diff options
Diffstat (limited to 'users/tazjin/nixos/modules')
-rw-r--r-- | users/tazjin/nixos/modules/airsonic.nix | 32 | ||||
-rw-r--r-- | users/tazjin/nixos/modules/chromium.nix | 30 | ||||
-rw-r--r-- | users/tazjin/nixos/modules/default.nix | 2 | ||||
-rw-r--r-- | users/tazjin/nixos/modules/desktop.nix | 55 | ||||
-rw-r--r-- | users/tazjin/nixos/modules/fonts.nix | 24 | ||||
-rw-r--r-- | users/tazjin/nixos/modules/geesefs.nix | 38 | ||||
-rw-r--r-- | users/tazjin/nixos/modules/hidpi.nix | 19 | ||||
-rw-r--r-- | users/tazjin/nixos/modules/home-config.nix | 19 | ||||
-rw-r--r-- | users/tazjin/nixos/modules/laptop.nix | 15 | ||||
-rw-r--r-- | users/tazjin/nixos/modules/monica.nix | 26 | ||||
-rw-r--r-- | users/tazjin/nixos/modules/persistence.nix | 26 | ||||
-rw-r--r-- | users/tazjin/nixos/modules/physical.nix | 105 | ||||
-rw-r--r-- | users/tazjin/nixos/modules/predlozhnik.nix | 10 | ||||
-rw-r--r-- | users/tazjin/nixos/modules/tgsa.nix | 29 |
14 files changed, 430 insertions, 0 deletions
diff --git a/users/tazjin/nixos/modules/airsonic.nix b/users/tazjin/nixos/modules/airsonic.nix new file mode 100644 index 000000000000..815f18377883 --- /dev/null +++ b/users/tazjin/nixos/modules/airsonic.nix @@ -0,0 +1,32 @@ +# airsonic is a decent, web-based player UI for subsonic +{ pkgs, ... }: + +let + env = builtins.toFile "env.js" '' + window.env = { + SERVER_URL: "https://music.tazj.in", + } + ''; + + airsonicDist = pkgs.fetchzip { + name = "airsonic-refix"; + + # from master CI @ f894d5eacebec2f47486f340c8610f446d4f64b3 + # https://github.com/tamland/airsonic-refix/actions/runs/6150155527 + url = "https://storage.yandexcloud.net/tazjin-public/airsonic-refix-f894d5ea.zip"; + sha256 = "02rnh9h7rh22wkghays389yddwbwg7sawmczdxdmjrcnkc7mq2jz"; + + stripRoot = false; + postFetch = "cp ${env} $out/env.js"; + }; +in +{ + services.nginx.virtualHosts."player.tazj.in" = { + enableACME = true; + forceSSL = true; + root = "${airsonicDist}"; + + # deal with SPA routing requirements + locations."/".extraConfig = "try_files $uri /index.html;"; + }; +} diff --git a/users/tazjin/nixos/modules/chromium.nix b/users/tazjin/nixos/modules/chromium.nix new file mode 100644 index 000000000000..22f1c8d362fe --- /dev/null +++ b/users/tazjin/nixos/modules/chromium.nix @@ -0,0 +1,30 @@ +# Configure the Chromium browser with various useful things. +{ pkgs, ... }: + +{ + environment.systemPackages = [ + (pkgs.chromium.override { + enableWideVine = true; # DRM support (for Кинопоиск) + }) + ]; + + programs.chromium = { + enable = true; + homepageLocation = "about:blank"; + + extensions = [ + "dbepggeogbaibhgnhhndojpepiihcmeb" # Vimium + "cjpalhdlnbpafiamejdnhcphjbkeiagm" # uBlock Origin + "mohaicophfnifehkkkdbcejkflmgfkof" # nitter redirect + "lhdifindchogekmjooeiolmjdlheilae" # Huruf + ]; + + extraOpts = { + SpellcheckEnabled = true; + SpellcheckLanguage = [ + "ru" + "en-GB" + ]; + }; + }; +} diff --git a/users/tazjin/nixos/modules/default.nix b/users/tazjin/nixos/modules/default.nix new file mode 100644 index 000000000000..d747e8e1319a --- /dev/null +++ b/users/tazjin/nixos/modules/default.nix @@ -0,0 +1,2 @@ +# Make readTree happy at this level. +_: { } diff --git a/users/tazjin/nixos/modules/desktop.nix b/users/tazjin/nixos/modules/desktop.nix new file mode 100644 index 000000000000..e2d77e16574c --- /dev/null +++ b/users/tazjin/nixos/modules/desktop.nix @@ -0,0 +1,55 @@ +# EXWM