commit 21e0b1dc9e9e22420b9cd8f795c2743576a6acb1 parent b72326f0fbb7274e3c00cbd9a1c1c9e904c6af0a Author: breadcat <breadcat@users.noreply.github.com> Date: Thu, 28 May 2026 15:18:38 +0100 Grandiose restructure of all variable related code Diffstat:
43 files changed, 211 insertions(+), 232 deletions(-)
diff --git a/common/autologin.nix b/common/autologin.nix @@ -1,5 +1,5 @@ -{ username, ... }: +{ vars, ... }: { - services.getty.autologinUser = "${username}"; + services.getty.autologinUser = "${vars.user.username}"; } diff --git a/common/docker-webdev.nix b/common/docker-webdev.nix @@ -1,8 +1,8 @@ -{ config, lib, username, ... }: +{ config, lib, vars, ... }: let - webdevDir = "/home/${username}/vault/src/webdev"; + webdevDir = "/home/${vars.user.username}/vault/src/webdev"; domainExtensions = [ ".com" ".net" ".org" ".co.uk" ".dev" ]; domains = builtins.attrNames ( diff --git a/common/docker.nix b/common/docker.nix @@ -1,9 +1,9 @@ -{ pkgs, username, domain, timezone, todosecret, htpasswd, vpnusername, vpnpassword, ... }: { +{ pkgs, vars, ... }: { # Runtime virtualisation.docker.enable = true; virtualisation.docker.autoPrune.enable = true; - users.extraUsers.${username}.extraGroups = ["docker"]; + users.extraUsers.${vars.user.username}.extraGroups = ["docker"]; # Create Network systemd.services.docker-create-proxy-network = { @@ -30,9 +30,9 @@ autoStart = true; dependsOn = [ "caddy" ]; image = "ckulka/baikal:nginx"; - labels = { "caddy" = "dav.${domain}"; "caddy.reverse_proxy" = "{{upstreams 80}}"; }; + labels = { "caddy" = "dav.${vars.user.domain}"; "caddy.reverse_proxy" = "{{upstreams 80}}"; }; networks = [ "proxy" ]; - volumes = [ "/home/${username}/docker/baikal:/var/www/baikal/Specific" "/home/${username}/docker/baikal:/var/www/baikal/config" ]; + volumes = [ "/home/${vars.user.username}/docker/baikal:/var/www/baikal/Specific" "/home/${vars.user.username}/docker/baikal:/var/www/baikal/config" ]; }; caddy = { @@ -41,7 +41,7 @@ image = "lucaslorentz/caddy-docker-proxy"; networks = [ "proxy" ]; ports = [ "80:80" "443:443" ]; - volumes = [ "/var/run/docker.sock:/var/run/docker.sock" "/home/${username}/docker/caddy:/data" ]; + volumes = [ "/var/run/docker.sock:/var/run/docker.sock" "/home/${vars.user.username}/docker/caddy:/data" ]; }; changedetection = { @@ -49,16 +49,16 @@ dependsOn = [ "caddy" ]; environment = { PGID = "100"; PUID = "1000"; LC_ALL = "en_US.UTF-8";}; image = "lscr.io/linuxserver/changedetection.io"; - labels = { "caddy" = "diff.${domain}"; "caddy.reverse_proxy" = "{{upstreams 5000}}"; }; + labels = { "caddy" = "diff.${vars.user.domain}"; "caddy.reverse_proxy" = "{{upstreams 5000}}"; }; networks = [ "proxy" ]; - volumes = [ "/home/${username}/docker/changedetection:/config" ]; + volumes = [ "/home/${vars.user.username}/docker/changedetection:/config" ]; }; docker-rss = { autoStart = true; dependsOn = [ "caddy" ]; image = "theconnman/docker-hub-rss"; - labels = { "caddy" = "dock.${domain}"; "caddy.reverse_proxy" = "{{upstreams 3000}}"; }; + labels = { "caddy" = "dock.${vars.user.domain}"; "caddy.reverse_proxy" = "{{upstreams 3000}}"; }; networks = [ "proxy" ]; }; @@ -67,48 +67,48 @@ dependsOn = [ "caddy" ]; cmd = [ "-H" "X-Forwarded-For" ]; image = "mpolden/echoip"; - labels = { "caddy" = "ip.${domain}"; "caddy.reverse_proxy" = "{{upstreams 8080}}"; }; + labels = { "caddy" = "ip.${vars.user.domain}"; "caddy.reverse_proxy" = "{{upstreams 8080}}"; }; networks = [ "proxy" ]; }; freshrss = { autoStart = true; dependsOn = [ "caddy" ]; - environment = { PGID = "100"; PUID = "1000"; TZ = "${timezone}";}; + environment = { PGID = "100"; PUID = "1000"; TZ = "${vars.user.timezone}";}; image = "lscr.io/linuxserver/freshrss"; - labels = { "caddy" = "rss.${domain}"; "caddy.reverse_proxy" = "{{upstreams 80}}"; }; + labels = { "caddy" = "rss.${vars.user.domain}"; "caddy.reverse_proxy" = "{{upstreams 80}}"; }; networks = [ "proxy" ]; - volumes = [ "/home/${username}/docker/freshrss:/config" ]; + volumes = [ "/home/${vars.user.username}/docker/freshrss:/config" ]; }; h5ai = { autoStart = true; dependsOn = [ "caddy" ]; - environment = { PGID = "100"; PUID = "1000"; TZ = "${timezone}";}; + environment = { PGID = "100"; PUID = "1000"; TZ = "${vars.user.timezone}";}; image = "awesometic/h5ai"; - labels = { "caddy" = "pub.${domain}"; "caddy.reverse_proxy" = "{{upstreams 80}}"; "caddy.basic_auth" = "/.tank/*"; "caddy.basic_auth.${username}" = "${htpasswd}";}; + labels = { "caddy" = "pub.${vars.user.domain}"; "caddy.reverse_proxy" = "{{upstreams 80}}"; "caddy.basic_auth" = "/.tank/*"; "caddy.basic_auth.${vars.user.username}" = "${vars.secrets.htpasswd}";}; networks = [ "proxy" ]; - volumes = [ "/home/${username}/vault/pub:/h5ai" "/tank/complete:/h5ai/.tank" "/home/${username}/docker/h5ai:/config/h5ai/" ]; + volumes = [ "/home/${vars.user.username}/vault/pub:/h5ai" "/tank/complete:/h5ai/.tank" "/home/${vars.user.username}/docker/h5ai:/config/h5ai/" ]; }; hugo = { autoStart = true; dependsOn = [ "caddy" ]; - cmd = [ "server" "--watch=true" "--disableLiveReload" "--minify" "--source=/src" "--baseURL=https://${domain}" "--bind=0.0.0.0" "--appendPort=false" "--buildFuture" ]; + cmd = [ "server" "--watch=true" "--disableLiveReload" "--minify" "--source=/src" "--baseURL=https://${vars.user.domain}" "--bind=0.0.0.0" "--appendPort=false" "--buildFuture" ]; image = "klakegg/hugo"; - labels = { "caddy" = "${domain}, blog.