summaryrefslogtreecommitdiff
path: root/config/nix.org
diff options
context:
space:
mode:
Diffstat (limited to 'config/nix.org')
-rw-r--r--config/nix.org1066
1 files changed, 409 insertions, 657 deletions
diff --git a/config/nix.org b/config/nix.org
index 48e334f..171726f 100644
--- a/config/nix.org
+++ b/config/nix.org
@@ -90,6 +90,11 @@ and now for the main flake:
url = "github:nixpak/nixpak";
inputs.nixpkgs.follows = "nixpkgs";
};
+
+ git-hooks = {
+ url = "github:cachix/git-hooks.nix";
+ inputs.nixpkgs.follows = "nixpkgs";
+ };
};
outputs = {
@@ -143,7 +148,9 @@ and now for the main flake:
nixos-dns.nixosModules.dns
{
nixpkgs.overlays = [ nur.overlays.default ];
- home-manager.extraSpecialArgs = attrs // { systemHostName = "${hostname}"; };
+ home-manager.extraSpecialArgs = attrs // {
+ systemHostName = "${hostname}";
+ };
networking.hostName = "${hostname}";
}
(./. + "/systems/${hostname}/default.nix")
@@ -320,6 +327,20 @@ largely self-documenting.
description = "Internet name to be used for internet usernames";
};
+ sshKey = lib.mkOption {
+ type = lib.types.str;
+ default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICts6+MQiMwpA+DfFQxjIN214Jn0pCw/2BDvOzPhR/H2 preston@continuity-dell";
+ example = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICts6+MQiMwpA+DfFQxjIN214Jn0pCw/2BDvOzPhR/H2 preston@continuity-dell";
+ description = "Admin public key for managing multiple configurations";
+ };
+
+ dkimKey = lib.mkOption {
+ type = lib.types.str;
+ default = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsC9GpfjvQlldPrHAC7Yt+ZF0aduUIVV4j2+KUkF0j6NsrpOgvU6COWKQSod/B/qyPBLWf+w5P5YiJ9XnOgw6Db/I9C67eusEHnV/cbvokXLQjSBvXee1OEdrT9i+6iUgDeGWP4CrD1DcwvXzAcCI9exy3yALHVlbkyYvi0KAYofs8dVQ3JCwSCMlol71lA6ULJ2zbCIWeSOv9/C6QZ5HOIeeoFLesX6O/YvF4FYxWbSHy244TXYuczQKuayjKgD6e8gIT5WJRQj8IAWOQ2podWw6hSuB3Ig+ekoOfnl5ivJGOMbAzFTj8FtbS4ncyidLU1kIOeuLfiILeDDLlIeYTwIDAQAB";
+ example = "string_after_p=";
+ description = "dkim key to put in host record for email";
+ };
+
repoName = lib.mkOption {
type = lib.types.str;
default = "monorepo";
@@ -327,6 +348,20 @@ largely self-documenting.
description = "Name of this repository";
};
+ projects = lib.mkOption {
+ type = lib.types.listOf lib.types.str;
+ default = [
+ "monorepo"
+ "nullerbot"
+ ];
+ example = [
+ "project1"
+ "project2"
+ "project3"
+ ];
+ description = "Names of repos that will have mailing lists";
+ };
+
fileSystem = lib.mkOption {
type = lib.types.str;
default = "ext4";
@@ -339,13 +374,6 @@ largely self-documenting.
description = "retains a copy of the disko spec for reflection";
};
- userName = lib.mkOption {
- type = lib.types.str;
- default = "preston";
- example = "myUser";
- description = "system username";
- };
-
fullName = lib.mkOption {
type = lib.types.str;
default = "Preston Pan";
@@ -353,6 +381,13 @@ largely self-documenting.
description = "Full Name";
};
+ userName = lib.mkOption {
+ type = lib.types.str;
+ default = "preston";
+ example = "myUser";
+ description = "system username";
+ };
+
gpgKey = lib.mkOption {
type = lib.types.str;
default = "AEC273BF75B6F54D81343A1AC1FE6CED393AE6C1";
@@ -371,7 +406,14 @@ largely self-documenting.
type = lib.types.str;
default = "${vars.orgHost}";
example = "orgname.org";
- description = "Domain name of your organization";
+ description = "Domain name of your organization, points to same VPS as remoteHost";
+ };
+
+ email = lib.mkOption {
+ type = lib.types.str;
+ default = "${vars.internetName}@${vars.orgHost}";
+ example = "example@example.org";
+ description = "Admin email address";
};
timeZone = lib.mkOption {
@@ -475,11 +517,8 @@ the yaml file specified. Yes, this is safe to include in the repo.
owner = "public-inbox";
group = "public-inbox";
mode = "0400";
- content = ''
- machine mail.${config.monorepo.vars.orgHost} login monorepo@${config.monorepo.vars.orgHost} password ${config.sops.placeholder."mail_monorepo_password_pi"}
- machine mail.${config.monorepo.vars.orgHost} login discussion@${config.monorepo.vars.orgHost} password ${config.sops.placeholder."mail_monorepo_password_pi"}
- machine mail.${config.monorepo.vars.orgHost} login nullerbot@${config.monorepo.vars.orgHost} password ${config.sops.placeholder."mail_monorepo_password_pi"}
- '';
+ content = (builtins.concatStringsSep "\n" (builtins.map (x: "machine mail.${config.monorepo.vars.orgHost} login ${x}@${config.monorepo.vars.orgHost} password ${config.sops.placeholder."mail_monorepo_password_pi"}") config.monorepo.vars.projects)) + ''
+ machine mail.${config.monorepo.vars.orgHost} login discussion@${config.monorepo.vars.orgHost} password ${config.sops.placeholder."mail_monorepo_password_pi"}'';
};
"matterbridge" = {
owner = "matterbridge";
@@ -888,7 +927,7 @@ for users:
modules = [ "simple_away" ];
};
"nullring" = {
- server = "nullring.xyz";
+ server = "${config.monorepo.vars.orgHost}";
port = 6697;
useSSL = true;
modules = [ "simple_away" "log" ];
@@ -1192,11 +1231,12 @@ I run my own git server in order to have a mirror in case github goes down.
services.gitDaemon = {
enable = lib.mkDefault config.monorepo.profiles.server.enable;
exportAll = true;
- basePath = "/srv/git";
+ basePath = "${config.users.users.git.home}";
};
}
#+end_src
** Ntfy
+I want to have notifications on my phone, and run my own server to do this.
#+begin_src nix :tangle ../nix/modules/ntfy-sh.nix
{ pkgs, lib, config, ... }:
{
@@ -1254,114 +1294,109 @@ to the outside world under a domain.
