diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix deleted file mode 100644 index 1742d02..0000000 --- a/modules/nixos/default.nix +++ /dev/null @@ -1,10 +0,0 @@ -{...}: { - imports = [ - ./profiles - ./services - ./home-manager-helper.nix - ./programs - ]; - options = {}; - config = {}; -} diff --git a/modules/nixos/home-manager-helper.nix b/modules/nixos/home-manager-helper.nix deleted file mode 100644 index 00cca43..0000000 --- a/modules/nixos/home-manager-helper.nix +++ /dev/null @@ -1,257 +0,0 @@ -{ - config, - inputs, - lib, - pkgs, - ... -}: -with lib; -with lib.types; let - cfg = config.home-manager-helper; - subordinateUidRange = { - options = { - startUid = mkOption { - type = int; - }; - count = mkOption { - type = int; - default = 1; - }; - }; - }; - - subordinateGidRange = { - options = { - startGid = mkOption { - type = int; - }; - count = mkOption { - type = int; - default = 1; - }; - }; - }; -in { - imports = [ - inputs.home-manager.nixosModules.default - ]; - options.home-manager-helper = with lib; - with lib.types; { - enable = mkEnableOption ""; - users = mkOption { - type = - attrsOf - (submodule - ({ - config, - name, - ... - }: { - options = { - autoSubUidGidRange = mkOption { - type = bool; - default = false; - }; - createHome = mkOption { - type = bool; - default = cfg.users.${name}.homeManager; - }; - cryptHomeLuks = mkOption { - type = nullOr str; - default = null; - }; - description = mkOption { - type = passwdEntry str; - default = ""; - }; - extraGroups = mkOption { - type = listOf str; - default = []; - }; - group = mkOption { - type = str; - default = name; - }; - hashedPassword = mkOption { - type = nullOr (passwdEntry str); - default = null; - }; - hashedPasswordFile = mkOption { - type = nullOr str; - default = null; - }; - home = mkOption { - type = anything; - default = {}; - }; - homeDirectory = mkOption { - type = passwdEntry path; - default = - if cfg.users.${name}.homeManager - then "/home/${name}" - else "/var/empty"; - }; - homeManager = mkOption { - type = bool; - default = - if cfg.users.${name}.isNormalUser - then true - else false; - }; - homeMode = mkOption { - type = strMatching "[0-7]{1,5}"; - default = "700"; - }; - ignoreShellProgramCheck = mkOption { - type = bool; - default = false; - }; - initialHashedPassword = mkOption { - type = nullOr (passwdEntry str); - default = null; - }; - initialPassword = mkOption { - type = nullOr (passwdEntry str); - default = null; - }; - isNormalUser = mkOption { - type = bool; - default = false; - }; - isSystemUser = mkOption { - type = bool; - default = false; - }; - linger = mkOption { - type = bool; - default = false; - }; - name = mkOption { - type = passwdEntry str; - }; - openssh = mkOption { - type = anything; - default = {}; - }; - packages = mkOption { - type = listOf package; - default = []; - }; - pamMount = mkOption { - type = attrsOf str; - default = {}; - }; - shell = mkOption { - type = nullOr (either shellPackage (passwdEntry path)); - default = pkgs.shadow; - }; - subGidRanges = mkOption { - type = listOf (submodule subordinateGidRange); - default = []; - }; - subUidRanges = mkOption { - type = listOf (submodule subordinateUidRange); - default = []; - }; - uid = mkOption { - type = nullOr int; - default = null; - }; - useDefaultShell = mkOption { - type = bool; - default = false; - }; - }; - })); - default = {}; - }; - }; - config = with lib; - with builtins; - mkIf cfg.enable { - users.users = - mapAttrs - (name: value: { - inherit - (value) - autoSubUidGidRange - createHome - cryptHomeLuks - description - extraGroups - group - hashedPassword - hashedPasswordFile - homeMode - ignoreShellProgramCheck - initialHashedPassword - initialPassword - isNormalUser - isSystemUser - linger - name - openssh - pamMount - shell - subGidRanges - subUidRanges - uid - useDefaultShell - ; - - home = value.homeDirectory; - - packages = - if value.homeManager - then [] - else value.packages; - }) - cfg.users; - - users.mutableUsers = true; - users.groups = - mapAttrs' - (name: value: { - name = name; - value = - mkDefault - { - name = name; - members = ["${name}"]; - }; - }) - cfg.users; - - home-manager.backupFileExtension = "backup"; - home-manager.extraSpecialArgs = {inherit inputs;}; - home-manager.users = - mapAttrs - (name: value: (mkMerge [ - { - imports = [ - inputs.nix-index-database.hmModules.nix-index - inputs.flatpaks.homeManagerModules.nix-flatpak - ]; - - home.username = value.name; - home.homeDirectory = value.homeDirectory; - home.packages = - value.packages - ++ ( - if value ? home ? packages - then value.home.packages - else [] - ) - ++ [ - pkgs.nil - ]; - - programs.home-manager.enable = true; - - home.stateVersion = "23.11"; # DO NOT CHANGE - } - value.home - ])) - (filterAttrs (n: v: v.homeManager) cfg.users); - }; -} diff --git a/modules/nixos/profiles/default.nix b/modules/nixos/profiles/default.nix deleted file mode 100644 index 979711e..0000000 --- a/modules/nixos/profiles/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -{...}: { - imports = [ - ./locale.nix - ./media-server.nix - ./minecraft-servers.nix - ]; - options = {}; - config = {}; -} diff --git a/modules/nixos/profiles/locale.nix b/modules/nixos/profiles/locale.nix deleted file mode 100644 index 2c1803c..0000000 --- a/modules/nixos/profiles/locale.nix +++ /dev/null @@ -1,64 +0,0 @@ -{ - config, - lib, - ... -}: let - cfg = config.profiles.locale; -in { - imports = []; - options.profiles.locale = with lib; - with lib.types; { - enable = mkEnableOption ""; - locale = mkOption { - type = str; - default = "en_US.UTF-8"; - }; - extraLocales = mkOption { - type = attrsOf str; - default = rec { - LC_ADDRESS = "pt_BR.UTF-8"; - LC_IDENTIFICATION = LC_ADDRESS; - LC_MEASUREMENT = LC_ADDRESS; - LC_MONETARY = LC_ADDRESS; - LC_NAME = LC_ADDRESS; - LC_NUMERIC = LC_ADDRESS; - LC_PAPER = LC_ADDRESS; - LC_TELEPHONE = LC_ADDRESS; - LC_TIME = LC_ADDRESS; - }; - }; - keymap.layout = mkOption { - type = str; - default = "br"; - }; - keymap.variant = mkOption { - type = str; - default = ""; - }; - keymap.console = mkOption { - type = str; - default = "br-abnt2"; - }; - timeZone = mkOption { - type = str; - default = "America/Sao_Paulo"; - }; - }; - config = { - i18n = { - defaultLocale = cfg.locale; - extraLocaleSettings = cfg.extraLocales; - }; - - services.xserver = { - xkb.layout = cfg.keymap.layout; - xkb.variant = cfg.keymap.variant; - }; - - console.keyMap = cfg.keymap.console; - - time = { - timeZone = cfg.timeZone; - }; - }; -} diff --git a/modules/nixos/profiles/media-server.nix b/modules/nixos/profiles/media-server.nix deleted file mode 100644 index e8f2f93..0000000 --- a/modules/nixos/profiles/media-server.nix +++ /dev/null @@ -1,81 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: let - cfg = config.profiles.media-server; -in { - options.profiles.media-server = with lib; - with lib.types; { - enable = mkEnableOption ""; - mediaDir = mkOption { - type = path; - default = "/data/media"; - }; - }; - config = with lib; - mkIf cfg.enable { - services = { - jellyfin.enable = mkDefault true; - jellyfin.openFirewall = true; - jellyseerr.enable = mkDefault true; - prowlarr.enable = mkDefault true; - radarr.enable = mkDefault true; - sonarr.enable = mkDefault true; - qbittorrent.enable = mkDefault true; - }; - - systemd.services.media-server-setup = { - script = let - services = config.services; - in '' - function setfacl() { ${pkgs.acl}/bin/setfacl "$@"; } - - echo 'Creating ${toString cfg.mediaDir} folder' - mkdir -p ${toString cfg.mediaDir} - mkdir -p ${toString cfg.mediaDir + "/Downloads"} - mkdir -p ${toString cfg.mediaDir + "/Movies"} - mkdir -p ${toString cfg.mediaDir + "/Shows"} - - ${ - if services.jellyfin.enable - then '' - echo 'Giving read-write permission to ${services.jellyfin.user} on ${toString cfg.mediaDir}' - setfacl -R -m u:${services.jellyfin.user}:rwx ${toString cfg.mediaDir} - '' - else "" - } - ${ - if services.radarr.enable - then '' - echo 'Giving read-write permission to ${services.radarr.user} on ${toString cfg.mediaDir}' - setfacl -R -m u:${services.radarr.user}:rwx ${toString cfg.mediaDir} - '' - else "" - } - ${ - if services.sonarr.enable - then '' - echo 'Giving read-write permission to ${services.sonarr.user} on ${toString cfg.mediaDir}' - setfacl -R -m u:${services.sonarr.user}:rwx ${toString cfg.mediaDir} - '' - else "" - } - ${ - if services.qbittorrent.enable - then '' - echo 'Giving read-write permission to ${services.qbittorrent.user} on ${toString cfg.mediaDir}' - setfacl -R -m u:${services.qbittorrent.user}:rwx ${toString cfg.mediaDir} - '' - else "" - } - - ''; - wantedBy = ["multi-user.target"]; - serviceConfig = { - Type = "oneshot"; - }; - }; - }; -} diff --git a/modules/nixos/profiles/minecraft-servers.nix b/modules/nixos/profiles/minecraft-servers.nix deleted file mode 100644 index 4626799..0000000 --- a/modules/nixos/profiles/minecraft-servers.nix +++ /dev/null @@ -1,107 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: let - cfg = config.profiles.minecraft-servers; -in { - imports = [../services/minecraft-servers.nix]; - options.profiles.minecraft-servers = with lib; { - enable = mkEnableOption ""; - }; - config = let - optimizationMods = builtins.attrValues { - AlternateCurrent = pkgs.fetchurl { - url = "https://cdn.modrinth.com/data/r0v8vy1s/versions/CFNRLnDw/alternate-current-mc1.20-1.8.0-beta.3.jar"; - sha256 = "130k9ay8hylbv2ijzj5n9951ww2lxyqrykazvr8l3yf1dbm0n56r"; - }; - /* - BetterMaps = pkgs.fetchurl { - url = "https://cdn.modrinth.com/data/JX1fvBwM/versions/SSxJn7Q3/bettermaps-mc1.20-0.5.2.jar"; - sha256 = "0aps89kxx98xhmya4ljy3h3dhni88wv697vh7ipg3vzfxhqyfj9p"; - }; - */ - CCME = pkgs.fetchurl { - url = "https://cdn.modrinth.com/data/VSNURh3q/versions/1jjyJyVe/c2me-fabric-mc1.20.6-0.2.0+alpha.11.95.jar"; - sha256 = "0ja97jv4x1xhm1nmpq661qf641zv314zzdp7q9d0wzfp712am0dc"; - }; - Chunky = pkgs.fetchurl { - url = "https://cdn.modrinth.com/data/fALzjamp/versions/ZrmnYk7q/Chunky-1.4.10.jar"; - sha256 = "098gg5s02c5lnz9y85vja9z17cmkaidf8fr99drrym5z1n3d48jf"; - }; - DisablePortalChecks = pkgs.fetchurl { - url = "https://cdn.modrinth.com/data/uOzKOGGt/versions/zW17oIr0/disableportalchecks-1.0.0.jar"; - sha256 = "1zq535nb6zv22plvz3p6ykh02skng6wjjzsalm1qmlidj22r8j40"; - }; - FabricApi = pkgs.fetchurl { - url = "https://cdn.modrinth.com/data/P7dR8mSH/versions/191HCCtF/fabric-api-0.98.0+1.20.6.jar"; - sha256 = "09p29f4333mnwigs7v307xhli99n51qg7prkkp9yfm9pwnvv26q3"; - }; - FasterRandom = pkgs.fetchurl { - url = "https://cdn.modrinth.com/data/RfFxanNh/versions/I8jy69I9/fasterrandom-4.1.0.jar"; - sha256 = "0hwxbkic4mwjl3sqm9hsl8xvf96qk87ah1njl7pnqpam720zl0i3"; - }; - Icterine = pkgs.fetchurl { - url = "https://cdn.modrinth.com/data/7RvRWn6p/versions/W7L89aQM/Icterine-fabric-1.20.3-4-1.3.0.jar"; - sha256 = "15vv2xqd6gzvckr3wxgisz02x9d938cgg2ncc2gnd3m6k3l6l5w5"; - }; - Lithium = pkgs.fetchurl { - url = "https://cdn.modrinth.com/data/gvQqBUqZ/versions/bAbb09VF/lithium-fabric-mc1.20.6-0.12.3.jar"; - sha256 = "03fikawl6rw14gkzz74k7zv1cf9m0l9am12l2wmjf8mm0a9dmp9l"; - }; - MemoryLeakFix = pkgs.fetchurl { - url = "https://cdn.modrinth.com/data/NRjRiSSD/versions/5xvCCRjJ/memoryleakfix-fabric-1.17+-1.1.5.jar"; - sha256 = "1pmdllflr2mjjh2r3v8lyz8rxg0ncq8m9r15vl89f09f4vbk7b5q"; - }; - Noisium = pkgs.fetchurl { - url = "https://cdn.modrinth.com/data/KuNKN7d2/versions/lT2Jvcwv/noisium-fabric-2.1.0+mc1.20.5-1.20.6.jar"; - sha256 = "0bawxlrph66jladb9w1b20qn7av6az45nfn4bnggcygza35r0mrj"; - }; - NoKebab = pkgs.fetchurl { - url = "https://cdn.modrinth.com/data/y82xHklI/versions/t1haYknB/no-kebab-1.3.0+1.20.6.jar"; - sha256 = "1xks224cls95jnfhk54plnsmb1x4bb0llr17w1rwbbn6rx66p6gi"; - }; - ModernFix = pkgs.fetchurl { - url = "https://cdn.modrinth.com/data/nmDcB62a/versions/xlt4bcjj/modernfix-fabric-5.17.3+mc1.20.6.jar"; - sha256 = "1sdbv2a3zb1j481g2318vfaxd5hlx0h5fl7azl3j46095422yw93"; - }; - ServerCode = pkgs.fetchurl { - url = "https://cdn.modrinth.com/data/4WWQxlQP/versions/MiqvHRzE/servercore-fabric-1.5.1+1.20.5.jar"; - sha256 = "1vhb3dik4vancgsgm0ldmgx6qlsw0iiqlcq8gy0ifxmjmm1sin6f"; - }; - Slumber = pkgs.fetchurl { - url = "https://cdn.modrinth.com/data/ksm6XRZ9/versions/mPf1P26X/slumber-1.2.0.jar"; - sha256 = "1chp2wkjcmxi4apry1fkml3n7k4x2sjwc7dx9qjklqpcw4gbn7s7"; - }; - ThreadTweak = pkgs.fetchurl { - url = "https://cdn.modrinth.com/data/vSEH1ERy/versions/BtMMYDAh/threadtweak-fabric-1.20.6-0.1.3.jar"; - sha256 = "12nyln487bsn4gvlynzw0samds8mxi02bkxb9jdl9x0yy16pbrfh"; - }; - VeryManyPlayer = pkgs.fetchurl { - url = "https://cdn.modrinth.com/data/wnEe9KBa/versions/83ET13o3/vmp-fabric-mc1.20.6-0.2.0+beta.7.155-all.jar"; - sha256 = "039adzcpl9bx4h2gsl399b97vsi0h3b33421jbsl603rld6cgz88"; - }; - }; - in - with lib; - mkIf cfg.enable { - services.minecraft-servers.enable = true; - services.minecraft-servers.eula = true; - services.minecraft-servers.openFirewall = true; - - networking.firewall.allowedTCPPorts = [25565]; - - services.minecraft-servers.servers.survival = { - enable = true; - restart = "no"; - serverProperties = { - server-port = 25565; - }; - package = pkgs.fabricServers.fabric-1_20_6.override {}; - symlinks = { - mods = pkgs.linkFarmFromDrvs "mods" optimizationMods; - }; - }; - }; -} diff --git a/modules/nixos/programs/default.nix b/modules/nixos/programs/default.nix deleted file mode 100644 index ba8279d..0000000 --- a/modules/nixos/programs/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -{...}: { - imports = [ - ./nh - ./hyprland.nix - ./steam.nix - ]; - options = {}; - config = {}; -} diff --git a/modules/nixos/programs/hyprland.nix b/modules/nixos/programs/hyprland.nix deleted file mode 100644 index 8f3d6b6..0000000 --- a/modules/nixos/programs/hyprland.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ - config, - lib, - inputs, - pkgs, - ... -}: let - cfg = config.programs.hyprland; - system = pkgs.stdenv.hostPlatform.system; -in { - imports = []; - options.programs.hyprland = with lib; - with lib.types; { - useFlakes = mkOption { - type = bool; - default = true; - }; - }; - config = with lib; - mkIf cfg.enable { - programs.hyprland = { - xwayland.enable = mkDefault true; - package = mkDefault ( - if cfg.useFlakes - then inputs.hyprland.packages."${system}".hyprland - else pkgs.hyprland - ); - portalPackage = mkDefault ( - if cfg.useFlakes - then inputs.xdg-desktop-portal-hyprland.packages."${system}".xdg-desktop-portal-hyprland - else pkgs.xdg-desktop-portal-hyprland - ); - }; - xdg.portal.enable = true; - xdg.portal.extraPortals = with pkgs; [ - xdg-desktop-portal-gtk - ]; - }; -} diff --git a/modules/nixos/programs/nh/default.nix b/modules/nixos/programs/nh/default.nix deleted file mode 100644 index 39b97eb..0000000 --- a/modules/nixos/programs/nh/default.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: let - cfg = config.programs.nh; - wrapper = pkgs.writeShellScriptBin "nh" '' - function alejandra() { ${pkgs.alejandra}/bin/alejandra "$@"; } - function git() { ${pkgs.git}/bin/git "$@"; } - function lazygit() { ${pkgs.lazygit}/bin/lazygit "$@"; } - function nh() { ${pkgs.nh}/bin/nh "$@"; } - function shellharden() { ${pkgs.shellharden}/bin/shellharden "$@"; } - - FLAKE_DIR=${toString cfg.flake} - - ${builtins.readFile ./wrapper.sh} - ''; -in { - options.programs.nh = with lib; with lib.types; {}; - config = with lib; - mkIf cfg.enable { - programs.nh.package = wrapper; - }; -} diff --git a/modules/nixos/programs/nh/wrapper.sh b/modules/nixos/programs/nh/wrapper.sh deleted file mode 100644 index ab336cc..0000000 --- a/modules/nixos/programs/nh/wrapper.sh +++ /dev/null @@ -1,154 +0,0 @@ -function set_colors() { - COLOR_CYAN='\033[0;35m' - COLOR_RED='\033[0;31m' - COLOR_YELLOW='\033[1;33m' - COLOR_NC='\033[0m' -} -function set_labels() { - set_colors - function echo_info() { - if [ -t 1 ]; then - echo -e "${COLOR_CYAN}INFO:${COLOR_NC} $@"; - else - echo -e "INFO: $@"; - fi - } - function echo_warn() { - if [ -t 1 ]; then - echo -e "${COLOR_YELLOW}WARN:${COLOR_NC} $@"; - else - echo -e "WARN: $@"; - fi - } - function echo_error() { - if [ -t 1 ]; then - echo -e "${COLOR_RED}ERRO:${COLOR_NC} $@"; - else - echo -e "ERRO: $@"; - fi - } -} -set_labels - -function decrypt_lesser_secrets() { - set -e - pushd "$FLAKE_DIR" > /dev/null - - for f in ./secrets/*.lesser.