diff --git a/argon/configuration.nix b/argon/configuration.nix index 5615b0c..c31ac8d 100644 --- a/argon/configuration.nix +++ b/argon/configuration.nix @@ -104,7 +104,10 @@ users.users.gmacon = { isNormalUser = true; description = "George Macon"; - extraGroups = [ "networkmanager" "wheel" ]; + extraGroups = [ + "networkmanager" + "wheel" + ]; shell = pkgs.zsh; packages = with pkgs; [ # thunderbird @@ -149,9 +152,7 @@ directories = [ "/home/gmacon" ]; checkpointBytes = "10G"; period = "daily"; - excludes = [ - ".cache" - ]; + excludes = [ ".cache" ]; tarsnapper = { enable = true; deltas = "1d 7d 28d 364d"; diff --git a/argon/hardware-configuration.nix b/argon/hardware-configuration.nix index 35b79b2..600fbae 100644 --- a/argon/hardware-configuration.nix +++ b/argon/hardware-configuration.nix @@ -1,30 +1,38 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: { - boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ]; + boot.initrd.availableKernelModules = [ + "xhci_pci" + "thunderbolt" + "nvme" + "usb_storage" + "sd_mod" + ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; - fileSystems."/" = - { - device = "/dev/disk/by-uuid/f5b58870-34bb-4c82-b229-eb6f949c3ac9"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/f5b58870-34bb-4c82-b229-eb6f949c3ac9"; + fsType = "ext4"; + }; boot.initrd.luks.devices."luks-ea7ac1b1-e2b3-4e8c-ac68-a9864d91cdda".device = "/dev/disk/by-uuid/ea7ac1b1-e2b3-4e8c-ac68-a9864d91cdda"; - fileSystems."/boot" = - { - device = "/dev/disk/by-uuid/0285-F1F8"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/0285-F1F8"; + fsType = "vfat"; + }; - swapDevices = - [{ device = "/dev/disk/by-uuid/c667f835-6206-4200-bbe6-3ab738f90199"; }]; + swapDevices = [ { device = "/dev/disk/by-uuid/c667f835-6206-4200-bbe6-3ab738f90199"; } ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/flake.nix b/flake.nix index 1b570cf..4fcceaa 100644 --- a/flake.nix +++ b/flake.nix @@ -99,20 +99,21 @@ }; outputs = - { self - , agenix - , emacs - , flake_env - , home-manager - , lanzaboote - , lix-module - , nix-direnv - , nix-index-database - , nixos-hardware - , nixpkgs - , nixpkgs-stable - , ... - } @ inputs: + { + self, + agenix, + emacs, + flake_env, + home-manager, + lanzaboote, + lix-module, + nix-direnv, + nix-index-database, + nixos-hardware, + nixpkgs, + nixpkgs-stable, + ... + }@inputs: let nixpkgsModule = { nixpkgs = { @@ -122,16 +123,20 @@ nix-direnv.overlays.default (import ./nix/overlay.nix) (self: super: { - beeper = ( - self.callPackage "${nixpkgs}/pkgs/applications/networking/instant-messengers/beeper" { } - ); + beeper = (self.callPackage "${nixpkgs}/pkgs/applications/networking/instant-messengers/beeper" { }); }) ]; config.allowUnfree = true; }; nix.settings = { - experimental-features = [ "nix-command" "flakes" ]; - trusted-users = [ "root" "@wheel" ]; + experimental-features = [ + "nix-command" + "flakes" + ]; + trusted-users = [ + "root" + "@wheel" + ]; keep-outputs = true; keep-derivations = true; auto-optimise-store = true; @@ -141,10 +146,11 @@ inherit (nixpkgsModule.nixpkgs) overlays config; }; linuxPkgs = import nixpkgs-stable (nixpkgsArgs // { system = "x86_64-linux"; }); - darwinPkgs = - import nixpkgs-stable (nixpkgsArgs // { system = "x86_64-darwin"; }); + darwinPkgs = import nixpkgs-stable (nixpkgsArgs // { system = "x86_64-darwin"; }); unstablePkgs = import nixpkgs (nixpkgsArgs // { system = "x86_64-linux"; }); - extraSpecialArgs = { inherit inputs unstablePkgs; }; + extraSpecialArgs = { + inherit inputs unstablePkgs; + }; in { nixosConfigurations.argon = nixpkgs-stable.lib.nixosSystem { @@ -213,81 +219,75 @@ ]; }; - homeConfigurations.work-laptop = - home-manager.lib.homeManagerConfiguration { - pkgs = darwinPkgs; + homeConfigurations.work-laptop = home-manager.lib.homeManagerConfiguration { + pkgs = darwinPkgs; - modules = [ - nix-index-database.hmModules.nix-index - ./home-manager/common/common.nix - ./home-manager/common/darwin.nix - ./home-manager/graphical/common.nix - ./home-manager/work/common.nix - ]; + modules = [ + nix-index-database.hmModules.nix-index + ./home-manager/common/common.nix + ./home-manager/common/darwin.nix + ./home-manager/graphical/common.nix + ./home-manager/work/common.nix + ]; - extraSpecialArgs = { - username = "gmacon3"; - userEmail = "george.macon@gtri.gatech.edu"; - homeDirectory = "/Users/gmacon3"; - } // extraSpecialArgs; - }; + extraSpecialArgs = { + username = "gmacon3"; + userEmail = "george.macon@gtri.gatech.edu"; + homeDirectory = "/Users/gmacon3"; + } // extraSpecialArgs; + }; - homeConfigurations.work-desktop = - home-manager.lib.homeManagerConfiguration { - pkgs = linuxPkgs; + homeConfigurations.work-desktop = home-manager.lib.homeManagerConfiguration { + pkgs = linuxPkgs; - modules = [ - nix-index-database.hmModules.nix-index - ./home-manager/common/common.nix - ./home-manager/common/linux.nix - ./home-manager/common/alien-linux.nix - ./home-manager/graphical/common.nix - ./home-manager/graphical/linux.nix - ./home-manager/work/common.nix - ./home-manager/work-graphical/linux.nix - ]; + modules = [ + nix-index-database.hmModules.nix-index + ./home-manager/common/common.nix + ./home-manager/common/linux.nix + ./home-manager/common/alien-linux.nix + ./home-manager/graphical/common.nix + ./home-manager/graphical/linux.nix + ./home-manager/work/common.nix + ./home-manager/work-graphical/linux.nix + ]; - extraSpecialArgs = { - username = "gmacon3"; - userEmail = "george.macon@gtri.gatech.edu"; - homeDirectory = "/home/gmacon3"; - } // extraSpecialArgs; - }; + extraSpecialArgs = { + username = "gmacon3"; + userEmail = "george.macon@gtri.gatech.edu"; + homeDirectory = "/home/gmacon3"; + } // extraSpecialArgs; + }; - homeConfigurations.work-server = - home-manager.lib.homeManagerConfiguration { - pkgs = linuxPkgs; + homeConfigurations.work-server = home-manager.lib.homeManagerConfiguration { + pkgs = linuxPkgs; - modules = [ - nix-index-database.hmModules.nix-index - ./home-manager/common/common.nix - ./home-manager/common/linux.nix - ./home-manager/common/alien-linux.nix - ./home-manager/work/common.nix - ]; + modules = [ + nix-index-database.hmModules.nix-index + ./home-manager/common/common.nix + ./home-manager/common/linux.nix + ./home-manager/common/alien-linux.nix + ./home-manager/work/common.nix + ]; - extraSpecialArgs = { - username = "gmacon3"; - userEmail = "george.macon@gtri.gatech.edu"; - homeDirectory = "/home/gmacon3"; - } // extraSpecialArgs; - }; + extraSpecialArgs = { + username = "gmacon3"; + userEmail = "george.macon@gtri.gatech.edu"; + homeDirectory = "/home/gmacon3"; + } // extraSpecialArgs; + }; legacyPackages = { x86_64-linux = linuxPkgs; x86_64-darwin = darwinPkgs; }; - devShells = builtins.mapAttrs - (system: pkgs: - { - default = pkgs.mkShell { - packages = [ - agenix.packages.${system}.default - pkgs.bridge-manager - pkgs.yq-go - ]; - }; - }) - self.legacyPackages; + devShells = builtins.mapAttrs (system: pkgs: { + default = pkgs.mkShell { + packages = [ + agenix.packages.${system}.default + pkgs.bridge-manager + pkgs.yq-go + ]; + }; + }) self.legacyPackages; }; } diff --git a/home-manager/common/alien-linux.nix b/home-manager/common/alien-linux.nix index e010d08..30a8c8c 100644 --- a/home-manager/common/alien-linux.nix +++ b/home-manager/common/alien-linux.nix @@ -1,4 +1,5 @@ -{ pkgs, inputs, ... }: { +{ pkgs, inputs, ... }: +{ nix = { package = pkgs.nix; registry.nixpkgs.flake = inputs.nixpkgs; diff --git a/home-manager/common/common.nix b/home-manager/common/common.nix index b82c277..3ecba95 100644 --- a/home-manager/common/common.nix +++ b/home-manager/common/common.nix @@ -1,4 +1,12 @@ -{ config, pkgs, username, userEmail, homeDirectory, inputs, ... }: +{ + config, + pkgs, + username, + userEmail, + homeDirectory, + inputs, + ... +}: let ripgreprc = pkgs.writeText "ripgrep.rc" '' --smart-case @@ -15,7 +23,10 @@ let ''; rebuild-fzf-mark = pkgs.writeShellApplication { name = "rebuild-fzf-mark"; - runtimeInputs = with pkgs; [ findutils gawk ]; + runtimeInputs = with pkgs; [ + findutils + gawk + ]; text = '' find "${config.home.homeDirectory}/code" -type d -name .git \ | awk 'BEGIN { FS="/"; OFS="/" } { NF=NF-1; print $NF " : " $0 }' \ @@ -30,40 +41,39 @@ in home.homeDirectory = homeDirectory; # Packages that should be installed to the user profile. - home.packages = with pkgs; - [ - agedu - bat - cachix - comma - cookiecutter - fd - gh - git-absorb - git-credential-oauth - httpie - jq - mosh - nil - nix-init - nix-output-monitor - nix-prefetch-github - nix-tree - nixfmt-rfc-style - pandoc - pushover - pv - ripgrep - shellcheck - unzip - vim + home.packages = with pkgs; [ + agedu + bat + cachix + comma + cookiecutter + fd + gh + git-absorb + git-credential-oauth + httpie + jq + mosh + nil + nix-init + nix-output-monitor + nix-prefetch-github + nix-tree + nixfmt-rfc-style + pandoc + pushover + pv + ripgrep + shellcheck + unzip + vim - certreq - gitHelpers - rebuild-fzf-mark - rsync-git - wordle - ]; + certreq + gitHelpers + rebuild-fzf-mark + rsync-git + wordle + ]; # This value determines the Home Manager release that your # configuration is compatible with. This helps avoid breakage @@ -128,10 +138,12 @@ in return fi ''; - plugins = [{ - name = "fzf-marks"; - src = inputs.zsh-fzf-marks; - }]; + plugins = [ + { + name = "fzf-marks"; + src = inputs.zsh-fzf-marks; + } + ]; }; programs.starship = { @@ -221,8 +233,7 @@ in assume = "update-index --assume-unchanged"; unassume = "update-index --no-assume-unchanged"; assumed = "!git ls-files -v | grep ^h | cut -c 3-"; - unassumeall = - "!git assumed | xargs git update-index --no-assume-unchanged"; + unassumeall = "!git assumed | xargs git update-index --no-assume-unchanged"; topush = "log @{u}.."; pushnew = "push -u origin HEAD"; wip = "commit -anm WIP"; @@ -255,7 +266,14 @@ in receive.fsck.skipList = "${skiplist}"; init.defaultBranch = "main"; }; - ignores = [ ".direnv/" "*~" "\\#*\\#" ".\\#*" ".dir-locals.el" ".DS_Store" ]; + ignores = [ + ".direnv/" + "*~" + "\\#*\\#" + ".