diff --git a/.envrc b/.envrc index 3550a30..0f94eed 100644 --- a/.envrc +++ b/.envrc @@ -1 +1,2 @@ +# shellcheck shell=bash use flake diff --git a/.forgejo/workflows/build-tests.yml b/.forgejo/workflows/build-tests.yml index fedb2a3..da5d39f 100644 --- a/.forgejo/workflows/build-tests.yml +++ b/.forgejo/workflows/build-tests.yml @@ -1,3 +1,4 @@ +--- name: Build tests on: diff --git a/.forgejo/workflows/deploy-docs.yml b/.forgejo/workflows/deploy-docs.yml index 6ac9020..63b0b54 100644 --- a/.forgejo/workflows/deploy-docs.yml +++ b/.forgejo/workflows/deploy-docs.yml @@ -1,3 +1,4 @@ +--- name: Deploy docs on: diff --git a/.forgejo/workflows/flake-check.yml b/.forgejo/workflows/flake-check.yml index 0c8a643..a00f96d 100644 --- a/.forgejo/workflows/flake-check.yml +++ b/.forgejo/workflows/flake-check.yml @@ -1,6 +1,8 @@ +--- name: Flake check -on: [pull_request] +on: + pull_request: jobs: flake-check: @@ -11,5 +13,8 @@ jobs: - name: Checkout repository uses: actions/checkout@v4 + - name: Check formatting + run: nix fmt -- --check + - name: Run flake check - run: nix flake check --impure + run: nix flake check --impure --all-systems diff --git a/apps/create/create.sh b/apps/create/create.sh index 20fb7a8..b99a14e 100644 --- a/apps/create/create.sh +++ b/apps/create/create.sh @@ -11,9 +11,6 @@ HOSTNAME="" # Templates with Home Manager configurations HM_CONFIGS=("hyprland") -# This will get overwritten by the derivation -TEMPLATES_DIR="" - # Print usage information usage() { cat </dev/null | fzf "${fzf_args[@]}") + local selected + selected=$(find "${find_args[@]}" 2>/dev/null | fzf "${fzf_args[@]}") if [[ -n "$selected" ]]; then cd "$selected" || echo "Failed to cd into '$selected'" diff --git a/modules/home/hyprland/applications/bitwarden/default.nix b/modules/home/hyprland/applications/bitwarden/default.nix index bae501f..467ca90 100644 --- a/modules/home/hyprland/applications/bitwarden/default.nix +++ b/modules/home/hyprland/applications/bitwarden/default.nix @@ -16,31 +16,33 @@ in imports = [ ../../../rofi-rbw ]; config = mkIf (cfg.enable && app == "rofi-rbw") { - programs.rbw = { - enable = true; - settings = { - # email = "you@example.tld"; # You have to set this in your config - pinentry = mkDefault pkgs.pinentry-gnome3; - lock_timeout = mkDefault 3600; + programs = { + rbw = { + enable = true; + settings = { + # email = "you@example.tld"; # You have to set this in your config + pinentry = mkDefault pkgs.pinentry-gnome3; + lock_timeout = mkDefault 3600; + }; }; - }; - programs.rofi-rbw = { - enable = true; - package = mkDefault pkgs.rofi-rbw-wayland; - settings = { - selector = mkDefault "bemenu"; - selector-args = mkDefault "-i -l 20"; - action = mkDefault "copy"; - typing-key-delay = mkDefault 0; + rofi-rbw = { + enable = true; + package = mkDefault pkgs.rofi-rbw-wayland; + settings = { + selector = mkDefault "bemenu"; + selector-args = mkDefault "-i -l 20"; + action = mkDefault "copy"; + typing-key-delay = mkDefault 0; + }; }; - }; - programs.librewolf = mkIf config.programs.librewolf.enable { - profiles.default.extensions.packages = - with inputs.nur.legacyPackages."${pkgs.stdenv.hostPlatform.system}".repos.rycee.firefox-addons; [ - bitwarden - ]; + librewolf = mkIf config.programs.librewolf.enable { + profiles.default.extensions.packages = + with inputs.nur.legacyPackages."${pkgs.stdenv.hostPlatform.system}".repos.rycee.firefox-addons; [ + bitwarden + ]; + }; }; }; } diff --git a/modules/home/hyprland/applications/default.nix b/modules/home/hyprland/applications/default.nix index 661d47e..f9f108b 100644 --- a/modules/home/hyprland/applications/default.nix +++ b/modules/home/hyprland/applications/default.nix @@ -22,7 +22,7 @@ let { default = mkOption { type = types.str; - default = default; + inherit default; description = "The default application to use for the ${default}."; }; bind = mkOption { @@ -38,12 +38,8 @@ let }; # generate lists of all binds and window rules and remove empty strings - binds = filter (s: s != "") ( - builtins.concatLists (map (app: app.bind or [ "" ]) (attrValues apps)) - ); - windowrules = filter (s: s != "") ( - builtins.concatLists (map (app: app.windowrule or [ "" ]) (attrValues apps)) - ); + binds = filter (s: s != "") (builtins.concatLists (map (app: app.bind or [ "" ]) (attrValues apps))); + windowrules = filter (s: s != "") (builtins.concatLists (map (app: app.windowrule or [ "" ]) (attrValues apps))); inherit (lib) attrValues diff --git a/modules/home/hyprland/applications/dunst-toggle/dunst-toggle.nix b/modules/home/hyprland/applications/dunst-toggle/dunst-toggle.nix index 248faec..32b413d 100644 --- a/modules/home/hyprland/applications/dunst-toggle/dunst-toggle.nix +++ b/modules/home/hyprland/applications/dunst-toggle/dunst-toggle.nix @@ -5,7 +5,7 @@ let pkill = "${pkgs.procps}/bin/pkill"; signal = "${toString config.programs.waybar.settings.mainBar."custom/notifications".signal}"; in -(pkgs.writeShellScriptBin "dunst-toggle" '' +pkgs.writeShellScriptBin "dunst-toggle" '' ${dunst} set-paused toggle ${pkill} -RTMIN+${signal} waybar -'') +'' diff --git a/modules/home/hyprland/applications/newsboat/default.nix b/modules/home/hyprland/applications/newsboat/default.nix index 0268df6..8f54326 100644 --- a/modules/home/hyprland/applications/newsboat/default.nix +++ b/modules/home/hyprland/applications/newsboat/default.nix @@ -9,7 +9,7 @@ let cfg = config.wayland.windowManager.hyprland; app = cfg.applications.rssreader.default; reloadTime = "${toString config.programs.newsboat.reloadTime}"; - newsboat-reload = (import ./newsboat-reload.nix { inherit config pkgs; }); + newsboat-reload = import ./newsboat-reload.nix { inherit config pkgs; }; inherit (lib) mkIf; in @@ -27,9 +27,11 @@ in timers.newsboat-reload = { Unit.Description = "Reload newsboat every ${reloadTime} minutes"; - Timer.OnBootSec = "10sec"; - Timer.OnUnitActiveSec = "${reloadTime}min"; - Timer.Unit = "newsboat-reload.service"; + Timer = { + OnBootSec = "10sec"; + OnUnitActiveSec = "${reloadTime}min"; + Unit = "newsboat-reload.service"; + }; Install.WantedBy = [ "timers.target" ]; }; diff --git a/modules/home/hyprland/applications/newsboat/newsboat-reload.nix b/modules/home/hyprland/applications/newsboat/newsboat-reload.nix index 76b493d..f2df44c 100644 --- a/modules/home/hyprland/applications/newsboat/newsboat-reload.nix +++ b/modules/home/hyprland/applications/newsboat/newsboat-reload.nix @@ -5,6 +5,6 @@ let notify = "${pkgs.libnotify}/bin/notify-send"; signal = "${toString config.programs.waybar.settings.mainBar."custom/newsboat".signal}"; in -(pkgs.writeShellScriptBin "newsboat-reload" '' +pkgs.writeShellScriptBin "newsboat-reload" '' ${notify} -u low 'Newsboat' 'Reloading RSS feeds...' && ${newsboat} -x reload && ${notify} -u low 'Newsboat' 'RSS feeds reloaded.' && pkill -RTMIN+${signal} waybar -'') +'' diff --git a/modules/home/hyprland/applications/presentation-mode-bemenu/default.nix b/modules/home/hyprland/applications/presentation-mode-bemenu/default.nix index 9ffefdf..58cd527 100644 --- a/modules/home/hyprland/applications/presentation-mode-bemenu/default.nix +++ b/modules/home/hyprland/applications/presentation-mode-bemenu/default.nix @@ -14,9 +14,7 @@ in { config = mkIf (cfg.enable && app == "presentation-mode-bemenu") { home.packages = [ - (pkgs.writeShellScriptBin "presentation-mode-bemenu" ( - builtins.readFile ./presentation-mode-bemenu.sh - )) + (pkgs.writeShellScriptBin "presentation-mode-bemenu" (builtins.readFile ./presentation-mode-bemenu.sh)) ]; }; } diff --git a/modules/home/hyprland/applications/presentation-mode-bemenu/presentation-mode-bemenu.sh b/modules/home/hyprland/applications/presentation-mode-bemenu/presentation-mode-bemenu.sh index 8180c83..9cae5e9 100644 --- a/modules/home/hyprland/applications/presentation-mode-bemenu/presentation-mode-bemenu.sh +++ b/modules/home/hyprland/applications/presentation-mode-bemenu/presentation-mode-bemenu.sh @@ -1,5 +1,6 @@ +#!/usr/bin/env bash # Variables -DISPLAYS=( $(hyprctl monitors | grep -E '^Monitor' | awk '{print $2}') ) +mapfile -t DISPLAYS < <(hyprctl monitors | grep -E '^Monitor' | awk '{print $2}') EXTEND_RIGHT="Extend to right of main" EXTEND_LEFT="Extend to left of main" MIRROR="Mirror main" diff --git a/modules/home/hyprland/applications/screenshot/screenshot.nix b/modules/home/hyprland/applications/screenshot/screenshot.nix index 4288fe2..9a2bdef 100644 --- a/modules/home/hyprland/applications/screenshot/screenshot.nix +++ b/modules/home/hyprland/applications/screenshot/screenshot.nix @@ -5,7 +5,7 @@ let screenshotDir = "${config.xdg.userDirs.pictures}/screenshots"; in -(pkgs.writeShellScriptBin "screenshot" '' +pkgs.writeShellScriptBin "screenshot" '' mkdir -p ${screenshotDir} ${pkgs.hyprshot}/bin/hyprshot --mode $1 --output-folder ${screenshotDir} --filename screenshot_$(date +"%Y-%m-%d_%H-%M-%S").png -'') +'' diff --git a/modules/home/hyprland/binds/default.nix b/modules/home/hyprland/binds/default.nix index 47be7ee..01b7524 100644 --- a/modules/home/hyprland/binds/default.nix +++ b/modules/home/hyprland/binds/default.nix @@ -27,7 +27,7 @@ in wayland.windowManager.hyprland = { settings = { bind = binds; - bindm = (import ./mouse.nix); + bindm = import ./mouse.nix; }; }; }; diff --git a/modules/home/hyprland/cursor.nix b/modules/home/hyprland/cursor.nix index 4a9b55c..4ef77ff 100644 --- a/modules/home/hyprland/cursor.nix +++ b/modules/home/hyprland/cursor.nix @@ -9,17 +9,19 @@ let inherit (lib) mkForce; in { - home.pointerCursor = { - name = mkForce "Bibata-Original-Ice"; - size = mkForce 24; - package = mkForce pkgs.bibata-cursors; - }; + home = { + pointerCursor = { + name = mkForce "Bibata-Original-Ice"; + size = mkForce 24; + package = mkForce pkgs.bibata-cursors; + }; - home.packages = [ pkgs.hyprcursor ]; + packages = [ pkgs.hyprcursor ]; - home.sessionVariables = { - HYPRCURSOR_THEME = config.home.pointerCursor.name; - HYPRCURSOR_SIZE = toString config.home.pointerCursor.size; + sessionVariables = { + HYPRCURSOR_THEME = config.home.pointerCursor.name; + HYPRCURSOR_SIZE = toString config.home.pointerCursor.size; + }; }; # wayland.windowManager.hyprland.cursor.no_hardware_cursors = true; diff --git a/modules/home/hyprland/default.nix b/modules/home/hyprland/default.nix index cc6b91e..45acb15 100644 --- a/modules/home/hyprland/default.nix +++ b/modules/home/hyprland/default.nix @@ -78,12 +78,6 @@ in # auto discover fonts in `home.packages` fonts.fontconfig.enable = true; - # notifications - services.dunst = { - enable = mkDefault true; - waylandDisplay = config.home.sessionVariables.WAYLAND_DISPLAY; - }; - # install some applications home.packages = import ./packages.nix { inherit pkgs; }; # use programs.PACKAGE or services.SERVICE when possible @@ -94,11 +88,19 @@ in fi ''; - services.udiskie = { - enable = mkDefault true; - tray = mkDefault "never"; - }; + # notifications + services = { + dunst = { + enable = mkDefault true; + waylandDisplay = config.home.sessionVariables.WAYLAND_DISPLAY; + }; - services.network-manager-applet.enable = mkDefault true; + udiskie = { + enable = mkDefault true; + tray = mkDefault "never"; + }; + + network-manager-applet.enable = mkDefault true; + }; }; } diff --git a/modules/home/hyprland/xdg/default.nix b/modules/home/hyprland/xdg/default.nix index ce49803..620fd69 100644 --- a/modules/home/hyprland/xdg/default.nix +++ b/modules/home/hyprland/xdg/default.nix @@ -20,8 +20,10 @@ in enable = mkDefault true; createDirectories = mkDefault true; }; - portal.enable = mkDefault true; - portal.extraPortals = [ portal ]; - portal.configPackages = [ portal ]; + portal = { + enable = mkDefault true; + extraPortals = [ portal ]; + configPackages = [ portal ]; + }; }; } diff --git a/modules/home/librewolf/search/default.nix b/modules/home/librewolf/search/default.nix index 74e1d8c..6611a5e 100644 --- a/modules/home/librewolf/search/default.nix +++ b/modules/home/librewolf/search/default.nix @@ -19,13 +19,13 @@ let in { urls = [ { template = engine.url; } ]; - icon = engine.icon; + inherit (engine) icon; updateInterval = if (isUrl engine.icon) then every_day else null; definedAliases = optional (engine ? alias) engine.alias; }; transformedEngines = mapAttrs' (name: engine: { - name = name; + inherit name; value = transformEngine engine; }) engines; @@ -79,7 +79,7 @@ in profiles.default.search.engines = mapAttrs (_: name: transformedEngines.${name}) ( listToAttrs ( map (name: { - name = name; + inherit name; value = name; }) cfg.searchEngines ) diff --git a/modules/home/nixvim/plugins/treesitter.nix b/modules/home/nixvim/plugins/treesitter.nix index 22b7040..d985a8f 100644 --- a/modules/home/nixvim/plugins/treesitter.nix +++ b/modules/home/nixvim/plugins/treesitter.nix @@ -16,17 +16,19 @@ in { config = { programs.nixvim = { - plugins.treesitter = { - enable = mkDefault true; - nixvimInjections = mkDefault true; - settings = { - folding.enable = mkDefault true; - highlight.enable = mkDefault true; - indent.enable = mkDefault true; + plugins = { + treesitter = { + enable = mkDefault true; + nixvimInjections = mkDefault true; + settings = { + folding.enable = mkDefault true; + highlight.enable = mkDefault true; + indent.enable = mkDefault true; + }; }; + treesitter-context = mkIf plugin.enable { enable = mkDefault true; }; + treesitter-textobjects = mkIf plugin.enable { enable = mkDefault true; }; }; - plugins.treesitter-context = mkIf plugin.enable { enable = mkDefault true; }; - plugins.treesitter-textobjects = mkIf plugin.enable { enable = mkDefault true; }; }; # Fix for: ERROR `cc` executable not found. diff --git a/modules/home/password-manager/default.nix b/modules/home/password-manager/default.nix index 4e0e4f9..31ffa64 100644 --- a/modules/home/password-manager/default.nix +++ b/modules/home/password-manager/default.nix @@ -9,7 +9,7 @@ let cfg = config.programs.passwordManager; passmenuScript = pkgs.writeShellScriptBin "passmenu-bemenu" (builtins.readFile ./passmenu); # TODO: override original passmenu script coming from pass itself - passff-host = pkgs.passff-host; + inherit (pkgs) passff-host; inherit (lib) mkDefault diff --git a/modules/home/stylix/default.nix b/modules/home/stylix/default.nix index 04c26a8..5ca1625 100644 --- a/modules/home/stylix/default.nix +++ b/modules/home/stylix/default.nix @@ -29,8 +29,7 @@ let "moonfly" "oxocarbon" ]; - schemeName = - if builtins.elem cfg.scheme needsSuffix then "${cfg.scheme}-${cfg.polarity}" else cfg.scheme; + schemeName = if builtins.elem cfg.scheme needsSuffix then "${cfg.scheme}-${cfg.polarity}" else cfg.scheme; inherit (lib) mkDefault diff --git a/modules/home/stylix/schemes/moonfly.yaml b/modules/home/stylix/schemes/moonfly.yaml index 122f700..0f9fefa 100644 --- a/modules/home/stylix/schemes/moonfly.yaml +++ b/modules/home/stylix/schemes/moonfly.yaml @@ -1,3 +1,4 @@ +--- system: "base16" name: "Moonfly" description: "A dark theme inspired by the Moonfly color scheme." diff --git a/modules/home/stylix/schemes/oxocarbon.yaml b/modules/home/stylix/schemes/oxocarbon.yaml index b278c55..a6ca03e 100644 --- a/modules/home/stylix/schemes/oxocarbon.yaml +++ b/modules/home/stylix/schemes/oxocarbon.yaml @@ -1,3 +1,4 @@ +--- system: "base16" name: "Oxocarbon" description: "A dark theme inspired by the Oxocarbon Dark color scheme." diff --git a/modules/home/waybar/modules/newsboat.nix b/modules/home/waybar/modules/newsboat.nix index e7222bb..0bbac70 100644 --- a/modules/home/waybar/modules/newsboat.nix +++ b/modules/home/waybar/modules/newsboat.nix @@ -10,13 +10,13 @@ let let newsboat = "${pkgs.newsboat}/bin/newsboat"; in - (pkgs.writeShellScriptBin "newsboat-print-unread" '' + pkgs.writeShellScriptBin "newsboat-print-unread" '' UNREAD=$(${newsboat} -x print-unread | awk '{print $1}') if [[ $UNREAD -gt 0 ]]; then printf " %i" "$UNREAD" fi - ''); + ''; inherit (lib) mkDefault; in diff --git a/modules/home/waybar/modules/timer/timer.sh b/modules/home/waybar/modules/timer/timer.sh index 9215aa0..cb104fa 100644 --- a/modules/home/waybar/modules/timer/timer.sh +++ b/modules/home/waybar/modules/timer/timer.sh @@ -1,3 +1,4 @@ +#!