youthlic/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

switch nixfmt to alejandra to format nix code

Browse source
This commit is contained in:
ulic-youthlic 2025-04-28 21:20:32 +08:00
parent 582bdb783c
commit e44894c666
Signed by: youthlic
GPG key ID: 63E86C3C14A0D721
120 changed files with 1163 additions and 1237 deletions
Download patch file Download diff file Expand all files Collapse all files

3
nixos/configurations/Akun/default.nix
View file

@ -1,5 +1,4 @@
{ pkgs, ... }:
{
{pkgs, ...}: {
imports = [
./hardware-configuration.nix
./stylix.nix

2
nixos/configurations/Akun/disk-config.nix
View file

@ -49,7 +49,7 @@
];
content = {
type = "btrfs";
extraArgs = [ "-f" ];
extraArgs = ["-f"];
subvolumes = {
"@root" = {
mountpoint = "/";

22
nixos/configurations/Akun/hardware-configuration.nix
View file

@ -1,17 +1,21 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = [];
boot.extraModulePackages = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

3
nixos/configurations/Akun/networking.nix
View file

@ -1,5 +1,4 @@
{ ... }:
{
{...}: {
systemd.network = {
enable = true;
wait-online.enable = false;

5
nixos/configurations/Akun/stylix.nix
View file

@ -1,5 +1,8 @@
{ pkgs, rootPath, ... }:
{
pkgs,
rootPath,
...
}: {
stylix = {
enable = true;
image = rootPath + "/assets/wallpaper/01.png";

5
nixos/configurations/Akun/users/default.nix
View file

@ -1,5 +1,8 @@
{ lib, pkgs, ... }:
{
lib,
pkgs,
...
}: {
users = {
mutableUsers = true;
users.david = {

6
nixos/configurations/Cape/default.nix
View file

@ -1,8 +1,4 @@
{
pkgs,
...
}:
{
{pkgs, ...}: {
imports = [
./forgejo.nix
./networking.nix

2
nixos/configurations/Cape/disko-config.nix
View file

@ -15,7 +15,7 @@
size = "100%";
content = {
type = "btrfs";
extraArgs = [ "-f" ];
extraArgs = ["-f"];
subvolumes = {
"@root" = {
mountpoint = "/";

5
nixos/configurations/Cape/forgejo.nix
View file

@ -1,12 +1,11 @@
{ config, ... }:
{
{config, ...}: {
youthlic.containers.forgejo = {
enable = true;
domain = "forgejo.youthlic.fun";
sshPort = 2222;
httpPort = 8480;
};
networking.firewall.allowedTCPPorts = [ 2222 ];
networking.firewall.allowedTCPPorts = [2222];
services.caddy.virtualHosts = {
"forgejo.${config.youthlic.programs.caddy.baseDomain}" = {
extraConfig = ''

22
nixos/configurations/Cape/hardware-configuration.nix
View file

@ -1,17 +1,21 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk"];
boot.initrd.kernelModules = [];
boot.kernelModules = [];
boot.extraModulePackages = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

3
nixos/configurations/Cape/miniflux.nix
View file

@ -1,5 +1,4 @@
{ config, ... }:
{
{config, ...}: {
sops.secrets."miniflux" = {
};
youthlic.containers.miniflux = {

3
nixos/configurations/Cape/networking.nix
View file

@ -1,5 +1,4 @@
{ ... }:
{
{...}: {
systemd.network = {
enable = true;
wait-online.enable = true;

3
nixos/configurations/Cape/stylix.nix
View file

@ -1,5 +1,4 @@
{ ... }:
{
{...}: {
stylix = {
enable = false;
};

3
nixos/configurations/Cape/users/default.nix
View file

@ -1,5 +1,4 @@
{ pkgs, ... }:
{
{pkgs, ...}: {
users.users.alice = {
initialHashedPassword = "$y$j9T$eS5zCi4W.4IPpf3P8Tb/o1$xhumXY1.PJKmTguNi/zlljLbLemNGiubWoUEc878S36";
isNormalUser = true;

3
nixos/configurations/Tytonidae/default.nix
View file

@ -3,8 +3,7 @@
pkgs,
inputs,
...
}:
{
}: {
imports =
(with inputs; [
nixos-hardware.nixosModules.asus-fx506hm

3
nixos/configurations/Tytonidae/disk-config.nix
View file

@ -1,5 +1,4 @@
{ ... }:
{
{...}: {
disko.devices = {
disk = {
disk1 = {

22
nixos/configurations/Tytonidae/hardware-configuration.nix
View file

@ -1,17 +1,21 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.initrd.availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

3
nixos/configurations/Tytonidae/hardware.nix
View file

@ -1,5 +1,4 @@
{ pkgs, ... }:
{
{pkgs, ...}: {
nixpkgs.config.cudaSupport = true;
services = {
hardware.bolt.enable = true;