#+begin_src nix :tangle ../nix/modules/nginx.nix
{ config, lib, ... }:
{
- services.nginx = {
- enable = lib.mkDefault config.monorepo.profiles.server.enable;
- user = "nginx";
- recommendedGzipSettings = true;
- recommendedOptimisation = true;
- recommendedTlsSettings = true;
- recommendedProxySettings = false;
-
- gitweb = {
+ config = lib.mkIf config.monorepo.profiles.server.enable {
+ services.nginx = {
enable = true;
- virtualHost = "${config.monorepo.vars.orgHost}";
- };
-
- virtualHosts = {
- "matrix.${config.monorepo.vars.orgHost}" = {
- enableACME = true;
- forceSSL = true;
- listen = [
- {
- addr = "0.0.0.0";
- port = 443;
- ssl = true;
- }
- {
- addr = "[::]";
- port = 443;
- ssl = true;
- }
- {
- addr = "0.0.0.0";
- port = 8448;
- ssl = true;
- }
- {
- addr = "[::]";
- port = 8448;
- ssl = true;
- }
- ];
- locations."/_matrix/" = {
- proxyPass = "http://127.0.0.1:6167";
- extraConfig = ''
+ user = "nginx";
+ recommendedGzipSettings = true;
+ recommendedOptimisation = true;
+ recommendedTlsSettings = true;
+ recommendedProxySettings = false;
+ virtualHosts = {
+ "matrix.${config.monorepo.vars.orgHost}" = {
+ enableACME = config.monorepo.profiles.server.enable;
+ forceSSL = true;
+ listen = [
+ {
+ addr = "0.0.0.0";
+ port = 443;
+ ssl = true;
+ }
+ {
+ addr = "[::]";
+ port = 443;
+ ssl = true;
+ }
+ {
+ addr = "0.0.0.0";
+ port = 8448;
+ ssl = true;
+ }
+ {
+ addr = "[::]";
+ port = 8448;
+ ssl = true;
+ }
+ ];
+ locations."/_matrix/" = {
+ proxyPass = "http://127.0.0.1:6167";
+ extraConfig = ''
proxy_set_header Host $host;
proxy_buffers 32 16k;
proxy_read_timeout 5m;
'';
- };
- locations."= /.well-known/matrix/server" = {
- extraConfig = ''
+ };
+ locations."= /.well-known/matrix/server" = {
+ extraConfig = ''
default_type application/json;
add_header Content-Type application/json;
add_header Access-Control-Allow-Origin *;
'';
-
- return = ''200 '{"m.server": "matrix.${config.monorepo.vars.orgHost}:443"}' '';
- };
- locations."/.well-known/matrix/client" = {
- extraConfig = ''
+
+ return = ''200 '{"m.server": "matrix.${config.monorepo.vars.orgHost}:443"}' '';
+ };
+ locations."/.well-known/matrix/client" = {
+ extraConfig = ''
default_type application/json;
add_header Access-Control-Allow-Origin *;
'';
- return = "200 '{\"m.homeserver\": {\"base_url\": \"https://matrix.${config.monorepo.vars.orgHost}\"}, \"org.matrix.msc4143.rtc_foci\": [{\"type\": \"livekit\", \"livekit_service_url\": \"https://matrix.${config.monorepo.vars.orgHost}:8443\"}]}'";
- };
+ return = "200 '{\"m.homeserver\": {\"base_url\": \"https://matrix.${config.monorepo.vars.orgHost}\"}, \"org.matrix.msc4143.rtc_foci\": [{\"type\": \"livekit\", \"livekit_service_url\": \"https://matrix.${config.monorepo.vars.orgHost}:8443\"}]}'";
+ };
- extraConfig = ''
+ extraConfig = ''
merge_slashes off;
'';
- };
+ };
- "matrix.${config.monorepo.vars.orgHost}-livekit" = {
- serverName = "matrix.${config.monorepo.vars.orgHost}";
- listen = [
- {
- addr = "0.0.0.0";
- port = 8443;
- ssl = true;
- }
- {
- addr = "[::]";
- port = 8443;
- ssl = true;
- }
- ];
- addSSL = true;
- enableACME = false;
- forceSSL = false;
- useACMEHost = "matrix.${config.monorepo.vars.orgHost}";
-
- locations."/" = {
- proxyPass = "http://127.0.0.1:6495";
- proxyWebsockets = true;
- extraConfig = ''
+ "matrix.${config.monorepo.vars.orgHost}-livekit" = {
+ serverName = "matrix.${config.monorepo.vars.orgHost}";
+ listen = [
+ {
+ addr = "0.0.0.0";
+ port = 8443;
+ ssl = true;
+ }
+ {
+ addr = "[::]";
+ port = 8443;
+ ssl = true;
+ }
+ ];
+ addSSL = true;
+ enableACME = false;
+ forceSSL = false;
+ useACMEHost = "matrix.${config.monorepo.vars.orgHost}";
+
+ locations."/" = {
+ proxyPass = "http://127.0.0.1:6495";
+ proxyWebsockets = true;
+ extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
'';
+ };
};
- };
- "livekit.${config.monorepo.vars.orgHost}" = {
- enableACME = true;
- forceSSL = true;
- locations."/" = {
- proxyPass = "http://127.0.0.1:7880";
- proxyWebsockets = true;
- extraConfig = ''
+ "livekit.${config.monorepo.vars.orgHost}" = {
+ enableACME = true;
+ forceSSL = true;
+ locations."/" = {
+ proxyPass = "http://127.0.0.1:7880";
+ proxyWebsockets = true;
+ extraConfig = ''
proxy_read_timeout 3600s;
proxy_send_timeout 3600s;
@@ -1395,53 +1430,62 @@ to the outside world under a domain.
}
# --- CORS CONFIGURATION END ---
'';
+ };
};
- };
- "ntfy.${config.monorepo.vars.remoteHost}" = {
- serverName = "ntfy.${config.monorepo.vars.remoteHost}";
- enableACME = true;
- forceSSL = true;
- locations."/" = {
- proxyPass = "http://localhost:2586";
- proxyWebsockets = true;
+ "ntfy.${config.monorepo.vars.remoteHost}" = {
+ serverName = "ntfy.${config.monorepo.vars.remoteHost}";
+ enableACME = true;
+ forceSSL = true;
+ locations."/" = {
+ proxyPass = "http://127.0.0.1:2586";
+ proxyWebsockets = true;
+ extraConfig = ''
+ proxy_buffering off;
+ proxy_request_buffering off
+
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ '';
+ };
};
- };
- "${config.monorepo.vars.remoteHost}" = {
- serverName = "${config.monorepo.vars.remoteHost}";
- serverAliases = [ "${config.monorepo.vars.internetName}.${config.monorepo.vars.orgHost}" ];
- root = "/var/www/${config.monorepo.vars.internetName}-website/";
- addSSL = true;
- enableACME = true;
- };
+ "${config.monorepo.vars.remoteHost}" = {
+ serverName = "${config.monorepo.vars.remoteHost}";
+ serverAliases = [ "${config.monorepo.vars.internetName}.${config.monorepo.vars.orgHost}" ];
+ root = "/var/www/${config.monorepo.vars.internetName}-website/";
+ addSSL = true;
+ enableACME = true;
+ };
- "git.${config.monorepo.vars.orgHost}" = {
- forceSSL = true;
- enableACME = true;
- };
- "list.${config.monorepo.vars.orgHost}" = {
- forceSSL = true;
- enableACME = true;
- locations."/" = {
- proxyPass = "http://localhost:9090";
- extraConfig = ''
+ "git.${config.monorepo.vars.orgHost}" = {
+ forceSSL = true;
+ enableACME = true;
+ };
+ "list.${config.monorepo.vars.orgHost}" = {
+ forceSSL = true;
+ enableACME = true;
+ locations."/" = {
+ proxyPass = "http://localhost:9090";
+ extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
'';
+ };
};
- };
- # the port comes from ssh tunnelling
- "music.${config.monorepo.vars.remoteHost}" = {
- addSSL = true;
- enableACME = true;
- basicAuthFile = config.sops.secrets."mpd_password".path;
- locations."/" = {
- proxyPass = "http://localhost:8000";
- extraConfig = ''
+ # the port comes from ssh tunnelling
+ "music.${config.monorepo.vars.remoteHost}" = lib.mkIf config.monorepo.profiles.server.enable {
+ addSSL = true;
+ enableACME = true;
+ basicAuthFile = config.sops.secrets."mpd_password".path;
+ locations."/" = {
+ proxyPass = "http://localhost:8000";
+ extraConfig = ''
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Connection "";
@@ -1450,50 +1494,35 @@ to the outside world under a domain.
