felschr/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: felschr:a4d25df5ee530cb4d1d22aea0849393f44231fc9
Branches Tags
felschr:main
..
compare: felschr:0b5daa99edbc61f376a394a13d50c4cb11e78e97
Branches Tags
felschr:main

No commits in common. "a4d25df5ee530cb4d1d22aea0849393f44231fc9" and "0b5daa99edbc61f376a394a13d50c4cb11e78e97" have entirely different histories.
a4d25df5ee ... 0b5daa99ed

11 changed files with 112 additions and 63 deletions
Download patch file Download diff file Expand all files Collapse all files

53
flake.lock generated
View file

@ -250,6 +250,21 @@
"type": "github"
}
},
"flakey-profile": {
"locked": {
"lastModified": 1712898590,
"narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=",
"owner": "lf-",
"repo": "flakey-profile",
"rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d",
"type": "github"
},
"original": {
"owner": "lf-",
"repo": "flakey-profile",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
@ -313,6 +328,43 @@
"type": "github"
}
},
"lix": {
"flake": false,
"locked": {
"lastModified": 1751235704,
"narHash": "sha256-J4ycLoXHPsoBoQtEXFCelL4xlq5pT8U9tNWNKm43+YI=",
"rev": "1d7368585eebaa2c4bdbcb88fe600cfb2239b2c6",
"type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/1d7368585eebaa2c4bdbcb88fe600cfb2239b2c6.tar.gz?rev=1d7368585eebaa2c4bdbcb88fe600cfb2239b2c6"
},
"original": {
"type": "tarball",
"url": "https://git.lix.systems/lix-project/lix/archive/release-2.93.tar.gz"
}
},
"lix-module": {
"inputs": {
"flake-utils": [
"flake-utils"
],
"flakey-profile": "flakey-profile",
"lix": "lix",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1751240025,
"narHash": "sha256-SXUAlxpjPRkArRMHy5+Hdi+PiC+ND9yzzIjiaHmTvQU=",
"rev": "8b1094356f4723d6e89d3f8a95b333ee16d9ab02",
"type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/8b1094356f4723d6e89d3f8a95b333ee16d9ab02.tar.gz?rev=8b1094356f4723d6e89d3f8a95b333ee16d9ab02"
},
"original": {
"type": "tarball",
"url": "https://git.lix.systems/lix-project/nixos-module/archive/2.93.2-1.tar.gz"
}
},
"matrix-appservices": {
"inputs": {
"devshell": "devshell",
@ -468,6 +520,7 @@
"flake-parts": "flake-parts",
"flake-utils": "flake-utils",
"home-manager": "home-manager_2",
"lix-module": "lix-module",
"matrix-appservices": "matrix-appservices",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs",

6
flake.nix
View file

@ -19,6 +19,12 @@ rec {
nixos-hardware.url = "github:NixOS/nixos-hardware";
lix-module = {
url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.2-1.tar.gz";
inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-utils.follows = "flake-utils";
};
disko = {
url = "github:nix-community/disko/latest";
inputs.nixpkgs.follows = "nixpkgs";

3
home/flake-module.nix
View file

@ -21,8 +21,7 @@ let
home.username = user;
home.homeDirectory = "/home/${user}";
}
]
++ modules;
] ++ modules;
};
in
{

3
home/modules/firefox/mkFirefoxModuleCompat.nix
View file

@ -29,8 +29,7 @@ let
configPath = [
"config"
"content" # due to mkIf
]
++ modulePath;
] ++ modulePath;
in
lib.updateManyAttrsByPath
[

3
home/modules/firefox/mkFirefoxProfileBinModule.nix
View file

@ -33,8 +33,7 @@ let
categories = [
"Network"
"WebBrowser"
]
++ lib.optional isSecure "Security";
] ++ lib.optional isSecure "Security";
};
in
pkgs.runCommand pname { } ''

3
lib/createUser.nix
View file

@ -35,8 +35,7 @@
count = 60000000;
}
];
}
// user;
} // user;
home-manager = {
useGlobalPkgs = true;

3
lib/openwrt.nix
View file

@ -30,8 +30,7 @@ in
"luci-ssl"
"nextdns"
"tailscale"
]
++ packages;
] ++ packages;
# TODO set up SSH config (register public keys, disable password login, ...)
files = pkgs.runCommand "image-files" { } ''