3
nixos/configurations/Tytonidae/networking.nix
View file

@ -1,5 +1,4 @@
{ ... }:
{
{...}: {
systemd.network = {
enable = true;
wait-online.enable = false;

5
nixos/configurations/Tytonidae/stylix.nix
View file

@ -1,5 +1,8 @@
{ pkgs, rootPath, ... }:
{
pkgs,
rootPath,
...
}: {
stylix = {
enable = true;
image = rootPath + "/assets/wallpaper/01.png";

5
nixos/configurations/Tytonidae/users/default.nix
View file

@ -1,5 +1,8 @@
{ lib, pkgs, ... }:
{
lib,
pkgs,
...
}: {
users.users.david = {
initialHashedPassword = "$y$j9T$eS5zCi4W.4IPpf3P8Tb/o1$xhumXY1.PJKmTguNi/zlljLbLemNGiubWoUEc878S36";
isNormalUser = true;

10
nixos/modules/containers/default.nix
View file

@ -1,8 +1,10 @@
{ config, lib, ... }:
let
cfg = config.youthlic.containers;
in
{
config,
lib,
...
}: let
cfg = config.youthlic.containers;
in {
imports = [
./forgejo.nix
./miniflux.nix

106
nixos/modules/containers/forgejo.nix
View file

@ -3,11 +3,9 @@
config,
lib,
...
}:
let
}: let
cfg = config.youthlic.containers.forgejo;
in
{
in {
options = {
youthlic.containers.forgejo = {
enable = lib.mkEnableOption "forgejo container";
@ -56,64 +54,62 @@ in
}
];
config =
{ lib, ... }:
{
imports = [
./../programs/forgejo.nix
./../programs/postgresql.nix
];
config = {lib, ...}: {
imports = [
./../programs/forgejo.nix
./../programs/postgresql.nix
];
nixpkgs.pkgs = pkgs;
nixpkgs.pkgs = pkgs;
systemd.tmpfiles.rules = [
"d /var/lib/forgejo 770 forgejo forgejo -"
"d /var/lib/postgresql 770 postgres postgres -"
];
systemd.tmpfiles.rules = [
"d /var/lib/forgejo 770 forgejo forgejo -"
"d /var/lib/postgresql 770 postgres postgres -"
];
youthlic.programs = {
forgejo = {
enable = true;
domain = cfg.domain;
sshPort = cfg.sshPort;
httpPort = cfg.httpPort;
database = {
user = "forgejo";
};
};
postgresql = {
enable = true;
database = "forgejo";
auth_method = "peer";
version = "17";
youthlic.programs = {
forgejo = {
enable = true;
domain = cfg.domain;
sshPort = cfg.sshPort;
httpPort = cfg.httpPort;
database = {
user = "forgejo";
};
};
systemd.services.forgejo = {
wants = [ "postgresql.service" ];
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
wantedBy = [ "default.target" ];
postgresql = {
enable = true;
database = "forgejo";
auth_method = "peer";
version = "17";
};
networking = {
defaultGateway = "192.168.111.1";
firewall = {
enable = true;
allowedTCPPorts = [
cfg.httpPort
cfg.sshPort
];
allowedUDPPorts = [
cfg.httpPort
cfg.sshPort
];
};
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
system.stateVersion = "24.11";
};
systemd.services.forgejo = {
wants = ["postgresql.service"];
requires = ["postgresql.service"];
after = ["postgresql.service"];
wantedBy = ["default.target"];
};
networking = {
defaultGateway = "192.168.111.1";
firewall = {
enable = true;
allowedTCPPorts = [
cfg.httpPort
cfg.sshPort
];
allowedUDPPorts = [
cfg.httpPort
cfg.sshPort
];
};
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
system.stateVersion = "24.11";
};
};
};
}

