From 70e3cb76ca56098d11b233c8422ba59d0c047ae1 Mon Sep 17 00:00:00 2001 From: patchoulish Date: Mon, 29 Dec 2025 16:11:18 -0500 Subject: [PATCH 1/8] Update .editorconfig --- .editorconfig | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.editorconfig b/.editorconfig index 8bd2cd1..cc4b52b 100644 --- a/.editorconfig +++ b/.editorconfig @@ -19,3 +19,7 @@ trim_trailing_whitespace = unset [*.{yml,yaml}] indent_style = space indent_size = 2 + +[*.{nix}] +indent_style = space +indent_size = 2 From 7d87f5e17120dd356ec1dfa1361d5ef086147b85 Mon Sep 17 00:00:00 2001 From: patchoulish Date: Mon, 29 Dec 2025 16:12:50 -0500 Subject: [PATCH 2/8] Add format and format-check recipes to justfile --- justfile | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/justfile b/justfile index 8bd5877..fc1f845 100644 --- a/justfile +++ b/justfile @@ -57,6 +57,16 @@ update-secret-keys: update: nix flake update +# Format the repository. +[group('util')] +format: + treefmt + +# Check the formatting for the repository. +[group('util')] +format-check: + treefmt --fail-on-change --no-cache + # Collect garbage and optimize the Nix store. [group('util')] clean: From 086a37587ef1e8e078e18e3f8f1f5e4487583557 Mon Sep 17 00:00:00 2001 From: patchoulish Date: Mon, 29 Dec 2025 16:13:20 -0500 Subject: [PATCH 3/8] Add treefmt configuration --- treefmt.toml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 treefmt.toml diff --git a/treefmt.toml b/treefmt.toml new file mode 100644 index 0000000..71060bf --- /dev/null +++ b/treefmt.toml @@ -0,0 +1,16 @@ +[formatter.markdown] +command = "mdformat" +includes = ["*.md"] + +[formatter.nix] +command = "nixfmt" +includes = ["*.nix"] + +[formatter.toml] +command = "toml-sort" +includes = ["*.toml"] +options = ["-i"] + +[formatter.yaml] +command = "yamlfmt" +includes = ["*.yaml", "*.yml"] From dcfc92db1d9a72a8aa9e098bc6a9277909fb664b Mon Sep 17 00:00:00 2001 From: patchoulish Date: Mon, 29 Dec 2025 16:14:29 -0500 Subject: [PATCH 4/8] Add (unflaked) development shell --- shell.nix | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 shell.nix diff --git a/shell.nix b/shell.nix new file mode 100644 index 0000000..074b552 --- /dev/null +++ b/shell.nix @@ -0,0 +1,43 @@ +{ + pkgs ? import { }, +}: +pkgs.mkShell { + name = "flake-dev"; + + packages = with pkgs; [ + # For development. + nix-output-monitor + nvd + age + sops + + # For source control. + git + + # For command recipes. + just + + # For pre-commit hooks. + pre-commit + + # For formatting. + treefmt + nixfmt-rfc-style + toml-sort + yamlfmt + mdformat + ]; + + shellHook = '' + echo "Setting up Git hooks..." + if [ -f .git/hooks/pre-commit ]; then + echo "Git hooks already installed." + else + pre-commit install + echo "Git hooks installed." + fi + echo "" + echo "Welcome to the flake development shell." + echo "Run 'just' to see available recipes." + ''; +} From 285b2796d10bf2e49b5ded81362256b18543a185 Mon Sep 17 00:00:00 2001 From: patchoulish Date: Mon, 29 Dec 2025 16:15:53 -0500 Subject: [PATCH 5/8] Add GitHub CI workflow --- .github/workflows/ci.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 .github/workflows/ci.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..933ba5d --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,18 @@ +name: CI +on: + - pull_request + - push + - workflow_dispatch +jobs: + lint: + name: Lint + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v6 + - name: Install Nix + uses: cachix/install-nix-action@v31 + with: + nix_path: nixpkgs=channel:nixos-unstable + - name: Check formatting + run: nix-shell --run 'just format-check' From 5157519c2645e1e1c65af2362813075f8f153163 Mon Sep 17 00:00:00 2001 From: patchoulish Date: Mon, 29 Dec 2025 16:16:14 -0500 Subject: [PATCH 6/8] Add pre-commit configuration --- .pre-commit-config.yaml | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 .pre-commit-config.yaml diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..b2f832c --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,10 @@ +repos: + - repo: local + hooks: + - id: format + name: Enforce code formatting (just format) + entry: just format + language: system + pass_filenames: false + always_run: true + stages: [pre-commit] From 4d35cd78c9af735d2f452266a96154bfba891296 Mon Sep 17 00:00:00 2001 From: patchoulish Date: Mon, 29 Dec 2025 16:18:21 -0500 Subject: [PATCH 7/8] Fix formatting --- .github/dependabot.yml | 1 - .github/workflows/gitleaks.yml | 4 +- .github/workflows/maintenance.yml | 4 +- .sops.yaml | 33 ++- README.md | 52 +++-- flake.nix | 100 ++++---- home/default.nix | 16 +- home/fonts.nix | 47 ++-- home/packages.nix | 28 +-- home/programs/bash/default.nix | 8 +- home/programs/chromium/default.nix | 36 +-- home/programs/default.nix | 44 ++-- home/programs/dotnet/default.nix | 119 +++++----- home/programs/fish/default.nix | 8 +- home/programs/gh/default.nix | 42 ++-- home/programs/git/default.nix | 96 ++++---- home/programs/home-manager/default.nix | 8 +- home/programs/hyfetch/default.nix | 32 +-- home/programs/kitty/default.nix | 30 +-- home/programs/obsidian/default.nix | 8 +- home/programs/starship/default.nix | 66 +++--- home/programs/vicinae/default.nix | 10 +- home/programs/vscode/default.nix | 6 +- home/wayland/default.nix | 6 +- modules/darwin/default.nix | 16 +- modules/darwin/networking/default.nix | 14 +- modules/darwin/nix.nix | 18 +- modules/darwin/services/default.nix | 8 +- modules/darwin/services/openssh/default.nix | 26 +-- modules/darwin/services/tailscale/default.nix | 8 +- modules/darwin/users.nix | 30 +-- modules/nixos/boot.nix | 40 ++-- modules/nixos/default.nix | 18 +- modules/nixos/networking/default.nix | 10 +- modules/nixos/networking/dns.nix | 62 ++--- modules/nixos/networking/firewall.nix | 20 +- modules/nixos/networking/vpn.nix | 149 ++++++------ modules/nixos/programs/chromium/default.nix | 12 +- modules/nixos/programs/default.nix | 8 +- modules/nixos/programs/hyprland/default.nix | 6 +- modules/nixos/services/chrony/default.nix | 63 +++--- .../nixos/services/ddns-updater/default.nix | 123 +++++----- modules/nixos/services/default.nix | 16 +- modules/nixos/services/fail2ban/default.nix | 8 +- modules/nixos/services/minecraft/default.nix | 84 +++---- modules/nixos/services/nebula/default.nix | 143 ++++++------ modules/nixos/services/openssh/default.nix | 24 +- modules/nixos/users.nix | 48 ++-- modules/shared/default.nix | 18 +- modules/shared/fonts.nix | 34 +-- modules/shared/home-manager.nix | 45 ++-- modules/shared/nix.nix | 69 +++--- modules/shared/nixpkgs.nix | 12 +- modules/shared/programs/default.nix | 6 +- modules/shared/programs/fish/default.nix | 10 +- modules/shared/secrets.nix | 16 +- modules/shared/stylix.nix | 41 ++-- modules/wsl/default.nix | 48 ++-- modules/wsl/networking/default.nix | 6 +- modules/wsl/networking/firewall.nix | 8 +- secrets.yaml | 118 +++++----- secrets/patchbox.yaml | 46 ++-- secrets/patchcloud.yaml | 46 ++-- secrets/patchshell.yaml | 46 ++-- systems/default.nix | 183 +++++++-------- systems/patchberry/default.nix | 6 +- systems/patchberry/networking.nix | 8 +- systems/patchbox/default.nix | 213 +++++++++--------- systems/patchbox/hardware.nix | 116 +++++----- systems/patchbox/networking.nix | 18 +- systems/patchcloud/default.nix | 44 ++-- systems/patchcloud/disk.nix | 110 ++++----- systems/patchcloud/hardware.nix | 66 +++--- systems/patchcloud/networking.nix | 8 +- systems/patchmini/default.nix | 6 +- systems/patchmini/networking.nix | 16 +- systems/patchshell/default.nix | 28 +-- systems/patchshell/networking.nix | 8 +- systems/patchshell/wsl.nix | 16 +- 79 files changed, 1631 insertions(+), 1542 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 27f4a0a..8ac6b8c 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,5 +1,4 @@ version: 2 - updates: - package-ecosystem: "github-actions" directory: "/" diff --git a/.github/workflows/gitleaks.yml b/.github/workflows/gitleaks.yml index 6c4db58..8a7f50e 100644 --- a/.github/workflows/gitleaks.yml +++ b/.github/workflows/gitleaks.yml @@ -1,12 +1,10 @@ name: Gitleaks - on: pull_request: push: workflow_dispatch: schedule: - - cron: "0 0 * * *" # Every day at 12:00 AM - + - cron: "0 0 * * *" # Every day at 12:00 AM jobs: scan: name: Scan diff --git a/.github/workflows/maintenance.yml b/.github/workflows/maintenance.yml index b147e1d..ecf6cc7 100644 --- a/.github/workflows/maintenance.yml +++ b/.github/workflows/maintenance.yml @@ -1,10 +1,8 @@ name: "Maintenance" - on: workflow_dispatch: schedule: - - cron: "0 0 * * FRI" # Every Friday at 12:00 AM - + - cron: "0 0 * * FRI" # Every Friday at 12:00 AM jobs: update-pinned-inputs: name: "Update pinned flake inputs" diff --git a/.sops.yaml b/.sops.yaml index a360c2c..dde9c49 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -5,29 +5,28 @@ keys: - &system_patchcloud age1275h9hxrg7a0j93nnv50zj6wtzxnkf5238p5f5xfv4q4ju0gn4jq884tqh - &system_patchmini age1k3yjaw2qjs9y4a3t6z3q93hlj3qnw436wvvxnu9sq0x4y53gd3fq8gl534 - &system_patchshell age168844yw9thh0n3g9g892su0p6fef76w2y3pdgsm247mvwxzza48qnlnzue - creation_rules: - path_regex: secrets\.yaml key_groups: - - age: - - *patchouli - - *system_patchberry - - *system_patchbox - - *system_patchcloud - - *system_patchmini - - *system_patchshell + - age: + - *patchouli + - *system_patchberry + - *system_patchbox + - *system_patchcloud + - *system_patchmini + - *system_patchshell - path_regex: secrets\/patchbox\.yaml key_groups: - - age: - - *patchouli - - *system_patchbox + - age: + - *patchouli + - *system_patchbox - path_regex: secrets\/patchcloud\.yaml key_groups: - - age: - - *patchouli - - *system_patchcloud + - age: + - *patchouli + - *system_patchcloud - path_regex: secrets\/patchshell\.yaml key_groups: - - age: - - *patchouli - - *system_patchshell + - age: + - *patchouli + - *system_patchshell diff --git a/README.md b/README.md index 8517917..1856c49 100644 --- a/README.md +++ b/README.md @@ -6,78 +6,94 @@ -  +  :construction: Declarative system configurations for my NixOS, macOS (Darwin), and Windows (WSL) machines. :construction: - ## Systems + The following systems are managed via this flake: -| Host | OS | Arch | Description | +| Host | OS | Arch | Description | |------------|----------------|---------|--------------------------------------------------------------| -| patchberry | NixOS | aarch64 | An ancient Raspberry Pi Model B. | -| patchbox | NixOS | x86_64 | A personal server for myself and friends. | -| patchcloud | NixOS (VM) | x86_64 | A VPS for tailscale egress/ingress, reverse-DNS, etc. | -| patchmini | macOS (Darwin) | aarch64 | A spare M1 Mac Mini I have lying around to tinker with. | -| patchshell | Windows (WSL) | x86_64 | A NixOS install running under Windows on my primary desktop. | - +| patchberry | NixOS | aarch64 | An ancient Raspberry Pi Model B. | +| patchbox | NixOS | x86_64 | A personal server for myself and friends. | +| patchcloud | NixOS (VM) | x86_64 | A VPS for tailscale egress/ingress, reverse-DNS, etc. | +| patchmini | macOS (Darwin) | aarch64 | A spare M1 Mac Mini I have lying around to tinker with. | +| patchshell | Windows (WSL) | x86_64 | A NixOS install running under Windows on my primary desktop. | ## Installation + The installation for a given system configuration varies depending on the underlying operating system. ### Windows (WSL) + 1. Enable WSL if you haven't done so already. + ```powershell wsl --install --no-distribution ``` + 2. Download the latest release of `nixos.wsl` from the [NixOS-WSL](https://github.com/nix-community/NixOS-WSL) repository [here](https://github.com/nix-community/NixOS-WSL/releases/latest). -3. Double-click `nixos.wsl` (requires WSL >= 2.4.4). -4. Run NixOS under WSL. +1. Double-click `nixos.wsl` (requires WSL >= 2.4.4). +1. Run NixOS under WSL. + ```powershell wsl -d NixOS ``` + 5. Clone the repository (in NixOS) and navigate to its root. -6. Ensure secret management is configured correctly. See [here](https://michael.stapelberg.ch/posts/2025-08-24-secret-management-with-sops-nix/) for details. -7. Build the system configuration of your choosing and switch. +1. Ensure secret management is configured correctly. See [here](https://michael.stapelberg.ch/posts/2025-08-24-secret-management-with-sops-nix/) for details. +1. Build the system configuration of your choosing and switch. + ```bash sudo nixos-rebuild switch --flake .# ``` + 8. Done! See [Usage](#usage) for details. ### macOS (Darwin) + 1. Download and install Nix using the [Nix installer from Determinate Systems](https://github.com/DeterminateSystems/nix-installer). Upstream Nix is strongly recommended. + ```zsh curl -fsSL https://install.determinate.systems/nix | sh -s -- install --prefer-upstream-nix ``` + 2. Install Rosetta if you haven't done so already and restart the Nix daemon. + ```zsh sudo /usr/sbin/softwareupdate --install-rosetta && launchctl stop org.nixos.nix-daemon ``` + 3. Clone the repository and navigate to its root. -4. Ensure secret management is configured correctly. See [here](https://michael.stapelberg.ch/posts/2025-08-24-secret-management-with-sops-nix/) for details. -5. Build the system configuration of your choosing and switch. This will simultaneously install nix-darwin. +1. Ensure secret management is configured correctly. See [here](https://michael.stapelberg.ch/posts/2025-08-24-secret-management-with-sops-nix/) for details. +1. Build the system configuration of your choosing and switch. This will simultaneously install nix-darwin. + ```zsh sudo nix run nix-darwin/nix-darwin-25.11#darwin-rebuild -- switch --flake .