muon/flake
1
0
Fork 0
mirror of https://codeberg.org/muon/home.git synced 2026-03-09 11:53:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: muon:b1fdab737cca1017dbff29e4fd996be8da6917e1
Branches Tags
muon:main
muon:homelab
muon:vps
muon:container
muon:fresh
muon:i3
muon:hyprland
muon:refactor
muon:legacy
..
compare: muon:5bdf9e3a2c97bcb499369792f467ba4fbe84b450
Branches Tags
muon:main
muon:homelab
muon:vps
muon:container
muon:fresh
muon:i3
muon:hyprland
muon:refactor
muon:legacy

No commits in common. "b1fdab737cca1017dbff29e4fd996be8da6917e1" and "5bdf9e3a2c97bcb499369792f467ba4fbe84b450" have entirely different histories.
b1fdab737c ... 5bdf9e3a2c

9 changed files with 273 additions and 330 deletions
Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -25,7 +25,7 @@ sudo cp {/mnt,/mnt/persist}/etc/machine-id
## Erasure ## Erasure
```nix ```nix
boot.initrd.postResumeCommands = lib.mkAfter /* bash */ '' boot.initrd.postResumeCommands = lib.mkAfter ''
mkdir /btrfs_tmp mkdir /btrfs_tmp
mount /dev/mapper/crypted /btrfs_tmp mount /dev/mapper/crypted /btrfs_tmp
if [[ -e /btrfs_tmp/root ]]; then if [[ -e /btrfs_tmp/root ]]; then

4
hosts/muvo/home.nix
View file

@ -21,7 +21,6 @@ in {
mods.desktop.development.enable = true; mods.desktop.development.enable = true;
mods.desktop.productivity.enable = false; mods.desktop.productivity.enable = false;
mods.zen.enable = true; mods.zen.enable = true;
mods.theme.slideshow.enable = true;
home.packages = with pkgs; [ home.packages = with pkgs; [
pulseaudio pulseaudio
@ -36,6 +35,9 @@ in {
enable = true; enable = true;
hooks.postswitch = { hooks.postswitch = {
"notify-i3" = "${pkgs.i3}/bin/i3-msg restart"; "notify-i3" = "${pkgs.i3}/bin/i3-msg restart";
"set-wallpaper" = ''
${lib.getExe pkgs.feh} --bg-fill --nofehbg ${./wallpaper.png}
'';
}; };
}; };

1
modules/home/desktop/default.nix
View file

@ -14,7 +14,6 @@ in {
./productivity.nix ./productivity.nix
./media.nix ./media.nix
./zen.nix ./zen.nix
./theme.nix
]; ];
mods.hyprland.enable = lib.mkIf cfg.wayland.enable true; mods.hyprland.enable = lib.mkIf cfg.wayland.enable true;

8
modules/home/desktop/development.nix
View file

@ -12,9 +12,7 @@
programs.nyxt = { programs.nyxt = {
enable = false; enable = false;
config = config = ''
# lisp
''
(in-package #:nyxt-user) (in-package #:nyxt-user)
(defvar *my-search-engines* (defvar *my-search-engines*
@ -75,9 +73,7 @@
hm = "https://home-manager-options.extranix.com/?release=master&query={}"; hm = "https://home-manager-options.extranix.com/?release=master&query={}";
}; };
extraConfig = extraConfig = ''
# py
''
host = c.content.blocking.hosts.lists.append host = c.content.blocking.hosts.lists.append
host("https://www.github.developerdan.com/hosts/lists/facebook-extended.txt") host("https://www.github.developerdan.com/hosts/lists/facebook-extended.txt")

24
modules/home/desktop/theme.nix
View file

@ -1,24 +0,0 @@
{
lib,
config,
...
