From d71c9d8169616d5675fad1f55a55acd1ef917948 Mon Sep 17 00:00:00 2001 From: Hadi <112569860+anotherhadi@users.noreply.github.com> Date: Mon, 4 May 2026 20:40:09 +0200 Subject: [PATCH] Nix fmt Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com> --- flake.nix | 16 ++- home/programs/brave/default.nix | 15 +- home/programs/git/default.nix | 6 +- home/programs/git/lazygit.nix | 7 +- home/programs/group/dev.nix | 4 +- home/programs/nixy/flake.nix | 4 +- home/programs/nvf/default.nix | 6 +- home/programs/nvf/keymaps.nix | 30 +++- home/programs/nvf/picker.nix | 3 +- .../qutebrowser/bookmarks/default.nix | 28 ++-- home/programs/qutebrowser/default.nix | 5 +- home/programs/qutebrowser/settings.nix | 13 +- home/programs/qutebrowser/userscripts.nix | 6 +- home/programs/shell/default.nix | 8 +- home/programs/shell/starship.nix | 4 +- home/programs/shell/zsh.nix | 20 ++- home/system/caelestia-shell/launcher.nix | 79 +++++++++-- home/system/caelestia-shell/scheme.nix | 18 +-- home/system/hyprland/bindings.nix | 38 +++-- home/system/hyprland/keyboard-backlight.nix | 4 +- home/system/hyprpaper/default.nix | 3 +- home/system/mime/default.nix | 11 +- hosts/laptop/flake.nix | 6 +- hosts/laptop/hardware-configuration.nix | 13 +- hosts/laptop/home.nix | 4 +- hosts/laptop/secrets/default.nix | 25 +++- hosts/laptop/variables.nix | 5 +- hosts/server/flake.nix | 6 +- hosts/server/hardware-configuration.nix | 22 ++- hosts/server/secrets/default.nix | 5 +- hosts/server/variables.nix | 5 +- hosts/work/flake.nix | 6 +- hosts/work/hardware-configuration.nix | 14 +- hosts/work/secrets/default.nix | 21 ++- hosts/work/variables.nix | 5 +- nixos/audio.nix | 4 +- nixos/home-manager.nix | 6 +- nixos/nix.nix | 5 +- nixos/nvidia.nix | 3 +- nixos/omen.nix | 8 +- nixos/systemd-boot.nix | 7 +- nixos/usbguard.nix | 5 +- nixos/users.nix | 5 +- nixos/utils.nix | 20 ++- server-modules/arr.nix | 5 +- server-modules/awesome-wallpapers.nix | 22 ++- server-modules/blog.nix | 5 +- server-modules/cyberchef.nix | 21 ++- server-modules/default-creds.nix | 19 +-- server-modules/gitea.nix | 29 ++-- server-modules/glance/default.nix | 132 ++++++++++++------ server-modules/glance/home.nix | 2 +- server-modules/mazanoke.nix | 71 +++++----- server-modules/mealie.nix | 14 +- server-modules/mk-container.nix | 120 ++++++++-------- server-modules/ssh.nix | 10 +- server-modules/stirling-pdf.nix | 14 +- server-modules/umami.nix | 14 +- themes/darkviolet.nix | 3 +- themes/rose-pine.nix | 3 +- themes/zen.nix | 3 +- 61 files changed, 672 insertions(+), 343 deletions(-) diff --git a/flake.nix b/flake.nix index 19e3fe7..38d6f66 100644 --- a/flake.nix +++ b/flake.nix @@ -75,11 +75,20 @@ }; }; - outputs = inputs @ {nixpkgs, nixpkgs-stable, ...}: let + outputs = inputs @ { + nixpkgs, + nixpkgs-stable, + ... + }: let system = "x86_64-linux"; + pkgs = nixpkgs.legacyPackages.${system}; args = { - inherit inputs nixpkgs system; - pkgs = nixpkgs.legacyPackages.${system}; + inherit + inputs + nixpkgs + system + pkgs + ; pkgs-stable = nixpkgs-stable.legacyPackages.${system}; }; merge = nixpkgs.lib.foldl nixpkgs.lib.recursiveUpdate {}; @@ -89,6 +98,7 @@ (import ./home/programs/group/flake.nix args) (import ./home/programs/nixy/flake.nix args) { + formatter.${system} = pkgs.alejandra; nixosConfigurations = { h-laptop = import ./hosts/laptop/flake.nix args; h-work = import ./hosts/work/flake.nix args; diff --git a/home/programs/brave/default.nix b/home/programs/brave/default.nix index e6e74e9..c2cd4d2 100644 --- a/home/programs/brave/default.nix +++ b/home/programs/brave/default.nix @@ -63,8 +63,14 @@ exec = "brave --incognito"; icon = "brave-browser"; terminal = false; - categories = ["Network" "WebBrowser"]; - mimeType = ["text/html" "text/xml"]; + categories = [ + "Network" + "WebBrowser" + ]; + mimeType = [ + "text/html" + "text/xml" + ]; }; brave-tor = { name = "Brave (Private window w/Tor)"; @@ -72,7 +78,10 @@ exec = "brave --tor"; icon = "brave-browser"; terminal = false; - categories = ["Network" "WebBrowser"]; + categories = [ + "Network" + "WebBrowser" + ]; }; }; } diff --git a/home/programs/git/default.nix b/home/programs/git/default.nix index 48bbe8c..49f5e9c 100644 --- a/home/programs/git/default.nix +++ b/home/programs/git/default.nix @@ -44,10 +44,8 @@ in { st = "status"; br = "branch"; df = "!git hist | peco | awk '{print $2}' | xargs -I {} git diff {}^ {}"; - hist = '' - log --pretty=format:"%Cgreen%h %Creset%cd %Cblue[%cn] %Creset%s%C(yellow)%d%C(reset)" --graph --date=relative --decorate --all''; - llog = '' - log --graph --name-status --pretty=format:"%C(red)%h %C(reset)(%cd) %C(green)%an %Creset%s %C(yellow)%d%Creset" --date=relative''; + hist = ''log --pretty=format:"%Cgreen%h %Creset%cd %Cblue[%cn] %Creset%s%C(yellow)%d%C(reset)" --graph --date=relative --decorate --all''; + llog = ''log --graph --name-status --pretty=format:"%C(red)%h %C(reset)(%cd) %C(green)%an %Creset%s %C(yellow)%d%Creset" --date=relative''; edit-unmerged = "!f() { git ls-files --unmerged | cut -f2 | sort -u ; }; hx `f`"; }; }; diff --git a/home/programs/git/lazygit.nix b/home/programs/git/lazygit.nix index a330a09..d68a595 100644 --- a/home/programs/git/lazygit.nix +++ b/home/programs/git/lazygit.nix @@ -16,12 +16,15 @@ in { update.method = "never"; git = { commit.signOff = true; - overrideGpg = true; + overrideGpg = true; parseEmoji = true; }; gui = { theme = { - activeBorderColor = [accent "bold"]; + activeBorderColor = [ + accent + "bold" + ]; inactiveBorderColor = [muted]; }; showListFooter = false; diff --git a/home/programs/group/dev.nix b/home/programs/group/dev.nix index 60c22a4..a55fcfc 100644 --- a/home/programs/group/dev.nix +++ b/home/programs/group/dev.nix @@ -10,12 +10,12 @@ go bun nodejs - air - duckdb claude-code inputs.bun2nix.packages.${stdenv.hostPlatform.system}.default ]) ++ (with pkgs-stable; [ + air + duckdb docker python3 jq diff --git a/home/programs/nixy/flake.nix b/home/programs/nixy/flake.nix index 1620c5f..4e559b2 100644 --- a/home/programs/nixy/flake.nix +++ b/home/programs/nixy/flake.nix @@ -8,5 +8,7 @@ configDirectory = "$HOME/.config/nixos"; }; - homeManagerModules.nixy = {imports = [./default.nix];}; + homeManagerModules.nixy = { + imports = [./default.nix]; + }; } diff --git a/home/programs/nvf/default.nix b/home/programs/nvf/default.nix index 5b1986f..2e73b78 100644 --- a/home/programs/nvf/default.nix +++ b/home/programs/nvf/default.nix @@ -1,4 +1,8 @@ -{inputs, pkgs, ...