palo/nixos-config
palo/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

nixfmt: reformat all files

Browse source
This commit is contained in:
Ingolf Wagner 2019-12-20 17:54:26 +13:00
parent fccbc04336
commit 42d30d7edf
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
192 changed files with 5276 additions and 5151 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
configs/pepe/configuration.nix
View file

@ -1,6 +1,4 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }: {
{
imports = [ imports = [
@ -16,12 +14,10 @@
custom.samba-share = { custom.samba-share = {
enable = false; enable = false;
folders = { folders = { public = "/home/palo/movies"; };
public = "/home/palo/movies";
};
}; };
system.custom.wifi.interfaces = ["wlp3s0"]; system.custom.wifi.interfaces = [ "wlp3s0" ];
networking.hostName = "pepe"; networking.hostName = "pepe";
@ -62,4 +58,3 @@
} }

20
configs/pepe/hardware-configuration.nix
View file

@ -4,11 +4,10 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
{ {
imports = imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ]; boot.initrd.availableKernelModules =
[ "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
@ -41,23 +40,17 @@
nix.maxJobs = lib.mkDefault 4; nix.maxJobs = lib.mkDefault 4;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
# lvm volume group # lvm volume group
# ---------------- # ----------------
boot.initrd.luks.devices = [ boot.initrd.luks.devices = [{
{
name = "secure_vg"; name = "secure_vg";
device = "/dev/sda2"; device = "/dev/sda2";
preLVM = true; preLVM = true;
} }];
];
# NTFS support # NTFS support
# ------------ # ------------
environment.systemPackages = [ environment.systemPackages = [ pkgs.ntfs3g ];
pkgs.ntfs3g
];
# root # root
# ---- # ----
@ -74,5 +67,4 @@
fsType = "ext4"; fsType = "ext4";
}; };
} }

1
configs/pepe/samba.nix
View file

@ -1,5 +1,4 @@
{ config, ... }: { config, ... }:
{ {
} }

3
configs/pepe/syncthing.nix
View file

@ -1,5 +1,4 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }: {
{
test.services.syncthing = { test.services.syncthing = {
enable = true; enable = true;

25
configs/pepe/wifi-access-point.nix
View file

@ -1,22 +1,21 @@
{lib, pkgs, ... }: { lib, pkgs, ... }:
let let
wifi = "wlp0s29u1u2"; wifi = "wlp0s29u1u2";
ipAddress = "10.123.145.1"; ipAddress = "10.123.145.1";
prefixLength = 24; prefixLength = 24;
servedAddressRange = "10.123.145.2,10.123.145.150,12h"; servedAddressRange = "10.123.145.2,10.123.145.150,12h";
ssid="bumbumbum"; ssid = "bumbumbum";
wifiPassword=lib.fileContents <secrets/wifi-access-point>; wifiPassword = lib.fileContents <secrets/wifi-access-point>;
in
{ in {
# todo only open needed ports # todo only open needed ports
networking.firewall.trustedInterfaces = [ wifi ]; networking.firewall.trustedInterfaces = [ wifi ];
networking.networkmanager.unmanaged = [ wifi ]; networking.networkmanager.unmanaged = [ wifi ];
networking.dhcpcd.denyInterfaces = [ wifi ]; networking.dhcpcd.denyInterfaces = [ wifi ];
networking.interfaces."${wifi}".ipv4.addresses = [ { networking.interfaces."${wifi}".ipv4.addresses = [{
address = ipAddress; address = ipAddress;
prefixLength = prefixLength; prefixLength = prefixLength;
}]; }];
@ -35,10 +34,17 @@ in
# start manual # start manual
# wantedBy = [ "network.target" ]; # wantedBy = [ "network.target" ];
after = [ "${wifi}-cfg.service" "nat.service" "bind.service" "dhcpd.service" "sys-subsystem-net-devices-${wifi}.device" ]; after = [
"${wifi}-cfg.service"
"nat.service"
"bind.service"
"dhcpd.service"
"sys-subsystem-net-devices-${wifi}.device"
];
serviceConfig = { serviceConfig = {
ExecStart = "${pkgs.hostapd}/bin/hostapd ${pkgs.writeText "hostapd.conf" '' ExecStart = "${pkgs.hostapd}/bin/hostapd ${
pkgs.writeText "hostapd.conf" ''
interface=${wifi} interface=${wifi}
hw_mode=g hw_mode=g
channel=10 channel=10
@ -53,7 +59,8 @@ in
wpa_key_mgmt=WPA-PSK wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP rsn_pairwise=CCMP
wpa_passphrase=${wifiPassword} wpa_passphrase=${wifiPassword}
''}"; ''
}";
Restart = "always"; Restart = "always";
}; };
}; };

3
configs/porani/configuration.nix
View file

@ -1,5 +1,4 @@
{ pkgs, lib, config, ... }: { pkgs, lib, config, ... }: {
{
imports = [ imports = [
<system/server> <system/server>

28
configs/porani/hardware-configuration.nix
View file

@ -1,10 +1,8 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }: {
{ imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
imports =
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ]; boot.initrd.availableKernelModules =
[ "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.kernelModules = [ "dm-snapshot" ]; boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
@ -19,19 +17,15 @@
# lvm volume group # lvm volume group
# ---------------- # ----------------
boot.initrd.luks.devices = [ boot.initrd.luks.devices = [{
{
name = "vg"; name = "vg";
device = "/dev/sda2"; device = "/dev/sda2";
preLVM = true; preLVM = true;
} }];
];
# NTFS support # NTFS support
# ------------ # ------------
environment.systemPackages = [ environment.systemPackages = [ pkgs.ntfs3g ];
pkgs.ntfs3g
];
# root # root
# ---- # ----
@ -59,16 +53,14 @@
#"x-systemd.device-timeout=1ms" #"x-systemd.device-timeout=1ms"
]; ];
}; };
systemd.mounts = [ systemd.mounts = [{
{
enable = true; enable = true;
options = "nofail,noauto"; options = "nofail,noauto";
type = "ext4"; type = "ext4";
wantedBy = ["multi-user.target"]; wantedBy = [ "multi-user.target" ];
what = "/dev/disk/by-uuid/162c2f9e-8baa-4433-99fd-bb7e7b69472f"; what = "/dev/disk/by-uuid/162c2f9e-8baa-4433-99fd-bb7e7b69472f";
where = "/media"; where = "/media";
} }];
];
swapDevices = [ ]; swapDevices = [ ];

39
configs/porani/home-assistant.nix
View file

@ -1,6 +1,5 @@
{ pkgs, config, lib, ... }: { pkgs, config, lib, ... }:
let let unstablePkgs = import <nixpkgs-unstable> { };
unstablePkgs = import <nixpkgs-unstable> {};
in { in {
imports = [ imports = [
@ -15,7 +14,6 @@ in {
./home-assistant/zigbee2mqtt.nix ./home-assistant/zigbee2mqtt.nix
]; ];
services.homeAssistantConfig = { services.homeAssistantConfig = {
# turn on to edit GUI # turn on to edit GUI
@ -26,15 +24,11 @@ in {
longitude = 6.967006; longitude = 6.967006;
elevation = 116; elevation = 116;
auth_providers = [{
auth_providers = [
{
type = "trusted_networks"; type = "trusted_networks";
trusted_networks = [ trusted_networks =
config.module.cluster.services.tinc."private".networkSubnet [ config.module.cluster.services.tinc."private".networkSubnet ];
]; }];
}
];
}; };
prometheus.namespace = "hass"; prometheus.namespace = "hass";
@ -111,10 +105,7 @@ in {
control = "hidden"; control = "hidden";
name = "Today"; name = "Today";
view = false; view = false;
entities = [ entities = [ "sensor.weather_temperature" "sun.sun" ];
"sensor.weather_temperature"
"sun.sun"
];
}; };
all_lights = { all_lights = {
name = "All Lights"; name = "All Lights";
@ -146,7 +137,7 @@ in {
}; };
sun = {}; sun = { };
script.turn_all_off.sequence = [ ]; script.turn_all_off.sequence = [ ];
@ -154,7 +145,8 @@ in {
sensor = [ sensor = [
# Weather prediction # Weather prediction
{ platform = "zamg"; {
platform = "zamg";
name = "Weather"; name = "Weather";
} }
]; ];
@ -180,10 +172,9 @@ in {
}; };
services.home-assistant = { services.home-assistant = {
enable = true; enable = true;
package = unstablePkgs.home-assistant.override{ package = unstablePkgs.home-assistant.override {
python3 = unstablePkgs.python36; python3 = unstablePkgs.python36;
extraPackages = python: [ extraPackages = python: [
# todo : check which is still needed # todo : check which is still needed
@ -196,22 +187,20 @@ in {
python.paho-mqtt python.paho-mqtt
# needed for platform workday # needed for platform workday
(python.buildPythonPackage rec{ (python.buildPythonPackage rec {
pname = "holidays"; pname = "holidays";
version = "0.9.10"; version = "0.9.10";
src = python.fetchPypi { src = python.fetchPypi {
inherit pname version; inherit pname version;
sha256 = "9f06d143eb708e8732230260636938f2f57114e94defd8fa2082408e0d422d6f"; sha256 =
"9f06d143eb708e8732230260636938f2f57114e94defd8fa2082408e0d422d6f";
}; };
doCheck = false; doCheck = false;
buildInputs = [ pkgs.dateutils ]; buildInputs = [ pkgs.dateutils ];
propagatedBuildInputs = [ propagatedBuildInputs = [ python."python-dateutil" python."six" ];
python."python-dateutil"
python."six"
];
meta = with pkgs.stdenv.lib; { meta = with pkgs.stdenv.lib; {
homepage = "https://github.com/dr-prodigy/python-holidays"; homepage = "https://github.com/dr-prodigy/python-holidays";
license = licenses.mit; license = licenses.mit;

9
configs/porani/home-assistant/chaospott.nix
View file

@ -43,10 +43,7 @@ in {
"${name}" = { "${name}" = {
name = "ChaosPott (Essen)"; name = "ChaosPott (Essen)";
control = "hidden"; control = "hidden";
entities = [ entities = [ "sensor.${name}_aerie" "sensor.${name}_cellar" ];
"sensor.${name}_aerie"
"sensor.${name}_cellar"
];
}; };
view_overview.entities = [ "group.${name}" ]; view_overview.entities = [ "group.${name}" ];
}; };
@ -62,7 +59,8 @@ in {
Type = "oneshot"; Type = "oneshot";
}; };
description = "set ${name} for homeassistant"; description = "set ${name} for homeassistant";
script = /* sh */ '' script = # sh
''
${pkgs.curl}/bin/curl -Ls https://status.chaospott.de/api \ ${pkgs.curl}/bin/curl -Ls https://status.chaospott.de/api \
| ${pkgs.jq}/bin/jq --compact-output \ | ${pkgs.jq}/bin/jq --compact-output \
'.sensors.door_locked | '.sensors.door_locked |
@ -81,5 +79,4 @@ in {
}; };
}; };
} }

17
configs/porani/home-assistant/dayOfWeek.nix
View file

@ -7,13 +7,12 @@ let
in { in {
services.homeAssistantConfig = { services.homeAssistantConfig = {
sensor = [ sensor = [{
{ platform = "file"; platform = "file";
name = "day_of_week"; name = "day_of_week";
file_path = filePath; file_path = filePath;
value_template = "{{ value_json.dayOfWeek }}"; value_template = "{{ value_json.dayOfWeek }}";
} }];
];
homeassistant = { homeassistant = {
whitelist_external_dirs = [ folderPath ]; whitelist_external_dirs = [ folderPath ];
@ -23,11 +22,7 @@ in {
}; };
}; };
group = { group = { overview.entities = [ "sensor.day_of_week" ]; };
overview.entities = [
"sensor.day_of_week"
];
};
}; };
@ -40,7 +35,8 @@ in {
Type = "oneshot"; Type = "oneshot";
}; };
description = "set day of wek for homeassistant"; description = "set day of wek for homeassistant";
script = /* sh */ '' script = # sh
''
date +'{"dayOfWeek":"%A"}' >> ${filePath} date +'{"dayOfWeek":"%A"}' >> ${filePath}
''; '';
}; };
@ -53,5 +49,4 @@ in {
}; };
}; };
} }

15
configs/porani/home-assistant/holiday.nix
View file

@ -13,12 +13,14 @@ in {
# todo : use the python tool # todo : use the python tool
sensor = [ sensor = [
{ platform = "file"; {
platform = "file";
name = "${name}_date"; name = "${name}_date";
file_path = filePath; file_path = filePath;
value_template = "{{ value_json.date }}"; value_template = "{{ value_json.date }}";
} }
{ platform = "file"; {
platform = "file";
name = "${name}_name"; name = "${name}_name";
file_path = filePath; file_path = filePath;
value_template = "{{ value_json.name }}"; value_template = "{{ value_json.name }}";
@ -45,10 +47,7 @@ in {
name = "Feiertage"; name = "Feiertage";
view = false; view = false;
control = "hidden"; control = "hidden";
entities = [ entities = [ "sensor.${name}_date" "sensor.${name}_name" ];
"sensor.${name}_date"
"sensor.${name}_name"
];
}; };
view_overview.entities = [ "group.holidays" ]; view_overview.entities = [ "group.holidays" ];
@ -66,7 +65,8 @@ in {
Type = "oneshot"; Type = "oneshot";
}; };
description = "set ${name} for homeassistant"; description = "set ${name} for homeassistant";
script = /* sh */ '' script = # sh
''
${pkgs.curl}/bin/curl \ ${pkgs.curl}/bin/curl \
-Ls "https://feiertage-api.de/api/?jahr=$( date +%Y )&nur_land=${state}" \ -Ls "https://feiertage-api.de/api/?jahr=$( date +%Y )&nur_land=${state}" \
| ${pkgs.jq}/bin/jq --compact-output ' | ${pkgs.jq}/bin/jq --compact-output '
@ -89,5 +89,4 @@ in {
}; };
}; };
} }

18
configs/porani/home-assistant/kodi.nix
View file

@ -1,23 +1,19 @@
{ pkgs, config, lib, ... }: { pkgs, config, lib, ... }: {
{
services.homeAssistantConfig = { services.homeAssistantConfig = {
group.view_overview.entities = [ group.view_overview.entities = [ "media_player.kodi" ];
"media_player.kodi"
];
media_player = [ media_player = [{
{
platform = "kodi"; platform = "kodi";
host = "127.0.0.1"; host = "127.0.0.1";
turn_on_action.service = "script.watch_tv"; turn_on_action.service = "script.watch_tv";
turn_off_action.service = "script.stop_watch_tv"; turn_off_action.service = "script.stop_watch_tv";
} }];
];
shell_command = { shell_command = {
start_display = "sudo ${pkgs.systemd}/bin/systemctl start display-manager"; start_display =
"sudo ${pkgs.systemd}/bin/systemctl start display-manager";
stop_display = "sudo ${pkgs.systemd}/bin/systemctl stop display-manager"; stop_display = "sudo ${pkgs.systemd}/bin/systemctl stop display-manager";
}; };
@ -50,7 +46,7 @@
service = "switch.turn_on"; service = "switch.turn_on";
data.entity_id = "group.tv"; data.entity_id = "group.tv";
} }
{ delay.minutes = 1;} { delay.minutes = 1; }
{ {
alias = "start kodi"; alias = "start kodi";
service = "shell_command.start_display"; service = "shell_command.start_display";

16
configs/porani/home-assistant/mpd.nix
View file

@ -3,24 +3,18 @@
{ {
services.homeAssistantConfig = { services.homeAssistantConfig = {
group.view_overview.entities = [ group.view_overview.entities = [ "media_player.mpd" ];
"media_player.mpd"
];
media_player = [ media_player = [{
{
platform = "mpd"; platform = "mpd";
host = "localhost"; host = "localhost";
} }];
];
script.turn_all_off.sequence = [ script.turn_all_off.sequence = [{
{
alias = "turn mpd off"; alias = "turn mpd off";
service = "media_player.turn_off"; service = "media_player.turn_off";
data.entity_id = "media_player.mpd"; data.entity_id = "media_player.mpd";
} }];
];
script.turn_all_on.sequence = [ script.turn_all_on.sequence = [
{ {

98
configs/porani/home-assistant/sonoff.nix
View file

@ -1,22 +1,44 @@
{ pkgs, config, lib, ... }: { pkgs, config, lib, ... }:
let let unstablePkgs = import <nixpkgs-unstable> { };
unstablePkgs = import <nixpkgs-unstable> {};
in { in {
services.homeAssistantConfig = services.homeAssistantConfig = let
let
sonoffSwitches = { sonoffSwitches = {
"pal01" = { label = "Bett"; icon = "mdi:lightbulb-on"; }; "pal01" = {
"pal02" = { label = "Lampe"; icon = "mdi:lightbulb-on"; }; label = "Bett";
"pal03" = { label = "Couche"; icon = "mdi:lightbulb-on"; }; icon = "mdi:lightbulb-on";
"pal06" = { label = "Küche"; icon = "mdi:lightbulb-on"; }; };
"pal05" = { label = "TV"; icon = "mdi:television"; }; "pal02" = {
label = "Lampe";
icon = "mdi:lightbulb-on";
};
"pal03" = {
label = "Couche";
icon = "mdi:lightbulb-on";
};
"pal06" = {
label = "Küche";
icon = "mdi:lightbulb-on";
};
"pal05" = {
label = "TV";
icon = "mdi:television";
};
"pal04" = { label = "Nummer 4"; icon = "mdi:power-plug-off"; }; "pal04" = {
"pal07" = { label = "Nummer 7"; icon = "mdi:power-plug-off"; }; label = "Nummer 4";
"pal08" = { label = "Nummer 8"; icon = "mdi:power-plug-off"; }; icon = "mdi:power-plug-off";
};
"pal07" = {
label = "Nummer 7";
icon = "mdi:power-plug-off";
};
"pal08" = {
label = "Nummer 8";
icon = "mdi:power-plug-off";
};
}; };
toSwitch = name: "switch.${name}"; toSwitch = name: "switch.${name}";
@ -24,16 +46,13 @@ in {
in { in {
homeassistant = { homeassistant = {
customize = lib.mapAttrs' ( customize = lib.mapAttrs' (entity: value: {
entity: value:
{
name = toSwitch entity; name = toSwitch entity;
value = { value = {
friendly_name = value.label; friendly_name = value.label;
icon = value.icon; icon = value.icon;
}; };
} }) sonoffSwitches;
) sonoffSwitches;
}; };
script.turn_all_off.sequence = [ script.turn_all_off.sequence = [
@ -49,27 +68,17 @@ in {
} }
]; ];
script.turn_all_on.sequence = [ script.turn_all_on.sequence = [{
{
alias = "turn on all lights"; alias = "turn on all lights";
service = "switch.turn_on"; service = "switch.turn_on";
data.entity_id = "group.all_lights"; data.entity_id = "group.all_lights";
} }];
];
group = { group = {
bed_room = { bed_room = { entities = builtins.map toSwitch [ "pal01" ]; };
entities = builtins.map toSwitch [ "pal01" ]; living_room = { entities = builtins.map toSwitch [ "pal03" "pal02" ]; };
}; tv = { entities = builtins.map toSwitch [ "pal05" ]; };
living_room = { kitchen = { entities = builtins.map toSwitch [ "pal06" ]; };
entities = builtins.map toSwitch [ "pal03" "pal02" ];
};
tv = {
entities = builtins.map toSwitch [ "pal05" ];
};
kitchen = {
entities = builtins.map toSwitch [ "pal06" ];
};
unknown = { unknown = {
entities = builtins.map toSwitch [ "pal04" "pal07" "pal08" ]; entities = builtins.map toSwitch [ "pal04" "pal07" "pal08" ];
}; };
@ -78,10 +87,8 @@ in {
}; };
}; };
switch = switch = let
let sonoffConfigurations = builtins.map (name: {
sonoffConfigurations = builtins.map (name:
{
name = name; name = name;
platform = "mqtt"; platform = "mqtt";
command_topic = "cmnd/${lib.toUpper name}/POWER"; command_topic = "cmnd/${lib.toUpper name}/POWER";
@ -90,29 +97,24 @@ in {
payload_off = "OFF"; payload_off = "OFF";
state_on = "ON"; state_on = "ON";
state_off = "OFF"; state_off = "OFF";
}) (builtins.attrNames sonoffSwitches) ; }) (builtins.attrNames sonoffSwitches);
in in sonoffConfigurations;
sonoffConfigurations;
# discover state on init # discover state on init
automation = [ automation = [{
{
alias = "Sonoff initial Power state"; alias = "Sonoff initial Power state";
trigger = { trigger = {
platform = "homeassistant"; platform = "homeassistant";
event = "start"; event = "start";
}; };
action = builtins.map ( name: action = builtins.map (name: {
{
service = "mqtt.publish"; service = "mqtt.publish";
data = { data = {
topic = "cmnd/${lib.toUpper name}/power"; topic = "cmnd/${lib.toUpper name}/power";
payload = ""; payload = "";
}; };
}) }) (builtins.attrNames sonoffSwitches);
(builtins.attrNames sonoffSwitches); }];
}
];
}; };
} }

70
configs/porani/home-assistant/timer.nix
View file

@ -1,19 +1,13 @@
{ config, ... }: { config, ... }: {
{
imports = [ ./mpd.nix ]; imports = [ ./mpd.nix ];
services.homeAssistantConfig = { services.homeAssistantConfig = {
sensor = [ sensor = [{
{
platform = "time_date"; platform = "time_date";
display_options = [ display_options = [ "time" "date" ];
"time" }];
"date"
];
}
];
input_datetime = { input_datetime = {
wakeup = { wakeup = {
@ -101,30 +95,21 @@
view = false; view = false;
name = "Leave Time"; name = "Leave Time";
control = "hidden"; control = "hidden";
entities = [ entities = [ "input_boolean.leave" "input_datetime.leave" ];
"input_boolean.leave"
"input_datetime.leave"
];
}; };
timer_return = { timer_return = {
view = false; view = false;
name = "Nach Hause kommen"; name = "Nach Hause kommen";
control = "hidden"; control = "hidden";
entities = [ entities = [ "input_boolean.return" "input_datetime.return" ];
"input_boolean.return"
"input_datetime.return"
];
}; };
timer_sleep = { timer_sleep = {
view = false; view = false;
name = "Einschlafen"; name = "Einschlafen";
control = "hidden"; control = "hidden";
entities = [ entities = [ "input_boolean.sleep" "input_datetime.sleep" ];
"input_boolean.sleep"
"input_datetime.sleep"
];
}; };
timers.entities = [ timers.entities = [
@ -136,10 +121,7 @@
"binary_sensor.daytime" "binary_sensor.daytime"
]; ];
today.entities = [ today.entities = [ "sensor.date" "sensor.time" ];
"sensor.date"
"sensor.time"
];
view_overview.entities = [ view_overview.entities = [
"group.timer_wakeup" "group.timer_wakeup"
@ -199,21 +181,17 @@
}; };
condition = { condition = {
condition = "and"; condition = "and";
conditions = [ conditions = [{
{
condition = "state"; condition = "state";
entity_id = "input_boolean.leave"; entity_id = "input_boolean.leave";
state = "on"; state = "on";
} }];
];
}; };
action = [ action = [{
{
alias = "turn all off"; alias = "turn all off";
service = "script.turn_on"; service = "script.turn_on";
entity_id = "script.turn_all_off"; entity_id = "script.turn_all_off";
} }];
];
} }
{ {
@ -225,21 +203,17 @@
}; };
condition = { condition = {
condition = "and"; condition = "and";
conditions = [ conditions = [{
{
condition = "state"; condition = "state";
entity_id = "input_boolean.return"; entity_id = "input_boolean.return";
state = "on"; state = "on";
} }];
];
}; };
action = [ action = [{
{
alias = "turn all on"; alias = "turn all on";
service = "script.turn_on"; service = "script.turn_on";
entity_id = "script.turn_all_on"; entity_id = "script.turn_all_on";
} }];
];
} }
{ {
@ -251,21 +225,17 @@
}; };
condition = { condition = {
condition = "and"; condition = "and";
conditions = [ conditions = [{
{
condition = "state"; condition = "state";
entity_id = "input_boolean.sleep"; entity_id = "input_boolean.sleep";
state = "on"; state = "on";
} }];
];
}; };
action = [ action = [{
{
alias = "turn all off"; alias = "turn all off";
service = "script.turn_on"; service = "script.turn_on";
entity_id = "script.turn_all_off"; entity_id = "script.turn_all_off";
} }];
];
} }
]; ];

