Merge pull request #41 from tsandrini/update-polonium

Update polonium

flake.nix

@@ -71,6 +71,7 @@
       url = "github:mikesmithgh/kitty-scrollback.nvim";
       flake = false;
     };
+    nix-alien.url = "github:thiagokokada/nix-alien";
 
     # TODO some serious maintenance sheningans
     shadow-nix = {

lib/options.nix

@@ -32,7 +32,7 @@ rec {
     *Type*: `Option`
   */
   mkImpermanenceEnableOption =
-    mkAlreadyEnabledOption (mdDoc ''
+    mkAlreadyEnabledOption ''
       Whether to autoappend files/folders to the persistence system.
       For more info on the persistence system refer to the system.persistence
       NixOS module documentation.
@@ -44,7 +44,7 @@ rec {
       2. tensorfiles.system.persistence module is loaded
 
       3. tensorfiles.system.persistence.enable = true;
-    '')
+    ''
     // {
       default = true;
     };
@@ -56,7 +56,7 @@ rec {
     *Type*: `Option`
   */
   mkPywalEnableOption =
-    mkAlreadyEnabledOption (mdDoc ''
+    mkAlreadyEnabledOption ''
       Whether to enable the integration with the pywal colorscheme generator
       program. The integration may range from just some color parsing/loading to
       sometimes full on detailed plugins depending on the context.
@@ -68,7 +68,7 @@ rec {
       2. tensorfiles.programs.pywal module is loaded
 
       3. tensorfiles.programs.pywal.enable = true;
-    '')
+    ''
     // {
       default = true;
     };
@@ -80,7 +80,7 @@ rec {
     *Type*: `Option`
   */
   mkAgenixEnableOption =
-    mkAlreadyEnabledOption (mdDoc ''
+    mkAlreadyEnabledOption ''
       Whether to enable the agenix ecosystem for handling secrets, which includes
 
       a. passwords
@@ -102,7 +102,7 @@ rec {
       2. tensorfiles.security.agenix module is loaded
 
       3. tensorfiles.security.agenix.enable = true;
-    '')
+    ''
     // {
       default = true;
     };
@@ -146,7 +146,7 @@ rec {
         # just initialize the defaults
         "myOtherUser" = { };
       };
-      description = mdDoc ''
+      description = ''
         Multiuser users configuration option submodule.
         Enables doing module level configurations via simple attrsets.
       '';

parts/hosts/jetbundle/default.nix

@@ -51,6 +51,7 @@
     libva-utils
     networkmanagerapplet # need this to configure L2TP ipsec
     docker-compose
+    wireguard-tools
   ];
 
   # ----------------------------
@@ -118,6 +119,17 @@
     storageDriver = "btrfs";
   };
 
+  # NOTE for wireguard
+  networking.wireguard.enable = true;
+  networking.firewall = {
+    allowedUDPPorts = [ 51820 ];
+  };
+
+  # If you intend to route all your traffic through the wireguard tunnel, the
+  # default configuration of the NixOS firewall will block the traffic because
+  # of rpfilter. You can either disable rpfilter altogether:
+  networking.firewall.checkReversePath = false;
+
   home-manager.users."tsandrini" = {
     tensorfiles.hm = {
 

parts/hosts/jetbundle/hardware-configuration.nix

@@ -66,6 +66,42 @@
   #   # xscreensaver.fprintAuth = true;
   #   # kwallet.fprintAuth = true;
   # };
+  #
+
+  # BTRFS stuff
+  services.fstrim = {
+    enable = true;
+    interval = "weekly"; # the default
+  };
+
+  # Scrub btrfs to protect data integrity
+  services.btrfs.autoScrub.enable = true;
+
+  services.btrbk.instances."btrbk" = {
+    onCalendar = "*:0/10";
+    settings = {
+      snapshot_preserve = "14d";
+      snapshot_preserve_min = "2d";
+
+      target_preserve_min = "no";
+      target_preserve = "no";
+
+      preserve_day_of_week = "monday";
+      timestamp_format = "long-iso";
+      snapshot_create = "onchange";
+
+      volume."/" = {
+        subvolume = {
+          "home" = {
+            snapshot_dir = "/.snapshots/data/home";
+          };
+        };
+      };
+    };
+  };
+
+  # ensure snapshots_dir exists
+  systemd.tmpfiles.rules = [ "d /.snapshots/data/home 0755 root root - -" ];
 