${domain}, www.${domain}"; "caddy.reverse_proxy" = "{{upstreams 1313}}"; }; + labels = { "caddy" = "${vars.user.domain}, blog.${vars.user.domain}, www.${vars.user.domain}"; "caddy.reverse_proxy" = "{{upstreams 1313}}"; }; networks = [ "proxy" ]; - volumes = [ "/home/${username}/vault/src/blog.${domain}:/src" ]; + volumes = [ "/home/${vars.user.username}/vault/src/blog.${vars.user.domain}:/src" ]; }; jackett = { autoStart = true; dependsOn = [ "caddy" ]; - environment = { PGID = "100"; PUID = "1000"; TZ = "${timezone}";}; + environment = { PGID = "100"; PUID = "1000"; TZ = "${vars.user.timezone}";}; image = "lscr.io/linuxserver/jackett"; - labels = { "caddy" = "jack.${domain}"; "caddy.reverse_proxy" = "{{upstreams 9117}}"; }; + labels = { "caddy" = "jack.${vars.user.domain}"; "caddy.reverse_proxy" = "{{upstreams 9117}}"; }; networks = [ "proxy" ]; - volumes = [ "/home/${username}/docker/jackett:/config" "/home/${username}/vault/watch:/downloads" ]; + volumes = [ "/home/${vars.user.username}/docker/jackett:/config" "/home/${vars.user.username}/vault/watch:/downloads" ]; }; stagit = { @@ -116,9 +116,9 @@ dependsOn = [ "caddy" ]; environment = { PGID = "100"; PUID = "1000";}; image = "lscr.io/linuxserver/nginx"; - labels = { "caddy" = "git.${domain}"; "caddy.reverse_proxy" = "{{upstreams 80}}"; }; + labels = { "caddy" = "git.${vars.user.domain}"; "caddy.reverse_proxy" = "{{upstreams 80}}"; }; networks = [ "proxy" ]; - volumes = [ "/home/${username}/docker/stagit:/config/www:ro" ]; + volumes = [ "/home/${vars.user.username}/docker/stagit:/config/www:ro" ]; }; transmission = { @@ -126,12 +126,12 @@ capabilities = { NET_ADMIN = true; }; dependsOn = [ "caddy" ]; devices = [ "/dev/net/tun" ]; - environment = { PGID = "100"; PUID = "1000"; LOCAL_NETWORK = "10.0.0.0/24"; NORDVPN_CATEGORY = "p2p"; NORDVPN_COUNTRY = "GB"; OPENVPN_PASSWORD = "${vpnpassword}"; OPENVPN_PROVIDER = "NORDVPN"; OPENVPN_USERNAME = "${vpnusername}"; }; + environment = { PGID = "100"; PUID = "1000"; LOCAL_NETWORK = "10.0.0.0/24"; NORDVPN_CATEGORY = "p2p"; NORDVPN_COUNTRY = "GB"; OPENVPN_PASSWORD = "${vars.secrets.vpnpassword}"; OPENVPN_PROVIDER = "NORDVPN"; OPENVPN_USERNAME = "${vars.secrets.vpnusername}"; }; extraOptions = [ "--dns=8.8.8.8" "--dns=9.9.9.9" ]; image = "haugene/transmission-openvpn"; networks = [ "proxy" ]; ports = [ "9091:9091" "51413:51413" ]; - volumes = [ "/tank/complete:/data/completed" "/tank/incomplete:/data/incomplete" "/home/${username}/docker/transmission:/data/transmission-home" "/home/${username}/vault/watch:/data/watch" ]; + volumes = [ "/tank/complete:/data/completed" "/tank/incomplete:/data/incomplete" "/home/${vars.user.username}/docker/transmission:/data/transmission-home" "/home/${vars.user.username}/vault/watch:/data/watch" ]; }; transmission-proxy = { @@ -139,7 +139,7 @@ dependsOn = [ "caddy" "transmission" ]; extraOptions = [ "--link=transmission" ]; image = "haugene/transmission-openvpn-proxy"; - labels = { "caddy" = "tor.${domain}"; "caddy.reverse_proxy" = "{{upstreams 8080}}"; "caddy.basic_auth" = "*"; "caddy.basic_auth.${username}" = "${htpasswd}";}; + labels = { "caddy" = "tor.${vars.user.domain}"; "caddy.reverse_proxy" = "{{upstreams 8080}}"; "caddy.basic_auth" = "*"; "caddy.basic_auth.${vars.user.username}" = "${vars.secrets.htpasswd}";}; networks = [ "proxy" ]; }; @@ -150,7 +150,7 @@ extraOptions = [ "--link=transmission" ]; image = "haugene/transmission-rss"; networks = [ "proxy" ]; - volumes = [ "/home/${username}/docker/transmission-rss/config:/etc/transmission-rss.conf" "/home/${username}/docker/transmission-rss/seen:/etc/transmission-rss.seen" ]; + volumes = [ "/home/${vars.user.username}/docker/transmission-rss/config:/etc/transmission-rss.conf" "/home/${vars.user.username}/docker/transmission-rss/seen:/etc/transmission-rss.seen" ]; }; vaultwarden = { @@ -158,19 +158,19 @@ dependsOn = [ "caddy" ]; environment = { WEBSOCKET_ENABLED = "false"; SIGNUPS_ALLOWED = "false"; }; image = "vaultwarden/server:alpine"; - labels = { "caddy" = "pass.${domain}"; "caddy.reverse_proxy" = "{{upstreams 80}}"; }; + labels = { "caddy" = "pass.${vars.user.domain}"; "caddy.reverse_proxy" = "{{upstreams 80}}"; }; networks = [ "proxy" ]; - volumes = [ "/home/${username}/docker/vaultwarden:/data" ]; + volumes = [ "/home/${vars.user.username}/docker/vaultwarden:/data" ]; }; vikunja = { autoStart = true; dependsOn = [ "caddy" ]; - environment = { PGID = "100"; PUID = "1000"; VIKUNJA_SERVICE_ENABLEREGISTRATION = "false"; VIKUNJA_SERVICE_ENABLETASKCOMMENTS = "false"; VIKUNJA_SERVICE_JWTSECRET = "${todosecret}"; VIKUNJA_SERVICE_PUBLICURL = "https://todo.