From 037d7fad846ac18f12d442d241032db713990a7c Mon Sep 17 00:00:00 2001 From: Grimmauld Date: Sat, 28 Sep 2024 22:09:24 +0200 Subject: [PATCH] server stuff --- common/hardware/laptop.nix | 4 +- common/network/default.nix | 5 + common/tooling/default.nix | 2 +- common/tooling/ranger.nix | 23 +- configuration.nix | 2 +- fake_flake.nix | 14 +- modules/default.nix | 14 +- modules/discord-matrix-bridge.nix | 4 +- modules/factorio.nix | 24 +- modules/hedgedoc.nix | 5 +- modules/matrix_legacy.nix | 240 ++++++++++++++++++ modules/prometheus.nix | 13 +- modules/wireguard.nix | 36 +++ modules/wireguard.nix.save | 2 + nix/sources.json | 28 +- .../grimmauld-nixos-server/configuration.nix | 3 +- .../hardware-configuration.nix | 5 + sway/default.nix | 199 ++++++++------- 18 files changed, 477 insertions(+), 146 deletions(-) create mode 100644 modules/matrix_legacy.nix create mode 100644 modules/wireguard.nix create mode 100644 modules/wireguard.nix.save diff --git a/common/hardware/laptop.nix b/common/hardware/laptop.nix index 9d47682..6b8518a 100644 --- a/common/hardware/laptop.nix +++ b/common/hardware/laptop.nix @@ -26,9 +26,7 @@ in wootility ]; - services.udev.packages = with pkgs; [ - yubikey-personalization - ]; + services.udev.packages = with pkgs; [ yubikey-personalization ]; hardware.i2c.enable = true; services.libinput.enable = true; diff --git a/common/network/default.nix b/common/network/default.nix index 3d53ee0..28dadc3 100644 --- a/common/network/default.nix +++ b/common/network/default.nix @@ -23,6 +23,11 @@ in enable = true; allowPing = true; }; + + networking.nameservers = [ + "1.1.1.1" + "9.9.9.9" + ]; }; imports = [ ./bluetooth.nix ]; diff --git a/common/tooling/default.nix b/common/tooling/default.nix index 7061410..629d5e0 100644 --- a/common/tooling/default.nix +++ b/common/tooling/default.nix @@ -93,7 +93,7 @@ in services.dbus.implementation = "broker"; boot.tmp.cleanOnBoot = true; - zramSwap.enable = true; + zramSwap.enable = false; #programs.ssh = { # # startAgent = true; diff --git a/common/tooling/ranger.nix b/common/tooling/ranger.nix index 3ac6bf5..4eedc03 100644 --- a/common/tooling/ranger.nix +++ b/common/tooling/ranger.nix @@ -7,9 +7,14 @@ }: let inherit (config.grimmShared) enable tooling; - inherit (lib) mkIf mapAttrs' concatLines attrNames; + inherit (lib) + mkIf + mapAttrs' + concatLines + attrNames + ; plugins = { - ranger_udisk_menu = inputs.ranger_udisk_menu; + ranger_udisk_menu = inputs.ranger_udisk_menu; }; in { @@ -20,11 +25,13 @@ in }; environment.systemPackages = [ pkgs.ranger ]; - environment.etc = (mapAttrs' (n: v: { - name = "ranger/plugins/${n}"; - value.source = v; - }) plugins) // { - "ranger/commands.py".text = concatLines (map (n: "from plugins.${n} import *") (attrNames plugins)); - }; + environment.etc = + (mapAttrs' (n: v: { + name = "ranger/plugins/${n}"; + value.source = v; + }) plugins) + // { + "ranger/commands.py".text = concatLines (map (n: "from plugins.${n} import *") (attrNames plugins)); + }; }; } diff --git a/configuration.nix b/configuration.nix index 4d1a008..453b2ec 100644 --- a/configuration.nix +++ b/configuration.nix @@ -10,7 +10,7 @@ # Bootloader. boot = { loader.efi.canTouchEfiVariables = true; - kernelPackages = lib.mkDefault pkgs.linuxPackages_zen; + # kernelPackages = lib.mkDefault pkgs.linuxPackages_zen; }; services.logrotate.checkConfig = false; # fixme: actually needed? diff --git a/fake_flake.nix b/fake_flake.nix index d3a243a..6ca3995 100644 --- a/fake_flake.nix +++ b/fake_flake.nix @@ -35,9 +35,9 @@ let #} ]; - # enable ccache for lix if ccache is enabled - # enable_lix_ccache = true; in +# enable ccache for lix if ccache is enabled +# enable_lix_ccache = true; { imports = [ "${nivSources.agenix}/modules/age.nix" @@ -48,7 +48,7 @@ in (builtins.getFlake (asGithubRef nivSources.chaotic)).nixosModules.default # (builtins.getFlake (asGithubRef nivSources.nixos-matrix-modules)).nixosModules.default # (builtins.getFlake "git+${nivSources.nixos-mailserver.repo}").nixosModules.default - ] ++ lib.optionals (builtins.hasAttr build_target host_modules) host_modules.