From 86d258c77f24ec02318da21f4322cc294a005231 Mon Sep 17 00:00:00 2001 From: chaos Date: Wed, 24 Jul 2024 14:13:59 +0100 Subject: [PATCH] initial cleanup work --- home/base/age-encryption.nix | 5 - home/dev/all/editors.nix | 5 - home/dev/small/small.nix | 12 -- home/sshWSL.nix | 9 - hosts/hetzner-arm/hetzner-arm.nix | 10 +- hosts/lappy-surface/hardware.nix | 25 --- hosts/lappy-surface/lappy-surface.nix | 49 ------ .../profiles/music-player-target.nix | 114 ------------ hosts/lappy-surface/secrets.nix | 18 -- hosts/lappy-t495/lappy-t495.nix | 60 ++++--- hosts/nixos.nix | 13 +- modules/nixos/postgreSQLRemoteBackup.nix | 165 ------------------ outputs.nix | 1 - overlay/default.nix | 2 - overlay/gobar/default.nix | 22 --- presets/home-manager/root-base.nix | 7 + presets/home-manager/root-minimalServer.nix | 9 + presets/nixos/containerBase.nix | 9 +- presets/nixos/desktopBase.nix | 51 +++--- presets/nixos/desktopGnome.nix | 5 +- presets/nixos/encryptedUSB.nix | 9 +- presets/nixos/laptop.nix | 12 +- presets/nixos/serverBase.nix | 13 +- presets/nixos/serverEncryptedDrive.nix | 2 +- profiles/fingerprint.nix | 37 ---- {home => profiles/home-manager}/apps/age.nix | 0 .../home-manager}/apps/aria2.nix | 0 .../home-manager}/apps/fileRoller.nix | 0 .../home-manager}/apps/firefox.nix | 0 .../home-manager}/apps/kitty.nix | 0 .../home-manager}/apps/kitty.theme | 0 .../home-manager}/apps/libreoffice.nix | 0 {home => profiles/home-manager}/apps/mpv.nix | 0 .../home-manager}/apps/mullvad.nix | 0 .../home-manager}/apps/musicutil.nix | 0 .../home-manager}/apps/nautilus.nix | 0 .../home-manager}/apps/nicotine-plus.nix | 0 .../home-manager}/apps/obsidian.nix | 0 .../home-manager}/apps/pavucontrol.nix | 0 .../home-manager}/apps/rclone.nix | 0 .../home-manager}/apps/restic.nix | 0 .../home-manager}/apps/session.nix | 0 .../home-manager}/apps/telegram.nix | 0 .../home-manager}/apps/thunderbird.nix | 0 .../home-manager}/apps/toot-cli.nix | 0 profiles/home-manager/base/age-encryption.nix | 5 + .../home-manager}/base/ssh-aliases.nix | 0 {home => profiles/home-manager}/base/ssh.nix | 0 .../home-manager}/base/vault.nix | 0 {home => profiles/home-manager}/base/zsh.nix | 0 .../home-manager}/bluetooth/bluetooth.nix | 0 .../home-manager}/dev/all/archives/common.nix | 0 .../home-manager}/dev/all/archives/extra.nix | 0 .../dev/all/archives/proprietary-extra.nix | 0 .../home-manager}/dev/all/compression.nix | 0 .../home-manager}/dev/all/debugging.nix | 0 profiles/home-manager/dev/all/editors.nix | 5 + .../home-manager}/dev/all/extra.nix | 0 .../home-manager}/dev/all/git.nix | 0 .../home-manager}/dev/all/info-gui.nix | 0 .../home-manager}/dev/all/info.nix | 0 .../home-manager}/dev/all/network.nix | 0 profiles/home-manager/dev/small/small.nix | 12 ++ .../home-manager}/gaming/emulators/ds.nix | 0 .../home-manager}/gaming/games/minecraft.nix | 0 .../home-manager}/gaming/games/osu.nix | 0 .../home-manager}/gaming/platforms/lutris.nix | 0 .../home-manager}/gaming/platforms/steam.nix | 0 .../home-manager}/gui/base/gtk.nix | 0 .../home-manager}/gui/base/qt.nix | 0 .../home-manager}/gui/base/xdg.nix | 0 .../gui/environments/gnome/default.nix | 6 +- .../home-manager}/homeFolders.nix | 0 .../home-manager}/musicLibrary.nix | 6 +- .../programming/editors/nano/nano.nix | 0 .../programming/editors/vscode.nix | 0 .../programming/languages/go.nix | 0 .../programming/languages/nix.nix | 0 .../programming/languages/rust.nix | 0 .../home-manager}/reversing/discovery.nix | 0 .../home-manager}/reversing/dotnet.nix | 0 {home => profiles/home-manager}/sshUSB.nix | 4 +- profiles/minimalServer.nix | 8 - profiles/{ => nixos}/base/boot.nix | 0 profiles/{ => nixos}/base/editors.nix | 0 profiles/{ => nixos}/base/hardware.nix | 0 profiles/{ => nixos}/base/home.nix | 0 .../base/locale.nix} | 0 profiles/{ => nixos}/base/nix.nix | 7 +- profiles/{ => nixos}/base/programs.nix | 0 profiles/{ => nixos}/base/sudo.nix | 0 profiles/{ => nixos}/base/terminals.nix | 0 profiles/{ => nixos}/base/zsh.nix | 0 .../connectivity}/bluetooth.nix | 0 .../connectivity/iOS.nix} | 2 +- .../connectivity/networkManager.nix} | 0 profiles/{ => nixos}/cross/arm64.nix | 0 profiles/{ => nixos}/firewallAllow/aria2c.nix | 0 .../{ => nixos}/firewallAllow/httpCommon.nix | 0 .../{ => nixos}/firewallAllow/soulseek.nix | 0 profiles/{ => nixos}/firewallAllow/ssh.nix | 0 profiles/{ => nixos}/gaming/steam.nix | 0 profiles/{ => nixos}/gui/base/default.nix | 14 +- .../gui/environments/gnome/default.nix | 0 profiles/{ => nixos}/gui/greeter/gdm.nix | 0 profiles/{ => nixos}/gui/greeter/sddm.nix | 0 profiles/{ => nixos}/laptop.nix | 0 profiles/{ => nixos}/mullvad.nix | 0 profiles/{ => nixos}/nginx.nix | 0 profiles/{ => nixos}/nixGC.nix | 0 profiles/{ => nixos}/printing/printing.nix | 0 profiles/{ => nixos}/remoteBuilders.nix | 0 profiles/{ => nixos}/serverExtras.nix | 0 profiles/{ => nixos}/sound/base.nix | 0 .../{ => nixos}/sound/pipewire/default.nix | 0 profiles/{ => nixos}/sshd/sshd.nix | 0 profiles/{ => nixos}/tor/tor.nix | 0 profiles/{ => nixos}/usbAutoMount.nix | 8 +- profiles/{ => nixos}/wifiHardware.nix | 0 treeConfig.nix | 5 +- 120 files changed, 148 insertions(+), 598 deletions(-) delete mode 100644 home/base/age-encryption.nix delete mode 100644 home/dev/all/editors.nix delete mode 100644 home/dev/small/small.nix delete mode 100644 home/sshWSL.nix delete mode 100644 hosts/lappy-surface/hardware.nix delete mode 100644 hosts/lappy-surface/lappy-surface.nix delete mode 100644 hosts/lappy-surface/profiles/music-player-target.nix delete mode 100644 hosts/lappy-surface/secrets.nix delete mode 100644 modules/nixos/postgreSQLRemoteBackup.nix delete mode 100644 overlay/gobar/default.nix create mode 100644 presets/home-manager/root-base.nix create mode 100644 presets/home-manager/root-minimalServer.nix delete mode 100644 profiles/fingerprint.nix rename {home => profiles/home-manager}/apps/age.nix (100%) rename {home => profiles/home-manager}/apps/aria2.nix (100%) rename {home => profiles/home-manager}/apps/fileRoller.nix (100%) rename {home => profiles/home-manager}/apps/firefox.nix (100%) rename {home => profiles/home-manager}/apps/kitty.nix (100%) rename {home => profiles/home-manager}/apps/kitty.theme (100%) rename {home => profiles/home-manager}/apps/libreoffice.nix (100%) rename {home => profiles/home-manager}/apps/mpv.nix (100%) rename {home => profiles/home-manager}/apps/mullvad.nix (100%) rename {home => profiles/home-manager}/apps/musicutil.nix (100%) rename {home => profiles/home-manager}/apps/nautilus.nix (100%) rename {home => profiles/home-manager}/apps/nicotine-plus.nix (100%) rename {home => profiles/home-manager}/apps/obsidian.nix (100%) rename {home => profiles/home-manager}/apps/pavucontrol.nix (100%) rename {home => profiles/home-manager}/apps/rclone.nix (100%) rename {home => profiles/home-manager}/apps/restic.nix (100%) rename {home => profiles/home-manager}/apps/session.nix (100%) rename {home => profiles/home-manager}/apps/telegram.nix (100%) rename {home => profiles/home-manager}/apps/thunderbird.nix (100%) rename {home => profiles/home-manager}/apps/toot-cli.nix (100%) create mode 100644 profiles/home-manager/base/age-encryption.nix rename {home => profiles/home-manager}/base/ssh-aliases.nix (100%) rename {home => profiles/home-manager}/base/ssh.nix (100%) rename {home => profiles/home-manager}/base/vault.nix (100%) rename {home => profiles/home-manager}/base/zsh.nix (100%) rename {home => profiles/home-manager}/bluetooth/bluetooth.nix (100%) rename {home => profiles/home-manager}/dev/all/archives/common.nix (100%) rename {home => profiles/home-manager}/dev/all/archives/extra.nix (100%) rename {home => profiles/home-manager}/dev/all/archives/proprietary-extra.nix (100%) rename {home => profiles/home-manager}/dev/all/compression.nix (100%) rename {home => profiles/home-manager}/dev/all/debugging.nix (100%) create mode 100644 profiles/home-manager/dev/all/editors.nix rename {home => profiles/home-manager}/dev/all/extra.nix (100%) rename {home => profiles/home-manager}/dev/all/git.nix (100%) rename {home => profiles/home-manager}/dev/all/info-gui.nix (100%) rename {home => profiles/home-manager}/dev/all/info.nix (100%) rename {home => profiles/home-manager}/dev/all/network.nix (100%) create mode 100644 profiles/home-manager/dev/small/small.nix rename {home => profiles/home-manager}/gaming/emulators/ds.nix (100%) rename {home => profiles/home-manager}/gaming/games/minecraft.nix (100%) rename {home => profiles/home-manager}/gaming/games/osu.nix (100%) rename {home => profiles/home-manager}/gaming/platforms/lutris.nix (100%) rename {home => profiles/home-manager}/gaming/platforms/steam.nix (100%) rename {home => profiles/home-manager}/gui/base/gtk.nix (100%) rename {home => profiles/home-manager}/gui/base/qt.nix (100%) rename {home => profiles/home-manager}/gui/base/xdg.nix (100%) rename {home => profiles/home-manager}/gui/environments/gnome/default.nix (97%) rename {home => profiles/home-manager}/homeFolders.nix (100%) rename {home => profiles/home-manager}/musicLibrary.nix (96%) rename {home => profiles/home-manager}/programming/editors/nano/nano.nix (100%) rename {home => profiles/home-manager}/programming/editors/vscode.nix (100%) rename {home => profiles/home-manager}/programming/languages/go.nix (100%) rename {home => profiles/home-manager}/programming/languages/nix.nix (100%) rename {home => profiles/home-manager}/programming/languages/rust.nix (100%) rename {home => profiles/home-manager}/reversing/discovery.nix (100%) rename {home => profiles/home-manager}/reversing/dotnet.nix (100%) rename {home => profiles/home-manager}/sshUSB.nix (76%) delete mode 100644 profiles/minimalServer.nix rename profiles/{ => nixos}/base/boot.nix (100%) rename profiles/{ => nixos}/base/editors.nix (100%) rename profiles/{ => nixos}/base/hardware.nix (100%) rename profiles/{ => nixos}/base/home.nix (100%) rename profiles/{base/consoleLocale.nix => nixos/base/locale.nix} (100%) rename profiles/{ => nixos}/base/nix.nix (88%) rename profiles/{ => nixos}/base/programs.nix (100%) rename profiles/{ => nixos}/base/sudo.nix (100%) rename profiles/{ => nixos}/base/terminals.nix (100%) rename profiles/{ => nixos}/base/zsh.nix (100%) rename profiles/{connectivity/bluetooth => nixos/connectivity}/bluetooth.nix (100%) rename profiles/{connectivity/iOS/default.nix => nixos/connectivity/iOS.nix} (73%) rename profiles/{connectivity/networkManager/nm.nix => nixos/connectivity/networkManager.nix} (100%) rename profiles/{ => nixos}/cross/arm64.nix (100%) rename profiles/{ => nixos}/firewallAllow/aria2c.nix (100%) rename profiles/{ => nixos}/firewallAllow/httpCommon.nix (100%) rename profiles/{ => nixos}/firewallAllow/soulseek.nix (100%) rename profiles/{ => nixos}/firewallAllow/ssh.nix (100%) rename profiles/{ => nixos}/gaming/steam.nix (100%) rename profiles/{ => nixos}/gui/base/default.nix (80%) rename profiles/{ => nixos}/gui/environments/gnome/default.nix (100%) rename profiles/{ => nixos}/gui/greeter/gdm.nix (100%) rename profiles/{ => nixos}/gui/greeter/sddm.nix (100%) rename profiles/{ => nixos}/laptop.nix (100%) rename profiles/{ => nixos}/mullvad.nix (100%) rename profiles/{ => nixos}/nginx.nix (100%) rename profiles/{ => nixos}/nixGC.nix (100%) rename profiles/{ => nixos}/printing/printing.nix (100%) rename profiles/{ => nixos}/remoteBuilders.nix (100%) rename profiles/{ => nixos}/serverExtras.nix (100%) rename profiles/{ => nixos}/sound/base.nix (100%) rename profiles/{ => nixos}/sound/pipewire/default.nix (100%) rename profiles/{ => nixos}/sshd/sshd.nix (100%) rename profiles/{ => nixos}/tor/tor.nix (100%) rename profiles/{ => nixos}/usbAutoMount.nix (93%) rename profiles/{ => nixos}/wifiHardware.nix (100%) diff --git a/home/base/age-encryption.nix b/home/base/age-encryption.nix deleted file mode 100644 index 4b0b77b..0000000 --- a/home/base/age-encryption.nix +++ /dev/null @@ -1,5 +0,0 @@ -{tree, ...}: { - imports = with tree; [ - home.apps.age - ]; -} diff --git a/home/dev/all/editors.nix b/home/dev/all/editors.nix deleted file mode 100644 index 8c0d267..0000000 --- a/home/dev/all/editors.nix +++ /dev/null @@ -1,5 +0,0 @@ -{tree, ...}: { - imports = with tree; [ - home.programming.editors.nano - ]; -} diff --git a/home/dev/small/small.nix b/home/dev/small/small.nix deleted file mode 100644 index 1ad696b..0000000 --- a/home/dev/small/small.nix +++ /dev/null @@ -1,12 +0,0 @@ -{tree, ...}: { - # basically everything apart from home.all.dev.debugging and extra archives - imports = with tree; [ - home.dev.all.archives.common - home.dev.all.compression - home.dev.all.editors - home.dev.all.extra - home.dev.all.git - home.dev.all.info - home.dev.all.network - ]; -} diff --git a/home/sshWSL.nix b/home/sshWSL.nix deleted file mode 100644 index 14e781b..0000000 --- a/home/sshWSL.nix +++ /dev/null @@ -1,9 +0,0 @@ -{...}: { - programs.ssh.matchBlocks."*".identityFile = "/home/chaos/.ssh/id_ed25519"; - programs.git.extraConfig = { - gpg.format = "ssh"; - commit.gpgsign = "true"; - tag.gpgsign = "true"; - user.signingKey = "/home/chaos/.ssh/id_ed25519"; - }; -} diff --git a/hosts/hetzner-arm/hetzner-arm.nix b/hosts/hetzner-arm/hetzner-arm.nix index ae1cb1a..eb7dde5 100644 --- a/hosts/hetzner-arm/hetzner-arm.nix +++ b/hosts/hetzner-arm/hetzner-arm.nix @@ -11,8 +11,7 @@ in { presets.nixos.serverHetzner presets.nixos.serverEncryptedDrive - profiles.nginx - profiles.firewallAllow.httpCommon + profiles.nixos.nginx ./hardware.nix ./secrets.nix @@ -53,8 +52,6 @@ in { }) ]; - # TODO: system.forbiddenDependenciesRegexes = ["libX11*"]; - # For Containers networking.nat = { enable = true; @@ -62,6 +59,11 @@ in { externalInterface = "enp1s0"; }; + networking.firewall = { + allowedTCPPorts = [80 443]; + allowedUDPPorts = [80 443]; + }; + networking.hostName = "hetzner-arm"; home-manager.users.root.home.stateVersion = "24.05"; diff --git a/hosts/lappy-surface/hardware.nix b/hosts/lappy-surface/hardware.nix deleted file mode 100644 index 8197cf9..0000000 --- a/hosts/lappy-surface/hardware.nix +++ /dev/null @@ -1,25 +0,0 @@ -{tree, ...