treewide: use nixfmt --strict flag
This commit is contained in:
parent
f3c554e51d
commit
b2638a2885
GPG key ID:
91F97D9ED12639CF
30 changed files with 88 additions and 207 deletions
|
|
@ -1,8 +1,4 @@
|
||||||
{
|
{ lib, pkgs, ... }:
|
||||||
lib,
|
|
||||||
pkgs,
|
|
||||||
...
|
|
||||||
}:
|
|
||||||
let
|
let
|
||||||
package = pkgs.qt6Packages.fcitx5-with-addons.override {
|
package = pkgs.qt6Packages.fcitx5-with-addons.override {
|
||||||
addons = with pkgs; [
|
addons = with pkgs; [
|
||||||
|
|
@ -14,9 +10,7 @@ let
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
home.packages = [
|
home.packages = [ package ];
|
||||||
package
|
|
||||||
];
|
|
||||||
|
|
||||||
systemd.user.services.fcitx5-daemon = {
|
systemd.user.services.fcitx5-daemon = {
|
||||||
Unit.Description = "Fcitx5 input method editor";
|
Unit.Description = "Fcitx5 input method editor";
|
||||||
|
|
|
||||||
|
|
@ -1,8 +1,4 @@
|
||||||
{
|
{ pkgs, config, ... }:
|
||||||
pkgs,
|
|
||||||
config,
|
|
||||||
...
|
|
||||||
}:
|
|
||||||
{
|
{
|
||||||
programs.go.enable = true;
|
programs.go.enable = true;
|
||||||
home.packages = with pkgs; [
|
home.packages = with pkgs; [
|
||||||
|
|
|
||||||
|
|
@ -1,8 +1,4 @@
|
||||||
{
|
{ pkgs, lib, ... }:
|
||||||
pkgs,
|
|
||||||
lib,
|
|
||||||
...
|
|
||||||
}:
|
|
||||||
{
|
{
|
||||||
programs.mpv = {
|
programs.mpv = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
@ -23,12 +19,7 @@
|
||||||
modernx-zydezu
|
modernx-zydezu
|
||||||
thumbfast
|
thumbfast
|
||||||
])
|
])
|
||||||
++ lib.optionals pkgs.stdenv.hostPlatform.isLinux (
|
++ lib.optionals pkgs.stdenv.hostPlatform.isLinux (with pkgs.mpvScripts; [ mpris ]);
|
||||||
with pkgs.mpvScripts;
|
|
||||||
[
|
|
||||||
mpris
|
|
||||||
]
|
|
||||||
);
|
|
||||||
|
|
||||||
bindings =
|
bindings =
|
||||||
let
|
let
|
||||||
|
|
|
||||||
|
|
@ -1,8 +1,4 @@
|
||||||
{
|
{ pkgs, inputs, ... }:
|
||||||
pkgs,
|
|
||||||
inputs,
|
|
||||||
...
|
|
||||||
}:
|
|
||||||
{
|
{
|
||||||
home.packages = [ pkgs.neovim ];
|
home.packages = [ pkgs.neovim ];
|
||||||
home.sessionVariables."EDITOR" = "nvim";
|
home.sessionVariables."EDITOR" = "nvim";
|
||||||
|
|
|
||||||
|
|
@ -1,8 +1,4 @@
|
||||||
{
|
{ lib, config, ... }:
|
||||||
lib,
|
|
||||||
config,
|
|
||||||
...
|
|
||||||
}:
|
|
||||||
{
|
{
|
||||||
services.swayidle = {
|
services.swayidle = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
||||||
|
|
@ -1,8 +1,4 @@
|
||||||
{
|
{ inputs, pkgs, ... }:
|
||||||
inputs,
|
|
||||||
pkgs,
|
|
||||||
...
|
|
||||||
}:
|
|
||||||
{
|
{
|
||||||
programs.swaylock = {
|
programs.swaylock = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
||||||
|
|
@ -1,8 +1,4 @@
|
||||||
{
|
{ lib, pkgs, ... }:
|
||||||
lib,
|
|
||||||
pkgs,
|
|
||||||
...
