From 9484c4ec525c02caa8a65ecfe37ed24f1d4b321d Mon Sep 17 00:00:00 2001 From: Preston Pan Date: Mon, 2 Mar 2026 00:03:12 -0800 Subject: Remove local nix directory to prepare for submodule --- nix/modules/bitcoin.nix | 7 - nix/modules/cgit.nix | 34 -- nix/modules/conduit.nix | 212 ------------ nix/modules/configuration.nix | 606 ---------------------------------- nix/modules/coturn.nix | 10 - nix/modules/cuda.nix | 9 - nix/modules/default.nix | 82 ----- nix/modules/docker.nix | 15 - nix/modules/dovecot.nix | 8 - nix/modules/fail2ban.nix | 11 - nix/modules/firejail.nix | 20 -- nix/modules/git-daemon.nix | 11 - nix/modules/gitolite.nix | 8 - nix/modules/gitweb.nix | 12 - nix/modules/gotosocial.nix | 14 - nix/modules/heisenbridge.nix | 9 - nix/modules/home/default.nix | 219 ------------ nix/modules/home/emacs.nix | 102 ------ nix/modules/home/fcitx.nix | 14 - nix/modules/home/firefox.nix | 25 -- nix/modules/home/gammastep.nix | 20 -- nix/modules/home/git.nix | 40 --- nix/modules/home/gtk.nix | 27 -- nix/modules/home/home.nix | 11 - nix/modules/home/hyprland.nix | 192 ----------- nix/modules/home/kitty.nix | 53 --- nix/modules/home/mako.nix | 15 - nix/modules/home/mbsync.nix | 33 -- nix/modules/home/mpd.nix | 44 --- nix/modules/home/mpv.nix | 12 - nix/modules/home/msmtp.nix | 27 -- nix/modules/home/pantalaimon.nix | 19 -- nix/modules/home/personal_secrets.nix | 23 -- nix/modules/home/secrets.nix | 35 -- nix/modules/home/user.nix | 202 ------------ nix/modules/home/vps_secrets.nix | 43 --- nix/modules/home/waybar.nix | 274 --------------- nix/modules/home/wofi.nix | 188 ----------- nix/modules/home/yt-dlp.nix | 13 - nix/modules/home/zsh.nix | 47 --- nix/modules/honk.nix | 8 - nix/modules/i2pd.nix | 9 - nix/modules/icecast.nix | 21 -- nix/modules/impermanence.nix | 100 ------ nix/modules/inspircd.nix | 539 ------------------------------ nix/modules/ircd.nix | 12 - nix/modules/kubo.nix | 20 -- nix/modules/maddy.nix | 196 ----------- nix/modules/matrix-appservice-irc.nix | 10 - nix/modules/matterbridge.nix | 7 - nix/modules/mautrix.nix | 150 --------- nix/modules/murmur.nix | 14 - nix/modules/nginx.nix | 54 --- nix/modules/ngircd.nix | 35 -- nix/modules/ntfy-sh.nix | 79 ----- nix/modules/nvidia.nix | 22 -- nix/modules/ollama.nix | 20 -- nix/modules/pantalaimon.nix | 13 - nix/modules/pipewire.nix | 42 --- nix/modules/postfix.nix | 8 - nix/modules/public_inbox.nix | 86 ----- nix/modules/secrets.nix | 118 ------- nix/modules/ssh.nix | 13 - nix/modules/tor.nix | 20 -- nix/modules/vars.nix | 131 -------- nix/modules/xserver.nix | 27 -- nix/modules/znc.nix | 37 --- 67 files changed, 4537 deletions(-) delete mode 100644 nix/modules/bitcoin.nix delete mode 100644 nix/modules/cgit.nix delete mode 100644 nix/modules/conduit.nix delete mode 100644 nix/modules/configuration.nix delete mode 100644 nix/modules/coturn.nix delete mode 100644 nix/modules/cuda.nix delete mode 100644 nix/modules/default.nix delete mode 100644 nix/modules/docker.nix delete mode 100644 nix/modules/dovecot.nix delete mode 100644 nix/modules/fail2ban.nix delete mode 100644 nix/modules/firejail.nix delete mode 100644 nix/modules/git-daemon.nix delete mode 100644 nix/modules/gitolite.nix delete mode 100644 nix/modules/gitweb.nix delete mode 100644 nix/modules/gotosocial.nix delete mode 100644 nix/modules/heisenbridge.nix delete mode 100644 nix/modules/home/default.nix delete mode 100644 nix/modules/home/emacs.nix delete mode 100644 nix/modules/home/fcitx.nix delete mode 100644 nix/modules/home/firefox.nix delete mode 100644 nix/modules/home/gammastep.nix delete mode 100644 nix/modules/home/git.nix delete mode 100644 nix/modules/home/gtk.nix delete mode 100644 nix/modules/home/home.nix delete mode 100644 nix/modules/home/hyprland.nix delete mode 100644 nix/modules/home/kitty.nix delete mode 100644 nix/modules/home/mako.nix delete mode 100644 nix/modules/home/mbsync.nix delete mode 100644 nix/modules/home/mpd.nix delete mode 100644 nix/modules/home/mpv.nix delete mode 100644 nix/modules/home/msmtp.nix delete mode 100644 nix/modules/home/pantalaimon.nix delete mode 100644 nix/modules/home/personal_secrets.nix delete mode 100644 nix/modules/home/secrets.nix delete mode 100644 nix/modules/home/user.nix delete mode 100644 nix/modules/home/vps_secrets.nix delete mode 100644 nix/modules/home/waybar.nix delete mode 100644 nix/modules/home/wofi.nix delete mode 100644 nix/modules/home/yt-dlp.nix delete mode 100644 nix/modules/home/zsh.nix delete mode 100644 nix/modules/honk.nix delete mode 100644 nix/modules/i2pd.nix delete mode 100644 nix/modules/icecast.nix delete mode 100644 nix/modules/impermanence.nix delete mode 100644 nix/modules/inspircd.nix delete mode 100644 nix/modules/ircd.nix delete mode 100644 nix/modules/kubo.nix delete mode 100644 nix/modules/maddy.nix delete mode 100644 nix/modules/matrix-appservice-irc.nix delete mode 100644 nix/modules/matterbridge.nix delete mode 100644 nix/modules/mautrix.nix delete mode 100644 nix/modules/murmur.nix delete mode 100644 nix/modules/nginx.nix delete mode 100644 nix/modules/ngircd.nix delete mode 100644 nix/modules/ntfy-sh.nix delete mode 100644 nix/modules/nvidia.nix delete mode 100644 nix/modules/ollama.nix delete mode 100644 nix/modules/pantalaimon.nix delete mode 100644 nix/modules/pipewire.nix delete mode 100644 nix/modules/postfix.nix delete mode 100644 nix/modules/public_inbox.nix delete mode 100644 nix/modules/secrets.nix delete mode 100644 nix/modules/ssh.nix delete mode 100644 nix/modules/tor.nix delete mode 100644 nix/modules/vars.nix delete mode 100644 nix/modules/xserver.nix delete mode 100644 nix/modules/znc.nix (limited to 'nix/modules') diff --git a/nix/modules/bitcoin.nix b/nix/modules/bitcoin.nix deleted file mode 100644 index bd014bb..0000000 --- a/nix/modules/bitcoin.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ config, lib, ... }: -{ - services.bitcoind."${config.monorepo.vars.userName}" = { - enable = lib.mkDefault config.monorepo.profiles.workstation.enable; - prune = 10000; - }; -} diff --git a/nix/modules/cgit.nix b/nix/modules/cgit.nix deleted file mode 100644 index 5bf888d..0000000 --- a/nix/modules/cgit.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ lib, config, ... }: -let - serverName = "git.${config.monorepo.vars.orgHost}"; -in -{ - services.cgit."my-projects" = { - enable = lib.mkDefault config.services.gitDaemon.enable; - scanPath = "${config.users.users.git.home}"; - settings = { - root-title = "Nullring Git Server"; - root-desc = "Projects and cool things"; - enable-commit-graph = 1; - enable-log-filecount = 1; - enable-log-linecount = 1; - enable-index-owner = 0; - clone-prefix = "https://${serverName}"; - enable-tree-linenumbers = 1; - strict-export = "git-daemon-export-ok"; - }; - gitHttpBackend = { - enable = true; - checkExportOkFiles = true; - }; - nginx = { - virtualHost = "${serverName}"; - }; - }; - - networking.domains.subDomains."${serverName}" = lib.mkIf config.services.cgit."my-projects".enable { }; - services.nginx.virtualHosts."${serverName}" = lib.mkIf config.services.cgit."my-projects".enable { - forceSSL = true; - enableACME = true; - }; -} diff --git a/nix/modules/conduit.nix b/nix/modules/conduit.nix deleted file mode 100644 index edc8e8b..0000000 --- a/nix/modules/conduit.nix +++ /dev/null @@ -1,212 +0,0 @@ -{ config, lib, ... }: -let - livekitListenPort = 8443; - # secrets.yaml - livekit_secret = "livekit_secret"; - conduit_secret = "conduit_secrets"; -in -{ - sops.secrets = lib.mkIf config.services.matrix-conduit.enable { - "${livekit_secret}" = lib.mkIf config.services.livekit.enable { - format = "yaml"; - mode = "0444"; - }; - - "${conduit_secret}" = { - format = "yaml"; - }; - }; - - services.matrix-conduit = { - enable = lib.mkDefault config.monorepo.profiles.server.enable; - secretFile = "/run/secrets/${conduit_secret}"; - settings.global = { - server_name = "matrix.${config.monorepo.vars.orgHost}"; - trusted_servers = [ - "matrix.org" - "nixos.org" - "conduit.rs" - ]; - address = "0.0.0.0"; - port = 6167; - allow_registration = false; - }; - }; - - - services.livekit = { - enable = lib.mkDefault (config.services.matrix-conduit.enable || config.services.matrix-synapse.enable); - keyFile = "/run/secrets/${livekit_secret}"; - settings = { - port = 7880; - turn = { - enabled = true; - domain = "livekit.${config.monorepo.vars.orgHost}"; - cert_file = "/var/lib/acme/livekit.${config.monorepo.vars.orgHost}/fullchain.pem"; - key_file = "/var/lib/acme/livekit.${config.monorepo.vars.orgHost}/key.pem"; - tls_port = 5349; - udp_port = 3478; - }; - - rtc = { - use_external_ip = true; - tcp_port = 7881; - udp_port = 7882; - port_range_start = 50000; - port_range_end = 60000; - }; - }; - }; - - services.lk-jwt-service = { - enable = lib.mkDefault config.services.livekit.enable; - port = 6495; - livekitUrl = "wss://livekit.${config.monorepo.vars.orgHost}"; - keyFile = "/run/secrets/${livekit_secret}"; - }; - - # TODO: split into conduit and livekit - networking.firewall.allowedTCPPorts = lib.mkIf config.services.matrix-conduit.enable [ 8448 7881 5349 livekitListenPort ]; - - # this is fine though - networking.firewall.allowedUDPPorts = lib.mkIf config.services.livekit.enable [ 7882 3478 ]; - networking.firewall.allowedUDPPortRanges = lib.mkIf config.services.livekit.enable [ - { from = 49152; to = 65535; } - ]; - - networking.domains.subDomains."matrix.${config.monorepo.vars.orgHost}" = lib.mkIf config.services.matrix-conduit.enable { }; - networking.domains.subDomains."livekit.${config.monorepo.vars.orgHost}" = lib.mkIf config.services.livekit.enable { }; - - services.nginx.virtualHosts."matrix.${config.monorepo.vars.orgHost}" = lib.mkIf config.services.matrix-conduit.enable { - enableACME = lib.mkDefault config.monorepo.profiles.server.enable; - forceSSL = true; - listen = [ - { - addr = "0.0.0.0"; - port = 443; - ssl = true; - } - { - addr = "[::]"; - port = 443; - ssl = true; - } - { - addr = "0.0.0.0"; - port = 8448; - ssl = true; - } - { - addr = "[::]"; - port = 8448; - ssl = true; - } - ]; - locations."/_matrix/" = { - proxyPass = "http://127.0.0.1:${toString config.services.matrix-conduit.settings.global.port}"; - extraConfig = '' - proxy_set_header Host $host; - proxy_buffers 32 16k; - proxy_read_timeout 5m; - ''; - }; - - locations."= /.well-known/matrix/server" = { - extraConfig = '' - default_type application/json; - add_header Content-Type application/json; - add_header Access-Control-Allow-Origin *; - ''; - - return = ''200 '{"m.server": "matrix.${config.monorepo.vars.orgHost}:443"}' ''; - }; - - locations."/.well-known/matrix/client" = { - extraConfig = '' - default_type application/json; - add_header Access-Control-Allow-Origin *; - ''; - - return = "200 '{\"m.homeserver\": {\"base_url\": \"https://matrix.${config.monorepo.vars.orgHost}\"}, \"org.matrix.msc4143.rtc_foci\": [{\"type\": \"livekit\", \"livekit_service_url\": \"https://matrix.${config.monorepo.vars.orgHost}:${toString livekitListenPort}\"}]}'"; - }; - - extraConfig = '' - merge_slashes off; - ''; - }; - - - services.nginx.virtualHosts."matrix.${config.monorepo.vars.orgHost}-livekit" = lib.mkIf config.services.livekit.enable { - serverName = "matrix.