92
nixos/modules/containers/miniflux.nix
View file

@ -3,11 +3,9 @@
config,
lib,
...
}:
let
}: let
cfg = config.youthlic.containers.miniflux;
in
{
in {
options = {
youthlic.containers.miniflux = {
enable = lib.mkEnableOption "miniflux container";
@ -38,57 +36,55 @@ in
};
};
config =
{ lib, ... }:
{
imports = [
./../programs/miniflux.nix
./../programs/postgresql.nix
];
config = {lib, ...}: {
imports = [
./../programs/miniflux.nix
./../programs/postgresql.nix
];
nixpkgs.pkgs = pkgs;
nixpkgs.pkgs = pkgs;
systemd.tmpfiles.rules = [
"d /var/lib/miniflux 770 miniflux miniflux -"
"d /var/lib/postgresql 770 postgres postgres -"
"d /run/secrets 770 root miniflux -"
];
systemd.tmpfiles.rules = [
"d /var/lib/miniflux 770 miniflux miniflux -"
"d /var/lib/postgresql 770 postgres postgres -"
"d /run/secrets 770 root miniflux -"
];
youthlic.programs = {
miniflux = {
enable = true;
database = {
user = "miniflux";
};
adminCredentialsFile = cfg.adminCredentialsFile;
};
postgresql = {
enable = true;
database = "miniflux";
auth_method = "peer";
version = "17";
youthlic.programs = {
miniflux = {
enable = true;
database = {
user = "miniflux";
};
adminCredentialsFile = cfg.adminCredentialsFile;
};
systemd.services.miniflux = {
wants = [ "postgresql.service" ];
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
wantedBy = [ "default.target" ];
postgresql = {
enable = true;
database = "miniflux";
auth_method = "peer";
version = "17";
};
networking = {
defaultGateway = "192.168.111.1";
firewall = {
enable = true;
allowedTCPPorts = [ 8485 ];
allowedUDPPorts = [ 8485 ];
};
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
system.stateVersion = "24.11";
};
systemd.services.miniflux = {
wants = ["postgresql.service"];
requires = ["postgresql.service"];
after = ["postgresql.service"];
wantedBy = ["default.target"];
};
networking = {
defaultGateway = "192.168.111.1";
firewall = {
enable = true;
allowedTCPPorts = [8485];
allowedUDPPorts = [8485];
};
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
system.stateVersion = "24.11";
};
};
};
}

3
nixos/modules/default.nix
View file

@ -3,8 +3,7 @@
inputs,
outputs,
...
}:
{
}: {
imports =
(with inputs; [
niri-flake.nixosModules.niri

10
nixos/modules/deploy/default.nix
View file

@ -1,8 +1,10 @@
{ config, lib, ... }:
let
cfg = config.youthlic.users.deploy;
in
{
config,
lib,
...
}: let
cfg = config.youthlic.users.deploy;
in {
options = {
youthlic.users.deploy = {
enable = lib.mkEnableOption "deploy";

6
nixos/modules/gui/cosmic.nix
View file

@ -3,11 +3,9 @@
lib,
pkgs,
...
}:
let
}: let
cfg = config.youthlic.gui;
in
{
in {
config = lib.mkIf (cfg.enabled == "cosmic") {
# Enable the X11 windowing system.
# You can disable this if you're only using the Wayland session.

8
nixos/modules/gui/default.nix
View file

@ -3,11 +3,9 @@
lib,
pkgs,
...
}:
let
}: let
cfg = config.youthlic.gui;
in
{
in {
imports = [
./niri.nix
./cosmic.nix
@ -66,7 +64,7 @@ in
monospace = [
"Maple Mono NF CN"
];
emoji = [ "Noto Color Emoji" ];
emoji = ["Noto Color Emoji"];
};
};

6
nixos/modules/gui/kde.nix
View file

@ -2,11 +2,9 @@
config,
lib,
...
}:
let
}: let
cfg = config.youthlic.gui;
in
{
in {
config = lib.mkIf (cfg.enabled == "kde") {
stylix.targets.qt.platform = "kde";
services = {

10
nixos/modules/gui/niri.nix
View file

@ -3,11 +3,9 @@
lib,
pkgs,
...
}:
let
}: let
cfg = config.youthlic.gui;
in
{
in {
config = lib.mkIf (cfg.enabled == "niri") {
qt = {
enable = true;
@ -23,7 +21,7 @@ in
terminal-exec = {
enable = true;
settings = {
default = [ "com.mitchellh.ghostty.desktop" ];
default = ["com.mitchellh.ghostty.desktop"];
};
};
mime = {
@ -52,7 +50,7 @@ in
"firefox.desktop"
"chromium-browser.desktop"
];
"x-scheme-handler/tg" = [ "telegramdesktop.desktop" ];
"x-scheme-handler/tg" = ["telegramdesktop.desktop"];
"x-scheme-handler/unknown" = [
"firefox.desktop"
"chromium-browser.desktop"

19
nixos/modules/home.nix
View file

@ -6,8 +6,7 @@
pkgs,
rootPath,
...
}:
{
}: {
options.youthlic.home-manager = {
enable = lib.mkOption {
type = lib.types.bool;
@ -33,19 +32,17 @@
'';
};
};
config =
let
cfg = config.youthlic.home-manager;
unixName = cfg.unixName;
hostName = cfg.hostName;
in
config = let
cfg = config.youthlic.home-manager;
unixName = cfg.unixName;
hostName = cfg.hostName;
in
lib.mkIf cfg.enable {
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
users."${cfg.unixName}" = (
{ ... }:
{
{...}: {
imports = [
outputs.homeModules."${unixName}"
(rootPath + "/home/${unixName}/configurations/${hostName}")
@ -58,7 +55,7 @@
inherit (pkgs) system;
};
backupFileExtension = "backup";
sharedModules = [ outputs.homeModules.default ];
sharedModules = [outputs.homeModules.default];
};
};
}