/usr/bin/env bash TIMER_FILE="/tmp/timer" # file to store the current time SIGNAL=11 # signal number to send to status bar STATUS_BAR="waybar" # Support for more status bars? @@ -16,7 +17,7 @@ start_timer() { notify-send "Timer Started" "Your countdown timer has been started." trap "exit" INT TERM - trap "rm -f -- '$TIMER_FILE'" EXIT + trap 'rm -f -- "$TIMER_FILE"' EXIT while [ $total_seconds -gt 0 ]; do hours=$(( total_seconds / 3600 )) @@ -62,7 +63,7 @@ if [ "$1" = "start" ]; then MINUTES=${MINUTES:-0} SECONDS=${SECONDS:-0} - start_timer $HOURS $MINUTES $SECONDS + start_timer "$HOURS" "$MINUTES" "$SECONDS" elif [ "$1" = "stop" ]; then notify-send "Timer Stopped" "Your countdown timer has been stopped." diff --git a/modules/nixos/bluetooth/default.nix b/modules/nixos/bluetooth/default.nix index cff6e80..fc0a419 100644 --- a/modules/nixos/bluetooth/default.nix +++ b/modules/nixos/bluetooth/default.nix @@ -4,10 +4,16 @@ let inherit (lib) mkDefault; in { - hardware.bluetooth.enable = mkDefault true; - hardware.bluetooth.powerOnBoot = mkDefault false; - hardware.bluetooth.settings.General.Enable = mkDefault "Source,Sink,Media,Socket"; - hardware.bluetooth.settings.General.Experimental = mkDefault true; + hardware = { + bluetooth = { + enable = mkDefault true; + powerOnBoot = mkDefault false; + settings.General = { + Enable = mkDefault "Source,Sink,Media,Socket"; + Experimental = mkDefault true; + }; + }; + }; environment.systemPackages = with pkgs; [ blueman diff --git a/modules/nixos/cifsMount/default.nix b/modules/nixos/cifsMount/default.nix index dc6541f..6776971 100644 --- a/modules/nixos/cifsMount/default.nix +++ b/modules/nixos/cifsMount/default.nix @@ -84,8 +84,6 @@ in ) { } cfg.remotes; # Ensure that all cifs-mount services are started with the graphical session - systemd.user.targets.graphical-session.wants = map ( - remote: "cifs-mount-${remote.shareName}.service" - ) cfg.remotes; + systemd.user.targets.graphical-session.wants = map (remote: "cifs-mount-${remote.shareName}.service") cfg.remotes; }; } diff --git a/modules/nixos/common/boot.nix b/modules/nixos/common/boot.nix index 2eaf9cf..03636b4 100644 --- a/modules/nixos/common/boot.nix +++ b/modules/nixos/common/boot.nix @@ -1,20 +1,20 @@ { lib, pkgs, ... }: { - # fix CVE-2026-31431 - boot.kernelPackages = lib.mkIf (lib.versionOlder pkgs.linux.version "6.18.22") ( - lib.mkDefault pkgs.linuxPackages_6_18 - ); + boot = { + # fix CVE-2026-31431 + kernelPackages = lib.mkIf (lib.versionOlder pkgs.linux.version "6.18.22") (lib.mkDefault pkgs.linuxPackages_6_18); - # fix CVE-2026-43500 - boot.extraModprobeConfig = '' - install esp4 ${pkgs.coreutils}/bin/false - install esp6 ${pkgs.coreutils}/bin/false - install rxrpc ${pkgs.coreutils}/bin/false - ''; - boot.blacklistedKernelModules = [ - "esp4" - "esp6" - "rxrpc" - ]; + # fix CVE-2026-43500 + extraModprobeConfig = '' + install esp4 ${pkgs.coreutils}/bin/false + install esp6 ${pkgs.coreutils}/bin/false + install rxrpc ${pkgs.coreutils}/bin/false + ''; + blacklistedKernelModules = [ + "esp4" + "esp6" + "rxrpc" + ]; + }; } diff --git a/modules/nixos/common/environment.nix b/modules/nixos/common/environment.nix index 6921f2c..5922acc 100644 --- a/modules/nixos/common/environment.nix +++ b/modules/nixos/common/environment.nix @@ -9,55 +9,59 @@ let inherit (lib) mkDefault optionals; in { - environment.systemPackages = - with pkgs; - [ - cryptsetup - curl - dig - dnsutils - fzf - gptfdisk - iproute2 - jq - lm_sensors - lsof - netcat-openbsd - nettools - nixos-container - nmap - nurl - p7zip - pciutils - psmisc - rclone - rsync - tcpdump - tmux - tree - unzip - usbutils - wget - xxd - zip + environment = { + systemPackages = + with pkgs; + [ + cryptsetup + curl + dig + dnsutils + fzf + gptfdisk + iproute2 + jq + lm_sensors + lsof + netcat-openbsd + nettools + nixos-container + nmap + nurl + p7zip + pciutils + psmisc + rclone + rsync + tcpdump + tmux + tree + unzip + usbutils + wget + xxd + zip - (callPackage ../../../apps/rebuild { }) - ] - ++ optionals (pkgs.stdenv.hostPlatform == pkgs.stdenv.buildPlatform) [ - pkgs.kitty.terminfo - ]; + (callPackage ../../../apps/rebuild { }) + ] + ++ optionals (pkgs.stdenv.hostPlatform == pkgs.stdenv.buildPlatform) [ + pkgs.kitty.terminfo + ]; - environment.shellAliases = { - l = "ls -lh"; - ll = "ls -lAh"; - ports = "ss -tulpn"; - publicip = "curl ifconfig.me/all"; - sudo = "sudo "; # make aliases work with `sudo` + shellAliases = { + l = "ls -lh"; + ll = "ls -lAh"; + ports = "ss -tulpn"; + publicip = "curl ifconfig.me/all"; + sudo = "sudo "; # make aliases work with `sudo` + }; + + # saves one instance of nixpkgs. + ldso32 = null; }; - # saves one instance of nixpkgs. - environment.ldso32 = null; - - boot.tmp.cleanOnBoot = mkDefault true; - boot.initrd.systemd.enable = mkDefault (!config.boot.swraid.enable && !config.boot.isContainer); + boot = { + tmp.cleanOnBoot = mkDefault true; + initrd.systemd.enable = mkDefault (!config.boot.swraid.enable && !config.boot.isContainer); + }; } diff --git a/modules/nixos/common/well-known.nix b/modules/nixos/common/well-known.nix index 07a938c..193588e 100644 --- a/modules/nixos/common/well-known.nix +++ b/modules/nixos/common/well-known.nix @@ -2,16 +2,13 @@ # avoid TOFU MITM programs.ssh.knownHosts = { "github.com".hostNames = [ "github.com" ]; - "github.com".publicKey = - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl"; + "github.com".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl"; "gitlab.com".hostNames = [ "gitlab.com" ]; - "gitlab.com".publicKey = - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf"; + "gitlab.com".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf"; "git.sr.ht".hostNames = [ "git.sr.ht" ]; - "git.sr.ht".publicKey = - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZvRd4EtM7R+IHVMWmDkVU3VLQTSwQDSAvW0t2Tkj60"; + "git.sr.ht".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZvRd4EtM7R+IHVMWmDkVU3VLQTSwQDSAvW0t2Tkj60"; }; # TODO: add synix } diff --git a/modules/nixos/coturn/default.nix b/modules/nixos/coturn/default.nix index 0ed379b..479762c 100644 --- a/modules/nixos/coturn/default.nix +++ b/modules/nixos/coturn/default.nix @@ -42,12 +42,8 @@ in static-auth-secret-file = mkIf cfg.sops config.sops.secrets."coturn/static-auth-secret".path; realm = mkDefault "turn.${config.networking.domain}"; - cert = - mkIf (!cfg.no-tls && cfg.sops) - "${config.security.acme.certs.${cfg.realm}.directory}/full.pem"; - pkey = - mkIf (!cfg.no-tls && cfg.sops) - "${config.security.acme.certs.${cfg.realm}.directory}/key.pem"; + cert = mkIf (!cfg.no-tls && cfg.sops) "${config.security.acme.certs.${cfg.realm}.directory}/full.pem"; + pkey = mkIf (!cfg.no-tls && cfg.sops) "${config.security.acme.certs.${cfg.realm}.directory}/key.pem"; extraConfig = '' # ban private IP ranges diff --git a/modules/nixos/device/server.nix b/modules/nixos/device/server.nix index d8d1b7d..9f363c8 100644 --- a/modules/nixos/device/server.nix +++ b/modules/nixos/device/server.nix @@ -33,11 +33,13 @@ in fonts.fontconfig.enable = mkDefault false; - xdg.autostart.enable = mkDefault false; - xdg.icons.enable = mkDefault false; - xdg.menus.enable = mkDefault false; - xdg.mime.enable = mkDefault false; - xdg.sounds.enable = mkDefault false; + xdg = { + autostart.enable = mkDefault false; + icons.enable = mkDefault false; + menus.enable = mkDefault false; + mime.enable = mkDefault false; + sounds.enable = mkDefault false; + }; programs.git.package = mkDefault pkgs.gitMinimal; @@ -48,22 +50,25 @@ in viAlias = mkDefault true; }; - # emergency mode is useless on headless machines - systemd.enableEmergencyMode = false; + systemd = { + # emergency mode is useless on headless machines + enableEmergencyMode = false; + + sleep.extraConfig = '' + AllowSuspend=no + AllowHibernation=no + ''; + + # force reboots + settings.Manager = { + RuntimeWatchdogSec = mkDefault "15s"; + RebootWatchdogSec = mkDefault "30s"; + KExecWatchdogSec = mkDefault "1m"; + }; + }; + boot.initrd.systemd.suppressedUnits = mkIf config.systemd.enableEmergencyMode [ "emergency.service" "emergency.target" ]; - - systemd.sleep.extraConfig = '' - AllowSuspend=no - AllowHibernation=no - ''; - - # force reboots - systemd.settings.Manager = { - RuntimeWatchdogSec = mkDefault "15s"; - RebootWatchdogSec = mkDefault "30s"; - KExecWatchdogSec = mkDefault "1m"; - }; } diff --git a/modules/nixos/device/vm.nix b/modules/nixos/device/vm.nix index c76b5a3..7171145 100644 --- a/modules/nixos/device/vm.nix +++ b/modules/nixos/device/vm.nix @@ -4,7 +4,9 @@ let inherit (lib) mkDefault; in { - services.qemuGuest.enable = mkDefault true; - services.spice-vdagentd.enable = mkDefault true; - services.spice-webdavd.enable = mkDefault true; + services = { + qemuGuest.enable = mkDefault true; + spice-vdagentd.enable = mkDefault true; + spice-webdavd.enable = mkDefault true; + }; } diff --git a/modules/nixos/ftp-webserver/default.nix b/modules/nixos/ftp-webserver/default.nix index 8a7753c..9cd1999 100644 --- a/modules/nixos/ftp-webserver/default.nix +++ b/modules/nixos/ftp-webserver/default.nix @@ -2,9 +2,9 @@ let cfg = config.services.ftp-webserver; - domain = config.networking.domain; + inherit (config.networking) domain; fqdn = if (cfg.subdomain != "") then "${cfg.subdomain}.${domain}" else domain; - nginx = config.services.nginx; + inherit (config.services) nginx; inherit (lib) mkEnableOption @@ -35,7 +35,7 @@ in config = mkIf cfg.enable { services.nginx.virtualHosts."${fqdn}" = { - root = cfg.root; + inherit (cfg) root; locations."/" = { extraConfig = '' autoindex on; @@ -43,7 +43,7 @@ in autoindex_localtime on; ''; }; - forceSSL = cfg.forceSSL; + inherit (cfg) forceSSL; enableACME = cfg.forceSSL; sslCertificate = mkIf cfg.forceSSL "${config.security.acme.certs."${fqdn}".directory}/cert.pem"; sslCertificateKey = mkIf cfg.forceSSL "${config.security.acme.certs."${fqdn}".directory}/key.pem"; diff --git a/modules/nixos/headplane/default.nix b/modules/nixos/headplane/default.nix index 7cf64e5..d213a93 100644 --- a/modules/nixos/headplane/default.nix +++ b/modules/nixos/headplane/default.nix @@ -7,10 +7,10 @@ let cfg = config.services.headplane; - domain = config.networking.domain; - subdomain = cfg.reverseProxy.subdomain; + inherit (config.networking) domain; + inherit (cfg.reverseProxy) subdomain; fqdn = if (cfg.reverseProxy.enable && subdomain != "") then "${subdomain}.${domain}" else domain; - headscale = config.services.headscale; + inherit (config.services) headscale; inherit (lib) mkDefault @@ -55,7 +55,7 @@ in services.nginx.virtualHosts = mkIf cfg.reverseProxy.enable { "${fqdn}" = mkVirtualHost { - port = cfg.settings.server.port; + inherit (cfg.settings.server) port; ssl = cfg.reverseProxy.forceSSL; }; }; @@ -63,7 +63,7 @@ in sops.secrets = let owner = headscale.user; - group = headscale.group; + inherit (headscale) group; mode = "0400"; in { diff --git a/modules/nixos/headscale/default.nix b/modules/nixos/headscale/default.nix index d1591e9..967a936 100644 --- a/modules/nixos/headscale/default.nix +++ b/modules/nixos/headscale/default.nix @@ -6,8 +6,8 @@ let cfg = config.services.headscale; - domain = config.networking.domain; - subdomain = cfg.reverseProxy.subdomain; + inherit (config.networking) domain; + inherit (cfg.reverseProxy) subdomain; fqdn = if (cfg.reverseProxy.enable && subdomain != "") then "${subdomain}.${domain}" else domain; acl = "headscale/acl.hujson"; diff --git a/modules/nixos/hyprland/default.nix b/modules/nixos/hyprland/default.nix index 68e6b9c..069ff91 100644 --- a/modules/nixos/hyprland/default.nix +++ b/modules/nixos/hyprland/default.nix @@ -8,23 +8,9 @@ in programs.dconf.enable = true; # fixes nixvim hm module - services.flatpak.enable = true; - - xdg.portal = { - enable = true; - extraPortals = with pkgs; [ - xdg-desktop-portal-gtk - ]; - config.common.default = "gtk"; + services = { + flatpak.enable = true; + gnome.gnome-keyring.enable = true; + udisks2.enable = mkDefault true; }; - - services.gnome.gnome-keyring.enable = true; - security.pam.services = { - login = { - enableGnomeKeyring = true; - }; - hyprlock = { }; - }; - - services.udisks2.enable = mkDefault true; } diff --git a/modules/nixos/jellyfin/default.nix b/modules/nixos/jellyfin/default.nix index afe0d1b..3d96680 100644 --- a/modules/nixos/jellyfin/default.nix +++ b/modules/nixos/jellyfin/default.nix @@ -7,8 +7,8 @@ let cfg = config.services.jellyfin; - domain = config.networking.domain; - subdomain = cfg.reverseProxy.subdomain; + inherit (config.networking) domain; + inherit (cfg.reverseProxy) subdomain; fqdn = if (cfg.reverseProxy.enable && subdomain != "") then "${subdomain}.${domain}" else domain; inherit (lib) @@ -48,9 +48,7 @@ in ]; systemd.tmpfiles.rules = - (map ( - library: "d ${cfg.dataDir}/libraries/${library} 0770 ${cfg.user} ${cfg.group} -" - ) cfg.libraries) + (map (library: "d ${cfg.dataDir}/libraries/${library} 0770 ${cfg.user} ${cfg.group} -") cfg.libraries) ++ [ "z ${cfg.dataDir} 0770 ${cfg.user} ${cfg.group} -" "Z ${cfg.dataDir}/libraries 0770 ${cfg.user} ${cfg.group} -" diff --git a/modules/nixos/jirafeau/default.nix b/modules/nixos/jirafeau/default.nix index 498c9a3..818249f 100644 --- a/modules/nixos/jirafeau/default.nix +++ b/modules/nixos/jirafeau/default.nix @@ -2,8 +2,8 @@ let cfg = config.services.jirafeau; - domain = config.networking.domain; - subdomain = cfg.reverseProxy.subdomain; + inherit (config.networking) domain; + inherit (cfg.reverseProxy) subdomain; fqdn = if (cfg.reverseProxy.enable && subdomain != "") then "${subdomain}.${domain}" else domain; inherit (lib) diff --git a/modules/nixos/librechat-oci/default.nix b/modules/nixos/librechat-oci/default.nix index d35b0ca..d1254c5 100644 --- a/modules/nixos/librechat-oci/default.nix +++ b/modules/nixos/librechat-oci/default.nix @@ -155,7 +155,7 @@ let mkOption { type = types.package; default = defaultImages.