${config.monorepo.vars.orgHost}"; - listen = [ - { - addr = "0.0.0.0"; - port = livekitListenPort; - ssl = true; - } - { - addr = "[::]"; - port = livekitListenPort; - ssl = true; - } - ]; - addSSL = true; - enableACME = false; - forceSSL = false; - useACMEHost = "matrix.${config.monorepo.vars.orgHost}"; - - locations."/" = { - proxyPass = "http://127.0.0.1:${toString config.services.lk-jwt-service.port}"; - proxyWebsockets = true; - extraConfig = '' - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - ''; - }; - }; - - services.nginx.virtualHosts."livekit.${config.monorepo.vars.orgHost}" = lib.mkIf config.services.livekit.enable { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:${toString config.services.livekit.settings.port}"; - proxyWebsockets = true; - extraConfig = '' - proxy_read_timeout 3600s; - proxy_send_timeout 3600s; - - # Standard headers for LiveKit - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - - # --- CORS CONFIGURATION START --- - # 1. Allow all origins (including app.element.io) - add_header 'Access-Control-Allow-Origin' '*' always; - - # 2. Allow specific methods (POST is required for /sfu/get) - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always; - - # 3. Allow headers (Content-Type is crucial for JSON) - add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always; - - # 4. Handle the OPTIONS preflight request immediately - if ($request_method = 'OPTIONS') { - add_header 'Access-Control-Allow-Origin' '*' always; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always; - add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always; - add_header 'Access-Control-Max-Age' 1728000; - add_header 'Content-Type' 'text/plain; charset=utf-8'; - add_header 'Content-Length' 0; - return 204; - } - # --- CORS CONFIGURATION END --- - ''; - }; - }; -} diff --git a/nix/modules/configuration.nix b/nix/modules/configuration.nix deleted file mode 100644 index bee737f..0000000 --- a/nix/modules/configuration.nix +++ /dev/null @@ -1,606 +0,0 @@ -{ config, pkgs, lib, ... }: -let - userGroups = [ - "nginx" - "git" - "ircd" - "ngircd" - "conduit" - "livekit" - "matterbridge" - "maddy" - "ntfy-sh" - "public-inbox" - "plugdev" - ]; - allDomains = - (lib.attrNames config.networking.domains.baseDomains) ++ - (lib.attrNames config.networking.domains.subDomains); - - # 2. Generate BOTH possible outcomes in advance - prodHosts = map (dom: "${config.monorepo.profiles.server.ipv4} ${dom}") allDomains; - vmHosts = map (dom: "127.0.0.1 ${dom}") allDomains; -in -{ - imports = [ - ./cgit.nix - ./public_inbox.nix - ./matterbridge.nix - ./mautrix.nix - ./xserver.nix - ./ssh.nix - ./pipewire.nix - ./tor.nix - ./kubo.nix - ./nvidia.nix - ./cuda.nix - ./nginx.nix - ./secrets.nix - ./git-daemon.nix - ./ollama.nix - ./i2pd.nix - ./conduit.nix - ./bitcoin.nix - ./murmur.nix - ./ngircd.nix - ./znc.nix - ./docker.nix - ./impermanence.nix - ./coturn.nix - ./maddy.nix - ./ntfy-sh.nix - ./fail2ban.nix - ]; - - environment.etc."wpa_supplicant.conf".text = '' - country=CA - ''; - systemd.tmpfiles.rules = [ - "d /srv/git 0755 git git -" - ]; - - zramSwap = lib.mkIf config.monorepo.profiles.desktop.enable { - enable = true; - algorithm = "zstd"; - memoryPercent = 50; - }; - - virtualisation.vmVariant = lib.mkIf config.monorepo.profiles.server.enable { - sops.validateSopsFiles = false; - disko.devices = lib.mkForce { }; - virtualisation.forwardPorts = [ - { from = "host"; host.port = 10443; guest.port = 443; } - { from = "host"; host.port = 9080; guest.port = 80; } - ]; - virtualisation.useNixStoreImage = false; - virtualisation.sharedDirectories.sops-keys = { - source = "/home/preston/.config/sops/age"; # Path to your host key - target = "/home/preston/.config/sops/age"; - }; - networking.extraHosts = lib.mkForce (lib.concatStringsSep "\n" vmHosts); - networking.defaultGateway = lib.mkForce null; - networking.interfaces."${config.monorepo.profiles.server.interface}".useDHCP = lib.mkForce true; - - fileSystems."/" = lib.mkForce { - device = "/dev/disk/by-label/nixos"; - fsType = "ext4"; - }; - systemd.services.sops-nix = { - unitConfig.RequiresMountsFor = "/home/preston/.config/sops/age"; - }; - }; - - documentation = { - enable = lib.mkDefault config.monorepo.profiles.documentation.enable; - man.enable = lib.mkDefault config.monorepo.profiles.documentation.enable; - dev.enable = lib.mkDefault config.monorepo.profiles.documentation.enable; - }; - - environment = { - etc = { - securetty.text = '' - # /etc/securetty: list of terminals on which root is allowed to login. - # See securetty(5) and login(1). - ''; - }; - }; - - - systemd.network.enable = lib.mkDefault config.monorepo.profiles.server.enable; - systemd.network.networks."40-${config.monorepo.profiles.server.interface}" = lib.mkIf config.monorepo.profiles.server.enable { - matchConfig.Name = "${config.monorepo.profiles.server.interface}"; - networkConfig = { - IPv6AcceptRA = true; - IPv6PrivacyExtensions = false; - }; - ipv6AcceptRAConfig = { - UseAutonomousPrefix = false; - }; - }; - - systemd = { - services.NetworkManager-wait-online.enable = false; - coredump.enable = false; - network.config.networkConfig.IPv6PrivacyExtensions = "kernel"; - tmpfiles.settings = { - "restrictetcnixos"."/etc/nixos/*".Z = { - mode = "0000"; - user = "root"; - group = "root"; - }; - }; - }; - - - boot = { - supportedFilesystems = { - btrfs = true; - ext4 = true; - }; - - extraModprobeConfig = '' - options snd-usb-audio vid=0x1235 pid=0x8200 device_setup=1 - options rtw88_core disable_lps_deep=y power_save=0 disable_aspm_l1ss=y - options rtw88_pci disable_msi=y disable_aspm=y - options rtw_core disable_lps_deep=y - options rtw_pci disable_msi=y disable_aspm=y - options rtw89_core disable_ps_mode=y - options rtw89_pci disable_aspm_l1=y disable_aspm_l1ss=y disable_clkreq=y - options iwlwifi 11n_disable=8 uapsd_disable=1 bt_coex_active=0 disable_11ax=1 power_save=0 - ''; - extraModulePackages = [ ]; - - initrd = { - availableKernelModules = [ - "xhci_pci" - "ahci" - "usb_storage" - "sd_mod" - "nvme" - "sd_mod" - "ehci_pci" - "rtsx_pci_sdmmc" - "usbhid" - ]; - - kernelModules = [ ]; - }; - - lanzaboote = { - enable = config.monorepo.profiles.secureBoot.enable; - pkiBundle = "/var/lib/sbctl"; - }; - - loader = { - systemd-boot.enable = lib.mkForce ((! config.monorepo.profiles.grub.enable) && (! config.monorepo.profiles.secureBoot.enable)); - efi.canTouchEfiVariables = lib.mkForce (! config.monorepo.profiles.grub.enable); - }; - - kernelModules = [ - "snd-seq" - "snd-rawmidi" - "xhci_hcd" - "kvm_intel" - "af_packet" - "ccm" - "ctr" - "cmac" - "arc4" - "ecb" - "michael_mic" - "gcm" - "sha256" - "sha384" - ]; - - kernelParams = [ - "cfg80211.reg_alpha2=CA" - "usbcore.autosuspend=-1" - "pcie_aspm=off" - "pci=noaer" - # "debugfs=off" - "page_alloc.shuffle=1" - "slab_nomerge" - # "page_poison=1" - - # madaidan - "pti=on" - "randomize_kstack_offset=on" - "vsyscall=none" - # "lockdown=confidentiality" - - # cpu - "spectre_v2=on" - "spec_store_bypass_disable=on" - "tsx=off" - "l1tf=full,force" - "kvm.nx_huge_pages=force" - - # hardened - "extra_latent_entropy" - - # mineral - # "init_on_alloc=1" - # "random.trust_bootloader=off" - # "init_on_free=1" - "quiet" - # "loglevel=0" - ]; - - blacklistedKernelModules = [ - "netrom" - "rose" - - "adfs" - "affs" - "bfs" - "befs" - "cramfs" - "efs" - "erofs" - "exofs" - "freevxfs" - "f2fs" - "hfs" - "hpfs" - "jfs" - "minix" - "nilfs2" - "ntfs" - "omfs" - "qnx4" - "qnx6" - "sysv" - "ufs" - ]; - - kernel.sysctl = - if config.monorepo.profiles.server.enable then { - "net.ipv6.conf.${config.monorepo.profiles.server.interface}.autoconf" = 0; - "net.ipv6.conf.${config.monorepo.profiles.server.interface}.accept_ra" = 1; - } else { - "kernel.ftrace_enabled" = false; - "net.core.bpf_jit_enable" = false; - "kernel.kptr_restrict" = 2; - - # madaidan - "kernel.smtcontrol" = "on"; - "vm.swappiness" = 1; - "vm.unprivileged_userfaultfd" = 0; - "dev.tty.ldisc_autoload" = 0; - "kernel.kexec_load_disabled" = 1; - "kernel.sysrq" = 4; - "kernel.perf_event_paranoid" = 3; - - # net - "net.ipv4.ip_forward" = 1; - "net.ipv4.icmp_echo_ignore_broadcasts" = true; - # "net.ipv4.conf.all.accept_redirects" = false; - # "net.ipv4.conf.all.secure_redirects" = false; - # "net.ipv4.conf.default.accept_redirects" = false; - # "net.ipv4.conf.default.secure_redirects" = false; - # "net.ipv6.conf.all.accept_redirects" = false; - # "net.ipv6.conf.default.accept_redirects" = false; - }; - }; - - networking = { - interfaces = lib.mkIf config.monorepo.profiles.server.enable { - "${config.monorepo.profiles.server.interface}" = { - ipv4.addresses = [ - { - address = config.monorepo.profiles.server.ipv4; - prefixLength = 24; - } - ]; - ipv6.addresses = [ - { - address = config.monorepo.profiles.server.ipv6; - prefixLength = 64; - } - ]; - useDHCP = lib.mkForce false; - }; - }; - - defaultGateway = lib.mkIf config.monorepo.profiles.server.enable config.monorepo.profiles.server.gateway; - useDHCP = false; - tempAddresses = lib.mkIf config.monorepo.profiles.server.enable "disabled"; - extraHosts = lib.mkIf config.monorepo.profiles.server.enable (lib.concatStringsSep "\n" prodHosts); - - domains = lib.mkIf config.monorepo.profiles.server.enable { - enable = true; - baseDomains = { - "${config.monorepo.vars.remoteHost}" = { - a.data = config.monorepo.profiles.server.ipv4; - aaaa.data = config.monorepo.profiles.server.ipv6; - }; - "${config.monorepo.vars.orgHost}" = { - a.data = config.monorepo.profiles.server.ipv4; - aaaa.data = config.monorepo.profiles.server.ipv6; - txt = { - data = "v=spf1 ip4:${config.monorepo.profiles.server.ipv4} ip6:${config.monorepo.profiles.server.ipv6} -all"; - }; - }; - }; - }; - - - nameservers = [ "8.8.8.8" "1.1.1.1" ]; - dhcpcd.enable = (! config.monorepo.profiles.server.enable); - networkmanager = { - enable = lib.mkForce (! config.monorepo.profiles.server.enable); # rpis need network - wifi = { - powersave = false; - }; - ensureProfiles = { - profiles = { - home-wifi = { - connection = { - id = "TELUS6572"; - permissions = ""; - type = "wifi"; - }; - ipv4 = { - dns-search = ""; - method = "auto"; - }; - ipv6 = { - addr-gen-mode = "stable-privacy"; - dns-search = ""; - method = "auto"; - }; - wifi = { - mac-address-blacklist = ""; - mode = "infrastructure"; - ssid = "TELUS6572"; - }; - wifi-security = { - auth-alg = "open"; - key-mgmt = "wpa-psk"; - # when someone actually steals my internet then I will be concerned. - # This password only matters if you actually show up to my house in real life. - # That would perhaps allow for some nasty networking related shenanigans. - # I guess we'll cross that bridge when I get there. - psk = "b4xnrv6cG6GX"; - }; - }; - }; - }; - }; - firewall = { - allowedTCPPorts = [ 22 11434 ]; - allowedUDPPorts = [ ]; - }; - }; - - hardware = { - wirelessRegulatoryDatabase = true; - enableAllFirmware = true; - cpu.intel.updateMicrocode = true; - graphics.enable = ! config.monorepo.profiles.ttyonly.enable; - - bluetooth = { - enable = lib.mkDefault config.monorepo.profiles.desktop.enable; - powerOnBoot = lib.mkDefault config.monorepo.profiles.desktop.enable; - }; - }; - - services = { - pulseaudio.enable = ! config.monorepo.profiles.pipewire.enable; - chrony = { - enable = true; - enableNTS = true; - servers = [ "time.cloudflare.com" "ptbtime1.ptb.de" "ptbtime2.ptb.de" ]; - }; - - jitterentropy-rngd.enable = true; - resolved.settings.Resolve.DNSSEC = true; - # usbguard.enable = true; - usbguard.enable = false; - dbus.apparmor = "enabled"; - - # Misc. - udev = { - extraRules = ''''; - packages = - if config.monorepo.profiles.workstation.enable then with pkgs; [ - platformio-core - platformio-core.udev - openocd - ] else [ ]; - }; - - printing.enable = lib.mkDefault config.monorepo.profiles.workstation.enable; - udisks2.enable = (! config.monorepo.profiles.ttyonly.enable); - }; - - programs = { - nix-ld.enable = true; - zsh.enable = true; - light.enable = true; - ssh.enableAskPassword = false; - }; - - nixpkgs = { - hostPlatform = lib.mkDefault "x86_64-linux"; - config = { - allowUnfree = true; - cudaSupport = lib.mkDefault config.monorepo.profiles.cuda.enable; - }; - }; - - security = { - acme = { - acceptTerms = true; - defaults.email = "${config.monorepo.vars.internetName}@gmail.com"; - }; - apparmor = { - enable = true; - killUnconfinedConfinables = true; - packages = with pkgs; [ - apparmor-profiles - ]; - # policies = { - # firefox.path = "${pkgs.apparmor-profiles}/share/apparmor/extra-profiles/firefox"; - # }; - }; - - pam.loginLimits = [ - { domain = "*"; item = "nofile"; type = "-"; value = "32768"; } - { domain = "*"; item = "memlock"; type = "-"; value = "32768"; } - ]; - rtkit.enable = true; - - lockKernelModules = true; - protectKernelImage = true; - - allowSimultaneousMultithreading = true; - forcePageTableIsolation = true; - - tpm2 = { - enable = true; - pkcs11.enable = true; - tctiEnvironment.enable = true; - }; - - auditd.enable = true; - audit.enable = true; - chromiumSuidSandbox.enable = (! config.monorepo.profiles.ttyonly.enable); - sudo.enable = true; - }; - - xdg.portal = { - enable = (! config.monorepo.profiles.ttyonly.enable); - wlr.enable = (! config.monorepo.profiles.ttyonly.enable); - extraPortals = with pkgs; if (! config.monorepo.profiles.ttyonly.enable) then [ - xdg-desktop-portal-gtk - xdg-desktop-portal - xdg-desktop-portal-hyprland - ] else [ ]; - config.common.default = "*"; - }; - - environment.etc."gitconfig".text = '' - [init] - defaultBranch = main - ''; - environment.extraInit = '' - umask 0022 - ''; - environment.systemPackages = with pkgs; [ - restic - sbctl - gitFull - git-lfs - git-lfs-transfer - vim - curl - nmap - exiftool - (writeShellScriptBin "new-repo" - '' - #!/bin/bash - cd ${config.users.users.git.home} - git init --bare "$1" - vim "$1/description" - chown -R git:git "$1" - '' - ) - ]; - - users.groups = lib.genAttrs userGroups (name: lib.mkDefault { }); - - users.users = lib.genAttrs userGroups - (name: { - isSystemUser = lib.mkDefault true; - group = "${name}"; - extraGroups = [ "acme" "nginx" ]; - }) // { - conduit = { - isSystemUser = lib.mkDefault true; - group = "conduit"; - extraGroups = [ ]; - }; - matterbridge = { - isSystemUser = lib.mkDefault true; - group = "matterbridge"; - extraGroups = [ ]; - }; - - public-inbox = { - isSystemUser = lib.mkDefault true; - group = "public-inbox"; - - extraGroups = [ "acme" "nginx" "git" ]; - }; - - ircd = { - isSystemUser = lib.mkDefault true; - group = "ircd"; - home = "/home/ircd"; - }; - - nginx = { - group = "nginx"; - isSystemUser = lib.mkDefault true; - extraGroups = [ "acme" ]; - }; - - root.openssh.authorizedKeys.keys = [ - config.monorepo.vars.sshKey - ]; - - git = { - isSystemUser = true; - home = "/srv/git"; - shell = "/bin/sh"; - group = "git"; - openssh.authorizedKeys.keys = [ - config.monorepo.vars.sshKey - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIEF+mcL9nDkzVhCYyYWCIrP+b6oRiiaV509jywbD0Vq nix-on-droid@localhost" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCedJm0yYB0qLah/Y7PqLVgNh6qp+yujssGtuR05KbZLzSnsLUjUMObMyjFB9xTKrSGDqyoMkNe2l5VXMBJ9wBKLbzqMWbkakAWOj7EC/qZ6dFWA075mniwAuWKY/Q8QYohAJbbeU4j0ObWrltd4ar2Ac9vsVyftYF5efg8PEqVdOxzrBn5taY1zCCRjee5ISeRDIovnBbq7x86jsx5VnXTjMN9FZCI2qmz992Sg/PPXpXat+O1YQlG0eBHEny2Ug9gaAYnGOVr6kZKE4lrjz47nrXVXO6lJsNXmuzTVnEgo30DAA3dV4fws/M5ptM5Pgg2qe94HyHWhhmtXOekWmGtP3YxpVe3M/SPl31UL570ZDuuCcpJTsbe90ZyXC3CiSJkLKbmFkfOgZ6DI2LT8KSp09/2NCtZYriLN/nXObn6gQzByGMxVyKNx2hh8ENt9hzTCAk5lYDK3g3wS8eLCY3EH/caEqT9mLZEZeRHtAhtfozo1VJL7sSZ0Zm7wiIxHylwOshh1sYI1gb1MgMqNnrr1t8+8UK+Q0NERQW3yiphG36HXWy/DdCG0EF+N850KbgH1FFur+m+3hZCZCFVp3tGCcOC+bxWMBT3+9yC6LARi5cFjLQaWLsNO5xEs4vqX3+s3QjJ0pAYDkgtoeY2Fbh+imN+JasWn/cSy5p3UdE4ZQ== andrei@kiss" - ]; - }; - "${config.monorepo.vars.userName}" = { - openssh.authorizedKeys.keys = [ - config.monorepo.vars.sshKey - ]; - - linger = true; - initialPassword = "${config.monorepo.vars.userName}"; - isNormalUser = true; - description = config.monorepo.vars.fullName; - extraGroups = [ "networkmanager" "wheel" "video" "docker" "jackaudio" "tss" "dialout" "docker" "plugdev" ]; - shell = pkgs.zsh; - packages = [ ]; - }; - }; - - nixpkgs.config.permittedInsecurePackages = [ - "python3.13-ecdsa-0.19.1" - "olm-3.2.16" - ]; - - nix = { - settings = { - keep-outputs = true; - keep-derivations = true; - auto-optimise-store = true; - max-jobs = 4; - cores = 0; - substituters = [ - "https://cache.nixos-cuda.org" - ]; - trusted-public-keys = [ - "cache.nixos-cuda.org:74DUi4Ye579gUqzH4ziL9IyiJBlDpMRn9MBN8oNan9M=" - ]; - experimental-features = "nix-command flakes ca-derivations"; - trusted-users = [ "@wheel" ]; - }; - gc.automatic = true; - }; - time.timeZone = config.monorepo.vars.timeZone; - i18n.defaultLocale = "en_CA.UTF-8"; - system.stateVersion = "24.11"; -} diff --git a/nix/modules/coturn.nix b/nix/modules/coturn.nix deleted file mode 100644 index 3ceeac6..0000000 --- a/nix/modules/coturn.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ lib, config, ... }: -{ - services.coturn = { - enable = false; - use-auth-secret = true; - listening-ips = [ "0.0.0.0" ]; - cert = "/var/lib/acme/matrix.${config.monorepo.vars.orgHost}/fullchain.pem"; - static-auth-secret-file = "/run/secrets/coturn_secret"; - }; -} diff --git a/nix/modules/cuda.nix b/nix/modules/cuda.nix deleted file mode 100644 index d5d9b7c..0000000 --- a/nix/modules/cuda.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ config, lib, pkgs, ... }: -{ - environment.systemPackages = (if config.monorepo.profiles.cuda.enable then with pkgs; [ - cudatoolkit - cudaPackages.cudnn - cudaPackages.libcublas - linuxPackages.nvidia_x11 - ] else []); -} diff --git a/nix/modules/default.nix b/nix/modules/default.nix deleted file mode 100644 index 80c057f..0000000 --- a/nix/modules/default.nix +++ /dev/null @@ -1,82 +0,0 @@ -{ lib, config, pkgs, ... }: -{ - imports = [ - ./configuration.nix - ./vars.nix - ]; - - options = { - monorepo = { - profiles = { - cuda.enable = lib.mkEnableOption "Enables CUDA support"; - documentation.enable = lib.mkEnableOption "Enables documentation on system."; - secureBoot.enable = lib.mkEnableOption "Enables secure boot. See sbctl."; - pipewire.enable = lib.mkEnableOption "Enables pipewire low latency audio setup"; - tor.enable = lib.mkEnableOption "Enables tor along with torsocks"; - - server = { - enable = lib.mkEnableOption "Enables server services"; - interface = lib.mkOption { type = lib.types.str; default = "eth0"; }; - ipv4 = lib.mkOption { type = lib.types.nullOr lib.types.str; default = null; }; - ipv6 = lib.mkOption { type = lib.types.nullOr lib.types.str; default = null; }; - gateway = lib.mkOption { type = lib.types.nullOr lib.types.str; default = null; }; - }; - - ttyonly.enable = lib.mkEnableOption "TTY only, no xserver"; - grub.enable = lib.mkEnableOption "Enables grub instead of systemd-boot"; - workstation.enable = lib.mkEnableOption "Enables workstation services"; - desktop.enable = lib.mkEnableOption "Enables everything common to desktops"; - impermanence.enable = lib.mkEnableOption "Enables imperamanence"; - home.enable = lib.mkEnableOption "Enables home profiles"; - }; - }; - }; - - config = { - environment.systemPackages = lib.mkIf config.monorepo.profiles.documentation.enable ((with pkgs; [ - linux-manual - man-pages - man-pages-posix - iproute2 - silver-searcher - ripgrep - ]) ++ - (if (config.monorepo.vars.fileSystem == "btrfs") then with pkgs; [ - btrfs-progs - btrfs-snap - btrfs-list - btrfs-heatmap - ] else [ ])); - - boot.loader.grub = lib.mkIf config.monorepo.profiles.grub.enable { - enable = true; - }; - - assertions = [ - { - assertion = !(config.monorepo.profiles.workstation.enable && config.monorepo.profiles.server.enable); - message = '' - You can't enable both workstation and server profile together. Please select only one. - ''; - } - { - assertion = !(config.monorepo.profiles.desktop.enable && config.monorepo.profiles.server.enable); - message = '' - You can't enable both desktop and server profile together. Please select only one. - ''; - } - ]; - monorepo = { - profiles = { - desktop.enable = lib.mkDefault config.monorepo.profiles.workstation.enable; - documentation.enable = lib.mkDefault true; - pipewire.enable = lib.mkDefault true; - tor.enable = lib.mkDefault true; - impermanence.enable = lib.mkDefault false; - server.enable = lib.mkDefault false; - ttyonly.enable = lib.mkDefault config.monorepo.profiles.server.enable; - home.enable = lib.mkDefault config.monorepo.profiles.desktop.enable; - }; - }; - }; -} diff --git a/nix/modules/docker.nix b/nix/modules/docker.nix deleted file mode 100644 index 9eb18f5..0000000 --- a/nix/modules/docker.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ lib, config, vars, ... }: -{ - # virtualisation = { - # oci-containers = { - # backend = "podman"; - # containers = {}; - # }; - # containers.enable = true; - # podman = { - # enable = true; - # dockerCompat = true; - # defaultNetwork.settings.dns_enabled = true; - # }; - # }; -} diff --git a/nix/modules/dovecot.nix b/nix/modules/dovecot.nix deleted file mode 100644 index 2921ad8..0000000 --- a/nix/modules/dovecot.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ config, lib, ... }: -{ - services.dovecot2 = { - enable = lib.mkDefault config.monorepo.profiles.server.enable; - enableImap = true; - enablePop3 = true; - }; -} diff --git a/nix/modules/fail2ban.nix b/nix/modules/fail2ban.nix deleted file mode 100644 index 5d289a0..0000000 --- a/nix/modules/fail2ban.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ lib, config, ... }: -{ - services.fail2ban = { - enable = lib.mkDefault config.monorepo.profiles.server.enable; - # Ban IP after 5 failures for 1 hour - maxretry = 5; - bantime = "1h"; - banaction = "iptables-allports"; - banaction-allports = "iptables-allports"; - }; -} diff --git a/nix/modules/firejail.nix b/nix/modules/firejail.nix deleted file mode 100644 index 054171a..0000000 --- a/nix/modules/firejail.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ pkgs, lib, ... }: -{ - programs.firejail = { - enable = true; - wrappedBinaries = { - firefox = { - executable = "${lib.getBin pkgs.firefox-bin}/bin/firefox"; - profile = "${pkgs.firejail}/etc/firejail/firefox.profile"; - }; - emacs = { - executable = "${lib.getBin pkgs.emacs-pgtk}/bin/emacs"; - profile = "${pkgs.firejail}/etc/firejail/emacs.profile"; - }; - zathura = { - executable = "${lib.getBin pkgs.zathura}/bin/zathura"; - profile = "${pkgs.firejail}/etc/firejail/zathura.profile"; - }; - }; - }; -} diff --git a/nix/modules/git-daemon.nix b/nix/modules/git-daemon.nix deleted file mode 100644 index 972ab67..0000000 --- a/nix/modules/git-daemon.