chris/sneeuwvlok
chris/sneeuwvlok
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

wooooooot, we're compiling again

Browse source
This commit is contained in:
Chris Kruining 2026-03-26 14:00:25 +01:00
parent 97b63074f0
commit ba7c3392b9
No known key found for this signature in database
GPG key ID: EB894A3560CCCAD2
94 changed files with 654 additions and 677 deletions
Download patch file Download diff file Expand all files Collapse all files

14
modules/home/application/bitwarden/default.nix
View file

@ -1,15 +1,19 @@
{ inputs, config, lib, pkgs, namespace, ... }:
let
{
inputs,
config,
lib,
pkgs,
...
}: let
inherit (lib) mkIf mkEnableOption;
cfg = config.sneeuwvlok.application.bitwarden;
in
{
in {
options.sneeuwvlok.application.bitwarden = {
enable = mkEnableOption "enable bitwarden";
};
config = mkIf cfg.enable {
home.packages = with pkgs; [ bitwarden-desktop ];
home.packages = with pkgs; [bitwarden-desktop];
};
}

1
modules/home/application/chrome/default.nix
View file

@ -3,7 +3,6 @@
config,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption;

1
modules/home/application/discord/default.nix
View file

@ -3,7 +3,6 @@
config,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption;

14
modules/home/application/ladybird/default.nix
View file

@ -1,15 +1,19 @@
{ inputs, config, lib, pkgs, namespace, ... }:
let
{
inputs,
config,
lib,
pkgs,
...
}: let
inherit (lib) mkIf mkEnableOption;
cfg = config.sneeuwvlok.application.ladybird;
in
{
in {
options.sneeuwvlok.application.ladybird = {
enable = mkEnableOption "enable ladybird";
};
config = mkIf cfg.enable {
home.packages = with pkgs; [ ladybird ];
home.packages = with pkgs; [ladybird];
};
}

14
modules/home/application/matrix/default.nix
View file

@ -1,16 +1,20 @@
{ config, lib, pkgs, namespace, osConfig ? {}, ... }:
let
{
config,
lib,
pkgs,
osConfig ? {},
...
}: let
inherit (lib) mkIf mkEnableOption;
cfg = config.sneeuwvlok.application.matrix;
in
{
in {
options.sneeuwvlok.application.matrix = {
enable = mkEnableOption "enable Matrix client (Fractal)";
};
config = mkIf cfg.enable {
home.packages = with pkgs; [ fractal element-desktop ];
home.packages = with pkgs; [fractal element-desktop];
programs.element-desktop = {
enable = true;

1
modules/home/application/obs/default.nix
View file

@ -2,7 +2,6 @@
config,
lib,
pkgs,
namespace,
osConfig ? {},
...
}: let

1
modules/home/application/onlyoffice/default.nix
View file

@ -3,7 +3,6 @@
config,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption;

14
modules/home/application/signal/default.nix
View file

@ -1,15 +1,19 @@
{ inputs, config, lib, pkgs, namespace, ... }:
let
{
inputs,
config,
lib,
pkgs,
...
}: let
inherit (lib) mkIf mkEnableOption;
cfg = config.sneeuwvlok.application.signal;
in
{
in {
options.sneeuwvlok.application.signal = {
enable = mkEnableOption "enable signal";
};
config = mkIf cfg.enable {
home.packages = with pkgs; [ signal-desktop ];
home.packages = with pkgs; [signal-desktop];
};
}

1
modules/home/application/steam/default.nix
View file

@ -3,7 +3,6 @@
config,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption;

16
modules/home/application/studio/default.nix
View file

@ -1,18 +1,18 @@
{ config, lib, pkgs, namespace, repoRoot, erosanixLib, ... }:
let
{
config,
lib,
self,
...
}: let
inherit (lib) mkIf mkEnableOption;
cfg = config.sneeuwvlok.application.studio;
studioPackage = pkgs.callPackage (repoRoot + "/packages/studio/package.nix") {
inherit erosanixLib;
};
in
{
in {
options.sneeuwvlok.application.studio = {
enable = mkEnableOption "enable Bricklink Studio";
};
config = mkIf cfg.enable {
home.packages = [ studioPackage ];
home.packages = [self.packages.studio];
};
}

