maralorn/nixos-config
1
0
Fork 0
Code Wiki Activity

Reformat with nixpkgs-fmt

Browse source
This commit is contained in:
Malte Brandy 2021-05-18 16:33:28 +02:00
parent e80d63f7c2
commit 2f0cbffbbe
No known key found for this signature in database
GPG key ID: 226A2D41EF5378C9
79 changed files with 1212 additions and 1037 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
cachix.nix
View file

@ -1,4 +1,3 @@
# WARN: this file will get overwritten by $ cachix use <name>
{ pkgs, lib, ... }:
@ -7,8 +6,9 @@ let
toImport = name: value: folder + ("/" + name);
filterCaches = key: value: value == "regular" && lib.hasSuffix ".nix" key;
imports = lib.mapAttrsToList toImport (lib.filterAttrs filterCaches (builtins.readDir folder));
in {
in
{
inherit imports;
nix.binaryCaches = ["https://cache.nixos.org/"];
nix.binaryCaches = [ "https://cache.nixos.org/" ];
}

1
cachix/pre-commit-hooks.nix
View file

@ -1,4 +1,3 @@
{
nix = {
binaryCaches = [

3
channels.nix
View file

@ -7,7 +7,8 @@ let
nixpkgs-channel = "nixos-unstable";
home-manager-channel = "home-manager-master";
};
in rec {
in
rec {
hera = nixos-20-09;
apollo = nixos-20-09;
cloud = hera;

3
common/common.nix
View file

@ -18,7 +18,8 @@
"TJHVUM6-RTB6V3D-JF4GIB2-TVDF2ST-5MTN6N2-ZDIWGF7-XZUCCFG-EQG5WA6";
};
};
in {
in
{
devices = pkgs.lib.getAttrs hosts devices;
folders = {
science = mkFolder "science";

50
common/default.nix
View file

@ -45,35 +45,37 @@ with lib;
};
m-0.hosts = mkOption {
type = types.attrs;
default = let
p = config.m-0.prefix;
hera-p = "${p}::3";
apollo-p = "${p}::1";
wg-p = "${p}::100";
v4-p = "10.0.0";
in rec {
hera = "${p}::1";
hera-wg-host = "${p}::100:0:1";
default =
let
p = config.m-0.prefix;
hera-p = "${p}::3";
apollo-p = "${p}::1";
wg-p = "${p}::100";
v4-p = "10.0.0";
in
rec {
hera = "${p}::1";
hera-wg-host = "${p}::100:0:1";
hera-v4 = "213.136.94.190";
hera-v4 = "213.136.94.190";
hera-wg = "${wg-p}:1";
apollo-wg = "${wg-p}:2";
hera-wg = "${wg-p}:1";
apollo-wg = "${wg-p}:2";
hera-intern = "${hera-p}:1";
git = "${hera-p}:2";
borg = "${hera-p}:3";
matrix = "${hera-p}:8";
cloud = "${hera-p}:9";
chor-cloud = "${hera-p}:b";
hera-intern = "${hera-p}:1";
git = "${hera-p}:2";
borg = "${hera-p}:3";
matrix = "${hera-p}:8";
cloud = "${hera-p}:9";
chor-cloud = "${hera-p}:b";
apollo = apollo-wg;
apollo = apollo-wg;
hera-intern-v4 = "${v4-p}.1";
cloud-intern-v4 = "${v4-p}.2";
chor-cloud-intern-v4 = "${v4-p}.3";
matrix-intern-v4 = "${v4-p}.4";
};
hera-intern-v4 = "${v4-p}.1";
cloud-intern-v4 = "${v4-p}.2";
chor-cloud-intern-v4 = "${v4-p}.3";
matrix-intern-v4 = "${v4-p}.4";
};
};
};

203
home-manager/machines.nix
View file

@ -1,112 +1,113 @@
let
inherit (import (import ../nix/sources.nix).nixos-unstable {}) lib;
inherit (import (import ../nix/sources.nix).nixos-unstable { }) lib;
makeConfig = hostName: imports:
{ ... }: {
imports = imports ++ [ ./roles/default.nix ];
m-0.hostName = hostName;
nixpkgs.overlays = [ (_: _: (import ../channels.nix).${hostName}) ];
};
{ ... }: {
imports = imports ++ [ ./roles/default.nix ];
m-0.hostName = hostName;
nixpkgs.overlays = [ (_: _: (import ../channels.nix).${hostName}) ];
};
in
{
apollo = let
install = f: ({ pkgs, ... }: { home.packages = f pkgs; });
makeAutostart = name:
{ config, ... }: {
config.home.file.".config/autostart/${name}.desktop".source =
"${config.home.path}/share/applications/${name}.desktop";
};
setStartpage = startpage:
{ ... }: {
programs.firefox.profiles."fz2sm95u.default".settings = {
"browser.startup.homepage" = startpage;
};
};
makeBlock = list:
{ pkgs, lib, ... }: {
systemd.user.services.blockserver = {
Unit.Description = "Serve a blocklist";
Service = {
ExecStart = "${pkgs.python3}/bin/python -m http.server 8842 -d ${
apollo =
let
install = f: ({ pkgs, ... }: { home.packages = f pkgs; });
makeAutostart = name:
{ config, ... }: {
config.home.file.".config/autostart/${name}.desktop".source =
"${config.home.path}/share/applications/${name}.desktop";
};
setStartpage = startpage:
{ ... }: {
programs.firefox.profiles."fz2sm95u.default".settings = {
"browser.startup.homepage" = startpage;
};
};
makeBlock = list:
{ pkgs, lib, ... }: {
systemd.user.services.blockserver = {
Unit.Description = "Serve a blocklist";
Service = {
ExecStart = "${pkgs.python3}/bin/python -m http.server 8842 -d ${
pkgs.writeTextDir "blocklist" (lib.concatStringsSep "\r\n" list)
}";
Restart = "always";
Restart = "always";
};
Install.WantedBy = [ "default.target" ];
};
};
Install.WantedBy = [ "default.target" ];
};
};
setWorkspaceName = name:
{ pkgs, lib, ... }: {
dconf.settings = {
"org/gnome/desktop/wm/preferences" = {
workspace-names = [ name ]; # use neo
setWorkspaceName = name:
{ pkgs, lib, ... }: {
dconf.settings = {
"org/gnome/desktop/wm/preferences" = {
workspace-names = [ name ]; # use neo
};
};
};
};
};
tinkerPages = [
"reddit.com"
"github.com"
"*.ccc.de"
"haskell.org"
"*.haskell.org"
"*.nixos.org"
"nixos.org"
"matrix.org"
"element.io"
"youtube.de"
"youtube.com"
"*.element.io"
];
leisurePages = [
"zeit.de"
"heise.de"
"spiegel.de"
"xkcd.com"
"smbc-comics.com"
"tagesschau.de"
"welt.de"
"ndr.de"
"ard.de"
"zdf.de"
"twitter.com"
"chaos.social"
];
apolloConfig = name: imports:
makeConfig "apollo" (
imports ++ [
./roles/arbtt
./roles/zettelkasten.nix
./roles/hoogle.nix
./roles/battery.nix
./roles/mpd.nix
./roles/beets.nix
./roles/mpclient.nix
./roles/on-my-machine.nix
./roles/desktop
./roles/kassandra.nix
./roles/git-sign.nix
./roles/laptop.nix
./roles/mail.nix
./roles/update_tasks.nix
./roles/research.nix
./roles/vdirsyncer.nix
./roles/khard.nix
./roles/khal.nix
./roles/taskwarrior.nix
./roles/taskwarrior-git.nix
(makeAutostart "unlock-ssh")
(setWorkspaceName name)
]
);
unrestricted = [
./roles/accounting.nix
./roles/mail-client.nix
./roles/pythia.nix
./roles/tinkering.nix
./roles/chat.nix
(setStartpage "https://stats.maralorn.de/d/health-status")
(makeBlock [])
];
in
tinkerPages = [
"reddit.com"
"github.com"
"*.ccc.de"
"haskell.org"
"*.haskell.org"
"*.nixos.org"
"nixos.org"
"matrix.org"
"element.io"
"youtube.de"
"youtube.com"
"*.element.io"
];
leisurePages = [
"zeit.de"
"heise.de"
"spiegel.de"
"xkcd.com"
"smbc-comics.com"
"tagesschau.de"
"welt.de"
"ndr.de"
"ard.de"
"zdf.de"
"twitter.com"
"chaos.social"
];
apolloConfig = name: imports:
makeConfig "apollo" (
imports ++ [
./roles/arbtt
./roles/zettelkasten.nix
./roles/hoogle.nix
./roles/battery.nix
./roles/mpd.nix
./roles/beets.nix
./roles/mpclient.nix
./roles/on-my-machine.nix
./roles/desktop
./roles/kassandra.nix
./roles/git-sign.nix
./roles/laptop.nix
./roles/mail.nix
./roles/update_tasks.nix
./roles/research.nix
./roles/vdirsyncer.nix
./roles/khard.nix
./roles/khal.nix
./roles/taskwarrior.nix
./roles/taskwarrior-git.nix
(makeAutostart "unlock-ssh")
(setWorkspaceName name)
]
);
unrestricted = [
./roles/accounting.nix
./roles/mail-client.nix
./roles/pythia.nix
./roles/tinkering.nix
./roles/chat.nix
(setStartpage "https://stats.maralorn.de/d/health-status")
(makeBlock [ ])
];
in
{
unrestricted = apolloConfig "Unrestricted" unrestricted;
orga = apolloConfig "Orga" [

30
home-manager/roles/battery.nix
View file

@ -1,18 +1,19 @@
{ lib, pkgs, config, ... }:
let
battery-watch = pkgs.writeHaskellScript {
name = "battery-watch";
bins = [ pkgs.acpi ];
imports = [
"DBus.Notify"
"Control.Concurrent"
"Text.Megaparsec"
"Text.Megaparsec.Char"
"Text.Megaparsec.Char.Lexer"
"Replace.Megaparsec"
"Data.Maybe"
];
} ''
battery-watch = pkgs.writeHaskellScript
{
name = "battery-watch";
bins = [ pkgs.acpi ];
imports = [
"DBus.Notify"
"Control.Concurrent"
"Text.Megaparsec"
"Text.Megaparsec.Char"
"Text.Megaparsec.Char.Lexer"
"Replace.Megaparsec"
"Data.Maybe"
];
} ''
moderateLevel = 50 -- percent
lowLevel = 20 -- percent
criticalLevel = 8 -- percent
@ -58,7 +59,8 @@ let
where
myNote = blankNote { body = Just $ Text [i|#{currentLevel}% remaining.|]}
'';
in {
in
{
systemd.user = {
services.battery = {

9
home-manager/roles/chat.nix
View file

@ -3,10 +3,11 @@
home.packages = builtins.attrValues rec {
inherit (pkgs) discord signal-desktop tdesktop dino element-desktop;
weechat = pkgs.writeShellScriptBin "weechat" "ssh -t hera 'tmux -L weechat attach'";
chat = pkgs.writeHaskellScript {
name = "chat";
bins = [ element-desktop signal-desktop weechat discord tdesktop dino pkgs.kitty];
} ''
chat = pkgs.writeHaskellScript
{
name = "chat";
bins = [ element-desktop signal-desktop weechat discord tdesktop dino pkgs.kitty ];
} ''
main = mapConcurrently_ Relude.id [ element_desktop, signal_desktop, _Discord, telegram_desktop, kitty "weechat", dino ]
'';
};

7
home-manager/roles/default.nix
View file

@ -86,9 +86,10 @@
controlMaster = "auto";
controlPersist = "120";
enable = true;
matchBlocks = let
agHost = "fb04217.mathematik.tu-darmstadt.de";
in
matchBlocks =
let
agHost = "fb04217.mathematik.tu-darmstadt.de";
in
{
athene.hostname = "192.168.178.22";
git-auto = {

3
home-manager/roles/desktop/default.nix
View file

@ -1,6 +1,7 @@
{ pkgs, lib, config, ... }:
let inherit (import ../../../lib) colors;
in {
in
{
imports =
[ ./sleep-nag.nix ./kitty.nix ./wallpaper.nix ./gnome.nix ./firefox.nix ./desktop-items.nix ];
m-0.colors = colors;

19
home-manager/roles/desktop/desktop-items.nix
View file

@ -16,15 +16,16 @@ let
superSimpleDesktopItem = name: simpleDesktopItem name name;
terminalDesktopItem = name: namedTerminalDesktopItem name name;
in {
in
{
home.packages = map superSimpleDesktopItem [ "kassandra2" "gw2" "chat" ]
++ map terminalDesktopItem [
"maintenance"
"ncmpcpp"
"kassandra"
"hotkeys"
"vim"
"select-mode"
"unlock-ssh"
];
"maintenance"
"ncmpcpp"
"kassandra"
"hotkeys"
"vim"
"select-mode"
"unlock-ssh"
];
}

2
home-manager/roles/desktop/gnome.nix
View file

@ -42,7 +42,7 @@
volume-down = [ "<Primary><Shift>section" ];
volume-up = [ "<Primary><Shift>degree" ];
area-screenshot-clip = [ "Print" ];
screenshot = [];
screenshot = [ ];
};
};
}

5
home-manager/roles/desktop/kitty.nix
View file

@ -2,10 +2,11 @@
let
my-lib = import ../../../lib;
theme = my-lib.themes.default;
in {
in
{
home.sessionVariables.TERMINAL = "${pkgs.kitty}/bin/kitty";
home.packages = [
(pkgs.runCommandLocal "fake-gnome-terminal" {} ''
(pkgs.runCommandLocal "fake-gnome-terminal" { } ''
mkdir -p $out/bin
ln -s ${pkgs.kitty}/bin/kitty $out/bin/gnome-terminal
'')

