diff --git a/nixos/common/generic-lxc.nix b/nixos/common/generic-lxc.nix index a28b708..d4db44c 100644 --- a/nixos/common/generic-lxc.nix +++ b/nixos/common/generic-lxc.nix @@ -1,4 +1,4 @@ -{ ... }: { +{ _ }: { # See also: https://blog.xirion.net/posts/nixos-proxmox-lxc/ # Supress systemd services that don't work (correctly) on LXC diff --git a/nixos/common/modules/dns.nix b/nixos/common/modules/dns.nix index f5bd52c..6a34880 100644 --- a/nixos/common/modules/dns.nix +++ b/nixos/common/modules/dns.nix @@ -37,7 +37,7 @@ in }; config = mkIf cfg.enable { - networking.firewall = mkIf (cfg.openFirewall) { + networking.firewall = mkIf cfg.openFirewall { allowedTCPPorts = [ 53 ]; allowedUDPPorts = [ 53 ]; }; diff --git a/nixos/common/modules/flood.nix b/nixos/common/modules/flood.nix index 9db0553..fbdef0a 100644 --- a/nixos/common/modules/flood.nix +++ b/nixos/common/modules/flood.nix @@ -115,7 +115,7 @@ in { # Create user if set to default users.users = mkIf (cfg.user == "flood") { flood = { - group = cfg.group; + inherit (cfg) group; shell = pkgs.bashInteractive; home = cfg.dataDir; description = "flood Daemon user"; @@ -124,7 +124,7 @@ in { }; # Open firewall if option is set to do so. - networking.firewall.allowedTCPPorts = mkIf (cfg.openFirewall) [ cfg.port ]; + networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.port ]; # The actual service systemd.services.flood = { diff --git a/nixos/common/modules/unpackerr.nix b/nixos/common/modules/unpackerr.nix index 3bba647..2d59cbf 100644 --- a/nixos/common/modules/unpackerr.nix +++ b/nixos/common/modules/unpackerr.nix @@ -244,7 +244,7 @@ in # Create user if set to default users.users = mkIf (cfg.user == "unpackerr") { unpackerr = { - group = cfg.group; + inherit (cfg) group; shell = pkgs.bashInteractive; createHome = false; description = "unpackerr Daemon user"; diff --git a/nixos/hosts/hades/mastodon/configuration.nix b/nixos/hosts/hades/mastodon/configuration.nix index 6586286..38a81d0 100644 --- a/nixos/hosts/hades/mastodon/configuration.nix +++ b/nixos/hosts/hades/mastodon/configuration.nix @@ -2,8 +2,7 @@ let vs = config.vault-secrets.secrets; cfg = config.services.mastodon; -in -{ +in { system.stateVersion = "21.05"; # Use DHCP with static leases networking.interfaces.eth0.useDHCP = true; @@ -19,8 +18,7 @@ in vault-secrets.secrets.mastodon = { services = [ "mastodon-init-dirs" "mastodon" "mastodon-media-prune" ]; - user = cfg.user; - group = cfg.group; + inherit (cfg) user group; }; # Append the init-dirs script to add AWS/Minio secrets @@ -47,7 +45,7 @@ in elasticsearch = { host = "127.0.0.1"; - port = config.services.elasticsearch.port; + inherit (config.services.elasticsearch) port; }; database = { @@ -98,23 +96,21 @@ in }; # https://github.com/NixOS/nixpkgs/issues/116418#issuecomment-799517120 - systemd.services.mastodon-media-prune = - let - cfg = config.services.mastodon; - in - { - description = "Mastodon media prune"; - environment = lib.filterAttrs (n: _: n != "PATH") config.systemd.services.mastodon-web.environment; - serviceConfig = { - Type = "oneshot"; - # Remove remote media attachments older than one month. - ExecStart = "${cfg.package}/bin/tootctl media remove --days=30"; - User = cfg.user; - Group = cfg.group; - EnvironmentFile = "/var/lib/mastodon/.secrets_env"; - PrivateTmp = true; - }; + systemd.services.mastodon-media-prune = let cfg = config.services.mastodon; + in { + description = "Mastodon media prune"; + environment = lib.filterAttrs (n: _: n != "PATH") + config.systemd.services.mastodon-web.environment; + serviceConfig = { + Type = "oneshot"; + # Remove remote media attachments older than one month. + ExecStart = "${cfg.package}/bin/tootctl media remove --days=30"; + User = cfg.user; + Group = cfg.group; + EnvironmentFile = "/var/lib/mastodon/.secrets_env"; + PrivateTmp = true; }; + }; systemd.timers.mastodon-media-prune = { description = "Mastodon media prune"; @@ -126,7 +122,6 @@ in }; }; - networking.firewall = - let cfg = config.services.mastodon; - in { allowedTCPPorts = [ cfg.streamingPort cfg.webPort ]; }; + networking.firewall = let cfg = config.services.mastodon; + in { allowedTCPPorts = [ cfg.streamingPort cfg.webPort ]; }; } diff --git a/nixos/hosts/hades/rtorrent/configuration.nix b/nixos/hosts/hades/rtorrent/configuration.nix index d033751..e6c60d3 100644 --- a/nixos/hosts/hades/rtorrent/configuration.nix +++ b/nixos/hosts/hades/rtorrent/configuration.nix @@ -1,9 +1,7 @@ { config, pkgs, ... }: -let vs = config.vault-secrets.secrets; in -{ - imports = [ - ./rtorrent.nix - ]; +let vs = config.vault-secrets.secrets; +in { + imports = [ ./rtorrent.nix ]; networking.interfaces.eth0.useDHCP = true; system.stateVersion = "22.05"; @@ -17,35 +15,31 @@ let vs = config.vault-secrets.secrets; in enable = true; host = "0.0.0.0"; openFirewall = true; - downloadDir = config.services.rtorrent.downloadDir; + inherit (config.services.rtorrent) downloadDir; }; - vault-secrets.secrets.rtorrent = { - services = [ "wg-quick-wg0" ]; - }; + vault-secrets.secrets.rtorrent = { services = [ "wg-quick-wg0" ]; }; # Mullvad VPN - networking.wg-quick.interfaces = let + networking.wg-quick.interfaces = let postUpScript = pkgs.writeScriptBin "post_up" '' #!${pkgs.stdenv.shell} ${pkgs.iproute2}/bin/ip route add 10.42.42.0/23 via 192.168.0.1 ${pkgs.iproute2}/bin/ip route add 10.100.0.0/24 via 192.168.0.1 ''; - in{ + in { wg0 = { address = [ "10.66.153.191/32" "fc00:bbbb:bbbb:bb01::3:99be/128" ]; dns = [ "193.138.218.74" ]; privateKeyFile = "${vs.rtorrent}/wireguardKey"; postUp = "${postUpScript}/bin/post_up || true"; - peers = [ - { - publicKey = "hnRorSW0YHlHAzGb4Uc/sjOqQIrqDnpJnTQi/n7Rp1c="; - allowedIPs = [ "0.0.0.0/0" "::/0" ]; - endpoint = "185.65.134.223:51820"; - persistentKeepalive = 25; - } - ]; + peers = [{ + publicKey = "hnRorSW0YHlHAzGb4Uc/sjOqQIrqDnpJnTQi/n7Rp1c="; + allowedIPs = [ "0.0.0.0/0" "::/0" ]; + endpoint = "185.65.134.223:51820"; + persistentKeepalive = 25; + }]; }; }; } diff --git a/nixos/hosts/olympus/outline/configuration.nix b/nixos/hosts/olympus/outline/configuration.nix index 4536240..3b792c9 100644 --- a/nixos/hosts/olympus/outline/configuration.nix +++ b/nixos/hosts/olympus/outline/configuration.nix @@ -23,8 +23,7 @@ let vs = config.vault-secrets.secrets; in ]; vault-secrets.secrets.outline = { - user = config.services.outline.user; - group = config.services.outline.group; + inherit (config.services.outline) user group; }; services.outline = { diff --git a/nixos/hosts/thalassa/aoife/configuration.nix b/nixos/hosts/thalassa/aoife/configuration.nix index 65d2faf..7462dfd 100644 --- a/nixos/hosts/thalassa/aoife/configuration.nix +++ b/nixos/hosts/thalassa/aoife/configuration.nix @@ -46,11 +46,33 @@ # Enable the X11 windowing system. services.xserver.enable = true; + services.xserver.excludePackages = [ pkgs.xterm ]; # Enable the GNOME Desktop Environment. services.xserver.displayManager.gdm.enable = true; services.xserver.desktopManager.gnome.enable = true; services.udev.packages = with pkgs; [ gnome.gnome-settings-daemon ]; + environment.gnome.excludePackages = + (with pkgs; [ gnome-photos gnome-tour gnome-connections ]) + ++ (with pkgs.gnome; [ + atomix # puzzle game + epiphany # web browser + geary # email reader + gedit # text editor + gnome-calendar + gnome-clocks + gnome-contacts + gnome-maps + gnome-music + gnome-notes + gnome-terminal + gnome-weather + hitori # sudoku game + iagno # go game + simple-scan # document scanner + tali # poker game + totem # video player + ]); programs.dconf.enable = true; services.udisks2.enable = true; @@ -84,8 +106,8 @@ #media-session.enable = true; }; - environment.systemPackages = with pkgs; [ - gnome3.gnome-tweaks + environment.systemPackages = with pkgs; [ + gnome3.gnome-tweaks wireguard-tools ]; diff --git a/nixos/hosts/thalassa/aoife/home/default.nix b/nixos/hosts/thalassa/aoife/home/default.nix index 7016713..f763986 100644 --- a/nixos/hosts/thalassa/aoife/home/default.nix +++ b/nixos/hosts/thalassa/aoife/home/default.nix @@ -1,9 +1,9 @@ { lib, config, pkgs, inputs, ... }: let - tex = (pkgs.texlive.combine { + tex = pkgs.texlive.combine { inherit (pkgs.texlive) scheme-full; dnd-5e-latex-template = { pkgs = [ pkgs.v.dnd-5e-latex-template ]; }; - }); + }; in { programs.home-manager.enable = true; diff --git a/nixos/hosts/thalassa/aoife/home/theme.nix b/nixos/hosts/thalassa/aoife/home/theme.nix index ca504e5..e1c56d6 100644 --- a/nixos/hosts/thalassa/aoife/home/theme.nix +++ b/nixos/hosts/thalassa/aoife/home/theme.nix @@ -21,8 +21,7 @@ in { }; cursorTheme = { name = cursorTheme; - package = config.home.pointerCursor.package; - size = config.home.pointerCursor.size; + inherit (config.home.pointerCursor) package size; }; }; diff --git a/nixos/hosts/thalassa/null/home/default.nix b/nixos/hosts/thalassa/null/home/default.nix index 0e81f04..1b03ec6 100644 --- a/nixos/hosts/thalassa/null/home/default.nix +++ b/nixos/hosts/thalassa/null/home/default.nix @@ -1,11 +1,10 @@ { config, pkgs, lib, inputs, texlive, ... }: let - tex = (pkgs.texlive.combine { + tex = pkgs.texlive.combine { inherit (pkgs.texlive) scheme-full; dnd-5e-latex-template = { pkgs = [ pkgs.v.dnd-5e-latex-template ]; }; - }); -in -{ + }; +in { programs.home-manager.enable = true; home.username = "victor"; home.homeDirectory = "/home/victor"; @@ -62,29 +61,28 @@ in xdg.mimeApps = { enable = true; - defaultApplications = - let browser = [ "firefox.desktop" ]; - in { - "image/*" = "org.gnome.eog.desktop"; - "text/html" = browser; - "x-scheme-handler/http" = browser; - "x-scheme-handler/https" = browser; - "x-scheme-handler/ftp" = browser; - "x-scheme-handler/about" = browser; - "x-scheme-handler/unknown" = browser; - "application/x-extension-htm" = browser; - "application/x-extension-html" = browser; - "application/x-extension-shtml" = browser; - "application/xhtml+xml" = browser; - "application/x-extension-xhtml" = browser; - "application/x-extension-xht" = browser; + defaultApplications = let browser = [ "firefox.desktop" ]; + in { + "image/*" = "org.gnome.eog.desktop"; + "text/html" = browser; + "x-scheme-handler/http" = browser; + "x-scheme-handler/https" = browser; + "x-scheme-handler/ftp" = browser; + "x-scheme-handler/about" = browser; + "x-scheme-handler/unknown" = browser; + "application/x-extension-htm" = browser; + "application/x-extension-html" = browser; + "application/x-extension-shtml" = browser; + "application/xhtml+xml" = browser; + "application/x-extension-xhtml" = browser; + "application/x-extension-xht" = browser; - "application/json" = browser; - "application/pdf" = browser; + "application/json" = browser; + "application/pdf" = browser; - "x-scheme-handler/vscode" = "code-url-handler.desktop"; - "x-scheme-handler/discord" = "webcord.desktop"; - }; + "x-scheme-handler/vscode" = "code-url-handler.desktop"; + "x-scheme-handler/discord" = "webcord.desktop"; + }; }; programs.foot = { enable = true; }; @@ -185,20 +183,19 @@ in sessionVariables = { DIRENV_LOG_FORMAT = ""; }; }; - xdg.userDirs = - let home = config.home.homeDirectory; - in { - enable = true; - createDirectories = true; - desktop = "${home}/.desktop"; - documents = "${home}/cloud/Documents"; - download = "${home}/dl"; - music = "${home}/cloud/Music"; - pictures = "${home}/cloud/Pictures"; - publicShare = "${home}/.publicShare"; - templates = "${home}/.templates"; - videos = "${home}/cloud/Videos"; - }; + xdg.userDirs = let home = config.home.homeDirectory; + in { + enable = true; + createDirectories = true; + desktop = "${home}/.desktop"; + documents = "${home}/cloud/Documents"; + download = "${home}/dl"; + music = "${home}/cloud/Music"; + pictures = "${home}/cloud/Pictures"; + publicShare = "${home}/.publicShare"; + templates = "${home}/.templates"; + videos = "${home}/cloud/Videos"; + }; services.syncthing.enable = true; } diff --git a/nixos/hosts/thalassa/null/home/theme.nix b/nixos/hosts/thalassa/null/home/theme.nix index 7cffc56..b75113c 100644 --- a/nixos/hosts/thalassa/null/home/theme.nix +++ b/nixos/hosts/thalassa/null/home/theme.nix @@ -58,8 +58,7 @@ in { }; cursorTheme = { name = cursorTheme; - package = config.home.pointerCursor.package; - size = config.home.pointerCursor.size; + inherit (config.home.pointerCursor) size package; }; }; diff --git a/nixos/hosts/thalassa/null/networking.nix b/nixos/hosts/thalassa/null/networking.nix index 4ede710..51cd799 100644 --- a/nixos/hosts/thalassa/null/networking.nix +++ b/nixos/hosts/thalassa/null/networking.nix @@ -1,4 +1,4 @@ -{ ... }: +{ _ }: { services.v.dns = { enable = true; diff --git a/nixos/util.nix b/nixos/util.nix index 373f32e..75294cd 100644 --- a/nixos/util.nix +++ b/nixos/util.nix @@ -28,11 +28,11 @@ let in { # Add to whatever realm a host belong to its list of tags - add_realm_to_tags = realm: hosts: map ({ tags ? [ ], ... }@host: host // { tags = [ realm ] ++ tags; inherit realm; }) hosts; + add_realm_to_tags = realm: map ({ tags ? [ ], ... }@host: host // { tags = [ realm ] ++ tags; inherit realm; }); # Flatten all hosts to a single list flatten_hosts = hosts: concatLists (attrValues hosts); # Filter out all hosts which aren't nixos - filter_nix_hosts = hosts: filter ({ nix ? true, ... }: nix) hosts; + filter_nix_hosts = filter ({ nix ? true, ... }: nix); # Helper function to build a colmena host definition mkColmenaHost = { ip ? null, hostname, tags, realm, type ? "lxc", ... }@host: @@ -50,7 +50,7 @@ in deployment = { inherit tags; targetHost = ip; - allowLocalDeployment = (type == "local"); + allowLocalDeployment = type == "local"; targetUser = null; # Defaults to $USER }; };