12
modules/home/application/teamspeak/default.nix
View file

@ -1,10 +1,14 @@
{ inputs, config, lib, pkgs, namespace, ... }:
let
{
inputs,
config,
lib,
pkgs,
...
}: let
inherit (lib) mkIf mkEnableOption;
cfg = config.sneeuwvlok.application.teamspeak;
in
{
in {
options.sneeuwvlok.application.teamspeak = {
enable = mkEnableOption "enable teamspeak";
};

16
modules/home/application/thunderbird/default.nix
View file

@ -1,10 +1,14 @@
{ inputs, config, lib, pkgs, namespace, ... }:
let
{
inputs,
config,
lib,
pkgs,
...
}: let
inherit (lib) mkIf mkEnableOption;
cfg = config.sneeuwvlok.application.thunderbird;
in
{
in {
options.sneeuwvlok.application.thunderbird = {
enable = mkEnableOption "enable thunderbird";
};
@ -14,7 +18,7 @@ in
enable = true;
package = pkgs.thunderbird-latest;
profiles.chris = {
profiles.chris = {
isDefault = true;
};
};
@ -30,7 +34,7 @@ in
};
thunderbird = {
enable = true;
profiles = [ "chris" ];
profiles = ["chris"];
};
};

1
modules/home/application/zen/default.nix
View file

@ -2,7 +2,6 @@
config,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption;

1
modules/home/default.nix
View file

@ -2,7 +2,6 @@
pkgs,
config,
lib,
namespace,
...
}: let
inherit (lib) mkOption;

14
modules/home/desktop/plasma/default.nix
View file

@ -1,13 +1,15 @@
{ config, lib, namespace, osConfig ? {}, ... }:
let
{
config,
lib,
osConfig ? {},
...
}: let
inherit (lib) mkIf;
cfg = config.sneeuwvlok.desktop.plasma;
osCfg = osConfig.sneeuwvlok.desktop.plasma or { enable = false; };
in
{
osCfg = osConfig.sneeuwvlok.desktop.plasma or {enable = false;};
in {
options.sneeuwvlok.desktop.plasma = {
};
config = mkIf osCfg.enable {

13
modules/home/development/dotnet/default.nix
View file

@ -1,15 +1,18 @@
{ config, lib, pkgs, namespace, ... }:
let
{
config,
lib,
pkgs,
...
}: let
inherit (lib) mkEnableOption mkIf;
cfg = config.sneeuwvlok.development.dotnet;
in
{
in {
options.sneeuwvlok.development.dotnet = {
enable = mkEnableOption "Enable dotnet development tools";
};
config = mkIf cfg.enable {
home.packages = with pkgs; [ dotnet-sdk_8 ];
home.packages = with pkgs; [dotnet-sdk_8];
};
}

13
modules/home/development/javascript/default.nix
View file

@ -1,15 +1,18 @@
{ config, lib, pkgs, namespace, ... }:
let
{
config,
lib,
pkgs,
...
}: let
inherit (lib) mkEnableOption mkIf;
cfg = config.sneeuwvlok.development.javascript;
in
{
in {
options.sneeuwvlok.development.javascript = {
enable = mkEnableOption "Enable javascript development tools";
};
config = mkIf cfg.enable {
home.packages = with pkgs; [ bun nodejs nodePackages_latest.typescript-language-server ];
home.packages = with pkgs; [bun nodejs nodePackages_latest.typescript-language-server];
};
}

1
modules/home/development/rust/default.nix
View file

@ -2,7 +2,6 @@
config,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkEnableOption mkIf;

1
modules/home/editor/nano/default.nix
View file

@ -3,7 +3,6 @@
options,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkEnableOption mkIf;

1
modules/home/editor/nvim/default.nix
View file

@ -3,7 +3,6 @@
config,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption;