\\#*" + ".dir-locals.el" + ".DS_Store" + ]; lfs.enable = true; userEmail = userEmail; userName = "George Macon"; diff --git a/home-manager/common/darwin.nix b/home-manager/common/darwin.nix index 1e53605..50a0f30 100644 --- a/home-manager/common/darwin.nix +++ b/home-manager/common/darwin.nix @@ -1,9 +1,16 @@ -{ config, pkgs, inputs, ... }: +{ + config, + pkgs, + inputs, + ... +}: let penumbra = inputs.penumbra; - plistToJson = source: pkgs.runCommand "output" { } '' - ${pkgs.python3}/bin/python -c "import json, plistlib, sys; json.dump(plistlib.load(sys.stdin.buffer), sys.stdout)" <${source} >$out - ''; + plistToJson = + source: + pkgs.runCommand "output" { } '' + ${pkgs.python3}/bin/python -c "import json, plistlib, sys; json.dump(plistlib.load(sys.stdin.buffer), sys.stdout)" <${source} >$out + ''; readPlist = source: builtins.fromJSON (builtins.readFile (plistToJson source)); darkmode = pkgs.concatTextFile { name = "darkmode"; @@ -13,7 +20,10 @@ let }; in { - home.packages = with pkgs; [ iterm2 darkmode ]; + home.packages = with pkgs; [ + iterm2 + darkmode + ]; home.sessionPath = [ "/usr/local/bin" ]; # Terminal Emulator @@ -25,6 +35,5 @@ in "penumbra_dark++" = readPlist "${penumbra}/iTerm2/penumbra_dark++.itermcolors"; }; }; - home.file."Library/Application Support/iTerm2/Scripts/autotheme.py".source = - ../config/iterm2/autotheme.py; + home.file."Library/Application Support/iTerm2/Scripts/autotheme.py".source = ../config/iterm2/autotheme.py; } diff --git a/home-manager/common/linux.nix b/home-manager/common/linux.nix index c24a23f..baf3e0d 100644 --- a/home-manager/common/linux.nix +++ b/home-manager/common/linux.nix @@ -1,4 +1,5 @@ -{ pkgs, ... }: { +{ pkgs, ... }: +{ targets.genericLinux.enable = true; programs.bash = { enable = true; diff --git a/home-manager/graphical/common.nix b/home-manager/graphical/common.nix index 8473a0c..6ec4faa 100644 --- a/home-manager/graphical/common.nix +++ b/home-manager/graphical/common.nix @@ -1,4 +1,5 @@ -{ config, pkgs, ... }: { +{ config, pkgs, ... }: +{ home.packages = with pkgs; [ flake-graph hunspell diff --git a/home-manager/graphical/linux.nix b/home-manager/graphical/linux.nix index 6e63bda..02c3560 100644 --- a/home-manager/graphical/linux.nix +++ b/home-manager/graphical/linux.nix @@ -1,4 +1,5 @@ -{ pkgs, ... }: { +{ pkgs, ... }: +{ home.packages = with pkgs; [ wl-clipboard xsel diff --git a/home-manager/home/common.nix b/home-manager/home/common.nix index 9d1bd39..0035353 100644 --- a/home-manager/home/common.nix +++ b/home-manager/home/common.nix @@ -1,4 +1,5 @@ -{ pkgs, inputs, ... }: { +{ pkgs, inputs, ... }: +{ home.packages = builtins.attrValues { inherit (pkgs) beeper @@ -39,11 +40,13 @@ font.size = 13.0; draw_bold_text_with_bright_colors = true; key_bindings = [ - { key = "N"; mods = "Shift|Control"; action = "SpawnNewInstance"; } - ]; - "import" = [ - "${inputs.alacritty-theme-penumbra}/penumbra-light.yml" + { + key = "N"; + mods = "Shift|Control"; + action = "SpawnNewInstance"; + } ]; + "import" = [ "${inputs.alacritty-theme-penumbra}/penumbra-light.yml" ]; }; }; diff --git a/home-manager/work-graphical/linux.nix b/home-manager/work-graphical/linux.nix index 35b3b4c..fe496b7 100644 --- a/home-manager/work-graphical/linux.nix +++ b/home-manager/work-graphical/linux.nix @@ -1,4 +1,11 @@ -{ config, pkgs, unstablePkgs, lib, ... }: { +{ + config, + pkgs, + unstablePkgs, + lib, + ... +}: +{ home.packages = [ pkgs.slack pkgs.vistafonts diff --git a/home-manager/work/common.nix b/home-manager/work/common.nix index 332feb6..1c8f484 100644 --- a/home-manager/work/common.nix +++ b/home-manager/work/common.nix @@ -1,11 +1,11 @@ -{ config, pkgs, inputs, ... }: { - home.packages = builtins.attrValues { - inherit (pkgs) - acsaml - rclone - tmux - ; - }; +{ + config, + pkgs, + inputs, + ... +}: +{ + home.packages = builtins.attrValues { inherit (pkgs) acsaml rclone tmux; }; # Vagrant home.file."${config.home.homeDirectory}/.vagrant.d/Vagrantfile".source = ../config/Vagrantfile; diff --git a/nix/acsaml.nix b/nix/acsaml.nix index 51ca430..1ab8a18 100644 --- a/nix/acsaml.nix +++ b/nix/acsaml.nix @@ -1,4 +1,5 @@ -{ writeShellApplication, openconnect }: writeShellApplication { +{ writeShellApplication, openconnect }: +writeShellApplication { name = "acsaml"; runtimeInputs = [ openconnect ]; text = '' diff --git a/nix/bridge-manager/default.nix b/nix/bridge-manager/default.nix index 3269a4f..9dd6f77 100644 --- a/nix/bridge-manager/default.nix +++ b/nix/bridge-manager/default.nix @@ -1,4 +1,9 @@ -{ lib, buildGoModule, fetchFromGitHub }: buildGoModule rec { +{ + lib, + buildGoModule, + fetchFromGitHub, +}: +buildGoModule rec { pname = "bridge-manager"; version = "0.12.1"; src = fetchFromGitHub { @@ -8,9 +13,7 @@ hash = "sha256-MAve7ZNS20XBJ7Qp3mehznli04+MS7RiVWW1txdf19U="; }; vendorHash = "sha256-uz4pao8Y/Sb3fffi9d0lbWQEUMohbthA6t6k6PfQz2M="; - ldflags = [ - "-X main.Tag=v${version}" - ]; + ldflags = [ "-X main.Tag=v${version}" ]; meta = { homepage = "https://github.com/beeper/bridge-manager"; license = lib.licenses.asl20; diff --git a/nix/certreq/default.nix b/nix/certreq/default.nix index fafb084..bfb5f74 100644 --- a/nix/certreq/default.nix +++ b/nix/certreq/default.nix @@ -1,4 +1,9 @@ -{ lib, stdenvNoCC, python3 }: stdenvNoCC.mkDerivation { +{ + lib, + stdenvNoCC, + python3, +}: +stdenvNoCC.mkDerivation { pname = "certreq"; version = "1.0.0"; @@ -8,7 +13,12 @@ }; buildInputs = [ - (python3.withPackages (ps: with ps; [ click cryptography ])) + (python3.withPackages ( + ps: with ps; [ + click + cryptography + ] + )) ]; installPhase = '' diff --git a/nix/cwtch-ui/package.nix b/nix/cwtch-ui/package.nix index 65fa62b..ceaca7f 100644 --- a/nix/cwtch-ui/package.nix +++ b/nix/cwtch-ui/package.nix @@ -1,12 +1,16 @@ -{ cwtch -, fetchgit -, flutter -, gnome -, lib -, tor +{ + cwtch, + fetchgit, + flutter, + gnome, + lib, + tor, }: let - runtimeBinDependencies = [ tor gnome.zenity ]; + runtimeBinDependencies = [ + tor + gnome.zenity + ]; in flutter.buildFlutterApplication rec { pname = "cwtch-ui"; @@ -17,9 +21,7 @@ flutter.buildFlutterApplication rec { hash = "sha256-c02s8YFrLwIpvLVMM2d7Ynk02ibIgZmRKOI+mkrttLk="; }; - patches = [ - ./exhaustive-match.patch - ]; + patches = [ ./exhaustive-match.patch ]; pubspecLock = lib.importJSON ./pubspec.json; gitHashes = { diff --git a/nix/cwtch/package.nix b/nix/cwtch/package.nix index a1b1962..b8a8395 100644 --- a/nix/cwtch/package.nix +++ b/nix/cwtch/package.nix @@ -1,7 +1,9 @@ -{ buildGoModule -, fetchgit -, lib -}: buildGoModule rec { +{ + buildGoModule, + fetchgit, + lib, +}: +buildGoModule rec { pname = "libcwtch"; version = "0.1.2"; src = fetchgit { @@ -11,11 +13,13 @@ }; vendorHash = "sha256-sMAilt5lq+5T2fwSD18SN66gUi4puOq8cexfRoZvOKk="; - overrideModAttrs = (old: { - preBuild = '' - make lib.go - ''; - }); + overrideModAttrs = ( + old: { + preBuild = '' + make lib.go + ''; + } + ); postPatch = '' substituteInPlace Makefile \ diff --git a/nix/display-switch.nix b/nix/display-switch.nix index b366335..6f5a862 100644 --- a/nix/display-switch.nix +++ b/nix/display-switch.nix @@ -1,4 +1,11 @@ -{ lib, fetchFromGitHub, rustPlatform, pkg-config, systemd }: rustPlatform.buildRustPackage rec { +{ + lib, + fetchFromGitHub, + rustPlatform, + pkg-config, + systemd, +}: +rustPlatform.buildRustPackage rec { pname = "display_switch"; version = "1.3.1"; src = fetchFromGitHub { diff --git a/nix/flake-graph/default.nix b/nix/flake-graph/default.nix index c747fe5..191815b 100644 --- a/nix/flake-graph/default.nix +++ b/nix/flake-graph/default.nix @@ -1,10 +1,12 @@ -{ lib -, stdenvNoCC -, bash -, feh -, graphviz -, python3 -}: stdenvNoCC.mkDerivation { +{ + lib, + stdenvNoCC, + bash, + feh, + graphviz, + python3, +}: +stdenvNoCC.mkDerivation { pname = "flake-graph"; version = "1.0.0"; src = lib.fileset.toSource { diff --git a/nix/git-helpers/default.nix b/nix/git-helpers/default.nix index c514d0b..7e740ba 100644 --- a/nix/git-helpers/default.nix +++ b/nix/git-helpers/default.nix @@ -1,4 +1,5 @@ -{ stdenv, python3 }: stdenv.mkDerivation { +{ stdenv, python3 }: +stdenv.mkDerivation { name = "git-helpers"; src = ./.; buildInputs = [ python3 ]; diff --git a/nix/mautrix-gmessages/default.nix b/nix/mautrix-gmessages/default.nix index d79da5b..5fa5fb2 100644 --- a/nix/mautrix-gmessages/default.nix +++ b/nix/mautrix-gmessages/default.nix @@ -1,7 +1,8 @@ -{ lib -, buildGoModule -, fetchFromGitHub -, olm +{ + lib, + buildGoModule, + fetchFromGitHub, + olm, }: buildGoModule rec { pname = "mautrix-gmessages"; diff --git a/nix/overlay.nix b/nix/overlay.nix index 60b5345..a4a5a15 100644 --- a/nix/overlay.nix +++ b/nix/overlay.nix @@ -2,9 +2,7 @@ self: super: { bridge-manager = self.callPackage ./bridge-manager { }; cwtch = self.callPackage ./cwtch/package.nix { }; - cwtch-ui = self.callPackage ./cwtch-ui/package.nix { - flutter = self.flutter313; - }; + cwtch-ui = self.callPackage ./cwtch-ui/package.nix { flutter = self.flutter313; }; display-switch = self.callPackage ./display-switch.nix { }; diff --git a/nix/pushover.nix b/nix/pushover.nix index 7bd84aa..02b004d 100644 --- a/nix/pushover.nix +++ b/nix/pushover.nix @@ -1,4 +1,5 @@ -{ writeShellApplication, curl }: writeShellApplication { +{ writeShellApplication, curl }: +writeShellApplication { name = "pushover"; runtimeInputs = [ curl ]; text = '' @@ -8,10 +9,10 @@ # # ~/.config/pushover.sh # APP_TOKEN='pushover_app_token' # USER_KEY='pushover_target_user_key another_target_user_key' - + # shellcheck source=/dev/null . "''${XDG_CONFIG_HOME:-$HOME/.config}/pushover.sh" - + for user in $USER_KEY; do curl https://api.pushover.net/1/messages.json \ --silent \ diff --git a/nix/rsync-git.nix b/nix/rsync-git.nix index 86d9fc6..8ff70df 100644 --- a/nix/rsync-git.nix +++ b/nix/rsync-git.nix @@ -1,7 +1,14 @@ -{ writeShellApplication, rsync, git }: +{ + writeShellApplication, + rsync, + git, +}: writeShellApplication { name = "rsync-git"; - runtimeInputs = [ rsync git ]; + runtimeInputs = [ + rsync + git + ]; text = '' usage="usage: rsync-git SRC DST " src="''${1?$usage}" diff --git a/nix/wordle.nix b/nix/wordle.nix index 94ea7ab..09d14b6 100644 --- a/nix/wordle.nix +++ b/nix/wordle.nix @@ -1,4 +1,9 @@ -{ writeShellApplication, runCommand, python3, scowl }: +{ + writeShellApplication, + runCommand, + python3, + scowl, +}: let wordleWords = runCommand "wordles" { buildInputs = [ python3 ]; } '' python <.cachedir") + (mkRemovedOptionModule [ + "services" + "tarsnap" + "cachedir" + ] "Use services.tarsnap.archives..cachedir") ]; options = { @@ -62,202 +73,203 @@ in }; archives = mkOption { - type = types.attrsOf (types.submodule ({ config, options, ... }: - { - options = { - keyfile = mkOption { - type = types.str; - default = gcfg.keyfile; - defaultText = literalExpression "config.