6
nixos/modules/i18n.nix
View file

@ -3,11 +3,9 @@
lib,
config,
...
}:
let
}: let
cfg = config.youthlic.i18n;
in
{
in {
options = {
youthlic.i18n = {
enable = lib.mkEnableOption "zh env";

8
nixos/modules/nix.nix
View file

@ -5,14 +5,12 @@
pkgs,
lib,
...
}:
{
}: {
config = {
nixpkgs = {
config = {
allowUnfree = true;
allowInsecurePredicate =
p:
allowInsecurePredicate = p:
builtins.elem (lib.getName p) [
# for fluffychat and neochat
"olm"
@ -25,7 +23,7 @@
mode = "0444";
};
nix = {
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
nixPath = ["nixpkgs=${inputs.nixpkgs}"];
extraOptions = ''
!include ${config.sops.secrets."access-tokens".path}
'';

6
nixos/modules/programs/asusd.nix
View file

@ -2,11 +2,9 @@
config,
lib,
...
}:
let
}: let
cfg = config.youthlic.programs.asusd;
in
{
in {
options = {
youthlic.programs.asusd = {
enable = lib.mkEnableOption "asusd";

12
nixos/modules/programs/caddy.nix
View file

@ -1,8 +1,10 @@
{ lib, config, ... }:
let
cfg = config.youthlic.programs.caddy;
in
{
lib,
config,
...
}: let
cfg = config.youthlic.programs.caddy;
in {
options = {
youthlic.programs.caddy = {
enable = lib.mkEnableOption "caddy";
@ -17,7 +19,7 @@ in
enable = true;
};
networking.firewall = {
allowedTCPPorts = [ 443 ];
allowedTCPPorts = [443];
};
};
}

12
nixos/modules/programs/conduwuit.nix
View file

@ -1,8 +1,10 @@
{ config, lib, ... }:
let
cfg = config.youthlic.programs.conduwuit;
in
{
config,
lib,
...
}: let
cfg = config.youthlic.programs.conduwuit;
in {
options = {
youthlic.programs.conduwuit = {
enable = lib.mkEnableOption "conduwuit";
@ -24,7 +26,7 @@ in
enable = true;
settings = {
global = {
port = [ 8481 ];
port = [8481];
address = [
"0.0.0.0"
"::"

