From 43c9825e49d25fbd2c19abcdeb8f73aee8be2a4c Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Wed, 14 May 2025 10:50:27 +0200 Subject: ... --- _sources/generated.json | 26 +-- _sources/generated.nix | 26 +-- accounts/gkleen@eostre.nix | 8 +- accounts/gkleen@installer.nix | 8 +- accounts/gkleen@sif/default.nix | 31 ++- accounts/gkleen@sif/niri/default.nix | 14 +- accounts/gkleen@sif/niri/mako.nix | 54 +++-- accounts/gkleen@sif/systemd.nix | 32 +-- accounts/gkleen@sif/zshrc | 80 ++++---- accounts/gkleen@surtr.nix | 8 +- accounts/gkleen@vidhar.nix | 4 + accounts/mherold@eostre.nix | 6 +- accounts/root@installer.nix | 8 +- accounts/root@sif.nix | 8 +- accounts/root@surtr.nix | 8 +- accounts/root@vidhar.nix | 9 +- flake.lock | 72 +++---- hosts/sif/default.nix | 34 ---- hosts/sif/ruleset.nft | 8 +- hosts/surtr/email/default.nix | 14 +- hosts/surtr/vpn/default.nix | 8 +- hosts/surtr/vpn/geri.pub | 2 +- hosts/vidhar/network/dhcp/default.nix | 88 ++++---- installer-profiles/cd-dvd.nix | 8 +- installer-profiles/netboot.nix | 5 + installer-profiles/nfsroot.nix | 2 + installer/default.nix | 2 +- modules/i18n.nix | 156 ++++++++++++++ modules/installer.nix | 56 +++++ modules/postsrsd.nix | 157 ++++++++++++++ overlays/cake-prometheus-exporter/default.nix | 11 +- overlays/inwx-cdnskey/default.nix | 11 +- overlays/nftables-prometheus-exporter/default.nix | 11 +- overlays/persistent-nix-shell/default.nix | 5 +- overlays/postsrsd.nix | 11 + overlays/zte-prometheus-exporter/default.nix | 11 +- system-profiles/core/default.nix | 26 +-- system-profiles/default-locale.nix | 27 ++- system-profiles/rebuild-machines/default.nix | 20 +- user-profiles/feeds/alot.config | 50 ----- user-profiles/feeds/default.nix | 11 - user-profiles/feeds/imm-notmuch-insert.py | 52 ----- user-profiles/feeds/module.nix | 236 ---------------------- user-profiles/tmux/default.nix | 10 +- user-profiles/tmux/tmux.conf | 9 +- user-profiles/utils.nix | 4 +- user-profiles/zsh/default.nix | 95 ++++++--- user-profiles/zsh/zshrc | 6 - users/gkleen/default.nix | 2 +- users/root.nix | 2 +- 50 files changed, 795 insertions(+), 757 deletions(-) create mode 100644 modules/i18n.nix create mode 100644 modules/installer.nix create mode 100644 modules/postsrsd.nix create mode 100644 overlays/postsrsd.nix delete mode 100644 user-profiles/feeds/alot.config delete mode 100644 user-profiles/feeds/default.nix delete mode 100644 user-profiles/feeds/imm-notmuch-insert.py delete mode 100644 user-profiles/feeds/module.nix diff --git a/_sources/generated.json b/_sources/generated.json index b3604420..be1e12e9 100644 --- a/_sources/generated.json +++ b/_sources/generated.json @@ -270,11 +270,11 @@ "pinned": false, "src": { "name": null, - "sha256": "sha256-D0UnGL0H+zua5fJAoBbfEyU4ZdjQXf6LeQ+475oVKow=", + "sha256": "sha256-8kd17ChqLuVH5/OdPc2rVDKEDWHl9ZWLh8k+EBrCGH8=", "type": "url", - "url": "https://github.com/netbootxyz/netboot.xyz/releases/download/2.0.86/netboot.xyz.efi" + "url": "https://github.com/netbootxyz/netboot.xyz/releases/download/2.0.87/netboot.xyz.efi" }, - "version": "2.0.86" + "version": "2.0.87" }, "netbootxyz-lkrn": { "cargoLocks": null, @@ -285,11 +285,11 @@ "pinned": false, "src": { "name": null, - "sha256": "sha256-zUuvv/MCXhgqBCa4dl4+bWtS+Z1PCDRUX0pGLonaWpY=", + "sha256": "sha256-/qY3NdRC0SghQ4kamrkm9EFumrKlirqDCJ+XY+jHWLA=", "type": "url", - "url": "https://github.com/netbootxyz/netboot.xyz/releases/download/2.0.86/netboot.xyz.lkrn" + "url": "https://github.com/netbootxyz/netboot.xyz/releases/download/2.0.87/netboot.xyz.lkrn" }, - "version": "2.0.86" + "version": "2.0.87" }, "postfix-mta-sts-resolver": { "cargoLocks": null, @@ -437,7 +437,7 @@ }, "v4l2loopback": { "cargoLocks": null, - "date": "2025-04-16", + "date": "2025-04-29", "extract": null, "name": "v4l2loopback", "passthru": null, @@ -449,12 +449,12 @@ "name": null, "owner": "umlaeute", "repo": "v4l2loopback", - "rev": "119543510c0455f4e6517ae82d81d65354225a31", - "sha256": "sha256-1SAYXV0KEQEQEiQbBom2YHoeDzuDWkmCmcetlU85h/M=", + "rev": "8d806ad688961d8840081a609c39d1a82d296b24", + "sha256": "sha256-zuE/qFI8QCWCePmHWjTIPTh2KzmDkwQ2uj5C1dAwo1c=", "sparseCheckout": [], "type": "github" }, - "version": "119543510c0455f4e6517ae82d81d65354225a31" + "version": "8d806ad688961d8840081a609c39d1a82d296b24" }, "xcompose": { "cargoLocks": null, @@ -486,10 +486,10 @@ "pinned": false, "src": { "name": null, - "sha256": "sha256-G/4OZg0acKCeJ7LVj5LjCx4uNizEh4KfL4JDRq5J+5E=", + "sha256": "sha256-0BNn0MOulONcseLsy3p8cOGBxMpEj07iN08mSJ0mNgM=", "type": "url", - "url": "https://pypi.org/packages/source/y/yt_dlp/yt_dlp-2025.3.31.tar.gz" + "url": "https://pypi.org/packages/source/y/yt_dlp/yt_dlp-2025.4.30.tar.gz" }, - "version": "2025.3.31" + "version": "2025.4.30" } } \ No newline at end of file diff --git a/_sources/generated.nix b/_sources/generated.nix index c3b65800..ff85bc0d 100644 --- a/_sources/generated.nix +++ b/_sources/generated.nix @@ -164,18 +164,18 @@ }; netbootxyz-efi = { pname = "netbootxyz-efi"; - version = "2.0.86"; + version = "2.0.87"; src = fetchurl { - url = "https://github.com/netbootxyz/netboot.xyz/releases/download/2.0.86/netboot.xyz.efi"; - sha256 = "sha256-D0UnGL0H+zua5fJAoBbfEyU4ZdjQXf6LeQ+475oVKow="; + url = "https://github.com/netbootxyz/netboot.xyz/releases/download/2.0.87/netboot.xyz.efi"; + sha256 = "sha256-8kd17ChqLuVH5/OdPc2rVDKEDWHl9ZWLh8k+EBrCGH8="; }; }; netbootxyz-lkrn = { pname = "netbootxyz-lkrn"; - version = "2.0.86"; + version = "2.0.87"; src = fetchurl { - url = "https://github.com/netbootxyz/netboot.xyz/releases/download/2.0.86/netboot.xyz.lkrn"; - sha256 = "sha256-zUuvv/MCXhgqBCa4dl4+bWtS+Z1PCDRUX0pGLonaWpY="; + url = "https://github.com/netbootxyz/netboot.xyz/releases/download/2.0.87/netboot.xyz.lkrn"; + sha256 = "sha256-/qY3NdRC0SghQ4kamrkm9EFumrKlirqDCJ+XY+jHWLA="; }; }; postfix-mta-sts-resolver = { @@ -270,15 +270,15 @@ }; v4l2loopback = { pname = "v4l2loopback"; - version = "119543510c0455f4e6517ae82d81d65354225a31"; + version = "8d806ad688961d8840081a609c39d1a82d296b24"; src = fetchFromGitHub { owner = "umlaeute"; repo = "v4l2loopback"; - rev = "119543510c0455f4e6517ae82d81d65354225a31"; + rev = "8d806ad688961d8840081a609c39d1a82d296b24"; fetchSubmodules = true; - sha256 = "sha256-1SAYXV0KEQEQEiQbBom2YHoeDzuDWkmCmcetlU85h/M="; + sha256 = "sha256-zuE/qFI8QCWCePmHWjTIPTh2KzmDkwQ2uj5C1dAwo1c="; }; - date = "2025-04-16"; + date = "2025-04-29"; }; xcompose = { pname = "xcompose"; @@ -294,10 +294,10 @@ }; yt-dlp = { pname = "yt-dlp"; - version = "2025.3.31"; + version = "2025.4.30"; src = fetchurl { - url = "https://pypi.org/packages/source/y/yt_dlp/yt_dlp-2025.3.31.tar.gz"; - sha256 = "sha256-G/4OZg0acKCeJ7LVj5LjCx4uNizEh4KfL4JDRq5J+5E="; + url = "https://pypi.org/packages/source/y/yt_dlp/yt_dlp-2025.4.30.tar.gz"; + sha256 = "sha256-0BNn0MOulONcseLsy3p8cOGBxMpEj07iN08mSJ0mNgM="; }; }; } diff --git a/accounts/gkleen@eostre.nix b/accounts/gkleen@eostre.nix index 72818d44..28daf3fd 100644 --- a/accounts/gkleen@eostre.nix +++ b/accounts/gkleen@eostre.nix @@ -1,16 +1,16 @@ { flake, userName, pkgs, ... }: { imports = with flake.nixosModules.userProfiles.${userName}; [ - zsh utils tmux + utils ]; config = { home-manager.users.${userName} = { home.stateVersion = "20.09"; - nixpkgs.config = { - allowUnfree = true; - }; + # nixpkgs.config = { + # allowUnfree = true; + # }; home.packages = with pkgs; [ thunderbird libreoffice element-desktop keepassxc vlc diff --git a/accounts/gkleen@installer.nix b/accounts/gkleen@installer.nix index c7a418f8..5fe1db38 100644 --- a/accounts/gkleen@installer.nix +++ b/accounts/gkleen@installer.nix @@ -1,7 +1,11 @@ -{ userName, ... }: +{ flake, userName, ... }: { - home-manager.users.${userName} = { config, ... } : { + imports = with flake.nixosModules.userProfiles.${userName}; [ + zsh tmux + ]; + + config.home-manager.users.${userName} = { config, ... } : { home.stateVersion = config.home.version.release; }; } diff --git a/accounts/gkleen@sif/default.nix b/accounts/gkleen@sif/default.nix index b46d021e..80f03e49 100644 --- a/accounts/gkleen@sif/default.nix +++ b/accounts/gkleen@sif/default.nix @@ -63,7 +63,7 @@ let }; in { imports = with flake.nixosModules.userProfiles.