Nixfmt, unvendor Rory user

2024-07-19 06:16:51 +02:00 · 2024-07-19 06:16:51 +02:00 · 0d980840a4
parent 42c65b27b5
commit 0d980840a4
21 changed files with 554 additions and 2468 deletions
--- a/flake.lock
+++ b/flake.lock
--- a/flake.nix
+++ b/flake.nix
@ -1,5 +1,5 @@
 {
-  description = "Chris' services flake";
+  description = "LiteNet services flake";
  inputs = {
    nixpkgs = {
@ -9,22 +9,37 @@
    home-manager = {
      url = "github:nix-community/home-manager/master";
    };
    Rory-Open-Architecture = {
      url = "git+https://cgit.rory.gay/Rory-Open-Architecture.git";
      flake = false;
    };
  };
-  outputs = { self, nixpkgs, home-manager, ... }@inputs: {
+  outputs =
    inputs: with inputs; {
      nixosConfigurations = {
        matrix = nixpkgs.lib.nixosSystem {
          system = "x86_64-linux";
          modules = [
            ./host/matrix/configuration.nix
            ./hardware-configuration.nix
            home-manager.nixosModules.home-manager
            # Rory&'s user
            (
              { config, ... }:
              {
                programs.dconf.enable = true;
              }
            ) # Fix for home-manager failing to deploy
            (Rory-Open-Architecture + "/modules/users/Rory.nix")
          ];
          specialArgs = {
            inherit home-manager;
          };
        };
      };
    };
 }
--- a/host/matrix/configuration.nix
+++ b/host/matrix/configuration.nix
@ -1,8 +1,12 @@
-{ config, pkgs, lib, ... }:
+{
  config,
  pkgs,
  lib,
  ...
 }:
 {
-  imports =
+  imports = [
    [
    ../../modules/base-server.nix
    ./services/postgres.nix
@ -11,12 +15,16 @@
  ];
  networking = {
    hostName = "matrix";
-    interfaces.ens18.ipv4.addresses = [ { 
+    interfaces.ens18.ipv4.addresses = [
      {
        address = "10.10.0.3";
        prefixLength = 8;
-    } ];
+      }
    ];
    defaultGateway.interface = "ens18";
  };
  hardware.enableAllFirmware = false;
  hardware.enableRedistributableFirmware = false;
  system.stateVersion = "22.11"; # DO NOT EDIT!
 }
--- a/host/matrix/services/matrix/coturn.nix
+++ b/host/matrix/services/matrix/coturn.nix
@ -1,4 +1,9 @@
-{ config, pkgs, lib, ... }:
+{
  config,
  pkgs,
  lib,
  ...
 }:
 {
  # coturn (WebRTC)
@ -50,4 +55,3 @@
  #};
 }
--- a/host/matrix/services/matrix/draupnir.nix
+++ b/host/matrix/services/matrix/draupnir.nix
@ -1,4 +1,9 @@
-{ config, pkgs, lib, ... }:
+{
  config,
  pkgs,
  lib,
  ...
 }:
 {
  # Alicia - doesnt work yet... until in nixpkgs...
@ -52,4 +57,3 @@
  #  };
 }
--- a/host/matrix/services/matrix/root.nix
+++ b/host/matrix/services/matrix/root.nix
@ -1,8 +1,13 @@
-{ config, pkgs, lib, botcore-v4, ... }:
+{
  config,
  pkgs,
  lib,
  botcore-v4,
  ...
 }:
 {
-  imports =
+  imports = [
    [
    ./synapse.nix
    #      ./coturn.nix
    #      ./draupnir.nix
--- a/host/matrix/services/matrix/synapse.nix
+++ b/host/matrix/services/matrix/synapse.nix
@ -1,4 +1,9 @@
-{ config, pkgs, lib, ... }:
+{
  config,
  pkgs,
  lib,
  ...
