diff --git a/flake.nix b/flake.nix
index 4f25014..cfd8e79 100644
--- a/flake.nix
+++ b/flake.nix
@@ -38,40 +38,44 @@
};
};
- outputs = { self, nixpkgs, ... } @ inputs: {
- # https://nixos.org/manual/nix/stable/command-ref/new-cli/nix3-fmt.html
- formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixpkgs-fmt;
+ outputs = {
+ self,
+ nixpkgs,
+ ...
+ } @ inputs: {
+ # https://kamadorueda.com/alejandra/
+ formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.alejandra;
nixosConfigurations = {
# Home desktop
omega = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = inputs; # pass flake inputs to modules
- modules = [ ./hosts/omega ];
+ modules = [./hosts/omega];
};
# Laptop
zeta = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = inputs; # pass flake inputs to modules
- modules = [ ./hosts/zeta ];
+ modules = [./hosts/zeta];
};
# Work laptop
mu = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = inputs; # pass flake inputs to modules
- modules = [ ./hosts/mu ];
+ modules = [./hosts/mu];
};
# Hetzner VPS
alpha = nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
specialArgs = inputs; # pass flake inputs to modules
- modules = [ ./hosts/alpha ];
+ modules = [./hosts/alpha];
};
# Tor relay
tor = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = inputs; # pass flake inputs to modules
- modules = [ ./hosts/tor ];
+ modules = [./hosts/tor];
};
};
};
diff --git a/hosts/alpha/default.nix b/hosts/alpha/default.nix
index 32afb6d..3dfdbfa 100644
--- a/hosts/alpha/default.nix
+++ b/hosts/alpha/default.nix
@@ -1,4 +1,4 @@
-{ ... }: {
+{...}: {
imports = [
../../overlays
../../modules/base
diff --git a/hosts/alpha/hardware.nix b/hosts/alpha/hardware.nix
index 3cefce8..c7b8c9c 100644
--- a/hosts/alpha/hardware.nix
+++ b/hosts/alpha/hardware.nix
@@ -1,20 +1,26 @@
-{ config, lib, pkgs, modulesPath, ... }: {
+{
+ config,
+ lib,
+ pkgs,
+ modulesPath,
+ ...
+}: {
# https://nixos.wiki/wiki/Install_NixOS_on_Hetzner_Cloud
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
- boot.initrd.availableKernelModules = [ "xhci_pci" "virtio_pci" "virtio_scsi" "usbhid" "sr_mod" ];
- boot.initrd.kernelModules = [ "dm-snapshot" "virtio_gpu" ];
- boot.kernelParams = [ "console=tty" ];
- boot.kernelModules = [ ];
- boot.extraModulePackages = [ ];
+ boot.initrd.availableKernelModules = ["xhci_pci" "virtio_pci" "virtio_scsi" "usbhid" "sr_mod"];
+ boot.initrd.kernelModules = ["dm-snapshot" "virtio_gpu"];
+ boot.kernelParams = ["console=tty"];
+ boot.kernelModules = [];
+ boot.extraModulePackages = [];
# https://elis.nu/blog/2020/05/nixos-tmpfs-as-root/
fileSystems."/" = {
device = "none";
fsType = "tmpfs";
- options = [ "defaults" "size=2G" "mode=755" ]; # mode=755 so only root can write to those files
+ options = ["defaults" "size=2G" "mode=755"]; # mode=755 so only root can write to those files
};
fileSystems."/boot" = {
device = "/dev/disk/by-label/BOOT";
@@ -38,4 +44,3 @@
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
}
-
diff --git a/hosts/alpha/network.nix b/hosts/alpha/network.nix
index 74d4400..6d12a97 100644
--- a/hosts/alpha/network.nix
+++ b/hosts/alpha/network.nix
@@ -1,4 +1,4 @@
-{ config, ... }: {
+{config, ...}: {
systemd.network = {
# Main interface
networks."10-lan" = {
@@ -8,7 +8,7 @@
"2a01:4f8:c2c:71c0::/64"
];
routes = [
- { routeConfig = { Gateway = "fe80::1"; }; }
+ {routeConfig = {Gateway = "fe80::1";};}
];
};
@@ -31,7 +31,7 @@
PresharedKeyFile = config.age.secrets.wireguard-preshared-key-file.path;
# Add to the main routing table that traffic for the address should
# be sent to sigma.
- AllowedIPs = [ "49.13.33.75/32" ];
+ AllowedIPs = ["49.13.33.75/32"];
RouteTable = "main";
};
}
@@ -58,7 +58,7 @@
wireguardPeerConfig = {
PublicKey = "sigmaH/DKSU8KWyrPtucYmS2ewUvDvCNLxd/qYEo0n0=";
PresharedKeyFile = config.age.secrets.wireguard-preshared-key-file.path;
- AllowedIPs = [ "116.203.6.156/32" ];
+ AllowedIPs = ["116.203.6.156/32"];
RouteTable = "main";
};
}
@@ -76,7 +76,7 @@
};
networking = {
- firewall.allowedUDPPorts = [ 51820 51821 ];
+ firewall.allowedUDPPorts = [51820 51821];
};
age.secrets.wireguard-preshared-key-file = {
diff --git a/hosts/mu/default.nix b/hosts/mu/default.nix
index 754988f..c644723 100644
--- a/hosts/mu/default.nix
+++ b/hosts/mu/default.nix
@@ -1,4 +1,4 @@
-{ ... }: {
+{...}: {
imports = [
../../overlays
../../modules/base
diff --git a/hosts/mu/fan.nix b/hosts/mu/fan.nix
index 4876a7e..12b3d46 100644
--- a/hosts/mu/fan.nix
+++ b/hosts/mu/fan.nix
@@ -1,15 +1,15 @@
-{ ... }: {
+{...}: {
# Disable jet engine
services.thinkfan = {
enable = true;
levels = [
- [ 0 0 70 ]
- [ 1 65 75 ]
- [ 2 70 80 ]
- [ 3 75 85 ]
- [ 6 80 90 ]
- [ 7 90 95 ]
- [ "level auto" 95 32767 ]
+ [0 0 70]
+ [1 65 75]
+ [2 70 80]
+ [3 75 85]
+ [6 80 90]
+ [7 90 95]
+ ["level auto" 95 32767]
];
};
boot.extraModprobeConfig = ''
diff --git a/hosts/mu/fish.nix b/hosts/mu/fish.nix
index 94ed147..cdf809e 100644
--- a/hosts/mu/fish.nix
+++ b/hosts/mu/fish.nix
@@ -1,4 +1,4 @@
-{ home-manager, ... }: {
+{home-manager, ...}: {
home-manager.users.caspervk = {
programs.fish.shellAliases = {
sm = "bw get totp e2be31fb-135f-4b28-88cd-b094000ddb67 | wl-copy; gcloud --project magenta-os2mo-production compute ssh --tunnel-through-iap saltmaster";
diff --git a/hosts/mu/git.nix b/hosts/mu/git.nix
index dee2719..0fd2701 100644
--- a/hosts/mu/git.nix
+++ b/hosts/mu/git.nix
@@ -1,4 +1,8 @@
-{ home-manager, lib, ... }: {
+{
+ home-manager,
+ lib,
+ ...