*; do - local filename="$(basename -- "$f")" - local extension="${filename##*.}" - local filename="${filename%.*}" - local subextenstion="${filename##*.}" - - if [[ "$subextenstion" == "decrypted" ]]; then - echo_warn "$PREFIX - File already decrypted! file=$f" - else - echo_info "$PREFIX - Decrypting lesser secret file. file=$f" - sops --output "./secrets/$filename.decrypted.$extension" -d "$f" - fi - done - - echo_info "$PREFIX - Adding decrypted secret files" - git add ./secrets/*.decrypted.* - - popd > /dev/null -} - -function remove_decrypted_secrets() { - set -e - pushd "$FLAKE_DIR" > /dev/null - - echo_info "$PREFIX - Removing descrypted files" - for f in "$FLAKE_DIR"/secrets/*.decrypted.*; do - echo_info "$PREFIX - Removing descrypted files. file=$f" - git reset "$f" - rm "$f" - done - - popd > /dev/null -} - -function format_files() { - set -e - pushd "$FLAKE_DIR" > /dev/null - - echo_info "$PREFIX - Formatting *.nix files" - alejandra . &>/dev/null \ - || (alejandra . ; \ - echo_error - "$PREFIX - Failed to format files" \ - && exit 1) - - echo_info "$PREFIX - Formatting *.sh files" - find "$FLAKE_DIR" -type f -name "*.sh" -execdir shellharden --replace {} \; - - popd > /dev/null -} - -function build_os() { - set -e - pushd "$FLAKE_DIR" > /dev/null - - echo_info "$PREFIX - Building NixOS" - nh os switch "$@" "$FLAKE_DIR" \ - || (echo_error "$PREFIX - Failed to build NixOS" \ - && remove_decrypted_secrets \ - && exit 1) - - popd > /dev/null -} - -case "$1" in - "os") - case "$2" in - "switch") - PREFIX="nh os switch" - - decrypt_lesser_secrets - format_files - - shift 2 - build_os "$@" - - remove_decrypted_secrets - ;; - *) echo_error "\"$2\" subcommand does not exist" - ;; - esac - ;; - "edit") - pushd "$FLAKE_DIR" > /dev/null - - "$EDITOR" . - - popd > /dev/null - ;; - "sync") - pushd "$FLAKE_DIR" > /dev/null - - lazygit - - popd > /dev/null - ;; - "secrets") - PREFIX="nh secrets" - case "$2" in - "-d"|"--decrypt") decrypt_lesser_secrets - ;; - "-r"|"--remove") remove_decrypted_secrets - ;; - esac - ;; - "format") - pushd "$FLAKE_DIR" > /dev/null - - format_files - - popd > /dev/null - ;; - "--") - shift 1 - nh "$@" - ;; - *) echo_error "\"$1\" command does not exist" - ;; -esac diff --git a/modules/nixos/programs/steam.nix b/modules/nixos/programs/steam.nix deleted file mode 100644 index c9f091b..0000000 --- a/modules/nixos/programs/steam.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: let - cfg = config.programs.steam; -in { - imports = []; - options.programs.steam = with lib; - with lib.types; { - wayland = mkOption { - type = bool; - default = config.programs.hyprland.enable; - }; - }; - config = with lib; - mkIf cfg.enable { - environment.systemPackages = with pkgs; [steam-run]; - - nixpkgs.config.allowUnfreePredicate = pkg: - builtins.elem (lib.getName pkg) [ - "steam" - "steam-original" - "steam-run" - ]; - - programs.steam = { - gamescopeSession = mkIf cfg.wayland { - enable = true; - }; - }; - }; -} diff --git a/modules/nixos/services/adguardhome.nix b/modules/nixos/services/adguardhome.nix deleted file mode 100644 index 53a618e..0000000 --- a/modules/nixos/services/adguardhome.nix +++ /dev/null @@ -1,61 +0,0 @@ -{ - config, - lib, - ... -}: let - cfg = config.services.adguardhome; -in { - imports = []; - options.services.adguardhome = with lib; - with lib.types; { - dns.filters = mkOption { - type = attrsOf (submodule ({lib, ...