From ba7c3392b97518bdba608d913f01c1e36839233e Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Thu, 26 Mar 2026 14:00:25 +0100 Subject: [PATCH] wooooooot, we're compiling again --- flake.lock | 124 ++-- flake.nix | 36 +- lib/default.nix | 36 -- lib/strings/default.nix | 56 +- machines/ulmo/configuration.nix | 549 +++++++++--------- machines/ulmo/hardware.nix | 24 +- .../home/application/bitwarden/default.nix | 14 +- modules/home/application/chrome/default.nix | 1 - modules/home/application/discord/default.nix | 1 - modules/home/application/ladybird/default.nix | 14 +- modules/home/application/matrix/default.nix | 14 +- modules/home/application/obs/default.nix | 1 - .../home/application/onlyoffice/default.nix | 1 - modules/home/application/signal/default.nix | 14 +- modules/home/application/steam/default.nix | 1 - modules/home/application/studio/default.nix | 16 +- .../home/application/teamspeak/default.nix | 12 +- .../home/application/thunderbird/default.nix | 16 +- modules/home/application/zen/default.nix | 1 - modules/home/default.nix | 1 - modules/home/desktop/plasma/default.nix | 14 +- modules/home/development/dotnet/default.nix | 13 +- .../home/development/javascript/default.nix | 13 +- modules/home/development/rust/default.nix | 1 - modules/home/editor/nano/default.nix | 1 - modules/home/editor/nvim/default.nix | 1 - modules/home/editor/zed/default.nix | 14 +- modules/home/game/minecraft/default.nix | 1 - modules/home/shell/default.nix | 17 +- modules/home/shell/toolset/bat/default.nix | 1 - modules/home/shell/toolset/btop/default.nix | 1 - modules/home/shell/toolset/eza/default.nix | 1 - modules/home/shell/toolset/fzf/default.nix | 1 - modules/home/shell/toolset/git/default.nix | 1 - modules/home/shell/toolset/gnugpg/default.nix | 1 - modules/home/shell/toolset/just/default.nix | 1 - .../home/shell/toolset/starship/default.nix | 13 +- modules/home/shell/toolset/tmux/default.nix | 17 +- modules/home/shell/toolset/yazi/default.nix | 1 - modules/home/shell/toolset/zellij/default.nix | 13 +- modules/home/shell/toolset/zoxide/default.nix | 1 - modules/home/shell/zsh/default.nix | 11 +- modules/home/terminal/alacritty/default.nix | 1 - modules/home/terminal/ghostty/default.nix | 1 - modules/home/themes/default.nix | 1 - modules/nixos/application/steam.nix | 2 +- modules/nixos/boot/default.nix | 1 - modules/nixos/desktop/cosmic/default.nix | 1 - modules/nixos/desktop/default.nix | 1 - modules/nixos/desktop/gamescope/default.nix | 1 - modules/nixos/desktop/gnome/default.nix | 1 - modules/nixos/desktop/plasma/default.nix | 1 - modules/nixos/editor/nano/default.nix | 12 +- modules/nixos/editor/nvim/default.nix | 16 +- modules/nixos/hardware/audio/default.nix | 11 +- modules/nixos/hardware/bluetooth/default.nix | 12 +- modules/nixos/hardware/gpu/amd/default.nix | 1 - modules/nixos/hardware/gpu/nvidia.nix | 13 +- modules/nixos/hardware/gpu/nvidia/default.nix | 1 - modules/nixos/hardware/keyboard/voyager.nix | 1 - modules/nixos/nix/default.nix | 1 - .../authentication/authelia/default.nix | 1 - .../authentication/himmelblau/default.nix | 1 - .../authentication/zitadel/default.nix | 6 +- .../nixos/services/backup/borg/default.nix | 11 +- .../services/communication/matrix/default.nix | 1 - .../services/development/forgejo/default.nix | 1 - .../services/games/minecraft/default.nix | 1 - modules/nixos/services/games/openrct.nix | 1 - .../nixos/services/games/palworld/default.nix | 1 - modules/nixos/services/media/default.nix | 1 - .../nixos/services/media/glance/default.nix | 1 - .../nixos/services/media/jellyfin/default.nix | 1 - .../nixos/services/media/mydia/default.nix | 1 - .../services/media/nextcloud/default.nix | 1 - modules/nixos/services/media/nfs/default.nix | 12 +- .../nixos/services/media/servarr/default.nix | 5 +- .../services/networking/caddy/default.nix | 3 +- .../nixos/services/networking/ssh/default.nix | 1 - .../services/networking/wireguard/default.nix | 2 +- .../observability/grafana/default.nix | 1 - .../services/observability/loki/default.nix | 1 - .../observability/prometheus/default.nix | 19 +- .../observability/promtail/default.nix | 1 - .../observability/uptime-kuma/default.nix | 1 - .../persistance/postgesql/default.nix | 1 - .../services/security/vaultwarden/default.nix | 76 +-- .../virtualisation/podman/default.nix | 1 - modules/nixos/shells/zsh/default.nix | 1 - modules/nixos/system/networking/default.nix | 11 +- .../nixos/system/security/boot/default.nix | 1 - modules/nixos/system/security/default.nix | 1 - .../nixos/system/security/sops/default.nix | 5 +- .../nixos/system/security/sudo/default.nix | 10 +- 94 files changed, 654 insertions(+), 677 deletions(-) diff --git a/flake.lock b/flake.lock index 95c27cc..ec40c5c 100644 --- a/flake.lock +++ b/flake.lock @@ -71,15 +71,23 @@ "clan-core": { "inputs": { "data-mesher": "data-mesher", - "disko": "disko", + "disko": [ + "disko" + ], "flake-parts": [ "flake-parts" ], "nix-darwin": "nix-darwin", "nix-select": "nix-select", - "nixpkgs": "nixpkgs", - "sops-nix": "sops-nix", - "systems": "systems", + "nixpkgs": [ + "nixpkgs" + ], + "sops-nix": [ + "sops-nix" + ], + "systems": [ + "systems" + ], "treefmt-nix": "treefmt-nix" }, "locked": { @@ -139,7 +147,6 @@ "disko": { "inputs": { "nixpkgs": [ - "clan-core", "nixpkgs" ] }, @@ -160,7 +167,7 @@ "erosanix": { "inputs": { "flake-compat": "flake-compat", - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs" }, "locked": { "lastModified": 1773767380, @@ -264,7 +271,6 @@ "flake-parts": { "inputs": { "nixpkgs-lib": [ - "clan-core", "nixpkgs" ] }, @@ -369,7 +375,7 @@ "flux": { "inputs": { "mcman": "mcman", - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1767316901, @@ -422,7 +428,7 @@ }, "grub2-themes": { "inputs": { - "nixpkgs": "nixpkgs_5" + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1757136219, @@ -538,7 +544,7 @@ "mcman": { "inputs": { "crane": "crane", - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_2" }, "locked": { "lastModified": 1766962671, @@ -572,7 +578,7 @@ "mydia": { "inputs": { "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_6" + "nixpkgs": "nixpkgs_5" }, "locked": { "lastModified": 1764866402, @@ -656,8 +662,8 @@ "nix-minecraft": { "inputs": { "flake-compat": "flake-compat_2", - "nixpkgs": "nixpkgs_7", - "systems": "systems_2" + "nixpkgs": "nixpkgs_6", + "systems": "systems" }, "locked": { "lastModified": 1774407052, @@ -719,22 +725,6 @@ } }, "nixpkgs_2": { - "locked": { - "lastModified": 1772380631, - "narHash": "sha256-FhW0uxeXjefINP0vUD4yRBB52Us7fXZPk9RiPAopfiY=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "6d3b61b190a899042ce82a5355111976ba76d698", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "master", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { "locked": { "lastModified": 1757347588, "narHash": "sha256-tLdkkC6XnsY9EOZW9TlpesTclELy8W7lL2ClL+nma8o=", @@ -749,7 +739,7 @@ "type": "indirect" } }, - "nixpkgs_4": { + "nixpkgs_3": { "locked": { "lastModified": 1766902085, "narHash": "sha256-coBu0ONtFzlwwVBzmjacUQwj3G+lybcZ1oeNSQkgC0M=", @@ -765,7 +755,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_4": { "locked": { "lastModified": 1774449288, "narHash": "sha256-ukB6NS45Oi62fQM4RpZfx3dpqxIu66ADCCFl6h72Fjo=", @@ -781,7 +771,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_5": { "locked": { "lastModified": 1764242076, "narHash": "sha256-sKoIWfnijJ0+9e4wRvIgm/HgE27bzwQxcEmo2J/gNpI=", @@ -797,7 +787,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_6": { "locked": { "lastModified": 1769461804, "narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=", @@ -813,6 +803,22 @@ "type": "github" } }, + "nixpkgs_7": { + "locked": { + "lastModified": 1774386573, + "narHash": "sha256-4hAV26quOxdC6iyG7kYaZcM3VOskcPUrdCQd/nx8obc=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "46db2e09e1d3f113a13c0d7b81e2f221c63b8ce9", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_8": { "locked": { "lastModified": 1771008912, @@ -877,7 +883,7 @@ "mnw": "mnw", "ndg": "ndg", "nixpkgs": "nixpkgs_8", - "systems": "systems_3" + "systems": "systems_2" }, "locked": { "lastModified": 1774375131, @@ -919,6 +925,7 @@ "root": { "inputs": { "clan-core": "clan-core", + "disko": "disko", "erosanix": "erosanix", "fenix": "fenix", "flake-parts": "flake-parts", @@ -930,15 +937,12 @@ "jovian": "jovian", "mydia": "mydia", "nix-minecraft": "nix-minecraft", - "nixpkgs": [ - "clan-core", - "nixpkgs" - ], + "nixpkgs": "nixpkgs_7", "nvf": "nvf", "plasma-manager": "plasma-manager", - "sops-nix": "sops-nix_2", + "sops-nix": "sops-nix", "stylix": "stylix", - "systems": "systems_5", + "systems": "systems_4", "terranix": "terranix", "zen-browser": "zen-browser" } @@ -961,27 +965,6 @@ } }, "sops-nix": { - "inputs": { - "nixpkgs": [ - "clan-core", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1774154798, - "narHash": "sha256-zsTuloDSdKf+PrI1MsWx5z/cyGEJ8P3eERtAfdP8Bmg=", - "owner": "Mic92", - "repo": "sops-nix", - "rev": "3e0d543e6ba6c0c48117a81614e90c6d8c425170", - "type": "github" - }, - "original": { - "owner": "Mic92", - "repo": "sops-nix", - "type": "github" - } - }, - "sops-nix_2": { "inputs": { "nixpkgs": "nixpkgs_9" }, @@ -1010,7 +993,7 @@ "gnome-shell": "gnome-shell", "nixpkgs": "nixpkgs_10", "nur": "nur", - "systems": "systems_4", + "systems": "systems_3", "tinted-foot": "tinted-foot", "tinted-kitty": "tinted-kitty", "tinted-schemes": "tinted-schemes", @@ -1106,28 +1089,13 @@ "type": "github" } }, - "systems_6": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "terranix": { "inputs": { "flake-parts": "flake-parts_5", "nixpkgs": [ "nixpkgs" ], - "systems": "systems_6" + "systems": "systems_5" }, "locked": { "lastModified": 1773700838, diff --git a/flake.nix b/flake.nix index 0dd4189..9694a61 100644 --- a/flake.nix +++ b/flake.nix @@ -7,25 +7,37 @@ }; inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + flake-parts = { url = "github:hercules-ci/flake-parts"; - inputs.nixpkgs-lib.follows = "clan-core/nixpkgs"; + inputs.nixpkgs-lib.follows = "nixpkgs"; }; import-tree.url = "github:vic/import-tree"; - - clan-core = { - url = "https://git.clan.lol/clan/clan-core/archive/main.tar.gz"; - inputs.flake-parts.follows = "flake-parts"; - }; - - nixpkgs.follows = "clan-core/nixpkgs"; systems.url = "github:nix-systems/default"; + sops-nix.url = "github:Mic92/sops-nix"; + + disko = { + url = "github:nix-community/disko"; + inputs.nixpkgs.follows = "nixpkgs"; + }; home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; }; + clan-core = { + url = "https://git.clan.lol/clan/clan-core/archive/main.tar.gz"; + inputs = { + flake-parts.follows = "flake-parts"; + nixpkgs.follows = "nixpkgs"; + sops-nix.follows = "sops-nix"; + disko.follows = "disko"; + systems.follows = "systems"; + }; + }; + plasma-manager = { url = "github:nix-community/plasma-manager"; inputs.nixpkgs.follows = "nixpkgs"; @@ -52,8 +64,6 @@ flux.url = "github:IogaMaster/flux"; - sops-nix.url = "github:Mic92/sops-nix"; - # Azure AD for linux himmelblau = { url = "github:himmelblau-idm/himmelblau"; @@ -98,6 +108,8 @@ flake-parts.flakeModules.modules clan-core.flakeModules.default home-manager.flakeModules.default + terranix.flakeModule + ./packages/flake-module.nix ]; perSystem = {system, ...}: { @@ -113,9 +125,13 @@ config = { allowUnfree = true; + permittedInsecurePackages = [ # I think this is because of zen "qtwebengine-5.15.19" + + # For mautrix-signal, the matrix to signal bridge + "olm-3.2.16" ]; }; }; diff --git a/lib/default.nix b/lib/default.nix index c59ca61..e8edaf1 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -5,47 +5,12 @@ ... }: let inherit (lib) mkOption types; - namespace = "sneeuwvlok"; - - sharedContext = { - inherit inputs namespace; - erosanixLib = inputs.erosanix.lib; - repoRoot = ../.; - sneeuwvlokLib = config.localLib; - terranixLib = inputs.terranix.lib; - }; - - baseNixosModules = - [ - inputs.grub2-themes.nixosModules.default - inputs.home-manager.nixosModules.home-manager - inputs.himmelblau.nixosModules.himmelblau - inputs.jovian.nixosModules.default - inputs.mydia.nixosModules.default - inputs.nix-minecraft.nixosModules.minecraft-servers - inputs.nvf.nixosModules.default - inputs.sops-nix.nixosModules.sops - { - home-manager = { - useGlobalPkgs = true; - useUserPackages = true; - extraSpecialArgs = sharedContext; - sharedModules = config.localUsers.homeSharedModules; - }; - } - ] - ++ [../modules/nixos]; in { imports = [ ./options ./strings ]; - options.localLib = mkOption { - type = types.lazyAttrsOf types.raw; - default = {}; - }; - config = { _module.args = { inherit @@ -55,7 +20,6 @@ in { sharedContext systemOverlays ; - sneeuwvlokLib = config.localLib; }; flake.lib = config.localLib; diff --git a/lib/strings/default.nix b/lib/strings/default.nix index b9c7361..7ae1d78 100644 --- a/lib/strings/default.nix +++ b/lib/strings/default.nix @@ -2,36 +2,54 @@ inherit (builtins) isString typeOf match toString head; inherit (lib) throwIfNot concatStringsSep splitStringBy toLower map concatMapAttrsStringSep; in { - localLib.strings = { + strings = { #======================================================================================== # Converts a string to snake case # # simply replaces any uppercase letter to its lowercase variant preceeded by an underscore #======================================================================================== - toSnakeCase = - str: + toSnakeCase = str: throwIfNot (isString str) "toSnakeCase only accepts string values, but got ${typeOf str}" ( str - |> splitStringBy (prev: curr: builtins.match "[a-z]" prev != null && builtins.match "[A-Z]" curr != null) true - |> map (p: toLower p) - |> concatStringsSep "_" + |> splitStringBy (prev: curr: builtins.match "[a-z]" prev != null && builtins.match "[A-Z]" curr != null) true + |> map (p: toLower p) + |> concatStringsSep "_" ); #======================================================================================== # Converts a set of url parts to a string #======================================================================================== - toUrl = - { protocol ? null, host, port ? null, path ? null, query ? null, hash ? null }: - let - trim_slashes = str: str |> match "^\/*(.+?)\/*$" |> head; - encode_to_str = set: concatMapAttrsStringSep "&" (n: v: "${n}=${v}") set; - - _protocol = if protocol != null then "${protocol}://" else ""; - _port = if port != null then ":${toString port}" else ""; - _path = if path != null then "/${path |> trim_slashes}" else ""; - _query = if query != null then "?${query |> encode_to_str}" else ""; - _hash = if hash != null then "#${hash |> encode_to_str}" else ""; - in - "${_protocol}${host}${_port}${_path}${_query}${_hash}"; + toUrl = { + protocol ? null, + host, + port ? null, + path ? null, + query ? null, + hash ? null, + }: let + trim_slashes = str: str |> match "^\/*(.+?)\/*$" |> head; + encode_to_str = set: concatMapAttrsStringSep "&" (n: v: "${n}=${v}") set; + + _protocol = + if protocol != null + then "${protocol}://" + else ""; + _port = + if port != null + then ":${toString port}" + else ""; + _path = + if path != null + then "/${path |> trim_slashes}" + else ""; + _query = + if query != null + then "?${query |> encode_to_str}" + else ""; + _hash = + if hash != null + then "#${hash |> encode_to_str}" + else ""; + in "${_protocol}${host}${_port}${_path}${_query}${_hash}"; }; } diff --git a/machines/ulmo/configuration.nix b/machines/ulmo/configuration.nix index 4c9ebbb..41ab38c 100644 --- a/machines/ulmo/configuration.nix +++ b/machines/ulmo/configuration.nix @@ -1,301 +1,286 @@ { pkgs, - inputs, + lib, + self, ... }: { + _module.args = { + pkgs = lib.mkForce (import self.inputs.nixpkgs { + system = "x86_64-linux"; + + overlays = with self.inputs; [ + fenix.overlays.default + nix-minecraft.overlay + flux.overlays.default + ]; + + config = { + allowUnfree = true; + + permittedInsecurePackages = [ + # I think this is because of zen + "qtwebengine-5.15.19" + + # For mautrix-signal, the matrix to signal bridge + "olm-3.2.16" + ]; + }; + }); + }; + imports = [ ./disks.nix ./hardware.nix ../../modules/nixos + self.inputs.home-manager.nixosModules.home-manager + self.inputs.himmelblau.nixosModules.himmelblau + self.inputs.jovian.nixosModules.default + self.inputs.mydia.nixosModules.default + self.inputs.nix-minecraft.nixosModules.minecraft-servers + self.inputs.nvf.nixosModules.default + self.inputs.sops-nix.nixosModules.sops ]; - sneeuwvlok.application.steam.enable = true; - - nixpkgs.hostPlatform = "x86_64-linux"; system.stateVersion = "23.11"; - boot = { - kernelPackages = pkgs.linuxPackages_latest; + networking = { + interfaces.enp2s0 = { + ipv6.addresses = [ + { + address = "2a0d:6e00:1dc9:0::dead:beef"; + prefixLength = 64; + } + ]; - loader = { - systemd-boot.enable = false; - efi.canTouchEfiVariables = true; - grub = { + useDHCP = true; + }; + + defaultGateway = { + address = "192.168.1.1"; + interface = "enp2s0"; + }; + + defaultGateway6 = { + address = "fe80::1"; + interface = "enp2s0"; + }; + }; + + sneeuwvlok = { + services = { + backup.borg.enable = true; + + authentication.zitadel = { enable = true; - efiSupport = true; - efiInstallAsRemovable = false; - device = "nodev"; # INFO: https://discourse.nixos.org/t/question-about-grub-and-nodev + + organization = { + nix = { + user = { + chris = { + email = "chris@kruining.eu"; + firstName = "Chris"; + lastName = "Kruining"; + + roles = ["ORG_OWNER"]; + instanceRoles = ["IAM_OWNER"]; + }; + + kaas = { + email = "chris+kaas@kruining.eu"; + firstName = "Kaas"; + lastName = "Kruining"; + }; + }; + + project = { + ulmo = { + projectRoleCheck = true; + projectRoleAssertion = true; + hasProjectCheck = true; + + role = { + jellyfin = { + group = "jellyfin"; + }; + jellyfin_admin = { + group = "jellyfin"; + }; + }; + + assign = { + chris = ["jellyfin" "jellyfin_admin"]; + kaas = ["jellyfin"]; + }; + + application = { + jellyfin = { + redirectUris = ["https://jellyfin.kruining.eu/sso/OID/redirect/zitadel"]; + grantTypes = ["authorizationCode"]; + responseTypes = ["code"]; + }; + + forgejo = { + redirectUris = ["https://git.amarth.cloud/user/oauth2/zitadel/callback"]; + grantTypes = ["authorizationCode"]; + responseTypes = ["code"]; + }; + + vaultwarden = { + redirectUris = ["https://vault.kruining.eu/identity/connect/oidc-signin"]; + grantTypes = ["authorizationCode"]; + responseTypes = ["code"]; + exportMap = { + client_id = "SSO_CLIENT_ID"; + client_secret = "SSO_CLIENT_SECRET"; + }; + }; + + matrix = { + redirectUris = ["https://matrix.kruining.eu/_synapse/client/oidc/callback"]; + grantTypes = ["authorizationCode"]; + responseTypes = ["code"]; + }; + + mydia = { + redirectUris = ["http://localhost:2010/auth/oidc/callback"]; + grantTypes = ["authorizationCode"]; + responseTypes = ["code"]; + }; + + grafana = { + redirectUris = ["http://localhost:9001/login/generic_oauth"]; + grantTypes = ["authorizationCode"]; + responseTypes = ["code"]; + }; + }; + }; + + convex = { + projectRoleCheck = true; + projectRoleAssertion = true; + hasProjectCheck = true; + + application = { + scry = { + redirectUris = ["https://nautical-salamander-320.eu-west-1.convex.cloud/api/auth/callback/zitadel"]; + grantTypes = ["authorizationCode"]; + responseTypes = ["code"]; + }; + }; + }; + }; + + action = { + flattenRoles = { + script = '' + (ctx, api) => { + if (ctx.v1.user.grants == undefined || ctx.v1.user.grants.count == 0) { + return; + } + + const roles = ctx.v1.user.grants.grants.flatMap(({ roles, projectId }) => roles.map(role => projectId + ':' + role)); + + api.v1.claims.setClaim('nix:zitadel:custom', JSON.stringify({ roles })); + }; + ''; + }; + }; + + triggers = [ + { + flowType = "customiseToken"; + triggerType = "preUserinfoCreation"; + actions = ["flattenRoles"]; + } + { + flowType = "customiseToken"; + triggerType = "preAccessTokenCreation"; + actions = ["flattenRoles"]; + } + ]; + }; + }; + }; + + communication.matrix.enable = true; + + development.forgejo.enable = true; + + networking.ssh.enable = true; + networking.caddy.hosts = { + # Expose amarht cloud stuff like this until I have a proper solution + "auth.amarth.cloud" = '' + reverse_proxy http://192.168.1.223:9092 + ''; + + "amarth.cloud" = '' + reverse_proxy http://192.168.1.223:8080 + ''; + }; + + media.enable = true; + media.glance.enable = true; + media.mydia.enable = true; + media.nfs.enable = true; + media.jellyfin.enable = true; + media.servarr = { + radarr = { + enable = true; + port = 2001; + rootFolders = [ + "/var/media/movies" + ]; + }; + + sonarr = { + enable = true; + # debug = true; + port = 2002; + rootFolders = [ + "/var/media/series" + ]; + }; + + lidarr = { + enable = true; + debug = true; + port = 2003; + rootFolders = [ + "/var/media/music" + ]; + }; + + prowlarr = { + enable = true; + # debug = true; + port = 2004; + }; + }; + + observability = { + grafana.enable = true; + prometheus.enable = true; + loki.enable = true; + promtail.enable = true; + # uptime-kuma.enable = true; + }; + + security.vaultwarden = { + enable = true; + database = { + # type = "sqlite"; + # file = "/var/lib/vaultwarden/state.db"; + + type = "postgresql"; + host = "localhost"; + port = 5432; + sslMode = "disabled"; + }; }; }; - supportedFilesystems = ["nfs"]; + editor = { + nano.enable = true; + }; }; - - # sneeuwvlok.application.steam.enable = true; - - # networking = { - # interfaces.enp2s0 = { - # ipv6.addresses = [ - # { - # address = "2a0d:6e00:1dc9:0::dead:beef"; - # prefixLength = 64; - # } - # ]; - - # useDHCP = true; - # }; - - # defaultGateway = { - # address = "192.168.1.1"; - # interface = "enp2s0"; - # }; - - # defaultGateway6 = { - # address = "fe80::1"; - # interface = "enp2s0"; - # }; - # }; - - # # virtualisation = { - # # containers.enable = true; - # # podman = { - # # enable = true; - # # dockerCompat = true; - # # }; - - # # oci-containers = { - # # backend = "podman"; - # # containers = { - # # homey = { - # # image = "ghcr.io/athombv/homey-shs:latest"; - # # autoStart = true; - # # privileged = true; - # # volumes = [ - # # "/home/chris/.homey-shs:/homey/user" - # # ]; - # # ports = [ - # # "4859:4859" - # # ]; - # # }; - # # }; - # # }; - # # }; - - # # sneeuwvlok = { - # # services = { - # # backup.borg.enable = true; - - # # authentication.zitadel = { - # # enable = true; - - # # organization = { - # # nix = { - # # user = { - # # chris = { - # # email = "chris@kruining.eu"; - # # firstName = "Chris"; - # # lastName = "Kruining"; - - # # roles = ["ORG_OWNER"]; - # # instanceRoles = ["IAM_OWNER"]; - # # }; - - # # kaas = { - # # email = "chris+kaas@kruining.eu"; - # # firstName = "Kaas"; - # # lastName = "Kruining"; - # # }; - # # }; - - # # project = { - # # ulmo = { - # # projectRoleCheck = true; - # # projectRoleAssertion = true; - # # hasProjectCheck = true; - - # # role = { - # # jellyfin = { - # # group = "jellyfin"; - # # }; - # # jellyfin_admin = { - # # group = "jellyfin"; - # # }; - # # }; - - # # assign = { - # # chris = ["jellyfin" "jellyfin_admin"]; - # # kaas = ["jellyfin"]; - # # }; - - # # application = { - # # jellyfin = { - # # redirectUris = ["https://jellyfin.kruining.eu/sso/OID/redirect/zitadel"]; - # # grantTypes = ["authorizationCode"]; - # # responseTypes = ["code"]; - # # }; - - # # forgejo = { - # # redirectUris = ["https://git.amarth.cloud/user/oauth2/zitadel/callback"]; - # # grantTypes = ["authorizationCode"]; - # # responseTypes = ["code"]; - # # }; - - # # vaultwarden = { - # # redirectUris = ["https://vault.kruining.eu/identity/connect/oidc-signin"]; - # # grantTypes = ["authorizationCode"]; - # # responseTypes = ["code"]; - # # exportMap = { - # # client_id = "SSO_CLIENT_ID"; - # # client_secret = "SSO_CLIENT_SECRET"; - # # }; - # # }; - - # # matrix = { - # # redirectUris = ["https://matrix.kruining.eu/_synapse/client/oidc/callback"]; - # # grantTypes = ["authorizationCode"]; - # # responseTypes = ["code"]; - # # }; - - # # mydia = { - # # redirectUris = ["http://localhost:2010/auth/oidc/callback"]; - # # grantTypes = ["authorizationCode"]; - # # responseTypes = ["code"]; - # # }; - - # # grafana = { - # # redirectUris = ["http://localhost:9001/login/generic_oauth"]; - # # grantTypes = ["authorizationCode"]; - # # responseTypes = ["code"]; - # # }; - # # }; - # # }; - - # # convex = { - # # projectRoleCheck = true; - # # projectRoleAssertion = true; - # # hasProjectCheck = true; - - # # application = { - # # scry = { - # # redirectUris = ["https://nautical-salamander-320.eu-west-1.convex.cloud/api/auth/callback/zitadel"]; - # # grantTypes = ["authorizationCode"]; - # # responseTypes = ["code"]; - # # }; - # # }; - # # }; - # # }; - - # # action = { - # # flattenRoles = { - # # script = '' - # # (ctx, api) => { - # # if (ctx.v1.user.grants == undefined || ctx.v1.user.grants.count == 0) { - # # return; - # # } - - # # const roles = ctx.v1.user.grants.grants.flatMap(({ roles, projectId }) => roles.map(role => projectId + ':' + role)); - - # # api.v1.claims.setClaim('nix:zitadel:custom', JSON.stringify({ roles })); - # # }; - # # ''; - # # }; - # # }; - - # # triggers = [ - # # { - # # flowType = "customiseToken"; - # # triggerType = "preUserinfoCreation"; - # # actions = ["flattenRoles"]; - # # } - # # { - # # flowType = "customiseToken"; - # # triggerType = "preAccessTokenCreation"; - # # actions = ["flattenRoles"]; - # # } - # # ]; - # # }; - # # }; - # # }; - - # # communication.matrix.enable = true; - - # # development.forgejo.enable = true; - - # # networking.ssh.enable = true; - # # networking.caddy.hosts = { - # # # Expose amarht cloud stuff like this until I have a proper solution - # # "auth.amarth.cloud" = '' - # # reverse_proxy http://192.168.1.223:9092 - # # ''; - - # # "amarth.cloud" = '' - # # reverse_proxy http://192.168.1.223:8080 - # # ''; - # # }; - - # # media.enable = true; - # # media.glance.enable = true; - # # media.mydia.enable = true; - # # media.nfs.enable = true; - # # media.jellyfin.enable = true; - # # media.servarr = { - # # radarr = { - # # enable = true; - # # port = 2001; - # # rootFolders = [ - # # "/var/media/movies" - # # ]; - # # }; - - # # sonarr = { - # # enable = true; - # # # debug = true; - # # port = 2002; - # # rootFolders = [ - # # "/var/media/series" - # # ]; - # # }; - - # # lidarr = { - # # enable = true; - # # debug = true; - # # port = 2003; - # # rootFolders = [ - # # "/var/media/music" - # # ]; - # # }; - - # # prowlarr = { - # # enable = true; - # # # debug = true; - # # port = 2004; - # # }; - # # }; - - # # observability = { - # # grafana.enable = true; - # # prometheus.enable = true; - # # loki.enable = true; - # # promtail.enable = true; - # # # uptime-kuma.enable = true; - # # }; - - # # security.vaultwarden = { - # # enable = true; - # # database = { - # # # type = "sqlite"; - # # # file = "/var/lib/vaultwarden/state.db"; - - # # type = "postgresql"; - # # host = "localhost"; - # # port = 5432; - # # sslMode = "disabled"; - # # }; - # # }; - # # }; - - # # editor = { - # # nano.enable = true; - # # }; - # # }; } diff --git a/machines/ulmo/hardware.nix b/machines/ulmo/hardware.nix