${domain}/"; VIKUNJA_SERVICE_TIMEZONE = "${timezone}";}; + environment = { PGID = "100"; PUID = "1000"; VIKUNJA_SERVICE_ENABLEREGISTRATION = "false"; VIKUNJA_SERVICE_ENABLETASKCOMMENTS = "false"; VIKUNJA_SERVICE_JWTSECRET = "${vars.secrets.todosecret}"; VIKUNJA_SERVICE_PUBLICURL = "https://todo.${vars.user.domain}/"; VIKUNJA_SERVICE_TIMEZONE = "${vars.user.timezone}";}; image = "vikunja/vikunja"; - labels = { "caddy" = "todo.${domain}"; "caddy.reverse_proxy" = "{{upstreams 3456}}"; }; + labels = { "caddy" = "todo.${vars.user.domain}"; "caddy.reverse_proxy" = "{{upstreams 3456}}"; }; networks = [ "proxy" ]; - volumes = [ "/home/${username}/docker/vikunja/db:/db" "/home/${username}/docker/vikunja/files:/app/vikunja/files" ]; + volumes = [ "/home/${vars.user.username}/docker/vikunja/db:/db" "/home/${vars.user.username}/docker/vikunja/files:/app/vikunja/files" ]; }; watchtower = { diff --git a/common/home-manager.nix b/common/home-manager.nix @@ -1,8 +1,8 @@ -{ machine, fullname, username, domain, email, sshkey, sshport, timezone, postcode, address, htpasswd, vpnusername, vpnpassword, todosecret, pdfpassword, privatekey, matrixuser, matrixserver }: +{ machine, vars }: let home-manager = builtins.fetchTarball "https://github.com/nix-community/home-manager/archive/release-25.11.tar.gz"; - all-variables = { inherit machine fullname username domain email sshkey sshport timezone postcode address htpasswd vpnusername vpnpassword todosecret pdfpassword privatekey matrixuser matrixserver; }; + all-variables = { inherit machine vars; }; in { diff --git a/common/hyprland.nix b/common/hyprland.nix @@ -14,7 +14,7 @@ xdg-utils ]; programs.hyprland.enable = true; - users.users.${username}.extraGroups = ["seat" "video"]; + users.users.${vars.user.username}.extraGroups = ["seat" "video"]; services.seatd.enable = true; xdg.portal = { diff --git a/common/kodi.nix b/common/kodi.nix @@ -1,4 +1,4 @@ -{ pkgs, username, ... }: +{ pkgs, vars, ... }: { # Package and Addons @@ -19,5 +19,5 @@ }; # Extra groups for Kodi CEC input - users.users.${username}.extraGroups = [ "networkmanager" "wheel" "input" "dialout" "video" ]; + users.users.${vars.user.username}.extraGroups = [ "networkmanager" "wheel" "input" "dialout" "video" ]; } diff --git a/common/locale.nix b/common/locale.nix @@ -1,10 +1,10 @@ -{ timezone, ... }: +{ vars, ... }: let locale = "en_GB.UTF-8"; in { - time.timeZone = "${timezone}"; + time.timeZone = "${vars.user.timezone}"; i18n.defaultLocale = locale; i18n.extraLocaleSettings = { LC_ADDRESS = locale; diff --git a/common/roles/bruschetta.nix b/common/roles/bruschetta.nix @@ -1,4 +1,4 @@ -{ config, pkgs, username, domain, ... }: +{ config, pkgs, vars, ... }: { # Systemd service @@ -9,22 +9,19 @@ serviceConfig = { Type = "simple"; - User = "${username}"; - WorkingDirectory = "/home/${username}/vault/src/bruschetta"; - ExecStart = "${pkgs.go}/bin/go run . -d /home/${username}/vault/pub -p 9091"; + User = "${vars.user.username}"; + WorkingDirectory = "/home/${vars.user.username}/vault/src/bruschetta"; + ExecStart = "${pkgs.go}/bin/go run . -d /home/${vars.user.username}/vault/pub -p 9091"; Restart = "on-failure"; RestartSec = "5s"; }; environment = { - HOME = "/home/${username}"; - GOPATH = "/home/${username}/go"; + HOME = "/home/${vars.user.username}"; + GOPATH = "/home/${vars.user.username}/go"; }; - path = with pkgs; [ - gcc - go - ]; + path = with pkgs; [ gcc go ]; }; diff --git a/common/roles/gnocchi.nix b/common/roles/gnocchi.nix @@ -1,4 +1,4 @@ -{ config, pkgs, username, domain, ... }: +{ config, pkgs, vars, ... }: { # Systemd service @@ -9,23 +9,19 @@ serviceConfig = { Type = "simple"; - User = "${username}"; - WorkingDirectory = "/home/${username}/vault/src/gnocchi"; - ExecStart = "${pkgs.go}/bin/go run . -f /home/${username}/vault/src/blog.${domain}/content/weight.md -p 9090"; + User = "${vars.user.username}"; + WorkingDirectory = "/home/${vars.user.username}/vault/src/gnocchi"; + ExecStart = "${pkgs.go}/bin/go run . -f /home/${vars.user.username}/vault/src/blog.${vars.user.domain}/content/weight.md -p 9090"; Restart = "on-failure"; RestartSec = "5s"; }; environment = { - HOME = "/home/${username}"; - GOPATH = "/home/${username}/go"; + HOME = "/home/${vars.user.username}"; + GOPATH = "/home/${vars.user.username}/go"; }; - path = with pkgs; [ - "/run/current-system/sw" # find blog-weight script here - gcc - go - ]; + path = with pkgs; [ "/run/current-system/sw" gcc go ]; }; diff --git a/common/roles/stromboli.nix b/common/roles/stromboli.nix @@ -1,4 +1,4 @@ -{ config, pkgs, username, ... }: +{ config, pkgs, vars, ... }: { # Systemd service @@ -9,8 +9,8 @@ serviceConfig = { Type = "simple"; - User = "${username}"; - WorkingDirectory = "/home/${username}/vault/src/stromboli"; + User = "${vars.user.username}"; + WorkingDirectory = "/home/${vars.user.username}/vault/src/stromboli"; ExecStart = "${pkgs.go}/bin/go run . -d /tank/media/videos/ -p 8080"; Restart = "on-failure"; RestartSec = "5s"; @@ -19,15 +19,11 @@ }; environment = { - HOME = "/home/${username}"; - GOPATH = "/home/${username}/go"; + HOME = "/home/${vars.user.username}"; + GOPATH = "/home/${vars.user.username}/go"; }; - path = with pkgs; [ - ffmpeg - gcc - go - ]; + path = with pkgs; [ ffmpeg gcc go ]; }; diff --git a/common/roles/tagliatelle.nix b/common/roles/tagliatelle.nix @@ -1,4 +1,4 @@ -{ config, pkgs, username, ... }: +{ config, pkgs, vars, ... }: { # Systemd service @@ -9,25 +9,19 @@ serviceConfig = { Type = "simple"; - User = "${username}"; - WorkingDirectory = "/home/${username}/vault/src/tagliatelle"; + User = "${vars.user.username}"; + WorkingDirectory = "/home/${vars.user.username}/vault/src/tagliatelle"; ExecStart = "${pkgs.go}/bin/go run . -d /tank/.x/tagliatelle -p 9816"; Restart = "on-failure"; RestartSec = "5s"; }; environment = { - HOME = "/home/${username}"; - GOPATH = "/home/${username}/go"; + HOME = "/home/${vars.user.username}"; + GOPATH = "/home/${vars.user.username}/go"; }; - path = with pkgs; [ - ffmpeg - gcc - git - go - yt-dlp - ]; + path = with pkgs; [ ffmpeg gcc git go yt-dlp ]; }; diff --git a/common/scanning.nix b/common/scanning.nix @@ -1,6 +1,6 @@ -{ username, ... }: +{ vars, ... }: { hardware.sane.enable = true; - users.users."${username}".extraGroups = [ "scanner" ]; + users.users."${vars.user.username}".extraGroups = [ "scanner" ]; } diff --git a/common/ssh-tunnel.nix b/common/ssh-tunnel.nix @@ -1,4 +1,4 @@ -{ pkgs, username, domain, sshport, privatekey, ... }: +{ pkgs, vars, ... }: { systemd.services.reverse-ssh-tunnel = { @@ -8,10 +8,10 @@ wantedBy = [ "multi-user.target" ]; serviceConfig = { - ExecStart = "${pkgs.openssh}/bin/ssh -NTg -o ServerAliveInterval=30 -o ExitOnForwardFailure=yes -o StrictHostKeyChecking=accept-new -p ${toString sshport} -i ${privatekey} -R 55013:localhost:${toString sshport} ${username}@${domain}"; + ExecStart = "${pkgs.openssh}/bin/ssh -NTg -o ServerAliveInterval=30 -o ExitOnForwardFailure=yes -o StrictHostKeyChecking=accept-new -p ${toString vars.secrets.sshport} -i ${vars.secrets.privatekey} -R 55013:localhost:${toString vars.secrets.sshport} ${vars.user.username}@${vars.user.domain}"; Restart = "always"; RestartSec = "10s"; - User = "${username}"; + User = "${vars.user.username}"; }; }; diff --git a/common/ssh.nix b/common/ssh.nix @@ -1,15 +1,15 @@ -{ username, sshkey, sshport, ... }: +{ vars, ... }: { # SSH service services.openssh = { enable = true; - ports = [ sshport ]; + ports = [ vars.secrets.sshport ]; settings.PasswordAuthentication = false; }; # Fail2ban service services.fail2ban.enable = true; # Import SSH key - users.users.${username}.openssh.authorizedKeys.keys = [ "${sshkey}" ]; + users.users.${vars.user.username}.openssh.authorizedKeys.keys = [ "${vars.secrets.sshkey}" ]; } diff --git a/common/syncthing.nix b/common/syncthing.nix @@ -1,12 +1,12 @@ -{ username, ... }: +{ vars, ... }: { services.syncthing = { enable = true; - user = "${username}"; + user = "${vars.user.username}"; group = "users"; - dataDir = "/home/${username}/"; - configDir = "/home/${username}/.config/syncthing"; + dataDir = "/home/${vars.user.username}/"; + configDir = "/home/${vars.user.username}/.config/syncthing"; settings = { options.urAccepted = 3; devices = { @@ -19,7 +19,7 @@ windows.id = "6DL2MHG-4WS4B2Q-IAOHURV-XL3CXVZ-EBDXZMH-FZS7WFX-UJAVUJL-UQ2EOAQ"; }; folders = { - "/home/${username}/vault" = { + "/home/${vars.user.username}/vault" = { label = "vault"; id = "vault"; devices = [ "atlas" "arcadia" "artemis" "ilias" "minerva" "phone" "windows" ]; diff --git a/common/user.nix b/common/user.nix @@ -1,8 +1,8 @@ -{ pkgs, username, fullname, ... }: +{ pkgs, vars, ... }: { - users.users."${username}" = { + users.users."${vars.user.username}" = { isNormalUser = true; - description = "${fullname}"; + description = "${vars.user.fullname}"; shell = pkgs.fish; extraGroups = [ "networkmanager" "wheel" "video" "input" ]; }; diff --git a/common/variables.nix b/common/variables.nix @@ -1,7 +1,7 @@ -{ machine, fullname, username, domain, email, sshkey, sshport, timezone, postcode, address, htpasswd, vpnusername, vpnpassword, todosecret, pdfpassword, privatekey, matrixuser, matrixserver }: +{ machine, vars }: let - all-variables = { inherit machine fullname username domain email sshkey sshport timezone postcode address htpasswd vpnusername vpnpassword todosecret pdfpassword privatekey matrixuser matrixserver; }; + all-variables = { inherit machine vars; }; in { diff --git a/common/ydotool.nix b/common/ydotool.nix @@ -1,8 +1,8 @@ -{ pkgs, username, ... }: +{ pkgs, vars, ... }: { boot.kernelModules = [ "uinput" ]; - users.users.${username}.extraGroups = [ "uinput" ]; + users.users.