# ``` -6. Done! See [Usage](#usage) for details. +6. Done! See [Usage](#usage) for details. ## Usage -Using this flake once a system is up is simple. Run `just` from the repository root for a list of commands. +Using this flake once a system is up is simple. Run `just` from the repository root for a list of commands. ## Acknowledgements + Special thanks to these repositories and their owners/contributors for inspiration: + - [isabelroses/dotfiles](https://github.com/isabelroses/dotfiles) - [Misterio77/nix-config](https://github.com/Misterio77/nix-config) - [uncenter/flake](https://github.com/uncenter/flake) - *and others.* As well as a few blog posts and articles, such as: + - [Secret Management on NixOS with sops-nix](https://michael.stapelberg.ch/posts/2025-08-24-secret-management-with-sops-nix/) by Michael Stapelberg - *and others.* - ## License + This flake is licensed under the MIT license. See `LICENSE` for full details. diff --git a/flake.nix b/flake.nix index 8493960..7bf1101 100644 --- a/flake.nix +++ b/flake.nix @@ -1,52 +1,52 @@ { - inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11"; - - nixos-wsl = { - url = "github:nix-community/NixOS-WSL/release-25.11"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - - home-manager = { - url = "github:nix-community/home-manager/release-25.11"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - - stylix = { - url = "github:nix-community/stylix/release-25.11"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - - disko = { - url = "github:nix-community/disko"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - - nix-darwin = { - url = "github:nix-darwin/nix-darwin/nix-darwin-25.11"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - - flake-parts = { - url = "github:hercules-ci/flake-parts"; - inputs.nixpkgs-lib.follows = "nixpkgs"; - }; - - sops-nix = { - url = "github:Mic92/sops-nix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - - easy-hosts.url = "github:isabelroses/easy-hosts"; - - apple-fonts.url = "github:Lyndeno/apple-fonts.nix"; - - nix-minecraft.url = "github:Infinidoge/nix-minecraft"; - }; - - outputs = - inputs: - inputs.flake-parts.lib.mkFlake { inherit inputs; } { - imports = [ ./systems ]; - }; + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11"; + + nixos-wsl = { + url = "github:nix-community/NixOS-WSL/release-25.11"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + home-manager = { + url = "github:nix-community/home-manager/release-25.11"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + stylix = { + url = "github:nix-community/stylix/release-25.11"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + disko = { + url = "github:nix-community/disko"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + nix-darwin = { + url = "github:nix-darwin/nix-darwin/nix-darwin-25.11"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + flake-parts = { + url = "github:hercules-ci/flake-parts"; + inputs.nixpkgs-lib.follows = "nixpkgs"; + }; + + sops-nix = { + url = "github:Mic92/sops-nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + easy-hosts.url = "github:isabelroses/easy-hosts"; + + apple-fonts.url = "github:Lyndeno/apple-fonts.nix"; + + nix-minecraft.url = "github:Infinidoge/nix-minecraft"; + }; + + outputs = + inputs: + inputs.flake-parts.lib.mkFlake { inherit inputs; } { + imports = [ ./systems ]; + }; } diff --git a/home/default.nix b/home/default.nix index f3e8516..c6f3ed6 100644 --- a/home/default.nix +++ b/home/default.nix @@ -1,12 +1,12 @@ { ... }: { - imports = [ - ./programs - ./wayland - ./fonts.nix - ./packages.nix - ]; + imports = [ + ./programs + ./wayland + ./fonts.nix + ./packages.nix + ]; - # Use XDG directories whenever supported. - home.preferXdgDirectories = true; + # Use XDG directories whenever supported. + home.preferXdgDirectories = true; } diff --git a/home/fonts.nix b/home/fonts.nix index d40df7e..7bfd535 100644 --- a/home/fonts.nix +++ b/home/fonts.nix @@ -1,26 +1,29 @@ { pkgs, inputs', ... }: { - home.packages = with pkgs; [ - # Maple Mono (ligature unhinted, TTF). - maple-mono.truetype - # Maple Mono NF (ligature unhinted). - maple-mono.NF-unhinted - # Maple Mono NF CN (ligature unhinted). - maple-mono.NF-CN-unhinted - # San Francisco Pro - inputs'.apple-fonts.packages.sf-pro - # San Francisco Mono - inputs'.apple-fonts.packages.sf-mono - inputs'.apple-fonts.packages.sf-mono-nerd - # DejaVu - dejavu_fonts - # Noto Color Emoji - noto-fonts-color-emoji - ]; + home.packages = with pkgs; [ + # Maple Mono (ligature unhinted, TTF). + maple-mono.truetype + # Maple Mono NF (ligature unhinted). + maple-mono.NF-unhinted + # Maple Mono NF CN (ligature unhinted). + maple-mono.NF-CN-unhinted + # San Francisco Pro + inputs'.apple-fonts.packages.sf-pro + # San Francisco Mono + inputs'.apple-fonts.packages.sf-mono + inputs'.apple-fonts.packages.sf-mono-nerd + # DejaVu + dejavu_fonts + # Noto Color Emoji + noto-fonts-color-emoji + ]; - fonts.fontconfig.defaultFonts = { - monospace = [ "Maple Mono" "SFMono Nerd Font" ]; - sansSerif = [ "SFProDisplay" ]; - serif = [ "SFProDisplay" ]; - }; + fonts.fontconfig.defaultFonts = { + monospace = [ + "Maple Mono" + "SFMono Nerd Font" + ]; + sansSerif = [ "SFProDisplay" ]; + serif = [ "SFProDisplay" ]; + }; } diff --git a/home/packages.nix b/home/packages.nix index ef762d5..1c60bc6 100644 --- a/home/packages.nix +++ b/home/packages.nix @@ -1,20 +1,20 @@ { pkgs, ... }: { - # A list of packages to install for the user. - home.packages = with pkgs; [ - # Utilities. - nix-output-monitor - just - nvd - age - sops + # A list of packages to install for the user. + home.packages = with pkgs; [ + # Utilities. + nix-output-monitor + just + nvd + age + sops - hyprpicker + hyprpicker - # Temporary- use gh or something instead. - github-desktop + # Temporary- use gh or something instead. + github-desktop - # For fun. - kittysay - ]; + # For fun. + kittysay + ]; } diff --git a/home/programs/bash/default.nix b/home/programs/bash/default.nix index fe8b190..fc5b2d0 100644 --- a/home/programs/bash/default.nix +++ b/home/programs/bash/default.nix @@ -1,7 +1,7 @@ { ... }: { - programs.bash = { - # Enable the Bourne Again SHell. - enable = true; - }; + programs.bash = { + # Enable the Bourne Again SHell. + enable = true; + }; } diff --git a/home/programs/chromium/default.nix b/home/programs/chromium/default.nix index f570b53..b5c9173 100644 --- a/home/programs/chromium/default.nix +++ b/home/programs/chromium/default.nix @@ -1,24 +1,24 @@ { pkgs, ... }: { - programs.chromium = { - # Enable Chromium. - enable = true; + programs.chromium = { + # Enable Chromium. + enable = true; - # Use the un-Googled version of Chromium. - package = pkgs.ungoogled-chromium; + # Use the un-Googled version of Chromium. + package = pkgs.ungoogled-chromium; - # The list of extensions to install. - extensions = [ - { - # uBlock Origin. - id = "cjpalhdlnbpafiamejdnhcphjbkeiagm"; - } - ]; + # The list of extensions to install. + extensions = [ + { + # uBlock Origin. + id = "cjpalhdlnbpafiamejdnhcphjbkeiagm"; + } + ]; - # The list of dictionaries to install. - dictionaries = with pkgs; [ - # English (US). - hunspellDictsChromium.en-us - ]; - }; + # The list of dictionaries to install. + dictionaries = with pkgs; [ + # English (US). + hunspellDictsChromium.en-us + ]; + }; } diff --git a/home/programs/default.nix b/home/programs/default.nix index 512652a..d803063 100644 --- a/home/programs/default.nix +++ b/home/programs/default.nix @@ -1,26 +1,26 @@ { pkgs, ... }: { - imports = [ - ./bash - ./chromium - ./dotnet - ./fish - ./gh - ./git - ./home-manager - ./hyfetch - ./kitty - ./obsidian - ./starship - ./vicinae - ./vscode - ]; - - flake.home.programs.dotnet = { - # Enable the .NET SDK. - enable = true; + imports = [ + ./bash + ./chromium + ./dotnet + ./fish + ./gh + ./git + ./home-manager + ./hyfetch + ./kitty + ./obsidian + ./starship + ./vicinae + ./vscode + ]; - # Use .NET 10. - package = pkgs.dotnet-sdk_10; - }; + flake.home.programs.dotnet = { + # Enable the .NET SDK. + enable = true; + + # Use .NET 10. + package = pkgs.dotnet-sdk_10; + }; } diff --git a/home/programs/dotnet/default.nix b/home/programs/dotnet/default.nix index 572ab49..afde82e 100644 --- a/home/programs/dotnet/default.nix +++ b/home/programs/dotnet/default.nix @@ -1,69 +1,80 @@ -{ lib, pkgs, config, ... }: +{ + lib, + pkgs, + config, + ... +}: let - cfg = config.flake.home.programs.dotnet; + cfg = config.flake.home.programs.dotnet; in { - options = { - flake.home.programs.dotnet = { - enable = lib.mkEnableOption "the .NET SDK"; + options = { + flake.home.programs.dotnet = { + enable = lib.mkEnableOption "the .NET SDK"; + + package = lib.mkPackageOption pkgs "the .NET SDK" { + default = [ "dotnet-sdk" ]; + }; - package = lib.mkPackageOption pkgs "the .NET SDK" { - default = [ "dotnet-sdk" ]; - }; + rollForward = lib.mkOption { + type = lib.types.enum [ + "Minor" + "Major" + "LatestPatch" + "LatestMinor" + "LatestMajor" + "Disable" + ]; + default = "Minor"; + }; - rollForward = lib.mkOption { - type = lib.types.enum [ "Minor" "Major" "LatestPatch" "LatestMinor" "LatestMajor" "Disable" ]; - default = "Minor"; - }; + rollForwardToPreRelease = lib.mkOption { + type = lib.types.bool; + default = false; + }; + }; + }; - rollForwardToPreRelease = lib.mkOption { - type = lib.types.bool; - default = false; - }; - }; - }; + config = lib.mkIf cfg.enable { + home.packages = [ + cfg.package + ]; - config = lib.mkIf cfg.enable { - home.packages = [ - cfg.package - ]; - - home.sessionVariables = { - DOTNET_NOLOGO = "1"; + home.sessionVariables = { + DOTNET_NOLOGO = "1"; - DOTNET_CLI_HOME = "${config.xdg.stateHome}/dotnet"; - DOTNET_CLI_TELEMETRY_OPTOUT = "1"; + DOTNET_CLI_HOME = "${config.xdg.stateHome}/dotnet"; + DOTNET_CLI_TELEMETRY_OPTOUT = "1"; - DOTNET_ROLL_FORWARD = "${cfg.rollForward}"; - DOTNET_ROLL_FORWARD_TO_PRERELEASE = - if cfg.rollForwardToPreRelease then "1" else "0"; + DOTNET_ROLL_FORWARD = "${cfg.rollForward}"; + DOTNET_ROLL_FORWARD_TO_PRERELEASE = if cfg.rollForwardToPreRelease then "1" else "0"; - NUGET_PACKAGES = "${config.xdg.cacheHome}/nuget/packages"; - NUGET_HTTP_CACHE_PATH = "${config.xdg.cacheHome}/nuget/http-cache"; - NUGET_PLUGINS_CACHE_PATH = "${config.xdg.cacheHome}/nuget/plugins-cache"; - }; + NUGET_PACKAGES = "${config.xdg.cacheHome}/nuget/packages"; + NUGET_HTTP_CACHE_PATH = "${config.xdg.cacheHome}/nuget/http-cache"; + NUGET_PLUGINS_CACHE_PATH = "${config.xdg.cacheHome}/nuget/plugins-cache"; + }; - home.activation.dotnetDirs = lib.hm.dag.entryAfter [ "writeBoundary" ] '' - mkdir -p \ - "${config.xdg.stateHome}/dotnet" \ - "${config.xdg.cacheHome}/nuget/packages" \ - "${config.xdg.cacheHome}/nuget/http-cache" \ - "${config.xdg.cacheHome}/nuget/plugins-cache" - ''; + home.activation.dotnetDirs = lib.hm.dag.entryAfter [ "writeBoundary" ] '' + mkdir -p \ + "${config.xdg.stateHome}/dotnet" \ + "${config.xdg.cacheHome}/nuget/packages" \ + "${config.xdg.cacheHome}/nuget/http-cache" \ + "${config.xdg.cacheHome}/nuget/plugins-cache" + ''; - xdg.configFile."NuGet/NuGet.Config".text = '' - + xdg.configFile."NuGet/NuGet.Config".text = '' + - - - - + + + + - - - - - - ''; - }; + + + + + + ''; + }; } diff --git a/home/programs/fish/default.nix b/home/programs/fish/default.nix index 63a548c..886526c 100644 --- a/home/programs/fish/default.nix +++ b/home/programs/fish/default.nix @@ -1,6 +1,6 @@ { - programs.fish = { - # Enable fish, the friendly interactive shell. - enable = true; - }; + programs.fish = { + # Enable fish, the friendly interactive shell. + enable = true; + }; } diff --git a/home/programs/gh/default.nix b/home/programs/gh/default.nix index 827384b..64476bc 100644 --- a/home/programs/gh/default.nix +++ b/home/programs/gh/default.nix @@ -1,28 +1,28 @@ { pkgs, ... }: { - programs.gh = { - # Enable GitHub CLI. - enable = true; + programs.gh = { + # Enable GitHub CLI. + enable = true; - settings = { - # Use SSH. - git_protocol = "ssh"; - }; + settings = { + # Use SSH. + git_protocol = "ssh"; + }; - # Configure the git credential helper - # provided by the GitHub CLI. - gitCredentialHelper = { - enable = true; + # Configure the git credential helper + # provided by the GitHub CLI. + gitCredentialHelper = { + enable = true; - hosts = [ - "https://github.com" - "https://gist.github.com" - ]; - }; + hosts = [ + "https://github.com" + "https://gist.github.com" + ]; + }; - # Use the following extensions. - extensions = with pkgs; [ - gh-dash - ]; - }; + # Use the following extensions. + extensions = with pkgs; [ + gh-dash + ]; + }; } diff --git a/home/programs/git/default.nix b/home/programs/git/default.nix index 5671a29..941ae9f 100644 --- a/home/programs/git/default.nix +++ b/home/programs/git/default.nix @@ -1,51 +1,51 @@ { lib, pkgs, ... }: { - programs.git = { - # Enable git. - enable = true; - - # Ignore Finder metadata files on macOS (Darwin). - ignores = lib.mkIf pkgs.stdenv.isDarwin [ - ".DS_Store" - ]; - - settings = { - core = { - # The text editor to use. - editor = "vscode"; - }; - - user = { - # The name and email to commit with. - name = "patchoulish"; - email = "self@patchouli.sh"; - }; - - # The default branch name to use. - init.defaultBranch = "main"; - - diff = { - # For seeing secrets diffs in plaintext. - sopsdiffer = { - textconv = "sops decrypt"; - }; - }; - }; - - signing = { - # Sign commits using my SSH key. - format = "ssh"; - key = "~/.ssh/id_ed25519.pub"; - signByDefault = true; - }; - - lfs = { - # Enable LFS (large file support). - enable = true; - - # Don't download large files automatically during clone/pull. - # Use 'git lfs pull' to get them later. - skipSmudge = true; - }; - }; + programs.git = { + # Enable git. + enable = true; + + # Ignore Finder metadata files on macOS (Darwin). + ignores = lib.mkIf pkgs.stdenv.isDarwin [ + ".DS_Store" + ]; + + settings = { + core = { + # The text editor to use. + editor = "vscode"; + }; + + user = { + # The name and email to commit with. + name = "patchoulish"; + email = "self@patchouli.sh"; + }; + + # The default branch name to use. + init.defaultBranch = "main"; + + diff = { + # For seeing secrets diffs in plaintext. + sopsdiffer = { + textconv = "sops decrypt"; + }; + }; + }; + + signing = { + # Sign commits using my SSH key. + format = "ssh"; + key = "~/.ssh/id_ed25519.pub"; + signByDefault = true; + }; + + lfs = { + # Enable LFS (large file support). + enable = true; + + # Don't download large files automatically during clone/pull. + # Use 'git lfs pull' to get them later. + skipSmudge = true; + }; + }; } diff --git a/home/programs/home-manager/default.nix b/home/programs/home-manager/default.nix index a12cd9e..9a0f7f9 100644 --- a/home/programs/home-manager/default.nix +++ b/home/programs/home-manager/default.nix @@ -1,6 +1,6 @@ { - programs.home-manager = { - # Whether to enable Home Manager. This should always be 'true'. - enable = true; - }; + programs.home-manager = { + # Whether to enable Home Manager. This should always be 'true'. + enable = true; + }; } diff --git a/home/programs/hyfetch/default.nix b/home/programs/hyfetch/default.nix index d6a5320..4d17638 100644 --- a/home/programs/hyfetch/default.nix +++ b/home/programs/hyfetch/default.nix @@ -1,19 +1,19 @@ { - programs.hyfetch = { - # Enable hyfetch. - enable = true; + programs.hyfetch = { + # Enable hyfetch. + enable = true; - settings = { - # TODO: Set these based on stylix theme. - preset = "solian"; - mode = "rgb"; - light_dark = "dark"; - lightness = 0.57; - color_align = { - mode = "horizontal"; - }; - backend = "neofetch"; - pride_month_disable = false; - }; - }; + settings = { + # TODO: Set these based on stylix theme. + preset = "solian"; + mode = "rgb"; + light_dark = "dark"; + lightness = 0.57; + color_align = { + mode = "horizontal"; + }; + backend = "neofetch"; + pride_month_disable = false; + }; + }; } diff --git a/home/programs/kitty/default.nix b/home/programs/kitty/default.nix index 5eeaf23..a5f3dc3 100644 --- a/home/programs/kitty/default.nix +++ b/home/programs/kitty/default.nix @@ -1,21 +1,21 @@ { lib, pkgs, ... }: { - config = { - programs.kitty = { - # Enable kitty. - enable = true; + config = { + programs.kitty = { + # Enable kitty. + enable = true; - font = { - name = lib.mkForce "SFMono"; + font = { + name = lib.mkForce "SFMono"; - # This does NOT spark joy. - size = if pkgs.stdenv.hostPlatform.isDarwin then lib.mkForce 14 else lib.mkForce 10; - }; + # This does NOT spark joy. + size = if pkgs.stdenv.hostPlatform.isDarwin then lib.mkForce 14 else lib.mkForce 10; + }; - settings = { - # Pad the window a bit. - window_padding_width = 8; - }; - }; - }; + settings = { + # Pad the window a bit. + window_padding_width = 8; + }; + }; + }; } diff --git a/home/programs/obsidian/default.nix b/home/programs/obsidian/default.nix index 07fe07b..27fc809 100644 --- a/home/programs/obsidian/default.nix +++ b/home/programs/obsidian/default.nix @@ -1,6 +1,6 @@ { - programs.obsidian = { - # Enable Obsidian. - enable = true; - }; + programs.obsidian = { + # Enable Obsidian. + enable = true; + }; } diff --git a/home/programs/starship/default.nix b/home/programs/starship/default.nix index fd72764..826d9f4 100644 --- a/home/programs/starship/default.nix +++ b/home/programs/starship/default.nix @@ -1,41 +1,41 @@ { lib, ... }: { - programs.starship = { - # Enable starship. - enable = true; + programs.starship = { + # Enable starship. + enable = true; - settings = { - add_newline = false; + settings = { + add_newline = false; - # The prompt format string to use. - format = lib.concatStrings [ - "$line_break" - "[╭─────┤ ](bold green)$all[├](bold green)$fill[┤](bold green)$character$cmd_duration$line_break" - "[╰─▶ ](bold green)" - ]; + # The prompt format string to use. + format = lib.concatStrings [ + "$line_break" + "[╭─────┤ ](bold green)$all[├](bold green)$fill[┤](bold green)$character$cmd_duration$line_break" + "[╰─▶ ](bold green)" + ]; - cmd_duration = { - # Minimum time a command must run before starship tells us how long it took. - min_time = 0; - # Include milliseconds in the duration. - show_milliseconds = true; - # The format string to use. - format = "took [$duration]($style)"; - }; + cmd_duration = { + # Minimum time a command must run before starship tells us how long it took. + min_time = 0; + # Include milliseconds in the duration. + show_milliseconds = true; + # The format string to use. + format = "took [$duration]($style)"; + }; - character = { - # The character string to use when the previous command succeeded. - success_symbol = "[ OK](bold green)"; - # The character string to use when the previous command failed. - error_symbol = "[ ERROR](bold red)"; - }; + character = { + # The character string to use when the previous command succeeded. + success_symbol = "[ OK](bold green)"; + # The character string to use when the previous command failed. + error_symbol = "[ ERROR](bold red)"; + }; - fill = { - # The symbol to use for spacing $all and $character$cmd_duration. - # See format above for use. - symbol = "─"; - style = "bold green"; - }; - }; - }; + fill = { + # The symbol to use for spacing $all and $character$cmd_duration. + # See format above for use. + symbol = "─"; + style = "bold green"; + }; + }; + }; } diff --git a/home/programs/vicinae/default.nix b/home/programs/vicinae/default.nix index 79bfde7..c5c5b8a 100644 --- a/home/programs/vicinae/default.nix +++ b/home/programs/vicinae/default.nix @@ -1,9 +1,9 @@ { - programs.vicinae = { - enable = true; + programs.vicinae = { + enable = true; - systemd = { - enable = true; - }; + systemd = { + enable = true; }; + }; } diff --git a/home/programs/vscode/default.nix b/home/programs/vscode/default.nix index 1e58ab2..39292b7 100644 --- a/home/programs/vscode/default.nix +++ b/home/programs/vscode/default.nix @@ -1,5 +1,5 @@ { - programs.vscode = { - enable = true; - }; + programs.vscode = { + enable = true; + }; } diff --git a/home/wayland/default.nix b/home/wayland/default.nix index 96f2545..96e5300 100644 --- a/home/wayland/default.nix +++ b/home/wayland/default.nix @@ -1,5 +1,5 @@ { - imports = [ - ./hyprland.nix - ]; + imports = [ + ./hyprland.nix + ]; } diff --git a/modules/darwin/default.nix b/modules/darwin/default.nix index 8c9301e..6c9e155 100644 --- a/modules/darwin/default.nix +++ b/modules/darwin/default.nix @@ -1,11 +1,11 @@ { - imports = [ - ./networking - ./services - ./nix.nix - ./users.nix - ]; + imports = [ + ./networking + ./services + ./nix.nix + ./users.nix + ]; - # The configuration schema version for nix-darwin. - system.stateVersion = 6; + # The configuration schema version for nix-darwin. + system.stateVersion = 6; } diff --git a/modules/darwin/networking/default.nix b/modules/darwin/networking/default.nix index 8b0dc32..29d129a 100644 --- a/modules/darwin/networking/default.nix +++ b/modules/darwin/networking/default.nix @@ -1,9 +1,9 @@ { - networking.dns = [ - # MagicDNS (tailscale) - "100.100.100.100" - # Cloudflare - "1.1.1.1" - "1.0.0.1" - ]; + networking.dns = [ + # MagicDNS (tailscale) + "100.100.100.100" + # Cloudflare + "1.1.1.1" + "1.0.0.1" + ]; } diff --git a/modules/darwin/nix.nix b/modules/darwin/nix.nix index dd0057e..75c9c24 100644 --- a/modules/darwin/nix.nix +++ b/modules/darwin/nix.nix @@ -1,11 +1,11 @@ { - nix = { - gc = { - # Run the GC on the same schedule as NixOS; can't be set in /shared. - interval = { - Hour = 3; - Minute = 15; - }; - }; - }; + nix = { + gc = { + # Run the GC on the same schedule as NixOS; can't be set in /shared. + interval = { + Hour = 3; + Minute = 15; + }; + }; + }; } diff --git a/modules/darwin/services/default.nix b/modules/darwin/services/default.nix index 3f55e04..8a039f8 100644 --- a/modules/darwin/services/default.nix +++ b/modules/darwin/services/default.nix @@ -1,6 +1,6 @@ { - imports = [ - ./openssh - ./tailscale - ]; + imports = [ + ./openssh + ./tailscale + ]; } diff --git a/modules/darwin/services/openssh/default.nix b/modules/darwin/services/openssh/default.nix index 1471e1b..0b585cc 100644 --- a/modules/darwin/services/openssh/default.nix +++ b/modules/darwin/services/openssh/default.nix @@ -1,18 +1,18 @@ { lib, ... }: { - services.openssh = { - # Enable OpenSSH. - enable = true; + services.openssh = { + # Enable OpenSSH. + enable = true; - extraConfig = lib.concatStringsSep "\n" [ - # See https://www.mankier.com/5/sshd_config + extraConfig = lib.concatStringsSep "\n" [ + # See https://www.mankier.com/5/sshd_config - # Don't allow login as root. - "PermitRootLogin no" - # Disable password authentication (use a key). - "PasswordAuthentication no" - # Verbose logging (needed for fail2ban sshd jail). - "LogLevel VERBOSE" - ]; - }; + # Don't allow login as root. + "PermitRootLogin no" + # Disable password authentication (use a key). + "PasswordAuthentication no" + # Verbose logging (needed for fail2ban sshd jail). + "LogLevel VERBOSE" + ]; + }; } diff --git a/modules/darwin/services/tailscale/default.nix b/modules/darwin/services/tailscale/default.nix index b2b56d2..1185c37 100644 --- a/modules/darwin/services/tailscale/default.nix +++ b/modules/darwin/services/tailscale/default.nix @@ -1,6 +1,6 @@ { - services.tailscale = { - # Enable tailscale. - enable = true; - }; + services.tailscale = { + # Enable tailscale. + enable = true; + }; } diff --git a/modules/darwin/users.nix b/modules/darwin/users.nix index cef2082..867e262 100644 --- a/modules/darwin/users.nix +++ b/modules/darwin/users.nix @@ -1,20 +1,20 @@ { pkgs, ... }: { - system = { - # The name for the primary user. - # NOTE: This is a transient option and will be removed at some point. - primaryUser = "patchouli"; - }; - - users.users = { - patchouli = { - name = "patchouli"; + system = { + # The name for the primary user. + # NOTE: This is a transient option and will be removed at some point. + primaryUser = "patchouli"; + }; - # The login shell to use. - # Fish may be problematic for this purpose, but it sure does look pretty. - shell = pkgs.fish; + users.users = { + patchouli = { + name = "patchouli"; - home = "/Users/patchouli"; - }; - }; + # The login shell to use. + # Fish may be problematic for this purpose, but it sure does look pretty. + shell = pkgs.fish; + + home = "/Users/patchouli"; + }; + }; } diff --git a/modules/nixos/boot.nix b/modules/nixos/boot.nix index 1033dc0..0ba29a9 100644 --- a/modules/nixos/boot.nix +++ b/modules/nixos/boot.nix @@ -1,23 +1,31 @@ -{ lib, pkgs, config, ... }: +{ + lib, + pkgs, + config, + ... +}: let - cfg = config.flake.system.boot; + cfg = config.flake.system.boot; in { - options.flake.system.boot = { - silent = lib.mkOption { - type = lib.types.bool; - default = true; - description = "Whether to boot quietly."; - }; - }; + options.flake.system.boot = { + silent = lib.mkOption { + type = lib.types.bool; + default = true; + description = "Whether to boot quietly."; + }; + }; - config = { - boot = lib.mkIf cfg.silent { - initrd.verbose = false; + config = { + boot = lib.mkIf cfg.silent { + initrd.verbose = false; - consoleLogLevel = 0; + consoleLogLevel = 0; - kernelParams = [ "quiet" "udev.log_level=3" ]; - }; - }; + kernelParams = [ + "quiet" + "udev.log_level=3" + ]; + }; + }; } diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index a81f787..2bb86a3 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -1,13 +1,13 @@ { ... }: { - imports = [ - ./networking - ./programs - ./services - ./boot.nix - ./users.nix - ]; + imports = [ + ./networking + ./programs + ./services + ./boot.nix + ./users.nix + ]; - # The configuration schema version for NixOS. - system.stateVersion = "25.11"; + # The configuration schema version for NixOS. + system.stateVersion = "25.11"; } diff --git a/modules/nixos/networking/default.nix b/modules/nixos/networking/default.nix index 8a09bab..e8b64d1 100644 --- a/modules/nixos/networking/default.nix +++ b/modules/nixos/networking/default.nix @@ -1,7 +1,7 @@ { - imports = [ - ./dns.nix - ./firewall.nix - ./vpn.nix - ]; + imports = [ + ./dns.nix + ./firewall.nix + ./vpn.nix + ]; } diff --git a/modules/nixos/networking/dns.nix b/modules/nixos/networking/dns.nix index b893953..d393c5d 100644 --- a/modules/nixos/networking/dns.nix +++ b/modules/nixos/networking/dns.nix @@ -1,39 +1,39 @@ { lib, config, ... }: let - cfg = config.flake.system.dns; + cfg = config.flake.system.dns; in { - options = { - flake.system.dns = { - enable = lib.mkOption { - type = lib.types.bool; - default = true; - }; - }; - }; + options = { + flake.system.dns = { + enable = lib.mkOption { + type = lib.types.bool; + default = true; + }; + }; + }; - config = lib.mkIf cfg.enable { - networking.nameservers = [ - # Use unbound as the system DNS resolver. - "127.0.0.1" - ]; + config = lib.mkIf cfg.enable { + networking.nameservers = [ + # Use unbound as the system DNS resolver. + "127.0.0.1" + ]; - services.unbound = { - # Enable the unbound daemon. - enable = true; + services.unbound = { + # Enable the unbound daemon. + enable = true; - settings = { - forward-zone = [ - { - name = "."; - forward-addr = [ - "1.1.1.1@853#cloudflare-dns.com" - "1.0.0.1@853#cloudflare-dns.com" - ]; - forward-ssl-upstream = "yes"; - } - ]; - }; - }; - }; + settings = { + forward-zone = [ + { + name = "."; + forward-addr = [ + "1.1.1.1@853#cloudflare-dns.com" + "1.0.0.1@853#cloudflare-dns.com" + ]; + forward-ssl-upstream = "yes"; + } + ]; + }; + }; + }; } diff --git a/modules/nixos/networking/firewall.nix b/modules/nixos/networking/firewall.nix index ddeb1ae..8d87cca 100644 --- a/modules/nixos/networking/firewall.nix +++ b/modules/nixos/networking/firewall.nix @@ -1,13 +1,13 @@ { - networking = { - firewall = { - # Ensure the firewall is enabled. - enable = true; - }; + networking = { + firewall = { + # Ensure the firewall is enabled. + enable = true; + }; - nftables = { - # Use nftables instead of iptables. - enable = true; - }; - }; + nftables = { + # Use nftables instead of iptables. + enable = true; + }; + }; } diff --git a/modules/nixos/networking/vpn.nix b/modules/nixos/networking/vpn.nix index 6952927..02f4849 100644 --- a/modules/nixos/networking/vpn.nix +++ b/modules/nixos/networking/vpn.nix @@ -1,86 +1,87 @@ { lib, config, ... }: let - cfg = config.flake.system.vpn; + cfg = config.flake.system.vpn; - knownHosts = { - patchbox = { - ipv4 = "100.72.0.20"; - }; - patchcloud = { - ipv4 = "100.72.0.30"; - }; - patchmini = { - ipv4 = "100.72.0.40"; - }; - patchshell = { - ipv4 = "100.72.0.50"; - }; - }; + knownHosts = { + patchbox = { + ipv4 = "100.72.0.20"; + }; + patchcloud = { + ipv4 = "100.72.0.30"; + }; + patchmini = { + ipv4 = "100.72.0.40"; + }; + patchshell = { + ipv4 = "100.72.0.50"; + }; + }; in { - # TODO: - # Either harden tailscale and set up headscale, - # or switch to nebula. + # TODO: + # Either harden tailscale and set up headscale, + # or switch to nebula. - options = { - flake.system.vpn = { - enable = lib.mkOption { - type = lib.types.bool; - default = true; - }; + options = { + flake.system.vpn = { + enable = lib.mkOption { + type = lib.types.bool; + default = true; + }; - dns = { - authZone = lib.mkOption { - type = lib.types.bool; - default = true; - }; + dns = { + authZone = lib.mkOption { + type = lib.types.bool; + default = true; + }; - authZoneDomain = lib.mkOption { - type = lib.types.str; - default = "tail"; - }; - }; - }; - }; + authZoneDomain = lib.mkOption { + type = lib.types.str; + default = "tail"; + }; + }; + }; + }; - config = lib.mkIf cfg.enable { - # Configuration for tailscale. - services.tailscale = { - # Enable tailscale. - enable = true; - }; + config = lib.mkIf cfg.enable { + # Configuration for tailscale. + services.tailscale = { + # Enable tailscale. + enable = true; + }; - # Additional configuration for unbound. - services.unbound = { - settings = { - auth-zone = lib.mkIf cfg.dns.authZone [ - { - name = "${cfg.dns.authZoneDomain}."; - zonefile = "/etc/unbound/zones/tailnet.zone"; - } - ]; - }; - }; + # Additional configuration for unbound. + services.unbound = { + settings = { + auth-zone = lib.mkIf cfg.dns.authZone [ + { + name = "${cfg.dns.authZoneDomain}."; + zonefile = "/etc/unbound/zones/tailnet.zone"; + } + ]; + }; + }; - environment.etc."unbound/zones/tailnet.zone".text = lib.mkIf cfg.dns.authZone '' -$TTL 300 -@ IN SOA ns.${cfg.dns.authZoneDomain}. self.patchouli.sh. ( - 2025121704 ; serial - 3600 ; refresh - 1800 ; retry - 604800 ; expire - 300 ; minimum -) -@ IN NS ns.${cfg.dns.authZoneDomain}. -ns IN A 127.0.0.1 -${ -builtins.concatStringsSep "\n" ( - builtins.concatLists ( - lib.mapAttrsToList ( - host: attrs: - builtins.filter (x: x != null) [ - "${host}\tIN A\t${attrs.ipv4}" - ]) knownHosts)) -}''; - }; + environment.etc."unbound/zones/tailnet.zone".text = lib.mkIf cfg.dns.authZone '' + $TTL 300 + @ IN SOA ns.${cfg.dns.authZoneDomain}. self.patchouli.sh. ( + 2025121704 ; serial + 3600 ; refresh + 1800 ; retry + 604800 ; expire + 300 ; minimum + ) + @ IN NS ns.${cfg.dns.authZoneDomain}. + ns IN A 127.0.0.1 + ${builtins.concatStringsSep "\n" ( + builtins.concatLists ( + lib.mapAttrsToList ( + host: attrs: + builtins.filter (x: x != null) [ + "${host}\tIN A\t${attrs.ipv4}" + ] + ) knownHosts + ) + )}''; + }; } diff --git a/modules/nixos/programs/chromium/default.nix b/modules/nixos/programs/chromium/default.nix index 7c45db1..320708d 100644 --- a/modules/nixos/programs/chromium/default.nix +++ b/modules/nixos/programs/chromium/default.nix @@ -1,9 +1,9 @@ { - programs.chromium = { - # Enable Chromium. - enable = true; + programs.chromium = { + # Enable Chromium. + enable = true; - # Ironic, I know. - homepageLocation = "https://google.com"; - }; + # Ironic, I know. + homepageLocation = "https://google.com"; + }; } diff --git a/modules/nixos/programs/default.nix b/modules/nixos/programs/default.nix index 2e9c817..d6b40f2 100644 --- a/modules/nixos/programs/default.nix +++ b/modules/nixos/programs/default.nix @@ -1,6 +1,6 @@ { - imports = [ - ./chromium - ./hyprland - ]; + imports = [ + ./chromium + ./hyprland + ]; } diff --git a/modules/nixos/programs/hyprland/default.nix b/modules/nixos/programs/hyprland/default.nix index 7f09ef6..daa1aa6 100644 --- a/modules/nixos/programs/hyprland/default.nix +++ b/modules/nixos/programs/hyprland/default.nix @@ -1,5 +1,5 @@ { - programs.hyprland = { - enable = true; - }; + programs.hyprland = { + enable = true; + }; } diff --git a/modules/nixos/services/chrony/default.nix b/modules/nixos/services/chrony/default.nix index 020678b..0aaba6c 100644 --- a/modules/nixos/services/chrony/default.nix +++ b/modules/nixos/services/chrony/default.nix @@ -1,36 +1,41 @@ -{ lib, pkgs, config, ... }: +{ + lib, + pkgs, + config, + ... +}: let - cfg = config.flake.system.services.chrony; + cfg = config.flake.system.services.chrony; in { - options = { - flake.system.services.chrony = { - enable = lib.mkEnableOption "NTP services"; + options = { + flake.system.services.chrony = { + enable = lib.mkEnableOption "NTP services"; - upstream = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = [ - "time.cloudflare.com" - ]; - }; - }; - }; + upstream = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ + "time.cloudflare.com" + ]; + }; + }; + }; - config = lib.mkIf cfg.enable { - networking = { - # The set of NTP servers from which to synchronise. - timeServers = cfg.upstream; - }; + config = lib.mkIf cfg.enable { + networking = { + # The set of NTP servers from which to synchronise. + timeServers = cfg.upstream; + }; - services.chrony = { - # Whether to synchronise time using chrony. - enable = true; - # The set of NTP servers from which to synchronise. - servers = cfg.upstream; - # Whether to enable Network Time Security authentication. - enableNTS = true; - # Whether to prevent chrony from being paged out. - enableMemoryLocking = true; - }; - }; + services.chrony = { + # Whether to synchronise time using chrony. + enable = true; + # The set of NTP servers from which to synchronise. + servers = cfg.upstream; + # Whether to enable Network Time Security authentication. + enableNTS = true; + # Whether to prevent chrony from being paged out. + enableMemoryLocking = true; + }; + }; } diff --git a/modules/nixos/services/ddns-updater/default.nix b/modules/nixos/services/ddns-updater/default.nix index bee4119..1683ca7 100644 --- a/modules/nixos/services/ddns-updater/default.nix +++ b/modules/nixos/services/ddns-updater/default.nix @@ -1,63 +1,68 @@ -{ lib, pkgs, config, ... }: +{ + lib, + pkgs, + config, + ... +}: let - cfg = config.flake.system.services.ddns-updater; + cfg = config.flake.system.services.ddns-updater; in { - options = { - flake.system.services.ddns-updater = { - enable = lib.mkEnableOption "Dynamic DNS Updater Service"; - - package = lib.mkPackageOption pkgs "ddns-updater" { }; - - # TODO: Add configuration options. - }; - }; - - config = lib.mkIf cfg.enable { - sops.secrets.ddns-updater-provider = { }; - sops.secrets.ddns-updater-domain = { }; - sops.secrets.ddns-updater-password = { }; - - sops.templates."ddns-updater-config.json" = { - path = "/etc/ddns-updater/config.json"; - content = '' - { - "settings": [ - { - "provider": "${config.sops.placeholder.ddns-updater-provider}", - "domain": "${config.sops.placeholder.ddns-updater-domain}", - "password": "${config.sops.placeholder.ddns-updater-password}" - } - ] - } - ''; - }; - - systemd.services.ddns-updater = { - wantedBy = [ "multi-user.target" ]; - wants = [ "network-online.target" ]; - after = [ "network-online.target" ]; - - environment = { - "CONFIG_FILEPATH" = "${config.sops.templates."ddns-updater-config.json".path}"; - "DATADIR" = "%S/ddns-updater"; - "SERVER_ENABLED" = "no"; - "PERIOD" = "5m"; - "UPDATE_COOLDOWN_PERIOD" = "1h"; # Really, this could be *days*... - }; - - unitConfig = { - Description = "Dynamic DNS Updater Service (ddns-updater)"; - }; - - serviceConfig = { - TimeoutSec = 240; - ExecStart = lib.getExe cfg.package; - RestartSec = 30; - DynamicUser = true; - StateDirectory = "ddns-updater"; - Restart = "on-failure"; - }; - }; - }; + options = { + flake.system.services.ddns-updater = { + enable = lib.mkEnableOption "Dynamic DNS Updater Service"; + + package = lib.mkPackageOption pkgs "ddns-updater" { }; + + # TODO: Add configuration options. + }; + }; + + config = lib.mkIf cfg.enable { + sops.secrets.ddns-updater-provider = { }; + sops.secrets.ddns-updater-domain = { }; + sops.secrets.ddns-updater-password = { }; + + sops.templates."ddns-updater-config.json" = { + path = "/etc/ddns-updater/config.json"; + content = '' + { + "settings": [ + { + "provider": "${config.sops.placeholder.ddns-updater-provider}", + "domain": "${config.sops.placeholder.ddns-updater-domain}", + "password": "${config.sops.placeholder.ddns-updater-password}" + } + ] + } + ''; + }; + + systemd.services.ddns-updater = { + wantedBy = [ "multi-user.target" ]; + wants = [ "network-online.target" ]; + after = [ "network-online.target" ]; + + environment = { + "CONFIG_FILEPATH" = "${config.sops.templates."ddns-updater-config.json".path}"; + "DATADIR" = "%S/ddns-updater"; + "SERVER_ENABLED" = "no"; + "PERIOD" = "5m"; + "UPDATE_COOLDOWN_PERIOD" = "1h"; # Really, this could be *days*... + }; + + unitConfig = { + Description = "Dynamic DNS Updater Service (ddns-updater)"; + }; + + serviceConfig = { + TimeoutSec = 240; + ExecStart = lib.getExe cfg.package; + RestartSec = 30; + DynamicUser = true; + StateDirectory = "ddns-updater"; + Restart = "on-failure"; + }; + }; + }; } diff --git a/modules/nixos/services/default.nix b/modules/nixos/services/default.nix index efc9f41..586b7d8 100644 --- a/modules/nixos/services/default.nix +++ b/modules/nixos/services/default.nix @@ -1,10 +1,10 @@ { - imports = [ - ./chrony - ./ddns-updater - ./fail2ban - ./minecraft - ./nebula - ./openssh - ]; + imports = [ + ./chrony + ./ddns-updater + ./fail2ban + ./minecraft + ./nebula + ./openssh + ]; } diff --git a/modules/nixos/services/fail2ban/default.nix b/modules/nixos/services/fail2ban/default.nix index 3866306..13ceddd 100644 --- a/modules/nixos/services/fail2ban/default.nix +++ b/modules/nixos/services/fail2ban/default.nix @@ -1,6 +1,6 @@ { - services.fail2ban = { - # Enable fail2ban. - enable = true; - }; + services.fail2ban = { + # Enable fail2ban. + enable = true; + }; } diff --git a/modules/nixos/services/minecraft/default.nix b/modules/nixos/services/minecraft/default.nix index 5e5afe0..de3685c 100644 --- a/modules/nixos/services/minecraft/default.nix +++ b/modules/nixos/services/minecraft/default.nix @@ -1,43 +1,49 @@ -{ lib, pkgs, config, inputs, ... }: +{ + lib, + pkgs, + config, + inputs, + ... +}: let - cfg = config.flake.system.services.minecraft; + cfg = config.flake.system.services.minecraft; in { - options.flake.system.services.minecraft = { - enable = lib.mkOption { - type = lib.types.bool; - default = false; - }; - - instances = lib.mkOption { - type = lib.types.attrs; - default = { }; - }; - }; - - config = lib.mkIf cfg.enable { - nixpkgs.overlays = [ - # Add the package overlay for nix-minecraft. - # (enables pkgs.minecraftServers.*) - inputs.nix-minecraft.overlay - ]; - - services.minecraft-servers = { - # Enable Minecraft server(s) via nix-minecraft. - enable = true; - - eula = true; - - openFirewall = true; - - dataDir = "/var/lib/minecraft"; - - managementSystem = { - systemd-socket.enable = true; - }; - - # Pass the per-instance configuration to nix-minecraft. - servers = cfg.instances; - }; - }; + options.flake.system.services.minecraft = { + enable = lib.mkOption { + type = lib.types.bool; + default = false; + }; + + instances = lib.mkOption { + type = lib.types.attrs; + default = { }; + }; + }; + + config = lib.mkIf cfg.enable { + nixpkgs.overlays = [ + # Add the package overlay for nix-minecraft. + # (enables pkgs.minecraftServers.