14
modules/home/editor/zed/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, namespace, ... }: let
{
config,
lib,
pkgs,
...
}: let
inherit (lib) mkIf mkEnableOption;
cfg = config.sneeuwvlok.editor.zed;
@ -9,13 +14,16 @@ in {
config = mkIf cfg.enable {
home.packages = with pkgs; [
zed-editor nixd nil alejandra
zed-editor
nixd
nil
alejandra
];
programs.zed-editor = {
enable = true;
extensions = [ "nix" "toml" "html" "just-ls" ];
extensions = ["nix" "toml" "html" "just-ls"];
userSettings = {
assistant.enabled = false;

1
modules/home/game/minecraft/default.nix
View file

@ -3,7 +3,6 @@
config,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption;

17
modules/home/shell/default.nix
View file

@ -1,10 +1,13 @@
{ config, lib, pkgs, namespace, ... }:
let
{
config,
lib,
pkgs,
...
}: let
inherit (lib) mkIf mkMerge mkEnableOption mkDefault;
cfg = config.sneeuwvlok.shell;
in
{
in {
imports = [
./toolset
./zsh
@ -30,8 +33,8 @@ in
};
})
({
home.packages = with pkgs; [ any-nix-shell pwgen yt-dlp ripdrag fd (ripgrep.override {withPCRE2 = true;}) ];
{
home.packages = with pkgs; [any-nix-shell pwgen yt-dlp ripdrag fd (ripgrep.override {withPCRE2 = true;})];
programs = {
direnv = {
@ -45,6 +48,6 @@ in
config.whitelist.prefix = ["/home"];
};
};
})
}
];
}

1
modules/home/shell/toolset/bat/default.nix
View file

@ -2,7 +2,6 @@
config,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption;

1
modules/home/shell/toolset/btop/default.nix
View file

@ -2,7 +2,6 @@
config,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption;

1
modules/home/shell/toolset/eza/default.nix
View file

@ -2,7 +2,6 @@
config,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption;

1
modules/home/shell/toolset/fzf/default.nix
View file

@ -2,7 +2,6 @@
config,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption;

1
modules/home/shell/toolset/git/default.nix
View file

@ -2,7 +2,6 @@
config,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkEnableOption mkIf;

1
modules/home/shell/toolset/gnugpg/default.nix
View file

@ -2,7 +2,6 @@
config,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption;

1
modules/home/shell/toolset/just/default.nix
View file

@ -2,7 +2,6 @@
config,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkEnableOption mkIf;

13
modules/home/shell/toolset/starship/default.nix
View file

@ -1,16 +1,19 @@
{ config, lib, pkgs, namespace, ... }:
let
{
config,
lib,
pkgs,
...
}: let
inherit (lib) mkIf mkEnableOption;
cfg = config.sneeuwvlok.shell.toolset.starship;
in
{
in {
options.sneeuwvlok.shell.toolset.starship = {
enable = mkEnableOption "fancy pansy shell prompt";
};
config = mkIf cfg.enable {
home.packages = with pkgs; [ starship ];
home.packages = with pkgs; [starship];
programs.starship = {
enable = true;

17
modules/home/shell/toolset/tmux/default.nix
View file

@ -1,16 +1,19 @@
{ config, lib, pkgs, namespace, ... }:
let
{
config,
lib,
pkgs,
...
}: let
inherit (lib) mkIf mkEnableOption;
cfg = config.sneeuwvlok.shell.toolset.tmux;
in
{
options.sneeuwvlok.shell.toolset.tmux = {
enable = mkEnableOption "terminal multiplexer";
in {
options.sneeuwvlok.shell.toolset.tmux = {
enable = mkEnableOption "terminal multiplexer";
};
config = mkIf cfg.enable {
home.packages = with pkgs; [ tmux ];
home.packages = with pkgs; [tmux];
programs.tmux = {
enable = true;

1
modules/home/shell/toolset/yazi/default.nix
View file

@ -2,7 +2,6 @@
config,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption;

13
modules/home/shell/toolset/zellij/default.nix
View file

@ -1,16 +1,19 @@
{ config, lib, pkgs, namespace, ... }:
let
{
config,
lib,
pkgs,
...
}: let
inherit (lib) mkIf mkEnableOption;
cfg = config.sneeuwvlok.shell.toolset.zellij;
in
{
in {
options.sneeuwvlok.shell.toolset.zellij = {
enable = mkEnableOption "terminal multiplexer";
};
config = mkIf cfg.enable {
home.packages = with pkgs; [ zellij ];
home.packages = with pkgs; [zellij];
programs.zellij = {
enable = true;