}: { - imports = with tree; [ - presets.nixos.encryptedDrive - ]; - - boot = { - loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - }; - initrd.availableKernelModules = [ - # defaults from nixos-generate-config - "xhci_pci" - "nvme" - "usb_storage" - "usbhid" - "sd_mod" - "rtsx_pci_sdmmc" - ]; - kernelModules = ["kvm-intel"]; - encryptedDrive.mode = "password"; - }; - - hardware.cpu.intel.updateMicrocode = true; -} diff --git a/hosts/lappy-surface/lappy-surface.nix b/hosts/lappy-surface/lappy-surface.nix deleted file mode 100644 index 9c3b5c5..0000000 --- a/hosts/lappy-surface/lappy-surface.nix +++ /dev/null @@ -1,49 +0,0 @@ -{tree, ...}: { - imports = with tree; [ - users.root - users.chaos - profiles.sshd - - presets.nixos.desktopGnome - presets.nixos.laptop - presets.nixos.encryptedUSB - - profiles.cross.arm64 - profiles.remoteBuilders - - hosts.lappy-surface.profiles.music-player-target - - ./secrets.nix - ]; - - home-manager.users.root = { - imports = with tree; [home.base]; - home.stateVersion = "24.05"; - }; - - home-manager.users.chaos = { - imports = with tree; [ - home.base - home.dev.all - home.reversing - home.homeFolders - home.musicLibrary - - home.programming.editors.nano - home.programming.editors.vscode - home.programming.languages.rust - home.programming.languages.nix - ]; - home.stateVersion = "24.05"; - }; - - networking.firewall.enable = true; - networking.firewall.allowPing = true; - - networking.firewall.allowedTCPPorts = [8088]; - - networking.hostName = "lappy-surface"; - time.timeZone = "Europe/London"; - - system.stateVersion = "24.05"; -} diff --git a/hosts/lappy-surface/profiles/music-player-target.nix b/hosts/lappy-surface/profiles/music-player-target.nix deleted file mode 100644 index 5d69e45..0000000 --- a/hosts/lappy-surface/profiles/music-player-target.nix +++ /dev/null @@ -1,114 +0,0 @@ -{ - config, - pkgs, - tree, - ... -}: let - alsaDevice = "sysdefault:CARD=A"; - alsaControl = "Headphone"; - mpvDevice = "alsa/${alsaDevice}"; - hardwareVolume = 80; - - startMusicPlayer = pkgs.writeShellScriptBin "startMusicPlayer" '' - ${pkgs.alsa-utils}/bin/amixer -D "${alsaDevice}" sset "${alsaControl}" "${toString hardwareVolume}%" - - exec ${pkgs.mpv}/bin/mpv \ - "https://music:$(cat /secrets/music_stream_password)@mpd.owo.monster/flac" \ - --cache=yes --cache-pause-initial=yes --cache-pause-wait=5 \ - --vo=gpu --force-window --script-opts-append=osc-visibility=always \ - --ao=alsa --audio-device="${mpvDevice}" - ''; - - startMusicPlayerSession = pkgs.writeShellScriptBin "startMusicPlayerSession" '' - set -x - export XDG_RUNTIME_DIR=/run/user/$UID - - dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY XDG_CURRENT_DESKTOP - - exec systemd-inhibit --what=sleep:idle:handle-lid-switch ${startMusicPlayer}/bin/startMusicPlayer - ''; -in { - imports = with tree; [ - profiles.connectivity.networkManager - profiles.wifiHardware - ]; - - environment.systemPackages = [startMusicPlayer startMusicPlayerSession]; - - users.users.music-player = { - uid = 1001; - isNormalUser = true; - linger = true; - extraGroups = [ - "video" - "input" - "audio" - "rtkit" - ]; - }; - - home-manager.users.music-player = { - programs.mpv.enable = true; - imports = with tree; [ - home.base - ]; - home.stateVersion = "24.05"; - }; - - systemd.services."music-player" = { - enable = true; - after = [ - "systemd-user-sessions.service" - "plymouth-start.service" - "plymouth-quit.service" - "systemd-logind.service" - "getty@tty1.service" - "user@1001.service" - "network.target" - ]; - before = ["music-player.target"]; - wants = ["dbus.socket" "network.target" "user@1001.service" "systemd-logind.service" "plymouth-quit.service"]; - wantedBy = ["music-player.target"]; - conflicts = ["getty@tty1.service"]; - - restartIfChanged = true; - unitConfig.ConditionPathExists = "/dev/tty1"; - serviceConfig = { - ExecStart = '' - ${pkgs.cage}/bin/cage -s ${startMusicPlayerSession}/bin/startMusicPlayerSession - ''; - User = "music-player"; - StandardError = "append:/var/log/music-player.log"; - IgnoreSIGPIPE = "no"; - UtmpIdentifier = "%n"; - UtmpMode = "user"; - TTYPath = "/dev/tty1"; - TTYReset = "yes"; - TTYVHangup = "yes"; - TTYVTDisallocate = "yes"; - StandardInput = "tty-fail"; - PAMName = "music-player"; - }; - environment = { - XDG_RUNTIME_DIR = "/run/user/1001"; - XDG_SESSION_TYPE = "wayland"; - }; - }; - - security.polkit.enable = true; - - security.pam.services.music-player.text = '' - auth required pam_unix.so nullok - account required pam_unix.so - session required pam_unix.so - session required pam_env.so conffile=/etc/pam/environment readenv=0 - session required ${config.systemd.package}/lib/security/pam_systemd.so - ''; - - hardware.opengl.enable = true; - - systemd.targets.music-player = { - description = "Music player"; - wants = ["music-player.service" "networkmanager.service" "user@1001.service"]; - }; -} diff --git a/hosts/lappy-surface/secrets.nix b/hosts/lappy-surface/secrets.nix deleted file mode 100644 index 6778044..0000000 --- a/hosts/lappy-surface/secrets.nix +++ /dev/null @@ -1,18 +0,0 @@ -{...}: { - services.secrets = { - enable = true; - secrets = { - usb_encryption_passphrase = { - manual = true; - }; - - music_stream_password = { - user = "chaos"; - group = "users"; - fetchScript = '' - simple_get "/api-keys/music-stream" .password > "$secretFile" - ''; - }; - }; - }; -} diff --git a/hosts/lappy-t495/lappy-t495.nix b/hosts/lappy-t495/lappy-t495.nix index 6486dbb..bf649ca 100644 --- a/hosts/lappy-t495/lappy-t495.nix +++ b/hosts/lappy-t495/lappy-t495.nix @@ -1,41 +1,49 @@ -{tree, ...}: { - imports = with tree; [ +{ + lib, + tree, + ... +}: let + inherit (lib.lists) flatten; +in { + imports = flatten (with tree; [ users.root users.chaos - profiles.sshd - presets.nixos.desktopGnome - presets.nixos.laptop - presets.nixos.encryptedUSB + presets.home-manager.root-base - profiles.cross.arm64 - profiles.remoteBuilders + (with tree.presets.nixos; [ + desktopGnome + laptop + encryptedUSB + ]) - profiles.gaming.steam + (with tree.profiles.nixos; [ + cross.arm64 + remoteBuilders + + gaming.steam + ]) ./secrets.nix - ]; + ]); - home-manager.users.root = { - imports = with tree; [home.base]; - home.stateVersion = "24.05"; - }; + home-manager.users.root.home.stateVersion = "24.05"; home-manager.users.chaos = { - imports = with tree; [ - home.base - home.dev.all - home.reversing - home.homeFolders - home.musicLibrary + imports = with tree.profiles.home-manager; [ + base + dev.all + reversing + homeFolders + musicLibrary - home.programming.editors.nano - home.programming.editors.vscode - home.programming.languages.rust - home.programming.languages.nix + programming.editors.nano + programming.editors.vscode + programming.languages.rust + programming.languages.nix - home.gaming.platforms.steam - home.gaming.platforms.lutris + gaming.platforms.steam + gaming.platforms.lutris ]; home.stateVersion = "24.05"; }; diff --git a/hosts/nixos.nix b/hosts/nixos.nix index 0dedd0a..238fba4 100644 --- a/hosts/nixos.nix +++ b/hosts/nixos.nix @@ -25,7 +25,7 @@ }; defaultModules = [ - tree.profiles.base + tree.profiles.nixos.base inputs.home-manager-unstable.nixosModules.home-manager @@ -34,7 +34,6 @@ tree.modules.nixos.rcloneServe tree.modules.nixos.rcloneSync tree.modules.nixos.secrets - tree.modules.nixos.postgreSQLRemoteBackup tree.modules.nixos.encryptedDrive ]; @@ -70,16 +69,6 @@ in rec { modules = defaultModules ++ [./lappy-t495/lappy-t495.nix ./lappy-t495/hardware.nix]; }; - lappy-surface = nixosUnstableSystem { - specialArgs = - defaultSpecialArgs - // { - hostPath = ./lappy-surface; - }; - system = "x86_64-linux"; - modules = defaultModules ++ [./lappy-surface/lappy-surface.nix ./lappy-surface/hardware.nix]; - }; - hetzner-arm = nixosUnstableSystem { specialArgs = defaultSpecialArgs diff --git a/modules/nixos/postgreSQLRemoteBackup.nix b/modules/nixos/postgreSQLRemoteBackup.nix deleted file mode 100644 index 3b9df8f..0000000 --- a/modules/nixos/postgreSQLRemoteBackup.nix +++ /dev/null @@ -1,165 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: let - inherit (builtins) listToAttrs getAttr; - inherit (lib.modules) mkIf mkMerge; - inherit (lib.options) mkOption mkEnableOption mdDoc; - inherit (lib.strings) optionalString; - inherit (lib.attrsets) attrValues; - inherit (lib) types; - - cfg = config.services.postgreSQLRemoteBackup; -in { - options = { - # TODO: add host, port, user options - services.postgreSQLRemoteBackup = { - enable = mkEnableOption (mdDoc "PostgreSQL database dumps"); - - keepPrev = mkOption { - default = true; - type = types.bool; - description = mdDoc '' - Keep the previous run's backups but rename them to $name.prev - ''; - }; - - startAt = mkOption { - default = "4h"; - type = with types; either (listOf str) str; - description = mdDoc '' - This option defines (see `systemd.time` for format) when the - databases should be dumped. - The default is run every 4 hours. - ''; - }; - - backupUser = mkOption { - default = "root"; - type = types.str; - description = mdDoc '' - User which will be used for backup job and files - ''; - }; - - databases = mkOption { - default = []; - type = types.listOf types.str; - description = mdDoc '' - List of database names to dump. - ''; - }; - - location = mkOption { - default = "/var/backup/postgresql"; - type = types.path; - description = mdDoc '' - Path of directory where the PostgreSQL database dumps will be placed. - ''; - }; - - pgdumpOptions = mkOption { - type = types.separatedString " "; - default = "-C"; - description = mdDoc '' - Command line options for pg_dump. - ''; - }; - - compression = mkOption { - type = types.enum ["none" "zstd"]; - default = "zstd"; - description = mdDoc '' - The type of compression to use on the generated database dump. - ''; - }; - - compressionLevel = mkOption { - type = types.int; - default = 9; - description = mdDoc '' - The compression level used when compression is enabled. - zstd accepts levels 1 to 19. - ''; - }; - }; - }; - - config = mkMerge [ - (mkIf cfg.enable { - systemd.tmpfiles.rules = [ - "d '${cfg.location}' 0700 ${cfg.backupUser} - - -" - ]; - }) - (mkIf cfg.enable { - systemd.services = listToAttrs (map (db: { - name = "remotePostgreSQLBackup-${db}"; - value = let - compressSuffixes = { - "none" = ""; - "zstd" = ".zstd"; - }; - compressSuffix = getAttr cfg.compression compressSuffixes; - - compressCmd = getAttr cfg.compression { - "none" = "cat"; - "zstd" = "${pkgs.zstd}/bin/zstd -c -${toString cfg.compressionLevel}"; - }; - - mkSqlPath = prefix: suffix: "${cfg.location}/${db}${prefix}.sql${suffix}"; - curFile = mkSqlPath "" compressSuffix; - prevFile = mkSqlPath ".prev" compressSuffix; - prevFiles = map (mkSqlPath ".prev") (attrValues compressSuffixes); - inProgressFile = mkSqlPath ".in-progress" compressSuffix; - in { - enable = true; - - description = "Backup of ${db} database(s)"; - - requires = mkIf config.services.postgresql.enable [ - "postgresql.service" - ]; - - path = [ - pkgs.coreutils - (let - pgCfg = config.services.postgresql; - in - if pgCfg.enable - then pgCfg.package - else pkgs.postgresql) - ]; - - script = '' - set -e -o pipefail - - umask 0077 # ensure backup is only readable by backup user - - ${optionalString cfg.keepPrev '' - if [ -e ${curFile} ]; then - rm -f ${toString prevFiles} - mv ${curFile} ${prevFile} - fi - ''} - - pg_dump ${cfg.pgdumpOptions} ${db} \ - | ${compressCmd} \ - > ${inProgressFile} - - mv ${inProgressFile} ${curFile} - ''; - - serviceConfig = { - Type = "oneshot"; - User = cfg.backupUser; - }; - - inherit (cfg) startAt; - }; - }) - cfg.databases); - }) - ]; -} diff --git a/outputs.nix b/outputs.nix index 587ad17..7f40738 100644 --- a/outputs.nix +++ b/outputs.nix @@ -124,7 +124,6 @@ in sshAddress = "hetzner-arm.servers.genderfucked.monster"; }; "lappy-t495" = configForMachine "lappy-t495"; - "lappy-surface" = configForMachine "lappy-surface"; }; machinesWithHostSecrets = filter ( diff --git a/overlay/default.nix b/overlay/default.nix index 31fff29..47f0b5b 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -2,8 +2,6 @@ final: prev: rec { comic-sans = final.callPackage ./comic-sans {}; comic-code = final.callPackage ./comic-code {}; - gobar = final.callPackage ./gobar {}; - mk-enc-usb = final.callPackage ../extras/mk-enc-usb.nix {}; mk-encrypted-drive = final.callPackage ../extras/mk-encrypted-drive.nix {}; diff --git a/overlay/gobar/default.nix b/overlay/gobar/default.nix deleted file mode 100644 index 6c9dc7b..0000000 --- a/overlay/gobar/default.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ - fetchFromGitLab, - buildGoModule, -}: -buildGoModule rec { - pname = "gobar"; - version = "latest-1"; - - src = fetchFromGitLab { - owner = "ChaotiCryptidz"; - repo = "gobar"; - rev = "34c807423e5ea1420dbe2c08574cdc234f9b0789"; - sha256 = "sha256-H+CjnkMde3rx7CoLKOluxHlYrhZGqzTnU8oOgkDEwsc="; - }; - - runVend = false; - vendorSha256 = "sha256-37QYc+gLzCW1jefAQNy4AbabckJ4jO1sDOiUZTsLgWo="; - - preBuild = '' - export HOME=$TMPDIR - ''; -} diff --git a/presets/home-manager/root-base.nix b/presets/home-manager/root-base.nix new file mode 100644 index 0000000..00b3a90 --- /dev/null +++ b/presets/home-manager/root-base.nix @@ -0,0 +1,7 @@ +{tree, ...}: { + home-manager.users.root = { + imports = with tree.profiles.home-manager; [ + base + ]; + }; +} diff --git a/presets/home-manager/root-minimalServer.nix b/presets/home-manager/root-minimalServer.nix new file mode 100644 index 0000000..3a911c0 --- /dev/null +++ b/presets/home-manager/root-minimalServer.nix @@ -0,0 +1,9 @@ +{tree, ...