blahai/nyx
1
0
Fork 0
mirror of https://github.com/blahai/nyx.git synced 2025-06-08 20:13:03 -04:00
Code Issues Projects Releases Packages Wiki Activity

a lot of shit also baibai home manager, hello hjem

Browse source
This commit is contained in:
blahai 2025-01-26 20:11:01 +02:00
parent bc82345beb
commit 2c8f822b83
No known key found for this signature in database
37 changed files with 1277 additions and 168 deletions
Download patch file Download diff file Expand all files Collapse all files

55
modules/flake/lib/default.nix Normal file
View file

@ -0,0 +1,55 @@
# following https://github.com/NixOS/nixpkgs/blob/77ee426a4da240c1df7e11f48ac6243e0890f03e/lib/default.nix
# as a rough template we can create our own extensible lib and expose it to the flake
# we can then use that elsewhere like our hosts
{inputs, ...}: let
lib0 = inputs.nixpkgs.lib;
olympusLib = lib0.makeExtensible (
self: let
lib = self;
in {
template = import ./template; # templates, selections of code that are repeated
helpers = import ./helpers.nix {inherit lib;};
programs = import ./programs.nix {inherit lib;};
secrets = import ./secrets.nix {inherit inputs;};
services = import ./services.nix {inherit lib;};
validators = import ./validators.nix {inherit lib;};
# we have to rexport the functions we want to use, but don't want to refer to the whole lib
# "path". e.g. lib.hardware.isx86Linux can be shortened to lib.isx86Linux
# NOTE: never rexport templates
inherit (self.builders) mkSystems;
inherit
(self.helpers)
mkPubs
giturl
filterNixFiles
importNixFiles
importNixFilesAndDirs
boolToNum
containsStrings
indexOf
intListToStringList
;
inherit (self.programs) mkProgram;
inherit (self.secrets) mkSecret mkSecretWithPath;
inherit (self.services) mkGraphicalService mkHyprlandService mkServiceOption;
inherit
(self.validators)
ifTheyExist
isAcceptedDevice
isWayland
ifOneEnabled
isModernShell
anyHome
;
}
);
# we need to extend olympusLib with the nixpkgs lib to get the full set of functions
# if we do it the otherway around we will get errors saying mkMerge and so on don't exist
finalLib = olympusLib.extend (_: _: lib0);
in {
flake.lib = finalLib;
perSystem._module.args.lib = finalLib;
}

