Compare commits

...

2 commits

Author SHA1 Message Date
dba17de73c
fix config 2024-11-29 22:48:01 +01:00
ceda4f1791
add fmt to flake, reduce abstraction layers 2024-11-27 09:47:58 +01:00
14 changed files with 230 additions and 64 deletions

View file

@ -143,8 +143,8 @@ in
);
sway_conf = concatLines (
(build_conf sway.config)
++ optional sway.bar.enable bar_config
(optional sway.bar.enable bar_config)
++ (build_conf sway.config)
++ (mapAttrsToList (
name: value:
"output ${value.id} mode ${value.mode}"

View file

@ -23,7 +23,7 @@ let
sway
;
inherit (config.boot.kernelPackages) x86_energy_perf_policy cpupower;
enable_perf_policy = (elem system x86_energy_perf_policy.meta.platforms);
enable_perf_policy = false; # (elem system x86_energy_perf_policy.meta.platforms);
powersave = writeShellScriptBin "powersave-mode" (
concatLines (

View file

@ -5,12 +5,10 @@
...
}:
let
inherit (config.grimmShared) enable printing graphical;
inherit (config.grimmShared) enable graphical;
in
{
config = lib.mkIf (enable && printing) {
# Enable CUPS to print documents.
services.printing.enable = true;
config = lib.mkIf (enable && config.services.printing.enable) {
services.printing.drivers = with pkgs; [
brgenml1lpr
brgenml1cupswrapper
@ -20,7 +18,7 @@ in
nssmdns4 = true;
openFirewall = true;
};
services.printing.cups-pdf.enable = true;
# services.printing.cups-pdf.enable = true;
hardware.sane.brscan4.enable = true; # enables support for SANE scanners
environment.systemPackages = (
@ -30,6 +28,4 @@ in
]
);
};
options.grimmShared.printing = lib.mkEnableOption "Enables print and scan related options";
}

View file

@ -11,11 +11,10 @@ in
{
imports = [ ./apparmor-d-module.nix ]; # ./aa-alias-module.nix ];
config = mkIf (enable && tooling.enable) {
config = mkIf (enable && tooling.enable && config.security.apparmor.enable) {
services.dbus.apparmor = "enabled";
security.auditd.enable = true;
security.apparmor.enable = true;
security.apparmor.enableCache = true;
security.apparmor.includes."tunables/alias.d/programs" = ''
@ -74,6 +73,8 @@ in
"local/pass" = ''
${getExe' pkgs.pass ".pass-wrapped"} rix,
@{nix_store}/wl-copy rUx,
@{nix_store}/wl-paste rUx,
'';
"local/pass_gpg" = ''

View file

@ -1,4 +1,10 @@
{ pkgs, lib, ... }:
{
pkgs,
lib,
inputs,
system,
...
}:
{
environment.systemPackages = with pkgs; [
(writeShellScriptBin "nix-referrers" "nix-store --query --referrers $@")
@ -14,6 +20,7 @@
nvd
vulnix
nix-init
inputs.nixpkgs-update.packages."${system}".default
];
environment.sessionVariables =

View file

@ -18,8 +18,6 @@
nix.package = pkgs.lix;
nixpkgs.config.allowUnfree = true;
services.flatpak.enable = true;
grimmShared = {
enable = true;
locale = true;

