Add tsuki host config, and several pluggable services

2021-12-30 03:34:32 +01:00 · 2021-12-30 03:34:32 +01:00 · 9bd47fba1f
commit 9bd47fba1f
parent 9feae67e9d
24 changed files with 706 additions and 11 deletions
--- a/nixpkgs/flake.lock
+++ b/nixpkgs/flake.lock
@ -23,11 +23,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1640077788,
+        "lastModified": 1640798027,
-        "narHash": "sha256-YMSDk3hlucJTTARaHNOeQEF6zEW3A/x4sXgrz94VbS0=",
+        "narHash": "sha256-1e7bsxWJW0ugkA95AMGL3Da9sHugkz+J4kfYB9fTWZc=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "9ab7d12287ced0e1b4c03b61c781901f178d9d77",
+        "rev": "8588b14a397e045692d0a87192810b6dddf53003",
        "type": "github"
      },
      "original": {
@ -50,11 +50,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1640231944,
+        "lastModified": 1640831004,
-        "narHash": "sha256-nb743xTN5n7LRmiTzfKgknTe+R68FKXIQX/8ERU5JS4=",
+        "narHash": "sha256-3so6H4ZRaDWM156t/3OctRcsPkV80hPewmZNwevbA48=",
        "ref": "main",
-        "rev": "a489b4a3b5ec636da65886226102a8372c40dcc4",
+        "rev": "eb04c0aac6d7d8aaf55fc63e6da58c373b401eb9",
-        "revCount": 1,
+        "revCount": 7,
        "type": "git",
        "url": "file:///home/h7x4/git/nix-secrets"
      },
--- a/nixpkgs/flake.nix
+++ b/nixpkgs/flake.nix
@ -75,12 +75,12 @@
          inherit specialArgs;
          modules = [
-            ./hosts/${name}
+            ./hosts/${name}/configuration.nix
          ];
        } // extraOpts;
    in {
-      # Tsuki = nixSys "tsuki" {};
+      Tsuki = nixSys "tsuki" {};
      Eisei = nixSys "eisei" {};
    };
--- a/nixpkgs/hosts/eisei/configuration.nix
+++ b/nixpkgs/hosts/eisei/configuration.nix
@ -1,6 +1,8 @@
 { pkgs, config, ... }: let
  # FIXME: lib should be imported directly as a module argument.
  inherit (pkgs) lib;
 # TODO: Split this file
 in {
  imports = [
    ./hardware-configuration.nix
--- a/nixpkgs/hosts/tsuki/configuration.nix
+++ b/nixpkgs/hosts/tsuki/configuration.nix
@ -0,0 +1,243 @@
 { config, lib, pkgs, ... }:
 {
  imports =
    [
      ./hardware-configuration.nix
      ./services/nginx.nix
      ../../pluggables/server/dokuwiki.nix
      ../../pluggables/server/gitlab
      # ../../pluggables/server/minecraft.nix
      ../../pluggables/server/plex.nix
      ../../pluggables/server/hydra.nix
      # ../../pluggables/server/matrix.nix
      # ../../pluggables/server/libvirt.nix
      # ../../pluggables/server/grafana.nix
      # ../../pluggables/server/discord-bot.nix
      # ../../pluggables/server/calibre.nix
      # ../../pluggables/server/openvpn.nix
      # ../../pluggables/server/samba.nix
      # ../../pluggables/server/searx.nix
      # ../../pluggables/server/syncthing.nix
    ];
  systemd.targets = {
    sleep.enable = false;
    suspend.enable = false;
    hibernate.enable = false;
    hybrid-sleep.enable = false;
  };
  nix.package = pkgs.nixFlakes;
  nix.extraOptions = ''
    experimental-features = nix-command flakes
  '';
  boot.loader = {
    grub = {
      enable = true;
      version = 2;
      efiSupport = true;
      fsIdentifier = "label";
      device = "nodev";
      efiInstallAsRemovable = true;
    };
    # efi.efiSysMountPoint = "/boot/efi";
    # efi.canTouchEfiVariables = true;
  };
  time.timeZone = "Europe/Oslo";
  networking = {
    hostName = "Tsuki";
    networkmanager.enable = true;
    useDHCP = false;
    interfaces.ens18.useDHCP = true;
    # firewall = {
    #   allowedTCPPorts = [ ... ];
    #   allowedUDPPorts = [ ... ];
    #   enable = false;
    # };
  };