26
home-manager/roles/desktop/sleep-nag.nix
View file

@ -1,16 +1,17 @@
{ pkgs, ... }:
let
sleep-nag = pkgs.writeHaskellScript {
name = "sleep-nag";
imports = [
"Data.Time.LocalTime"
"Data.Time.Format"
"Data.Time.Clock"
"Control.Concurrent"
"Data.Functor"
];
bins = [ pkgs.libnotify ];
} ''
sleep-nag = pkgs.writeHaskellScript
{
name = "sleep-nag";
imports = [
"Data.Time.LocalTime"
"Data.Time.Format"
"Data.Time.Clock"
"Control.Concurrent"
"Data.Functor"
];
bins = [ pkgs.libnotify ];
} ''
main = forever $ do
time <- getZonedTime
let tod = localTimeOfDay . zonedTimeToLocalTime$ time
@ -22,7 +23,8 @@ let
else
threadDelay 600000000
'';
in {
in
{
systemd.user.services.sleep-nag = {
Unit.Description = "Sleep nag";
Service.ExecStart = "${sleep-nag}/bin/sleep-nag";

14
home-manager/roles/desktop/wallpaper.nix
View file

@ -1,10 +1,11 @@
{ pkgs, ... }:
let
randomWallpaper = pkgs.writeHaskellScript {
name = "random-wallpaper";
imports = [ "System.Random" ];
bins = [ pkgs.coreutils pkgs.glib ];
} ''
randomWallpaper = pkgs.writeHaskellScript
{
name = "random-wallpaper";
imports = [ "System.Random" ];
bins = [ pkgs.coreutils pkgs.glib ];
} ''
main = do
mode <- cat "/home/maralorn/volatile/mode" |> captureTrim
(lines . decodeUtf8 -> files) <- ls ([i|/home/maralorn/.wallpapers/#{mode}|] :: String) |> captureTrim
@ -15,7 +16,8 @@ let
gsettings "set" "org.gnome.desktop.background" "picture-uri" new
gsettings "set" "org.gnome.desktop.screensaver" "picture-uri" new
'';
in {
in
{
home.packages = [ randomWallpaper ];
systemd.user = {
services.random-wallpaper = {

75
home-manager/roles/games.nix
View file

@ -1,51 +1,52 @@
{ pkgs, lib, config, ... }: let
{ pkgs, lib, config, ... }:
let
gw2dir = "${config.home.homeDirectory}/volatile/GW2";
wine = pkgs.wineWowPackages.staging;
gw2env = ''
cd ${gw2dir}
export MESA_GLSL_CACHE_DISABLE=0
export MESA_GLSL_CACHE_DIR="${gw2dir}/shader_cache"
export mesa_glthread=true
cd ${gw2dir}
export MESA_GLSL_CACHE_DISABLE=0
export MESA_GLSL_CACHE_DIR="${gw2dir}/shader_cache"
export mesa_glthread=true
# Wine Settings
export DXVK_HUD=fps,frametimes
export DXVK_LOG_LEVEL=none
#export DXVK_STATE_CACHE=1 default
export DXVK_STATE_CACHE_PATH="${gw2dir}/dxvk_state_cache/"
export WINEDEBUG=-all
export WINEARCH=win64
export WINEPREFIX="${gw2dir}/data"
export STAGING_SHARED_MEMORY=1
export WINEESYNC=1
# Wine Settings
export DXVK_HUD=fps,frametimes
export DXVK_LOG_LEVEL=none
#export DXVK_STATE_CACHE=1 default
export DXVK_STATE_CACHE_PATH="${gw2dir}/dxvk_state_cache/"
export WINEDEBUG=-all
export WINEARCH=win64
export WINEPREFIX="${gw2dir}/data"
export STAGING_SHARED_MEMORY=1
export WINEESYNC=1
'';
dxvk = fetchTarball {
url = "https://github.com/doitsujin/dxvk/releases/download/v1.7.2/dxvk-1.7.2.tar.gz";
sha256 = "07q9fsrvjq2ndnhd93000jw89bkaw6hdi2yhl4d6j8n4ak71r8pv";
};
gw2installdxvk = pkgs.writeShellScriptBin "gw2-install-dxvk"''
${gw2env}
cd ${dxvk}
bash ./setup_dxvk.sh install
url = "https://github.com/doitsujin/dxvk/releases/download/v1.7.2/dxvk-1.7.2.tar.gz";
sha256 = "07q9fsrvjq2ndnhd93000jw89bkaw6hdi2yhl4d6j8n4ak71r8pv";
};
gw2installdxvk = pkgs.writeShellScriptBin "gw2-install-dxvk" ''
${gw2env}
cd ${dxvk}
bash ./setup_dxvk.sh install
'';
gw2setup = pkgs.writeShellScriptBin "gw2-setup" ''
mkdir -p ${gw2dir}
${gw2env}
echo Launching winecfg to configure desktop window
${wine}/bin/winecfg
echo Installing dxvk
${gw2installdxvk}/bin/gw2-install-dxvk
echo Downloading installer
wget https://account.arena.net/content/download/gw2/win/64 -O Gw2Setup-64.exe
echo Running installer
${wine}/bin/wine64 ./Gw2Setup-64.exe
mkdir -p ${gw2dir}
${gw2env}
echo Launching winecfg to configure desktop window
${wine}/bin/winecfg
echo Installing dxvk
${gw2installdxvk}/bin/gw2-install-dxvk
echo Downloading installer
wget https://account.arena.net/content/download/gw2/win/64 -O Gw2Setup-64.exe
echo Running installer
${wine}/bin/wine64 ./Gw2Setup-64.exe
'';
gw2run = pkgs.writeShellScriptBin "gw2" ''
${gw2env}
cd "${gw2dir}/data/drive_c/Guild Wars 2"
${wine}/bin/wine64 ./Gw2-64.exe $@ -autologin
'';
${gw2env}
cd "${gw2dir}/data/drive_c/Guild Wars 2"
${wine}/bin/wine64 ./Gw2-64.exe $@ -autologin
'';
in
{
{
dconf.settings."org/gnome/settings-daemon/plugins/media-keys" = {
mic-mute = lib.mkForce [ ];

20
home-manager/roles/kassandra.nix
View file

@ -1,5 +1,6 @@
{ pkgs, ... }: let
dhallFiles = pkgs.runCommand "kassandra-config-src" {} ''
{ pkgs, ... }:
let
dhallFiles = pkgs.runCommand "kassandra-config-src" { } ''
mkdir $out
${pkgs.kassandra2}/bin/kassandra2 print-types > $out/types.dhall
ln -s ${./kassandra}/{config,backend}.dhall $out
@ -18,17 +19,18 @@
dependencies = [ pkgs.dhallPackages.Prelude ];
};
dhallResult = pkgs.runCommand "kassandra-config" {} ''
dhallResult = pkgs.runCommand "kassandra-config" { } ''
mkdir $out
ln -s ${backend}/source.dhall $out/backend.dhall
ln -s ${standalone}/source.dhall $out/config.dhall
'';
in
{
home.file = if pkgs.withSecrets then {
"kassandra-config" = {
target = ".config/kassandra";
source = dhallResult.out;
};
} else {};
home.file =
if pkgs.withSecrets then {
"kassandra-config" = {
target = ".config/kassandra";
source = dhallResult.out;
};
} else { };
}

5
home-manager/roles/khal.nix
View file

@ -1,5 +1,6 @@
{ pkgs, ... }: let
calendars = pkgs.privateValue [] "calendars";
{ pkgs, ... }:
let
calendars = pkgs.privateValue [ ] "calendars";
in
{
home = {

47
home-manager/roles/laptop.nix
View file

@ -2,13 +2,15 @@
let
modes = pkgs.lib.attrNames (import ../machines.nix).apollo;
configPath = "${config.home.homeDirectory}/git/config";
in {
in
{
home.packages = builtins.attrValues rec {
zoom = pkgs.zoom-us.overrideAttrs (old: {
postFixup = old.postFixup + ''
wrapProgram $out/bin/zoom-us --unset XDG_SESSION_TYPE
'';});
'';
});
maintenance = pkgs.writeShellScriptBin "maintenance" ''
set -e
@ -27,10 +29,11 @@ in {
exe ([i|/home/maralorn/.modes/#{mode}/activate|] :: String)
exe "random-wallpaper"
'';
updateModes = pkgs.writeHaskellScript {
name = "update-modes";
bins = [ activateMode pkgs.git pkgs.nix-output-monitor ];
} ''
updateModes = pkgs.writeHaskellScript
{
name = "update-modes";
bins = [ activateMode pkgs.git pkgs.nix-output-monitor ];
} ''
params = ["${configPath}/home-manager/target.nix", "-A", "apollo", "-o", "/home/maralorn/.modes"]
main = do
@ -42,10 +45,11 @@ in {
nom_build nixPath params
activate_mode
'';
quickUpdateMode = pkgs.writeHaskellScript {
name = "quick-update-mode";
bins = [ updateModes pkgs.git pkgs.home-manager pkgs.nix-output-monitor ];
} ''
quickUpdateMode = pkgs.writeHaskellScript
{
name = "quick-update-mode";
bins = [ updateModes pkgs.git pkgs.home-manager pkgs.nix-output-monitor ];
} ''
getMode :: IO Text
getMode = decodeUtf8 <$> (cat "/home/maralorn/volatile/mode" |> captureTrim)
@ -56,16 +60,17 @@ in {
home_manager (nixPath <> ["switch", "-A", [i|apollo-#{mode}|]]) &!> StdOut |> nom
update_modes
'';
selectMode = pkgs.writeHaskellScript {
name = "select-mode";
bins = [
pkgs.dialog
activateMode
pkgs.ncurses
pkgs.sway
pkgs.gnome3.gnome-session
];
} ''
selectMode = pkgs.writeHaskellScript
{
name = "select-mode";
bins = [
pkgs.dialog
activateMode
pkgs.ncurses
pkgs.sway
pkgs.gnome3.gnome-session
];
} ''
main = do
mode <- decodeUtf8 <$> (dialog "--menu" "Select Mode" "20" "80" "5" ${
lib.concatStrings (map (mode: ''"${mode}" "" '') modes)
@ -80,7 +85,7 @@ in {
inherit (pkgs.gnome3) nautilus;
inherit (pkgs.xorg) xbacklight;
inherit (pkgs)
# web
# web
chromium
skypeforlinux google-chrome

2
home-manager/roles/mail-client.nix
View file

@ -1,3 +1,3 @@
{pkgs, ...}: {
{ pkgs, ... }: {
home.packages = [ pkgs.neomutt ];
}