${name}; - description = description; + inherit description; }; inherit (lib) @@ -236,10 +236,123 @@ in }; config = mkIf cfg.enable { - virtualisation.podman = { - enable = true; - autoPrune.enable = true; - dockerCompat = true; + virtualisation = { + podman = { + enable = true; + autoPrune.enable = true; + dockerCompat = true; + }; + + oci-containers = { + backend = "podman"; + + containers = { + librechat-mongodb = { + image = with cfg.images.mongodb; "${imageName}:${imageTag}"; + imageFile = cfg.images.mongodb; + cmd = [ + "mongod" + "--noauth" + ]; + volumes = [ + "librechat_mongodb_data:/data/db:rw" + ]; + log-driver = "journald"; + extraOptions = [ + "--network-alias=mongodb" + "--network=librechat_default" + ]; + }; + + librechat-meilisearch = { + image = with cfg.images.meilisearch; "${imageName}:${imageTag}"; + imageFile = cfg.images.meilisearch; + environment = { + MEILI_NO_ANALYTICS = "true"; + MEILI_HOST = "http://meilisearch:${toString cfg.meiliPort}"; + }; + environmentFiles = optional (cfg.environmentFile != null) cfg.environmentFile; + volumes = [ + "librechat_meili_data:/meili_data:rw" + ]; + log-driver = "journald"; + extraOptions = [ + "--network-alias=meilisearch" + "--network=librechat_default" + ]; + }; + + librechat-vectordb = { + image = with cfg.images.vectordb; "${imageName}:${imageTag}"; + imageFile = cfg.images.vectordb; + environment = { + POSTGRES_DB = "mydatabase"; + POSTGRES_USER = "myuser"; + POSTGRES_PASSWORD = "mypassword"; + }; + volumes = [ + "librechat_pgdata:/var/lib/postgresql/data:rw" + ]; + log-driver = "journald"; + extraOptions = [ + "--network-alias=vectordb" + "--network=librechat_default" + ]; + }; + + librechat-rag-api = { + image = with cfg.images.ragApi; "${imageName}:${imageTag}"; + imageFile = cfg.images.ragApi; + environment = { + DB_HOST = "vectordb"; + RAG_PORT = toString cfg.ragPort; + }; + environmentFiles = optional (cfg.environmentFile != null) cfg.environmentFile; + dependsOn = [ "librechat-vectordb" ]; + log-driver = "journald"; + extraOptions = [ + "--network-alias=rag_api" + "--network=librechat_default" + ]; + }; + + librechat = { + image = with cfg.images.librechat; "${imageName}:${imageTag}"; + imageFile = cfg.images.librechat; + environment = + defaultEnv + // { + MONGO_URI = "mongodb://mongodb:27017/LibreChat"; + MEILI_HOST = "http://meilisearch:${toString cfg.meiliPort}"; + RAG_PORT = toString cfg.ragPort; + RAG_API_URL = "http://rag_api:${toString cfg.ragPort}"; + DOMAIN_CLIENT = if cfg.externalUrl != null then cfg.externalUrl else "http://localhost:${toString cfg.port}"; + DOMAIN_SERVER = if cfg.externalUrl != null then cfg.externalUrl else "http://localhost:${toString cfg.port}"; + } + // cfg.environment; + environmentFiles = optional (cfg.environmentFile != null) cfg.environmentFile; + volumes = [ + "librechat_images:/app/client/public/images:rw" + "librechat_uploads:/app/uploads:rw" + "librechat_logs:/app/logs:rw" + ] + ++ optional (cfg.configFile != null) "${cfg.configFile}:/app/librechat.yaml:ro"; + + ports = [ + "0.0.0.0:${toString cfg.port}:${toString cfg.port}/tcp" + ]; + dependsOn = [ + "librechat-mongodb" + "librechat-rag-api" + ]; + log-driver = "journald"; + extraOptions = [ + "--network-alias=api" + "--network=librechat_default" + ]; + }; + }; + }; }; networking.firewall.interfaces = @@ -250,278 +363,173 @@ in "${matchAll}".allowedUDPPorts = [ 53 ]; }; - virtualisation.oci-containers.backend = "podman"; + systemd = { + services = { + podman-librechat-mongodb = { + serviceConfig.Restart = mkOverride 90 "always"; + after = [ + "podman-network-librechat_default.service" + "podman-volume-librechat_mongodb_data.service" + ]; + requires = [ + "podman-network-librechat_default.service" + "podman-volume-librechat_mongodb_data.service" + ]; + partOf = [ "podman-compose-librechat-root.target" ]; + wantedBy = [ "podman-compose-librechat-root.target" ]; + }; - virtualisation.oci-containers.containers.librechat-mongodb = { - image = with cfg.images.mongodb; "${imageName}:${imageTag}"; - imageFile = cfg.images.mongodb; - cmd = [ - "mongod" - "--noauth" - ]; - volumes = [ - "librechat_mongodb_data:/data/db:rw" - ]; - log-driver = "journald"; - extraOptions = [ - "--network-alias=mongodb" - "--network=librechat_default" - ]; - }; + podman-librechat-meilisearch = { + serviceConfig.Restart = mkOverride 90 "always"; + after = [ + "podman-network-librechat_default.service" + "podman-volume-librechat_meili_data.service" + ]; + requires = [ + "podman-network-librechat_default.service" + "podman-volume-librechat_meili_data.service" + ]; + partOf = [ "podman-compose-librechat-root.target" ]; + wantedBy = [ "podman-compose-librechat-root.target" ]; + }; - virtualisation.oci-containers.containers.librechat-meilisearch = { - image = with cfg.images.meilisearch; "${imageName}:${imageTag}"; - imageFile = cfg.images.meilisearch; - environment = { - MEILI_NO_ANALYTICS = "true"; - MEILI_HOST = "http://meilisearch:${toString cfg.meiliPort}"; + podman-librechat-vectordb = { + serviceConfig.Restart = mkOverride 90 "always"; + after = [ + "podman-network-librechat_default.service" + "podman-volume-librechat_pgdata.service" + ]; + requires = [ + "podman-network-librechat_default.service" + "podman-volume-librechat_pgdata.service" + ]; + partOf = [ "podman-compose-librechat-root.target" ]; + wantedBy = [ "podman-compose-librechat-root.target" ]; + }; + + podman-librechat-rag-api = { + serviceConfig.Restart = mkOverride 90 "always"; + after = [ + "podman-network-librechat_default.service" + "podman-librechat-vectordb.service" + ]; + requires = [ + "podman-network-librechat_default.service" + "podman-librechat-vectordb.service" + ]; + partOf = [ "podman-compose-librechat-root.target" ]; + wantedBy = [ "podman-compose-librechat-root.target" ]; + }; + + podman-librechat = { + serviceConfig.Restart = mkOverride 90 "always"; + after = [ + "podman-network-librechat_default.service" + "podman-volume-librechat_images.service" + "podman-volume-librechat_uploads.service" + "podman-volume-librechat_logs.service" + "podman-librechat-mongodb.service" + "podman-librechat-meilisearch.service" + "podman-librechat-rag-api.service" + ]; + requires = [ + "podman-network-librechat_default.service" + "podman-volume-librechat_images.service" + "podman-volume-librechat_uploads.service" + "podman-volume-librechat_logs.service" + "podman-librechat-mongodb.service" + "podman-librechat-meilisearch.service" + "podman-librechat-rag-api.service" + ]; + partOf = [ "podman-compose-librechat-root.target" ]; + wantedBy = [ "podman-compose-librechat-root.target" ]; + }; + + podman-network-librechat_default = { + path = [ pkgs.podman ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + ExecStop = "podman network rm -f librechat_default"; + }; + script = '' + podman network inspect librechat_default || podman network create librechat_default + ''; + partOf = [ "podman-compose-librechat-root.target" ]; + wantedBy = [ "podman-compose-librechat-root.target" ]; + }; + + podman-volume-librechat_mongodb_data = { + path = [ pkgs.podman ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = "podman volume inspect librechat_mongodb_data || podman volume create librechat_mongodb_data"; + partOf = [ "podman-compose-librechat-root.target" ]; + wantedBy = [ "podman-compose-librechat-root.target" ]; + }; + + podman-volume-librechat_meili_data = { + path = [ pkgs.podman ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = "podman volume inspect librechat_meili_data || podman volume create librechat_meili_data"; + partOf = [ "podman-compose-librechat-root.target" ]; + wantedBy = [ "podman-compose-librechat-root.target" ]; + }; + + podman-volume-librechat_pgdata = { + path = [ pkgs.podman ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = "podman volume inspect librechat_pgdata || podman volume create librechat_pgdata"; + partOf = [ "podman-compose-librechat-root.target" ]; + wantedBy = [ "podman-compose-librechat-root.target" ]; + }; + + podman-volume-librechat_images = { + path = [ pkgs.podman ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = "podman volume inspect librechat_images || podman volume create librechat_images"; + partOf = [ "podman-compose-librechat-root.target" ]; + wantedBy = [ "podman-compose-librechat-root.target" ]; + }; + + podman-volume-librechat_uploads = { + path = [ pkgs.podman ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = "podman volume inspect librechat_uploads || podman volume create librechat_uploads"; + partOf = [ "podman-compose-librechat-root.target" ]; + wantedBy = [ "podman-compose-librechat-root.target" ]; + }; + + podman-volume-librechat_logs = { + path = [ pkgs.podman ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = "podman volume inspect librechat_logs || podman volume create librechat_logs"; + partOf = [ "podman-compose-librechat-root.target" ]; + wantedBy = [ "podman-compose-librechat-root.target" ]; + }; }; - environmentFiles = optional (cfg.environmentFile != null) cfg.environmentFile; - volumes = [ - "librechat_meili_data:/meili_data:rw" - ]; - log-driver = "journald"; - extraOptions = [ - "--network-alias=meilisearch" - "--network=librechat_default" - ]; - }; - virtualisation.oci-containers.containers.librechat-vectordb = { - image = with cfg.images.vectordb; "${imageName}:${imageTag}"; - imageFile = cfg.images.vectordb; - environment = { - POSTGRES_DB = "mydatabase"; - POSTGRES_USER = "myuser"; - POSTGRES_PASSWORD = "mypassword"; + targets.podman-compose-librechat-root = { + unitConfig.Description = "Root target generated by compose2nix."; + wantedBy = [ "multi-user.target" ]; }; - volumes = [ - "librechat_pgdata:/var/lib/postgresql/data:rw" - ]; - log-driver = "journald"; - extraOptions = [ - "--network-alias=vectordb" - "--network=librechat_default" - ]; - }; - - virtualisation.oci-containers.containers.librechat-rag-api = { - image = with cfg.images.ragApi; "${imageName}:${imageTag}"; - imageFile = cfg.images.ragApi; - environment = { - DB_HOST = "vectordb"; - RAG_PORT = toString cfg.ragPort; - }; - environmentFiles = optional (cfg.environmentFile != null) cfg.environmentFile; - dependsOn = [ "librechat-vectordb" ]; - log-driver = "journald"; - extraOptions = [ - "--network-alias=rag_api" - "--network=librechat_default" - ]; - }; - - virtualisation.oci-containers.containers.librechat = { - image = with cfg.images.librechat; "${imageName}:${imageTag}"; - imageFile = cfg.images.librechat; - environment = - defaultEnv - // { - MONGO_URI = "mongodb://mongodb:27017/LibreChat"; - MEILI_HOST = "http://meilisearch:${toString cfg.meiliPort}"; - RAG_PORT = toString cfg.ragPort; - RAG_API_URL = "http://rag_api:${toString cfg.ragPort}"; - DOMAIN_CLIENT = - if cfg.externalUrl != null then cfg.externalUrl else "http://localhost:${toString cfg.port}"; - DOMAIN_SERVER = - if cfg.externalUrl != null then cfg.externalUrl else "http://localhost:${toString cfg.port}"; - } - // cfg.environment; - environmentFiles = optional (cfg.environmentFile != null) cfg.environmentFile; - volumes = [ - "librechat_images:/app/client/public/images:rw" - "librechat_uploads:/app/uploads:rw" - "librechat_logs:/app/logs:rw" - ] - ++ optional (cfg.configFile != null) "${cfg.configFile}:/app/librechat.yaml:ro"; - - ports = [ - "0.0.0.0:${toString cfg.port}:${toString cfg.port}/tcp" - ]; - dependsOn = [ - "librechat-mongodb" - "librechat-rag-api" - ]; - log-driver = "journald"; - extraOptions = [ - "--network-alias=api" - "--network=librechat_default" - ]; - }; - - systemd.services.podman-librechat-mongodb = { - serviceConfig.Restart = mkOverride 90 "always"; - after = [ - "podman-network-librechat_default.service" - "podman-volume-librechat_mongodb_data.service" - ]; - requires = [ - "podman-network-librechat_default.service" - "podman-volume-librechat_mongodb_data.service" - ]; - partOf = [ "podman-compose-librechat-root.target" ]; - wantedBy = [ "podman-compose-librechat-root.target" ]; - }; - - systemd.services.podman-librechat-meilisearch = { - serviceConfig.Restart = mkOverride 90 "always"; - after = [ - "podman-network-librechat_default.service" - "podman-volume-librechat_meili_data.service" - ]; - requires = [ - "podman-network-librechat_default.service" - "podman-volume-librechat_meili_data.service" - ]; - partOf = [ "podman-compose-librechat-root.target" ]; - wantedBy = [ "podman-compose-librechat-root.target" ]; - }; - - systemd.services.podman-librechat-vectordb = { - serviceConfig.Restart = mkOverride 90 "always"; - after = [ - "podman-network-librechat_default.service" - "podman-volume-librechat_pgdata.service" - ]; - requires = [ - "podman-network-librechat_default.service" - "podman-volume-librechat_pgdata.service" - ]; - partOf = [ "podman-compose-librechat-root.target" ]; - wantedBy = [ "podman-compose-librechat-root.target" ]; - }; - - systemd.services.podman-librechat-rag-api = { - serviceConfig.Restart = mkOverride 90 "always"; - after = [ - "podman-network-librechat_default.service" - "podman-librechat-vectordb.service" - ]; - requires = [ - "podman-network-librechat_default.service" - "podman-librechat-vectordb.service" - ]; - partOf = [ "podman-compose-librechat-root.target" ]; - wantedBy = [ "podman-compose-librechat-root.target" ]; - }; - - systemd.services.podman-librechat = { - serviceConfig.Restart = mkOverride 90 "always"; - after = [ - "podman-network-librechat_default.service" - "podman-volume-librechat_images.service" - "podman-volume-librechat_uploads.service" - "podman-volume-librechat_logs.service" - "podman-librechat-mongodb.service" - "podman-librechat-meilisearch.service" - "podman-librechat-rag-api.service" - ]; - requires = [ - "podman-network-librechat_default.service" - "podman-volume-librechat_images.service" - "podman-volume-librechat_uploads.service" - "podman-volume-librechat_logs.service" - "podman-librechat-mongodb.service" - "podman-librechat-meilisearch.service" - "podman-librechat-rag-api.service" - ]; - partOf = [ "podman-compose-librechat-root.target" ]; - wantedBy = [ "podman-compose-librechat-root.target" ]; - }; - - systemd.services.podman-network-librechat_default = { - path = [ pkgs.podman ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - ExecStop = "podman network rm -f librechat_default"; - }; - script = '' - podman network inspect librechat_default || podman network create librechat_default - ''; - partOf = [ "podman-compose-librechat-root.target" ]; - wantedBy = [ "podman-compose-librechat-root.target" ]; - }; - - systemd.services.podman-volume-librechat_mongodb_data = { - path = [ pkgs.podman ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - }; - script = "podman volume inspect librechat_mongodb_data || podman volume create librechat_mongodb_data"; - partOf = [ "podman-compose-librechat-root.target" ]; - wantedBy = [ "podman-compose-librechat-root.target" ]; - }; - - systemd.services.podman-volume-librechat_meili_data = { - path = [ pkgs.podman ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - }; - script = "podman volume inspect librechat_meili_data || podman volume create librechat_meili_data"; - partOf = [ "podman-compose-librechat-root.target" ]; - wantedBy = [ "podman-compose-librechat-root.target" ]; - }; - - systemd.services.podman-volume-librechat_pgdata = { - path = [ pkgs.podman ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - }; - script = "podman volume inspect librechat_pgdata || podman volume create librechat_pgdata"; - partOf = [ "podman-compose-librechat-root.target" ]; - wantedBy = [ "podman-compose-librechat-root.target" ]; - }; - - systemd.services.podman-volume-librechat_images = { - path = [ pkgs.podman ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - }; - script = "podman volume inspect librechat_images || podman volume create librechat_images"; - partOf = [ "podman-compose-librechat-root.target" ]; - wantedBy = [ "podman-compose-librechat-root.target" ]; - }; - - systemd.services.podman-volume-librechat_uploads = { - path = [ pkgs.podman ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - }; - script = "podman volume inspect librechat_uploads || podman volume create librechat_uploads"; - partOf = [ "podman-compose-librechat-root.target" ]; - wantedBy = [ "podman-compose-librechat-root.target" ]; - }; - - systemd.services.podman-volume-librechat_logs = { - path = [ pkgs.podman ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - }; - script = "podman volume inspect librechat_logs || podman volume create librechat_logs"; - partOf = [ "podman-compose-librechat-root.target" ]; - wantedBy = [ "podman-compose-librechat-root.target" ]; - }; - - systemd.targets.podman-compose-librechat-root = { - unitConfig.Description = "Root target generated by compose2nix."; - wantedBy = [ "multi-user.target" ]; }; }; } diff --git a/modules/nixos/mailserver/default.nix b/modules/nixos/mailserver/default.nix index 0ad65bd..7153fab 100644 --- a/modules/nixos/mailserver/default.nix +++ b/modules/nixos/mailserver/default.nix @@ -8,7 +8,7 @@ let cfg = config.mailserver; - domain = config.networking.domain; + inherit (config.networking) domain; fqdn = "${cfg.subdomain}.${domain}"; inherit (lib) @@ -74,7 +74,7 @@ in nameValuePair "${user}@${domain}" { name = "${user}@${domain}"; aliases = map (alias: "${alias}@${domain}") (accConf.aliases or [ ]); - sendOnly = accConf.sendOnly; + inherit (accConf) sendOnly; quota = mkDefault "5G"; hashedPasswordFile = config.sops.secrets."mailserver/accounts/${user}".path; } diff --git a/modules/nixos/matrix-synapse/bridges.nix b/modules/nixos/matrix-synapse/bridges.nix index b2d48db..6eee570 100644 --- a/modules/nixos/matrix-synapse/bridges.nix +++ b/modules/nixos/matrix-synapse/bridges.nix @@ -23,7 +23,7 @@ let services."mautrix-${name}" = { enable = true; - package = cfg.bridges.