}: { +{ + inputs, + pkgs, + ... +}: { imports = [inputs.nvf.homeManagerModules.default]; # Packages needed by snacks image preview home.packages = with pkgs; [ diff --git a/home/programs/nvf/keymaps.nix b/home/programs/nvf/keymaps.nix index bcbb311..6a67d27 100644 --- a/home/programs/nvf/keymaps.nix +++ b/home/programs/nvf/keymaps.nix @@ -62,19 +62,31 @@ } { key = ""; - mode = ["n" "i" "v"]; + mode = [ + "n" + "i" + "v" + ]; action = ""; silent = true; } { key = "<2-MiddleMouse>"; - mode = ["n" "i" "v"]; + mode = [ + "n" + "i" + "v" + ]; action = ""; silent = true; } { key = "<3-MiddleMouse>"; - mode = ["n" "i" "v"]; + mode = [ + "n" + "i" + "v" + ]; action = ""; silent = true; } @@ -218,7 +230,11 @@ # Save { key = ""; - mode = ["n" "i" "v"]; + mode = [ + "n" + "i" + "v" + ]; silent = true; action = "w"; desc = "Save file"; @@ -227,7 +243,11 @@ # Deactivate "esc" { key = ""; - mode = ["n" "i" "v"]; + mode = [ + "n" + "i" + "v" + ]; silent = true; action = ""; desc = "Disable Escape"; diff --git a/home/programs/nvf/picker.nix b/home/programs/nvf/picker.nix index 5f80da8..f7225e3 100644 --- a/home/programs/nvf/picker.nix +++ b/home/programs/nvf/picker.nix @@ -66,8 +66,7 @@ key = "fc"; mode = "n"; silent = true; - action = '' - lua Snacks.picker.files({ cwd = vim.fn.stdpath("config") })''; + action = ''lua Snacks.picker.files({ cwd = vim.fn.stdpath("config") })''; desc = "Find Config File"; } { diff --git a/home/programs/qutebrowser/bookmarks/default.nix b/home/programs/qutebrowser/bookmarks/default.nix index 12eb9cd..7208007 100644 --- a/home/programs/qutebrowser/bookmarks/default.nix +++ b/home/programs/qutebrowser/bookmarks/default.nix @@ -14,13 +14,9 @@ c = config.lib.stylix.colors; - stripProtocol = url: - lib.removePrefix "https://" (lib.removePrefix "http://" url); + stripProtocol = url: lib.removePrefix "https://" (lib.removePrefix "http://" url); - stripDomain = url: - builtins.head ( - lib.splitString "/" (stripProtocol url) - ); + stripDomain = url: builtins.head (lib.splitString "/" (stripProtocol url)); mkCard = item: let domain = stripDomain item.url; @@ -69,13 +65,15 @@ items = result.pending; }; in - lib.concatMapStrings (chunk: - if chunk.isCards - then '' -
- ${lib.concatMapStrings mkCard chunk.items} -
'' - else mkFolder chunk.folder) + lib.concatMapStrings ( + chunk: + if chunk.isCards + then '' +
+ ${lib.concatMapStrings mkCard chunk.items} +
'' + else mkFolder chunk.folder + ) chunks; mkFolder = folder: let @@ -145,9 +143,7 @@ ) items; - publicBookmarks = - pkgs.writeText "qutebrowser-public-bookmarks" - (collectBookmarks "" bookmarkList); + publicBookmarks = pkgs.writeText "qutebrowser-public-bookmarks" (collectBookmarks "" bookmarkList); in { config = { xdg.dataFile."qutebrowser/bookmarks.html".text = '' diff --git a/home/programs/qutebrowser/default.nix b/home/programs/qutebrowser/default.nix index 5168061..8f15fc9 100644 --- a/home/programs/qutebrowser/default.nix +++ b/home/programs/qutebrowser/default.nix @@ -27,7 +27,10 @@ genericName = "Web Browser"; exec = "qutebrowser --temp-basedir %U"; icon = "qutebrowser"; - categories = ["Network" "WebBrowser"]; + categories = [ + "Network" + "WebBrowser" + ]; }; programs.qutebrowser = { diff --git a/home/programs/qutebrowser/settings.nix b/home/programs/qutebrowser/settings.nix index bb1ad7b..1d2a222 100644 --- a/home/programs/qutebrowser/settings.nix +++ b/home/programs/qutebrowser/settings.nix @@ -7,7 +7,11 @@ }; new_instance_open_target = "window"; "tabs.last_close" = "close"; - "statusbar.widgets" = ["keypress" "url" "progress"]; + "statusbar.widgets" = [ + "keypress" + "url" + "progress" + ]; # Adblock "content.blocking.enabled" = true; @@ -26,7 +30,12 @@ "downloads.location.prompt" = false; # Editor (Ctrl+e in text fields) - "editor.command" = ["ghostty" "-e" "nvim" "{}"]; + "editor.command" = [ + "ghostty" + "-e" + "nvim" + "{}" + ]; # Tabs # "tabs.show" = "switching"; diff --git a/home/programs/qutebrowser/userscripts.nix b/home/programs/qutebrowser/userscripts.nix index 5951ddf..1a39dbe 100644 --- a/home/programs/qutebrowser/userscripts.nix +++ b/home/programs/qutebrowser/userscripts.nix @@ -29,8 +29,10 @@ "qutebrowser/greasemonkey/return-youtube-dislike.user.js".source = inputs.qs-return-youtube-dislike; "qutebrowser/greasemonkey/sponsorblock-lite.user.js".source = inputs.qs-sponsorblock-lite; "qutebrowser/greasemonkey/dont-track-me-google.user.js".source = inputs.qs-dont-track-me-google; - "qutebrowser/greasemonkey/i-dont-care-about-cookies.user.js".source = inputs.qs-i-dont-care-about-cookies; - "qutebrowser/greasemonkey/tracking-token-stripper.user.js".source = inputs.qs-tracking-token-stripper; + "qutebrowser/greasemonkey/i-dont-care-about-cookies.user.js".source = + inputs.qs-i-dont-care-about-cookies; + "qutebrowser/greasemonkey/tracking-token-stripper.user.js".source = + inputs.qs-tracking-token-stripper; "qutebrowser/greasemonkey/bypass-paywalls-clean.user.js".source = inputs.qs-bypass-paywalls-clean; "qutebrowser/greasemonkey/anti-adblock-fuckoff.user.js".source = inputs.qs-anti-adblock-fuckoff; }; diff --git a/home/programs/shell/default.nix b/home/programs/shell/default.nix index aee5d89..af8a8f1 100644 --- a/home/programs/shell/default.nix +++ b/home/programs/shell/default.nix @@ -1,4 +1,10 @@ # Import all shell configurations { - imports = [./fzf.nix ./zsh.nix ./starship.nix ./zoxide.nix ./eza.nix]; + imports = [ + ./fzf.nix + ./zsh.nix + ./starship.nix + ./zoxide.nix + ./eza.nix + ]; } diff --git a/home/programs/shell/starship.nix b/home/programs/shell/starship.nix index 0f9f164..bffc163 100644 --- a/home/programs/shell/starship.nix +++ b/home/programs/shell/starship.nix @@ -20,7 +20,9 @@ in { "$git_status" "$character" ]; - directory = {style = accent;}; + directory = { + style = accent; + }; character = { success_symbol = "[❯](${accent})"; diff --git a/home/programs/shell/zsh.nix b/home/programs/shell/zsh.nix index 8459727..3cd252e 100644 --- a/home/programs/shell/zsh.nix +++ b/home/programs/shell/zsh.nix @@ -7,7 +7,12 @@ }: let fetch = config.theme.fetch; # neofetch, nerdfetch, pfetch in { - home.packages = with pkgs; [bat ripgrep tldr witr]; + home.packages = with pkgs; [ + bat + ripgrep + tldr + witr + ]; # Add go binaries to the PATH home.sessionPath = ["$HOME/go/bin"]; @@ -22,7 +27,14 @@ in { autosuggestion.enable = true; syntaxHighlighting = { enable = true; - highlighters = ["main" "brackets" "pattern" "regexp" "root" "line"]; + highlighters = [ + "main" + "brackets" + "pattern" + "regexp" + "root" + "line" + ]; }; historySubstringSearch.enable = true; @@ -33,9 +45,7 @@ in { }; profileExtra = lib.optionalString (config.home.sessionPath != []) '' - export PATH="$PATH''${PATH:+:}${ - lib.concatStringsSep ":" config.home.sessionPath - }" + export PATH="$PATH''${PATH:+:}${lib.concatStringsSep ":" config.home.sessionPath}" ''; shellAliases = { diff --git a/home/system/caelestia-shell/launcher.nix b/home/system/caelestia-shell/launcher.nix index 8a51316..c8047a1 100644 --- a/home/system/caelestia-shell/launcher.nix +++ b/home/system/caelestia-shell/launcher.nix @@ -1,10 +1,22 @@ { programs.caelestia.settings = { session.commands = { - shutdown = ["systemctl" "poweroff"]; - logout = ["loginctl" "lock-session"]; - hibernate = ["systemctl" "hibernate"]; - reboot = ["systemctl" "reboot"]; + shutdown = [ + "systemctl" + "poweroff" + ]; + logout = [ + "loginctl" + "lock-session" + ]; + hibernate = [ + "systemctl" + "hibernate" + ]; + reboot = [ + "systemctl" + "reboot" + ]; }; launcher = { actionPrefix = "/"; @@ -13,7 +25,10 @@ name = "Calculator"; icon = "calculate"; description = "Do simple math equations (powered by Qalc)"; - command = ["autocomplete" "calc"]; + command = [ + "autocomplete" + "calc" + ]; enabled = true; dangerous = false; } @@ -21,7 +36,10 @@ name = "Shutdown"; icon = "power_settings_new"; description = "Shutdown the system"; - command = ["systemctl" "poweroff"]; + command = [ + "systemctl" + "poweroff" + ]; enabled = true; dangerous = true; } @@ -29,7 +47,10 @@ name = "Reboot"; icon = "cached"; description = "Reboot the system"; - command = ["systemctl" "reboot"]; + command = [ + "systemctl" + "reboot" + ]; enabled = true; dangerous = true; } @@ -37,7 +58,11 @@ name = "Logout"; icon = "exit_to_app"; description = "Log out of the current session"; - command = ["loginctl" "terminate-user" ""]; + command = [ + "loginctl" + "terminate-user" + "" + ]; enabled = true; dangerous = true; } @@ -45,7 +70,10 @@ name = "Lock"; icon = "lock"; description = "Lock the current session"; - command = ["loginctl" "lock-session"]; + command = [ + "loginctl" + "lock-session" + ]; enabled = true; dangerous = false; } @@ -53,7 +81,10 @@ name = "Sleep"; icon = "bedtime"; description = "Suspend then hibernate"; - command = ["systemctl" "suspend-then-hibernate"]; + command = [ + "systemctl" + "suspend-then-hibernate" + ]; enabled = true; dangerous = false; } @@ -61,7 +92,12 @@ name = "Restart caelestia"; icon = "cached"; description = "Restart caelestia"; - command = ["hyprctl" "dispatch" "exec" "caelestia-shell kill | sleep 1 | caelestia-shell"]; + command = [ + "hyprctl" + "dispatch" + "exec" + "caelestia-shell kill | sleep 1 | caelestia-shell" + ]; enabled = true; dangerous = false; } @@ -69,7 +105,11 @@ name = "Emoji Picker"; icon = "mood"; description = "Toggle the emoji picker"; - command = ["caelestia" "emoji" "-p"]; + command = [ + "caelestia" + "emoji" + "-p" + ]; enabled = true; dangerous = false; } @@ -77,7 +117,10 @@ name = "Clipboard History"; icon = "content_paste"; description = "Toggle the clipboard history"; - command = ["caelestia" "clipboard"]; + command = [ + "caelestia" + "clipboard" + ]; enabled = true; dangerous = false; } @@ -85,7 +128,10 @@ name = "Delete from Clipboard History"; icon = "content_paste_off"; description = "Delete a line from the clipboard history"; - command = ["caelestia" "clipboard"]; + command = [ + "caelestia" + "clipboard" + ]; enabled = true; dangerous = false; } @@ -101,7 +147,10 @@ name = "Hyprpicker"; icon = "colorize"; description = "Pick an hex color"; - command = ["hyprpicker" "-a"]; + command = [ + "hyprpicker" + "-a" + ]; enabled = true; dangerous = false; } diff --git a/home/system/caelestia-shell/scheme.nix b/home/system/caelestia-shell/scheme.nix index fa76ce0..e8c6e5b 100644 --- a/home/system/caelestia-shell/scheme.nix +++ b/home/system/caelestia-shell/scheme.nix @@ -122,14 +122,16 @@ colorsHash = builtins.hashString "sha256" (builtins.toJSON colors); - customCli = inputs.caelestia-cli.packages.${pkgs.stdenv.hostPlatform.system}.default.overrideAttrs (oldAttrs: { - name = "${oldAttrs.name or "caelestia-cli"}-themed-${colorsHash}"; - postUnpack = '' - mkdir -p $sourceRoot/src/caelestia/data/schemes/custom/main - cp ${customSchemeFile} $sourceRoot/src/caelestia/data/schemes/custom/main/dark.txt - echo "Custom scheme added to source" - ''; - }); + customCli = + inputs.caelestia-cli.packages.${pkgs.stdenv.hostPlatform.system}.default.overrideAttrs + (oldAttrs: { + name = "${oldAttrs.name or "caelestia-cli"}-themed-${colorsHash}"; + postUnpack = '' + mkdir -p $sourceRoot/src/caelestia/data/schemes/custom/main + cp ${customSchemeFile} $sourceRoot/src/caelestia/data/schemes/custom/main/dark.txt + echo "Custom scheme added to source" + ''; + }); in { programs.caelestia.cli.package = customCli; } diff --git a/home/system/hyprland/bindings.nix b/home/system/hyprland/bindings.nix index 4fbf800..8e126ab 100644 --- a/home/system/hyprland/bindings.nix +++ b/home/system/hyprland/bindings.nix @@ -7,9 +7,8 @@ colors = config.lib.stylix.colors; mkMenu = menu: let - configFile = - pkgs.writeText "config.yaml" - (lib.generators.toYAML {} { + configFile = pkgs.writeText "config.yaml" ( + lib.generators.toYAML {} { anchor = "bottom-right"; border = "#${colors.base0D}80"; background = "#${colors.base01}EE"; @@ -19,7 +18,8 @@ rows_per_column = 5; inherit menu; - }); + } + ); in pkgs.writeShellScriptBin "menu" '' exec ${lib.getExe pkgs.wlr-which-key} ${configFile} @@ -32,7 +32,8 @@ in { bind = [ # Applications - ("$shiftMod, A, exec, " + ( + "$shiftMod, A, exec, " + lib.getExe (mkMenu [ { key = "a"; @@ -84,14 +85,16 @@ in { desc = "Qutebrowser (Temp session)"; cmd = "${pkgs.qutebrowser}/bin/qutebrowser --temp-basedir"; } - ])) + ]) + ) # Web links "$mod,B, exec, uwsm app -- ${pkgs.qutebrowser}/bin/qutebrowser" # Browser (Qutebrowser) # Power "$mod, X, global, caelestia:session" # Powermenu - ("$shiftMod, X, exec, " + ( + "$shiftMod, X, exec, " + lib.getExe (mkMenu [ { key = "l"; @@ -123,7 +126,8 @@ in { desc = "Restart caelestia"; cmd = "hyprctl dispatch exec 'caelestia-shell kill | sleep 1 | caelestia-shell'"; } - ])) + ]) + ) # Quick launch "$mod,RETURN, exec, uwsm app -- ${pkgs.ghostty}/bin/ghostty" # Ghostty (terminal) @@ -154,13 +158,17 @@ in { ", Print, global, caelestia:screenshotFreeze" # Capture region (freeze) "$shiftMod+Alt, S, global, caelestia:screenshot" # Capture region ] - ++ (builtins.concatLists (builtins.genList (i: let - ws = i + 1; - in [ - "$mod,code:1${toString i}, workspace, ${toString ws}" - "$mod SHIFT,code:1${toString i}, movetoworkspace, ${toString ws}" - ]) - 9)); + ++ (builtins.concatLists ( + builtins.genList ( + i: let + ws = i + 1; + in [ + "$mod,code:1${toString i}, workspace, ${toString ws}" + "$mod SHIFT,code:1${toString i}, movetoworkspace, ${toString ws}" + ] + ) + 9 + )); bindm = [ "$mod,mouse:272, movewindow" # Move Window (mouse) diff --git a/home/system/hyprland/keyboard-backlight.nix b/home/system/hyprland/keyboard-backlight.nix index 719c02b..53b72ca 100644 --- a/home/system/hyprland/keyboard-backlight.nix +++ b/home/system/hyprland/keyboard-backlight.nix @@ -39,4 +39,6 @@ ''; command = "bash ${keyboard-backlight}/bin/keyboard-backlight &"; -in {wayland.windowManager.hyprland.settings.exec-once = [command];} +in { + wayland.windowManager.hyprland.settings.exec-once = [command]; +} diff --git a/home/system/hyprpaper/default.nix b/home/system/hyprpaper/default.nix index 1dae546..be04dbd 100644 --- a/home/system/hyprpaper/default.nix +++ b/home/system/hyprpaper/default.nix @@ -8,8 +8,7 @@ splash = false; }; }; - systemd.user.services.hyprpaper.Unit.After = - lib.mkForce "graphical-session.target"; + systemd.user.services.hyprpaper.Unit.After = lib.mkForce "graphical-session.target"; wayland.windowManager.hyprland.settings.exec-once = [ "systemctl --user enable --now hyprpaper.service" diff --git a/home/system/mime/default.nix b/home/system/mime/default.nix index 75b58b0..115567f 100644 --- a/home/system/mime/default.nix +++ b/home/system/mime/default.nix @@ -117,14 +117,17 @@ with lib; let desktopName = "Neovim (Ghostty)"; exec = ''ghostty --title="Neovim Editor" -e nvim %F''; terminal = false; - categories = ["Development" "TextEditor"]; + categories = [ + "Development" + "TextEditor" + ]; mimeTypes = mimeMap.code ++ mimeMap.text; }; associations = with lists; - listToAttrs (flatten (mapAttrsToList - (key: map (type: attrsets.nameValuePair type defaultApps."