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ config, lib, ... }: -{ - services.gitDaemon = { - enable = lib.mkDefault config.monorepo.profiles.server.enable; - exportAll = true; - basePath = "${config.users.users.git.home}"; - }; - networking.firewall.allowedTCPPorts = lib.mkIf config.services.gitDaemon.enable [ - 9418 - ]; -} diff --git a/nix/modules/gitolite.nix b/nix/modules/gitolite.nix deleted file mode 100644 index 33f647b..0000000 --- a/nix/modules/gitolite.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ lib, config, ... }: -{ - services.gitolite = { - enable = lib.mkDefault config.monorepo.profiles.server.enable; - description = "My Gitolite User"; - adminPubkey = config.monorepo.vars.sshKey; - }; -} diff --git a/nix/modules/gitweb.nix b/nix/modules/gitweb.nix deleted file mode 100644 index 69cb951..0000000 --- a/nix/modules/gitweb.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ lib, config, ... }: -{ - services.gitweb = { - gitwebTheme = lib.mkDefault config.monorepo.profiles.server.enable; - projectroot = "/srv/git/"; - extraConfig = '' -our $export_ok = "git-daemon-export-ok"; -our $site_name = "NullRing Git Server"; -our $site_header = "NullRing Projects"; -''; - }; -} diff --git a/nix/modules/gotosocial.nix b/nix/modules/gotosocial.nix deleted file mode 100644 index b0a0c21..0000000 --- a/nix/modules/gotosocial.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ lib, config, ... }: -{ - services.gotosocial = { - enable = lib.mkDefault false; - setupPostgresqlDB = true; - settings = { - application-name = "Nullring GoToSocial Instance"; - host = "gotosocial.${config.monorepo.vars.orgHost}"; - protocol = "https"; - bind-address = "127.0.0.1"; - port = 8080; - }; - }; -} diff --git a/nix/modules/heisenbridge.nix b/nix/modules/heisenbridge.nix deleted file mode 100644 index f3b88fc..0000000 --- a/nix/modules/heisenbridge.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ lib, config, ... }: -{ - services.heisenbridge = { - enable = true; - registrationUrl = "http://localhost:6167"; - owner = "@ret2pop:matrix.nullring.xyz"; - homeserver = "http://localhost:6167"; - }; -} diff --git a/nix/modules/home/default.nix b/nix/modules/home/default.nix deleted file mode 100644 index 80b28ee..0000000 --- a/nix/modules/home/default.nix +++ /dev/null @@ -1,219 +0,0 @@ -{ lib, config, pkgs, sops-nix, super, ... }: -{ - imports = [ - sops-nix.homeManagerModules.sops - ../vars.nix - ./fcitx.nix - ./emacs.nix - ./firefox.nix - ./git.nix - ./hyprland.nix - ./mpv.nix - ./yt-dlp.nix - ./wofi.nix - ./kitty.nix - ./waybar.nix - ./zsh.nix - ./mbsync.nix - ./msmtp.nix - ./gammastep.nix - ./mpd.nix - ./mako.nix - ./user.nix - ./gtk.nix - ./secrets.nix - ./pantalaimon.nix - ]; - - options = { - monorepo.profiles = { - enable = lib.mkEnableOption "Enables home manager desktop configuration"; - # Programs - graphics.enable = lib.mkEnableOption "Enables graphical programs for user"; - lang-c.enable = lib.mkEnableOption "Enables C language support"; - lang-sh.enable = lib.mkEnableOption "Enables sh language support"; - lang-rust.enable = lib.mkEnableOption "Enables Rust language support"; - lang-python.enable = lib.mkEnableOption "Enables python language support"; - lang-sol.enable = lib.mkEnableOption "Enables solidity language support"; - lang-openscad.enable = lib.mkEnableOption "Enables openscad language support"; - lang-js.enable = lib.mkEnableOption "Enables javascript language support"; - lang-nix.enable = lib.mkEnableOption "Enables nix language support"; - lang-idris.enable = lib.mkEnableOption "Enables idris language support"; - lang-agda.enable = lib.mkEnableOption "Enables agda language support"; - lang-coq.enable = lib.mkEnableOption "Enables coq language support"; - lang-lean.enable = lib.mkEnableOption "Enables lean language support"; - lang-haskell.enable = lib.mkEnableOption "Enables haskell language support"; - crypto.enable = lib.mkEnableOption "Enables various cryptocurrency wallets"; - art.enable = lib.mkEnableOption "Enables various art programs"; - music.enable = lib.mkEnableOption "Enables mpd"; - workstation.enable = lib.mkEnableOption "Enables workstation packages (music production and others)"; - cuda.enable = lib.mkEnableOption "Enables CUDA user package builds"; - hyprland.enable = lib.mkEnableOption "Enables hyprland"; - email.enable = lib.mkEnableOption "Enables email"; - }; - }; - - config = { - home.packages = (if config.monorepo.profiles.email.enable then [ pkgs.mu ] else [ ]) - ++ - (if config.monorepo.profiles.lang-c.enable then - (with pkgs; [ - autobuild - clang - gdb - gnumake - bear - clang-tools - autotools-language-server - ]) else [ ]) - ++ - (if config.monorepo.profiles.workstation.enable then - (with pkgs; [ - mumble - ]) else [ ]) - ++ - (if config.monorepo.profiles.lang-js.enable then - (with pkgs; [ - nodejs - bun - yarn - typescript - typescript-language-server - vscode-langservers-extracted - ]) else [ ]) - ++ - (if config.monorepo.profiles.lang-rust.enable then - (with pkgs; [ - cargo - rust-analyzer - rustfmt - ]) else [ ]) - ++ - (if config.monorepo.profiles.lang-python.enable then - (with pkgs; [ - poetry - python3 - python314Packages.python-lsp-server - ]) else [ ]) - ++ - (if config.monorepo.profiles.lang-sol.enable then - (with pkgs; [ - solc - ]) else [ ]) - ++ - (if config.monorepo.profiles.lang-openscad.enable then - (with pkgs; [ - openscad - openscad-lsp - ]) else [ ]) - ++ - (if config.monorepo.profiles.lang-sh.enable then - (with pkgs; [ - bash-language-server - ]) else [ ]) - ++ - (if config.monorepo.profiles.lang-haskell.enable then - (with pkgs; [ - haskell-language-server - haskellPackages.hlint - ghc - ]) else [ ]) - ++ - (if config.monorepo.profiles.lang-coq.enable then - (with pkgs; [ - coq - ]) else [ ]) - ++ - (if config.monorepo.profiles.lang-lean.enable then - (with pkgs; [ - lean4 - ]) else [ ]) - ++ - (if config.monorepo.profiles.lang-agda.enable then - (with pkgs; [ - agda - ]) else [ ]) - ++ - (if config.monorepo.profiles.lang-idris.enable then - (with pkgs; [ - idris - idris2Packages.idris2Lsp - ]) else [ ]) - ++ - (if config.monorepo.profiles.lang-nix.enable then - (with pkgs; [ - nil - nixd - nixfmt - nix-prefetch-scripts - ]) else [ ]) - ++ - (if config.monorepo.profiles.crypto.enable then - (with pkgs; [ - bitcoin - # electrum - monero-cli - monero-gui - ]) else [ ]) - ++ - (if config.monorepo.profiles.art.enable then - (with pkgs; [ - inkscape - # krita - ]) else [ ]) - ++ - (if config.monorepo.profiles.music.enable then - (with pkgs; [ - mpc - sox - ]) else [ ]) - ++ - (if config.monorepo.profiles.workstation.enable then - (with pkgs; [ - alsa-utils - alsa-scarlett-gui - ardour - audacity - # blender - foxdot - fluidsynth - qjackctl - qsynth - qpwgraph - imagemagick - supercollider - inkscape - # kdePackages.kdenlive - # kicad - murmur - ]) else [ ]); - - monorepo.profiles = { - enable = lib.mkDefault super.monorepo.profiles.home.enable; - music.enable = lib.mkDefault config.monorepo.profiles.enable; - email.enable = lib.mkDefault config.monorepo.profiles.enable; - cuda.enable = lib.mkDefault super.monorepo.profiles.cuda.enable; - - # Programming - graphics.enable = lib.mkDefault (! super.monorepo.profiles.ttyonly.enable); - hyprland.enable = lib.mkDefault config.monorepo.profiles.graphics.enable; - lang-c.enable = lib.mkDefault config.monorepo.profiles.enable; - lang-rust.enable = lib.mkDefault config.monorepo.profiles.enable; - lang-python.enable = lib.mkDefault config.monorepo.profiles.enable; - lang-sol.enable = lib.mkDefault config.monorepo.profiles.enable; - lang-sh.enable = lib.mkDefault config.monorepo.profiles.enable; - lang-openscad.enable = lib.mkDefault config.monorepo.profiles.enable; - lang-js.enable = lib.mkDefault config.monorepo.profiles.enable; - lang-nix.enable = lib.mkDefault config.monorepo.profiles.enable; - lang-coq.enable = lib.mkDefault config.monorepo.profiles.enable; - lang-lean.enable = lib.mkDefault config.monorepo.profiles.enable; - lang-haskell.enable = lib.mkDefault config.monorepo.profiles.enable; - lang-idris.enable = lib.mkDefault config.monorepo.profiles.enable; - lang-agda.enable = lib.mkDefault config.monorepo.profiles.enable; - - crypto.enable = lib.mkDefault config.monorepo.profiles.enable; - art.enable = lib.mkDefault config.monorepo.profiles.enable; - workstation.enable = lib.mkDefault super.monorepo.profiles.workstation.enable; - }; - }; -} diff --git a/nix/modules/home/emacs.nix b/nix/modules/home/emacs.nix deleted file mode 100644 index bc85177..0000000 --- a/nix/modules/home/emacs.nix +++ /dev/null @@ -1,102 +0,0 @@ -{ lib, config, pkgs, super, ... }: -{ - programs.emacs = - { - enable = lib.mkDefault config.monorepo.profiles.graphics.enable; - package = pkgs.emacs-pgtk; - extraConfig = '' -(setq debug-on-error t) -(setq system-email "${super.monorepo.vars.email}") -(setq system-username "${super.monorepo.vars.internetName}") -(setq system-fullname "${super.monorepo.vars.fullName}") -(setq system-gpgkey "${super.monorepo.vars.gpgKey}") -(load "${pkgs.writeText "init.el" (builtins.readFile ../../init.el)}") -''; - - extraPackages = epkgs: [ - epkgs.agda2-mode - epkgs.all-the-icons - epkgs.auctex - epkgs.catppuccin-theme - epkgs.company - epkgs.company-solidity - epkgs.counsel - epkgs.centaur-tabs - epkgs.dashboard - epkgs.doom-themes - epkgs.doom-modeline - epkgs.elfeed - epkgs.elfeed-org - epkgs.elfeed-tube - epkgs.elfeed-tube-mpv - epkgs.elpher - epkgs.ement - epkgs.emmet-mode - epkgs.emms - epkgs.enwc - epkgs.evil - epkgs.evil-collection - epkgs.evil-commentary - epkgs.evil-org - epkgs.f - epkgs.flycheck - epkgs.general - epkgs.gptel - epkgs.gruvbox-theme - epkgs.haskell-mode - epkgs.htmlize - epkgs.idris-mode - epkgs.irony-eldoc - epkgs.ivy - epkgs.ivy-pass - epkgs.kiwix - epkgs.latex-preview-pane - epkgs.lsp-ivy - epkgs.lsp-mode - epkgs.lsp-haskell - epkgs.lyrics-fetcher - epkgs.mastodon - epkgs.magit - epkgs.magit-delta - epkgs.mu4e - epkgs.minuet - epkgs.nix-mode - epkgs.org-fragtog - epkgs.org-journal - epkgs.org-roam - epkgs.org-roam-ui - epkgs.org-superstar - epkgs.page-break-lines - epkgs.password-store - epkgs.pdf-tools - epkgs.pinentry - epkgs.platformio-mode - epkgs.projectile - epkgs.rustic - epkgs.scad-mode - epkgs.simple-httpd - epkgs.solidity-flycheck - epkgs.solidity-mode - epkgs.sudo-edit - epkgs.telega - epkgs.treemacs - epkgs.treemacs-evil - epkgs.treemacs-magit - epkgs.treemacs-projectile - epkgs.treesit-auto - epkgs.typescript-mode - epkgs.unicode-fonts - epkgs.use-package - epkgs.vterm - epkgs.wgrep - epkgs.web-mode - epkgs.websocket - epkgs.which-key - epkgs.writegood-mode - epkgs.writeroom-mode - epkgs.yaml-mode - epkgs.yasnippet - epkgs.yasnippet-snippets - ]; - }; -} diff --git a/nix/modules/home/fcitx.nix b/nix/modules/home/fcitx.nix deleted file mode 100644 index 1907590..0000000 --- a/nix/modules/home/fcitx.