${name}.package; + inherit (cfg.bridges.${name}) package; environmentFile = mkIf cfg.sops config.sops.templates."mautrix-${name}/env-file".path; settings = { bridge = { @@ -71,33 +71,29 @@ let mode = "0400"; in { - secrets."mautrix-${name}/encryption-pickle-key" = { - inherit owner group mode; - }; - secrets."mautrix-${name}/provisioning-shared-secret" = { - inherit owner group mode; - }; - secrets."mautrix-${name}/public-media-signing-key" = { - inherit owner group mode; - }; - secrets."mautrix-${name}/direct-media-server-key" = { - inherit owner group mode; + secrets = { + "mautrix-${name}/encryption-pickle-key" = { + inherit owner group mode; + }; + "mautrix-${name}/provisioning-shared-secret" = { + inherit owner group mode; + }; + "mautrix-${name}/public-media-signing-key" = { + inherit owner group mode; + }; + "mautrix-${name}/direct-media-server-key" = { + inherit owner group mode; + }; }; templates."mautrix-${name}/env-file" = { inherit owner group mode; content = '' - MAUTRIX_${toUpper name}_ENCRYPTION_PICKLE_KEY=${ - config.sops.placeholder."mautrix-${name}/encryption-pickle-key" - } + MAUTRIX_${toUpper name}_ENCRYPTION_PICKLE_KEY=${config.sops.placeholder."mautrix-${name}/encryption-pickle-key"} MAUTRIX_${toUpper name}_PROVISIONING_SHARED_SECRET=${ config.sops.placeholder."mautrix-${name}/provisioning-shared-secret" } - MAUTRIX_${toUpper name}_PUBLIC_MEDIA_SIGNING_KEY=${ - config.sops.placeholder."mautrix-${name}/public-media-signing-key" - } - MAUTRIX_${toUpper name}_DIRECT_MEDIA_SERVER_KEY=${ - config.sops.placeholder."mautrix-${name}/direct-media-server-key" - } + MAUTRIX_${toUpper name}_PUBLIC_MEDIA_SIGNING_KEY=${config.sops.placeholder."mautrix-${name}/public-media-signing-key"} + MAUTRIX_${toUpper name}_DIRECT_MEDIA_SERVER_KEY=${config.sops.placeholder."mautrix-${name}/direct-media-server-key"} ''; }; } diff --git a/modules/nixos/matrix-synapse/default.nix b/modules/nixos/matrix-synapse/default.nix index 542094f..68a7f5e 100644 --- a/modules/nixos/matrix-synapse/default.nix +++ b/modules/nixos/matrix-synapse/default.nix @@ -84,77 +84,74 @@ in }; config = mkIf cfg.enable { - services.postgresql = { - enable = true; - initialScript = pkgs.writeText "synapse-init.sql" '' - CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; - CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" - TEMPLATE template0 - LC_COLLATE = 'C' - LC_CTYPE = 'C'; - ''; - }; + services = { + postgresql = { + enable = true; + initialScript = pkgs.writeText "synapse-init.sql" '' + CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; + CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" + TEMPLATE template0 + LC_COLLATE = 'C' + LC_CTYPE = 'C'; + ''; + }; - services.matrix-synapse = mkMerge [ - { - settings = { - registration_shared_secret_path = - mkIf cfg.sops - config.sops.secrets."matrix/registration-shared-secret".path; - server_name = config.networking.domain; - public_baseurl = baseUrl; - listeners = [ - { - inherit (cfg) port; - bind_addresses = [ "127.0.0.1" ]; - resources = [ - { - compress = true; - names = [ "client" ]; - } - { - compress = false; - names = [ "federation" ]; - } - ]; - tls = false; - type = "http"; - x_forwarded = true; - } - ]; + matrix-synapse = mkMerge [ + { + settings = { + registration_shared_secret_path = mkIf cfg.sops config.sops.secrets."matrix/registration-shared-secret".path; + server_name = config.networking.domain; + public_baseurl = baseUrl; + listeners = [ + { + inherit (cfg) port; + bind_addresses = [ "127.0.0.1" ]; + resources = [ + { + compress = true; + names = [ "client" ]; + } + { + compress = false; + names = [ "federation" ]; + } + ]; + tls = false; + type = "http"; + x_forwarded = true; + } + ]; + }; + } + (mkIf cfg.coturn.enable { + settings = { + turn_uris = with cfg.coturn; [ + "turn:${realm}:${toString listening-port}?transport=udp" + "turn:${realm}:${toString listening-port}?transport=tcp" + "turn:${realm}:${toString tls-listening-port}?transport=udp" + "turn:${realm}:${toString tls-listening-port}?transport=tcp" + "turn:${realm}:${toString alt-listening-port}?transport=udp" + "turn:${realm}:${toString alt-listening-port}?transport=tcp" + "turn:${realm}:${toString alt-tls-listening-port}?transport=udp" + "turn:${realm}:${toString alt-tls-listening-port}?transport=tcp" + ]; + extraConfigFiles = mkIf cfg.sops [ config.sops.templates."coturn/static-auth-secret.env".path ]; + turn_user_lifetime = "1h"; + }; + }) + ]; + + nginx.virtualHosts."${cfg.settings.server_name}" = { + enableACME = true; + forceSSL = true; + + locations = { + "= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; + "= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; + "/_matrix".proxyPass = "http://127.0.0.1:${toString cfg.port}"; + "/_synapse".proxyPass = "http://127.0.0.1:${toString cfg.port}"; }; - } - (mkIf cfg.coturn.enable { - settings = { - turn_uris = with cfg.coturn; [ - "turn:${realm}:${toString listening-port}?transport=udp" - "turn:${realm}:${toString listening-port}?transport=tcp" - "turn:${realm}:${toString tls-listening-port}?transport=udp" - "turn:${realm}:${toString tls-listening-port}?transport=tcp" - "turn:${realm}:${toString alt-listening-port}?transport=udp" - "turn:${realm}:${toString alt-listening-port}?transport=tcp" - "turn:${realm}:${toString alt-tls-listening-port}?transport=udp" - "turn:${realm}:${toString alt-tls-listening-port}?transport=tcp" - ]; - extraConfigFiles = mkIf cfg.sops [ config.sops.templates."coturn/static-auth-secret.env".path ]; - turn_user_lifetime = "1h"; - }; - }) - ]; - - environment.shellAliases = mkIf cfg.sops { - register_new_matrix_user = "${cfg.package}/bin/register_new_matrix_user -k $(sudo cat ${cfg.settings.registration_shared_secret_path})"; - }; - - services.nginx.virtualHosts."${cfg.settings.server_name}" = { - enableACME = true; - forceSSL = true; - - locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; - locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; - - locations."/_matrix".proxyPass = "http://127.0.0.1:${toString cfg.port}"; - locations."/_synapse".proxyPass = "http://127.0.0.1:${toString cfg.port}"; + }; }; sops = mkIf cfg.sops { diff --git a/modules/nixos/matrix-synapse/livekit.nix b/modules/nixos/matrix-synapse/livekit.nix index c4850c6..79bcf89 100644 --- a/modules/nixos/matrix-synapse/livekit.nix +++ b/modules/nixos/matrix-synapse/livekit.nix @@ -6,51 +6,53 @@ let cfg = config.services.matrix-synapse; - domain = config.networking.domain; + inherit (config.networking) domain; inherit (lib) mkIf mkDefault; in { config = mkIf cfg.enable { - services.livekit = { - enable = true; - settings.port = mkDefault 7880; - settings.room.auto_create = mkDefault false; - openFirewall = mkDefault true; - keyFile = mkIf cfg.sops config.sops.templates."livekit/key".path; - }; + services = { + livekit = { + enable = true; + settings.port = mkDefault 7880; + settings.room.auto_create = mkDefault false; + openFirewall = mkDefault true; + keyFile = mkIf cfg.sops config.sops.templates."livekit/key".path; + }; - services.lk-jwt-service = { - enable = true; - port = mkDefault 8080; - livekitUrl = "wss://${domain}/livekit/sfu"; - keyFile = mkIf cfg.sops config.sops.templates."livekit/key".path; - }; + lk-jwt-service = { + enable = true; + port = mkDefault 8080; + livekitUrl = "wss://${domain}/livekit/sfu"; + keyFile = mkIf cfg.sops config.sops.templates."livekit/key".path; + }; - systemd.services.lk-jwt-service.environment.LIVEKIT_FULL_ACCESS_HOMESERVERS = domain; - - services.nginx.virtualHosts = { - "${domain}".locations = { - "^~ /livekit/jwt/" = { - priority = 400; - proxyPass = "http://127.0.0.1:${toString config.services.lk-jwt-service.port}/"; - }; - "^~ /livekit/sfu/" = { - priority = 400; - proxyPass = "http://127.0.0.1:${toString config.services.livekit.settings.port}/"; - proxyWebsockets = true; - extraConfig = '' - proxy_send_timeout 120; - proxy_read_timeout 120; - proxy_buffering off; - proxy_set_header Accept-Encoding gzip; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - ''; + nginx.virtualHosts = { + "${domain}".locations = { + "^~ /livekit/jwt/" = { + priority = 400; + proxyPass = "http://127.0.0.1:${toString config.services.lk-jwt-service.port}/"; + }; + "^~ /livekit/sfu/" = { + priority = 400; + proxyPass = "http://127.0.0.1:${toString config.services.livekit.settings.port}/"; + proxyWebsockets = true; + extraConfig = '' + proxy_send_timeout 120; + proxy_read_timeout 120; + proxy_buffering off; + proxy_set_header Accept-Encoding gzip; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + ''; + }; }; }; }; + systemd.services.lk-jwt-service.environment.LIVEKIT_FULL_ACCESS_HOMESERVERS = domain; + sops = mkIf cfg.sops { secrets."livekit/key" = { }; templates."livekit/key".content = '' diff --git a/modules/nixos/maubot/default.nix b/modules/nixos/maubot/default.nix index cfbd96c..a703e07 100644 --- a/modules/nixos/maubot/default.nix +++ b/modules/nixos/maubot/default.nix @@ -76,7 +76,7 @@ in sops = mkIf cfg.sops ( let owner = user.name; - group = user.group; + inherit (user) group; mode = "0400"; in { @@ -98,9 +98,7 @@ in '' admins: '' - + concatLines ( - map (admin: " ${admin}: ${config.sops.placeholder."maubot/admins/${admin}"}") cfg.admins - ) + + concatLines (map (admin: " ${admin}: ${config.sops.placeholder."maubot/admins/${admin}"}") cfg.admins) ); }; } diff --git a/modules/nixos/mcpo/default.nix b/modules/nixos/mcpo/default.nix index 76ad953..45d8867 100644 --- a/modules/nixos/mcpo/default.nix +++ b/modules/nixos/mcpo/default.nix @@ -96,7 +96,7 @@ in users.users."${cfg.user}" = { isSystemUser = true; - group = cfg.group; + inherit (cfg) group; }; users.groups."${cfg.group}" = { }; diff --git a/modules/nixos/miniflux/default.nix b/modules/nixos/miniflux/default.nix index be6a260..342576c 100644 --- a/modules/nixos/miniflux/default.nix +++ b/modules/nixos/miniflux/default.nix @@ -6,8 +6,8 @@ let cfg = config.services.miniflux; - domain = config.networking.domain; - subdomain = cfg.reverseProxy.subdomain; + inherit (config.networking) domain; + inherit (cfg.reverseProxy) subdomain; fqdn = if (cfg.reverseProxy.enable && subdomain != "") then "${subdomain}.${domain}" else domain; port = 8085; diff --git a/modules/nixos/nginx/default.nix b/modules/nixos/nginx/default.nix index acffbed..b18c163 100644 --- a/modules/nixos/nginx/default.nix +++ b/modules/nixos/nginx/default.nix @@ -50,8 +50,7 @@ in "1.1.1.1" "2606:4700:4700::1111" ]; - resolvers = - if config.networking.nameservers == [ ] then cloudflare else config.networking.nameservers; + resolvers = if config.networking.nameservers == [ ] then cloudflare else config.networking.nameservers; in map escapeIPv6 resolvers; @@ -60,7 +59,7 @@ in virtualHosts = { "${config.networking.domain}" = mkDefault { enableACME = cfg.forceSSL; - forceSSL = cfg.forceSSL; + inherit (cfg) forceSSL; }; }; }; diff --git a/modules/nixos/normalUsers/default.nix b/modules/nixos/normalUsers/default.nix index 7f769bb..96a0592 100644 --- a/modules/nixos/normalUsers/default.nix +++ b/modules/nixos/normalUsers/default.nix @@ -21,7 +21,7 @@ in types.submodule { options = { extraGroups = mkOption { - type = (types.listOf types.str); + type = types.listOf types.str; default = [ ]; description = "Extra groups for the user"; example = [ "wheel" ]; @@ -37,7 +37,7 @@ in description = "Initial password for the user"; }; sshKeyFiles = mkOption { - type = (types.listOf types.path); + type = types.listOf types.path; default = [ ]; description = "SSH key files for the user"; example = [ "/path/to/id_rsa.pub" ]; diff --git a/modules/nixos/nostr-relay/default.nix b/modules/nixos/nostr-relay/default.nix index 199f702..318e9de 100644 --- a/modules/nixos/nostr-relay/default.nix +++ b/modules/nixos/nostr-relay/default.nix @@ -2,8 +2,8 @@ let cfg = config.services.nostr-relay; - domain = config.networking.domain; - subdomain = cfg.reverseProxy.subdomain; + inherit (config.networking) domain; + inherit (cfg.reverseProxy) subdomain; fqdn = if (cfg.reverseProxy.enable && subdomain != "") then "${subdomain}.${domain}" else domain; inherit (lib) @@ -48,9 +48,8 @@ in services.nginx.virtualHosts = mkIf cfg.reverseProxy.enable { "${fqdn}" = { enableACME = cfg.reverseProxy.forceSSL; - forceSSL = cfg.reverseProxy.forceSSL; - locations."/".proxyPass = - "http://127.0.0.1:${toString config.services.nostr-rs-relay.settings.network.port}"; + inherit (cfg.reverseProxy) forceSSL; + locations."/".proxyPass = "http://127.0.0.1:${toString config.services.nostr-rs-relay.settings.network.port}"; }; }; }; diff --git a/modules/nixos/nvidia/default.nix b/modules/nixos/nvidia/default.nix index 4d95ea2..fef76de 100644 --- a/modules/nixos/nvidia/default.nix +++ b/modules/nixos/nvidia/default.nix @@ -9,20 +9,26 @@ let inherit (lib) mkDefault; in { - boot.blacklistedKernelModules = [ "nouveau" ]; - boot.extraModulePackages = [ config.hardware.nvidia.package ]; - boot.initrd.kernelModules = [ "nvidia" ]; + boot = { + blacklistedKernelModules = [ "nouveau" ]; + extraModulePackages = [ config.hardware.nvidia.package ]; + initrd.kernelModules = [ "nvidia" ]; + }; environment.systemPackages = with pkgs; [ nvtopPackages.nvidia ]; - hardware.enableRedistributableFirmware = true; - hardware.graphics.enable = true; - hardware.nvidia.modesetting.enable = true; - hardware.nvidia.nvidiaSettings = true; - hardware.nvidia.open = false; - hardware.nvidia.package = mkDefault config.boot.kernelPackages.nvidiaPackages.latest; + hardware = { + enableRedistributableFirmware = true; + graphics.enable = true; + nvidia = { + modesetting.enable = true; + nvidiaSettings = true; + open = false; + package = mkDefault config.boot.kernelPackages.nvidiaPackages.latest; + }; + }; nixpkgs.config.cudaSupport = true; diff --git a/modules/nixos/ollama/default.nix b/modules/nixos/ollama/default.nix index 54b2dad..bd70db4 100644 --- a/modules/nixos/ollama/default.nix +++ b/modules/nixos/ollama/default.nix @@ -2,8 +2,8 @@ let cfg = config.services.ollama; - domain = config.networking.domain; - subdomain = cfg.reverseProxy.subdomain; + inherit (config.networking) domain; + inherit (cfg.reverseProxy) subdomain; fqdn = if (cfg.reverseProxy.enable && subdomain != "") then "${subdomain}.