From a7ec834c6a173d1cac40ac938a1ae207f27737e2 Mon Sep 17 00:00:00 2001 From: Daniel Flanagan Date: Thu, 12 Sep 2024 11:58:24 -0500 Subject: [PATCH] Commenting --- disko/default.nix | 34 +- modules/home-manager/default.nix | 406 +++++---- modules/home-manager/hyprland.nix | 38 +- modules/home-manager/sway.nix | 42 +- modules/home-manager/waybar.nix | 38 +- nixos/beefcake.nix | 1274 +++++++++++++++-------------- nixos/bigtower.nix | 154 ++-- nixos/dragon.nix | 111 +-- nixos/foxtrot.nix | 161 ++-- nixos/htpifour.nix | 78 +- nixos/router.nix | 572 ++++++------- nixos/thinker.nix | 10 +- templates/elixir/flake.nix | 26 +- templates/nix-flake/flake.nix | 16 +- templates/rust/flake.nix | 28 +- 15 files changed, 1571 insertions(+), 1417 deletions(-) diff --git a/disko/default.nix b/disko/default.nix index 1e6c617..2a8b32d 100644 --- a/disko/default.nix +++ b/disko/default.nix @@ -6,10 +6,12 @@ in { swapSize, ... }: { - # this is my standard partitioning scheme for my machines which probably want hibernation capabilities - # a UEFI-compatible boot partition - # it includes an LUKS-encrypted btrfs volume - # a swap partition big enough to dump all the machine's RAM into + /* + this is my standard partitioning scheme for my machines which probably want hibernation capabilities + a UEFI-compatible boot partition + it includes an LUKS-encrypted btrfs volume + a swap partition big enough to dump all the machine's RAM into + */ disko.devices = { disk = { @@ -195,9 +197,11 @@ in { beefcake = let zpools = { zroot = { - # TODO: at the time of writing, disko does not support draid6 - # so I'm building/managing the array manually for the time being - # the root pool is just a single disk right now + /* + TODO: at the time of writing, disko does not support draid6 + so I'm building/managing the array manually for the time being + the root pool is just a single disk right now + */ name = "zroot"; config = { type = "zpool"; @@ -242,9 +246,11 @@ in { keylocation = "file:///tmp/secret.key"; }; # use this to read the key during boot - # postCreateHook = '' - # zfs set keylocation="prompt" "zroot/$name"; - # ''; + /* + postCreateHook = '' + zfs set keylocation="prompt" "zroot/$name"; + ''; + */ }; "encrypted/test" = { type = "zfs_fs"; @@ -254,9 +260,11 @@ in { }; }; zstorage = { - # PARITY_COUNT=3 NUM_DRIVES=8 HOT_SPARES=2 sudo -E zpool create -f -O mountpoint=none -O compression=on -O xattr=sa -O acltype=posixacl -o ashift=12 -O atime=off -O recordsize=64K zstorage draid{$PARITY_COUNT}:{$NUM_DRIVES}c:{$HOT_SPARES}s /dev/disk/by-id/scsi-35000039548cb637c /dev/disk/by-id/scsi-35000039548cb7c8c /dev/disk/by-id/scsi-35000039548cb85c8 /dev/disk/by-id/scsi-35000039548d9b504 /dev/disk/by-id/scsi-35000039548da2b08 /dev/disk/by-id/scsi-35000039548dad2fc /dev/disk/by-id/scsi-350000399384be921 /dev/disk/by-id/scsi-35000039548db096c - # sudo zfs create -o mountpoint=legacy zstorage/nix - # sudo zfs create -o canmount=on -o mountpoint=/storage zstorage/storage + /* + PARITY_COUNT=3 NUM_DRIVES=8 HOT_SPARES=2 sudo -E zpool create -f -O mountpoint=none -O compression=on -O xattr=sa -O acltype=posixacl -o ashift=12 -O atime=off -O recordsize=64K zstorage draid{$PARITY_COUNT}:{$NUM_DRIVES}c:{$HOT_SPARES}s /dev/disk/by-id/scsi-35000039548cb637c /dev/disk/by-id/scsi-35000039548cb7c8c /dev/disk/by-id/scsi-35000039548cb85c8 /dev/disk/by-id/scsi-35000039548d9b504 /dev/disk/by-id/scsi-35000039548da2b08 /dev/disk/by-id/scsi-35000039548dad2fc /dev/disk/by-id/scsi-350000399384be921 /dev/disk/by-id/scsi-35000039548db096c + sudo zfs create -o mountpoint=legacy zstorage/nix + sudo zfs create -o canmount=on -o mountpoint=/storage zstorage/storage + */ name = "zstorage"; config = {}; }; diff --git a/modules/home-manager/default.nix b/modules/home-manager/default.nix index 8da5566..f2d9f81 100644 --- a/modules/home-manager/default.nix +++ b/modules/home-manager/default.nix @@ -16,16 +16,18 @@ config = { theme = "ansi"; }; - # themes = { - # "Catppuccin-mocha" = builtins.readFile (pkgs.fetchFromGitHub - # { - # owner = "catppuccin"; - # repo = "bat"; - # rev = "477622171ec0529505b0ca3cada68fc9433648c6"; - # sha256 = "6WVKQErGdaqb++oaXnY3i6/GuH2FhTgK0v4TN4Y0Wbw="; - # } - # + "/Catppuccin-mocha.tmTheme"); - # }; + /* + themes = { + "Catppuccin-mocha" = builtins.readFile (pkgs.fetchFromGitHub + { + owner = "catppuccin"; + repo = "bat"; + rev = "477622171ec0529505b0ca3cada68fc9433648c6"; + sha256 = "6WVKQErGdaqb++oaXnY3i6/GuH2FhTgK0v4TN4Y0Wbw="; + } + + "/Catppuccin-mocha.tmTheme"); + }; + */ }; home.shellAliases = { @@ -38,8 +40,10 @@ emacs = {pkgs, ...}: { programs.emacs = { enable = true; - # extraConfig = '' - # ''; + /* + extraConfig = '' + ''; + */ extraPackages = epkgs: (with epkgs; [ magit ]); @@ -61,9 +65,11 @@ ''; }; - # home.sessionVariables = { - # RUSTDOCFLAGS = "--default-theme=ayu"; - # }; + /* + home.sessionVariables = { + RUSTDOCFLAGS = "--default-theme=ayu"; + }; + */ }; common = { @@ -79,10 +85,13 @@ homeManagerModules.helix git zellij - # broot - # nnn htop - # tmux + + /* + broot + nnn + tmux + */ ]; programs.home-manager.enable = true; @@ -158,10 +167,12 @@ programs.fzf = { # using good ol' fzf until skim sucks less out of the box I guess enable = true; - # enableFishIntegration = true; - # defaultCommand = "fd --type f"; - # defaultOptions = ["--height 40%"]; - # fileWidgetOptions = ["--preview 'head {}'"]; + /* + enableFishIntegration = true; + defaultCommand = "fd --type f"; + defaultOptions = ["--height 40%"]; + fileWidgetOptions = ["--preview 'head {}'"]; + */ }; # TODO: regular cron or something? @@ -184,8 +195,10 @@ firefox = {pkgs, ...}: { programs.firefox = { - # TODO: this should be able to work on macos, no? - # TODO: enable dark theme by default + /* + TODO: this should be able to work on macos, no? + TODO: enable color scheme/theme by default + */ enable = true; # TODO: uses nixpkgs.pass so pass otp doesn't work @@ -196,9 +209,11 @@ ]; }; - # extensions = with pkgs.nur.repos.rycee.firefox-addons; [ - # ublock-origin - # ]; # TODO: would be nice to have _all_ my firefox stuff managed here instead of Firefox Sync maybe? + /* + extensions = with pkgs.nur.repos.rycee.firefox-addons; [ + ublock-origin + ]; # TODO: would be nice to have _all_ my firefox stuff managed here instead of Firefox Sync maybe? + */ profiles = { daniel = { @@ -221,8 +236,10 @@ } ''; - # userContent = '' - # ''; + /* + userContent = '' + ''; + */ }; }; }; @@ -360,10 +377,12 @@ enable = true; }; - # signing = { - # signByDefault = false; - # key = ~/.ssh/personal-ed25519; - # }; + /* + signing = { + signByDefault = false; + key = ~/.ssh/personal-ed25519; + }; + */ aliases = { a = "add -A"; @@ -487,11 +506,13 @@ ''; }; - # NOTE: Currently, helix crashes when editing markdown in certain scenarios, - # presumably due to an old markdown treesitter grammar - # https://github.com/helix-editor/helix/issues/9011 - # https://github.com/helix-editor/helix/issues/8821 - # https://github.com/tree-sitter-grammars/tree-sitter-markdown/issues/114 + /* + NOTE: Currently, helix crashes when editing markdown in certain scenarios, + presumably due to an old markdown treesitter grammar + https://github.com/helix-editor/helix/issues/9011 + https://github.com/helix-editor/helix/issues/8821 + https://github.com/tree-sitter-grammars/tree-sitter-markdown/issues/114 + */ programs.helix = { enable = true; @@ -503,41 +524,45 @@ args = ["start"]; }; - # next-ls = { - # command = "next-ls"; - # args = ["--stdout"]; - # }; + /* + next-ls = { + command = "next-ls"; + args = ["--stdout"]; + }; - # deno = { - # command = "deno"; - # args = ["lsp"]; - # config = { - # enable = true; - # lint = true; - # unstable = true; - # }; - # }; + deno = { + command = "deno"; + args = ["lsp"]; + config = { + enable = true; + lint = true; + unstable = true; + }; + }; + */ }; language = [ - # { - # name = "heex"; - # scope = "source.heex"; - # injection-regex = "heex"; - # language-servers = ["lexical"]; # "lexical" "next-ls" ? - # auto-format = true; - # file-types = ["heex"]; - # roots = ["mix.exs" "mix.lock"]; - # indent = { - # tab-width = 2; - # unit = " "; - # }; - # } - # { - # name = "elixir"; - # language-servers = ["lexical"]; # "lexical" "next-ls" ? - # auto-format = true; - # } + /* + { + name = "heex"; + scope = "source.heex"; + injection-regex = "heex"; + language-servers = ["lexical"]; # "lexical" "next-ls" ? + auto-format = true; + file-types = ["heex"]; + roots = ["mix.exs" "mix.lock"]; + indent = { + tab-width = 2; + unit = " "; + }; + } + { + name = "elixir"; + language-servers = ["lexical"]; # "lexical" "next-ls" ? + auto-format = true; + } + */ { name = "rust"; @@ -596,65 +621,67 @@ auto-format = true; } - # { - # name = "javascript"; - # language-id = "javascript"; - # grammar = "javascript"; - # scope = "source.js"; - # injection-regex = "^(js|javascript)$"; - # file-types = ["js" "mjs"]; - # shebangs = ["deno"]; - # language-servers = ["deno"]; - # roots = ["deno.jsonc" "deno.json"]; - # formatter = { - # command = "deno"; - # args = ["fmt"]; - # }; - # auto-format = true; - # comment-token = "//"; - # indent = { - # tab-width = 2; - # unit = "\t"; - # }; - # } + /* + { + name = "javascript"; + language-id = "javascript"; + grammar = "javascript"; + scope = "source.js"; + injection-regex = "^(js|javascript)$"; + file-types = ["js" "mjs"]; + shebangs = ["deno"]; + language-servers = ["deno"]; + roots = ["deno.jsonc" "deno.json"]; + formatter = { + command = "deno"; + args = ["fmt"]; + }; + auto-format = true; + comment-token = "//"; + indent = { + tab-width = 2; + unit = "\t"; + }; + } - # { - # name = "typescript"; - # language-id = "typescript"; - # grammar = "typescript"; - # scope = "source.ts"; - # injection-regex = "^(ts|typescript)$"; - # file-types = ["ts"]; - # shebangs = ["deno"]; - # language-servers = ["deno"]; - # roots = ["deno.jsonc" "deno.json"]; - # formatter = { - # command = "deno"; - # args = ["fmt"]; - # }; - # auto-format = true; - # comment-token = "//"; - # indent = { - # tab-width = 2; - # unit = "\t"; - # }; - # } + { + name = "typescript"; + language-id = "typescript"; + grammar = "typescript"; + scope = "source.ts"; + injection-regex = "^(ts|typescript)$"; + file-types = ["ts"]; + shebangs = ["deno"]; + language-servers = ["deno"]; + roots = ["deno.jsonc" "deno.json"]; + formatter = { + command = "deno"; + args = ["fmt"]; + }; + auto-format = true; + comment-token = "//"; + indent = { + tab-width = 2; + unit = "\t"; + }; + } - # { - # name = "jsonc"; - # language-id = "json"; - # grammar = "jsonc"; - # scope = "source.jsonc"; - # injection-regex = "^(jsonc)$"; - # roots = ["deno.jsonc" "deno.json"]; - # file-types = ["jsonc"]; - # language-servers = ["deno"]; - # indent = { - # tab-width = 2; - # unit = " "; - # }; - # auto-format = true; - # } + { + name = "jsonc"; + language-id = "json"; + grammar = "jsonc"; + scope = "source.jsonc"; + injection-regex = "^(jsonc)$"; + roots = ["deno.jsonc" "deno.json"]; + file-types = ["jsonc"]; + language-servers = ["deno"]; + indent = { + tab-width = 2; + unit = " "; + }; + auto-format = true; + } + */ ]; }; @@ -664,14 +691,17 @@ editor = { soft-wrap.enable = true; auto-pairs = false; - # auto-save = false; - # completion-trigger-len = 1; - # color-modes = false; bufferline = "multiple"; - # scrolloff = 8; rulers = [81 121]; cursorline = true; + /* + auto-save = false; + completion-trigger-len = 1; + color-modes = false; + scrolloff = 8; + */ + inline-diagnostics = { cursor-line = "hint"; other-lines = "error"; @@ -703,18 +733,21 @@ left = [ "file-name" "mode" - # "selections" - # "primary-selection-length" - # "position" - # "position-percentage" + /* + "selections" + "primary-selection-length" + "position" + "position-percentage" + */ "spinner" "diagnostics" "workspace-diagnostics" ]; + /* + center = ["file-name"]; + right = ["version-control" "total-line-numbers" "file-encoding"]; + */ }; - # center = ["file-name"]; - # right = ["version-control" "total-line-numbers" "file-encoding"]; - # }; }; keys = { insert = { @@ -984,8 +1017,10 @@ fg = fgdim; }; - # "ui.cursorline.primary" = { bg = "default" } - # "ui.cursorline.secondary" = { bg = "default" } + /* + "ui.cursorline.primary" = { bg = "default" } + "ui.cursorline.secondary" = { bg = "default" } + */ "ui.cursorcolumn.primary" = {bg = bg3;}; "ui.cursorcolumn.secondary" = {bg = bg3;}; @@ -1006,15 +1041,17 @@ programs.htop = { enable = true; settings = { - # hide_kernel_threads = 1; - # hide_userland_threads = 1; - # show_program_path = 0; - # header_margin = 0; - # show_cpu_frequency = 1; - # highlight_base_name = 1; - # tree_view = 0; - # htop_version = "3.2.2"; - # config_reader_min_version = 3; + /* + hide_kernel_threads = 1; + hide_userland_threads = 1; + show_program_path = 0; + header_margin = 0; + show_cpu_frequency = 1; + highlight_base_name = 1; + tree_view = 0; + htop_version = "3.2.2"; + config_reader_min_version = 3; + */ fields = "0 48 17 18 38 39 40 2 46 47 49 1"; hide_kernel_threads = 1; hide_userland_threads = 1; @@ -1057,22 +1094,26 @@ tree_sort_direction = 1; tree_view_always_by_pid = 0; all_branches_collapsed = 0; - # screen:Main=PID USER PRIORITY NICE M_VIRT M_RESIDENT M_SHARE STATE PERCENT_CPU PERCENT_MEM TIME Command - # .sort_key=PERCENT_MEM - # .tree_sort_key=PID - # .tree_view=0 - # .tree_view_always_by_pid=0 - # .sort_direction=-1 - # .tree_sort_direction=1 - # .all_branches_collapsed=0 - # screen:I/O=PID USER IO_PRIORITY IO_RATE IO_READ_RATE IO_WRITE_RATE Command - # .sort_key=IO_RATE - # .tree_sort_key=PID - # .tree_view=0 - # .tree_view_always_by_pid=0 - # .sort_direction=-1 - # .tree_sort_direction=1 - # .all_branches_collapsed=0 + + /* + screen:Main=PID USER PRIORITY NICE M_VIRT M_RESIDENT M_SHARE STATE PERCENT_CPU PERCENT_MEM TIME Command + .sort_key=PERCENT_MEM + .tree_sort_key=PID + .tree_view=0 + .tree_view_always_by_pid=0 + .sort_direction=-1 + .tree_sort_direction=1 + .all_branches_collapsed=0 + + screen:I/O=PID USER IO_PRIORITY IO_RATE IO_READ_RATE IO_WRITE_RATE Command + .sort_key=IO_RATE + .tree_sort_key=PID + .tree_view=0 + .tree_view_always_by_pid=0 + .sort_direction=-1 + .tree_sort_direction=1 + .all_branches_collapsed=0 + */ }; }; }; @@ -1247,11 +1288,14 @@ ./sway.nix ]; }; - # sway-laptop = {}; - # swaylock = {}; - # tmux = {}; - # wallpaper-manager = {}; - # waybar = {}; + + /* + sway-laptop = {}; + swaylock = {}; + tmux = {}; + wallpaper-manager = {}; + waybar = {}; + */ wezterm = { pkgs, @@ -1315,15 +1359,17 @@ compose_cursor = orange; - # copy_mode_active_highlight_bg = { Color = '#000000' }, - # copy_mode_active_highlight_fg = { AnsiColor = 'Black' }, - # copy_mode_inactive_highlight_bg = { Color = '#52ad70' }, - # copy_mode_inactive_highlight_fg = { AnsiColor = 'White' }, + /* + copy_mode_active_highlight_bg = { Color = '#000000' }, + copy_mode_active_highlight_fg = { AnsiColor = 'Black' }, + copy_mode_inactive_highlight_bg = { Color = '#52ad70' }, + copy_mode_inactive_highlight_fg = { AnsiColor = 'White' }, - # quick_select_label_bg = { Color = 'peru' }, - # quick_select_label_fg = { Color = '#ffffff' }, - # quick_select_match_bg = { AnsiColor = 'Navy' }, - # quick_select_match_fg = { Color = '#ffffff' }, + quick_select_label_bg = { Color = 'peru' }, + quick_select_label_fg = { Color = '#ffffff' }, + quick_select_match_bg = { AnsiColor = 'Navy' }, + quick_select_match_fg = { Color = '#ffffff' }, + */ }; }; }; @@ -1822,8 +1868,10 @@ # TODO: port config plugins = { - # tab-bar = {path = "tab-bar";}; - # compact-bar = {path = "compact-bar";}; + /* + tab-bar = {path = "tab-bar";}; + compact-bar = {path = "compact-bar";}; + */ }; ui = { diff --git a/modules/home-manager/hyprland.nix b/modules/home-manager/hyprland.nix index 3b9ba88..f951e67 100644 --- a/modules/home-manager/hyprland.nix +++ b/modules/home-manager/hyprland.nix @@ -88,9 +88,12 @@ input = { kb_layout = "us"; kb_options = "ctrl:nocaps"; - # kb_variant = - # kb_model = - # kb_rules = + + /* + kb_variant = + kb_model = + kb_rules = + */ follow_mouse = 2; @@ -131,10 +134,13 @@ decoration = { rounding = 3; - # blur = "no"; - # blur_size = 3 - # blur_passes = 1 - # blur_new_optimizations = on + + /* + blur = "no"; + blur_size = 3 + blur_passes = 1 + blur_new_optimizations = on + */ drop_shadow = "yes"; shadow_range = 4; @@ -147,8 +153,10 @@ "$mod" = "SUPER"; bind = [ # See https://wiki.hyprland.org/Configuring/Keywords/ for more - # "$mod, return, exec, wezterm" - # "$mod SHIFT, return, exec, wezterm" + /* + "$mod, return, exec, wezterm" + "$mod SHIFT, return, exec, wezterm" + */ "$mod, return, exec, wezterm" "$mod SHIFT, return, exec, kitty" "$mod, U, exec, firefox" @@ -264,13 +272,13 @@ workspace_swipe = on } - # Example per-device config - # See https://wiki.hyprland.org/Configuring/Keywords/#executing for more - # device:epic-mouse-v1 { - # sensitivity = -0.5 - # } + ## Example per-device config + ## See https://wiki.hyprland.org/Configuring/Keywords/#executing for more + ## device:epic-mouse-v1 { + ## sensitivity = -0.5 + ## } - # See https://wiki.hyprland.org/Configuring/Window-Rules/ for more + ## See https://wiki.hyprland.org/Configuring/Window-Rules/ for more windowrulev2 = idleinhibit,class:^.*([Ss]lippi).*$ windowrulev2 = float,class:^.*([Kk]itty|[Ff]irefox|[Ww]ezterm|[Dd]iscord|[Ss]potify|[Ss]lack).*$ windowrulev2 = opacity 1.0 0.9,floating:1 diff --git a/modules/home-manager/sway.nix b/modules/home-manager/sway.nix index d695e06..cd03949 100644 --- a/modules/home-manager/sway.nix +++ b/modules/home-manager/sway.nix @@ -291,34 +291,36 @@ "XF86AudioMute" = "exec swayosd-client --output-volume mute-toggle"; "XF86AudioMicMute" = "exec swayosd-client --input-volume mute-toggle"; "${mod}+shift+v" = "exec swayosd-client --input-volume mute-toggle"; - # "XF86AudioRaiseVolume" = "exec swayosd-client --output-volume 15"; - # "XF86AudioLowerVolume" = "exec swayosd-client --output-volume -15"; - # "XF86AudioRaiseVolume" = "exec swayosd-client --output-volume raise --max-volume 120"; - # "XF86AudioLowerVolume" = "exec swayosd-client --output-volume lower --max-volume 120"; - # "XF86AudioRaiseVolume" = "exec swayosd-client --output-volume +10 --device alsa_output.pci-0000_11_00.4.analog-stereo.monitor"; - # "XF86AudioLowerVolume" = "exec swayosd-client --output-volume -10 --device alsa_output.pci-0000_11_00.4.analog-stereo.monitor"; "XF86MonBrightnessUp" = "exec swayosd-client --brightness raise"; "XF86MonBrightnessDown" = "exec swayosd-client --brightness lower"; - # "XF86MonBrightnessUp" = " exec swayosd-client --brightness 10"; - # "XF86MonBrightnessDown" = "exec swayosd-client --brightness -10"; - - # "XF86AudioRaiseVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ +5%"; - # "XF86AudioLowerVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ -5%"; "control+XF86AudioRaiseVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ +1%"; "control+XF86AudioLowerVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ -1%"; - # "XF86AudioMute" = "exec pactl set-sink-mute @DEFAULT_SINK@ toggle"; "${mod}+F1" = "exec pactl set-sink-mute @DEFAULT_SINK@ toggle"; - # "XF86AudioMicMute" = "exec pactl set-source-mute @DEFAULT_SOURCE@ toggle"; - # "XF86MonBrightnessDown" = "exec brightnessctl set 10%-"; - # "XF86MonBrightnessUp" = "exec brightnessctl set +10%"; - # "shift+XF86MonBrightnessDown" = "exec brightnessctl set 1%"; - # "shift+XF86MonBrightnessUp" = "exec brightnessctl set 100%"; - # "control+XF86MonBrightnessDown" = "exec brightnessctl set 1%-"; - # "control+XF86MonBrightnessUp" = "exec brightnessctl set +1%"; "XF86AudioPlay" = "exec playerctl play-pause"; "XF86AudioNext" = "exec playerctl next"; "XF86AudioPrev" = "exec playerctl previous"; - # "${mod}+shift+v" = "exec pactl set-source-mute @DEFAULT_SOURCE@ toggle"; + + /* + "XF86MonBrightnessUp" = " exec swayosd-client --brightness 10"; + "XF86MonBrightnessDown" = "exec swayosd-client --brightness -10"; + "XF86AudioMute" = "exec pactl set-sink-mute @DEFAULT_SINK@ toggle"; + "XF86AudioRaiseVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ +5%"; + "XF86AudioLowerVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ -5%"; + "XF86AudioRaiseVolume" = "exec swayosd-client --output-volume 15"; + "XF86AudioLowerVolume" = "exec swayosd-client --output-volume -15"; + "XF86AudioRaiseVolume" = "exec swayosd-client --output-volume raise --max-volume 120"; + "XF86AudioLowerVolume" = "exec swayosd-client --output-volume lower --max-volume 120"; + "XF86AudioRaiseVolume" = "exec swayosd-client --output-volume +10 --device alsa_output.pci-0000_11_00.4.analog-stereo.monitor"; + "XF86AudioLowerVolume" = "exec swayosd-client --output-volume -10 --device alsa_output.pci-0000_11_00.4.analog-stereo.monitor"; + "XF86AudioMicMute" = "exec pactl set-source-mute @DEFAULT_SOURCE@ toggle"; + "XF86MonBrightnessDown" = "exec brightnessctl set 10%-"; + "XF86MonBrightnessUp" = "exec brightnessctl set +10%"; + "shift+XF86MonBrightnessDown" = "exec brightnessctl set 1%"; + "shift+XF86MonBrightnessUp" = "exec brightnessctl set 100%"; + "control+XF86MonBrightnessDown" = "exec brightnessctl set 1%-"; + "control+XF86MonBrightnessUp" = "exec brightnessctl set +1%"; + "${mod}+shift+v" = "exec pactl set-source-mute @DEFAULT_SOURCE@ toggle"; + */ "${mod}+control+shift+l" = "exec swaylock"; diff --git a/modules/home-manager/waybar.nix b/modules/home-manager/waybar.nix index 188c78e..d57e76c 100644 --- a/modules/home-manager/waybar.nix +++ b/modules/home-manager/waybar.nix @@ -13,12 +13,12 @@ "mpris" "idle_inhibitor" "bluetooth" - # "wireplumber", + "wireplumber" "pulseaudio" - # "network", + "network" "cpu" "memory" - # "temperature", + "temperature" "backlight" "battery" "tray" @@ -27,17 +27,17 @@ "format" = ""; "format-connected" = ""; "format-connected-battery" = ""; - # "format-device-preference" = [ "device1", "device2" ], # preference list deciding the displayed devic; + # "format-device-preference" = [ "device1", "device2" ]; # preference list deciding the displayed device "tooltip-format" = "{controller_alias}@{controller_address} ({num_connections} connected)"; "tooltip-format-connected" = "{controller_alias}@{controller_address} ({num_connections} connected)\n{device_enumerate}"; "tooltip-format-enumerate-connected" = "{device_alias}@{device_address}"; "tooltip-format-enumerate-connected-battery" = "{device_alias}@{device_address} (󰁹 {device_battery_percentage}%)"; }; - # "wireplumber" = ; - # "format" = "{volume}% {icon}"; - # "format-muted" = ""; - # "on-click" = "helvum; - # }, + "wireplumber" = { + "format" = "{volume}% {icon}"; + "format-muted" = ""; + "on-click" = "helvum"; + }; "sway/workspaces" = { "disable-scroll" = false; "persistent_workspaces" = { @@ -69,10 +69,12 @@ "format" = "{} 󰍛"; }; "temperature" = { - # "thermal-zone" = 2; - # "hwmon-path" = "/sys/class/hwmon/hwmon2/temp1_input"; + /* + "thermal-zone" = 2; + "hwmon-path" = "/sys/class/hwmon/hwmon2/temp1_input"; + "format-critical" = "{temperatureC}°C {icon}"; + */ "critical-threshold" = 80; - # "format-critical" = "{temperatureC}°C {icon}"; "format" = "{temperatureC}°C {icon}"; "format-icons" = ["" "" ""]; }; @@ -106,12 +108,14 @@ "format" = "{title} by {artist}"; }; "pulseaudio" = { - # "scroll-step" = 1, # %, can be a floa; + /* + "scroll-step" = 1, # %, can be a floa; + "format" = "{volume}% {icon} {format_source}"; + "format-bluetooth" = "{volume}% {icon} {format_source}"; + "format-bluetooth-muted" = " {icon} {format_source}"; + "format-muted" = " {format_source}"; + */ "format" = "{volume} {icon} {format_source}"; - #"format" = "{volume}% {icon} {format_source}"; - #"format-bluetooth" = "{volume}% {icon} {format_source}"; - #"format-bluetooth-muted" = " {icon} {format_source}"; - #"format-muted" = " {format_source}"; "format-muted" = "󰝟 {format_source}"; "format-source" = ""; "format-source-muted" = ""; diff --git a/nixos/beefcake.nix b/nixos/beefcake.nix index 64462fa..52e6434 100644 --- a/nixos/beefcake.nix +++ b/nixos/beefcake.nix @@ -8,8 +8,10 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x01 0x00 sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00 */ { - # inputs, - # outputs, + /* + inputs, + outputs, + */ lib, config, pkgs, @@ -52,11 +54,13 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00 options = ["fmask=0022" "dmask=0022"]; }; + /* # should be mounted by auto-import; see boot.zfs.extraPools - # fileSystems."/storage" = { - # device = "zstorage/storage"; - # fsType = "zfs"; - # }; + fileSystems."/storage" = { + device = "zstorage/storage"; + fsType = "zfs"; + }; + */ fileSystems."