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ config, pkgs, lib, ... }: -{ - i18n.inputMethod = { - type = "fcitx5"; - enable = lib.mkDefault config.monorepo.profiles.graphics.enable; - fcitx5.addons = if config.monorepo.profiles.graphics.enable then (with pkgs; [ - fcitx5-gtk - qt6Packages.fcitx5-chinese-addons - qt6Packages.fcitx5-configtool - fcitx5-mozc - fcitx5-rime - ]) else []; - }; -} diff --git a/nix/modules/home/firefox.nix b/nix/modules/home/firefox.nix deleted file mode 100644 index d339ba8..0000000 --- a/nix/modules/home/firefox.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ lib, config, pkgs, ... }: -{ - programs.librewolf = { - enable = lib.mkDefault config.monorepo.profiles.graphics.enable; - package = pkgs.librewolf; - profiles = { - default = { - id = 0; - name = "default"; - isDefault = true; - - extensions.packages = with pkgs.nur.repos.rycee.firefox-addons; [ - ublock-origin - tree-style-tab - firefox-color - vimium - privacy-redirect - ] ++ (lib.optional config.monorepo.profiles.crypto.enable pkgs.nur.repos.rycee.firefox-addons.metamask); - settings = { - "privacy.resistFingerprinting.letterboxing" = true; - }; - }; - }; - }; -} diff --git a/nix/modules/home/gammastep.nix b/nix/modules/home/gammastep.nix deleted file mode 100644 index 208dda7..0000000 --- a/nix/modules/home/gammastep.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ lib, config, ... }: -{ - services.gammastep = { - enable = lib.mkDefault config.monorepo.profiles.graphics.enable; - provider = "manual"; - latitude = 49.282730; - longitude = -123.120735; - - temperature = { - day = 5000; - night = 3000; - }; - - settings = { - general = { - adjustment-method = "wayland"; - }; - }; - }; -} diff --git a/nix/modules/home/git.nix b/nix/modules/home/git.nix deleted file mode 100644 index 4018a3b..0000000 --- a/nix/modules/home/git.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ pkgs, lib, config, super, ... }: -{ - programs.git = { - enable = lib.mkDefault config.monorepo.profiles.graphics.enable; - package = pkgs.gitFull; - lfs.enable = lib.mkDefault config.monorepo.profiles.graphics.enable; - userName = super.monorepo.vars.fullName; - userEmail = "${super.monorepo.vars.email}"; - signing = { - key = super.monorepo.vars.gpgKey; - signByDefault = true; - }; - - extraConfig = { - init.defaultBranch = "main"; - credential."mail.${super.monorepo.vars.orgHost}" = { - username = "${super.monorepo.vars.email}"; - helper = "!f() { test \"$1\" = get && echo \"password=$(cat /run/user/1000/secrets/mail)\"; }; f"; - }; - - sendemail = { - smtpserver = "mail.${super.monorepo.vars.orgHost}"; - smtpuser = "${super.monorepo.vars.email}"; - smtpserverport = 465; - smtpencryption = "ssl"; - }; - }; - - aliases = { - pl = "pull"; - ps = "push"; - co = "checkout"; - c = "commit"; - a = "add"; - st = "status"; - sw = "switch"; - b = "branch"; - }; - }; -} diff --git a/nix/modules/home/gtk.nix b/nix/modules/home/gtk.nix deleted file mode 100644 index 6283581..0000000 --- a/nix/modules/home/gtk.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ lib, config, pkgs, ... }: -{ - config = lib.mkIf config.monorepo.profiles.graphics.enable { - gtk = { - theme = { - name = "catppuccin-mocha-pink-standard"; - package = pkgs.catppuccin-gtk.override { - variant = "mocha"; - accents = [ "pink" ]; - }; - }; - }; - xdg.configFile = { - "gtk-4.0/assets".source = "${config.gtk.theme.package}/share/themes/${config.gtk.theme.name}/gtk-4.0/assets"; - "gtk-4.0/gtk.css".source = "${config.gtk.theme.package}/share/themes/${config.gtk.theme.name}/gtk-4.0/gtk.css"; - "gtk-4.0/gtk-dark.css".source = "${config.gtk.theme.package}/share/themes/${config.gtk.theme.name}/gtk-4.0/gtk-dark.css"; - - "gtk-3.0/gtk.css".source = "${config.gtk.theme.package}/share/themes/${config.gtk.theme.name}/gtk-3.0/gtk.css"; - "gtk-3.0/gtk-dark.css".source = "${config.gtk.theme.package}/share/themes/${config.gtk.theme.name}/gtk-3.0/gtk-dark.css"; - "gtk-3.0/settings.ini".text = '' - [Settings] - gtk-theme-name=${config.gtk.theme.name} - gtk-application-prefer-dark-theme=1 - ''; - }; - }; -} diff --git a/nix/modules/home/home.nix b/nix/modules/home/home.nix deleted file mode 100644 index aa55550..0000000 --- a/nix/modules/home/home.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ config, sops-nix, ... }: -{ - home-manager = { - sharedModules = [ - sops-nix.homeManagerModules.sops - ]; - useGlobalPkgs = true; - useUserPackages = true; - users."${config.monorepo.vars.userName}" = import ./default.nix; - }; -} diff --git a/nix/modules/home/hyprland.nix b/nix/modules/home/hyprland.nix deleted file mode 100644 index c836b81..0000000 --- a/nix/modules/home/hyprland.nix +++ /dev/null @@ -1,192 +0,0 @@ -{ lib, config, wallpapers, pkgs, scripts, ... }: -{ - wayland.windowManager.hyprland = { - enable = lib.mkDefault config.monorepo.profiles.hyprland.enable; - package = pkgs.hyprland; - xwayland.enable = true; - systemd.enable = true; - settings = { - "$mod" = "SUPER"; - bezier = [ - "overshot, 0.05, 0.9, 0.1, 1.05" - ]; - animation = [ - # "workspaces, 1, 10, overshot" - "windows, 1, 2, default" - "workspaces, 1, 2, default, slidefade 20%" - ]; - exec-once = [ - "waybar" - "swww-daemon --format xrgb" - "sh -c 'swww img \"$(find ${wallpapers} -type f \\( -iname \"*.jpg\" -o -iname \"*.png\" \\) | shuf -n1)\"'" - "fcitx5-remote -r" - "fcitx5 -d --replace" - "fcitx5-remote -r" - "emacs" - "librewolf" - ]; - env = [ - "LIBVA_DRIVER_NAME,nvidia" - "XDG_SESSION_TYPE,wayland" - "GBM_BACKEND,nvidia-drm" - "__GLX_VENDOR_LIBRARY_NAME,nvidia" - "ELECTRON_OZONE_PLATFORM_HINT,auto" - ]; - - monitor = [ - "DP-4,2560x1440@165.000000,0x0,1" - "Unknown-1,disable" - ]; - - layerrule = [ - { - name = "waybar blur"; - "match:namespace" = "waybar"; - blur = "on"; - } - ]; - - windowrule = [ - { - name = "emacs"; - "match:class" = "emacs"; - workspace = 1; - } - { - name = "librewolf"; - "match:class" = "librewolf"; - workspace = 2; - } - { - name = "chromium-browser"; - "match:class" = "chromium-browser"; - workspace = 2; - } - { - name = "signal"; - "match:class" = "signal"; - workspace = 3; - } - { - name = "Element"; - "match:class" = "Element"; - workspace = 3; - } - { - name = "pavucontrol"; - "match:class" = "pavucontrol"; - workspace = 4; - } - { - name = "qpwgraph"; - "match:class" = "qpwgraph"; - workspace = 4; - } - { - name = "mpv"; - "match:class" = "mpv"; - workspace = 4; - } - ]; - - bind = [ - "$mod, F, exec, librewolf" - "$mod, Return, exec, kitty" - "$mod, E, exec, emacs" - "$mod, B, exec, bitcoin-qt" - "$mod, S, exec, pavucontrol" - "$mod, M, exec, monero-wallet-gui" - "$mod, V, exec, element-desktop" - "$mod, C, exec, signal-desktop" - "$mod, D, exec, wofi --show run" - "$mod, P, exec, bash ${scripts}/powermenu.sh" - "$mod, Q, killactive" - "$mod SHIFT, H, movewindow, l" - "$mod SHIFT, L, movewindow, r" - "$mod SHIFT, K, movewindow, u" - "$mod SHIFT, J, movewindow, d" - - "$mod SHIFT, T, togglefloating" - "$mod SHIFT, F, fullscreen" - - "$mod, H, movefocus, l" - "$mod, L, movefocus, r" - "$mod, K, movefocus, u" - "$mod, J, movefocus, d" - ", XF86AudioPlay, exec, mpc toggle" - ", Print, exec, grim" - - "$mod, right, resizeactive, 30 0" - "$mod, left, resizeactive, -30 0" - "$mod, up, resizeactive, 0 -30" - "$mod, down, resizeactive, 0 30" - ] - ++ ( - builtins.concatLists (builtins.genList - ( - x: - let - ws = - let - c = (x + 1) / 10; - in - builtins.toString (x + 1 - (c * 10)); - in - [ - "$mod, ${ws}, workspace, ${toString (x + 1)}" - "$mod SHIFT, ${ws}, movetoworkspace, ${toString (x + 1)}" - ] - ) - 10) - ); - bindm = [ - "$mod, mouse:272, movewindow" - "$mod, mouse:273, resizewindow" - "$mod ALT, mouse:272, resizewindow" - ]; - binde = [ - ", XF86AudioRaiseVolume, exec, wpctl set-volume -l 1.5 @DEFAULT_AUDIO_SINK@ 5%+" - ", XF86AudioLowerVolume, exec, wpctl set-volume -l 1.5 @DEFAULT_AUDIO_SINK@ 5%-" - ", XF86AudioNext, exec, mpc next" - ", XF86AudioPrev, exec, mpc prev" - ", XF86MonBrightnessUp , exec, xbacklight -inc 10" - ", XF86MonBrightnessDown, exec, xbacklight -dec 10" - ]; - decoration = { - blur = { - enabled = true; - size = 9; - passes = 4; - contrast = 0.8; - brightness = 1.1; - noise = 0.02; - new_optimizations = true; - ignore_opacity = true; - xray = false; - }; - rounding = 5; - }; - input = { - scroll_method = "on_button_down"; - scroll_button = 276; - sensitivity = -0.5; - kb_options = "caps:swapescape"; - repeat_delay = 300; - repeat_rate = 50; - natural_scroll = false; - touchpad = { - natural_scroll = true; - disable_while_typing = true; - tap-to-click = true; - }; - }; - cursor = { - no_hardware_cursors = true; - }; - misc = { - force_default_wallpaper = 0; - disable_hyprland_logo = true; - }; - }; - }; -} diff --git a/nix/modules/home/kitty.nix b/nix/modules/home/kitty.nix deleted file mode 100644 index b3e6e33..0000000 --- a/nix/modules/home/kitty.nix +++ /dev/null @@ -1,53 +0,0 @@ -{ lib, config, ... }: -{ - programs.kitty = { - enable = lib.mkDefault (config.monorepo.profiles.hyprland.enable && config.monorepo.profiles.graphics.enable); - settings = { - enable_audio_bell = false; - font_family = "Iosevka Nerd Font"; - font_size = 14; - confirm_os_window_close = 0; - background_opacity = "0.7"; - # Catppuccin theme - foreground = "#cdd6f4"; - background = "#1e1e2e"; - selection_foreground = "#1e1e2e"; - selection_background = "#f5e0dc"; - cursor = "#f5e0dc"; - cursor_text_color = "#1e1e2e"; - url_color = "#f5e0dc"; - active_border_color = "#B4BEFE"; - inactive_border_color = "#6C7086"; - bell_border_color = "#F9E2AF"; - wayland_titlebar_color = "#1E1E2E"; - macos_titlebar_color = "#1E1E2E"; - active_tab_foreground = "#11111B"; - active_tab_background = "#CBA6F7"; - inactive_tab_foreground = "#CDD6F4"; - inactive_tab_background = "#181825"; - tab_bar_background = "#11111B"; - mark1_foreground = "#1E1E2E"; - mark1_background = "#B4BEFE"; - mark2_foreground = "#1E1E2E"; - mark2_background = "#CBA6F7"; - mark3_foreground = "#1E1E2E"; - mark3_background = "#74C7EC"; - color0 = "#45475A"; - color8 = "#585B70"; - color1 = "#F38BA8"; - color9 = "#F38BA8"; - color2 = "#A6E3A1"; - color10 = "#A6E3A1"; - color3 = "#F9E2AF"; - color11 = "#F9E2AF"; - color4 = "#89B4FA"; - color12 = "#89B4FA"; - color5 = "#F5C2E7"; - color13 = "#F5C2E7"; - color6 = "#94E2D5"; - color14 = "#94E2D5"; - color7 = "#BAC2DE"; - color15 = "#A6ADC8"; - }; - }; -} diff --git a/nix/modules/home/mako.nix b/nix/modules/home/mako.nix deleted file mode 100644 index 14edde8..0000000 --- a/nix/modules/home/mako.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ lib, config, sounds, ... }: -{ - services.mako = { - enable = lib.mkDefault config.monorepo.profiles.graphics.enable; - settings = { - on-notify = "exec mpv ${sounds}/polite.ogg --no-config --no-video"; - background-color = "#11111bf8"; - text-color = "#cdd6f4"; - border-color = "#89b4faff"; - border-radius = 1; - font = "Fira Code 10"; - default-timeout = 3000; - }; - }; -} diff --git a/nix/modules/home/mbsync.nix b/nix/modules/home/mbsync.nix deleted file mode 100644 index 893528e..0000000 --- a/nix/modules/home/mbsync.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ lib, config, super, ... }: -{ - programs.mbsync = { - enable = lib.mkDefault config.monorepo.profiles.email.enable; - extraConfig = '' - IMAPAccount ${super.monorepo.vars.internetName} - Host mail.