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 36000s;
'';
+ };
};
- };
- "${config.monorepo.vars.orgHost}" = {
- serverName = "${config.monorepo.vars.orgHost}";
- root = "/var/www/nullring/";
- addSSL = true;
- enableACME = true;
- };
+ "${config.monorepo.vars.orgHost}" = {
+ serverName = "${config.monorepo.vars.orgHost}";
+ root = "/var/www/nullring/";
+ addSSL = true;
+ enableACME = true;
+ };
- "mail.${config.monorepo.vars.orgHost}" = {
- serverName = "mail.${config.monorepo.vars.orgHost}";
- root = "/var/www/dummy";
- addSSL = true;
- enableACME = true;
+ "mail.${config.monorepo.vars.orgHost}" = {
+ serverName = "mail.${config.monorepo.vars.orgHost}";
+ root = "/var/www/dummy";
+ addSSL = true;
+ enableACME = true;
+ };
};
};
};
}
#+end_src
-** Git Web Interface
-I enable the git web interface to show off my git repos to the
-world. This was the easiest frontend to set up on NixOS.
-#+begin_src nix :tangle ../nix/modules/gitweb.nix
- { lib, config, ... }:
- {
- services.gitweb = {
- gitwebTheme = lib.mkDefault config.monorepo.profiles.server.enable;
- projectroot = "/srv/git/";
- extraConfig = ''
- our $export_ok = "git-daemon-export-ok";
- our $site_name = "NullRing Git Server";
- our $site_header = "NullRing Projects";
- '';
- };
- }
-#+end_src
** CGit Interface
+I have this cgit interface in order to integrate with public-inbox.
#+begin_src nix :tangle ../nix/modules/cgit.nix
{ lib, config, ... }:
{
services.cgit."my-projects" = {
- enable = true;
- scanPath = "/srv/git";
+ enable = lib.mkDefault config.monorepo.profiles.server.enable;
+ scanPath = "${config.users.users.git.home}";
settings = {
root-title = "Nullring Git Server";
root-desc = "Projects and cool things";
@@ -1584,25 +1613,16 @@ There is a non declarative part of setting dkims and spf.
"imap tls://0.0.0.0:993 tcp://0.0.0.0:143"
"submission tls://0.0.0.0:465 tcp://0.0.0.0:587"
] options.services.maddy.config.default;
- ensureAccounts = [
+ ensureAccounts = (builtins.map (x: "${x}@${config.monorepo.vars.orgHost}") config.monorepo.vars.projects) ++ [
"${config.monorepo.vars.internetName}@${config.monorepo.vars.orgHost}"
- "monorepo@${config.monorepo.vars.orgHost}"
- "nullerbot@${config.monorepo.vars.orgHost}"
"discussion@${config.monorepo.vars.orgHost}"
];
- ensureCredentials = {
+ ensureCredentials = lib.genAttrs config.services.maddy.ensureAccounts (name: {
+ passwordFile = "/run/secrets/mail_monorepo_password";
+ }) // {
"${config.monorepo.vars.internetName}@${config.monorepo.vars.orgHost}" = {
passwordFile = "/run/secrets/mail_password";
};
- "monorepo@${config.monorepo.vars.orgHost}" = {
- passwordFile = "/run/secrets/mail_monorepo_password";
- };
- "nullerbot@${config.monorepo.vars.orgHost}" = {
- passwordFile = "/run/secrets/mail_monorepo_password";
- };
- "discussion@${config.monorepo.vars.orgHost}" = {
- passwordFile = "/run/secrets/mail_monorepo_password";
- };
};
};
}
@@ -1627,7 +1647,7 @@ This is my mailing list software that I will use to develop software.
# Allow the service to see the file it just created
BindPaths = [
"/var/lib/public-inbox"
- "/srv/git/"
+ "${config.users.users.git.home}"
];
ReadOnlyPaths = [ "/var/lib/public-inbox/style.css" ];
# Ensure it can actually write to the directory during preStart
@@ -1667,10 +1687,10 @@ This is my mailing list software that I will use to develop software.
services.public-inbox = {
enable = lib.mkDefault config.monorepo.profiles.server.enable;
settings = {
- coderepo."nullerbot".dir = "/srv/git/nullerbot.git";
- coderepo."nullerbot".cgitUrl = "https://git.nullring.xyz/nullerbot.git";
- coderepo."monorepo".dir = "/srv/git/monorepo.git";
- coderepo."monorepo".cgitUrl = "https://git.nullring.xyz/monorepo.git";
+ coderepo = lib.genAttrs config.monorepo.vars.projects (name: {
+ dir = "${config.users.users.git.home}/${name}.git";
+ cgitUrl = "https://git.${config.monorepo.vars.orgHost}/${name}.git";
+ });
publicinbox.css = ["/var/lib/public-inbox/style.css"];
publicinbox.wwwlisting = "all";
};
@@ -1678,18 +1698,14 @@ This is my mailing list software that I will use to develop software.
enable = true;
port = 9090;
};
- inboxes = {
- "monorepo" = {
- description = "discussion of ret2pop's monorepo project and related work.";
- address = [ "monorepo@${config.monorepo.vars.orgHost}" ];
- inboxdir = "/var/lib/public-inbox/monorepo";
- url = "https://list.${config.monorepo.vars.orgHost}/monorepo";
- watch = [ "imaps://monorepo%40${config.monorepo.vars.orgHost}@mail.${config.monorepo.vars.orgHost}/INBOX" ];
- coderepo = [
- "monorepo"
- ];
- };
-
+ inboxes = lib.genAttrs config.monorepo.vars.projects (name: {
+ description = "discussion of the ${name} project.";
+ address = [ "${name}@${config.monorepo.vars.orgHost}" ];
+ inboxdir = "/var/lib/public-inbox/${name}";
+ url = "https://list.${config.monorepo.vars.orgHost}/${name}";
+ watch = [ "imaps://${name}${config.monorepo.vars.orgHost}@mail.${config.monorepo.vars.orgHost}/INBOX" ];
+ coderepo = [ "${name}" ];
+ }) // {
"discussion" = {
description = "Main Nullring Discussion Mailing List";
address = [ "discussion@${config.monorepo.vars.orgHost}" ];
@@ -1697,17 +1713,6 @@ This is my mailing list software that I will use to develop software.
url = "https://list.${config.monorepo.vars.orgHost}/discussion";
watch = [ "imaps://discussion%40${config.monorepo.vars.orgHost}@mail.${config.monorepo.vars.orgHost}/INBOX" ];
};
-
- "nullerbot" = {
- description = "Discussion of Nullerbot Matrix Bot";
- address = [ "nullerbot@${config.monorepo.vars.orgHost}" ];
- inboxdir = "/var/lib/public-inbox/nullerbot";
- url = "https://list.${config.monorepo.vars.orgHost}/nullerbot";
- watch = [ "imaps://nullerbot%40${config.monorepo.vars.orgHost}@mail.${config.monorepo.vars.orgHost}/INBOX" ];
- coderepo = [
- "nullerbot"
- ];
- };
};
};
}
@@ -1995,6 +2000,7 @@ because they enhance security.