320
modules/flake/lib/helpers.nix Normal file
View file

@ -0,0 +1,320 @@
{ lib }:
let
inherit (lib.lists) forEach filter;
inherit (lib.attrsets) filterAttrs mapAttrsToList;
inherit (lib.filesystem) listFilesRecursive;
inherit (lib.strings) hasSuffix;
/**
filter files for the .nix suffix
# Arguments
- [k] they key, which is the file name
- [v] the value, which is the type of the file
# Type
```
filterNixFiles :: String -> String -> Bool
```
# Example
```nix
filterNixFiles "default.nix" "regular"
=> true
```
*/
filterNixFiles = k: v: v == "regular" && hasSuffix ".nix" k;
/**
Import all file that filterNixFiles allows for
# Arguments
- [path] the path to the directory
# Type
```
importNixFiles :: String -> List
```
# Example
```nix
importNixFiles ./.
=> [ {...} ]
```
*/
importNixFiles =
path:
(forEach (
mapAttrsToList (name: _: path + ("/" + name)) (filterAttrs filterNixFiles (builtins.readDir path))
))
import;
/**
import all nix files and directories
# Arguments
- [dir] the directory to search for nix files
# Type
```
importNixFilesAndDirs :: String -> List
```
# Example
```nix
importNixFilesAndDirs ./.
=> [ "flake.nix" ]
```
*/
importNixFilesAndDirs = dir: filter (f: f != "default.nix") (listFilesRecursive dir);
/**
return an int based on boolean value
# Arguments
- [bool] the boolean value
# Type
```
boolToNum :: Bool -> Int
```
# Example
```nix
boolToNum true
=> 1
```
*/
boolToNum = bool: if bool then 1 else 0;
/**
convert a list of integers to a list of string
# Arguments
- [list] the list of integers
# Type
```
intListToStringList :: List -> List
```
# Example
```nix
intListToStringList [1 2 3]
=> ["1" "2" "3"]
```
*/
intListToStringList = list: map (toString list);
/**
a function that returns the index of an element in a list
# Arguments
- [list] the list to search in
- [elem] the element to search for
# Type
```
indexOf :: List -> Any -> Int
```
# Example
```nix
indexOf [1 2 3] 2
=> 1
```
*/
indexOf =
list: elem:
let
f =
f: i:
if i == (builtins.length list) then
null
else if (builtins.elemAt list i) == elem then
i
else
f f (i + 1);
in
f f 0;
/**
a function that checks if a list contains a list of given strings
# Arguments
- [list] the list to search in
- [targetStrings] the list of strings to search for
# Type
```
containsStrings :: List -> List -> Bool
```
# Example
```nix
containsStrings ["a" "b" "c"] ["a" "b"]
=> true
```
*/
containsStrings =
list: targetStrings: builtins.all (s: builtins.any (x: x == s) list) targetStrings;
/**
Create git url aliases for a given domain
# Arguments
- [domain] the domain to create the alias for
- [alias] the alias to use
- [user] the user to use, this defaults to "git"
- [port] the port to use, this is optional
# Type
```
giturl :: (String -> String -> String -> Int) -> AttrSet
```
# Example
```nix
giturl { domain = "github.com"; alias = "gh"; }
=> {
"https://github.com/".insteadOf = "gh:";
"ssh://git@github.com/".pushInsteadOf = "gh:";
}
```
*/
giturl =
{
domain,
alias,
user ? "git",
port ? null,
...
}:
{
"https://${domain}/".insteadOf = "${alias}:";
"ssh://${user}@${domain}${
if (builtins.isNull port) then
""
else if (builtins.isInt port) then
":" + (builtins.toString port)
else
":" + port
}/".pushInsteadOf =
"${alias}:";
};
/**
Create a public key for a given host
# Arguments
- [host] the host to create the public key for
- [key] this is a attrset with the key type and key
# Type
```
mkPub :: (String -> AttrSet -> AttrSet) -> String -> AttrSet -> AttrSet
```
# Example
```nix
mkPub "github.com" {
type = "rsa";
key = "AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==";
}
=> {
"github.com-rsa" = {
hostNames = [ "github.com" ];
publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==";
};
}
```
*/
mkPub = host: key: {
"${host}-${key.type}" = {
hostNames = [ host ];
publicKey = "ssh-${key.type} ${key.key}";
};
};
/**
Create public keys for a given host
# Arguments
- [host] the host to create the public keys for
- [keys] the list of keys to create
# Type
```
mkPubs :: (String -> List) -> String -> List -> AttrSet
```
# Example
```nix
mkPubs "github.com" [
{
type = "rsa";
key = "AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==";
}
{
type = "ed25519";
key = "AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl";
}
]
=> {
"github.com-ed25519" = {
hostNames = [ "github.com" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl";
};
"github.com-rsa" = {
hostNames = [ "github.com" ];
publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==";
};
}
```
*/
mkPubs = host: keys: lib.foldl' (acc: key: acc // mkPub host key) { } keys;
in
{
inherit
mkPub
mkPubs
giturl
filterNixFiles
importNixFiles
importNixFilesAndDirs
boolToNum
containsStrings
indexOf
intListToStringList
;
}

15
modules/flake/lib/programs.nix Normal file
View file

@ -0,0 +1,15 @@
{ lib }:
let
inherit (lib.options) mkEnableOption mkPackageOption;
inherit (lib.attrsets) recursiveUpdate;
mkProgram =
pkgs: name: extraConfig:
recursiveUpdate {
enable = mkEnableOption "Enable ${name}";
package = mkPackageOption pkgs name { };
} extraConfig;
in
{
inherit mkProgram;
}

99
modules/flake/lib/secrets.nix Normal file
View file

@ -0,0 +1,99 @@
{ inputs }:
let
inherit (inputs) self;
/**
Create secrets for use with `agenix`.
# Arguments
- [file] the age file to use for the secret
- [owner] the owner of the secret, this defaults to "root"
- [group] the group of the secret, this defaults to "root"
- [mode] the permissions of the secret, this defaults to "400"
# Type
```
mkSecret :: (String -> String -> String -> String) -> AttrSet
```
# Example
```nix
mkSecret { file = "./my-secret.age"; }
=> {
file = "./my-secret.age";
owner = "root";
group = "root";
mode = "400";
}
```
*/
mkSecret =
{
file,
owner ? "root",
group ? "root",
mode ? "400",
...
}:
{
file = "${self}/secrets/${file}.age";
inherit owner group mode;
};
/**
A light wrapper around mkSecret that allows you to specify the output path
# Arguments
- [file] the age file to use for the secret
- [owner] the owner of the secret, this defaults to "root"
- [group] the group of the secret, this defaults to "root"
- [mode] the permissions of the secret, this defaults to "400"
- [path] the path to output the secret to
# Type
```
mkSecretWithPath :: (String -> String -> String -> String -> String) -> AttrSet
```
# Example
```nix
mkSecret { file = "./my-secret.age"; path = "/etc/my-secret"; }
=> {
file = "./my-secret.age";
path = "/etc/my-secret";
owner = "root";
group = "root";
mode = "400";
}
```
*/
mkSecretWithPath =
{
file,
path,
owner ? "root",
group ? "root",
mode ? "400",
...
}:
mkSecret {
inherit
file
owner
group
mode
;
}
// {
inherit path;
};
in
{
inherit mkSecret mkSecretWithPath;
}