${domain}" else domain; inherit (lib) @@ -31,7 +31,7 @@ in services.nginx.virtualHosts = mkIf cfg.reverseProxy.enable { "${fqdn}" = mkVirtualHost { - port = cfg.port; + inherit (cfg) port; ssl = cfg.reverseProxy.forceSSL; recommendedProxySettings = mkForce false; extraConfig = '' diff --git a/modules/nixos/open-webui-oci/default.nix b/modules/nixos/open-webui-oci/default.nix index 50bb15b..273507c 100644 --- a/modules/nixos/open-webui-oci/default.nix +++ b/modules/nixos/open-webui-oci/default.nix @@ -83,10 +83,43 @@ in }; config = mkIf cfg.enable { - virtualisation.podman = { - enable = true; - autoPrune.enable = true; - dockerCompat = true; + virtualisation = { + podman = { + enable = true; + autoPrune.enable = true; + dockerCompat = true; + }; + + oci-containers = { + backend = "podman"; + + containers."open-webui" = { + image = with cfg.image; imageName + ":" + imageTag; + imageFile = cfg.image; + environment = + defaultEnv + // cfg.environment + // { + PORT = "${toString cfg.port}"; + CORS_ALLOW_ORIGIN = concatStringsSep ";" ( + [ + "http://localhost:${toString cfg.port}" + "http://127.0.0.1:${toString cfg.port}" + "http://0.0.0.0:${toString cfg.port}" + ] + ++ optional (cfg.externalUrl != null) cfg.externalUrl + ); + }; + environmentFiles = optional (cfg.environmentFile != null) cfg.environmentFile; + volumes = [ + "open-webui_open-webui:/app/backend/data:rw" + ]; + log-driver = "journald"; + extraOptions = [ + "--network=host" + ]; + }; + }; }; networking.firewall.interfaces = @@ -97,70 +130,44 @@ in "${matchAll}".allowedUDPPorts = [ 53 ]; }; - virtualisation.oci-containers.backend = "podman"; - - virtualisation.oci-containers.containers."open-webui" = { - image = with cfg.image; imageName + ":" + imageTag; - imageFile = cfg.image; - environment = - defaultEnv - // cfg.environment - // { - PORT = "${toString cfg.port}"; - CORS_ALLOW_ORIGIN = concatStringsSep ";" ( - [ - "http://localhost:${toString cfg.port}" - "http://127.0.0.1:${toString cfg.port}" - "http://0.0.0.0:${toString cfg.port}" - ] - ++ optional (cfg.externalUrl != null) cfg.externalUrl - ); + systemd = { + services."podman-open-webui" = { + serviceConfig = { + Restart = mkOverride 90 "always"; }; - environmentFiles = optional (cfg.environmentFile != null) cfg.environmentFile; - volumes = [ - "open-webui_open-webui:/app/backend/data:rw" - ]; - log-driver = "journald"; - extraOptions = [ - "--network=host" - ]; - }; - systemd.services."podman-open-webui" = { - serviceConfig = { - Restart = mkOverride 90 "always"; + after = [ + "podman-volume-open-webui_open-webui.service" + ]; + requires = [ + "podman-volume-open-webui_open-webui.service" + ]; + partOf = [ + "podman-compose-open-webui-root.target" + ]; + wantedBy = [ + "podman-compose-open-webui-root.target" + ]; }; - after = [ - "podman-volume-open-webui_open-webui.service" - ]; - requires = [ - "podman-volume-open-webui_open-webui.service" - ]; - partOf = [ - "podman-compose-open-webui-root.target" - ]; - wantedBy = [ - "podman-compose-open-webui-root.target" - ]; - }; - systemd.services."podman-volume-open-webui_open-webui" = { - path = [ pkgs.podman ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; + services."podman-volume-open-webui_open-webui" = { + path = [ pkgs.podman ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = '' + podman volume inspect open-webui_open-webui || podman volume create open-webui_open-webui + ''; + partOf = [ "podman-compose-open-webui-root.target" ]; + wantedBy = [ "podman-compose-open-webui-root.target" ]; }; - script = '' - podman volume inspect open-webui_open-webui || podman volume create open-webui_open-webui - ''; - partOf = [ "podman-compose-open-webui-root.target" ]; - wantedBy = [ "podman-compose-open-webui-root.target" ]; - }; - systemd.targets."podman-compose-open-webui-root" = { - unitConfig = { - Description = "Root target generated by compose2nix."; + targets."podman-compose-open-webui-root" = { + unitConfig = { + Description = "Root target generated by compose2nix."; + }; + wantedBy = [ "multi-user.target" ]; }; - wantedBy = [ "multi-user.target" ]; }; }; } diff --git a/modules/nixos/print-server/default.nix b/modules/nixos/print-server/default.nix index f96650d..a05382c 100644 --- a/modules/nixos/print-server/default.nix +++ b/modules/nixos/print-server/default.nix @@ -7,8 +7,8 @@ let cfg = config.services.print-server; - domain = config.networking.domain; - subdomain = cfg.reverseProxy.subdomain; + inherit (config.networking) domain; + inherit (cfg.reverseProxy) subdomain; fqdn = if (cfg.reverseProxy.enable && subdomain != "") then "${subdomain}.${domain}" else domain; port = 631; @@ -36,47 +36,49 @@ in }; config = mkIf cfg.enable { - services.printing = { - enable = true; - listenAddresses = [ "*:${builtins.toString port}" ]; - webInterface = true; - tempDir = "/tmp/cups"; - allowFrom = [ "all" ]; - snmpConf = '' - Address @LOCAL - ''; - clientConf = ""; - openFirewall = cfg.openFirewall; - drivers = with pkgs; [ - brlaser - brgenml1lpr - brgenml1cupswrapper # Brother - postscript-lexmark # Lexmark - hplip - hplipWithPlugin # HP - splix - samsung-unified-linux-driver # Samsung - gutenprint - gutenprintBin # different vendors - ]; - defaultShared = true; - browsing = true; - browsedConf = '' - BrowsePoll ${fqdn} - ''; - }; + services = { + printing = { + enable = true; + listenAddresses = [ "*:${builtins.toString port}" ]; + webInterface = true; + tempDir = "/tmp/cups"; + allowFrom = [ "all" ]; + snmpConf = '' + Address @LOCAL + ''; + clientConf = ""; + inherit (cfg) openFirewall; + drivers = with pkgs; [ + brlaser + brgenml1lpr + brgenml1cupswrapper # Brother + postscript-lexmark # Lexmark + hplip + hplipWithPlugin # HP + splix + samsung-unified-linux-driver # Samsung + gutenprint + gutenprintBin # different vendors + ]; + defaultShared = true; + browsing = true; + browsedConf = '' + BrowsePoll ${fqdn} + ''; + }; - # autodiscovery of network printers - services.avahi = { - enable = true; - nssmdns4 = true; - openFirewall = cfg.openFirewall; - }; + # autodiscovery of network printers + avahi = { + enable = true; + nssmdns4 = true; + inherit (cfg) openFirewall; + }; - services.nginx.virtualHosts = mkIf cfg.reverseProxy.enable { - ${fqdn} = mkVirtualHost { - inherit port; - ssl = cfg.reverseProxy.forceSSL; + nginx.virtualHosts = mkIf cfg.reverseProxy.enable { + ${fqdn} = mkVirtualHost { + inherit port; + ssl = cfg.reverseProxy.forceSSL; + }; }; }; }; diff --git a/modules/nixos/radicale/default.nix b/modules/nixos/radicale/default.nix index 8b16ad3..757d855 100644 --- a/modules/nixos/radicale/default.nix +++ b/modules/nixos/radicale/default.nix @@ -7,8 +7,8 @@ let cfg = config.services.radicale; - domain = config.networking.domain; - subdomain = cfg.reverseProxy.subdomain; + inherit (config.networking) domain; + inherit (cfg.reverseProxy) subdomain; fqdn = if (cfg.reverseProxy.enable && subdomain != "") then "${subdomain}.${domain}" else domain; port = 5232; @@ -63,7 +63,7 @@ in services.nginx.virtualHosts = mkIf cfg.reverseProxy.enable { "${fqdn}" = { - forceSSL = cfg.reverseProxy.forceSSL; + inherit (cfg.reverseProxy) forceSSL; enableACME = cfg.reverseProxy.forceSSL; locations = { "/" = { diff --git a/modules/nixos/rss-bridge/default.nix b/modules/nixos/rss-bridge/default.nix index 1a5adf5..281bf7e 100644 --- a/modules/nixos/rss-bridge/default.nix +++ b/modules/nixos/rss-bridge/default.nix @@ -2,8 +2,8 @@ let cfg = config.services.rss-bridge; - domain = config.networking.domain; - subdomain = cfg.reverseProxy.subdomain; + inherit (config.networking) domain; + inherit (cfg.reverseProxy) subdomain; fqdn = if (cfg.reverseProxy.enable && subdomain != "") then "${subdomain}.${domain}" else domain; inherit (lib) @@ -33,7 +33,7 @@ in services.nginx.virtualHosts = mkIf cfg.reverseProxy.enable { "${fqdn}" = { enableACME = cfg.reverseProxy.forceSSL; - forceSSL = cfg.reverseProxy.forceSSL; + inherit (cfg.reverseProxy) forceSSL; }; }; }; diff --git a/modules/nixos/tailscale/default.nix b/modules/nixos/tailscale/default.nix index b437849..d6dd879 100644 --- a/modules/nixos/tailscale/default.nix +++ b/modules/nixos/tailscale/default.nix @@ -56,8 +56,7 @@ in config = let defaultTailnets = filterAttrs (_: t: t.default) cfg.tailnets; - defaultTailnet = - if defaultTailnets == { } then null else builtins.head (builtins.attrValues defaultTailnets); + defaultTailnet = if defaultTailnets == { } then null else builtins.head (builtins.attrValues defaultTailnets); entries = mapAttrsToList (name: tcfg: '' TAILNETS["${name}"]="${tcfg.loginServer}|${if tcfg.enableSSH then "true" else "false"}|${ @@ -111,8 +110,7 @@ in mkIf cfg.enable { assertions = [ { - assertion = - (builtins.length (builtins.attrValues (filterAttrs (_: t: t.default) cfg.tailnets))) <= 1; + assertion = (builtins.length (builtins.attrValues (filterAttrs (_: t: t.default) cfg.tailnets))) <= 1; message = "services.tailscale.tailnets: Only one tailnet can be set as default."; } { diff --git a/modules/nixos/virtualisation/default.nix b/modules/nixos/virtualisation/default.nix index fb62b0f..be96f4b 100644 --- a/modules/nixos/virtualisation/default.nix +++ b/modules/nixos/virtualisation/default.nix @@ -58,16 +58,18 @@ in enable = mkDefault true; onBoot = mkDefault "ignore"; onShutdown = mkDefault "shutdown"; - qemu.runAsRoot = mkDefault false; - qemu.verbatimConfig = '' - clear_emulation_capabilities = ${boolToZeroOne cfg.libvirtd.clearEmulationCapabilities} - '' - + optionalString (cfg.libvirtd.deviceACL != [ ]) '' - cgroup_device_acl = [ - ${aclString} - ] - ''; - qemu.swtpm.enable = mkDefault true; # TPM 2.0 + qemu = { + runAsRoot = mkDefault false; + verbatimConfig = '' + clear_emulation_capabilities = ${boolToZeroOne cfg.libvirtd.clearEmulationCapabilities} + '' + + optionalString (cfg.libvirtd.deviceACL != [ ]) '' + cgroup_device_acl = [ + ${aclString} + ] + ''; + swtpm.enable = mkDefault true; # TPM 2.0 + }; }; spiceUSBRedirection.enable = mkDefault true; }; diff --git a/modules/nixos/virtualisation/iommu-groups.sh b/modules/nixos/virtualisation/iommu-groups.sh index 3d2e4f3..4633ff4 100644 --- a/modules/nixos/virtualisation/iommu-groups.sh +++ b/modules/nixos/virtualisation/iommu-groups.sh @@ -1,3 +1,4 @@ +#!/usr/bin/env bash shopt -s nullglob for d in /sys/kernel/iommu_groups/*/devices/*; do n=${d#*/iommu_groups/*}; n=${n%%/*} diff --git a/modules/nixos/virtualisation/kvmfr.nix b/modules/nixos/virtualisation/kvmfr.nix index ad7bfe6..04abd03 100644 --- a/modules/nixos/virtualisation/kvmfr.nix +++ b/modules/nixos/virtualisation/kvmfr.nix @@ -78,34 +78,32 @@ let }; }; - deviceType = ( - types.submodule ( - { config, options, ... }: - { - options = { - resolution = mkOption { - type = types.nullOr resolutionType; - default = null; - description = "Automatically calculate the minimum device size for a specific resolution. Overrides `size` if set."; - }; - - size = mkOption { - type = types.number; - description = "Size for the kvmfr device in megabytes."; - }; - - permissions = mkOption { - type = permissionsType; - default = { }; - description = "Permissions of the kvmfr device."; - }; + deviceType = types.submodule ( + { config, options, ... }: + { + options = { + resolution = mkOption { + type = types.nullOr resolutionType; + default = null; + description = "Automatically calculate the minimum device size for a specific resolution. Overrides `size` if set."; }; - config = { - size = mkIf (config.resolution != null) (sizeFromResolution config.resolution); + size = mkOption { + type = types.number; + description = "Size for the kvmfr device in megabytes."; }; - } - ) + + permissions = mkOption { + type = permissionsType; + default = { }; + description = "Permissions of the kvmfr device."; + }; + }; + + config = { + size = mkIf (config.resolution != null) (sizeFromResolution config.resolution); + }; + } ); inherit (lib) @@ -144,7 +142,7 @@ in ''; "modprobe.d/kvmfr.conf".text = '' - options kvmfr static_size_mb=${concatStringsSep "," (map (size: toString size) deviceSizes)} + options kvmfr static_size_mb=${concatStringsSep "," (map toString deviceSizes)} ''; "apparmor.d/local/abstractions/libvirt-qemu" = mkIf config.security.apparmor.enable { diff --git a/modules/nixos/webPage/default.nix b/modules/nixos/webPage/default.nix index 32d58b1..5a4982f 100644 --- a/modules/nixos/webPage/default.nix +++ b/modules/nixos/webPage/default.nix @@ -2,7 +2,7 @@ let cfg = config.services.webPage; - domain = config.networking.domain; + inherit (config.networking) domain; fqdn = if (cfg.subdomain != "") then "${cfg.subdomain}.${domain}" else domain; nginxUser = config.services.nginx.user; @@ -41,7 +41,7 @@ in config = mkIf cfg.enable { services.nginx.virtualHosts."${fqdn}" = { enableACME = cfg.forceSSL; - forceSSL = cfg.forceSSL; + inherit (cfg) forceSSL; root = cfg.webRoot; locations."/".index = "index.html"; sslCertificate = mkIf cfg.forceSSL "${config.security.acme.certs."${fqdn}".directory}/cert.pem"; diff --git a/modules/nixos/windows-oci/default.nix b/modules/nixos/windows-oci/default.nix index b050daa..7856010 100644 --- a/modules/nixos/windows-oci/default.nix +++ b/modules/nixos/windows-oci/default.nix @@ -81,90 +81,97 @@ in }; config = mkIf cfg.enable { - systemd.tmpfiles.rules = [ "d ${cfg.volume} 0755 root podman -" ]; + systemd = { + tmpfiles.rules = [ "d ${cfg.volume} 0755 root podman -" ]; - virtualisation.podman = { - enable = true; - autoPrune.enable = true; - dockerCompat = true; - defaultNetwork.settings = { - dns_enabled = true; + services = { + "podman-windows" = { + serviceConfig = { + Restart = mkOverride 90 "always"; + }; + after = [ + "podman-network-windows_default.service" + ]; + requires = [ + "podman-network-windows_default.service" + ]; + partOf = [ + "podman-compose-windows-root.target" + ]; + wantedBy = [ + "podman-compose-windows-root.target" + ]; + }; + + "podman-network-windows_default" = { + path = [ pkgs.podman ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + ExecStop = "podman network rm -f windows_default"; + }; + script = '' + podman network inspect windows_default || podman network create windows_default + ''; + partOf = [ "podman-compose-windows-root.target" ]; + wantedBy = [ "podman-compose-windows-root.target" ]; + }; + }; + + targets."podman-compose-windows-root" = { + unitConfig = { + Description = "Root target generated by compose2nix."; + }; + wantedBy = [ "multi-user.target" ]; + }; + }; + + virtualisation = { + podman = { + enable = true; + autoPrune.enable = true; + dockerCompat = true; + defaultNetwork.settings = { + dns_enabled = true; + }; + }; + + oci-containers = { + backend = "podman"; + containers."windows" = { + image = "dockurr/windows"; + environment = with cfg.settings; { + "VERSION" = version; + "RAM_SIZE" = ramSize; + "CPU_CORES" = cpuCores; + "DISK_SIZE" = diskSize; + "USERNAME" = username; + "PASSWORD" = password; + "REGION" = region; + "KEYBOARD" = keyboard; + }; + volumes = [ + "${cfg.volume}:/storage:rw" + ] + ++ optional (cfg.sharedVolume != null) "${cfg.sharedVolume}:/shared:rw"; + ports = [ + "8006:8006/tcp" + "3389:3389/tcp" + "3389:3389/udp" + ]; + log-driver = "journald"; + extraOptions = [ + "--cap-add=NET_ADMIN" + "--device=/dev/kvm:/dev/kvm:rwm" + "--device=/dev/net/tun:/dev/net/tun:rwm" + "--network-alias=windows" + "--network=windows_default" + ]; + }; }; }; # https://github.com/NixOS/nixpkgs/issues/226365 networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ]; - - virtualisation.oci-containers.backend = "podman"; - - virtualisation.oci-containers.containers."windows" = { - image = "dockurr/windows"; - environment = with cfg.settings; { - "VERSION" = version; - "RAM_SIZE" = ramSize; - "CPU_CORES" = cpuCores; - "DISK_SIZE" = diskSize; - "USERNAME" = username; - "PASSWORD" = password; - "LANGUAGE" = language; - "REGION" = region; - "KEYBOARD" = keyboard; - }; - volumes = [ - "${cfg.volume}:/storage:rw" - ] - ++ optional (cfg.sharedVolume != null) "${cfg.sharedVolume}:/shared:rw"; - ports = [ - "8006:8006/tcp" - "3389:3389/tcp" - "3389:3389/udp" - ]; - log-driver = "journald"; - extraOptions = [ - "--cap-add=NET_ADMIN" - "--device=/dev/kvm:/dev/kvm:rwm" - "--device=/dev/net/tun:/dev/net/tun:rwm" - "--network-alias=windows" - "--network=windows_default" - ]; - }; - systemd.services."podman-windows" = { - serviceConfig = { - Restart = mkOverride 90 "always"; - }; - after = [ - "podman-network-windows_default.service" - ]; - requires = [ - "podman-network-windows_default.service" - ]; - partOf = [ - "podman-compose-windows-root.target" - ]; - wantedBy = [ - "podman-compose-windows-root.target" - ]; - }; - - systemd.services."podman-network-windows_default" = { - path = [ pkgs.podman ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - ExecStop = "podman network rm -f windows_default"; - }; - script = '' - podman network inspect windows_default || podman network create windows_default - ''; - partOf = [ "podman-compose-windows-root.target" ]; - wantedBy = [ "podman-compose-windows-root.target" ]; - }; - - systemd.targets."podman-compose-windows-root" = { - unitConfig = { - Description = "Root target generated by compose2nix."; - }; - wantedBy = [ "multi-user.target" ]; - }; }; } diff --git a/modules/shared/common/nix.nix b/modules/shared/common/nix.nix index 