}: let
cfg = config.mods.theme.slideshow;
in {
options.mods.theme.slideshow = {
enable = lib.mkEnableOption "enables slideshow wallpaper";
folder = lib.mkOption {
default = "%h/misc/pictures/wallpapers";
description = "slideshow wallpaper folder";
};
};
config = lib.mkIf cfg.enable {
services.random-background = lib.mkIf cfg.enable {
enable = true;
imageDirectory = cfg.folder;
enableXinerama = true;
interval = "1s";
};
};
}

16
modules/nixos/impermanence.nix
View file

@ -1,22 +1,14 @@
{ { pkgs, lib, config, ... }:
pkgs,
lib,
config,
...
}:
with lib; { with lib; {
options.mods.impermanence.enable = mkEnableOption "enables impermanence"; options.mods.impermanence.enable = mkEnableOption "enables impermanence";
config = mkIf config.mods.impermanence.enable { config = mkIf config.mods.impermanence.enable {
environment.persistence."/persist" = { environment.persistence."/persist" = {
directories = ["/var/lib/nixos" "/var/lib/systemd/coredump"]; directories = [ "/var/lib/nixos" "/var/lib/systemd/coredump" ];
files = ["/var/lib/sops-nix/key.txt" "/etc/machine-id"]; files = [ "/var/lib/sops-nix/key.txt" "/etc/machine-id" ];
}; };
boot.initrd.postResumeCommands = boot.initrd.postResumeCommands = lib.mkAfter ''
lib.mkAfter # sh
''
mkdir /btrfs_tmp mkdir /btrfs_tmp
mount /dev/mapper/crypted /btrfs_tmp mount /dev/mapper/crypted /btrfs_tmp
if [[ -e /btrfs_tmp/root ]]; then if [[ -e /btrfs_tmp/root ]]; then

71
modules/nixos/server/grav/service.nix
View file

@ -1,20 +1,10 @@
{ { config, lib, pkgs, ... }:
config,
lib, let
pkgs,
... inherit (lib)
}: let generators mapAttrs mkDefault mkEnableOption mkIf mkPackageOption mkOption
inherit types;
(lib)
generators
mapAttrs
mkDefault
mkEnableOption
mkIf
mkPackageOption
mkOption
types
;
cfg = config.mods.services.grav; cfg = config.mods.services.grav;
@ -22,9 +12,9 @@
poolName = "grav"; poolName = "grav";
pkgs_grav = pkgs.callPackage ./package.nix {}; pkgs_grav = pkgs.callPackage ./package.nix { };
servedRoot = pkgs.runCommand "grav-served-root" {} '' servedRoot = pkgs.runCommand "grav-served-root" { } ''
cp --reflink=auto --no-preserve=mode -r ${pkgs_grav} $out cp --reflink=auto --no-preserve=mode -r ${pkgs_grav} $out
for p in assets images user system/config; do for p in assets images user system/config; do
@ -32,8 +22,10 @@
ln -sf /var/lib/grav/$p $out/$p ln -sf /var/lib/grav/$p $out/$p
done done
''; '';
# systemSettingsYaml = # systemSettingsYaml =
# yamlFormat.generate "grav-settings.yaml" cfg.systemSettings; # yamlFormat.generate "grav-settings.yaml" cfg.systemSettings;
in { in {
options.mods.services.grav = { options.mods.services.grav = {
enable = mkEnableOption "grav"; enable = mkEnableOption "grav";
@ -78,7 +70,7 @@ in {
default = 3000; default = 3000;
}; };
phpPackage = mkPackageOption pkgs "php" {}; phpPackage = mkPackageOption pkgs "php" { };
maxUploadSize = mkOption { maxUploadSize = mkOption {
type = types.str; type = types.str;
@ -105,10 +97,7 @@ in {
group = "grav"; group = "grav";
phpPackage = cfg.phpPackage.buildEnv { phpPackage = cfg.phpPackage.buildEnv {
extensions = { extensions = { all, enabled }:
all,
enabled,
}:
with all; [ with all; [
apcu apcu
ctype ctype
@ -126,9 +115,8 @@ in {
zip zip
]; ];
extraConfig = extraConfig = generators.toKeyValue {
generators.toKeyValue { mkKeyValue = generators.mkKeyValueDefault { } " = ";