*) + inputs.nix-minecraft.overlay + ]; + + services.minecraft-servers = { + # Enable Minecraft server(s) via nix-minecraft. + enable = true; + + eula = true; + + openFirewall = true; + + dataDir = "/var/lib/minecraft"; + + managementSystem = { + systemd-socket.enable = true; + }; + + # Pass the per-instance configuration to nix-minecraft. + servers = cfg.instances; + }; + }; } diff --git a/modules/nixos/services/nebula/default.nix b/modules/nixos/services/nebula/default.nix index 8a6497a..3717ada 100644 --- a/modules/nixos/services/nebula/default.nix +++ b/modules/nixos/services/nebula/default.nix @@ -1,86 +1,91 @@ -{ lib, pkgs, config, ... }: +{ + lib, + pkgs, + config, + ... +}: let - cfg = config.flake.system.services.nebula; + cfg = config.flake.system.services.nebula; in { - options = { - flake.system.services.nebula = { - enable = lib.mkOption { - type = lib.types.bool; - default = false; - }; + options = { + flake.system.services.nebula = { + enable = lib.mkOption { + type = lib.types.bool; + default = false; + }; - port = lib.mkOption { - type = lib.types.int; - default = 4242; - }; + port = lib.mkOption { + type = lib.types.int; + default = 4242; + }; - isLighthouse = lib.mkOption { - type = lib.types.bool; - default = false; - }; - }; - }; + isLighthouse = lib.mkOption { + type = lib.types.bool; + default = false; + }; + }; + }; - config = { - sops.secrets.nebula-cert = { - path = "/etc/nebula/host.crt"; - sopsFile = ./../../../../secrets/${config.networking.hostName}.yaml; - }; + config = { + sops.secrets.nebula-cert = { + path = "/etc/nebula/host.crt"; + sopsFile = ./../../../../secrets/${config.networking.hostName}.yaml; + }; - sops.secrets.nebula-key = { - path = "/etc/nebula/host.key"; - sopsFile = ./../../../../secrets/${config.networking.hostName}.yaml; - }; + sops.secrets.nebula-key = { + path = "/etc/nebula/host.key"; + sopsFile = ./../../../../secrets/${config.networking.hostName}.yaml; + }; - sops.secrets.nebula-ca = { - path = "/etc/nebula/ca.crt"; - sopsFile = ./../../../../secrets/${config.networking.hostName}.yaml; - }; + sops.secrets.nebula-ca = { + path = "/etc/nebula/ca.crt"; + sopsFile = ./../../../../secrets/${config.networking.hostName}.yaml; + }; - environment.systemPackages = with pkgs; [ nebula ]; + environment.systemPackages = with pkgs; [ nebula ]; - services.nebula.networks.patch = lib.mkIf cfg.enable { - # Enable the patch network. - enable = true; + services.nebula.networks.patch = lib.mkIf cfg.enable { + # Enable the patch network. + enable = true; - staticHostMap = { - "10.72.2.8" = [ - "vpn.patchouli.sh:${builtins.toString cfg.port}" - ]; - }; + staticHostMap = { + "10.72.2.8" = [ + "vpn.patchouli.sh:${builtins.toString cfg.port}" + ]; + }; - listen = { - port = cfg.port; - host = "0.0.0.0"; - }; + listen = { + port = cfg.port; + host = "0.0.0.0"; + }; - lighthouses = lib.mkIf (!cfg.isLighthouse) [ - "10.72.2.8" - ]; + lighthouses = lib.mkIf (!cfg.isLighthouse) [ + "10.72.2.8" + ]; - isLighthouse = cfg.isLighthouse; + isLighthouse = cfg.isLighthouse; - firewall = { - inbound = [ - { - host = "any"; - port = "22"; - proto = "any"; - } - ]; - outbound = [ - { - host = "any"; - port = "any"; - proto = "any"; - } - ]; - }; + firewall = { + inbound = [ + { + host = "any"; + port = "22"; + proto = "any"; + } + ]; + outbound = [ + { + host = "any"; + port = "any"; + proto = "any"; + } + ]; + }; - cert = "/etc/nebula/host.crt"; - key = "/etc/nebula/host.key"; - ca = "/etc/nebula/ca.crt"; - }; - }; + cert = "/etc/nebula/host.crt"; + key = "/etc/nebula/host.key"; + ca = "/etc/nebula/ca.crt"; + }; + }; } diff --git a/modules/nixos/services/openssh/default.nix b/modules/nixos/services/openssh/default.nix index 6713725..d96192c 100644 --- a/modules/nixos/services/openssh/default.nix +++ b/modules/nixos/services/openssh/default.nix @@ -1,15 +1,15 @@ { - services.openssh = { - # Enable OpenSSH. - enable = true; + services.openssh = { + # Enable OpenSSH. + enable = true; - settings = { - # Don't allow login as root. - PermitRootLogin = "no"; - # Disable password authentication (use a key). - PasswordAuthentication = false; - # Verbose logging (needed for fail2ban sshd jail). - LogLevel = "VERBOSE"; - }; - }; + settings = { + # Don't allow login as root. + PermitRootLogin = "no"; + # Disable password authentication (use a key). + PasswordAuthentication = false; + # Verbose logging (needed for fail2ban sshd jail). + LogLevel = "VERBOSE"; + }; + }; } diff --git a/modules/nixos/users.nix b/modules/nixos/users.nix index 39d13f4..511352a 100644 --- a/modules/nixos/users.nix +++ b/modules/nixos/users.nix @@ -1,32 +1,32 @@ { pkgs, ... }: { - users.users = - let - # The hashed password to use for each user account. - # Generated with 'mkpasswd'. - hashedPassword = "$y$j9T$hOvZcQOKuiVpM3ASU/CGX.$bAjaUfdOkNeAfcyWKOL3UgoeP86Er95GBYDaphTwuLB"; - in - { - patchouli = { - # Do NOT change this. - isNormalUser = true; + users.users = + let + # The hashed password to use for each user account. + # Generated with 'mkpasswd'. + hashedPassword = "$y$j9T$hOvZcQOKuiVpM3ASU/CGX.$bAjaUfdOkNeAfcyWKOL3UgoeP86Er95GBYDaphTwuLB"; + in + { + patchouli = { + # Do NOT change this. + isNormalUser = true; - # The login shell to use. - # Fish may be problematic for this purpose, but it sure does look pretty. - shell = pkgs.fish; + # The login shell to use. + # Fish may be problematic for this purpose, but it sure does look pretty. + shell = pkgs.fish; - home = "/home/patchouli"; - extraGroups = [ "wheel" ]; + home = "/home/patchouli"; + extraGroups = [ "wheel" ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII7LfwXAVJrM1KSxVcu5vmlcJBGXarW5YjavgqkCkQJX self@patchouli.sh" - ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII7LfwXAVJrM1KSxVcu5vmlcJBGXarW5YjavgqkCkQJX self@patchouli.sh" + ]; - inherit hashedPassword; - }; + inherit hashedPassword; + }; - root = { - inherit hashedPassword; - }; - }; + root = { + inherit hashedPassword; + }; + }; } diff --git a/modules/shared/default.nix b/modules/shared/default.nix index e28cc65..3a50552 100644 --- a/modules/shared/default.nix +++ b/modules/shared/default.nix @@ -1,11 +1,11 @@ { - imports = [ - ./programs - ./fonts.nix - ./home-manager.nix - ./nix.nix - ./nixpkgs.nix - ./secrets.nix - ./stylix.nix - ]; + imports = [ + ./programs + ./fonts.nix + ./home-manager.nix + ./nix.nix + ./nixpkgs.nix + ./secrets.nix + ./stylix.nix + ]; } diff --git a/modules/shared/fonts.nix b/modules/shared/fonts.nix index daf522e..2465938 100644 --- a/modules/shared/fonts.nix +++ b/modules/shared/fonts.nix @@ -1,20 +1,20 @@ { pkgs, inputs', ... }: { - fonts.packages = with pkgs; [ - # Maple Mono (ligature unhinted, TTF). - maple-mono.truetype - # Maple Mono NF (ligature unhinted). - maple-mono.NF-unhinted - # Maple Mono NF CN (ligature unhinted). - maple-mono.NF-CN-unhinted - # San Francisco Pro - inputs'.apple-fonts.packages.sf-pro - # San Francisco Mono - inputs'.apple-fonts.packages.sf-mono - inputs'.apple-fonts.packages.sf-mono-nerd - # DejaVu - dejavu_fonts - # Noto Color Emoji - noto-fonts-color-emoji - ]; + fonts.packages = with pkgs; [ + # Maple Mono (ligature unhinted, TTF). + maple-mono.truetype + # Maple Mono NF (ligature unhinted). + maple-mono.NF-unhinted + # Maple Mono NF CN (ligature unhinted). + maple-mono.NF-CN-unhinted + # San Francisco Pro + inputs'.apple-fonts.packages.sf-pro + # San Francisco Mono + inputs'.apple-fonts.packages.sf-mono + inputs'.apple-fonts.packages.sf-mono-nerd + # DejaVu + dejavu_fonts + # Noto Color Emoji + noto-fonts-color-emoji + ]; } diff --git a/modules/shared/home-manager.nix b/modules/shared/home-manager.nix index 338cd10..53794e9 100644 --- a/modules/shared/home-manager.nix +++ b/modules/shared/home-manager.nix @@ -1,22 +1,35 @@ -{ self, self', inputs, inputs', ... }: { - home-manager = { - extraSpecialArgs = { inherit self self' inputs inputs'; }; + self, + self', + inputs, + inputs', + ... +}: +{ + home-manager = { + extraSpecialArgs = { + inherit + self + self' + inputs + inputs' + ; + }; - useGlobalPkgs = true; - useUserPackages = true; + useGlobalPkgs = true; + useUserPackages = true; - # The file extension to use when Home Manager overwrites an existing file. - backupFileExtension = "backup"; + # The file extension to use when Home Manager overwrites an existing file. + backupFileExtension = "backup"; - sharedModules = [ - # The configuration schema version for Home Manager. - { home.stateVersion = "25.11"; } - ]; + sharedModules = [ + # The configuration schema version for Home Manager. + { home.stateVersion = "25.11"; } + ]; - users.patchouli = { - # We assume a single-user environment here. - imports = [ ../../home ]; - }; - }; + users.patchouli = { + # We assume a single-user environment here. + imports = [ ../../home ]; + }; + }; } diff --git a/modules/shared/nix.nix b/modules/shared/nix.nix index a70681c..147c6cc 100644 --- a/modules/shared/nix.nix +++ b/modules/shared/nix.nix @@ -1,37 +1,44 @@ -{ lib, pkgs, config, inputs, ... }: { - nix = - let - flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs; - in { - gc = { - # Automatically run the garbage collector on a set schedule. - automatic = true; - # Pass these options to the garbage collector when run automatically. - options = "--delete-older-than 3d"; - }; + lib, + pkgs, + config, + inputs, + ... +}: +{ + nix = + let + flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs; + in + { + gc = { + # Automatically run the garbage collector on a set schedule. + automatic = true; + # Pass these options to the garbage collector when run automatically. + options = "--delete-older-than 3d"; + }; + + settings = { + experimental-features = [ + "nix-command" + "flakes" + ]; + + flake-registry = ""; + + warn-dirty = false; - settings = { - experimental-features = [ - "nix-command" - "flakes" - ]; - - flake-registry = ""; + trusted-users = [ "patchouli" ]; - warn-dirty = false; + # Workaround for https://github.com/NixOS/nix/issues/9574 + nix-path = config.nix.nixPath; + }; - trusted-users = [ "patchouli" ]; - - # Workaround for https://github.com/NixOS/nix/issues/9574 - nix-path = config.nix.nixPath; - }; - - # Opinionated: disable channels - channel.enable = false; + # Opinionated: disable channels + channel.enable = false; - # Opinionated: make flake registry and nix path match flake inputs - registry = lib.mapAttrs (_: flake: {inherit flake;}) flakeInputs; - nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs; - }; + # Opinionated: make flake registry and nix path match flake inputs + registry = lib.mapAttrs (_: flake: { inherit flake; }) flakeInputs; + nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs; + }; } diff --git a/modules/shared/nixpkgs.nix b/modules/shared/nixpkgs.nix index 1ec85a0..93b48dd 100644 --- a/modules/shared/nixpkgs.nix +++ b/modules/shared/nixpkgs.nix @@ -1,8 +1,8 @@ { - nixpkgs = { - config = { - # Allow unfree packages. - allowUnfree = true; - }; - }; + nixpkgs = { + config = { + # Allow unfree packages. + allowUnfree = true; + }; + }; } diff --git a/modules/shared/programs/default.nix b/modules/shared/programs/default.nix index e299de4..64d8374 100644 --- a/modules/shared/programs/default.nix +++ b/modules/shared/programs/default.nix @@ -1,5 +1,5 @@ { - imports = [ - ./fish - ]; + imports = [ + ./fish + ]; } diff --git a/modules/shared/programs/fish/default.nix b/modules/shared/programs/fish/default.nix index 65c87af..6f31ec8 100644 --- a/modules/shared/programs/fish/default.nix +++ b/modules/shared/programs/fish/default.nix @@ -1,7 +1,7 @@ { - programs.fish = { - # fish must be installed system-wide to be used as a login shell, - # but all configuration is done via Home Manager. - enable = true; - }; + programs.fish = { + # fish must be installed system-wide to be used as a login shell, + # but all configuration is done via Home Manager. + enable = true; + }; } diff --git a/modules/shared/secrets.nix b/modules/shared/secrets.nix index 7f73c43..f342762 100644 --- a/modules/shared/secrets.nix +++ b/modules/shared/secrets.nix @@ -1,12 +1,12 @@ { - sops = { - age = { - sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; - }; + sops = { + age = { + sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + }; - defaultSopsFile = ../../secrets.yaml; + defaultSopsFile = ../../secrets.yaml; - # Secrets available at 'sops.secrets.*'. - secrets.example = { }; - }; + # Secrets available at 'sops.secrets.