${vars.user.username}.extraGroups = [ "uinput" ]; # Define the uinput group users.groups.uinput = {}; diff --git a/entrypoint.nix b/entrypoint.nix @@ -1,11 +1,7 @@ -{ - config, - pkgs, - lib, - ... -}: let +{ config, pkgs, lib, ... }: + +let vars = import ./variables.nix { inherit lib; }; - inherit (vars) fullname username domain email sshkey sshport timezone postcode address htpasswd vpnusername vpnpassword todosecret pdfpassword privatekey matrixuser matrixserver; hostname = if builtins.pathExists "/etc/hostname" @@ -15,7 +11,5 @@ machine = lib.strings.removeSuffix "\n" hostname; osConfigPath = ./machines + "/${machine}.nix"; in { - imports = [ - (import osConfigPath { inherit config pkgs lib fullname username domain email sshkey sshport timezone postcode address htpasswd vpnusername vpnpassword todosecret pdfpassword privatekey matrixuser matrixserver ; }) - ]; + imports = [ (import osConfigPath { inherit config pkgs lib vars; }) ]; } \ No newline at end of file diff --git a/home/espanso.nix b/home/espanso.nix @@ -1,4 +1,4 @@ -{ fullname, email, address, ... }: +{ vars, ... }: { services.espanso = { @@ -35,10 +35,10 @@ { trigger = "_date"; replace = "{{date}}"; } { trigger = "_time"; replace = "{{time}}"; } { trigger = "_dttime"; replace = "{{datetime}}"; } - { trigger = "_reg"; replace = "\n\nRegards,\n${fullname}"; } - { trigger = "_kreg"; replace = "\n\nKind regards,\n${fullname}"; } - { trigger = "_hem"; replace = "${email}"; } - { trigger = "_addr"; replace = "${address}"; } + { trigger = "_reg"; replace = "\n\nRegards,\n${vars.user.fullname}"; } + { trigger = "_kreg"; replace = "\n\nKind regards,\n${vars.user.fullname}"; } + { trigger = "_hem"; replace = "${vars.user.email}"; } + { trigger = "_addr"; replace = "${vars.user.address}"; } ]; global_vars = [ { name = "date"; type = "date"; params = { format = "%Y-%m-%d"; }; } diff --git a/home/fish.nix b/home/fish.nix @@ -1,4 +1,4 @@ -{ pkgs, domain, ... }: +{ pkgs, vars, ... }: { programs.fish = { @@ -6,7 +6,7 @@ functions = { __fish_command_not_found_handler = { body = "echo fish: Unknown command $argv[1]"; onEvent = "fish_command_not_found"; }; backup = "tar -zcvf (basename \$argv)_backup-(date +%F-%H%M%S).tar.gz \$argv"; - book = "grep -i \"$argv\" \"$SYNCDIR/src/blog.${domain}/content/reading-list.md\""; + book = "grep -i \"$argv\" \"$SYNCDIR/src/blog.${vars.user.domain}/content/reading-list.md\""; dos2unix = "sed -i 's/\r//' \"$argv\""; fullpath = "set -l dir (test (count \$argv) -gt 0; and echo \$argv[1]; or echo .); realpath \$dir/*"; mcd = "mkdir -p $argv[1] && cd $argv[1]"; @@ -16,9 +16,9 @@ }; shellInit = '' set fish_greeting # Disable greeting - set -gx DOMAIN ${domain} + set -gx DOMAIN ${vars.user.domain} set -gx EDITOR nvim - set -gx EMAIL (whoami)@${domain} + set -gx EMAIL ${vars.user.email} set -gx SYNCDIR $HOME/vault set -gx VISUAL $EDITOR ''; diff --git a/home/git.nix b/home/git.nix @@ -1,11 +1,11 @@ -{ fullname, email, ... }: +{ vars, ... }: { programs.git = { enable = true; settings = { - user.name = "${fullname}"; - user.email = "${email}"; + user.name = "${vars.user.fullname}"; + user.email = "${vars.user.email}"; }; }; } diff --git a/home/iamb.nix b/home/iamb.nix @@ -1,4 +1,4 @@ -{ matrixuser, matrixserver, ... }: +{ vars, ... }: { programs.iamb = { @@ -6,8 +6,8 @@ settings = { "default_profile" = "user"; profiles.user = { - "user_id" = "${matrixuser}"; - "url" = "${matrixserver}"; + "user_id" = "${vars.matrix.user}"; + "url" = "${vars.matrix.homeserver}"; }; }; }; diff --git a/home/kodi.nix b/home/kodi.nix @@ -1,4 +1,4 @@ -{ username, ... }: +{ vars, ... }: { programs.kodi = { @@ -23,7 +23,7 @@ addonSettings = { "service.watchedlist" = { "extdb" = "true"; - "dbpath" = "/home/${username}/vault/"; + "dbpath" = "/home/${vars.user.username}/vault/"; "dbfilename" = "watchedlist.db"; }; "skin.estuary" = { @@ -47,7 +47,7 @@ source = [ { name = "television"; path = "/tank/media/videos/television"; allowsharing = "true"; } { name = "movies"; path = "/tank/media/videos/movies"; allowsharing = "true"; } - { name = "${username}"; path = "/home/${username}"; allowsharing = "true"; } + { name = "${vars.user.username}"; path = "/home/${vars.user.username}"; allowsharing = "true"; } ]; }; files = { diff --git a/home/newsboat.nix b/home/newsboat.nix @@ -1,4 +1,4 @@ -{ domain, username, ... }: +{ vars, ... }: { programs.newsboat = { @@ -16,8 +16,8 @@ bind-key N prev-unread macro m set browser "mpv %u" ; open-in-browser-and-mark-read ; set browser "$BROWSER %u" urls-source "freshrss" - freshrss-url "https://rss.${domain}/api/greader.php" - freshrss-login "${username}" + freshrss-url "https://rss.${vars.user.domain}/api/greader.php" + freshrss-login "${vars.user.username}" freshrss-passwordeval "rbw get 'freshrss api'" ''; }; diff --git a/home/rbw.nix b/home/rbw.nix @@ -1,11 +1,11 @@ -{ pkgs, domain, email, ... }: +{ pkgs, vars, ... }: { programs.rbw = { enable = true; settings = { - base_url = "https://pass.${domain}"; - email = "${email}"; + base_url = "https://pass.