diff --git a/.gitignore b/.gitignore deleted file mode 100644 index e173d3f..0000000 --- a/.gitignore +++ /dev/null @@ -1,12 +0,0 @@ -/nvim/plugged/* -gtk-3.0/bookmarks -gtk-3.0/servers -gtk-4.0/servers -/fish/fish_variables -fish/fish_variables -fish/*.tmp.* -copyq/copyq.lock -copyq/copyq_geometry.* -copyq/copyq_tab* -nvim/lazy-lock.json -ncspot/*.cbor diff --git a/flake.lock b/flake.lock index 2481d6a..3633057 100644 --- a/flake.lock +++ b/flake.lock @@ -218,11 +218,11 @@ "nixvim": "nixvim" }, "locked": { - "lastModified": 1724498597, - "narHash": "sha256-rq3CS7CpkC5lLn/eDqmftyA2C7McUm+sYGUMpH2oJU4=", + "lastModified": 1724509876, + "narHash": "sha256-SvtppTW041MCVGmhKu8lsEbzVXwerLEIDcizdY0ZqEI=", "owner": "DashieTM", "repo": "DashVim", - "rev": "02e646467e4454633a7d248dfda7a7a7ecb4bf6b", + "rev": "309544615a01e9aa242ca71bff58f503273345ea", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index d9b1f91..4bab6f6 100644 --- a/flake.nix +++ b/flake.nix @@ -61,22 +61,12 @@ allowUnfree = true; }; }; - dashielib = import ./lib { inherit inputs pkgs; }; in { - nixosConfigurations = - (dashielib.build_systems [ "marmo" "overheating" "spaceship" ]) // { - server = inputs.stable.lib.nixosSystem { - specialArgs = { - inherit inputs; - pkgs = stable; - }; - modules = [ - inputs.sops-nix.nixosModules.sops - inputs.dashvim.nixosModules.dashvim - ./hardware/server/configuration.nix - ]; - }; - }; + dashNixLib = import ./lib { inherit inputs pkgs; }; + dashNixInputs = inputs; + stablePkgs = stable; + unstablePkgs = pkgs; + modules = ./modules; }; nixConfig = { diff --git a/hardware/marmo/configuration.nix b/hardware/marmo/configuration.nix deleted file mode 100644 index e0ed8ef..0000000 --- a/hardware/marmo/configuration.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ config, ... }: { - imports = [ ../../modules ]; - # variables for system - conf = { - monitor = "DP-1"; - hostname = "marmo"; - cpu = "intel"; - }; - mods = { - gaming = { - enable = true; - gpu_device = 1; - }; - stylix.colorscheme = "catppuccin-mocha"; - hyprland.monitor = [ - # default - "DP-1,1920x1080@144,0x0,1" - # all others - ",highrr,auto,1" - ]; - amdgpu.enable = true; - kde_connect.enable = true; - xone.enable = true; - greetd = { resolution = "3440x1440@180"; }; - nextcloud = { - synclist = [{ - name = "pw_sync"; - remote = "/PWs"; - local = "/home/${config.conf.username}/Music"; - }]; - }; - }; -} diff --git a/hardware/overheating/configuration.nix b/hardware/overheating/configuration.nix deleted file mode 100644 index 5ced1e6..0000000 --- a/hardware/overheating/configuration.nix +++ /dev/null @@ -1,50 +0,0 @@ -{ config, ... }: { - imports = [ ../../modules ]; - conf = { - monitor = "eDP-1"; - scale = "2.0"; - hostname = "overheating"; - boot_params = [ "rtc_cmos.use_acpi_alarm=1" ]; - ironbar.modules = [{ - type = "upower"; - class = "memory-usage"; - }]; - }; - mods = { - stylix.colorscheme = "catppuccin-mocha"; - hyprland = { - monitor = [ - # default - "eDP-1,2944x1840@90,0x0,2" - - # all others - ",highres,auto,1" - ]; - extra_autostart = [ "hyprdock --server" ]; - }; - amdgpu.enable = true; - kde_connect.enable = true; - bluetooth.enable = true; - acpid.enable = true; - greetd = { resolution = "3440x1440@180"; }; - nextcloud = { - synclist = [ - { - name = "document_sync"; - remote = "/Documents"; - local = "/home/${config.conf.username}/Documents"; - } - { - name = "picture_sync"; - remote = "/Pictures"; - local = "/home/${config.conf.username}/Pictures"; - } - { - name = "pw_sync"; - remote = "PWs"; - local = "/home/${config.conf.username}/Music"; - } - ]; - }; - }; -} diff --git a/hardware/overheating/dsdt.nix b/hardware/overheating/dsdt.nix deleted file mode 100644 index 8395d7c..0000000 --- a/hardware/overheating/dsdt.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ pkgs, ... }: -let - # credit to benley: https://github.com/benley/dotfiles/commit/325748c3a8553d55c9fab08654a77b252aa0fde7 - patched_ssdt = pkgs.stdenv.mkDerivation { - name = "patched_ssdt"; - src = ./.; - buildInputs = [ pkgs.libarchive ]; - installPhase = '' - mkdir -p kernel/firmware/acpi - cp ${./ssdt6.aml} kernel/firmware/acpi/ssdt6.aml - mkdir -p $out - echo kernel/firmware/acpi/ssdt6.aml | bsdcpio -v -o -H newc -R 0:0 > $out/lenotrolli-ssdt.img - ''; - }; - -in { - boot.kernelParams = [ "mem_sleep_default=deep" ]; - boot.initrd.prepend = [ "${patched_ssdt}/lenotrolli-ssdt.img" ]; -} diff --git a/hardware/overheating/firmware.nix b/hardware/overheating/firmware.nix deleted file mode 100644 index 8d9beed..0000000 --- a/hardware/overheating/firmware.