1
modules/home/shell/toolset/zoxide/default.nix
View file

@ -2,7 +2,6 @@
config,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption;

11
modules/home/shell/zsh/default.nix
View file

@ -1,10 +1,13 @@
{ config, lib, pkgs, namespace, ... }:
let
{
config,
lib,
pkgs,
...
}: let
inherit (lib) mkIf mkEnableOption;
cfg = config.sneeuwvlok.shell.zsh;
in
{
in {
options.sneeuwvlok.shell.zsh = {
enable = mkEnableOption "enable ZSH";
};

1
modules/home/terminal/alacritty/default.nix
View file

@ -1,7 +1,6 @@
{
config,
lib,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption;

1
modules/home/terminal/ghostty/default.nix
View file

@ -1,7 +1,6 @@
{
config,
lib,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption;

1
modules/home/themes/default.nix
View file

@ -2,7 +2,6 @@
config,
lib,
pkgs,
namespace,
osConfig ? {},
...
}: let

2
modules/nixos/application/steam.nix
View file

@ -12,7 +12,7 @@ in {
enable = mkEnableOption "enable steam";
};
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [steam];
# environment.systemPackages = with pkgs; [steam];
programs = {
steam = {

1
modules/nixos/boot/default.nix
View file

@ -1,7 +1,6 @@
{
inputs,
lib,
namespace,
config,
pkgs,
...

1
modules/nixos/desktop/cosmic/default.nix
View file

@ -1,7 +1,6 @@
{
lib,
config,
namespace,
inputs,
...
}: let

1
modules/nixos/desktop/default.nix
View file

@ -1,7 +1,6 @@
{
lib,
config,
namespace,
...
}: let
inherit (lib) mkIf mkOption mkEnableOption mkMerge;

1
modules/nixos/desktop/gamescope/default.nix
View file

@ -1,7 +1,6 @@
{
lib,
config,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption mkForce;

1
modules/nixos/desktop/gnome/default.nix
View file

@ -1,7 +1,6 @@
{
lib,
config,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption;

1
modules/nixos/desktop/plasma/default.nix
View file

@ -2,7 +2,6 @@
pkgs,
lib,
config,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption;

12
modules/nixos/editor/nano/default.nix
View file

@ -1,10 +1,14 @@
{ config, options, lib, pkgs, namespace, ... }:
let
{
config,
options,
lib,
pkgs,
...
}: let
inherit (lib) mkEnableOption mkIf;
cfg = config.sneeuwvlok.editor.nano;
in
{
in {
options.sneeuwvlok.editor.nano = {
enable = mkEnableOption "nano";
};

16
modules/nixos/editor/nvim/default.nix
View file

@ -1,14 +1,18 @@
{ config, lib, pkgs, namespace, ... }:
let
{
config,
lib,
pkgs,
...
}: let
inherit (lib) mkIf mkEnableOption;
cfg = config.sneeuwvlok.editor.nvim;
in
{
in {
options.sneeuwvlok.editor.nvim = {
enable = mkEnableOption "enable nvim via nvf on system level";
};
config = mkIf cfg.enable {
};
config =
mkIf cfg.enable {
};
}

11
modules/nixos/hardware/audio/default.nix
View file

@ -1,10 +1,13 @@
{ pkgs, lib, namespace, config, ... }:
let
{
pkgs,
lib,
config,
...
}: let
inherit (lib) mkIf mkEnableOption;
cfg = config.sneeuwvlok.hardware.has.audio;
in
{
in {
options.sneeuwvlok.hardware.has.audio = mkEnableOption "Enable bluetooth";
config = mkIf cfg {