115
configs/porani/home-assistant/zigbee2mqtt.nix
View file

@ -1,4 +1,4 @@
{ pkgs, lib, config , ... }: { pkgs, lib, config, ... }:
let let
# allow new devices to join # allow new devices to join
@ -17,9 +17,7 @@ let
"temperature_sensor_1".id = "0x00158d0002d79220"; "temperature_sensor_1".id = "0x00158d0002d79220";
"temperature_sensor_2".id = "0x00158d0002d7913d"; "temperature_sensor_2".id = "0x00158d0002d7913d";
}; };
motion = { motion = { "motion_sensor_1".id = "0x00158d0002fbd451"; };
"motion_sensor_1".id = "0x00158d0002fbd451";
};
}; };
# todo : rename with allSensors # todo : rename with allSensors
@ -52,21 +50,19 @@ let
disable_led = true; disable_led = true;
}; };
devices = lib.mapAttrs' ( devices = lib.mapAttrs' (name:
name: { id , ... }: { id, ... }: {
{
name = id; name = id;
value = { value = {
retain = false; retain = false;
friendly_name = name; friendly_name = name;
}; };
} }) allSensors;
) allSensors;
}; };
configurationYaml = pkgs.writeText "configuration.yml" (builtins.toJSON zigBee2MqttConfig); configurationYaml =
in pkgs.writeText "configuration.yml" (builtins.toJSON zigBee2MqttConfig);
{ in {
imports = [ ./mqtt.nix ]; imports = [ ./mqtt.nix ];
services.homeAssistantConfig = { services.homeAssistantConfig = {
@ -74,22 +70,20 @@ in
# group.unknown.entities = [ "sensor.button_1" ]; # group.unknown.entities = [ "sensor.button_1" ];
sensor = let sensor = let
buttons = with lib; mapAttrsToList ( buttons = with lib;
name: {...}: mapAttrsToList (name:
{ { ... }: {
platform = "mqtt"; platform = "mqtt";
name = name; name = name;
icon = "mdi:toggle-switch"; icon = "mdi:toggle-switch";
state_topic = "zigbee2mqtt/${name}"; state_topic = "zigbee2mqtt/${name}";
availability_topic = "zigbee2mqtt/bridge/state"; availability_topic = "zigbee2mqtt/bridge/state";
value_template = "{{ value_json.click }}"; value_template = "{{ value_json.click }}";
} }) sensors.buttons;
) sensors.buttons;
temperature = with lib;
temperature = with lib; mapAttrsToList ( mapAttrsToList (name:
name: {...}: { ... }: [
[
{ {
platform = "mqtt"; platform = "mqtt";
name = name; name = name;
@ -117,12 +111,10 @@ in
device_class = "pressure"; device_class = "pressure";
value_template = "{{ value_json.pressure }}"; value_template = "{{ value_json.pressure }}";
} }
] ]) sensors.temperature;
) sensors.temperature;
informations = lib.mapAttrsToList ( informations = lib.mapAttrsToList (name:
name: {...}: { ... }: [
[
{ {
platform = "mqtt"; platform = "mqtt";
name = "battery_${name}"; name = "battery_${name}";
@ -140,17 +132,14 @@ in
unit_of_measurement = "-"; unit_of_measurement = "-";
value_template = "{{ value_json.linkquality }}"; value_template = "{{ value_json.linkquality }}";
} }
] ]) allSensors;
) allSensors;
in in lib.flatten (buttons ++ temperature ++ informations);
lib.flatten ( buttons ++ temperature ++ informations );
binary_sensor = let binary_sensor = let
motion = lib.mapAttrsToList ( motion = lib.mapAttrsToList (name:
name: { ... }: { ... }: {
{
name = name; name = name;
platform = "mqtt"; platform = "mqtt";
device_class = "motion"; device_class = "motion";
@ -160,31 +149,24 @@ in
payload_on = true; payload_on = true;
payload_off = false; payload_off = false;
value_template = "{{ value_json.occupancy }}"; value_template = "{{ value_json.occupancy }}";
} }) sensors.motion;
) sensors.motion; in lib.flatten (motion);
in
lib.flatten ( motion );
group = let group = let
information = name: [ "sensor.battery_${name}" "sensor.link_${name}" ]; information = name: [ "sensor.battery_${name}" "sensor.link_${name}" ];
sensor = lib.mapAttrs' ( sensor = lib.mapAttrs' (name:
name: {...}: { ... }: {
{
name = name; name = name;
value = { value = {
control = "hidden"; control = "hidden";
entities = ["sensor.${name}"] ++ (information name); entities = [ "sensor.${name}" ] ++ (information name);
}; };
} }) (sensors.buttons);
) (sensors.buttons);
sensorTemperature = lib.mapAttrs' ( sensorTemperature = lib.mapAttrs' (name:
name: { ... }: { ... }: {
{
name = name; name = name;
value = { value = {
control = "hidden"; control = "hidden";
@ -194,36 +176,31 @@ in
"sensor.pressure_${name}" "sensor.pressure_${name}"
] ++ (information name); ] ++ (information name);
}; };
} }) (sensors.temperature);
) (sensors.temperature);
binarySensor = lib.mapAttrs' ( binarySensor = lib.mapAttrs' (name:
name: { ... }: { ... }: {
{
name = name; name = name;
value = { value = {
control = "hidden"; control = "hidden";
entities = [ "binary_sensor.${name}" ] ++ (information name); entities = [ "binary_sensor.${name}" ] ++ (information name);
}; };
} }) (sensors.motion);
) (sensors.motion);
views = { views = {
view_sensors = { view_sensors = {
name = "Sensoren"; name = "Sensoren";
control = "hidden"; control = "hidden";
view = true; view = true;
entities = lib.mapAttrsToList (name: { ... }: "group.${name}") allSensors; entities =
lib.mapAttrsToList (name: { ... }: "group.${name}") allSensors;
}; };
}; };
in in views // sensor // binarySensor // sensorTemperature;
views // sensor // binarySensor // sensorTemperature ;
automation = automation = let
let lights = map (button: {
lights = map (button:
{
alias = "Toggle all lights, on click"; alias = "Toggle all lights, on click";
trigger = { trigger = {
platform = "mqtt"; platform = "mqtt";
@ -237,9 +214,8 @@ in
service = "switch.toggle"; service = "switch.toggle";
entity_id = "group.all_lights"; entity_id = "group.all_lights";
}; };
}) ["button_1" "button_2" "button_3"]; }) [ "button_1" "button_2" "button_3" ];
mpd = map (button: mpd = map (button: {
{
alias = "Toggle mpd, on double click"; alias = "Toggle mpd, on double click";
trigger = { trigger = {
platform = "mqtt"; platform = "mqtt";
@ -254,9 +230,8 @@ in
# todo use a group here # todo use a group here
entity_id = "media_player.mpd"; entity_id = "media_player.mpd";
}; };
}) ["button_1" "button_2" "button_3"]; }) [ "button_1" "button_2" "button_3" ];
in in lights ++ mpd;
lights ++ mpd;
# click = double => music an aus # click = double => music an aus
@ -270,7 +245,8 @@ in
systemd.services."zigbee2mqtt" = { systemd.services."zigbee2mqtt" = {
enable = true; enable = true;
description = "Allows you to use your Zigbee devices without the vendors bridge/gateway."; description =
"Allows you to use your Zigbee devices without the vendors bridge/gateway.";
after = [ "docker.service" ]; after = [ "docker.service" ];
requires = [ "docker.service" ]; requires = [ "docker.service" ];
# todo : udev rule erstellen, die diesen service erst startet, dieses wanted by ist labil # todo : udev rule erstellen, die diesen service erst startet, dieses wanted by ist labil
@ -300,5 +276,4 @@ in
''; '';
}; };
} }

8
configs/porani/kodi.nix
View file

@ -1,6 +1,4 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }: {
{
services.xserver = { services.xserver = {
enable = true; enable = true;
@ -10,7 +8,7 @@
default = "kodi"; default = "kodi";
xterm.enable = false; xterm.enable = false;
}; };
displayManager ={ displayManager = {
sddm = { sddm = {
enable = true; enable = true;
autoLogin = { autoLogin = {
@ -24,7 +22,7 @@
users = { users = {
# mutableUsers = true; # mutableUsers = true;
users.kodi= { users.kodi = {
isNormalUser = true; isNormalUser = true;
name = "kodi"; name = "kodi";
uid = 1338; uid = 1338;

3
configs/porani/mpd.nix
View file

@ -1,5 +1,4 @@
{ config, lib, ... }: { config, lib, ... }: {
{
sound.enable = true; sound.enable = true;

6
configs/porani/packages.nix
View file

@ -1,7 +1,5 @@
{ pkgs, ... }: { pkgs, ... }: {
{
environment.systemPackages = [ environment.systemPackages = [ ];
];
} }

10
configs/porani/syncthing.nix
View file

@ -1,11 +1,11 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }: {
{
custom.samba-share = { custom.samba-share = {
enable = true; enable = true;
folders = { folders = {
movies = config.test.services.syncthing.declarative.folders.movies.path; movies = config.test.services.syncthing.declarative.folders.movies.path;
series = config.test.services.syncthing.declarative.folders.series.path; series = config.test.services.syncthing.declarative.folders.series.path;
music = config.test.services.syncthing.declarative.folders.music-library.path; music =
config.test.services.syncthing.declarative.folders.music-library.path;
}; };
}; };
@ -58,7 +58,7 @@
enable = true; enable = true;
path = "/media/series"; path = "/media/series";
}; };
smartphone-music= { smartphone-music = {
enable = true; enable = true;
path = "/media/smartphone-music"; path = "/media/smartphone-music";
}; };
@ -82,7 +82,7 @@
users.groups."syncthing".members = [ "mpd" "syncthing" "kodi" "palo" ]; users.groups."syncthing".members = [ "mpd" "syncthing" "kodi" "palo" ];
backup.all.restic.dirs = ["/var/lib/syncthing/finance"]; backup.all.restic.dirs = [ "/var/lib/syncthing/finance" ];
} }

3
configs/porani/tinc.nix
View file

@ -1,5 +1,4 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }: {
{
module.cluster.services.tinc = { module.cluster.services.tinc = {
"private" = { "private" = {

28
configs/porani/wifi-access-point.nix
View file

@ -1,23 +1,23 @@
{lib, pkgs, ... }: { lib, pkgs, ... }:
let let
wifi = "wlp0s29u1u2"; wifi = "wlp0s29u1u2";
ipAddress = "10.23.45.1"; ipAddress = "10.23.45.1";
prefixLength = 24; prefixLength = 24;
servedAddressRange = "10.23.45.2,10.23.45.150,12h"; servedAddressRange = "10.23.45.2,10.23.45.150,12h";
ssid="palosiot"; ssid = "palosiot";
wifiPassword=lib.fileContents <secrets/iot_wifi>; wifiPassword = lib.fileContents <secrets/iot_wifi>;
in
{ in {
# todo only open needed ports # todo only open needed ports
networking.firewall.trustedInterfaces = [ wifi ]; networking.firewall.trustedInterfaces = [ wifi ];
networking.networkmanager.unmanaged = [ wifi ]; networking.networkmanager.unmanaged = [ wifi ];
networking.dhcpcd.denyInterfaces = [ wifi ]; networking.dhcpcd.denyInterfaces = [ wifi ];
networking.interfaces."${wifi}".ipv4.addresses = [ { networking.interfaces."${wifi}".ipv4.addresses = [{
address = ipAddress; prefixLength = prefixLength; address = ipAddress;
prefixLength = prefixLength;
}]; }];
systemd.services.hostapd = { systemd.services.hostapd = {
@ -25,10 +25,17 @@ in
path = [ pkgs.hostapd ]; path = [ pkgs.hostapd ];
wantedBy = [ "network.target" ]; wantedBy = [ "network.target" ];
after = [ "${wifi}-cfg.service" "nat.service" "bind.service" "dhcpd.service" "sys-subsystem-net-devices-${wifi}.device" ]; after = [
"${wifi}-cfg.service"
"nat.service"
"bind.service"
"dhcpd.service"
"sys-subsystem-net-devices-${wifi}.device"
];
serviceConfig = { serviceConfig = {
ExecStart = "${pkgs.hostapd}/bin/hostapd ${pkgs.writeText "hostapd.conf" '' ExecStart = "${pkgs.hostapd}/bin/hostapd ${
pkgs.writeText "hostapd.conf" ''
interface=${wifi} interface=${wifi}
hw_mode=g hw_mode=g
channel=10 channel=10
@ -43,7 +50,8 @@ in
wpa_key_mgmt=WPA-PSK wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP rsn_pairwise=CCMP
wpa_passphrase=${wifiPassword} wpa_passphrase=${wifiPassword}
''}"; ''
}";
Restart = "always"; Restart = "always";
}; };
}; };

7
configs/sputnik/configuration.nix
View file

@ -1,5 +1,4 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }: {
{
imports = [ imports = [
<system/proxy> <system/proxy>
@ -31,7 +30,8 @@
balance = false; balance = false;
}; };
services.custom.ssh.sshd.rootKeyFiles = [ (toString <secrets/ssh/jenkins_rsa.pub>) ]; services.custom.ssh.sshd.rootKeyFiles =
[ (toString <secrets/ssh/jenkins_rsa.pub>) ];
# make sure ssh is only available trough the tinc # make sure ssh is only available trough the tinc
networking.firewall.extraCommands = '' networking.firewall.extraCommands = ''
@ -40,4 +40,3 @@
} }

11
configs/sputnik/hardware-configuration.nix
View file

@ -4,16 +4,15 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
{ {
imports = imports = [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ];
[ <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ]; boot.initrd.availableKernelModules =
[ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ];
boot.kernelModules = [ ]; boot.kernelModules = [ ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-uuid/8f2986a3-d2b0-4735-be98-9ec081b87984"; device = "/dev/disk/by-uuid/8f2986a3-d2b0-4735-be98-9ec081b87984";
fsType = "ext4"; fsType = "ext4";
}; };

13
configs/sputnik/mail-server.nix
View file

@ -1,8 +1,8 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }: {
{
imports = [ imports = [
(builtins.fetchTarball { (builtins.fetchTarball {
url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.2.1/nixos-mailserver-v2.2.1.tar.gz"; url =
"https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.2.1/nixos-mailserver-v2.2.1.tar.gz";
sha256 = "03d49v8qnid9g9rha0wg2z6vic06mhp0b049s3whccn1axvs2zzx"; sha256 = "03d49v8qnid9g9rha0wg2z6vic06mhp0b049s3whccn1axvs2zzx";
}) })
]; ];
@ -16,14 +16,13 @@
# nix-shell -p mkpasswd --run 'mkpasswd -m sha-512 "super secret password"' # nix-shell -p mkpasswd --run 'mkpasswd -m sha-512 "super secret password"'
loginAccounts = { loginAccounts = {
"root@gaykraft.com" = { "root@gaykraft.com" = {
hashedPassword = lib.fileContents <secrets/mailserver/hashedPasswords/root_at_gaykraft.com>; hashedPassword = lib.fileContents
<secrets/mailserver/hashedPasswords/root_at_gaykraft.com>;
#aliases = [ #aliases = [
# "postmaster@gaykraft.com" # "postmaster@gaykraft.com"
#]; #];
# Make this user the catchAll address for domains # Make this user the catchAll address for domains
catchAll = [ catchAll = [ "gaykraft.com" ];
"gaykraft.com"
];
}; };
}; };

91
configs/sputnik/nginx.nix
View file

@ -1,5 +1,4 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }: {
{
networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedTCPPorts = [ 80 443 ];
@ -9,26 +8,38 @@
"git.ingolf-wagner.de" = { "git.ingolf-wagner.de" = {
listen = [ listen = [
{ addr = "0.0.0.0"; port = 4443; ssl = true; } {
{ addr = "0.0.0.0"; port = 80; ssl = false; } addr = "0.0.0.0";
port = 4443;
ssl = true;
}
{
addr = "0.0.0.0";
port = 80;
ssl = false;
}
]; ];
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations."/" = { locations."/" = { proxyPass = "http://workhorse.private:3000"; };
proxyPass = "http://workhorse.private:3000";
};
}; };
"paste.ingolf-wagner.de" = { "paste.ingolf-wagner.de" = {
listen = [ listen = [
{ addr = "0.0.0.0"; port = 4443; ssl = true; } {
{ addr = "0.0.0.0"; port = 80; ssl = false; } addr = "0.0.0.0";
port = 4443;
ssl = true;
}
{
addr = "0.0.0.0";
port = 80;
ssl = false;
}
]; ];
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations."/" = { locations."/" = { proxyPass = "http://workhorse.private:8000"; };
proxyPass = "http://workhorse.private:8000";
};
}; };
#"landing.ingolf-wagner.de" = { #"landing.ingolf-wagner.de" = {
@ -46,8 +57,16 @@
"tech.ingolf-wagner.de" = { "tech.ingolf-wagner.de" = {
listen = [ listen = [
{ addr = "0.0.0.0"; port = 4443; ssl = true; } {
{ addr = "0.0.0.0"; port = 80; ssl = false; } addr = "0.0.0.0";
port = 4443;
ssl = true;
}
{
addr = "0.0.0.0";
port = 80;
ssl = false;
}
]; ];
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
@ -63,8 +82,16 @@
"terranix.org" = { "terranix.org" = {
listen = [ listen = [
{ addr = "0.0.0.0"; port = 4443; ssl = true; } {
{ addr = "0.0.0.0"; port = 80; ssl = false; } addr = "0.0.0.0";
port = 4443;
ssl = true;
}
{
addr = "0.0.0.0";
port = 80;
ssl = false;
}
]; ];
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
@ -78,11 +105,18 @@
}; };
}; };
"seafile.gaykraft.com" = { "seafile.gaykraft.com" = {
listen = [ listen = [
{ addr = "0.0.0.0"; port = 4443; ssl = true; } {
{ addr = "0.0.0.0"; port = 80; ssl = false; } addr = "0.0.0.0";
port = 4443;
ssl = true;
}
{
addr = "0.0.0.0";
port = 80;
ssl = false;
}
]; ];
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
@ -105,14 +139,20 @@
"gaykraft.com" = { "gaykraft.com" = {
listen = [ listen = [
{ addr = "0.0.0.0"; port = 4443; ssl = true; } {
{ addr = "0.0.0.0"; port = 80; ssl = false; } addr = "0.0.0.0";
port = 4443;
ssl = true;
}
{
addr = "0.0.0.0";
port = 80;
ssl = false;
}
]; ];
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations."/" = { locations."/" = { root = "/srv/www/gaykraft"; };
root = "/srv/www/gaykraft";
};
}; };
}; };
@ -124,7 +164,8 @@
port = 443; port = 443;
verbose = false; verbose = false;
transparent = true; transparent = true;
appendConfig = /* json */ '' appendConfig = # json
''
protocols: protocols:
( (
{ name: "ssh"; service: "ssh"; host: "localhost"; port: "2222"; probe: "builtin"; }, { name: "ssh"; service: "ssh"; host: "localhost"; port: "2222"; probe: "builtin"; },

3
configs/sputnik/tinc.nix
View file

@ -1,5 +1,4 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }: {
{
module.cluster.services.tinc = { module.cluster.services.tinc = {
"private" = { "private" = {
enable = true; enable = true;

7
configs/sterni/configuration.nix
View file

@ -1,6 +1,4 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }: {
{
imports = [ imports = [
@ -17,7 +15,7 @@
networking.hostName = "sterni"; networking.hostName = "sterni";
system.custom.wifi.interfaces = ["wlp3s0"]; system.custom.wifi.interfaces = [ "wlp3s0" ];
security.wrappers = { security.wrappers = {
pmount.source = "${pkgs.pmount}/bin/pmount"; pmount.source = "${pkgs.pmount}/bin/pmount";
@ -71,4 +69,3 @@
} }

18
configs/sterni/hardware-configuration.nix
View file

@ -5,11 +5,10 @@
{ {
imports = imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" ]; boot.initrd.availableKernelModules =
[ "ehci_pci" "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.kernelModules = [ "dm-snapshot" ]; boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
@ -43,19 +42,15 @@
# lvm volume group # lvm volume group
# ---------------- # ----------------
boot.initrd.luks.devices = [ boot.initrd.luks.devices = [{
{
name = "vg"; name = "vg";
device = "/dev/sda2"; device = "/dev/sda2";
preLVM = true; preLVM = true;
} }];
];
# NTFS support # NTFS support
# ------------ # ------------
environment.systemPackages = [ environment.systemPackages = [ pkgs.ntfs3g ];
pkgs.ntfs3g
];
# root # root
# ---- # ----
@ -88,5 +83,4 @@
fsType = "vfat"; fsType = "vfat";
}; };
} }

8
configs/sterni/packages.nix
View file

@ -1,9 +1,5 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }: {
{
environment.systemPackages = with pkgs ; [ environment.systemPackages = with pkgs; [ bitwig-studio sononym ];
bitwig-studio
sononym
];
} }

5
configs/sterni/syncthing.nix
View file

@ -1,5 +1,4 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }: {
{
test.services.syncthing = { test.services.syncthing = {
enable = true; enable = true;
@ -43,7 +42,7 @@
enable = true; enable = true;
path = "/home/palo/smartphone-fotos"; path = "/home/palo/smartphone-fotos";
}; };
smartphone-music= { smartphone-music = {
enable = true; enable = true;
path = "/home/palo/smartphone-music"; path = "/home/palo/smartphone-music";
}; };

25
configs/sterni/wifi-access-point.nix
View file

@ -1,22 +1,21 @@
{lib, pkgs, ... }: { lib, pkgs, ... }:
let let
wifi = "wlp0s29u1u2"; wifi = "wlp0s29u1u2";
ipAddress = "10.123.145.1"; ipAddress = "10.123.145.1";
prefixLength = 24; prefixLength = 24;
servedAddressRange = "10.123.145.2,10.123.145.150,12h"; servedAddressRange = "10.123.145.2,10.123.145.150,12h";
ssid="bumbumbum"; ssid = "bumbumbum";
wifiPassword=lib.fileContents <secrets/wifi-access-point>; wifiPassword = lib.fileContents <secrets/wifi-access-point>;
in
{ in {
# todo only open needed ports # todo only open needed ports
networking.firewall.trustedInterfaces = [ wifi ]; networking.firewall.trustedInterfaces = [ wifi ];
networking.networkmanager.unmanaged = [ wifi ]; networking.networkmanager.unmanaged = [ wifi ];
networking.dhcpcd.denyInterfaces = [ wifi ]; networking.dhcpcd.denyInterfaces = [ wifi ];
networking.interfaces."${wifi}".ipv4.addresses = [ { networking.interfaces."${wifi}".ipv4.addresses = [{
address = ipAddress; address = ipAddress;
prefixLength = prefixLength; prefixLength = prefixLength;
}]; }];
@ -35,10 +34,17 @@ in
# start manual # start manual
# wantedBy = [ "network.target" ]; # wantedBy = [ "network.target" ];
after = [ "${wifi}-cfg.service" "nat.service" "bind.service" "dhcpd.service" "sys-subsystem-net-devices-${wifi}.device" ]; after = [
"${wifi}-cfg.service"
"nat.service"
"bind.service"
"dhcpd.service"
"sys-subsystem-net-devices-${wifi}.device"
];
serviceConfig = { serviceConfig = {
ExecStart = "${pkgs.hostapd}/bin/hostapd ${pkgs.writeText "hostapd.conf" '' ExecStart = "${pkgs.hostapd}/bin/hostapd ${
pkgs.writeText "hostapd.conf" ''
interface=${wifi} interface=${wifi}
hw_mode=g hw_mode=g
channel=10 channel=10
@ -53,7 +59,8 @@ in
wpa_key_mgmt=WPA-PSK wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP rsn_pairwise=CCMP
wpa_passphrase=${wifiPassword} wpa_passphrase=${wifiPassword}
''}"; ''
}";
Restart = "always"; Restart = "always";
}; };
}; };

22
configs/workhorse/bepasty.nix
View file

@ -1,8 +1,7 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
with lib; with lib;
let let port = 8000;
port = 8000;
in { in {
# configure nginx # configure nginx
@ -18,7 +17,9 @@ in {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 90; proxy_read_timeout 90;
proxy_redirect http://localhost:${toString port} https://paste.workhorse.private/; proxy_redirect http://localhost:${
toString port
} https://paste.workhorse.private/;
''; '';
}; };
}; };
@ -38,19 +39,20 @@ in {
secretKeyFile = config.krops.userKeys."bepasty".target; secretKeyFile = config.krops.userKeys."bepasty".target;
extraConfig = '' extraConfig = ''
PERMISSIONS = { PERMISSIONS = {
'${lib.fileContents <common_secrets/bepasty/admin-password>}': 'admin,list,create,read,delete', '${
lib.fileContents <common_secrets/bepasty/admin-password>
}': 'admin,list,create,read,delete',
} }
''; '';
}; };
}; };
/* fix bepasty service */ # fix bepasty service
nixpkgs.overlays = let nixpkgs.overlays = let
overlay = self: super: overlay = self: super: {
{ bepasty =
bepasty = super.bepasty.override { python3Packages = pkgs.python27Packages; }; super.bepasty.override { python3Packages = pkgs.python27Packages; };
}; };
in in [ overlay ];
[ overlay ];
} }