*'. + secrets.example = { }; + }; } diff --git a/modules/shared/stylix.nix b/modules/shared/stylix.nix index 3bf8bb2..233f24f 100644 --- a/modules/shared/stylix.nix +++ b/modules/shared/stylix.nix @@ -1,22 +1,27 @@ -{ pkgs, config, inputs', ... }: { - stylix = { - # Enable stylix. - enable = true; + pkgs, + config, + inputs', + ... +}: +{ + stylix = { + # Enable stylix. + enable = true; - # The base16 scheme to use to theme the system. - base16Scheme = "${pkgs.base16-schemes}/share/themes/caroline.yaml"; + # The base16 scheme to use to theme the system. + base16Scheme = "${pkgs.base16-schemes}/share/themes/caroline.yaml"; - fonts = { - monospace = { - package = inputs'.apple-fonts.packages.sf-mono-nerd; - name = "SFMono"; - }; - serif = { - package = inputs'.apple-fonts.packages.sf-pro; - name = "SFProDisplay"; - }; - sansSerif = config.stylix.fonts.serif; - }; - }; + fonts = { + monospace = { + package = inputs'.apple-fonts.packages.sf-mono-nerd; + name = "SFMono"; + }; + serif = { + package = inputs'.apple-fonts.packages.sf-pro; + name = "SFProDisplay"; + }; + sansSerif = config.stylix.fonts.serif; + }; + }; } diff --git a/modules/wsl/default.nix b/modules/wsl/default.nix index ef0942a..8054e53 100644 --- a/modules/wsl/default.nix +++ b/modules/wsl/default.nix @@ -1,30 +1,30 @@ { - imports = [ - ./networking - ]; - - wsl = { - # Enable support for running NixOS as a WSL distribution. - enable = true; + imports = [ + ./networking + ]; - # The name for the default uer. - defaultUser = "patchouli"; + wsl = { + # Enable support for running NixOS as a WSL distribution. + enable = true; - # Enable shortcuts for graphical applications in the Windows start menu. - startMenuLaunchers = true; + # The name for the default uer. + defaultUser = "patchouli"; - interop = { - # Exclude Windows PATH from WSL PATH. - includePath = false; - # Explicitly register the binfmt_misc handler for Windows executables. - register = true; - }; + # Enable shortcuts for graphical applications in the Windows start menu. + startMenuLaunchers = true; - wslConf = { - network = { - # Not needed- we use unbound. - generateResolvConf = false; - }; - }; - }; + interop = { + # Exclude Windows PATH from WSL PATH. + includePath = false; + # Explicitly register the binfmt_misc handler for Windows executables. + register = true; + }; + + wslConf = { + network = { + # Not needed- we use unbound. + generateResolvConf = false; + }; + }; + }; } diff --git a/modules/wsl/networking/default.nix b/modules/wsl/networking/default.nix index ecf5bcd..ebe58e9 100644 --- a/modules/wsl/networking/default.nix +++ b/modules/wsl/networking/default.nix @@ -1,5 +1,5 @@ { - imports = [ - ./firewall.nix - ]; + imports = [ + ./firewall.nix + ]; } diff --git a/modules/wsl/networking/firewall.nix b/modules/wsl/networking/firewall.nix index 5cb894f..4ab4ee4 100644 --- a/modules/wsl/networking/firewall.nix +++ b/modules/wsl/networking/firewall.nix @@ -1,6 +1,6 @@ { - networking.firewall = { - # Disable reverse path filter tests on packets as the required kernel support doesn't exist on Windows (WSL). - checkReversePath = false; - }; + networking.firewall = { + # Disable reverse path filter tests on packets as the required kernel support doesn't exist on Windows (WSL). + checkReversePath = false; + }; } diff --git a/secrets.yaml b/secrets.yaml index b9d951e..c992f61 100644 --- a/secrets.yaml +++ b/secrets.yaml @@ -5,62 +5,62 @@ ddns-updater-provider: ENC[AES256_GCM,data:baURzaeICuNd,iv:O9SPlPKd4xCFqAmAbxS8x ddns-updater-domain: ENC[AES256_GCM,data:zcyhNOZw5xS0edJ5EGht,iv:OPIXGDYNQbDzjH2H/Q0O9aGULV3XSF3Q6dfugvpKtWc=,tag:N2HU/4yGykwcnizkIKNrCQ==,type:str] ddns-updater-password: ENC[AES256_GCM,data:e455KHvHQ3a8szwn1gacG2WBCTlKErZeO79QUUM5tMY=,iv:0tA7GziDU0CnFj/jWIfLGuivmq/oMoD6+d2dCEQJxDY=,tag:8iDJJlMpUGjtIi9VJ36V4Q==,type:str] sops: - age: - - recipient: age1ah07pvg6fxt8smqv3mlcm45796jk2plummy8hu4mw5qt2d00ruxszlg6k9 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRMlVYMHFqQ3FHeWF0TCto - bG1meTlYZEJNS01BV1Z5MVEya0JDTXBQV1RzCjY0RDBRYmdQMlFqTnQ3VEIyTHJJ - Vmd3ajNnWUFkOTU3K05CRm01RUlqWW8KLS0tIHZQeUh5cGdiY0paL2VzT3RvWk5z - YUtZL09aaVZSaHJxRXRBcWg1bld1ajAKT/NfJrAYI3HDt1V+ZzgjLK8bD4LPiyAp - nH8qY7YWblraRL+5OvB4awBmIFGmUaqdKMnp1OXwz39fzZ/qapehlA== - -----END AGE ENCRYPTED FILE----- - - recipient: age10m0er2cggjuj99c57rx9a2swk4hr0clr9c6ufptazlat49l09uestmdkd0 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaNmtlUWdsTGEwQ3NteTVW - SUVIb1pRc1JnMU91eG1IM0kxUExvRFJzYlgwClVybTNmN3E1MC9icHF5YjRZTHFh - ektuRUVCQ0RGcm1zVHNhcTFpNEV5dDQKLS0tIHBaYS85ZG9sd3o0MDc4aWd6SnA4 - RXo3aUV6WTZKOFJsaTVCUTdkOGF4TDAKGONrrrY+RAOw/QMFjm2BJxTvxQIa4BFg - 5GZGYOrTLMBt7MW/2D4KWNsUJM1qrnGff43q3RSyKxxF+FRVKP7svQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age1zeyez9a2lyudax86muysp45pw6sgqfl0y2adh9j9mvrr75cj7ymsdlck5g - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZS0VlaVU5djBaeTYwYVNV - QVh4Ykh6b0F1MUtFakg3Z0VzMjM0WncrSmd3ClVBVUZzdU1kMmEvNENvcllISWUv - VVpzUyt6ajVnUDEvSWlhNTBRZG9RNm8KLS0tIFY0NzliMXZrZElXN0d1U0l4c0ZZ - cnJlS0lURU5hYUsvUjFGanFXZFhrR28KJnMhLFW6NazNzimY0INqjKLfNNKy1YY9 - iQjkfuBV2am5tZDGc5/GPutCRInLtLDWTGrwy8MMRpOxvqPgVaWJcA== - -----END AGE ENCRYPTED FILE----- - - recipient: age1275h9hxrg7a0j93nnv50zj6wtzxnkf5238p5f5xfv4q4ju0gn4jq884tqh - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXWllHMTViLzJrQWpNTVR2 - TnhqOThMVm5SN21Kak91OFlVWUdpWkZwU0RBCjU0Y0RFaEM1eFBhYytGSWZtZUNQ - bmNyZUhtdFkydUdWRVNCM1VXQy9lNnMKLS0tIDhibEdZc0xFa3FsUU9sYTA5ajZq - L1J1NjNCaVluODdLdnFreFA4TFJvWTQKO0ON+MSzytcwpoZh3u5/f791fRF9c9u1 - kKA14CfYT5rV5qfRwV3r/kdb8z5umLEkNqtckKuM1PiztNEX4qeLjA== - -----END AGE ENCRYPTED FILE----- - - recipient: age1k3yjaw2qjs9y4a3t6z3q93hlj3qnw436wvvxnu9sq0x4y53gd3fq8gl534 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiM0c0SStuV05BbGFoQ3Zn - TS9LKzhiUFhYY1RmRzZWWjI4RUNDTzNKaUhFCmxRWm9wZTlyM2thelJjTFdTck85 - VzY5TjlzNE0zQnNGbytkMk5ZMDMzR2MKLS0tIHRTOEVBWW5ncUkvS0FjRE1JWllw - R3UzSkxQOVcyelFTMHZLeTVabmdqZHcKRfeOhogwG3tWEQNfLXmYW0e24a2ZwDo5 - NZXeCqEejX4Nw5YEMGiXOqy3Kug/yY0WGdBz479bqXzfwp9tqNlOqQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age168844yw9thh0n3g9g892su0p6fef76w2y3pdgsm247mvwxzza48qnlnzue - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHeUhiMzlKVmpRbmxld2h1 - VGhsM0hQek5jT1U5RHZSRTZ6QVp5MEwzZUhzCndCazJRVkZxTytyQUpqaytlT0Nr - NXd6aTFndE9RM0s3RlYvSkxJdjNSZ2MKLS0tIEFCaUUyUHpkWFVwWVU0WFFjOXJy - OXdZOTR2OTVzY3VTZGVmUEhZRWU2NlkKcxKMZN2Pa7QvLvNoK+sLoqeD873SB956 - nTcpcw0rFF2hBpH+pFyV00vpA9hiohOJz865c2JothUU0XF6VZyZlQ== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-12-16T22:04:56Z" - mac: ENC[AES256_GCM,data:f/+xr1z8coVc4PRNR0DYy7RmYdFqkdrD9ah97I4V+cKptu21ihBNJnwTGhYrhG2lb90Xp0z7cR3dr4ZSYncqc/COJDTtd1yIzmub5pKDBsxVcKw8PrIEiRj6gAzYMrCxxw/aGKTQToYOoJpUC0/zXgMJhDxW0guVh2iV2Blt0I8=,iv:jgw/ZwttacCcVNLfsSOvgE6UkeVqe/IRf74Z/IFu8kI=,tag:o0Q6lK7A9ZKBf23ft0T7zA==,type:str] - unencrypted_suffix: _unencrypted - version: 3.11.0 + age: + - recipient: age1ah07pvg6fxt8smqv3mlcm45796jk2plummy8hu4mw5qt2d00ruxszlg6k9 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRMlVYMHFqQ3FHeWF0TCto + bG1meTlYZEJNS01BV1Z5MVEya0JDTXBQV1RzCjY0RDBRYmdQMlFqTnQ3VEIyTHJJ + Vmd3ajNnWUFkOTU3K05CRm01RUlqWW8KLS0tIHZQeUh5cGdiY0paL2VzT3RvWk5z + YUtZL09aaVZSaHJxRXRBcWg1bld1ajAKT/NfJrAYI3HDt1V+ZzgjLK8bD4LPiyAp + nH8qY7YWblraRL+5OvB4awBmIFGmUaqdKMnp1OXwz39fzZ/qapehlA== + -----END AGE ENCRYPTED FILE----- + - recipient: age10m0er2cggjuj99c57rx9a2swk4hr0clr9c6ufptazlat49l09uestmdkd0 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaNmtlUWdsTGEwQ3NteTVW + SUVIb1pRc1JnMU91eG1IM0kxUExvRFJzYlgwClVybTNmN3E1MC9icHF5YjRZTHFh + ektuRUVCQ0RGcm1zVHNhcTFpNEV5dDQKLS0tIHBaYS85ZG9sd3o0MDc4aWd6SnA4 + RXo3aUV6WTZKOFJsaTVCUTdkOGF4TDAKGONrrrY+RAOw/QMFjm2BJxTvxQIa4BFg + 5GZGYOrTLMBt7MW/2D4KWNsUJM1qrnGff43q3RSyKxxF+FRVKP7svQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1zeyez9a2lyudax86muysp45pw6sgqfl0y2adh9j9mvrr75cj7ymsdlck5g + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZS0VlaVU5djBaeTYwYVNV + QVh4Ykh6b0F1MUtFakg3Z0VzMjM0WncrSmd3ClVBVUZzdU1kMmEvNENvcllISWUv + VVpzUyt6ajVnUDEvSWlhNTBRZG9RNm8KLS0tIFY0NzliMXZrZElXN0d1U0l4c0ZZ + cnJlS0lURU5hYUsvUjFGanFXZFhrR28KJnMhLFW6NazNzimY0INqjKLfNNKy1YY9 + iQjkfuBV2am5tZDGc5/GPutCRInLtLDWTGrwy8MMRpOxvqPgVaWJcA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1275h9hxrg7a0j93nnv50zj6wtzxnkf5238p5f5xfv4q4ju0gn4jq884tqh + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXWllHMTViLzJrQWpNTVR2 + TnhqOThMVm5SN21Kak91OFlVWUdpWkZwU0RBCjU0Y0RFaEM1eFBhYytGSWZtZUNQ + bmNyZUhtdFkydUdWRVNCM1VXQy9lNnMKLS0tIDhibEdZc0xFa3FsUU9sYTA5ajZq + L1J1NjNCaVluODdLdnFreFA4TFJvWTQKO0ON+MSzytcwpoZh3u5/f791fRF9c9u1 + kKA14CfYT5rV5qfRwV3r/kdb8z5umLEkNqtckKuM1PiztNEX4qeLjA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1k3yjaw2qjs9y4a3t6z3q93hlj3qnw436wvvxnu9sq0x4y53gd3fq8gl534 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiM0c0SStuV05BbGFoQ3Zn + TS9LKzhiUFhYY1RmRzZWWjI4RUNDTzNKaUhFCmxRWm9wZTlyM2thelJjTFdTck85 + VzY5TjlzNE0zQnNGbytkMk5ZMDMzR2MKLS0tIHRTOEVBWW5ncUkvS0FjRE1JWllw + R3UzSkxQOVcyelFTMHZLeTVabmdqZHcKRfeOhogwG3tWEQNfLXmYW0e24a2ZwDo5 + NZXeCqEejX4Nw5YEMGiXOqy3Kug/yY0WGdBz479bqXzfwp9tqNlOqQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age168844yw9thh0n3g9g892su0p6fef76w2y3pdgsm247mvwxzza48qnlnzue + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHeUhiMzlKVmpRbmxld2h1 + VGhsM0hQek5jT1U5RHZSRTZ6QVp5MEwzZUhzCndCazJRVkZxTytyQUpqaytlT0Nr + NXd6aTFndE9RM0s3RlYvSkxJdjNSZ2MKLS0tIEFCaUUyUHpkWFVwWVU0WFFjOXJy + OXdZOTR2OTVzY3VTZGVmUEhZRWU2NlkKcxKMZN2Pa7QvLvNoK+sLoqeD873SB956 + nTcpcw0rFF2hBpH+pFyV00vpA9hiohOJz865c2JothUU0XF6VZyZlQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-12-16T22:04:56Z" + mac: ENC[AES256_GCM,data:f/+xr1z8coVc4PRNR0DYy7RmYdFqkdrD9ah97I4V+cKptu21ihBNJnwTGhYrhG2lb90Xp0z7cR3dr4ZSYncqc/COJDTtd1yIzmub5pKDBsxVcKw8PrIEiRj6gAzYMrCxxw/aGKTQToYOoJpUC0/zXgMJhDxW0guVh2iV2Blt0I8=,iv:jgw/ZwttacCcVNLfsSOvgE6UkeVqe/IRf74Z/IFu8kI=,tag:o0Q6lK7A9ZKBf23ft0T7zA==,type:str] + unencrypted_suffix: _unencrypted + version: 3.11.0 diff --git a/secrets/patchbox.yaml b/secrets/patchbox.yaml index 931a480..e1f97be 100644 --- a/secrets/patchbox.yaml +++ b/secrets/patchbox.yaml @@ -2,26 +2,26 @@ nebula-ca: ENC[AES256_GCM,data:R4oxTfy6WnbO69pKz8yjNmnu3I6TRU55tpwe+zgrhjZEBBY0t nebula-cert: ENC[AES256_GCM,data:pa9YjclMTEFobSn9cncGTB7XAE7ldWIyYtzJPmB9W4MOXV15PonzzlzdGMiIK+ZUe7kejCERqMcLKwmNBC764AhS4JjrDP5yPpf2V5tDPVvIriM2iZ+qJkMCmsfyh+vmrAEvRJpvbJwA4glFhFTpWdhDaB+npOYPxeRPk7t1EfWR3pXJoLvp8mY3v+AeJV32bWFz64gOnkr8z3hDFzjf+k43wk6o74S3Qu1XtGTOyCAWMHX5E4P+FjHMfV41BqHBgpd2WxYZoOmgJHDEBxFqjesr4V3KyjvA7A3nHgpqkt04nMGT3htH3aiBUPJ269JsiJRV4ljyv9aGr/w1u/n7ije+MF1PtMo4v6hvI+UWpNYx5cjbQ1A7+kplNnOecXD8ThTpEoQc3hMgXatK,iv:IJjVoSYsMmx+Oiuhz9++8Z7rl33J7X47Owa+62Mr0M0=,tag:noYvdKxT2BfX/+/0CV7xhA==,type:str] nebula-key: ENC[AES256_GCM,data:PAJVAx92uiaQpITntehTa1KyDl/87VZocbCB6uli07BfEN1OKlJbjBkpqI7US+kf8Fq1I8RCMihzWaLD7piC3sOyj0MJJ2w8nKGJ1m5vDzHK8mN4LGpI1Z01gZeMImTPUlxtoLQQP4v1bn/GWvXrtRwD5N8dheMMyFl4Us0H8A==,iv:uAJBLJh1HWL+aAYCSRkMuD2QKLaduXoKHNCTXF5vy9w=,tag:E880dfv3hObn7gjcMP9M6Q==,type:str] sops: - age: - - recipient: age1ah07pvg6fxt8smqv3mlcm45796jk2plummy8hu4mw5qt2d00ruxszlg6k9 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUbmttOFJFY2wxZ2JDUFRs - Z0JWSmRHb1NFWWdDQWg2Y3cvcWhPcUI0b0JNCmtXV0tiT3RGU3NPMWdFY2NybUhI - eUhwNEJuNUVXeHl6MUFSbnpMT0lMeUUKLS0tIFZ0cVJQanNoU0dlbEkwU0d6RVNu - TjR1cUlFNW5iZUNBdjZONVErM1ZVUHcK3O78dUW9TvhtWJYLKRGrOKZVY1mARpCI - Qfx5W84JeJQJGImdKSIcboLJqZuAMjaB4b3u4S34QIdfHhRNGMypVg== - -----END AGE ENCRYPTED FILE----- - - recipient: age1zeyez9a2lyudax86muysp45pw6sgqfl0y2adh9j9mvrr75cj7ymsdlck5g - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0Ri9lMmtCMlJEYUFrZDI4 - bGwxZzVxY0w3VXM2ampOUmZFUDYvdWw1SFNJClM1TGpqUkVWYU13NGZxNFFyendL - MURKSVJMWkh2T3QrYkJJYjdFUGIvTWcKLS0tIGoyM2VpdWNzdlZuay91dXR0c05a - NUNRaTlwTkxUbEgrTmVRL0ZmM1NXeFUKdU2J2LuuOGrsjV/WPFkCPV7BTycC/vWU - FEjArNosYF87USHy7HG0TIvjt88wPsy9uZWL/x20wdD9WwFmiNu8SA== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-12-21T21:15:36Z" - mac: ENC[AES256_GCM,data:Pb83sxnE1G2nTf4aKRElEW2SseVsN79Ez3uWtsW4NpDn70BnlNDtrTPVZuuvbS4iyMIesWeTPtbZFCka+2Z6cAdKVC+D8HRj2tLwe/Hop7LXX3iYwSDUnt/iWfzVKn2NpHoAoSIOg5fGkrYeoRh1WHB8qOPA0ExibvgKhfdYDoY=,iv:9FY224Hm963ktBRZkr3cIsSY2H5KN0gL06pcm+mftkU=,tag:vsQGadBu2Eqw2gjiu+H7+w==,type:str] - unencrypted_suffix: _unencrypted - version: 3.11.0 + age: + - recipient: age1ah07pvg6fxt8smqv3mlcm45796jk2plummy8hu4mw5qt2d00ruxszlg6k9 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUbmttOFJFY2wxZ2JDUFRs + Z0JWSmRHb1NFWWdDQWg2Y3cvcWhPcUI0b0JNCmtXV0tiT3RGU3NPMWdFY2NybUhI + eUhwNEJuNUVXeHl6MUFSbnpMT0lMeUUKLS0tIFZ0cVJQanNoU0dlbEkwU0d6RVNu + TjR1cUlFNW5iZUNBdjZONVErM1ZVUHcK3O78dUW9TvhtWJYLKRGrOKZVY1mARpCI + Qfx5W84JeJQJGImdKSIcboLJqZuAMjaB4b3u4S34QIdfHhRNGMypVg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1zeyez9a2lyudax86muysp45pw6sgqfl0y2adh9j9mvrr75cj7ymsdlck5g + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0Ri9lMmtCMlJEYUFrZDI4 + bGwxZzVxY0w3VXM2ampOUmZFUDYvdWw1SFNJClM1TGpqUkVWYU13NGZxNFFyendL + MURKSVJMWkh2T3QrYkJJYjdFUGIvTWcKLS0tIGoyM2VpdWNzdlZuay91dXR0c05a + NUNRaTlwTkxUbEgrTmVRL0ZmM1NXeFUKdU2J2LuuOGrsjV/WPFkCPV7BTycC/vWU + FEjArNosYF87USHy7HG0TIvjt88wPsy9uZWL/x20wdD9WwFmiNu8SA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-12-21T21:15:36Z" + mac: ENC[AES256_GCM,data:Pb83sxnE1G2nTf4aKRElEW2SseVsN79Ez3uWtsW4NpDn70BnlNDtrTPVZuuvbS4iyMIesWeTPtbZFCka+2Z6cAdKVC+D8HRj2tLwe/Hop7LXX3iYwSDUnt/iWfzVKn2NpHoAoSIOg5fGkrYeoRh1WHB8qOPA0ExibvgKhfdYDoY=,iv:9FY224Hm963ktBRZkr3cIsSY2H5KN0gL06pcm+mftkU=,tag:vsQGadBu2Eqw2gjiu+H7+w==,type:str] + unencrypted_suffix: _unencrypted + version: 3.11.0 diff --git a/secrets/patchcloud.yaml b/secrets/patchcloud.yaml index 46f9e3b..be6b0bc 100644 --- a/secrets/patchcloud.yaml +++ b/secrets/patchcloud.yaml @@ -2,26 +2,26 @@ nebula-ca: ENC[AES256_GCM,data:WI8QIdNkurkBhqdmyOshmA8ovBgh8jHBdg1yjheN0A7Op7TKn nebula-cert: ENC[AES256_GCM,data:Li4gzHcd46z9gaP1y339VKmXzDKfFSxk4p73gg+gzcDvbKZRBGt6nHXabg0+IYeAQUHVjibBr8GHmsKcYJCu2ojeZOoOYU6pdfBxkn8lSFQ3Gvj8zURSpMPAQmej78Q2P3zFtRgjEzFZ7T+lw7cdWZnqUTALofcU1O+HHmDY7J1qunSCj18UTaqoXPAaE/rjiP12mseVefQp4kPWzHY2bFUxhMpKSj48FULAzBC+VT7BvDjw7QDcOBsJ86GuHRTf8GRTc67X4QDn2eoZ46ByzWNn1cA+v2a9fgw/8PH009kvQTu52aQibyUIQEcgDdlZPQ72AaBznTKQYpbEcwfAPnnbRSFolgePUAf4cVuGuGqN3IGjXs6maIeu1g1ET7Y7q9GwidijebX1EnzX,iv:9qLnhtHklLdLX/3Hw/Ybi3XPQazOlHmXVkd2A4mUXUo=,tag:jcBFTEJGKol4UDPpJlROQA==,type:str] nebula-key: ENC[AES256_GCM,data:6wA3TE/dub7MfeCVpTMD0NW7eAqTgRRhTCApejtsj/QVJ0KTmo6L+LOfaZO2RFSqL+QGvirfz8zfSwBG0lJ13CLk2Gt7NqCJc0NwFXH7K/PM0sdIiFi+CZaDHl4nq5cTObsTmZ//8W7M9fg22QJcqPSsNkhdcwygONmcnpPuEQ==,iv:H4maFFX9giJBZpo9Bqv40VXKJkaoKDFTqGwz9DzPJ+M=,tag:6LM2F1eHs4joyQ45HYmu4w==,type:str] sops: - age: - - recipient: age1ah07pvg6fxt8smqv3mlcm45796jk2plummy8hu4mw5qt2d00ruxszlg6k9 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByOEZIKzdrZ0tiTyszbzVK - ZklCemxmQUZrdkJCUER4bmRmVVVqRmJEWVNZCmpLQzQvU3o2MVZ4aHVvMjhjbGVl - R00vWDhzaFFoNnhsSXJ3L0tsVnl2VkUKLS0tIGtQWEdFd3NCUG4rQVA2QmFqWmpq - Z1haZHMybW04UXlJODl4MlNXTVJtb0kKBOfEY8IqJDvZ+FfcKQJQl9LahFOIaQVm - vBBGXEr1GO8jkLvIPI8sgzZvP9/szey8zcrnIenundZLP+PbQu4upA== - -----END AGE ENCRYPTED FILE----- - - recipient: age1275h9hxrg7a0j93nnv50zj6wtzxnkf5238p5f5xfv4q4ju0gn4jq884tqh - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6M2wxbGhCSXlMb3RJZzZD - U1ROcFRzUjNoL3VHSzByYnR5M1JmMmw2Q3p3ClYwbjVmdkNkaEhGRXYvQkVZcmxO - RDFJN1Frb1drWVVXTzdpNlFUaDFCM2MKLS0tIER5RnJoRmlOcC9BbmhzWXpFUVlD - a0dFMWlDbG1rTDFpR2JJMGY5MEVZVVUKuLSOaxjos/ce7UGcNjU2r+bMLIrygDTI - 6BqB3IUzdZyH8M33CKv0GYfuZcB/JcoM2Wxlh1PRP+mV4PHVTRn2aw== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-12-21T21:17:34Z" - mac: ENC[AES256_GCM,data:8gqH1TGG9r9wW68hZjQTd1LzcOb4LRX9CAojEDDzBJTb+KabsOYEuAGOsaLbZm79s+wKgC+Uy8+l54SD1CpsJq17WMOCXKcU5+c6pXNipwjUKAcZl8indKwvutqLFu3YCUu9pXWjzKVlRm4SXhKOSrMzgwVviANwODNqH3Awfdc=,iv:ph3CvUjnB3Pw1GqZC3UKiIFzMB96EG1DvLnE3Ixux54=,tag:b/+SbaXJ396Xj0g/GinmQA==,type:str] - unencrypted_suffix: _unencrypted - version: 3.11.0 + age: + - recipient: age1ah07pvg6fxt8smqv3mlcm45796jk2plummy8hu4mw5qt2d00ruxszlg6k9 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByOEZIKzdrZ0tiTyszbzVK + ZklCemxmQUZrdkJCUER4bmRmVVVqRmJEWVNZCmpLQzQvU3o2MVZ4aHVvMjhjbGVl + R00vWDhzaFFoNnhsSXJ3L0tsVnl2VkUKLS0tIGtQWEdFd3NCUG4rQVA2QmFqWmpq + Z1haZHMybW04UXlJODl4MlNXTVJtb0kKBOfEY8IqJDvZ+FfcKQJQl9LahFOIaQVm + vBBGXEr1GO8jkLvIPI8sgzZvP9/szey8zcrnIenundZLP+PbQu4upA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1275h9hxrg7a0j93nnv50zj6wtzxnkf5238p5f5xfv4q4ju0gn4jq884tqh + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6M2wxbGhCSXlMb3RJZzZD + U1ROcFRzUjNoL3VHSzByYnR5M1JmMmw2Q3p3ClYwbjVmdkNkaEhGRXYvQkVZcmxO + RDFJN1Frb1drWVVXTzdpNlFUaDFCM2MKLS0tIER5RnJoRmlOcC9BbmhzWXpFUVlD + a0dFMWlDbG1rTDFpR2JJMGY5MEVZVVUKuLSOaxjos/ce7UGcNjU2r+bMLIrygDTI + 6BqB3IUzdZyH8M33CKv0GYfuZcB/JcoM2Wxlh1PRP+mV4PHVTRn2aw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-12-21T21:17:34Z" + mac: ENC[AES256_GCM,data:8gqH1TGG9r9wW68hZjQTd1LzcOb4LRX9CAojEDDzBJTb+KabsOYEuAGOsaLbZm79s+wKgC+Uy8+l54SD1CpsJq17WMOCXKcU5+c6pXNipwjUKAcZl8indKwvutqLFu3YCUu9pXWjzKVlRm4SXhKOSrMzgwVviANwODNqH3Awfdc=,iv:ph3CvUjnB3Pw1GqZC3UKiIFzMB96EG1DvLnE3Ixux54=,tag:b/+SbaXJ396Xj0g/GinmQA==,type:str] + unencrypted_suffix: _unencrypted + version: 3.11.0 diff --git a/secrets/patchshell.yaml b/secrets/patchshell.yaml index 4a02505..5f4b51e 100644 --- a/secrets/patchshell.yaml +++ b/secrets/patchshell.yaml @@ -2,26 +2,26 @@ nebula-ca: ENC[AES256_GCM,data:QjoVD2yCeNg7xto7JLAkGFGFwEXBbSQ7B/vVHlpChT2aIFaOd nebula-cert: ENC[AES256_GCM,data:dxtMalI0+I4jD4OsU67fyztlkKso5HPhSvvJ4cMXcsOOWpRJlTHvI4vPW/ol6JVrEDnKAq2DnoDPM63dX3m7ycE32Sf/N20lYqYHIGbQJYc8BrPYkK/Sb/MGXFvxKNaxyPBUR8RNywsmzDPNn0OcM3Rlv6uXWFQxxrh1BfWzLKDd4qdwd6NjSsR7YZd3iozvj9TC9sR95pKOYic5Z23p2ilOH1SUUKvwsKux8n3yuZgnQKYrWMzRyzR7hg9IIk8GY70VPtf7AbnJdRevB7DXT5yTVo07v/I1UeDNjBoBNWmPQRWgBH7Kr/05/Dkdgi1VlEBxXAbGSaRre0t2xyrikFIok9+l/xUD3icWo2XoTCs6dL9zOPTLzYu+gK551R2RhkSNOkKkSBLkoV5p,iv:JyKqOJ67tPZgXO1s8DAUARZ55Z2Ysm3A/KnjDyKBYMc=,tag:FuweATni0DYrwLgZXsEm8A==,type:str] nebula-key: ENC[AES256_GCM,data:cQWaFHF0UCzWCNzsjRBjRV/XFL7OhyPaw5/y0QBGOn9HGD8vkU4y+pRoeUrtP66qYUFgWinrCff5w6HsoEaRMN4pYo0o1LCcEH/dLn7P19Rt1uXsWt1PRRkeDiK1SXTbT1RUCw8xaL2YTnFD53JQstK8lQU4yx8FQN6Qi6xbFw==,iv:895eQ+8OtJD01IZuQXj3melr8ebRG8pVfVQtR7/5S3s=,tag:r6xGWS/b2TYGRmmekL+/oA==,type:str] sops: - age: - - recipient: age1ah07pvg6fxt8smqv3mlcm45796jk2plummy8hu4mw5qt2d00ruxszlg6k9 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArVWNBUkJnYWpHNjBxYmFu - WWFVM2F4NHYxTWl3Q2ttQ01zWDl6eXltazBVCmNsUTJNN20vR2xlNjhOSDk0SlFi - NWJzMkpOV3ExRFJGU0lVeTA2anZEMVkKLS0tIFVqbHZIcENVMmtJQXM2eFZJNXc3 - cVZTMCt1ZEhOSXJDVkR4OHVsZDgwQVUKTXb+IVw7mEue5cHW2NeMRHyVO2fUADm6 - IreYmmV5Vx9d/G9H61R48Hm59YoL5bdOzHd3JUxUNexlYWQQr7dWBQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age168844yw9thh0n3g9g892su0p6fef76w2y3pdgsm247mvwxzza48qnlnzue - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBudXNNajlMRGQ5S00vR1Js - UXZwenNQejNwUmlQWFFTK1RrR1E0SndFaEI4Cm9qSGRXYytmZ09na3pLM3d0QmZF - UFFqS1FQSVI3RUFLcUcwazZOdFhDVHcKLS0tIEM0aUVHcVVLemxqeHNKVWJvMFd2 - N1E1dWpKdmZhdDJwY3Q0ak9mK2IyblUKfauFDlyooKJTRsBs8GPO0ogVm8Q5N9dZ - JbNs3MVpuaL9CJkfJNhYq8aVQpkdxlRX9AACAM+JoUspqXP5t6kyZw== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-12-21T21:16:21Z" - mac: ENC[AES256_GCM,data:GcdCutOedeyJsj/gOpaq0Dcp71D5+kVQuvwlEwc5iBoY7pNRUvcJaWwksEYv6sNi3wMkiu26kplzvgjkqyotqUlCxULCuBPd7DGMIp8NtPMcIzqhbKc5k/JhbvUqAEAw+oC3NxuKqKgIxerjBTinrnhE3mV/znEdCCefJn5CFeA=,iv:tBo3L49/wH81zBO0EaGgEbeJBcpf9FPcYiq9y4nF+4A=,tag:0Fi7rK7bFG64e6fC/lSpjw==,type:str] - unencrypted_suffix: _unencrypted - version: 3.11.0 + age: + - recipient: age1ah07pvg6fxt8smqv3mlcm45796jk2plummy8hu4mw5qt2d00ruxszlg6k9 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArVWNBUkJnYWpHNjBxYmFu + WWFVM2F4NHYxTWl3Q2ttQ01zWDl6eXltazBVCmNsUTJNN20vR2xlNjhOSDk0SlFi + NWJzMkpOV3ExRFJGU0lVeTA2anZEMVkKLS0tIFVqbHZIcENVMmtJQXM2eFZJNXc3 + cVZTMCt1ZEhOSXJDVkR4OHVsZDgwQVUKTXb+IVw7mEue5cHW2NeMRHyVO2fUADm6 + IreYmmV5Vx9d/G9H61R48Hm59YoL5bdOzHd3JUxUNexlYWQQr7dWBQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age168844yw9thh0n3g9g892su0p6fef76w2y3pdgsm247mvwxzza48qnlnzue + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBudXNNajlMRGQ5S00vR1Js + UXZwenNQejNwUmlQWFFTK1RrR1E0SndFaEI4Cm9qSGRXYytmZ09na3pLM3d0QmZF + UFFqS1FQSVI3RUFLcUcwazZOdFhDVHcKLS0tIEM0aUVHcVVLemxqeHNKVWJvMFd2 + N1E1dWpKdmZhdDJwY3Q0ak9mK2IyblUKfauFDlyooKJTRsBs8GPO0ogVm8Q5N9dZ + JbNs3MVpuaL9CJkfJNhYq8aVQpkdxlRX9AACAM+JoUspqXP5t6kyZw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-12-21T21:16:21Z" + mac: ENC[AES256_GCM,data:GcdCutOedeyJsj/gOpaq0Dcp71D5+kVQuvwlEwc5iBoY7pNRUvcJaWwksEYv6sNi3wMkiu26kplzvgjkqyotqUlCxULCuBPd7DGMIp8NtPMcIzqhbKc5k/JhbvUqAEAw+oC3NxuKqKgIxerjBTinrnhE3mV/znEdCCefJn5CFeA=,iv:tBo3L49/wH81zBO0EaGgEbeJBcpf9FPcYiq9y4nF+4A=,tag:0Fi7rK7bFG64e6fC/lSpjw==,type:str] + unencrypted_suffix: _unencrypted + version: 3.11.0 diff --git a/systems/default.nix b/systems/default.nix index 4c1aff8..d005f59 100644 --- a/systems/default.nix +++ b/systems/default.nix @@ -1,104 +1,109 @@ -{ lib, self, inputs, ... }: +{ + lib, + self, + inputs, + ... +}: let - additionalClasses = { - # WSL systems derive from NixOS ones. - wsl = "nixos"; - # VM systems derive from NixOS ones. - vm = "nixos"; - }; + additionalClasses = { + # WSL systems derive from NixOS ones. + wsl = "nixos"; + # VM systems derive from NixOS ones. + vm = "nixos"; + }; - # Canonicalizes a class i.e. WSL -> NixOS, NixOS -> NixOS. - canonicalizeClass = class: additionalClasses.${class} or class; + # Canonicalizes a class i.e. WSL -> NixOS, NixOS -> NixOS. + canonicalizeClass = class: additionalClasses.${class} or class; in { - imports = [ inputs.easy-hosts.flakeModule ]; + imports = [ inputs.easy-hosts.flakeModule ]; - # The system target(s) the flake supports. See 'hosts' below. - systems = [ - # For x86: NixOS, WSL, macOS (Darwin) via Rosetta. - "x86_64-linux" - "x86_64-darwin" - # For ARM64: NixOS, macOS (Darwin). - "aarch64-linux" - "aarch64-darwin" - ]; + # The system target(s) the flake supports. See 'hosts' below. + systems = [ + # For x86: NixOS, WSL, macOS (Darwin) via Rosetta. + "x86_64-linux" + "x86_64-darwin" + # For ARM64: NixOS, macOS (Darwin). + "aarch64-linux" + "aarch64-darwin" + ]; - easy-hosts = { - # The flake module(s) to share across all systems. - shared.modules = [ - ../modules/shared - ]; + easy-hosts = { + # The flake module(s) to share across all systems. + shared.modules = [ + ../modules/shared + ]; - # The additional system classes to use. - inherit additionalClasses; + # The additional system classes to use. + inherit additionalClasses; - # Per-system class configuration. - perClass = - class: - let - canonicalClass = canonicalizeClass class; - in - { - modules = builtins.concatLists [ - [ - # Include the flake module for the system's canonical class i.e. NixOS. - "${self}/modules/${canonicalClass}" - ] + # Per-system class configuration. + perClass = + class: + let + canonicalClass = canonicalizeClass class; + in + { + modules = builtins.concatLists [ + [ + # Include the flake module for the system's canonical class i.e. NixOS. + "${self}/modules/${canonicalClass}" + ] - (lib.optionals (class != canonicalClass) [ - # Include the module for the system's class i.e. WSL. - "${self}/modules/${class}" - ]) + (lib.optionals (class != canonicalClass) [ + # Include the module for the system's class i.e. WSL. + "${self}/modules/${class}" + ]) - (lib.optionals (canonicalClass == "nixos") [ - # Include input module(s) required for NixOS. - inputs.home-manager.nixosModules.home-manager - inputs.stylix.nixosModules.stylix - inputs.sops-nix.nixosModules.sops - inputs.nix-minecraft.nixosModules.minecraft-servers - ]) + (lib.optionals (canonicalClass == "nixos") [ + # Include input module(s) required for NixOS. + inputs.home-manager.nixosModules.home-manager + inputs.stylix.nixosModules.stylix + inputs.sops-nix.nixosModules.sops + inputs.nix-minecraft.nixosModules.minecraft-servers + ]) - (lib.optionals (canonicalClass == "darwin") [ - # Include input module(s) required for macOS (Darwin). - inputs.home-manager.darwinModules.home-manager - inputs.stylix.darwinModules.stylix - inputs.sops-nix.darwinModules.sops - ]) + (lib.optionals (canonicalClass == "darwin") [ + # Include input module(s) required for macOS (Darwin). + inputs.home-manager.darwinModules.home-manager + inputs.stylix.darwinModules.stylix + inputs.sops-nix.darwinModules.sops + ]) - (lib.optionals (class == "wsl") [ - # Include input module(s) required for WSL. - inputs.nixos-wsl.nixosModules.default - ]) + (lib.optionals (class == "wsl") [ + # Include input module(s) required for WSL. + inputs.nixos-wsl.nixosModules.default + ]) - (lib.optionals (class == "vm") [ - # Include input module(s) required for VM(s). - inputs.disko.nixosModules.disko - ]) - ]; - }; + (lib.optionals (class == "vm") [ + # Include input module(s) required for VM(s). + inputs.disko.nixosModules.disko + ]) + ]; + }; - # The system(s) output by the flake. - hosts = { - patchberry = { - arch = "aarch64"; - class = "nixos"; - }; - patchbox = { - arch = "x86_64"; - class = "nixos"; - }; - patchcloud = { - arch = "x86_64"; - class = "vm"; - }; - patchmini = { - arch = "aarch64"; - class = "darwin"; - }; - patchshell = { - arch = "x86_64"; - class = "wsl"; - }; - }; - }; + # The system(s) output by the flake. + hosts = { + patchberry = { + arch = "aarch64"; + class = "nixos"; + }; + patchbox = { + arch = "x86_64"; + class = "nixos"; + }; + patchcloud = { + arch = "x86_64"; + class = "vm"; + }; + patchmini = { + arch = "aarch64"; + class = "darwin"; + }; + patchshell = { + arch = "x86_64"; + class = "wsl"; + }; + }; + }; } diff --git a/systems/patchberry/default.nix b/systems/patchberry/default.nix index a3e41aa..3bc3069 100644 --- a/systems/patchberry/default.nix +++ b/systems/patchberry/default.nix @@ -1,5 +1,5 @@ { - imports = [ - ./networking.nix - ]; + imports = [ + ./networking.nix + ]; } diff --git a/systems/patchberry/networking.nix b/systems/patchberry/networking.nix index af67c06..88ec993 100644 --- a/systems/patchberry/networking.nix +++ b/systems/patchberry/networking.nix @@ -1,6 +1,6 @@ { - networking = { - # The hostname to use. - hostName = "patchberry"; - }; + networking = { + # The hostname to use. + hostName = "patchberry"; + }; } diff --git a/systems/patchbox/default.nix b/systems/patchbox/default.nix index 1b0cba7..92d9fe7 100644 --- a/systems/patchbox/default.nix +++ b/systems/patchbox/default.nix @@ -1,110 +1,109 @@ { lib, pkgs, ... }: { - imports = [ - ./hardware.nix - ./networking.nix - ]; - - flake.system = { - boot = { - # Enable silent boot. - silent = true; - }; - - services = { - chrony = { - enable = true; - }; - - ddns-updater = { - enable = true; - }; - - minecraft = { - enable = true; - - instances = { - modded = - let - modpack = pkgs.fetchPackwizModpack { - url = "https://raw.githubusercontent.com/patchoulish/minecraft-modpack/1.2.0/pack.toml"; - packHash = "sha256-mAX8Po8IoW/3JuGaiRGP/wxhYVyyFTJtz6C9XY2ihJA="; - }; - in - { - enable = true; - - # Use the latest version of Fabric for Minecraft 1.20.1. - package = pkgs.minecraftServers.fabric-1_20_1; - - symlinks = { - "mods" = "${modpack}/mods"; - }; - - # Aikar's suggested JVM flags. - # See https://www.spigotmc.org/threads/guide-optimizing-spigot-remove-lag-fix-tps-improve-performance.21726/page-10#post-1055873 - jvmOpts = lib.concatStringsSep " " [ - "-Xms6G" - "-Xmx6G" - "-XX:+UseG1GC" - "-XX:+UnlockExperimentalVMOptions" - "-XX:MaxGCPauseMillis=50" - "-XX:+DisableExplicitGC" - "-XX:TargetSurvivorRatio=90" - "-XX:G1NewSizePercent=50" - "-XX:G1MaxNewSizePercent=80" - "-XX:InitiatingHeapOccupancyPercent=10" - "-XX:G1MixedGCLiveThresholdPercent=50" - ]; - - serverProperties = { - allow-flight = true; - difficulty = "normal"; - enforce-whitelist = true; - max-players = 16; - max-world-size = 4096; - motd = "Modded Minecraft with fwends!"; - op-permission-level = 2; - snooper-enabled = false; - spawn-protection = 0; - white-list = true; - }; - - operators = { - "marxxengelsbl" = { - uuid = "2d56b3aa-2fb3-45ea-9029-627595630f90"; - level = 4; - bypassesPlayerLimit = true; - }; - }; - }; - }; - }; - - nebula = { - enable = true; - }; - }; - }; - - boot.loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - }; - - time.timeZone = "America/Toronto"; - - i18n.defaultLocale = "en_CA.UTF-8"; - - services.xserver = { - xkb = { - layout = "us"; - variant = ""; - }; - - videoDrivers = [ "nvidia" ]; - }; - - - programs.firefox.enable = true; + imports = [ + ./hardware.nix + ./networking.nix + ]; + + flake.system = { + boot = { + # Enable silent boot. + silent = true; + }; + + services = { + chrony = { + enable = true; + }; + + ddns-updater = { + enable = true; + }; + + minecraft = { + enable = true; + + instances = { + modded = + let + modpack = pkgs.fetchPackwizModpack { + url = "https://raw.githubusercontent.com/patchoulish/minecraft-modpack/1.2.0/pack.toml"; + packHash = "sha256-mAX8Po8IoW/3JuGaiRGP/wxhYVyyFTJtz6C9XY2ihJA="; + }; + in + { + enable = true; + + # Use the latest version of Fabric for Minecraft 1.20.1. + package = pkgs.minecraftServers.fabric-1_20_1; + + symlinks = { + "mods" = "${modpack}/mods"; + }; + + # Aikar's suggested JVM flags. + # See https://www.spigotmc.org/threads/guide-optimizing-spigot-remove-lag-fix-tps-improve-performance.21726/page-10#post-1055873 + jvmOpts = lib.concatStringsSep " " [ + "-Xms6G" + "-Xmx6G" + "-XX:+UseG1GC" + "-XX:+UnlockExperimentalVMOptions" + "-XX:MaxGCPauseMillis=50" + "-XX:+DisableExplicitGC" + "-XX:TargetSurvivorRatio=90" + "-XX:G1NewSizePercent=50" + "-XX:G1MaxNewSizePercent=80" + "-XX:InitiatingHeapOccupancyPercent=10" + "-XX:G1MixedGCLiveThresholdPercent=50" + ]; + + serverProperties = { + allow-flight = true; + difficulty = "normal"; + enforce-whitelist = true; + max-players = 16; + max-world-size = 4096; + motd = "Modded Minecraft with fwends!"; + op-permission-level = 2; + snooper-enabled = false; + spawn-protection = 0; + white-list = true; + }; + + operators = { + "marxxengelsbl" = { + uuid = "2d56b3aa-2fb3-45ea-9029-627595630f90"; + level = 4; + bypassesPlayerLimit = true; + }; + }; + }; + }; + }; + + nebula = { + enable = true; + }; + }; + }; + + boot.loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + + time.timeZone = "America/Toronto"; + + i18n.defaultLocale = "en_CA.UTF-8"; + + services.xserver = { + xkb = { + layout = "us"; + variant = ""; + }; + + videoDrivers = [ "nvidia" ]; + }; + + programs.firefox.enable = true; } diff --git a/systems/patchbox/hardware.nix b/systems/patchbox/hardware.nix index 5198d16..b064171 100644 --- a/systems/patchbox/hardware.nix +++ b/systems/patchbox/hardware.nix @@ -1,69 +1,75 @@ -{ lib, pkgs, config, modulesPath, ... }: { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; + lib, + pkgs, + config, + modulesPath, + ... +}: +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot = { - initrd = { - availableKernelModules = [ - "xhci_pci" - "ahci" - "usb_storage" - "usbhid" - "sd_mod" - ]; + boot = { + initrd = { + availableKernelModules = [ + "xhci_pci" + "ahci" + "usb_storage" + "usbhid" + "sd_mod" + ]; - kernelModules = [ ]; - }; + kernelModules = [ ]; + }; - kernelModules = [ "kvm-intel" ]; + kernelModules = [ "kvm-intel" ]; - extraModulePackages = [ ]; - }; + extraModulePackages = [ ]; + }; - fileSystems = { - "/" = { - device = "/dev/disk/by-uuid/81b8632b-b561-41f2-9246-1bf24268ac00"; - fsType = "ext4"; - }; - "/boot" = { - device = "/dev/disk/by-uuid/0C3C-A780"; - fsType = "vfat"; - options = [ - "fmask=0077" - "dmask=0077" - ]; - }; - }; + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/81b8632b-b561-41f2-9246-1bf24268ac00"; + fsType = "ext4"; + }; + "/boot" = { + device = "/dev/disk/by-uuid/0C3C-A780"; + fsType = "vfat"; + options = [ + "fmask=0077" + "dmask=0077" + ]; + }; + }; - swapDevices = [ ]; + swapDevices = [ ]; - hardware = { - # Enable firmware with a license allowing redistribution. - enableRedistributableFirmware = true; + hardware = { + # Enable firmware with a license allowing redistribution. + enableRedistributableFirmware = true; - cpu = { - intel = { - # Update the CPU microcode for the Intel processor. - updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - }; - }; + cpu = { + intel = { + # Update the CPU microcode for the Intel processor. + updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + }; + }; - graphics = { - # Enable hardware-accelerated graphics. - enable = true; - }; + graphics = { + # Enable hardware-accelerated graphics. + enable = true; + }; - nvidia = { - # Use the latest stable package. - package = config.boot.kernelPackages.nvidiaPackages.stable; + nvidia = { + # Use the latest stable package. + package = config.boot.kernelPackages.nvidiaPackages.stable; - # Use the open-source kernel module as the GTX 1660 Ti is supported. - open = true; + # Use the open-source kernel module as the GTX 1660 Ti is supported. + open = true; - # Disable nvidia-settings. - nvidiaSettings = false; - }; - }; + # Disable nvidia-settings. + nvidiaSettings = false; + }; + }; } diff --git a/systems/patchbox/networking.nix b/systems/patchbox/networking.nix index 7b680a9..71f298a 100644 --- a/systems/patchbox/networking.nix +++ b/systems/patchbox/networking.nix @@ -1,14 +1,14 @@ { lib, ... }: { - networking = { - # The hostname to use. - hostName = "patchbox"; + networking = { + # The hostname to use. + hostName = "patchbox"; - # Use DHCP. - useDHCP = lib.mkDefault true; + # Use DHCP. + useDHCP = lib.mkDefault true; - networkmanager = { - enable = true; - }; - }; + networkmanager = { + enable = true; + }; + }; } diff --git a/systems/patchcloud/default.nix b/systems/patchcloud/default.nix index 0d751d0..2e47478 100644 --- a/systems/patchcloud/default.nix +++ b/systems/patchcloud/default.nix @@ -1,29 +1,29 @@ { - imports = [ - ./disk.nix - ./hardware.nix - ./networking.nix - ]; + imports = [ + ./disk.nix + ./hardware.nix + ./networking.nix + ]; - flake.system = { - services = { - chrony = { - enable = true; - }; + flake.system = { + services = { + chrony = { + enable = true; + }; - nebula = { - enable = true; - isLighthouse = true; - }; - }; - }; + nebula = { + enable = true; + isLighthouse = true; + }; + }; + }; - boot.loader.grub = { - efiSupport = true; - efiInstallAsRemovable = true; - }; + boot.loader.grub = { + efiSupport = true; + efiInstallAsRemovable = true; + }; - time.timeZone = "America/Toronto"; + time.timeZone = "America/Toronto"; - i18n.defaultLocale = "en_CA.UTF-8"; + i18n.defaultLocale = "en_CA.UTF-8"; } diff --git a/systems/patchcloud/disk.nix b/systems/patchcloud/disk.nix index e827ace..b97062e 100644 --- a/systems/patchcloud/disk.nix +++ b/systems/patchcloud/disk.nix @@ -1,61 +1,61 @@ { lib, ... }: { - disko.devices = { - disk.disk1 = { - device = lib.mkDefault "/dev/vda"; - type = "disk"; - content = { - type = "gpt"; - partitions = { - # Dummy partition. - boot = { - name = "boot"; - size = "1M"; - type = "EF02"; - }; + disko.devices = { + disk.disk1 = { + device = lib.mkDefault "/dev/vda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + # Dummy partition. + boot = { + name = "boot"; + size = "1M"; + type = "EF02"; + }; - # ESP partition. - esp = { - name = "ESP"; - size = "512M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - }; - }; + # ESP partition. + esp = { + name = "ESP"; + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; - # Root partition. - root = { - name = "root"; - size = "100%"; - content = { - type = "lvm_pv"; - vg = "pool"; - }; - }; - }; - }; - }; + # Root partition. + root = { + name = "root"; + size = "100%"; + content = { + type = "lvm_pv"; + vg = "pool"; + }; + }; + }; + }; + }; - lvm_vg = { - pool = { - type = "lvm_vg"; - lvs = { - root = { - size = "100%FREE"; - content = { - type = "filesystem"; - format = "ext4"; - mountpoint = "/"; - mountOptions = [ - "defaults" - ]; - }; - }; - }; - }; - }; - }; + lvm_vg = { + pool = { + type = "lvm_vg"; + lvs = { + root = { + size = "100%FREE"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + mountOptions = [ + "defaults" + ]; + }; + }; + }; + }; + }; + }; } diff --git a/systems/patchcloud/hardware.nix b/systems/patchcloud/hardware.nix index d5f5785..dd14b43 100644 --- a/systems/patchcloud/hardware.nix +++ b/systems/patchcloud/hardware.nix @@ -1,42 +1,42 @@ { lib, modulesPath, ... }: { - imports = [ - (modulesPath + "/profiles/qemu-guest.nix") - ]; + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; - boot = { - initrd = { - availableKernelModules = [ - "ata_piix" - "uhci_hcd" - "virtio_pci" - "virtio_blk" - ]; + boot = { + initrd = { + availableKernelModules = [ + "ata_piix" + "uhci_hcd" + "virtio_pci" + "virtio_blk" + ]; - kernelModules = [ - "dm-snapshot" - ]; - }; + kernelModules = [ + "dm-snapshot" + ]; + }; - kernelModules = [ "kvm-intel" ]; + kernelModules = [ "kvm-intel" ]; - extraModulePackages = [ ]; - }; + extraModulePackages = [ ]; + }; - fileSystems = { - "/" = { - device = "/dev/mapper/pool-root"; - fsType = "ext4"; - }; - "/boot" = { - device = "/dev/disk/by-uuid/F631-55CE"; - fsType = "vfat"; - options = [ - "fmask=0022" - "dmask=0022" - ]; - }; - }; + fileSystems = { + "/" = { + device = "/dev/mapper/pool-root"; + fsType = "ext4"; + }; + "/boot" = { + device = "/dev/disk/by-uuid/F631-55CE"; + fsType = "vfat"; + options = [ + "fmask=0022" + "dmask=0022" + ]; + }; + }; - swapDevices = [ ]; + swapDevices = [ ]; } diff --git a/systems/patchcloud/networking.nix b/systems/patchcloud/networking.nix index efdb5ba..1c46ea3 100644 --- a/systems/patchcloud/networking.nix +++ b/systems/patchcloud/networking.nix @@ -1,6 +1,6 @@ { - networking = { - # The hostname to use. - hostName = "patchcloud"; - }; + networking = { + # The hostname to use. + hostName = "patchcloud"; + }; } diff --git a/systems/patchmini/default.nix b/systems/patchmini/default.nix index a3e41aa..3bc3069 100644 --- a/systems/patchmini/default.nix +++ b/systems/patchmini/default.nix @@ -1,5 +1,5 @@ { - imports = [ - ./networking.nix - ]; + imports = [ + ./networking.nix + ]; } diff --git a/systems/patchmini/networking.nix b/systems/patchmini/networking.nix index beeb82d..8eb5d36 100644 --- a/systems/patchmini/networking.nix +++ b/systems/patchmini/networking.nix @@ -1,11 +1,11 @@ { - networking = { - # The hostname to use. - hostName = "patchmini"; + networking = { + # The hostname to use. + hostName = "patchmini"; - wakeOnLan = { - # Disable wake-on-LAN. I don't use it. - enable = false; - }; - }; + wakeOnLan = { + # Disable wake-on-LAN. I don't use it. + enable = false; + }; + }; } diff --git a/systems/patchshell/default.nix b/systems/patchshell/default.nix index d89ddba..6bd25da 100644 --- a/systems/patchshell/default.nix +++ b/systems/patchshell/default.nix @@ -1,18 +1,18 @@ { - imports = [ - ./networking.nix - ./wsl.nix - ]; + imports = [ + ./networking.nix + ./wsl.nix + ]; - flake.system = { - services = { - chrony = { - enable = true; - }; + flake.system = { + services = { + chrony = { + enable = true; + }; - nebula = { - enable = true; - }; - }; - }; + nebula = { + enable = true; + }; + }; + }; } diff --git a/systems/patchshell/networking.nix b/systems/patchshell/networking.nix index 4cb838c..d792c34 100644 --- a/systems/patchshell/networking.nix +++ b/systems/patchshell/networking.nix @@ -1,6 +1,6 @@ { - networking = { - # The hostname to use. - hostName = "patchshell"; - }; + networking = { + # The hostname to use. + hostName = "patchshell"; + }; } diff --git a/systems/patchshell/wsl.nix b/systems/patchshell/wsl.nix index 685fbd3..040c4b1 100644 --- a/systems/patchshell/wsl.nix +++ b/systems/patchshell/wsl.nix @@ -1,10 +1,10 @@ { - wsl = { - wslConf = { - network = { - # The hostname to use. - hostname = "patchshell"; - }; - }; - }; + wsl = { + wslConf = { + network = { + # The hostname to use. + hostname = "patchshell"; + }; + }; + }; } From e41f4f60dab4248a3cc6f2498381d9924c14a9f7 Mon Sep 17 00:00:00 2001 From: patchoulish Date: Mon, 29 Dec 2025 16:22:09 -0500 Subject: [PATCH 8/8] Update readme --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 1856c49..be8ad2b 100644 --- a/README.md +++ b/README.md @@ -79,6 +79,7 @@ sudo nix run nix-darwin/nix-darwin-25.11#darwin-rebuild -- switch --flake .#