321
home-manager/roles/mail.nix
View file

@ -3,8 +3,8 @@ let
gpg = "6C3D12CD88CDF46C5EAF4D12226A2D41EF5378C9";
name = "Malte Brandy";
mail = "malte.brandy@maralorn.de";
alternates = pkgs.privateValue [] "mail/alternates";
lists = pkgs.privateValue { sortLists = []; stupidLists = []; notifications = []; } "mail/filters";
alternates = pkgs.privateValue [ ] "mail/alternates";
lists = pkgs.privateValue { sortLists = [ ]; stupidLists = [ ]; notifications = [ ]; } "mail/filters";
maildir = config.accounts.email.maildirBasePath;
# mhdr -h List-ID -d Maildir/hera/Archiv/unsortiert | sort | sed 's/^.*<\(.*\)>$/\1/' | uniq | xargs -I '{}' sh -c "notmuch count List:{} | sed 's/$/: {}/'" | sort
# To find candidates
@ -27,18 +27,19 @@ let
myFilters = builtins.map filter.simpleSortList lists.sortLists
++ builtins.map filter.stupidList lists.stupidLists
++ builtins.map filter.notifications lists.notifications;
sortMail = pkgs.writeHaskellScript {
name = "sort-mail-archive";
bins = [ pkgs.notmuch pkgs.coreutils pkgs.mblaze pkgs.findutils ];
imports = [
"Text.Megaparsec"
"Text.Megaparsec.Char"
"Text.Megaparsec.Char.Lexer"
"qualified Data.List.NonEmpty as NE"
"qualified Data.Text as T"
"System.Environment (setEnv)"
];
} ''
sortMail = pkgs.writeHaskellScript
{
name = "sort-mail-archive";
bins = [ pkgs.notmuch pkgs.coreutils pkgs.mblaze pkgs.findutils ];
imports = [
"Text.Megaparsec"
"Text.Megaparsec.Char"
"Text.Megaparsec.Char.Lexer"
"qualified Data.List.NonEmpty as NE"
"qualified Data.Text as T"
"System.Environment (setEnv)"
];
} ''
reScan = notmuch "new" "--quiet"
findFilterMail :: (Text,Text) -> IO (Maybe (LByteString, Text, Text))
@ -107,7 +108,8 @@ let
-- emptyDirs <- Main.find "${archive}" "-type" "d" "-empty" "!" "-name" "cur" "!" "-name" "tmp" "!" "-name" "new" "-print0" |> capture
-- when (LBS.length emptyDirs > 0) $ writeOutput emptyDirs |> xargs "-0" "rmdir"
'';
in {
in
{
services.mbsync = {
enable = true;
@ -118,54 +120,57 @@ in {
systemd.user.timers.mbsync.Timer.RandomizedDelaySec = "10m";
accounts.email.accounts = pkgs.privateValue { } "mail/accounts";
systemd.user.services = let
mkService = name: account:
let
configjs = pkgs.writeText "config.js" ''
var child_process = require('child_process');
systemd.user.services =
let
mkService = name: account:
let
configjs = pkgs.writeText "config.js" ''
var child_process = require('child_process');
function getStdout(cmd) {
var stdout = child_process.execSync(cmd);
return stdout.toString().trim();
}
function getStdout(cmd) {
var stdout = child_process.execSync(cmd);
return stdout.toString().trim();
}
exports.host = "${account.imap.host}"
exports.port = 993
exports.tls = true;
exports.tlsOptions = { "rejectUnauthorized": false };
exports.username = "${account.userName}";
exports.password = getStdout("${toString account.passwordCommand}");
exports.onNotify = "${pkgs.isync}/bin/mbsync ${name}"
exports.onNotifyPost = "${pkgs.notmuch}/bin/notmuch new"
exports.boxes = [ "Inbox" ];
'';
in {
Unit = { Description = "Run imapnotify for imap account ${name}"; };
Service = {
ExecStart = "${pkgs.imapnotify}/bin/imapnotify -c ${configjs}";
Restart = "always";
RestartSec = "1min";
exports.host = "${account.imap.host}"
exports.port = 993
exports.tls = true;
exports.tlsOptions = { "rejectUnauthorized": false };
exports.username = "${account.userName}";
exports.password = getStdout("${toString account.passwordCommand}");
exports.onNotify = "${pkgs.isync}/bin/mbsync ${name}"
exports.onNotifyPost = "${pkgs.notmuch}/bin/notmuch new"
exports.boxes = [ "Inbox" ];
'';
in
{
Unit = { Description = "Run imapnotify for imap account ${name}"; };
Service = {
ExecStart = "${pkgs.imapnotify}/bin/imapnotify -c ${configjs}";
Restart = "always";
RestartSec = "1min";
};
Install = { WantedBy = [ "default.target" ]; };
};
Install = { WantedBy = [ "default.target" ]; };
mkServiceWithName = name: account: {
name = "imapnotify-${name}-inbox";
value = mkService name account;
};
hasImapHost = name: account: account.imap != null;
in
lib.mapAttrs' mkServiceWithName
(lib.filterAttrs hasImapHost config.accounts.email.accounts) // {
mbsync.Service = {
Environment = "PATH=${pkgs.coreutils}/bin";
Restart = "on-failure";
RestartSec = "30s";
};
mkServiceWithName = name: account: {
name = "imapnotify-${name}-inbox";
value = mkService name account;
};
hasImapHost = name: account: account.imap != null;
in lib.mapAttrs' mkServiceWithName
(lib.filterAttrs hasImapHost config.accounts.email.accounts) // {
mbsync.Service = {
Environment = "PATH=${pkgs.coreutils}/bin";
Restart = "on-failure";
RestartSec = "30s";
};
};
programs.msmtp.enable = true;
programs.mbsync.enable = true;
programs.notmuch = {
enable = config.accounts.email.accounts != {};
enable = config.accounts.email.accounts != { };
hooks.postInsert = ''
${pkgs.notmuch}/bin/notmuch tag +deleted -- "folder:/Trash/ (not tag:deleted)"
${pkgs.notmuch}/bin/notmuch tag -deleted -- "(not folder:/Trash/) tag:deleted"
@ -181,116 +186,118 @@ in {
home = {
packages = [ sortMail ];
file = let
mutt_alternates = "@maralorn.de "
+ (builtins.concatStringsSep " " alternates);
show-sidebar = pkgs.writeText "show-sidebar" ''
set sidebar_visible=yes
bind index <up> sidebar-prev
bind index <down> sidebar-next
bind index <pageup> sidebar-page-up
bind index <pagedown> sidebar-page-down
bind index <space> sidebar-open
bind index <return> sidebar-open
bind index <enter> sidebar-open
'';
hide-sidebar = pkgs.writeText "hide-sidebar" ''
set sidebar_visible=no
bind index <up> previous-undeleted
bind index <down> next-undeleted
bind index <pageup> previous-page
bind index <pagedown> next-page
bind index <space> display-message
bind index <return> display-message
bind index <enter> display-message
'';
mailcap = pkgs.writeText "mailcap" ''
text/html; ${pkgs.lynx}/bin/lynx -stdin -dump -force_html ; copiousoutput
application/*; ${pkgs.xdg_utils}/bin/xdg-open %s > /dev/null
image/*; ${pkgs.xdg_utils}/bin/xdg-open %s > /dev/null
video/*; ${pkgs.xdg_utils}/bin/xdg-open %s > /dev/null
audio/*; ${pkgs.xdg_utils}/bin/xdg-open %s > /dev/null
'';
in {
".neomuttrc".text = ''
set editor = "nvim"
alternative_order text/plain text/html
auto_view text/*
auto_view message/*
unset wait_key
color normal default default
file =
let
mutt_alternates = "@maralorn.de "
+ (builtins.concatStringsSep " " alternates);
show-sidebar = pkgs.writeText "show-sidebar" ''
set sidebar_visible=yes
bind index <up> sidebar-prev
bind index <down> sidebar-next
bind index <pageup> sidebar-page-up
bind index <pagedown> sidebar-page-down
bind index <space> sidebar-open
bind index <return> sidebar-open
bind index <enter> sidebar-open
'';
hide-sidebar = pkgs.writeText "hide-sidebar" ''
set sidebar_visible=no
bind index <up> previous-undeleted
bind index <down> next-undeleted
bind index <pageup> previous-page
bind index <pagedown> next-page
bind index <space> display-message
bind index <return> display-message
bind index <enter> display-message
'';
mailcap = pkgs.writeText "mailcap" ''
text/html; ${pkgs.lynx}/bin/lynx -stdin -dump -force_html ; copiousoutput
application/*; ${pkgs.xdg_utils}/bin/xdg-open %s > /dev/null
image/*; ${pkgs.xdg_utils}/bin/xdg-open %s > /dev/null
video/*; ${pkgs.xdg_utils}/bin/xdg-open %s > /dev/null
audio/*; ${pkgs.xdg_utils}/bin/xdg-open %s > /dev/null
'';
in
{
".neomuttrc".text = ''
set editor = "nvim"
alternative_order text/plain text/html
auto_view text/*
auto_view message/*
unset wait_key
color normal default default
set query_format="%4c %t %-70.70a %-70.70n %?e?(%e)?"
set query_command = "${pkgs.notmuch}/bin/notmuch address --output=recipients --deduplicate=address '%s' | grep -i '%s'"
bind editor <Tab> complete-query
bind editor ^T complete
set query_format="%4c %t %-70.70a %-70.70n %?e?(%e)?"
set query_command = "${pkgs.notmuch}/bin/notmuch address --output=recipients --deduplicate=address '%s' | grep -i '%s'"
bind editor <Tab> complete-query
bind editor ^T complete
set crypt_use_gpgme = yes
set pgp_use_gpg_agent = yes
set pgp_auto_decode = yes
set pgp_autosign = yes
set pgp_replysign = yes
set pgp_replyencrypt = yes
set crypt_replysignencrypted = yes
set crypt_verify_sig = yes
set pgp_sign_as="${gpg}"
set pgp_use_gpg_agent = yes
set pgp_default_key="${gpg}"
set timeout = 5
set ts_enabled = yes
set crypt_use_gpgme = yes
set pgp_use_gpg_agent = yes
set pgp_auto_decode = yes
set pgp_autosign = yes
set pgp_replysign = yes
set pgp_replyencrypt = yes
set crypt_replysignencrypted = yes
set crypt_verify_sig = yes
set pgp_sign_as="${gpg}"
set pgp_use_gpg_agent = yes
set pgp_default_key="${gpg}"
set timeout = 5
set ts_enabled = yes
set abort_noattach = ask-no
set abort_noattach_regex = "(hängt an|anhäng|anhang|anbei|angehängt|attach|attached|attachments?)"
set abort_unmodified = ask-yes
set abort_noattach = ask-no
set abort_noattach_regex = "(hängt an|anhäng|anhang|anbei|angehängt|attach|attached|attachments?)"
set abort_unmodified = ask-yes
alternates ${mutt_alternates}
set folder="${maildir}"
mailboxes `find ${maildir} -type d -name Inbox -printf '"%h" '` `find ${maildir} -type d -name cur -printf '"%h" '`
set sendmail="${pkgs.msmtp}/bin/msmtp --read-envelope-from"
set sort=threads
set sort_aux=last-date-received
set realname="${name}"
set from=fill-later
set use_from=yes
set fast_reply=yes
set mailcap_path=${mailcap};
set include=yes
set edit_headers=yes
set mbox_type=Maildir
set spoolfile="${maildir}/hera/Archiv"
set record="${maildir}/hera/Archiv/unsortiert"
set postponed="${maildir}/hera/Drafts"
set mail_check_stats=yes
bind index / vfolder-from-query
set header_cache = "~/.cache/neomutt"
set date_format="!%y-%m-%d %H:%M"
set mime_forward=yes
set mime_forward_rest=yes
alternates ${mutt_alternates}
set folder="${maildir}"
mailboxes `find ${maildir} -type d -name Inbox -printf '"%h" '` `find ${maildir} -type d -name cur -printf '"%h" '`
set sendmail="${pkgs.msmtp}/bin/msmtp --read-envelope-from"
set sort=threads
set sort_aux=last-date-received
set realname="${name}"
set from=fill-later
set use_from=yes
set fast_reply=yes
set mailcap_path=${mailcap};
set include=yes
set edit_headers=yes
set mbox_type=Maildir
set spoolfile="${maildir}/hera/Archiv"
set record="${maildir}/hera/Archiv/unsortiert"
set postponed="${maildir}/hera/Drafts"
set mail_check_stats=yes
bind index / vfolder-from-query
set header_cache = "~/.cache/neomutt"
set date_format="!%y-%m-%d %H:%M"
set mime_forward=yes
set mime_forward_rest=yes
macro index <F5> "!systemctl --user start mbsync > /dev/null<enter>"
macro index <F5> "!systemctl --user start mbsync > /dev/null<enter>"
source "${hide-sidebar}"
macro index <right> "<enter-command>source ${hide-sidebar}<enter>"
macro index <left> "<enter-command>source ${show-sidebar}<enter>"
set sidebar_folder_indent=no
set sidebar_short_path=no
set sidebar_component_depth=2
set sidebar_width=60
set sidebar_sort_method="alpha"
set sidebar_indent_string=" "
color sidebar_indicator black white
color sidebar_highlight white blue
set sidebar_format = "%B%* %?N?%N/?%S"
source "${hide-sidebar}"
macro index <right> "<enter-command>source ${hide-sidebar}<enter>"
macro index <left> "<enter-command>source ${show-sidebar}<enter>"
set sidebar_folder_indent=no
set sidebar_short_path=no
set sidebar_component_depth=2
set sidebar_width=60
set sidebar_sort_method="alpha"
set sidebar_indent_string=" "
color sidebar_indicator black white
color sidebar_highlight white blue
set sidebar_format = "%B%* %?N?%N/?%S"
alias f__0 ${name} <${mail}>
${builtins.concatStringsSep "\n"
(lib.imap1 (n: x: "alias f__${toString n} ${name} <${x}>")
alternates)}
send2-hook '~f fill-later' "push <edit-from><kill-line>f__<complete><search>${mail}<enter>"
macro index,pager a "<pipe-message>${pkgs.khard}/bin/khard add-email<return>" "add sender to to khard"
set query_command = "${pkgs.khard}/bin/khard email --parsable %s"
'';
};
alias f__0 ${name} <${mail}>
${builtins.concatStringsSep "\n"
(lib.imap1 (n: x: "alias f__${toString n} ${name} <${x}>")
alternates)}
send2-hook '~f fill-later' "push <edit-from><kill-line>f__<complete><search>${mail}<enter>"
macro index,pager a "<pipe-message>${pkgs.khard}/bin/khard add-email<return>" "add sender to to khard"
set query_command = "${pkgs.khard}/bin/khard email --parsable %s"
'';
};
};
}

14
home-manager/roles/mail2rss.nix
View file

@ -1,10 +1,11 @@
{ lib, pkgs, config, ... }:
let
mail2rss = pkgs.writeHaskellScript {
name = "mail2rss";
bins = [ pkgs.notmuch pkgs.mblaze pkgs.isync pkgs.logfeed ];
imports = [ "System.Environment (setEnv)" ];
} ''
mail2rss = pkgs.writeHaskellScript
{
name = "mail2rss";
bins = [ pkgs.notmuch pkgs.mblaze pkgs.isync pkgs.logfeed ];
imports = [ "System.Environment (setEnv)" ];
} ''
main = do
setEnv "NOTMUCH_CONFIG" "${
config.home.sessionVariables.NOTMUCH_CONFIG or ""
@ -17,7 +18,8 @@ let
mbsync "-a"
notmuch "new" "--quiet"
'';
in {
in
{
systemd.user = {
timers.mail2rss = {
Timer.OnCalendar = "19:58";

6
home-manager/roles/neovim/default.nix
View file

@ -22,8 +22,8 @@ let
vim-trailing-whitespace vim-autoformat
# Git
coc-git # statusline, numberline and explorer infos
fugitive # various git commands
coc-git# statusline, numberline and explorer infos
fugitive# various git commands
# Commenting and Uncommenting
nerdcommenter
@ -38,7 +38,7 @@ let
# nix syntax highlighting
vim-nix vim-markdown
# latex
vimtex coc-vimtex # not sure if I need two
vimtex coc-vimtex# not sure if I need two
# ledger
vim-ledger
# rust

5
home-manager/roles/pythia.nix
View file

@ -100,5 +100,6 @@ let
${pkgs.taskwarrior}/bin/task gen_id:meditation done
${hold}
exit
'';
in { home.packages = [ pythia meditate ]; }
'';
in
{ home.packages = [ pythia meditate ]; }

6
home-manager/roles/unlock.nix
View file

@ -2,7 +2,8 @@
let
makeUnlocker = { name, hostName, pubKey, passPath }:
let knownHosts = pkgs.writeText "KnownBootHosts" "${hostName} ${pubKey}";
in pkgs.writeShellScriptBin "unlock-${name}" ''
in
pkgs.writeShellScriptBin "unlock-${name}" ''
echo "Waiting for host to come up";
while true; do
echo -n .
@ -20,4 +21,5 @@ let
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCHkqWlFLtmIlTSKahr2PcL++K75YgfsSU6jwVYW5df3JCkowu/M16SIBxABxYSQrKej5uIz/OFCjqSxHJQ8D5wSYBvn2gYr/BbBcz4rfIJmZ55Od2jckaqlj/M8TtkuPPhsQG7S730vXxK5hbMT8iW5WWv8sIKY/WtaRbZOFMX/53WCLEHtnMu5zFJFWf92+mjIHSLyW8ggl1m525RUiaAfCge2vnuzIFq4kUqJxaWzxIvEWIncKWN10K/HMvdI+yOtbSen41uKedwSFhUFs3xHy1mJddYOrlcJQPt5zuuffZ/nTDVXMZoh5QNwg8ZlkkueVChaS1Y5STjb7cem1Mt";
passPath = "eu/m-0/hera.m-0.eu/disk";
}];
in { config = { home.packages = map makeUnlocker unlocker; }; }
in
{ config = { home.packages = map makeUnlocker unlocker; }; }