65
modules/flake/lib/services.nix Normal file
View file

@ -0,0 +1,65 @@
{ lib }:
let
inherit (lib.types) str;
inherit (lib.options) mkOption mkEnableOption;
inherit (lib.attrsets) recursiveUpdate;
mkGraphicalService = recursiveUpdate {
Unit.PartOf = [ "graphical-session.target" ];
Unit.After = [ "graphical-session.target" ];
Install.WantedBy = [ "graphical-session.target" ];
};
mkHyprlandService = recursiveUpdate {
Unit.PartOf = [ "graphical-session.target" ];
Unit.After = [ "graphical-session.target" ];
Install.WantedBy = [ "hyprland-session.target" ];
};
/**
A quick way to use my services abstraction
# Arguments
- [name]: The name of the service
# Type
```
mkServiceOption :: String -> (Int -> String -> String -> AttrSet) -> AttrSet
```
*/
mkServiceOption =
name:
{
port ? 0,
host ? "127.0.0.1",
domain ? "",
extraConfig ? { },
}:
{
enable = mkEnableOption "Enable the ${name} service";
host = mkOption {
type = str;
default = host;
description = "The host for ${name} service";
};
port = mkOption {
type = lib.types.port;
default = port;
description = "The port for ${name} service";
};
domain = mkOption {
type = str;
default = domain;
description = "Domain name for the ${name} service";
};
}
// extraConfig;
in
{
inherit mkGraphicalService mkHyprlandService mkServiceOption;
}

35
modules/flake/lib/template/default.nix Normal file
View file

@ -0,0 +1,35 @@
let
# this is a forced SSL template for Nginx
# returns the attribute set with our desired settings
systemd = {
LockPersonality = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateIPC = true;
PrivateTmp = true;
PrivateUsers = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
ProtectSystem = "strict";
RestrictNamespaces = "uts ipc pid user cgroup";
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
SystemCallFilter = ["@system-service"];
UMask = "0077";
};
xdg = import ./xdg.nix;
in {
inherit
systemd
xdg
;
}