${super.monorepo.vars.orgHost} - User ${super.monorepo.vars.email} - PassCmd "cat ${config.sops.secrets.mail.path}" - Port 993 - TLSType IMAPS - AuthMechs * - CertificateFile /etc/ssl/certs/ca-certificates.crt - - IMAPStore ${super.monorepo.vars.internetName}-remote - Account ${super.monorepo.vars.internetName} - - MaildirStore ${super.monorepo.vars.internetName}-local - Path ~/email/${super.monorepo.vars.internetName}/ - Inbox ~/email/${super.monorepo.vars.internetName}/INBOX - SubFolders Verbatim - - Channel ${super.monorepo.vars.internetName} - Far :${super.monorepo.vars.internetName}-remote: - Near :${super.monorepo.vars.internetName}-local: - Patterns * - Create Near - Sync All - Expunge None - SyncState * - ''; - }; -} diff --git a/nix/modules/home/mpd.nix b/nix/modules/home/mpd.nix deleted file mode 100644 index b423a70..0000000 --- a/nix/modules/home/mpd.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ lib, config, ... }: -{ - services.mpd = { - enable = lib.mkDefault config.monorepo.profiles.music.enable; - dbFile = "/home/${config.monorepo.vars.userName}/.config/mpd/db"; - dataDir = "/home/${config.monorepo.vars.userName}/.config/mpd/"; - network.port = 6600; - musicDirectory = "/home/${config.monorepo.vars.userName}/music"; - playlistDirectory = "/home/${config.monorepo.vars.userName}/.config/mpd/playlists"; - network.listenAddress = "0.0.0.0"; - extraConfig = '' - audio_output { - type "pipewire" - name "pipewire output" - } - - audio_output { - type "httpd" - name "Ret2pop's Music Stream" - encoder "opus" - port "8000" - bitrate "128000" - format "48000:16:1" - always_on "yes" - tags "yes" - } - - audio_output { - type "shout" - name "My VPS Stream" - host "127.0.0.1" - port "8888" - mount "/stream" - password "SuperSecretSourcePass" - bitrate "128" - format "44100:16:2" - protocol "icecast2" - user "source" - description "My MPD Stream" - genre "Mixed" - } - ''; - }; -} diff --git a/nix/modules/home/mpv.nix b/nix/modules/home/mpv.nix deleted file mode 100644 index 6dd7f4d..0000000 --- a/nix/modules/home/mpv.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ lib, config, ... }: -{ - programs.mpv = { - enable = lib.mkDefault config.monorepo.profiles.graphics.enable; - config = { - profile = "gpu-hq"; - force-window = true; - ytdl-format = "bestvideo+bestaudio"; - cache-default = 4000000; - }; - }; -} diff --git a/nix/modules/home/msmtp.nix b/nix/modules/home/msmtp.nix deleted file mode 100644 index c1abd8f..0000000 --- a/nix/modules/home/msmtp.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ lib, config, super, ... }: -{ - programs.msmtp = { - enable = lib.mkDefault config.monorepo.profiles.email.enable; - extraConfig = '' - # Set default values for all following accounts. - defaults - auth on - tls on - tls_trust_file /etc/ssl/certs/ca-certificates.crt - tls_certcheck off - logfile ~/.msmtp.log - - # Gmail - account ${super.monorepo.vars.internetName} - host mail.${super.monorepo.vars.orgHost} - port 587 - from ${super.monorepo.vars.email} - user ${super.monorepo.vars.email} - passwordeval "cat ${config.sops.secrets.mail.path}" - - - # Set a default account - account default : ${super.monorepo.vars.internetName} - ''; - }; -} diff --git a/nix/modules/home/pantalaimon.nix b/nix/modules/home/pantalaimon.nix deleted file mode 100644 index 35e72c3..0000000 --- a/nix/modules/home/pantalaimon.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ lib, config, ... }: -{ - services.pantalaimon = { - enable = lib.mkDefault false; - settings = { - Default = { - LogLevel = "Debug"; - SSL = true; - }; - - local-matrix = { - Homeserver = "https://matrix.nullring.xyz"; - ListenAddress = "127.0.0.1"; - ListenPort = 8008; - }; - }; - - }; -} diff --git a/nix/modules/home/personal_secrets.nix b/nix/modules/home/personal_secrets.nix deleted file mode 100644 index 9013de1..0000000 --- a/nix/modules/home/personal_secrets.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ lib, config, ... }: -{ - config = lib.mkIf config.monorepo.profiles.graphics.enable { - sops.secrets = { - mail = { - format = "yaml"; - path = "${config.sops.defaultSymlinkPath}/mail"; - }; - cloudflare-dns = { - format = "yaml"; - path = "${config.sops.defaultSymlinkPath}/cloudflare-dns"; - }; - digikey = { - format = "yaml"; - path = "${config.sops.defaultSymlinkPath}/digikey"; - }; - dn42 = { - format = "yaml"; - path = "${config.sops.defaultSymlinkPath}/dn42"; - }; - }; - }; -} diff --git a/nix/modules/home/secrets.nix b/nix/modules/home/secrets.nix deleted file mode 100644 index 00be79b..0000000 --- a/nix/modules/home/secrets.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ config, super, ... }: -{ - sops = { - defaultSopsFile = - if config.monorepo.profiles.graphics.enable - then ../../secrets/secrets.yaml - else ../../secrets/vps_secrets.yaml; - - age = { - keyFile = "/home/${super.monorepo.vars.userName}/.config/sops/age/keys.txt"; - }; - - secrets = - if super.monorepo.profiles.desktop.enable then { - mail = { - format = "yaml"; - path = "${config.sops.defaultSymlinkPath}/mail"; - }; - cloudflare-dns = { - format = "yaml"; - path = "${config.sops.defaultSymlinkPath}/cloudflare-dns"; - }; - digikey = { - format = "yaml"; - path = "${config.sops.defaultSymlinkPath}/digikey"; - }; - dn42 = { - format = "yaml"; - path = "${config.sops.defaultSymlinkPath}/dn42"; - }; - } else { }; - defaultSymlinkPath = "/run/user/1000/secrets"; - defaultSecretsMountPoint = "/run/user/1000/secrets.d"; - }; -} diff --git a/nix/modules/home/user.nix b/nix/modules/home/user.nix deleted file mode 100644 index d378fb6..0000000 --- a/nix/modules/home/user.nix +++ /dev/null @@ -1,202 +0,0 @@ -{ lib, config, super, pkgs, ... }: -{ - home = { - activation.startup-files = lib.hm.dag.entryAfter [ "installPackages" ] '' - if [ ! -d "/home/${config.monorepo.vars.userName}/email/${config.monorepo.vars.internetName}/" ]; then - mkdir -p /home/${config.monorepo.vars.userName}/email/${config.monorepo.vars.internetName}/ - fi - - if [ ! -d "/home/${config.monorepo.vars.userName}/music" ]; then - mkdir -p /home/${config.monorepo.vars.userName}/music - fi - - if [ ! -d /home/${config.monorepo.vars.userName}/org ]; then - mkdir -p /home/${config.monorepo.vars.userName}/org - fi - - if [ ! -d /home/${config.monorepo.vars.userName}/src ]; then - mkdir -p /home/${config.monorepo.vars.userName}/src - fi - - touch /home/${config.monorepo.vars.userName}/org/agenda.org - touch /home/${config.monorepo.vars.userName}/org/notes.org - ''; - - enableNixpkgsReleaseCheck = false; - username = config.monorepo.vars.userName; - homeDirectory = "/home/${config.monorepo.vars.userName}"; - stateVersion = "24.11"; - - packages = with pkgs; (if config.monorepo.profiles.graphics.enable then [ - # wikipedia - # kiwix kiwix-tools - gnupg - unzip - mupdf - zathura - - fzf - # passwords - age - sops - - # formatting - ghostscript - texliveFull - pandoc - - # Emacs Deps - graphviz - jq - - # Apps - # octaveFull - grim - swww - vim - kotatogram-desktop - tg - qwen-code - element-desktop - signal-desktop - signal-cli - thunderbird - jami - - # Sound/media - pavucontrol - alsa-utils - imagemagick - ffmpeg - helvum - - # Net - curl - rsync - gitFull - iamb - ungoogled-chromium - - # Tor - torsocks - tor-browser - - # For transfering secrets onto new system - stow - - # fonts - nerd-fonts.iosevka - noto-fonts - noto-fonts-cjk-sans - noto-fonts-color-emoji - fira-code - font-awesome_6 - victor-mono - (aspellWithDicts - (dicts: with dicts; [ en en-computers en-science ])) - - # Misc. - pinentry-gnome3 - x11_ssh_askpass - xdg-utils - acpilight - pfetch - libnotify - htop - - (pkgs.writeShellScriptBin "help" - '' - #!/usr/bin/env sh - # Portable, colored, nicely aligned alias list - - # Generate uncolored alias pairs - aliases=$(cat <<'EOF' - ${let aliases = config.programs.zsh.shellAliases; - in lib.concatStringsSep "\n" (lib.mapAttrsToList (name: value: - "${name} -> ${value}" - ) aliases)} - EOF - ) - - # Align and color using awk - echo "$aliases" | awk ' - BEGIN { - GREEN="\033[0;32m"; - YELLOW="\033[0;33m"; - RESET="\033[0m"; - maxlen=0; - } - { - # Split line on " -> " - split($0, parts, / -> /); - name[NR]=parts[1]; - cmd[NR]=parts[2]; - if(length(parts[1])>maxlen) maxlen=length(parts[1]); - } - END { - for(i=1;i<=NR;i++) { - # printf with fixed width for alias name - printf "%s%-*s%s -> %s%s%s\n", GREEN, maxlen, name[i], RESET, YELLOW, cmd[i], RESET; - } - }' - '') - - (writeShellScriptBin "remote-build" - '' - #!/bin/bash - nixos-rebuild --sudo --ask-sudo-password --target-host "$1" switch --flake $HOME/monorepo/nix#spontaneity - '' - ) - (writeShellScriptBin "install-vps" - '' - #!/bin/bash - nix run github:nix-community/nixos-anywhere -- --generate-hardware-config nixos-generate-config $HOME/monorepo/nix/systems/spontaneity/hardware-configuration.nix --flake $HOME/monorepo/nix#spontaneity --target-host "$1" - '') - (writeShellScriptBin "secrets" - '' - #!/bin/bash - cd "$HOME/secrets" - git pull # repo is over LAN - stow */ # manage secrets with gnu stow - cd "$HOME" - '') - (writeShellScriptBin "spontaneity-ci" - '' - #!/bin/bash - nixos-rebuild build-vm --flake $HOME/monorepo/nix#spontaneity && QEMU_OPTS="-serial stdio" ./result/bin/run-spontaneity-vm 2>&1 | tee vm-boot.log'') - ] else [ - pfetch - # net - curl - torsocks - rsync - ]); - }; - - services = { - gpg-agent = { - pinentry.package = pkgs.pinentry-emacs; - enable = true; - extraConfig = '' - allow-emacs-pinentry - allow-loopback-pinentry - ''; - }; - }; - xdg.mimeApps = { - enable = lib.mkDefault config.monorepo.profiles.graphics.enable; - defaultApplications = { - "x-scheme-handler/mailto" = "emacsclient-mail.desktop"; - "text/html" = "librewolf.desktop"; - "text/xml" = "librewolf.desktop"; - "application/xhtml+xml" = "librewolf.desktop"; - "x-scheme-handler/http" = "librewolf.desktop"; - "x-scheme-handler/https" = "librewolf.desktop"; - "x-scheme-handler/about" = "librewolf.desktop"; - "x-scheme-handler/unknown" = "librewolf.desktop"; - }; - }; - - programs.bash.enable = true; - fonts.fontconfig.enable = true; -} diff --git a/nix/modules/home/vps_secrets.nix b/nix/modules/home/vps_secrets.nix deleted file mode 100644 index df75a39..0000000 --- a/nix/modules/home/vps_secrets.