${key}")) - mimeMap)); + listToAttrs ( + flatten (mapAttrsToList (key: map (type: attrsets.nameValuePair type defaultApps."${key}")) mimeMap) + ); in { home.packages = [nvim-ghostty]; diff --git a/hosts/laptop/flake.nix b/hosts/laptop/flake.nix index 20f0991..26b61fc 100644 --- a/hosts/laptop/flake.nix +++ b/hosts/laptop/flake.nix @@ -1,4 +1,8 @@ -{inputs, nixpkgs, ...}: +{ + inputs, + nixpkgs, + ... +}: nixpkgs.lib.nixosSystem { modules = [ { diff --git a/hosts/laptop/hardware-configuration.nix b/hosts/laptop/hardware-configuration.nix index 6ad3726..e2b649e 100644 --- a/hosts/laptop/hardware-configuration.nix +++ b/hosts/laptop/hardware-configuration.nix @@ -11,7 +11,13 @@ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "uas" "usbhid" "sd_mod"]; + boot.initrd.availableKernelModules = [ + "nvme" + "xhci_pci" + "uas" + "usbhid" + "sd_mod" + ]; boot.initrd.kernelModules = []; boot.kernelModules = ["kvm-amd"]; boot.extraModulePackages = []; @@ -24,7 +30,10 @@ fileSystems."/boot" = { device = "/dev/disk/by-uuid/5251-9B85"; fsType = "vfat"; - options = ["fmask=0077" "dmask=0077"]; + options = [ + "fmask=0077" + "dmask=0077" + ]; }; swapDevices = []; diff --git a/hosts/laptop/home.nix b/hosts/laptop/home.nix index a7c9be1..d99ea48 100644 --- a/hosts/laptop/home.nix +++ b/hosts/laptop/home.nix @@ -36,7 +36,9 @@ home = { inherit (config.var) username; homeDirectory = "/home/" + config.var.username; - file.".face" = {source = ./profile_picture.png;}; + file.".face" = { + source = ./profile_picture.png; + }; sessionVariables = { AQ_DRM_DEVICES = "/dev/dri/card2:/dev/dri/card1"; # CHANGEME: Related to the GPU diff --git a/hosts/laptop/secrets/default.nix b/hosts/laptop/secrets/default.nix index 3b286eb..eac568f 100644 --- a/hosts/laptop/secrets/default.nix +++ b/hosts/laptop/secrets/default.nix @@ -14,11 +14,21 @@ in { age.keyFile = "${home}/.config/sops/age/keys.txt"; defaultSopsFile = ./secrets.yaml; secrets = { - ssh-config = {path = "${home}/.ssh/config";}; - github-key = {path = "${home}/.ssh/github";}; - jack-key = {path = "${home}/.ssh/jack";}; - signing-key = {path = "${home}/.ssh/key";}; - signing-pub-key = {path = "${home}/.ssh/key.pub";}; + ssh-config = { + path = "${home}/.ssh/config"; + }; + github-key = { + path = "${home}/.ssh/github"; + }; + jack-key = { + path = "${home}/.ssh/jack"; + }; + signing-key = { + path = "${home}/.ssh/key"; + }; + signing-pub-key = { + path = "${home}/.ssh/key.pub"; + }; }; }; @@ -42,7 +52,10 @@ in { ''; systemd.user.services.mbsync.Unit.After = ["sops-nix.service"]; - home.packages = with pkgs; [sops age]; + home.packages = with pkgs; [ + sops + age + ]; wayland.windowManager.hyprland.settings.exec-once = ["systemctl --user start sops-nix"]; } diff --git a/hosts/laptop/variables.nix b/hosts/laptop/variables.nix index ffd8c6c..17c4c7f 100644 --- a/hosts/laptop/variables.nix +++ b/hosts/laptop/variables.nix @@ -11,10 +11,7 @@ config.var = { hostname = "h-laptop"; username = "hadi"; - configDirectory = - "/home/" - + config.var.username - + "/.config/nixos"; # The path of the nixos configuration directory + configDirectory = "/home/" + config.var.username + "/.config/nixos"; # The path of the nixos configuration directory keyboardLayout = "fr"; diff --git a/hosts/server/flake.nix b/hosts/server/flake.nix index 2e28bb7..d9632c3 100644 --- a/hosts/server/flake.nix +++ b/hosts/server/flake.nix @@ -1,4 +1,8 @@ -{inputs, nixpkgs, ...}: +{ + inputs, + nixpkgs, + ... +}: nixpkgs.lib.nixosSystem { modules = [ {_module.args = {inherit inputs;};} diff --git a/hosts/server/hardware-configuration.nix b/hosts/server/hardware-configuration.nix index f8b975f..c7bbfe2 100644 --- a/hosts/server/hardware-configuration.nix +++ b/hosts/server/hardware-configuration.nix @@ -9,7 +9,14 @@ ... }: { imports = [(modulesPath + "/installer/scan/not-detected.nix")]; - boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"]; + boot.initrd.availableKernelModules = [ + "xhci_pci" + "ahci" + "nvme" + "usbhid" + "usb_storage" + "sd_mod" + ]; boot.initrd.kernelModules = ["dm-snapshot"]; boot.kernelModules = ["kvm-amd"]; boot.extraModulePackages = []; @@ -20,12 +27,18 @@ fileSystems."/boot" = { device = "/dev/disk/by-uuid/DD15-1125"; fsType = "vfat"; - options = ["fmask=0077" "dmask=0077"]; + options = [ + "fmask=0077" + "dmask=0077" + ]; }; fileSystems."/mnt/data" = { device = "/dev/disk/by-uuid/0b055155-0134-448c-b1ca-e81030ff064e"; fsType = "btrfs"; - options = ["subvol=/" "compress=zstd"]; # adapte selon si t'as des subvolumes + options = [ + "subvol=/" + "compress=zstd" + ]; # adapte selon si t'as des subvolumes }; swapDevices = []; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking @@ -35,6 +48,5 @@ networking.useDHCP = lib.mkDefault true; # networking.interfaces.enp3s0.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = - lib.mkDefault config.hardware.enableRedistributableFirmware; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/hosts/server/secrets/default.nix b/hosts/server/secrets/default.nix index a571e26..19b2321 100644 --- a/hosts/server/secrets/default.nix +++ b/hosts/server/secrets/default.nix @@ -26,5 +26,8 @@ }; }; - environment.systemPackages = with pkgs; [sops age]; + environment.systemPackages = with pkgs; [ + sops + age + ]; } diff --git a/hosts/server/variables.nix b/hosts/server/variables.nix index 295e6c5..51923ab 100644 --- a/hosts/server/variables.nix +++ b/hosts/server/variables.nix @@ -11,10 +11,7 @@ config.var = { hostname = "jack"; username = "hadi"; - configDirectory = - "/home/" - + config.var.username - + "/.config/nixos"; # The path of the nixos configuration directory + configDirectory = "/home/" + config.var.username + "/.config/nixos"; # The path of the nixos configuration directory keyboardLayout = "fr"; diff --git a/hosts/work/flake.nix b/hosts/work/flake.nix index deb60ee..879a89b 100644 --- a/hosts/work/flake.nix +++ b/hosts/work/flake.nix @@ -1,4 +1,8 @@ -{inputs, nixpkgs, ...}: +{ + inputs, + nixpkgs, + ... +}: nixpkgs.lib.nixosSystem { modules = [ { diff --git a/hosts/work/hardware-configuration.nix b/hosts/work/hardware-configuration.nix index 6c16101..5357795 100644 --- a/hosts/work/hardware-configuration.nix +++ b/hosts/work/hardware-configuration.nix @@ -12,7 +12,14 @@ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod"]; + boot.initrd.availableKernelModules = [ + "xhci_pci" + "ahci" + "nvme" + "usb_storage" + "usbhid" + "sd_mod" + ]; boot.initrd.kernelModules = []; boot.kernelModules = ["kvm-intel"]; boot.extraModulePackages = []; @@ -25,7 +32,10 @@ fileSystems."