From 54c3d889ab6220a21bd58616ffd87bc1def85aae Mon Sep 17 00:00:00 2001 From: sstent Date: Tue, 21 Nov 2023 14:00:06 +0000 Subject: [PATCH] addin ssh key --- HyperV/configuration.nix | 23 +- HyperV/hardware.nix | 48 ++-- HyperV/hyperv.nix | 16 +- HyperV/networking.nix | 2 +- flake.nix | 223 ++++++++++-------- home-manager/global.nix | 130 +++++----- home-manager/users/sstent/default.nix | 31 ++- home-manager/users/sstent/python-packages.nix | 14 +- hosts/StuPC-WSL/default.nix | 13 +- hosts/common.nix | 165 ++++++------- hosts/go3-wsl/default.nix | 12 +- hosts/user-sstent.nix | 51 ++-- lib/attrs.nix | 8 +- lib/default.nix | 70 +++--- lib/generators.nix | 56 ++--- lib/hm_secrets.nix | 62 +++-- lib/modules.nix | 87 +++---- lib/nixos.nix | 24 +- lib/options.nix | 24 +- modules/home-manager/beets/default.nix | 68 +++--- modules/home-manager/keybase/default.nix | 38 +-- modules/home-manager/ssh-proxy/default.nix | 53 +++-- modules/nixos/mnt_public/default.nix | 40 ++-- modules/nixos/ssh/default.nix | 32 +-- modules/nixos/syncthing/default.nix | 70 +++--- modules/nixos/vpn/default.nix | 57 +++-- modules/nixos/vpn/secrets.nix | 41 ++-- modules/nixos/wsl2/default.nix | 113 ++++----- nixpkgs.nix | 11 +- overlays/default.nix | 5 +- pkgs/default.nix | 6 +- pkgs/npiperelay/default.nix | 70 +++--- shell.nix | 39 +-- 33 files changed, 873 insertions(+), 829 deletions(-) diff --git a/HyperV/configuration.nix b/HyperV/configuration.nix index 2c11239..e6b6364 100644 --- a/HyperV/configuration.nix +++ b/HyperV/configuration.nix @@ -1,7 +1,12 @@ # This is your system's configuration file. # Use this to configure your system environment (it replaces /etc/nixos/configuration.nix) - -{ lib, config, pkgs, modulesPath, ... }: { +{ + lib, + config, + pkgs, + modulesPath, + ... +}: { # You can import other NixOS modules here imports = [ @@ -10,10 +15,9 @@ # Include static network settings. ./networking.nix "${modulesPath}/virtualisation/hyperv-image.nix" - ]; - nixpkgs = { config = { allowUnfree = true; }; }; + nixpkgs = {config = {allowUnfree = true;};}; nix = { settings = { @@ -28,12 +32,12 @@ system.stateVersion = "23.05"; mymods = { - gnome.enable = true; - user_sstent.enable = true; - sshd.enable = true; + gnome.enable = true; + user_sstent.enable = true; + sshd.enable = true; }; - networking.firewall.allowedTCPPorts = [ 22 ]; + networking.firewall.allowedTCPPorts = [22]; environment.etc."ssh/ssh_host_rsa_key".source = ./ssh/ssh_host_rsa_key; environment.etc."ssh/ssh_host_rsa_key".mode = "0400"; @@ -41,7 +45,4 @@ environment.etc."ssh/ssh_host_ed25519_key".source = ./ssh/ssh_host_ed25519_key; environment.etc."ssh/ssh_host_ed25519_key".mode = "0400"; environment.etc."ssh/ssh_host_ed25519_key.pub".source = ./ssh/ssh_host_ed25519_key.pub; - - - } diff --git a/HyperV/hardware.nix b/HyperV/hardware.nix index 1ae7d0a..0507ea4 100644 --- a/HyperV/hardware.nix +++ b/HyperV/hardware.nix @@ -7,33 +7,31 @@ ... }: { # Set your system kind (needed for flakes) - nixpkgs.hostPlatform = "x86_64-linux"; - virtualisation.hypervGuest.videoMode = "1920x1080"; + nixpkgs.hostPlatform = "x86_64-linux"; + virtualisation.hypervGuest.videoMode = "1920x1080"; - boot.initrd.availableKernelModules = [ "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = ["hv_sock"]; + boot.initrd.availableKernelModules = ["sd_mod" "sr_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["hv_sock"]; - - # fileSystems."/" = { - # device = "/dev/disk/by-label/nixos"; - # autoResize = true; - # fsType = "ext4"; - # }; + # fileSystems."/" = { + # device = "/dev/disk/by-label/nixos"; + # autoResize = true; + # fsType = "ext4"; + # }; - # fileSystems."/boot" = { - # device = "/dev/disk/by-label/ESP"; - # fsType = "vfat"; - # }; - - fileSystems."/mnt/Public" = { - device = "//192.168.1.109/Public"; - fsType = "cifs"; - options = let - # this line prevents hanging on network split - automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"; - # in ["${automount_opts},credentials=/etc/nixos/smb-secrets"]; - in ["${automount_opts}"]; - }; + # fileSystems."/boot" = { + # device = "/dev/disk/by-label/ESP"; + # fsType = "vfat"; + # }; + fileSystems."/mnt/Public" = { + device = "//192.168.1.109/Public"; + fsType = "cifs"; + options = let + # this line prevents hanging on network split + automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"; + # in ["${automount_opts},credentials=/etc/nixos/smb-secrets"]; + in ["${automount_opts}"]; + }; } diff --git a/HyperV/hyperv.nix b/HyperV/hyperv.nix index 7048b48..058ce40 100644 --- a/HyperV/hyperv.nix +++ b/HyperV/hyperv.nix @@ -1,11 +1,15 @@ - -{ lib, config, pkgs, ... }: { +{ + lib, + config, + pkgs, + ... +}: { # You can import other NixOS modules here hyperv = { baseImageSize = 8096; }; -# environment.etc = { -# nixos.source = ../..; -# }; -} \ No newline at end of file + # environment.etc = { + # nixos.source = ../..; + # }; +} diff --git a/HyperV/networking.nix b/HyperV/networking.nix index 252d0e7..43b1727 100644 --- a/HyperV/networking.nix +++ b/HyperV/networking.nix @@ -21,4 +21,4 @@ ]; }; }; -} \ No newline at end of file +} diff --git a/flake.nix b/flake.nix index a169fb6..391666e 100644 --- a/flake.nix +++ b/flake.nix @@ -19,10 +19,13 @@ # Shameless plug: looking for a way to nixify your themes and make # everything match nicely? Try nix-colors! # nix-colors.url = "github:misterio77/nix-colors"; - nixos-hardware.url = "github:NixOS/nixos-hardware"; # Import nixos hardware quirks settings - # nixos-generators = { url = "github:nix-community/nixos-generators"; inputs.nixpkgs.follows = "nixpkgs";}; #import nixos-generators for building images - nixos-wsl = {url = "github:nix-community/nixos-wsl"; inputs.nixpkgs.follows = "nixpkgs";}; - sops-nix.url = github:Mic92/sops-nix; + nixos-hardware.url = "github:NixOS/nixos-hardware"; # Import nixos hardware quirks settings + # nixos-generators = { url = "github:nix-community/nixos-generators"; inputs.nixpkgs.follows = "nixpkgs";}; #import nixos-generators for building images + nixos-wsl = { + url = "github:nix-community/nixos-wsl"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + sops-nix.url = github:Mic92/sops-nix; flake-utils.url = "github:numtide/flake-utils"; # nix.url = "github:NixOS/nix/2.12.0"; vscode-server.url = "github:msteen/nixos-vscode-server"; @@ -45,112 +48,130 @@ # Flake Utility Functions utils.url = "github:gytis-ivaskevicius/flake-utils-plus"; - - }; - outputs = { self, nixpkgs, home-manager,nixpkgs-unstable,... }@inputs: - let - inherit (lib.my) mapModules mapModulesRec mapHosts; - inherit (self) outputs; + outputs = { + self, + nixpkgs, + home-manager, + nixpkgs-unstable, + ... + } @ inputs: let + inherit (lib.my) mapModules mapModulesRec mapHosts; + inherit (self) outputs; - system = "x86_64-linux"; + system = "x86_64-linux"; - mkPkgs = pkgs: extraOverlays: import pkgs { + mkPkgs = pkgs: extraOverlays: + import pkgs { inherit system; - config.allowUnfree = true; # forgive me Stallman senpai + config.allowUnfree = true; # forgive me Stallman senpai overlays = extraOverlays ++ (lib.attrValues self.overlays); }; - pkgs = mkPkgs nixpkgs [ self.overlay ]; - pkgs' = mkPkgs nixpkgs-unstable []; + pkgs = mkPkgs nixpkgs [self.overlay]; + pkgs' = mkPkgs nixpkgs-unstable []; - lib = nixpkgs.lib.extend - (self: super: { my = import ./lib { inherit pkgs inputs outputs; lib = self; }; }// home-manager.lib); + lib = + nixpkgs.lib.extend + (self: super: + { + my = import ./lib { + inherit pkgs inputs outputs; + lib = self; + }; + } + // home-manager.lib); + in { + lib = lib.my; + packages."