|
|
||||||
}:
|
|
||||||
{
|
{
|
||||||
home = {
|
home = {
|
||||||
username = "guanranwang";
|
username = "guanranwang";
|
||||||
|
|
|
||||||
|
|
@ -59,48 +59,48 @@
|
||||||
|
|
||||||
boot.tmp.useTmpfs = true;
|
boot.tmp.useTmpfs = true;
|
||||||
|
|
||||||
services.tailscale = {
|
environment.systemPackages = with pkgs; [ yubikey-manager ];
|
||||||
|
|
||||||
|
networking.firewall = {
|
||||||
|
allowedTCPPorts = [ 53317 ];
|
||||||
|
allowedUDPPorts = [ 53317 ];
|
||||||
|
};
|
||||||
|
|
||||||
|
programs = {
|
||||||
|
adb.enable = true;
|
||||||
|
dconf.enable = true;
|
||||||
|
fish.enable = true;
|
||||||
|
gamemode.enable = true;
|
||||||
|
localsend.enable = true;
|
||||||
|
seahorse.enable = true;
|
||||||
|
steam.enable = true;
|
||||||
|
ssh = {
|
||||||
|
startAgent = true;
|
||||||
|
enableAskPassword = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services = {
|
||||||
|
power-profiles-daemon.enable = true;
|
||||||
|
gvfs.enable = true;
|
||||||
|
gnome = {
|
||||||
|
gnome-keyring.enable = true;
|
||||||
|
sushi.enable = true;
|
||||||
|
};
|
||||||
|
tailscale = {
|
||||||
enable = true;
|
enable = true;
|
||||||
openFirewall = true;
|
openFirewall = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
|
||||||
yubikey-manager
|
|
||||||
];
|
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ 53317 ];
|
|
||||||
networking.firewall.allowedUDPPorts = [ 53317 ];
|
|
||||||
|
|
||||||
programs.gamemode.enable = true;
|
|
||||||
programs.steam.enable = true;
|
|
||||||
|
|
||||||
programs.adb.enable = true;
|
|
||||||
programs.dconf.enable = true;
|
|
||||||
programs.fish.enable = true;
|
|
||||||
programs.localsend.enable = true;
|
|
||||||
programs.seahorse.enable = true;
|
|
||||||
programs.ssh = {
|
|
||||||
startAgent = true;
|
|
||||||
enableAskPassword = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
services.power-profiles-daemon.enable = true;
|
|
||||||
services.gvfs.enable = true;
|
|
||||||
services.gnome = {
|
|
||||||
gnome-keyring.enable = true;
|
|
||||||
sushi.enable = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
# yubikey
|
# yubikey
|
||||||
services.pcscd.enable = true;
|
pcscd.enable = true;
|
||||||
services.udev.packages = [ pkgs.yubikey-personalization ];
|
udev.packages = [ pkgs.yubikey-personalization ];
|
||||||
|
};
|
||||||
|
|
||||||
fonts = {
|
fonts = {
|
||||||
enableDefaultPackages = false;
|
enableDefaultPackages = false;
|
||||||
packages = with pkgs; [
|
packages = with pkgs; [
|
||||||
(nerdfonts.override {
|
(nerdfonts.override { fonts = [ "NerdFontsSymbolsOnly" ]; })
|
||||||
fonts = [ "NerdFontsSymbolsOnly" ];
|
|
||||||
})
|
|
||||||
(inter.overrideAttrs {
|
(inter.overrideAttrs {
|
||||||
installPhase = ''
|
installPhase = ''
|
||||||
runHook preInstall
|
runHook preInstall
|
||||||
|
|
@ -129,9 +129,7 @@
|
||||||
];
|
];
|
||||||
fontconfig = {
|
fontconfig = {
|
||||||
defaultFonts = {
|
defaultFonts = {
|
||||||
emoji = [
|
emoji = [ "Noto Color Emoji" ];
|
||||||
"Noto Color Emoji"
|
|
||||||
];
|
|
||||||
# Append emoji font for Qt apps, they might use the monochrome emoji
|
# Append emoji font for Qt apps, they might use the monochrome emoji
|
||||||
monospace = [
|
monospace = [
|
||||||
"JetBrains Mono"
|
"JetBrains Mono"
|
||||||
|
|
|
||||||
|
|
@ -39,9 +39,7 @@
|
||||||
".config/fcitx5"
|
".config/fcitx5"
|
||||||
".config/obs-studio"
|
".config/obs-studio"
|
||||||
];
|
];
|
||||||
files = [
|
files = [ ".config/sops/age/keys.txt" ];
|
||||||
".config/sops/age/keys.txt"
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -42,28 +42,20 @@
|
||||||