${build_target}; + ] ++ host_modules.grimmauld-nixos-server; # ++ lib.optionals (builtins.hasAttr build_target host_modules) host_modules.${build_target}; system.nixos = { distroId = "lixos"; @@ -114,7 +114,7 @@ in unpatched; overlays = [ - (import "${nivSources.lix-module}/overlay.nix" { lix = nivSources.lix-pkg; }) + # (import "${nivSources.lix-module}/overlay.nix" { lix = nivSources.lix-pkg; }) (final: prev: { agenix = final.callPackage "${nivSources.agenix}/pkgs/agenix.nix" { }; }) ]; }; @@ -124,13 +124,15 @@ in inputs = nivSources; }; + nix.package = pkgs.lix; + nix.settings.extra-substituters = [ - "https://cache.lix.systems" + # "https://cache.lix.systems" "https://nyx.chaotic.cx/" ]; nix.settings.trusted-public-keys = [ - "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" + # "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" "nyx.chaotic.cx-1:HfnXSw4pj95iI/n17rIDy40agHj12WfF+Gqk6SonIT8=" "chaotic-nyx.cachix.org-1:HfnXSw4pj95iI/n17rIDy40agHj12WfF+Gqk6SonIT8=" ]; diff --git a/modules/default.nix b/modules/default.nix index ff445b3..234f264 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -5,21 +5,22 @@ let in { imports = [ + ./wireguard.nix ./matrix.nix ./puffer.nix ./gitea.nix ./grafana.nix ./nextcloud.nix - # ./prometheus.nix + ./prometheus.nix # ./mjolnir.nix - ./fail2ban.nix +# ./fail2ban.nix ./email.nix - ./discord-matrix-bridge.nix + # ./discord-matrix-bridge.nix ./mastodon.nix ./nix_cache.nix - ./auth.nix + # ./auth.nix ./hedgedoc.nix - ./factorio.nix + # ./factorio.nix ]; options.serverConfig = @@ -169,8 +170,9 @@ in accessType = "proxy"; }; matrix_host = { - accessType = "redirect"; + # accessType = "redirect"; host = "matrix.${domain}"; + # port = 8008; }; prometheus_host = { host = "prometheus.${domain}"; diff --git a/modules/discord-matrix-bridge.nix b/modules/discord-matrix-bridge.nix index 19a2eb4..5a5cff3 100644 --- a/modules/discord-matrix-bridge.nix +++ b/modules/discord-matrix-bridge.nix @@ -17,8 +17,8 @@ in }; bridge = { enableSelfServiceBridging = true; - domain = config.services.matrix-synapse-next.settings.server_name; - homeserverUrl = config.services.matrix-synapse-next.settings.public_baseurl; + domain = config.services.matrix-synapse.settings.server_name; + homeserverUrl = config.services.matrix-synapse.settings.public_baseurl; disablePresence = true; disableTypingNotifications = true; }; diff --git a/modules/factorio.nix b/modules/factorio.nix index 0ca69c8..6a0abb8 100644 --- a/modules/factorio.nix +++ b/modules/factorio.nix @@ -1,13 +1,27 @@ -{ pkgs, config, lib, ...}: { - +{ + pkgs, + config, + lib, + ... +}: +{ + networking.firewall.allowedTCPPorts = [ 34197 + 34198 ]; networking.firewall.allowedUDPPorts = [ + 34198 34197 ]; + services.prometheus.scrapeConfigs = [ + { + job_name = "clusterio-trangar"; + static_configs = [ { targets = [ "trang.ar:8080" ]; } ]; + } + ]; systemd.services.clusterio-trangar = { description = "clusterio pulling its config from trang.ar"; @@ -19,9 +33,11 @@ #serviceConfig.Group = "users"; serviceConfig.WorkingDirectory = "/home/grimmauld/clusterio"; script = '' - ${lib.getExe' config.nix.package "nix-shell"} -I nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos /home/grimmauld/clusterio/shell.nix + export NIXPKGS_ALLOW_UNFREE=1 + ${lib.getExe' config.nix.package "nix-shell"} -I nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos /home/grimmauld/clusterio-nonfhs/shell.nix --run "cd /home/grimmauld/clusterio-nonfhs/install && nice -19 bash run-host.sh" + # /home/grimmauld/clusterio/shell.nix ''; - wantedBy = ["multi-user.target"]; # starts after login + wantedBy = [ "multi-user.target" ]; # starts after login enable = true; }; } diff --git a/modules/hedgedoc.nix b/modules/hedgedoc.nix index cd1423c..40a71df 100644 --- a/modules/hedgedoc.nix +++ b/modules/hedgedoc.nix @@ -1,8 +1,9 @@ { config, ... }: let inherit (config.serverConfig) vhosts; -in { - services.hedgedoc = { +in +{ + services.hedgedoc = { enable = true; settings = { domain = vhosts.hedgedoc_host.host; diff --git a/modules/matrix_legacy.nix b/modules/matrix_legacy.nix new file mode 100644 index 0000000..974fecd --- /dev/null +++ b/modules/matrix_legacy.nix @@ -0,0 +1,240 @@ +{ + lib, + config, + pkgs, + ... +}: +let + inherit (config.networking) domain; + inherit (config.serverConfig) vhosts; + + fqdn = vhosts.matrix_host.host; + base_url = "https://${fqdn}"; + + clientConfig."m.homeserver" = {inherit base_url; }; # = "https://${vhosts.matrix_host.host}"; + serverConfig."m.server" = "${vhosts.matrix_host.host}:443"; + mkWellKnown = data: '' + default_type application/json; + add_header Access-Control-Allow-Origin *; + return 200 '${builtins.toJSON data}'; + ''; + synapse_backend = "http://[::1]:8008"; +in +{ + services.postgresql = { + enable = true; + ensureDatabases = [ "synapse" ]; + ensureUsers = [ + { + name = "synapse"; + passFile = config.age.secrets.synapse_db_pass.path; + ensureDBOwnership = true; + } + ]; + }; + + + services.matrix-synapse = { + enable = true; + settings.server_name = domain; + # The public base URL value must match the `base_url` value set in `clientConfig` above. + # The default value here is based on `server_name`, so if your `server_name` is different + # from the value of `fqdn` above, you will likely run into some mismatched domain names + # in client applications. + settings.public_baseurl = base_url; + settings.listeners = [ + { port = 8008; + bind_addresses = [ "::1" ]; + type = "http"; + tls = false; + x_forwarded = true; + resources = [ { + names = [ "client" "federation" ]; + compress = true; + } ]; + } + ]; + + settings.database = { + name = "psycopg2"; + args = { user="synapse"; database= "synapse"; }; + }; + settings.log_config = ./matrix_synapse_log_config.yaml; + settings.enable_registration = false; + configureRedisLocally = true; + settings.redis.enabled = true; + + settings.app_service_config_files = [ + # The registration file is automatically generated after starting the + # appservice for the first time. + # cp /var/lib/mautrix-telegram/telegram-registration.yaml \ + # /var/lib/matrix-synapse/ + # chown matrix-synapse:matrix-synapse \ + # /var/lib/matrix-synapse/telegram-registration.yaml + # "/var/lib/matrix-synapse/discord-registration.yaml" + ]; + }; + +# services.matrix-synapse-next = { +# enable = true; +# +# workers.federationSenders = 1; +# workers.federationReceivers = 1; +# workers.initialSyncers = 1; +# workers.normalSyncers = 1; +# workers.eventPersisters = 2; +# workers.useUserDirectoryWorker = true; +# mainLogConfig = ./matrix_synapse_log_config.yaml; +# +# enableNginx = true; +# enableSlidingSync = false; +# +# settings = { +# suppress_key_server_warning = true; +# server_name = domain; +# public_baseurl = "https://${domain}"; +# enable_registration = true; +# registration_requires_token = true; +# registration_shared_secret_path = config.age.secrets.synapse_registration_shared_secret.path; +# # enable_registration_without_verification = true; +# # mainLogConfig = ./matrix_synapse_log_config.yaml; +# +# # registrations_require_3pid = [ "email" ]; +# +# database = { +# name = "psycopg2"; +# args = { +# host = "localhost"; +# port = config.services.postgresql.settings.port; +# dbname = "synapse"; +# user = "synapse"; +# cp_min = 5; +# cp_max = 10; +# client_encoding = "auto"; +# passfile = config.age.secrets.synapse_db_pass_prepared.path; +# }; +# }; +# }; +# }; + services.redis.servers."".enable = true; + + age.secrets.synapse_db_pass = { + file = ../secrets/synapse_db_pass.age; + owner = "postgres"; + group = "postgres"; + }; + age.secrets.synapse_db_pass_prepared = { + file = ../secrets/synapse_db_pass_prepared.age; + owner = "matrix-synapse"; + group = "matrix-synapse"; + mode = "0600"; + }; + age.secrets.synapse_registration_shared_secret = { + file = ../secrets/synapse_registration_shared_secret.age; + owner = "matrix-synapse"; + group = "matrix-synapse"; + mode = "0600"; + }; + + environment.systemPackages = with pkgs; [ + matrix-synapse-tools.synadm + matrix-synapse + ]; + + + services.nginx = { + enable = true; + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + recommendedProxySettings = true; + + virtualHosts."${domain}" = { + enableACME = true; + forceSSL = true; + # This section is not needed if the server_name of matrix-synapse is equal to + # the domain (i.e. example.org from @foo:example.org) and the federation port + # is 8448. + # Further reference can be found in the docs about delegation under + # https://element-hq.github.io/synapse/latest/delegate.html + locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; + # This is usually needed for homeserver discovery (from e.g. other Matrix clients). + # Further reference can be found in the upstream docs at + # https://spec.matrix.org/latest/client-server-api/#getwell-knownmatrixclient + locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; + }; + + virtualHosts."${fqdn}" = { + enableACME = true; + forceSSL = true; + + locations."/_matrix" = { + proxyPass = synapse_backend; + #extraConfig = '' + # add_header X-debug-backend ${synapse_backend}; + # add_header X-debug-group $synapse_uri_group; + # client_max_body_size ${config.services.matrix-synapse-next.settings.max_upload_size}; + # proxy_read_timeout 10m; + #''; + }; + locations."/_synapse/client".proxyPass = synapse_backend; + }; + }; + +# services.nginx = { +# enable = true; +# virtualHosts."${domain}" = { +# forceSSL = true; +# enableACME = lib.mkForce false; # use the cert above, not some weird one that matrix-synapse module supplies +# useACMEHost = domain; +# locations."/.well-known/matrix/server" = { +# return = "200 '{\"m.server\":\"${vhosts.matrix_host.host}:443\"}'"; +# extraConfig = '' +# default_type application/json; +# add_header Access-Control-Allow-Origin *; +# add_header Accept-Ranges bytes;''; +# }; +# locations."/.well-known/matrix/client" = { +# return = "200 '{\"m.homeserver\": {\"base_url\": \"https://${vhosts.matrix_host.host}\"}}'"; +# extraConfig = '' +# add_header Access-Control-Allow-Origin *; +# default_type application/json; +# ''; +# }; +# locations."/_matrix" = { +# proxyPass = "http://$synapse_backend"; +# extraConfig = '' +# add_header X-debug-backend $synapse_backend; +# add_header X-debug-group $synapse_uri_group; +# client_max_body_size ${config.services.matrix-synapse-next.settings.max_upload_size}; +# proxy_read_timeout 10m; +# ''; +# }; +# locations."/_synapse/client" = { +# proxyPass = "http://$synapse_backend"; +# }; +# locations."~ ^/_matrix/client/(r0|v3)/sync$" = { +# proxyPass = "http://$synapse_backend"; +# extraConfig = '' +# proxy_read_timeout 1h; +# ''; +# }; +# locations."~ ^/_matrix/client/(api/v1|r0|v3)/initialSync$" = { +# proxyPass = "http://synapse_worker_initial_sync"; +# extraConfig = '' +# proxy_read_timeout 1h; +# ''; +# }; +# locations."