4d8e217..c51fc6f 100644 --- a/modules/shared/common/nix.nix +++ b/modules/shared/common/nix.nix @@ -14,74 +14,78 @@ let ; in { - nix.package = mkDefault pkgs.nix; + nix = { + package = mkDefault pkgs.nix; - # for `nix run synix#foo`, `nix build synix#bar`, etc - nix.registry = { - synix = { - from = { - id = "synix"; - type = "indirect"; - }; - to = { - owner = "sid"; - repo = "synix"; - host = "git.sid.ovh"; - type = "gitea"; + # for `nix run synix#foo`, `nix build synix#bar`, etc + registry = { + synix = { + from = { + id = "synix"; + type = "indirect"; + }; + to = { + owner = "sid"; + repo = "synix"; + host = "git.sid.ovh"; + type = "gitea"; + }; }; }; - }; - nix.settings.warn-dirty = mkDefault false; + settings = { + warn-dirty = mkDefault false; - # fallback quickly if substituters are not available. - nix.settings.connect-timeout = mkDefault 5; - nix.settings.fallback = true; + # fallback quickly if substituters are not available. + connect-timeout = mkDefault 5; + fallback = true; - nix.settings.experimental-features = [ - "nix-command" - "flakes" - ] - ++ optional ( - config.nix.package != null && versionOlder (versions.majorMinor config.nix.package.version) "2.22" - ) "repl-flake"; + experimental-features = [ + "nix-command" + "flakes" + ] + ++ optional ( + config.nix.package != null && versionOlder (versions.majorMinor config.nix.package.version) "2.22" + ) "repl-flake"; - nix.settings.log-lines = mkDefault 25; + log-lines = mkDefault 25; - # avoid disk full issues - nix.settings.max-free = mkDefault (3000 * 1024 * 1024); - nix.settings.min-free = mkDefault (512 * 1024 * 1024); + # avoid disk full issues + max-free = mkDefault (3000 * 1024 * 1024); + min-free = mkDefault (512 * 1024 * 1024); - # avoid copying unnecessary stuff over SSH - nix.settings.builders-use-substitutes = true; + # avoid copying unnecessary stuff over SSH + builders-use-substitutes = true; - # workaround for https://github.com/NixOS/nix/issues/9574 - nix.settings.nix-path = config.nix.nixPath; + # workaround for https://github.com/NixOS/nix/issues/9574 + nix-path = config.nix.nixPath; - nix.settings.download-buffer-size = 524288000; # 500 MiB + download-buffer-size = 524288000; # 500 MiB - # add all wheel users to the trusted-users group - nix.settings.trusted-users = [ - "@wheel" - ]; + # add all wheel users to the trusted-users group + trusted-users = [ + "@wheel" + ]; - # binary caches - nix.settings.substituters = [ - "https://cache.nixos.org" - "https://nix-community.cachix.org" - "https://cache.garnix.io" - "https://numtide.cachix.org" - ]; - nix.settings.trusted-public-keys = [ - "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" - "numtide.cachix.org-1:2ps1kLBUWjxIneOy1Ik6cQjb41X0iXVXeHigGmycPPE=" - ]; + # binary caches + substituters = [ + "https://cache.nixos.org" + "https://nix-community.cachix.org" + "https://cache.garnix.io" + "https://numtide.cachix.org" + ]; + trusted-public-keys = [ + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" + "numtide.cachix.org-1:2ps1kLBUWjxIneOy1Ik6cQjb41X0iXVXeHigGmycPPE=" + ]; + }; - nix.gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 30d"; + gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 30d"; + }; }; } diff --git a/overlays/default.nix b/overlays/default.nix index c4a695d..2340bd3 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -9,11 +9,15 @@ modifications = final: prev: { # https://github.com/NixOS/nixpkgs/issues/335003#issuecomment-2755803376 - kicad = ( - prev.kicad.override { - stable = true; - } - ); + kicad = prev.kicad.override { + stable = true; + }; + + python312Packages = prev.python312Packages // { + arxiv = prev.python312Packages.arxiv.overridePythonAttrs (old: { + pythonRemoveDeps = (old.pythonRemoveDeps or [ ]) ++ [ "requests" ]; + }); + }; # bemenu is not a valid selector in v1.5.1 rofi-rbw-wayland = prev.rofi-rbw-wayland.overrideAttrs (oldAttrs: { diff --git a/pkgs/arxiv-mcp-server/default.nix b/pkgs/arxiv-mcp-server/default.nix index 624b667..af7f626 100644 --- a/pkgs/arxiv-mcp-server/default.nix +++ b/pkgs/arxiv-mcp-server/default.nix @@ -1,10 +1,13 @@ { lib, - python3, + python312, fetchPypi, }: -python3.pkgs.buildPythonApplication rec { +let + python = python312; +in +python.pkgs.buildPythonApplication rec { pname = "arxiv-mcp-server"; version = "0.5.0"; pyproject = true; @@ -16,10 +19,10 @@ python3.pkgs.buildPythonApplication rec { }; build-system = [ - python3.pkgs.hatchling + python.pkgs.hatchling ]; - dependencies = with python3.pkgs; [ + dependencies = with python.pkgs; [ aiofiles aiohttp anyio @@ -36,7 +39,7 @@ python3.pkgs.buildPythonApplication rec { uvicorn ]; - optional-dependencies = with python3.pkgs; { + optional-dependencies = with python.pkgs; { test = [ aioresponses pytest @@ -48,6 +51,7 @@ python3.pkgs.buildPythonApplication rec { pythonRemoveDeps = [ "black" + "mcp" ]; pythonImportsCheck = [ diff --git a/pkgs/baibot/default.nix b/pkgs/baibot/default.nix index 19db4e0..0b6c2f4 100644 --- a/pkgs/baibot/default.nix +++ b/pkgs/baibot/default.nix @@ -20,9 +20,11 @@ rustPlatform.buildRustPackage rec { hash = "sha256-Fr1CvFocb/VAYQGykXXZ6CCfvC31bKB/tr1aoA4oIME="; }; - useFetchCargoVendor = true; cargoHash = "sha256-CNEkge585bzUUPMHCSJ1CAH5wx3Wttq9I3A3oqfBzis="; + cargoBuildFlags = "--ignore-rust-version"; + cargoTestFlags = "--ignore-rust-version"; + nativeBuildInputs = [ pkg-config ]; diff --git a/pkgs/fetcher-mcp/default.nix b/pkgs/fetcher-mcp/default.nix index e1a46ad..c2e5d92 100644 --- a/pkgs/fetcher-mcp/default.nix +++ b/pkgs/fetcher-mcp/default.nix @@ -12,11 +12,9 @@ let revision = "1161"; - chromium-headless-shell = - playwright-driver.passthru.components."chromium-headless-shell".overrideAttrs - (old: { - inherit revision; - }); + chromium-headless-shell = playwright-driver.passthru.components."chromium-headless-shell".overrideAttrs (old: { + inherit revision; + }); browsers-headless-only = linkFarm "playwright-browsers-headless-only" [ { diff --git a/pkgs/pass2bw/pass2bw.sh b/pkgs/pass2bw/pass2bw.sh index 887a881..fcb4cd1 100644 --- a/pkgs/pass2bw/pass2bw.sh +++ b/pkgs/pass2bw/pass2bw.sh @@ -1,3 +1,4 @@ +#!/usr/bin/env bash if [ "$#" -ne 2 ]; then echo "Usage: $0 " exit 1 diff --git a/templates/container/.gitignore b/templates/container/.gitignore new file mode 100644 index 0000000..4aa1b38 --- /dev/null +++ b/templates/container/.gitignore @@ -0,0 +1,5 @@ +.direnv/ +.envrc +.pre-commit-config.yaml +result +target diff --git a/templates/container/flake.nix b/templates/container/flake.nix index e6c3b3b..defc821 100644 --- a/templates/container/flake.nix +++ b/templates/container/flake.nix @@ -2,10 +2,10 @@ description = "Container NixOS configurations"; inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11"; synix.url = "git+https://git.sid.ovh/sid/synix.git?ref=release-25.11"; - synix.imputs.nixpkgs.follows = "nixpkgs"; + synix.inputs.nixpkgs.follows = "nixpkgs"; }; outputs = @@ -17,42 +17,62 @@ let inherit (self) outputs; - system = "x86_64-linux"; + systems = [ + "x86_64-linux" + ]; - lib = nixpkgs.lib.extend (final: prev: inputs.synix.lib or { }); - in - { - packages = - let - pkgs = nixpkgs.legacyPackages.${system}; - in - import ./pkgs { inherit pkgs; }; + lib = nixpkgs.lib.extend (_final: _prev: inputs.synix.lib or { }); - overlays = import ./overlays { inherit (self) inputs; }; + inherit (lib.helpers) mkPkgs; - devShells = - let - pkgs = nixpkgs.legacyPackages.${system}; - in - { - default = pkgs.mkShell { - buildInputs = with pkgs; [ - nixos-container - tmux - ]; - }; - }; + forAllSystems = + function: + lib.genAttrs systems ( + system: + function (mkPkgs { + inherit system; + }) + ); - nixosModules = import ./modules; - - nixosConfigurations = { - container = nixpkgs.lib.nixosSystem { - inherit system; - modules = [ ./config ]; + mkNixosConfiguration = + system: modules: + nixpkgs.lib.nixosSystem { + inherit system modules; specialArgs = { inherit inputs outputs lib; }; }; + in + { + packages = forAllSystems (pkgs: import ./pkgs { inherit pkgs; }); + + overlays = import ./overlays { inherit (self) inputs; }; + + devShells = forAllSystems (pkgs: { + default = pkgs.mkShell { + buildInputs = with pkgs; [ + nixos-container + tmux + ]; + }; + }); + + nixosModules = import ./modules; + + nixosConfigurations = { + container = mkNixosConfiguration "x86_64-linux" [ ./config ]; }; + + checks = forAllSystems ( + pkgs: + let + inherit (pkgs.stdenv.hostPlatform) system; + in + { + inherit (inputs.synix.checks.${system}) pre-commit-check build-additions build-modifications; + } + ); + + inherit (inputs.synix) formatter; }; } diff --git a/templates/dev/c-hello/.envrc b/templates/dev/c-hello/.envrc index 3550a30..0f94eed 100644 --- a/templates/dev/c-hello/.envrc +++ b/templates/dev/c-hello/.envrc @@ -1 +1,2 @@ +# shellcheck shell=bash use flake diff --git a/templates/dev/c-hello/.github/workflows/c-nix.yml b/templates/dev/c-hello/.github/workflows/c-nix.yml index 2895662..d392dc6 100644 --- a/templates/dev/c-hello/.github/workflows/c-nix.yml +++ b/templates/dev/c-hello/.github/workflows/c-nix.yml @@ -1,23 +1,20 @@ +--- name: C Nix Pipeline -on: - push: - branches: [ master ] - pull_request: - branches: [ master ] +on: # yamllint disable-line jobs: build-and-test: name: Build and Test runs-on: ubuntu-latest - + steps: - - uses: actions/checkout@v3 - - - name: Set up Nix - uses: cachix/install-nix-action@v18 - with: + - uses: actions/checkout@v3 + + - name: Set up Nix + uses: cachix/install-nix-action@v18 + with: nix_path: nixpkgs=channel:nixos-unstable - - name: Run nix flake check - run: nix flake check + - name: Run nix flake check + run: nix flake check diff --git a/templates/dev/c-hello/build.sh b/templates/dev/c-hello/build.sh index f7f470c..03068ae 100644 --- a/templates/dev/c-hello/build.sh +++ b/templates/dev/c-hello/build.sh @@ -1,2 +1,3 @@ +#!/usr/bin/env bash make clean bear --output build/compile_commands.json -- make all diff --git a/templates/dev/c-hello/flake.nix b/templates/dev/c-hello/flake.nix index 86ce156..6b0f8f0 100644 --- a/templates/dev/c-hello/flake.nix +++ b/templates/dev/c-hello/flake.nix @@ -81,7 +81,7 @@ system: let pkgs = nixpkgs.legacyPackages.${system}; - config = self.checks.${system}.pre-commit-check.config; + inherit (self.checks.${system}.pre-commit-check) config; inherit (config) package configFile; script = '' ${pkgs.lib.getExe package} run --all-files --config ${configFile} diff --git a/templates/dev/esp-blink/.envrc b/templates/dev/esp-blink/.envrc index 3550a30..0f94eed 100644 --- a/templates/dev/esp-blink/.envrc +++ b/templates/dev/esp-blink/.envrc @@ -1 +1,2 @@ +# shellcheck shell=bash use flake diff --git a/templates/dev/esp-blink/flake.nix b/templates/dev/esp-blink/flake.nix index ba3b20e..69783d2 100644 --- a/templates/dev/esp-blink/flake.nix +++ b/templates/dev/esp-blink/flake.nix @@ -56,7 +56,7 @@ pkgs = nixpkgsFor.${system}; in { - default = esp.devShells."${system}".default; + inherit (esp.devShells."${system}") default; } ); @@ -64,7 +64,7 @@ system: let pkgs = nixpkgs.legacyPackages.${system}; - config = self.checks.${system}.pre-commit-check.config; + inherit (self.checks.${system}.pre-commit-check) config; inherit (config) package configFile; script = '' ${pkgs.lib.getExe package} run --all-files --config ${configFile} diff --git a/templates/dev/esp-blink/main/idf_component.yml b/templates/dev/esp-blink/main/idf_component.yml index d57b77d..c9593e2 100644 --- a/templates/dev/esp-blink/main/idf_component.yml +++ b/templates/dev/esp-blink/main/idf_component.yml @@ -1,2 +1,3 @@ +--- dependencies: espressif/led_strip: "^3.0.0" diff --git a/templates/dev/flask-hello/.envrc b/templates/dev/flask-hello/.envrc index 3550a30..0f94eed 100644 --- a/templates/dev/flask-hello/.envrc +++ b/templates/dev/flask-hello/.envrc @@ -1 +1,2 @@ +# shellcheck shell=bash use flake diff --git a/templates/dev/flask-hello/.github/workflows/python-nix.yml b/templates/dev/flask-hello/.github/workflows/python-nix.yml index a51c010..288cb3e 100644 --- a/templates/dev/flask-hello/.github/workflows/python-nix.yml +++ b/templates/dev/flask-hello/.github/workflows/python-nix.yml @@ -1,23 +1,20 @@ +--- name: Python Nix Pipeline -on: - push: - branches: [ master ] - pull_request: - branches: [ master ] +on: # yamllint disable-line jobs: build-and-test: name: Build and Test runs-on: ubuntu-latest - + steps: - - uses: actions/checkout@v3 - - - name: Set up Nix - uses: cachix/install-nix-action@v18 - with: + - uses: actions/checkout@v3 + + - name: Set up Nix + uses: cachix/install-nix-action@v18 + with: nix_path: nixpkgs=channel:nixos-unstable - - name: Run nix flake check - run: nix flake check + - name: Run nix flake check + run: nix flake check diff --git a/templates/dev/flask-hello/flake.nix b/templates/dev/flask-hello/flake.nix index 39a9ce3..94ec78e 100644 --- a/templates/dev/flask-hello/flake.nix +++ b/templates/dev/flask-hello/flake.nix @@ -54,7 +54,7 @@ system: let pkgs = nixpkgs.legacyPackages.${system}; - config = self.checks.${system}.pre-commit-check.config; + inherit (self.checks.${system}.pre-commit-check) config; inherit (config) package configFile; script = '' ${pkgs.lib.getExe package} run --all-files --config ${configFile} diff --git a/templates/dev/flask-hello/nix/module.nix b/templates/dev/flask-hello/nix/module.nix index 46cb9b3..8a16b6c 100644 --- a/templates/dev/flask-hello/nix/module.nix +++ b/templates/dev/flask-hello/nix/module.nix @@ -8,7 +8,7 @@ let cfg = config.services.flask_hello; - domain = config.networking.domain; + inherit (config.networking) domain; fqdn = if (cfg.nginx.subdomain != "") then "${cfg.nginx.subdomain}.${domain}" else domain; python-with-packages = pkgs.python3.withPackages ( @@ -109,7 +109,7 @@ in users.users."${cfg.user}" = { home = "/var/lib/${cfg.user}"; isSystemUser = true; - group = cfg.group; + inherit (cfg) group; }; users.groups."${cfg.group}" = { }; diff --git a/templates/dev/py-hello/.github/workflows/python-nix.yml b/templates/dev/py-hello/.github/workflows/python-nix.yml index a51c010..288cb3e 100644 --- a/templates/dev/py-hello/.github/workflows/python-nix.yml +++ b/templates/dev/py-hello/.github/workflows/python-nix.yml @@ -1,23 +1,20 @@ +--- name: Python Nix Pipeline -on: - push: - branches: [ master ] - pull_request: - branches: [ master ] +on: # yamllint disable-line jobs: build-and-test: name: Build and Test runs-on: ubuntu-latest - + steps: - - uses: actions/checkout@v3 - - - name: Set up Nix - uses: cachix/install-nix-action@v18 - with: + - uses: actions/checkout@v3 + + - name: Set up Nix + uses: cachix/install-nix-action@v18 + with: nix_path: nixpkgs=channel:nixos-unstable - - name: Run nix flake check - run: nix flake check + - name: Run nix flake check + run: nix flake check diff --git a/templates/dev/py-hello/flake.nix b/templates/dev/py-hello/flake.nix index f39af78..9f1d555 100644 --- a/templates/dev/py-hello/flake.nix +++ b/templates/dev/py-hello/flake.nix @@ -105,7 +105,7 @@ system: let pkgs = nixpkgs.legacyPackages.${system}; - config = self.checks.${system}.pre-commit-check.config; + inherit (self.checks.${system}.pre-commit-check) config; inherit (config) package configFile; script = '' ${pkgs.lib.getExe package} run --all-files --config ${configFile} diff --git a/templates/dev/rs-hello/.github/workflows/rust-nix.yml b/templates/dev/rs-hello/.github/workflows/rust-nix.yml index 702e503..5b57559 100644 --- a/templates/dev/rs-hello/.github/workflows/rust-nix.yml +++ b/templates/dev/rs-hello/.github/workflows/rust-nix.yml @@ -1,26 +1,23 @@ +--- name: Rust Nix Pipeline -on: - push: - branches: [ master ] - pull_request: - branches: [ master ] +on: # yamllint disable-line jobs: build-and-test: name: Build and Test runs-on: ubuntu-latest - + steps: - - uses: actions/checkout@v3 - - - name: Set up Nix - uses: cachix/install-nix-action@v18 - with: + - uses: actions/checkout@v3 + + - name: Set up Nix + uses: cachix/install-nix-action@v18 + with: nix_path: nixpkgs=channel:nixos-unstable - - name: Run cargo tests in dev shell - run: nix develop --command bash -c "cargo test" - - - name: Run nix flake check - run: nix flake check + - name: Run cargo tests in dev shell + run: nix develop --command bash -c "cargo test" + + - name: Run nix flake check + run: nix flake check diff --git a/templates/dev/rs-hello/flake.nix b/templates/dev/rs-hello/flake.nix index 390194a..74a88d4 100644 --- a/templates/dev/rs-hello/flake.nix +++ b/templates/dev/rs-hello/flake.nix @@ -76,7 +76,7 @@ system: let pkgs = nixpkgs.legacyPackages.