From 0b89e192b19d21b601bb85c2f6b9ae15b64e60b5 Mon Sep 17 00:00:00 2001 From: Guanran Wang Date: Sun, 25 Aug 2024 23:02:35 +0800 Subject: [PATCH] treewide: alejandra -> nixfmt-rfc-style --- flake.lock | 8 +- flake.nix | 55 +++++---- home/applications/atuin/default.nix | 23 +++- home/applications/bash/default.nix | 3 +- home/applications/fcitx5/default.nix | 10 +- home/applications/firefox/default.nix | 7 +- home/applications/fish/default.nix | 3 +- home/applications/git/default.nix | 3 +- home/applications/go/default.nix | 3 +- home/applications/gpg/default.nix | 3 +- home/applications/i3status-rust/default.nix | 8 +- home/applications/mpv/default.nix | 126 +++++++++++--------- home/applications/nautilus/default.nix | 5 +- home/applications/neovim/default.nix | 3 +- home/applications/nix/default.nix | 4 +- home/applications/ssh/default.nix | 17 +-- home/applications/starship/default.nix | 3 +- home/applications/sway/default.nix | 34 +++--- home/applications/swayidle/default.nix | 59 ++++----- home/applications/swaylock/default.nix | 3 +- home/applications/thunderbird/default.nix | 13 +- home/applications/tmux/default.nix | 5 +- home/applications/ydict/default.nix | 5 +- home/default.nix | 35 +++--- hosts/blacksteel/anti-feature.nix | 9 +- hosts/blacksteel/default.nix | 23 ++-- hosts/blacksteel/hardware-configuration.nix | 22 +++- hosts/blacksteel/services/mastodon.nix | 5 +- hosts/blacksteel/services/matrix.nix | 21 ++-- hosts/blacksteel/services/minecraft.nix | 3 +- hosts/blacksteel/services/qbittorrent.nix | 3 +- hosts/dust/anti-feature.nix | 9 +- hosts/dust/default.nix | 21 ++-- hosts/dust/disko.nix | 13 +- hosts/dust/hardware-configuration.nix | 19 ++- hosts/dust/home/default.nix | 3 +- hosts/dust/home/theme.nix | 3 +- hosts/dust/home/xdg-mime.nix | 17 +-- hosts/dust/impermanence.nix | 5 +- hosts/dust/lanzaboote.nix | 5 +- hosts/tyo0/anti-feature.nix | 14 ++- hosts/tyo0/default.nix | 31 +++-- hosts/tyo0/services/forgejo.nix | 3 +- hosts/tyo0/services/hysteria.nix | 3 +- hosts/tyo0/services/keycloak.nix | 3 +- hosts/tyo0/services/miniflux.nix | 3 +- hosts/tyo0/services/ntfy.nix | 2 +- hosts/tyo0/services/pixivfe.nix | 5 +- hosts/tyo0/services/searx.nix | 3 +- hosts/tyo0/services/vaultwarden.nix | 3 +- nixos/modules/default.nix | 3 +- nixos/modules/services/hysteria.nix | 37 ++++-- nixos/modules/services/pixivfe.nix | 49 ++++---- nixos/profiles/core/default.nix | 17 +-- nixos/profiles/core/networking.nix | 2 +- nixos/profiles/core/nix.nix | 9 +- nixos/profiles/core/zram.nix | 3 +- nixos/profiles/server/default.nix | 6 +- nixos/profiles/sing-box/default.nix | 19 +-- nixos/profiles/wireless/default.nix | 5 +- overlays/default.nix | 65 +++++----- pkgs/default.nix | 8 +- pkgs/pixivfe.nix | 4 +- treefmt.nix | 2 +- 64 files changed, 541 insertions(+), 377 deletions(-) diff --git a/flake.lock b/flake.lock index d90d9fe..936cf09 100644 --- a/flake.lock +++ b/flake.lock @@ -201,11 +201,11 @@ ] }, "locked": { - "lastModified": 1722181846, - "narHash": "sha256-/yyqi39qr7Z+Bkv8gVVqB5q/gu1cLna3TtzbADLzEbc=", + "lastModified": 1724599287, + "narHash": "sha256-M4OllWFNDcvgY2rgx/9uWn9jpunSb2CzmqPDcuS27SQ=", "ref": "refs/heads/master", - "rev": "214725ef364950e5b086f0cd3f7978f38655a58b", - "revCount": 70, + "rev": "a2f4145923cbbabb63e7749a49c86052a17389f7", + "revCount": 72, "type": "git", "url": "https://git.ny4.dev/nyancat/nvim" }, diff --git a/flake.nix b/flake.nix index 29f82b0..c8dc615 100644 --- a/flake.nix +++ b/flake.nix @@ -83,28 +83,33 @@ }; }; - outputs = inputs: - inputs.flake-utils.lib.eachDefaultSystem (system: let - pkgs = inputs.nixpkgs.legacyPackages.${system}; - treefmtEval = inputs.treefmt-nix.lib.evalModule pkgs ./treefmt.nix; - in { - ### nix fmt - formatter = treefmtEval.config.build.wrapper; + outputs = + inputs: + inputs.flake-utils.lib.eachDefaultSystem ( + system: + let + pkgs = inputs.nixpkgs.legacyPackages.${system}; + treefmtEval = inputs.treefmt-nix.lib.evalModule pkgs ./treefmt.nix; + in + { + ### nix fmt + formatter = treefmtEval.config.build.wrapper; - ### nix flake check - checks.formatting = treefmtEval.config.build.check inputs.self; + ### nix flake check + checks.formatting = treefmtEval.config.build.check inputs.self; - ### nix {run,shell,build} - legacyPackages = import ./pkgs pkgs; + ### nix {run,shell,build} + legacyPackages = import ./pkgs pkgs; - ### nix develop - devShells.default = pkgs.mkShell { - packages = with pkgs; [ - colmena - sops - ]; - }; - }) + ### nix develop + devShells.default = pkgs.mkShell { + packages = with pkgs; [ + colmena + sops + ]; + }; + } + ) // { ### imports = []; nixosModules.default = ./nixos/modules; @@ -120,12 +125,16 @@ ./nixos/profiles/core ./hosts/dust ]; - specialArgs = {inherit inputs;}; + specialArgs = { + inherit inputs; + }; }; colmena = { meta = { - specialArgs = {inherit inputs;}; + specialArgs = { + inherit inputs; + }; nixpkgs = import inputs.nixpkgs { system = "x86_64-linux"; # How does this work? }; @@ -137,12 +146,12 @@ ]; "tyo0" = { - imports = [./hosts/tyo0]; + imports = [ ./hosts/tyo0 ]; deployment.targetHost = "tyo0.ny4.dev"; }; "blacksteel" = { - imports = [./hosts/blacksteel]; + imports = [ ./hosts/blacksteel ]; deployment.targetHost = "blacksteel"; # thru tailscale }; }; diff --git a/home/applications/atuin/default.nix b/home/applications/atuin/default.nix index 49afc05..b2a77db 100644 --- a/home/applications/atuin/default.nix +++ b/home/applications/atuin/default.nix @@ -1,7 +1,7 @@ { programs.atuin = { enable = true; - flags = ["--disable-up-arrow"]; + flags = [ "--disable-up-arrow" ]; settings = { style = "compact"; show_help = false; @@ -9,9 +9,26 @@ stats = { common_subcommands = - ["nix" "nom" "nh" "podman" "docker" "atuin" "hugo" "adb"] + [ + "nix" + "nom" + "nh" + "podman" + "docker" + "atuin" + "hugo" + "adb" + ] # default - ++ ["cargo" "go" "git" "npm" "yarn" "pnpm" "kubectl"]; + ++ [ + "cargo" + "go" + "git" + "npm" + "yarn" + "pnpm" + "kubectl" + ]; }; }; }; diff --git a/home/applications/bash/default.nix b/home/applications/bash/default.nix index 7dd196a..34e7d4f 100644 --- a/home/applications/bash/default.nix +++ b/home/applications/bash/default.nix @@ -1,4 +1,5 @@ -{config, ...