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ pkgs, ... }: { - hardware.firmware = [ - ( - # lenovo is such a good manufacturer!!1!11! - # credit for the binary files: https://github.com/darinpp/yoga-slim-7 - pkgs.stdenv.mkDerivation { - name = "firmware-lenotrolli"; - src = ./firmware; - installPhase = '' - mkdir -p $out/lib/firmware - cp ${./firmware/TAS2XXX38BB.bin} $out/lib/firmware/TAS2XXX38BB.bin - cp ${./firmware/TIAS2781RCA4.bin} $out/lib/firmware/TIAS2781RCA4.bin - ''; - }) - ]; -} diff --git a/hardware/overheating/firmware/TAS2XXX38BB.bin b/hardware/overheating/firmware/TAS2XXX38BB.bin deleted file mode 100644 index d729b97..0000000 Binary files a/hardware/overheating/firmware/TAS2XXX38BB.bin and /dev/null differ diff --git a/hardware/overheating/firmware/TIAS2781RCA4.bin b/hardware/overheating/firmware/TIAS2781RCA4.bin deleted file mode 100644 index 481d133..0000000 Binary files a/hardware/overheating/firmware/TIAS2781RCA4.bin and /dev/null differ diff --git a/hardware/overheating/firmware/TIAS2781RCA4.bin.orig b/hardware/overheating/firmware/TIAS2781RCA4.bin.orig deleted file mode 100644 index 8698e92..0000000 Binary files a/hardware/overheating/firmware/TIAS2781RCA4.bin.orig and /dev/null differ diff --git a/hardware/overheating/overheating.nix b/hardware/overheating/overheating.nix deleted file mode 100644 index 2cc5014..0000000 --- a/hardware/overheating/overheating.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - # special hardware modules - # mostly to fix firmare and dsts - imports = [ ./dsdt.nix ./firmware.nix ]; -} diff --git a/hardware/overheating/ssdt6.aml b/hardware/overheating/ssdt6.aml deleted file mode 100644 index d8cbadd..0000000 Binary files a/hardware/overheating/ssdt6.aml and /dev/null differ diff --git a/hardware/server/configuration.nix b/hardware/server/configuration.nix deleted file mode 100644 index 26e0a84..0000000 --- a/hardware/server/configuration.nix +++ /dev/null @@ -1,342 +0,0 @@ -{ config, pkgs, inputs, ... }: -let - nextcloud_pw = (builtins.readFile /etc/nixos/nextcloud); - forgejo_pw = (builtins.readFile /etc/nixos/dbpw/forgejo); - matrix_pw = (builtins.readFile /etc/nixos/dbpw/matrix-synapse); - mautrix_signal_pw = (builtins.readFile /etc/nixos/dbpw/mautrix_signal); - mautrix_whatsapp_pw = (builtins.readFile /etc/nixos/dbpw/mautrix_whatsapp); - mautrix_discord_pw = (builtins.readFile /etc/nixos/dbpw/mautrix_discord); - - fqdn = "matrix.${config.networking.domain}"; - baseUrl = "https://${fqdn}"; - clientConfig."m.homeserver".base_url = baseUrl; - serverConfig."m.server" = "${fqdn}:443"; - mkWellKnown = data: '' - default_type application/json; - add_header Access-Control-Allow-Origin *; - return 200 '${builtins.toJSON data}'; - ''; -in { - networking.hostName = "server"; - networking.domain = "dashie.org"; - imports = [ - ./hardware-configuration.nix - ./mautrix-whatsapp.nix - ./mautrix-discord.nix - ]; - - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - boot.supportedFilesystems = [ "ntfs" ]; - - # Set your time zone. - time.timeZone = "Europe/Zurich"; - - # Define a user account. Don't forget to set a password with ‘passwd’. - users.users.root.hashedPassword = "!"; - users.users.dashie = { - isNormalUser = true; - extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. - packages = [ - inputs.dashvim.nixosModules.packages."x86_64-linux".default - pkgs.fuse - pkgs.ntfs3g - pkgs.rsync - ]; - openssh.authorizedKeys.keyFiles = [ /home/dashie/server.pub ]; - }; - - services.openssh = { - enable = true; - settings.PasswordAuthentication = false; - }; - services.mautrix-whatsapp-dashie.enable = true; - services.mautrix-discord-dashie.enable = true; - services.matrix-synapse.enable = true; - services.mautrix-signal.enable = true; - services.matrix-synapse.settings = { - server_name = "matrix.dashie.org"; - database.name = "psycopg2"; - database.args.user = "matrix-synapse"; - database.args.password = "${matrix_pw}"; - public_baseurl = "https://matrix.dashie.org"; - enable_registration = true; - enable_registration_without_verification = true; - suppress_key_server_warning = true; - max_upload_size = "1G"; - listeners = [{ - port = 8008; - bind_addresses = [ "::1" ]; - type = "http"; - tls = false; - x_forwarded = true; - resources = [{ - names = [ "client" "federation" ]; - compress = true; - }]; - }]; - }; - services.mautrix-whatsapp-dashie.settings = { - appservice = { - id = "whatsapp"; - database = { - type = "postgres"; - uri = - "postgresql:///mautrix_whatsapp?host=/run/postgresql&sslmode=disable&user=mautrix_whatsapp&password=${mautrix_whatsapp_pw}"; - }; - }; - bridge = { - encryption = { - allow = true; - default = true; - required = true; - }; - displayname_template = - "{{if .BusinessName}}{{.BusinessName}}{{else if .PushName}}{{.PushName}}{{else}}{{.JID}}{{end}}"; - permissions = { - "@fabio.lenherr:matrix.org" = "admin"; - "@dashie:matrix.dashie.org" = "admin"; - }; - }; - }; - services.mautrix-signal.settings = { - appservice = { - id = "signal"; - database = { - type = "postgres"; - uri = - "postgresql:///mautrix_signal?host=/run/postgresql&sslmode=disable&user=mautrix_signal&password=${mautrix_signal_pw}"; - }; - }; - bridge = { - encryption = { - allow = true; - default = true; - required = true; - }; - displayname_template = - ''{{or .ProfileName .PhoneNumber "Unknown user"}}''; - permissions = { - "@fabio.lenherr:matrix.org" = "admin"; - "@dashie:matrix.dashie.org" = "admin"; - }; - }; - }; - services.mautrix-discord-dashie.settings = { - appservice = { - id = "discord"; - database = { - type = "postgres"; - uri = - "postgresql:///mautrix_discord?host=/run/postgresql&sslmode=disable&user=mautrix_discord&password=${mautrix_discord_pw}"; - }; - }; - bridge = { - displayname_template = - "{{or .GlobalName .Username}}{{if .Bot}} (bot){{end}}"; - permissions = { - "@fabio.lenherr:matrix.org" = "admin"; - "@dashie:matrix.dashie.org" = "admin"; - }; - }; - }; - services.nginx = { - enable = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - }; - services.nginx.virtualHosts."dashie.org" = { - addSSL = true; - enableACME = true; - root = "/var/www/dashie.org/"; - }; - security.acme.certs."dashie.org".extraDomainNames = [ - "cloud.dashie.org" - "matrix.dashie.org" - "git.dashie.org" - "navi.dashie.org" - ]; - services.nginx.virtualHosts."cloud.dashie.org" = { - addSSL = true; - enableACME = true; - locations."/*".proxyPass = "http://127.0.0.1:12002"; - }; - services.nginx.virtualHosts."git.dashie.org" = { - forceSSL = true; - enableACME = true; - locations."/".proxyPass = "http://127.0.0.1:3000"; - }; - services.nginx.virtualHosts."navi.dashie.org" = { - addSSL = true; - enableACME = true; - locations."/".proxyPass = "http://127.0.0.1:4533"; - }; - - services.nginx.virtualHosts."localhost" = { - listen = [{ - addr = "0.0.0.0"; - port = 8448; - }]; - locations."/".proxyPass = "http://[::1]:8008"; - }; - - services.nginx.virtualHosts."matrix.dashie.org" = { - forceSSL = true; - enableACME = true; - locations."/".extraConfig = '' - return 404; - ''; - locations."/_matrix" = { proxyPass = "http://[::1]:8008"; }; - locations."/_synapse/client".proxyPass = "http://[::1]:8008"; - - locations."= /.well-known/matrix/server".extraConfig = - mkWellKnown serverConfig; - # This is usually needed for homeserver discovery (from e.g. other Matrix clients). - # Further reference can be found in the upstream docs at - # https://spec.matrix.org/latest/client-server-api/#getwell-knownmatrixclient - locations."= /.well-known/matrix/client".extraConfig = - mkWellKnown clientConfig; - extraConfig = "client_max_body_size 2G;"; - }; - - services.nextcloud.enable = true; - services.nextcloud.hostName = "cloud.dashie.org"; - services.nextcloud.https = true; - services.nextcloud.config = { - adminpassFile = "/etc/nixos/file2"; - dbuser = "nextcloud"; - dbhost = "/run/postgresql"; - dbname = "nextcloud"; - dbtype = "pgsql"; - dbpassFile = "/etc/nixos/nextcloud"; - }; - services.nextcloud.settings = { - port = 12001; - trusted_domains = [ "cloud.dashie.org" "192.168.1.23" ]; - }; - services.forgejo = { - enable = true; - database.passwordFile = /etc/nixos/dbpw/forgejo; - settings = { - server.DOMAIN = "git.dashie.org"; - server.SSH_PORT = 12008; - server.SSH_LISTEN_PORT = 12008; - server.START_SSH_SERVER = true; - service.DISABLE_REGISTRATION = true; - }; - }; - services.navidrome.enable = true; - services.navidrome.settings = { - MusicFolder = "/var/lib/nextcloud/data/DashieTM/files/Share/Music"; - }; - systemd.services."nextcloud-setup" = { - requires = [ "postgresql.service" ]; - after = [ "postgresql.service" ]; - }; - services.postgresql = { - enable = true; - authentication = pkgs.lib.mkOverride 10 '' - #type database DBuser auth-method - local all all trust - host all all 127.0.0.1/32 trust - host all all ::1/128 trust - ''; - initialScript = pkgs.writeText "backend-initScript" '' - CREATE DATABASE nextcloud; - CREATE USER nextcloud WITH ENCRYPTED PASSWORD '${nextcloud_pw}'; - GRANT ALL PRIVILEGES ON DATABASE nextcloud TO nextcloud; - - CREATE DATABASE forgejo; - CREATE USER forgejo WITH ENCRYPTED PASSWORD '${forgejo_pw}'; - GRANT ALL PRIVILEGES ON DATABASE forgejo TO forgejo; - - - CREATE USER "matrix-synapse" WITH ENCRYPTED PASSWORD '${matrix_pw}' - SELECT 'CREATE DATABASE "matrix-synapse" LOCALE "C" ENCODING UTF8 TEMPLATE template0 OWNER "matrix-synapse"' - WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'matrix-synapse')\gexec - - CREATE USER mautrix_whatsapp WITH ENCRYPTED PASSWORD '${mautrix_whatsapp_pw}' - SELECT 'CREATE DATABASE "mautrix_whatsapp" LOCALE "C" ENCODING UTF8 TEMPLATE template0 OWNER "mautrix_whatsapp"' - WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'mautrix_whatsapp')\gexec - - CREATE USER mautrix_signal WITH ENCRYPTED PASSWORD '${mautrix_signal_pw}' - SELECT 'CREATE DATABASE "mautrix_signal" LOCALE "C" ENCODING UTF8 TEMPLATE template0 OWNER "mautrix_signal"' - WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'mautrix_signal')\gexec - - CREATE USER mautrix_discord WITH ENCRYPTED PASSWORD '${mautrix_discord_pw}' - SELECT 