systemd.services.mastodon-sidekiq-all.environment = config.networking.proxy.envVars;
|
systemd.services.mastodon-sidekiq-all.environment = config.networking.proxy.envVars;
|
||||||
|
|
||||||
services.caddy.settings.apps.http.servers.srv0.routes = lib.singleton {
|
services.caddy.settings.apps.http.servers.srv0.routes = lib.singleton {
|
||||||
match = lib.singleton {
|
match = lib.singleton { host = [ "mastodon.ny4.dev" ]; };
|
||||||
host = [ "mastodon.ny4.dev" ];
|
|
||||||
};
|
|
||||||
handle = lib.singleton {
|
handle = lib.singleton {
|
||||||
handler = "subroute";
|
handler = "subroute";
|
||||||
routes = [
|
routes = [
|
||||||
{
|
{
|
||||||
match = lib.singleton {
|
match = lib.singleton { path = [ "/api/v1/streaming/*" ]; };
|
||||||
path = [ "/api/v1/streaming/*" ];
|
|
||||||
};
|
|
||||||
handle = lib.singleton {
|
handle = lib.singleton {
|
||||||
handler = "reverse_proxy";
|
handler = "reverse_proxy";
|
||||||
headers.request.set."X-Forwarded-Proto" = [ "https" ];
|
headers.request.set."X-Forwarded-Proto" = [ "https" ];
|
||||||
upstreams = lib.singleton {
|
upstreams = lib.singleton { dial = "unix//run/mastodon-streaming/streaming-1.socket"; };
|
||||||
dial = "unix//run/mastodon-streaming/streaming-1.socket";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
match = lib.singleton {
|
match = lib.singleton { path = [ "/system/*" ]; };
|
||||||
path = [ "/system/*" ];
|
|
||||||
};
|
|
||||||
handle = [
|
handle = [
|
||||||
{
|
{
|
||||||
handler = "rewrite";
|
handler = "rewrite";
|
||||||
|
|
@ -85,9 +77,7 @@
|
||||||
{
|
{
|
||||||
handler = "reverse_proxy";
|
handler = "reverse_proxy";
|
||||||
headers.request.set."X-Forwarded-Proto" = [ "https" ];
|
headers.request.set."X-Forwarded-Proto" = [ "https" ];
|
||||||
upstreams = lib.singleton {
|
upstreams = lib.singleton { dial = "unix//run/mastodon-web/web.socket"; };
|
||||||
dial = "unix//run/mastodon-web/web.socket";
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
@ -96,9 +86,7 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
services.caddy.settings.apps.http.servers.srv0.errors.routes = lib.singleton {
|
services.caddy.settings.apps.http.servers.srv0.errors.routes = lib.singleton {
|
||||||
match = lib.singleton {
|
match = lib.singleton { host = [ "mastodon.ny4.dev" ]; };
|
||||||
host = [ "mastodon.ny4.dev" ];
|
|
||||||
};
|
|
||||||
handle = lib.singleton {
|
handle = lib.singleton {
|
||||||
handler = "subroute";
|
handler = "subroute";
|
||||||
routes = [
|
routes = [
|
||||||
|
|
|
||||||
|
|
@ -50,9 +50,7 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
services.caddy.settings.apps.http.servers.srv0.routes = lib.singleton {
|
services.caddy.settings.apps.http.servers.srv0.routes = lib.singleton {
|
||||||
match = lib.singleton {
|
match = lib.singleton { host = [ "matrix.ny4.dev" ]; };
|
||||||
host = [ "matrix.ny4.dev" ];
|
|
||||||
};
|
|
||||||
handle = lib.singleton {
|
handle = lib.singleton {
|
||||||
handler = "subroute";
|
handler = "subroute";
|
||||||
routes = lib.singleton {
|
routes = lib.singleton {
|
||||||
|
|
@ -66,9 +64,7 @@
|
||||||
handle = lib.singleton {
|
handle = lib.singleton {
|
||||||
handler = "reverse_proxy";
|
handler = "reverse_proxy";
|
||||||
headers.request.set."X-Forwarded-Proto" = [ "https" ];
|
headers.request.set."X-Forwarded-Proto" = [ "https" ];
|
||||||
upstreams = lib.singleton {
|
upstreams = lib.singleton { dial = "unix//run/matrix-synapse/synapse.sock"; };
|
||||||
dial = "unix//run/matrix-synapse/synapse.sock";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -1,8 +1,4 @@
|
||||||
{
|
{ lib, pkgs, ... }:
|
||||||
lib,
|
|
||||||
pkgs,
|
|
||||||
...