  i18n.defaultLocale = "en_US.UTF-8";
  console = {
    font = "Lat2-Terminus16";
    keyMap = "us";
  };
  services = {
    openssh.enable = true;
    printing.enable = true;
    cron = {
      enable = true;
      systemCronJobs = [
    #     "*/5 * * * *      root    date >> /tmp/cron.log"
      ];
    };
  };
  users.users.h7x4 = {
    isNormalUser = true;
    extraGroups = [
      "wheel"
      "networkmanager"
      "docker"
      "disk"
      "libvirtd"
      "input"
    ];
    shell = pkgs.zsh;
  };
  environment = {
    variables = {
      EDITOR = "nvim";
      VISUAL = "nvim";
    };
    systemPackages = with pkgs; [
      wget
    ];
    shells = with pkgs; [
      bashInteractive
      zsh
      dash
    ];
    etc = {
      sudoLecture = {
        target = "sudo.lecture";
        text = "[31mBe careful or something, idk...[m\n";
      };
      currentSystemPackages = {
        target = "current-system-packages";
        text = let
          inherit (lib.strings) concatStringsSep;
          inherit (lib.lists) sort;
          inherit (lib.trivial) lessThan;
          packages = map (p: "${p.name}") config.environment.systemPackages;
          sortedUnique = sort lessThan (lib.unique packages);
        in concatStringsSep "\n" sortedUnique;
      };
    };
  };
  fonts = {
    enableDefaultFonts = true;
    fonts = with pkgs; [
      cm_unicode
      dejavu_fonts
      fira-code
      fira-code-symbols
      powerline-fonts
      iosevka
      symbola
      corefonts
      ipaexfont
      ipafont
      liberation_ttf
      migmix
      noto-fonts
      noto-fonts-cjk
      noto-fonts-emoji
      open-sans
      source-han-sans
      source-sans
      ubuntu_font_family
      victor-mono
      (nerdfonts.override { fonts = [ "FiraCode" "DroidSansMono" ]; })
    ];
    fontconfig = {
      defaultFonts = {
        serif = [ "Droid Sans Serif" "Ubuntu" ];
        sansSerif = [ "Droid Sans" "Ubuntu" ];
        monospace = [ "Fira Code" "Ubuntu" ];
        emoji = [ "Noto Sans Emoji" ];
      };
    };
  };
  programs = {
    git.enable = true;
    npm.enable = true;
    tmux.enable = true;
    neovim = {
      enable = true;
      defaultEditor = true;
      viAlias = true;
      vimAlias = true;
      configure = {
        packages.myVimPackage = with pkgs.vimPlugins; {
          start = [
            direnv-vim
            vim-nix
            vim-polyglot
          ];
          opt = [
            vim-monokai
          ];
        };
        customRC = ''
          set number relativenumber
          set undofile
          set undodir=~/.cache/vim/undodir 
          packadd! vim-monokai 
          colorscheme monokai
        '';
      };
    };
  };
  security.sudo.extraConfig = ''
    Defaults    lecture = always
    Defaults    lecture_file = /etc/${config.environment.etc.sudoLecture.target} 
  '';
  virtualisation = {
    docker.enable = true;
    libvirtd.enable = true;
  };
  # system.extraDependencies = with pkgs; [
  #   asciidoc
  #   asciidoctor
  #   cabal2nix
  #   clang
  #   dart
  #   dotnet-sdk
  #   dotnet-sdk_3
  #   dotnet-sdk_5
  #   dotnetPackages.Nuget
  #   elm2nix
  #   elmPackages.elm
  #   flutter
  #   gcc
  #   ghc
  #   ghcid
  #   haskellPackages.Cabal_3_6_2_0
  #   maven
  #   nodePackages.node2nix
  #   nodePackages.npm
  #   nodePackages.sass
  #   nodePackages.typescript
  #   nodePackages.yarn
  #   nodejs
  #   plantuml
  #   python3
  #   rustc
  #   rustc
  #   rustup
  # ];
  system.stateVersion = "21.11";
 }
--- a/nixpkgs/hosts/tsuki/hardware-configuration.nix