'CREATE DATABASE "mautrix_discord" LOCALE "C" ENCODING UTF8 TEMPLATE template0 OWNER "mautrix_discord"' - WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'mautrix_discord')\gexec - ''; - }; - security.acme = { - acceptTerms = true; - defaults.email = "fabio.lenherr@gmail.com"; - }; - - networking.firewall = { - enable = true; - allowedTCPPorts = [ 22 80 443 4534 8448 12002 12004 12006 12008 ]; - }; - networking.firewall.allowPing = true; - services.samba = { - enable = true; - securityType = "user"; - openFirewall = true; - extraConfig = '' - workgroup = WORKGROUP - server string = smbnix - netbios name = smbnix - security = user - #use sendfile = yes - max protocol = smb3 - # note: localhost is the ipv6 localhost ::1 - hosts allow = 192.168.1. 127.0.0.1 localhost - hosts deny = 0.0.0.0/0 - guest account = nobody - map to guest = bad user - ''; - shares = { - public = { - path = "/mnt/Shares/Public"; - browseable = "yes"; - "read only" = "no"; - "guest ok" = "yes"; - "create mask" = "0644"; - "directory mask" = "0755"; - }; - }; - }; - services.samba-wsdd = { - enable = true; - openFirewall = true; - }; - services.cron = { - enable = true; - systemCronJobs = [ - "0 4 * * FRI nobody rsync -ato /var/lib/nextcloud/data /mnt/dump3/nextcloud" - "0 4 * * FRI nobody pg_dympall > /mnt/dump3/sqdump.sql" - ]; - }; - - hardware.cpu.intel.updateMicrocode = true; - system.stateVersion = "24.05"; - - nix = { - settings = { experimental-features = "nix-command flakes"; }; - extraOptions = '' - !include ${config.sops.secrets.access.path} - ''; - }; - - sops = { - gnupg = { - home = "~/.gnupg"; - sshKeyPaths = [ ]; - }; - defaultSopsFile = ../../secrets/secrets.yaml; - secrets.access = { }; - }; -} diff --git a/hardware/server/hardware-configuration.nix b/hardware/server/hardware-configuration.nix deleted file mode 100644 index 660cf69..0000000 --- a/hardware/server/hardware-configuration.nix +++ /dev/null @@ -1,56 +0,0 @@ -{ config, lib, modulesPath, ... }: { - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - - boot.initrd.availableKernelModules = - [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/678ecbd1-a5ce-4530-a959-ffb48f76aa43"; - fsType = "btrfs"; - }; - - fileSystems."/var/lib/nextcloud" = { - device = "/dev/disk/by-label/nextcloud"; - fsType = "ext4"; - }; - - fileSystems."/mnt/dump3" = { - device = "/dev/disk/by-label/backup"; - fsType = "ext4"; - }; - - fileSystems."/mnt/dump1" = { - device = "/dev/disk/by-uuid/CC60532860531912"; - fsType = "ntfs-3g"; - options = [ "rw" "uid=1000" ]; - }; - - fileSystems."/mnt/dump2" = { - device = "/dev/disk/by-uuid/F46896AE68966EDC"; - fsType = "ntfs-3g"; - options = [ "rw" "uid=1000" ]; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/B7BE-AB1C"; - fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; - }; - - swapDevices = - [{ device = "/dev/disk/by-uuid/832dce11-b4c4-476c-ab28-bd98275a542c"; }]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = - lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/hardware/server/mautrix-discord.nix b/hardware/server/mautrix-discord.nix deleted file mode 100644 index 90bbe0b..0000000 --- a/hardware/server/mautrix-discord.nix +++ /dev/null @@ -1,247 +0,0 @@ -# derived from mautrix signal on nixpkgs -> https://github.com/NixOS/nixpkgs/blob/nixos-24.05/pkgs/servers/mautrix-signal/default.nix#L27 -{ lib, config, pkgs, ... }: -let - cfg = config.services.mautrix-discord-dashie; - dataDir = "/var/lib/mautrix-discord"; - registrationFile = "${dataDir}/discord-registration.yaml"; - settingsFile = "${dataDir}/config.yaml"; - settingsFileUnsubstituted = - settingsFormat.generate "mautrix-discord-config-unsubstituted.json" - cfg.settings; - settingsFormat = pkgs.formats.json { }; - appservicePort = 29334; - - # to be used with a list of lib.mkIf values - optOneOf = lib.lists.findFirst (value: value.condition) (lib.mkIf false null); - mkDefaults = lib.mapAttrsRecursive (n: v: lib.mkDefault v); - defaultConfig = { - homeserver.address = "http://localhost:8448"; - appservice = { - hostname = "[::]"; - port = appservicePort; - database.type = "sqlite3"; - database.uri = "file:${dataDir}/mautrix-discord.db?_txlock=immediate"; - id = "discord"; - bot = { - username = "discordbot"; - displayname = "Discord Bridge Bot"; - }; - as_token = ""; - hs_token = ""; - }; - bridge = { - username_template = "discord_{{.}}"; - displayname_template = - ''{{or .ProfileName .PhoneNumber "Unknown user"}}''; - double_puppet_server_map = { }; - login_shared_secret_map = { }; - command_prefix = "!discord"; - permissions."