|
|
||||||
}:
|
|
||||||
{
|
{
|
||||||
services.minecraft-server = {
|
services.minecraft-server = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
||||||
|
|
@ -14,11 +14,7 @@
|
||||||
];
|
];
|
||||||
|
|
||||||
allowUnfree = false;
|
allowUnfree = false;
|
||||||
allowUnfreePredicate =
|
allowUnfreePredicate = pkg: lib.elem (lib.getName pkg) [ ];
|
||||||
pkg:
|
|
||||||
lib.elem (lib.getName pkg)
|
|
||||||
[
|
|
||||||
];
|
|
||||||
|
|
||||||
permittedInsecurePackages = [
|
permittedInsecurePackages = [
|
||||||
"cinny-4.1.0"
|
"cinny-4.1.0"
|
||||||
|
|
|
||||||
|
|
@ -64,9 +64,7 @@
|
||||||
listen = [ ":443" ];
|
listen = [ ":443" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services."caddy".serviceConfig.SupplementaryGroups = [
|
systemd.services."caddy".serviceConfig.SupplementaryGroups = [ "forgejo" ];
|
||||||
"forgejo"
|
|
||||||
];
|
|
||||||
|
|
||||||
services.caddy.settings.apps.http.servers.srv0.routes = [
|
services.caddy.settings.apps.http.servers.srv0.routes = [
|
||||||
{
|
{
|
||||||
|
|
@ -81,9 +79,7 @@
|
||||||
Access-Control-Allow-Origin = [ "*" ];
|
Access-Control-Allow-Origin = [ "*" ];
|
||||||
Content-Type = [ "application/json" ];
|
Content-Type = [ "application/json" ];
|
||||||
};
|
};
|
||||||
body = builtins.toJSON {
|
body = builtins.toJSON { "m.server" = "matrix.ny4.dev:443"; };
|
||||||
"m.server" = "matrix.ny4.dev:443";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
|
|
@ -120,9 +116,7 @@
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
match = lib.singleton {
|
match = lib.singleton { host = [ "ny4.dev" ]; };
|
||||||
host = [ "ny4.dev" ];
|
|
||||||
};
|
|
||||||
handle = lib.singleton {
|
handle = lib.singleton {
|
||||||
handler = "static_response";
|
handler = "static_response";
|
||||||
status_code = 302;
|
status_code = 302;
|
||||||
|
|
@ -132,9 +126,7 @@
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
match = lib.singleton {
|
match = lib.singleton { host = [ "element.ny4.dev" ]; };
|
||||||
host = [ "element.ny4.dev" ];
|
|
||||||
};
|
|
||||||
handle = [
|
handle = [
|
||||||
{
|
{
|
||||||
handler = "headers";
|
handler = "headers";
|
||||||
|
|
@ -157,9 +149,7 @@
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
match = lib.singleton {
|
match = lib.singleton { host = [ "cinny.ny4.dev" ]; };
|
||||||
host = [ "cinny.ny4.dev" ];
|
|
||||||
};
|
|
||||||
handle = lib.singleton {
|
handle = lib.singleton {
|
||||||
handler = "subroute";
|
handler = "subroute";
|
||||||
routes = [
|
routes = [
|
||||||
|
|
|
||||||
|
|
@ -29,9 +29,7 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
services.caddy.settings.apps.http.servers.srv0.routes = lib.singleton {
|
services.caddy.settings.apps.http.servers.srv0.routes = lib.singleton {
|
||||||
match = lib.singleton {
|
match = lib.singleton { host = [ "git.ny4.dev" ]; };
|
||||||
host = [ "git.ny4.dev" ];
|
|
||||||
};
|
|
||||||
handle = lib.singleton {
|
handle = lib.singleton {
|
||||||
handler = "reverse_proxy";
|
handler = "reverse_proxy";
|
||||||
upstreams = [ { dial = "unix//run/forgejo/forgejo.sock"; } ];
|
upstreams = [ { dial = "unix//run/forgejo/forgejo.sock"; } ];
|
||||||
|
|
|