and other desktop configuration. +{ config, depot, lib, pkgs, ... }: + +{ + services = { + pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + }; + + redshift.enable = true; + blueman.enable = true; + + xserver = { + enable = true; + layout = "us"; + xkbOptions = "caps:super"; + + libinput.enable = true; + + displayManager = { + # Give EXWM permission to control the session. + sessionCommands = "${pkgs.xorg.xhost}/bin/xhost +SI:localuser:$USER"; + lightdm.enable = true; + # lightdm.greeters.gtk.clock-format = "%H:%M"; # TODO(tazjin): TZ? + }; + + windowManager.session = lib.singleton { + name = "exwm"; + start = "${config.tazjin.emacs}/bin/tazjins-emacs --internal-border=0 --border-width=0"; + }; + }; + }; + + # Set variables to enable EXWM-XIM and other Emacs features. + environment.sessionVariables = { + XMODIFIERS = "@im=exwm-xim"; + GTK_IM_MODULE = "xim"; + QT_IM_MODULE = "xim"; + CLUTTER_IM_MODULE = "xim"; + EDITOR = "emacsclient"; + _JAVA_AWT_WM_NONREPARENTING = "1"; + }; + + # Do not restart the display manager automatically + systemd.services.display-manager.restartIfChanged = lib.mkForce false; + + # If something needs more than 10s to stop it should probably be + # killed. + systemd.extraConfig = '' + DefaultTimeoutStopSec=10s + ''; +} diff --git a/users/tazjin/nixos/modules/fonts.nix b/users/tazjin/nixos/modules/fonts.nix new file mode 100644 index 000000000000..ee1b84e581f1 --- /dev/null +++ b/users/tazjin/nixos/modules/fonts.nix @@ -0,0 +1,24 @@ +# Attempt at configuring reasonable font-rendering. + +{ pkgs, ... }: + +{ + fonts = { + packages = with pkgs; [ + corefonts + dejavu_fonts + jetbrains-mono + noto-fonts-cjk + noto-fonts-emoji + ]; + + fontconfig = { + hinting.enable = true; + subpixel.lcdfilter = "light"; + + defaultFonts = { + monospace = [ "JetBrains Mono" ]; + }; + }; + }; +} diff --git a/users/tazjin/nixos/modules/geesefs.nix b/users/tazjin/nixos/modules/geesefs.nix new file mode 100644 index 000000000000..c45ee528f6a2 --- /dev/null +++ b/users/tazjin/nixos/modules/geesefs.nix @@ -0,0 +1,38 @@ +{ depot, pkgs, ... }: + +{ + imports = [ + (depot.third_party.agenix.src + "/modules/age.nix") + ]; + + age.secrets.geesefs-tazjins-files.file = depot.users.tazjin.secrets."geesefs-tazjins-files.age"; + programs.fuse.userAllowOther = true; + + systemd.services.geesefs = { + description = "geesefs @ tazjins-files"; + wantedBy = [ "multi-user.target" ]; + path = [ pkgs.fuse ]; + + serviceConfig = { + # TODO: can't get fusermount to work for non-root users (e.g. DynamicUser) here, why? + + Restart = "always"; + LoadCredential = "geesefs-tazjins-files:/run/agenix/geesefs-tazjins-files"; + StateDirectory = "geesefs"; + ExecStartPre = "/run/wrappers/bin/umount -a -t fuse.geesefs"; + }; + + script = '' + set -u # bail out if systemd is misconfigured ... + set -x + + mkdir -p $STATE_DIRECTORY/tazjins-files $STATE_DIRECTORY/cache + + ${depot.third_party.geesefs}/bin/geesefs \ + -f -o allow_other \ + --cache $STATE_DIRECTORY/cache \ + --shared-config $CREDENTIALS_DIRECTORY/geesefs-tazjins-files \ + tazjins-files $STATE_DIRECTORY/tazjins-files + ''; + }; +} diff --git a/users/tazjin/nixos/modules/hidpi.nix b/users/tazjin/nixos/modules/hidpi.nix new file mode 100644 index 000000000000..2ff61d499a2e --- /dev/null +++ b/users/tazjin/nixos/modules/hidpi.nix @@ -0,0 +1,19 @@ +# Configuration for machines with HiDPI displays, which are a