+}: {
home-manager.users.caspervk = {
programs.git = {
userEmail = lib.mkForce "vk@magenta.dk";
@@ -6,7 +10,6 @@
# https://docs.gitlab.com/ee/user/project/push_options.html
mr = "push --push-option=merge_request.create --push-option=merge_request.assign='vk'";
};
-
};
};
}
diff --git a/hosts/mu/hardware.nix b/hosts/mu/hardware.nix
index f3f5e85..71a582b 100644
--- a/hosts/mu/hardware.nix
+++ b/hosts/mu/hardware.nix
@@ -1,4 +1,11 @@
-{ config, lib, pkgs, modulesPath, nixos-hardware, ... }: {
+{
+ config,
+ lib,
+ pkgs,
+ modulesPath,
+ nixos-hardware,
+ ...
+}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
nixos-hardware.nixosModules.common-cpu-intel
@@ -9,17 +16,16 @@
nixos-hardware.nixosModules.common-pc-ssd
];
- boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usbhid" "sdhci_pci" ];
- boot.initrd.kernelModules = [ "dm-snapshot" ];
- boot.kernelModules = [ "kvm-intel" ];
- boot.extraModulePackages = [ ];
-
+ boot.initrd.availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usbhid" "sdhci_pci"];
+ boot.initrd.kernelModules = ["dm-snapshot"];
+ boot.kernelModules = ["kvm-intel"];
+ boot.extraModulePackages = [];
# https://elis.nu/blog/2020/05/nixos-tmpfs-as-root/
fileSystems."/" = {
device = "none";
fsType = "tmpfs";
- options = [ "defaults" "size=2G" "mode=755" ]; # mode=755 so only root can write to those files
+ options = ["defaults" "size=2G" "mode=755"]; # mode=755 so only root can write to those files
};
fileSystems."/boot" = {
device = "/dev/disk/by-label/BOOT";
diff --git a/hosts/mu/hosts.nix b/hosts/mu/hosts.nix
index 1053d28..c65194a 100644
--- a/hosts/mu/hosts.nix
+++ b/hosts/mu/hosts.nix
@@ -1,4 +1,4 @@
-{ ... }: {
+{...}: {
networking.hosts = {
"127.0.0.1" = [
# not in git
diff --git a/hosts/mu/packages.nix b/hosts/mu/packages.nix
index 58cce3b..4dfadd4 100644
--- a/hosts/mu/packages.nix
+++ b/hosts/mu/packages.nix
@@ -1,4 +1,4 @@
-{ pkgs, ... }: {
+{pkgs, ...}: {
environment.systemPackages = with pkgs; [
android-studio
azure-cli
diff --git a/hosts/mu/sway.nix b/hosts/mu/sway.nix
index 984b52e..6b3a94c 100644
--- a/hosts/mu/sway.nix
+++ b/hosts/mu/sway.nix
@@ -1,4 +1,4 @@
-{ home-manager, ... }: {
+{home-manager, ...}: {
home-manager.users.caspervk = {
wayland.windowManager.sway = {
config = {
@@ -18,7 +18,10 @@
};
};
workspaceOutputAssign = [
- { workspace = "9"; output = "eDP-1"; }
+ {
+ workspace = "9";
+ output = "eDP-1";
+ }
];
};
};
diff --git a/hosts/omega/borg.nix b/hosts/omega/borg.nix
index af94ea1..4ee4a92 100644
--- a/hosts/omega/borg.nix
+++ b/hosts/omega/borg.nix
@@ -1,4 +1,4 @@
-{ ... }: {
+{...}: {
imports = [
../../modules/borg.nix
];
diff --git a/hosts/omega/default.nix b/hosts/omega/default.nix
index 1d3cf37..6fdde57 100644
--- a/hosts/omega/default.nix
+++ b/hosts/omega/default.nix
@@ -1,4 +1,4 @@
-{ pkgs, ... }: {
+{pkgs, ...}: {
imports = [
../../overlays
../../modules/base
@@ -12,10 +12,10 @@
systemd.services.qbittorrent = {
description = "qBittorrent service";
- documentation = [ "man:qbittorrent-nox(1)" ];
- wantedBy = [ "multi-user.target" ];
- wants = [ "multi-user.target" ];
- after = [ "network-online.target" "nss-lookup.target" ];
+ documentation = ["man:qbittorrent-nox(1)"];
+ wantedBy = ["multi-user.target"];
+ wants = ["multi-user.target"];
+ after = ["network-online.target" "nss-lookup.target"];
serviceConfig = {
Type = "exec";
User = "caspervk";
diff --git a/hosts/omega/hardware.nix b/hosts/omega/hardware.nix
index 3df3ad7..bda3a36 100644
--- a/hosts/omega/hardware.nix
+++ b/hosts/omega/hardware.nix
@@ -1,4 +1,11 @@
-{ config, lib, pkgs, modulesPath, nixos-hardware, ... }: {
+{
+ config,
+ lib,
+ pkgs,
+ modulesPath,
+ nixos-hardware,
+ ...
+}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
nixos-hardware.nixosModules.common-cpu-amd
@@ -8,17 +15,17 @@
nixos-hardware.nixosModules.common-pc-ssd
];
- boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
- boot.initrd.kernelModules = [ "dm-snapshot" ];
- boot.kernelModules = [ "kvm-amd" ];
- boot.extraModulePackages = [ ];
- boot.supportedFilesystems = [ "ntfs" ];
+ boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod"];
+ boot.initrd.kernelModules = ["dm-snapshot"];
+ boot.kernelModules = ["kvm-amd"];
+ boot.extraModulePackages = [];
+ boot.supportedFilesystems = ["ntfs"];
# https://elis.nu/blog/2020/05/nixos-tmpfs-as-root/
fileSystems."/" = {
device = "none";
fsType = "tmpfs";
- options = [ "defaults" "size=2G" "mode=755" ]; # mode=755 so only root can write to those files
+ options = ["defaults" "size=2G" "mode=755"]; # mode=755 so only root can write to those files
};
fileSystems."/boot" = {
device = "/dev/disk/by-label/BOOT";
@@ -41,12 +48,12 @@
fileSystems."/mnt/C" = {
device = "/dev/disk/by-label/C";
fsType = "ntfs-3g";
- options = [ "rw" "uid=1000" ];
+ options = ["rw" "uid=1000"];
};
fileSystems."/mnt/Backup" = {
device = "/dev/disk/by-label/Backup";
fsType = "ntfs-3g";
- options = [ "rw" "uid=1000" ];
+ options = ["rw" "uid=1000"];
};
