Changed firewall ports

hosts/architect/ccache.nix

@@ -0,0 +1,6 @@
+{
+  programs.ccache.enable = true;
+  nix.extraOptions = ''
+    extra-sandbox-paths = /nix/var/cache/ccache
+  '';
+}

hosts/architect/default.nix

@@ -31,6 +31,7 @@ in {
     ./libreddit.nix
     ./invidious.nix
     ./nitter.nix
+    ./ccache.nix
   ];
 
   time.timeZone = "Europe/Rome";
@@ -72,7 +73,7 @@ in {
 
     supportedFilesystems = [ "zfs" ];
     zfs.requestEncryptionCredentials = true;
-    tmpOnTmpfsSize = "75%";
+    tmpOnTmpfsSize = "150%";
   };
 
   networking = {

hosts/architect/firewall.nix

@@ -13,9 +13,19 @@ let
   ];
   open_udp_ports = lib.concatMapStringsSep "," (x: toString x) [
     1194 # wireguard
-    3478 # turn
     51413 # transmission
   ];
+  open_tcp_ports_vpn = lib.concatMapStringsSep "," (x: toString x) [
+    22
+    80
+    443
+    8848
+    32400 # plex
+  ];
+  open_udp_ports_vpn = lib.concatMapStringsSep "," (x: toString x) [
+    53 # dns
+  ];
+
 in {
   networking = {
     # needed to use nftables
@@ -125,9 +135,8 @@ in {
 
                     iifname ${wan-if} tcp dport {${open_tcp_ports}} accept
                     iifname ${wan-if} udp dport {${open_udp_ports}} accept
-                    iifname ${vpn-if} tcp dport {${open_tcp_ports}} accept
+                    iifname ${vpn-if} tcp dport {${open_tcp_ports_vpn}} accept
-                    iifname ${vpn-if} udp dport {${open_udp_ports}} accept
+                    iifname ${vpn-if} udp dport {${open_udp_ports_vpn}} accept
-                    iifname ${vpn-if} udp dport 53 accept
                     iifname ${vpn-if} icmp type echo-request accept
 
                     jump filter_drop

hosts/architect/network.nix

@@ -43,6 +43,7 @@ rec {
   andrewdesktop-wg = "10.3.0.27";
   jacopo-wg = "10.3.0.28";
   frznn-wg = "10.3.0.29";
+  ludo-wg = "10.3.0.30";
   eleonora-wg = "10.3.0.100";
   angellane-wg = "10.3.0.200";
   hotpottino-wg = "10.3.0.201";

hosts/architect/wireguard.nix

@@ -30,6 +30,7 @@ with import ./network.nix; {
       ${mikeylaptop-wg}     mikeylaptop.devs.giugl.io
       ${wolfsonhouse-wg}    wolfsonhouse.devs.giugl.io
       ${frznn-wg}           frznn.devs.giugl.io
+      ${ludo-wg}            ludo.devs.giugl.io
     '';
 
     wireguard = {
@@ -101,7 +102,7 @@ with import ./network.nix; {
           {
             # parisa-phone
             allowedIPs = [ parisaphone-wg ];
-            publicKey = "t9EUnIkfr1b2HPlTXi17+AKMMe5VfeKq7exRVAwaai0=";
+            publicKey = "MGdaRMmsik7SLRUsijS0TctcKUD6Tnr7XugGJClTCC4=";
           }
 
           {
@@ -235,6 +236,12 @@ with import ./network.nix; {
             allowedIPs = [ frznn-wg ];
             publicKey = "dXcrdME6VnnE5PBYwvUmayf7cn2wpcExeCR9gIXOO0o=";
           }
+
+          {
+            # ludo
+            allowedIPs = [ ludo-wg ];
+            publicKey = "ecrxdzx7tQZwMPxZOjHUvxZT2xY79B6XEDIW+fhEtEM=";
+          }
         ];
       };
     };

lib/default.nix

@@ -1,5 +1,5 @@
 { pkgs, unstable, nixpkgs, nixos-unstable, home-manager, ... }: rec {
-  user = import ./user.nix { inherit pkgs; };
+  user = import ./user.nix { inherit pkgs unstable; };
   host = import ./host.nix {
     inherit pkgs nixpkgs unstable nixos-unstable home-manager user;
   };

lib/host.nix

@@ -31,6 +31,7 @@
         };
 
         home-manager.users.root.imports = [ ../roles/home/common.nix ];
+        home-manager.extraSpecialArgs.unstable = unstable;
       }
 
       home-manager.nixosModules.home-manager

lib/user.nix

@@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ pkgs, unstable, ... }:
 
 {
   mkUser = { name, roles ? [ ] }:
@@ -20,7 +20,7 @@
         extraGroups = [ "wheel" "plugdev" ];
       };
       
-      home-manager.users.${name}.imports = [ ../roles/home/common.nix ]
+      home-manager.users.${name}.imports = [ (mkRole "common") ]
         ++ roles_mod;
     };
 }

roles/home/common.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ config, pkgs, unstable, ... }:
 