3
configs/workhorse/configuration.nix
View file

@ -1,5 +1,4 @@
{ lib, config, pkgs, ... }: { lib, config, pkgs, ... }: {
{
imports = [ imports = [
<system/server> <system/server>

9
configs/workhorse/gogs.nix
View file

@ -1,14 +1,15 @@
{ config, lib, ... }: { config, lib, ... }: {
{
services.nginx = { services.nginx = {
enable = true; enable = true;
statusPage = true; statusPage = true;
virtualHosts = { virtualHosts = {
"gogs.${config.networking.hostName}.private" = { "gogs.${config.networking.hostName}.private" = {
serverAliases = ["git.${config.networking.hostName}.private"]; serverAliases = [ "git.${config.networking.hostName}.private" ];
locations."/" = { locations."/" = {
proxyPass = "http://${config.networking.hostName}.private:${toString config.services.gogs.httpPort}"; proxyPass = "http://${config.networking.hostName}.private:${
toString config.services.gogs.httpPort
}";
}; };
}; };
}; };

18
configs/workhorse/grafana.nix
View file

@ -1,13 +1,14 @@
{ config, ... }: { config, ... }: {
{
services.nginx = { services.nginx = {
enable = true; enable = true;
statusPage = true; statusPage = true;
virtualHosts = { virtualHosts = {
"grafana.${config.networking.hostName}.private" = { "grafana.${config.networking.hostName}.private" = {
serverAliases = []; serverAliases = [ ];
locations."/" = { locations."/" = {
proxyPass = "http://${config.networking.hostName}.private:${toString config.services.grafana.port}"; proxyPass = "http://${config.networking.hostName}.private:${
toString config.services.grafana.port
}";
}; };
}; };
}; };
@ -16,7 +17,8 @@
services.grafana = { services.grafana = {
enable = true; enable = true;
port = 5656; port = 5656;
addr = config.module.cluster.services.tinc."private".hosts."${config.networking.hostName}".tincIp; addr =
config.module.cluster.services.tinc."private".hosts."${config.networking.hostName}".tincIp;
auth.anonymous = { auth.anonymous = {
enable = true; enable = true;
org_role = "Editor"; org_role = "Editor";
@ -24,14 +26,12 @@
}; };
provision = { provision = {
enable = true; enable = true;
datasources = [ datasources = [{
{
type = "prometheus"; type = "prometheus";
isDefault = true; isDefault = true;
name = "Prometheus Workhorse"; name = "Prometheus Workhorse";
url = "http://workhorse.private:9090"; url = "http://workhorse.private:9090";
} }];
];
}; };
}; };

19
configs/workhorse/graylog.nix
View file

@ -1,8 +1,6 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let let port = 9000;
port = 9000; in {
in
{
# configure nginx # configure nginx
services.nginx = { services.nginx = {
enable = true; enable = true;
@ -16,7 +14,9 @@ in
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 90; proxy_read_timeout 90;
proxy_redirect http://localhost:${toString port} https://graylog.workhorse.private/; proxy_redirect http://localhost:${
toString port
} https://graylog.workhorse.private/;
''; '';
}; };
}; };
@ -27,7 +27,8 @@ in
services.mongodb.enable = true; services.mongodb.enable = true;
services.graylog.enable = true; services.graylog.enable = true;
services.graylog.elasticsearchHosts = [ "http://${config.services.elasticsearch.listenAddress}:9200" ]; services.graylog.elasticsearchHosts =
[ "http://${config.services.elasticsearch.listenAddress}:9200" ];
# https://docs.graylog.org/en/3.0/pages/configuration/server.conf.html # https://docs.graylog.org/en/3.0/pages/configuration/server.conf.html
services.graylog.extraConfig = '' services.graylog.extraConfig = ''
@ -39,10 +40,12 @@ in
services.graylog.nodeIdFile = "/var/lib/graylog/node-id"; services.graylog.nodeIdFile = "/var/lib/graylog/node-id";
# pwgen -N 1 -s 96 # pwgen -N 1 -s 96
services.graylog.passwordSecret = lib.fileContents <secrets/graylog/password-secret>; services.graylog.passwordSecret =
lib.fileContents <secrets/graylog/password-secret>;
# echo -n yourpassword | shasum -a 256 # echo -n yourpassword | shasum -a 256
services.graylog.rootPasswordSha2 = lib.fileContents <secrets/graylog/root-password-hash>; services.graylog.rootPasswordSha2 =
lib.fileContents <secrets/graylog/root-password-hash>;
environment.etc."graylog/server/GeoLite2-City.mmdb" = { environment.etc."graylog/server/GeoLite2-City.mmdb" = {
enable = true; enable = true;

24
configs/workhorse/hardware-configuration.nix
View file

@ -1,9 +1,7 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let let mainUserHome = "/home/palo";
mainUserHome = "/home/palo"; in {
in
{
# grub configuration # grub configuration
# ------------------ # ------------------
@ -15,19 +13,15 @@ in
# lvm volume group # lvm volume group
# ---------------- # ----------------
boot.initrd.luks.devices = [ boot.initrd.luks.devices = [{
{
name = "vg"; name = "vg";
device = "/dev/sda2"; device = "/dev/sda2";
preLVM = true; preLVM = true;
} }];
];
# NTFS support # NTFS support
# ------------ # ------------
environment.systemPackages = [ environment.systemPackages = [ pkgs.ntfs3g ];
pkgs.ntfs3g
];
# root # root
# ---- # ----
@ -83,16 +77,14 @@ in
#"x-systemd.device-timeout=1ms" #"x-systemd.device-timeout=1ms"
]; ];
}; };
systemd.mounts = [ systemd.mounts = [{
{
enable = true; enable = true;
options = "nofail,noauto"; options = "nofail,noauto";
type = "ext4"; type = "ext4";
wantedBy = ["multi-user.target"]; wantedBy = [ "multi-user.target" ];
what = "/dev/disk/by-uuid/f7fa1c0e-ac9f-4955-b4bd-644c1ddb0d89"; what = "/dev/disk/by-uuid/f7fa1c0e-ac9f-4955-b4bd-644c1ddb0d89";
where = "/media"; where = "/media";
} }];
];
} }

187
configs/workhorse/jenkins.nix
View file

@ -18,7 +18,8 @@ in {
virtualHosts = { virtualHosts = {
"jenkins.${config.networking.hostName}.private" = { "jenkins.${config.networking.hostName}.private" = {
locations."/" = { locations."/" = {
proxyPass = "http://localhost:${toString config.services.jenkins.port}"; proxyPass =
"http://localhost:${toString config.services.jenkins.port}";
extraConfig = '' extraConfig = ''
proxy_set_header Host $host:$server_port; proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
@ -26,7 +27,9 @@ in {
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 90; proxy_read_timeout 90;
proxy_redirect http://localhost:${toString config.services.jenkins.port} https://jenkins.${config.networking.hostName}.private/; proxy_redirect http://localhost:${
toString config.services.jenkins.port
} https://jenkins.${config.networking.hostName}.private/;
''; '';
}; };
}; };
@ -56,8 +59,7 @@ in {
accessUser = "admin"; accessUser = "admin";
# https://docs.openstack.org/infra/jenkins-job-builder/definition.html#modules # https://docs.openstack.org/infra/jenkins-job-builder/definition.html#modules
nixJobs = nixJobs = let
let
# ssh username + key # ssh username + key
gogs-id = "bc584c99-0fb7-43fb-af75-4076d64c51b2"; gogs-id = "bc584c99-0fb7-43fb-af75-4076d64c51b2";
# ssh username + key # ssh username + key
@ -65,131 +67,126 @@ in {
# ssh username + key # ssh username + key
sshSputnik = "d91eb57c-5bff-434c-b317-68aad46848d7"; sshSputnik = "d91eb57c-5bff-434c-b317-68aad46848d7";
sync-to-github = sync-to-github = name: source: target:
name: source: target: sync-repo name {
sync-repo name
{
url = source; url = source;
credentialsId = gogs-id; credentialsId = gogs-id;
} } {
{
url = target; url = target;
credentialsId = github-id; credentialsId = github-id;
}; };
in [ in [
(job "deploy-gaykraft" {
(job "deploy-gaykraft" url = "ssh://gogs@workhorse.private:2222/palo/gaykraft.git";
{ url = "ssh://gogs@workhorse.private:2222/palo/gaykraft.git"; credentialsId = gogs-id;
credentialsId = gogs-id; } } [
[ { "build" = [ "nix-shell --run build" ]; }
{ "build" = [
"nix-shell --run build"
];
}
{ "publish" = [
{ {
"publish" = [{
script = "nix-shell --run publish"; script = "nix-shell --run publish";
credentialsId = sshSputnik; credentialsId = sshSputnik;
}];
} }
];
}
]
)
(job "deploy-techblock"
{ url = "ssh://gogs@workhorse.private:2222/palo/tech.ingolf-wagner.de.git";
credentialsId = gogs-id; }
[
{ "build" = ["nix-shell --run build"];}
{ "publish" = [
{
script = "nix-shell --run publish";
credentialsId = sshSputnik;
}
];}
]) ])
(job "deploy-terranix" (job "deploy-techblock" {
{ url = "ssh://gogs@workhorse.private:2222/terranix/terranix.org.git"; url =
credentialsId = gogs-id; } "ssh://gogs@workhorse.private:2222/palo/tech.ingolf-wagner.de.git";
[ credentialsId = gogs-id;
{ "build" = ["nix-shell --run build"];} } [
{ "publish" = [ { "build" = [ "nix-shell --run build" ]; }
{ {
"publish" = [{
script = "nix-shell --run publish"; script = "nix-shell --run publish";
credentialsId = sshSputnik; credentialsId = sshSputnik;
}];
} }
];}
]) ])
(job "sync-retiolum" (job "deploy-terranix" {
{ url = "git@github.com:krebs/retiolum.git"; url = "ssh://gogs@workhorse.private:2222/terranix/terranix.org.git";
credentialsId = gogs-id;
} [
{ "build" = [ "nix-shell --run build" ]; }
{
"publish" = [{
script = "nix-shell --run publish";
credentialsId = sshSputnik;
}];
}
])
(job "sync-retiolum" {
url = "git@github.com:krebs/retiolum.git";
credentialsId = github-id; credentialsId = github-id;
triggers = [ { timed = "H/30 * * * *"; } ];} triggers = [{ timed = "H/30 * * * *"; }];
[ } [
{ "Download Files" = [ {
''chmod 755 hosts'' "Download Files" = [
''chmod 755 -R hosts'' "chmod 755 hosts"
''nix-shell -p curl -p gnutar -p bzip2 --run "curl https://lassul.us/retiolum-hosts.tar.bz2 | tar xvjf - || true"'' "chmod 755 -R hosts"
''chmod 755 -R etc.hosts'' ''
''nix-shell -p curl --run "curl https://lassul.us/retiolum.hosts > etc.hosts || true"'' nix-shell -p curl -p gnutar -p bzip2 --run "curl https://lassul.us/retiolum-hosts.tar.bz2 | tar xvjf - || true"''
];} "chmod 755 -R etc.hosts"
{ "update repo" = [ ''
nix-shell -p curl --run "curl https://lassul.us/retiolum.hosts > etc.hosts || true"''
];
}
{
"update repo" = [
''nix-shell -p git --run "git add ."'' ''nix-shell -p git --run "git add ."''
''nix-shell -p git --run "git -c user.name=\'Ingolf Wagner\' -c user.email=\'contact@ingolf-wagner.de\' commit -m update-`date +%Y-%m-%dT%H:%M:%S` || exit 0"'' ''
];} nix-shell -p git --run "git -c user.name=\'Ingolf Wagner\' -c user.email=\'contact@ingolf-wagner.de\' commit -m update-`date +%Y-%m-%dT%H:%M:%S` || exit 0"''
{ Push = [ ];
{ script = ''nix-shell -p git --run "git push origin master"''; }
credentialsId = github-id; } {
];} Push = [{
]) script = ''nix-shell -p git --run "git push origin master"'';
(job "test-terranix"
{ url = "ssh://gogs@workhorse.private:2222/terranix/terranix.git";
credentialsId = github-id; credentialsId = github-id;
branch = "develop";} }];
[ }
{ "run Tests" = [
''nix-shell tests/shell.nix --run "test-terranix"''
];}
]) ])
(job "test-taskninja" (job "test-terranix" {
{ url = "ssh://gogs@workhorse.private:2222/palo/taskninja.git"; url = "ssh://gogs@workhorse.private:2222/terranix/terranix.git";
credentialsId = gogs-id; } credentialsId = github-id;
[ branch = "develop";
{ "Create Shell" = [ } [{
''nix-shell -p cabal2nix --run "cabal2nix --shell file://. > jenkins.nix"'' "run Tests" = [ ''nix-shell tests/shell.nix --run "test-terranix"'' ];
];} }])
{ Update = [
''nix-shell ./jenkins.nix --run "cabal update"'' (job "test-taskninja" {
];} url = "ssh://gogs@workhorse.private:2222/palo/taskninja.git";
{ Configure = [ credentialsId = gogs-id;
} [
{
"Create Shell" = [
''
nix-shell -p cabal2nix --run "cabal2nix --shell file://. > jenkins.nix"''
];
}
{ Update = [ ''nix-shell ./jenkins.nix --run "cabal update"'' ]; }
{
Configure = [
''nix-shell ./jenkins.nix --run "cabal configure --enable-tests"'' ''nix-shell ./jenkins.nix --run "cabal configure --enable-tests"''
''nix-shell ./jenkins.nix --run "cabal install --only-dependencies"'' ''
];} nix-shell ./jenkins.nix --run "cabal install --only-dependencies"''
{ Build = [ ];
''nix-shell ./jenkins.nix --run "cabal build"'' }
];} { Build = [ ''nix-shell ./jenkins.nix --run "cabal build"'' ]; }
{ Test = [ { Test = [ ''nix-shell ./jenkins.nix --run "cabal test"'' ]; }
''nix-shell ./jenkins.nix --run "cabal test"''
];}
]) ])
# sync to me # sync to me
# ---------- # ----------
(sync-to-github "sync-nixwriters" (sync-to-github "sync-nixwriters" "https://cgit.krebsco.de/nix-writers/"
"https://cgit.krebsco.de/nix-writers/"
"ssh://gogs@workhorse.private:2222/krebs/nix-writers.git") "ssh://gogs@workhorse.private:2222/krebs/nix-writers.git")
(sync-to-github "sync-krops" (sync-to-github "sync-krops" "https://cgit.krebsco.de/krops/"
"https://cgit.krebsco.de/krops/"
"ssh://gogs@workhorse.private:2222/krebs/krops.git") "ssh://gogs@workhorse.private:2222/krebs/krops.git")
# sync to github # sync to github
# -------------- # --------------
(sync-to-github "sync-radiodj" (sync-to-github "sync-radiodj"

9
configs/workhorse/kibana.nix
View file

@ -1,13 +1,14 @@
{ config, ... }: { config, ... }: {
{
services.nginx = { services.nginx = {
enable = true; enable = true;
statusPage = true; statusPage = true;
virtualHosts = { virtualHosts = {
"kibana.${config.networking.hostName}.private" = { "kibana.${config.networking.hostName}.private" = {
serverAliases = []; serverAliases = [ ];
locations."/" = { locations."/" = {
proxyPass = "http://${config.networking.hostName}.private:${toString config.services.kibana.port}"; proxyPass = "http://${config.networking.hostName}.private:${
toString config.services.kibana.port
}";
}; };
}; };
}; };

15
configs/workhorse/lektor-gaykraft.nix
View file

@ -14,9 +14,10 @@ in {
statusPage = true; statusPage = true;
virtualHosts = { virtualHosts = {
"${containerName}.${config.networking.hostName}.private" = { "${containerName}.${config.networking.hostName}.private" = {
serverAliases = []; serverAliases = [ ];
locations."/" = { locations."/" = {
proxyPass = "http://${config.networking.hostName}.private:${toString port}"; proxyPass =
"http://${config.networking.hostName}.private:${toString port}";
}; };
}; };
}; };
@ -32,9 +33,7 @@ in {
}; };
autoStart = true; autoStart = true;
config = config = { config, pkgs, ... }: {
{ config, pkgs, ... }:
{
imports = [ <system/all> ]; imports = [ <system/all> ];
services.lektor = { services.lektor = {
enable = true; enable = true;
@ -42,13 +41,15 @@ in {
sshKey = sshKey; sshKey = sshKey;
repository = repository; repository = repository;
port = port; port = port;
additionalScript = pkgs.writeScript "build" "${pkgs.nix}/bin/nix-shell --run build"; additionalScript =
pkgs.writeScript "build" "${pkgs.nix}/bin/nix-shell --run build";
}; };
}; };
}; };
# it might take some time will this thing is up # it might take some time will this thing is up
systemd.services."container@${containerName}".serviceConfig.TimeoutStartSec = lib.mkForce "infinity"; systemd.services."container@${containerName}".serviceConfig.TimeoutStartSec =
lib.mkForce "infinity";
} }

18
configs/workhorse/lektor-techblog.nix
View file

@ -4,7 +4,8 @@ let
containerName = "techblog"; containerName = "techblog";
port = 5002; port = 5002;
repository = "ssh://gogs@git.ingolf-wagner.de:443/palo/tech.ingolf-wagner.de.git"; repository =
"ssh://gogs@git.ingolf-wagner.de:443/palo/tech.ingolf-wagner.de.git";
sshKey = toString <secrets/lektor/techblog>; sshKey = toString <secrets/lektor/techblog>;
in { in {
@ -14,9 +15,10 @@ in {
statusPage = true; statusPage = true;
virtualHosts = { virtualHosts = {
"${containerName}.${config.networking.hostName}.private" = { "${containerName}.${config.networking.hostName}.private" = {
serverAliases = []; serverAliases = [ ];
locations."/" = { locations."/" = {
proxyPass = "http://${config.networking.hostName}.private:${toString port}"; proxyPass =
"http://${config.networking.hostName}.private:${toString port}";
}; };
}; };
}; };
@ -32,9 +34,7 @@ in {
}; };
autoStart = true; autoStart = true;
config = config = { config, pkgs, ... }: {
{ config, pkgs, ... }:
{
imports = [ <system/all> ]; imports = [ <system/all> ];
services.lektor = { services.lektor = {
enable = true; enable = true;
@ -42,13 +42,15 @@ in {
sshKey = sshKey; sshKey = sshKey;
repository = repository; repository = repository;
port = port; port = port;
additionalScript = pkgs.writeScript "build" "${pkgs.nix}/bin/nix-shell --run build"; additionalScript =
pkgs.writeScript "build" "${pkgs.nix}/bin/nix-shell --run build";
}; };
}; };
}; };
# it might take some time will this thing is up # it might take some time will this thing is up
systemd.services."container@${containerName}".serviceConfig.TimeoutStartSec = lib.mkForce "infinity"; systemd.services."container@${containerName}".serviceConfig.TimeoutStartSec =
lib.mkForce "infinity";
} }

15
configs/workhorse/lektor-terranix.nix
View file

@ -14,9 +14,10 @@ in {
statusPage = true; statusPage = true;
virtualHosts = { virtualHosts = {
"${containerName}.${config.networking.hostName}.private" = { "${containerName}.${config.networking.hostName}.private" = {
serverAliases = []; serverAliases = [ ];
locations."/" = { locations."/" = {
proxyPass = "http://${config.networking.hostName}.private:${toString port}"; proxyPass =
"http://${config.networking.hostName}.private:${toString port}";
}; };
}; };
}; };
@ -32,9 +33,7 @@ in {
}; };
autoStart = true; autoStart = true;
config = config = { config, pkgs, ... }: {
{ config, pkgs, ... }:
{
imports = [ <system/all> ]; imports = [ <system/all> ];
services.lektor = { services.lektor = {
enable = true; enable = true;
@ -42,13 +41,15 @@ in {
sshKey = sshKey; sshKey = sshKey;
repository = repository; repository = repository;
port = port; port = port;
additionalScript = pkgs.writeScript "build" "${pkgs.nix}/bin/nix-shell --run build"; additionalScript =
pkgs.writeScript "build" "${pkgs.nix}/bin/nix-shell --run build";
}; };
}; };
}; };
# it might take some time will this thing is up # it might take some time will this thing is up
systemd.services."container@${containerName}".serviceConfig.TimeoutStartSec = lib.mkForce "infinity"; systemd.services."container@${containerName}".serviceConfig.TimeoutStartSec =
lib.mkForce "infinity";
} }