"maddy"
"ntfy-sh"
"public-inbox"
+ "plugdev"
];
in
{
@@ -2015,7 +2021,6 @@ because they enhance security.
./git-daemon.nix
./ollama.nix
./i2pd.nix
- ./gitweb.nix
./conduit.nix
./bitcoin.nix
./murmur.nix
@@ -2067,6 +2072,7 @@ because they enhance security.
btrfs = true;
ext4 = true;
};
+
extraModprobeConfig = ''
options snd-usb-audio vid=0x1235 pid=0x8200 device_setup=1
options rtw88_core disable_lps_deep=y power_save=0 disable_aspm_l1ss=y
@@ -2106,10 +2112,10 @@ because they enhance security.
};
kernelModules = [
- "snd-seq"
- "snd-rawmidi"
- "xhci_hcd"
- "kvm_intel"
+ "snd-seq"
+ "snd-rawmidi"
+ "xhci_hcd"
+ "kvm_intel"
"af_packet"
"ccm"
"ctr"
@@ -2184,29 +2190,28 @@ because they enhance security.
];
kernel.sysctl = {
- "kernel.ftrace_enabled" = false;
- "net.core.bpf_jit_enable" = false;
- "kernel.kptr_restrict" = 2;
+ "kernel.ftrace_enabled" = false;
+ "net.core.bpf_jit_enable" = false;
+ "kernel.kptr_restrict" = 2;
- # madaidan
+ # madaidan
"kernel.smtcontrol" = "on";
- "vm.swappiness" = 1;
- "vm.unprivileged_userfaultfd" = 0;
- "dev.tty.ldisc_autoload" = 0;
- "kernel.kexec_load_disabled" = 1;
- "kernel.sysrq" = 4;
- "kernel.perf_event_paranoid" = 3;
+ "vm.swappiness" = 1;
+ "vm.unprivileged_userfaultfd" = 0;
+ "dev.tty.ldisc_autoload" = 0;
+ "kernel.kexec_load_disabled" = 1;
+ "kernel.sysrq" = 4;
+ "kernel.perf_event_paranoid" = 3;
- # net
+ # net
"net.ipv4.ip_forward" = 1;
- "net.ipv4.icmp_echo_ignore_broadcasts" = true;
-
- # "net.ipv4.conf.all.accept_redirects" = false;
- # "net.ipv4.conf.all.secure_redirects" = false;
- # "net.ipv4.conf.default.accept_redirects" = false;
- # "net.ipv4.conf.default.secure_redirects" = false;
- # "net.ipv6.conf.all.accept_redirects" = false;
- # "net.ipv6.conf.default.accept_redirects" = false;
+ "net.ipv4.icmp_echo_ignore_broadcasts" = true;
+ # "net.ipv4.conf.all.accept_redirects" = false;
+ # "net.ipv4.conf.all.secure_redirects" = false;
+ # "net.ipv4.conf.default.accept_redirects" = false;
+ # "net.ipv4.conf.default.secure_redirects" = false;
+ # "net.ipv6.conf.all.accept_redirects" = false;
+ # "net.ipv6.conf.default.accept_redirects" = false;
};
};
@@ -2266,17 +2271,17 @@ because they enhance security.
graphics.enable = ! config.monorepo.profiles.ttyonly.enable;
bluetooth = {
- enable = lib.mkDefault (! config.monorepo.profiles.ttyonly.enable);
- powerOnBoot = lib.mkDefault (! config.monorepo.profiles.ttyonly.enable);
+ enable = lib.mkDefault (! config.monorepo.profiles.ttyonly.enable);
+ powerOnBoot = lib.mkDefault (! config.monorepo.profiles.ttyonly.enable);
};
};
services = {
pulseaudio.enable = ! config.monorepo.profiles.pipewire.enable;
chrony = {
- enable = true;
- enableNTS = true;
- servers = [ "time.cloudflare.com" "ptbtime1.ptb.de" "ptbtime2.ptb.de" ];
+ enable = true;
+ enableNTS = true;
+ servers = [ "time.cloudflare.com" "ptbtime1.ptb.de" "ptbtime2.ptb.de" ];
};
jitterentropy-rngd.enable = true;
@@ -2285,16 +2290,14 @@ because they enhance security.
usbguard.enable = false;
dbus.apparmor = "enabled";
- kanata.enable = true;
-
# Misc.
udev = {
- extraRules = '''';
- packages = if config.monorepo.profiles.workstation.enable then with pkgs; [
- platformio-core
- platformio-core.udev
- openocd
- ] else [];
+ extraRules = '''';
+ packages = if config.monorepo.profiles.workstation.enable then with pkgs; [
+ platformio-core
+ platformio-core.udev
+ openocd
+ ] else [];
};
printing.enable = lib.mkDefault config.monorepo.profiles.workstation.enable;
@@ -2311,8 +2314,8 @@ because they enhance security.
nixpkgs = {
hostPlatform = lib.mkDefault "x86_64-linux";
config = {
- allowUnfree = true;
- cudaSupport = lib.mkDefault config.monorepo.profiles.cuda.enable;
+ allowUnfree = true;
+ cudaSupport = lib.mkDefault config.monorepo.profiles.cuda.enable;
};
};
@@ -2322,19 +2325,19 @@ because they enhance security.
defaults.email = "ret2pop@gmail.com";
};
apparmor = {
- enable = true;
- killUnconfinedConfinables = true;
+ enable = true;
+ killUnconfinedConfinables = true;
packages = with pkgs; [
apparmor-profiles
];
- policies = {
- firefox.path = "${pkgs.apparmor-profiles}/share/apparmor/extra-profiles/firefox";
- };
+ # policies = {
+ # firefox.path = "${pkgs.apparmor-profiles}/share/apparmor/extra-profiles/firefox";
+ # };
};
pam.loginLimits = [
- { domain = "*"; item = "nofile"; type = "-"; value = "32768"; }
- { domain = "*"; item = "memlock"; type = "-"; value = "32768"; }
+ { domain = "*"; item = "nofile"; type = "-"; value = "32768"; }
+ { domain = "*"; item = "memlock"; type = "-"; value = "32768"; }
];
rtkit.enable = true;
@@ -2345,9 +2348,9 @@ because they enhance security.
forcePageTableIsolation = true;
tpm2 = {
- enable = true;
- pkcs11.enable = true;
- tctiEnvironment.enable = true;
+ enable = true;
+ pkcs11.enable = true;
+ tctiEnvironment.enable = true;
};
auditd.enable = true;
@@ -2360,9 +2363,9 @@ because they enhance security.
enable = (! config.monorepo.profiles.ttyonly.enable);
wlr.enable = (! config.monorepo.profiles.ttyonly.enable);
extraPortals = with pkgs; if (! config.monorepo.profiles.ttyonly.enable) then [
- xdg-desktop-portal-gtk
- xdg-desktop-portal
- xdg-desktop-portal-hyprland
+ xdg-desktop-portal-gtk
+ xdg-desktop-portal
+ xdg-desktop-portal-hyprland
] else [];
config.common.default = "*";
};
@@ -2387,7 +2390,7 @@ because they enhance security.