${system}" = + mapModules ./pkgs (p: pkgs.callPackage p {}); + formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.alejandra; - in { - lib = lib.my; - packages."${system}" = - mapModules ./pkgs (p: pkgs.callPackage p {}); - - devShell."${system}" = - import ./shell.nix { inherit pkgs; }; - - overlay = - final: prev: { - #unstable = pkgs'; - my = self.packages."${system}"; - }; - - overlays = import ./overlays { inherit inputs; }; - - - # Output all modules in ./modules to flake. Modules should be in - # individual subdirectories and contain a default.nix file - nixosModules = builtins.listToAttrs (map - (x: { - name = x; - value = import (./modules/nixos + "/${x}"); - }) - (builtins.attrNames (builtins.readDir ./modules/nixos))); - - - ##import our HM modules - ## -- imported in ./home-manger/general - - homeManagerModules = builtins.listToAttrs (map - (name: { - inherit name; - value = import (./modules/home-manager + "/${name}"); - }) - (builtins.attrNames (builtins.readDir ./modules/home-manager))); - - - # nixosConfigurations = - # mapHosts ./hosts {}; - - # NixOS configuration entrypoint - # Available through 'nixos-rebuild --flake .#your-hostname' - nixosConfigurations = { - go3-wsl = nixpkgs.lib.nixosSystem { - specialArgs = { inherit inputs outputs lib;hostName = "go3-wsl"; }; - modules = [ - ./hosts/go3-wsl - ]; - }; - StuPC-WSL = nixpkgs.lib.nixosSystem { - specialArgs = { inherit inputs outputs lib; hostName = "StuPC";}; - modules = [ - ./hosts/StuPC-WSL - ]; - }; - - }; - - # Standalone home-manager configuration entrypoint - # Available through 'home-manager --flake .#your-username@your-hostname' - homeConfigurations = { - # FIXME replace with your username@hostname - "sstent@go3-wsl" = home-manager.lib.homeManagerConfiguration { - # pkgs = nixpkgs.legacyPackages.x86_64-linux; # Home-manager requires 'pkgs' instance - pkgs = pkgs; - extraSpecialArgs = { inherit inputs outputs lib; hostName = "go3-wsl"; }; - modules = [ - # > Our main home-manager configuration file < - ./home-manager/users/sstent - inputs.sops-nix.homeManagerModules.sops - ]; - }; - "sstent@StuPC-WSL" = home-manager.lib.homeManagerConfiguration { - # pkgs = nixpkgs.legacyPackages.x86_64-linux; # Home-manager requires 'pkgs' instance - pkgs = pkgs; - extraSpecialArgs = { inherit inputs outputs lib; hostName = "StuPC-WSL";}; - modules = [ - # > Our main home-manager configuration file < - ./home-manager/users/sstent - inputs.sops-nix.homeManagerModules.sops - ]; - }; - }; + devShell."${system}" = + import ./shell.nix {inherit pkgs;}; + overlay = final: prev: { + #unstable = pkgs'; + my = self.packages."${system}"; }; + + overlays = import ./overlays {inherit inputs;}; + + # Output all modules in ./modules to flake. Modules should be in + # individual subdirectories and contain a default.nix file + nixosModules = builtins.listToAttrs (map + (x: { + name = x; + value = import (./modules/nixos + "/${x}"); + }) + (builtins.attrNames (builtins.readDir ./modules/nixos))); + + ##import our HM modules + ## -- imported in ./home-manger/general + + homeManagerModules = builtins.listToAttrs (map + (name: { + inherit name; + value = import (./modules/home-manager + "/${name}"); + }) + (builtins.attrNames (builtins.readDir ./modules/home-manager))); + + # nixosConfigurations = + # mapHosts ./hosts {}; + + # NixOS configuration entrypoint + # Available through 'nixos-rebuild --flake .#your-hostname' + nixosConfigurations = { + go3-wsl = nixpkgs.lib.nixosSystem { + specialArgs = { + inherit inputs outputs lib; + hostName = "go3-wsl"; + }; + modules = [ + ./hosts/go3-wsl + ]; + }; + StuPC-WSL = nixpkgs.lib.nixosSystem { + specialArgs = { + inherit inputs outputs lib; + hostName = "StuPC"; + }; + modules = [ + ./hosts/StuPC-WSL + ]; + }; + }; + + # Standalone home-manager configuration entrypoint + # Available through 'home-manager --flake .#your-username@your-hostname' + homeConfigurations = { + # FIXME replace with your username@hostname + "sstent@go3-wsl" = home-manager.lib.homeManagerConfiguration { + # pkgs = nixpkgs.legacyPackages.x86_64-linux; # Home-manager requires 'pkgs' instance + pkgs = pkgs; + extraSpecialArgs = { + inherit inputs outputs lib; + hostName = "go3-wsl"; + }; + modules = [ + # > Our main home-manager configuration file < + ./home-manager/users/sstent + inputs.sops-nix.homeManagerModules.sops + ]; + }; + "sstent@StuPC-WSL" = home-manager.lib.homeManagerConfiguration { + # pkgs = nixpkgs.legacyPackages.x86_64-linux; # Home-manager requires 'pkgs' instance + pkgs = pkgs; + extraSpecialArgs = { + inherit inputs outputs lib; + hostName = "StuPC-WSL"; + }; + modules = [ + # > Our main home-manager configuration file < + ./home-manager/users/sstent + inputs.sops-nix.homeManagerModules.sops + ]; + }; + }; + }; } diff --git a/home-manager/global.nix b/home-manager/global.nix index a12c6eb..e8e36fc 100644 --- a/home-manager/global.nix +++ b/home-manager/global.nix @@ -1,65 +1,65 @@ -{ inputs, lib, pkgs, config, outputs, ... }: -{ - - imports = [ - # ./beets.nix - # ./keybase.nix - "${inputs.vscode-server}/modules/vscode-server/home.nix" - ] ++ (builtins.attrValues outputs.homeManagerModules); - - - -###dotfiles path variable - options._dotfiles = lib.mkOption { - type = lib.types.str; - default = "${inputs.self}/home-manager/dotfiles"; - description = "Path to the dotfiles in this repository"; - }; - -###secrets path variable - options._secrets = lib.mkOption { - type = lib.types.str; - default = "/run/user/1000/secrets/"; - description = "Path to the Secrets runtime"; - }; - - -###secretstore path variable - options._secretstore = lib.mkOption { - type = lib.types.str; - default = "${inputs.self}/secrets/"; - description = "Path to the Secrets storage"; - }; - -config = { - - - - nixpkgs = { - overlays = builtins.attrValues outputs.overlays; - config = { - allowUnfree = true; - allowUnfreePredicate = (_: true); - }; - }; - - nix = { - package = lib.mkDefault pkgs.nix; - settings = { - experimental-features = [ "nix-command" "flakes" "repl-flake" ]; - warn-dirty = false; - }; - }; - -##VSCode - services.vscode-server.enable = true; - services.vscode-server.enableFHS = true; - services.vscode-server.nodejsPackage = pkgs.nodejs-18_x; - - - programs = { - home-manager.enable = true; - git.enable = true; - }; -}; -} +{ + inputs, + lib, + pkgs, + config, + outputs, + ... +}: { + imports = + [ + # ./beets.nix + # ./keybase.nix + "${inputs.vscode-server}/modules/vscode-server/home.nix" + ] + ++ (builtins.attrValues outputs.homeManagerModules); + + ###dotfiles path variable + options._dotfiles = lib.mkOption { + type = lib.types.str; + default = "${inputs.self}/home-manager/dotfiles"; + description = "Path to the dotfiles in this repository"; + }; + + ###secrets path variable + options._secrets = lib.mkOption { + type = lib.types.str; + default = "/run/user/1000/secrets/"; + description = "Path to the Secrets runtime"; + }; + + ###secretstore path variable + options._secretstore = lib.mkOption { + type = lib.types.str; + default = "${inputs.self}/secrets/"; + description = "Path to the Secrets storage"; + }; + + config = { + nixpkgs = { + overlays = builtins.attrValues outputs.overlays; + config = { + allowUnfree = true; + allowUnfreePredicate = _: true; + }; + }; + + nix = { + package = lib.mkDefault pkgs.nix; + settings = { + experimental-features = ["nix-command" "flakes" "repl-flake"]; + warn-dirty = false; + }; + }; + + ##VSCode + services.vscode-server.enable = true; + services.vscode-server.enableFHS = true; + services.vscode-server.nodejsPackage = pkgs.nodejs-18_x; + + programs = { + home-manager.enable = true; + git.enable = true; + }; + }; +} diff --git a/home-manager/users/sstent/default.nix b/home-manager/users/sstent/default.nix index a3d2cce..2f71397 100644 --- a/home-manager/users/sstent/default.nix +++ b/home-manager/users/sstent/default.nix @@ -1,7 +1,12 @@ - -{ inputs, outputs, lib, config, pkgs, hostName, ... }: - { + inputs, + outputs, + lib, + config, + pkgs, + hostName, + ... +}: { imports = [ ../../global.nix ]; @@ -10,7 +15,7 @@ home.stateVersion = "23.05"; sops = { - age.sshKeyPaths = [ "/home/sstent/.ssh/id_ed25519" ]; + age.sshKeyPaths = ["/home/sstent/.ssh/id_ed25519"]; defaultSopsFile = "${config._secretstore}/user-secrets.yaml"; secrets = { mrconfig = { @@ -18,11 +23,9 @@ format = "binary"; path = "${config.home.homeDirectory}/.mrconfig"; }; - }; + }; }; - - # home.file."/home/sstent/.config/beets/test".source = config.lib.file.mkOutOfStoreSymlink /run/user/1000/secrets/test; # Let Home Manager install and manage itself. @@ -33,7 +36,7 @@ bitwarden-cli ansible # sshpass - (import ./python-packages.nix { pkgs = pkgs; }) + (import ./python-packages.nix {pkgs = pkgs;}) pyinfra sshpass nmap @@ -73,8 +76,8 @@ yt-dlp.enable = true; bash = { enable = true; - historyControl = [ "ignorespace" ]; - shellOptions = [ "histappend" ]; + historyControl = ["ignorespace"]; + shellOptions = ["histappend"]; sessionVariables = { DOCKER_HOST = "tcp://192.168.1.223:2375"; NOMAD_ADDR = "http://192.168.1.250:4646"; @@ -84,7 +87,7 @@ PROMPT_COMMAND = "history -a;"; # ensure synchronization between bash memory and history file SSH_AUTH_SOCK = "/home/sstent/.ssh/wsl-ssh-agent.sock"; }; - bashrcExtra = '' + bashrcExtra = '' if [ -e /home/sstent/.nix-profile/etc/profile.d/nix.sh ]; then . /home/sstent/.nix-profile/etc/profile.d/nix.sh; fi # added by Nix installer # ssh-add -l export PATH=$PATH:/bin #Fix for wslpath @@ -95,8 +98,7 @@ enable = true; userName = "sstent"; userEmail = "stuart.stent@gmail.com"; - extraConfig = { pull.rebase = true; }; - + extraConfig = {pull.rebase = true;}; }; ssh = { enable = true; @@ -114,9 +116,7 @@ }; }; }; - } - #######If Gnome # config = lib.mkIf config.mymods.gnome.enable { # programs.bash.enable = true; @@ -166,7 +166,6 @@ # ]; # }; # "org/gnome/desktop/interface" = { color-scheme = "prefer-dark"; }; - # }; # }; diff --git a/home-manager/users/sstent/python-packages.nix b/home-manager/users/sstent/python-packages.nix index 429730e..e28b3eb 100644 --- a/home-manager/users/sstent/python-packages.nix +++ b/home-manager/users/sstent/python-packages.nix @@ -1,7 +1,7 @@ -{ pkgs }: - -pkgs.python3.withPackages (p: with p; [ - requests # HTTP library - setuptools # setup.py - paramiko # ssh library -]) \ No newline at end of file +{pkgs}: +pkgs.python3.withPackages (p: + with p; [ + requests # HTTP library + setuptools # setup.py + paramiko # ssh library + ]) diff --git a/hosts/StuPC-WSL/default.nix b/hosts/StuPC-WSL/default.nix index 3a79441..d81286c 100644 --- a/hosts/StuPC-WSL/default.nix +++ b/hosts/StuPC-WSL/default.nix @@ -1,9 +1,14 @@ -{ lib, pkgs, config, inputs, ... }: { - +{ + lib, + pkgs, + config, + inputs, + ... +}: { imports = [ ../common.nix ../user-sstent.nix - inputs.nixos-wsl.nixosModules.wsl + inputs.nixos-wsl.nixosModules.wsl ]; # system.stateVersion = "22.11"; @@ -15,6 +20,4 @@ syncthing.enable = true; wsl.enable = true; }; - - } diff --git a/hosts/common.nix b/hosts/common.nix index 1543708..8308404 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -1,81 +1,84 @@ -# This file (and the global directory) holds config that i use on all hosts -{ lib, inputs, outputs, pkgs, config, ... }: -{ - imports = [ - inputs.home-manager.nixosModules.home-manager - inputs.sops-nix.nixosModules.sops - ]++ (builtins.attrValues outputs.nixosModules); - -###dotfiles path variable - options._dotfiles = lib.mkOption { - type = lib.types.str; - default = "${inputs.self}/home-manager/dotfiles"; - description = "Path to the dotfiles in this repository"; - }; - -###secrets path variable - options._secrets = lib.mkOption { - type = lib.types.str; - default = "/run/user/1000/secrets"; - description = "Path to the Secrets runtime"; - }; - - -###secretstore path variable - options._secretstore = lib.mkOption { - type = lib.types.str; - default = "${inputs.self}/secrets"; - description = "Path to the Secrets storage"; - }; - -config = { - system.stateVersion = "23.05"; - - - sops = { - defaultSopsFile = "${config._secretstore}/host-secrets.yaml"; - age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; -}; - - - home-manager = { - useUserPackages = true; - extraSpecialArgs = { inherit inputs outputs; }; - sharedModules = [ - inputs.sops-nix.homeManagerModules.sops - ]; - }; - - nixpkgs.config.allowUnfree = true; - programs.fuse.userAllowOther = true; - security.sudo.wheelNeedsPassword = false; - - # nixpkgs.overlays = overlays; - # Enable nix flakes - nix.package = pkgs.nixFlakes; - nix.extraOptions = '' - experimental-features = nix-command flakes - ''; -nix.nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; -# nix.nixPath = [ "nixpkgs=pkgs.outPath" ]; - networking.search = ["node.dc1.consul" "service.dc1.consul"]; - - -#services.envfs.enable = true; - environment.systemPackages = [ - pkgs.git - pkgs.home-manager - pkgs.sops - pkgs.ssh-to-age - pkgs.age - pkgs.bitwarden-cli - ]; - -nix.gc = { - automatic = true; # Enable the automatic garbage collector - dates = "03:15"; # When to run the garbage collector - options = "-d"; # Arguments to pass to nix-collect-garbage -}; - -}; -} +# This file (and the global directory) holds config that i use on all hosts +{ + lib, + inputs, + outputs, + pkgs, + config, + ... +}: { + imports = + [ + inputs.home-manager.nixosModules.home-manager + inputs.sops-nix.nixosModules.sops + ] + ++ (builtins.attrValues outputs.nixosModules); + + ###dotfiles path variable + options._dotfiles = lib.mkOption { + type = lib.types.str; + default = "${inputs.self}/home-manager/dotfiles"; + description = "Path to the dotfiles in this repository"; + }; + + ###secrets path