${userName}; [ - mpv yt-dlp (args: import ./xcompose.nix (inputs // args)) + zsh tmux mpv yt-dlp (args: import ./xcompose.nix (inputs // args)) ]; config = { @@ -77,10 +77,10 @@ in { home.stateVersion = "20.09"; - nixpkgs.config = { - allowUnfree = true; - zathura.useMupdf = false; - }; + # nixpkgs.config = { + # allowUnfree = true; + # zathura.useMupdf = false; + # }; nix.registry = { "flk" = { @@ -186,7 +186,7 @@ in { gpu-api = "vulkan"; }; - zsh.initExtra = let + zsh.initContent = let zshrc = pkgs.resholve.mkDerivation { pname = "zshrc"; version = "0.0.0"; @@ -219,7 +219,6 @@ in { gnutar cpio magic-wormhole - quickserve cfg.programs.zsh.package fuse util-linux @@ -232,6 +231,7 @@ in { config.systemd.package config.programs.ssh.package gnused + miniserve ]; execer = with pkgs; [ "cannot:${lib.getExe' rpm "rpm2cpio"}" @@ -240,7 +240,6 @@ in { "cannot:${lib.getExe cfg.programs.git.package}" "cannot:${lib.getExe cpio}" "cannot:${lib.getExe' magic-wormhole "wormhole"}" - "cannot:${lib.getExe quickserve}" "cannot:${lib.getExe' fuse "fusermount"}" "cannot:${lib.getExe less}" "cannot:${lib.getExe' config.systemd.package "systemctl"}" @@ -322,14 +321,6 @@ in { "kitty_mod+m" = "detach_window ask"; }; }; - wpaperd = { - enable = true; - settings.default = { - path = "~/.wallpapers"; - duration = "15m"; - mode = "center"; - }; - }; fuzzel = { enable = true; settings = { @@ -360,6 +351,14 @@ in { }; services = { + wpaperd = { + enable = true; + settings.default = { + path = "~/.wallpapers"; + duration = "15m"; + mode = "center"; + }; + }; emacs = { enable = true; socketActivation.enable = true; diff --git a/accounts/gkleen@sif/niri/default.nix b/accounts/gkleen@sif/niri/default.nix index 732e3c7a..a9b4b0f8 100644 --- a/accounts/gkleen@sif/niri/default.nix +++ b/accounts/gkleen@sif/niri/default.nix @@ -249,7 +249,7 @@ in { import os import socket import json - import sys + # import sys from collections import defaultdict from threading import Thread, Lock from socketserver import StreamRequestHandler, ThreadingTCPServer @@ -275,7 +275,7 @@ in { def focus_workspace(output, workspace): with history_lock: workspace_history[output] = [workspace] + [ws for ws in workspace_history[output] if ws != workspace] # noqa: E501 - print(json.dumps(workspace_history), file=sys.stderr) + # print(json.dumps(workspace_history), file=sys.stderr) sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) sock.connect(os.environ["NIRI_SOCKET"]) @@ -743,19 +743,19 @@ in { "Mod+Shift+Control+C".action = move-workspace-up; "Mod+ParenLeft".action = focus-workspace "comm"; - "Mod+Shift+ParenLeft".action = move-column-to-workspace "comm"; + "Mod+Shift+ParenLeft".action = kdl.magic-leaf "move-column-to-workspace" "comm"; "Mod+ParenRight".action = focus-workspace "web"; - "Mod+Shift+ParenRight".action = move-column-to-workspace "web"; + "Mod+Shift+ParenRight".action = kdl.magic-leaf "move-column-to-workspace" "web"; "Mod+BraceRight".action = focus-workspace "read"; - "Mod+Shift+BraceRight".action = move-column-to-workspace "read"; + "Mod+Shift+BraceRight".action = kdl.magic-leaf "move-column-to-workspace" "read"; "Mod+BraceLeft".action = focus-workspace "mon"; - "Mod+Shift+BraceLeft".action = move-column-to-workspace "mon"; + "Mod+Shift+BraceLeft".action = kdl.magic-leaf "move-column-to-workspace" "mon"; "Mod+Asterisk".action = focus-workspace "vid"; - "Mod+Shift+Asterisk".action = move-column-to-workspace "vid"; + "Mod+Shift+Asterisk".action = kdl.magic-leaf "move-column-to-workspace" "vid"; "Mod+Plus".action = with-unnamed-workspace-action ''{"Action":{"FocusWorkspace":{"reference":{"Id": .id}}}}''; "Mod+Shift+Plus".action = with-unnamed-workspace-action ''{"Action":{"MoveColumnToWorkspace":{"reference":{"Id": .id}}}}''; diff --git a/accounts/gkleen@sif/niri/mako.nix b/accounts/gkleen@sif/niri/mako.nix index 2788fb82..9373dc21 100644 --- a/accounts/gkleen@sif/niri/mako.nix +++ b/accounts/gkleen@sif/niri/mako.nix @@ -3,37 +3,29 @@ config = { services.mako = { enable = true; - font = "Fira Sans 10"; - format = "%s\\n%b"; - margin = "2"; - maxVisible = -1; - backgroundColor = "#000000dd"; - progressColor = "source #223544ff"; - width = 384; - extraConfig = '' - outer-margin=1 - max-history=100 - max-icon-size=48 - - [grouped] - format=(%g) %s\n%b - - [urgency=low] - text-color=#999999ff - - [urgency=critical] - background-color=#900000dd - - [app-name=Element] - group-by=summary - - [app-name=poweralertd] - ignore-timeout=1 - default-timeout=2000 - - [mode=silent] - invisible=1 - ''; + settings = { + font = "Fira Sans 10"; + format = "%s\\n%b"; + margin = "2"; + max-visible = -1; + background-color = "#000000dd"; + progress-color = "source #223544ff"; + width = 384; + outer-margin = 1; + max-history = 100; + max-icon-size = 48; + }; + criteria = { + grouped.format = "(%g) %s\n%b"; + "urgency=low".text-color = "#999999ff"; + "urgency=critical".background-color = "#900000dd"; + "app-name=Element".group-by = "summary"; + "app-name=poweralertd" = { + ignore-timeout = true; + default-timeout = 2000; + }; + "mode=silent".invisible = true; + }; package = pkgs.symlinkJoin { name = "${pkgs.mako.name}-wrapped"; paths = with pkgs; [ mako ]; diff --git a/accounts/gkleen@sif/systemd.nix b/accounts/gkleen@sif/systemd.nix index 2237b708..90cccc58 100644 --- a/accounts/gkleen@sif/systemd.nix +++ b/accounts/gkleen@sif/systemd.nix @@ -242,7 +242,7 @@ in { "-${lib.getExe pkgs.playerctl} -a pause" "-${lib.getExe (pkgs.writeShellApplication { name = "generate-css"; - runtimeInputs = with pkgs; [cfg.programs.wpaperd.package jq coreutils imagemagick findutils]; + runtimeInputs = with pkgs; [cfg.services.wpaperd.package jq coreutils imagemagick findutils]; text = '' declare -A monitors monitors=() @@ -333,21 +333,21 @@ in { ExecStopPost = "${pkgs.coreutils}/bin/rm -rfv \"$CACHE_DIRECTORY\""; }; }; - wpaperd = { - Install = { - WantedBy = ["graphical-session.target"]; - }; - Unit = { - After = [ "graphical-session.target" ]; - PartOf = [ "graphical-session.target" ]; - }; - Service = { - ExecStart = lib.getExe cfg.programs.wpaperd.package; - Type = "simple"; - Restart = "always"; - RestartSec = "2s"; - }; - }; + # wpaperd = { + # Install = { + # WantedBy = ["graphical-session.target"]; + # }; + # Unit = { + # After = [ "graphical-session.target" ]; + # PartOf = [ "graphical-session.target" ]; + # }; + # Service = { + # ExecStart = lib.getExe cfg.services.wpaperd.package; + # Type = "simple"; + # Restart = "always"; + # RestartSec = "2s"; + # }; + # }; xembed-sni-proxy = { Unit = { PartOf = lib.mkForce ["tray.target"]; diff --git a/accounts/gkleen@sif/zshrc b/accounts/gkleen@sif/zshrc index 06f6f6f2..7645e0fc 100644 --- a/accounts/gkleen@sif/zshrc +++ b/accounts/gkleen@sif/zshrc @@ -6,11 +6,10 @@ dir() { forceShell=false wormhole=false gitWorktree="" - # notmuchMsg="" - quickserve=false modifyPDF="" + miniserve=false - while getopts ':t:a:d:ir:wqg:p:' arg; do + while getopts ':t:a:d:ir:wg:p:m' arg; do case $arg in "t") ;; "a") @@ -26,9 +25,8 @@ dir() { "r") repoUrl=${OPTARG} ;; "w") wormhole=true ;; "g") gitWorktree=${OPTARG} ;; - # "n") notmuchMsg=${OPTARG} ;; - "q") quickserve=true ;; "p") modifyPDF=${OPTARG:a} ;; + "m") miniserve=true ;; *) printf "Invalid option: %s\n" $arg >&2; exit 2 ;; esac done @@ -52,17 +50,29 @@ dir() { gitWorktree="" fi + miniservePIDFile="" + if [[ ${miniserve} = "true" ]]; then + miniservePIDFile=$(mktemp --tmpdir --suffix=.pid) + fi + cleanup() { - cd ${modifyPDF:h} if [[ -n ${modifyPDF} ]]; then + cd ${modifyPDF:h} typeset -a pages eval 'pages=(${dir}/${modifyPDF:t:r}_*.png(on))' magick -verbose "$pages" ${modifyPDF} + modifyPDF="" + fi + if [[ -n ${miniservePIDFile} ]]; then + kill --verbose $(cat ${miniservePIDFile}) && wait $(cat ${miniservePIDFile}) + miniservePIDFile="" fi } ( + set -o localtraps + trap 'return 1' INT TERM trap cleanup EXIT cd ${dir} @@ -135,18 +145,18 @@ dir() { [[ $wormhole = "true" ]] && wormhole receive --accept-file - if [[ $quickserve = "true" ]]; then - quickserve --root . --upload . --show-hidden --tar gz + if [[ ${#@} -gt 0 ]]; then + ${@} fi + cd $(pwd) # Needed for mounting to work - if [[ ${#@} -eq 0 ]] || [[ $forceShell = "true" ]]; then - if [[ ${#@} -gt 0 ]]; then - ${@} - fi - - cd $(pwd) # Needed for mounting to work + if [[ ${miniserve} = "true" ]]; then + miniserve --random-route --hidden --enable-tar-gz --enable-zip . & + echo $! > "${miniservePIDFile}" + fi + if [[ ${#@} -eq 0 ]] && [[ ${miniserve} != "true" ]] || [[ $forceShell = "true" ]]; then isSingleDir() { typeset -a contents contents=(*(N) .*(N)) @@ -160,10 +170,9 @@ dir() { } while d=$(isSingleDir); do cd ${d}; done - zsh - else - ${@} + elif [[ ${miniserve} == "true" ]]; then + wait $(cat "${miniservePIDFile}") fi ) } @@ -171,27 +180,30 @@ dir() { tmpdir() { cleanup() { - cd / + cd / unmount() { printf "Unmounting %s\n" ${1} >&2 fusermount -u ${1} || umount ${1} || sudo umount ${1} } - if mountpoint -q -- ${dir}; then - unmount ${dir} || return $? - else - while read -d $'\0' subDir; do - mountpoint -q -- ${subDir} || continue - unmount ${subDir} || return $? - done <<<$(find ${dir} -xdev -type d -print0 | sort -zr) - fi - - rm -rfv --one-file-system -- ${dir} + if [[ -n ${dir} ]]; then + if mountpoint -q -- ${dir}; then + unmount ${dir} || return $? + else + while read -d $'\0' subDir; do + mountpoint -q -- ${subDir} || continue + unmount ${subDir} || return $? + done <<<$(find ${dir} -xdev -type d -print0 | sort -zr) + fi + + rm -rfv --one-file-system -- ${dir} + dir="" + fi } local tmpdir="" - while getopts ':t:a:s:Sd:ir:wqg:p:' arg; do + while getopts ':t:a:d:ir:wg:p:m' arg; do case $arg in "t") tmpdir="=${OPTARG}" ;; "?"|":") printf "Invalid option: %s\n" $arg >&2; exit 2 ;; @@ -199,6 +211,8 @@ tmpdir() { done ( + set -o localtraps + trap 'return 1' INT TERM trap cleanup EXIT @@ -247,14 +261,6 @@ l() { ls --long --binary --git --time-style=iso --header $@ } -re() { - systemctl restart $@ -} - -ure() { - systemctl --user restart $@ -} - ssh-installer() { ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o IdentityFile=~/.ssh/gkleen@sif.midgard.yggdrasil $@ } diff --git a/accounts/gkleen@surtr.nix b/accounts/gkleen@surtr.nix index 58c4f21d..8f678ac9 100644 --- a/accounts/gkleen@surtr.nix +++ b/accounts/gkleen@surtr.nix @@ -1,3 +1,7 @@ -{ userName, ... }: { - home-manager.users.${userName}.home.stateVersion = "20.09"; +{ flake, userName, ... }: { + imports = with flake.nixosModules.userProfiles.