}: { - options = { - name = mkOption { - type = nullOr str; - default = null; - }; - url = mkOption { - type = str; - }; - enabled = mkOption { - type = bool; - default = true; - }; - }; - })); - default = {}; - }; - dns.rewrites = mkOption { - type = attrsOf str; - default = {}; - }; - }; - config = with lib; - mkIf cfg.enable { - networking.firewall.allowedTCPPorts = [53]; - networking.firewall.allowedUDPPorts = [53 51820]; - - services.adguardhome = { - settings = { - filtering.rewrites = builtins.attrValues (builtins.mapAttrs - (from: to: { - domain = from; - answer = to; - }) - cfg.dns.rewrites); - filters = attrValues (mapAttrs - (id: list: { - name = - if isNull list.name - then id - else list.name; - ID = id; - url = list.url; - enabled = list.enabled; - }) - cfg.dns.filters); - }; - }; - }; -} diff --git a/modules/nixos/services/default.nix b/modules/nixos/services/default.nix deleted file mode 100644 index 4cea9af..0000000 --- a/modules/nixos/services/default.nix +++ /dev/null @@ -1,11 +0,0 @@ -{...}: { - imports = [ - ./adguardhome.nix - ./forgejo - ./minecraft-servers.nix - ./qbittorrent.nix - ./tailscale.nix - ]; - options = {}; - config = {}; -} diff --git a/modules/nixos/services/forgejo/default.nix b/modules/nixos/services/forgejo/default.nix deleted file mode 100644 index c313f0a..0000000 --- a/modules/nixos/services/forgejo/default.nix +++ /dev/null @@ -1,205 +0,0 @@ -{ - config, - lib, - pkgs, - utils, - ... -}: let - cfg = config.services.forgejo; - yamlFormat = pkgs.formats.yaml {}; - users = builtins.attrValues (builtins.mapAttrs - (username: info: { - name = - if isNull info.name - then username - else info.name; - email = info.email; - password = info.password; - admin = info.admin; - }) - cfg.users); - initList = l: lib.strings.concatStringsSep "," l; -in { - imports = []; - options.services.forgejo = with lib; - with lib.types; { - handleUndeclaredUsers = mkOption { - type = bool; - default = false; - }; - users = mkOption { - type = attrsOf (submodule ({ - config, - lib, - ... - }: - with lib; - with lib.types; { - options = { - name = mkOption { - type = nullOr (either str path); - default = null; - }; - password = mkOption { - type = either str path; - }; - email = mkOption { - type = either str path; - }; - admin = mkOption { - type = bool; - default = false; - }; - }; - })); - default = {}; - }; - actions = { - enable = mkOption { - type = bool; - default = cfg.enable; - }; - token = mkOption { - type = str; - }; - url = mkOption { - type = str; - default = "http://localhost:${toString cfg.settings.server.HTTP_PORT}"; - }; - labels = mkOption { - type = listOf str; - default = [ - /* - Remember to install git on these images so actions/checkout can work, - without it, the actions tries to use the /api/v3/repos/{user}/{repo}/tarball/{ref} - api endpoint, which Gitea/Forgejo doesn't has. - */ - "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest-slim" - "ubuntu-latest-full:docker://gitea/runner-images:ubuntu-latest" - ]; - }; - }; - }; - config = with lib; - mkIf cfg.enable { - networking.firewall.allowedTCPPorts = mkIf cfg.settings.actions.ENABLED [ - cfg.settings.server.HTTP_PORT - ]; - networking.firewall.allowedUDPPorts = mkIf cfg.settings.actions.ENABLED [ - cfg.settings.server.HTTP_PORT - ]; - - users.users."${cfg.user}" = { - home = cfg.stateDir; - useDefaultShell = true; - group = cfg.group; - isSystemUser = true; - extraGroups = ["wheel" "networkmanager"]; - }; - users.groups."${cfg.group}" = {}; - - services.forgejo = { - user = mkDefault "git"; - group = mkDefault cfg.user; - settings = { - DEFAULT = { - APP_NAME = mkDefault "Forgejo: Beyond coding. We forge."; - }; - actions = { - ENABLED = mkDefault cfg.actions.enable; - DEFAULT_ACTIONS_URL = mkDefault "http://localhost:${toString cfg.settings.server.HTTP_PORT}"; - }; - repository = { - DEFAULT_REPO_UNITS = mkDefault (initList [ - "repo.code" - ]); - DISABLED_REPO_UNITS = mkIf (!cfg.actions.enable) (mkDefault (initList [ - "repo.actions" - ])); - }; - service = { - # DISABLE_REGISTRARION = mkDefault true; - }; - }; - }; - - virtualisation.docker.enable = mkIf cfg.actions.enable (mkDefault