variable + options._secrets = lib.mkOption { + type = lib.types.str; + default = "/run/user/1000/secrets"; + description = "Path to the Secrets runtime"; + }; + + ###secretstore path variable + options._secretstore = lib.mkOption { + type = lib.types.str; + default = "${inputs.self}/secrets"; + description = "Path to the Secrets storage"; + }; + + config = { + system.stateVersion = "23.05"; + + sops = { + defaultSopsFile = "${config._secretstore}/host-secrets.yaml"; + age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; + }; + + home-manager = { + useUserPackages = true; + extraSpecialArgs = {inherit inputs outputs;}; + sharedModules = [ + inputs.sops-nix.homeManagerModules.sops + ]; + }; + + nixpkgs.config.allowUnfree = true; + programs.fuse.userAllowOther = true; + security.sudo.wheelNeedsPassword = false; + + # nixpkgs.overlays = overlays; + # Enable nix flakes + nix.package = pkgs.nixFlakes; + nix.extraOptions = '' + experimental-features = nix-command flakes + ''; + nix.nixPath = ["nixpkgs=${inputs.nixpkgs}"]; + # nix.nixPath = [ "nixpkgs=pkgs.outPath" ]; + networking.search = ["node.dc1.consul" "service.dc1.consul"]; + + #services.envfs.enable = true; + environment.systemPackages = [ + pkgs.git + pkgs.home-manager + pkgs.sops + pkgs.ssh-to-age + pkgs.age + pkgs.bitwarden-cli + ]; + + nix.gc = { + automatic = true; # Enable the automatic garbage collector + dates = "03:15"; # When to run the garbage collector + options = "-d"; # Arguments to pass to nix-collect-garbage + }; + }; +} diff --git a/hosts/go3-wsl/default.nix b/hosts/go3-wsl/default.nix index a4ea4b4..177116b 100644 --- a/hosts/go3-wsl/default.nix +++ b/hosts/go3-wsl/default.nix @@ -1,9 +1,14 @@ -{ lib, pkgs, config, inputs, ... }: { - +{ + lib, + pkgs, + config, + inputs, + ... +}: { imports = [ ../common.nix ../user-sstent.nix - inputs.nixos-wsl.nixosModules.wsl + inputs.nixos-wsl.nixosModules.wsl ]; # system.stateVersion = "22.11"; @@ -16,5 +21,4 @@ syncthing.enable = true; wsl.enable = true; }; - } diff --git a/hosts/user-sstent.nix b/hosts/user-sstent.nix index ba53352..954b1a7 100644 --- a/hosts/user-sstent.nix +++ b/hosts/user-sstent.nix @@ -1,25 +1,26 @@ -{ inputs, lib, config, ... }: -{ - - sops.secrets.sstent_password = { - #sopsFile = ./secrets.yaml; - neededForUsers = true; - }; - - users.users = { - sstent = { - # initialPassword = "farscape5"; - uid = 1000; - passwordFile = config.sops.secrets.sstent_password.path; - isNormalUser = true; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+D4o3mL4BQsRr0UIhB1hn0brSTIJ9Lr0m2fMMVGF3tIuEihnmwGTeAX78q5/bmoo4gZy7G+CHal54S1lY8LY1KvmIDCpPJ8848HvLbTiTX3qZ7Mjaav+Ox9eHMwX+7zkPwdhfP8TDvmNe12j1GEKBhAm+FhdBQCbEV7cbm1SkX0+WBGoVvI2qbRm1RF0mOuTAmO3Lr2YeAcKJ21YxwNMv1Qrj7oxGYH9rLHLNwZ/0soIdTC9cikl4DHyvCs4HRYcVw36uuCVc/AyIT2GeETRapAQr8nzT89Haa1IThgZ9ztjSsSSOtrUhxatlMIfTIpVjl/gWq7GLfqd/ei/evTal sstent@StuPC" - ]; - extraGroups = [ "wheel" "video" ]; - - }; - }; - -# home-manager.users.misterio = import home/${config.networking.hostName}.nix; - -} \ No newline at end of file +{ + inputs, + lib, + config, + ... +}: { + sops.secrets.sstent_password = { + #sopsFile = ./secrets.yaml; + neededForUsers = true; + }; + + users.users = { + sstent = { + # initialPassword = "farscape5"; + uid = 1000; + passwordFile = config.sops.secrets.sstent_password.path; + isNormalUser = true; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+D4o3mL4BQsRr0UIhB1hn0brSTIJ9Lr0m2fMMVGF3tIuEihnmwGTeAX78q5/bmoo4gZy7G+CHal54S1lY8LY1KvmIDCpPJ8848HvLbTiTX3qZ7Mjaav+Ox9eHMwX+7zkPwdhfP8TDvmNe12j1GEKBhAm+FhdBQCbEV7cbm1SkX0+WBGoVvI2qbRm1RF0mOuTAmO3Lr2YeAcKJ21YxwNMv1Qrj7oxGYH9rLHLNwZ/0soIdTC9cikl4DHyvCs4HRYcVw36uuCVc/AyIT2GeETRapAQr8nzT89Haa1IThgZ9ztjSsSSOtrUhxatlMIfTIpVjl/gWq7GLfqd/ei/evTal sstent@StuPC" + ]; + extraGroups = ["wheel" "video"]; + }; + }; + + # home-manager.users.misterio = import home/${config.networking.hostName}.nix; +} diff --git a/lib/attrs.nix b/lib/attrs.nix index 0f8ebd1..99c74bd 100644 --- a/lib/attrs.nix +++ b/lib/attrs.nix @@ -1,11 +1,9 @@ -{ lib, ... }: - +{lib, ...}: with builtins; -with lib; -rec { +with lib; rec { # attrsToList attrsToList = attrs: - mapAttrsToList (name: value: { inherit name value; }) attrs; + mapAttrsToList (name: value: {inherit name value;}) attrs; # mapFilterAttrs :: # (name -> value -> bool) diff --git a/lib/default.nix b/lib/default.nix index 5349379..a5404c6 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -1,33 +1,37 @@ -# {lib}: -# lib.makeExtensible (self: -# let -# callLibs = file: import file { lib = self; }; -# in -# rec { -# ## Define your own library functions here! -# #id = x: x; -# ## Or in files, containing functions that take {lib} -# map = callLibs ./map.nix; -# ## In configs, they can be used under "lib.our" -# }) - - - -{ inputs, lib, pkgs, ... }: - -let - inherit (lib) makeExtensible attrValues foldr; - inherit (modules) mapModules; - - modules = import ./modules.nix { - inherit lib; - self.attrs = import ./attrs.nix { inherit lib; self = {}; }; - }; - - mylib = makeExtensible (self: - with self; mapModules ./. - (file: import file { inherit self lib pkgs inputs; })); -in -mylib.extend - (self: super: - foldr (a: b: a // b) {} (attrValues super)) \ No newline at end of file +# {lib}: +# lib.makeExtensible (self: +# let +# callLibs = file: import file { lib = self; }; +# in +# rec { +# ## Define your own library functions here! +# #id = x: x; +# ## Or in files, containing functions that take {lib} +# map = callLibs ./map.nix; +# ## In configs, they can be used under "lib.our" +# }) +{ + inputs, + lib, + pkgs, + ... +}: let + inherit (lib) makeExtensible attrValues foldr; + inherit (modules) mapModules; + + modules = import ./modules.nix { + inherit lib; + self.attrs = import ./attrs.nix { + inherit lib; + self = {}; + }; + }; + + mylib = makeExtensible (self: + with self; + mapModules ./. + (file: import file {inherit self lib pkgs inputs;})); +in + mylib.extend + (self: super: + foldr (a: b: a // b) {} (attrValues super)) diff --git a/lib/generators.nix b/lib/generators.nix index 4b298e5..6a34e80 100644 --- a/lib/generators.nix +++ b/lib/generators.nix @@ -1,30 +1,32 @@ -{ lib, pkgs, ... }: - -with builtins; -with lib; { - toCSSFile = file: - let fileName = removeSuffix ".scss" (baseNameOf file); - compiledStyles = - pkgs.runCommand "compileScssFile" - { buildInputs = [ pkgs.sass ]; } '' - mkdir "$out" - scss --sourcemap=none \ - --no-cache \ - --style compressed \ - --default-encoding utf-8 \ - "${file}" \ - >>"$out/${fileName}.css" - ''; - in "${compiledStyles}/${fileName}.css"; + lib, + pkgs, + ... +}: +with builtins; +with lib; { + toCSSFile = file: let + fileName = removeSuffix ".scss" (baseNameOf file); + compiledStyles = + pkgs.runCommand "compileScssFile" + {buildInputs = [pkgs.sass];} '' + mkdir "$out" + scss --sourcemap=none \ + --no-cache \ + --style compressed \ + --default-encoding utf-8 \ + "${file}" \ + >>"$out/${fileName}.css" + ''; + in "${compiledStyles}/${fileName}.css"; - toFilteredImage = imageFile: options: - let result = "result.png"; - filteredImage = - pkgs.runCommand "filterWallpaper" - { buildInputs = [ pkgs.imagemagick ]; } '' - mkdir "$out" - convert ${options} ${imageFile} $out/${result} - ''; - in "${filteredImage}/${result}"; + toFilteredImage = imageFile: options: let + result = "result.png"; + filteredImage = + pkgs.runCommand "filterWallpaper" + {buildInputs = [pkgs.imagemagick];} '' + mkdir "$out" + convert ${options} ${imageFile} $out/${result} + ''; + in "${filteredImage}/${result}"; } diff --git a/lib/hm_secrets.nix b/lib/hm_secrets.nix index 6449f18..c8b8a66 100644 --- a/lib/hm_secrets.nix +++ b/lib/hm_secrets.nix @@ -1,32 +1,30 @@ -{lib, ...