diff options
| author | Preston Pan <ret2pop@nullring.xyz> | 2026-02-28 20:20:41 -0800 |
|---|---|---|
| committer | Preston Pan <ret2pop@nullring.xyz> | 2026-02-28 20:20:41 -0800 |
| commit | 99a6f13e70b366a858a543f145528152164858e5 (patch) | |
| tree | ac65987c6a0cd142943ab0c5b45616a1c1356486 /config | |
| parent | befb04f3a1cbf7e55da26e08f8c974e72ff6f1cf (diff) | |
use librewolf instead; fix a bunch of problems
Diffstat (limited to 'config')
| -rw-r--r-- | config/emacs.org | 7 | ||||
| -rw-r--r-- | config/nix.org | 1066 |
2 files changed, 413 insertions, 660 deletions
diff --git a/config/emacs.org b/config/emacs.org index 69316e5..642377d 100644 --- a/config/emacs.org +++ b/config/emacs.org @@ -26,7 +26,7 @@ Emacs is self documenting, after all! (warning-minimum-level :emergency "Supress emacs warnings") (confirm-kill-processes nil "Don't ask to quit") (debug-ignored-errors (cons 'remote-file-error debug-ignored-errors) "Remove annoying error from debug errors") - (browse-url-generic-program "firefox") + (browse-url-generic-program "librewolf") (browse-url-secondary-browser-function 'browse-url-generic) (browse-url-browser-function 'browse-url-generic) @@ -36,6 +36,7 @@ Emacs is self documenting, after all! (mouse-wheel-follow-mouse 't "Scroll correct window") (scroll-conservatively 101 "Sort of smooth scrolling") (scroll-step 1 "Scroll one line at a time") + (debug-on-error nil "Don't make the annoying popups") (display-time-24hr-format t "Use 24 hour format to read the time") (display-line-numbers-type 'relative "Relative line numbers for easy vim jumping") (use-short-answers t "Use y instead of yes") @@ -724,7 +725,7 @@ For all my mathematics and programming notes: :after (org) :custom (org-roam-db-update-on-save t "Update org-roam db") - (org-roam-graph-viewer "firefox" "Use firefox to view org-roam graph") + (org-roam-graph-viewer "librewolf" "Use librewolf to view org-roam graph") (org-roam-directory (file-truename "~/monorepo/mindmap") "Set org-roam directory inside monorepo") (org-roam-capture-templates '(("d" "default" plain "%?" :target (file+head "${title}.org" @@ -742,7 +743,7 @@ For all my mathematics and programming notes: (org-roam-ui-sync-theme t "Use emacs theme for org-roam-ui") (org-roam-ui-follow t "Have cool visual while editing org-roam") (org-roam-ui-update-on-save t "This option is obvious") - (org-roam-ui-open-on-start t "Have cool visual open in firefox when emacs loads")) + (org-roam-ui-open-on-start t "Have cool visual open in librewolf when emacs loads")) #+end_src ** Pinentry diff --git a/config/nix.org b/config/nix.org index 48e334f..171726f 100644 --- a/config/nix.org +++ b/config/nix.org @@ -90,6 +90,11 @@ and now for the main flake: url = "github:nixpak/nixpak"; inputs.nixpkgs.follows = "nixpkgs"; }; + + git-hooks = { + url = "github:cachix/git-hooks.nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = { @@ -143,7 +148,9 @@ and now for the main flake: nixos-dns.nixosModules.dns { nixpkgs.overlays = [ nur.overlays.default ]; - home-manager.extraSpecialArgs = attrs // { systemHostName = "${hostname}"; }; + home-manager.extraSpecialArgs = attrs // { + systemHostName = "${hostname}"; + }; networking.hostName = "${hostname}"; } (./. + "/systems/${hostname}/default.nix") @@ -320,6 +327,20 @@ largely self-documenting. description = "Internet name to be used for internet usernames"; }; + sshKey = lib.mkOption { + type = lib.types.str; + default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICts6+MQiMwpA+DfFQxjIN214Jn0pCw/2BDvOzPhR/H2 preston@continuity-dell"; + example = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICts6+MQiMwpA+DfFQxjIN214Jn0pCw/2BDvOzPhR/H2 preston@continuity-dell"; + description = "Admin public key for managing multiple configurations"; + }; + + dkimKey = lib.mkOption { + type = lib.types.str; + default = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsC9GpfjvQlldPrHAC7Yt+ZF0aduUIVV4j2+KUkF0j6NsrpOgvU6COWKQSod/B/qyPBLWf+w5P5YiJ9XnOgw6Db/I9C67eusEHnV/cbvokXLQjSBvXee1OEdrT9i+6iUgDeGWP4CrD1DcwvXzAcCI9exy3yALHVlbkyYvi0KAYofs8dVQ3JCwSCMlol71lA6ULJ2zbCIWeSOv9/C6QZ5HOIeeoFLesX6O/YvF4FYxWbSHy244TXYuczQKuayjKgD6e8gIT5WJRQj8IAWOQ2podWw6hSuB3Ig+ekoOfnl5ivJGOMbAzFTj8FtbS4ncyidLU1kIOeuLfiILeDDLlIeYTwIDAQAB"; + example = "string_after_p="; + description = "dkim key to put in host record for email"; + }; + repoName = lib.mkOption { type = lib.types.str; default = "monorepo"; @@ -327,6 +348,20 @@ largely self-documenting. description = "Name of this repository"; }; + projects = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ + "monorepo" + "nullerbot" + ]; + example = [ + "project1" + "project2" + "project3" + ]; + description = "Names of repos that will have mailing lists"; + }; + fileSystem = lib.mkOption { type = lib.types.str; default = "ext4"; @@ -339,13 +374,6 @@ largely self-documenting. description = "retains a copy of the disko spec for reflection"; }; - userName = lib.mkOption { - type = lib.types.str; - default = "preston"; - example = "myUser"; - description = "system username"; - }; - fullName = lib.mkOption { type = lib.types.str; default = "Preston Pan"; @@ -353,6 +381,13 @@ largely self-documenting. description = "Full Name"; }; + userName = lib.mkOption { + type = lib.types.str; + default = "preston"; + example = "myUser"; + description = "system username"; + }; + gpgKey = lib.mkOption { type = lib.types.str; default = "AEC273BF75B6F54D81343A1AC1FE6CED393AE6C1"; @@ -371,7 +406,14 @@ largely self-documenting. type = lib.types.str; default = "${vars.orgHost}"; example = "orgname.org"; - description = "Domain name of your organization"; + description = "Domain name of your organization, points to same VPS as remoteHost"; + }; + + email = lib.mkOption { + type = lib.types.str; + default = "${vars.internetName}@${vars.orgHost}"; + example = "example@example.org"; + description = "Admin email address"; }; timeZone = lib.mkOption { @@ -475,11 +517,8 @@ the yaml file specified. Yes, this is safe to include in the repo. owner = "public-inbox"; group = "public-inbox"; mode = "0400"; - content = '' - machine mail.