 }:
 {
  services.matrix-synapse = {
@ -11,7 +16,6 @@
    settings = {
      server_name = "litenet.tel";
      enable_registration = true;
      registration_requires_token = true;
@ -53,10 +57,15 @@
          type = "http";
          tls = false;
          x_forwarded = true;
-          resources = [ {
+          resources = [
-            names = [ "client" "federation" ];
+            {
              names = [
                "client"
                "federation"
              ];
              compress = true;
-          } ];
+            }
          ];
        }
      ];
      dynamic_thumbnails = true;
@ -213,4 +222,3 @@
  };
 }
--- a/host/matrix/services/nginx/litenet.tel/matrix.nix
+++ b/host/matrix/services/nginx/litenet.tel/matrix.nix
@ -26,14 +26,13 @@
  locations."= /.well-known/matrix/server".extraConfig = ''
    more_set_headers 'Content-Type application/json';
    more_set_headers 'Access-Control-Allow-Origin *';
-    return 200 '${builtins.toJSON {
+    return 200 '${builtins.toJSON { "m.server" = "matrix.litenet.tel:443"; }}';
      "m.server" = "matrix.litenet.tel:443";
    }}';
  '';
  locations."= /.well-known/matrix/client".extraConfig = ''
    more_set_headers 'Content-Type application/json';
    more_set_headers 'Access-Control-Allow-Origin *';
-    return 200 '${builtins.toJSON {
+    return 200 '${
      builtins.toJSON {
        "m.homeserver".base_url = "https://matrix.litenet.tel";
        "m.identity_server".base_url = "https://matrix.litenet.tel";
      }
@ -42,7 +41,8 @@
  locations."= /.well-known/matrix/support".extraConfig = ''
    more_set_headers 'Content-Type application/json';
    more_set_headers 'Access-Control-Allow-Origin *';
-    return 200 '${builtins.toJSON {
+    return 200 '${
      builtins.toJSON {
        admins = [
          {
            matrix_id = "@emma:rory.gay";
--- a/host/matrix/services/nginx/localhost/matrix.nix
+++ b/host/matrix/services/nginx/localhost/matrix.nix
@ -275,6 +275,5 @@
  #proxyPass = "http://$backend";
  #};
  locations."/_synapse/client".proxyPass = "http://127.0.0.1:8008";
 }
--- a/host/matrix/services/nginx/nginx.nix
+++ b/host/matrix/services/nginx/nginx.nix
@ -1,10 +1,15 @@
-{ config, pkgs, lib, ... }:
+{
  config,
  pkgs,
  lib,
  ...
 }:
 {
  services = {
    nginx = {
      enable = true;
-      package = pkgs.nginxQuic;
+      #package = pkgs.nginxMainline;
      recommendedProxySettings = true;
      recommendedTlsSettings = true;
      recommendedZstdSettings = true;
@ -24,9 +29,7 @@
        disable_symlinks off;
      '';
      upstreams = import ./matrix-upstreams.nix;
-      additionalModules = with pkgs.nginxModules; [
+      additionalModules = with pkgs.nginxModules; [ moreheaders ];
        moreheaders
      ];
      virtualHosts = {
        #matrix...
        "matrix.litenet.tel" = import ./litenet.tel/matrix.nix;
@ -37,12 +40,4 @@
  systemd.services.nginx.serviceConfig = {
    LimitNOFILE = 5000000;
  };
 #  systemd.services.nginx.requires = [ "data.mount" ];
 #  security.acme.acceptTerms = true;
 #  security.acme.defaults.email = "root@thearcanebrony.net";
 #  environment.systemPackages = with pkgs; [
    #gitfs
 #  ];
 }
--- a/host/matrix/services/postgres.nix
+++ b/host/matrix/services/postgres.nix
@ -1,4 +1,9 @@
-{ config, pkgs, lib, ... }:
+{
  config,
  pkgs,
  lib,
  ...
 }:
 {
  systemd.tmpfiles.rules = [ "d /mnt/postgres/data 0750 postgres postgres" ];
@ -80,4 +85,3 @@
  };
 }
--- a/modules/base-server.nix
+++ b/modules/base-server.nix
@ -1,8 +1,12 @@
-{ config, pkgs, lib, ... }:
+{
  config,
  pkgs,
  lib,
  ...
