diff options
34 files changed, 675 insertions, 624 deletions
@@ -21,64 +21,79 @@ }; }; - outputs = { self, nixpkgs, home-manager, nix-darwin, agenix, push-notification-api, ... }@inputs: - let - args = { - flakeInputs = inputs; - flakeOutputs = self.outputs; - metadata = nixpkgs.lib.importTOML ./metadata.toml; - }; + outputs = { + self, + nixpkgs, + home-manager, + nix-darwin, + agenix, + push-notification-api, + ... + } @ inputs: let + args = { + flakeInputs = inputs; + flakeOutputs = self.outputs; + metadata = nixpkgs.lib.importTOML ./metadata.toml; + }; - darwinModules = builtins.attrValues (import ./modules/darwin); - nixosModules = builtins.attrValues (import ./modules/nixos); + darwinModules = builtins.attrValues (import ./modules/darwin); + nixosModules = builtins.attrValues (import ./modules/nixos); - # This is a function that generates an attribute by calling a function - # you pass to it, with each system as an argument. `systems` lists all - # supported systems. - systems = [ - "aarch64-linux" - "i686-linux" - "x86_64-linux" - "aarch64-darwin" - "x86_64-darwin" - ]; - forAllSystems = nixpkgs.lib.genAttrs systems; - in - { - darwinConfigurations = { - muhammed = nix-darwin.lib.darwinSystem { - inherit inputs; - system = "aarch64-darwin"; - modules = [ - { _module.args = args; } + # This is a function that generates an attribute by calling a function + # you pass to it, with each system as an argument. `systems` lists all + # supported systems. + systems = [ + "aarch64-linux" + "i686-linux" + "x86_64-linux" + "aarch64-darwin" + "x86_64-darwin" + ]; + forAllSystems = nixpkgs.lib.genAttrs systems; + in { + darwinConfigurations = { + muhammed = nix-darwin.lib.darwinSystem { + inherit inputs; + system = "aarch64-darwin"; + modules = + [ + {_module.args = args;} home-manager.darwinModules.home-manager ./hosts/muhammed/configuration.nix ./hosts/common.nix ./home - ] ++ darwinModules; - }; + ] + ++ darwinModules; }; + }; - nixosConfigurations = { - ahmed = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - { _module.args = args; } + nixosConfigurations = { + ahmed = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = + [ + {_module.args = args;} home-manager.nixosModules.home-manager agenix.nixosModules.default push-notification-api.nixosModules.default ./hosts/ahmed/configuration.nix ./hosts/common.nix ./home - ] ++ nixosModules; - }; + ] + ++ nixosModules; }; + }; - packages = forAllSystems (system: import ./pkgs nixpkgs.legacyPackages.${system}); + # Formatter to be run when `nix fmt` is executed. + formatter = + forAllSystems (system: nixpkgs.legacyPackages.${system}.alejandra); - overlays = import ./overlays; + packages = + forAllSystems (system: import ./pkgs nixpkgs.legacyPackages.${system}); - darwinModules = import ./modules/darwin; - nixosModules = import ./modules/nixos; - }; + overlays = import ./overlays; + + darwinModules = import ./modules/darwin; + nixosModules = import ./modules/nixos; + }; } diff --git a/home/default.nix b/home/default.nix index 3687c53..2c43efb 100644 --- a/home/default.nix +++ b/home/default.nix @@ -1,24 +1,26 @@ -{ flakeInputs, flakeOutputs, metadata, ... }: - { + flakeInputs, + flakeOutputs, + metadata, + ... +}: { # Use the flake input pkgs so Home Manager configuration can share overlays # etc. with the rest of the configuration. home-manager.useGlobalPkgs = true; # Pass special arguments from flake.nix further down the chain. I really hate # this split module system. - home-manager.extraSpecialArgs = { inherit flakeInputs flakeOutputs metadata; }; + home-manager.extraSpecialArgs = {inherit flakeInputs flakeOutputs metadata;}; # OKAY FUCK THIS SHIT. THERE IS ONE USER. IT IS ME. LINUS. I WILL ADD # MULTIUSER SUPPORT IF IT EVER BECOMES A REQUIREMENT. home-manager.users.linus = { - imports = - [ - ./neovim - ./zsh - ./git - ./dev-utils - ]; + imports = [ + ./neovim + ./zsh + ./git + ./dev-utils + ]; xdg.enable = true; }; diff --git a/home/dev-utils/default.nix b/home/dev-utils/default.nix index 77d8085..1bb9e57 100644 --- a/home/dev-utils/default.nix +++ b/home/dev-utils/default.nix @@ -1,19 +1,23 @@ -{ pkgs, lib, ... }: - { - home.packages = - with pkgs; [ + pkgs, + lib, + ... +}: { + home.packages = with pkgs; + [ cling deno - (python311Full.withPackages (ps: with ps; [ - virtualenv - tkinter - ])) + (python311Full.withPackages (ps: + with ps; [ + virtualenv + tkinter + ])) imagemagick nodePackages_latest.nodemon rlwrap tcl-8_6 - ] ++ lib.optional pkgs.stdenv.isDarwin trash; + ] + ++ lib.optional pkgs.stdenv.isDarwin trash; - home.sessionVariables.MANPATH = lib.optionalString pkgs.stdenv.isDarwin "/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/usr/share/man:/Applications/Xcode.app/Contents/Developer/usr/share/man:/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/share/man:$MANPATH"; + home.sessionVariables.MANPATH = lib.optionalString pkgs.stdenv.isDarwin "/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/usr/share/man:/Applications/Xcode.app/Contents/Developer/usr/share/man:/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/share/man:$MANPATH"; } diff --git a/home/git/default.nix b/home/git/default.nix index 4199ebc..bd7295e 100644 --- a/home/git/default.nix +++ b/home/git/default.nix @@ -1,6 +1,4 @@ -{ ... }: - -{ +{...}: { programs.git = { enable = true; diff --git a/home/neovim/completion.nix b/home/neovim/completion.nix index f3be603..70d6e1a 100644 --- a/home/neovim/completion.nix +++ b/home/neovim/completion.nix @@ -1,8 +1,9 @@ # This module sets up auto completion for Neovim. - -{ pkgs, lib, ... }: - { + pkgs, + lib, + ... +}: { programs.neovim.plugins = with pkgs.vimPlugins; [ # This is the actual completion engine. { diff --git a/home/neovim/default.nix b/home/neovim/default.nix index ccf6dc5..4d49854 100644 --- a/home/neovim/default.nix +++ b/home/neovim/default.nix @@ -1,15 +1,15 @@ # This file contains the HM configuration options for Neovim. - -{ pkgs, lib, ... }: - { - imports = - [ - ./lsp.nix - ./filetype.nix - ./completion.nix - ./plugins.nix - ]; + pkgs, + lib, + ... +}: { + imports = [ + ./lsp.nix + ./filetype.nix + ./completion.nix + ./plugins.nix + ]; programs.neovim = { enable = true; diff --git a/home/neovim/filetype.nix b/home/neovim/filetype.nix index 66d5e68..8dc9536 100644 --- a/home/neovim/filetype.nix +++ b/home/neovim/filetype.nix @@ -1,8 +1,5 @@ # This module configures various syntax/filetype plugins for Neovim. - -{ pkgs, ... }: - -let +{pkgs, ...