${vars.user.domain}"; + email = "${vars.user.email}"; pinentry = pkgs.pinentry-tty; }; }; diff --git a/home/rclone.nix b/home/rclone.nix @@ -1,4 +1,4 @@ -{ username, domain, sshport, privatekey, ... }: +{ vars, ... }: { programs.rclone = { @@ -6,10 +6,10 @@ remotes = { artemis.config = { type = "sftp"; - host = "${domain}"; - port = sshport; - user = "${username}"; - key_file = "${privatekey}"; + host = "${vars.user.domain}"; + port = vars.secrets.sshport; + user = "${vars.user.username}"; + key_file = "${vars.secrets.privatekey}"; shell_type = "cmd"; }; seedbox.config = { @@ -25,7 +25,7 @@ host = "phone"; port = "1234"; user = "ftp"; - key_file = "${privatekey}"; + key_file = "${vars.secrets.privatekey}"; }; nas.config = { type = "alias"; diff --git a/home/ssh.nix b/home/ssh.nix @@ -1,4 +1,4 @@ -{ domain, username, sshport, privatekey, ... }: +{ vars, ... }: { programs.ssh = { @@ -18,26 +18,26 @@ controlPersist = "no"; }; "tunnel" = { - hostname = "${domain}"; - user = "${username}"; - port = sshport; - identityFile = "${privatekey}"; + hostname = "${vars.user.domain}"; + user = "${vars.user.username}"; + port = vars.secrets.sshport; + identityFile = "${vars.secrets.privatekey}"; extraOptions = { - RemoteCommand = "ssh -p 55013 ${username}@localhost -i ${privatekey}"; + RemoteCommand = "ssh -p 55013 ${vars.user.username}@localhost -i ${vars.secrets.privatekey}"; RequestTTY = "force"; }; }; "arcadia" = { hostname = "192.168.1.6"; - user = "${username}"; - port = sshport; - identityFile = "${privatekey}"; + user = "${vars.user.username}"; + port = vars.secrets.sshport; + identityFile = "${vars.secrets.privatekey}"; }; "ilias" = { hostname = "192.168.1.3"; - user = "${username}"; - port = sshport; - identityFile = "${privatekey}"; + user = "${vars.user.username}"; + port = vars.secrets.sshport; + identityFile = "${vars.secrets.privatekey}"; }; "router" = { hostname = "192.168.1.1"; @@ -53,10 +53,10 @@ }; }; "artemis" = { - hostname = "${domain}"; - user = "${username}"; - port = sshport; - identityFile = "${privatekey}"; + hostname = "${vars.user.domain}"; + user = "${vars.user.username}"; + port = vars.secrets.sshport; + identityFile = "${vars.secrets.privatekey}"; }; }; }; diff --git a/machines/arcadia.nix b/machines/arcadia.nix @@ -1,12 +1,12 @@ # HTPC -{ config, pkgs, lib, fullname, username, domain, email, sshkey, sshport, timezone, postcode, address, htpasswd, vpnusername, vpnpassword, todosecret, privatekey, matrixuser, matrixserver, ... }: +{ config, pkgs, lib, vars, ... }: let machine = "arcadia"; in { imports = [ - (import ../common/variables.nix { inherit machine fullname username domain email sshkey sshport timezone postcode address htpasswd vpnusername vpnpassword todosecret privatekey matrixuser matrixserver; }) - (import ../common/home-manager.nix { inherit machine fullname username domain email sshkey sshport timezone postcode address htpasswd vpnusername vpnpassword todosecret privatekey matrixuser matrixserver; }) + (import ../common/variables.nix { inherit machine vars; }) + (import ../common/home-manager.nix { inherit machine vars; }) ../common/audio.nix ../common/autologin.nix ../common/boot-systemd.nix @@ -25,7 +25,7 @@ let machine = "arcadia"; in { ../scripts/seedy.nix ../common/user.nix ]; - home-manager.users.${username} = {pkgs, ...}: { imports = [ + home-manager.users.${vars.user.username} = {pkgs, ...}: { imports = [ ../home/alacritty.nix ../home/fish.nix ../home/hyprland.nix diff --git a/machines/artemis.nix b/machines/artemis.nix @@ -1,12 +1,12 @@ # Server -{ config, pkgs, lib, fullname, username, domain, email, sshkey, sshport, timezone, postcode, address, htpasswd, vpnusername, vpnpassword, todosecret, privatekey, matrixuser, matrixserver, ... }: +{ config, pkgs, lib, vars, ... }: let machine = "artemis"; in { imports = [ - (import ../common/variables.nix { inherit machine fullname username domain email sshkey sshport timezone postcode address htpasswd vpnusername vpnpassword todosecret privatekey matrixuser matrixserver; }) - (import ../common/home-manager.nix { inherit machine fullname username domain email sshkey sshport timezone postcode address htpasswd vpnusername vpnpassword todosecret privatekey matrixuser matrixserver; }) + (import ../common/variables.nix { inherit machine vars; }) + (import ../common/home-manager.nix { inherit machine vars; }) ../common/boot-systemd.nix ../common/docker.nix ../common/docker-webdev.nix @@ -48,11 +48,11 @@ let machine = "artemis"; in { services.cron = { enable = true; systemCronJobs = [ - "*/10 * * * * ${username} blog-status" - "*/10 * * * * ${username} magnets" - "*/10 * * * * ${username} stagit-generate" - "55 23 * * SUN ${username} blog-duolingo" - "0 */12 * * * ${username} backup-cloud" + "*/10 * * * * ${vars.user.username} blog-status" + "*/10 * * * * ${vars.user.username} magnets" + "*/10 * * * * ${vars.user.username} stagit-generate" + "55 23 * * SUN ${vars.user.username} blog-duolingo" + "0 */12 * * * ${vars.user.username} backup-cloud" ]; }; diff --git a/machines/atlas.nix b/machines/atlas.nix @@ -1,12 +1,12 @@ # Desktop -{ config, pkgs, lib, fullname, username, domain, email, sshkey, sshport, timezone, postcode, address, htpasswd, vpnusername, vpnpassword, todosecret, privatekey, matrixuser, matrixserver, ... }: +{ config, pkgs, lib, vars, ... }: let machine = "atlas"; in { imports = [ - (import ../common/variables.nix { inherit machine fullname username domain email sshkey sshport timezone postcode address htpasswd vpnusername vpnpassword todosecret privatekey matrixuser matrixserver; }) - (import ../common/home-manager.nix { inherit machine fullname username domain email sshkey sshport timezone postcode address htpasswd vpnusername vpnpassword todosecret privatekey matrixuser matrixserver; }) + (import ../common/variables.nix { inherit machine vars; }) + (import ../common/home-manager.nix { inherit machine vars; }) ../common/audio.nix ../common/autologin.nix ../common/boot-systemd.nix @@ -34,7 +34,7 @@ let machine = "atlas"; in { ../scripts/taudiobooker.nix ../scripts/vidyaplace.nix ]; - home-manager.users.