 }:
 {
-  imports =
+  imports = [
    [
    ./base.nix
    ./users/chris.nix
  ];
@ -11,30 +15,19 @@
  documentation.info.enable = false;
  documentation.man.enable = false;
  environment.variables.BROWSER = "echo";
-  nix.settings.trusted-users = [ "root" "@wheel" ];
+  nix.settings.trusted-users = [
    "root"
    "@wheel"
  ];
  time.timeZone = lib.mkDefault "UTC";
  systemd = {
    # Given that our systems are headless, emergency mode is useless.
    # We prefer the system to attempt to continue booting so
    # that we can hopefully still access it remotely.
    enableEmergencyMode = false;
    # For more detail, see:
    #   https://0pointer.de/blog/projects/watchdog.html
    watchdog = {
      # systemd will send a signal to the hardware watchdog at half
      # the interval defined here, so every 10s.
      # If the hardware watchdog does not get a signal for 20s,
      # it will forcefully reboot the system.
      runtimeTime = "20s";
      # Forcefully reboot if the final stage of the reboot
      # hangs without progress for more than 30s.
      # For more info, see:
      #   https://utcc.utoronto.ca/~cks/space/blog/linux/SystemdShutdownWatchdog
      rebootTime = "30s";
    };
@ -83,7 +76,14 @@
    useDHCP = false;
    #     nameservers = [ "1.1.1.1" "1.0.0.1" "8.8.8.8" "8.4.4.8" ];
-    nameservers = [ "10.0.0.1" "10.5.0.1" "1.1.1.1" "1.0.0.1" "8.8.8.8" "8.4.4.8" ];
+    nameservers = [
      "10.0.0.1"
      "10.5.0.1"
      "1.1.1.1"
      "1.0.0.1"
      "8.8.8.8"
      "8.4.4.8"
    ];
    defaultGateway = "10.0.0.1";
  };
@ -91,4 +91,3 @@
  i18n.defaultLocale = "en_US.UTF-8";
 }
--- a/modules/base.nix
+++ b/modules/base.nix
@ -1,11 +1,12 @@
-{ config, pkgs, lib, ... }:
+{
  config,
  pkgs,
  lib,
  ...
 }:
 {
-  imports =
+  imports = [ ./packages/vim.nix ];
    [
      ./packages/vim.nix
      ./users/Rory.nix
    ];
  boot = {
    initrd.systemd.enable = true;
@ -60,7 +61,12 @@
      # allowedTCPPorts = [ ... ];
      # allowedUDPPorts = [ ... ];
    };
-    nameservers =  [ "1.1.1.1" "1.0.0.1" "8.8.8.8" "8.4.4.8" ];
+    nameservers = [
      "1.1.1.1"
      "1.0.0.1"
      "8.8.8.8"
      "8.4.4.8"
    ];
  };
  i18n.defaultLocale = "en_US.UTF-8";
@ -114,7 +120,6 @@
    unzip
    brotli
    # - zsh
    zsh
    zsh-powerlevel10k
@ -129,7 +134,10 @@
  '';
  nix = {
    settings = {
-      experimental-features = [ "nix-command" "flakes" ];
+      experimental-features = [
        "nix-command"
        "flakes"
      ];
      auto-optimise-store = true;
      trusted-users = [ "@wheel" ];
    };
--- a/modules/packages/vim.nix
+++ b/modules/packages/vim.nix
@ -1,13 +1,19 @@
 { pkgs, ... }:
 {
-  environment.variables = { EDITOR = "vim"; };
+  environment.variables = {
    EDITOR = "vim";
  };
  environment.systemPackages = with pkgs; [
    (neovim.override {
      vimAlias = true;
      configure = {
        packages.myPlugins = with pkgs.vimPlugins; {
-          start = [ vim-lastplace vim-nix vim-airline ]; 
+          start = [
            vim-lastplace
            vim-nix
            vim-airline
          ];
          opt = [ ];
        };
        customRC = ''
@ -17,6 +23,6 @@
          " ...
        '';
      };
-    }
+    })
-  )];
+  ];
 }
--- a/modules/users/Rory.client.nix
+++ b/modules/users/Rory.client.nix
@ -1,53 +0,0 @@
 { config, lib, pkgs, home-manager, ... }:
 {
  programs = {
    ssh = {
      startAgent = true;
      setXAuthLocation = true;
      enableAskPassword = true;
    };
  };
  home-manager.users.Rory = {
    services.gnome-keyring.enable = lib.mkForce false;
    dconf.settings = {
      "org/virt-manager/virt-manager/connections" = {
        autoconnect = ["qemu:///system"];
        uris = ["qemu:///system"];
      };
    };