View file

@ -6,14 +6,15 @@
"nixpkgs": [
"nixpkgs"
],
"pre-commit-hooks": "pre-commit-hooks"
"pre-commit-hooks": "pre-commit-hooks",
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1731942996,
"narHash": "sha256-Ohh+GmEenm4Eu1p6+u/4qIw0wbgKm7Vk/yQwRnSmrFE=",
"lastModified": 1732741943,
"narHash": "sha256-ZPGI3RjfDqajlIlEO6xL9dQhtyXQMhlFMPnYoKNtPRI=",
"owner": "LordGrimmauld",
"repo": "aa-alias-manager",
"rev": "e394c4882888f9b9306b3a2dfc59df03ab766473",
"rev": "cb4dd424befe24976ecbbc09505efa0c5477d9c6",
"type": "github"
},
"original": {
@ -30,11 +31,11 @@
]
},
"locked": {
"lastModified": 1731956781,
"narHash": "sha256-AAZiAMQ2LBCY375NnbQa8HHFJc3KLyfnlGiFXDdb1pE=",
"lastModified": 1732848312,
"narHash": "sha256-OSkmgBPSmZJlZmZu16S3zav7vbxU7w4p6cwoi4B28PM=",
"owner": "ezKEa",
"repo": "aagl-gtk-on-nix",
"rev": "862c5b3acd097906cd242eedd9ddcc95ac9382cb",
"rev": "30492838a20837085045baffc7c796f266a0b6a6",
"type": "github"
},
"original": {
@ -92,11 +93,11 @@
]
},
"locked": {
"lastModified": 1732150710,
"narHash": "sha256-H6ps/jlPn3kkGtrZeduLtfMnV8htI117/qUgMtUzJBM=",
"lastModified": 1732715105,
"narHash": "sha256-WGf8bzwNEgbWjM9aTFv9ZCGrBQEfg0fYd4FSoVa2gDs=",
"owner": "chaotic-cx",
"repo": "nyx",
"rev": "4621aec08aa50869a305e275c2b8a0c766f3b59b",
"rev": "8f153d013632e6036e8bec6377cc5ed7d2ad14df",
"type": "github"
},
"original": {
@ -241,11 +242,11 @@
]
},
"locked": {
"lastModified": 1732025103,
"narHash": "sha256-qjEI64RKvDxRyEarY0jTzrZMa8ebezh2DEZmJJrpVdo=",
"lastModified": 1732482255,
"narHash": "sha256-GUffLwzawz5WRVfWaWCg78n/HrBJrOG7QadFY6rtV8A=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "a46e702093a5c46e192243edbd977d5749e7f294",
"rev": "a9953635d7f34e7358d5189751110f87e3ac17da",
"type": "github"
},
"original": {
@ -263,11 +264,11 @@
]
},
"locked": {
"lastModified": 1732032028,
"narHash": "sha256-NjyfJQQxs/a2a/KwTmXM44K7XjeJwGsf4YFtebueQzo=",
"lastModified": 1732648910,
"narHash": "sha256-1F83DUfEHnCZpGY4UOlWaamWoDx8eZ9tHaUF51p2hng=",
"owner": "Jovian-Experiments",
"repo": "Jovian-NixOS",
"rev": "65dc04371cf914c9af4f073638821e4787303005",
"rev": "e86d2ad72094354326887bd6fe156f327d63d491",
"type": "github"
},
"original": {
@ -276,6 +277,28 @@
"type": "github"
}
},
"mmdoc": {
"inputs": {
"nixpkgs": [
"nixpkgs-update",
"nixpkgs"
],
"systems": "systems_2"
},
"locked": {
"lastModified": 1710694589,
"narHash": "sha256-5wa+Jzxr+LygoxSZuZg0YU81jgdnx2IY/CqDIJMOgec=",
"owner": "ryantm",
"repo": "mmdoc",
"rev": "b6ddf748b1d1c01ca582bb1b3dafd6bc3a4c83a6",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "mmdoc",
"type": "github"
}
},
"nix-github-actions": {
"inputs": {
"nixpkgs": [
@ -284,11 +307,11 @@
]
},
"locked": {
"lastModified": 1729742964,
"narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=",
"lastModified": 1731952509,
"narHash": "sha256-p4gB3Rhw8R6Ak4eMl8pqjCPOLCZRqaehZxdZ/mbFClM=",
"owner": "nix-community",
"repo": "nix-github-actions",
"rev": "e04df33f62cdcf93d73e9a04142464753a16db67",
"rev": "7b5f051df789b6b20d259924d349a9ba3319b226",
"type": "github"
},
"original": {
@ -366,11 +389,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1732014248,
"narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=",
"lastModified": 1732521221,
"narHash": "sha256-2ThgXBUXAE1oFsVATK1ZX9IjPcS4nKFOAjhPNKuiMn0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "23e89b7da85c3640bbc2173fe04f4bd114342367",
"rev": "4633a7c72337ea8fd23a4f2ba3972865e3ec685d",
"type": "github"
},
"original": {
@ -397,11 +420,11 @@
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1720386169,
"narHash": "sha256-NGKVY4PjzwAa4upkGtAMz1npHGoRzWotlSnVlqI40mo=",
"lastModified": 1730741070,
"narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "194846768975b7ad2c4988bdb82572c00222c0d7",
"rev": "d063c1dd113c91ab27959ba540c0d9753409edf3",
"type": "github"
},
"original": {
@ -411,6 +434,41 @@
"type": "github"
}
},
"nixpkgs-update": {
"inputs": {
"mmdoc": "mmdoc",
"nixpkgs": "nixpkgs_2",
"runtimeDeps": "runtimeDeps",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1730338630,
"narHash": "sha256-rGp0I9m3/nDV70nRXvdCv2QiAGPOaRm92rISXDxNUJM=",
"owner": "nix-community",
"repo": "nixpkgs-update",
"rev": "525c2e488ad26cd46878fd93337521bf42e598a9",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs-update",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1672428209,
"narHash": "sha256-eejhqkDz2cb2vc5VeaWphJz8UXNuoNoM8/Op8eWv2tQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "293a28df6d7ff3dec1e61e37cc4ee6e6c0fb0847",
"type": "github"
},
"original": {
"id": "nixpkgs",
"type": "indirect"
}
},
"pre-commit-hooks": {
"inputs": {
"flake-compat": "flake-compat",
@ -422,11 +480,11 @@
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1730302582,
"narHash": "sha256-W1MIJpADXQCgosJZT8qBYLRuZls2KSiKdpnTVdKBuvU=",
"lastModified": 1732021966,
"narHash": "sha256-mnTbjpdqF0luOkou8ZFi2asa1N3AA2CchR/RqCNmsGE=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "af8a16fe5c264f5e9e18bcee2859b40a656876cf",
"rev": "3308484d1a443fc5bc92012435d79e80458fe43c",
"type": "github"
},
"original": {
@ -443,7 +501,45 @@
"chaotic": "chaotic",
"nixos-mailserver": "nixos-mailserver",
"nixos-matrix-modules": "nixos-matrix-modules",
"nixpkgs": "nixpkgs"
"nixpkgs": "nixpkgs",
"nixpkgs-update": "nixpkgs-update"
}
},
"runtimeDeps": {
"locked": {
"lastModified": 1714247354,
"narHash": "sha256-6dFKqP/aCKIdpOgqgIQUrRT0NOfVc14ftNcdELa4Pu4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c8d7c8a78fb516c0842cc65346506a565c88014d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
}
},
"rust-overlay": {
"inputs": {
"nixpkgs": [
"aa-alias-manager",
"nixpkgs"
]
},
"locked": {
"lastModified": 1732674798,
"narHash": "sha256-oM1gjCv9R4zxDFO3as9wqQ4FI3+pDA9MKZ72L7tTIII=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "1d569430326b0a7807ccffdb2a188b814091976c",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"systems": {
@ -460,6 +556,42 @@
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs-update",
"nixpkgs"
]
},
"locked": {
"lastModified": 1711963903,
"narHash": "sha256-N3QDhoaX+paWXHbEXZapqd1r95mdshxToGowtjtYkGI=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "49dc4a92b02b8e68798abd99184f228243b6e3ac",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
}
},
"root": "root",