   boot = {
     loader = {

parts/hosts/spinorbundle/README.md

@@ -95,7 +95,7 @@ mount /dev/disk/by-label/boot /mnt/boot
 ```
 
 _Notenote_: At this stage you should either start an ssh-agent
-(``eval `ssh-agent` ``) and add the
+(`` eval `ssh-agent`  ``) and add the
 appropriate keys (`ssh-add /root/.ssh/id_ed25519`) or in case you don't want
 to use agenix you should patch the config with your desired way of handling
 secrets and default passwords.

parts/hosts/spinorbundle/default.nix

@@ -47,6 +47,7 @@
     libva-utils
     networkmanagerapplet # need this to configure L2TP ipsec
     docker-compose
+    wireguard-tools
   ];
 
   # ----------------------------
@@ -114,6 +115,17 @@
     storageDriver = "btrfs";
   };
 
+  # NOTE for wireguard
+  networking.wireguard.enable = true;
+  networking.firewall = {
+    allowedUDPPorts = [ 51820 ];
+  };
+
+  # If you intend to route all your traffic through the wireguard tunnel, the
+  # default configuration of the NixOS firewall will block the traffic because
+  # of rpfilter. You can either disable rpfilter altogether:
+  networking.firewall.checkReversePath = false;
+
   home-manager.users."tsandrini" = {
     tensorfiles.hm = {
       profiles.graphical-plasma.enable = true;

parts/hosts/spinorbundle/hardware-configuration.nix

@@ -53,6 +53,36 @@
   programs.gamemode.enable = true;
   services.fwupd.enable = true;
 
+  # BTRFS stuff
+  # Scrub btrfs to protect data integrity
+  services.btrfs.autoScrub.enable = true;
+
+  services.btrbk.instances."btrbk" = {
+    onCalendar = "*:0/10";
+    settings = {
+      snapshot_preserve = "14d";
+      snapshot_preserve_min = "2d";
+
+      target_preserve_min = "no";
+      target_preserve = "no";
+
+      preserve_day_of_week = "monday";
+      timestamp_format = "long-iso";
+      snapshot_create = "onchange";
+
+      volume."/" = {
+        subvolume = {
+          "home" = {
+            snapshot_dir = "/.snapshots/data/home";
+          };
+        };
+      };
+    };
+  };
+
+  # ensure snapshots_dir exists
+  systemd.tmpfiles.rules = [ "d /.snapshots/data/home 0755 root root - -" ];
+
   boot = {
     loader = {
       timeout = 1;

parts/modules/home-manager/hardware/nixGL.nix

@@ -50,9 +50,9 @@ let
 in
 {
   options.tensorfiles.hm.hardware.nixGL = with types; {
-    enable = mkEnableOption (mdDoc ''
+    enable = mkEnableOption ''
       TODO
-    '');
+    '';
 
     pkg = mkOption {
       type = package;
@@ -63,14 +63,14 @@ in
     };
 
     programPatches = {
-      enable = mkEnableOption (mdDoc ''
+      enable = mkEnableOption ''
         Enables the nixGL program patches
-      '');
+      '';
 
       kitty =
-        mkEnableOption (mdDoc ''
+        mkEnableOption ''
           Enables the kitty executable wrapper
-        '')
+        ''
         // {
           default = true;
         };

parts/modules/home-manager/misc/gtk.nix

@@ -29,9 +29,9 @@ let
 in
 {
   options.tensorfiles.hm.misc.gtk = with types; {
-    enable = mkEnableOption (mdDoc ''
+    enable = mkEnableOption ''
       TODO
-    '');
+    '';
   };
 
   config = mkIf cfg.enable (mkMerge [

parts/modules/home-manager/misc/xdg.nix

@@ -49,39 +49,39 @@ let
 in
 {
   options.tensorfiles.hm.misc.xdg = with types; {
-    enable = mkEnableOption (mdDoc ''
+    enable = mkEnableOption ''
       Enables NixOS module that configures/handles the xdg toolset.
-    '');
+    '';
 
     defaultApplications = {
       enable =
-        mkEnableOption (mdDoc ''
+        mkEnableOption ''
           TODO
-        '')
+        ''
         // {
           default = true;
         };
 
       browser = mkOption {
         type = nullOr str;