/boot" = { device = "/dev/disk/by-uuid/043E-1755"; fsType = "vfat"; - options = ["fmask=0077" "dmask=0077"]; + options = [ + "fmask=0077" + "dmask=0077" + ]; }; swapDevices = []; diff --git a/hosts/work/secrets/default.nix b/hosts/work/secrets/default.nix index 5ca1d4f..093d5f0 100644 --- a/hosts/work/secrets/default.nix +++ b/hosts/work/secrets/default.nix @@ -14,10 +14,18 @@ in { age.keyFile = "${home}/.config/sops/age/keys.txt"; defaultSopsFile = ./secrets.yaml; secrets = { - ssh-config = {path = "${home}/.ssh/config";}; - netrc = {path = "${home}/.netrc";}; - github-key = {path = "${home}/.ssh/github";}; - gitlab-key = {path = "${home}/.ssh/gitlab";}; + ssh-config = { + path = "${home}/.ssh/config"; + }; + netrc = { + path = "${home}/.netrc"; + }; + github-key = { + path = "${home}/.ssh/github"; + }; + gitlab-key = { + path = "${home}/.ssh/gitlab"; + }; }; }; @@ -41,7 +49,10 @@ in { ''; systemd.user.services.mbsync.Unit.After = ["sops-nix.service"]; - home.packages = with pkgs; [sops age]; + home.packages = with pkgs; [ + sops + age + ]; wayland.windowManager.hyprland.settings.exec-once = ["systemctl --user start sops-nix"]; } diff --git a/hosts/work/variables.nix b/hosts/work/variables.nix index 99fd7f6..ab10a99 100644 --- a/hosts/work/variables.nix +++ b/hosts/work/variables.nix @@ -11,10 +11,7 @@ config.var = { hostname = "h-work"; username = "hadrien"; - configDirectory = - "/home/" - + config.var.username - + "/.config/nixos"; # The path of the nixos configuration directory + configDirectory = "/home/" + config.var.username + "/.config/nixos"; # The path of the nixos configuration directory keyboardLayout = "fr"; diff --git a/nixos/audio.nix b/nixos/audio.nix index 1e87bef..1fe3078 100644 --- a/nixos/audio.nix +++ b/nixos/audio.nix @@ -13,7 +13,9 @@ enable = true; extraConfig = { "10-disable-camera" = { - "wireplumber.profiles" = {main."monitor.libcamera" = "disabled";}; + "wireplumber.profiles" = { + main."monitor.libcamera" = "disabled"; + }; }; }; }; diff --git a/nixos/home-manager.nix b/nixos/home-manager.nix index aa69cfc..a4fd838 100644 --- a/nixos/home-manager.nix +++ b/nixos/home-manager.nix @@ -1,5 +1,9 @@ # Home-manager configuration for NixOS -{inputs, pkgs, ...}: { +{ + inputs, + pkgs, + ... +}: { home-manager = { useGlobalPkgs = true; useUserPackages = true; diff --git a/nixos/nix.nix b/nixos/nix.nix index c6c52de..5ee8294 100644 --- a/nixos/nix.nix +++ b/nixos/nix.nix @@ -35,7 +35,10 @@ in { settings = { download-buffer-size = 262144000; # 250 MB (250 * 1024 * 1024) auto-optimise-store = true; - experimental-features = ["nix-command" "flakes"]; + experimental-features = [ + "nix-command" + "flakes" + ]; substituters = [ # high priority since it's almost always used "https://cache.nixos.org?priority=10" diff --git a/nixos/nvidia.nix b/nixos/nvidia.nix index f71f130..2c35464 100644 --- a/nixos/nvidia.nix +++ b/nixos/nvidia.nix @@ -55,8 +55,7 @@ in { # Optimized configuration for switchable graphics laptops offload = { enable = true; # Mode optimized for power saving - enableOffloadCmd = - true; # Allows running applications with dedicated GPU + enableOffloadCmd = true; # Allows running applications with dedicated GPU }; # sync.enable disabled as offload is generally better for laptops sync.enable = false; diff --git a/nixos/omen.nix b/nixos/omen.nix index d1efffb..cc16439 100644 --- a/nixos/omen.nix +++ b/nixos/omen.nix @@ -5,9 +5,8 @@ pkgs, ... }: let - hp-omen-linux-module = - pkgs.callPackage - ({ + hp-omen-linux-module = pkgs.callPackage ( + { kernel ? config.boot.kernelPackages.kernel, stdenv, fetchFromGitHub, @@ -33,7 +32,8 @@ install hp-wmi.ko -Dm444 -t $out/lib/modules/${kernel.modDirVersion}/kernel/drivers/platform/x86/hp/ runHook postInstall ''; - })) {kernel = config.boot.kernelPackages.kernel;}; + }) + ) {kernel = config.boot.kernelPackages.kernel;}; in { boot.extraModulePackages = [hp-omen-linux-module]; boot.kernelModules = ["hp-wmi"]; diff --git a/nixos/systemd-boot.nix b/nixos/systemd-boot.nix index 8f593ea..1dbd4fa 100644 --- a/nixos/systemd-boot.nix +++ b/nixos/systemd-boot.nix @@ -11,8 +11,7 @@ }; }; tmp.cleanOnBoot = true; - kernelPackages = - pkgs.linuxPackages_latest; # _zen, _hardened, _rt, _rt_latest, etc. + kernelPackages = pkgs.linuxPackages_latest; # _zen, _hardened, _rt, _rt_latest, etc. # Silent boot kernelParams = [ @@ -38,5 +37,7 @@ }; # To avoid systemd services hanging on shutdown - systemd.settings.Manager = { DefaultTimeoutStopSec = "10s"; }; + systemd.settings.Manager = { + DefaultTimeoutStopSec = "10s"; + }; } diff --git a/nixos/usbguard.nix b/nixos/usbguard.nix index 8fa4399..a1567d1 100644 --- a/nixos/usbguard.nix +++ b/nixos/usbguard.nix @@ -2,6 +2,9 @@ services.usbguard = { enable = true; implicitPolicyTarget = "block"; - IPCAllowedUsers = ["root" config.var.username]; + IPCAllowedUsers = [ + "root" + config.var.username + ]; }; } diff --git a/nixos/users.nix b/nixos/users.nix index 25a7a01..f33b2a1 100644 --- a/nixos/users.nix +++ b/nixos/users.nix @@ -13,7 +13,10 @@ in { users.${username} = { isNormalUser = true; description = "${username} account"; - extraGroups = ["networkmanager" "wheel"]; + extraGroups = [ + "networkmanager" + "wheel" + ]; }; }; } diff --git a/nixos/utils.nix b/nixos/utils.nix index 8cdd63a..29de315 100644 --- a/nixos/utils.nix +++ b/nixos/utils.nix @@ -21,11 +21,17 @@ in { enable = autoUpgrade; dates = "04:00"; flake = "${configDir}"; - flags = ["--update-input" "nixpkgs" "--commit-lock-file"]; + flags = [ + "--update-input" + "nixpkgs" + "--commit-lock-file" + ]; allowReboot = false; }; - time = {timeZone = timeZone;}; + time = { + timeZone = timeZone; + }; i18n.defaultLocale = defaultLocale; i18n.extraLocaleSettings = { LC_ADDRESS = extraLocale; @@ -65,7 +71,10 @@ in { dbus = { enable = true; implementation = "broker"; - packages = with pkgs; [gcr gnome-settings-daemon]; + packages = with pkgs; [ + gcr + gnome-settings-daemon + ]; }; gvfs.enable = true; upower.enable = true; @@ -115,7 +124,10 @@ in { xdgOpenUsePortal = true; config = { common.default = ["gtk"]; - hyprland.default = ["gtk" "hyprland"]; + hyprland.default = [ + "gtk" + "hyprland" + ]; }; extraPortals = [pkgs.xdg-desktop-portal-gtk]; diff --git a/server-modules/arr.nix b/server-modules/arr.nix index 070fb70..707543c 100644 --- a/server-modules/arr.nix +++ b/server-modules/arr.nix @@ -49,7 +49,10 @@ in { }; }; - users.users.jellyfin.extraGroups = ["video" "render"]; + users.users.jellyfin.extraGroups = [ + "video" + "render" + ]; services.cloudflared.tunnels."${config.var.tunnelId}".ingress = { "media.${config.var.domain}" = "http://localhost:8096"; diff --git a/server-modules/awesome-wallpapers.nix b/server-modules/awesome-wallpapers.nix index ff8c3de..78c632c 100644 --- a/server-modules/awesome-wallpapers.nix +++ b/server-modules/awesome-wallpapers.nix @@ -1,19 +1,27 @@ -{ config, inputs, lib, ... }: -let - inherit (import ./mk-container.nix { inherit lib config; }) mkContainer; -in { + config, + inputs, + lib, + ... +}: let + inherit (import ./mk-container.nix {inherit lib config;}) mkContainer; +in { imports = [ (mkContainer { name = "wallpapers"; hostIp = "10.233.4.1"; containerIp = "10.233.4.2"; - nixosConfig = { pkgs, ... }: { + nixosConfig = {pkgs, ...