}: { + home-manager.users.root = { + imports = with tree.profiles.home-manager; [ + base.zsh + base.age-encryption + dev.small + ]; + }; +} diff --git a/presets/nixos/containerBase.nix b/presets/nixos/containerBase.nix index 79b1623..290c5cc 100644 --- a/presets/nixos/containerBase.nix +++ b/presets/nixos/containerBase.nix @@ -5,13 +5,14 @@ }: { imports = (with tree; [ - profiles.base + profiles.nixos.base + users.root + presets.home-manager.root-minimalServer modules.nixos.rcloneServe modules.nixos.rcloneSync modules.nixos.secrets - modules.nixos.postgreSQLRemoteBackup ]) ++ [ # Default modules which are usually included in nixos.nix @@ -19,10 +20,6 @@ inputs.vaultui.nixosModules.default ]; - home-manager.users.root = { - imports = with tree; [home.base.zsh home.base.age-encryption home.dev.small]; - }; - networking.firewall = { enable = true; allowPing = true; diff --git a/presets/nixos/desktopBase.nix b/presets/nixos/desktopBase.nix index 78229b2..f8d7cd4 100644 --- a/presets/nixos/desktopBase.nix +++ b/presets/nixos/desktopBase.nix @@ -1,41 +1,38 @@ {tree, ...}: { - imports = with tree; [ - profiles.wifiHardware + imports = with tree.profiles.nixos; [ + wifiHardware - profiles.sound.base - profiles.sound.pipewire - profiles.gui.base + sound.base + sound.pipewire + gui.base - profiles.firewallAllow.aria2c - profiles.firewallAllow.soulseek - profiles.mullvad + mullvad ]; home-manager.users.chaos = { - imports = with tree; [ - home.gui.base + imports = with tree.profiles.home-manager; [ + gui.base - home.apps.fileRoller - home.apps.nautilus - home.apps.pavucontrol - home.apps.mpv + apps.fileRoller + apps.nautilus + apps.pavucontrol + apps.mpv - home.apps.firefox - home.apps.telegram - home.apps.thunderbird - #home.apps.session - home.apps.toot-cli + apps.firefox + apps.telegram + apps.thunderbird + apps.toot-cli - home.apps.obsidian - home.apps.libreoffice + apps.obsidian + apps.libreoffice - home.apps.nicotine-plus - home.apps.musicutil + apps.nicotine-plus + apps.musicutil - home.apps.mullvad - home.apps.aria2 - home.apps.rclone - home.apps.restic + apps.mullvad + apps.aria2 + apps.rclone + apps.restic ]; }; } diff --git a/presets/nixos/desktopGnome.nix b/presets/nixos/desktopGnome.nix index 2cc6e9e..1602ecc 100644 --- a/presets/nixos/desktopGnome.nix +++ b/presets/nixos/desktopGnome.nix @@ -1,11 +1,12 @@ {tree, ...}: { imports = with tree; [ presets.nixos.desktopBase - profiles.gui.environments.gnome + + profiles.nixos.gui.environments.gnome ]; home-manager.users.chaos = { imports = with tree; [ - home.gui.environments.gnome + profiles.home-manager.gui.environments.gnome ]; }; } diff --git a/presets/nixos/encryptedUSB.nix b/presets/nixos/encryptedUSB.nix index a0246f6..c7ae7c3 100644 --- a/presets/nixos/encryptedUSB.nix +++ b/presets/nixos/encryptedUSB.nix @@ -1,6 +1,11 @@ {tree, ...}: { - imports = with tree; [profiles.usbAutoMount]; + imports = with tree.profiles.nixos; [ + usbAutoMount + ]; + home-manager.users.chaos = { - imports = with tree; [home.sshUSB]; + imports = with tree.profiles.home-manager; [ + sshUSB + ]; }; } diff --git a/presets/nixos/laptop.nix b/presets/nixos/laptop.nix index 68a9f37..b91b73a 100644 --- a/presets/nixos/laptop.nix +++ b/presets/nixos/laptop.nix @@ -1,13 +1,13 @@ {tree, ...}: { - imports = with tree; [ - profiles.laptop + imports = with tree.profiles.nixos; [ + laptop - profiles.connectivity.networkManager - profiles.connectivity.iOS + connectivity.networkManager + connectivity.iOS - profiles.wifiHardware + wifiHardware - profiles.tor + tor ]; boot.loader.systemd-boot = { diff --git a/presets/nixos/serverBase.nix b/presets/nixos/serverBase.nix index 8e65264..286fa90 100644 --- a/presets/nixos/serverBase.nix +++ b/presets/nixos/serverBase.nix @@ -1,22 +1,19 @@ {tree, ...}: { imports = with tree; [ users.root + presets.home-manager.root-minimalServer - profiles.sshd - profiles.firewallAllow.ssh + profiles.nixos.sshd - profiles.nixGC - profiles.serverExtras + profiles.nixos.nixGC + profiles.nixos.serverExtras ]; - home-manager.users.root = { - imports = with tree; [home.base.zsh home.base.age-encryption home.dev.small]; - }; - networking.firewall = { enable = true; allowPing = true; checkReversePath = "loose"; + allowedTCPPorts = [22]; }; # TODO: Better DNS setup diff --git a/presets/nixos/serverEncryptedDrive.nix b/presets/nixos/serverEncryptedDrive.nix index d38830d..3654a50 100644 --- a/presets/nixos/serverEncryptedDrive.nix +++ b/presets/nixos/serverEncryptedDrive.nix @@ -14,7 +14,7 @@ driveData = import "${self}/data/drives/encryptedDrive.nix"; in { imports = with tree; [ - profiles.sshd + profiles.nixos.sshd ]; boot = { diff --git a/profiles/fingerprint.nix b/profiles/fingerprint.nix deleted file mode 100644 index 19f9a29..0000000 --- a/profiles/fingerprint.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: let - inherit (lib.modules) mkIf mkForce; -in { - services.fprintd.enable = true; - - security.sudo.wheelNeedsPassword = mkForce true; - - security.pam.services = { - sudo.fprintAuth = true; - login.fprintAuth = true; - - gdm-fingerprint = mkIf config.services.xserver.displayManager.gdm.enable { - text = '' - auth required pam_shells.so - auth requisite pam_nologin.so - auth requisite pam_faillock.so preauth - auth required ${pkgs.fprintd}/lib/security/pam_fprintd.so - auth optional pam_permit.so - auth required pam_env.so - auth [success=ok default=1] ${pkgs.gdm}/lib/security/pam_gdm.so - auth optional ${pkgs.gnome-keyring}/lib/security/pam_gnome_keyring.so - - account include login - - password required pam_deny.so - - session include login - session optional ${pkgs.gnome.gnome-keyring}/lib/security/pam_gnome_keyring.so auto_start - ''; - }; - }; -} diff --git a/home/apps/age.nix b/profiles/home-manager/apps/age.nix similarity index 100% rename from home/apps/age.nix rename to profiles/home-manager/apps/age.nix diff --git a/home/apps/aria2.nix b/profiles/home-manager/apps/aria2.nix similarity index 100% rename from home/apps/aria2.nix rename to profiles/home-manager/apps/aria2.nix diff --git a/home/apps/fileRoller.nix b/profiles/home-manager/apps/fileRoller.nix similarity index 100% rename from home/apps/fileRoller.nix rename to profiles/home-manager/apps/fileRoller.nix diff --git a/home/apps/firefox.nix b/profiles/home-manager/apps/firefox.nix similarity index 100% rename from home/apps/firefox.nix rename to profiles/home-manager/apps/firefox.nix diff --git a/home/apps/kitty.nix b/profiles/home-manager/apps/kitty.nix similarity index 100% rename from home/apps/kitty.nix rename to profiles/home-manager/apps/kitty.nix diff --git a/home/apps/kitty.theme b/profiles/home-manager/apps/kitty.theme similarity index 100% rename from home/apps/kitty.theme rename to profiles/home-manager/apps/kitty.theme diff --git a/home/apps/libreoffice.nix b/profiles/home-manager/apps/libreoffice.nix similarity index 100% rename from home/apps/libreoffice.nix rename to