464
configs/workhorse/mail-fetcher.nix
View file

@ -1,51 +1,50 @@
# fetches mails for me # fetches mails for me
{ lib, pkgs, config, ... }: { lib, pkgs, config, ... }: {
{
users.users.mailUser = { users.users.mailUser = {
isNormalUser = true; isNormalUser = true;
description = "collects mails for me"; description = "collects mails for me";
hashedPassword = "!"; hashedPassword = "!";
name = "mailfetcher"; name = "mailfetcher";
openssh.authorizedKeys.keyFiles = config.users.users.root.openssh.authorizedKeys.keyFiles; openssh.authorizedKeys.keyFiles =
config.users.users.root.openssh.authorizedKeys.keyFiles;
}; };
# configure passwords # configure passwords
krops.userKeys = { krops.userKeys = {
"gmail.palipalo9" = { "gmail.palipalo9" = {
user = config.users.users.mailUser.name; user = config.users.users.mailUser.name;
source = toString <secrets/mail/gmail/palipalo9>; source = toString <secrets/mail/gmail/palipalo9>;
requiredBy = ["fetchmail.service"]; requiredBy = [ "fetchmail.service" ];
}; };
"gmx.palo_van_dalo" = { "gmx.palo_van_dalo" = {
user = config.users.users.mailUser.name; user = config.users.users.mailUser.name;
source = toString <secrets/mail/gmx/palo_van_dalo>; source = toString <secrets/mail/gmx/palo_van_dalo>;
requiredBy = ["fetchmail.service"]; requiredBy = [ "fetchmail.service" ];
}; };
"gmx.ingolf_wagner" = { "gmx.ingolf_wagner" = {
user = config.users.users.mailUser.name; user = config.users.users.mailUser.name;
source = toString <secrets/mail/gmx/ingolf.wagner>; source = toString <secrets/mail/gmx/ingolf.wagner>;
requiredBy = ["fetchmail.service"]; requiredBy = [ "fetchmail.service" ];
}; };
"web.pali_palo" = { "web.pali_palo" = {
user = config.users.users.mailUser.name; user = config.users.users.mailUser.name;
source = toString <secrets/mail/web.de/pali_palo>; source = toString <secrets/mail/web.de/pali_palo>;
requiredBy = ["fetchmail.service"]; requiredBy = [ "fetchmail.service" ];
}; };
"siteground.contact" = { "siteground.contact" = {
user = config.users.users.mailUser.name; user = config.users.users.mailUser.name;
source = toString <secrets/mail/siteground/contact>; source = toString <secrets/mail/siteground/contact>;
requiredBy = ["fetchmail.service"]; requiredBy = [ "fetchmail.service" ];
}; };
"gaykraft.root" = { "gaykraft.root" = {
user = config.users.users.mailUser.name; user = config.users.users.mailUser.name;
source = toString <secrets/mail/gaykraft/root>; source = toString <secrets/mail/gaykraft/root>;
requiredBy = ["fetchmail.service"]; requiredBy = [ "fetchmail.service" ];
}; };
"c-base.palo" = { "c-base.palo" = {
user = config.users.users.mailUser.name; user = config.users.users.mailUser.name;
source = toString <secrets/mail/c-base/palo>; source = toString <secrets/mail/c-base/palo>;
requiredBy = ["fetchmail.service"]; requiredBy = [ "fetchmail.service" ];
}; };
}; };
@ -60,7 +59,8 @@
aliases = [ ]; aliases = [ ];
realName = "Ingolf Wagner"; realName = "Ingolf Wagner";
userName = "palo_van_dalo@gmx.de"; userName = "palo_van_dalo@gmx.de";
passwordCommand = "cat ${toString config.krops.userKeys."gmx.palo_van_dalo".target}"; passwordCommand =
"cat ${toString config.krops.userKeys."gmx.palo_van_dalo".target}";
imap = { imap = {
host = "imap.gmx.net"; host = "imap.gmx.net";
port = 993; port = 993;
@ -77,7 +77,8 @@
aliases = [ ]; aliases = [ ];
realName = "Ingolf Wagner"; realName = "Ingolf Wagner";
userName = "ingolf.wagner@gmx.de"; userName = "ingolf.wagner@gmx.de";
passwordCommand = "cat ${toString config.krops.userKeys."gmx.ingolf_wagner".target}"; passwordCommand =
"cat ${toString config.krops.userKeys."gmx.ingolf_wagner".target}";
imap = { imap = {
host = "imap.gmx.net"; host = "imap.gmx.net";
@ -136,7 +137,8 @@
aliases = [ ]; aliases = [ ];
realName = "Ingolf Wagner"; realName = "Ingolf Wagner";
userName = "pali_palo@web.de"; userName = "pali_palo@web.de";
passwordCommand = "cat ${toString config.krops.userKeys."web.pali_palo".target}"; passwordCommand =
"cat ${toString config.krops.userKeys."web.pali_palo".target}";
imap = { imap = {
host = "imap.web.de"; host = "imap.web.de";
port = 993; port = 993;
@ -153,13 +155,13 @@
aliases = [ ]; aliases = [ ];
realName = "Ingolf Wagner"; realName = "Ingolf Wagner";
userName = "palo"; userName = "palo";
passwordCommand = "cat ${toString config.krops.userKeys."c-base.palo".target}"; passwordCommand =
"cat ${toString config.krops.userKeys."c-base.palo".target}";
imap = { imap = {
host = "c-mail.c-base.org"; host = "c-mail.c-base.org";
port = 993; port = 993;
# fetched using : nix-shell -p openssl --run "openssl s_client -connect c-mail.c-base.org:993 -showcerts" # fetched using : nix-shell -p openssl --run "openssl s_client -connect c-mail.c-base.org:993 -showcerts"
tls.certificatesFile = tls.certificatesFile = pkgs.writeText "c-base.pem" ''
pkgs.writeText "c-base.pem" ''
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIFKDCCAxCgAwIBAgIDAtwrMA0GCSqGSIb3DQEBDQUAMFQxFDASBgNVBAoTC0NB MIIFKDCCAxCgAwIBAgIDAtwrMA0GCSqGSIb3DQEBDQUAMFQxFDASBgNVBAoTC0NB
Y2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5vcmcxHDAaBgNV Y2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5vcmcxHDAaBgNV
@ -204,7 +206,8 @@
aliases = [ ]; aliases = [ ];
realName = "Ingolf Wagner"; realName = "Ingolf Wagner";
userName = "palipalo9@googlemail.com"; userName = "palipalo9@googlemail.com";
passwordCommand = "cat ${toString config.krops.userKeys."gmail.palipalo9".target}"; passwordCommand =
"cat ${toString config.krops.userKeys."gmail.palipalo9".target}";
imap = { imap = {
host = "imap.gmail.com"; host = "imap.gmail.com";
port = 993; port = 993;
@ -221,7 +224,8 @@
aliases = [ ]; aliases = [ ];
realName = "Ingolf Wagner"; realName = "Ingolf Wagner";
userName = "contact@ingolf-wagner.de"; userName = "contact@ingolf-wagner.de";
passwordCommand = "cat ${toString config.krops.userKeys."siteground.contact".target}"; passwordCommand =
"cat ${toString config.krops.userKeys."siteground.contact".target}";
imap = { imap = {
host = "securees5.sgcpanel.com"; host = "securees5.sgcpanel.com";
port = 143; port = 143;
@ -261,15 +265,13 @@
}; };
}; };
# configure mbsync # configure mbsync
home-manager.users.mailUser.programs.mbsync.enable = true; home-manager.users.mailUser.programs.mbsync.enable = true;
systemd.services.fetchmail = { systemd.services.fetchmail = {
enable = true; enable = true;
serviceConfig = { serviceConfig = { User = config.users.users.mailUser.name; };
User = config.users.users.mailUser.name; environment.NOTMUCH_CONFIG =
}; "${config.users.users.mailUser.home}/.config/notmuch/notmuchrc";
environment.NOTMUCH_CONFIG = "${config.users.users.mailUser.home}/.config/notmuch/notmuchrc";
script = '' script = ''
echo "run mbsync" echo "run mbsync"
${pkgs.isync}/bin/mbsync \ ${pkgs.isync}/bin/mbsync \
@ -290,7 +292,7 @@
enable = true; enable = true;
# timerConfig.OnCalendar = " *-*-* *:00:00"; # timerConfig.OnCalendar = " *-*-* *:00:00";
timerConfig.OnCalendar = "*:0/10"; timerConfig.OnCalendar = "*:0/10";
wantedBy = ["multi-user.target"]; wantedBy = [ "multi-user.target" ];
}; };
# configure notmuch # configure notmuch
@ -306,9 +308,11 @@
# a few config # a few config
home-manager.users.mailUser.programs.afew = { home-manager.users.mailUser.programs.afew = {
enable = true; enable = true;
extraConfig = with lib; let extraConfig = with lib;
let
template = index: { tags, query, message ? "generic", ... }: '' template = index:
{ tags, query, message ? "generic", ... }: ''
[Filter.${toString index}] [Filter.${toString index}]
query = ${query} query = ${query}
tags = ${concatStringsSep ";" tags} tags = ${concatStringsSep ";" tags}
@ -317,99 +321,338 @@
filters = [ filters = [
{query = "from:linkedin.com"; tags = [ "+linked" "+jobs" ];}
{query = "from:computerfutures.com OR from:computerfutures.de"; tags = [ "+jobs" "-inbox" ];}
{query = "from:seek.com.au"; tags = [ "+jobs" ];}
{query = "from:xing.com"; tags = [ "+jobs" "-inbox" ];}
{query = "from:no-reply@backtrace.io"; tags = ["+sononym" "-inbox" "-unread"];}
{query = "from:ebay.com OR from:ebay.de OR from:ebay.net"; tags = [ "+ebay" "+shop" "+billing"];}
{query = "from:bahn.de"; tags = [ "+billing" "+bahn" ];}
{query = "from:fysitech.atlassian.net OR to:engiadina-pwa@noreply.github.com"; tags = [ "+mia" "+work" "-unread" "-inbox"];}
{query = "from:circleci.com OR (from:noreply@github.com AND to:audio-overlay@googlegroups.com)"; tags = [ "-inbox" "-unread" "+junk" ];}
{query = "from:getdigital.de"; tags = [ "-inbox" "-unread" "+junk" ];}
{query = "from:digitalo.de"; tags = [ "-inbox" "-unread" "+junk" ];}
{query = "from:puppet.com"; tags = [ "-inbox" "-unread" "+junk" ];}
{query = "from:mixcloudmail.com AND subject:Weekly Update"; tags = [ "-inbox" "-unread" "+junk" ];}
{query = "from:facebook.com OR from:facebookmail.com"; tags = [ "-inbox" "-unread" "+junk" ];}
{query = "from:getpocket.com"; tags = [ "-inbox" "-unread" "+junk" ];}
{query = "from:oknotify2.com"; tags = [ "+okcupid" ];}
{query = "from:oknotify2.com AND NOT subject:New message"; tags = [ "-inbox" "-unread" "+junk" ];}
{query = "from:paulaschoice.com"; tags = [ "-inbox" "-unread" "+junk" ];}
{query = "from:samplemagic.com OR from:wavealchemy.co.uk OR from:creators.gumroad.com"; tags = [ "-inbox" "-unread" "+junk" ];}
{query = "from:immobilienscout24.de"; tags = [ "-inbox" "-unread" "+junk" ];}
{query = "from:magix.net"; tags = [ "-inbox" "-unread" "+junk" ];}
{query = "from:booking.com"; tags = [ "-inbox" "-unread" "+junk" ];}
{query = "from:hackster.io"; tags = [ "-inbox" "-unread" "+junk" ];}
{query = "from:trade4less.de"; tags = [ "-inbox" "-unread" "+junk" ];}
{query = "from:taxback.de OR to:taxback.de"; tags = ["+steuer"] ;}
{query = "from:campact.de"; tags = ["+campact" "+politics"] ;}
{query = "from:menospese.com"; tags = ["+junk" "-unread" "-inbox"] ;}
{query = "from:aliexpress.com"; tags = ["+shop" "+aliexpress"] ;}
{query = "from:congstar.de"; tags = ["+billing" "+congstar" "-inbox" "-unread"] ;}
{query = "from:congstarnews.de"; tags = ["+congstar" "-inbox" "-unread" "+junk"] ;}
{query = "from:fitnessfirst.de"; tags = ["-inbox" "-unread" "+junk"] ;}
{query = "from:steampowered.com AND NOT ( subject:purchase OR subject:received )"; tags = ["-inbox" "-unread" ] ;}
{query = "from:steampowered.com AND ( subject:purchase OR subject:received )"; tags = ["+billing" "+steam" ] ;}
{query = "from:gog.com AND NOT subject:Bestellung"; tags = ["-inbox" "-unread" ] ;}
{query = "from:gog.com AND subject:Bestellung"; tags = ["+billing" "+gog" ] ;}
{query = "from:drive-now.com"; tags = ["+billing" "+drivenow" "-inbox" "-unread"] ;}
{query = "from:mindfactory.de"; tags = ["+shop" "+billing"] ;}
{query = "from:zalando.de"; tags = ["+shop" "+billing" "+zalando"] ;}
{query = "from:ing.de"; tags = ["+bank" "+ingdiba"] ;}
{query = "from:nab.com.au"; tags = ["+bank" "+nab" "-inbox" "-unread"] ;}
{query = "from:dkb.de"; tags = ["+bank" "+dkb"] ;}
{query = "from:o2online.de"; tags = ["+billing" "+o2"] ;}
{query = "from:betfair.com"; tags = ["+work" "+betfair"] ;}
{query = "from:ghostinspector.com"; tags = ["-unread" "-inbox" "+junk"] ;}
{query = "from:travis-ci.org AND subject:csv-to-qif"; tags = ["+development" "+csv-to-qif"] ;}
{query = "to:proaudio@lists.tuxfamily.org"; tags = ["-inbox" "-unread"] ;}
{query = "tag:lists AND from:nixos1@discoursemail.com"; tags = ["+nixos" "+discourse"] ;}
{query = "from:limebike.com AND (subject:Funds OR subject:Receipt)" ; tags = ["-inbox" "-unread" "+billing" "+limebike"] ;}
{query = "from:hetzner.com OR from:hetzner.de" ; tags = ["+hetzner"] ;}
{query = "from:freemusicarchive.org" ; tags = ["+FMA"] ;}
{query = "from:namecheap.com" ; tags = ["+namecheap" "+billing"] ;}
{query = "from:nintendo.com" ; tags = ["+nintendo" "+billing"] ;}
{query = "from:oculus.com AND subject:receipt" ; tags = ["+oculus" "+billing"] ;}
{query = "from:vstbuzz.com" ; tags = ["+junk" "-inbox" ] ;}
{query = "from:runtastic.com" ; tags = ["+junk" "-inbox" ] ;}
{query = "from:letterboxd.com" ; tags = ["+junk" "-inbox" ] ;}
{query = "from::microsoftstoreemail.com" ; tags = ["+junk" "-inbox" ] ;}
{query = "from:car2go.com" ; tags = ["-inbox" "-unread" ] ;}
{query = "from:sixt.de" ; tags = ["-inbox" "-unread" ] ;}
{query = "from:meetup.com" ; tags = ["-inbox" "-unread" "+meetup"] ;}
{query = "from:slack.com" ; tags = ["+slack"] ;}
{query = "from:keybase.io" ; tags = ["+keybase"] ;}
{query = "from:tumblr.com" ; tags = ["+junk" "-inbox" "-unread"];}
{query = "from:jobs2web.com" ; tags = ["+newzealand" "+jobs" "-inbox" ];}
{query = "from:mailings.gmx.net" ; tags = ["+junk" "-inbox" "-unread"];}
{query = "from:paypal.de AND subject:Bestätigung"; tags = ["-unread" "+paypal" "+billing"] ;}
{query = "to:c-base.org" ; tags = ["+cbase"] ;}
{query = "to:c-base.org AND subject=[auto-report]"; tags = ["-unread" "-inbox"] ;}
{query = "to:renoise@ingolf-wagner.de OR to:root@renoise.com OR from:renoise.com OR to:admin@renoise.com"; tags = ["+renoise"] ;}
{query = "from:amazon.de OR from:amazon.com AND NOT to:renoise.com"; tags = ["+shop" "+amazon" "+billing"];}
{ {
query = "to:renoise.com AND NOT ( from:renoise.com OR from:root OR from:hetzner.com OR from:hetzner.de OR from:amazon.com OR from:gmail.com )"; query = "from:linkedin.com";
tags = [ "+linked" "+jobs" ];
}
{
query = "from:computerfutures.com OR from:computerfutures.de";
tags = [ "+jobs" "-inbox" ];
}
{
query = "from:seek.com.au";
tags = [ "+jobs" ];
}
{
query = "from:xing.com";
tags = [ "+jobs" "-inbox" ];
}
{
query = "from:no-reply@backtrace.io";
tags = [ "+sononym" "-inbox" "-unread" ];
}
{
query = "from:ebay.com OR from:ebay.de OR from:ebay.net";
tags = [ "+ebay" "+shop" "+billing" ];
}
{
query = "from:bahn.de";
tags = [ "+billing" "+bahn" ];
}
{
query =
"from:fysitech.atlassian.net OR to:engiadina-pwa@noreply.github.com";
tags = [ "+mia" "+work" "-unread" "-inbox" ];
}
{
query =
"from:circleci.com OR (from:noreply@github.com AND to:audio-overlay@googlegroups.com)";
tags = [ "-inbox" "-unread" "+junk" ];
}
{
query = "from:getdigital.de";
tags = [ "-inbox" "-unread" "+junk" ];
}
{
query = "from:digitalo.de";
tags = [ "-inbox" "-unread" "+junk" ];
}
{
query = "from:puppet.com";
tags = [ "-inbox" "-unread" "+junk" ];
}
{
query = "from:mixcloudmail.com AND subject:Weekly Update";
tags = [ "-inbox" "-unread" "+junk" ];
}
{
query = "from:facebook.com OR from:facebookmail.com";
tags = [ "-inbox" "-unread" "+junk" ];
}
{
query = "from:getpocket.com";
tags = [ "-inbox" "-unread" "+junk" ];
}
{
query = "from:oknotify2.com";
tags = [ "+okcupid" ];
}
{
query = "from:oknotify2.com AND NOT subject:New message";
tags = [ "-inbox" "-unread" "+junk" ];
}
{
query = "from:paulaschoice.com";
tags = [ "-inbox" "-unread" "+junk" ];
}
{
query =
"from:samplemagic.com OR from:wavealchemy.co.uk OR from:creators.gumroad.com";
tags = [ "-inbox" "-unread" "+junk" ];
}
{
query = "from:immobilienscout24.de";
tags = [ "-inbox" "-unread" "+junk" ];
}
{
query = "from:magix.net";
tags = [ "-inbox" "-unread" "+junk" ];
}
{
query = "from:booking.com";
tags = [ "-inbox" "-unread" "+junk" ];
}
{
query = "from:hackster.io";
tags = [ "-inbox" "-unread" "+junk" ];
}
{
query = "from:trade4less.de";
tags = [ "-inbox" "-unread" "+junk" ];
}
{
query = "from:taxback.de OR to:taxback.de";
tags = [ "+steuer" ];
}
{
query = "from:campact.de";
tags = [ "+campact" "+politics" ];
}
{
query = "from:menospese.com";
tags = [ "+junk" "-unread" "-inbox" ];
}
{
query = "from:aliexpress.com";
tags = [ "+shop" "+aliexpress" ];
}
{
query = "from:congstar.de";
tags = [ "+billing" "+congstar" "-inbox" "-unread" ];
}
{
query = "from:congstarnews.de";
tags = [ "+congstar" "-inbox" "-unread" "+junk" ];
}
{
query = "from:fitnessfirst.de";
tags = [ "-inbox" "-unread" "+junk" ];
}
{
query =
"from:steampowered.com AND NOT ( subject:purchase OR subject:received )";
tags = [ "-inbox" "-unread" ];
}
{
query =
"from:steampowered.com AND ( subject:purchase OR subject:received )";
tags = [ "+billing" "+steam" ];
}
{
query = "from:gog.com AND NOT subject:Bestellung";
tags = [ "-inbox" "-unread" ];
}
{
query = "from:gog.com AND subject:Bestellung";
tags = [ "+billing" "+gog" ];
}
{
query = "from:drive-now.com";
tags = [ "+billing" "+drivenow" "-inbox" "-unread" ];
}
{
query = "from:mindfactory.de";
tags = [ "+shop" "+billing" ];
}
{
query = "from:zalando.de";
tags = [ "+shop" "+billing" "+zalando" ];
}
{
query = "from:ing.de";
tags = [ "+bank" "+ingdiba" ];
}
{
query = "from:nab.com.au";
tags = [ "+bank" "+nab" "-inbox" "-unread" ];
}
{
query = "from:dkb.de";
tags = [ "+bank" "+dkb" ];
}
{
query = "from:o2online.de";
tags = [ "+billing" "+o2" ];
}
{
query = "from:betfair.com";
tags = [ "+work" "+betfair" ];
}
{
query = "from:ghostinspector.com";
tags = [ "-unread" "-inbox" "+junk" ];
}
{
query = "from:travis-ci.org AND subject:csv-to-qif";
tags = [ "+development" "+csv-to-qif" ];
}
{
query = "to:proaudio@lists.tuxfamily.org";
tags = [ "-inbox" "-unread" ];
}
{
query = "tag:lists AND from:nixos1@discoursemail.com";
tags = [ "+nixos" "+discourse" ];
}
{
query = "from:limebike.com AND (subject:Funds OR subject:Receipt)";
tags = [ "-inbox" "-unread" "+billing" "+limebike" ];
}
{
query = "from:hetzner.com OR from:hetzner.de";
tags = [ "+hetzner" ];
}
{
query = "from:freemusicarchive.org";
tags = [ "+FMA" ];
}
{
query = "from:namecheap.com";
tags = [ "+namecheap" "+billing" ];
}
{
query = "from:nintendo.com";
tags = [ "+nintendo" "+billing" ];
}
{
query = "from:oculus.com AND subject:receipt";
tags = [ "+oculus" "+billing" ];
}
{
query = "from:vstbuzz.com";
tags = [ "+junk" "-inbox" ];
}
{
query = "from:runtastic.com";
tags = [ "+junk" "-inbox" ];
}
{
query = "from:letterboxd.com";
tags = [ "+junk" "-inbox" ];
}
{
query = "from::microsoftstoreemail.com";
tags = [ "+junk" "-inbox" ];
}
{
query = "from:car2go.com";
tags = [ "-inbox" "-unread" ];
}
{
query = "from:sixt.de";
tags = [ "-inbox" "-unread" ];
}
{
query = "from:meetup.com";
tags = [ "-inbox" "-unread" "+meetup" ];
}
{
query = "from:slack.com";
tags = [ "+slack" ];
}
{
query = "from:keybase.io";
tags = [ "+keybase" ];
}
{
query = "from:tumblr.com";
tags = [ "+junk" "-inbox" "-unread" ];
}
{
query = "from:jobs2web.com";
tags = [ "+newzealand" "+jobs" "-inbox" ];
}
{
query = "from:mailings.gmx.net";
tags = [ "+junk" "-inbox" "-unread" ];
}
{
query = "from:paypal.de AND subject:Bestätigung";
tags = [ "-unread" "+paypal" "+billing" ];
}
{
query = "to:c-base.org";
tags = [ "+cbase" ];
}
{
query = "to:c-base.org AND subject=[auto-report]";
tags = [ "-unread" "-inbox" ];
}
{
query =
"to:renoise@ingolf-wagner.de OR to:root@renoise.com OR from:renoise.com OR to:admin@renoise.com";
tags = [ "+renoise" ];
}
{
query = "from:amazon.de OR from:amazon.com AND NOT to:renoise.com";
tags = [ "+shop" "+amazon" "+billing" ];
}
{
query =
"to:renoise.com AND NOT ( from:renoise.com OR from:root OR from:hetzner.com OR from:hetzner.de OR from:amazon.com OR from:gmail.com )";
tags = [ "-inbox" "-unread" "+junk" "+renoise" ]; tags = [ "-inbox" "-unread" "+junk" "+renoise" ];
} }
# final rules to make imap sync stuff easier # final rules to make imap sync stuff easier
# there can only be one output folder tag, and theses rules are prioritized # there can only be one output folder tag, and theses rules are prioritized
{ query = "tag:fraud" ; tags = ["-inbox" "-archive" "-junk" "-unread" ]; message = "clean up tag fraud";} {
{ query = "tag:junk" ; tags = ["-inbox" "-archive" "-fraud" "-unread" ]; message = "clean up tag junk";} query = "tag:fraud";
{ query = "tag:archive" ; tags = ["-inbox" "-junk" "-fraud" "-unread" ]; message = "clean up tag archive";} tags = [ "-inbox" "-archive" "-junk" "-unread" ];
{ query = "tag:inbox" ; tags = ["-archive" "-junk" "-fraud"]; message = "clean up inbox";} message = "clean up tag fraud";
{ query = "tag:killed"; tags = ["-inbox" "-unread"]; message = "clean up tag killed" ;} }
{
query = "tag:junk";
tags = [ "-inbox" "-archive" "-fraud" "-unread" ];
message = "clean up tag junk";
}
{
query = "tag:archive";
tags = [ "-inbox" "-junk" "-fraud" "-unread" ];
message = "clean up tag archive";
}
{
query = "tag:inbox";
tags = [ "-archive" "-junk" "-fraud" ];
message = "clean up inbox";
}
{
query = "tag:killed";
tags = [ "-inbox" "-unread" ];
message = "clean up tag killed";
}
# remove new tag at the end # remove new tag at the end
{ query = "tag:new"; tags = ["-new"]; message = "remove new tag at the end" ;} {
query = "tag:new";
tags = [ "-new" ];
message = "remove new tag at the end";
}
]; ];
in in ''
''
# Tag mails which are mailing lists # Tag mails which are mailing lists
[ListMailsFilter] [ListMailsFilter]
@ -421,7 +664,4 @@
''; '';
}; };
} }

8
configs/workhorse/packages.nix
View file

@ -1,7 +1,3 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
let let unstable = import <nixpkgs-unstable> { };
unstable = import <nixpkgs-unstable> {}; in { environment.systemPackages = with pkgs; [ ]; }
in {
environment.systemPackages = with pkgs ; [
];
}

35
configs/workhorse/prometheus.nix
View file

@ -1,14 +1,11 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }: {
{
services.nginx = { services.nginx = {
enable = true; enable = true;
statusPage = true; statusPage = true;
virtualHosts = { virtualHosts = {
"prometheus.workhorse.private" = { "prometheus.workhorse.private" = {
locations."/" = { locations."/" = { proxyPass = "http://workhorse.private:9090"; };
proxyPass = "http://workhorse.private:9090";
};
}; };
}; };
}; };
@ -21,21 +18,21 @@
scrape_interval = "8s"; scrape_interval = "8s";
static_configs = [ static_configs = [
{ {
targets = ["sputnik.private:9113"]; targets = [ "sputnik.private:9113" ];
labels = { labels = {
service = "nginx"; service = "nginx";
server = "sputnik"; server = "sputnik";
}; };
} }
{ {
targets = ["sputnik.private:9113"]; targets = [ "sputnik.private:9113" ];
labels = { labels = {
service = "nginx"; service = "nginx";
server = "sputnik"; server = "sputnik";
}; };
} }
{ {
targets = ["workhorse.private:9113"]; targets = [ "workhorse.private:9113" ];
labels = { labels = {
service = "nginx"; service = "nginx";
server = "sputnik"; server = "sputnik";
@ -50,21 +47,21 @@
scrape_interval = "5s"; scrape_interval = "5s";
static_configs = [ static_configs = [
{ {
targets = ["porani.private:19999"]; targets = [ "porani.private:19999" ];
labels = { labels = {
service = "netdata"; service = "netdata";
server = "porani"; server = "porani";
}; };
} }
{ {
targets = ["sputnik.private:19999"]; targets = [ "sputnik.private:19999" ];
labels = { labels = {
service = "netdata"; service = "netdata";
server = "sputnik"; server = "sputnik";
}; };
} }
{ {
targets = ["workhorse.private:19999"]; targets = [ "workhorse.private:19999" ];
labels = { labels = {
service = "netdata"; service = "netdata";
server = "workhorse"; server = "workhorse";
@ -77,30 +74,26 @@
metrics_path = "/-/metrics"; metrics_path = "/-/metrics";
params.format = [ "prometheus" ]; params.format = [ "prometheus" ];
scrape_interval = "10s"; scrape_interval = "10s";
static_configs = [ static_configs = [{
{ targets = [ "workhorse.private:3000" ];
targets = ["workhorse.private:3000"];
labels = { labels = {
service = "gogs"; service = "gogs";
server = "kruck"; server = "kruck";
}; };
} }];
];
} }
{ {
job_name = "home-assistant"; job_name = "home-assistant";
scrape_interval = "60s"; scrape_interval = "60s";
metrics_path = "/api/prometheus"; metrics_path = "/api/prometheus";
static_configs = [ static_configs = [{
{ targets = [ "porani.private:8123" ];
targets = ["porani.private:8123"];
labels = { labels = {
service = "hass"; service = "hass";
server = "porani"; server = "porani";
city = "essen"; city = "essen";
}; };
} }];
];
} }
]; ];
}; };