95
home-manager/roles/vdirsyncer.nix
View file

@ -1,14 +1,15 @@
{ pkgs, lib, ... }:
let
addressbooks = pkgs.privateValue [] "addressbooks";
calendars = pkgs.privateValue [] "calendars";
addressbooks = pkgs.privateValue [ ] "addressbooks";
calendars = pkgs.privateValue [ ] "calendars";
mkConfig = config:
(pkgs.formats.ini {}).generate "vdirsyncer-config" (
(pkgs.formats.ini { }).generate "vdirsyncer-config" (
lib.mapAttrs
(
name: section:
(lib.mapAttrs (name: option: builtins.toJSON option) section)
) config
)
config
);
mkCalendar = { name, url, username, passwordPath, collections ? [ "from a" "from b" ], readOnly ? false, type ? "caldav" }:
let
@ -16,62 +17,64 @@ let
remoteName = "${pairName}_remote";
localName = "${pairName}_local";
in
{
"pair ${pairName}" = {
a = localName;
b = remoteName;
inherit collections;
conflict_resolution = "b wins";
metadata = ["color"];
};
"storage ${localName}" = {
type = "filesystem";
path = "~/.calendars/${name}/";
fileext = ".ics";
};
"storage ${remoteName}" = {
inherit type;
inherit url;
} // (if (type == "caldav") then {
inherit username;
"password.fetch" = [ "command" "${pkgs.pass}/bin/pass" passwordPath ];
read_only = readOnly;
} else {});
{
"pair ${pairName}" = {
a = localName;
b = remoteName;
inherit collections;
conflict_resolution = "b wins";
metadata = [ "color" ];
};
"storage ${localName}" = {
type = "filesystem";
path = "~/.calendars/${name}/";
fileext = ".ics";
};
"storage ${remoteName}" = {
inherit type;
inherit url;
} // (if (type == "caldav") then {
inherit username;
"password.fetch" = [ "command" "${pkgs.pass}/bin/pass" passwordPath ];
read_only = readOnly;
} else { });
};
mkAddressbook = { name, url, username, passwordPath, collections ? [ "from a" "from b" ], readOnly ? false }:
let
pairName = "${name}_contacts";
remoteName = "${pairName}_remote";
localName = "${pairName}_local";
in
{
"pair ${pairName}" = {
a = localName;
b = remoteName;
inherit collections;
conflict_resolution = "b wins";
};
"storage ${localName}" = {
type = "filesystem";
path = "~/.contacts/${name}/";
fileext = ".vcf";
};
"storage ${remoteName}" = {
type = "carddav";
inherit url username;
"password.fetch" = [ "command" "${pkgs.pass}/bin/pass" passwordPath ];
read_only = readOnly;
};
{
"pair ${pairName}" = {
a = localName;
b = remoteName;
inherit collections;
conflict_resolution = "b wins";
};
"storage ${localName}" = {
type = "filesystem";
path = "~/.contacts/${name}/";
fileext = ".vcf";
};
"storage ${remoteName}" = {
type = "carddav";
inherit url username;
"password.fetch" = [ "command" "${pkgs.pass}/bin/pass" passwordPath ];
read_only = readOnly;
};
};
in
{
home = {
packages = [ pkgs.vdirsyncer ];
file.".config/vdirsyncer/config".source = mkConfig
(
pkgs.lib.fold (a: b: a // b) {
general.status_path = "~/.vdirsyncer/status";
} (map mkCalendar calendars ++ map mkAddressbook addressbooks)
pkgs.lib.fold (a: b: a // b)
{
general.status_path = "~/.vdirsyncer/status";
}
(map mkCalendar calendars ++ map mkAddressbook addressbooks)
);
};

3
home-manager/roles/weechat/default.nix
View file

@ -10,7 +10,8 @@ let
scripts = [ pkgs.weechatScripts.weechat-matrix ];
};
};
in {
in
{
home.file = {
python_plugins = {

3
home-manager/roles/zettelkasten.nix
View file

@ -2,7 +2,8 @@
let
notesDir = "${config.home.homeDirectory}/git/zettelkasten";
cmd = "${pkgs.myHaskellPackages.neuron}/bin/neuron -d ${notesDir} rib -w -s 127.0.0.1:8002";
in {
in
{
systemd.user.services.neuron = {
Unit.Description = "Neuron zettelkasten service";
Install.WantedBy = [ "graphical-session.target" ];

14
home-manager/roles/zsh/default.nix
View file

@ -18,13 +18,13 @@
};
plugins = [
#{
#name = "titles";
#src = pkgs.fetchFromGitHub {
#owner = "jreese";
#repo = "zsh-titles";
#rev = "b7d46d7";
#sha256 = "0rca9a22vz11pnkks5vlspfnmd3m1s38hz901gvgfa39ch3va9ad";
#};
#name = "titles";
#src = pkgs.fetchFromGitHub {
#owner = "jreese";
#repo = "zsh-titles";
#rev = "b7d46d7";
#sha256 = "0rca9a22vz11pnkks5vlspfnmd3m1s38hz901gvgfa39ch3va9ad";
#};
#}
{
name = "auto-notify";

3
home-manager/target.nix
View file

@ -13,4 +13,5 @@ let
mkdir $out
${lib.concatStringsSep "\n" (lib.mapAttrsToList (mode: config:
"ln -s ${buildHomeManager host mode} $out/${mode}") modes)}'';
in lib.mapAttrs buildModesForHost modes
in
lib.mapAttrs buildModesForHost modes

15
home.nix
View file

@ -1,8 +1,13 @@
let
inherit (import (import ./nix/sources.nix).nixos-unstable { }) lib;
modes = import home-manager/machines.nix;
in lib.listToAttrs (lib.flatten (lib.mapAttrsToList (host: configs:
lib.mapAttrsToList (mode: config: {
name = "${host}-${mode}";
value = config;
}) configs) modes))
in
lib.listToAttrs (lib.flatten (lib.mapAttrsToList
(host: configs:
lib.mapAttrsToList
(mode: config: {
name = "${host}-${mode}";
value = config;
})
configs)
modes))

3
lib/default.nix
View file

@ -1,7 +1,8 @@
rec {
themes = rec {
default = material-light;
material-light = rec { # Matches papercolor
material-light = rec {
# Matches papercolor
primary = {
foreground = "#2e2e2d";
background = "#eaeaea";

9
lib/update-system.nix
View file

@ -3,10 +3,11 @@ let
configPath = "/etc/nixos";
in
{
update-system = pkgs.writeHaskellScript {
name = "update-system";
bins = [ nixos-rebuild pkgs.nix-output-monitor (import pkgs.sources.nvd { inherit pkgs; }) ];
} ''
update-system = pkgs.writeHaskellScript
{
name = "update-system";
bins = [ nixos-rebuild pkgs.nix-output-monitor (import pkgs.sources.nvd { inherit pkgs; }) ];
} ''
main = do
paths <- myNixPath "${configPath}"
args <- getArgs

95
nix/sources.nix
View file

@ -10,29 +10,29 @@ let
let
name' = sanitizeName name + "-src";
in
if spec.builtin or true then
builtins_fetchurl { inherit (spec) url sha256; name = name'; }
else
pkgs.fetchurl { inherit (spec) url sha256; name = name'; };
if spec.builtin or true then
builtins_fetchurl { inherit (spec) url sha256; name = name'; }
else
pkgs.fetchurl { inherit (spec) url sha256; name = name'; };
fetch_tarball = pkgs: name: spec:
let
name' = sanitizeName name + "-src";
in
if spec.builtin or true then
builtins_fetchTarball { name = name'; inherit (spec) url sha256; }
else
pkgs.fetchzip { name = name'; inherit (spec) url sha256; };
if spec.builtin or true then
builtins_fetchTarball { name = name'; inherit (spec) url sha256; }
else
pkgs.fetchzip { name = name'; inherit (spec) url sha256; };
fetch_git = name: spec:
let
ref =
if spec ? ref then spec.ref else
if spec ? branch then "refs/heads/${spec.branch}" else
if spec ? tag then "refs/tags/${spec.tag}" else
abort "In git source '${name}': Please specify `ref`, `tag` or `branch`!";
if spec ? branch then "refs/heads/${spec.branch}" else
if spec ? tag then "refs/tags/${spec.tag}" else
abort "In git source '${name}': Please specify `ref`, `tag` or `branch`!";
in
builtins.fetchGit { url = spec.repo; inherit (spec) rev; inherit ref; };
builtins.fetchGit { url = spec.repo; inherit (spec) rev; inherit ref; };
fetch_local = spec: spec.path;
@ -66,16 +66,16 @@ let
hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath;
hasThisAsNixpkgsPath = <nixpkgs> == ./.;
in
if builtins.hasAttr "nixpkgs" sources
then sourcesNixpkgs
else if hasNixpkgsPath && ! hasThisAsNixpkgsPath then
import <nixpkgs> {}
else
abort
''
Please specify either <nixpkgs> (through -I or NIX_PATH=nixpkgs=...) or
add a package called "nixpkgs" to your sources.json.
'';
if builtins.hasAttr "nixpkgs" sources
then sourcesNixpkgs
else if hasNixpkgsPath && ! hasThisAsNixpkgsPath then
import <nixpkgs> { }
else
abort
''
Please specify either <nixpkgs> (through -I or NIX_PATH=nixpkgs=...) or
add a package called "nixpkgs" to your sources.json.
'';
# The actual fetching function.
fetch = pkgs: name: spec:
@ -98,10 +98,10 @@ let
saneName = stringAsChars (c: if isNull (builtins.match "[a-zA-Z0-9]" c) then "_" else c) name;
ersatz = builtins.getEnv "NIV_OVERRIDE_${saneName}";
in
if ersatz == "" then drv else
# this turns the string into an actual Nix path (for both absolute and
# relative paths)
if builtins.substring 0 1 ersatz == "/" then /. + ersatz else /. + builtins.getEnv "PWD" + "/${ersatz}";
if ersatz == "" then drv else
# this turns the string into an actual Nix path (for both absolute and
# relative paths)
if builtins.substring 0 1 ersatz == "/" then /. + ersatz else /. + builtins.getEnv "PWD" + "/${ersatz}";
# Ports of functions for older nix versions
@ -112,7 +112,7 @@ let
);
# https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/lists.nix#L295
range = first: last: if first > last then [] else builtins.genList (n: first + n) (last - first + 1);
range = first: last: if first > last then [ ] else builtins.genList (n: first + n) (last - first + 1);
# https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L257
stringToCharacters = s: map (p: builtins.substring p 1 s) (range 0 (builtins.stringLength s - 1));
@ -123,43 +123,46 @@ let
concatStrings = builtins.concatStringsSep "";
# https://github.com/NixOS/nixpkgs/blob/8a9f58a375c401b96da862d969f66429def1d118/lib/attrsets.nix#L331
optionalAttrs = cond: as: if cond then as else {};
optionalAttrs = cond: as: if cond then as else { };
# fetchTarball version that is compatible between all the versions of Nix
builtins_fetchTarball = { url, name ? null, sha256 }@attrs:
let
inherit (builtins) lessThan nixVersion fetchTarball;
in
if lessThan nixVersion "1.12" then
fetchTarball ({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; }))
else
fetchTarball attrs;
if lessThan nixVersion "1.12" then
fetchTarball ({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; }))
else
fetchTarball attrs;
# fetchurl version that is compatible between all the versions of Nix
builtins_fetchurl = { url, name ? null, sha256 }@attrs:
let
inherit (builtins) lessThan nixVersion fetchurl;
in
if lessThan nixVersion "1.12" then
fetchurl ({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; }))
else
fetchurl attrs;
if lessThan nixVersion "1.12" then
fetchurl ({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; }))
else
fetchurl attrs;
# Create the final "sources" from the config
mkSources = config:
mapAttrs (
name: spec:
if builtins.hasAttr "outPath" spec
then abort
"The values in sources.json should not have an 'outPath' attribute"
else
spec // { outPath = replace name (fetch config.pkgs name spec); }
) config.sources;
mapAttrs
(
name: spec:
if builtins.hasAttr "outPath" spec
then
abort
"The values in sources.json should not have an 'outPath' attribute"
else
spec // { outPath = replace name (fetch config.pkgs name spec); }
)
config.sources;
# The "config" used by the fetchers
mkConfig =
{ sourcesFile ? if builtins.pathExists ./sources.json then ./sources.json else null
, sources ? if isNull sourcesFile then {} else builtins.fromJSON (builtins.readFile sourcesFile)
, sources ? if isNull sourcesFile then { } else builtins.fromJSON (builtins.readFile sourcesFile)
, system ? builtins.currentSystem
, pkgs ? mkPkgs sources system
}: rec {
@ -171,4 +174,4 @@ let
};
in
mkSources (mkConfig {}) // { __functor = _: settings: mkSources (mkConfig settings); }
mkSources (mkConfig { }) // { __functor = _: settings: mkSources (mkConfig settings); }

9
nixos/machines/apollo/configuration.nix
View file

@ -6,7 +6,8 @@ let
nixos-hardware = (import ../../../nix/sources.nix).nixos-hardware;
inherit (import ../../../common/common.nix { inherit pkgs; }) syncthing;
vpn = (import ../../../private.nix).privateValue ({ ... }: { }) "vpn";
in {
in
{
imports = [
"${nixos-hardware}/lenovo/thinkpad/t480s"
@ -112,9 +113,9 @@ in {
openDefaultPorts = true;
declarative = syncthing.declarativeWith [ "hera" ] "/home/maralorn/media"
// {
cert = pkgs.privatePath "syncthing/apollo/cert.pem";
key = pkgs.privatePath "syncthing/apollo/key.pem";
};
cert = pkgs.privatePath "syncthing/apollo/cert.pem";
key = pkgs.privatePath "syncthing/apollo/key.pem";
};
};
xserver = {
enable = true;