186
nixos/modules/programs/dae/default.nix
View file

@ -4,11 +4,9 @@
pkgs,
lib,
...
}:
let
}: let
cfg = config.youthlic.programs.dae;
in
{
in {
options = {
youthlic.programs.dae = {
enable = lib.mkEnableOption "dae";
@ -30,102 +28,100 @@ in
mode = "0444";
sopsFile = rootPath + "/secrets/general.yaml";
};
systemd.services =
let
update = ''
head="user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36"
new_proxy=/etc/dae/proxy.d.new
num=0
check=1
urls="$(cat ${config.sops.secrets.url.path})"
mkdir -p ''${new_proxy}
for url in ''${urls}; do
txt=''${new_proxy}/''${num}.txt
config="''${new_proxy}/''${num}.dae"
echo \'curl -LH \""''${head}"\" \""''${url}"\" -o \""''${txt}"\"\'
curl -LH "''${head}" "''${url}" -o "''${txt}"
echo End curl
echo "" > ''${config}
{
echo 'subscription {'
echo \ \ wget:\ \"file://proxy.d/''${num}.txt\"
echo "}"
} >> ''${config}
if [[ ! -s ''${txt} ]]; then
check=0
fi
chmod 0640 ''${txt}
chmod 0640 ''${config}
num=$((num+1))
if [[ ''${check} -eq 0 ]]; then
echo "''${txt}" is empty
exit 103
fi
done
if [[ -d /etc/dae/proxy.d ]]; then
rm -rf /etc/proxy.d.old
mv /etc/dae/proxy.d /etc/dae/proxy.d.old
systemd.services = let
update = ''
head="user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36"
new_proxy=/etc/dae/proxy.d.new
num=0
check=1
urls="$(cat ${config.sops.secrets.url.path})"
mkdir -p ''${new_proxy}
for url in ''${urls}; do
txt=''${new_proxy}/''${num}.txt
config="''${new_proxy}/''${num}.dae"
echo \'curl -LH \""''${head}"\" \""''${url}"\" -o \""''${txt}"\"\'
curl -LH "''${head}" "''${url}" -o "''${txt}"
echo End curl
echo "" > ''${config}
{
echo 'subscription {'
echo \ \ wget:\ \"file://proxy.d/''${num}.txt\"
echo "}"
} >> ''${config}
if [[ ! -s ''${txt} ]]; then
check=0
fi
mv ''${new_proxy} /etc/dae/proxy.d
'';
updateScript = pkgs.writeShellApplication {
name = "update.sh";
runtimeInputs = with pkgs; [
coreutils
curl
];
text = ''
mkdir -p /etc/proxy.d
if [ -z "$(ls -A /etc/dae/proxy.d 2>/dev/null)" ]; then
echo "No subscription file found in /etc/dae/proxy.d. Update now..."
${update}
else
echo "Found existing subscription files. Skipping immediate update."
fi
'';
};
updateForceScript = pkgs.writeShellApplication {
name = "update-force.sh";
runtimeInputs = with pkgs; [
coreutils
curl
];
text = ''
chmod 0640 ''${txt}
chmod 0640 ''${config}
num=$((num+1))
if [[ ''${check} -eq 0 ]]; then
echo "''${txt}" is empty
exit 103
fi
done
if [[ -d /etc/dae/proxy.d ]]; then
rm -rf /etc/proxy.d.old
mv /etc/dae/proxy.d /etc/dae/proxy.d.old
fi
mv ''${new_proxy} /etc/dae/proxy.d
'';
updateScript = pkgs.writeShellApplication {
name = "update.sh";
runtimeInputs = with pkgs; [
coreutils
curl
];
text = ''
mkdir -p /etc/proxy.d
if [ -z "$(ls -A /etc/dae/proxy.d 2>/dev/null)" ]; then
echo "No subscription file found in /etc/dae/proxy.d. Update now..."
${update}
'';
else
echo "Found existing subscription files. Skipping immediate update."
fi
'';
};
updateForceScript = pkgs.writeShellApplication {
name = "update-force.sh";
runtimeInputs = with pkgs; [
coreutils
curl
];
text = ''
${update}
'';
};
in {
"update-dae-subscription-immediate" = {
after = ["network-online.target"];
wants = ["network-online.target"];
before = ["dae.service"];
serviceConfig = {
Type = "oneshot";
User = "root";
ExecStart = [
"${updateScript}/bin/update.sh"
];
};
in
{
"update-dae-subscription-immediate" = {
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
before = [ "dae.service" ];
serviceConfig = {
Type = "oneshot";
User = "root";
ExecStart = [
"${updateScript}/bin/update.sh"
];
};
wantedBy = [ "multi-user.target" ];
};
"update-dae-subscription-force" = {
serviceConfig = {
Type = "oneshot";
User = "root";
ExecStartPre = [
"-${pkgs.systemd}/bin/systemctl stop dae.service"
];
ExecStartPost = [
"-${pkgs.systemd}/bin/systemctl start dae.service"
];
ExecStart = [
"${updateForceScript}/bin/update-force.sh"
];
};
wantedBy = ["multi-user.target"];
};
"update-dae-subscription-force" = {
serviceConfig = {
Type = "oneshot";
User = "root";
ExecStartPre = [
"-${pkgs.systemd}/bin/systemctl stop dae.service"
];
ExecStartPost = [
"-${pkgs.systemd}/bin/systemctl start dae.service"
];
ExecStart = [
"${updateForceScript}/bin/update-force.sh"
];
};
};
};
})
(lib.mkIf (cfg.enable && config.youthlic.programs.juicity.client.enable) {
environment.etc."dae/local.d/0.dae" = {

5
nixos/modules/programs/default.nix
View file

@ -1,5 +1,8 @@
{ config, lib, ... }:
{
config,
lib,
...
}: {
imports = [
./transfer-sh.nix
./rustypaste

22
nixos/modules/programs/forgejo.nix
View file

@ -3,11 +3,9 @@
config,
lib,
...
}:
let
}: let
cfg = config.youthlic.programs.forgejo;
in
{
in {
options = {
youthlic.programs.forgejo = {
enable = lib.mkEnableOption "forgejo";
@ -92,15 +90,15 @@ in
let
caddy-cfg = config.youthlic.programs.caddy;
in
lib.mkIf (cfg.enable && caddy-cfg.enable) {
services.caddy.virtualHosts = {
"forgejo.${caddy-cfg.baseDomain}" = {
extraConfig = ''
reverse_proxy 127.0.0.1:${cfg.httpPort}
'';
lib.mkIf (cfg.enable && caddy-cfg.enable) {
services.caddy.virtualHosts = {
"forgejo.${caddy-cfg.baseDomain}" = {
extraConfig = ''
reverse_proxy 127.0.0.1:${cfg.httpPort}
'';
};
};
};
}
}
)
];
}