}: let vim-noweb = pkgs.vimUtils.buildVimPlugin { pname = "vim-noweb"; version = "26-08-2023"; # day of retrieval @@ -11,8 +8,7 @@ let hash = "sha256-c5eUZiKIjAfjJ33l821h5DjozMpMf0CaK03QIkSUfxg="; }; }; -in -{ +in { programs.neovim.plugins = with pkgs.vimPlugins; [ vim-nix vim-noweb diff --git a/home/neovim/lsp.nix b/home/neovim/lsp.nix index 5a80758..3aa3094 100644 --- a/home/neovim/lsp.nix +++ b/home/neovim/lsp.nix @@ -1,10 +1,11 @@ # This module sets up LSP server configurations for Neovim. It is waaay # overcomplicated as it kind of turned into an experiment in generating Lua # code from a Nix attrset. - -{ pkgs, lib, ... }: - { + pkgs, + lib, + ... +}: { programs.neovim.plugins = [ { plugin = pkgs.vimPlugins.nvim-lspconfig; @@ -87,7 +88,6 @@ } ]; } - # I spent like an hour writing this, only to find it was a pretty bad idea. # # nixToLua = s: @@ -107,3 +107,4 @@ # toString s # else # throw "Cannot convert ${builtins.typeOf s} to Lua value!"; + diff --git a/home/neovim/plugins.nix b/home/neovim/plugins.nix index 89cd6e7..1e0a707 100644 --- a/home/neovim/plugins.nix +++ b/home/neovim/plugins.nix @@ -1,8 +1,9 @@ # This module sets up and configures various miscellaneous plugins. - -{ pkgs, lib, ... }: - { + pkgs, + lib, + ... +}: { programs.neovim.plugins = [ { plugin = pkgs.vimPlugins.vim-localvimrc; diff --git a/home/zsh/default.nix b/home/zsh/default.nix index 91c7ba3..8884f56 100644 --- a/home/zsh/default.nix +++ b/home/zsh/default.nix @@ -1,10 +1,12 @@ -{ pkgs, config, lib, ... }: - { - imports = - [ - ./plugins.nix - ]; + pkgs, + config, + lib, + ... +}: { + imports = [ + ./plugins.nix + ]; programs.zsh = { enable = true; diff --git a/home/zsh/plugins.nix b/home/zsh/plugins.nix index 68e1bfc..73a35a3 100644 --- a/home/zsh/plugins.nix +++ b/home/zsh/plugins.nix @@ -1,76 +1,77 @@ -{ pkgs, lib, config, ... }: - -let +{ + pkgs, + lib, + config, + ... +}: let inherit (lib.strings) concatStringsSep; inherit (lib.attrsets) catAttrs; - plugins = - [ - { - name = "autovenv"; + plugins = [ + { + name = "autovenv"; + src = pkgs.fetchFromGitHub { + owner = "linnnus"; + repo = "autovenv"; + rev = "d9f0cd7"; + hash = "sha256-GfJIybMYxE97xLSkrOSGsn+AREmnCyqe9n2aZwjw4w4="; + }; + } + { + name = "zsh-cwd-history"; + src = pkgs.stdenvNoCC.mkDerivation rec { + pname = "zsh-cwd-history"; + version = "73afed8"; + src = pkgs.fetchFromGitHub { - owner = "linnnus"; - repo = "autovenv"; - rev = "d9f0cd7"; - hash = "sha256-GfJIybMYxE97xLSkrOSGsn+AREmnCyqe9n2aZwjw4w4="; + owner = "ericfreese"; + repo = pname; + rev = version; + hash = "sha256-xW11wPFDuFU80AzgAgLwkvK7Qv58fo3i3kSasE3p0zs="; }; - } - { - name = "zsh-cwd-history"; - src = pkgs.stdenvNoCC.mkDerivation rec { - pname = "zsh-cwd-history"; - version = "73afed8"; - src = pkgs.fetchFromGitHub { - owner = "ericfreese"; - repo = pname; - rev = version; - hash = "sha256-xW11wPFDuFU80AzgAgLwkvK7Qv58fo3i3kSasE3p0zs="; - }; + fixupPhase = '' + substituteInPlace ${pname}.zsh \ + --replace md5 ${pkgs.hashdeep}/bin/md5deep - fixupPhase = '' - substituteInPlace ${pname}.zsh \ - --replace md5 ${pkgs.hashdeep}/bin/md5deep - - mkdir -p $out - mv * $out - ''; + mkdir -p $out + mv * $out + ''; - # This is kind of a weird, useless derivation, so we have to - # manually avoid doing lots of the usual stuff. - dontInstall = true; - }; - config = '' - # Where to but history files - export ZSH_CWD_HISTORY_DIR=${config.xdg.dataHome}/zsh-cwd-history - mkdir -p "$ZSH_CWD_HISTORY_DIR" + # This is kind of a weird, useless derivation, so we have to + # manually avoid doing lots of the usual stuff. + dontInstall = true; + }; + config = '' + # Where to but history files + export ZSH_CWD_HISTORY_DIR=${config.xdg.dataHome}/zsh-cwd-history + mkdir -p "$ZSH_CWD_HISTORY_DIR" - # Toggle between global/local history - bindkey '^G' cwd-history-toggle - ''; - } - { - name = "zsh-vi-mode-cursor"; - src = pkgs.fetchFromGitHub { - owner = "Buckmeister"; - repo = "zsh-vi-mode-cursor"; - rev = "fa7cc0973ee71636e906e25e782d0aea19545d60"; - hash = "sha256-j73M4bvAoHWt5Wwg47hM0p5Or74x/3btTOPnI22SqG8="; - }; - } - { - name = "zsh-nix-shell"; - file = "nix-shell.plugin.zsh"; - src = pkgs.fetchFromGitHub { - owner = "chisui"; - repo = "zsh-nix-shell"; - rev = "v0.7.0"; - sha256 = "149zh2rm59blr2q458a5irkfh82y3dwdich60s9670kl3cl5h2m1"; - }; - } - ]; -in -{ + # Toggle between global/local history + bindkey '^G' cwd-history-toggle + ''; + } + { + name = "zsh-vi-mode-cursor"; + src = pkgs.fetchFromGitHub { + owner = "Buckmeister"; + repo = "zsh-vi-mode-cursor"; + rev = "fa7cc0973ee71636e906e25e782d0aea19545d60"; + hash = "sha256-j73M4bvAoHWt5Wwg47hM0p5Or74x/3btTOPnI22SqG8="; + }; + } + { + name = "zsh-nix-shell"; + file = "nix-shell.plugin.zsh"; + src = pkgs.fetchFromGitHub { + owner = "chisui"; + repo = "zsh-nix-shell"; + rev = "v0.7.0"; + sha256 = "149zh2rm59blr2q458a5irkfh82y3dwdich60s9670kl3cl5h2m1"; + }; + } + ]; +in { programs.zsh = { plugins = map (p: removeAttrs p ["config"]) plugins; diff --git a/hosts/ahmed/cloudflare-ddns.nix b/hosts/ahmed/cloudflare-ddns.nix index a118fa6..a03a8a3 100644 --- a/hosts/ahmed/cloudflare-ddns.nix +++ b/hosts/ahmed/cloudflare-ddns.nix @@ -1,11 +1,10 @@ # This module sets up cloudflare-dyndns for <linus.onl>. - -{ lib, config, ... }: - -let - -in { + lib, + config, + ... +}: let +in { age.secrets.cloudflare-dyndns-api-token.file = ../../secrets/cloudflare-ddns-token.env.age; services.cloudflare-dyndns = { enable = true; diff --git a/hosts/ahmed/configuration.nix b/hosts/ahmed/configuration.nix index 2fb6d2e..19e6912 100644 --- a/hosts/ahmed/configuration.nix +++ b/hosts/ahmed/configuration.nix @@ -1,23 +1,24 @@ # This file conatins the host-specific configuration for a shitty webserver in # my closet. - -{ config, pkgs, lib, ... }: - { - imports = - [ - ./hardware-configuration.nix - ./ssh.nix - ./linus.onl.nix - ./notifications.linus.onl.nix - ./graphics.nix - ]; + config, + pkgs, + lib, + ... +}: { + imports = [ + ./hardware-configuration.nix + ./ssh.nix + ./linus.onl.nix + ./notifications.linus.onl.nix + ./graphics.nix + ]; # Create the main user. users.users.linus = { isNormalUser = true; hashedPassword = "$y$j9T$kNJ5L50Si0sAhdrHyO19I1$YcwXZ46dI.ApLMgZSj7qImq9FrSL0CEUeoJUS8P1103"; - extraGroups = [ "wheel" ]; + extraGroups = ["wheel"]; }; # Use the systemd-boot EFI boot loader. @@ -35,7 +36,7 @@ console = { font = "sun12x22"; # This font is pretty readable on the cracked display. - keyMap = "dk"; # This host has a Danish keyboard layout. + keyMap = "dk"; # This host has a Danish keyboard layout. }; # Set up Minecraft server. @@ -75,7 +76,7 @@ }; # Listen for HTTP connections. - networking.firewall.allowedTCPPorts = [ 80 443 ]; + networking.firewall.allowedTCPPorts = [80 443]; # We are running behind CF proxy. modules.cloudflare-proxy.enable = true; diff --git a/hosts/ahmed/graphics.nix b/hosts/ahmed/graphics.nix index be7c9c9..f54d043 100644 --- a/hosts/ahmed/graphics.nix +++ b/hosts/ahmed/graphics.nix @@ -1,14 +1,15 @@ # This module configures a basic graphical environment. I use this sometimes for # ahmed when muhammed is being repaired. - -{ config, lib, pkgs, ... }: - -let +{ + config, + lib, + pkgs, + ... +}: let inherit (lib) mkEnableOption mkIf; cfg = config.modules.graphics; -in -{ +in { options.modules.graphics.enable = mkEnableOption "basic graphical environment"; config = mkIf cfg.enable { @@ -29,7 +30,7 @@ in hardware.pulseaudio.enable = true; environment.systemPackages = with pkgs; [ - st # suckless terminal - dwm is pretty sucky without this + st # suckless terminal - dwm is pretty sucky without this dmenu # application launcher ]; }; diff --git a/hosts/ahmed/hardware-configuration.nix b/hosts/ahmed/hardware-configuration.nix index bae3db1..48a2786 100644 --- a/hosts/ahmed/hardware-configuration.nix +++ b/hosts/ahmed/hardware-configuration.nix @@ -1,33 +1,33 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { - imports = - [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; - fileSystems."/" = - { - device = "/dev/disk/by-label/nixos"; #"/dev/disk/by-uuid/a51aa876-0ba2-437f-b2fd-04ef18bdea79"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-label/nixos"; #"/dev/disk/by-uuid/a51aa876-0ba2-437f-b2fd-04ef18bdea79"; + fsType = "ext4"; + }; - fileSystems."/boot" = - { - device = "/dev/disk/by-label/boot"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-label/boot"; + fsType = "vfat"; + }; - swapDevices = - [{ device = "/dev/disk/by-label/swap"; }]; + swapDevices = [{device = "/dev/disk/by-label/swap";}]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/hosts/ahmed/linus.onl.nix b/hosts/ahmed/linus.onl.nix index a8e4190..52703fe 100644 --- a/hosts/ahmed/linus.onl.nix +++ b/hosts/ahmed/linus.onl.nix @@ -1,13 +1,15 @@ -{ pkgs, lib, config, ... }: - -let +{ + pkgs, + lib, + config, + ... +}: let inherit (lib) mkEnableOption mkOption types mkIf optional; domain = "linus.onl"; cfg = config.modules."${domain}"; -in -{ +in { options.modules."${domain}" = { enable = mkEnableOption "${domain} static site"; @@ -21,10 +23,10 @@ in group = "${domain}-builder"; isSystemUser = true; }; - users.groups."${domain}-builder" = { }; + users.groups."${domain}-builder" = {}; # Create the output directory. - system.activationScripts."${domain}-create-www" = lib.stringAfter [ "var" ] '' + system.activationScripts."${domain}-create-www" = lib.stringAfter ["var"] '' mkdir -p /var/www/${domain} chown ${domain}-builder /var/www/${domain} chgrp ${domain}-builder /var/www/${domain} @@ -73,17 +75,17 @@ in # TODO: Harden service # Network must be online for us to check. - after = [ "network-online.target" ]; - requires = [ "network-online.target" ]; + after = ["network-online.target"]; + requires = ["network-online.target"]; # We must generate some files for NGINX to serve, so this should be run # before NGINX. - before = [ "nginx.service" ]; - wantedBy = [ "nginx.service" ]; + before = ["nginx.service"]; + wantedBy = ["nginx.service"]; }; # Register domain name with ddns. - services.cloudflare-dyndns.domains = [ domain ]; + services.cloudflare-dyndns.domains = [domain]; # Register virtual host. services.nginx = { diff --git a/hosts/ahmed/notifications.linus.onl.nix b/hosts/ahmed/notifications.linus.onl.nix index 7addaad..d77a0e7 100644 --- a/hosts/ahmed/notifications.linus.onl.nix +++ b/hosts/ahmed/notifications.linus.onl.nix @@ -1,6 +1,9 @@ -{ pkgs, lib, config, ... }: - -let +{ + pkgs, + lib, + config, + ... +}: let inherit (lib) mkEnableOption mkOption types mkIf optional; domain = "notifications.linus.onl"; @@ -9,8 +12,7 @@ let internal-port = 13082; cfg = config.modules."notifications.linus.onl"; -in -{ +in { options.modules."notifications.linus.onl" = { enable = mkEnableOption "notifications.linus.onl static site"; @@ -27,7 +29,7 @@ in }; # Register domain name. - services.cloudflare-dyndns.domains = [ "notifications.linus.onl" ]; + services.cloudflare-dyndns.domains = ["notifications.linus.onl"]; # Serve the generated page using NGINX. services.nginx.virtualHosts."notifications.linus.onl" = { diff --git a/hosts/ahmed/ssh.nix b/hosts/ahmed/ssh.nix index dfe4c30..3c6b7ad 100644 --- a/hosts/ahmed/ssh.nix +++ b/hosts/ahmed/ssh.nix @@ -1,19 +1,19 @@ # This file configures openSSH on this host. - -{ lib, metadata, ... }: - { + lib, + metadata, + ... +}: { # Who is allowed/expected to connect to this machine? - networking.firewall.allowedTCPPorts = [ 22 ]; + networking.firewall.allowedTCPPorts = [22]; services.openssh = { enable = true; - settings.PasswordAuthentication = false; + settings.PasswordAuthentication = false; }; users.users = lib.genAttrs ["root" "linus"] (_: { - openssh.authorizedKeys.keys = - [ - metadata.hosts.muhammed.sshPubKey - ]; + openssh.authorizedKeys.keys = [ + metadata.hosts.muhammed.sshPubKey + ]; }); } diff --git a/hosts/common.nix b/hosts/common.nix index eefc667..20d9919 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -1,22 +1,25 @@ # Shared configuraion regardless of hosts. - -{ pkgs, options, flakeInputs, flakeOutputs, ... }: - { + pkgs, + options, + flakeInputs, + flakeOutputs, + ... +}: { # Enable de facto stable features. - nix.settings.experimental-features = [ "nix-command" "flakes" ]; + nix.settings.experimental-features = ["nix-command" "flakes"]; # Use overlays from this repo for building system configuration as well as # system-wide. # # See: https://nixos.wiki/wiki/Overlays#Using_nixpkgs.overlays_from_configuration.nix_as_.3Cnixpkgs-overlays.3E_in_your_NIX_PATH - nixpkgs.overlays = [ flakeOutputs.overlays.additions flakeOutputs.overlays.modifications ]; - nix.nixPath = options.nix.nixPath.default ++ [ "nixpkgs-overlays=${flakeInputs.self}/overlays/compat.nix" ]; + nixpkgs.overlays = [flakeOutputs.overlays.additions flakeOutputs.overlays.modifications]; + nix.nixPath = options.nix.nixPath.default ++ ["nixpkgs-overlays=${flakeInputs.self}/overlays/compat.nix"]; # Set ZSH as the shell. # https://nixos.wiki/wiki/Command_Shell#Changing_default_shelltrue programs.zsh.enable = true; - environment.shells = [ pkgs.zsh ]; + environment.shells = [pkgs.zsh]; users.users.linus.shell = pkgs.zsh; # Very basic system administration tools. diff --git a/hosts/muhammed/configuration.nix b/hosts/muhammed/configuration.nix index 6fac35f..a9ae6a6 100644 --- a/hosts/muhammed/configuration.nix +++ b/hosts/muhammed/configuration.nix @@ -1,8 +1,5 @@ # This file contains the configuration for my Macbook Pro. - -{ flakeInputs, ... }: - -{ +{flakeInputs, ...}: { # Specify the location of this configuration file. Very meta. environment.darwinConfig = flakeInputs.self + "/hosts/muhammed/configuration.nix"; @@ -23,15 +20,13 @@ security.pam.enableSudoTouchIdAuth = true; # Don't request password for running pmset. - environment.etc."sudoers.d/10-unauthenticated-commands".text = - let - commands = [ - "/usr/bin/pmset" - ]; - in - '' - %admin ALL=(ALL:ALL) NOPASSWD: ${builtins.concatStringsSep ", " commands} - ''; + environment.etc."sudoers.d/10-unauthenticated-commands".text = let + commands = [ + "/usr/bin/pmset" + ]; + in '' + %admin ALL=(ALL:ALL) NOPASSWD: ${builtins.concatStringsSep ", " commands} + ''; services.still-awake.enable = true; diff --git a/modules/darwin/default.nix b/modules/darwin/default.nix index 2419e48..832940f 100644 --- a/modules/darwin/default.nix +++ b/modules/darwin/default.nix @@ -1,4 +1,3 @@ - { still-awake = import ./still-awake; } diff --git a/modules/darwin/still-awake/default.nix b/modules/darwin/still-awake/default.nix index a02c0f6..332ea5c 100644 --- a/modules/darwin/still-awake/default.nix +++ b/modules/darwin/still-awake/default.nix @@ -1,49 +1,76 @@ -{ pkgs, lib, config, ... }: - -let +{ + pkgs, + lib, + config, + ... +}: let inherit (lib) mkIf mkEnableOption; cfg = config.services.still-awake; -in -{ +in { options.services.still-awake.enable = mkEnableOption "still-awake launchd job"; config = mkIf cfg.enable { - launchd.agents."still-awake" = - let - # https://macperformanceguide.com/blog/2022/20221125_2044-launch_daemon-launchctl-posix-spawn-permission-denied.html - log-file = "/tmp/still-awake.log"; - in - { - serviceConfig = { - ProgramArguments = [ "${pkgs.still-awake}/bin/still-awake" ]; - ProcessType = "Interactive"; + launchd.agents."still-awake" = let + # https://macperformanceguide.com/blog/2022/20221125_2044-launch_daemon-launchctl-posix-spawn-permission-denied.html + log-file = "/tmp/still-awake.log"; + in { + serviceConfig = { + ProgramArguments = ["${pkgs.still-awake}/bin/still-awake"]; + ProcessType = "Interactive"; - # WARNING: These times must match the ones specified in ${source}! - StartCalendarInterval = [ - { Hour = 21; Minute = 30; } - { Hour = 22; } - { Hour = 22; Minute = 30; } - { Hour = 23; } - { Hour = 23; Minute = 30; } - { Hour = 23; } - { Hour = 23; Minute = 30; } - { Hour = 00; } - { Hour = 00; Minute = 30; } - { Hour = 01; } - { Hour = 01; Minute = 30; } - { Hour = 02; } - { Hour = 02; Minute = 30; } - { Hour = 03; } - { Hour = 03; Minute = 30; } - { Hour = 04; } - { Hour = 04; Minute = 30; } - { Hour = 05; } - ]; + # WARNING: These times must match the ones specified in ${source}! + StartCalendarInterval = [ + { + Hour = 21; + Minute = 30; + } + {Hour = 22;} + { + Hour = 22; + Minute = 30; + } + {Hour = 23;} + { + Hour = 23; + Minute = 30; + } + {Hour = 23;} + { + Hour = 23; + Minute = 30; + } + {Hour = 00;} + { + Hour = 00; + Minute = 30; + } + {Hour = 01;} + { + Hour = 01; + Minute = 30; + } + {Hour = 02;} + { + Hour = 02; + Minute = 30; + } + {Hour = 03;} + { + Hour = 03; + Minute = 30; + } + {Hour = 04;} + { + Hour = 04; + Minute = 30; + } + {Hour = 05;} + ]; - StandardOutPath = log-file; - StandardErrorPath = log-file; - }; + StandardOutPath = log-file; + StandardErrorPath = log-file; }; + }; }; } diff --git a/modules/nixos/cloudflare-proxy/default.nix b/modules/nixos/cloudflare-proxy/default.nix index 87d3857..216a31d 100644 --- a/modules/nixos/cloudflare-proxy/default.nix +++ b/modules/nixos/cloudflare-proxy/default.nix @@ -1,38 +1,37 @@ # This module adds some extra configuration useful when running behid a Cloudflare Proxy. # - -{ config, lib, pkgs, ... }: - -let +{ + config, + lib, + pkgs, + ... +}: let inherit (lib) mkEnableOption mkIf; cfg = config.modules.cloudflare-proxy; -in -{ +in { options.modules.cloudflare-proxy.enable = mkEnableOption "Cloudflare proxy IP extraction for NGINX"; config = mkIf cfg.enable { # Teach NGINX how to extract the proxied IP from proxied requests. # # See: https://nixos.wiki/wiki/Nginx#Using_realIP_when_behind_CloudFlare_or_other_CDN - services.nginx.commonHttpConfig = - let - realIpsFromList = lib.strings.concatMapStringsSep "\n" (x: "set_real_ip_from ${x};"); - fileToList = x: lib.strings.splitString "\n" (builtins.readFile x); - cfipv4 = fileToList (pkgs.fetchurl { - url = "https://www.cloudflare.com/ips-v4"; - sha256 = "0ywy9sg7spafi3gm9q5wb59lbiq0swvf0q3iazl0maq1pj1nsb7h"; - }); - cfipv6 = fileToList (pkgs.fetchurl { - url = "https://www.cloudflare.com/ips-v6"; - sha256 = "1ad09hijignj6zlqvdjxv7rjj8567z357zfavv201b9vx3ikk7cy"; - }); - in - '' - ${realIpsFromList cfipv4} - ${realIpsFromList cfipv6} - real_ip_header CF-Connecting-IP; - ''; + services.nginx.commonHttpConfig = let + realIpsFromList = lib.strings.concatMapStringsSep "\n" (x: "set_real_ip_from ${x};"); + fileToList = x: lib.strings.splitString "\n" (builtins.readFile x); + cfipv4 = fileToList (pkgs.fetchurl { + url = "https://www.cloudflare.com/ips-v4"; + sha256 = "0ywy9sg7spafi3gm9q5wb59lbiq0swvf0q3iazl0maq1pj1nsb7h"; + }); + cfipv6 = fileToList (pkgs.fetchurl { + url = "https://www.cloudflare.com/ips-v6"; + sha256 = "1ad09hijignj6zlqvdjxv7rjj8567z357zfavv201b9vx3ikk7cy"; + }); + in '' + ${realIpsFromList cfipv4} + ${realIpsFromList cfipv6} + real_ip_header CF-Connecting-IP; + ''; # TODO: Only allow incomming HTTP{,S} requests from non-Cloudflare IPs. }; diff --git a/modules/nixos/disable-screen/default.nix b/modules/nixos/disable-screen/default.nix index b70d80d..142507d 100644 --- a/modules/nixos/disable-screen/default.nix +++ b/modules/nixos/disable-screen/default.nix @@ -1,14 +1,14 @@ # This file defines some configuration options which disable the screen. This # is only relevant because this host is an old laptop running as a server. - -{ lib, config, ... }: - -let +{ + lib, + config, + ... +}: let inherit (lib) mkEnableOption mkOption types; cfg = config.disable-screen; -in -{ +in { options.disable-screen = { enable = mkEnableOption "disable screen"; @@ -27,38 +27,35 @@ in config = { # Disable sleep on lid close. - services.logind = - let - lidSwitchAction = "ignore"; - in - { - lidSwitchExternalPower = lidSwitchAction; - lidSwitchDocked = lidSwitchAction; - lidSwitch = lidSwitchAction; - }; + services.logind = let + lidSwitchAction = "ignore"; + in { + lidSwitchExternalPower = lidSwitchAction; + lidSwitchDocked = lidSwitchAction; + lidSwitch = lidSwitchAction; + }; # Don't store screen brightness between boots. We always want to turn off the # screen. # # See: https://wiki.archlinux.org/title/backlight#Save_and_restore_functionality # See: https://github.com/NixOS/nixpkgs/blob/990398921f677615c0732d704857484b84c6c888/nixos/modules/system/boot/systemd.nix#L97-L101 - systemd.suppressedSystemUnits = [ "[email protected]" ]; + systemd.suppressedSystemUnits = ["[email protected]"]; # FIXME: Figure out how to enable screen when on-device debugging is necessary. # Create a new service which turns off the display on boot. # # See: https://nixos.wiki/wiki/Backlight#.2Fsys.2Fclass.2Fbacklight.2F... # See: https://superuser.com/questions/851846/how-to-write-a-systemd-service-that-depends-on-a-device-being-present - systemd.services.disable-screen = - { - requires = [ cfg.device-unit ]; - after = [ cfg.device-unit ]; - wantedBy = [ cfg.device-unit ]; - - serviceConfig.Type = "oneshot"; - script = '' - tee ${cfg.device-path}/brightness <<<0 - ''; - }; + systemd.services.disable-screen = { + requires = [cfg.device-unit]; + after = [cfg.device-unit]; + wantedBy = [cfg.device-unit]; + + serviceConfig.Type = "oneshot"; + script = '' + tee ${cfg.device-path}/brightness <<<0 + ''; + }; }; } diff --git a/modules/nixos/duksebot/default.nix b/modules/nixos/duksebot/default.nix index 139bdfb..b0e8ad9 100644 --- a/modules/nixos/duksebot/default.nix +++ b/modules/nixos/duksebot/default.nix @@ -1,14 +1,16 @@ # This module defines an on-demand minecraft server service which turns off the # server when it's not being used. - -{ config, lib, pkgs, modulesPath, ... }: - -let +{ + config, + lib, + pkgs, + modulesPath, + ... +}: let inherit (lib) mkIf mkOption mkEnableOption types; cfg = config.services.duksebot; -in -{ +in { options.services.duksebot = { enable = mkEnableOption "duksebot daily reminder"; @@ -28,7 +30,7 @@ in home = "/srv/duksebot"; createHome = true; }; - users.groups.duksebot = { }; + users.groups.duksebot = {}; age.secrets.duksebot-env = { file = ../../../secrets/duksebot.env.age; @@ -57,10 +59,10 @@ in # Create a timer to activate our oneshot service. systemd.timers.duksebot = { - wantedBy = [ "timers.target" ]; - partOf = [ "duksebot.service" ]; - after = [ "network-online.target" ]; - wants = [ "network-online.target" ]; # FIXME: redundant? + wantedBy = ["timers.target"]; + partOf = ["duksebot.service"]; + after = ["network-online.target"]; + wants = ["network-online.target"]; # FIXME: redundant? timerConfig = { # OnCalendar = "*-*-* 7:00:00"; OnCalendar = "*:0/1"; diff --git a/modules/nixos/on-demand-minecraft/default.nix b/modules/nixos/on-demand-minecraft/default.nix index 65d51c4..2df6303 100644 --- a/modules/nixos/on-demand-minecraft/default.nix +++ b/modules/nixos/on-demand-minecraft/default.nix @@ -1,14 +1,16 @@ # This module defines an on-demand minecraft server service which turns off the # server when it's not being used. - -{ config, lib, pkgs, modulesPath, ... }: - -let +{ + config, + lib, + pkgs, + modulesPath, + ... +}: let inherit (lib) mkIf mkOption mkEnableOption types; cfg = config.services.on-demand-minecraft; -in -{ +in { options.services.on-demand-minecraft = { enable = mkEnableOption "local minecraft server"; @@ -103,8 +105,8 @@ in `enable-rcon` will be forced on because the're required for the server to work. ''; - type = with types; attrsOf (oneOf [ bool int str ]); - default = { }; + type = with types; attrsOf (oneOf [bool int str]); + default = {}; example = lib.literalExpression '' { difficulty = 3; @@ -117,7 +119,7 @@ in jvm-options = mkOption { description = "JVM options for the Minecraft server. List of command line arguments."; type = types.listOf lib.types.str; - default = [ "-Xmx2048M" "-Xms2048M" ]; + default = ["-Xmx2048M" "-Xms2048M"]; }; }; @@ -130,12 +132,12 @@ in group = "minecrafter"; isSystemUser = true; }; - users.groups.minecrafter = { }; + users.groups.minecrafter = {}; # Create an internal socket and hook it up to minecraft-server process as # stdin. That way we can send commands to it. systemd.sockets.minecraft-server = { - bindsTo = [ "minecraft-server.service" ]; + bindsTo = ["minecraft-server.service"]; socketConfig = { ListenFIFO = "/run/minecraft-server.stdin"; SocketMode = "0660"; @@ -147,105 +149,111 @@ in }; # Create a service which runs the server. - systemd.services.minecraft-server = - let - server-properties = cfg.server-properties // { + systemd.services.minecraft-server = let + server-properties = + cfg.server-properties + // { server-port = cfg.internal-port; enable-rcon = true; "rcon.password" = cfg.rcon-password; }; - cfg-to-str = v: - if builtins.isBool v - then (if v then "true" else "false") - else toString v; - server-properties-file = pkgs.writeText "server.properties" ('' + cfg-to-str = v: + if