}: let - inherit - (builtins) - readDir - ; - - inherit - (lib) - filterAttrs - hasPrefix - hasSuffix - mapAttrs' - nameValuePair - - ; -in rec { - filter = name: func: attrs: filterAttrs name (mapAttrs' func attrs); - - # 'sops' Encrypted Secrets - hm_secrets = dir: out_dir: - filter (name: type: type != null && !(hasPrefix "_" name)) (name: type: - # if type == "regular" && hasSuffix ".age" name - if type == "regular" - then - nameValuePair name { - sopsFile = dir + "/${name}"; - format = "binary"; - path = out_dir + "/${name}"; - - } - else nameValuePair "" null) (readDir dir); -} \ No newline at end of file +{lib, ...}: let + inherit + (builtins) + readDir + ; + + inherit + (lib) + filterAttrs + hasPrefix + hasSuffix + mapAttrs' + nameValuePair + ; +in rec { + filter = name: func: attrs: filterAttrs name (mapAttrs' func attrs); + + # 'sops' Encrypted Secrets + hm_secrets = dir: out_dir: + filter (name: type: type != null && !(hasPrefix "_" name)) (name: type: + # if type == "regular" && hasSuffix ".age" name + if type == "regular" + then + nameValuePair name { + sopsFile = dir + "/${name}"; + format = "binary"; + path = out_dir + "/${name}"; + } + else nameValuePair "" null) (readDir dir); +} diff --git a/lib/modules.nix b/lib/modules.nix index 47743f1..97f1397 100644 --- a/lib/modules.nix +++ b/lib/modules.nix @@ -1,53 +1,60 @@ -{ self, lib, ... }: - -let +{ + self, + lib, + ... +}: let inherit (builtins) attrValues readDir pathExists concatLists; inherit (lib) id mapAttrsToList filterAttrs hasPrefix hasSuffix nameValuePair removeSuffix; inherit (self.attrs) mapFilterAttrs; -in -rec { +in rec { mapModules = dir: fn: mapFilterAttrs - (n: v: - v != null && - !(hasPrefix "_" n)) - (n: v: - let path = "${toString dir}/${n}"; in - if v == "directory" && pathExists "${path}/default.nix" - then nameValuePair n (fn path) - else if v == "regular" && - n != "default.nix" && - hasSuffix ".nix" n - then nameValuePair (removeSuffix ".nix" n) (fn path) - else nameValuePair "" null) - (readDir dir); + (n: v: + v + != null + && !(hasPrefix "_" n)) + (n: v: let + path = "${toString dir}/${n}"; + in + if v == "directory" && pathExists "${path}/default.nix" + then nameValuePair n (fn path) + else if + v + == "regular" + && n != "default.nix" + && hasSuffix ".nix" n + then nameValuePair (removeSuffix ".nix" n) (fn path) + else nameValuePair "" null) + (readDir dir); mapModules' = dir: fn: attrValues (mapModules dir fn); mapModulesRec = dir: fn: mapFilterAttrs - (n: v: - v != null && - !(hasPrefix "_" n)) - (n: v: - let path = "${toString dir}/${n}"; in - if v == "directory" - then nameValuePair n (mapModulesRec path fn) - else if v == "regular" && n != "default.nix" && hasSuffix ".nix" n - then nameValuePair (removeSuffix ".nix" n) (fn path) - else nameValuePair "" null) - (readDir dir); + (n: v: + v + != null + && !(hasPrefix "_" n)) + (n: v: let + path = "${toString dir}/${n}"; + in + if v == "directory" + then nameValuePair n (mapModulesRec path fn) + else if v == "regular" && n != "default.nix" && hasSuffix ".nix" n + then nameValuePair (removeSuffix ".nix" n) (fn path) + else nameValuePair "" null) + (readDir dir); - mapModulesRec' = dir: fn: - let - dirs = - mapAttrsToList - (k: _: "${dir}/${k}") - (filterAttrs - (n: v: v == "directory" && !(hasPrefix "_" n)) - (readDir dir)); - files = attrValues (mapModules dir id); - paths = files ++ concatLists (map (d: mapModulesRec' d id) dirs); - in map fn paths; + mapModulesRec' = dir: fn: let + dirs = + mapAttrsToList + (k: _: "${dir}/${k}") + (filterAttrs + (n: v: v == "directory" && !(hasPrefix "_" n)) + (readDir dir)); + files = attrValues (mapModules dir id); + paths = files ++ concatLists (map (d: mapModulesRec' d id) dirs); + in + map fn paths; } diff --git a/lib/nixos.nix b/lib/nixos.nix index 4595af7..95393db 100644 --- a/lib/nixos.nix +++ b/lib/nixos.nix @@ -1,25 +1,29 @@ -{ inputs, lib, pkgs, ... }: - +{ + inputs, + lib, + pkgs, + ... +}: with lib; -with lib.my; -let sys = "x86_64-linux"; +with lib.my; let + sys = "x86_64-linux"; in { - mkHost = path: attrs @ { system ? sys, ... }: + mkHost = path: attrs @ {system ? sys, ...}: nixosSystem { inherit system; - specialArgs = { inherit lib inputs system; }; + specialArgs = {inherit lib inputs system;}; modules = [ { nixpkgs.pkgs = pkgs; networking.hostName = mkDefault (removeSuffix ".nix" (baseNameOf path)); } - (filterAttrs (n: v: !elem n [ "system" ]) attrs) - ../. # /default.nix + (filterAttrs (n: v: !elem n ["system"]) attrs) + ../. # /default.nix (import path) ]; }; - mapHosts = dir: attrs @ { system ? system, ... }: + mapHosts = dir: attrs @ {system ? system, ...}: mapModules dir - (hostPath: mkHost hostPath attrs); + (hostPath: mkHost hostPath attrs); } diff --git a/lib/options.nix b/lib/options.nix index 2b9c081..13d3843 100644 --- a/lib/options.nix +++ b/lib/options.nix @@ -1,18 +1,16 @@ -{ lib, ... }: - -let +{lib, ...}: let inherit (lib) mkOption types; -in -rec { - mkOpt = type: default: - mkOption { inherit type default; }; +in rec { + mkOpt = type: default: + mkOption {inherit type default;}; mkOpt' = type: default: description: - mkOption { inherit type default description; }; + mkOption {inherit type default description;}; - mkBoolOpt = default: mkOption { - inherit default; - type = types.bool; - example = true; - }; + mkBoolOpt = default: + mkOption { + inherit default; + type = types.bool; + example = true; + }; } diff --git a/modules/home-manager/beets/default.nix b/modules/home-manager/beets/default.nix index 42674df..a6b97d8 100644 --- a/modules/home-manager/beets/default.nix +++ b/modules/home-manager/beets/default.nix @@ -1,7 +1,11 @@ -{ config, pkgs, lib, ... }: -with lib; - -let cfg = config.custom.beets; +{ + config, + pkgs, + lib, + ... +}: +with lib; let + cfg = config.custom.beets; in { options.custom.beets = { enable = mkOption { @@ -16,13 +20,12 @@ in { pkgs.ffmpeg # for replaygain ]; - - sops = { - secrets.discogs_json = { - path = "${config.xdg.configHome}/beets/discogs_token.json"; + sops = { + secrets.discogs_json = { + path = "${config.xdg.configHome}/beets/discogs_token.json"; + }; }; - }; - programs.beets = { + programs.beets = { enable = true; settings = { album_fields = { @@ -48,12 +51,12 @@ in { bracket = "[]"; ignore_va = "compilation"; types = [ - { ep = "EP"; } - { single = "Single"; } - { soundtrack = "OST"; } - { live = "Live"; } - { compilation = "Anthology"; } - { remix = "Remix"; } + {ep = "EP";} + {single = "Single";} + {soundtrack = "OST";} + {live = "Live";} + {compilation = "Anthology";} + {remix = "Remix";} ]; }; aunique = { @@ -61,9 +64,9 @@ in { disambiguators = "media"; keys = "albumartist album"; }; - copyartifacts = { extensions = ".cue .log .jpg .jpeg .png .txt"; }; + copyartifacts = {extensions = ".cue .log .jpg .jpeg .png .txt";}; directory = "/mnt/q/CleanMusic/"; - embedart = { auto = true; }; + embedart = {auto = true;}; extrafiles = { paths = { artworkdir = "$albumpath/Artwork"; @@ -73,7 +76,7 @@ in { }; patterns = { all = "*.