/nix" = { device = "zstorage/nix"; @@ -227,137 +231,141 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00 6667 ]; } - # { - # # samba - # users.users.guest = { - # # used for anonymous samba access - # isSystemUser = true; - # group = "users"; - # createHome = true; - # }; - # users.users.scannerupload = { - # # used for scanner samba access - # isSystemUser = true; - # group = "users"; - # createHome = true; - # }; - # systemd.tmpfiles.rules = [ - # "d /var/spool/samba 1777 root root -" - # ]; - # services.samba-wsdd = { - # enable = true; - # }; - # services.samba = { - # enable = true; - # openFirewall = true; - # securityType = "user"; + { + /* + # samba + users.users.guest = { + # used for anonymous samba access + isSystemUser = true; + group = "users"; + createHome = true; + }; + users.users.scannerupload = { + # used for scanner samba access + isSystemUser = true; + group = "users"; + createHome = true; + }; + systemd.tmpfiles.rules = [ + "d /var/spool/samba 1777 root root -" + ]; + services.samba-wsdd = { + enable = true; + }; + services.samba = { + enable = true; + openFirewall = true; + securityType = "user"; - # # not needed since I don't think I use printer sharing? - # # https://nixos.wiki/wiki/Samba#Printer_sharing - # # package = pkgs.sambaFull; # broken last I checked in nixpkgs? + ## not needed since I don't think I use printer sharing? + ## https://nixos.wiki/wiki/Samba#Printer_sharing + ## package = pkgs.sambaFull; # broken last I checked in nixpkgs? - # extraConfig = '' - # workgroup = WORKGROUP - # server string = beefcake - # netbios name = beefcake - # security = user - # #use sendfile = yes - # #max protocol = smb2 - # # note: localhost is the ipv6 localhost ::1 - # hosts allow = 100.64.0.0/10 192.168.0.0/16 127.0.0.1 localhost - # hosts deny = 0.0.0.0/0 - # guest account = guest - # map to guest = never - # # load printers = yes - # # printing = cups - # # printcap name = cups - # ''; - # shares = { - # libre = { - # path = "/storage/libre"; - # browseable = "yes"; - # "read only" = "no"; - # "guest ok" = "yes"; - # "create mask" = "0666"; - # "directory mask" = "0777"; - # # "force user" = "nobody"; - # # "force group" = "users"; - # }; - # public = { - # path = "/storage/public"; - # browseable = "yes"; - # "read only" = "no"; - # "guest ok" = "yes"; - # "create mask" = "0664"; - # "directory mask" = "0775"; - # # "force user" = "nobody"; - # # "force group" = "users"; - # }; - # family = { - # path = "/storage/family"; - # browseable = "yes"; - # "read only" = "no"; - # "guest ok" = "no"; - # "create mask" = "0660"; - # "directory mask" = "0770"; - # # "force user" = "nobody"; - # # "force group" = "family"; - # }; - # scannerdocs = { - # path = "/storage/scannerdocs"; - # browseable = "yes"; - # "read only" = "no"; - # "guest ok" = "no"; - # "create mask" = "0600"; - # "directory mask" = "0700"; - # "valid users" = "scannerupload"; - # "force user" = "scannerupload"; - # "force group" = "users"; - # }; - # daniel = { - # path = "/storage/daniel"; - # browseable = "yes"; - # "read only" = "no"; - # "guest ok" = "no"; - # "create mask" = "0600"; - # "directory mask" = "0700"; - # # "force user" = "daniel"; - # # "force group" = "users"; - # }; - # # printers = { - # # comment = "All Printers"; - # # path = "/var/spool/samba"; - # # public = "yes"; - # # browseable = "yes"; - # # # to allow user 'guest account' to print. - # # "guest ok" = "yes"; - # # writable = "no"; - # # printable = "yes"; - # # "create mode" = 0700; - # # }; - # }; - # }; - # } + extraConfig = '' + workgroup = WORKGROUP + server string = beefcake + netbios name = beefcake + security = user + ## use sendfile = yes + ## max protocol = smb2 + ## note: localhost is the ipv6 localhost ::1 + hosts allow = 100.64.0.0/10 192.168.0.0/16 127.0.0.1 localhost + hosts deny = 0.0.0.0/0 + guest account = guest + map to guest = never + ## load printers = yes + ## printing = cups + ## printcap name = cups + ''; + shares = { + libre = { + path = "/storage/libre"; + browseable = "yes"; + "read only" = "no"; + "guest ok" = "yes"; + "create mask" = "0666"; + "directory mask" = "0777"; + # "force user" = "nobody"; + # "force group" = "users"; + }; + public = { + path = "/storage/public"; + browseable = "yes"; + "read only" = "no"; + "guest ok" = "yes"; + "create mask" = "0664"; + "directory mask" = "0775"; + # "force user" = "nobody"; + # "force group" = "users"; + }; + family = { + path = "/storage/family"; + browseable = "yes"; + "read only" = "no"; + "guest ok" = "no"; + "create mask" = "0660"; + "directory mask" = "0770"; + # "force user" = "nobody"; + # "force group" = "family"; + }; + scannerdocs = { + path = "/storage/scannerdocs"; + browseable = "yes"; + "read only" = "no"; + "guest ok" = "no"; + "create mask" = "0600"; + "directory mask" = "0700"; + "valid users" = "scannerupload"; + "force user" = "scannerupload"; + "force group" = "users"; + }; + daniel = { + path = "/storage/daniel"; + browseable = "yes"; + "read only" = "no"; + "guest ok" = "no"; + "create mask" = "0600"; + "directory mask" = "0700"; + # "force user" = "daniel"; + # "force group" = "users"; + }; + ## printers = { + ## comment = "All Printers"; + ## path = "/var/spool/samba"; + ## public = "yes"; + ## browseable = "yes"; + ## # to allow user 'guest account' to print. + ## "guest ok" = "yes"; + ## writable = "no"; + ## printable = "yes"; + ## "create mode" = 0700; + ## }; + }; + }; + */ + } { # nextcloud # TODO: investigate https://carlosvaz.com/posts/the-holy-grail-nextcloud-setup-made-easy-by-nixos/ - # services.postgresql = { - # ensureDatabases = [ - # "nextcloud" - # ]; - # ensureUsers = [ - # { - # name = "nextcloud"; - # ensureDBOwnership = true; - # } - # ]; - # }; - # nextcloud - # users.users.nextcloud = { - # isSystemUser = true; - # createHome = false; - # group = "nextcloud"; - # }; + /* + services.postgresql = { + ensureDatabases = [ + "nextcloud" + ]; + ensureUsers = [ + { + name = "nextcloud"; + ensureDBOwnership = true; + } + ]; + }; + nextcloud + users.users.nextcloud = { + isSystemUser = true; + createHome = false; + group = "nextcloud"; + }; + */ } { # plausible @@ -580,24 +588,28 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00 services.caddy.virtualHosts."video.lyte.dev" = { extraConfig = ''reverse_proxy :8096''; }; - # NOTE: this server's xeon chips DO NOT seem to support quicksync or graphics in general - # but I can probably throw in a crappy GPU (or a big, cheap ebay GPU for ML - # stuff, too?) and get good transcoding performance + /* + NOTE: this server's xeon chips DO NOT seem to support quicksync or graphics in general + but I can probably throw in a crappy GPU (or a big, cheap ebay GPU for ML + stuff, too?) and get good transcoding performance + */ # jellyfin hardware encoding - # hardware.graphics = { - # enable = true; - # extraPackages = with pkgs; [ - # intel-media-driver - # vaapiIntel - # vaapiVdpau - # libvdpau-va-gl - # intel-compute-runtime - # ]; - # }; - # nixpkgs.config.packageOverrides = pkgs: { - # vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; - # }; + /* + hardware.graphics = { + enable = true; + extraPackages = with pkgs; [ + intel-media-driver + vaapiIntel + vaapiVdpau + libvdpau-va-gl + intel-compute-runtime + ]; + }; + nixpkgs.config.packageOverrides = pkgs: { + vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; + }; + */ } { systemd.tmpfiles.settings = { @@ -772,9 +784,10 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00 Vary Origin defer } + file_server browse { - # browse template - # hide .* + ## browse template + ## hide .* root /storage/files.lyte.dev } ''; @@ -911,9 +924,11 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00 SIGNUPS_ALLOWED = "false"; ROCKET_ADDRESS = "127.0.0.1"; ROCKET_PORT = 8222; - # TODO: smtp setup? - # right now, I think I configured this manually by temporarily setting ADMIN_TOKEN - # and then configuring in https://bw.lyte.dev/admin + /* + TODO: smtp setup? + right now, I think I configured this manually by temporarily setting ADMIN_TOKEN + and then configuring in https://bw.lyte.dev/admin + */ }; }; services.caddy.virtualHosts."bw.lyte.dev" = { @@ -956,476 +971,483 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00 extraConfig = ''reverse_proxy :${toString config.services.atuin.port}''; }; } - # { - # # jland minecraft server - # users.groups.jland = { - # gid = 982; - # }; - # users.users.jland = { - # uid = 986; - # isSystemUser = true; - # createHome = false; - # group = "jland"; - # }; - # virtualisation.oci-containers.containers.minecraft-jland = { - # autoStart = false; + { + # jland minecraft server + /* + users.groups.jland = { + gid = 982; + }; + users.users.jland = { + uid = 986; + isSystemUser = true; + createHome = false; + group = "jland"; + }; + virtualisation.oci-containers.containers.minecraft-jland = { + autoStart = false; - # # sending commands: https://docker-minecraft-server.readthedocs.io/en/latest/commands/ - # image = "docker.io/itzg/minecraft-server"; - # # user = "${toString config.users.users.jland.uid}:${toString config.users.groups.jland.gid}"; - # extraOptions = [ - # "--tty" - # "--interactive" - # ]; - # environment = { - # EULA = "true"; - # # UID = toString config.users.users.jland.uid; - # # GID = toString config.users.groups.jland.gid; - # STOP_SERVER_ANNOUNCE_DELAY = "20"; - # TZ = "America/Chicago"; - # VERSION = "1.20.1"; - # MEMORY = "8G"; - # MAX_MEMORY = "16G"; - # TYPE = "FORGE"; - # FORGE_VERSION = "47.1.3"; - # ALLOW_FLIGHT = "true"; - # ENABLE_QUERY = "true"; + # sending commands: https://docker-minecraft-server.readthedocs.io/en/latest/commands/ + image = "docker.io/itzg/minecraft-server"; + # user = "${toString config.users.users.jland.uid}:${toString config.users.groups.jland.gid}"; + extraOptions = [ + "--tty" + "--interactive" + ]; + environment = { + EULA = "true"; + ## UID = toString config.users.users.jland.uid; + ## GID = toString config.users.groups.jland.gid; + STOP_SERVER_ANNOUNCE_DELAY = "20"; + TZ = "America/Chicago"; + VERSION = "1.20.1"; + MEMORY = "8G"; + MAX_MEMORY = "16G"; + TYPE = "FORGE"; + FORGE_VERSION = "47.1.3"; + ALLOW_FLIGHT = "true"; + ENABLE_QUERY = "true"; - # MODPACK = "/data/origination-files/Server-Files-0.2.14.zip"; + MODPACK = "/data/origination-files/Server-Files-0.2.14.zip"; - # # TYPE = "AUTO_CURSEFORGE"; - # # CF_SLUG = "monumental-experience"; - # # CF_FILE_ID = "4826863"; # 2.2.53 + ## TYPE = "AUTO_CURSEFORGE"; + ## CF_SLUG = "monumental-experience"; + ## CF_FILE_ID = "4826863"; # 2.2.53 - # # due to - # # Nov 02 13:45:22 beefcake minecraft-jland[2738672]: me.itzg.helpers.errors.GenericException: The modpack authors have indicated this file is not allowed for project distribution. Please download the client zip file from https://www.curseforge.com/minecraft/modpacks/monumental-experience and pass via CF_MODPACK_ZIP environment variable or place indownloads repo directory. - # # we must upload manually - # # CF_MODPACK_ZIP = "/data/origination-files/Monumental+Experience-2.2.53.zip"; + ## due to + ## Nov 02 13:45:22 beefcake minecraft-jland[2738672]: me.itzg.helpers.errors.GenericException: The modpack authors have indicated this file is not allowed for project distribution. Please download the client zip file from https://www.curseforge.com/minecraft/modpacks/monumental-experience and pass via CF_MODPACK_ZIP environment variable or place indownloads repo directory. + ## we must upload manually + ## CF_MODPACK_ZIP = "/data/origination-files/Monumental+Experience-2.2.53.zip"; - # # ENABLE_AUTOPAUSE = "true"; # TODO: must increate or disable max-tick-time - # # May also have mod/loader incompatibilities? - # # https://docker-minecraft-server.readthedocs.io/en/latest/misc/autopause-autostop/autopause/ - # }; - # environmentFiles = [ - # # config.sops.secrets."jland.env".path - # ]; - # ports = ["26965:25565"]; - # volumes = [ - # "/storage/jland/data:/data" - # "/storage/jland/worlds:/worlds" - # ]; - # }; - # networking.firewall.allowedTCPPorts = [ - # 26965 - # ]; - # } - # { - # # dawncraft minecraft server - # systemd.tmpfiles.rules = [ - # "d /storage/dawncraft/ 0770 1000 1000 -" - # "d /storage/dawncraft/data/ 0770 1000 1000 -" - # "d /storage/dawncraft/worlds/ 0770 1000 1000 -" - # "d /storage/dawncraft/downloads/ 0770 1000 