         default = null;
-        description = mdDoc ''
+        description = ''
           TODO
         '';
       };
 
       editor = mkOption {
         type = nullOr str;
         default = null;
-        description = mdDoc ''
+        description = ''
           TODO
         '';
       };
 
       terminal = mkOption {
         type = nullOr str;
         default = null;
-        description = mdDoc ''
+        description = ''
           TODO
         '';
       };

parts/modules/home-manager/profiles/base.nix

@@ -24,9 +24,9 @@ let
 in
 {
   options.tensorfiles.hm.profiles.base = with types; {
-    enable = mkEnableOption (mdDoc ''
+    enable = mkEnableOption ''
       TODO
-    '');
+    '';
   };
 
   config = mkIf cfg.enable (mkMerge [

parts/modules/home-manager/profiles/graphical-plasma/default.nix

@@ -29,9 +29,9 @@ let
 in
 {
   options.tensorfiles.hm.profiles.graphical-plasma = with types; {
-    enable = mkEnableOption (mdDoc ''
+    enable = mkEnableOption ''
       TODO
-    '');
+    '';
   };
 
   imports = with inputs; [ plasma-manager.homeManagerModules.plasma-manager ];

parts/modules/home-manager/profiles/graphical-xmonad.nix

@@ -29,9 +29,9 @@ let
 in
 {
   options.tensorfiles.hm.profiles.graphical-xmonad = with types; {
-    enable = mkEnableOption (mdDoc ''
+    enable = mkEnableOption ''
       TODO
-    '');
+    '';
   };
 
   config = mkIf cfg.enable (mkMerge [

parts/modules/home-manager/profiles/headless.nix

@@ -33,9 +33,9 @@ let
 in
 {
   options.tensorfiles.hm.profiles.headless = with types; {
-    enable = mkEnableOption (mdDoc ''
+    enable = mkEnableOption ''
       TODO
-    '');
+    '';
 
     impermanence = {
       enable = mkImpermanenceEnableOption;

parts/modules/home-manager/profiles/minimal.nix

@@ -24,9 +24,9 @@ let
 in
 {
   options.tensorfiles.hm.profiles.minimal = with types; {
-    enable = mkEnableOption (mdDoc ''
+    enable = mkEnableOption ''
       TODO
-    '');
+    '';
   };
 
   config = mkIf cfg.enable (mkMerge [

parts/modules/home-manager/programs/browsers/firefox/default.nix

@@ -40,9 +40,9 @@ let
 in
 {
   options.tensorfiles.hm.programs.browsers.firefox = with types; {
-    enable = mkEnableOption (mdDoc ''
+    enable = mkEnableOption ''
       TODO
-    '');
+    '';
 
     impermanence = {
       enable = mkImpermanenceEnableOption;
@@ -111,7 +111,9 @@ in
                 header-editor # Manage browser’s requests, include modify the request headers and response headers, redirect requests, cancel requests
                 pywalfox # Dynamic theming of Firefox using your Pywal colors
                 enhancer-for-youtube # Take control of YouTube and boost your user experience!
-                sidebery # Vertical tabs tree and bookmarks in sidebar with advanced containers configuration, grouping and many other features.
+                # sidebery # Vertical tabs tree and bookmarks in sidebar with advanced containers configuration, grouping and many other features.
+                sponsorblock # Easily skip YouTube video sponsors
+                user-agent-string-switcher # Spoof websites trying to gather information about your web navigation—like your browser type and operating system—to deliver distinct content you may not want.
 
                 # DEV related
                 vue-js-devtools # DevTools extension for debugging Vue.js applications.

parts/modules/home-manager/programs/btop.nix

@@ -24,9 +24,9 @@ let
 in
 {
   options.tensorfiles.hm.programs.btop = with types; {
-    enable = mkEnableOption (mdDoc ''
+    enable = mkEnableOption ''
       TODO
-    '');
+    '';
   };
 
   config = mkIf cfg.enable (mkMerge [