~ ^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$" = { +# proxyPass = "http://synapse_worker_initial_sync"; +# extraConfig = '' +# proxy_read_timeout 1h; +# ''; +# }; +# # locations."/.well-known/matrix" = { +# proxyPass = "http://$synapse_backend"; +# }; +# }; +# }; + # networking.firewall.allowedTCPPorts = [ 8448 8008 ]; +} diff --git a/modules/prometheus.nix b/modules/prometheus.nix index 7778988..5a980c7 100644 --- a/modules/prometheus.nix +++ b/modules/prometheus.nix @@ -14,17 +14,24 @@ in { targets = let - inherit (lib) filter isAttrs attrValues; + inherit (lib) + filter + isAttrs + attrValues + filterAttrs + ; in map (v: "127.0.0.1:${builtins.toString v.port}") ( - filter (v: (isAttrs v) && v.enable) (attrValues config.services.prometheus.exporters) + filter (v: (isAttrs v) && v.enable) ( + attrValues (filterAttrs (n: v: n != "minio") config.services.prometheus.exporters) + ) ); } ]; } ]; exporters = { - nginx.enable = true; + # nginx.enable = true; redis.enable = true; domain.enable = true; postgres.enable = true; diff --git a/modules/wireguard.nix b/modules/wireguard.nix new file mode 100644 index 0000000..96f617d --- /dev/null +++ b/modules/wireguard.nix @@ -0,0 +1,36 @@ + {pkgs, ...}: { + # enable NAT + networking.nat.enable = true; networking.nat.externalInterface = "eth0"; + networking.nat.internalInterfaces = [ "wg0" ]; networking.firewall = { + allowedUDPPorts = [ 51820 ]; + }; + + networking.wireguard.interfaces = { + # "wg0" is the network interface name. You can name the interface + # arbitrarily.} + wg0 = { + privateKeyFile = "/home/grimmauld/wireguard.priv"; + # Determines the IP address and subnet of the server's end of the tunnel + # interface. + ips = [ "10.100.0.1/24" ]; + # The port that WireGuard listens to. Must be accessible by the client. + listenPort = 51820; + # This allows the wireguard server to route your traffic to the internet and + # hence be like a VPN For this to work you have to set the dnsserver IP of + # your router (or dnsserver of choice) in your clients + postSetup = '' ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o ens18 -j MASQUERADE + ''; + # This undoes the above command + postShutdown = '' ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o ens18 -j MASQUERADE + ''; + + generatePrivateKeyFile = true; + peers = [ + { +publicKey="2aANdnPYtf78iXfwNVAtYjIlE5k/yDWvbdXZ2jw0hXk="; + allowedIPs = [ "10.100.0.2/32" ]; + } ]; + }; + }; + environment.systemPackages = with pkgs; [ wireguard-tools ]; +} diff --git a/modules/wireguard.nix.save b/modules/wireguard.nix.save new file mode 100644 index 0000000..683f70f --- /dev/null +++ b/modules/wireguard.nix.save @@ -0,0 +1,2 @@ +{ + diff --git a/nix/sources.json b/nix/sources.json index 62d0dd0..42c0e28 100644 --- a/nix/sources.json +++ b/nix/sources.json @@ -5,10 +5,10 @@ "homepage": "https://matrix.to/#/#agenix:nixos.org", "owner": "ryantm", "repo": "agenix", - "rev": "3a56735779db467538fb2e577eda28a9daacaca6", - "sha256": "1h66zapc6im07k3kcgvhy3lhzahb70vd6m2ijhz4i0v6mn5l3fk9", + "rev": "de96bd907d5fbc3b14fc33ad37d1b9a3cb15edc6", + "sha256": "0rkcx72bq7fm5b1qy1nrzp8v93nv784wh11srgi3pi0m6sr9g03f", "type": "tarball", - "url": "https://github.com/ryantm/agenix/archive/3a56735779db467538fb2e577eda28a9daacaca6.tar.gz", + "url": "https://github.com/ryantm/agenix/archive/de96bd907d5fbc3b14fc33ad37d1b9a3cb15edc6.tar.gz", "url_template": "https://github.com///archive/.tar.gz" }, "authentik-nix": { @@ -17,10 +17,10 @@ "homepage": "", "owner": "nix-community", "repo": "authentik-nix", - "rev": "bb756751b02b3138a2cba58064a28ddc6f2648df", - "sha256": "118jnqj0pxvwx7kaz6im9g4ys8sgm1xslz4figqq4nq417vjh86p", + "rev": "89cfaf2eb197a39d12422e773f867d1a7c99b048", + "sha256": "1405rzwq8fwpyc63ac76f50glc00sp18m2ska1najzqvzi9v5zpk", "type": "tarball", - "url": "https://github.com/nix-community/authentik-nix/archive/bb756751b02b3138a2cba58064a28ddc6f2648df.tar.gz", + "url": "https://github.com/nix-community/authentik-nix/archive/89cfaf2eb197a39d12422e773f867d1a7c99b048.tar.gz", "url_template": "https://github.com///archive/.tar.gz" }, "chaotic": { @@ -29,10 +29,10 @@ "homepage": "https://nyx.chaotic.cx", "owner": "chaotic-cx", "repo": "nyx", - "rev": "0e99464b8956307678b60ec7540e6cad730ee825", - "sha256": "1ksi4pssnxaa1pmxdk25gpbciaffjr5py3hdw0ifr0zcs8z22hyy", + "rev": "a7f32d358f6efddddd29cd977cd056da9ab040cf", + "sha256": "08gpq1bzfmis75c1lxqdsqa20m1nch1fnrl7v2f8jy10k9f332db", "type": "tarball", - "url": "https://github.com/chaotic-cx/nyx/archive/0e99464b8956307678b60ec7540e6cad730ee825.tar.gz", + "url": "https://github.com/chaotic-cx/nyx/archive/a7f32d358f6efddddd29cd977cd056da9ab040cf.tar.gz", "url_template": "https://github.com///archive/.tar.gz" }, "glibc-eac": { @@ -50,13 +50,13 @@ "lix-module": { "branch": "main", "repo": "https://git.lix.systems/lix-project/nixos-module.git", - "rev": "5d9d94089fb1ca96222a34bfe245ef5c5ebefd37", + "rev": "d70318fb946a0e720dfdd1fb10b0645c14e2a02a", "type": "git" }, "lix-pkg": { "branch": "main", "repo": "https://git.lix.systems/lix-project/lix.git", - "rev": "865a3732faca16a79bf24982011adf100de04463", + "rev": "5ee1e6ea9887a54f0af3a66528abc04b17611516", "type": "git" }, "nixos-mailserver": { @@ -83,10 +83,10 @@ "homepage": null, "owner": "NixOS", "repo": "nixpkgs", - "rev": "2741b4b489b55df32afac57bc4bfd220e8bf617e", - "sha256": "19z8yxgjm9jx7dls8942k6d8vp4dgh52azj1d6jgsy1vb27rw56k", + "rev": "ad0b5eed1b6031efaed382844806550c3dcb4206", + "sha256": "105856b6lrbhn6q6cdbxrmnwbxjd8jy8qs79qp864yk1x1j5wvpr", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/2741b4b489b55df32afac57bc4bfd220e8bf617e.tar.gz", + "url": "https://github.com/NixOS/nixpkgs/archive/ad0b5eed1b6031efaed382844806550c3dcb4206.tar.gz", "url_template": "https://github.com///archive/.tar.gz" }, "ranger_udisk_menu": { diff --git a/specific/grimmauld-nixos-server/configuration.nix b/specific/grimmauld-nixos-server/configuration.nix index 0e877b5..41e77f5 100644 --- a/specific/grimmauld-nixos-server/configuration.nix +++ b/specific/grimmauld-nixos-server/configuration.nix @@ -1,4 +1,4 @@ -{ lib, ... }: +{ lib, pkgs, ... }: { imports = [ ./hardware-configuration.nix ]; @@ -11,6 +11,7 @@ services.openssh.enable = true; system.stateVersion = "23.11"; networking.networkmanager.enable = lib.mkForce false; + boot.kernelPackages = pkgs.linuxPackages_latest; # users.users.root.openssh.authorizedKeys.keys = (import ./authorizedKeys.nix); } diff --git a/specific/grimmauld-nixos-server/hardware-configuration.nix b/specific/grimmauld-nixos-server/hardware-configuration.nix index 6cf9123..938ddac 100644 --- a/specific/grimmauld-nixos-server/hardware-configuration.nix +++ b/specific/grimmauld-nixos-server/hardware-configuration.nix @@ -14,6 +14,11 @@ fsType = "ext4"; }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/d6bf7aad-cd46-458c-98e8-a321eb77858a"; + fsType = "ext4"; + }; + environment.sessionVariables = { OMP_NUM_THREADS = "8"; }; diff --git a/sway/default.nix b/sway/default.nix index ff2949b..33c4a38 100644 --- a/sway/default.nix +++ b/sway/default.nix @@ -51,113 +51,122 @@ urgentcol = "#9e3c3c"; realwhite = "#C7D3E3"; }; - keybinds = { - "$mod+d" = "exec $menu"; - "$mod+Shift+d" = "exec $menu_run"; - "$mod+Shift+s" = ''exec ${getExe grim} -g "$(${getExe slurp} -d)" - | wl-copy''; - "$mod+Shift+Return" = "exec ${getExe xdg-terminal-exec} xonsh"; - "$mod+Return" = "exec ${getExe xdg-terminal-exec}"; - "$mod+Shift+q" = "kill"; - "$mod+Shift+c" = "reload"; - "$mod+Shift+e" = "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -B 'Yes, exit sway' 'swaymsg