diff --git a/flake.nix b/flake.nix index 63fd1de..7429d6f 100644 --- a/flake.nix +++ b/flake.nix @@ -2,8 +2,7 @@ description = "System configuration for panacea"; nixConfig = { - extra-substituters = - "https://cachix.cachix.org https://nix-community.cachix.org"; + extra-substituters = "https://cachix.cachix.org https://nix-community.cachix.org"; extra-trusted-public-keys = '' cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=''; @@ -34,7 +33,8 @@ }; }; - outputs = { self, nixpkgs, ... }@inputs: + outputs = + { self, nixpkgs, ... }@inputs: let system = "x86_64-linux"; @@ -43,16 +43,22 @@ config.allowUnfree = true; overlays = [ (final: prev: { - emacs-vterm = - ((pkgs.emacsPackagesFor pkgs.emacs29-pgtk).emacsWithPackages - (epkgs: with epkgs; [ vterm mu4e ])); + emacs-vterm = ( + (pkgs.emacsPackagesFor pkgs.emacs29-pgtk).emacsWithPackages ( + epkgs: with epkgs; [ + vterm + mu4e + ] + ) + ); }) ]; }; lib = nixpkgs.lib; - in { + in + { nixosConfigurations.panacea = lib.nixosSystem { inherit system; modules = [ diff --git a/modules/cachix.nix b/modules/cachix.nix index 104ea98..b5419a6 100644 --- a/modules/cachix.nix +++ b/modules/cachix.nix @@ -5,9 +5,9 @@ let folder = ../cachix; toImport = name: value: folder + ("/" + name); filterCaches = key: value: value == "regular" && lib.hasSuffix ".nix" key; - imports = lib.mapAttrsToList toImport - (lib.filterAttrs filterCaches (builtins.readDir folder)); -in { + imports = lib.mapAttrsToList toImport (lib.filterAttrs filterCaches (builtins.readDir folder)); +in +{ inherit imports; nix.binaryCaches = [ "https://cache.nixos.org/" ]; } diff --git a/modules/development.nix b/modules/development.nix index c6cfcd8..88ad76b 100644 --- a/modules/development.nix +++ b/modules/development.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: { # Improve nix-shell and direnv integration diff --git a/modules/hardware-configuration.nix b/modules/hardware-configuration.nix index c3cf03a..c2d2c11 100644 --- a/modules/hardware-configuration.nix +++ b/modules/hardware-configuration.nix @@ -1,56 +1,66 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usbhid" ]; + boot.initrd.availableKernelModules = [ + "nvme" + "xhci_pci" + "usbhid" + ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-amd" ]; boot.extraModulePackages = [ ]; - fileSystems."/" = - { device = "syscea/stateful/root"; - fsType = "zfs"; - }; + fileSystems."/" = { + device = "syscea/stateful/root"; + fsType = "zfs"; + }; - fileSystems."/nix" = - { device = "syscea/ephemeral/nix"; - fsType = "zfs"; - }; + fileSystems."/nix" = { + device = "syscea/ephemeral/nix"; + fsType = "zfs"; + }; - fileSystems."/ugent" = - { device = "systemd-1"; - fsType = "autofs"; - }; + fileSystems."/ugent" = { + device = "systemd-1"; + fsType = "autofs"; + }; - fileSystems."/home/coolneng" = - { device = "syscea/stateful/home"; - fsType = "zfs"; - }; + fileSystems."/home/coolneng" = { + device = "syscea/stateful/home"; + fsType = "zfs"; + }; - fileSystems."/tmp" = - { device = "syscea/ephemeral/tmp"; - fsType = "zfs"; - }; + fileSystems."/tmp" = { + device = "syscea/ephemeral/tmp"; + fsType = "zfs"; + }; - fileSystems."/home/coolneng/Downloads" = - { device = "syscea/stateful/home/downloads"; - fsType = "zfs"; - }; + fileSystems."