true); - services.gitea-actions-runner = mkIf cfg.actions.enable { - package = - if config.services.gitea.enable - then pkgs.gitea-actions-runner - else pkgs.forgejo-actions-runner; - instances."forgejo${toString cfg.settings.server.HTTP_PORT}" = { - enable = mkDefault true; - token = mkDefault cfg.actions.token; - name = mkDefault "${cfg.settings.DEFAULT.APP_NAME} - Actions"; - url = cfg.actions.url; - labels = mkDefault cfg.actions.labels; - settings = { - runner = { - insecure = true; - }; - }; - }; - }; - - systemd.services."forgejo-users-setup" = with builtins; { - script = '' - function gum() { ${pkgs.gum}/bin/gum "$@"; } - function forgejo() { - # local config_file="${toString cfg.stateDir}/custom/conf/app.ini"; - # touch $config_file - ${cfg.package}/bin/gitea \ - --work-path ${cfg.stateDir} \ - "$@" - } - function fjuser() { forgejo admin user "$@"; } - function awk() { ${pkgs.gawk}/bin/awk "$@"; } - - handle_undeclared_users="${ - if cfg.handleUndeclaredUsers - then "true" - else "false" - }"; - - declared_users=(${toString (map (user: "${ - if isPath user.name - then "$(cat ${toString user.name})" - else user.name - }") - users)}); - - ${readFile ./user-handler.sh} - - ${toString (map (user: '' - set-user "${ - if isPath user.name - then "$(cat ${toString user.name})" - else user.name - }" "${ - if isPath user.email - then "$(cat ${toString user.email})" - else user.email - }" "${ - if isPath user.password - then "$(cat ${toString user.password})" - else user.password - }" \ - "${ - if user.admin - then "true" - else "false" - }" - '') - users)} - ''; - wantedBy = ["multi-user.target"]; - after = ["forgejo.service"]; - serviceConfig = { - Type = "oneshot"; - User = cfg.user; - Group = cfg.group; - }; - }; - }; -} diff --git a/modules/nixos/services/forgejo/user-handler.sh b/modules/nixos/services/forgejo/user-handler.sh deleted file mode 100644 index 45c05b0..0000000 --- a/modules/nixos/services/forgejo/user-handler.sh +++ /dev/null @@ -1,90 +0,0 @@ - -gum log --structured \ - --time timeonly \ - --level debug \ - 'Handling forgejo users' - -fjuser list | awk '{print $2}' | tail -n +2 | while read username; do - if printf '%s\0' "${declared_users[@]}" | grep -Fxqz -- "$username"; then - gum log --structured \ - --time timeonly \ - --level info \ - 'Declared user already exists, ignoring' \ - username "$username" - else - if [[ "$(fjuser list | tail -n +2 | awk '{print $2 " " $5}' | grep "$username" | awk '{print $2}')" == "true" ]]; then - gum log --structured \ - --time timeonly \ - --level warn \ - 'Undeclared user is an ADMIN, ignoring' \ - username "$username" - elif [[ "$handle_undeclared_users" == "true" ]]; then - gum log --structured \ - --time timeonly \ - --level info \ - 'DELETING undeclared user' \ - username "$username" - fjuser delete -u "$username" - else - gum log --structured \ - --time timeonly \ - --level warn \ - 'UNDECLARED user, please declare it to have a reproducible build' \ - username "$username" - fi - fi -done - -# this is used in the string inside ./default.nix -function set-user() { - local username=$1 - local email=$2 - local password=$3 - local admin=$4 - - gum log --structured \ - --time timeonly \ - --level debug \ - 'Setting user' \ - username "$username" \ - email "$email" - - if [[ "$(fjuser list | grep "$username" | awk '{print $2}')" ]]; then - gum log --structured \ - --time timeonly \ - --level error \ - 'User with username already exists' \ - username "$username" - elif [[ "$(fjuser list | grep "$email" | awk '{print $3}')" ]]; then - gum log --structured \ - --time timeonly \ - --level error \ - 'User with username already exists' \ - email "$email" - else - if [[ "$admin" == "true" ]]; then - gum log --structured \ - --time timeonly \ - --level debug \ - 'Creating ADMIN user' \ - username "$username" \ - email "$email" - - fjuser create --username "$username" \ - --email "$email" \ - --password "$password" \ - --admin - else - gum log --structured \ - --time timeonly \ - --level debug \ - 'Creating user' \ - username "$username" \ - email "$email" - - fjuser create --username "$username" \ - --email "$email" \ - --password "$password" - fi - fi -} diff --git a/modules/nixos/services/minecraft-servers.nix b/modules/nixos/services/minecraft-servers.nix deleted file mode 100644 index 2463798..0000000 --- a/modules/nixos/services/minecraft-servers.