*" = "relay"; - relay.enabled = true; - }; - logging = { - min_level = "info"; - writers = lib.singleton { - type = "stdout"; - format = "pretty-colored"; - time_format = " "; - }; - }; - }; - -in { - options.services.mautrix-discord-dashie = { - enable = - lib.mkEnableOption "mautrix-discord, a Matrix-Discord puppeting bridge."; - - settings = lib.mkOption { - apply = lib.recursiveUpdate defaultConfig; - type = settingsFormat.type; - default = defaultConfig; - description = '' - {file}`config.yaml` configuration as a Nix attribute set. - Configuration options should match those described in - [example-config.yaml](https://github.com/mautrix/discord/blob/master/example-config.yaml). - Secret tokens should be specified using {option}`environmentFile` - instead of this world-readable attribute set. - ''; - example = { - appservice = { - database = { - type = "postgres"; - uri = "postgresql:///mautrix_discord?host=/run/postgresql"; - }; - id = "discord"; - ephemeral_events = false; - }; - bridge = { - history_sync = { request_full_sync = true; }; - private_chat_portal_meta = true; - mute_bridging = true; - encryption = { - allow = true; - default = true; - require = true; - }; - provisioning = { shared_secret = "disable"; }; - permissions = { "example.com" = "user"; }; - }; - }; - }; - - environmentFile = lib.mkOption { - type = lib.types.nullOr lib.types.path; - default = null; - description = '' - File containing environment variables to be passed to the mautrix-discord service. - If an environment variable `MAUTRIX_DISCORD_BRIDGE_LOGIN_SHARED_SECRET` is set, - then its value will be used in the configuration file for the option - `login_shared_secret_map` without leaking it to the store, using the configured - `homeserver.domain` as key. - See [here](https://github.com/mautrix/discord/blob/main/example-config.yaml) - for the documentation of `login_shared_secret_map`. - ''; - }; - - serviceDependencies = lib.mkOption { - type = with lib.types; listOf str; - default = (lib.optional config.services.matrix-synapse.enable - config.services.matrix-synapse.serviceUnit) - ++ (lib.optional config.services.matrix-conduit.enable - "conduit.service"); - defaultText = lib.literalExpression '' - (optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnit) - ++ (optional config.services.matrix-conduit.enable "conduit.service") - ''; - description = '' - List of systemd units to require and wait for when starting the application service. - ''; - }; - - registerToSynapse = lib.mkOption { - type = lib.types.bool; - default = config.services.matrix-synapse.enable; - defaultText = lib.literalExpression '' - config.services.matrix-synapse.enable - ''; - description = '' - Whether to add the bridge's app service registration file to - `services.matrix-synapse.settings.app_service_config_files`. - ''; - }; - }; - - config = lib.mkIf cfg.enable { - - users.users.mautrix-discord = { - isSystemUser = true; - group = "mautrix-discord"; - home = dataDir; - description = "mautrix-discord bridge user"; - }; - - users.groups.mautrix-discord = { }; - - services.matrix-synapse = lib.mkIf cfg.registerToSynapse { - settings.app_service_config_files = [ registrationFile ]; - }; - systemd.services.matrix-synapse = lib.mkIf cfg.registerToSynapse { - serviceConfig.SupplementaryGroups = [ "mautrix-discord" ]; - }; - - # Note: this is defined here to avoid the docs depending on `config` - services.mautrix-discord-dashie.settings.homeserver = optOneOf - (with config.services; [ - (lib.mkIf matrix-synapse.enable - (mkDefaults { domain = matrix-synapse.settings.server_name; })) - (lib.mkIf matrix-conduit.enable (mkDefaults { - domain = matrix-conduit.settings.global.server_name; - address = - "http://localhost:${toString matrix-conduit.settings.global.port}"; - })) - ]); - - systemd.services.mautrix-discord-dashie = { - description = "mautrix-discord, a Matrix-Discord puppeting bridge."; - - wantedBy = [ "multi-user.target" ]; - wants = [ "network-online.target" ] ++ cfg.serviceDependencies; - after = [ "network-online.target" ] ++ cfg.serviceDependencies; - # ffmpeg is required for conversion of voice messages - path = [ pkgs.ffmpeg-headless ]; - - preStart = '' - # substitute the settings file by environment variables - # in this case read from EnvironmentFile - test -f '${settingsFile}' && rm -f '${settingsFile}' - old_umask=$(umask) - umask 0177 - ${pkgs.envsubst}/bin/envsubst \ - -o '${settingsFile}' \ - -i '${settingsFileUnsubstituted}' - umask $old_umask - - # generate the appservice's registration file if absent - if [ ! -f '${registrationFile}' ]; then - ${pkgs.mautrix-discord}/bin/mautrix-discord \ - --generate-registration \ - --config='${settingsFile}' \ - --registration='${registrationFile}' - fi - chmod 640 ${registrationFile} - - umask 0177 - # 1. Overwrite registration tokens in config - # 2. If environment variable MAUTRIX_DISCORD_BRIDGE_LOGIN_SHARED_SECRET - # is set, set it as the login shared secret value for the configured - # homeserver domain. - ${pkgs.yq}/bin/yq -s '.[0].appservice.as_token = .[1].as_token - | .[0].appservice.hs_token = .[1].hs_token - | .[0] - | if env.MAUTRIX_DISCORD_BRIDGE_LOGIN_SHARED_SECRET then .bridge.login_shared_secret_map.