diff options
Diffstat (limited to '')
89 files changed, 256 insertions, 156 deletions
@@ -31,7 +31,8 @@ # Output config, or config for NixOS system outputs = { ... }@inputs: let lib = import ./nix { inherit inputs; }; - in { + in + { nixosConfigurations = { carmel = lib.mkSystem { hostname = "carmel"; }; aptos = lib.mkSystem { hostname = "aptos"; }; diff --git a/home/beets/default.nix b/home/beets/default.nix index 617ff62..c88fd85 100644 --- a/home/beets/default.nix +++ b/home/beets/default.nix @@ -1,6 +1,7 @@ { config, lib, pkgs, ... }: let cfg = config.my.home.beets; -in { +in +{ options.my.home.beets = with lib; { enable = mkEnableOption "beets configuration"; musicDirectory = mkOption { diff --git a/home/bluetooth/default.nix b/home/bluetooth/default.nix index 51ecc4a..d0febca 100644 --- a/home/bluetooth/default.nix +++ b/home/bluetooth/default.nix @@ -1,6 +1,7 @@ { config, lib, ... }: let cfg = config.my.home.bluetooth; -in { +in +{ options.my.home.bluetooth = with lib; { enable = mkEnableOption "bluetooth configuration"; }; diff --git a/home/direnv/default.nix b/home/direnv/default.nix index 26e99f2..f36a66c 100644 --- a/home/direnv/default.nix +++ b/home/direnv/default.nix @@ -2,7 +2,8 @@ let cfg = config.my.home.direnv; fishEnabled = config.my.home.fish.enable; -in { +in +{ options.my.home.direnv = with lib; { enable = mkEnableOption "direnv configuration"; }; diff --git a/home/drone-cli/default.nix b/home/drone-cli/default.nix index 9eeb2e1..948e88a 100644 --- a/home/drone-cli/default.nix +++ b/home/drone-cli/default.nix @@ -1,6 +1,7 @@ { config, lib, pkgs, ... }: let cfg = config.my.home.drone-cli; -in { +in +{ options.my.home.drone-cli = with lib; { enable = mkEnableOption "drone-cli configuration"; }; diff --git a/home/element/default.nix b/home/element/default.nix index 3fcb50e..30021e1 100644 --- a/home/element/default.nix +++ b/home/element/default.nix @@ -1,6 +1,7 @@ { lib, config, pkgs, ... }: let cfg = config.my.home.element; -in { +in +{ options.my.home.element = with lib; { enable = mkEnableOption "element configuration"; }; diff --git a/home/emacs/default.nix b/home/emacs/default.nix index faac80d..4ea337e 100644 --- a/home/emacs/default.nix +++ b/home/emacs/default.nix @@ -1,6 +1,7 @@ { lib, config, pkgs, ... }: let cfg = config.my.home.emacs; -in { +in +{ options.my.home.emacs = with lib; { enable = mkEnableOption "emacs configuration"; }; diff --git a/home/eog/default.nix b/home/eog/default.nix index c7f784b..1fa1108 100644 --- a/home/eog/default.nix +++ b/home/eog/default.nix @@ -1,6 +1,7 @@ { lib, config, pkgs, ... }: let cfg = config.my.home.eog; -in { +in +{ options.my.home.eog = with lib; { enable = mkEnableOption "eog configuration"; }; diff --git a/home/evince/default.nix b/home/evince/default.nix index 16abc57..36dc1dd 100644 --- a/home/evince/default.nix +++ b/home/evince/default.nix @@ -1,6 +1,7 @@ { lib, config, pkgs, ... }: let cfg = config.my.home.evince; -in { +in +{ options.my.home.evince = with lib; { enable = mkEnableOption "evince configuration"; }; diff --git a/home/feh/default.nix b/home/feh/default.nix index 0032252..eda4466 100644 --- a/home/feh/default.nix +++ b/home/feh/default.nix @@ -1,6 +1,7 @@ { config, lib, ... }: let cfg = config.my.home.feh; -in { +in +{ options.my.home.feh = with lib; { enable = mkEnableOption "feh configuration"; }; diff --git a/home/firefox/default.nix b/home/firefox/default.nix index 7b6485d..15677b8 100644 --- a/home/firefox/default.nix +++ b/home/firefox/default.nix @@ -1,6 +1,7 @@ { config, lib, pkgs, ... }: let cfg = config.my.home.firefox; -in { +in +{ options.my.home.firefox = with lib; { enable = mkEnableOption "firefox configuration"; }; diff --git a/home/fish/default.nix b/home/fish/default.nix index 85ff30d..7ff4bbe 100644 --- a/home/fish/default.nix +++ b/home/fish/default.nix @@ -2,7 +2,8 @@ let cfg = config.my.home.fish; swayEnabled = config.my.home.wm.windowManager == "sway"; -in { +in +{ options.my.home.fish = with lib; { enable = mkEnableOption "fish configuration"; }; diff --git a/home/flac/default.nix b/home/flac/default.nix index 137d353..42500af 100644 --- a/home/flac/default.nix +++ b/home/flac/default.nix @@ -1,6 +1,7 @@ { config, lib, pkgs, ... }: let cfg = config.my.home.flac; -in { +in +{ options.my.home.flac = with lib; { enable = mkEnableOption "flac configuration"; }; diff --git a/home/gcloud/default.nix b/home/gcloud/default.nix index 0f6262b..f886586 100644 --- a/home/gcloud/default.nix +++ b/home/gcloud/default.nix @@ -1,6 +1,7 @@ { config, lib, pkgs, ... }: let cfg = config.my.home.gcloud; -in { +in +{ options.my.home.gcloud = with lib; { enable = mkEnableOption "google cloud sdk"; }; diff --git a/home/git/default.nix b/home/git/default.nix index 0d99e69..8043b7b 100644 --- a/home/git/default.nix +++ b/home/git/default.nix @@ -1,7 +1,8 @@ { lib, config, ... }: let cfg = config.my.home.git; -in { +in +{ options.my.home.git = with lib; { enable = mkEnableOption "git configuration"; }; diff --git a/home/go/default.nix b/home/go/default.nix index 24748d0..4cc15ef 100644 --- a/home/go/default.nix +++ b/home/go/default.nix @@ -1,6 +1,7 @@ { lib, config, ... }: let cfg = config.my.home.go; -in { +in +{ options.my.home.go = with lib; { enable = mkEnableOption "go configuration"; }; diff --git a/home/gpg/default.nix b/home/gpg/default.nix index d96c3aa..c3bcd50 100644 --- a/home/gpg/default.nix +++ b/home/gpg/default.nix @@ -1,6 +1,7 @@ { config, lib, ... }: let cfg = config.my.home.gpg; -in { +in +{ options.my.home.gpg = with lib; { enable = mkEnableOption "gpg configuration"; pinentry = mkOption { diff --git a/home/gtk/default.nix b/home/gtk/default.nix index 0dd62cb..4c55f0c 100644 --- a/home/gtk/default.nix +++ b/home/gtk/default.nix @@ -1,6 +1,7 @@ { config, lib, pkgs, ... }: let cfg = config.my.home.gtk; -in { +in +{ options.my.home.gtk = with lib; { enable = mkEnableOption "GTK configuration"; }; diff --git a/home/mail/accounts/default.nix b/home/mail/accounts/default.nix index 1bc1c37..83358f0 100644 --- a/home/mail/accounts/default.nix +++ b/home/mail/accounts/default.nix @@ -1,6 +1,7 @@ { config, lib, pkgs, ... }: let cfg = config.my.home.mail; -in { +in +{ config = lib.mkIf cfg.enable { accounts.email = { accounts = { diff --git a/home/mail/default.nix b/home/mail/default.nix index 4f36e87..88cae37 100644 --- a/home/mail/default.nix +++ b/home/mail/default.nix @@ -2,7 +2,8 @@ let cfg = config.my.home.mail; mkRelatedOption = desc: lib.mkEnableOption desc // { default = cfg.enable; }; -in { +in +{ imports = [ ./accounts ]; options.my.home.mail = with lib; { enable = mkEnableOption "email configuration"; diff --git a/home/mpv/default.nix b/home/mpv/default.nix index b6c2c60..380ce69 100644 --- a/home/mpv/default.nix +++ b/home/mpv/default.nix @@ -1,6 +1,7 @@ { lib, config, pkgs, ... }: let cfg = config.my.home.mpv; -in { +in +{ options.my.home.mpv = with lib; { enable = mkEnableOption "mpv configuration"; }; diff --git a/home/packages/default.nix b/home/packages/default.nix index 806ce31..e6dac4c 100644 --- a/home/packages/default.nix +++ b/home/packages/default.nix @@ -1,6 +1,7 @@ { config, lib, pkgs, ... }: let cfg = config.my.home.packages; -in { +in +{ options.my.home.packages = with lib; { enable = mkEnableOption "user packages"; additionalPackages = mkOption { diff --git a/home/pass/default.nix b/home/pass/default.nix index 3ea7892..d79d486 100644 --- a/home/pass/default.nix +++ b/home/pass/default.nix @@ -1,6 +1,7 @@ { config, lib, pkgs, ... }: let cfg = config.my.home.pass; -in { +in +{ options.my.home.pass = with lib; { enable = mkEnableOption "pass configuration"; }; diff --git a/home/pcmanfm/default.nix b/home/pcmanfm/default.nix index cca8f9a..2babf0c 100644 --- a/home/pcmanfm/default.nix +++ b/home/pcmanfm/default.nix @@ -1,6 +1,7 @@ { lib, config, pkgs, ... }: let cfg = config.my.home.pcmanfm; -in { +in +{ options.my.home.pcmanfm = with lib; { enable = mkEnableOption "pcmanfm configuration"; }; diff --git a/home/python/default.nix b/home/python/default.nix index b34f978..9e72569 100644 --- a/home/python/default.nix +++ b/home/python/default.nix @@ -1,6 +1,7 @@ { config, pkgs, lib, ... }: let cfg = config.my.home.python; -in { +in +{ options.my.home.python = with lib; { enable = mkEnableOption "python configuration"; }; diff --git a/home/scanner/default.nix b/home/scanner/default.nix index aa3da7c..fefbd54 100644 --- a/home/scanner/default.nix +++ b/home/scanner/default.nix @@ -1,6 +1,7 @@ { config, lib, pkgs, ... }: let cfg = config.my.home.scanner; -in { +in +{ options.my.home.scanner = with lib; { enable = mkEnableOption "scanner configuration"; }; diff --git a/home/scripts/perf-flamegraph.nix b/home/scripts/perf-flamegraph.nix index f379591..b974e6b 100644 --- a/home/scripts/perf-flamegraph.nix +++ b/home/scripts/perf-flamegraph.nix @@ -14,7 +14,8 @@ let | ${pkgs.flamegraph}/bin/stackcollapse-perf.pl \ | ${pkgs.flamegraph}/bin/flamegraph.pl > "''${OUT_SVG}" ''; -in { +in +{ config = { home.packages = with pkgs; [ flamegraph perf-flamegraph-process ]; }; diff --git a/home/seahorse/default.nix b/home/seahorse/default.nix index 54688a1..d37395e 100644 --- a/home/seahorse/default.nix +++ b/home/seahorse/default.nix @@ -1,6 +1,7 @@ { lib, config, pkgs, ... }: let cfg = config.my.home.seahorse; -in { +in +{ options.my.home.seahorse = with lib; { enable = mkEnableOption "seahorse configuration"; }; diff --git a/home/ssh/default.nix b/home/ssh/default.nix index 1088e80..eecca99 100644 --- a/home/ssh/default.nix +++ b/home/ssh/default.nix @@ -1,6 +1,7 @@ { config, lib, ... }: let cfg = config.my.home.ssh; -in { +in +{ options.my.home.ssh = with lib; { enable = mkEnableOption "ssh configuration"; }; diff --git a/home/sublime-music/default.nix b/home/sublime-music/default.nix index fad10ac..aa44520 100644 --- a/home/sublime-music/default.nix +++ b/home/sublime-music/default.nix @@ -1,6 +1,7 @@ { lib, config, pkgs, ... }: let cfg = config.my.home.sublime-music; -in { +in +{ options.my.home.sublime-music = with lib; { enable = mkEnableOption "sublime-music configuration"; }; diff --git a/home/terminal/alacritty/default.nix b/home/terminal/alacritty/default.nix index 2bcd041..85d8e4a 100644 --- a/home/terminal/alacritty/default.nix +++ b/home/terminal/alacritty/default.nix @@ -1,6 +1,7 @@ { config, lib, pkgs, ... }: let cfg = config.my.home.terminal; -in { +in +{ config = lib.mkIf (cfg.program == "alacritty") { programs.alacritty = { enable = true; diff --git a/home/terminal/default.nix b/home/terminal/default.nix index e1ff0d7..68dcf4b 100644 --- a/home/terminal/default.nix +++ b/home/terminal/default.nix @@ -1,6 +1,7 @@ { config, lib, ... }: let cfg = config.my.home.terminal; -in { +in +{ imports = [ ./alacritty ]; options.my.home = with lib; { terminal = { diff --git a/home/tmux/default.nix b/home/tmux/default.nix index 499a64b..a30bd28 100644 --- a/home/tmux/default.nix +++ b/home/tmux/default.nix @@ -1,6 +1,7 @@ { config, lib, pkgs, ... }: let cfg = config.my.home.tmux; -in { +in +{ options.my.home.tmux = with lib; { enable = mkEnableOption "tmux terminal multiplexer"; }; diff --git a/home/transmission-remote/default.nix b/home/transmission-remote/default.nix index 29c070b..629e382 100644 --- a/home/transmission-remote/default.nix +++ b/home/transmission-remote/default.nix @@ -1,6 +1,7 @@ { lib, config, pkgs, ... }: let cfg = config.my.home.transmission-remote; -in { +in +{ options.my.home.transmission-remote = with lib; { enable = mkEnableOption "transmission-remote configuration"; }; diff --git a/home/vlc/default.nix b/home/vlc/default.nix index f7ad141..c06994b 100644 --- a/home/vlc/default.nix +++ b/home/vlc/default.nix @@ -1,6 +1,7 @@ { lib, config, pkgs, ... }: let cfg = config.my.home.vlc; -in { +in +{ options.my.home.vlc = with lib; { enable = mkEnableOption "vlc configuration"; }; diff --git a/home/wm/default.nix b/home/wm/default.nix index 27a8bf4..0125dd1 100644 --- a/home/wm/default.nix +++ b/home/wm/default.nix @@ -2,10 +2,12 @@ let mkRelatedOption = description: relatedWMs: let isActivatedWm = wm: config.my.home.wm.windowManager == wm; - in (lib.mkEnableOption description) // { + in + (lib.mkEnableOption description) // { default = builtins.any isActivatedWm relatedWMs; }; -in { +in +{ imports = [ ./sway ./waybar ./mako ./swaylock ./wofi ./gammastep ]; options.my.home.wm = with lib; { windowManager = mkOption { diff --git a/home/wm/gammastep/default.nix b/home/wm/gammastep/default.nix index 0a9c684..4530126 100644 --- a/home/wm/gammastep/default.nix +++ b/home/wm/gammastep/default.nix @@ -1,6 +1,7 @@ { config, lib, pkgs, ... }: let isEnabled = config.my.home.wm.windowManager == "sway"; -in { +in +{ config = lib.mkIf isEnabled { services.gammastep = { enable = true; diff --git a/home/wm/mako/default.nix b/home/wm/mako/default.nix index 3a13620..665707d 100644 --- a/home/wm/mako/default.nix +++ b/home/wm/mako/default.nix @@ -1,6 +1,7 @@ { config, lib, pkgs, ... }: let isEnabled = config.my.home.wm.windowManager == "sway"; -in { +in +{ config = lib.mkIf isEnabled { home.packages = [ pkgs.libnotify # to send notifications diff --git a/home/wm/sway/default.nix b/home/wm/sway/default.nix index ba70992..d3b758d 100644 --- a/home/wm/sway/default.nix +++ b/home/wm/sway/default.nix @@ -3,7 +3,8 @@ let isEnabled = config.my.home.wm.windowManager == "sway"; terminal = config.my.home.terminal.program; modifier = "Mod4"; # `Super` key -in { +in +{ config = lib.mkIf isEnabled { home.packages = with pkgs; [ wlogout diff --git a/home/wm/swaylock/default.nix b/home/wm/swaylock/default.nix index 3df802a..803a7c3 100644 --- a/home/wm/swaylock/default.nix +++ b/home/wm/swaylock/default.nix @@ -1,6 +1,7 @@ { config, lib, pkgs, ... }: let isEnabled = config.my.home.wm.windowManager == "sway"; -in { +in +{ config = lib.mkIf isEnabled { xdg.configFile."swaylock/config" = { source = ./config; }; diff --git a/home/wm/waybar/default.nix b/home/wm/waybar/default.nix index c1bf601..1aab182 100644 --- a/home/wm/waybar/default.nix +++ b/home/wm/waybar/default.nix @@ -1,6 +1,7 @@ { config, lib, pkgs, ... }: let isEnabled = config.my.home.wm.windowManager == "sway"; -in { +in +{ config = lib.mkIf isEnabled { programs.waybar = { enable = true; diff --git a/home/wm/wofi/default.nix b/home/wm/wofi/default.nix index ad3c759..7f8a92b 100644 --- a/home/wm/wofi/default.nix +++ b/home/wm/wofi/default.nix @@ -1,6 +1,7 @@ { config, lib, pkgs, ... }: let