/home/coolneng/Downloads" = { + device = "syscea/stateful/home/downloads"; + fsType = "zfs"; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/C374-A2FD"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/C374-A2FD"; + fsType = "vfat"; + }; - swapDevices = - [ { device = "/dev/disk/by-uuid/1231a42f-a71a-4c67-b4d8-7506c02a8328"; } - ]; + swapDevices = [ + { device = "/dev/disk/by-uuid/1231a42f-a71a-4c67-b4d8-7506c02a8328"; } + ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/modules/monitoring.nix b/modules/monitoring.nix index e339634..a3eebdc 100644 --- a/modules/monitoring.nix +++ b/modules/monitoring.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: with pkgs; @@ -6,13 +11,14 @@ let sender = "akasroua@disroot.org"; recipient = "akasroua+smart@disroot.org"; -in { +in +{ # Notify when a disk starts going haywire services.smartd = { enable = true; defaults.monitored = "-H -f -t -C 197 -U 198 -d nvme"; autodetect = false; - devices = [{ device = "/dev/nvme0"; }]; + devices = [ { device = "/dev/nvme0"; } ]; notifications.mail = { enable = true; sender = sender; diff --git a/modules/networking.nix b/modules/networking.nix index db35c59..4ba698d 100644 --- a/modules/networking.nix +++ b/modules/networking.nix @@ -1,8 +1,15 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: -let wireguard_port = "1194"; +let + wireguard_port = "1194"; -in { +in +{ # Set hostname, hostid and enable WiFi networking = { hostName = "panacea"; @@ -77,11 +84,13 @@ in { PrivateKeyFile = config.age.secrets.wireguard.path; FirewallMark = 34952; }; - wireguardPeers = [{ - PublicKey = "GN8lqPBZYOulh6xD4GhkoEWI65HMMCpSxJSH5871YnU="; - AllowedIPs = [ "0.0.0.0/0" ]; - Endpoint = "coolneng.duckdns.org:1194"; - }]; + wireguardPeers = [ + { + PublicKey = "GN8lqPBZYOulh6xD4GhkoEWI65HMMCpSxJSH5871YnU="; + AllowedIPs = [ "0.0.0.0/0" ]; + Endpoint = "coolneng.duckdns.org:1194"; + } + ]; }; systemd.network.networks."wg0" = { matchConfig.Name = "wg0"; @@ -90,20 +99,22 @@ in { Address = "10.8.0.2/32"; DNS = "10.8.0.1"; DNSDefaultRoute = true; - Domains = "~."; - MulticastDNS = "yes"; }; - routingPolicyRules = [{ - FirewallMark = 34952; - InvertRule = true; - Table = 1000; - Priority = 10; - }]; - routes = [{ - Gateway = "10.8.0.1"; - GatewayOnLink = true; - Table = 1000; - }]; + routingPolicyRules = [ + { + FirewallMark = 34952; + InvertRule = true; + Table = 1000; + Priority = 10; + } + ]; + routes = [ + { + Gateway = "10.8.0.1"; + GatewayOnLink = true; + Table = 1000; + } + ]; }; # Firewall configuration diff --git a/modules/periodic.nix b/modules/periodic.nix index e59a578..908d356 100644 --- a/modules/periodic.nix +++ b/modules/periodic.nix @@ -1,14 +1,26 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: with pkgs; -let isync-oauth2 = (isync.override { withCyrusSaslXoauth2 = true; }); +let + isync-oauth2 = (isync.override { withCyrusSaslXoauth2 = true; }); -in { +in +{ # Upgrade Doom Emacs daily systemd.user.services.doom-upgrade = { description = "Upgrade Doom Emacs"; - path = [ bash emacs-vterm git coreutils ]; + path = [ + bash + emacs-vterm + git + coreutils + ]; script = '' ${pkgs.bash}/bin/bash -c "/home/coolneng/.emacs.d/bin/doom -! upgrade" ''; @@ -20,7 +32,10 @@ in { # Upgrade