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ - config, - lib, - inputs, - ... -}: let - cfg = config.services.minecraft-servers; -in { - imports = [ - inputs.nix-minecraft.nixosModules.minecraft-servers - ]; - options.services.minecraft-servers = with lib; with lib.types; {}; - config = with lib; - mkIf cfg.enable { - nixpkgs.overlays = [inputs.nix-minecraft.overlay]; - }; -} diff --git a/modules/nixos/services/qbittorrent.nix b/modules/nixos/services/qbittorrent.nix deleted file mode 100644 index 628dffa..0000000 --- a/modules/nixos/services/qbittorrent.nix +++ /dev/null @@ -1,78 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: let - cfg = config.services.qbittorrent; - UID = 888; - GID = 888; -in { - options.services.qbittorrent = with lib; - with lib.types; { - enable = mkEnableOption ""; - dataDir = mkOption { - type = path; - default = "/var/lib/qbittorrent"; - }; - user = mkOption { - type = str; - default = "qbittorrent"; - }; - group = mkOption { - type = str; - default = "qbittorrent"; - }; - port = mkOption { - type = port; - default = 8080; - }; - openFirewall = mkOption { - type = bool; - default = false; - }; - package = mkOption { - type = package; - default = pkgs.qbittorrent-nox; - }; - }; - config = with lib; - mkIf cfg.enable { - networking.firewall = mkIf cfg.openFirewall { - allowedTCPPorts = [cfg.port]; - }; - - systemd.services.qbittorrent = { - after = ["network.target"]; - wantedBy = ["multi-user.target"]; - serviceConfig = { - Type = "simple"; - User = cfg.user; - Group = cfg.group; - ExecStartPre = let - preStartScript = pkgs.writeScript "qbittorrent-run-prestart" '' - #!${pkgs.bash}/bin/bash - if ! test -d "$QBT_PROFILE"; then - echo "Creating qBittorrent data directory in: $QBT_PROFILE" - install -d -m 0755 -o "${cfg.user}" -g "${cfg.group}" "$QBT_PROFILE" - fi - ''; - in "!${preStartScript}"; - ExecStart = "${cfg.package}/bin/qbittorrent-nox"; - Restart = "on-success"; - }; - environment = { - QBT_PROFILE = cfg.dataDir; - QBT_WEBUI_PORT = toString cfg.port; - }; - }; - - users.users."${cfg.user}" = { - group = cfg.group; - uid = UID; - }; - users.groups."${cfg.group}" = { - gid = GID; - }; - }; -} diff --git a/modules/nixos/services/tailscale.nix b/modules/nixos/services/tailscale.nix deleted file mode 100644 index 0eb26a6..0000000 --- a/modules/nixos/services/tailscale.nix +++ /dev/null @@ -1,61 +0,0 @@ -{ - config, - lib, - ... -}: let - cfg = config.services.tailscale; -in { - imports = []; - options.services.tailscale = with lib; - with lib.types; { - exitNode = mkOption { - type = bool; - default = false; - }; - tailnetName = mkOption { - type = str; - }; - tailnetUrl = mkOption { - type = str; - default = "${config.services.tailscale.tailnetName}.ts.net"; - }; - deviceUrl = mkOption { - type = str; - default = "${config.networking.hostName}.${config.services.tailscale.tailnetUrl}"; - }; - deviceIp = mkOption { - type = str; - }; - }; - config = with lib; - mkIf cfg.enable { - services.tailscale = { - extraUpFlags = [ - ( - if cfg.exitNode - then "--advertise-exit-node" - else null - ) - ( - if cfg.exitNode - then "--exit-node" - else null - ) - ]; - useRoutingFeatures = mkDefault ( - if cfg.exitNode - then "server" - else "client" - ); - }; - - systemd.services."tailscaled" = mkIf config.services.caddy.enable (mkDefault { - serviceConfig = { - Environment = ["TS_PERMIT_CERT_UID=caddy"]; - }; - }); - - boot.kernel.sysctl."net.ipv4.ip_forward" = mkIf cfg.exitNode (mkDefault 1); - boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = mkIf cfg.exitNode (mkDefault 1); - }; -}