# Enables DHCP on all ethernet and wireless LAN interfaces.
diff --git a/hosts/omega/network.nix b/hosts/omega/network.nix
index 80e374d..68bb353 100644
--- a/hosts/omega/network.nix
+++ b/hosts/omega/network.nix
@@ -1,4 +1,4 @@
-{ config, ... }: {
+{config, ...}: {
systemd.network = {
config = {
routeTables = {
@@ -35,7 +35,7 @@
# we add these routes to a specific routing table and configure a
# routing policy rule to only use it for packets being sent as the
# public IP.
- AllowedIPs = [ "0.0.0.0/0" ];
+ AllowedIPs = ["0.0.0.0/0"];
RouteTable = "wg-sigma-public";
};
}
@@ -43,7 +43,7 @@
};
networks."wg-sigma-public" = {
name = "wg-sigma-public";
- address = [ "49.13.33.75/32" ];
+ address = ["49.13.33.75/32"];
routingPolicyRules = [
{
routingPolicyRuleConfig = {
@@ -73,7 +73,7 @@
PresharedKeyFile = config.age.secrets.wireguard-preshared-key-file.path;
Endpoint = "alpha.caspervk.net:51821";
PersistentKeepalive = 25;
- AllowedIPs = [ "0.0.0.0/0" ];
+ AllowedIPs = ["0.0.0.0/0"];
RouteTable = "wg-sigma-p2p";
};
}
@@ -81,7 +81,7 @@
};
networks."wg-sigma-p2p" = {
name = "wg-sigma-p2p";
- address = [ "116.203.6.156/32" ];
+ address = ["116.203.6.156/32"];
routingPolicyRules = [
{
routingPolicyRuleConfig = {
diff --git a/hosts/omega/sway.nix b/hosts/omega/sway.nix
index 3b93970..e746c2e 100644
--- a/hosts/omega/sway.nix
+++ b/hosts/omega/sway.nix
@@ -1,4 +1,4 @@
-{ home-manager, ... }: {
+{home-manager, ...}: {
home-manager.users.caspervk = {
wayland.windowManager.sway = {
config = {
@@ -14,8 +14,14 @@
};
};
workspaceOutputAssign = [
- { workspace = "8"; output = "DP-2"; }
- { workspace = "9"; output = "DP-2"; }
+ {
+ workspace = "8";
+ output = "DP-2";
+ }
+ {
+ workspace = "9";
+ output = "DP-2";
+ }
];
};
};
diff --git a/hosts/tor/default.nix b/hosts/tor/default.nix
index 780404e..49d580b 100644
--- a/hosts/tor/default.nix
+++ b/hosts/tor/default.nix
@@ -1,4 +1,4 @@
-{ ... }: {
+{...}: {
imports = [
../../overlays
../../modules/base
diff --git a/hosts/tor/hardware.nix b/hosts/tor/hardware.nix
index 6ce4b26..ae2b3e0 100644
--- a/hosts/tor/hardware.nix
+++ b/hosts/tor/hardware.nix
@@ -1,18 +1,24 @@
-{ config, lib, pkgs, modulesPath, ... }: {
+{
+ config,
+ lib,
+ pkgs,
+ modulesPath,
+ ...
+}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
- boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ];
- boot.initrd.kernelModules = [ "dm-snapshot" ];
- boot.kernelModules = [ ];
- boot.extraModulePackages = [ ];
+ boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk"];
+ boot.initrd.kernelModules = ["dm-snapshot"];
+ boot.kernelModules = [];
+ boot.extraModulePackages = [];
# https://elis.nu/blog/2020/05/nixos-tmpfs-as-root/
fileSystems."/" = {
device = "none";
fsType = "tmpfs";
- options = [ "defaults" "size=2G" "mode=755" ]; # mode=755 so only root can write to those files
+ options = ["defaults" "size=2G" "mode=755"]; # mode=755 so only root can write to those files
};
fileSystems."/boot" = {
device = "/dev/disk/by-label/BOOT";
@@ -36,4 +42,3 @@
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}
-
diff --git a/hosts/tor/network.nix b/hosts/tor/network.nix
index a4bccad..f978b4c 100644
--- a/hosts/tor/network.nix
+++ b/hosts/tor/network.nix
@@ -1,4 +1,4 @@
-{ ... }: {
+{...}: {
systemd.network = {
networks."10-lan" = {
# IPv4 settings are from `sudo dhcpcd --test`.
@@ -9,8 +9,13 @@
"2a0d:3e83:1:b284::1/64"
];
routes = [
- { routeConfig = { Gateway = "91.210.59.1"; }; }
- { routeConfig = { Gateway = "2a0d:3e83:1::1"; GatewayOnLink = true; }; }
+ {routeConfig = {Gateway = "91.210.59.1";};}
+ {
+ routeConfig = {
+ Gateway = "2a0d:3e83:1::1";
+ GatewayOnLink = true;
+ };
+ }
];
};
};
diff --git a/hosts/tor/tor.nix b/hosts/tor/tor.nix
index 58fac5b..1ce10d1 100644
--- a/hosts/tor/tor.nix
+++ b/hosts/tor/tor.nix
@@ -1,10 +1,16 @@
-{ ... }: {
+{...}: {
services.tor = {
settings = {
Nickname = "DXV7520";
ORPort = [
- { addr = "91.210.59.57"; port = 443; }
- { addr = "[2a0d:3e83:1:b284::1]"; port = 443; }
+ {
+ addr = "91.210.59.57";
+ port = 443;
+ }
+ {
+ addr = "[2a0d:3e83:1:b284::1]";
+ port = 443;
+ }
];
};
};
diff --git a/hosts/zeta/borg.nix b/hosts/zeta/borg.nix
index 834339d..25fed66 100644
--- a/hosts/zeta/borg.nix
+++ b/hosts/zeta/borg.nix
@@ -1,4 +1,4 @@
-{ ... }: {
+{...}: {
imports = [
../../modules/borg.nix
];
diff --git a/hosts/zeta/default.nix b/hosts/zeta/default.nix
index 8323211..df9825d 100644
--- a/hosts/zeta/default.nix
+++ b/hosts/zeta/default.nix
@@ -1,4 +1,4 @@
-{ ... }: {
+{...}: {
imports = [
../../overlays
../../modules/base
diff --git a/hosts/zeta/hardware.nix b/hosts/zeta/hardware.nix
index 9de621d..0277b83 100644
--- a/hosts/zeta/hardware.nix
+++ b/hosts/zeta/hardware.nix
@@ -1,4 +1,11 @@
-{ config, lib, pkgs, modulesPath, nixos-hardware, ... }: {
+{
+ config,
+ lib,
+ pkgs,
+ modulesPath,
+ nixos-hardware,
+ ...
+}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
nixos-hardware.nixosModules.common-cpu-intel
@@ -9,16 +16,16 @@
nixos-hardware.nixosModules.common-pc-ssd
];
- boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" ];
- boot.initrd.kernelModules = [ "dm-snapshot" ];
- boot.kernelModules = [ "kvm-intel" ];
- boot.extraModulePackages = [ ];
+ boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usb_storage" "sd_mod"];
+ boot.initrd.kernelModules = ["dm-snapshot"];
+ boot.kernelModules = ["kvm-intel"];
+ boot.extraModulePackages = [];
# https://elis.nu/blog/2020/05/nixos-tmpfs-as-root/
fileSystems."/" = {
device = "none";
fsType = "tmpfs";
- options = [ "defaults" "size=2G" "mode=755" ]; # mode=755 so only root can write to those files
+ options = ["defaults" "size=2G" "mode=755"]; # mode=755 so only root can write to those files
};
fileSystems."/boot" = {
device = "/dev/disk/by-label/BOOT";
diff --git a/hosts/zeta/sway.nix b/hosts/zeta/sway.nix
index 263ecbf..3c30ec5 100644
--- a/hosts/zeta/sway.nix
+++ b/hosts/zeta/sway.nix
@@ -1,4 +1,4 @@
-{ home-manager, ... }: {
+{home-manager, ...}: {
home-manager.users.caspervk = {
wayland.windowManager.sway = {
config = {
diff --git a/modules/base/agenix.nix b/modules/base/agenix.nix
index d4a26d9..35a732b 100644
--- a/modules/base/agenix.nix
+++ b/modules/base/agenix.nix
@@ -1,4 +1,8 @@
-{ agenix, pkgs, ... }: {
+{
+ agenix,
+ pkgs,
+ ...