||||||
|
|
@ -21,9 +21,7 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
services.caddy.settings.apps.http.servers.srv0.routes = lib.singleton {
|
services.caddy.settings.apps.http.servers.srv0.routes = lib.singleton {
|
||||||
match = lib.singleton {
|
match = lib.singleton { host = [ "id.ny4.dev" ]; };
|
||||||
host = [ "id.ny4.dev" ];
|
|
||||||
};
|
|
||||||
handle = lib.singleton {
|
handle = lib.singleton {
|
||||||
handler = "reverse_proxy";
|
handler = "reverse_proxy";
|
||||||
upstreams = [ { dial = "localhost:${toString port}"; } ];
|
upstreams = [ { dial = "localhost:${toString port}"; } ];
|
||||||
|
|
|
||||||
|
|
@ -19,9 +19,7 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
services.caddy.settings.apps.http.servers.srv0.routes = lib.singleton {
|
services.caddy.settings.apps.http.servers.srv0.routes = lib.singleton {
|
||||||
match = lib.singleton {
|
match = lib.singleton { host = [ "rss.ny4.dev" ]; };
|
||||||
host = [ "rss.ny4.dev" ];
|
|
||||||
};
|
|
||||||
handle = lib.singleton {
|
handle = lib.singleton {
|
||||||
handler = "reverse_proxy";
|
handler = "reverse_proxy";
|
||||||
upstreams = [ { dial = "localhost:${toString port}"; } ];
|
upstreams = [ { dial = "localhost:${toString port}"; } ];
|
||||||
|
|
|
||||||
|
|
@ -14,9 +14,7 @@
|
||||||
systemd.services.ntfy-sh.serviceConfig.RuntimeDirectory = [ "ntfy-sh" ];
|
systemd.services.ntfy-sh.serviceConfig.RuntimeDirectory = [ "ntfy-sh" ];
|
||||||
|
|
||||||
services.caddy.settings.apps.http.servers.srv0.routes = lib.singleton {
|
services.caddy.settings.apps.http.servers.srv0.routes = lib.singleton {
|
||||||
match = lib.singleton {
|
match = lib.singleton { host = [ "ntfy.ny4.dev" ]; };
|
||||||
host = [ "ntfy.ny4.dev" ];
|
|
||||||
};
|
|
||||||
handle = lib.singleton {
|
handle = lib.singleton {
|
||||||
handler = "reverse_proxy";
|
handler = "reverse_proxy";
|
||||||
upstreams = [ { dial = "unix//run/ntfy-sh/ntfy.sock"; } ];
|
upstreams = [ { dial = "unix//run/ntfy-sh/ntfy.sock"; } ];
|
||||||
|
|
|
||||||
|
|
@ -57,11 +57,7 @@ in
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
job_name = "blackbox_exporter";
|
job_name = "blackbox_exporter";
|
||||||
static_configs = lib.singleton {
|
static_configs = lib.singleton { targets = [ "127.0.0.1:${toString ports.blackbox}" ]; };
|
||||||
targets = [
|
|
||||||
"127.0.0.1:${toString ports.blackbox}"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
job_name = "blackbox_probe";
|
job_name = "blackbox_probe";
|
||||||
|
|
@ -137,11 +133,7 @@ in
|
||||||
);
|
);
|
||||||
|
|
||||||
alertmanagers = lib.singleton {
|
alertmanagers = lib.singleton {
|
||||||
static_configs = lib.singleton {
|
static_configs = lib.singleton { targets = [ "127.0.0.1:${toString ports.alertmanager}" ]; };
|
||||||
targets = [
|
|
||||||
"127.0.0.1:${toString ports.alertmanager}"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
alertmanager = {
|
alertmanager = {
|
||||||
|
|
@ -152,9 +144,7 @@ in
|
||||||
configuration = {
|
configuration = {
|
||||||
receivers = lib.singleton {
|
receivers = lib.singleton {
|
||||||
name = "ntfy";
|
name = "ntfy";
|
||||||
webhook_configs = lib.singleton {
|
