diff --git a/flake.nix b/flake.nix index 60e2903..f54ab01 100644 --- a/flake.nix +++ b/flake.nix @@ -27,7 +27,8 @@ poonam.url = "git+ssh://gitea@git.sealight.xyz/aynish/kitaab?ref=main"; poonam.inputs.nixpkgs.follows = "nixpkgs"; basant.url = "git+ssh://gitea@git.sealight.xyz/aynish/basant?ref=main"; - vimwikicli.url = "git+ssh://gitea@git.sealight.xyz/aynish/vimwiki-cli?ref=main"; + vimwikicli.url = + "git+ssh://gitea@git.sealight.xyz/aynish/vimwiki-cli?ref=main"; basant.inputs.nixpkgs.follows = "nixpkgs"; basant.inputs.poonam.follows = "poonam"; vimwikicli.inputs.nixpkgs.follows = "nixpkgs"; @@ -54,24 +55,9 @@ # muneem.inputs.nixpkgs.follows = "nixpkgs"; }; - outputs = - { self - , nixpkgs - , unstable - , nixos-hardware - , home-manager - , deploy-rs - , agenix - , disko - , basant - , grasp - , nix-matrix-appservices - , nur - , tidalcycles - , rust-overlay - , vimwikicli - , ... - }@inputs: + outputs = { self, nixpkgs, unstable, nixos-hardware, home-manager, deploy-rs + , agenix, disko, basant, grasp, nix-matrix-appservices, nur, tidalcycles + , rust-overlay, vimwikicli, ... }@inputs: let forAllSystems = nixpkgs.lib.genAttrs [ "aarch64-linux" @@ -89,59 +75,59 @@ vimwiki-cli = vimwikicli.packages.${prev.system}.vimwiki-cli; }; - nixpkgsFor = forAllSystems (system: import nixpkgs { - inherit system; - config.allowUnfreePredicate = pkg: builtins.elem (nixpkgs.lib.getName pkg) [ - "ripcord" - "vcv-rack" - "SunVox" - "renoise" - ]; - # config.permittedInsecurePackages = [ - # "python3.10-django-3.1.14" # Needed for archivebox deployments on curve - # # Check when archive box updates it's dependeny - # ]; - overlays = [ - rust-overlay.overlays.default - tidalcycles.overlays.default - agenix.overlays.default - nur.overlay - nix-matrix-appservices.overlay - unstableOverlay - vimwikiOverlay - self.overlays.additions - self.overlays.modifications - ]; - }); + nixpkgsFor = forAllSystems (system: + import nixpkgs { + inherit system; + config.allowUnfreePredicate = pkg: + builtins.elem (nixpkgs.lib.getName pkg) [ + "ripcord" + "vcv-rack" + "SunVox" + "renoise" + ]; + # config.permittedInsecurePackages = [ + # "python3.10-django-3.1.14" # Needed for archivebox deployments on curve + # # Check when archive box updates it's dependeny + # ]; + overlays = [ + rust-overlay.overlays.default + tidalcycles.overlays.default + agenix.overlays.default + nur.overlay + nix-matrix-appservices.overlay + unstableOverlay + vimwikiOverlay + self.overlays.additions + self.overlays.modifications + ]; + }); # for when space matters - litePkgsFor = forAllSystems (system: import nixpkgs { - inherit system; - # config.permittedInsecurePackages = [ - # "forgejo-1.19.4-0" # Needed for archivebox deployments on curve - # # Check when archive box updates it's dependeny - # ]; - overlays = [ - agenix.overlays.default - self.overlays.additions - self.overlays.modifications - tidalcycles.overlays.default # needed for nvim which comes pre-installed lol - ]; - }); - in - { + litePkgsFor = forAllSystems (system: + import nixpkgs { + inherit system; + # config.permittedInsecurePackages = [ + # "forgejo-1.19.4-0" # Needed for archivebox deployments on curve + # # Check when archive box updates it's dependeny + # ]; + overlays = [ + agenix.overlays.default + self.overlays.additions + self.overlays.modifications + tidalcycles.overlays.default # needed for nvim which comes pre-installed lol + ]; + }); + in { # Your custom packages # Acessible through 'nix build', 'nix shell', etc packages = forAllSystems (system: let pkgs = nixpkgsFor.${system}; - in import ./pkgs { pkgs = pkgs; } - ); + in import ./pkgs { pkgs = pkgs; }); # Devshell for bootstrapping # Acessible through 'nix develop' or 'nix-shell' (legacy) devShells = forAllSystems (system: let pkgs = nixpkgsFor.${system}; - in import ./shell.nix { pkgs = pkgs; } - ); + in import ./shell.nix { pkgs = pkgs; }); # Your custom packages and modifications, exported as overlays overlays = import ./overlays; @@ -233,7 +219,7 @@ nix.registry.nixpkgs.flake = nixpkgs; home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; - home-manager.users.anish = import ./home/core; + home-manager.users.anish = import ./home/dev; } ]; }; @@ -243,12 +229,10 @@ # Available through 'home-manager --flake .