+}: {
# Agenix manages the deployment of secrets by public-key encrypting them to
# each system's ssh host key. See the README for more information.
# https://github.com/ryantm/agenix
@@ -12,7 +16,7 @@
# host key. Refer directly to the key on the persistent partition, which is
# mounted in stage 1 of the boot process, before agenix runs.
# https://github.com/ryantm/agenix/issues/45#issuecomment-901383985
- age.identityPaths = [ "/nix/persist/etc/ssh/ssh_host_ed25519_key" ];
+ age.identityPaths = ["/nix/persist/etc/ssh/ssh_host_ed25519_key"];
# `agenix` cli tool
environment.systemPackages = [
diff --git a/modules/base/default.nix b/modules/base/default.nix
index 7a9c7ef..dc5938d 100644
--- a/modules/base/default.nix
+++ b/modules/base/default.nix
@@ -1,4 +1,4 @@
-{ ... }: {
+{...}: {
imports = [
./agenix.nix
./docker.nix
diff --git a/modules/base/docker.nix b/modules/base/docker.nix
index 1daab1c..151c372 100644
--- a/modules/base/docker.nix
+++ b/modules/base/docker.nix
@@ -1,4 +1,4 @@
-{ ... }: {
+{...}: {
# Docker is a utility to pack, ship and run any application as a lightweight
# container.
# https://nixos.wiki/wiki/Docker
@@ -14,12 +14,17 @@
# Being a member of the docker group is effectively equivalent to being root,
# but without the annoyance of having to type your sudo password all the time.
- users.extraGroups.docker.members = [ "caspervk" ];
+ users.extraGroups.docker.members = ["caspervk"];
# Persist docker volumes
environment.persistence."/nix/persist" = {
directories = [
- { directory = "/var/lib/docker"; user = "root"; group = "root"; mode = "0700"; }
+ {
+ directory = "/var/lib/docker";
+ user = "root";
+ group = "root";
+ mode = "0700";
+ }
];
};
}
diff --git a/modules/base/fish.nix b/modules/base/fish.nix
index 5013cd4..34ac307 100644
--- a/modules/base/fish.nix
+++ b/modules/base/fish.nix
@@ -1,4 +1,4 @@
-{ pkgs, ... }: {
+{pkgs, ...}: {
# Fish is a Unix shell with a focus on interactivity and usability. Fish is
# designed to give the user features by default, rather than by
# configuration.
@@ -24,7 +24,7 @@
users.defaultUserShell = pkgs.fish;
# Add fish to the list of permissible login shells for user accounts
- environment.shells = with pkgs; [ fish ];
+ environment.shells = with pkgs; [fish];
# Enabling fish in both NixOS and home manager is required to pick up
# completions and environment variables set by NixOS nixpkgs _and_ home
diff --git a/modules/base/git.nix b/modules/base/git.nix
index 61975cc..62ee22f 100644
--- a/modules/base/git.nix
+++ b/modules/base/git.nix
@@ -1,4 +1,4 @@
-{ home-manager, ... }: {
+{home-manager, ...}: {
# Git version control system.
# https://nixos.wiki/wiki/Git
diff --git a/modules/base/hardware.nix b/modules/base/hardware.nix
index 08fcd16..46b8a35 100644
--- a/modules/base/hardware.nix
+++ b/modules/base/hardware.nix
@@ -1,4 +1,4 @@
-{ ... }: {
+{...}: {
# Enable all firmware with a license allowing redistribution
hardware.enableRedistributableFirmware = true;
}
diff --git a/modules/base/home-manager.nix b/modules/base/home-manager.nix
index 4fa4afd..6873395 100644
--- a/modules/base/home-manager.nix
+++ b/modules/base/home-manager.nix
@@ -1,4 +1,8 @@
-{ config, home-manager, ... }: {
+{
+ config,
+ home-manager,
+ ...
+}: {
# Like NixOS manages the system configuration, Home Manager manages the user
# environment.
#
diff --git a/modules/base/impermanence.nix b/modules/base/impermanence.nix
index 48ff313..30a4aba 100644
--- a/modules/base/impermanence.nix
+++ b/modules/base/impermanence.nix
@@ -1,4 +1,4 @@
-{ impermanence, ... }: {
+{impermanence, ...}: {
# Impermanence in NixOS is where the root directory isn't permanent, but gets
# wiped every reboot (such as by mounting it as tmpfs). Such a setup is
# possible because NixOS only needs /boot and /nix in order to boot, all
@@ -28,10 +28,25 @@
hideMounts = true;
directories = [
# See comment above for /tmp
- { directory = "/tmp"; user = "root"; group = "root"; mode = "1777"; }
+ {
+ directory = "/tmp";
+ user = "root";
+ group = "root";
+ mode = "1777";
+ }
# Save the last run time of persistent timers so systemd knows if they were missed
- { directory = "/var/lib/systemd/timers"; user = "root"; group = "root"; mode = "0755"; }
- { directory = "/var/log"; user = "root"; group = "root"; mode = "0755"; }
+ {
+ directory = "/var/lib/systemd/timers";
+ user = "root";
+ group = "root";
+ mode = "0755";
+ }
+ {
+ directory = "/var/log";
+ user = "root";
+ group = "root";
+ mode = "0755";
+ }
];
files = [
"/etc/machine-id" # needed for /var/log
diff --git a/modules/base/locale.nix b/modules/base/locale.nix
index b2e568d..f3bc408 100644
--- a/modules/base/locale.nix
+++ b/modules/base/locale.nix
@@ -1,4 +1,4 @@
-{ lib, ... }: {
+{lib, ...}: {
i18n = {
defaultLocale = "en_DK.UTF-8";
extraLocaleSettings = {
diff --git a/modules/base/network.nix b/modules/base/network.nix
index 66a1d4c..b8560ee 100644
--- a/modules/base/network.nix
+++ b/modules/base/network.nix
@@ -1,17 +1,17 @@
-{ ... }: {
+{...}: {
# https://nixos.wiki/wiki/Networking
# https://nixos.wiki/wiki/Systemd-networkd
networking = {
firewall = {
# Allow some ports for ad-hoc use
- allowedTCPPorts = [ 1234 1337 8000 8080 ];
- allowedUDPPorts = [ 1234 1337 8000 8080 ];
+ allowedTCPPorts = [1234 1337 8000 8080];
+ allowedUDPPorts = [1234 1337 8000 8080];
# Do not spam dmesg/journalctl with refused connections
logRefusedConnections = false;
};
- nameservers = [ "127.0.0.53" ]; # resolved stub resolver
- search = [ "caspervk.net" ];
+ nameservers = ["127.0.0.53"]; # resolved stub resolver
+ search = ["caspervk.net"];
};
# TODO: these systemd networkd settings will be the default once
@@ -34,7 +34,7 @@
# Resolved falls back to DNS servers operated by American internet
# surveillance and adtech companies by default. No thanks, I'd rather have
# no DNS at all.
- fallbackDns = [ "159.69.4.2#dns.caspervk.net" "2a01:4f8:1c0c:70d1::1#dns.caspervk.net" ];
+ fallbackDns = ["159.69.4.2#dns.caspervk.net" "2a01:4f8:1c0c:70d1::1#dns.caspervk.net"];
extraConfig = ''
DNS=159.69.4.2#dns.caspervk.net 2a01:4f8:1c0c:70d1::1#dns.caspervk.net
DNSOverTLS=yes
@@ -51,7 +51,12 @@
services.vnstat.enable = true;
environment.persistence."/nix/persist" = {
directories = [
- { directory = "/var/lib/vnstat"; user = "root"; group = "root"; mode = "0755"; }
+ {
+ directory = "/var/lib/vnstat";
+ user = "root";
+ group = "root";
+ mode = "0755";
+ }
];
};
}
diff --git a/modules/base/nix.nix b/modules/base/nix.nix
index 7ba6a8e..ace7374 100644
--- a/modules/base/nix.nix
+++ b/modules/base/nix.nix
@@ -1,4 +1,9 @@
-{ nix-index-database, nixpkgs-unstable, nixpkgs, ... }: {
+{
+ nix-index-database,
+ nixpkgs-unstable,
+ nixpkgs,
+ ...