+++ b/nixpkgs/hosts/tsuki/hardware-configuration.nix
@ -0,0 +1,36 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports =
    [ (modulesPath + "/profiles/qemu-guest.nix")
    ];
  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ ];
  boot.extraModulePackages = [ ];
  fileSystems."/" =
    { device = "/dev/disk/by-uuid/54b9fd58-0df5-410c-ab87-766860967653";
      fsType = "btrfs";
    };
  fileSystems."/boot" =
    { device = "/dev/disk/by-uuid/0A60-2885";
      fsType = "vfat";
    };
  fileSystems."/data" =
    { device = "/dev/disk/by-uuid/87354b26-4f7f-4b94-96fd-4bbeb834a03b";
      fsType = "btrfs";
    };
  swapDevices =
    [ { device = "/dev/disk/by-uuid/92a1a33f-89a8-45de-a45e-6c303172cd7f"; }
    ];
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/nixpkgs/hosts/tsuki/services/nginx.nix
+++ b/nixpkgs/hosts/tsuki/services/nginx.nix
@ -0,0 +1,79 @@
 { pkgs, config, secrets, ... }:
  # TODO: fix lib
  let lib = pkgs.lib; in
 {
  services.nginx = let
    generateServerAliases =
      domains: subdomains:
      lib.lists.flatten (map (s: map (d: "${s}.${d}") domains) subdomains);
  in {
    enable = true;
    recommendedGzipSettings = true; recommendedOptimisation = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
    virtualHosts = let
      inherit (lib.attrsets) nameValuePair listToAttrs;
      inherit (lib.lists) head drop;
      inherit (secrets) domains ips ports keys;
      makeHost =
        subdomains: extraSettings:
        nameValuePair "${head subdomains}.${head domains}" ({
          serverAliases = drop 1 (generateServerAliases domains subdomains);
          # TODO: fix ACME
          # enableACME = true;
          forceSSL = true;
          sslCertificate = keys.certificates.default.cert;
          sslCertificateKey = keys.certificates.default.key;
        } // extraSettings);
      makePassHost =
        subdomains: extraSettings:
        makeHost subdomains ({ basicAuthFile = keys.htpasswds.default; } // extraSettings);
      makeProxy = 
        subdomains: url: extraSettings:
        makeHost subdomains ({ locations."/".proxyPass = url; } // extraSettings);
      makePassProxy = 
        subdomains: url: extraSettings:
        makeProxy subdomains url ({basicAuthFile = keys.htpasswds.default;} // extraSettings);
      s = toString;
    in listToAttrs [
      (makeProxy ["git" "gitlab"] "http://unix:/run/gitlab/gitlab-workhorse.socket" {})
      (makePassProxy ["plex"] "http://localhost:${s ports.plex}" {})
      (makeHost ["www"] { root = "/var/www/blog"; })
      (makePassHost ["cache"] { root = "/var/lib/nix-cache"; })
      (makePassProxy ["px1"] "https://${ips.px1}:${s ports.proxmox}" {})
      (makePassProxy ["idrac"] "https://${ips.idrac}" {})
      # (makePassProxy ["log"] "https://localhost:${s ports.grafana}" { proxyWebsockets = true; })
      # (makeProxy ["wiki"] "" {})
      # (makeHost ["vpn"] "" {})
      (makePassProxy ["hydra"] "http://localhost:${s ports.hydra}" {})
      # (makePassProxy ["sync" "drive"] "" {})
      # (makePassProxy ["music" "mpd"] "" {})
    ];
    upstreams = {};
    streamConfig = ''
      upstream minecraft {
        server 10.0.0.206:25565;
      }
      server {
        listen 0.0.0.0:25565;
        listen [::0]:25565;
        proxy_pass minecraft;
      }
    '';
  };
  networking.firewall.allowedTCPPorts = [ 80 443 25565 ];
 }
--- a/nixpkgs/pluggables/server/calibre.nix
+++ b/nixpkgs/pluggables/server/calibre.nix
@ -0,0 +1,12 @@
 { ... }:
 {
  services.calibre-server = {
    # user = ""
    # group = ""
    enable = true;