}: { +{ config, ... }: +{ programs.bash = { enable = true; historyFile = "${config.xdg.configHome}/bash/.bash_history"; diff --git a/home/applications/fcitx5/default.nix b/home/applications/fcitx5/default.nix index c44e609..e510982 100644 --- a/home/applications/fcitx5/default.nix +++ b/home/applications/fcitx5/default.nix @@ -2,7 +2,8 @@ lib, pkgs, ... -}: let +}: +let package = pkgs.qt6Packages.fcitx5-with-addons.override { addons = with pkgs; [ qt6Packages.fcitx5-chinese-addons @@ -11,16 +12,17 @@ fcitx5-pinyin-zhwiki ]; }; -in { +in +{ home.packages = [ package ]; systemd.user.services.fcitx5-daemon = { Unit.Description = "Fcitx5 input method editor"; - Unit.PartOf = ["graphical-session.target"]; + Unit.PartOf = [ "graphical-session.target" ]; Service.ExecStart = lib.getExe' package "fcitx5"; - Install.WantedBy = ["graphical-session.target"]; + Install.WantedBy = [ "graphical-session.target" ]; }; xdg.configFile."fcitx5/conf/classicui.conf".text = '' diff --git a/home/applications/firefox/default.nix b/home/applications/firefox/default.nix index 7075e24..798790e 100644 --- a/home/applications/firefox/default.nix +++ b/home/applications/firefox/default.nix @@ -1,16 +1,17 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ programs.firefox = { enable = true; package = pkgs.firefox.override { extraPrefsFiles = [ "${pkgs.arkenfox-userjs}/user.cfg" - (pkgs.runCommandLocal "userjs" {} '' + (pkgs.runCommandLocal "userjs" { } '' install -Dm644 ${./user-overrides.js} $out substituteInPlace $out \ --replace-fail "user_pref" "defaultPref" '') ]; }; - profiles."default" = {}; + profiles."default" = { }; }; } diff --git a/home/applications/fish/default.nix b/home/applications/fish/default.nix index e98da7d..0c95e11 100644 --- a/home/applications/fish/default.nix +++ b/home/applications/fish/default.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ programs.fish = { enable = true; interactiveShellInit = '' diff --git a/home/applications/git/default.nix b/home/applications/git/default.nix index 9122656..95e5ff0 100644 --- a/home/applications/git/default.nix +++ b/home/applications/git/default.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ programs.git = rec { enable = true; package = pkgs.gitFull; # overriding takes forever to compile diff --git a/home/applications/go/default.nix b/home/applications/go/default.nix index b7663fc..2580a00 100644 --- a/home/applications/go/default.nix +++ b/home/applications/go/default.nix @@ -2,7 +2,8 @@ pkgs, config, ... -}: { +}: +{ programs.go.enable = true; home.packages = with pkgs; [ gopls diff --git a/home/applications/gpg/default.nix b/home/applications/gpg/default.nix index 8759f2c..3336549 100644 --- a/home/applications/gpg/default.nix +++ b/home/applications/gpg/default.nix @@ -3,7 +3,8 @@ lib, pkgs, ... -}: { +}: +{ programs.gpg = { enable = true; homedir = "${config.xdg.dataHome}/gnupg"; diff --git a/home/applications/i3status-rust/default.nix b/home/applications/i3status-rust/default.nix index 9175f25..9e3887c 100644 --- a/home/applications/i3status-rust/default.nix +++ b/home/applications/i3status-rust/default.nix @@ -4,10 +4,10 @@ bars.default = { icons = "material-nf"; blocks = [ - {block = "backlight";} - {block = "sound";} - {block = "battery";} - {block = "time";} + { block = "backlight"; } + { block = "sound"; } + { block = "battery"; } + { block = "time"; } ]; }; }; diff --git a/home/applications/mpv/default.nix b/home/applications/mpv/default.nix index 96dba27..b4b66e1 100644 --- a/home/applications/mpv/default.nix +++ b/home/applications/mpv/default.nix @@ -2,7 +2,8 @@ pkgs, lib, ... -}: { +}: +{ programs.mpv = { enable = true; config = { @@ -22,65 +23,72 @@ modernx-zydezu thumbfast ]) - ++ lib.optionals pkgs.stdenv.hostPlatform.isLinux (with pkgs.mpvScripts; [ - mpris - ]); + ++ lib.optionals pkgs.stdenv.hostPlatform.isLinux ( + with pkgs.mpvScripts; + [ + mpris + ] + ); - bindings = let - inherit (pkgs) anime4k; - setShader = message: files: ''no-osd change-list glsl-shaders set "${lib.concatStringsSep ":" files}"; show-text "${message}"''; - in { - "CTRL+1" = setShader "Anime4K: Mode A (Fast)" [ - "${anime4k}/Anime4K_Clamp_Highlights.glsl" - "${anime4k}/Anime4K_Restore_CNN_M.glsl" - "${anime4k}/Anime4K_Upscale_CNN_x2_M.glsl" - "${anime4k}/Anime4K_AutoDownscalePre_x2.glsl" - "${anime4k}/Anime4K_AutoDownscalePre_x4.glsl" - "${anime4k}/Anime4K_Upscale_CNN_x2_S.glsl" - ]; - "CTRL+2" = setShader "Anime4K: Mode B (Fast)" [ - "${anime4k}/Anime4K_Clamp_Highlights.glsl" - "${anime4k}/Anime4K_Restore_CNN_Soft_M.glsl" - "${anime4k}/Anime4K_Upscale_CNN_x2_M.glsl" - "${anime4k}/Anime4K_AutoDownscalePre_x2.glsl" - "${anime4k}/Anime4K_AutoDownscalePre_x4.glsl" - "${anime4k}/Anime4K_Upscale_CNN_x2_S.glsl" - ]; - "CTRL+3" = setShader "Anime4K: Mode C (Fast)" [ - "${anime4k}/Anime4K_Clamp_Highlights.glsl" - "${anime4k}/Anime4K_Upscale_Denoise_CNN_x2_M.glsl" - "${anime4k}/Anime4K_AutoDownscalePre_x2.glsl" - "${anime4k}/Anime4K_AutoDownscalePre_x4.glsl" - "${anime4k}/Anime4K_Upscale_CNN_x2_S.glsl" - ]; - "CTRL+4" = setShader "Anime4K: Mode A+A (Fast)" [ - "${anime4k}/Anime4K_Clamp_Highlights.glsl" - "${anime4k}/Anime4K_Restore_CNN_M.glsl" - "${anime4k}/Anime4K_Upscale_CNN_x2_M.glsl" - "${anime4k}/Anime4K_Restore_CNN_S.glsl" - "${anime4k}/Anime4K_AutoDownscalePre_x2.glsl" - "${anime4k}/Anime4K_AutoDownscalePre_x4.glsl" - "${anime4k}/Anime4K_Upscale_CNN_x2_S.glsl" - ]; - "CTRL+5" = setShader "Anime4K: Mode B+B (Fast)" [ - "${anime4k}/Anime4K_Clamp_Highlights.glsl" - "${anime4k}/Anime4K_Restore_CNN_Soft_M.glsl" - "${anime4k}/Anime4K_Upscale_CNN_x2_M.glsl" - "${anime4k}/Anime4K_AutoDownscalePre_x2.glsl" - "${anime4k}/Anime4K_AutoDownscalePre_x4.glsl" - "${anime4k}/Anime4K_Restore_CNN_Soft_S.glsl" - "${anime4k}/Anime4K_Upscale_CNN_x2_S.glsl" - ]; - "CTRL+6" = setShader "Anime4K: Mode C+A (Fast)" [ - "${anime4k}/Anime4K_Clamp_Highlights.glsl" - "${anime4k}/Anime4K_Upscale_Denoise_CNN_x2_M.glsl" - "${anime4k}/Anime4K_AutoDownscalePre_x2.glsl" - "${anime4k}/Anime4K_AutoDownscalePre_x4.glsl" - "${anime4k}/Anime4K_Restore_CNN_S.glsl" - "${anime4k}/Anime4K_Upscale_CNN_x2_S.glsl" - ]; + bindings = + let + inherit (pkgs) anime4k; + setShader = + message: files: + ''no-osd change-list glsl-shaders set "${lib.concatStringsSep ":" files}"; show-text "${message}"''; + in + { + "CTRL+1" = setShader "Anime4K: Mode A (Fast)" [ + "${anime4k}/Anime4K_Clamp_Highlights.glsl" + "${anime4k}/Anime4K_Restore_CNN_M.glsl" + "${anime4k}/Anime4K_Upscale_CNN_x2_M.glsl" + "${anime4k}/Anime4K_AutoDownscalePre_x2.glsl" + "${anime4k}/Anime4K_AutoDownscalePre_x4.glsl" + "${anime4k}/Anime4K_Upscale_CNN_x2_S.glsl" + ]; + "CTRL+2" = setShader "Anime4K: Mode B (Fast)" [ + "${anime4k}/Anime4K_Clamp_Highlights.glsl" + "${anime4k}/Anime4K_Restore_CNN_Soft_M.glsl" + "${anime4k}/Anime4K_Upscale_CNN_x2_M.glsl" + "${anime4k}/Anime4K_AutoDownscalePre_x2.glsl" + "${anime4k}/Anime4K_AutoDownscalePre_x4.glsl" + "${anime4k}/Anime4K_Upscale_CNN_x2_S.glsl" + ]; + "CTRL+3" = setShader "Anime4K: Mode C (Fast)" [ + "${anime4k}/Anime4K_Clamp_Highlights.glsl" + "${anime4k}/Anime4K_Upscale_Denoise_CNN_x2_M.glsl" + "${anime4k}/Anime4K_AutoDownscalePre_x2.glsl" + "${anime4k}/Anime4K_AutoDownscalePre_x4.glsl" + "${anime4k}/Anime4K_Upscale_CNN_x2_S.glsl" + ]; + "CTRL+4" = setShader "Anime4K: Mode A+A (Fast)" [ + "${anime4k}/Anime4K_Clamp_Highlights.glsl" + "${anime4k}/Anime4K_Restore_CNN_M.glsl" + "${anime4k}/Anime4K_Upscale_CNN_x2_M.glsl" + "${anime4k}/Anime4K_Restore_CNN_S.glsl" + "${anime4k}/Anime4K_AutoDownscalePre_x2.glsl" + "${anime4k}/Anime4K_AutoDownscalePre_x4.glsl" + "${anime4k}/Anime4K_Upscale_CNN_x2_S.glsl" + ]; + "CTRL+5" = setShader "Anime4K: Mode B+B (Fast)" [ + "${anime4k}/Anime4K_Clamp_Highlights.glsl" + "${anime4k}/Anime4K_Restore_CNN_Soft_M.glsl" + "${anime4k}/Anime4K_Upscale_CNN_x2_M.glsl" + "${anime4k}/Anime4K_AutoDownscalePre_x2.glsl" + "${anime4k}/Anime4K_AutoDownscalePre_x4.glsl" + "${anime4k}/Anime4K_Restore_CNN_Soft_S.glsl" + "${anime4k}/Anime4K_Upscale_CNN_x2_S.glsl" + ]; + "CTRL+6" = setShader "Anime4K: Mode C+A (Fast)" [ + "${anime4k}/Anime4K_Clamp_Highlights.glsl" + "${anime4k}/Anime4K_Upscale_Denoise_CNN_x2_M.glsl" + "${anime4k}/Anime4K_AutoDownscalePre_x2.glsl" + "${anime4k}/Anime4K_AutoDownscalePre_x4.glsl" + "${anime4k}/Anime4K_Restore_CNN_S.glsl" + "${anime4k}/Anime4K_Upscale_CNN_x2_S.glsl" + ]; - "CTRL+0" = ''no-osd change-list glsl-shaders clr ""; show-text "GLSL shaders cleared"''; - }; + "CTRL+0" = ''no-osd change-list glsl-shaders clr ""; show-text "GLSL shaders cleared"''; + }; }; } diff --git a/home/applications/nautilus/default.nix b/home/applications/nautilus/default.nix index d3377e2..e54abb4 100644 --- a/home/applications/nautilus/default.nix +++ b/home/applications/nautilus/default.nix @@ -1,5 +1,6 @@ -{pkgs, ...