${userName}; [ + zsh tmux + ]; + + config.home-manager.users.${userName}.home.stateVersion = "20.09"; } diff --git a/accounts/gkleen@vidhar.nix b/accounts/gkleen@vidhar.nix index 8509c2f4..3a37c4bd 100644 --- a/accounts/gkleen@vidhar.nix +++ b/accounts/gkleen@vidhar.nix @@ -1,4 +1,8 @@ { flake, pkgs, userName, config, ... }: { + imports = with flake.nixosModules.userProfiles.${userName}; [ + zsh tmux + ]; + config = { users.users.${userName} = { uid = 1000; diff --git a/accounts/mherold@eostre.nix b/accounts/mherold@eostre.nix index 51e4529a..0e2f37aa 100644 --- a/accounts/mherold@eostre.nix +++ b/accounts/mherold@eostre.nix @@ -7,9 +7,9 @@ home-manager.users.${userName} = { home.stateVersion = "20.09"; - nixpkgs.config = { - allowUnfree = true; - }; + # nixpkgs.config = { + # allowUnfree = true; + # }; home.packages = with pkgs; [ thunderbird libreoffice element-desktop keepassxc vlc diff --git a/accounts/root@installer.nix b/accounts/root@installer.nix index c7a418f8..5fe1db38 100644 --- a/accounts/root@installer.nix +++ b/accounts/root@installer.nix @@ -1,7 +1,11 @@ -{ userName, ... }: +{ flake, userName, ... }: { - home-manager.users.${userName} = { config, ... } : { + imports = with flake.nixosModules.userProfiles.${userName}; [ + zsh tmux + ]; + + config.home-manager.users.${userName} = { config, ... } : { home.stateVersion = config.home.version.release; }; } diff --git a/accounts/root@sif.nix b/accounts/root@sif.nix index c9e129a0..bb816230 100644 --- a/accounts/root@sif.nix +++ b/accounts/root@sif.nix @@ -1,6 +1,10 @@ -{ userName, ... }: +{ flake, userName, ... }: { - home-manager.users.${userName} = { + imports = with flake.nixosModules.userProfiles.${userName}; [ + zsh tmux + ]; + + config.home-manager.users.${userName} = { home.stateVersion = "20.09"; programs.ssh.matchBlocks = { diff --git a/accounts/root@surtr.nix b/accounts/root@surtr.nix index 58c4f21d..8f678ac9 100644 --- a/accounts/root@surtr.nix +++ b/accounts/root@surtr.nix @@ -1,3 +1,7 @@ -{ userName, ... }: { - home-manager.users.${userName}.home.stateVersion = "20.09"; +{ flake, userName, ... }: { + imports = with flake.nixosModules.userProfiles.${userName}; [ + zsh tmux + ]; + + config.home-manager.users.${userName}.home.stateVersion = "20.09"; } diff --git a/accounts/root@vidhar.nix b/accounts/root@vidhar.nix index e82414a8..0fc56633 100644 --- a/accounts/root@vidhar.nix +++ b/accounts/root@vidhar.nix @@ -1,6 +1,11 @@ -{ config, userName, ... }: +{ flake, config, userName, ... }: + { - home-manager.users.${userName} = { + imports = with flake.nixosModules.userProfiles.${userName}; [ + zsh tmux + ]; + + config.home-manager.users.${userName} = { home.stateVersion = "20.09"; programs.ssh.matchBlocks = { diff --git a/flake.lock b/flake.lock index abb6541a..64091d39 100644 --- a/flake.lock +++ b/flake.lock @@ -115,11 +115,11 @@ "flake-compat_3": { "flake": false, "locked": { - "lastModified": 1733328505, - "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", "owner": "edolstra", "repo": "flake-compat", - "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "type": "github" }, "original": { @@ -322,11 +322,11 @@ ] }, "locked": { - "lastModified": 1738691953, - "narHash": "sha256-JY/w2Xyrj3mhUhLJkSgk8t7MSf3LGZjewPTQ7QtCbHE=", + "lastModified": 1746904907, + "narHash": "sha256-XYo6bwc7xwo4lO6a/D2ttYRN4yDmsAjyt5O1E0vOLDg=", "owner": "gkleen", "repo": "home-manager", - "rev": "c077fc8684289ab1b1c2231bab1566879e099c97", + "rev": "696495266c65b76f08d8196b87aa7bd835906570", "type": "github" }, "original": { @@ -343,11 +343,11 @@ ] }, "locked": { - "lastModified": 1710245356, - "narHash": "sha256-8cQGUn+N1dTgklMWMejSLN2q8Oz+7Rnqsfaw2rt3bU4=", + "lastModified": 1747139300, + "narHash": "sha256-V+YnIIM2wMprHGgzOU0HzyeWQEjP6EhG8kc4IffWFeg=", "owner": "gkleen", "repo": "home-manager", - "rev": "a14fe0c27d04dfa3d80abe2db743e9a7f4f2a33d", + "rev": "50182497604587a24bdbe97d6400b1696eac57b1", "type": "github" }, "original": { @@ -397,11 +397,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1745483403, - "narHash": "sha256-fNemxNtPugDzCK7ofPApufFhD4EW5PiA0v3+aS1O6rY=", + "lastModified": 1747115632, + "narHash": "sha256-SypEtZQsum43HvIT4HqM1RH8CE3wCWFIO5b5IqC/2FA=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "17ebd40a372527ad20cc799b1835beaf7abf7200", + "rev": "44eeba852a6671ab1c7be5ca65a58c49794cef4b", "type": "github" }, "original": { @@ -431,11 +431,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1745351516, - "narHash": "sha256-nQRp1Q+kV137Dsk7WCsnq6zQA7YrvRll2wVcG7wZpHA=", + "lastModified": 1747113435, + "narHash": "sha256-9oU1mKAM2BZLSots136UA75RIed53YtYgns9TUkr3ck=", "owner": "YaLTeR", "repo": "niri", - "rev": "6ab055a4b968ccf115a1be3b65b0d5ec4d7c33f1", + "rev": "6d083ea49741d6e8e85d5a1d6b6bcaa837d3b5c0", "type": "github" }, "original": { @@ -472,11 +472,11 @@ ] }, "locked": { - "lastModified": 1745120797, - "narHash": "sha256-owQ0VQ+7cSanTVPxaZMWEzI22Q4bGnuvhVjLAJBNQ3E=", + "lastModified": 1746934494, + "narHash": "sha256-3n6i+F0sDASjkhbvgFDpPDZGp7z19IrRtjfF9TwJpCA=", "owner": "Mic92", "repo": "nix-index-database", - "rev": "69716041f881a2af935021c1182ed5b0cc04d40e", + "rev": "e9b21b01e4307176b9718a29ac514838e7f6f4ff", "type": "github" }, "original": { @@ -493,11 +493,11 @@ ] }, "locked": { - "lastModified": 1737219791, - "narHash": "sha256-OU0NPjJ3woNDFNx7HtWuUXBb4eI6Ggre/Uj2qhiSjrg=", + "lastModified": 1745680380, + "narHash": "sha256-Z8PknjkmIr/8ZCH+dmc2Pc+UltiOr7/oKg37PXuVvuU=", "owner": "ners", "repo": "nix-monitored", - "rev": "6ed8ed4832ff26c616e5856ba19f5b8141d61bd3", + "rev": "60f3baa4701d58eab86c2d1d9c3d7e820074d461", "type": "github" }, "original": { @@ -529,11 +529,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1745392233, - "narHash": "sha256-xmqG4MZArM1JNxPJ33s0MtuBzgnaCO9laARoU3AfP8E=", + "lastModified": 1747083103, + "narHash": "sha256-dMx20S2molwqJxbmMB4pGjNfgp5H1IOHNa1Eby6xL+0=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "8bf8a2a0822365bd8f44fd1a19d7ed0a1d629d64", + "rev": "d1d68fe8b00248caaa5b3bbe4984c12b47e0867d", "type": "github" }, "original": { @@ -651,11 +651,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1745279238, - "narHash": "sha256-AQ7M9wTa/Pa/kK5pcGTgX/DGqMHyzsyINfN7ktsI7Fo=", + "lastModified": 1746957726, + "narHash": "sha256-k9ut1LSfHCr0AW82ttEQzXVCqmyWVA5+SHJkS5ID/Jo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9684b53175fc6c09581e94cc85f05ab77464c7e3", + "rev": "a39ed32a651fdee6842ec930761e31d1f242cb94", "type": "github" }, "original": { @@ -699,11 +699,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1745391562, - "narHash": "sha256-sPwcCYuiEopaafePqlG826tBhctuJsLx/mhKKM5Fmjo=", + "lastModified": 1746904237, + "narHash": "sha256-3e+AVBczosP5dCLQmMoMEogM57gmZ2qrVSrmq9aResQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8a2f738d9d1f1d986b5a4cd2fd2061a7127237d7", + "rev": "d89fc19e405cb2d55ce7cc114356846a0ee5e956", "type": "github" }, "original": { @@ -962,11 +962,11 @@ ] }, "locked": { - "lastModified": 1745310711, - "narHash": "sha256-ePyTpKEJTgX0gvgNQWd7tQYQ3glIkbqcW778RpHlqgA=", + "lastModified": 1746485181, + "narHash": "sha256-PxrrSFLaC7YuItShxmYbMgSuFFuwxBB+qsl9BZUnRvg=", "owner": "Mic92", "repo": "sops-nix", - "rev": "5e3e92b16d6fdf9923425a8d4df7496b2434f39c", + "rev": "e93ee1d900ad264d65e9701a5c6f895683433386", "type": "github" }, "original": { @@ -1094,11 +1094,11 @@ "xwayland-satellite-unstable": { "flake": false, "locked": { - "lastModified": 1745372360, - "narHash": "sha256-5DX9lYmEbkdANCzME2v3coV0EnWOhS7NsTlGBQuqmjM=", + "lastModified": 1747111562, + "narHash": "sha256-GAqhWoxaBIk0tgoecZPa8gTHDHxNc0JtlwWHZN2iOOo=", "owner": "Supreeeme", "repo": "xwayland-satellite", - "rev": "c31679aa41966ee9272bb240703755cb1e7c72e3", + "rev": "ec9ff64c1e0cbec42710b580b7c0f759b1694e72", "type": "github" }, "original": { diff --git a/hosts/sif/default.nix b/hosts/sif/default.nix index 0897e1d8..f4de24e8 100644 --- a/hosts/sif/default.nix +++ b/hosts/sif/default.nix @@ -126,38 +126,8 @@ in { rulesetFile = ./ruleset.nft; }; - # firewall = { - # enable = true; - # allowedTCPPorts = [ 22 # ssh - # 8000 # quickserve - # ]; - # }; - - # wlanInterfaces = { - # wlan0 = { - # device = "wlp82s0"; - # }; - # }; - - # bonds = { - # "lan" = { - # interfaces = [ "wlan0" "enp0s31f6" "dock0" ]; - # driverOptions = { - # miimon = "1000"; - # mode = "active-backup"; - # primary_reselect = "always"; - # }; - # }; - # }; - useDHCP = false; useNetworkd = true; - - # interfaces."tinc.yggdrasil" = { - # virtual = true; - # virtualType = config.services.tinc.networks.yggdrasil.interfaceType; - # macAddress = "5c:93:21:c3:61:39"; - # }; }; environment.etc."NetworkManager/dnsmasq.d/libvirt_dnsmasq.conf" = { @@ -751,10 +721,6 @@ in { home-manager.sharedModules = [ flakeInputs.nixVirt.homeModules.default ]; - environment.pathsToLink = [ - "share/zsh" - ]; - system.stateVersion = "24.11"; }; } diff --git a/hosts/sif/ruleset.nft b/hosts/sif/ruleset.nft index 2af8b2ee..62339f69 100644 --- a/hosts/sif/ruleset.nft +++ b/hosts/sif/ruleset.nft @@ -61,7 +61,7 @@ table inet filter { counter mosh-rx {} counter wg-rx {} counter yggdrasil-gre-rx {} - counter quickserve-rx {} + counter miniserve-rx {} counter ausweisapp2-rx {} counter established-rx {} @@ -81,7 +81,7 @@ table