45
nixos/machines/hera/cloud.nix
View file

@ -1,14 +1,15 @@
{ pkgs, config, lib, ... }:
with lib;
let
adminCreds = pkgs.privateValue {
adminpass = "";
dbpass = "";
adminuser = "";
} "nextcloud-admin";
adminCreds = pkgs.privateValue
{
adminpass = "";
dbpass = "";
adminuser = "";
} "nextcloud-admin";
inherit (config.m-0) hosts;
certPath = "/var/lib/acme";
nextcloud-container = { v6, v4, hostname, rss ? false, extraMounts ? {} }: {
nextcloud-container = { v6, v4, hostname, rss ? false, extraMounts ? { } }: {
bindMounts = {
"${certPath}" = {
hostPath = certPath;
@ -99,9 +100,10 @@ let
wantedBy = [ "multi-user.target" ];
};
pg_backup = {
script = let
name = "nextcloud-psql-${hostname}";
in
script =
let
name = "nextcloud-psql-${hostname}";
in
''
${config.services.postgresql.package}/bin/pg_dump nextcloud > /var/lib/db-backup-dumps/${name}
'';
@ -120,18 +122,19 @@ let
serviceConfig = {
Type = "oneshot";
User = "nextcloud";
ExecStart = let
config = pkgs.writeText "updater.ini" (
generators.toINI {} {
updater = {
user = adminCreds.adminuser;
password = adminCreds.adminpass;
url = "https://${hostname}/";
mode = "singlerun";
};
}
);
in
ExecStart =
let
config = pkgs.writeText "updater.ini" (
generators.toINI { } {
updater = {
user = adminCreds.adminuser;
password = adminCreds.adminpass;
url = "https://${hostname}/";
mode = "singlerun";
};
}
);
in
"${pkgs.nextcloud-news-updater}/bin/nextcloud-news-updater -c ${config}";
};
};

18
nixos/machines/hera/configuration.nix
View file

@ -2,7 +2,7 @@
let
inherit (config.m-0.private) me;
inherit (import ../../../common/common.nix { inherit pkgs; }) syncthing;
backupJobs = pkgs.privateValue {} "borgbackup";
backupJobs = pkgs.privateValue { } "borgbackup";
backupJobNames = map (name: "borgbackup-job-${name}") (lib.attrNames backupJobs);
in
{
@ -49,9 +49,10 @@ in
};
nixpkgs.config.android_sdk.accept_license = true;
systemd.services = {
pg_backup = let
name = "matrix-synapse";
in
pg_backup =
let
name = "matrix-synapse";
in
{
script = ''
${config.services.postgresql.package}/bin/pg_dump ${name} > /var/lib/db-backup-dumps/${name}
@ -62,10 +63,11 @@ in
};
};
night-routines = {
script = let
start = "${pkgs.systemd}/bin/systemctl start";
container = "${pkgs.nixos-container}/bin/nixos-container run";
in
script =
let
start = "${pkgs.systemd}/bin/systemctl start";
container = "${pkgs.nixos-container}/bin/nixos-container run";
in
''
set -x
set +e

4
nixos/machines/hera/mail.nix
View file

@ -51,8 +51,8 @@ in
enableImapSsl = true;
fqdn = "hera.m-0.eu";
domains = [ "m-0.eu" "maralorn.de" "choreutes.de" "mathechor.de" ];
forwards = pkgs.privateValue {} "mail/forwards";
loginAccounts = pkgs.privateValue {} "mail/users";
forwards = pkgs.privateValue { } "mail/forwards";
loginAccounts = pkgs.privateValue { } "mail/users";
hierarchySeparator = "/";
certificateScheme = 1;
certificateFile = "${certPath}/fullchain.pem";

3
nixos/machines/hera/network.nix
View file

@ -2,7 +2,8 @@
let
wireguard = import ../../../common/wireguard.nix;
inherit (config.m-0) hosts;
in {
in
{
networking = {
hostName = "hera";
domain = "m-0.eu";

17
nixos/machines/hera/web.nix
View file

@ -7,7 +7,8 @@ let
'';
};
};
in {
in
{
networking.firewall.allowedTCPPorts = [ 80 443 ];
m-0.monitoring = [{
name = "hera-nginx";
@ -42,16 +43,16 @@ in {
forceSSL = true;
inherit locations;
};
"fdroid.maralorn.de" = {
forceSSL = true;
enableACME = true;
locations = {
"/" = {
root = "/var/www/fdroid/repo";
"fdroid.maralorn.de" = {
forceSSL = true;
enableACME = true;
locations = {
"/" = {
root = "/var/www/fdroid/repo";
};
};
};
};
};
};
};

3
nixos/roles/admin.nix
View file

@ -2,7 +2,8 @@
let
passwordFile = pkgs.privatePath "pam-login-password";
openssh.authorizedKeys.keys = pkgs.privateValue [ ] "ssh-keys";
in {
in
{
users.users = {
maralorn = {
description = "maralorn";

3
nixos/roles/boot-key.nix
View file

@ -1,6 +1,7 @@
{ lib, config, ... }:
let secretsFile = "/var/lib/luks-secret/key";
in {
in
{
boot = {
initrd = {
luks.devices."nixos" = {

39
nixos/roles/coturn.nix
View file

@ -2,25 +2,28 @@
let
fqdn = "${config.networking.hostName}.${config.networking.domain}";
key_dir = config.security.acme.certs."${fqdn}".directory;
in {
in
{
users.users.turnserver.extraGroups = [ "nginx" ]; # For read access to certs;
networking.firewall = let
range = [{
from = config.services.coturn.min-port;
to = config.services.coturn.max-port;
}];
ports = [
config.services.coturn.listening-port
config.services.coturn.alt-listening-port
config.services.coturn.tls-listening-port
config.services.coturn.alt-tls-listening-port
];
in {
allowedUDPPortRanges = range;
allowedTCPPortRanges = range;
allowedTCPPorts = ports;
allowedUDPPorts = ports;
};
networking.firewall =
let
range = [{
from = config.services.coturn.min-port;
to = config.services.coturn.max-port;
}];
ports = [
config.services.coturn.listening-port
config.services.coturn.alt-listening-port
config.services.coturn.tls-listening-port
config.services.coturn.alt-tls-listening-port
];
in
{
allowedUDPPortRanges = range;
allowedTCPPortRanges = range;
allowedTCPPorts = ports;
allowedUDPPorts = ports;
};
security.acme.certs.${fqdn} = {
postRun = "systemctl restart coturn.service";
};

33
nixos/roles/default.nix
View file

@ -57,7 +57,7 @@
];
nixPath = [ "/etc/nix-path" ];
trustedUsers = [ "maralorn" "laminar" ];
buildMachines = pkgs.privateValue [] "remote-builders";
buildMachines = pkgs.privateValue [ ] "remote-builders";
extraOptions = ''
fallback = true
keep-outputs = true
@ -65,27 +65,28 @@
builders-use-substitutes = true
'';
optimise = {
dates = [];
dates = [ ];
automatic = true;
};
};
systemd.services = let
hosts = builtins.attrNames config.services.nginx.virtualHosts;
makeConfig = host: {
name = "acme-${host}";
value = {
serviceConfig = {
Restart = "on-failure";
RestartSec = 600;
};
unitConfig = {
StartLimitIntervalSec = 2400;
StartLimitBurst = 3;
systemd.services =
let
hosts = builtins.attrNames config.services.nginx.virtualHosts;
makeConfig = host: {
name = "acme-${host}";
value = {
serviceConfig = {
Restart = "on-failure";
RestartSec = 600;
};
unitConfig = {
StartLimitIntervalSec = 2400;
StartLimitBurst = 3;
};
};
};
};
in
in
{ nix-optimise.serviceConfig.Type = "oneshot"; } // builtins.listToAttrs (map makeConfig hosts);
services = {

3
nixos/roles/element.nix
View file

@ -13,7 +13,8 @@ let
branding.welcomeBackgroundUrl =
"https://cloud.maralorn.de/apps/theming/image/background";
};
in {
in
{
services.nginx = {
enable = true;
virtualHosts."element.maralorn.de" = {

3
nixos/roles/email2matrix.nix
View file

@ -36,7 +36,8 @@ let
};
Misc = { Debug = true; };
});
in {
in
{
systemd.services.email2matrix = {
script =
"${pkgs.email2matrix}/bin/devture-email2matrix --config ${email2matrix-config}";

24
nixos/roles/fonts.nix
View file

@ -13,20 +13,24 @@
#fontDir.enable = true;
fonts = builtins.attrValues {
inherit (pkgs)
nerdfonts # For all my terminal needs.
libertine # nice text font
material-icons # icons in my app
nerdfonts# For all my terminal needs.
libertine# nice text font
material-icons# icons in my app
b612; # sans font, very good for displays
};
};
# create a cache of the font sources, often slow internet connections make it painful to
# re-download them after a few months
environment.etc = let
# fonts with src attributes
font_sources = map (v: v.src) (lib.filter (v: v ? src) config.fonts.fonts);
in builtins.listToAttrs (lib.imap0 (n: v:
lib.nameValuePair "src-cache/fonts/${toString n}" {
source = builtins.toPath v;
}) font_sources);
environment.etc =
let
# fonts with src attributes
font_sources = map (v: v.src) (lib.filter (v: v ? src) config.fonts.fonts);
in
builtins.listToAttrs (lib.imap0
(n: v:
lib.nameValuePair "src-cache/fonts/${toString n}" {
source = builtins.toPath v;
})
font_sources);
}

3
nixos/roles/foundryvtt.nix
View file

@ -3,7 +3,8 @@ let
name = "foundryvtt";
stateDir = "/var/lib/${name}";
port = "3333";
in {
in
{
config = {
users = {
groups.${name} = { };

28
nixos/roles/git.nix
View file

@ -7,14 +7,15 @@ let
"test-config.service"
"--no-block"
];
post-update = pkgs.writeHaskellScript {
name = "post-update";
bins = [ pkgs.git pkgs.laminar ];
imports = [
"System.Environment (lookupEnv)"
"System.Directory (withCurrentDirectory)"
];
} ''
post-update = pkgs.writeHaskellScript
{
name = "post-update";
bins = [ pkgs.git pkgs.laminar ];
imports = [
"System.Environment (lookupEnv)"
"System.Directory (withCurrentDirectory)"
];
} ''
checkout :: String -> IO FilePath
checkout path = do
(decodeUtf8 -> repoDir) <- mktemp "-d" |> captureTrim
@ -40,10 +41,13 @@ let
bracket (checkout path) (rm "-rf") $ \repoDir -> withCurrentDirectory repoDir $ nix_build "-o" ([i|/var/www/#{deploy}|] :: String) target
say "Done"
'';
in {
systemd.tmpfiles.rules = let cfg = config.services.gitolite;
in lib.mkAfter
[ "z ${cfg.dataDir}/.ssh/id_ed25519 0600 ${cfg.user} ${cfg.group} - -" ];
in
{
systemd.tmpfiles.rules =
let cfg = config.services.gitolite;
in
lib.mkAfter
[ "z ${cfg.dataDir}/.ssh/id_ed25519 0600 ${cfg.user} ${cfg.group} - -" ];
services.gitolite = {
enable = true;
user = "git";

2
nixos/roles/go-neb.nix
View file

@ -29,7 +29,7 @@
{{range .Alerts -}} [{{ .Status }}] {{index .Annotations "description"}} ({{index .Labels "alertname" }}){{ end -}}'';
html_template = ''
{{range .Alerts -}}{{ $severity := index .Labels "severity" }}{{ if eq .Status "firing" }}{{ if eq $severity "critical"}}<font color='red'><b>[FIRING - CRITICAL]</b></font>{{ else if eq $severity "warning"}}<font color='orange'><b>[FIRING - WARNING]</b></font>{{ else }}<font color='yellow'><b>[FIRING - {{ $severity }}]</b></font>{{ end }}{{ else }}<font color='green'><b>[RESOLVED]</b></font>{{ end }} {{ index .Annotations "description"}} {{ $url := index .Labels "url" }}{{ if eq $url "" }}{{ else }}<a href="{{ $url }}">more infos</a> {{ end }}({{ index .Labels "alertname"}}, <a href="https://stats.maralorn.de/d/health-status">dashboard</a>, <a href="{{ .SilenceURL }}">silence</a>)<br/>{{end -}}
'';
'';
msg_type = "m.text"; # Must be either `m.text` or `m.notice`
};
};

18
nixos/roles/kassandra-server.nix
View file

@ -2,13 +2,15 @@
systemd.services.kassandra = {
enable = true;
description = "Kassandra Server";
serviceConfig = let serverPath = "/var/cache/gc-links/kassandra-server";
in {
WorkingDirectory = serverPath;
ExecStart = "${serverPath}/backend -b '::1' ";
Restart = "always";
Environment = "PATH=${pkgs.coreutils}/bin/:${pkgs.taskwarrior}/bin";
User = "maralorn";
};
serviceConfig =
let serverPath = "/var/cache/gc-links/kassandra-server";
in
{
WorkingDirectory = serverPath;
ExecStart = "${serverPath}/backend -b '::1' ";
Restart = "always";
Environment = "PATH=${pkgs.coreutils}/bin/:${pkgs.taskwarrior}/bin";
User = "maralorn";
};
};
}

30
nixos/roles/laminar/bump-config.hs
View file

@ -1,25 +1,25 @@
{-# LANGUAGE TemplateHaskell #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE ExtendedDefaultRules #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# LANGUAGE ScopedTypeVariables #-}
{-# LANGUAGE FlexibleContexts #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE QuasiQuotes #-}
{-# LANGUAGE ScopedTypeVariables #-}
{-# LANGUAGE TemplateHaskell #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -Wall -Werror -Wno-missing-signatures -Wno-type-defaults -Wno-orphans #-}
import System.Environment
import Data.String.Interpolate
import qualified Data.Text as Text
import Language.Haskell.TH
import Language.Haskell.TH.Syntax
import Relude
import Shh
import Data.String.Interpolate
import qualified Data.Text as Text
import Language.Haskell.TH
import Language.Haskell.TH.Syntax
import Relude
import Say
import Shh
import System.Environment
load Absolute ["git", "niv"]
paths :: [Text]
paths =
$$(liftTyped . mapMaybe (\x -> foldr (<|>) Nothing $ (\bin -> Text.stripSuffix [i|/#{bin}|] $ toText x) <$> ["git", "tar", "nix-prefetch-url", "gzip"])=<< runIO pathBinsAbs)
$$(liftTyped . mapMaybe (\x -> foldr (<|>) Nothing $ (\bin -> Text.stripSuffix [i|/#{bin}|] $ toText x) <$> ["git", "tar", "nix-prefetch-url", "gzip"]) =<< runIO pathBinsAbs)
repo = "git@hera.m-0.eu:nixos-config"
@ -28,9 +28,9 @@ main = do
setEnv "PATH" . toString $ Text.intercalate ":" paths
ignoreFailure $ niv "update"
changed <- (mempty /=) <$> (git "status" "--porcelain" |> captureTrim)
when changed $ do
when changed $ do
git "config" "user.email" "maralorn@maralorn.de"
git "config" "user.name" "maralorn (nix-auto-updater)"
git "commit" "-am" "Update dependencies with niv"
git "config" "user.name" "maralorn (nix-auto-updater)"
git "commit" "-am" "Update dependencies with niv"
git "push" "-f" "origin" "HEAD:niv-bump"
unless changed $ say "No updates in any niv source. Doing nothing."