${config.monorepo.vars.orgHost} login monorepo@${config.monorepo.vars.orgHost} password ${config.sops.placeholder."mail_monorepo_password_pi"} - machine mail.${config.monorepo.vars.orgHost} login discussion@${config.monorepo.vars.orgHost} password ${config.sops.placeholder."mail_monorepo_password_pi"} - machine mail.${config.monorepo.vars.orgHost} login nullerbot@${config.monorepo.vars.orgHost} password ${config.sops.placeholder."mail_monorepo_password_pi"} - ''; + content = (builtins.concatStringsSep "\n" (builtins.map (x: "machine mail.${config.monorepo.vars.orgHost} login ${x}@${config.monorepo.vars.orgHost} password ${config.sops.placeholder."mail_monorepo_password_pi"}") config.monorepo.vars.projects)) + '' + machine mail.${config.monorepo.vars.orgHost} login discussion@${config.monorepo.vars.orgHost} password ${config.sops.placeholder."mail_monorepo_password_pi"}''; }; "matterbridge" = { owner = "matterbridge"; @@ -888,7 +927,7 @@ for users: modules = [ "simple_away" ]; }; "nullring" = { - server = "nullring.xyz"; + server = "${config.monorepo.vars.orgHost}"; port = 6697; useSSL = true; modules = [ "simple_away" "log" ]; @@ -1192,11 +1231,12 @@ I run my own git server in order to have a mirror in case github goes down. services.gitDaemon = { enable = lib.mkDefault config.monorepo.profiles.server.enable; exportAll = true; - basePath = "/srv/git"; + basePath = "${config.users.users.git.home}"; }; } #+end_src ** Ntfy +I want to have notifications on my phone, and run my own server to do this. #+begin_src nix :tangle ../nix/modules/ntfy-sh.nix { pkgs, lib, config, ... }: { @@ -1254,114 +1294,109 @@ to the outside world under a domain. #+begin_src nix :tangle ../nix/modules/nginx.nix { config, lib, ... }: { - services.nginx = { - enable = lib.mkDefault config.monorepo.profiles.server.enable; - user = "nginx"; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedTlsSettings = true; - recommendedProxySettings = false; - - gitweb = { + config = lib.mkIf config.monorepo.profiles.server.enable { + services.nginx = { enable = true; - virtualHost = "${config.monorepo.vars.orgHost}"; - }; - - virtualHosts = { - "matrix.${config.monorepo.vars.orgHost}" = { - enableACME = true; - forceSSL = true; - listen = [ - { - addr = "0.0.0.0"; - port = 443; - ssl = true; - } - { - addr = "[::]"; - port = 443; - ssl = true; - } - { - addr = "0.0.0.0"; - port = 8448; - ssl = true; - } - { - addr = "[::]"; - port = 8448; - ssl = true; - } - ]; - locations."/_matrix/" = { - proxyPass = "http://127.0.0.1:6167"; - extraConfig = '' + user = "nginx"; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedTlsSettings = true; + recommendedProxySettings = false; + virtualHosts = { + "matrix.${config.monorepo.vars.orgHost}" = { + enableACME = config.monorepo.profiles.server.enable; + forceSSL = true; + listen = [ + { + addr = "0.0.0.0"; + port = 443; + ssl = true; + } + { + addr = "[::]"; + port = 443; + ssl = true; + } + { + addr = "0.0.0.0"; + port = 8448; + ssl = true; + } + { + addr = "[::]"; + port = 8448; + ssl = true; + } + ]; + locations."/_matrix/" = { + proxyPass = "http://127.0.0.1:6167"; + extraConfig = '' proxy_set_header Host $host; proxy_buffers 32 16k; proxy_read_timeout 5m; ''; - }; - locations."= /.well-known/matrix/server" = { - extraConfig = '' + }; + locations."= /.well-known/matrix/server" = { + extraConfig = '' default_type application/json; add_header Content-Type application/json; add_header Access-Control-Allow-Origin *; ''; - - return = ''200 '{"m.server": "matrix.${config.monorepo.vars.orgHost}:443"}' ''; - }; - locations."/.well-known/matrix/client" = { - extraConfig = '' + + return = ''200 '{"m.server": "matrix.${config.monorepo.vars.orgHost}:443"}' ''; + }; + locations."/.well-known/matrix/client" = { + extraConfig = '' default_type application/json; add_header Access-Control-Allow-Origin *; ''; - return = "200 '{\"m.homeserver\": {\"base_url\": \"https://matrix.${config.monorepo.vars.orgHost}\"}, \"org.matrix.msc4143.rtc_foci\": [{\"type\": \"livekit\", \"livekit_service_url\": \"https://matrix.${config.monorepo.vars.orgHost}:8443\"}]}'"; - }; + return = "200 '{\"m.homeserver\": {\"base_url\": \"https://matrix.${config.monorepo.vars.orgHost}\"}, \"org.matrix.msc4143.rtc_foci\": [{\"type\": \"livekit\", \"livekit_service_url\": \"https://matrix.${config.monorepo.vars.orgHost}:8443\"}]}'"; + }; - extraConfig = '' + extraConfig = '' merge_slashes off; ''; - }; + }; - "matrix.${config.monorepo.vars.orgHost}-livekit" = { - serverName = "matrix.${config.monorepo.vars.orgHost}"; - listen = [ - { - addr = "0.0.0.0"; - port = 8443; - ssl = true; - } - { - addr = "[::]"; - port = 8443; - ssl = true; - } - ]; - addSSL = true; - enableACME = false; - forceSSL = false; - useACMEHost = "matrix.${config.monorepo.vars.orgHost}"; - - locations."/" = { - proxyPass = "http://127.0.0.1:6495"; - proxyWebsockets = true; - extraConfig = '' + "matrix.${config.monorepo.vars.orgHost}-livekit" = { + serverName = "matrix.${config.monorepo.vars.orgHost}"; + listen = [ + { + addr = "0.0.0.0"; + port = 8443; + ssl = true; + } + { + addr = "[::]"; + port = 8443; + ssl = true; + } + ]; + addSSL = true; + enableACME = false; + forceSSL = false; + useACMEHost = "matrix.${config.monorepo.vars.orgHost}"; + + locations."/" = { + proxyPass = "http://127.0.0.1:6495"; + proxyWebsockets = true; + extraConfig = '' proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; ''; + }; }; - }; - "livekit.${config.monorepo.vars.orgHost}" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:7880"; - proxyWebsockets = true; - extraConfig = '' + "livekit.${config.monorepo.vars.orgHost}" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:7880"; + proxyWebsockets = true; + extraConfig = '' proxy_read_timeout 3600s; proxy_send_timeout 3600s; @@ -1395,53 +1430,62 @@ to the outside world under a domain. } # --- CORS CONFIGURATION END --- ''; + }; }; - }; - "ntfy.${config.monorepo.vars.remoteHost}" = { - serverName = "ntfy.${config.monorepo.vars.remoteHost}"; - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://localhost:2586"; - proxyWebsockets = true; + "ntfy.${config.monorepo.vars.remoteHost}" = { + serverName = "ntfy.