*"; - artworkdir = [ "[sS]cans/" "[aA]rtwork/" "[aA]rt/" "[cC]over/" ]; + artworkdir = ["[sS]cans/" "[aA]rtwork/" "[aA]rt/" "[cC]over/"]; }; }; fetchart = { @@ -93,8 +96,7 @@ in { isMultidisc = "1 if disctotal > 1 else 0"; myBitDepth = "('' if bitdepth != 24 else '[24bit - '+ media + ']')"; myDisc = "('' if disctotal <= 1 else str(disc) + ' - ')"; - mySongartist = - "artist + ' - ' if artist != albumartist and artist != '' else ''"; + mySongartist = "artist + ' - ' if artist != albumartist and artist != '' else ''"; }; library = "~/musiclibrary.db"; match = { @@ -123,8 +125,7 @@ in { }; missing = { format_album = "$albumartist: ($year) $album $albumtype $atype"; - format_item = - "$albumartist - $album [$albumtype]$atype: $track/$tracktotal $title"; + format_item = "$albumartist - $album [$albumtype]$atype: $track/$tracktotal $title"; }; musicbrainz = { pass = "7ANCLPczDNFn6Sf65vdZ"; @@ -132,12 +133,9 @@ in { }; original_date = true; paths = { - "albumtype:soundtrack" = - "Soundtracks/$albumartist - $album%aunique{} ($year)/$myDisc$track - $artist - $title"; - comp = - "Compilations/$albumartist/($year) $album%aunique{}/$myDisc$track - $artist - $title"; - default = - "%if{$artist_grouping,$artist_grouping/}$first_artist/$year - $album $atype%aunique{media}[%upper{$format}$bitdepth]%if{$media,[$media]}/%if{$isMultidisc,$disc - }$track - $mySongartist$title"; + "albumtype:soundtrack" = "Soundtracks/$albumartist - $album%aunique{} ($year)/$myDisc$track - $artist - $title"; + comp = "Compilations/$albumartist/($year) $album%aunique{}/$myDisc$track - $artist - $title"; + default = "%if{$artist_grouping,$artist_grouping/}$first_artist/$year - $album $atype%aunique{media}[%upper{$format}$bitdepth]%if{$media,[$media]}/%if{$isMultidisc,$disc - }$track - $mySongartist$title"; }; per_disc_numbering = true; plugins = [ @@ -154,25 +152,21 @@ in { "replaygain" "info" ]; - replaygain = { + replaygain = { backend = "ffmpeg"; }; rewrite = { "artist Björk & Tríó Guðmundar Ingólfssonar" = "Björk"; "artist Brant Bjork and The Low Desert Punk Band" = "Brant Bjork"; - "artist King Gizzard & The Lizard Wizard with Mild High Club" = - "King Gizzard & The Lizard Wizard"; + "artist King Gizzard & The Lizard Wizard with Mild High Club" = "King Gizzard & The Lizard Wizard"; "artist Kyuss _ Queens of the Stone Age" = "Kyuss"; "artist Professor Elemental & Tom Caruana" = "Professor Elemental"; "artist Resin Dogs Feat Spikey Tee" = "Resin Dogs"; "artist Sepultura _ Exodus" = "Sepultura"; - "artist The Knife in collaboration with Mount Sims and Planningtorock" = - "The Knife"; + "artist The Knife in collaboration with Mount Sims and Planningtorock" = "The Knife"; "artist Unida _ Dozer" = "Unida"; }; }; - }; -}; + }; } - diff --git a/modules/home-manager/keybase/default.nix b/modules/home-manager/keybase/default.nix index e661736..9ee8509 100644 --- a/modules/home-manager/keybase/default.nix +++ b/modules/home-manager/keybase/default.nix @@ -1,11 +1,17 @@ -{ config, pkgs, inputs, lib, util, hostName, ... }: +{ + config, + pkgs, + inputs, + lib, + util, + hostName, + ... +}: with lib; -with lib.my; -let -cfg = config.custom.keybase; -username = config.home.username; -secretstore = config._secretstore; - +with lib.my; let + cfg = config.custom.keybase; + username = config.home.username; + secretstore = config._secretstore; in { options.custom.keybase = { enable = mkOption { @@ -15,16 +21,14 @@ in { }; }; - config = mkIf cfg.enable { - services.keybase.enable = true; - services.kbfs.enable = true; - systemd.user.services.keybase.Unit.After = [ "sops-nix.service" ]; - systemd.user.services.kbfs.Unit.After = [ "sops-nix.service" ]; + services.keybase.enable = true; + services.kbfs.enable = true; + systemd.user.services.keybase.Unit.After = ["sops-nix.service"]; + systemd.user.services.kbfs.Unit.After = ["sops-nix.service"]; - sops = { - secrets = hm_secrets "${secretstore}/user_dotfiles/${username}@${hostName}/keybase/" "${config.xdg.configHome}/keybase/"; - }; -}; + sops = { + secrets = hm_secrets "${secretstore}/user_dotfiles/${username}@${hostName}/keybase/" "${config.xdg.configHome}/keybase/"; + }; + }; } - diff --git a/modules/home-manager/ssh-proxy/default.nix b/modules/home-manager/ssh-proxy/default.nix index cf82fe2..50a7b33 100644 --- a/modules/home-manager/ssh-proxy/default.nix +++ b/modules/home-manager/ssh-proxy/default.nix @@ -1,7 +1,11 @@ -{ lib, pkgs, config, ... }: -with lib; - -let cfg = config.custom.ssh-proxy; +{ + lib, + pkgs, + config, + ... +}: +with lib; let + cfg = config.custom.ssh-proxy; in { options.custom.ssh-proxy = { enable = mkOption { @@ -14,31 +18,28 @@ in { }; config = mkIf cfg.enable { - home.packages = with pkgs; [ - npiperelay - socat + npiperelay + socat ]; + systemd.user = { + startServices = true; - systemd.user = { - - startServices = true; - - services.ssh-proxy = { - Unit = { Description = "WSL Proxy"; After = "sops-nix.service";}; - Install = { WantedBy = [ "default.target" ]; }; - Service = { - ExecStart = "${pkgs.writeShellScript "start-proxy" '' -set -x -o xtrace # print commands -${pkgs.coreutils}/bin/rm -f /home/sstent/.ssh/wsl-ssh-agent.sock -${pkgs.util-linux}/bin/setsid ${pkgs.socat}/bin/socat UNIX-LISTEN:/home/sstent/.ssh/wsl-ssh-agent.sock,fork EXEC:"${pkgs.npiperelay}/bin/npiperelay.exe -ei -s //./pipe/openssh-ssh-agent",nofork - ''}"; + services.ssh-proxy = { + Unit = { + Description = "WSL Proxy"; + After = "sops-nix.service"; + }; + Install = {WantedBy = ["default.target"];}; + Service = { + ExecStart = "${pkgs.writeShellScript "start-proxy" '' + set -x -o xtrace # print commands + ${pkgs.coreutils}/bin/rm -f /home/sstent/.ssh/wsl-ssh-agent.sock + ${pkgs.util-linux}/bin/setsid ${pkgs.socat}/bin/socat UNIX-LISTEN:/home/sstent/.ssh/wsl-ssh-agent.sock,fork EXEC:"${pkgs.npiperelay}/bin/npiperelay.exe -ei -s //./pipe/openssh-ssh-agent",nofork + ''}"; + }; + }; }; - }; - }; - - - }; -} \ No newline at end of file +} diff --git a/modules/nixos/mnt_public/default.nix b/modules/nixos/mnt_public/default.nix index 21d8271..165b359 100644 --- a/modules/nixos/mnt_public/default.nix +++ b/modules/nixos/mnt_public/default.nix @@ -1,19 +1,21 @@ -{ lib, inputs, outputs, config, ... }: -with lib; - - let cfg = config.custom.mnt_public; -in { - options.custom.mnt_public.enable = mkEnableOption "Enable mnt/Public"; - - config = mkIf cfg.enable { - - - fileSystems."