3
configs/workhorse/restic.nix
View file

@ -1,5 +1,4 @@
{ config, ... }: { config, ... }: {
{
backup.services.restic = { backup.services.restic = {
"on-porani".enable = false; "on-porani".enable = false;

9
configs/workhorse/seafile.nix
View file

@ -1,14 +1,15 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }: {
{
services.nginx = { services.nginx = {
enable = true; enable = true;
statusPage = true; statusPage = true;
virtualHosts = { virtualHosts = {
"seafile.${config.networking.hostName}.private" = { "seafile.${config.networking.hostName}.private" = {
serverAliases = []; serverAliases = [ ];
locations."/" = { locations."/" = {
proxyPass = "http://${config.networking.hostName}.private:${toString config.custom.services.seafile.port}"; proxyPass = "http://${config.networking.hostName}.private:${
toString config.custom.services.seafile.port
}";
}; };
}; };
}; };

8
configs/workhorse/syncthing.nix
View file

@ -1,12 +1,12 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }: {
{
custom.samba-share = { custom.samba-share = {
enable = true; enable = true;
folders = { folders = {
movies = config.test.services.syncthing.declarative.folders.movies.path; movies = config.test.services.syncthing.declarative.folders.movies.path;
series = config.test.services.syncthing.declarative.folders.series.path; series = config.test.services.syncthing.declarative.folders.series.path;
music = config.test.services.syncthing.declarative.folders.music-library.path; music =
config.test.services.syncthing.declarative.folders.music-library.path;
}; };
}; };
@ -108,6 +108,6 @@
after = [ "media.mount" ]; after = [ "media.mount" ];
}; };
backup.all.restic.dirs = ["/home/syncthing/finance"]; backup.all.restic.dirs = [ "/home/syncthing/finance" ];
} }

5
configs/workhorse/taskserver.nix
View file

@ -1,5 +1,4 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }: {
{
services.taskserver = { services.taskserver = {
enable = true; enable = true;
@ -8,7 +7,7 @@
requestLimit = 104857600; requestLimit = 104857600;
trust = "allow all"; trust = "allow all";
dataDir = "/var/lib/taskserver"; dataDir = "/var/lib/taskserver";
organisations."orgie".users = ["palo"]; organisations."orgie".users = [ "palo" ];
}; };
} }

3
configs/workhorse/tinc.nix
View file

@ -1,5 +1,4 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }: {
{
module.cluster.services.tinc = { module.cluster.services.tinc = {
"private" = { "private" = {

17
configs/workhorse/transmission.nix
View file

@ -4,12 +4,10 @@ with lib;
let let
allTincNetworks = allTincNetworks = builtins.attrNames config.module.cluster.services.tinc;
builtins.attrNames config.module.cluster.services.tinc;
ipAddresses = ipAddresses = flatten (mapAttrsToList
flatten (mapAttrsToList (_: data: (_: data: mapAttrsToList (_: hostConfig: hostConfig.tincIp) data.hosts)
mapAttrsToList (_: hostConfig: hostConfig.tincIp) data.hosts)
config.module.cluster.services.tinc); config.module.cluster.services.tinc);
in { in {
@ -19,9 +17,11 @@ in {
statusPage = true; statusPage = true;
virtualHosts = { virtualHosts = {
"transmission.${config.networking.hostName}.private" = { "transmission.${config.networking.hostName}.private" = {
serverAliases = ["torrent.${config.networking.hostName}.private"]; serverAliases = [ "torrent.${config.networking.hostName}.private" ];
locations."/" = { locations."/" = {
proxyPass = "http://${config.networking.hostName}.private:${toString config.services.transmission.port}"; proxyPass = "http://${config.networking.hostName}.private:${
toString config.services.transmission.port
}";
}; };
}; };
}; };
@ -36,7 +36,8 @@ in {
enable = true; enable = true;
home = "/home/torrent"; home = "/home/torrent";
store = "/home/torrent"; store = "/home/torrent";
hosts = concatStringsSep "," (map (name: "${config.networking.hostName}.${name}") allTincNetworks); hosts = concatStringsSep ","
(map (name: "${config.networking.hostName}.${name}") allTincNetworks);
whitelist = concatStringsSep "," ipAddresses; whitelist = concatStringsSep "," ipAddresses;
user = "palo"; user = "palo";
password = lib.fileContents <secrets/transmission/password>; password = lib.fileContents <secrets/transmission/password>;

13
configs/workhorse/weechat.nix
View file

@ -9,9 +9,7 @@
{ {
# configure weechat # configure weechat
services.weechat = { services.weechat = { enable = true; };
enable = true;
};
# configure bitlbee # configure bitlbee
services.bitlbee = { services.bitlbee = {
@ -28,17 +26,12 @@
pkgs.telegram-purple pkgs.telegram-purple
#pkgs.purple-lurch #pkgs.purple-lurch
]; ];
plugins = [ plugins = [ pkgs.bitlbee-facebook pkgs.bitlbee-steam ];
pkgs.bitlbee-facebook
pkgs.bitlbee-steam
];
}; };
# otherwise xterm is the only thing that works # otherwise xterm is the only thing that works
environment.systemPackages = [ pkgs.rxvt_unicode ]; environment.systemPackages = [ pkgs.rxvt_unicode ];
backup.all.restic.dirs = [ backup.all.restic.dirs = [ config.services.weechat.root ];
config.services.weechat.root
];
} }

3
configs/workout/configuration.nix
View file

@ -1,5 +1,4 @@
{ lib, config, pkgs, ... }: { lib, config, pkgs, ... }: {
{
imports = [ imports = [
<system/desktop> <system/desktop>

34
configs/workout/hardware-configuration.nix
View file

@ -1,33 +1,41 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let let mainUserHome = "/home/palo";
mainUserHome = "/home/palo"; in {
in
{
# fix fileSystems.<name>.encrypted - false overwrite # fix fileSystems.<name>.encrypted - false overwrite
# -------------------------------------------------- # --------------------------------------------------
boot.initrd.luks.cryptoModules = [ "aes" "aes_generic" "blowfish" "twofish" "serpent" "cbc" "xts" "lrw" "sha1" "sha256" "sha512" "aes_x86_64" ]; boot.initrd.luks.cryptoModules = [
"aes"
"aes_generic"
"blowfish"
"twofish"
"serpent"
"cbc"
"xts"
"lrw"
"sha1"
"sha256"
"sha512"
"aes_x86_64"
];
# todo : why should I use this here # todo : why should I use this here
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" ]; boot.initrd.availableKernelModules =
[ "xhci_pci" "ahci" "usb_storage" "sd_mod" ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
nix.maxJobs = lib.mkDefault 8; nix.maxJobs = lib.mkDefault 8;
# lvm volume group # lvm volume group
# ---------------- # ----------------
boot.initrd.luks.devices = [ boot.initrd.luks.devices = [{
{
name = "vg"; name = "vg";
device = "/dev/sda2"; device = "/dev/sda2";
preLVM = true; preLVM = true;
} }];
];
# NTFS support # NTFS support
# ------------ # ------------
environment.systemPackages = [ environment.systemPackages = [ pkgs.ntfs3g ];
pkgs.ntfs3g
];
# root # root
# ---- # ----

15
configs/workout/kibana.nix
View file

@ -1,22 +1,25 @@
{ config, ... }: { config, ... }: {
{
services.nginx = { services.nginx = {
enable = true; enable = true;
statusPage = true; statusPage = true;
virtualHosts = { virtualHosts = {
"kibana.${config.networking.hostName}.private" = { "kibana.${config.networking.hostName}.private" = {
serverAliases = []; serverAliases = [ ];
locations."/" = { locations."/" = {
proxyPass = "http://${config.networking.hostName}.private:${toString config.services.kibana.port}"; proxyPass = "http://${config.networking.hostName}.private:${
toString config.services.kibana.port
}";
}; };
}; };
}; };
}; };
services.elasticsearch.enable = true; services.elasticsearch.enable = true;
services.elasticsearch.listenAddress = "${config.networking.hostName}.private"; services.elasticsearch.listenAddress =
"${config.networking.hostName}.private";
services.kibana.enable = true; services.kibana.enable = true;
services.kibana.elasticsearch.hosts = [ "http://${config.networking.hostName}.private:9200" ]; services.kibana.elasticsearch.hosts =
[ "http://${config.networking.hostName}.private:9200" ];
services.kibana.listenAddress = "${config.networking.hostName}.private"; services.kibana.listenAddress = "${config.networking.hostName}.private";
services.kibana.port = 5601; services.kibana.port = 5601;

9
configs/workout/packages.nix
View file

@ -1,15 +1,16 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
let let unstable = import <nixpkgs-unstable> { };
unstable = import <nixpkgs-unstable> {};
in { in {
nixpkgs.config.packageOverrides = pkgs: { nixpkgs.config.packageOverrides = pkgs: {
nur = import (builtins.fetchTarball "https://github.com/nix-community/NUR/archive/master.tar.gz") { nur = import (builtins.fetchTarball
"https://github.com/nix-community/NUR/archive/master.tar.gz") {
inherit pkgs; inherit pkgs;
}; };
}; };
environment.systemPackages = with pkgs ; [ environment.systemPackages = with pkgs;
[
bitwig-studio bitwig-studio
#unstable.pypi2nix #unstable.pypi2nix
#nur.repos.mic92.nixos-shell #nur.repos.mic92.nixos-shell

6
configs/workout/slack.nix
View file

@ -1,5 +1,4 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }: {
{
programs.custom.slack = { programs.custom.slack = {
enable = true; enable = true;
@ -7,7 +6,8 @@
}; };
programs.custom.browser.configList.google-chrome = { programs.custom.browser.configList.google-chrome = {
inherit (config.programs.custom.browser.configList.development) home homeBackup user; inherit (config.programs.custom.browser.configList.development)
home homeBackup user;
sudoUsers = [ "slack" ]; sudoUsers = [ "slack" ];
}; };

3
configs/workout/syncthing.nix
View file

@ -1,5 +1,4 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }: {
{
test.services.syncthing = { test.services.syncthing = {
enable = true; enable = true;

3
configs/workout/tinc.nix
View file

@ -1,5 +1,4 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }: {
{
module.cluster.services.tinc = { module.cluster.services.tinc = {
"private" = { "private" = {
enable = true; enable = true;

18
images/lib/remote-access.nix
View file

@ -1,22 +1,16 @@
{ {
# cat ~/.ssh/id_rsa.pub # cat ~/.ssh/id_rsa.pub
publicSshKey ? "", publicSshKey ? "",
# remote-install-get-hiddenReceiver # remote-install-get-hiddenReceiver
hiddenReceiver ? "", hiddenReceiver ? "", }:
}: { config, lib, pkgs, ... }: {
{ config, lib, pkgs, ... }:
{
imports = [ imports = [
{ # system setup { # system setup
networking.hostName = "liveos"; networking.hostName = "liveos";
users.extraUsers = { users.extraUsers = {
root = { root = { openssh.authorizedKeys.keys = [ publicSshKey ]; };
openssh.authorizedKeys.keys = [
publicSshKey
];
};
}; };
} }
{ # installed packages { # installed packages

6
images/remote-install/config.nix
View file

@ -1,8 +1,10 @@
{ pkgs, lib, ... }: let { pkgs, lib, ... }:
let
remote-access = import ../lib/remote-access.nix { remote-access = import ../lib/remote-access.nix {
# cat ~/.ssh/id_rsa.pub # cat ~/.ssh/id_rsa.pub
publicSshKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw=="; publicSshKey =
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw==";
# remote-install-get-hiddenReceiver # remote-install-get-hiddenReceiver
hiddenReceiver = ""; hiddenReceiver = "";

4
images/remote-install/remote-install.nix
View file

@ -3,9 +3,7 @@
services.tor = { services.tor = {
enable = true; enable = true;
client.enable = true; client.enable = true;
hiddenServices.liveos.map = [ hiddenServices.liveos.map = [{ port = 1337; }];
{ port = 1337; }
];
}; };
environment.systemPackages = [ environment.systemPackages = [

11
images/windows-rescue/config.nix
View file

@ -1,23 +1,22 @@
# NixOS livesystem to reset windows passwords # NixOS livesystem to reset windows passwords
# Step by step guide : https://opensource.com/article/18/3/how-reset-windows-password-linux # Step by step guide : https://opensource.com/article/18/3/how-reset-windows-password-linux
# $ nixos-generator -f iso -c config.nix # $ nixos-generator -f iso -c config.nix
{ pkgs, ... }: let { pkgs, ... }:
let
wifi = { wifi = {
ssid = ""; ssid = "";
plainTextPassword = ""; plainTextPassword = "";
}; };
remote-access = import ../lib/remote-access.nix { remote-access = import ../lib/remote-access.nix {
publicSshKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw=="; publicSshKey =
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw==";
hiddenReceiver = ""; hiddenReceiver = "";
}; };
in { in {
imports = [ remote-access ]; imports = [ remote-access ];
environment.systemPackages = [ environment.systemPackages = [ pkgs.chntpw pkgs.ntfs3g ];
pkgs.chntpw
pkgs.ntfs3g
];
networking.dhcpcd.enable = true; networking.dhcpcd.enable = true;
networking.wireless = { networking.wireless = {

12
images/yubikey-image.nix
View file

@ -7,10 +7,13 @@
if [ ! -d $GNUPGHOME ]; then if [ ! -d $GNUPGHOME ]; then
mkdir $GNUPGHOME mkdir $GNUPGHOME
fi fi
cp ${pkgs.fetchurl { cp ${
url = "https://raw.githubusercontent.com/drduh/config/662c16404eef04f506a6a208f1253fee2f4895d9/gpg.conf"; pkgs.fetchurl {
url =
"https://raw.githubusercontent.com/drduh/config/662c16404eef04f506a6a208f1253fee2f4895d9/gpg.conf";
sha256 = "118fmrsn28fz629y7wwwcx7r1wfn59h3mqz1snyhf8b5yh0sb8la"; sha256 = "118fmrsn28fz629y7wwwcx7r1wfn59h3mqz1snyhf8b5yh0sb8la";
}} "$GNUPGHOME/gpg.conf" }
} "$GNUPGHOME/gpg.conf"
echo "\$GNUPGHOME has been set up for you. Generated keys will be in $GNUPGHOME." echo "\$GNUPGHOME has been set up for you. Generated keys will be in $GNUPGHOME."
''; '';
@ -49,7 +52,8 @@
sha256 = "0rzy06a5xgfjpaklxdgrxml24d0vhk78lb577l3z4x7a2p32dbyq"; sha256 = "0rzy06a5xgfjpaklxdgrxml24d0vhk78lb577l3z4x7a2p32dbyq";
}; };
buildInputs = [ pkgs.pandoc ]; buildInputs = [ pkgs.pandoc ];
installPhase = "pandoc --highlight-style pygments -s --toc README.md -o $out"; installPhase =
"pandoc --highlight-style pygments -s --toc README.md -o $out";
}; };
in { in {
default = "xfce"; default = "xfce";

8
library/default.nix
View file

@ -1,8 +1,8 @@
{ pkgs, lib, ... }: { pkgs, lib, ... }: {
{ desktopFile = bin:
desktopFile = bin: { longName ? "Script", command ? "${bin}/bin/${bin.name}", ... }: { longName ? "Script", command ? "${bin}/bin/${bin.name}", ... }:
pkgs.writeTextFile { pkgs.writeTextFile {
name = "${bin.name}.desktop" ; name = "${bin.name}.desktop";
destination = "/share/applications/${bin.name}.desktop"; destination = "/share/applications/${bin.name}.desktop";
text = '' text = ''
[Desktop Entry] [Desktop Entry]

41
library/jenkins.nix
View file

@ -4,45 +4,41 @@ with builtins;
{ {
# source container url and credentialsId # source container url and credentialsId
job = name: { job = name:
url, { url, credentialsId, branch ? "master",
credentialsId,
branch ? "master",
# https://docs.openstack.org/infra/jenkins-job-builder/triggers.html # https://docs.openstack.org/infra/jenkins-job-builder/triggers.html
triggers ? [ triggers ? [{
{ pollscm = { pollscm = {
cron = "H/30 * * * *"; cron = "H/30 * * * *";
ignore-post-commit-hooks = true; ignore-post-commit-hooks = true;
};} };
], ... }: config: { job = { }], ... }:
config: {
job = {
inherit name triggers; inherit name triggers;
sandbox = true; sandbox = true;
project-type = "pipeline"; project-type = "pipeline";
dsl = let dsl = let
stage = elem: stage = elem:
let let
stageName = head ( attrNames elem ); stageName = head (attrNames elem);
stateScripts = map ( stage : stateScripts = map (stage:
lib.getAttr (typeOf stage) { lib.getAttr (typeOf stage) {
string = '' string = ''
withEnv(['PATH=/run/current-system/sw/bin/','NIX_PATH=/var/src/']) { withEnv(['PATH=/run/current-system/sw/bin/','NIX_PATH=/var/src/']) {
sh '${toString stage}' sh '${toString stage}'
}''; }'';
set = set = let
let
script = '' script = ''
withEnv(['PATH=/run/current-system/sw/bin/','NIX_PATH=/var/src/']) { withEnv(['PATH=/run/current-system/sw/bin/','NIX_PATH=/var/src/']) {
sh '${toString stage.script}' sh '${toString stage.script}'
} }
''; '';
in in if (stage.credentialsId != null) then ''
if (stage.credentialsId != null)
then ''
sshagent(['${stage.credentialsId}']) { ${script} } sshagent(['${stage.credentialsId}']) { ${script} }
'' '' else
else script; script;
} }) (getAttr stageName elem);
)( getAttr stageName elem );
in '' in ''
stage('${stageName}') { stage('${stageName}') {
steps { steps {
@ -74,7 +70,8 @@ with builtins;
} }
} }
''; '';
};}; };
};
# creates a sync job # creates a sync job
# source and target container url and credentialsId # source and target container url and credentialsId
@ -83,12 +80,12 @@ with builtins;
name = name; name = name;
sandbox = true; sandbox = true;
project-type = "pipeline"; project-type = "pipeline";
triggers = [ { triggers = [{
pollscm = { pollscm = {
cron = "H/30 * * * *"; cron = "H/30 * * * *";
ignore-post-commit-hooks = true; ignore-post-commit-hooks = true;
}; };
} ]; }];
dsl = '' dsl = ''
pipeline { pipeline {
agent any agent any

78
modules/later/syncthing.nix
View file

@ -11,18 +11,16 @@ let
inherit (device) name addresses introducer; inherit (device) name addresses introducer;
}) cfg.declarative.devices; }) cfg.declarative.devices;
folders = mapAttrsToList ( _: folder: { folders = mapAttrsToList (_: folder: {
inherit (folder) path id label type; inherit (folder) path id label type;
devices = map (device: { deviceId = cfg.declarative.devices.${device}.id; }) folder.devices; devices = map (device: { deviceId = cfg.declarative.devices.${device}.id; })
folder.devices;
rescanIntervalS = folder.rescanInterval; rescanIntervalS = folder.rescanInterval;
fsWatcherEnabled = folder.watch; fsWatcherEnabled = folder.watch;
fsWatcherDelayS = folder.watchDelay; fsWatcherDelayS = folder.watchDelay;
ignorePerms = folder.ignorePerms; ignorePerms = folder.ignorePerms;
versioning = folder.versioning; versioning = folder.versioning;
}) (filterAttrs ( }) (filterAttrs (_: folder: folder.enable) cfg.declarative.folders);
_: folder:
folder.enable
) cfg.declarative.folders);
# get the api key by parsing the config.xml # get the api key by parsing the config.xml
getApiKey = pkgs.writers.writeDash "getAPIKey" '' getApiKey = pkgs.writers.writeDash "getAPIKey" ''
@ -45,8 +43,12 @@ let
# generate the new config by merging with the nixos config options # generate the new config by merging with the nixos config options
NEW_CFG=$(echo "$OLD_CFG" | ${pkgs.jq}/bin/jq -s '.[] as $in | $in * { NEW_CFG=$(echo "$OLD_CFG" | ${pkgs.jq}/bin/jq -s '.[] as $in | $in * {
"devices": (${builtins.toJSON devices}${optionalString (! cfg.declarative.overrideDevices) " + $in.devices"}), "devices": (${builtins.toJSON devices}${
"folders": (${builtins.toJSON folders}${optionalString (! cfg.declarative.overrideFolders) " + $in.folders"}) optionalString (!cfg.declarative.overrideDevices) " + $in.devices"
}),
"folders": (${builtins.toJSON folders}${
optionalString (!cfg.declarative.overrideFolders) " + $in.folders"
})
}') }')
# POST the new config to syncthing # POST the new config to syncthing
@ -102,13 +104,14 @@ in {
}; };
devices = mkOption { devices = mkOption {
default = {}; default = { };
description = '' description = ''
Peers/devices which syncthing should communicate with. Peers/devices which syncthing should communicate with.
''; '';
example = { example = {
bigbox = { bigbox = {
id = "7CFNTQM-IMTJBHJ-3UWRDIU-ZGQJFR6-VCXZ3NB-XUH3KZO-N52ITXR-LAIYUAU"; id =
"7CFNTQM-IMTJBHJ-3UWRDIU-ZGQJFR6-VCXZ3NB-XUH3KZO-N52ITXR-LAIYUAU";
addresses = [ "tcp://192.168.0.10:51820" ]; addresses = [ "tcp://192.168.0.10:51820" ];
}; };
}; };
@ -125,7 +128,7 @@ in {
addresses = mkOption { addresses = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
default = []; default = [ ];
description = '' description = ''
The addresses used to connect to the device. The addresses used to connect to the device.
If this is let empty, dynamic configuration is attempted If this is let empty, dynamic configuration is attempted
@ -165,7 +168,7 @@ in {
}; };
folders = mkOption { folders = mkOption {
default = {}; default = { };
description = '' description = ''
folders which should be shared by syncthing. folders which should be shared by syncthing.
''; '';
@ -214,7 +217,7 @@ in {
devices = mkOption { devices = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
default = []; default = [ ];
description = '' description = ''
The devices this folder should be shared with. Must be defined The devices this folder should be shared with. Must be defined
in the <literal>declarative.devices</literal> attribute. in the <literal>declarative.devices</literal> attribute.
@ -262,14 +265,14 @@ in {
}; };
} }
]; ];
type = with types; nullOr (submodule { type = with types;
nullOr (submodule {
options = { options = {
type = mkOption { type = mkOption {
type = enum [ "external" "simple" "staggered" "trashcan" ]; type =
}; enum [ "external" "simple" "staggered" "trashcan" ];
params = mkOption {
type = attrsOf (either str path);
}; };
params = mkOption { type = attrsOf (either str path); };
}; };
}); });
}; };
@ -376,8 +379,7 @@ in {
description = '' description = ''
Path where the settings and keys will exist. Path where the settings and keys will exist.
''; '';
default = default = let
let
nixos = config.system.stateVersion; nixos = config.system.stateVersion;
cond = versionAtLeast nixos "19.03"; cond = versionAtLeast nixos "19.03";
in cfg.dataDir + (optionalString cond "/.config/syncthing"); in cfg.dataDir + (optionalString cond "/.config/syncthing");
@ -427,8 +429,8 @@ in {
systemd.packages = [ pkgs.syncthing ]; systemd.packages = [ pkgs.syncthing ];
users.users = mkIf (cfg.systemService && cfg.user == defaultUser) { users.users = mkIf (cfg.systemService && cfg.user == defaultUser) {
${defaultUser} = ${defaultUser} = {
{ group = cfg.group; group = cfg.group;
home = cfg.dataDir; home = cfg.dataDir;
createHome = true; createHome = true;
uid = config.ids.uids.syncthing; uid = config.ids.uids.syncthing;
@ -437,8 +439,7 @@ in {
}; };
users.groups = mkIf (cfg.systemService && cfg.group == defaultUser) { users.groups = mkIf (cfg.systemService && cfg.group == defaultUser) {
${defaultUser}.gid = ${defaultUser}.gid = config.ids.gids.syncthing;
config.ids.gids.syncthing;
}; };
systemd.services = { systemd.services = {
@ -454,20 +455,26 @@ in {
serviceConfig = { serviceConfig = {
Restart = "on-failure"; Restart = "on-failure";
SuccessExitStatus = "2 3 4"; SuccessExitStatus = "2 3 4";
RestartForceExitStatus="3 4"; RestartForceExitStatus = "3 4";
User = cfg.user; User = cfg.user;
Group = cfg.group; Group = cfg.group;
ExecStartPre = mkIf (cfg.declarative.cert != null || cfg.declarative.key != null) ExecStartPre =
"+${pkgs.writers.writeBash "syncthing-copy-keys" '' mkIf (cfg.declarative.cert != null || cfg.declarative.key != null)
"+${
pkgs.writers.writeBash "syncthing-copy-keys" ''
install -dm700 -o ${cfg.user} -g ${cfg.group} ${cfg.configDir} install -dm700 -o ${cfg.user} -g ${cfg.group} ${cfg.configDir}
${optionalString (cfg.declarative.cert != null) '' ${optionalString (cfg.declarative.cert != null) ''
install -Dm400 -o ${cfg.user} -g ${cfg.group} ${toString cfg.declarative.cert} ${cfg.configDir}/cert.pem install -Dm400 -o ${cfg.user} -g ${cfg.group} ${
toString cfg.declarative.cert
} ${cfg.configDir}/cert.pem
''} ''}
${optionalString (cfg.declarative.key != null) '' ${optionalString (cfg.declarative.key != null) ''
install -Dm400 -o ${cfg.user} -g ${cfg.group} ${toString cfg.declarative.key} ${cfg.configDir}/key.pem install -Dm400 -o ${cfg.user} -g ${cfg.group} ${
toString cfg.declarative.key
} ${cfg.configDir}/key.pem
''} ''}
''}" ''
; }";
ExecStart = '' ExecStart = ''
${cfg.package}/bin/syncthing \ ${cfg.package}/bin/syncthing \
-no-browser \ -no-browser \
@ -476,9 +483,8 @@ in {
''; '';
}; };
}; };
syncthing-init = mkIf ( syncthing-init = mkIf
cfg.declarative.devices != {} || cfg.declarative.folders != {} (cfg.declarative.devices != { } || cfg.declarative.folders != { }) {
) {
after = [ "syncthing.service" ]; after = [ "syncthing.service" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
@ -490,9 +496,7 @@ in {
}; };
}; };
syncthing-resume = { syncthing-resume = { wantedBy = [ "suspend.target" ]; };
wantedBy = [ "suspend.target" ];
};
}; };
}; };
} }