10
nixos/modules/programs/guix.nix
View file

@ -1,8 +1,10 @@
{ lib, config, ... }:
let
cfg = config.youthlic.programs.guix;
in
{
lib,
config,
...
}: let
cfg = config.youthlic.programs.guix;
in {
options = {
youthlic.programs.guix = {
enable = lib.mkEnableOption "guix";

20
nixos/modules/programs/juicity/default.nix
View file

@ -3,11 +3,9 @@
lib,
config,
...
}:
let
}: let
cfg = config.youthlic.programs.juicity;
in
{
in {
imports = [
./template.nix
];
@ -23,12 +21,12 @@ in
};
config = lib.mkMerge [
(lib.mkIf cfg.client.enable {
users.groups.juicity.members = [ "root" ];
users.groups.juicity.members = ["root"];
sops = {
secrets = {
"juicity/serverIp" = { };
"juicity/sni" = { };
"juicity/certchainSha256" = { };
"juicity/serverIp" = {};
"juicity/sni" = {};
"juicity/certchainSha256" = {};
};
templates."juicity-client-config.json" = {
group = "juicity";
@ -58,7 +56,7 @@ in
};
})
(lib.mkIf cfg.server.enable {
users.groups.juicity.members = [ "root" ];
users.groups.juicity.members = ["root"];
sops = {
secrets = {
"juicity/certificate" = {
@ -98,8 +96,8 @@ in
})
(lib.mkIf (cfg.server.enable || cfg.client.enable) {
sops.secrets = {
"juicity/uuid" = { };
"juicity/password" = { };
"juicity/uuid" = {};
"juicity/password" = {};
};
})
];

34
nixos/modules/programs/juicity/template.nix
View file

@ -3,27 +3,23 @@
lib,
pkgs,
...
}:
let
}: let
cfg = config.services.juicity;
settingsFormat = pkgs.formats.json { };
settingsFormat = pkgs.formats.json {};
clientConfigFile =
if (cfg.client.configFile != null) then
cfg.client.configFile
else
settingsFormat cfg.client.settings;
if (cfg.client.configFile != null)
then cfg.client.configFile
else settingsFormat cfg.client.settings;
serverConfigFile =
if (cfg.server.configFile != null) then
cfg.server.configFile
else
settingsFormat cfg.server.settings;
in
{
if (cfg.server.configFile != null)
then cfg.server.configFile
else settingsFormat cfg.server.settings;
in {
options = {
services.juicity = {
client = {
enable = lib.mkEnableOption "juicity-client";
package = lib.mkPackageOption pkgs "juicity" { };
package = lib.mkPackageOption pkgs "juicity" {};
group = lib.mkOption {
type = lib.types.nullOr lib.types.str;
example = "juicity";
@ -31,7 +27,7 @@ in
};
settings = lib.mkOption {
type = settingsFormat.type;
default = { };
default = {};
example = {
listen = ":1000";
server = "112.32.62.11:23182";
@ -59,7 +55,7 @@ in
};
allowedOpenFirewallPorts = lib.mkOption {
type = lib.types.nullOr (lib.types.listOf lib.types.port);
example = [ 23182 ];
example = [23182];
default = null;
description = ''
the ports should be open
@ -68,7 +64,7 @@ in
};
server = {
enable = lib.mkEnableOption "juicity-server";
package = lib.mkPackageOption pkgs "juicity" { };
package = lib.mkPackageOption pkgs "juicity" {};
group = lib.mkOption {
type = lib.types.nullOr lib.types.str;
example = "juicity";
@ -76,7 +72,7 @@ in
};
settings = lib.mkOption {
type = settingsFormat.type;
default = { };
default = {};
description = ''
Juicity server configuration, for configuration options
see example of [server](https://github.com/juicity/juicity/blob/main/install/example-server.json) on github.
@ -104,7 +100,7 @@ in
};
allowedOpenFirewallPorts = lib.mkOption {
type = lib.types.nullOr (lib.types.listOf lib.types.port);
example = [ 23182 ];
example = [23182];
default = null;
description = ''
the ports should be open

8
nixos/modules/programs/kanata.nix
View file

@ -3,18 +3,16 @@
lib,
pkgs,
...
}:
let
}: let
cfg = config.youthlic.programs.kanata;
in
{
in {
options = {
youthlic.programs.kanata = {
enable = lib.mkEnableOption "kanata";
};
};
config = lib.mkIf cfg.enable {
boot.kernelModules = [ "uinput" ];
boot.kernelModules = ["uinput"];
hardware.uinput.enable = true;
services.kanata = {
enable = true;