${system}; - config = self.checks.${system}.pre-commit-check.config; + inherit (self.checks.${system}.pre-commit-check) config; inherit (config) package configFile; script = '' ${pkgs.lib.getExe package} run --all-files --config ${configFile} diff --git a/templates/dev/stm32-blink/.envrc b/templates/dev/stm32-blink/.envrc index 3550a30..0f94eed 100644 --- a/templates/dev/stm32-blink/.envrc +++ b/templates/dev/stm32-blink/.envrc @@ -1 +1,2 @@ +# shellcheck shell=bash use flake diff --git a/templates/microvm/.envrc b/templates/microvm/.envrc index 3550a30..0f94eed 100644 --- a/templates/microvm/.envrc +++ b/templates/microvm/.envrc @@ -1 +1,2 @@ +# shellcheck shell=bash use flake diff --git a/templates/microvm/flake.nix b/templates/microvm/flake.nix index c03bdb5..5ba5283 100644 --- a/templates/microvm/flake.nix +++ b/templates/microvm/flake.nix @@ -2,13 +2,13 @@ description = "MicroVM NixOS configurations"; inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11"; microvm.url = "github:microvm-nix/microvm.nix"; microvm.inputs.nixpkgs.follows = "nixpkgs"; synix.url = "git+https://git.sid.ovh/sid/synix.git?ref=release-25.11"; - synix.imputs.nixpkgs.follows = "nixpkgs"; + synix.inputs.nixpkgs.follows = "nixpkgs"; }; outputs = @@ -20,20 +20,22 @@ let inherit (self) outputs; - supportedSystems = [ + systems = [ "x86_64-linux" - "aarch64-linux" ]; - forAllSystems = nixpkgs.lib.genAttrs supportedSystems; + lib = nixpkgs.lib.extend (_final: _prev: inputs.synix.lib or { }); - lib = nixpkgs.lib.extend (final: prev: inputs.synix.lib or { }); + inherit (lib.helpers) mkPkgs; - mkApp = program: description: { - type = "app"; - inherit program; - meta.description = description; - }; + forAllSystems = + function: + lib.genAttrs systems ( + system: + function (mkPkgs { + inherit system; + }) + ); mkNixosConfiguration = system: modules: @@ -43,13 +45,20 @@ inherit inputs outputs lib; }; }; + + mkApp = program: description: { + type = "app"; + inherit program; + meta.description = description; + }; in { apps = forAllSystems ( - system: + pkgs: let - microvm = self.nixosConfigurations."microvm-${system}".config.microvm; - inherit (nixpkgs.lib) getExe; + inherit (pkgs.stdenv.hostPlatform) system; + inherit (self.nixosConfigurations."microvm-${system}".config) microvm; + inherit (pkgs.lib) getExe; in { rebuild = mkApp (getExe microvm.deploy.rebuild) "Rebuild the VM."; @@ -57,34 +66,22 @@ } ); - packages = forAllSystems ( - system: - let - pkgs = nixpkgs.legacyPackages.${system}; - in - import ./pkgs { inherit pkgs; } - ); + packages = forAllSystems (pkgs: import ./pkgs { inherit pkgs; }); overlays = import ./overlays { inherit (self) inputs; }; - devShells = forAllSystems ( - system: - let - pkgs = nixpkgs.legacyPackages.${system}; - in - { - default = pkgs.mkShell { - buildInputs = with pkgs; [ - tmux - ]; - }; - # FIXME: `microvm.deploy.rebuild` does not seem to care about askpass - # shellHook = '' - # export SSH_ASKPASS="pass " - # export SSH_ASKPASS_REQUIRE="force" - # ''; - } - ); + devShells = forAllSystems (pkgs: { + default = pkgs.mkShell { + buildInputs = with pkgs; [ + tmux + ]; + }; + # FIXME: `microvm.deploy.rebuild` does not seem to care about askpass + # shellHook = '' + # export SSH_ASKPASS="pass " + # export SSH_ASKPASS_REQUIRE="force" + # ''; + }); nixosModules = import ./modules; @@ -92,5 +89,17 @@ microvm-x86_64-linux = mkNixosConfiguration "x86_64-linux" [ ./config ]; microvm-aarch64-linux = mkNixosConfiguration "aarch64-linux" [ ./config ]; }; + + checks = forAllSystems ( + pkgs: + let + inherit (pkgs.stdenv.hostPlatform) system; + in + { + inherit (inputs.synix.checks.${system}) pre-commit-check build-additions build-modifications; + } + ); + + inherit (inputs.synix) formatter; }; } diff --git a/templates/nix-configs/hetzner-amd/.gitignore b/templates/nix-configs/hetzner-amd/.gitignore new file mode 100644 index 0000000..4aa1b38 --- /dev/null +++ b/templates/nix-configs/hetzner-amd/.gitignore @@ -0,0 +1,5 @@ +.direnv/ +.envrc +.pre-commit-config.yaml +result +target diff --git a/templates/nix-configs/hetzner-amd/flake.nix b/templates/nix-configs/hetzner-amd/flake.nix index 4840249..c5e7af6 100644 --- a/templates/nix-configs/hetzner-amd/flake.nix +++ b/templates/nix-configs/hetzner-amd/flake.nix @@ -5,10 +5,7 @@ nixpkgs-old-stable.url = "github:nixos/nixpkgs/nixos-25.05"; synix.url = "git+https://git.sid.ovh/sid/synix.git?ref=release-25.11"; - synix.imputs.nixpkgs.follows = "nixpkgs"; - - git-hooks.url = "github:cachix/git-hooks.nix"; - git-hooks.inputs.nixpkgs.follows = "nixpkgs"; + synix.inputs.nixpkgs.follows = "nixpkgs"; }; outputs = @@ -20,14 +17,22 @@ let inherit (self) outputs; - supportedSystems = [ + systems = [ "x86_64-linux" - "aarch64-linux" ]; - forAllSystems = nixpkgs.lib.genAttrs supportedSystems; + lib = nixpkgs.lib.extend (_final: _prev: inputs.synix.lib or { }); - lib = nixpkgs.lib.extend (final: prev: inputs.synix.lib or { }); + inherit (lib.helpers) mkPkgs; + + forAllSystems = + function: + lib.genAttrs systems ( + system: + function (mkPkgs { + inherit system; + }) + ); mkNixosConfiguration = system: modules: @@ -39,7 +44,7 @@ }; in { - packages = forAllSystems (system: import ./pkgs nixpkgs.legacyPackages.${system}); + packages = forAllSystems (pkgs: import ./pkgs { inherit pkgs; }); overlays = import ./overlays { inherit inputs; }; @@ -49,41 +54,26 @@ HOSTNAME = mkNixosConfiguration "x86_64-linux" [ ./hosts/HOSTNAME ]; }; - formatter = forAllSystems ( - system: + devShells = forAllSystems ( + pkgs: let - pkgs = nixpkgs.legacyPackages.${system}; - config = self.checks.${system}.pre-commit-check.config; - inherit (config) package configFile; - script = '' - ${pkgs.lib.getExe package} run --all-files --config ${configFile} - ''; + inherit (pkgs.stdenv.hostPlatform) system; in - pkgs.writeShellScriptBin "pre-commit-run" script + { + default = inputs.synix.devShells.${system}.nix-config; + } ); checks = forAllSystems ( - system: + pkgs: let - pkgs = nixpkgs.legacyPackages.${system}; - flakePkgs = self.packages.${system}; - overlaidPkgs = import nixpkgs { - inherit system; - overlays = [ self.overlays.modifications ]; - }; + inherit (pkgs.stdenv.hostPlatform) system; in { - pre-commit-check = inputs.git-hooks.lib.${system}.run { - src = ./.; - hooks = { - nixfmt.enable = true; - }; - }; - build-packages = pkgs.linkFarm "flake-packages-${system}" flakePkgs; - build-overlays = pkgs.linkFarm "flake-overlays-${system}" { - # package = overlaidPkgs.package; - }; + inherit (inputs.synix.checks.${system}) pre-commit-check build-additions build-modifications; } ); + + inherit (inputs.synix) formatter; }; } diff --git a/templates/nix-configs/hetzner-amd/hosts/HOSTNAME/hardware.nix b/templates/nix-configs/hetzner-amd/hosts/HOSTNAME/hardware.nix index 2bfd7b4..b3536e4 100644 --- a/templates/nix-configs/hetzner-amd/hosts/HOSTNAME/hardware.nix +++ b/templates/nix-configs/hetzner-amd/hosts/HOSTNAME/hardware.nix @@ -11,20 +11,22 @@ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ - "ahci" - "nvme" - "sd_mod" - "sdhci_pci" - "sr_mod" - "usb_storage" - "virtio_pci" - "virtio_scsi" - "xhci_pci" - ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; + boot = { + initrd.availableKernelModules = [ + "ahci" + "nvme" + "sd_mod" + "sdhci_pci" + "sr_mod" + "usb_storage" + "virtio_pci" + "virtio_scsi" + "xhci_pci" + ]; + initrd.kernelModules = [ ]; + kernelModules = [ ]; + extraModulePackages = [ ]; + }; fileSystems."/" = { device = "/dev/disk/by-label/ROOT"; diff --git a/templates/nix-configs/hyprland/.gitignore b/templates/nix-configs/hyprland/.gitignore new file mode 100644 index 0000000..4aa1b38 --- /dev/null +++ b/templates/nix-configs/hyprland/.gitignore @@ -0,0 +1,5 @@ +.direnv/ +.envrc +.pre-commit-config.yaml +result +target diff --git a/templates/nix-configs/hyprland/flake.nix b/templates/nix-configs/hyprland/flake.nix index aedca40..e1714e2 100644 --- a/templates/nix-configs/hyprland/flake.nix +++ b/templates/nix-configs/hyprland/flake.nix @@ -5,7 +5,7 @@ nixpkgs-old-stable.url = "github:nixos/nixpkgs/nixos-25.05"; synix.url = "git+https://git.sid.ovh/sid/synix.git?ref=release-25.11"; - synix.imputs.nixpkgs.follows = "nixpkgs"; + synix.inputs.nixpkgs.follows = "nixpkgs"; home-manager.url = "github:nix-community/home-manager"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; @@ -18,29 +18,33 @@ stylix.url = "github:danth/stylix"; stylix.inputs.nixpkgs.follows = "nixpkgs"; - - git-hooks.url = "github:cachix/git-hooks.nix"; - git-hooks.inputs.nixpkgs.follows = "nixpkgs"; }; outputs = { self, nixpkgs, - home-manager, ... }@inputs: let inherit (self) outputs; - supportedSystems = [ + systems = [ "x86_64-linux" - "aarch64-linux" ]; - forAllSystems = nixpkgs.lib.genAttrs supportedSystems; + lib = nixpkgs.lib.extend (_final: _prev: inputs.synix.lib or { }); - lib = nixpkgs.lib.extend (final: prev: inputs.synix.lib or { }); + inherit (lib.helpers) mkPkgs; + + forAllSystems = + function: + lib.genAttrs systems ( + system: + function (mkPkgs { + inherit system; + }) + ); mkNixosConfiguration = system: modules: @@ -50,76 +54,53 @@ inherit inputs outputs lib; }; }; + + mkHomeConfiguration = + system: modules: + inputs.home-manager.lib.homeManagerConfiguration { + pkgs = mkPkgs { inherit system; }; + modules = [ ./users/USERNAME/home ] ++ modules; + extraSpecialArgs = { + inherit inputs outputs; + }; + }; in { - devShells = forAllSystems ( - system: - let - pkgs = nixpkgs.legacyPackages.${system}; - in - { - default = import ./shell.nix { inherit pkgs; }; - } - ); - - packages = forAllSystems (system: import ./pkgs nixpkgs.legacyPackages.${system}); + packages = forAllSystems (pkgs: import ./pkgs { inherit pkgs; }); overlays = import ./overlays { inherit inputs; }; nixosModules = import ./modules/nixos; + homeModules = import ./modules/home; + + devShells = forAllSystems ( + pkgs: + let + inherit (pkgs.stdenv.hostPlatform) system; + in + { + default = inputs.synix.devShells.${system}.nix-config; + } + ); nixosConfigurations = { HOSTNAME = mkNixosConfiguration "x86_64-linux" [ ./hosts/HOSTNAME ]; }; homeConfigurations = { - "USERNAME@HOSTNAME" = home-manager.lib.homeManagerConfiguration { - pkgs = nixpkgs.legacyPackages.x86_64-linux; # FIXME: Set architecture - extraSpecialArgs = { - inherit inputs outputs; - }; - modules = [ - ./users/USERNAME/home - ./users/USERNAME/home/hosts/HOSTNAME - ]; - }; + "USERNAME@HOSTNAME" = mkHomeConfiguration "x86_64-linux" [ ./users/USERNAME/home/hosts/HOSTNAME ]; }; - formatter = forAllSystems ( - system: - let - pkgs = nixpkgs.legacyPackages.${system}; - config = self.checks.${system}.pre-commit-check.config; - inherit (config) package configFile; - script = '' - ${pkgs.lib.getExe package} run --all-files --config ${configFile} - ''; - in - pkgs.writeShellScriptBin "pre-commit-run" script - ); - checks = forAllSystems ( - system: + pkgs: let - pkgs = nixpkgs.legacyPackages.${system}; - flakePkgs = self.packages.${system}; - overlaidPkgs = import nixpkgs { - inherit system; - overlays = [ self.overlays.modifications ]; - }; + inherit (pkgs.stdenv.hostPlatform) system; in { - pre-commit-check = inputs.git-hooks.lib.${system}.run { - src = ./.; - hooks = { - nixfmt.enable = true; - }; - }; - build-packages = pkgs.linkFarm "flake-packages-${system}" flakePkgs; - build-overlays = pkgs.linkFarm "flake-overlays-${system}" { - # package = overlaidPkgs.package; - }; + inherit (inputs.synix.checks.${system}) pre-commit-check build-additions build-modifications; } ); + + inherit (inputs.synix) formatter; }; } diff --git a/templates/nix-configs/hyprland/hosts/HOSTNAME/hardware.nix b/templates/nix-configs/hyprland/hosts/HOSTNAME/hardware.nix index 2bfd7b4..b3536e4 100644 --- a/templates/nix-configs/hyprland/hosts/HOSTNAME/hardware.nix +++ b/templates/nix-configs/hyprland/hosts/HOSTNAME/hardware.nix @@ -11,20 +11,22 @@ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ - "ahci" - "nvme" - "sd_mod" - "sdhci_pci" - "sr_mod" - "usb_storage" - "virtio_pci" - "virtio_scsi" - "xhci_pci" - ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; + boot = { + initrd.availableKernelModules = [ + "ahci" + "nvme" + "sd_mod" + "sdhci_pci" + "sr_mod" + "usb_storage" + "virtio_pci" + "virtio_scsi" + "xhci_pci" + ]; + initrd.kernelModules = [ ]; + kernelModules = [ ]; + extraModulePackages = [ ]; + }; fileSystems."/" = { device = "/dev/disk/by-label/ROOT"; diff --git a/templates/nix-configs/hyprland/shell.nix b/templates/nix-configs/hyprland/shell.nix deleted file mode 100644 index a33eea0..0000000 --- a/templates/nix-configs/hyprland/shell.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ - pkgs ? import { }, - ... -}: - -pkgs.mkShell { - NIX_CONFIG = "extra-experimental-features = nix-command flakes"; - nativeBuildInputs = with pkgs; [ home-manager ]; -} diff --git a/templates/nix-configs/hyprland/users/USERNAME/home/default.nix b/templates/nix-configs/hyprland/users/USERNAME/home/default.nix index 16fe6f8..43714be 100644 --- a/templates/nix-configs/hyprland/users/USERNAME/home/default.nix +++ b/templates/nix-configs/hyprland/users/USERNAME/home/default.nix @@ -19,6 +19,4 @@ }; programs.nixvim.enable = true; - - home.stateVersion = "25.11"; } diff --git a/templates/nix-configs/hyprland/users/USERNAME/home/hosts/HOSTNAME/default.nix b/templates/nix-configs/hyprland/users/USERNAME/home/hosts/HOSTNAME/default.nix index bca6d0f..cfdf13f 100644 --- a/templates/nix-configs/hyprland/users/USERNAME/home/hosts/HOSTNAME/default.nix +++ b/templates/nix-configs/hyprland/users/USERNAME/home/hosts/HOSTNAME/default.nix @@ -1 +1,5 @@ -{ imports = [ ../../hyprland ]; } +{ + imports = [ ../../hyprland ]; + + home.stateVersion = "25.11"; +} diff --git a/templates/nix-configs/pi4/.gitignore b/templates/nix-configs/pi4/.gitignore new file mode 100644 index 0000000..4aa1b38 --- /dev/null +++ b/templates/nix-configs/pi4/.gitignore @@ -0,0 +1,5 @@ +.direnv/ +.envrc +.pre-commit-config.yaml +result +target diff --git a/templates/nix-configs/pi4/flake.nix b/templates/nix-configs/pi4/flake.nix index 4840249..40391f6 100644 --- a/templates/nix-configs/pi4/flake.nix +++ b/templates/nix-configs/pi4/flake.nix @@ -5,10 +5,7 @@ nixpkgs-old-stable.url = "github:nixos/nixpkgs/nixos-25.05"; synix.url = "git+https://git.sid.ovh/sid/synix.git?ref=release-25.11"; - synix.imputs.nixpkgs.follows = "nixpkgs"; - - git-hooks.url = "github:cachix/git-hooks.nix"; - git-hooks.inputs.nixpkgs.follows = "nixpkgs"; + synix.inputs.nixpkgs.follows = "nixpkgs"; }; outputs = @@ -20,14 +17,22 @@ let inherit (self) outputs; - supportedSystems = [ - "x86_64-linux" + systems = [ "aarch64-linux" ]; - forAllSystems = nixpkgs.lib.genAttrs supportedSystems; + lib = nixpkgs.lib.extend (_final: _prev: inputs.synix.lib or { }); - lib = nixpkgs.lib.extend (final: prev: inputs.synix.lib or { }); + inherit (lib.helpers) mkPkgs; + + forAllSystems = + function: + lib.genAttrs systems ( + system: + function (mkPkgs { + inherit system; + }) + ); mkNixosConfiguration = system: modules: @@ -39,51 +44,37 @@ }; in { - packages = forAllSystems (system: import ./pkgs nixpkgs.legacyPackages.