profiles/home-manager/apps/libreoffice.nix diff --git a/home/apps/mpv.nix b/profiles/home-manager/apps/mpv.nix similarity index 100% rename from home/apps/mpv.nix rename to profiles/home-manager/apps/mpv.nix diff --git a/home/apps/mullvad.nix b/profiles/home-manager/apps/mullvad.nix similarity index 100% rename from home/apps/mullvad.nix rename to profiles/home-manager/apps/mullvad.nix diff --git a/home/apps/musicutil.nix b/profiles/home-manager/apps/musicutil.nix similarity index 100% rename from home/apps/musicutil.nix rename to profiles/home-manager/apps/musicutil.nix diff --git a/home/apps/nautilus.nix b/profiles/home-manager/apps/nautilus.nix similarity index 100% rename from home/apps/nautilus.nix rename to profiles/home-manager/apps/nautilus.nix diff --git a/home/apps/nicotine-plus.nix b/profiles/home-manager/apps/nicotine-plus.nix similarity index 100% rename from home/apps/nicotine-plus.nix rename to profiles/home-manager/apps/nicotine-plus.nix diff --git a/home/apps/obsidian.nix b/profiles/home-manager/apps/obsidian.nix similarity index 100% rename from home/apps/obsidian.nix rename to profiles/home-manager/apps/obsidian.nix diff --git a/home/apps/pavucontrol.nix b/profiles/home-manager/apps/pavucontrol.nix similarity index 100% rename from home/apps/pavucontrol.nix rename to profiles/home-manager/apps/pavucontrol.nix diff --git a/home/apps/rclone.nix b/profiles/home-manager/apps/rclone.nix similarity index 100% rename from home/apps/rclone.nix rename to profiles/home-manager/apps/rclone.nix diff --git a/home/apps/restic.nix b/profiles/home-manager/apps/restic.nix similarity index 100% rename from home/apps/restic.nix rename to profiles/home-manager/apps/restic.nix diff --git a/home/apps/session.nix b/profiles/home-manager/apps/session.nix similarity index 100% rename from home/apps/session.nix rename to profiles/home-manager/apps/session.nix diff --git a/home/apps/telegram.nix b/profiles/home-manager/apps/telegram.nix similarity index 100% rename from home/apps/telegram.nix rename to profiles/home-manager/apps/telegram.nix diff --git a/home/apps/thunderbird.nix b/profiles/home-manager/apps/thunderbird.nix similarity index 100% rename from home/apps/thunderbird.nix rename to profiles/home-manager/apps/thunderbird.nix diff --git a/home/apps/toot-cli.nix b/profiles/home-manager/apps/toot-cli.nix similarity index 100% rename from home/apps/toot-cli.nix rename to profiles/home-manager/apps/toot-cli.nix diff --git a/profiles/home-manager/base/age-encryption.nix b/profiles/home-manager/base/age-encryption.nix new file mode 100644 index 0000000..957ec7c --- /dev/null +++ b/profiles/home-manager/base/age-encryption.nix @@ -0,0 +1,5 @@ +{tree, ...}: { + imports = with tree.profiles.home-manager; [ + apps.age + ]; +} diff --git a/home/base/ssh-aliases.nix b/profiles/home-manager/base/ssh-aliases.nix similarity index 100% rename from home/base/ssh-aliases.nix rename to profiles/home-manager/base/ssh-aliases.nix diff --git a/home/base/ssh.nix b/profiles/home-manager/base/ssh.nix similarity index 100% rename from home/base/ssh.nix rename to profiles/home-manager/base/ssh.nix diff --git a/home/base/vault.nix b/profiles/home-manager/base/vault.nix similarity index 100% rename from home/base/vault.nix rename to profiles/home-manager/base/vault.nix diff --git a/home/base/zsh.nix b/profiles/home-manager/base/zsh.nix similarity index 100% rename from home/base/zsh.nix rename to profiles/home-manager/base/zsh.nix diff --git a/home/bluetooth/bluetooth.nix b/profiles/home-manager/bluetooth/bluetooth.nix similarity index 100% rename from home/bluetooth/bluetooth.nix rename to profiles/home-manager/bluetooth/bluetooth.nix diff --git a/home/dev/all/archives/common.nix b/profiles/home-manager/dev/all/archives/common.nix similarity index 100% rename from home/dev/all/archives/common.nix rename to profiles/home-manager/dev/all/archives/common.nix diff --git a/home/dev/all/archives/extra.nix b/profiles/home-manager/dev/all/archives/extra.nix similarity index 100% rename from home/dev/all/archives/extra.nix rename to profiles/home-manager/dev/all/archives/extra.nix diff --git a/home/dev/all/archives/proprietary-extra.nix b/profiles/home-manager/dev/all/archives/proprietary-extra.nix similarity index 100% rename from home/dev/all/archives/proprietary-extra.nix rename to profiles/home-manager/dev/all/archives/proprietary-extra.nix diff --git a/home/dev/all/compression.nix b/profiles/home-manager/dev/all/compression.nix similarity index 100% rename from home/dev/all/compression.nix rename to profiles/home-manager/dev/all/compression.nix diff --git a/home/dev/all/debugging.nix b/profiles/home-manager/dev/all/debugging.nix similarity index 100% rename from home/dev/all/debugging.nix rename to profiles/home-manager/dev/all/debugging.nix diff --git a/profiles/home-manager/dev/all/editors.nix b/profiles/home-manager/dev/all/editors.nix new file mode 100644 index 0000000..0ef452c --- /dev/null +++ b/profiles/home-manager/dev/all/editors.nix @@ -0,0 +1,5 @@ +{tree, ...}: { + imports = with tree.profiles.home-manager; [ + programming.editors.nano + ]; +} diff --git a/home/dev/all/extra.nix b/profiles/home-manager/dev/all/extra.nix similarity index 100% rename from home/dev/all/extra.nix rename to profiles/home-manager/dev/all/extra.nix diff --git a/home/dev/all/git.nix b/profiles/home-manager/dev/all/git.nix similarity index 100% rename from home/dev/all/git.nix rename to profiles/home-manager/dev/all/git.nix diff --git a/home/dev/all/info-gui.nix b/profiles/home-manager/dev/all/info-gui.nix similarity index 100% rename from home/dev/all/info-gui.nix rename to profiles/home-manager/dev/all/info-gui.nix diff --git a/home/dev/all/info.nix b/profiles/home-manager/dev/all/info.nix similarity index 100% rename from home/dev/all/info.nix rename to profiles/home-manager/dev/all/info.nix diff --git a/home/dev/all/network.nix b/profiles/home-manager/dev/all/network.nix similarity index 100% rename from home/dev/all/network.nix rename to profiles/home-manager/dev/all/network.nix diff --git a/profiles/home-manager/dev/small/small.nix b/profiles/home-manager/dev/small/small.nix new file mode 100644 index 0000000..726cf6d --- /dev/null +++ b/profiles/home-manager/dev/small/small.nix @@ -0,0 +1,12 @@ +{tree, ...