${username} = {pkgs, ...}: { imports = [ + home-manager.users.${vars.user.username} = {pkgs, ...}: { imports = [ ../home/alacritty.nix ../home/chromium.nix ../home/clipse.nix diff --git a/machines/ilias.nix b/machines/ilias.nix @@ -1,12 +1,12 @@ # NAS -{ config, pkgs, lib, fullname, username, domain, email, sshkey, sshport, timezone, postcode, address, htpasswd, vpnusername, vpnpassword, todosecret, pdfpassword, privatekey, matrixuser, matrixserver, ... }: +{ config, pkgs, lib, vars, ... }: let machine = "ilias"; in { imports = [ - (import ../common/variables.nix { inherit machine fullname username domain email sshkey sshport timezone postcode address htpasswd vpnusername vpnpassword todosecret pdfpassword privatekey matrixuser matrixserver; }) - (import ../common/home-manager.nix { inherit machine fullname username domain email sshkey sshport timezone postcode address htpasswd vpnusername vpnpassword todosecret pdfpassword privatekey matrixuser matrixserver; }) + (import ../common/variables.nix { inherit machine vars; }) + (import ../common/home-manager.nix { inherit machine vars; }) ../common/boot-systemd.nix ../common/devel.nix ../common/flakes.nix @@ -47,7 +47,7 @@ let machine = "ilias"; in { ../scripts/watchedlist.nix ../scripts/youtube-id-rss.nix ]; - home-manager.users.${username} = {pkgs, ...}: { imports = [ + home-manager.users.${vars.user.username} = {pkgs, ...}: { imports = [ ../home/fish.nix ../home/git.nix ../home/htop.nix @@ -74,8 +74,8 @@ let machine = "ilias"; in { cron = { enable = true; systemCronJobs = [ - "0 */4 * * * ${username} . /etc/profile; tank-sort" - "0 */12 * * * ${username} backup-cloud" + "0 */4 * * * ${vars.user.username} . /etc/profile; tank-sort" + "0 */12 * * * ${vars.user.username} backup-cloud" ]; }; }; diff --git a/machines/minerva.nix b/machines/minerva.nix @@ -1,12 +1,12 @@ # Laptop -{ config, pkgs, lib, fullname, username, domain, email, sshkey, sshport, timezone, postcode, address, htpasswd, vpnusername, vpnpassword, todosecret, privatekey, matrixuser, matrixserver, ... }: +{ config, pkgs, lib, vars, ... }: let machine = "minerva"; in { imports = [ - (import ../common/variables.nix { inherit machine fullname username domain email sshkey sshport timezone postcode address htpasswd vpnusername vpnpassword todosecret privatekey matrixuser matrixserver; }) - (import ../common/home-manager.nix { inherit machine fullname username domain email sshkey sshport timezone postcode address htpasswd vpnusername vpnpassword todosecret privatekey matrixuser matrixserver; }) + (import ../common/variables.nix { inherit machine vars; }) + (import ../common/home-manager.nix { inherit machine vars; }) ../common/audio.nix ../common/autologin.nix ../common/boot-grub.nix @@ -30,7 +30,7 @@ let machine = "minerva"; in { ../scripts/restic.nix ../scripts/vidyaplace.nix ]; - home-manager.users.${username} = {pkgs, ...}: { imports = [ + home-manager.users.${vars.user.username} = {pkgs, ...}: { imports = [ ../home/alacritty.nix ../home/clipse.nix ../home/chromium.nix diff --git a/scripts/audiobook-cleaner.nix b/scripts/audiobook-cleaner.nix @@ -1,11 +1,9 @@ -{ - pkgs, - domain, - ... -}: let +{ pkgs, vars, ... }: + +let audiobook-cleaner = pkgs.writeShellScriptBin "audiobook-cleaner" '' # variables - list_file="$HOME/vault/src/blog.${domain}/content/reading-list.md" + list_file="$HOME/vault/src/blog.${vars.user.domain}/content/reading-list.md" media_dir="/tank/media/literature/audiobooks" trim() { diff --git a/scripts/blog-duolingo.nix b/scripts/blog-duolingo.nix @@ -1,10 +1,10 @@ -{ pkgs, domain, ... }: +{ pkgs, vars, ... }: let blog-duolingo = pkgs.writeShellScriptBin "blog-duolingo" '' # variables - username="$(awk -F'[/()]' '/Duolingo/ {print $5}' "$HOME/vault/src/blog.${domain}/content/about.md")" - post_file="$HOME/vault/src/blog.${domain}/content/posts/logging-duolingo-ranks-over-time.md" + username="$(awk -F'[/()]' '/Duolingo/ {print $5}' "$HOME/vault/src/blog.${vars.user.domain}/content/about.md")" + post_file="$HOME/vault/src/blog.${vars.user.domain}/content/posts/logging-duolingo-ranks-over-time.md" # functions function lastmod { echo -n "Amending lastmod value... " diff --git a/scripts/blog-music.nix b/scripts/blog-music.nix @@ -1,6 +1,6 @@ { pkgs, - domain, + vars, ... }: let blog-music = pkgs.writeShellScriptBin "blog-music" '' @@ -18,7 +18,7 @@ echo "No CSV supplied, using default liked.csv to music.md process" source="./liked.csv" - post="$HOME/vault/src/blog.