total +# mess, of course. +{ ... }: + +{ + # Expose a variable to all programs that might be interested in the + # screen settings to do conditional initialisation (mostly for Emacs). + environment.variables.HIDPI_SCREEN = "true"; + + # TODO(tazjin): this option has been removed and needs to be replaced + # by manual configuration: https://github.com/NixOS/nixpkgs/issues/222805 + # Ensure a larger font size in early boot stage. + # hardware.video.hidpi.enable = true; + + # Bump DPI across the board. + # TODO(tazjin): This should actually be set per monitor, but I + # haven't yet figured out the right interface for doing that. + services.xserver.dpi = 161; +} diff --git a/users/tazjin/nixos/modules/home-config.nix b/users/tazjin/nixos/modules/home-config.nix new file mode 100644 index 000000000000..bda8f7a44014 --- /dev/null +++ b/users/tazjin/nixos/modules/home-config.nix @@ -0,0 +1,19 @@ +# Inject the right home-manager config for the machine. + +{ config, depot, pkgs, ... }: + +{ + users.users.tazjin = { + isNormalUser = true; + createHome = true; + extraGroups = [ "wheel" "networkmanager" "video" "adbusers" ]; + uid = 1000; + shell = pkgs.fish; + initialHashedPassword = "$2b$05$1eBPdoIgan/C/L8JFqIHBuVscQyTKw1L/4VBlzlLvLBEf6CXS3EW6"; + }; + + nix.settings.trusted-users = [ "tazjin" ]; + + home-manager.useGlobalPkgs = true; + home-manager.users.tazjin = depot.users.tazjin.home."${config.networking.hostName}"; +} diff --git a/users/tazjin/nixos/modules/laptop.nix b/users/tazjin/nixos/modules/laptop.nix new file mode 100644 index 000000000000..e0d67dc25989 --- /dev/null +++ b/users/tazjin/nixos/modules/laptop.nix @@ -0,0 +1,15 @@ +# Configuration specifically for laptops that move around. +{ ... }: + +{ + time.timeZone = "Europe/Moscow"; + + # Automatically detect location for redshift & so on ... + services.geoclue2.enable = true; + location.provider = "geoclue2"; + + # Enable power-saving features. + services.tlp.enable = true; + + programs.light.enable = true; +} diff --git a/users/tazjin/nixos/modules/monica.nix b/users/tazjin/nixos/modules/monica.nix new file mode 100644 index 000000000000..493bffb2f986 --- /dev/null +++ b/users/tazjin/nixos/modules/monica.nix @@ -0,0 +1,26 @@ +# Host the Monica personal CRM software. +{ depot, config, ... }: + +{ + imports = [ + (depot.third_party.agenix.src + "/modules/age.nix") + ]; + + age.secrets.monica-appkey = { + group = config.services.monica.group; + file = depot.users.tazjin.secrets."monica-appkey.age"; + mode = "0440"; + }; + + services.monica = { + enable = true; + hostname = "monica.tazj.in"; + appKeyFile = "/run/agenix/monica-appkey"; + database.createLocally = true; + + nginx = { + enableACME = true; + forceSSL = true; + }; + }; +} diff --git a/users/tazjin/nixos/modules/persistence.nix b/users/tazjin/nixos/modules/persistence.nix new file mode 100644 index 000000000000..b864d13a8d70 --- /dev/null +++ b/users/tazjin/nixos/modules/persistence.nix @@ -0,0 +1,26 @@ +# Configuration for persistent (non-home) data. +{ config, depot, pkgs, lib, ... }: + +{ + imports = [ + (depot.third_party.sources.impermanence + "/nixos.nix") + ]; + + environment.persistence."