+}: {
imports = [
nix-index-database.nixosModules.nix-index
];
@@ -22,7 +27,7 @@
auto-optimise-store = true;
# Enable flakes
- experimental-features = [ "nix-command" "flakes" ];
+ experimental-features = ["nix-command" "flakes"];
# Timeout connections to the binary cache instead of waiting forever
connect-timeout = 5;
diff --git a/modules/base/packages.nix b/modules/base/packages.nix
index 18b411d..7e8ce39 100644
--- a/modules/base/packages.nix
+++ b/modules/base/packages.nix
@@ -1,4 +1,4 @@
-{ pkgs, ... }: {
+{pkgs, ...}: {
environment.systemPackages = with pkgs; [
bat
black
diff --git a/modules/base/ripgrep.nix b/modules/base/ripgrep.nix
index 845224b..536e426 100644
--- a/modules/base/ripgrep.nix
+++ b/modules/base/ripgrep.nix
@@ -1,4 +1,4 @@
-{ home-manager, ... }: {
+{home-manager, ...}: {
# ripgrep is a line-oriented search tool that recursively searches the
# current directory for a regex pattern.
# https://github.com/BurntSushi/ripgrep
diff --git a/modules/base/ssh.nix b/modules/base/ssh.nix
index 8ce1517..4adb5de 100644
--- a/modules/base/ssh.nix
+++ b/modules/base/ssh.nix
@@ -1,4 +1,4 @@
-{ ... }: {
+{...}: {
services.openssh = {
enable = true;
settings = {
diff --git a/modules/base/sudo.nix b/modules/base/sudo.nix
index 6e8a796..d4a0841 100644
--- a/modules/base/sudo.nix
+++ b/modules/base/sudo.nix
@@ -1,4 +1,4 @@
-{ ... }: {
+{...}: {
security.sudo = {
# Only allow members of the wheel group to execute sudo by setting the
# executable’s permissions accordingly. This prevents users that are not
diff --git a/modules/base/users.nix b/modules/base/users.nix
index 32de8ad..8da8597 100644
--- a/modules/base/users.nix
+++ b/modules/base/users.nix
@@ -1,4 +1,8 @@
-{ config, pkgs, ... }: {
+{
+ config,
+ pkgs,
+ ...
+}: {
users = {
# Don't allow imperative modifications to users (incompatible with impermanence)
mutableUsers = false;
@@ -17,7 +21,7 @@
# todo: systemd-journal, audio, input, power, nix ?
];
uid = 1000;
- packages = with pkgs; [ ];
+ packages = with pkgs; [];
};
};
};
diff --git a/modules/base/vim/default.nix b/modules/base/vim/default.nix
index 1c33a06..71013f7 100644
--- a/modules/base/vim/default.nix
+++ b/modules/base/vim/default.nix
@@ -1,4 +1,8 @@
-{ home-manager, pkgs, ... }: {
+{
+ home-manager,
+ pkgs,
+ ...
+}: {
home-manager.users.caspervk = {
programs.neovim = {
enable = true;
@@ -27,7 +31,7 @@
nvim-dap-virtual-text # show variable values in-line
salt-vim # salt syntax-highlighting
];
- extraPackages = with pkgs; [ ];
+ extraPackages = with pkgs; [];
extraConfig = builtins.readFile ./config.vim;
extraLuaConfig = builtins.readFile ./config.lua;
diff --git a/modules/borg.nix b/modules/borg.nix
index 3539992..43da5bf 100644
--- a/modules/borg.nix
+++ b/modules/borg.nix
@@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }: {
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}: {
# BorgBackup (short: Borg) is a deduplicating backup program.
# https://nixos.wiki/wiki/Borg_backup
# https://nixos.org/manual/nixos/stable/#module-borgbase
@@ -69,7 +74,7 @@
# patterns is used, so if an include pattern (prefix `+`) matches before an
# exclude pattern (prefix `-`), the file is backed up. Prefix `!` is
# exclude-norecurse. See `borg help patterns` for pattern syntax.
- paths = [ "/" ];
+ paths = ["/"];
patterns = [
"! /dev"
"! /lost+found"
diff --git a/modules/desktop/alacritty.nix b/modules/desktop/alacritty.nix
index bf1b8bf..e075411 100644
--- a/modules/desktop/alacritty.nix
+++ b/modules/desktop/alacritty.nix
@@ -1,4 +1,4 @@
-{ home-manager, ... }: {
+{home-manager, ...}: {
# Terminal emulator
# https://wiki.archlinux.org/title/Alacritty
@@ -10,7 +10,11 @@
# It's easy to open a new terminal using Mod+Enter in sway, but it
# always opens in the home directly. This binds Control+Shift+Enter
# to open a new terminal in the current directory.
- { key = "Return"; mods = "Control|Shift"; action = "SpawnNewInstance"; }
+ {
+ key = "Return";
+ mods = "Control|Shift";
+ action = "SpawnNewInstance";
+ }
];
};
};
diff --git a/modules/desktop/clipman.nix b/modules/desktop/clipman.nix
index e094156..6541efe 100644
--- a/modules/desktop/clipman.nix
+++ b/modules/desktop/clipman.nix
@@ -1,4 +1,9 @@
-{ home-manager, lib, pkgs, ... }: {
+{
+ home-manager,
+ lib,
+ pkgs,
+ ...
+}: {
# Clipboard manager. It can help persist clipboard contents after closing an
# application - which otherwise isn't supported in Wayland - but that breaks
# rich content copying in general. Therefore, we only use it for clipboard
diff --git a/modules/desktop/default.nix b/modules/desktop/default.nix
index 9c3f33d..12dfe51 100644
--- a/modules/desktop/default.nix
+++ b/modules/desktop/default.nix
@@ -1,4 +1,4 @@
-{ ... }: {
+{...}: {
imports = [
./alacritty.nix
./clipman.nix
diff --git a/modules/desktop/flatpak.nix b/modules/desktop/flatpak.nix
index 24ae91d..38beeea 100644
--- a/modules/desktop/flatpak.nix
+++ b/modules/desktop/flatpak.nix
@@ -1,4 +1,4 @@
-{ home-manager, ... }: {
+{home-manager, ...}: {
# https://flatpak.org/setup/NixOS
# https://nixos.wiki/wiki/Flatpak
@@ -14,7 +14,12 @@
# Persist flatpaks
environment.persistence."/nix/persist" = {
directories = [
- { directory = "/var/lib/flatpak"; user = "root"; group = "root"; mode = "0755"; }
+ {
+ directory = "/var/lib/flatpak";
+ user = "root";
+ group = "root";
+ mode = "0755";
+ }
];
};