    # keepassxc, maybe?
    systemd.user.services.keepassxc = {
      Unit = {
        Description = "KeePassXC password manager";
        #After = [ "graphical-session-pre.target" ];
        PartOf = [ "default.target" ];
      };
      Install = { WantedBy = [ "default.target" ]; };
      Service = { 
        ExecStart = "${pkgs.keepassxc}/bin/keepassxc ~/.secrets.kdbx";
        Restart = "always";
      };
    };
    systemd.user.services.easyeffects = {
      Unit = {
        Description = "EasyEffects";
        #After = [ "graphical-session-pre.target" ];
        PartOf = [ "default.target" ];
      };
      Install = { WantedBy = [ "default.target" ]; };
      Service = { 
        ExecStart = "${pkgs.easyeffects}/bin/easyeffects";
        Restart = "always";
      };
    };
    home.stateVersion = "22.11";
  };
 }
--- a/modules/users/Rory.nix
+++ b/modules/users/Rory.nix
@ -1,190 +0,0 @@
 { config, lib, pkgs, home-manager, ... }:
 {
  users.users.Rory = {
    isNormalUser = true;
    extraGroups = [ "wheel" "libvirtd" "ocp" ];
    packages = with pkgs; [
      lnav
      age
      git
      lsd
      duf
      btop
      htop
      kitty.terminfo
      tmux
      jq
      dig
      # - zsh
      zsh
      zsh-powerlevel10k
      zsh-nix-shell
      zsh-you-should-use
      zsh-syntax-highlighting
      zsh-completions
    ];
    openssh.authorizedKeys.keys = [
      #"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICT+53Hy3wbIlNVIomK2RroaimMWrTlUkndjHt1dFuyh root@pfSense-arcane-home.localdomain"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILF2IuNu//0DP/wKMuDvBgVT3YBS2uULsipbdrhJCTM7 thearcanebrony@tab-linux-desktop"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN/kNkY/E5b6rvCQLMaSbpLQ/xoyywIwVVu9uo2j/B6p Rory@RoryNix"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJPRTuz83dVThuDVXhDz3w3uYBGJ+JPzdZFT6wvhQXQ3 Rory@Rory-wsl" # work laptop
    ];
    useDefaultShell = true;
    shell = pkgs.zsh;
  };
  programs.zsh.enable = true;
  environment.shells = with pkgs; [ zsh ];
  home-manager.users.Rory = {
    programs = {
      git = {
        enable = true;
        userName = "Rory&";
        userEmail = "root@rory.gay";
        extraConfig = {
          safe = {
            directory = "/";
          };
        };
      };
      zsh = {
        enable = true;
        enableAutosuggestions = true;
        enableVteIntegration = true;
        autocd = true;
        initExtraFirst = ''
          export EDITOR=nvim
          export SYSTEMD_EDITOR=$EDITOR
          export GIT_EDITOR=$EDITOR
          export QT_QPA_PLATFORMTHEME=xdgdesktopportal
          export GTK_USE_PORTAL=1
          export _JAVA_AWT_WM_NONREPARENTING=1
          export WINEDEBUG=-all
          export DOTPROFILE_LOADED='yes'
          export CHOKIDAR_USEPOLLING=true
          export MSBUILDLIVELOGGER=auto
          export DOTNET_WATCH_SUPPRESS_LAUNCH_BROWSER=1
          export DOTNET_CLI_TELEMETRY_OPTOUT=1
          function mkkey() {
            echo "Making key for $1"
            ssh-keygen -t ed25519 -C "$HOST -> $1" -f ~/.ssh/id_ed25519_$1
            (
              echo "Host $1"
              echo "  IdentityFile ~/.ssh/id_ed25519_$1"
            ) >> ~/.ssh/config
            echo 'Done! Public key:'
            cat ~/.ssh/id_ed25519_$1.pub
          }
          export DISABLE_AUTO_UPDATE=true
          COMPLETION_WAITING_DOTS="true"
          '';
        initExtra = ''
          alias mv='mv -v'
          alias pre='npx prettier -w'
          alias git-commit='git commit --signoff --sign'
          alias npm='NODE_OPTIONS=--openssl-legacy-provider npm'
          alias npx='NODE_OPTIONS=--openssl-legacy-provider npx'