inet filter { counter mosh-tx {} counter wg-tx {} counter yggdrasil-gre-tx {} - counter quickserve-tx {} + counter miniserve-tx {} counter tx {} @@ -134,7 +134,7 @@ table inet filter { tcp dport 22 counter name ssh-rx accept udp dport 60000-61000 counter name mosh-rx accept - tcp dport 8000 counter name quickserve-rx accept + tcp dport 8080 counter name miniserve-rx accept udp dport 24727 counter name ausweisapp2-rx accept udp dport 51820-51822 counter name wg-rx accept @@ -173,7 +173,7 @@ table inet filter { udp sport 51820-51822 counter name wg-tx iifname "yggdrasil-wg-*" meta l4proto gre counter name yggdrasil-gre-tx - tcp sport 8000 counter name quickserve-tx accept + tcp sport 8080 counter name miniserve-tx accept oifname virbr0 udp sport 67 counter name libvirt-dhcp accept oifname virbr0 udp sport 547 counter name libvirt-dhcp accept diff --git a/hosts/surtr/email/default.nix b/hosts/surtr/email/default.nix index 13b33c7f..4666d1d6 100644 --- a/hosts/surtr/email/default.nix +++ b/hosts/surtr/email/default.nix @@ -215,7 +215,7 @@ in { smtpd_client_event_limit_exceptions = ""; milter_default_action = "accept"; - smtpd_milters = [config.services.opendkim.socket "local:/run/rspamd/rspamd-milter.sock"]; + smtpd_milters = [config.services.opendkim.socket "local:/run/rspamd/rspamd-milter.sock" "local:/run/postsrsd/postsrsd-milter.sock"]; non_smtpd_milters = [config.services.opendkim.socket "local:/run/rspamd/rspamd-milter.sock"]; alias_maps = ""; @@ -237,11 +237,6 @@ in { ::/0 silent-discard, dsn ''}"; - sender_canonical_maps = "tcp:localhost:${toString config.services.postsrsd.forwardPort}"; - sender_canonical_classes = "envelope_sender"; - recipient_canonical_maps = "tcp:localhost:${toString config.services.postsrsd.reversePort}"; - recipient_canonical_classes = ["envelope_recipient" "header_recipient"]; - virtual_mailbox_domains = ''pgsql:${pkgs.writeText "virtual_mailbox_domains.cf" '' hosts = postgresql:///email dbname = email @@ -366,10 +361,11 @@ in { services.postsrsd = { enable = true; - domain = "surtr.yggdrasil.li"; + domains = [ "surtr.yggdrasil.li" ] ++ concatMap (domain: [".${domain}" domain]) emailDomains; separator = "+"; - excludeDomains = [ "surtr.yggdrasil.li" - ] ++ concatMap (domain: [".${domain}" domain]) emailDomains; + extraConfig = '' + milter = unix:/run/postsrsd/postsrsd-milter.sock + ''; }; services.opendkim = { diff --git a/hosts/surtr/vpn/default.nix b/hosts/surtr/vpn/default.nix index 1bdcf74e..92223144 100644 --- a/hosts/surtr/vpn/default.nix +++ b/hosts/surtr/vpn/default.nix @@ -1,4 +1,4 @@ -{ pkgs, config, lib, ... }: +{ flake, pkgs, config, lib, ... }: with lib; @@ -22,7 +22,11 @@ in { "--load-credential=surtr.priv:/run/credentials/container@vpn.service/surtr.priv" "--network-ipvlan=ens3:upstream" ]; - config = { + config = let hostConfig = config; in { config, pkgs, ... }: { + system.stateVersion = lib.mkIf hostConfig.containers."vpn".ephemeral config.system.nixos.release; + system.configurationRevision = mkIf (flake ? rev) flake.rev; + nixpkgs.pkgs = hostConfig.nixpkgs.pkgs; + boot.kernel.sysctl = { "net.core.rmem_max" = 4194304; "net.core.wmem_max" = 4194304; diff --git a/hosts/surtr/vpn/geri.pub b/hosts/surtr/vpn/geri.pub index ed5de2b2..2cd9b24e 100644 --- a/hosts/surtr/vpn/geri.pub +++ b/hosts/surtr/vpn/geri.pub @@ -1 +1 @@ -sYuQSNZHzfegv8HRz71jnZm2nFLGeRnaGwVonhKUj2k= +hhER05bvstOTGfiAG3IJsFkBNWCUZHokBXwaiC5d534= diff --git a/hosts/vidhar/network/dhcp/default.nix b/hosts/vidhar/network/dhcp/default.nix index 098d3061..11460393 100644 --- a/hosts/vidhar/network/dhcp/default.nix +++ b/hosts/vidhar/network/dhcp/default.nix @@ -306,32 +306,30 @@ in { pkgs.symlinkJoin { name = "installer-${system}"; paths = [ - (let - installerBuild = (flake.nixosConfigurations.${"installer-${system}-nfsroot"}.extendModules { + (builtins.addErrorContext "while evaluating installer-${system}-nfsroot" (let + installerBuild' = (flake.nixosConfigurations.${"installer-${system}-nfsroot"}.extendModules { modules = [ ({ ... }: { config.nfsroot.storeDevice = "${nfsIp}:nix-store"; config.nfsroot.registrationUrl = "${nfsrootBaseUrl}/installer-${system}/registration"; + config.system.nixos.label = "installer-${system}"; }) ]; - }).config.system.build; - in builtins.toPath (pkgs.runCommandLocal "install-${system}" {} '' + }); + installerBuild = installerBuild'.config.system.build; + in builtins.toPath (pkgs.runCommandLocal "installer-${system}" {} '' mkdir -p $out/installer-${system} install -m 0444 -t $out/installer-${system} \ ${installerBuild.initialRamdisk}/initrd \ ${installerBuild.kernel}/bzImage \ ${installerBuild.netbootIpxeScript}/netboot.ipxe \ ${pkgs.closureInfo { rootPaths = installerBuild.storeContents; }}/registration - '')) - (pkgs.writeTextFile { - name = "installer-${system}.menu.ipxe"; - destination = "/installer-${system}.menu.ipxe"; - text = '' + install -m 0444 ${pkgs.writeText "installer-${system}.menu.ipxe" '' #!ipxe :start menu iPXE boot menu for installer-${system} - item installer installer-${system} + item installer ${with installerBuild'; "${config.system.nixos.distroName} ${config.system.nixos.codeName} ${config.system.nixos.label} (Linux ${config.boot.kernelPackages.kernel.modDirVersion})"} item memtest memtest86plus item netboot netboot.xyz item shell iPXE shell @@ -353,8 +351,8 @@ in { :memtest iseq ''${platform} efi && chain --autofree memtest.efi || chain --autofree memtest.bin goto start - ''; - }) + ''} $out/installer-${system}.menu.ipxe + ''))) ]; }) ["x86_64-linux"] ) ++ [ @@ -366,15 +364,17 @@ in { install -m 0444 ${sources.netbootxyz-efi.src} $out/netboot.xyz.efi install -m 0444 ${sources.netbootxyz-lkrn.src} $out/netboot.xyz.lkrn '') - (let - eostreBuild = (flake.nixosConfigurations.eostre.extendModules { + (builtins.addErrorContext "while evaluating eostre" (let + eostreBuild' = (flake.nixosConfigurations.eostre.extendModules { modules = [ ({ ... }: { config.nfsroot.storeDevice = "${nfsIp}:nix-store"; config.nfsroot.registrationUrl = "${nfsrootBaseUrl}/eostre/registration"; + config.system.nixos.label = "eostre"; }) ]; - }).config.system.build; + }); + eostreBuild = eostreBuild'.config.system.build; in builtins.toPath (pkgs.runCommandLocal "eostre" {} '' mkdir -p $out/eostre install -m 0444 -t $out/eostre \ @@ -382,43 +382,39 @@ in { ${eostreBuild.kernel}/bzImage \ ${eostreBuild.netbootIpxeScript}/netboot.ipxe \ ${pkgs.closureInfo { rootPaths = eostreBuild.storeContents; }}/registration - '')) - (pkgs.writeTextFile { - name = "eostre.menu.ipxe"; - destination = "/eostre.menu.ipxe"; - text = '' - #!ipxe + install -m 0444 ${pkgs.writeText "eostre.menu.ipxe" '' + #!ipxe - set menu-timeout 5000 + set menu-timeout 5000 - :start - menu iPXE boot menu for eostre - item eostre eostre - item memtest memtest86plus - item netboot netboot.xyz - item shell iPXE shell - choose --timeout ''${menu-timeout} --default eostre selected || goto shell - set menu-timeout 0 - goto ''${selected} + :start + menu iPXE boot menu for eostre + item eostre ${with eostreBuild'; "${config.system.nixos.distroName} ${config.system.nixos.codeName} ${config.system.nixos.label} (Linux ${config.boot.kernelPackages.kernel.modDirVersion})"} + item memtest memtest86plus + item netboot netboot.xyz + item shell iPXE shell + choose --timeout ''${menu-timeout} --default eostre selected || goto shell + set menu-timeout 0 + goto ''${selected} - :shell - set menu-timeout 0 - shell - goto start + :shell + set menu-timeout 0 + shell + goto start - :eostre - chain eostre/netboot.ipxe - goto start + :eostre + chain eostre/netboot.ipxe + goto start - :netboot - iseq ''${platform} efi && chain --autofree netboot.xyz.efi || chain --autofree netboot.xyz.lkrn - goto start + :netboot + iseq ''${platform} efi && chain --autofree netboot.xyz.efi || chain --autofree netboot.xyz.lkrn + goto start - :memtest - iseq ''${platform} efi && chain --autofree memtest.efi || chain --autofree memtest.bin - goto start - ''; - }) + :memtest + iseq ''${platform} efi && chain --autofree memtest.efi || chain --autofree memtest.bin + goto start + ''} $out/eostre.menu.ipxe + ''))) ]; }; }; diff --git a/installer-profiles/cd-dvd.nix b/installer-profiles/cd-dvd.nix index 45291bad..ac12d885 100644 --- a/installer-profiles/cd-dvd.nix +++ b/installer-profiles/cd-dvd.nix @@ -1,7 +1,13 @@ -{ flakeInputs, ... }: +{ flakeInputs, lib, ... }: { imports = [ "${flakeInputs.nixpkgs.outPath}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix" ]; + + config = { + isoImage.squashfsCompression = "zstd -Xcompression-level 9"; + system.installer.channel.enable = false; + boot.loader.grub.memtest86.enable = lib.mkForce false; + }; } diff --git a/installer-profiles/netboot.nix b/installer-profiles/netboot.nix index 28e8084d..6e39ebfb 100644 --- a/installer-profiles/netboot.nix +++ b/installer-profiles/netboot.nix @@ -4,4 +4,9 @@ imports = [ "${flakeInputs.nixpkgs.outPath}/nixos/modules/installer/netboot/netboot-minimal.nix" ]; + + config = { + netboot.squashfsCompression = "zstd -Xcompression-level 9"; + system.installer.channel.enable = false; + }; } diff --git a/installer-profiles/nfsroot.nix b/installer-profiles/nfsroot.nix index 6bd875b4..a8f6def6 100644 --- a/installer-profiles/nfsroot.nix +++ b/installer-profiles/nfsroot.nix @@ -8,4 +8,6 @@ "${flakeInputs.nixpkgs.outPath}/nixos/modules/profiles/base.nix" "${flakeInputs.nixpkgs.outPath}/nixos/modules/profiles/installation-device.nix" ]; + + config.system.installer.channel.enable = false; } diff --git a/installer/default.nix b/installer/default.nix index 7c6a4f40..26f38572 100644 --- a/installer/default.nix +++ b/installer/default.nix @@ -47,7 +47,7 @@ with lib; services.xserver.videoDrivers = [ "nvidia" ]; systemd.services.nvidia-control-devices = { wantedBy = [ "multi-user.target" ]; - serviceConfig.ExecStart = "${pkgs.linuxPackages.nvidia_x11.bin}/bin/nvidia-smi"; + serviceConfig.ExecStart = lib.getExe' pkgs.linuxPackages.nvidia_x11.bin "nvidia-smi"; }; nixpkgs.externalConfig.allowUnfree = true; diff --git a/modules/i18n.nix b/modules/i18n.nix new file mode 100644 index 00000000..f84e8b64 --- /dev/null +++ b/modules/i18n.nix @@ -0,0 +1,156 @@ +{ + config, + lib, + pkgs, + ... +}: +let + aggregatedLocales = + (builtins.map + (l: (lib.replaceStrings [ "utf8" "utf-8" "UTF8" ] [ "UTF-8" "UTF-8" "UTF-8" ] l) + "/UTF-8") + ( + [ config.i18n.defaultLocale ] + ++ (lib.optionals (builtins.isList config.i18n.extraLocales) config.i18n.extraLocales) + ++ (lib.attrValues (lib.filterAttrs (n: _v: lib.hasPrefix "LC_" n) config.i18n.extraLocaleSettings)) + ) + ) + ++ (lib.optional (builtins.isString config.i18n.extraLocales) config.i18n.extraLocales); +in +{ + disabledModules = [ "config/i18n.nix" ]; + + ###### interface + + options = { + + i18n = { + glibcLocales = lib.mkOption { + type = lib.types.path; + default = pkgs.glibcLocales.override { + allLocales = lib.any (x: x == "all") config.i18n.supportedLocales; + locales = config.i18n.supportedLocales; + }; + defaultText = lib.literalExpression '' + pkgs.glibcLocales.override { + allLocales = lib.any (x: x == "all") config.i18n.supportedLocales; + locales = config.i18n.supportedLocales; + } + ''; + example = lib.literalExpression "pkgs.glibcLocales"; + description = '' + Customized pkg.glibcLocales package. + + Changing this option can disable handling of i18n.defaultLocale + and supportedLocale. + ''; + }; + + defaultLocale = lib.mkOption { + type = lib.types.str; + default = "en_US.UTF-8"; + example = "nl_NL.UTF-8"; + description = '' + The default locale. It determines the language for program + messages, the format for dates and times, sort order, and so on. + It also determines the character set, such as UTF-8. + ''; + }; + + extraLocales = lib.mkOption { + type = lib.types.either (lib.types.listOf lib.types.str) (lib.types.enum [ "all" ]); + default = [ ]; + example = [ "nl_NL.UTF-8" ]; + description = '' + Additional locales that the system should support, besides the ones + configured with {option}`i18n.defaultLocale` and + {option}`i18n.extraLocaleSettings`. + Set this to `"all"` to install all available locales. + ''; + }; + + extraLocaleSettings = lib.mkOption { + type = lib.types.attrsOf lib.types.str; + default = { }; + example = { + LC_MESSAGES = "en_US.UTF-8"; + LC_TIME = "de_DE.UTF-8"; + }; + description = '' + A set of additional system-wide locale settings other than + `LANG` which can be configured with + {option}`i18n.defaultLocale`. + ''; + }; + + supportedLocales = lib.mkOption { + type = lib.types.listOf lib.types.str; + visible = false; + default = lib.unique ( + [ + "C.UTF-8/UTF-8" + "en_US.UTF-8/UTF-8" + ] + ++ aggregatedLocales + ); + example = [ + "en_US.UTF-8/UTF-8" + "nl_NL.UTF-8/UTF-8" + "nl_NL/ISO-8859-1" + ]; + description = '' + List of locales that the system should support. The value + `"all"` means that all locales supported by + Glibc will be installed. A full list of supported locales + can be found at . + ''; + }; + + }; + + }; + + ###### implementation + + config = { + warnings = + lib.optional + ( + !( + (lib.subtractLists config.i18n.supportedLocales aggregatedLocales) == [ ] + || lib.any (x: x == "all") config.i18n.supportedLocales + ) + ) + '' + `i18n.supportedLocales` is deprecated in favor of `i18n.extraLocales`, + and it seems you are using `i18n.supportedLocales` and forgot to + include some locales specified in `i18n.defaultLocale`, + `i18n.extraLocales` or `i18n.extraLocaleSettings`. + + If you're trying to install additional locales not specified in + `i18n.defaultLocale` or `i18n.extraLocaleSettings`, consider adding + only those locales to `i18n.extraLocales`. + ''; + + environment.systemPackages = + # We increase the priority a little, so that plain glibc in systemPackages can't win. + lib.optional (config.i18n.supportedLocales != [ ]) (lib.setPrio (-1) config.i18n.glibcLocales); + + environment.sessionVariables = { + LANG = config.i18n.defaultLocale; + LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive"; + } // config.i18n.extraLocaleSettings; + + systemd.globalEnvironment = lib.mkIf (config.i18n.supportedLocales != [ ]) { + LOCALE_ARCHIVE = "${config.i18n.glibcLocales}/lib/locale/locale-archive"; + }; + + # ‘/etc/locale.conf’ is used by systemd. + environment.etc."locale.conf".source = pkgs.writeText "locale.conf" '' + LANG=${config.i18n.defaultLocale} + ${lib.concatStringsSep "\n" ( + lib.mapAttrsToList (n: v: "${n}=${v}") config.i18n.extraLocaleSettings + )} + ''; + + }; +} diff --git a/modules/installer.nix b/modules/installer.nix new file mode 100644 index 00000000..3e5c6d5b --- /dev/null +++ b/modules/installer.nix @@ -0,0 +1,56 @@ +{ flake, config, lib, pkgs, ... }: + +let + cfg = config.installer.links; + + installerOutPath = { + "cd-dvd" = _: installerBuild: "${installerBuild.config.system.build.isoImage}/iso"; + "netboot" = {system, variant}: installerBuild: pkgs.runCommandLocal "${system}-${variant}" {} '' + mkdir $out + install -m 0444 -t $out \ + ${installerBuild.config.system.build.netbootRamdisk}/initrd \ + ${installerBuild.config.system.build.kernel}/${config.system.boot.loader.kernelFile} \ + ${installerBuild.config.system.build.netbootIpxeScript}/netboot.ipxe \ + ${pkgs.ipxe.override { + additionalTargets = { + "bin-i386-efi/ipxe.efi" = "i386-ipxe.efi"; + }; + additionalOptions = [ + "NSLOOKUP_CMD" + "PING_CMD" + "CONSOLE_CMD" + ]; + embedScript = pkgs.writeText "netboot.ipxe" '' + #!ipxe + + chain netboot.ipxe + ''; + }}/{ipxe.efi,i386-ipxe.efi,ipxe.lkrn} + ''; + }; +in { + options = { + installer.links = lib.mkOption { + type = lib.types.listOf (lib.types.submodule { + options = { + system = lib.mkOption { + type = lib.types.str; + }; + variant = lib.mkOption { + type = lib.types.str; + }; + }; + }); + default = []; + }; + }; + + config = lib.mkIf (cfg != []) { + systemd.tmpfiles.rules = map (installer'@{system, variant}: + let + installer = "${system}-${variant}"; + installerBuild = builtins.addErrorContext "while evaluating installer-${installer}" flake.nixosConfigurations.${"installer-${installer}"}; + in "L+ /run/installer-${installer} - - - - ${installerOutPath.${variant} installer' installerBuild}" + ) cfg; + }; +} diff --git a/modules/postsrsd.nix b/modules/postsrsd.nix new file mode 100644 index 00000000..205e669d --- /dev/null +++ b/modules/postsrsd.nix @@ -0,0 +1,157 @@ +{ + config, + lib, + pkgs, + ... +}: +let + + cfg = config.services.postsrsd; + runtimeDirectoryName = "postsrsd"; + runtimeDirectory = "/run/${runtimeDirectoryName}"; + # TODO: follow RFC 42, but we need a libconfuse format first: + # https://github.com/NixOS/nixpkgs/issues/401565 + # Arrays in `libconfuse` look like this: {"Life", "Universe", "Everything"} + # See https://www.nongnu.org/confuse/tutorial-html/ar01s03.html. + # + # Note: We're using `builtins.toJSON` to escape strings, but JSON strings + # don't have exactly the same semantics as libconfuse strings. For example, + # "${F}" gets treated as an env var reference, see above issue for details. + libconfuseDomains = "{ " + lib.concatMapStringsSep ", " builtins.toJSON cfg.domains + " }"; + configFile = pkgs.writeText "postsrsd.conf" '' + secrets-file = "''${CREDENTIALS_DIRECTORY}/secrets-file" + domains = ${libconfuseDomains} + separator = "${cfg.separator}" + + # Disable postsrsd's jailing in favor of confinement with systemd. + unprivileged-user = "" + chroot-dir = "" + + ${cfg.extraConfig} + ''; + +in +{ + imports = + map + ( + name: + lib.mkRemovedOptionModule [ "services" "postsrsd" name ] '' + `postsrsd` was upgraded to `>= 2.0.0`, with some different behaviors and configuration settings: + - NixOS Release Notes: https://nixos.org/manual/nixos/unstable/release-notes#sec-nixpkgs-release-25.05-incompatibilities + - NixOS Options Reference: https://nixos.org/manual/nixos/unstable/options#opt-services.postsrsd.enable + - Migration instructions: https://github.com/roehling/postsrsd/blob/2.0.10/README.rst#migrating-from-version-1x + - Postfix Setup: https://github.com/roehling/postsrsd/blob/2.0.10/README.rst#postfix-setup + '' + ) + [ + "domain" + "forwardPort" + "reversePort" + "timeout" + "excludeDomains" + ]; + + disabledModules = [ "services/mail/postsrsd.nix" ]; + + options = { + services.postsrsd = { + enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Whether to enable the postsrsd SRS server for Postfix."; + }; + + secretsFile = lib.mkOption { + type = lib.types.path; + default = "/var/lib/postsrsd/postsrsd.secret"; + description = "Secret keys used for signing and verification"; + }; + + domains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "Domain names for