107
modules/programs/browser.nix
View file

@ -14,14 +14,13 @@ let
firefoxBin = "${pkgs.firefox}/bin/firefox"; firefoxBin = "${pkgs.firefox}/bin/firefox";
tarBin = "${pkgs.gnutar}/bin/tar"; tarBin = "${pkgs.gnutar}/bin/tar";
# desktop file # desktop file
# ------------ # ------------
# makes it possible to be used by other programs # makes it possible to be used by other programs
desktopFile = bin: let desktopFile = bin:
browserName = bin.name; let browserName = bin.name;
in pkgs.writeTextFile { in pkgs.writeTextFile {
name = "${browserName}.desktop" ; name = "${browserName}.desktop";
destination = "/share/applications/${browserName}.desktop"; destination = "/share/applications/${browserName}.desktop";
text = '' text = ''
[Desktop Entry] [Desktop Entry]
@ -43,8 +42,8 @@ let
backupFile = "${homeBackup}.tar.lzma"; backupFile = "${homeBackup}.tar.lzma";
rolloutFile = "${home}.tar.lzma"; rolloutFile = "${home}.tar.lzma";
lockFile = "${home}-lock"; lockFile = "${home}-lock";
in in pkgs.writeShellScriptBin "${name}-clean" # sh
pkgs.writeShellScriptBin "${name}-clean" /* sh */ '' ''
sudo killall -9 -u ${name} sudo killall -9 -u ${name}
sudo rm ${lockFile} sudo rm ${lockFile}
sudo rm -rf ${home} sudo rm -rf ${home}
@ -55,8 +54,8 @@ let
backupFile = "${homeBackup}.tar.lzma"; backupFile = "${homeBackup}.tar.lzma";
rolloutFile = "${home}.tar.lzma"; rolloutFile = "${home}.tar.lzma";
lockFile = "${home}-lock"; lockFile = "${home}-lock";
in in pkgs.writeShellScriptBin "${name}" # sh
pkgs.writeShellScriptBin "${name}" /* sh */ '' ''
# set -x # set -x
if [[ ! -e ${lockFile} ]] if [[ ! -e ${lockFile} ]]
then then
@ -79,29 +78,27 @@ let
sudo -u ${user} ${browser} sudo -u ${user} ${browser}
''; '';
browserExecutableList = browserExecutableList = let
allBrowser = flip mapAttrsToList cfg.configList (name: config:
let let
allBrowser = flip mapAttrsToList cfg.configList ( browser = if config.browserType == "chrome" then
name: config: ''${chromiumBin} "$@"''
let else if config.browserType == "google" then
browser = if config.browserType == "chrome" ''${chromeBin} "$@"''
then "${chromiumBin} \"$@\"" else
else if config.browserType == "google" ''${firefoxBin} "$@"'';
then "${chromeBin} \"$@\"" in createBrowser name config.user browser config.home config.homeBackup);
else "${firefoxBin} \"$@\"";
in
createBrowser name config.user browser config.home config.homeBackup
);
xclipBrowser = [ xclipBrowser = [
(pkgs.writeShellScriptBin "copy-to-xclip" /* sh */'' (pkgs.writeShellScriptBin "copy-to-xclip" # sh
''
echo "$*" | ${pkgs.xclip}/bin/xclip echo "$*" | ${pkgs.xclip}/bin/xclip
'') '')
]; ];
in in allBrowser ++ xclipBrowser;
allBrowser ++ xclipBrowser;
createBackupScript = name: home: backupHome: createBackupScript = name: home: backupHome:
pkgs.writeShellScriptBin "${name}-backup" /* sh */ '' pkgs.writeShellScriptBin "${name}-backup" # sh
''
sudo -u ${name} \ sudo -u ${name} \
${tarBin} \ ${tarBin} \
--exclude=.cache \ --exclude=.cache \
@ -116,57 +113,51 @@ let
cp ${home}.tar.lzma ${backupHome}.tar.lzma cp ${home}.tar.lzma ${backupHome}.tar.lzma
''; '';
allBackupScripts = allBackupScripts = let
let
filteredConfigs = filteredConfigs =
filterAttrs filterAttrs (name: browserConfig: browserConfig.homeBackup != null)
(name: browserConfig: browserConfig.homeBackup != null)
cfg.configList; cfg.configList;
in in mapAttrsToList (name: browserConfig:
mapAttrsToList createBackupScript name browserConfig.home browserConfig.homeBackup)
(name: browserConfig: createBackupScript name browserConfig.home browserConfig.homeBackup)
filteredConfigs; filteredConfigs;
allCleanScripts = allCleanScripts = let
let
filteredConfigs = filteredConfigs =
filterAttrs filterAttrs (name: browserConfig: browserConfig.homeBackup != null)
(name: browserConfig: browserConfig.homeBackup != null)
cfg.configList; cfg.configList;
in in mapAttrsToList (name: browserConfig:
mapAttrsToList cleanBrowser name name browserConfig.home browserConfig.homeBackup)
(name: browserConfig: cleanBrowser name name browserConfig.home browserConfig.homeBackup)
filteredConfigs; filteredConfigs;
# browser chooser # browser chooser
# --------------- # ---------------
browserSelect = pkgs.writeScriptBin "browser-select" '' browserSelect = pkgs.writeScriptBin "browser-select" ''
# select a browser using dmenu # select a browser using dmenu
# ---------------------------- # ----------------------------
BROWSER=$( echo -e "${lib.concatMapStringsSep "\\n" (bin: bin.name) browserExecutableList}" \ BROWSER=$( echo -e "${
lib.concatMapStringsSep "\\n" (bin: bin.name) browserExecutableList
}" \
| ${pkgs.rofi}/bin/rofi -dmenu ) | ${pkgs.rofi}/bin/rofi -dmenu )
# start selected browser # start selected browser
# ---------------------- # ----------------------
case $BROWSER in case $BROWSER in
${lib.concatStringsSep "\n" ${lib.concatStringsSep "\n" (flip map browserExecutableList
(flip map browserExecutableList (bin: "${bin.name}) export BIN=${bin}/bin/${bin.name} ;;")) (bin: "${bin.name}) export BIN=${bin}/bin/${bin.name} ;;"))}
}
esac esac
$BIN "$@" $BIN "$@"
''; '';
in { in {
options.programs.custom.browser = { options.programs.custom.browser = {
enable = mkEnableOption "enable browsers"; enable = mkEnableOption "enable browsers";
configList = mkOption { configList = mkOption {
type = with types; attrsOf (submodule ({ name , ... }: { type = with types;
attrsOf (submodule ({ name, ... }: {
options = { options = {
browserType = mkOption { browserType = mkOption {
type = with types; enum ["firefox" "chrome" "google"]; type = with types; enum [ "firefox" "chrome" "google" ];
default = "chrome"; default = "chrome";
description = '' description = ''
the type of browser which is simulated the type of browser which is simulated
@ -210,16 +201,15 @@ in {
config = mkIf cfg.enable { config = mkIf cfg.enable {
# add sudo rights # add sudo rights
security.sudo.extraConfig = security.sudo.extraConfig = let
let
extraRules = flip mapAttrsToList cfg.configList (name: values: extraRules = flip mapAttrsToList cfg.configList (name: values:
concatStringsSep "\n" (map (sudoUser: "${sudoUser} ALL=(${values.user}) NOPASSWD: ALL") values.sudoUsers)) ; concatStringsSep "\n"
in (map (sudoUser: "${sudoUser} ALL=(${values.user}) NOPASSWD: ALL")
lib.concatStringsSep "\n" extraRules; values.sudoUsers));
in lib.concatStringsSep "\n" extraRules;
# create users # create users
users.users = flip mapAttrs cfg.configList (name: config: users.users = flip mapAttrs cfg.configList (name: config: {
{
home = config.home; home = config.home;
createHome = true; createHome = true;
initialPassword = "${name}-browser"; initialPassword = "${name}-browser";
@ -228,19 +218,14 @@ in {
group = "users"; group = "users";
# enable video usage # enable video usage
extraGroups = [ "video" "audio" ]; extraGroups = [ "video" "audio" ];
} });
);
# add groups to mainUser # add groups to mainUser
system.custom.mainUser.extraGroups = builtins.attrNames cfg.configList; system.custom.mainUser.extraGroups = builtins.attrNames cfg.configList;
environment.systemPackages = [ environment.systemPackages = [ browserSelect (desktopFile browserSelect) ]
browserSelect
( desktopFile browserSelect )
]
++ browserExecutableList ++ browserExecutableList
++ (map (bin: desktopFile bin) browserExecutableList) ++ (map (bin: desktopFile bin) browserExecutableList) ++ allBackupScripts
++ allBackupScripts
++ allCleanScripts; ++ allCleanScripts;
}; };

13
modules/programs/citate.nix
View file

@ -11,7 +11,8 @@ let
xdotool = "${pkgs.xdotool}/bin/xdotool"; xdotool = "${pkgs.xdotool}/bin/xdotool";
dmenu = "${pkgs.dmenu}/bin/dmenu"; dmenu = "${pkgs.dmenu}/bin/dmenu";
citateScript = file: suffix: pkgs.writeShellScriptBin "citate-${suffix}" '' citateScript = file: suffix:
pkgs.writeShellScriptBin "citate-${suffix}" ''
${xdotool} - <<<"type -- $( cat ${file} | ${dmenu} -l 10 -i | sed -e "s/\(.*\)/'\1'/" )" ${xdotool} - <<<"type -- $( cat ${file} | ${dmenu} -l 10 -i | sed -e "s/\(.*\)/'\1'/" )"
''; '';
@ -27,9 +28,15 @@ in {
config = mkIf cfg.enable { config = mkIf cfg.enable {
environment.systemPackages = [ environment.systemPackages = [
scriptAxel scriptAxel
(library.desktopFile scriptAxel { longName = "Citate Axel"; command = "citate-axel"; }) (library.desktopFile scriptAxel {
longName = "Citate Axel";
command = "citate-axel";
})
scriptSiw scriptSiw
(library.desktopFile scriptSiw { longName = "Citate Sinnlos im Weltall"; command = "citate-siw"; }) (library.desktopFile scriptSiw {
longName = "Citate Sinnlos im Weltall";
command = "citate-siw";
})
]; ];
}; };
} }

11
modules/programs/curl-scripts.nix
View file

@ -20,15 +20,12 @@ let
in { in {
options.programs.custom.curlScripts.enable = mkEnableOption "enable curl scripts"; options.programs.custom.curlScripts.enable =
mkEnableOption "enable curl scripts";
config = mkIf cfg.enable { config = mkIf cfg.enable {
environment.systemPackages = [ environment.systemPackages =
weatherScript [ weatherScript qrCodeScript cheatSheetScript ];
qrCodeScript
cheatSheetScript
];
}; };
} }

8
modules/programs/easytag.nix
View file

@ -8,13 +8,11 @@ let
in { in {
options.programs.custom.easytag.enable = mkEnableOption "install easytag with dependencies"; options.programs.custom.easytag.enable =
mkEnableOption "install easytag with dependencies";
config = mkIf cfg.enable { config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [ easytag gnome3.dconf ];
easytag
gnome3.dconf
];
}; };
} }

2
modules/programs/elm.nix
View file

@ -11,7 +11,7 @@ in {
options.programs.custom.elm.enable = mkEnableOption "enable elm stack"; options.programs.custom.elm.enable = mkEnableOption "enable elm stack";
config = mkIf cfg.enable { config = mkIf cfg.enable {
environment.systemPackages = with pkgs ; [ environment.systemPackages = with pkgs; [
elmPackages.elm elmPackages.elm
elmPackages.elm-compiler elmPackages.elm-compiler
elmPackages.elm-format elmPackages.elm-format

6
modules/programs/espeak.nix
View file

@ -36,11 +36,12 @@ let
in { in {
options.programs.custom.espeak.enable = mkEnableOption "enable espeak scripts"; options.programs.custom.espeak.enable =
mkEnableOption "enable espeak scripts";
config = mkIf cfg.enable { config = mkIf cfg.enable {
environment.systemPackages = with pkgs ; [ environment.systemPackages = with pkgs; [
espeak espeak
en_espeak en_espeak
en_read en_read
@ -51,4 +52,3 @@ in {
}; };
} }

30
modules/programs/ffmpeg.nix
View file

@ -4,7 +4,8 @@ let
cfg = config.programs.custom.ffmpeg; cfg = config.programs.custom.ffmpeg;
ffmpegTemplate = name: { profile, preset, tune ? null}: ffmpegTemplate = name:
{ profile, preset, tune ? null }:
pkgs.writeShellScriptBin "ffmpeg-${name}" '' pkgs.writeShellScriptBin "ffmpeg-${name}" ''
if [ $# -eq 0 ] if [ $# -eq 0 ]
@ -67,10 +68,12 @@ let
''; '';
ffmpegDescriptive = profile: preset: ffmpegDescriptive = profile: preset:
ffmpegTemplate "${profile}-${preset}-720p" { inherit profile preset ; }; ffmpegTemplate "${profile}-${preset}-720p" { inherit profile preset; };
ffmpegDescriptiveTune = profile: preset: tune: ffmpegDescriptiveTune = profile: preset: tune:
ffmpegTemplate "${profile}-${preset}-${tune}-720p" { inherit profile preset tune; }; ffmpegTemplate "${profile}-${preset}-${tune}-720p" {
inherit profile preset tune;
};
# https://en.wikipedia.org/wiki/H.264/MPEG-4_AVC#Profiles # https://en.wikipedia.org/wiki/H.264/MPEG-4_AVC#Profiles
profiles = [ profiles = [
@ -92,21 +95,11 @@ let
#"slower" #"slower"
"veryslow" "veryslow"
]; ];
tunes = [ tunes = [ "film" "animation" "grain" "stillimage" "fastdecode" ];
"film"
"animation"
"grain"
"stillimage"
"fastdecode"
];
ffmpegs = lib.crossLists ffmpegs = lib.crossLists ffmpegDescriptive [ profiles presets ];
ffmpegDescriptive
[ profiles presets ];
ffmpegsTune = lib.crossLists ffmpegsTune = lib.crossLists ffmpegDescriptiveTune [ profiles presets tunes ];
ffmpegDescriptiveTune
[ profiles presets tunes ];
in { in {
@ -114,7 +107,6 @@ in {
enable = mkEnableOption "enable programs.custom.ffmpeg"; enable = mkEnableOption "enable programs.custom.ffmpeg";
}; };
config = mkIf cfg.enable { config =
environment.systemPackages = ffmpegs ++ ffmpegsTune; mkIf cfg.enable { environment.systemPackages = ffmpegs ++ ffmpegsTune; };
};
} }

5
modules/programs/git.nix
View file

@ -8,11 +8,12 @@ let
in { in {
options.programs.custom.git.enable = mkEnableOption "install git and all its tools"; options.programs.custom.git.enable =
mkEnableOption "install git and all its tools";
config = mkIf cfg.enable { config = mkIf cfg.enable {
environment.systemPackages = with pkgs ; [ environment.systemPackages = with pkgs; [
git git
tig tig
git-crypt git-crypt

2
modules/programs/q.nix
View file

@ -27,7 +27,7 @@ in {
config = mkIf cfg.enable { config = mkIf cfg.enable {
environment.systemPackages = [ environment.systemPackages = [
(pkgs.q.override{ (pkgs.q.override {
timeZones = cfg.timeZones; timeZones = cfg.timeZones;
enableIntelBacklight = cfg.enableIntelBacklight; enableIntelBacklight = cfg.enableIntelBacklight;
enableBattery = cfg.enableBattery; enableBattery = cfg.enableBattery;

17
modules/programs/shell-bash.nix
View file

@ -1,6 +1,5 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
let let cfg = config.programs.custom.bash;
cfg = config.programs.custom.bash;
in { in {
options.programs.custom.bash.enable = lib.mkEnableOption "enable bash config"; options.programs.custom.bash.enable = lib.mkEnableOption "enable bash config";
@ -15,7 +14,8 @@ in {
# Configure Shell # Configure Shell
# --------------- # ---------------
interactiveShellInit = /* sh */ '' interactiveShellInit = # sh
''
# use vi shortcuts # use vi shortcuts
# ---------------- # ----------------
set -o vi set -o vi
@ -27,7 +27,8 @@ in {
# Configure Prompt # Configure Prompt
# ---------------- # ----------------
promptInit = /* sh */ '' promptInit = # sh
''
# PS1 content functions # PS1 content functions
# --------------------- # ---------------------
function nonzero_return() { function nonzero_return() {
@ -60,7 +61,7 @@ in {
ls = "ls --color=tty"; ls = "ls --color=tty";
l = "ls -CFh"; l = "ls -CFh";
la = "ls -Ah"; la = "ls -Ah";
ll = "ls -lh" ; ll = "ls -lh";
lt = "ls -lct --reverse"; lt = "ls -lct --reverse";
less = "less -S"; less = "less -S";
top = "htop"; top = "htop";
@ -71,8 +72,8 @@ in {
df = "df -h"; df = "df -h";
nix-search = "nix-env -qaP"; nix-search = "nix-env -qaP";
nix-list = "nix-env -qaP \"*\" --description"; nix-list = ''nix-env -qaP "*" --description'';
nix-list-haskell = "nix-env -f \"<nixpkgs>\" -qaP -A haskellPackages"; nix-list-haskell = ''nix-env -f "<nixpkgs>" -qaP -A haskellPackages'';
nix-show-garbadge-roots = "ls -lh /nix/var/nix/gcroots/auto/"; nix-show-garbadge-roots = "ls -lh /nix/var/nix/gcroots/auto/";
@ -83,5 +84,3 @@ in {
}; };
} }

19
modules/programs/shell-tools.nix
View file

@ -5,7 +5,8 @@ with lib;
let let
xterm-colors = pkgs.writeShellScriptBin "256-xterm-colors" xterm-colors = pkgs.writeShellScriptBin "256-xterm-colors"
/* sh */ '' # sh
''
for i in {0..255} ; do for i in {0..255} ; do
printf "\x1b[38;5;%sm%3d\e[0m " "$i" "$i" printf "\x1b[38;5;%sm%3d\e[0m " "$i" "$i"
if (( i == 15 )) || (( i > 15 )) && (( (i-15) % 6 == 0 )); then if (( i == 15 )) || (( i > 15 )) && (( (i-15) % 6 == 0 )); then
@ -14,8 +15,10 @@ let
done done
''; '';
xterm-background-colors = pkgs.writeShellScriptBin "256-xterm-colors-background" xterm-background-colors = pkgs.writeShellScriptBin
/* sh */ '' "256-xterm-colors-background"
# sh
''
for i in {0..255} ; do for i in {0..255} ; do
printf "\x1b[48;5;%sm%3d\e[0m " "$i" "$i" printf "\x1b[48;5;%sm%3d\e[0m " "$i" "$i"
if (( i == 15 )) || (( i > 15 )) && (( (i-15) % 6 == 0 )); then if (( i == 15 )) || (( i > 15 )) && (( (i-15) % 6 == 0 )); then
@ -24,20 +27,16 @@ let
done done
''; '';
cfg = config.programs.custom.shellTools; cfg = config.programs.custom.shellTools;
in { in {
options.programs.custom.shellTools.enable = mkEnableOption "enable shell tools"; options.programs.custom.shellTools.enable =
mkEnableOption "enable shell tools";
config = mkIf cfg.enable { config = mkIf cfg.enable {
environment.systemPackages = [ environment.systemPackages = [ xterm-colors xterm-background-colors ];
xterm-colors
xterm-background-colors
];
}; };
} }

26
modules/programs/shell-zsh.nix
View file

@ -59,7 +59,7 @@ in {
ls = "ls --color=tty"; ls = "ls --color=tty";
l = "ls -CFh"; l = "ls -CFh";
la = "ls -Ah"; la = "ls -Ah";
ll = "ls -lh" ; ll = "ls -lh";
lt = "ls -lct --reverse"; lt = "ls -lct --reverse";
less = "less -S"; less = "less -S";
top = "htop"; top = "htop";
@ -72,10 +72,10 @@ in {
timestamp = "date +%Y%m%d%H%M%S"; timestamp = "date +%Y%m%d%H%M%S";
nix-search = "nix-env -qaP"; nix-search = "nix-env -qaP";
nix-list = "nix-env -qaP \"*\" --description"; nix-list = ''nix-env -qaP "*" --description'';
nix-list-haskell = "nix-env -f \"<nixpkgs>\" -qaP -A haskellPackages"; nix-list-haskell = ''nix-env -f "<nixpkgs>" -qaP -A haskellPackages'';
nix-list-node = "nix-env -f \"<nixpkgs>\" -qaP -A nodePackages"; nix-list-node = ''nix-env -f "<nixpkgs>" -qaP -A nodePackages'';
nix-list-beam = "nix-env -f \"<nixpkgs>\" -qaP -A beamPackages"; nix-list-beam = ''nix-env -f "<nixpkgs>" -qaP -A beamPackages'';
# nix-find = "clear ; ${pkgs.nix-index}/bin/nix-locate -1 -w"; # nix-find = "clear ; ${pkgs.nix-index}/bin/nix-locate -1 -w";
nix-show-garbadge-roots = "ls -lh /nix/var/nix/gcroots/auto/"; nix-show-garbadge-roots = "ls -lh /nix/var/nix/gcroots/auto/";
@ -90,25 +90,24 @@ in {
# only used to make quick config changes # only used to make quick config changes
# -------------------------------------- # --------------------------------------
environment.etc."zshcustom/mainuser.zsh".source = environment.etc."zshcustom/mainuser.zsh".source =
pkgs.writeText "mainuser-zsh" ( pkgs.writeText "mainuser-zsh" (if (cfg.mainUser != null) then ''
if ( cfg.mainUser != null )
then
''
source ${config.users.users.mainUser.home}/.zshrc source ${config.users.users.mainUser.home}/.zshrc
'' '' else
else '' # programs.custom.zsh.mainUser not set '' ); "# programs.custom.zsh.mainUser not set ");
# Theme # Theme
# ----- # -----
# make sure powerline-fonts is set in `fonts.fonts` # make sure powerline-fonts is set in `fonts.fonts`
environment.etc."zshcustom/themes/powerlevel9k".source = pkgs.fetchFromGitHub { environment.etc."zshcustom/themes/powerlevel9k".source =
pkgs.fetchFromGitHub {
owner = "bhilburn"; owner = "bhilburn";
repo = "powerlevel9k"; repo = "powerlevel9k";
rev = "v0.6.4"; rev = "v0.6.4";
sha256 = "104wvlni3rilpw9v1dk848lnw8cm8qxl64xs70j04ly4s959dyb5"; sha256 = "104wvlni3rilpw9v1dk848lnw8cm8qxl64xs70j04ly4s959dyb5";
}; };
environment.etc."zshcustom/powerlevel9kpatch.zsh".source = pkgs.writeText "powerlevel9kpatch.zsh" '' environment.etc."zshcustom/powerlevel9kpatch.zsh".source =
pkgs.writeText "powerlevel9kpatch.zsh" ''
# this shows all the colors which are available # this shows all the colors which are available
# --------------------------------------------- # ---------------------------------------------
@ -176,4 +175,3 @@ in {
}; };
} }