}: { services.nginx = { enable = true; virtualHosts."wallpapers" = { root = "${inputs.awesome-wallpapers.packages.${pkgs.system}.default}/share/awesome-wallpapers"; - listen = [{ addr = "0.0.0.0"; port = 8080; }]; + listen = [ + { + addr = "0.0.0.0"; + port = 8080; + } + ]; locations."/" = { tryFiles = "$uri $uri/ /index.html"; }; @@ -23,7 +31,7 @@ in ''; }; }; - networking.firewall.allowedTCPPorts = [ 8080 ]; + networking.firewall.allowedTCPPorts = [8080]; system.stateVersion = "24.05"; }; }) diff --git a/server-modules/blog.nix b/server-modules/blog.nix index 6a88bd0..adff835 100644 --- a/server-modules/blog.nix +++ b/server-modules/blog.nix @@ -51,7 +51,10 @@ in { }; }; }; - networking.firewall.allowedTCPPorts = [8080 8081]; + networking.firewall.allowedTCPPorts = [ + 8080 + 8081 + ]; system.stateVersion = "24.05"; }; }) diff --git a/server-modules/cyberchef.nix b/server-modules/cyberchef.nix index 7f2f08b..fa22798 100644 --- a/server-modules/cyberchef.nix +++ b/server-modules/cyberchef.nix @@ -1,22 +1,29 @@ -{ config, lib, ... }: -let - inherit (import ./mk-container.nix { inherit lib config; }) mkContainer; -in { + config, + lib, + ... +}: let + inherit (import ./mk-container.nix {inherit lib config;}) mkContainer; +in { imports = [ (mkContainer { name = "cyberchef"; hostIp = "10.233.5.1"; containerIp = "10.233.5.2"; - nixosConfig = { pkgs, ... }: { + nixosConfig = {pkgs, ...}: { services.nginx = { enable = true; virtualHosts."cyberchef" = { root = "${pkgs.cyberchef}/share/cyberchef"; - listen = [{ addr = "0.0.0.0"; port = 8080; }]; + listen = [ + { + addr = "0.0.0.0"; + port = 8080; + } + ]; }; }; - networking.firewall.allowedTCPPorts = [ 8080 ]; + networking.firewall.allowedTCPPorts = [8080]; system.stateVersion = "24.05"; }; }) diff --git a/server-modules/default-creds.nix b/server-modules/default-creds.nix index 39e4436..297baaf 100644 --- a/server-modules/default-creds.nix +++ b/server-modules/default-creds.nix @@ -1,21 +1,24 @@ -{ config, inputs, lib, ... }: -let - inherit (import ./mk-container.nix { inherit lib config; }) mkContainer; - domain = config.var.domain; -in { + config, + inputs, + lib, + ... +}: let + inherit (import ./mk-container.nix {inherit lib config;}) mkContainer; + domain = config.var.domain; +in { imports = [ (mkContainer { name = "def-creds"; hostIp = "10.233.6.1"; containerIp = "10.233.6.2"; - nixosConfig = { ... }: { - imports = [ inputs.default-creds.nixosModules.default ]; + nixosConfig = {...}: { + imports = [inputs.default-creds.nixosModules.default]; services.default-creds = { enable = true; port = 8087; }; - networking.firewall.allowedTCPPorts = [ 8087 ]; + networking.firewall.allowedTCPPorts = [8087]; systemd.services.default-creds.environment = { HOST = lib.mkForce "0.0.0.0"; PUBLIC_UMAMI_URL = "https://umami.${domain}"; diff --git a/server-modules/gitea.nix b/server-modules/gitea.nix index d32ffec..6426f73 100644 --- a/server-modules/gitea.nix +++ b/server-modules/gitea.nix @@ -1,14 +1,17 @@ -{ config, pkgs, lib, ... }: -let - inherit (import ./mk-container.nix { inherit lib config; }) mkContainer; +{ + config, + pkgs, + lib, + ... +}: let + inherit (import ./mk-container.nix {inherit lib config;}) mkContainer; domain = config.var.domain; catppuccin-gitea = pkgs.fetchzip { url = "https://github.com/catppuccin/gitea/releases/download/v1.0.2/catppuccin-gitea.tar.gz"; sha256 = "sha256-rZHLORwLUfIFcB6K9yhrzr+UwdPNQVSadsw6rg8Q7gs="; stripRoot = false; }; -in -{ +in { imports = [ (mkContainer { name = "gitea"; @@ -19,17 +22,19 @@ in hostPath = "/var/lib/gitea"; isReadOnly = false; }; - nixosConfig = { lib, ... }: { + nixosConfig = {lib, ...}: { users.users.gitea.uid = lib.mkForce 978; users.groups.gitea.gid = lib.mkForce 968; services.postgresql = { enable = true; - ensureDatabases = [ "gitea" ]; - ensureUsers = [{ - name = "gitea"; - ensureDBOwnership = true; - }]; + ensureDatabases = ["gitea"]; + ensureUsers = [ + { + name = "gitea"; + ensureDBOwnership = true; + } + ]; }; services.gitea = { @@ -69,7 +74,7 @@ in ln -sfn ${catppuccin-gitea} /var/lib/gitea/custom/public/assets/css ''; - networking.firewall.allowedTCPPorts = [ 3002 ]; + networking.firewall.allowedTCPPorts = [3002]; system.stateVersion = "24.05"; }; }) diff --git a/server-modules/glance/default.nix b/server-modules/glance/default.nix index a8fe7a7..4763c64 100644 --- a/server-modules/glance/default.nix +++ b/server-modules/glance/default.nix @@ -1,41 +1,87 @@ -{ config, lib, ... }: -let - inherit (import ../mk-container.nix { inherit lib config; }) mkContainer; +{ + config, + lib, + ... +}: let + inherit (import ../mk-container.nix {inherit lib config;}) mkContainer; domain = config.var.domain; hostIp = "10.233.12.1"; # Convert 6-char hex color to "H S L" string for glance (integers, no % sign) - hexToGlanceHsl = hex: - let - h = lib.toLower hex; - d = c: - if c == "a" then 10 else if c == "b" then 11 else if c == "c" then 12 - else if c == "d" then 13 else if c == "e" then 14 else if c == "f" then 15 - else lib.toInt c; - byte = pos: d (builtins.substring pos 1 h) * 16 + d (builtins.substring (pos + 1) 1 h); - ri = byte 0; gi = byte 2; bi = byte 4; - r = ri * 1.0 / 255.0; - g = gi * 1.0 / 255.0; - b = bi * 1.0 / 255.0; - mx = if r >= g && r >= b then "r" else if g >= b then "g" else "b"; - mn = if r <= g && r <= b then "r" else if g <= b then "g" else "b"; - cmax = if mx == "r" then r else if mx == "g" then g else b; - cmin = if mn == "r" then r else if mn == "g" then g else b; - delta = cmax - cmin; - l = (cmax + cmin) / 2.0; - s = if delta < 0.0001 then 0.0 - else if l <= 0.5 then delta / (cmax + cmin) - else delta / (2.0 - cmax - cmin); - hue = - if delta < 0.0001 then 0.0 - else if mx == "r" then let raw = 60.0 * (g - b) / delta; in if raw < 0.0 then raw + 360.0 else raw - else if mx == "g" then 60.0 * ((b - r) / delta + 2.0) - else 60.0 * ((r - g) / delta + 4.0); - in "${toString (builtins.floor (hue + 0.5))} ${toString (builtins.floor (s * 100.0 + 0.5))} ${toString (builtins.floor (l * 100.0 + 0.5))}"; + hexToGlanceHsl = hex: let + h = lib.toLower hex; + d = c: + if c == "a" + then 10 + else if c == "b" + then 11 + else if c == "c" + then 12 + else if c == "d" + then 13 + else if c == "e" + then 14 + else if c == "f" + then 15 + else lib.toInt c; + byte = pos: d (builtins.substring pos 1 h) * 16 + d (builtins.substring (pos + 1) 1 h); + ri = byte 0; + gi = byte 2; + bi = byte 4; + r = ri * 1.0 / 255.0; + g = gi * 1.0 / 255.0; + b = bi * 1.0 / 255.0; + mx = + if r >= g && r >= b + then "r" + else if g >= b + then "g" + else "b"; + mn = + if r <= g && r <= b + then "r" + else if g <= b + then "g" + else "b"; + cmax = + if mx == "r" + then r + else if mx == "g" + then g + else b; + cmin = + if mn == "r" + then r + else if mn == "g" + then g + else b; + delta = cmax - cmin; + l = (cmax + cmin) / 2.0; + s = + if delta < 0.0001 + then 0.0 + else if l <= 0.5 + then delta / (cmax + cmin) + else delta / (2.0 - cmax - cmin); + hue = + if delta < 0.0001 + then 0.0 + else if mx == "r" + then let + raw = 60.0 * (g - b) / delta; + in + if raw < 0.0 + then raw + 360.0 + else raw + else if mx == "g" + then 60.0 * ((b - r) / delta + 2.0) + else 60.0 * ((r - g) / delta + 4.0); + in "${toString (builtins.floor (hue + 0.5))} ${toString (builtins.floor (s * 100.0 + 0.5))} ${ + toString (builtins.floor (l * 100.0 + 0.5)) + }"; c = config.stylix.base16Scheme; -in -{ +in { # 0444 so the glance user inside the container can read the bind-mounted file sops.secrets.adguard-pwd.mode = "0444"; @@ -49,10 +95,13 @@ in hostPath = config.sops.secrets.adguard-pwd.path; isReadOnly = true; }; - nixosConfig = { lib, ... }: { + nixosConfig = {lib, ...