mkKeyValue = generators.mkKeyValueDefault {} " = ";
} { } {
output_buffering = "0"; output_buffering = "0";
short_open_tag = "Off"; short_open_tag = "Off";
@ -181,12 +169,10 @@ in {
${cfg.virtualHost} = { ${cfg.virtualHost} = {
root = "${servedRoot}"; root = "${servedRoot}";
listen = [ listen = [{
{
addr = cfg.addr; addr = cfg.addr;
port = cfg.port; port = cfg.port;
} }];
];
locations = { locations = {
"= /robots.txt" = { "= /robots.txt" = {
@ -216,7 +202,8 @@ in {
}; };
# deny running scripts inside core system folders # deny running scripts inside core system folders
"~* /(system|vendor)/.*\\.(txt|xml|md|html|htm|shtml|shtm|json|yaml|yml|php|php2|php3|php4|php5|phar|phtml|pl|py|cgi|twig|sh|bat)$" = { "~* /(system|vendor)/.*\\.(txt|xml|md|html|htm|shtml|shtm|json|yaml|yml|php|php2|php3|php4|php5|phar|phtml|pl|py|cgi|twig|sh|bat)$" =
{
priority = 300; priority = 300;
extraConfig = '' extraConfig = ''
return 403; return 403;
@ -224,7 +211,8 @@ in {
}; };
# deny running scripts inside user folder # deny running scripts inside user folder
"~* /user/.*\\.(txt|md|json|yaml|yml|php|php2|php3|php4|php5|phar|phtml|pl|py|cgi|twig|sh|bat)$" = { "~* /user/.*\\.(txt|md|json|yaml|yml|php|php2|php3|php4|php5|phar|phtml|pl|py|cgi|twig|sh|bat)$" =
{
priority = 300; priority = 300;
extraConfig = '' extraConfig = ''
return 403; return 403;
@ -232,7 +220,8 @@ in {
}; };
# deny access to specific files in the root folder # deny access to specific files in the root folder
"~ /(LICENSE\\.txt|composer\\.lock|composer\\.json|nginx\\.conf|web\\.config|htaccess\\.txt|\\.htaccess)" = { "~ /(LICENSE\\.txt|composer\\.lock|composer\\.json|nginx\\.conf|web\\.config|htaccess\\.txt|\\.htaccess)" =
{
priority = 300; priority = 300;
extraConfig = '' extraConfig = ''
return 403; return 403;
@ -256,9 +245,7 @@ in {
}; };
}; };
extraConfig = extraConfig = ''
# sh
''
index index.php index.html /index.php$request_uri; index index.php index.html /index.php$request_uri;
add_header X-Content-Type-Options nosniff; add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block"; add_header X-XSS-Protection "1; mode=block";
@ -281,10 +268,8 @@ in {
}; };
}; };
systemd.tmpfiles.rules = let systemd.tmpfiles.rules = let datadir = "/var/lib/grav";
datadir = "/var/lib/grav"; in map (dir: "d '${dir}' 0750 grav grav - -") [
in
map (dir: "d '${dir}' 0750 grav grav - -") [
"/var/cache/grav" "/var/cache/grav"
"${datadir}/assets" "${datadir}/assets"
"${datadir}/backup" "${datadir}/backup"
@ -302,7 +287,7 @@ in {
systemd.services = { systemd.services = {
"phpfpm-${poolName}" = mkIf (cfg.pool == "${poolName}") { "phpfpm-${poolName}" = mkIf (cfg.pool == "${poolName}") {
# restartTriggers = [ servedRoot systemSettingsYaml ]; # restartTriggers = [ servedRoot systemSettingsYaml ];
restartTriggers = [servedRoot]; restartTriggers = [ servedRoot ];
serviceConfig = { serviceConfig = {
ExecStartPre = pkgs.writeShellScript "grav-pre-start" '' ExecStartPre = pkgs.writeShellScript "grav-pre-start" ''
@ -344,6 +329,6 @@ in {
group = "grav"; group = "grav";
}; };
users.groups.grav = {members = [config.services.nginx.user];}; users.groups.grav = { members = [ config.services.nginx.user ]; };
}; };
} }

31
modules/nixos/server/nginx.nix
View file

@ -1,12 +1,9 @@
{ { pkgs, lib, config, ... }:
pkgs, let
lib,
config,
...