54
modules/systemdNotify.nix
View file

@ -85,32 +85,34 @@ in
}
];
systemd.services."notify@" = {
onFailure = lib.mkForce [ ];
}
// optionalAttrs (cfg.method == "libnotify") {
description = "Desktop notifications for %i service failure";
environment = {
DISPLAY = ":0";
INSTANCE = "%i";
systemd.services."notify@" =
{
onFailure = lib.mkForce [ ];
}
// optionalAttrs (cfg.method == "libnotify") {
description = "Desktop notifications for %i service failure";
environment = {
DBUS_SESSION_BUS_ADDRESS = "unix:path=/run/user/${
toString config.users.users.${cfg.libnotify.user}.uid
}/bus";
INSTANCE = "%i";
};
script = ''
${pkgs.libnotify}/bin/notify-send --urgency=critical \
"Service '$INSTANCE' failed" \
"$(journalctl -n 6 -o cat -u $INSTANCE)"
'';
serviceConfig = {
Type = "oneshot";
User = cfg.libnotify.user;
};
}
// optionalAttrs (cfg.method == "email") {
description = "E-Mail notifications for %i service failure";
serviceConfig = {
ExecStart = "${sendmail} %i";
Type = "oneshot";
};
};
script = ''
export DBUS_SESSION_BUS_ADDRESS="unix:path=/run/user/$(id -u '${cfg.libnotify.user}')/bus"
${pkgs.libnotify}/bin/notify-send --app-name="$INSTANCE" --urgency=critical \
"Service '$INSTANCE' failed" \
"$(journalctl -n 6 -o cat -u $INSTANCE)"
'';
serviceConfig = {
Type = "oneshot";
User = cfg.libnotify.user;
};
}
// optionalAttrs (cfg.method == "email") {
description = "E-Mail notifications for %i service failure";
serviceConfig = {
ExecStart = "${sendmail} %i";
Type = "oneshot";
};
};
};
}

3
services/restic/lib.nix
View file

@ -53,8 +53,7 @@ in
# reduce download bandwidth
"--max-unused 10%"
"--repack-cacheable-only"
]
++ extraPruneOpts;
] ++ extraPruneOpts;
}
// (removeAttrs args [
"name"

19
system/nix.nix
View file

@ -10,22 +10,15 @@ let
inherit (inputs.self.outputs) nixConfig;
in
{
nixpkgs.config.allowUnfree = true;
nixpkgs.overlays = [
(final: prev: {
inherit (final.lixPackageSets.stable)
nixpkgs-review
nix-direnv
nix-eval-jobs
nix-fast-build
colmena
;
})
imports = [
# TODO switch to lixFromNixpkgs once 2.93.2 is available
inputs.lix-module.nixosModules.default
# inputs.lix-module.nixosModules.lixFromNixpkgs
];
nixpkgs.config.allowUnfree = true;
nix = {
package = pkgs.lixPackageSets.stable.lix;
settings = {
trusted-users = [ "@wheel" ];
substituters = nixConfig.extra-substituters;

25
system/vpn.nix
View file

@ -89,20 +89,21 @@ in
wants = [ "tailscaled.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig.Type = "oneshot";
script = ''
status=$(${config.systemd.package}/bin/systemctl show -P StatusText tailscaled.service)
if [[ $status != Connected* ]]; then
${cfg.package}/bin/tailscale up
fi
script =
''
status=$(${config.systemd.package}/bin/systemctl show -P StatusText tailscaled.service)
if [[ $status != Connected* ]]; then
${cfg.package}/bin/tailscale up
fi
# some options cannot be set immediately
${cfg.package}/bin/tailscale up ${lib.escapeShellArgs cfg.extraUpFlags}
# some options cannot be set immediately
${cfg.package}/bin/tailscale up ${lib.escapeShellArgs cfg.extraUpFlags}
${cfg.package}/bin/tailscale cert ${tailnetHost}
''
+ lib.optionalString config.services.nginx.enable ''
chown nginx:nginx /var/lib/tailscale/certs/${tailnetHost}.{key,crt}
'';
${cfg.package}/bin/tailscale cert ${tailnetHost}
''
+ lib.optionalString config.services.nginx.enable ''
chown nginx:nginx /var/lib/tailscale/certs/${tailnetHost}.{key,crt}
'';
};
services.nginx.virtualHosts.${tailnetHost} = {