100
modules/flake/lib/template/xdg.nix Normal file
View file

@ -0,0 +1,100 @@
# You can generate something like this using xdg-ninja
let
XDG_CONFIG_HOME = "$HOME/.config";
XDG_CACHE_HOME = "$HOME/.cache";
XDG_DATA_HOME = "$HOME/.local/share";
XDG_STATE_HOME = "$HOME/.local/state";
XDG_BIN_HOME = "$HOME/.local/bin";
XDG_RUNTIME_DIR = "/run/user/$UID";
in
{
# global env
glEnv = {
inherit
XDG_CONFIG_HOME
XDG_CACHE_HOME
XDG_DATA_HOME
XDG_STATE_HOME
XDG_BIN_HOME
XDG_RUNTIME_DIR
;
PATH = [ "$XDG_BIN_HOME" ];
};
sysEnv = {
# desktop
KDEHOME = "${XDG_CONFIG_HOME}/kde";
XCOMPOSECACHE = "${XDG_CACHE_HOME}/X11/xcompose";
ERRFILE = "${XDG_CACHE_HOME}/X11/xsession-errors";
WINEPREFIX = "${XDG_DATA_HOME}/wine";
# programs
GNUPGHOME = "${XDG_DATA_HOME}/gnupg";
LESSHISTFILE = "${XDG_DATA_HOME}/less/history";
CUDA_CACHE_PATH = "${XDG_CACHE_HOME}/nv";
STEPPATH = "${XDG_DATA_HOME}/step";
WAKATIME_HOME = "${XDG_CONFIG_HOME}/wakatime";
INPUTRC = "${XDG_CONFIG_HOME}/readline/inputrc";
PLATFORMIO_CORE_DIR = "${XDG_DATA_HOME}/platformio";
DOTNET_CLI_HOME = "${XDG_DATA_HOME}/dotnet";
MPLAYER_HOME = "${XDG_CONFIG_HOME}/mplayer";
SQLITE_HISTORY = "${XDG_CACHE_HOME}/sqlite_history";
# programming
ANDROID_HOME = "${XDG_DATA_HOME}/android";
ANDROID_USER_HOME = "${XDG_DATA_HOME}/android";
GRADLE_USER_HOME = "${XDG_DATA_HOME}/gradle";
IPYTHONDIR = "${XDG_CONFIG_HOME}/ipython";
JUPYTER_CONFIG_DIR = "${XDG_CONFIG_HOME}/jupyter";
GOPATH = "${XDG_DATA_HOME}/go";
M2_HOME = "${XDG_DATA_HOME}/m2";
CARGO_HOME = "${XDG_DATA_HOME}/cargo";
RUSTUP_HOME = "${XDG_DATA_HOME}/rustup";
STACK_ROOT = "${XDG_DATA_HOME}/stack";
STACK_XDG = 1;
NODE_REPL_HISTORY = "${XDG_DATA_HOME}/node_repl_history";
NPM_CONFIG_CACHE = "${XDG_CACHE_HOME}/npm";
NPM_CONFIG_TMP = "${XDG_RUNTIME_DIR}/npm";
NPM_CONFIG_USERCONFIG = "${XDG_CONFIG_HOME}/npm/config";
};
npmrc.text = ''
prefix=''${XDG_DATA_HOME}/npm
cache=''${XDG_CACHE_HOME}/npm
init-module=''${XDG_CONFIG_HOME}/npm/config/npm-init.js
'';
pythonrc.text = ''
import os
import atexit
import readline
from pathlib import Path
if readline.get_current_history_length() == 0:
state_home = os.environ.get("XDG_STATE_HOME")
if state_home is None:
state_home = Path.home() / ".local" / "state"
else:
state_home = Path(state_home)
history_path = state_home / "python_history"
if history_path.is_dir():
raise OSError(f"'{history_path}' cannot be a directory")
history = str(history_path)
try:
readline.read_history_file(history)
except OSError: # Non existent
pass
def write_history():
try:
readline.write_history_file(history)
except OSError:
pass
atexit.register(write_history)
'';
}

128
modules/flake/lib/validators.nix Normal file
View file

@ -0,0 +1,128 @@
{lib, ...}: let
inherit (lib.attrsets) getAttrFromPath;
inherit
(builtins)
elem
filter
hasAttr
any
;
/*
*
a function that will append a list of groups if they exist in config.users.groups
# Arguments
- [config] the configuration that nixosConfigurations provides
- [groups] a list of groups to check for
# Type
```
ifTheyExist :: AttrSet -> List -> List
```
# Example
```nix
ifTheyExist config ["wheel" "users"]
=> ["wheel"]
```
*/
ifTheyExist = config: groups: filter (group: hasAttr group config.users.groups) groups;
/*
*
convenience function check if the declared device type is of an accepted type
# Arguments
- [config] the configuration that nixosConfigurations provides
- [list] a list of devices that will be accepted
# Type
```
isAcceptedDevice :: AttrSet -> List -> Bool
```
# Example
```nix
isAcceptedDevice osConfig ["foo" "bar"]
=> false
```
*/
isAcceptedDevice = conf: list: elem conf.olympus.device.type list;
/*
*
check if the device is wayland-ready
# Arguments
- [config] the configuration that nixosConfigurations provides
# Type
```
isWayland :: AttrSet -> Bool
```
# Example
```nix
isWayland osConfig
=> true
```
*/
isWayland = conf: conf.olympus.meta.isWayland;
/*
*
check if the device is modernShell-ready
# Arguments
- [config] the configuration that nixosConfigurations provides
# Type
```
isModernShell :: AttrSet -> Bool
```
# Example
```nix
isModernShell osConfig
=> true
```
*/
isModernShell = conf: conf.olympus.programs.cli.enable && conf.olympus.programs.cli.modernShell.enable;
anyHome = conf: cond: path: let
list =
map (
user:
getAttrFromPath (
[
"users"
user
]
++ path
)
conf
)
conf.olympus.system.users;
in
any cond list;
in {
inherit
ifTheyExist
isAcceptedDevice
isWayland
isModernShell
anyHome
;
}