webhook_configs = lib.singleton { url = "https://ntfy.ny4.dev/alert"; };
|
||||||
url = "https://ntfy.ny4.dev/alert";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
route = {
|
route = {
|
||||||
receiver = "ntfy";
|
receiver = "ntfy";
|
||||||
|
|
@ -164,9 +154,7 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
services.caddy.settings.apps.http.servers.srv0.routes = lib.singleton {
|
services.caddy.settings.apps.http.servers.srv0.routes = lib.singleton {
|
||||||
match = lib.singleton {
|
match = lib.singleton { host = [ "prom.ny4.dev" ]; };
|
||||||
host = [ "prom.ny4.dev" ];
|
|
||||||
};
|
|
||||||
handle = lib.singleton {
|
handle = lib.singleton {
|
||||||
handler = "reverse_proxy";
|
handler = "reverse_proxy";
|
||||||
upstreams = [ { dial = "127.0.0.1:${toString ports.prometheus}"; } ];
|
upstreams = [ { dial = "127.0.0.1:${toString ports.prometheus}"; } ];
|
||||||
|
|
|
||||||
|
|
@ -10,9 +10,7 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
services.caddy.settings.apps.http.servers.srv0.routes = lib.singleton {
|
services.caddy.settings.apps.http.servers.srv0.routes = lib.singleton {
|
||||||
match = lib.singleton {
|
match = lib.singleton { host = [ "reddit.ny4.dev" ]; };
|
||||||
host = [ "reddit.ny4.dev" ];
|
|
||||||
};
|
|
||||||
handle = [
|
handle = [
|
||||||
{
|
{
|
||||||
# Google's indexing caused a DoS with 800k requests...
|
# Google's indexing caused a DoS with 800k requests...
|
||||||
|
|
|
||||||
|
|
@ -1,8 +1,6 @@
|
||||||
{ lib, config, ... }:
|
{ lib, config, ... }:
|
||||||
{
|
{
|
||||||
networking.firewall.allowedTCPPorts = [
|
networking.firewall.allowedTCPPorts = [ 27253 ];
|
||||||
27253
|
|
||||||
];
|
|
||||||
|
|
||||||
services.sing-box = {
|
services.sing-box = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
||||||
|
|
@ -20,9 +20,7 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
services.caddy.settings.apps.http.servers.srv0.routes = lib.singleton {
|
services.caddy.settings.apps.http.servers.srv0.routes = lib.singleton {
|
||||||
match = lib.singleton {
|
match = lib.singleton { host = [ "vault.ny4.dev" ]; };
|
||||||
host = [ "vault.ny4.dev" ];
|
|
||||||
};
|
|
||||||
handle = lib.singleton {
|
handle = lib.singleton {
|
||||||
handler = "reverse_proxy";
|
handler = "reverse_proxy";
|
||||||
upstreams = [ { dial = "localhost:${toString port}"; } ];
|
upstreams = [ { dial = "localhost:${toString port}"; } ];
|
||||||
|
|
|
||||||
|
|
@ -9,9 +9,7 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
services.caddy.settings.apps.http.servers.srv0.routes = lib.singleton {
|
services.caddy.settings.apps.http.servers.srv0.routes = lib.singleton {
|
||||||
match = lib.singleton {
|
match = lib.singleton { host = [ "pb.ny4.dev" ]; };
|
||||||
host = [ "pb.ny4.dev" ];
|
|
||||||
};
|
|
||||||
handle = lib.singleton {
|
handle = lib.singleton {
|
||||||
handler = "reverse_proxy";
|
handler = "reverse_proxy";
|
||||||
upstreams = [ { dial = "localhost:${toString port}"; } ];
|
upstreams = [ { dial = "localhost:${toString port}"; } ];
|
||||||
|
|
|
||||||
|
|
@ -1,8 +1,4 @@
|
||||||
{
|
{ inputs, pkgs, ... }:
|
||||||
inputs,
|
|
||||||
pkgs,
|
|
||||||
...
