOk/RhAIuifCexqt3ZFsIsCDm5KI3M ---- 6FY4tnGR8EIQyCWc3Xa3t8EqwcynoORmZqsp9zWUzZM -nā]Z0rTi:EE!  -uB{4cfvޟKj^2/` \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 2bd9a15..69b1be1 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -1,7 +1,7 @@ let # keep-sorted start desktop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPHAnTQP77HQ/8nbf1oX7xftfKYtbH6MSh83wic0qdBy"; - laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOmM4LEjGPJbcUeG5363NpB3XJUyn/4B+eBCFzzuC/Td"; + laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOeu5HwuRayiXIZE35AxX6PmxHxbXZ8NTlTgHrcPwhcQ"; srv = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOeV0NxqIGIXXgLYE6ntkHE4PARceZBp1FTI7kKLBbk8"; # keep-sorted end @@ -15,31 +15,22 @@ let in { # keep-sorted start - "borgbackup-offsite.age".publicKeys = users; - "borgbackup-onsite.age".publicKeys = users; - "copyparty.age".publicKeys = users; - "gatus.age".publicKeys = users; - "git_signing_key.age".publicKeys = users; - "git_signing_key.pub.age".publicKeys = users; + "borgmatic-pg.age".publicKeys = users; + "borgmatic.age".publicKeys = users; + "copyparty-will.age".publicKeys = users; "immich.age".publicKeys = users; "jellyfin.age".publicKeys = users; - "kavita-api.age".publicKeys = users; - "kavita.age".publicKeys = users; "lidarr.age".publicKeys = users; - "mealie.age".publicKeys = users; "miniflux-creds.age".publicKeys = users; - "ntfy.age".publicKeys = users; - "nzbget.age".publicKeys = users; "paperless.age".publicKeys = users; "porkbun-api.age".publicKeys = users; "protonmail-cert.age".publicKeys = users; "protonmail-desktop-password.age".publicKeys = users; + "protonmail-laptop-password.age".publicKeys = users; "prowlarr.age".publicKeys = users; "radarr.age".publicKeys = users; "radicale.age".publicKeys = users; - "readarr.age".publicKeys = users; "sonarr.age".publicKeys = users; - "subtitles.age".publicKeys = users; "vaultwarden-admin.age".publicKeys = users; # keep-sorted end } diff --git a/secrets/subtitles.age b/secrets/subtitles.age deleted file mode 100644 index 11a88e5..0000000 Binary files a/secrets/subtitles.age and /dev/null differ diff --git a/secrets/upbank2firefly.age b/secrets/upbank2firefly.age deleted file mode 100644 index 56d99d4..0000000 Binary files a/secrets/upbank2firefly.age and /dev/null differ diff --git a/util.nix b/util.nix deleted file mode 100644 index 6606c1e..0000000 --- a/util.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - toImports = basedir: modules: map (module: basedir + "/${module}.nix") modules; -}