}: { - home.packages = [pkgs.nautilus]; +{ pkgs, ... }: +{ + home.packages = [ pkgs.nautilus ]; dconf.settings = { "org/gnome/nautilus/list-view".default-zoom-level = "small"; "org/gnome/nautilus/preferences".default-folder-viewer = "list-view"; diff --git a/home/applications/neovim/default.nix b/home/applications/neovim/default.nix index ea8665f..278c20b 100644 --- a/home/applications/neovim/default.nix +++ b/home/applications/neovim/default.nix @@ -2,7 +2,8 @@ pkgs, inputs, ... -}: { +}: +{ home.packages = [ (inputs.neovim.packages.${pkgs.stdenv.hostPlatform.system}.default.override { viAlias = true; diff --git a/home/applications/nix/default.nix b/home/applications/nix/default.nix index f1bf1c4..5863baa 100644 --- a/home/applications/nix/default.nix +++ b/home/applications/nix/default.nix @@ -1,6 +1,6 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ home.packages = with pkgs; [ - alejandra colmena deadnix nh diff --git a/home/applications/ssh/default.nix b/home/applications/ssh/default.nix index 754892f..41b4d83 100644 --- a/home/applications/ssh/default.nix +++ b/home/applications/ssh/default.nix @@ -1,11 +1,14 @@ -{config, ...}: { +{ config, ... }: +{ programs.ssh = { enable = true; - matchBlocks = let - inherit (config.home) homeDirectory; - in { - "blacksteel".identityFile = "${homeDirectory}/.ssh/id_github_signing"; - "tyo0.ny4.dev".identityFile = "${homeDirectory}/.ssh/id_github_signing"; - }; + matchBlocks = + let + inherit (config.home) homeDirectory; + in + { + "blacksteel".identityFile = "${homeDirectory}/.ssh/id_github_signing"; + "tyo0.ny4.dev".identityFile = "${homeDirectory}/.ssh/id_github_signing"; + }; }; } diff --git a/home/applications/starship/default.nix b/home/applications/starship/default.nix index 68ca3f1..fcaa6cc 100644 --- a/home/applications/starship/default.nix +++ b/home/applications/starship/default.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ programs.starship = { enable = true; }; diff --git a/home/applications/sway/default.nix b/home/applications/sway/default.nix index f002d28..bc0e5dc 100644 --- a/home/applications/sway/default.nix +++ b/home/applications/sway/default.nix @@ -4,7 +4,8 @@ inputs, pkgs, ... -}: { +}: +{ imports = [ ../i3status-rust ../kanshi @@ -67,9 +68,10 @@ ### Keybinds modifier = "Mod4"; - keybindings = let - inherit (config.wayland.windowManager.sway.config) modifier; - in + keybindings = + let + inherit (config.wayland.windowManager.sway.config) modifier; + in { ### Sway itself # Window @@ -116,17 +118,19 @@ "XF86AudioStop" = "exec ${lib.getExe pkgs.playerctl} stop"; } // - # workspace binds - lib.listToAttrs (lib.concatMap (x: [ - { - name = "${modifier}+${x}"; - value = "workspace ${x}"; - } - { - name = "${modifier}+Shift+${x}"; - value = "move container to workspace ${x}"; - } - ]) (lib.genList (x: toString (x + 1)) 9)); + # workspace binds + lib.listToAttrs ( + lib.concatMap (x: [ + { + name = "${modifier}+${x}"; + value = "workspace ${x}"; + } + { + name = "${modifier}+Shift+${x}"; + value = "move container to workspace ${x}"; + } + ]) (lib.genList (x: toString (x + 1)) 9) + ); }; }; } diff --git a/home/applications/swayidle/default.nix b/home/applications/swayidle/default.nix index 2d868b8..e895422 100644 --- a/home/applications/swayidle/default.nix +++ b/home/applications/swayidle/default.nix @@ -3,36 +3,39 @@ lib, config, ... -}: { +}: +{ imports = [ ../swaylock ]; - services.swayidle = let - lock = lib.getExe config.programs.swaylock.package; - brightness = lib.getExe pkgs.brightnessctl; - in { - enable = true; - timeouts = [ - { - timeout = 60 * 9; - command = "${brightness} -s set 20%"; - resumeCommand = "${brightness} -r"; - } - { - timeout = 60 * 10; - command = "systemctl suspend"; - } - ]; - events = [ - { - event = "lock"; - command = lock; - } - { - event = "before-sleep"; - command = lock; - } - ]; - }; + services.swayidle = + let + lock = lib.getExe config.programs.swaylock.package; + brightness = lib.getExe pkgs.brightnessctl; + in + { + enable = true; + timeouts = [ + { + timeout = 60 * 9; + command = "${brightness} -s set 20%"; + resumeCommand = "${brightness} -r"; + } + { + timeout = 60 * 10; + command = "systemctl suspend"; + } + ]; + events = [ + { + event = "lock"; + command = lock; + } + { + event = "before-sleep"; + command = lock; + } + ]; + }; } diff --git a/home/applications/swaylock/default.nix b/home/applications/swaylock/default.nix index e478d01..a241fe7 100644 --- a/home/applications/swaylock/default.nix +++ b/home/applications/swaylock/default.nix @@ -2,7 +2,8 @@ inputs, pkgs, ... -}: { +}: +{ programs.swaylock = { enable = true; settings = { diff --git a/home/applications/thunderbird/default.nix b/home/applications/thunderbird/default.nix index 1b02c7d..5c85761 100644 --- a/home/applications/thunderbird/default.nix +++ b/home/applications/thunderbird/default.nix @@ -1,14 +1,17 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ programs.thunderbird = { enable = true; package = pkgs.thunderbird-128; profiles.default = { isDefault = true; extraConfig = '' - ${builtins.readFile (builtins.fetchurl { - url = "https://raw.githubusercontent.com/HorlogeSkynet/thunderbird-user.js/824edabe6303d6b85a32fcba96901706ed4c5922/user.js"; - sha256 = "0jg7i39yp21r66azlzk7978qj57rgb8c09d1hccpcw058isgymq6"; - })} + ${builtins.readFile ( + builtins.fetchurl { + url = "https://raw.githubusercontent.com/HorlogeSkynet/thunderbird-user.js/824edabe6303d6b85a32fcba96901706ed4c5922/user.js"; + sha256 = "0jg7i39yp21r66azlzk7978qj57rgb8c09d1hccpcw058isgymq6"; + } + )} ${builtins.readFile ./user-overrides.js} ''; }; diff --git a/home/applications/tmux/default.nix b/home/applications/tmux/default.nix index 1aa03e2..1fb7281 100644 --- a/home/applications/tmux/default.nix +++ b/home/applications/tmux/default.nix @@ -1,5 +1,6 @@ -{pkgs, ...