${config.monorepo.vars.remoteHost}"; + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:2586"; + proxyWebsockets = true; + extraConfig = '' + proxy_buffering off; + proxy_request_buffering off + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + ''; + }; }; - }; - "${config.monorepo.vars.remoteHost}" = { - serverName = "${config.monorepo.vars.remoteHost}"; - serverAliases = [ "${config.monorepo.vars.internetName}.${config.monorepo.vars.orgHost}" ]; - root = "/var/www/${config.monorepo.vars.internetName}-website/"; - addSSL = true; - enableACME = true; - }; + "${config.monorepo.vars.remoteHost}" = { + serverName = "${config.monorepo.vars.remoteHost}"; + serverAliases = [ "${config.monorepo.vars.internetName}.${config.monorepo.vars.orgHost}" ]; + root = "/var/www/${config.monorepo.vars.internetName}-website/"; + addSSL = true; + enableACME = true; + }; - "git.${config.monorepo.vars.orgHost}" = { - forceSSL = true; - enableACME = true; - }; - "list.${config.monorepo.vars.orgHost}" = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://localhost:9090"; - extraConfig = '' + "git.${config.monorepo.vars.orgHost}" = { + forceSSL = true; + enableACME = true; + }; + "list.${config.monorepo.vars.orgHost}" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://localhost:9090"; + extraConfig = '' proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; ''; + }; }; - }; - # the port comes from ssh tunnelling - "music.${config.monorepo.vars.remoteHost}" = { - addSSL = true; - enableACME = true; - basicAuthFile = config.sops.secrets."mpd_password".path; - locations."/" = { - proxyPass = "http://localhost:8000"; - extraConfig = '' + # the port comes from ssh tunnelling + "music.${config.monorepo.vars.remoteHost}" = lib.mkIf config.monorepo.profiles.server.enable { + addSSL = true; + enableACME = true; + basicAuthFile = config.sops.secrets."mpd_password".path; + locations."/" = { + proxyPass = "http://localhost:8000"; + extraConfig = '' proxy_buffering off; proxy_http_version 1.1; proxy_set_header Connection ""; @@ -1450,50 +1494,35 @@ to the outside world under a domain. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_read_timeout 36000s; ''; + }; }; - }; - "${config.monorepo.vars.orgHost}" = { - serverName = "${config.monorepo.vars.orgHost}"; - root = "/var/www/nullring/"; - addSSL = true; - enableACME = true; - }; + "${config.monorepo.vars.orgHost}" = { + serverName = "${config.monorepo.vars.orgHost}"; + root = "/var/www/nullring/"; + addSSL = true; + enableACME = true; + }; - "mail.${config.monorepo.vars.orgHost}" = { - serverName = "mail.${config.monorepo.vars.orgHost}"; - root = "/var/www/dummy"; - addSSL = true; - enableACME = true; + "mail.${config.monorepo.vars.orgHost}" = { + serverName = "mail.${config.monorepo.vars.orgHost}"; + root = "/var/www/dummy"; + addSSL = true; + enableACME = true; + }; }; }; }; } #+end_src -** Git Web Interface -I enable the git web interface to show off my git repos to the -world. This was the easiest frontend to set up on NixOS. -#+begin_src nix :tangle ../nix/modules/gitweb.nix - { lib, config, ... }: - { - services.gitweb = { - gitwebTheme = lib.mkDefault config.monorepo.profiles.server.enable; - projectroot = "/srv/git/"; - extraConfig = '' - our $export_ok = "git-daemon-export-ok"; - our $site_name = "NullRing Git Server"; - our $site_header = "NullRing Projects"; - ''; - }; - } -#+end_src ** CGit Interface +I have this cgit interface in order to integrate with public-inbox. #+begin_src nix :tangle ../nix/modules/cgit.nix { lib, config, ... }: { services.cgit."my-projects" = { - enable = true; - scanPath = "/srv/git"; + enable = lib.mkDefault config.monorepo.profiles.server.enable; + scanPath = "${config.users.users.git.home}"; settings = { root-title = "Nullring Git Server"; root-desc = "Projects and cool things"; @@ -1584,25 +1613,16 @@ There is a non declarative part of setting dkims and spf. "imap tls://0.0.0.0:993 tcp://0.0.0.0:143" "submission tls://0.0.0.0:465 tcp://0.0.0.0:587" ] options.services.maddy.config.default; - ensureAccounts = [ + ensureAccounts = (builtins.map (x: "${x}@${config.monorepo.vars.orgHost}") config.monorepo.vars.projects) ++ [ "${config.monorepo.vars.internetName}@${config.monorepo.vars.orgHost}" - "monorepo@${config.monorepo.vars.orgHost}" - "nullerbot@${config.monorepo.vars.orgHost}" "discussion@${config.monorepo.vars.orgHost}" ]; - ensureCredentials = { + ensureCredentials = lib.genAttrs config.services.maddy.ensureAccounts (name: { + passwordFile = "/run/secrets/mail_monorepo_password"; + }) // { "${config.monorepo.vars.internetName}@${config.monorepo.vars.orgHost}" = { passwordFile = "/run/secrets/mail_password"; }; - "monorepo@${config.monorepo.vars.orgHost}" = { - passwordFile = "/run/secrets/mail_monorepo_password"; - }; - "nullerbot@${config.monorepo.vars.orgHost}" = { - passwordFile = "/run/secrets/mail_monorepo_password"; - }; - "discussion@${config.monorepo.vars.orgHost}" = { - passwordFile = "/run/secrets/mail_monorepo_password"; - }; }; }; } @@ -1627,7 +1647,7 @@ This is my mailing list software that I will use to develop software. # Allow the service to see the file it just created BindPaths = [ "/var/lib/public-inbox" - "/srv/git/" + "${config.users.users.git.home}" ]; ReadOnlyPaths = [ "/var/lib/public-inbox/style.css" ]; # Ensure it can actually write to the directory during preStart @@ -1667,10 +1687,10 @@ This is my mailing list software that I will use to develop software. services.public-inbox = { enable = lib.mkDefault config.monorepo.profiles.server.enable; settings = { - coderepo."nullerbot".dir = "/srv/git/nullerbot.git"; - coderepo."nullerbot".cgitUrl = "https://git.nullring.xyz/nullerbot.git"; - coderepo."monorepo".dir = "/srv/git/monorepo.git"; - coderepo."monorepo".cgitUrl = "https://git.nullring.xyz/monorepo.git"; + coderepo = lib.genAttrs config.monorepo.vars.projects (name: { + dir = "${config.users.users.git.home}/${name}.git"; + cgitUrl = "https://git.