${opt.keyfile}"; - description = '' - Set a specific keyfile for this archive. This defaults to - `"/root/tarsnap.key"` if left unspecified. - - Use this option if you want to run multiple backups - concurrently - each archive must have a unique key. You can - generate a write-only key derived from your master key (which - is recommended) using `tarsnap-keymgmt(1)`. - - Note: every archive must have an individual master key. You - must generate multiple keys with - `tarsnap-keygen(1)`, and then generate write - only keys from those. - - The keyfile name should be given as a string and not a path, to - avoid the key being copied into the Nix store. - ''; - }; + type = types.attrsOf ( + types.submodule ( + { config, options, ... }: + { + options = { + keyfile = mkOption { + type = types.str; + default = gcfg.keyfile; + defaultText = literalExpression "config.${opt.keyfile}"; + description = '' + Set a specific keyfile for this archive. This defaults to + `"/root/tarsnap.key"` if left unspecified. - cachedir = mkOption { - type = types.nullOr types.path; - default = "/var/cache/tarsnap/${utils.escapeSystemdPath config.keyfile}"; - defaultText = literalExpression '' - "/var/cache/tarsnap/''${utils.escapeSystemdPath config.${options.keyfile}}" - ''; - description = '' - The cache allows tarsnap to identify previously stored data - blocks, reducing archival time and bandwidth usage. - - Should the cache become desynchronized or corrupted, tarsnap - will refuse to run until you manually rebuild the cache with - {command}`tarsnap --fsck`. - - Set to `null` to disable caching. - ''; - }; + Use this option if you want to run multiple backups + concurrently - each archive must have a unique key. You can + generate a write-only key derived from your master key (which + is recommended) using `tarsnap-keymgmt(1)`. - nodump = mkOption { - type = types.bool; - default = true; - description = '' - Exclude files with the `nodump` flag. - ''; - }; + Note: every archive must have an individual master key. You + must generate multiple keys with + `tarsnap-keygen(1)`, and then generate write + only keys from those. - printStats = mkOption { - type = types.bool; - default = true; - description = '' - Print global archive statistics upon completion. - The output is available via - {command}`systemctl status tarsnap-archive-name`. - ''; - }; + The keyfile name should be given as a string and not a path, to + avoid the key being copied into the Nix store. + ''; + }; - checkpointBytes = mkOption { - type = types.nullOr types.str; - default = "1GB"; - description = '' - Create a checkpoint every `checkpointBytes` - of uploaded data (optionally specified using an SI prefix). + cachedir = mkOption { + type = types.nullOr types.path; + default = "/var/cache/tarsnap/${utils.escapeSystemdPath config.keyfile}"; + defaultText = literalExpression '' + "/var/cache/tarsnap/''${utils.escapeSystemdPath config.${options.keyfile}}" + ''; + description = '' + The cache allows tarsnap to identify previously stored data + blocks, reducing archival time and bandwidth usage. - 1GB is the minimum value. A higher value is recommended, - as checkpointing is expensive. + Should the cache become desynchronized or corrupted, tarsnap + will refuse to run until you manually rebuild the cache with + {command}`tarsnap --fsck`. - Set to `null` to disable checkpointing. - ''; - }; + Set to `null` to disable caching. + ''; + }; - period = mkOption { - type = types.str; - default = "01:15"; - example = "hourly"; - description = '' - Create archive at this interval. + nodump = mkOption { + type = types.bool; + default = true; + description = '' + Exclude files with the `nodump` flag. + ''; + }; - The format is described in - {manpage}`systemd.time(7)`. - ''; - }; + printStats = mkOption { + type = types.bool; + default = true; + description = '' + Print global archive statistics upon completion. + The output is available via + {command}`systemctl status tarsnap-archive-name`. + ''; + }; - aggressiveNetworking = mkOption { - type = types.bool; - default = false; - description = '' - Upload data over multiple TCP connections, potentially - increasing tarsnap's bandwidth utilisation at the cost - of slowing down all other network traffic. Not - recommended unless TCP congestion is the dominant - limiting factor. - ''; - }; + checkpointBytes = mkOption { + type = types.nullOr types.str; + default = "1GB"; + description = '' + Create a checkpoint every `checkpointBytes` + of uploaded data (optionally specified using an SI prefix). - directories = mkOption { - type = types.listOf types.path; - default = []; - description = "List of filesystem paths to archive."; - }; + 1GB is the minimum value. A higher value is recommended, + as checkpointing is expensive. - excludes = mkOption { - type = types.listOf types.str; - default = []; - description = '' - Exclude