64
nixos/roles/laminar/default.nix
View file

@ -8,12 +8,14 @@ let
echo "Cached build-result $1 to"
${pkgs.nix}/bin/nix-store -r --indirect --add-root "/var/cache/gc-links/$2" "$1"
''}";
in {
in
{
options = {
services.laminar = {
cfgFiles = mkOption {
type = let valueType = with types; oneOf [ path (attrsOf valueType) ];
in valueType;
type =
let valueType = with types; oneOf [ path (attrsOf valueType) ];
in valueType;
default = { };
description = ''
Every entry will be copied to /var/lib/laminar/cfg/<name>
@ -25,24 +27,30 @@ in {
};
imports = [ ./kassandra.nix ./test-config.nix ./projects.nix ];
config = {
security.sudo.extraRules = let allowedCommands = [ cacheResult ];
in [{
commands = map (command: {
inherit command;
options = [ "NOPASSWD" ];
}) allowedCommands;
users = [ "laminar" ];
}];
security.sudo.extraRules =
let allowedCommands = [ cacheResult ];
in
[{
commands = map
(command: {
inherit command;
options = [ "NOPASSWD" ];
})
allowedCommands;
users = [ "laminar" ];
}];
services.laminar.cfgFiles = {
env = builtins.toFile "laminar-env" ''
TIMEOUT=14400
'';
scripts = {
"nix-jobs" = pkgs.writeHaskell "nix-jobs" {
libraries = builtins.attrValues pkgs.myHaskellScriptPackages;
ghcEnv.PATH = "${lib.makeBinPath [ pkgs.laminar pkgs.nix ]}:$PATH";
ghcArgs = [ "-threaded" ];
} (builtins.readFile ./nix-jobs.hs);
"nix-jobs" = pkgs.writeHaskell "nix-jobs"
{
libraries = builtins.attrValues pkgs.myHaskellScriptPackages;
ghcEnv.PATH = "${lib.makeBinPath [ pkgs.laminar pkgs.nix ]}:$PATH";
ghcArgs = [ "-threaded" ];
}
(builtins.readFile ./nix-jobs.hs);
};
jobs = {
"nix-build.run" = pkgs.writeShellScript "nix-build" ''
@ -92,17 +100,19 @@ in {
LimitNOFILE = "1024000";
};
after = [ "network.target" ];
preStart = let
linkToPath = path: fileOrDir:
(if types.path.check fileOrDir then
[ "ln -sT ${fileOrDir} ${path}" ]
else
[ "mkdir -p ${path}" ] ++ lib.concatLists (lib.mapAttrsToList
(dirName: content: linkToPath "${path}/${dirName}" content)
fileOrDir));
cfgDirContent = pkgs.runCommand "laminar-cfg-dir" { }
(lib.concatStringsSep "\n" (linkToPath "$out" cfg.cfgFiles));
in "ln -sfT ${cfgDirContent} ${cfgDir}";
preStart =
let
linkToPath = path: fileOrDir:
(if types.path.check fileOrDir then
[ "ln -sT ${fileOrDir} ${path}" ]
else
[ "mkdir -p ${path}" ] ++ lib.concatLists (lib.mapAttrsToList
(dirName: content: linkToPath "${path}/${dirName}" content)
fileOrDir));
cfgDirContent = pkgs.runCommand "laminar-cfg-dir" { }
(lib.concatStringsSep "\n" (linkToPath "$out" cfg.cfgFiles));
in
"ln -sfT ${cfgDirContent} ${cfgDir}";
};
services = {
nginx = {

3
nixos/roles/laminar/kassandra.nix
View file

@ -31,7 +31,8 @@ let
nix-jobs realise $drv
laminarc set "RESULTDRV=$drv"
'';
in {
in
{
security.sudo.extraRules = [{
commands = [{
command = deploy;

321
nixos/roles/laminar/nix-jobs.hs
View file

@ -1,87 +1,99 @@
{-# LANGUAGE DeriveAnyClass #-}
{-# LANGUAGE TupleSections #-}
{-# LANGUAGE LambdaCase #-}
{-# LANGUAGE QuasiQuotes #-}
{-# LANGUAGE TemplateHaskell #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE ExtendedDefaultRules #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# LANGUAGE ScopedTypeVariables #-}
{-# LANGUAGE FlexibleContexts #-}
{-# LANGUAGE LambdaCase #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE QuasiQuotes #-}
{-# LANGUAGE ScopedTypeVariables #-}
{-# LANGUAGE TemplateHaskell #-}
{-# LANGUAGE TupleSections #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -Wall -Werror -Wno-missing-signatures -Wno-type-defaults -Wno-orphans #-}
import Control.Concurrent ( threadDelay )
import Control.Concurrent.Async ( forConcurrently_
, race_
, withAsync
)
import Control.Concurrent.STM ( check
, retry
)
import Control.Exception ( bracket
, catch
, handle
, handleJust
, throwIO
)
import Data.Bits ( Bits((.|.)) )
import qualified Data.Map as Map
import qualified Data.Sequence as Seq
import Data.String.Interpolate ( i )
import Data.Text ( isInfixOf
, splitOn
, strip
)
import qualified Data.Text as T
import Data.Time ( UTCTime
, defaultTimeLocale
, diffUTCTime
, formatTime
, getCurrentTime
)
import Relude
import Say ( say
, sayErr
)
import Shh ( (&!>)
, ExecArg(..)
, ExecReference(Absolute)
, Stream(StdOut)
, captureTrim
, load
, (|>)
)
import System.Directory ( createDirectoryIfMissing
, doesFileExist
, getModificationTime
, removeFile
)
import System.Environment ( getArgs
, getEnv
, setEnv
)
import System.FSNotify ( Event(Removed)
, watchDir
, withManager
)
import System.IO ( BufferMode(LineBuffering)
, hSetBuffering
)
import System.IO.Error
import System.IO.Unsafe
import System.Posix.Files ( groupReadMode
, otherReadMode
, ownerReadMode
, ownerWriteMode
)
import System.Posix.IO ( OpenFileFlags(exclusive)
, OpenMode(WriteOnly)
, closeFd
, defaultFileFlags
, fdWrite
, openFd
)
import Control.Concurrent (threadDelay)
import Control.Concurrent.Async (
forConcurrently_,
race_,
withAsync,
)
import Control.Concurrent.STM (
check,
retry,
)
import Control.Exception (
bracket,
catch,
handle,
handleJust,
throwIO,
)
import Data.Bits (Bits ((.|.)))
import qualified Data.Map as Map
import qualified Data.Sequence as Seq
import Data.String.Interpolate (i)
import Data.Text (
isInfixOf,
splitOn,
strip,
)
import qualified Data.Text as T
import Data.Time (
UTCTime,
defaultTimeLocale,
diffUTCTime,
formatTime,
getCurrentTime,
)
import Relude
import Say (
say,
sayErr,
)
import Shh (
ExecArg (..),
ExecReference (Absolute),
Stream (StdOut),
captureTrim,
load,
(&!>),
(|>),
)
import System.Directory (
createDirectoryIfMissing,
doesFileExist,
getModificationTime,
removeFile,
)
import System.Environment (
getArgs,
getEnv,
setEnv,
)
import System.FSNotify (
Event (Removed),
watchDir,
withManager,
)
import System.IO (
BufferMode (LineBuffering),
hSetBuffering,
)
import System.IO.Error
import System.IO.Unsafe
import System.Posix.Files (
groupReadMode,
otherReadMode,
ownerReadMode,
ownerWriteMode,
)
import System.Posix.IO (
OpenFileFlags (exclusive),
OpenMode (WriteOnly),
closeFd,
defaultFileFlags,
fdWrite,
openFd,
)
load Absolute ["laminarc", "nix-store"]
@ -94,13 +106,13 @@ throwWait = throwIO . WaitException
instance Semigroup JobResult where
Success <> Success = Success
_ <> _ = Failure
_ <> _ = Failure
instance Monoid JobResult where
mempty = Success
instance ExecArg Text where
asArg = asArg . toString
asArg = asArg . toString
asArgFromList = asArgFromList . fmap toString
drvBasename :: Text -> Text
@ -118,6 +130,7 @@ resultPath p = [i|#{resultDir}/#{drvBasename p}|]
{-# NOINLINE jobMap #-}
data BuildState = Pending | Running UTCTime | Complete deriving (Show, Eq)
-- True means job is finished
jobMap :: TVar (Map Text (TVar BuildState))
jobMap = unsafePerformIO $ newTVarIO mempty
@ -170,10 +183,10 @@ job derivationName = do
flags <- filter (/= mempty) . splitOn " " . toText <$> getEnv "FLAGS"
catch
(nixStoreRealise derivationName flags)
(\(err :: SomeException) -> do
setResult Failure
sayErr [i|nix-build failed with error #{err}.|]
exitFailure
( \(err :: SomeException) -> do
setResult Failure
sayErr [i|nix-build failed with error #{err}.|]
exitFailure
)
setResult Success
say [i|Build for #{derivationName} successful.|]
@ -197,54 +210,60 @@ tryQueue derivationName = handleExisting $ do
jobName <- startJob
when (T.null jobName) $ throw [i|Laminarc returned an empty jobName.|]
writeCount <- fdWrite fd (toString jobName)
when (writeCount == 0)
$ throw
[i|Wrote 0 bytes of jobName "#{jobName}" to #{runningPath derivationName}|]
when (writeCount == 0) $
throw
[i|Wrote 0 bytes of jobName "#{jobName}" to #{runningPath derivationName}|]
pure . Just $ jobName
startJob = do
flags <- getEnv "FLAGS"
decodeUtf8
<$> ( laminarc "queue"
"nix-build"
([i|DERIVATION=#{derivationName}|] :: Text)
([i|FLAGS=#{flags}|] :: Text)
|> captureTrim
<$> ( laminarc
"queue"
"nix-build"
([i|DERIVATION=#{derivationName}|] :: Text)
([i|FLAGS=#{flags}|] :: Text)
|> captureTrim
)
handleExisting = handleJust
(\x -> if isAlreadyExistsError x then Just x else Nothing)
(const (pure Nothing))
openNewFile = openFd (runningPath derivationName)
WriteOnly
(Just defaultMode)
defaultFileFlags { exclusive = True }
handleExisting =
handleJust
(\x -> if isAlreadyExistsError x then Just x else Nothing)
(const (pure Nothing))
openNewFile =
openFd
(runningPath derivationName)
WriteOnly
(Just defaultMode)
defaultFileFlags{exclusive = True}
defaultMode =
ownerReadMode .|. ownerWriteMode .|. groupReadMode .|. otherReadMode
queueJobWithLaminarc :: Text -> IO Text
queueJobWithLaminarc derivationName = whenNothingM
(do
jobMay <- tryQueue derivationName
whenJust jobMay $ \jobName ->
say [i|Job #{jobName} started for #{derivationName}. Waiting ...|]
pure jobMay
)
(ensureRunningJob derivationName)
queueJobWithLaminarc derivationName =
whenNothingM
( do
jobMay <- tryQueue derivationName
whenJust jobMay $ \jobName ->
say [i|Job #{jobName} started for #{derivationName}. Waiting ...|]
pure jobMay
)
(ensureRunningJob derivationName)
ensureRunningJob :: Text -> IO Text
ensureRunningJob derivationName = whenNothingM
(do
jobMay <- getRunningJob derivationName
whenJust jobMay $ \jobName ->
say [i|Job #{jobName} running for #{derivationName}. Waiting ...|]
pure jobMay
)
(queueJobWithLaminarc derivationName)
ensureRunningJob derivationName =
whenNothingM
( do
jobMay <- getRunningJob derivationName
whenJust jobMay $ \jobName ->
say [i|Job #{jobName} running for #{derivationName}. Waiting ...|]
pure jobMay
)
(queueJobWithLaminarc derivationName)
-- Nothing means there is no running Job.
getRunningJob :: Text -> IO (Maybe Text)
getRunningJob derivationName = poll 0
where
path = runningPath derivationName
path = runningPath derivationName
request = handleNoExist (Just <$> readFileText path)
handleNoExist =
handleJust (guard . isDoesNotExistError) (const $ pure Nothing)
@ -253,15 +272,14 @@ getRunningJob derivationName = poll 0
if count < 50 && mayJob == Just ""
then threadDelay 10000 >> poll (count + 1)
else do
pure mayJob
getJobVar :: Text -> IO (TVar BuildState)
getJobVar derivationName =
atomically
$ readTVar jobMap
>>= maybe makeVar pure
. Map.lookup derivationName
atomically $
readTVar jobMap
>>= maybe makeVar pure
. Map.lookup derivationName
where
makeVar = do
newVar <- newTVar Pending
@ -270,14 +288,14 @@ getJobVar derivationName =
realise :: Text -> IO ()
realise derivationName = do
jobVar <- getJobVar derivationName
now <- getCurrentTime
jobVar <- getJobVar derivationName
now <- getCurrentTime
runHere <- atomically $ do
jobState <- readTVar jobVar
case jobState of
Complete -> pure False
Complete -> pure False
Running _ -> retry
Pending -> do
Pending -> do
writeTVar jobVar (Running now)
pure True
when runHere $ do
@ -291,12 +309,13 @@ realise derivationName = do
where
runBuild start = do
jobName <- ensureRunningJob derivationName
handleWaitFail $ waitForJob derivationName >>= \case
Success -> do
now <- getCurrentTime
say
[i|Job #{jobName} completed for #{derivationName} after #{formatTime defaultTimeLocale "%2h:%2M:%2S" (diffUTCTime now start)}.|]
Failure -> throw [i|Job #{jobName} failed #{derivationName}.|]
handleWaitFail $
waitForJob derivationName >>= \case
Success -> do
now <- getCurrentTime
say
[i|Job #{jobName} completed for #{derivationName} after #{formatTime defaultTimeLocale "%2h:%2M:%2S" (diffUTCTime now start)}.|]
Failure -> throw [i|Job #{jobName} failed #{derivationName}.|]
processWaitFail (WaitException e) = do
sayErr
[i|Retrying to find or create a job for #{derivationName} after waiting for job failed with error "#{e}" |]
@ -311,9 +330,9 @@ checkStaleness = forever $ do
when nothingQueued $ do
knownJobs <-
fmap strip
. lines
. decodeUtf8
<$> (laminarc "show-running" |> captureTrim)
. lines
. decodeUtf8
<$> (laminarc "show-running" |> captureTrim)
jobs <- Map.toList <$> readTVarIO jobMap
forConcurrently_ jobs $ \(derivationName, jobVar) ->
checkStalenessFor knownJobs jobVar derivationName
@ -328,15 +347,15 @@ checkStalenessFor jobs jobVar derivationName =
[i|Still waiting for job #{jobName} for #{derivationName} after #{formatTime defaultTimeLocale "%2h:%2M:%2S" (diffUTCTime now start)} ...|]
fileTime <- getModificationTime (runningPath derivationName)
let notRunning = not $ any (`isInfixOf` jobName) jobs
oldEnough = diffUTCTime now fileTime > 60
stale = notRunning && oldEnough
oldEnough = diffUTCTime now fileTime > 60
stale = notRunning && oldEnough
when stale $ do
removeFile (runningPath derivationName)
sayErr
[i|File #{runningPath derivationName} claiming job name "#{jobName}" seems to be stale. Deleting File.|]
where
running (Running a) = Just a
running _ = Nothing
running _ = Nothing
waitForJob :: Text -> IO JobResult
waitForJob derivationName = do
@ -344,18 +363,20 @@ waitForJob derivationName = do
let finished = atomically (writeTVar done True)
withManager $ \manager -> do
_ <- watchDir manager runningDir fileDeleted (const finished)
withAsync (whenNothingM_ (getRunningJob derivationName) finished)
(const $ atomically $ readTVar done >>= check)
withAsync
(whenNothingM_ (getRunningJob derivationName) finished)
(const $ atomically $ readTVar done >>= check)
resultText <-
handleJust
(guard . isDoesNotExistError)
(const $ throwWait
[i|Job result file #{resultPath derivationName} does not exist.|]
)
(guard . isDoesNotExistError)
( const $
throwWait
[i|Job result file #{resultPath derivationName} does not exist.|]
)
$ readFile (resultPath derivationName)
maybe
(throwWait [i|Failed to parse result from #{resultPath derivationName}.|])
pure
(throwWait [i|Failed to parse result from #{resultPath derivationName}.|])
pure
. readMaybe
. toString
$ resultText
@ -363,7 +384,6 @@ waitForJob derivationName = do
fileDeleted (Removed a _ _) | a == runningPath derivationName = True
fileDeleted _ = False
main :: IO ()
main = do
hSetBuffering stdout LineBuffering
@ -373,11 +393,12 @@ main = do
args <- fmap toText <$> getArgs
handle (\(JobException e) -> sayErr e >> exitFailure) $ case args of
["realise-here", derivationName] -> job derivationName
["realise" , derivationName] -> do
["realise", derivationName] -> do
jobId <- getEnv "JOB"
runId <- getEnv "RUN"
setEnv "LAMINAR_REASON"
[i|Building #{derivationName} in #{jobId}:#{runId}|]
setEnv
"LAMINAR_REASON"
[i|Building #{derivationName} in #{jobId}:#{runId}|]
race_ (realise derivationName) checkStaleness
_ ->
sayErr "Usage: realise-here <derivationName> | realise <derivationName>"