}
diff --git a/modules/desktop/gammastep.nix b/modules/desktop/gammastep.nix
index 8eda381..3c82911 100644
--- a/modules/desktop/gammastep.nix
+++ b/modules/desktop/gammastep.nix
@@ -1,4 +1,4 @@
-{ home-manager, ... }: {
+{home-manager, ...}: {
# Gammestep automatically adjusts the screen's colour temperature. It's
# basically redshift for Wayland.
# https://gitlab.com/chinstrap/gammastep
diff --git a/modules/desktop/network.nix b/modules/desktop/network.nix
index d2dec74..e46d08c 100644
--- a/modules/desktop/network.nix
+++ b/modules/desktop/network.nix
@@ -1,4 +1,4 @@
-{ lib, ... }: {
+{lib, ...}: {
networking = {
# It's a little too much to define every WiFi network declaratively.
# Instead, we enable NetworkManager and the nmtui interface.
@@ -9,12 +9,17 @@
};
# Allow our user to configure the network
- users.extraGroups.networkmanager.members = [ "caspervk" ];
+ users.extraGroups.networkmanager.members = ["caspervk"];
# Persist WiFi passwords and other network configuration
environment.persistence."/nix/persist" = {
directories = [
- { directory = "/etc/NetworkManager/system-connections"; user = "root"; group = "root"; mode = "0700"; }
+ {
+ directory = "/etc/NetworkManager/system-connections";
+ user = "root";
+ group = "root";
+ mode = "0700";
+ }
];
};
diff --git a/modules/desktop/pipewire.nix b/modules/desktop/pipewire.nix
index d7d6b05..027badf 100644
--- a/modules/desktop/pipewire.nix
+++ b/modules/desktop/pipewire.nix
@@ -1,4 +1,4 @@
-{ ... }: {
+{...}: {
# PipeWire is a new low-level multimedia framework. It aims to offer capture
# and playback for both audio and video with minimal latency and support for
# PulseAudio-, JACK-, ALSA- and GStreamer-based applications.
diff --git a/modules/desktop/programs.nix b/modules/desktop/programs.nix
index d2759a3..3cb00c0 100644
--- a/modules/desktop/programs.nix
+++ b/modules/desktop/programs.nix
@@ -1,4 +1,10 @@
-{ home-manager, lib, nixpkgs, pkgs, ... }: {
+{
+ home-manager,
+ lib,
+ nixpkgs,
+ pkgs,
+ ...
+}: {
# Packages useful on a desktop computer which don't require their own module
environment.systemPackages = with pkgs; [
@@ -6,9 +12,10 @@
gimp
jetbrains.pycharm-professional
keepassxc
- (kodi-wayland.withPackages (kodiPackages: with kodiPackages; [
- jellyfin
- ]))
+ (kodi-wayland.withPackages (kodiPackages:
+ with kodiPackages; [
+ jellyfin
+ ]))
libqalculate
libreoffice
mpv
@@ -19,12 +26,13 @@
webcord # discord
];
- nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
- "android-studio-stable"
- "pycharm-professional"
- "spotify"
- "terraform"
- ];
+ nixpkgs.config.allowUnfreePredicate = pkg:
+ builtins.elem (lib.getName pkg) [
+ "android-studio-stable"
+ "pycharm-professional"
+ "spotify"
+ "terraform"
+ ];
home-manager.users.caspervk = {
home.sessionVariables = {
diff --git a/modules/desktop/rofi.nix b/modules/desktop/rofi.nix
index fe593d0..5c4ca71 100644
--- a/modules/desktop/rofi.nix
+++ b/modules/desktop/rofi.nix
@@ -1,4 +1,8 @@
-{ home-manager, pkgs, ... }: {
+{
+ home-manager,
+ pkgs,
+ ...
+}: {
# A window switcher, application launcher and dmenu replacement. Used to open
# programs, view the clipboard history, and select emojis.
# https://github.com/davatorium/rofi
diff --git a/modules/desktop/ssh.nix b/modules/desktop/ssh.nix
index a02d2f3..775fdb2 100644
--- a/modules/desktop/ssh.nix
+++ b/modules/desktop/ssh.nix
@@ -1,4 +1,4 @@
-{ home-manager, ... }: {
+{home-manager, ...}: {
# https://nix-community.github.io/home-manager/options.html
home-manager.users.caspervk = {
diff --git a/modules/desktop/sway.nix b/modules/desktop/sway.nix
index 41a2c9a..2b0cc82 100644
--- a/modules/desktop/sway.nix
+++ b/modules/desktop/sway.nix
@@ -1,4 +1,9 @@
-{ home-manager, lib, pkgs, ... }: {
+{
+ home-manager,
+ lib,
+ pkgs,
+ ...
+}: {
# https://nixos.wiki/wiki/Sway
programs.sway = {
@@ -77,14 +82,14 @@
"XF86AudioPrev" = "exec 'playerctl previous'";
};
assigns = {
- "8" = [{ class = "WebCord"; }];
- "9" = [{ class = "Spotify"; }];
+ "8" = [{class = "WebCord";}];
+ "9" = [{class = "Spotify";}];
};
floating = {
criteria = [
- { app_id = "org.keepassxc.KeePassXC"; }
- { app_id = "pavucontrol"; }
- { app_id = "wdisplays"; }
+ {app_id = "org.keepassxc.KeePassXC";}
+ {app_id = "pavucontrol";}
+ {app_id = "wdisplays";}
];
};
focus = {
@@ -114,7 +119,7 @@
};
};
terminal = "alacritty";
- bars = [{ command = "${pkgs.waybar}/bin/waybar"; }];
+ bars = [{command = "${pkgs.waybar}/bin/waybar";}];
};
# Execute sway with required environment variables for GTK applications
@@ -125,104 +130,102 @@
# https://github.com/Alexays/Waybar/wiki/Configuration
# https://github.com/Alexays/Waybar/blob/master/resources/config
- programs.waybar =
- let
- # It isn't possible to extend the default Waybar config in Home
- # Manager; as soon as any setting is defined it overwrites the entire
- # default configuration. To combat this, we parse the default config
- # into Nix and merge it with our changes.