files and directories matching these patterns. - ''; - }; + Set to `null` to disable checkpointing. + ''; + }; - includes = mkOption { - type = types.listOf types.str; - default = []; - description = '' - Include only files and directories matching these - patterns (the empty list includes everything). + period = mkOption { + type = types.str; + default = "01:15"; + example = "hourly"; + description = '' + Create archive at this interval. - Exclusions have precedence over inclusions. - ''; - }; + The format is described in + {manpage}`systemd.time(7)`. + ''; + }; - lowmem = mkOption { - type = types.bool; - default = false; - description = '' - Reduce memory consumption by not caching small files. - Possibly beneficial if the average file size is smaller - than 1 MB and the number of files is lower than the - total amount of RAM in KB. - ''; - }; + aggressiveNetworking = mkOption { + type = types.bool; + default = false; + description = '' + Upload data over multiple TCP connections, potentially + increasing tarsnap's bandwidth utilisation at the cost + of slowing down all other network traffic. Not + recommended unless TCP congestion is the dominant + limiting factor. + ''; + }; - verylowmem = mkOption { - type = types.bool; - default = false; - description = '' - Reduce memory consumption by a factor of 2 beyond what - `lowmem` does, at the cost of significantly - slowing down the archiving process. - ''; - }; + directories = mkOption { + type = types.listOf types.path; + default = [ ]; + description = "List of filesystem paths to archive."; + }; - maxbw = mkOption { - type = types.nullOr types.int; - default = null; - description = '' - Abort archival if upstream bandwidth usage in bytes - exceeds this threshold. - ''; - }; + excludes = mkOption { + type = types.listOf types.str; + default = [ ]; + description = '' + Exclude files and directories matching these patterns. + ''; + }; - maxbwRateUp = mkOption { - type = types.nullOr types.int; - default = null; - example = literalExpression "25 * 1000"; - description = '' - Upload bandwidth rate limit in bytes. - ''; - }; + includes = mkOption { + type = types.listOf types.str; + default = [ ]; + description = '' + Include only files and directories matching these + patterns (the empty list includes everything). - maxbwRateDown = mkOption { - type = types.nullOr types.int; - default = null; - example = literalExpression "50 * 1000"; - description = '' - Download bandwidth rate limit in bytes. - ''; - }; + Exclusions have precedence over inclusions. + ''; + }; - verbose = mkOption { - type = types.bool; - default = false; - description = '' - Whether to produce verbose logging output. - ''; - }; - explicitSymlinks = mkOption { - type = types.bool; - default = false; - description = '' - Whether to follow symlinks specified as archives. - ''; - }; - followSymlinks = mkOption { - type = types.bool; - default = false; - description = '' - Whether to follow all symlinks in archive trees. - ''; - }; - tarsnapper = mkOption - { + lowmem = mkOption { + type = types.bool; + default = false; + description = '' + Reduce memory consumption by not caching small files. + Possibly beneficial if the average file size is smaller + than 1 MB and the number of files is lower than the + total amount of RAM in KB. + ''; + }; + + verylowmem = mkOption { + type = types.bool; + default = false; + description = '' + Reduce memory consumption by a factor of 2 beyond what + `lowmem` does, at the cost of significantly + slowing down the archiving process. + ''; + }; + + maxbw = mkOption { + type = types.nullOr types.int; + default = null; + description = '' + Abort archival if upstream bandwidth usage in bytes + exceeds this threshold. + ''; + }; + + maxbwRateUp = mkOption { + type = types.nullOr types.int; + default = null; + example = literalExpression "25 * 1000"; + description = '' + Upload bandwidth rate limit in bytes. + ''; + }; + + maxbwRateDown = mkOption { + type = types.nullOr types.int; + default = null; + example = literalExpression "50 * 1000"; + description = '' + Download bandwidth rate limit in bytes. + ''; + }; + + verbose = mkOption { + type = types.bool; + default = false; + description = '' + Whether to produce verbose logging output. + ''; + }; + explicitSymlinks = mkOption { + type = types.bool; + default = false; + description = '' + Whether to follow symlinks specified as archives. + ''; + }; + followSymlinks = mkOption { + type = types.bool; + default = false; + description = '' + Whether to follow all symlinks in archive trees. + ''; + }; + tarsnapper = mkOption { type = types.submodule { options = { enable = mkEnableOption "enable tarsnapper integration"; @@ -278,11 +290,12 @@ in Control the tarsnapper cleanup integration. ''; }; - }; - } - )); + }; + } + ) + ); - default = {}; + default = { }; example = literalExpression '' { @@ -316,124 +329,152 @@ in config = mkIf gcfg.enable { assertions = - (mapAttrsToList (name: cfg: - { assertion = cfg.directories != []; - message = "Must specify paths for tarsnap to back up"; - }) gcfg.archives) ++ - (mapAttrsToList (name: cfg: - { assertion = !