rewrite"; + default = [ config.networking.hostName ]; + defaultText = lib.literalExpression "[ config.networking.hostName ]"; + }; + + separator = lib.mkOption { + type = lib.types.enum [ + "-" + "=" + "+" + ]; + default = "="; + description = "First separator character in generated addresses"; + }; + + user = lib.mkOption { + type = lib.types.str; + default = "postsrsd"; + description = "User for the daemon"; + }; + + group = lib.mkOption { + type = lib.types.str; + default = "postsrsd"; + description = "Group for the daemon"; + }; + + extraConfig = lib.mkOption { + type = lib.types.lines; + default = ""; + }; + }; + }; + + config = lib.mkIf cfg.enable { + users.users = lib.optionalAttrs (cfg.user == "postsrsd") { + postsrsd = { + group = cfg.group; + uid = config.ids.uids.postsrsd; + }; + }; + + users.groups = lib.optionalAttrs (cfg.group == "postsrsd") { + postsrsd.gid = config.ids.gids.postsrsd; + }; + + systemd.services.postsrsd-generate-secrets = { + path = [ pkgs.coreutils ]; + script = '' + if [ -e "${cfg.secretsFile}" ]; then + echo "Secrets file exists. Nothing to do!" + else + echo "WARNING: secrets file not found, autogenerating!" + DIR="$(dirname "${cfg.secretsFile}")" + install -m 750 -o ${cfg.user} -g ${cfg.group} -d "$DIR" + install -m 600 -o ${cfg.user} -g ${cfg.group} <(dd if=/dev/random bs=18 count=1 | base64) "${cfg.secretsFile}" + fi + ''; + serviceConfig = { + Type = "oneshot"; + }; + }; + + systemd.services.postsrsd = { + description = "PostSRSd SRS rewriting server"; + after = [ + "network.target" + "postsrsd-generate-secrets.service" + ]; + before = [ "postfix.service" ]; + wantedBy = [ "multi-user.target" ]; + requires = [ "postsrsd-generate-secrets.service" ]; + confinement.enable = true; + + serviceConfig = { + ExecStart = "${lib.getExe pkgs.postsrsd} -C ${configFile}"; + User = cfg.user; + Group = cfg.group; + PermissionsStartOnly = true; + RuntimeDirectory = runtimeDirectoryName; + LoadCredential = "secrets-file:${cfg.secretsFile}"; + }; + }; + }; +} diff --git a/overlays/cake-prometheus-exporter/default.nix b/overlays/cake-prometheus-exporter/default.nix index 3d0acc2d..69a5008c 100644 --- a/overlays/cake-prometheus-exporter/default.nix +++ b/overlays/cake-prometheus-exporter/default.nix @@ -1,19 +1,18 @@ { final, prev, ... }: let inpPython = final.python310.override {}; + python = inpPython.withPackages (ps: with ps; []); in { cake-prometheus-exporter = prev.stdenv.mkDerivation rec { pname = "cake-prometheus-exporter"; version = "0.0.0"; - src = ./cake-prometheus-exporter.py; + src = prev.replaceVars ./cake-prometheus-exporter.py { inherit python; }; - phases = [ "buildPhase" "checkPhase" "installPhase" ]; + phases = [ "unpackPhase" "checkPhase" "installPhase" ]; - python = inpPython.withPackages (ps: with ps; []); - - buildPhase = '' - substituteAll $src cake-prometheus-exporter + unpackPhase = '' + cp $src cake-prometheus-exporter ''; doCheck = true; diff --git a/overlays/inwx-cdnskey/default.nix b/overlays/inwx-cdnskey/default.nix index cd564f24..e1bee0f2 100644 --- a/overlays/inwx-cdnskey/default.nix +++ b/overlays/inwx-cdnskey/default.nix @@ -2,17 +2,16 @@ let packageOverrides = final.callPackage ./python-packages.nix {}; inpPython = final.python39.override { inherit packageOverrides; }; + python = inpPython.withPackages (ps: with ps; [pyxdg inwx-domrobot configparser dnspython]); in { inwx-cdnskey = prev.stdenv.mkDerivation rec { name = "inwx-cdnskey"; - src = ./inwx-cdnskey.py; + src = prev.replaceVars ./inwx-cdnskey.py { inherit python; }; - phases = [ "buildPhase" "checkPhase" "installPhase" ]; + phases = [ "unpackPhase" "checkPhase" "installPhase" ]; - python = inpPython.withPackages (ps: with ps; [pyxdg inwx-domrobot configparser dnspython]); - - buildPhase = '' - substituteAll $src inwx-cdnskey + unpackPhase = '' + cp $src inwx-cdnskey ''; doCheck = true; diff --git a/overlays/nftables-prometheus-exporter/default.nix b/overlays/nftables-prometheus-exporter/default.nix index aab0c8e9..48f668c4 100644 --- a/overlays/nftables-prometheus-exporter/default.nix +++ b/overlays/nftables-prometheus-exporter/default.nix @@ -1,17 +1,16 @@ { final, prev, ... }: let inpPython = final.python310; + python = inpPython.withPackages (ps: with ps; []); in { nftables-prometheus-exporter = prev.stdenv.mkDerivation rec { name = "nftables-prometheus-exporter"; - src = ./nftables-prometheus-exporter.py; + src = prev.replaceVars ./nftables-prometheus-exporter.py { inherit python; }; - phases = [ "buildPhase" "checkPhase" "installPhase" ]; + phases = [ "unpackPhase" "checkPhase" "installPhase" ]; - python = inpPython.withPackages (ps: with ps; []); - - buildPhase = '' - substituteAll $src nftables-prometheus-exporter + unpackPhase = '' + cp $src nftables-prometheus-exporter ''; doCheck = true; diff --git a/overlays/persistent-nix-shell/default.nix b/overlays/persistent-nix-shell/default.nix index c36b9e86..6067cade 100644 --- a/overlays/persistent-nix-shell/default.nix +++ b/overlays/persistent-nix-shell/default.nix @@ -5,10 +5,9 @@ phases = [ "buildPhase" "installPhase" ]; - inherit (final) zsh; - buildPhase = '' - substituteAll $src persistent-nix-shell + substitute $src persistent-nix-shell \ + --subst-var-by zsh ${final.zsh} ''; installPhase = '' diff --git a/overlays/postsrsd.nix b/overlays/postsrsd.nix new file mode 100644 index 00000000..cb1ccf30 --- /dev/null +++ b/overlays/postsrsd.nix @@ -0,0 +1,11 @@ +{ final, prev, ... }: +{ + postsrsd = prev.postsrsd.overrideAttrs (oldAttrs: { + cmakeFlags = (oldAttrs.cmakeFlags or []) ++ [ + "-DWITH_MILTER=ON" + ]; + buildInputs = (oldAttrs.buildInputs or []) ++ [ + final.libmilter + ]; + }); +} diff --git a/overlays/zte-prometheus-exporter/default.nix b/overlays/zte-prometheus-exporter/default.nix index 2188e7b3..cd4207cd 100644 --- a/overlays/zte-prometheus-exporter/default.nix +++ b/overlays/zte-prometheus-exporter/default.nix @@ -2,17 +2,16 @@ let packageOverrides = final.callPackage ./python-packages.nix {}; inpPython = final.python310.override { inherit packageOverrides; }; + python = inpPython.withPackages (ps: with ps; [pytimeparse requests]); in { zte-prometheus-exporter = prev.stdenv.mkDerivation rec { name = "zte-prometheus-exporter"; - src = ./zte-prometheus-exporter.py; + src = prev.replaceVars ./zte-prometheus-exporter.py { inherit python; }; - phases = [ "buildPhase" "checkPhase" "installPhase" ]; + phases = [ "unpackPhase" "checkPhase" "installPhase" ]; - python = inpPython.withPackages (ps: with ps; [pytimeparse requests]); - - buildPhase = '' - substituteAll $src zte-prometheus-exporter + unpackPhase = '' + cp $src zte-prometheus-exporter ''; doCheck = true; diff --git a/system-profiles/core/default.nix b/system-profiles/core/default.nix index b85aea4e..229a007e 100644 --- a/system-profiles/core/default.nix +++ b/system-profiles/core/default.nix @@ -127,36 +127,16 @@ in { flake-registry = "${flakeInputs.flake-registry}/flake-registry.json"; }; - nixPath = [ - "nixpkgs=${pkgs.runCommand "nixpkgs" {} '' - mkdir $out - ln -s ${./nixpkgs.nix} $out/default.nix - ln -s /run/nixpkgs/lib $out/lib - ''}" - ]; + nixPath = map (flake: "${flake}=flake:${flake}") (attrNames config.nix.registry); registry = let override = { self = "nixos"; }; in mapAttrs' (inpName: inpFlake: nameValuePair (override.${inpName} or inpName) - { flake = inpFlake; } ) flakeInputs; + { to = { type = "path"; path = inpFlake; }; } ) flakeInputs; }; systemd.tmpfiles.rules = [ "L+ /run/nixpkgs - - - - ${flakeInputs.${config.nixpkgs.flakeInput}.outPath}" - "L+ /run/nixpkgs-overlays.nix - - - - ${pkgs.writeText "overlays.nix" '' - with builtins; - - attrValues (import - ( - let lock = fromJSON (readFile ${flake + "/flake.lock"}); in - fetchTarball { - url = "https://github.com/edolstra/flake-compat/archive/''${lock.nodes.flake-compat.locked.rev}.tar.gz"; - sha256 = lock.nodes.flake-compat.locked.narHash; - } - ) - { src = ${flake}; } - ).defaultNix.overlays - ''}" "L+ /etc/nixos - - - - ${flake}" ] ++ map (input: "L+ /run/flake-inputs/${input} - - - - ${flakeInputs.${input}.outPath}") (attrNames flakeInputs); @@ -177,8 +157,6 @@ in { { manual.manpages.enable = true; systemd.user.startServices = "sd-switch"; - - programs.ssh.internallyManaged = mkForce true; } ]; extraSpecialArgs = { inherit flake flakeInputs path; hostConfig = config; }; diff --git a/system-profiles/default-locale.nix b/system-profiles/default-locale.nix index 2d483f04..60d338cb 100644 --- a/system-profiles/default-locale.nix +++ b/system-profiles/default-locale.nix @@ -1,16 +1,23 @@ -{ lib, ... }: +{ lib, options, ... }: with lib; { - i18n = { - defaultLocale = "en_DK.UTF-8"; - extraLocaleSettings = { - "TIME_STYLE" = "long-iso"; - }; - supportedLocales = [ "C.UTF-8/UTF-8" "en_US.UTF-8/UTF-8" "en_DK.UTF-8/UTF-8" ]; - }; - console.keyMap = mkDefault "dvorak-programmer"; + config = foldr recursiveUpdate {} ([ + { + i18n = { + defaultLocale = "en_DK.UTF-8"; + extraLocaleSettings = { + "TIME_STYLE" = "long-iso"; + }; + }; + console.keyMap = mkDefault "dvorak-programmer"; - time.timeZone = mkDefault "Europe/Berlin"; + time.timeZone = mkDefault "Europe/Berlin"; + } + ] ++ (optional (options ? i18n.extraLocales) { + i18n.extraLocales = [ "C.UTF-8" "en_US.UTF-8" "en_DK.UTF-8" ]; + }) ++ (optional (!