3
nixos/roles/laminar/projects.nix
View file

@ -1,7 +1,8 @@
{ pkgs, lib, config, ... }:
let
path = [ pkgs.git pkgs.nix pkgs.gnutar pkgs.gzip pkgs.openssh pkgs.laminar ];
in {
in
{
services.laminar.cfgFiles.jobs = {
"logfeed.run" = pkgs.writeShellScript "logfeed.run" ''
set -e

65
nixos/roles/laminar/test-config.hs
View file

@ -1,37 +1,42 @@
{-# LANGUAGE DeriveAnyClass #-}
{-# LANGUAGE TupleSections #-}
{-# LANGUAGE LambdaCase #-}
{-# LANGUAGE QuasiQuotes #-}
{-# LANGUAGE TemplateHaskell #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE ExtendedDefaultRules #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# LANGUAGE ScopedTypeVariables #-}
{-# LANGUAGE FlexibleContexts #-}
{-# LANGUAGE LambdaCase #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE QuasiQuotes #-}
{-# LANGUAGE ScopedTypeVariables #-}
{-# LANGUAGE TemplateHaskell #-}
{-# LANGUAGE TupleSections #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -Wall -Werror -Wno-missing-signatures -Wno-type-defaults -Wno-orphans #-}
import Control.Concurrent.Async
import Data.String.Interpolate
import Data.Text ( stripPrefix )
import Language.Haskell.TH.Syntax
import Relude
import Say
import Shh
import System.Environment
import Control.Concurrent.Async
import Data.String.Interpolate
import Data.Text (stripPrefix)
import Language.Haskell.TH.Syntax
import Relude
import Say
import Shh
import System.Environment
load Absolute ["laminarc", "git"]
repo = "git@hera.m-0.eu:nixos-config"
jobs :: [String]
jobs = $$(liftTyped =<< runIO (do
homes <- getEnv "HOMES"
systems <- getEnv "SYSTEMS"
let ret =((\x -> [i|system-config-#{x}|]) <$> (words . toText) systems)
<> ((\x -> [i|home-config-#{x}|]) <$> (words . toText) homes)
say [i|Found jobs #{ret}|]
pure ret
))
jobs =
$$( liftTyped
=<< runIO
( do
homes <- getEnv "HOMES"
systems <- getEnv "SYSTEMS"
let ret =
((\x -> [i|system-config-#{x}|]) <$> (words . toText) systems)
<> ((\x -> [i|home-config-#{x}|]) <$> (words . toText) homes)
say [i|Found jobs #{ret}|]
pure ret
)
)
deployCommand :: String
deployCommand = $$(liftTyped =<< runIO (getEnv "DEPLOY"))
@ -46,11 +51,11 @@ main = do
mapConcurrently_ (\x -> laminarc ["run", x, [i|BRANCH=#{branch}|]]) jobs
say [i|Builds succeeded.|]
when (branch == "master") $ do
say [i|Deploying new config to localhost.|]
exe "/run/wrappers/bin/sudo" deployCommand
say [i|Deploying new config to localhost.|]
exe "/run/wrappers/bin/sudo" deployCommand
when (branch == "niv-bump") $ do
say [i|Merging branch niv-bump into master.|]
git "clone" repo "."
git "checkout" "master"
git "merge" "origin/niv-bump"
git "push"
say [i|Merging branch niv-bump into master.|]
git "clone" repo "."
git "checkout" "master"
git "merge" "origin/niv-bump"
git "push"

103
nixos/roles/laminar/test-config.nix
View file

@ -14,19 +14,23 @@ let
writeFileText "derivation" derivationName
say [i|Build of ${name} config for #{hostname} was successful.|]
'';
test-system-config = pkgs.writeHaskellScript {
name = "test-system-config";
inherit bins;
inherit imports;
} (haskellBody "system" ''
buildSystemParams ++ paths ++ ["-I", [i|nixos-config=#{configDir}/nixos/machines/#{hostname}/configuration.nix|]]'');
test-system-config = pkgs.writeHaskellScript
{
name = "test-system-config";
inherit bins;
inherit imports;
}
(haskellBody "system" ''
buildSystemParams ++ paths ++ ["-I", [i|nixos-config=#{configDir}/nixos/machines/#{hostname}/configuration.nix|]]'');
test-home-config = pkgs.writeHaskellScript {
name = "test-home-config";
inherit bins;
inherit imports;
} (haskellBody "home"
''paths ++ [[i|#{configDir}/home-manager/target.nix|], "-A", hostname]'');
test-home-config = pkgs.writeHaskellScript
{
name = "test-home-config";
inherit bins;
inherit imports;
}
(haskellBody "home"
''paths ++ [[i|#{configDir}/home-manager/target.nix|], "-A", hostname]'');
path = [ pkgs.git pkgs.nix pkgs.gnutar pkgs.gzip pkgs.openssh pkgs.laminar ];
common = ''
set -e
@ -70,33 +74,42 @@ let
});
deployCommand = "${pkgs.writeShellScript "deploy-system-config"
"${pkgs.systemd}/bin/systemctl start --no-block update-config"}";
in {
in
{
services.laminar.cfgFiles.jobs = {
"test-config.run" = pkgs.writeHaskell "test-config" {
libraries = builtins.attrValues pkgs.myHaskellScriptPackages;
ghcEnv = {
HOMES = lib.concatStringsSep " " homes;
SYSTEMS = lib.concatStringsSep " " systems;
DEPLOY = deployCommand;
PATH = "${lib.makeBinPath [ pkgs.laminar pkgs.git ]}:$PATH";
};
ghcArgs = [ "-threaded" ];
} (builtins.readFile ./test-config.hs);
"bump-config.run" = pkgs.writeHaskell "bump-config" {
libraries = builtins.attrValues pkgs.myHaskellScriptPackages;
ghcEnv.PATH = "${lib.makeBinPath [ pkgs.git pkgs.niv pkgs.nix ]}:$PATH";
ghcArgs = [ "-threaded" ];
} (builtins.readFile ./bump-config.hs);
"test-config.run" = pkgs.writeHaskell "test-config"
{
libraries = builtins.attrValues pkgs.myHaskellScriptPackages;
ghcEnv = {
HOMES = lib.concatStringsSep " " homes;
SYSTEMS = lib.concatStringsSep " " systems;
DEPLOY = deployCommand;
PATH = "${lib.makeBinPath [ pkgs.laminar pkgs.git ]}:$PATH";
};
ghcArgs = [ "-threaded" ];
}
(builtins.readFile ./test-config.hs);
"bump-config.run" = pkgs.writeHaskell "bump-config"
{
libraries = builtins.attrValues pkgs.myHaskellScriptPackages;
ghcEnv.PATH = "${lib.makeBinPath [ pkgs.git pkgs.niv pkgs.nix ]}:$PATH";
ghcArgs = [ "-threaded" ];
}
(builtins.readFile ./bump-config.hs);
} // lib.listToAttrs (map mkHomeJob homes)
// lib.listToAttrs (map mkSystemJob homes);
security.sudo.extraRules = let allowedCommands = [ deployCommand ];
in [{
commands = map (command: {
inherit command;
options = [ "NOPASSWD" ];
}) allowedCommands;
users = [ "laminar" ];
}];
// lib.listToAttrs (map mkSystemJob homes);
security.sudo.extraRules =
let allowedCommands = [ deployCommand ];
in
[{
commands = map
(command: {
inherit command;
options = [ "NOPASSWD" ];
})
allowedCommands;
users = [ "laminar" ];
}];
systemd.services = {
update-config = {
path = [ pkgs.git pkgs.nix ];
@ -111,13 +124,15 @@ in {
StartLimitIntervalSec = 360;
StartLimitBurst = 3;
};
script = let user = "maralorn";
in ''
/run/wrappers/bin/sudo -u ${user} git -C /etc/nixos pull --ff-only
/run/wrappers/bin/sudo -u ${user} git -C /etc/nixos submodule update --init
/var/cache/gc-links/system-config-hera/bin/switch-to-configuration switch
/run/wrappers/bin/sudo -u ${user} /var/cache/gc-links/home-config-hera/default/activate
'';
script =
let user = "maralorn";
in
''
/run/wrappers/bin/sudo -u ${user} git -C /etc/nixos pull --ff-only
/run/wrappers/bin/sudo -u ${user} git -C /etc/nixos submodule update --init
/var/cache/gc-links/system-config-hera/bin/switch-to-configuration switch
/run/wrappers/bin/sudo -u ${user} /var/cache/gc-links/home-config-hera/default/activate
'';
};
};
}

64
nixos/roles/matrix-synapse/default.nix
View file

@ -8,21 +8,21 @@ in
systemd.services = {
synapse-cleanup = {
serviceConfig = {
ExecStart = pkgs.writeHaskell "synapse-cleanup" {
libraries = builtins.attrValues pkgs.myHaskellScriptPackages ++ [
pkgs.haskellPackages.postgresql-simple
pkgs.haskellPackages.HTTP
];
ghcEnv.PATH = "${lib.makeBinPath [ pkgs.matrix-synapse-tools.rust-synapse-compress-state pkgs.postgresql_12 ]}:$PATH";
ghcArgs = [ "-threaded" ];
} (builtins.readFile ./synapse-cleanup.hs);
ExecStart = pkgs.writeHaskell "synapse-cleanup"
{
libraries = builtins.attrValues pkgs.myHaskellScriptPackages ++ [
pkgs.haskellPackages.postgresql-simple
pkgs.haskellPackages.HTTP
];
ghcEnv.PATH = "${lib.makeBinPath [ pkgs.matrix-synapse-tools.rust-synapse-compress-state pkgs.postgresql_12 ]}:$PATH";
ghcArgs = [ "-threaded" ];
}
(builtins.readFile ./synapse-cleanup.hs);
User = "matrix-synapse";
Type = "oneshot";
};
};
synapse-worker-1 = {
};
synapse-worker-1 = { };
};
services = {
nginx = {
@ -31,9 +31,10 @@ in
enableACME = true;
forceSSL = true;
locations = {
"/.well-known/matrix/server".extraConfig = let
server."m.server" = "${hostName}:443";
in
"/.well-known/matrix/server".extraConfig =
let
server."m.server" = "${hostName}:443";
in
''
add_header Content-Type application/json;
return 200 '${builtins.toJSON server}';
@ -42,11 +43,11 @@ in
let
client."m.homeserver".base_url = "https://${hostName}";
in
''
add_header Content-Type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON client}';
'';
''
add_header Content-Type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON client}';
'';
};
};
virtualHosts."${hostName}" = {
@ -69,12 +70,14 @@ in
};
# Synapse
matrix-synapse = let
server-secrets = pkgs.privateValue {
registration_shared_secret = "";
macaroon_secret_key = "";
} "matrix/server-secrets";
in
matrix-synapse =
let
server-secrets = pkgs.privateValue
{
registration_shared_secret = "";
macaroon_secret_key = "";
} "matrix/server-secrets";
in
server-secrets // {
enable = true;
package = pkgs.matrix-synapse;
@ -86,14 +89,15 @@ in
max_upload_size = "30M";
dynamic_thumbnails = true;
turn_shared_secret = config.services.coturn.static-auth-secret;
turn_uris = let
turns = "turns:${config.services.coturn.realm}:${
turn_uris =
let
turns = "turns:${config.services.coturn.realm}:${
toString config.services.coturn.tls-listening-port
}";
turn = "turn:${config.services.coturn.realm}:${
turn = "turn:${config.services.coturn.realm}:${
toString config.services.coturn.listening-port
}";
in
in
[
"${turns}?transport=udp"
"${turns}?transport=tcp"
@ -145,7 +149,7 @@ in
type = "metrics";
port = 9148;
bind_address = "127.0.0.1";
resources = [];
resources = [ ];
tls = false;
}
{