View file

@ -32,6 +32,10 @@
url = "github:LordGrimmauld/aa-alias-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
nixpkgs-update = {
url = "github:nix-community/nixpkgs-update";
# inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs =
@ -44,15 +48,12 @@
nixos-mailserver,
nixos-matrix-modules,
aa-alias-manager,
nixpkgs-update,
...
}:
let
patches = [
./aa_mod.patch
{
url = "https://github.com/NixOS/nixpkgs/pull/357468.patch";
hash = "sha256-t+/zVO/Jyink9biD61AuDOmVt0GF3biKxR5hCAyl4Fc=";
}
];
customNixosSystem =
@ -75,8 +76,17 @@
}
// definitions
);
systems = [
"x86_64-linux"
"aarch64-linux"
];
forAllSystems = f: nixpkgs.lib.genAttrs systems (system: f system);
in
{
formatter = forAllSystems (system: nixpkgs.legacyPackages.${system}.nixfmt-rfc-style);
nixosConfigurations = {
grimmauld-nixos = customNixosSystem "x86_64-linux" {
modules = [

View file

@ -47,7 +47,7 @@ in
enable = true;
https = true;
hostName = vhosts.nextcloud_host.host;
package = pkgs.nextcloud29;
package = pkgs.nextcloud30;
caching.redis = true;
extraApps = {

View file

@ -5,7 +5,7 @@ in
{
services.harmonia = {
enable = true;
signKeyPath = "/var/cache-priv-key.pem";
signKeyPaths = [ "/var/cache-priv-key.pem" ];
settings.bind = "[::]:${builtins.toString vhosts.nix_cache_host.port}";
};
}

View file

@ -23,7 +23,7 @@ in
in
map (v: "127.0.0.1:${builtins.toString v.port}") (
filter (v: (isAttrs v) && v.enable) (
attrValues (filterAttrs (n: v: n != "minio") config.services.prometheus.exporters)
attrValues (filterAttrs (n: v: n != "minio" && n != "tor") config.services.prometheus.exporters)
)
);
}

View file

@ -14,12 +14,14 @@
networking.hostId = "2ea79333";
boot.kernelPackages = lib.mkForce config.boot.zfs.package.latestCompatibleLinuxPackages;
services.printing.cups-pdf.enable = true; # implies printing enable
# services.printing.enable = true;
grimmShared = {
tooling = {
pass = true;
};
gaming = true;
printing = true;
portals = true;
sound = {
enable = true;

View file

@ -42,6 +42,10 @@
RUN+="${lib.getExe exitSway}"
# '';
services.printing.cups-pdf.enable = true; # implies printing enable
# services.printing.enable = true;
security.apparmor.enable = true;
# RUN+="${lib.getExe' pkgs.systemd "loginctl"} lock-sessions"
# networking.hostId = "2ea79333";
@ -52,7 +56,6 @@
pass = true;
};
gaming = true;
printing = true;
portals = true;
sound = {
enable = true;

View file

@ -25,7 +25,7 @@
enable = true;
config =
let
inherit (lib) getExe getExe';
inherit (lib) getExe getExe' concatLines;
inherit (pkgs)
rmenu
xdg-terminal-exec
@ -172,7 +172,23 @@
}) (lib.range 0 9)
)
);
autolaunch = [
autolaunch =
let
aw-modules = with pkgs; [
aw-server-rust
aw-watcher-window-wayland
];
aw-modules-list = lib.concatStringsSep "," (map (p: p.meta.mainProgram) aw-modules);
aw-bundle = (
pkgs.writeShellScriptBin "aw-bundle" ''
export RUST_BACKTRACE=full
export PATH=$PATH:${lib.makeBinPath (aw-modules ++ [pkgs.coreutils-full])}
${getExe' pkgs.coreutils-full "sleep"} 5
${getExe pkgs.aw-qt} --autostart-modules ${aw-modules-list}
''
);
in
[
(getExe' pkgs.dbus "dbus-update-activation-environment")
(getExe' pkgs.xdg-user-dirs "xdg-user-dirs-update")
''${getExe' pkgs.coreutils-full "sleep"} 3 && ${getExe' pkgs.blueman "blueman-applet"}''
@ -180,6 +196,7 @@
(getExe' config.hardware.opentabletdriver.package "otd-daemon")
pkgs.swaynotificationcenter
pkgs.networkmanagerapplet
aw-bundle
# (pkgs.writeShellScriptBin "rmenu-cache-clear" "rm -r $HOME/.cache/rmenu") # invalidate rmenu cache on sway restart
];
extraConfig = ''