29
modules/programs/slack.nix
View file

@ -14,13 +14,11 @@ let
# --------------------------- # ---------------------------
command = "${pkgs.slack}/bin/slack"; command = "${pkgs.slack}/bin/slack";
desktopFile = desktopFile = let
let
name = program; name = program;
comment = "Chat Programm"; comment = "Chat Programm";
in in pkgs.writeTextFile {
pkgs.writeTextFile { name = "${name}.desktop";
name = "${name}.desktop" ;
destination = "/share/applications/${name}.desktop"; destination = "/share/applications/${name}.desktop";
text = '' text = ''
[Desktop Entry] [Desktop Entry]
@ -35,16 +33,13 @@ let
''; '';
}; };
# the script # the script
# ---------- # ----------
bin = bin = let
let
backupFile = "${cfg.homeBackup}.tar.lzma"; backupFile = "${cfg.homeBackup}.tar.lzma";
rolloutFile = "${cfg.home}.tar.lzma"; rolloutFile = "${cfg.home}.tar.lzma";
lockFile = "${cfg.home}-lock"; lockFile = "${cfg.home}-lock";
in in pkgs.writeShellScriptBin "${program}" ''
pkgs.writeShellScriptBin "${program}" ''
# set -x # set -x
if [[ ! -e ${lockFile} ]] if [[ ! -e ${lockFile} ]]
then then
@ -61,10 +56,7 @@ let
sudo -u ${program} ${command} sudo -u ${program} ${command}
''; '';
backupScript = pkgs.writeShellScriptBin "${program}-backup" ''
backupScript =
pkgs.writeShellScriptBin "${program}-backup" ''
sudo -u ${program} \ sudo -u ${program} \
${tarBin} \ ${tarBin} \
--exclude=.cache \ --exclude=.cache \
@ -108,8 +100,7 @@ in {
config = mkIf cfg.enable { config = mkIf cfg.enable {
security.sudo.extraConfig = security.sudo.extraConfig = ''
''
${config.users.users.mainUser.name} ALL=(${program}) NOPASSWD: ALL ${config.users.users.mainUser.name} ALL=(${program}) NOPASSWD: ALL
''; '';
@ -125,11 +116,7 @@ in {
extraGroups = [ "video" "audio" ]; extraGroups = [ "video" "audio" ];
}; };
environment.systemPackages = [ environment.systemPackages = [ bin backupScript desktopFile ];
bin
backupScript
desktopFile
];
}; };
} }

9
modules/programs/taskwarrior.nix
View file

@ -6,7 +6,8 @@ let
cfg = config.programs.custom.taskwarrior; cfg = config.programs.custom.taskwarrior;
taskNextWeek = pkgs.writeShellScriptBin "taskweek" /* sh */ '' taskNextWeek = pkgs.writeShellScriptBin "taskweek" # sh
''
${pkgs.taskwarrior}/bin/task \ ${pkgs.taskwarrior}/bin/task \
export \ export \
status:pending and \( due.before:6days \) \ status:pending and \( due.before:6days \) \
@ -14,13 +15,15 @@ let
| ${pkgs.miller}/bin/mlr --ijson --opprint put "\$Day = strftime(strptime(\$Day,\"%Y%m%dT%H%M%SZ\")$(date +%z)00,\"%A\")" | ${pkgs.miller}/bin/mlr --ijson --opprint put "\$Day = strftime(strptime(\$Day,\"%Y%m%dT%H%M%SZ\")$(date +%z)00,\"%A\")"
''; '';
tsak = pkgs.writeShellScriptBin "tsak" /* sh */ '' tsak = pkgs.writeShellScriptBin "tsak" # sh
''
${pkgs.taskwarrior}/bin/task "$@" ${pkgs.taskwarrior}/bin/task "$@"
''; '';
in { in {
options.programs.custom.taskwarrior.enable = mkEnableOption "Enable Taskwarrior services"; options.programs.custom.taskwarrior.enable =
mkEnableOption "Enable Taskwarrior services";
config = mkIf cfg.enable { config = mkIf cfg.enable {

35
modules/programs/urxvt.nix
View file

@ -21,7 +21,7 @@ in {
}; };
colorTheme = mkOption { colorTheme = mkOption {
type = types.enum[ "dark" "light" ]; type = types.enum [ "dark" "light" ];
default = "dark"; default = "dark";
description = '' description = ''
solarized color theme solarized color theme
@ -65,14 +65,19 @@ in {
"X11/Xresource.d/urxvt-font".source = let "X11/Xresource.d/urxvt-font".source = let
fontFamily = "terminus"; fontFamily = "terminus";
normalFont = fontSize: "-*-${fontFamily}-medium-*-*-*-${toString fontSize}-*-*-*-*-*-*-*"; normalFont = fontSize:
boldFont = fontSize: "-*-${fontFamily}-bold-*-*-*-${toString fontSize}-*-*-*-*-*-*-*"; "-*-${fontFamily}-medium-*-*-*-${toString fontSize}-*-*-*-*-*-*-*";
boldFont = fontSize:
"-*-${fontFamily}-bold-*-*-*-${toString fontSize}-*-*-*-*-*-*-*";
italicFont = normalFont; italicFont = normalFont;
itallicBoldFont = boldFont; itallicBoldFont = boldFont;
backupFont = fontSize: "xft:TerminessTTF Nerd Font:pixelsize=${toString fontSize}"; backupFont = fontSize:
"xft:TerminessTTF Nerd Font:pixelsize=${toString fontSize}";
fontCommand = key: fontSize: '' fontCommand = key: fontSize: ''
URxvt.keysym.M-${key}: command:\033]710;${normalFont fontSize},${backupFont fontSize}\007\033]711;${boldFont fontSize},${backupFont fontSize}\007 URxvt.keysym.M-${key}: command:\033]710;${normalFont fontSize},${
backupFont fontSize
}\007\033]711;${boldFont fontSize},${backupFont fontSize}\007
''; '';
in pkgs.writeText "Xresource-urxvt-font" '' in pkgs.writeText "Xresource-urxvt-font" ''
@ -81,10 +86,18 @@ in {
URxvt.xftAntialias: true URxvt.xftAntialias: true
!! use xfontsel or fontmatrix to choose line !! use xfontsel or fontmatrix to choose line
!URxvt.font: ${normalFont cfg.fontSize},${backupFont cfg.fontSize} !URxvt.font: ${normalFont cfg.fontSize},${
!URxvt.boldFont: ${boldFont cfg.fontSize},${backupFont cfg.fontSize} backupFont cfg.fontSize
!URxvt.italicFont: ${italicFont cfg.fontSize},${backupFont cfg.fontSize} }
!URxvt.bolditalicFont: ${itallicBoldFont cfg.fontSize},${backupFont cfg.fontSize} !URxvt.boldFont: ${boldFont cfg.fontSize},${
backupFont cfg.fontSize
}
!URxvt.italicFont: ${italicFont cfg.fontSize},${
backupFont cfg.fontSize
}
!URxvt.bolditalicFont: ${itallicBoldFont cfg.fontSize},${
backupFont cfg.fontSize
}
URxvt.font: ${normalFont cfg.fontSize} URxvt.font: ${normalFont cfg.fontSize}
URxvt.boldFont: ${boldFont cfg.fontSize} URxvt.boldFont: ${boldFont cfg.fontSize}
@ -97,8 +110,7 @@ in {
${fontCommand "F4" (cfg.fontSize + 20)} ${fontCommand "F4" (cfg.fontSize + 20)}
''; '';
"X11/Xresource.d/urxvt-colors".source = "X11/Xresource.d/urxvt-colors".source = let
let
colorTheme = if (cfg.colorTheme == "dark") then '' colorTheme = if (cfg.colorTheme == "dark") then ''
#define S_base03 #002b36 #define S_base03 #002b36
#define S_base02 #073642 #define S_base02 #073642
@ -166,4 +178,3 @@ in {
}; };
} }

145
modules/programs/vim.nix
View file

@ -7,29 +7,30 @@ let
nix-xptemplates = pkgs.writeTextFile { nix-xptemplates = pkgs.writeTextFile {
name = "nix-xptemplates"; name = "nix-xptemplates";
destination = "/ftplugin/nix/nix.xpt.vim"; destination = "/ftplugin/nix/nix.xpt.vim";
text = /* vim */ '' text = # vim
XPTemplate priority=personal ''
XPTemplate priority=personal
XPT option " tips XPT option " tips
`name^ = mkOption { `name^ = mkOption {
type = with types; `type^; type = with types; `type^;
description = ${"''"} description = ${"''"}
`cursor^ `cursor^
${"''"}; ${"''"};
}; };
XPT package " tips XPT package " tips
{ config, lib, ... }: { config, lib, ... }:
{ {
`cursor^ `cursor^
} }
XPT terranix" tips XPT terranix" tips
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib; with lib;
let let
cfg = config.`name^; cfg = config.`name^;
in { in {
options.`name^ = mkOption { options.`name^ = mkOption {
default = {}; default = {};
@ -47,18 +48,18 @@ in {
mkIf (cfg != {} ){ mkIf (cfg != {} ){
`cursor^ `cursor^
}; };
} }
XPT module " tips XPT module " tips
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib; with lib;
let let
cfg = config.`name^; cfg = config.`name^;
in { in {
options.`name^ = { options.`name^ = {
enable = mkEnableOption "enable `name^"; enable = mkEnableOption "enable `name^";
@ -67,11 +68,11 @@ in {
config = mkIf cfg.enable { config = mkIf cfg.enable {
`cursor^ `cursor^
}; };
} }
XPT shell " tips XPT shell " tips
{ pkgs ? import <nixpkgs> {} }: { pkgs ? import <nixpkgs> {} }:
pkgs.mkShell { pkgs.mkShell {
# needed pkgs # needed pkgs
# ----------- # -----------
@ -84,14 +85,14 @@ pkgs.mkShell {
shellHook = ${"''"} shellHook = ${"''"}
HISTFILE=${"$"}{toString ./.}/.history HISTFILE=${"$"}{toString ./.}/.history
${"''"}; ${"''"};
} }
XPT fhsUser " tips XPT fhsUser " tips
{ pkgs ? import <nixpkgs> {} }: { pkgs ? import <nixpkgs> {} }:
(pkgs.buildFHSUserEnv { (pkgs.buildFHSUserEnv {
name = "fhs-user-env"; name = "fhs-user-env";
targetPkgs = pkgs: with pkgs; [ targetPkgs = pkgs: with pkgs; [
# core stuff # core stuff
# ---------- # ----------
vim silver-searcher curl coreutils git tig vim silver-searcher curl coreutils git tig
@ -108,35 +109,37 @@ targetPkgs = pkgs: with pkgs; [
# --------- # ---------
`cursor^ `cursor^
]; ];
# multilib packages # multilib packages
# ----------------- # -----------------
# these are packages compiled 32bit and 64bit # these are packages compiled 32bit and 64bit
multiPkgs = pkgs: with pkgs; [ multiPkgs = pkgs: with pkgs; [
]; ];
# environment variables # environment variables
# --------------------- # ---------------------
profile = ${"''"} profile = ${"''"}
export TERM="xterm" export TERM="xterm"
${"''"}; ${"''"};
}).env }).env
''; '';
}; };
vim-tv-plugin = with lib; vim-tv-plugin = with lib;
((rtp: rtp // { inherit rtp; }) (pkgs.write "vim-tv" { ((rtp: rtp // { inherit rtp; }) (pkgs.write "vim-tv" {
"/syntax/haskell.vim".text = /* vim */ '' "/syntax/haskell.vim".text = # vim
''
syn region String start=+\[[[:alnum:]]*|+ end=+|]+ syn region String start=+\[[[:alnum:]]*|+ end=+|]+
hi link ConId Identifier hi link ConId Identifier
hi link VarId Identifier hi link VarId Identifier
hi link hsDelimiter Delimiter hi link hsDelimiter Delimiter
''; '';
"/syntax/nix.vim".text = /* vim */ '' "/syntax/nix.vim".text = # vim
''
"" Quit when a (custom) syntax file was already loaded "" Quit when a (custom) syntax file was already loaded
"if exists("b:current_syntax") "if exists("b:current_syntax")
" finish " finish
@ -190,24 +193,20 @@ profile = ${"''"}
syn cluster nix_ind_strings contains=NixIND_STRING syn cluster nix_ind_strings contains=NixIND_STRING
syn cluster nix_strings contains=NixSTRING syn cluster nix_strings contains=NixSTRING
${concatStringsSep "\n" (mapAttrsToList (name: { ${concatStringsSep "\n" (mapAttrsToList (name:
extraStart ? null, { extraStart ? null, lang ? name }:
lang ? name
}:
let let
startAlts = filter isString [ startAlts = filter isString [ "/\\* ${name} \\*/" extraStart ];
''/\* ${name} \*/'' sigil = "\\(${concatStringsSep "\\|" startAlts}\\)[ \\t\\r\\n]*";
extraStart # vim
]; in ''
sigil = ''\(${concatStringsSep ''\|'' startAlts}\)[ \t\r\n]*'';
in /* vim */ ''
syn include @nix_${lang}_syntax syntax/${lang}.vim syn include @nix_${lang}_syntax syntax/${lang}.vim
if exists("b:current_syntax") if exists("b:current_syntax")
unlet b:current_syntax unlet b:current_syntax
endif endif
syn match nix_${lang}_sigil syn match nix_${lang}_sigil
\ X${replaceStrings ["X"] ["\\X"] sigil}\ze\('''\|"\)X \ X${replaceStrings [ "X" ] [ "\\X" ] sigil}\ze\('''\|"\)X
\ nextgroup=nix_${lang}_region_IND_STRING,nix_${lang}_region_STRING \ nextgroup=nix_${lang}_region_IND_STRING,nix_${lang}_region_STRING
\ transparent \ transparent
@ -239,21 +238,22 @@ profile = ${"''"}
syn cluster nix_has_dollar_curly syn cluster nix_has_dollar_curly
\ add=@nix_${lang}_syntax \ add=@nix_${lang}_syntax
'') { '') {
c = {}; c = { };
cabal = {}; cabal = { };
diff = {}; diff = { };
haskell = {}; haskell = { };
python = {}; python = { };
lua = {}; lua = { };
sed.extraStart = ''writeSed[^ \t\r\n]*[ \t\r\n]*"[^"]*"''; sed.extraStart = ''writeSed[^ \t\r\n]*[ \t\r\n]*"[^"]*"'';
sh.extraStart = concatStringsSep ''\|'' [ sh.extraStart = concatStringsSep "\\|" [
''write\(A\|Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*\("[^"]*"\|[a-z]\+\)'' ''
''[a-z]*Phase[ \t\r\n]*='' write\(A\|Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*\("[^"]*"\|[a-z]\+\)''
"[a-z]*Phase[ \\t\\r\\n]*="
]; ];
yaml = {}; yaml = { };
vim.extraStart = vim.extraStart = ''
''write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"''; write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"'';
xdefaults = {}; xdefaults = { };
})} })}
" Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY. " Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY.
@ -275,7 +275,7 @@ profile = ${"''"}
\ containedin=nixINSIDE_DOLLAR_CURLY,nix_inside_curly \ containedin=nixINSIDE_DOLLAR_CURLY,nix_inside_curly
\ transparent \ transparent
syn match NixQuote /'''\(''$\|\\.\)/he=s+2 syn match NixQuote /'''\($\|\\.\)/he=s+2
\ containedin=@nix_ind_strings \ containedin=@nix_ind_strings
\ contained \ contained
@ -293,7 +293,8 @@ profile = ${"''"}
set isk=@,48-57,_,192-255,-,' set isk=@,48-57,_,192-255,-,'
''; '';
"/syntax/sed.vim".text = /* vim */ '' "/syntax/sed.vim".text = # vim
''
syn region sedBranch syn region sedBranch
\ matchgroup=sedFunction start="T" \ matchgroup=sedFunction start="T"
\ matchgroup=sedSemicolon end=";\|$" \ matchgroup=sedSemicolon end=";\|$"
@ -301,10 +302,10 @@ profile = ${"''"}
''; '';
})); }));
# active plugins # active plugins
# -------------- # --------------
extra-runtimepath = with pkgs; lib.concatMapStringsSep "," (pkg: "${pkg.rtp}") [ extra-runtimepath = with pkgs;
lib.concatMapStringsSep "," (pkg: "${pkg.rtp}") [
vimPlugins.Syntastic vimPlugins.Syntastic
vimPlugins.ack-vim vimPlugins.ack-vim
vimPlugins.airline vimPlugins.airline
@ -392,9 +393,7 @@ in {
# install vim # install vim
# ----------- # -----------
environment.systemPackages = [ environment.systemPackages = [ pkgs.vim ];
pkgs.vim
];
}; };
} }

37
modules/programs/xterm.nix
View file

@ -8,7 +8,7 @@ let
in { in {
options.programs.custom.xterm= { options.programs.custom.xterm = {
enable = mkEnableOption "configure and enable urxvt"; enable = mkEnableOption "configure and enable urxvt";
fontSize = mkOption { fontSize = mkOption {
type = types.int; type = types.int;
@ -18,7 +18,7 @@ in {
''; '';
}; };
colorTheme = mkOption { colorTheme = mkOption {
type = types.enum[ "dark" "light" ]; type = types.enum [ "dark" "light" ];
default = "dark"; default = "dark";
description = '' description = ''
solarized color theme solarized color theme
@ -43,21 +43,32 @@ in {
"X11/Xresource.d/xterm-font".source = let "X11/Xresource.d/xterm-font".source = let
fontFamily = "terminus"; fontFamily = "terminus";
normalFont = fontSize: "-*-${fontFamily}-medium-*-*-*-${toString fontSize}-*-*-*-*-*-*-*"; normalFont = fontSize:
boldFont = fontSize: "-*-${fontFamily}-bold-*-*-*-${toString fontSize}-*-*-*-*-*-*-*"; "-*-${fontFamily}-medium-*-*-*-${toString fontSize}-*-*-*-*-*-*-*";
boldFont = fontSize:
"-*-${fontFamily}-bold-*-*-*-${toString fontSize}-*-*-*-*-*-*-*";
italicFont = normalFont; italicFont = normalFont;
itallicBoldFont = boldFont; itallicBoldFont = boldFont;
backupFont = fontSize: "xft:TerminessTTF Nerd Font:pixelsize=${toString fontSize}"; backupFont = fontSize:
"xft:TerminessTTF Nerd Font:pixelsize=${toString fontSize}";
in pkgs.writeText "Xresource-xterm-font" '' in pkgs.writeText "Xresource-xterm-font" ''
XTerm.allow_bold: true XTerm.allow_bold: true
XTerm.xftAntialias: true XTerm.xftAntialias: true
!! use xfontsel or fontmatrix to choose line !! use xfontsel or fontmatrix to choose line
!XTerm.*.font: ${normalFont cfg.fontSize},${backupFont cfg.fontSize} !XTerm.*.font: ${normalFont cfg.fontSize},${
!XTerm.*.boldFont: ${boldFont cfg.fontSize},${backupFont cfg.fontSize} backupFont cfg.fontSize
!XTerm.*.italicFont: ${italicFont cfg.fontSize},${backupFont cfg.fontSize} }
!XTerm.*.bolditalicFont: ${itallicBoldFont cfg.fontSize},${backupFont cfg.fontSize} !XTerm.*.boldFont: ${boldFont cfg.fontSize},${
backupFont cfg.fontSize
}
!XTerm.*.italicFont: ${italicFont cfg.fontSize},${
backupFont cfg.fontSize
}
!XTerm.*.bolditalicFont: ${itallicBoldFont cfg.fontSize},${
backupFont cfg.fontSize
}
XTerm.*.font: ${normalFont cfg.fontSize} XTerm.*.font: ${normalFont cfg.fontSize}
XTerm.*.boldFont: ${boldFont cfg.fontSize} XTerm.*.boldFont: ${boldFont cfg.fontSize}
@ -65,9 +76,7 @@ in {
XTerm.*.bolditalicFont: ${itallicBoldFont cfg.fontSize} XTerm.*.bolditalicFont: ${itallicBoldFont cfg.fontSize}
''; '';
"X11/Xresource.d/xterm-colors".source = let
"X11/Xresource.d/xterm-colors".source =
let
colorTheme = if (cfg.colorTheme == "dark") then '' colorTheme = if (cfg.colorTheme == "dark") then ''
#define S_base03 #002b36 #define S_base03 #002b36
#define S_base02 #073642 #define S_base02 #073642
@ -78,8 +87,7 @@ in {
#define S_base2 #eee8d5 #define S_base2 #eee8d5
#define S_base3 #fdf6e3 #define S_base3 #fdf6e3
'' '' else ''
else ''
#define S_base03 #fdf6e3 #define S_base03 #fdf6e3
#define S_base02 #eee8d5 #define S_base02 #eee8d5
#define S_base01 #93a1a1 #define S_base01 #93a1a1
@ -141,4 +149,3 @@ in {
}; };
} }

31
modules/services/castget.nix
View file

@ -11,7 +11,8 @@ in {
options.custom.services.castget = { options.custom.services.castget = {
enable = mkEnableOption "enable custom.services.castget"; enable = mkEnableOption "enable custom.services.castget";
feeds = mkOption { feeds = mkOption {
type = with types; attrsOf (submodule { type = with types;
attrsOf (submodule {
options = { options = {
url = mkOption { url = mkOption {
type = with types; str; type = with types; str;
@ -39,9 +40,7 @@ in {
}; };
timerConfig = mkOption { timerConfig = mkOption {
type = with types; attrsOf str; type = with types; attrsOf str;
default = { default = { OnCalendar = "daily"; };
OnCalendar = "daily";
};
example = { example = {
OnCalendar = "00:05"; OnCalendar = "00:05";
RandomizedDelaySec = "5h"; RandomizedDelaySec = "5h";
@ -68,27 +67,25 @@ in {
restartIfChanged = false; restartIfChanged = false;
serviceConfig.User = cfg.user; serviceConfig.User = cfg.user;
preStart = preStart = let
let mkSpools =
mkSpools = mapAttrsToList (ignore: value: "mkdir -p ${value.spool}") cfg.feeds; mapAttrsToList (ignore: value: "mkdir -p ${value.spool}") cfg.feeds;
in in concatStringsSep "\n" mkSpools;
concatStringsSep "\n" mkSpools; script = let
script =
let
channels = mapAttrsToList (key: ignore: key) cfg.feeds; channels = mapAttrsToList (key: ignore: key) cfg.feeds;
castget = "${pkgs.castget}/bin/castget"; castget = "${pkgs.castget}/bin/castget";
configurationFile = configurationFile = let
let
configurations = mapAttrsToList (key: value: '' configurations = mapAttrsToList (key: value: ''
[${key}] [${key}]
url=${value.url} url=${value.url}
spool=${value.spool} spool=${value.spool}
'') cfg.feeds; '') cfg.feeds;
in in (pkgs.writeText "castget-configuration"
(pkgs.writeText "castget-configuration" (concatStringsSep "" configurations)); (concatStringsSep "" configurations));
in in (concatMapStringsSep "\n"
(concatMapStringsSep "\n" (channel: "${castget} --rcfile ${configurationFile} ${channel}") channels); (channel: "${castget} --rcfile ${configurationFile} ${channel}")
channels);
}; };
systemd.timers."${cfg.serviceName}" = { systemd.timers."${cfg.serviceName}" = {