12
modules/nixos/hardware/bluetooth/default.nix
View file

@ -1,10 +1,12 @@
{ lib, namespace, config, ... }:
let
{
lib,
config,
...
}: let
inherit (lib) mkIf mkEnableOption;
cfg = config.sneeuwvlok.hardware.has.bluetooth;
in
{
in {
options.sneeuwvlok.hardware.has.bluetooth = mkEnableOption "Enable bluetooth";
config = mkIf cfg {
@ -21,7 +23,7 @@ in
"bluez5.enable-sbc-xq" = true;
"bluez5.enable-msbc" = true;
"bluez5.enable-hw-volume" = true;
"bluez5.roles" = [ "hsp_hs" "hsp_ag" "hfp_hf" "hfp_ag" ];
"bluez5.roles" = ["hsp_hs" "hsp_ag" "hfp_hf" "hfp_ag"];
};
};
};

1
modules/nixos/hardware/gpu/amd/default.nix
View file

@ -1,7 +1,6 @@
{
pkgs,
lib,
namespace,
config,
...
}: let

13
modules/nixos/hardware/gpu/nvidia.nix
View file

@ -1,14 +1,17 @@
{ pkgs, lib, namespace, config, ... }:
let
{
pkgs,
lib,
config,
...
}: let
inherit (lib) mkIf mkEnableOption;
cfg = config.sneeuwvlok.hardware.has.gpu.nvidia;
in
{
in {
options.sneeuwvlok.hardware.has.gpu.nvidia = mkEnableOption "Enable NVidia gpu configuration";
config = mkIf cfg {
services.xserver.videoDrivers = [ "nvidia" ];
services.xserver.videoDrivers = ["nvidia"];
hardware = {
graphics = {

1
modules/nixos/hardware/gpu/nvidia/default.nix
View file

@ -1,7 +1,6 @@
{
pkgs,
lib,
namespace,
config,
...
}: let

1
modules/nixos/hardware/keyboard/voyager.nix
View file

@ -2,7 +2,6 @@
lib,
config,
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption;

1
modules/nixos/nix/default.nix
View file

@ -1,7 +1,6 @@
{
pkgs,
lib,
namespace,
config,
...
}: let

1
modules/nixos/services/authentication/authelia/default.nix
View file

@ -2,7 +2,6 @@
config,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption;

1
modules/nixos/services/authentication/himmelblau/default.nix
View file

@ -1,7 +1,6 @@
{
lib,
config,
namespace,
...
}: let
inherit (lib) mkEnableOption mkIf;

6
modules/nixos/services/authentication/zitadel/default.nix
View file

@ -1,7 +1,7 @@
{ config, lib, pkgs, namespace, terranixLib, sneeuwvlokLib, ... }:
{ config, lib, pkgs, self, ... }:
let
inherit (lib) mkIf mkEnableOption mkOption types toUpper toSentenceCase nameValuePair mapAttrs mapAttrs' concatMapAttrs concatMapStringsSep filterAttrsRecursive listToAttrs imap0 head drop length literalExpression attrNames;
inherit (sneeuwvlokLib.strings) toSnakeCase;
inherit ((import ../../../../../lib/strings { inherit lib;}).strings) toSnakeCase;
cfg = config.sneeuwvlok.services.authentication.zitadel;
@ -339,7 +339,7 @@ in
config' = config;
# this is a nix package, the generated json file to be exact
terraformConfiguration = terranixLib.terranixConfiguration {
terraformConfiguration = self.inputs.terranix.lib.terranixConfiguration {
system = pkgs.stdenv.hostPlatform.system;
modules = [

11
modules/nixos/services/backup/borg/default.nix
View file

@ -1,10 +1,13 @@
{ config, lib, pkgs, namespace, ... }:
let
{
config,
lib,
pkgs,
...
}: let
inherit (lib) mkIf mkEnableOption;
cfg = config.sneeuwvlok.services.backup.borg;
in
{
in {
options.sneeuwvlok.services.backup.borg = {
enable = mkEnableOption "Borg Backup";
};

1
modules/nixos/services/communication/matrix/default.nix
View file

@ -2,7 +2,6 @@
config,
lib,
pkgs,
namespace,
...
}: let
inherit (builtins) toString toJSON;

1
modules/nixos/services/development/forgejo/default.nix
View file

@ -2,7 +2,6 @@
config,
lib,
pkgs,
namespace,
...
}: let
inherit (builtins) toString;