|
|
||||||
}:
|
|
||||||
{
|
{
|
||||||
imports =
|
imports =
|
||||||
[
|
[
|
||||||
|
|
@ -16,9 +12,7 @@
|
||||||
sops-nix.nixosModules.sops
|
sops-nix.nixosModules.sops
|
||||||
]);
|
]);
|
||||||
|
|
||||||
nixpkgs.overlays = [
|
nixpkgs.overlays = [ inputs.self.overlays.default ];
|
||||||
inputs.self.overlays.default
|
|
||||||
];
|
|
||||||
|
|
||||||
boot.kernelPackages = pkgs.linuxPackages_latest;
|
boot.kernelPackages = pkgs.linuxPackages_latest;
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -41,9 +41,7 @@
|
||||||
password = "$2a$14$2Phk4tobM04H4XiGegB3TuEXkyORCKMKW8TptYPTPXUWmZgtGBj/.";
|
password = "$2a$14$2Phk4tobM04H4XiGegB3TuEXkyORCKMKW8TptYPTPXUWmZgtGBj/.";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
{
|
{ handler = "metrics"; }
|
||||||
handler = "metrics";
|
|
||||||
}
|
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
|
||||||
|
|
@ -1,12 +1,8 @@
|
||||||
{ pkgs, ... }:
|
{ pkgs, ... }:
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [ ../prometheus ];
|
||||||
../prometheus
|
|
||||||
];
|
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [ foot.terminfo ];
|
||||||
foot.terminfo
|
|
||||||
];
|
|
||||||
|
|
||||||
services.openssh = {
|
services.openssh = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
||||||
|
|
@ -47,9 +47,7 @@
|
||||||
outbound = "direct";
|
outbound = "direct";
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
rule_set = [
|
rule_set = [ "geosite-private" ];
|
||||||
"geosite-private"
|
|
||||||
];
|
|
||||||
ip_is_private = true;
|
ip_is_private = true;
|
||||||
outbound = "direct";
|
outbound = "direct";
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -52,12 +52,8 @@ _final: prev: {
|
||||||
|
|
||||||
# HACK: no more gtk2
|
# HACK: no more gtk2
|
||||||
gnome-themes-extra =
|
gnome-themes-extra =
|
||||||
(prev.gnome-themes-extra.override {
|
(prev.gnome-themes-extra.override { gtk2 = prev.emptyDirectory; }).overrideAttrs
|
||||||
gtk2 = prev.emptyDirectory;
|
{ configureFlags = [ "--disable-gtk2-engine" ]; };
|
||||||
}).overrideAttrs
|
|
||||||
{
|
|
||||||
configureFlags = [ "--disable-gtk2-engine" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
sway-unwrapped = addPatches prev.sway-unwrapped [
|
sway-unwrapped = addPatches prev.sway-unwrapped [
|
||||||
# text_input: Implement input-method popups
|
# text_input: Implement input-method popups
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,3 @@
|
||||||
# NOTE: 301: All packages are migrated to `github:Guanran928/nur-packages`,
|
# NOTE: 301: All packages are migrated to `github:Guanran928/nur-packages`,
|
||||||
# only keeping some packages that only fits for personal use.
|
# only keeping some packages that only fits for personal use.
|
||||||
pkgs: {
|
pkgs: { background = pkgs.nixos-artwork.wallpapers.nineish-dark-gray.src; }
|
||||||
background = pkgs.nixos-artwork.wallpapers.nineish-dark-gray.src;
|
|
||||||
}
|
|
||||||
|
|
|
||||||
14
treefmt.nix
14
treefmt.nix
|
|
@ -1,13 +1,15 @@
|
||||||
{
|
{
|
||||||
projectRootFile = "flake.nix";
|
projectRootFile = "flake.nix";
|
||||||
|
|
||||||
### nix
|
programs = {
|
||||||
programs.nixfmt.enable = true;
|
deadnix.enable = true;
|
||||||
programs.deadnix.enable = true;
|
nixfmt.enable = true;
|
||||||
programs.statix.enable = true;
|
prettier.enable = true;
|
||||||
|
statix.enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
settings.formatter.nixfmt.options = [ "--strict" ];
|
||||||
|
|
||||||
### misc
|
|
||||||
programs.prettier.enable = true;
|
|
||||||
settings.formatter.prettier.excludes = [
|
settings.formatter.prettier.excludes = [
|
||||||
"hosts/pek0/secrets.yaml"
|
"hosts/pek0/secrets.yaml"
|
||||||
"hosts/tyo0/secrets.yaml"
|
"hosts/tyo0/secrets.yaml"
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue