From 13bb77108c9bee6e61ec4023385d8129907653dd Mon Sep 17 00:00:00 2001 From: Ryan Yin Date: Wed, 30 Jul 2025 12:17:24 +0800 Subject: [PATCH] feat: format via 'ls **/*.nix | each { |it| nixfmt $it.name }' --- hardening/apparmor/default.nix | 3 +- hardening/bwraps/default.nix | 2 +- hardening/bwraps/wechat.nix | 99 +++---- hardening/nixpaks/default.nix | 12 +- hardening/nixpaks/firefox-desktop-item.nix | 4 +- hardening/nixpaks/firefox.nix | 135 ++++----- hardening/nixpaks/modules/gui-base.nix | 28 +- hardening/nixpaks/modules/network.nix | 2 +- hardening/nixpaks/qq-desktop-item.nix | 2 +- hardening/nixpaks/qq.nix | 95 ++++--- hardening/profiles/default.nix | 3 +- home/base/core/core.nix | 5 +- home/base/core/default.nix | 3 +- home/base/core/editors/default.nix | 3 +- home/base/core/editors/helix/default.nix | 3 +- home/base/core/editors/neovim/default.nix | 3 +- home/base/core/git.nix | 5 +- home/base/core/npm.nix | 3 +- home/base/core/shells/default.nix | 6 +- home/base/core/theme.nix | 3 +- home/base/core/yazi.nix | 3 +- home/base/core/zellij/default.nix | 3 +- home/base/gui/default.nix | 3 +- home/base/gui/dev-tools.nix | 6 +- home/base/gui/terminal/alacritty/default.nix | 5 +- home/base/gui/terminal/default.nix | 3 +- home/base/gui/terminal/foot.nix | 3 +- home/base/gui/terminal/ghostty.nix | 7 +- home/base/gui/terminal/kitty.nix | 7 +- home/base/home.nix | 3 +- home/base/tui/cloud/default.nix | 12 +- home/base/tui/container.nix | 3 +- home/base/tui/default.nix | 3 +- home/base/tui/dev-tools.nix | 3 +- home/base/tui/editors/default.nix | 3 +- home/base/tui/editors/helix/default.nix | 3 +- home/base/tui/editors/neovim/default.nix | 3 +- home/base/tui/editors/packages.nix | 268 +++++++++--------- home/base/tui/encryption/default.nix | 3 +- home/base/tui/gpg/default.nix | 3 +- home/base/tui/password-store/default.nix | 6 +- home/base/tui/shell.nix | 6 +- home/base/tui/ssh.nix | 3 +- home/base/tui/zellij/default.nix | 6 +- home/darwin/aerospace/default.nix | 6 +- home/darwin/default.nix | 17 +- home/darwin/proxy/default.nix | 6 +- home/darwin/rime-squirrel.nix | 3 +- home/darwin/shell.nix | 6 +- home/linux/base/default.nix | 3 +- home/linux/base/shell.nix | 6 +- home/linux/base/tools.nix | 3 +- home/linux/gui/base/creative.nix | 9 +- home/linux/gui/base/default.nix | 3 +- home/linux/gui/base/dev-tools.nix | 3 +- home/linux/gui/base/eye-protection.nix | 3 +- home/linux/gui/base/fcitx5/default.nix | 3 +- home/linux/gui/base/games.nix | 3 +- home/linux/gui/base/gtk.nix | 3 +- home/linux/gui/base/immutable-file.nix | 26 +- home/linux/gui/base/media.nix | 9 +- home/linux/gui/base/misc.nix | 3 +- home/linux/gui/base/note-taking.nix | 15 +- home/linux/gui/base/wallpaper/default.nix | 41 ++- home/linux/gui/base/xdg.nix | 95 ++++--- home/linux/gui/default.nix | 3 +- home/linux/gui/editors/default.nix | 3 +- home/linux/gui/hyprland/default.nix | 48 ++-- home/linux/gui/hyprland/options/default.nix | 3 +- home/linux/gui/hyprland/options/nvidia.nix | 6 +- home/linux/gui/hyprland/values/anyrun.nix | 3 +- home/linux/gui/hyprland/values/default.nix | 5 +- home/linux/gui/hyprland/values/hyprland.nix | 50 ++-- home/linux/gui/hyprland/values/packages.nix | 4 +- .../gui/hyprland/values/wayland-apps.nix | 37 ++- home/linux/gui/hyprland/values/xdg.nix | 3 +- .../hardware-configuration.nix | 5 +- hosts/darwin-fern/default.nix | 3 +- hosts/darwin-fern/home.nix | 9 +- hosts/darwin-frieren/default.nix | 3 +- hosts/darwin-frieren/home.nix | 9 +- hosts/idols-ai/ai/default.nix | 3 +- hosts/idols-ai/ai/ollama.nix | 6 +- hosts/idols-ai/default.nix | 12 +- hosts/idols-ai/game/default.nix | 3 +- hosts/idols-ai/game/gamemode.nix | 6 +- hosts/idols-ai/game/steam.nix | 7 +- hosts/idols-ai/hardware-configuration.nix | 71 +++-- hosts/idols-ai/home.nix | 3 +- hosts/idols-ai/netdev-mount.nix | 3 +- hosts/idols-ai/nvidia.nix | 5 +- hosts/idols-ai/preservation.nix | 38 +-- hosts/idols-ai/secureboot.nix | 3 +- hosts/idols-aquamarine/caddy.nix | 11 +- hosts/idols-aquamarine/default.nix | 17 +- hosts/idols-aquamarine/disko-fs.nix | 30 +- hosts/idols-aquamarine/exporters/default.nix | 3 +- hosts/idols-aquamarine/gitea.nix | 3 +- hosts/idols-aquamarine/grafana/default.nix | 3 +- hosts/idols-aquamarine/minio.nix | 8 +- .../monitoring/alertmanager.nix | 5 +- hosts/idols-aquamarine/monitoring/default.nix | 3 +- .../monitoring/victoriametrics.nix | 147 +++++----- .../oci-containers/default.nix | 5 +- .../oci-containers/homepage/default.nix | 10 +- .../oci-containers/uptime-kuma/default.nix | 10 +- hosts/idols-aquamarine/postgresql.nix | 10 +- hosts/idols-aquamarine/proxy.nix | 2 +- hosts/idols-aquamarine/restic.nix | 8 +- hosts/idols-aquamarine/sftpgo.nix | 6 +- hosts/idols-aquamarine/transmission.nix | 6 +- hosts/idols-kana/default.nix | 9 +- hosts/idols-ruby/default.nix | 14 +- hosts/k8s/disko-config/kubevirt-disko-fs.nix | 26 +- hosts/k8s/k3s-prod-1-master-1/default.nix | 16 +- hosts/k8s/k3s-prod-1-master-2/default.nix | 16 +- hosts/k8s/k3s-prod-1-master-3/default.nix | 16 +- hosts/k8s/k3s-prod-1-worker-1/default.nix | 16 +- hosts/k8s/k3s-prod-1-worker-2/default.nix | 16 +- hosts/k8s/k3s-prod-1-worker-3/default.nix | 16 +- hosts/k8s/k3s-test-1-master-1/default.nix | 16 +- hosts/k8s/k3s-test-1-master-2/default.nix | 16 +- hosts/k8s/k3s-test-1-master-3/default.nix | 16 +- hosts/k8s/kubevirt-shoryu/default.nix | 24 +- .../hardware-configuration.nix | 22 +- hosts/k8s/kubevirt-shoryu/preservation.nix | 34 ++- hosts/k8s/kubevirt-shushou/default.nix | 24 +- hosts/k8s/kubevirt-youko/default.nix | 24 +- lib/attrs.nix | 3 +- lib/colmenaSystem.nix | 47 ++- lib/default.nix | 31 +- lib/genK3sAgentModule.nix | 20 +- lib/genK3sServerModule.nix | 29 +- lib/genKubeVirtGuestModule.nix | 10 +- lib/genKubeVirtHostModule.nix | 19 +- lib/macosSystem.nix | 49 ++-- lib/nixosSystem.nix | 44 ++- modules/base/default.nix | 3 +- modules/base/fonts.nix | 12 +- modules/base/nix.nix | 10 +- modules/base/overlays.nix | 12 +- modules/base/system-packages.nix | 3 +- modules/base/users.nix | 3 +- modules/darwin/apps.nix | 27 +- modules/darwin/broken-packages.nix | 21 +- modules/darwin/default.nix | 11 +- modules/darwin/nix-core.nix | 3 +- modules/darwin/security.nix | 6 +- modules/darwin/users.nix | 3 +- modules/nixos/base/core.nix | 3 +- modules/nixos/base/default.nix | 3 +- modules/nixos/base/nix.nix | 3 +- modules/nixos/base/packages.nix | 3 +- modules/nixos/base/remote-building.nix | 103 +++---- modules/nixos/base/ssh.nix | 3 +- modules/nixos/base/user-group.nix | 17 +- modules/nixos/desktop.nix | 8 +- modules/nixos/desktop/default.nix | 3 +- modules/nixos/desktop/fhs.nix | 21 +- modules/nixos/desktop/fonts.nix | 5 +- modules/nixos/desktop/misc.nix | 3 +- modules/nixos/desktop/peripherals.nix | 3 +- .../nixos/desktop/remote-desktop/default.nix | 3 +- .../desktop/remote-desktop/tailscale.nix | 2 +- modules/nixos/desktop/virtualisation.nix | 7 +- modules/nixos/desktop/xdg.nix | 33 +-- .../kubevirt-hardware-configuration.nix | 4 +- modules/nixos/server/server-aarch64.nix | 3 +- modules/nixos/server/server-riscv64.nix | 3 +- modules/nixos/server/server.nix | 3 +- nixos-installer/configuration.nix | 3 +- nixos-installer/flake.nix | 87 +++--- outputs/aarch64-darwin/default.nix | 25 +- outputs/aarch64-darwin/src/fern.nix | 6 +- outputs/aarch64-darwin/src/frieren.nix | 6 +- .../tests/home-manager/expected.nix | 5 +- .../tests/home-manager/expr.nix | 11 +- .../tests/hostname/expected.nix | 5 +- .../aarch64-darwin/tests/hostname/expr.nix | 4 +- outputs/aarch64-linux/default.nix | 37 ++- .../aarch64-linux/src/12kingdoms-shoukei.nix | 36 +-- .../tests/home-manager/expected.nix | 5 +- .../aarch64-linux/tests/home-manager/expr.nix | 11 +- .../aarch64-linux/tests/hostname/expected.nix | 6 +- outputs/aarch64-linux/tests/hostname/expr.nix | 4 +- .../aarch64-linux/tests/kernel/expected.nix | 5 +- outputs/aarch64-linux/tests/kernel/expr.nix | 4 +- outputs/default.nix | 164 ++++++----- outputs/x86_64-linux/default.nix | 37 ++- .../x86_64-linux/nixos-tests/idols-ruby.nix | 39 +-- outputs/x86_64-linux/src/idols-ai.nix | 34 +-- outputs/x86_64-linux/src/idols-aquamarine.nix | 22 +- outputs/x86_64-linux/src/idols-kana.nix | 14 +- outputs/x86_64-linux/src/idols-ruby.nix | 14 +- .../x86_64-linux/src/k3s-prod-1-master-1.nix | 13 +- .../x86_64-linux/src/k3s-prod-1-master-2.nix | 13 +- .../x86_64-linux/src/k3s-prod-1-master-3.nix | 13 +- .../x86_64-linux/src/k3s-prod-1-worker-1.nix | 13 +- .../x86_64-linux/src/k3s-prod-1-worker-2.nix | 13 +- .../x86_64-linux/src/k3s-prod-1-worker-3.nix | 13 +- .../x86_64-linux/src/k3s-test-1-master-1.nix | 13 +- .../x86_64-linux/src/k3s-test-1-master-2.nix | 13 +- .../x86_64-linux/src/k3s-test-1-master-3.nix | 13 +- outputs/x86_64-linux/src/kubevirt-shoryu.nix | 14 +- outputs/x86_64-linux/src/kubevirt-shushou.nix | 14 +- outputs/x86_64-linux/src/kubevirt-youko.nix | 14 +- .../tests/home-manager/expected.nix | 5 +- .../x86_64-linux/tests/home-manager/expr.nix | 11 +- .../x86_64-linux/tests/hostname/expected.nix | 6 +- outputs/x86_64-linux/tests/hostname/expr.nix | 4 +- .../x86_64-linux/tests/kernel/expected.nix | 5 +- outputs/x86_64-linux/tests/kernel/expr.nix | 4 +- overlays/default.nix | 18 +- overlays/fcitx5/default.nix | 5 +- secrets/darwin.nix | 75 +++-- secrets/nixos.nix | 135 ++++----- templates/bevy/flake.nix | 130 +++++---- vars/default.nix | 5 +- vars/networking.nix | 68 +++-- 219 files changed, 2103 insertions(+), 1728 deletions(-) diff --git a/hardening/apparmor/default.nix b/hardening/apparmor/default.nix index d82f3143..887ccecb 100644 --- a/hardening/apparmor/default.nix +++ b/hardening/apparmor/default.nix @@ -2,7 +2,8 @@ config, pkgs, ... -}: { +}: +{ services.dbus.apparmor = "enabled"; security.apparmor = { enable = true; diff --git a/hardening/bwraps/default.nix b/hardening/bwraps/default.nix index ac550174..fafbd2e6 100644 --- a/hardening/bwraps/default.nix +++ b/hardening/bwraps/default.nix @@ -2,7 +2,7 @@ nixpkgs.overlays = [ (_: super: { bwraps = { - wechat = super.callPackage ./wechat.nix {}; + wechat = super.callPackage ./wechat.nix { }; }; }) ]; diff --git a/hardening/bwraps/wechat.nix b/hardening/bwraps/wechat.nix index de5aa46a..63f5a4cd 100644 --- a/hardening/bwraps/wechat.nix +++ b/hardening/bwraps/wechat.nix @@ -10,7 +10,8 @@ appimageTools, fetchurl, stdenvNoCC, -}: let +}: +let pname = "wechat"; # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/by-name/we/wechat/package.nix sources = { @@ -41,58 +42,58 @@ ''; }; in - appimageTools.wrapAppImage { - inherit pname version; +appimageTools.wrapAppImage { + inherit pname version; - src = appimageContents; + src = appimageContents; - extraInstallCommands = '' - mkdir -p $out/share/applications - cp ${appimageContents}/wechat.desktop $out/share/applications/ - mkdir -p $out/share/pixmaps - cp ${appimageContents}/wechat.png $out/share/pixmaps/ + extraInstallCommands = '' + mkdir -p $out/share/applications + cp ${appimageContents}/wechat.desktop $out/share/applications/ + mkdir -p $out/share/pixmaps + cp ${appimageContents}/wechat.png $out/share/pixmaps/ - substituteInPlace $out/share/applications/wechat.desktop --replace-fail AppRun wechat - ''; + substituteInPlace $out/share/applications/wechat.desktop --replace-fail AppRun wechat + ''; - # Add these root paths to FHS sandbox to prevent WeChat from accessing them by default - # Adapted from https://aur.archlinux.org/cgit/aur.git/tree/wechat-universal.sh?h=wechat-universal-bwrap - extraPreBwrapCmds = '' - XDG_DOCUMENTS_DIR="''${XDG_DOCUMENTS_DIR:-$(xdg-user-dir DOCUMENTS)}" - if [[ -z "''${XDG_DOCUMENTS_DIR}" ]]; then - echo 'Error: Failed to get XDG_DOCUMENTS_DIR, refuse to continue' - exit 1 - fi + # Add these root paths to FHS sandbox to prevent WeChat from accessing them by default + # Adapted from https://aur.archlinux.org/cgit/aur.git/tree/wechat-universal.sh?h=wechat-universal-bwrap + extraPreBwrapCmds = '' + XDG_DOCUMENTS_DIR="''${XDG_DOCUMENTS_DIR:-$(xdg-user-dir DOCUMENTS)}" + if [[ -z "''${XDG_DOCUMENTS_DIR}" ]]; then + echo 'Error: Failed to get XDG_DOCUMENTS_DIR, refuse to continue' + exit 1 + fi - WECHAT_DATA_DIR="''${XDG_DOCUMENTS_DIR}/WeChat_Data" + WECHAT_DATA_DIR="''${XDG_DOCUMENTS_DIR}/WeChat_Data" - # Using ''${WECHAT_DATA_DIR} as Wechat Data folder - WECHAT_HOME_DIR="''${WECHAT_DATA_DIR}/home" - WECHAT_FILES_DIR="''${WECHAT_DATA_DIR}/xwechat_files" + # Using ''${WECHAT_DATA_DIR} as Wechat Data folder + WECHAT_HOME_DIR="''${WECHAT_DATA_DIR}/home" + WECHAT_FILES_DIR="''${WECHAT_DATA_DIR}/xwechat_files" - mkdir -p "''${WECHAT_FILES_DIR}" - mkdir -p "''${WECHAT_HOME_DIR}" - ln -snf "''${WECHAT_FILES_DIR}" "''${WECHAT_HOME_DIR}/xwechat_files" - ''; - extraBwrapArgs = [ - "--tmpfs /home" - "--tmpfs /root" - # format: --bind - "--bind \${WECHAT_HOME_DIR} \${HOME}" - "--bind \${WECHAT_FILES_DIR} \${WECHAT_FILES_DIR}" - "--chdir \${HOME}" - # wechat-universal only supports xcb - "--setenv QT_QPA_PLATFORM xcb" - "--setenv QT_AUTO_SCREEN_SCALE_FACTOR 1" - # use fcitx as IME - "--setenv QT_IM_MODULE fcitx" - "--setenv GTK_IM_MODULE fcitx" - ]; - chdirToPwd = false; - unshareNet = false; - unshareIpc = true; - unsharePid = true; - unshareUts = true; - unshareCgroup = true; - privateTmp = true; - } + mkdir -p "''${WECHAT_FILES_DIR}" + mkdir -p "''${WECHAT_HOME_DIR}" + ln -snf "''${WECHAT_FILES_DIR}" "''${WECHAT_HOME_DIR}/xwechat_files" + ''; + extraBwrapArgs = [ + "--tmpfs /home" + "--tmpfs /root" + # format: --bind + "--bind \${WECHAT_HOME_DIR} \${HOME}" + "--bind \${WECHAT_FILES_DIR} \${WECHAT_FILES_DIR}" + "--chdir \${HOME}" + # wechat-universal only supports xcb + "--setenv QT_QPA_PLATFORM xcb" + "--setenv QT_AUTO_SCREEN_SCALE_FACTOR 1" + # use fcitx as IME + "--setenv QT_IM_MODULE fcitx" + "--setenv GTK_IM_MODULE fcitx" + ]; + chdirToPwd = false; + unshareNet = false; + unshareIpc = true; + unsharePid = true; + unshareUts = true; + unshareCgroup = true; + privateTmp = true; +} diff --git a/hardening/nixpaks/default.nix b/hardening/nixpaks/default.nix index f110fcd6..d14e4120 100644 --- a/hardening/nixpaks/default.nix +++ b/hardening/nixpaks/default.nix @@ -2,7 +2,8 @@ pkgs, nixpak, ... -}: let +}: +let callArgs = { mkNixPak = nixpak.lib.nixpak { inherit (pkgs) lib; @@ -14,19 +15,20 @@ ]; }; wrapper = _pkgs: path: (_pkgs.callPackage path callArgs).config.script; -in { +in +{ # Add nixpaked Apps into nixpkgs, and reference them in home-manager or other nixos modules nixpkgs.overlays = [ (_: super: { nixpaks = { qq = wrapper super ./qq.nix; - qq-desktop-item = super.callPackage ./qq-desktop-item.nix {}; + qq-desktop-item = super.callPackage ./qq-desktop-item.nix { }; wechat = wrapper super ./wechat.nix; - wechat-desktop-item = super.callPackage ./wechat-desktop-item.nix {}; + wechat-desktop-item = super.callPackage ./wechat-desktop-item.nix { }; firefox = wrapper super ./firefox.nix; - firefox-desktop-item = super.callPackage ./firefox-desktop-item.nix {}; + firefox-desktop-item = super.callPackage ./firefox-desktop-item.nix { }; }; }) ]; diff --git a/hardening/nixpaks/firefox-desktop-item.nix b/hardening/nixpaks/firefox-desktop-item.nix index 95878b5a..720c1119 100644 --- a/hardening/nixpaks/firefox-desktop-item.nix +++ b/hardening/nixpaks/firefox-desktop-item.nix @@ -1,4 +1,4 @@ -{makeDesktopItem}: +{ makeDesktopItem }: makeDesktopItem { name = "firefox"; desktopName = "firefox"; @@ -6,6 +6,6 @@ makeDesktopItem { terminal = false; icon = "firefox"; type = "Application"; - categories = ["Network"]; + categories = [ "Network" ]; comment = "firefox boxed"; } diff --git a/hardening/nixpaks/firefox.nix b/hardening/nixpaks/firefox.nix index 7f064c2a..c94620b1 100644 --- a/hardening/nixpaks/firefox.nix +++ b/hardening/nixpaks/firefox.nix @@ -10,74 +10,79 @@ ... }: mkNixPak { - config = { - config, - sloth, - ... - }: { - app = { - package = pkgs.firefox-wayland; - binPath = "bin/firefox"; - }; - flatpak.appId = "org.mozilla.firefox"; + config = + { + config, + sloth, + ... + }: + { + app = { + package = pkgs.firefox-wayland; + binPath = "bin/firefox"; + }; + flatpak.appId = "org.mozilla.firefox"; - imports = [ - ./modules/gui-base.nix - ./modules/network.nix - ]; - - # list all dbus services: - # ls -al /run/current-system/sw/share/dbus-1/services/ - # ls -al /etc/profiles/per-user/ryan/share/dbus-1/services/ - dbus.policies = { - "org.mozilla.firefox.*" = "own"; # firefox - "org.mozilla.firefox_beta.*" = "own"; # firefox beta - "org.mpris.MediaPlayer2.firefox.*" = "own"; - "org.freedesktop.NetworkManager" = "talk"; - - "org.gnome.Shell.Screencast" = "talk"; - # System tray icon - "org.freedesktop.Notifications" = "talk"; - "org.kde.StatusNotifierWatcher" = "talk"; - # File Manager - "org.freedesktop.FileManager1" = "talk"; - # Uses legacy StatusNotifier implementation - "org.kde.*" = "own"; - }; - - bubblewrap = { - # To trace all the home files QQ accesses, you can use the following nushell command: - # just trace-access firefox - # See the Justfile in the root of this repository for more information. - bind.rw = [ - # given the read write permission to the following directories. - # NOTE: sloth.mkdir is used to create the directory if it does not exist! - (sloth.mkdir (sloth.concat' sloth.homeDir "/.mozilla")) - - sloth.xdgDocumentsDir - sloth.xdgDownloadDir - sloth.xdgMusicDir - sloth.xdgVideosDir - ]; - bind.ro = [ - "/sys/bus/pci" - ["${config.app.package}/lib/firefox" "/app/etc/firefox"] - - # ================ for browserpass extension =============================== - "/etc/gnupg" - (sloth.concat' sloth.homeDir "/.gnupg") # gpg's config - (sloth.concat' sloth.homeDir "/.local/share/password-store") # my secrets - (sloth.concat' sloth.runtimeDir "/gnupg") # for access gpg-agent socket - - # Unsure - (sloth.concat' sloth.xdgConfigHome "/dconf") + imports = [ + ./modules/gui-base.nix + ./modules/network.nix ]; - sockets = { - x11 = false; - wayland = true; - pipewire = true; + # list all dbus services: + # ls -al /run/current-system/sw/share/dbus-1/services/ + # ls -al /etc/profiles/per-user/ryan/share/dbus-1/services/ + dbus.policies = { + "org.mozilla.firefox.*" = "own"; # firefox + "org.mozilla.firefox_beta.*" = "own"; # firefox beta + "org.mpris.MediaPlayer2.firefox.*" = "own"; + "org.freedesktop.NetworkManager" = "talk"; + + "org.gnome.Shell.Screencast" = "talk"; + # System tray icon + "org.freedesktop.Notifications" = "talk"; + "org.kde.StatusNotifierWatcher" = "talk"; + # File Manager + "org.freedesktop.FileManager1" = "talk"; + # Uses legacy StatusNotifier implementation + "org.kde.*" = "own"; + }; + + bubblewrap = { + # To trace all the home files QQ accesses, you can use the following nushell command: + # just trace-access firefox + # See the Justfile in the root of this repository for more information. + bind.rw = [ + # given the read write permission to the following directories. + # NOTE: sloth.mkdir is used to create the directory if it does not exist! + (sloth.mkdir (sloth.concat' sloth.homeDir "/.mozilla")) + + sloth.xdgDocumentsDir + sloth.xdgDownloadDir + sloth.xdgMusicDir + sloth.xdgVideosDir + ]; + bind.ro = [ + "/sys/bus/pci" + [ + "${config.app.package}/lib/firefox" + "/app/etc/firefox" + ] + + # ================ for browserpass extension =============================== + "/etc/gnupg" + (sloth.concat' sloth.homeDir "/.gnupg") # gpg's config + (sloth.concat' sloth.homeDir "/.local/share/password-store") # my secrets + (sloth.concat' sloth.runtimeDir "/gnupg") # for access gpg-agent socket + + # Unsure + (sloth.concat' sloth.xdgConfigHome "/dconf") + ]; + + sockets = { + x11 = false; + wayland = true; + pipewire = true; + }; }; }; - }; } diff --git a/hardening/nixpaks/modules/gui-base.nix b/hardening/nixpaks/modules/gui-base.nix index 1887b618..b37c3418 100644 --- a/hardening/nixpaks/modules/gui-base.nix +++ b/hardening/nixpaks/modules/gui-base.nix @@ -5,12 +5,14 @@ pkgs, sloth, ... -}: let +}: +let envSuffix = envKey: suffix: sloth.concat' (sloth.env envKey) suffix; # cursor & icon's theme should be the same as the host's one. cursorTheme = pkgs.bibata-cursors; iconTheme = pkgs.papirus-icon-theme; -in { +in +{ config = { dbus.policies = { "${config.flatpak.appId}" = "own"; @@ -89,15 +91,19 @@ in { ]; env = { - XDG_DATA_DIRS = lib.mkForce (lib.makeSearchPath "share" [ - iconTheme - cursorTheme - pkgs.shared-mime-info - ]); - XCURSOR_PATH = lib.mkForce (lib.concatStringsSep ":" [ - "${cursorTheme}/share/icons" - "${cursorTheme}/share/pixmaps" - ]); + XDG_DATA_DIRS = lib.mkForce ( + lib.makeSearchPath "share" [ + iconTheme + cursorTheme + pkgs.shared-mime-info + ] + ); + XCURSOR_PATH = lib.mkForce ( + lib.concatStringsSep ":" [ + "${cursorTheme}/share/icons" + "${cursorTheme}/share/pixmaps" + ] + ); }; }; }; diff --git a/hardening/nixpaks/modules/network.nix b/hardening/nixpaks/modules/network.nix index c3404835..225adea2 100644 --- a/hardening/nixpaks/modules/network.nix +++ b/hardening/nixpaks/modules/network.nix @@ -2,7 +2,7 @@ { etc.sslCertificates.enable = true; bubblewrap = { - bind.ro = ["/etc/resolv.conf"]; + bind.ro = [ "/etc/resolv.conf" ]; network = true; }; } diff --git a/hardening/nixpaks/qq-desktop-item.nix b/hardening/nixpaks/qq-desktop-item.nix index df665d9c..cd9ca770 100644 --- a/hardening/nixpaks/qq-desktop-item.nix +++ b/hardening/nixpaks/qq-desktop-item.nix @@ -12,6 +12,6 @@ makeDesktopItem { # tree $"($p)/share/icons" icon = "${qq}/share/icons/hicolor/512x512/apps/qq.png"; type = "Application"; - categories = ["Network"]; + categories = [ "Network" ]; comment = "QQ boxed"; } diff --git a/hardening/nixpaks/qq.nix b/hardening/nixpaks/qq.nix index 4f5003cb..bace0548 100644 --- a/hardening/nixpaks/qq.nix +++ b/hardening/nixpaks/qq.nix @@ -10,53 +10,60 @@ ... }: mkNixPak { - config = {sloth, ...}: { - app = { - package = pkgs.qq.override { - # fix fcitx5 input method - commandLineArgs = lib.concatStringsSep " " ["--enable-wayland-ime"]; + config = + { sloth, ... }: + { + app = { + package = pkgs.qq.override { + # fix fcitx5 input method + commandLineArgs = lib.concatStringsSep " " [ "--enable-wayland-ime" ]; + }; + binPath = "bin/qq"; }; - binPath = "bin/qq"; - }; - flatpak.appId = "com.tencent.qq"; + flatpak.appId = "com.tencent.qq"; - imports = [ - ./modules/gui-base.nix - ./modules/network.nix - ]; - - # list all dbus services: - # ls -al /run/current-system/sw/share/dbus-1/services/ - # ls -al /etc/profiles/per-user/ryan/share/dbus-1/services/ - dbus.policies = { - "org.gnome.Shell.Screencast" = "talk"; - # System tray icon - "org.freedesktop.Notifications" = "talk"; - "org.kde.StatusNotifierWatcher" = "talk"; - # File Manager - "org.freedesktop.FileManager1" = "talk"; - # Uses legacy StatusNotifier implementation - "org.kde.*" = "own"; - }; - bubblewrap = { - # To trace all the home files QQ accesses, you can use the following nushell command: - # just trace-access qq - # See the Justfile in the root of this repository for more information. - bind.rw = [ - # given the read write permission to the following directories. - # NOTE: sloth.mkdir is used to create the directory if it does not exist! - (sloth.mkdir (sloth.concat [sloth.xdgConfigHome "/QQ"])) - - sloth.xdgDocumentsDir - sloth.xdgDownloadDir - sloth.xdgMusicDir - sloth.xdgVideosDir + imports = [ + ./modules/gui-base.nix + ./modules/network.nix ]; - sockets = { - x11 = false; - wayland = true; - pipewire = true; + + # list all dbus services: + # ls -al /run/current-system/sw/share/dbus-1/services/ + # ls -al /etc/profiles/per-user/ryan/share/dbus-1/services/ + dbus.policies = { + "org.gnome.Shell.Screencast" = "talk"; + # System tray icon + "org.freedesktop.Notifications" = "talk"; + "org.kde.StatusNotifierWatcher" = "talk"; + # File Manager + "org.freedesktop.FileManager1" = "talk"; + # Uses legacy StatusNotifier implementation + "org.kde.*" = "own"; + }; + bubblewrap = { + # To trace all the home files QQ accesses, you can use the following nushell command: + # just trace-access qq + # See the Justfile in the root of this repository for more information. + bind.rw = [ + # given the read write permission to the following directories. + # NOTE: sloth.mkdir is used to create the directory if it does not exist! + (sloth.mkdir ( + sloth.concat [ + sloth.xdgConfigHome + "/QQ" + ] + )) + + sloth.xdgDocumentsDir + sloth.xdgDownloadDir + sloth.xdgMusicDir + sloth.xdgVideosDir + ]; + sockets = { + x11 = false; + wayland = true; + pipewire = true; + }; }; }; - }; } diff --git a/hardening/profiles/default.nix b/hardening/profiles/default.nix index ef52853a..8288f8a7 100644 --- a/hardening/profiles/default.nix +++ b/hardening/profiles/default.nix @@ -1,4 +1,5 @@ -{modulesPath, ...}: { +{ modulesPath, ... }: +{ imports = [ (modulesPath + "/profiles/hardened.nix") ]; diff --git a/home/base/core/core.nix b/home/base/core/core.nix index 33ca8084..dce4e191 100644 --- a/home/base/core/core.nix +++ b/home/base/core/core.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ home.packages = with pkgs; [ # Misc cowsay @@ -12,7 +13,7 @@ # search for files by name, faster than find fd # search for files by its content, replacement of grep - (ripgrep.override {withPCRE2 = true;}) + (ripgrep.override { withPCRE2 = true; }) # A fast and polyglot tool for code searching, linting, rewriting at large scale # supported languages: only some mainstream languages currently(do not support nix/nginx/yaml/toml/...) diff --git a/home/base/core/default.nix b/home/base/core/default.nix index eeb48a40..049dda93 100644 --- a/home/base/core/default.nix +++ b/home/base/core/default.nix @@ -1,3 +1,4 @@ -{mylib, ...}: { +{ mylib, ... }: +{ imports = mylib.scanPaths ./.; } diff --git a/home/base/core/editors/default.nix b/home/base/core/editors/default.nix index eeb48a40..049dda93 100644 --- a/home/base/core/editors/default.nix +++ b/home/base/core/editors/default.nix @@ -1,3 +1,4 @@ -{mylib, ...}: { +{ mylib, ... }: +{ imports = mylib.scanPaths ./.; } diff --git a/home/base/core/editors/helix/default.nix b/home/base/core/editors/helix/default.nix index cb29d426..32640c68 100644 --- a/home/base/core/editors/helix/default.nix +++ b/home/base/core/editors/helix/default.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ programs.helix = { enable = true; }; diff --git a/home/base/core/editors/neovim/default.nix b/home/base/core/editors/neovim/default.nix index 1467dd49..e16d36dc 100644 --- a/home/base/core/editors/neovim/default.nix +++ b/home/base/core/editors/neovim/default.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ programs = { neovim = { enable = true; diff --git a/home/base/core/git.nix b/home/base/core/git.nix index 0a3126a0..90ea60bb 100644 --- a/home/base/core/git.nix +++ b/home/base/core/git.nix @@ -4,12 +4,13 @@ pkgs, myvars, ... -}: { +}: +{ # `programs.git` will generate the config file: ~/.config/git/config # to make git use this config file, `~/.gitconfig` should not exist! # # https://git-scm.com/docs/git-config#Documentation/git-config.txt---global - home.activation.removeExistingGitconfig = lib.hm.dag.entryBefore ["checkLinkTargets"] '' + home.activation.removeExistingGitconfig = lib.hm.dag.entryBefore [ "checkLinkTargets" ] '' rm -f ${config.home.homeDirectory}/.gitconfig ''; diff --git a/home/base/core/npm.nix b/home/base/core/npm.nix index 602708a4..c3756cf9 100644 --- a/home/base/core/npm.nix +++ b/home/base/core/npm.nix @@ -1,4 +1,5 @@ -{config, ...}: { +{ config, ... }: +{ # make `npm install -g ` happey # # mainly used to install npm packages that updates frequently diff --git a/home/base/core/shells/default.nix b/home/base/core/shells/default.nix index a7f9b1b5..56a0e29d 100644 --- a/home/base/core/shells/default.nix +++ b/home/base/core/shells/default.nix @@ -1,4 +1,5 @@ -{config, ...}: let +{ config, ... }: +let shellAliases = { k = "kubectl"; @@ -10,7 +11,8 @@ goBin = "${config.home.homeDirectory}/go/bin"; rustBin = "${config.home.homeDirectory}/.cargo/bin"; npmBin = "${config.home.homeDirectory}/.npm/bin"; -in { +in +{ programs.bash = { enable = true; enableCompletion = true; diff --git a/home/base/core/theme.nix b/home/base/core/theme.nix index aed3ad0f..35ce701f 100644 --- a/home/base/core/theme.nix +++ b/home/base/core/theme.nix @@ -1,4 +1,5 @@ -{catppuccin, ...}: { +{ catppuccin, ... }: +{ # https://github.com/catppuccin/nix imports = [ catppuccin.homeModules.catppuccin diff --git a/home/base/core/yazi.nix b/home/base/core/yazi.nix index bb0dd19c..59faecd7 100644 --- a/home/base/core/yazi.nix +++ b/home/base/core/yazi.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ # terminal file manager programs.yazi = { enable = true; diff --git a/home/base/core/zellij/default.nix b/home/base/core/zellij/default.nix index 3b6df2cb..8d156e02 100644 --- a/home/base/core/zellij/default.nix +++ b/home/base/core/zellij/default.nix @@ -2,7 +2,8 @@ let shellAliases = { "zj" = "zellij"; }; -in { +in +{ programs.zellij = { enable = true; }; diff --git a/home/base/gui/default.nix b/home/base/gui/default.nix index eeb48a40..049dda93 100644 --- a/home/base/gui/default.nix +++ b/home/base/gui/default.nix @@ -1,3 +1,4 @@ -{mylib, ...}: { +{ mylib, ... }: +{ imports = mylib.scanPaths ./.; } diff --git a/home/base/gui/dev-tools.nix b/home/base/gui/dev-tools.nix index 069c5e47..4681cf46 100644 --- a/home/base/gui/dev-tools.nix +++ b/home/base/gui/dev-tools.nix @@ -1,5 +1,7 @@ -{pkgs, ...}: { - home.packages = with pkgs; +{ pkgs, ... }: +{ + home.packages = + with pkgs; [ mitmproxy # http/https proxy tool wireshark # network analyzer diff --git a/home/base/gui/terminal/alacritty/default.nix b/home/base/gui/terminal/alacritty/default.nix index 903af212..49932a96 100644 --- a/home/base/gui/terminal/alacritty/default.nix +++ b/home/base/gui/terminal/alacritty/default.nix @@ -52,10 +52,7 @@ bold_italic = { family = "Maple Mono NF CN"; }; - size = - if pkgs.stdenv.isDarwin - then 14 - else 13; + size = if pkgs.stdenv.isDarwin then 14 else 13; }; terminal = { # Spawn a nushell in login mode via `bash` diff --git a/home/base/gui/terminal/default.nix b/home/base/gui/terminal/default.nix index eeb48a40..049dda93 100644 --- a/home/base/gui/terminal/default.nix +++ b/home/base/gui/terminal/default.nix @@ -1,3 +1,4 @@ -{mylib, ...}: { +{ mylib, ... }: +{ imports = mylib.scanPaths ./.; } diff --git a/home/base/gui/terminal/foot.nix b/home/base/gui/terminal/foot.nix index bb133b3c..f9ed8964 100644 --- a/home/base/gui/terminal/foot.nix +++ b/home/base/gui/terminal/foot.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ programs.foot = { # foot is designed only for Linux enable = pkgs.stdenv.isLinux; diff --git a/home/base/gui/terminal/ghostty.nix b/home/base/gui/terminal/ghostty.nix index caae8326..d86dee36 100644 --- a/home/base/gui/terminal/ghostty.nix +++ b/home/base/gui/terminal/ghostty.nix @@ -12,9 +12,10 @@ programs.ghostty = { enable = true; package = - if pkgs.stdenv.isDarwin - then pkgs.hello # pkgs.ghostty is currently broken on darwin - else pkgs.ghostty; # the stable version + if pkgs.stdenv.isDarwin then + pkgs.hello # pkgs.ghostty is currently broken on darwin + else + pkgs.ghostty; # the stable version # package = ghostty.packages.${pkgs.system}.default; # the latest version enableBashIntegration = false; installBatSyntax = false; diff --git a/home/base/gui/terminal/kitty.nix b/home/base/gui/terminal/kitty.nix index 22042563..aa586794 100644 --- a/home/base/gui/terminal/kitty.nix +++ b/home/base/gui/terminal/kitty.nix @@ -19,10 +19,7 @@ font = { name = "Maple Mono NF CN"; # use different font size on macOS - size = - if pkgs.stdenv.isDarwin - then 14 - else 13; + size = if pkgs.stdenv.isDarwin then 14 else 13; }; # consistent with other terminal emulators @@ -48,6 +45,6 @@ }; # macOS specific settings - darwinLaunchOptions = ["--start-as=maximized"]; + darwinLaunchOptions = [ "--start-as=maximized" ]; }; } diff --git a/home/base/home.nix b/home/base/home.nix index f935704b..f52fd799 100644 --- a/home/base/home.nix +++ b/home/base/home.nix @@ -1,4 +1,5 @@ -{myvars, ...}: { +{ myvars, ... }: +{ # Home Manager needs a bit of information about you and the # paths it should manage. home = { diff --git a/home/base/tui/cloud/default.nix b/home/base/tui/cloud/default.nix index fa719c10..bf0d3cc8 100644 --- a/home/base/tui/cloud/default.nix +++ b/home/base/tui/cloud/default.nix @@ -2,7 +2,8 @@ lib, pkgs, ... -}: { +}: +{ # https://developer.hashicorp.com/terraform/cli/config/config-file home.file.".terraformrc".source = ./terraformrc; @@ -30,9 +31,12 @@ # digitalocean doctl # google cloud - (google-cloud-sdk.withExtraComponents (with google-cloud-sdk.components; [ - gke-gcloud-auth-plugin - ])) + (google-cloud-sdk.withExtraComponents ( + with google-cloud-sdk.components; + [ + gke-gcloud-auth-plugin + ] + )) # cloud tools that nix do not have cache for. terraform diff --git a/home/base/tui/container.nix b/home/base/tui/container.nix index 6da4a3bb..b33c8ae5 100644 --- a/home/base/tui/container.nix +++ b/home/base/tui/container.nix @@ -3,7 +3,8 @@ pkgs-unstable, nur-ryan4yin, ... -}: { +}: +{ home.packages = with pkgs; [ podman-compose dive # explore docker layers diff --git a/home/base/tui/default.nix b/home/base/tui/default.nix index eeb48a40..049dda93 100644 --- a/home/base/tui/default.nix +++ b/home/base/tui/default.nix @@ -1,3 +1,4 @@ -{mylib, ...}: { +{ mylib, ... }: +{ imports = mylib.scanPaths ./.; } diff --git a/home/base/tui/dev-tools.nix b/home/base/tui/dev-tools.nix index 274b0107..cebbfb30 100644 --- a/home/base/tui/dev-tools.nix +++ b/home/base/tui/dev-tools.nix @@ -2,7 +2,8 @@ pkgs, pkgs-unstable, ... -}: { +}: +{ ############################################################# # # Basic settings for development environment diff --git a/home/base/tui/editors/default.nix b/home/base/tui/editors/default.nix index eeb48a40..049dda93 100644 --- a/home/base/tui/editors/default.nix +++ b/home/base/tui/editors/default.nix @@ -1,3 +1,4 @@ -{mylib, ...}: { +{ mylib, ... }: +{ imports = mylib.scanPaths ./.; } diff --git a/home/base/tui/editors/helix/default.nix b/home/base/tui/editors/helix/default.nix index b8497810..9b822747 100644 --- a/home/base/tui/editors/helix/default.nix +++ b/home/base/tui/editors/helix/default.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ programs.helix = { enable = true; package = pkgs.helix; diff --git a/home/base/tui/editors/neovim/default.nix b/home/base/tui/editors/neovim/default.nix index c1196e65..8d607537 100644 --- a/home/base/tui/editors/neovim/default.nix +++ b/home/base/tui/editors/neovim/default.nix @@ -18,7 +18,8 @@ let # the path to nvim directory # to make this symlink work, we need to git clone this repo to your home directory. configPath = "${config.home.homeDirectory}/nix-config/home/base/tui/editors/neovim/nvim"; -in { +in +{ xdg.configFile."nvim".source = config.lib.file.mkOutOfStoreSymlink configPath; # Disable catppuccin to avoid conflict with my non-nix config. catppuccin.nvim.enable = false; diff --git a/home/base/tui/editors/packages.nix b/home/base/tui/editors/packages.nix index c2b4e90c..b265a2a3 100644 --- a/home/base/tui/editors/packages.nix +++ b/home/base/tui/editors/packages.nix @@ -2,153 +2,155 @@ pkgs, pkgs-unstable, ... -}: { - home.packages = with pkgs; ( - # -*- Data & Configuration Languages -*-# - [ - #-- nix - nil - nixd - statix # Lints and suggestions for the nix programming language - deadnix # Find and remove unused code in .nix source files - nixfmt # Nix Code Formatter +}: +{ + home.packages = + with pkgs; + ( + # -*- Data & Configuration Languages -*-# + [ + #-- nix + nil + nixd + statix # Lints and suggestions for the nix programming language + deadnix # Find and remove unused code in .nix source files + nixfmt # Nix Code Formatter - #-- nickel lang - nickel + #-- nickel lang + nickel - #-- json like - # terraform # install via brew on macOS - terraform-ls - jsonnet - jsonnet-language-server - taplo # TOML language server / formatter / validator - nodePackages.yaml-language-server - actionlint # GitHub Actions linter + #-- json like + # terraform # install via brew on macOS + terraform-ls + jsonnet + jsonnet-language-server + taplo # TOML language server / formatter / validator + nodePackages.yaml-language-server + actionlint # GitHub Actions linter - #-- dockerfile - hadolint # Dockerfile linter - nodePackages.dockerfile-language-server-nodejs + #-- dockerfile + hadolint # Dockerfile linter + nodePackages.dockerfile-language-server-nodejs - #-- markdown - marksman # language server for markdown - glow # markdown previewer - pandoc # document converter - pkgs-unstable.hugo # static site generator + #-- markdown + marksman # language server for markdown + glow # markdown previewer + pandoc # document converter + pkgs-unstable.hugo # static site generator - #-- sql - sqlfluff + #-- sql + sqlfluff - #-- protocol buffer - buf # linting and formatting - ] - ++ - #-*- General Purpose Languages -*-# - [ - #-- c/c++ - cmake - cmake-language-server - gnumake - checkmake - # c/c++ compiler, required by nvim-treesitter! - gcc - gdb - # c/c++ tools with clang-tools, the unwrapped version won't - # add alias like `cc` and `c++`, so that it won't conflict with gcc - # llvmPackages.clang-unwrapped - clang-tools - lldb - vscode-extensions.vadimcn.vscode-lldb.adapter # codelldb - debugger + #-- protocol buffer + buf # linting and formatting + ] + ++ + #-*- General Purpose Languages -*-# + [ + #-- c/c++ + cmake + cmake-language-server + gnumake + checkmake + # c/c++ compiler, required by nvim-treesitter! + gcc + gdb + # c/c++ tools with clang-tools, the unwrapped version won't + # add alias like `cc` and `c++`, so that it won't conflict with gcc + # llvmPackages.clang-unwrapped + clang-tools + lldb + vscode-extensions.vadimcn.vscode-lldb.adapter # codelldb - debugger - #-- python - pipx # Install and Run Python Applications in Isolated Environments - uv # python project package manager - pyright # python language server - (python313.withPackages ( - ps: - with ps; [ - ruff - black # python formatter - # debugpy + #-- python + pipx # Install and Run Python Applications in Isolated Environments + uv # python project package manager + pyright # python language server + (python313.withPackages ( + ps: with ps; [ + ruff + black # python formatter + # debugpy - # my commonly used python packages - jupyter - ipython - pandas - requests - pyquery - pyyaml - boto3 - ] - )) + # my commonly used python packages + jupyter + ipython + pandas + requests + pyquery + pyyaml + boto3 + ] + )) - #-- rust - # we'd better use the rust-overlays for rust development - pkgs-unstable.rustc - pkgs-unstable.rust-analyzer - pkgs-unstable.cargo # rust package manager - pkgs-unstable.rustfmt - pkgs-unstable.clippy # rust linter + #-- rust + # we'd better use the rust-overlays for rust development + pkgs-unstable.rustc + pkgs-unstable.rust-analyzer + pkgs-unstable.cargo # rust package manager + pkgs-unstable.rustfmt + pkgs-unstable.clippy # rust linter - #-- golang - go - gomodifytags - iferr # generate error handling code for go - impl # generate function implementation for go - gotools # contains tools like: godoc, goimports, etc. - gopls # go language server - delve # go debugger + #-- golang + go + gomodifytags + iferr # generate error handling code for go + impl # generate function implementation for go + gotools # contains tools like: godoc, goimports, etc. + gopls # go language server + delve # go debugger - # -- java - jdk17 - gradle - maven - spring-boot-cli - jdt-language-server + # -- java + jdk17 + gradle + maven + spring-boot-cli + jdt-language-server - #-- zig - zls + #-- zig + zls - #-- lua - stylua - lua-language-server + #-- lua + stylua + lua-language-server - #-- bash - nodePackages.bash-language-server - shellcheck - shfmt - ] - #-*- Web Development -*-# - ++ [ - nodePackages.nodejs - nodePackages.typescript - nodePackages.typescript-language-server - # HTML/CSS/JSON/ESLint language servers extracted from vscode - nodePackages.vscode-langservers-extracted - nodePackages."@tailwindcss/language-server" - emmet-ls - ] - # -*- Lisp like Languages -*-# - # ++ [ - # guile - # racket-minimal - # fnlfmt # fennel - # ( - # if pkgs.stdenv.isLinux && pkgs.stdenv.isx86 - # then pkgs-unstable.akkuPackages.scheme-langserver - # else pkgs.emptyDirectory - # ) - # ] - ++ [ - proselint # English prose linter + #-- bash + nodePackages.bash-language-server + shellcheck + shfmt + ] + #-*- Web Development -*-# + ++ [ + nodePackages.nodejs + nodePackages.typescript + nodePackages.typescript-language-server + # HTML/CSS/JSON/ESLint language servers extracted from vscode + nodePackages.vscode-langservers-extracted + nodePackages."@tailwindcss/language-server" + emmet-ls + ] + # -*- Lisp like Languages -*-# + # ++ [ + # guile + # racket-minimal + # fnlfmt # fennel + # ( + # if pkgs.stdenv.isLinux && pkgs.stdenv.isx86 + # then pkgs-unstable.akkuPackages.scheme-langserver + # else pkgs.emptyDirectory + # ) + # ] + ++ [ + proselint # English prose linter - #-- verilog / systemverilog - verible + #-- verilog / systemverilog + verible - #-- Optional Requirements: - nodePackages.prettier # common code formatter - fzf - gdu # disk usage analyzer, required by AstroNvim - (ripgrep.override {withPCRE2 = true;}) # recursively searches directories for a regex pattern - ] - ); + #-- Optional Requirements: + nodePackages.prettier # common code formatter + fzf + gdu # disk usage analyzer, required by AstroNvim + (ripgrep.override { withPCRE2 = true; }) # recursively searches directories for a regex pattern + ] + ); } diff --git a/home/base/tui/encryption/default.nix b/home/base/tui/encryption/default.nix index 01052571..d31f34e6 100644 --- a/home/base/tui/encryption/default.nix +++ b/home/base/tui/encryption/default.nix @@ -2,7 +2,8 @@ pkgs, pkgs-unstable, ... -}: { +}: +{ home.packages = with pkgs; [ age sops diff --git a/home/base/tui/gpg/default.nix b/home/base/tui/gpg/default.nix index cfaa3013..a2769b92 100644 --- a/home/base/tui/gpg/default.nix +++ b/home/base/tui/gpg/default.nix @@ -2,7 +2,8 @@ config, mysecrets, ... -}: { +}: +{ programs.gpg = { enable = true; homedir = "${config.home.homeDirectory}/.gnupg"; diff --git a/home/base/tui/password-store/default.nix b/home/base/tui/password-store/default.nix index 6a7126e9..b0a6f77a 100644 --- a/home/base/tui/password-store/default.nix +++ b/home/base/tui/password-store/default.nix @@ -3,9 +3,11 @@ config, lib, ... -}: let +}: +let passwordStoreDir = "${config.xdg.dataHome}/password-store"; -in { +in +{ programs.password-store = { enable = true; package = pkgs.pass.withExtensions (exts: [ diff --git a/home/base/tui/shell.nix b/home/base/tui/shell.nix index b738d874..65d2e5f8 100644 --- a/home/base/tui/shell.nix +++ b/home/base/tui/shell.nix @@ -2,9 +2,11 @@ config, pkgs-unstable, ... -}: let +}: +let inherit (pkgs-unstable) nu_scripts; -in { +in +{ programs.nushell = { # load the alias file for work # the file must exist, otherwise nushell will complain about it! diff --git a/home/base/tui/ssh.nix b/home/base/tui/ssh.nix index e762b0e9..4ae0d189 100644 --- a/home/base/tui/ssh.nix +++ b/home/base/tui/ssh.nix @@ -2,7 +2,8 @@ config, mysecrets, ... -}: { +}: +{ home.file.".ssh/romantic.pub".source = "${mysecrets}/public/romantic.pub"; programs.ssh = { diff --git a/home/base/tui/zellij/default.nix b/home/base/tui/zellij/default.nix index c60de7a7..5432e174 100644 --- a/home/base/tui/zellij/default.nix +++ b/home/base/tui/zellij/default.nix @@ -1,8 +1,10 @@ -{pkgs, ...}: let +{ pkgs, ... }: +let shellAliases = { "zj" = "zellij"; }; -in { +in +{ programs.zellij = { enable = true; package = pkgs.zellij; diff --git a/home/darwin/aerospace/default.nix b/home/darwin/aerospace/default.nix index 6be6f448..dc1fd6be 100644 --- a/home/darwin/aerospace/default.nix +++ b/home/darwin/aerospace/default.nix @@ -1,5 +1,5 @@ -{config, ...}: { +{ config, ... }: +{ home.file.".aerospace.toml".source = - config.lib.file.mkOutOfStoreSymlink - "${config.home.homeDirectory}/nix-config/home/darwin/aerospace/aerospace.toml"; + config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/nix-config/home/darwin/aerospace/aerospace.toml"; } diff --git a/home/darwin/default.nix b/home/darwin/default.nix index 7a890430..64ece2c8 100644 --- a/home/darwin/default.nix +++ b/home/darwin/default.nix @@ -2,16 +2,15 @@ mylib, myvars, ... -}: { +}: +{ home.homeDirectory = "/Users/${myvars.username}"; - imports = - (mylib.scanPaths ./.) - ++ [ - ../base/core - ../base/tui - ../base/gui - ../base/home.nix - ]; + imports = (mylib.scanPaths ./.) ++ [ + ../base/core + ../base/tui + ../base/gui + ../base/home.nix + ]; # enable management of XDG base directories on macOS. xdg.enable = true; diff --git a/home/darwin/proxy/default.nix b/home/darwin/proxy/default.nix index 74c0c831..fd964fb9 100644 --- a/home/darwin/proxy/default.nix +++ b/home/darwin/proxy/default.nix @@ -2,12 +2,12 @@ config, pkgs, ... -}: { +}: +{ home.packages = with pkgs; [ clash-meta ]; home.file.".proxychains/proxychains.conf".source = - config.lib.file.mkOutOfStoreSymlink - "${config.home.homeDirectory}/nix-config/home/darwin/proxy/proxychains.conf"; + config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/nix-config/home/darwin/proxy/proxychains.conf"; } diff --git a/home/darwin/rime-squirrel.nix b/home/darwin/rime-squirrel.nix index 77a55874..2903630e 100644 --- a/home/darwin/rime-squirrel.nix +++ b/home/darwin/rime-squirrel.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ # Squirrel Input Method home.file."Library/Rime" = { # my custom squirrel data (flypy input method) diff --git a/home/darwin/shell.nix b/home/darwin/shell.nix index 7c5b65f1..45cfedd0 100644 --- a/home/darwin/shell.nix +++ b/home/darwin/shell.nix @@ -1,4 +1,5 @@ -{lib, ...}: let +{ lib, ... }: +let envExtra = '' export PATH="$PATH:/opt/homebrew/bin:/usr/local/bin" ''; @@ -20,7 +21,8 @@ true fi ''; -in { +in +{ # Homebrew's default install location: # /opt/homebrew for Apple Silicon # /usr/local for macOS Intel diff --git a/home/linux/base/default.nix b/home/linux/base/default.nix index eeb48a40..049dda93 100644 --- a/home/linux/base/default.nix +++ b/home/linux/base/default.nix @@ -1,3 +1,4 @@ -{mylib, ...}: { +{ mylib, ... }: +{ imports = mylib.scanPaths ./.; } diff --git a/home/linux/base/shell.nix b/home/linux/base/shell.nix index 7bab02f7..334f0597 100644 --- a/home/linux/base/shell.nix +++ b/home/linux/base/shell.nix @@ -2,11 +2,13 @@ config, myvars, ... -}: let +}: +let d = config.xdg.dataHome; c = config.xdg.configHome; cache = config.xdg.cacheHome; -in rec { +in +rec { home.homeDirectory = "/home/${myvars.username}"; # environment variables that always set at login diff --git a/home/linux/base/tools.nix b/home/linux/base/tools.nix index 534a3d71..2a1477af 100644 --- a/home/linux/base/tools.nix +++ b/home/linux/base/tools.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ # Linux Only Packages, not available on Darwin home.packages = with pkgs; [ # misc diff --git a/home/linux/gui/base/creative.nix b/home/linux/gui/base/creative.nix index d381269b..5b930a55 100644 --- a/home/linux/gui/base/creative.nix +++ b/home/linux/gui/base/creative.nix @@ -6,8 +6,10 @@ nur-ryan4yin, blender-bin, ... -}: { - home.packages = with pkgs; +}: +{ + home.packages = + with pkgs; [ # creative # gimp # image editing, I prefer using figma in browser instead of this one @@ -41,7 +43,8 @@ # live streaming obs-studio = { enable = pkgs.stdenv.isx86_64; - plugins = with pkgs.obs-studio-plugins; + plugins = + with pkgs.obs-studio-plugins; [ # screen capture wlrobs diff --git a/home/linux/gui/base/default.nix b/home/linux/gui/base/default.nix index eeb48a40..049dda93 100644 --- a/home/linux/gui/base/default.nix +++ b/home/linux/gui/base/default.nix @@ -1,3 +1,4 @@ -{mylib, ...}: { +{ mylib, ... }: +{ imports = mylib.scanPaths ./.; } diff --git a/home/linux/gui/base/dev-tools.nix b/home/linux/gui/base/dev-tools.nix index 1969e220..348d7ef9 100644 --- a/home/linux/gui/base/dev-tools.nix +++ b/home/linux/gui/base/dev-tools.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ home.packages = with pkgs; [ android-tools ]; diff --git a/home/linux/gui/base/eye-protection.nix b/home/linux/gui/base/eye-protection.nix index cba42956..77c87350 100644 --- a/home/linux/gui/base/eye-protection.nix +++ b/home/linux/gui/base/eye-protection.nix @@ -2,7 +2,8 @@ pkgs, lib, ... -}: { +}: +{ # Adjust the color temperature(& brightness) of your screen according to # your surroundings. This may help your eyes hurt less if you are # working in front of the screen at night. diff --git a/home/linux/gui/base/fcitx5/default.nix b/home/linux/gui/base/fcitx5/default.nix index 8d6f4746..9ce2a603 100644 --- a/home/linux/gui/base/fcitx5/default.nix +++ b/home/linux/gui/base/fcitx5/default.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ xdg.configFile = { "fcitx5/profile" = { source = ./profile; diff --git a/home/linux/gui/base/games.nix b/home/linux/gui/base/games.nix index 131aa8f7..b9a17377 100644 --- a/home/linux/gui/base/games.nix +++ b/home/linux/gui/base/games.nix @@ -2,7 +2,8 @@ pkgs, nix-gaming, ... -}: { +}: +{ home.packages = with pkgs; [ # nix-gaming.packages.${pkgs.system}.osu-laser-bin gamescope # SteamOS session compositing window manager diff --git a/home/linux/gui/base/gtk.nix b/home/linux/gui/base/gtk.nix index a69fc9f0..d5e2bf72 100644 --- a/home/linux/gui/base/gtk.nix +++ b/home/linux/gui/base/gtk.nix @@ -2,7 +2,8 @@ pkgs, config, ... -}: { +}: +{ # If your themes for mouse cursor, icons or windows don’t load correctly, # try setting them with home.pointerCursor and gtk.theme, # which enable a bunch of compatibility options that should make the themes load in all situations. diff --git a/home/linux/gui/base/immutable-file.nix b/home/linux/gui/base/immutable-file.nix index 9c06513f..a3993cf5 100644 --- a/home/linux/gui/base/immutable-file.nix +++ b/home/linux/gui/base/immutable-file.nix @@ -16,7 +16,8 @@ # TODO not used yet, need to test it. # ############################################################################################## -with lib; let +with lib; +let cfg = config.home.immutable-file; immutableFileOpts = _: { options = { @@ -42,24 +43,25 @@ with lib; let sudo cp $2 $1 sudo chattr +i $1 ''; -in { +in +{ options.home.immutable-file = mkOption { type = with types; attrsOf (submodule immutableFileOpts); - default = {}; + default = { }; }; - config = mkIf (cfg != {}) { - home.activation = - mapAttrs' - (name: { + config = mkIf (cfg != { }) { + home.activation = mapAttrs' ( + name: + { src, dst, }: - nameValuePair - "make-immutable-${name}" - (lib.hm.dag.entryAfter ["writeBoundary"] '' + nameValuePair "make-immutable-${name}" ( + lib.hm.dag.entryAfter [ "writeBoundary" ] '' ${mkImmutableFile} ${dst} ${src} - '')) - cfg; + '' + ) + ) cfg; }; } diff --git a/home/linux/gui/base/media.nix b/home/linux/gui/base/media.nix index c3df5e56..fa8e31b2 100644 --- a/home/linux/gui/base/media.nix +++ b/home/linux/gui/base/media.nix @@ -6,7 +6,8 @@ }: # media - control and enjoy audio/video { - home.packages = with pkgs; + home.packages = + with pkgs; [ # audio control pavucontrol @@ -22,13 +23,13 @@ nvitop ] ++ (lib.optionals pkgs.stdenv.isx86_64 [ - (zoom-us.override {hyprlandXdgDesktopPortalSupport = true;}) + (zoom-us.override { hyprlandXdgDesktopPortalSupport = true; }) ]); programs.mpv = { enable = true; - defaultProfiles = ["gpu-hq"]; - scripts = [pkgs.mpvScripts.mpris]; + defaultProfiles = [ "gpu-hq" ]; + scripts = [ pkgs.mpvScripts.mpris ]; }; services = { diff --git a/home/linux/gui/base/misc.nix b/home/linux/gui/base/misc.nix index 36c4f77c..3cfb43fb 100644 --- a/home/linux/gui/base/misc.nix +++ b/home/linux/gui/base/misc.nix @@ -2,7 +2,8 @@ pkgs, pkgs-unstable, ... -}: { +}: +{ home.packages = with pkgs; [ # GUI apps # e-book viewer(.epub/.mobi/...) diff --git a/home/linux/gui/base/note-taking.nix b/home/linux/gui/base/note-taking.nix index ec38a623..f2808726 100644 --- a/home/linux/gui/base/note-taking.nix +++ b/home/linux/gui/base/note-taking.nix @@ -1,7 +1,10 @@ -{pkgs, ...}: { - home.packages = with pkgs; (lib.optionals pkgs.stdenv.isx86_64 [ - # https://joplinapp.org/help/ - joplin # joplin-cli - joplin-desktop - ]); +{ pkgs, ... }: +{ + home.packages = + with pkgs; + (lib.optionals pkgs.stdenv.isx86_64 [ + # https://joplinapp.org/help/ + joplin # joplin-cli + joplin-desktop + ]); } diff --git a/home/linux/gui/base/wallpaper/default.nix b/home/linux/gui/base/wallpaper/default.nix index 230962c1..143e8914 100644 --- a/home/linux/gui/base/wallpaper/default.nix +++ b/home/linux/gui/base/wallpaper/default.nix @@ -4,26 +4,37 @@ lib, wallpapers, ... -}: { +}: +{ systemd.user.services.wallpaper = { Unit = { Description = "Wallpaper Switcher daemon"; - After = ["graphical-session-pre.target" "xdg-desktop-autostart.target"]; - Wants = ["graphical-session-pre.target"]; + After = [ + "graphical-session-pre.target" + "xdg-desktop-autostart.target" + ]; + Wants = [ "graphical-session-pre.target" ]; }; - Install.WantedBy = ["graphical-session.target"]; + Install.WantedBy = [ "graphical-session.target" ]; Service = { - ExecStart = lib.getExe (pkgs.writeShellApplication { - name = "wallpaper"; - runtimeInputs = with pkgs; [procps feh swaybg python3]; - text = '' - export WALLPAPERS_DIR="${wallpapers}" - export WALLPAPERS_STATE_FILEPATH="${config.xdg.stateHome}/wallpaper-switcher/switcher_state" - export WALLPAPER_WAIT_MIN=60 - export WALLPAPER_WAIT_MAX=180 - exec ${./wallpaper-switcher.py} - ''; - }); + ExecStart = lib.getExe ( + pkgs.writeShellApplication { + name = "wallpaper"; + runtimeInputs = with pkgs; [ + procps + feh + swaybg + python3 + ]; + text = '' + export WALLPAPERS_DIR="${wallpapers}" + export WALLPAPERS_STATE_FILEPATH="${config.xdg.stateHome}/wallpaper-switcher/switcher_state" + export WALLPAPER_WAIT_MIN=60 + export WALLPAPER_WAIT_MAX=180 + exec ${./wallpaper-switcher.py} + ''; + } + ); RestartSec = 3; Restart = "on-failure"; }; diff --git a/home/linux/gui/base/xdg.nix b/home/linux/gui/base/xdg.nix index ed5f7f4d..34a8a91f 100644 --- a/home/linux/gui/base/xdg.nix +++ b/home/linux/gui/base/xdg.nix @@ -6,7 +6,8 @@ config, pkgs, ... -}: { +}: +{ home.packages = with pkgs; [ xdg-utils # provides cli tools such as `xdg-mime` `xdg-open` xdg-user-dirs @@ -31,53 +32,63 @@ mimeApps = { enable = true; # let `xdg-open` to open the url with the correct application. - defaultApplications = let - browser = ["google-chrome.desktop" "firefox.desktop"]; - editor = ["nvim.desktop" "Helix.desktop" "code.desktop" "code-insiders.desktop"]; - in { - "application/json" = browser; - "application/pdf" = browser; # TODO: pdf viewer + defaultApplications = + let + browser = [ + "google-chrome.desktop" + "firefox.desktop" + ]; + editor = [ + "nvim.desktop" + "Helix.desktop" + "code.desktop" + "code-insiders.desktop" + ]; + in + { + "application/json" = browser; + "application/pdf" = browser; # TODO: pdf viewer - "text/html" = browser; - "text/xml" = browser; - "text/plain" = editor; - "application/xml" = browser; - "application/xhtml+xml" = browser; - "application/xhtml_xml" = browser; - "application/rdf+xml" = browser; - "application/rss+xml" = browser; - "application/x-extension-htm" = browser; - "application/x-extension-html" = browser; - "application/x-extension-shtml" = browser; - "application/x-extension-xht" = browser; - "application/x-extension-xhtml" = browser; - "application/x-wine-extension-ini" = editor; + "text/html" = browser; + "text/xml" = browser; + "text/plain" = editor; + "application/xml" = browser; + "application/xhtml+xml" = browser; + "application/xhtml_xml" = browser; + "application/rdf+xml" = browser; + "application/rss+xml" = browser; + "application/x-extension-htm" = browser; + "application/x-extension-html" = browser; + "application/x-extension-shtml" = browser; + "application/x-extension-xht" = browser; + "application/x-extension-xhtml" = browser; + "application/x-wine-extension-ini" = editor; - # define default applications for some url schemes. - "x-scheme-handler/about" = browser; # open `about:` url with `browser` - "x-scheme-handler/ftp" = browser; # open `ftp:` url with `browser` - "x-scheme-handler/http" = browser; - "x-scheme-handler/https" = browser; - # https://github.com/microsoft/vscode/issues/146408 - "x-scheme-handler/vscode" = ["code-url-handler.desktop"]; # open `vscode://` url with `code-url-handler.desktop` - "x-scheme-handler/vscode-insiders" = ["code-insiders-url-handler.desktop"]; # open `vscode-insiders://` url with `code-insiders-url-handler.desktop` - "x-scheme-handler/zoommtg" = ["Zoom.desktop"]; + # define default applications for some url schemes. + "x-scheme-handler/about" = browser; # open `about:` url with `browser` + "x-scheme-handler/ftp" = browser; # open `ftp:` url with `browser` + "x-scheme-handler/http" = browser; + "x-scheme-handler/https" = browser; + # https://github.com/microsoft/vscode/issues/146408 + "x-scheme-handler/vscode" = [ "code-url-handler.desktop" ]; # open `vscode://` url with `code-url-handler.desktop` + "x-scheme-handler/vscode-insiders" = [ "code-insiders-url-handler.desktop" ]; # open `vscode-insiders://` url with `code-insiders-url-handler.desktop` + "x-scheme-handler/zoommtg" = [ "Zoom.desktop" ]; - # all other unknown schemes will be opened by this default application. - # "x-scheme-handler/unknown" = editor; + # all other unknown schemes will be opened by this default application. + # "x-scheme-handler/unknown" = editor; - "x-scheme-handler/tg" = ["org.telegram.desktop.desktop "]; + "x-scheme-handler/tg" = [ "org.telegram.desktop.desktop " ]; - "audio/*" = ["mpv.desktop"]; - "video/*" = ["mpv.desktop"]; - "image/*" = ["imv-dir.desktop"]; - "image/gif" = ["imv-dir.desktop"]; - "image/jpeg" = ["imv-dir.desktop"]; - "image/png" = ["imv-dir.desktop"]; - "image/webp" = ["imv-dir.desktop"]; + "audio/*" = [ "mpv.desktop" ]; + "video/*" = [ "mpv.desktop" ]; + "image/*" = [ "imv-dir.desktop" ]; + "image/gif" = [ "imv-dir.desktop" ]; + "image/jpeg" = [ "imv-dir.desktop" ]; + "image/png" = [ "imv-dir.desktop" ]; + "image/webp" = [ "imv-dir.desktop" ]; - "inode/directory" = ["yazi.desktop"]; - }; + "inode/directory" = [ "yazi.desktop" ]; + }; associations.removed = { # ...... diff --git a/home/linux/gui/default.nix b/home/linux/gui/default.nix index eeb48a40..049dda93 100644 --- a/home/linux/gui/default.nix +++ b/home/linux/gui/default.nix @@ -1,3 +1,4 @@ -{mylib, ...}: { +{ mylib, ... }: +{ imports = mylib.scanPaths ./.; } diff --git a/home/linux/gui/editors/default.nix b/home/linux/gui/editors/default.nix index f6cd676c..e9b889e2 100644 --- a/home/linux/gui/editors/default.nix +++ b/home/linux/gui/editors/default.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ home.packages = with pkgs; [ zed-editor code-cursor diff --git a/home/linux/gui/hyprland/default.nix b/home/linux/gui/hyprland/default.nix index 0a4f66b6..22a7a707 100644 --- a/home/linux/gui/hyprland/default.nix +++ b/home/linux/gui/hyprland/default.nix @@ -4,10 +4,12 @@ lib, anyrun, ... -} @ args: -with lib; let +}@args: +with lib; +let cfg = config.modules.desktop.hyprland; -in { +in +{ imports = [ # anyrun.homeManagerModules.default # the module is already in hm now. ./options @@ -16,32 +18,36 @@ in { options.modules.desktop.hyprland = { enable = mkEnableOption "hyprland compositor"; settings = lib.mkOption { - type = with lib.types; let - valueType = - nullOr (oneOf [ - bool - int - float - str - path - (attrsOf valueType) - (listOf valueType) - ]) - // { - description = "Hyprland configuration value"; - }; - in + type = + with lib.types; + let + valueType = + nullOr (oneOf [ + bool + int + float + str + path + (attrsOf valueType) + (listOf valueType) + ]) + // { + description = "Hyprland configuration value"; + }; + in valueType; - default = {}; + default = { }; }; }; config = mkIf cfg.enable ( - mkMerge ([ + mkMerge ( + [ { wayland.windowManager.hyprland.settings = cfg.settings; } ] - ++ (import ./values args)) + ++ (import ./values args) + ) ); } diff --git a/home/linux/gui/hyprland/options/default.nix b/home/linux/gui/hyprland/options/default.nix index eeb48a40..049dda93 100644 --- a/home/linux/gui/hyprland/options/default.nix +++ b/home/linux/gui/hyprland/options/default.nix @@ -1,3 +1,4 @@ -{mylib, ...}: { +{ mylib, ... }: +{ imports = mylib.scanPaths ./.; } diff --git a/home/linux/gui/hyprland/options/nvidia.nix b/home/linux/gui/hyprland/options/nvidia.nix index b144d75b..48e6789c 100644 --- a/home/linux/gui/hyprland/options/nvidia.nix +++ b/home/linux/gui/hyprland/options/nvidia.nix @@ -3,9 +3,11 @@ lib, ... }: -with lib; let +with lib; +let cfg = config.modules.desktop.hyprland; -in { +in +{ options.modules.desktop.hyprland = { nvidia = mkEnableOption "whether nvidia GPU is used"; }; diff --git a/home/linux/gui/hyprland/values/anyrun.nix b/home/linux/gui/hyprland/values/anyrun.nix index d45eda56..22c2451d 100644 --- a/home/linux/gui/hyprland/values/anyrun.nix +++ b/home/linux/gui/hyprland/values/anyrun.nix @@ -2,7 +2,8 @@ pkgs, anyrun, ... -}: { +}: +{ programs.anyrun = { enable = true; config = { diff --git a/home/linux/gui/hyprland/values/default.nix b/home/linux/gui/hyprland/values/default.nix index 0e13748d..6efaa0c3 100644 --- a/home/linux/gui/hyprland/values/default.nix +++ b/home/linux/gui/hyprland/values/default.nix @@ -1,4 +1 @@ -{mylib, ...} @ args: -map -(path: import path args) -(mylib.scanPaths ./.) +{ mylib, ... }@args: map (path: import path args) (mylib.scanPaths ./.) diff --git a/home/linux/gui/hyprland/values/hyprland.nix b/home/linux/gui/hyprland/values/hyprland.nix index ba834ab2..81b54494 100644 --- a/home/linux/gui/hyprland/values/hyprland.nix +++ b/home/linux/gui/hyprland/values/hyprland.nix @@ -2,19 +2,23 @@ pkgs, config, ... -}: let +}: +let package = pkgs.hyprland; -in { - xdg.configFile = let - mkSymlink = config.lib.file.mkOutOfStoreSymlink; - hyprPath = "${config.home.homeDirectory}/nix-config/home/linux/gui/hyprland/conf"; - in { - "mako".source = mkSymlink "${hyprPath}/mako"; - "waybar".source = mkSymlink "${hyprPath}/waybar"; - "wlogout".source = mkSymlink "${hyprPath}/wlogout"; - "hypr/hypridle.conf".source = mkSymlink "${hyprPath}/hypridle.conf"; - "hypr/configs".source = mkSymlink "${hyprPath}/configs"; - }; +in +{ + xdg.configFile = + let + mkSymlink = config.lib.file.mkOutOfStoreSymlink; + hyprPath = "${config.home.homeDirectory}/nix-config/home/linux/gui/hyprland/conf"; + in + { + "mako".source = mkSymlink "${hyprPath}/mako"; + "waybar".source = mkSymlink "${hyprPath}/waybar"; + "wlogout".source = mkSymlink "${hyprPath}/wlogout"; + "hypr/hypridle.conf".source = mkSymlink "${hyprPath}/hypridle.conf"; + "hypr/configs".source = mkSymlink "${hyprPath}/configs"; + }; # status bar programs.waybar = { @@ -46,15 +50,17 @@ in { inherit package; enable = true; settings = { - source = let - configPath = "${config.home.homeDirectory}/.config/hypr/configs"; - in [ - "${configPath}/exec.conf" - "${configPath}/fcitx5.conf" - "${configPath}/keybindings.conf" - "${configPath}/settings.conf" - "${configPath}/windowrules.conf" - ]; + source = + let + configPath = "${config.home.homeDirectory}/.config/hypr/configs"; + in + [ + "${configPath}/exec.conf" + "${configPath}/fcitx5.conf" + "${configPath}/keybindings.conf" + "${configPath}/settings.conf" + "${configPath}/windowrules.conf" + ]; env = [ "NIXOS_OZONE_WL,1" # for any ozone-based browser & electron apps to run on wayland "MOZ_ENABLE_WAYLAND,1" # for firefox to run on wayland @@ -71,7 +77,7 @@ in { # gammastep/wallpaper-switcher need this to be enabled. systemd = { enable = true; - variables = ["--all"]; + variables = [ "--all" ]; }; }; diff --git a/home/linux/gui/hyprland/values/packages.nix b/home/linux/gui/hyprland/values/packages.nix index 0fc5b368..a681cfcb 100644 --- a/home/linux/gui/hyprland/values/packages.nix +++ b/home/linux/gui/hyprland/values/packages.nix @@ -1,8 +1,8 @@ { pkgs, ... -}: { - +}: +{ home.packages = with pkgs; [ swaybg # the wallpaper diff --git a/home/linux/gui/hyprland/values/wayland-apps.nix b/home/linux/gui/hyprland/values/wayland-apps.nix index d0bbc312..4e30cb2d 100644 --- a/home/linux/gui/hyprland/values/wayland-apps.nix +++ b/home/linux/gui/hyprland/values/wayland-apps.nix @@ -1,7 +1,8 @@ { pkgs, ... -}: { +}: +{ home.packages = with pkgs; [ # firefox-wayland nixpaks.firefox @@ -31,25 +32,23 @@ vscode = { enable = true; - package = - pkgs.vscode.override - { - isInsiders = false; - # https://wiki.archlinux.org/title/Wayland#Electron - commandLineArgs = [ - "--ozone-platform-hint=auto" - "--ozone-platform=wayland" - # make it use GTK_IM_MODULE if it runs with Gtk4, so fcitx5 can work with it. - # (only supported by chromium/chrome at this time, not electron) - "--gtk-version=4" - # make it use text-input-v1, which works for kwin 5.27 and weston - "--enable-wayland-ime" + package = pkgs.vscode.override { + isInsiders = false; + # https://wiki.archlinux.org/title/Wayland#Electron + commandLineArgs = [ + "--ozone-platform-hint=auto" + "--ozone-platform=wayland" + # make it use GTK_IM_MODULE if it runs with Gtk4, so fcitx5 can work with it. + # (only supported by chromium/chrome at this time, not electron) + "--gtk-version=4" + # make it use text-input-v1, which works for kwin 5.27 and weston + "--enable-wayland-ime" - # TODO: fix https://github.com/microsoft/vscode/issues/187436 - # still not works... - "--password-store=gnome" # use gnome-keyring as password store - ]; - }; + # TODO: fix https://github.com/microsoft/vscode/issues/187436 + # still not works... + "--password-store=gnome" # use gnome-keyring as password store + ]; + }; }; }; } diff --git a/home/linux/gui/hyprland/values/xdg.nix b/home/linux/gui/hyprland/values/xdg.nix index 9e7b40b6..c481c00c 100644 --- a/home/linux/gui/hyprland/values/xdg.nix +++ b/home/linux/gui/hyprland/values/xdg.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ xdg.portal = { enable = true; diff --git a/hosts/12kingdoms-shoukei/hardware-configuration.nix b/hosts/12kingdoms-shoukei/hardware-configuration.nix index 79d7a82e..f36f8999 100644 --- a/hosts/12kingdoms-shoukei/hardware-configuration.nix +++ b/hosts/12kingdoms-shoukei/hardware-configuration.nix @@ -24,7 +24,10 @@ in boot.loader.efi.efiSysMountPoint = "/boot"; # Enable binfmt emulation of aarch64-linux, this is required for cross compilation. - boot.binfmt.emulatedSystems = ["x86_64-linux" "riscv64-linux"]; + boot.binfmt.emulatedSystems = [ + "x86_64-linux" + "riscv64-linux" + ]; # supported file systems, so we can mount any removable disks with these filesystems boot.supportedFilesystems = lib.mkForce [ "ext4" diff --git a/hosts/darwin-fern/default.nix b/hosts/darwin-fern/default.nix index fd6293b9..5f7c9bfa 100644 --- a/hosts/darwin-fern/default.nix +++ b/hosts/darwin-fern/default.nix @@ -6,7 +6,8 @@ _: ############################################################# let hostname = "fern"; -in { +in +{ networking.hostName = hostname; networking.computerName = hostname; system.defaults.smb.NetBIOSName = hostname; diff --git a/hosts/darwin-fern/home.nix b/hosts/darwin-fern/home.nix index fce72149..89af1a0a 100644 --- a/hosts/darwin-fern/home.nix +++ b/hosts/darwin-fern/home.nix @@ -1,5 +1,8 @@ -{config, ...}: let +{ config, ... }: +let hostName = "fern"; -in { - programs.ssh.matchBlocks."github.com".identityFile = "${config.home.homeDirectory}/.ssh/${hostName}"; +in +{ + programs.ssh.matchBlocks."github.com".identityFile = + "${config.home.homeDirectory}/.ssh/${hostName}"; } diff --git a/hosts/darwin-frieren/default.nix b/hosts/darwin-frieren/default.nix index 5569e240..ea17f3b0 100644 --- a/hosts/darwin-frieren/default.nix +++ b/hosts/darwin-frieren/default.nix @@ -6,7 +6,8 @@ _: ############################################################# let hostname = "frieren"; -in { +in +{ networking.hostName = hostname; networking.computerName = hostname; system.defaults.smb.NetBIOSName = hostname; diff --git a/hosts/darwin-frieren/home.nix b/hosts/darwin-frieren/home.nix index 88b7b8c2..cd60e9ca 100644 --- a/hosts/darwin-frieren/home.nix +++ b/hosts/darwin-frieren/home.nix @@ -1,5 +1,8 @@ -{config, ...}: let +{ config, ... }: +let hostName = "frieren"; -in { - programs.ssh.matchBlocks."github.com".identityFile = "${config.home.homeDirectory}/.ssh/${hostName}"; +in +{ + programs.ssh.matchBlocks."github.com".identityFile = + "${config.home.homeDirectory}/.ssh/${hostName}"; } diff --git a/hosts/idols-ai/ai/default.nix b/hosts/idols-ai/ai/default.nix index eeb48a40..049dda93 100644 --- a/hosts/idols-ai/ai/default.nix +++ b/hosts/idols-ai/ai/default.nix @@ -1,3 +1,4 @@ -{mylib, ...}: { +{ mylib, ... }: +{ imports = mylib.scanPaths ./.; } diff --git a/hosts/idols-ai/ai/ollama.nix b/hosts/idols-ai/ai/ollama.nix index f9f59225..22266217 100644 --- a/hosts/idols-ai/ai/ollama.nix +++ b/hosts/idols-ai/ai/ollama.nix @@ -2,13 +2,15 @@ pkgs, nixpkgs-ollama, ... -}: let +}: +let pkgs-ollama = import nixpkgs-ollama { inherit (pkgs) system; # To use cuda, we need to allow the installation of non-free software config.allowUnfree = true; }; -in { +in +{ services.ollama = rec { enable = true; package = pkgs-ollama.ollama; diff --git a/hosts/idols-ai/default.nix b/hosts/idols-ai/default.nix index c69c956c..70e0c347 100644 --- a/hosts/idols-ai/default.nix +++ b/hosts/idols-ai/default.nix @@ -1,4 +1,4 @@ -{myvars, ...}: +{ myvars, ... }: ############################################################# # # Ai - my main computer, with NixOS + I5-13600KF + RTX 4090 GPU, for gaming & daily use. @@ -11,7 +11,8 @@ let inherit (myvars.networking.hostsAddr.${hostName}) iface ipv4 ipv6; ipv4WithMask = "${ipv4}/24"; ipv6WithMask = "${ipv6}/64"; -in { +in +{ imports = [ ./netdev-mount.nix # Include the results of the hardware scan. @@ -35,9 +36,12 @@ in { systemd.network.enable = true; systemd.network.networks."10-${iface}" = { - matchConfig.Name = [iface]; + matchConfig.Name = [ iface ]; networkConfig = { - Address = [ipv4WithMask ipv6WithMask]; + Address = [ + ipv4WithMask + ipv6WithMask + ]; DNS = nameservers; DHCP = "ipv6"; # enable DHCPv6 only, so we can get a GUA. IPv6AcceptRA = true; # for Stateless IPv6 Autoconfiguraton (SLAAC) diff --git a/hosts/idols-ai/game/default.nix b/hosts/idols-ai/game/default.nix index eeb48a40..049dda93 100644 --- a/hosts/idols-ai/game/default.nix +++ b/hosts/idols-ai/game/default.nix @@ -1,3 +1,4 @@ -{mylib, ...}: { +{ mylib, ... }: +{ imports = mylib.scanPaths ./.; } diff --git a/hosts/idols-ai/game/gamemode.nix b/hosts/idols-ai/game/gamemode.nix index 54908269..8beab1ee 100644 --- a/hosts/idols-ai/game/gamemode.nix +++ b/hosts/idols-ai/game/gamemode.nix @@ -5,7 +5,8 @@ nix-gaming, lib, ... -}: let +}: +let programs = lib.makeBinPath [ config.programs.hyprland.package pkgs.coreutils @@ -25,7 +26,8 @@ hyprctl --batch 'keyword decoration:blur 1 ; keyword animations:enabled 1 ; keyword misc:vfr 1' powerprofilesctl set power-saver ''; -in { +in +{ # Optimise Linux system performance on demand # https://github.com/FeralInteractive/GameMode # https://wiki.archlinux.org/title/Gamemode diff --git a/hosts/idols-ai/game/steam.nix b/hosts/idols-ai/game/steam.nix index 62d99099..a247ab36 100644 --- a/hosts/idols-ai/game/steam.nix +++ b/hosts/idols-ai/game/steam.nix @@ -1,5 +1,6 @@ # https://github.com/fufexan/dotfiles/blob/483680e/system/programs/steam.nix -{pkgs, ...}: { +{ pkgs, ... }: +{ # https://wiki.archlinux.org/title/steam # Games installed by Steam works fine on NixOS, no other configuration needed. programs.steam = { @@ -15,8 +16,8 @@ # fix gamescope inside steam package = pkgs.steam.override { - extraPkgs = pkgs: - with pkgs; [ + extraPkgs = + pkgs: with pkgs; [ xorg.libXcursor xorg.libXi xorg.libXinerama diff --git a/hosts/idols-ai/hardware-configuration.nix b/hosts/idols-ai/hardware-configuration.nix index 76bb715a..9c756b73 100644 --- a/hosts/idols-ai/hardware-configuration.nix +++ b/hosts/idols-ai/hardware-configuration.nix @@ -7,7 +7,8 @@ pkgs, modulesPath, ... -}: { +}: +{ imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; @@ -21,16 +22,26 @@ boot.kernelPackages = pkgs.linuxPackages_latest; # boot.kernelPackages = pkgs.linuxPackages_xanmod_latest; - boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"]; - boot.initrd.kernelModules = []; - boot.kernelModules = ["kvm-intel"]; # kvm virtualization support + boot.initrd.availableKernelModules = [ + "xhci_pci" + "ahci" + "nvme" + "usbhid" + "usb_storage" + "sd_mod" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; # kvm virtualization support boot.extraModprobeConfig = "options kvm_intel nested=1"; # for intel cpu - boot.extraModulePackages = []; + boot.extraModulePackages = [ ]; # clear /tmp on boot to get a stateless /tmp directory. boot.tmp.cleanOnBoot = true; # Enable binfmt emulation of aarch64-linux, this is required for cross compilation. - boot.binfmt.emulatedSystems = ["aarch64-linux" "riscv64-linux"]; + boot.binfmt.emulatedSystems = [ + "aarch64-linux" + "riscv64-linux" + ]; # supported file systems, so we can mount any removable disks with these filesystems boot.supportedFilesystems = [ "ext4" @@ -67,7 +78,7 @@ fsType = "btrfs"; # btrfs's top-level subvolume, internally has an id 5 # we can access all other subvolumes from this subvolume. - options = ["subvolid=5"]; + options = [ "subvolid=5" ]; }; # equal to `mount -t tmpfs tmpfs /` @@ -76,26 +87,40 @@ fsType = "tmpfs"; # set mode to 755, otherwise systemd will set it to 777, which cause problems. # relatime: Update inode access times relative to modify or change time. - options = ["relatime" "mode=755"]; + options = [ + "relatime" + "mode=755" + ]; }; fileSystems."/nix" = { device = "/dev/disk/by-uuid/1167076c-dee1-486c-83c1-4b1af37555cd"; fsType = "btrfs"; - options = ["subvol=@nix" "noatime" "compress-force=zstd:1"]; + options = [ + "subvol=@nix" + "noatime" + "compress-force=zstd:1" + ]; }; # for guix store, which use `/gnu/store` as its store directory. fileSystems."/gnu" = { device = "/dev/disk/by-uuid/1167076c-dee1-486c-83c1-4b1af37555cd"; fsType = "btrfs"; - options = ["subvol=@guix" "noatime" "compress-force=zstd:1"]; + options = [ + "subvol=@guix" + "noatime" + "compress-force=zstd:1" + ]; }; fileSystems."/persistent" = { device = "/dev/disk/by-uuid/1167076c-dee1-486c-83c1-4b1af37555cd"; fsType = "btrfs"; - options = ["subvol=@persistent" "compress-force=zstd:1"]; + options = [ + "subvol=@persistent" + "compress-force=zstd:1" + ]; # preservation's data is required for booting. neededForBoot = true; }; @@ -103,30 +128,42 @@ fileSystems."/snapshots" = { device = "/dev/disk/by-uuid/1167076c-dee1-486c-83c1-4b1af37555cd"; fsType = "btrfs"; - options = ["subvol=@snapshots" "compress-force=zstd:1"]; + options = [ + "subvol=@snapshots" + "compress-force=zstd:1" + ]; }; fileSystems."/tmp" = { device = "/dev/disk/by-uuid/1167076c-dee1-486c-83c1-4b1af37555cd"; fsType = "btrfs"; - options = ["subvol=@tmp" "compress-force=zstd:1"]; + options = [ + "subvol=@tmp" + "compress-force=zstd:1" + ]; }; # mount swap subvolume in readonly mode. fileSystems."/swap" = { device = "/dev/disk/by-uuid/1167076c-dee1-486c-83c1-4b1af37555cd"; fsType = "btrfs"; - options = ["subvol=@swap" "ro"]; + options = [ + "subvol=@swap" + "ro" + ]; }; # remount swapfile in read-write mode fileSystems."/swap/swapfile" = { # the swapfile is located in /swap subvolume, so we need to mount /swap first. - depends = ["/swap"]; + depends = [ "/swap" ]; device = "/swap/swapfile"; fsType = "none"; - options = ["bind" "rw"]; + options = [ + "bind" + "rw" + ]; }; fileSystems."/boot" = { @@ -135,7 +172,7 @@ }; swapDevices = [ - {device = "/swap/swapfile";} + { device = "/swap/swapfile"; } ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking diff --git a/hosts/idols-ai/home.nix b/hosts/idols-ai/home.nix index 93aa102f..b6ae7b60 100644 --- a/hosts/idols-ai/home.nix +++ b/hosts/idols-ai/home.nix @@ -1,4 +1,5 @@ -{config, ...}: { +{ config, ... }: +{ modules.desktop = { hyprland = { nvidia = true; diff --git a/hosts/idols-ai/netdev-mount.nix b/hosts/idols-ai/netdev-mount.nix index d5eaa08e..9518d246 100644 --- a/hosts/idols-ai/netdev-mount.nix +++ b/hosts/idols-ai/netdev-mount.nix @@ -2,7 +2,8 @@ config, myvars, ... -}: { +}: +{ # supported file systems, so we can mount any removable disks with these filesystems boot.supportedFilesystems = [ # "cifs" diff --git a/hosts/idols-ai/nvidia.nix b/hosts/idols-ai/nvidia.nix index 37f259da..6199f1c4 100644 --- a/hosts/idols-ai/nvidia.nix +++ b/hosts/idols-ai/nvidia.nix @@ -1,4 +1,5 @@ -{config, ...}: { +{ config, ... }: +{ # =============================================================================================== # for Nvidia GPU # https://wiki.nixos.org/wiki/NVIDIA @@ -10,7 +11,7 @@ # enabling it is required to make Wayland compositors function properly. "nvidia-drm.fbdev=1" ]; - services.xserver.videoDrivers = ["nvidia"]; # will install nvidia-vaapi-driver by default + services.xserver.videoDrivers = [ "nvidia" ]; # will install nvidia-vaapi-driver by default hardware.nvidia = { # Open-source kernel modules are preferred over and planned to steadily replace proprietary modules open = true; diff --git a/hosts/idols-ai/preservation.nix b/hosts/idols-ai/preservation.nix index 645f9e45..9fbbaf3f 100644 --- a/hosts/idols-ai/preservation.nix +++ b/hosts/idols-ai/preservation.nix @@ -3,9 +3,11 @@ pkgs, myvars, ... -}: let +}: +let inherit (myvars) username; -in { +in +{ imports = [ preservation.nixosModules.default ]; @@ -330,27 +332,29 @@ in { # Note that immediate parent directories of persisted files can also be # configured with ownership and permissions from the `parent` settings if # `configureParent = true` is set for the file. - systemd.tmpfiles.settings.preservation = let - permission = { - user = username; - group = "users"; - mode = "0755"; + systemd.tmpfiles.settings.preservation = + let + permission = { + user = username; + group = "users"; + mode = "0755"; + }; + in + { + "/home/${username}/.config".d = permission; + "/home/${username}/.cache".d = permission; + "/home/${username}/.local".d = permission; + "/home/${username}/.local/share".d = permission; + "/home/${username}/.local/state".d = permission; + "/home/${username}/.local/state/nix".d = permission; + "/home/${username}/.terraform.d".d = permission; }; - in { - "/home/${username}/.config".d = permission; - "/home/${username}/.cache".d = permission; - "/home/${username}/.local".d = permission; - "/home/${username}/.local/share".d = permission; - "/home/${username}/.local/state".d = permission; - "/home/${username}/.local/state/nix".d = permission; - "/home/${username}/.terraform.d".d = permission; - }; # systemd-machine-id-commit.service would fail but it is not relevant # in this specific setup for a persistent machine-id so we disable it # # see the firstboot example below for an alternative approach - systemd.suppressedSystemUnits = ["systemd-machine-id-commit.service"]; + systemd.suppressedSystemUnits = [ "systemd-machine-id-commit.service" ]; # let the service commit the transient ID to the persistent volume systemd.services.systemd-machine-id-commit = { diff --git a/hosts/idols-ai/secureboot.nix b/hosts/idols-ai/secureboot.nix index b7967178..7c627753 100644 --- a/hosts/idols-ai/secureboot.nix +++ b/hosts/idols-ai/secureboot.nix @@ -3,7 +3,8 @@ lib, lanzaboote, ... -}: { +}: +{ # How to enter setup mode - msi motherboard ## 1. enter BIOS via [Del] Key ## 2. => => => diff --git a/hosts/idols-aquamarine/caddy.nix b/hosts/idols-aquamarine/caddy.nix index 6166ed1c..36766bd0 100644 --- a/hosts/idols-aquamarine/caddy.nix +++ b/hosts/idols-aquamarine/caddy.nix @@ -3,7 +3,8 @@ config, wallpapers, ... -}: let +}: +let hostCommonConfig = '' encode zstd gzip tls ${../../certs/ecc-server.crt} ${config.age.secrets."caddy-ecc-server.key".path} { @@ -11,7 +12,8 @@ curves x25519 secp384r1 secp521r1 } ''; -in { +in +{ services.caddy = { enable = true; # Reload Caddy instead of restarting it when configuration file changes. @@ -124,7 +126,10 @@ in { # reverse_proxy http://localhost:9090 # ''; }; - networking.firewall.allowedTCPPorts = [80 443]; + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; # Create Directories # https://www.freedesktop.org/software/systemd/man/latest/tmpfiles.d.html#Type diff --git a/hosts/idols-aquamarine/default.nix b/hosts/idols-aquamarine/default.nix index b6b5c849..70c289d7 100644 --- a/hosts/idols-aquamarine/default.nix +++ b/hosts/idols-aquamarine/default.nix @@ -17,12 +17,11 @@ let inherit (myvars.networking) defaultGateway defaultGateway6 nameservers; inherit (myvars.networking.hostsAddr.${hostName}) iface ipv4; ipv4WithMask = "${ipv4}/24"; -in { - imports = - (mylib.scanPaths ./.) - ++ [ - disko.nixosModules.default - ]; +in +{ + imports = (mylib.scanPaths ./.) ++ [ + disko.nixosModules.default + ]; # supported file systems, so we can mount any removable disks with these filesystems boot.supportedFilesystems = [ @@ -42,7 +41,7 @@ in { zramSwap.memoryPercent = lib.mkForce 100; boot.kernelPackages = pkgs.linuxPackages_latest; - boot.kernelModules = ["kvm-amd"]; + boot.kernelModules = [ "kvm-amd" ]; boot.extraModprobeConfig = "options kvm_amd nested=1"; # for amd cpu networking = { @@ -57,9 +56,9 @@ in { systemd.network.enable = true; systemd.network.networks."10-${iface}" = { - matchConfig.Name = [iface]; + matchConfig.Name = [ iface ]; networkConfig = { - Address = [ipv4WithMask]; + Address = [ ipv4WithMask ]; DNS = nameservers; DHCP = "ipv6"; # enable DHCPv6 only, so we can get a GUA. IPv6AcceptRA = true; # for Stateless IPv6 Autoconfiguraton (SLAAC) diff --git a/hosts/idols-aquamarine/disko-fs.nix b/hosts/idols-aquamarine/disko-fs.nix index 8dba92af..7d11d14f 100644 --- a/hosts/idols-aquamarine/disko-fs.nix +++ b/hosts/idols-aquamarine/disko-fs.nix @@ -3,8 +3,9 @@ let cryptKeyFile = "/etc/agenix/hdd-luks-crypt-key"; unlockDisk = "data-encrypted"; -in { - fileSystems."/data/fileshare/public".depends = ["/data/fileshare"]; +in +{ + fileSystems."/data/fileshare/public".depends = [ "/data/fileshare" ]; # By adding this crypttab entry, the disk will be unlocked by systemd-cryptsetup@xxx.service at boot time. # This systemd service is running after agenix, so that the keyfile is already available. @@ -59,7 +60,7 @@ in { ]; content = { type = "btrfs"; - extraArgs = ["-f"]; # Force override existing partition + extraArgs = [ "-f" ]; # Force override existing partition subvolumes = { "@apps" = { mountpoint = "/data/apps"; @@ -71,15 +72,27 @@ in { }; "@fileshare" = { mountpoint = "/data/fileshare"; - mountOptions = ["compress-force=zstd:1" "noatime" "nofail"]; + mountOptions = [ + "compress-force=zstd:1" + "noatime" + "nofail" + ]; }; "@backups" = { mountpoint = "/data/backups"; - mountOptions = ["compress-force=zstd:1" "noatime" "nofail"]; + mountOptions = [ + "compress-force=zstd:1" + "noatime" + "nofail" + ]; }; "@snapshots" = { mountpoint = "/data/apps-snapshots"; - mountOptions = ["compress-force=zstd:1" "noatime" "nofail"]; + mountOptions = [ + "compress-force=zstd:1" + "noatime" + "nofail" + ]; }; }; }; @@ -101,7 +114,10 @@ in { subvolumes = { "@persistent" = { mountpoint = "/data/fileshare/public"; - mountOptions = ["compress-force=zstd:1" "nofail"]; + mountOptions = [ + "compress-force=zstd:1" + "nofail" + ]; }; }; }; diff --git a/hosts/idols-aquamarine/exporters/default.nix b/hosts/idols-aquamarine/exporters/default.nix index eeb48a40..049dda93 100644 --- a/hosts/idols-aquamarine/exporters/default.nix +++ b/hosts/idols-aquamarine/exporters/default.nix @@ -1,3 +1,4 @@ -{mylib, ...}: { +{ mylib, ... }: +{ imports = mylib.scanPaths ./.; } diff --git a/hosts/idols-aquamarine/gitea.nix b/hosts/idols-aquamarine/gitea.nix index 366b7eb4..162257da 100644 --- a/hosts/idols-aquamarine/gitea.nix +++ b/hosts/idols-aquamarine/gitea.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ # https://github.com/NixOS/nixpkgs/blob/nixos-25.05/nixos/modules/services/misc/gitea.nix services.gitea = { enable = true; diff --git a/hosts/idols-aquamarine/grafana/default.nix b/hosts/idols-aquamarine/grafana/default.nix index 7499f8b5..143bc475 100644 --- a/hosts/idols-aquamarine/grafana/default.nix +++ b/hosts/idols-aquamarine/grafana/default.nix @@ -2,7 +2,8 @@ config, myvars, ... -}: { +}: +{ services.grafana = { enable = true; dataDir = "/data/apps/grafana"; diff --git a/hosts/idols-aquamarine/minio.nix b/hosts/idols-aquamarine/minio.nix index fee9a367..b51a5cd9 100644 --- a/hosts/idols-aquamarine/minio.nix +++ b/hosts/idols-aquamarine/minio.nix @@ -1,7 +1,9 @@ -{config, ...}: let - dataDir = ["/data/apps/minio/data"]; +{ config, ... }: +let + dataDir = [ "/data/apps/minio/data" ]; configDir = "/data/apps/minio/config"; -in { +in +{ # https://github.com/NixOS/nixpkgs/blob/nixos-25.05/nixos/modules/services/web-servers/minio.nix services.minio = { enable = true; diff --git a/hosts/idols-aquamarine/monitoring/alertmanager.nix b/hosts/idols-aquamarine/monitoring/alertmanager.nix index f8b1ce3a..3269d75d 100644 --- a/hosts/idols-aquamarine/monitoring/alertmanager.nix +++ b/hosts/idols-aquamarine/monitoring/alertmanager.nix @@ -1,4 +1,5 @@ -{config, ...}: { +{ config, ... }: +{ services.prometheus.alertmanager = { enable = true; listenAddress = "127.0.0.1"; @@ -22,7 +23,7 @@ receiver = "default"; routes = [ { - group_by = ["host"]; + group_by = [ "host" ]; group_wait = "5m"; group_interval = "5m"; repeat_interval = "4h"; diff --git a/hosts/idols-aquamarine/monitoring/default.nix b/hosts/idols-aquamarine/monitoring/default.nix index 41166f6d..4eec1724 100644 --- a/hosts/idols-aquamarine/monitoring/default.nix +++ b/hosts/idols-aquamarine/monitoring/default.nix @@ -1,4 +1,5 @@ -{mylib, ...}: { +{ mylib, ... }: +{ imports = [ ./victoriametrics.nix ./alertmanager.nix diff --git a/hosts/idols-aquamarine/monitoring/victoriametrics.nix b/hosts/idols-aquamarine/monitoring/victoriametrics.nix index 16a97dd5..5a375c12 100644 --- a/hosts/idols-aquamarine/monitoring/victoriametrics.nix +++ b/hosts/idols-aquamarine/monitoring/victoriametrics.nix @@ -2,10 +2,11 @@ lib, myvars, ... -}: { +}: +{ # Since victoriametrics use DynamicUser, the user & group do not exists before the service starts. # this group is used as a supplementary Unix group for the service to access our data dir(/data/apps/xxx) - users.groups.victoriametrics-data = {}; + users.groups.victoriametrics-data = { }; # Workaround for victoriametrics to store data in another place # https://www.freedesktop.org/software/systemd/man/latest/tmpfiles.d.html#Type @@ -16,8 +17,8 @@ # Symlinks do not work with DynamicUser, so we should use bind mount here. # https://github.com/systemd/systemd/issues/25097#issuecomment-1929074961 systemd.services.victoriametrics.serviceConfig = { - SupplementaryGroups = ["victoriametrics-data"]; - BindPaths = ["/data/apps/victoriametrics:/var/lib/victoriametrics:rbind"]; + SupplementaryGroups = [ "victoriametrics-data" ]; + BindPaths = [ "/data/apps/victoriametrics:/var/lib/victoriametrics:rbind" ]; }; # https://victoriametrics.io/docs/victoriametrics/latest/configuration/configuration/ @@ -36,87 +37,83 @@ # specifies a set of targets and parameters describing how to scrape metrics from them. # https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config prometheusConfig = { - scrape_configs = - [ - # --- Homelab Applications --- # + scrape_configs = [ + # --- Homelab Applications --- # - { - job_name = "dnsmasq-exporter"; - scrape_interval = "30s"; - metrics_path = "/metrics"; - static_configs = [ - { - targets = ["${myvars.networking.hostsAddr.suzi.ipv4}:9153"]; - labels.type = "app"; - labels.app = "dnsmasq"; - labels.host = "suzi"; - } - ]; - } + { + job_name = "dnsmasq-exporter"; + scrape_interval = "30s"; + metrics_path = "/metrics"; + static_configs = [ + { + targets = [ "${myvars.networking.hostsAddr.suzi.ipv4}:9153" ]; + labels.type = "app"; + labels.app = "dnsmasq"; + labels.host = "suzi"; + } + ]; + } + { + job_name = "v2ray-exporter"; + scrape_interval = "30s"; + metrics_path = "/metrics"; + static_configs = [ + { + targets = [ "${myvars.networking.hostsAddr.aquamarine.ipv4}:9153" ]; + labels.type = "app"; + labels.app = "v2ray"; + labels.host = "aquamarine"; + } + ]; + } + { + job_name = "postgres-exporter"; + scrape_interval = "30s"; + metrics_path = "/metrics"; + static_configs = [ + { + targets = [ "${myvars.networking.hostsAddr.aquamarine.ipv4}:9187" ]; + labels.type = "app"; + labels.app = "postgresql"; + labels.host = "aquamarine"; + } + ]; + } + { + job_name = "sftpgo-embedded-exporter"; + scrape_interval = "30s"; + metrics_path = "/metrics"; + static_configs = [ + { + targets = [ "${myvars.networking.hostsAddr.aquamarine.ipv4}:10000" ]; + labels.type = "app"; + labels.app = "sftpgo"; + labels.host = "aquamarine"; + } + ]; + } + ] + # --- Hosts --- # + ++ (lib.attrsets.foldlAttrs ( + acc: hostname: addr: + acc + ++ [ { - job_name = "v2ray-exporter"; + job_name = "node-exporter-${hostname}"; scrape_interval = "30s"; metrics_path = "/metrics"; static_configs = [ { - targets = ["${myvars.networking.hostsAddr.aquamarine.ipv4}:9153"]; - labels.type = "app"; - labels.app = "v2ray"; - labels.host = "aquamarine"; - } - ]; - } - { - job_name = "postgres-exporter"; - scrape_interval = "30s"; - metrics_path = "/metrics"; - static_configs = [ - { - targets = ["${myvars.networking.hostsAddr.aquamarine.ipv4}:9187"]; - labels.type = "app"; - labels.app = "postgresql"; - labels.host = "aquamarine"; - } - ]; - } - { - job_name = "sftpgo-embedded-exporter"; - scrape_interval = "30s"; - metrics_path = "/metrics"; - static_configs = [ - { - targets = ["${myvars.networking.hostsAddr.aquamarine.ipv4}:10000"]; - labels.type = "app"; - labels.app = "sftpgo"; - labels.host = "aquamarine"; + # All my NixOS hosts. + targets = [ "${addr.ipv4}:9100" ]; + labels.type = "node"; + labels.host = hostname; } ]; } ] - # --- Hosts --- # - ++ ( - lib.attrsets.foldlAttrs - (acc: hostname: addr: - acc - ++ [ - { - job_name = "node-exporter-${hostname}"; - scrape_interval = "30s"; - metrics_path = "/metrics"; - static_configs = [ - { - # All my NixOS hosts. - targets = ["${addr.ipv4}:9100"]; - labels.type = "node"; - labels.host = hostname; - } - ]; - } - ]) - [] - myvars.networking.hostsAddr - ); + ) [ ] myvars.networking.hostsAddr); }; }; @@ -124,7 +121,7 @@ enable = true; settings = { "datasource.url" = "http://localhost:9090"; - "notifier.url" = ["http://localhost:9093"]; # alertmanager's api + "notifier.url" = [ "http://localhost:9093" ]; # alertmanager's api # Whether to disable long-lived connections to the datasource. "datasource.disableKeepAlive" = true; diff --git a/hosts/idols-aquamarine/oci-containers/default.nix b/hosts/idols-aquamarine/oci-containers/default.nix index cfded9f5..a97006a8 100644 --- a/hosts/idols-aquamarine/oci-containers/default.nix +++ b/hosts/idols-aquamarine/oci-containers/default.nix @@ -2,7 +2,8 @@ lib, mylib, ... -}: { +}: +{ imports = mylib.scanPaths ./.; virtualisation = { @@ -17,7 +18,7 @@ autoPrune = { enable = true; dates = "weekly"; - flags = ["--all"]; + flags = [ "--all" ]; }; }; diff --git a/hosts/idols-aquamarine/oci-containers/homepage/default.nix b/hosts/idols-aquamarine/oci-containers/homepage/default.nix index cc909403..b094a4f4 100644 --- a/hosts/idols-aquamarine/oci-containers/homepage/default.nix +++ b/hosts/idols-aquamarine/oci-containers/homepage/default.nix @@ -2,11 +2,13 @@ config, pkgs, ... -}: let +}: +let user = "homepage"; configDir = "/data/apps/homepage-dashboard"; -in { - users.groups.${user} = {}; +in +{ + users.groups.${user} = { }; users.users.${user} = { group = user; home = configDir; @@ -26,7 +28,7 @@ in { homepage = { hostname = "homepage"; image = "ghcr.io/gethomepage/homepage:latest"; - ports = ["127.0.0.1:54401:3000"]; + ports = [ "127.0.0.1:54401:3000" ]; # https://github.com/louislam/uptime-kuma/wiki/Environment-Variables environment = { # "PUID" = config.users.users.${user}.uid; diff --git a/hosts/idols-aquamarine/oci-containers/uptime-kuma/default.nix b/hosts/idols-aquamarine/oci-containers/uptime-kuma/default.nix index f0f68ab6..118cba46 100644 --- a/hosts/idols-aquamarine/oci-containers/uptime-kuma/default.nix +++ b/hosts/idols-aquamarine/oci-containers/uptime-kuma/default.nix @@ -1,8 +1,10 @@ -{config, ...}: let +{ config, ... }: +let user = "kuma"; dataDir = "/data/apps/uptime-kuma"; -in { - users.groups.${user} = {}; +in +{ + users.groups.${user} = { }; users.users.${user} = { group = user; home = dataDir; @@ -21,7 +23,7 @@ in { uptime-kuma = { hostname = "uptime-kuma"; image = "louislam/uptime-kuma:1"; - ports = ["127.0.0.1:53350:3001"]; + ports = [ "127.0.0.1:53350:3001" ]; # https://github.com/louislam/uptime-kuma/wiki/Environment-Variables environment = { # "PUID" = config.users.users.${user}.uid; diff --git a/hosts/idols-aquamarine/postgresql.nix b/hosts/idols-aquamarine/postgresql.nix index 3ea9ece8..499a5e3d 100644 --- a/hosts/idols-aquamarine/postgresql.nix +++ b/hosts/idols-aquamarine/postgresql.nix @@ -4,13 +4,15 @@ lib, myvars, ... -}: let +}: +let inherit (myvars) username; user = "postgres"; # postgresql's default system user package = pkgs.postgresql_16; dataDir = "/data/apps/postgresql/${package.psqlSchema}"; -in { +in +{ # Create Directories # https://www.freedesktop.org/software/systemd/man/latest/tmpfiles.d.html#Type systemd.tmpfiles.rules = [ @@ -58,8 +60,8 @@ in { "--allow-group-access" ]; - extraPlugins = ps: - with ps; [ + extraPlugins = + ps: with ps; [ # postgis # pg_repack ]; diff --git a/hosts/idols-aquamarine/proxy.nix b/hosts/idols-aquamarine/proxy.nix index 6fcac9c8..122de3b8 100644 --- a/hosts/idols-aquamarine/proxy.nix +++ b/hosts/idols-aquamarine/proxy.nix @@ -5,7 +5,7 @@ enable = true; config = { # for monitoring - "stats" = {}; + "stats" = { }; "api" = { "tag" = "api"; "services" = [ diff --git a/hosts/idols-aquamarine/restic.nix b/hosts/idols-aquamarine/restic.nix index b4f5610a..1879b726 100644 --- a/hosts/idols-aquamarine/restic.nix +++ b/hosts/idols-aquamarine/restic.nix @@ -1,8 +1,10 @@ -{pkgs, ...}: let +{ pkgs, ... }: +let passwordFile = "/etc/agenix/restic-password"; sshKeyPath = "/etc/agenix/ssh-key-for-restic-backup"; rcloneConfigFile = "/etc/agenix/rclone-conf-for-restic-backup"; -in { +in +{ # https://github.com/NixOS/nixpkgs/blob/nixos-25.05/nixos/modules/services/backup/restic.nix services.restic.backups = { homelab-backup = { @@ -29,7 +31,7 @@ in { # Patterns to exclude when backing up. See # https://restic.readthedocs.io/en/latest/040_backup.html#excluding-files # for details on syntax. - exclude = []; + exclude = [ ]; # A script that must run before starting the backup process. backupPrepareCommand = '' diff --git a/hosts/idols-aquamarine/sftpgo.nix b/hosts/idols-aquamarine/sftpgo.nix index d1350ae6..2067c795 100644 --- a/hosts/idols-aquamarine/sftpgo.nix +++ b/hosts/idols-aquamarine/sftpgo.nix @@ -1,7 +1,9 @@ -{config, ...}: let +{ config, ... }: +let user = "sftpgo"; dataDir = "/data/apps/sftpgo"; -in { +in +{ # Read SFTPGO_DEFAULT_ADMIN_USERNAME and SFTPGO_DEFAULT_ADMIN_PASSWORD from a file systemd.services.sftpgo.serviceConfig.EnvironmentFile = config.age.secrets."sftpgo.env".path; diff --git a/hosts/idols-aquamarine/transmission.nix b/hosts/idols-aquamarine/transmission.nix index 8a89bf44..670f40df 100644 --- a/hosts/idols-aquamarine/transmission.nix +++ b/hosts/idols-aquamarine/transmission.nix @@ -2,10 +2,12 @@ config, myvars, ... -}: let +}: +let dataDir = "/data/fileshare/public/transmission"; name = "transmission"; -in { +in +{ # the headless Transmission BitTorrent daemon # https://github.com/NixOS/nixpkgs/blob/nixos-25.05/nixos/modules/services/torrent/transmission.nix # https://wiki.archlinux.org/title/transmission diff --git a/hosts/idols-kana/default.nix b/hosts/idols-kana/default.nix index d34c0f56..d5a81a65 100644 --- a/hosts/idols-kana/default.nix +++ b/hosts/idols-kana/default.nix @@ -14,7 +14,8 @@ let inherit (myvars.networking) defaultGateway defaultGateway6 nameservers; inherit (myvars.networking.hostsAddr.${hostName}) iface ipv4; ipv4WithMask = "${ipv4}/24"; -in { +in +{ imports = mylib.scanPaths ./.; # supported file systems, so we can mount any removable disks with these filesystems @@ -29,7 +30,7 @@ in { "exfat" ]; - boot.kernelModules = ["kvm-amd"]; + boot.kernelModules = [ "kvm-amd" ]; boot.extraModprobeConfig = "options kvm_amd nested=1"; # for amd cpu networking = { @@ -44,9 +45,9 @@ in { systemd.network.enable = true; systemd.network.networks."10-${iface}" = { - matchConfig.Name = [iface]; + matchConfig.Name = [ iface ]; networkConfig = { - Address = [ipv4WithMask]; + Address = [ ipv4WithMask ]; DNS = nameservers; DHCP = "ipv6"; # enable DHCPv6 only, so we can get a GUA. IPv6AcceptRA = true; # for Stateless IPv6 Autoconfiguraton (SLAAC) diff --git a/hosts/idols-ruby/default.nix b/hosts/idols-ruby/default.nix index 0550c068..0d98fb7e 100644 --- a/hosts/idols-ruby/default.nix +++ b/hosts/idols-ruby/default.nix @@ -14,11 +14,15 @@ let inherit (myvars.networking) defaultGateway defaultGateway6 nameservers; inherit (myvars.networking.hostsAddr.${hostName}) iface ipv4; ipv4WithMask = "${ipv4}/24"; -in { +in +{ imports = mylib.scanPaths ./.; # Enable binfmt emulation of aarch64-linux, this is required for cross compilation. - boot.binfmt.emulatedSystems = ["aarch64-linux" "riscv64-linux"]; + boot.binfmt.emulatedSystems = [ + "aarch64-linux" + "riscv64-linux" + ]; # supported file systems, so we can mount any removable disks with these filesystems boot.supportedFilesystems = [ "ext4" @@ -31,7 +35,7 @@ in { "exfat" ]; - boot.kernelModules = ["kvm-amd"]; + boot.kernelModules = [ "kvm-amd" ]; boot.extraModprobeConfig = "options kvm_amd nested=1"; # for amd cpu networking = { @@ -46,9 +50,9 @@ in { systemd.network.enable = true; systemd.network.networks."10-${iface}" = { - matchConfig.Name = [iface]; + matchConfig.Name = [ iface ]; networkConfig = { - Address = [ipv4WithMask]; + Address = [ ipv4WithMask ]; DNS = nameservers; DHCP = "ipv6"; # enable DHCPv6 only, so we can get a GUA. IPv6AcceptRA = true; # for Stateless IPv6 Autoconfiguraton (SLAAC) diff --git a/hosts/k8s/disko-config/kubevirt-disko-fs.nix b/hosts/k8s/disko-config/kubevirt-disko-fs.nix index 2e81880f..de0c58d8 100644 --- a/hosts/k8s/disko-config/kubevirt-disko-fs.nix +++ b/hosts/k8s/disko-config/kubevirt-disko-fs.nix @@ -6,7 +6,7 @@ fileSystems."/run/media/nixos_k3s" = { device = "/dev/disk/by-label/NIXOS_K3S"; fsType = "vfat"; - options = ["ro"]; + options = [ "ro" ]; }; disko.devices = { @@ -76,7 +76,7 @@ ]; content = { type = "btrfs"; - extraArgs = ["-f"]; # Force override existing partition + extraArgs = [ "-f" ]; # Force override existing partition subvolumes = { # mount the top-level subvolume at /btr_pool # it will be used by btrbk to create snapshots @@ -84,23 +84,35 @@ mountpoint = "/btr_pool"; # btrfs's top-level subvolume, internally has an id 5 # we can access all other subvolumes from this subvolume. - mountOptions = ["subvolid=5"]; + mountOptions = [ "subvolid=5" ]; }; "@nix" = { mountpoint = "/nix"; - mountOptions = ["compress-force=zstd:1" "noatime"]; + mountOptions = [ + "compress-force=zstd:1" + "noatime" + ]; }; "@persistent" = { mountpoint = "/persistent"; - mountOptions = ["compress-force=zstd:1" "noatime"]; + mountOptions = [ + "compress-force=zstd:1" + "noatime" + ]; }; "@tmp" = { mountpoint = "/tmp"; - mountOptions = ["compress-force=zstd:1" "noatime"]; + mountOptions = [ + "compress-force=zstd:1" + "noatime" + ]; }; "@snapshots" = { mountpoint = "/snapshots"; - mountOptions = ["compress-force=zstd:1" "noatime"]; + mountOptions = [ + "compress-force=zstd:1" + "noatime" + ]; }; "@swap" = { mountpoint = "/swap"; diff --git a/hosts/k8s/k3s-prod-1-master-1/default.nix b/hosts/k8s/k3s-prod-1-master-1/default.nix index 125ada7a..a86031c5 100644 --- a/hosts/k8s/k3s-prod-1-master-1/default.nix +++ b/hosts/k8s/k3s-prod-1-master-1/default.nix @@ -4,7 +4,8 @@ myvars, mylib, ... -}: let +}: +let hostName = "k3s-prod-1-master-1"; # Define your hostname. coreModule = mylib.genKubeVirtGuestModule { @@ -28,11 +29,10 @@ # "--service-cidr=172.21.0.0/16,fdfd:cafe:00:8003::/112" # ]; }; -in { - imports = - (mylib.scanPaths ./.) - ++ [ - coreModule - k3sModule - ]; +in +{ + imports = (mylib.scanPaths ./.) ++ [ + coreModule + k3sModule + ]; } diff --git a/hosts/k8s/k3s-prod-1-master-2/default.nix b/hosts/k8s/k3s-prod-1-master-2/default.nix index e8b0f027..6a80ad06 100644 --- a/hosts/k8s/k3s-prod-1-master-2/default.nix +++ b/hosts/k8s/k3s-prod-1-master-2/default.nix @@ -4,7 +4,8 @@ myvars, mylib, ... -}: let +}: +let hostName = "k3s-prod-1-master-2"; # define your hostname. coreModule = mylib.genKubeVirtGuestModule { @@ -27,11 +28,10 @@ # "--service-cidr=172.21.0.0/16,fdfd:cafe:00:8003::/112" # ]; }; -in { - imports = - (mylib.scanPaths ./.) - ++ [ - coreModule - k3sModule - ]; +in +{ + imports = (mylib.scanPaths ./.) ++ [ + coreModule + k3sModule + ]; } diff --git a/hosts/k8s/k3s-prod-1-master-3/default.nix b/hosts/k8s/k3s-prod-1-master-3/default.nix index 6ebb0ef6..8a7596b9 100644 --- a/hosts/k8s/k3s-prod-1-master-3/default.nix +++ b/hosts/k8s/k3s-prod-1-master-3/default.nix @@ -4,7 +4,8 @@ myvars, mylib, ... -}: let +}: +let hostName = "k3s-prod-1-master-3"; # define your hostname. coreModule = mylib.genKubeVirtGuestModule { @@ -27,11 +28,10 @@ # "--service-cidr=172.21.0.0/16,fdfd:cafe:00:8003::/112" # ]; }; -in { - imports = - (mylib.scanPaths ./.) - ++ [ - coreModule - k3sModule - ]; +in +{ + imports = (mylib.scanPaths ./.) ++ [ + coreModule + k3sModule + ]; } diff --git a/hosts/k8s/k3s-prod-1-worker-1/default.nix b/hosts/k8s/k3s-prod-1-worker-1/default.nix index f1a3fdd5..a707bd97 100644 --- a/hosts/k8s/k3s-prod-1-worker-1/default.nix +++ b/hosts/k8s/k3s-prod-1-worker-1/default.nix @@ -4,7 +4,8 @@ myvars, mylib, ... -}: let +}: +let hostName = "k3s-prod-1-worker-1"; # define your hostname. coreModule = mylib.genKubeVirtGuestModule { @@ -26,11 +27,10 @@ # "--service-cidr=172.21.0.0/16,fdfd:cafe:00:8003::/112" # ]; }; -in { - imports = - (mylib.scanPaths ./.) - ++ [ - coreModule - k3sModule - ]; +in +{ + imports = (mylib.scanPaths ./.) ++ [ + coreModule + k3sModule + ]; } diff --git a/hosts/k8s/k3s-prod-1-worker-2/default.nix b/hosts/k8s/k3s-prod-1-worker-2/default.nix index b8f4b9c8..73261a08 100644 --- a/hosts/k8s/k3s-prod-1-worker-2/default.nix +++ b/hosts/k8s/k3s-prod-1-worker-2/default.nix @@ -4,7 +4,8 @@ myvars, mylib, ... -}: let +}: +let hostName = "k3s-prod-1-worker-2"; # define your hostname. coreModule = mylib.genKubeVirtGuestModule { @@ -26,11 +27,10 @@ # "--service-cidr=172.21.0.0/16,fdfd:cafe:00:8003::/112" # ]; }; -in { - imports = - (mylib.scanPaths ./.) - ++ [ - coreModule - k3sModule - ]; +in +{ + imports = (mylib.scanPaths ./.) ++ [ + coreModule + k3sModule + ]; } diff --git a/hosts/k8s/k3s-prod-1-worker-3/default.nix b/hosts/k8s/k3s-prod-1-worker-3/default.nix index 899f7f5b..3f72d2bd 100644 --- a/hosts/k8s/k3s-prod-1-worker-3/default.nix +++ b/hosts/k8s/k3s-prod-1-worker-3/default.nix @@ -4,7 +4,8 @@ myvars, mylib, ... -}: let +}: +let hostName = "k3s-prod-1-worker-3"; # define your hostname. coreModule = mylib.genKubeVirtGuestModule { @@ -26,11 +27,10 @@ # "--service-cidr=172.21.0.0/16,fdfd:cafe:00:8003::/112" # ]; }; -in { - imports = - (mylib.scanPaths ./.) - ++ [ - coreModule - k3sModule - ]; +in +{ + imports = (mylib.scanPaths ./.) ++ [ + coreModule + k3sModule + ]; } diff --git a/hosts/k8s/k3s-test-1-master-1/default.nix b/hosts/k8s/k3s-test-1-master-1/default.nix index d0800036..2a5c8ab6 100644 --- a/hosts/k8s/k3s-test-1-master-1/default.nix +++ b/hosts/k8s/k3s-test-1-master-1/default.nix @@ -4,7 +4,8 @@ myvars, mylib, ... -}: let +}: +let hostName = "k3s-test-1-master-1"; # Define your hostname. coreModule = mylib.genKubeVirtGuestModule { @@ -29,11 +30,10 @@ # "--service-cidr=172.19.0.0/16,fdfd:cafe:00:8002::/112" # ]; }; -in { - imports = - (mylib.scanPaths ./.) - ++ [ - coreModule - k3sModule - ]; +in +{ + imports = (mylib.scanPaths ./.) ++ [ + coreModule + k3sModule + ]; } diff --git a/hosts/k8s/k3s-test-1-master-2/default.nix b/hosts/k8s/k3s-test-1-master-2/default.nix index 3be0ab3b..65661b57 100644 --- a/hosts/k8s/k3s-test-1-master-2/default.nix +++ b/hosts/k8s/k3s-test-1-master-2/default.nix @@ -4,7 +4,8 @@ myvars, mylib, ... -}: let +}: +let hostName = "k3s-test-1-master-2"; # define your hostname. coreModule = mylib.genKubeVirtGuestModule { @@ -27,11 +28,10 @@ # "--service-cidr=172.19.0.0/16,fdfd:cafe:00:8002::/112" # ]; }; -in { - imports = - (mylib.scanPaths ./.) - ++ [ - coreModule - k3sModule - ]; +in +{ + imports = (mylib.scanPaths ./.) ++ [ + coreModule + k3sModule + ]; } diff --git a/hosts/k8s/k3s-test-1-master-3/default.nix b/hosts/k8s/k3s-test-1-master-3/default.nix index c3d4cdc8..483777fa 100644 --- a/hosts/k8s/k3s-test-1-master-3/default.nix +++ b/hosts/k8s/k3s-test-1-master-3/default.nix @@ -4,7 +4,8 @@ myvars, mylib, ... -}: let +}: +let hostName = "k3s-test-1-master-3"; # define your hostname. coreModule = mylib.genKubeVirtGuestModule { @@ -27,11 +28,10 @@ # "--service-cidr=172.19.0.0/16,fdfd:cafe:00:8002::/112" # ]; }; -in { - imports = - (mylib.scanPaths ./.) - ++ [ - coreModule - k3sModule - ]; +in +{ + imports = (mylib.scanPaths ./.) ++ [ + coreModule + k3sModule + ]; } diff --git a/hosts/k8s/kubevirt-shoryu/default.nix b/hosts/k8s/kubevirt-shoryu/default.nix index a3e13d6e..0846b70d 100644 --- a/hosts/k8s/kubevirt-shoryu/default.nix +++ b/hosts/k8s/kubevirt-shoryu/default.nix @@ -5,7 +5,8 @@ myvars, disko, ... -}: let +}: +let # MoreFine - S500Plus hostName = "kubevirt-shoryu"; # Define your hostname. @@ -45,17 +46,16 @@ # so we should not disable flannel here. disableFlannel = false; }; -in { - imports = - (mylib.scanPaths ./.) - ++ [ - disko.nixosModules.default - ../disko-config/kubevirt-disko-fs.nix - ./hardware-configuration.nix - ./preservation.nix - coreModule - k3sModule - ]; +in +{ + imports = (mylib.scanPaths ./.) ++ [ + disko.nixosModules.default + ../disko-config/kubevirt-disko-fs.nix + ./hardware-configuration.nix + ./preservation.nix + coreModule + k3sModule + ]; boot.kernelParams = [ # disable transparent hugepage(allocate hugepages dynamically) diff --git a/hosts/k8s/kubevirt-shoryu/hardware-configuration.nix b/hosts/k8s/kubevirt-shoryu/hardware-configuration.nix index 7382354d..1db440cd 100644 --- a/hosts/k8s/kubevirt-shoryu/hardware-configuration.nix +++ b/hosts/k8s/kubevirt-shoryu/hardware-configuration.nix @@ -4,7 +4,8 @@ pkgs, modulesPath, ... -}: { +}: +{ imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; @@ -18,12 +19,25 @@ # clear /tmp on boot to get a stateless /tmp directory. boot.tmp.cleanOnBoot = true; - boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"]; - boot.kernelModules = ["kvm-amd" "vfio-pci"]; + boot.initrd.availableKernelModules = [ + "xhci_pci" + "ahci" + "nvme" + "usbhid" + "usb_storage" + "sd_mod" + ]; + boot.kernelModules = [ + "kvm-amd" + "vfio-pci" + ]; boot.extraModprobeConfig = "options kvm_amd nested=1"; # for amd cpu # Enable binfmt emulation of aarch64-linux, this is required for cross compilation. - boot.binfmt.emulatedSystems = ["aarch64-linux" "riscv64-linux"]; + boot.binfmt.emulatedSystems = [ + "aarch64-linux" + "riscv64-linux" + ]; # supported file systems, so we can mount any removable disks with these filesystems boot.supportedFilesystems = [ "ext4" diff --git a/hosts/k8s/kubevirt-shoryu/preservation.nix b/hosts/k8s/kubevirt-shoryu/preservation.nix index 07201118..f3d4bebb 100644 --- a/hosts/k8s/kubevirt-shoryu/preservation.nix +++ b/hosts/k8s/kubevirt-shoryu/preservation.nix @@ -3,9 +3,11 @@ pkgs, myvars, ... -}: let +}: +let inherit (myvars) username; -in { +in +{ imports = [ preservation.nixosModules.default ]; @@ -68,25 +70,27 @@ in { # Note that immediate parent directories of persisted files can also be # configured with ownership and permissions from the `parent` settings if # `configureParent = true` is set for the file. - systemd.tmpfiles.settings.preservation = let - permission = { - user = username; - group = "users"; - mode = "0755"; + systemd.tmpfiles.settings.preservation = + let + permission = { + user = username; + group = "users"; + mode = "0755"; + }; + in + { + "/home/${username}/.config".d = permission; + "/home/${username}/.local".d = permission; + "/home/${username}/.local/share".d = permission; + "/home/${username}/.local/state".d = permission; + "/home/${username}/.terraform.d".d = permission; }; - in { - "/home/${username}/.config".d = permission; - "/home/${username}/.local".d = permission; - "/home/${username}/.local/share".d = permission; - "/home/${username}/.local/state".d = permission; - "/home/${username}/.terraform.d".d = permission; - }; # systemd-machine-id-commit.service would fail but it is not relevant # in this specific setup for a persistent machine-id so we disable it # # see the firstboot example below for an alternative approach - systemd.suppressedSystemUnits = ["systemd-machine-id-commit.service"]; + systemd.suppressedSystemUnits = [ "systemd-machine-id-commit.service" ]; # let the service commit the transient ID to the persistent volume systemd.services.systemd-machine-id-commit = { diff --git a/hosts/k8s/kubevirt-shushou/default.nix b/hosts/k8s/kubevirt-shushou/default.nix index 784d304a..295f176f 100644 --- a/hosts/k8s/kubevirt-shushou/default.nix +++ b/hosts/k8s/kubevirt-shushou/default.nix @@ -5,7 +5,8 @@ myvars, disko, ... -}: let +}: +let hostName = "kubevirt-shushou"; # Define your hostname. coreModule = mylib.genKubeVirtHostModule { @@ -39,17 +40,16 @@ ]; disableFlannel = false; }; -in { - imports = - (mylib.scanPaths ./.) - ++ [ - disko.nixosModules.default - ../disko-config/kubevirt-disko-fs.nix - ../kubevirt-shoryu/hardware-configuration.nix - ../kubevirt-shoryu/preservation.nix - coreModule - k3sModule - ]; +in +{ + imports = (mylib.scanPaths ./.) ++ [ + disko.nixosModules.default + ../disko-config/kubevirt-disko-fs.nix + ../kubevirt-shoryu/hardware-configuration.nix + ../kubevirt-shoryu/preservation.nix + coreModule + k3sModule + ]; boot.kernelParams = [ # disable transparent hugepage(allocate hugepages dynamically) diff --git a/hosts/k8s/kubevirt-youko/default.nix b/hosts/k8s/kubevirt-youko/default.nix index 4262e5e6..6cea80a9 100644 --- a/hosts/k8s/kubevirt-youko/default.nix +++ b/hosts/k8s/kubevirt-youko/default.nix @@ -5,7 +5,8 @@ myvars, disko, ... -}: let +}: +let hostName = "kubevirt-youko"; # Define your hostname. coreModule = mylib.genKubeVirtHostModule { @@ -39,17 +40,16 @@ ]; disableFlannel = false; }; -in { - imports = - (mylib.scanPaths ./.) - ++ [ - disko.nixosModules.default - ../disko-config/kubevirt-disko-fs.nix - ../kubevirt-shoryu/hardware-configuration.nix - ../kubevirt-shoryu/preservation.nix - coreModule - k3sModule - ]; +in +{ + imports = (mylib.scanPaths ./.) ++ [ + disko.nixosModules.default + ../disko-config/kubevirt-disko-fs.nix + ../kubevirt-shoryu/hardware-configuration.nix + ../kubevirt-shoryu/preservation.nix + coreModule + k3sModule + ]; boot.kernelParams = [ # disable transparent hugepage(allocate hugepages dynamically) diff --git a/lib/attrs.nix b/lib/attrs.nix index d3f17664..43267383 100644 --- a/lib/attrs.nix +++ b/lib/attrs.nix @@ -1,5 +1,6 @@ # https://github.com/NixOS/nixpkgs/blob/master/lib/attrsets.nix -{lib, ...}: { +{ lib, ... }: +{ # Generate an attribute set from a list. # # lib.genAttrs [ "foo" "bar" ] (name: "x_" + name) diff --git a/lib/colmenaSystem.nix b/lib/colmenaSystem.nix index 096ef52c..6615d86a 100644 --- a/lib/colmenaSystem.nix +++ b/lib/colmenaSystem.nix @@ -3,7 +3,7 @@ lib, inputs, nixos-modules, - home-modules ? [], + home-modules ? [ ], myvars, system, tags, @@ -11,30 +11,29 @@ genSpecialArgs, specialArgs ? (genSpecialArgs system), ... -}: let +}: +let inherit (inputs) home-manager; in - {name, ...}: { - deployment = { - inherit tags; - targetUser = ssh-user; - targetHost = name; # hostName or IP address - }; +{ name, ... }: +{ + deployment = { + inherit tags; + targetUser = ssh-user; + targetHost = name; # hostName or IP address + }; - imports = - nixos-modules - ++ ( - lib.optionals ((lib.lists.length home-modules) > 0) - [ - home-manager.nixosModules.home-manager - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.backupFileExtension = "home-manager.backup"; + imports = + nixos-modules + ++ (lib.optionals ((lib.lists.length home-modules) > 0) [ + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.backupFileExtension = "home-manager.backup"; - home-manager.extraSpecialArgs = specialArgs; - home-manager.users."${myvars.username}".imports = home-modules; - } - ] - ); - } + home-manager.extraSpecialArgs = specialArgs; + home-manager.users."${myvars.username}".imports = home-modules; + } + ]); +} diff --git a/lib/default.nix b/lib/default.nix index 95663473..fc9ac40d 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -1,9 +1,10 @@ -{lib, ...}: { +{ lib, ... }: +{ colmenaSystem = import ./colmenaSystem.nix; macosSystem = import ./macosSystem.nix; nixosSystem = import ./nixosSystem.nix; - attrs = import ./attrs.nix {inherit lib;}; + attrs = import ./attrs.nix { inherit lib; }; genK3sServerModule = import ./genK3sServerModule.nix; genK3sAgentModule = import ./genK3sAgentModule.nix; @@ -12,18 +13,18 @@ # use path relative to the root of the project relativeToRoot = lib.path.append ../.; - scanPaths = path: - builtins.map - (f: (path + "/${f}")) - (builtins.attrNames - (lib.attrsets.filterAttrs - ( + scanPaths = + path: + builtins.map (f: (path + "/${f}")) ( + builtins.attrNames ( + lib.attrsets.filterAttrs ( path: _type: - (_type == "directory") # include directories - || ( - (path != "default.nix") # ignore default.nix - && (lib.strings.hasSuffix ".nix" path) # include .nix files - ) - ) - (builtins.readDir path))); + (_type == "directory") # include directories + || ( + (path != "default.nix") # ignore default.nix + && (lib.strings.hasSuffix ".nix" path) # include .nix files + ) + ) (builtins.readDir path) + ) + ); } diff --git a/lib/genK3sAgentModule.nix b/lib/genK3sAgentModule.nix index 336295db..e4f28095 100644 --- a/lib/genK3sAgentModule.nix +++ b/lib/genK3sAgentModule.nix @@ -2,13 +2,15 @@ pkgs, masterHost, tokenFile, - nodeLabels ? [], - k3sExtraArgs ? [], + nodeLabels ? [ ], + k3sExtraArgs ? [ ], ... -}: let +}: +let package = pkgs.k3s; -in { - environment.systemPackages = [package]; +in +{ + environment.systemPackages = [ package ]; # Kernel modules required by cilium boot.kernelModules = [ @@ -30,14 +32,14 @@ in { role = "agent"; serverAddr = "https://${masterHost}:6443"; # https://docs.k3s.io/cli/agent - extraFlags = let - flagList = - [ + extraFlags = + let + flagList = [ "--data-dir /var/lib/rancher/k3s" ] ++ (map (label: "--node-label=${label}") nodeLabels) ++ k3sExtraArgs; - in + in pkgs.lib.concatStringsSep " " flagList; }; } diff --git a/lib/genK3sServerModule.nix b/lib/genK3sServerModule.nix index e388eafe..c5059b8d 100644 --- a/lib/genK3sServerModule.nix +++ b/lib/genK3sServerModule.nix @@ -10,16 +10,18 @@ # this can be a domain name or an IP address(such as kube-vip's virtual IP) masterHost, clusterInit ? false, - kubeletExtraArgs ? [], - k3sExtraArgs ? [], - nodeLabels ? [], - nodeTaints ? [], + kubeletExtraArgs ? [ ], + k3sExtraArgs ? [ ], + nodeLabels ? [ ], + nodeTaints ? [ ], disableFlannel ? true, ... -}: let +}: +let lib = pkgs.lib; package = pkgs.k3s; -in { +in +{ environment.systemPackages = with pkgs; [ package k9s @@ -50,16 +52,13 @@ in { services.k3s = { enable = true; inherit package tokenFile clusterInit; - serverAddr = - if clusterInit - then "" - else "https://${masterHost}:6443"; + serverAddr = if clusterInit then "" else "https://${masterHost}:6443"; role = "server"; # https://docs.k3s.io/cli/server - extraFlags = let - flagList = - [ + extraFlags = + let + flagList = [ "--write-kubeconfig=${kubeconfigFile}" "--write-kubeconfig-mode=644" "--service-node-port-range=80-32767" @@ -77,9 +76,9 @@ in { ++ (map (label: "--node-label=${label}") nodeLabels) ++ (map (taint: "--node-taint=${taint}") nodeTaints) ++ (map (arg: "--kubelet-arg=${arg}") kubeletExtraArgs) - ++ (lib.optionals disableFlannel ["--flannel-backend=none"]) + ++ (lib.optionals disableFlannel [ "--flannel-backend=none" ]) ++ k3sExtraArgs; - in + in lib.concatStringsSep " " flagList; }; diff --git a/lib/genKubeVirtGuestModule.nix b/lib/genKubeVirtGuestModule.nix index 6626f197..7189e616 100644 --- a/lib/genKubeVirtGuestModule.nix +++ b/lib/genKubeVirtGuestModule.nix @@ -3,11 +3,13 @@ hostName, networking, ... -}: let +}: +let inherit (networking) defaultGateway defaultGateway6 nameservers; inherit (networking.hostsAddr.${hostName}) iface ipv4; ipv4WithMask = "${ipv4}/24"; -in { +in +{ # supported file systems, so we can mount any removable disks with these filesystems boot.supportedFilesystems = [ "ext4" @@ -29,9 +31,9 @@ in { systemd.network.enable = true; systemd.network.networks."10-${iface}" = { - matchConfig.Name = [iface]; + matchConfig.Name = [ iface ]; networkConfig = { - Address = [ipv4WithMask]; + Address = [ ipv4WithMask ]; DNS = nameservers; DHCP = "ipv6"; # enable DHCPv6 only, so we can get a GUA. IPv6AcceptRA = true; # for Stateless IPv6 Autoconfiguraton (SLAAC) diff --git a/lib/genKubeVirtHostModule.nix b/lib/genKubeVirtHostModule.nix index 541d1b2d..f17a3e2f 100644 --- a/lib/genKubeVirtHostModule.nix +++ b/lib/genKubeVirtHostModule.nix @@ -3,11 +3,13 @@ hostName, networking, ... -}: let +}: +let inherit (networking) defaultGateway defaultGateway6 nameservers; inherit (networking.hostsAddr.${hostName}) iface ipv4; ipv4WithMask = "${ipv4}/24"; -in { +in +{ # supported file systems, so we can mount any removable disks with these filesystems boot.supportedFilesystems = [ "ext4" @@ -21,7 +23,10 @@ in { "nfs" # required by longhorn ]; - boot.kernelModules = ["kvm-amd" "vfio-pci"]; + boot.kernelModules = [ + "kvm-amd" + "vfio-pci" + ]; boot.extraModprobeConfig = "options kvm_amd nested=1"; # for amd cpu boot.kernel.sysctl = { @@ -93,7 +98,7 @@ in { ovsbr1 = { # Attach the interfaces to OVS bridge # This interface should not used by the host itself! - interfaces.${iface} = {}; + interfaces.${iface} = { }; }; }; @@ -102,9 +107,9 @@ in { # Set the host's address on the OVS bridge interface instead of the physical interface! systemd.network.networks = { "10-ovsbr1" = { - matchConfig.Name = ["ovsbr1"]; + matchConfig.Name = [ "ovsbr1" ]; networkConfig = { - Address = [ipv4WithMask]; + Address = [ ipv4WithMask ]; DNS = nameservers; DHCP = "ipv6"; # enable DHCPv6 only, so we can get a GUA. IPv6AcceptRA = true; # for Stateless IPv6 Autoconfiguraton (SLAAC) @@ -124,7 +129,7 @@ in { linkConfig.RequiredForOnline = "routable"; }; "20-${iface}" = { - matchConfig.Name = [iface]; + matchConfig.Name = [ iface ]; networkConfig.LinkLocalAddressing = "no"; # tell networkd ignore this interface. # it's managed by openvswitch diff --git a/lib/macosSystem.nix b/lib/macosSystem.nix index 976e9464..079bc06f 100644 --- a/lib/macosSystem.nix +++ b/lib/macosSystem.nix @@ -2,40 +2,41 @@ lib, inputs, darwin-modules, - home-modules ? [], + home-modules ? [ ], myvars, system, genSpecialArgs, specialArgs ? (genSpecialArgs system), ... -}: let +}: +let inherit (inputs) nixpkgs-darwin home-manager nix-darwin; in - nix-darwin.lib.darwinSystem { - inherit system specialArgs; - modules = - darwin-modules - ++ [ - ({lib, ...}: { +nix-darwin.lib.darwinSystem { + inherit system specialArgs; + modules = + darwin-modules + ++ [ + ( + { lib, ... }: + { nixpkgs.pkgs = import nixpkgs-darwin { inherit system; # refer the `system` parameter form outer scope recursively # To use chrome, we need to allow the installation of non-free software config.allowUnfree = true; }; - }) - ] - ++ ( - lib.optionals ((lib.lists.length home-modules) > 0) - [ - home-manager.darwinModules.home-manager - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.backupFileExtension = "home-manager.backup"; + } + ) + ] + ++ (lib.optionals ((lib.lists.length home-modules) > 0) [ + home-manager.darwinModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.backupFileExtension = "home-manager.backup"; - home-manager.extraSpecialArgs = specialArgs; - home-manager.users."${myvars.username}".imports = home-modules; - } - ] - ); - } + home-manager.extraSpecialArgs = specialArgs; + home-manager.users."${myvars.username}".imports = home-modules; + } + ]); +} diff --git a/lib/nixosSystem.nix b/lib/nixosSystem.nix index 92c6a32e..b7390248 100644 --- a/lib/nixosSystem.nix +++ b/lib/nixosSystem.nix @@ -4,32 +4,30 @@ system, genSpecialArgs, nixos-modules, - home-modules ? [], + home-modules ? [ ], specialArgs ? (genSpecialArgs system), myvars, ... -}: let +}: +let inherit (inputs) nixpkgs home-manager nixos-generators; in - nixpkgs.lib.nixosSystem { - inherit system specialArgs; - modules = - nixos-modules - ++ [ - nixos-generators.nixosModules.all-formats - ] - ++ ( - lib.optionals ((lib.lists.length home-modules) > 0) - [ - home-manager.nixosModules.home-manager - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.backupFileExtension = "home-manager.backup"; +nixpkgs.lib.nixosSystem { + inherit system specialArgs; + modules = + nixos-modules + ++ [ + nixos-generators.nixosModules.all-formats + ] + ++ (lib.optionals ((lib.lists.length home-modules) > 0) [ + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.backupFileExtension = "home-manager.backup"; - home-manager.extraSpecialArgs = specialArgs; - home-manager.users."${myvars.username}".imports = home-modules; - } - ] - ); - } + home-manager.extraSpecialArgs = specialArgs; + home-manager.users."${myvars.username}".imports = home-modules; + } + ]); +} diff --git a/modules/base/default.nix b/modules/base/default.nix index eeb48a40..049dda93 100644 --- a/modules/base/default.nix +++ b/modules/base/default.nix @@ -1,3 +1,4 @@ -{mylib, ...}: { +{ mylib, ... }: +{ imports = mylib.scanPaths ./.; } diff --git a/modules/base/fonts.nix b/modules/base/fonts.nix index ed0ceb58..f5aa5f13 100644 --- a/modules/base/fonts.nix +++ b/modules/base/fonts.nix @@ -3,16 +3,18 @@ config, lib, ... -}: let +}: +let cfg = config.modules.desktop; -in { +in +{ options.modules.desktop = { fonts.enable = lib.mkEnableOption "Rich Fonts - Add NerdFonts Icons, emojis & CJK Fonts"; }; - config.fonts.packages = with pkgs; - lib.mkIf cfg.fonts.enable - [ + config.fonts.packages = + with pkgs; + lib.mkIf cfg.fonts.enable [ # icon fonts material-design-icons font-awesome diff --git a/modules/base/nix.nix b/modules/base/nix.nix index 0bba9fcb..8ed1345b 100644 --- a/modules/base/nix.nix +++ b/modules/base/nix.nix @@ -3,7 +3,8 @@ config, myvars, ... -}: { +}: +{ # auto upgrade nix to the unstable version # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/tools/package-management/nix/default.nix#L284 # nix.package = pkgs.nixVersions.latest; @@ -13,12 +14,15 @@ nix.settings = { # enable flakes globally - experimental-features = ["nix-command" "flakes"]; + experimental-features = [ + "nix-command" + "flakes" + ]; # given the users in this list the right to specify additional substituters via: # 1. `nixConfig.substituers` in `flake.nix` # 2. command line args `--options substituers http://xxx` - trusted-users = [myvars.username]; + trusted-users = [ myvars.username ]; # substituers that will be considered before the official ones(https://cache.nixos.org) substituters = [ diff --git a/modules/base/overlays.nix b/modules/base/overlays.nix index 5fa7172d..d652c04e 100644 --- a/modules/base/overlays.nix +++ b/modules/base/overlays.nix @@ -1,7 +1,7 @@ -{nuenv, ...} @ args: { - nixpkgs.overlays = - [ - nuenv.overlays.default - ] - ++ (import ../../overlays args); +{ nuenv, ... }@args: +{ + nixpkgs.overlays = [ + nuenv.overlays.default + ] + ++ (import ../../overlays args); } diff --git a/modules/base/system-packages.nix b/modules/base/system-packages.nix index 9ba40026..8d6459c3 100644 --- a/modules/base/system-packages.nix +++ b/modules/base/system-packages.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ # for security reasons, do not load neovim's user config # since EDITOR may be used to edit some critical files environment.variables.EDITOR = "nvim --clean"; diff --git a/modules/base/users.nix b/modules/base/users.nix index 17ca7a5b..0963ac7b 100644 --- a/modules/base/users.nix +++ b/modules/base/users.nix @@ -1,4 +1,5 @@ -{myvars, ...}: { +{ myvars, ... }: +{ programs.ssh = myvars.networking.ssh; users.users.${myvars.username} = { diff --git a/modules/darwin/apps.nix b/modules/darwin/apps.nix index 774a9e53..36c74027 100644 --- a/modules/darwin/apps.nix +++ b/modules/darwin/apps.nix @@ -53,12 +53,12 @@ let # HTTPS_PROXY = "http://127.0.0.1:7890"; }; - homebrew_env_script = - lib.attrsets.foldlAttrs - (acc: name: value: acc + "\nexport ${name}=${value}") - "" - (homebrew_mirror_env // local_proxy_env); -in { + homebrew_env_script = lib.attrsets.foldlAttrs ( + acc: name: value: + acc + "\nexport ${name}=${value}" + ) "" (homebrew_mirror_env // local_proxy_env); +in +{ # Install packages from nix's official package repository. # # The packages installed here are available to all users, and are reproducible across machines, and are rollbackable. @@ -75,13 +75,14 @@ in { # darwin only apps utm # virtual machine ]; - environment.variables = - { - # Fix https://github.com/LnL7/nix-darwin/wiki/Terminfo-issues - TERMINFO_DIRS = map (path: path + "/share/terminfo") config.environment.profiles ++ ["/usr/share/terminfo"]; - } - # Set variables for you to manually install homebrew packages. - // homebrew_mirror_env; + environment.variables = { + # Fix https://github.com/LnL7/nix-darwin/wiki/Terminfo-issues + TERMINFO_DIRS = map (path: path + "/share/terminfo") config.environment.profiles ++ [ + "/usr/share/terminfo" + ]; + } + # Set variables for you to manually install homebrew packages. + // homebrew_mirror_env; # Set environment variables for nix-darwin before run `brew bundle`. system.activationScripts.homebrew.text = lib.mkBefore '' diff --git a/modules/darwin/broken-packages.nix b/modules/darwin/broken-packages.nix index 9050ce8b..1abb2b7a 100644 --- a/modules/darwin/broken-packages.nix +++ b/modules/darwin/broken-packages.nix @@ -1,4 +1,4 @@ -{lib, ...}: +{ lib, ... }: # =================================================================== # Remove packages that are not well supported for the Darwin platform # =================================================================== @@ -19,15 +19,16 @@ let "ncdu" "racket-minimal" ]; -in { +in +{ nixpkgs.overlays = [ - (_: super: let - removeUnwantedPackages = pname: - lib.warn "the ${pname} has been removed on the darwin platform" - super.emptyDirectory; - in - lib.genAttrs - brokenPackages - removeUnwantedPackages) + ( + _: super: + let + removeUnwantedPackages = + pname: lib.warn "the ${pname} has been removed on the darwin platform" super.emptyDirectory; + in + lib.genAttrs brokenPackages removeUnwantedPackages + ) ]; } diff --git a/modules/darwin/default.nix b/modules/darwin/default.nix index 38a28fff..a77fc964 100644 --- a/modules/darwin/default.nix +++ b/modules/darwin/default.nix @@ -1,7 +1,6 @@ -{mylib, ...}: { - imports = - (mylib.scanPaths ./.) - ++ [ - ../base - ]; +{ mylib, ... }: +{ + imports = (mylib.scanPaths ./.) ++ [ + ../base + ]; } diff --git a/modules/darwin/nix-core.nix b/modules/darwin/nix-core.nix index 419ccaed..bfffc43f 100644 --- a/modules/darwin/nix-core.nix +++ b/modules/darwin/nix-core.nix @@ -1,4 +1,5 @@ -{config, ...}: { +{ config, ... }: +{ ################################################################################### # # Core configuration for nix-darwin diff --git a/modules/darwin/security.nix b/modules/darwin/security.nix index 7f20fc9f..8dc47834 100644 --- a/modules/darwin/security.nix +++ b/modules/darwin/security.nix @@ -2,9 +2,11 @@ config, myvars, ... -}: let +}: +let homeDir = config.users.users."${myvars.username}".home; -in { +in +{ # https://github.com/LnL7/nix-darwin/blob/master/modules/programs/gnupg.nix # try `pkill gpg-agent` if you have issues(such as `no pinentry`) programs.gnupg.agent = { diff --git a/modules/darwin/users.nix b/modules/darwin/users.nix index f2de326e..b41fe706 100644 --- a/modules/darwin/users.nix +++ b/modules/darwin/users.nix @@ -1,4 +1,5 @@ -{myvars, ...}: { +{ myvars, ... }: +{ # Define a user account. Don't forget to set a password with ‘passwd’. users.users."${myvars.username}" = { home = "/Users/${myvars.username}"; diff --git a/modules/nixos/base/core.nix b/modules/nixos/base/core.nix index f2aa8aee..94299d4b 100644 --- a/modules/nixos/base/core.nix +++ b/modules/nixos/base/core.nix @@ -1,4 +1,5 @@ -{lib, ...}: { +{ lib, ... }: +{ boot.loader.systemd-boot = { # we use Git for version control, so we don't need to keep too many generations. configurationLimit = lib.mkDefault 10; diff --git a/modules/nixos/base/default.nix b/modules/nixos/base/default.nix index eeb48a40..049dda93 100644 --- a/modules/nixos/base/default.nix +++ b/modules/nixos/base/default.nix @@ -1,3 +1,4 @@ -{mylib, ...}: { +{ mylib, ... }: +{ imports = mylib.scanPaths ./.; } diff --git a/modules/nixos/base/nix.nix b/modules/nixos/base/nix.nix index 5e7c28e3..7dec1136 100644 --- a/modules/nixos/base/nix.nix +++ b/modules/nixos/base/nix.nix @@ -2,7 +2,8 @@ config, lib, ... -}: { +}: +{ # to install chrome, you need to enable unfree packages nixpkgs.config.allowUnfree = lib.mkForce true; diff --git a/modules/nixos/base/packages.nix b/modules/nixos/base/packages.nix index 3043bbd5..ebb52f87 100644 --- a/modules/nixos/base/packages.nix +++ b/modules/nixos/base/packages.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [ diff --git a/modules/nixos/base/remote-building.nix b/modules/nixos/base/remote-building.nix index 84901ab3..10720627 100644 --- a/modules/nixos/base/remote-building.nix +++ b/modules/nixos/base/remote-building.nix @@ -1,4 +1,5 @@ -{myvars, ...}: { +{ myvars, ... }: +{ #################################################################### # # NixOS's Configuration for Remote Building / Distributed Building @@ -13,57 +14,59 @@ # set local's max-job to 0 to force remote building(disable local building) # nix.settings.max-jobs = 0; nix.distributedBuilds = true; - nix.buildMachines = let - sshUser = myvars.username; - # ssh key's path on local machine - sshKey = "/etc/agenix/ssh-key-romantic"; - systems = [ - # native arch - "x86_64-linux" + nix.buildMachines = + let + sshUser = myvars.username; + # ssh key's path on local machine + sshKey = "/etc/agenix/ssh-key-romantic"; + systems = [ + # native arch + "x86_64-linux" - # emulated arch using binfmt_misc and qemu-user - "aarch64-linux" - "riscv64-linux" + # emulated arch using binfmt_misc and qemu-user + "aarch64-linux" + "riscv64-linux" + ]; + # all available system features are poorly documentd here: + # https://github.com/NixOS/nix/blob/e503ead/src/libstore/globals.hh#L673-L687 + supportedFeatures = [ + "benchmark" + "big-parallel" + "kvm" + ]; + in + [ + # Nix seems always try to build on the machine remotely + # to make use of the local machine's high-performance CPU, do not set remote builder's maxJobs too high. + # { + # # some of my remote builders are running NixOS + # # and has the same sshUser, sshKey, systems, etc. + # inherit sshUser sshKey systems supportedFeatures; + # + # # the hostName should be: + # # 1. a hostname that can be resolved by DNS + # # 2. the ip address of the remote builder + # # 3. a host alias defined globally in /etc/ssh/ssh_config + # hostName = "aquamarine"; + # # remote builder's max-job + # maxJobs = 3; + # # speedFactor's a signed integer + # # https://github.com/ryan4yin/nix-config/issues/70 + # speedFactor = 1; + # } + # { + # inherit sshUser sshKey systems supportedFeatures; + # hostName = "ruby"; + # maxJobs = 2; + # speedFactor = 1; + # } + # { + # inherit sshUser sshKey systems supportedFeatures; + # hostName = "kana"; + # maxJobs = 2; + # speedFactor = 1; + # } ]; - # all available system features are poorly documentd here: - # https://github.com/NixOS/nix/blob/e503ead/src/libstore/globals.hh#L673-L687 - supportedFeatures = [ - "benchmark" - "big-parallel" - "kvm" - ]; - in [ - # Nix seems always try to build on the machine remotely - # to make use of the local machine's high-performance CPU, do not set remote builder's maxJobs too high. - # { - # # some of my remote builders are running NixOS - # # and has the same sshUser, sshKey, systems, etc. - # inherit sshUser sshKey systems supportedFeatures; - # - # # the hostName should be: - # # 1. a hostname that can be resolved by DNS - # # 2. the ip address of the remote builder - # # 3. a host alias defined globally in /etc/ssh/ssh_config - # hostName = "aquamarine"; - # # remote builder's max-job - # maxJobs = 3; - # # speedFactor's a signed integer - # # https://github.com/ryan4yin/nix-config/issues/70 - # speedFactor = 1; - # } - # { - # inherit sshUser sshKey systems supportedFeatures; - # hostName = "ruby"; - # maxJobs = 2; - # speedFactor = 1; - # } - # { - # inherit sshUser sshKey systems supportedFeatures; - # hostName = "kana"; - # maxJobs = 2; - # speedFactor = 1; - # } - ]; # optional, useful when the builder has a faster internet connection than yours nix.extraOptions = '' builders-use-substitutes = true diff --git a/modules/nixos/base/ssh.nix b/modules/nixos/base/ssh.nix index 5582fa5d..38b42786 100644 --- a/modules/nixos/base/ssh.nix +++ b/modules/nixos/base/ssh.nix @@ -1,4 +1,5 @@ -{lib, ...}: { +{ lib, ... }: +{ # Or disable the firewall altogether. networking.firewall.enable = lib.mkDefault false; # Enable the OpenSSH daemon. diff --git a/modules/nixos/base/user-group.nix b/modules/nixos/base/user-group.nix index d1be5863..d3d00668 100644 --- a/modules/nixos/base/user-group.nix +++ b/modules/nixos/base/user-group.nix @@ -2,21 +2,22 @@ myvars, config, ... -}: { +}: +{ # Don't allow mutation of users outside the config. users.mutableUsers = false; users.groups = { - "${myvars.username}" = {}; - podman = {}; - wireshark = {}; + "${myvars.username}" = { }; + podman = { }; + wireshark = { }; # for android platform tools's udev rules - adbusers = {}; - dialout = {}; + adbusers = { }; + dialout = { }; # for openocd (embedded system development) - plugdev = {}; + plugdev = { }; # misc - uinput = {}; + uinput = { }; }; users.users."${myvars.username}" = { diff --git a/modules/nixos/desktop.nix b/modules/nixos/desktop.nix index ccbb912d..3a3b440e 100644 --- a/modules/nixos/desktop.nix +++ b/modules/nixos/desktop.nix @@ -5,9 +5,11 @@ myvars, ... }: -with lib; let +with lib; +let cfgWayland = config.modules.desktop.wayland; -in { +in +{ imports = [ ./base ../base @@ -45,7 +47,7 @@ in { }; # fix https://github.com/ryan4yin/nix-config/issues/10 - security.pam.services.hyprlock = {}; + security.pam.services.hyprlock = { }; }) ]; } diff --git a/modules/nixos/desktop/default.nix b/modules/nixos/desktop/default.nix index eeb48a40..049dda93 100644 --- a/modules/nixos/desktop/default.nix +++ b/modules/nixos/desktop/default.nix @@ -1,3 +1,4 @@ -{mylib, ...}: { +{ mylib, ... }: +{ imports = mylib.scanPaths ./.; } diff --git a/modules/nixos/desktop/fhs.nix b/modules/nixos/desktop/fhs.nix index b14cfdb0..022e27dc 100644 --- a/modules/nixos/desktop/fhs.nix +++ b/modules/nixos/desktop/fhs.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ # FHS environment, flatpak, appImage, etc. environment.systemPackages = [ # create a fhs environment by command `fhs`, so we can run non-nixos packages in nixos! @@ -6,14 +7,16 @@ let base = pkgs.appimageTools.defaultFhsEnvArgs; in - pkgs.buildFHSEnv (base - // { - name = "fhs"; - targetPkgs = pkgs: (base.targetPkgs pkgs) ++ [pkgs.pkg-config]; - profile = "export FHS=1"; - runScript = "bash"; - extraOutputsToInstall = ["dev"]; - }) + pkgs.buildFHSEnv ( + base + // { + name = "fhs"; + targetPkgs = pkgs: (base.targetPkgs pkgs) ++ [ pkgs.pkg-config ]; + profile = "export FHS=1"; + runScript = "bash"; + extraOutputsToInstall = [ "dev" ]; + } + ) ) ]; diff --git a/modules/nixos/desktop/fonts.nix b/modules/nixos/desktop/fonts.nix index 55512d44..21b829b0 100644 --- a/modules/nixos/desktop/fonts.nix +++ b/modules/nixos/desktop/fonts.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ # all fonts are linked to /nix/var/nix/profiles/system/sw/share/X11/fonts fonts = { # use fonts specified by user rather than default ones @@ -37,7 +38,7 @@ # 西文 "JetBrainsMono Nerd Font" ]; - emoji = ["Noto Color Emoji"]; + emoji = [ "Noto Color Emoji" ]; }; antialias = true; # 抗锯齿 hinting.enable = false; # 禁止字体微调 - 高分辨率下没这必要 diff --git a/modules/nixos/desktop/misc.nix b/modules/nixos/desktop/misc.nix index ea9002e0..af50b27d 100644 --- a/modules/nixos/desktop/misc.nix +++ b/modules/nixos/desktop/misc.nix @@ -4,7 +4,8 @@ pkgs, pkgs-unstable, ... -}: { +}: +{ boot.loader.timeout = lib.mkForce 10; # wait for x seconds to select the boot entry # add user's shell into /etc/shells diff --git a/modules/nixos/desktop/peripherals.nix b/modules/nixos/desktop/peripherals.nix index 618d8f2f..f3c3bd42 100644 --- a/modules/nixos/desktop/peripherals.nix +++ b/modules/nixos/desktop/peripherals.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ #============================= Audio(PipeWire) ======================= # List packages installed in system profile. To search, run: diff --git a/modules/nixos/desktop/remote-desktop/default.nix b/modules/nixos/desktop/remote-desktop/default.nix index 044e87a6..feacd8da 100644 --- a/modules/nixos/desktop/remote-desktop/default.nix +++ b/modules/nixos/desktop/remote-desktop/default.nix @@ -2,7 +2,8 @@ pkgs, mylib, ... -}: { +}: +{ imports = mylib.scanPaths ./.; environment.systemPackages = with pkgs; [ diff --git a/modules/nixos/desktop/remote-desktop/tailscale.nix b/modules/nixos/desktop/remote-desktop/tailscale.nix index 2d7ec841..a278bf09 100644 --- a/modules/nixos/desktop/remote-desktop/tailscale.nix +++ b/modules/nixos/desktop/remote-desktop/tailscale.nix @@ -30,7 +30,7 @@ # ============================================================= { # make the tailscale command usable to users - environment.systemPackages = [pkgs.tailscale]; + environment.systemPackages = [ pkgs.tailscale ]; # enable the tailscale service services.tailscale = { diff --git a/modules/nixos/desktop/virtualisation.nix b/modules/nixos/desktop/virtualisation.nix index 7fddb28f..1d8abe8d 100644 --- a/modules/nixos/desktop/virtualisation.nix +++ b/modules/nixos/desktop/virtualisation.nix @@ -2,7 +2,8 @@ pkgs, # nur-ataraxiasjel, ... -}: { +}: +{ ################################################################################### # # Virtualisation - Libvirt(QEMU/KVM) / Docker / LXD / WayDroid @@ -20,7 +21,7 @@ # boot.kernelModules = ["kvm-intel"]; # boot.extraModprobeConfig = "options kvm_intel nested=1"; # for intel cpu - boot.kernelModules = ["vfio-pci"]; + boot.kernelModules = [ "vfio-pci" ]; services.flatpak.enable = true; @@ -36,7 +37,7 @@ autoPrune = { enable = true; dates = "weekly"; - flags = ["--all"]; + flags = [ "--all" ]; }; }; diff --git a/modules/nixos/desktop/xdg.nix b/modules/nixos/desktop/xdg.nix index 61e605f5..6efe4f8e 100644 --- a/modules/nixos/desktop/xdg.nix +++ b/modules/nixos/desktop/xdg.nix @@ -1,25 +1,26 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ xdg.terminal-exec = { enable = true; package = pkgs.xdg-terminal-exec-mkhl; - settings = let - my_terminal_desktop = [ - # NOTE: We have add these packages at user level - "Alacritty.desktop" - "kitty.desktop" - "foot.desktop" - "com.mitchellh.ghostty.desktop" - ]; - in { - GNOME = - my_terminal_desktop - ++ [ + settings = + let + my_terminal_desktop = [ + # NOTE: We have add these packages at user level + "Alacritty.desktop" + "kitty.desktop" + "foot.desktop" + "com.mitchellh.ghostty.desktop" + ]; + in + { + GNOME = my_terminal_desktop ++ [ "com.raggesilver.BlackBox.desktop" "org.gnome.Terminal.desktop" ]; - niri = my_terminal_desktop; - default = my_terminal_desktop; - }; + niri = my_terminal_desktop; + default = my_terminal_desktop; + }; }; xdg.portal = { diff --git a/modules/nixos/server/kubevirt-hardware-configuration.nix b/modules/nixos/server/kubevirt-hardware-configuration.nix index 6edb8f13..ccc816bf 100644 --- a/modules/nixos/server/kubevirt-hardware-configuration.nix +++ b/modules/nixos/server/kubevirt-hardware-configuration.nix @@ -20,7 +20,7 @@ config = { # disable backups in the VM - services.btrbk.instances = lib.mkForce {}; + services.btrbk.instances = lib.mkForce { }; fileSystems."/" = { device = "/dev/disk/by-label/nixos"; @@ -29,7 +29,7 @@ }; boot.growPartition = true; - boot.kernelParams = ["console=ttyS0"]; + boot.kernelParams = [ "console=ttyS0" ]; boot.loader.grub.device = "/dev/vda"; services.qemuGuest.enable = true; # qemu-guest-agent diff --git a/modules/nixos/server/server-aarch64.nix b/modules/nixos/server/server-aarch64.nix index e2879a7b..d321cbc5 100644 --- a/modules/nixos/server/server-aarch64.nix +++ b/modules/nixos/server/server-aarch64.nix @@ -2,7 +2,8 @@ lib, pkgs, ... -}: { +}: +{ imports = [ ../base/btrbk.nix ../base/core.nix diff --git a/modules/nixos/server/server-riscv64.nix b/modules/nixos/server/server-riscv64.nix index b62e0e73..eb433fab 100644 --- a/modules/nixos/server/server-riscv64.nix +++ b/modules/nixos/server/server-riscv64.nix @@ -1,4 +1,5 @@ -{lib, ...}: { +{ lib, ... }: +{ # ========================================================================= # Base NixOS Configuration # ========================================================================= diff --git a/modules/nixos/server/server.nix b/modules/nixos/server/server.nix index 1b33e534..f95f803a 100644 --- a/modules/nixos/server/server.nix +++ b/modules/nixos/server/server.nix @@ -1,4 +1,5 @@ -{lib, ...}: { +{ lib, ... }: +{ imports = [ ../base ../../base diff --git a/nixos-installer/configuration.nix b/nixos-installer/configuration.nix index f435f11e..764f9c20 100644 --- a/nixos-installer/configuration.nix +++ b/nixos-installer/configuration.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ # ssh-agent is used to pull my private secrets repo from github when deploying my nixos config. programs.ssh.startAgent = true; diff --git a/nixos-installer/flake.nix b/nixos-installer/flake.nix index 06fc9d94..2e51c548 100644 --- a/nixos-installer/flake.nix +++ b/nixos-installer/flake.nix @@ -17,62 +17,61 @@ }; }; - outputs = inputs @ { - nixpkgs, - nixos-apple-silicon, - my-asahi-firmware, - ... - }: let - inherit (inputs.nixpkgs) lib; - mylib = import ../lib {inherit lib;}; - myvars = import ../vars {inherit lib;}; - in { - nixosConfigurations = { - ai = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = - inputs - // { + outputs = + inputs@{ + nixpkgs, + nixos-apple-silicon, + my-asahi-firmware, + ... + }: + let + inherit (inputs.nixpkgs) lib; + mylib = import ../lib { inherit lib; }; + myvars = import ../vars { inherit lib; }; + in + { + nixosConfigurations = { + ai = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = inputs // { inherit mylib myvars; }; - modules = [ - {networking.hostName = "ai";} + modules = [ + { networking.hostName = "ai"; } - ./configuration.nix + ./configuration.nix - ../modules/base - ../modules/nixos/base/i18n.nix - ../modules/nixos/base/user-group.nix - ../modules/nixos/base/ssh.nix + ../modules/base + ../modules/nixos/base/i18n.nix + ../modules/nixos/base/user-group.nix + ../modules/nixos/base/ssh.nix - ../hosts/idols-ai/hardware-configuration.nix - ../hosts/idols-ai/preservation.nix - ]; - }; + ../hosts/idols-ai/hardware-configuration.nix + ../hosts/idols-ai/preservation.nix + ]; + }; - shoukei = nixpkgs.lib.nixosSystem { - system = "aarch64-linux"; - specialArgs = - inputs - // { + shoukei = nixpkgs.lib.nixosSystem { + system = "aarch64-linux"; + specialArgs = inputs // { inherit mylib myvars my-asahi-firmware; }; - modules = [ - {networking.hostName = "shoukei";} + modules = [ + { networking.hostName = "shoukei"; } - nixos-apple-silicon.nixosModules.default - ./configuration.nix + nixos-apple-silicon.nixosModules.default + ./configuration.nix - ../modules/base - ../modules/nixos/base/i18n.nix - ../modules/nixos/base/user-group.nix - ../modules/nixos/base/ssh.nix + ../modules/base + ../modules/nixos/base/i18n.nix + ../modules/nixos/base/user-group.nix + ../modules/nixos/base/ssh.nix - ../hosts/12kingdoms-shoukei/hardware-configuration.nix - ../hosts/idols-ai/preservation.nix - ]; + ../hosts/12kingdoms-shoukei/hardware-configuration.nix + ../hosts/idols-ai/preservation.nix + ]; + }; }; }; - }; } diff --git a/outputs/aarch64-darwin/default.nix b/outputs/aarch64-darwin/default.nix index be8ddae7..675d7657 100644 --- a/outputs/aarch64-darwin/default.nix +++ b/outputs/aarch64-darwin/default.nix @@ -2,7 +2,8 @@ lib, inputs, ... -} @ args: let +}@args: +let inherit (inputs) haumea; # Contains all the flake outputs of this system architecture. @@ -15,16 +16,20 @@ # Merge all the machine's data into a single attribute set. outputs = { - darwinConfigurations = lib.attrsets.mergeAttrsList (map (it: it.darwinConfigurations or {}) dataWithoutPaths); + darwinConfigurations = lib.attrsets.mergeAttrsList ( + map (it: it.darwinConfigurations or { }) dataWithoutPaths + ); }; in - outputs - // { - inherit data; # for debugging purposes +outputs +// { + inherit data; # for debugging purposes - # NixOS's unit tests. - evalTests = haumea.lib.loadEvalTests { - src = ./tests; - inputs = args // {inherit outputs;}; + # NixOS's unit tests. + evalTests = haumea.lib.loadEvalTests { + src = ./tests; + inputs = args // { + inherit outputs; }; - } + }; +} diff --git a/outputs/aarch64-darwin/src/fern.nix b/outputs/aarch64-darwin/src/fern.nix index da77775c..2709d2be 100644 --- a/outputs/aarch64-darwin/src/fern.nix +++ b/outputs/aarch64-darwin/src/fern.nix @@ -9,7 +9,8 @@ system, genSpecialArgs, ... -} @ args: let +}@args: +let name = "fern"; modules = { @@ -34,7 +35,8 @@ }; systemArgs = modules // args; -in { +in +{ # macOS's configuration darwinConfigurations.${name} = mylib.macosSystem systemArgs; } diff --git a/outputs/aarch64-darwin/src/frieren.nix b/outputs/aarch64-darwin/src/frieren.nix index 6874050b..8ea0b8d6 100644 --- a/outputs/aarch64-darwin/src/frieren.nix +++ b/outputs/aarch64-darwin/src/frieren.nix @@ -9,7 +9,8 @@ system, genSpecialArgs, ... -} @ args: let +}@args: +let name = "frieren"; modules = { @@ -33,7 +34,8 @@ }; systemArgs = modules // args; -in { +in +{ # macOS's configuration darwinConfigurations.${name} = mylib.macosSystem systemArgs; } diff --git a/outputs/aarch64-darwin/tests/home-manager/expected.nix b/outputs/aarch64-darwin/tests/home-manager/expected.nix index 0b160309..f6e9c873 100644 --- a/outputs/aarch64-darwin/tests/home-manager/expected.nix +++ b/outputs/aarch64-darwin/tests/home-manager/expected.nix @@ -1,11 +1,12 @@ { myvars, lib, -}: let +}: +let username = myvars.username; hosts = [ "fern" "frieren" ]; in - lib.genAttrs hosts (_: "/Users/${username}") +lib.genAttrs hosts (_: "/Users/${username}") diff --git a/outputs/aarch64-darwin/tests/home-manager/expr.nix b/outputs/aarch64-darwin/tests/home-manager/expr.nix index cf056984..e892f438 100644 --- a/outputs/aarch64-darwin/tests/home-manager/expr.nix +++ b/outputs/aarch64-darwin/tests/home-manager/expr.nix @@ -2,15 +2,14 @@ myvars, lib, outputs, -}: let +}: +let username = myvars.username; hosts = [ "fern" "frieren" ]; in - lib.genAttrs - hosts - ( - name: outputs.darwinConfigurations.${name}.config.home-manager.users.${username}.home.homeDirectory - ) +lib.genAttrs hosts ( + name: outputs.darwinConfigurations.${name}.config.home-manager.users.${username}.home.homeDirectory +) diff --git a/outputs/aarch64-darwin/tests/hostname/expected.nix b/outputs/aarch64-darwin/tests/hostname/expected.nix index 83f0a9b9..0f1edc4d 100644 --- a/outputs/aarch64-darwin/tests/hostname/expected.nix +++ b/outputs/aarch64-darwin/tests/hostname/expected.nix @@ -1,8 +1,9 @@ { lib, outputs, -}: let +}: +let hostsNames = builtins.attrNames outputs.darwinConfigurations; expected = lib.genAttrs hostsNames (name: name); in - expected +expected diff --git a/outputs/aarch64-darwin/tests/hostname/expr.nix b/outputs/aarch64-darwin/tests/hostname/expr.nix index 78f05d28..1ddefd3f 100644 --- a/outputs/aarch64-darwin/tests/hostname/expr.nix +++ b/outputs/aarch64-darwin/tests/hostname/expr.nix @@ -2,8 +2,6 @@ lib, outputs, }: -lib.genAttrs -(builtins.attrNames outputs.darwinConfigurations) -( +lib.genAttrs (builtins.attrNames outputs.darwinConfigurations) ( name: outputs.darwinConfigurations.