- mkDefaultConfig = pkgs.stdenv.mkDerivation {
- name = "waybarDefaultConfig";
- src = "${pkgs.waybar}/etc/xdg/waybar";
- installPhase = ''
- # JSON isn't valid if it contains comments
- sed 's#//.*##' config | ${pkgs.jq}/bin/jq > $out
- '';
- };
- defaultConfig = builtins.fromJSON (lib.readFile "${mkDefaultConfig}");
- in
- {
- enable = true;
- settings = {
- bar = lib.mkMerge [
- defaultConfig
- {
- modules-right = lib.mkForce [ "tray" "pulseaudio" "backlight" "network" "battery" "clock" ];
- battery = {
- states = lib.mkForce {
- warning = 15;
- critical = 5;
- };
- };
- clock = {
- interval = 5;
- locale = "da_DK.UTF-8";
- format = "{:%a %e. %b %H:%M}";
- calendar = {
- mode = "year";
- mode-mon-col = 3;
- weeks-pos = "left";
- on-scroll = 1;
- format = {
- months = "{}";
- days = "{}";
- weeks = "W{}";
- weekdays = "{}";
- today = "{}";
- };
- };
- actions = {
- on-click-right = "mode";
- on-scroll-up = "shift_down";
- on-scroll-down = "shift_up";
- };
- };
- }
- ];
- };
- # https://github.com/Alexays/Waybar/wiki/Styling
- # https://github.com/Alexays/Waybar/blob/master/resources/style.css
- style = ''
- window#waybar {
- color: white;
- background-color: rgba(0, 0, 0, 0.5);
- border-bottom: 1px solid rgba(0, 0, 0, 0.5);
- transition-duration: 0s;
- }
- #workspaces button {
- color: white;
- box-shadow: inset 0 3px transparent;
- border: none;
- border-radius: 0;
- }
- #workspaces button.focused {
- box-shadow: inset 0 3px #FF9E3B; /* kanagawa roninYellow */
- background-color: transparent;
- }
- #workspaces button:hover {
- /* https://github.com/Alexays/Waybar/wiki/FAQ#the-workspace-buttons-have-a-strange-hover-effect */
- background: rgba(0, 0, 0, 0.25);
- text-shadow: inherit;
- }
- #mode {
- background-color: rgba(255, 255, 255, 0.4);
- border: none;
- }
- #tray, #pulseaudio, #backlight, #network, #battery, #clock {
- background-color: transparent;
- padding: 0 10px;
- }
- #battery.warning:not(.charging) {
- color: #FF9E3B; /* kanagawa roninYellow */
- }
- #battery.critical:not(.charging) {
- color: #E82424; /* kanagawa samuraiRed */
- }
- #network.disconnected {
- color: #E82424; /* kanagawa samuraiRed */
- }
+ programs.waybar = let
+ # It isn't possible to extend the default Waybar config in Home
+ # Manager; as soon as any setting is defined it overwrites the entire
+ # default configuration. To combat this, we parse the default config
+ # into Nix and merge it with our changes.
+ mkDefaultConfig = pkgs.stdenv.mkDerivation {
+ name = "waybarDefaultConfig";
+ src = "${pkgs.waybar}/etc/xdg/waybar";
+ installPhase = ''
+ # JSON isn't valid if it contains comments
+ sed 's#//.*##' config | ${pkgs.jq}/bin/jq > $out
'';
};
+ defaultConfig = builtins.fromJSON (lib.readFile "${mkDefaultConfig}");
+ in {
+ enable = true;
+ settings = {
+ bar = lib.mkMerge [
+ defaultConfig
+ {
+ modules-right = lib.mkForce ["tray" "pulseaudio" "backlight" "network" "battery" "clock"];
+ battery = {
+ states = lib.mkForce {
+ warning = 15;
+ critical = 5;
+ };
+ };
+ clock = {
+ interval = 5;
+ locale = "da_DK.UTF-8";
+ format = "{:%a %e. %b %H:%M}";
+ calendar = {
+ mode = "year";
+ mode-mon-col = 3;
+ weeks-pos = "left";
+ on-scroll = 1;
+ format = {
+ months = "{}";
+ days = "{}";
+ weeks = "W{}";
+ weekdays = "{}";
+ today = "{}";
+ };
+ };
+ actions = {
+ on-click-right = "mode";
+ on-scroll-up = "shift_down";
+ on-scroll-down = "shift_up";
+ };
+ };
+ }
+ ];
+ };
+ # https://github.com/Alexays/Waybar/wiki/Styling
+ # https://github.com/Alexays/Waybar/blob/master/resources/style.css
+ style = ''
+ window#waybar {
+ color: white;
+ background-color: rgba(0, 0, 0, 0.5);
+ border-bottom: 1px solid rgba(0, 0, 0, 0.5);
+ transition-duration: 0s;
+ }
+ #workspaces button {
+ color: white;
+ box-shadow: inset 0 3px transparent;
+ border: none;
+ border-radius: 0;
+ }
+ #workspaces button.focused {
+ box-shadow: inset 0 3px #FF9E3B; /* kanagawa roninYellow */
+ background-color: transparent;
+ }
+ #workspaces button:hover {
+ /* https://github.com/Alexays/Waybar/wiki/FAQ#the-workspace-buttons-have-a-strange-hover-effect */
+ background: rgba(0, 0, 0, 0.25);
+ text-shadow: inherit;
+ }
+ #mode {
+ background-color: rgba(255, 255, 255, 0.4);
+ border: none;
+ }
+ #tray, #pulseaudio, #backlight, #network, #battery, #clock {
+ background-color: transparent;
+ padding: 0 10px;
+ }
+ #battery.warning:not(.charging) {
+ color: #FF9E3B; /* kanagawa roninYellow */
+ }
+ #battery.critical:not(.charging) {
+ color: #E82424; /* kanagawa samuraiRed */
+ }
+ #network.disconnected {
+ color: #E82424; /* kanagawa samuraiRed */
+ }
+ '';
+ };
# https://github.com/swaywm/swaylock
programs.swaylock = {
@@ -234,24 +237,35 @@
};
# https://github.com/swaywm/swayidle
- services.swayidle =
- let
- lock = "${pkgs.swaylock}/bin/swaylock --daemonize";
- outputOff = "${pkgs.sway}/bin/swaymsg 'output * power off'";
- outputOn = "${pkgs.sway}/bin/swaymsg 'output * power on'";
- suspend = "${pkgs.systemd}/bin/systemctl suspend";
- in
- {
- enable = true;
- events = [
- { event = "lock"; command = lock; }
- { event = "before-sleep"; command = lock; }
- ];
- timeouts = [
- { timeout = 60 * 20; command = outputOff; resumeCommand = outputOn; }
- { timeout = 60 * 60 * 3; command = suspend; }
- ];
- };
+ services.swayidle = let
+ lock = "${pkgs.swaylock}/bin/swaylock --daemonize";
+ outputOff = "${pkgs.sway}/bin/swaymsg 'output * power off'";
+ outputOn = "${pkgs.sway}/bin/swaymsg 'output * power on'";
+ suspend = "${pkgs.systemd}/bin/systemctl suspend";
+ in {
+ enable = true;
+ events = [
+ {
+ event = "lock";
+ command = lock;
+ }
+ {
+ event = "before-sleep";
+ command = lock;
+ }
+ ];
+ timeouts = [
+ {
+ timeout = 60 * 20;
+ command = outputOff;
+ resumeCommand = outputOn;
+ }
+ {
+ timeout = 60 * 60 * 3;
+ command = suspend;
+ }
+ ];
+ };
# https://github.com/emersion/mako
services.mako = {
@@ -277,12 +291,12 @@
enableDefaultPackages = true;
packages = with pkgs; [
# Nerd Fonts patches glyph icons, such as from Font Awesome, into existing fonts
- (nerdfonts.override { fonts = [ "JetBrainsMono" ]; })
+ (nerdfonts.override {fonts = ["JetBrainsMono"];})
font-awesome # waybar uses Font Awesome icons directly
];
fontDir.enable = true; # TODO?