          alias yarn='NODE_OPTIONS=--openssl-legacy-provider npx -y yarn --use-yarnrc $XDG_CONFIG_HOME/yarn/config'
          alias node='NODE_OPTIONS=--openssl-legacy-provider node'
          # - dotnet
          alias drun='dotnet watch run --no-hot-reload --property WarningLevel=0'
          alias dbuild='dotnet watch build --no-hot-reload --property WarningLevel=0'
          alias ls='lsd -lA --color=always --icon=always'
          alias transfetch='neofetch --kitty ~/trans_witch.jpg'
          alias gc='git-commit'
          [ -f "$HOME/.profile" ] && . $HOME/.profile
          '';
          #alias knconfig='cp .config ../$(date ''+%Y%m%d_%k%M%S\'').config -v; make CC=clang LLVM=1 nconfig'
        oh-my-zsh = {
          enable = true;
          plugins = [
            "git"
            "sudo"
          ];
        }; 
        plugins = [
          {
            name = "powerlevel10k";
            src = pkgs.zsh-powerlevel10k;
            file = "share/zsh-powerlevel10k/powerlevel10k.zsh-theme";
          }
          {
            name = "powerlevel10k-config";
            src = lib.cleanSource ./Rory;
            file = "p10k.zsh";
          }
          {
            name = "zsh-syntax-highlighting";
            src = pkgs.zsh-syntax-highlighting;
            file = "share/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh";
          }
          {
            name = "zsh-autosuggestions";
            src = pkgs.zsh-autosuggestions;
            file = "share/zsh-autosuggestions/zsh-autosuggestions.zsh";
          }
        ];
        localVariables = {
          POWERLEVEL9K_LEFT_PROMPT_ELEMENTS = [
            "os_icon"
            "dir"
            "vcs"
            "prompt_char"
          ];
          POWERLEVEL9K_RIGHT_PROMPT_ELEMENTS = [
            "status"
            "command_execution_time"
            "background_jobs"
            "direnv"
            "virtualenv"
            "pyenv"
            "nodeenv"
            "context"
            "nix_shell"
            "vi_mode"
            "load"
            "disk_usage"
            "ram"
          ];
          POWERLEVEL9K_MODE = "nerdfont-complete";
          POWERLEVEL9K_ICON_PADDING = "none";
          POWERLEVEL9K_PROMPT_ADD_NEWLINE = "false";
          POWERLEVEL9K_LEFT_SUBSEGMENT_SEPARATOR = "\uE0B1";
          POWERLEVEL9K_RIGHT_SUBSEGMENT_SEPARATOR = "\uE0B3";
          POWERLEVEL9K_LEFT_SEGMENT_SEPARATOR = "\uE0B0";
          POWERLEVEL9K_RIGHT_SEGMENT_SEPARATOR = "\uE0B2";
          POWERLEVEL9K_LEFT_PROMPT_LAST_SEGMENT_END_SYMBOL = "\uE0B0";
          POWERLEVEL9K_RIGHT_PROMPT_FIRST_SEGMENT_START_SYMBOL = "\uE0B2";
          POWERLEVEL9K_PROMPT_CHAR_OVERWRITE_STATE = true;
        };
      };
      neovim = {
        defaultEditor = true;
        viAlias = true;
        vimAlias = true;
        vimdiffAlias = true;
        coc = {
          enable = true;
        };
      };
    };
    programs.neovim.plugins = with pkgs.vimPlugins; [
      pkgs.vimPlugins.nvim-tree-lua
      {
        plugin = pkgs.vimPlugins.vim-startify;
        config = "let g:startify_change_to_vcs_root = 0";
      }
    ];
    home.stateVersion = "22.11";
  };
 }
--- a/modules/users/Rory/p10k.zsh
+++ b/modules/users/Rory/p10k.zsh
--- a/modules/users/Rory/wallpaper.webp
+++ b/modules/users/Rory/wallpaper.webp
--- a/modules/users/chris.nix
+++ b/modules/users/chris.nix
@ -10,9 +10,6 @@
      nodejs-slim
    ];
    #initialPassword = "password";
-    openssh.authorizedKeys.keys = [
+    openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd9U0+wKjBG3Q9Qg249xJY+ybYeRV9/VMPjuwKvFBEI" ];
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd9U0+wKjBG3Q9Qg249xJY+ybYeRV9/VMPjuwKvFBEI"
    ];
  };
 }