}: { - home.packages = [pkgs.tmux]; +{ pkgs, ... }: +{ + home.packages = [ pkgs.tmux ]; xdg.configFile."tmux/tmux.conf".text = '' run-shell ${pkgs.tmuxPlugins.sensible.rtp} diff --git a/home/applications/ydict/default.nix b/home/applications/ydict/default.nix index dc81a3a..7c2e64a 100644 --- a/home/applications/ydict/default.nix +++ b/home/applications/ydict/default.nix @@ -1,5 +1,6 @@ -{pkgs, ...}: { - home.packages = [pkgs.ydict]; +{ pkgs, ... }: +{ + home.packages = [ pkgs.ydict ]; home.shellAliases = { "yd" = "ydict -c"; }; diff --git a/home/default.nix b/home/default.nix index 38b9d55..bb2e547 100644 --- a/home/default.nix +++ b/home/default.nix @@ -2,7 +2,8 @@ lib, pkgs, ... -}: { +}: +{ home = { username = "guanranwang"; homeDirectory = "/home/guanranwang"; @@ -33,20 +34,22 @@ fd ]; - programs.fish.functions = let - jq = lib.getExe pkgs.jq; - nix = lib.getExe pkgs.nix; - curl = lib.getExe pkgs.curl; - in { - "pb" = '' - ${jq} -Rns '{text: inputs}' | \ - ${curl} -s -H 'Content-Type: application/json' --data-binary @- https://pb.ny4.dev | \ - ${jq} -r '. | "https://pb.ny4.dev\(.path)"' - ''; + programs.fish.functions = + let + jq = lib.getExe pkgs.jq; + nix = lib.getExe pkgs.nix; + curl = lib.getExe pkgs.curl; + in + { + "pb" = '' + ${jq} -Rns '{text: inputs}' | \ + ${curl} -s -H 'Content-Type: application/json' --data-binary @- https://pb.ny4.dev | \ + ${jq} -r '. | "https://pb.ny4.dev\(.path)"' + ''; - "getmnter" = '' - ${nix} eval nixpkgs#{$argv}.meta.maintainers --json | \ - ${jq} '.[].github | "@" + .' -r - ''; - }; + "getmnter" = '' + ${nix} eval nixpkgs#{$argv}.meta.maintainers --json | \ + ${jq} '.[].github | "@" + .' -r + ''; + }; } diff --git a/hosts/blacksteel/anti-feature.nix b/hosts/blacksteel/anti-feature.nix index f8e20ef..ae8def1 100644 --- a/hosts/blacksteel/anti-feature.nix +++ b/hosts/blacksteel/anti-feature.nix @@ -1,7 +1,9 @@ -{lib, ...}: { +{ lib, ... }: +{ nixpkgs.config = { allowNonSource = false; - allowNonSourcePredicate = pkg: + allowNonSourcePredicate = + pkg: lib.elem (lib.getName pkg) [ "adoptopenjdk-hotspot-bin" "cargo-bootstrap" @@ -13,7 +15,8 @@ ]; allowUnfree = false; - allowUnfreePredicate = pkg: + allowUnfreePredicate = + pkg: lib.elem (lib.getName pkg) [ "broadcom-sta" "minecraft-server" diff --git a/hosts/blacksteel/default.nix b/hosts/blacksteel/default.nix index b44232b..4976695 100644 --- a/hosts/blacksteel/default.nix +++ b/hosts/blacksteel/default.nix @@ -3,7 +3,8 @@ config, pkgs, ... -}: { +}: +{ imports = [ # OS ../../nixos/profiles/sing-box @@ -27,24 +28,25 @@ system.stateVersion = "24.05"; ######## Secrets - sops.secrets = lib.mapAttrs (_name: value: value // {sopsFile = ./secrets.yaml;}) { + sops.secrets = lib.mapAttrs (_name: value: value // { sopsFile = ./secrets.yaml; }) { "synapse/secret" = { - restartUnits = ["matrix-synapse.service"]; + restartUnits = [ "matrix-synapse.service" ]; owner = config.systemd.services.matrix-synapse.serviceConfig.User; }; "synapse/oidc" = { - restartUnits = ["matrix-synapse.service"]; + restartUnits = [ "matrix-synapse.service" ]; owner = config.systemd.services.matrix-synapse.serviceConfig.User; }; "syncv3/environment" = { - restartUnits = ["matrix-sliding-sync.service"]; + restartUnits = [ "matrix-sliding-sync.service" ]; }; "mastodon/environment" = { - restartUnits = ["mastodon-web.service"]; + restartUnits = [ "mastodon-web.service" ]; }; "cloudflared/secret" = { - restartUnits = ["cloudflared-tunnel-6222a3e0-98da-4325-be19-0f86a7318a41.service"]; - owner = config.systemd.services."cloudflared-tunnel-6222a3e0-98da-4325-be19-0f86a7318a41".serviceConfig.User; + restartUnits = [ "cloudflared-tunnel-6222a3e0-98da-4325-be19-0f86a7318a41.service" ]; + owner = + config.systemd.services."cloudflared-tunnel-6222a3e0-98da-4325-be19-0f86a7318a41".serviceConfig.User; }; }; @@ -77,7 +79,10 @@ }; systemd.services.caddy.serviceConfig = { - SupplementaryGroups = ["mastodon" "matrix-synapse"]; + SupplementaryGroups = [ + "mastodon" + "matrix-synapse" + ]; }; services.postgresql = { diff --git a/hosts/blacksteel/hardware-configuration.nix b/hosts/blacksteel/hardware-configuration.nix index 05041ce..3aa5270 100644 --- a/hosts/blacksteel/hardware-configuration.nix +++ b/hosts/blacksteel/hardware-configuration.nix @@ -2,7 +2,8 @@ inputs, config, ... -}: { +}: +{ imports = [ inputs.nixpkgs.nixosModules.notDetected inputs.nixos-hardware.nixosModules.apple-macbook-pro @@ -14,9 +15,18 @@ services.thermald.enable = true; - boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"]; - boot.kernelModules = ["kvm-intel" "wl"]; - boot.extraModulePackages = [config.boot.kernelPackages.broadcom_sta]; + boot.initrd.availableKernelModules = [ + "xhci_pci" + "ahci" + "usbhid" + "usb_storage" + "sd_mod" + ]; + boot.kernelModules = [ + "kvm-intel" + "wl" + ]; + boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ]; nixpkgs.hostPlatform = "x86_64-linux"; @@ -26,7 +36,7 @@ "/" = { device = "/dev/disk/by-uuid/ab9b92a9-b67b-43b4-b0d9-9dd59ccd594b"; fsType = "btrfs"; - options = ["subvol=@"]; + options = [ "subvol=@" ]; }; "/boot" = { device = "/dev/disk/by-uuid/E5DE-9C92"; @@ -34,6 +44,6 @@ }; }; swapDevices = [ - {device = "/dev/disk/by-uuid/8a2e90a9-5cc2-40fc-82fe-69ef3cd88e29";} + { device = "/dev/disk/by-uuid/8a2e90a9-5cc2-40fc-82fe-69ef3cd88e29"; } ]; } diff --git a/hosts/blacksteel/services/mastodon.nix b/hosts/blacksteel/services/mastodon.nix index 94e194b..c8e6d69 100644 --- a/hosts/blacksteel/services/mastodon.nix +++ b/hosts/blacksteel/services/mastodon.nix @@ -1,4 +1,5 @@ -{config, ...}: { +{ config, ... }: +{ services.mastodon = { enable = true; localDomain = "ny4.dev"; @@ -30,7 +31,7 @@ systemd.services.mastodon-web = { environment = config.networking.proxy.envVars; - serviceConfig.EnvironmentFile = [config.sops.secrets."mastodon/environment".path]; + serviceConfig.EnvironmentFile = [ config.sops.secrets."mastodon/environment".path ]; }; systemd.services.mastodon-sidekiq-all.environment = config.networking.proxy.envVars; diff --git a/hosts/blacksteel/services/matrix.nix b/hosts/blacksteel/services/matrix.nix index 27326fd..11420e3 100644 --- a/hosts/blacksteel/services/matrix.nix +++ b/hosts/blacksteel/services/matrix.nix @@ -1,9 +1,10 @@ -{config, ...