builtins.isBool v + then + ( + if v + then "true" + else "false" + ) + else toString v; + server-properties-file = pkgs.writeText "server.properties" ('' # server.properties managed by NixOS configuration. - '' + lib.concatStringsSep "\n" (lib.mapAttrsToList + '' + + lib.concatStringsSep "\n" (lib.mapAttrsToList (n: v: "${n}=${cfg-to-str v}") server-properties)); - # We don't allow eula=false anyways - eula-file = builtins.toFile "eula.txt" '' - # eula.txt managed by NixOS Configuration - eula=true - ''; + # We don't allow eula=false anyways + eula-file = builtins.toFile "eula.txt" '' + # eula.txt managed by NixOS Configuration + eula=true + ''; - # HACK: Each server is given its own subdirectory so - # incompatabilities between servers don't cause complaints. - start-server = pkgs.writeShellScript "minecraft-server-start" '' - # Switch to runtime directory. - export RUNTIME_DIR="${config.users.users.minecrafter.home}/${cfg.package.name}/" - ${pkgs.busybox}/bin/mkdir -p "$RUNTIME_DIR" - ${pkgs.busybox}/bin/chown minecrafter:minecrafter "$RUNTIME_DIR" - cd "$RUNTIME_DIR" - - # Set up/update environment for server - ln -sf ${eula-file} eula.txt - cp -f ${server-properties-file} server.properties - chmod u+w server.properties # Must be writable because server regenerates it. - - exec ${cfg.package}/bin/minecraft-server "$@" - ''; + # HACK: Each server is given its own subdirectory so + # incompatabilities between servers don't cause complaints. + start-server = pkgs.writeShellScript "minecraft-server-start" '' + # Switch to runtime directory. + export RUNTIME_DIR="${config.users.users.minecrafter.home}/${cfg.package.name}/" + ${pkgs.busybox}/bin/mkdir -p "$RUNTIME_DIR" + ${pkgs.busybox}/bin/chown minecrafter:minecrafter "$RUNTIME_DIR" + cd "$RUNTIME_DIR" + + # Set up/update environment for server + ln -sf ${eula-file} eula.txt + cp -f ${server-properties-file} server.properties + chmod u+w server.properties # Must be writable because server regenerates it. + + exec ${cfg.package}/bin/minecraft-server "$@" + ''; - stop-server = pkgs.writeShellScript "minecraft-server-stop" '' - # Send the 'stop' command to the server. It listens for commands on stdin. - echo stop > ${config.systemd.sockets.minecraft-server.socketConfig.ListenFIFO} - # Wait for the PID of the minecraft server to disappear before - # returning, so systemd doesn't attempt to SIGKILL it. - while kill -0 "$1" 2> /dev/null; do - sleep 1s - done - ''; - in - { - description = "Actually runs the Minecraft server"; - requires = [ "minecraft-server.socket" ]; - after = [ "networking.target" "minecraft-server.socket" ]; - wantedBy = [ ]; # TEMP: Does this do anything? - - serviceConfig = { - ExecStart = "${start-server} ${lib.escapeShellArgs cfg.jvm-options}"; - ExecStop = "${stop-server} $MAINPID"; - Restart = "always"; - - User = "minecrafter"; - Group = "minecrafter"; - - StandardInput = "socket"; - StandardOutput = "journal"; - StandardError = "journal"; - - # Hardening - CapabilityBoundingSet = [ "" ]; - DeviceAllow = [ "" ]; - LockPersonality = true; - PrivateDevices = true; - PrivateTmp = true; - PrivateUsers = true; - ProtectClock = true; - ProtectControlGroups = true; - ProtectHome = true; - ProtectHostname = true; - ProtectKernelLogs = true; - ProtectKernelModules = true; - ProtectKernelTunables = true; - ProtectProc = "invisible"; - RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ]; - RestrictNamespaces = true; - RestrictRealtime = true; - RestrictSUIDSGID = true; - SystemCallArchitectures = "native"; - UMask = "0077"; - }; + stop-server = pkgs.writeShellScript "minecraft-server-stop" '' + # Send the 'stop' command to the server. It listens for commands on stdin. + echo stop > ${config.systemd.sockets.minecraft-server.socketConfig.ListenFIFO} + # Wait for the PID of the minecraft server to disappear before + # returning, so systemd doesn't attempt to SIGKILL it. + while kill -0 "$1" 2> /dev/null; do + sleep 1s + done + ''; + in { + description = "Actually runs the Minecraft server"; + requires = ["minecraft-server.socket"]; + after = ["networking.target" "minecraft-server.socket"]; + wantedBy = []; # TEMP: Does this do anything? + + serviceConfig = { + ExecStart = "${start-server} ${lib.escapeShellArgs cfg.jvm-options}"; + ExecStop = "${stop-server} $MAINPID"; + Restart = "always"; + + User = "minecrafter"; + Group = "minecrafter"; + + StandardInput = "socket"; + StandardOutput = "journal"; + StandardError = "journal"; + + # Hardening + CapabilityBoundingSet = [""]; + DeviceAllow = [""]; + LockPersonality = true; + PrivateDevices = true; + PrivateTmp = true; + PrivateUsers = true; + ProtectClock = true; + ProtectControlGroups = true; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectProc = "invisible"; + RestrictAddressFamilies = ["AF_INET" "AF_INET6"]; + RestrictNamespaces = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + SystemCallArchitectures = "native"; + UMask = "0077"; }; + }; # This socket listens for connections on the public port and # triggers `listen-minecraft.service` when a connection is made. systemd.sockets.listen-minecraft = { enable = true; - wantedBy = [ "sockets.target" ]; - requires = [ "network.target" ]; - listenStreams = [ (toString cfg.external-port) ]; + wantedBy = ["sockets.target"]; + requires = ["network.target"]; + listenStreams = [(toString cfg.external-port)]; }; # This service is triggerd by a TCP connection on the public @@ -254,9 +262,9 @@ in # connection to the real (local) Minecraft port. systemd.services.listen-minecraft = { enable = true; - path = with pkgs; [ systemd ]; - requires = [ "hook-minecraft.service" "listen-minecraft.socket" ]; - after = [ "hook-minecraft.service" "listen-minecraft.socket" ]; + path = with pkgs; [systemd]; + requires = ["hook-minecraft.service" "listen-minecraft.socket"]; + after = ["hook-minecraft.service" "listen-minecraft.socket"]; serviceConfig.ExecStart = '' ${pkgs.systemd.out}/lib/systemd/systemd-socket-proxyd 127.0.0.1:${toString cfg.internal-port} ''; @@ -268,36 +276,34 @@ in systemd.services.hook-minecraft = { enable = true; # Add tools used by scripts to path. - path = with pkgs; [ systemd libressl busybox ]; - serviceConfig = - let - # Start the Minecraft server