${config.monorepo.vars.orgHost}/${name}.git"; + }); publicinbox.css = ["/var/lib/public-inbox/style.css"]; publicinbox.wwwlisting = "all"; }; @@ -1678,18 +1698,14 @@ This is my mailing list software that I will use to develop software. enable = true; port = 9090; }; - inboxes = { - "monorepo" = { - description = "discussion of ret2pop's monorepo project and related work."; - address = [ "monorepo@${config.monorepo.vars.orgHost}" ]; - inboxdir = "/var/lib/public-inbox/monorepo"; - url = "https://list.${config.monorepo.vars.orgHost}/monorepo"; - watch = [ "imaps://monorepo%40${config.monorepo.vars.orgHost}@mail.${config.monorepo.vars.orgHost}/INBOX" ]; - coderepo = [ - "monorepo" - ]; - }; - + inboxes = lib.genAttrs config.monorepo.vars.projects (name: { + description = "discussion of the ${name} project."; + address = [ "${name}@${config.monorepo.vars.orgHost}" ]; + inboxdir = "/var/lib/public-inbox/${name}"; + url = "https://list.${config.monorepo.vars.orgHost}/${name}"; + watch = [ "imaps://${name}${config.monorepo.vars.orgHost}@mail.${config.monorepo.vars.orgHost}/INBOX" ]; + coderepo = [ "${name}" ]; + }) // { "discussion" = { description = "Main Nullring Discussion Mailing List"; address = [ "discussion@${config.monorepo.vars.orgHost}" ]; @@ -1697,17 +1713,6 @@ This is my mailing list software that I will use to develop software. url = "https://list.${config.monorepo.vars.orgHost}/discussion"; watch = [ "imaps://discussion%40${config.monorepo.vars.orgHost}@mail.${config.monorepo.vars.orgHost}/INBOX" ]; }; - - "nullerbot" = { - description = "Discussion of Nullerbot Matrix Bot"; - address = [ "nullerbot@${config.monorepo.vars.orgHost}" ]; - inboxdir = "/var/lib/public-inbox/nullerbot"; - url = "https://list.${config.monorepo.vars.orgHost}/nullerbot"; - watch = [ "imaps://nullerbot%40${config.monorepo.vars.orgHost}@mail.${config.monorepo.vars.orgHost}/INBOX" ]; - coderepo = [ - "nullerbot" - ]; - }; }; }; } @@ -1995,6 +2000,7 @@ because they enhance security. "maddy" "ntfy-sh" "public-inbox" + "plugdev" ]; in { @@ -2015,7 +2021,6 @@ because they enhance security. ./git-daemon.nix ./ollama.nix ./i2pd.nix - ./gitweb.nix ./conduit.nix ./bitcoin.nix ./murmur.nix @@ -2067,6 +2072,7 @@ because they enhance security. btrfs = true; ext4 = true; }; + extraModprobeConfig = '' options snd-usb-audio vid=0x1235 pid=0x8200 device_setup=1 options rtw88_core disable_lps_deep=y power_save=0 disable_aspm_l1ss=y @@ -2106,10 +2112,10 @@ because they enhance security. }; kernelModules = [ - "snd-seq" - "snd-rawmidi" - "xhci_hcd" - "kvm_intel" + "snd-seq" + "snd-rawmidi" + "xhci_hcd" + "kvm_intel" "af_packet" "ccm" "ctr" @@ -2184,29 +2190,28 @@ because they enhance security. ]; kernel.sysctl = { - "kernel.ftrace_enabled" = false; - "net.core.bpf_jit_enable" = false; - "kernel.kptr_restrict" = 2; + "kernel.ftrace_enabled" = false; + "net.core.bpf_jit_enable" = false; + "kernel.kptr_restrict" = 2; - # madaidan + # madaidan "kernel.smtcontrol" = "on"; - "vm.swappiness" = 1; - "vm.unprivileged_userfaultfd" = 0; - "dev.tty.ldisc_autoload" = 0; - "kernel.kexec_load_disabled" = 1; - "kernel.sysrq" = 4; - "kernel.perf_event_paranoid" = 3; + "vm.swappiness" = 1; + "vm.unprivileged_userfaultfd" = 0; + "dev.tty.ldisc_autoload" = 0; + "kernel.kexec_load_disabled" = 1; + "kernel.sysrq" = 4; + "kernel.perf_event_paranoid" = 3; - # net + # net "net.ipv4.ip_forward" = 1; - "net.ipv4.icmp_echo_ignore_broadcasts" = true; - - # "net.ipv4.conf.all.accept_redirects" = false; - # "net.ipv4.conf.all.secure_redirects" = false; - # "net.ipv4.conf.default.accept_redirects" = false; - # "net.ipv4.conf.default.secure_redirects" = false; - # "net.ipv6.conf.all.accept_redirects" = false; - # "net.ipv6.conf.default.accept_redirects" = false; + "net.ipv4.icmp_echo_ignore_broadcasts" = true; + # "net.ipv4.conf.all.accept_redirects" = false; + # "net.ipv4.conf.all.secure_redirects" = false; + # "net.ipv4.conf.default.accept_redirects" = false; + # "net.ipv4.conf.default.secure_redirects" = false; + # "net.ipv6.conf.all.accept_redirects" = false; + # "net.ipv6.conf.default.accept_redirects" = false; }; }; @@ -2266,17 +2271,17 @@ because they enhance security. graphics.enable = ! config.monorepo.profiles.ttyonly.enable; bluetooth = { - enable = lib.mkDefault (! config.monorepo.profiles.ttyonly.enable); - powerOnBoot = lib.mkDefault (! config.monorepo.profiles.ttyonly.enable); + enable = lib.mkDefault (! config.monorepo.profiles.ttyonly.enable); + powerOnBoot = lib.mkDefault (! config.monorepo.profiles.ttyonly.enable); }; }; services = { pulseaudio.enable = ! config.monorepo.profiles.pipewire.enable; chrony = { - enable = true; - enableNTS = true; - servers = [ "time.cloudflare.com" "ptbtime1.ptb.de" "ptbtime2.ptb.de" ]; + enable = true; + enableNTS = true; + servers = [ "time.cloudflare.com" "ptbtime1.ptb.de" "ptbtime2.ptb.de" ]; }; jitterentropy-rngd.enable = true; @@ -2285,16 +2290,14 @@ because they enhance security. usbguard.enable = false; dbus.apparmor = "enabled"; - kanata.enable = true; - # Misc. udev = { - extraRules = ''''; - packages = if config.monorepo.profiles.workstation.enable then with pkgs; [ - platformio-core - platformio-core.udev - openocd - ] else []; + extraRules = ''''; + packages = if config.monorepo.profiles.workstation.enable then with pkgs; [ + platformio-core + platformio-core.udev + openocd + ] else []; }; printing.enable = lib.mkDefault config.monorepo.profiles.workstation.enable; @@ -2311,8 +2314,8 @@ because they enhance security. nixpkgs = { hostPlatform = lib.mkDefault "x86_64-linux"; config = { - allowUnfree = true; - cudaSupport = lib.mkDefault config.monorepo.profiles.cuda.enable; + allowUnfree = true; + cudaSupport = lib.mkDefault config.monorepo.profiles.cuda.enable; }; }; @@ -2322,19 +2325,19 @@ because they enhance security. defaults.email = "ret2pop@gmail.com"; }; apparmor = { - enable = true; - killUnconfinedConfinables = true; + enable = true; + killUnconfinedConfinables = true; packages = with pkgs; [ apparmor-profiles ]; - policies = { - firefox.path = "${pkgs.apparmor-profiles}/share/apparmor/extra-profiles/firefox"; - }; + # policies = { + # firefox.path = "${pkgs.apparmor-profiles}/share/apparmor/extra-profiles/firefox"; + # }; }; pam.loginLimits = [ - { domain = "*"; item = "nofile"; type = "-"; value = "32768"; } - { domain = "*"; item = "memlock"; type = "-"; value = "32768"; } + { domain = "*"; item = "nofile"; type = "-"; value = "32768"; } + { domain = "*"; item = "memlock"; type = "-"; value = "32768"; } ]; rtkit.enable = true; @@ -2345,9 +2348,9 @@ because they enhance security. forcePageTableIsolation = true; tpm2 = { - enable = true; - pkcs11.enable = true; - tctiEnvironment.enable = true; + enable = true; + pkcs11.enable = true; + tctiEnvironment.enable = true; }; auditd.enable = true; @@ -2360,9 +2363,9 @@ because they enhance security. enable = (! config.monorepo.profiles.ttyonly.enable); wlr.enable = (! config.monorepo.profiles.ttyonly.enable); extraPortals = with pkgs; if (! config.monorepo.profiles.ttyonly.enable) then [ - xdg-desktop-portal-gtk - xdg-desktop-portal - xdg-desktop-portal-hyprland + xdg-desktop-portal-gtk + xdg-desktop-portal + xdg-desktop-portal-hyprland ] else []; config.common.default = "*"; }; @@ -2387,7 +2390,7 @@ because they enhance security. (writeShellScriptBin "new-repo" '' #!/bin/bash - cd /srv/git + cd ${config.users.users.git.home} git init --bare "$1" vim "$1/description" chown -R git:git "$1" @@ -2429,37 +2432,36 @@ because they enhance security. nginx = { group = "nginx"; isSystemUser = lib.mkDefault true; - extraGroups = [ - "acme" - ]; + extraGroups = [ "acme" ]; }; root.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICts6+MQiMwpA+DfFQxjIN214Jn0pCw/2BDvOzPhR/H2 preston@continuity-dell" + config.monorepo.vars.sshKey ]; git = { - isSystemUser = true; - home = "/srv/git"; - shell = "/bin/sh"; + isSystemUser = true; + home = "/srv/git"; + shell = "/bin/sh"; group = "git"; openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICts6+MQiMwpA+DfFQxjIN214Jn0pCw/2BDvOzPhR/H2 preston@continuity-dell" + config.monorepo.vars.sshKey + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIEF+mcL9nDkzVhCYyYWCIrP+b6oRiiaV509jywbD0Vq nix-on-droid@localhost" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCedJm0yYB0qLah/Y7PqLVgNh6qp+yujssGtuR05KbZLzSnsLUjUMObMyjFB9xTKrSGDqyoMkNe2l5VXMBJ9wBKLbzqMWbkakAWOj7EC/qZ6dFWA075mniwAuWKY/Q8QYohAJbbeU4j0ObWrltd4ar2Ac9vsVyftYF5efg8PEqVdOxzrBn5taY1zCCRjee5ISeRDIovnBbq7x86jsx5VnXTjMN9FZCI2qmz992Sg/PPXpXat+O1YQlG0eBHEny2Ug9gaAYnGOVr6kZKE4lrjz47nrXVXO6lJsNXmuzTVnEgo30DAA3dV4fws/M5ptM5Pgg2qe94HyHWhhmtXOekWmGtP3YxpVe3M/SPl31UL570ZDuuCcpJTsbe90ZyXC3CiSJkLKbmFkfOgZ6DI2LT8KSp09/2NCtZYriLN/nXObn6gQzByGMxVyKNx2hh8ENt9hzTCAk5lYDK3g3wS8eLCY3EH/caEqT9mLZEZeRHtAhtfozo1VJL7sSZ0Zm7wiIxHylwOshh1sYI1gb1MgMqNnrr1t8+8UK+Q0NERQW3yiphG36HXWy/DdCG0EF+N850KbgH1FFur+m+3hZCZCFVp3tGCcOC+bxWMBT3+9yC6LARi5cFjLQaWLsNO5xEs4vqX3+s3QjJ0pAYDkgtoeY2Fbh+imN+JasWn/cSy5p3UdE4ZQ== andrei@kiss" ]; }; "${config.monorepo.vars.userName}" = { openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICts6+MQiMwpA+DfFQxjIN214Jn0pCw/2BDvOzPhR/H2 preston@continuity-dell" + config.monorepo.vars.sshKey ]; linger = true; - initialPassword = "${config.monorepo.vars.userName}"; - isNormalUser = true; - description = config.monorepo.vars.fullName; - extraGroups = [ "networkmanager" "wheel" "video" "docker" "jackaudio" "tss" "dialout" "docker" ]; - shell = pkgs.zsh; - packages = []; + initialPassword = "${config.monorepo.vars.userName}"; + isNormalUser = true; + description = config.monorepo.vars.fullName; + extraGroups = [ "networkmanager" "wheel" "video" "docker" "jackaudio" "tss" "dialout" "docker" "plugdev" ]; + shell = pkgs.zsh; + packages = []; }; }; @@ -2582,7 +2584,7 @@ This configuration is used for simple partitioning schemes with EFI. spec = { disko.devices = { disk = { - my-disk = { + main = { device = config.monorepo.vars.device; type = "disk"; content = { @@ -2664,7 +2666,7 @@ For machines that use BIOS instead of EFI. As you can see, I have my installed home packages installed based on the profiles enabled. Also, I have many imports that we'll go through next. #+begin_src nix :tangle ../nix/modules/home/default.nix - { lib, config, pkgs, sops-nix, ... }: + { lib, config, pkgs, sops-nix, super, ... }: { imports = [ sops-nix.homeManagerModules.sops @@ -2708,35 +2710,13 @@ I have many imports that we'll go through next. lang-coq.enable = lib.mkEnableOption "Enables coq language support"; lang-lean.enable = lib.mkEnableOption "Enables lean language support"; lang-haskell.enable = lib.mkEnableOption "Enables haskell language support"; - crypto.enable = lib.mkEnableOption "Enables various cryptocurrency wallets"; art.enable = lib.mkEnableOption "Enables various art programs"; music.enable = lib.mkEnableOption "Enables mpd"; workstation.enable = lib.mkEnableOption "Enables workstation packages (music production and others)"; cuda.enable = lib.mkEnableOption "Enables CUDA user package builds"; hyprland.enable = lib.mkEnableOption "Enables hyprland"; - - email = { - email = lib.mkOption { - type = lib.types.str; - default = "ret2pop@nullring.xyz"; - example = "john@example.com"; - description = "Email address and imaps/smtps account"; - }; - imapsServer = lib.mkOption { - type = lib.types.str; - default = "mail.nullring.xyz"; - example = "imap.example.com"; - description = "imaps server address"; - }; - smtpsServer = lib.mkOption { - type = lib.types.str; - default = "mail.nullring.xyz"; - example = "smtp.example.com"; - description = "smtp server address"; - }; - enable = lib.mkEnableOption "Enables email"; - }; + email.enable = lib.mkEnableOption "Enables email"; }; }; @@ -2864,7 +2844,7 @@ I have many imports that we'll go through next. email.enable = lib.mkDefault config.monorepo.profiles.enable; # Programming - graphics.enable = lib.mkDefault config.monorepo.profiles.enable; + graphics.enable = lib.mkDefault (! super.monorepo.profiles.ttyonly.enable); lang-c.enable = lib.mkDefault config.monorepo.profiles.enable; lang-rust.enable = lib.mkDefault config.monorepo.profiles.enable; lang-python.enable = lib.mkDefault config.monorepo.profiles.enable; @@ -2887,8 +2867,9 @@ I have many imports that we'll go through next. } #+end_src *** Secrets +These are some secrets that I use regularly for my programs in home. #+begin_src nix :tangle ../nix/modules/home/secrets.nix - { config, ... }: + { config, super, ... }: { sops = { defaultSopsFile = if config.monorepo.profiles.graphics.enable @@ -2896,7 +2877,7 @@ I