    # libraries = [
    #   /etc/abc
    # ];
    # libraryDir =  ????
  };
 }
--- a/nixpkgs/pluggables/server/discord-bot.nix
+++ b/nixpkgs/pluggables/server/discord-bot.nix
--- a/nixpkgs/pluggables/server/dokuwiki.nix
+++ b/nixpkgs/pluggables/server/dokuwiki.nix
@ -0,0 +1,9 @@
 { ... }:
 {
  services.dokuwiki.sites = {
    # TODO: research?
    wiki = {
      enable = false;
    };
  };
 }
--- a/nixpkgs/pluggables/server/gitlab/default.nix
+++ b/nixpkgs/pluggables/server/gitlab/default.nix
@ -0,0 +1,87 @@
 { pkgs, lib, config, secrets, ... }:
 let
  gitlab-port = secrets.ports.gitlab;
  gitlab-host = "git.nani.wtf";
  # TODO: this should optimally be extracted out to nix-secrets completely.
  gitlab-keydir = secrets.hosts.${config.networking.hostName}.keydir + "/gitlab";
 in
 {
  # TODO: Set up gitlab-runner
  # imports = [ ./runner.nix ];
  services.gitlab = {
    enable = true;
    host = "git.nani.wtf";
    port = gitlab-port + 1;
    user = "git";
    group = "git";
    databaseUsername = "git";
    statePath = "${secrets.hosts.${config.networking.hostName}.dataStatePath}/gitlab";
    # A file containing the initial password of the root gitlab-account.
    # This file should be readable to the user defined in `services.gitlab.user`,
    # optimally having only read write permissions for that user.
    initialRootPasswordFile = secrets.keys.gitlab.root_password;
    secrets = { inherit (secrets.keys.gitlab) secretFile dbFile otpFile jwsFile; };
    smtp = {
      tls = true;
      # address = gitlab-host;
      port = gitlab-port + 2;
    };
    # TODO: Set up registry
    # registry = {
    #   enable = true;
    #   # host = gitlab-host;
    #   port = gitlab-port + 3;
    #   externalPort = gitlab-port + 3;
    #   certFile = /var/cert.pem;
    #   keyFile = /var/key.pem;
    # };
    pagesExtraArgs = [
       "-gitlab-server" "http://${gitlab-host}" 
       "-listen-proxy" "127.0.0.1:8090" 
       "-log-format" "text" 
    ];
    # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix
    # https://gitlab.com/gitlab-org/gitlab/blob/master/config/gitlab.yml.example
    extraConfig = {
      # gitlab = {};
      gravatar.enabled = false;
      # TODO: Fix pages API connection
      # pages = {
      #   enabled = true;
      #   host = gitlab-host;
      #   secret_file = "${toString gitlab-keydir}/pages_secret";
      #   local_store.enabled = true;
      # };
    };
  };
  # TODO: Set up registry
  # services.dockerRegistry = {
  #   enable = true;
  # };
  # TODO: Connect plantuml to gitlab
  services.plantuml-server = {
    enable = true;
    listenPort = gitlab-port + 4;
  };
  # TODO: Make module for kroki, and connect to gitlab
  # services.kroki = {
  #   
  # };
 }
--- a/nixpkgs/pluggables/server/gitlab/genfiles.sh
+++ b/nixpkgs/pluggables/server/gitlab/genfiles.sh
@ -0,0 +1,25 @@
 #!/usr/bin/env bash
 if [ "$EUID" -ne 0 ]; then
  echo "Please run as root"
  exit 1
 fi
 KEYDIR='/var/keys/gitlab'
 umask u=rwx,g=,o=
 mkdir -p $KEYDIR
 chmod 755 '/var/keys'
 for FILE in secretFile dbFile otpFile pages_secret; do
  tr -dc A-Za-z0-9 < /dev/random | head -c 128 > $KEYDIR/$FILE
 done
 nix-shell -p openssl --run "openssl genrsa 2048 > $KEYDIR/jwsFile"
 chmod 600 $KEYDIR/jwsFile
 read -s -p "Root password: " ROOTPASS
 echo $ROOTPASS > $KEYDIR/root_password
 chown -R git:git $KEYDIR
--- a/nixpkgs/pluggables/server/gitlab/runner.nix
+++ b/nixpkgs/pluggables/server/gitlab/runner.nix