[.homeserver.domain] = env.MAUTRIX_DISCORD_BRIDGE_LOGIN_SHARED_SECRET else . end' \ - '${settingsFile}' '${registrationFile}' > '${settingsFile}.tmp' - mv '${settingsFile}.tmp' '${settingsFile}' - umask $old_umask - ''; - - serviceConfig = { - User = "mautrix-discord"; - Group = "mautrix-discord"; - EnvironmentFile = cfg.environmentFile; - StateDirectory = baseNameOf dataDir; - WorkingDirectory = dataDir; - ExecStart = '' - ${pkgs.mautrix-discord}/bin/mautrix-discord \ - --config='${settingsFile}' \ - --registration='${registrationFile}' - ''; - LockPersonality = true; - MemoryDenyWriteExecute = true; - NoNewPrivileges = true; - PrivateDevices = true; - PrivateTmp = true; - PrivateUsers = true; - ProtectClock = true; - ProtectControlGroups = true; - ProtectHome = true; - ProtectHostname = true; - ProtectKernelLogs = true; - ProtectKernelModules = true; - ProtectKernelTunables = true; - ProtectSystem = "strict"; - Restart = "on-failure"; - RestartSec = "30s"; - RestrictRealtime = true; - RestrictSUIDSGID = true; - SystemCallArchitectures = "native"; - SystemCallErrorNumber = "EPERM"; - SystemCallFilter = [ "@system-service" ]; - Type = "simple"; - UMask = 27; - }; - restartTriggers = [ settingsFileUnsubstituted ]; - }; - }; - meta.maintainers = with lib.maintainers; [ niklaskorz ]; -} - diff --git a/hardware/server/mautrix-whatsapp.nix b/hardware/server/mautrix-whatsapp.nix deleted file mode 100644 index 82696f6..0000000 --- a/hardware/server/mautrix-whatsapp.nix +++ /dev/null @@ -1,247 +0,0 @@ -# derived from mautrix signal on nixpkgs -> https://github.com/NixOS/nixpkgs/blob/nixos-24.05/pkgs/servers/mautrix-signal/default.nix#L27 -{ lib, config, pkgs, ... }: -let - cfg = config.services.mautrix-whatsapp-dashie; - dataDir = "/var/lib/mautrix-whatsapp"; - registrationFile = "${dataDir}/whatsapp-registration.yaml"; - settingsFile = "${dataDir}/config.yaml"; - settingsFileUnsubstituted = - settingsFormat.generate "mautrix-whatsapp-config-unsubstituted.json" - cfg.settings; - settingsFormat = pkgs.formats.json { }; - appservicePort = 29318; - - # to be used with a list of lib.mkIf values - optOneOf = lib.lists.findFirst (value: value.condition) (lib.mkIf false null); - mkDefaults = lib.mapAttrsRecursive (n: v: lib.mkDefault v); - defaultConfig = { - homeserver.address = "http://localhost:8448"; - appservice = { - hostname = "[::]"; - port = appservicePort; - database.type = "sqlite3"; - database.uri = "file:${dataDir}/mautrix-whatsapp.db?_txlock=immediate"; - id = "whatsapp"; - bot = { - username = "whatsappbot"; - displayname = "Whatsapp Bridge Bot"; - }; - as_token = ""; - hs_token = ""; - }; - bridge = { - username_template = "whatsapp_{{.}}"; - displayname_template = - ''{{or .ProfileName .PhoneNumber "Unknown user"}}''; - double_puppet_server_map = { }; - login_shared_secret_map = { }; - command_prefix = "!whatsapp"; - permissions."*" = "relay"; - relay.enabled = true; - }; - logging = { - min_level = "info"; - writers = lib.singleton { - type = "stdout"; - format = "pretty-colored"; - time_format = " "; - }; - }; - }; - -in { - options.services.mautrix-whatsapp-dashie = { - enable = lib.mkEnableOption - "mautrix-whatsapp, a Matrix-Whatsapp puppeting bridge."; - - settings = lib.mkOption { - apply = lib.recursiveUpdate defaultConfig; - type = settingsFormat.type; - default = defaultConfig; - description = '' - {file}`config.yaml` configuration as a Nix attribute set. - Configuration options should match those described in - [example-config.yaml](https://github.com/mautrix/whatsapp/blob/master/example-config.yaml). - Secret tokens should be specified using {option}`environmentFile` - instead of this world-readable attribute set. - ''; - example = { - appservice = { - database = { - type = "postgres"; - uri = "postgresql:///mautrix_whatsapp?host=/run/postgresql"; - }; - id = "whatsapp"; - ephemeral_events = false; - }; - bridge = { - history_sync = { request_full_sync = true; }; - private_chat_portal_meta = true; - mute_bridging = true; - encryption = { - allow = true; - default = true; - require = true; - }; - provisioning = { shared_secret = "disable"; }; - permissions = { "example.com" = "user"; }; - }; - }; - }; - - environmentFile = lib.mkOption { - type = lib.types.nullOr lib.types.path; - default = null; - description = '' - File containing environment variables to be passed to the mautrix-whatsapp service. - If an environment variable `MAUTRIX_WHATSAPP_BRIDGE_LOGIN_SHARED_SECRET` is set, - then its value will be used in the configuration file for the option - `login_shared_secret_map` without leaking it to the store, using the configured - `homeserver.domain` as key. - See [here](https://github.com/mautrix/whatsapp/blob/main/example-config.yaml) - for the documentation of `login_shared_secret_map`. - ''; - }; - - serviceDependencies = lib.mkOption { - type = with lib.types; listOf str; - default = (lib.optional config.services.matrix-synapse.enable - config.services.matrix-synapse.serviceUnit) - ++ (lib.optional config.services.matrix-conduit.enable - "conduit.service"); - defaultText = lib.literalExpression '' - (optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnit) - ++ (optional config.services.matrix-conduit.enable "conduit.service") - ''; - description = '' - List of systemd units to require and wait for when starting the application service. - ''; - }; - - registerToSynapse = lib.mkOption { - type = lib.types.bool; - default = config.services.matrix-synapse.enable; - defaultText = lib.literalExpression '' - config.services.matrix-synapse.enable - ''; - description = '' - Whether to add the bridge's app service registration file to - `services.matrix-synapse.settings.app_service_config_files`. - ''; - }; - }; - - config = lib.mkIf cfg.enable { - - users.users.mautrix-whatsapp = { - isSystemUser = true; - group = "mautrix-whatsapp"; - home = dataDir; - description = "mautrix-whatsapp bridge user"; - }; - - users.groups.mautrix-whatsapp = { }; - - services.matrix-synapse = lib.mkIf cfg.registerToSynapse { - settings.app_service_config_files = [ registrationFile ]; - }; - systemd.services.matrix-synapse = lib.mkIf cfg.registerToSynapse { - serviceConfig.SupplementaryGroups = [ "mautrix-whatsapp" ]; - }; - - # Note: this is defined here to avoid the docs depending on `config` - services.mautrix-whatsapp-dashie.settings.homeserver = optOneOf - (with config.services; [ - (lib.mkIf matrix-synapse.enable - (mkDefaults { domain = matrix-synapse.settings.server_name; })) - (lib.mkIf matrix-conduit.enable (mkDefaults { - domain = matrix-conduit.settings.global.server_name; - address = - "http://localhost:${toString matrix-conduit.settings.global.port}"; - })) - ]); - - systemd.services.mautrix-whatsapp-dashie = { - description = "mautrix-whatsapp, a Matrix-Whatsapp puppeting bridge."; - - wantedBy = [ "multi-user.target" ]; - wants = [ "network-online.target" ] ++ cfg.serviceDependencies; - after = [ "network-online.target" ] ++ cfg.serviceDependencies; - # ffmpeg is required for conversion of voice messages - path = [ pkgs.ffmpeg-headless ]; - - preStart = '' - # substitute the settings file by environment variables - # in this case read from EnvironmentFile - test -f '${settingsFile}' && rm -f '${settingsFile}' - old_umask=$(umask) - umask 0177 - ${pkgs.envsubst}/bin/envsubst \ - -o '${settingsFile}' \ - -i '${settingsFileUnsubstituted}' - umask $old_umask - - # generate the appservice's registration file if absent - if [ ! -f '${registrationFile}' ]; then - ${pkgs.mautrix-whatsapp}/bin/mautrix-whatsapp \ - --generate-registration \ - --config='${settingsFile}' \ - --registration='${registrationFile}' - fi - chmod 640 ${registrationFile} - - umask 0177 - # 1. Overwrite registration tokens in config - # 2. If environment variable MAUTRIX_WHATSAPP_BRIDGE_LOGIN_SHARED_SECRET - # is set, set it as the login shared secret value for the configured - # homeserver domain. - ${pkgs.yq}/bin/yq -s '.[0].appservice.as_token = .[1].as_token - | .[0].appservice.hs_token = .[1].hs_token - | .[0] - | if env.MAUTRIX_WHATSAPP_BRIDGE_LOGIN_SHARED_SECRET then .bridge.login_shared_secret_map.[.homeserver.domain] = env.MAUTRIX_WHATSAPP_BRIDGE_LOGIN_SHARED_SECRET else . end' \ - '${settingsFile}' '${registrationFile}' > '${settingsFile}.tmp' - mv '${settingsFile}.tmp' '${settingsFile}' - umask $old_umask - ''; - - serviceConfig = { - User = "mautrix-whatsapp"; - Group = "mautrix-whatsapp"; - EnvironmentFile = cfg.environmentFile; - StateDirectory = baseNameOf dataDir; - WorkingDirectory = dataDir; - ExecStart = '' - ${pkgs.mautrix-whatsapp}/bin/mautrix-whatsapp \ - --config='${settingsFile}' \ - --registration='${registrationFile}' - ''; - LockPersonality = true; - MemoryDenyWriteExecute = true; - NoNewPrivileges = true; - PrivateDevices = true; - PrivateTmp = true; - PrivateUsers = true; - ProtectClock = true; - ProtectControlGroups = true; - ProtectHome = true; - ProtectHostname = true; - ProtectKernelLogs = true; - ProtectKernelModules = true; - ProtectKernelTunables = true; - ProtectSystem = "strict"; - Restart = "on-failure"; - RestartSec = "30s"; - RestrictRealtime = true; - RestrictSUIDSGID = true; - SystemCallArchitectures = "native"; - SystemCallErrorNumber = "EPERM"; - SystemCallFilter = [ "@system-service" ]; - Type = "simple"; - UMask = 27; - }; - restartTriggers = [ settingsFileUnsubstituted ]; - }; - }; - meta.maintainers = with lib.maintainers; [ niklaskorz ]; -} - diff --git a/hardware/spaceship/configuration.nix b/hardware/spaceship/configuration.nix deleted file mode 100644 index cf6c08c..0000000 --- a/hardware/spaceship/configuration.nix +++ /dev/null @@ -1,106 +0,0 @@ -{ config, ... }: -let username = config.conf.username; -in { - imports = [ ../../modules ]; - - # config variables - conf = { - monitor = "DP-1"; - streamdeck.enable = false; - hostname = "spaceship"; - }; - mods = { - # f to pay respect - teams.enable = true; - coding = { jetbrains = true; }; - gaming = { enable = true; }; - stylix.colorscheme = "catppuccin-mocha"; - hyprland = { - monitor = [ - # default - "DP-2,2560x1440@165,0x0,1" - "DP-1,3440x1440@180,2560x0,1,vrr,0" - "DP-3,1920x1080@144,6000x0,1" - "DP-3,transform,1" - - # all others - ",highrr,auto,1" - ]; - - workspace = [ - # workspaces - # monitor middle - "2,monitor:DP-1, default:true" - "4,monitor:DP-1" - "6,monitor:DP-1" - "8,monitor:DP-1" - "9,monitor:DP-1" - "10,monitor:DP-1" - - # monitor left - "1,monitor:DP-2, default:true" - "5,monitor:DP-2" - "7,monitor:DP-2" - - # monitor right - "3,monitor:DP-3, default:true" - ]; - hyprpaper.config = '' - #load - preload = /home/${username}/Pictures/backgrounds/shinobu_2k.jpg - preload = /home/${username}/Pictures/backgrounds/shino_wide.png - preload = /home/${username}/Pictures/backgrounds/shinobu_1080.jpg - - #set - wallpaper = DP-2,/home/${username}/Pictures/backgrounds/shinobu_2k.jpg - wallpaper = DP-1,/home/${username}/Pictures/backgrounds/shino_wide.png - wallpaper = DP-3,/home/${username}/Pictures/backgrounds/shinobu_1080.jpg - splash = true - ''; - extra_autostart = [ "flatpak run com.core447.StreamController -b" ]; - }; - extraDrives = [{ - name = "drive2"; - drive = { - device = "/dev/disk/by-label/DRIVE2"; - fsType = "ext4"; - options = [ "noatime" "nodiratime" "discard" ]; - }; - }]; - virtualbox.enable = true; - kde_connect.enable = true; - xone.enable = true; - amdgpu.enable = true; - piper.enable = true; - flatpak.additional_packages = [ "com.core447.StreamController" ]; - vapi = { - enable = true; - rocm.enable = true; - }; - greetd = { resolution = "3440x1440@180"; }; - nextcloud = { - synclist = [ - { - name = "document_sync"; - remote = "/Documents"; - local = "/home/${config.conf.username}/Documents"; - } - { - name = "picture_sync"; - remote = "/Pictures"; - local = "/home/${config.conf.username}/Pictures"; - } - { - name = "phone_sync"; - remote = "Phone/Stuff"; - local = "/home/${config.conf.username}/Videos/Phone/Stuff"; - } - { - name = "pw_sync"; - remote = "PWs"; - local = "/home/${config.conf.username}/Music"; - } - ]; - }; - }; -} diff --git a/lib/default.nix b/lib/default.nix index 9472ccd..0e075fc 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -1,8 +1,12 @@ -{ inputs, pkgs, ... }: { - build_systems = systems: +{ inputs, pkgs, ... }: +let +in { + build_systems = systems: root: builtins.listToAttrs (map (name: { name = name; - value = let mod = ../hardware/${name}/configuration.nix; + value = let + mod = root + /${name}/configuration.nix; + additionalConfig = root + /${name}/${name}.nix; in inputs.nixpkgs.lib.nixosSystem { specialArgs = { inherit inputs pkgs mod; }; modules = [ @@ -10,10 +14,10 @@ inputs.stylix.nixosModules.stylix ../base ../programs + ../modules mod - ] ++ inputs.nixpkgs.lib.optional - (builtins.pathExists ../hardware/${name}/${name}.nix) - ../hardware/${name}/${name}.nix + ] ++ inputs.nixpkgs.lib.optional (builtins.pathExists additionalConfig) + additionalConfig ++ inputs.nixpkgs.lib.optional (builtins.pathExists mod) mod; }; }) systems); diff --git a/modules/conf.nix b/modules/conf.nix index 4f6e334..c730f54 100644 --- a/modules/conf.nix +++ b/modules/conf.nix @@ -101,6 +101,16 @@ ''; }; + build-command = lib.mkOption { + default = + "sudo nixos-rebuild switch --flake /home/${config.conf.username}/gits/dotFiles/."; + example = "yourpath/."; + type = lib.types.str; + description = '' + The path for your build command, you can then simply type rebuild to switch to a new configuration. + ''; + }; + nvim-colorscheme = lib.mkOption { default = { tokyonight = { enable = true; }; }; example = { catppuccin = { enable = true; }; }; diff --git a/modules/programs/home_packages.nix b/modules/programs/home_packages.nix index 81a0c34..0967394 100644 --- a/modules/programs/home_packages.nix +++ b/modules/programs/home_packages.nix @@ -28,6 +28,7 @@ kitty fish ripgrep + # TODO add fcp once fixed.... rm-improved bat fd diff --git a/programs/default.nix b/programs/default.nix index f54dc0d..48643cf 100644 --- a/programs/default.nix +++ b/programs/default.nix @@ -14,6 +14,7 @@ let inputs.nix-flatpak.homeManagerModules.nix-flatpak inputs.sops-nix.homeManagerModules.sops inputs.dashvim.homeManagerModules.dashvim + ../modules ]; in { xdg = { diff --git a/programs/individual_configs/fish.nix b/programs/individual_configs/fish.nix index 8f3fd64..9acd841 100644 --- a/programs/individual_configs/fish.nix +++ b/programs/individual_configs/fish.nix @@ -14,7 +14,7 @@ set EDITOR "neovide --no-fork" - alias rebuild='sudo nixos-rebuild switch --flake /home/${config.conf.username}/gits/dotFiles/.' + alias rebuild='${config.conf.build-command}' abbr --add ls 'lsd' abbr --add :q 'exit' abbr --add gh 'git push origin'