have many imports that we'll go through next. else ../../secrets/vps_secrets.yaml; age = { - keyFile = "/home/${config.monorepo.vars.userName}/.config/sops/age/keys.txt"; + keyFile = "/home/${super.monorepo.vars.userName}/.config/sops/age/keys.txt"; }; secrets = if config.monorepo.profiles.graphics.enable then { @@ -2929,13 +2910,9 @@ be straightforward. #+begin_src nix :tangle ../nix/modules/home/firefox.nix { lib, config, pkgs, ... }: { - programs.firefox = { + programs.librewolf = { enable = lib.mkDefault config.monorepo.profiles.graphics.enable; - package = pkgs.firefox; - policies = { - EnableTrackingProtection = true; - OfferToSaveLogins = false; - }; + package = pkgs.librewolf; profiles = { default = { id = 0; @@ -2947,249 +2924,9 @@ be straightforward. tree-style-tab firefox-color vimium - ] - ++ (lib.optional - config.monorepo.profiles.crypto.enable pkgs.nur.repos.rycee.firefox-addons.metamask); - - settings = { - media = { - memory_cache_max_size = 65536; - cache_readahead_limit = 7200; - cache_resume_threshold = 3600; - peerconnection.ice = { - proxy_only_if_behind_proxy = true; - default_address_only = true; - }; - }; - - gfx = { - content.skia-font-cache-size = 20; - canvas.accelerated = { - cache-items = 4096; - cache-size = 512; - }; - }; - - network = { - http = { - max-connections = 1800; - max-persistent-connections-per-server = 10; - max-urgent-start-excessive-connections-per-host = 5; - referer.XOriginTrimmingPolicy = 2; - }; - - buffer.cache = { - size = 262144; - count = 128; - }; - - dns = { - max_high_priority_threads = 8; - disablePrefetch = true; - }; - - pacing.requests.enabled = false; - dnsCacheExpiration = 3600; - ssl_tokens_cache_capacity = 10240; - prefetch-next = false; - predictor.enabled = false; - cookie.sameSite.noneRequiresSecure = true; - IDN_show_punycode = true; - auth.subresource-http-auth-allow = 1; - captive-portal-service.enabled = false; - connectivity-service.enabled = false; - }; - - browser = { - download = { - always_ask_before_handling_new_types = true; - manager.addToRecentDocs = false; - open_pdf_attachments_inline = true; - start_downloads_in_tmp_dir = true; - }; - - urlbar = { - suggest.quicksuggest.sponsored = false; - suggest.quicksuggest.nonsponsored = false; - suggest.calculator = true; - update2.engineAliasRefresh = true; - unitConversion.enabled = true; - trending.featureGate = false; - }; - - search = { - separatePrivateDefault.ui.enabled = true; - suggest.enabled = false; - }; - - newtabpage.activity-stream = { - feeds = { - topsites = false; - section.topstories = false; - telemetry = false; - }; - asrouter.userprefs.cfr = { - addons = false; - features = false; - }; - telemetry = false; - }; - - privatebrowsing = { - vpnpromourl = ""; - forceMediaMemoryCache = true; - }; - - display = { - focus_ring_on_anything = true; - focus_ring_style = 0; - focus_ring_width = 0; - }; - - cache.jsbc_compression_level = 3; - helperApps.deleteTempFileOnExit = true; - uitour.enabled = false; - sessionstore.interval = 60000; - formfill.enable = false; - xul.error_pages.expert_bad_cert = true; - contentblocking.category = "strict"; - ping-centre.telemetry = false; - discovery.enabled = false; - shell.checkDefaultBrowser = false; - preferences.moreFromMozilla = false; - tabs.tabmanager.enabled = false; - aboutConfig.showWarning = false; - aboutwelcome.enabled = false; - bookmarks.openInTabClosesMenu = false; - menu.showViewImageInfo = true; - compactmode.show = true; - safebrowsing.downloads.remote.enabled = false; - tabs.crashReporting.sendReport = false; - crashReports.unsubmittedCheck.autoSubmit2 = false; - privateWindowSeparation.enabled = false; - }; - - security = { - mixed_content = { - block_display_content = true; - upgrade_display_content = true; - }; - insecure_connection_text = { - enabled = true; - pbmode.enabled = true; - }; - OCSP.enabled = 0; - remote_settings.crlite_filters.enabled = true; - pki.crlite_mode = 2; - ssl.treat_unsafe_negotiation_as_broken = true; - tls.enable_0rtt_data = false; - }; - - toolkit = { - telemetry = { - unified = false; - enabled = false; - server = "data:,"; - archive.enabled = false; - newProfilePing.enabled = false; - shutdownPingSender.enabled = false; - updatePing.enabled = false; - bhrPing.enabled = false; - firstShutdownPing.enabled = false; - coverage.opt-out = true; - }; - coverage = { - opt-out = true; - endpoint.base = ""; - }; - legacyUserProfileCustomizations.stylesheets = true; - }; - - dom = { - security = { - https_first = true; - https_first_schemeless = true; - sanitizer.enabled = true; - }; - enable_web_task_scheduling = true; - }; - - layout = { - css = { - grid-template-masonry-value.enabled = true; - has-selector.enabled = true; - prefers-color-scheme.content-override = 2; - }; - word_select.eat_space_to_next_word = false; - }; - - urlclassifier = { - trackingSkipURLs = "*.reddit.com, *.twitter.com, *.twimg.com, *.tiktok.com"; - features.socialtracking.skipURLs = "*.instagram.com, *.twitter.com, *.twimg.com"; - }; + privacy-redirect + ] ++ (lib.optional config.monorepo.profiles.crypto.enable pkgs.nur.repos.rycee.firefox-addons.metamask); - privacy = { - globalprivacycontrol.enabled = true; - history.custom = true; - userContext.ui.enabled = true; - trackingprotection = { - enabled = true; - pbmode.enabled = true; - socialtracking.enabled = true; - }; - }; - - full-screen-api = { - transition-duration = { - enter = "0 0"; - leave = "0 0"; - }; - warning = { - delay = -1; - timeout = 0; - }; - }; - - permissions.default = { - desktop-notification = 2; - geo = 2; - }; - - signon = { - formlessCapture.enabled = false; - privateBrowsingCapture.enabled = false; - }; - - datareporting = { - policy.dataSubmissionEnabled = false; - healthreport.uploadEnabled = false; - }; - - extensions = { - pocket.enabled = false; - getAddons.showPane = false; - htmlaboutaddons.recommendations.enabled = false; - postDownloadThirdPartyPrompt = false; - }; - - app = { - shield.optoutstudies.enabled = false; - normandy.enabled = false; - normandy.api_url = ""; - }; - - image.mem.decode_bytes_at_a_time = 32768; - editor.truncate_user_pastes = false; - pdfjs.enableScripting = false; - geo.provider.network.url = "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%"; - permissions.manager.defaultsUrl = ""; - webchannel.allowObject.urlWhitelist = ""; - breakpad.reportURL = ""; - captivedetect.canonicalURL = ""; - cookiebanners.service.mode = 1; - findbar.highlightAll = true; - content.notify.interval = 100000; - }; }; }; }; @@ -3220,7 +2957,7 @@ compilation, and because I can fetch their exact versions. Note that I have a st configuration here that tells emacs to load my real configuration at ~~/monorepo/config/emacs.org~ as an org file which gets automatically tangled to an emacs-lisp file. #+begin_src nix :tangle ../nix/modules/home/emacs.nix - { lib, config, pkgs, ... }: + { lib, config, pkgs, super, ... }: { programs.emacs = { @@ -3228,10 +2965,10 @@ as an org file which gets automatically tangled to an emacs-lisp file. package = pkgs.emacs-pgtk; extraConfig = '' (setq debug-on-error t) - (setq system-email "${config.monorepo.profiles.email.email}") - (setq system-username "${config.monorepo.vars.internetName}") - (setq system-fullname "${config.monorepo.vars.fullName}") - (setq system-gpgkey "${config.monorepo.vars.gpgKey}") + (setq system-email "${super.monorepo.vars.email}") + (setq system-username "${super.monorepo.vars.internetName}") + (setq system-fullname "${super.monorepo.vars.fullName}") + (setq system-gpgkey "${super.monorepo.vars.gpgKey}") (load "${pkgs.writeText "init.el" (builtins.readFile ../../init.el)}") ''; @@ -3353,28 +3090,29 @@ the timezone. My git configuration uses information set in the ~vars.nix~ in order to set configuration options. Make sure those are set correctly. I've set it to sign by default. #+begin_src nix :tangle ../nix/modules/home/git.nix - { pkgs, lib, config, ... }: + { pkgs, lib, config, super, ... }: { programs.git = { enable = lib.mkDefault config.monorepo.profiles.graphics.enable; package = pkgs.gitFull; lfs.enable = lib.mkDefault config.monorepo.profiles.graphics.enable; - userName = config.monorepo.vars.fullName; - userEmail = config.monorepo.profiles.email.email; + userName = super.monorepo.vars.fullName; + userEmail = "${super.monorepo.vars.email}"; signing = { - key = config.monorepo.vars.gpgKey; + key = super.monorepo.vars.gpgKey; signByDefault = true; }; extraConfig = { init.defaultBranch = "main"; - credential."${config.monorepo.profiles.email.smtpsServer}" = { - username = "${config.monorepo.profiles.email.email}"; + credential."mail.${super.monorepo.vars.orgHost}" = { + username = "${super.monorepo.vars.email}"; helper = "!f() { test \"$1\" = get && echo \"password=$(cat /run/user/1000/secrets/mail)\"; }; f"; }; + sendemail = { - smtpserver = "${config.monorepo.profiles.email.smtpsServer}"; - smtpuser = "${config.monorepo.profiles.email.email}"; + smtpserver = "mail.${super.monorepo.vars.orgHost}"; + smtpuser = "${super.monorepo.vars.email}"; smtpserverport = 465; smtpencryption = "ssl"; }; @@ -3422,7 +3160,7 @@ to use this component will come soon. "fcitx5 -d --replace" "fcitx5-remote -r" "emacs" - "firefox" + "librewolf" ]; env = [ "LIBVA_DRIVER_NAME,nvidia" @@ -3452,11 +3190,16 @@ to use this component will come soon. workspace = 1; } { - name = "firefox"; - "match:class" = "firefox"; + name = "librewolf"; + "match:class" = "librewolf"; workspace = 2; } { + name = "element-desktop"; + "match:class" = "element-desktop"; + workspace = 3; + } + { name = "vesktop"; "match:class" = "vesktop"; workspace = 3; @@ -3479,13 +3222,13 @@ to use this component will come soon. ]; bind = [ - "$mod, F, exec, firefox" + "$mod, F, exec, librewolf" "$mod, Return, exec, kitty" "$mod, E, exec, emacs" "$mod, B, exec, bitcoin-qt" "$mod, S, exec, pavucontrol" "$mod, M, exec, monero-wallet-gui" - "$mod, V, exec, vesktop" + "$mod, V, exec, element-desktop" "$mod, C, exec, fluffychat" "$mod, D, exec, wofi --show run" "$mod, P, exec, bash ${scripts}/powermenu.sh" @@ -3661,71 +3404,71 @@ are all set from the get-go! Note that in order to use my email configuration, your imaps and smtps servers must be encrypted. This module uses the ~vars.nix~ as well as the home ~default.nix~ options. #+begin_src nix :tangle ../nix/modules/home/mbsync.nix -{ lib, config, ... }: -{ - programs.mbsync = { - enable = lib.mkDefault config.monorepo.profiles.email.enable; - extraConfig = '' - IMAPAccount ${config.monorepo.vars.internetName} - Host ${config.monorepo.profiles.email.imapsServer} - User ${config.monorepo.profiles.email.email} - PassCmd "cat ${config.sops.secrets.mail.path}" - Port 993 - TLSType IMAPS - AuthMechs * - CertificateFile /etc/ssl/certs/ca-certificates.crt + { lib, config, super, ... }: + { + programs.mbsync = { + enable = lib.mkDefault config.monorepo.profiles.email.enable; + extraConfig = '' + IMAPAccount ${super.monorepo.vars.internetName} + Host mail.${super.monorepo.vars.orgHost} + User ${super.monorepo.vars.email} + PassCmd "cat ${config.sops.secrets.mail.path}" + Port 993 + TLSType IMAPS + AuthMechs * + CertificateFile /etc/ssl/certs/ca-certificates.crt - IMAPStore ${config.monorepo.vars.internetName}-remote - Account ${config.monorepo.vars.internetName} + IMAPStore ${super.monorepo.vars.internetName}-remote + Account ${super.monorepo.vars.internetName} - MaildirStore ${config.monorepo.vars.internetName}-local - Path ~/email/${config.monorepo.vars.internetName}/ - Inbox ~/email/${config.monorepo.vars.internetName}/INBOX - SubFolders Verbatim + MaildirStore ${super.monorepo.vars.internetName}-local + Path ~/email/${super.monorepo.vars.internetName}/ + Inbox ~/email/${super.monorepo.vars.internetName}/INBOX + SubFolders Verbatim - Channel ${config.monorepo.vars.internetName} - Far :${config.monorepo.vars.internetName}-remote: - Near :${config.monorepo.vars.internetName}-local: - Patterns * - Create Near - Sync All - Expunge None - SyncState * - ''; - }; -} + Channel ${super.monorepo.vars.internetName} + Far :${super.monorepo.vars.internetName}-remote: + Near :${super.monorepo.vars.internetName}-local: + Patterns * + Create Near + Sync All + Expunge None + SyncState * + ''; + }; + } #+end_src *** MSMTP This is the program I use to send email from emacs. It is really the same