8
nixos/modules/programs/kvm.nix
View file

@ -3,11 +3,9 @@
lib,
pkgs,
...
}:
let
}: let
cfg = config.youthlic.programs.kvm;
in
{
in {
options = {
youthlic.programs.kvm = {
enable = lib.mkEnableOption "kvm";
@ -24,7 +22,7 @@ in
programs.virt-manager = {
enable = true;
};
users.groups.libvirtd.members = [ cfg.unixName ];
users.groups.libvirtd.members = [cfg.unixName];
virtualisation = {
libvirtd = {
enable = true;

21
nixos/modules/programs/mautrix-telegram.nix
View file

@ -1,21 +1,22 @@
{ config, lib, ... }:
let
cfg = config.youthlic.programs.mautrix-telegram;
in
{
config,
lib,
...
}: let
cfg = config.youthlic.programs.mautrix-telegram;
in {
options = {
youthlic.programs.mautrix-telegram = {
enable = lib.mkEnableOption "mautrix-telegram";
};
};
config =
let
conduwuit-cfg = config.youthlic.programs.conduwuit;
caddy-cfg = config.youthlic.programs.caddy;
in
config = let
conduwuit-cfg = config.youthlic.programs.conduwuit;
caddy-cfg = config.youthlic.programs.caddy;
in
lib.mkMerge [
(lib.mkIf cfg.enable {
sops.secrets.matrix-telegram-bot = { };
sops.secrets.matrix-telegram-bot = {};
services.mautrix-telegram = {
enable = true;
environmentFile = "${config.sops.secrets.matrix-telegram-bot.path}";

10
nixos/modules/programs/miniflux.nix
View file

@ -1,8 +1,10 @@
{ lib, config, ... }:
let
cfg = config.youthlic.programs.miniflux;
in
{
lib,
config,
...
}: let
cfg = config.youthlic.programs.miniflux;
in {
options = {
youthlic.programs.miniflux = {
enable = lib.mkEnableOption "miniflux";

10
nixos/modules/programs/minio.nix
View file

@ -1,8 +1,10 @@
{ lib, config, ... }:
let
cfg = config.youthlic.programs.minio;
in
{
lib,
config,
...
}: let
cfg = config.youthlic.programs.minio;
in {
options = {
youthlic.programs.minio = {
enable = lib.mkEnableOption "minio";

3
nixos/modules/programs/nh.nix
View file

@ -1,5 +1,4 @@
{ ... }:
{
{...}: {
config = {
programs.nh = {
enable = true;

6
nixos/modules/programs/nix-ld.nix
View file

@ -3,11 +3,9 @@
config,
lib,
...
}:
let
}: let
cfg = config.youthlic.programs.nix-ld;
in
{
in {
options = {
youthlic.programs.nix-ld = {
enable = lib.mkEnableOption "nix-ld";

26
nixos/modules/programs/open-webui.nix
View file

@ -1,8 +1,10 @@
{ config, lib, ... }:
let
cfg = config.youthlic.programs.open-webui;
in
{
config,
lib,
...
}: let
cfg = config.youthlic.programs.open-webui;
in {
options = {
youthlic.programs.open-webui = {
enable = lib.mkEnableOption "open-webui";
@ -23,15 +25,15 @@ in
let
caddy-cfg = config.youthlic.programs.caddy;
in
lib.mkIf (cfg.enable && caddy-cfg.enable) {
services.caddy.virtualHosts = {
"open-webui.${caddy-cfg.baseDomain}" = {
extraConfig = ''
reverse_proxy 127.0.0.1:8083
'';
lib.mkIf (cfg.enable && caddy-cfg.enable) {
services.caddy.virtualHosts = {
"open-webui.${caddy-cfg.baseDomain}" = {
extraConfig = ''
reverse_proxy 127.0.0.1:8083
'';
};
};
};
}
}
)
];
}

12
nixos/modules/programs/openssh.nix
View file

@ -1,8 +1,10 @@
{ config, lib, ... }:
let
cfg = config.youthlic.programs.openssh;
in
{
config,
lib,
...
}: let
cfg = config.youthlic.programs.openssh;
in {
options = {
youthlic.programs.openssh = {
enable = lib.mkEnableOption "openssh";
@ -42,7 +44,7 @@ in
"diffie-hellman-group-exchange-sha256"
];
};
ports = [ 3022 ];
ports = [3022];
};
};
}

10
nixos/modules/programs/owncast.nix
View file

@ -1,8 +1,10 @@
{ lib, config, ... }:
let
cfg = config.youthlic.programs.owncast;
in
{
lib,
config,
...
}: let
cfg = config.youthlic.programs.owncast;
in {
options = {
youthlic.programs.owncast = {
enable = lib.mkEnableOption "owncast";