/persist" = { + directories = [ + "/etc/NetworkManager/system-connections" + "/etc/mullvad-vpn" + "/var/cache/mullvad-vpn" + "/var/lib/bluetooth" + "/var/lib/systemd/coredump" + "/var/lib/tailscale" + "/var/log" + ]; + + files = lib.optional (builtins.isNull config.networking.hostId) [ + "/etc/machine-id" + ]; + }; + + programs.fuse.userAllowOther = true; +} diff --git a/users/tazjin/nixos/modules/physical.nix b/users/tazjin/nixos/modules/physical.nix new file mode 100644 index 000000000000..6d48a076bf51 --- /dev/null +++ b/users/tazjin/nixos/modules/physical.nix @@ -0,0 +1,105 @@ +# Default configuration settings for physical machines that I use. +{ lib, pkgs, config, depot, ... }: + +let + pass-otp = pkgs.pass.withExtensions (e: [ e.pass-otp ]); +in +{ + options = with lib; { + tazjin.emacs = mkOption { + type = types.package; + default = depot.users.tazjin.emacs; + description = '' + Derivation with my Emacs package, with configuration included. + ''; + }; + }; + + config = { + # Install all the default software. + environment.systemPackages = + # programs from the depot + (with depot; [ + users.tazjin.screenLock + users.tazjin.chase-geese + config.tazjin.emacs + third_party.agenix.cli + third_party.josh + ]) ++ + + # programs from nixpkgs + (with pkgs; [ + (aspellWithDicts (d: [ d.ru ])) + amber + bat + curl + ddcutil + direnv + dnsutils + electrum + firefox + config.tazjin.emacs.emacs # emacsclient + expect + fd + file + gdb + git + gnupg + gtk3 # for gtk-launch + htop + hyperfine + iftop + imagemagick + jq + lieer + maim + man-pages + moreutils + mosh + msmtp + networkmanagerapplet + nix-prefetch-github + nmap + notmuch + openssh + openssl + pass-otp + pavucontrol + pinentry + pinentry-emacs + pulseaudio # for pactl + pwgen + quasselClient + rink + ripgrep + rustup + screen + tig + tokei + tree + unzip + vlc + volumeicon + whois + xclip + xsecurelock + zoxide + ]); + + # Run services & configure programs for all machines. + services.fwupd.enable = true; + + # Disable the broken NetworkManager-wait-online.service + systemd.services.NetworkManager-wait-online.enable = lib.mkForce false; + + # Disable the thing that prints annoying warnings when trying to + # run manually patchelfed binaries + environment.stub-ld.enable = false; + + programs = { + fish.enable = true; + mosh.enable = true; + ssh.startAgent = true; + }; + }; +} diff --git a/users/tazjin/nixos/modules/predlozhnik.nix b/users/tazjin/nixos/modules/predlozhnik.nix new file mode 100644 index 000000000000..db20963df1f2 --- /dev/null +++ b/users/tazjin/nixos/modules/predlozhnik.nix @@ -0,0 +1,10 @@ +# Host predlozhnik.ru, serving //users/tazjin/predlozhnik +{ depot, ... }: + +{ + services.nginx.virtualHosts."predlozhnik.ru" = { + root = depot.corp.russian.predlozhnik; + enableACME = true; + forceSSL = true; + }; +} diff --git a/users/tazjin/nixos/modules/tgsa.nix b/users/tazjin/nixos/modules/tgsa.nix new file mode 100644 index 000000000000..e162e0d8228f --- /dev/null +++ b/users/tazjin/nixos/modules/tgsa.nix @@ -0,0 +1,29 @@ +{ config, depot, lib, pkgs, ... }: + +{ + systemd.services.tgsa = { + description = "telegram -> SA bbcode thing"; + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + DynamicUser = true; + Restart = "always"; + LoadCredential = "tgsa-yandex.json:/run/agenix/tgsa-yandex"; + }; + + script = '' + export YANDEX_KEY_FILE="''${CREDENTIALS_DIRECTORY}/tgsa-yandex.json" + ${depot.users.tazjin.tgsa}/bin/tgsa + ''; + }; + + services.nginx.virtualHosts."tgsa" = { + serverName = "tgsa.tazj.in"; + enableACME = true; + forceSSL = true; + + locations."/" = { + proxyPass = "http://127.0.0.1:8472"; + }; + }; +} |