${system}); + packages = forAllSystems (pkgs: import ./pkgs { inherit pkgs; }); overlays = import ./overlays { inherit inputs; }; nixosModules = import ./modules/nixos; + homeModules = import ./modules/home; - nixosConfigurations = { - HOSTNAME = mkNixosConfiguration "x86_64-linux" [ ./hosts/HOSTNAME ]; - }; - - formatter = forAllSystems ( - system: + devShells = forAllSystems ( + pkgs: let - pkgs = nixpkgs.legacyPackages.${system}; - config = self.checks.${system}.pre-commit-check.config; - inherit (config) package configFile; - script = '' - ${pkgs.lib.getExe package} run --all-files --config ${configFile} - ''; - in - pkgs.writeShellScriptBin "pre-commit-run" script - ); - - checks = forAllSystems ( - system: - let - pkgs = nixpkgs.legacyPackages.${system}; - flakePkgs = self.packages.${system}; - overlaidPkgs = import nixpkgs { - inherit system; - overlays = [ self.overlays.modifications ]; - }; + inherit (pkgs.stdenv.hostPlatform) system; in { - pre-commit-check = inputs.git-hooks.lib.${system}.run { - src = ./.; - hooks = { - nixfmt.enable = true; - }; - }; - build-packages = pkgs.linkFarm "flake-packages-${system}" flakePkgs; - build-overlays = pkgs.linkFarm "flake-overlays-${system}" { - # package = overlaidPkgs.package; - }; + default = inputs.synix.devShells.${system}.nix-config; } ); + + nixosConfigurations = { + HOSTNAME = mkNixosConfiguration "aarch64-linux" [ ./hosts/HOSTNAME ]; + }; + + checks = forAllSystems ( + pkgs: + let + inherit (pkgs.stdenv.hostPlatform) system; + in + { + inherit (inputs.synix.checks.${system}) pre-commit-check build-additions build-modifications; + } + ); + + inherit (inputs.synix) formatter; }; } diff --git a/templates/nix-configs/server/.gitignore b/templates/nix-configs/server/.gitignore new file mode 100644 index 0000000..4aa1b38 --- /dev/null +++ b/templates/nix-configs/server/.gitignore @@ -0,0 +1,5 @@ +.direnv/ +.envrc +.pre-commit-config.yaml +result +target diff --git a/templates/nix-configs/server/flake.nix b/templates/nix-configs/server/flake.nix index 4840249..f5c0ba8 100644 --- a/templates/nix-configs/server/flake.nix +++ b/templates/nix-configs/server/flake.nix @@ -5,10 +5,7 @@ nixpkgs-old-stable.url = "github:nixos/nixpkgs/nixos-25.05"; synix.url = "git+https://git.sid.ovh/sid/synix.git?ref=release-25.11"; - synix.imputs.nixpkgs.follows = "nixpkgs"; - - git-hooks.url = "github:cachix/git-hooks.nix"; - git-hooks.inputs.nixpkgs.follows = "nixpkgs"; + synix.inputs.nixpkgs.follows = "nixpkgs"; }; outputs = @@ -20,14 +17,22 @@ let inherit (self) outputs; - supportedSystems = [ + systems = [ "x86_64-linux" - "aarch64-linux" ]; - forAllSystems = nixpkgs.lib.genAttrs supportedSystems; + lib = nixpkgs.lib.extend (_final: _prev: inputs.synix.lib or { }); - lib = nixpkgs.lib.extend (final: prev: inputs.synix.lib or { }); + inherit (lib.helpers) mkPkgs; + + forAllSystems = + function: + lib.genAttrs systems ( + system: + function (mkPkgs { + inherit system; + }) + ); mkNixosConfiguration = system: modules: @@ -39,51 +44,37 @@ }; in { - packages = forAllSystems (system: import ./pkgs nixpkgs.legacyPackages.${system}); + packages = forAllSystems (pkgs: import ./pkgs { inherit pkgs; }); overlays = import ./overlays { inherit inputs; }; nixosModules = import ./modules/nixos; + homeModules = import ./modules/home; + + devShells = forAllSystems ( + pkgs: + let + inherit (pkgs.stdenv.hostPlatform) system; + in + { + default = inputs.synix.devShells.${system}.nix-config; + } + ); nixosConfigurations = { HOSTNAME = mkNixosConfiguration "x86_64-linux" [ ./hosts/HOSTNAME ]; }; - formatter = forAllSystems ( - system: - let - pkgs = nixpkgs.legacyPackages.${system}; - config = self.checks.${system}.pre-commit-check.config; - inherit (config) package configFile; - script = '' - ${pkgs.lib.getExe package} run --all-files --config ${configFile} - ''; - in - pkgs.writeShellScriptBin "pre-commit-run" script - ); - checks = forAllSystems ( - system: + pkgs: let - pkgs = nixpkgs.legacyPackages.${system}; - flakePkgs = self.packages.${system}; - overlaidPkgs = import nixpkgs { - inherit system; - overlays = [ self.overlays.modifications ]; - }; + inherit (pkgs.stdenv.hostPlatform) system; in { - pre-commit-check = inputs.git-hooks.lib.${system}.run { - src = ./.; - hooks = { - nixfmt.enable = true; - }; - }; - build-packages = pkgs.linkFarm "flake-packages-${system}" flakePkgs; - build-overlays = pkgs.linkFarm "flake-overlays-${system}" { - # package = overlaidPkgs.package; - }; + inherit (inputs.synix.checks.${system}) pre-commit-check build-additions build-modifications; } ); + + inherit (inputs.synix) formatter; }; } diff --git a/templates/nix-configs/server/hosts/HOSTNAME/hardware.nix b/templates/nix-configs/server/hosts/HOSTNAME/hardware.nix index 2bfd7b4..b3536e4 100644 --- a/templates/nix-configs/server/hosts/HOSTNAME/hardware.nix +++ b/templates/nix-configs/server/hosts/HOSTNAME/hardware.nix @@ -11,20 +11,22 @@ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ - "ahci" - "nvme" - "sd_mod" - "sdhci_pci" - "sr_mod" - "usb_storage" - "virtio_pci" - "virtio_scsi" - "xhci_pci" - ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; + boot = { + initrd.availableKernelModules = [ + "ahci" + "nvme" + "sd_mod" + "sdhci_pci" + "sr_mod" + "usb_storage" + "virtio_pci" + "virtio_scsi" + "xhci_pci" + ]; + initrd.kernelModules = [ ]; + kernelModules = [ ]; + extraModulePackages = [ ]; + }; fileSystems."/" = { device = "/dev/disk/by-label/ROOT"; diff --git a/templates/nix-configs/vm-uefi/.gitignore b/templates/nix-configs/vm-uefi/.gitignore new file mode 100644 index 0000000..4aa1b38 --- /dev/null +++ b/templates/nix-configs/vm-uefi/.gitignore @@ -0,0 +1,5 @@ +.direnv/ +.envrc +.pre-commit-config.yaml +result +target diff --git a/templates/nix-configs/vm-uefi/flake.nix b/templates/nix-configs/vm-uefi/flake.nix index 4840249..c5e7af6 100644 --- a/templates/nix-configs/vm-uefi/flake.nix +++ b/templates/nix-configs/vm-uefi/flake.nix @@ -5,10 +5,7 @@ nixpkgs-old-stable.url = "github:nixos/nixpkgs/nixos-25.05"; synix.url = "git+https://git.sid.ovh/sid/synix.git?ref=release-25.11"; - synix.imputs.nixpkgs.follows = "nixpkgs"; - - git-hooks.url = "github:cachix/git-hooks.nix"; - git-hooks.inputs.nixpkgs.follows = "nixpkgs"; + synix.inputs.nixpkgs.follows = "nixpkgs"; }; outputs = @@ -20,14 +17,22 @@ let inherit (self) outputs; - supportedSystems = [ + systems = [ "x86_64-linux" - "aarch64-linux" ]; - forAllSystems = nixpkgs.lib.genAttrs supportedSystems; + lib = nixpkgs.lib.extend (_final: _prev: inputs.synix.lib or { }); - lib = nixpkgs.lib.extend (final: prev: inputs.synix.lib or { }); + inherit (lib.helpers) mkPkgs; + + forAllSystems = + function: + lib.genAttrs systems ( + system: + function (mkPkgs { + inherit system; + }) + ); mkNixosConfiguration = system: modules: @@ -39,7 +44,7 @@ }; in { - packages = forAllSystems (system: import ./pkgs nixpkgs.legacyPackages.${system}); + packages = forAllSystems (pkgs: import ./pkgs { inherit pkgs; }); overlays = import ./overlays { inherit inputs; }; @@ -49,41 +54,26 @@ HOSTNAME = mkNixosConfiguration "x86_64-linux" [ ./hosts/HOSTNAME ]; }; - formatter = forAllSystems ( - system: + devShells = forAllSystems ( + pkgs: let - pkgs = nixpkgs.legacyPackages.${system}; - config = self.checks.${system}.pre-commit-check.config; - inherit (config) package configFile; - script = '' - ${pkgs.lib.getExe package} run --all-files --config ${configFile} - ''; + inherit (pkgs.stdenv.hostPlatform) system; in - pkgs.writeShellScriptBin "pre-commit-run" script + { + default = inputs.synix.devShells.${system}.nix-config; + } ); checks = forAllSystems ( - system: + pkgs: let - pkgs = nixpkgs.legacyPackages.${system}; - flakePkgs = self.packages.${system}; - overlaidPkgs = import nixpkgs { - inherit system; - overlays = [ self.overlays.modifications ]; - }; + inherit (pkgs.stdenv.hostPlatform) system; in { - pre-commit-check = inputs.git-hooks.lib.${system}.run { - src = ./.; - hooks = { - nixfmt.enable = true; - }; - }; - build-packages = pkgs.linkFarm "flake-packages-${system}" flakePkgs; - build-overlays = pkgs.linkFarm "flake-overlays-${system}" { - # package = overlaidPkgs.package; - }; + inherit (inputs.synix.checks.${system}) pre-commit-check build-additions build-modifications; } ); + + inherit (inputs.synix) formatter; }; } diff --git a/templates/nix-configs/vm-uefi/hosts/HOSTNAME/hardware.nix b/templates/nix-configs/vm-uefi/hosts/HOSTNAME/hardware.nix index 3a61ae9..006df71 100644 --- a/templates/nix-configs/vm-uefi/hosts/HOSTNAME/hardware.nix +++ b/templates/nix-configs/vm-uefi/hosts/HOSTNAME/hardware.nix @@ -10,13 +10,15 @@ { imports = [ inputs.synix.nixosModules.device.vm ]; - boot.initrd.availableKernelModules = [ - "sd_mod" - "sr_mod" - ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; + boot = { + initrd.availableKernelModules = [ + "sd_mod" + "sr_mod" + ]; + initrd.kernelModules = [ ]; + kernelModules = [ ]; + extraModulePackages = [ ]; + }; fileSystems."/" = { device = "/dev/disk/by-label/ROOT"; diff --git a/tests/build/hm-hyprland/default.nix b/tests/build/hm-hyprland/default.nix index 083c68f..aed7d85 100644 --- a/tests/build/hm-hyprland/default.nix +++ b/tests/build/hm-hyprland/default.nix @@ -7,10 +7,10 @@ { imports = [ - inputs.synix.homeModules.common - inputs.synix.homeModules.hyprland - inputs.synix.homeModules.nixvim - inputs.synix.homeModules.stylix + outputs.homeModules.common + outputs.homeModules.hyprland + outputs.homeModules.nixvim + outputs.homeModules.stylix ]; home.username = "test-user"; @@ -22,9 +22,11 @@ autostart = true; }; - stylix.enable = true; - stylix.scheme = "generate-from-image"; - stylix.image = ./wallpaper.png; + stylix = { + enable = true; + scheme = "generate-from-image"; + image = ./wallpaper.png; + }; home.stateVersion = "25.11"; } diff --git a/tests/build/nixos-hyprland/default.nix b/tests/build/nixos-hyprland/default.nix index 6191e8e..3e9999e 100644 --- a/tests/build/nixos-hyprland/default.nix +++ b/tests/build/nixos-hyprland/default.nix @@ -1,5 +1,4 @@ { - inputs, outputs, ... }: @@ -11,9 +10,9 @@ ./networking.nix ./users.nix - inputs.synix.nixosModules.common - inputs.synix.nixosModules.device.laptop - inputs.synix.nixosModules.hyprland + outputs.nixosModules.common + outputs.nixosModules.device.laptop + outputs.nixosModules.hyprland ]; system.stateVersion = "25.11"; diff --git a/tests/build/nixos-hyprland/hardware.nix b/tests/build/nixos-hyprland/hardware.nix index 2bfd7b4..b3536e4 100644 --- a/tests/build/nixos-hyprland/hardware.nix +++ b/tests/build/nixos-hyprland/hardware.nix @@ -11,20 +11,22 @@ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ - "ahci" - "nvme" - "sd_mod" - "sdhci_pci" - "sr_mod" - "usb_storage" - "virtio_pci" - "virtio_scsi" - "xhci_pci" - ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; + boot = { + initrd.availableKernelModules = [ + "ahci" + "nvme" + "sd_mod" + "sdhci_pci" + "sr_mod" + "usb_storage" + "virtio_pci" + "virtio_scsi" + "xhci_pci" + ]; + initrd.kernelModules = [ ]; + kernelModules = [ ]; + extraModulePackages = [ ]; + }; fileSystems."/" = { device = "/dev/disk/by-label/ROOT"; diff --git a/tests/build/nixos-hyprland/users.nix b/tests/build/nixos-hyprland/users.nix index cf7c655..b7c46be 100644 --- a/tests/build/nixos-hyprland/users.nix +++ b/tests/build/nixos-hyprland/users.nix @@ -1,8 +1,8 @@ -{ inputs, ... }: +{ outputs, ... }: { imports = [ - inputs.synix.nixosModules.normalUsers + outputs.nixosModules.normalUsers ]; normalUsers.test-user = { diff --git a/tests/build/nixos-server/default.nix b/tests/build/nixos-server/default.nix index d7fb543..df06bb9 100644 --- a/tests/build/nixos-server/default.nix +++ b/tests/build/nixos-server/default.nix @@ -1,5 +1,4 @@ { - inputs, outputs, ... }: @@ -12,8 +11,8 @@ ./services ./users.nix - inputs.synix.nixosModules.common - inputs.synix.nixosModules.device.server + outputs.nixosModules.common + outputs.nixosModules.device.server ]; system.stateVersion = "25.11"; diff --git a/tests/build/nixos-server/hardware.nix b/tests/build/nixos-server/hardware.nix index 2bfd7b4..b3536e4 100644 --- a/tests/build/nixos-server/hardware.nix +++ b/tests/build/nixos-server/hardware.nix @@ -11,20 +11,22 @@ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ - "ahci" - "nvme" - "sd_mod" - "sdhci_pci" - "sr_mod" - "usb_storage" - "virtio_pci" - "virtio_scsi" - "xhci_pci" - ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; + boot = { + initrd.availableKernelModules = [ + "ahci" + "nvme" + "sd_mod" + "sdhci_pci" + "sr_mod" + "usb_storage" + "virtio_pci" + "virtio_scsi" + "xhci_pci" + ]; + initrd.kernelModules = [ ]; + kernelModules = [ ]; + extraModulePackages = [ ]; + }; fileSystems."/" = { device = "/dev/disk/by-label/ROOT"; diff --git a/tests/build/nixos-server/services/nginx.nix b/tests/build/nixos-server/services/nginx.nix index 04a2482..00734e5 100644 --- a/tests/build/nixos-server/services/nginx.nix +++ b/tests/build/nixos-server/services/nginx.nix @@ -1,10 +1,10 @@ { - inputs, + outputs, ... }: { - imports = [ inputs.synix.nixosModules.nginx ]; + imports = [ outputs.nixosModules.nginx ]; services.nginx = { enable = true; diff --git a/tests/build/nixos-server/services/openssh.nix b/tests/build/nixos-server/services/openssh.nix index b851d18..f71c084 100644 --- a/tests/build/nixos-server/services/openssh.nix +++ b/tests/build/nixos-server/services/openssh.nix @@ -1,11 +1,11 @@ { - inputs, + outputs, ... }: { imports = [ - inputs.synix.nixosModules.openssh + outputs.nixosModules.openssh ]; services.openssh.enable = true; diff --git a/tests/build/nixos-server/users.nix b/tests/build/nixos-server/users.nix index cf7c655..b7c46be 100644 --- a/tests/build/nixos-server/users.nix +++ b/tests/build/nixos-server/users.nix @@ -1,8 +1,8 @@ -{ inputs, ... }: +{ outputs, ... }: { imports = [ - inputs.synix.nixosModules.normalUsers + outputs.nixosModules.normalUsers ]; normalUsers.test-user = { diff --git a/tests/run/synapse.nix b/tests/run/synapse.nix index 3a5774a..7d7e328 100644 --- a/tests/run/synapse.nix +++ b/tests/run/synapse.nix @@ -27,45 +27,48 @@ ]; config = { - services.matrix-synapse = { - enable = true; - coturn.enable = true; - settings = { - registration_shared_secret = "secret"; - turn_shared_secret = "turn-secret"; + services = { + matrix-synapse = { + enable = true; + coturn.enable = true; + settings = { + registration_shared_secret = "secret"; + turn_shared_secret = "turn-secret"; + }; + }; + + coturn = { + enable = true; + no-tls = true; + static-auth-secret = "turn-secret"; + }; + + maubot = { + enable = true; + extraConfigFile = builtins.toString ( + pkgs.writeText "maubot-extra" '' + homeservers: + ${cfg.settings.server_name}: + url: http://127.0.0.1:${builtins.toString cfg.port} + secret: ${cfg.settings.registration_shared_secret} + admins: + alice: password + '' + ); + }; + + livekit.keyFile = keyFile; + lk-jwt-service.keyFile = keyFile; + + nginx.enable = true; + nginx.virtualHosts."example.com" = { + forceSSL = lib.mkForce false; + enableACME = lib.mkForce false; }; }; - services.coturn = { - enable = true; - no-tls = true; - static-auth-secret = "turn-secret"; - }; - - services.maubot = { - enable = true; - extraConfigFile = builtins.toString ( - pkgs.writeText "maubot-extra" '' - homeservers: - ${cfg.settings.server_name}: - url: http://127.0.0.1:${builtins.toString cfg.port} - secret: ${cfg.settings.registration_shared_secret} - admins: - alice: password - '' - ); - }; - - services.livekit.keyFile = keyFile; - services.lk-jwt-service.keyFile = keyFile; - - services.nginx.enable = true; networking.domain = "example.com"; networking.firewall.enable = false; # simplify networking for test - - # Override SSL/ACME requirements for test - services.nginx.virtualHosts."example.com".forceSSL = lib.mkForce false; - services.nginx.virtualHosts."example.com".enableACME = lib.mkForce false; }; };