index 1c05d11..77439d0 100644 --- a/machines/ulmo/hardware.nix +++ b/machines/ulmo/hardware.nix @@ -1,18 +1,20 @@ -{ config, lib, pkgs, modulesPath, ... }: -let - inherit (lib.modules) mkDefault; -in { - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - + config, + pkgs, + lib, + modulesPath, + ... +}: let + inherit (lib.modules) mkDefault; +in { boot = { - initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; - initrd.kernelModules = [ ]; - kernelModules = [ "kvm-intel" ]; + initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"]; + initrd.kernelModules = []; + kernelModules = ["kvm-intel"]; kernelParams = []; - extraModulePackages = [ ]; + extraModulePackages = []; }; - nixpkgs.hostPlatform = mkDefault pkgs.stdenv.hostPlatform.system; + nixpkgs.hostPlatform = "x86_64-linux"; hardware.cpu.intel.updateMicrocode = mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/modules/home/application/bitwarden/default.nix b/modules/home/application/bitwarden/default.nix index 5d62919..bd9c02d 100644 --- a/modules/home/application/bitwarden/default.nix +++ b/modules/home/application/bitwarden/default.nix @@ -1,15 +1,19 @@ -{ inputs, config, lib, pkgs, namespace, ... }: -let +{ + inputs, + config, + lib, + pkgs, + ... +}: let inherit (lib) mkIf mkEnableOption; cfg = config.sneeuwvlok.application.bitwarden; -in -{ +in { options.sneeuwvlok.application.bitwarden = { enable = mkEnableOption "enable bitwarden"; }; config = mkIf cfg.enable { - home.packages = with pkgs; [ bitwarden-desktop ]; + home.packages = with pkgs; [bitwarden-desktop]; }; } diff --git a/modules/home/application/chrome/default.nix b/modules/home/application/chrome/default.nix index 1848836..142abaa 100644 --- a/modules/home/application/chrome/default.nix +++ b/modules/home/application/chrome/default.nix @@ -3,7 +3,6 @@ config, lib, pkgs, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; diff --git a/modules/home/application/discord/default.nix b/modules/home/application/discord/default.nix index edb640a..f459cae 100644 --- a/modules/home/application/discord/default.nix +++ b/modules/home/application/discord/default.nix @@ -3,7 +3,6 @@ config, lib, pkgs, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; diff --git a/modules/home/application/ladybird/default.nix b/modules/home/application/ladybird/default.nix index f1ad1ea..9d4d3d3 100644 --- a/modules/home/application/ladybird/default.nix +++ b/modules/home/application/ladybird/default.nix @@ -1,15 +1,19 @@ -{ inputs, config, lib, pkgs, namespace, ... }: -let +{ + inputs, + config, + lib, + pkgs, + ... +}: let inherit (lib) mkIf mkEnableOption; cfg = config.sneeuwvlok.application.ladybird; -in -{ +in { options.sneeuwvlok.application.ladybird = { enable = mkEnableOption "enable ladybird"; }; config = mkIf cfg.enable { - home.packages = with pkgs; [ ladybird ]; + home.packages = with pkgs; [ladybird]; }; } diff --git a/modules/home/application/matrix/default.nix b/modules/home/application/matrix/default.nix index d09ea11..1164ad6 100644 --- a/modules/home/application/matrix/default.nix +++ b/modules/home/application/matrix/default.nix @@ -1,16 +1,20 @@ -{ config, lib, pkgs, namespace, osConfig ? {}, ... }: -let +{ + config, + lib, + pkgs, + osConfig ? {}, + ... +}: let inherit (lib) mkIf mkEnableOption; cfg = config.sneeuwvlok.application.matrix; -in -{ +in { options.sneeuwvlok.application.matrix = { enable = mkEnableOption "enable Matrix client (Fractal)"; }; config = mkIf cfg.enable { - home.packages = with pkgs; [ fractal element-desktop ]; + home.packages = with pkgs; [fractal element-desktop]; programs.element-desktop = { enable = true; diff --git a/modules/home/application/obs/default.nix b/modules/home/application/obs/default.nix index e6ee4e3..40a3c54 100644 --- a/modules/home/application/obs/default.nix +++ b/modules/home/application/obs/default.nix @@ -2,7 +2,6 @@ config, lib, pkgs, - namespace, osConfig ? {}, ... }: let diff --git a/modules/home/application/onlyoffice/default.nix b/modules/home/application/onlyoffice/default.nix index 02484ca..33706ee 100644 --- a/modules/home/application/onlyoffice/default.nix +++ b/modules/home/application/onlyoffice/default.nix @@ -3,7 +3,6 @@ config, lib, pkgs, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; diff --git a/modules/home/application/signal/default.nix b/modules/home/application/signal/default.nix index 1c591bf..5377795 100644 --- a/modules/home/application/signal/default.nix +++ b/modules/home/application/signal/default.nix @@ -1,15 +1,19 @@ -{ inputs, config, lib, pkgs, namespace, ... }: -let +{ + inputs, + config, + lib, + pkgs, + ... +}: let inherit (lib) mkIf mkEnableOption; cfg = config.sneeuwvlok.application.signal; -in -{ +in { options.sneeuwvlok.application.signal = { enable = mkEnableOption "enable signal"; }; config = mkIf cfg.enable { - home.packages = with pkgs; [ signal-desktop ]; + home.packages = with pkgs; [signal-desktop]; }; } diff --git a/modules/home/application/steam/default.nix b/modules/home/application/steam/default.nix index 28a8e93..80b6321 100644 --- a/modules/home/application/steam/default.nix +++ b/modules/home/application/steam/default.nix @@ -3,7 +3,6 @@ config, lib, pkgs, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; diff --git a/modules/home/application/studio/default.nix b/modules/home/application/studio/default.nix index c883eac..1b4dc27 100644 --- a/modules/home/application/studio/default.nix +++ b/modules/home/application/studio/default.nix @@ -1,18 +1,18 @@ -{ config, lib, pkgs, namespace, repoRoot, erosanixLib, ... }: -let +{ + config, + lib, + self, + ... +}: let inherit (lib) mkIf mkEnableOption; cfg = config.sneeuwvlok.application.studio; - studioPackage = pkgs.callPackage (repoRoot + "/packages/studio/package.nix") { - inherit erosanixLib; - }; -in -{ +in { options.sneeuwvlok.application.studio = { enable = mkEnableOption "enable Bricklink Studio"; }; config = mkIf cfg.enable { - home.packages = [ studioPackage ]; + home.packages = [self.packages.studio]; }; } diff --git a/modules/home/application/teamspeak/default.nix b/modules/home/application/teamspeak/default.nix index 031de79..7ff7bf2 100644 --- a/modules/home/application/teamspeak/default.nix +++ b/modules/home/application/teamspeak/default.nix @@ -1,10 +1,14 @@ -{ inputs, config, lib, pkgs, namespace, ... }: -let +{ + inputs, + config, + lib, + pkgs, + ... +}: let inherit (lib) mkIf mkEnableOption; cfg = config.sneeuwvlok.application.teamspeak; -in -{ +in { options.sneeuwvlok.application.teamspeak = { enable = mkEnableOption "enable teamspeak"; }; diff --git a/modules/home/application/thunderbird/default.nix b/modules/home/application/thunderbird/default.nix index 3392358..f21cb4a 100644 --- a/modules/home/application/thunderbird/default.nix +++ b/modules/home/application/thunderbird/default.nix @@ -1,10 +1,14 @@ -{ inputs, config, lib, pkgs, namespace, ... }: -let +{ + inputs, + config, + lib, + pkgs, + ... +}: let inherit (lib) mkIf mkEnableOption; cfg = config.sneeuwvlok.application.thunderbird; -in -{ +in { options.sneeuwvlok.application.thunderbird = { enable = mkEnableOption "enable thunderbird"; }; @@ -14,7 +18,7 @@ in enable = true; package = pkgs.thunderbird-latest; - profiles.chris = { + profiles.chris = { isDefault = true; }; }; @@ -30,7 +34,7 @@ in }; thunderbird = { enable = true; - profiles = [ "chris" ]; + profiles = ["chris"]; }; }; diff --git a/modules/home/application/zen/default.nix b/modules/home/application/zen/default.nix index b8a2505..e018ea6 100644 --- a/modules/home/application/zen/default.nix +++ b/modules/home/application/zen/default.nix @@ -2,7 +2,6 @@ config, lib, pkgs, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; diff --git a/modules/home/default.nix b/modules/home/default.nix index 92a65e5..1adaef0 100644 --- a/modules/home/default.nix +++ b/modules/home/default.nix @@ -2,7 +2,6 @@ pkgs, config, lib, - namespace, ... }: let inherit (lib) mkOption; diff --git a/modules/home/desktop/plasma/default.nix b/modules/home/desktop/plasma/default.nix index f6e629e..368dc41 100644 --- a/modules/home/desktop/plasma/default.nix +++ b/modules/home/desktop/plasma/default.nix @@ -1,13 +1,15 @@ -{ config, lib, namespace, osConfig ? {}, ... }: -let +{ + config, + lib, + osConfig ? {}, + ... +}: let inherit (lib) mkIf; cfg = config.sneeuwvlok.desktop.plasma; - osCfg = osConfig.sneeuwvlok.desktop.plasma or { enable = false; }; -in -{ + osCfg = osConfig.sneeuwvlok.desktop.plasma or {enable = false;}; +in { options.sneeuwvlok.desktop.plasma = { - }; config = mkIf osCfg.enable { diff --git a/modules/home/development/dotnet/default.nix b/modules/home/development/dotnet/default.nix index e1d0f7c..0f2d0b9 100644 --- a/modules/home/development/dotnet/default.nix +++ b/modules/home/development/dotnet/default.nix @@ -1,15 +1,18 @@ -{ config, lib, pkgs, namespace, ... }: -let +{ + config, + lib, + pkgs, + ... +}: let inherit (lib) mkEnableOption mkIf; cfg = config.sneeuwvlok.development.dotnet; -in -{ +in { options.sneeuwvlok.development.dotnet = { enable = mkEnableOption "Enable dotnet development tools"; }; config = mkIf cfg.enable { - home.packages = with pkgs; [ dotnet-sdk_8 ]; + home.packages = with pkgs; [dotnet-sdk_8]; }; } diff --git a/modules/home/development/javascript/default.nix b/modules/home/development/javascript/default.nix index 40c94b4..9dfc3be 100644 --- a/modules/home/development/javascript/default.nix +++ b/modules/home/development/javascript/default.nix @@ -1,15 +1,18 @@ -{ config, lib, pkgs, namespace, ... }: -let +{ + config, + lib, + pkgs, + ... +}: let inherit (lib) mkEnableOption mkIf; cfg = config.sneeuwvlok.development.javascript; -in -{ +in { options.sneeuwvlok.development.javascript = { enable = mkEnableOption "Enable javascript development tools"; }; config = mkIf cfg.enable { - home.packages = with pkgs; [ bun nodejs nodePackages_latest.typescript-language-server ]; + home.packages = with pkgs; [bun nodejs nodePackages_latest.typescript-language-server]; }; } diff --git a/modules/home/development/rust/default.nix b/modules/home/development/rust/default.nix index f545e7e..3a56f2a 100644 --- a/modules/home/development/rust/default.nix +++ b/modules/home/development/rust/default.nix @@ -2,7 +2,6 @@ config, lib, pkgs, - namespace, ... }: let inherit (lib) mkEnableOption mkIf; diff --git a/modules/home/editor/nano/default.nix b/modules/home/editor/nano/default.nix index f436775..270549b 100644 --- a/modules/home/editor/nano/default.nix +++ b/modules/home/editor/nano/default.nix @@ -3,7 +3,6 @@ options, lib, pkgs, - namespace, ... }: let inherit (lib) mkEnableOption mkIf; diff --git a/modules/home/editor/nvim/default.nix b/modules/home/editor/nvim/default.nix index fcb0b25..9b3e523 100644 --- a/modules/home/editor/nvim/default.nix +++ b/modules/home/editor/nvim/default.nix @@ -3,7 +3,6 @@ config, lib, pkgs, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; diff --git a/modules/home/editor/zed/default.nix b/modules/home/editor/zed/default.nix index 2da026c..7bc2ad7 100644 --- a/modules/home/editor/zed/default.nix +++ b/modules/home/editor/zed/default.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, namespace, ... }: let +{ + config, + lib, + pkgs, + ... +}: let inherit (lib) mkIf mkEnableOption; cfg = config.sneeuwvlok.editor.zed; @@ -9,13 +14,16 @@ in { config = mkIf cfg.enable { home.packages = with pkgs; [ - zed-editor nixd nil alejandra + zed-editor + nixd + nil + alejandra ]; programs.zed-editor = { enable = true; - extensions = [ "nix" "toml" "html" "just-ls" ]; + extensions = ["nix" "toml" "html" "just-ls"]; userSettings = { assistant.enabled = false; diff --git a/modules/home/game/minecraft/default.nix b/modules/home/game/minecraft/default.nix index fbdcc9d..384142e 100644 --- a/modules/home/game/minecraft/default.nix +++ b/modules/home/game/minecraft/default.nix @@ -3,7 +3,6 @@ config, lib, pkgs, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; diff --git a/modules/home/shell/default.nix b/modules/home/shell/default.nix index 2081c59..5639286 100644 --- a/modules/home/shell/default.nix +++ b/modules/home/shell/default.nix @@ -1,10 +1,13 @@ -{ config, lib, pkgs, namespace, ... }: -let +{ + config, + lib, + pkgs, + ... +}: let inherit (lib) mkIf mkMerge mkEnableOption mkDefault; cfg = config.sneeuwvlok.shell; -in -{ +in { imports = [ ./toolset ./zsh @@ -30,8 +33,8 @@ in }; }) - ({ - home.packages = with pkgs; [ any-nix-shell pwgen yt-dlp ripdrag fd (ripgrep.override {withPCRE2 = true;}) ]; + { + home.packages = with pkgs; [any-nix-shell pwgen yt-dlp ripdrag fd (ripgrep.override {withPCRE2 = true;})]; programs = { direnv = { @@ -45,6 +48,6 @@ in config.whitelist.prefix = ["/home"]; }; }; - }) + } ]; } diff --git a/modules/home/shell/toolset/bat/default.nix b/modules/home/shell/toolset/bat/default.nix index 0c403ee..101e3d8 100644 --- a/modules/home/shell/toolset/bat/default.nix +++ b/modules/home/shell/toolset/bat/default.nix @@ -2,7 +2,6 @@ config, lib, pkgs, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; diff --git a/modules/home/shell/toolset/btop/default.nix b/modules/home/shell/toolset/btop/default.nix index 4368367..cbcddde 100644 --- a/modules/home/shell/toolset/btop/default.nix +++ b/modules/home/shell/toolset/btop/default.nix @@ -2,7 +2,6 @@ config, lib, pkgs, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; diff --git a/modules/home/shell/toolset/eza/default.nix b/modules/home/shell/toolset/eza/default.nix index 463e9ae..f0d7b94 100644 --- a/modules/home/shell/toolset/eza/default.nix +++ b/modules/home/shell/toolset/eza/default.nix @@ -2,7 +2,6 @@ config, lib, pkgs, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; diff --git a/modules/home/shell/toolset/fzf/default.nix b/modules/home/shell/toolset/fzf/default.nix index 7e0706b..7054e4a 100644 --- a/modules/home/shell/toolset/fzf/default.nix +++ b/modules/home/shell/toolset/fzf/default.nix @@ -2,7 +2,6 @@ config, lib, pkgs, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; diff --git a/modules/home/shell/toolset/git/default.nix b/modules/home/shell/toolset/git/default.nix index 9f42376..7412ce1 100644 --- a/modules/home/shell/toolset/git/default.nix +++ b/modules/home/shell/toolset/git/default.nix @@ -2,7 +2,6 @@ config, lib, pkgs, - namespace, ... }: let inherit (lib) mkEnableOption mkIf; diff --git a/modules/home/shell/toolset/gnugpg/default.nix b/modules/home/shell/toolset/gnugpg/default.nix index 8340ba4..1f4dc1e 100644 --- a/modules/home/shell/toolset/gnugpg/default.nix +++ b/modules/home/shell/toolset/gnugpg/default.nix @@ -2,7 +2,6 @@ config, lib, pkgs, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; diff --git a/modules/home/shell/toolset/just/default.nix b/modules/home/shell/toolset/just/default.nix index 983b5d6..6f7e67e 100644 --- a/modules/home/shell/toolset/just/default.nix +++ b/modules/home/shell/toolset/just/default.nix @@ -2,7 +2,6 @@ config, lib, pkgs, - namespace, ... }: let inherit (lib) mkEnableOption mkIf; diff --git a/modules/home/shell/toolset/starship/default.nix b/modules/home/shell/toolset/starship/default.nix index 9c52947..3a99fdd 100644 --- a/modules/home/shell/toolset/starship/default.nix +++ b/modules/home/shell/toolset/starship/default.nix @@ -1,16 +1,19 @@ -{ config, lib, pkgs, namespace, ... }: -let +{ + config, + lib, + pkgs, + ... +}: let inherit (lib) mkIf mkEnableOption; cfg = config.sneeuwvlok.shell.toolset.starship; -in -{ +in { options.sneeuwvlok.shell.toolset.starship = { enable = mkEnableOption "fancy pansy shell prompt"; }; config = mkIf cfg.enable { - home.packages = with pkgs; [ starship ]; + home.packages = with pkgs; [starship]; programs.starship = { enable = true; diff --git a/modules/home/shell/toolset/tmux/default.nix b/modules/home/shell/toolset/tmux/default.nix index 95c54d4..34e20dd 100644 --- a/modules/home/shell/toolset/tmux/default.nix +++ b/modules/home/shell/toolset/tmux/default.nix @@ -1,16 +1,19 @@ -{ config, lib, pkgs, namespace, ... }: -let +{ + config, + lib, + pkgs, + ... +}: let inherit (lib) mkIf mkEnableOption; cfg = config.sneeuwvlok.shell.toolset.tmux; -in -{ - options.sneeuwvlok.shell.toolset.tmux = { - enable = mkEnableOption "terminal multiplexer"; +in { + options.sneeuwvlok.shell.toolset.tmux = { + enable = mkEnableOption "terminal multiplexer"; }; config = mkIf cfg.enable { - home.packages = with pkgs; [ tmux ]; + home.packages = with pkgs; [tmux]; programs.tmux = { enable = true; diff --git a/modules/home/shell/toolset/yazi/default.nix b/modules/home/shell/toolset/yazi/default.nix index 4c5f2f5..6ad6519 100644 --- a/modules/home/shell/toolset/yazi/default.nix +++ b/modules/home/shell/toolset/yazi/default.nix @@ -2,7 +2,6 @@ config, lib, pkgs, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; diff --git a/modules/home/shell/toolset/zellij/default.nix b/modules/home/shell/toolset/zellij/default.nix index fb366e1..52e69f4 100644 --- a/modules/home/shell/toolset/zellij/default.nix +++ b/modules/home/shell/toolset/zellij/default.nix @@ -1,16 +1,19 @@ -{ config, lib, pkgs, namespace, ... }: -let +{ + config, + lib, + pkgs, + ... +}: let inherit (lib) mkIf mkEnableOption; cfg = config.sneeuwvlok.shell.toolset.zellij; -in -{ +in { options.sneeuwvlok.shell.toolset.zellij = { enable = mkEnableOption "terminal multiplexer"; }; config = mkIf cfg.enable { - home.packages = with pkgs; [ zellij ]; + home.packages = with pkgs; [zellij]; programs.zellij = { enable = true; diff --git a/modules/home/shell/toolset/zoxide/default.nix b/modules/home/shell/toolset/zoxide/default.nix index 53a1f35..25f4508 100644 --- a/modules/home/shell/toolset/zoxide/default.nix +++ b/modules/home/shell/toolset/zoxide/default.nix @@ -2,7 +2,6 @@ config, lib, pkgs, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; diff --git a/modules/home/shell/zsh/default.nix b/modules/home/shell/zsh/default.nix index 02dc043..a202fa3 100644 --- a/modules/home/shell/zsh/default.nix +++ b/modules/home/shell/zsh/default.nix @@ -1,10 +1,13 @@ -{ config, lib, pkgs, namespace, ... }: -let +{ + config, + lib, + pkgs, + ... +}: let inherit (lib) mkIf mkEnableOption; cfg = config.sneeuwvlok.shell.zsh; -in -{ +in { options.sneeuwvlok.shell.zsh = { enable = mkEnableOption "enable ZSH"; }; diff --git a/modules/home/terminal/alacritty/default.nix b/modules/home/terminal/alacritty/default.nix index 73468f6..6b46514 100644 --- a/modules/home/terminal/alacritty/default.nix +++ b/modules/home/terminal/alacritty/default.nix @@ -1,7 +1,6 @@ { config, lib, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; diff --git a/modules/home/terminal/ghostty/default.nix b/modules/home/terminal/ghostty/default.nix index 6949df1..65487a9 100644 --- a/modules/home/terminal/ghostty/default.nix +++ b/modules/home/terminal/ghostty/default.nix @@ -1,7 +1,6 @@ { config, lib, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; diff --git a/modules/home/themes/default.nix b/modules/home/themes/default.nix index d6f8b6a..37dcb39 100644 --- a/modules/home/themes/default.nix +++ b/modules/home/themes/default.nix @@ -2,7 +2,6 @@ config, lib, pkgs, - namespace, osConfig ? {}, ... }: let diff --git a/modules/nixos/application/steam.nix b/modules/nixos/application/steam.nix index de83987..6b6319b 100644 --- a/modules/nixos/application/steam.nix +++ b/modules/nixos/application/steam.nix @@ -12,7 +12,7 @@ in { enable = mkEnableOption "enable steam"; }; config = mkIf cfg.enable { - environment.systemPackages = with pkgs; [steam]; + # environment.systemPackages = with pkgs; [steam]; programs = { steam = { diff --git a/modules/nixos/boot/default.nix b/modules/nixos/boot/default.nix index de3303a..8a8a204 100644 --- a/modules/nixos/boot/default.nix +++ b/modules/nixos/boot/default.nix @@ -1,7 +1,6 @@ { inputs, lib, - namespace, config, pkgs, ... diff --git a/modules/nixos/desktop/cosmic/default.nix b/modules/nixos/desktop/cosmic/default.nix index c4531ba..78e0bc4 100644 --- a/modules/nixos/desktop/cosmic/default.nix +++ b/modules/nixos/desktop/cosmic/default.nix @@ -1,7 +1,6 @@ { lib, config, - namespace, inputs, ... }: let diff --git a/modules/nixos/desktop/default.nix b/modules/nixos/desktop/default.nix index d231d9a..4ab3530 100644 --- a/modules/nixos/desktop/default.nix +++ b/modules/nixos/desktop/default.nix @@ -1,7 +1,6 @@ { lib, config, - namespace, ... }: let inherit (lib) mkIf mkOption mkEnableOption mkMerge; diff --git a/modules/nixos/desktop/gamescope/default.nix b/modules/nixos/desktop/gamescope/default.nix index 500a3fa..2ccd631 100644 --- a/modules/nixos/desktop/gamescope/default.nix +++ b/modules/nixos/desktop/gamescope/default.nix @@ -1,7 +1,6 @@ { lib, config, - namespace, ... }: let inherit (lib) mkIf mkEnableOption mkForce; diff --git a/modules/nixos/desktop/gnome/default.nix b/modules/nixos/desktop/gnome/default.nix index ad1eac4..3deb9be 100644 --- a/modules/nixos/desktop/gnome/default.nix +++ b/modules/nixos/desktop/gnome/default.nix @@ -1,7 +1,6 @@ { lib, config, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; diff --git a/modules/nixos/desktop/plasma/default.nix b/modules/nixos/desktop/plasma/default.nix index 0c0ea58..06bc31d 100644 --- a/modules/nixos/desktop/plasma/default.nix +++ b/modules/nixos/desktop/plasma/default.nix @@ -2,7 +2,6 @@ pkgs, lib, config, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; diff --git a/modules/nixos/editor/nano/default.nix b/modules/nixos/editor/nano/default.nix index 6d89c72..26ec1db 100644 --- a/modules/nixos/editor/nano/default.nix +++ b/modules/nixos/editor/nano/default.nix @@ -1,10 +1,14 @@ -{ config, options, lib, pkgs, namespace, ... }: -let +{ + config, + options, + lib, + pkgs, + ... +}: let inherit (lib) mkEnableOption mkIf; cfg = config.sneeuwvlok.editor.nano; -in -{ +in { options.sneeuwvlok.editor.nano = { enable = mkEnableOption "nano"; }; diff --git a/modules/nixos/editor/nvim/default.nix b/modules/nixos/editor/nvim/default.nix index 624c7c1..1179957 100644 --- a/modules/nixos/editor/nvim/default.nix +++ b/modules/nixos/editor/nvim/default.nix @@ -1,14 +1,18 @@ -{ config, lib, pkgs, namespace, ... }: -let +{ + config, + lib, + pkgs, + ... +}: let inherit (lib) mkIf mkEnableOption; cfg = config.sneeuwvlok.editor.nvim; -in -{ +in { options.sneeuwvlok.editor.nvim = { enable = mkEnableOption "enable nvim via nvf on system level"; }; - config = mkIf cfg.enable { - }; + config = + mkIf cfg.enable { + }; } diff --git a/modules/nixos/hardware/audio/default.nix b/modules/nixos/hardware/audio/default.nix index ca01562..e507417 100644 --- a/modules/nixos/hardware/audio/default.nix +++ b/modules/nixos/hardware/audio/default.nix @@ -1,10 +1,13 @@ -{ pkgs, lib, namespace, config, ... }: -let +{ + pkgs, + lib, + config, + ... +}: let inherit (lib) mkIf mkEnableOption; cfg = config.sneeuwvlok.hardware.has.audio; -in -{ +in { options.sneeuwvlok.hardware.has.audio = mkEnableOption "Enable bluetooth"; config = mkIf cfg { diff --git a/modules/nixos/hardware/bluetooth/default.nix b/modules/nixos/hardware/bluetooth/default.nix index 8fbf999..720d121 100644 --- a/modules/nixos/hardware/bluetooth/default.nix +++ b/modules/nixos/hardware/bluetooth/default.nix @@ -1,10 +1,12 @@ -{ lib, namespace, config, ... }: -let +{ + lib, + config, + ... +}: let inherit (lib) mkIf mkEnableOption; cfg = config.sneeuwvlok.hardware.has.bluetooth; -in -{ +in { options.sneeuwvlok.hardware.has.bluetooth = mkEnableOption "Enable bluetooth"; config = mkIf cfg { @@ -21,7 +23,7 @@ in "bluez5.enable-sbc-xq" = true; "bluez5.enable-msbc" = true; "bluez5.enable-hw-volume" = true; - "bluez5.roles" = [ "hsp_hs" "hsp_ag" "hfp_hf" "hfp_ag" ]; + "bluez5.roles" = ["hsp_hs" "hsp_ag" "hfp_hf" "hfp_ag"]; }; }; }; diff --git a/modules/nixos/hardware/gpu/amd/default.nix b/modules/nixos/hardware/gpu/amd/default.nix index e1da9e8..58ddd6a 100644 --- a/modules/nixos/hardware/gpu/amd/default.nix +++ b/modules/nixos/hardware/gpu/amd/default.nix @@ -1,7 +1,6 @@ { pkgs, lib, - namespace, config, ... }: let diff --git a/modules/nixos/hardware/gpu/nvidia.nix b/modules/nixos/hardware/gpu/nvidia.nix index b0296ca..2d04757 100644 --- a/modules/nixos/hardware/gpu/nvidia.nix +++ b/modules/nixos/hardware/gpu/nvidia.nix @@ -1,14 +1,17 @@ -{ pkgs, lib, namespace, config, ... }: -let +{ + pkgs, + lib, + config, + ... +}: let inherit (lib) mkIf mkEnableOption; cfg = config.sneeuwvlok.hardware.has.gpu.nvidia; -in -{ +in { options.sneeuwvlok.hardware.has.gpu.nvidia = mkEnableOption "Enable NVidia gpu configuration"; config = mkIf cfg { - services.xserver.videoDrivers = [ "nvidia" ]; + services.xserver.videoDrivers = ["nvidia"]; hardware = { graphics = { diff --git a/modules/nixos/hardware/gpu/nvidia/default.nix b/modules/nixos/hardware/gpu/nvidia/default.nix index 48c5a54..c12a650 100644 --- a/modules/nixos/hardware/gpu/nvidia/default.nix +++ b/modules/nixos/hardware/gpu/nvidia/default.nix @@ -1,7 +1,6 @@ { pkgs, lib, - namespace, config, ... }: let diff --git a/modules/nixos/hardware/keyboard/voyager.nix b/modules/nixos/hardware/keyboard/voyager.nix index e97b7da..63ddac9 100644 --- a/modules/nixos/hardware/keyboard/voyager.nix +++ b/modules/nixos/hardware/keyboard/voyager.nix @@ -2,7 +2,6 @@ lib, config, pkgs, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; diff --git a/modules/nixos/nix/default.nix b/modules/nixos/nix/default.nix index 24db3dc..870dd24 100644 --- a/modules/nixos/nix/default.nix +++ b/modules/nixos/nix/default.nix @@ -1,7 +1,6 @@ { pkgs, lib, - namespace, config, ... }: let diff --git a/modules/nixos/services/authentication/authelia/default.nix b/modules/nixos/services/authentication/authelia/default.nix index 8121ad8..1a1b8ff 100644 --- a/modules/nixos/services/authentication/authelia/default.nix +++ b/modules/nixos/services/authentication/authelia/default.nix @@ -2,7 +2,6 @@ config, lib, pkgs, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; diff --git a/modules/nixos/services/authentication/himmelblau/default.nix b/modules/nixos/services/authentication/himmelblau/default.nix index f30a079..4a52840 100644 --- a/modules/nixos/services/authentication/himmelblau/default.nix +++ b/modules/nixos/services/authentication/himmelblau/default.nix @@ -1,7 +1,6 @@ { lib, config, - namespace, ... }: let inherit (lib) mkEnableOption mkIf; diff --git a/modules/nixos/services/authentication/zitadel/default.nix b/modules/nixos/services/authentication/zitadel/default.nix index 8168a5a..6921302 100644 --- a/modules/nixos/services/authentication/zitadel/default.nix +++ b/modules/nixos/services/authentication/zitadel/default.nix @@ -1,7 +1,7 @@ -{ config, lib, pkgs, namespace, terranixLib, sneeuwvlokLib, ... }: +{ config, lib, pkgs, self, ... }: let inherit (lib) mkIf mkEnableOption mkOption types toUpper toSentenceCase nameValuePair mapAttrs mapAttrs' concatMapAttrs concatMapStringsSep filterAttrsRecursive listToAttrs imap0 head drop length literalExpression attrNames; - inherit (sneeuwvlokLib.strings) toSnakeCase; + inherit ((import ../../../../../lib/strings { inherit lib;}).strings) toSnakeCase; cfg = config.sneeuwvlok.services.authentication.zitadel; @@ -339,7 +339,7 @@ in config' = config; # this