 {
   imports = [ ./zsh.nix ./git.nix ];
@@ -15,6 +15,7 @@
 
   programs.neovim = {
     enable = true;
+    package = unstable.neovim-unwrapped;
     extraPackages = with pkgs; [
       nodePackages.prettier
       nodePackages.pyright
@@ -42,10 +43,6 @@
         " set line numbers
         set number
 
-      " YouCompleteMe
-      let g:ycm_key_list_stop_completion = ['<C-y>', '<CR>'] 
-      let g:ycm_key_list_select_completion = ['<Up>', '<Down>', '<TAB>'] 
-
         " enable indent guides
         let g:indent_guides_enable_on_vim_startup = 1
 
@@ -89,21 +86,108 @@
         " Enable trimmming of trailing whitespace
         let g:neoformat_basic_format_trim = 1
 
-      " lsp servers
         lua << EOF
-        require'lspconfig'.pyright.setup{}
+          ------------------
-        require'lspconfig'.rust_analyzer.setup{}
+          -- Setup nvim-cmp.
-        require'lspconfig'.rnix.setup{}
+          ------------------
-        require'lspconfig'.clangd.setup{}
+
+          -- Set completeopt to have a better completion experience
+          vim.o.completeopt = 'menuone,noselect'
+
+          local cmp = require'cmp'
+
+          cmp.setup({
+            snippet = {
+              -- REQUIRED - you must specify a snippet engine
+              expand = function(args)
+                vim.fn["vsnip#anonymous"](args.body) -- For `vsnip` users.
+              end,
+            },
+            mapping = {
+              ['<C-b>'] = cmp.mapping(cmp.mapping.scroll_docs(-4), { 'i', 'c' }),
+              ['<C-f>'] = cmp.mapping(cmp.mapping.scroll_docs(4), { 'i', 'c' }),
+              ['<C-Space>'] = cmp.mapping(cmp.mapping.complete(), { 'i', 'c' }),
+              ['<C-y>'] = cmp.config.disable, -- Specify `cmp.config.disable` if you want to remove the default `<C-y>` mapping.
+              ['<C-e>'] = cmp.mapping({
+                i = cmp.mapping.abort(),
+                c = cmp.mapping.close(),
+              }),
+              ['<CR>'] = cmp.mapping.confirm({ select = true }), -- Accept currently selected item. Set `select` to `false` to only confirm explicitly selected items.
+            },
+            sources = cmp.config.sources({
+              { name = 'nvim_lsp' },
+              { name = 'vsnip' }, -- For vsnip users.
+            }, {
+              { name = 'buffer' },
+            })
+          })
+
+          -- Use buffer source for `/` (if you enabled `native_menu`, this won't work anymore).
+          cmp.setup.cmdline('/', {
+            sources = {
+              { name = 'buffer' }
+            }
+          })
+
+          -- Use cmdline & path source for ':' (if you enabled `native_menu`, this won't work anymore).
+          cmp.setup.cmdline(':', {
+            sources = cmp.config.sources({
+              { name = 'path' }
+            }, {
+              { name = 'cmdline' }
+            })
+          })
+
+          -- Setup lspconfig.
+          local capabilities = require('cmp_nvim_lsp').update_capabilities(vim.lsp.protocol.make_client_capabilities())
+
+          --------------
+          -- LSP Servers
+          --------------
+
+          require'lspconfig'.pyright.setup{
+            capabilities = capabilities
+          }
+          require'lspconfig'.rust_analyzer.setup{
+            capabilities = capabilities
+          }
+          require'lspconfig'.rnix.setup{
+            capabilities = capabilities
+          }
+          require'lspconfig'.clangd.setup{
+            capabilities = capabilities,
+            cmd = {
+              "clangd",
+              "--background-index",
+              "--clang-tidy",
+            },
+          }
+
+          -------------------
+          -- TreeSitter setup
+          -------------------
+          require'nvim-treesitter.configs'.setup {
+            highlight = {
+              enable = true,
+              custom_captures = {
+              -- Highlight the @foo.bar capture group with the "Identifier" highlight group.
+                ["foo.bar"] = "Identifier",
+              },
+              -- Setting this to true will run `:h syntax` and tree-sitter at the same time.
+              -- Set this to `true` if you depend on 'syntax' being enabled (like for indentation).
+              -- Using this option may slow down your editor, and you may see some duplicate highlights.
+              -- Instead of true it can also be a list of languages
+              additional_vim_regex_highlighting = false,
+            },
+          }
       EOF
     '';
 
     viAlias = true;
     vimAlias = true;
-    plugins = with pkgs.vimPlugins; [
+    plugins = with unstable.vimPlugins; [
       vim-nix
       molokai
-      YouCompleteMe
       vim-airline
       vim-airline-themes
       vim-lsp
@@ -115,6 +199,11 @@
       vimtex
       neoformat
       nvim-lspconfig
+      vim-vsnip
+      nvim-cmp
+      cmp-nvim-lsp
+      (nvim-treesitter.withPlugins (_: pkgs.tree-sitter.allGrammars))
+      nvim-treesitter-textobjects
     ];
   };
 }