}: { _module.args.domain = domain; _module.args.adguardUrl = "http://${hostIp}:3000"; - imports = [ ./home.nix ./server.nix ]; + imports = [ + ./home.nix + ./server.nix + ]; services.glance = { enable = true; @@ -64,9 +113,9 @@ in theme = { light = false; background-color = hexToGlanceHsl c.base00; # background - primary-color = hexToGlanceHsl c.base0D; # accent (iris/purple) - positive-color = hexToGlanceHsl c.base0B; # positive (pine/teal) - negative-color = hexToGlanceHsl c.base08; # negative (love/rose) + primary-color = hexToGlanceHsl c.base0D; # accent (iris/purple) + positive-color = hexToGlanceHsl c.base0B; # positive (pine/teal) + negative-color = hexToGlanceHsl c.base08; # negative (love/rose) }; }; }; @@ -77,7 +126,12 @@ in proxy_cache_path /var/cache/nginx/glance levels=1:2 keys_zone=glance:1m inactive=30m max_size=100m; ''; virtualHosts."glance" = { - listen = [{ addr = "0.0.0.0"; port = 8080; }]; + listen = [ + { + addr = "0.0.0.0"; + port = 8080; + } + ]; locations."/" = { proxyPass = "http://127.0.0.1:5678"; extraConfig = '' @@ -90,7 +144,7 @@ in }; }; - networking.firewall.allowedTCPPorts = [ 8080 ]; + networking.firewall.allowedTCPPorts = [8080]; system.stateVersion = "24.05"; }; }) diff --git a/server-modules/glance/home.nix b/server-modules/glance/home.nix index 710a53e..de5a8a1 100644 --- a/server-modules/glance/home.nix +++ b/server-modules/glance/home.nix @@ -1,4 +1,4 @@ -{ domain, ... }: { +{domain, ...}: { services.glance.settings.pages = [ { name = "Home"; diff --git a/server-modules/mazanoke.nix b/server-modules/mazanoke.nix index 7e03b1c..53f73c2 100644 --- a/server-modules/mazanoke.nix +++ b/server-modules/mazanoke.nix @@ -1,43 +1,50 @@ -{ config, lib, ... }: -let - inherit (import ./mk-container.nix { inherit lib config; }) mkContainer; -in { + config, + lib, + ... +}: let + inherit (import ./mk-container.nix {inherit lib config;}) mkContainer; +in { imports = [ (mkContainer { name = "mazanoke"; hostIp = "10.233.7.1"; containerIp = "10.233.7.2"; - nixosConfig = { pkgs, ... }: - let - version = "1.1.5"; - mazanoke-pkg = pkgs.stdenv.mkDerivation { - inherit version; - pname = "mazanoke"; - src = pkgs.fetchFromGitHub { - owner = "civilblur"; - repo = "mazanoke"; - rev = "v${version}"; - hash = "sha256-B/AF4diMNxN94BzpZP/C+K8kNj9q+4SDKWa/qd4LrVU="; - }; - installPhase = '' - mkdir -p $out/share/mazanoke - cp -r ./index.html ./favicon.ico ./manifest.json ./service-worker.js ./assets $out/share/mazanoke/ - ''; + nixosConfig = {pkgs, ...}: let + version = "1.1.5"; + mazanoke-pkg = pkgs.stdenv.mkDerivation { + inherit version; + pname = "mazanoke"; + src = pkgs.fetchFromGitHub { + owner = "civilblur"; + repo = "mazanoke"; + rev = "v${version}"; + hash = "sha256-B/AF4diMNxN94BzpZP/C+K8kNj9q+4SDKWa/qd4LrVU="; }; - in - { - services.nginx = { - enable = true; - virtualHosts."mazanoke" = { - root = "${mazanoke-pkg}/share/mazanoke"; - listen = [{ addr = "0.0.0.0"; port = 8080; }]; - locations."/" = { index = "index.html"; }; - }; - }; - networking.firewall.allowedTCPPorts = [ 8080 ]; - system.stateVersion = "24.05"; + installPhase = '' + mkdir -p $out/share/mazanoke + cp -r ./index.html ./favicon.ico ./manifest.json ./service-worker.js ./assets $out/share/mazanoke/ + ''; }; + in { + services.nginx = { + enable = true; + virtualHosts."mazanoke" = { + root = "${mazanoke-pkg}/share/mazanoke"; + listen = [ + { + addr = "0.0.0.0"; + port = 8080; + } + ]; + locations."/" = { + index = "index.html"; + }; + }; + }; + networking.firewall.allowedTCPPorts = [8080]; + system.stateVersion = "24.05"; + }; }) ]; diff --git a/server-modules/mealie.nix b/server-modules/mealie.nix index ecf47be..6a724de 100644 --- a/server-modules/mealie.nix +++ b/server-modules/mealie.nix @@ -1,20 +1,22 @@ -{ config, lib, ... }: -let - inherit (import ./mk-container.nix { inherit lib config; }) mkContainer; -in { + config, + lib, + ... +}: let + inherit (import ./mk-container.nix {inherit lib config;}) mkContainer; +in { imports = [ (mkContainer { name = "mealie"; hostIp = "10.233.8.1"; containerIp = "10.233.8.2"; internet = true; - nixosConfig = { ... }: { + nixosConfig = {...}: { services.mealie = { enable = true; port = 8080; }; - networking.firewall.allowedTCPPorts = [ 8080 ]; + networking.firewall.allowedTCPPorts = [8080]; system.stateVersion = "24.05"; }; }) diff --git a/server-modules/mk-container.nix b/server-modules/mk-container.nix index e7bcbe8..308589b 100644 --- a/server-modules/mk-container.nix +++ b/server-modules/mk-container.nix @@ -1,5 +1,7 @@ -{ lib, config }: - +{ + lib, + config, +}: # Returns a NixOS module (attrset), to be used in `imports`. # # Options: @@ -7,62 +9,64 @@ # externalInterface - WAN interface for NAT, required when internet = true # bindMounts - host paths to mount into the container (see containers..bindMounts) # config - NixOS module for the container - let - nginxHardening = { config, ... }: lib.mkIf config.services.nginx.enable { - services.nginx.serverTokens = false; - }; -in - -{ - mkContainer = - { - name, - hostIp, - containerIp, - internet ? false, - externalInterface ? config.var.networkInterface, - bindMounts ? {}, - nixosConfig, - }: - assert lib.assertMsg - (lib.stringLength "ve-${name}" <= 15) - "mkContainer: interface name 've-${name}' is ${toString (lib.stringLength "ve-${name}")} chars, max is 15"; - { - containers.${name} = { - autoStart = true; - privateNetwork = true; - hostAddress = hostIp; - localAddress = containerIp; - inherit bindMounts; - config = { ... }: { - imports = [ nixosConfig nginxHardening ]; - networking.nameservers = lib.mkIf internet [ "1.1.1.1" "1.0.0.1" ]; + nginxHardening = {config, ...}: + lib.mkIf config.services.nginx.enable { + services.nginx.serverTokens = false; + }; +in { + mkContainer = { + name, + hostIp, + containerIp, + internet ? false, + externalInterface ? config.var.networkInterface, + bindMounts ? {}, + nixosConfig, + }: + assert lib.assertMsg (lib.stringLength "ve-${name}" <= 15) + "mkContainer: interface name 've-${name}' is ${toString (lib.stringLength "ve-${name}")} chars, max is 15"; + { + containers.${name} = { + autoStart = true; + privateNetwork = true; + hostAddress = hostIp; + localAddress = containerIp; + inherit bindMounts; + config = {...