1
modules/nixos/services/games/minecraft/default.nix
View file

@ -2,7 +2,6 @@
config,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption mkOption;

1
modules/nixos/services/games/openrct.nix
View file

@ -2,7 +2,6 @@
config,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption;

1
modules/nixos/services/games/palworld/default.nix
View file

@ -1,7 +1,6 @@
{
config,
lib,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption;

1
modules/nixos/services/media/default.nix
View file

@ -1,7 +1,6 @@
{
pkgs,
lib,
namespace,
config,
...
}: let

1
modules/nixos/services/media/glance/default.nix
View file

@ -1,7 +1,6 @@
{
config,
lib,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption;

1
modules/nixos/services/media/jellyfin/default.nix
View file

@ -2,7 +2,6 @@
pkgs,
config,
lib,
namespace,
inputs,
...
}: let

1
modules/nixos/services/media/mydia/default.nix
View file

@ -1,7 +1,6 @@
{
config,
lib,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption;

1
modules/nixos/services/media/nextcloud/default.nix
View file

@ -2,7 +2,6 @@
config,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption mkOption;

12
modules/nixos/services/media/nfs/default.nix
View file

@ -1,16 +1,18 @@
{ config, lib, namespace, ... }:
let
{
config,
lib,
...
}: let
inherit (lib) mkIf mkEnableOption;
cfg = config.sneeuwvlok.services.media.nfs;
in
{
in {
options.sneeuwvlok.services.media.nfs = {
enable = mkEnableOption "Enable NFS";
};
config = mkIf cfg.enable {
networking.firewall.allowedTCPPorts = [ 2049 ];
networking.firewall.allowedTCPPorts = [2049];
services.nfs.server = {
enable = true;

5
modules/nixos/services/media/servarr/default.nix
View file

@ -2,8 +2,7 @@
pkgs,
config,
lib,
namespace,
terranixLib,
self,
...
}: let
inherit (builtins) toString;
@ -154,7 +153,7 @@ in {
config' = config;
lib' = lib;
terraformConfiguration = terranixLib.terranixConfiguration {
terraformConfiguration = self.inputs.terranix.lib.terranixConfiguration {
system = pkgs.stdenv.hostPlatform.system;
modules = [

3
modules/nixos/services/networking/caddy/default.nix
View file

@ -2,7 +2,6 @@
config,
pkgs,
lib,
namespace,
...
}: let
inherit (builtins) length;
@ -12,7 +11,7 @@
hasHosts = (cfg.hosts |> attrNames |> length) > 0;
caddyPackage = pkgs.caddy.withPlugins {
plugins = ["github.com/corazawaf/coraza-caddy/v2@v2.1.0"];
hash = "sha256-rsDnTunR8C7hVOX5aKcba+iFYHbpWek65DZgbMxOdTs=";
hash = "sha256-pSXjLaZoRtKV3eFl2ySRSjl3yxi514G1Cb7pfrpxxtE=";
};
in {
options.sneeuwvlok.services.networking.caddy = {

1
modules/nixos/services/networking/ssh/default.nix
View file

@ -1,7 +1,6 @@
{
config,
lib,
namespace,
...
}: let
inherit (lib.modules) mkIf;

2
modules/nixos/services/networking/wireguard/default.nix
View file

@ -2,7 +2,6 @@
config,
pkgs,
lib,
namespace,
...
}: let
inherit (builtins) length;
@ -29,6 +28,7 @@ in {
};
};
});
default = {};
};
};

1
modules/nixos/services/observability/grafana/default.nix
View file

@ -2,7 +2,6 @@
pkgs,
config,
lib,
namespace,
...
}: let
inherit (lib.modules) mkIf;

1
modules/nixos/services/observability/loki/default.nix
View file

@ -2,7 +2,6 @@
pkgs,
config,
lib,
namespace,
...
}: let
inherit (lib.modules) mkIf;