and the timer regularly - # checking whether it should stop. - start-mc = pkgs.writeShellScriptBin "start-mc" '' - echo "Starting server and stop-timer..." - systemctl start minecraft-server.service - systemctl start stop-minecraft.timer - ''; - # Wait for the internal port to be accessible for max. - # 60 seconds before complaining. - wait-tcp = pkgs.writeShellScriptBin "wait-tcp" '' - echo "Waiting for server to start listening on port ${toString cfg.internal-port}..." - for i in `seq 60`; do - if nc -z 127.0.0.1 ${toString cfg.internal-port} >/dev/null; then - echo "Yay! ${toString cfg.internal-port} is not available. hook-minecraft is finished." - exit 0 - fi - sleep 1 - done - echo "${toString cfg.internal-port} did not become available in time." - exit 1 - ''; - in - { - # First we start the server, then we wait for it to become available. - ExecStart = "${start-mc}/bin/start-mc"; - ExecStartPost = "${wait-tcp}/bin/wait-tcp"; - }; + path = with pkgs; [systemd libressl busybox]; + serviceConfig = let + # Start the Minecraft server and the timer regularly + # checking whether it should stop. + start-mc = pkgs.writeShellScriptBin "start-mc" '' + echo "Starting server and stop-timer..." + systemctl start minecraft-server.service + systemctl start stop-minecraft.timer + ''; + # Wait for the internal port to be accessible for max. + # 60 seconds before complaining. + wait-tcp = pkgs.writeShellScriptBin "wait-tcp" '' + echo "Waiting for server to start listening on port ${toString cfg.internal-port}..." + for i in `seq 60`; do + if nc -z 127.0.0.1 ${toString cfg.internal-port} >/dev/null; then + echo "Yay! ${toString cfg.internal-port} is not available. hook-minecraft is finished." + exit 0 + fi + sleep 1 + done + echo "${toString cfg.internal-port} did not become available in time." + exit 1 + ''; + in { + # First we start the server, then we wait for it to become available. + ExecStart = "${start-mc}/bin/start-mc"; + ExecStartPost = "${wait-tcp}/bin/wait-tcp"; + }; }; # This timer runs the service of the same name, that checks if @@ -310,50 +316,50 @@ in }; }; - systemd.services.stop-minecraft = - let - # Script that returns true (exit code 1) if the server can be shut - # down. It uses RCON to get the player list. It does not continue if - # the server was started less than `minimum-server-lifetime` seconds - # ago. - no-player-connected = pkgs.writeShellScriptBin "no-player-connected" '' - servicestartsec="$(date -d "$(systemctl show --property=ActiveEnterTimestamp minecraft-server.service | cut -d= -f2)" +%s)" - serviceelapsedsec="$(( $(date +%s) - servicestartsec))" - - if [ $serviceelapsedsec -lt ${toString cfg.minimum-server-lifetime} ]; then - echo "Server is too young to be stopped (minimum lifetime is ${toString cfg.minimum-server-lifetime}s)" - exit 1 - fi - - PLAYERS="$(printf "list\n" | ${pkgs.rcon.out}/bin/rcon -m -H 127.0.0.1 -p 25575 -P ${cfg.rcon-password})" - if echo "$PLAYERS" | grep "are 0 of a"; then - exit 0 - else - exit 1 - fi - ''; - in - { - enable = true; - serviceConfig.Type = "oneshot"; - script = '' - if ${no-player-connected}/bin/no-player-connected; then - echo "Stopping minecraft server..." - systemctl stop minecraft-server.service - systemctl stop hook-minecraft.service - systemctl stop stop-minecraft.timer - fi - ''; - }; + systemd.services.stop-minecraft = let + # Script that returns true (exit code 1) if the server can be shut + # down. It uses RCON to get the player list. It does not continue if + # the server was started less than `minimum-server-lifetime` seconds + # ago. + no-player-connected = pkgs.writeShellScriptBin "no-player-connected" '' + servicestartsec="$(date -d "$(systemctl show --property=ActiveEnterTimestamp minecraft-server.service | cut -d= -f2)" +%s)" + serviceelapsedsec="$(( $(date +%s) - servicestartsec))" + + if [ $serviceelapsedsec -lt ${toString cfg.minimum-server-lifetime} ]; then + echo "Server is too young to be stopped (minimum lifetime is ${toString cfg.minimum-server-lifetime}s)" + exit 1 + fi + + PLAYERS="$(printf "list\n" | ${pkgs.rcon.out}/bin/rcon -m -H 127.0.0.1 -p 25575 -P ${cfg.rcon-password})" + if echo "$PLAYERS" | grep "are 0 of a"; then + exit 0 + else + exit 1 + fi + ''; + in { + enable = true; + serviceConfig.Type = "oneshot"; + script = '' + if ${no-player-connected}/bin/no-player-connected; then + echo "Stopping minecraft server..." + systemctl stop minecraft-server.service + systemctl stop hook-minecraft.service + systemctl stop stop-minecraft.timer + fi + ''; + }; networking.firewall = mkIf cfg.openFirewall { - allowedUDPPorts = [ cfg.external-port ]; - allowedTCPPorts = [ cfg.external-port ]; + allowedUDPPorts = [cfg.external-port]; + allowedTCPPorts = [cfg.external-port]; }; - assertions = [{ - assertion = cfg.eula; - message = "You must agree to Mojangs EULA to run minecraft-server. Read https://account.mojang.com/documents/minecraft_eula and set `services.minecraft-server.eula` to `true` if you agree."; - }]; + assertions = [ + { + assertion = cfg.eula; + message = "You must agree to Mojangs EULA to run minecraft-server. Read https://account.mojang.com/documents/minecraft_eula and set `services.minecraft-server.eula` to `true` if you agree."; + } + ]; }; } diff --git a/overlays/compat.nix b/overlays/compat.nix index 8874b52..76bef87 100644 --- a/overlays/compat.nix +++ b/overlays/compat.nix @@ -3,11 +3,9 @@ # # See: hosts/common.nix # See: https://nixos.org/manual/nixpkgs/stable/#sec-overlays-lookup - let overlays = import ./default.nix; -in -[ +in [ overlays.additions overlays.modifications ] diff --git a/overlays/default.nix b/overlays/default.nix index 81a163a..d6ec47c 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -1,5 +1,4 @@ # This module lists the different overlays. These are exported in `flake.nix`. - { # This overlay adds all of our custom packages. additions = final: _prev: import ../pkgs final; @@ -15,8 +14,9 @@ rev = "bd03c5944b7146d07a88b58a2dd0d264836e3322"; hash = "sha256-Jx7lJ9UTHAOCgPxF2p7ZoZBZ476bLXN5dI0vspusmGo="; }; - env.NIX_CFLAGS_COMPILE = (old.env.NIX_CFLAGS_COMPILE or "") + - (final.lib.strings.optionalString (final.stdenv.cc.isGNU or false) " -Wno-maybe-uninitialized"); + env.NIX_CFLAGS_COMPILE = + (old.env.NIX_CFLAGS_COMPILE or "") + + (final.lib.strings.optionalString (final.stdenv.cc.isGNU or false) " -Wno-maybe-uninitialized"); }); }; } diff --git a/pkgs/default.nix b/pkgs/default.nix index c4aced8..9f296c9 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,11 +1,9 @@ -pkgs: +pkgs: { + duksebot = pkgs.callPackage ./duksebot {}; -{ - duksebot = pkgs.callPackage ./duksebot { }; + tcl-cmark = pkgs.callPackage ./tcl-cmark {}; - tcl-cmark = pkgs.callPackage ./tcl-cmark { }; + still-awake = pkgs.callPackage ./still-awake {}; - still-awake = pkgs.callPackage ./still-awake { }; - - trash = pkgs.callPackage ./trash { }; + trash = pkgs.callPackage ./trash {}; } diff --git a/pkgs/duksebot/default.nix b/pkgs/duksebot/default.nix index 833bf76..17919b6 100644 --- a/pkgs/duksebot/default.nix +++ b/pkgs/duksebot/default.nix @@ -1,34 +1,35 @@ -{ python3 -, fetchFromGitHub -, writeShellScriptBin -}: +{ + python3, + fetchFromGitHub, + writeShellScriptBin, +}: let + icalevents = ps: + ps.buildPythonPackage rec { + pname = "icalevents"; + version = "0.1.27"; -let - icalevents = ps: ps.buildPythonPackage rec { - pname = "icalevents"; - version = "0.1.27"; + src = fetchFromGitHub { + owner = "jazzband"; + repo = pname; + rev = "v${version}"; + hash = "sha256-vSYQEJFBjXUF4WwEAtkLtcO3y/am00jGS+8Vj+JMMqQ="; + }; - src = fetchFromGitHub { - owner = "jazzband"; - repo = pname; - rev = "v${version}"; - hash = "sha256-vSYQEJFBjXUF4WwEAtkLtcO3y/am00jGS+8Vj+JMMqQ="; - }; - - doCheck = false; + doCheck = false; - propagatedBuildInputs = with ps; [ - httplib2 - datetime - icalendar - ]; - }; - python3' = python3.withPackages (ps: with ps; [ - pytz - requests - python-dotenv - (icalevents ps) - ]); + propagatedBuildInputs = with ps; [ + httplib2 + datetime + icalendar + ]; + }; + python3' = python3.withPackages (ps: + with ps; [ + pytz + requests + python-dotenv + (icalevents ps) + ]); src = fetchFromGitHub { owner = "linnnus"; repo = "duksebot"; @@ -36,7 +37,7 @@ let hash = "sha256-+tbC7Z3oewBTyE6wTpUocL+6oWjCRAsqauBLTIOVBUY="; }; in -writeShellScriptBin "duksebot" + writeShellScriptBin "duksebot" '' exec ${python3'}/bin/python3 ${src}/script.py '' diff --git a/pkgs/still-awake/default.nix b/pkgs/still-awake/default.nix index 9285346..4bcd3ca 100644 --- a/pkgs/still-awake/default.nix +++ b/pkgs/still-awake/default.nix @@ -1,39 +1,41 @@ -{ stdenv, pypy3, lib }: - -let +{ + stdenv, + pypy3, + lib, +}: let # Needs python interpreter with tkinter support. python3' = pypy3; in -stdenv.mkDerivation { - pname = "still-awake"; - version = "10-09-2023"; - - src = builtins.readFile ./still_awake.py; - passAsFile = [ "buildCommand" "src" ]; - - # Building basically boils down to writing source to a file - # and making it executable. - buildCommand = '' - mkdir -p $out/bin - - echo "#!${python3'.interpreter}" >$out/bin/still-awake - - if [ -e "$srcPath" ]; then - cat "$srcPath" >>$out/bin/still-awake - else - echo -n "$src" >>$out/bin/still-awake - fi - - chmod +x $out/bin/still-awake - ''; - - # It doesn't make sense to do this remotely. - preferLocalBuild = true; - allowSubstitute = false; - - meta = with lib; { - description = "Small program which shuts down Mac, if user is asleep"; - license = licenses.unlicense; - platforms = platforms.darwin; - }; -} + stdenv.mkDerivation { + pname = "still-awake"; + version = "10-09-2023"; + + src = builtins.readFile ./still_awake.py; + passAsFile = ["buildCommand" "src"]; + + # Building basically boils down to writing source to a file + # and making it executable. + buildCommand = '' + mkdir -p $out/bin + + echo "#!${python3'.interpreter}" >$out/bin/still-awake + + if [ -e "$srcPath" ]; then + cat "$srcPath" >>$out/bin/still-awake + else + echo -n "$src" >>$out/bin/still-awake + fi + + chmod +x $out/bin/still-awake + ''; + + # It doesn't make sense to do this remotely. + preferLocalBuild = true; + allowSubstitute = false; + + meta = with lib; { + description = "Small program which shuts down Mac, if user is asleep"; + license = licenses.unlicense; + platforms = platforms.darwin; + }; + } diff --git a/pkgs/tcl-cmark/default.nix b/pkgs/tcl-cmark/default.nix index 4f8a5ce..4495610 100644 --- a/pkgs/tcl-cmark/default.nix +++ b/pkgs/tcl-cmark/default.nix @@ -1,11 +1,11 @@ -{ tcl -, pkg-config -, autoreconfHook -, cmark-gfm -, fetchFromGitHub -, lib +{ + tcl, + pkg-config, + autoreconfHook, + cmark-gfm, + fetchFromGitHub, + lib, }: - tcl.mkTclDerivation { pname = "tcl-cmark"; version = "2022-03-15"; @@ -21,8 +21,8 @@ tcl.mkTclDerivation { ./fix-gfm-extension-name.patch ]; - nativeBuildInputs = [ pkg-config autoreconfHook ]; - buildInputs = [ cmark-gfm ]; + nativeBuildInputs = [pkg-config autoreconfHook]; + buildInputs = [cmark-gfm]; meta = with lib; { description = "Tcl bindings to the cmark-gfm Github Flavoured CommonMark/Markdown library"; diff --git a/pkgs/trash/default.nix b/pkgs/trash/default.nix index 8f7a287..9f7a743 100644 --- a/pkgs/trash/default.nix +++ b/pkgs/trash/default.nix @@ -1,10 +1,10 @@ -{ stdenv -, fetchFromGitHub -, perl534Packages -, darwin -, lib +{ + stdenv, + fetchFromGitHub, + perl534Packages, + darwin, + lib, }: - stdenv.mkDerivation rec { name = "trash"; version = "0.9.2"; @@ -15,7 +15,7 @@ stdenv.mkDerivation rec { rev = "v${version}"; sha256 = "sha256-vibUimY15KTulGVqmmTGtO/+XowoRHykcmL8twdgebQ="; }; - patches = [ ./trash-dont-hardcode-arch.patch ]; + patches = [./trash-dont-hardcode-arch.patch]; buildInputs = [ darwin.apple_sdk.frameworks.Cocoa darwin.apple_sdk.frameworks.AppKit @@ -23,7 +23,7 @@ stdenv.mkDerivation rec { perl534Packages.podlators ]; - outputs = [ "out" "man" ]; + outputs = ["out" "man"]; buildPhase = '' make trash trash.1 diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 2a5f13f..3a2e0a5 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -1,11 +1,9 @@ # This file conatins configuration for the agenix CLI. It is not actually # imported into the system cofniguration. - let metadata = builtins.fromTOML (builtins.readFile ../metadata.toml); publicKeys = map (builtins.getAttr "sshPubKey") (builtins.attrValues metadata.hosts); -in -{ +in { "cloudflare-ddns-token.env.age".publicKeys = publicKeys; "duksebot.env.age".publicKeys = publicKeys; } |