is a nix package, the generated json file to be exact - terraformConfiguration = terranixLib.terranixConfiguration { + terraformConfiguration = self.inputs.terranix.lib.terranixConfiguration { system = pkgs.stdenv.hostPlatform.system; modules = [ diff --git a/modules/nixos/services/backup/borg/default.nix b/modules/nixos/services/backup/borg/default.nix index f892bca..417c911 100644 --- a/modules/nixos/services/backup/borg/default.nix +++ b/modules/nixos/services/backup/borg/default.nix @@ -1,10 +1,13 @@ -{ config, lib, pkgs, namespace, ... }: -let +{ + config, + lib, + pkgs, + ... +}: let inherit (lib) mkIf mkEnableOption; cfg = config.sneeuwvlok.services.backup.borg; -in -{ +in { options.sneeuwvlok.services.backup.borg = { enable = mkEnableOption "Borg Backup"; }; diff --git a/modules/nixos/services/communication/matrix/default.nix b/modules/nixos/services/communication/matrix/default.nix index 210835f..9cd78a5 100644 --- a/modules/nixos/services/communication/matrix/default.nix +++ b/modules/nixos/services/communication/matrix/default.nix @@ -2,7 +2,6 @@ config, lib, pkgs, - namespace, ... }: let inherit (builtins) toString toJSON; diff --git a/modules/nixos/services/development/forgejo/default.nix b/modules/nixos/services/development/forgejo/default.nix index ae5379b..8e99c20 100644 --- a/modules/nixos/services/development/forgejo/default.nix +++ b/modules/nixos/services/development/forgejo/default.nix @@ -2,7 +2,6 @@ config, lib, pkgs, - namespace, ... }: let inherit (builtins) toString; diff --git a/modules/nixos/services/games/minecraft/default.nix b/modules/nixos/services/games/minecraft/default.nix index 4488833..4d9b8b9 100644 --- a/modules/nixos/services/games/minecraft/default.nix +++ b/modules/nixos/services/games/minecraft/default.nix @@ -2,7 +2,6 @@ config, lib, pkgs, - namespace, ... }: let inherit (lib) mkIf mkEnableOption mkOption; diff --git a/modules/nixos/services/games/openrct.nix b/modules/nixos/services/games/openrct.nix index 0090ffa..196ae12 100644 --- a/modules/nixos/services/games/openrct.nix +++ b/modules/nixos/services/games/openrct.nix @@ -2,7 +2,6 @@ config, lib, pkgs, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; diff --git a/modules/nixos/services/games/palworld/default.nix b/modules/nixos/services/games/palworld/default.nix index e1414a4..d6de43b 100644 --- a/modules/nixos/services/games/palworld/default.nix +++ b/modules/nixos/services/games/palworld/default.nix @@ -1,7 +1,6 @@ { config, lib, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; diff --git a/modules/nixos/services/media/default.nix b/modules/nixos/services/media/default.nix index d2395ef..6916474 100644 --- a/modules/nixos/services/media/default.nix +++ b/modules/nixos/services/media/default.nix @@ -1,7 +1,6 @@ { pkgs, lib, - namespace, config, ... }: let diff --git a/modules/nixos/services/media/glance/default.nix b/modules/nixos/services/media/glance/default.nix index 0e94a21..29e4cc6 100644 --- a/modules/nixos/services/media/glance/default.nix +++ b/modules/nixos/services/media/glance/default.nix @@ -1,7 +1,6 @@ { config, lib, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; diff --git a/modules/nixos/services/media/jellyfin/default.nix b/modules/nixos/services/media/jellyfin/default.nix index 2f8d43f..315838c 100644 --- a/modules/nixos/services/media/jellyfin/default.nix +++ b/modules/nixos/services/media/jellyfin/default.nix @@ -2,7 +2,6 @@ pkgs, config, lib, - namespace, inputs, ... }: let diff --git a/modules/nixos/services/media/mydia/default.nix b/modules/nixos/services/media/mydia/default.nix index 9bfa87d..9c305c9 100644 --- a/modules/nixos/services/media/mydia/default.nix +++ b/modules/nixos/services/media/mydia/default.nix @@ -1,7 +1,6 @@ { config, lib, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; diff --git a/modules/nixos/services/media/nextcloud/default.nix b/modules/nixos/services/media/nextcloud/default.nix index 2b42509..eb8c9da 100644 --- a/modules/nixos/services/media/nextcloud/default.nix +++ b/modules/nixos/services/media/nextcloud/default.nix @@ -2,7 +2,6 @@ config, lib, pkgs, - namespace, ... }: let inherit (lib) mkIf mkEnableOption mkOption; diff --git a/modules/nixos/services/media/nfs/default.nix b/modules/nixos/services/media/nfs/default.nix index efea82c..1028c73 100644 --- a/modules/nixos/services/media/nfs/default.nix +++ b/modules/nixos/services/media/nfs/default.nix @@ -1,16 +1,18 @@ -{ config, lib, namespace, ... }: -let +{ + config, + lib, + ... +}: let inherit (lib) mkIf mkEnableOption; cfg = config.sneeuwvlok.services.media.nfs; -in -{ +in { options.sneeuwvlok.services.media.nfs = { enable = mkEnableOption "Enable NFS"; }; config = mkIf cfg.enable { - networking.firewall.allowedTCPPorts = [ 2049 ]; + networking.firewall.allowedTCPPorts = [2049]; services.nfs.server = { enable = true; diff --git a/modules/nixos/services/media/servarr/default.nix b/modules/nixos/services/media/servarr/default.nix index 8f3e5db..2c6125d 100644 --- a/modules/nixos/services/media/servarr/default.nix +++ b/modules/nixos/services/media/servarr/default.nix @@ -2,8 +2,7 @@ pkgs, config, lib, - namespace, - terranixLib, + self, ... }: let inherit (builtins) toString; @@ -154,7 +153,7 @@ in { config' = config; lib' = lib; - terraformConfiguration = terranixLib.terranixConfiguration { + terraformConfiguration = self.inputs.terranix.lib.terranixConfiguration { system = pkgs.stdenv.hostPlatform.system; modules = [ diff --git a/modules/nixos/services/networking/caddy/default.nix b/modules/nixos/services/networking/caddy/default.nix index f2ee8fd..6194808 100644 --- a/modules/nixos/services/networking/caddy/default.nix +++ b/modules/nixos/services/networking/caddy/default.nix @@ -2,7 +2,6 @@ config, pkgs, lib, - namespace, ... }: let inherit (builtins) length; @@ -12,7 +11,7 @@ hasHosts = (cfg.hosts |> attrNames |> length) > 0; caddyPackage = pkgs.caddy.withPlugins { plugins = ["github.com/corazawaf/coraza-caddy/v2@v2.1.0"]; - hash = "sha256-rsDnTunR8C7hVOX5aKcba+iFYHbpWek65DZgbMxOdTs="; + hash = "sha256-pSXjLaZoRtKV3eFl2ySRSjl3yxi514G1Cb7pfrpxxtE="; }; in { options.sneeuwvlok.services.networking.caddy = { diff --git a/modules/nixos/services/networking/ssh/default.nix b/modules/nixos/services/networking/ssh/default.nix index e0442d7..60ca00a 100644 --- a/modules/nixos/services/networking/ssh/default.nix +++ b/modules/nixos/services/networking/ssh/default.nix @@ -1,7 +1,6 @@ { config, lib, - namespace, ... }: let inherit (lib.modules) mkIf; diff --git a/modules/nixos/services/networking/wireguard/default.nix b/modules/nixos/services/networking/wireguard/default.nix index bf22a53..01534c0 100644 --- a/modules/nixos/services/networking/wireguard/default.nix +++ b/modules/nixos/services/networking/wireguard/default.nix @@ -2,7 +2,6 @@ config, pkgs, lib, - namespace, ... }: let inherit (builtins) length; @@ -29,6 +28,7 @@ in { }; }; }); + default = {}; }; }; diff --git a/modules/nixos/services/observability/grafana/default.nix b/modules/nixos/services/observability/grafana/default.nix index 40fdc38..c3a5f9a 100644 --- a/modules/nixos/services/observability/grafana/default.nix +++ b/modules/nixos/services/observability/grafana/default.nix @@ -2,7 +2,6 @@ pkgs, config, lib, - namespace, ... }: let inherit (lib.modules) mkIf; diff --git a/modules/nixos/services/observability/loki/default.nix b/modules/nixos/services/observability/loki/default.nix index abe42ca..e45d680 100644 --- a/modules/nixos/services/observability/loki/default.nix +++ b/modules/nixos/services/observability/loki/default.nix @@ -2,7 +2,6 @@ pkgs, config, lib, - namespace, ... }: let inherit (lib.modules) mkIf; diff --git a/modules/nixos/services/observability/prometheus/default.nix b/modules/nixos/services/observability/prometheus/default.nix index 191d7c1..06c496c 100644 --- a/modules/nixos/services/observability/prometheus/default.nix +++ b/modules/nixos/services/observability/prometheus/default.nix @@ -1,11 +1,14 @@ -{ pkgs, config, lib, namespace, ... }: -let +{ + pkgs, + config, + lib, + ... +}: let inherit (builtins) toString; inherit (lib) mkIf mkEnableOption; cfg = config.sneeuwvlok.services.observability.prometheus; -in -{ +in { options.sneeuwvlok.services.observability.prometheus = { enable = mkEnableOption "enable Prometheus"; }; @@ -21,14 +24,14 @@ in { job_name = "prometheus"; static_configs = [ - { targets = [ "localhost:9002" ]; } + {targets = ["localhost:9002"];} ]; } { job_name = "node"; static_configs = [ - { targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ]; } + {targets = ["localhost:${toString config.services.prometheus.exporters.node.port}"];} ]; } ]; @@ -37,12 +40,12 @@ in node = { enable = true; port = 9005; - enabledCollectors = [ "systemd" ]; + enabledCollectors = ["systemd"]; openFirewall = true; }; }; }; - networking.firewall.allowedTCPPorts = [ 9002 ]; + networking.firewall.allowedTCPPorts = [9002]; }; } diff --git a/modules/nixos/services/observability/promtail/default.nix b/modules/nixos/services/observability/promtail/default.nix