@ -0,0 +1,51 @@
 { ... }:
 {
  # See https://nixos.wiki/wiki/Gitlab_runner
  # boot.kernel.sysctl."net.ipv4.ip_forward" = true; # 1
  # virtualisation.docker.enable = true;
  # services.gitlab-runner = {
  #   enable = true;
  #   services= {
  #     # runner for building in docker via host's nix-daemon
  #     # nix store will be readable in runner, might be insecure
  #     nix = with lib;{
  #       # File should contain at least these two variables:
  #       # `CI_SERVER_URL`
  #       # `REGISTRATION_TOKEN`
  #       registrationConfigFile = toString ./path/to/ci-env; # 2
  #       dockerImage = "alpine";
  #       dockerVolumes = [
  #         "/nix/store:/nix/store:ro"
  #         "/nix/var/nix/db:/nix/var/nix/db:ro"
  #         "/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro"
  #       ];
  #       dockerDisableCache = true;
  #       preBuildScript = pkgs.writeScript "setup-container" ''
  #         mkdir -p -m 0755 /nix/var/log/nix/drvs
  #         mkdir -p -m 0755 /nix/var/nix/gcroots
  #         mkdir -p -m 0755 /nix/var/nix/profiles
  #         mkdir -p -m 0755 /nix/var/nix/temproots
  #         mkdir -p -m 0755 /nix/var/nix/userpool
  #         mkdir -p -m 1777 /nix/var/nix/gcroots/per-user
  #         mkdir -p -m 1777 /nix/var/nix/profiles/per-user
  #         mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root
  #         mkdir -p -m 0700 "$HOME/.nix-defexpr"
  #         . ${pkgs.nix}/etc/profile.d/nix.sh
  #         ${pkgs.nix}/bin/nix-channel --add https://nixos.org/channels/nixos-20.09 nixpkgs # 3
  #         ${pkgs.nix}/bin/nix-channel --update nixpkgs
  #         ${pkgs.nix}/bin/nix-env -i ${concatStringsSep " " (with pkgs; [ nix cacert git openssh ])}
  #       '';
  #       environmentVariables = {
  #         ENV = "/etc/profile";
  #         USER = "root";
  #         NIX_REMOTE = "daemon";
  #         PATH = "/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin";
  #         NIX_SSL_CERT_FILE = "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt";
  #       };
  #       tagList = [ "nix" ];
  #     };
  #   };
  # };
 }
--- a/nixpkgs/pluggables/server/grafana.nix
+++ b/nixpkgs/pluggables/server/grafana.nix
@ -0,0 +1,24 @@
 { ... }:
 {
  services.grafana = {
    enable = true;
    domain = "log.nani.wtf";
    port = 9000;
    addr = "127.0.0.1";
  };
  services.prometheus = {
    enable = true;
    port = 9001;
    exporters = {
    };
  };
  services.loki = {
    enable = true;
    # configFile = ./loki-local-config.yaml;
  };
 }
--- a/nixpkgs/pluggables/server/hydra.nix
+++ b/nixpkgs/pluggables/server/hydra.nix
@ -0,0 +1,9 @@
 { secrets, ... }:
 {
  services.hydra = {
    enable = true;
    hydraURL = "http://hydra.nani.wtf";
    notificationSender = "hydra@nani.wtf";
    port = secrets.ports.hydra;
  };
 }
--- a/nixpkgs/pluggables/server/libvirt.nix
+++ b/nixpkgs/pluggables/server/libvirt.nix
--- a/nixpkgs/pluggables/server/matrix.nix
+++ b/nixpkgs/pluggables/server/matrix.nix
--- a/nixpkgs/pluggables/server/minecraft.nix
+++ b/nixpkgs/pluggables/server/minecraft.nix
@ -0,0 +1,64 @@
 { pkgs, lib, ... }:
 # See https://github.com/InfinityGhost/nixos-workstation/blob/master/minecraft-server.nix
 let
  allocatedMemory = "4096M";
 in {
  services.minecraft-server = let
    version = "1.18.1";
    spigot = pkgs.minecraft-server.overrideAttrs (old: {
      src = pkgs.fetchurl {
        url = "https://hub.spigotmc.org/jenkins/job/BuildTools/141/artifact/target/BuildTools.jar";