1000 -" - # ]; - # virtualisation.oci-containers.containers.minecraft-dawncraft = { - # autoStart = false; + ## ENABLE_AUTOPAUSE = "true"; # TODO: must increate or disable max-tick-time + ## May also have mod/loader incompatibilities? + ## https://docker-minecraft-server.readthedocs.io/en/latest/misc/autopause-autostop/autopause/ + }; + environmentFiles = [ + # config.sops.secrets."jland.env".path + ]; + ports = ["26965:25565"]; + volumes = [ + "/storage/jland/data:/data" + "/storage/jland/worlds:/worlds" + ]; + }; + networking.firewall.allowedTCPPorts = [ + 26965 + ]; + } + { + # dawncraft minecraft server + systemd.tmpfiles.rules = [ + "d /storage/dawncraft/ 0770 1000 1000 -" + "d /storage/dawncraft/data/ 0770 1000 1000 -" + "d /storage/dawncraft/worlds/ 0770 1000 1000 -" + "d /storage/dawncraft/downloads/ 0770 1000 1000 -" + ]; + virtualisation.oci-containers.containers.minecraft-dawncraft = { + autoStart = false; - # # sending commands: https://docker-minecraft-server.readthedocs.io/en/latest/commands/ - # image = "docker.io/itzg/minecraft-server"; - # extraOptions = [ - # "--tty" - # "--interactive" - # ]; - # environment = { - # EULA = "true"; + # sending commands: https://docker-minecraft-server.readthedocs.io/en/latest/commands/ + image = "docker.io/itzg/minecraft-server"; + extraOptions = [ + "--tty" + "--interactive" + ]; + environment = { + EULA = "true"; - # STOP_SERVER_ANNOUNCE_DELAY = "20"; - # TZ = "America/Chicago"; - # VERSION = "1.18.2"; - # MEMORY = "8G"; - # MAX_MEMORY = "32G"; + STOP_SERVER_ANNOUNCE_DELAY = "20"; + TZ = "America/Chicago"; + VERSION = "1.18.2"; + MEMORY = "8G"; + MAX_MEMORY = "32G"; - # ALLOW_FLIGHT = "true"; - # ENABLE_QUERY = "true"; - # SERVER_PORT = "26968"; - # QUERY_PORT = "26968"; + ALLOW_FLIGHT = "true"; + ENABLE_QUERY = "true"; + SERVER_PORT = "26968"; + QUERY_PORT = "26968"; - # TYPE = "AUTO_CURSEFORGE"; - # CF_SLUG = "dawn-craft"; + TYPE = "AUTO_CURSEFORGE"; + CF_SLUG = "dawn-craft"; - # CF_EXCLUDE_MODS = "368398"; - # CF_FORCE_SYNCHRONIZE = "true"; - # # CF_FILE_ID = "5247696"; # 2.0.7 server - # }; - # environmentFiles = [ - # config.sops.secrets."dawncraft.env".path - # ]; - # ports = ["26968:26968/tcp" "26968:26968/udp"]; - # volumes = [ - # "/storage/dawncraft/data:/data" - # "/storage/dawncraft/worlds:/worlds" - # "/storage/dawncraft/downloads:/downloads" - # ]; - # }; - # networking.firewall.allowedTCPPorts = [ - # 26968 - # ]; - # } - # { - # # flanilla family minecraft server - # users.groups.flanilla = {}; - # users.users.flanilla = { - # isSystemUser = true; - # createHome = false; - # group = "flanilla"; - # }; - # virtualisation.oci-containers.containers.minecraft-flanilla = { - # autoStart = true; + CF_EXCLUDE_MODS = "368398"; + CF_FORCE_SYNCHRONIZE = "true"; + # CF_FILE_ID = "5247696"; # 2.0.7 server + }; + environmentFiles = [ + config.sops.secrets."dawncraft.env".path + ]; + ports = ["26968:26968/tcp" "26968:26968/udp"]; + volumes = [ + "/storage/dawncraft/data:/data" + "/storage/dawncraft/worlds:/worlds" + "/storage/dawncraft/downloads:/downloads" + ]; + }; + networking.firewall.allowedTCPPorts = [ + 26968 + ]; + */ + } + { + # flanilla family minecraft server + /* + users.groups.flanilla = {}; + users.users.flanilla = { + isSystemUser = true; + createHome = false; + group = "flanilla"; + }; + virtualisation.oci-containers.containers.minecraft-flanilla = { + autoStart = true; - # image = "docker.io/itzg/minecraft-server"; - # user = "${toString config.users.users.flanilla.uid}:${toString config.users.groups.flanilla.gid}"; - # extraOptions = ["--tty" "--interactive"]; - # environment = { - # EULA = "true"; - # UID = toString config.users.users.flanilla.uid; - # GID = toString config.users.groups.flanilla.gid; - # STOP_SERVER_ANNOUNCE_DELAY = "20"; - # TZ = "America/Chicago"; - # VERSION = "1.20.4"; - # OPS = "lytedev"; - # MODE = "creative"; - # DIFFICULTY = "peaceful"; - # ONLINE_MODE = "false"; - # MEMORY = "8G"; - # MAX_MEMORY = "16G"; - # ALLOW_FLIGHT = "true"; - # ENABLE_QUERY = "true"; - # ENABLE_COMMAND_BLOCK = "true"; - # }; + image = "docker.io/itzg/minecraft-server"; + user = "${toString config.users.users.flanilla.uid}:${toString config.users.groups.flanilla.gid}"; + extraOptions = ["--tty" "--interactive"]; + environment = { + EULA = "true"; + UID = toString config.users.users.flanilla.uid; + GID = toString config.users.groups.flanilla.gid; + STOP_SERVER_ANNOUNCE_DELAY = "20"; + TZ = "America/Chicago"; + VERSION = "1.20.4"; + OPS = "lytedev"; + MODE = "creative"; + DIFFICULTY = "peaceful"; + ONLINE_MODE = "false"; + MEMORY = "8G"; + MAX_MEMORY = "16G"; + ALLOW_FLIGHT = "true"; + ENABLE_QUERY = "true"; + ENABLE_COMMAND_BLOCK = "true"; + }; - # environmentFiles = [ - # # config.sops.secrets."flanilla.env".path - # ]; + environmentFiles = [ + # config.sops.secrets."flanilla.env".path + ]; - # ports = ["26966:25565"]; + ports = ["26966:25565"]; - # volumes = [ - # "/storage/flanilla/data:/data" - # "/storage/flanilla/worlds:/worlds" - # ]; - # }; - # networking.firewall.allowedTCPPorts = [ - # 26966 - # ]; - # } - # ({options, ...}: let - # toml = pkgs.formats.toml {}; - # package = pkgs.kanidm; - # domain = "idm.h.lyte.dev"; - # name = "kanidm"; - # storage = "/storage/${name}"; - # cert = "${storage}/certs/idm.h.lyte.dev.crt"; - # key = "${storage}/certs/idm.h.lyte.dev.key"; + volumes = [ + "/storage/flanilla/data:/data" + "/storage/flanilla/worlds:/worlds" + ]; + }; + networking.firewall.allowedTCPPorts = [ + 26966 + ]; + */ + } + ({options, ...}: let + /* + toml = pkgs.formats.toml {}; + package = pkgs.kanidm; + domain = "idm.h.lyte.dev"; + name = "kanidm"; + storage = "/storage/${name}"; + cert = "${storage}/certs/idm.h.lyte.dev.crt"; + key = "${storage}/certs/idm.h.lyte.dev.key"; - # serverSettings = { - # inherit domain; - # bindaddress = "127.0.0.1:8443"; - # # ldapbindaddress - # tls_chain = cert; - # tls_key = key; - # origin = "https://${domain}"; - # db_path = "${storage}/data/kanidm.db"; - # log_level = "info"; - # online_backup = { - # path = "${storage}/backups/"; - # schedule = "00 22 * * *"; - # # versions = 7; - # }; - # }; + serverSettings = { + inherit domain; + bindaddress = "127.0.0.1:8443"; + # ldapbindaddress + tls_chain = cert; + tls_key = key; + origin = "https://${domain}"; + db_path = "${storage}/data/kanidm.db"; + log_level = "info"; + online_backup = { + path = "${storage}/backups/"; + schedule = "00 22 * * *"; + # versions = 7; + }; + }; - # unixdSettings = { - # hsm_pin_path = "/var/cache/${name}-unixd/hsm-pin"; - # pam_allowed_login_groups = []; - # }; + unixdSettings = { + hsm_pin_path = "/var/cache/${name}-unixd/hsm-pin"; + pam_allowed_login_groups = []; + }; - # clientSettings = { - # uri = "https://idm.h.lyte.dev"; - # }; + clientSettings = { + uri = "https://idm.h.lyte.dev"; + }; - # user = name; - # group = name; - # serverConfigFile = toml.generate "server.toml" serverSettings; - # unixdConfigFile = toml.generate "kanidm-unixd.toml" unixdSettings; - # clientConfigFile = toml.generate "kanidm-config.toml" clientSettings; + user = name; + group = name; + serverConfigFile = toml.generate "server.toml" serverSettings; + unixdConfigFile = toml.generate "kanidm-unixd.toml" unixdSettings; + clientConfigFile = toml.generate "kanidm-config.toml" clientSettings; - # defaultServiceConfig = { - # BindReadOnlyPaths = [ - # "/nix/store" - # "-/etc/resolv.conf" - # "-/etc/nsswitch.conf" - # "-/etc/hosts" - # "-/etc/localtime" - # ]; - # CapabilityBoundingSet = []; - # # ProtectClock= adds DeviceAllow=char-rtc r - # DeviceAllow = ""; - # # Implies ProtectSystem=strict, which re-mounts all paths - # # DynamicUser = true; - # LockPersonality = true; - # MemoryDenyWriteExecute = true; - # NoNewPrivileges = true; - # PrivateDevices = true; - # PrivateMounts = true; - # PrivateNetwork = true; - # PrivateTmp = true; - # PrivateUsers = true; - # ProcSubset = "pid"; - # ProtectClock = true; - # ProtectHome = true; - # ProtectHostname = true; - # # Would re-mount paths ignored by temporary root - # #ProtectSystem = "strict"; - # ProtectControlGroups = true; - # ProtectKernelLogs = true; - # ProtectKernelModules = true; - # ProtectKernelTunables = true; - # ProtectProc = "invisible"; - # RestrictAddressFamilies = []; - # RestrictNamespaces = true; - # RestrictRealtime = true; - # RestrictSUIDSGID = true; - # SystemCallArchitectures = "native"; - # SystemCallFilter = ["@system-service" "~@privileged @resources @setuid @keyring"]; - # # Does not work well with the temporary root - # #UMask = "0066"; - # }; - # in { - # # kanidm + defaultServiceConfig = { + BindReadOnlyPaths = [ + "/nix/store" + "-/etc/resolv.conf" + "-/etc/nsswitch.conf" + "-/etc/hosts" + "-/etc/localtime" + ]; + CapabilityBoundingSet = []; + # ProtectClock= adds DeviceAllow=char-rtc r + DeviceAllow = ""; + # Implies ProtectSystem=strict, which re-mounts all paths + # DynamicUser = true; + LockPersonality = true; + MemoryDenyWriteExecute = true; + NoNewPrivileges = true; + PrivateDevices = true; + PrivateMounts = true; + PrivateNetwork = true; + PrivateTmp = true; + PrivateUsers = true; + ProcSubset = "pid"; + ProtectClock = true; + ProtectHome = true; + ProtectHostname = true; + # Would re-mount paths ignored by temporary root + #ProtectSystem = "strict"; + ProtectControlGroups = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectProc = "invisible"; + RestrictAddressFamilies = []; + RestrictNamespaces = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + SystemCallArchitectures = "native"; + SystemCallFilter = ["@system-service" "~@privileged @resources @setuid @keyring"]; + # Does not work well with the temporary root + #UMask = "0066"; + }; + */ + in { + # kanidm + /* + config = { + # we need a mechanism to get the certificates that caddy provisions for us + systemd.timers."copy-kanidm-certificates-from-caddy" = { + wantedBy = ["timers.target"]; + timerConfig = { + OnBootSec = "10m"; # 10 minutes after booting + OnUnitActiveSec = "5m"; # every 5 minutes afterwards + Unit = "copy-kanidm-certificates-from-caddy.service"; + }; + }; - # config = { - # # we need a mechanism to get the certificates that caddy provisions for us - # systemd.timers."copy-kanidm-certificates-from-caddy" = { - # wantedBy = ["timers.target"]; - # timerConfig = { - # OnBootSec = "10m"; # 10 minutes after booting - # OnUnitActiveSec = "5m"; # every 5 minutes afterwards - # Unit = "copy-kanidm-certificates-from-caddy.service"; - # }; - # }; + systemd.services."copy-kanidm-certificates-from-caddy" = { + script = '' + umask 077 + install -d -m 0700 -o "${user}" -g "${group}" "${storage}/data" "${storage}/certs" + cd /var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/idm.h.lyte.dev + install -m 0700 -o "${user}" -g "${group}" idm.h.lyte.dev.key idm.h.lyte.dev.crt "${storage}/certs" + ''; + path = with pkgs; [rsync]; + serviceConfig = { + Type = "oneshot"; + User = "root"; + }; + }; - # systemd.services."copy-kanidm-certificates-from-caddy" = { - # script = '' - # umask 077 - # install -d -m 0700 -o "${user}" -g "${group}" "${storage}/data" "${storage}/certs" - # cd /var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/idm.h.lyte.dev - # install -m 0700 -o "${user}" -g "${group}" idm.h.lyte.dev.key idm.h.lyte.dev.crt "${storage}/certs" - # ''; - # path = with pkgs; [rsync]; - # serviceConfig = { - # Type = "oneshot"; - # User = "root"; - # }; - # }; + environment.systemPackages = [package]; - # environment.systemPackages = [package]; + # TODO: should I use this for /storage/kanidm/certs etc.? + systemd.tmpfiles.settings."10-kanidm" = { + "${serverSettings.online_backup.path}".d = { + inherit user group; + mode = "0700"; + }; + ## "${builtins.dirOf unixdSettings.hsm_pin_path}".d = { + ## user = "${user}-unixd"; + ## group = "${group}-unixd"; + ## mode = "0700"; + ## }; + "${storage}/data".d = { + inherit user group; + mode = "0700"; + }; + "${storage}/certs".d = { + inherit user group; + mode = "0700"; + }; + }; - # # TODO: should I use this for /storage/kanidm/certs etc.? - # systemd.tmpfiles.settings."10-kanidm" = { - # "${serverSettings.online_backup.path}".d = { - # inherit user group; - # mode = "0700"; - # }; - # # "${builtins.dirOf unixdSettings.hsm_pin_path}".d = { - # # user = "${user}-unixd"; - # # group = "${group}-unixd"; - # # mode = "0700"; - # # }; - # "${storage}/data".d = { - # inherit user group; - # mode = "0700"; - # }; - # "${storage}/certs".d = { - # inherit user group; - # mode = "0700"; - # }; - # }; + users.groups = { + ${group} = {}; + "${group}-unixd" = {}; + }; - # users.groups = { - # ${group} = {}; - # "${group}-unixd" = {}; - # }; + users.users.