(cfg.lowmem && cfg.verylowmem); - message = "You cannot set both lowmem and verylowmem"; - }) gcfg.archives); + (mapAttrsToList (name: cfg: { + assertion = cfg.directories != [ ]; + message = "Must specify paths for tarsnap to back up"; + }) gcfg.archives) + ++ (mapAttrsToList (name: cfg: { + assertion = !(cfg.lowmem && cfg.verylowmem); + message = "You cannot set both lowmem and verylowmem"; + }) gcfg.archives); systemd.services = - (mapAttrs' (name: cfg: nameValuePair "tarsnap-${name}" { - description = "Tarsnap archive '${name}'"; - requires = [ "network-online.target" ]; - after = [ "network-online.target" ]; - - path = with pkgs; [ iputils gcfg.package util-linux ]; - - # In order for the persistent tarsnap timer to work reliably, we have to - # make sure that the tarsnap server is reachable after systemd starts up - # the service - therefore we sleep in a loop until we can ping the - # endpoint. - preStart = '' - while ! ping -4 -q -c 1 v1-0-0-server.tarsnap.com &> /dev/null; do sleep 3; done - ''; - - postStart = lib.optionalString cfg.tarsnapper.enable '' - ${lib.getExe cfg.tarsnapper.package} \ - -o configfile /etc/tarsnap/${name}.conf \ - --target '${name}-$date' \ - --dateformat '%Y%m%d%H%M%S' \ - --deltas ${cfg.tarsnapper.deltas} - \ - expire - ''; - - script = let - tarsnap = ''${lib.getExe gcfg.package} --configfile "/etc/tarsnap/${name}.conf"''; - run = ''${tarsnap} -c -f "${name}-$(date +"%Y%m%d%H%M%S")" \ - ${optionalString cfg.verbose "-v"} \ - ${optionalString cfg.explicitSymlinks "-H"} \ - ${optionalString cfg.followSymlinks "-L"} \ - ${concatStringsSep " " cfg.directories}''; - cachedir = escapeShellArg cfg.cachedir; - in if (cfg.cachedir != null) then '' - mkdir -p ${cachedir} - chmod 0700 ${cachedir} - - ( flock 9 - if [ ! -e ${cachedir}/firstrun ]; then - ( flock 10 - flock -u 9 - ${tarsnap} --fsck - flock 9 - ) 10>${cachedir}/firstrun - fi - ) 9>${cachedir}/lockf - - exec flock ${cachedir}/firstrun ${run} - '' else "exec ${run}"; - - serviceConfig = { - Type = "oneshot"; - IOSchedulingClass = "idle"; - NoNewPrivileges = "true"; - CapabilityBoundingSet = [ "CAP_DAC_READ_SEARCH" ]; - PermissionsStartOnly = "true"; - }; - }) gcfg.archives) // - - (mapAttrs' (name: cfg: nameValuePair "tarsnap-restore-${name}"{ - description = "Tarsnap restore '${name}'"; - requires = [ "network-online.target" ]; - - path = with pkgs; [ iputils gcfg.package util-linux ]; - - script = let - tarsnap = ''${lib.getExe gcfg.package} --configfile "/etc/tarsnap/${name}.conf"''; - lastArchive = "$(${tarsnap} --list-archives | sort | tail -1)"; - run = ''${tarsnap} -x -f "${lastArchive}" ${optionalString cfg.verbose "-v"}''; - cachedir = escapeShellArg cfg.cachedir; - - in if (cfg.cachedir != null) then '' - mkdir -p ${cachedir} - chmod 0700 ${cachedir} - - ( flock 9 - if [ ! -e ${cachedir}/firstrun ]; then - ( flock 10 - flock -u 9 - ${tarsnap} --fsck - flock 9 - ) 10>${cachedir}/firstrun - fi - ) 9>${cachedir}/lockf - - exec flock ${cachedir}/firstrun ${run} - '' else "exec ${run}"; - - serviceConfig = { - Type = "oneshot"; - IOSchedulingClass = "idle"; - NoNewPrivileges = "true"; - CapabilityBoundingSet = [ "CAP_DAC_READ_SEARCH" ]; - PermissionsStartOnly = "true"; - }; - }) gcfg.archives); + (mapAttrs' ( + name: cfg: + nameValuePair "tarsnap-${name}" { + description = "Tarsnap archive '${name}'"; + requires = [ "network-online.target" ]; + after = [ "network-online.target" ]; + + path = with pkgs; [ + iputils + gcfg.package + util-linux + ]; + + # In order for the persistent tarsnap timer to work reliably, we have to + # make sure that the tarsnap server is reachable after systemd starts up + # the service - therefore we sleep in a loop until we can ping the + # endpoint. + preStart = '' + while ! ping -4 -q -c 1 v1-0-0-server.tarsnap.com &> /dev/null; do sleep 3; done + ''; + + postStart = lib.optionalString cfg.tarsnapper.enable '' + ${lib.getExe cfg.tarsnapper.package} \ + -o configfile /etc/tarsnap/${name}.conf \ + --target '${name}-$date' \ + --dateformat '%Y%m%d%H%M%S' \ + --deltas ${cfg.tarsnapper.deltas} - \ + expire + ''; + + script = + let + tarsnap = ''${lib.getExe gcfg.package} --configfile "/etc/tarsnap/${name}.conf"''; + run = '' + ${tarsnap} -c -f "${name}-$(date +"%Y%m%d%H%M%S")" \ + ${optionalString cfg.verbose "-v"} \ + ${optionalString cfg.explicitSymlinks "-H"} \ + ${optionalString cfg.followSymlinks "-L"} \ + ${concatStringsSep " " cfg.directories}''; + cachedir = escapeShellArg cfg.cachedir; + in + if (cfg.cachedir != null) then + '' + mkdir -p ${cachedir} + chmod 0700 ${cachedir} + + ( flock 9 + if [ ! -e ${cachedir}/firstrun ]; then + ( flock 10 + flock -u 9 + ${tarsnap} --fsck + flock 9 + ) 10>${cachedir}/firstrun + fi + ) 9>${cachedir}/lockf + + exec flock ${cachedir}/firstrun ${run} + '' + else + "exec ${run}"; + + serviceConfig = { + Type = "oneshot"; + IOSchedulingClass = "idle"; + NoNewPrivileges = "true"; + CapabilityBoundingSet = [ "CAP_DAC_READ_SEARCH" ]; + PermissionsStartOnly = "true"; + }; + } + ) gcfg.archives) + // + + (mapAttrs' ( + name: cfg: + nameValuePair "tarsnap-restore-${name}" { + description = "Tarsnap restore '${name}'"; + requires = [ "network-online.target" ]; + + path = with pkgs; [ + iputils + gcfg.package + util-linux + ]; + + script = + let + tarsnap = ''${lib.getExe gcfg.package} --configfile "/etc/tarsnap/${name}.conf"''; + lastArchive = "$(${tarsnap} --list-archives | sort | tail -1)"; + run = ''${tarsnap} -x -f "${lastArchive}" ${optionalString cfg.verbose "-v"}''; + cachedir = escapeShellArg cfg.cachedir; + + in + if (cfg.cachedir != null) then + '' + mkdir -p ${cachedir} + chmod 0700 ${cachedir} + + ( flock 9 + if [ ! -e ${cachedir}/firstrun ]; then + ( flock 10 + flock -u 9 + ${tarsnap} --fsck + flock 9 + ) 10>${cachedir}/firstrun + fi + ) 9>${cachedir}/lockf + + exec flock ${cachedir}/firstrun ${run} + '' + else + "exec ${run}"; + + serviceConfig = { + Type = "oneshot"; + IOSchedulingClass = "idle"; + NoNewPrivileges = "true"; + CapabilityBoundingSet = [ "CAP_DAC_READ_SEARCH" ]; + PermissionsStartOnly = "true"; + }; + } + ) gcfg.archives); # Note: the timer must be Persistent=true, so that systemd will start it even # if e.g. your laptop was asleep while the latest interval occurred. - systemd.timers = mapAttrs' (name: cfg: nameValuePair "tarsnap-${name}" - { timerConfig.OnCalendar = cfg.period; + systemd.timers = mapAttrs' ( + name: cfg: + nameValuePair "tarsnap-${name}" { + timerConfig.OnCalendar = cfg.period; timerConfig.Persistent = "true"; wantedBy = [ "timers.target" ]; - }) gcfg.archives; + } + ) gcfg.archives; - environment.etc = - mapAttrs' (name: cfg: nameValuePair "tarsnap/${name}.conf" - { text = configFile name cfg; - }) gcfg.archives; + environment.etc = mapAttrs' ( + name: cfg: nameValuePair "tarsnap/${name}.conf" { text = configFile name cfg; } + ) gcfg.archives; environment.systemPackages = [ gcfg.package ]; }; diff --git a/nixos/secure-boot.nix b/nixos/secure-boot.nix index 7056a54..4bb13bd 100644 --- a/nixos/secure-boot.nix +++ b/nixos/secure-boot.nix @@ -1,4 +1,5 @@ -{ pkgs, lib, ... }: { +{ pkgs, lib, ... }: +{ environment.systemPackages = [ # For debugging and troubleshooting Secure Boot. pkgs.sbctl diff --git a/nixos/tailscale.nix b/nixos/tailscale.nix index 7c8bba6..2d54a04 100644 --- a/nixos/tailscale.nix +++ b/nixos/tailscale.nix @@ -1,6 +1,5 @@ -{ config, ... }: { +{ config, ... }: +{ services.tailscale.enable = true; - networking.firewall.trustedInterfaces = [ - config.services.tailscale.interfaceName - ]; + networking.firewall.trustedInterfaces = [ config.services.tailscale.interfaceName ]; } diff --git a/potassium/configuration.nix b/potassium/configuration.nix index c3c6862..5873ac1 100644 --- a/potassium/configuration.nix +++ b/potassium/configuration.nix @@ -1,8 +1,13 @@ -{ config, pkgs, ... }: { +{ config, pkgs, ... }: +{ system.stateVersion = "23.11"; fileSystems."/srv" = { device = "/dev/disk/by-id/scsi-0DO_Volume_volume-nyc3-01"; - options = [ "discard" "nofail" "noatime" ]; + options = [ + "discard" + "nofail" + "noatime" + ]; }; services.openssh.ports = [ 46409 ]; services.fail2ban = { diff --git a/potassium/web-server.nix b/potassium/web-server.nix index 927aafe..1c4bb88 100644 --- a/potassium/web-server.nix +++ b/potassium/web-server.nix @@ -15,7 +15,10 @@ in virtualHosts = { "kj4jzy.org" = { inherit logFormat; - serverAliases = [ "themacons.net" "whelchel.org" ]; + serverAliases = [ + "themacons.net" + "whelchel.org" + ]; extraConfig = '' import standard_headers redir https://www.{host}{path} @@ -79,5 +82,8 @@ in }; }; - networking.firewall.allowedTCPPorts = [ 80 443 ]; + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; } diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 326ff14..f8dd468 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -5,9 +5,24 @@ let silicon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5rt22ZbSvSAtVMvpyAMsyKPMEx9zyeGFteDcVJf/OG"; in { - "mautrix-signal.env.age".publicKeys = [ gmacon silicon ]; - "mautrix-discord.env.age".publicKeys = [ gmacon silicon ]; - "mautrix-gmessages.env.age".publicKeys = [ gmacon silicon ]; - "tarsnap-ar.key.age".publicKeys = [ gmacon argon ]; - "tarsnap-k.key.age".publicKeys = [ gmacon potassium ]; + "mautrix-signal.env.age".publicKeys = [ + gmacon + silicon + ]; + "mautrix-discord.env.age".publicKeys = [ + gmacon + silicon + ]; + "mautrix-gmessages.env.age".publicKeys = [ + gmacon + silicon + ]; + "tarsnap-ar.key.age".publicKeys = [ + gmacon + argon + ]; + "tarsnap-k.key.age".publicKeys = [ + gmacon + potassium + ]; } diff --git a/silicon/configuration.nix b/silicon/configuration.nix index b11fe2d..984ee00 100644 --- a/silicon/configuration.nix +++ b/silicon/configuration.nix @@ -1,4 +1,5 @@ -{ pkgs, lib, ... }: { +{ pkgs, lib, ... }: +{ system.stateVersion = "23.11"; networking.hostName = "silicon"; @@ -12,7 +13,10 @@ "/media" = { device = "/dev/sda1"; fsType = "ext4"; - options = [ "defaults" "noatime" ]; + options = [ + "defaults" + "noatime" + ]; }; }; @@ -28,13 +32,7 @@ }; }; - environment.systemPackages = lib.attrValues { - inherit (pkgs) - git - vim - wakeonlan - ; - }; + environment.systemPackages = lib.attrValues { inherit (pkgs) git vim wakeonlan; }; services.jellyfin = { enable = true;