${domain}/content/music.md" + post="$HOME/vault/src/blog.${vars.user.domain}/content/music.md" else if [ ! -f "$post_arg" ]; then echo "Input file does not exist: $post_arg" diff --git a/scripts/blog-sort-archives.nix b/scripts/blog-sort-archives.nix @@ -1,12 +1,12 @@ { pkgs, - domain, + vars, ... }: let blog-sort-archives = pkgs.writeShellScriptBin "blog-sort-archives" '' # variables - movies_export="$HOME/vault/src/blog.${domain}/content/posts/archived-movies.md" - tvshows_export="$HOME/vault/src/blog.${domain}/content/posts/archived-television.md" + movies_export="$HOME/vault/src/blog.${vars.user.domain}/content/posts/archived-movies.md" + tvshows_export="$HOME/vault/src/blog.${vars.user.domain}/content/posts/archived-television.md" # functions function lastmod { echo -n "Amending lastmod value... " diff --git a/scripts/blog-sort-languages.nix b/scripts/blog-sort-languages.nix @@ -1,6 +1,6 @@ { pkgs, - domain, + vars, ... }: let blog-sort-languages = pkgs.writeShellScriptBin "blog-sort-languages" '' @@ -11,7 +11,7 @@ sed -i "s/lastmod: .*/lastmod: $mod_timestamp/g" "$1" echo -e "$i \e[32mdone\e[39m" } - for i in $HOME/vault/src/blog.${domain}/content/languages/*; do + for i in $HOME/vault/src/blog.${vars.user.domain}/content/languages/*; do if [[ "$i" = *index.md ]]; then continue; fi # there's probably a better way of doing this, but I can't figure it out echo -n "Processing $(basename "$i")... " shasum_original="$(sha512sum "$i" | awk '{print $1}')" diff --git a/scripts/blog-sort-quotes.nix b/scripts/blog-sort-quotes.nix @@ -1,11 +1,11 @@ { pkgs, - domain, + vars, ... }: let blog-sort-quotes = pkgs.writeShellScriptBin "blog-sort-quotes" '' # variables - quote_file="$HOME/vault/src/blog.${domain}/content/quotes.md" + quote_file="$HOME/vault/src/blog.${vars.user.domain}/content/quotes.md" file_header="$(head -n 8 "$quote_file")" file_body="$(tail -n +8 "$quote_file" | sort | uniq -i | sed G)" # functions diff --git a/scripts/blog-status.nix b/scripts/blog-status.nix @@ -1,4 +1,4 @@ -{ pkgs, domain, ... }: +{ pkgs, vars, ... }: let blog-status = pkgs.writeShellScriptBin "blog-status" '' @@ -20,7 +20,7 @@ let printf "* Packages: %s\\n" "$(${pkgs.fastfetch}/bin/fastfetch | awk -F": " '/Packages/ {print $2}')" printf "* Monthly Data: %s\\n" "$(vnstat -m --oneline | cut -f11 -d\;)" printf "\\nHardware specifications themselves are covered on the [hardware page](/hardware/#server).\\n" - } >"$HOME/vault/src/blog.${domain}/content/status.md" + } >"$HOME/vault/src/blog.${vars.user.domain}/content/status.md" ''; in { environment.systemPackages = [blog-status]; diff --git a/scripts/blog-weight.nix b/scripts/blog-weight.nix @@ -1,11 +1,11 @@ { pkgs, - domain, + vars, ... }: let blog-weight = pkgs.writeShellScriptBin "blog-weight" '' # variables - weight_filename="$HOME/vault/src/blog.${domain}/content/weight.md" + weight_filename="$HOME/vault/src/blog.${vars.user.domain}/content/weight.md" if [ "$1" = "date" ]; then printf "Writing empty dates... " page_source="$(head -n -1 "$weight_filename")" diff --git a/scripts/payslips.nix b/scripts/payslips.nix @@ -1,4 +1,4 @@ -{ pkgs, pdfpassword, ... }: +{ pkgs, vars, ... }: let payslips = pkgs.writeShellScriptBin "payslips" '' @@ -27,7 +27,7 @@ let fi # Remove PDF password protection - ${pkgs.qpdf}/bin/qpdf --password=${pdfpassword} --decrypt "$file" "$output_path" + ${pkgs.qpdf}/bin/qpdf --password=${vars.secrets.pdfpassword} --decrypt "$file" "$output_path" if [[ $? -eq 0 ]]; then rm "$file" diff --git a/variables.sample.nix b/variables.sample.nix @@ -1,23 +1,27 @@ { lib }: -let - fullname = "Peter"; - username = lib.strings.toLower fullname; - domain = "domain.com"; - email = "${username}@${domain}"; - sshkey = "ssh-rsa yourpubkeyhere"; - sshport = 2222; - timezone = "Europe/London"; - postcode = "AA1 1AA"; - address = "123 Fake Street\n${postcode}"; - htpasswd = ""; # caddy hash-password --plaintext "yourpassword" | base64 -w0 - vpnusername = ""; - vpnpassword = ""; - todosecret = "JWTtoken"; - pdfpassword = ""; - privatekey = "path/to/private.key"; - matrixuser = ""; - matrixserver = ""; -in { - inherit fullname username domain email sshkey sshport timezone vpnusername vpnpassword todosecret pdfpassword privatekey matrixuser matrixserver; +rec { + user = rec { + fullname = "Peter"; + username = lib.strings.toLower fullname; + domain = "domain.com"; + email = "${username}@${domain}"; + timezone = "Europe/London"; + postcode = "AA1 1AA"; + address = "123 Fake Street\n${postcode}\n${postcode}"; + }; + secrets = { + sshkey = "ssh-rsa yourpubkeyhere"; + sshport = 2222; + htpasswd = "caddy hash-password --plaintext "yourpassword" | base64 -w0"; + vpnusername = ""; + vpnpassword = ""; + todosecret = ""; + pdfpassword = ""; + privatekey = "path/to/private.key"; + }; + matrix = { + user = "@user:domain.com"; + homeserver = "https://matrix.domain.com"; + }; } \ No newline at end of file