3
nixos/roles/monitoring/default.nix
View file

@ -10,7 +10,8 @@ let
'';
basicAuthFile = pkgs.privateFile "basic-auth/monitoring";
};
in {
in
{
imports = [
./alertmanager.nix
./grafana.nix

2
nixos/roles/monitoring/grafana.nix
View file

@ -20,7 +20,7 @@ let
(heading "nix-output-monitor" "https://github.com/maralorn/nix-output-monitor")
(badge "https://repology.org/badge/vertical-allrepos/nix-output-monitor.svg?columns=3&header=" "https://repology.org/project/nix-output-monitor/versions")
];
dashboards = pkgs.runCommand "dashboards" {} ''
dashboards = pkgs.runCommand "dashboards" { } ''
mkdir -p $out
cp ${./grafana-dashboards}/* $out
substituteInPlace $out/health-status.json --replace '@BADGES@' '${badges}' \

8
nixos/roles/monitoring/nixpkgs.nix
View file

@ -2,7 +2,8 @@
let
watchNixpkgsPackage = name: branch: path:
let job_name = "nixpkgs ${name} on ${branch}";
in {
in
{
inherit job_name;
metrics_path = "/job/${path}/prometheus";
scheme = "https";
@ -20,7 +21,7 @@ let
};
watchHaskellUnstable = name:
watchNixpkgsPackage name "haskell-updates"
"nixpkgs/haskell-updates/haskellPackages.${name}.x86_64-linux";
"nixpkgs/haskell-updates/haskellPackages.${name}.x86_64-linux";
watchedHaskellUpdatesPkgs = builtins.attrNames (pkgs.myHaskellPackages) ++ [
"jsaddle-warp"
"stan"
@ -38,7 +39,8 @@ let
"cachix"
"taffybar"
];
in {
in
{
services.prometheus.scrapeConfigs =
map watchHaskellUnstable watchedHaskellUpdatesPkgs ++ [
(watchNixpkgsPackage "haskell-language-server-toplevel" "haskell-updates"

3
nixos/roles/monitoring/probes.nix
View file

@ -28,7 +28,8 @@ let
} # The blackbox exporter's real hostname:port.
];
};
in {
in
{
services.prometheus = {
exporters.blackbox = {
enable = true;

62
nixos/roles/monitoring/prometheus.nix
View file

@ -11,33 +11,41 @@
};
};
ruleFiles = [ ./rules.yml ];
scrapeConfigs = let alert_type = "infrastructure";
in [
(let name = "matrix-synapse";
in {
job_name = name;
metrics_path = "/_synapse/metrics";
static_configs = [{
targets = [ "localhost:9148" ];
labels = {
inherit name;
inherit alert_type;
};
}];
})
] ++ map (entry:
let inherit (entry) name;
in {
job_name = name;
static_configs = [{
targets = [ entry.host ];
labels = {
inherit name;
inherit alert_type;
inContainer = lib.boolToString entry.container;
};
}];
}) config.m-0.monitoring;
scrapeConfigs =
let alert_type = "infrastructure";
in
[
(
let name = "matrix-synapse";
in
{
job_name = name;
metrics_path = "/_synapse/metrics";
static_configs = [{
targets = [ "localhost:9148" ];
labels = {
inherit name;
inherit alert_type;
};
}];
}
)
] ++ map
(entry:
let inherit (entry) name;
in
{
job_name = name;
static_configs = [{
targets = [ entry.host ];
labels = {
inherit name;
inherit alert_type;
inContainer = lib.boolToString entry.container;
};
}];
})
config.m-0.monitoring;
};
};
}

3
nixos/roles/update-postgres.nix
View file

@ -6,7 +6,8 @@
};
environment.systemPackages =
let newpg = config.containers.temp-pg.config.services.postgresql;
in [
in
[
(pkgs.writeScriptBin "upgrade-pg-cluster" ''
set -x
export OLDDATA="${config.services.postgresql.dataDir}"

2
overlays/10-previews.nix
View file

@ -1,6 +1,6 @@
self: super:
let
unstable = import super.sources.nixos-unstable {};
unstable = import super.sources.nixos-unstable { };
in
{
inherit (unstable)

3
overlays/20-unfree.nix
View file

@ -3,6 +3,7 @@ let
unfree = import self.sources."${self.nixpkgs-channel}" { config.allowUnfree = true; };
unstableUnfree =
import self.sources.nixos-unstable { config.allowUnfree = true; };
in {
in
{
inherit (unfree) discord factorio steam zoom-us skypeforlinux google-chrome minecraft;
}

8
overlays/30-ghc.nix
View file

@ -1,7 +1,7 @@
self: super:
let
inherit (super) fetchFromGitHub;
master = import super.sources.nixpkgs-master {};
master = import super.sources.nixpkgs-master { };
inherit (master.haskell.lib) overrideCabal unmarkBroken doJailbreak dontCheck;
makeHaskellScriptPackages = p: {
inherit (p)
@ -20,9 +20,9 @@ let
hedgehog nix-derivation req
;
} // makeHaskellScriptPackages p;
overrides = self: super: {
generic-optics = dontCheck (unmarkBroken super.generic-optics);
};
overrides = self: super: {
generic-optics = dontCheck (unmarkBroken super.generic-optics);
};
haskellPackages = master.haskellPackages.extend overrides;
ghc = haskellPackages.ghc;
in

3
overlays/default.nix
View file

@ -9,4 +9,5 @@ let
isOverlay = n: (isNixDir n || isNixFile n) && notDefault n;
overlays = builtins.filter isOverlay candidates;
importOverlay = n: import (pathToOverlay n);
in map importOverlay overlays
in
map importOverlay overlays

13
overlays/grafana-devel/package.nix
View file

@ -1,5 +1,11 @@
{ stdenv, lib, grafana, writeScriptBin, symlinkJoin, writeTextFile
, grafanaPlugins ? { } }:
{ stdenv
, lib
, grafana
, writeScriptBin
, symlinkJoin
, writeTextFile
, grafanaPlugins ? { }
}:
let
provision = symlinkJoin {
name = "provision-files";
@ -47,7 +53,8 @@ let
})
];
};
in writeScriptBin "grafana-devel" ''
in
writeScriptBin "grafana-devel" ''
#! ${stdenv.shell}
set -ex
DIR=$(mktemp -d)

3
overlays/jali/package.nix
View file

@ -3,7 +3,8 @@ let
inherit (python3Packages) jinja2 pendulum GitPython buildPythonApplication;
pname = "jali";
version = "b47d3b9";
in buildPythonApplication {
in
buildPythonApplication {
name = "${pname}-${version}";
inherit pname version;
doCheck = false;

3
overlays/kassandra/default.nix
View file

@ -9,5 +9,6 @@ self: super: {
buildInputs = [ openssl ];
cargoSha256 = "0nlc09sh679vfq7n08836mnjsax2pnskm64jk3c6k0l2spina3nd";
doCheck = false;
}) { };
})
{ };
}

8
overlays/kassandra2/default.nix
View file

@ -1,6 +1,8 @@
final: prev: let
kassandra = prev.haskellPackages.callCabal2nix "kassandra" (prev.sources.kassandra2 + "/kassandra") {};
final: prev:
let
kassandra = prev.haskellPackages.callCabal2nix "kassandra" (prev.sources.kassandra2 + "/kassandra") { };
standalone = prev.haskellPackages.callCabal2nix "standalone" (prev.sources.kassandra2 + "/standalone") { inherit kassandra; };
in {
in
{
kassandra2 = standalone;
}

10
overlays/logfeed/default.nix
View file

@ -1,5 +1,7 @@
final: prev: let
master = import prev.sources.nixpkgs-master {};
in {
logfeed = master.haskellPackages.callCabal2nix "logfeed" prev.sources.logfeed {};
final: prev:
let
master = import prev.sources.nixpkgs-master { };
in
{
logfeed = master.haskellPackages.callCabal2nix "logfeed" prev.sources.logfeed { };
}

6
overlays/matrix-commander/default.nix
View file

@ -4,7 +4,8 @@ let
let
pname = "matrix-commander";
version = "67a6a89";
in python3Packages.buildPythonApplication {
in
python3Packages.buildPythonApplication {
name = "${pname}-${version}";
inherit pname version;
src = fetchFromGitHub {
@ -31,4 +32,5 @@ let
$out/bin/matrix-commander --help > /dev/null
'';
};
in { matrix-commander = self.callPackage package { }; }
in
{ matrix-commander = self.callPackage package { }; }

4
overlays/pkgSets.nix
View file

@ -49,7 +49,7 @@ self: super: {
nixfmt nixpkgs-fmt rnix-lsp tmate rustup kitty nix-top ghcWithPackages ghcid matrix-commander upterm
lazygit
;
obelisk = (import self.sources.obelisk {}).command;
obelisk = (import self.sources.obelisk { }).command;
};
accounting-pkgs = {
inherit (self.haskellPackages) hledger hledger-ui hledger-web hledger-iadd;
@ -57,7 +57,7 @@ self: super: {
};
system-pkgs = self.core-system-pkgs // self.extra-system-pkgs // {
home-manager =
self.callPackage "${self.sources.${self.home-manager-channel}}/home-manager" {};
self.callPackage "${self.sources.${self.home-manager-channel}}/home-manager" { };
};
foreign-home-pkgs = self.extra-system-pkgs;
}

2
overlays/taskwarrior-git/default.nix
View file

@ -1,3 +1,3 @@
self: super: {
taskwarrior-git = self.haskellPackages.callCabal2nix "taskwarrior-git" self.sources.taskwarrior-git-backend {};
taskwarrior-git = self.haskellPackages.callCabal2nix "taskwarrior-git" self.sources.taskwarrior-git-backend { };
}

60
overlays/writeHaskellScript.nix
View file

@ -1,6 +1,7 @@
self: super:
let inherit (self) lib pkgs;
in {
in
{
haskellList = list: ''["${builtins.concatStringsSep ''", "'' list}"]'';
# writeHaskell takes a name, an attrset with libraries and haskell version (both optional)
# and some haskell source code and returns an executable.
@ -13,37 +14,42 @@ in {
# '';
writeHaskell = name:
{ libraries ? [ ], ghc ? pkgs.ghc, ghcArgs ? [ ], ghcEnv ? { } }:
pkgs.writers.makeBinWriter {
compileScript = let filename = lib.last (builtins.split "/" name);
in ''
cp $contentPath ${filename}.hs
${
lib.concatStringsSep " "
(lib.mapAttrsToList (key: val: ''${key}="${val}"'') ghcEnv)
} ${ghc.withPackages (_: libraries)}/bin/ghc ${
lib.escapeShellArgs ghcArgs
} ${filename}.hs
mv ${filename} $out
${pkgs.binutils-unwrapped}/bin/strip --strip-unneeded "$out"
'';
} name;
pkgs.writers.makeBinWriter
{
compileScript =
let filename = lib.last (builtins.split "/" name);
in
''
cp $contentPath ${filename}.hs
${
lib.concatStringsSep " "
(lib.mapAttrsToList (key: val: ''${key}="${val}"'') ghcEnv)
} ${ghc.withPackages (_: libraries)}/bin/ghc ${
lib.escapeShellArgs ghcArgs
} ${filename}.hs
mv ${filename} $out
${pkgs.binutils-unwrapped}/bin/strip --strip-unneeded "$out"
'';
}
name;
# writeHaskellBin takes the same arguments as writeHaskell but outputs a directory (like writeScriptBin)
writeHaskellBin = name: pkgs.writeHaskell "/bin/${name}";
writeHaskellScript = { name ? "haskell-script", bins ? [ ], imports ? [ ] }:
code:
pkgs.writeHaskellBin name {
ghcArgs = [
"-threaded"
"-Wall"
"-Wno-unused-top-binds"
"-Wno-missing-signatures"
"-Wno-type-defaults"
"-Wno-unused-imports"
"-Werror"
];
libraries = builtins.attrValues pkgs.myHaskellScriptPackages;
} ''
pkgs.writeHaskellBin name
{
ghcArgs = [
"-threaded"
"-Wall"
"-Wno-unused-top-binds"
"-Wno-missing-signatures"
"-Wno-type-defaults"
"-Wno-unused-imports"
"-Werror"
];
libraries = builtins.attrValues pkgs.myHaskellScriptPackages;
} ''
{-# LANGUAGE DeriveDataTypeable #-}
{-# LANGUAGE TemplateHaskell #-}
{-# LANGUAGE QuasiQuotes #-}

13
private.nix
View file

@ -3,11 +3,14 @@ let
explicitUsePrivate = builtins.getEnv "WITH_SECRETS" == "true";
explicitNotUsePrivate = builtins.getEnv "WITH_SECRETS" == "false";
usePrivate = !explicitNotUsePrivate && (explicitUsePrivate || privateExists);
withSecrets = builtins.trace (if usePrivate then
assert privateExists; "Building _with_ secrets!"
else
"Building _without_ secrets!") usePrivate;
in {
withSecrets = builtins.trace
(if usePrivate then
assert privateExists; "Building _with_ secrets!"
else
"Building _without_ secrets!")
usePrivate;
in
{
inherit withSecrets;
privatePath = name:
let path = "/etc/nixos/private/${name}";