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ lib, config, ... }: -{ - config = lib.mkIf (!config.monorepo.profiles.graphics.enable) { - sops.secrets = { - znc = { - format = "yaml"; - path = "${config.sops.defaultsymlinkpath}/znc"; - }; - znc_password_salt = { - format = "yaml"; - path = "${config.sops.defaultsymlinkpath}/znc_password_salt"; - }; - znc_password_hash = { - format = "yaml"; - path = "${config.sops.defaultsymlinkpath}/znc_password_hash"; - }; - matrix_bridge = { - format = "yaml"; - path = "${config.sops.defaultsymlinkpath}/matrix_bridge"; - }; - coturn_secret = { - format = "yaml"; - path = "${config.sops.defaultsymlinkpath}/coturn_secret"; - }; - livekit_secret = { - format = "yaml"; - path = "${config.sops.defaultsymlinkpath}/livekit_secret"; - }; - livekit = { - format = "yaml"; - path = "${config.sops.defaultsymlinkpath}/livekit"; - }; - conduit_secrets = { - format = "yaml"; - path = "${config.sops.defaultsymlinkpath}/conduit_secrets"; - }; - mautrix_env = { - format = "yaml"; - path = "${config.sops.defaultsymlinkpath}/mautrix_env"; - }; - }; - }; -} diff --git a/nix/modules/home/waybar.nix b/nix/modules/home/waybar.nix deleted file mode 100644 index 8e797a5..0000000 --- a/nix/modules/home/waybar.nix +++ /dev/null @@ -1,274 +0,0 @@ -{ lib, config, ... }: -{ - programs.waybar = { - enable = lib.mkDefault config.monorepo.profiles.hyprland.enable; - style = '' - * { - border: none; - border-radius: 0px; - font-family: Iosevka Nerd Font, FontAwesome, Noto Sans CJK; - font-size: 14px; - font-style: normal; - min-height: 0; - } - - window#waybar { - background: rgba(30, 30, 46, 0.5); - border-bottom: 1px solid #45475a; - color: #cdd6f4; - } - - #workspaces { - background: #45475a; - margin: 5px 5px 5px 5px; - padding: 0px 5px 0px 5px; - border-radius: 16px; - border: solid 0px #f4d9e1; - font-weight: normal; - font-style: normal; - } - #workspaces button { - padding: 0px 5px; - border-radius: 16px; - color: #a6adc8; - } - - #workspaces button.active { - color: #f4d9e1; - background-color: transparent; - border-radius: 16px; - } - - #workspaces button:hover { - background-color: #cdd6f4; - color: black; - border-radius: 16px; - } - - #custom-date, #clock, #battery, #pulseaudio, #network, #custom-randwall, #custom-launcher { - background: transparent; - padding: 5px 5px 5px 5px; - margin: 5px 5px 5px 5px; - border-radius: 8px; - border: solid 0px #f4d9e1; - } - - #custom-date { - color: #D3869B; - } - - #custom-power { - color: #24283b; - background-color: #db4b4b; - border-radius: 5px; - margin-right: 10px; - margin-top: 5px; - margin-bottom: 5px; - margin-left: 0px; - padding: 5px 10px; - } - - #tray { - background: #45475a; - margin: 5px 5px 5px 5px; - border-radius: 16px; - padding: 0px 5px; - /*border-right: solid 1px #282738;*/ - } - - #clock { - color: #cdd6f4; - background-color: #45475a; - border-radius: 0px 0px 0px 24px; - padding-left: 13px; - padding-right: 15px; - margin-right: 0px; - margin-left: 10px; - margin-top: 0px; - margin-bottom: 0px; - font-weight: bold; - /*border-left: solid 1px #282738;*/ - } - - #battery { - color: #89b4fa; - } - - #battery.charging { - color: #a6e3a1; - } - - #battery.warning:not(.charging) { - background-color: #f7768e; - color: #f38ba8; - border-radius: 5px 5px 5px 5px; - } - - #backlight { - background-color: #24283b; - color: #db4b4b; - border-radius: 0px 0px 0px 0px; - margin: 5px; - margin-left: 0px; - margin-right: 0px; - padding: 0px 0px; - } - - #network { - color: #f4d9e1; - border-radius: 8px; - margin-right: 5px; - } - - #pulseaudio { - color: #f4d9e1; - border-radius: 8px; - margin-left: 0px; - } - - #pulseaudio.muted { - background: transparent; - color: #928374; - border-radius: 8px; - margin-left: 0px; - } - - #custom-randwall { - color: #f4d9e1; - border-radius: 8px; - margin-right: 0px; - } - - #custom-launcher { - color: #e5809e; - background-color: #45475a; - border-radius: 0px 24px 0px 0px; - margin: 0px 0px 0px 0px; - padding: 0 20px 0 13px; - /*border-right: solid 1px #282738;*/ - font-size: 20px; - } - - #custom-launcher button:hover { - background-color: #FB4934; - color: transparent; - border-radius: 8px; - margin-right: -5px; - margin-left: 10px; - } - - #custom-playerctl { - background: #45475a; - padding-left: 15px; - padding-right: 14px; - border-radius: 16px; - /*border-left: solid 1px #282738;*/ - /*border-right: solid 1px #282738;*/ - margin-top: 5px; - margin-bottom: 5px; - margin-left: 0px; - font-weight: normal; - font-style: normal; - font-size: 16px; - } - - #custom-playerlabel { - background: transparent; - padding-left: 10px; - padding-right: 15px; - border-radius: 16px; - /*border-left: solid 1px #282738;*/ - /*border-right: solid 1px #282738;*/ - margin-top: 5px; - margin-bottom: 5px; - font-weight: normal; - font-style: normal; - } - - #window { - background: #45475a; - padding-left: 15px; - padding-right: 15px; - border-radius: 16px; - /*border-left: solid 1px #282738;*/ - /*border-right: solid 1px #282738;*/ - margin-top: 5px; - margin-bottom: 5px; - font-weight: normal; - font-style: normal; - } - - #custom-wf-recorder { - padding: 0 20px; - color: #e5809e; - background-color: #1E1E2E; - } - - #cpu { - background-color: #45475a; - /*color: #FABD2D;*/ - border-radius: 16px; - margin: 5px; - margin-left: 5px; - margin-right: 5px; - padding: 0px 10px 0px 10px; - font-weight: bold; - } - - #memory { - background-color: #45475a; - /*color: #83A598;*/ - border-radius: 16px; - margin: 5px; - margin-left: 5px; - margin-right: 5px; - padding: 0px 10px 0px 10px; - font-weight: bold; - } - - #disk { - background-color: #45475a; - /*color: #8EC07C;*/ - border-radius: 16px; - margin: 5px; - margin-left: 5px; - margin-right: 5px; - padding: 0px 10px 0px 10px; - font-weight: bold; - } - - #custom-hyprpicker { - background-color: #45475a; - /*color: #8EC07C;*/ - border-radius: 16px; - margin: 5px; - margin-left: 5px; - margin-right: 5px; - padding: 0px 11px 0px 9px; - font-weight: bold; - } - ''; - settings = { - mainBar = { - layer = "top"; - position = "top"; - height = 50; - - output = config.monorepo.vars.monitors; - - modules-left = [ "hyprland/workspaces" ]; - modules-center = [ "hyprland/window" ]; - modules-right = [ "battery" "clock" ]; - - battery = { - format = "{icon} {capacity}%"; - format-icons = ["" "" "" "" "" ]; - }; - - clock = { - format = "⏰ {:%a %d, %b %H:%M}"; - }; - }; - }; - }; -} diff --git a/nix/modules/home/wofi.nix b/nix/modules/home/wofi.nix deleted file mode 100644 index ec2e3bc..0000000 --- a/nix/modules/home/wofi.nix +++ /dev/null @@ -1,188 +0,0 @@ -{ lib, config, ... }: -{ - programs.wofi = { - enable = lib.mkDefault config.monorepo.profiles.graphics.enable; - settings = { - location = "bottom-right"; - allow_markup = true; - show = "drun"; - width = 750; - height = 400; - always_parse_args = true; - show_all = false; - term = "kitty"; - hide_scroll = true; - print_command = true; - insensitive = true; - prompt = "Run what, Commander?"; - columns = 2; - }; - - style = '' - @define-color rosewater #f5e0dc; - @define-color rosewater-rgb rgb(245, 224, 220); - @define-color flamingo #f2cdcd; - @define-color flamingo-rgb rgb(242, 205, 205); - @define-color pink #f5c2e7; - @define-color pink-rgb rgb(245, 194, 231); - @define-color mauve #cba6f7; - @define-color mauve-rgb rgb(203, 166, 247); - @define-color red #f38ba8; - @define-color red-rgb rgb(243, 139, 168); - @define-color maroon #eba0ac; - @define-color maroon-rgb rgb(235, 160, 172); - @define-color peach #fab387; - @define-color peach-rgb rgb(250, 179, 135); - @define-color yellow #f9e2af; - @define-color yellow-rgb rgb(249, 226, 175); - @define-color green #a6e3a1; - @define-color green-rgb rgb(166, 227, 161); - @define-color teal #94e2d5; - @define-color teal-rgb rgb(148, 226, 213); - @define-color sky #89dceb; - @define-color sky-rgb rgb(137, 220, 235); - @define-color sapphire #74c7ec; - @define-color sapphire-rgb rgb(116, 199, 236); - @define-color blue #89b4fa; - @define-color blue-rgb rgb(137, 180, 250); - @define-color lavender #b4befe; - @define-color lavender-rgb rgb(180, 190, 254); - @define-color text #cdd6f4; - @define-color text-rgb rgb(205, 214, 244); - @define-color subtext1 #bac2de; - @define-color subtext1-rgb rgb(186, 194, 222); - @define-color subtext0 #a6adc8; - @define-color subtext0-rgb rgb(166, 173, 200); - @define-color overlay2 #9399b2; - @define-color overlay2-rgb rgb(147, 153, 178); - @define-color overlay1 #7f849c; - @define-color overlay1-rgb rgb(127, 132, 156); - @define-color overlay0 #6c7086; - @define-color overlay0-rgb rgb(108, 112, 134); - @define-color surface2 #585b70; - @define-color surface2-rgb rgb(88, 91, 112); - @define-color surface1 #45475a; - @define-color surface1-rgb rgb(69, 71, 90); - @define-color surface0 #313244; - @define-color surface0-rgb rgb(49, 50, 68); - @define-color base #1e1e2e; - @define-color base-rgb rgb(30, 30, 46); - @define-color mantle #181825; - @define-color mantle-rgb rgb(24, 24, 37); - @define-color crust #11111b; - @define-color crust-rgb rgb(17, 17, 27); - - * { - font-family: 'Iosevka Nerd Font', monospace; - font-size: 14px; - } - - /* Window */ - window { - margin: 0px; - padding: 10px; - border: 0.16em solid @lavender; - border-radius: 0.1em; - background-color: @base; - animation: slideIn 0.5s ease-in-out both; - } - - /* Slide In */ - @keyframes slideIn { - 0% { - opacity: 0; - } - - 100% { - opacity: 1; - } - } - - /* Inner Box */ - #inner-box { - margin: 5px; - padding: 10px; - border: none; - background-color: @base; - animation: fadeIn 0.5s ease-in-out both; - } - - /* Fade In */ - @keyframes fadeIn { - 0% { - opacity: 0; - } - - 100% { - opacity: 1; - } - } - - /* Outer Box */ - #outer-box { - margin: 5px; - padding: 10px; - border: none; - background-color: @base; - } - - /* Scroll */ - #scroll { - margin: 0px; - padding: 10px; - border: none; - background-color: @base; - } - - /* Input */ - #input { - margin: 5px 20px; - padding: 10px; - border: none; - border-radius: 0.1em; - color: @text; - background-color: @base; - animation: fadeIn 0.5s ease-in-out both; - } - - #input image { - border: none; - color: @red; - } - - #input * { - outline: 4px solid @red!important; - } - - /* Text */ - #text { - margin: 5px; - border: none; - color: @text; - animation: fadeIn 0.5s ease-in-out both; - } - - #entry { - background-color: @base; - } - - #entry arrow { - border: none; - color: @lavender; - } - - /* Selected Entry */ - #entry:selected { - border: 0.11em solid @lavender; - } - - #entry:selected #text { - color: @mauve; - } - - #entry:drop(active) { - background-color: @lavender!important; - } - ''; - }; -} diff --git a/nix/modules/home/yt-dlp.nix b/nix/modules/home/yt-dlp.nix deleted file mode 100644 index b9dd8e0..0000000 --- a/nix/modules/home/yt-dlp.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ lib, config, ... }: -{ - programs.yt-dlp = { - enable = lib.mkDefault config.monorepo.profiles.graphics.enable; - settings = { - embed-thumbnail = true; - embed-subs = true; - sub-langs = "all"; - downloader = "aria2c"; - downloader-args = "aria2c:'-c -x8 -s8 -k1M'"; - }; - }; -} diff --git a/nix/modules/home/zsh.nix b/nix/modules/home/zsh.nix deleted file mode 100644 index 62dcbd5..0000000 --- a/nix/modules/home/zsh.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ lib, config, pkgs, systemHostName, ... }: -{ - programs.zsh = { - enable = true; - initContent = '' - umask 0022 - export EXTRA_CCFLAGS="-I/usr/include" - source ${pkgs.zsh-vi-mode}/share/zsh-vi-mode/zsh-vi-mode.plugin.zsh - export QT_QPA_PLATFORM="wayland" - export OLLAMA_MODEL="qwen3:14b" - ''; - - localVariables = { - EDITOR = "emacsclient --create-frame --alternate-editor=vim"; - INPUT_METHOD = "fcitx"; - QT_IM_MODULE = "fcitx"; - GTK_IM_MODULE = "fcitx"; - XMODIFIERS = "@im=fcitx"; - XIM_SERVERS = "fcitx"; - WXSUPPRESS_SIZER_FLAGS_CHECK = "1"; - }; - - shellAliases = { - clone-secrets = "git clone ssh://\"$1\"/home/preston/secrets \"$HOME/secrets\""; - get-channel-id = "yt-dlp --print \"%(channel_id)s\" --playlist-end 1 \"$1\""; - se = "sops edit"; - f = "vim $(fzf)"; - e = "cd $(find . -type d -print | fzf)"; - c = "clear"; - g = "git"; - v = "vim"; - py = "python3"; - build-installer = "nix build $HOME/monorepo/nix#nixosConfigurations.installer.config.system.build.isoImage"; - rb = "sudo nixos-rebuild switch --flake $HOME/monorepo/nix#${systemHostName}"; - nfu = "cd ~/monorepo/nix && git add . && git commit -m \"new flake lock\" && nix flake update"; - usync = "rsync -azvP --chmod=\"Du=rwx,Dg=rx,Do=rx,Fu=rw,Fg=r,Fo=r\" ~/website_html/ root@${config.monorepo.vars.remoteHost}:/var/www/${config.monorepo.vars.internetName}-website/"; - usite - = "cd ~/src/publish-org-roam-ui && bash local.sh && rm -rf ~/website_html/graph_view; cp -r ~/src/publish-org-roam-ui/out ~/website_html/graph_view && rsync -azvP --chmod=\"Du=rwx,Dg=rx,Do=rx,Fu=rw,Fg=r,Fo=r\" ~/website_html/ root@${config.monorepo.vars.remoteHost}:/var/www/${config.monorepo.vars.internetName}-website/"; - sai = "eval \"$(ssh-agent -s)\" && ssh-add ~/.ssh/id_ed25519 && ssh-add -l"; - }; - loginExtra = '' - if [[ "$(tty)" = "/dev/tty1" ]]; then - exec Hyprland - fi - ''; - }; -} diff --git a/nix/modules/honk.nix b/nix/modules/honk.nix deleted file mode 100644 index 985a544..0000000 --- a/nix/modules/honk.