(options ? i18n.extraLocales)) { + i18n.supportedLocales = [ "C.UTF-8/UTF-8" "en_US.UTF-8/UTF-8" "en_DK.UTF-8/UTF-8" ]; + })); } diff --git a/system-profiles/rebuild-machines/default.nix b/system-profiles/rebuild-machines/default.nix index 544f47e1..de86cd74 100644 --- a/system-profiles/rebuild-machines/default.nix +++ b/system-profiles/rebuild-machines/default.nix @@ -25,16 +25,18 @@ let phases = [ "buildPhase" "installPhase" ]; - inherit (pkgs) zsh coreutils openssh; - inherit (cfg) scriptName; - inherit (cfg.flake) flakeOutput; - flake = cfg.flake.name; - nixosRebuild = config.system.build.nixos-rebuild; - inherit (config.security) wrapperDir; - inherit sshConfig; - buildPhase = '' - substituteAll $src rebuild-machine.zsh + substitute $src rebuild-machine.zsh \ + --subst-var-by zsh ${pkgs.zsh} \ + --subst-var-by coreutils ${pkgs.coreutils} \ + --subst-var-by openssh ${pkgs.openssh} \ + --subst-var-by wrapperDir ${config.security.wrapperDir} \ + --subst-var-by sshConfig ${sshConfig} \ + --subst-var-by out "$out" \ + --subst-var-by nixosRebuild ${config.system.build.nixos-rebuild} \ + --subst-var-by flake ${cfg.flake.name} \ + --subst-var-by scriptName ${cfg.scriptName} \ + --subst-var-by flakeOutput ${cfg.flake.flakeOutput} ''; installPhase = '' diff --git a/user-profiles/feeds/alot.config b/user-profiles/feeds/alot.config deleted file mode 100644 index a14d4539..00000000 --- a/user-profiles/feeds/alot.config +++ /dev/null @@ -1,50 +0,0 @@ -attachment_prefix="~/Downloads" -bug_on_exit=true -editor_cmd="false" -tabwidth=2 -timestamp_format="%a %d %b %H:%M:%S %Y UTC%z" -auto_remove_unread=True -#initial_command="search ( tag:inbox ) AND NOT ( tag:killed )" -initial_command="search ( tag:inbox ) AND NOT ( is:link OR is:media OR is:killed )" - -[accounts] - [[private]] - realname = @realname@ - address = @address@ - -[bindings] -j = -k = -'g g' = -G = -I = search ( tag:inbox ) AND NOT ( is:killed ) -U = search ( tag:inbox ) AND NOT ( is:link OR is:media OR is:killed ) -V = search ( tag:inbox AND is:media OR ( is:live AND date:12h.. AND NOT is:unread ) ) AND NOT ( is:killed ) -W = search ( is:media ) AND NOT ( tag:inbox OR is:killed OR is:highlight ) -L = search ( tag:inbox AND is:link ) AND NOT ( is:killed ) - -h = move first -t = move up -n = move down -s = move last - [[search]] - a = - s = - - u = toggletags unread - i = toggletags inbox - j = untag unread,inbox - r = toggletags later - [[thread]] - s = - S = - n = - 'g j' = - 'g k' = - 'g l' = - w = save - W = save --all - 'g h' = move parent - 'g t' = move next sibling - 'g n' = move previous sibling - 'g s' = move first reply \ No newline at end of file diff --git a/user-profiles/feeds/default.nix b/user-profiles/feeds/default.nix deleted file mode 100644 index 82be90c7..00000000 --- a/user-profiles/feeds/default.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ config, flakeInputs, pkgs, lib, userName, customUtils, ... }: -{ - home-manager.users.${userName} = {...}: { - imports = [ - (customUtils.overrideModuleArgs - (import ./module.nix) - (inputs: inputs // { inherit flakeInputs; inherit (config.nixpkgs) system; }) - ) - ]; - }; -} diff --git a/user-profiles/feeds/imm-notmuch-insert.py b/user-profiles/feeds/imm-notmuch-insert.py deleted file mode 100644 index b7eed292..00000000 --- a/user-profiles/feeds/imm-notmuch-insert.py +++ /dev/null @@ -1,52 +0,0 @@ -#!@python@/bin/python - -import json -import sys -import subprocess -from io import BytesIO -from email.message import EmailMessage -import configparser -from os import environ -from datetime import * -from dateutil.tz import * -from dateutil.parser import isoparse -from html2text import html2text - -def main(): - notmuchConfig = configparser.ConfigParser() - notmuchConfig.read(environ.get('NOTMUCH_CONFIG')) - - callbackMessage = json.load(sys.stdin) - - msg = EmailMessage() - authors = ', '.join(map(lambda author: author['name'], callbackMessage['feed_item']['authors'])) - if authors: - msg['From'] = f"{callbackMessage['feed_definition']['title']} ({authors}) " - else: - msg['From'] = f"{callbackMessage['feed_definition']['title']} " - msg['To'] = f"{notmuchConfig['user']['name']} <{notmuchConfig['user']['primary_email']}>" - if 'title' in callbackMessage['feed_item'] and callbackMessage['feed_item']['title']: - msg['Subject'] = callbackMessage['feed_item']['title'] - msg['Item-Identifier'] = f"{callbackMessage['feed_item']['identifier']}" - for link in callbackMessage['feed_item']['links']: - msg.add_header('Link', link['uri']) - date = None - if 'date' in callbackMessage['feed_item']: - date = isoparse(callbackMessage['feed_item']['date']) - else: - date = datetime.now(tzlocal()) - msg['Date'] = date.strftime('%a, %e %b %Y %T %z') - - if 'content' in callbackMessage['feed_item'] and callbackMessage['feed_item']['content']: - msg.set_content(html2text(callbackMessage['feed_item']['content'])) - msg.add_alternative(callbackMessage['feed_item']['content'], subtype='html') - - - subprocess.run( - args=['notmuch', 'insert'], - check=True, - input=bytes(msg) - ) - -if __name__ == '__main__': - sys.exit(main()) diff --git a/user-profiles/feeds/module.nix b/user-profiles/feeds/module.nix deleted file mode 100644 index 63e827eb..00000000 --- a/user-profiles/feeds/module.nix +++ /dev/null @@ -1,236 +0,0 @@ -{ config, flakeInputs, pkgs, lib, system, ... }: - -with lib; - -let - inherit (flakeInputs.home-manager.lib) hm; - - databasePath = "${config.xdg.dataHome}/feeds"; - - imm = - let - hlib = pkgs.haskell.lib; - haskellPackages = pkgs.haskellPackages.override { - overrides = finalHaskell: prevHaskell: { - uri-bytestring = finalHaskell.callCabal2nix "uri-bytestring" (pkgs.fetchFromGitHub { - owner = "gkleen"; - repo = "uri-bytestring"; - rev = "5f7f32c8274bc4d1b81d99582f5148fe3e8b637e"; - sha256 = "XLanwyCDIlMuOkpE5LbTNOBfL+1kZX+URfj9Bhs1Nsc="; - fetchSubmodules = true; - }) {}; - atom-conduit = finalHaskell.callCabal2nix "atom-conduit" (pkgs.fetchFromGitHub { - owner = "gkleen"; - repo = "atom-conduit"; - rev = "022f0182a02373f87c06a0a09817c8c41efe2425"; - sha256 = "8yEyh3ymqkoM/YP+eBqPq1I5ofzj0Qn7ojL7IWx1DPo="; - fetchSubmodules = true; - }) {}; - rss-conduit = finalHaskell.callCabal2nix "rss-condit" (pkgs.fetchFromGitHub { - owner = "gkleen"; - repo = "rss-conduit"; - rev = "dbb0960a8d3dc519f1607aa0223b3a25a49282ef"; - sha256 = "Md1XApZWkdv4JvNoaVnjz0S85LbEC6w9U3PUcwXfu94="; - fetchSubmodules = true; - }) {}; - beam-core = hlib.doJailbreak (finalHaskell.callCabal2nix "beam-core" "${beamSrc}/beam-core" {}); - beam-migrate = hlib.doJailbreak (finalHaskell.callCabal2nix "beam-migrate" "${beamSrc}/beam-migrate" {}); - beam-sqlite = hlib.doJailbreak (finalHaskell.callCabal2nix "beam-sqlite" "${beamSrc}/beam-sqlite" {}); - - imm = finalHaskell.callCabal2nix "imm" (pkgs.fetchFromGitHub { - owner = "k0ral"; - repo = "imm"; - rev = "5033879667264cb44cee65671a66f6aa43f249e7"; - sha256 = "PG22caLQmAGhLZP49HsazuNd8IFKKaTuhXIQBD8v4Fs="; - fetchSubmodules = true; - }) {}; - }; - }; - beamSrc = pkgs.fetchFromGitHub { - owner = "haskell-beam"; - repo = "beam"; - rev = "efd464b079755a781c2bb7a2fc030d6c141bbb8a"; - sha256 = "8nTuBP/vD0L/qMo4h3XNrGZvpIwXuMVdj40j5gvHU6w="; - fetchSubmodules = true; - }; - in haskellPackages.imm; - immWrapped = pkgs.runCommand "${imm.name}-wrapped-${config.home.username}" - { nativeBuildInputs = with pkgs; [ makeWrapper ]; - } '' - mkdir -p $out/bin - makeWrapper ${imm}/bin/imm $out/bin/imm \ - --add-flags --callbacks=${notmuchCallbacks} - ''; - - notmuchCallbacks = pkgs.writeText "imm-callbacks-${config.home.username}.dhall" '' - [ { _executable = "${immNotmuchInsert}/bin/imm-notmuch-insert" - , _arguments = [] : List Text - } - ] - ''; - - immNotmuchInsert = pkgs.stdenv.mkDerivation rec { - name = "imm-notmuch-insert-${config.home.username}"; - src = ./imm-notmuch-insert.py; - - phases = [ "buildPhase" "checkPhase" "installPhase" "fixupPhase" ]; - - python = pkgs.python39.withPackages (ps: with ps; [ configparser python-dateutil html2text ]); - - nativeBuildInputs = with pkgs; [ makeWrapper ]; - - buildPhase = '' - substituteAll $src imm-notmuch-insert - ''; - - doCheck = true; - checkPhase = '' - ${python}/bin/python -m py_compile imm-notmuch-insert - ''; - - installPhase = '' - install -m 0755 -D -t $out/bin \ - imm-notmuch-insert - ''; - - fixupPhase = '' - wrapProgram $out/bin/imm-notmuch-insert \ - --prefix PATH : ${pkgs.notmuch}/bin \ - --set NOTMUCH_CONFIG ${configPath} - ''; - }; - - mkIniKeyValue = key: value: - let - tweakVal = v: - if isString v then - v - else if isList v then - concatMapStringsSep ";" tweakVal v - else if isBool v then - (if v then "true" else "false") - else - toString v; - in "${key}=${tweakVal value}"; - - notmuchIni = { - database = { path = databasePath; }; - - maildir = { synchronize_flags = false; }; - - new = { - ignore = []; - tags = ["new"]; - }; - - user = { - name = config.home.username; - primary_email = "${config.home.username}@imm.invalid"; - }; - - search = { exclude_tags = ["deleted"]; }; - }; - configPath = pkgs.writeText "notmuchrc" (generators.toINI { mkKeyValue = mkIniKeyValue; } notmuchIni); - - afewConfigDir = pkgs.symlinkJoin { - name = "afew-config"; - paths = [ - (pkgs.writeTextDir "config" '' - [InboxFilter] - '') - ]; - }; - - notmuchHooksDir = - let - afewHook = pkgs.writeShellScript "afew" '' - exec -- ${pkgs.afew}/bin/afew -c ${afewConfigDir} -C ${configPath} --tag --new -vv - ''; - in pkgs.linkFarm "notmuch-hooks" [ - { name = "post-new"; - path = afewHook; - } - { name = "post-insert"; - path = afewHook; - } - ]; - - notmuchWrapped = pkgs.runCommand "${pkgs.notmuch.name}-wrapped-${config.home.username}" - { nativeBuildInputs = with pkgs; [ makeWrapper ]; - } '' - mkdir -p $out/bin - makeWrapper ${pkgs.notmuch}/bin/notmuch $out/bin/notmuch-feeds \ - --set NOTMUCH_CONFIG ${configPath} - ''; - alotWrapped = pkgs.runCommand "${pkgs.alot.name}-wrapped-${config.home.username}" - { nativeBuildInputs = with pkgs; [ makeWrapper gnused ]; - } '' - mkdir -p $out/bin - makeWrapper ${pkgs.alot}/bin/alot $out/bin/alot-feeds \ - --prefix MAILCAPS : ${alotMailcaps} \ - --add-flags --config=${alotConfig} \ - --add-flags --notmuch-config=${configPath} - - mkdir $out/share - ln -s ${pkgs.alot}/share/alot $out/share - mkdir -p $out/share/applications - sed -r 's/alot/alot-feeds/g' ${pkgs.alot}/share/applications/alot.desktop > $out/share/applications/alot-feeds.desktop - mkdir -p $out/share/zsh/site-functions - sed -r 's/alot/alot-feeds/g' ${pkgs.alot}/share/zsh/site-functions/_alot > $out/share/zsh/site-functions/_alot-feeds - ''; - - alotConfig = pkgs.runCommand "alot" { - realname = notmuchIni.user.name; - address = notmuchIni.user.primary_email; - } "substituteAll ${./alot.config} $out"; - alotMailcaps = pkgs.writeText "mailcaps" '' - text/html; ${pkgs.lynx}/bin/lynx -dump -dont_wrap_pre -assume_charset=utf-8 -display_charset=utf-8 "%s"; nametemplate=%s.html; copiousoutput - ''; -in { - config = { - home.packages = [ immWrapped notmuchWrapped pkgs.notmuch.man alotWrapped ]; - - home.activation.createImm = hm.dag.entryAfter ["writeBoundary"] '' - $DRY_RUN_CMD mkdir -p $VERBOSE_ARG ${config.xdg.configHome}/imm - ''; - - home.activation.createFeedsDatabase = hm.dag.entryAfter ["linkGeneration" "writeBoundary"] '' - $DRY_RUN_CMD mkdir -p -m 0750 $VERBOSE_ARG ${databasePath} - $DRY_RUN_CMD mkdir -p $VERBOSE_ARG ${databasePath}/new ${databasePath}/cur ${databasePath}/tmp - if ! [[ -d ${databasePath}/.notmuch ]]; then - NOTMUCH_VERBOSE_ARG="--quiet" - if [[ -v VERBOSE ]]; then - NOTMUCH_VERBOSE_ARG="--verbose" - fi - NOTMUCH_CONFIG=${configPath} $DRY_RUN_CMD ${pkgs.notmuch}/bin/notmuch new $NOTMUCH_VERBOSE_ARG - fi - $DRY_RUN_CMD ln -Tsf $VERBOSE_ARG ${notmuchHooksDir} ${databasePath}/.notmuch/hooks - ''; - - systemd.user.services."logrotate-imm" = { - Unit = { - Description = "Rotate imm logfile"; - }; - Service = { - Type = "oneshot"; - ExecStart = '' - ${pkgs.logrotate}/bin/logrotate --state ${config.xdg.configHome}/imm/imm.logrotate ${pkgs.writeText "logrotate.conf" '' - ${config.xdg.configHome}/imm/imm.log { - rotate 5 - size 1024k - } - ''} - ''; - }; - }; - systemd.user.timers."logrotate-imm" = { - Timer = { - OnActiveSec = "6h"; - OnUnitActiveSec = "6h"; - }; - Install = { - WantedBy = ["default.target"]; - }; - }; - }; -} diff --git a/user-profiles/tmux/default.nix b/user-profiles/tmux/default.nix index 11c53788..dc4e791f 100644 --- a/user-profiles/tmux/default.nix +++ b/user-profiles/tmux/default.nix @@ -1,10 +1,11 @@ { userName, pkgs, lib, ... }: { - home-manager.users.${userName} = { + home-manager.users.${userName} = { config, ... }: { programs.tmux = { enable = true; clock24 = true; historyLimit = 50000; + mouse = true; extraConfig = lib.readFile (pkgs.stdenv.mkDerivation { name = "tmux.conf"; src = ./tmux.conf; @@ -13,11 +14,10 @@ phases = [ "installPhase" ]; - inherit (pkgs) zsh; - mandb = pkgs.man-db; - installPhase = '' - substituteAll $src $out + substitute $src $out \ + --subst-var-by zsh ${config.programs.zsh.package} \ + --subst-var-by man ${config.programs.man.package} ''; }); }; diff --git a/user-profiles/tmux/tmux.conf b/user-profiles/tmux/tmux.conf index 415d13e7..9e658800 100644 --- a/user-profiles/tmux/tmux.conf +++ b/user-profiles/tmux/tmux.conf @@ -1,23 +1,20 @@ -set-option -g history-limit 50000 set-option -g status-bg black set-option -g status-fg white set-option -g clock-mode-colour white -set-option -g clock-mode-style 24 set-option -g bell-action any -set-option -g default-shell @zsh@/bin/zsh +set-option -g default-shell @zsh@ set-option -g update-environment 'DISPLAY SSH_ASKPASS SSH_AUTH_SOCK SSH_AGENT_PID SSH_CONNECTION WINDOWID XAUTHORITY PROMPT_INFO PATH PGHOST PGLOG' -set-option -g mouse on set-option -g set-clipboard on set-option -g terminal-overrides 'rxvt-uni*:XT:Ms=\E]52;%p1%s;%p2%s\007' set-environment -g LESS " -R " ## determine if we should enable 256-colour support -if "[[ ''${TERM} =~ 256color || ''${TERM} == fbterm || ''${TERM} =~ alacritty ]]" 'set -g default-terminal tmux-256color' +if "[[ ''${TERM} =~ 256color || ''${TERM} == fbterm || ''${TERM} =~ alacritty || ''${TERM} =~ kitty ]]" 'set -g default-terminal tmux-256color' set-option -g status-right "" -bind / command-prompt "split-window -h 'exec @mandb@/bin/man %%'" +bind / command-prompt "split-window -h 'exec @man@ %%'" bind C clock-mode bind r switch-client -r diff --git a/user-profiles/utils.nix b/user-profiles/utils.nix index 4b7c4d0f..da79e336 100644 --- a/user-profiles/utils.nix +++ b/user-profiles/utils.nix @@ -44,6 +44,8 @@ in { jq.enable = true; lesspipe.enable = true; + + man.enable = true; }; home.sessionVariables = { @@ -52,7 +54,7 @@ in { home.packages = with pkgs; [ autossh usbutils pciutils eza silver-searcher pwgen xkcdpass - unzip magic-wormhole qrencode tty-clock dnsutils openssl sshfs + unzip magic-wormhole dnsutils openssl sshfs psmisc mosh tree vnstat file pv bc zip nmap aspell aspellDicts.de aspellDicts.en borgbackup man-pages rsync socat inetutils yq cached-nix-shell persistent-nix-shell rage diff --git a/user-profiles/zsh/default.nix b/user-profiles/zsh/default.nix index 428e2459..973ff775 100644 --- a/user-profiles/zsh/default.nix +++ b/user-profiles/zsh/default.nix @@ -1,38 +1,69 @@ { userName, pkgs, customUtils, lib, config, ... }: -let - dotDir = ".config/zsh"; - p10kZsh = "${dotDir}/.p10k.zsh"; - cfg = config.home-manager.users.${userName}; -in { - home-manager.users.${userName} = { - programs.zsh = { - inherit dotDir; - enable = true; - autocd = true; - enableCompletion = true; +{ + config = { + home-manager.users.${userName} = let sysConfig = config; in { config, ... }: { + config = { + programs.zsh = { + dotDir = ".config/zsh"; + enable = true; + autocd = true; + enableCompletion = true; + enableVteIntegration = true; + history = { + append = true; + expireDuplicatesFirst = true; + extended = true; + findNoDups = true; + }; + syntaxHighlighting.enable = true; + zsh-abbr = { + enable = true; + abbreviations = { + re = "systemctl restart"; + ure = "systemctl --user restart"; + }; + globalAbbreviations = { + "L" = "| less"; + "S" = "&> /dev/null"; + "G" = "| grep"; + "B" = "&> /dev/null &"; + "BB" = "&> /dev/null &!"; + }; + }; - plugins = [ - { name = "powerlevel10k"; - file = "share/zsh-powerlevel10k/powerlevel10k.zsh-theme"; - src = pkgs.zsh-powerlevel10k; - } - ]; - initExtraFirst = '' - if [[ $TERM == "dumb" ]]; then - unsetopt zle - PS1='$ ' - return - fi - ''; - initExtraBeforeCompInit = '' - source "${cfg.home.homeDirectory}/${p10kZsh}" - ''; - initExtra = lib.mkAfter '' - source ${./zshrc} - source "${pkgs.zsh-syntax-highlighting}/share/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh" - ''; + plugins = [ + { name = "powerlevel10k"; + file = "share/zsh-powerlevel10k/powerlevel10k.zsh-theme"; + src = pkgs.zsh-powerlevel10k; + } + ]; + initContent = lib.mkMerge [ + (lib.mkBefore '' + if [[ $TERM == "dumb" ]]; then + unsetopt zle + PS1='$ ' + return + fi + '') + (lib.mkOrder 550 '' + source "$HOME/${config.xdg.configFile."zsh/.p10k.zsh".target}" + '') + (lib.mkAfter '' + source ${./zshrc} + '') + ]; + }; + + xdg.configFile."zsh/.p10k.zsh".source = ./p10k.zsh; + }; }; - home.file.${p10kZsh}.source = ./p10k.zsh; + programs.zsh.enable = true; + environment.pathsToLink = [ "/share/zsh" ]; + environment.shellAliases = lib.mkOverride 90 {}; + + nixpkgs.externalConfig.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ + "zsh-abbr" + ]; }; } diff --git a/user-profiles/zsh/zshrc b/user-profiles/zsh/zshrc index ed614182..af3aca64 100644 --- a/user-profiles/zsh/zshrc +++ b/user-profiles/zsh/zshrc @@ -33,9 +33,3 @@ zle -N self-insert url-quote-magic zle -N bracketed-paste bracketed-paste-magic setopt extended_glob - -alias -g L='| less' -alias -g S='&> /dev/null' -alias -g G='| grep' -alias -g B='&> /dev/null &' -alias -g BB='&> /dev/null &!' diff --git a/users/gkleen/default.nix b/users/gkleen/default.nix index 5cc32521..5ce93de7 100644 --- a/users/gkleen/default.nix +++ b/users/gkleen/default.nix @@ -1,7 +1,7 @@ { flake, userName, pkgs, customUtils, lib, ... }: { imports = with flake.nixosModules.userProfiles.${userName}; [ - zsh tmux utils direnv + utils direnv ]; users.users.${userName} = { diff --git a/users/root.nix b/users/root.nix index b61f9cfd..ed1acd50 100644 --- a/users/root.nix +++ b/users/root.nix @@ -3,7 +3,7 @@ let haveGKleen = flake.nixosModules.accounts ? "gkleen@${hostName}"; in { imports = with flake.nixosModules.userProfiles.${userName}; [ - zsh tmux direnv utils + direnv utils ]; users.users.${userName} = lib.mkIf haveGKleen { -- cgit v1.2.3