}: { + # basically everything apart from dev.debugging and extra archives + imports = with tree.profiles.home-manager.dev.all; [ + archives.common + compression + editors + extra + git + info + network + ]; +} diff --git a/home/gaming/emulators/ds.nix b/profiles/home-manager/gaming/emulators/ds.nix similarity index 100% rename from home/gaming/emulators/ds.nix rename to profiles/home-manager/gaming/emulators/ds.nix diff --git a/home/gaming/games/minecraft.nix b/profiles/home-manager/gaming/games/minecraft.nix similarity index 100% rename from home/gaming/games/minecraft.nix rename to profiles/home-manager/gaming/games/minecraft.nix diff --git a/home/gaming/games/osu.nix b/profiles/home-manager/gaming/games/osu.nix similarity index 100% rename from home/gaming/games/osu.nix rename to profiles/home-manager/gaming/games/osu.nix diff --git a/home/gaming/platforms/lutris.nix b/profiles/home-manager/gaming/platforms/lutris.nix similarity index 100% rename from home/gaming/platforms/lutris.nix rename to profiles/home-manager/gaming/platforms/lutris.nix diff --git a/home/gaming/platforms/steam.nix b/profiles/home-manager/gaming/platforms/steam.nix similarity index 100% rename from home/gaming/platforms/steam.nix rename to profiles/home-manager/gaming/platforms/steam.nix diff --git a/home/gui/base/gtk.nix b/profiles/home-manager/gui/base/gtk.nix similarity index 100% rename from home/gui/base/gtk.nix rename to profiles/home-manager/gui/base/gtk.nix diff --git a/home/gui/base/qt.nix b/profiles/home-manager/gui/base/qt.nix similarity index 100% rename from home/gui/base/qt.nix rename to profiles/home-manager/gui/base/qt.nix diff --git a/home/gui/base/xdg.nix b/profiles/home-manager/gui/base/xdg.nix similarity index 100% rename from home/gui/base/xdg.nix rename to profiles/home-manager/gui/base/xdg.nix diff --git a/home/gui/environments/gnome/default.nix b/profiles/home-manager/gui/environments/gnome/default.nix similarity index 97% rename from home/gui/environments/gnome/default.nix rename to profiles/home-manager/gui/environments/gnome/default.nix index 267cce4..e904bf0 100644 --- a/home/gui/environments/gnome/default.nix +++ b/profiles/home-manager/gui/environments/gnome/default.nix @@ -1,14 +1,10 @@ { tree, - nixosConfig, pkgs, inputs, lib, ... }: let - inherit (lib.lists) optional; - inherit (lib.modules) mkIf; - homeManagerLib = inputs.home-manager.lib.hm; fontSizes = { @@ -16,7 +12,7 @@ medium = "12"; }; in { - imports = with tree; [home.gui.base home.apps.kitty]; + imports = with tree.profiles.home-manager; [gui.base apps.kitty]; home.packages = with pkgs; [ dconf2nix diff --git a/home/homeFolders.nix b/profiles/home-manager/homeFolders.nix similarity index 100% rename from home/homeFolders.nix rename to profiles/home-manager/homeFolders.nix diff --git a/home/musicLibrary.nix b/profiles/home-manager/musicLibrary.nix similarity index 96% rename from home/musicLibrary.nix rename to profiles/home-manager/musicLibrary.nix index 76ac0ff..bcca7d1 100644 --- a/home/musicLibrary.nix +++ b/profiles/home-manager/musicLibrary.nix @@ -3,9 +3,9 @@ tree, ... }: { - imports = with tree; [ - home.apps.rclone - home.apps.musicutil + imports = with tree.profiles.home-manager; [ + apps.rclone + apps.musicutil ]; home.packages = [ diff --git a/home/programming/editors/nano/nano.nix b/profiles/home-manager/programming/editors/nano/nano.nix similarity index 100% rename from home/programming/editors/nano/nano.nix rename to profiles/home-manager/programming/editors/nano/nano.nix diff --git a/home/programming/editors/vscode.nix b/profiles/home-manager/programming/editors/vscode.nix similarity index 100% rename from home/programming/editors/vscode.nix rename to profiles/home-manager/programming/editors/vscode.nix diff --git a/home/programming/languages/go.nix b/profiles/home-manager/programming/languages/go.nix similarity index 100% rename from home/programming/languages/go.nix rename to profiles/home-manager/programming/languages/go.nix diff --git a/home/programming/languages/nix.nix b/profiles/home-manager/programming/languages/nix.nix similarity index 100% rename from home/programming/languages/nix.nix rename to profiles/home-manager/programming/languages/nix.nix diff --git a/home/programming/languages/rust.nix b/profiles/home-manager/programming/languages/rust.nix similarity index 100% rename from home/programming/languages/rust.nix rename to profiles/home-manager/programming/languages/rust.nix diff --git a/home/reversing/discovery.nix b/profiles/home-manager/reversing/discovery.nix similarity index 100% rename from home/reversing/discovery.nix rename to profiles/home-manager/reversing/discovery.nix diff --git a/home/reversing/dotnet.nix b/profiles/home-manager/reversing/dotnet.nix similarity index 100% rename from home/reversing/dotnet.nix rename to profiles/home-manager/reversing/dotnet.nix diff --git a/home/sshUSB.nix b/profiles/home-manager/sshUSB.nix similarity index 76% rename from home/sshUSB.nix rename to profiles/home-manager/sshUSB.nix index 6ebe5aa..9cbda6f 100644 --- a/home/sshUSB.nix +++ b/profiles/home-manager/sshUSB.nix @@ -1,5 +1,5 @@ -{...}: let - encryptedUSBData = import ../data/drives/encryptedUSB.nix; +{self, ...}: let + encryptedUSBData = import "${self}/data/drives/encryptedUSB.nix"; in { programs.ssh.matchBlocks."*".identityFile = "${encryptedUSBData.sshPrivateKeyPath}"; programs.git.extraConfig = { diff --git a/profiles/minimalServer.nix b/profiles/minimalServer.nix deleted file mode 100644 index 5de54bc..0000000 --- a/profiles/minimalServer.nix +++ /dev/null @@ -1,8 +0,0 @@ -{lib, ...}: let - inherit (lib.modules) mkDefault; -in { - environment.noXlibs = mkDefault true; - documentation.man.enable = mkDefault false; - documentation.doc.enable = mkDefault false; - fonts.fontconfig.enable = mkDefault false; -} diff --git a/profiles/base/boot.nix b/profiles/nixos/base/boot.nix similarity index 100% rename from profiles/base/boot.nix rename to profiles/nixos/base/boot.nix diff --git a/profiles/base/editors.nix b/profiles/nixos/base/editors.nix similarity index 100% rename from profiles/base/editors.nix rename to profiles/nixos/base/editors.nix diff --git a/profiles/base/hardware.nix b/profiles/nixos/base/hardware.nix similarity index 100% rename from profiles/base/hardware.nix rename to profiles/nixos/base/hardware.nix diff --git a/profiles/base/home.nix b/profiles/nixos/base/home.nix similarity index 100% rename from profiles/base/home.nix rename to profiles/nixos/base/home.nix diff --git a/profiles/base/consoleLocale.nix b/profiles/nixos/base/locale.nix similarity index 100% rename from profiles/base/consoleLocale.nix rename to profiles/nixos/base/locale.nix diff --git a/profiles/base/nix.nix b/profiles/nixos/base/nix.nix similarity index 88% rename from profiles/base/nix.nix rename to profiles/nixos/base/nix.nix index 9f6e53b..63bb793 100644 --- a/profiles/base/nix.nix +++ b/profiles/nixos/base/nix.nix @@ -1,4 +1,5 @@ { + self, inputs, config, pkgs, @@ -24,13 +25,9 @@ in { nixpkgs = mkIf (!config.boot.isContainer) { config = { allowUnfree = true; - - permittedInsecurePackages = [ - "electron-25.9.0" - ]; }; overlays = [ - (import ../../overlay) + (import "${self}/overlay") ]; }; environment.etc."nixpkgs-commit".text = inputs.nixpkgs-unstable.rev; diff --git a/profiles/base/programs.nix b/profiles/nixos/base/programs.nix similarity index 100% rename from profiles/base/programs.nix rename to profiles/nixos/base/programs.nix diff --git a/profiles/base/sudo.nix b/profiles/nixos/base/sudo.nix similarity index 100% rename from