(writeShellScriptBin "new-repo"
''
#!/bin/bash
- cd /srv/git
+ cd ${config.users.users.git.home}
git init --bare "$1"
vim "$1/description"
chown -R git:git "$1"
@@ -2429,37 +2432,36 @@ because they enhance security.
nginx = {
group = "nginx";
isSystemUser = lib.mkDefault true;
- extraGroups = [
- "acme"
- ];
+ extraGroups = [ "acme" ];
};
root.openssh.authorizedKeys.keys = [
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICts6+MQiMwpA+DfFQxjIN214Jn0pCw/2BDvOzPhR/H2 preston@continuity-dell"
+ config.monorepo.vars.sshKey
];
git = {
- isSystemUser = true;
- home = "/srv/git";
- shell = "/bin/sh";
+ isSystemUser = true;
+ home = "/srv/git";
+ shell = "/bin/sh";
group = "git";
openssh.authorizedKeys.keys = [
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICts6+MQiMwpA+DfFQxjIN214Jn0pCw/2BDvOzPhR/H2 preston@continuity-dell"
+ config.monorepo.vars.sshKey
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIEF+mcL9nDkzVhCYyYWCIrP+b6oRiiaV509jywbD0Vq nix-on-droid@localhost"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCedJm0yYB0qLah/Y7PqLVgNh6qp+yujssGtuR05KbZLzSnsLUjUMObMyjFB9xTKrSGDqyoMkNe2l5VXMBJ9wBKLbzqMWbkakAWOj7EC/qZ6dFWA075mniwAuWKY/Q8QYohAJbbeU4j0ObWrltd4ar2Ac9vsVyftYF5efg8PEqVdOxzrBn5taY1zCCRjee5ISeRDIovnBbq7x86jsx5VnXTjMN9FZCI2qmz992Sg/PPXpXat+O1YQlG0eBHEny2Ug9gaAYnGOVr6kZKE4lrjz47nrXVXO6lJsNXmuzTVnEgo30DAA3dV4fws/M5ptM5Pgg2qe94HyHWhhmtXOekWmGtP3YxpVe3M/SPl31UL570ZDuuCcpJTsbe90ZyXC3CiSJkLKbmFkfOgZ6DI2LT8KSp09/2NCtZYriLN/nXObn6gQzByGMxVyKNx2hh8ENt9hzTCAk5lYDK3g3wS8eLCY3EH/caEqT9mLZEZeRHtAhtfozo1VJL7sSZ0Zm7wiIxHylwOshh1sYI1gb1MgMqNnrr1t8+8UK+Q0NERQW3yiphG36HXWy/DdCG0EF+N850KbgH1FFur+m+3hZCZCFVp3tGCcOC+bxWMBT3+9yC6LARi5cFjLQaWLsNO5xEs4vqX3+s3QjJ0pAYDkgtoeY2Fbh+imN+JasWn/cSy5p3UdE4ZQ== andrei@kiss"
];
};
"${config.monorepo.vars.userName}" = {
openssh.authorizedKeys.keys = [
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICts6+MQiMwpA+DfFQxjIN214Jn0pCw/2BDvOzPhR/H2 preston@continuity-dell"
+ config.monorepo.vars.sshKey
];
linger = true;
- initialPassword = "${config.monorepo.vars.userName}";
- isNormalUser = true;
- description = config.monorepo.vars.fullName;
- extraGroups = [ "networkmanager" "wheel" "video" "docker" "jackaudio" "tss" "dialout" "docker" ];
- shell = pkgs.zsh;
- packages = [];
+ initialPassword = "${config.monorepo.vars.userName}";
+ isNormalUser = true;
+ description = config.monorepo.vars.fullName;
+ extraGroups = [ "networkmanager" "wheel" "video" "docker" "jackaudio" "tss" "dialout" "docker" "plugdev" ];
+ shell = pkgs.zsh;
+ packages = [];
};
};
@@ -2582,7 +2584,7 @@ This configuration is used for simple partitioning schemes with EFI.
spec = {
disko.devices = {
disk = {
- my-disk = {
+ main = {
device = config.monorepo.vars.device;
type = "disk";
content = {
@@ -2664,7 +2666,7 @@ For machines that use BIOS instead of EFI.
As you can see, I have my installed home packages installed based on the profiles enabled. Also,
I have many imports that we'll go through next.
#+begin_src nix :tangle ../nix/modules/home/default.nix
- { lib, config, pkgs, sops-nix, ... }:
+ { lib, config, pkgs, sops-nix, super, ... }:
{
imports = [
sops-nix.homeManagerModules.sops
@@ -2708,35 +2710,13 @@ I have many imports that we'll go through next.
lang-coq.enable = lib.mkEnableOption "Enables coq language support";
lang-lean.enable = lib.mkEnableOption "Enables lean language support";
lang-haskell.enable = lib.mkEnableOption "Enables haskell language support";
-
crypto.enable = lib.mkEnableOption "Enables various cryptocurrency wallets";
art.enable = lib.mkEnableOption "Enables various art programs";
music.enable = lib.mkEnableOption "Enables mpd";
workstation.enable = lib.mkEnableOption "Enables workstation packages (music production and others)";
cuda.enable = lib.mkEnableOption "Enables CUDA user package builds";
hyprland.enable = lib.mkEnableOption "Enables hyprland";
-
- email = {
- email = lib.mkOption {
- type = lib.types.str;
- default = "ret2pop@nullring.xyz";
- example = "john@example.com";
- description = "Email address and imaps/smtps account";
- };
- imapsServer = lib.mkOption {
- type = lib.types.str;
- default = "mail.nullring.xyz";
- example = "imap.example.com";
- description = "imaps server address";
- };
- smtpsServer = lib.mkOption {
- type = lib.types.str;
- default = "mail.nullring.xyz";
- example = "smtp.example.com";
- description = "smtp server address";
- };
- enable = lib.mkEnableOption "Enables email";
- };
+ email.enable = lib.mkEnableOption "Enables email";
};
};
@@ -2864,7 +2844,7 @@ I have many imports that we'll go through next.
email.enable = lib.mkDefault config.monorepo.profiles.enable;
# Programming
- graphics.enable = lib.mkDefault config.monorepo.profiles.enable;
+ graphics.enable = lib.mkDefault (! super.monorepo.profiles.ttyonly.enable);
lang-c.enable = lib.mkDefault config.monorepo.profiles.enable;
lang-rust.enable = lib.mkDefault config.monorepo.profiles.enable;
lang-python.enable = lib.mkDefault config.monorepo.profiles.enable;
@@ -2887,8 +2867,9 @@ I have many imports that we'll go through next.
}
#+end_src
*** Secrets
+These are some secrets that I use regularly for my programs in home.
#+begin_src nix :tangle ../nix/modules/home/secrets.nix
- { config, ... }:
+ { config, super, ... }:
{
sops = {
defaultSopsFile = if config.monorepo.profiles.graphics.enable
@@ -2896,7 +2877,7 @@ I have many imports that we'll go through next.
else ../../secrets/vps_secrets.yaml;
age = {
- keyFile = "/home/${config.monorepo.vars.userName}/.config/sops/age/keys.txt";
+ keyFile = "/home/${super.monorepo.vars.userName}/.config/sops/age/keys.txt";
};
secrets = if config.monorepo.profiles.graphics.enable then {
@@ -2929,13 +2910,9 @@ be straightforward.