index 80bac51..cf5e6c1 100644 --- a/modules/nixos/services/observability/promtail/default.nix +++ b/modules/nixos/services/observability/promtail/default.nix @@ -2,7 +2,6 @@ pkgs, config, lib, - namespace, ... }: let inherit (lib.modules) mkIf; diff --git a/modules/nixos/services/observability/uptime-kuma/default.nix b/modules/nixos/services/observability/uptime-kuma/default.nix index 619da55..fc089fd 100644 --- a/modules/nixos/services/observability/uptime-kuma/default.nix +++ b/modules/nixos/services/observability/uptime-kuma/default.nix @@ -2,7 +2,6 @@ pkgs, config, lib, - namespace, ... }: let inherit (builtins) toString; diff --git a/modules/nixos/services/persistance/postgesql/default.nix b/modules/nixos/services/persistance/postgesql/default.nix index 7d06daa..86f63ec 100644 --- a/modules/nixos/services/persistance/postgesql/default.nix +++ b/modules/nixos/services/persistance/postgesql/default.nix @@ -2,7 +2,6 @@ config, lib, pkgs, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; diff --git a/modules/nixos/services/security/vaultwarden/default.nix b/modules/nixos/services/security/vaultwarden/default.nix index 9fa4687..47fe178 100644 --- a/modules/nixos/services/security/vaultwarden/default.nix +++ b/modules/nixos/services/security/vaultwarden/default.nix @@ -2,13 +2,12 @@ pkgs, config, lib, - namespace, - repoRoot, - sneeuwvlokLib, + self, ... }: let inherit (builtins) toString; inherit (lib) mkIf mkEnableOption mkOption types getAttrs toUpper concatMapAttrsStringSep; + inherit (import ../../../../../lib/strings {inherit lib;}) strings; cfg = config.sneeuwvlok.services.security.vaultwarden; @@ -27,15 +26,22 @@ }; }); - databaseProviderPostgresql = types.submodule ({...}: let - urlOptions = sneeuwvlokLib.options.mkUrlOptions { - host = { + databaseProviderPostgresql = types.submodule ({...}: { + options = { + type = mkOption { + type = types.enum ["postgresql"]; + }; + + host = mkOption { + type = types.str; + example = "host.tld"; description = '' Hostname of the postgresql server ''; }; - port = { + port = mkOption { + type = types.port; default = 5432; example = "5432"; description = '' @@ -44,38 +50,34 @@ }; protocol = mkOption { + type = types.str; default = "postgres"; example = "postgres"; + description = '' + Which protocol to use when creating a url string + ''; + }; + + sslMode = mkOption { + type = types.enum ["verify-ca" "verify-full" "require" "prefer" "allow" "disabled"]; + default = "verify-full"; + example = "verify-ca"; + description = '' + How to verify the server's ssl + + | mode | eavesdropping protection | MITM protection | Statement | + |-------------|--------------------------|----------------------|---------------------------------------------------------------------------------------------------------------------------------------------| + | disable | No | No | I don't care about security, and I don't want to pay the overhead of encryption. | + | allow | Maybe | No | I don't care about security, but I will pay the overhead of encryption if the server insists on it. | + | prefer | Maybe | No | I don't care about encryption, but I wish to pay the overhead of encryption if the server supports it. | + | require | Yes | No | I want my data to be encrypted, and I accept the overhead. I trust that the network will make sure I always connect to the server I want. | + | verify-ca | Yes | Depends on CA policy | I want my data encrypted, and I accept the overhead. I want to be sure that I connect to a server that I trust. | + | verify-full | Yes | Yes | I want my data encrypted, and I accept the overhead. I want to be sure that I connect to a server I trust, and that it's the one I specify. | + + [Source](https://www.postgresql.org/docs/current/libpq-ssl.html#LIBPQ-SSL-SSLMODE-STATEMENTS) + ''; }; }; - in { - options = - { - type = mkOption { - type = types.enum ["postgresql"]; - }; - - sslMode = mkOption { - type = types.enum ["verify-ca" "verify-full" "require" "prefer" "allow" "disabled"]; - default = "verify-full"; - example = "verify-ca"; - description = '' - How to verify the server's ssl - - | mode | eavesdropping protection | MITM protection | Statement | - |-------------|--------------------------|----------------------|---------------------------------------------------------------------------------------------------------------------------------------------| - | disable | No | No | I don't care about security, and I don't want to pay the overhead of encryption. | - | allow | Maybe | No | I don't care about security, but I will pay the overhead of encryption if the server insists on it. | - | prefer | Maybe | No | I don't care about encryption, but I wish to pay the overhead of encryption if the server supports it. | - | require | Yes | No | I want my data to be encrypted, and I accept the overhead. I trust that the network will make sure I always connect to the server I want. | - | verify-ca | Yes | Depends on CA policy | I want my data encrypted, and I accept the overhead. I want to be sure that I connect to a server that I trust. | - | verify-full | Yes | Yes | I want my data encrypted, and I accept the overhead. I want to be sure that I connect to a server I trust, and that it's the one I specify. | - - [Source](https://www.postgresql.org/docs/current/libpq-ssl.html#LIBPQ-SSL-SSLMODE-STATEMENTS) - ''; - }; - } - // (urlOptions |> getAttrs ["protocol" "host" "port"]); }); in { options.sneeuwvlok.services.security.vaultwarden = { @@ -120,7 +122,7 @@ in { enable = true; dbBackend = "postgresql"; - package = pkgs.callPackage (repoRoot + "/packages/vaultwarden/package.nix") {}; + package = pkgs.vaultwarden-postgresql; config = { SIGNUPS_ALLOWED = false; @@ -198,7 +200,7 @@ in { else if type == "postgresql" then { inherit (db) type; - url = sneeuwvlokLib.strings.toUrl { + url = strings.toUrl { inherit (db) protocol host port; path = "vaultwarden"; query = { diff --git a/modules/nixos/services/virtualisation/podman/default.nix b/modules/nixos/services/virtualisation/podman/default.nix index c827677..0d32495 100644 --- a/modules/nixos/services/virtualisation/podman/default.nix +++ b/modules/nixos/services/virtualisation/podman/default.nix @@ -3,7 +3,6 @@ options, lib, pkgs, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; diff --git a/modules/nixos/shells/zsh/default.nix b/modules/nixos/shells/zsh/default.nix index 1d9adb7..bb70922 100644 --- a/modules/nixos/shells/zsh/default.nix +++ b/modules/nixos/shells/zsh/default.nix @@ -3,7 +3,6 @@ config, lib, pkgs, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; diff --git a/modules/nixos/system/networking/default.nix b/modules/nixos/system/networking/default.nix index ab8842c..4bb580f 100644 --- a/modules/nixos/system/networking/default.nix +++ b/modules/nixos/system/networking/default.nix @@ -1,10 +1,13 @@ -{ config, lib, pkgs, namespace, ... }: -let +{ + config, + lib, + pkgs, + ... +}: let inherit (lib) mkDefault; cfg = config.sneeuwvlok.system.networking; -in -{ +in { options.sneeuwvlok.system.networking = {}; config = { diff --git a/modules/nixos/system/security/boot/default.nix b/modules/nixos/system/security/boot/default.nix index f911a7a..920ef16 100644 --- a/modules/nixos/system/security/boot/default.nix +++ b/modules/nixos/system/security/boot/default.nix @@ -1,6 +1,5 @@ { config, - namespace, inputs, ... }: let diff --git a/modules/nixos/system/security/default.nix b/modules/nixos/system/security/default.nix index 0b440b0..e6314d1 100644 --- a/modules/nixos/system/security/default.nix +++ b/modules/nixos/system/security/default.nix @@ -1,7 +1,6 @@ {...}: { flake.modules.nixos.sneeuwvlok.system.security = { config, - namespace, inputs, ... }: let diff --git a/modules/nixos/system/security/sops/default.nix b/modules/nixos/system/security/sops/default.nix index caef7be..e682f2c 100644 --- a/modules/nixos/system/security/sops/default.nix +++ b/modules/nixos/system/security/sops/default.nix @@ -1,8 +1,7 @@ { pkgs, config, - namespace, - repoRoot, + self, ... }: let cfg = config.sneeuwvlok.system.security.sops; @@ -14,7 +13,7 @@ in { sops = { defaultSopsFormat = "yaml"; - defaultSopsFile = repoRoot + "/systems/${pkgs.stdenv.hostPlatform.system}/${config.networking.hostName}/secrets.yml"; + defaultSopsFile = self + "/systems/${pkgs.stdenv.hostPlatform.system}/${config.networking.hostName}/secrets.yml"; age = { # keyFile = "~/.config/sops/age/keys.txt"; diff --git a/modules/nixos/system/security/sudo/default.nix b/modules/nixos/system/security/sudo/default.nix index 11f99d2..ef41f6e 100644 --- a/modules/nixos/system/security/sudo/default.nix +++ b/modules/nixos/system/security/sudo/default.nix @@ -1,8 +1,6 @@ -{ config, namespace, ... }: -let +{config, ...}: let cfg = config.sneeuwvlok.system.security.sudo; -in -{ +in { options.sneeuwvlok.system.security.sudo = {}; config = { @@ -11,7 +9,7 @@ in enable = false; execWheelOnly = true; }; - + sudo-rs = { enable = true; execWheelOnly = true; @@ -19,4 +17,4 @@ in }; }; }; -} \ No newline at end of file +}