fontconfig.defaultFonts = {
- monospace = [ "JetBrainsMonoNL Nerd Font" ]; # NL = NoLigatures
+ monospace = ["JetBrainsMonoNL Nerd Font"]; # NL = NoLigatures
};
};
diff --git a/modules/desktop/virtd.nix b/modules/desktop/virtd.nix
index 467596c..ed4812e 100644
--- a/modules/desktop/virtd.nix
+++ b/modules/desktop/virtd.nix
@@ -1,4 +1,4 @@
-{ home-manager, ... }: {
+{home-manager, ...}: {
# https://nixos.wiki/wiki/Virt-manager
virtualisation.libvirtd.enable = true;
@@ -8,19 +8,24 @@
home-manager.users.caspervk = {
dconf.settings = {
"org/virt-manager/virt-manager/connections" = {
- autoconnect = [ "qemu:///system" ];
- uris = [ "qemu:///system" ];
+ autoconnect = ["qemu:///system"];
+ uris = ["qemu:///system"];
};
};
};
# Allow our user to use libvird
- users.extraGroups.libvirtd.members = [ "caspervk" ];
+ users.extraGroups.libvirtd.members = ["caspervk"];
# Persist libvirt data
environment.persistence."/nix/persist" = {
directories = [
- { directory = "/var/lib/libvirt"; user = "root"; group = "root"; mode = "0755"; }
+ {
+ directory = "/var/lib/libvirt";
+ user = "root";
+ group = "root";
+ mode = "0755";
+ }
];
};
}
diff --git a/modules/server/default.nix b/modules/server/default.nix
index 502ffa7..31df8d9 100644
--- a/modules/server/default.nix
+++ b/modules/server/default.nix
@@ -1,4 +1,4 @@
-{ ... }: {
+{...}: {
imports = [
./system.nix
];
diff --git a/modules/server/system.nix b/modules/server/system.nix
index 2308b08..791cd8d 100644
--- a/modules/server/system.nix
+++ b/modules/server/system.nix
@@ -1,4 +1,4 @@
-{ ... }: {
+{...}: {
# Automatically `nixos-rebuild switch` daily with the latest configuration
# from git. This overwrites any uncommitted changes in ~/nixos/, which is why
# it is only enabled on servers. Note that this requires updating flake.lock
diff --git a/modules/syncthing.nix b/modules/syncthing.nix
index cfcf548..29da7de 100644
--- a/modules/syncthing.nix
+++ b/modules/syncthing.nix
@@ -1,4 +1,4 @@
-{ ... }: {
+{...}: {
# Syncthing is a continuous file synchronization program. It synchronizes
# files between two or more computers in real time. It's basically a
# self-hosted Dropbox for Linux users, but without FTP, curlftpfs, and SVN.
@@ -19,20 +19,20 @@
devices = {
"lambda" = {
id = "WES3JH4-S34HTC5-42YZHUJ-MX3Z6PA-PFO72KA-YIJMDOB-GQWZXZ3-I7BBTAS";
- addresses = [ "tcp://lambda.caspervk.net" ];
+ addresses = ["tcp://lambda.caspervk.net"];
};
- "omega" = { id = "EZIQ7SI-Y6BBLUY-QI4EEYU-UNIXPSG-R6X5E77-AA2UC7S-VRV2LKQ-RNBOGQT"; };
- "S10e" = { id = "DWC6YHB-FRYKFHD-FPOUITV-7GL2WZH-RSFOJXR-PHYXDO7-74NLBUZ-TZENVAC"; };
- "zeta" = { id = "GQRNHAQ-MMRQYMD-P4RCA6I-5DJ3HXO-J2N2GVP-UGI55YR-HD3EYSO-ERU5QQV"; };
+ "omega" = {id = "EZIQ7SI-Y6BBLUY-QI4EEYU-UNIXPSG-R6X5E77-AA2UC7S-VRV2LKQ-RNBOGQT";};
+ "S10e" = {id = "DWC6YHB-FRYKFHD-FPOUITV-7GL2WZH-RSFOJXR-PHYXDO7-74NLBUZ-TZENVAC";};
+ "zeta" = {id = "GQRNHAQ-MMRQYMD-P4RCA6I-5DJ3HXO-J2N2GVP-UGI55YR-HD3EYSO-ERU5QQV";};
};
folders = {
"keepass" = {
path = "~/keepass";
- devices = [ "lambda" "omega" "S10e" "zeta" ];
+ devices = ["lambda" "omega" "S10e" "zeta"];
};
"sync" = {
path = "~/sync";
- devices = [ "lambda" "omega" "zeta" ];
+ devices = ["lambda" "omega" "zeta"];
};
};
};
diff --git a/modules/tor/default.nix b/modules/tor/default.nix
index b5b34a2..11b16af 100644
--- a/modules/tor/default.nix
+++ b/modules/tor/default.nix
@@ -1,4 +1,8 @@
-{ config, pkgs, ... }: {
+{
+ config,
+ pkgs,
+ ...
+}: {
services.tor = {
enable = true;
openFirewall = true;
@@ -26,7 +30,12 @@
environment.persistence."/nix/persist" = {
directories = [
- { directory = "/var/lib/tor"; user = "tor"; group = "tor"; mode = "0700"; }
+ {
+ directory = "/var/lib/tor";
+ user = "tor";
+ group = "tor";
+ mode = "0700";
+ }
];
};
}
diff --git a/overlays/default.nix b/overlays/default.nix
index 27188f5..d854dcc 100644
--- a/overlays/default.nix
+++ b/overlays/default.nix
@@ -1,3 +1,3 @@
-{ ... }: {
- imports = [ ];
+{...}: {
+ imports = [];
}
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 358b69c..0df10b4 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -2,7 +2,6 @@
# the agenix CLI tool to know which public keys to use for encryption. See the
# README for more information.
# https://github.com/ryantm/agenix
-
let
# Get a system's public key using:
# > cat /etc/ssh/ssh_host_ed25519_key.pub
@@ -18,21 +17,21 @@ let
# > agenix -i $AGE_KEY_FILE -e foo.age
recovery = "age1rd6hhd724s3r9xe4gfuy38rl0xfu8c7pkuefsrdwqfcknujzecyqz7ldyj";
- all = [ alpha mu omega tor zeta ];
+ all = [alpha mu omega tor zeta];
in
-builtins.mapAttrs (name: value: { publicKeys = value ++ [ recovery ]; }) {
- # Borg backup
- "borg-passphrase-file-omega.age" = [ omega ];
- "borg-passphrase-file-zeta.age" = [ zeta ];
+ builtins.mapAttrs (name: value: {publicKeys = value ++ [recovery];}) {
+ # Borg backup
+ "borg-passphrase-file-omega.age" = [omega];
+ "borg-passphrase-file-zeta.age" = [zeta];
- # User passwords
- "users-hashed-password-file.age" = all;
+ # User passwords
+ "users-hashed-password-file.age" = all;
- # Wireguard
- # The preshared key adds an additional layer of symmetric-key crypto to be
- # mixed into the already existing public-key crypto, for post-quantum
- # resistance. Public-keys are generated using `wireguard-vanity-address`.
- "wireguard-preshared-key-file.age" = [ alpha omega ];
- "wireguard-private-key-file-alpha.age" = [ alpha ];
- "wireguard-private-key-file-omega.age" = [ omega ];
-}
+ # Wireguard
+ # The preshared key adds an additional layer of symmetric-key crypto to be
+ # mixed into the already existing public-key crypto, for post-quantum
+ # resistance. Public-keys are generated using `wireguard-vanity-address`.
+ "wireguard-preshared-key-file.age" = [alpha omega];
+ "wireguard-private-key-file-alpha.age" = [alpha];
+ "wireguard-private-key-file-omega.age" = [omega];
+ }