}: let
cfg = config.mods.server.nginx; cfg = config.mods.server.nginx;
in
with lib; { in with lib; {
options.mods.server.nginx = { options.mods.server.nginx = {
enable = mkEnableOption { enable = mkEnableOption {
default = false; default = false;
@ -25,14 +22,14 @@ in
ports = mkOption { ports = mkOption {
type = types.attrsOf (types.ints.u16); type = types.attrsOf (types.ints.u16);
default = {}; default = { };
}; };
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
# ACME won't be able to authenticate your domain # ACME won't be able to authenticate your domain
# if ports 80 & 443 aren't open in your firewall. # if ports 80 & 443 aren't open in your firewall.
networking.firewall = {allowedTCPPorts = [443 80];}; networking.firewall = { allowedTCPPorts = [ 443 80 ]; };
security.acme.defaults.email = "acme@muon.host"; security.acme.defaults.email = "acme@muon.host";
security.acme.acceptTerms = true; security.acme.acceptTerms = true;
@ -47,9 +44,7 @@ in
# Only allow PFS-enabled ciphers with AES256 # Only allow PFS-enabled ciphers with AES256
# sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL"; # sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
appendHttpConfig = appendHttpConfig = ''
# sh
''
# Add HSTS header with preloading to HTTPS requests. # Add HSTS header with preloading to HTTPS requests.
# Adding this header to HTTP requests is discouraged # Adding this header to HTTP requests is discouraged
# map $scheme $hsts_header { # map $scheme $hsts_header {
@ -101,12 +96,10 @@ in
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };
in in mapAttrs' (name: port:
mapAttrs' (name: port: nameValuePair ("${name}.${cfg.domain}")
nameValuePair "${name}.${cfg.domain}"
# (proxy port // { default = true; })) cfg.ports; # (proxy port // { default = true; })) cfg.ports;
(proxy port)) (proxy port)) cfg.ports;
cfg.ports;
}; };
}; };
} }

16
modules/nixos/theme/default.nix
View file

@ -20,17 +20,18 @@ in {
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
stylix = { stylix.enable = true;
enable = true; stylix.autoEnable = true;
autoEnable = true; stylix.base16Scheme = cfg.scheme;
base16Scheme = cfg.scheme; stylix.image = cfg.wallpaper;
image = cfg.wallpaper;
cursor = { stylix.cursor = {
name = "phinger-cursors-light"; name = "phinger-cursors-light";
package = pkgs.phinger-cursors; package = pkgs.phinger-cursors;
size = 16; size = 16;
}; };
fonts = {
stylix.fonts = {
monospace = { monospace = {
package = pkgs.nerd-fonts.commit-mono; package = pkgs.nerd-fonts.commit-mono;
name = "CommitMono Nerd Font"; name = "CommitMono Nerd Font";
@ -42,7 +43,6 @@ in {
serif = config.stylix.fonts.monospace; serif = config.stylix.fonts.monospace;
sansSerif = config.stylix.fonts.monospace; sansSerif = config.stylix.fonts.monospace;
}; };
};
fonts.packages = with pkgs; [ fonts.packages = with pkgs; [
openmoji-color openmoji-color