#+begin_src nix :tangle ../nix/modules/home/firefox.nix
{ lib, config, pkgs, ... }:
{
- programs.firefox = {
+ programs.librewolf = {
enable = lib.mkDefault config.monorepo.profiles.graphics.enable;
- package = pkgs.firefox;
- policies = {
- EnableTrackingProtection = true;
- OfferToSaveLogins = false;
- };
+ package = pkgs.librewolf;
profiles = {
default = {
id = 0;
@@ -2947,249 +2924,9 @@ be straightforward.
tree-style-tab
firefox-color
vimium
- ]
- ++ (lib.optional
- config.monorepo.profiles.crypto.enable pkgs.nur.repos.rycee.firefox-addons.metamask);
-
- settings = {
- media = {
- memory_cache_max_size = 65536;
- cache_readahead_limit = 7200;
- cache_resume_threshold = 3600;
- peerconnection.ice = {
- proxy_only_if_behind_proxy = true;
- default_address_only = true;
- };
- };
-
- gfx = {
- content.skia-font-cache-size = 20;
- canvas.accelerated = {
- cache-items = 4096;
- cache-size = 512;
- };
- };
-
- network = {
- http = {
- max-connections = 1800;
- max-persistent-connections-per-server = 10;
- max-urgent-start-excessive-connections-per-host = 5;
- referer.XOriginTrimmingPolicy = 2;
- };
-
- buffer.cache = {
- size = 262144;
- count = 128;
- };
-
- dns = {
- max_high_priority_threads = 8;
- disablePrefetch = true;
- };
-
- pacing.requests.enabled = false;
- dnsCacheExpiration = 3600;
- ssl_tokens_cache_capacity = 10240;
- prefetch-next = false;
- predictor.enabled = false;
- cookie.sameSite.noneRequiresSecure = true;
- IDN_show_punycode = true;
- auth.subresource-http-auth-allow = 1;
- captive-portal-service.enabled = false;
- connectivity-service.enabled = false;
- };
-
- browser = {
- download = {
- always_ask_before_handling_new_types = true;
- manager.addToRecentDocs = false;
- open_pdf_attachments_inline = true;
- start_downloads_in_tmp_dir = true;
- };
-
- urlbar = {
- suggest.quicksuggest.sponsored = false;
- suggest.quicksuggest.nonsponsored = false;
- suggest.calculator = true;
- update2.engineAliasRefresh = true;
- unitConversion.enabled = true;
- trending.featureGate = false;
- };
-
- search = {
- separatePrivateDefault.ui.enabled = true;
- suggest.enabled = false;
- };
-
- newtabpage.activity-stream = {
- feeds = {
- topsites = false;
- section.topstories = false;
- telemetry = false;
- };
- asrouter.userprefs.cfr = {
- addons = false;
- features = false;
- };
- telemetry = false;
- };
-
- privatebrowsing = {
- vpnpromourl = "";
- forceMediaMemoryCache = true;
- };
-
- display = {
- focus_ring_on_anything = true;
- focus_ring_style = 0;
- focus_ring_width = 0;
- };
-
- cache.jsbc_compression_level = 3;
- helperApps.deleteTempFileOnExit = true;
- uitour.enabled = false;
- sessionstore.interval = 60000;
- formfill.enable = false;
- xul.error_pages.expert_bad_cert = true;
- contentblocking.category = "strict";
- ping-centre.telemetry = false;
- discovery.enabled = false;
- shell.checkDefaultBrowser = false;
- preferences.moreFromMozilla = false;
- tabs.tabmanager.enabled = false;
- aboutConfig.showWarning = false;
- aboutwelcome.enabled = false;
- bookmarks.openInTabClosesMenu = false;
- menu.showViewImageInfo = true;
- compactmode.show = true;
- safebrowsing.downloads.remote.enabled = false;
- tabs.crashReporting.sendReport = false;
- crashReports.unsubmittedCheck.autoSubmit2 = false;
- privateWindowSeparation.enabled = false;
- };
-
- security = {
- mixed_content = {
- block_display_content = true;
- upgrade_display_content = true;
- };
- insecure_connection_text = {
- enabled = true;
- pbmode.enabled = true;
- };
- OCSP.enabled = 0;
- remote_settings.crlite_filters.enabled = true;
- pki.crlite_mode = 2;
- ssl.treat_unsafe_negotiation_as_broken = true;
- tls.enable_0rtt_data = false;
- };
-
- toolkit = {
- telemetry = {
- unified = false;
- enabled = false;
- server = "data:,";
- archive.enabled = false;
- newProfilePing.enabled = false;
- shutdownPingSender.enabled = false;
- updatePing.enabled = false;
- bhrPing.enabled = false;
- firstShutdownPing.enabled = false;
- coverage.opt-out = true;
- };
- coverage = {
- opt-out = true;
- endpoint.base = "";
- };
- legacyUserProfileCustomizations.stylesheets = true;
- };
-
- dom = {
- security = {
- https_first = true;
- https_first_schemeless = true;
- sanitizer.enabled = true;
- };
- enable_web_task_scheduling = true;
- };
-
- layout = {
- css = {
- grid-template-masonry-value.enabled = true;
- has-selector.enabled = true;
- prefers-color-scheme.content-override = 2;
- };
- word_select.eat_space_to_next_word = false;
- };
-
- urlclassifier = {
- trackingSkipURLs = "*.reddit.com, *.twitter.com, *.twimg.com, *.tiktok.com";
- features.socialtracking.skipURLs = "*.instagram.com, *.twitter.com, *.twimg.com";
- };
+ privacy-redirect
+ ] ++ (lib.optional config.monorepo.profiles.crypto.enable pkgs.nur.repos.rycee.firefox-addons.metamask);
- privacy = {
- globalprivacycontrol.enabled = true;
- history.custom = true;
- userContext.ui.enabled = true;
- trackingprotection = {
- enabled = true;
- pbmode.enabled = true;
- socialtracking.enabled = true;
- };
- };
-
- full-screen-api = {
- transition-duration = {
- enter = "0 0";
- leave = "0 0";
- };
- warning = {
- delay = -1;
- timeout = 0;
- };
- };
-
- permissions.default = {
- desktop-notification = 2;
- geo = 2;
- };
-
- signon = {
- formlessCapture.enabled = false;
- privateBrowsingCapture.enabled = false;
- };
-
- datareporting = {
- policy.dataSubmissionEnabled = false;
- healthreport.uploadEnabled = false;
- };
-
- extensions = {
- pocket.enabled = false;
- getAddons.showPane = false;
- htmlaboutaddons.recommendations.enabled = false;
- postDownloadThirdPartyPrompt = false;
- };
-
- app = {
- shield.optoutstudies.enabled = false;
- normandy.enabled = false;
- normandy.api_url = "";
- };
-
- image.mem.decode_bytes_at_a_time = 32768;
- editor.truncate_user_pastes = false;
- pdfjs.enableScripting = false;
- geo.provider.network.url = "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%";
- permissions.manager.defaultsUrl = "";
- webchannel.allowObject.urlWhitelist = "";
- breakpad.reportURL = "";
- captivedetect.canonicalURL = "";
- cookiebanners.service.mode = 1;
- findbar.highlightAll = true;
- content.notify.interval = 100000;
- };
};
};
};
@@ -3220,7 +2957,7 @@ compilation, and because I can fetch their exact versions. Note that I have a st
configuration here that tells emacs to load my real configuration at ~~/monorepo/config/emacs.org~
as an org file which gets automatically tangled to an emacs-lisp file.