}: { +{ config, ... }: +{ services.matrix-synapse = { enable = true; withJemalloc = true; enableRegistrationScript = false; - extraConfigFiles = [config.sops.secrets."synapse/secret".path]; + extraConfigFiles = [ config.sops.secrets."synapse/secret".path ]; settings = { server_name = "ny4.dev"; public_baseurl = "https://matrix.ny4.dev"; @@ -14,7 +15,10 @@ type = "http"; resources = [ { - names = ["client" "federation"]; + names = [ + "client" + "federation" + ]; compress = true; } ]; @@ -29,7 +33,10 @@ issuer = "https://id.ny4.dev/realms/ny4"; client_id = "synapse"; client_secret_path = config.sops.secrets."synapse/oidc".path; - scopes = ["openid" "profile"]; + scopes = [ + "openid" + "profile" + ]; user_mapping_provider.config = { localpart_template = "{{ user.preferred_username }}"; display_name_template = "{{ user.name }}"; @@ -43,7 +50,7 @@ systemd.services.matrix-synapse = { environment = config.networking.proxy.envVars; - serviceConfig.RuntimeDirectory = ["matrix-synapse"]; + serviceConfig.RuntimeDirectory = [ "matrix-synapse" ]; }; services.matrix-sliding-sync = { @@ -56,7 +63,7 @@ }; systemd.services.matrix-sliding-sync.serviceConfig = { - RuntimeDirectory = ["matrix-sliding-sync"]; - SupplementaryGroups = ["matrix-synapse"]; + RuntimeDirectory = [ "matrix-sliding-sync" ]; + SupplementaryGroups = [ "matrix-synapse" ]; }; } diff --git a/hosts/blacksteel/services/minecraft.nix b/hosts/blacksteel/services/minecraft.nix index 4f1eaae..9e4f2a0 100644 --- a/hosts/blacksteel/services/minecraft.nix +++ b/hosts/blacksteel/services/minecraft.nix @@ -2,7 +2,8 @@ lib, pkgs, ... -}: { +}: +{ services.minecraft-server = { enable = true; eula = true; diff --git a/hosts/blacksteel/services/qbittorrent.nix b/hosts/blacksteel/services/qbittorrent.nix index d1d9251..0be91f2 100644 --- a/hosts/blacksteel/services/qbittorrent.nix +++ b/hosts/blacksteel/services/qbittorrent.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ # TODO: https://github.com/NixOS/nixpkgs/pull/287923 # currently running qbittorrent-nox with tmux :c environment.systemPackages = with pkgs; [ diff --git a/hosts/dust/anti-feature.nix b/hosts/dust/anti-feature.nix index f3f3a34..bad5c98 100644 --- a/hosts/dust/anti-feature.nix +++ b/hosts/dust/anti-feature.nix @@ -1,9 +1,11 @@ -{lib, ...}: { +{ lib, ... }: +{ nixpkgs.config = { allowAliases = false; allowNonSource = false; - allowNonSourcePredicate = pkg: + allowNonSourcePredicate = + pkg: lib.elem (lib.getName pkg) [ "cargo-bootstrap" "cef-binary" @@ -15,7 +17,8 @@ ]; allowUnfree = false; - allowUnfreePredicate = pkg: + allowUnfreePredicate = + pkg: lib.elem (lib.getName pkg) [ "fcitx5-pinyin-minecraft" "fcitx5-pinyin-moegirl" diff --git a/hosts/dust/default.nix b/hosts/dust/default.nix index c8c8fb6..a8bf80b 100644 --- a/hosts/dust/default.nix +++ b/hosts/dust/default.nix @@ -2,7 +2,8 @@ lib, pkgs, ... -}: { +}: +{ imports = [ ../../nixos/profiles/sing-box ../../nixos/profiles/wireless @@ -31,8 +32,8 @@ yubikey-manager ]; - networking.firewall.allowedTCPPorts = [53317]; - networking.firewall.allowedUDPPorts = [53317]; + networking.firewall.allowedTCPPorts = [ 53317 ]; + networking.firewall.allowedUDPPorts = [ 53317 ]; programs.adb.enable = true; programs.localsend.enable = true; @@ -51,13 +52,13 @@ # yubikey services.pcscd.enable = true; - services.udev.packages = [pkgs.yubikey-personalization]; + services.udev.packages = [ pkgs.yubikey-personalization ]; fonts = { enableDefaultPackages = false; packages = with pkgs; [ (nerdfonts.override { - fonts = ["NerdFontsSymbolsOnly"]; + fonts = [ "NerdFontsSymbolsOnly" ]; }) (inter.overrideAttrs { installPhase = '' @@ -139,9 +140,9 @@ security.polkit.enable = true; systemd.user.services.polkit-gnome-authentication-agent-1 = { description = "polkit-gnome-authentication-agent-1"; - wantedBy = ["graphical-session.target"]; - wants = ["graphical-session.target"]; - after = ["graphical-session.target"]; + wantedBy = [ "graphical-session.target" ]; + wants = [ "graphical-session.target" ]; + after = [ "graphical-session.target" ]; serviceConfig = { Type = "simple"; ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1"; @@ -151,11 +152,11 @@ }; }; - security.pam.services.swaylock = {}; + security.pam.services.swaylock = { }; xdg.portal = { enable = true; wlr.enable = true; - extraPortals = [pkgs.xdg-desktop-portal-gtk]; + extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; # https://gitlab.archlinux.org/archlinux/packaging/packages/sway/-/blob/main/sway-portals.conf config."sway" = { default = "gtk"; diff --git a/hosts/dust/disko.nix b/hosts/dust/disko.nix index b1be3a6..d1142ef 100644 --- a/hosts/dust/disko.nix +++ b/hosts/dust/disko.nix @@ -1,11 +1,15 @@ let # compress-force: https://t.me/archlinuxcn_group/3054167 - mountOptions = ["compress-force=zstd" "noatime"]; + mountOptions = [ + "compress-force=zstd" + "noatime" + ]; cryptSettings = { allowDiscards = true; bypassWorkqueues = true; }; -in { +in +{ disko.devices = { disk = { "one" = { @@ -22,7 +26,10 @@ in { type = "filesystem"; format = "vfat"; mountpoint = "/boot"; - mountOptions = ["defaults" "umask=007"]; + mountOptions = [ + "defaults" + "umask=007" + ]; }; }; "cryptroot" = { diff --git a/hosts/dust/hardware-configuration.nix b/hosts/dust/hardware-configuration.nix index 578d22f..af1ea8d 100644 --- a/hosts/dust/hardware-configuration.nix +++ b/hosts/dust/hardware-configuration.nix @@ -1,4 +1,5 @@ -{inputs, ...}: { +{ inputs, ... }: +{ imports = [ inputs.nixpkgs.nixosModules.notDetected inputs.nixos-hardware.nixosModules.lenovo-thinkpad-x1-12th-gen @@ -21,12 +22,18 @@ boot.loader.timeout = 0; boot.loader.efi.canTouchEfiVariables = true; - boot.kernelParams = ["ia32_emulation=0"]; + boot.kernelParams = [ "ia32_emulation=0" ]; - boot.initrd.availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod"]; - boot.initrd.kernelModules = []; - boot.kernelModules = ["kvm-intel"]; - boot.extraModulePackages = []; + boot.initrd.availableKernelModules = [ + "xhci_pci" + "thunderbolt" + "nvme" + "usb_storage" + "sd_mod" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; nixpkgs.hostPlatform = "x86_64-linux"; } diff --git a/hosts/dust/home/default.nix b/hosts/dust/home/default.nix index 354f4b1..2419724 100644 --- a/hosts/dust/home/default.nix +++ b/hosts/dust/home/default.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ imports = [ ./theme.nix diff --git a/hosts/dust/home/theme.nix b/hosts/dust/home/theme.nix index 13777de..95b2b8c 100644 --- a/hosts/dust/home/theme.nix +++ b/hosts/dust/home/theme.nix @@ -3,7 +3,8 @@ config, lib, ... -}: { +}: +{ home.pointerCursor = { name = "Adwaita"; package = pkgs.adwaita-icon-theme; diff --git a/hosts/dust/home/xdg-mime.nix b/hosts/dust/home/xdg-mime.nix index 2d2613a..e909bd5 100644 --- a/hosts/dust/home/xdg-mime.nix +++ b/hosts/dust/home/xdg-mime.nix @@ -1,10 +1,11 @@ -{lib, ...}: { +{ lib, ... }: +{ # https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types/Common_types xdg.mimeApps = { enable = true; defaultApplications = { - "inode/directory" = ["org.gnome.Nautilus.desktop"]; + "inode/directory" = [ "org.gnome.Nautilus.desktop" ]; } ### Browser // lib.genAttrs [ @@ -13,7 +14,7 @@ "x-scheme-handler/https" "x-scheme-handler/about" "x-scheme-handler/unknown" - ] (_n: ["firefox.desktop"]) + ] (_n: [ "firefox.desktop" ]) ### Audio player // lib.genAttrs [ "audio/aac" @@ -21,31 +22,31 @@ "audio/mpeg" "audio/ogg" "audio/wav" - ] (_n: ["io.bassi.Amberol.desktop"]) + ] (_n: [ "io.bassi.Amberol.desktop" ]) ### Image viewer // lib.genAttrs [ "image/gif" "image/jpeg" "image/png" "image/webp" - ] (_n: ["org.gnome.Loupe.desktop"]) + ] (_n: [ "org.gnome.Loupe.desktop" ]) ### Video player // lib.genAttrs [ "video/mp4" "video/mpeg" "video/webm" - ] (_n: ["mpv.desktop"]) + ] (_n: [ "mpv.desktop" ]) ### Code editor // lib.genAttrs [ "text/css" "text/html" "text/javascript" "text/plain" - ] (_n: ["nvim.desktop"]) + ] (_n: [ "nvim.desktop" ]) ### Mail client // lib.genAttrs [ "x-scheme-handler/mailto" "x-scheme-handler/mid" - ] (_n: ["thunderbird.desktop"]); + ] (_n: [ "thunderbird.desktop" ]); }; } diff --git a/hosts/dust/impermanence.nix b/hosts/dust/impermanence.nix index 0f8fa79..a4038b1 100644 --- a/hosts/dust/impermanence.nix +++ b/hosts/dust/impermanence.nix @@ -1,5 +1,6 @@ -{lib, ...