Neovim plugins weekly systemd.user.services.vim-plug-upgrade = { description = "Upgrade Vim-Plug"; - path = [ git neovim ]; + path = [ + git + neovim + ]; script = "${pkgs.neovim}/bin/nvim +PlugUpgrade +PlugUpdate +qa"; serviceConfig.Type = "oneshot"; startAt = "Wed 18:00:00"; @@ -30,7 +45,11 @@ in { # Push password-store changes to git daily systemd.user.services.password-store-push = { description = "Push password-store changes to git"; - path = [ pass-wayland git gitAndTools.pass-git-helper ]; + path = [ + pass-wayland + git + gitAndTools.pass-git-helper + ]; script = "${pkgs.pass-wayland}/bin/pass git push"; serviceConfig.Type = "oneshot"; startAt = "18:00:00"; @@ -83,7 +102,14 @@ in { systemd.user.services.goimapnotify-disroot = { description = "Sync disroot mail using IMAP IDLE"; wantedBy = [ "default.target" ]; - path = [ goimapnotify pass-wayland isync-oauth2 mu procps emacs-vterm ]; + path = [ + goimapnotify + pass-wayland + isync-oauth2 + mu + procps + emacs-vterm + ]; script = '' ${pkgs.goimapnotify}/bin/goimapnotify -conf /home/coolneng/.config/goimapnotify/disroot.conf ''; @@ -100,8 +126,16 @@ in { systemd.user.services.periodic-mail-sync = { description = "Run a mail sync operation periodically"; wantedBy = [ "default.target" ]; - path = - [ pass-wayland isync-oauth2 mu procps emacs-vterm python39 gnupg nix ]; + path = [ + pass-wayland + isync-oauth2 + mu + procps + emacs-vterm + python39 + gnupg + nix + ]; script = '' /home/coolneng/.local/share/scripts/mail-sync -a ''; @@ -116,13 +150,20 @@ in { script = "chmod 751 /home/coolneng"; serviceConfig.Type = "oneshot"; after = [ "home-coolneng.mount" ]; - before = [ "mopidy.service" "mopidy-scan.service" ]; + before = [ + "mopidy.service" + "mopidy-scan.service" + ]; }; # Push panacea changes to git daily systemd.user.services.panacea-push = { description = "Push panacea changes to git"; - path = [ pass-wayland git gitAndTools.pass-git-helper ]; + path = [ + pass-wayland + git + gitAndTools.pass-git-helper + ]; script = "${pkgs.git}/bin/git -C /home/coolneng/Projects/panacea push"; serviceConfig.Type = "oneshot"; startAt = "14:00:00"; diff --git a/modules/power.nix b/modules/power.nix index 5d8e0a4..0004e59 100644 --- a/modules/power.nix +++ b/modules/power.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: { # Enable power-profiles-daemon diff --git a/modules/printing.nix b/modules/printing.nix index 2385c94..bef9a42 100644 --- a/modules/printing.nix +++ b/modules/printing.nix @@ -1,10 +1,18 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: { # Enable CUPS services.printing = { enable = true; - drivers = with pkgs; [ brgenml1cupswrapper hplip ]; + drivers = with pkgs; [ + brgenml1cupswrapper + hplip + ]; }; # Enable SANE diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 75332b8..be91942 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -1,7 +1,7 @@ let - coolneng = - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC57m1j/G6iQyi2EpU3nj3+df5Z4PL/XbiOmDcqA7ODg"; -in { + coolneng = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC57m1j/G6iQyi2EpU3nj3+df5Z4PL/XbiOmDcqA7ODg"; +in +{ "wireguard.age".publicKeys = [ coolneng ]; "syncthing.age".publicKeys = [ coolneng ]; "msmtp.age".publicKeys = [ coolneng ];