8
nixos/modules/programs/postgresql.nix
View file

@ -3,11 +3,9 @@
config,
lib,
...
}:
let
}: let
cfg = config.youthlic.programs.postgresql;
in
{
in {
options = {
youthlic.programs.postgresql = {
enable = lib.mkEnableOption "postgresql";
@ -29,7 +27,7 @@ in
# default socket: /var/lib/postgresql
services.postgresql = {
enable = true;
ensureDatabases = [ cfg.database ];
ensureDatabases = [cfg.database];
ensureUsers = [
{
name = "${cfg.database}";

10
nixos/modules/programs/rustypaste/default.nix
View file

@ -1,8 +1,10 @@
{ lib, config, ... }:
let
cfg = config.youthlic.programs.rustypaste;
in
{
lib,
config,
...
}: let
cfg = config.youthlic.programs.rustypaste;
in {
imports = [
./template.nix
];

18
nixos/modules/programs/rustypaste/template.nix
View file

@ -3,20 +3,18 @@
lib,
config,
...
}:
let
}: let
cfg = config.services.rustypaste;
settingsFormat = pkgs.formats.toml { };
settingsFormat = pkgs.formats.toml {};
configFile = settingsFormat.generate "rustypaste-config.toml" cfg.settings;
in
{
in {
options = {
services.rustypaste = {
enable = lib.mkEnableOption "rustypaste";
package = lib.mkPackageOption pkgs "rustypaste" { };
package = lib.mkPackageOption pkgs "rustypaste" {};
settings = lib.mkOption {
type = settingsFormat.type;
default = { };
default = {};
description = ''
Rustypaste configuration
'';
@ -63,7 +61,7 @@ in
isSystemUser = true;
};
groups = lib.optionalAttrs (cfg.group == "rustypaste") {
rustypaste = { };
rustypaste = {};
};
};
systemd.services.rustypaste = {
@ -88,8 +86,8 @@ in
Type = "simple";
Restart = "on-failure";
Home = "/var/lib/rustypaste";
ReadWritePaths = [ "/var/lib/rustypaste" ];
StateDirectory = [ "rustypaste" ];
ReadWritePaths = ["/var/lib/rustypaste"];
StateDirectory = ["rustypaste"];
ExecStart = ''
${lib.getExe cfg.package}
'';

6
nixos/modules/programs/steam.nix
View file

@ -3,11 +3,9 @@
lib,
config,
...
}:
let
}: let
cfg = config.youthlic.programs.steam;
in
{
in {
options = {
youthlic.programs.steam = {
enable = lib.mkEnableOption "steam";

10
nixos/modules/programs/tailscale.nix
View file

@ -1,8 +1,10 @@
{ config, lib, ... }:
let
cfg = config.youthlic.programs.tailscale;
in
{
config,
lib,
...
}: let
cfg = config.youthlic.programs.tailscale;
in {
options = {
youthlic.programs.tailscale = {
enable = lib.mkEnableOption "tailscale";

10
nixos/modules/programs/transfer-sh.nix
View file

@ -1,8 +1,10 @@
{ lib, config, ... }:
let
cfg = config.youthlic.programs.transfer-sh;
in
{
lib,
config,
...
}: let
cfg = config.youthlic.programs.transfer-sh;
in {
options = {
youthlic.programs.transfer-sh = {
enable = lib.mkEnableOption "transfer.sh";

32
nixos/modules/programs/transmission.nix
View file

@ -5,11 +5,9 @@
inputs,
rootPath,
...
}:
let
}: let
cfg = config.youthlic.programs.transmission;
in
{
in {
options = {
youthlic.programs.transmission = {
enable = lib.mkEnableOption "transmission";
@ -43,21 +41,21 @@ in
let
caddy-cfg = config.youthlic.programs.caddy;
in
lib.mkIf (cfg.enable && caddy-cfg.enable) {
services.transmission = {
openRPCPort = lib.mkForce false;
settings = {
rpc-bind-address = lib.mkForce "127.0.0.1";
lib.mkIf (cfg.enable && caddy-cfg.enable) {
services.transmission = {
openRPCPort = lib.mkForce false;
settings = {
rpc-bind-address = lib.mkForce "127.0.0.1";
};
};
};
services.caddy.virtualHosts = {
"transmission.${caddy-cfg.baseDomain}" = {
extraConfig = ''
reverse_proxy 127.0.0.1:9091
'';
services.caddy.virtualHosts = {
"transmission.${caddy-cfg.baseDomain}" = {
extraConfig = ''
reverse_proxy 127.0.0.1:9091
'';
};
};
};
}
}
)
];
}

5
nixos/modules/sops.nix
View file

@ -2,13 +2,12 @@
rootPath,
config,
...
}:
{
}: {
config = {
sops.defaultSopsFile = rootPath + "/secrets/general.yaml";
sops.age = {
keyFile = "/var/sops/key.txt";
sshKeyPaths = [ ];
sshKeyPaths = [];
generateKey = false;
};
};