exit'"; + keybinds = + { + "$mod+d" = "exec $menu"; + "$mod+Shift+d" = "exec $menu_run"; + "$mod+Shift+s" = ''exec ${getExe grim} -g "$(${getExe slurp} -d)" - | wl-copy''; + "$mod+Shift+Return" = "exec ${getExe xdg-terminal-exec} xonsh"; + "$mod+Return" = "exec ${getExe xdg-terminal-exec}"; + "$mod+Shift+q" = "kill"; + "$mod+Shift+c" = "reload"; + "$mod+Shift+e" = "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -B 'Yes, exit sway' 'swaymsg exit'"; - # Move your focus around - "$mod+$left" = "focus left"; - "$mod+$down" = "focus down"; - "$mod+$up" = "focus up"; - "$mod+$right" = "focus right"; - # Or use $mod+[up|down|left|right] - "$mod+Left" = "focus left"; - "$mod+Down" = "focus down"; - "$mod+Up" = "focus up"; - "$mod+Right" = "focus right"; + # Move your focus around + "$mod+$left" = "focus left"; + "$mod+$down" = "focus down"; + "$mod+$up" = "focus up"; + "$mod+$right" = "focus right"; + # Or use $mod+[up|down|left|right] + "$mod+Left" = "focus left"; + "$mod+Down" = "focus down"; + "$mod+Up" = "focus up"; + "$mod+Right" = "focus right"; - # Move the focused window with the same, but add Shift - "$mod+Shift+$left" = "move left"; - "$mod+Shift+$down" = "move down"; - "$mod+Shift+$up" = "move up"; - "$mod+Shift+$right" = "move right"; - # Ditto, with arrow keys - "$mod+Shift+Left" = "move left"; - "$mod+Shift+Down" = "move down"; - "$mod+Shift+Up" = "move up"; - "$mod+Shift+Right" = "move right"; - - # Layout stuff: - # - # You can "split" the current object of your focus with - # $mod+b or $mod+v, for horizontal and vertical splits - # respectively. - "$mod+b" = "splith"; - "$mod+v" = "splitv"; + # Move the focused window with the same, but add Shift + "$mod+Shift+$left" = "move left"; + "$mod+Shift+$down" = "move down"; + "$mod+Shift+$up" = "move up"; + "$mod+Shift+$right" = "move right"; + # Ditto, with arrow keys + "$mod+Shift+Left" = "move left"; + "$mod+Shift+Down" = "move down"; + "$mod+Shift+Up" = "move up"; + "$mod+Shift+Right" = "move right"; - # Switch the current container between different layout styles - "$mod+s" = "layout stacking"; - "$mod+w" = "layout tabbed"; - "$mod+e" = "layout toggle split"; + # Layout stuff: + # + # You can "split" the current object of your focus with + # $mod+b or $mod+v, for horizontal and vertical splits + # respectively. + "$mod+b" = "splith"; + "$mod+v" = "splitv"; - # Make the current focus fullscreen - "$mod+f" = "fullscreen"; + # Switch the current container between different layout styles + "$mod+s" = "layout stacking"; + "$mod+w" = "layout tabbed"; + "$mod+e" = "layout toggle split"; - # Toggle the current focus between tiling and floating mode - "$mod+Shift+space" = "floating toggle"; + # Make the current focus fullscreen + "$mod+f" = "fullscreen"; - # Swap focus between the tiling area and the floating area - "$mod+space" = "focus mode_toggle"; + # Toggle the current focus between tiling and floating mode + "$mod+Shift+space" = "floating toggle"; - # Move focus to the parent container - "$mod+a" = "focus parent"; + # Swap focus between the tiling area and the floating area + "$mod+space" = "focus mode_toggle"; - "$mod+Shift+minus" = "move scratchpad"; - "$mod+minus" = "scratchpad show"; + # Move focus to the parent container + "$mod+a" = "focus parent"; - "$mod+r" = "mode \"resize\""; + "$mod+Shift+minus" = "move scratchpad"; + "$mod+minus" = "scratchpad show"; - XF86AudioRaiseVolume = "exec pactl set-sink-volume @DEFAULT_SINK@ +5%"; - XF86AudioLowerVolume = "exec pactl set-sink-volume @DEFAULT_SINK@ -5%"; - "Shift+XF86AudioLowerVolume" = "exec pactl set-source-volume @DEFAULT_SOURCE@ -5%"; - "Shift+XF86AudioRaiseVolume" = "exec pactl set-source-volume @DEFAULT_SOURCE@ +5%"; - XF86AudioMute = "exec pactl set-sink-mute @DEFAULT_SINK@ toggle"; - XF86AudioPlay = "exec playerctl play-pause"; - XF86AudioNext = "exec playerctl next"; - XF86AudioPrev = "exec playerctl previous"; - "$mod+c" = "exec ${getExe swaymux}"; - XF86MonBrightnessUp = "exec ${getExe brightnessctl} s 10+%"; - XF86MonBrightnessDown = "exec ${getExe brightnessctl} s 10-%"; - XF86Explorer = "exec ${getExe xdg-terminal-exec} ${getExe ranger}"; - XF86Search = "exec ${getExe searchclip}"; - XF86HomePage = + "$mod+r" = "mode \"resize\""; + + XF86AudioRaiseVolume = "exec pactl set-sink-volume @DEFAULT_SINK@ +5%"; + XF86AudioLowerVolume = "exec pactl set-sink-volume @DEFAULT_SINK@ -5%"; + "Shift+XF86AudioLowerVolume" = "exec pactl set-source-volume @DEFAULT_SOURCE@ -5%"; + "Shift+XF86AudioRaiseVolume" = "exec pactl set-source-volume @DEFAULT_SOURCE@ +5%"; + XF86AudioMute = "exec pactl set-sink-mute @DEFAULT_SINK@ toggle"; + XF86AudioPlay = "exec playerctl play-pause"; + XF86AudioNext = "exec playerctl next"; + XF86AudioPrev = "exec playerctl previous"; + "$mod+c" = "exec ${getExe swaymux}"; + XF86MonBrightnessUp = "exec ${getExe brightnessctl} s 10+%"; + XF86MonBrightnessDown = "exec ${getExe brightnessctl} s 10-%"; + XF86Explorer = "exec ${getExe xdg-terminal-exec} ${getExe ranger}"; + XF86Search = "exec ${getExe searchclip}"; + XF86HomePage = + let + open = pkgs.writeShellScriptBin "open_or_switch_browser" '' + browser=$(xdg-settings get default-web-browser | sed "s/\.desktop//") + swaymsg [app_id="$browser"] focus || ${getExe deskwhich} $browser | xargs gio launch + ''; + in + "exec ${getExe open}"; + XF86Tools = + let + open = pkgs.writeShellScriptBin "open_or_switch_spotify" '' + # FIXME: spotify is being weird + while IFS= read -r pid; do + swaymsg [pid=$pid] focus && exit 0 + done <<< $(pgrep spotify -u "$(whoami)") + ${getExe deskwhich} spotify | xargs gio launch + ''; + in + "exec ${getExe open}"; # for some reason tools = audio media on my keyboard?? + XF86Mail = + let + open = pkgs.writeShellScriptBin "open_or_switch_mail" '' + desk=$(xdg-settings get default-url-scheme-handler mailto | sed "s/\.desktop//") + swaymsg [app_id="$desk"] focus || ${getExe deskwhich} $desk | xargs gio launch + ''; + in + "exec ${getExe open}"; + # XF86Bluetooth = "exec blueman-manager"; + } + // ( let - open = pkgs.writeShellScriptBin "open_or_switch_browser" '' - browser=$(xdg-settings get default-web-browser | sed "s/\.desktop//") - swaymsg [app_id="$browser"] focus || ${getExe deskwhich} $browser | xargs gio launch - ''; + inherit (builtins) toString; in - "exec ${getExe open}"; - XF86Tools = - let - open = pkgs.writeShellScriptBin "open_or_switch_spotify" '' - # FIXME: spotify is being weird - while IFS= read -r pid; do - swaymsg [pid=$pid] focus && exit 0 - done <<< $(pgrep spotify -u "$(whoami)") - ${getExe deskwhich} spotify | xargs gio launch - ''; - in - "exec ${getExe open}"; # for some reason tools = audio media on my keyboard?? - XF86Mail = - let - open = pkgs.writeShellScriptBin "open_or_switch_mail" '' - desk=$(xdg-settings get default-url-scheme-handler mailto | sed "s/\.desktop//") - swaymsg [app_id="$desk"] focus || ${getExe deskwhich} $desk | xargs gio launch - ''; - in - "exec ${getExe open}"; - # XF86Bluetooth = "exec blueman-manager"; - } // (let inherit (builtins) toString; in lib.mergeAttrsList (map (n: { - "$mod+${toString n}" = "workspace number ${toString n}"; - "$mod+Shift+${toString n}" = "move container to workspace number ${toString n}"; - }) (lib.range 0 9))); + lib.mergeAttrsList ( + map (n: { + "$mod+${toString n}" = "workspace number ${toString n}"; + "$mod+Shift+${toString n}" = "move container to workspace number ${toString n}"; + }) (lib.range 0 9) + ) + ); autolaunch = with pkgs; [ # fixme: absolute paths "blueman-applet"