        sha1 = "?";
      };
      buildPhase = ''
        cat > minecraft-server << EOF
        #!${pkgs.bash}/bin/sh
        exec ${pkgs.adoptopenjdk-jre-hotspot-bin-17}/bin/java \$@ -jar $out/bin/spigot-${version}.jar nogui
        java -jar $src --rev ${version}
      '';
      installPhase = ''
        mkdir -p $out/bin $out/lib/minecraft
        cp -v spigot-${version}.jar $out/lib/minecraft
        cp -v minecraft-server $out/bin
        chmod +x $out/bin/minecraft-server
      '';
    });
  in {
    enable = true;
    eula = true;
    package = pkgs.spigot;
    declarative = true;
    dataDir = "/home/h7x4/minecraft";
    openFirewall = true;
    jvmOpts = lib.concatStringsSep " " [
      "-Xmx${allocatedMemory}"
      "-Xms${allocatedMemory}"
      "-XX:+UseG1GC"
      "-XX:ParallelGCThreads=2"
      "-XX:MinHeapFreeRatio=5"
      "-XX:MaxHeapFreeRatio=10"
    ];
    serverProperties = {
      motd = "NixOS Minecraft Server";
      server-port = 25565;
      difficulty = 2;
      gamemode = 0;
      max-players = 5;
      white-list = false;
      enable-rcon = false;
      allow-flight = true;
    };
    # whitelist = {};
  };
 }
--- a/nixpkgs/pluggables/server/openvpn.nix
+++ b/nixpkgs/pluggables/server/openvpn.nix
--- a/nixpkgs/pluggables/server/plex.nix
+++ b/nixpkgs/pluggables/server/plex.nix
@ -0,0 +1,20 @@
 { services, ... }:
 {
  services.plex = {
    enable = true;
    openFirewall = true;
    dataDir = "/data/var/plex";
  };
  # TODO: make default directories.
  services.samba.shares.plex = {
    path = "/data/media";
    browseable = "yes";
    "read only" = "no";
    "guest ok" = "no";
    "create mode" = 0664;
    "directory mode" = 2775;
    comment = "Movies, Series and other stuff for Plex";
  };
 }
--- a/nixpkgs/pluggables/server/reverse-proxy.nix
+++ b/nixpkgs/pluggables/server/reverse-proxy.nix
--- a/nixpkgs/pluggables/server/samba.nix
+++ b/nixpkgs/pluggables/server/samba.nix
@ -0,0 +1,2 @@
 {}:
 {}
--- a/nixpkgs/pluggables/server/searx.nix
+++ b/nixpkgs/pluggables/server/searx.nix
@ -0,0 +1,28 @@
 { ... }:
 {
  # TODO: Make secret keys.
  services.searx = {
    enable = false;
    settings = {
      server.port = 8080;
      server.bind_address = "0.0.0.0";
      server.secret_key = "@SEARX_SECRET_KEY@";
      engines = [
        {
          name = "wolframalpha";
          shortcut = "wa";
          api_key = "@WOLFRAM_API_KEY@";
          engine = "wolframalpha_api";
        };
      ];
    };
    # runInUwsgi = true;
    # uwsgiConfig = {
      # disable-logging = false;
      # http = ":11000";
      # socket = "/run/searx/searx.sock";
    # };
  };
 }
--- a/nixpkgs/pluggables/server/syncthing.nix
+++ b/nixpkgs/pluggables/server/syncthing.nix
--- a/nixpkgs/shellOptions.nix
+++ b/nixpkgs/shellOptions.nix
@ -133,10 +133,14 @@ in rec {
      # Nix related aliases
      "Nix Stuff" = {
-        # This for some reason uses an outdated version of hm
+
        # FIXME: This for some reason uses an outdated version of home-manager and nixos-rebuild
        # hs = "${pkgs.home-manager}/bin/home-manager switch";
        # nxr = "sudo ${nixos-rebuild}/bin/nixos-rebuild switch";
        hms = "home-manager switch";
-        nxr = "sudo ${nixos-rebuild}/bin/nixos-rebuild switch";
+        nxr = "sudo nixos-rebuild switch";
        nxc = "sudoedit /etc/nixos/configuration.nix";
        nxh = "vim ~/.config/nixpkgs/home.nix";
        ns = "nix-shell";