#your-username@your-hostname' homeConfigurations = { "anish@work" = home-manager.lib.homeManagerConfiguration { - pkgs = nixpkgsFor."x86_64-linux"; # Home-manager requires 'pkgs' instance + pkgs = + nixpkgsFor."x86_64-linux"; # Home-manager requires 'pkgs' instance extraSpecialArgs = { inherit inputs; }; - modules = [ - ./home/core.nix - ./home/profiles/firefox - ]; + modules = [ ./home/core.nix ./home/profiles/firefox ]; }; }; @@ -260,7 +244,8 @@ remoteBuild = true; profiles.system = { user = "root"; - path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.box; + path = deploy-rs.lib.x86_64-linux.activate.nixos + self.nixosConfigurations.box; }; }; lituus = { @@ -268,7 +253,8 @@ # autoRollback = false; profiles.system = { user = "root"; - path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.lituus; + path = deploy-rs.lib.x86_64-linux.activate.nixos + self.nixosConfigurations.lituus; }; }; helix = { @@ -277,11 +263,13 @@ magicRollback = false; profiles.system = { user = "root"; - path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.helix; + path = deploy-rs.lib.x86_64-linux.activate.nixos + self.nixosConfigurations.helix; }; }; }; - checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib; + checks = builtins.mapAttrs + (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib; }; } diff --git a/home/dev/default.nix b/home/dev/default.nix new file mode 100644 index 0000000..b5afc17 --- /dev/null +++ b/home/dev/default.nix @@ -0,0 +1,5 @@ +{ self, pkgs, ... }: { + imports = + [ ../profiles/cli ../profiles/nvim ../profiles/direnv ../profiles/git ]; + home.stateVersion = "22.05"; +} diff --git a/hosts/box/default.nix b/hosts/box/default.nix index 65bb691..95b9eba 100644 --- a/hosts/box/default.nix +++ b/hosts/box/default.nix @@ -1,5 +1,4 @@ -{ self, pkgs, ... }: -{ +{ self, pkgs, ... }: { imports = [ ./configuration.nix ../profiles/core @@ -48,7 +47,7 @@ "/data/books" # calibre-web # "/home/anish/usr/nonfiction" # syncthing "/home/anish/usr/finance" # beancount - "/mnt/two/postgres" # sealight postgres backups TODO remove once moved to capsul + "/mnt/two/postgres" # sealight postgres backups TODO remove once moved to capsul ]; # seafile }; @@ -72,6 +71,18 @@ }; }; + services.nginx.virtualHosts."mast.mossnet.lan" = { + enableACME = false; + forceSSL = false; + + locations."/" = { + extraConfig = '' + proxy_pass http://localhost:5731/; + proxy_set_header X-Forwarded-Host $host; + ''; + }; + }; + age.secrets.box-wg.file = "${self}/secrets/box-wg.age"; age.secrets.box-wg.owner = "anish"; age.secrets.borg-key.file = "${self}/secrets/borg-key.age"; diff --git a/hosts/profiles/dns/default.nix b/hosts/profiles/dns/default.nix index 3872f14..1496014 100644 --- a/hosts/profiles/dns/default.nix +++ b/hosts/profiles/dns/default.nix @@ -3,13 +3,12 @@ let adblockLocalZones = pkgs.stdenv.mkDerivation { name = "unbound-zones-adblock"; - src = (pkgs.fetchFromGitHub - { - owner = "StevenBlack"; - repo = "hosts"; - rev = "3.12.21"; - sha256 = "Yzr6PY/zqQE+AHH0J6ioHTsgkikM+dz4aelbGpQJa1s="; - } + "/hosts"); + src = (pkgs.fetchFromGitHub { + owner = "StevenBlack"; + repo = "hosts"; + rev = "3.12.21"; + sha256 = "Yzr6PY/zqQE+AHH0J6ioHTsgkikM+dz4aelbGpQJa1s="; + } + "/hosts"); phases = [ "installPhase" ]; @@ -19,7 +18,7 @@ let }; mossnet = "192.168.1.240"; # The local lan-ip for box - wg-mossnet = "10.0.69.4"; # The wireguard ip for box + wg-mossnet = "10.0.69.4"; # The wireguard ip for box mossnet-hosts = [ "mossnet.lan" "headphones.mossnet.lan" @@ -40,10 +39,10 @@ let "grasp.mossnet.lan" "photos.mossnet.lan" "pod.mossnet.lan" + "mast.mossnet.lan" ]; -in -{ +in { services.unbound = { enable = true; settings = { @@ -55,7 +54,8 @@ in cache-min-ttl = 0; serve-expired = "yes"; interface = [ "0.0.0.0" ]; - access-control = [ "127.0.0.0/8 allow" "192.168.1.0/24 allow" "10.0.69.0/24 allow" ]; + access-control = + [ "127.0.0.0/8 allow" "192.168.1.0/24 allow" "10.0.69.0/24 allow" ]; access-control-view = "10.0.69.0/24 wireguard"; # so-reuseport = "yes"; tls-upstream = "yes"; @@ -65,7 +65,10 @@ in }; forward-zone = [{ name = "."; - forward-addr = [ "45.90.28.0#6939b9.dns.nextdns.io" "1.1.1.1@853#cloudflare-dns.com" ]; + forward-addr = [ + "45.90.28.0#6939b9.dns.nextdns.io" + "1.1.1.1@853#cloudflare-dns.com" + ]; # non-tls # forward-addr = ["45.90.30.49" "45.90.28.49" "1.1.1.1" "8.8.8.8"] }];