}: { - sops.age.sshKeyPaths = lib.mkForce ["/persist/etc/ssh/ssh_host_ed25519_key"]; +{ lib, ... }: +{ + sops.age.sshKeyPaths = lib.mkForce [ "/persist/etc/ssh/ssh_host_ed25519_key" ]; fileSystems."/persist".neededForBoot = true; environment.persistence."/persist" = { hideMounts = true; diff --git a/hosts/dust/lanzaboote.nix b/hosts/dust/lanzaboote.nix index 3ceac2a..8e1e1dc 100644 --- a/hosts/dust/lanzaboote.nix +++ b/hosts/dust/lanzaboote.nix @@ -1,5 +1,6 @@ -{pkgs, ...}: { - environment.systemPackages = [pkgs.sbctl]; +{ pkgs, ... }: +{ + environment.systemPackages = [ pkgs.sbctl ]; boot.lanzaboote = { enable = true; pkiBundle = "/etc/secureboot"; diff --git a/hosts/tyo0/anti-feature.nix b/hosts/tyo0/anti-feature.nix index 762e5f5..c99caed 100644 --- a/hosts/tyo0/anti-feature.nix +++ b/hosts/tyo0/anti-feature.nix @@ -1,7 +1,9 @@ -{lib, ...}: { +{ lib, ... }: +{ nixpkgs.config = { allowNonSource = false; - allowNonSourcePredicate = pkg: + allowNonSourcePredicate = + pkg: lib.elem (lib.getName pkg) [ "adoptopenjdk-hotspot-bin" "cargo-bootstrap" @@ -12,9 +14,11 @@ ]; allowUnfree = false; - allowUnfreePredicate = pkg: - lib.elem (lib.getName pkg) [ - ]; + allowUnfreePredicate = + pkg: + lib.elem (lib.getName pkg) + [ + ]; permittedInsecurePackages = [ "cinny-4.1.0" diff --git a/hosts/tyo0/default.nix b/hosts/tyo0/default.nix index ef783da..add66d1 100644 --- a/hosts/tyo0/default.nix +++ b/hosts/tyo0/default.nix @@ -3,7 +3,8 @@ modulesPath, pkgs, ... -}: { +}: +{ imports = [ "${modulesPath}/virtualisation/amazon-image.nix" ./anti-feature.nix @@ -33,27 +34,30 @@ systemd.services."print-host-key".enable = false; ### Secrets - sops.secrets = lib.mapAttrs (_name: value: value // {sopsFile = ./secrets.yaml;}) { + sops.secrets = lib.mapAttrs (_name: value: value // { sopsFile = ./secrets.yaml; }) { "hysteria/auth" = { - restartUnits = ["hysteria.service"]; + restartUnits = [ "hysteria.service" ]; }; "pixivfe/environment" = { - restartUnits = ["pixivfe.service"]; + restartUnits = [ "pixivfe.service" ]; }; "searx/environment" = { - restartUnits = ["searx.service"]; + restartUnits = [ "searx.service" ]; }; "miniflux/environment" = { - restartUnits = ["miniflux.service"]; + restartUnits = [ "miniflux.service" ]; }; "vaultwarden/environment" = { - restartUnits = ["vaultwarden.service"]; + restartUnits = [ "vaultwarden.service" ]; }; }; ### Services - networking.firewall.allowedUDPPorts = [443]; # hysteria - networking.firewall.allowedTCPPorts = [80 443]; # caddy + networking.firewall.allowedUDPPorts = [ 443 ]; # hysteria + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; # caddy systemd.tmpfiles.settings = { "10-www" = { @@ -76,7 +80,7 @@ "cinny" = pkgs.cinny.override { conf = { defaultHomeserver = 0; - homeserverList = ["ny4.dev"]; + homeserverList = [ "ny4.dev" ]; }; }; }; @@ -122,7 +126,12 @@ services.vnstat.enable = true; systemd.services."no-bankrupt" = { serviceConfig.Type = "oneshot"; - path = with pkgs; [coreutils gawk vnstat systemd]; + path = with pkgs; [ + coreutils + gawk + vnstat + systemd + ]; script = '' TRAFF_TOTAL=1900 TRAFF_USED=$(vnstat --oneline b | awk -F ';' '{print $11}') diff --git a/hosts/tyo0/services/forgejo.nix b/hosts/tyo0/services/forgejo.nix index 22b5067..2558dde 100644 --- a/hosts/tyo0/services/forgejo.nix +++ b/hosts/tyo0/services/forgejo.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ services.forgejo = { enable = true; package = pkgs.forgejo; diff --git a/hosts/tyo0/services/hysteria.nix b/hosts/tyo0/services/hysteria.nix index 7b70978..9bc4ec4 100644 --- a/hosts/tyo0/services/hysteria.nix +++ b/hosts/tyo0/services/hysteria.nix @@ -1,4 +1,5 @@ -{config, ...}: { +{ config, ... }: +{ services.hysteria = { enable = true; settings = { diff --git a/hosts/tyo0/services/keycloak.nix b/hosts/tyo0/services/keycloak.nix index f0c4046..979b27c 100644 --- a/hosts/tyo0/services/keycloak.nix +++ b/hosts/tyo0/services/keycloak.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ services.keycloak = { enable = true; settings = { diff --git a/hosts/tyo0/services/miniflux.nix b/hosts/tyo0/services/miniflux.nix index 6b28b7a..2482a17 100644 --- a/hosts/tyo0/services/miniflux.nix +++ b/hosts/tyo0/services/miniflux.nix @@ -1,4 +1,5 @@ -{config, ...}: { +{ config, ... }: +{ services.miniflux = { enable = true; adminCredentialsFile = config.sops.secrets."miniflux/environment".path; diff --git a/hosts/tyo0/services/ntfy.nix b/hosts/tyo0/services/ntfy.nix index ce6902e..25c6340 100644 --- a/hosts/tyo0/services/ntfy.nix +++ b/hosts/tyo0/services/ntfy.nix @@ -10,5 +10,5 @@ }; }; - systemd.services.ntfy-sh.serviceConfig.RuntimeDirectory = ["ntfy-sh"]; + systemd.services.ntfy-sh.serviceConfig.RuntimeDirectory = [ "ntfy-sh" ]; } diff --git a/hosts/tyo0/services/pixivfe.nix b/hosts/tyo0/services/pixivfe.nix index 34568de..8673408 100644 --- a/hosts/tyo0/services/pixivfe.nix +++ b/hosts/tyo0/services/pixivfe.nix @@ -2,7 +2,8 @@ pkgs, config, ... -}: { +}: +{ services.pixivfe = { enable = true; EnvironmentFile = config.sops.secrets."pixivfe/environment".path; @@ -13,7 +14,7 @@ }; systemd.services.pixivfe.serviceConfig = { - RuntimeDirectory = ["pixivfe"]; + RuntimeDirectory = [ "pixivfe" ]; ExecStartPost = pkgs.writeShellScript "pixivfe-unixsocket" '' ${pkgs.coreutils}/bin/sleep 5 ${pkgs.coreutils}/bin/chmod 777 /run/pixivfe/pixiv.sock diff --git a/hosts/tyo0/services/searx.nix b/hosts/tyo0/services/searx.nix index 49c565a..176c6c4 100644 --- a/hosts/tyo0/services/searx.nix +++ b/hosts/tyo0/services/searx.nix @@ -2,7 +2,8 @@ pkgs, config, ... -}: { +}: +{ services.searx = { enable = true; package = pkgs.searxng; diff --git a/hosts/tyo0/services/vaultwarden.nix b/hosts/tyo0/services/vaultwarden.nix index 8d7aa89..c735d17 100644 --- a/hosts/tyo0/services/vaultwarden.nix +++ b/hosts/tyo0/services/vaultwarden.nix @@ -1,4 +1,5 @@ -{config, ...}: { +{ config, ... }: +{ services.vaultwarden = { enable = true; environmentFile = config.sops.secrets."vaultwarden/environment".path; diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix index 65fbc61..1b20ddf 100644 --- a/nixos/modules/default.nix +++ b/nixos/modules/default.nix @@ -1,4 +1,5 @@ -{...