}: { + imports = [ + nixosConfig + nginxHardening + ]; + networking.nameservers = lib.mkIf internet [ + "1.1.1.1" + "1.0.0.1" + ]; + }; }; - }; - } - // (lib.optionalAttrs internet { - boot.kernel.sysctl."net.ipv4.ip_forward" = lib.mkDefault true; - networking.nat = { - enable = true; - externalInterface = externalInterface; - internalInterfaces = [ "ve-${name}" ]; - }; - # CONTAINER-FWD (defined by another module) blocks all forwarding by default. - # Insert rules in FORWARD before it: allow return traffic, block LAN, allow internet. - networking.firewall.extraCommands = '' - iptables -I FORWARD 1 -s ${containerIp} -m conntrack --ctstate NEW -j ACCEPT - iptables -I FORWARD 1 -s ${containerIp} -d 192.168.0.0/16 -j DROP - iptables -I FORWARD 1 -s ${containerIp} -d 172.16.0.0/12 -j DROP - iptables -I FORWARD 1 -s ${containerIp} -d 10.0.0.0/8 -j DROP - iptables -I FORWARD 1 -d ${containerIp} -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT - ''; - networking.firewall.extraStopCommands = '' - iptables -D FORWARD -s ${containerIp} -m conntrack --ctstate NEW -j ACCEPT 2>/dev/null || true - iptables -D FORWARD -s ${containerIp} -d 192.168.0.0/16 -j DROP 2>/dev/null || true - iptables -D FORWARD -s ${containerIp} -d 172.16.0.0/12 -j DROP 2>/dev/null || true - iptables -D FORWARD -s ${containerIp} -d 10.0.0.0/8 -j DROP 2>/dev/null || true - iptables -D FORWARD -d ${containerIp} -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 2>/dev/null || true - ''; - }); + } + // (lib.optionalAttrs internet { + boot.kernel.sysctl."net.ipv4.ip_forward" = lib.mkDefault true; + networking.nat = { + enable = true; + externalInterface = externalInterface; + internalInterfaces = ["ve-${name}"]; + }; + # CONTAINER-FWD (defined by another module) blocks all forwarding by default. + # Insert rules in FORWARD before it: allow return traffic, block LAN, allow internet. + networking.firewall.extraCommands = '' + iptables -I FORWARD 1 -s ${containerIp} -m conntrack --ctstate NEW -j ACCEPT + iptables -I FORWARD 1 -s ${containerIp} -d 192.168.0.0/16 -j DROP + iptables -I FORWARD 1 -s ${containerIp} -d 172.16.0.0/12 -j DROP + iptables -I FORWARD 1 -s ${containerIp} -d 10.0.0.0/8 -j DROP + iptables -I FORWARD 1 -d ${containerIp} -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT + ''; + networking.firewall.extraStopCommands = '' + iptables -D FORWARD -s ${containerIp} -m conntrack --ctstate NEW -j ACCEPT 2>/dev/null || true + iptables -D FORWARD -s ${containerIp} -d 192.168.0.0/16 -j DROP 2>/dev/null || true + iptables -D FORWARD -s ${containerIp} -d 172.16.0.0/12 -j DROP 2>/dev/null || true + iptables -D FORWARD -s ${containerIp} -d 10.0.0.0/8 -j DROP 2>/dev/null || true + iptables -D FORWARD -d ${containerIp} -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 2>/dev/null || true + ''; + }); } diff --git a/server-modules/ssh.nix b/server-modules/ssh.nix index fc8995f..ae98bfb 100644 --- a/server-modules/ssh.nix +++ b/server-modules/ssh.nix @@ -17,8 +17,14 @@ in { AllowTcpForwarding = false; ClientAliveInterval = 300; ClientAliveCountMax = 2; - KexAlgorithms = ["curve25519-sha256" "curve25519-sha256@libssh.org"]; - Ciphers = ["chacha20-poly1305@openssh.com" "aes256-gcm@openssh.com"]; + KexAlgorithms = [ + "curve25519-sha256" + "curve25519-sha256@libssh.org" + ]; + Ciphers = [ + "chacha20-poly1305@openssh.com" + "aes256-gcm@openssh.com" + ]; }; }; diff --git a/server-modules/stirling-pdf.nix b/server-modules/stirling-pdf.nix index bfcc920..30d10ab 100644 --- a/server-modules/stirling-pdf.nix +++ b/server-modules/stirling-pdf.nix @@ -1,19 +1,21 @@ -{ config, lib, ... }: -let - inherit (import ./mk-container.nix { inherit lib config; }) mkContainer; -in { + config, + lib, + ... +}: let + inherit (import ./mk-container.nix {inherit lib config;}) mkContainer; +in { imports = [ (mkContainer { name = "stirling-pdf"; hostIp = "10.233.9.1"; containerIp = "10.233.9.2"; - nixosConfig = { ... }: { + nixosConfig = {...}: { services.stirling-pdf = { enable = true; environment."SERVER_PORT" = "8080"; }; - networking.firewall.allowedTCPPorts = [ 8080 ]; + networking.firewall.allowedTCPPorts = [8080]; system.stateVersion = "24.05"; }; }) diff --git a/server-modules/umami.nix b/server-modules/umami.nix index fbb3f4c..26b0ac0 100644 --- a/server-modules/umami.nix +++ b/server-modules/umami.nix @@ -1,8 +1,10 @@ -{ config, lib, ... }: -let - inherit (import ./mk-container.nix { inherit lib config; }) mkContainer; -in { + config, + lib, + ... +}: let + inherit (import ./mk-container.nix {inherit lib config;}) mkContainer; +in { sops.secrets.umami-secret.mode = "0400"; imports = [ @@ -14,7 +16,7 @@ in hostPath = config.sops.secrets.umami-secret.path; isReadOnly = true; }; - nixosConfig = { ... }: { + nixosConfig = {...}: { services.umami = { enable = true; settings = { @@ -27,7 +29,7 @@ in }; # PrivateUsers breaks systemd-creds inside nspawn containers (nested user namespaces) systemd.services.umami.serviceConfig.PrivateUsers = lib.mkForce false; - networking.firewall.allowedTCPPorts = [ 8080 ]; + networking.firewall.allowedTCPPorts = [8080]; system.stateVersion = "24.05"; }; }) diff --git a/themes/darkviolet.nix b/themes/darkviolet.nix index 3cda8f6..581a2bc 100644 --- a/themes/darkviolet.nix +++ b/themes/darkviolet.nix @@ -16,8 +16,7 @@ border-size = 2; animation-speed = "medium"; # "fast" | "medium" | "slow" fetch = "none"; # "nerdfetch" | "neofetch" | "pfetch" | "none" - textColorOnWallpaper = - config.lib.stylix.colors.base00; # Color of the text displayed on the wallpaper (Lockscreen, display manager, ...) + textColorOnWallpaper = config.lib.stylix.colors.base00; # Color of the text displayed on the wallpaper (Lockscreen, display manager, ...) }; description = "Theme configuration options"; }; diff --git a/themes/rose-pine.nix b/themes/rose-pine.nix index e954021..e713ca6 100644 --- a/themes/rose-pine.nix +++ b/themes/rose-pine.nix @@ -16,8 +16,7 @@ border-size = 4; animation-speed = "fast"; # "fast" | "medium" | "slow" fetch = "none"; # "nerdfetch" | "neofetch" | "pfetch" | "none" - textColorOnWallpaper = - config.lib.stylix.colors.base00; # Color of the text displayed on the wallpaper (Lockscreen, display manager, ...) + textColorOnWallpaper = config.lib.stylix.colors.base00; # Color of the text displayed on the wallpaper (Lockscreen, display manager, ...) }; description = "Theme configuration options"; }; diff --git a/themes/zen.nix b/themes/zen.nix index ce22d83..d3926fc 100644 --- a/themes/zen.nix +++ b/themes/zen.nix @@ -16,8 +16,7 @@ border-size = 4; animation-speed = "medium"; # "fast" | "medium" | "slow" fetch = "none"; # "nerdfetch" | "neofetch" | "pfetch" | "none" - textColorOnWallpaper = - config.lib.stylix.colors.base00; # Color of the text displayed on the wallpaper (Lockscreen, display manager, ...) + textColorOnWallpaper = config.lib.stylix.colors.base00; # Color of the text displayed on the wallpaper (Lockscreen, display manager, ...) }; description = "Theme configuration options"; };