${user} = { + inherit group; + description = "kanidm server"; + isSystemUser = true; + packages = [package]; + }; + users.users."${user}-unixd" = { + group = "${group}-unixd"; + description = lib.mkForce "kanidm PAM daemon"; + isSystemUser = true; + }; - # users.users.${user} = { - # inherit group; - # description = "kanidm server"; - # isSystemUser = true; - # packages = [package]; - # }; - # users.users."${user}-unixd" = { - # group = "${group}-unixd"; - # description = lib.mkForce "kanidm PAM daemon"; - # isSystemUser = true; - # }; + # the kanidm module in nixpkgs was not working for me, so I rolled my own + # loosely based off it + systemd.services.kanidm = { + enable = true; + path = with pkgs; [openssl] ++ [package]; + description = "kanidm identity management daemon"; + wantedBy = ["multi-user.target"]; + after = ["network.target"]; + requires = ["copy-kanidm-certificates-from-caddy.service"]; + script = '' + pwd + ls -la + ls -laR /storage/kanidm + ${package}/bin/kanidmd server -c ${serverConfigFile} + ''; + # environment.RUST_LOG = serverSettings.log_level; + serviceConfig = lib.mkMerge [ + defaultServiceConfig + { + StateDirectory = name; + StateDirectoryMode = "0700"; + RuntimeDirectory = "${name}d"; + User = user; + Group = group; - # # the kanidm module in nixpkgs was not working for me, so I rolled my own - # # loosely based off it - # systemd.services.kanidm = { - # enable = true; - # path = with pkgs; [openssl] ++ [package]; - # description = "kanidm identity management daemon"; - # wantedBy = ["multi-user.target"]; - # after = ["network.target"]; - # requires = ["copy-kanidm-certificates-from-caddy.service"]; - # script = '' - # pwd - # ls -la - # ls -laR /storage/kanidm - # ${package}/bin/kanidmd server -c ${serverConfigFile} - # ''; - # # environment.RUST_LOG = serverSettings.log_level; - # serviceConfig = lib.mkMerge [ - # defaultServiceConfig - # { - # StateDirectory = name; - # StateDirectoryMode = "0700"; - # RuntimeDirectory = "${name}d"; - # User = user; - # Group = group; + AmbientCapabilities = ["CAP_NET_BIND_SERVICE"]; + CapabilityBoundingSet = ["CAP_NET_BIND_SERVICE"]; + PrivateUsers = lib.mkForce false; + PrivateNetwork = lib.mkForce false; + RestrictAddressFamilies = ["AF_INET" "AF_INET6" "AF_UNIX"]; + # TemporaryFileSystem = "/:ro"; + BindReadOnlyPaths = [ + "${storage}/certs" + ]; + BindPaths = [ + "${storage}/data" - # AmbientCapabilities = ["CAP_NET_BIND_SERVICE"]; - # CapabilityBoundingSet = ["CAP_NET_BIND_SERVICE"]; - # PrivateUsers = lib.mkForce false; - # PrivateNetwork = lib.mkForce false; - # RestrictAddressFamilies = ["AF_INET" "AF_INET6" "AF_UNIX"]; - # # TemporaryFileSystem = "/:ro"; - # BindReadOnlyPaths = [ - # "${storage}/certs" - # ]; - # BindPaths = [ - # "${storage}/data" + # socket + "/run/${name}d:/run/${name}d" - # # socket - # "/run/${name}d:/run/${name}d" + # backups + serverSettings.online_backup.path + ]; + } + ]; + }; - # # backups - # serverSettings.online_backup.path - # ]; - # } - # ]; - # }; + systemd.services.kanidm-unixd = { + description = "Kanidm PAM daemon"; + wantedBy = ["multi-user.target"]; + after = ["network.target"]; + restartTriggers = [unixdConfigFile clientConfigFile]; + serviceConfig = lib.mkMerge [ + defaultServiceConfig + { + CacheDirectory = "${name}-unixd"; + CacheDirectoryMode = "0700"; + RuntimeDirectory = "${name}-unixd"; + ExecStart = "${package}/bin/kanidm_unixd"; + User = "${user}-unixd"; + Group = "${group}-unixd"; - # systemd.services.kanidm-unixd = { - # description = "Kanidm PAM daemon"; - # wantedBy = ["multi-user.target"]; - # after = ["network.target"]; - # restartTriggers = [unixdConfigFile clientConfigFile]; - # serviceConfig = lib.mkMerge [ - # defaultServiceConfig - # { - # CacheDirectory = "${name}-unixd"; - # CacheDirectoryMode = "0700"; - # RuntimeDirectory = "${name}-unixd"; - # ExecStart = "${package}/bin/kanidm_unixd"; - # User = "${user}-unixd"; - # Group = "${group}-unixd"; + BindReadOnlyPaths = [ + "-/etc/kanidm" + "-/etc/static/kanidm" + "-/etc/ssl" + "-/etc/static/ssl" + "-/etc/passwd" + "-/etc/group" + ]; - # BindReadOnlyPaths = [ - # "-/etc/kanidm" - # "-/etc/static/kanidm" - # "-/etc/ssl" - # "-/etc/static/ssl" - # "-/etc/passwd" - # "-/etc/group" - # ]; + BindPaths = [ + # socket + "/run/kanidm-unixd:/var/run/kanidm-unixd" + ]; - # BindPaths = [ - # # socket - # "/run/kanidm-unixd:/var/run/kanidm-unixd" - # ]; + # Needs to connect to kanidmd + PrivateNetwork = lib.mkForce false; + RestrictAddressFamilies = ["AF_INET" "AF_INET6" "AF_UNIX"]; + TemporaryFileSystem = "/:ro"; + } + ]; + environment.RUST_LOG = serverSettings.log_level; + }; - # # Needs to connect to kanidmd - # PrivateNetwork = lib.mkForce false; - # RestrictAddressFamilies = ["AF_INET" "AF_INET6" "AF_UNIX"]; - # TemporaryFileSystem = "/:ro"; - # } - # ]; - # environment.RUST_LOG = serverSettings.log_level; - # }; + systemd.services.kanidm-unixd-tasks = { + description = "Kanidm PAM home management daemon"; + wantedBy = ["multi-user.target"]; + after = ["network.target" "kanidm-unixd.service"]; + partOf = ["kanidm-unixd.service"]; + restartTriggers = [unixdConfigFile clientConfigFile]; + serviceConfig = { + ExecStart = "${package}/bin/kanidm_unixd_tasks"; - # systemd.services.kanidm-unixd-tasks = { - # description = "Kanidm PAM home management daemon"; - # wantedBy = ["multi-user.target"]; - # after = ["network.target" "kanidm-unixd.service"]; - # partOf = ["kanidm-unixd.service"]; - # restartTriggers = [unixdConfigFile clientConfigFile]; - # serviceConfig = { - # ExecStart = "${package}/bin/kanidm_unixd_tasks"; + BindReadOnlyPaths = [ + "/nix/store" + "-/etc/resolv.conf" + "-/etc/nsswitch.conf" + "-/etc/hosts" + "-/etc/localtime" + "-/etc/kanidm" + "-/etc/static/kanidm" + ]; + BindPaths = [ + # To manage home directories + "/home" - # BindReadOnlyPaths = [ - # "/nix/store" - # "-/etc/resolv.conf" - # "-/etc/nsswitch.conf" - # "-/etc/hosts" - # "-/etc/localtime" - # "-/etc/kanidm" - # "-/etc/static/kanidm" - # ]; - # BindPaths = [ - # # To manage home directories - # "/home" + # To connect to kanidm-unixd + "/run/kanidm-unixd:/var/run/kanidm-unixd" + ]; + # CAP_DAC_OVERRIDE is needed to ignore ownership of unixd socket + CapabilityBoundingSet = ["CAP_CHOWN" "CAP_FOWNER" "CAP_DAC_OVERRIDE" "CAP_DAC_READ_SEARCH"]; + IPAddressDeny = "any"; + # Need access to users + PrivateUsers = false; + # Need access to home directories + ProtectHome = false; + RestrictAddressFamilies = ["AF_UNIX"]; + TemporaryFileSystem = "/:ro"; + Restart = "on-failure"; + }; + environment.RUST_LOG = serverSettings.log_level; + }; - # # To connect to kanidm-unixd - # "/run/kanidm-unixd:/var/run/kanidm-unixd" - # ]; - # # CAP_DAC_OVERRIDE is needed to ignore ownership of unixd socket - # CapabilityBoundingSet = ["CAP_CHOWN" "CAP_FOWNER" "CAP_DAC_OVERRIDE" "CAP_DAC_READ_SEARCH"]; - # IPAddressDeny = "any"; - # # Need access to users - # PrivateUsers = false; - # # Need access to home directories - # ProtectHome = false; - # RestrictAddressFamilies = ["AF_UNIX"]; - # TemporaryFileSystem = "/:ro"; - # Restart = "on-failure"; - # }; - # environment.RUST_LOG = serverSettings.log_level; - # }; + environment.etc = { + "kanidm/server.toml".source = serverConfigFile; + "kanidm/config".source = clientConfigFile; + "kanidm/unixd".source = unixdConfigFile; + }; - # environment.etc = { - # "kanidm/server.toml".source = serverConfigFile; - # "kanidm/config".source = clientConfigFile; - # "kanidm/unixd".source = unixdConfigFile; - # }; + system.nssModules = [package]; - # system.nssModules = [package]; + system.nssDatabases.group = [name]; + system.nssDatabases.passwd = [name]; - # system.nssDatabases.group = [name]; - # system.nssDatabases.passwd = [name]; + ## environment.etc."kanidm/server.toml" = { + ## mode = "0600"; + ## group = "kanidm"; + ## user = "kanidm"; + ## }; - # # environment.etc."kanidm/server.toml" = { - # # mode = "0600"; - # # group = "kanidm"; - # # user = "kanidm"; - # # }; + ## environment.etc."kanidm/config" = { + ## mode = "0600"; + ## group = "kanidm"; + ## user = "kanidm"; + ## }; - # # environment.etc."kanidm/config" = { - # # mode = "0600"; - # # group = "kanidm"; - # # user = "kanidm"; - # # }; + services.caddy.virtualHosts."idm.h.lyte.dev" = { + extraConfig = ''reverse_proxy https://idm.h.lyte.dev:8443''; + }; - # services.caddy.virtualHosts."idm.h.lyte.dev" = { - # extraConfig = ''reverse_proxy https://idm.h.lyte.dev:8443''; - # }; - - # networking = { - # extraHosts = '' - # ::1 idm.h.lyte.dev - # 127.0.0.1 idm.h.lyte.dev - # ''; - # }; - # }; - # }) + networking = { + extraHosts = '' + ::1 idm.h.lyte.dev + 127.0.0.1 idm.h.lyte.dev + ''; + }; + }; + */ + }) { systemd.tmpfiles.settings = { "10-audiobookshelf" = { @@ -1518,15 +1540,17 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00 }; }; }; - # TODO: promtail? - # idrac exporter? - # restic exporter? - # smartctl exporter? - # systemd exporter? - # NOTE: we probably don't want this exposed - # services.caddy.virtualHosts."prometheus.h.lyte.dev" = { - # extraConfig = ''reverse_proxy :${toString config.services.prometheus.port}''; - # }; + /* + TODO: promtail? + idrac exporter? + restic exporter? + smartctl exporter? + systemd exporter? + NOTE: we probably don't want this exposed + services.caddy.virtualHosts."prometheus.h.lyte.dev" = { + extraConfig = ''reverse_proxy :${toString config.services.prometheus.port}''; + }; + */ } { # grafana @@ -1604,17 +1628,19 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00 } ]; - # TODO: non-root processes and services that access secrets need to be part of - # the 'keys' group - # maybe this will fix plausible? + /* + TODO: non-root processes and services that access secrets need to be part of + the 'keys' group + maybe this will fix plausible? - # systemd.services.some-service = { - # serviceConfig.SupplementaryGroups = [ config.users.groups.keys.name ]; - # }; - # or - # users.users.example-user.extraGroups = [ config.users.groups.keys.name ]; + systemd.services.some-service = { + serviceConfig.SupplementaryGroups = [ config.users.groups.keys.name ]; + }; + or + users.users.example-user.extraGroups = [ config.users.groups.keys.name ]; - # TODO: declarative directory quotas? for storage/$USER and /home/$USER + TODO: declarative directory quotas? for storage/$USER and /home/$USER + */ environment.systemPackages = with pkgs; [ aria2 @@ -1630,33 +1656,35 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00 services.tailscale.useRoutingFeatures = "server"; + /* # https://github.com/NixOS/nixpkgs/blob/04af42f3b31dba0ef742d254456dc4c14eedac86/nixos/modules/services/misc/lidarr.nix#L72 - # services.lidarr = { - # enable = true; - # dataDir = "/storage/lidarr"; - # }; + services.lidarr = { + enable = true; + dataDir = "/storage/lidarr"; + }; - # services.radarr = { - # enable = true; - # dataDir = "/storage/radarr"; - # }; + services.radarr = { + enable = true; + dataDir = "/storage/radarr"; + }; - # services.sonarr = { - # enable = true; - # dataDir = "/storage/sonarr"; - # }; + services.sonarr = { + enable = true; + dataDir = "/storage/sonarr"; + }; - # services.bazarr = { - # enable = true; - # listenPort = 6767; - # }; + services.bazarr = { + enable = true; + listenPort = 6767; + }; - # networking.firewall.allowedTCPPorts = [9876 9877]; - # networking.firewall.allowedUDPPorts = [9876 9877]; - # networking.firewall.allowedUDPPortRanges = [ - # { - # from = 27000; - # to = 27100; - # } - # ]; + networking.firewall.allowedTCPPorts = [9876 9877]; + networking.firewall.allowedUDPPorts = [9876 9877]; + networking.firewall.allowedUDPPortRanges = [ + { + from = 27000; + to = 27100; + } + ]; + */ } diff --git a/nixos/bigtower.nix b/nixos/bigtower.nix index 3923891..f44610a 100644 --- a/nixos/bigtower.nix +++ b/nixos/bigtower.nix @@ -40,21 +40,23 @@ }; }; - # networking = { - # firewall = let - # terraria = 7777; - # stardew-valley = 24642; - # web-dev-lan = 18888; - # ports = [ - # terraria - # stardew-valley - # web-dev-lan - # ]; - # in { - # allowedTCPPorts = ports; - # allowedUDPPorts = ports; - # }; - # }; + /* + networking = { + firewall = let + terraria = 7777; + stardew-valley = 24642; + web-dev-lan = 18888; + ports = [ + terraria + stardew-valley + web-dev-lan + ]; + in { + allowedTCPPorts = ports; + allowedUDPPorts = ports; + }; + }; + */ environment.systemPackages = with pkgs; [ radeontop @@ -63,69 +65,73 @@ ]; home-manager.users.daniel = { - # slippi-launcher = { - # enable = true; - # # isoPath = "${config.home-manager.users.daniel.home.homeDirectory}/../games/roms/dolphin/melee.iso"; - # launchMeleeOnPlay = false; - # }; + /* + slippi-launcher = { + enable = true; + # isoPath = "${config.home-manager.users.daniel.home.homeDirectory}/../games/roms/dolphin/melee.iso"; + launchMeleeOnPlay = false; + }; + */ # TODO: monitor config module? - # wayland.windowManager.hyprland = { - # settings = { - # env = [ - # "EWW_BAR_MON,1" - # ]; - # # See https://wiki.hyprland.org/Configuring/Keywords/ for more - # monitor = [ - # # "DP-2,3840x2160@60,-2160x0,1,transform,3" - # "DP-3,3840x2160@120,${toString (builtins.ceil (2160 / 1.5))}x0,1" - # # HDR breaks screenshare? "DP-3,3840x2160@120,${toString (builtins.ceil (2160 / 1.5))}x0,1,bitdepth,10" - # # "desc:LG Display 0x0521,3840x2160@120,0x0,1" - # # "desc:Dell Inc. DELL U2720Q D3TM623,3840x2160@60,3840x0,1.5,transform,1" - # "DP-2,3840x2160@60,0x0,1.5,transform,1" - # ]; - # input = { - # force_no_accel = true; - # sensitivity = 1; # -1.0 - 1.0, 0 means no modification. - # }; - # }; - # }; + /* + wayland.windowManager.hyprland = { + settings = { + env = [ + "EWW_BAR_MON,1" + ]; + # See https://wiki.hyprland.org/Configuring/Keywords/ for more + monitor = [ + # "DP-2,3840x2160@60,-2160x0,1,transform,3" + "DP-3,3840x2160@120,${toString (builtins.ceil (2160 / 1.5))}x0,1" + # HDR breaks screenshare? "DP-3,3840x2160@120,${toString (builtins.ceil (2160 / 1.5))}x0,1,bitdepth,10" + # "desc:LG Display 0x0521,3840x2160@120,0x0,1" + # "desc:Dell Inc. DELL U2720Q D3TM623,3840x2160@60,3840x0,1.5,transform,1" + "DP-2,3840x2160@60,0x0,1.5,transform,1" + ]; + input = { + force_no_accel = true; + sensitivity = 1; # -1.0 - 1.0, 0 means no modification. + }; + }; + }; - # wayland.windowManager.sway = { - # config = { - # output = { - # "GIGA-BYTE TECHNOLOGY CO., LTD. AORUS FO48U 23070B000307" = { - # mode = "3840x2160@120Hz"; - # position = "${toString (builtins.ceil (2160 / 1.5))},0"; - # }; + wayland.windowManager.sway = { + config = { + output = { + "GIGA-BYTE TECHNOLOGY CO., LTD. AORUS FO48U 23070B000307" = { + mode = "3840x2160@120Hz"; + position = "${toString (builtins.ceil (2160 / 1.5))},0"; + }; - # "Dell Inc. DELL U2720Q D3TM623" = { - # # desktop left vertical monitor - # mode = "3840x2160@60Hz"; - # transform = "90"; - # scale = "1.5"; - # position = "0,0"; - # }; - # }; + "Dell Inc. DELL U2720Q D3TM623" = { + # desktop left vertical monitor + mode = "3840x2160@60Hz"; + transform = "90"; + scale = "1.5"; + position = "0,0"; + }; + }; - # workspaceOutputAssign = - # ( - # map - # (ws: { - # output = "GIGA-BYTE TECHNOLOGY CO., LTD. AORUS FO48U 23070B000307"; - # workspace = toString ws; - # }) - # (lib.range 1 7) - # ) - # ++ ( - # map - # (ws: { - # output = "Dell Inc. DELL U2720Q D3TM623"; - # workspace = toString ws; - # }) - # (lib.range 8 9) - # ); - # }; - # }; + workspaceOutputAssign = + ( + map + (ws: { + output = "GIGA-BYTE TECHNOLOGY CO., LTD. AORUS FO48U 23070B000307"; + workspace = toString ws; + }) + (lib.range 1 7) + ) + ++ ( + map + (ws: { + output = "Dell Inc. DELL U2720Q D3TM623"; + workspace = toString ws; + }) + (lib.range 8 9) + ); + }; + }; + */ }; } diff --git a/nixos/dragon.nix b/nixos/dragon.nix index 95baa70..f12868e 100644 --- a/nixos/dragon.nix +++ b/nixos/dragon.nix @@ -73,62 +73,65 @@ }; # TODO: monitor config module? - # wayland.windowManager.hyprland = { - # settings = { - # env = [ - # "EWW_BAR_MON,1" - # ]; - # # See https://wiki.hyprland.org/Configuring/Keywords/ for more - # monitor = [ - # # "DP-2,3840x2160@60,-2160x0,1,transform,3" - # "DP-3,3840x2160@120,${toString (builtins.ceil (2160 / 1.5))}x0,1" - # # HDR breaks screenshare? "DP-3,3840x2160@120,${toString (builtins.ceil (2160 / 1.5))}x0,1,bitdepth,10" - # # "desc:LG Display 0x0521,3840x2160@120,0x0,1" - # # "desc:Dell Inc. DELL U2720Q D3TM623,3840x2160@60,3840x0,1.5,transform,1" - # "DP-2,3840x2160@60,0x0,1.5,transform,1" - # ]; - # input = { - # force_no_accel = true; - # sensitivity = 1; # -1.0 - 1.0, 0 means no modification. - # }; - # }; - # }; + wayland.windowManager.hyprland = { + settings = { + env = [ + "EWW_BAR_MON,1" + ]; + # See https://wiki.hyprland.org/Configuring/Keywords/ for more + monitor = [ + # "DP-2,3840x2160@60,-2160x0,1,transform,3" + "DP-3,3840x2160@120,${toString (builtins.ceil (2160 / 1.5))}x0,1" + # TODO: HDR breaks screenshare? + /* + "DP-3,3840x2160@120,${toString (builtins.ceil (2160 / 1.5))}x0,1,bitdepth,10" + "desc:LG Display 0x0521,3840x2160@120,0x0,1" + "desc:Dell Inc. DELL U2720Q D3TM623,3840x2160@60,3840x0,1.5,transform,1" + */ + "DP-2,3840x2160@60,0x0,1.5,transform,1" + ]; + input = { + force_no_accel = true; + sensitivity = 1; # -1.0 - 1.0, 0 means no modification. + }; + }; + }; - # wayland.windowManager.sway = { - # config = { - # output = { - # "GIGA-BYTE TECHNOLOGY CO., LTD. AORUS FO48U 23070B000307" = { - # mode = "3840x2160@120Hz"; - # position = "${toString (builtins.ceil (2160 / 1.5))},0"; - # }; + wayland.windowManager.sway = { + config = { + output = { + "GIGA-BYTE TECHNOLOGY CO., LTD. AORUS FO48U 23070B000307" = { + mode = "3840x2160@120Hz"; + position = "${toString (builtins.ceil (2160 / 1.5))},0"; + }; - # "Dell Inc. DELL U2720Q D3TM623" = { - # # desktop left vertical monitor - # mode = "3840x2160@60Hz"; - # transform = "90"; - # scale = "1.5"; - # position = "0,0"; - # }; - # }; + "Dell Inc. DELL U2720Q D3TM623" = { + # desktop left vertical monitor + mode = "3840x2160@60Hz"; + transform = "270"; + scale = "1.5"; + position = "0,0"; + }; + }; - # workspaceOutputAssign = - # ( - # map - # (ws: { - # output = "GIGA-BYTE TECHNOLOGY CO., LTD. AORUS FO48U 23070B000307"; - # workspace = toString ws; - # }) - # (lib.range 1 7) - # ) - # ++ ( - # map - # (ws: { - # output = "Dell Inc. DELL U2720Q D3TM623"; - # workspace = toString ws; - # }) - # (lib.range 8 9) - # ); - # }; - # }; + workspaceOutputAssign = + ( + map + (ws: { + output = "GIGA-BYTE TECHNOLOGY CO., LTD. AORUS FO48U 23070B000307"; + workspace = toString ws; + }) + (lib.range 1 7) + ) + ++ ( + map + (ws: { + output = "Dell Inc. DELL U2720Q D3TM623"; + workspace = toString ws; + }) + (lib.range 8 9) + ); + }; + }; }; } diff --git a/nixos/foxtrot.nix b/nixos/foxtrot.nix index e6a3f18..0283404 100644 --- a/nixos/foxtrot.nix +++ b/nixos/foxtrot.nix @@ -11,9 +11,11 @@ swapDevices = [ # TODO: move this to disko? # NOTE(oninstall): - # sudo btrfs subvolume create /swap - # sudo btrfs filesystem mkswapfile --size 32g --uuid clear /swap/swapfile - # sudo swapon /swap/swapfile + /* + sudo btrfs subvolume create /swap + sudo btrfs filesystem mkswapfile --size 32g --uuid clear /swap/swapfile + sudo swapon /swap/swapfile + */ {device = "/swap/swapfile";} ]; # findmnt -no UUID -T /swap/swapfile @@ -23,15 +25,17 @@ services.fwupd.extraRemotes = ["lvfs-testing"]; # NOTE: I'm letting plasma settings handle this I guess? - # services.logind = { - # lidSwitch = "suspend-then-hibernate"; - # # HandleLidSwitchDocked=ignore - # extraConfig = '' - # HandlePowerKey=suspend-then-hibernate - # IdleActionSec=10m - # IdleAction=suspend-then-hibernate - # ''; - # }; + /* + services.logind = { + lidSwitch = "suspend-then-hibernate"; + # HandleLidSwitchDocked=ignore + extraConfig = '' + HandlePowerKey=suspend-then-hibernate + IdleActionSec=10m + IdleAction=suspend-then-hibernate + ''; + }; + */ } ]; @@ -56,37 +60,41 @@ }; }; - # wayland.windowManager.hyprland = { - # settings = { - # env = [ - # "EWW_BAR_MON,0" - # ]; - # # See https://wiki.hyprland.org/Configuring/Keywords/ for more - # monitor = [ - # "eDP-1,2256x1504@60,0x0,${toString scale}" - # ]; - # }; - # }; + /* + wayland.windowManager.hyprland = { + settings = { + env = [ + "EWW_BAR_MON,0" + ]; + # See https://wiki.hyprland.org/Configuring/Keywords/ for more + monitor = [ + "eDP-1,2256x1504@60,0x0,${toString scale}" + ]; + }; + }; + */ - # wayland.windowManager.sway = { - # config = { - # output = { - # "BOE 0x0BCA Unknown" = { - # mode = "2256x1504@60Hz"; - # position = "0,0"; - # scale = toString scale; - # }; + /* + wayland.windowManager.sway = { + config = { + output = { + "BOE 0x0BCA Unknown" = { + mode = "2256x1504@60Hz"; + position = "0,0"; + scale = toString scale; + }; - # "Dell Inc. DELL U2720Q D3TM623" = { - # # desktop left vertical monitor - # mode = "1920x1080@60Hz"; - # # transform = "90"; - # # scale = "1.5"; - # position = "${toString (builtins.floor (2256 / scale))},0"; - # }; - # }; - # }; - # }; + "Dell Inc. DELL U2720Q D3TM623" = { + # desktop left vertical monitor + mode = "1920x1080@60Hz"; + # transform = "90"; + # scale = "1.5"; + position = "${toString (builtins.floor (2256 / scale))},0"; + }; + }; + }; + }; + */ }; hardware.graphics.extraPackages = [ @@ -107,15 +115,17 @@ kernelPackages = pkgs.linuxPackages_latest; # https://github.com/void-linux/void-packages/issues/50417#issuecomment-2131802836 fix framework 13 not shutting down - # kernelPatches = [ - # { - # name = "framework13shutdownfix"; - # patch = builtins.fetchurl { - # url = "https://github.com/void-linux/void-packages/files/15445612/0001-Add-hopefully-a-solution-for-shutdown-regression.PATCH"; - # sha256 = "sha256:10zcnzy5hkam2cnxx441b978gzhvnqlcc49k7bpz9dc28xyjik50"; - # }; - # } - # ]; + /* + kernelPatches = [ + { + name = "framework13shutdownfix"; + patch = builtins.fetchurl { + url = "https://github.com/void-linux/void-packages/files/15445612/0001-Add-hopefully-a-solution-for-shutdown-regression.PATCH"; + sha256 = "sha256:10zcnzy5hkam2cnxx441b978gzhvnqlcc49k7bpz9dc28xyjik50"; + }; + } + ]; + */ loader = { efi.canTouchEfiVariables = true; @@ -123,11 +133,12 @@ }; # NOTE(oninstall): - # sudo filefrag -v /swap/swapfile | awk '$1=="0:" {print substr($4, 1, length($4)-2)}' - # the above won't work for btrfs, instead you need - # btrfs inspect-internal map-swapfile -r /swap/swapfile - # https://wiki.archlinux.org/title/Power_management/Suspend_and_hibernate#Hibernation_into_swap_file - # many of these come from https://wiki.archlinux.org/title/Framework_Laptop_13#Suspend + /* + sudo filefrag -v /swap/swapfile | awk '$1=="0:" {print substr($4, 1, length($4)-2)}' + the above won't work for btrfs, instead you need btrfs inspect-internal map-swapfile -r /swap/swapfile + https://wiki.archlinux.org/title/Power_management/Suspend_and_hibernate#Hibernation_into_swap_file + many of these come from https://wiki.archlinux.org/title/Framework_Laptop_13#Suspend + */ kernelParams = [ "rtc_cmos.use_acpi_alarm=1" "amdgpu.sg_display=0" @@ -151,10 +162,12 @@ powerOnBoot = false; }; powerManagement.cpuFreqGovernor = "ondemand"; - # powerManagement.resumeCommands = '' - # modprobe -rv mt7921e - # modprobe -v mt7921e - # ''; + /* + powerManagement.resumeCommands = '' + modprobe -rv mt7921e + modprobe -v mt7921e + ''; + */ services.power-profiles-daemon = { enable = true; @@ -170,24 +183,24 @@ "fprintd:TestPamFprintd" ]; }; - # tod.enable = true; - # tod.driver = pkgs.libfprint-2-tod1-goodix; }; - # services.tlp = { - # enable = true; - # settings = { - # CPU_ENERGY_PERF_POLICY_ON_BAT = "power"; - # CPU_SCALING_GOVERNOR_ON_BAT = "ondemand"; - # CPU_MIN_PERF_ON_BAT = 0; - # CPU_MAX_PERF_ON_BAT = 80; + /* + services.tlp = { + enable = true; + settings = { + CPU_ENERGY_PERF_POLICY_ON_BAT = "power"; + CPU_SCALING_GOVERNOR_ON_BAT = "ondemand"; + CPU_MIN_PERF_ON_BAT = 0; + CPU_MAX_PERF_ON_BAT = 80; - # CPU_SCALING_GOVERNOR_ON_AC = "performance"; - # CPU_ENERGY_PERF_POLICY_ON_AC = "performance"; - # CPU_MIN_PERF_ON_AC = 0; - # CPU_MAX_PERF_ON_AC = 100; - # }; - # }; + CPU_SCALING_GOVERNOR_ON_AC = "performance"; + CPU_ENERGY_PERF_POLICY_ON_AC = "performance"; + CPU_MIN_PERF_ON_AC = 0; + CPU_MAX_PERF_ON_AC = 100; + }; + }; + */ networking.firewall.allowedTCPPorts = let stardewValley = 24642; diff --git a/nixos/htpifour.nix b/nixos/htpifour.nix index 4c19135..ddd0c0d 100644 --- a/nixos/htpifour.nix +++ b/nixos/htpifour.nix @@ -58,15 +58,19 @@ hardware.raspberry-pi."4".audio.enable = true; nixpkgs.overlays = [ - # nixos-22.05 - # (self: super: { libcec = super.libcec.override { inherit (self) libraspberrypi; }; }) - # nixos-22.11 - # (self: super: {libcec = super.libcec.override {withLibraspberrypi = true;};}) + /* + nixos-22.05 + (self: super: { libcec = super.libcec.override { inherit (self) libraspberrypi; }; }) + nixos-22.11 + (self: super: {libcec = super.libcec.override {withLibraspberrypi = true;};}) + */ ]; # Workaround for GNOME autologin: https://github.com/NixOS/nixpkgs/issues/103746#issuecomment-945091229 - # systemd.services."getty@tty1".enable = false; - # systemd.services."autovt@tty1".enable = false; + /* + systemd.services."getty@tty1".enable = false; + systemd.services."autovt@tty1".enable = false; + */ # hardware systemd.targets.sleep.enable = false; @@ -99,38 +103,40 @@ }; }; - # services.udev.extraRules = '' - # # allow access to raspi cec device for video group (and optionally register it as a systemd device, used below) - # SUBSYSTEM=="vchiq", GROUP="video", MODE="0660", TAG+="systemd", ENV{SYSTEMD_ALIAS}="/dev/vchiq" - # ''; + /* + services.udev.extraRules = '' + # allow access to raspi cec device for video group (and optionally register it as a systemd device, used below) + SUBSYSTEM=="vchiq", GROUP="video", MODE="0660", TAG+="systemd", ENV{SYSTEMD_ALIAS}="/dev/vchiq" + ''; - # powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; - # optional: attach a persisted cec-client to `/run/cec.fifo`, to avoid the CEC ~1s startup delay per command - # scan for devices: `echo 'scan' > /run/cec.fifo ; journalctl -u cec-client.service` - # set pi as active source: `echo 'as' > /run/cec.fifo` - # systemd.sockets."cec-client" = { - # after = ["dev-vchiq.device"]; - # bindsTo = ["dev-vchiq.device"]; - # wantedBy = ["sockets.target"]; - # socketConfig = { - # ListenFIFO = "/run/cec.fifo"; - # SocketGroup = "video"; - # SocketMode = "0660"; - # }; - # }; - # systemd.services."cec-client" = { - # after = ["dev-vchiq.device"]; - # bindsTo = ["dev-vchiq.device"]; - # wantedBy = ["multi-user.target"]; - # serviceConfig = { - # ExecStart = ''${pkgs.libcec}/bin/cec-client -d 1''; - # ExecStop = ''/bin/sh -c "echo q > /run/cec.fifo"''; - # StandardInput = "socket"; - # StandardOutput = "journal"; - # Restart = "no"; - # }; - # }; + optional: attach a persisted cec-client to `/run/cec.fifo`, to avoid the CEC ~1s startup delay per command + scan for devices: `echo 'scan' > /run/cec.fifo ; journalctl -u cec-client.service` + set pi as active source: `echo 'as' > /run/cec.fifo` + systemd.sockets."cec-client" = { + after = ["dev-vchiq.device"]; + bindsTo = ["dev-vchiq.device"]; + wantedBy = ["sockets.target"]; + socketConfig = { + ListenFIFO = "/run/cec.fifo"; + SocketGroup = "video"; + SocketMode = "0660"; + }; + }; + systemd.services."cec-client" = { + after = ["dev-vchiq.device"]; + bindsTo = ["dev-vchiq.device"]; + wantedBy = ["multi-user.target"]; + serviceConfig = { + ExecStart = ''${pkgs.libcec}/bin/cec-client -d 1''; + ExecStop = ''/bin/sh -c "echo q > /run/cec.fifo"''; + StandardInput = "socket"; + StandardOutput = "journal"; + Restart = "no"; + }; + }; + */ hardware.graphics.driSupport32Bit = lib.mkForce false; diff --git a/nixos/router.nix b/nixos/router.nix index 084fbd7..366e298 100644 --- a/nixos/router.nix +++ b/nixos/router.nix @@ -5,13 +5,15 @@ pkgs, ... }: let - # NOTE: My goal is to be able to apply most of the common tweaks to the router - # either live on the system for ad-hoc changes (such as forwarding a port for a - # multiplayer game) or to tweak these values just below without reaching deeper - # into the modules' implementation of these configuration values - # NOTE: I could turn this into a cool NixOS module? - # TODO: review https://francis.begyn.be/blog/nixos-home-router - # TODO: more recent: https://github.com/ghostbuster91/blogposts/blob/a2374f0039f8cdf4faddeaaa0347661ffc2ec7cf/router2023-part2/main.md + /* + NOTE: My goal is to be able to apply most of the common tweaks to the router + either live on the system for ad-hoc changes (such as forwarding a port for a + multiplayer game) or to tweak these values just below without reaching deeper + into the modules' implementation of these configuration values + NOTE: I could turn this into a cool NixOS module? + TODO: review https://francis.begyn.be/blog/nixos-home-router + TODO: more recent: https://github.com/ghostbuster91/blogposts/blob/a2374f0039f8cdf4faddeaaa0347661ffc2ec7cf/router2023-part2/main.md + */ hostname = "router"; domain = "h.lyte.dev"; ip = "192.168.0.1"; @@ -246,56 +248,58 @@ in { }; # NOTE: see flake.nix 'nnf.nixosModules.default' - # nftables.firewall = let - # me = config.networking.nftables.firewall.localZoneName; - # in { - # enable = true; - # snippets.nnf-common.enable = true; + /* + nftables.firewall = let + me = config.networking.nftables.firewall.localZoneName; + in { + enable = true; + snippets.nnf-common.enable = true; - # zones = { - # ${interfaces.wan.name} = { - # interfaces = [interfaces.wan.name interfaces.lan.name]; - # }; - # ${interfaces.lan.name} = { - # parent = interfaces.wan.name; - # ipv4Addresses = [cidr]; - # }; - # # banned = { - # # ingressExpression = [ - # # "ip saddr @banlist" - # # "ip6 saddr @banlist6" - # # ]; - # # egressExpression = [ - # # "ip daddr @banlist" - # # "ip6 daddr @banlist6" - # # ]; - # # }; - # }; + zones = { + ${interfaces.wan.name} = { + interfaces = [interfaces.wan.name interfaces.lan.name]; + }; + ${interfaces.lan.name} = { + parent = interfaces.wan.name; + ipv4Addresses = [cidr]; + }; + # banned = { + # ingressExpression = [ + # "ip saddr @banlist" + # "ip6 saddr @banlist6" + # ]; + # egressExpression = [ + # "ip daddr @banlist" + # "ip6 daddr @banlist6" + # ]; + # }; + }; - # rules = { - # dhcp = { - # from = "all"; - # to = [hosts.beefcake.ip]; - # allowedTCPPorts = [67]; - # allowedUDPPorts = [67]; - # }; - # http = { - # from = "all"; - # to = [me]; - # allowedTCPPorts = [80 443]; - # }; - # router-ssh = { - # from = "all"; - # to = [me]; - # allowedTCPPorts = [2201]; - # }; - # server-ssh = { - # from = "all"; - # to = [hosts.beefcake.ip]; - # allowedTCPPorts = [22]; - # }; - # }; - # }; + rules = { + dhcp = { + from = "all"; + to = [hosts.beefcake.ip]; + allowedTCPPorts = [67]; + allowedUDPPorts = [67]; + }; + http = { + from = "all"; + to = [me]; + allowedTCPPorts = [80 443]; + }; + router-ssh = { + from = "all"; + to = [me]; + allowedTCPPorts = [2201]; + }; + server-ssh = { + from = "all"; + to = [hosts.beefcake.ip]; + allowedTCPPorts = [22]; + }; + }; + }; + */ }; systemd.network = { @@ -347,25 +351,31 @@ in { }; }; - # WAN configuration requires DHCP to get addresses - # we also disable some options to be certain we retain as much networking - # control as we reasonably can, such as not letting the ISP determine our - # hostname or DNS configuration - # TODO: IPv6 (prefix delegation) + /* + WAN configuration requires DHCP to get addresses + we also disable some options to be certain we retain as much networking + control as we reasonably can, such as not letting the ISP determine our + hostname or DNS configuration + TODO: IPv6 (prefix delegation) + */ "40-${interfaces.wan.name}" = { matchConfig.Name = "${interfaces.wan.name}"; networkConfig = { Description = "WAN network - connection to fiber ISP jack"; DHCP = true; - # IPv6AcceptRA = true; - # IPv6PrivacyExtensions = true; - # IPForward = true; + /* + IPv6AcceptRA = true; + IPv6PrivacyExtensions = true; + IPForward = true; + */ }; dhcpV6Config = { - # ForceDHCPv6PDOtherInformation = true; - # UseHostname = false; - # UseDNS = false; - # UseNTP = false; + /* + ForceDHCPv6PDOtherInformation = true; + UseHostname = false; + UseDNS = false; + UseNTP = false; + */ PrefixDelegationHint = "::/56"; }; dhcpV4Config = { @@ -391,17 +401,21 @@ in { services.resolved.enable = false; - # dnsmasq serves as our DHCP and DNS server - # almost all the configuration should be derived from the values at the top of - # this file + /* + dnsmasq serves as our DHCP and DNS server + almost all the configuration should be derived from the values at the top of + this file + */ services.dnsmasq = { enable = true; settings = { listen-address = "::,127.0.0.1,${ip}"; port = 53; - # dhcp-authoritative = true; - # dnssec = true; + /* + dhcp-authoritative = true; + dnssec = true; + */ enable-ra = true; server = ["1.1.1.1" "9.9.9.9" "8.8.8.8"]; @@ -454,8 +468,10 @@ in { }; }; - # since the home network reserves port 22 for ssh to the big server and to - # gitea, the router uses port 2201 for ssh + /* + since the home network reserves port 22 for ssh to the big server and to + gitea, the router uses port 2201 for ssh + */ services.openssh.listenAddresses = [ { addr = "0.0.0.0"; @@ -479,252 +495,254 @@ in { system.stateVersion = "24.05"; - # NOTE: everything from here on is deprecated or old stuff + /* + NOTE: everything from here on is deprecated or old stuff - # TODO: may not be strictly necessary for IPv6? - # TODO: also may not even be the best implementation? - # services.radvd = { - # enable = false; - # # NOTE: this config is just the default arch linux config I think and may - # # need tweaking? this is what I had on the arch linux router, though :shrug: - # config = '' - # interface lo - # { - # AdvSendAdvert on; - # MinRtrAdvInterval 3; - # MaxRtrAdvInterval 10; - # AdvDefaultPreference low; - # AdvHomeAgentFlag off; + TODO: may not be strictly necessary for IPv6? + TODO: also may not even be the best implementation? + services.radvd = { + enable = false; + ## NOTE: this config is just the default arch linux config I think and may + ## need tweaking? this is what I had on the arch linux router, though :shrug: + config = '' + interface lo + { + AdvSendAdvert on; + MinRtrAdvInterval 3; + MaxRtrAdvInterval 10; + AdvDefaultPreference low; + AdvHomeAgentFlag off; - # prefix 2001:db8:1:0::/64 - # { - # AdvOnLink on; - # AdvAutonomous on; - # AdvRouterAddr off; - # }; + prefix 2001:db8:1:0::/64 + { + AdvOnLink on; + AdvAutonomous on; + AdvRouterAddr off; + }; - # prefix 0:0:0:1234::/64 - # { - # AdvOnLink on; - # AdvAutonomous on; - # AdvRouterAddr off; - # Base6to4Interface ppp0; - # AdvPreferredLifetime 120; - # AdvValidLifetime 300; - # }; + prefix 0:0:0:1234::/64 + { + AdvOnLink on; + AdvAutonomous on; + AdvRouterAddr off; + Base6to4Interface ppp0; + AdvPreferredLifetime 120; + AdvValidLifetime 300; + }; - # route 2001:db0:fff::/48 - # { - # AdvRoutePreference high; - # AdvRouteLifetime 3600; - # }; + route 2001:db0:fff::/48 + { + AdvRoutePreference high; + AdvRouteLifetime 3600; + }; - # RDNSS 2001:db8::1 2001:db8::2 - # { - # AdvRDNSSLifetime 30; - # }; + RDNSS 2001:db8::1 2001:db8::2 + { + AdvRDNSSLifetime 30; + }; - # DNSSL branch.example.com example.com - # { - # AdvDNSSLLifetime 30; - # }; - # }; - # ''; - # }; + DNSSL branch.example.com example.com + { + AdvDNSSLLifetime 30; + }; + }; + ''; + }; - # TODO: old config, should be deleted ASAP - # services.dnsmasq = { - # enable = false; - # settings = { - # # server endpoints - # listen-address = "::1,127.0.0.1,${ip}"; - # port = "53"; + TODO: old config, should be deleted ASAP + services.dnsmasq = { + enable = false; + settings = { + # server endpoints + listen-address = "::1,127.0.0.1,${ip}"; + port = "53"; - # # DNS cache entries - # cache-size = "10000"; + # DNS cache entries + cache-size = "10000"; - # # local domain entries - # local = "/lan/"; - # domain = "lan"; - # expand-hosts = true; + # local domain entries + local = "/lan/"; + domain = "lan"; + expand-hosts = true; - # dhcp-authoritative = true; + dhcp-authoritative = true; - # conf-file = "/usr/share/dnsmasq/trust-anchors.conf"; - # dnssec = true; + conf-file = "/usr/share/dnsmasq/trust-anchors.conf"; + dnssec = true; - # except-interface = "${wan_if}"; - # interface = "${lan_if}"; + except-interface = "${wan_if}"; + interface = "${lan_if}"; - # enable-ra = true; + enable-ra = true; - # # dhcp-option = "121,${cidr},${ip}"; + # dhcp-option = "121,${cidr},${ip}"; - # dhcp-range = [ - # "lan,${dhcp_lease_space.min},${dhcp_lease_space.max},${netmask},10m" - # "tag:${lan_if},::1,constructor:${lan_if},ra-names,12h" - # ]; + dhcp-range = [ + "lan,${dhcp_lease_space.min},${dhcp_lease_space.max},${netmask},10m" + "tag:${lan_if},::1,constructor:${lan_if},ra-names,12h" + ]; - # dhcp-host = [ - # "${hosts.dragon.host},${hosts.dragon.ip},12h" - # "${hosts.beefcake.host},${hosts.beefcake.ip},12h" - # ]; + dhcp-host = [ + "${hosts.dragon.host},${hosts.dragon.ip},12h" + "${hosts.beefcake.host},${hosts.beefcake.ip},12h" + ]; - # # may need to go in /etc/hosts (networking.extraHosts), too? - # address = [ - # "/video.lyte.dev/192.168.0.9" - # "/git.lyte.dev/192.168.0.9" - # "/bw.lyte.dev/192.168.0.9" - # "/files.lyte.dev/192.168.0.9" - # "/vpn.h.lyte.dev/192.168.0.9" - # "/.h.lyte.dev/192.168.0.9" - # ]; + # may need to go in /etc/hosts (networking.extraHosts), too? + address = [ + "/video.lyte.dev/192.168.0.9" + "/git.lyte.dev/192.168.0.9" + "/bw.lyte.dev/192.168.0.9" + "/files.lyte.dev/192.168.0.9" + "/vpn.h.lyte.dev/192.168.0.9" + "/.h.lyte.dev/192.168.0.9" + ]; - # server = [ - # "${ip}" - # "8.8.8.8" - # "8.8.4.4" - # "1.1.1.1" - # "1.0.0.1" - # ]; - # }; - # }; + server = [ + "${ip}" + "8.8.8.8" + "8.8.4.4" + "1.1.1.1" + "1.0.0.1" + ]; + }; + }; - # TODO: old config, should be deleted ASAP - # nftables = { - # enable = false; - # flushRuleset = true; + TODO: old config, should be deleted ASAP + nftables = { + enable = false; + flushRuleset = true; - # tables = { - # filter = { - # family = "inet"; - # content = '' - # chain input { - # # type filter hook input priority filter; policy accept; - # type filter hook input priority 0; + tables = { + filter = { + family = "inet"; + content = '' + chain input { + # type filter hook input priority filter; policy accept; + type filter hook input priority 0; - # # anything from loopback interface - # iifname "lo" accept + # anything from loopback interface + iifname "lo" accept - # # accept traffic we originated - # ct state { established, related } counter accept - # ct state invalid counter drop + # accept traffic we originated + ct state { established, related } counter accept + ct state invalid counter drop - # # ICMP - # ip6 nexthdr icmpv6 icmpv6 type { echo-request, nd-neighbor-solicit, nd-neighbor-advert, nd-router-solicit, nd-router-advert, mld-listener-query, destination-unreachable, packet-too-big, time-exceeded, parameter-problem } counter accept - # ip protocol icmp icmp type { echo-request, destination-unreachable, router-advertisement, time-exceeded, parameter-problem } counter accept - # ip protocol icmpv6 counter accept - # ip protocol icmp counter accept - # meta l4proto ipv6-icmp counter accept - # udp dport dhcpv6-client counter accept + # ICMP + ip6 nexthdr icmpv6 icmpv6 type { echo-request, nd-neighbor-solicit, nd-neighbor-advert, nd-router-solicit, nd-router-advert, mld-listener-query, destination-unreachable, packet-too-big, time-exceeded, parameter-problem } counter accept + ip protocol icmp icmp type { echo-request, destination-unreachable, router-advertisement, time-exceeded, parameter-problem } counter accept + ip protocol icmpv6 counter accept + ip protocol icmp counter accept + meta l4proto ipv6-icmp counter accept + udp dport dhcpv6-client counter accept - # tcp dport { 64022, 22, 53, 67, 25565 } counter accept - # udp dport { 64020, 22, 53, 67 } counter accept + tcp dport { 64022, 22, 53, 67, 25565 } counter accept + udp dport { 64020, 22, 53, 67 } counter accept - # # iifname "iot" ip saddr $iot-ip tcp dport { llmnr } counter accept - # # iifname "iot" ip saddr $iot-ip udp dport { mdns, llmnr } counter accept - # iifname "${lan_if}" tcp dport { llmnr } counter accept - # iifname "${lan_if}" udp dport { mdns, llmnr } counter accept + ## iifname "iot" ip saddr $iot-ip tcp dport { llmnr } counter accept + ## iifname "iot" ip saddr $iot-ip udp dport { mdns, llmnr } counter accept + iifname "${lan_if}" tcp dport { llmnr } counter accept + iifname "${lan_if}" udp dport { mdns, llmnr } counter accept - # counter drop - # } + counter drop + } - # # allow all outgoing - # chain output { - # type filter hook output priority 0; - # accept - # } + # allow all outgoing + chain output { + type filter hook output priority 0; + accept + } - # chain forward { - # type filter hook forward priority 0; - # accept - # } - # ''; - # }; + chain forward { + type filter hook forward priority 0; + accept + } + ''; + }; - # nat = { - # family = "ip"; - # content = '' - # set masq_saddr { - # type ipv4_addr - # flags interval - # elements = { ${cidr} } - # } + nat = { + family = "ip"; + content = '' + set masq_saddr { + type ipv4_addr + flags interval + elements = { ${cidr} } + } - # map map_port_ipport { - # type inet_proto . inet_service : ipv4_addr . inet_service - # } + map map_port_ipport { + type inet_proto . inet_service : ipv4_addr . inet_service + } - # chain prerouting { - # iifname ${lan_if} accept + chain prerouting { + iifname ${lan_if} accept - # type nat hook prerouting priority dstnat + 1; policy accept; - # fib daddr type local dnat ip addr . port to meta l4proto . th dport map @map_port_ipport + type nat hook prerouting priority dstnat + 1; policy accept; + fib daddr type local dnat ip addr . port to meta l4proto . th dport map @map_port_ipport - # iifname ${wan_if} tcp dport { 22, 80, 443, 25565, 64022 } dnat to ${hosts.beefcake.ip} - # iifname ${wan_if} udp dport { 64020 } dnat to ${hosts.beefcake.ip} + iifname ${wan_if} tcp dport { 22, 80, 443, 25565, 64022 } dnat to ${hosts.beefcake.ip} + iifname ${wan_if} udp dport { 64020 } dnat to ${hosts.beefcake.ip} - # # iifname ${wan_if} tcp dport { 25565 } dnat to 192.168.0.244 - # # iifname ${wan_if} udp dport { 25565 } dnat to 192.168.0.244 + ## iifname ${wan_if} tcp dport { 25565 } dnat to 192.168.0.244 + ## iifname ${wan_if} udp dport { 25565 } dnat to 192.168.0.244 - # # router - # iifname ${wan_if} tcp dport { 2201 } dnat to ${ip} - # } + ## router + iifname ${wan_if} tcp dport { 2201 } dnat to ${ip} + } - # chain output { - # type nat hook output priority -99; policy accept; - # ip daddr != 127.0.0.0/8 oif "lo" dnat ip addr . port to meta l4proto . th dport map @map_port_ipport - # } + chain output { + type nat hook output priority -99; policy accept; + ip daddr != 127.0.0.0/8 oif "lo" dnat ip addr . port to meta l4proto . th dport map @map_port_ipport + } - # chain postrouting { - # type nat hook postrouting priority srcnat + 1; policy accept; - # oifname ${lan_if} masquerade - # ip saddr @masq_saddr masquerade - # } - # ''; - # }; - # }; - # }; + chain postrouting { + type nat hook postrouting priority srcnat + 1; policy accept; + oifname ${lan_if} masquerade + ip saddr @masq_saddr masquerade + } + ''; + }; + }; + }; - # TODO: also want to try to avoid using dhcpcd for IPv6 since systemd-networkd - # should be sufficient? - # dhcpcd = { - # enable = false; - # extraConfig = '' - # duid + TODO: also want to try to avoid using dhcpcd for IPv6 since systemd-networkd + should be sufficient? + dhcpcd = { + enable = false; + extraConfig = '' + duid - # # No way.... https://github.com/NetworkConfiguration/dhcpcd/issues/36#issuecomment-954777644 - # # issues caused by guests with oneplus devices - # noarp + ## No way.... https://github.com/NetworkConfiguration/dhcpcd/issues/36#issuecomment-954777644 + ## issues caused by guests with oneplus devices + noarp - # persistent - # vendorclassid + persistent + vendorclassid - # option domain_name_servers, domain_name, domain_search - # option classless_static_routes - # option interface_mtu - # option host_name - # #option ntp_servers + option domain_name_servers, domain_name, domain_search + option classless_static_routes + option interface_mtu + option host_name + #option ntp_servers - # require dhcp_server_identifier - # slaac private - # noipv4ll - # noipv6rs + require dhcp_server_identifier + slaac private + noipv4ll + noipv6rs - # static domain_name_servers=${ip} + static domain_name_servers=${ip} - # interface ${wan_if} - # gateway - # ipv6rs - # iaid 1 - # # option rapid_commit - # # ia_na 1 - # ia_pd 1 ${lan_if} + interface ${wan_if} + gateway + ipv6rs + iaid 1 + ## option rapid_commit + ## ia_na 1 + ia_pd 1 ${lan_if} - # interface ${lan_if} - # static ip_address=${cidr} - # static routers=${ip} - # static domain_name_servers=${ip} - # ''; - # }; + interface ${lan_if} + static ip_address=${cidr} + static routers=${ip} + static domain_name_servers=${ip} + ''; + }; + */ } diff --git a/nixos/thinker.nix b/nixos/thinker.nix index 370ddd2..3fd7a1b 100644 --- a/nixos/thinker.nix +++ b/nixos/thinker.nix @@ -6,10 +6,12 @@ efi.canTouchEfiVariables = true; systemd-boot.enable = true; }; - # sudo filefrag -v /swap/swapfile | awk '$1=="0:" {print substr($4, 1, length($4)-2)}' - # the above won't work for btrfs, instead you need - # btrfs inspect-internal map-swapfile -r /swap/swapfile - # https://wiki.archlinux.org/title/Power_management/Suspend_and_hibernate#Hibernation_into_swap_file + /* + sudo filefrag -v /swap/swapfile | awk '$1=="0:" {print substr($4, 1, length($4)-2)}' + the above won't work for btrfs, instead you need + btrfs inspect-internal map-swapfile -r /swap/swapfile + https://wiki.archlinux.org/title/Power_management/Suspend_and_hibernate#Hibernation_into_swap_file + */ kernelParams = ["boot.shell_on_fail"]; initrd.availableKernelModules = ["xhci_pci" "nvme" "ahci"]; }; diff --git a/templates/elixir/flake.nix b/templates/elixir/flake.nix index cc93c8e..ec7904f 100644 --- a/templates/elixir/flake.nix +++ b/templates/elixir/flake.nix @@ -47,19 +47,21 @@ src = ./.; pname = "api.lyte.dev"; in { - # this-package = mixRelease { - # inherit pname version src; - # mixFodDeps = fetchMixDeps { - # inherit version src; - # pname = "mix-deps-${pname}"; - # hash = pkgs.lib.fakeSha256; - # }; - # buildInputs = with pkgs; [sqlite]; - # HOME = "$(pwd)"; - # MIX_XDG = "$HOME"; - # }; + /* + this-package = mixRelease { + inherit pname version src; + mixFodDeps = fetchMixDeps { + inherit version src; + pname = "mix-deps-${pname}"; + hash = pkgs.lib.fakeSha256; + }; + buildInputs = with pkgs; [sqlite]; + HOME = "$(pwd)"; + MIX_XDG = "$HOME"; + }; - # default = outputs.packages.${system}.this-package; + default = outputs.packages.${system}.this-package; + */ }); devShells = forAllSystems (system: let diff --git a/templates/nix-flake/flake.nix b/templates/nix-flake/flake.nix index 86a9be5..f43f022 100644 --- a/templates/nix-flake/flake.nix +++ b/templates/nix-flake/flake.nix @@ -35,12 +35,14 @@ default = self.outputs.devShells.${pkgs.system}.nix; }); - # packages = genPkgs (pkgs: import ./pkgs {inherit pkgs;}); - # overlays = import ./overlays self; - # nixosModules = import ./modules/nixos; - # homeManagerModules = import ./modules/home-manager; - # nixosConfigurations = import ./nixos; - # homeConfigurations = import ./home - # templates = import ./templates; + /* + packages = genPkgs (pkgs: import ./pkgs {inherit pkgs;}); + overlays = import ./overlays self; + nixosModules = import ./modules/nixos; + homeManagerModules = import ./modules/home-manager; + nixosConfigurations = import ./nixos; + homeConfigurations = import ./home + templates = import ./templates; + */ }; } diff --git a/templates/rust/flake.nix b/templates/rust/flake.nix index d1b1f18..b053683 100644 --- a/templates/rust/flake.nix +++ b/templates/rust/flake.nix @@ -22,12 +22,14 @@ alejandra.enable = true; # NOTE: These do not work well with `nix flake check` due to pure environments # https://github.com/cachix/git-hooks.nix/issues/452 - # cargo-check.enable = true; - # clippy = { - # enable = true; - # packageOverrides.cargo = pkgs.cargo; - # packageOverrides.clippy = pkgs.rustPackages.clippy; - # }; + /* + cargo-check.enable = true; + clippy = { + enable = true; + packageOverrides.cargo = pkgs.cargo; + packageOverrides.clippy = pkgs.rustPackages.clippy; + }; + */ rustfmt = { enable = true; packageOverrides.rustfmt = pkgs.rustfmt; @@ -41,13 +43,15 @@ pname = "kodotag"; version = "0.1.0"; - # nativeBuildInputs = with pkgs; [ - # pkg-config - # clang - # ]; + /* + nativeBuildInputs = with pkgs; [ + pkg-config + clang + ]; - # buildInputs = with pkgs; [ - # ]; + buildInputs = with pkgs; [ + ]; + */ src = ./.; hash = pkgs.lib.fakeHash;