#+begin_src nix :tangle ../nix/modules/home/emacs.nix
- { lib, config, pkgs, ... }:
+ { lib, config, pkgs, super, ... }:
{
programs.emacs =
{
@@ -3228,10 +2965,10 @@ as an org file which gets automatically tangled to an emacs-lisp file.
package = pkgs.emacs-pgtk;
extraConfig = ''
(setq debug-on-error t)
- (setq system-email "${config.monorepo.profiles.email.email}")
- (setq system-username "${config.monorepo.vars.internetName}")
- (setq system-fullname "${config.monorepo.vars.fullName}")
- (setq system-gpgkey "${config.monorepo.vars.gpgKey}")
+ (setq system-email "${super.monorepo.vars.email}")
+ (setq system-username "${super.monorepo.vars.internetName}")
+ (setq system-fullname "${super.monorepo.vars.fullName}")
+ (setq system-gpgkey "${super.monorepo.vars.gpgKey}")
(load "${pkgs.writeText "init.el" (builtins.readFile ../../init.el)}")
'';
@@ -3353,28 +3090,29 @@ the timezone.
My git configuration uses information set in the ~vars.nix~ in order to set configuration options.
Make sure those are set correctly. I've set it to sign by default.
#+begin_src nix :tangle ../nix/modules/home/git.nix
- { pkgs, lib, config, ... }:
+ { pkgs, lib, config, super, ... }:
{
programs.git = {
enable = lib.mkDefault config.monorepo.profiles.graphics.enable;
package = pkgs.gitFull;
lfs.enable = lib.mkDefault config.monorepo.profiles.graphics.enable;
- userName = config.monorepo.vars.fullName;
- userEmail = config.monorepo.profiles.email.email;
+ userName = super.monorepo.vars.fullName;
+ userEmail = "${super.monorepo.vars.email}";
signing = {
- key = config.monorepo.vars.gpgKey;
+ key = super.monorepo.vars.gpgKey;
signByDefault = true;
};
extraConfig = {
init.defaultBranch = "main";
- credential."${config.monorepo.profiles.email.smtpsServer}" = {
- username = "${config.monorepo.profiles.email.email}";
+ credential."mail.${super.monorepo.vars.orgHost}" = {
+ username = "${super.monorepo.vars.email}";
helper = "!f() { test \"$1\" = get && echo \"password=$(cat /run/user/1000/secrets/mail)\"; }; f";
};
+
sendemail = {
- smtpserver = "${config.monorepo.profiles.email.smtpsServer}";
- smtpuser = "${config.monorepo.profiles.email.email}";
+ smtpserver = "mail.${super.monorepo.vars.orgHost}";
+ smtpuser = "${super.monorepo.vars.email}";
smtpserverport = 465;
smtpencryption = "ssl";
};
@@ -3422,7 +3160,7 @@ to use this component will come soon.
"fcitx5 -d --replace"
"fcitx5-remote -r"
"emacs"
- "firefox"
+ "librewolf"
];
env = [
"LIBVA_DRIVER_NAME,nvidia"
@@ -3452,11 +3190,16 @@ to use this component will come soon.
workspace = 1;
}
{
- name = "firefox";
- "match:class" = "firefox";
+ name = "librewolf";
+ "match:class" = "librewolf";
workspace = 2;
}
{
+ name = "element-desktop";
+ "match:class" = "element-desktop";
+ workspace = 3;
+ }
+ {
name = "vesktop";
"match:class" = "vesktop";
workspace = 3;
@@ -3479,13 +3222,13 @@ to use this component will come soon.
];
bind = [
- "$mod, F, exec, firefox"
+ "$mod, F, exec, librewolf"
"$mod, Return, exec, kitty"
"$mod, E, exec, emacs"
"$mod, B, exec, bitcoin-qt"
"$mod, S, exec, pavucontrol"
"$mod, M, exec, monero-wallet-gui"
- "$mod, V, exec, vesktop"
+ "$mod, V, exec, element-desktop"
"$mod, C, exec, fluffychat"
"$mod, D, exec, wofi --show run"
"$mod, P, exec, bash ${scripts}/powermenu.sh"
@@ -3661,71 +3404,71 @@ are all set from the get-go!
Note that in order to use my email configuration, your imaps and smtps servers must be
encrypted. This module uses the ~vars.nix~ as well as the home ~default.nix~ options.
#+begin_src nix :tangle ../nix/modules/home/mbsync.nix
-{ lib, config, ... }:
-{
- programs.mbsync = {
- enable = lib.mkDefault config.monorepo.profiles.email.enable;
- extraConfig = ''
- IMAPAccount ${config.monorepo.vars.internetName}
- Host ${config.monorepo.profiles.email.imapsServer}
- User ${config.monorepo.profiles.email.email}
- PassCmd "cat ${config.sops.secrets.mail.path}"
- Port 993
- TLSType IMAPS
- AuthMechs *
- CertificateFile /etc/ssl/certs/ca-certificates.crt
+ { lib, config, super, ... }:
+ {
+ programs.mbsync = {
+ enable = lib.mkDefault config.monorepo.profiles.email.enable;
+ extraConfig = ''
+ IMAPAccount ${super.monorepo.vars.internetName}
+ Host mail.${super.monorepo.vars.orgHost}
+ User ${super.monorepo.vars.email}
+ PassCmd "cat ${config.sops.secrets.mail.path}"
+ Port 993
+ TLSType IMAPS
+ AuthMechs *
+ CertificateFile /etc/ssl/certs/ca-certificates.crt
- IMAPStore ${config.monorepo.vars.internetName}-remote
- Account ${config.monorepo.vars.internetName}
+ IMAPStore ${super.monorepo.vars.internetName}-remote
+ Account ${super.monorepo.vars.internetName}
- MaildirStore ${config.monorepo.vars.internetName}-local
- Path ~/email/${config.monorepo.vars.internetName}/
- Inbox ~/email/${config.monorepo.vars.internetName}/INBOX
- SubFolders Verbatim
+ MaildirStore ${super.monorepo.vars.internetName}-local
+ Path ~/email/${super.monorepo.vars.internetName}/
+ Inbox ~/email/${super.monorepo.vars.internetName}/INBOX
+ SubFolders Verbatim
- Channel ${config.monorepo.vars.internetName}
- Far :${config.monorepo.vars.internetName}-remote:
- Near :${config.monorepo.vars.internetName}-local:
- Patterns *
- Create Near
- Sync All
- Expunge None
- SyncState *
- '';
- };
-}
+ Channel ${super.monorepo.vars.internetName}
+ Far :${super.monorepo.vars.internetName}-remote:
+ Near :${super.monorepo.vars.internetName}-local:
+ Patterns *
+ Create Near
+ Sync All
+ Expunge None
+ SyncState *
+ '';
+ };
+ }
#+end_src
*** MSMTP
This is the program I use to send email from emacs. It is really the same thing as above,
just set the options to the ones you want in your system ~default.nix~.
#+begin_src nix :tangle ../nix/modules/home/msmtp.nix
-{ lib, config, ... }:
-{
- programs.msmtp = {
- enable = lib.mkDefault config.monorepo.profiles.email.enable;
- extraConfig = ''
- # Set default values for all following accounts.