19
modules/nixos/services/observability/prometheus/default.nix
View file

@ -1,11 +1,14 @@
{ pkgs, config, lib, namespace, ... }:
let
{
pkgs,
config,
lib,
...
}: let
inherit (builtins) toString;
inherit (lib) mkIf mkEnableOption;
cfg = config.sneeuwvlok.services.observability.prometheus;
in
{
in {
options.sneeuwvlok.services.observability.prometheus = {
enable = mkEnableOption "enable Prometheus";
};
@ -21,14 +24,14 @@ in
{
job_name = "prometheus";
static_configs = [
{ targets = [ "localhost:9002" ]; }
{targets = ["localhost:9002"];}
];
}
{
job_name = "node";
static_configs = [
{ targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ]; }
{targets = ["localhost:${toString config.services.prometheus.exporters.node.port}"];}
];
}
];
@ -37,12 +40,12 @@ in
node = {
enable = true;
port = 9005;
enabledCollectors = [ "systemd" ];
enabledCollectors = ["systemd"];
openFirewall = true;
};
};
};
networking.firewall.allowedTCPPorts = [ 9002 ];
networking.firewall.allowedTCPPorts = [9002];
};
}

1
modules/nixos/services/observability/promtail/default.nix
View file

@ -2,7 +2,6 @@
pkgs,
config,
lib,
namespace,
...
}: let
inherit (lib.modules) mkIf;

1
modules/nixos/services/observability/uptime-kuma/default.nix
View file

@ -2,7 +2,6 @@
pkgs,
config,
lib,
namespace,
...
}: let
inherit (builtins) toString;

1
modules/nixos/services/persistance/postgesql/default.nix
View file

@ -2,7 +2,6 @@
config,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption;

76
modules/nixos/services/security/vaultwarden/default.nix
View file

@ -2,13 +2,12 @@
pkgs,
config,
lib,
namespace,
repoRoot,
sneeuwvlokLib,
self,
...
}: let
inherit (builtins) toString;
inherit (lib) mkIf mkEnableOption mkOption types getAttrs toUpper concatMapAttrsStringSep;
inherit (import ../../../../../lib/strings {inherit lib;}) strings;
cfg = config.sneeuwvlok.services.security.vaultwarden;
@ -27,15 +26,22 @@
};
});
databaseProviderPostgresql = types.submodule ({...}: let
urlOptions = sneeuwvlokLib.options.mkUrlOptions {
host = {
databaseProviderPostgresql = types.submodule ({...}: {
options = {
type = mkOption {
type = types.enum ["postgresql"];
};
host = mkOption {
type = types.str;
example = "host.tld";
description = ''
Hostname of the postgresql server
'';
};
port = {
port = mkOption {
type = types.port;
default = 5432;
example = "5432";
description = ''
@ -44,38 +50,34 @@
};
protocol = mkOption {
type = types.str;
default = "postgres";
example = "postgres";
description = ''
Which protocol to use when creating a url string
'';
};
sslMode = mkOption {
type = types.enum ["verify-ca" "verify-full" "require" "prefer" "allow" "disabled"];
default = "verify-full";
example = "verify-ca";
description = ''
How to verify the server's ssl
| mode | eavesdropping protection | MITM protection | Statement |
|-------------|--------------------------|----------------------|---------------------------------------------------------------------------------------------------------------------------------------------|
| disable | No | No | I don't care about security, and I don't want to pay the overhead of encryption. |
| allow | Maybe | No | I don't care about security, but I will pay the overhead of encryption if the server insists on it. |
| prefer | Maybe | No | I don't care about encryption, but I wish to pay the overhead of encryption if the server supports it. |
| require | Yes | No | I want my data to be encrypted, and I accept the overhead. I trust that the network will make sure I always connect to the server I want. |
| verify-ca | Yes | Depends on CA policy | I want my data encrypted, and I accept the overhead. I want to be sure that I connect to a server that I trust. |
| verify-full | Yes | Yes | I want my data encrypted, and I accept the overhead. I want to be sure that I connect to a server I trust, and that it's the one I specify. |
[Source](https://www.postgresql.org/docs/current/libpq-ssl.html#LIBPQ-SSL-SSLMODE-STATEMENTS)
'';
};
};
in {
options =
{
type = mkOption {
type = types.enum ["postgresql"];
};
sslMode = mkOption {
type = types.enum ["verify-ca" "verify-full" "require" "prefer" "allow" "disabled"];
default = "verify-full";
example = "verify-ca";
description = ''
How to verify the server's ssl
| mode | eavesdropping protection | MITM protection | Statement |
|-------------|--------------------------|----------------------|---------------------------------------------------------------------------------------------------------------------------------------------|
| disable | No | No | I don't care about security, and I don't want to pay the overhead of encryption. |
| allow | Maybe | No | I don't care about security, but I will pay the overhead of encryption if the server insists on it. |
| prefer | Maybe | No | I don't care about encryption, but I wish to pay the overhead of encryption if the server supports it. |
| require | Yes | No | I want my data to be encrypted, and I accept the overhead. I trust that the network will make sure I always connect to the server I want. |
| verify-ca | Yes | Depends on CA policy | I want my data encrypted, and I accept the overhead. I want to be sure that I connect to a server that I trust. |
| verify-full | Yes | Yes | I want my data encrypted, and I accept the overhead. I want to be sure that I connect to a server I trust, and that it's the one I specify. |
[Source](https://www.postgresql.org/docs/current/libpq-ssl.html#LIBPQ-SSL-SSLMODE-STATEMENTS)
'';
};
}
// (urlOptions |> getAttrs ["protocol" "host" "port"]);
});
in {
options.sneeuwvlok.services.security.vaultwarden = {
@ -120,7 +122,7 @@ in {
enable = true;
dbBackend = "postgresql";
package = pkgs.callPackage (repoRoot + "/packages/vaultwarden/package.nix") {};
package = pkgs.vaultwarden-postgresql;
config = {
SIGNUPS_ALLOWED = false;
@ -198,7 +200,7 @@ in {
else if type == "postgresql"
then {
inherit (db) type;
url = sneeuwvlokLib.strings.toUrl {
url = strings.toUrl {
inherit (db) protocol host port;
path = "vaultwarden";
query = {