${name}.config.networking.hostName ) diff --git a/outputs/aarch64-linux/default.nix b/outputs/aarch64-linux/default.nix index 92a0923a..c73627df 100644 --- a/outputs/aarch64-linux/default.nix +++ b/outputs/aarch64-linux/default.nix @@ -2,7 +2,8 @@ lib, inputs, ... -} @ args: let +}@args: +let inherit (inputs) haumea; # Contains all the flake outputs of this system architecture. @@ -15,23 +16,31 @@ # Merge all the machine's data into a single attribute set. outputs = { - nixosConfigurations = lib.attrsets.mergeAttrsList (map (it: it.nixosConfigurations or {}) dataWithoutPaths); - packages = lib.attrsets.mergeAttrsList (map (it: it.packages or {}) dataWithoutPaths); + nixosConfigurations = lib.attrsets.mergeAttrsList ( + map (it: it.nixosConfigurations or { }) dataWithoutPaths + ); + packages = lib.attrsets.mergeAttrsList (map (it: it.packages or { }) dataWithoutPaths); # colmena contains some meta info, which need to be merged carefully. colmenaMeta = { - nodeNixpkgs = lib.attrsets.mergeAttrsList (map (it: it.colmenaMeta.nodeNixpkgs or {}) dataWithoutPaths); - nodeSpecialArgs = lib.attrsets.mergeAttrsList (map (it: it.colmenaMeta.nodeSpecialArgs or {}) dataWithoutPaths); + nodeNixpkgs = lib.attrsets.mergeAttrsList ( + map (it: it.colmenaMeta.nodeNixpkgs or { }) dataWithoutPaths + ); + nodeSpecialArgs = lib.attrsets.mergeAttrsList ( + map (it: it.colmenaMeta.nodeSpecialArgs or { }) dataWithoutPaths + ); }; - colmena = lib.attrsets.mergeAttrsList (map (it: it.colmena or {}) dataWithoutPaths); + colmena = lib.attrsets.mergeAttrsList (map (it: it.colmena or { }) dataWithoutPaths); }; in - outputs - // { - inherit data; # for debugging purposes +outputs +// { + inherit data; # for debugging purposes - # NixOS's unit tests. - evalTests = haumea.lib.loadEvalTests { - src = ./tests; - inputs = args // {inherit outputs;}; + # NixOS's unit tests. + evalTests = haumea.lib.loadEvalTests { + src = ./tests; + inputs = args // { + inherit outputs; }; - } + }; +} diff --git a/outputs/aarch64-linux/src/12kingdoms-shoukei.nix b/outputs/aarch64-linux/src/12kingdoms-shoukei.nix index 12f6102e..f2fbe22a 100644 --- a/outputs/aarch64-linux/src/12kingdoms-shoukei.nix +++ b/outputs/aarch64-linux/src/12kingdoms-shoukei.nix @@ -9,7 +9,8 @@ system, genSpecialArgs, ... -} @ args: let +}@args: +let # Shoukei (祥瓊, Shōkei) name = "shoukei"; base-modules = { @@ -33,25 +34,24 @@ }; modules-hyprland = { - nixos-modules = - [ - { - modules.desktop.wayland.enable = true; - modules.secrets.desktop.enable = true; - modules.secrets.preservation.enable = true; + nixos-modules = [ + { + modules.desktop.wayland.enable = true; + modules.secrets.desktop.enable = true; + modules.secrets.preservation.enable = true; - # TODO: remove this option - nixpkgs.config.allowUnsupportedSstem = true; - } - ] - ++ base-modules.nixos-modules; - home-modules = - [ - {modules.desktop.hyprland.enable = true;} - ] - ++ base-modules.home-modules; + # TODO: remove this option + nixpkgs.config.allowUnsupportedSstem = true; + } + ] + ++ base-modules.nixos-modules; + home-modules = [ + { modules.desktop.hyprland.enable = true; } + ] + ++ base-modules.home-modules; }; -in { +in +{ nixosConfigurations = { # host with hyprland compositor "${name}-hyprland" = mylib.nixosSystem (modules-hyprland // args); diff --git a/outputs/aarch64-linux/tests/home-manager/expected.nix b/outputs/aarch64-linux/tests/home-manager/expected.nix index 5bd2dc02..8f338aaa 100644 --- a/outputs/aarch64-linux/tests/home-manager/expected.nix +++ b/outputs/aarch64-linux/tests/home-manager/expected.nix @@ -1,10 +1,11 @@ { myvars, lib, -}: let +}: +let username = myvars.username; hosts = [ "shoukei-hyprland" ]; in - lib.genAttrs hosts (_: "/home/${username}") +lib.genAttrs hosts (_: "/home/${username}") diff --git a/outputs/aarch64-linux/tests/home-manager/expr.nix b/outputs/aarch64-linux/tests/home-manager/expr.nix index 8f8bf767..05c367a4 100644 --- a/outputs/aarch64-linux/tests/home-manager/expr.nix +++ b/outputs/aarch64-linux/tests/home-manager/expr.nix @@ -2,14 +2,13 @@ myvars, lib, outputs, -}: let +}: +let username = myvars.username; hosts = [ "shoukei-hyprland" ]; in - lib.genAttrs - hosts - ( - name: outputs.nixosConfigurations.${name}.config.home-manager.users.${username}.home.homeDirectory - ) +lib.genAttrs hosts ( + name: outputs.nixosConfigurations.${name}.config.home-manager.users.${username}.home.homeDirectory +) diff --git a/outputs/aarch64-linux/tests/hostname/expected.nix b/outputs/aarch64-linux/tests/hostname/expected.nix index e86fb1bc..24df8902 100644 --- a/outputs/aarch64-linux/tests/hostname/expected.nix +++ b/outputs/aarch64-linux/tests/hostname/expected.nix @@ -1,7 +1,8 @@ { lib, outputs, -}: let +}: +let specialExpected = { "shoukei-hyprland" = "shoukei"; }; @@ -11,4 +12,5 @@ otherHostsNames = builtins.attrNames otherHosts; # other hosts's hostName is the same as the nixosConfigurations name otherExpected = lib.genAttrs otherHostsNames (name: name); -in (specialExpected // otherExpected) +in +(specialExpected // otherExpected) diff --git a/outputs/aarch64-linux/tests/hostname/expr.nix b/outputs/aarch64-linux/tests/hostname/expr.nix index 6f6c291a..db73a48c 100644 --- a/outputs/aarch64-linux/tests/hostname/expr.nix +++ b/outputs/aarch64-linux/tests/hostname/expr.nix @@ -2,8 +2,6 @@ lib, outputs, }: -lib.genAttrs -(builtins.attrNames outputs.nixosConfigurations) -( +lib.genAttrs (builtins.attrNames outputs.nixosConfigurations) ( name: outputs.nixosConfigurations.${name}.config.networking.hostName ) diff --git a/outputs/aarch64-linux/tests/kernel/expected.nix b/outputs/aarch64-linux/tests/kernel/expected.nix index 2ebb9486..23f4427a 100644 --- a/outputs/aarch64-linux/tests/kernel/expected.nix +++ b/outputs/aarch64-linux/tests/kernel/expected.nix @@ -1,8 +1,9 @@ { lib, outputs, -}: let +}: +let hostsNames = builtins.attrNames outputs.nixosConfigurations; expected = lib.genAttrs hostsNames (_: "aarch64-linux"); in - expected +expected diff --git a/outputs/aarch64-linux/tests/kernel/expr.nix b/outputs/aarch64-linux/tests/kernel/expr.nix index 478781b0..a3821f04 100644 --- a/outputs/aarch64-linux/tests/kernel/expr.nix +++ b/outputs/aarch64-linux/tests/kernel/expr.nix @@ -2,8 +2,6 @@ lib, outputs, }: -lib.genAttrs -(builtins.attrNames outputs.nixosConfigurations) -( +lib.genAttrs (builtins.attrNames outputs.nixosConfigurations) ( name: outputs.nixosConfigurations.${name}.config.boot.kernelPackages.kernel.system ) diff --git a/outputs/default.nix b/outputs/default.nix index 895c4313..b2463cab 100644 --- a/outputs/default.nix +++ b/outputs/default.nix @@ -3,14 +3,16 @@ nixpkgs, pre-commit-hooks, ... -} @ inputs: let +}@inputs: +let inherit (inputs.nixpkgs) lib; - mylib = import ../lib {inherit lib;}; - myvars = import ../vars {inherit lib;}; + mylib = import ../lib { inherit lib; }; + myvars = import ../vars { inherit lib; }; # Add my custom lib, vars, nixpkgs instance, and all the inputs to specialArgs, # so that I can use them in all my nixos/home-manager/darwin modules. - genSpecialArgs = system: + genSpecialArgs = + system: inputs // { inherit mylib myvars; @@ -36,16 +38,24 @@ }; # This is the args for all the haumea modules in this folder. - args = {inherit inputs lib mylib myvars genSpecialArgs;}; + args = { + inherit + inputs + lib + mylib + myvars + genSpecialArgs + ; + }; # modules for each supported system nixosSystems = { - x86_64-linux = import ./x86_64-linux (args // {system = "x86_64-linux";}); - aarch64-linux = import ./aarch64-linux (args // {system = "aarch64-linux";}); + x86_64-linux = import ./x86_64-linux (args // { system = "x86_64-linux"; }); + aarch64-linux = import ./aarch64-linux (args // { system = "aarch64-linux"; }); # riscv64-linux = import ./riscv64-linux (args // {system = "riscv64-linux";}); }; darwinSystems = { - aarch64-darwin = import ./aarch64-darwin (args // {system = "aarch64-darwin";}); + aarch64-darwin = import ./aarch64-darwin (args // { system = "aarch64-darwin"; }); }; allSystems = nixosSystems // darwinSystems; allSystemNames = builtins.attrNames allSystems; @@ -55,86 +65,98 @@ # Helper function to generate a set of attributes for each system forAllSystems = func: (nixpkgs.lib.genAttrs allSystemNames func); -in { +in +{ # Add attribute sets into outputs, for debugging - debugAttrs = {inherit nixosSystems darwinSystems allSystems allSystemNames;}; + debugAttrs = { + inherit + nixosSystems + darwinSystems + allSystems + allSystemNames + ; + }; # NixOS Hosts - nixosConfigurations = - lib.attrsets.mergeAttrsList (map (it: it.nixosConfigurations or {}) nixosSystemValues); + nixosConfigurations = lib.attrsets.mergeAttrsList ( + map (it: it.nixosConfigurations or { }) nixosSystemValues + ); # Colmena - remote deployment via SSH - colmena = - { - meta = - ( - let - system = "x86_64-linux"; - in { - # colmena's default nixpkgs & specialArgs - nixpkgs = import nixpkgs {inherit system;}; - specialArgs = genSpecialArgs system; - } - ) - // { - # per-node nixpkgs & specialArgs - nodeNixpkgs = lib.attrsets.mergeAttrsList (map (it: it.colmenaMeta.nodeNixpkgs or {}) nixosSystemValues); - nodeSpecialArgs = lib.attrsets.mergeAttrsList (map (it: it.colmenaMeta.nodeSpecialArgs or {}) nixosSystemValues); - }; - } - // lib.attrsets.mergeAttrsList (map (it: it.colmena or {}) nixosSystemValues); + colmena = { + meta = + ( + let + system = "x86_64-linux"; + in + { + # colmena's default nixpkgs & specialArgs + nixpkgs = import nixpkgs { inherit system; }; + specialArgs = genSpecialArgs system; + } + ) + // { + # per-node nixpkgs & specialArgs + nodeNixpkgs = lib.attrsets.mergeAttrsList ( + map (it: it.colmenaMeta.nodeNixpkgs or { }) nixosSystemValues + ); + nodeSpecialArgs = lib.attrsets.mergeAttrsList ( + map (it: it.colmenaMeta.nodeSpecialArgs or { }) nixosSystemValues + ); + }; + } + // lib.attrsets.mergeAttrsList (map (it: it.colmena or { }) nixosSystemValues); # macOS Hosts - darwinConfigurations = - lib.attrsets.mergeAttrsList (map (it: it.darwinConfigurations or {}) darwinSystemValues); + darwinConfigurations = lib.attrsets.mergeAttrsList ( + map (it: it.darwinConfigurations or { }) darwinSystemValues + ); # Packages - packages = forAllSystems ( - system: allSystems.${system}.packages or {} - ); + packages = forAllSystems (system: allSystems.${system}.packages or { }); # Eval Tests for all NixOS & darwin systems. - evalTests = lib.lists.all (it: it.evalTests == {}) allSystemValues; + evalTests = lib.lists.all (it: it.evalTests == { }) allSystemValues; - checks = forAllSystems ( - system: { - # eval-tests per system - eval-tests = allSystems.${system}.evalTests == {}; + checks = forAllSystems (system: { + # eval-tests per system + eval-tests = allSystems.${system}.evalTests == { }; - pre-commit-check = pre-commit-hooks.lib.${system}.run { - src = mylib.relativeToRoot "."; - hooks = { - nixfmt-rfc-style = { - enable = true; - settings.width = 100; - }; - # Source code spell checker - typos = { - enable = true; - settings = { - write = true; # Automatically fix typos - configPath = "./.typos.toml"; # relative to the flake root - }; - }; - prettier = { - enable = true; - settings = { - write = true; # Automatically format files - configPath = "./.prettierrc.yaml"; # relative to the flake root - }; - }; - # deadnix.enable = true; # detect unused variable bindings in `*.nix` - # statix.enable = true; # lints and suggestions for Nix code(auto suggestions) + pre-commit-check = pre-commit-hooks.lib.${system}.run { + src = mylib.relativeToRoot "."; + hooks = { + nixfmt-rfc-style = { + enable = true; + settings.width = 100; }; + # Source code spell checker + typos = { + enable = true; + settings = { + write = true; # Automatically fix typos + configPath = "./.typos.toml"; # relative to the flake root + }; + }; + prettier = { + enable = true; + settings = { + write = true; # Automatically format files + configPath = "./.prettierrc.yaml"; # relative to the flake root + }; + }; + # deadnix.enable = true; # detect unused variable bindings in `*.nix` + # statix.enable = true; # lints and suggestions for Nix code(auto suggestions) }; - } - ); + }; + }); # Development Shells devShells = forAllSystems ( - system: let + system: + let pkgs = nixpkgs.legacyPackages.${system}; - in { + in + { default = pkgs.mkShell { packages = with pkgs; [ # fix https://discourse.nixos.org/t/non-interactive-bash-errors-from-flake-nix-mkshell/33310 @@ -159,7 +181,5 @@ in { ); # Format the nix code in this flake - formatter = forAllSystems ( - system: nixpkgs.legacyPackages.${system}.nixfmt - ); + formatter = forAllSystems (system: nixpkgs.legacyPackages.${system}.nixfmt); } diff --git a/outputs/x86_64-linux/default.nix b/outputs/x86_64-linux/default.nix index 92a0923a..c73627df 100644 --- a/outputs/x86_64-linux/default.nix +++ b/outputs/x86_64-linux/default.nix @@ -2,7 +2,8 @@ lib, inputs, ... -} @ args: let +}@args: +let inherit (inputs) haumea; # Contains all the flake outputs of this system architecture. @@ -15,23 +16,31 @@ # Merge all the machine's data into a single attribute set. outputs = { - nixosConfigurations = lib.attrsets.mergeAttrsList (map (it: it.nixosConfigurations or {}) dataWithoutPaths); - packages = lib.attrsets.mergeAttrsList (map (it: it.packages or {}) dataWithoutPaths); + nixosConfigurations = lib.attrsets.mergeAttrsList ( + map (it: it.nixosConfigurations or { }) dataWithoutPaths + ); + packages = lib.attrsets.mergeAttrsList (map (it: it.packages or { }) dataWithoutPaths); # colmena contains some meta info, which need to be merged carefully. colmenaMeta = { - nodeNixpkgs = lib.attrsets.mergeAttrsList (map (it: it.colmenaMeta.nodeNixpkgs or {}) dataWithoutPaths); - nodeSpecialArgs = lib.attrsets.mergeAttrsList (map (it: it.colmenaMeta.nodeSpecialArgs or {}) dataWithoutPaths); + nodeNixpkgs = lib.attrsets.mergeAttrsList ( + map (it: it.colmenaMeta.nodeNixpkgs or { }) dataWithoutPaths + ); + nodeSpecialArgs = lib.attrsets.mergeAttrsList ( + map (it: it.colmenaMeta.nodeSpecialArgs or { }) dataWithoutPaths + ); }; - colmena = lib.attrsets.mergeAttrsList (map (it: it.colmena or {}) dataWithoutPaths); + colmena = lib.attrsets.mergeAttrsList (map (it: it.colmena or { }) dataWithoutPaths); }; in - outputs - // { - inherit data; # for debugging purposes +outputs +// { + inherit data; # for debugging purposes - # NixOS's unit tests. - evalTests = haumea.lib.loadEvalTests { - src = ./tests; - inputs = args // {inherit outputs;}; + # NixOS's unit tests. + evalTests = haumea.lib.loadEvalTests { + src = ./tests; + inputs = args // { + inherit outputs; }; - } + }; +} diff --git a/outputs/x86_64-linux/nixos-tests/idols-ruby.nix b/outputs/x86_64-linux/nixos-tests/idols-ruby.nix index 1ffd0c5e..aecb1e1a 100644 --- a/outputs/x86_64-linux/nixos-tests/idols-ruby.nix +++ b/outputs/x86_64-linux/nixos-tests/idols-ruby.nix @@ -5,33 +5,34 @@ genSpecialArgs, nixos-modules, # TODO: test home-manager too. - home-modules ? [], + home-modules ? [ ], myvars, ... -}: let +}: +let pkgs = import inputs.nixpkgs { inherit system; config.allowUnfree = true; }; in - pkgs.testers.runNixOSTest { - name = "NixOS Tests for Idols Ruby"; +pkgs.testers.runNixOSTest { + name = "NixOS Tests for Idols Ruby"; - node = { - inherit pkgs; - specialArgs = genSpecialArgs system; - pkgsReadOnly = false; - }; + node = { + inherit pkgs; + specialArgs = genSpecialArgs system; + pkgsReadOnly = false; + }; - nodes = { - ruby.imports = nixos-modules; - }; + nodes = { + ruby.imports = nixos-modules; + }; - # Note that machine1 and machine2 are now available as - # Python objects and also as hostnames in the virtual network - testScript = '' - ruby.wait_for_unit("network-online.target") + # Note that machine1 and machine2 are now available as + # Python objects and also as hostnames in the virtual network + testScript = '' + ruby.wait_for_unit("network-online.target") - ruby.succeed("curl https://baidu.com") - ''; - } + ruby.succeed("curl https://baidu.com") + ''; +} diff --git a/outputs/x86_64-linux/src/idols-ai.nix b/outputs/x86_64-linux/src/idols-ai.nix index 8c5d3a71..dece6db9 100644 --- a/outputs/x86_64-linux/src/idols-ai.nix +++ b/outputs/x86_64-linux/src/idols-ai.nix @@ -9,7 +9,8 @@ system, genSpecialArgs, ... -} @ args: let +}@args: +let # 星野 アイ, Hoshino Ai name = "ai"; base-modules = { @@ -33,23 +34,22 @@ }; modules-hyprland = { - nixos-modules = - [ - { - modules.desktop.fonts.enable = true; - modules.desktop.wayland.enable = true; - modules.secrets.desktop.enable = true; - modules.secrets.preservation.enable = true; - } - ] - ++ base-modules.nixos-modules; - home-modules = - [ - {modules.desktop.hyprland.enable = true;} - ] - ++ base-modules.home-modules; + nixos-modules = [ + { + modules.desktop.fonts.enable = true; + modules.desktop.wayland.enable = true; + modules.secrets.desktop.enable = true; + modules.secrets.preservation.enable = true; + } + ] + ++ base-modules.nixos-modules; + home-modules = [ + { modules.desktop.hyprland.enable = true; } + ] + ++ base-modules.home-modules; }; -in { +in +{ nixosConfigurations = { # host with hyprland compositor "${name}-hyprland" = mylib.nixosSystem (modules-hyprland // args); diff --git a/outputs/x86_64-linux/src/idols-aquamarine.nix b/outputs/x86_64-linux/src/idols-aquamarine.nix index 46e2212e..14e04443 100644 --- a/outputs/x86_64-linux/src/idols-aquamarine.nix +++ b/outputs/x86_64-linux/src/idols-aquamarine.nix @@ -9,10 +9,14 @@ system, genSpecialArgs, ... -} @ args: let +}@args: +let # 星野 愛久愛海, Hoshino Akuamarin name = "aquamarine"; - tags = ["aqua" "homelab-network"]; + tags = [ + "aqua" + "homelab-network" + ]; ssh-user = "root"; modules = { @@ -26,10 +30,10 @@ "hosts/idols-${name}" ]) ++ [ - {modules.secrets.server.application.enable = true;} - {modules.secrets.server.operation.enable = true;} - {modules.secrets.server.webserver.enable = true;} - {modules.secrets.server.storage.enable = true;} + { modules.secrets.server.application.enable = true; } + { modules.secrets.server.operation.enable = true; } + { modules.secrets.server.webserver.enable = true; } + { modules.secrets.server.storage.enable = true; } ]; home-modules = map mylib.relativeToRoot [ "home/linux/tui.nix" @@ -37,11 +41,11 @@ }; systemArgs = modules // args; -in { +in +{ nixosConfigurations.${name} = mylib.nixosSystem systemArgs; - colmena.${name} = - mylib.colmenaSystem (systemArgs // {inherit tags ssh-user;}); + colmena.${name} = mylib.colmenaSystem (systemArgs // { inherit tags ssh-user; }); packages.${name} = inputs.self.nixosConfigurations.${name}.config.formats.kubevirt; } diff --git a/outputs/x86_64-linux/src/idols-kana.nix b/outputs/x86_64-linux/src/idols-kana.nix index 55619932..8da0b8eb 100644 --- a/outputs/x86_64-linux/src/idols-kana.nix +++ b/outputs/x86_64-linux/src/idols-kana.nix @@ -9,10 +9,14 @@ system, genSpecialArgs, ... -} @ args: let +}@args: +let # 有馬 かな, Arima Kana name = "kana"; - tags = [name "homelab-app"]; + tags = [ + name + "homelab-app" + ]; ssh-user = "root"; modules = { @@ -30,11 +34,11 @@ }; systemArgs = modules // args; -in { +in +{ nixosConfigurations.${name} = mylib.nixosSystem systemArgs; - colmena.${name} = - mylib.colmenaSystem (systemArgs // {inherit tags ssh-user;}); + colmena.${name} = mylib.colmenaSystem (systemArgs // { inherit tags ssh-user; }); packages.${name} = inputs.self.nixosConfigurations.${name}.config.formats.kubevirt; } diff --git a/outputs/x86_64-linux/src/idols-ruby.nix b/outputs/x86_64-linux/src/idols-ruby.nix index dfb23323..ed782b11 100644 --- a/outputs/x86_64-linux/src/idols-ruby.nix +++ b/outputs/x86_64-linux/src/idols-ruby.nix @@ -9,10 +9,14 @@ system, genSpecialArgs, ... -} @ args: let +}@args: +let # 星野 瑠美衣, Hoshino Rubii name = "ruby"; - tags = [name "homelab-operation"]; + tags = [ + name + "homelab-operation" + ]; ssh-user = "root"; modules = { @@ -33,11 +37,11 @@ }; systemArgs = modules // args; -in { +in +{ nixosConfigurations.${name} = mylib.nixosSystem systemArgs; - colmena.${name} = - mylib.colmenaSystem (systemArgs // {inherit tags ssh-user;}); + colmena.${name} = mylib.colmenaSystem (systemArgs // { inherit tags ssh-user; }); packages.${name} = inputs.self.nixosConfigurations.${name}.config.formats.kubevirt; diff --git a/outputs/x86_64-linux/src/k3s-prod-1-master-1.nix b/outputs/x86_64-linux/src/k3s-prod-1-master-1.nix index 25c16dac..a42bcb13 100644 --- a/outputs/x86_64-linux/src/k3s-prod-1-master-1.nix +++ b/outputs/x86_64-linux/src/k3s-prod-1-master-1.nix @@ -9,9 +9,10 @@ system, genSpecialArgs, ... -} @ args: let +}@args: +let name = "k3s-prod-1-master-1"; - tags = [name]; + tags = [ name ]; ssh-user = "root"; modules = { @@ -25,7 +26,7 @@ "hosts/k8s/${name}" ]) ++ [ - {modules.secrets.server.kubernetes.enable = true;} + { modules.secrets.server.kubernetes.enable = true; } ]; home-modules = map mylib.relativeToRoot [ "home/linux/core.nix" @@ -33,11 +34,11 @@ }; systemArgs = modules // args; -in { +in +{ nixosConfigurations.${name} = mylib.nixosSystem systemArgs; - colmena.${name} = - mylib.colmenaSystem (systemArgs // {inherit tags ssh-user;}); + colmena.${name} = mylib.colmenaSystem (systemArgs // { inherit tags ssh-user; }); packages.${name} = inputs.self.nixosConfigurations.${name}.config.formats.kubevirt; } diff --git a/outputs/x86_64-linux/src/k3s-prod-1-master-2.nix b/outputs/x86_64-linux/src/k3s-prod-1-master-2.nix index 42fb9778..69d4d9f4 100644 --- a/outputs/x86_64-linux/src/k3s-prod-1-master-2.nix +++ b/outputs/x86_64-linux/src/k3s-prod-1-master-2.nix @@ -9,9 +9,10 @@ system, genSpecialArgs, ... -} @ args: let +}@args: +let name = "k3s-prod-1-master-2"; - tags = [name]; + tags = [ name ]; ssh-user = "root"; modules = { @@ -25,16 +26,16 @@ "hosts/k8s/${name}" ]) ++ [ - {modules.secrets.server.kubernetes.enable = true;} + { modules.secrets.server.kubernetes.enable = true; } ]; }; systemArgs = modules // args; -in { +in +{ nixosConfigurations.${name} = mylib.nixosSystem systemArgs; - colmena.${name} = - mylib.colmenaSystem (systemArgs // {inherit tags ssh-user;}); + colmena.${name} = mylib.colmenaSystem (systemArgs // { inherit tags ssh-user; }); packages.${name} = inputs.self.nixosConfigurations.${name}.config.formats.kubevirt; } diff --git a/outputs/x86_64-linux/src/k3s-prod-1-master-3.nix b/outputs/x86_64-linux/src/k3s-prod-1-master-3.nix index dab9e774..e377eedb 100644 --- a/outputs/x86_64-linux/src/k3s-prod-1-master-3.nix +++ b/outputs/x86_64-linux/src/k3s-prod-1-master-3.nix @@ -9,9 +9,10 @@ system, genSpecialArgs, ... -} @ args: let +}@args: +let name = "k3s-prod-1-master-3"; - tags = [name]; + tags = [ name ]; ssh-user = "root"; modules = { @@ -25,16 +26,16 @@ "hosts/k8s/${name}" ]) ++ [ - {modules.secrets.server.kubernetes.enable = true;} + { modules.secrets.server.kubernetes.enable = true; } ]; }; systemArgs = modules // args; -in { +in +{ nixosConfigurations.${name} = mylib.nixosSystem systemArgs; - colmena.${name} = - mylib.colmenaSystem (systemArgs // {inherit tags ssh-user;}); + colmena.${name} = mylib.colmenaSystem (systemArgs // { inherit tags ssh-user; }); packages.${name} = inputs.self.nixosConfigurations.${name}.config.formats.kubevirt; } diff --git a/outputs/x86_64-linux/src/k3s-prod-1-worker-1.nix b/outputs/x86_64-linux/src/k3s-prod-1-worker-1.nix index b225e813..ef4a587f 100644 --- a/outputs/x86_64-linux/src/k3s-prod-1-worker-1.nix +++ b/outputs/x86_64-linux/src/k3s-prod-1-worker-1.nix @@ -9,9 +9,10 @@ system, genSpecialArgs, ... -} @ args: let +}@args: +let name = "k3s-prod-1-worker-1"; - tags = [name]; + tags = [ name ]; ssh-user = "root"; modules = { @@ -25,16 +26,16 @@ "hosts/k8s/${name}" ]) ++ [ - {modules.secrets.server.kubernetes.enable = true;} + { modules.secrets.server.kubernetes.enable = true; } ]; }; systemArgs = modules // args; -in { +in +{ nixosConfigurations.${name} = mylib.nixosSystem systemArgs; - colmena.${name} = - mylib.colmenaSystem (systemArgs // {inherit tags ssh-user;}); + colmena.${name} = mylib.colmenaSystem (systemArgs // { inherit tags ssh-user; }); packages.${name} = inputs.self.nixosConfigurations.${name}.config.formats.kubevirt; } diff --git a/outputs/x86_64-linux/src/k3s-prod-1-worker-2.nix b/outputs/x86_64-linux/src/k3s-prod-1-worker-2.nix index 735b2c74..8a34a087 100644 --- a/outputs/x86_64-linux/src/k3s-prod-1-worker-2.nix +++ b/outputs/x86_64-linux/src/k3s-prod-1-worker-2.nix @@ -9,9 +9,10 @@ system, genSpecialArgs, ... -} @ args: let +}@args: +let name = "k3s-prod-1-worker-2"; - tags = [name]; + tags = [ name ]; ssh-user = "root"; modules = { @@ -25,16 +26,16 @@ "hosts/k8s/${name}" ]) ++ [ - {modules.secrets.server.kubernetes.enable = true;} + { modules.secrets.server.kubernetes.enable = true; } ]; }; systemArgs = modules // args; -in { +in +{ nixosConfigurations.${name} = mylib.nixosSystem systemArgs; - colmena.${name} = - mylib.colmenaSystem (systemArgs // {inherit tags ssh-user;}); + colmena.${name} = mylib.colmenaSystem (systemArgs // { inherit tags ssh-user; }); packages.${name} = inputs.self.nixosConfigurations.