- defaults
- auth on
- tls on
- tls_trust_file /etc/ssl/certs/ca-certificates.crt
- tls_certcheck off
- logfile ~/.msmtp.log
+ { lib, config, super, ... }:
+ {
+ programs.msmtp = {
+ enable = lib.mkDefault config.monorepo.profiles.email.enable;
+ extraConfig = ''
+ # Set default values for all following accounts.
+ defaults
+ auth on
+ tls on
+ tls_trust_file /etc/ssl/certs/ca-certificates.crt
+ tls_certcheck off
+ logfile ~/.msmtp.log
- # Gmail
- account ${config.monorepo.vars.userName}
- host ${config.monorepo.profiles.email.smtpsServer}
- port 587
- from ${config.monorepo.profiles.email.email}
- user ${config.monorepo.profiles.email.email}
- passwordeval "cat ${config.sops.secrets.mail.path}"
+ # Gmail
+ account ${super.monorepo.vars.internetName}
+ host mail.${super.monorepo.vars.orgHost}
+ port 587
+ from ${super.monorepo.vars.email}
+ user ${super.monorepo.vars.email}
+ passwordeval "cat ${config.sops.secrets.mail.path}"
- # Set a default account
- account default : ${config.monorepo.vars.userName}
- '';
- };
-}
+ # Set a default account
+ account default : ${super.monorepo.vars.internetName}
+ '';
+ };
+ }
#+end_src
*** Mpd
This mpd configuration uses pipewire by default, and it should just work if you place music
@@ -3743,14 +3486,14 @@ in the ~~/music~ directory and then run ~mpc add /~ afterwards.
network.listenAddress = "0.0.0.0";
extraConfig = ''
audio_output {
- type "pipewire"
- name "pipewire output"
+ type "pipewire"
+ name "pipewire output"
}
audio_output {
type "httpd"
name "Ret2pop's Music Stream"
- encoder "opus" # optional
+ encoder "opus"
port "8000"
bitrate "128000"
format "48000:16:1"
@@ -3758,20 +3501,20 @@ in the ~~/music~ directory and then run ~mpc add /~ afterwards.
tags "yes"
}
- audio_output {
- type "shout"
- name "My VPS Stream"
- host "127.0.0.1"
- port "8888" # This must match your SSH tunnel local port
- mount "/stream" # The URL path (e.g. http://vps:8000/stream)
- password "SuperSecretSourcePass"
- bitrate "128"
- format "44100:16:2"
- protocol "icecast2" # Essential for modern Icecast
- user "source" # Default icecast source user
- description "My MPD Stream"
- genre "Mixed"
- }
+ audio_output {
+ type "shout"
+ name "My VPS Stream"
+ host "127.0.0.1"
+ port "8888"
+ mount "/stream"
+ password "SuperSecretSourcePass"
+ bitrate "128"
+ format "44100:16:2"
+ protocol "icecast2"
+ user "source"
+ description "My MPD Stream"
+ genre "Mixed"
+ }
'';
};
}
@@ -4295,19 +4038,19 @@ This is a run launcher for wayland. I also use it for my powermenu.
*** yt-dlp
A classic program that allows you to download from youtube. Also has integrations with mpv.
#+begin_src nix :tangle ../nix/modules/home/yt-dlp.nix
-{ lib, config, ... }:
-{
- programs.yt-dlp = {
- enable = lib.mkDefault config.monorepo.profiles.graphics.enable;
- settings = {
- embed-thumbnail = true;
- embed-subs = true;
- sub-langs = "all";
- downloader = "aria2c";
- downloader-args = "aria2c:'-c -x8 -s8 -k1M'";
+ { lib, config, ... }:
+ {
+ programs.yt-dlp = {
+ enable = lib.mkDefault config.monorepo.profiles.graphics.enable;
+ settings = {
+ embed-thumbnail = true;
+ embed-subs = true;
+ sub-langs = "all";
+ downloader = "aria2c";
+ downloader-args = "aria2c:'-c -x8 -s8 -k1M'";
+ };
};
- };
-}
+ }
#+end_src
*** Zsh
My zsh config has some useful aliases that one should read through. Otherwise it is pretty
@@ -4366,7 +4109,7 @@ This configuration is the backbone configuration for the default user. It specif
generally useful packages and something every home should have, as well as some dependencies
for these configurations.
#+begin_src nix :tangle ../nix/modules/home/user.nix
- { lib, config, pkgs, ... }:
+ { lib, config, super, pkgs, ... }:
{
home = {
activation.startup-files = lib.hm.dag.entryAfter [ "installPackages" ] ''
@@ -4415,7 +4158,7 @@ for these configurations.
# Apps
# octaveFull
- vesktop grim swww vim kotatogram-desktop tg qwen-code element-desktop thunderbird jami
+ grim swww vim kotatogram-desktop tg qwen-code element-desktop signal-desktop thunderbird jami
# Sound/media
pavucontrol alsa-utils imagemagick ffmpeg helvum
@@ -4427,7 +4170,7 @@ for these configurations.
torsocks tor-browser
# For transfering secrets onto new system
- magic-wormhole stow
+ stow
# fonts
nerd-fonts.iosevka noto-fonts noto-fonts-cjk-sans noto-fonts-color-emoji fira-code font-awesome_6 victor-mono
@@ -4501,7 +4244,6 @@ for these configurations.
'')
] else [
pfetch
-
# net
curl
torsocks
@@ -4523,6 +4265,13 @@ for these configurations.
enable = true;
defaultApplications = {
"x-scheme-handler/mailto" = "emacsclient-mail.desktop";
+ "text/html" = "librewolf.desktop";
+ "text/xml" = "librewolf.desktop";
+ "application/xhtml+xml" = "librewolf.desktop";
+ "x-scheme-handler/http" = "librewolf.desktop";
+ "x-scheme-handler/https" = "librewolf.desktop";
+ "x-scheme-handler/about" = "librewolf.desktop";
+ "x-scheme-handler/unknown" = "librewolf.desktop";
};
};
@@ -4542,6 +4291,9 @@ the path.
sharedModules = [
sops-nix.homeManagerModules.sops
];
+ extraSpecialArgs = {
+ super = config;
+ };
useGlobalPkgs = true;
useUserPackages = true;
users."${config.monorepo.vars.userName}" = (import (./. + "/${config.networking.hostName}/home.nix"));
@@ -4777,7 +4529,7 @@ some DNS records to match what you have on your system after deployment.
"default._domainkey.${config.monorepo.vars.orgHost}" = {
txt = {
- data = "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsC9GpfjvQlldPrHAC7Yt+ZF0aduUIVV4j2+KUkF0j6NsrpOgvU6COWKQSod/B/qyPBLWf+w5P5YiJ9XnOgw6Db/I9C67eusEHnV/cbvokXLQjSBvXee1OEdrT9i+6iUgDeGWP4CrD1DcwvXzAcCI9exy3yALHVlbkyYvi0KAYofs8dVQ3JCwSCMlol71lA6ULJ2zbCIWeSOv9/C6QZ5HOIeeoFLesX6O/YvF4FYxWbSHy244TXYuczQKuayjKgD6e8gIT5WJRQj8IAWOQ2podWw6hSuB3Ig+ekoOfnl5ivJGOMbAzFTj8FtbS4ncyidLU1kIOeuLfiILeDDLlIeYTwIDAQAB";
+ data = "v=DKIM1; k=rsa; p=${config.monorepo.vars.dkimKey}";
};
};
generated by cgit v1.3 (git 2.53.0) at 2026-05-31 20:21:00 +0000