}: { +{ ... }: +{ imports = [ ./services/hysteria.nix ./services/pixivfe.nix diff --git a/nixos/modules/services/hysteria.nix b/nixos/modules/services/hysteria.nix index 140c385..02a3d96 100644 --- a/nixos/modules/services/hysteria.nix +++ b/nixos/modules/services/hysteria.nix @@ -4,17 +4,22 @@ pkgs, utils, ... -}: let +}: +let cfg = config.services.hysteria; - settingsFormat = pkgs.formats.json {}; -in { + settingsFormat = pkgs.formats.json { }; +in +{ options.services.hysteria = { enable = lib.mkEnableOption "Hysteria, a powerful, lightning fast and censorship resistant proxy"; - package = lib.mkPackageOption pkgs "hysteria" {}; + package = lib.mkPackageOption pkgs "hysteria" { }; mode = lib.mkOption { - type = lib.types.enum ["server" "client"]; + type = lib.types.enum [ + "server" + "client" + ]; default = "server"; description = "Whether to use Hysteria as a client or a server."; }; @@ -23,7 +28,7 @@ in { type = lib.types.submodule { freeformType = settingsFormat.type; }; - default = {}; + default = { }; description = '' The Hysteria configuration, see https://hysteria.network/ for documentation. @@ -38,10 +43,10 @@ in { config = lib.mkIf cfg.enable { systemd.services."hysteria" = { description = "Hysteria daemon, a powerful, lightning fast and censorship resistant proxy."; - documentation = ["https://hysteria.network/"]; - wantedBy = ["multi-user.target"]; - after = ["network-online.target"]; - wants = ["network-online.target"]; + documentation = [ "https://hysteria.network/" ]; + wantedBy = [ "multi-user.target" ]; + after = [ "network-online.target" ]; + wants = [ "network-online.target" ]; preStart = utils.genJqSecretsReplacementSnippet cfg.settings "/var/lib/private/hysteria/config.json"; serviceConfig = { ExecStart = lib.concatStringsSep " " [ @@ -54,8 +59,16 @@ in { StateDirectory = "hysteria"; ### Hardening - AmbientCapabilities = ["CAP_NET_ADMIN" "CAP_NET_BIND_SERVICE" "CAP_NET_RAW"]; - CapabilityBoundingSet = ["CAP_NET_ADMIN" "CAP_NET_BIND_SERVICE" "CAP_NET_RAW"]; + AmbientCapabilities = [ + "CAP_NET_ADMIN" + "CAP_NET_BIND_SERVICE" + "CAP_NET_RAW" + ]; + CapabilityBoundingSet = [ + "CAP_NET_ADMIN" + "CAP_NET_BIND_SERVICE" + "CAP_NET_RAW" + ]; NoNewPrivileges = true; PrivateMounts = true; PrivateTmp = true; diff --git a/nixos/modules/services/pixivfe.nix b/nixos/modules/services/pixivfe.nix index 8a7617b..b781574 100644 --- a/nixos/modules/services/pixivfe.nix +++ b/nixos/modules/services/pixivfe.nix @@ -4,13 +4,17 @@ inputs, pkgs, ... -}: let +}: +let cfg = config.services.pixivfe; -in { +in +{ options.services.pixivfe = { enable = lib.mkEnableOption "PixivFE, a privacy respecting frontend for Pixiv"; - package = lib.mkPackageOption inputs.self.legacyPackages.${pkgs.stdenv.hostPlatform.system} "pixivfe" {}; + package = + lib.mkPackageOption inputs.self.legacyPackages.${pkgs.stdenv.hostPlatform.system} "pixivfe" + { }; openFirewall = lib.mkEnableOption "open ports in the firewall needed for the daemon to function"; @@ -46,10 +50,7 @@ in { config = lib.mkIf cfg.enable { assertions = [ { - assertion = - if cfg.openFirewall - then (cfg.settings ? PIXIVFE_PORT) - else true; + assertion = if cfg.openFirewall then (cfg.settings ? PIXIVFE_PORT) else true; message = '' PIXIVFE_PORT must be specified for NixOS to open a port. @@ -58,9 +59,10 @@ in { } { assertion = - if (cfg.EnvironmentFile == null) - then (cfg.settings ? PIXIVFE_UNIXSOCKET) || (cfg.settings ? PIXIVFE_PORT) - else true; + if (cfg.EnvironmentFile == null) then + (cfg.settings ? PIXIVFE_UNIXSOCKET) || (cfg.settings ? PIXIVFE_PORT) + else + true; message = '' PIXIVFE_PORT or PIXIVFE_UNIXSOCKET must be set for PixivFE to run. @@ -68,10 +70,7 @@ in { ''; } { - assertion = - if (cfg.EnvironmentFile == null) - then cfg.settings ? PIXIVFE_TOKEN - else true; + assertion = if (cfg.EnvironmentFile == null) then cfg.settings ? PIXIVFE_TOKEN else true; message = '' PIXIVFE_TOKEN must be set for PixivFE to run. @@ -82,23 +81,21 @@ in { systemd.services."pixivfe" = { description = "PixivFE, a privacy respecting frontend for Pixiv."; - documentation = ["https://pixivfe.pages.dev/"]; - wantedBy = ["multi-user.target"]; - after = ["network-online.target"]; - wants = ["network-online.target"]; - environment = lib.mkIf (cfg.settings != null) (lib.mapAttrs (_: v: - if lib.isBool v - then lib.boolToString v - else toString v) - cfg.settings); + documentation = [ "https://pixivfe.pages.dev/" ]; + wantedBy = [ "multi-user.target" ]; + after = [ "network-online.target" ]; + wants = [ "network-online.target" ]; + environment = lib.mkIf (cfg.settings != null) ( + lib.mapAttrs (_: v: if lib.isBool v then lib.boolToString v else toString v) cfg.settings + ); serviceConfig = { inherit (cfg) EnvironmentFile; ExecStart = lib.getExe cfg.package; DynamicUser = true; ### Hardening - AmbientCapabilities = ["CAP_NET_BIND_SERVICE"]; # For ports <= 1024 - CapabilityBoundingSet = ["CAP_NET_BIND_SERVICE"]; + AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ]; # For ports <= 1024 + CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ]; NoNewPrivileges = true; PrivateMounts = true; PrivateTmp = true; @@ -122,7 +119,7 @@ in { }; networking.firewall = lib.mkIf cfg.openFirewall { - allowedTCPPorts = [cfg.settings.PIXIVFE_PORT]; + allowedTCPPorts = [ cfg.settings.PIXIVFE_PORT ]; }; }; } diff --git a/nixos/profiles/core/default.nix b/nixos/profiles/core/default.nix index 5928940..593f327 100644 --- a/nixos/profiles/core/default.nix +++ b/nixos/profiles/core/default.nix @@ -4,7 +4,8 @@ inputs, pkgs, ... -}: { +}: +{ imports = [ ./hardening.nix @@ -29,7 +30,9 @@ users.guanranwang = import ../../../home; useGlobalPkgs = true; useUserPackages = true; - extraSpecialArgs = {inherit inputs;}; + extraSpecialArgs = { + inherit inputs; + }; }; boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; @@ -80,13 +83,13 @@ # Avoid TOFU MITM with github by providing their public key here. programs.ssh.knownHosts = { - "github.com".hostNames = ["github.com"]; + "github.com".hostNames = [ "github.com" ]; "github.com".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl"; - "gitlab.com".hostNames = ["gitlab.com"]; + "gitlab.com".hostNames = [ "gitlab.com" ]; "gitlab.com".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf"; - "git.sr.ht".hostNames = ["git.sr.ht"]; + "git.sr.ht".hostNames = [ "git.sr.ht" ]; "git.sr.ht".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZvRd4EtM7R+IHVMWmDkVU3VLQTSwQDSAvW0t2Tkj60"; }; @@ -120,8 +123,8 @@ ### sops-nix sops = { defaultSopsFile = ../../../secrets.yaml; - age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; - gnupg.sshKeyPaths = []; + age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + gnupg.sshKeyPaths = [ ]; secrets."hashed-passwd".neededForUsers = true; }; } diff --git a/nixos/profiles/core/networking.nix b/nixos/profiles/core/networking.nix index 71d395e..0f35e37 100644 --- a/nixos/profiles/core/networking.nix +++ b/nixos/profiles/core/networking.nix @@ -2,7 +2,7 @@ services.resolved.enable = true; ### https://wiki.archlinux.org/title/Sysctl#Improving_performance - boot.kernelModules = ["tcp_bbr"]; + boot.kernelModules = [ "tcp_bbr" ]; boot.kernel.sysctl = { "net.core.default_qdisc" = "cake"; "net.ipv4.tcp_congestion_control" = "bbr"; diff --git a/nixos/profiles/core/nix.nix b/nixos/profiles/core/nix.nix index 573d7c1..39237b1 100644 --- a/nixos/profiles/core/nix.nix +++ b/nixos/profiles/core/nix.nix @@ -3,7 +3,8 @@ config, inputs, ... -}: { +}: +{ nix.settings = { substituters = (lib.optionals (config.time.timeZone == "Asia/Shanghai") [ @@ -26,7 +27,7 @@ "no-url-literals" ]; flake-registry = ""; - trusted-users = ["@wheel"]; + trusted-users = [ "@wheel" ]; allow-import-from-derivation = false; auto-allocate-uids = true; auto-optimise-store = true; @@ -38,7 +39,7 @@ nix = { # Add each flake input as a registry # To make nix3 commands consistent with the flake - registry = lib.mapAttrs (_: value: {flake = value;}) inputs; + registry = lib.mapAttrs (_: value: { flake = value; }) inputs; # Disable nix-channel channel.enable = false; @@ -52,7 +53,7 @@ extraOptions = "!include ${config.sops.secrets.nix-access-tokens.path}"; }; - users.groups."nix-access-tokens" = {}; + users.groups."nix-access-tokens" = { }; sops.secrets."nix-access-tokens" = { group = config.users.groups."nix-access-tokens".name; mode = "0440"; diff --git a/nixos/profiles/core/zram.nix b/nixos/profiles/core/zram.nix index ad5ca34..2dc8fbb 100644 --- a/nixos/profiles/core/zram.nix +++ b/nixos/profiles/core/zram.nix @@ -1,4 +1,5 @@ -{lib, ...}: { +{ lib, ... }: +{ services.zram-generator = { enable = true; settings.zram0 = { diff --git a/nixos/profiles/server/default.nix b/nixos/profiles/server/default.nix index 0238762..f139044 100644 --- a/nixos/profiles/server/default.nix +++ b/nixos/profiles/server/default.nix @@ -2,14 +2,16 @@ pkgs, config, ... -}: { +}: +{ environment.systemPackages = with pkgs; [ foot.terminfo ]; # TODO: colmena services.openssh.settings.PermitRootLogin = "prohibit-password"; - users.users."root".openssh.authorizedKeys.keys = config.users.users.guanranwang.openssh.authorizedKeys.keys; + users.users."root".openssh.authorizedKeys.keys = + config.users.users.guanranwang.openssh.authorizedKeys.keys; time.timeZone = "UTC"; } diff --git a/nixos/profiles/sing-box/default.nix b/nixos/profiles/sing-box/default.nix index c50480a..9abbd2d 100644 --- a/nixos/profiles/sing-box/default.nix +++ b/nixos/profiles/sing-box/default.nix @@ -2,7 +2,8 @@ pkgs, config, ... -}: { +}: +{ services.sing-box = { enable = true; settings = { @@ -94,16 +95,18 @@ httpsProxy = "http://127.0.0.1:1080/"; }; - environment.shellAliases = let - inherit (config.networking.proxy) httpProxy httpsProxy; - in { - "setproxy" = "export http_proxy=${httpProxy} https_proxy=${httpsProxy}"; - "unsetproxy" = "set -e http_proxy https_proxy"; - }; + environment.shellAliases = + let + inherit (config.networking.proxy) httpProxy httpsProxy; + in + { + "setproxy" = "export http_proxy=${httpProxy} https_proxy=${httpsProxy}"; + "unsetproxy" = "set -e http_proxy https_proxy"; + }; ### sops-nix sops.secrets."sing-box/tyo0" = { - restartUnits = ["sing-box.service"]; + restartUnits = [ "sing-box.service" ]; sopsFile = ./secrets.yaml; }; } diff --git a/nixos/profiles/wireless/default.nix b/nixos/profiles/wireless/default.nix index ade6664..74b93a3 100644 --- a/nixos/profiles/wireless/default.nix +++ b/nixos/profiles/wireless/default.nix @@ -1,5 +1,6 @@ -{lib, ...}: { - sops.secrets = lib.mapAttrs (_name: value: value // {sopsFile = ./secrets.yaml;}) { +{ lib, ... }: +{ + sops.secrets = lib.mapAttrs (_name: value: value // { sopsFile = ./secrets.yaml; }) { "wireless/wangxiaobo".path = "/var/lib/iwd/wangxiaobo.psk"; "wireless/ImmortalWrt".path = "/var/lib/iwd/ImmortalWrt.psk"; }; diff --git a/overlays/default.nix b/overlays/default.nix index 50d7b26..cc54fda 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -1,9 +1,11 @@ let - addPatches = pkg: patches: + addPatches = + pkg: patches: pkg.overrideAttrs (old: { - patches = (old.patches or []) ++ patches; + patches = (old.patches or [ ]) ++ patches; }); -in { +in +{ patches = _final: prev: { # https://aur.archlinux.org/pkgbase/nautilus-typeahead nautilus = prev.nautilus.overrideAttrs { @@ -21,39 +23,42 @@ in { ''; }; - qt6Packages = prev.qt6Packages.overrideScope (_final': prev': { - # HACK: no more qt5 - fcitx5-with-addons = prev'.fcitx5-with-addons.override { - libsForQt5.fcitx5-qt = prev.emptyDirectory; - }; + qt6Packages = prev.qt6Packages.overrideScope ( + _final': prev': { + # HACK: no more qt5 + fcitx5-with-addons = prev'.fcitx5-with-addons.override { + libsForQt5.fcitx5-qt = prev.emptyDirectory; + }; - # HACK: no more qtwebengine, opencc - fcitx5-chinese-addons = - (prev'.fcitx5-chinese-addons.override { - curl = prev.emptyDirectory; - opencc = prev.emptyDirectory; - qtwebengine = prev.emptyDirectory; - }) - .overrideAttrs (oldAttrs: { - buildInputs = oldAttrs.buildInputs ++ [prev.gettext prev'.qtbase]; - cmakeFlags = - oldAttrs.cmakeFlags - ++ [ - (prev.lib.cmakeBool "ENABLE_BROWSER" false) - (prev.lib.cmakeBool "ENABLE_CLOUDPINYIN" false) - (prev.lib.cmakeBool "ENABLE_OPENCC" false) - ]; - }); - }); + # HACK: no more qtwebengine, opencc + fcitx5-chinese-addons = + (prev'.fcitx5-chinese-addons.override { + curl = prev.emptyDirectory; + opencc = prev.emptyDirectory; + qtwebengine = prev.emptyDirectory; + }).overrideAttrs + (oldAttrs: { + buildInputs = oldAttrs.buildInputs ++ [ + prev.gettext + prev'.qtbase + ]; + cmakeFlags = oldAttrs.cmakeFlags ++ [ + (prev.lib.cmakeBool "ENABLE_BROWSER" false) + (prev.lib.cmakeBool "ENABLE_CLOUDPINYIN" false) + (prev.lib.cmakeBool "ENABLE_OPENCC" false) + ]; + }); + } + ); # HACK: no more gtk2 gnome-themes-extra = (prev.gnome-themes-extra.override { gtk2 = prev.emptyDirectory; - }) - .overrideAttrs { - configureFlags = ["--disable-gtk2-engine"]; - }; + }).overrideAttrs + { + configureFlags = [ "--disable-gtk2-engine" ]; + }; sway-unwrapped = addPatches prev.sway-unwrapped [ # text_input: Implement input-method popups diff --git a/pkgs/default.nix b/pkgs/default.nix index 11b0da4..dbc4dc3 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,10 +1,12 @@ # NOTE: 301: All packages are migrated to `github:Guanran928/nur-packages`, # only keeping some packages that only fits for personal use. -pkgs: let +pkgs: +let inherit (pkgs) callPackage; -in { +in +{ # https://github.com/NixOS/nixpkgs/pull/308720 - pixivfe = callPackage ./pixivfe.nix {}; + pixivfe = callPackage ./pixivfe.nix { }; background = pkgs.nixos-artwork.wallpapers.nineish-dark-gray.src; } diff --git a/pkgs/pixivfe.nix b/pkgs/pixivfe.nix index 2b5da37..3bcc531 100644 --- a/pkgs/pixivfe.nix +++ b/pkgs/pixivfe.nix @@ -23,7 +23,7 @@ buildGoModule rec { "-w" ]; - nativeBuildInputs = [makeBinaryWrapper]; + nativeBuildInputs = [ makeBinaryWrapper ]; postInstall = '' mkdir -p $out/share/pixivfe @@ -37,7 +37,7 @@ buildGoModule rec { homepage = "https://codeberg.org/VnPower/PixivFE"; license = lib.licenses.agpl3Only; mainProgram = "pixivfe"; - maintainers = with lib.maintainers; [Guanran928]; + maintainers = with lib.maintainers; [ Guanran928 ]; platforms = lib.platforms.linux; }; } diff --git a/treefmt.nix b/treefmt.nix index d47a806..3a58d67 100644 --- a/treefmt.nix +++ b/treefmt.nix @@ -2,7 +2,7 @@ projectRootFile = "flake.nix"; ### nix - programs.alejandra.enable = true; + programs.nixfmt.enable = true; programs.deadnix.enable = true; programs.statix.enable = true;