1
modules/nixos/services/virtualisation/podman/default.nix
View file

@ -3,7 +3,6 @@
options,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption;

1
modules/nixos/shells/zsh/default.nix
View file

@ -3,7 +3,6 @@
config,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption;

11
modules/nixos/system/networking/default.nix
View file

@ -1,10 +1,13 @@
{ config, lib, pkgs, namespace, ... }:
let
{
config,
lib,
pkgs,
...
}: let
inherit (lib) mkDefault;
cfg = config.sneeuwvlok.system.networking;
in
{
in {
options.sneeuwvlok.system.networking = {};
config = {

1
modules/nixos/system/security/boot/default.nix
View file

@ -1,6 +1,5 @@
{
config,
namespace,
inputs,
...
}: let

1
modules/nixos/system/security/default.nix
View file

@ -1,7 +1,6 @@
{...}: {
flake.modules.nixos.sneeuwvlok.system.security = {
config,
namespace,
inputs,
...
}: let

5
modules/nixos/system/security/sops/default.nix
View file

@ -1,8 +1,7 @@
{
pkgs,
config,
namespace,
repoRoot,
self,
...
}: let
cfg = config.sneeuwvlok.system.security.sops;
@ -14,7 +13,7 @@ in {
sops = {
defaultSopsFormat = "yaml";
defaultSopsFile = repoRoot + "/systems/${pkgs.stdenv.hostPlatform.system}/${config.networking.hostName}/secrets.yml";
defaultSopsFile = self + "/systems/${pkgs.stdenv.hostPlatform.system}/${config.networking.hostName}/secrets.yml";
age = {
# keyFile = "~/.config/sops/age/keys.txt";

10
modules/nixos/system/security/sudo/default.nix
View file

@ -1,8 +1,6 @@
{ config, namespace, ... }:
let
{config, ...}: let
cfg = config.sneeuwvlok.system.security.sudo;
in
{
in {
options.sneeuwvlok.system.security.sudo = {};
config = {
@ -11,7 +9,7 @@ in
enable = false;
execWheelOnly = true;
};
sudo-rs = {
enable = true;
execWheelOnly = true;
@ -19,4 +17,4 @@ in
};
};
};
}
}