thing as above, just set the options to the ones you want in your system ~default.nix~. #+begin_src nix :tangle ../nix/modules/home/msmtp.nix -{ lib, config, ... }: -{ - programs.msmtp = { - enable = lib.mkDefault config.monorepo.profiles.email.enable; - extraConfig = '' - # Set default values for all following accounts. - defaults - auth on - tls on - tls_trust_file /etc/ssl/certs/ca-certificates.crt - tls_certcheck off - logfile ~/.msmtp.log + { lib, config, super, ... }: + { + programs.msmtp = { + enable = lib.mkDefault config.monorepo.profiles.email.enable; + extraConfig = '' + # Set default values for all following accounts. + defaults + auth on + tls on + tls_trust_file /etc/ssl/certs/ca-certificates.crt + tls_certcheck off + logfile ~/.msmtp.log - # Gmail - account ${config.monorepo.vars.userName} - host ${config.monorepo.profiles.email.smtpsServer} - port 587 - from ${config.monorepo.profiles.email.email} - user ${config.monorepo.profiles.email.email} - passwordeval "cat ${config.sops.secrets.mail.path}" + # Gmail + account ${super.monorepo.vars.internetName} + host mail.${super.monorepo.vars.orgHost} + port 587 + from ${super.monorepo.vars.email} + user ${super.monorepo.vars.email} + passwordeval "cat ${config.sops.secrets.mail.path}" - # Set a default account - account default : ${config.monorepo.vars.userName} - ''; - }; -} + # Set a default account + account default : ${super.monorepo.vars.internetName} + ''; + }; + } #+end_src *** Mpd This mpd configuration uses pipewire by default, and it should just work if you place music @@ -3743,14 +3486,14 @@ in the ~~/music~ directory and then run ~mpc add /~ afterwards. network.listenAddress = "0.0.0.0"; extraConfig = '' audio_output { - type "pipewire" - name "pipewire output" + type "pipewire" + name "pipewire output" } audio_output { type "httpd" name "Ret2pop's Music Stream" - encoder "opus" # optional + encoder "opus" port "8000" bitrate "128000" format "48000:16:1" @@ -3758,20 +3501,20 @@ in the ~~/music~ directory and then run ~mpc add /~ afterwards. tags "yes" } - audio_output { - type "shout" - name "My VPS Stream" - host "127.0.0.1" - port "8888" # This must match your SSH tunnel local port - mount "/stream" # The URL path (e.g. http://vps:8000/stream) - password "SuperSecretSourcePass" - bitrate "128" - format "44100:16:2" - protocol "icecast2" # Essential for modern Icecast - user "source" # Default icecast source user - description "My MPD Stream" - genre "Mixed" - } + audio_output { + type "shout" + name "My VPS Stream" + host "127.0.0.1" + port "8888" + mount "/stream" + password "SuperSecretSourcePass" + bitrate "128" + format "44100:16:2" + protocol "icecast2" + user "source" + description "My MPD Stream" + genre "Mixed" + } ''; }; } @@ -4295,19 +4038,19 @@ This is a run launcher for wayland. I also use it for my powermenu. *** yt-dlp A classic program that allows you to download from youtube. Also has integrations with mpv. #+begin_src nix :tangle ../nix/modules/home/yt-dlp.nix -{ lib, config, ... }: -{ - programs.yt-dlp = { - enable = lib.mkDefault config.monorepo.profiles.graphics.enable; - settings = { - embed-thumbnail = true; - embed-subs = true; - sub-langs = "all"; - downloader = "aria2c"; - downloader-args = "aria2c:'-c -x8 -s8 -k1M'"; + { lib, config, ... }: + { + programs.yt-dlp = { + enable = lib.mkDefault config.monorepo.profiles.graphics.enable; + settings = { + embed-thumbnail = true; + embed-subs = true; + sub-langs = "all"; + downloader = "aria2c"; + downloader-args = "aria2c:'-c -x8 -s8 -k1M'"; + }; }; - }; -} + } #+end_src *** Zsh My zsh config has some useful aliases that one should read through. Otherwise it is pretty @@ -4366,7 +4109,7 @@ This configuration is the backbone configuration for the default user. It specif generally useful packages and something every home should have, as well as some dependencies for these configurations. #+begin_src nix :tangle ../nix/modules/home/user.nix - { lib, config, pkgs, ... }: + { lib, config, super, pkgs, ... }: { home = { activation.startup-files = lib.hm.dag.entryAfter [ "installPackages" ] '' @@ -4415,7 +4158,7 @@ for these configurations. # Apps # octaveFull - vesktop grim swww vim kotatogram-desktop tg qwen-code element-desktop thunderbird jami + grim swww vim kotatogram-desktop tg qwen-code element-desktop signal-desktop thunderbird jami # Sound/media pavucontrol alsa-utils imagemagick ffmpeg helvum @@ -4427,7 +4170,7 @@ for these configurations. torsocks tor-browser # For transfering secrets onto new system - magic-wormhole stow + stow # fonts nerd-fonts.iosevka noto-fonts noto-fonts-cjk-sans noto-fonts-color-emoji fira-code font-awesome_6 victor-mono @@ -4501,7 +4244,6 @@ for these configurations. '') ] else [ pfetch - # net curl torsocks @@ -4523,6 +4265,13 @@ for these configurations. enable = true; defaultApplications = { "x-scheme-handler/mailto" = "emacsclient-mail.desktop"; + "text/html" = "librewolf.desktop"; + "text/xml" = "librewolf.desktop"; + "application/xhtml+xml" = "librewolf.desktop"; + "x-scheme-handler/http" = "librewolf.desktop"; + "x-scheme-handler/https" = "librewolf.desktop"; + "x-scheme-handler/about" = "librewolf.desktop"; + "x-scheme-handler/unknown" = "librewolf.desktop"; }; }; @@ -4542,6 +4291,9 @@ the path. sharedModules = [ sops-nix.homeManagerModules.sops ]; + extraSpecialArgs = { + super = config; + }; useGlobalPkgs = true; useUserPackages = true; users."${config.monorepo.vars.userName}" = (import (./. + "/${config.networking.hostName}/home.nix")); @@ -4777,7 +4529,7 @@ some DNS records to match what you have on your system after deployment. "default._domainkey.${config.monorepo.vars.orgHost}" = { txt = { - data = "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsC9GpfjvQlldPrHAC7Yt+ZF0aduUIVV4j2+KUkF0j6NsrpOgvU6COWKQSod/B/qyPBLWf+w5P5YiJ9XnOgw6Db/I9C67eusEHnV/cbvokXLQjSBvXee1OEdrT9i+6iUgDeGWP4CrD1DcwvXzAcCI9exy3yALHVlbkyYvi0KAYofs8dVQ3JCwSCMlol71lA6ULJ2zbCIWeSOv9/C6QZ5HOIeeoFLesX6O/YvF4FYxWbSHy244TXYuczQKuayjKgD6e8gIT5WJRQj8IAWOQ2podWw6hSuB3Ig+ekoOfnl5ivJGOMbAzFTj8FtbS4ncyidLU1kIOeuLfiILeDDLlIeYTwIDAQAB"; + data = "v=DKIM1; k=rsa; p=${config.monorepo.vars.dkimKey}"; }; }; |