${name}.config.formats.kubevirt; } diff --git a/outputs/x86_64-linux/src/k3s-prod-1-worker-3.nix b/outputs/x86_64-linux/src/k3s-prod-1-worker-3.nix index 4e2e0254..a87c09bf 100644 --- a/outputs/x86_64-linux/src/k3s-prod-1-worker-3.nix +++ b/outputs/x86_64-linux/src/k3s-prod-1-worker-3.nix @@ -9,9 +9,10 @@ system, genSpecialArgs, ... -} @ args: let +}@args: +let name = "k3s-prod-1-worker-3"; - tags = [name]; + tags = [ name ]; ssh-user = "root"; modules = { @@ -25,16 +26,16 @@ "hosts/k8s/${name}" ]) ++ [ - {modules.secrets.server.kubernetes.enable = true;} + { modules.secrets.server.kubernetes.enable = true; } ]; }; systemArgs = modules // args; -in { +in +{ nixosConfigurations.${name} = mylib.nixosSystem systemArgs; - colmena.${name} = - mylib.colmenaSystem (systemArgs // {inherit tags ssh-user;}); + colmena.${name} = mylib.colmenaSystem (systemArgs // { inherit tags ssh-user; }); packages.${name} = inputs.self.nixosConfigurations.${name}.config.formats.kubevirt; } diff --git a/outputs/x86_64-linux/src/k3s-test-1-master-1.nix b/outputs/x86_64-linux/src/k3s-test-1-master-1.nix index 61b5c042..b916ebb8 100644 --- a/outputs/x86_64-linux/src/k3s-test-1-master-1.nix +++ b/outputs/x86_64-linux/src/k3s-test-1-master-1.nix @@ -9,9 +9,10 @@ system, genSpecialArgs, ... -} @ args: let +}@args: +let name = "k3s-test-1-master-1"; - tags = [name]; + tags = [ name ]; ssh-user = "root"; modules = { @@ -25,7 +26,7 @@ "hosts/k8s/${name}" ]) ++ [ - {modules.secrets.server.kubernetes.enable = true;} + { modules.secrets.server.kubernetes.enable = true; } ]; home-modules = map mylib.relativeToRoot [ "home/linux/core.nix" @@ -33,11 +34,11 @@ }; systemArgs = modules // args; -in { +in +{ nixosConfigurations.${name} = mylib.nixosSystem systemArgs; - colmena.${name} = - mylib.colmenaSystem (systemArgs // {inherit tags ssh-user;}); + colmena.${name} = mylib.colmenaSystem (systemArgs // { inherit tags ssh-user; }); packages.${name} = inputs.self.nixosConfigurations.${name}.config.formats.kubevirt; } diff --git a/outputs/x86_64-linux/src/k3s-test-1-master-2.nix b/outputs/x86_64-linux/src/k3s-test-1-master-2.nix index 79c2b9cc..0648fb18 100644 --- a/outputs/x86_64-linux/src/k3s-test-1-master-2.nix +++ b/outputs/x86_64-linux/src/k3s-test-1-master-2.nix @@ -9,9 +9,10 @@ system, genSpecialArgs, ... -} @ args: let +}@args: +let name = "k3s-test-1-master-2"; - tags = [name]; + tags = [ name ]; ssh-user = "root"; modules = { @@ -25,16 +26,16 @@ "hosts/k8s/${name}" ]) ++ [ - {modules.secrets.server.kubernetes.enable = true;} + { modules.secrets.server.kubernetes.enable = true; } ]; }; systemArgs = modules // args; -in { +in +{ nixosConfigurations.${name} = mylib.nixosSystem systemArgs; - colmena.${name} = - mylib.colmenaSystem (systemArgs // {inherit tags ssh-user;}); + colmena.${name} = mylib.colmenaSystem (systemArgs // { inherit tags ssh-user; }); packages.${name} = inputs.self.nixosConfigurations.${name}.config.formats.kubevirt; } diff --git a/outputs/x86_64-linux/src/k3s-test-1-master-3.nix b/outputs/x86_64-linux/src/k3s-test-1-master-3.nix index 1b6cd94a..a78c159f 100644 --- a/outputs/x86_64-linux/src/k3s-test-1-master-3.nix +++ b/outputs/x86_64-linux/src/k3s-test-1-master-3.nix @@ -9,9 +9,10 @@ system, genSpecialArgs, ... -} @ args: let +}@args: +let name = "k3s-test-1-master-3"; - tags = [name]; + tags = [ name ]; ssh-user = "root"; modules = { @@ -25,16 +26,16 @@ "hosts/k8s/${name}" ]) ++ [ - {modules.secrets.server.kubernetes.enable = true;} + { modules.secrets.server.kubernetes.enable = true; } ]; }; systemArgs = modules // args; -in { +in +{ nixosConfigurations.${name} = mylib.nixosSystem systemArgs; - colmena.${name} = - mylib.colmenaSystem (systemArgs // {inherit tags ssh-user;}); + colmena.${name} = mylib.colmenaSystem (systemArgs // { inherit tags ssh-user; }); packages.${name} = inputs.self.nixosConfigurations.${name}.config.formats.kubevirt; } diff --git a/outputs/x86_64-linux/src/kubevirt-shoryu.nix b/outputs/x86_64-linux/src/kubevirt-shoryu.nix index a27e6eae..749f7784 100644 --- a/outputs/x86_64-linux/src/kubevirt-shoryu.nix +++ b/outputs/x86_64-linux/src/kubevirt-shoryu.nix @@ -9,9 +9,13 @@ system, genSpecialArgs, ... -} @ args: let +}@args: +let name = "kubevirt-shoryu"; - tags = [name "virt-shoryu"]; + tags = [ + name + "virt-shoryu" + ]; ssh-user = "root"; modules = { @@ -35,11 +39,11 @@ }; systemArgs = modules // args; -in { +in +{ nixosConfigurations.${name} = mylib.nixosSystem systemArgs; - colmena.${name} = - mylib.colmenaSystem (systemArgs // {inherit tags ssh-user;}); + colmena.${name} = mylib.colmenaSystem (systemArgs // { inherit tags ssh-user; }); packages.${name} = inputs.self.nixosConfigurations.${name}.config.formats.iso; } diff --git a/outputs/x86_64-linux/src/kubevirt-shushou.nix b/outputs/x86_64-linux/src/kubevirt-shushou.nix index e7f91f08..d99d377a 100644 --- a/outputs/x86_64-linux/src/kubevirt-shushou.nix +++ b/outputs/x86_64-linux/src/kubevirt-shushou.nix @@ -9,9 +9,13 @@ system, genSpecialArgs, ... -} @ args: let +}@args: +let name = "kubevirt-shushou"; - tags = [name "virt-shushou"]; + tags = [ + name + "virt-shushou" + ]; ssh-user = "root"; modules = { @@ -32,11 +36,11 @@ }; systemArgs = modules // args; -in { +in +{ nixosConfigurations.${name} = mylib.nixosSystem systemArgs; - colmena.${name} = - mylib.colmenaSystem (systemArgs // {inherit tags ssh-user;}); + colmena.${name} = mylib.colmenaSystem (systemArgs // { inherit tags ssh-user; }); packages.${name} = inputs.self.nixosConfigurations.${name}.config.formats.iso; } diff --git a/outputs/x86_64-linux/src/kubevirt-youko.nix b/outputs/x86_64-linux/src/kubevirt-youko.nix index 474384bc..fb7bfe53 100644 --- a/outputs/x86_64-linux/src/kubevirt-youko.nix +++ b/outputs/x86_64-linux/src/kubevirt-youko.nix @@ -9,9 +9,13 @@ system, genSpecialArgs, ... -} @ args: let +}@args: +let name = "kubevirt-youko"; - tags = [name "virt-youko"]; + tags = [ + name + "virt-youko" + ]; ssh-user = "root"; modules = { @@ -32,11 +36,11 @@ }; systemArgs = modules // args; -in { +in +{ nixosConfigurations.${name} = mylib.nixosSystem systemArgs; - colmena.${name} = - mylib.colmenaSystem (systemArgs // {inherit tags ssh-user;}); + colmena.${name} = mylib.colmenaSystem (systemArgs // { inherit tags ssh-user; }); packages.${name} = inputs.self.nixosConfigurations.${name}.config.formats.iso; } diff --git a/outputs/x86_64-linux/tests/home-manager/expected.nix b/outputs/x86_64-linux/tests/home-manager/expected.nix index 0da59c4e..417a2c84 100644 --- a/outputs/x86_64-linux/tests/home-manager/expected.nix +++ b/outputs/x86_64-linux/tests/home-manager/expected.nix @@ -1,7 +1,8 @@ { myvars, lib, -}: let +}: +let username = myvars.username; hosts = [ "ai-hyprland" @@ -9,4 +10,4 @@ "k3s-prod-1-master-1" ]; in - lib.genAttrs hosts (_: "/home/${username}") +lib.genAttrs hosts (_: "/home/${username}") diff --git a/outputs/x86_64-linux/tests/home-manager/expr.nix b/outputs/x86_64-linux/tests/home-manager/expr.nix index 416544a9..124368dd 100644 --- a/outputs/x86_64-linux/tests/home-manager/expr.nix +++ b/outputs/x86_64-linux/tests/home-manager/expr.nix @@ -2,7 +2,8 @@ myvars, lib, outputs, -}: let +}: +let username = myvars.username; hosts = [ "ai-hyprland" @@ -10,8 +11,6 @@ "k3s-prod-1-master-1" ]; in - lib.genAttrs - hosts - ( - name: outputs.nixosConfigurations.${name}.config.home-manager.users.${username}.home.homeDirectory - ) +lib.genAttrs hosts ( + name: outputs.nixosConfigurations.${name}.config.home-manager.users.${username}.home.homeDirectory +) diff --git a/outputs/x86_64-linux/tests/hostname/expected.nix b/outputs/x86_64-linux/tests/hostname/expected.nix index 28300f28..59d9a213 100644 --- a/outputs/x86_64-linux/tests/hostname/expected.nix +++ b/outputs/x86_64-linux/tests/hostname/expected.nix @@ -1,7 +1,8 @@ { lib, outputs, -}: let +}: +let specialExpected = { "ai-hyprland" = "ai"; }; @@ -11,4 +12,5 @@ otherHostsNames = builtins.attrNames otherHosts; # other hosts's hostName is the same as the nixosConfigurations name otherExpected = lib.genAttrs otherHostsNames (name: name); -in (specialExpected // otherExpected) +in +(specialExpected // otherExpected) diff --git a/outputs/x86_64-linux/tests/hostname/expr.nix b/outputs/x86_64-linux/tests/hostname/expr.nix index 6f6c291a..db73a48c 100644 --- a/outputs/x86_64-linux/tests/hostname/expr.nix +++ b/outputs/x86_64-linux/tests/hostname/expr.nix @@ -2,8 +2,6 @@ lib, outputs, }: -lib.genAttrs -(builtins.attrNames outputs.nixosConfigurations) -( +lib.genAttrs (builtins.attrNames outputs.nixosConfigurations) ( name: outputs.nixosConfigurations.${name}.config.networking.hostName ) diff --git a/outputs/x86_64-linux/tests/kernel/expected.nix b/outputs/x86_64-linux/tests/kernel/expected.nix index 34aca296..93bbb39a 100644 --- a/outputs/x86_64-linux/tests/kernel/expected.nix +++ b/outputs/x86_64-linux/tests/kernel/expected.nix @@ -1,8 +1,9 @@ { lib, outputs, -}: let +}: +let hostsNames = builtins.attrNames outputs.nixosConfigurations; expected = lib.genAttrs hostsNames (_: "x86_64-linux"); in - expected +expected diff --git a/outputs/x86_64-linux/tests/kernel/expr.nix b/outputs/x86_64-linux/tests/kernel/expr.nix index 478781b0..a3821f04 100644 --- a/outputs/x86_64-linux/tests/kernel/expr.nix +++ b/outputs/x86_64-linux/tests/kernel/expr.nix @@ -2,8 +2,6 @@ lib, outputs, }: -lib.genAttrs -(builtins.attrNames outputs.nixosConfigurations) -( +lib.genAttrs (builtins.attrNames outputs.nixosConfigurations) ( name: outputs.nixosConfigurations.${name}.config.boot.kernelPackages.kernel.system ) diff --git a/overlays/default.nix b/overlays/default.nix index 29671857..24bbaff0 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -1,14 +1,14 @@ args: # execute and import all overlay files in the current directory with the given args -builtins.map -(f: (import (./. + "/${f}") args)) # execute and import the overlay file +builtins.map (f: (import (./. + "/${f}") args)) # execute and import the overlay file -(builtins.filter # find all overlay files in the current directory - ( - f: - f - != "default.nix" # ignore default.nix - && f != "README.md" # ignore README.md + builtins.filter # find all overlay files in the current directory + + ( + f: + f != "default.nix" # ignore default.nix + && f != "README.md" # ignore README.md + ) + (builtins.attrNames (builtins.readDir ./.)) ) - (builtins.attrNames (builtins.readDir ./.))) diff --git a/overlays/fcitx5/default.nix b/overlays/fcitx5/default.nix index be3fef4d..60fe76ea 100644 --- a/overlays/fcitx5/default.nix +++ b/overlays/fcitx5/default.nix @@ -1,10 +1,11 @@ # 为了不使用默认的 rime-data,改用我自定义的小鹤音形数据,这里需要 override # 参考 https://github.com/NixOS/nixpkgs/blob/e4246ae1e7f78b7087dce9c9da10d28d3725025f/pkgs/tools/inputmethods/fcitx5/fcitx5-rime.nix -_: (_: super: { +_: +(_: super: { # 小鹤音形配置,配置来自 flypy.com 官方网盘的鼠须管配置压缩包「小鹤音形“鼠须管”for macOS.zip」 # 我仅修改了 default.yaml 文件,将其中的半角括号改为了直角括号「 与 」。 rime-data = ./rime-data-flypy; - fcitx5-rime = super.fcitx5-rime.override {rimeDataPkgs = [./rime-data-flypy];}; + fcitx5-rime = super.fcitx5-rime.override { rimeDataPkgs = [ ./rime-data-flypy ]; }; # used by macOS Squirrel flypy-squirrel = ./rime-data-flypy; diff --git a/secrets/darwin.nix b/secrets/darwin.nix index d650d447..8bfe964a 100644 --- a/secrets/darwin.nix +++ b/secrets/darwin.nix @@ -5,7 +5,8 @@ mysecrets, myvars, ... -}: { +}: +{ imports = [ agenix.darwinModules.default ]; @@ -26,71 +27,67 @@ "/etc/ssh/ssh_host_ed25519_key" # macOS, using the host key for decryption ]; - age.secrets = let - noaccess = { - mode = "0000"; - owner = "root"; - }; - high_security = { - mode = "0500"; - owner = "root"; - }; - user_readable = { - mode = "0500"; - owner = myvars.username; - }; - in { - # --------------------------------------------- - # no one can read/write this file, even root. - # --------------------------------------------- + age.secrets = + let + noaccess = { + mode = "0000"; + owner = "root"; + }; + high_security = { + mode = "0500"; + owner = "root"; + }; + user_readable = { + mode = "0500"; + owner = myvars.username; + }; + in + { + # --------------------------------------------- + # no one can read/write this file, even root. + # --------------------------------------------- - # .age means the decrypted file is still encrypted by age(via a passphrase) - "ryan4yin-gpg-subkeys.priv.age" = - { + # .age means the decrypted file is still encrypted by age(via a passphrase) + "ryan4yin-gpg-subkeys.priv.age" = { file = "${mysecrets}/ryan4yin-gpg-subkeys-2024-01-27.priv.age.age"; } // noaccess; - # --------------------------------------------- - # only root can read this file. - # --------------------------------------------- + # --------------------------------------------- + # only root can read this file. + # --------------------------------------------- - "wg-business.conf" = - { + "wg-business.conf" = { file = "${mysecrets}/wg-business.conf.age"; } // high_security; - "rclone.conf" = - { + "rclone.conf" = { file = "${mysecrets}/rclone.conf.age"; } // high_security; - "nix-access-tokens" = - { + "nix-access-tokens" = { file = "${mysecrets}/nix-access-tokens.age"; } # access-token needs to be readable by the user running the `nix` command // user_readable; - # --------------------------------------------- - # user can read this file. - # --------------------------------------------- + # --------------------------------------------- + # user can read this file. + # --------------------------------------------- - "ssh-key-romantic" = - { + "ssh-key-romantic" = { file = "${mysecrets}/ssh-key-romantic.age"; } // user_readable; - # alias-for-work - "alias-for-work.nushell" = - { + # alias-for-work + "alias-for-work.nushell" = { file = "${mysecrets}/alias-for-work.nushell.age"; } // user_readable; - }; + }; # place secrets in /etc/ # NOTE: this will fail for the first time. cause it's running before "activate-agenix" diff --git a/secrets/nixos.nix b/secrets/nixos.nix index 768e6a48..4d07fcc5 100644 --- a/secrets/nixos.nix +++ b/secrets/nixos.nix @@ -7,7 +7,8 @@ myvars, ... }: -with lib; let +with lib; +let cfg = config.modules.secrets; enabledServerSecrets = @@ -30,7 +31,8 @@ with lib; let mode = "0500"; owner = myvars.username; }; -in { +in +{ imports = [ agenix.nixosModules.default ]; @@ -56,24 +58,24 @@ in { # if you changed this key, you need to regenerate all encrypt files from the decrypt contents! age.identityPaths = - if cfg.preservation.enable - then [ - # To decrypt secrets on boot, this key should exists when the system is booting, - # so we should use the real key file path(prefixed by `/persistent/`) here, instead of the path mounted by preservation. - "/persistent/etc/ssh/ssh_host_ed25519_key" # Linux - ] - else [ - "/etc/ssh/ssh_host_ed25519_key" - ]; + if cfg.preservation.enable then + [ + # To decrypt secrets on boot, this key should exists when the system is booting, + # so we should use the real key file path(prefixed by `/persistent/`) here, instead of the path mounted by preservation. + "/persistent/etc/ssh/ssh_host_ed25519_key" # Linux + ] + else + [ + "/etc/ssh/ssh_host_ed25519_key" + ]; # secrets that are used by all nixos hosts age.secrets = { - "nix-access-tokens" = - { - file = "${mysecrets}/nix-access-tokens.age"; - } - # access-token needs to be readable by the user running the `nix` command - // user_readable; + "nix-access-tokens" = { + file = "${mysecrets}/nix-access-tokens.age"; + } + # access-token needs to be readable by the user running the `nix` command + // user_readable; }; assertions = [ @@ -92,52 +94,46 @@ in { # --------------------------------------------- # .age means the decrypted file is still encrypted by age(via a passphrase) - "ryan4yin-gpg-subkeys.priv.age" = - { - file = "${mysecrets}/ryan4yin-gpg-subkeys-2024-01-27.priv.age.age"; - } - // noaccess; + "ryan4yin-gpg-subkeys.priv.age" = { + file = "${mysecrets}/ryan4yin-gpg-subkeys-2024-01-27.priv.age.age"; + } + // noaccess; # --------------------------------------------- # only root can read this file. # --------------------------------------------- - "wg-business.conf" = - { - file = "${mysecrets}/wg-business.conf.age"; - } - // high_security; + "wg-business.conf" = { + file = "${mysecrets}/wg-business.conf.age"; + } + // high_security; # Used only by NixOS Modules # smb-credentials is referenced in /etc/fstab, by ../hosts/ai/cifs-mount.nix - "smb-credentials" = - { - file = "${mysecrets}/smb-credentials.age"; - } - // high_security; + "smb-credentials" = { + file = "${mysecrets}/smb-credentials.age"; + } + // high_security; - "rclone.conf" = - { - file = "${mysecrets}/rclone.conf.age"; - } - // high_security; + "rclone.conf" = { + file = "${mysecrets}/rclone.conf.age"; + } + // high_security; # --------------------------------------------- # user can read this file. # --------------------------------------------- - "ssh-key-romantic" = - { - file = "${mysecrets}/ssh-key-romantic.age"; - } - // user_readable; + "ssh-key-romantic" = { + file = "${mysecrets}/ssh-key-romantic.age"; + } + // user_readable; # alias-for-work - "alias-for-work.nushell" = - { - file = "${mysecrets}/alias-for-work.nushell.age"; - } - // user_readable; + "alias-for-work.nushell" = { + file = "${mysecrets}/alias-for-work.nushell.age"; + } + // user_readable; }; # place secrets in /etc/ @@ -173,21 +169,19 @@ in { (mkIf cfg.server.network.enable { age.secrets = { - "dae-subscription.dae" = - { - file = "${mysecrets}/server/dae-subscription.dae.age"; - } - // high_security; + "dae-subscription.dae" = { + file = "${mysecrets}/server/dae-subscription.dae.age"; + } + // high_security; }; }) (mkIf cfg.server.application.enable { age.secrets = { - "transmission-credentials.json" = - { - file = "${mysecrets}/server/transmission-credentials.json.age"; - } - // high_security; + "transmission-credentials.json" = { + file = "${mysecrets}/server/transmission-credentials.json.age"; + } + // high_security; "sftpgo.env" = { file = "${mysecrets}/server/sftpgo.env.age"; @@ -210,27 +204,24 @@ in { owner = "grafana"; }; - "alertmanager.env" = - { - file = "${mysecrets}/server/alertmanager.env.age"; - } - // high_security; + "alertmanager.env" = { + file = "${mysecrets}/server/alertmanager.env.age"; + } + // high_security; }; }) (mkIf cfg.server.kubernetes.enable { age.secrets = { - "k3s-prod-1-token" = - { - file = "${mysecrets}/server/k3s-prod-1-token.age"; - } - // high_security; + "k3s-prod-1-token" = { + file = "${mysecrets}/server/k3s-prod-1-token.age"; + } + // high_security; - "k3s-test-1-token" = - { - file = "${mysecrets}/server/k3s-test-1-token.age"; - } - // high_security; + "k3s-test-1-token" = { + file = "${mysecrets}/server/k3s-test-1-token.age"; + } + // high_security; }; }) diff --git a/templates/bevy/flake.nix b/templates/bevy/flake.nix index 92f25ee0..4c8946c7 100644 --- a/templates/bevy/flake.nix +++ b/templates/bevy/flake.nix @@ -10,65 +10,73 @@ }; }; - outputs = { - nixpkgs, - fenix, - ... - }: let - systems = [ - "x86_64-linux" - "aarch64-linux" - "aarch64-darwin" - ]; - # Helper function to generate a set of attributes for each system - forAllSystems = func: (nixpkgs.lib.genAttrs systems func); - in { - devShells = forAllSystems (system: let - pkgs = import nixpkgs { - inherit system; - overlays = [fenix.overlays.default]; - }; - lib = pkgs.lib; - in { - default = pkgs.mkShell rec { - nativeBuildInputs = with pkgs; [ - pkg-config - clang - # lld is much faster at linking than the default Rust linker - lld - ]; - buildInputs = with pkgs; - [ - # rust toolchain - (pkgs.fenix.complete.withComponents [ - "cargo" - "clippy" - "rust-src" - "rustc" - "rustfmt" - ]) - # use rust-analyzer-nightly for better type inference - rust-analyzer-nightly - cargo-watch - ] - # https://github.com/bevyengine/bevy/blob/v0.14.2/docs/linux_dependencies.md#nix - ++ (lib.optionals pkgs.stdenv.isLinux [ - udev - alsa-lib - vulkan-loader - xorg.libX11 - xorg.libXcursor - xorg.libXi - xorg.libXrandr # To use the x11 feature - libxkbcommon - wayland # To use the wayland feature - ]) - ++ (pkgs.lib.optionals pkgs.stdenv.isDarwin [ - # https://discourse.nixos.org/t/the-darwin-sdks-have-been-updated/55295/1 - apple-sdk_15 - ]); - LD_LIBRARY_PATH = lib.makeLibraryPath buildInputs; - }; - }); - }; + outputs = + { + nixpkgs, + fenix, + ... + }: + let + systems = [ + "x86_64-linux" + "aarch64-linux" + "aarch64-darwin" + ]; + # Helper function to generate a set of attributes for each system + forAllSystems = func: (nixpkgs.lib.genAttrs systems func); + in + { + devShells = forAllSystems ( + system: + let + pkgs = import nixpkgs { + inherit system; + overlays = [ fenix.overlays.default ]; + }; + lib = pkgs.lib; + in + { + default = pkgs.mkShell rec { + nativeBuildInputs = with pkgs; [ + pkg-config + clang + # lld is much faster at linking than the default Rust linker + lld + ]; + buildInputs = + with pkgs; + [ + # rust toolchain + (pkgs.fenix.complete.withComponents [ + "cargo" + "clippy" + "rust-src" + "rustc" + "rustfmt" + ]) + # use rust-analyzer-nightly for better type inference + rust-analyzer-nightly + cargo-watch + ] + # https://github.com/bevyengine/bevy/blob/v0.14.2/docs/linux_dependencies.md#nix + ++ (lib.optionals pkgs.stdenv.isLinux [ + udev + alsa-lib + vulkan-loader + xorg.libX11 + xorg.libXcursor + xorg.libXi + xorg.libXrandr # To use the x11 feature + libxkbcommon + wayland # To use the wayland feature + ]) + ++ (pkgs.lib.optionals pkgs.stdenv.isDarwin [ + # https://discourse.nixos.org/t/the-darwin-sdks-have-been-updated/55295/1 + apple-sdk_15 + ]); + LD_LIBRARY_PATH = lib.makeLibraryPath buildInputs; + }; + } + ); + }; } diff --git a/vars/default.nix b/vars/default.nix index 03faee7b..1982ed07 100644 --- a/vars/default.nix +++ b/vars/default.nix @@ -1,8 +1,9 @@ -{lib}: { +{ lib }: +{ username = "ryan"; userfullname = "Ryan Yin"; useremail = "xiaoyin_c@qq.com"; - networking = import ./networking.nix {inherit lib;}; + networking = import ./networking.nix { inherit lib; }; # generated by `mkpasswd -m scrypt --rounds=11` # https://man.archlinux.org/man/crypt.5.en initialHashedPassword = "$7$CU..../....KDvTIXqLTXpmCaoUy2yC9.$145eM358b7Q0sRXgEBvxctd5EAuEEdao57LmZjc05D."; diff --git a/vars/networking.nix b/vars/networking.nix index e7ebc71e..f737a204 100644 --- a/vars/networking.nix +++ b/vars/networking.nix @@ -1,4 +1,5 @@ -{lib}: rec { +{ lib }: +rec { mainGateway = "192.168.5.1"; # main router mainGateway6 = "fe80::5"; # main router's link-local address # use suzi as the default gateway @@ -151,22 +152,17 @@ }; }; - hostsInterface = - lib.attrsets.mapAttrs - ( - key: val: { - interfaces."${val.iface}" = { - useDHCP = false; - ipv4.addresses = [ - { - inherit prefixLength; - address = val.ipv4; - } - ]; - }; - } - ) - hostsAddr; + hostsInterface = lib.attrsets.mapAttrs (key: val: { + interfaces."${val.iface}" = { + useDHCP = false; + ipv4.addresses = [ + { + inherit prefixLength; + address = val.ipv4; + } + ]; + }; + }) hostsAddr; ssh = { # define the host alias for remote builders @@ -178,16 +174,17 @@ # IdentityFile — the location of your SSH key authentication file for the account. # Format in details: # https://www.ssh.com/academy/ssh/config - extraConfig = (lib.attrsets.foldlAttrs - (acc: host: val: + extraConfig = ( + lib.attrsets.foldlAttrs ( + acc: host: val: acc + '' Host ${host} HostName ${val.ipv4} Port 22 - '') - "" - hostsAddr); + '' + ) "" hostsAddr + ); # this config will be written to /etc/ssh/ssh_known_hosts knownHosts = @@ -198,21 +195,22 @@ # { x = "a"; y = "b"; } # => { x = "bar-a"; y = "bar-b"; } lib.attrsets.mapAttrs - (host: value: { - hostNames = [host] ++ (lib.optional (hostsAddr ? host) hostsAddr.${host}.ipv4); - publicKey = value.publicKey; - }) - { - # Define the root user's host key for remote builders, so that nix can verify all the remote builders + (host: value: { + hostNames = [ host ] ++ (lib.optional (hostsAddr ? host) hostsAddr.${host}.ipv4); + publicKey = value.publicKey; + }) + { + # Define the root user's host key for remote builders, so that nix can verify all the remote builders - aquamarine.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEOXFhFu9Duzp6ZBE288gDZ6VLrNaeWL4kDrFUh9Neic root@aquamarine"; - # ruby.publicKey = ""; - # kana.publicKey = ""; + aquamarine.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEOXFhFu9Duzp6ZBE288gDZ6VLrNaeWL4kDrFUh9Neic root@aquamarine"; + # ruby.publicKey = ""; + # kana.publicKey = ""; - # ==================================== Other SSH Service's Public Key ======================================= + # ==================================== Other SSH Service's Public Key ======================================= - # https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints - "github.com".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl"; - }; + # https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints + "github.com".publicKey = + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl"; + }; }; }