74
modules/services/home-assistant.nix
View file

@ -10,11 +10,19 @@ in {
options.services.homeAssistantConfig = mkOption { options.services.homeAssistantConfig = mkOption {
default = null; default = null;
type = with types; nullOr (submodule { options = { type = with types;
nullOr (submodule {
options = {
group = mkOption { group = mkOption {
default = null; default = null;
example = { schlafzimmer = { view = false; entities = [ "switch.pal01" ]; }; }; example = {
type = with types; nullOr (attrsOf ( submodule { schlafzimmer = {
view = false;
entities = [ "switch.pal01" ];
};
};
type = with types;
nullOr (attrsOf (submodule {
options = { options = {
name = mkOption { name = mkOption {
default = null; default = null;
@ -62,7 +70,9 @@ in {
})); }));
}; };
homeassistant = mkOption { homeassistant = mkOption {
type = with types; (submodule { options = { type = with types;
(submodule {
options = {
name = mkOption { name = mkOption {
default = "Home"; default = "Home";
type = with types; str; type = with types; str;
@ -96,10 +106,10 @@ in {
type = with types; nullOr (listOf attrs); type = with types; nullOr (listOf attrs);
}; };
customize = mkOption { customize = mkOption {
type = with types; attrsOf (submodule{ options = { type = with types;
friendly_name = mkOption { attrsOf (submodule {
type = with types; str; options = {
}; friendly_name = mkOption { type = with types; str; };
entity_picture = mkOption { entity_picture = mkOption {
default = null; default = null;
type = with types; nullOr str; type = with types; nullOr str;
@ -108,20 +118,22 @@ in {
default = null; default = null;
type = with types; nullOr str; type = with types; nullOr str;
}; };
};});
}; };
};}); });
};
};
});
}; };
introduction = mkOption { introduction = mkOption {
default = {}; default = { };
type = with types; attrs; type = with types; attrs;
}; };
frontend = mkOption { frontend = mkOption {
default = {}; default = { };
type = with types; attrs; type = with types; attrs;
}; };
config = mkOption { config = mkOption {
default = {}; default = { };
type = with types; attrs; type = with types; attrs;
}; };
http = mkOption { http = mkOption {
@ -141,7 +153,7 @@ in {
type = with types; nullOr attrs; type = with types; nullOr attrs;
}; };
logger = mkOption { logger = mkOption {
default = {}; default = { };
type = with types; attrs; type = with types; attrs;
}; };
lovelace = mkOption { lovelace = mkOption {
@ -191,14 +203,15 @@ in {
}; };
script = mkOption { script = mkOption {
default = null; default = null;
type = with types; nullOr (attrsOf (submodule { type = with types;
nullOr (attrsOf (submodule {
options = { options = {
alias = mkOption { alias = mkOption {
default = null; default = null;
type = with types; nullOr str; type = with types; nullOr str;
}; };
sequence = mkOption { sequence = mkOption {
default = []; default = [ ];
type = with types; listOf attrs; type = with types; listOf attrs;
}; };
}; };
@ -225,7 +238,7 @@ in {
type = with types; (attrsOf attrs); type = with types; (attrsOf attrs);
}; };
calendar = mkOption { calendar = mkOption {
default = []; default = [ ];
type = with types; listOf attrs; type = with types; listOf attrs;
}; };
shell_command = mkOption { shell_command = mkOption {
@ -233,42 +246,35 @@ in {
type = with types; nullOr (attrsOf str); type = with types; nullOr (attrsOf str);
}; };
};}); };
});
description = '' description = ''
home-assistant configuration home-assistant configuration
''; '';
}; };
config = mkIf (cfg != null) { config = mkIf (cfg != null) {
services.home-assistant.config = services.home-assistant.config = let
let
sanitize = configuration: lib.getAttr (builtins.typeOf configuration) { sanitize = configuration:
lib.getAttr (builtins.typeOf configuration) {
bool = configuration; bool = configuration;
int = configuration; int = configuration;
string = configuration; string = configuration;
str = configuration; str = configuration;
float = configuration; float = configuration;
list = map sanitize configuration; list = map sanitize configuration;
set = set = let
let stripped = lib.flip lib.filterAttrs configuration (name: value:
stripped = lib.flip lib.filterAttrs configuration name != "_module" && name != "_ref" && value != null);
(name: value:
name != "_module"
&& name != "_ref"
&& value != null
);
recursiveSanitized = lib.mapAttrs (lib.const sanitize) stripped; recursiveSanitized = lib.mapAttrs (lib.const sanitize) stripped;
in in if (length (attrNames configuration) == 0) then
if ( length ( attrNames configuration ) == 0 )
then
null null
else else
recursiveSanitized; recursiveSanitized;
}; };
in in sanitize cfg;
sanitize cfg ;
}; };
} }

26
modules/services/lektor.nix
View file

@ -104,10 +104,10 @@ in {
serviceConfig = { serviceConfig = {
User = cfg.user; User = cfg.user;
# todo : this is not working properly # todo : this is not working properly
TimeoutStartSec = "infinity"; # it might take some time will this thing is up TimeoutStartSec =
"infinity"; # it might take some time will this thing is up
ExecStartPre = ExecStartPre = let
let
sshKeyTarget = "/run/keys.lektor/id_rsa"; sshKeyTarget = "/run/keys.lektor/id_rsa";
@ -126,7 +126,8 @@ in {
ControlPersist no ControlPersist no
''; '';
sshKeyScript = pkgs.writers.writeDash "keyfile-gen" /* sh */ '' sshKeyScript = pkgs.writers.writeDash "keyfile-gen" # sh
''
set -x set -x
# setup ~/.ssh # setup ~/.ssh
@ -146,7 +147,8 @@ in {
chmod 500 ${sshKeyTarget} chmod 500 ${sshKeyTarget}
''; '';
cloneScript = pkgs.writers.writeDash "clone" /* sh */ '' cloneScript = pkgs.writers.writeDash "clone" # sh
''
set -x set -x
if [[ `ls ~/${cfg.user} | wc -l` == 0 ]] if [[ `ls ~/${cfg.user} | wc -l` == 0 ]]
then then
@ -155,19 +157,19 @@ in {
${pkgs.git}/bin/git clone ${cfg.repository} ~/${cfg.user} ${pkgs.git}/bin/git clone ${cfg.repository} ~/${cfg.user}
''; '';
in [ in [ "+${sshKeyScript}" "-${cloneScript}" ];
"+${sshKeyScript}"
"-${cloneScript}"
];
}; };
# todo : add restart ruling # todo : add restart ruling
script = /* sh */ '' script = # sh
''
cd ~/${cfg.user} && \ cd ~/${cfg.user} && \
${pkgs.git}/bin/git pull && \ ${pkgs.git}/bin/git pull && \
${optionalString (cfg.additionalScript != null) "${cfg.additionalScript} &&"} \ ${
optionalString (cfg.additionalScript != null)
"${cfg.additionalScript} &&"
} \
${pkgs.python36Packages.lektor}/bin/lektor server \ ${pkgs.python36Packages.lektor}/bin/lektor server \
--host ${cfg.bind} \ --host ${cfg.bind} \
--port ${toString cfg.port} --port ${toString cfg.port}

8
modules/services/samba-share.nix
View file

@ -15,9 +15,7 @@ in {
description = '' description = ''
folders to share as readonly folders to share as readonly
''; '';
example = { example = { public = "/srv/downloads/movies"; };
public = "/srv/downloads/movies";
};
}; };
}; };
@ -42,9 +40,7 @@ in {
disable spoolss = yes disable spoolss = yes
''; '';
shares = shares = mapAttrs' (name: path: {
mapAttrs' (name: path:
{
name = name; name = name;
value = { value = {
browsable = "yes"; browsable = "yes";

11
modules/services/seafile.nix
View file

@ -47,7 +47,8 @@ in {
after = [ "network.target" "docker.service" ]; after = [ "network.target" "docker.service" ];
requires = [ "docker.service" ]; requires = [ "docker.service" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
script = /* sh */'' script = # sh
''
# delete old instance to ensure update # delete old instance to ensure update
${pkgs.docker}/bin/docker stop seafile || true && ${pkgs.docker}/bin/docker rm -f seafile || true ${pkgs.docker}/bin/docker stop seafile || true && ${pkgs.docker}/bin/docker rm -f seafile || true
# start instance # start instance
@ -55,7 +56,9 @@ in {
--name seafile \ --name seafile \
--env SEAFILE_SERVER_HOSTNAME=${cfg.hostname} \ --env SEAFILE_SERVER_HOSTNAME=${cfg.hostname} \
--env SEAFILE_ADMIN_EMAIL="root@${cfg.hostname}" \ --env SEAFILE_ADMIN_EMAIL="root@${cfg.hostname}" \
--env SEAFILE_ADMIN_PASSWORD="${lib.fileContents <secrets/seafile/root>}" \ --env SEAFILE_ADMIN_PASSWORD="${
lib.fileContents <secrets/seafile/root>
}" \
--volume ${cfg.home}:/shared \ --volume ${cfg.home}:/shared \
--publish ${toString cfg.port}:80 \ --publish ${toString cfg.port}:80 \
seafileltd/seafile:latest seafileltd/seafile:latest
@ -66,12 +69,9 @@ in {
} }
# ! todo # ! todo
# requires = [ "${config.module.backup.services.encfs."seafile".serviceName}.service" ]; # requires = [ "${config.module.backup.services.encfs."seafile".serviceName}.service" ];
# krops.keys."seafile".path = toString <keys/seafile/encfs>; # krops.keys."seafile".path = toString <keys/seafile/encfs>;
# #
# module.backup.services.encfs = { # module.backup.services.encfs = {
@ -84,4 +84,3 @@ in {
# }; # };
# }; # };

15
modules/services/sshd.nix
View file

@ -20,11 +20,11 @@ in {
}; };
}; };
config = mkMerge [ config = mkMerge [
(mkIf cfg.tools.enable { (mkIf cfg.tools.enable {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs;
[
# sshuttle # sshuttle
sshfs sshfs
]; ];
@ -38,25 +38,22 @@ in {
passwordAuthentication = false; passwordAuthentication = false;
}; };
users.users.root.openssh.authorizedKeys.keyFiles = cfg.sshd.rootKeyFiles ; users.users.root.openssh.authorizedKeys.keyFiles = cfg.sshd.rootKeyFiles;
services.openssh.extraConfig = '' services.openssh.extraConfig = ''
Banner /etc/sshd/banner-line Banner /etc/sshd/banner-line
''; '';
environment.etc."sshd/banner-line".text = environment.etc."sshd/banner-line".text = let
let
text = config.networking.hostName; text = config.networking.hostName;
size = 80 - (lib.stringLength text); size = 80 - (lib.stringLength text);
space = lib.fixedWidthString size " " ""; space = lib.fixedWidthString size " " "";
in '' in ''
${ space }${ text } ${space}${text}
''; '';
} })
)
]; ];

4
modules/services/transmission.nix
View file

@ -3,12 +3,10 @@
with lib; with lib;
let let
cfg = config.services.custom.transmission; cfg = config.services.custom.transmission;
in { in {
options.services.custom.transmission = { options.services.custom.transmission = {
enable = lib.mkEnableOption "transmission"; enable = lib.mkEnableOption "transmission";
home = lib.mkOption { home = lib.mkOption {
@ -95,7 +93,7 @@ in {
# "normal" speed limits # "normal" speed limits
speed-limit-down-enabled = true; speed-limit-down-enabled = true;
speed-limit-down = 800; speed-limit-down = 800;
speed-limit-up-enabled = true ; speed-limit-up-enabled = true;
speed-limit-up = 50; speed-limit-up = 50;
upload-slots-per-torrent = 8; upload-slots-per-torrent = 8;

20
modules/services/videoencoder.nix
View file

@ -7,7 +7,8 @@ let
cfg = config.service.videoencoder; cfg = config.service.videoencoder;
# todo : escape output and input File # todo : escape output and input File
createEncoder = tmpFolder: inputFile: outputFile: /* sh */ '' createEncoder = tmpFolder: inputFile: outputFile: # sh
''
mkdir -p ${tmpFolder} mkdir -p ${tmpFolder}
rm -rf ${tmpFolder}/* rm -rf ${tmpFolder}/*
TMP_FILE=`mktemp --dry-run ${tmpFolder}/XXXXXXXX.${cfg.format}` TMP_FILE=`mktemp --dry-run ${tmpFolder}/XXXXXXXX.${cfg.format}`
@ -43,7 +44,8 @@ in {
}; };
tune = mkOption { tune = mkOption {
type = with types; nullOr (enum [ "film" "animation" "grain" "stillimage" ]); type = with types;
nullOr (enum [ "film" "animation" "grain" "stillimage" ]);
default = null; default = null;
description = '' description = ''
-tune -tune
@ -59,7 +61,8 @@ in {
}; };
fileConfig = mkOption { fileConfig = mkOption {
type = with types; listOf (submodule { type = with types;
listOf (submodule {
options = { options = {
inputFile = mkOption { inputFile = mkOption {
# todo make this path # todo make this path
@ -86,13 +89,12 @@ in {
config = mkIf cfg.enable { config = mkIf cfg.enable {
systemd.services."videoEncoding" = { systemd.services."videoEncoding" = {
wantedBy = ["multi-user.target"]; wantedBy = [ "multi-user.target" ];
enable = true; enable = true;
script = script = let
let myList = map (value:
myList = map ( value : createEncoder "/tmp/videoencoder" value.inputFile value.outputFile)
createEncoder "/tmp/videoencoder" value.inputFile value.outputFile cfg.fileConfig;
) cfg.fileConfig;
in '' in ''
set -x set -x
${concatStringsSep "\n" myList} ${concatStringsSep "\n" myList}

32
modules/system/audio.nix
View file

@ -6,7 +6,8 @@ let
ladspaPath = "${pkgs.ladspaPlugins}/lib/ladspa"; ladspaPath = "${pkgs.ladspaPlugins}/lib/ladspa";
jackScript = pkgs.writeShellScriptBin "jack" (lib.fileContents <assets/jack.sh>); jackScript =
pkgs.writeShellScriptBin "jack" (lib.fileContents <assets/jack.sh>);
queueElement = { queueElement = {
options = { options = {
@ -66,12 +67,14 @@ in {
# LADSPA # LADSPA
# ------ # ------
programs.bash.interactiveShellInit = /* sh */ '' programs.bash.interactiveShellInit = # sh
''
# set ladspa library path # set ladspa library path
# about testing the plugins check analyseplugin command # about testing the plugins check analyseplugin command
export LADSPA_PATH=${ladspaPath} export LADSPA_PATH=${ladspaPath}
''; '';
programs.zsh.interactiveShellInit = /* sh */ '' programs.zsh.interactiveShellInit = # sh
''
# set ladspa library path # set ladspa library path
# about testing the plugins check analyseplugin command # about testing the plugins check analyseplugin command
export LADSPA_PATH=${ladspaPath} export LADSPA_PATH=${ladspaPath}
@ -98,18 +101,26 @@ in {
# http://plugin.org.uk/ladspa-swh/docs/ladspa-swh.html # http://plugin.org.uk/ladspa-swh/docs/ladspa-swh.html
# https://gavv.github.io/articles/pulseaudio-under-the-hood/#ladspa-plugin-sink # https://gavv.github.io/articles/pulseaudio-under-the-hood/#ladspa-plugin-sink
${builtins.toString (flip map cfg.sinks (sink : '' ${builtins.toString (flip map cfg.sinks (sink: ''
# ladspa sink : ${sink.name} # ladspa sink : ${sink.name}
# ------------- # -------------
${builtins.toString (flip imap0 (reverseList sink.queue) (index : queua: ${builtins.toString (flip imap0 (reverseList sink.queue)
(index: queua:
let let
sinkName = suffix : "${sink.name}${builtins.toString suffix}"; sinkName = suffix: "${sink.name}${builtins.toString suffix}";
sinkValue = "sink_name=${sinkName index}"; sinkValue = "sink_name=${sinkName index}";
sinkDescription = "sink_properties=device.description=${sinkName index}-${queua.label}"; sinkDescription = "sink_properties=device.description=${
masterValue = if (index == 0) then "" else "master=${sinkName (index - 1)}"; sinkName index
}-${queua.label}";
masterValue =
if (index == 0) then "" else "master=${sinkName (index - 1)}";
pluginValue = "plugin=${ladspaPath}/${queua.plugin}"; pluginValue = "plugin=${ladspaPath}/${queua.plugin}";
labelValue = "label=${queua.label}"; labelValue = "label=${queua.label}";
controlValue = "control=${builtins.toString (foldl (a: b: "${a},${b}") (head queua.control) (tail queua.control))}"; controlValue = "control=${
builtins.toString
(foldl (a: b: "${a},${b}") (head queua.control)
(tail queua.control))
}";
in '' in ''
# ${sinkName index} : ${queua.label} # ${sinkName index} : ${queua.label}
load-module module-ladspa-sink ${sinkValue} ${sinkDescription} ${masterValue} ${pluginValue} ${labelValue} ${controlValue} load-module module-ladspa-sink ${sinkValue} ${sinkDescription} ${masterValue} ${pluginValue} ${labelValue} ${controlValue}
@ -120,7 +131,7 @@ in {
# Packages needed # Packages needed
# --------------- # ---------------
environment.systemPackages = with pkgs ; [ environment.systemPackages = with pkgs; [
jackScript jackScript
@ -132,7 +143,6 @@ in {
# qjackctl # qjackctl
# LADSPA # LADSPA
# ------ # ------
ladspaPlugins ladspaPlugins

5
modules/system/bluetooth.nix
View file

@ -6,7 +6,8 @@ let
in { in {
options.system.custom.bluetooth.enable = lib.mkEnableOption "enable bluetooth support"; options.system.custom.bluetooth.enable =
lib.mkEnableOption "enable bluetooth support";
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
@ -19,7 +20,7 @@ in {
''; '';
}; };
environment.systemPackages = with pkgs ; [ environment.systemPackages = with pkgs; [
# bluetooth audio # bluetooth audio
# --------------- # ---------------

5
modules/system/font.nix
View file

@ -39,9 +39,7 @@ in {
}; };
enable = true; enable = true;
antialias = true; antialias = true;
defaultFonts = { defaultFonts = { monospace = [ "inconsolata" ]; };
monospace = [ "inconsolata" ];
};
}; };
fonts = with pkgs; [ fonts = with pkgs; [
@ -73,4 +71,3 @@ in {
} }

21
modules/system/mainUser.nix
View file

@ -7,14 +7,12 @@ let
cfg = config.system.custom.mainUser; cfg = config.system.custom.mainUser;
dockerGroup = dockerGroup =
if (config.virtualisation.docker.enable) if (config.virtualisation.docker.enable) then [ "docker" ] else [ ];
then [ "docker" ]
else [];
vboxGroup = vboxGroup = if (config.virtualisation.virtualbox.host.enable) then
if (config.virtualisation.virtualbox.host.enable) [ "vboxusers" ]
then [ "vboxusers" ] else
else []; [ ];
in { in {
@ -38,7 +36,7 @@ in {
}; };
extraGroups = mkOption { extraGroups = mkOption {
default = []; default = [ ];
type = with types; listOf str; type = with types; listOf str;
description = '' description = ''
list of groups the main user should also be in list of groups the main user should also be in
@ -46,7 +44,7 @@ in {
}; };
authorizedKeyFiles = mkOption { authorizedKeyFiles = mkOption {
default = []; default = [ ];
type = with types; listOf str; type = with types; listOf str;
description = '' description = ''
list of keys allowed to login as this user list of keys allowed to login as this user
@ -68,8 +66,9 @@ in {
uid = cfg.uid; uid = cfg.uid;
home = "/home/${cfg.userName}"; home = "/home/${cfg.userName}";
initialPassword = cfg.userName; initialPassword = cfg.userName;
extraGroups = [ "wheel" "networkmanager" "transmission" "wireshark" ] ++ dockerGroup ++ vboxGroup ++ cfg.extraGroups; extraGroups = [ "wheel" "networkmanager" "transmission" "wireshark" ]
openssh.authorizedKeys.keyFiles = cfg.authorizedKeyFiles ; ++ dockerGroup ++ vboxGroup ++ cfg.extraGroups;
openssh.authorizedKeys.keyFiles = cfg.authorizedKeyFiles;
}; };
}; };
}; };

34
modules/system/permown.nix
View file

@ -1,12 +1,12 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
with lib; with lib;
let let cfg = config.system.permown;
cfg = config.system.permown;
in { in {
options.system.permown = mkOption { options.system.permown = mkOption {
default = {}; default = { };
type = with types; attrsOf (submodule ({ config, ... }: { type = with types;
attrsOf (submodule ({ config, ... }: {
options = { options = {
directory-mode = mkOption { directory-mode = mkOption {
default = "=rwx"; default = "=rwx";
@ -21,9 +21,7 @@ in {
default = null; default = null;
type = types.nullOr types.str; type = types.nullOr types.str;
}; };
owner = mkOption { owner = mkOption { type = types.str; };
type = types.str;
};
path = mkOption { path = mkOption {
default = config._module.args.name; default = config._module.args.name;
type = types.path; type = types.path;
@ -36,24 +34,20 @@ in {
})); }));
}; };
config = config = let plans = lib.attrValues cfg;
let in mkIf (plans != [ ]) {
plans = lib.attrValues cfg;
in
mkIf (plans != []) {
system.activationScripts.permown = let system.activationScripts.permown = let
mkdir = plan: /* sh */ '' mkdir = plan: # sh
''
${pkgs.coreutils}/bin/mkdir -p ${plan.path} ${pkgs.coreutils}/bin/mkdir -p ${plan.path}
''; '';
in in concatMapStrings mkdir plans;
concatMapStrings mkdir plans;
# genAttrs' = names: f: listToAttrs (map f names); # genAttrs' = names: f: listToAttrs (map f names);
systemd.services = listToAttrs (flip map plans (plan: { systemd.services = listToAttrs (flip map plans (plan: {
name = "permown.${replaceStrings ["/"] ["_"] plan.path}"; name = "permown.${replaceStrings [ "/" ] [ "_" ] plan.path}";
value = { value = {
environment = { environment = {
DIR_MODE = plan.directory-mode; DIR_MODE = plan.directory-mode;
@ -61,11 +55,7 @@ in {
OWNER_GROUP = "${plan.owner}:${plan.group}"; OWNER_GROUP = "${plan.owner}:${plan.group}";
ROOT_PATH = plan.path; ROOT_PATH = plan.path;
}; };
path = [ path = [ pkgs.coreutils pkgs.findutils pkgs.inotifyTools ];
pkgs.coreutils
pkgs.findutils
pkgs.inotifyTools
];
serviceConfig = { serviceConfig = {
ExecStart = pkgs.writers.writeDash "permown" '' ExecStart = pkgs.writers.writeDash "permown" ''
set -efu set -efu

9
modules/system/wifi.nix
View file

@ -10,11 +10,11 @@ in {
options.system.custom.wifi = { options.system.custom.wifi = {
enable = mkEnableOption "enable wifi"; enable = mkEnableOption "enable wifi";
system = mkOption{ system = mkOption {
default = "wpa_supplicant"; default = "wpa_supplicant";
type = with types; enum ["wpa_supplicant" "networkmanager"]; type = with types; enum [ "wpa_supplicant" "networkmanager" ];
}; };
configurationFile = mkOption{ configurationFile = mkOption {
default = null; default = null;
type = with types; nullOr path; type = with types; nullOr path;
description = '' description = ''
@ -23,7 +23,7 @@ in {
}; };
interfaces = mkOption { interfaces = mkOption {
type = with types; listOf string; type = with types; listOf string;
default = []; default = [ ];
description = '' description = ''
list of interfaces to take care of, list of interfaces to take care of,
if empty it will test all interfaces if empty it will test all interfaces
@ -73,4 +73,3 @@ in {
} }

3
modules/system/x11.nix
View file

@ -47,7 +47,6 @@ in {
default = "xmonad"; default = "xmonad";
}; };
# mouse/touchpad # mouse/touchpad
# -------------- # --------------
libinput = { libinput = {
@ -65,7 +64,7 @@ in {
# Packages # Packages
# -------- # --------
environment.systemPackages = with pkgs ; [ environment.systemPackages = with pkgs; [
dmenu dmenu
arandr arandr

Some files were not shown because too many files have changed in this diff Show more