isEnabled = config.my.home.wm.windowManager == "sway"; -in { +in +{ config = lib.mkIf isEnabled { home.packages = with pkgs; [ wofi ]; xdg.configFile."wofi/config".source = ./config; diff --git a/home/xdg/default.nix b/home/xdg/default.nix index 133b0ad..eda2211 100644 --- a/home/xdg/default.nix +++ b/home/xdg/default.nix @@ -1,6 +1,7 @@ { config, lib, pkgs, ... }: let cfg = config.my.home.xdg; -in { +in +{ options.my.home.xdg = with lib; { enable = mkEnableOption "XDG configuration"; }; diff --git a/home/yt-dlp/default.nix b/home/yt-dlp/default.nix index 4e9cdf4..4ac1fb9 100644 --- a/home/yt-dlp/default.nix +++ b/home/yt-dlp/default.nix @@ -1,6 +1,7 @@ { config, lib, pkgs, ... }: let cfg = config.my.home.yt-dlp; -in { +in +{ options.my.home.yt-dlp = with lib; { enable = mkEnableOption "yt-dlp configuration"; }; diff --git a/home/zsh/default.nix b/home/zsh/default.nix index 086c17e..21dbedd 100644 --- a/home/zsh/default.nix +++ b/home/zsh/default.nix @@ -1,6 +1,7 @@ { config, pkgs, lib, ... }: let cfg = config.my.home.zsh; -in { +in +{ options.my.home.zsh = with lib; { enable = mkEnableOption "zsh configuration"; }; diff --git a/hosts/aptos/default.nix b/hosts/aptos/default.nix index 70a79ed..8c26668 100644 --- a/hosts/aptos/default.nix +++ b/hosts/aptos/default.nix @@ -1,7 +1,8 @@ { config, pkgs, hostname, ... }: { - imports = [ # Include the results of the hardware scan. + imports = [ + # Include the results of the hardware scan. ./hardware.nix ./sound.nix ./networking.nix diff --git a/hosts/aptos/secrets/secrets.nix b/hosts/aptos/secrets/secrets.nix index 9e503b2..674af9b 100644 --- a/hosts/aptos/secrets/secrets.nix +++ b/hosts/aptos/secrets/secrets.nix @@ -3,7 +3,8 @@ let "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIdlm/qoR/dnMjZhVSTtqFzkgN3Yf9eQ3pgKMiipg+dl"; aptos = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOTcPGaiL+/Mwl8JzLHrBwas7QvWPjix4lnaAA1tw+5t"; -in { +in +{ "wireguard_privatekey.age".publicKeys = [ fcuny aptos ]; "syncthing/key.age" = { diff --git a/hosts/aptos/services.nix b/hosts/aptos/services.nix index ab8efe5..1886ca7 100644 --- a/hosts/aptos/services.nix +++ b/hosts/aptos/services.nix @@ -1,6 +1,7 @@ { config, ... }: let secrets = config.age.secrets; -in { +in +{ my.services = { # monitors and controls temperature thermald.enable = true; diff --git a/hosts/tahoe/secrets/secrets.nix b/hosts/tahoe/secrets/secrets.nix index 79273b8..031426f 100644 --- a/hosts/tahoe/secrets/secrets.nix +++ b/hosts/tahoe/secrets/secrets.nix @@ -4,7 +4,8 @@ let tahoe = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEq1IQRvj2jofCHOO6M28w2SRdgtHU06NJvwAwv/b69F"; all = [ fcuny_aptos tahoe ]; -in { +in +{ "wireguard_privatekey.age".publicKeys = all; "acme/credentials.age".publicKeys = all; diff --git a/hosts/tahoe/services.nix b/hosts/tahoe/services.nix index a9c3605..75aea22 100644 --- a/hosts/tahoe/services.nix +++ b/hosts/tahoe/services.nix @@ -1,6 +1,7 @@ { config, ... }: let secrets = config.age.secrets; -in { +in +{ my.services = { samba = { enable = true; diff --git a/modules/hardware/amd/default.nix b/modules/hardware/amd/default.nix index 05362db..e8b80b0 100644 --- a/modules/hardware/amd/default.nix +++ b/modules/hardware/amd/default.nix @@ -1,6 +1,7 @@ { config, lib, ... }: let cfg = config.my.hardware.amd; -in { +in +{ options.my.hardware.amd = with lib; { enable = mkEnableOption "AMD related configuration"; }; diff --git a/modules/hardware/bluetooth/default.nix b/modules/hardware/bluetooth/default.nix index 0ac2cf8..b48c51c 100644 --- a/modules/hardware/bluetooth/default.nix +++ b/modules/hardware/bluetooth/default.nix @@ -1,6 +1,7 @@ { config, lib, pkgs, ... }: let cfg = config.my.hardware.bluetooth; -in { +in +{ options.my.hardware.bluetooth = with lib; { enable = mkEnableOption "bluetooth configuration"; }; diff --git a/modules/hardware/intel/default.nix b/modules/hardware/intel/default.nix index 9a53f35..26d9877 100644 --- a/modules/hardware/intel/default.nix +++ b/modules/hardware/intel/default.nix @@ -1,6 +1,7 @@ { config, lib, ... }: let cfg = config.my.hardware.intel; -in { +in +{ options.my.hardware.intel = with lib; { enable = mkEnableOption "intel related configuration"; }; diff --git a/modules/hardware/networking/default.nix b/modules/hardware/networking/default.nix index d19388b..fac6c30 100644 --- a/modules/hardware/networking/default.nix +++ b/modules/hardware/networking/default.nix @@ -1,6 +1,7 @@ { config, lib, ... }: let cfg = config.my.hardware.networking; -in { +in +{ options.my.hardware.networking = with lib; { wireless = { enable = mkEnableOption "wireless configuration"; }; }; diff --git a/modules/hardware/sound/default.nix b/modules/hardware/sound/default.nix index dc9f079..edb937e 100644 --- a/modules/hardware/sound/default.nix +++ b/modules/hardware/sound/default.nix @@ -1,6 +1,7 @@ { config, lib, pkgs, ... }: let cfg = config.my.hardware.sound; -in { +in +{ options.my.hardware.sound = with lib; { pipewire = { enable = mkEnableOption "pipewire configuration"; }; }; diff --git a/modules/home/default.nix b/modules/home/default.nix index 0261128..d90e6d2 100644 --- a/modules/home/default.nix +++ b/modules/home/default.nix @@ -4,7 +4,8 @@ let aliasPath = [ "my" "home" ]; cfg = config.my.user.home; -in { +in +{ imports = [ inputs.home-manager.nixosModule # enable home-manager options (lib.mkAliasOptionModule aliasPath diff --git a/modules/programs/sway/default.nix b/modules/programs/sway/default.nix index 1fb4c00..afb3204 100644 --- a/modules/programs/sway/default.nix +++ b/modules/programs/sway/default.nix @@ -1,6 +1,7 @@ { pkgs, config, lib, ... }: let cfg = config.my.programs.sway; -in { +in +{ options.my.programs.sway = with lib; { enable = mkEnableOption "sway configuration"; }; diff --git a/modules/secrets/default.nix b/modules/secrets/default.nix index 04d1bfe..912d556 100644 --- a/modules/secrets/default.nix +++ b/modules/secrets/default.nix @@ -4,31 +4,34 @@ with lib; let secretsDir = "${toString ../../hosts}/${config.networking.hostName}/secrets"; secretsFile = "${secretsDir}/secrets.nix"; -in { +in +{ imports = [ inputs.agenix.nixosModules.age ]; config.age = { - secrets = let - toName = lib.removeSuffix ".age"; - userExists = u: builtins.hasAttr u config.users.users; - groupExists = g: builtins.hasAttr g config.users.groups; + secrets = + let + toName = lib.removeSuffix ".age"; + userExists = u: builtins.hasAttr u config.users.users; + groupExists = g: builtins.hasAttr g config.users.groups; - # Only set the user and/or group if they exist, to avoid warnings - userIfExists = u: if userExists u then u else "root"; - groupIfExists = g: if groupExists g then g else "root"; + # Only set the user and/or group if they exist, to avoid warnings + userIfExists = u: if userExists u then u else "root"; + groupIfExists = g: if groupExists g then g else "root"; - toSecret = name: - { owner ? "root", group ? "root", mode ? "0400", ... }: { - file = "${secretsDir}/${name}"; - owner = lib.mkDefault (userIfExists owner); - group = lib.mkDefault (groupIfExists group); - mode = mode; - }; - in if pathExists secretsFile then - mapAttrs' (n: v: nameValuePair (toName n) (toSecret n v)) - (import secretsFile) - else - { }; + toSecret = name: + { owner ? "root", group ? "root", mode ? "0400", ... }: { + file = "${secretsDir}/${name}"; + owner = lib.mkDefault (userIfExists owner); + group = lib.mkDefault (groupIfExists group); + mode = mode; + }; + in + if pathExists secretsFile then + mapAttrs' (n: v: nameValuePair (toName n) (toSecret n v)) + (import secretsFile) + else + { }; identityPaths = options.age.identityPaths.default ++ (filter pathExists [ "${config.users.users.fcuny.home}/.ssh/id_ed25519" ]); }; diff --git a/modules/services/avahi/default.nix b/modules/services/avahi/default.nix index bef6b17..8275f02 100644 --- a/modules/services/avahi/default.nix +++ b/modules/services/avahi/default.nix @@ -1,6 +1,7 @@ { config, pkgs, lib, ... }: let cfg = config.my.services.avahi; -in { +in +{ options.my.services.avahi = with lib; { enable = mkEnableOption "avahi service"; }; diff --git a/modules/services/backup/default.nix b/modules/services/backup/default.nix index e935b64..04b4e1f 100644 --- a/modules/services/backup/default.nix +++ b/modules/services/backup/default.nix @@ -5,7 +5,8 @@ let with pkgs; "--exclude-file=" + (writeText "excludes.txt" (concatStringsSep "\n" cfg.exclude)); -in { +in +{ options.my.services.backup = with lib; { enable = mkEnableOption "Enable backups for this host"; diff --git a/modules/services/buildkite/default.nix b/modules/services/buildkite/default.nix index 72d5e08..45c7e4f 100644 --- a/modules/services/buildkite/default.nix +++ b/modules/services/buildkite/default.nix @@ -14,7 +14,8 @@ let ln -s ${my-gerrit-hook "post-command"} $out/bin/post-command ''; -in { +in +{ options.my.services.buildkite = with lib; { enable = mkEnableOption "buildkite agent"; }; @@ -22,37 +23,41 @@ in { config = lib.mkIf cfg.enable { # see https://buildkite.com/docs/agent/v3 # and https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/continuous-integration/buildkite-agents.nix - services.buildkite-agents = lib.listToAttrs (map (n: rec { - name = "builder-${toString n}"; - value = { - inherit name; - enable = true; - tokenPath = secrets."buildkite/agent".path; - hooks.post-command = "${buildkiteHooks}/bin/post-command"; - runtimePackages = with pkgs; [ - bash - coreutils - curl - git - gnutar - gzip - jq - nix - ]; - }; - }) agents); + services.buildkite-agents = lib.listToAttrs (map + (n: rec { + name = "builder-${toString n}"; + value = { + inherit name; + enable = true; + tokenPath = secrets."buildkite/agent".path; + hooks.post-command = "${buildkiteHooks}/bin/post-command"; + runtimePackages = with pkgs; [ + bash + coreutils + curl + git + gnutar + gzip + jq + nix + ]; + }; + }) + agents); # Set up a group for all Buildkite agent users users = { groups.buildkite-agents = { }; - users = builtins.listToAttrs (map (n: rec { - name = "buildkite-agent-builder-${toString n}"; - value = { - isSystemUser = true; - group = lib.mkForce "buildkite-agents"; - extraGroups = [ name "docker" ]; - }; - }) agents); + users = builtins.listToAttrs (map + (n: rec { + name = "buildkite-agent-builder-${toString n}"; + value = { + isSystemUser = true; + group = lib.mkForce "buildkite-agents"; + extraGroups = [ name "docker" ]; + }; + }) + agents); }; }; } diff --git a/modules/services/cgit/default.nix b/modules/services/cgit/default.nix index 84f8e01..26e5296 100644 --- a/modules/services/cgit/default.nix +++ b/modules/services/cgit/default.nix @@ -49,7 +49,8 @@ let project-list=/var/lib/cgit/cache/projects.list scan-path=/var/lib/gerrit/git ''; -in { +in +{ options.my.services.cgit = with lib; { enable = mkEnableOption "git web viewer"; }; diff --git a/modules/services/drone/runner-docker/default.nix b/modules/services/drone/runner-docker/default.nix index d701c18..428a8d6 100644 --- a/modules/services/drone/runner-docker/default.nix +++ b/modules/services/drone/runner-docker/default.nix @@ -3,7 +3,8 @@ let cfg = config.my.services.drone; hasRunner = (name: builtins.elem name cfg.runners); dockerPkg = pkgs.drone-runner-docker; -in { +in +{ config = lib.mkIf (cfg.enable && hasRunner "docker") { systemd.services.drone-runner-docker = { wantedBy = [ "multi-user.target" ]; diff --git a/modules/services/drone/runner-exec/default.nix b/modules/services/drone/runner-exec/default.nix index 9222200..01cc11b 100644 --- a/modules/services/drone/runner-exec/default.nix +++ b/modules/services/drone/runner-exec/default.nix @@ -3,7 +3,8 @@ let cfg = config.my.services.drone; hasRunner = (name: builtins.elem name cfg.runners); execPkg = pkgs.drone-runner-exec; -in { +in +{ config = lib.mkIf (cfg.enable && hasRunner "exec") { systemd.services.drone-runner-exec = { wantedBy = [ "multi-user.target" ]; diff --git a/modules/services/drone/server/default.nix b/modules/services/drone/server/default.nix index abd323f..97e20a3 100644 --- a/modules/services/drone/server/default.nix +++ b/modules/services/drone/server/default.nix @@ -2,7 +2,8 @@ let cfg = config.my.services.drone; secrets = config.age.secrets; -in { +in +{ config = lib.mkIf cfg.enable { systemd.services.drone-server = { wantedBy = [ "multi-user.target" ]; diff --git a/modules/services/gerrit/default.nix b/modules/services/gerrit/default.nix index 81a30e7..a55bdda 100644 --- a/modules/services/gerrit/default.nix +++ b/modules/services/gerrit/default.nix @@ -17,7 +17,8 @@ let "https://github.com/davido/gerrit-oauth-provider/releases/download/v3.5.1/gerrit-oauth-provider.jar"; sha256 = "312dc494c454ac15f89a289f95ea4c11344add26804aaa6a3b79d49fd92adc69"; }; -in { +in +{ options.my.services.gerrit = with lib; { enable = mkEnableOption "gerrit git server"; vhostName = mkOption { diff --git a/modules/services/gitea/default.nix b/modules/services/gitea/default.nix index e5a3db7..ece75de 100644 --- a/modules/services/gitea/default.nix +++ b/modules/services/gitea/default.nix @@ -1,6 +1,7 @@ { config, pkgs, lib, ... }: let cfg = config.my.services.gitea; -in { +in +{ options.my.services.gitea = with lib; { enable = mkEnableOption "gitea git server"; stateDir = mkOption { diff --git a/modules/services/gnome/default.nix b/modules/services/gnome/default.nix index 0fc91e5..0ea32d2 100644 --- a/modules/services/gnome/default.nix +++ b/modules/services/gnome/default.nix @@ -1,6 +1,7 @@ { config, pkgs, lib, ... }: let cfg = config.my.services.gnome; -in { +in +{ options.my.services.gnome = with lib; { enable = mkEnableOption "gnome"; }; config = lib.mkIf cfg.enable { diff --git a/modules/services/grafana/default.nix b/modules/services/grafana/default.nix index fd80263..063a1c9 100644 --- a/modules/services/grafana/default.nix +++ b/modules/services/grafana/default.nix @@ -2,7 +2,8 @@ let cfg = config.my.services.grafana; secrets = config.age.secrets; -in { +in +{ options.my.services.grafana = with lib; { enable = mkEnableOption "grafana observability stack"; vhostName = mkOption { diff --git a/modules/services/metrics-exporter/default.nix b/modules/services/metrics-exporter/default.nix index b461bd2..f489f78 100644 --- a/modules/services/metrics-exporter/default.nix +++ b/modules/services/metrics-exporter/default.nix @@ -1,6 +1,7 @@ { config, pkgs, lib, ... }: let cfg = config.my.services.metrics-exporter; -in { +in +{ options.my.services.metrics-exporter = with lib; { enable = mkEnableOption "Prometheus metrics exporter"; }; diff --git a/modules/services/navidrome/default.nix b/modules/services/navidrome/default.nix index 55c7345..280da90 100644 --- a/modules/services/navidrome/default.nix +++ b/modules/services/navidrome/default.nix @@ -2,7 +2,8 @@ let cfg = config.my.services.navidrome; secrets = config.age.secrets; -in { +in +{ options.my.services.navidrome = with lib; { enable = mkEnableOption "Navidrome Music Server"; vhostName = mkOption { diff --git a/modules/services/nginx/default.nix b/modules/services/nginx/default.nix index ad15f33..d93da7a 100644 --- a/modules/services/nginx/default.nix +++ b/modules/services/nginx/default.nix @@ -1,6 +1,7 @@ { config, lib, pkgs, ... }: let cfg = config.my.services.nginx; -in { +in +{ options.my.services.nginx = with lib; { enable = mkEnableOption "Nginx"; }; config = lib.mkIf cfg.enable { services.nginx = { diff --git a/modules/services/nginx/sso/default.nix b/modules/services/nginx/sso/default.nix index 27ed7d6..d7a6c7f 100644 --- a/modules/services/nginx/sso/default.nix +++ b/modules/services/nginx/sso/default.nix @@ -4,7 +4,8 @@ let cfg = config.services.nginx.sso; pkg = lib.getBin cfg.package; confPath = "/var/lib/nginx-sso/config.json"; -in { +in +{ disabledModules = [ "services/security/nginx-sso.nix" ]; options.services.nginx.sso = with lib; { enable = mkEnableOption "nginx-sso service"; diff --git a/modules/services/prometheus/default.nix b/modules/services/prometheus/default.nix index 0c66f47..5228083 100644 --- a/modules/services/prometheus/default.nix +++ b/modules/services/prometheus/default.nix @@ -46,7 +46,8 @@ let regex = "192.168.6.20:(.*)"; } ]; -in { +in +{ options.my.services.prometheus = with lib; { enable = mkEnableOption "Prometheus monitoring solution"; }; diff --git a/modules/services/rclone/default.nix b/modules/services/rclone/default.nix index afba321..cbef0c3 100644 --- a/modules/services/rclone/default.nix +++ b/modules/services/rclone/default.nix @@ -2,7 +2,8 @@ let cfg = config.my.services.rclone; secrets = config.age.secrets; -in { +in +{ options.my.services.rclone = with lib; { enable = mkEnableOption "rclone backup service"; }; @@ -18,19 +19,21 @@ in { }; services.rclone-sync = { description = "synchronize restic repository to GCS"; - serviceConfig = let - rcloneOptions = "--config=${ + serviceConfig = + let + rcloneOptions = "--config=${ secrets."rclone/config.ini".path } --gcs-service-account-file=${ secrets."rclone/gcs_service_account.json".path } --fast-list --verbose"; - in { - Type = "oneshot"; - ExecStart = [ - "${pkgs.rclone}/bin/rclone ${rcloneOptions} sync /data/slow/backups/systems gbackup:fcuny-backups-systems" - "${pkgs.rclone}/bin/rclone ${rcloneOptions} sync /data/slow/backups/users gbackup:fcuny-backups-users" - ]; - }; + in + { + Type = "oneshot"; + ExecStart = [ + "${pkgs.rclone}/bin/rclone ${rcloneOptions} sync /data/slow/backups/systems gbackup:fcuny-backups-systems" + "${pkgs.rclone}/bin/rclone ${rcloneOptions} sync /data/slow/backups/users gbackup:fcuny-backups-users" + ]; + }; }; }; }; diff --git a/modules/services/samba/default.nix b/modules/services/samba/default.nix index b5d150d..6dc6671 100644 --- a/modules/services/samba/default.nix +++ b/modules/services/samba/default.nix @@ -12,7 +12,8 @@ let "force user" = "nobody"; }; }; -in { +in +{ options.my.services.samba = with lib; { enable = mkEnableOption "Samba"; publicShares = mkOption { diff --git a/modules/services/sourcegraph/default.nix b/modules/services/sourcegraph/default.nix index e533b9d..10c1880 100644 --- a/modules/services/sourcegraph/default.nix +++ b/modules/services/sourcegraph/default.nix @@ -2,7 +2,8 @@ let cfg = config.my.services.sourcegraph; secrets = config.age.secrets; -in { +in +{ options.my.services.sourcegraph = with lib; { enable = mkEnableOption "sourcegraph server"; vhostName = mkOption { diff --git a/modules/services/syncthing/default.nix b/modules/services/syncthing/default.nix index 7f7ed3a..7f795bf 100644 --- a/modules/services/syncthing/default.nix +++ b/modules/services/syncthing/default.nix @@ -2,7 +2,8 @@ let cfg = config.my.services.syncthing; secrets = config.age.secrets; -in { +in +{ options.my.services.syncthing = with lib; { enable = mkEnableOption "syncthing service"; }; diff --git a/modules/services/tailscale/default.nix b/modules/services/tailscale/default.nix index 73cf06b..14753f4 100644 --- a/modules/services/tailscale/default.nix +++ b/modules/services/tailscale/default.nix @@ -1,6 +1,7 @@ { config, lib, ... }: let cfg = config.my.services.tailscale; -in { +in +{ options.my.services.tailscale = with lib; { enable = mkEnableOption "tailscale configuration"; diff --git a/modules/services/thermald/default.nix b/modules/services/thermald/default.nix index 8325b86..78a1ac4 100644 --- a/modules/services/thermald/default.nix +++ b/modules/services/thermald/default.nix @@ -1,7 +1,8 @@ # thermal control management { config, lib, ... }: let cfg = config.my.services.thermald; -in { +in +{ options.my.services.thermald = { enable = lib.mkEnableOption "thermald configuration"; }; diff --git a/modules/services/tlp/default.nix b/modules/services/tlp/default.nix index 2f818e5..dc640f7 100644 --- a/modules/services/tlp/default.nix +++ b/modules/services/tlp/default.nix @@ -1,7 +1,8 @@ # TLP power management { config, lib, ... }: let cfg = config.my.services.tlp; -in { +in +{ options.my.services.tlp = { enable = lib.mkEnableOption "TLP power management configuration"; }; diff --git a/modules/services/transmission/default.nix b/modules/services/transmission/default.nix index 57bea77..c44034b 100644 --- a/modules/services/transmission/default.nix +++ b/modules/services/transmission/default.nix @@ -2,7 +2,8 @@ let cfg = config.my.services.transmission; secrets = config.age.secrets; -in { +in +{ options.my.services.transmission = with lib; { enable = mkEnableOption "transmission torrent server"; vhostName = mkOption { diff --git a/modules/services/unifi/default.nix b/modules/services/unifi/default.nix index 3c70238..a311755 100644 --- a/modules/services/unifi/default.nix +++ b/modules/services/unifi/default.nix @@ -17,7 +17,8 @@ let 10001 # UDP port used for device discovery. ]; }; -in { +in +{ options.my.services.unifi = with lib; { enable = mkEnableOption "Unifi controller"; vhostName = mkOption { diff --git a/modules/system/boot/default.nix b/modules/system/boot/default.nix index b037f63..cac1cec 100644 --- a/modules/system/boot/default.nix +++ b/modules/system/boot/default.nix @@ -1,6 +1,7 @@ { pkgs, config, lib, ... }: let cfg = config.my.system.boot; -in { +in +{ options.my.system.boot = with lib; { tmp = { clean = mkEnableOption "clean `/tmp` on boot."; }; initrd = { diff --git a/modules/system/fonts/default.nix b/modules/system/fonts/default.nix index df01140..71a7fdb 100644 --- a/modules/system/fonts/default.nix +++ b/modules/system/fonts/default.nix @@ -1,6 +1,7 @@ { pkgs, config, lib, ... }: let cfg = config.my.systems.fonts; -in { +in +{ options.my.systems.fonts = with lib; { enable = mkEnableOption "fonts configuration"; }; diff --git a/modules/system/packages/default.nix b/modules/system/packages/default.nix index d260f20..84cfac2 100644 --- a/modules/system/packages/default.nix +++ b/modules/system/packages/default.nix @@ -2,7 +2,8 @@ { config, lib, pkgs, ... }: with lib; let linuxpkgs = config.boot.kernelPackages; -in { +in +{ # It's always useful to have bash around environment.shells = with pkgs; [ bashInteractive ]; diff --git a/modules/system/users/default.nix b/modules/system/users/default.nix index 3086f18..98e9801 100644 --- a/modules/system/users/default.nix +++ b/modules/system/users/default.nix @@ -2,7 +2,8 @@ let groupExists = grp: builtins.hasAttr grp config.users.groups; groupsIfExist = builtins.filter groupExists; -in { +in +{ # Users are managed through this configuration. If a user is added # manually, it will be removed on system activation. users.mutableUsers = false; diff --git a/nix/mkSystem.nix b/nix/mkSystem.nix index 28e42b1..88d6f99 100644 --- a/nix/mkSystem.nix +++ b/nix/mkSystem.nix @@ -21,7 +21,8 @@ inputs.nixpkgs.lib.nixosSystem { }; # Add each input as a registry nix.registry = inputs.nixpkgs.lib.mapAttrs' - (n: v: inputs.nixpkgs.lib.nameValuePair (n) ({ flake = v; })) inputs; + (n: v: inputs.nixpkgs.lib.nameValuePair (n) ({ flake = v; })) + inputs; } ]; } diff --git a/nix/private-wireguard.nix b/nix/private-wireguard.nix index 706dfd8..8e5d74c 100644 --- a/nix/private-wireguard.nix +++ b/nix/private-wireguard.nix @@ -10,7 +10,8 @@ let allPeers = wgcfg.peers; thisPeer = allPeers."${hostname}" or null; otherPeers = lib.filterAttrs (n: v: n != hostname) allPeers; -in { +in +{ options.networking.private-wireguard = { enable = mkEnableOption "Enable private wireguard vpn connection"; }; @@ -24,17 +25,19 @@ in { "${wgcfg.subnet4}.${toString thisPeer.ipv4}/${toString wgcfg.mask4}" ]; - peers = lib.mapAttrsToList (name: peer: - { - allowedIPs = [ - "${wgcfg.subnet4}.${toString peer.ipv4}/${toString wgcfg.mask4}" - ]; - publicKey = peer.key; - } // lib.optionalAttrs (peer ? externalIp) { - endpoint = "${peer.externalIp}:${toString port}"; - } // lib.optionalAttrs (!(thisPeer ? externalIp)) { - persistentKeepalive = 10; - }) otherPeers; + peers = lib.mapAttrsToList + (name: peer: + { + allowedIPs = [ + "${wgcfg.subnet4}.${toString peer.ipv4}/${toString wgcfg.mask4}" + ]; + publicKey = peer.key; + } // lib.optionalAttrs (peer ? externalIp) { + endpoint = "${peer.externalIp}:${toString port}"; + } // lib.optionalAttrs (!(thisPeer ? externalIp)) { + persistentKeepalive = 10; + }) + otherPeers; }; }; }; |