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ lib, config, ... }: -{ - services.honk = { - enable = lib.mkDefault config.monorepo.profiles.server.enable; - servername = "ret2pop.net"; - username = "ret2pop"; - }; -} diff --git a/nix/modules/i2pd.nix b/nix/modules/i2pd.nix deleted file mode 100644 index 9e942fa..0000000 --- a/nix/modules/i2pd.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ config, lib, ... }: -{ - services.i2pd = { - enable = lib.mkDefault false; - address = "0.0.0.0"; - inTunnels = { }; - outTunnels = { }; - }; -} diff --git a/nix/modules/icecast.nix b/nix/modules/icecast.nix deleted file mode 100644 index 7d3d88d..0000000 --- a/nix/modules/icecast.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ lib, config, ... }: -{ - services.icecast = { - enable = lib.mkDefault false; - listen.address = "0.0.0.0"; - extraConfig = '' - - 0 - /stream.m3u - 3600 - - - -
- - - ''; - }; - admin.password = "changeme"; -} diff --git a/nix/modules/impermanence.nix b/nix/modules/impermanence.nix deleted file mode 100644 index 4fa886a..0000000 --- a/nix/modules/impermanence.nix +++ /dev/null @@ -1,100 +0,0 @@ -{ lib, config, ... }: -{ - assertions = [ - { - assertion = (! (config.monorepo.profiles.impermanence.enable && (! (config.monorepo.vars.fileSystem == "btrfs")))); - message = "Impermanence requires btrfs filesystem."; - } - ]; - - boot.initrd.postResumeCommands = (if config.monorepo.profiles.impermanence.enable then lib.mkAfter '' - mkdir /btrfs_tmp - mount -t btrfs -n -o subvol=/ /dev/mapper/crypted /btrfs_tmp - if [[ -e /btrfs_tmp/root ]]; then - mkdir -p /btrfs_tmp/old_roots - timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S") - mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp" - fi - - delete_subvolume_recursively() { - IFS=$'\n' - for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do - delete_subvolume_recursively "/btrfs_tmp/$i" - done - btrfs subvolume delete "$1" - } - - for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do - delete_subvolume_recursively "$i" - done - - btrfs subvolume create /btrfs_tmp/root - umount -n /btrfs_tmp - '' else ""); - - boot.initrd.luks.devices = (if (config.monorepo.vars.fileSystem == "btrfs") then { - crypted = { - device = "/dev/disk/by-partlabel/disk-main-luks"; - }; - } else {}); - - fileSystems = if (config.monorepo.profiles.impermanence.enable) then { - "/persistent" = { - neededForBoot = true; - }; - "/home" = { - neededForBoot = true; - }; - } else {}; - - environment.persistence."/persistent" = { - enable = config.monorepo.profiles.impermanence.enable; - hideMounts = true; - directories = [ - "/var/log" - "/var/lib/bluetooth" - "/var/lib/nixos" - "/var/lib/systemd/coredump" - "/etc/NetworkManager/system-connections" - ]; - files = [ - "/etc/machine-id" - { file = "/var/keys/secret_file"; parentDirectory = { mode = "u=rwx,g=,o="; }; } - ]; - users."${config.monorepo.vars.userName}" = { - directories = [ - "Downloads" - "music" - "Pictures" - "Documents" - "Videos" - "Monero" - "org" - "monorepo" - "soundfont" - "website_html" - "ardour" - "audacity" - "img" - "email" - "projects" - "secrets" - - ".emacs.d" - ".elfeed" - ".electrum" - ".mozilla" - ".bitmonero" - ".config" - ".crypto" - { directory = ".gnupg"; mode = "0700"; } - { directory = ".ssh"; mode = "0700"; } - { directory = ".local/share/keyrings"; mode = "0700"; } - ".local/share/direnv" - ]; - files = [ - ".emacs" - ]; - }; - }; -} diff --git a/nix/modules/inspircd.nix b/nix/modules/inspircd.nix deleted file mode 100644 index bf3e9ba..0000000 --- a/nix/modules/inspircd.nix +++ /dev/null @@ -1,539 +0,0 @@ -{ lib, config, ... }: -{ - services.inspircd = { - enable = lib.mkDefault config.monorepo.profiles.server.enable; - modules = [ "ssl_openssl" ]; - config = '' - - - - - - - - - - - #hash="sha256" - - # diepass: Password for opers to use if they need to shutdown (die) - # a server. - diepass="" - - # restartpass: Password for opers to use if they need to restart - # a server. - restartpass=""> - - - - -#-#-#-#-#-#-#-#-#-#-#-#- CIDR CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#- -# # -# CIDR configuration allows detection of clones and applying of # -# throttle limits across a CIDR range. (A CIDR range is a group of # -# IPs, for example, the CIDR range 192.168.1.0-192.168.1.255 may be # -# represented as 192.168.1.0/24). This means that abuse across an ISP # -# is detected and curtailed much easier. Here is a good chart that # -# shows how many IPs the different CIDRs correspond to: # -# http://en.wikipedia.org/wiki/CIDR#Prefix_aggregation # -# # - - - - - -#-#-#-#-#-#-#-#-#-#-#-#-#-#-# DNS SERVER -#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# If these values are not defined, InspIRCd uses the default DNS resolver -# of your system. - - - -# An example of using an IPv6 nameserver -# - -#-#-#-#-#-#-#-#-#-#-#-#-#-#-# PID FILE -#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# # -# Define the path to the PID file here. The PID file can be used to # -# rehash the ircd from the shell or to terminate the ircd from the # -# shell using shell scripts, perl scripts, etc... and to monitor the # -# ircd's state via cron jobs. If this is a relative path, it will be # -# relative to the configuration directory, and if it is not defined, # -# the default of 'inspircd.pid' is used. # -# # - -# - -#-#-#-#-#-#-#-#-#-#-#-#-#- BANLIST LIMITS #-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# # -# Use these tags to customise the ban limits on a per channel basis. # -# The tags are read from top to bottom, and any tag found which # -# matches the channels name applies the banlimit to that channel. # -# It is advisable to put an entry with the channel as '*' at the # -# bottom of the list. If none are specified or no maxbans tag is # -# matched, the banlist size defaults to 64 entries. # -# # - - - - -#-#-#-#-#-#-#-#-#-#-#- DISABLED FEATURES -#-#-#-#-#-#-#-#-#-#-#-#-#-# -# # -# This tag is optional, and specifies one or more features which are # -# not available to non-operators. # -# # -# For example you may wish to disable NICK and prevent non-opers from # -# changing their nicknames. # -# Note that any disabled commands take effect only after the user has # -# 'registered' (e.g. after the initial USER/NICK/PASS on connection) # -# so for example disabling NICK will not cripple your network. # -# # -# You can also define if you want to disable any channelmodes # -# or usermodes from your users. # -# # -# `fakenonexistant' will make the ircd pretend that nonexistant # -# commands simply don't exist to non-opers ("no such command"). # -# # -# - - -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#- RTFM LINE -#-#-#-#-#-#-#-#-#-#-#-#-#-# -# # -# Just remove this... Its here to make you read ALL of the config # -# file options ;) # - -# - - - -#-#-#-#-#-#-#-#-#-#-#-#-#- SERVER OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-# -# # -# Settings to define which features are usable on your server. # -# # - - - - # suffixpart: What (if anything) users' part message - # should be suffixed with. - suffixpart=""" - - # fixedquit: Set all users' quit messages to this value. - #fixedquit="" - - # fixedpart: Set all users' part messages in all channels - # to this value. - #fixedpart="" - - # syntaxhints: If enabled, if a user fails to send the correct parameters - # for a command, the ircd will give back some help text of what - # the correct parameters are. - syntaxhints="no" - - # cyclehosts: If enabled, when a user gets a host set, it will cycle - # them in all their channels. If not, it will simply change their host - # without cycling them. - cyclehosts="yes" - - # cyclehostsfromuser: If enabled, the source of the mode change for - # cyclehosts will be the user who cycled. This can look nicer, but - # triggers anti-takeover mechanisms of some obsolete bots. - cyclehostsfromuser="no" - - # ircumsgprefix: Use undernet-style message prefixing for NOTICE and - # PRIVMSG. If enabled, it will add users' prefix to the line, if not, - # it will just message the user normally. - ircumsgprefix="no" - - # announcets: If set to yes, when the timestamp on a channel changes, all users - # in the channel will be sent a NOTICE about it. - announcets="yes" - - # allowmismatch: Setting this option to yes will allow servers to link even - # if they don't have the same "optionally common" modules loaded. Setting this to - # yes may introduce some desyncs and unwanted behaviour. - allowmismatch="no" - - # defaultbind: Sets the default for tags without an address. Choices are - # ipv4 or ipv6; if not specified, IPv6 will be used if your system has support, - # falling back to IPv4 otherwise. - defaultbind="auto" - - # hostintopic: If enabled, channels will show the host of the topic setter - # in the topic. If set to no, it will only show the nick of the topic setter. - hostintopic="yes" - - # pingwarning: If a server does not respond to a ping within x seconds, - # it will send a notice to opers with snomask +l informing that the server - # is about to ping timeout. - pingwarning="15" - - # serverpingfreq: How often pings are sent between servers (in seconds). - serverpingfreq="60" - - # defaultmodes: What modes are set on a empty channel when a user - # joins it and it is unregistered. - defaultmodes="nt" - - # moronbanner: This is the text that is sent to a user when they are - # banned from the server. - moronbanner="You're banned! Email abuse@example.com with the ERROR line below for help." - - # exemptchanops: exemptions for channel access restrictions based on prefix. - exemptchanops="nonick:v flood:o" - - # invitebypassmodes: This allows /invite to bypass other channel modes. - # (Such as +k, +j, +l, etc.) - invitebypassmodes="yes" - - # nosnoticestack: This prevents snotices from 'stacking' and giving you - # the message saying '(last message repeated X times)'. Defaults to no. - nosnoticestack="no" - - # welcomenotice: When turned on, this sends a NOTICE to connecting users - # with the text Welcome to ! after successful registration. - # Defaults to yes. - welcomenotice="yes"> - - -#-#-#-#-#-#-#-#-#-#-#-# PERFORMANCE CONFIGURATION #-#-#-#-#-#-#-#-#-#-# -# # - - - -#-#-#-#-#-#-#-#-#-#-#-# SECURITY CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-# -# # - -