profiles/base/sudo.nix rename to profiles/nixos/base/sudo.nix diff --git a/profiles/base/terminals.nix b/profiles/nixos/base/terminals.nix similarity index 100% rename from profiles/base/terminals.nix rename to profiles/nixos/base/terminals.nix diff --git a/profiles/base/zsh.nix b/profiles/nixos/base/zsh.nix similarity index 100% rename from profiles/base/zsh.nix rename to profiles/nixos/base/zsh.nix diff --git a/profiles/connectivity/bluetooth/bluetooth.nix b/profiles/nixos/connectivity/bluetooth.nix similarity index 100% rename from profiles/connectivity/bluetooth/bluetooth.nix rename to profiles/nixos/connectivity/bluetooth.nix diff --git a/profiles/connectivity/iOS/default.nix b/profiles/nixos/connectivity/iOS.nix similarity index 73% rename from profiles/connectivity/iOS/default.nix rename to profiles/nixos/connectivity/iOS.nix index ca83a44..e34c02f 100644 --- a/profiles/connectivity/iOS/default.nix +++ b/profiles/nixos/connectivity/iOS.nix @@ -3,6 +3,6 @@ environment.systemPackages = with pkgs; [ libimobiledevice - ifuse # optional, to mount using 'ifuse' + ifuse ]; } diff --git a/profiles/connectivity/networkManager/nm.nix b/profiles/nixos/connectivity/networkManager.nix similarity index 100% rename from profiles/connectivity/networkManager/nm.nix rename to profiles/nixos/connectivity/networkManager.nix diff --git a/profiles/cross/arm64.nix b/profiles/nixos/cross/arm64.nix similarity index 100% rename from profiles/cross/arm64.nix rename to profiles/nixos/cross/arm64.nix diff --git a/profiles/firewallAllow/aria2c.nix b/profiles/nixos/firewallAllow/aria2c.nix similarity index 100% rename from profiles/firewallAllow/aria2c.nix rename to profiles/nixos/firewallAllow/aria2c.nix diff --git a/profiles/firewallAllow/httpCommon.nix b/profiles/nixos/firewallAllow/httpCommon.nix similarity index 100% rename from profiles/firewallAllow/httpCommon.nix rename to profiles/nixos/firewallAllow/httpCommon.nix diff --git a/profiles/firewallAllow/soulseek.nix b/profiles/nixos/firewallAllow/soulseek.nix similarity index 100% rename from profiles/firewallAllow/soulseek.nix rename to profiles/nixos/firewallAllow/soulseek.nix diff --git a/profiles/firewallAllow/ssh.nix b/profiles/nixos/firewallAllow/ssh.nix similarity index 100% rename from profiles/firewallAllow/ssh.nix rename to profiles/nixos/firewallAllow/ssh.nix diff --git a/profiles/gaming/steam.nix b/profiles/nixos/gaming/steam.nix similarity index 100% rename from profiles/gaming/steam.nix rename to profiles/nixos/gaming/steam.nix diff --git a/profiles/gui/base/default.nix b/profiles/nixos/gui/base/default.nix similarity index 80% rename from profiles/gui/base/default.nix rename to profiles/nixos/gui/base/default.nix index ce23826..a3f2b82 100644 --- a/profiles/gui/base/default.nix +++ b/profiles/nixos/gui/base/default.nix @@ -1,20 +1,8 @@ -{ - pkgs, - lib, - config, - ... -}: let - inherit (lib.modules) mkIf; - - networkManagerEnabled = config.networking.networkmanager.enable; -in { +{pkgs, ...}: { environment.systemPackages = with pkgs; [ adwaita-icon-theme - (mkIf networkManagerEnabled pkgs.networkmanagerapplet) ]; - programs.nm-applet.enable = networkManagerEnabled; - programs.dconf.enable = true; services.xserver.xkb = { diff --git a/profiles/gui/environments/gnome/default.nix b/profiles/nixos/gui/environments/gnome/default.nix similarity index 100% rename from profiles/gui/environments/gnome/default.nix rename to profiles/nixos/gui/environments/gnome/default.nix diff --git a/profiles/gui/greeter/gdm.nix b/profiles/nixos/gui/greeter/gdm.nix similarity index 100% rename from profiles/gui/greeter/gdm.nix rename to profiles/nixos/gui/greeter/gdm.nix diff --git a/profiles/gui/greeter/sddm.nix b/profiles/nixos/gui/greeter/sddm.nix similarity index 100% rename from profiles/gui/greeter/sddm.nix rename to profiles/nixos/gui/greeter/sddm.nix diff --git a/profiles/laptop.nix b/profiles/nixos/laptop.nix similarity index 100% rename from profiles/laptop.nix rename to profiles/nixos/laptop.nix diff --git a/profiles/mullvad.nix b/profiles/nixos/mullvad.nix similarity index 100% rename from profiles/mullvad.nix rename to profiles/nixos/mullvad.nix diff --git a/profiles/nginx.nix b/profiles/nixos/nginx.nix similarity index 100% rename from profiles/nginx.nix rename to profiles/nixos/nginx.nix diff --git a/profiles/nixGC.nix b/profiles/nixos/nixGC.nix similarity index 100% rename from profiles/nixGC.nix rename to profiles/nixos/nixGC.nix diff --git a/profiles/printing/printing.nix b/profiles/nixos/printing/printing.nix similarity index 100% rename from profiles/printing/printing.nix rename to profiles/nixos/printing/printing.nix diff --git a/profiles/remoteBuilders.nix b/profiles/nixos/remoteBuilders.nix similarity index 100% rename from profiles/remoteBuilders.nix rename to profiles/nixos/remoteBuilders.nix diff --git a/profiles/serverExtras.nix b/profiles/nixos/serverExtras.nix similarity index 100% rename from profiles/serverExtras.nix rename to profiles/nixos/serverExtras.nix diff --git a/profiles/sound/base.nix b/profiles/nixos/sound/base.nix similarity index 100% rename from profiles/sound/base.nix rename to profiles/nixos/sound/base.nix diff --git a/profiles/sound/pipewire/default.nix b/profiles/nixos/sound/pipewire/default.nix similarity index 100% rename from profiles/sound/pipewire/default.nix rename to profiles/nixos/sound/pipewire/default.nix diff --git a/profiles/sshd/sshd.nix b/profiles/nixos/sshd/sshd.nix similarity index 100% rename from profiles/sshd/sshd.nix rename to profiles/nixos/sshd/sshd.nix diff --git a/profiles/tor/tor.nix b/profiles/nixos/tor/tor.nix similarity index 100% rename from profiles/tor/tor.nix rename to profiles/nixos/tor/tor.nix diff --git a/profiles/usbAutoMount.nix b/profiles/nixos/usbAutoMount.nix similarity index 93% rename from profiles/usbAutoMount.nix rename to profiles/nixos/usbAutoMount.nix index ebba47d..fb40245 100644 --- a/profiles/usbAutoMount.nix +++ b/profiles/nixos/usbAutoMount.nix @@ -1,5 +1,9 @@ -{pkgs, ...}: let - encryptedUSB = import ../data/drives/encryptedUSB.nix; +{ + pkgs, + self, + ... +}: let + encryptedUSB = import "${self}/data/drives/encryptedUSB.nix"; encUSBMount = pkgs.writeShellScriptBin "enc_usb_mount" '' export MAPPER_NAME=''${MAPPER_NAME:-${encryptedUSB.mapperName}} diff --git a/profiles/wifiHardware.nix b/profiles/nixos/wifiHardware.nix similarity index 100% rename from profiles/wifiHardware.nix rename to profiles/nixos/wifiHardware.nix diff --git a/treeConfig.nix b/treeConfig.nix index 5afc849..a6138c5 100644 --- a/treeConfig.nix +++ b/treeConfig.nix @@ -2,9 +2,12 @@ folder = ./.; config = { "hosts/*".functor.enable = true; - "profiles/*".functor.enable = true; "users/*".functor.enable = true; "home/*".functor.enable = true; + + "profiles/nixos/*".functor.enable = true; + "profiles/home-manager/*".functor.enable = true; + "presets/nixos/*".functor.enable = true; "modules/nixos" = {