/mnt/Public" = { - device = "//192.168.1.109/Public"; - fsType = "cifs"; - # options = ["uid=0,gid=1000"]; - options = ["guest" "uid=1000"]; - }; - }; -} - +{ + lib, + inputs, + outputs, + config, + ... +}: +with lib; let + cfg = config.custom.mnt_public; +in { + options.custom.mnt_public.enable = mkEnableOption "Enable mnt/Public"; + + config = mkIf cfg.enable { + fileSystems."/mnt/Public" = { + device = "//192.168.1.109/Public"; + fsType = "cifs"; + # options = ["uid=0,gid=1000"]; + options = ["guest" "uid=1000"]; + }; + }; +} diff --git a/modules/nixos/ssh/default.nix b/modules/nixos/ssh/default.nix index 7ee6071..a69da60 100644 --- a/modules/nixos/ssh/default.nix +++ b/modules/nixos/ssh/default.nix @@ -1,20 +1,22 @@ -{ lib, pkgs, config, ... }: -with lib; - -let cfg = config.custom.sshd; +{ + lib, + pkgs, + config, + ... +}: +with lib; let + cfg = config.custom.sshd; in { - - #define option to enable this + #define option to enable this options.custom.sshd.enable = mkEnableOption "Enable SSH"; config = mkIf cfg.enable { -services.openssh = { - enable = true; - permitRootLogin = "no"; - passwordAuthentication = false; -}; + services.openssh = { + enable = true; + permitRootLogin = "no"; + passwordAuthentication = false; + }; - networking.firewall.allowedTCPPorts = [ 22 ]; - -}; -} \ No newline at end of file + networking.firewall.allowedTCPPorts = [22]; + }; +} diff --git a/modules/nixos/syncthing/default.nix b/modules/nixos/syncthing/default.nix index 3a6e556..ff84da0 100644 --- a/modules/nixos/syncthing/default.nix +++ b/modules/nixos/syncthing/default.nix @@ -1,33 +1,37 @@ -{ lib, inputs, outputs, config, ... }: -with lib; - - let cfg = config.custom.syncthing; -in { - options.custom.syncthing.enable = mkEnableOption "Enable mnt/Public"; - - config = mkIf cfg.enable { - -services.syncthing = { - enable = true; - dataDir = "/home/sstent"; - openDefaultPorts = true; - configDir = "/home/sstent/.config/syncthing"; - user = "sstent"; - group = "users"; - guiAddress = "0.0.0.0:8385"; - - overrideDevices = true; - overrideFolders = true; - devices = { - "StuPC" = { id = "Z43MPGF-OKG6K34-WTTFUDO-UG6E3TE-YCLSOAT-5LN5KMW-QHL2VSK-EZCGCAP"; }; - "go3" = { id = "YDOL433-AHAL33M-NWLLDDQ-2D36ZIE-YNZVTKE-25TRBZ2-JXRSN7Y-Z5EOVQN"; }; - }; - folders = { - "default" = { - path = "/home/sstent/sync"; - devices = [ "StuPC" "go3" ]; - }; - }; -}; - }; -} +{ + lib, + inputs, + outputs, + config, + ... +}: +with lib; let + cfg = config.custom.syncthing; +in { + options.custom.syncthing.enable = mkEnableOption "Enable mnt/Public"; + + config = mkIf cfg.enable { + services.syncthing = { + enable = true; + dataDir = "/home/sstent"; + openDefaultPorts = true; + configDir = "/home/sstent/.config/syncthing"; + user = "sstent"; + group = "users"; + guiAddress = "0.0.0.0:8385"; + + overrideDevices = true; + overrideFolders = true; + devices = { + "StuPC" = {id = "Z43MPGF-OKG6K34-WTTFUDO-UG6E3TE-YCLSOAT-5LN5KMW-QHL2VSK-EZCGCAP";}; + "go3" = {id = "YDOL433-AHAL33M-NWLLDDQ-2D36ZIE-YNZVTKE-25TRBZ2-JXRSN7Y-Z5EOVQN";}; + }; + folders = { + "default" = { + path = "/home/sstent/sync"; + devices = ["StuPC" "go3"]; + }; + }; + }; + }; +} diff --git a/modules/nixos/vpn/default.nix b/modules/nixos/vpn/default.nix index 6c34eeb..9ef2140 100644 --- a/modules/nixos/vpn/default.nix +++ b/modules/nixos/vpn/default.nix @@ -1,41 +1,38 @@ -{ lib, pkgs, config, ... }: -with lib; +{ + lib, + pkgs, + config, + ... +}: +with lib; let + secretstore = config._secretstore; + host = config.networking.hostName; -let -secretstore = config._secretstore; -host = config.networking.hostName; - -cfg = config.custom.mullvad; - -secret = if builtins.pathExists "${secretstore}/hosts/${host}/mullvad/device.json" then - ./secrets.nix - else - { }; + cfg = config.custom.mullvad; + secret = + if builtins.pathExists "${secretstore}/hosts/${host}/mullvad/device.json" + then ./secrets.nix + else {}; in { - - #define option to enable this + #define option to enable this options.custom.mullvad.enable = mkEnableOption "Enable SSH"; # imports = [ secret ]; config = mkIf cfg.enable { - networking.wireguard.enable = true; - services.mullvad-vpn.enable = true; + networking.wireguard.enable = true; + services.mullvad-vpn.enable = true; # set some options after every daemon start - # to avoid accidentally leaving unsafe settings - systemd.services."mullvad-daemon" = { - postStart = '' - while ! ${pkgs.mullvad}/bin/mullvad status >/dev/null; do sleep 1; done - ${pkgs.mullvad}/bin/mullvad lan set allow #enable local lan access - ${pkgs.mullvad}/bin/mullvad relay set tunnel-protocol wireguard - ${pkgs.mullvad}/bin/mullvad relay set location ca mtr - ''; + # to avoid accidentally leaving unsafe settings + systemd.services."mullvad-daemon" = { + postStart = '' + while ! ${pkgs.mullvad}/bin/mullvad status >/dev/null; do sleep 1; done + ${pkgs.mullvad}/bin/mullvad lan set allow #enable local lan access + ${pkgs.mullvad}/bin/mullvad relay set tunnel-protocol wireguard + ${pkgs.mullvad}/bin/mullvad relay set location ca mtr + ''; + }; }; - - - - -}; -} \ No newline at end of file +} diff --git a/modules/nixos/vpn/secrets.nix b/modules/nixos/vpn/secrets.nix index 28c889d..cad2f7d 100644 --- a/modules/nixos/vpn/secrets.nix +++ b/modules/nixos/vpn/secrets.nix @@ -1,23 +1,18 @@ -{ lib, pkgs, config, ... }: -with lib; - -let -secretstore = config._secretstore; -host = config.networking.hostName; -secretpath = "${secretstore}/hosts/${host}/mullvad/device.json"; - -in { - - - sops.secrets.device_json= { - sopsFile = "${secretstore}/hosts/${host}/mullvad/device.json"; - device_json.format = "binary"; - }; - - environment.etc."mullvad-vpn/device.conf".source = config.sops.secrets.device_json.path; - - - - - -} \ No newline at end of file +{ + lib, + pkgs, + config, + ... +}: +with lib; let + secretstore = config._secretstore; + host = config.networking.hostName; + secretpath = "${secretstore}/hosts/${host}/mullvad/device.json"; +in { + sops.secrets.device_json = { + sopsFile = "${secretstore}/hosts/${host}/mullvad/device.json"; + device_json.format = "binary"; + }; + + environment.etc."mullvad-vpn/device.conf".source = config.sops.secrets.device_json.path; +} diff --git a/modules/nixos/wsl2/default.nix b/modules/nixos/wsl2/default.nix index 01af8d8..0c94245 100644 --- a/modules/nixos/wsl2/default.nix +++ b/modules/nixos/wsl2/default.nix @@ -1,56 +1,57 @@ -{ lib, inputs, outputs, config, pkgs, ... }: -with lib; - - let cfg = config.custom.wsl; -in { - options.custom.wsl.enable = mkEnableOption "Enable WSL2 settings"; - - config = mkIf cfg.enable { - - # Enable native Docker support - virtualisation.docker.enable = true; - - wsl = { - enable = true; - wslConf.automount.root = "/mnt"; - defaultUser = "sstent"; - startMenuLaunchers = true; - wslConf.interop.appendWindowsPath = false; - #No longer needed in 23.05 - #interop.preserveArgvZero = true; - #docker-native.enable = true; - - nativeSystemd = true; - # Enable integration with Docker Desktop (needs to be installed) - # docker-desktop.enable = true; - }; - - systemd.services.nixs-wsl-systemd-fix = { - description = "Fix the /dev/shm symlink to be a mount"; - unitConfig = { - DefaultDependencies = "no"; - Before = [ - "sysinit.target" - "systemd-tmpfiles-setup-dev.service" - "systemd-tmpfiles-setup.service" - "systemd-sysctl.service" - ]; - ConditionPathExists = "/dev/shm"; - ConditionPathIsSymbolicLink = "/dev/shm"; - ConditionPathIsMountPoint = "/run/shm"; - }; - serviceConfig = { - Type = "oneshot"; - ExecStart = [ - "${pkgs.coreutils-full}/bin/rm /dev/shm" - "/run/wrappers/bin/mount --bind -o X-mount.mkdir /run/shm /dev/shm" - ]; - }; - wantedBy = [ "sysinit.target" ]; - }; - - - - - }; -} +{ + lib, + inputs, + outputs, + config, + pkgs, + ... +}: +with lib; let + cfg = config.custom.wsl; +in { + options.custom.wsl.enable = mkEnableOption "Enable WSL2 settings"; + + config = mkIf cfg.enable { + # Enable native Docker support + virtualisation.docker.enable = true; + + wsl = { + enable = true; + wslConf.automount.root = "/mnt"; + defaultUser = "sstent"; + startMenuLaunchers = true; + wslConf.interop.appendWindowsPath = false; + #No longer needed in 23.05 + #interop.preserveArgvZero = true; + #docker-native.enable = true; + + nativeSystemd = true; + # Enable integration with Docker Desktop (needs to be installed) + # docker-desktop.enable = true; + }; + + systemd.services.nixs-wsl-systemd-fix = { + description = "Fix the /dev/shm symlink to be a mount"; + unitConfig = { + DefaultDependencies = "no"; + Before = [ + "sysinit.target" + "systemd-tmpfiles-setup-dev.service" + "systemd-tmpfiles-setup.service" + "systemd-sysctl.service" + ]; + ConditionPathExists = "/dev/shm"; + ConditionPathIsSymbolicLink = "/dev/shm"; + ConditionPathIsMountPoint = "/run/shm"; + }; + serviceConfig = { + Type = "oneshot"; + ExecStart = [ + "${pkgs.coreutils-full}/bin/rm /dev/shm" + "/run/wrappers/bin/mount --bind -o X-mount.mkdir /run/shm /dev/shm" + ]; + }; + wantedBy = ["sysinit.target"]; + }; + }; +} diff --git a/nixpkgs.nix b/nixpkgs.nix index 041de40..e4d0588 100644 --- a/nixpkgs.nix +++ b/nixpkgs.nix @@ -1,8 +1,9 @@ # A nixpkgs instance that is grabbed from the pinned nixpkgs commit in the lock file # This is useful to avoid using channels when using legacy nix commands -let lock = (builtins.fromJSON (builtins.readFile ./flake.lock)).nodes.nixpkgs.locked; +let + lock = (builtins.fromJSON (builtins.readFile ./flake.lock)).nodes.nixpkgs.locked; in -import (fetchTarball { - url = "https://github.com/nixos/nixpkgs/archive/${lock.rev}.tar.gz"; - sha256 = lock.narHash; -}) + import (fetchTarball { + url = "https://github.com/nixos/nixpkgs/archive/${lock.rev}.tar.gz"; + sha256 = lock.narHash; + }) diff --git a/overlays/default.nix b/overlays/default.nix index 9a03471..a13ea3c 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -1,8 +1,7 @@ # This file defines overlays -{ inputs, ... }: -{ +{inputs, ...}: { # This one brings our custom packages from the 'pkgs' directory - additions = final: _prev: import ../pkgs { pkgs = final; }; + additions = final: _prev: import ../pkgs {pkgs = final;}; # This one contains whatever you want to overlay # You can change versions, add patches, set compilation flags, anything really. diff --git a/pkgs/default.nix b/pkgs/default.nix index d97e6a2..fd49ac3 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,8 +1,6 @@ # Custom packages, that can be defined similarly to ones from nixpkgs # You can build them using 'nix build .#example' or (legacy) 'nix-build -A example' - -{ pkgs ? (import ../nixpkgs.nix) { } }: { +{pkgs ? (import ../nixpkgs.nix) {}}: { # example = pkgs.callPackage ./example { }; - npiperelay = pkgs.callPackage ./npiperelay { }; - + npiperelay = pkgs.callPackage ./npiperelay {}; } diff --git a/pkgs/npiperelay/default.nix b/pkgs/npiperelay/default.nix index a78933b..53e54ee 100644 --- a/pkgs/npiperelay/default.nix +++ b/pkgs/npiperelay/default.nix @@ -1,11 +1,13 @@ -{ lib, stdenv, fetchurl ,unzip }: - -let +{ + lib, + stdenv, + fetchurl, + unzip, +}: let version = "1.6.3"; srcs = { x86_64-linux = fetchurl { - url = - "https://github.com/jstarks/npiperelay/releases/download/v0.1.0/npiperelay_windows_amd64.zip"; + url = "https://github.com/jstarks/npiperelay/releases/download/v0.1.0/npiperelay_windows_amd64.zip"; sha256 = "sha256-a572H/0XwDUHqaPVTYFdzrPa5mmsZ/w79CJdHnZM5fY="; }; @@ -15,38 +17,36 @@ let # sha256 = "sha256-zuy4e9bzcRqDeXP6mfzZLCDK/3we25LH6xktnO6HXps="; # }; }; +in + stdenv.mkDerivation rec { + pname = "npiperelay"; + inherit version; -in stdenv.mkDerivation rec { - pname = "npiperelay"; - inherit version; + src = srcs.${stdenv.hostPlatform.system}; - src = srcs.${stdenv.hostPlatform.system}; + nativeBuildInputs = [unzip]; - nativeBuildInputs = [ unzip ]; + #buildInputs = [ qtserialport qtwebsockets ]; + unpackPhase = '' + mkdir npiperelay-$version + cd npiperelay-$version + unzip $src + ''; + #unpackPhase = "dpkg-deb -x $src ."; - #buildInputs = [ qtserialport qtwebsockets ]; - unpackPhase = '' - mkdir npiperelay-$version - cd npiperelay-$version - unzip $src - ''; - #unpackPhase = "dpkg-deb -x $src ."; + installPhase = '' + mkdir -p $out/bin + cp npiperelay.exe $out/bin/npiperelay.exe + chmod +x $out/bin/npiperelay.exe + ''; - installPhase = '' - mkdir -p $out/bin - cp npiperelay.exe $out/bin/npiperelay.exe - chmod +x $out/bin/npiperelay.exe - ''; - - meta = with lib; { - description = - "Helper to interface with Windows ssh-agent.exe service from Windows Subsystem for Linux (WSL)"; - # 2019-08-19: The homepage links to old software that doesn't even work -- - # it fails to detect ConBee2. - homepage = - "https://github.com/rupor-github/wsl-ssh-agent"; - license = licenses.free; - platforms = [ "x86_64-linux" ]; - maintainers = with maintainers; [ sstent ]; - }; -} + meta = with lib; { + description = "Helper to interface with Windows ssh-agent.exe service from Windows Subsystem for Linux (WSL)"; + # 2019-08-19: The homepage links to old software that doesn't even work -- + # it fails to detect ConBee2. + homepage = "https://github.com/rupor-github/wsl-ssh-agent"; + license = licenses.free; + platforms = ["x86_64-linux"]; + maintainers = with maintainers; [sstent]; + }; + } diff --git a/shell.nix b/shell.nix index e007e50..710884d 100644 --- a/shell.nix +++ b/shell.nix @@ -1,23 +1,23 @@ -{ pkgs ? import {} }: - -with pkgs; -let nixBin = - writeShellScriptBin "nix" '' - ${nixFlakes}/bin/nix --option experimental-features "nix-command flakes" "$@" - ''; -in mkShell { - buildInputs = [ - nix home-manager git ssh-to-age sops age - ]; - shellHook = '' - export FLAKE="$(pwd)" - export PATH="$FLAKE/bin:${nixBin}/bin:$PATH" +{pkgs ? import {}}: +with pkgs; let + nixBin = writeShellScriptBin "nix" '' + ${nixFlakes}/bin/nix --option experimental-features "nix-command flakes" "$@" ''; -} - - - - +in + mkShell { + buildInputs = [ + nix + home-manager + git + ssh-to-age + sops + age + ]; + shellHook = '' + export FLAKE="$(pwd)" + export PATH="$FLAKE/bin:${nixBin}/bin:$PATH" + ''; + } # { pkgs ? (import ./nixpkgs.nix) { } }: { # default = pkgs.mkShell { # # Enable experimental features without having to specify the argument @@ -25,3 +25,4 @@ in mkShell { # nativeBuildInputs = with pkgs; [ nix home-manager git ssh-to-age sops age ]; # }; # } +